linkerd
/
linkerd2
mirror of https://github.com/linkerd/linkerd2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

cli: Only bind ephemeral ports on localhost (#7838) 

Most of our port forwards are created against localhost, except for when
exposing the dashboard with a user-specified host. Our socket binding
(for ephemeral ports), however, binds against all interfaces.

This change modifies ephemeral port binding to only occur on the
loopback interface.

Signed-off-by: Oliver Gould <ver@buoyant.io>
This commit is contained in:
Oliver Gould 2022-02-08 04:27:06 -08:00 committed by GitHub
parent 494f672938
commit a35797b63a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
pkg/k8s/portforward.go
View File

@ -142,6 +142,10 @@ func newPortForward(
var err error
if localPort == 0 {
if host != "localhost" {
return nil, fmt.Errorf("local port must be specified when host is not localhost")
}
localPort, err = getEphemeralPort()
if err != nil {
return nil, err
@ -247,7 +251,7 @@ func (pf *PortForward) AddressAndPort() string {
// getEphemeralPort selects a port for the port-forwarding. It binds to a free
// ephemeral port and returns the port number.
func getEphemeralPort() (int, error) {
ln, err := net.Listen("tcp", ":0")
ln, err := net.Listen("tcp", "localhost:0")
if err != nil {
return 0, err
}