8000 Fixing multiple issues by elmobp · Pull Request #22 · ac3cloud/ript · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Fixing multiple issues #22

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 6 commits into from
Dec 5, 2016
Merged

Fixing multiple issues #22

merged 6 commits into from
Dec 5, 2016

Conversation

elmobp
Copy link
Member
@elmobp elmobp commented Dec 1, 2016

Support for Ruby 2.0+ (Xenial!!)
Add support for array's in protocols
Check protocols to ensure they are valid
Adjust tests to suit
Bump to 0.8.8

@jamesmollison
Copy link
Member

Have this gem on Trusty and Xenial boxes which are running ruby 2.3.0 and 1.9.3 respectively. Once the protocol issue was corrected the iptables rule output was identical on both hosts.

@@ -80,7 +79,6 @@ def build_rule(name, block, opts={})
to_address = @labels[to][:address]

attributes = {
"table" => "filter",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What's the reasoning behind omitting the table attribute?

The original reason it was included was to be explicit about what rules are being generated, and thus future proof Ript. If the future behaviour of iptables changes, and the filter table is no longer the default table, then Ript will silently break.

Bonus: if you add this attribute back back, your PR will be way smaller because you won't have to modify all the tests.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

filter is not understood on xenial, jump on a xenial box and try do iptables with --filter fail

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are you sure?

root@ubuntu-512mb-sfo1-01:~# iptables --table filter --new-chain basic-a
root@ubuntu-512mb-sfo1-01:~# iptables --table filter -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain basic-a (0 references)
target     prot opt source               destination
root@ubuntu-512mb-sfo1-01:~# cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=16.04
DISTRIB_CODENAME=xenial
DISTRIB_DESCRIPTION="Ubuntu 16.04.1 LTS"

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What kernel?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

root@ubuntu-512mb-sfo1-01:~# uname -a
Linux ubuntu-512mb-sfo1-01 4.4.0-47-generic #68-Ubuntu SMP Wed Oct 26 19:39:52 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you have the filter module loaded into your kernel?

root@ubuntu-512mb-sfo1-01:~# lsmod |grep filter
iptable_filter         16384  1
ip_tables              24576  1 iptable_filter
x_tables               36864  2 ip_tables,iptable_filter

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes sir, I think we have hit a weird bug in iptables somewhere Ill add the filter back in and post the results..

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎉

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Adding it back we just realised what it was :| the template manifest had an invalid protocol in it so it was crapping out isiss != isis :(

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will fix the test in the morning

@@ -7,8 +7,8 @@ Gem::Specification.new do |s|
s.name = "ript"
s.version = Ript::VERSION
s.platform = Gem::Platform::RUBY
s.authors = [ "Lindsay Holmwood" ]
s.email = [ "lindsay@bulletproof.net" ]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would recommend updating AUTHORS.md and explaining what foundation@bulletproof.net is.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for adding the bit to AUTHORS.md!


Inspiration given by:

Matt Moor (@mattm0)

Ript is copyright Bulletproof Networks 2011-2012, all rights reserved.
Contact:
foundation@bulletproof.net will send an email to the development team wihtibn Bulletproof Networks, any issues should be raised via Github.
Copy link
Contributor
@auxesis auxesis Dec 1, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • s/wihtibn/within/
  • s/Github/GitHub/

Copy link
@ghost ghost left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

Not a show stopper but would recommend running this through a linter as there are a few stylistic things that wouldn't pass our style guide.

Minor things like the use of double quotes etc.


It is also recommended that you use [rbenv](http://rbenv.org/).

``` bash
rbenv install 1.9.3-p484
rbenv install 2.3.0
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hide comment

if the ruby-version is set to 1.9.3-p125, why install 2.3.1?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mfsgr I fix that now

after = self.dup.drop_while {|k, v| k != key }
before << opts.to_a.flatten
self.clear.merge!(Hash[before]).merge!(Hash[after])
def insert_before(key, kvpair)
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice 👍

@ghost ghost assigned elmobp and unassigned ghost Dec 1, 2016
@elmobp
Copy link
Member Author
elmobp commented Dec 2, 2016

Tests are passing again!

@elmobp
Copy link
Member Author
elmobp commented Dec 2, 2016

As for the styling, I will do this on 0.8.9

Support for 0.8.8 and Ruby 2

Documentation updates

Ensure protocol actually exists

Change author to Bulletproof

Fix tests

Add some authors

I need to fix the tests again

Update filter.rb

Fix tests

Change ruby version

Cleanup

Update filter.rb

Final release
@@ -8,9 +8,14 @@ Patches have been merged from:
Arthur Barton (@arthurbarton)
John Ferlito (@johnf)
Jesse Reynolds (@jessereynolds)
Michael Baker (@elmobp)
Greg Cockburn (gergnz)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

missing @?

# 0.8.8 - 2016/12/02
- Bug: Support for an array of protocols (@elmobp)
- Bug: Support Ruby 2.0+ (@elmobp)
- Feature: Protocol validation using /etc/protocols, by adding this support in the validation ensures many ohter parts of the software performed correctly (@elmobp)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

s/ohter/other/


GEM
remote: https://rubygems.org/
remote: http://rubygems.org/
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why did we go t F438 o http instead of https?

@@ -1,4 +1,4 @@
Copyright 2011-2012 Bulletproof Networks. All rights reserved.
Copyright 2011-2012 Bulletproof Networks.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are we actually Bulletproof Networks?, We should probably use "Bulletproof Group Ltd"

@@ -121,26 +119,44 @@ def build_rule(name, block, opts={})
end

# If we have arguments, iterate through them
if arguments.size > 0
if arguments.size > 0
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

white space at the end.

@@ -57,7 +57,7 @@ def rewrite(name, opts={}, &block)
"jump" => "ACCEPT" }

@froms.map {|from| @labels[from][:address]}.each do |address|
attributes.insert_before("destination", "source" => address)
attributes.insert_before("destination", [ "source", address ])
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

extra space in array.

@@ -113,7 +113,7 @@ def rewrite(name, opts={}, &block)
"dport" => destination_port,
"jump" => "ACCEPT" }

attributes.insert_before("destination", "source" => from_address) unless from_address == "0.0.0.0/0"
attributes.insert_before("destination", [ "source", from_address ]) unless from_address == "0.0.0.0/0"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

extra space in array.

@@ -136,7 +136,7 @@ def rewrite(name, opts={}, &block)
"dport" => port,
"jump" => "ACCEPT" }

attributes.insert_before("destination", "source" => from_address) unless from_address == "0.0.0.0/0"
attributes.insert_before("destination", [ "source" , from_address ]) unless from_address == "0.0.0.0/0"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

extra space in array.

@@ -7,8 +7,8 @@ Gem::Specification.new do |s|
s.name = "ript"
s.version = Ript::VERSION
s.platform = Gem::Platform::RUBY
s.authors = [ "Lindsay Holmwood" ]
s.email = [ "lindsay@bulletproof.net" ]
s.authors = [ "Bulletproof Networks" ]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bulletproof Group Ltd

@elmobp elmobp merged commit 834ccef into ac3cloud:master Dec 5, 2016
@elmobp elmobp removed the in progress label Dec 5, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants
0