Merge pull request #22 from aojea/panic1

Don't panic on small packets

Author: aojea

pkg/networkpolicy/controller_test.go

@@ -14,7 +14,6 @@ import (
 	"k8s.io/component-base/logs"
 	"k8s.io/klog/v2"
 	"k8s.io/utils/ptr"
-	"sigs.k8s.io/knftables"
 )
 
 type netpolTweak func(networkPolicy *networkingv1.NetworkPolicy)
@@ -102,15 +101,13 @@ type networkpolicyController struct {
 }
 
 func newController() *networkpolicyController {
-	nft := knftables.NewFake(knftables.InetFamily, "kube-netpol")
 	client := fake.NewSimpleClientset()
 	informersFactory := informers.NewSharedInformerFactory(client, 0)
 	controller := NewController(client,
 		informersFactory.Networking().V1().NetworkPolicies(),
 		informersFactory.Core().V1().Namespaces(),
 		informersFactory.Core().V1().Pods(),
-		nft,
-		100,
+		Config{},
 	)
 	controller.networkpoliciesSynced = alwaysReady
 	controller.namespacesSynced = alwaysReady

pkg/networkpolicy/packet.go

@@ -61,13 +61,17 @@ func parsePacket(b []byte) (packet, error) {
 		return t, fmt.Errorf("unknown versions %d", version)
 	}
 
+	var dataOffset int
 	switch protocol {
 	case 6:
 		t.proto = v1.ProtocolTCP
+		dataOffset = int(b[hdrlen+12] >> 4) // data offset
 	case 17:
 		t.proto = v1.ProtocolUDP
+		dataOffset = hdrlen + 8 // data starts after
 	case 132:
 		t.proto = v1.ProtocolSCTP
+		dataOffset = hdrlen + 8
 	default:
 		return t, fmt.Errorf("unknown protocol %d", protocol)
 	}
@@ -76,7 +80,6 @@ func parsePacket(b []byte) (packet, error) {
 	t.dstPort = int(binary.BigEndian.Uint16(b[hdrlen+2 : hdrlen+4]))
 	// Obtain the offset of the payload
 	// TODO allow to filter by the payload
-	dataOffset := int(b[hdrlen+12] >> 4)
 	if len(b) >= hdrlen+dataOffset {
 		t.payload = b[hdrlen+dataOffset:]
 	}