What version of gRPC and what language are you using?
1.27.1 python
What operating system (Linux, Windows,...) and version?
Debian 10 (python:3.7-slim)
What runtime / compiler are you using (e.g. python version or version of gcc)
Python 3.7
What did you do?
Spun up a container in a local k8s development environment with NO_PROXY set to include the local CIDR range for the cluster internal IP addresses in addition to other settings for the internal corp network so that it could connect via GRPC to another pod within the cluster while also accessing resources external to the corporate network.
What did you expect to see?
Client should connect without going through the proxy
What did you see instead?
Debug logs showing response from the proxy and connection failed.
Anything else we should know about your project / environment?
Looking at the code
|
if (no_proxy_len <= uri_len && |
|
gpr_stricmp(no_proxy_entry, |
|
&(server_host.get()[uri_len - no_proxy_len])) == 0) { |
|
gpr_log(GPR_INFO, "not using proxy for host in no_proxy list '%s'", |
|
server_uri); |
|
use_proxy = false; |
|
break; |
|
} |
I can see that it currently should work for complete matches for IP addresses, hostnames and I think domains, though I'm a little rusty with C so I'm not completely sure. Looks like the piece of code
&(server_host.get()[uri_len - no_proxy_len])) is indexing into the string for a starting point so that if you have
hostname.domainname and
.domainname is in the no_proxy that it would start the comparison from the 9th character in the server_host variable in order to compare domain names only.
Though this does look like there is a subtle bug should someone use a domain name in the no_proxy without a leading dot as domainname would also match hostname.someotherdomainname as well
I'm thinking making use of something like https://stackoverflow.com/a/28535174/1597808 and if the return value is >=0 then https://stackoverflow.com/a/31041121/1597808 would be used to complete the comparison. Little unsure if it's correct to convert the server_host to an IP address in such a case if it's not already an IP.
Is it worth making a stab at fixing this?
What version of gRPC and what language are you using?
1.27.1 python
What operating system (Linux, Windows,...) and version?
Debian 10 (python:3.7-slim)
What runtime / compiler are you using (e.g. python version or version of gcc)
Python 3.7
What did you do?
Spun up a container in a local k8s development environment with NO_PROXY set to include the local CIDR range for the cluster internal IP addresses in addition to other settings for the internal corp network so that it could connect via GRPC to another pod within the cluster while also accessing resources external to the corporate network.
What did you expect to see?
Client should connect without going through the proxy
What did you see instead?
Debug logs showing response from the proxy and connection failed.
Anything else we should know about your project / environment?
Looking at the code
grpc/src/core/ext/filters/client_channel/http_proxy.cc
Lines 147 to 154 in 4466a4c
&(server_host.get()[uri_len - no_proxy_len]))is indexing into the string for a starting point so that if you havehostname.domainnameand.domainnameis in the no_proxy that it would start the comparison from the 9th character in the server_host variable in order to compare domain names only.Though this does look like there is a subtle bug should someone use a domain name in the no_proxy without a leading dot as
domainnamewould also matchhostname.someotherdomainnameas wellI'm thinking making use of something like https://stackoverflow.com/a/28535174/1597808 and if the return value is >=0 then https://stackoverflow.com/a/31041121/1597808 would be used to complete the comparison. Little unsure if it's correct to convert the server_host to an IP address in such a case if it's not already an IP.
Is it worth making a stab at fixing this?