Add port validator to ensure configurable ports are valid

Signed-off-by: Lan Luo <[email protected]>

cmd/antrea-agent/options.go

@@ -430,13 +430,13 @@ func (o *Options) setK8sNodeDefaultOptions() {
 	if o.config.AntreaProxy.DefaultLoadBalancerMode == "" {
 		o.config.AntreaProxy.DefaultLoadBalancerMode = config.LoadBalancerModeNAT.String()
 	}
-	if o.config.ClusterMembershipPort == 0 {
+	if !isValidPort(o.config.ClusterMembershipPort) {
 		o.config.ClusterMembershipPort = apis.AntreaAgentClusterMembershipPort
 	}
 	if o.config.EnablePrometheusMetrics == nil {
 		o.config.EnablePrometheusMetrics = ptr.To(true)
 	}
-	if o.config.WireGuard.Port == 0 {
+	if !isValidPort(o.config.WireGuard.Port) {
 		o.config.WireGuard.Port = apis.WireGuardListenPort
 	}
 

cmd/antrea-agent/util.go

@@ -79,3 +79,11 @@ func parsePortRange(portRangeStr string) (start, end int, err error) {
 
 	return start, end, nil
 }
+
+// isValidPort checks if the given port number is within the valid range of 1 to 65535.
+func isValidPort(port int) bool {
+	if port < 1 || port > 65535 {
+		return false
+	}
+	return true
+}

cmd/antrea-agent/util_test.go

@@ -122,3 +122,34 @@ func TestParsePortRange(t *testing.T) {
 		})
 	}
 }
+
+func TestIsValidPort(t *testing.T) {
+	tests := []struct {
+		name     string
+		port     int
+		expected bool
+	}{
+		{
+			name:     "invalid port 0",
+			port:     0,
+			expected: false,
+		},
+		{
+			name:     "invalid port 70000",
+			port:     70000,
+			expected: false,
+		},
+		{
+			name:     "valid port",
+			port:     65500,
+			expected: true,
+		},
+	}
+
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
+			result := isValidPort(tc.port)
+			assert.Equal(t, tc.expected, result)
+		})
+	}
+}