Skip to content

Commit

Permalink
Feature: Conntrack no matching connections process (openyurtio#741)
Browse files Browse the repository at this point in the history 
Signed-off-by: huiwq1990 <huiwq1990@163.com>
  • Loading branch information
@huiwq1990
huiwq1990 authored Mar 3, 2022
1 parent b5159af commit 488cef9
Showing 1 changed file with 15 additions and 8 deletions.
23 changes: 15 additions & 8 deletions pkg/yurttunnel/trafficforward/iptables/iptables.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,9 @@ const (
yurttunnelServerPortChain = "TUNNEL-PORT"
yurttunnelPortChainPrefix = "TUNNEL-PORT-"
defaultSyncPeriod = 15

// NoConnectionToDelete is the error string returned by conntrack when no matching connections are found
NoConnectionToDelete = "0 flow entries have been deleted"
)

var (
Expand Down Expand Up @@ -449,33 +452,37 @@ func toCIDR(ip net.IP) string {
return fmt.Sprintf("%s/%d", ip.String(), size)
}

func (im *iptablesManager) clearConnTrackEntries(ips, ports []string) {
func (im *iptablesManager) clearConnTrackEntries(ips, ports []string) error {
if len(im.conntrackPath) == 0 {
return
return nil
}
klog.Infof("clear conntrack entries for ports %q and nodes %q", ports, ips)
for _, port := range ports {
for _, ip := range ips {
im.clearConnTrackEntriesForIPPort(ip, port)
if err := im.clearConnTrackEntriesForIPPort(ip, port); err != nil {
return err
}
}
}
return nil
}

func (im *iptablesManager) clearConnTrackEntriesForIPPort(ip, port string) {
func (im *iptablesManager) clearConnTrackEntriesForIPPort(ip, port string) error {
parameters := parametersWithFamily(utilnet.IsIPv6String(ip),
"-D", "--orig-dst",
ip, "-p",
"tcp", "--dport", port)
output, err := im.execer.
Command(im.conntrackPath, parameters...).
CombinedOutput()
if err != nil {

if err != nil && !strings.Contains(err.Error(), NoConnectionToDelete) {
klog.Errorf("clear conntrack for %s:%s failed: %q, error message: %s",
ip, port, string(output), err)
return
return fmt.Errorf("clear conntrack for %s:%s failed: %q, error message: %s",
ip, port, string(output), err)
}
klog.Infof("clear conntrack for %s:%s successfully: %q",
ip, port, string(output))
return nil
}

func parametersWithFamily(isIPv6 bool, parameters ...string) []string {
Expand Down

0 comments on commit 488cef9

Please # to comment.