From c3698ef0e7f09cd63fff04cb6b7b018841772dee Mon Sep 17 00:00:00 2001
From: huiwq1990 <huiwq1990@163.com>
Date: Wed, 16 Feb 2022 11:08:33 +0800
Subject: [PATCH] Feature: Conntrack no matching connections process

Signed-off-by: huiwq1990 <huiwq1990@163.com>
---
 .../trafficforward/iptables/iptables.go       | 23 ++++++++++++-------
 1 file changed, 15 insertions(+), 8 deletions(-)

diff --git a/pkg/yurttunnel/trafficforward/iptables/iptables.go b/pkg/yurttunnel/trafficforward/iptables/iptables.go
index a6b46d820a7..09a1c01784c 100644
--- a/pkg/yurttunnel/trafficforward/iptables/iptables.go
+++ b/pkg/yurttunnel/trafficforward/iptables/iptables.go
@@ -45,6 +45,9 @@ const (
 	yurttunnelServerPortChain = "TUNNEL-PORT"
 	yurttunnelPortChainPrefix = "TUNNEL-PORT-"
 	defaultSyncPeriod         = 15
+
+	// NoConnectionToDelete is the error string returned by conntrack when no matching connections are found
+	NoConnectionToDelete = "0 flow entries have been deleted"
 )
 
 var (
@@ -449,19 +452,22 @@ func toCIDR(ip net.IP) string {
 	return fmt.Sprintf("%s/%d", ip.String(), size)
 }
 
-func (im *iptablesManager) clearConnTrackEntries(ips, ports []string) {
+func (im *iptablesManager) clearConnTrackEntries(ips, ports []string) error {
 	if len(im.conntrackPath) == 0 {
-		return
+		return nil
 	}
 	klog.Infof("clear conntrack entries for ports %q and nodes %q", ports, ips)
 	for _, port := range ports {
 		for _, ip := range ips {
-			im.clearConnTrackEntriesForIPPort(ip, port)
+			if err := im.clearConnTrackEntriesForIPPort(ip, port); err != nil {
+				return err
+			}
 		}
 	}
+	return nil
 }
 
-func (im *iptablesManager) clearConnTrackEntriesForIPPort(ip, port string) {
+func (im *iptablesManager) clearConnTrackEntriesForIPPort(ip, port string) error {
 	parameters := parametersWithFamily(utilnet.IsIPv6String(ip),
 		"-D", "--orig-dst",
 		ip, "-p",
@@ -469,13 +475,14 @@ func (im *iptablesManager) clearConnTrackEntriesForIPPort(ip, port string) {
 	output, err := im.execer.
 		Command(im.conntrackPath, parameters...).
 		CombinedOutput()
-	if err != nil {
+
+	if err != nil && !strings.Contains(err.Error(), NoConnectionToDelete) {
 		klog.Errorf("clear conntrack for %s:%s failed: %q, error message: %s",
 			ip, port, string(output), err)
-		return
+		return fmt.Errorf("clear conntrack for %s:%s failed: %q, error message: %s",
+			ip, port, string(output), err)
 	}
-	klog.Infof("clear conntrack for %s:%s successfully: %q",
-		ip, port, string(output))
+	return nil
 }
 
 func parametersWithFamily(isIPv6 bool, parameters ...string) []string {