From 94a2ec7e17dfc76fa998a49e223805e33e06d0fd Mon Sep 17 00:00:00 2001 From: Murali Reddy Date: Mon, 25 Dec 2017 02:08:04 +0530 Subject: [PATCH] Flush conntrack entry when UDP service endpoint is deleted (#259) Fixes #157 kubernetes/kubernetes#19029 kubernetes/kubernetes#22573 --- Dockerfile | 1 + app/controllers/network_services_controller.go | 9 +++++++++ 2 files changed, 10 insertions(+) diff --git a/Dockerfile b/Dockerfile index 11b69b3e..637e61d9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -11,6 +11,7 @@ RUN apk add --no-cache \ ipset \ iproute2 \ ipvsadm \ + conntrack-tools \ curl \ bash && \ mkdir -p /var/lib/gobgp && \ diff --git a/app/controllers/network_services_controller.go b/app/controllers/network_services_controller.go index 30b79b72..7a242a0e 100644 --- a/app/controllers/network_services_controller.go +++ b/app/controllers/network_services_controller.go @@ -537,6 +537,15 @@ func (nsc *NetworkServicesController) syncIpvsServices(serviceInfoMap serviceInf glog.Errorf("Failed to delete destination %s from ipvs service %s", ipvsDestinationString(dst), ipvsServiceString(ipvsSvc)) } + + // flush conntrack when endpoint for a UDP service changes + if ipvsSvc.Protocol == syscall.IPPROTO_UDP { + _, err := exec.Command("conntrack", "-D", "--orig-dst", dst.Address.String(), "-p", "udp", "--dport", strconv.Itoa(int(dst.Port))).Output() + if err != nil { + glog.Error("Failed to delete conntrack entry for endpoint: " + dst.Address.String() + ":" + strconv.Itoa(int(dst.Port)) + " due to " + err.Error()) + } + glog.Infof("Deleted conntrack entry for endpoint: " + dst.Address.String() + ":" + strconv.Itoa(int(dst.Port))) + } } } }