Skip to content

Commit 67a6f9a

Browse files
rbtrrbtr
authored
add tcp dns snat in swift scenario (#1437)
Signed-off-by: Evan Baker <[email protected]>
1 parent b1c9ebd commit 67a6f9a

File tree

2 files changed

+9
-4
lines changed

2 files changed

+9
-4
lines changed

cni/network/invoker_cns.go

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -152,7 +152,6 @@ func (invoker *CNSIPAMInvoker) Add(addConfig IPAMAddConfig) (IPAMAddResult, erro
152152
}
153153

154154
func setHostOptions(ncSubnetPrefix *net.IPNet, options map[string]interface{}, info *IPv4ResultInfo) error {
155-
156155
// get the host ip
157156
hostIP := net.ParseIP(info.hostPrimaryIP)
158157
if hostIP == nil {
@@ -173,7 +172,8 @@ func setHostOptions(ncSubnetPrefix *net.IPNet, options map[string]interface{}, i
173172
},
174173
}
175174

176-
azureDNSMatch := fmt.Sprintf(" -m addrtype ! --dst-type local -s %s -d %s -p %s --dport %d", ncSubnetPrefix.String(), networkutils.AzureDNS, iptables.UDP, iptables.DNSPort)
175+
azureDNSUDPMatch := fmt.Sprintf(" -m addrtype ! --dst-type local -s %s -d %s -p %s --dport %d", ncSubnetPrefix.String(), networkutils.AzureDNS, iptables.UDP, iptables.DNSPort)
176+
azureDNSTCPMatch := fmt.Sprintf(" -m addrtype ! --dst-type local -s %s -d %s -p %s --dport %d", ncSubnetPrefix.String(), networkutils.AzureDNS, iptables.TCP, iptables.DNSPort)
177177
azureIMDSMatch := fmt.Sprintf(" -m addrtype ! --dst-type local -s %s -d %s -p %s --dport %d", ncSubnetPrefix.String(), networkutils.AzureIMDS, iptables.TCP, iptables.HTTPPort)
178178

179179
snatPrimaryIPJump := fmt.Sprintf("%s --to %s", iptables.Snat, info.ncPrimaryIP)
@@ -182,8 +182,9 @@ func setHostOptions(ncSubnetPrefix *net.IPNet, options map[string]interface{}, i
182182
options[network.IPTablesKey] = []iptables.IPTableEntry{
183183
iptables.GetCreateChainCmd(iptables.V4, iptables.Nat, iptables.Swift),
184184
iptables.GetAppendIptableRuleCmd(iptables.V4, iptables.Nat, iptables.Postrouting, "", iptables.Swift),
185-
// add a snat rule to primary NC IP for DNS
186-
iptables.GetInsertIptableRuleCmd(iptables.V4, iptables.Nat, iptables.Swift, azureDNSMatch, snatPrimaryIPJump),
185+
// add a snat rules to primary NC IP for DNS
186+
iptables.GetInsertIptableRuleCmd(iptables.V4, iptables.Nat, iptables.Swift, azureDNSUDPMatch, snatPrimaryIPJump),
187+
iptables.GetInsertIptableRuleCmd(iptables.V4, iptables.Nat, iptables.Swift, azureDNSTCPMatch, snatPrimaryIPJump),
187188
// add a snat rule to node IP for IMDS http traffic
188189
iptables.GetInsertIptableRuleCmd(iptables.V4, iptables.Nat, iptables.Swift, azureIMDSMatch, snatHostIPJump),
189190
}

cni/network/invoker_cns_test.go

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -268,6 +268,10 @@ func Test_setHostOptions(t *testing.T) {
268268
Version: "4",
269269
Params: "-t nat -I SWIFT 1 -m addrtype ! --dst-type local -s 10.0.1.0/24 -d 168.63.129.16 -p udp --dport 53 -j SNAT --to 10.0.1.20",
270270
},
271+
{
272+
Version: "4",
273+
Params: "-t nat -I SWIFT 1 -m addrtype ! --dst-type local -s 10.0.1.0/24 -d 168.63.129.16 -p tcp --dport 53 -j SNAT --to 10.0.1.20",
274+
},
271275
{
272276
Version: "4",
273277
Params: "-t nat -I SWIFT 1 -m addrtype ! --dst-type local -s 10.0.1.0/24 -d 169.254.169.254 -p tcp --dport 80 -j SNAT --to 10.0.0.3",

0 commit comments

Comments
 (0)