adjust comments

QxBytes · QxBytes · commit e4dcf6db9c5a · 2025-07-28T10:29:16.000-07:00
diff --git a/cni/network/invoker_cns.go b/cni/network/invoker_cns.go
@@ -243,11 +243,11 @@ func setHostOptions(ncSubnetPrefix *net.IPNet, options map[string]interface{}, i
 		},
 	}
 
+	// note: if changing any iptables rules here, make corresponding change in internalapi_linux.go on cns side
 	azureDNSUDPMatch := fmt.Sprintf(" -m addrtype ! --dst-type local -s %s -d %s -p %s --dport %d", ncSubnetPrefix.String(), networkutils.AzureDNS, iptables.UDP, iptables.DNSPort)
 	azureDNSTCPMatch := fmt.Sprintf(" -m addrtype ! --dst-type local -s %s -d %s -p %s --dport %d", ncSubnetPrefix.String(), networkutils.AzureDNS, iptables.TCP, iptables.DNSPort)
 	azureIMDSMatch := fmt.Sprintf(" -m addrtype ! --dst-type local -s %s -d %s -p %s --dport %d", ncSubnetPrefix.String(), networkutils.AzureIMDS, iptables.TCP, iptables.HTTPPort)
 
-	//snatPrimaryIPJump := fmt.Sprintf("%s --to %s", iptables.Snat, info.ncPrimaryIP)
 	// we need to snat IMDS traffic to node IP, this sets up snat '--to'
 	snatHostIPJump := fmt.Sprintf("%s --to %s", iptables.Snat, info.hostPrimaryIP)
 
diff --git a/cns/restserver/internalapi_linux.go b/cns/restserver/internalapi_linux.go
@@ -28,10 +28,7 @@ func (service *HTTPRestService) programSNATRules(req *cns.CreateNetworkContainer
 	service.Lock()
 	defer service.Unlock()
 
-	// Parse primary ip and ipnet from nnc
-	// in podsubnet case, ncPrimaryIP is the pod subnet's primary ip
-	// in vnet scale case, ncPrimaryIP is the node's ip
-	// ncPrimaryIP, _, _ := net.ParseCIDR(req.IPConfiguration.IPSubnet.IPAddress + "/" + fmt.Sprintf("%d", req.IPConfiguration.IPSubnet.PrefixLength))
+	// note: if changing any iptables rules here, make corresponding change in invoker_cns.go on cni side
 	ipt, err := service.iptables.GetIPTables()
 	if err != nil {
 		return types.UnexpectedError, fmt.Sprintf("[Azure CNS] Error. Failed to create iptables interface : %v", err)
diff --git a/cns/restserver/internalapi_linux_test.go b/cns/restserver/internalapi_linux_test.go
@@ -40,6 +40,7 @@ func TestAddSNATRules(t *testing.T) {
 	}{
 		{
 			// in pod subnet, the primary nic ip is in the same address space as the pod subnet
+			// however, we now snat azure dns traffic to the node ip for consistency across scenarios
 			name: "podsubnet",
 			input: &cns.CreateNetworkContainerRequest{
 				NetworkContainerid: ncID,

Original file line number	Diff line number	Diff line change
`@@ -40,6 +40,7 @@ func TestAddSNATRules(t *testing.T) {`
`40`	`40`	`}{`
`41`	`41`	`{`
`42`	`42`	`// in pod subnet, the primary nic ip is in the same address space as the pod subnet`
	`43`	`+ // however, we now snat azure dns traffic to the node ip for consistency across scenarios`
`43`	`44`	`name: "podsubnet",`
`44`	`45`	`input: &cns.CreateNetworkContainerRequest{`
`45`	`46`	`NetworkContainerid: ncID,`