Flush conntrack entry when UDP service endpoint is deleted (#259)

murali-reddy · web-flow · commit 94a2ec7e17df · 2017-12-25T02:08:04.000+05:30
Fixes #157 kubernetes/kubernetes#19029 kubernetes/kubernetes#22573
diff --git a/Dockerfile b/Dockerfile
@@ -11,6 +11,7 @@ RUN apk add --no-cache \
       ipset \
       iproute2 \
       ipvsadm \
+      conntrack-tools \
       curl \
       bash && \
     mkdir -p /var/lib/gobgp && \
diff --git a/app/controllers/network_services_controller.go b/app/controllers/network_services_controller.go
@@ -537,6 +537,15 @@ func (nsc *NetworkServicesController) syncIpvsServices(serviceInfoMap serviceInf
 						glog.Errorf("Failed to delete destination %s from ipvs service %s",
 							ipvsDestinationString(dst), ipvsServiceString(ipvsSvc))
 					}
+
+					// flush conntrack when endpoint for a UDP service changes
+					if ipvsSvc.Protocol == syscall.IPPROTO_UDP {
+						_, err := exec.Command("conntrack", "-D", "--orig-dst", dst.Address.String(), "-p", "udp", "--dport", strconv.Itoa(int(dst.Port))).Output()
+						if err != nil {
+							glog.Error("Failed to delete conntrack entry for endpoint: " + dst.Address.String() + ":" + strconv.Itoa(int(dst.Port)) + " due to " + err.Error())
+						}
+						glog.Infof("Deleted conntrack entry for endpoint: " + dst.Address.String() + ":" + strconv.Itoa(int(dst.Port)))
+					}
 				}
 			}
 		}

Original file line number	Diff line number	Diff line change
`@@ -537,6 +537,15 @@ func (nsc *NetworkServicesController) syncIpvsServices(serviceInfoMap serviceInf`
`537`	`537`	`glog.Errorf("Failed to delete destination %s from ipvs service %s",`
`538`	`538`	`ipvsDestinationString(dst), ipvsServiceString(ipvsSvc))`
`539`	`539`	`}`
	`540`	`+`
	`541`	`+ // flush conntrack when endpoint for a UDP service changes`
	`542`	`+ if ipvsSvc.Protocol == syscall.IPPROTO_UDP {`
	`543`	`+ _, err := exec.Command("conntrack", "-D", "--orig-dst", dst.Address.String(), "-p", "udp", "--dport", strconv.Itoa(int(dst.Port))).Output()`
	`544`	`+ if err != nil {`
	`545`	`+ glog.Error("Failed to delete conntrack entry for endpoint: " + dst.Address.String() + ":" + strconv.Itoa(int(dst.Port)) + " due to " + err.Error())`
	`546`	`+ }`
	`547`	`+ glog.Infof("Deleted conntrack entry for endpoint: " + dst.Address.String() + ":" + strconv.Itoa(int(dst.Port)))`
	`548`	`+ }`
`540`	`549`	`}`
`541`	`550`	`}`
`542`	`551`	`}`