Add retries to conntracker.ListEntries()

Signed-off-by: Daman Arora <[email protected]>

Author: adrianmoisey

pkg/proxy/conntrack/cleanup.go

@@ -20,6 +20,7 @@ limitations under the License.
 package conntrack
 
 import (
+	"errors"
 	"time"
 
 	"github.com/vishvananda/netlink"
@@ -43,8 +44,12 @@ func CleanStaleEntries(ct Interface, ipFamily v1.IPFamily,
 
 	entries, err := ct.ListEntries(ipFamilyMap[ipFamily])
 	if err != nil {
-		klog.ErrorS(err, "Failed to list conntrack entries")
-		return
+		if errors.Is(err, unix.EINTR) {
+			klog.V(2).ErrorS(err, "received a partial result, continuing to clean with partial result")
+		} else {
+			klog.ErrorS(err, "Failed to list conntrack entries")
+			return
+		}
 	}
 
 	// serviceIPEndpointIPs maps service IPs (ClusterIP, LoadBalancerIPs and ExternalIPs)

pkg/proxy/conntrack/conntrack.go

@@ -24,7 +24,9 @@ import (
 
 	"github.com/vishvananda/netlink"
 
+	"k8s.io/client-go/util/retry"
 	"k8s.io/klog/v2"
+	"k8s.io/kubernetes/pkg/proxy/util"
 )
 
 // Interface for dealing with conntrack
@@ -57,8 +59,12 @@ func newConntracker(handler netlinkHandler) Interface {
 }
 
 // ListEntries list all conntrack entries for connections of the given IP family.
-func (ct *conntracker) ListEntries(ipFamily uint8) ([]*netlink.ConntrackFlow, error) {
-	return ct.handler.ConntrackTableList(netlink.ConntrackTable, netlink.InetFamily(ipFamily))
+func (ct *conntracker) ListEntries(ipFamily uint8) (entries []*netlink.ConntrackFlow, err error) {
+	err = retry.OnError(util.MaxAttemptsEINTR, util.ShouldRetryOnEINTR, func() error {
+		entries, err = ct.handler.ConntrackTableList(netlink.ConntrackTable, netlink.InetFamily(ipFamily))
+		return err
+	})
+	return entries, err
 }
 
 // ClearEntries deletes conntrack entries for connections of the given IP family,

pkg/proxy/util/utils_linux.go

@@ -0,0 +1,31 @@
+//go:build linux
+// +build linux
+
+/*
+Copyright 2025 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package util
+
+import (
+	"errors"
+
+	"golang.org/x/sys/unix"
+
+	"k8s.io/apimachinery/pkg/util/wait"
+)
+
+var MaxAttemptsEINTR = wait.Backoff{Steps: 5}
+var ShouldRetryOnEINTR = func(err error) bool { return errors.Is(err, unix.EINTR) }