From f981f520023adc743babfed41f8879e487ddab39 Mon Sep 17 00:00:00 2001
From: Periyasamy Palanisamy <periyasamy.palanisamy@est.tech>
Date: Thu, 9 Sep 2021 09:26:18 +0200
Subject: [PATCH] keep nse container net ns open until close is done

Signed-off-by: Periyasamy Palanisamy <periyasamy.palanisamy@est.tech>
---
 pkg/kernel/networkservice/inject/common.go | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/pkg/kernel/networkservice/inject/common.go b/pkg/kernel/networkservice/inject/common.go
index c8df718c..9dcd8165 100644
--- a/pkg/kernel/networkservice/inject/common.go
+++ b/pkg/kernel/networkservice/inject/common.go
@@ -94,7 +94,13 @@ func move(ctx context.Context, conn *networkservice.Connection, isClient, isMove
 	if !contNetNS.IsOpen() && isMoveBack {
 		contNetNS = vfConfig.ContNetNS
 	}
-	defer func() { _ = contNetNS.Close() }()
+
+	// keep NSE container's net ns open until connection close is done,.
+	// this would properly move back VF into host net namespace even when
+	// container is accidentally deleted before close.
+	if !isClient || isMoveBack {
+		defer func() { _ = contNetNS.Close() }()
+	}
 
 	ifName := mech.GetInterfaceName()
 	if !isMoveBack {