Skip to content

Commit

Permalink
Bug fix: endpoint dnat flows should resubmit packets to cnp egress ta…
Browse files Browse the repository at this point in the history
…ble (#1119)

Endpoint dnat flows should resubmit packets to the first cnp egress
table instead of the EgressRuleTable, otherwise cnp will not take effect
on service traffic.

Signed-off-by: Weiqiang Tang <weiqiangt@vmware.com>
  • Loading branch information
weiqiangt authored Aug 21, 2020
1 parent 3a04970 commit 36e674f
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions pkg/agent/openflow/pipeline.go
Original file line number Diff line number Diff line change
Expand Up @@ -1249,12 +1249,13 @@ func (c *client) serviceLBFlow(groupID binding.GroupIDType, svcIP net.IP, svcPor
func (c *client) endpointDNATFlow(endpointIP net.IP, endpointPort uint16, protocol binding.Protocol) binding.Flow {
ipVal := binary.BigEndian.Uint32(endpointIP)
unionVal := (marksRegServiceSelected << endpointPortRegRange.Length()) + uint32(endpointPort)
return c.pipeline[endpointDNATTable].BuildFlow(priorityNormal).
table := c.pipeline[endpointDNATTable]
return table.BuildFlow(priorityNormal).
Cookie(c.cookieAllocator.Request(cookie.Service).Raw()).
MatchProtocol(protocol).
MatchReg(int(endpointIPReg), ipVal).
MatchRegRange(int(endpointPortReg), unionVal, binding.Range{0, 18}).
Action().CT(true, EgressRuleTable, CtZone).
Action().CT(true, table.GetNext(), CtZone).
DNAT(
&binding.IPRange{StartIP: endpointIP, EndIP: endpointIP},
&binding.PortRange{StartPort: endpointPort, EndPort: endpointPort},
Expand Down

0 comments on commit 36e674f

Please sign in to comment.