diff --git a/pkg/networkutils/network.go b/pkg/networkutils/network.go index 724048ec45..0245be6318 100644 --- a/pkg/networkutils/network.go +++ b/pkg/networkutils/network.go @@ -207,9 +207,10 @@ func (n *linuxNetwork) SetupHostNetwork(vpcCIDR *net.IPNet, vpcCIDRs []*string, return errors.Wrapf(err, "host network setup: failed to delete old host rule") } + primaryIntf := "eth0" if n.nodePortSupportEnabled { - primaryIntf, err := findPrimaryInterfaceName(primaryMAC) + primaryIntf, err = findPrimaryInterfaceName(primaryMAC) if err != nil { return errors.Wrapf(err, "failed to SetupHostNetwork") @@ -350,7 +351,7 @@ func (n *linuxNetwork) SetupHostNetwork(vpcCIDR *net.IPNet, vpcCIDRs []*string, chain: "PREROUTING", rule: []string{ "-m", "comment", "--comment", "AWS, primary ENI", - "-i", "eth0", + "-i", primaryIntf, "-m", "addrtype", "--dst-type", "LOCAL", "--limit-iface-in", "-j", "CONNMARK", "--set-mark", fmt.Sprintf("%#x/%#x", n.mainENIMark, n.mainENIMark), }, diff --git a/pkg/networkutils/network_test.go b/pkg/networkutils/network_test.go index d9e04438cb..368564e6f5 100644 --- a/pkg/networkutils/network_test.go +++ b/pkg/networkutils/network_test.go @@ -255,7 +255,12 @@ func TestSetupHostNetworkNodePortEnabled(t *testing.T) { mockNetLink.EXPECT().RuleAdd(&mainENIRule) var vpcCIDRs []*string - err := ln.SetupHostNetwork(testENINetIPNet, vpcCIDRs, "", &testENINetIP) + + // loopback for primary device is a little bit hacky. But the test is stable and it should be + // OK for test purpose. + LoopBackMac := "" + + err := ln.SetupHostNetwork(testENINetIPNet, vpcCIDRs, LoopBackMac, &testENINetIP) assert.NoError(t, err) assert.Equal(t, map[string]map[string][][]string{ @@ -263,7 +268,7 @@ func TestSetupHostNetworkNodePortEnabled(t *testing.T) { "PREROUTING": [][]string{ { "-m", "comment", "--comment", "AWS, primary ENI", - "-i", "eth0", + "-i", "lo", "-m", "addrtype", "--dst-type", "LOCAL", "--limit-iface-in", "-j", "CONNMARK", "--set-mark", "0x80/0x80", },