Merge pull request #305 from nak3/use-primintf

Use primary interface to add iptables for connmark entry
aws · Jan 31, 2019 · 8f55c72 · 8f55c72
2 parents 646c120 + bda446e
commit 8f55c72
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 5 deletions.
diff --git a/pkg/networkutils/network.go b/pkg/networkutils/network.go
@@ -207,9 +207,10 @@ func (n *linuxNetwork) SetupHostNetwork(vpcCIDR *net.IPNet, vpcCIDRs []*string,
 		return errors.Wrapf(err, "host network setup: failed to delete old host rule")
 	}
 
+	primaryIntf := "eth0"
 	if n.nodePortSupportEnabled {
 
-		primaryIntf, err := findPrimaryInterfaceName(primaryMAC)
+		primaryIntf, err = findPrimaryInterfaceName(primaryMAC)
 
 		if err != nil {
 			return errors.Wrapf(err, "failed to SetupHostNetwork")
@@ -229,7 +230,7 @@ func (n *linuxNetwork) SetupHostNetwork(vpcCIDR *net.IPNet, vpcCIDRs []*string,
 		log.Debugf("Setting RPF for primary interface: %s", primaryIntfRPFilter)
 		err = n.setProcSys(primaryIntfRPFilter, rpFilterLoose)
 		if err != nil {
-			return errors.Wrapf(err, "failed to configure eth0 RPF check")
+			return errors.Wrapf(err, "failed to configure %s RPF check", primaryIntf)
 		}
 	}
 
@@ -350,7 +351,7 @@ func (n *linuxNetwork) SetupHostNetwork(vpcCIDR *net.IPNet, vpcCIDRs []*string,
 		chain:       "PREROUTING",
 		rule: []string{
 			"-m", "comment", "--comment", "AWS, primary ENI",
-			"-i", "eth0",
+			"-i", primaryIntf,
 			"-m", "addrtype", "--dst-type", "LOCAL", "--limit-iface-in",
 			"-j", "CONNMARK", "--set-mark", fmt.Sprintf("%#x/%#x", n.mainENIMark, n.mainENIMark),
 		},

diff --git a/pkg/networkutils/network_test.go b/pkg/networkutils/network_test.go
@@ -255,15 +255,20 @@ func TestSetupHostNetworkNodePortEnabled(t *testing.T) {
 	mockNetLink.EXPECT().RuleAdd(&mainENIRule)
 
 	var vpcCIDRs []*string
-	err := ln.SetupHostNetwork(testENINetIPNet, vpcCIDRs, "", &testENINetIP)
+
+	// loopback for primary device is a little bit hacky. But the test is stable and it should be
+	// OK for test purpose.
+	LoopBackMac := ""
+
+	err := ln.SetupHostNetwork(testENINetIPNet, vpcCIDRs, LoopBackMac, &testENINetIP)
 	assert.NoError(t, err)
 
 	assert.Equal(t, map[string]map[string][][]string{
 		"mangle": {
 			"PREROUTING": [][]string{
 				{
 					"-m", "comment", "--comment", "AWS, primary ENI",
-					"-i", "eth0",
+					"-i", "lo",
 					"-m", "addrtype", "--dst-type", "LOCAL", "--limit-iface-in",
 					"-j", "CONNMARK", "--set-mark", "0x80/0x80",
 				},