some fixes

kubeovn · Mar 22, 2023 · ffba1ee · ffba1ee
1 parent 38d6124
commit ffba1ee
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 10 deletions.
diff --git a/pkg/daemon/gateway_linux.go b/pkg/daemon/gateway_linux.go
@@ -529,19 +529,17 @@ func (c *Controller) setIptables() error {
 			}
 		}
 
-		var ovnSubnetGatewayCountRules []util.IPTableRule
 		_, subnetCidrs, err := c.getDefaultVpcSubnetsCIDR(protocol)
 		if err != nil {
 			klog.Errorf("get subnets failed, %+v", err)
 			return err
 		}
 
 		for name, subnetCidr := range subnetCidrs {
-			ovnSubnetGatewayCountRules = []util.IPTableRule{
-				{Table: "filter", Chain: "FORWARD", Rule: strings.Fields(fmt.Sprintf(`-m comment --comment %s,%s -s %s`, util.OvnSubnetGatewayIptables, name, subnetCidr))},
-				{Table: "filter", Chain: "FORWARD", Rule: strings.Fields(fmt.Sprintf(`-m comment --comment %s,%s -d %s`, util.OvnSubnetGatewayIptables, name, subnetCidr))},
-			}
-			iptablesRules = append(iptablesRules, ovnSubnetGatewayCountRules...)
+			iptablesRules = append(iptablesRules,
+				util.IPTableRule{Table: "filter", Chain: "FORWARD", Rule: strings.Fields(fmt.Sprintf(`-m comment --comment %s,%s -s %s`, util.OvnSubnetGatewayIptables, name, subnetCidr))},
+				util.IPTableRule{Table: "filter", Chain: "FORWARD", Rule: strings.Fields(fmt.Sprintf(`-m comment --comment %s,%s -d %s`, util.OvnSubnetGatewayIptables, name, subnetCidr))},
+			)
 		}
 
 		rules, err := c.iptables[protocol].List("filter", "FORWARD")
@@ -564,9 +562,11 @@ func (c *Controller) setIptables() error {
 			}
 
 			if isAbandonRule {
-				rule := strings.ReplaceAll(rule, `"`, "")
 				// rule[11:] skip "-A FORWARD "
-				abandonedRules = append(abandonedRules, util.IPTableRule{Table: "filter", Chain: "FORWARD", Rule: strings.Fields(rule[11:])})
+				if err = deleteIptablesRule(c.ControllerRuntime.iptables[protocol], util.IPTableRule{Table: "filter", Chain: "FORWARD", Rule: util.DoubleQuotedFields(rule[11:])}); err != nil {
+					klog.Error(err)
+					return err
+				}
 			}
 		}
 

diff --git a/test/e2e/kube-ovn/subnet/subnet.go b/test/e2e/kube-ovn/subnet/subnet.go
@@ -51,8 +51,8 @@ func checkIptablesRulesOnNode(f *framework.Framework, node, table, chain, subnet
 	}
 	cmd := fmt.Sprintf(`%s -t %s -S %s`, iptBin, table, chain)
 	expectedRules := []string{
-		fmt.Sprintf(`-A %s -d %s -m comment --comment "ovn-subnet-gateway,%s"`, chain, cidr, subnet),
-		fmt.Sprintf(`-A %s -s %s -m comment --comment "ovn-subnet-gateway,%s"`, chain, cidr, subnet),
+		fmt.Sprintf(`-A %s -d %s -m comment --comment "%s,%s"`, chain, cidr, util.OvnSubnetGatewayIptables, subnet),
+		fmt.Sprintf(`-A %s -s %s -m comment --comment "%s,%s"`, chain, cidr, util.OvnSubnetGatewayIptables, subnet),
 	}
 	framework.WaitUntil(func() (bool, error) {
 		output := e2epodoutput.RunHostCmdOrDie(ovsPod.Namespace, ovsPod.Name, cmd)