fix: tproxy skip conntrack zone split flag value (#4334)

The flag was used wrong (flag --skip-dns-conntrack-zone-split was treated like it would enable dns conntrack zone splitting rules instead of disable) Updated experimental iptables engine (kumahq/kuma-net) to v0.2.3 which includes conditional dns conntrack zone splitting if the conntrack iptables extension is present and logging warning and moving forward if not (WSL2) Signed-off-by: Bart Smykla <bartek@smykla.com>
kumahq · May 24, 2022 · 0df17b4 · 0df17b4
1 parent 76267d5
commit 0df17b4
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 6 deletions.
diff --git a/go.mod b/go.mod
@@ -24,7 +24,7 @@ require (
 	github.com/gruntwork-io/terratest v0.40.10
 	github.com/hoisie/mustache v0.0.0-20160804235033-6375acf62c69
 	github.com/kelseyhightower/envconfig v1.4.0
-	github.com/kumahq/kuma-net v0.2.2
+	github.com/kumahq/kuma-net v0.2.3
 	github.com/kumahq/protoc-gen-kumadoc v0.2.0
 	github.com/lib/pq v1.10.6
 	github.com/miekg/dns v1.1.49

diff --git a/go.sum b/go.sum
@@ -971,10 +971,8 @@ github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/ktrysmt/go-bitbucket v0.6.4/go.mod h1:9u0v3hsd2rqCHRIpbir1oP7F58uo5dq19sBYvuMoyQ4=
 github.com/kumahq/go-control-plane v0.9.10-0.20211022075049-d35edcf0813a h1:RtOjGzZDv0JDtpWthWmxDHXhZRnJBaeIoIHcQrigWdE=
 github.com/kumahq/go-control-plane v0.9.10-0.20211022075049-d35edcf0813a/go.mod h1:utjuSZ1DPHuYf0cTZ8WEsaQf5bwmT1TZiWaQjpJtBF0=
-github.com/kumahq/kuma-net v0.2.1 h1:tzubnThQQLGvUvgnc62oNpkzR7ewLWWqRrI0fssdnZw=
-github.com/kumahq/kuma-net v0.2.1/go.mod h1:dUqPEm6BP7TqQvaqYDXnwITekoxdtmXTd6UXVlq3n9w=
-github.com/kumahq/kuma-net v0.2.2 h1:crfuCBbfqFcTnXuiz4QMsuD6aNZ8JLVeYR+MlvEj7+Y=
-github.com/kumahq/kuma-net v0.2.2/go.mod h1:dUqPEm6BP7TqQvaqYDXnwITekoxdtmXTd6UXVlq3n9w=
+github.com/kumahq/kuma-net v0.2.3 h1:pPTfcJTnTPblbbT0WOGo9foMEjCX//4G3Eb2eucgiXs=
+github.com/kumahq/kuma-net v0.2.3/go.mod h1:dUqPEm6BP7TqQvaqYDXnwITekoxdtmXTd6UXVlq3n9w=
 github.com/kumahq/protoc-gen-kumadoc v0.2.0 h1:3P1PZyw/tI1TYL6QmaePuLqGuarhYkL9ZxjN2yPTLXY=
 github.com/kumahq/protoc-gen-kumadoc v0.2.0/go.mod h1:F+c9RjgKlv1Q3UEoPJCtMJw8Fd+X5PfG5jlkTSfZOMA=
 github.com/lann/builder v0.0.0-20180802200727-47ae307949d0/go.mod h1:dXGbAdH5GtBTC4WfIxhKZfyBF/HBFgRZSWwZ9g/He9o=

diff --git a/pkg/transparentproxy/transparentproxy_experimental.go b/pkg/transparentproxy/transparentproxy_experimental.go
@@ -147,7 +147,7 @@ func (tp *ExperimentalTransparentProxy) Setup(tpConfig *config.TransparentProxyC
 			DNS: kumanet_config.DNS{
 				Enabled:            tpConfig.RedirectAllDNSTraffic,
 				Port:               uint16(agentDNSListenerPort),
-				ConntrackZoneSplit: tpConfig.SkipDNSConntrackZoneSplit,
+				ConntrackZoneSplit: !tpConfig.SkipDNSConntrackZoneSplit,
 			},
 		},
 		IPv6:    ipv6,