Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Automated cherry pick of #6193: Fix that AntreaProxy could unintentionally delete conntrack #6405

Merged
merged 1 commit into from
Jun 6, 2024
Merged

Automated cherry pick of #6193: Fix that AntreaProxy could unintentionally delete conntrack #6405

merged 1 commit into from
Jun 6, 2024

Conversation

hongliangl
Copy link
Contributor

Cherry pick of #6193 on release-1.15.

#6193: Fix that AntreaProxy could unintentionally delete conntrack

For details on the cherry pick process, see the cherry pick requests page.

@hongliangl hongliangl added the kind/cherry-pick Categorizes issue or PR as related to the cherry-pick of a bug fix from the main branch to a release label Jun 5, 2024
@tnqn
Copy link
Member

tnqn commented Jun 5, 2024

It doesn't seem correct as the go.sum is not updated

@hongliangl
Fix that AntreaProxy could unintentionally delete conntrack entries i…
cdc5a9c 
…n zone 0 (antrea-io#6193)

This is a subsequent PR for antrea-io#5112. As mentioned in antrea-io#5112:

> Due to the restriction of the go library 'netlink', there is no API to specify a
  target zone. As a result, when deleting a stale conntrack entry with a
  destination port (such as NodePort), not only will the conntrack entry whose
  destination port is the port added by AntreaProxy be deleted, but also the
  conntrack entry that is not added by AntreaProxy will be deleted. This behavior
  is unexpected, as only the conntrack entries added by AntreaProxy should be
  deleted.

This PR resolves the issue by integrating a CT zone filter, now available in
the latest Go library `netlink`. Leveraging this feature, AntreaProxy can
accurately delete stale UDP conntrack entries.

Signed-off-by: Hongliang Liu <lhongliang@vmware.com>
@hongliangl hongliangl force-pushed the automated-cherry-pick-of-#6193-upstream_https-release-1.15 branch from a54530c to cdc5a9c Compare June 5, 2024 15:59
@hongliangl
Copy link
Contributor Author

It doesn't seem correct as the go.sum is not updated

Resolved.

@hongliangl
Copy link
Contributor Author

/skip-all

tnqn
tnqn approved these changes Jun 6, 2024
View reviewed changes
Copy link
Member

@tnqn tnqn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@tnqn
Copy link
Member

tnqn commented Jun 6, 2024

/skip-all

@tnqn tnqn merged commit 24be55a into antrea-io:release-1.15 Jun 6, 2024
43 of 47 checks passed
@hongliangl hongliangl deleted the automated-cherry-pick-of-#6193-upstream_https-release-1.15 branch June 6, 2024 07:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tnqn tnqn tnqn approved these changes

Assignees
No one assigned
Labels
kind/cherry-pick Categorizes issue or PR as related to the cherry-pick of a bug fix from the main branch to a release
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@hongliangl @tnqn