Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Automated cherry pick of #2318: Fix cross-Node service access when AntreaProxy is disabled #2324

Merged
merged 1 commit into from
Jul 5, 2021
Merged

Automated cherry pick of #2318: Fix cross-Node service access when AntreaProxy is disabled #2324

merged 1 commit into from
Jul 5, 2021

Conversation

tnqn
Copy link
Member

@tnqn tnqn commented Jun 29, 2021

Cherry pick of #2318 on release-1.0.

#2318: Fix cross-Node service access when AntreaProxy is disabled

For details on the cherry pick process, see the cherry pick requests page.

@tnqn tnqn added the kind/cherry-pick Categorizes issue or PR as related to the cherry-pick of a bug fix from the main branch to a release label Jun 29, 2021
@codecov-commenter
Copy link

codecov-commenter commented Jun 29, 2021
edited
Loading

Codecov Report

Merging #2324 (6bc5de2) into release-1.0 (e8bf52d) will decrease coverage by 28.40%.
The diff coverage is 84.61%.

❗ Current head 6bc5de2 differs from pull request most recent head 6b9db47. Consider uploading reports for the commit 6b9db47 to get more accurate results
Impacted file tree graph

@@               Coverage Diff                @@
##           release-1.0    #2324       +/-   ##
================================================
- Coverage        61.07%   32.67%   -28.41%     
================================================
  Files              272      266        -6     
  Lines            20404    19592      -812     
================================================
- Hits             12462     6401     -6061     
- Misses            6645    12404     +5759     
+ Partials          1297      787      -510
Flag Coverage Δ
e2e-tests 32.67% <84.61%> (?)
kind-e2e-tests ?
unit-tests ?

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
pkg/agent/proxy/types/groupcounter.go 87.50% <50.00%> (-7.74%) ⬇️
pkg/agent/openflow/client.go 33.77% <100.00%> (-25.49%) ⬇️
pkg/agent/openflow/pipeline.go 50.39% <100.00%> (-19.47%) ⬇️
pkg/agent/proxy/proxier.go 52.21% <100.00%> (-11.40%) ⬇️
pkg/ipfix/ipfix_set.go 0.00% <0.00%> (-100.00%) ⬇️
pkg/ipfix/ipfix_process.go 0.00% <0.00%> (-100.00%) ⬇️
pkg/ipfix/ipfix_registry.go 0.00% <0.00%> (-100.00%) ⬇️
pkg/ovs/ovsctl/ovsctl_others.go 0.00% <0.00%> (-100.00%) ⬇️
pkg/agent/nodeportlocal/rules/rules.go 0.00% <0.00%> (-100.00%) ⬇️
pkg/agent/controller/egress/id_allocator.go 0.00% <0.00%> (-100.00%) ⬇️
... and 134 more

@tnqn
Copy link
Member Author

tnqn commented Jun 29, 2021

/test-conformance
/test-e2e
/test-networkpolicy

@tnqn
Copy link
Member Author

tnqn commented Jul 2, 2021

@antoninbas could you help approve this one and #2325?

@tnqn
Fix cross-Node service access when AntreaProxy is disabled
6b9db47 
When AntreaProxy is disabled, if the reply traffic of a connection that
has been processed by iptables/ipvs rules (of kube-proxy) is received
from the tunnel interface, its destination MAC would be rewritten twice
because it would have both gatewayCTMark and macRewriteMark set. The
latter rewriting would overwrite the former one and would cause the
packets to be delivered to the destination Pod directly without doing
reversed NAT in the host netns.

This patch fixes it by making the pipeline rewrite the destination MAC
as most once. It moves the gatewayCTMark related MAC rewriting flow to
l3ForwardingTable, to make L3 forwarding decision in same table
uniformly. It also simplifies the two gatewayCTMark related flows by
matching the direction of traffic which ensures the flow doesn't apply
to traffic from the gateway interface.

Signed-off-by: Quan Tian <[email protected]>
@tnqn tnqn force-pushed the automated-cherry-pick-of-#2318-upstream-release-1.0 branch from 1afd93f to 6b9db47 Compare July 2, 2021 13:37
@tnqn
Copy link
Member Author

tnqn commented Jul 2, 2021

/test-all

@tnqn
Copy link
Member Author

tnqn commented Jul 5, 2021

/test-e2e

@tnqn tnqn merged commit f98d795 into antrea-io:release-1.0 Jul 5, 2021
@tnqn tnqn deleted the automated-cherry-pick-of-#2318-upstream-release-1.0 branch July 5, 2021 07:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@antoninbas antoninbas antoninbas approved these changes

Assignees
No one assigned
Labels
kind/cherry-pick Categorizes issue or PR as related to the cherry-pick of a bug fix from the main branch to a release
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@tnqn @codecov-commenter @antoninbas