Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bugfix: fix iptables masquerade local pod traffic error #49

Merged
merged 1 commit into from
Aug 31, 2021
Merged

bugfix: fix iptables masquerade local pod traffic error #49

merged 1 commit into from
Aug 31, 2021

Conversation

hhyasdf
Copy link
Collaborator

@hhyasdf hhyasdf commented Aug 31, 2021

Pull Request Description

Describe what this PR does / why we need it

Exist iptables rules will masquerade the traffic from remote pods to local pods, which is not supposed to be done.

Does this pull request fix one issue?

NONE

Describe how you did it

Ignore the traffic from remote pods to local pods by container host interface name. To do this, interface name "xxx_h" should be changed to "h_xxx", because iptables cannot recognize interfaces by suffix.

Describe how to verify it

Use tcpdump in overlay pod, the traffic from remote overlay pods to local pods should not be masqueraded anymore.

Special notes for reviews

Only new pod's traffic with "h_xxx" interface will be fixed, old pod with "xxx_h" named host interface should be recreate to fix this issue.

@hhyasdf hhyasdf requested a review from mars1024 August 31, 2021 08:55
@hhyasdf hhyasdf force-pushed the bugfix/fix-iptables-masquerade-local-pod-traffic-error branch from d62b6ad to 8170265 Compare August 31, 2021 08:56
mars1024
mars1024 approved these changes Aug 31, 2021
View reviewed changes
Copy link
Collaborator

@mars1024 mars1024 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
/approve

@mars1024 mars1024 merged commit cae5ab0 into alibaba:main Aug 31, 2021
@hhyasdf hhyasdf deleted the bugfix/fix-iptables-masquerade-local-pod-traffic-error branch April 18, 2023 07:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mars1024 mars1024 mars1024 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@hhyasdf @mars1024