update ipv6 security-group remote group name (#2389)

kubeovn · Mar 1, 2023 · d244551 · d244551
1 parent db435dc
commit d244551
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 2 deletions.
diff --git a/pkg/controller/security_group.go b/pkg/controller/security_group.go
@@ -364,6 +364,9 @@ func (c *Controller) syncSgLogicalPort(key string) error {
 		klog.Errorf("failed to find logical port, %v", err)
 		return err
 	}
+	if len(results) == 0 {
+		return nil
+	}
 
 	var v4s, v6s []string
 	var ports []string

diff --git a/pkg/ovs/ovn-nbctl-legacy.go b/pkg/ovs/ovn-nbctl-legacy.go
@@ -2350,10 +2350,14 @@ func (c LegacyClient) createSgRuleACL(sgName string, direction AclDirection, rul
 			matchArgs = append(matchArgs, fmt.Sprintf("inport==@%s && %s && %s.dst==%s", sgPortGroupName, ipSuffix, ipSuffix, rule.RemoteAddress))
 		}
 	} else {
+		remotePgName := GetSgV4AssociatedName(rule.RemoteSecurityGroup)
+		if rule.IPVersion == "ipv6" {
+			remotePgName = GetSgV6AssociatedName(rule.RemoteSecurityGroup)
+		}
 		if direction == SgAclIngressDirection {
-			matchArgs = append(matchArgs, fmt.Sprintf("outport==@%s && %s && %s.src==$%s", sgPortGroupName, ipSuffix, ipSuffix, GetSgV4AssociatedName(rule.RemoteSecurityGroup)))
+			matchArgs = append(matchArgs, fmt.Sprintf("outport==@%s && %s && %s.src==$%s", sgPortGroupName, ipSuffix, ipSuffix, remotePgName))
 		} else {
-			matchArgs = append(matchArgs, fmt.Sprintf("inport==@%s && %s && %s.dst==$%s", sgPortGroupName, ipSuffix, ipSuffix, GetSgV4AssociatedName(rule.RemoteSecurityGroup)))
+			matchArgs = append(matchArgs, fmt.Sprintf("inport==@%s && %s && %s.dst==$%s", sgPortGroupName, ipSuffix, ipSuffix, remotePgName))
 		}
 	}