From 5a056e731f23546296d9fc3be02e1ea2073fad67 Mon Sep 17 00:00:00 2001
From: Tim Rozet <trozet@redhat.com>
Date: Tue, 4 Oct 2022 13:24:58 -0400
Subject: [PATCH] Fixes incorrect GR hairpin flows

Now that the special masquerade IPs are assigned to the interface, they
default flows that end up DNAT'ing return traffic from the GR->host from
masquerade ip -> host ip were being overridden with secondary ip flows
for extra ips. This fixes it by skipping special ips when evaluting the
extra ips on a node.

Signed-off-by: Tim Rozet <trozet@redhat.com>
---
 go-controller/pkg/node/gateway_shared_intf.go | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/go-controller/pkg/node/gateway_shared_intf.go b/go-controller/pkg/node/gateway_shared_intf.go
index 6ffeab8712d..94a244c0db4 100644
--- a/go-controller/pkg/node/gateway_shared_intf.go
+++ b/go-controller/pkg/node/gateway_shared_intf.go
@@ -954,6 +954,11 @@ func flowsForDefaultBridge(bridge *bridgeConfiguration, extraIPs []net.IP) ([]st
 				continue
 			}
 
+			// not needed for special masquerade IP
+			if ip.Equal(net.ParseIP(types.V4HostMasqueradeIP)) {
+				continue
+			}
+
 			dftFlows = append(dftFlows,
 				fmt.Sprintf("cookie=%s, priority=500, in_port=%s, ip, ip_dst=%s, ip_src=%s,"+
 					"actions=ct(commit,zone=%d,table=4)",
@@ -1005,6 +1010,11 @@ func flowsForDefaultBridge(bridge *bridgeConfiguration, extraIPs []net.IP) ([]st
 				continue
 			}
 
+			// not needed for special masquerade IP
+			if ip.Equal(net.ParseIP(types.V6HostMasqueradeIP)) {
+				continue
+			}
+
 			dftFlows = append(dftFlows,
 				fmt.Sprintf("cookie=%s, priority=500, in_port=%s, ipv6, ipv6_dst=%s, ipv6_src=%s,"+
 					"actions=ct(commit,zone=%d,table=4)",