Skip to content

Commit

Permalink
clean up legacy iptables rules only when iptables/ip6_tables is loaded (
Browse files Browse the repository at this point in the history
#4855)

Signed-off-by: zhangzujian <[email protected]>
  • Loading branch information
zhangzujian authored and oilbeater committed Dec 24, 2024
1 parent d53efc6 commit 2cc515e
Showing 1 changed file with 41 additions and 8 deletions.
49 changes: 41 additions & 8 deletions pkg/daemon/controller_linux.go
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,11 @@ import (
"github.com/kubeovn/kube-ovn/pkg/util"
)

const (
kernelModuleIPTables = "ip_tables"
kernelModuleIP6Tables = "ip6_tables"
)

// ControllerRuntime represents runtime specific controller members
type ControllerRuntime struct {
iptables map[string]*iptables.IPTables
Expand Down Expand Up @@ -92,11 +97,17 @@ func (c *Controller) initRuntime() error {
}
c.iptables[kubeovnv1.ProtocolIPv4] = ipt
if c.iptablesObsolete != nil {
if ipt, err = iptables.NewWithProtocolAndMode(iptables.ProtocolIPv4, "legacy"); err != nil {
klog.Error(err)
return err
ok, err := kernelModuleLoaded(kernelModuleIPTables)
if err != nil {
klog.Errorf("failed to check kernel module %s: %v", kernelModuleIPTables, err)
}
if ok {
if ipt, err = iptables.NewWithProtocolAndMode(iptables.ProtocolIPv4, "legacy"); err != nil {
klog.Error(err)
return err
}
c.iptablesObsolete[kubeovnv1.ProtocolIPv4] = ipt
}
c.iptablesObsolete[kubeovnv1.ProtocolIPv4] = ipt
}
c.ipsets[kubeovnv1.ProtocolIPv4] = ipsets.NewIPSets(ipsets.NewIPVersionConfig(ipsets.IPFamilyV4, IPSetPrefix, nil, nil))
c.k8siptables[kubeovnv1.ProtocolIPv4] = k8siptables.New(c.k8sExec, k8siptables.ProtocolIPv4)
Expand All @@ -109,11 +120,17 @@ func (c *Controller) initRuntime() error {
}
c.iptables[kubeovnv1.ProtocolIPv6] = ipt
if c.iptablesObsolete != nil {
if ipt, err = iptables.NewWithProtocolAndMode(iptables.ProtocolIPv6, "legacy"); err != nil {
klog.Error(err)
return err
ok, err := kernelModuleLoaded(kernelModuleIP6Tables)
if err != nil {
klog.Errorf("failed to check kernel module %s: %v", kernelModuleIP6Tables, err)
}
if ok {
if ipt, err = iptables.NewWithProtocolAndMode(iptables.ProtocolIPv6, "legacy"); err != nil {
klog.Error(err)
return err
}
c.iptablesObsolete[kubeovnv1.ProtocolIPv6] = ipt
}
c.iptablesObsolete[kubeovnv1.ProtocolIPv6] = ipt
}
c.ipsets[kubeovnv1.ProtocolIPv6] = ipsets.NewIPSets(ipsets.NewIPVersionConfig(ipsets.IPFamilyV6, IPSetPrefix, nil, nil))
c.k8siptables[kubeovnv1.ProtocolIPv6] = k8siptables.New(c.k8sExec, k8siptables.ProtocolIPv6)
Expand Down Expand Up @@ -695,3 +712,19 @@ func rotateLog() {
klog.Errorf("failed to rotate kube-ovn log %q", output)
}
}

func kernelModuleLoaded(module string) (bool, error) {
data, err := os.ReadFile("/proc/modules")
if err != nil {
klog.Errorf("failed to read /proc/modules: %v", err)
return false, err
}

for _, line := range strings.Split(string(data), "\n") {
if fields := strings.Fields(line); len(fields) != 0 && fields[0] == module {
return true, nil
}
}

return false, nil
}

0 comments on commit 2cc515e

Please sign in to comment.