-
Notifications
You must be signed in to change notification settings - Fork 786
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
bridge: clean ip masq if netns is empty #1078
base: main
Are you sure you want to change the base?
bridge: clean ip masq if netns is empty #1078
Conversation
3e6c62d
to
d4b8819
Compare
@AkihiroSuda would you review this pr ? thanks. |
Can we have a test? |
I compared this patch between the old 1.2.0 version and the latest 1.5.1. There was nothing different except one blank line that formated by gofumpt. And tested in my local environment.
It still leaked iptables rules if stop and remove a container.
After patched, it is ok as expected.
|
Could you please add unit test as @AkihiroSuda mentioned? |
/assign @squeed |
e58ec8a
to
053be10
Compare
plugins/main/bridge/bridge.go
Outdated
var debugPostIPAMError error | ||
var ( | ||
debugPostIPAMError error | ||
logger = log.New(os.Stdout, "", log.Ldate|log.Ltime) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Stdout is used as part of the response protocol, so we can't log to it. We need to use stderr.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was a little confused about it, and the absence of logs didn't affect functionality, so I deleted it.
// so don't return an error if the device is already removed. | ||
// https://github.com/kubernetes/kubernetes/issues/43014#issuecomment-287164444 | ||
_, ok := err.(ns.NSPathNotExistErr) | ||
if ok { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
style suggestion:
if _, isNotExists := err.(ns.NSPathNotExistErr); !isNotExist {
return err
}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed
The logic basically makes sense; could you please add some unit tests, especially for getIPCfgs? As a comment, I wonder if there's a cleaner way to structure the delete function. I don't like how long it is. (This is not this PR's fault, it just becomes clear reading this PR). |
In the Del command it didn't clean ip masq when netns is empty. Add the clean-up code if ip address can fetch from prevResult in StdinData. Fix containernetworking#810 Signed-off-by: hyphen.wang <[email protected]>
053be10
to
47725c6
Compare
It seems that there is no need to double-check the handling of the ipMasq rule, just to make sure that the prevResult is parsed correctly when the cmdDel is executed. |
47725c6
to
bbf8920
Compare
2189ddb
to
47725c6
Compare
This PR is needed to fix: |
In the Del command it didn't clean ip masq when netns is empty. Add the clean-up code if ip address can fetch from prevResult in StdinData.
Fix #810