fix(nsc): remove previous TCPMSS rules during setting up DSR

cloudnativelabs · May 27, 2024 · e980a17 · e980a17
1 parent defdf64
commit e980a17
Showing 1 changed file with 20 additions and 20 deletions.
diff --git a/pkg/controllers/proxy/network_services_controller.go b/pkg/controllers/proxy/network_services_controller.go
@@ -1639,6 +1639,26 @@ func (nsc *NetworkServicesController) setupMangleTableRule(ip string, protocol s
 		}
 	}
 
+	// Previous versions of MTU args were this way, we will clean then up for the next couple of versions to ensure
+	// that old mangle table rules don't stick around
+	// TODO: remove after v2.4.X or above
+	for firstArg, chain := range map[string]string{"-s": "POSTROUTING", "-d": "PREROUTING"} {
+		prevMTUArgs := []string{firstArg, ip, "-m", tcpProtocol, "-p", tcpProtocol, "--tcp-flags", "SYN,RST", "SYN",
+			"-j", "TCPMSS", "--set-mss", strconv.Itoa(tcpMSS)}
+		klog.V(2).Infof("looking for mangle rule with: %s -t mangle %s", chain, prevMTUArgs)
+		exists, err := iptablesCmdHandler.Exists("mangle", chain, prevMTUArgs...)
+		if err != nil {
+			return fmt.Errorf("failed to cleanup iptables command to set up TCPMSS due to %v", err)
+		}
+		if exists {
+			klog.V(2).Infof("removing mangle rule with: iptables -D %s -t mangle %s", chain, prevMTUArgs)
+			err = iptablesCmdHandler.Delete("mangle", chain, prevMTUArgs...)
+			if err != nil {
+				return fmt.Errorf("failed to cleanup iptables command to set up TCPMSS due to %v", err)
+			}
+		}
+	}
+
 	return nil
 }
 
@@ -1694,26 +1714,6 @@ func (nsc *NetworkServicesController) cleanupMangleTableRule(ip string, protocol
 		}
 	}
 
-	// Previous versions of MTU args were this way, we will clean then up for the next couple of versions to ensure
-	// that old mangle table rules don't stick around
-	// TODO: remove after v2.4.X or above
-	for firstArg, chain := range map[string]string{"-s": "POSTROUTING", "-d": "PREROUTING"} {
-		prevMTUArgs := []string{firstArg, ip, "-m", tcpProtocol, "-p", tcpProtocol, "--tcp-flags", "SYN,RST", "SYN",
-			"-j", "TCPMSS", "--set-mss", strconv.Itoa(tcpMSS)}
-		klog.V(2).Infof("looking for mangle rule with: %s -t mangle %s", chain, prevMTUArgs)
-		exists, err = iptablesCmdHandler.Exists("mangle", chain, prevMTUArgs...)
-		if err != nil {
-			return fmt.Errorf("failed to cleanup iptables command to set up TCPMSS due to %v", err)
-		}
-		if exists {
-			klog.V(2).Infof("removing mangle rule with: iptables -D %s -t mangle %s", chain, prevMTUArgs)
-			err = iptablesCmdHandler.Delete("mangle", chain, prevMTUArgs...)
-			if err != nil {
-				return fmt.Errorf("failed to cleanup iptables command to set up TCPMSS due to %v", err)
-			}
-		}
-	}
-
 	return nil
 }