do not create iptables rule for setting tcp mss (#4260)

Signed-off-by: zhangzujian <[email protected]>
kubeovn · Jul 8, 2024 · c7310a6 · c7310a6
1 parent 989d854
commit c7310a6
Show file tree

Hide file tree

Showing 3 changed files with 0 additions and 50 deletions.
diff --git a/pkg/daemon/gateway.go b/pkg/daemon/gateway.go
@@ -36,7 +36,6 @@ func (c *Controller) runGateway() {
 		klog.Errorf("failed to set ex gateway, %v", err)
 	}
 	c.gcIPSet()
-	c.appendMssRule()
 }
 
 func (c *Controller) setGatewayBandwidth() error {

diff --git a/pkg/daemon/gateway_linux.go b/pkg/daemon/gateway_linux.go
@@ -1640,50 +1640,6 @@ func (c *Controller) getSubnetsNeedPR(protocol string) (map[policyRouteMeta]stri
 	return subnetsNeedPR, nil
 }
 
-// Generally, the MTU of the interface is set to 1400. But in special cases, a special pod (docker indocker) will introduce the docker0 interface to the pod. The MTU of docker0 is 1500.
-// The network application in pod will calculate the TCP MSS according to the MTU of docker0, and then initiate communication with others. After the other party sends a response, the kernel protocol stack of Linux host will send ICMP unreachable message to the other party, indicating that IP fragmentation is needed, which is not supported by the other party, resulting in communication failure.
-func (c *Controller) appendMssRule() {
-	if c.config.Iface != "" && c.config.MSS > 0 {
-		iface, err := findInterface(c.config.Iface)
-		if err != nil {
-			klog.Errorf("failed to findInterface, %v", err)
-			return
-		}
-		rule := fmt.Sprintf("-p tcp --tcp-flags SYN,RST SYN -o %s -j TCPMSS --set-mss %d", iface.Name, c.config.MSS)
-		MssMangleRule := util.IPTableRule{
-			Table: "mangle",
-			Chain: Postrouting,
-			Rule:  strings.Fields(rule),
-		}
-
-		switch c.protocol {
-		case kubeovnv1.ProtocolIPv4:
-			c.updateMssRuleByProtocol(c.protocol, MssMangleRule)
-		case kubeovnv1.ProtocolIPv6:
-			c.updateMssRuleByProtocol(c.protocol, MssMangleRule)
-		case kubeovnv1.ProtocolDual:
-			c.updateMssRuleByProtocol(kubeovnv1.ProtocolIPv4, MssMangleRule)
-			c.updateMssRuleByProtocol(kubeovnv1.ProtocolIPv6, MssMangleRule)
-		}
-	}
-}
-
-func (c *Controller) updateMssRuleByProtocol(protocol string, mssMangleRule util.IPTableRule) {
-	exists, err := c.iptables[protocol].Exists(mssMangleRule.Table, mssMangleRule.Chain, mssMangleRule.Rule...)
-	if err != nil {
-		klog.Errorf("check iptables rule %v failed, %+v", mssMangleRule.Rule, err)
-		return
-	}
-
-	if !exists {
-		klog.Infof("iptables rules %s not exist, append iptables rules", strings.Join(mssMangleRule.Rule, " "))
-		if err := c.iptables[protocol].Append(mssMangleRule.Table, mssMangleRule.Chain, mssMangleRule.Rule...); err != nil {
-			klog.Errorf("append iptables rule %v failed, %+v", mssMangleRule.Rule, err)
-			return
-		}
-	}
-}
-
 func (c *Controller) deleteObsoleteSnatRules(ipt *iptables.IPTables, table, chain string) error {
 	rules, err := ipt.List(table, chain)
 	if err != nil {

diff --git a/pkg/daemon/gateway_windows.go b/pkg/daemon/gateway_windows.go
@@ -140,8 +140,3 @@ func (c *Controller) setExGateway() error {
 	}
 	return nil
 }
-
-// Generally, the MTU of the interface is set to 1400. But in special cases, a special pod (docker indocker) will introduce the docker0 interface to the pod. The MTU of docker0 is 1500.
-// The network application in pod will calculate the TCP MSS according to the MTU of docker0, and then initiate communication with others. After the other party sends a response, the kernel protocol stack of Linux host will send ICMP unreachable message to the other party, indicating that IP fragmentation is needed, which is not supported by the other party, resulting in communication failure.
-func (c *Controller) appendMssRule() {
-}