-
Notifications
You must be signed in to change notification settings - Fork 366
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Drop eth0 packets in PREROUTING on Kind Nodes (#2143)
According to the OVS documentation: On Linux, when a physical interface is in use by the userspace datapath, packets received on the interface still also pass into the kernel TCP/IP stack. This can cause surprising and incorrect behavior. You can use "iptables" to avoid this behavior, by using it to drop received packets. The OVS documentation suggests dropping packets in the INPUT and FORWARD chains. However, this is not sufficient for some edge cases. For example, when receiving a TCP RST packet, the packet will clear the conntrack entry for the TCP connection before it can be dropped, which can cause the "second" TCP RST packet (the one processed by OVS userspace) to be marked as invalid when going through conntrack. So instead we drop the packet in PREROUTING: iptables -t raw -A PREROUTING -i eth0 -j DROP This rule is added to the start_ovs_netdev script. By adding this rule, we no longer need to skip TCP e2e tests for the Reject NetworkPolicy Action in Kind clusters. It's possible that this is also going to help with various connectivity issues we observed with Antrea in Kind over time. For example, I believe we are also able to remove the hack which reduces the value of the tcp_retries2 sysctl parameter. Fixes #2025 Signed-off-by: Antonin Bas <abas@vmware.com>
- Loading branch information
1 parent
eeb89f6
commit 297bced
Showing
5 changed files
with
18 additions
and
26 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters