github.com/Azure/aad-pod-identity@v1.8.17/pkg/nmi/conntrack/conntrack.go (about) 1 package conntrack 2 3 import ( 4 "fmt" 5 "net" 6 7 "github.com/vishvananda/netlink" 8 "golang.org/x/sys/unix" 9 "k8s.io/klog/v2" 10 knet "k8s.io/utils/net" 11 ) 12 13 const ( 14 protoTCP = 6 15 ) 16 17 // returns the netlink family for a given IP address 18 func getNetlinkFamily(ip net.IP) netlink.InetFamily { 19 if knet.IsIPv4(ip) { 20 return unix.AF_INET 21 } 22 return unix.AF_INET6 23 } 24 25 // Deletes conntrack entries for TCP connections which have metadata endpoint as their destination 26 func DeleteConntrackEntries(metadataIP, metadataPort string) error { 27 dstIP := net.ParseIP(metadataIP) 28 if dstIP == nil { 29 return fmt.Errorf("metadata ip %s is incorrect", metadataIP) 30 } 31 dstPort, err := knet.ParsePort(metadataPort, false) 32 if err != nil { 33 return fmt.Errorf("failed to parse metadata port: %s, error: %w", metadataPort, err) 34 } 35 connectionFilter := &netlink.ConntrackFilter{} 36 if err = connectionFilter.AddIP(netlink.ConntrackOrigDstIP, dstIP); err != nil { 37 return fmt.Errorf("failed to delete conntrack entries, error: %w", err) 38 } 39 if err = connectionFilter.AddProtocol(protoTCP); err != nil { 40 return fmt.Errorf("failed to delete conntrack entries, error: %w", err) 41 } 42 if err = connectionFilter.AddPort(netlink.ConntrackOrigDstPort, uint16(dstPort)); err != nil { 43 return fmt.Errorf("failed to delete conntrack entries, error: %w", err) 44 } 45 connectionfamily := getNetlinkFamily(dstIP) 46 klog.V(5).InfoS("net link family", connectionfamily, "ip", dstIP, "port", dstPort) 47 _, err = netlink.ConntrackDeleteFilter(netlink.ConntrackTable, connectionfamily, connectionFilter) 48 if err != nil { 49 return fmt.Errorf("failed to delete conntrack entries, error: %w", err) 50 } 51 klog.V(5).Info("deleted conntrack entries") 52 return nil 53 }