Don't set --random-fully when it's not supported even if the flag is …

…true
jingyuanliang · Oct 22, 2024 · 1609f78 · 1609f78
1 parent 1790e06
commit 1609f78
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 5 deletions.
diff --git a/cmd/ip-masq-agent/ip-masq-agent.go b/cmd/ip-masq-agent/ip-masq-agent.go
@@ -315,7 +315,7 @@ func (m *MasqDaemon) syncMasqRules() error {
 	}
 
 	// masquerade all other traffic that is not bound for a --dst-type LOCAL destination
-	writeMasqRules(lines, toPorts)
+	writeMasqRules(lines, m.iptables.HasRandomFully(), toPorts)
 
 	writeLine(lines, "COMMIT")
 	klog.V(2).Infof("IPv4 masquerading rules: %q", lines)
@@ -359,7 +359,7 @@ func (m *MasqDaemon) syncMasqRulesIPv6() error {
 	}
 
 	// masquerade all other traffic that is not bound for a --dst-type LOCAL destination
-	writeMasqRules(lines6, toPorts)
+	writeMasqRules(lines6, m.ip6tables.HasRandomFully(), toPorts)
 
 	writeLine(lines6, "COMMIT")
 	klog.V(2).Infof("IPv6 masquerading rules: %q", lines6)
@@ -406,9 +406,9 @@ func writeNonMasqRule(lines *bytes.Buffer, cidr string) {
 
 const masqRuleComment = `-m comment --comment "ip-masq-agent: outbound traffic is subject to MASQUERADE (must be last in chain)"`
 
-func writeMasqRules(lines *bytes.Buffer, toPorts interval.Intervals) {
+func writeMasqRules(lines *bytes.Buffer, hasRandomFully bool, toPorts interval.Intervals) {
 	args := []string{masqRuleComment, "-j", "MASQUERADE"}
-	if *randomFully {
+	if hasRandomFully && *randomFully {
 		args = append(args, "--random-fully")
 	}
 

diff --git a/cmd/ip-masq-agent/ip-masq-agent_test.go b/cmd/ip-masq-agent/ip-masq-agent_test.go
@@ -32,6 +32,7 @@ import (
 	iptest "k8s.io/kubernetes/pkg/util/iptables/testing"
 )
 
+var hasRandomFully bool
 var wantRandomFully string
 
 // turn off glog logging during tests to avoid clutter in output
@@ -44,22 +45,34 @@ func TestMain(m *testing.M) {
 
 	for _, tc := range []struct {
 		arg  string
+		has  bool
 		want string
 	}{
+		{},
 		{
+			arg: "false",
+		},
+		{
+			arg: "true",
+		},
+		{
+			has:  true,
 			want: randomFully,
 		},
 		{
 			arg: "false",
+			has: true,
 		},
 		{
 			arg:  "true",
+			has:  true,
 			want: randomFully,
 		},
 	} {
 		if tc.arg != "" {
 			flag.Set("random-fully", tc.arg)
 		}
+		hasRandomFully = tc.has
 		wantRandomFully = tc.want
 
 		ec = max(ec, m.Run())
@@ -71,6 +84,7 @@ func TestMain(m *testing.M) {
 func NewFakeMasqDaemon() *MasqDaemon {
 	masqChain = "IP-MASQ-AGENT"
 	iptables := iptest.NewFake()
+	iptables.SetHasRandomFully(hasRandomFully)
 	iptables.Dump = &iptest.IPTablesDump{
 		Tables: []iptest.Table{
 			{
@@ -82,6 +96,7 @@ func NewFakeMasqDaemon() *MasqDaemon {
 		},
 	}
 	ip6tables := iptest.NewIPv6Fake()
+	ip6tables.SetHasRandomFully(hasRandomFully)
 	ip6tables.Dump = &iptest.IPTablesDump{
 		Tables: []iptest.Table{
 			{
@@ -575,7 +590,7 @@ func TestWriteMasqRules(t *testing.T) {
 			}
 
 			lines := bytes.NewBuffer(nil)
-			writeMasqRules(lines, toPorts)
+			writeMasqRules(lines, hasRandomFully, toPorts)
 
 			s := lines.String()
 			if s != tt.want {