Skip to content

Commit

Permalink
Fixed match set on IPv6 iptables rules
Browse files Browse the repository at this point in the history 
Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
  • Loading branch information
@rbrtbnfgl
rbrtbnfgl committed Jan 9, 2024
1 parent 7e4894c commit 6660072
Showing 1 changed file with 11 additions and 4 deletions.
15 changes: 11 additions & 4 deletions pkg/controllers/netpol/policy.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -912,32 +912,39 @@ func networkPolicyChainName(namespace, policyName string, version string, ipFami
return kubeNetworkPolicyChainPrefix + encoded[:16]
}

func getIPSetFamilyPrefix(ipFamily api.IPFamily) string {
if ipFamily == api.IPv6Protocol {
return "inet6:"
}
return ""
}

func policySourcePodIPSetName(namespace, policyName string, ipFamily api.IPFamily) string {
hash := sha256.Sum256([]byte(namespace + policyName + string(ipFamily)))
encoded := base32.StdEncoding.EncodeToString(hash[:])
return kubeSourceIPSetPrefix + encoded[:16]
return getIPSetFamilyPrefix(ipFamily) + kubeSourceIPSetPrefix + encoded[:16]
}

func policyDestinationPodIPSetName(namespace, policyName string, ipFamily api.IPFamily) string {
hash := sha256.Sum256([]byte(namespace + policyName + string(ipFamily)))
encoded := base32.StdEncoding.EncodeToString(hash[:])
return kubeDestinationIPSetPrefix + encoded[:16]
return getIPSetFamilyPrefix(ipFamily) + kubeDestinationIPSetPrefix + encoded[:16]
}

func policyIndexedSourcePodIPSetName(
namespace, policyName string, ingressRuleNo int, ipFamily api.IPFamily) string {
hash := sha256.Sum256([]byte(namespace + policyName + "ingressrule" + strconv.Itoa(ingressRuleNo) +
string(ipFamily) + "pod"))
encoded := base32.StdEncoding.EncodeToString(hash[:])
return kubeSourceIPSetPrefix + encoded[:16]
return getIPSetFamilyPrefix(ipFamily) + kubeSourceIPSetPrefix + encoded[:16]
}

func policyIndexedDestinationPodIPSetName(
namespace, policyName string, egressRuleNo int, ipFamily api.IPFamily) string {
hash := sha256.Sum256([]byte(namespace + policyName + "egressrule" + strconv.Itoa(egressRuleNo) +
string(ipFamily) + "pod"))
encoded := base32.StdEncoding.EncodeToString(hash[:])
return kubeDestinationIPSetPrefix + encoded[:16]
return getIPSetFamilyPrefix(ipFamily) + kubeDestinationIPSetPrefix + encoded[:16]
}

func policyIndexedSourceIPBlockIPSetName(
Expand Down

0 comments on commit 6660072

Please sign in to comment.