Merge branch 'shixin-ZSTAC-56388' into 'master'

gitlab · gitlab · commit e116cc249a56 · 2023-06-06T14:27:17.000+08:00
&lt;fix&gt;[deip]: remove duplicated eip ebtables rule

See merge request zstackio/zstack-utility!3277
diff --git a/kvmagent/kvmagent/plugins/deip.py b/kvmagent/kvmagent/plugins/deip.py
@@ -217,6 +217,7 @@ def apply_eip(self, eip):
         NIC_PREFIXLEN = eip.nicPrefixLen
         NIC_IP= eip.nicIp
         NIC_MAC= eip.nicMac
+        NIC_MAC_IN_EBTALES = ip.removeZeroFromMacAddress(NIC_MAC)
         NS_NAME = "%s_%s" % (eip.publicBridgeName, eip.vip.replace(".", "_"))
         ADDFDB = eip.addfdb
         PRINIC = eip.physicalNic
@@ -366,6 +367,7 @@ def set_gateway_arp_if_needed():
             if not GATEWAY:
                 raise Exception('cannot find the device[%s] in the namespace[%s]' % (PRI_IDEV, NS_NAME))
 
+            GATEWAY = ip.removeZeroFromMacAddress(GATEWAY)
             create_ebtable_rule_if_needed('nat', CHAIN_NAME, "-p ARP --arp-op Request --arp-ip-dst {{NIC_GATEWAY}} -j arpreply --arpreply-mac {{GATEWAY}}")
 
             for BLOCK_DEV in [PRI_ODEV, PUB_ODEV]:
@@ -374,7 +376,7 @@ def set_gateway_arp_if_needed():
                     bash_errorout(EBTABLES_CMD + ' -t nat -N {{BLOCK_CHAIN_NAME}}')
 
                 create_ebtable_rule_if_needed('nat', 'POSTROUTING', "-p ARP -o {{BLOCK_DEV}} -j {{BLOCK_CHAIN_NAME}}")
-                create_ebtable_rule_if_needed('nat', BLOCK_CHAIN_NAME, "-p ARP -o {{BLOCK_DEV}} --arp-op Request --arp-ip-dst {{NIC_GATEWAY}} --arp-mac-src ! {{NIC_MAC}} -j DROP")
+                create_ebtable_rule_if_needed('nat', BLOCK_CHAIN_NAME, "-p ARP -o {{BLOCK_DEV}} --arp-op Request --arp-ip-dst {{NIC_GATEWAY}} --arp-mac-src ! {{NIC_MAC_IN_EBTALES}} -j DROP")
 
             BLOCK_CHAIN_NAME = '{{NIC_NAME}}-arp'
             if bash_r(EBTABLES_CMD + ' -t nat -L {{BLOCK_CHAIN_NAME}} > /dev/null 2>&1') != 0:
@@ -473,7 +475,7 @@ def add_filter_to_prevent_namespace_arp_request():
 
             create_ebtable_rule_if_needed('nat', 'PREROUTING', '-i {{PRI_ODEV}} -j {{PRI_ODEV_CHAIN}}')
             create_ebtable_rule_if_needed('nat', PRI_ODEV_CHAIN,
-                                          "-p ARP --arp-op Request --arp-ip-dst {{NIC_IP}} -j arpreply --arpreply-mac {{NIC_MAC}}", True)
+                                          "-p ARP --arp-op Request --arp-ip-dst {{NIC_IP}} -j arpreply --arpreply-mac {{NIC_MAC_IN_EBTALES}}", True)
             create_ebtable_rule_if_needed('nat', PRI_ODEV_CHAIN, "-p ARP --arp-op Request -j DROP")
 
         newCreated = False
