Merge pull request #96251 from ravens/nodeport_udp_conntrack_fix

Correctly fix clearing conntrack entry on endpoint changes (nodeport)

pkg/proxy/iptables/proxier.go

@@ -768,9 +768,11 @@ func (proxier *Proxier) deleteEndpointConnections(connectionMap []proxy.ServiceE
 			var err error
 			if nodePort != 0 {
 				err = conntrack.ClearEntriesForPortNAT(proxier.exec, endpointIP, nodePort, svcProto)
-			} else {
-				err = conntrack.ClearEntriesForNAT(proxier.exec, svcInfo.ClusterIP().String(), endpointIP, svcProto)
+				if err != nil {
+					klog.Errorf("Failed to delete nodeport-related %s endpoint connections, error: %v", epSvcPair.ServicePortName.String(), err)
+				}
 			}
+			err = conntrack.ClearEntriesForNAT(proxier.exec, svcInfo.ClusterIP().String(), endpointIP, svcProto)
 			if err != nil {
 				klog.Errorf("Failed to delete %s endpoint connections, error: %v", epSvcPair.ServicePortName.String(), err)
 			}