From a0ca1fd63fb9cb2be9d19f406886e04fece735aa Mon Sep 17 00:00:00 2001
From: Federico Paolinelli <fpaoline@redhat.com>
Date: Mon, 8 Feb 2021 14:54:06 +0100
Subject: [PATCH] Network Tests: bind host network udp listeners to hostIPs

When listening on udp, the reply is sent using a src address which is
the address of the gateway interface. This means that when listening to
any, the reply can be sent out with a src ip which is different from the
request's target ip. This confuses natting and "connectionful" udp
services do not work.
Here, we force the endpoint to listen from the hostIP and from podIPs,
to cover both dual stack and legacy clusters.

Signed-off-by: Federico Paolinelli <fpaoline@redhat.com>
---
 test/e2e/framework/network/utils.go | 39 +++++++++++++++++++++++++----
 1 file changed, 34 insertions(+), 5 deletions(-)

diff --git a/test/e2e/framework/network/utils.go b/test/e2e/framework/network/utils.go
index e22160abe11..9e61470a5e4 100644
--- a/test/e2e/framework/network/utils.go
+++ b/test/e2e/framework/network/utils.go
@@ -540,6 +540,18 @@ func (config *NetworkingTestConfig) executeCurlCmd(cmd string, expected string)
 }
 
 func (config *NetworkingTestConfig) createNetShellPodSpec(podName, hostname string) *v1.Pod {
+	netexecArgs := []string{
+		"netexec",
+		fmt.Sprintf("--http-port=%d", EndpointHTTPPort),
+		fmt.Sprintf("--udp-port=%d", EndpointUDPPort),
+	}
+	// In case of hostnetwork endpoints, we want to bind the udp listener to specific ip addresses.
+	// In order to cover legacy AND dualstack, we pass both the host ip and the two pod ips. Agnhost
+	// removes duplicates and so this will listen on both addresses (or on the single existing one).
+	if config.EndpointsHostNetwork {
+		netexecArgs = append(netexecArgs, "--udp-listen-addresses=$(HOST_IP),$(POD_IPS)")
+	}
+
 	probe := &v1.Probe{
 		InitialDelaySeconds: 10,
 		TimeoutSeconds:      30,
@@ -568,11 +580,7 @@ func (config *NetworkingTestConfig) createNetShellPodSpec(podName, hostname stri
 					Name:            "webserver",
 					Image:           NetexecImageName,
 					ImagePullPolicy: v1.PullIfNotPresent,
-					Args: []string{
-						"netexec",
-						fmt.Sprintf("--http-port=%d", EndpointHTTPPort),
-						fmt.Sprintf("--udp-port=%d", EndpointUDPPort),
-					},
+					Args:            netexecArgs,
 					Ports: []v1.ContainerPort{
 						{
 							Name:          "http",
@@ -602,6 +610,27 @@ func (config *NetworkingTestConfig) createNetShellPodSpec(podName, hostname stri
 			Protocol:      v1.ProtocolSCTP,
 		})
 	}
+
+	if config.EndpointsHostNetwork {
+		pod.Spec.Containers[0].Env = []v1.EnvVar{
+			{
+				Name: "HOST_IP",
+				ValueFrom: &v1.EnvVarSource{
+					FieldRef: &v1.ObjectFieldSelector{
+						FieldPath: "status.hostIP",
+					},
+				},
+			},
+			{
+				Name: "POD_IPS",
+				ValueFrom: &v1.EnvVarSource{
+					FieldRef: &v1.ObjectFieldSelector{
+						FieldPath: "status.podIPs",
+					},
+				},
+			},
+		}
+	}
 	return pod
 }