From d72892d0b0745803ad1cfcb3831024f741670b3a Mon Sep 17 00:00:00 2001 From: Tim Hockin Date: Fri, 14 Aug 2015 21:02:53 -0700 Subject: [PATCH] Include protocol in the hash for chain names --- pkg/proxy/iptables/proxier.go | 31 ++++++++++++++++--------------- 1 file changed, 16 insertions(+), 15 deletions(-) diff --git a/pkg/proxy/iptables/proxier.go b/pkg/proxy/iptables/proxier.go index 3231d6f2af7..ff67c530258 100644 --- a/pkg/proxy/iptables/proxier.go +++ b/pkg/proxy/iptables/proxier.go @@ -384,22 +384,23 @@ func flattenValidEndpoints(endpoints []hostPortPair) []string { return result } -// servicePortToServiceChain takes the ServicePortName for a -// service and returns the associated iptables chain -// this is computed by hashing (sha256) then encoding to base64 and -// truncating with the prefix "KUBE-SVC-" -// We do this because Iptables Chain Names must be <= 28 chars long -func servicePortToServiceChain(s proxy.ServicePortName) utiliptables.Chain { - hash := sha256.Sum256([]byte(s.String())) +// servicePortToServiceChain takes the ServicePortName for a service and +// returns the associated iptables chain. This is computed by hashing (sha256) +// then encoding to base32 and truncating with the prefix "KUBE-SVC-". We do +// this because Iptables Chain Names must be <= 28 chars long, and the longer +// they are the harder they are to read. +func servicePortToServiceChain(s proxy.ServicePortName, protocol string) utiliptables.Chain { + hash := sha256.Sum256([]byte(s.String() + protocol)) encoded := base32.StdEncoding.EncodeToString(hash[:]) - return utiliptables.Chain("KUBE-SVC-" + encoded[:19]) + return utiliptables.Chain("KUBE-SVC-" + encoded[:16]) } -// this is the same as servicePortToServiceChain but with the endpoint included essentially -func servicePortAndEndpointToServiceChain(s proxy.ServicePortName, endpoint string) utiliptables.Chain { - hash := sha256.Sum256([]byte(s.String() + "_" + endpoint)) +// This is the same as servicePortToServiceChain but with the endpoint +// included. +func servicePortAndEndpointToServiceChain(s proxy.ServicePortName, protocol string, endpoint string) utiliptables.Chain { + hash := sha256.Sum256([]byte(s.String() + protocol + endpoint)) encoded := base32.StdEncoding.EncodeToString(hash[:]) - return utiliptables.Chain("KUBE-SEP-" + encoded[:19]) + return utiliptables.Chain("KUBE-SEP-" + encoded[:16]) } // This is where all of the iptables-save/restore calls happen. @@ -480,10 +481,10 @@ func (proxier *Proxier) syncProxyRules() error { // Build rules for each service. for name, info := range proxier.serviceMap { - protocol := strings.ToLower((string)(info.protocol)) + protocol := strings.ToLower(string(info.protocol)) // Create the per-service chain, retaining counters if possible. - svcChain := servicePortToServiceChain(name) + svcChain := servicePortToServiceChain(name, protocol) if chain, ok := existingChains[svcChain]; ok { writeLine(chainsLines, chain) } else { @@ -560,7 +561,7 @@ func (proxier *Proxier) syncProxyRules() error { endpointChains := make([]utiliptables.Chain, 0) for _, ep := range info.endpoints { endpoints = append(endpoints, ep) - endpointChain := servicePortAndEndpointToServiceChain(name, ep) + endpointChain := servicePortAndEndpointToServiceChain(name, protocol, ep) endpointChains = append(endpointChains, endpointChain) // Create the endpoint chain, retaining counters if possible.