Skip to content
This repository has been archived by the owner on Jan 23, 2022. It is now read-only.

[release-1.5] istio-iptables: Replace socket match with conntrack match #281

Open
wants to merge 1 commit into
base: release-1.5
Choose a base branch
from
Open

[release-1.5] istio-iptables: Replace socket match with conntrack match #281

wants to merge 1 commit into from

Conversation

istio-testing
Copy link
Contributor

This is an automated cherry-pick of #280

@jrajahalme @istio-testing
istio-iptables: Replace socket match with conntrack match
ddedd6e 
Some kernels, like COS on GKE, are configured without the 'xt_socket'
kernel module that implements the 'socket' match in iptables
rules. Replace the 'socket' match with a 'conntrack' state match that
diverts all established and related packets to the local stack.

Signed-off-by: Jarno Rajahalme <[email protected]>
@istio-testing istio-testing requested a review from a team March 26, 2020 22:49
@istio-testing istio-testing mentioned this pull request Mar 26, 2020
Merged
@googlebot
Copy link

All (the pull request submitter and all commit authors) CLAs are signed, but one or more commits were authored or co-authored by someone other than the pull request submitter.

We need to confirm that all authors are ok with their commits being contributed to this project. Please have them confirm that by leaving a comment that contains only @googlebot I consent. in this pull request.

Note to project maintainer: There may be cases where the author cannot leave a comment, or the comment is not properly detected as consent. In those cases, you can manually confirm consent of the commit author(s), and set the cla label to yes (if enabled on your project).

ℹ️ Googlers: Go here for more info.

@googlebot googlebot added the cla: no Set by the Google CLA bot to indicate the author of a PR has not signed the Google CLA. label Mar 26, 2020
@istio-testing istio-testing added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Mar 26, 2020
@rlenglet rlenglet added cla: yes Set by the Google CLA bot to indicate the author of a PR has signed the Google CLA. and removed cla: no Set by the Google CLA bot to indicate the author of a PR has not signed the Google CLA. labels Mar 26, 2020
@googlebot
Copy link

A Googler has manually verified that the CLAs look good.

(Googler, please make sure the reason for overriding the CLA status is clearly documented in these comments.)

ℹ️ Googlers: Go here for more info.

@rlenglet
Copy link
Contributor

/ok-to-test

@istio-testing istio-testing added the ok-to-test Set this label allow normal testing to take place for a PR not submitted by an Istio org member. label Mar 26, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees

@rlenglet rlenglet

Labels
cla: yes Set by the Google CLA bot to indicate the author of a PR has signed the Google CLA. ok-to-test Set this label allow normal testing to take place for a PR not submitted by an Istio org member. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@istio-testing @googlebot @rlenglet @jrajahalme