Revert openshift/origin#19346

Ravi Sankar Penta · deads2k · commit d0528b78e0f3 · 2019-06-18T10:21:18.000-04:00
- With ovs atomic transaction, flows are actually executed when
Commit() is called so we no longer need the earlier workaround.
diff --git a/pkg/network/node/ovscontroller.go b/pkg/network/node/ovscontroller.go
@@ -441,7 +441,8 @@ func (oc *ovsController) UpdateEgressNetworkPolicyRules(policies []networkapi.Eg
 		otx.DeleteFlows("table=101, reg0=%d", vnid)
 		otx.AddFlow("table=101, reg0=%d, priority=1, actions=drop", vnid)
 	} else /* vnid != 0 && len(policies) == 1 */ {
-		var flows []string
+		otx.DeleteFlows("table=101, reg0=%d", vnid)
+
 		dnsFound := false
 		for i, rule := range policies[0].Spec.Egress {
 			priority := len(policies[0].Spec.Egress) - i
@@ -475,25 +476,17 @@ func (oc *ovsController) UpdateEgressNetworkPolicyRules(policies []networkapi.Eg
 					dst = fmt.Sprintf(", nw_dst=%s", selector)
 				}
 
-				flows = append(flows, fmt.Sprintf("table=101, reg0=%d, priority=%d, ip%s, actions=%s", vnid, priority, dst, action))
+				otx.AddFlow("table=101, reg0=%d, priority=%d, ip%s, actions=%s", vnid, priority, dst, action)
 			}
 		}
 
-		// Temporarily drop all outgoing traffic, to avoid race conditions while modifying the other rules
-		otx.AddFlow("table=101, reg0=%d, cookie=1, priority=65535, actions=drop", vnid)
-		otx.DeleteFlows("table=101, reg0=%d, cookie=0/1", vnid)
-		for _, f := range flows {
-			otx.AddFlow(f)
-		}
-
 		if dnsFound {
 			if err := common.CheckDNSResolver(); err != nil {
 				errs = append(errs, fmt.Errorf("DNS resolver failed: %v, dropping all traffic for namespace: %q", err, namespaces[0]))
 				otx.DeleteFlows("table=101, reg0=%d", vnid)
 				otx.AddFlow("table=101, reg0=%d, priority=1, actions=drop", vnid)
 			}
 		}
-		otx.DeleteFlows("table=101, reg0=%d, cookie=1/1", vnid)
 	}
 
 	if txErr := otx.Commit(); txErr != nil {

Original file line number	Diff line number	Diff line change
`@@ -441,7 +441,8 @@ func (oc *ovsController) UpdateEgressNetworkPolicyRules(policies []networkapi.Eg`
`441`	`441`	`otx.DeleteFlows("table=101, reg0=%d", vnid)`
`442`	`442`	`otx.AddFlow("table=101, reg0=%d, priority=1, actions=drop", vnid)`
`443`	`443`	`} else /* vnid != 0 && len(policies) == 1 */ {`
`444`		`- var flows []string`
	`444`	`+ otx.DeleteFlows("table=101, reg0=%d", vnid)`
	`445`	`+`
`445`	`446`	`dnsFound := false`
`446`	`447`	`for i, rule := range policies[0].Spec.Egress {`
`447`	`448`	`priority := len(policies[0].Spec.Egress) - i`
`@@ -475,25 +476,17 @@ func (oc *ovsController) UpdateEgressNetworkPolicyRules(policies []networkapi.Eg`
`475`	`476`	`dst = fmt.Sprintf(", nw_dst=%s", selector)`
`476`	`477`	`}`
`477`	`478`
`478`		`- flows = append(flows, fmt.Sprintf("table=101, reg0=%d, priority=%d, ip%s, actions=%s", vnid, priority, dst, action))`
	`479`	`+ otx.AddFlow("table=101, reg0=%d, priority=%d, ip%s, actions=%s", vnid, priority, dst, action)`
`479`	`480`	`}`
`480`	`481`	`}`
`481`	`482`
`482`		`- // Temporarily drop all outgoing traffic, to avoid race conditions while modifying the other rules`
`483`		`- otx.AddFlow("table=101, reg0=%d, cookie=1, priority=65535, actions=drop", vnid)`
`484`		`- otx.DeleteFlows("table=101, reg0=%d, cookie=0/1", vnid)`
`485`		`- for _, f := range flows {`
`486`		`- otx.AddFlow(f)`
`487`		`- }`
`488`		`-`
`489`	`483`	`if dnsFound {`
`490`	`484`	`if err := common.CheckDNSResolver(); err != nil {`
`491`	`485`	`errs = append(errs, fmt.Errorf("DNS resolver failed: %v, dropping all traffic for namespace: %q", err, namespaces[0]))`
`492`	`486`	`otx.DeleteFlows("table=101, reg0=%d", vnid)`
`493`	`487`	`otx.AddFlow("table=101, reg0=%d, priority=1, actions=drop", vnid)`
`494`	`488`	`}`
`495`	`489`	`}`
`496`		`- otx.DeleteFlows("table=101, reg0=%d, cookie=1/1", vnid)`
`497`	`490`	`}`
`498`	`491`
`499`	`492`	`if txErr := otx.Commit(); txErr != nil {`