Revert openshift#19346

Ravi Sankar Penta · Ravi Sankar Penta · commit 771595d1041e · 2018-04-30T09:54:58.000-07:00
- With ovs atomic transaction, flows are actually executed when
Commit() is called so we no longer need the earlier workaround.
diff --git a/pkg/network/node/ovscontroller.go b/pkg/network/node/ovscontroller.go
@@ -440,7 +440,8 @@ func (oc *ovsController) UpdateEgressNetworkPolicyRules(policies []networkapi.Eg
 		otx.DeleteFlows("table=101, reg0=%d", vnid)
 		otx.AddFlow("table=101, reg0=%d, priority=1, actions=drop", vnid)
 	} else /* vnid != 0 && len(policies) == 1 */ {
-		var flows []string
+		otx.DeleteFlows("table=101, reg0=%d", vnid)
+
 		dnsFound := false
 		for i, rule := range policies[0].Spec.Egress {
 			priority := len(policies[0].Spec.Egress) - i
@@ -474,25 +475,17 @@ func (oc *ovsController) UpdateEgressNetworkPolicyRules(policies []networkapi.Eg
 					dst = fmt.Sprintf(", nw_dst=%s", selector)
 				}
 
-				flows = append(flows, fmt.Sprintf("table=101, reg0=%d, priority=%d, ip%s, actions=%s", vnid, priority, dst, action))
+				otx.AddFlow("table=101, reg0=%d, priority=%d, ip%s, actions=%s", vnid, priority, dst, action)
 			}
 		}
 
-		// Temporarily drop all outgoing traffic, to avoid race conditions while modifying the other rules
-		otx.AddFlow("table=101, reg0=%d, cookie=1, priority=65535, actions=drop", vnid)
-		otx.DeleteFlows("table=101, reg0=%d, cookie=0/1", vnid)
-		for _, f := range flows {
-			otx.AddFlow(f)
-		}
-
 		if dnsFound {
 			if err := common.CheckDNSResolver(); err != nil {
 				inputErr = fmt.Errorf("DNS resolver failed: %v, dropping all traffic for namespace: %q", err, namespaces[0])
 				otx.DeleteFlows("table=101, reg0=%d", vnid)
 				otx.AddFlow("table=101, reg0=%d, priority=1, actions=drop", vnid)
 			}
 		}
-		otx.DeleteFlows("table=101, reg0=%d, cookie=1/1", vnid)
 	}
 
 	txErr := otx.Commit()

Original file line number	Diff line number	Diff line change
`@@ -440,7 +440,8 @@ func (oc *ovsController) UpdateEgressNetworkPolicyRules(policies []networkapi.Eg`
`440`	`440`	`otx.DeleteFlows("table=101, reg0=%d", vnid)`
`441`	`441`	`otx.AddFlow("table=101, reg0=%d, priority=1, actions=drop", vnid)`
`442`	`442`	`} else /* vnid != 0 && len(policies) == 1 */ {`
`443`		`- var flows []string`
	`443`	`+ otx.DeleteFlows("table=101, reg0=%d", vnid)`
	`444`	`+`
`444`	`445`	`dnsFound := false`
`445`	`446`	`for i, rule := range policies[0].Spec.Egress {`
`446`	`447`	`priority := len(policies[0].Spec.Egress) - i`
`@@ -474,25 +475,17 @@ func (oc *ovsController) UpdateEgressNetworkPolicyRules(policies []networkapi.Eg`
`474`	`475`	`dst = fmt.Sprintf(", nw_dst=%s", selector)`
`475`	`476`	`}`
`476`	`477`
`477`		`- flows = append(flows, fmt.Sprintf("table=101, reg0=%d, priority=%d, ip%s, actions=%s", vnid, priority, dst, action))`
	`478`	`+ otx.AddFlow("table=101, reg0=%d, priority=%d, ip%s, actions=%s", vnid, priority, dst, action)`
`478`	`479`	`}`
`479`	`480`	`}`
`480`	`481`
`481`		`- // Temporarily drop all outgoing traffic, to avoid race conditions while modifying the other rules`
`482`		`- otx.AddFlow("table=101, reg0=%d, cookie=1, priority=65535, actions=drop", vnid)`
`483`		`- otx.DeleteFlows("table=101, reg0=%d, cookie=0/1", vnid)`
`484`		`- for _, f := range flows {`
`485`		`- otx.AddFlow(f)`
`486`		`- }`
`487`		`-`
`488`	`482`	`if dnsFound {`
`489`	`483`	`if err := common.CheckDNSResolver(); err != nil {`
`490`	`484`	`inputErr = fmt.Errorf("DNS resolver failed: %v, dropping all traffic for namespace: %q", err, namespaces[0])`
`491`	`485`	`otx.DeleteFlows("table=101, reg0=%d", vnid)`
`492`	`486`	`otx.AddFlow("table=101, reg0=%d, priority=1, actions=drop", vnid)`
`493`	`487`	`}`
`494`	`488`	`}`
`495`		`- otx.DeleteFlows("table=101, reg0=%d, cookie=1/1", vnid)`
`496`	`489`	`}`
`497`	`490`
`498`	`491`	`txErr := otx.Commit()`