fix: clean ct flow when policy changed

wu-cl · wu-cl · commit 2cd92ec5a551 · 2023-01-13T20:04:50.000+08:00
diff --git a/pkg/agent/datapath/multiBridgeDatapath.go b/pkg/agent/datapath/multiBridgeDatapath.go
@@ -881,11 +881,6 @@ func (datapathManager *DpManager) AddEveroutePolicyRule(rule *EveroutePolicyRule
 			return nil
 		}
 		log.Infof("Rule already exists. update old rule: {%+v} to new rule: {%+v} ", ruleEntry.EveroutePolicyRule, rule)
-
-		// clear CT flow while updating from "allow" to "deny"
-		if ruleEntry.EveroutePolicyRule.Action == EveroutePolicyAllow && rule.Action == EveroutePolicyDeny {
-			datapathManager.cleanConntrackFlow(rule)
-		}
 	}
 
 	log.Infof("Received AddRule: %+v", rule)
@@ -900,10 +895,7 @@ func (datapathManager *DpManager) AddEveroutePolicyRule(rule *EveroutePolicyRule
 		ruleFlowMap[vdsID] = flowEntry
 	}
 
-	// clean related CT flows only for "deny" action while adding
-	if rule.Action == EveroutePolicyDeny {
-		datapathManager.cleanConntrackFlow(rule)
-	}
+	datapathManager.cleanConntrackFlow(rule)
 
 	// save the rule. ruleFlowMap need deepcopy, NOTE
 	if ruleEntry == nil {
@@ -920,7 +912,6 @@ func (datapathManager *DpManager) AddEveroutePolicyRule(rule *EveroutePolicyRule
 	// save flowID reference
 	for _, v := range ruleEntry.RuleFlowMap {
 		datapathManager.FlowIDToRules[v.FlowID] = ruleEntry
-		log.Info(v.FlowID)
 	}
 
 	datapathManager.Rules[rule.RuleID] = ruleEntry
@@ -961,10 +952,7 @@ func (datapathManager *DpManager) RemoveEveroutePolicyRule(ruleID string, ruleNa
 		delete(datapathManager.FlowIDToRules, pRule.RuleFlowMap[vdsID].FlowID)
 	}
 
-	// clean related CT flows only for "allow" action while deleting
-	if datapathManager.Rules[ruleID].EveroutePolicyRule.Action == EveroutePolicyAllow {
-		datapathManager.cleanConntrackFlow(datapathManager.Rules[ruleID].EveroutePolicyRule)
-	}
+	datapathManager.cleanConntrackFlow(datapathManager.Rules[ruleID].EveroutePolicyRule)
 
 	if pRule.PolicyRuleReference.Len() == 0 {
 		delete(datapathManager.Rules, ruleID)
