Description of changes:
During the conntrack cleanup loop, we need to first hydrate the local cache and then in the next loop we check with kernel conntrack to make sure the entry in kernel is available..this is for cases when egress traffic entry is made in local conntrack table but not yet preset in the kernel contrack table when the cleanup routine runs...
{"level":"info","ts":"2024-04-24T05:57:52.764Z","logger":"ebpf-client","caller":"wait/backoff.go:227","msg":"Check for any stale entries in the conntrack map"}
{"level":"info","ts":"2024-04-24T05:57:52.765Z","logger":"ebpf-client","caller":"wait/backoff.go:227","msg":"hydrated local conntrack cache"}
{"level":"info","ts":"2024-04-24T05:59:32.766Z","logger":"ebpf-client","caller":"wait/backoff.go:227","msg":"Check for any stale entries in the conntrack map"}
{"level":"info","ts":"2024-04-24T05:59:32.768Z","logger":"ebpf-client","caller":"wait/backoff.go:227","msg":"Done cleanup of conntrack map"}
{"level":"info","ts":"2024-04-24T06:01:12.768Z","logger":"ebpf-client","caller":"wait/backoff.go:227","msg":"Check for any stale entries in the conntrack map"}
{"level":"info","ts":"2024-04-24T06:01:12.769Z","logger":"ebpf-client","caller":"wait/backoff.go:227","msg":"hydrated local conntrack cache"}
{"level":"info","ts":"2024-04-24T06:02:52.769Z","logger":"ebpf-client","caller":"wait/backoff.go:227","msg":"Check for any stale entries in the conntrack map"}
{"level":"info","ts":"2024-04-24T06:02:52.771Z","logger":"ebpf-client","caller":"wait/backoff.go:227","msg":"Conntrack cleanup","Delete - ":"Conntrack Key : Source IP - 192.168.44.201 Source port - 40370 Dest IP - 192.168.52.173 Dest port - 8080 Protocol - 6 Owner IP - 192.168.52.173"}
{"level":"info","ts":"2024-04-24T06:02:52.771Z","logger":"ebpf-client","caller":"wait/backoff.go:227","msg":"Conntrack cleanup","Delete - ":"Conntrack Key : Source IP - 192.168.51.250 Source port - 34880 Dest IP - 192.168.52.173 Dest port - 8080 Protocol - 6 Owner IP - 192.168.52.173"}
{"level":"info","ts":"2024-04-24T06:02:52.771Z","logger":"ebpf-client","caller":"wait/backoff.go:227","msg":"Done cleanup of conntrack map"}
[root@ip-192-168-50-132 ~]# /opt/cni/bin/aws-eks-na-cli ebpf dump-maps 9
Conntrack Key : Source IP - 192.168.44.201 Source port - 40370 Dest IP - 192.168.52.173 Dest port - 8080 Protocol - 6 Owner IP - 192.168.52.173
Value :
Conntrack Val - 1
*******************************
Conntrack Key : Source IP - 192.168.51.250 Source port - 34880 Dest IP - 192.168.52.173 Dest port - 8080 Protocol - 6 Owner IP - 192.168.52.173
Value :
Conntrack Val - 1
*******************************
Done reading all entries
[root@ip-192-168-50-132 ~]# /opt/cni/bin/aws-eks-na-cli ebpf dump-maps 9
No Entries found, Empty map
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
Issue #, if available:
Description of changes: During the conntrack cleanup loop, we need to first hydrate the local cache and then in the next loop we check with kernel conntrack to make sure the entry in kernel is available..this is for cases when egress traffic entry is made in local conntrack table but not yet preset in the kernel contrack table when the cleanup routine runs...
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.