fix getting subnet cidr by protocol

Signed-off-by: zhangzujian <[email protected]>

pkg/daemon/gateway.go

@@ -101,7 +101,7 @@ func (c *Controller) getSubnetsNeedNAT(protocol string) ([]string, error) {
 	for _, subnet := range subnets {
 		if c.isSubnetNeedNat(subnet, protocol) {
 			cidrBlock, err := getCidrByProtocol(subnet.Spec.CIDRBlock, protocol)
-			if err == nil {
+			if err == nil && cidrBlock != "" {
 				subnetsNeedNat = append(subnetsNeedNat, cidrBlock)
 			}
 		}
@@ -141,7 +141,7 @@ func (c *Controller) getSubnetsDistributedGateway(protocol string) ([]string, er
 			subnet.Spec.GatewayType == kubeovnv1.GWDistributedType &&
 			(subnet.Spec.Protocol == kubeovnv1.ProtocolDual || subnet.Spec.Protocol == protocol) {
 			cidrBlock, err := getCidrByProtocol(subnet.Spec.CIDRBlock, protocol)
-			if err == nil {
+			if err == nil && cidrBlock != "" {
 				result = append(result, cidrBlock)
 			}
 		}
@@ -172,7 +172,7 @@ func (c *Controller) getDefaultVpcSubnetsCIDR(protocol string) ([]string, map[st
 	for _, subnet := range subnets {
 		if subnet.Spec.Vpc == c.config.ClusterRouter && (subnet.Spec.Vlan == "" || subnet.Spec.LogicalGateway) && subnet.Spec.CIDRBlock != "" {
 			cidrBlock, err := getCidrByProtocol(subnet.Spec.CIDRBlock, protocol)
-			if err == nil {
+			if err == nil && cidrBlock != "" {
 				ret = append(ret, cidrBlock)
 				subnetMap[subnet.Name] = cidrBlock
 			}
@@ -204,22 +204,17 @@ func (c *Controller) getOtherNodes(protocol string) ([]string, error) {
 }
 
 func getCidrByProtocol(cidr, protocol string) (string, error) {
-	var cidrStr string
 	if err := util.CheckCidrs(cidr); err != nil {
 		return "", err
 	}
 
-	if util.CheckProtocol(cidr) == kubeovnv1.ProtocolDual {
-		cidrBlocks := strings.Split(cidr, ",")
-		if protocol == kubeovnv1.ProtocolIPv4 {
-			cidrStr = cidrBlocks[0]
-		} else if protocol == kubeovnv1.ProtocolIPv6 {
-			cidrStr = cidrBlocks[1]
+	for _, cidr := range strings.Split(cidr, ",") {
+		if util.CheckProtocol(cidr) == protocol {
+			return cidr, nil
 		}
-	} else {
-		cidrStr = cidr
 	}
-	return cidrStr, nil
+
+	return "", nil
 }
 
 func (c *Controller) getEgressNatIPByNode(nodeName string) (map[string]string, error) {

pkg/daemon/gateway_linux.go

@@ -205,15 +205,17 @@ func (c *Controller) reconcileNatOutGoingPolicyIPset(protocol string) {
 		return
 	}
 
-	subnetCidrs := make([]string, 0)
+	subnetCidrs := make([]string, 0, len(subnets))
 	natPolicyRuleIDs := strset.New()
 	for _, subnet := range subnets {
 		cidrBlock, err := getCidrByProtocol(subnet.Spec.CIDRBlock, protocol)
 		if err != nil {
 			klog.Errorf("failed to get subnet %s CIDR block by protocol: %v", subnet.Name, err)
 			continue
 		}
-		subnetCidrs = append(subnetCidrs, cidrBlock)
+		if cidrBlock != "" {
+			subnetCidrs = append(subnetCidrs, cidrBlock)
+		}
 		for _, rule := range subnet.Status.NatOutgoingPolicyRules {
 			if rule.RuleID == "" {
 				klog.Errorf("unexpected empty ID for NAT outgoing rule %q of subnet %s", rule.NatOutgoingPolicyRule, subnet.Name)
@@ -1003,6 +1005,9 @@ func (c *Controller) generateNatOutgoingPolicyChainRules(protocol string) ([]uti
 			klog.Errorf("failed to get subnet %s cidr block with protocol: %v", subnet.Name, err)
 			continue
 		}
+		if cidrBlock == "" {
+			continue
+		}
 
 		ovnNatPolicySubnetChainName := OvnNatOutGoingPolicySubnet + util.GetTruncatedUID(string(subnet.GetUID()))
 		natPolicySubnetIptables = append(natPolicySubnetIptables, util.IPTableRule{Table: NAT, Chain: OvnNatOutGoingPolicy, Rule: strings.Fields(fmt.Sprintf(`-s %s -m comment --comment natPolicySubnet-%s -j %s`, cidrBlock, subnet.Name, ovnNatPolicySubnetChainName))})
@@ -1616,7 +1621,7 @@ func (c *Controller) getSubnetsNeedPR(protocol string) (map[policyRouteMeta]stri
 			}
 			if meta.gateway != "" {
 				cidrBlock, err := getCidrByProtocol(subnet.Spec.CIDRBlock, protocol)
-				if err == nil {
+				if err == nil && cidrBlock != "" {
 					subnetsNeedPR[meta] = cidrBlock
 				}
 			}