portmap: fix bug that new udp connection deletes all existing conntra…

…ck entries Calling AddPort before AddProtocol returns an error, which means ConntrackDeleteFilter has been called without port filter. Signed-off-by: [email protected] <[email protected]>
containernetworking · Feb 19, 2022 · 07bb0e7 · 07bb0e7
1 parent 76307bf
commit 07bb0e7
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/pkg/utils/conntrack.go b/pkg/utils/conntrack.go
@@ -62,8 +62,8 @@ func DeleteConntrackEntriesForDstIP(dstIP string, protocol uint8) error {
 // by the given destination port, protocol and IP family
 func DeleteConntrackEntriesForDstPort(port uint16, protocol uint8, family netlink.InetFamily) error {
 	filter := &netlink.ConntrackFilter{}
-	filter.AddPort(netlink.ConntrackOrigDstPort, port)
 	filter.AddProtocol(protocol)
+	filter.AddPort(netlink.ConntrackOrigDstPort, port)
 
 	_, err := netlink.ConntrackDeleteFilter(netlink.ConntrackTable, family, filter)
 	if err != nil {