fix hostport CNAT entry handling

calico-vpp-agent/cni/model/pod_spec.go

@@ -296,13 +296,10 @@ type HostPortBinding struct {
 	ContainerPort uint16
 	// Protocol for the port (UDP, TCP or SCTP)
 	Protocol types.IPProto
-	// EntryID is the HostPort cnat translation index in VPP
-	EntryID uint32
 }
 
 func (hp *HostPortBinding) String() string {
 	s := fmt.Sprintf("%s %s:%d", hp.Protocol.String(), hp.HostIP, hp.HostPort)
 	s += fmt.Sprintf(" container=%d", hp.ContainerPort)
-	s += fmt.Sprintf(" id=%d", hp.EntryID)
 	return s
 }

calico-vpp-agent/cni/model/pod_status.go

@@ -38,6 +38,9 @@ type LocalPodSpecStatus struct {
 	LoopbackSwIfIndex uint32 `json:"loopbackSwIfIndex"`
 	// PblIndexes is a map from containerIP to PBL index in VPP
 	PblIndexes map[string]uint32 `json:"pblIndexes"`
+	// HostPortEntryIDs is a map from hostport to corresponding cnat entry ids
+	// in VPP, per hostIP (we can have both ipv4 and ipv6)
+	HostPortEntryIDs map[uint16]map[string]uint32
 	// V4VrfID is the table ID for the v4 VRF created for the pod
 	V4VrfID uint32 `json:"v4VrfId"`
 	// V4RPFVrfID is the table ID for the v4 uRPF VRF created for the pod
@@ -55,6 +58,7 @@ func NewLocalPodSpecStatus() *LocalPodSpecStatus {
 		TunTapSwIfIndex:   vpplink.InvalidID,
 		LoopbackSwIfIndex: vpplink.InvalidID,
 		PblIndexes:        make(map[string]uint32),
+		HostPortEntryIDs:  make(map[uint16]map[string]uint32),
 		V4VrfID:           vpplink.InvalidID,
 		V4RPFVrfID:        vpplink.InvalidID,
 		V6VrfID:           vpplink.InvalidID,

calico-vpp-agent/cni/network_vpp_hostports.go

@@ -41,7 +41,7 @@ func (s *Server) getHostPortHostIP(hostIP net.IP, isIP6 bool) net.IP {
 }
 
 func (s *Server) AddHostPort(podSpec *model.LocalPodSpec, stack *vpplink.CleanupStack) error {
-	for idx, hostPort := range podSpec.HostPorts {
+	for _, hostPort := range podSpec.HostPorts {
 		for _, containerAddr := range podSpec.ContainerIPs {
 			hostIP := s.getHostPortHostIP(hostPort.HostIP, vpplink.IsIP6(containerAddr))
 			if hostIP != nil && !hostIP.IsUnspecified() {
@@ -67,7 +67,10 @@ func (s *Server) AddHostPort(podSpec *model.LocalPodSpec, stack *vpplink.Cleanup
 				} else {
 					stack.Push(s.vpp.CnatTranslateDel, id)
 				}
-				podSpec.HostPorts[idx].EntryID = id
+				if _, found := podSpec.HostPortEntryIDs[hostPort.HostPort]; !found {
+					podSpec.HostPortEntryIDs[hostPort.HostPort] = make(map[string]uint32)
+				}
+				podSpec.HostPortEntryIDs[hostPort.HostPort][hostIP.String()] = id
 			}
 		}
 	}
@@ -77,12 +80,14 @@ func (s *Server) AddHostPort(podSpec *model.LocalPodSpec, stack *vpplink.Cleanup
 func (s *Server) DelHostPort(podSpec *model.LocalPodSpec) {
 	initialSpec, ok := s.podInterfaceMap[podSpec.Key()]
 	if ok {
-		for _, hostPort := range initialSpec.HostPorts {
-			err := s.vpp.CnatTranslateDel(hostPort.EntryID)
-			if err != nil {
-				s.log.Errorf("(del) Error deleting entry with ID %d: %v", hostPort.EntryID, err)
+		for hostport, entryIDs := range initialSpec.HostPortEntryIDs {
+			for _, entryID := range entryIDs {
+				err := s.vpp.CnatTranslateDel(entryID)
+				if err != nil {
+					s.log.Errorf("(del) Error deleting entry with ID %d: %v", entryID, err)
+				}
+				s.log.Infof("pod(del) hostport entry=%d for hostport=%d", entryID, hostport)
 			}
-			s.log.Infof("pod(del) hostport entry=%d", hostPort.EntryID)
 		}
 	} else {
 		s.log.Warnf("Initial spec not found")

config/config.go

@@ -63,7 +63,7 @@ const (
 	BaseVppSideHardwareAddress = "02:ca:11:c0:fd:00"
 	// CniServerStateFileVersion is the version of the CNI server state file
 	// it is used to ensure compatibility when reloading data
-	CniServerStateFileVersion = 10
+	CniServerStateFileVersion = 11
 	// MaxAPITagLen is the limit number of character allowed in VPP API tags
 	MaxAPITagLen = 63
 	// VrfTagHashLen is the number of hash charatecters (b64) of the name