fix(NSC): pass fwmark to traffic director as an int

aauren · aauren · commit f997e4abd970 · 2025-06-20T16:41:34.000-05:00
It used to be when we were using iproute2's CLI we needed to have the
fwmark as a hex number so we were passing it as a string in that format.

However, now that we use the netlink library directly, we already have
the fwmark in the condition that we need it. So instead of doing all of
these string &lt;-&gt; int conversions, lets just keep this simpler.
diff --git a/pkg/controllers/proxy/network_services_controller.go b/pkg/controllers/proxy/network_services_controller.go
@@ -1730,25 +1730,14 @@ func (nsc *NetworkServicesController) cleanupMangleTableRule(ip string, protocol
 // For DSR it is required that we dont assign the VIP to any interface to avoid martian packets
 // http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.routing_to_VIP-less_director.html
 // routeVIPTrafficToDirector: setups policy routing so that FWMARKed packets are delivered locally
-func routeVIPTrafficToDirector(fwmark string, family v1.IPFamily) error {
+func routeVIPTrafficToDirector(fwmark uint32, family v1.IPFamily) error {
 	nFamily := netlink.FAMILY_V4
 	if family == v1.IPv6Protocol {
 		nFamily = netlink.FAMILY_V6
 	}
 
-	iFWMark, err := strconv.Atoi(fwmark)
-	if err != nil {
-		return fmt.Errorf("failed to convert fwmark to integer due to: %v", err)
-	}
-
-	// Convert to uint32 safely
-	uFWMark, err := safecast.ToUint32(iFWMark)
-	if err != nil {
-		return fmt.Errorf("failed to convert fwmark to uint32: %v", err)
-	}
-
 	nRule := netlink.NewRule()
-	nRule.Mark = uFWMark
+	nRule.Mark = fwmark
 	nRule.Table = customDSRRouteTableID
 	nRule.Priority = defaultTrafficDirectorRulePriority
 
diff --git a/pkg/controllers/proxy/service_endpoints_sync.go b/pkg/controllers/proxy/service_endpoints_sync.go
@@ -557,7 +557,7 @@ func (nsc *NetworkServicesController) setupExternalIPForDSRService(svcIn *servic
 	}
 
 	// do policy routing to deliver the packet locally so that IPVS can pick the packet
-	err = routeVIPTrafficToDirector("0x"+fmt.Sprintf("%x", fwMark), family)
+	err = routeVIPTrafficToDirector(fwMark, family)
 	if err != nil {
 		return fmt.Errorf("failed to setup ip rule to lookup traffic to external IP: %s through custom "+
 			"route table due to %v", externalIP, err)

Original file line number	Diff line number	Diff line change
`@@ -557,7 +557,7 @@ func (nsc NetworkServicesController) setupExternalIPForDSRService(svcIn servic`
`557`	`557`	`}`
`558`	`558`
`559`	`559`	`// do policy routing to deliver the packet locally so that IPVS can pick the packet`
`560`		`- err = routeVIPTrafficToDirector("0x"+fmt.Sprintf("%x", fwMark), family)`
	`560`	`+ err = routeVIPTrafficToDirector(fwMark, family)`
`561`	`561`	`if err != nil {`
`562`	`562`	`return fmt.Errorf("failed to setup ip rule to lookup traffic to external IP: %s through custom "+`
`563`	`563`	`"route table due to %v", externalIP, err)`