./iptables-tracer -f "-s 10.0.1.250 -p tcp" can't work at CentOS Linux release 8.5.2111

Question

./iptables-tracer -f "-s 10.0.1.250 -p tcp" can't work at CentOS Linux release 8.5.2111

BurlyLuo opened this issue 9 months ago · 0 comments

1.issue details:
when exec ./iptables-tracer -f "-s 10.0.1.250 -p tcp" at the node, the ssh conn will be lost, and the k8s platform also come into abnormal status. esp about the kube-apiserver pods. it continues reboot.

env details:

[root@bpf1 iptables-tracer]$ cat /etc/redhat-release 
CentOS Linux release 8.5.2111
[root@bpf1 iptables-tracer]$ uname -r 
4.18.0-348.7.1.el8_5.x86_64
[root@bpf1 iptables-tracer]$ 

k8s version:
[root@bpf1 iptables-tracer]$ k get nodes -owide 
NAME   STATUS   ROLES           AGE     VERSION   INTERNAL-IP    EXTERNAL-IP   OS-IMAGE         KERNEL-VERSION                CONTAINER-RUNTIME
bpf1   Ready    control-plane   5h54m   v1.27.3   192.168.2.91   <none>        CentOS Linux 8   4.18.0-348.7.1.el8_5.x86_64   containerd://1.6.26
bpf2   Ready    <none>          5h30m   v1.27.3   192.168.2.92   <none>        CentOS Linux 8   4.18.0-348.7.1.el8_5.x86_64   containerd://1.6.26
[root@bpf1 iptables-tracer]$ 

it seems like the iptables issue after the tracer, but only add the LOG trace, not sure why it impact the orig iptables.

Add: it can work fine at CentOS7 with k8s 1.27.3.