Fix: handle POD IP query service IP scenario for policy enforcement
Change-Id: I834f72e5f7bd9f41a47aed8d6997dfecc05be8b5
diff --git a/apps/k8s-networking/app/src/main/java/org/onosproject/k8snetworking/impl/K8sNetworkPolicyHandler.java b/apps/k8s-networking/app/src/main/java/org/onosproject/k8snetworking/impl/K8sNetworkPolicyHandler.java
index 1044e39..c7754fb 100644
--- a/apps/k8s-networking/app/src/main/java/org/onosproject/k8snetworking/impl/K8sNetworkPolicyHandler.java
+++ b/apps/k8s-networking/app/src/main/java/org/onosproject/k8snetworking/impl/K8sNetworkPolicyHandler.java
@@ -259,12 +259,19 @@
if (d.equalsIgnoreCase(DIRECTION_INGRESS)) {
sBuilder.matchIPDst(IpPrefix.valueOf(IpAddress.valueOf(k), HOST_PREFIX));
tBuilder.transition(ACL_INGRESS_WHITE_TABLE);
+ setPolicyRulesBase(sBuilder, tBuilder, ACL_TABLE, install);
} else if (d.equalsIgnoreCase(DIRECTION_EGRESS)) {
+ // original IP
sBuilder.matchIPSrc(IpPrefix.valueOf(IpAddress.valueOf(k), HOST_PREFIX));
tBuilder.transition(ACL_EGRESS_WHITE_TABLE);
- }
+ setPolicyRulesBase(sBuilder, tBuilder, ACL_TABLE, install);
- setPolicyRulesBase(sBuilder, tBuilder, ACL_TABLE, install);
+
+ // shifted IP
+ sBuilder.matchIPSrc(IpPrefix.valueOf(IpAddress.valueOf(
+ shiftIpDomain(k, SHIFTED_IP_PREFIX)), HOST_PREFIX));
+ setPolicyRulesBase(sBuilder, tBuilder, ACL_TABLE, install);
+ }
});
});
}