Remove the protocol filter from the portMappings constructor.

Reason: originally it was introduced to prevent the loading of the SCTP kernel module on the nodes. But iptables chain creation alone does not load the kernel module. The module would be loaded if an SCTP socket was created, but neither cri nor the portmap CNI plugin starts managing SCTP sockets if hostPort / portmappings are defined.
Signed-off-by: Laszlo Janosi <laszlo.janosi@ibm.com>

pkg/server/sandbox_run.go

@@ -414,9 +414,6 @@ func toCNIPortMappings(criPortMappings []*runtime.PortMapping) []cni.PortMapping
 		if mapping.HostPort <= 0 {
 			continue
 		}
-		if mapping.Protocol != runtime.Protocol_TCP && mapping.Protocol != runtime.Protocol_UDP {
-			continue
-		}
 		portMappings = append(portMappings, cni.PortMapping{
 			HostPort:      mapping.HostPort,
 			ContainerPort: mapping.ContainerPort,

pkg/server/sandbox_run_test.go

@@ -175,6 +175,12 @@ func TestToCNIPortMappings(t *testing.T) {
 					HostPort:      8765,
 					HostIp:        "126.125.124.123",
 				},
+				{
+					Protocol:      runtime.Protocol_SCTP,
+					ContainerPort: 1234,
+					HostPort:      5678,
+					HostIp:        "123.124.125.126",
+				},
 			},
 			cniPortMappings: []cni.PortMapping{
 				{
@@ -189,6 +195,12 @@ func TestToCNIPortMappings(t *testing.T) {
 					Protocol:      "tcp",
 					HostIP:        "126.125.124.123",
 				},
+				{
+					HostPort:      5678,
+					ContainerPort: 1234,
+					Protocol:      "sctp",
+					HostIP:        "123.124.125.126",
+				},
 			},
 		},
 		"CRI port mapping without host port should be skipped": {
@@ -216,12 +228,6 @@ func TestToCNIPortMappings(t *testing.T) {
 		},
 		"CRI port mapping with unsupported protocol should be skipped": {
 			criPortMappings: []*runtime.PortMapping{
-				{
-					Protocol:      runtime.Protocol_SCTP,
-					ContainerPort: 1234,
-					HostPort:      5678,
-					HostIp:        "123.124.125.126",
-				},
 				{
 					Protocol:      runtime.Protocol_TCP,
 					ContainerPort: 4321,