From 6b7c7d312e3cd30860626969b099d0ca909bba0b Mon Sep 17 00:00:00 2001 From: Hongliang Liu Date: Tue, 17 Aug 2021 08:25:41 +0800 Subject: [PATCH] Bug fix Signed-off-by: Hongliang Liu --- pkg/agent/openflow/client.go | 2 +- pkg/agent/openflow/pipeline.go | 36 ++++----- pkg/ovs/openflow/interfaces.go | 13 ---- pkg/ovs/openflow/ofctrl_action.go | 123 ------------------------------ 4 files changed, 16 insertions(+), 158 deletions(-) diff --git a/pkg/agent/openflow/client.go b/pkg/agent/openflow/client.go index 8bb309df06c..275e7606f12 100644 --- a/pkg/agent/openflow/client.go +++ b/pkg/agent/openflow/client.go @@ -614,7 +614,7 @@ func (c *client) InstallServiceFlows(groupID binding.GroupIDType, svcIP net.IP, c.replayMutex.RLock() defer c.replayMutex.RUnlock() var flows []binding.Flow - flows = append(flows, c.serviceLBFlows(groupID, svcIP, svcPort, protocol, affinityTimeout != 0)...) + flows = append(flows, c.serviceLBFlow(groupID, svcIP, svcPort, protocol, affinityTimeout != 0)) if affinityTimeout != 0 { flows = append(flows, c.serviceLearnFlow(groupID, svcIP, svcPort, protocol, affinityTimeout)) } diff --git a/pkg/agent/openflow/pipeline.go b/pkg/agent/openflow/pipeline.go index 29a4f2a6ddc..acce0a8dc5a 100644 --- a/pkg/agent/openflow/pipeline.go +++ b/pkg/agent/openflow/pipeline.go @@ -251,8 +251,7 @@ const ( serviceSNATReg = endpointPortReg // Use reg4[20] to store the status of whether Service traffic from gateway requires SNAT. EgressReg regType = 5 IngressReg regType = 6 - - TraceflowReg regType = 9 // Use reg9[28..31] to store traceflow dataplaneTag. + TraceflowReg regType = 9 // Use reg9[28..31] to store traceflow dataplaneTag. // CNPDenyConjIDReg reuses reg3 which will also be used for storing endpoint IP to store the rule ID. Since // the service selection will finish when a packet hitting NetworkPolicy related rules, there is no conflict. CNPDenyConjIDReg regType = 3 @@ -373,7 +372,7 @@ var ( // When the Endpoint is not on host network, Antrea gateway IP is used to perform SNAT. serviceSNATMarkRange = binding.Range{20, 20} // isNodePortRegRange takes a 1-bit range of register isNodePortReg to mark whether the - // Service is NodePort. + // Service type is NodePort. isNodePortRegRange = binding.Range{19, 19} // metricIngressRuleIDRange takes 0..31 range of ct_label to store the ingress rule ID. metricIngressRuleIDRange = binding.Range{0, 31} @@ -433,7 +432,7 @@ type client struct { pipeline map[binding.TableIDType]binding.Table // Flow caches for corresponding deletions. nodeFlowCache, podFlowCache, serviceFlowCache, snatFlowCache, tfFlowCache *flowCategoryCache - // "fixed" flows installInstallNodePortIPFlowsed by the agent after initialization and which do not change during + // "fixed" flows installed by the agent after initialization and which do not change during // the lifetime of the client. gatewayFlows, defaultServiceFlows, defaultTunnelFlows, hostNetworkingFlows []binding.Flow // ofEntryOperations is a wrapper interface for OpenFlow entry Add / Modify / Delete operations. It @@ -2284,7 +2283,7 @@ func (c *client) serviceLearnFlow(groupID binding.GroupIDType, svcIP net.IP, svc // serviceLBFlows generates the flow which uses the specific group to do Endpoint // selection. -func (c *client) serviceLBFlows(groupID binding.GroupIDType, svcIP net.IP, svcPort uint16, protocol binding.Protocol, withSessionAffinity bool) []binding.Flow { +func (c *client) serviceLBFlow(groupID binding.GroupIDType, svcIP net.IP, svcPort uint16, protocol binding.Protocol, withSessionAffinity bool) binding.Flow { var lbResultMark uint32 if withSessionAffinity { lbResultMark = marksRegServiceNeedLearn @@ -2292,10 +2291,9 @@ func (c *client) serviceLBFlows(groupID binding.GroupIDType, svcIP net.IP, svcPo lbResultMark = marksRegServiceSelected } - var flows []binding.Flow // This flow is used to match the first packet of non-NodePort. if !svcIP.Equal(config.DummyNodePortSvcIP) { - flows = append(flows, c.pipeline[serviceLBTable].BuildFlow(priorityNormal). + return c.pipeline[serviceLBTable].BuildFlow(priorityNormal). MatchProtocol(protocol). MatchDstPort(svcPort, nil). MatchDstIP(svcIP). @@ -2304,23 +2302,19 @@ func (c *client) serviceLBFlows(groupID binding.GroupIDType, svcIP net.IP, svcPo Action().LoadRegRange(int(marksReg), macRewriteMark, macRewriteMarkRange). Action().Group(groupID). Cookie(c.cookieAllocator.Request(cookie.Service).Raw()). - Done(), - ) + Done() } else { unionVal := (marksServiceIsNodePort << serviceLearnRegRange.Length()) + marksRegServiceNeedLB - flows = append(flows, - c.pipeline[serviceLBTable].BuildFlow(priorityNormal). - MatchProtocol(protocol). - MatchDstPort(svcPort, nil). - MatchRegRange(int(serviceLearnReg), unionVal, binding.Range{16, 19}). - Action().LoadRegRange(int(serviceLearnReg), lbResultMark, serviceLearnRegRange). - Action().LoadRegRange(int(marksReg), macRewriteMark, macRewriteMarkRange). - Action().Group(groupID). - Cookie(c.cookieAllocator.Request(cookie.Service).Raw()). - Done(), - ) + return c.pipeline[serviceLBTable].BuildFlow(priorityNormal). + MatchProtocol(protocol). + MatchDstPort(svcPort, nil). + MatchRegRange(int(serviceLearnReg), unionVal, binding.Range{16, 19}). + Action().LoadRegRange(int(serviceLearnReg), lbResultMark, serviceLearnRegRange). + Action().LoadRegRange(int(marksReg), macRewriteMark, macRewriteMarkRange). + Action().Group(groupID). + Cookie(c.cookieAllocator.Request(cookie.Service).Raw()). + Done() } - return flows } // endpointDNATFlow generates the flow which transforms the Service Cluster IP diff --git a/pkg/ovs/openflow/interfaces.go b/pkg/ovs/openflow/interfaces.go index 4537328294f..11e6505c4ec 100644 --- a/pkg/ovs/openflow/interfaces.go +++ b/pkg/ovs/openflow/interfaces.go @@ -279,34 +279,21 @@ type LearnAction interface { DeleteLearned() LearnAction MatchEthernetProtocolIP(isIPv6 bool) LearnAction MatchTransportDst(protocol Protocol) LearnAction - MatchTransportDstAsSrc(protocol Protocol) LearnAction - MatchNetworkSrcAsDst(isIPv6 bool) LearnAction MatchLearnedTCPDstPort() LearnAction MatchLearnedUDPDstPort() LearnAction MatchLearnedSCTPDstPort() LearnAction MatchLearnedTCPv6DstPort() LearnAction MatchLearnedUDPv6DstPort() LearnAction MatchLearnedSCTPv6DstPort() LearnAction - MatchLearnedTCPDstPortAsSrcPort() LearnAction - MatchLearnedUDPDstPortAsSrcPort() LearnAction - MatchLearnedSCTPDstPortAsSrcPort() LearnAction - MatchLearnedTCPv6DstPortAsSrcPort() LearnAction - MatchLearnedUDPv6DstPortAsSrcPort() LearnAction - MatchLearnedSCTPv6DstPortAsSrcPort() LearnAction MatchLearnedSrcIP() LearnAction MatchLearnedDstIP() LearnAction MatchLearnedSrcIPv6() LearnAction MatchLearnedDstIPv6() LearnAction - MatchLearnedSrcIPAsDstIP() LearnAction - MatchLearnedDstIPAsSrcIP() LearnAction - MatchLearnedSrcIPv6AsDstIPv6() LearnAction - MatchLearnedDstIPv6AsSrcIPv6() LearnAction MatchReg(regID int, data uint32, rng Range) LearnAction LoadReg(regID int, data uint32, rng Range) LearnAction LoadRegToReg(fromRegID, toRegID int, fromRng, toRng Range) LearnAction LoadXXRegToXXReg(fromRegID, toRegID int, fromRng, toRng Range) LearnAction SetDstMAC(mac net.HardwareAddr) LearnAction - SetLearnedSrcMACAsDstMAC() LearnAction Done() FlowBuilder } diff --git a/pkg/ovs/openflow/ofctrl_action.go b/pkg/ovs/openflow/ofctrl_action.go index b9f65bb61c8..4308188db6b 100644 --- a/pkg/ovs/openflow/ofctrl_action.go +++ b/pkg/ovs/openflow/ofctrl_action.go @@ -409,47 +409,6 @@ func (a *ofLearnAction) MatchTransportDst(protocol Protocol) LearnAction { return a } -// MatchTransportDstAsSrc specifies that the transport layer destination field -// {tcp|udp|sctp}_src in the learned flow must match the {tcp|udp|sctp}_dst field -// of the packet currently being processed. It only accepts ProtocolTCP, ProtocolUDP, or -// ProtocolSCTP, otherwise this does nothing. -func (a *ofLearnAction) MatchTransportDstAsSrc(protocol Protocol) LearnAction { - var ipProtoValue int - isIPv6 := false - switch protocol { - case ProtocolTCP: - ipProtoValue = ofctrl.IP_PROTO_TCP - case ProtocolUDP: - ipProtoValue = ofctrl.IP_PROTO_UDP - case ProtocolSCTP: - ipProtoValue = ofctrl.IP_PROTO_SCTP - case ProtocolTCPv6: - ipProtoValue = ofctrl.IP_PROTO_TCP - isIPv6 = true - case ProtocolUDPv6: - ipProtoValue = ofctrl.IP_PROTO_UDP - isIPv6 = true - case ProtocolSCTPv6: - ipProtoValue = ofctrl.IP_PROTO_SCTP - isIPv6 = true - default: - // Return directly if the protocol is not acceptable. - return a - } - - a.MatchEthernetProtocolIP(isIPv6) - ipTypeVal := make([]byte, 2) - ipTypeVal[1] = byte(ipProtoValue) - a.nxLearn.AddMatch(&ofctrl.LearnField{Name: "NXM_OF_IP_PROTO"}, 1*8, nil, ipTypeVal) - // OXM_OF fields support TCP, UDP and SCTP, but NXM_OF fields only support TCP and UDP. So here using "OXM_OF_" to - // generate the field name. - trimProtocol := strings.ReplaceAll(string(protocol), "v6", "") - learnFieldName := fmt.Sprintf("OXM_OF_%s_SRC", strings.ToUpper(trimProtocol)) - fromFieldName := fmt.Sprintf("OXM_OF_%s_DST", strings.ToUpper(trimProtocol)) - a.nxLearn.AddMatch(&ofctrl.LearnField{Name: learnFieldName}, 2*8, &ofctrl.LearnField{Name: fromFieldName}, nil) - return a -} - // MatchLearnedTCPDstPort specifies that the tcp_dst field in the learned flow // must match the tcp_dst of the packet currently being processed. func (a *ofLearnAction) MatchLearnedTCPDstPort() LearnAction { @@ -486,42 +445,6 @@ func (a *ofLearnAction) MatchLearnedSCTPv6DstPort() LearnAction { return a.MatchTransportDst(ProtocolSCTPv6) } -// MatchLearnedTCPDstPortAsSrcPort specifies that the tcp_src field in the learned flow -// must match the tcp_dst of the packet currently being processed. -func (a *ofLearnAction) MatchLearnedTCPDstPortAsSrcPort() LearnAction { - return a.MatchTransportDstAsSrc(ProtocolTCP) -} - -// MatchLearnedTCPv6DstPortAsSrcPort specifies that the tcp_src field in the learned flow -// must match the tcp_dst of the packet currently being processed. -func (a *ofLearnAction) MatchLearnedTCPv6DstPortAsSrcPort() LearnAction { - return a.MatchTransportDstAsSrc(ProtocolTCPv6) -} - -// MatchLearnedUDPDstPortAsSrcPort specifies that the udp_src field in the learned flow -// must match the udp_dst of the packet currently being processed. -func (a *ofLearnAction) MatchLearnedUDPDstPortAsSrcPort() LearnAction { - return a.MatchTransportDstAsSrc(ProtocolUDP) -} - -// MatchLearnedUDPv6DstPortAsSrcPort specifies that the udp_src field in the learned flow -// must match the udp_dst of the packet currently being processed. -func (a *ofLearnAction) MatchLearnedUDPv6DstPortAsSrcPort() LearnAction { - return a.MatchTransportDstAsSrc(ProtocolUDPv6) -} - -// MatchLearnedSCTPDstPortAsSrcPort specifies that the sctp_src field in the learned flow -// must match the sctp_dst of the packet currently being processed. -func (a *ofLearnAction) MatchLearnedSCTPDstPortAsSrcPort() LearnAction { - return a.MatchTransportDstAsSrc(ProtocolSCTP) -} - -// MatchLearnedSCTPv6DstPortAsSrcPort specifies that the sctp_src field in the learned flow -// must match the sctp_dst of the packet currently being processed. -func (a *ofLearnAction) MatchLearnedSCTPv6DstPortAsSrcPort() LearnAction { - return a.MatchTransportDstAsSrc(ProtocolSCTPv6) -} - // MatchLearnedSrcIP makes the learned flow to match the nw_src of current IP packet. func (a *ofLearnAction) MatchLearnedSrcIP() LearnAction { a.nxLearn.AddMatch(&ofctrl.LearnField{Name: "NXM_OF_IP_SRC"}, 4*8, &ofctrl.LearnField{Name: "NXM_OF_IP_SRC"}, nil) @@ -546,45 +469,6 @@ func (a *ofLearnAction) MatchLearnedDstIPv6() LearnAction { return a } -// MatchLearnedSrcIPAsDstIP makes the learned flow to match the nw_dst of current IP packet's nw_src. -func (a *ofLearnAction) MatchLearnedSrcIPAsDstIP() LearnAction { - a.nxLearn.AddMatch(&ofctrl.LearnField{Name: "NXM_OF_IP_DST"}, 4*8, &ofctrl.LearnField{Name: "NXM_OF_IP_SRC"}, nil) - return a -} - -// MatchLearnedDstIPAsSrcIP makes the learned flow to match the nw_src of current IP packet's nw_dst. -func (a *ofLearnAction) MatchLearnedDstIPAsSrcIP() LearnAction { - a.nxLearn.AddMatch(&ofctrl.LearnField{Name: "NXM_OF_IP_SRC"}, 4*8, &ofctrl.LearnField{Name: "NXM_OF_IP_DST"}, nil) - return a -} - -// MatchLearnedSrcIPv6AsDstIPv6 makes the learned flow to match the ipv6_dst of current IPv6 packet's ipv6_src. -func (a *ofLearnAction) MatchLearnedSrcIPv6AsDstIPv6() LearnAction { - a.nxLearn.AddMatch(&ofctrl.LearnField{Name: "NXM_NX_IPV6_DST"}, 16*8, &ofctrl.LearnField{Name: "NXM_NX_IPV6_SRC"}, nil) - return a -} - -// MatchLearnedDstIPv6AsSrcIPv6 makes the learned flow to match the ipv6_src of current IPv6 packet's ipv6_dst. -func (a *ofLearnAction) MatchLearnedDstIPv6AsSrcIPv6() LearnAction { - a.nxLearn.AddMatch(&ofctrl.LearnField{Name: "NXM_NX_IPV6_SRC"}, 16*8, &ofctrl.LearnField{Name: "NXM_NX_IPV6_DST"}, nil) - return a -} - -// MatchNetworkSrcAsDst makes the learned flow to match the network nw_src/ipv6_src of current packet's nw_dst/ipv6_dst. -func (a *ofLearnAction) MatchNetworkSrcAsDst(isIPv6 bool) LearnAction { - learnBits := uint16(32) - from := "NXM_OF_IP_SRC" - to := "NXM_OF_IP_DST" - if isIPv6 { - learnBits = 128 - from = "NXM_NX_IPV6_SRC" - to = "NXM_NX_IPV6_DST" - } - a.MatchEthernetProtocolIP(isIPv6) - a.nxLearn.AddMatch(&ofctrl.LearnField{Name: to}, learnBits, &ofctrl.LearnField{Name: from}, nil) - return a -} - // MatchReg makes the learned flow to match the data in the reg of specific range. func (a *ofLearnAction) MatchReg(regID int, data uint32, rng Range) LearnAction { toField := &ofctrl.LearnField{Name: fmt.Sprintf("NXM_NX_REG%d", regID), Start: uint16(rng[0])} @@ -647,13 +531,6 @@ func (a *ofLearnAction) SetDstMAC(mac net.HardwareAddr) LearnAction { return a } -func (a *ofLearnAction) SetLearnedSrcMACAsDstMAC() LearnAction { - toField := &ofctrl.LearnField{Name: "NXM_OF_ETH_DST"} - fromField := &ofctrl.LearnField{Name: "NXM_OF_ETH_SRC"} - a.nxLearn.AddLoadAction(toField, 48, fromField, nil) - return a -} - func (a *ofLearnAction) Done() FlowBuilder { a.flowBuilder.ApplyAction(a.nxLearn) return a.flowBuilder