Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support to modify OF table name #2585

Merged
merged 1 commit into from
Oct 19, 2021
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,8 @@ module antrea.io/antrea
go 1.17

require (
antrea.io/libOpenflow v0.2.0
antrea.io/ofnet v0.1.0
antrea.io/libOpenflow v0.5.2
antrea.io/ofnet v0.2.3
github.com/Mellanox/sriovnet v1.0.2
github.com/Microsoft/go-winio v0.4.16-0.20201130162521-d1ffc52c7331
github.com/Microsoft/hcsshim v0.8.9
Expand Down
8 changes: 4 additions & 4 deletions go.sum
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
antrea.io/libOpenflow v0.2.0 h1:bBNT3CI8q2FMQRdphP0dynImRK1LBDmA+cQOu7JULj4=
antrea.io/libOpenflow v0.2.0/go.mod h1:CzEJZxDNAupiGxeL5VOw92PsxfyvehEAvE3PiC6gr8o=
antrea.io/ofnet v0.1.0 h1:r5c/TM5pa8xSVd5xEUj1L2vYfc4EjIzCWs6cHbeuVFc=
antrea.io/ofnet v0.1.0/go.mod h1:fLmHHD9XWeVza2pz/HEdLkGyA7pNutxlXCqodlwWQsA=
antrea.io/libOpenflow v0.5.2 h1:EFTyAHlG6UH8ZHpiPi6QPVPETqoIk0eB2B6i88VqacM=
antrea.io/libOpenflow v0.5.2/go.mod h1:CzEJZxDNAupiGxeL5VOw92PsxfyvehEAvE3PiC6gr8o=
antrea.io/ofnet v0.2.3 h1:wxXOqWaT5swtn9Ly6hV7pqvIgfmrr3aQfCGVQqHykr4=
antrea.io/ofnet v0.2.3/go.mod h1:jW4ICTvGjLO+Qr6GG/Glmjy34k6k/TfVlQhOm76UH84=
cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
Expand Down
18 changes: 12 additions & 6 deletions pkg/agent/apiserver/handlers/ovsflows/handler.go
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,12 @@ import (
"antrea.io/antrea/pkg/querier"
)

var (
// Use function variables for tests.
getFlowTableName = openflow.GetFlowTableName
getFlowTableID = openflow.GetFlowTableID
)

// Response is the response struct of ovsflows command.
type Response struct {
Flow string `json:"flow,omitempty"`
Expand All @@ -50,12 +56,12 @@ func dumpMatchedFlows(aq agentquerier.AgentQuerier, flowKeys []string) ([]Respon
return resps, nil
}

func dumpFlows(aq agentquerier.AgentQuerier, table binding.TableIDType) ([]Response, error) {
func dumpFlows(aq agentquerier.AgentQuerier, table uint8) ([]Response, error) {
resps := []Response{}
var flowStrs []string
var err error
if table != binding.TableIDAll {
flowStrs, err = aq.GetOVSCtlClient().DumpTableFlows(uint8(table))
flowStrs, err = aq.GetOVSCtlClient().DumpTableFlows(table)
} else {
flowStrs, err = aq.GetOVSCtlClient().DumpFlows()
}
Expand Down Expand Up @@ -89,16 +95,16 @@ func getTableFlows(aq agentquerier.AgentQuerier, tables string) ([]Response, err
var resps []Response
for _, tableSeg := range strings.Split(tables, ",") {
tableSeg = strings.TrimSpace(tableSeg)
var tableNumber binding.TableIDType
var tableNumber uint8
// Table nubmer is a 8-bit unsigned integer.
n, err := strconv.ParseUint(tableSeg, 10, 8)
if err == nil {
tableNumber = binding.TableIDType(n)
if openflow.GetFlowTableName(tableNumber) == "" {
tableNumber = uint8(n)
if getFlowTableName(tableNumber) == "" {
return nil, nil
}
} else {
tableNumber = openflow.GetFlowTableNumber(tableSeg)
tableNumber = getFlowTableID(tableSeg)
if tableNumber == binding.TableIDAll {
return nil, nil
}
Expand Down
16 changes: 16 additions & 0 deletions pkg/agent/apiserver/handlers/ovsflows/handler_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -222,6 +222,8 @@ func TestTableFlows(t *testing.T) {
ctrl := gomock.NewController(t)
defer ctrl.Finish()

getFlowTableName = mockGetFlowTableName
getFlowTableID = mockGetFlowTableID
testcases := []testCase{
{
test: "Table 80",
Expand All @@ -246,6 +248,20 @@ func TestTableFlows(t *testing.T) {

}

func mockGetFlowTableName(id uint8) string {
if id == 80 {
return "IngressRule"
}
return ""
}

func mockGetFlowTableID(tableName string) uint8 {
if tableName == "IngressRule" {
return 80
}
return binding.TableIDAll
}

func TestGroups(t *testing.T) {
ctrl := gomock.NewController(t)
defer ctrl.Finish()
Expand Down
22 changes: 11 additions & 11 deletions pkg/agent/controller/networkpolicy/packetin.go
Original file line number Diff line number Diff line change
Expand Up @@ -94,19 +94,19 @@ func getMatchRegField(matchers *ofctrl.Matchers, field *binding.RegField) *ofctr

// getMatch receives ofctrl matchers and table id, match field.
// Modifies match field to Ingress/Egress register based on tableID.
func getMatch(matchers *ofctrl.Matchers, tableID binding.TableIDType, disposition uint32) *ofctrl.MatchField {
func getMatch(matchers *ofctrl.Matchers, tableID uint8, disposition uint32) *ofctrl.MatchField {
// Get match from CNPDenyConjIDReg if disposition is not allow.
if disposition != openflow.DispositionAllow {
return getMatchRegField(matchers, openflow.CNPDenyConjIDField)
}
// Get match from ingress/egress reg if disposition is allow
for _, table := range append(openflow.GetAntreaPolicyEgressTables(), openflow.EgressRuleTable) {
if tableID == table {
if tableID == table.GetID() {
return getMatchRegField(matchers, openflow.TFEgressConjIDField)
}
}
for _, table := range append(openflow.GetAntreaPolicyIngressTables(), openflow.IngressRuleTable) {
if tableID == table {
if tableID == table.GetID() {
return getMatchRegField(matchers, openflow.TFIngressConjIDField)
}
}
Expand All @@ -130,7 +130,7 @@ func getNetworkPolicyInfo(pktIn *ofctrl.PacketIn, c *Controller, ob *logInfo) er
matchers := pktIn.GetMatches()
var match *ofctrl.MatchField
// Get table name
tableID := binding.TableIDType(pktIn.TableId)
tableID := pktIn.TableId
ob.tableName = openflow.GetFlowTableName(tableID)

// Get disposition Allow or Drop
Expand Down Expand Up @@ -326,7 +326,7 @@ func (c *Controller) storeDenyConnection(pktIn *ofctrl.PacketIn) error {
matchers := pktIn.GetMatches()
var match *ofctrl.MatchField
// Get table ID
tableID := binding.TableIDType(pktIn.TableId)
tableID := pktIn.TableId
// Get disposition Allow, Drop or Reject
match = getMatchRegField(matchers, openflow.APDispositionField)
id, err := getInfoInReg(match, openflow.APDispositionField.GetRange().ToNXRange())
Expand Down Expand Up @@ -363,10 +363,10 @@ func (c *Controller) storeDenyConnection(pktIn *ofctrl.PacketIn) error {
}
} else {
// For K8s NetworkPolicy implicit drop action, we cannot get name/namespace.
if tableID == openflow.IngressDefaultTable {
if tableID == openflow.IngressDefaultTable.GetID() {
denyConn.IngressNetworkPolicyType = registry.PolicyTypeK8sNetworkPolicy
denyConn.IngressNetworkPolicyRuleAction = flowexporter.RuleActionToUint8(disposition)
} else if tableID == openflow.EgressDefaultTable {
} else if tableID == openflow.EgressDefaultTable.GetID() {
denyConn.EgressNetworkPolicyType = registry.PolicyTypeK8sNetworkPolicy
denyConn.EgressNetworkPolicyRuleAction = flowexporter.RuleActionToUint8(disposition)
}
Expand All @@ -375,18 +375,18 @@ func (c *Controller) storeDenyConnection(pktIn *ofctrl.PacketIn) error {
return nil
}

func isAntreaPolicyIngressTable(tableID binding.TableIDType) bool {
func isAntreaPolicyIngressTable(tableID uint8) bool {
for _, table := range openflow.GetAntreaPolicyIngressTables() {
if table == tableID {
if table.GetID() == tableID {
return true
}
}
return false
}

func isAntreaPolicyEgressTable(tableID binding.TableIDType) bool {
func isAntreaPolicyEgressTable(tableID uint8) bool {
for _, table := range openflow.GetAntreaPolicyEgressTables() {
if table == tableID {
if table.GetID() == tableID {
return true
}
}
Expand Down
36 changes: 18 additions & 18 deletions pkg/agent/controller/networkpolicy/reconciler.go
Original file line number Diff line number Diff line change
Expand Up @@ -190,7 +190,7 @@ type reconciler struct {
idAllocator *idAllocator

// priorityAssigners provides interfaces to manage OF priorities for each OVS table.
priorityAssigners map[binding.TableIDType]*tablePriorityAssigner
priorityAssigners map[uint8]*tablePriorityAssigner
// ipv4Enabled tells if IPv4 is supported on this Node or not.
ipv4Enabled bool
// ipv6Enabled tells is IPv6 is supported on this Node or not.
Expand All @@ -208,14 +208,14 @@ func newReconciler(ofClient openflow.Client,
idAllocator *idAllocator,
fqdnController *fqdnController,
) *reconciler {
priorityAssigners := map[binding.TableIDType]*tablePriorityAssigner{}
priorityAssigners := map[uint8]*tablePriorityAssigner{}
for _, table := range openflow.GetAntreaPolicyBaselineTierTables() {
priorityAssigners[table] = &tablePriorityAssigner{
priorityAssigners[table.GetID()] = &tablePriorityAssigner{
assigner: newPriorityAssigner(true),
}
}
for _, table := range openflow.GetAntreaPolicyMultiTierTables() {
priorityAssigners[table] = &tablePriorityAssigner{
priorityAssigners[table.GetID()] = &tablePriorityAssigner{
assigner: newPriorityAssigner(false),
}
}
Expand Down Expand Up @@ -279,28 +279,28 @@ func (r *reconciler) Reconcile(rule *CompletedRule) error {
// getOFRuleTable retreives the OpenFlow table to install the CompletedRule.
// The decision is made based on whether the rule is created for a CNP/ANP, and
// the Tier of that NetworkPolicy.
func (r *reconciler) getOFRuleTable(rule *CompletedRule) binding.TableIDType {
func (r *reconciler) getOFRuleTable(rule *CompletedRule) uint8 {
if !rule.isAntreaNetworkPolicyRule() {
if rule.Direction == v1beta2.DirectionIn {
return openflow.IngressRuleTable
return openflow.IngressRuleTable.GetID()
}
return openflow.EgressRuleTable
return openflow.EgressRuleTable.GetID()
}
var ruleTables []binding.TableIDType
var ruleTables []binding.Table
if rule.Direction == v1beta2.DirectionIn {
ruleTables = openflow.GetAntreaPolicyIngressTables()
} else {
ruleTables = openflow.GetAntreaPolicyEgressTables()
}
if *rule.TierPriority != baselineTierPriority {
return ruleTables[0]
return ruleTables[0].GetID()
}
return ruleTables[1]
return ruleTables[1].GetID()
}

// getOFPriority retrieves the OFPriority for the input CompletedRule to be installed,
// and re-arranges installed priorities on OVS if necessary.
func (r *reconciler) getOFPriority(rule *CompletedRule, table binding.TableIDType, pa *tablePriorityAssigner) (*uint16, bool, error) {
func (r *reconciler) getOFPriority(rule *CompletedRule, tableID uint8, pa *tablePriorityAssigner) (*uint16, bool, error) {
if !rule.isAntreaNetworkPolicyRule() {
klog.V(2).Infof("Assigning default priority for k8s NetworkPolicy.")
return nil, true, nil
Expand All @@ -326,7 +326,7 @@ func (r *reconciler) getOFPriority(rule *CompletedRule, table binding.TableIDTyp
}
// Re-assign installed priorities on OVS
if len(priorityUpdates) > 0 {
err := r.ofClient.ReassignFlowPriorities(priorityUpdates, table)
err := r.ofClient.ReassignFlowPriorities(priorityUpdates, tableID)
if err != nil {
revertFunc()
return nil, registered, err
Expand All @@ -344,7 +344,7 @@ func (r *reconciler) getOFPriority(rule *CompletedRule, table binding.TableIDTyp
func (r *reconciler) BatchReconcile(rules []*CompletedRule) error {
var rulesToInstall []*CompletedRule
var priorities []*uint16
prioritiesByTable := map[binding.TableIDType][]*uint16{}
prioritiesByTable := map[uint8][]*uint16{}
for _, rule := range rules {
if _, exists := r.lastRealizeds.Load(rule.ID); exists {
klog.Errorf("rule %s already realized during the initialization phase", rule.ID)
Expand Down Expand Up @@ -382,7 +382,7 @@ func (r *reconciler) BatchReconcile(rules []*CompletedRule) error {
// registerOFPriorities constructs a Priority type for each CompletedRule in the input list,
// and registers those Priorities with appropriate tablePriorityAssigner based on Tier.
func (r *reconciler) registerOFPriorities(rules []*CompletedRule) error {
prioritiesToRegister := map[binding.TableIDType][]types.Priority{}
prioritiesToRegister := map[uint8][]types.Priority{}
for _, rule := range rules {
if rule.isAntreaNetworkPolicyRule() {
ruleTable := r.getOFRuleTable(rule)
Expand All @@ -403,7 +403,7 @@ func (r *reconciler) registerOFPriorities(rules []*CompletedRule) error {
}

// add converts CompletedRule to PolicyRule(s) and invokes installOFRule to install them.
func (r *reconciler) add(rule *CompletedRule, ofPriority *uint16, table binding.TableIDType) error {
func (r *reconciler) add(rule *CompletedRule, ofPriority *uint16, table uint8) error {
klog.V(2).Infof("Adding new rule %v", rule)
ofRuleByServicesMap, lastRealized := r.computeOFRulesForAdd(rule, ofPriority, table)
for svcKey, ofRule := range ofRuleByServicesMap {
Expand All @@ -424,7 +424,7 @@ func (r *reconciler) add(rule *CompletedRule, ofPriority *uint16, table binding.
return nil
}

func (r *reconciler) computeOFRulesForAdd(rule *CompletedRule, ofPriority *uint16, table binding.TableIDType) (
func (r *reconciler) computeOFRulesForAdd(rule *CompletedRule, ofPriority *uint16, table uint8) (
map[servicesKey]*types.PolicyRule, *lastRealized) {
lastRealized := newLastRealized(rule)
// TODO: Handle the case that the following processing fails or partially succeeds.
Expand Down Expand Up @@ -570,7 +570,7 @@ func (r *reconciler) batchAdd(rules []*CompletedRule, ofPriorities []*uint16) er

// update calculates the difference of Addresses between oldRule and newRule,
// and invokes Openflow client's methods to reconcile them.
func (r *reconciler) update(lastRealized *lastRealized, newRule *CompletedRule, ofPriority *uint16, table binding.TableIDType) error {
func (r *reconciler) update(lastRealized *lastRealized, newRule *CompletedRule, ofPriority *uint16, table uint8) error {
klog.V(2).Infof("Updating existing rule %v", newRule)
// staleOFIDs tracks servicesKey that are no long needed.
// Firstly fill it with the last realized ofIDs.
Expand Down Expand Up @@ -758,7 +758,7 @@ func (r *reconciler) updateOFRule(ofID uint32, addedFrom []types.Address, addedT
return nil
}

func (r *reconciler) uninstallOFRule(ofID uint32, table binding.TableIDType) error {
func (r *reconciler) uninstallOFRule(ofID uint32, table uint8) error {
klog.V(2).Infof("Uninstalling ofRule %d", ofID)
stalePriorities, err := r.ofClient.UninstallPolicyRuleFlows(ofID)
if err != nil {
Expand Down
6 changes: 3 additions & 3 deletions pkg/agent/controller/networkpolicy/reconciler_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -611,23 +611,23 @@ func TestReconcileWithTransientError(t *testing.T) {
To: ipsToOFAddresses(sets.NewString("1.1.1.1")),
Service: []v1beta2.Service{serviceTCP80, serviceTCP8080},
PolicyRef: &np1,
TableID: openflow.EgressRuleTable,
TableID: openflow.EgressRuleTable.GetID(),
},
{
Direction: v1beta2.DirectionOut,
From: ipsToOFAddresses(sets.NewString("2.2.2.2")),
To: ipsToOFAddresses(sets.NewString("1.1.1.2")),
Service: []v1beta2.Service{serviceTCP443, serviceTCP8080},
PolicyRef: &np1,
TableID: openflow.EgressRuleTable,
TableID: openflow.EgressRuleTable.GetID(),
},
{
Direction: v1beta2.DirectionOut,
From: ipsToOFAddresses(sets.NewString("2.2.2.2")),
To: append(ipsToOFAddresses(sets.NewString("1.1.1.3")), openflow.NewIPNetAddress(ipNet)),
Service: []v1beta2.Service{serviceTCP8080},
PolicyRef: &np1,
TableID: openflow.EgressRuleTable,
TableID: openflow.EgressRuleTable.GetID(),
},
}
for _, policyRule := range policyRules {
Expand Down
Loading