-
Notifications
You must be signed in to change notification settings - Fork 374
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add ICMP support in ACNP and ANP #3472
Conversation
E2E tests and doc changes are in PR #3635. |
This pull request introduces 1 alert when merging 1d55c1c into 4db3c18 - view on LGTM.com new alerts:
|
This pull request introduces 1 alert when merging 17b2cba into 53a5a8d - view on LGTM.com new alerts:
|
Codecov Report
@@ Coverage Diff @@
## main #3472 +/- ##
==========================================
- Coverage 64.59% 57.62% -6.98%
==========================================
Files 278 392 +114
Lines 39363 55339 +15976
==========================================
+ Hits 25427 31887 +6460
- Misses 11957 21012 +9055
- Partials 1979 2440 +461
Flags with carried forward coverage won't be shown. Click here to find out more.
|
469861a
to
c0979a0
Compare
5ea7717
to
ad9e549
Compare
pkg/apis/crd/v1alpha1/types.go
Outdated
@@ -600,3 +605,18 @@ type NamespacedName struct { | |||
Name string `json:"name,omitempty"` | |||
Namespace string `json:"namespace,omitempty"` | |||
} | |||
|
|||
// NetworkPolicyProtocol includes all protocols that `ports` can't support. All | |||
// fields should be used as a stand-alone field. To match all traffic with a |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
standalone field
What does "standalone field" mean?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It means all fields cannot be used with each other.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM overall, @wenyingd could you take a look at openflow change?
@GraysonWu could you add more information to PR description and commit message, e.g. what change is made to API, an usage example? |
Add E2E tests for ICMP support PR antrea-io#3472 Signed-off-by: wgrayson <[email protected]>
Add E2E tests and related content in doc for ICMP support PR antrea-io#3472 Signed-off-by: wgrayson <[email protected]>
Add E2E tests and related content in doc for ICMP support PR antrea-io#3472 Signed-off-by: wgrayson <[email protected]>
Add E2E tests and related content in doc for ICMP support PR antrea-io#3472 Signed-off-by: wgrayson <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, @GraysonWu could you rebase on main so we can merge?
This PR added ICMP support in Antrea-native policy. User could define a policy only enfored on ICMP traffic or ICMP traffic with specific ICMP type or ICMP code. 1. Added a new field called `protocols` which contains protocols that are not supported by `ports`. Currently, only ICMP protocol is in this field. 2. On the controller side, * Both `ports` and `protocols` will be translate into `Service` of internalNP * Added `ICMPType` and `ICMPCode` to `Service` 3. On the agent side, * Added a new struct `matchPair` which contains one matchKey and one matchValue * Added some new `MatchKey`: `MatchICMPType`, `MatchICMPCode`, `MatchICMPv6Type` and `MatchICMPv6Code` * Change `conjunctiveMatch` from contains only one matchKey-matchValue pair to contains a list of `matchPair`, in order to support flows with multipul match conditions like this: `icmp,icmp_type=8,icmp_code=0,action=conjunction(2,3/3)` Signed-off-by: wgrayson <[email protected]>
Add E2E tests and related content in doc for ICMP support PR antrea-io#3472 Signed-off-by: wgrayson <[email protected]>
Done. Just a friendly reminder: e2e tests and doc update are in PR #3635 |
Signed-off-by: wgrayson <[email protected]>
Add E2E tests and related content in doc for ICMP support PR antrea-io#3472 Signed-off-by: wgrayson <[email protected]>
/test-all |
/test-networkpolicy |
/test-networkpolicy |
1 similar comment
/test-networkpolicy |
Add E2E tests and related content in doc for ICMP support PR antrea-io#3472 Signed-off-by: wgrayson <[email protected]>
Add E2E tests and related content in doc for ICMP support PR #3472 Signed-off-by: wgrayson <[email protected]>
Fixes #3263
This PR added ICMP support in Antrea-native policy. User could define a policy only enfored on ICMP traffic or ICMP traffic with specific ICMP type or ICMP code.
Added a new field called
protocols
which contains protocols that are not supported byports
. Currently, only ICMP protocol is in this field.On the controller side,
ports
andprotocols
will be translate intoService
of internalNPICMPType
andICMPCode
toService
matchPair
which contains one matchKey and one matchValueMatchKey
:MatchICMPType
,MatchICMPCode
,MatchICMPv6Type
andMatchICMPv6Code
conjunctiveMatch
from contains only one matchKey-matchValue pair to contains a list ofmatchPair
, in order to support flows with multipul match conditions like this:icmp,icmp_type=8,icmp_code=0,action=conjunction(2,3/3)
Provide some examples here:
With the policy above, these corresponding flows will be installed on the OVS:
Signed-off-by: wgrayson [email protected]