openflow

package
v0.10.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 30, 2020 License: Apache-2.0 Imports: 22 Imported by: 0

Documentation

Index

Constants

View Source
const (
	MatchDstIP int = iota
	MatchSrcIP
	MatchDstIPNet
	MatchSrcIPNet
	MatchDstOFPort
	MatchSrcOFPort
	MatchTCPDstPort
	MatchUDPDstPort
	MatchSCTPDstPort
	Unsupported
)
View Source
const (
	// Flow table id index
	ClassifierTable binding.TableIDType = 0

	MultiTierEgressRuleTable   binding.TableIDType = 45
	DefaultTierEgressRuleTable binding.TableIDType = 49
	EgressRuleTable            binding.TableIDType = 50
	EgressDefaultTable         binding.TableIDType = 60
	EgressMetricTable          binding.TableIDType = 61

	MultiTierIngressRuleTable   binding.TableIDType = 85
	DefaultTierIngressRuleTable binding.TableIDType = 89
	IngressRuleTable            binding.TableIDType = 90
	IngressDefaultTable         binding.TableIDType = 100
	IngressMetricTable          binding.TableIDType = 101

	L2ForwardingOutTable binding.TableIDType = 110
)
View Source
const (
	EgressReg    regType = 5
	IngressReg   regType = 6
	TraceflowReg regType = 9 // Use reg9[28..31] to store traceflow dataplaneTag.

	CtZone = 0xfff0
)

Variables

View Source
var (
	FlowTables = []struct {
		Number binding.TableIDType
		Name   string
	}{
		{ClassifierTable, "Classification"},
		{uplinkTable, "Uplink"},
		{spoofGuardTable, "SpoofGuard"},
		{arpResponderTable, "ARPResponder"},
		{serviceHairpinTable, "ServiceHairpin"},
		{conntrackTable, "ConntrackZone"},
		{conntrackStateTable, "ConntrackState"},
		{dnatTable, "DNAT(SessionAffinity)"},
		{sessionAffinityTable, "SessionAffinity"},
		{serviceLBTable, "ServiceLB"},
		{endpointDNATTable, "EndpointDNAT"},
		{MultiTierEgressRuleTable, "AntreaPolicyMultiTierEgressRule"},
		{DefaultTierEgressRuleTable, "AntreaPolicyAppTierEgressRule"},
		{EgressRuleTable, "EgressRule"},
		{EgressDefaultTable, "EgressDefaultRule"},
		{EgressMetricTable, "EgressMetric"},
		{l3ForwardingTable, "l3Forwarding"},
		{l2ForwardingCalcTable, "L2Forwarding"},
		{MultiTierIngressRuleTable, "AntreaPolicyMultiTierIngressRule"},
		{DefaultTierIngressRuleTable, "AntreaPolicyAppTierIngressRule"},
		{IngressRuleTable, "IngressRule"},
		{IngressDefaultTable, "IngressDefaultRule"},
		{IngressMetricTable, "IngressMetric"},
		{conntrackCommitTable, "ConntrackCommit"},
		{hairpinSNATTable, "HairpinSNATTable"},
		{L2ForwardingOutTable, "Output"},
	}
)
View Source
var (

	// OfTraceflowMarkRange stores dataplaneTag at range 28-31 in marksReg.
	OfTraceflowMarkRange = binding.Range{28, 31}
)

Functions

func GetAntreaPolicyEgressTables added in v0.10.0

func GetAntreaPolicyEgressTables() []binding.TableIDType

func GetAntreaPolicyIngressTables added in v0.10.0

func GetAntreaPolicyIngressTables() []binding.TableIDType

func GetAntreaPolicyMultiTierTables added in v0.10.0

func GetAntreaPolicyMultiTierTables() []binding.TableIDType

func GetAntreaPolicySingleTierTables added in v0.10.0

func GetAntreaPolicySingleTierTables() []binding.TableIDType

func GetFlowTableName added in v0.6.0

func GetFlowTableName(tableNumber binding.TableIDType) string

GetFlowTableName returns the flow table name given the table number. An empty string is returned if the table cannot be found.

func GetFlowTableNumber added in v0.6.0

func GetFlowTableNumber(tableName string) binding.TableIDType

GetFlowTableNumber does a case insensitive lookup of the table name, and returns the flow table number if the table is found. Otherwise TableIDAll is returned if the table cannot be found.

Types

type Client

type Client interface {
	// Initialize sets up all basic flows on the specific OVS bridge. It returns a channel which
	// is used to notify the caller in case of a reconnection, in which case ReplayFlows should
	// be called to ensure that the set of OVS flows is correct. All flows programmed in the
	// switch which match the current round number will be deleted before any new flow is
	// installed.
	Initialize(roundInfo types.RoundInfo, config *config.NodeConfig, encapMode config.TrafficEncapModeType, gatewayOFPort uint32) (<-chan struct{}, error)

	// InstallGatewayFlows sets up flows related to an OVS gateway port, the gateway must exist.
	InstallGatewayFlows(gatewayAddr net.IP, gatewayMAC net.HardwareAddr, gatewayOFPort uint32) error

	// InstallBridgeUplinkFlows installs Openflow flows between bridge local port and uplink port to support
	// host networking. These flows are only needed on windows platform.
	InstallBridgeUplinkFlows(uplinkPort uint32, bridgeLocalPort uint32) error

	// InstallClusterServiceCIDRFlows sets up the appropriate flows so that traffic can reach
	// the different Services running in the Cluster. This method needs to be invoked once with
	// the Cluster Service CIDR as a parameter.
	InstallClusterServiceCIDRFlows(serviceNet *net.IPNet, gatewayOFPort uint32) error

	// InstallClusterServiceFlows sets up the appropriate flows so that traffic can reach
	// the different Services running in the Cluster. This method needs to be invoked once.
	InstallClusterServiceFlows() error

	// InstallDefaultTunnelFlows sets up the classification flow for the default (flow based) tunnel.
	InstallDefaultTunnelFlows(tunnelOFPort uint32) error

	// InstallNodeFlows should be invoked when a connection to a remote Node is going to be set
	// up. The hostname is used to identify the added flows. When IPSec tunnel is enabled,
	// ipsecTunOFPort must be set to the OFPort number of the IPSec tunnel port to the remote Node;
	// otherwise ipsecTunOFPort must be set to 0.
	// InstallNodeFlows has all-or-nothing semantics(call succeeds if all the flows are installed
	// successfully, otherwise no flows will be installed). Calls to InstallNodeFlows are idempotent.
	// Concurrent calls to InstallNodeFlows and / or UninstallNodeFlows are supported as long as they
	// are all for different hostnames.
	InstallNodeFlows(
		hostname string,
		localGatewayMAC net.HardwareAddr,
		peerPodCIDR net.IPNet,
		peerGatewayIP, tunnelPeerIP net.IP,
		tunOFPort, ipsecTunOFPort uint32) error

	// UninstallNodeFlows removes the connection to the remote Node specified with the
	// hostname. UninstallNodeFlows will do nothing if no connection to the host was established.
	UninstallNodeFlows(hostname string) error

	// InstallPodFlows should be invoked when a connection to a Pod on current Node. The
	// interfaceName is used to identify the added flows. InstallPodFlows has all-or-nothing
	// semantics(call succeeds if all the flows are installed successfully, otherwise no
	// flows will be installed). Calls to InstallPodFlows are idempotent. Concurrent calls
	// to InstallPodFlows and / or UninstallPodFlows are supported as long as they are all
	// for different interfaceNames.
	InstallPodFlows(interfaceName string, podInterfaceIP net.IP, podInterfaceMAC, gatewayMAC net.HardwareAddr, ofPort uint32) error

	// UninstallPodFlows removes the connection to the local Pod specified with the
	// interfaceName. UninstallPodFlows will do nothing if no connection to the Pod was established.
	UninstallPodFlows(interfaceName string) error

	// InstallServiceGroup installs a group for Service LB. Each endpoint
	// is a bucket of the group. For now, each bucket has the same weight.
	InstallServiceGroup(groupID binding.GroupIDType, withSessionAffinity bool, endpoints []proxy.Endpoint) error
	// UninstallServiceGroup removes the group and its buckets that are
	// installed by InstallServiceGroup.
	UninstallServiceGroup(groupID binding.GroupIDType) error

	// InstallEndpointFlows installs flows for accessing Endpoints.
	// If an Endpoint is on the current Node, then flows for hairpin and endpoint
	// L2 forwarding should also be installed.
	InstallEndpointFlows(protocol binding.Protocol, endpoints []proxy.Endpoint) error
	// UninstallEndpointFlows removes flows of the Endpoint installed by
	// InstallEndpointFlows.
	UninstallEndpointFlows(protocol binding.Protocol, endpoint proxy.Endpoint) error

	// InstallServiceFlows installs flows for accessing Service with clusterIP.
	// It installs the flow that uses the group/bucket to do service LB. If the
	// affinityTimeout is not zero, it also installs the flow which has a learn
	// action to maintain the LB decision.
	// The group with the groupID must be installed before, otherwise the
	// installation will fail.
	InstallServiceFlows(groupID binding.GroupIDType, svcIP net.IP, svcPort uint16, protocol binding.Protocol, affinityTimeout uint16) error
	// UninstallServiceFlows removes flows installed by InstallServiceFlows.
	UninstallServiceFlows(svcIP net.IP, svcPort uint16, protocol binding.Protocol) error
	// InstallLoadBalancerServiceFromOutsideFlows installs flows for LoadBalancer Service traffic from outside node.
	// The traffic is received from uplink port and will be forwarded to gateway by the installed flows. And then
	// kube-proxy will handle the traffic.
	// This function is only used for Windows platform.
	InstallLoadBalancerServiceFromOutsideFlows(svcIP net.IP, svcPort uint16, protocol binding.Protocol) error

	// GetFlowTableStatus should return an array of flow table status, all existing flow tables should be included in the list.
	GetFlowTableStatus() []binding.TableStatus

	// InstallPolicyRuleFlows installs flows for a new NetworkPolicy rule. Rule should include all fields in the
	// NetworkPolicy rule. Each ingress/egress policy rule installs Openflow entries on two tables, one for
	// ruleTable and the other for dropTable. If a packet does not pass the ruleTable, it will be dropped by the
	// dropTable.
	InstallPolicyRuleFlows(ofPolicyRule *types.PolicyRule) error

	// BatchInstallPolicyRuleFlows installs multiple flows for NetworkPolicy rules in batch.
	BatchInstallPolicyRuleFlows(ofPolicyRules []*types.PolicyRule) error

	// UninstallPolicyRuleFlows removes the Openflow entry relevant to the specified NetworkPolicy rule.
	// It also returns a slice of stale ofPriorities used by ClusterNetworkPolicies.
	// UninstallPolicyRuleFlows will do nothing if no Openflow entry for the rule is installed.
	UninstallPolicyRuleFlows(ruleID uint32) ([]string, error)

	// AddPolicyRuleAddress adds one or multiple addresses to the specified NetworkPolicy rule. If addrType is true, the
	// addresses are added to PolicyRule.From, else to PolicyRule.To.
	AddPolicyRuleAddress(ruleID uint32, addrType types.AddressType, addresses []types.Address, priority *uint16) error

	// DeletePolicyRuleAddress removes addresses from the specified NetworkPolicy rule. If addrType is srcAddress, the addresses
	// are removed from PolicyRule.From, else from PolicyRule.To.
	DeletePolicyRuleAddress(ruleID uint32, addrType types.AddressType, addresses []types.Address, priority *uint16) error

	// InstallExternalFlows sets up flows to enable Pods to communicate to the external IP addresses. The corresponding
	// OpenFlow entries include: 1) identify the packets from local Pods to the external IP address, 2) mark the traffic
	// in the connection tracking context, and 3) SNAT the packets with Node IP.
	InstallExternalFlows(nodeIP net.IP, localSubnet net.IPNet) error

	// Disconnect disconnects the connection between client and OFSwitch.
	Disconnect() error

	// IsConnected returns the connection status between client and OFSwitch. The return value is true if the OFSwitch is connected.
	IsConnected() bool

	// ReplayFlows should be called when a spurious disconnection occurs. After we reconnect to
	// the OFSwitch, we need to replay all the flows cached by the client. ReplayFlows will try
	// to replay as many flows as possible, and will log an error when a flow cannot be
	// installed.
	ReplayFlows()

	// DeleteStaleFlows deletes all flows from the previous round which are no longer needed. It
	// should be called by the agent after all required flows have been installed / updated with
	// the new round number.
	DeleteStaleFlows() error

	// GetTunnelVirtualMAC() returns globalVirtualMAC used for tunnel traffic.
	GetTunnelVirtualMAC() net.HardwareAddr

	// GetPodFlowKeys returns the keys (match strings) of the cached flows for a
	// Pod.
	GetPodFlowKeys(interfaceName string) []string

	// GetNetworkPolicyFlowKeys returns the keys (match strings) of the cached
	// flows for a NetworkPolicy. Flows are grouped by policy rules, and duplicated
	// entries can be added due to conjunctive match flows shared by multiple
	// rules.
	GetNetworkPolicyFlowKeys(npName, npNamespace string) []string

	// ReassignFlowPriorities takes a list of priority updates, and update the actionFlows to replace
	// the old priority with the desired one, for each priority update on that table.
	ReassignFlowPriorities(updates map[uint16]uint16, table binding.TableIDType) error

	// SubscribePacketIn subscribes packet-in channel in bridge. This method requires a receiver to
	// pop data from "ch" timely, otherwise it will block all inbound messages from OVS.
	SubscribePacketIn(reason uint8, ch chan *ofctrl.PacketIn) error

	// SendTraceflowPacket injects packet to specified OVS port for Openflow.
	SendTraceflowPacket(
		dataplaneTag uint8,
		srcMAC string,
		dstMAC string,
		srcIP string,
		dstIP string,
		IPProtocol uint8,
		ttl uint8,
		IPFlags uint16,
		TCPSrcPort uint16,
		TCPDstPort uint16,
		TCPFlags uint8,
		UDPSrcPort uint16,
		UDPDstPort uint16,
		ICMPType uint8,
		ICMPCode uint8,
		ICMPID uint16,
		ICMPSequence uint16,
		inPort uint32,
		outPort int32) error

	// InstallTraceflowFlows installs flows for specific traceflow request.
	InstallTraceflowFlows(dataplaneTag uint8) error

	// Initial tun_metadata0 in TLV map for Traceflow.
	InitialTLVMap() error

	// Find network policy and namespace by conjunction ID.
	GetPolicyFromConjunction(ruleID uint32) *v1beta1.NetworkPolicyReference

	// RegisterPacketInHandler registers PacketIn handler to process PacketIn event.
	RegisterPacketInHandler(packetHandlerName string, packetInHandler interface{})
	// RegisterPacketInHandler uses SubscribePacketIn to get PacketIn message and process received
	// packets through registered handlers.
	StartPacketInHandler(stopCh <-chan struct{})
	// Get traffic metrics of each NetworkPolicy rule.
	NetworkPolicyMetrics() map[uint32]*types.RuleMetric
}

Client is the interface to program OVS flows for entity connectivity of Antrea.

func NewClient

func NewClient(bridgeName, mgmtAddr string, enableProxy, enableAntreaPolicy bool) Client

NewClient is the constructor of the Client interface.

type ConjunctionNotFound

type ConjunctionNotFound uint32

ConjunctionNotFound is an error response when the specified policyRuleConjunction is not found from the local cache.

func (*ConjunctionNotFound) Error

func (e *ConjunctionNotFound) Error() string

type IPAddress

type IPAddress net.IP

IP address calculated from Pod's address.

func NewIPAddress

func NewIPAddress(addr net.IP) *IPAddress

func (*IPAddress) GetMatchKey

func (a *IPAddress) GetMatchKey(addrType types.AddressType) int

func (*IPAddress) GetMatchValue

func (a *IPAddress) GetMatchValue() string

func (*IPAddress) GetValue

func (a *IPAddress) GetValue() interface{}

type IPNetAddress

type IPNetAddress net.IPNet

IP block calculated from Pod's address.

func NewIPNetAddress

func NewIPNetAddress(addr net.IPNet) *IPNetAddress

func (*IPNetAddress) GetMatchKey

func (a *IPNetAddress) GetMatchKey(addrType types.AddressType) int

func (*IPNetAddress) GetMatchValue

func (a *IPNetAddress) GetMatchValue() string

func (*IPNetAddress) GetValue

func (a *IPNetAddress) GetValue() interface{}

type OFEntryOperations added in v0.6.0

type OFEntryOperations interface {
	Add(flow binding.Flow) error
	Modify(flow binding.Flow) error
	Delete(flow binding.Flow) error
	AddAll(flows []binding.Flow) error
	DeleteAll(flows []binding.Flow) error
	AddOFEntries(ofEntries []binding.OFEntry) error
	DeleteOFEntries(ofEntries []binding.OFEntry) error
}

type OFPortAddress

type OFPortAddress int32

OFPortAddress is the Openflow port of an interface.

func NewOFPortAddress

func NewOFPortAddress(addr int32) *OFPortAddress

func (*OFPortAddress) GetMatchKey

func (a *OFPortAddress) GetMatchKey(addrType types.AddressType) int

func (*OFPortAddress) GetMatchValue

func (a *OFPortAddress) GetMatchValue() string

func (*OFPortAddress) GetValue

func (a *OFPortAddress) GetValue() interface{}

type PacketInHandler added in v0.8.0

type PacketInHandler interface {
	HandlePacketIn(pktIn *ofctrl.PacketIn) error
}

Directories

Path Synopsis
Package cookie implements a cookie allocator.
Package cookie implements a cookie allocator.
Package testing is a generated GoMock package.
Package testing is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL