Documentation ¶
Index ¶
- Constants
- Variables
- func GetAntreaPolicyEgressTables() []binding.TableIDType
- func GetAntreaPolicyIngressTables() []binding.TableIDType
- func GetAntreaPolicyMultiTierTables() []binding.TableIDType
- func GetAntreaPolicySingleTierTables() []binding.TableIDType
- func GetFlowTableName(tableNumber binding.TableIDType) string
- func GetFlowTableNumber(tableName string) binding.TableIDType
- type Client
- type ConjunctionNotFound
- type IPAddress
- type IPNetAddress
- type OFEntryOperations
- type OFPortAddress
- type PacketInHandler
Constants ¶
View Source
const ( MatchDstIP int = iota MatchSrcIP MatchDstIPNet MatchSrcIPNet MatchDstOFPort MatchSrcOFPort MatchTCPDstPort MatchUDPDstPort MatchSCTPDstPort Unsupported )
View Source
const ( // Flow table id index ClassifierTable binding.TableIDType = 0 MultiTierEgressRuleTable binding.TableIDType = 45 DefaultTierEgressRuleTable binding.TableIDType = 49 EgressRuleTable binding.TableIDType = 50 EgressDefaultTable binding.TableIDType = 60 EgressMetricTable binding.TableIDType = 61 MultiTierIngressRuleTable binding.TableIDType = 85 DefaultTierIngressRuleTable binding.TableIDType = 89 IngressRuleTable binding.TableIDType = 90 IngressDefaultTable binding.TableIDType = 100 IngressMetricTable binding.TableIDType = 101 L2ForwardingOutTable binding.TableIDType = 110 )
View Source
const ( EgressReg regType = 5 IngressReg regType = 6 TraceflowReg regType = 9 // Use reg9[28..31] to store traceflow dataplaneTag. CtZone = 0xfff0 )
Variables ¶
View Source
var ( FlowTables = []struct { Number binding.TableIDType Name string }{ {ClassifierTable, "Classification"}, {uplinkTable, "Uplink"}, {spoofGuardTable, "SpoofGuard"}, {arpResponderTable, "ARPResponder"}, {serviceHairpinTable, "ServiceHairpin"}, {conntrackTable, "ConntrackZone"}, {conntrackStateTable, "ConntrackState"}, {dnatTable, "DNAT(SessionAffinity)"}, {sessionAffinityTable, "SessionAffinity"}, {serviceLBTable, "ServiceLB"}, {endpointDNATTable, "EndpointDNAT"}, {MultiTierEgressRuleTable, "AntreaPolicyMultiTierEgressRule"}, {DefaultTierEgressRuleTable, "AntreaPolicyAppTierEgressRule"}, {EgressRuleTable, "EgressRule"}, {EgressDefaultTable, "EgressDefaultRule"}, {EgressMetricTable, "EgressMetric"}, {l3ForwardingTable, "l3Forwarding"}, {l2ForwardingCalcTable, "L2Forwarding"}, {MultiTierIngressRuleTable, "AntreaPolicyMultiTierIngressRule"}, {DefaultTierIngressRuleTable, "AntreaPolicyAppTierIngressRule"}, {IngressRuleTable, "IngressRule"}, {IngressDefaultTable, "IngressDefaultRule"}, {IngressMetricTable, "IngressMetric"}, {conntrackCommitTable, "ConntrackCommit"}, {hairpinSNATTable, "HairpinSNATTable"}, {L2ForwardingOutTable, "Output"}, } )
View Source
var ( // OfTraceflowMarkRange stores dataplaneTag at range 28-31 in marksReg. OfTraceflowMarkRange = binding.Range{28, 31} )
Functions ¶
func GetAntreaPolicyEgressTables ¶ added in v0.10.0
func GetAntreaPolicyEgressTables() []binding.TableIDType
func GetAntreaPolicyIngressTables ¶ added in v0.10.0
func GetAntreaPolicyIngressTables() []binding.TableIDType
func GetAntreaPolicyMultiTierTables ¶ added in v0.10.0
func GetAntreaPolicyMultiTierTables() []binding.TableIDType
func GetAntreaPolicySingleTierTables ¶ added in v0.10.0
func GetAntreaPolicySingleTierTables() []binding.TableIDType
func GetFlowTableName ¶ added in v0.6.0
func GetFlowTableName(tableNumber binding.TableIDType) string
GetFlowTableName returns the flow table name given the table number. An empty string is returned if the table cannot be found.
func GetFlowTableNumber ¶ added in v0.6.0
func GetFlowTableNumber(tableName string) binding.TableIDType
GetFlowTableNumber does a case insensitive lookup of the table name, and returns the flow table number if the table is found. Otherwise TableIDAll is returned if the table cannot be found.
Types ¶
type Client ¶
type Client interface { // Initialize sets up all basic flows on the specific OVS bridge. It returns a channel which // is used to notify the caller in case of a reconnection, in which case ReplayFlows should // be called to ensure that the set of OVS flows is correct. All flows programmed in the // switch which match the current round number will be deleted before any new flow is // installed. Initialize(roundInfo types.RoundInfo, config *config.NodeConfig, encapMode config.TrafficEncapModeType, gatewayOFPort uint32) (<-chan struct{}, error) // InstallGatewayFlows sets up flows related to an OVS gateway port, the gateway must exist. InstallGatewayFlows(gatewayAddr net.IP, gatewayMAC net.HardwareAddr, gatewayOFPort uint32) error // InstallBridgeUplinkFlows installs Openflow flows between bridge local port and uplink port to support // host networking. These flows are only needed on windows platform. InstallBridgeUplinkFlows(uplinkPort uint32, bridgeLocalPort uint32) error // InstallClusterServiceCIDRFlows sets up the appropriate flows so that traffic can reach // the different Services running in the Cluster. This method needs to be invoked once with // the Cluster Service CIDR as a parameter. InstallClusterServiceCIDRFlows(serviceNet *net.IPNet, gatewayOFPort uint32) error // InstallClusterServiceFlows sets up the appropriate flows so that traffic can reach // the different Services running in the Cluster. This method needs to be invoked once. InstallClusterServiceFlows() error // InstallDefaultTunnelFlows sets up the classification flow for the default (flow based) tunnel. InstallDefaultTunnelFlows(tunnelOFPort uint32) error // InstallNodeFlows should be invoked when a connection to a remote Node is going to be set // up. The hostname is used to identify the added flows. When IPSec tunnel is enabled, // ipsecTunOFPort must be set to the OFPort number of the IPSec tunnel port to the remote Node; // otherwise ipsecTunOFPort must be set to 0. // InstallNodeFlows has all-or-nothing semantics(call succeeds if all the flows are installed // successfully, otherwise no flows will be installed). Calls to InstallNodeFlows are idempotent. // Concurrent calls to InstallNodeFlows and / or UninstallNodeFlows are supported as long as they // are all for different hostnames. InstallNodeFlows( hostname string, localGatewayMAC net.HardwareAddr, peerPodCIDR net.IPNet, peerGatewayIP, tunnelPeerIP net.IP, tunOFPort, ipsecTunOFPort uint32) error // UninstallNodeFlows removes the connection to the remote Node specified with the // hostname. UninstallNodeFlows will do nothing if no connection to the host was established. UninstallNodeFlows(hostname string) error // InstallPodFlows should be invoked when a connection to a Pod on current Node. The // interfaceName is used to identify the added flows. InstallPodFlows has all-or-nothing // semantics(call succeeds if all the flows are installed successfully, otherwise no // flows will be installed). Calls to InstallPodFlows are idempotent. Concurrent calls // to InstallPodFlows and / or UninstallPodFlows are supported as long as they are all // for different interfaceNames. InstallPodFlows(interfaceName string, podInterfaceIP net.IP, podInterfaceMAC, gatewayMAC net.HardwareAddr, ofPort uint32) error // UninstallPodFlows removes the connection to the local Pod specified with the // interfaceName. UninstallPodFlows will do nothing if no connection to the Pod was established. UninstallPodFlows(interfaceName string) error // InstallServiceGroup installs a group for Service LB. Each endpoint // is a bucket of the group. For now, each bucket has the same weight. InstallServiceGroup(groupID binding.GroupIDType, withSessionAffinity bool, endpoints []proxy.Endpoint) error // UninstallServiceGroup removes the group and its buckets that are // installed by InstallServiceGroup. UninstallServiceGroup(groupID binding.GroupIDType) error // InstallEndpointFlows installs flows for accessing Endpoints. // If an Endpoint is on the current Node, then flows for hairpin and endpoint // L2 forwarding should also be installed. InstallEndpointFlows(protocol binding.Protocol, endpoints []proxy.Endpoint) error // UninstallEndpointFlows removes flows of the Endpoint installed by // InstallEndpointFlows. UninstallEndpointFlows(protocol binding.Protocol, endpoint proxy.Endpoint) error // InstallServiceFlows installs flows for accessing Service with clusterIP. // It installs the flow that uses the group/bucket to do service LB. If the // affinityTimeout is not zero, it also installs the flow which has a learn // action to maintain the LB decision. // The group with the groupID must be installed before, otherwise the // installation will fail. InstallServiceFlows(groupID binding.GroupIDType, svcIP net.IP, svcPort uint16, protocol binding.Protocol, affinityTimeout uint16) error // UninstallServiceFlows removes flows installed by InstallServiceFlows. UninstallServiceFlows(svcIP net.IP, svcPort uint16, protocol binding.Protocol) error // InstallLoadBalancerServiceFromOutsideFlows installs flows for LoadBalancer Service traffic from outside node. // The traffic is received from uplink port and will be forwarded to gateway by the installed flows. And then // kube-proxy will handle the traffic. // This function is only used for Windows platform. InstallLoadBalancerServiceFromOutsideFlows(svcIP net.IP, svcPort uint16, protocol binding.Protocol) error // GetFlowTableStatus should return an array of flow table status, all existing flow tables should be included in the list. GetFlowTableStatus() []binding.TableStatus // InstallPolicyRuleFlows installs flows for a new NetworkPolicy rule. Rule should include all fields in the // NetworkPolicy rule. Each ingress/egress policy rule installs Openflow entries on two tables, one for // ruleTable and the other for dropTable. If a packet does not pass the ruleTable, it will be dropped by the // dropTable. InstallPolicyRuleFlows(ofPolicyRule *types.PolicyRule) error // BatchInstallPolicyRuleFlows installs multiple flows for NetworkPolicy rules in batch. BatchInstallPolicyRuleFlows(ofPolicyRules []*types.PolicyRule) error // UninstallPolicyRuleFlows removes the Openflow entry relevant to the specified NetworkPolicy rule. // It also returns a slice of stale ofPriorities used by ClusterNetworkPolicies. // UninstallPolicyRuleFlows will do nothing if no Openflow entry for the rule is installed. UninstallPolicyRuleFlows(ruleID uint32) ([]string, error) // AddPolicyRuleAddress adds one or multiple addresses to the specified NetworkPolicy rule. If addrType is true, the // addresses are added to PolicyRule.From, else to PolicyRule.To. AddPolicyRuleAddress(ruleID uint32, addrType types.AddressType, addresses []types.Address, priority *uint16) error // DeletePolicyRuleAddress removes addresses from the specified NetworkPolicy rule. If addrType is srcAddress, the addresses // are removed from PolicyRule.From, else from PolicyRule.To. DeletePolicyRuleAddress(ruleID uint32, addrType types.AddressType, addresses []types.Address, priority *uint16) error // InstallExternalFlows sets up flows to enable Pods to communicate to the external IP addresses. The corresponding // OpenFlow entries include: 1) identify the packets from local Pods to the external IP address, 2) mark the traffic // in the connection tracking context, and 3) SNAT the packets with Node IP. InstallExternalFlows(nodeIP net.IP, localSubnet net.IPNet) error // Disconnect disconnects the connection between client and OFSwitch. Disconnect() error // IsConnected returns the connection status between client and OFSwitch. The return value is true if the OFSwitch is connected. IsConnected() bool // ReplayFlows should be called when a spurious disconnection occurs. After we reconnect to // the OFSwitch, we need to replay all the flows cached by the client. ReplayFlows will try // to replay as many flows as possible, and will log an error when a flow cannot be // installed. ReplayFlows() // DeleteStaleFlows deletes all flows from the previous round which are no longer needed. It // should be called by the agent after all required flows have been installed / updated with // the new round number. DeleteStaleFlows() error // GetTunnelVirtualMAC() returns globalVirtualMAC used for tunnel traffic. GetTunnelVirtualMAC() net.HardwareAddr // GetPodFlowKeys returns the keys (match strings) of the cached flows for a // Pod. GetPodFlowKeys(interfaceName string) []string // GetNetworkPolicyFlowKeys returns the keys (match strings) of the cached // flows for a NetworkPolicy. Flows are grouped by policy rules, and duplicated // entries can be added due to conjunctive match flows shared by multiple // rules. GetNetworkPolicyFlowKeys(npName, npNamespace string) []string // ReassignFlowPriorities takes a list of priority updates, and update the actionFlows to replace // the old priority with the desired one, for each priority update on that table. ReassignFlowPriorities(updates map[uint16]uint16, table binding.TableIDType) error // SubscribePacketIn subscribes packet-in channel in bridge. This method requires a receiver to // pop data from "ch" timely, otherwise it will block all inbound messages from OVS. SubscribePacketIn(reason uint8, ch chan *ofctrl.PacketIn) error // SendTraceflowPacket injects packet to specified OVS port for Openflow. SendTraceflowPacket( dataplaneTag uint8, srcMAC string, dstMAC string, srcIP string, dstIP string, IPProtocol uint8, ttl uint8, IPFlags uint16, TCPSrcPort uint16, TCPDstPort uint16, TCPFlags uint8, UDPSrcPort uint16, UDPDstPort uint16, ICMPType uint8, ICMPCode uint8, ICMPID uint16, ICMPSequence uint16, inPort uint32, outPort int32) error // InstallTraceflowFlows installs flows for specific traceflow request. InstallTraceflowFlows(dataplaneTag uint8) error // Initial tun_metadata0 in TLV map for Traceflow. InitialTLVMap() error // Find network policy and namespace by conjunction ID. GetPolicyFromConjunction(ruleID uint32) *v1beta1.NetworkPolicyReference // RegisterPacketInHandler registers PacketIn handler to process PacketIn event. RegisterPacketInHandler(packetHandlerName string, packetInHandler interface{}) // RegisterPacketInHandler uses SubscribePacketIn to get PacketIn message and process received // packets through registered handlers. StartPacketInHandler(stopCh <-chan struct{}) // Get traffic metrics of each NetworkPolicy rule. NetworkPolicyMetrics() map[uint32]*types.RuleMetric }
Client is the interface to program OVS flows for entity connectivity of Antrea.
type ConjunctionNotFound ¶
type ConjunctionNotFound uint32
ConjunctionNotFound is an error response when the specified policyRuleConjunction is not found from the local cache.
func (*ConjunctionNotFound) Error ¶
func (e *ConjunctionNotFound) Error() string
type IPAddress ¶
IP address calculated from Pod's address.
func NewIPAddress ¶
func (*IPAddress) GetMatchKey ¶
func (a *IPAddress) GetMatchKey(addrType types.AddressType) int
func (*IPAddress) GetMatchValue ¶
type IPNetAddress ¶
IP block calculated from Pod's address.
func NewIPNetAddress ¶
func NewIPNetAddress(addr net.IPNet) *IPNetAddress
func (*IPNetAddress) GetMatchKey ¶
func (a *IPNetAddress) GetMatchKey(addrType types.AddressType) int
func (*IPNetAddress) GetMatchValue ¶
func (a *IPNetAddress) GetMatchValue() string
func (*IPNetAddress) GetValue ¶
func (a *IPNetAddress) GetValue() interface{}
type OFEntryOperations ¶ added in v0.6.0
type OFEntryOperations interface { Add(flow binding.Flow) error Modify(flow binding.Flow) error Delete(flow binding.Flow) error AddAll(flows []binding.Flow) error DeleteAll(flows []binding.Flow) error AddOFEntries(ofEntries []binding.OFEntry) error DeleteOFEntries(ofEntries []binding.OFEntry) error }
type OFPortAddress ¶
type OFPortAddress int32
OFPortAddress is the Openflow port of an interface.
func NewOFPortAddress ¶
func NewOFPortAddress(addr int32) *OFPortAddress
func (*OFPortAddress) GetMatchKey ¶
func (a *OFPortAddress) GetMatchKey(addrType types.AddressType) int
func (*OFPortAddress) GetMatchValue ¶
func (a *OFPortAddress) GetMatchValue() string
func (*OFPortAddress) GetValue ¶
func (a *OFPortAddress) GetValue() interface{}
type PacketInHandler ¶ added in v0.8.0
Click to show internal directories.
Click to hide internal directories.