Documentation
¶
Index ¶
Constants ¶
View Source
const ( MatchDstIP int = iota MatchSrcIP MatchDstIPNet MatchSrcIPNet MatchDstOFPort MatchSrcOFPort MatchTCPDstPort MatchUDPDstPort MatchSCTPDstPort Unsupported )
Variables ¶
View Source
var ( FlowTables = []struct { Number binding.TableIDType Name string }{ {classifierTable, "Classification"}, {spoofGuardTable, "SpoofGuard"}, {arpResponderTable, "ARPResponder"}, {conntrackTable, "ConntrackZone"}, {conntrackStateTable, "ContrackState"}, {dnatTable, "DNAT"}, {egressRuleTable, "EgressRule"}, {egressDefaultTable, "EgressDefaultRule"}, {l3ForwardingTable, "L3Forwarding"}, {l2ForwardingCalcTable, "L2Forwarding"}, {ingressRuleTable, "IngressRule"}, {ingressDefaultTable, "IngressDefaultRule"}, {conntrackCommitTable, "ConntrackCommit"}, {l2ForwardingOutTable, "Output"}, } )
View Source
var (
ReentranceMAC, _ = net.ParseMAC("de:ad:be:ef:de:ad")
)
Functions ¶
func GetFlowTableName ¶ added in v0.6.0
func GetFlowTableName(tableNumber binding.TableIDType) string
GetFlowTableName returns the flow table name given the table number. An empty string is returned if the table cannot be found.
func GetFlowTableNumber ¶ added in v0.6.0
func GetFlowTableNumber(tableName string) binding.TableIDType
GetFlowTableNumber does a case insensitive lookup of the table name, and returns the flow table number if the table is found. Otherwise TableIDAll is returned if the table cannot be found.
Types ¶
type Client ¶
type Client interface {
// Initialize sets up all basic flows on the specific OVS bridge. It returns a channel which
// is used to notify the caller in case of a reconnection, in which case ReplayFlows should
// be called to ensure that the set of OVS flows is correct. All flows programmed in the
// switch which match the current round number will be deleted before any new flow is
// installed.
Initialize(roundInfo types.RoundInfo, config *config.NodeConfig, encapMode config.TrafficEncapModeType, gatewayOFPort uint32) (<-chan struct{}, error)
// InstallGatewayFlows sets up flows related to an OVS gateway port, the gateway must exist.
InstallGatewayFlows(gatewayAddr net.IP, gatewayMAC net.HardwareAddr, gatewayOFPort uint32) error
// InstallBridgeUplinkFlows installs Openflow flows between bridge local port and uplink port to support
// host networking. These flows are only needed on windows platform.
InstallBridgeUplinkFlows(uplinkPort uint32, bridgeLocalPort uint32) error
// InstallClusterServiceCIDRFlows sets up the appropriate flows so that traffic can reach
// the different Services running in the Cluster. This method needs to be invoked once with
// the Cluster Service CIDR as a parameter.
InstallClusterServiceCIDRFlows(serviceNet *net.IPNet, gatewayMAC net.HardwareAddr, gatewayOFPort uint32) error
// InstallDefaultTunnelFlows sets up the classification flow for the default (flow based) tunnel.
InstallDefaultTunnelFlows(tunnelOFPort uint32) error
// InstallNodeFlows should be invoked when a connection to a remote Node is going to be set
// up. The hostname is used to identify the added flows. When IPSec tunnel is enabled,
// ipsecTunOFPort must be set to the OFPort number of the IPSec tunnel port to the remote Node;
// otherwise ipsecTunOFPort must be set to 0.
// InstallNodeFlows has all-or-nothing semantics(call succeeds if all the flows are installed
// successfully, otherwise no flows will be installed). Calls to InstallNodeFlows are idempotent.
// Concurrent calls to InstallNodeFlows and / or UninstallNodeFlows are supported as long as they
// are all for different hostnames.
InstallNodeFlows(
hostname string,
localGatewayMAC net.HardwareAddr,
peerPodCIDR net.IPNet,
peerGatewayIP, tunnelPeerIP net.IP,
tunOFPort, ipsecTunOFPort uint32) error
// UninstallNodeFlows removes the connection to the remote Node specified with the
// hostname. UninstallNodeFlows will do nothing if no connection to the host was established.
UninstallNodeFlows(hostname string) error
// InstallPodFlows should be invoked when a connection to a Pod on current Node. The
// interfaceName is used to identify the added flows. InstallPodFlows has all-or-nothing
// semantics(call succeeds if all the flows are installed successfully, otherwise no
// flows will be installed). Calls to InstallPodFlows are idempotent. Concurrent calls
// to InstallPodFlows and / or UninstallPodFlows are supported as long as they are all
// for different interfaceNames.
InstallPodFlows(interfaceName string, podInterfaceIP net.IP, podInterfaceMAC, gatewayMAC net.HardwareAddr, ofPort uint32) error
// UninstallPodFlows removes the connection to the local Pod specified with the
// interfaceName. UninstallPodFlows will do nothing if no connection to the Pod was established.
UninstallPodFlows(interfaceName string) error
// GetFlowTableStatus should return an array of flow table status, all existing flow tables should be included in the list.
GetFlowTableStatus() []binding.TableStatus
// InstallPolicyRuleFlows installs flows for a new NetworkPolicy rule. Rule should include all fields in the
// NetworkPolicy rule. Each ingress/egress policy rule installs Openflow entries on two tables, one for
// ruleTable and the other for dropTable. If a packet does not pass the ruleTable, it will be dropped by the
// dropTable.
InstallPolicyRuleFlows(ruleID uint32, rule *types.PolicyRule, npName, npNamespace string) error
// UninstallPolicyRuleFlows removes the Openflow entry relevant to the specified NetworkPolicy rule.
// UninstallPolicyRuleFlows will do nothing if no Openflow entry for the rule is installed.
UninstallPolicyRuleFlows(ruleID uint32) error
// AddPolicyRuleAddress adds one or multiple addresses to the specified NetworkPolicy rule. If addrType is true, the
// addresses are added to PolicyRule.From, else to PolicyRule.To.
AddPolicyRuleAddress(ruleID uint32, addrType types.AddressType, addresses []types.Address) error
// DeletePolicyRuleAddress removes addresses from the specified NetworkPolicy rule. If addrType is srcAddress, the addresses
// are removed from PolicyRule.From, else from PolicyRule.To.
DeletePolicyRuleAddress(ruleID uint32, addrType types.AddressType, addresses []types.Address) error
// InstallExternalFlows sets up flows to enable Pods to communicate to the external IP addresses. The corresponding
// OpenFlow entries include: 1) identify the packets from local Pods to the external IP address, 2) mark the traffic
// in the connection tracking context, and 3) SNAT the packets with Node IP.
InstallExternalFlows(nodeIP net.IP, localSubnet net.IPNet) error
// Disconnect disconnects the connection between client and OFSwitch.
Disconnect() error
// IsConnected returns the connection status between client and OFSwitch. The return value is true if the OFSwitch is connected.
IsConnected() bool
// ReplayFlows should be called when a spurious disconnection occurs. After we reconnect to
// the OFSwitch, we need to replay all the flows cached by the client. ReplayFlows will try
// to replay as many flows as possible, and will log an error when a flow cannot be
// installed.
ReplayFlows()
// DeleteStaleFlows deletes all flows from the previous round which are no longer needed. It
// should be called by the agent after all required flows have been installed / updated with
// the new round number.
DeleteStaleFlows() error
// GetTunnelVirtualMAC() returns globalVirtualMAC used for tunnel traffic.
GetTunnelVirtualMAC() net.HardwareAddr
// GetPodFlowKeys returns the keys (match strings) of the cached flows for a
// Pod.
GetPodFlowKeys(interfaceName string) []string
// GetNetworkPolicyFlowKeys returns the keys (match strings) of the cached
// flows for a NetworkPolicy. Flows are grouped by policy rules, and duplicated
// entries can be added due to conjunctive match flows shared by multiple
// rules.
GetNetworkPolicyFlowKeys(npName, npNamespace string) []string
}
Client is the interface to program OVS flows for entity connectivity of Antrea.
type ConjunctionNotFound ¶
type ConjunctionNotFound uint32
ConjunctionNotFound is an error response when the specified policyRuleConjunction is not found from the local cache.
func (*ConjunctionNotFound) Error ¶
func (e *ConjunctionNotFound) Error() string
type IPAddress ¶
IP address calculated from Pod's address.
func NewIPAddress ¶
func (*IPAddress) GetMatchKey ¶
func (a *IPAddress) GetMatchKey(addrType types.AddressType) int
func (*IPAddress) GetMatchValue ¶
type IPNetAddress ¶
IP block calculated from Pod's address.
func NewIPNetAddress ¶
func NewIPNetAddress(addr net.IPNet) *IPNetAddress
func (*IPNetAddress) GetMatchKey ¶
func (a *IPNetAddress) GetMatchKey(addrType types.AddressType) int
func (*IPNetAddress) GetMatchValue ¶
func (a *IPNetAddress) GetMatchValue() string
func (*IPNetAddress) GetValue ¶
func (a *IPNetAddress) GetValue() interface{}
type OFEntryOperations ¶ added in v0.6.0
type OFEntryOperations interface {
Add(flow binding.Flow) error
Modify(flow binding.Flow) error
Delete(flow binding.Flow) error
AddAll(flows []binding.Flow) error
DeleteAll(flows []binding.Flow) error
AddOFEntries(ofEntries []binding.OFEntry) error
DeleteOFEntries(ofEntries []binding.OFEntry) error
}
type OFPortAddress ¶
type OFPortAddress int32
OFPortAddress is the Openflow port of an interface.
func NewOFPortAddress ¶
func NewOFPortAddress(addr int32) *OFPortAddress
func (*OFPortAddress) GetMatchKey ¶
func (a *OFPortAddress) GetMatchKey(addrType types.AddressType) int
func (*OFPortAddress) GetMatchValue ¶
func (a *OFPortAddress) GetMatchValue() string
func (*OFPortAddress) GetValue ¶
func (a *OFPortAddress) GetValue() interface{}
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.