Updates for review comments

Signed-off-by: Hongliang Liu <lhongliang@vmware.com>
antrea-io · Apr 26, 2022 · 844ae80 · 844ae80
1 parent ab700df
commit 844ae80
Show file tree

Hide file tree

Showing 4 changed files with 89 additions and 81 deletions.
diff --git a/pkg/agent/openflow/client.go b/pkg/agent/openflow/client.go
@@ -281,17 +281,17 @@ type Client interface {
 		outPort uint32,
 		igmp ofutil.Message) error
 
-	// InstallTrafficControlMarkFlows installs the flows to mark the packets for the traffic control rule.
-	InstallTrafficControlMarkFlows(name string, srcOfPorts []uint32, dstOfPort uint32, direction v1alpha2.Direction) error
+	// InstallTrafficControlMarkFlows installs the flows to mark the packets for a traffic control rule.
+	InstallTrafficControlMarkFlows(name string, sourcePorts []uint32, targetPort uint32, direction v1alpha2.Direction, action v1alpha2.Action) error
 
-	// UninstallTrafficControlMarkFlows removes the flows for the traffic control rule.
+	// UninstallTrafficControlMarkFlows removes the flows for a traffic control rule.
 	UninstallTrafficControlMarkFlows(name string) error
 
-	// InstallTrafficControlCommonFlows installs the common flows for an action and its corresponding ports.
-	InstallTrafficControlCommonFlows(dstOfInPort, dstOfOutPort uint32, action v1alpha2.Action) error
+	// InstallTrafficControlCommonFlows installs the common flows for the target and return ports of traffic control rules.
+	InstallTrafficControlCommonFlows(targetPort, returnPort uint32) error
 
-	// UninstallTrafficControlCommonFlows removes the common flows for an action and its corresponding ports.
-	UninstallTrafficControlCommonFlows(dstOfInPort uint32) error
+	// UninstallTrafficControlCommonFlows removes the common flows for the target and return ports of traffic control rules.
+	UninstallTrafficControlCommonFlows(targetPort uint32) error
 }
 
 // GetFlowTableStatus returns an array of flow table status.
@@ -1145,8 +1145,8 @@ func (c *client) SendIGMPQueryPacketOut(
 	return c.bridge.SendPacketOut(packetOutObj)
 }
 
-func (c *client) InstallTrafficControlMarkFlows(name string, srcOfPorts []uint32, dstOfPort uint32, direction v1alpha2.Direction) error {
-	flows := c.featurePodConnectivity.trafficControlMarkFlows(srcOfPorts, dstOfPort, direction)
+func (c *client) InstallTrafficControlMarkFlows(name string, sourcePorts []uint32, targetPort uint32, direction v1alpha2.Direction, action v1alpha2.Action) error {
+	flows := c.featurePodConnectivity.trafficControlMarkFlows(sourcePorts, targetPort, direction, action)
 	cacheKey := fmt.Sprintf("tc_%s", name)
 	c.replayMutex.RLock()
 	defer c.replayMutex.RUnlock()
@@ -1160,16 +1160,16 @@ func (c *client) UninstallTrafficControlMarkFlows(name string) error {
 	return c.deleteFlows(c.featurePodConnectivity.tcCachedFlows, cacheKey)
 }
 
-func (c *client) InstallTrafficControlCommonFlows(dstOfInPort, dstOfOutPort uint32, action v1alpha2.Action) error {
-	cacheKey := fmt.Sprintf("tc_%d", dstOfInPort)
-	flows := c.featurePodConnectivity.trafficControlCommonFlows(dstOfInPort, dstOfOutPort, action)
+func (c *client) InstallTrafficControlCommonFlows(targetPort, returnPort uint32) error {
+	cacheKey := fmt.Sprintf("tc_%d", targetPort)
+	flows := c.featurePodConnectivity.trafficControlCommonFlows(targetPort, returnPort)
 	c.replayMutex.RLock()
 	defer c.replayMutex.RUnlock()
 	return c.addFlows(c.featurePodConnectivity.tcCachedFlows, cacheKey, flows)
 }
 
-func (c *client) UninstallTrafficControlCommonFlows(dstOfInPort uint32) error {
-	cacheKey := fmt.Sprintf("tc_%d", dstOfInPort)
+func (c *client) UninstallTrafficControlCommonFlows(targetPort uint32) error {
+	cacheKey := fmt.Sprintf("tc_%d", targetPort)
 	c.replayMutex.RLock()
 	defer c.replayMutex.RUnlock()
 	return c.deleteFlows(c.featurePodConnectivity.tcCachedFlows, cacheKey)

diff --git a/pkg/agent/openflow/fields.go b/pkg/agent/openflow/fields.go
@@ -26,7 +26,7 @@ var (
 	localVal    = uint32(3)
 	uplinkVal   = uint32(4)
 	bridgeVal   = uint32(5)
-	redirectVal = uint32(6)
+	tcReturnVal = uint32(6)
 
 	// reg0 (NXM_NX_REG0)
 	// reg0[0..3]: Field to store the packet source. Marks in this field include:
@@ -35,14 +35,14 @@ var (
 	//   - 3: from local Pods.
 	//   - 4: from uplink port.
 	//   - 5: from bridge local port.
-	//   - 6: from traffic control redirecting out port.
-	PktSourceField      = binding.NewRegField(0, 0, 3, "PacketSource")
-	FromTunnelRegMark   = binding.NewRegMark(PktSourceField, tunnelVal)
-	FromGatewayRegMark  = binding.NewRegMark(PktSourceField, gatewayVal)
-	FromLocalRegMark    = binding.NewRegMark(PktSourceField, localVal)
-	FromUplinkRegMark   = binding.NewRegMark(PktSourceField, uplinkVal)
-	FromBridgeRegMark   = binding.NewRegMark(PktSourceField, bridgeVal)
-	FromRedirectRegMark = binding.NewRegMark(PktSourceField, redirectVal)
+	//   - 6: from traffic control return port.
+	PktSourceField        = binding.NewRegField(0, 0, 3, "PacketSource")
+	FromTunnelRegMark     = binding.NewRegMark(PktSourceField, tunnelVal)
+	FromGatewayRegMark    = binding.NewRegMark(PktSourceField, gatewayVal)
+	FromLocalRegMark      = binding.NewRegMark(PktSourceField, localVal)
+	FromUplinkRegMark     = binding.NewRegMark(PktSourceField, uplinkVal)
+	FromBridgeRegMark     = binding.NewRegMark(PktSourceField, bridgeVal)
+	FromTCRedirectRegMark = binding.NewRegMark(PktSourceField, tcReturnVal)
 	// reg0[4..7]: Field to store the packet destination. Marks in this field include:
 	//   - 1: to tunnel port.
 	//   - 2: to Antrea gateway port.
@@ -126,6 +126,10 @@ var (
 	NotAntreaFlexibleIPAMRegMark = binding.NewOneBitZeroRegMark(4, 20, "NotAntreaFlexibleIPAM")
 	// reg4[21]: Mark to indicate externalTrafficPolicy of the Service is Cluster.
 	ToClusterServiceRegMark = binding.NewOneBitRegMark(4, 21, "ToClusterService")
+	// reg4[22..23]: Field to store the action of a traffic control rule. Marks in this field include:
+	TrafficControlField           = binding.NewRegField(4, 22, 23, "TrafficControlAction")
+	TrafficControlMirrorRegMark   = binding.NewRegMark(TrafficControlField, 0b01)
+	TrafficControlRedirectRegMark = binding.NewRegMark(TrafficControlField, 0b10)
 
 	// reg5(NXM_NX_REG5)
 	// Field to cache the Egress conjunction ID hit by TraceFlow packet.

diff --git a/pkg/agent/openflow/pod_connectivity.go b/pkg/agent/openflow/pod_connectivity.go
@@ -167,7 +167,7 @@ func (f *featurePodConnectivity) initFlows() []binding.Flow {
 		flows = append(flows, f.l3FwdFlowToLocalPodCIDR()...)
 	}
 	if f.enableTrafficControl {
-		flows = append(flows, f.redirectedPktsFwdFlows()...)
+		flows = append(flows, f.trafficControlReturnedPktsFwdFlows()...)
 	}
 	return flows
 }
@@ -183,86 +183,90 @@ func (f *featurePodConnectivity) replayFlows() []binding.Flow {
 	return flows
 }
 
-// trafficControlMarkFlows generates the flows to mark the packets that need to be redirected or mirrored with the value of
-// the destination output port.
-func (f *featurePodConnectivity) trafficControlMarkFlows(srcOfPorts []uint32, dstOfPort uint32, direction v1alpha2.Direction) []binding.Flow {
+// trafficControlMarkFlows generates the flows to mark the packets that need to be redirected or mirrored from provided
+// source ports.
+func (f *featurePodConnectivity) trafficControlMarkFlows(sourcePorts []uint32, targetPort uint32, direction v1alpha2.Direction, action v1alpha2.Action) []binding.Flow {
 	cookieID := f.cookieAllocator.Request(f.category).Raw()
+	var actionRegMark *binding.RegMark
+	if action == v1alpha2.ActionRedirect {
+		actionRegMark = TrafficControlRedirectRegMark
+	} else if action == v1alpha2.ActionMirror {
+		actionRegMark = TrafficControlMirrorRegMark
+	}
 	var flows []binding.Flow
-	for _, port := range srcOfPorts {
+	for _, port := range sourcePorts {
 		if direction == v1alpha2.DirectionIn || direction == v1alpha2.DirectionBoth {
+			// This generates the flow to mark the packet destined for a provided source port.
 			flows = append(flows, IngressTrafficControlMarkTable.ofTable.BuildFlow(priorityNormal).
 				Cookie(cookieID).
 				MatchRegFieldWithValue(TargetOFPortField, port).
-				Action().LoadToRegField(TrafficControlOFPortField, dstOfPort).
+				Action().LoadToRegField(TrafficControlOFPortField, targetPort).
+				Action().LoadRegMark(actionRegMark).
 				Action().NextTable().
 				Done())
 		}
+		// This generates the flow to mark the packet sourced from a provided source port.
 		if direction == v1alpha2.DirectionOut || direction == v1alpha2.DirectionBoth {
 			flows = append(flows, EgressTrafficControlMarkTable.ofTable.BuildFlow(priorityNormal).
 				Cookie(cookieID).
 				MatchInPort(port).
-				Action().LoadToRegField(TrafficControlOFPortField, dstOfPort).
+				Action().LoadToRegField(TrafficControlOFPortField, targetPort).
+				Action().LoadRegMark(actionRegMark).
 				Action().NextTable().
 				Done())
 		}
 	}
 	return flows
 }
 
-// trafficControlCommonFlows generates the initial flows for the traffic control mark value.
-func (f *featurePodConnectivity) trafficControlCommonFlows(ofInPort, ofOutPort uint32, action v1alpha2.Action) []binding.Flow {
+// trafficControlCommonFlows generates the common flows for the target and return ports of traffic control rules.
+func (f *featurePodConnectivity) trafficControlCommonFlows(targetPort, returnPort uint32) []binding.Flow {
 	cookieID := f.cookieAllocator.Request(f.category).Raw()
-	var flows []binding.Flow
-	if action == v1alpha2.ActionMirror {
-		// This generates the flow to output packets to the original out port as well as mirror the packets to the ofInPort
-		// which is used to receive mirrored packets in L2ForwardingOutTable.
-		flows = append(flows, L2ForwardingOutTable.ofTable.BuildFlow(priorityHigh+1).
+	return []binding.Flow{
+		// This generates the flow to output packets to the original target port as well as mirror the packets to another
+		// target port which is used to receive mirrored packets in L2ForwardingOutTable.
+		L2ForwardingOutTable.ofTable.BuildFlow(priorityHigh+1).
 			Cookie(cookieID).
-			MatchRegFieldWithValue(TrafficControlOFPortField, ofInPort).
-			MatchRegMark(OFPortFoundRegMark).
+			MatchRegFieldWithValue(TrafficControlOFPortField, targetPort).
+			MatchRegMark(OFPortFoundRegMark, TrafficControlMirrorRegMark).
 			Action().OutputToRegField(TargetOFPortField).
-			Action().Output(ofInPort).
-			Done())
-	} else if action == v1alpha2.ActionRedirect {
-		flows = append(flows,
-			// This generates the flow to forward the redirected packets sourced from the ofOutPort to stageRouting directly
-			// in ClassifierTable. Note that, for the packets which are to be originally output to a tunnel, value of
-			// NXM_NX_TUN_IPV4_DST for the redirected packets needs to be loaded in stageRouting.
-			ClassifierTable.ofTable.BuildFlow(priorityNormal).
-				Cookie(cookieID).
-				MatchInPort(ofOutPort).
-				Action().LoadRegMark(FromRedirectRegMark).
-				Action().GotoStage(stageRouting).
-				Done(),
-			// This generates the flow to forward the packets to be redirected to the ofInPort which is used to receive
-			// the packets.
-			L2ForwardingOutTable.ofTable.BuildFlow(priorityHigh+1).
-				Cookie(cookieID).
-				MatchRegFieldWithValue(TrafficControlOFPortField, ofInPort).
-				MatchRegMark(OFPortFoundRegMark).
-				Action().Output(ofInPort).
-				Done(),
-		)
+			Action().Output(targetPort).
+			Done(),
+		// This generates the flow to output the packets to be redirected to the target port.
+		L2ForwardingOutTable.ofTable.BuildFlow(priorityHigh+1).
+			Cookie(cookieID).
+			MatchRegFieldWithValue(TrafficControlOFPortField, targetPort).
+			MatchRegMark(OFPortFoundRegMark, TrafficControlRedirectRegMark).
+			Action().Output(targetPort).
+			Done(),
+		// This generates the flow to forward the returned packets sourced from the return port to stageRouting directly
+		// in ClassifierTable. Note that, for the packets which are to be originally output to a tunnel, value of
+		// NXM_NX_TUN_IPV4_DST for the redirected packets needs to be loaded in stageRouting.
+		ClassifierTable.ofTable.BuildFlow(priorityNormal).
+			Cookie(cookieID).
+			MatchInPort(returnPort).
+			Action().LoadRegMark(FromTCRedirectRegMark).
+			Action().GotoStage(stageRouting).
+			Done(),
 	}
-	return flows
 }
 
-// redirectedPktsFwdFlows generates the flows to forward the redirected packets.
-func (f *featurePodConnectivity) redirectedPktsFwdFlows() []binding.Flow {
+// trafficControlReturnedPktsFwdFlows generates the flows to forward the packets from return ports of traffic control.
+func (f *featurePodConnectivity) trafficControlReturnedPktsFwdFlows() []binding.Flow {
 	cookieID := f.cookieAllocator.Request(f.category).Raw()
 	return []binding.Flow{
-		// This generates the flow to forward the redirected packets to stageOutput directly in TrafficControlRedirectOutTable,
+		// This generates the flow to forward the returned packets to stageOutput directly in TrafficControlRedirectOutTable,
 		// after loading output port to reg1 in L2ForwardingCalcTable.
 		TrafficControlRedirectOutTable.ofTable.BuildFlow(priorityNormal).
 			Cookie(cookieID).
-			MatchRegMark(FromRedirectRegMark).
+			MatchRegMark(FromTCRedirectRegMark).
 			MatchRegMark(OFPortFoundRegMark).
 			Action().GotoStage(stageOutput).
 			Done(),
-		// This generates the flow to forward the redirected packets to the original out port.
+		// This generates the flow to forward the returned packets to the original target port.
 		L2ForwardingOutTable.ofTable.BuildFlow(priorityHigh + 2).
 			Cookie(cookieID).
-			MatchRegMark(FromRedirectRegMark).
+			MatchRegMark(FromTCRedirectRegMark).
 			MatchRegMark(OFPortFoundRegMark).
 			Action().OutputToRegField(TargetOFPortField).
 			Done(),

diff --git a/pkg/agent/openflow/testing/mock_openflow.go b/pkg/agent/openflow/testing/mock_openflow.go