Skip to content

refacto: [NPM] Handle 0.0.0.0/0 ipblock and de-duplicated elements in except field #1109

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Nov 18, 2021
Merged

refacto: [NPM] Handle 0.0.0.0/0 ipblock and de-duplicated elements in except field #1109

merged 4 commits into from
Nov 18, 2021

Conversation

@JungukCho
Copy link
Contributor

@JungukCho JungukCho commented Nov 17, 2021
edited
Loading

Reason for Change:

To handle special IPBlock (0.0.0.0/0) and de-duplicated elements in except in translation logic.

Issue Fixed:

Requirements:

Notes:
Instead of using nomatch, a better data structure to indicate whether cidr or except is needed for generic data planes.
Will improve it in next PR with revising data structure.
In addition, 0.0.0.0/0 handling was not decided yet in windows dataplane since windows does not support nomatch for cidr yet.

Related previous PR:

  1. [NPM] General translation logic for linux and windows [NPM] General translation logic for linux and windows #1055
  2. refactor: [NPM] parsing label selector for general translation logic refactor: [NPM] parsing label selector for general translation logic #1077
  3. refactor: [NPM] General translation logic (mainly clean-up codes and correct bugs) refactor: [NPM] General translation logic (mainly clean-up codes and correct bugs) #1105
  4. refactor: [NPM] General translation logic for egress and ingress refactor: [NPM] General translation logic for egress and ingress #1106

huntergregory
huntergregory reviewed Nov 17, 2021
View reviewed changes
Copy link
Contributor

@huntergregory huntergregory left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

npm/pkg/controlplane/translation/translatePolicy.go Outdated
if ipBlockRule.CIDR == "0.0.0.0/0" {
// two cidrs (0.0.0.0/1 and 128.0.0.0/1) for 0.0.0.0/0 + except.
members = make([]string, lenOfDeDupExcepts+splitCIDRLen)
// in case of 0.0.0.0/0, 0.0.0.0/1 or 0.0.0.0/1nomatch comes eariler than 128.0.0.0/1 or 128.0.0.0/1nomatch.
Copy link
Contributor

@huntergregory huntergregory Nov 17, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nitpick: missing a space or newline

Copy link
Contributor Author

@JungukCho JungukCho Nov 17, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The comment was about 0.0.0.0/0nomatch'. Changed it to 0.0.0.0/0 nomatch` for better management in comments and codes as well.

npm/pkg/controlplane/translation/translatePolicy.go Outdated
except := deDupExcepts[i]
if splitCIDRIndex, exist := splitCIDRSet[except]; exist {
// replace stored splitCIDR with "nomatch" option
members[splitCIDRIndex] = except + util.IpsetNomatch
Copy link
Contributor

@huntergregory huntergregory Nov 17, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we will have to update dataplane to be able to understand a cidr block like "1.2.3.4/16nomatch"

Copy link
Contributor Author

@JungukCho JungukCho Nov 17, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch. Took the ad-hoc approach for linux now, but we will refactor this in next PR if you are ok.

npm/pkg/controlplane/translation/translatePolicy_test.go Outdated
ipBlockInfo: createIPBlockInfo("test", "default", policies.Ingress, policies.SrcMatch, 0),
ipBlockRule: &networkingv1.IPBlock{
CIDR: "0.0.0.0/0",
Except: []string{"0.0.0.0/1", "128.0.0.0/1", "128.0.0.0/1"},
Copy link
Contributor

@huntergregory huntergregory Nov 17, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

by the test name, did you mean to have two "0.0.0.0/1" in the excepts?

Copy link
Contributor Author

@JungukCho JungukCho Nov 17, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reorganize UTs for better understanding.

@huntergregory huntergregory added the npm Related to NPM. label Nov 17, 2021
huntergregory
huntergregory approved these changes Nov 17, 2021
View reviewed changes
Copy link
Contributor

@huntergregory huntergregory left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

just noting that we'll revise data structures to incorporate nomatch approach in a followup PR. We will also need to do integration testing to make sure it works correctly for Linux ipset command

@JungukCho
Copy link
Contributor Author

JungukCho commented Nov 18, 2021

/azp run

@azure-pipelines
Copy link

azure-pipelines bot commented Nov 18, 2021

Azure Pipelines successfully started running 2 pipeline(s).

@JungukCho JungukCho merged commit fa352e3 into Azure:master Nov 18, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vakalapa vakalapa Awaiting requested review from vakalapa

@matmerr matmerr Awaiting requested review from matmerr

@neaggarwMS neaggarwMS Awaiting requested review from neaggarwMS

1 more reviewer

@huntergregory huntergregory huntergregory approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

npm Related to NPM.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@JungukCho @huntergregory