antrea-io · lzhecheng · Nov 11, 2020 · Sep 14, 2020 · Sep 14, 2020 · Aug 7, 2020
diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml
diff --git a/ci/jenkins/jobs/projects.yaml b/ci/jenkins/jobs/projects.yaml
@@ -131,7 +131,7 @@
           - nobody123_nobody123_
           only_trigger_phrase: false
           trigger_permit_all: true
-          status_context: jenkins-integration
+          status_context: Integration tests
           status_url: null
           success_status: Build finished.
           failure_status: Failed.

diff --git a/pkg/agent/controller/noderoute/node_route_controller_test.go b/pkg/agent/controller/noderoute/node_route_controller_test.go
@@ -61,8 +61,8 @@ func newController(t *testing.T) (*fakeController, func()) {
 	routeClient := routetest.NewMockInterface(ctrl)
 	interfaceStore := interfacestore.NewInterfaceStore()
 	c := NewNodeRouteController(clientset, informerFactory, ofClient, ovsClient, routeClient, interfaceStore, &config.NetworkConfig{}, &config.NodeConfig{GatewayConfig: &config.GatewayConfig{
-		IP:  nil,
-		MAC: gatewayMAC,
+		IPv4: nil,
+		MAC:  gatewayMAC,
 	}})
 	return &fakeController{
 		Controller:      c,
@@ -124,7 +124,8 @@ func TestControllerWithDuplicatePodCIDR(t *testing.T) {
 		defer close(finishCh)
 
 		c.clientset.CoreV1().Nodes().Create(context.TODO(), node1, metav1.CreateOptions{})
-		c.ofClient.EXPECT().InstallNodeFlows("node1", gatewayMAC, *podCIDR, podCIDRGateway, nodeIP1, uint32(config.DefaultTunOFPort), uint32(0)).Times(1)
+		// The 2nd argument is Any() because it is not safe to use pointer as key in a map. peerConfigs map[*net.IPNet]net.IP
-		// The 2nd argument is Any() because it is not safe to use pointer as key in a map. peerConfigs map[*net.IPNet]net.IP
+		// The 2nd argument is Any() because the argument is unpredictable when it uses pointer as the key of map. The argument type is map[*net.IPNet]net.IP.
-		// The 2nd argument is Any() because it is not safe to use pointer as key in a map. peerConfigs map[*net.IPNet]net.IP
+		// The 2nd argument is Any() because the argument is unpredictable when it uses pointer as the key of map. The argument type is map[*net.IPNet]net.IP.
+		c.ofClient.EXPECT().InstallNodeFlows("node1", gatewayMAC, gomock.Any(), nodeIP1, uint32(config.DefaultTunOFPort), uint32(0)).Times(1)
 		c.routeClient.EXPECT().AddRoutes(podCIDR, nodeIP1, podCIDRGateway).Times(1)
 		c.processNextWorkItem()
 
@@ -139,7 +140,8 @@ func TestControllerWithDuplicatePodCIDR(t *testing.T) {
 		c.processNextWorkItem()
 
 		// After node1 is deleted, routes and flows should be installed for node2 successfully.
-		c.ofClient.EXPECT().InstallNodeFlows("node2", gatewayMAC, *podCIDR, podCIDRGateway, nodeIP2, uint32(config.DefaultTunOFPort), uint32(0)).Times(1)
+		// The 2nd argument is Any() because it is not safe to use pointer as key in a map. peerConfigs map[*net.IPNet]net.IP
+		c.ofClient.EXPECT().InstallNodeFlows("node2", gatewayMAC, gomock.Any(), nodeIP2, uint32(config.DefaultTunOFPort), uint32(0)).Times(1)
 		c.routeClient.EXPECT().AddRoutes(podCIDR, nodeIP2, podCIDRGateway).Times(1)
 		c.processNextWorkItem()
 	}()

diff --git a/pkg/agent/openflow/client.go b/pkg/agent/openflow/client.go
@@ -775,10 +775,12 @@ func (c *client) InstallTraceflowFlows(dataplaneTag uint8) error {
 	// Copy default drop rules
 	for _, ctx := range c.globalConjMatchFlowCache {
 		if ctx.dropFlow != nil {
+			copyFlowBuilder := ctx.dropFlow.CopyToBuilder(priorityNormal+2, false)
+			if ctx.dropFlow.FlowProtocol() == "" {
+				copyFlowBuilder = copyFlowBuilder.MatchProtocol(binding.ProtocolIP)
+			}
 			flows = append(
-				flows,
-				ctx.dropFlow.CopyToBuilder(priorityNormal+2, false).
-					MatchIPDscp(dataplaneTag).
+				flows, copyFlowBuilder.MatchIPDscp(dataplaneTag).
 					SetHardTimeout(300).
 					Action().SendToController(uint8(PacketInReasonTF)).
 					Done())

diff --git a/pkg/agent/openflow/client_test.go b/pkg/agent/openflow/client_test.go
@@ -290,6 +290,7 @@ func prepareTraceflowFlow(ctrl *gomock.Controller) *client {
 
 	mFlow := ovsoftest.NewMockFlow(ctrl)
 	ctx := &conjMatchFlowContext{dropFlow: mFlow}
+	mFlow.EXPECT().FlowProtocol().Return(ofconfig.Protocol("ip"))
 	mFlow.EXPECT().CopyToBuilder(priorityNormal+2, false).Return(c.pipeline[EgressDefaultTable].BuildFlow(priorityNormal + 2)).Times(1)
 	c.globalConjMatchFlowCache["mockContext"] = ctx
 	c.policyCache.Add(&policyRuleConjunction{metricFlows: []ofconfig.Flow{c.dropRuleMetricFlow(123, false)}})

diff --git a/pkg/agent/openflow/pipeline.go b/pkg/agent/openflow/pipeline.go
@@ -35,33 +35,33 @@ import (
 
 const (
 	// Flow table id index
-	ClassifierTable             binding.TableIDType = 0
-	uplinkTable                 binding.TableIDType = 5
-	spoofGuardTable             binding.TableIDType = 10
-	arpResponderTable           binding.TableIDType = 20
-	ipv6Table                   binding.TableIDType = 21
-	serviceHairpinTable         binding.TableIDType = 29
-	conntrackTable              binding.TableIDType = 30
-	conntrackStateTable         binding.TableIDType = 31
-	sessionAffinityTable        binding.TableIDType = 40
-	dnatTable                   binding.TableIDType = 40
-	serviceLBTable              binding.TableIDType = 41
-	endpointDNATTable           binding.TableIDType = 42
-	AntreaPolicyEgressRuleTable binding.TableIDType = 45
-	DefaultTierEgressRuleTable  binding.TableIDType = 49
-	EgressRuleTable             binding.TableIDType = 50
-	EgressDefaultTable          binding.TableIDType = 60
-	EgressMetricTable           binding.TableIDType = 61
-	l3ForwardingTable           binding.TableIDType = 70
-	l2ForwardingCalcTable       binding.TableIDType = 80
+	ClassifierTable              binding.TableIDType = 0
+	uplinkTable                  binding.TableIDType = 5
+	spoofGuardTable              binding.TableIDType = 10
+	arpResponderTable            binding.TableIDType = 20
+	ipv6Table                    binding.TableIDType = 21
+	serviceHairpinTable          binding.TableIDType = 29
+	conntrackTable               binding.TableIDType = 30
+	conntrackStateTable          binding.TableIDType = 31
+	sessionAffinityTable         binding.TableIDType = 40
+	dnatTable                    binding.TableIDType = 40
+	serviceLBTable               binding.TableIDType = 41
+	endpointDNATTable            binding.TableIDType = 42
+	AntreaPolicyEgressRuleTable  binding.TableIDType = 45
+	DefaultTierEgressRuleTable   binding.TableIDType = 49
+	EgressRuleTable              binding.TableIDType = 50
+	EgressDefaultTable           binding.TableIDType = 60
+	EgressMetricTable            binding.TableIDType = 61
+	l3ForwardingTable            binding.TableIDType = 70
+	l2ForwardingCalcTable        binding.TableIDType = 80
 	AntreaPolicyIngressRuleTable binding.TableIDType = 85
-	DefaultTierIngressRuleTable binding.TableIDType = 89
-	IngressRuleTable            binding.TableIDType = 90
-	IngressDefaultTable         binding.TableIDType = 100
-	IngressMetricTable          binding.TableIDType = 101
-	conntrackCommitTable        binding.TableIDType = 105
-	hairpinSNATTable            binding.TableIDType = 106
-	L2ForwardingOutTable        binding.TableIDType = 110
+	DefaultTierIngressRuleTable  binding.TableIDType = 89
+	IngressRuleTable             binding.TableIDType = 90
+	IngressDefaultTable          binding.TableIDType = 100
+	IngressMetricTable           binding.TableIDType = 101
+	conntrackCommitTable         binding.TableIDType = 105
+	hairpinSNATTable             binding.TableIDType = 106
+	L2ForwardingOutTable         binding.TableIDType = 110
 
 	// Flow priority level
 	priorityHigh            = uint16(210)

diff --git a/pkg/agent/route/route_windows.go b/pkg/agent/route/route_windows.go
@@ -191,9 +191,6 @@ func (c *Client) listRoutes() (map[string]*netroute.Route, error) {
 
 // initFwRules adds Windows Firewall rules to accept the traffic that is sent to or from local Pods.
 func (c *Client) initFwRules() error {
-	if c.nodeConfig.PodIPv4CIDR == nil {
-		return errors.New("no valid IPv4 PodCIDR")
-	}
 	err := c.fwClient.AddRuleAllowIP(inboundFirewallRuleName, winfirewall.FWRuleIn, c.nodeConfig.PodIPv4CIDR)
 	if err != nil {
 		return err

diff --git a/pkg/ovs/openflow/interfaces.go b/pkg/ovs/openflow/interfaces.go
@@ -157,6 +157,7 @@ type Flow interface {
 	OFEntry
 	// Returns the flow priority associated with OFEntry
 	FlowPriority() uint16
+	FlowProtocol() Protocol
 	MatchString() string
 	// CopyToBuilder returns a new FlowBuilder that copies the matches of the Flow.
 	// It copies the original actions of the Flow only if copyActions is set to true, and

diff --git a/pkg/ovs/openflow/ofctrl_flow.go b/pkg/ovs/openflow/ofctrl_flow.go
@@ -95,6 +95,10 @@ func (f *ofFlow) FlowPriority() uint16 {
 	return f.Match.Priority
 }
 
+func (f *ofFlow) FlowProtocol() Protocol {
+	return f.protocol
+}
+
 func (f *ofFlow) GetBundleMessage(entryOper OFOperation) (ofctrl.OpenFlowModMessage, error) {
 	var operation int
 	switch entryOper {

diff --git a/pkg/ovs/openflow/testing/mock_openflow.go b/pkg/ovs/openflow/testing/mock_openflow.go
diff --git a/plugins/octant/go.mod b/plugins/octant/go.mod
@@ -10,11 +10,7 @@ require (
 )
 
 replace (
-<<<<<<< HEAD
 	github.com/contiv/ofnet => github.com/wenyingd/ofnet v0.0.0-20201109024835-6fd225d8c8d1
-=======
-	github.com/contiv/ofnet => github.com/wenyingd/ofnet v0.0.0-20200728094531-d5b4d75f2cc3
->>>>>>> 964affb ([IPv6] Change openflow pipeline for L2 Pod networking (#1040))
 	github.com/vmware-tanzu/antrea => ../../
 	// Octant v0.13.1 and Antrea use different versions of github.com/googleapis/gnostic.
 	// Octant v0.13.1 uses v0.4.1 and Antrea uses v0.1.0.

diff --git a/test/integration/agent/route_test.go b/test/integration/agent/route_test.go
@@ -507,7 +507,7 @@ func TestIPv6RoutesAndNeighbors(t *testing.T) {
 		NodeIPAddr:    nodeIP,
 		GatewayConfig: dualGWConfig,
 	}
-	err = routeClient.Initialize(dualNodeConfig)
+	err = routeClient.Initialize(dualNodeConfig, func() {})
 	assert.Nil(t, err)
 
 	tcs := []struct {