Fix dumping OVS flows of a NetworkPolicy #3335
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Codecov Report
@@ Coverage Diff @@
## main #3335 +/- ##
==========================================
- Coverage 62.13% 53.65% -8.49%
==========================================
Files 266 239 -27
Lines 26519 34037 +7518
==========================================
+ Hits 16477 18261 +1784
- Misses 8222 13996 +5774
+ Partials 1820 1780 -40
Flags with carried forward coverage won't be shown. Click here to find out more.
|
antoninbas
reviewed
Feb 22, 2022
tnqn
reviewed
Feb 23, 2022
| @@ -1455,6 +1455,11 @@ func (c *client) GetNetworkPolicyFlowKeys(npName, npNamespace string) []string { | |||
|
|
|||
| for _, conjObj := range c.policyCache.List() { | |||
| conj := conjObj.(*policyRuleConjunction) | |||
| // If the NetworkPolicyReference in the policyRuleConjunction is nil then that entry in client's | |||
| // policyCache should be ignored because here we need to dump flows of NetworkPolicy. | |||
| if conj.npRef == nil { | |||
There was a problem hiding this comment.
Better to explain why the reference could be nil in the comment of this field in the struct.
tnqn
added
the
action/release-note
jainpulkit22
force-pushed
the
networkPolicy-flowDump-fix
branch
from
7a0ceba
to
c3dacc6
Compare
jainpulkit22
changed the title
jainpulkit22
force-pushed
the
networkPolicy-flowDump-fix
branch
from
c3dacc6
to
cddadf1
Compare
tnqn
reviewed
Feb 24, 2022
pkg/agent/openflow/network_policy.go
Outdated
| @@ -525,7 +525,8 @@ type policyRuleConjunction struct { | |||
| serviceClause *clause | |||
| actionFlows []binding.Flow | |||
| metricFlows []binding.Flow | |||
| // NetworkPolicy reference information for debugging usage. | |||
| // NetworkPolicy reference information for debugging usage, its' value can be nil | |||
There was a problem hiding this comment.
Suggested change
| // NetworkPolicy reference information for debugging usage, its' value can be nil | |
| // NetworkPolicy reference information for debugging usage, its value can be nil |
Suggested change
| // NetworkPolicy reference information for debugging usage, its' value can be nil | |
| // NetworkPolicy reference information for debugging usage, its' value can be nil |
pkg/agent/openflow/network_policy.go
Outdated
| @@ -525,7 +525,8 @@ type policyRuleConjunction struct { | |||
| serviceClause *clause | |||
| actionFlows []binding.Flow | |||
| metricFlows []binding.Flow | |||
| // NetworkPolicy reference information for debugging usage. | |||
| // NetworkPolicy reference information for debugging usage, its' value can be nil | |||
| // when a new DNS Conjunction is added to the policyCache. | |||
There was a problem hiding this comment.
Suggested change
| // when a new DNS Conjunction is added to the policyCache. | |
| // for conjunctions that are not built for a specific NetworkPolicy, e.g. DNS packetin Conjunction. |
| // dnsID will store the ID for New DNS packet, that is created, | ||
| // to test for nil NetworkPolicyReference. | ||
| dnsID := uint32(107) | ||
| c.NewDNSpacketInConjunction(dnsID) |
There was a problem hiding this comment.
Better to call this function in the begining of the test to be similar with the actual code. It should check error is nil to ensure it takes effect.
| @@ -222,6 +222,10 @@ func TestInstallPolicyRuleFlows(t *testing.T) { | |||
| assert.Equal(t, 3, getChangedFlowOPCount(matchFlows2, insertion)) | |||
| err = c.applyConjunctiveMatchFlows(ctxChanges2) | |||
| require.Nil(t, err) | |||
| // dnsID will store the ID for New DNS packet, that is created, | |||
There was a problem hiding this comment.
The comment doesn't reflect the real meaning of the ID, which is the OVS rule ID of the DNS response intercept rule. Here I would suggest to just pass 1 as the ID and comment:
Create a policyRuleConjunction for the dns response interception flows to ensure nil NetworkPolicyReference is handled correctly by GetNetworkPolicyFlowKeys.
jainpulkit22
force-pushed
the
networkPolicy-flowDump-fix
branch
2 times, most recently
from
f4791e5
to
a6c1efa
Compare
antoninbas
previously approved these changes
Feb 24, 2022
Comment on lines
165
to
166
| err := c.NewDNSpacketInConjunction(dnsID) | ||
| require.Nil(t, err) |
There was a problem hiding this comment.
require.NoError(t, c.NewDNSpacketInConjunction(dnsID))
There was a problem hiding this comment.
Thank you for the suggestion.
jainpulkit22
force-pushed
the
networkPolicy-flowDump-fix
branch
from
a6c1efa
to
9a46a9a
Compare
|
/test-conformance |
@jainpulkit22 golangci-lint check failed because the comment is not gofmted. |
Fixes antrea-io#3306. This commit fixes the nil pointer dereference error while dumping ovsflows of NetworkPolicy, and adds a test to validate the changes. Signed-off-by: Pulkit Jain <jainpu@vmware.com>
jainpulkit22
force-pushed
the
networkPolicy-flowDump-fix
branch
from
9a46a9a
to
b6389fb
Compare
|
/test-all |
tnqn
approved these changes
Feb 25, 2022
|
/test-integration |
bangqipropel
pushed a commit
to bangqipropel/antrea
that referenced
this pull request
Mar 2, 2022
Fixes antrea-io#3306. This commit fixes the nil pointer dereference error while dumping ovsflows of NetworkPolicy, and adds a test to validate the changes. Signed-off-by: Pulkit Jain <jainpu@vmware.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #3306.
This PR fixes the nil pointer dereference error while dumping the ovsflows of NetworkPolicy, by adding a nil check on the NetworkPolicyReference attribute of the policyRuleConjunction Object
Signed-off-by: Pulkit Jain jainpu@vmware.com