Skip to content

Commit

Permalink
Merge pull request #788 from noironetworks/sctp-kwai-bp
Browse files Browse the repository at this point in the history 
SCTP protocol filter support added in ACI controller
  • Loading branch information
@snaiksat
snaiksat committed Apr 24, 2021
2 parents 7c9b7c6 + 80f9836 commit 6d2034b
Show file tree
Hide file tree
Showing 4 changed files with 32 additions and 12 deletions.
1 change: 1 addition & 0 deletions pkg/apicapi/apic_metadata.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,7 @@ var protoNormalizations = map[string]string{
"89": "ospfigp",
"103": "pim",
"115": "l2tp",
"132": "sctp",
}

func normalizePort(port string) string {
Expand Down
2 changes: 2 additions & 0 deletions pkg/controller/network_policy.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -750,6 +750,8 @@ func portProto(protocol *v1.Protocol) string {
proto := "tcp"
if protocol != nil && *protocol == v1.ProtocolUDP {
proto = "udp"
} else if protocol != nil && *protocol == v1.ProtocolSCTP {
proto = "sctp"
}
return proto
}
Expand Down
13 changes: 13 additions & 0 deletions pkg/controller/network_policy_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ import (

var tcp = "TCP"
var udp = "UDP"
var sctp = "SCTP"
var port80 = 80
var port443 = 443

Expand Down Expand Up @@ -430,6 +431,12 @@ func TestNetworkPolicy(t *testing.T) {
rule_14_s.SetAttr("protocol", "tcp")
rule_14_s.SetAttr("toPort", "8080")
rule_14_s.AddChild(apicapi.NewHostprotRemoteIp(rule_14_s.GetDn(), "9.0.0.42"))

rule_15_0 := apicapi.NewHostprotRule(np1SDnI, "0_0")
rule_15_0.SetAttr("direction", "ingress")
rule_15_0.SetAttr("ethertype", "ipv4")
rule_15_0.SetAttr("protocol", "sctp")
rule_15_0.SetAttr("toPort", "80")
var npTests = []npTest{
{netpol("testns", "np1", &metav1.LabelSelector{},
[]v1net.NetworkPolicyIngressRule{ingressRule(nil, nil)},
Expand Down Expand Up @@ -464,6 +471,12 @@ func TestNetworkPolicy(t *testing.T) {
port(&udp, &port80)}, nil)}, nil, allPolicyTypes),
makeNp(apicapi.ApicSlice{rule_3_0}, nil, name),
nil, "allow-80-udp"},
{netpol("testns", "np1", &metav1.LabelSelector{},
[]v1net.NetworkPolicyIngressRule{
ingressRule([]v1net.NetworkPolicyPort{
port(&sctp, &port80)}, nil)}, nil, allPolicyTypes),
makeNp(apicapi.ApicSlice{rule_15_0}, nil, name),
nil, "allow-80-sctp"},
{netpol("testns", "np1", &metav1.LabelSelector{},
[]v1net.NetworkPolicyIngressRule{
ingressRule([]v1net.NetworkPolicyPort{
Expand Down
28 changes: 16 additions & 12 deletions pkg/controller/services.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -505,12 +505,7 @@ func apicFilter(name string, tenantName string,
var port v1.ServicePort
for i, port = range portSpec {
pstr := strconv.Itoa(int(port.Port))
var proto string
if port.Protocol == v1.ProtocolUDP {
proto = "udp"
} else {
proto = "tcp"
}
proto := getProtocolStr(port.Protocol)
fe := apicFilterEntry(filterDn, strconv.Itoa(i), pstr,
pstr, proto, "no", false, false)
filter.AddChild(fe)
Expand Down Expand Up @@ -1065,12 +1060,7 @@ func (cont *AciController) writeApicSvc(key string, service *v1.Service) {
aobj.SetAttr("type", t)
}
for _, port := range service.Spec.Ports {
var proto string
if port.Protocol == v1.ProtocolUDP {
proto = "udp"
} else {
proto = "tcp"
}
proto := getProtocolStr(port.Protocol)
p := apicapi.NewVmmInjectedSvcPort(aobjDn,
strconv.Itoa(int(port.Port)), proto, port.TargetPort.String())
p.SetAttr("nodePort", strconv.Itoa(int(port.NodePort)))
Expand Down Expand Up @@ -1703,3 +1693,17 @@ func (seps *serviceEndpointSlice) SetServiceApicObject(aobj apicapi.ApicObject,
}
return true
}
func getProtocolStr(proto v1.Protocol) string {
var protostring string
switch proto {
case v1.ProtocolUDP:
protostring = "udp"
case v1.ProtocolTCP:
protostring = "tcp"
case v1.ProtocolSCTP:
protostring = "sctp"
default:
protostring = "tcp"
}
return protostring
}

0 comments on commit 6d2034b

Please sign in to comment.