Reject the request to a Service without an Endpoint

When requesting a Service without an Endpoint, the connection should be rejected, rather than timeout according to the expectation of Kubernetes sig-network tests. Signed-off-by: Hongliang Liu <lhongliang@vmware.com>
antrea-io · Mar 21, 2023 · 4020f00 · 4020f00
1 parent be3fba1
commit 4020f00
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 4 deletions.
diff --git a/pkg/agent/openflow/packetin.go b/pkg/agent/openflow/packetin.go
@@ -52,7 +52,9 @@ const (
 	PacketInReasonNP ofpPacketInReason = 0
 	// PacketInReasonMC shares PacketInReasonNP for IGMP packet_in message. This is because OVS "controller" action
 	// only correctly supports reason 0 or 1. Change to another value after the OVS action is corrected.
-	PacketInReasonMC        = PacketInReasonNP
+	PacketInReasonMC = PacketInReasonNP
+	// PacketInReasonSvcReject shares PacketInReasonNP for IGMP packet_in message. This is because OVS "controller" action
+	// only correctly supports reason 0 or 1. Change to another value after the OVS action is corrected.
 	PacketInReasonSvcReject = PacketInReasonNP
 	// PacketInQueueSize defines the size of PacketInQueue.
 	// When PacketInQueue reaches PacketInQueueSize, new packet-in will be dropped.

diff --git a/pkg/agent/proxy/proxier.go b/pkg/agent/proxy/proxier.go
@@ -423,7 +423,7 @@ func (p *proxier) installServices() {
 			needUpdateEndpoints = pSvcInfo.SessionAffinityType() != svcInfo.SessionAffinityType() ||
 				pSvcInfo.ExternalPolicyLocal() != svcInfo.ExternalPolicyLocal() ||
 				pSvcInfo.InternalPolicyLocal() != svcInfo.InternalPolicyLocal()
-			// For an existing Service, ff both expected Endpoints number and installed Endpoints number are 0, we don't
+			// For an existing Service, if both expected Endpoints number and installed Endpoints number are 0, we don't
 			// need to take care of this Service.
 			if len(endpointsToInstall) == 0 && len(endpointsInstalled) == 0 {
 				continue
@@ -1046,10 +1046,21 @@ func (p *proxier) HandlePacketIn(pktIn *ofctrl.PacketIn) error {
 	}
 
 	matches := pktIn.GetMatches()
-	if matches.GetMatchByName(binding.OxmFieldInPort) == nil {
+
+	regField := matches.GetMatchByName(openflow.NoEpToSelectRegMark.GetField().GetNXFieldName())
+	if regField == nil {
+		return fmt.Errorf("error when getting match field reg")
+	}
+	// Filter out the packets that don't have reg mark NoEpToSelectRegMark.
+	if regField.GetValue().(uint32)&openflow.NoEpToSelectRegMark.GetField().GetRange().ToNXRange().ToUint32Mask() != openflow.NoEpToSelectRegMark.GetValue() {
+		return nil
+	}
+
+	inPortField := matches.GetMatchByName(binding.OxmFieldInPort)
+	if inPortField == nil {
 		return fmt.Errorf("error when getting match field inPort")
 	}
-	outPort := matches.GetMatchByName(binding.OxmFieldInPort).GetValue().(uint32)
+	outPort := inPortField.GetValue().(uint32)
 	return openflow.SendRejectPacketOut(p.ofClient,
 		srcMAC,
 		dstMAC,