-
Notifications
You must be signed in to change notification settings - Fork 366
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Reject the request to a Service without an Endpoint
When requesting a Service without an Endpoint, the connection should be rejected, rather than timeout according to the expectation of Kubernetes sig-network tests. Signed-off-by: Hongliang Liu <lhongliang@vmware.com>
- Loading branch information
1 parent
a66f078
commit 500934c
Showing
16 changed files
with
361 additions
and
79 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,115 @@ | ||
// Copyright 2023 Antrea Authors | ||
// | ||
// Licensed under the Apache License, Version 2.0 (the "License"); | ||
// you may not use this file except in compliance with the License. | ||
// You may obtain a copy of the License at | ||
// | ||
// http://www.apache.org/licenses/LICENSE-2.0 | ||
// | ||
// Unless required by applicable law or agreed to in writing, software | ||
// distributed under the License is distributed on an "AS IS" BASIS, | ||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
// See the License for the specific language governing permissions and | ||
// limitations under the License. | ||
|
||
package openflow | ||
|
||
import ( | ||
"encoding/binary" | ||
"fmt" | ||
|
||
"antrea.io/libOpenflow/protocol" | ||
"antrea.io/libOpenflow/util" | ||
"antrea.io/ofnet/ofctrl" | ||
|
||
binding "antrea.io/antrea/pkg/ovs/openflow" | ||
) | ||
|
||
const ( | ||
ipv4HdrLen uint16 = 20 | ||
ipv6HdrLen uint16 = 40 | ||
|
||
icmpUnusedHdrLen uint16 = 4 | ||
|
||
tcpAck uint8 = 0b010000 | ||
tcpRst uint8 = 0b000100 | ||
|
||
icmpDstUnreachableType uint8 = 3 | ||
icmpDstHostAdminProhibitedCode uint8 = 10 | ||
|
||
icmpv6DstUnreachableType uint8 = 1 | ||
icmpv6DstAdminProhibitedCode uint8 = 1 | ||
) | ||
|
||
func GetEthernetPacket(pktIn *ofctrl.PacketIn) (*protocol.Ethernet, error) { | ||
ethernetPkt := new(protocol.Ethernet) | ||
if err := ethernetPkt.UnmarshalBinary(pktIn.Data.(*util.Buffer).Bytes()); err != nil { | ||
return nil, fmt.Errorf("failed to parse ethernet packet from packet-in message: %v", err) | ||
} | ||
return ethernetPkt, nil | ||
} | ||
|
||
func SendRejectPacketOut(ofClient Client, | ||
srcMAC string, | ||
dstMAC string, | ||
srcIP string, | ||
dstIP string, | ||
inPort uint32, | ||
outPort uint32, | ||
isIPv6 bool, | ||
ethernetPkt *protocol.Ethernet, | ||
proto uint8, | ||
mutateFunc func(binding.PacketOutBuilder) binding.PacketOutBuilder) error { | ||
if proto == protocol.Type_TCP { | ||
// Get TCP data. | ||
oriTCPSrcPort, oriTCPDstPort, oriTCPSeqNum, _, _, _, _, err := binding.GetTCPHeaderData(ethernetPkt.Data) | ||
if err != nil { | ||
return err | ||
} | ||
// While sending TCP reject packet-out, switch original src/dst port, | ||
// set the ackNum as original seqNum+1 and set the flag as ack+rst. | ||
return ofClient.SendTCPPacketOut( | ||
srcMAC, | ||
dstMAC, | ||
srcIP, | ||
dstIP, | ||
inPort, | ||
outPort, | ||
isIPv6, | ||
oriTCPDstPort, | ||
oriTCPSrcPort, | ||
0, | ||
oriTCPSeqNum+1, | ||
0, | ||
tcpAck|tcpRst, | ||
0, | ||
nil, | ||
mutateFunc) | ||
} | ||
// Use ICMP host administratively prohibited for ICMP, UDP, SCTP reject. | ||
icmpType := icmpDstUnreachableType | ||
icmpCode := icmpDstHostAdminProhibitedCode | ||
ipHdrLen := ipv4HdrLen | ||
if isIPv6 { | ||
icmpType = icmpv6DstUnreachableType | ||
icmpCode = icmpv6DstAdminProhibitedCode | ||
ipHdrLen = ipv6HdrLen | ||
} | ||
ipHdr, _ := ethernetPkt.Data.MarshalBinary() | ||
icmpData := make([]byte, int(icmpUnusedHdrLen+ipHdrLen+8)) | ||
// Put ICMP unused header in Data prop and set it to zero. | ||
binary.BigEndian.PutUint32(icmpData[:icmpUnusedHdrLen], 0) | ||
copy(icmpData[icmpUnusedHdrLen:], ipHdr[:ipHdrLen+8]) | ||
return ofClient.SendICMPPacketOut( | ||
srcMAC, | ||
dstMAC, | ||
srcIP, | ||
dstIP, | ||
inPort, | ||
outPort, | ||
isIPv6, | ||
icmpType, | ||
icmpCode, | ||
icmpData, | ||
mutateFunc) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.