Reject the request to a Service without an Endpoint

When requesting a Service without an Endpoint, the connection should be rejected, rather than timeout according to the expectation of Kubernetes sig-network tests. Signed-off-by: Hongliang Liu <lhongliang@vmware.com>
antrea-io · Mar 21, 2023 · fe2a8a3 · fe2a8a3
1 parent be3fba1
commit fe2a8a3
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 17 deletions.
diff --git a/pkg/agent/multicast/mcast_discovery.go b/pkg/agent/multicast/mcast_discovery.go
@@ -21,7 +21,6 @@ import (
 	"sync"
 	"time"
 
-	"antrea.io/libOpenflow/openflow15"
 	"antrea.io/libOpenflow/protocol"
 	"antrea.io/libOpenflow/util"
 	"antrea.io/ofnet/ofctrl"
@@ -75,7 +74,7 @@ func (s *IGMPSnooper) HandlePacketIn(pktIn *ofctrl.PacketIn) error {
 	if match == nil {
 		return fmt.Errorf("error getting match from IGMP marks in CustomField")
 	}
-	customReasons, err := getInfoInReg(match, openflow.CustomReasonField.GetRange().ToNXRange())
+	customReasons, err := openflow.GetInfoInReg(match, openflow.CustomReasonField.GetRange().ToNXRange())
 	if err != nil {
 		klog.ErrorS(err, "Received error while unloading customReason from OVS reg")
 		return err
@@ -86,17 +85,6 @@ func (s *IGMPSnooper) HandlePacketIn(pktIn *ofctrl.PacketIn) error {
 	return nil
 }
 
-func getInfoInReg(regMatch *ofctrl.MatchField, rng *openflow15.NXRange) (uint32, error) {
-	regValue, ok := regMatch.GetValue().(*ofctrl.NXRegister)
-	if !ok {
-		return 0, errors.New("register value cannot be retrieved")
-	}
-	if rng != nil {
-		return ofctrl.GetUint32ValueWithRange(regValue.Data, rng), nil
-	}
-	return regValue.Data, nil
-}
-
 func (s *IGMPSnooper) parseSrcInterface(pktIn *ofctrl.PacketIn) (*interfacestore.InterfaceConfig, error) {
 	matches := pktIn.GetMatches()
 	ofPortField := matches.GetMatchByName(binding.OxmFieldInPort)

diff --git a/pkg/agent/openflow/packetin.go b/pkg/agent/openflow/packetin.go
@@ -16,6 +16,7 @@ package openflow
 
 import (
 	"encoding/binary"
+	"errors"
 	"fmt"
 
 	"antrea.io/libOpenflow/openflow15"
@@ -52,7 +53,9 @@ const (
 	PacketInReasonNP ofpPacketInReason = 0
 	// PacketInReasonMC shares PacketInReasonNP for IGMP packet_in message. This is because OVS "controller" action
 	// only correctly supports reason 0 or 1. Change to another value after the OVS action is corrected.
-	PacketInReasonMC        = PacketInReasonNP
+	PacketInReasonMC = PacketInReasonNP
+	// PacketInReasonSvcReject shares PacketInReasonNP for IGMP packet_in message. This is because OVS "controller" action
+	// only correctly supports reason 0 or 1. Change to another value after the OVS action is corrected.
 	PacketInReasonSvcReject = PacketInReasonNP
 	// PacketInQueueSize defines the size of PacketInQueue.
 	// When PacketInQueue reaches PacketInQueueSize, new packet-in will be dropped.
@@ -149,3 +152,14 @@ func GetMatchFieldByRegID(matchers *ofctrl.Matchers, regID int) *ofctrl.MatchFie
 	}
 	return &ofctrl.MatchField{MatchField: openflow15.NewRegMatchFieldWithMask(regID, data, mask)}
 }
+
+func GetInfoInReg(regMatch *ofctrl.MatchField, rng *openflow15.NXRange) (uint32, error) {
+	regValue, ok := regMatch.GetValue().(*ofctrl.NXRegister)
+	if !ok {
+		return 0, errors.New("register value cannot be retrieved")
+	}
+	if rng != nil {
+		return ofctrl.GetUint32ValueWithRange(regValue.Data, rng), nil
+	}
+	return regValue.Data, nil
+}
diff --git a/pkg/agent/proxy/proxier.go b/pkg/agent/proxy/proxier.go
@@ -423,7 +423,7 @@ func (p *proxier) installServices() {
 			needUpdateEndpoints = pSvcInfo.SessionAffinityType() != svcInfo.SessionAffinityType() ||
 				pSvcInfo.ExternalPolicyLocal() != svcInfo.ExternalPolicyLocal() ||
 				pSvcInfo.InternalPolicyLocal() != svcInfo.InternalPolicyLocal()
-			// For an existing Service, ff both expected Endpoints number and installed Endpoints number are 0, we don't
+			// For an existing Service, if both expected Endpoints number and installed Endpoints number are 0, we don't
 			// need to take care of this Service.
 			if len(endpointsToInstall) == 0 && len(endpointsInstalled) == 0 {
 				continue
@@ -1046,10 +1046,29 @@ func (p *proxier) HandlePacketIn(pktIn *ofctrl.PacketIn) error {
 	}
 
 	matches := pktIn.GetMatches()
-	if matches.GetMatchByName(binding.OxmFieldInPort) == nil {
+
+	noEpToSelectRegField := openflow.NoEpToSelectRegMark.GetField()
+	noEpToSelectRegValue := openflow.NoEpToSelectRegMark.GetValue()
+	match := openflow.GetMatchFieldByRegID(matches, noEpToSelectRegField.GetRegID())
+	if match == nil {
+		return fmt.Errorf("error getting match NoEpToSelectRegMark")
+	}
+
+	regValue, err := openflow.GetInfoInReg(match, noEpToSelectRegField.GetRange().ToNXRange())
+	if err != nil {
+		klog.ErrorS(err, "Received error while unloading NoEpToSelectRegMark from OVS reg")
+		return err
+	}
+	// Filter out the packets that don't have reg mark NoEpToSelectRegMark.
+	if regValue&noEpToSelectRegValue != noEpToSelectRegValue {
+		return nil
+	}
+
+	inPortField := matches.GetMatchByName(binding.OxmFieldInPort)
+	if inPortField == nil {
 		return fmt.Errorf("error when getting match field inPort")
 	}
-	outPort := matches.GetMatchByName(binding.OxmFieldInPort).GetValue().(uint32)
+	outPort := inPortField.GetValue().(uint32)
 	return openflow.SendRejectPacketOut(p.ofClient,
 		srcMAC,
 		dstMAC,