Skip to content

Commit 28f9c1e

Browse files
npinaevanpinaeva
committed
[bridgeconfig] move bridge flows generation functions to the pkg.
These functions use bridge lock, will convert them to BridgeConfiguration methods later. Move test functions related to flow generation. Signed-off-by: Nadia Pinaeva <[email protected]>
1 parent b607e93 commit 28f9c1e

File tree

10 files changed

+1131
-1101
lines changed

10 files changed

+1131
-1101
lines changed

go-controller/pkg/node/bridgeconfig/bridgeconfig_testutil.go

Lines changed: 113 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,19 @@
11
package bridgeconfig
22

3-
import "github.com/ovn-org/ovn-kubernetes/go-controller/pkg/types"
3+
import (
4+
"fmt"
5+
"net"
6+
"strings"
7+
8+
net2 "k8s.io/utils/net"
9+
10+
"github.com/ovn-org/ovn-kubernetes/go-controller/pkg/config"
11+
"github.com/ovn-org/ovn-kubernetes/go-controller/pkg/types"
12+
"github.com/ovn-org/ovn-kubernetes/go-controller/pkg/util"
13+
14+
. "github.com/onsi/ginkgo/v2"
15+
. "github.com/onsi/gomega"
16+
)
417

518
func TestDefaultBridgeConfig() *BridgeConfiguration {
619
defaultNetConfig := &BridgeUDNConfiguration{
@@ -19,3 +32,102 @@ func TestBridgeConfig(brName string) *BridgeConfiguration {
1932
GwIface: brName,
2033
}
2134
}
35+
36+
func CheckUDNSvcIsolationOVSFlows(flows []string, netConfig *BridgeUDNConfiguration, netName string, svcCIDR *net.IPNet, expectedNFlows int) {
37+
By(fmt.Sprintf("Checking UDN %s service isolation flows for %s; expected %d flows",
38+
netName, svcCIDR.String(), expectedNFlows))
39+
40+
var mgmtMasqIP string
41+
var protoPrefix string
42+
if net2.IsIPv4CIDR(svcCIDR) {
43+
mgmtMasqIP = netConfig.V4MasqIPs.ManagementPort.IP.String()
44+
protoPrefix = "ip"
45+
} else {
46+
mgmtMasqIP = netConfig.V6MasqIPs.ManagementPort.IP.String()
47+
protoPrefix = "ip6"
48+
}
49+
50+
var nFlows int
51+
for _, flow := range flows {
52+
if strings.Contains(flow, fmt.Sprintf("priority=200, table=2, %s, %s_src=%s, actions=drop",
53+
protoPrefix, protoPrefix, mgmtMasqIP)) {
54+
nFlows++
55+
}
56+
}
57+
58+
Expect(nFlows).To(Equal(expectedNFlows))
59+
}
60+
61+
func CheckAdvertisedUDNSvcIsolationOVSFlows(flows []string, netConfig *BridgeUDNConfiguration, netName string, svcCIDR *net.IPNet, expectedNFlows int) {
62+
By(fmt.Sprintf("Checking advertised UDN %s service isolation flows for %s; expected %d flows",
63+
netName, svcCIDR.String(), expectedNFlows))
64+
65+
var matchingIPFamilySubnet *net.IPNet
66+
var protoPrefix string
67+
var udnAdvertisedSubnets []*net.IPNet
68+
var err error
69+
for _, clusterEntry := range netConfig.Subnets {
70+
udnAdvertisedSubnets = append(udnAdvertisedSubnets, clusterEntry.CIDR)
71+
}
72+
if net2.IsIPv4CIDR(svcCIDR) {
73+
matchingIPFamilySubnet, err = util.MatchFirstIPNetFamily(false, udnAdvertisedSubnets)
74+
Expect(err).ToNot(HaveOccurred())
75+
protoPrefix = "ip"
76+
} else {
77+
matchingIPFamilySubnet, err = util.MatchFirstIPNetFamily(false, udnAdvertisedSubnets)
78+
Expect(err).ToNot(HaveOccurred())
79+
protoPrefix = "ip6"
80+
}
81+
82+
var nFlows int
83+
for _, flow := range flows {
84+
if strings.Contains(flow, fmt.Sprintf("priority=200, table=2, %s, %s_src=%s, actions=drop",
85+
protoPrefix, protoPrefix, matchingIPFamilySubnet)) {
86+
nFlows++
87+
}
88+
if strings.Contains(flow, fmt.Sprintf("priority=550, in_port=LOCAL, %s, %s_src=%s, %s_dst=%s, actions=ct(commit,zone=64001,table=2)",
89+
protoPrefix, protoPrefix, matchingIPFamilySubnet, protoPrefix, svcCIDR)) {
90+
nFlows++
91+
}
92+
}
93+
94+
Expect(nFlows).To(Equal(expectedNFlows))
95+
}
96+
97+
func CheckDefaultSvcIsolationOVSFlows(flows []string, defaultConfig *BridgeUDNConfiguration, ofPortHost, bridgeMAC string, svcCIDR *net.IPNet) {
98+
By(fmt.Sprintf("Checking default service isolation flows for %s", svcCIDR.String()))
99+
100+
var masqIP string
101+
var masqSubnet string
102+
var protoPrefix string
103+
if net2.IsIPv4CIDR(svcCIDR) {
104+
protoPrefix = "ip"
105+
masqIP = config.Gateway.MasqueradeIPs.V4HostMasqueradeIP.String()
106+
masqSubnet = config.Gateway.V4MasqueradeSubnet
107+
} else {
108+
protoPrefix = "ip6"
109+
masqIP = config.Gateway.MasqueradeIPs.V6HostMasqueradeIP.String()
110+
masqSubnet = config.Gateway.V6MasqueradeSubnet
111+
}
112+
113+
var nTable0DefaultFlows int
114+
var nTable0UDNMasqFlows int
115+
var nTable2Flows int
116+
for _, flow := range flows {
117+
if strings.Contains(flow, fmt.Sprintf("priority=500, in_port=%s, %s, %s_dst=%s, actions=ct(commit,zone=%d,nat(src=%s),table=2)",
118+
ofPortHost, protoPrefix, protoPrefix, svcCIDR, config.Default.HostMasqConntrackZone,
119+
masqIP)) {
120+
nTable0DefaultFlows++
121+
} else if strings.Contains(flow, fmt.Sprintf("priority=550, in_port=%s, %s, %s_src=%s, %s_dst=%s, actions=ct(commit,zone=%d,table=2)",
122+
ofPortHost, protoPrefix, protoPrefix, masqSubnet, protoPrefix, svcCIDR, config.Default.HostMasqConntrackZone)) {
123+
nTable0UDNMasqFlows++
124+
} else if strings.Contains(flow, fmt.Sprintf("priority=100, table=2, actions=set_field:%s->eth_dst,output:%s",
125+
bridgeMAC, defaultConfig.OfPortPatch)) {
126+
nTable2Flows++
127+
}
128+
}
129+
130+
Expect(nTable0DefaultFlows).To(Equal(1))
131+
Expect(nTable0UDNMasqFlows).To(Equal(1))
132+
Expect(nTable2Flows).To(Equal(1))
133+
}

0 commit comments

Comments
 (0)