v1.13.1 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Sep 11, 2023 License: Apache-2.0 Imports: 5 Imported by: 0




View Source
const (
	// NodeMACAddressAnnotationKey represents the key of the Node's MAC address in the Annotations of the Node.
	NodeMACAddressAnnotationKey string = "node.antrea.io/mac-address"

	// NodeTransportAddressAnnotationKey represents the key of the interface's IP addresses on which the Node transfers Pod traffic in the Annotations of the Node.
	NodeTransportAddressAnnotationKey string = "node.antrea.io/transport-addresses"

	// NodeWireGuardPublicAnnotationKey represents the key of the Node's WireGuard public key in the Annotations of the Node.
	NodeWireGuardPublicAnnotationKey string = "node.antrea.io/wireguard-public-key"

	// NodeMaxEgressIPsAnnotationKey represents the key of maximum Egress IP number in the Annotations of the Node.
	NodeMaxEgressIPsAnnotationKey string = "node.antrea.io/max-egress-ips"

	// ServiceExternalIPPoolAnnotationKey is the key of the Service annotation that specifies the Service's desired external IP pool.
	ServiceExternalIPPoolAnnotationKey string = "service.antrea.io/external-ip-pool"

	// ServiceLoadBalancerModeAnnotationKey is the key of the Service annotation that specifies the Service's load balancer mode.
	ServiceLoadBalancerModeAnnotationKey string = "service.antrea.io/load-balancer-mode"
View Source
const (
	// HostLocalSourceBit is the bit of the iptables fwmark space to mark locally generated packets.
	// Value must be within the range [0, 31], and should not conflict with bits for other purposes.
	HostLocalSourceBit = 31


View Source
var (
	// HostLocalSourceMark is the mark generated from HostLocalSourceBit.
	HostLocalSourceMark = uint32(1 << HostLocalSourceBit)

	// SNATIPMarkMask is the bits of packet mark that stores the ID of the
	// SNAT IP for a "Pod -> external" egress packet, that is to be SNAT'd.
	SNATIPMarkMask = uint32(0xFF)
View Source
var (
	McastAllHosts   = net.ParseIP("").To4()
	IGMPv3Router    = net.ParseIP("").To4()
	_, McastCIDR, _ = net.ParseCIDR("")


This section is empty.


type Address

type Address interface {
	GetMatchValue() string
	GetMatchKey(addrType AddressType) *MatchKey
	GetValue() interface{}

type AddressCategory

type AddressCategory uint8
const (
	IPAddr AddressCategory = iota

type AddressType

type AddressType int
const (
	SrcAddress AddressType = iota

type BitRange

type BitRange struct {
	Value uint16
	Mask  *uint16

A BitRange is a representation of a range of values from base value with a bitmask applied.

type ByPriority

type ByPriority []Priority

ByPriority sorts a list of Priority by their relative TierPriority, PolicyPriority and RulePriority, in that order. It implements sort.Interface.

func (ByPriority) Len

func (bp ByPriority) Len() int

func (ByPriority) Less

func (bp ByPriority) Less(i, j int) bool

func (ByPriority) Swap

func (bp ByPriority) Swap(i, j int)

type IGMPNPRuleInfo added in v1.8.0

type IGMPNPRuleInfo struct {
	RuleAction v1beta1.RuleAction
	UUID       apitypes.UID
	NPType     *v1beta2.NetworkPolicyType
	Name       string

type MatchKey

type MatchKey struct {
	// contains filtered or unexported fields

func NewMatchKey

func NewMatchKey(proto binding.Protocol, valueCategory AddressCategory, keyString string) *MatchKey

func (*MatchKey) GetKeyString

func (m *MatchKey) GetKeyString() string

func (*MatchKey) GetOFProtocol

func (m *MatchKey) GetOFProtocol() binding.Protocol

func (*MatchKey) GetValueCategory

func (m *MatchKey) GetValueCategory() AddressCategory

type McastNetworkPolicyController added in v1.8.0

type McastNetworkPolicyController interface {
	// GetIGMPNPRuleInfo looks up the IGMP NetworkPolicy rule that matches the given Pod and groupAddress,
	// and returns the rule information if found.
	GetIGMPNPRuleInfo(podname, podNamespace string, groupAddress net.IP, igmpType uint8) (*IGMPNPRuleInfo, error)

type PodUpdate added in v1.7.0

type PodUpdate struct {
	PodNamespace string
	PodName      string
	IsAdd        bool
	ContainerID  string

type PolicyRule

type PolicyRule struct {
	Direction     v1beta2.Direction
	From          []Address
	To            []Address
	Service       []v1beta2.Service
	L7Protocols   []v1beta2.L7Protocol
	L7RuleVlanID  *uint32
	Action        *secv1beta1.RuleAction
	Priority      *uint16
	Name          string
	FlowID        uint32
	TableID       uint8
	PolicyRef     *v1beta2.NetworkPolicyReference
	EnableLogging bool
	LogLabel      string

PolicyRule groups configurations to set up conjunctive match for egress/ingress policy rules.

func (*PolicyRule) IsAntreaNetworkPolicyRule

func (r *PolicyRule) IsAntreaNetworkPolicyRule() bool

IsAntreaNetworkPolicyRule returns if a PolicyRule is created for Antrea NetworkPolicy types.

type Priority

type Priority struct {
	TierPriority   int32
	PolicyPriority float64
	RulePriority   int32

Priority is a struct that is composed of Antrea NetworkPolicy priority, rule priority and Tier priority. It is used as the basic unit for priority sorting.

func (*Priority) Equals

func (p *Priority) Equals(p2 Priority) bool

func (*Priority) InSamePriorityZone

func (p *Priority) InSamePriorityZone(p2 Priority) bool

InSamePriorityZone returns true if two Priorities are of the same Tier and same priority at policy level.

func (*Priority) IsConsecutive

func (p *Priority) IsConsecutive(p2 Priority) bool

IsConsecutive returns true if two Priorties are immediately next to each other.

func (*Priority) Less

func (p *Priority) Less(p2 Priority) bool

type RoundInfo

type RoundInfo struct {
	RoundNum uint64
	// PrevRoundNum is nil if this is the first round or the previous round
	// number could not be retrieved.
	PrevRoundNum *uint64

RoundInfo identifies the current agent "round". Each round is indentified by a round number, which is incremented every time the agent is restarted. The round number is persisted on the Node in OVSDB.

type RuleMetric

type RuleMetric struct {
	Bytes, Packets, Sessions uint64

func (*RuleMetric) Merge

func (m *RuleMetric) Merge(m1 *RuleMetric)

type ServiceConfig added in v1.13.0

type ServiceConfig struct {
	ServiceIP          net.IP
	ServicePort        uint16
	Protocol           openflow.Protocol
	TrafficPolicyLocal bool
	LocalGroupID       openflow.GroupIDType
	ClusterGroupID     openflow.GroupIDType
	AffinityTimeout    uint16
	// IsExternal indicates that whether the Service is externally accessible.
	// It's true for NodePort, LoadBalancerIP and ExternalIP.
	IsExternal bool
	IsNodePort bool
	// IsNested indicates the whether Service's Endpoints are ClusterIPs of other Services. It's used in multi-cluster.
	IsNested bool
	// IsDSR indicates that whether the Service works in Direct Server Return mode.
	IsDSR bool

ServiceConfig contains the configuration needed to install flows for a given Service entrypoint.

func (*ServiceConfig) TrafficPolicyGroupID added in v1.13.0

func (c *ServiceConfig) TrafficPolicyGroupID() openflow.GroupIDType


Path Synopsis
Package testing is a generated GoMock package.
Package testing is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL