Don't read back veth MAC; we already know it's based on the IP

danwinship · danwinship · commit 2f29592d56b2 · 2018-01-31T11:39:18.000-05:00
diff --git a/pkg/network/node/ovscontroller.go b/pkg/network/node/ovscontroller.go
@@ -227,40 +227,46 @@ func (oc *ovsController) ensureOvsPort(hostVeth, sandboxID string) (int, error)
 	return oc.ovs.AddPort(hostVeth, -1, "external-ids=sandbox="+sandboxID)
 }
 
-func (oc *ovsController) setupPodFlows(ofport int, podIP, podMAC string, vnid uint32) error {
+func (oc *ovsController) setupPodFlows(ofport int, podIP net.IP, vnid uint32) error {
 	otx := oc.ovs.NewTransaction()
 
+	ipstr := podIP.String()
+	podIP = podIP.To4()
+	ipmac := fmt.Sprintf("00:00:%02x:%02x:%02x:%02x/00:00:ff:ff:ff:ff", podIP[0], podIP[1], podIP[2], podIP[3])
+
 	// ARP/IP traffic from container
-	otx.AddFlow("table=20, priority=100, in_port=%d, arp, nw_src=%s, arp_sha=%s, actions=load:%d->NXM_NX_REG0[], goto_table:21", ofport, podIP, podMAC, vnid)
-	otx.AddFlow("table=20, priority=100, in_port=%d, ip, nw_src=%s, actions=load:%d->NXM_NX_REG0[], goto_table:21", ofport, podIP, vnid)
+	otx.AddFlow("table=20, priority=100, in_port=%d, arp, nw_src=%s, arp_sha=%s, actions=load:%d->NXM_NX_REG0[], goto_table:21", ofport, ipstr, ipmac, vnid)
+	otx.AddFlow("table=20, priority=100, in_port=%d, ip, nw_src=%s, actions=load:%d->NXM_NX_REG0[], goto_table:21", ofport, ipstr, vnid)
 	if oc.useConnTrack {
-		otx.AddFlow("table=25, priority=100, ip, nw_src=%s, actions=load:%d->NXM_NX_REG0[], goto_table:30", podIP, vnid)
+		otx.AddFlow("table=25, priority=100, ip, nw_src=%s, actions=load:%d->NXM_NX_REG0[], goto_table:30", ipstr, vnid)
 	}
 
 	// ARP request/response to container (not isolated)
-	otx.AddFlow("table=40, priority=100, arp, nw_dst=%s, actions=output:%d", podIP, ofport)
+	otx.AddFlow("table=40, priority=100, arp, nw_dst=%s, actions=output:%d", ipstr, ofport)
 
 	// IP traffic to container
-	otx.AddFlow("table=70, priority=100, ip, nw_dst=%s, actions=load:%d->NXM_NX_REG1[], load:%d->NXM_NX_REG2[], goto_table:80", podIP, vnid, ofport)
+	otx.AddFlow("table=70, priority=100, ip, nw_dst=%s, actions=load:%d->NXM_NX_REG1[], load:%d->NXM_NX_REG2[], goto_table:80", ipstr, vnid, ofport)
 
 	return otx.EndTransaction()
 }
 
-func (oc *ovsController) cleanupPodFlows(podIP string) error {
+func (oc *ovsController) cleanupPodFlows(podIP net.IP) error {
+	ipstr := podIP.String()
+
 	otx := oc.ovs.NewTransaction()
-	otx.DeleteFlows("ip, nw_dst=%s", podIP)
-	otx.DeleteFlows("ip, nw_src=%s", podIP)
-	otx.DeleteFlows("arp, nw_dst=%s", podIP)
-	otx.DeleteFlows("arp, nw_src=%s", podIP)
+	otx.DeleteFlows("ip, nw_dst=%s", ipstr)
+	otx.DeleteFlows("ip, nw_src=%s", ipstr)
+	otx.DeleteFlows("arp, nw_dst=%s", ipstr)
+	otx.DeleteFlows("arp, nw_src=%s", ipstr)
 	return otx.EndTransaction()
 }
 
-func (oc *ovsController) SetUpPod(hostVeth, podIP, podMAC, sandboxID string, vnid uint32) (int, error) {
+func (oc *ovsController) SetUpPod(sandboxID, hostVeth string, podIP net.IP, vnid uint32) (int, error) {
 	ofport, err := oc.ensureOvsPort(hostVeth, sandboxID)
 	if err != nil {
 		return -1, err
 	}
-	return ofport, oc.setupPodFlows(ofport, podIP, podMAC, vnid)
+	return ofport, oc.setupPodFlows(ofport, podIP, vnid)
 }
 
 // Returned list can also be used for port names
@@ -323,64 +329,58 @@ func (oc *ovsController) SetPodBandwidth(hostVeth, sandboxID string, ingressBPS,
 	return nil
 }
 
-func (oc *ovsController) getPodDetailsBySandboxID(sandboxID string) (int, string, string, error) {
+func (oc *ovsController) getPodDetailsBySandboxID(sandboxID string) (int, net.IP, error) {
 	strports, err := oc.ovs.Find("interface", "ofport", "external-ids:sandbox="+sandboxID)
 	if err != nil {
-		return 0, "", "", err
+		return 0, nil, err
 	} else if len(strports) == 0 {
-		return 0, "", "", fmt.Errorf("failed to find pod details from OVS flows")
+		return 0, nil, fmt.Errorf("failed to find pod details from OVS flows")
 	} else if len(strports) > 1 {
-		return 0, "", "", fmt.Errorf("found multiple ofports for sandbox ID %q: %#v", sandboxID, strports)
+		return 0, nil, fmt.Errorf("found multiple ofports for sandbox ID %q: %#v", sandboxID, strports)
 	}
 	ofport, err := strconv.Atoi(strports[0])
 	if err != nil {
-		return 0, "", "", fmt.Errorf("could not parse ofport %q: %v", strports[0], err)
+		return 0, nil, fmt.Errorf("could not parse ofport %q: %v", strports[0], err)
 	}
 
 	flows, err := oc.ovs.DumpFlows("table=20,arp,in_port=%d", ofport)
 	if err != nil {
-		return 0, "", "", err
+		return 0, nil, err
 	} else if len(flows) != 1 {
-		return 0, "", "", fmt.Errorf("could not find correct OVS flows for port %d", ofport)
+		return 0, nil, fmt.Errorf("could not find correct OVS flows for port %d", ofport)
 	}
 
 	parsed, err := ovs.ParseFlow(ovs.ParseForDump, flows[0])
 	if err != nil {
-		return 0, "", "", err
+		return 0, nil, err
 	}
 
-	macField, macOk := parsed.FindField("arp_sha")
 	ipField, ipOk := parsed.FindField("arp_spa")
-	if !macOk || !ipOk {
-		return 0, "", "", fmt.Errorf("failed to parse OVS flows for sandbox ID %q", sandboxID)
-	}
-
-	if _, err := net.ParseMAC(macField.Value); err != nil {
-		return 0, "", "", fmt.Errorf("failed to parse arp_sha %q: %v", macField.Value, err)
+	if !ipOk {
+		return 0, nil, fmt.Errorf("failed to parse OVS flows for sandbox ID %q", sandboxID)
 	}
-	podMAC := macField.Value
-	if net.ParseIP(ipField.Value) == nil {
-		return 0, "", "", fmt.Errorf("failed to parse arp_spa %q", ipField.Value)
+	podIP := net.ParseIP(ipField.Value)
+	if podIP == nil {
+		return 0, nil, fmt.Errorf("failed to parse arp_spa %q", ipField.Value)
 	}
-	podIP := ipField.Value
 
-	return ofport, podIP, podMAC, nil
+	return ofport, podIP, nil
 }
 
 func (oc *ovsController) UpdatePod(sandboxID string, vnid uint32) error {
-	ofport, podIP, podMAC, err := oc.getPodDetailsBySandboxID(sandboxID)
+	ofport, podIP, err := oc.getPodDetailsBySandboxID(sandboxID)
 	if err != nil {
 		return err
 	}
 	err = oc.cleanupPodFlows(podIP)
 	if err != nil {
 		return err
 	}
-	return oc.setupPodFlows(ofport, podIP, podMAC, vnid)
+	return oc.setupPodFlows(ofport, podIP, vnid)
 }
 
 func (oc *ovsController) TearDownPod(sandboxID string) error {
-	_, podIP, _, err := oc.getPodDetailsBySandboxID(sandboxID)
+	_, podIP, err := oc.getPodDetailsBySandboxID(sandboxID)
 	if err != nil {
 		// OVS flows related to sandboxID not found
 		// Nothing needs to be done in that case
diff --git a/pkg/network/node/ovscontroller_test.go b/pkg/network/node/ovscontroller_test.go
@@ -4,6 +4,7 @@ package node
 
 import (
 	"fmt"
+	"net"
 	"reflect"
 	"sort"
 	"strings"
@@ -14,6 +15,8 @@ import (
 
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	kapi "k8s.io/kubernetes/pkg/apis/core"
+
+	"github.com/containernetworking/plugins/pkg/utils/hwaddr"
 )
 
 func setupOVSController(t *testing.T) (ovs.Interface, *ovsController, []string) {
@@ -225,7 +228,7 @@ func TestOVSPod(t *testing.T) {
 	ovsif, oc, origFlows := setupOVSController(t)
 
 	// Add
-	ofport, err := oc.SetUpPod("veth1", "10.128.0.2", "11:22:33:44:55:66", sandboxID, 42)
+	ofport, err := oc.SetUpPod(sandboxID, "veth1", net.ParseIP("10.128.0.2"), 42)
 	if err != nil {
 		t.Fatalf("Unexpected error adding pod rules: %v", err)
 	}
@@ -237,7 +240,7 @@ func TestOVSPod(t *testing.T) {
 	err = assertFlowChanges(origFlows, flows,
 		flowChange{
 			kind:  flowAdded,
-			match: []string{"table=20", fmt.Sprintf("in_port=%d", ofport), "arp", "10.128.0.2", "11:22:33:44:55:66"},
+			match: []string{"table=20", fmt.Sprintf("in_port=%d", ofport), "arp", "10.128.0.2", "00:00:0a:80:00:02/00:00:ff:ff:ff:ff"},
 		},
 		flowChange{
 			kind:  flowAdded,
@@ -275,7 +278,7 @@ func TestOVSPod(t *testing.T) {
 	err = assertFlowChanges(origFlows, flows,
 		flowChange{
 			kind:  flowAdded,
-			match: []string{"table=20", fmt.Sprintf("in_port=%d", ofport), "arp", "10.128.0.2", "11:22:33:44:55:66"},
+			match: []string{"table=20", fmt.Sprintf("in_port=%d", ofport), "arp", "10.128.0.2", "00:00:0a:80:00:02/00:00:ff:ff:ff:ff"},
 		},
 		flowChange{
 			kind:  flowAdded,
@@ -320,26 +323,24 @@ func TestGetPodDetails(t *testing.T) {
 	type testcase struct {
 		sandboxID string
 		ip        string
-		mac       string
 		errStr    string
 	}
 
 	testcases := []testcase{
 		{
 			sandboxID: sandboxID,
 			ip:        "10.130.0.2",
-			mac:       "4a:77:32:e4:ab:9d",
 		},
 	}
 
 	for _, tc := range testcases {
 		_, oc, _ := setupOVSController(t)
-		tcOFPort, err := oc.SetUpPod("veth1", tc.ip, tc.mac, tc.sandboxID, 42)
+		tcOFPort, err := oc.SetUpPod(tc.sandboxID, "veth1", net.ParseIP(tc.ip), 42)
 		if err != nil {
 			t.Fatalf("Unexpected error adding pod rules: %v", err)
 		}
 
-		ofport, ip, mac, err := oc.getPodDetailsBySandboxID(tc.sandboxID)
+		ofport, ip, err := oc.getPodDetailsBySandboxID(tc.sandboxID)
 		if err != nil {
 			if tc.errStr != "" {
 				if !strings.Contains(err.Error(), tc.errStr) {
@@ -354,11 +355,8 @@ func TestGetPodDetails(t *testing.T) {
 		if ofport != tcOFPort {
 			t.Fatalf("unexpected ofport %d (expected %d)", ofport, tcOFPort)
 		}
-		if ip != tc.ip {
-			t.Fatalf("unexpected ip %q (expected %q)", ip, tc.ip)
-		}
-		if mac != tc.mac {
-			t.Fatalf("unexpected mac %q (expected %q)", mac, tc.mac)
+		if ip.String() != tc.ip {
+			t.Fatalf("unexpected ip %q (expected %q)", ip.String(), tc.ip)
 		}
 	}
 }
@@ -1050,3 +1048,16 @@ func TestSyncVNIDRules(t *testing.T) {
 		}
 	}
 }
+
+// Ensure that CNI's IP-addressed-based MAC addresses use the IP in the way we expect
+func TestSetHWAddrByIP(t *testing.T) {
+	ip := net.ParseIP("1.2.3.4")
+	hwAddr, err := hwaddr.GenerateHardwareAddr4(ip, hwaddr.PrivateMACPrefix)
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	expectedHWAddr := net.HardwareAddr(append(hwaddr.PrivateMACPrefix, ip.To4()...))
+	if !reflect.DeepEqual(hwAddr, expectedHWAddr) {
+		t.Fatalf("hwaddr.GenerateHardwareAddr4 changed behavior! (%#v != %#v)", hwAddr, expectedHWAddr)
+	}
+}
diff --git a/pkg/network/node/pod.go b/pkg/network/node/pod.go
@@ -539,7 +539,7 @@ func (m *podManager) setup(req *cniserver.PodRequest) (cnitypes.Result, *running
 		}
 	}
 
-	var hostVethName, contVethMac string
+	var hostVethName string
 	err = ns.WithNetNSPath(req.Netns, func(hostNS ns.NetNS) error {
 		hostVeth, contVeth, err := ip.SetupVeth(podInterfaceName, int(m.mtu), hostNS)
 		if err != nil {
@@ -588,7 +588,6 @@ func (m *podManager) setup(req *cniserver.PodRequest) (cnitypes.Result, *running
 		}
 
 		hostVethName = hostVeth.Name
-		contVethMac = contVeth.HardwareAddr.String()
 		return nil
 	})
 	if err != nil {
@@ -604,7 +603,7 @@ func (m *podManager) setup(req *cniserver.PodRequest) (cnitypes.Result, *running
 		return nil, nil, err
 	}
 
-	ofport, err := m.ovs.SetUpPod(hostVethName, podIP.String(), contVethMac, req.SandboxID, vnid)
+	ofport, err := m.ovs.SetUpPod(req.SandboxID, hostVethName, podIP, vnid)
 	if err != nil {
 		return nil, nil, err
 	}

Original file line number	Diff line number	Diff line change
`@@ -539,7 +539,7 @@ func (m podManager) setup(req cniserver.PodRequest) (cnitypes.Result, *running`
`539`	`539`	`}`
`540`	`540`	`}`
`541`	`541`
`542`		`- var hostVethName, contVethMac string`
	`542`	`+ var hostVethName string`
`543`	`543`	`err = ns.WithNetNSPath(req.Netns, func(hostNS ns.NetNS) error {`
`544`	`544`	`hostVeth, contVeth, err := ip.SetupVeth(podInterfaceName, int(m.mtu), hostNS)`
`545`	`545`	`if err != nil {`
`@@ -588,7 +588,6 @@ func (m podManager) setup(req cniserver.PodRequest) (cnitypes.Result, *running`
`588`	`588`	`}`
`589`	`589`
`590`	`590`	`hostVethName = hostVeth.Name`
`591`		`- contVethMac = contVeth.HardwareAddr.String()`
`592`	`591`	`return nil`
`593`	`592`	`})`
`594`	`593`	`if err != nil {`
`@@ -604,7 +603,7 @@ func (m podManager) setup(req cniserver.PodRequest) (cnitypes.Result, *running`
`604`	`603`	`return nil, nil, err`
`605`	`604`	`}`
`606`	`605`
`607`		`- ofport, err := m.ovs.SetUpPod(hostVethName, podIP.String(), contVethMac, req.SandboxID, vnid)`
	`606`	`+ ofport, err := m.ovs.SetUpPod(req.SandboxID, hostVethName, podIP, vnid)`
`608`	`607`	`if err != nil {`
`609`	`608`	`return nil, nil, err`
`610`	`609`	`}`