Multicast fixes and enable/disable annotation #12650
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
knobunc
approved these changes
Jan 24, 2017
| @@ -178,6 +182,10 @@ func (np *networkPolicyPlugin) GetNamespaces(vnid uint32) []string { | |||
| return np.vnids.GetNamespaces(vnid) | |||
| } | |||
|
|
|||
| func (np *networkPolicyPlugin) GetMCEnabled(vnid uint32) bool { | |||
There was a problem hiding this comment.
Is there a reason for saying MC rather than spelling out Muticast? I'm not sure I'll remember MC == multicast in a couple of months...
danwinship
force-pushed
the
multicast-fixes-and-annotation
branch
from
8311af3 to
1822ec7
Compare
|
[test] |
|
flake #12667 [test] |
1 similar comment
|
flake #12667 [test] |
|
[merge] |
The multicast subnet's base address and mask happen to have the same bit pattern, but it's better style to not depend on that and just use ParseCIDR() rather than ParseIP() here.
The table 110 rule was specifying "ip, nw_dst=224.0.0.0/3", but it didn't need to because that was already specified in the rule leading to that table. Also, specify an explicit priority for consistency.
When a NetNamespace is renumbered, update its multicast rules from the NetNamespace notification directly, rather than having the podManager individually move each pod one-by-one from the old VNID rule to the new one.
Since the CNI_UPDATE code no longer needs a runningPod object, just return the changed vnid from update() instead, so we don't need to call ovs.GetOFPort() again.
To avoid DoS attacks, we should filter out disallowed outbound multicast packets on the sending end, not just on the receiving end.
danwinship
force-pushed
the
multicast-fixes-and-annotation
branch
from
1822ec7 to
8ba9e66
Compare
|
Evaluated for origin merge up to 8ba9e66 |
|
Evaluated for origin test up to 8ba9e66 |
|
continuous-integration/openshift-jenkins/test SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pr_origin/13388/) (Base Commit: ae0700c) |
|
continuous-integration/openshift-jenkins/merge SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pr_origin/13398/) (Base Commit: 6ceb412) (Image: devenv-rhel7_5804) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This cleans up the multicast code a bit and adds support for an annotation on NetNamespace to enable/disable multicast. (https://bugzilla.redhat.com/show_bug.cgi?id=1415318)
Um, was there some reason we decided on an annotation rather than adding a new NetNamespace field?
@openshift/networking PTAL (noting that dcbw is on PTO so don't expect him to review it :)
Oh, the first commit ("Add comment pointing out incorrect SDN annotation naming") is from #12627