Skip to content

Commit

Permalink
Ensure correct sysctl values if VLAN iface exists in IPAssigner (#6900)
Browse files Browse the repository at this point in the history
If the VLAN interface already exixts (e.g., in case of an Agent
restart), we should still ensure that the necessary systcl variables are
set correctly.

Signed-off-by: Antonin Bas <[email protected]>
  • Loading branch information
antoninbas committed Jan 10, 2025
1 parent 0f011f2 commit eb53b64
Show file tree
Hide file tree
Showing 2 changed files with 33 additions and 9 deletions.
19 changes: 10 additions & 9 deletions pkg/agent/ipassigner/ip_assigner_linux.go
Original file line number Diff line number Diff line change
Expand Up @@ -508,6 +508,15 @@ func (a *ipAssigner) getAssignee(subnetInfo *crdv1b1.SubnetInfo, createIfNotExis
return nil, fmt.Errorf("error creating VLAN sub-interface for VLAN %d", subnetInfo.VLAN)
}
}
as, err := a.addVLANAssignee(vlan, subnetInfo.VLAN)
if err != nil {
return nil, err
}
return as, nil
}

func (a *ipAssigner) addVLANAssignee(link netlink.Link, vlan int32) (*assignee, error) {
name := link.Attrs().Name
// Loose mode is needed because incoming traffic received on the interface is expected to be received on the parent
// external interface when looking up the main table. To make it look up the custom table, we will need to restore
// the mark on the reply traffic and turn on src_valid_mark on this interface, which is more complicated.
Expand All @@ -521,18 +530,10 @@ func (a *ipAssigner) getAssignee(subnetInfo *crdv1b1.SubnetInfo, createIfNotExis
if err := util.EnsurePromoteSecondariesOnInterface(name); err != nil {
return nil, err
}
as, err := a.addVLANAssignee(vlan, subnetInfo.VLAN)
if err != nil {
return nil, err
}
return as, nil
}

func (a *ipAssigner) addVLANAssignee(link netlink.Link, vlan int32) (*assignee, error) {
if err := netlink.LinkSetUp(link); err != nil {
return nil, fmt.Errorf("error setting up interface %v", link)
}
iface, err := net.InterfaceByName(link.Attrs().Name)
iface, err := net.InterfaceByName(name)
if err != nil {
return nil, err
}
Expand Down
23 changes: 23 additions & 0 deletions test/integration/agent/ip_assigner_linux_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -25,11 +25,29 @@ import (
"k8s.io/apimachinery/pkg/util/sets"

"antrea.io/antrea/pkg/agent/ipassigner"
"antrea.io/antrea/pkg/agent/util/sysctl"
crdv1b1 "antrea.io/antrea/pkg/apis/crd/v1beta1"
)

const dummyDeviceName = "antrea-dummy0"

func checkSysctl(t *testing.T, path string, expected int) {
t.Helper()
v, err := sysctl.GetSysctlNet(path)
require.NoError(t, err)
assert.Equalf(t, expected, v, "Wrong value for %s", path)
}

func checkRPFilterOnInterface(t *testing.T, ifaceName string, expected int) {
t.Helper()
checkSysctl(t, fmt.Sprintf("ipv4/conf/%s/rp_filter", ifaceName), expected)
}

func checkPromoteSecondariesOnInterface(t *testing.T, ifaceName string, expected int) {
t.Helper()
checkSysctl(t, fmt.Sprintf("ipv4/conf/%s/promote_secondaries", ifaceName), expected)
}

func TestIPAssigner(t *testing.T) {
nodeLinkName := nodeIntf.Name
require.NotNil(t, nodeLinkName, "Get Node link failed")
Expand All @@ -40,6 +58,7 @@ func TestIPAssigner(t *testing.T) {
dummyDevice, err := netlink.LinkByName(dummyDeviceName)
require.NoError(t, err, "Failed to find the dummy device")
defer netlink.LinkDel(dummyDevice)
checkPromoteSecondariesOnInterface(t, dummyDeviceName, 1)

_, err = ipAssigner.AssignIP("x", nil, false)
assert.Error(t, err, "Assigning an invalid IP should fail")
Expand Down Expand Up @@ -103,9 +122,13 @@ func TestIPAssigner(t *testing.T) {
vlan20Device, err := netlink.LinkByName("antrea-ext.20")
require.NoError(t, err, "Failed to find the VLAN 20 device")
defer netlink.LinkDel(vlan20Device)
checkRPFilterOnInterface(t, "antrea-ext.20", 2)
checkPromoteSecondariesOnInterface(t, "antrea-ext.20", 1)
vlan30Device, err := netlink.LinkByName("antrea-ext.30")
require.NoError(t, err, "Failed to find the VLAN 30 device")
defer netlink.LinkDel(vlan30Device)
checkRPFilterOnInterface(t, "antrea-ext.30", 2)
checkPromoteSecondariesOnInterface(t, "antrea-ext.30", 1)

actualIPs, err := listIPAddresses(dummyDevice)
require.NoError(t, err, "Failed to list IP addresses")
Expand Down

0 comments on commit eb53b64

Please sign in to comment.