diff --git a/pkg/agent/controller/networkpolicy/packetin.go b/pkg/agent/controller/networkpolicy/packetin.go index d0d3aa3b2c7..3c8b3175e6e 100644 --- a/pkg/agent/controller/networkpolicy/packetin.go +++ b/pkg/agent/controller/networkpolicy/packetin.go @@ -17,7 +17,7 @@ package networkpolicy import ( "errors" "fmt" - "net" + "net/netip" "time" "antrea.io/libOpenflow/openflow15" @@ -109,16 +109,15 @@ func (c *Controller) storeDenyConnection(pktIn *ofctrl.PacketIn) error { } // Get 5-tuple information + sourceAddr, _ := netip.AddrFromSlice(packet.SourceIP) + destinationAddr, _ := netip.AddrFromSlice(packet.DestinationIP) tuple := flowexporter.Tuple{ - SourcePort: packet.SourcePort, - DestinationPort: packet.DestinationPort, - Protocol: packet.IPProto, - } - // Make deep copy of IP addresses - tuple.SourceAddress = make(net.IP, len(packet.SourceIP)) - tuple.DestinationAddress = make(net.IP, len(packet.DestinationIP)) - copy(tuple.SourceAddress, packet.SourceIP) - copy(tuple.DestinationAddress, packet.DestinationIP) + SourceAddress: sourceAddr, + DestinationAddress: destinationAddr, + SourcePort: packet.SourcePort, + DestinationPort: packet.DestinationPort, + Protocol: packet.IPProto, + } // Generate deny connection and add to deny connection store denyConn := flowexporter.Connection{} diff --git a/pkg/agent/flowexporter/connections/connections.go b/pkg/agent/flowexporter/connections/connections.go index 926d804cd90..68b7e32a436 100644 --- a/pkg/agent/flowexporter/connections/connections.go +++ b/pkg/agent/flowexporter/connections/connections.go @@ -109,7 +109,7 @@ func (cs *connectionStore) fillPodInfo(conn *flowexporter.Connection) { srcPod, srcFound := cs.podStore.GetPodByIPAndTime(srcIP, conn.StartTime) dstPod, dstFound := cs.podStore.GetPodByIPAndTime(dstIP, conn.StartTime) if !srcFound && !dstFound { - klog.Warningf("Cannot map any of the IP %s or %s to a local Pod", srcIP, dstIP) + klog.InfoS("Cannot map any of the connection IPs to a local Pod", "srcIP", srcIP, "dstIP", dstIP) } if srcFound { conn.SourcePodName = srcPod.Name diff --git a/pkg/agent/flowexporter/connections/connections_test.go b/pkg/agent/flowexporter/connections/connections_test.go index 98b2c92fefc..3ab693bda3c 100644 --- a/pkg/agent/flowexporter/connections/connections_test.go +++ b/pkg/agent/flowexporter/connections/connections_test.go @@ -15,7 +15,7 @@ package connections import ( - "net" + "net/netip" "testing" "time" @@ -52,7 +52,7 @@ func TestConnectionStore_ForAllConnectionsDo(t *testing.T) { testFlowKeys := make([]*flowexporter.ConnectionKey, 2) refTime := time.Now() // Flow-1, which is already in connectionStore - tuple1 := flowexporter.Tuple{SourceAddress: net.IP{1, 2, 3, 4}, DestinationAddress: net.IP{4, 3, 2, 1}, Protocol: 6, SourcePort: 65280, DestinationPort: 255} + tuple1 := flowexporter.Tuple{SourceAddress: netip.MustParseAddr("1.2.3.4"), DestinationAddress: netip.MustParseAddr("4.3.2.1"), Protocol: 6, SourcePort: 65280, DestinationPort: 255} testFlows[0] = &flowexporter.Connection{ StartTime: refTime.Add(-(time.Second * 50)), StopTime: refTime, @@ -64,7 +64,7 @@ func TestConnectionStore_ForAllConnectionsDo(t *testing.T) { IsPresent: true, } // Flow-2, which is not in connectionStore - tuple2 := flowexporter.Tuple{SourceAddress: net.IP{5, 6, 7, 8}, DestinationAddress: net.IP{8, 7, 6, 5}, Protocol: 6, SourcePort: 60001, DestinationPort: 200} + tuple2 := flowexporter.Tuple{SourceAddress: netip.MustParseAddr("5.6.7.8"), DestinationAddress: netip.MustParseAddr("8.7.6.5"), Protocol: 6, SourcePort: 60001, DestinationPort: 200} testFlows[1] = &flowexporter.Connection{ StartTime: refTime.Add(-(time.Second * 20)), StopTime: refTime, @@ -107,7 +107,7 @@ func TestConnectionStore_DeleteConnWithoutLock(t *testing.T) { // test on deny connection store mockPodStore := podstoretest.NewMockInterface(ctrl) denyConnStore := NewDenyConnectionStore(mockPodStore, nil, testFlowExporterOptions) - tuple := flowexporter.Tuple{SourceAddress: net.IP{1, 2, 3, 4}, DestinationAddress: net.IP{4, 3, 2, 1}, Protocol: 6, SourcePort: 65280, DestinationPort: 255} + tuple := flowexporter.Tuple{SourceAddress: netip.MustParseAddr("1.2.3.4"), DestinationAddress: netip.MustParseAddr("4.3.2.1"), Protocol: 6, SourcePort: 65280, DestinationPort: 255} conn := &flowexporter.Connection{ FlowKey: tuple, } diff --git a/pkg/agent/flowexporter/connections/conntrack.go b/pkg/agent/flowexporter/connections/conntrack.go index ab282bf1f8f..576e1d0f200 100644 --- a/pkg/agent/flowexporter/connections/conntrack.go +++ b/pkg/agent/flowexporter/connections/conntrack.go @@ -16,6 +16,7 @@ package connections import ( "net" + "net/netip" "k8s.io/klog/v2" @@ -26,15 +27,24 @@ import ( // InitializeConnTrackDumper initializes the ConnTrackDumper interface for different OS and datapath types. func InitializeConnTrackDumper(nodeConfig *config.NodeConfig, serviceCIDRv4 *net.IPNet, serviceCIDRv6 *net.IPNet, ovsDatapathType ovsconfig.OVSDatapathType, isAntreaProxyEnabled bool) ConnTrackDumper { + var svcCIDRv4, svcCIDRv6 netip.Prefix + if serviceCIDRv4 != nil { + svcCIDRv4 = netip.MustParsePrefix(serviceCIDRv4.String()) + } + if serviceCIDRv6 != nil { + svcCIDRv6 = netip.MustParsePrefix(serviceCIDRv6.String()) + } var connTrackDumper ConnTrackDumper if ovsDatapathType == ovsconfig.OVSDatapathSystem { - connTrackDumper = NewConnTrackSystem(nodeConfig, serviceCIDRv4, serviceCIDRv6, isAntreaProxyEnabled) + connTrackDumper = NewConnTrackSystem(nodeConfig, svcCIDRv4, svcCIDRv6, isAntreaProxyEnabled) } return connTrackDumper } -func filterAntreaConns(conns []*flowexporter.Connection, nodeConfig *config.NodeConfig, serviceCIDR *net.IPNet, zoneFilter uint16, isAntreaProxyEnabled bool) []*flowexporter.Connection { +func filterAntreaConns(conns []*flowexporter.Connection, nodeConfig *config.NodeConfig, serviceCIDR netip.Prefix, zoneFilter uint16, isAntreaProxyEnabled bool) []*flowexporter.Connection { filteredConns := conns[:0] + gwIPv4, _ := netip.AddrFromSlice(nodeConfig.GatewayConfig.IPv4) + gwIPv6, _ := netip.AddrFromSlice(nodeConfig.GatewayConfig.IPv4) for _, conn := range conns { if conn.Zone != zoneFilter { continue @@ -43,10 +53,10 @@ func filterAntreaConns(conns []*flowexporter.Connection, nodeConfig *config.Node dstIP := conn.FlowKey.DestinationAddress // Consider Pod-to-Pod, Pod-To-Service and Pod-To-External flows. - if srcIP.Equal(nodeConfig.GatewayConfig.IPv4) || dstIP.Equal(nodeConfig.GatewayConfig.IPv4) { + if srcIP == gwIPv4 || dstIP == gwIPv4 { continue } - if srcIP.Equal(nodeConfig.GatewayConfig.IPv6) || dstIP.Equal(nodeConfig.GatewayConfig.IPv6) { + if srcIP == gwIPv6 || dstIP == gwIPv6 { continue } diff --git a/pkg/agent/flowexporter/connections/conntrack_connections_perf_test.go b/pkg/agent/flowexporter/connections/conntrack_connections_perf_test.go index 78384c38fed..0d57fd367c1 100644 --- a/pkg/agent/flowexporter/connections/conntrack_connections_perf_test.go +++ b/pkg/agent/flowexporter/connections/conntrack_connections_perf_test.go @@ -22,7 +22,7 @@ import ( "flag" "fmt" "math/big" - "net" + "net/netip" "testing" "time" @@ -51,8 +51,8 @@ const ( ) var ( - svcIPv4 = net.ParseIP("10.0.0.1") - svcIPv6 = net.ParseIP("2001:0:3238:dfe1:63::fefc") + svcIPv4 = netip.MustParseAddr("10.0.0.1") + svcIPv6 = netip.MustParseAddr("2001:0:3238:dfe1:63::fefc") ) /* @@ -188,7 +188,7 @@ func generateUpdatedConns(conns []*flowexporter.Connection) []*flowexporter.Conn func getNewConn() *flowexporter.Connection { randomNum1 := getRandomNum(255) randomNum2 := getRandomNum(255) - var src, dst, svc net.IP + var src, dst, svc netip.Addr if testWithIPv6 { src = exptest.RandIPv6() dst = exptest.RandIPv6() diff --git a/pkg/agent/flowexporter/connections/conntrack_connections_test.go b/pkg/agent/flowexporter/connections/conntrack_connections_test.go index 0ed68d4960c..33bd3279e85 100644 --- a/pkg/agent/flowexporter/connections/conntrack_connections_test.go +++ b/pkg/agent/flowexporter/connections/conntrack_connections_test.go @@ -17,7 +17,7 @@ package connections import ( "encoding/binary" "fmt" - "net" + "net/netip" "testing" "time" @@ -42,17 +42,17 @@ import ( ) var ( - tuple1 = flowexporter.Tuple{SourceAddress: net.IP{5, 6, 7, 8}, DestinationAddress: net.IP{8, 7, 6, 5}, Protocol: 6, SourcePort: 60001, DestinationPort: 200} - tuple2 = flowexporter.Tuple{SourceAddress: net.IP{1, 2, 3, 4}, DestinationAddress: net.IP{4, 3, 2, 1}, Protocol: 6, SourcePort: 65280, DestinationPort: 255} - tuple3 = flowexporter.Tuple{SourceAddress: net.IP{10, 10, 10, 10}, DestinationAddress: net.IP{4, 3, 2, 1}, Protocol: 6, SourcePort: 60000, DestinationPort: 100} + tuple1 = flowexporter.Tuple{SourceAddress: netip.MustParseAddr("5.6.7.8"), DestinationAddress: netip.MustParseAddr("8.7.6.5"), Protocol: 6, SourcePort: 60001, DestinationPort: 200} + tuple2 = flowexporter.Tuple{SourceAddress: netip.MustParseAddr("1.2.3.4"), DestinationAddress: netip.MustParseAddr("4.3.2.1"), Protocol: 6, SourcePort: 65280, DestinationPort: 255} + tuple3 = flowexporter.Tuple{SourceAddress: netip.MustParseAddr("10.10.10.10"), DestinationAddress: netip.MustParseAddr("4.3.2.1"), Protocol: 6, SourcePort: 60000, DestinationPort: 100} pod1 = &v1.Pod{ Status: v1.PodStatus{ PodIPs: []v1.PodIP{ { - IP: net.IP{8, 7, 6, 5}.String(), + IP: "8.7.6.5", }, { - IP: net.IP{4, 3, 2, 1}.String(), + IP: "4.3.2.1", }, }, Phase: v1.PodRunning, @@ -266,7 +266,7 @@ func TestConnectionStore_DeleteConnectionByKey(t *testing.T) { testFlowKeys := make([]*flowexporter.ConnectionKey, 2) refTime := time.Now() // Flow-1, which is already in connectionStore - tuple1 := flowexporter.Tuple{SourceAddress: net.IP{1, 2, 3, 4}, DestinationAddress: net.IP{4, 3, 2, 1}, Protocol: 6, SourcePort: 65280, DestinationPort: 255} + tuple1 := flowexporter.Tuple{SourceAddress: netip.MustParseAddr("1.2.3.4"), DestinationAddress: netip.MustParseAddr("4.3.2.1"), Protocol: 6, SourcePort: 65280, DestinationPort: 255} testFlows[0] = &flowexporter.Connection{ StartTime: refTime.Add(-(time.Second * 50)), StopTime: refTime, @@ -278,7 +278,7 @@ func TestConnectionStore_DeleteConnectionByKey(t *testing.T) { IsPresent: true, } // Flow-2, which is not in connectionStore - tuple2 := flowexporter.Tuple{SourceAddress: net.IP{5, 6, 7, 8}, DestinationAddress: net.IP{8, 7, 6, 5}, Protocol: 6, SourcePort: 60001, DestinationPort: 200} + tuple2 := flowexporter.Tuple{SourceAddress: netip.MustParseAddr("5.6.7.8"), DestinationAddress: netip.MustParseAddr("8.7.6.5"), Protocol: 6, SourcePort: 60001, DestinationPort: 200} testFlows[1] = &flowexporter.Connection{ StartTime: refTime.Add(-(time.Second * 20)), StopTime: refTime, diff --git a/pkg/agent/flowexporter/connections/conntrack_linux.go b/pkg/agent/flowexporter/connections/conntrack_linux.go index 303dd000abf..b3fb7d89131 100644 --- a/pkg/agent/flowexporter/connections/conntrack_linux.go +++ b/pkg/agent/flowexporter/connections/conntrack_linux.go @@ -20,6 +20,7 @@ package connections import ( "fmt" "net" + "net/netip" "time" "github.com/ti-mo/conntrack" @@ -36,19 +37,20 @@ var _ ConnTrackDumper = new(connTrackSystem) type connTrackSystem struct { nodeConfig *config.NodeConfig - serviceCIDRv4 *net.IPNet - serviceCIDRv6 *net.IPNet + serviceCIDRv4 netip.Prefix + serviceCIDRv6 netip.Prefix isAntreaProxyEnabled bool connTrack NetFilterConnTrack } // TODO: detect the endianness of the system when initializing conntrack dumper to handle situations on big-endian platforms. // All connection labels are required to store in little endian format in conntrack dumper. -func NewConnTrackSystem(nodeConfig *config.NodeConfig, serviceCIDRv4 *net.IPNet, serviceCIDRv6 *net.IPNet, isAntreaProxyEnabled bool) *connTrackSystem { +func NewConnTrackSystem(nodeConfig *config.NodeConfig, serviceCIDRv4 netip.Prefix, serviceCIDRv6 netip.Prefix, isAntreaProxyEnabled bool) *connTrackSystem { if err := SetupConntrackParameters(); err != nil { // Do not fail, but continue after logging an error as we can still dump flows with missing information. klog.Errorf("Error when setting up conntrack parameters, some information may be missing from exported flows: %v", err) } + return &connTrackSystem{ nodeConfig, serviceCIDRv4, @@ -122,9 +124,23 @@ func (nfct *netFilterConnTrack) DumpFlowsInCtZone(zoneFilter uint16) ([]*flowexp } func NetlinkFlowToAntreaConnection(conn *conntrack.Flow) *flowexporter.Connection { + convIP := func(ip net.IP) netip.Addr { + // IPv4 addresses in conntrack.Flow are stored as IPv4-mapped IPv6 addresses. If we + // use netip.AddrFromSlice directly, we will end up with a netip.Addr object of type + // Is4In6, and when we call String() on that object, it will be formatted with a + // "::ffff:" prefix before the dotted quad. + ip4 := ip.To4() + if ip4 != nil { + addr, _ := netip.AddrFromSlice(ip4) + return addr + } + addr, _ := netip.AddrFromSlice(ip) + return addr + } + tuple := flowexporter.Tuple{ - SourceAddress: conn.TupleOrig.IP.SourceAddress, - DestinationAddress: conn.TupleReply.IP.SourceAddress, + SourceAddress: convIP(conn.TupleOrig.IP.SourceAddress), + DestinationAddress: convIP(conn.TupleReply.IP.SourceAddress), Protocol: conn.TupleOrig.Proto.Protocol, SourcePort: conn.TupleOrig.Proto.SourcePort, DestinationPort: conn.TupleReply.Proto.SourcePort, @@ -141,7 +157,7 @@ func NetlinkFlowToAntreaConnection(conn *conntrack.Flow) *flowexporter.Connectio LabelsMask: conn.LabelsMask, StatusFlag: uint32(conn.Status.Value), FlowKey: tuple, - DestinationServiceAddress: conn.TupleOrig.IP.DestinationAddress, + DestinationServiceAddress: convIP(conn.TupleOrig.IP.DestinationAddress), DestinationServicePort: conn.TupleOrig.Proto.DestinationPort, OriginalPackets: conn.CountersOrig.Packets, OriginalBytes: conn.CountersOrig.Bytes, diff --git a/pkg/agent/flowexporter/connections/conntrack_linux_test.go b/pkg/agent/flowexporter/connections/conntrack_linux_test.go index fd19312d9f2..1f814a017f5 100644 --- a/pkg/agent/flowexporter/connections/conntrack_linux_test.go +++ b/pkg/agent/flowexporter/connections/conntrack_linux_test.go @@ -16,6 +16,7 @@ package connections import ( "net" + "net/netip" "strconv" "strings" "testing" @@ -35,10 +36,17 @@ import ( ) var ( + srcAddr = netip.MustParseAddr("1.2.3.4") + dstAddr = netip.MustParseAddr("4.3.2.1") + svcAddr = netip.MustParseAddr("100.50.25.5") + gwAddr = netip.MustParseAddr("8.7.6.5") + _, podCIDR, _ = net.ParseCIDR("1.2.3.0/24") + svcCIDR = netip.MustParsePrefix("100.50.25.0/24") + conntrackFlowTuple = conntrack.Tuple{ IP: conntrack.IPTuple{ - SourceAddress: net.IP{1, 2, 3, 4}, - DestinationAddress: net.IP{4, 3, 2, 1}, + SourceAddress: srcAddr.AsSlice(), + DestinationAddress: dstAddr.AsSlice(), }, Proto: conntrack.ProtoTuple{ Protocol: 6, @@ -46,24 +54,34 @@ var ( DestinationPort: 255, }, } + conntrackFlowTupleReply = conntrack.Tuple{ + IP: conntrack.IPTuple{ + SourceAddress: dstAddr.AsSlice(), + DestinationAddress: srcAddr.AsSlice(), + }, + Proto: conntrack.ProtoTuple{ + Protocol: 6, + SourcePort: 255, + DestinationPort: 65280, + }, + } ) func TestConnTrackSystem_DumpFlows(t *testing.T) { ctrl := gomock.NewController(t) // Create flows for test - - tuple := flowexporter.Tuple{SourceAddress: net.IP{1, 2, 3, 4}, DestinationAddress: net.IP{4, 3, 2, 1}, Protocol: 6, SourcePort: 65280, DestinationPort: 255} + tuple := flowexporter.Tuple{SourceAddress: srcAddr, DestinationAddress: dstAddr, Protocol: 6, SourcePort: 65280, DestinationPort: 255} antreaFlow := &flowexporter.Connection{ FlowKey: tuple, Zone: openflow.CtZone, } - tuple = flowexporter.Tuple{SourceAddress: net.IP{1, 2, 3, 4}, DestinationAddress: net.IP{100, 50, 25, 5}, Protocol: 6, SourcePort: 60001, DestinationPort: 200} + tuple = flowexporter.Tuple{SourceAddress: srcAddr, DestinationAddress: svcAddr, Protocol: 6, SourcePort: 60001, DestinationPort: 200} antreaServiceFlow := &flowexporter.Connection{ FlowKey: tuple, Zone: openflow.CtZone, } - tuple = flowexporter.Tuple{SourceAddress: net.IP{5, 6, 7, 8}, DestinationAddress: net.IP{8, 7, 6, 5}, Protocol: 6, SourcePort: 60001, DestinationPort: 200} + tuple = flowexporter.Tuple{SourceAddress: srcAddr, DestinationAddress: gwAddr, Protocol: 6, SourcePort: 60001, DestinationPort: 200} antreaGWFlow := &flowexporter.Connection{ FlowKey: tuple, Zone: openflow.CtZone, @@ -77,23 +95,15 @@ func TestConnTrackSystem_DumpFlows(t *testing.T) { // Create nodeConfig and gateWayConfig // Set antreaGWFlow.TupleOrig.IP.DestinationAddress as gateway IP gwConfig := &config.GatewayConfig{ - IPv4: net.IP{8, 7, 6, 5}, + IPv4: gwAddr.AsSlice(), } nodeConfig := &config.NodeConfig{ GatewayConfig: gwConfig, - PodIPv4CIDR: &net.IPNet{ - IP: net.IP{1, 2, 3, 0}, - Mask: net.IPMask{255, 255, 255, 0}, - }, - } - // Create serviceCIDR - serviceCIDR := &net.IPNet{ - IP: net.IP{100, 50, 25, 0}, - Mask: net.IPMask{255, 255, 255, 0}, + PodIPv4CIDR: podCIDR, } // Test the DumpFlows implementation of connTrackSystem mockNetlinkCT := connectionstest.NewMockNetFilterConnTrack(ctrl) - connDumperDPSystem := NewConnTrackSystem(nodeConfig, serviceCIDR, nil, false) + connDumperDPSystem := NewConnTrackSystem(nodeConfig, svcCIDR, netip.Prefix{}, false) connDumperDPSystem.connTrack = mockNetlinkCT // Set expects for mocks @@ -115,21 +125,17 @@ func TestConnTrackOvsAppCtl_DumpFlows(t *testing.T) { // Create nodeConfig and gateWayConfig // Set antreaGWFlow.TupleOrig.IP.DestinationAddress as gateway IP gwConfig := &config.GatewayConfig{ - IPv4: net.IP{8, 7, 6, 5}, + IPv4: gwAddr.AsSlice(), } nodeConfig := &config.NodeConfig{ GatewayConfig: gwConfig, } - // Create serviceCIDR - serviceCIDR := &net.IPNet{ - IP: net.IP{100, 50, 25, 0}, - Mask: net.IPMask{255, 255, 255, 0}, - } + serviceCIDR := netip.MustParsePrefix("10.96.0.0/24") connDumper := &connTrackOvsCtl{ nodeConfig, serviceCIDR, - nil, + netip.Prefix{}, mockOVSCtlClient, false, } @@ -148,13 +154,13 @@ func TestConnTrackOvsAppCtl_DumpFlows(t *testing.T) { StatusFlag: 302, Mark: openflow.ServiceCTMark.GetValue(), FlowKey: flowexporter.Tuple{ - SourceAddress: net.ParseIP("100.10.0.105"), - DestinationAddress: net.ParseIP("100.10.0.106"), + SourceAddress: netip.MustParseAddr("100.10.0.105"), + DestinationAddress: netip.MustParseAddr("100.10.0.106"), Protocol: 6, SourcePort: uint16(41284), DestinationPort: uint16(6443), }, - DestinationServiceAddress: net.ParseIP("10.96.0.1"), + DestinationServiceAddress: netip.MustParseAddr("10.96.0.1"), DestinationServicePort: uint16(443), OriginalPackets: 343260, OriginalBytes: 19340621, @@ -182,7 +188,7 @@ func TestConnTrackOvsAppCtl_DumpFlows(t *testing.T) { } func TestConnTrackSystem_GetMaxConnections(t *testing.T) { - connDumperDPSystem := NewConnTrackSystem(&config.NodeConfig{}, &net.IPNet{}, &net.IPNet{}, false) + connDumperDPSystem := NewConnTrackSystem(&config.NodeConfig{}, netip.Prefix{}, netip.Prefix{}, false) maxConns, err := connDumperDPSystem.GetMaxConnections() assert.NoErrorf(t, err, "GetMaxConnections function returned error: %v", err) expMaxConns, err := sysctl.GetSysctlNet("netfilter/nf_conntrack_max") @@ -198,8 +204,8 @@ func TestConnTrackOvsAppCtl_GetMaxConnections(t *testing.T) { mockOVSCtlClient.EXPECT().RunAppctlCmd("dpctl/ct-get-maxconns", false).Return([]byte(strconv.Itoa(expMaxConns)), nil) connDumper := &connTrackOvsCtl{ &config.NodeConfig{}, - &net.IPNet{}, - &net.IPNet{}, + netip.Prefix{}, + netip.Prefix{}, mockOVSCtlClient, false, } @@ -211,11 +217,20 @@ func TestConnTrackOvsAppCtl_GetMaxConnections(t *testing.T) { func TestNetLinkFlowToAntreaConnection(t *testing.T) { // Create new conntrack flow with status set to assured. netlinkFlow := &conntrack.Flow{ - TupleOrig: conntrackFlowTuple, TupleReply: conntrackFlowTuple, TupleMaster: conntrackFlowTuple, + TupleOrig: conntrackFlowTuple, TupleReply: conntrackFlowTupleReply, TupleMaster: conntrackFlowTuple, Timeout: 123, Status: conntrack.Status{Value: conntrack.StatusAssured}, Mark: 0x1234, Zone: 2, Timestamp: conntrack.Timestamp{Start: time.Date(2020, 7, 25, 8, 40, 8, 959000000, time.UTC)}, } - tuple := flowexporter.Tuple{SourceAddress: conntrackFlowTuple.IP.SourceAddress, DestinationAddress: conntrackFlowTuple.IP.SourceAddress, Protocol: conntrackFlowTuple.Proto.Protocol, SourcePort: conntrackFlowTuple.Proto.SourcePort, DestinationPort: conntrackFlowTuple.Proto.SourcePort} + sourceAddr, _ := netip.AddrFromSlice(conntrackFlowTuple.IP.SourceAddress) + destinationAddr, _ := netip.AddrFromSlice(conntrackFlowTupleReply.IP.SourceAddress) + destinationServiceAddr, _ := netip.AddrFromSlice(conntrackFlowTuple.IP.DestinationAddress) + tuple := flowexporter.Tuple{ + SourceAddress: sourceAddr, + DestinationAddress: destinationAddr, + Protocol: conntrackFlowTuple.Proto.Protocol, + SourcePort: conntrackFlowTuple.Proto.SourcePort, + DestinationPort: conntrackFlowTupleReply.Proto.SourcePort, + } expectedAntreaFlow := &flowexporter.Connection{ Timeout: netlinkFlow.Timeout, StartTime: netlinkFlow.Timestamp.Start, @@ -224,7 +239,7 @@ func TestNetLinkFlowToAntreaConnection(t *testing.T) { StatusFlag: 0x4, Mark: 0x1234, FlowKey: tuple, - DestinationServiceAddress: conntrackFlowTuple.IP.DestinationAddress, + DestinationServiceAddress: destinationServiceAddr, DestinationServicePort: conntrackFlowTuple.Proto.DestinationPort, OriginalPackets: netlinkFlow.CountersOrig.Packets, OriginalBytes: netlinkFlow.CountersOrig.Bytes, @@ -245,7 +260,7 @@ func TestNetLinkFlowToAntreaConnection(t *testing.T) { // Create new conntrack flow with status set to dying connection. netlinkFlow = &conntrack.Flow{ - TupleOrig: conntrackFlowTuple, TupleReply: conntrackFlowTuple, TupleMaster: conntrackFlowTuple, + TupleOrig: conntrackFlowTuple, TupleReply: conntrackFlowTupleReply, TupleMaster: conntrackFlowTuple, Timeout: 123, Status: conntrack.Status{Value: conntrack.StatusAssured | conntrack.StatusDying}, Mark: 0x1234, Zone: 2, Timestamp: conntrack.Timestamp{ Start: time.Date(2020, 7, 25, 8, 40, 8, 959000000, time.UTC), @@ -261,7 +276,7 @@ func TestNetLinkFlowToAntreaConnection(t *testing.T) { StatusFlag: 0x204, Mark: 0x1234, FlowKey: tuple, - DestinationServiceAddress: conntrackFlowTuple.IP.DestinationAddress, + DestinationServiceAddress: destinationServiceAddr, DestinationServicePort: conntrackFlowTuple.Proto.DestinationPort, OriginalPackets: netlinkFlow.CountersOrig.Packets, OriginalBytes: netlinkFlow.CountersOrig.Bytes, diff --git a/pkg/agent/flowexporter/connections/conntrack_others.go b/pkg/agent/flowexporter/connections/conntrack_others.go index d916f80d837..15aacd5a904 100644 --- a/pkg/agent/flowexporter/connections/conntrack_others.go +++ b/pkg/agent/flowexporter/connections/conntrack_others.go @@ -19,7 +19,7 @@ package connections import ( "fmt" - "net" + "net/netip" "strconv" "strings" @@ -33,7 +33,7 @@ type connTrackOvsCtlWindows struct { func (ct *connTrackOvsCtlWindows) GetMaxConnections() (int, error) { var zoneID int - if ct.serviceCIDRv4 != nil { + if !ct.serviceCIDRv4.IsValid() { zoneID = openflow.CtZone } else { zoneID = openflow.CtZoneV6 @@ -57,6 +57,6 @@ func (ct *connTrackOvsCtlWindows) GetMaxConnections() (int, error) { return 0, fmt.Errorf("couldn't find limit field in dpctl/ct-get-limits command output '%s'", cmdOutput) } -func NewConnTrackSystem(nodeConfig *config.NodeConfig, serviceCIDRv4 *net.IPNet, serviceCIDRv6 *net.IPNet, isAntreaProxyEnabled bool) *connTrackOvsCtlWindows { +func NewConnTrackSystem(nodeConfig *config.NodeConfig, serviceCIDRv4 netip.Prefix, serviceCIDRv6 netip.Prefix, isAntreaProxyEnabled bool) *connTrackOvsCtlWindows { return &connTrackOvsCtlWindows{*NewConnTrackOvsAppCtl(nodeConfig, serviceCIDRv4, serviceCIDRv6, isAntreaProxyEnabled)} } diff --git a/pkg/agent/flowexporter/connections/conntrack_ovs.go b/pkg/agent/flowexporter/connections/conntrack_ovs.go index 52e0f89bfba..2df30315d1c 100644 --- a/pkg/agent/flowexporter/connections/conntrack_ovs.go +++ b/pkg/agent/flowexporter/connections/conntrack_ovs.go @@ -17,7 +17,7 @@ package connections import ( "encoding/hex" "fmt" - "net" + "net/netip" "strconv" "strings" "time" @@ -66,13 +66,13 @@ var _ ConnTrackDumper = new(connTrackOvsCtl) type connTrackOvsCtl struct { nodeConfig *config.NodeConfig - serviceCIDRv4 *net.IPNet - serviceCIDRv6 *net.IPNet + serviceCIDRv4 netip.Prefix + serviceCIDRv6 netip.Prefix ovsctlClient ovsctl.OVSCtlClient isAntreaProxyEnabled bool } -func NewConnTrackOvsAppCtl(nodeConfig *config.NodeConfig, serviceCIDRv4 *net.IPNet, serviceCIDRv6 *net.IPNet, isAntreaProxyEnabled bool) *connTrackOvsCtl { +func NewConnTrackOvsAppCtl(nodeConfig *config.NodeConfig, serviceCIDRv4 netip.Prefix, serviceCIDRv6 netip.Prefix, isAntreaProxyEnabled bool) *connTrackOvsCtl { return &connTrackOvsCtl{ nodeConfig, serviceCIDRv4, @@ -148,14 +148,26 @@ func flowStringToAntreaConnection(flow string, zoneFilter uint16) (*flowexporter case strings.Contains(fs, "src"): fields := strings.Split(fs, "=") if !isReply { - conn.FlowKey.SourceAddress = net.ParseIP(fields[len(fields)-1]) + srcAddr, err := netip.ParseAddr(fields[len(fields)-1]) + if err != nil { + return nil, fmt.Errorf("parsing source address failed: %w", err) + } + conn.FlowKey.SourceAddress = srcAddr } else { - conn.FlowKey.DestinationAddress = net.ParseIP(fields[len(fields)-1]) + dstAddr, err := netip.ParseAddr(fields[len(fields)-1]) + if err != nil { + return nil, fmt.Errorf("parsing destination address failed: %w", err) + } + conn.FlowKey.DestinationAddress = dstAddr } case strings.Contains(fs, "dst"): fields := strings.Split(fs, "=") if !isReply { - conn.DestinationServiceAddress = net.ParseIP(fields[len(fields)-1]) + svcAddr, err := netip.ParseAddr(fields[len(fields)-1]) + if err != nil { + return nil, fmt.Errorf("parsing destination service address failed: %w", err) + } + conn.DestinationServiceAddress = svcAddr } case strings.Contains(fs, "sport"): fields := strings.Split(fs, "=") diff --git a/pkg/agent/flowexporter/connections/deny_connections_test.go b/pkg/agent/flowexporter/connections/deny_connections_test.go index 77672287aa0..2b5d7844519 100644 --- a/pkg/agent/flowexporter/connections/deny_connections_test.go +++ b/pkg/agent/flowexporter/connections/deny_connections_test.go @@ -16,7 +16,7 @@ package connections import ( "fmt" - "net" + "net/netip" "testing" "time" @@ -35,7 +35,7 @@ func TestDenyConnectionStore_AddOrUpdateConn(t *testing.T) { ctrl := gomock.NewController(t) // Create flow for testing adding and updating of same connection. refTime := time.Now() - tuple := flowexporter.Tuple{SourceAddress: net.IP{1, 2, 3, 4}, DestinationAddress: net.IP{4, 3, 2, 1}, Protocol: 6, SourcePort: 65280, DestinationPort: 255} + tuple := flowexporter.Tuple{SourceAddress: netip.MustParseAddr("1.2.3.4"), DestinationAddress: netip.MustParseAddr("4.3.2.1"), Protocol: 6, SourcePort: 65280, DestinationPort: 255} servicePortName := k8sproxy.ServicePortName{ NamespacedName: types.NamespacedName{ Namespace: "serviceNS1", diff --git a/pkg/agent/flowexporter/exporter/exporter.go b/pkg/agent/flowexporter/exporter/exporter.go index 51a77ca8eb0..df99ce56e44 100644 --- a/pkg/agent/flowexporter/exporter/exporter.go +++ b/pkg/agent/flowexporter/exporter/exporter.go @@ -428,7 +428,7 @@ func (exp *FlowExporter) addConnToSet(conn *flowexporter.Connection) error { eL := exp.elementsListv4 templateID := exp.templateIDv4 - if conn.FlowKey.SourceAddress.To4() == nil { + if conn.FlowKey.SourceAddress.Is6() { templateID = exp.templateIDv6 eL = exp.elementsListv6 } @@ -452,13 +452,13 @@ func (exp *FlowExporter) addConnToSet(conn *flowexporter.Connection) error { ie.SetUnsigned8Value(ipfixregistry.IdleTimeoutReason) } case "sourceIPv4Address": - ie.SetIPAddressValue(conn.FlowKey.SourceAddress) + ie.SetIPAddressValue(conn.FlowKey.SourceAddress.AsSlice()) case "destinationIPv4Address": - ie.SetIPAddressValue(conn.FlowKey.DestinationAddress) + ie.SetIPAddressValue(conn.FlowKey.DestinationAddress.AsSlice()) case "sourceIPv6Address": - ie.SetIPAddressValue(conn.FlowKey.SourceAddress) + ie.SetIPAddressValue(conn.FlowKey.SourceAddress.AsSlice()) case "destinationIPv6Address": - ie.SetIPAddressValue(conn.FlowKey.DestinationAddress) + ie.SetIPAddressValue(conn.FlowKey.DestinationAddress.AsSlice()) case "sourceTransportPort": ie.SetUnsigned16Value(conn.FlowKey.SourcePort) case "destinationTransportPort": @@ -521,7 +521,7 @@ func (exp *FlowExporter) addConnToSet(conn *flowexporter.Connection) error { } case "destinationClusterIPv4": if conn.DestinationServicePortName != "" { - ie.SetIPAddressValue(conn.DestinationServiceAddress) + ie.SetIPAddressValue(conn.DestinationServiceAddress.AsSlice()) } else { // Sending dummy IP as IPFIX collector expects constant length of data for IP field. // We should probably think of better approach as this involves customization of IPFIX collector to ignore @@ -530,7 +530,7 @@ func (exp *FlowExporter) addConnToSet(conn *flowexporter.Connection) error { } case "destinationClusterIPv6": if conn.DestinationServicePortName != "" { - ie.SetIPAddressValue(conn.DestinationServiceAddress) + ie.SetIPAddressValue(conn.DestinationServiceAddress.AsSlice()) } else { // Same as destinationClusterIPv4. ie.SetIPAddressValue(net.ParseIP("::")) @@ -599,11 +599,11 @@ func (exp *FlowExporter) findFlowType(conn flowexporter.Connection) uint8 { } if exp.nodeRouteController == nil { - klog.Warningf("Can't find flowType without nodeRouteController") + klog.V(4).InfoS("Can't find flowType without nodeRouteController") return 0 } - if exp.nodeRouteController.IPInPodSubnets(conn.FlowKey.SourceAddress) { - if conn.Mark&openflow.ServiceCTMark.GetRange().ToNXRange().ToUint32Mask() == openflow.ServiceCTMark.GetValue() || exp.nodeRouteController.IPInPodSubnets(conn.FlowKey.DestinationAddress) { + if exp.nodeRouteController.IPInPodSubnets(conn.FlowKey.SourceAddress.AsSlice()) { + if conn.Mark&openflow.ServiceCTMark.GetRange().ToNXRange().ToUint32Mask() == openflow.ServiceCTMark.GetValue() || exp.nodeRouteController.IPInPodSubnets(conn.FlowKey.DestinationAddress.AsSlice()) { if conn.SourcePodName == "" || conn.DestinationPodName == "" { return ipfixregistry.FlowTypeInterNode } diff --git a/pkg/agent/flowexporter/exporter/exporter_perf_test.go b/pkg/agent/flowexporter/exporter/exporter_perf_test.go index 43831bb5fd2..ee7dd71a409 100644 --- a/pkg/agent/flowexporter/exporter/exporter_perf_test.go +++ b/pkg/agent/flowexporter/exporter/exporter_perf_test.go @@ -26,6 +26,7 @@ import ( "math" "math/big" "net" + "net/netip" "testing" "time" @@ -245,7 +246,7 @@ func addConns(connStore *connections.ConntrackConnectionStore, expirePriorityQue randomNum := int(getRandomNum(int64(testNumOfConns - testNumOfDyingConns))) for i := 0; i < testNumOfConns; i++ { // create and add connection to connection store - var src, dst, svc net.IP + var src, dst, svc netip.Addr if testWithIPv6 { src = exptest.RandIPv6() dst = exptest.RandIPv6() @@ -293,7 +294,7 @@ func addConns(connStore *connections.ConntrackConnectionStore, expirePriorityQue func addDenyConns(connStore *connections.DenyConnectionStore, expirePriorityQueue *priorityqueue.ExpirePriorityQueue) { for i := 0; i < testNumOfDenyConns; i++ { - var src, dst net.IP + var src, dst netip.Addr if testWithIPv6 { src = exptest.RandIPv6() dst = exptest.RandIPv6() diff --git a/pkg/agent/flowexporter/exporter/exporter_test.go b/pkg/agent/flowexporter/exporter/exporter_test.go index 695c9229837..7dde28e3528 100644 --- a/pkg/agent/flowexporter/exporter/exporter_test.go +++ b/pkg/agent/flowexporter/exporter/exporter_test.go @@ -18,6 +18,7 @@ import ( "context" "fmt" "net" + "net/netip" "strings" "testing" "time" @@ -457,10 +458,10 @@ func getElemList(ianaIE []string, antreaIE []string) []ipfixentities.InfoElement func getConnection(isIPv6 bool, isPresent bool, statusFlag uint32, protoID uint8, tcpState string) *flowexporter.Connection { var tuple flowexporter.Tuple if !isIPv6 { - tuple = flowexporter.Tuple{SourceAddress: net.IP{1, 2, 3, 4}, DestinationAddress: net.IP{4, 3, 2, 1}, Protocol: 6, SourcePort: 65280, DestinationPort: 255} + tuple = flowexporter.Tuple{SourceAddress: netip.MustParseAddr("1.2.3.4"), DestinationAddress: netip.MustParseAddr("4.3.2.1"), Protocol: 6, SourcePort: 65280, DestinationPort: 255} } else { - srcIP := net.ParseIP("2001:0:3238:dfe1:63::fefb") - dstIP := net.ParseIP("2001:0:3238:dfe1:63::fefc") + srcIP := netip.MustParseAddr("2001:0:3238:dfe1:63::fefb") + dstIP := netip.MustParseAddr("2001:0:3238:dfe1:63::fefc") tuple = flowexporter.Tuple{SourceAddress: srcIP, DestinationAddress: dstIP, Protocol: protoID, SourcePort: 65280, DestinationPort: 255} } conn := &flowexporter.Connection{ @@ -494,10 +495,10 @@ func getConnection(isIPv6 bool, isPresent bool, statusFlag uint32, protoID uint8 func getDenyConnection(isIPv6 bool, protoID uint8) *flowexporter.Connection { var tuple, _ flowexporter.Tuple if !isIPv6 { - tuple = flowexporter.Tuple{SourceAddress: net.IP{1, 2, 3, 4}, DestinationAddress: net.IP{4, 3, 2, 1}, Protocol: 6, SourcePort: 65280, DestinationPort: 255} + tuple = flowexporter.Tuple{SourceAddress: netip.MustParseAddr("1.2.3.4"), DestinationAddress: netip.MustParseAddr("4.3.2.1"), Protocol: 6, SourcePort: 65280, DestinationPort: 255} } else { - srcIP := net.ParseIP("2001:0:3238:dfe1:63::fefb") - dstIP := net.ParseIP("2001:0:3238:dfe1:63::fefc") + srcIP := netip.MustParseAddr("2001:0:3238:dfe1:63::fefb") + dstIP := netip.MustParseAddr("2001:0:3238:dfe1:63::fefc") tuple = flowexporter.Tuple{SourceAddress: srcIP, DestinationAddress: dstIP, Protocol: protoID, SourcePort: 65280, DestinationPort: 255} } conn := &flowexporter.Connection{ diff --git a/pkg/agent/flowexporter/priorityqueue/priorityqueue_test.go b/pkg/agent/flowexporter/priorityqueue/priorityqueue_test.go index 14e837c61ac..30d03605399 100644 --- a/pkg/agent/flowexporter/priorityqueue/priorityqueue_test.go +++ b/pkg/agent/flowexporter/priorityqueue/priorityqueue_test.go @@ -16,6 +16,7 @@ package priorityqueue import ( "container/heap" "fmt" + "net/netip" "testing" "time" @@ -24,6 +25,19 @@ import ( "antrea.io/antrea/pkg/agent/flowexporter" ) +func testConnectionKey(x int) flowexporter.ConnectionKey { + if x < 0 || x > 255 { + panic("x must be >= 0 and <= 255") + } + return flowexporter.Tuple{ + SourceAddress: netip.MustParseAddr(fmt.Sprintf("10.0.0.%d", x)), + DestinationAddress: netip.MustParseAddr("10.10.0.1"), + Protocol: 6, + SourcePort: 12345, + DestinationPort: 8080, + } +} + func TestExpirePriorityQueue(t *testing.T) { startTime := time.Now() testFlowsWithExpire := map[int][]time.Time{ @@ -42,12 +56,12 @@ func TestExpirePriorityQueue(t *testing.T) { Index: key, } testPriorityQueue.items = append(testPriorityQueue.items, item) - testPriorityQueue.KeyToItem[flowexporter.ConnectionKey{fmt.Sprintf("%d", key)}] = item + testPriorityQueue.KeyToItem[testConnectionKey(key)] = item } heap.Init(testPriorityQueue) // Test WriteItemToQueue - connKey := flowexporter.ConnectionKey{"3"} + connKey := testConnectionKey(3) conn := flowexporter.Connection{} testPriorityQueue.WriteItemToQueue(connKey, &conn) assert.Equal(t, &conn, testPriorityQueue.KeyToItem[connKey].Conn, "WriteItemToQueue didn't add new conn to map") diff --git a/pkg/agent/flowexporter/testing/addr.go b/pkg/agent/flowexporter/testing/addr.go index d25f8a94e2a..507eb82b2e4 100644 --- a/pkg/agent/flowexporter/testing/addr.go +++ b/pkg/agent/flowexporter/testing/addr.go @@ -16,17 +16,17 @@ package testing import ( "crypto/rand" - "net" + "net/netip" ) -func RandIPv4() net.IP { - ip := make([]byte, net.IPv4len) - rand.Read(ip) - return ip +func RandIPv4() netip.Addr { + var ip [4]byte + rand.Read(ip[:]) + return netip.AddrFrom4(ip) } -func RandIPv6() net.IP { - ip := make([]byte, net.IPv6len) - rand.Read(ip) - return ip +func RandIPv6() netip.Addr { + var ip [16]byte + rand.Read(ip[:]) + return netip.AddrFrom16(ip) } diff --git a/pkg/agent/flowexporter/types.go b/pkg/agent/flowexporter/types.go index cc0867a1631..b9aa6a031cd 100644 --- a/pkg/agent/flowexporter/types.go +++ b/pkg/agent/flowexporter/types.go @@ -15,17 +15,20 @@ package flowexporter import ( - "net" + "net/netip" "time" ) -type ConnectionKey [5]string +// We use a type alias here, as a way to minimize code changes: ConnectionKey used to be its own +// type, and ConnectionKey values were generated from Tuple values. Because of changes to the Tuple +// type (net.IP -> netip.Addr), Tuple is now comparable and can be used as a map key directly. +type ConnectionKey = Tuple type ConnectionMapCallBack func(key ConnectionKey, conn *Connection) error type Tuple struct { - SourceAddress net.IP - DestinationAddress net.IP + SourceAddress netip.Addr + DestinationAddress netip.Addr Protocol uint8 SourcePort uint16 DestinationPort uint16 @@ -60,7 +63,7 @@ type Connection struct { DestinationPodNamespace string DestinationPodName string DestinationServicePortName string - DestinationServiceAddress net.IP + DestinationServiceAddress netip.Addr DestinationServicePort uint16 IngressNetworkPolicyName string IngressNetworkPolicyNamespace string diff --git a/pkg/agent/flowexporter/utils.go b/pkg/agent/flowexporter/utils.go index 7b007ed1863..100891500fc 100644 --- a/pkg/agent/flowexporter/utils.go +++ b/pkg/agent/flowexporter/utils.go @@ -15,8 +15,6 @@ package flowexporter import ( - "strconv" - "github.com/vmware/go-ipfix/pkg/registry" "antrea.io/antrea/pkg/apis/controlplane/v1beta2" @@ -28,12 +26,7 @@ const ( // NewConnectionKey creates 5-tuple of flow as connection key func NewConnectionKey(conn *Connection) ConnectionKey { - return ConnectionKey{conn.FlowKey.SourceAddress.String(), - strconv.FormatUint(uint64(conn.FlowKey.SourcePort), 10), - conn.FlowKey.DestinationAddress.String(), - strconv.FormatUint(uint64(conn.FlowKey.DestinationPort), 10), - strconv.FormatUint(uint64(conn.FlowKey.Protocol), 10), - } + return conn.FlowKey } func IsConnectionDying(conn *Connection) bool { diff --git a/test/integration/agent/flowexporter_test.go b/test/integration/agent/flowexporter_test.go index 4c512dd6822..1ce705bb6ba 100644 --- a/test/integration/agent/flowexporter_test.go +++ b/test/integration/agent/flowexporter_test.go @@ -19,7 +19,7 @@ package agent import ( "fmt" - "net" + "net/netip" "testing" "time" @@ -53,7 +53,7 @@ func createConnsForTest() ([]*flowexporter.Connection, []*flowexporter.Connectio testConns := make([]*flowexporter.Connection, 2) testConnKeys := make([]*flowexporter.ConnectionKey, 2) // Flow-1 - tuple1 := flowexporter.Tuple{SourceAddress: net.IP{1, 2, 3, 4}, DestinationAddress: net.IP{4, 3, 2, 1}, Protocol: 6, SourcePort: 65280, DestinationPort: 255} + tuple1 := flowexporter.Tuple{SourceAddress: netip.MustParseAddr("1.2.3.4"), DestinationAddress: netip.MustParseAddr("4.3.2.1"), Protocol: 6, SourcePort: 65280, DestinationPort: 255} testConn1 := &flowexporter.Connection{ StartTime: refTime.Add(-(time.Second * 50)), StopTime: refTime, @@ -67,7 +67,7 @@ func createConnsForTest() ([]*flowexporter.Connection, []*flowexporter.Connectio testConns[0] = testConn1 testConnKeys[0] = &testConnKey1 // Flow-2 - tuple2 := flowexporter.Tuple{SourceAddress: net.IP{5, 6, 7, 8}, DestinationAddress: net.IP{8, 7, 6, 5}, Protocol: 6, SourcePort: 60001, DestinationPort: 200} + tuple2 := flowexporter.Tuple{SourceAddress: netip.MustParseAddr("5.6.7.8"), DestinationAddress: netip.MustParseAddr("8.7.6.5"), Protocol: 6, SourcePort: 60001, DestinationPort: 200} testConn2 := &flowexporter.Connection{ StartTime: refTime.Add(-(time.Second * 20)), StopTime: refTime, @@ -84,7 +84,7 @@ func createConnsForTest() ([]*flowexporter.Connection, []*flowexporter.Connectio return testConns, testConnKeys } -func preparePodInformation(podName string, podNS string, ip *net.IP) *v1.Pod { +func preparePodInformation(podName string, podNS string, ip netip.Addr) *v1.Pod { pod := &v1.Pod{ ObjectMeta: metav1.ObjectMeta{ Namespace: podNS, @@ -112,8 +112,8 @@ func TestConnectionStoreAndFlowRecords(t *testing.T) { // Prepare connections and pod store for test testConns, testConnKeys := createConnsForTest() testPods := make([]*v1.Pod, 2) - testPods[0] = preparePodInformation("pod1", "ns1", &testConns[0].FlowKey.SourceAddress) - testPods[1] = preparePodInformation("pod2", "ns2", &testConns[1].FlowKey.DestinationAddress) + testPods[0] = preparePodInformation("pod1", "ns1", testConns[0].FlowKey.SourceAddress) + testPods[1] = preparePodInformation("pod2", "ns2", testConns[1].FlowKey.DestinationAddress) // Create connectionStore, FlowRecords and associated mocks connDumperMock := connectionstest.NewMockConnTrackDumper(ctrl)