Merge pull request #9027 from coutinhop/auto-pick-of-#8913-upstream-r…

…elease-v3.26 [release-v3.26] Auto pick #8913: updating the logic for stale endpoint management
projectcalico · Jul 18, 2024 · 65f4054 · 65f4054
2 parents 72ba4a3 + 79888aa
commit 65f4054
Show file tree

Hide file tree

Showing 8 changed files with 218 additions and 185 deletions.
diff --git a/cni-plugin/pkg/ipamplugin/ipam_plugin.go b/cni-plugin/pkg/ipamplugin/ipam_plugin.go
@@ -110,7 +110,13 @@ func Main(version string) {
 		os.Exit(0)
 	}
 
-	skel.PluginMain(cmdAdd, nil, cmdDel,
+	funcs := skel.CNIFuncs{
+		Add:   cmdAdd,
+		Check: nil,
+		Del:   cmdDel,
+	}
+
+	skel.PluginMainFuncs(funcs,
 		cniSpecVersion.PluginSupports("0.1.0", "0.2.0", "0.3.0", "0.3.1", "0.4.0", "1.0.0"),
 		"Calico CNI IPAM "+version)
 }

diff --git a/cni-plugin/pkg/plugin/plugin.go b/cni-plugin/pkg/plugin/plugin.go
@@ -753,7 +753,12 @@ func Main(version string) {
 		os.Exit(1)
 	}
 
-	skel.PluginMain(cmdAdd, cmdDummyCheck, cmdDel,
+	funcs := skel.CNIFuncs{
+		Add:   cmdAdd,
+		Del:   cmdDel,
+		Check: cmdDummyCheck,
+	}
+	skel.PluginMainFuncs(funcs,
 		cniSpecVersion.PluginSupports("0.1.0", "0.2.0", "0.3.0", "0.3.1", "0.4.0", "1.0.0"),
 		"Calico CNI plugin "+version)
 }
diff --git a/felix/bpf/maps/syscall.go b/felix/bpf/maps/syscall.go
@@ -17,7 +17,6 @@
 package maps
 
 import (
-	"reflect"
 	"runtime"
 	"unsafe"
 
@@ -260,11 +259,11 @@ func (m *Iterator) Next() (k, v []byte, err error) {
 			unsafe.Pointer(uintptr(m.keys)+uintptr(m.keyStride*(m.numEntriesLoaded-1))), (C.size_t)(m.keySize))
 	}
 
-	currentKeyPtr := unsafe.Pointer(uintptr(m.keys) + uintptr(m.keyStride*(m.entryIdx)))
-	currentValPtr := unsafe.Pointer(uintptr(m.values) + uintptr(m.valueStride*(m.entryIdx)))
+	currentKeyPtr := (*byte)(unsafe.Pointer(uintptr(m.keys) + uintptr(m.keyStride*(m.entryIdx))))
+	currentValPtr := (*byte)(unsafe.Pointer(uintptr(m.values) + uintptr(m.valueStride*(m.entryIdx))))
 
-	k = ptrToSlice(currentKeyPtr, m.keySize)
-	v = ptrToSlice(currentValPtr, m.valueSize)
+	k = unsafe.Slice(currentKeyPtr, m.keySize)
+	v = unsafe.Slice(currentValPtr, m.valueSize)
 
 	m.entryIdx++
 	m.numEntriesVisited++
@@ -278,14 +277,6 @@ func (m *Iterator) Next() (k, v []byte, err error) {
 	return
 }
 
-func ptrToSlice(ptr unsafe.Pointer, size int) (b []byte) {
-	keySliceHdr := (*reflect.SliceHeader)(unsafe.Pointer(&b))
-	keySliceHdr.Data = uintptr(ptr)
-	keySliceHdr.Cap = size
-	keySliceHdr.Len = size
-	return
-}
-
 func (m *Iterator) Close() error {
 	C.free(m.keyBeforeNextBatch)
 	m.keyBeforeNextBatch = nil

diff --git a/felix/dataplane/windows/endpoint_mgr.go b/felix/dataplane/windows/endpoint_mgr.go
@@ -84,7 +84,6 @@ type endpointManager struct {
 type hnsInterface interface {
 	GetHNSSupportedFeatures() hns.HNSSupportedFeatures
 	HNSListEndpointRequest() ([]hns.HNSEndpoint, error)
-	GetAttachedContainerIDs(endpoint *hns.HNSEndpoint) ([]string, error)
 }
 
 func newEndpointManager(hns hnsInterface, policysets policysets.PolicySetsDataplane) *endpointManager {
@@ -189,18 +188,10 @@ func (m *endpointManager) RefreshHnsEndpointCache(forceRefresh bool) error {
 			continue
 		}
 
-		// Some CNI plugins do not clear endpoint properly when a pod has been torn down.
-		// In that case, it is possible Felix sees multiple endpoints with the same IP.
-		// We need to filter out inactive endpoints that do not attach to any container.
-		containers, err := m.hns.GetAttachedContainerIDs(&endpoint)
-		if err != nil {
-			log.WithFields(log.Fields{
-				"id":   endpoint.Id,
-				"name": endpoint.Name,
-			}).Warn("Failed to get attached containers")
-			continue
-		}
-		if len(containers) == 0 {
+		// An endpoint is considered to be active if its state is Attached or AttachedSharing.
+		// Note: Endpoint.State attribute is dependent on HNS v1 api. If hcsshim upgrades to HNS v2
+		// api this will break. We then need to Reach out to Microsoft to facilate the change via HNS.
+		if endpoint.State.String() != "Attached" && endpoint.State.String() != "AttachedSharing" {
 			log.WithFields(log.Fields{
 				"id":   endpoint.Id,
 				"name": endpoint.Name,

diff --git a/felix/dataplane/windows/hns/hns_linux.go b/felix/dataplane/windows/hns/hns_linux.go
@@ -46,18 +46,19 @@ type PolicyType string
 
 // RequestType const
 const (
-	Nat                  PolicyType = "Nat"
+	Nat                  PolicyType = "NAT"
 	ACL                  PolicyType = "ACL"
 	PA                   PolicyType = "PA"
 	VLAN                 PolicyType = "VLAN"
 	VSID                 PolicyType = "VSID"
-	VNet                 PolicyType = "VNet"
+	VNet                 PolicyType = "VNET"
 	L2Driver             PolicyType = "L2Driver"
 	Isolation            PolicyType = "Isolation"
 	QOS                  PolicyType = "QOS"
-	OutboundNat          PolicyType = "OutboundNat"
-	ExternalLoadBalancer PolicyType = "ExternalLoadBalancer"
-	Route                PolicyType = "Route"
+	OutboundNat          PolicyType = "OutBoundNAT"
+	ExternalLoadBalancer PolicyType = "ELB"
+	Route                PolicyType = "ROUTE"
+	Proxy                PolicyType = "PROXY"
 )
 
 // Not currently used on Linux...
@@ -75,6 +76,8 @@ const (
 //type PaPolicy = hcsshim.PaPolicy
 //
 //type OutboundNatPolicy = hcsshim.OutboundNatPolicy
+//
+//type ProxyPolicy = hcsshim.ProxyPolicy
 
 type ActionType string
 type DirectionType string
@@ -111,27 +114,56 @@ type ACLPolicy struct {
 }
 
 type Policy struct {
+	Type PolicyType `json:"Type"`
 }
 
 // Types from hnsendpoint.go.
 
+// EndpointState represents the states of an HNS Endpoint lifecycle.
+type EndpointState uint16
+
+const (
+	Uninitialized   EndpointState = iota
+	Created         EndpointState = 1
+	Attached        EndpointState = 2
+	AttachedSharing EndpointState = 3
+	Detached        EndpointState = 4
+	Degraded        EndpointState = 5
+	Destroyed       EndpointState = 6
+)
+
+// EndpointState const
+// The lifecycle of an Endpoint goes through created, attached, AttachedSharing - endpoint is being shared with other containers,
+// detached, after being attached, degraded and finally destroyed.
+func (es EndpointState) String() string {
+	return [...]string{"Uninitialized", "Attached", "AttachedSharing", "Detached", "Degraded", "Destroyed"}[es]
+}
+
 // HNSEndpoint represents a network endpoint in HNS
 type HNSEndpoint struct {
-	Id                 string
-	Name               string
-	VirtualNetwork     string
-	VirtualNetworkName string
-	Policies           []json.RawMessage
-	MacAddress         string
-	IPAddress          net.IP
-	DNSSuffix          string
-	DNSServerList      string
-	GatewayAddress     string
-	EnableInternalDNS  bool
-	DisableICC         bool
-	PrefixLength       uint8
-	IsRemoteEndpoint   bool
-	// Namespace          *Namespace
+	Id                 string            `json:"ID,omitempty"`
+	Name               string            `json:",omitempty"`
+	VirtualNetwork     string            `json:",omitempty"`
+	VirtualNetworkName string            `json:",omitempty"`
+	Policies           []json.RawMessage `json:",omitempty"`
+	MacAddress         string            `json:",omitempty"`
+	IPAddress          net.IP            `json:",omitempty"`
+	IPv6Address        net.IP            `json:",omitempty"`
+	DNSSuffix          string            `json:",omitempty"`
+	DNSServerList      string            `json:",omitempty"`
+	DNSDomain          string            `json:",omitempty"`
+	GatewayAddress     string            `json:",omitempty"`
+	GatewayAddressV6   string            `json:",omitempty"`
+	EnableInternalDNS  bool              `json:",omitempty"`
+	DisableICC         bool              `json:",omitempty"`
+	PrefixLength       uint8             `json:",omitempty"`
+	IPv6PrefixLength   uint8             `json:",omitempty"`
+	IsRemoteEndpoint   bool              `json:",omitempty"`
+	EnableLowMetric    bool              `json:",omitempty"`
+	//Namespace          *Namespace        `json:",omitempty"`
+	EncapOverhead    uint16        `json:",omitempty"`
+	SharedContainers []string      `json:",omitempty"`
+	State            EndpointState `json:",omitempty"`
 }
 
 // ApplyACLPolicy applies a set of ACL Policies on the Endpoint
@@ -148,7 +180,3 @@ func (a API) GetHNSSupportedFeatures() HNSSupportedFeatures {
 func (a API) HNSListEndpointRequest() ([]HNSEndpoint, error) {
 	return nil, nil
 }
-
-func (_ API) GetAttachedContainerIDs(endpoint *HNSEndpoint) ([]string, error) {
-	return nil, nil
-}
diff --git a/felix/dataplane/windows/hns/hns_windows.go b/felix/dataplane/windows/hns/hns_windows.go
@@ -104,7 +104,3 @@ func (_ API) GetHNSSupportedFeatures() HNSSupportedFeatures {
 func (_ API) HNSListEndpointRequest() ([]HNSEndpoint, error) {
 	return hcsshim.HNSListEndpointRequest()
 }
-
-func (_ API) GetAttachedContainerIDs(endpoint *HNSEndpoint) ([]string, error) {
-	return endpoint.GetAttachedContainerIDs()
-}