Address comments

Signed-off-by: graysonwu <wgrayson@vmware.com>
antrea-io · Aug 16, 2023 · 4c16e5e · 4c16e5e
1 parent e7ff6aa
commit 4c16e5e
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 24 deletions.
diff --git a/pkg/agent/openflow/network_policy.go b/pkg/agent/openflow/network_policy.go
@@ -75,11 +75,11 @@ var (
 	MatchLabelID        = types.NewMatchKey(binding.ProtocolIP, types.LabelIDAddr, "tun_id")
 	MatchTCPFlags       = types.NewMatchKey(binding.ProtocolTCP, types.TCPFlagsAddr, "tcp_flags")
 	MatchTCPv6Flags     = types.NewMatchKey(binding.ProtocolTCPv6, types.TCPFlagsAddr, "tcp_flags")
-	// Match value of MatchCTStatePositive will be used as positive CT state match(+).
-	// The value should follow the format "state1,state2".
-	// For example, if the match value is "rpl,trk", it will be translated to ct_state=+rpl+trk.
-	MatchCTStatePositive = types.NewMatchKey(binding.ProtocolIP, types.CTStateAddr, "ct_state")
-	Unsupported          = types.NewMatchKey(binding.ProtocolIP, types.UnSupported, "unknown")
+	// MatchCTStateRpl should be used with nil matchValue. MatchPair with
+	// MatchCTStateRpl as the matchKey will be automatically translated to
+	// `ct_state=+rpl+trk`.
+	MatchCTStateRpl = types.NewMatchKey(binding.ProtocolIP, types.CTStateAddr, "ct_state")
+	Unsupported     = types.NewMatchKey(binding.ProtocolIP, types.UnSupported, "unknown")
 
 	// metricFlowIdentifier is used to identify metric flows in metric table.
 	// There could be other flows like default flow and Traceflow flows in the table. Only metric flows are supposed to
@@ -731,8 +731,7 @@ func (c *client) NewDNSPacketInConjunction(id uint32) error {
 					matchValue: types.BitRange{Value: uint16(dnsPort)},
 				},
 				{
-					matchKey:   MatchCTStatePositive,
-					matchValue: "rpl,trk",
+					matchKey: MatchCTStateRpl,
 				},
 			}
 			udpMatch.matchPairs = []matchPair{
@@ -741,8 +740,7 @@ func (c *client) NewDNSPacketInConjunction(id uint32) error {
 					matchValue: types.BitRange{Value: uint16(dnsPort)},
 				},
 				{
-					matchKey:   MatchCTStatePositive,
-					matchValue: "rpl,trk",
+					matchKey: MatchCTStateRpl,
 				},
 			}
 		} else if proto == binding.ProtocolIPv6 {
@@ -752,8 +750,7 @@ func (c *client) NewDNSPacketInConjunction(id uint32) error {
 					matchValue: types.BitRange{Value: uint16(dnsPort)},
 				},
 				{
-					matchKey:   MatchCTStatePositive,
-					matchValue: "rpl,trk",
+					matchKey: MatchCTStateRpl,
 				},
 			}
 			udpMatch.matchPairs = []matchPair{
@@ -762,8 +759,7 @@ func (c *client) NewDNSPacketInConjunction(id uint32) error {
 					matchValue: types.BitRange{Value: uint16(dnsPort)},
 				},
 				{
-					matchKey:   MatchCTStatePositive,
-					matchValue: "rpl,trk",
+					matchKey: MatchCTStateRpl,
 				},
 			}
 		}

diff --git a/pkg/agent/openflow/pipeline.go b/pkg/agent/openflow/pipeline.go
@@ -19,7 +19,6 @@ import (
 	"fmt"
 	"net"
 	"sort"
-	"strings"
 	"sync"
 	"time"
 
@@ -2095,16 +2094,9 @@ func (f *featureNetworkPolicy) addFlowMatch(fb binding.FlowBuilder, matchKey *ty
 		fb = fb.MatchProtocol(matchKey.GetOFProtocol())
 		tcpFlag := matchValue.(TCPFlags)
 		fb = fb.MatchTCPFlags(tcpFlag.Flag, tcpFlag.Mask)
-	case MatchCTStatePositive:
-		states := matchValue.(string)
-		for _, state := range strings.Split(states, ",") {
-			switch state {
-			case "rpl":
-				fb = fb.MatchCTStateRpl(true)
-			case "trk":
-				fb = fb.MatchCTStateTrk(true)
-			}
-		}
+	case MatchCTStateRpl:
+		fb = fb.MatchCTStateRpl(true).
+			MatchCTStateTrk(true)
 	}
 	return fb
 }