diff --git a/build/charts/antrea/crds/traceflow.yaml b/build/charts/antrea/crds/traceflow.yaml index 2df4650a1a0..115aa5f2257 100644 --- a/build/charts/antrea/crds/traceflow.yaml +++ b/build/charts/antrea/crds/traceflow.yaml @@ -217,6 +217,8 @@ spec: type: string egressNode: type: string + srcPodIP: + type: string capturedPacket: properties: srcIP: diff --git a/build/yamls/antrea-aks.yml b/build/yamls/antrea-aks.yml index 1856ea30c8e..5581d58a19a 100644 --- a/build/yamls/antrea-aks.yml +++ b/build/yamls/antrea-aks.yml @@ -3101,6 +3101,8 @@ spec: type: string egressNode: type: string + srcPodIP: + type: string capturedPacket: properties: srcIP: diff --git a/build/yamls/antrea-crds.yml b/build/yamls/antrea-crds.yml index d047fa88444..b41fc8e8e16 100644 --- a/build/yamls/antrea-crds.yml +++ b/build/yamls/antrea-crds.yml @@ -3074,6 +3074,8 @@ spec: type: string egressNode: type: string + srcPodIP: + type: string capturedPacket: properties: srcIP: diff --git a/build/yamls/antrea-eks.yml b/build/yamls/antrea-eks.yml index d59e30e5f71..e60b8f5c8f9 100644 --- a/build/yamls/antrea-eks.yml +++ b/build/yamls/antrea-eks.yml @@ -3101,6 +3101,8 @@ spec: type: string egressNode: type: string + srcPodIP: + type: string capturedPacket: properties: srcIP: diff --git a/build/yamls/antrea-gke.yml b/build/yamls/antrea-gke.yml index 33a0f87d118..89bc22a6b17 100644 --- a/build/yamls/antrea-gke.yml +++ b/build/yamls/antrea-gke.yml @@ -3101,6 +3101,8 @@ spec: type: string egressNode: type: string + srcPodIP: + type: string capturedPacket: properties: srcIP: diff --git a/build/yamls/antrea-ipsec.yml b/build/yamls/antrea-ipsec.yml index 702ec6728e4..8fd77921733 100644 --- a/build/yamls/antrea-ipsec.yml +++ b/build/yamls/antrea-ipsec.yml @@ -3101,6 +3101,8 @@ spec: type: string egressNode: type: string + srcPodIP: + type: string capturedPacket: properties: srcIP: diff --git a/build/yamls/antrea.yml b/build/yamls/antrea.yml index 76fb1bf1cce..b7d129b0c88 100644 --- a/build/yamls/antrea.yml +++ b/build/yamls/antrea.yml @@ -3101,6 +3101,8 @@ spec: type: string egressNode: type: string + srcPodIP: + type: string capturedPacket: properties: srcIP: diff --git a/pkg/agent/controller/traceflow/packetin.go b/pkg/agent/controller/traceflow/packetin.go index f67b8fdac3d..c0ebf593536 100644 --- a/pkg/agent/controller/traceflow/packetin.go +++ b/pkg/agent/controller/traceflow/packetin.go @@ -173,6 +173,17 @@ func (c *Controller) parsePacketIn(pktIn *ofctrl.PacketIn) (*crdv1beta1.Traceflo ob := new(crdv1beta1.Observation) ob.Component = crdv1beta1.ComponentSpoofGuard ob.Action = crdv1beta1.ActionForwarded + // For SNATed packet(hairpin), ipSrc and ctNwSrc are different. + // We noticed that ctNwSrc is invalid for ICMPv6 packets: it should contain + // the original src Pod IP but it is always empty due to an issue in OVS. + // https://github.com/openvswitch/ovs-issues/issues/327 + if isValidCtNw(ctNwSrc) { + ob.SrcPodIP = ctNwSrc + } else { + // Incase of ICMPv6, since ctNwSrc is invalid, we can use ipSrc as + // hairpin is not applicable in ICMPv6, so ipSrc always contain src pod IP. + ob.SrcPodIP = ipSrc + } obs = append(obs, *ob) } else { ob := new(crdv1beta1.Observation) @@ -461,10 +472,7 @@ func isValidCtNw(ipStr string) bool { } // Reserved by IETF [RFC3513][RFC4291] _, cidr, _ := net.ParseCIDR("0000::/8") - if cidr.Contains(ip) { - return false - } - return true + return !cidr.Contains(ip) } func parseCapturedPacket(pktIn *ofctrl.PacketIn) *crdv1beta1.Packet { diff --git a/pkg/agent/controller/traceflow/packetin_test.go b/pkg/agent/controller/traceflow/packetin_test.go index bd6e97d30dc..253405820bf 100644 --- a/pkg/agent/controller/traceflow/packetin_test.go +++ b/pkg/agent/controller/traceflow/packetin_test.go @@ -209,8 +209,8 @@ func getTestPacketBytes(dstIP string) []byte { Protocol: uint8(8), DSCP: 1, Length: 20, - NWSrc: net.IP(pod1IPv4), - NWDst: net.IP(dstIP), + NWSrc: net.ParseIP(pod1IPv4), + NWDst: net.ParseIP(dstIP), } ethernetPkt := protocol.NewEthernet() ethernetPkt.HWSrc = pod1MAC @@ -238,6 +238,13 @@ func TestParsePacketIn(t *testing.T) { Data: 1, }, } + matchCTSrc := &openflow15.MatchField{ + Class: openflow15.OXM_CLASS_NXM_1, + Field: openflow15.NXM_NX_CT_NW_SRC, + Value: &openflow15.Ipv4SrcField{ + Ipv4Src: net.ParseIP(pod1IPv4), + }, + } matchTunDst := openflow15.NewTunnelIpv4DstField(net.ParseIP(egressIP), nil) conjData := make([]byte, 8) @@ -298,7 +305,7 @@ func TestParsePacketIn(t *testing.T) { PacketIn: &openflow15.PacketIn{ TableId: openflow.OutputTable.GetID(), Match: openflow15.Match{ - Fields: []openflow15.MatchField{*matchOutPort, *matchPktMark}, + Fields: []openflow15.MatchField{*matchOutPort, *matchPktMark, *matchCTSrc}, }, Data: util.NewBuffer(pktBytesPodToIP), }, @@ -329,6 +336,7 @@ func TestParsePacketIn(t *testing.T) { { Component: crdv1beta1.ComponentSpoofGuard, Action: crdv1beta1.ActionForwarded, + SrcPodIP: pod1IPv4, }, { Component: crdv1beta1.ComponentEgress, @@ -365,6 +373,8 @@ func TestParsePacketIn(t *testing.T) { PacketIn: &openflow15.PacketIn{ TableId: openflow.OutputTable.GetID(), Match: openflow15.Match{ + // We are omitting matchCTSrc intentionally here to test + // the case where there is no valid ct_nw_src match in the packet metadata. Fields: []openflow15.MatchField{*matchTunDst, *matchOutPort}, }, Data: util.NewBuffer(pktBytesPodToIP), @@ -396,6 +406,7 @@ func TestParsePacketIn(t *testing.T) { { Component: crdv1beta1.ComponentSpoofGuard, Action: crdv1beta1.ActionForwarded, + SrcPodIP: pod1IPv4, }, { Component: crdv1beta1.ComponentEgress, @@ -489,7 +500,7 @@ func TestParsePacketIn(t *testing.T) { PacketIn: &openflow15.PacketIn{ TableId: openflow.EgressRuleTable.GetID(), Match: openflow15.Match{ - Fields: []openflow15.MatchField{*matchTFEgressConjID}, + Fields: []openflow15.MatchField{*matchTFEgressConjID, *matchCTSrc}, }, Data: util.NewBuffer(pktBytesPodToPod), }, @@ -531,6 +542,7 @@ func TestParsePacketIn(t *testing.T) { { Component: crdv1beta1.ComponentSpoofGuard, Action: crdv1beta1.ActionForwarded, + SrcPodIP: pod1IPv4, }, { Component: crdv1beta1.ComponentNetworkPolicy, @@ -618,7 +630,7 @@ func TestParsePacketIn(t *testing.T) { PacketIn: &openflow15.PacketIn{ TableId: openflow.EgressMetricTable.GetID(), Match: openflow15.Match{ - Fields: []openflow15.MatchField{*matchAPConjID}, + Fields: []openflow15.MatchField{*matchAPConjID, *matchCTSrc}, }, Data: util.NewBuffer(pktBytesPodToPod), }, @@ -658,6 +670,7 @@ func TestParsePacketIn(t *testing.T) { { Component: crdv1beta1.ComponentSpoofGuard, Action: crdv1beta1.ActionForwarded, + SrcPodIP: pod1IPv4, }, { Component: crdv1beta1.ComponentNetworkPolicy, diff --git a/pkg/apis/crd/v1beta1/types.go b/pkg/apis/crd/v1beta1/types.go index 8c81064b4f8..6f3dc018d82 100644 --- a/pkg/apis/crd/v1beta1/types.go +++ b/pkg/apis/crd/v1beta1/types.go @@ -1268,6 +1268,8 @@ type Observation struct { EgressIP string `json:"egressIP,omitempty" yaml:"egressIP,omitempty"` // EgressNode is the name of the Egress Node. EgressNode string `json:"egressNode,omitempty" yaml:"egressNode,omitempty"` + // SrcPodIP is the IP of source Pod. + SrcPodIP string `json:"srcPodIP,omitempty" yaml:"srcPodIP,omitempty"` } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object diff --git a/pkg/apiserver/openapi/zz_generated.openapi.go b/pkg/apiserver/openapi/zz_generated.openapi.go index bf58ce0d326..2350ef80363 100644 --- a/pkg/apiserver/openapi/zz_generated.openapi.go +++ b/pkg/apiserver/openapi/zz_generated.openapi.go @@ -5401,6 +5401,13 @@ func schema_pkg_apis_crd_v1beta1_Observation(ref common.ReferenceCallback) commo Format: "", }, }, + "srcPodIP": { + SchemaProps: spec.SchemaProps{ + Description: "SrcPodIP is the IP of source Pod.", + Type: []string{"string"}, + Format: "", + }, + }, }, }, }, diff --git a/test/e2e/traceflow_test.go b/test/e2e/traceflow_test.go index f8df547836e..dff030cc045 100644 --- a/test/e2e/traceflow_test.go +++ b/test/e2e/traceflow_test.go @@ -115,12 +115,20 @@ func testTraceflowIntraNodeANNP(t *testing.T, data *TestData) { nodeIdx = clusterInfo.windowsNodes[0] } node1 := nodeName(nodeIdx) - node1Pods, _, node1CleanupFn := createTestAgnhostPods(t, data, 3, data.testNamespace, node1) + node1Pods, node1PodIPs, node1CleanupFn := createTestAgnhostPods(t, data, 3, data.testNamespace, node1) defer node1CleanupFn() // Give a little time for Windows containerd Nodes to setup OVS. // Containerd configures port asynchronously, which could cause execution time of installing flow longer than docker. time.Sleep(time.Second * 1) + var pod0IPv4Str, pod0IPv6Str string + if node1PodIPs[0].IPv4 != nil { + pod0IPv4Str = node1PodIPs[0].IPv4.String() + } + if node1PodIPs[0].IPv6 != nil { + pod0IPv6Str = node1PodIPs[0].IPv6.String() + } + var denyIngress *v1beta1.NetworkPolicy denyIngressName := "test-annp-deny-ingress" if denyIngress, err = data.createANNPDenyIngress("antrea-e2e", node1Pods[1], denyIngressName, false); err != nil { @@ -187,6 +195,7 @@ func testTraceflowIntraNodeANNP(t *testing.T, data *TestData) { { Component: v1beta1.ComponentSpoofGuard, Action: v1beta1.ActionForwarded, + SrcPodIP: pod0IPv4Str, }, { Component: v1beta1.ComponentNetworkPolicy, @@ -237,6 +246,7 @@ func testTraceflowIntraNodeANNP(t *testing.T, data *TestData) { { Component: v1beta1.ComponentSpoofGuard, Action: v1beta1.ActionForwarded, + SrcPodIP: pod0IPv4Str, }, { Component: v1beta1.ComponentNetworkPolicy, @@ -287,6 +297,7 @@ func testTraceflowIntraNodeANNP(t *testing.T, data *TestData) { { Component: v1beta1.ComponentSpoofGuard, Action: v1beta1.ActionForwarded, + SrcPodIP: pod0IPv6Str, }, { Component: v1beta1.ComponentNetworkPolicy, @@ -325,10 +336,13 @@ func testTraceflowIntraNode(t *testing.T, data *TestData) { // Give a little time for Windows containerd Nodes to setup OVS. // Containerd configures port asynchronously, which could cause execution time of installing flow longer than docker. time.Sleep(time.Second * 1) - var pod0IPv4Str, pod1IPv4Str, dstPodIPv4Str, dstPodIPv6Str string + var pod0IPv4Str, pod0IPv6Str, pod1IPv4Str, dstPodIPv4Str, dstPodIPv6Str string if node1IPs[0].IPv4 != nil { pod0IPv4Str = node1IPs[0].IPv4.String() } + if node1IPs[0].IPv6 != nil { + pod0IPv6Str = node1IPs[0].IPv6.String() + } if node1IPs[1].IPv4 != nil { pod1IPv4Str = node1IPs[1].IPv4.String() } @@ -423,6 +437,7 @@ func testTraceflowIntraNode(t *testing.T, data *TestData) { { Component: v1beta1.ComponentSpoofGuard, Action: v1beta1.ActionForwarded, + SrcPodIP: pod0IPv4Str, }, { Component: v1beta1.ComponentNetworkPolicy, @@ -476,6 +491,7 @@ func testTraceflowIntraNode(t *testing.T, data *TestData) { { Component: v1beta1.ComponentSpoofGuard, Action: v1beta1.ActionForwarded, + SrcPodIP: pod0IPv4Str, }, { Component: v1beta1.ComponentNetworkPolicy, @@ -528,6 +544,7 @@ func testTraceflowIntraNode(t *testing.T, data *TestData) { { Component: v1beta1.ComponentSpoofGuard, Action: v1beta1.ActionForwarded, + SrcPodIP: pod0IPv4Str, }, { Component: v1beta1.ComponentNetworkPolicy, @@ -574,6 +591,7 @@ func testTraceflowIntraNode(t *testing.T, data *TestData) { { Component: v1beta1.ComponentSpoofGuard, Action: v1beta1.ActionForwarded, + SrcPodIP: pod0IPv4Str, }, { Component: v1beta1.ComponentNetworkPolicy, @@ -638,6 +656,7 @@ func testTraceflowIntraNode(t *testing.T, data *TestData) { { Component: v1beta1.ComponentSpoofGuard, Action: v1beta1.ActionForwarded, + SrcPodIP: pod0IPv4Str, }, { Component: v1beta1.ComponentNetworkPolicy, @@ -753,6 +772,7 @@ func testTraceflowIntraNode(t *testing.T, data *TestData) { { Component: v1beta1.ComponentSpoofGuard, Action: v1beta1.ActionForwarded, + SrcPodIP: pod0IPv6Str, }, { Component: v1beta1.ComponentNetworkPolicy, @@ -806,6 +826,7 @@ func testTraceflowIntraNode(t *testing.T, data *TestData) { { Component: v1beta1.ComponentSpoofGuard, Action: v1beta1.ActionForwarded, + SrcPodIP: pod0IPv6Str, }, { Component: v1beta1.ComponentNetworkPolicy, @@ -858,6 +879,7 @@ func testTraceflowIntraNode(t *testing.T, data *TestData) { { Component: v1beta1.ComponentSpoofGuard, Action: v1beta1.ActionForwarded, + SrcPodIP: pod0IPv6Str, }, { Component: v1beta1.ComponentNetworkPolicy, @@ -904,6 +926,7 @@ func testTraceflowIntraNode(t *testing.T, data *TestData) { { Component: v1beta1.ComponentSpoofGuard, Action: v1beta1.ActionForwarded, + SrcPodIP: pod0IPv6Str, }, { Component: v1beta1.ComponentNetworkPolicy, @@ -978,6 +1001,7 @@ func testTraceflowIntraNode(t *testing.T, data *TestData) { { Component: v1beta1.ComponentSpoofGuard, Action: v1beta1.ActionForwarded, + SrcPodIP: pod0IPv6Str, }, { Component: v1beta1.ComponentNetworkPolicy, @@ -1027,6 +1051,7 @@ func testTraceflowIntraNode(t *testing.T, data *TestData) { { Component: v1beta1.ComponentSpoofGuard, Action: v1beta1.ActionForwarded, + SrcPodIP: pod0IPv4Str, }, { Component: v1beta1.ComponentNetworkPolicy, @@ -1076,6 +1101,7 @@ func testTraceflowIntraNode(t *testing.T, data *TestData) { { Component: v1beta1.ComponentSpoofGuard, Action: v1beta1.ActionForwarded, + SrcPodIP: pod0IPv6Str, }, { Component: v1beta1.ComponentNetworkPolicy, @@ -1118,18 +1144,24 @@ func testTraceflowInterNode(t *testing.T, data *TestData) { node1 := nodeName(nodeIdx0) node2 := nodeName(nodeIdx1) - node1Pods, _, node1CleanupFn := createTestAgnhostPods(t, data, 1, data.testNamespace, node1) + node1Pods, node1IPs, node1CleanupFn := createTestAgnhostPods(t, data, 1, data.testNamespace, node1) node2Pods, node2IPs, node2CleanupFn := createTestAgnhostPods(t, data, 3, data.testNamespace, node2) gatewayIPv4, gatewayIPv6 := nodeGatewayIPs(1) defer node1CleanupFn() defer node2CleanupFn() - var dstPodIPv4Str, dstPodIPv6Str string + var dstPodIPv4Str, dstPodIPv6Str, srcPodIPv4Str, srcPodIPv6Str string if node2IPs[0].IPv4 != nil { dstPodIPv4Str = node2IPs[0].IPv4.String() } if node2IPs[0].IPv6 != nil { dstPodIPv6Str = node2IPs[0].IPv6.String() } + if node1IPs[0].IPv4 != nil { + srcPodIPv4Str = node1IPs[0].IPv4.String() + } + if node1IPs[0].IPv6 != nil { + srcPodIPv6Str = node1IPs[0].IPv6.String() + } // Create Service backend Pod. The "hairpin" testcases require the Service to have a single backend Pod, // and no more, in order to be deterministic. @@ -1241,6 +1273,7 @@ func testTraceflowInterNode(t *testing.T, data *TestData) { { Component: v1beta1.ComponentSpoofGuard, Action: v1beta1.ActionForwarded, + SrcPodIP: srcPodIPv4Str, }, { Component: v1beta1.ComponentNetworkPolicy, @@ -1307,6 +1340,7 @@ func testTraceflowInterNode(t *testing.T, data *TestData) { { Component: v1beta1.ComponentSpoofGuard, Action: v1beta1.ActionForwarded, + SrcPodIP: srcPodIPv4Str, }, { Component: v1beta1.ComponentNetworkPolicy, @@ -1368,6 +1402,7 @@ func testTraceflowInterNode(t *testing.T, data *TestData) { { Component: v1beta1.ComponentSpoofGuard, Action: v1beta1.ActionForwarded, + SrcPodIP: srcPodIPv4Str, }, { Component: v1beta1.ComponentNetworkPolicy, @@ -1439,6 +1474,7 @@ func testTraceflowInterNode(t *testing.T, data *TestData) { { Component: v1beta1.ComponentSpoofGuard, Action: v1beta1.ActionForwarded, + SrcPodIP: srcPodIPv4Str, }, { Component: v1beta1.ComponentLB, @@ -1516,6 +1552,7 @@ func testTraceflowInterNode(t *testing.T, data *TestData) { { Component: v1beta1.ComponentSpoofGuard, Action: v1beta1.ActionForwarded, + SrcPodIP: agnhostIPv4Str, }, { Component: v1beta1.ComponentLB, @@ -1567,6 +1604,7 @@ func testTraceflowInterNode(t *testing.T, data *TestData) { { Component: v1beta1.ComponentSpoofGuard, Action: v1beta1.ActionForwarded, + SrcPodIP: srcPodIPv4Str, }, { Component: v1beta1.ComponentNetworkPolicy, @@ -1635,6 +1673,7 @@ func testTraceflowInterNode(t *testing.T, data *TestData) { { Component: v1beta1.ComponentSpoofGuard, Action: v1beta1.ActionForwarded, + SrcPodIP: srcPodIPv6Str, }, { Component: v1beta1.ComponentNetworkPolicy, @@ -1704,6 +1743,7 @@ func testTraceflowInterNode(t *testing.T, data *TestData) { { Component: v1beta1.ComponentSpoofGuard, Action: v1beta1.ActionForwarded, + SrcPodIP: srcPodIPv6Str, }, { Component: v1beta1.ComponentNetworkPolicy, @@ -1764,6 +1804,7 @@ func testTraceflowInterNode(t *testing.T, data *TestData) { { Component: v1beta1.ComponentSpoofGuard, Action: v1beta1.ActionForwarded, + SrcPodIP: srcPodIPv6Str, }, { Component: v1beta1.ComponentNetworkPolicy, @@ -1832,6 +1873,7 @@ func testTraceflowInterNode(t *testing.T, data *TestData) { { Component: v1beta1.ComponentSpoofGuard, Action: v1beta1.ActionForwarded, + SrcPodIP: srcPodIPv6Str, }, { Component: v1beta1.ComponentLB, @@ -1906,6 +1948,7 @@ func testTraceflowInterNode(t *testing.T, data *TestData) { { Component: v1beta1.ComponentSpoofGuard, Action: v1beta1.ActionForwarded, + SrcPodIP: agnhostIPv6Str, }, { Component: v1beta1.ComponentLB, @@ -1962,6 +2005,7 @@ func testTraceflowInterNode(t *testing.T, data *TestData) { { Component: v1beta1.ComponentSpoofGuard, Action: v1beta1.ActionForwarded, + SrcPodIP: srcPodIPv6Str, }, { Component: v1beta1.ComponentNetworkPolicy, @@ -2017,12 +2061,17 @@ func testTraceflowExternalIP(t *testing.T, data *TestData) { } node := nodeName(nodeIdx) nodeIP := nodeIP(nodeIdx) - podNames, _, cleanupFn := createTestAgnhostPods(t, data, 1, data.testNamespace, node) + podNames, podIPs, cleanupFn := createTestAgnhostPods(t, data, 1, data.testNamespace, node) defer cleanupFn() // Give a little time for Windows containerd Nodes to setup OVS. // Containerd configures port asynchronously, which could cause execution time of installing flow longer than docker. time.Sleep(time.Second * 1) - + var srcPodIP string + if podIPs[0].IPv4 != nil { + srcPodIP = podIPs[0].IPv4.String() + } else { + srcPodIP = podIPs[0].IPv6.String() + } testcase := testcase{ name: "nodeIPDestination", ipVersion: 4, @@ -2053,6 +2102,7 @@ func testTraceflowExternalIP(t *testing.T, data *TestData) { { Component: v1beta1.ComponentSpoofGuard, Action: v1beta1.ActionForwarded, + SrcPodIP: srcPodIP, }, { Component: v1beta1.ComponentForwarding, @@ -2072,8 +2122,14 @@ func testTraceflowEgress(t *testing.T, data *TestData) { egressIP := nodeIP(0) externalDstIP := "1.1.1.1" - localPodNames, _, localCleanupFn := createTestAgnhostPods(t, data, 1, data.testNamespace, egressNode) + localPodNames, localPodIPs, localCleanupFn := createTestAgnhostPods(t, data, 1, data.testNamespace, egressNode) defer localCleanupFn() + var srcPodIP string + if localPodIPs[0].IPv4 != nil { + srcPodIP = localPodIPs[0].IPv4.String() + } else { + srcPodIP = localPodIPs[0].IPv6.String() + } matchExpressions := []metav1.LabelSelectorRequirement{ { @@ -2116,6 +2172,7 @@ func testTraceflowEgress(t *testing.T, data *TestData) { { Component: v1beta1.ComponentSpoofGuard, Action: v1beta1.ActionForwarded, + SrcPodIP: srcPodIP, }, { Component: v1beta1.ComponentEgress, @@ -2140,8 +2197,13 @@ func testTraceflowEgress(t *testing.T, data *TestData) { skipIfNumNodesLessThan(t, 2) remoteNode := nodeName(1) - remotePodNames, _, remoteCleanupFn := createTestAgnhostPods(t, data, 1, data.testNamespace, remoteNode) + remotePodNames, remotePodIPs, remoteCleanupFn := createTestAgnhostPods(t, data, 1, data.testNamespace, remoteNode) defer remoteCleanupFn() + if remotePodIPs[0].IPv4 != nil { + srcPodIP = remotePodIPs[0].IPv4.String() + } else { + srcPodIP = remotePodIPs[0].IPv6.String() + } toUpdate := egress.DeepCopy() err := retry.RetryOnConflict(retry.DefaultRetry, func() error { @@ -2188,6 +2250,7 @@ func testTraceflowEgress(t *testing.T, data *TestData) { { Component: v1beta1.ComponentSpoofGuard, Action: v1beta1.ActionForwarded, + SrcPodIP: srcPodIP, }, { Component: v1beta1.ComponentEgress, @@ -2344,6 +2407,7 @@ func compareObservations(expected v1beta1.NodeResult, actual v1beta1.NodeResult) if exObs[i].Component != acObs[i].Component || exObs[i].ComponentInfo != acObs[i].ComponentInfo || exObs[i].Pod != acObs[i].Pod || + exObs[i].SrcPodIP != acObs[i].SrcPodIP || exObs[i].TranslatedDstIP != acObs[i].TranslatedDstIP || exObs[i].EgressIP != acObs[i].EgressIP || exObs[i].Egress != acObs[i].Egress ||