updates

Signed-off-by: Hongliang Liu <lhongliang@vmware.com>

pkg/agent/openflow/client.go

@@ -97,17 +97,21 @@ type Client interface {
 	UninstallEndpointFlows(protocol binding.Protocol, endpoints []proxy.Endpoint) error
 
 	// InstallServiceFlows installs flows for accessing Service NodePort, LoadBalancer, ExternalIP and ClusterIP. It
-	// installs the flow that uses the group/bucket to do service LB. If the affinityTimeout is not zero, it also
+	// installs the flow that uses the group/bucket to do Service LB. If the affinityTimeout is not zero, it also
 	// installs the flow which has a learn action to maintain the LB decision. The group with the groupID must be
 	// installed before, otherwise the installation will fail.
 	// externallyAccessible indicates that whether the Service is externally accessible, like NodePort, LoadBalancer and ExternalIP.
-	// nested represents if the Service has the Endpoints which is other Service's ClusterIP.
+	// nested indicates that whether the Service has the Endpoints which is other Service's ClusterIP.
 	InstallServiceFlows(groupID binding.GroupIDType, svcIP net.IP, svcPort uint16, protocol binding.Protocol, affinityTimeout uint16, externallyAccessible, nested bool) error
 	// UninstallServiceFlows removes flows installed by InstallServiceFlows.
 	UninstallServiceFlows(svcIP net.IP, svcPort uint16, protocol binding.Protocol) error
 
+	// InstallServiceShortCircuitingFlows installs flows for accessing Service NodePort, LoadBalancer and ExternalIP from
+	// local Node or Pod when their externalTrafficPolicy is Local. It also installs the flow that uses the group/bucket
+	// to do Service LB, similar to InstallServiceFlows. Note that the group includes all Endpoints, while the flow
+	// selectively matches traffic originating from the local Pod CIDR.
 	InstallServiceShortCircuitingFlows(groupID binding.GroupIDType, svcIP net.IP, svcPort uint16, protocol binding.Protocol, affinityTimeout uint16) error
-
+	// UninstallServiceShortCircuitingFlows removes flows installed by InstallServiceShortCircuitingFlows.
 	UninstallServiceShortCircuitingFlows(svcIP net.IP, svcPort uint16, protocol binding.Protocol) error
 
 	// GetFlowTableStatus should return an array of flow table status, all existing flow tables should be included in the list.

pkg/agent/openflow/pipeline.go

@@ -2302,8 +2302,8 @@ func (f *featureService) serviceLearnFlow(groupID binding.GroupIDType,
 
 	// EpToLearnRegMark is required to match the packets that have done Endpoint selection.
 	regMarksToMatch := []*binding.RegMark{EpToLearnRegMark}
-	// If Service type is NodePort, ToNodePortAddressRegMark must be used to match packets, otherwise, Service IP must be used
-	// to match packets.
+	// If Service type is NodePort, ToNodePortAddressRegMark must be used to match packets, otherwise Service IP must be
+	// used to match packets.
 	if isNodePort {
 		regMarksToMatch = append(regMarksToMatch, ToNodePortAddressRegMark)
 	} else {
@@ -2380,23 +2380,23 @@ func (f *featureService) serviceLBFlow(groupID binding.GroupIDType,
 	nested bool,
 	isShortCircuiting bool) binding.Flow {
 	priority := priorityNormal
-	// For flow for short-circuiting, priority should be higher since an extra match condition is added.
+	// For short-circuiting flow, priority should be higher since an extra match condition is added.
 	if isShortCircuiting {
 		priority = priorityHigh
 	}
 	flowBuilder := ServiceLBTable.ofTable.BuildFlow(priority).
 		Cookie(f.cookieAllocator.Request(f.category).Raw()).
 		MatchProtocol(protocol).
 		MatchDstPort(svcPort, nil)
-	// For flow for short-circuiting, an extra match condition matching packet from local Pod CIDR is added.
+	// For short-circuiting flow, an extra match condition matching packet from local Pod CIDR is added.
 	if isShortCircuiting {
 		flowBuilder = flowBuilder.MatchSrcIPNet(f.localCIDRs[getIPProtocol(svcIP)])
 	}
 
 	// EpToSelectRegMark is required to match the packets that haven't undergone Endpoint selection yet.
 	regMarksToMatch := []*binding.RegMark{EpToSelectRegMark}
-	// If Service type is NodePort, ToNodePortAddressRegMark must be used to match packets, otherwise, Service IP must be used
-	// to match packets.
+	// If Service type is NodePort, ToNodePortAddressRegMark must be used to match packets, otherwise Service IP must be
+	// used to match packets.
 	if isNodePort {
 		regMarksToMatch = append(regMarksToMatch, ToNodePortAddressRegMark)
 	} else {

third_party/proxy/service.go

@@ -165,8 +165,8 @@ func (info *BaseServiceInfo) ExternallyAccessible() bool {
 // UsesClusterEndpoints is part of ServicePort interface.
 func (info *BaseServiceInfo) UsesClusterEndpoints() bool {
 	// The service port uses Cluster endpoints if the internal traffic policy is "Cluster",
-	// or if it accepts external traffic at all. (Even if the external traffic policy is
-	// "Local", we need Cluster endpoints to implement short circuiting.)
+	// or it is externally accessible (like NodePort, LoadBalancer or ExternalIP, even the
+	// external traffic policy is "Local", we need Cluster endpoints to implement short circuiting.)
 	return !info.internalPolicyLocal || info.ExternallyAccessible()
 }