[ovs-dev,v2,3/3] expr: Combine OR sub-expressions into supersets.

Message ID	20230320103809.3121679-4-i.maximets@ovn.org
State	Changes Requested
Headers	show Return-Path: <ovs-dev-bounces@openvswitch.org> sender: i.maximets@ovn.org) by mail.gandi.net (Postfix) with ESMTPSA id 4016CFF810; Mon, 20 Mar 2023 10:37:57 +0000 (UTC) From: Ilya Maximets <i.maximets@ovn.org> To: ovs-dev@openvswitch.org Date: Mon, 20 Mar 2023 11:38:09 +0100 Message-Id: <20230320103809.3121679-4-i.maximets@ovn.org> In-Reply-To: <20230320103809.3121679-1-i.maximets@ovn.org> References: <20230320103809.3121679-1-i.maximets@ovn.org> MIME-Version: 1.0 Cc: Ilya Maximets <i.maximets@ovn.org>, Dumitru Ceara <dceara@redhat.com> Subject: [ovs-dev] [PATCH ovn v2 3/3] expr: Combine OR sub-expressions into supersets. Precedence: list Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" <ovs-dev-bounces@openvswitch.org>
Series	expr: Optimize OR expressions. \| expand [ovs-dev,v2,0/3] expr: Optimize OR expressions. [ovs-dev,v2,1/3] expr: Remove supersets from OR expressions. [ovs-dev,v2,2/3] expr: Avoid crash if all sub-expressions crushed down to 'true'. [ovs-dev,v2,3/3] expr: Combine OR sub-expressions into supersets.

Context	Check	Description
ovsrobot/apply-robot	warning	apply and check: warning
ovsrobot/github-robot-_Build_and_Test	success	github build: passed
ovsrobot/github-robot-_ovn-kubernetes	fail	github build: failed

diff --git a/controller/lflow.c b/controller/lflow.c index 003195ae4..7c57c9acc 100644 --- a/controller/lflow.c +++ b/controller/lflow.c @@ -449,8 +449,9 @@ consider_lflow_for_added_as_ips__( new_fake_as->n_values = 2; new_fake_as->values[0] = new_fake_as->values[1] = as_diff_added->values[0]; - /* Make a dummy ip that is different from the real one. */ - new_fake_as->values[1].value.u8_val++; + /* Make a dummy ip that is different from the real one in 2 bits, + * so expression normalization won't combine them. */ + new_fake_as->values[1].value.u8_val ^= 3; dummy_ip = new_fake_as->values[1].value.ipv6; has_dummy_ip = true; fake_as = new_fake_as; diff --git a/lib/expr.c b/lib/expr.c index d881e07f7..da1faf1e4 100644 --- a/lib/expr.c +++ b/lib/expr.c @@ -2522,9 +2522,39 @@ crush_and_string(struct expr *expr, const struct expr_symbol *symbol) return expr_fix(expr); } -/* This function expects an OR expression with already crushed sub - * expressions, so they are plain comparisons. Result is the same - * expression, but with unnecessary sub-expressions removed. */ +/* Given 2 CMP expressions for the same maskable symbol, calculates bitmaps + * that starts at the same offset, has the same size and cover all the + * masked bits in both expressions. Results are correctly aligned to be + * used in bitmap_* functions. */ +static void +expr_bitmap_mask_range(struct expr *a, struct expr *b, + const struct expr_symbol *symbol, + unsigned long **a_bitmap, unsigned long **b_bitmap, + size_t *start_ofs, size_t *n_bits) +{ + ovs_assert(a->type == EXPR_T_CMP); + ovs_assert(b->type == EXPR_T_CMP); + + *n_bits = sizeof a->cmp.mask.be64 * CHAR_BIT; + *a_bitmap = (unsigned long *) a->cmp.mask.be64; + *b_bitmap = (unsigned long *) b->cmp.mask.be64; + + size_t a_start = bitmap_scan(*a_bitmap, 1, 0, *n_bits); + size_t b_start = bitmap_scan(*b_bitmap, 1, 0, *n_bits); + + size_t mask_start = MIN(a_start, b_start); + size_t mask_end = MIN(MAX(a_start, b_start) + symbol->width, *n_bits); + size_t end_ofs = DIV_ROUND_UP(mask_end, BITMAP_ULONG_BITS); + + *start_ofs = mask_start / BITMAP_ULONG_BITS; + *a_bitmap += *start_ofs; + *b_bitmap += *start_ofs; + *n_bits = (end_ofs - *start_ofs) * BITMAP_ULONG_BITS; +} + +/* This function expects an OR expression with already crushed sub-expressions, + * so they are plain comparisons. Result is the same expression, but with + * unnecessary sub-expressions removed and the rest combined, if possible. */ static struct expr * crush_or_supersets(struct expr *expr, const struct expr_symbol *symbol) { @@ -2539,6 +2569,7 @@ crush_or_supersets(struct expr *expr, const struct expr_symbol *symbol) LIST_FOR_EACH (a, node, &expr->andor) { ovs_assert(a->type == EXPR_T_CMP); +check_again: if (hmapx_contains(&to_delete, a)) { continue; } @@ -2546,21 +2577,19 @@ crush_or_supersets(struct expr *expr, const struct expr_symbol *symbol) struct expr *b; LIST_FOR_EACH (b, node, &expr->andor) { union mf_subvalue tmp_value, tmp_mask; + unsigned long *a_mask, *b_mask; + size_t ofs, sz; if (a == b || hmapx_contains(&to_delete, b)) { continue; } - /* Conflicting sub-expressions cannot superseed each other. */ + expr_bitmap_mask_range(a, b, symbol, &a_mask, &b_mask, &ofs, &sz); + + /* Conflicting sub-expressions cannot superseed each other ... */ if (mf_subvalue_intersect(&a->cmp.value, &a->cmp.mask, &b->cmp.value, &b->cmp.mask, &tmp_value, &tmp_mask)) { - const size_t sz = sizeof a->cmp.mask * CHAR_BIT; - const unsigned long *a_mask, *b_mask; - - a_mask = (unsigned long *) a->cmp.mask.be64; - b_mask = (unsigned long *) b->cmp.mask.be64; - /* Check if 'a' is a superset of 'b' or the other way around. * Keep the smaller mask. */ if (bitmap_is_superset(a_mask, b_mask, sz)) { @@ -2569,6 +2598,34 @@ crush_or_supersets(struct expr *expr, const struct expr_symbol *symbol) } else if (bitmap_is_superset(b_mask, a_mask, sz)) { hmapx_add(&to_delete, b); } + } else if (bitmap_equal(a_mask, b_mask, sz)) { + /* ... but they can potentially be combined. */ + unsigned long *a_value, *b_value, *t_value; + + a_value = (unsigned long *) a->cmp.value.be64 + ofs; + b_value = (unsigned long *) b->cmp.value.be64 + ofs; + t_value = (unsigned long *) tmp_value.be64; + + for (size_t i = 0; i < BITMAP_N_LONGS(sz); i++) { + t_value[i] = (a_value[i] & a_mask[i]) ^ + (b_value[i] & b_mask[i]); + } + if (bitmap_count1(t_value, sz) == 1) { + /* Same masks, values differ in one bit. These expressions + * can be replaced with a superset with this one bit + * excluded from the mask. */ + size_t bit = bitmap_scan(t_value, 1, 0, sz); + + bitmap_set0(a_value, bit); + bitmap_set0(a_mask, bit); + + hmapx_add(&to_delete, b); + + /* 'a' changed. Need to check if it became a superset of + * something else or if there are ways to turn it into even + * larger superset. */ + goto check_again; + } } } } diff --git a/tests/ovn-controller.at b/tests/ovn-controller.at index 597aed00b..e5239db7a 100644 --- a/tests/ovn-controller.at +++ b/tests/ovn-controller.at @@ -909,14 +909,14 @@ check ovn-nbctl --wait=hv acl-add ls1 to-lport 100 'outport == "ls1-lp1" && ip4. reprocess_count_old=$(read_counter consider_logical_flow) for i in $(seq 10); do - check ovn-nbctl add address_set as1 addresses 10.0.0.$i + check ovn-nbctl add address_set as1 addresses 10.$i.0.$i check ovn-nbctl --wait=hv sync if test "$i" = 3; then AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | sort], [0], [dnl -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1 actions=drop -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.2 actions=drop -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.3 actions=drop +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.1.0.1 actions=drop +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.2.0.2 actions=drop +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.3.0.3 actions=drop ]) fi AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep -c "priority=1100"], [0], [$i @@ -931,12 +931,12 @@ AT_CHECK([echo $(($reprocess_count_new - $reprocess_count_old))], [0], [2 reprocess_count_old=$(read_counter consider_logical_flow) for i in $(seq 10); do - check ovn-nbctl remove address_set as1 addresses 10.0.0.$i + check ovn-nbctl remove address_set as1 addresses 10.$i.0.$i check ovn-nbctl --wait=hv sync if test "$i" = 9; then AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}'], [0], [dnl -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.10 actions=drop +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.10.0.10 actions=drop ]) fi if test "$i" = 10; then @@ -957,17 +957,17 @@ AT_CHECK([echo $(($reprocess_count_new - $reprocess_count_old))], [0], [2 reprocess_count_old=$(read_counter consider_logical_flow) for i in $(seq 10); do - check ovn-nbctl add address_set as1 addresses 10.0.0.$i,10.0.1.$i + check ovn-nbctl add address_set as1 addresses 10.$i.0.$i,10.$i.5.$i check ovn-nbctl --wait=hv sync if test "$i" = 3; then AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | sort], [0], [dnl -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1 actions=drop -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.2 actions=drop -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.3 actions=drop -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.1.1 actions=drop -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.1.2 actions=drop -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.1.3 actions=drop +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.1.0.1 actions=drop +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.1.5.1 actions=drop +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.2.0.2 actions=drop +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.2.5.2 actions=drop +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.3.0.3 actions=drop +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.3.5.3 actions=drop ]) fi AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep -c "priority=1100"], [0], [$(($i * 2)) @@ -984,14 +984,14 @@ AT_CHECK([echo $(($reprocess_count_new - $reprocess_count_old))], [0], [1 # Add 2 and remove 1 reprocess_count_old=$(read_counter consider_logical_flow) -check ovn-nbctl add address_set as1 addresses 10.0.0.21,10.0.0.22 -- \ - remove address_set as1 addresses 10.0.0.10 +check ovn-nbctl add address_set as1 addresses 10.21.0.21,10.22.0.22 -- \ + remove address_set as1 addresses 10.10.0.10 check ovn-nbctl --wait=hv sync -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep -c 10\.0\.0\.21], [0], [1 +AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep -c 10\.21\.0\.21], [0], [1 ]) -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep -c 10\.0\.0\.22], [0], [1 +AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep -c 10\.22\.0\.22], [0], [1 ]) -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep 10\.0\.0\.10], [1], [ignore]) +AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep 10\.10\.0\.10], [1], [ignore]) reprocess_count_new=$(read_counter consider_logical_flow) AT_CHECK([echo $(($reprocess_count_new - $reprocess_count_old))], [0], [0 @@ -1000,12 +1000,12 @@ AT_CHECK([echo $(($reprocess_count_new - $reprocess_count_old))], [0], [0 # Add 1 and remove 2 reprocess_count_old=$(read_counter consider_logical_flow) -check ovn-nbctl remove address_set as1 addresses 10.0.0.21,10.0.0.22 -- \ - add address_set as1 addresses 10.0.0.10 +check ovn-nbctl remove address_set as1 addresses 10.21.0.21,10.22.0.22 -- \ + add address_set as1 addresses 10.10.0.10 check ovn-nbctl --wait=hv sync -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep 10\.0\.0\.21], [1], [ignore]) -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep 10\.0\.0\.22], [1], [ignore]) -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep -c 10\.0\.0\.10], [0], [1 +AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep 10\.21\.0\.21], [1], [ignore]) +AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep 10\.22\.0\.22], [1], [ignore]) +AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep -c 10\.10\.0\.10], [0], [1 ]) reprocess_count_new=$(read_counter consider_logical_flow) @@ -1015,12 +1015,12 @@ AT_CHECK([echo $(($reprocess_count_new - $reprocess_count_old))], [0], [0 # Add 1 and remove 1 reprocess_count_old=$(read_counter consider_logical_flow) -check ovn-nbctl add address_set as1 addresses 10.0.0.21 -- \ - remove address_set as1 addresses 10.0.0.10 +check ovn-nbctl add address_set as1 addresses 10.21.0.21 -- \ + remove address_set as1 addresses 10.10.0.10 check ovn-nbctl --wait=hv sync -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep -c 10\.0\.0\.21], [0], [1 +AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep -c 10\.21\.0\.21], [0], [1 ]) -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep 10\.0\.0\.10], [1], [ignore]) +AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep 10\.10\.0\.10], [1], [ignore]) reprocess_count_new=$(read_counter consider_logical_flow) AT_CHECK([echo $(($reprocess_count_new - $reprocess_count_old))], [0], [0 @@ -1029,15 +1029,15 @@ AT_CHECK([echo $(($reprocess_count_new - $reprocess_count_old))], [0], [0 # Add 2 and remove 2 reprocess_count_old=$(read_counter consider_logical_flow) -check ovn-nbctl add address_set as1 addresses 10.0.0.22,10.0.0.23 -- \ - remove address_set as1 addresses 10.0.0.9,10.0.0.8 +check ovn-nbctl add address_set as1 addresses 10.22.0.22,10.23.0.23 -- \ + remove address_set as1 addresses 10.9.0.9,10.8.0.8 check ovn-nbctl --wait=hv sync -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep -c 10\.0\.0\.22], [0], [1 +AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep -c 10\.22\.0\.22], [0], [1 ]) -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep -c 10\.0\.0\.23], [0], [1 +AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep -c 10\.23\.0\.23], [0], [1 ]) -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep 10\.0\.0\.8], [1], [ignore]) -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep 10\.0\.0\.9], [1], [ignore]) +AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep 10\.8\.0\.8], [1], [ignore]) +AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep 10\.9\.0\.9], [1], [ignore]) reprocess_count_new=$(read_counter consider_logical_flow) AT_CHECK([echo $(($reprocess_count_new - $reprocess_count_old))], [0], [0 @@ -1082,14 +1082,14 @@ check ovn-nbctl --wait=hv acl-add ls1 to-lport 100 'outport == "ls1-lp1" && ip4. reprocess_count_old=$(read_counter consider_logical_flow) for i in $(seq 10); do - check ovn-nbctl add address_set as1 addresses 10.0.0.$i + check ovn-nbctl add address_set as1 addresses 10.$i.0.$i check ovn-nbctl --wait=hv sync if test "$i" = 1; then AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | sort], [0], [dnl -priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1,tp_dst=111 actions=drop -priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1,tp_dst=222 actions=drop -priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1,tp_dst=333 actions=drop +priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.1.0.1,tp_dst=111 actions=drop +priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.1.0.1,tp_dst=222 actions=drop +priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.1.0.1,tp_dst=333 actions=drop ]) else # (1 conj_id flow + 3 tp_dst flows) = 4 extra flows @@ -1103,9 +1103,9 @@ priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1,tp_dst=33 sed -r 's/conjunction.*,/conjunction,/' | \ sed -r 's/conj_id=.*,/conj_id=,/' | sort], [0], [dnl priority=1100,conj_id=,metadata=0x$dp_key actions=drop -priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1 actions=conjunction,1/2) -priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.2 actions=conjunction,1/2) -priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.3 actions=conjunction,1/2) +priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.1.0.1 actions=conjunction,1/2) +priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.2.0.2 actions=conjunction,1/2) +priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.3.0.3 actions=conjunction,1/2) priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,tp_dst=111 actions=conjunction,2/2) priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,tp_dst=222 actions=conjunction,2/2) priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,tp_dst=333 actions=conjunction,2/2) @@ -1121,7 +1121,7 @@ AT_CHECK([echo $(($reprocess_count_new - $reprocess_count_old))], [0], [2 reprocess_count_old=$(read_counter consider_logical_flow) for i in $(seq 10); do - check ovn-nbctl remove address_set as1 addresses 10.0.0.$i + check ovn-nbctl remove address_set as1 addresses 10.$i.0.$i check ovn-nbctl --wait=hv sync if test "$i" = 10; then AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep "priority=1100"], [1], [ignore]) @@ -1129,9 +1129,9 @@ for i in $(seq 10); do # no conjunction left AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | sort], [0], [dnl -priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.10,tp_dst=111 actions=drop -priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.10,tp_dst=222 actions=drop -priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.10,tp_dst=333 actions=drop +priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.10.0.10,tp_dst=111 actions=drop +priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.10.0.10,tp_dst=222 actions=drop +priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.10.0.10,tp_dst=333 actions=drop ]) else AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep -c "priority=1100"], [0], [$((14 - $i)) @@ -1147,7 +1147,7 @@ AT_CHECK([echo $(($reprocess_count_new - $reprocess_count_old))], [0], [2 reprocess_count_old=$(read_counter consider_logical_flow) for i in $(seq 10); do - check ovn-nbctl add address_set as1 addresses 10.0.0.$i,10.0.1.$i + check ovn-nbctl add address_set as1 addresses 10.$i.0.$i,10.$i.5.$i check ovn-nbctl --wait=hv sync if test "$i" = 3; then AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ @@ -1155,12 +1155,12 @@ for i in $(seq 10); do sed -r 's/conjunction.*,/conjunction,/' | \ sed -r 's/conj_id=.*,/conj_id=,/' | sort], [0], [dnl priority=1100,conj_id=,metadata=0x$dp_key actions=drop -priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1 actions=conjunction,1/2) -priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.2 actions=conjunction,1/2) -priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.3 actions=conjunction,1/2) -priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.1.1 actions=conjunction,1/2) -priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.1.2 actions=conjunction,1/2) -priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.1.3 actions=conjunction,1/2) +priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.1.0.1 actions=conjunction,1/2) +priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.1.5.1 actions=conjunction,1/2) +priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.2.0.2 actions=conjunction,1/2) +priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.2.5.2 actions=conjunction,1/2) +priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.3.0.3 actions=conjunction,1/2) +priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.3.5.3 actions=conjunction,1/2) priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,tp_dst=111 actions=conjunction,2/2) priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,tp_dst=222 actions=conjunction,2/2) priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,tp_dst=333 actions=conjunction,2/2) @@ -1179,14 +1179,14 @@ AT_CHECK([echo $(($reprocess_count_new - $reprocess_count_old))], [0], [1 # Add 2 and remove 1 reprocess_count_old=$(read_counter consider_logical_flow) -check ovn-nbctl add address_set as1 addresses 10.0.0.21,10.0.0.22 -- \ - remove address_set as1 addresses 10.0.0.10 +check ovn-nbctl add address_set as1 addresses 10.21.0.21,10.22.0.22 -- \ + remove address_set as1 addresses 10.10.0.10 check ovn-nbctl --wait=hv sync -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep -c 10\.0\.0\.21], [0], [1 +AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep -c 10\.21\.0\.21], [0], [1 ]) -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep -c 10\.0\.0\.22], [0], [1 +AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep -c 10\.22\.0\.22], [0], [1 ]) -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep 10\.0\.0\.10], [1], [ignore]) +AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep 10\.10\.0\.10], [1], [ignore]) reprocess_count_new=$(read_counter consider_logical_flow) AT_CHECK([echo $(($reprocess_count_new - $reprocess_count_old))], [0], [0 @@ -1195,12 +1195,12 @@ AT_CHECK([echo $(($reprocess_count_new - $reprocess_count_old))], [0], [0 # Add 1 and remove 2 reprocess_count_old=$(read_counter consider_logical_flow) -check ovn-nbctl remove address_set as1 addresses 10.0.0.21,10.0.0.22 -- \ - add address_set as1 addresses 10.0.0.10 +check ovn-nbctl remove address_set as1 addresses 10.21.0.21,10.22.0.22 -- \ + add address_set as1 addresses 10.10.0.10 check ovn-nbctl --wait=hv sync -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep 10\.0\.0\.21], [1], [ignore]) -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep 10\.0\.0\.22], [1], [ignore]) -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep -c 10\.0\.0\.10], [0], [1 +AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep 10\.10\.0\.21], [1], [ignore]) +AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep 10\.10\.0\.22], [1], [ignore]) +AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep -c 10\.10\.0\.10], [0], [1 ]) reprocess_count_new=$(read_counter consider_logical_flow) @@ -1210,12 +1210,12 @@ AT_CHECK([echo $(($reprocess_count_new - $reprocess_count_old))], [0], [0 # Add 1 and remove 1 reprocess_count_old=$(read_counter consider_logical_flow) -check ovn-nbctl add address_set as1 addresses 10.0.0.21 -- \ - remove address_set as1 addresses 10.0.0.10 +check ovn-nbctl add address_set as1 addresses 10.21.0.21 -- \ + remove address_set as1 addresses 10.10.0.10 check ovn-nbctl --wait=hv sync -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep -c 10\.0\.0\.21], [0], [1 +AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep -c 10\.21\.0\.21], [0], [1 ]) -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep 10\.0\.0\.10], [1], [ignore]) +AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep 10\.10\.0\.10], [1], [ignore]) reprocess_count_new=$(read_counter consider_logical_flow) AT_CHECK([echo $(($reprocess_count_new - $reprocess_count_old))], [0], [0 @@ -1224,15 +1224,15 @@ AT_CHECK([echo $(($reprocess_count_new - $reprocess_count_old))], [0], [0 # Add 2 and remove 2 reprocess_count_old=$(read_counter consider_logical_flow) -check ovn-nbctl add address_set as1 addresses 10.0.0.22,10.0.0.23 -- \ - remove address_set as1 addresses 10.0.0.9,10.0.0.8 +check ovn-nbctl add address_set as1 addresses 10.22.0.22,10.23.0.23 -- \ + remove address_set as1 addresses 10.9.0.9,10.8.0.8 check ovn-nbctl --wait=hv sync -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep -c 10\.0\.0\.22], [0], [1 +AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep -c 10\.22\.0\.22], [0], [1 ]) -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep -c 10\.0\.0\.23], [0], [1 +AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep -c 10\.23\.0\.23], [0], [1 ]) -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep 10\.0\.0\.8], [1], [ignore]) -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep 10\.0\.0\.9], [1], [ignore]) +AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep 10\.8\.0\.8], [1], [ignore]) +AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep 10\.9\.0\.9], [1], [ignore]) reprocess_count_new=$(read_counter consider_logical_flow) AT_CHECK([echo $(($reprocess_count_new - $reprocess_count_old))], [0], [0 @@ -1278,13 +1278,13 @@ reprocess_count_old=$(read_counter consider_logical_flow) for i in $(seq 10); do j=$(($i + 5)) - check ovn-nbctl add address_set as1 addresses 10.0.0.$i -- \ - add address_set as2 addresses 10.0.0.$j + check ovn-nbctl add address_set as1 addresses 10.$i.0.$i -- \ + add address_set as2 addresses 10.$j.0.$j check ovn-nbctl --wait=hv sync if test "$i" = 1; then AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | sort], [0], [dnl -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1,nw_dst=10.0.0.6 actions=drop +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.1.0.1,nw_dst=10.6.0.6 actions=drop ]) else # (1 conj_id + nw_src * i + nw_dst * i) = 1 + i*2 flows @@ -1298,12 +1298,12 @@ priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1,nw_dst=10. sed -r 's/conjunction.*,/conjunction,/' | \ sed -r 's/conj_id=.*,/conj_id=,/' | sort], [0], [dnl priority=1100,conj_id=,metadata=0x$dp_key actions=drop -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.0.6 actions=conjunction,1/2) -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.0.7 actions=conjunction,1/2) -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.0.8 actions=conjunction,1/2) -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1 actions=conjunction,2/2) -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.2 actions=conjunction,2/2) -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.3 actions=conjunction,2/2) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.6.0.6 actions=conjunction,1/2) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.7.0.7 actions=conjunction,1/2) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.8.0.8 actions=conjunction,1/2) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.1.0.1 actions=conjunction,2/2) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.2.0.2 actions=conjunction,2/2) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.3.0.3 actions=conjunction,2/2) ]) fi done @@ -1317,8 +1317,8 @@ reprocess_count_old=$(read_counter consider_logical_flow) for i in $(seq 10); do j=$(($i + 5)) - check ovn-nbctl remove address_set as1 addresses 10.0.0.$i -- \ - remove address_set as2 addresses 10.0.0.$j + check ovn-nbctl remove address_set as1 addresses 10.$i.0.$i -- \ + remove address_set as2 addresses 10.$j.0.$j check ovn-nbctl --wait=hv sync if test "$i" = 10; then AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep "priority=1100"], [1], [ignore]) @@ -1326,7 +1326,7 @@ for i in $(seq 10); do # no conjunction left AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | sort], [0], [dnl -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.10,nw_dst=10.0.0.15 actions=drop +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.10.0.10,nw_dst=10.15.0.15 actions=drop ]) else AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep -c "priority=1100"], [0], [$((21 - $i*2)) @@ -1339,22 +1339,22 @@ AT_CHECK([echo $(($reprocess_count_new - $reprocess_count_old))], [0], [2 ]) # Add 1 IP back to both ASes -check ovn-nbctl add address_set as1 addresses 10.0.0.1 -- \ - add address_set as2 addresses 10.0.0.6 +check ovn-nbctl add address_set as1 addresses 10.1.0.1 -- \ + add address_set as2 addresses 10.6.0.6 check ovn-nbctl --wait=hv sync # Add IPs to as1 only reprocess_count_old=$(read_counter consider_logical_flow) for i in $(seq 2 10); do - check ovn-nbctl add address_set as1 addresses 10.0.0.$i + check ovn-nbctl add address_set as1 addresses 10.$i.0.$i check ovn-nbctl --wait=hv sync if test "$i" = 3; then AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | sort], [0], [dnl -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1,nw_dst=10.0.0.6 actions=drop -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.2,nw_dst=10.0.0.6 actions=drop -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.3,nw_dst=10.0.0.6 actions=drop +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.1.0.1,nw_dst=10.6.0.6 actions=drop +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.2.0.2,nw_dst=10.6.0.6 actions=drop +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.3.0.3,nw_dst=10.6.0.6 actions=drop ]) fi AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep -c "priority=1100"], [0], [$i @@ -1366,20 +1366,20 @@ AT_CHECK([echo $(($reprocess_count_new - $reprocess_count_old))], [0], [1 ]) # Add 1 more IP back to as2 -check ovn-nbctl add address_set as2 addresses 10.0.0.7 +check ovn-nbctl add address_set as2 addresses 10.7.0.7 check ovn-nbctl --wait=hv sync # Remove IPs from as1 only reprocess_count_old=$(read_counter consider_logical_flow) for i in $(seq 10); do - check ovn-nbctl remove address_set as1 addresses 10.0.0.$i + check ovn-nbctl remove address_set as1 addresses 10.$i.0.$i check ovn-nbctl --wait=hv sync if test "$i" = 9; then AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}'], [0], [dnl -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.10,nw_dst=10.0.0.6 actions=drop -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.10,nw_dst=10.0.0.7 actions=drop +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.10.0.10,nw_dst=10.7.0.7 actions=drop +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.10.0.10,nw_dst=10.6.0.6 actions=drop ]) elif test "$i" = 10; then AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep "priority=1100"], [1], [ignore]) @@ -1435,14 +1435,14 @@ reprocess_count_old=$(read_counter consider_logical_flow) for i in $(seq 10); do j=$(($i + 5)) - check ovn-nbctl add address_set as1 addresses 10.0.0.$i -- \ - add address_set as2 addresses 10.0.0.$j + check ovn-nbctl add address_set as1 addresses 10.$i.0.$i -- \ + add address_set as2 addresses 10.$j.0.$j check ovn-nbctl --wait=hv sync if test "$i" = 1; then AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | sort], [0], [dnl -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.0.6 actions=drop -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1 actions=drop +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.6.0.6 actions=drop +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.1.0.1 actions=drop ]) else AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep -c "priority=1100"], [0], [$(($i*2)) @@ -1454,12 +1454,12 @@ priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1 actions=dr grep -v reply | awk '{print $7, $8}' | \ sed -r 's/conjunction.*,/conjunction,/' | \ sed -r 's/conj_id=.*,/conj_id=,/' | sort], [0], [dnl -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.0.6 actions=drop -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.0.7 actions=drop -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.0.8 actions=drop -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1 actions=drop -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.2 actions=drop -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.3 actions=drop +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.6.0.6 actions=drop +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.7.0.7 actions=drop +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.8.0.8 actions=drop +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.1.0.1 actions=drop +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.2.0.2 actions=drop +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.3.0.3 actions=drop ]) fi done @@ -1473,8 +1473,8 @@ reprocess_count_old=$(read_counter consider_logical_flow) for i in $(seq 10); do j=$(($i + 5)) - check ovn-nbctl remove address_set as1 addresses 10.0.0.$i -- \ - remove address_set as2 addresses 10.0.0.$j + check ovn-nbctl remove address_set as1 addresses 10.$i.0.$i -- \ + remove address_set as2 addresses 10.$j.0.$j check ovn-nbctl --wait=hv sync if test "$i" = 10; then AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep "priority=1100"], [1], [ignore]) @@ -1531,14 +1531,14 @@ reprocess_count_old=$(read_counter consider_logical_flow) for i in $(seq 10); do j=$(($i + 5)) - check ovn-nbctl add address_set as1 addresses 10.0.0.$i -- \ - add address_set as2 addresses 10.0.0.$j + check ovn-nbctl add address_set as1 addresses 10.$i.0.$i -- \ + add address_set as2 addresses 10.$j.0.$j check ovn-nbctl --wait=hv sync if test "$i" = 1; then AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | sort], [0], [dnl -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1 actions=drop -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.6 actions=drop +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.1.0.1 actions=drop +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.6.0.6 actions=drop ]) elif test "$i" -lt 6; then AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep -c "priority=1100"], [0], [$(($i*2)) @@ -1553,12 +1553,12 @@ priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.6 actions=dr grep -v reply | awk '{print $7, $8}' | \ sed -r 's/conjunction.*,/conjunction,/' | \ sed -r 's/conj_id=.*,/conj_id=,/' | sort], [0], [dnl -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1 actions=drop -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.2 actions=drop -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.3 actions=drop -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.6 actions=drop -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.7 actions=drop -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.8 actions=drop +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.1.0.1 actions=drop +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.2.0.2 actions=drop +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.3.0.3 actions=drop +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.6.0.6 actions=drop +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.7.0.7 actions=drop +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.8.0.8 actions=drop ]) fi done @@ -1572,8 +1572,8 @@ reprocess_count_old=$(read_counter consider_logical_flow) for i in $(seq 10); do j=$(($i + 5)) - check ovn-nbctl remove address_set as1 addresses 10.0.0.$i -- \ - remove address_set as2 addresses 10.0.0.$j + check ovn-nbctl remove address_set as1 addresses 10.$i.0.$i -- \ + remove address_set as2 addresses 10.$j.0.$j check ovn-nbctl --wait=hv sync if test "$i" = 10; then AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep "priority=1100"], [1], [ignore]) @@ -1630,12 +1630,12 @@ check ovn-nbctl --wait=hv acl-add ls1 to-lport 100 'outport == "ls1-lp1" && ip4. reprocess_count_old=$(read_counter consider_logical_flow) for i in $(seq 10); do - check ovn-nbctl add address_set as1 addresses 10.0.0.$i + check ovn-nbctl add address_set as1 addresses 10.$i.0.$i check ovn-nbctl --wait=hv sync if test "$i" = 1; then AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | sort], [0], [dnl -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1,nw_dst=10.0.0.1 actions=drop +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.1.0.1,nw_dst=10.1.0.1 actions=drop ]) else # (1 conj_id + nw_src * i + nw_dst * i) = 1 + i*2 flows @@ -1649,12 +1649,12 @@ priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1,nw_dst=10. sed -r 's/conjunction.*,/conjunction,/' | \ sed -r 's/conj_id=.*,/conj_id=,/' | sort], [0], [dnl priority=1100,conj_id=,metadata=0x$dp_key actions=drop -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.0.1 actions=conjunction,1/2) -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.0.2 actions=conjunction,1/2) -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.0.3 actions=conjunction,1/2) -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1 actions=conjunction,2/2) -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.2 actions=conjunction,2/2) -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.3 actions=conjunction,2/2) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.1.0.1 actions=conjunction,1/2) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.2.0.2 actions=conjunction,1/2) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.3.0.3 actions=conjunction,1/2) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.1.0.1 actions=conjunction,2/2) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.2.0.2 actions=conjunction,2/2) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.3.0.3 actions=conjunction,2/2) ]) fi done @@ -1667,7 +1667,7 @@ AT_CHECK([echo $(($reprocess_count_new - $reprocess_count_old))], [0], [2 reprocess_count_old=$(read_counter consider_logical_flow) for i in $(seq 10); do - check ovn-nbctl remove address_set as1 addresses 10.0.0.$i + check ovn-nbctl remove address_set as1 addresses 10.$i.0.$i check ovn-nbctl --wait=hv sync if test "$i" = 10; then AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep "priority=1100"], [1], [ignore]) @@ -1675,7 +1675,7 @@ for i in $(seq 10); do # no conjunction left AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | sort], [0], [dnl -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.10,nw_dst=10.0.0.10 actions=drop +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.10.0.10,nw_dst=10.10.0.10 actions=drop ]) else AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep -c "priority=1100"], [0], [$((21 - $i*2)) @@ -1691,7 +1691,7 @@ AT_CHECK([echo $(($reprocess_count_new - $reprocess_count_old))], [0], [2 reprocess_count_old=$(read_counter consider_logical_flow) for i in $(seq 10); do - check ovn-nbctl add address_set as1 addresses 10.0.0.$i,10.0.1.$i + check ovn-nbctl add address_set as1 addresses 10.$i.0.$i,10.$i.5.$i check ovn-nbctl --wait=hv sync if test "$i" = 3; then AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ @@ -1699,18 +1699,18 @@ for i in $(seq 10); do sed -r 's/conjunction.*,/conjunction,/' | \ sed -r 's/conj_id=.*,/conj_id=,/' | sort], [0], [dnl priority=1100,conj_id=,metadata=0x$dp_key actions=drop -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.0.1 actions=conjunction,1/2) -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.0.2 actions=conjunction,1/2) -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.0.3 actions=conjunction,1/2) -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.1.1 actions=conjunction,1/2) -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.1.2 actions=conjunction,1/2) -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.1.3 actions=conjunction,1/2) -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1 actions=conjunction,2/2) -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.2 actions=conjunction,2/2) -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.3 actions=conjunction,2/2) -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.1.1 actions=conjunction,2/2) -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.1.2 actions=conjunction,2/2) -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.1.3 actions=conjunction,2/2) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.1.0.1 actions=conjunction,1/2) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.1.5.1 actions=conjunction,1/2) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.2.0.2 actions=conjunction,1/2) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.2.5.2 actions=conjunction,1/2) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.3.0.3 actions=conjunction,1/2) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.3.5.3 actions=conjunction,1/2) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.1.0.1 actions=conjunction,2/2) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.1.5.1 actions=conjunction,2/2) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.2.0.2 actions=conjunction,2/2) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.2.5.2 actions=conjunction,2/2) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.3.0.3 actions=conjunction,2/2) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.3.5.3 actions=conjunction,2/2) ]) fi AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep -c "priority=1100"], [0], [$(($i * 4 + 1)) @@ -1727,29 +1727,29 @@ check ovn-nbctl acl-del ls1 check ovn-nbctl acl-add ls1 to-lport 100 'outport == "ls1-lp1" && ip4.src == {$as1, 10.10.10.10} && ip4.dst == $as1' drop # Reset as1 to 3 IPs -check ovn-nbctl set address_set as1 addresses=10.0.0.1,10.0.0.2,10.0.0.3 +check ovn-nbctl set address_set as1 addresses=10.1.0.1,10.2.0.2,10.3.0.3 check ovn-nbctl --wait=hv sync # Add 2 IPs reprocess_count_old=$(read_counter consider_logical_flow) -check ovn-nbctl add address_set as1 addresses 10.0.0.4,10.0.0.5 +check ovn-nbctl add address_set as1 addresses 10.4.0.4,10.5.0.5 check ovn-nbctl --wait=hv sync AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | \ sed -r 's/conjunction.*,/conjunction,/' | \ sed -r 's/conj_id=.*,/conj_id=,/' | sort], [0], [dnl priority=1100,conj_id=,metadata=0x$dp_key actions=drop -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.0.1 actions=conjunction,1/2) -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.0.2 actions=conjunction,1/2) -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.0.3 actions=conjunction,1/2) -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.0.4 actions=conjunction,1/2) -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.0.5 actions=conjunction,1/2) -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1 actions=conjunction,2/2) -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.2 actions=conjunction,2/2) -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.3 actions=conjunction,2/2) -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.4 actions=conjunction,2/2) -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.5 actions=conjunction,2/2) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.1.0.1 actions=conjunction,1/2) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.2.0.2 actions=conjunction,1/2) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.3.0.3 actions=conjunction,1/2) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.4.0.4 actions=conjunction,1/2) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.5.0.5 actions=conjunction,1/2) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.1.0.1 actions=conjunction,2/2) priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.10.10.10 actions=conjunction,2/2) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.2.0.2 actions=conjunction,2/2) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.3.0.3 actions=conjunction,2/2) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.4.0.4 actions=conjunction,2/2) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.5.0.5 actions=conjunction,2/2) ]) reprocess_count_new=$(read_counter consider_logical_flow) AT_CHECK([echo $(($reprocess_count_new - $reprocess_count_old))], [0], [1 @@ -1757,19 +1757,19 @@ AT_CHECK([echo $(($reprocess_count_new - $reprocess_count_old))], [0], [1 # Delete 2 IPs reprocess_count_old=$(read_counter consider_logical_flow) -check ovn-nbctl --wait=hv remove address_set as1 addresses 10.0.0.4,10.0.0.5 +check ovn-nbctl --wait=hv remove address_set as1 addresses 10.4.0.4,10.5.0.5 AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | \ sed -r 's/conjunction.*,/conjunction,/' | \ sed -r 's/conj_id=.*,/conj_id=,/' | sort], [0], [dnl priority=1100,conj_id=,metadata=0x$dp_key actions=drop -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.0.1 actions=conjunction,1/2) -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.0.2 actions=conjunction,1/2) -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.0.3 actions=conjunction,1/2) -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1 actions=conjunction,2/2) -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.2 actions=conjunction,2/2) -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.3 actions=conjunction,2/2) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.1.0.1 actions=conjunction,1/2) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.2.0.2 actions=conjunction,1/2) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.3.0.3 actions=conjunction,1/2) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.1.0.1 actions=conjunction,2/2) priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.10.10.10 actions=conjunction,2/2) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.2.0.2 actions=conjunction,2/2) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.3.0.3 actions=conjunction,2/2) ]) reprocess_count_new=$(read_counter consider_logical_flow) AT_CHECK([echo $(($reprocess_count_new - $reprocess_count_old))], [0], [1 @@ -1810,8 +1810,8 @@ read_counter() { # 2 ASes, each has 3 IPs, no overlapping. # 2 ACLs, each should generate a conjunction, and 1 overlapping tcp.dst # generating a flow with combined conjunctions. -ovn-nbctl create address_set name=as1 addresses=10.0.0.11,10.0.0.12,10.0.0.13 -ovn-nbctl create address_set name=as2 addresses=10.0.0.21,10.0.0.22,10.0.0.23 +ovn-nbctl create address_set name=as1 addresses=10.11.0.11,10.12.0.12,10.13.0.13 +ovn-nbctl create address_set name=as2 addresses=10.21.0.21,10.22.0.22,10.23.0.23 check ovn-nbctl acl-add ls1 to-lport 100 'outport == "ls1-lp1" && ip4.src == $as1 && tcp && tcp.dst == {101, 102}' drop check ovn-nbctl acl-add ls1 to-lport 100 'outport == "ls1-lp1" && ip4.src == $as2 && tcp && tcp.dst == {201, 202}' drop @@ -1822,12 +1822,12 @@ AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ sed -r 's/conj_id=.*,/conj_id=,/' | sort], [0], [dnl priority=1100,conj_id=,metadata=0x$dp_key actions=drop priority=1100,conj_id=,metadata=0x$dp_key actions=drop -priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.11 actions=conjunction,1/2) -priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.12 actions=conjunction,1/2) -priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.13 actions=conjunction,1/2) -priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.21 actions=conjunction,1/2) -priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.22 actions=conjunction,1/2) -priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.23 actions=conjunction,1/2) +priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.11.0.11 actions=conjunction,1/2) +priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.12.0.12 actions=conjunction,1/2) +priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.13.0.13 actions=conjunction,1/2) +priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.21.0.21 actions=conjunction,1/2) +priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.22.0.22 actions=conjunction,1/2) +priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.23.0.23 actions=conjunction,1/2) priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,tp_dst=101 actions=conjunction,2/2) priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,tp_dst=102 actions=conjunction,2/2) priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,tp_dst=201 actions=conjunction,2/2) @@ -1838,8 +1838,8 @@ priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,tp_dst=202 actions=conjun # conjunctions reprocess_count_old=$(read_counter consider_logical_flow) -check ovn-nbctl add address_set as1 addresses 10.0.0.14,10.0.0.33 -- \ - add address_set as2 addresses 10.0.0.24,10.0.0.33 +check ovn-nbctl add address_set as1 addresses 10.14.0.14,10.33.0.33 -- \ + add address_set as2 addresses 10.24.0.24,10.33.0.33 check ovn-nbctl --wait=hv sync AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | \ @@ -1847,15 +1847,15 @@ AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ sed -r 's/conj_id=.*,/conj_id=,/' | sort], [0], [dnl priority=1100,conj_id=,metadata=0x$dp_key actions=drop priority=1100,conj_id=,metadata=0x$dp_key actions=drop -priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.11 actions=conjunction,1/2) -priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.12 actions=conjunction,1/2) -priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.13 actions=conjunction,1/2) -priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.14 actions=conjunction,1/2) -priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.21 actions=conjunction,1/2) -priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.22 actions=conjunction,1/2) -priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.23 actions=conjunction,1/2) -priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.24 actions=conjunction,1/2) -priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.33 actions=conjunction,1/2),conjunction,1/2) +priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.11.0.11 actions=conjunction,1/2) +priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.12.0.12 actions=conjunction,1/2) +priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.13.0.13 actions=conjunction,1/2) +priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.14.0.14 actions=conjunction,1/2) +priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.21.0.21 actions=conjunction,1/2) +priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.22.0.22 actions=conjunction,1/2) +priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.23.0.23 actions=conjunction,1/2) +priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.24.0.24 actions=conjunction,1/2) +priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.33.0.33 actions=conjunction,1/2),conjunction,1/2) priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,tp_dst=101 actions=conjunction,2/2) priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,tp_dst=102 actions=conjunction,2/2) priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,tp_dst=201 actions=conjunction,2/2) @@ -1869,8 +1869,8 @@ AT_CHECK([echo $(($reprocess_count_new - $reprocess_count_old))], [0], [0 # Remove those 2 IPs from each AS, should return to the initial state reprocess_count_old=$(read_counter consider_logical_flow) -check ovn-nbctl remove address_set as1 addresses 10.0.0.14,10.0.0.33 -- \ - remove address_set as2 addresses 10.0.0.24,10.0.0.33 +check ovn-nbctl remove address_set as1 addresses 10.14.0.14,10.33.0.33 -- \ + remove address_set as2 addresses 10.24.0.24,10.33.0.33 check ovn-nbctl --wait=hv sync AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | \ @@ -1878,12 +1878,12 @@ AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ sed -r 's/conj_id=.*,/conj_id=,/' | sort], [0], [dnl priority=1100,conj_id=,metadata=0x$dp_key actions=drop priority=1100,conj_id=,metadata=0x$dp_key actions=drop -priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.11 actions=conjunction,1/2) -priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.12 actions=conjunction,1/2) -priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.13 actions=conjunction,1/2) -priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.21 actions=conjunction,1/2) -priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.22 actions=conjunction,1/2) -priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.23 actions=conjunction,1/2) +priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.11.0.11 actions=conjunction,1/2) +priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.12.0.12 actions=conjunction,1/2) +priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.13.0.13 actions=conjunction,1/2) +priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.21.0.21 actions=conjunction,1/2) +priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.22.0.22 actions=conjunction,1/2) +priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.23.0.23 actions=conjunction,1/2) priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,tp_dst=101 actions=conjunction,2/2) priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,tp_dst=102 actions=conjunction,2/2) priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,tp_dst=201 actions=conjunction,2/2) @@ -1892,7 +1892,7 @@ priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,tp_dst=202 actions=conjun reprocess_count_new=$(read_counter consider_logical_flow) # Because of the combined conjunction, AS cannot be tracked for the flow for -# 10.0.0.33, so removing would trigger reprocessing. +# 10.33.0.33, so removing would trigger reprocessing. AT_CHECK([echo $(($reprocess_count_new - $reprocess_count_old))], [0], [2 ]) @@ -1934,16 +1934,17 @@ check ovn-nbctl --wait=hv acl-add ls1 to-lport 100 'outport == "ls1-lp1" && eth. reprocess_count_old=$(read_counter consider_logical_flow) for i in $(seq 5); do - check ovn-nbctl add address_set as1 addresses "aa\:aa\:aa\:aa\:aa\:0$i" + check ovn-nbctl add address_set as1 addresses "aa\:aa\:aa\:aa\:0$i\:0$i" check ovn-nbctl --wait=hv sync if test "$i" = 3; then AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | sort], [0], [dnl -priority=1100,reg15=0x$port_key,metadata=0x$dp_key,dl_src=aa:aa:aa:aa:aa:01 actions=drop -priority=1100,reg15=0x$port_key,metadata=0x$dp_key,dl_src=aa:aa:aa:aa:aa:02 actions=drop -priority=1100,reg15=0x$port_key,metadata=0x$dp_key,dl_src=aa:aa:aa:aa:aa:03 actions=drop +priority=1100,reg15=0x$port_key,metadata=0x$dp_key,dl_src=aa:aa:aa:aa:01:01 actions=drop +priority=1100,reg15=0x$port_key,metadata=0x$dp_key,dl_src=aa:aa:aa:aa:02:02 actions=drop +priority=1100,reg15=0x$port_key,metadata=0x$dp_key,dl_src=aa:aa:aa:aa:03:03 actions=drop ]) fi + ovs-ofctl dump-flows br-int table=44 AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep -c "priority=1100"], [0], [$i ]) done @@ -1956,13 +1957,13 @@ AT_CHECK([echo $(($reprocess_count_new - $reprocess_count_old))], [0], [2 reprocess_count_old=$(read_counter consider_logical_flow) for i in $(seq 5); do - check ovn-nbctl remove address_set as1 addresses "aa\:aa\:aa\:aa\:aa\:0$i" + check ovn-nbctl remove address_set as1 addresses "aa\:aa\:aa\:aa\:0$i\:0$i" check ovn-nbctl --wait=hv sync ovs-ofctl dump-flows br-int table=44 | grep "priority=1100" if test "$i" = 4; then AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}'], [0], [dnl -priority=1100,reg15=0x$port_key,metadata=0x$dp_key,dl_src=aa:aa:aa:aa:aa:05 actions=drop +priority=1100,reg15=0x$port_key,metadata=0x$dp_key,dl_src=aa:aa:aa:aa:05:05 actions=drop ]) fi if test "$i" = 5; then @@ -2015,14 +2016,14 @@ check ovn-nbctl --wait=hv acl-add ls1 to-lport 100 'outport == "ls1-lp1" && ip6. reprocess_count_old=$(read_counter consider_logical_flow) for i in $(seq 5); do - check ovn-nbctl add address_set as1 addresses "ff\:\:0$i" + check ovn-nbctl add address_set as1 addresses "ff\:\:0$i\:0$i" check ovn-nbctl --wait=hv sync if test "$i" = 3; then AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | sort], [0], [dnl -priority=1100,ipv6,reg15=0x$port_key,metadata=0x$dp_key,ipv6_src=ff::1 actions=drop -priority=1100,ipv6,reg15=0x$port_key,metadata=0x$dp_key,ipv6_src=ff::2 actions=drop -priority=1100,ipv6,reg15=0x$port_key,metadata=0x$dp_key,ipv6_src=ff::3 actions=drop +priority=1100,ipv6,reg15=0x$port_key,metadata=0x$dp_key,ipv6_src=ff::1:1 actions=drop +priority=1100,ipv6,reg15=0x$port_key,metadata=0x$dp_key,ipv6_src=ff::2:2 actions=drop +priority=1100,ipv6,reg15=0x$port_key,metadata=0x$dp_key,ipv6_src=ff::3:3 actions=drop ]) fi AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep -c "priority=1100"], [0], [$i @@ -2037,12 +2038,12 @@ AT_CHECK([echo $(($reprocess_count_new - $reprocess_count_old))], [0], [2 reprocess_count_old=$(read_counter consider_logical_flow) for i in $(seq 5); do - check ovn-nbctl remove address_set as1 addresses "ff\:\:0$i" + check ovn-nbctl remove address_set as1 addresses "ff\:\:0$i\:0$i" check ovn-nbctl --wait=hv sync if test "$i" = 4; then AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}'], [0], [dnl -priority=1100,ipv6,reg15=0x$port_key,metadata=0x$dp_key,ipv6_src=ff::5 actions=drop +priority=1100,ipv6,reg15=0x$port_key,metadata=0x$dp_key,ipv6_src=ff::5:5 actions=drop ]) fi if test "$i" = 5; then diff --git a/tests/ovn.at b/tests/ovn.at index de239dd69..54f8a9bc6 100644 --- a/tests/ovn.at +++ b/tests/ovn.at @@ -736,37 +736,38 @@ expr_to_flow () { echo "$1" | ovstest test-ovn expr-to-flows | sort } AT_CHECK([expr_to_flow 'ip4.src == {10.0.0.1, 10.0.0.2, 10.0.0.3}'], [0], [dnl -ip,nw_src=10.0.0.1 +ip,nw_src=10.0.0.1/255.255.255.253 ip,nw_src=10.0.0.2 -ip,nw_src=10.0.0.3 ]) -AT_CHECK([expr_to_flow 'ip4.src == $set1'], [0], [dnl +AT_CHECK([expr_to_flow 'ip4.src == {10.0.0.2, 10.0.0.1, 10.0.0.3}'], [0], [dnl ip,nw_src=10.0.0.1 +ip,nw_src=10.0.0.2/31 +]) +AT_CHECK([expr_to_flow 'ip4.src == {10.0.0.0/24, 10.0.1.0/24, 10.0.2.0/24, 10.0.3.0/24}'], [0], [dnl +ip,nw_src=10.0.0.0/22 +]) +AT_CHECK([expr_to_flow 'ip4.src == $set1'], [0], [dnl +ip,nw_src=10.0.0.1/255.255.255.253 ip,nw_src=10.0.0.2 -ip,nw_src=10.0.0.3 ]) AT_CHECK([expr_to_flow 'ip4.src == {1.2.3.4, $set1}'], [0], [dnl ip,nw_src=1.2.3.4 -ip,nw_src=10.0.0.1 +ip,nw_src=10.0.0.1/255.255.255.253 ip,nw_src=10.0.0.2 -ip,nw_src=10.0.0.3 ]) AT_CHECK([expr_to_flow 'ip4.src == {1.2.0.0/20, 5.5.5.0/24, $set1}'], [0], [dnl ip,nw_src=1.2.0.0/20 -ip,nw_src=10.0.0.1 +ip,nw_src=10.0.0.1/255.255.255.253 ip,nw_src=10.0.0.2 -ip,nw_src=10.0.0.3 ip,nw_src=5.5.5.0/24 ]) AT_CHECK([expr_to_flow 'ip6.src == {::1, ::2, ::3}'], [0], [dnl -ipv6,ipv6_src=::1 +ipv6,ipv6_src=::1/ffff:ffff:ffff:ffff:ffff:ffff:ffff:fffd ipv6,ipv6_src=::2 -ipv6,ipv6_src=::3 ]) AT_CHECK([expr_to_flow 'ip6.src == {::1, $set2, ::4}'], [0], [dnl -ipv6,ipv6_src=::1 +ipv6,ipv6_src=::1/ffff:ffff:ffff:ffff:ffff:ffff:ffff:fffd ipv6,ipv6_src=::2 -ipv6,ipv6_src=::3 ipv6,ipv6_src=::4 ]) AT_CHECK([expr_to_flow 'eth.src == {00:00:00:00:00:01, 00:00:00:00:00:02, 00:00:00:00:00:03}'], [0], [dnl @@ -818,9 +819,8 @@ ip,nw_src=64.0.0.0/64.0.0.0 ip,nw_src=8.0.0.0/8.0.0.0 ]) AT_CHECK([expr_to_flow 'ip4.dst == 172.27.0.65 && ip4.src == $set1 && ip4.dst != 10.128.0.0/14'], [0], [dnl -ip,nw_src=10.0.0.1,nw_dst=172.27.0.65 +ip,nw_src=10.0.0.1/255.255.255.253,nw_dst=172.27.0.65 ip,nw_src=10.0.0.2,nw_dst=172.27.0.65 -ip,nw_src=10.0.0.3,nw_dst=172.27.0.65 ]) AT_CHECK([expr_to_flow 'ip4.src == 172.168.13.0/16 && ip4.src != {172.168.13.0/24, 172.168.14.0/24}'], [0], [dnl ip,nw_src=172.168.0.0/255.255.3.0 @@ -834,6 +834,17 @@ ip,nw_src=172.168.64.0/255.255.64.0 ]) dnl Negative match flow explosion. AT_CHECK([test $(expr_to_flow 'ip4.src != {172.168.13.0/24, 172.168.14.0/24, 172.168.15.0/24}' | wc -l) -le 30]) + +AT_CHECK([expr_to_flow 'ip4.src == {172.168.12.0/24, 172.168.13.0/24, 172.168.14.0/24, 172.168.15.0/24, 172.169.12.0/24}'], [0], [dnl +ip,nw_src=172.168.12.0/22 +ip,nw_src=172.169.12.0/24 +]) +dnl Inefficient aggregation due to the order. +AT_CHECK([expr_to_flow 'ip4.src == {172.169.12.0/24, 172.168.12.0/24, 172.168.13.0/24, 172.168.14.0/24, 172.168.15.0/24}'], [0], [dnl +ip,nw_src=172.168.12.0/255.254.255.0 +ip,nw_src=172.168.13.0/255.255.253.0 +ip,nw_src=172.168.14.0/24 +]) AT_CLEANUP AT_SETUP([converting expressions to flows -- port groups]) @@ -864,12 +875,10 @@ lflow="ip4.src == {10.0.0.1, 10.0.0.2, 10.0.0.3} && \ ip4.dst == {20.0.0.1, 20.0.0.2, 20.0.0.3}" AT_CHECK([expr_to_flow "$lflow"], [0], [dnl conj_id=1,ip -ip,nw_dst=20.0.0.1: conjunction(1, 0/2) +ip,nw_dst=20.0.0.1/255.255.255.253: conjunction(1, 0/2) ip,nw_dst=20.0.0.2: conjunction(1, 0/2) -ip,nw_dst=20.0.0.3: conjunction(1, 0/2) -ip,nw_src=10.0.0.1: conjunction(1, 1/2) +ip,nw_src=10.0.0.1/255.255.255.253: conjunction(1, 1/2) ip,nw_src=10.0.0.2: conjunction(1, 1/2) -ip,nw_src=10.0.0.3: conjunction(1, 1/2) ]) lflow="ip && (!ct.est || (ct.est && ct_mark.blocked == 1))" @@ -886,9 +895,8 @@ AT_CHECK([expr_to_flow "$lflow"], [0], [dnl conj_id=1,ip ip,nw_dst=20.0.0.1: conjunction(1, 0/2) ip,nw_dst=20.0.0.2: conjunction(1, 0/2) -ip,nw_src=10.0.0.1: conjunction(1, 1/2) +ip,nw_src=10.0.0.1/255.255.255.253: conjunction(1, 1/2) ip,nw_src=10.0.0.2: conjunction(1, 1/2) -ip,nw_src=10.0.0.3: conjunction(1, 1/2) ]) lflow="ip4 && ip4.src == {10.0.0.1, 10.0.0.2, 10.0.0.3} && \ @@ -897,17 +905,12 @@ tcp.dst >= 1000 && tcp.dst <= 1010" AT_CHECK([expr_to_flow "$lflow"], [0], [dnl conj_id=1,tcp -tcp,nw_dst=20.0.0.1: conjunction(1, 0/3) +tcp,nw_dst=20.0.0.1/255.255.255.253: conjunction(1, 0/3) tcp,nw_dst=20.0.0.2: conjunction(1, 0/3) -tcp,nw_dst=20.0.0.3: conjunction(1, 0/3) -tcp,nw_src=10.0.0.1: conjunction(1, 1/3) +tcp,nw_src=10.0.0.1/255.255.255.253: conjunction(1, 1/3) tcp,nw_src=10.0.0.2: conjunction(1, 1/3) -tcp,nw_src=10.0.0.3: conjunction(1, 1/3) -tcp,tp_dst=0x3ea/0xfffe: conjunction(1, 2/3) -tcp,tp_dst=0x3ec/0xfffc: conjunction(1, 2/3) +tcp,tp_dst=0x3e8/0xfff8: conjunction(1, 2/3) tcp,tp_dst=0x3f0/0xfffe: conjunction(1, 2/3) -tcp,tp_dst=1000: conjunction(1, 2/3) -tcp,tp_dst=1001: conjunction(1, 2/3) tcp,tp_dst=1010: conjunction(1, 2/3) ]) @@ -918,39 +921,30 @@ tcp.dst <= 2000 && tcp.src >=1000 && tcp.src <= 2000) \ AT_CHECK([expr_to_flow "$lflow"], [0], [dnl conj_id=1,tcp -ip,nw_src=10.0.0.4,nw_dst=20.0.0.5 -ip,nw_src=10.0.0.4,nw_dst=20.0.0.6 -ip,nw_src=10.0.0.5,nw_dst=20.0.0.5 -ip,nw_src=10.0.0.5,nw_dst=20.0.0.6 +ip,nw_src=10.0.0.4/31,nw_dst=20.0.0.5 +ip,nw_src=10.0.0.4/31,nw_dst=20.0.0.6 ip,nw_src=10.0.0.6,nw_dst=20.0.0.5 ip,nw_src=10.0.0.6,nw_dst=20.0.0.6 tcp,nw_dst=20.0.0.4: conjunction(1, 0/4) tcp,nw_dst=20.0.0.7: conjunction(1, 0/4) tcp,nw_dst=20.0.0.8: conjunction(1, 0/4) -tcp,nw_src=10.0.0.4: conjunction(1, 1/4) -tcp,nw_src=10.0.0.5: conjunction(1, 1/4) +tcp,nw_src=10.0.0.4/31: conjunction(1, 1/4) tcp,nw_src=10.0.0.6: conjunction(1, 1/4) -tcp,tp_dst=0x3ea/0xfffe: conjunction(1, 2/4) -tcp,tp_dst=0x3ec/0xfffc: conjunction(1, 2/4) +tcp,tp_dst=0x3e8/0xfff8: conjunction(1, 2/4) tcp,tp_dst=0x3f0/0xfff0: conjunction(1, 2/4) tcp,tp_dst=0x400/0xfe00: conjunction(1, 2/4) tcp,tp_dst=0x600/0xff00: conjunction(1, 2/4) tcp,tp_dst=0x700/0xff80: conjunction(1, 2/4) tcp,tp_dst=0x780/0xffc0: conjunction(1, 2/4) tcp,tp_dst=0x7c0/0xfff0: conjunction(1, 2/4) -tcp,tp_dst=1000: conjunction(1, 2/4) -tcp,tp_dst=1001: conjunction(1, 2/4) tcp,tp_dst=2000: conjunction(1, 2/4) -tcp,tp_src=0x3ea/0xfffe: conjunction(1, 3/4) -tcp,tp_src=0x3ec/0xfffc: conjunction(1, 3/4) +tcp,tp_src=0x3e8/0xfff8: conjunction(1, 3/4) tcp,tp_src=0x3f0/0xfff0: conjunction(1, 3/4) tcp,tp_src=0x400/0xfe00: conjunction(1, 3/4) tcp,tp_src=0x600/0xff00: conjunction(1, 3/4) tcp,tp_src=0x700/0xff80: conjunction(1, 3/4) tcp,tp_src=0x780/0xffc0: conjunction(1, 3/4) tcp,tp_src=0x7c0/0xfff0: conjunction(1, 3/4) -tcp,tp_src=1000: conjunction(1, 3/4) -tcp,tp_src=1001: conjunction(1, 3/4) tcp,tp_src=2000: conjunction(1, 3/4) ]) AT_CLEANUP @@ -17450,14 +17444,14 @@ ovn_start ovn-nbctl ls-add ls1 ovn-nbctl lsp-add ls1 ls1-lp1 \ --- lsp-set-addresses ls1-lp1 "f0:00:00:00:00:01 10.0.0.4" +-- lsp-set-addresses ls1-lp1 "f0:00:00:00:00:01 10.4.0.4" -ovn-nbctl lsp-set-port-security ls1-lp1 "f0:00:00:00:00:01 10.0.0.4" +ovn-nbctl lsp-set-port-security ls1-lp1 "f0:00:00:00:00:01 10.4.0.4" ovn-nbctl lsp-add ls1 ls1-lp2 \ -- lsp-set-addresses ls1-lp2 "f0:00:00:00:00:02 10.0.0.6" -ovn-nbctl lsp-set-port-security ls1-lp2 "f0:00:00:00:00:02 10.0.0.6" +ovn-nbctl lsp-set-port-security ls1-lp2 "f0:00:00:00:00:02 10.6.0.6" net_add n1 sim_add hv1 @@ -17478,9 +17472,9 @@ ovs-vsctl -- add-port br-int hv1-vif2 -- \ ofport-request=2 ovn-nbctl create Address_Set name=set1 \ -addresses=\"10.0.0.4\",\"10.0.0.5\",\"10.0.0.6\" +addresses=\"10.4.0.4\",\"10.5.0.5\",\"10.6.0.6\" ovn-nbctl create Address_Set name=set2 \ -addresses=\"10.0.0.7\",\"10.0.0.8\",\"10.0.0.9\" +addresses=\"10.7.0.7\",\"10.8.0.8\",\"10.9.0.9\" ovn-nbctl acl-add ls1 to-lport 1001 \ 'ip4 && ip4.src == $set1 && ip4.dst == $set1' allow check ovn-nbctl --wait=hv acl-add ls1 to-lport 1001 \ @@ -17506,8 +17500,8 @@ ${dst_ip}0035111100080000 done } -sip=`ip_to_hex 10 0 0 4` -dip=`ip_to_hex 10 0 0 6` +sip=`ip_to_hex 10 4 0 4` +dip=`ip_to_hex 10 6 0 6` test_ip 1 f00000000001 f00000000002 $sip $dip hv1/vif2-tx.pcap 2 @@ -17519,15 +17513,15 @@ AT_CHECK([cat 2.packets], [0], [expout]) # with conj match. Eg. # table=44, priority=2001,conj_id=2,metadata=0x1 actions=resubmit(,45) # table=44, priority=2001,conj_id=3,metadata=0x1 actions=drop -# priority=2001,ip,metadata=0x1,nw_dst=10.0.0.6 actions=conjunction(2,2/2) -# priority=2001,ip,metadata=0x1,nw_dst=10.0.0.4 actions=conjunction(2,2/2) -# priority=2001,ip,metadata=0x1,nw_dst=10.0.0.5 actions=conjunction(2,2/2) -# priority=2001,ip,metadata=0x1,nw_dst=10.0.0.7 actions=conjunction(3,2/2) -# priority=2001,ip,metadata=0x1,nw_dst=10.0.0.9 actions=conjunction(3,2/2) -# priority=2001,ip,metadata=0x1,nw_dst=10.0.0.8 actions=conjunction(3,2/2) -# priority=2001,ip,metadata=0x1,nw_src=10.0.0.6 actions=conjunction(2,1/2),conjunction(3,1/2) -# priority=2001,ip,metadata=0x1,nw_src=10.0.0.4 actions=conjunction(2,1/2),conjunction(3,1/2) -# priority=2001,ip,metadata=0x1,nw_src=10.0.0.5 actions=conjunction(2,1/2),conjunction(3,1/2) +# priority=2001,ip,metadata=0x1,nw_dst=10.6.0.6 actions=conjunction(2,2/2) +# priority=2001,ip,metadata=0x1,nw_dst=10.4.0.4 actions=conjunction(2,2/2) +# priority=2001,ip,metadata=0x1,nw_dst=10.5.0.5 actions=conjunction(2,2/2) +# priority=2001,ip,metadata=0x1,nw_dst=10.7.0.7 actions=conjunction(3,2/2) +# priority=2001,ip,metadata=0x1,nw_dst=10.9.0.9 actions=conjunction(3,2/2) +# priority=2001,ip,metadata=0x1,nw_dst=10.8.0.8 actions=conjunction(3,2/2) +# priority=2001,ip,metadata=0x1,nw_src=10.6.0.6 actions=conjunction(2,1/2),conjunction(3,1/2) +# priority=2001,ip,metadata=0x1,nw_src=10.4.0.4 actions=conjunction(2,1/2),conjunction(3,1/2) +# priority=2001,ip,metadata=0x1,nw_src=10.5.0.5 actions=conjunction(2,1/2),conjunction(3,1/2) OVS_WAIT_UNTIL([test 9 = `as hv1 ovs-ofctl dump-flows br-int | \ grep conjunction | wc -l`]) @@ -17539,15 +17533,15 @@ grep conj_id | wc -l`]) as hv1 ovs-ofctl dump-flows br-int # Set the ip address for ls1-lp2 from set2 so that the drop ACL flow is hit. -ovn-nbctl lsp-set-addresses ls1-lp2 "f0:00:00:00:00:02 10.0.0.7 20.0.0.4" -ovn-nbctl lsp-set-port-security ls1-lp2 "f0:00:00:00:00:02 10.0.0.7 20.0.0.4" +ovn-nbctl lsp-set-addresses ls1-lp2 "f0:00:00:00:00:02 10.7.0.7 20.4.0.4" +ovn-nbctl lsp-set-port-security ls1-lp2 "f0:00:00:00:00:02 10.7.0.7 20.4.0.4" reset_pcap_file hv1-vif2 hv1/vif2 rm -f 2.packets -sip=`ip_to_hex 10 0 0 4` -dip=`ip_to_hex 10 0 0 7` +sip=`ip_to_hex 10 4 0 4` +dip=`ip_to_hex 10 7 0 7` test_ip 1 f00000000001 f00000000002 $sip $dip @@ -17559,12 +17553,12 @@ AT_CHECK([cat 2.packets], [0], []) # There should be total of 6 flows present with conjunction action and 1 flow # with conj match. Eg. # table=44, priority=2001,conj_id=3,metadata=0x1 actions=drop -# priority=2001,ip,metadata=0x1,nw_dst=10.0.0.7 actions=conjunction(4,2/2) -# priority=2001,ip,metadata=0x1,nw_dst=10.0.0.9 actions=conjunction(4,2/2) -# priority=2001,ip,metadata=0x1,nw_dst=10.0.0.8 actions=conjunction(4,2/2) -# priority=2001,ip,metadata=0x1,nw_src=10.0.0.6 actions=conjunction(4,1/2) -# priority=2001,ip,metadata=0x1,nw_src=10.0.0.4 actions=conjunction(4,1/2) -# priority=2001,ip,metadata=0x1,nw_src=10.0.0.5 actions=conjunction(4,1/2) +# priority=2001,ip,metadata=0x1,nw_dst=10.7.0.7 actions=conjunction(4,2/2) +# priority=2001,ip,metadata=0x1,nw_dst=10.9.0.9 actions=conjunction(4,2/2) +# priority=2001,ip,metadata=0x1,nw_dst=10.8.0.8 actions=conjunction(4,2/2) +# priority=2001,ip,metadata=0x1,nw_src=10.6.0.6 actions=conjunction(4,1/2) +# priority=2001,ip,metadata=0x1,nw_src=10.4.0.4 actions=conjunction(4,1/2) +# priority=2001,ip,metadata=0x1,nw_src=10.5.0.5 actions=conjunction(4,1/2) ovn-nbctl acl-del ls1 to-lport 1001 \ 'ip4 && ip4.src == $set1 && ip4.dst == $set1' @@ -17581,18 +17575,18 @@ ovn-nbctl acl-add ls1 to-lport 1001 \ 'ip4 && ip4.src == $set1 && ip4.dst == $set1' allow # Add one more ACL with more overlapping ovn-nbctl acl-add ls1 to-lport 1001 \ -'ip4 && ip4.src == $set1 && ip4.dst == {10.0.0.9, 10.0.0.10}' drop - -# priority=2001,ip,metadata=0x1,nw_dst=10.0.0.8 actions=conjunction(4,1/2) -# priority=2001,ip,metadata=0x1,nw_dst=10.0.0.7 actions=conjunction(4,1/2) -# priority=2001,ip,metadata=0x1,nw_dst=10.0.0.4 actions=conjunction(5,1/2) -# priority=2001,ip,metadata=0x1,nw_dst=10.0.0.5 actions=conjunction(5,1/2) -# priority=2001,ip,metadata=0x1,nw_dst=10.0.0.6 actions=conjunction(5,1/2) -# priority=2001,ip,metadata=0x1,nw_dst=10.0.0.9 actions=conjunction(4,1/2),conjunction(6,1/2) -# priority=2001,ip,metadata=0x1,nw_dst=10.0.0.10 actions=conjunction(6,1/2) -# priority=2001,ip,metadata=0x1,nw_src=10.0.0.5 actions=conjunction(4,2/2),conjunction(5,2/2),conjunction(6,2/2) -# priority=2001,ip,metadata=0x1,nw_src=10.0.0.4 actions=conjunction(4,2/2),conjunction(5,2/2),conjunction(6,2/2) -# priority=2001,ip,metadata=0x1,nw_src=10.0.0.6 actions=conjunction(4,2/2),conjunction(5,2/2),conjunction(6,2/2) +'ip4 && ip4.src == $set1 && ip4.dst == {10.9.0.9, 10.10.0.10}' drop + +# priority=2001,ip,metadata=0x1,nw_dst=10.8.0.8 actions=conjunction(4,1/2) +# priority=2001,ip,metadata=0x1,nw_dst=10.7.0.7 actions=conjunction(4,1/2) +# priority=2001,ip,metadata=0x1,nw_dst=10.4.0.4 actions=conjunction(5,1/2) +# priority=2001,ip,metadata=0x1,nw_dst=10.5.0.5 actions=conjunction(5,1/2) +# priority=2001,ip,metadata=0x1,nw_dst=10.6.0.6 actions=conjunction(5,1/2) +# priority=2001,ip,metadata=0x1,nw_dst=10.9.0.9 actions=conjunction(4,1/2),conjunction(6,1/2) +# priority=2001,ip,metadata=0x1,nw_dst=10.10.0.10 actions=conjunction(6,1/2) +# priority=2001,ip,metadata=0x1,nw_src=10.5.0.5 actions=conjunction(4,2/2),conjunction(5,2/2),conjunction(6,2/2) +# priority=2001,ip,metadata=0x1,nw_src=10.4.0.4 actions=conjunction(4,2/2),conjunction(5,2/2),conjunction(6,2/2) +# priority=2001,ip,metadata=0x1,nw_src=10.6.0.6 actions=conjunction(4,2/2),conjunction(5,2/2),conjunction(6,2/2) OVS_WAIT_UNTIL([test 10 = `as hv1 ovs-ofctl dump-flows br-int | \ grep conjunction | wc -l`]) @@ -17601,19 +17595,19 @@ grep conjunction.*conjunction | wc -l`]) OVS_WAIT_UNTIL([test 3 = `as hv1 ovs-ofctl dump-flows br-int | \ grep conjunction.*conjunction.*conjunction | wc -l`]) -# Remove 10.0.0.7 from address set2. All flows should be updated properly. +# Remove 10.7.0.7 from address set2. All flows should be updated properly. ovn-nbctl set Address_Set set2 \ -addresses=\"10.0.0.8\",\"10.0.0.9\" - -# priority=2001,ip,metadata=0x1,nw_dst=10.0.0.4 actions=conjunction(9,1/2) -# priority=2001,ip,metadata=0x1,nw_dst=10.0.0.10 actions=conjunction(7,1/2) -# priority=2001,ip,metadata=0x1,nw_dst=10.0.0.8 actions=conjunction(8,1/2) -# priority=2001,ip,metadata=0x1,nw_dst=10.0.0.5 actions=conjunction(9,1/2) -# priority=2001,ip,metadata=0x1,nw_dst=10.0.0.9 actions=conjunction(7,1/2),conjunction(8,1/2) -# priority=2001,ip,metadata=0x1,nw_dst=10.0.0.6 actions=conjunction(9,1/2) -# priority=2001,ip,metadata=0x1,nw_src=10.0.0.5 actions=conjunction(7,2/2),conjunction(8,2/2),conjunction(9,2/2) -# priority=2001,ip,metadata=0x1,nw_src=10.0.0.6 actions=conjunction(7,2/2),conjunction(8,2/2),conjunction(9,2/2) -# priority=2001,ip,metadata=0x1,nw_src=10.0.0.4 actions=conjunction(7,2/2),conjunction(8,2/2),conjunction(9,2/2) +addresses=\"10.8.0.8\",\"10.9.0.9\" + +# priority=2001,ip,metadata=0x1,nw_dst=10.4.0.4 actions=conjunction(9,1/2) +# priority=2001,ip,metadata=0x1,nw_dst=10.10.0.10 actions=conjunction(7,1/2) +# priority=2001,ip,metadata=0x1,nw_dst=10.8.0.8 actions=conjunction(8,1/2) +# priority=2001,ip,metadata=0x1,nw_dst=10.5.0.5 actions=conjunction(9,1/2) +# priority=2001,ip,metadata=0x1,nw_dst=10.9.0.9 actions=conjunction(7,1/2),conjunction(8,1/2) +# priority=2001,ip,metadata=0x1,nw_dst=10.6.0.6 actions=conjunction(9,1/2) +# priority=2001,ip,metadata=0x1,nw_src=10.5.0.5 actions=conjunction(7,2/2),conjunction(8,2/2),conjunction(9,2/2) +# priority=2001,ip,metadata=0x1,nw_src=10.6.0.6 actions=conjunction(7,2/2),conjunction(8,2/2),conjunction(9,2/2) +# priority=2001,ip,metadata=0x1,nw_src=10.4.0.4 actions=conjunction(7,2/2),conjunction(8,2/2),conjunction(9,2/2) OVS_WAIT_UNTIL([test 9 = `as hv1 ovs-ofctl dump-flows br-int | \ grep conjunction | wc -l`]) @@ -17628,12 +17622,12 @@ ovn-nbctl acl-del ls1 to-lport 1001 \ wait_for_ports_up ovn-nbctl --wait=hv sync -# priority=2001,ip,metadata=0x1,nw_dst=10.0.0.10 actions=conjunction(10,1/2) -# priority=2001,ip,metadata=0x1,nw_dst=10.0.0.8 actions=conjunction(11,1/2) -# priority=2001,ip,metadata=0x1,nw_dst=10.0.0.9 actions=conjunction(10,1/2),conjunction(11,1/2) -# priority=2001,ip,metadata=0x1,nw_src=10.0.0.5 actions=conjunction(10,2/2),conjunction(11,2/2) -# priority=2001,ip,metadata=0x1,nw_src=10.0.0.6 actions=conjunction(10,2/2),conjunction(11,2/2) -# priority=2001,ip,metadata=0x1,nw_src=10.0.0.4 actions=conjunction(10,2/2),conjunction(11,2/2) +# priority=2001,ip,metadata=0x1,nw_dst=10.10.0.10 actions=conjunction(10,1/2) +# priority=2001,ip,metadata=0x1,nw_dst=10.8.0.8 actions=conjunction(11,1/2) +# priority=2001,ip,metadata=0x1,nw_dst=10.9.0.9 actions=conjunction(10,1/2),conjunction(11,1/2) +# priority=2001,ip,metadata=0x1,nw_src=10.5.0.5 actions=conjunction(10,2/2),conjunction(11,2/2) +# priority=2001,ip,metadata=0x1,nw_src=10.6.0.6 actions=conjunction(10,2/2),conjunction(11,2/2) +# priority=2001,ip,metadata=0x1,nw_src=10.4.0.4 actions=conjunction(10,2/2),conjunction(11,2/2) OVS_WAIT_UNTIL([test 6 = `as hv1 ovs-ofctl dump-flows br-int | \ grep conjunction | wc -l`]) @@ -19446,7 +19440,7 @@ for i in 1 2 3; do # Update address set as1 ovn-nbctl --wait=hv set addr as1 addresses="10.1.2.10 10.1.2.11" - AT_CHECK([ovs-ofctl dump-flows br-int | grep "10.1.2.11"], [0], [ignore]) + AT_CHECK([ovs-ofctl dump-flows br-int | grep "10.1.2.10/31"], [0], [ignore]) # Update address set as2 ovn-nbctl --wait=hv set addr as2 addresses="10.1.2.12 10.1.2.13" @@ -31510,7 +31504,7 @@ ovn-nbctl lr-add lr0 for i in $(seq 0 9); do ovn-nbctl ls-add ls$i - ovn-nbctl lrp-add lr0 lrp_lr0_ls$i aa:bb:bb:00:00:0$i 192.168.${i}.1/24 + ovn-nbctl lrp-add lr0 lrp_lr0_ls$i aa:bb:bb:00:00:0$i 192.${i}.${i}.1/24 ovn-nbctl lsp-add ls$i lsp_ls${i}_lr0 -- \ lsp-set-addresses lsp_ls${i}_lr0 router -- \ @@ -31519,7 +31513,7 @@ for i in $(seq 0 9); do for j in 0 1; do ovn-nbctl lsp-add ls$i lsp${i}-${j} -- \ - lsp-set-addresses lsp${i}-${j} "aa:aa:aa:00:0$i:0$j 192.168.$i.1$j" + lsp-set-addresses lsp${i}-${j} "aa:aa:aa:00:0$i:0$j 192.$i.$i.$((($j + 1) * 4))" done done @@ -31551,7 +31545,7 @@ AT_CHECK([test $(ovs-ofctl dump-flows br-int table=44 | grep conjunction | wc -l ovs-vsctl del-port br-int lsp0-0 check ovn-nbctl --wait=hv sync AT_CHECK([test $(ovs-ofctl dump-flows br-int table=44 | grep conjunction | wc -l) == 0]) -AT_CHECK([test $(ovs-ofctl dump-flows br-int table=44 | grep 192.168 | wc -l) == 10]) +AT_CHECK([test $(ovs-ofctl dump-flows br-int table=44 | grep 192. | wc -l) == 10]) # 3. Rebind lsp0-0. The expected conjunction flows are back to 12. ovs-vsctl add-port br-int lsp0-0 -- set interface lsp0-0 external_ids:iface-id=lsp0-0

[ovs-dev,v2,3/3] expr: Combine OR sub-expressions into supersets.

Checks

Commit Message

Comments

Patch