From patchwork Wed May 3 01:12:37 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ihar Hrachyshka X-Patchwork-Id: 1776089 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=2605:bc80:3010::137; helo=smtp4.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=XZ2U63k2; dkim-atps=neutral Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4Q9zTn6sNDz1ydX for ; Wed, 3 May 2023 11:13:17 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 6D23341DEE; Wed, 3 May 2023 01:13:15 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 6D23341DEE Authentication-Results: smtp4.osuosl.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=XZ2U63k2 X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0f7JTGoMgQM4; Wed, 3 May 2023 01:13:09 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp4.osuosl.org (Postfix) with ESMTPS id 58F5341E16; Wed, 3 May 2023 01:13:05 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 58F5341E16 Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id C981CC007E; Wed, 3 May 2023 01:13:03 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by lists.linuxfoundation.org (Postfix) with ESMTP id 3E48FC002A for ; Wed, 3 May 2023 01:13:02 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id AE84160FEF for ; Wed, 3 May 2023 01:12:59 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org AE84160FEF Authentication-Results: smtp3.osuosl.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=XZ2U63k2 X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qXKt0_-1FRUo for ; Wed, 3 May 2023 01:12:55 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 5409760F9A Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by smtp3.osuosl.org (Postfix) with ESMTPS id 5409760F9A for ; Wed, 3 May 2023 01:12:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1683076374; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=LTsOV+eH+O5ePGBpQ8jbWoXNNaHkcsSE6tgEgRNc+2M=; b=XZ2U63k2bdYh4ufCbfh8S7jJ+qOLLomP8MXaesSsMpHnlqdEYhuTjuZ4R4rks7thi3LI3l 8tVDCWmcN5cjhr6fpMXB8szemtR7cegjRII/19ANll7B2tLu4mVVrD5nu4AGOwWq+08DPn ussjUPKG7AWGgBRPhQUws0FhE1e6Lfw= Received: from mail-qk1-f200.google.com (mail-qk1-f200.google.com [209.85.222.200]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-608-DkpdQTttNOieiKJIwWsvIw-1; Tue, 02 May 2023 21:12:53 -0400 X-MC-Unique: DkpdQTttNOieiKJIwWsvIw-1 Received: by mail-qk1-f200.google.com with SMTP id af79cd13be357-74deda8705dso262095785a.1 for ; Tue, 02 May 2023 18:12:52 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683076372; x=1685668372; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=LTsOV+eH+O5ePGBpQ8jbWoXNNaHkcsSE6tgEgRNc+2M=; b=K9sQgaO27LfXsMS6euld6y4DxUTehvAQvYVRURJbg5qgN7R161JWtBGaZn5sn5voDy JDOFW4/DmXwG9LyQkW1KM6BswvCIO0/Y0tx3fwn6hJQ2AhPYlWehLGhVFor/gS/wA7j8 AW1JqPu/jICKOUXzCh1TSxgoghizmelA4SfWFPHyM8iEIF3DSxcSFq+Bh14DGwCTtH52 nejirlqV9Z+FBv88dbytUn1ft7e8BsQjuwZXcfAuRingi2cbfOUDNVscU/bid2XwIr6k XGa7EeKB5OBVXrwkT7ZwSyJIazLpKIU4rSM/tv3gdJI8NnmOR+jVbXE7GKzXRtwVDQFA sgyQ== X-Gm-Message-State: AC+VfDyPjlfdkcF4eEfnx7IHbIdpC1MK/wmGSDw3IpHKneX4Unprvqup 5u4qF3D239Yg/XYffnHPVYGgzr98iS22eZO4iKXHqUDEM7LIoHoLFoGBgoVKCHbmMkG9UtTeBUu kHGG/Q1PJPVZ2yMjXNDPU1rQycIe1B8CNzTRUXz0FPYbqCe2XbdBi7kHSTTNNioGUdDkXZR+k X-Received: by 2002:ad4:5ae7:0:b0:5b2:fb2:4b1d with SMTP id c7-20020ad45ae7000000b005b20fb24b1dmr9250759qvh.12.1683076370917; Tue, 02 May 2023 18:12:50 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4TukG4VhzL6tEc4rcDIW1YgXkLMlsXLYdLl0UEVmzrY8oz8BjDQoS29lpELwaj+dnAQv2ArQ== X-Received: by 2002:ad4:5ae7:0:b0:5b2:fb2:4b1d with SMTP id c7-20020ad45ae7000000b005b20fb24b1dmr9250608qvh.12.1683076368223; Tue, 02 May 2023 18:12:48 -0700 (PDT) Received: from fedora34.localdomain.com (cpe-172-73-180-250.carolina.res.rr.com. [172.73.180.250]) by smtp.gmail.com with ESMTPSA id u16-20020a0cf1d0000000b005ef42464646sm9959041qvl.118.2023.05.02.18.12.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 02 May 2023 18:12:47 -0700 (PDT) From: Ihar Hrachyshka To: dev@openvswitch.org Date: Wed, 3 May 2023 01:12:37 +0000 Message-Id: <20230503011239.2100488-5-ihrachys@redhat.com> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20230503011239.2100488-1-ihrachys@redhat.com> References: <20230503011239.2100488-1-ihrachys@redhat.com> MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Subject: [ovs-dev] [PATCH ovn 4/6] Add new egress tables to accommodate for too-big packets handling X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" The new tables will be used in a later patch as follows: table=37, OFTABLE_OUTPUT_INIT: becomes an initial entry point into the egress pipeline that serves a semantic goal. (Not doing any actual processing at the moment.) table=38, OFTABLE_OUTPUT_LARGE_PKT_DETECT: detect "too-big" IP packets and mark them for later processing in table=39. table=39, OFTABLE_OUTPUT_LARGE_PKT_PROCESS: process "too-big" IP packets detected in table=38 by sending ICMPv4 Fragmentation Needed / ICMPv6 Too Big errors back to the originating port. All previous table indices shifted by 3 (old table=37 becomes table=40). Otherwise, no changes to existing tables and flows introduced. Signed-off-by: Ihar Hrachyshka --- controller/lflow.c | 4 +- controller/lflow.h | 49 ++++---- controller/physical.c | 77 +++++++----- controller/pinctrl.c | 8 +- ovn-architecture.7.xml | 76 ++++++------ tests/ovn-controller.at | 174 +++++++++++++-------------- tests/ovn.at | 256 ++++++++++++++++++++-------------------- 7 files changed, 339 insertions(+), 305 deletions(-) diff --git a/controller/lflow.c b/controller/lflow.c index 0b071138d..22faaf013 100644 --- a/controller/lflow.c +++ b/controller/lflow.c @@ -397,7 +397,7 @@ consider_lflow_for_added_as_ips__( : OFTABLE_LOG_EGRESS_PIPELINE); uint8_t ptable = first_ptable + lflow->table_id; uint8_t output_ptable = (ingress - ? OFTABLE_REMOTE_OUTPUT + ? OFTABLE_OUTPUT_INIT : OFTABLE_SAVE_INPORT); uint64_t ovnacts_stub[1024 / 8]; @@ -1067,7 +1067,7 @@ consider_logical_flow__(const struct sbrec_logical_flow *lflow, : OFTABLE_LOG_EGRESS_PIPELINE); uint8_t ptable = first_ptable + lflow->table_id; uint8_t output_ptable = (ingress - ? OFTABLE_REMOTE_OUTPUT + ? OFTABLE_OUTPUT_INIT : OFTABLE_SAVE_INPORT); /* Parse OVN logical actions. diff --git a/controller/lflow.h b/controller/lflow.h index dd742257b..b804e61e5 100644 --- a/controller/lflow.h +++ b/controller/lflow.h @@ -63,27 +63,34 @@ struct uuid; * * These are heavily documented in ovn-architecture(7), please update it if * you make any changes. */ -#define OFTABLE_PHY_TO_LOG 0 -#define OFTABLE_LOG_INGRESS_PIPELINE 8 /* First of LOG_PIPELINE_LEN tables. */ -#define OFTABLE_REMOTE_OUTPUT 37 -#define OFTABLE_LOCAL_OUTPUT 38 -#define OFTABLE_CHECK_LOOPBACK 39 -#define OFTABLE_LOG_EGRESS_PIPELINE 40 /* First of LOG_PIPELINE_LEN tables. */ -#define OFTABLE_SAVE_INPORT 64 -#define OFTABLE_LOG_TO_PHY 65 -#define OFTABLE_MAC_BINDING 66 -#define OFTABLE_MAC_LOOKUP 67 -#define OFTABLE_CHK_LB_HAIRPIN 68 -#define OFTABLE_CHK_LB_HAIRPIN_REPLY 69 -#define OFTABLE_CT_SNAT_HAIRPIN 70 -#define OFTABLE_GET_FDB 71 -#define OFTABLE_LOOKUP_FDB 72 -#define OFTABLE_CHK_IN_PORT_SEC 73 -#define OFTABLE_CHK_IN_PORT_SEC_ND 74 -#define OFTABLE_CHK_OUT_PORT_SEC 75 -#define OFTABLE_ECMP_NH_MAC 76 -#define OFTABLE_ECMP_NH 77 -#define OFTABLE_CHK_LB_AFFINITY 78 +#define OFTABLE_PHY_TO_LOG 0 + +/* Start of LOG_PIPELINE_LEN tables. */ +#define OFTABLE_LOG_INGRESS_PIPELINE 8 +#define OFTABLE_OUTPUT_INIT 37 +#define OFTABLE_OUTPUT_LARGE_PKT_DETECT 38 +#define OFTABLE_OUTPUT_LARGE_PKT_PROCESS 39 +#define OFTABLE_REMOTE_OUTPUT 40 +#define OFTABLE_LOCAL_OUTPUT 41 +#define OFTABLE_CHECK_LOOPBACK 42 + +/* Start of LOG_PIPELINE_LEN tables. */ +#define OFTABLE_LOG_EGRESS_PIPELINE 43 +#define OFTABLE_SAVE_INPORT 64 +#define OFTABLE_LOG_TO_PHY 65 +#define OFTABLE_MAC_BINDING 66 +#define OFTABLE_MAC_LOOKUP 67 +#define OFTABLE_CHK_LB_HAIRPIN 68 +#define OFTABLE_CHK_LB_HAIRPIN_REPLY 69 +#define OFTABLE_CT_SNAT_HAIRPIN 70 +#define OFTABLE_GET_FDB 71 +#define OFTABLE_LOOKUP_FDB 72 +#define OFTABLE_CHK_IN_PORT_SEC 73 +#define OFTABLE_CHK_IN_PORT_SEC_ND 74 +#define OFTABLE_CHK_OUT_PORT_SEC 75 +#define OFTABLE_ECMP_NH_MAC 76 +#define OFTABLE_ECMP_NH 77 +#define OFTABLE_CHK_LB_AFFINITY 78 struct lflow_ctx_in { struct ovsdb_idl_index *sbrec_multicast_group_by_name_datapath; diff --git a/controller/physical.c b/controller/physical.c index ec861f49c..1b0482e3b 100644 --- a/controller/physical.c +++ b/controller/physical.c @@ -876,12 +876,12 @@ put_local_common_flows(uint32_t dp_key, uint32_t port_key = pb->tunnel_key; - /* Table 38, priority 100. + /* Table 41, priority 100. * ======================= * * Implements output to local hypervisor. Each flow matches a * logical output port on the local hypervisor, and resubmits to - * table 39. + * table 42. */ ofpbuf_clear(ofpacts_p); @@ -891,13 +891,13 @@ put_local_common_flows(uint32_t dp_key, put_zones_ofpacts(zone_ids, ofpacts_p); - /* Resubmit to table 39. */ + /* Resubmit to table 42. */ put_resubmit(OFTABLE_CHECK_LOOPBACK, ofpacts_p); ofctrl_add_flow(flow_table, OFTABLE_LOCAL_OUTPUT, 100, pb->header_.uuid.parts[0], &match, ofpacts_p, &pb->header_.uuid); - /* Table 39, Priority 100. + /* Table 42, Priority 100. * ======================= * * Drop packets whose logical inport and outport are the same @@ -1233,12 +1233,12 @@ consider_port_binding(struct ovsdb_idl_index *sbrec_port_binding_by_name, || ha_chassis_group_is_active(binding->ha_chassis_group, active_tunnels, chassis))) { - /* Table 38, priority 100. + /* Table 41, priority 100. * ======================= * * Implements output to local hypervisor. Each flow matches a * logical output port on the local hypervisor, and resubmits to - * table 39. For ports of type "chassisredirect", the logical + * table 42. For ports of type "chassisredirect", the logical * output port is changed from the "chassisredirect" port to the * underlying distributed port. */ @@ -1275,7 +1275,7 @@ consider_port_binding(struct ovsdb_idl_index *sbrec_port_binding_by_name, ct_zones); put_zones_ofpacts(&zone_ids, ofpacts_p); - /* Resubmit to table 39. */ + /* Resubmit to table 42. */ put_resubmit(OFTABLE_CHECK_LOOPBACK, ofpacts_p); } @@ -1491,7 +1491,7 @@ consider_port_binding(struct ovsdb_idl_index *sbrec_port_binding_by_name, ofport, flow_table); } - /* Table 39, priority 160. + /* Table 42, priority 160. * ======================= * * Do not forward local traffic from a localport to a localnet port. @@ -1561,13 +1561,13 @@ consider_port_binding(struct ovsdb_idl_index *sbrec_port_binding_by_name, } } - /* Table 37, priority 150. + /* Table 40, priority 150. * ======================= * * Handles packets received from ports of type "localport". These * ports are present on every hypervisor. Traffic that originates at * one should never go over a tunnel to a remote hypervisor, - * so resubmit them to table 38 for local delivery. */ + * so resubmit them to table 41 for local delivery. */ if (!strcmp(binding->type, "localport")) { ofpbuf_clear(ofpacts_p); put_resubmit(OFTABLE_LOCAL_OUTPUT, ofpacts_p); @@ -1581,7 +1581,7 @@ consider_port_binding(struct ovsdb_idl_index *sbrec_port_binding_by_name, } } else if (access_type == PORT_LOCALNET) { /* Remote port connected by localnet port */ - /* Table 38, priority 100. + /* Table 41, priority 100. * ======================= * * Implements switching to localnet port. Each flow matches a @@ -1596,7 +1596,7 @@ consider_port_binding(struct ovsdb_idl_index *sbrec_port_binding_by_name, put_load(localnet_port->tunnel_key, MFF_LOG_OUTPORT, 0, 32, ofpacts_p); - /* Resubmit to table 38. */ + /* Resubmit to table 41. */ put_resubmit(OFTABLE_LOCAL_OUTPUT, ofpacts_p); ofctrl_add_flow(flow_table, OFTABLE_LOCAL_OUTPUT, 100, binding->header_.uuid.parts[0], @@ -1613,7 +1613,7 @@ consider_port_binding(struct ovsdb_idl_index *sbrec_port_binding_by_name, const char *redirect_type = smap_get(&binding->options, "redirect-type"); - /* Table 38, priority 100. + /* Table 41, priority 100. * ======================= * * Handles traffic that needs to be sent to a remote hypervisor. Each @@ -1841,7 +1841,7 @@ consider_mc_group(struct ovsdb_idl_index *sbrec_port_binding_by_name, } } - /* Table 38, priority 100. + /* Table 41, priority 100. * ======================= * * Handle output to the local logical ports in the multicast group, if @@ -1857,7 +1857,7 @@ consider_mc_group(struct ovsdb_idl_index *sbrec_port_binding_by_name, &match, &ofpacts, &mc->header_.uuid); } - /* Table 37, priority 100. + /* Table 40, priority 100. * ======================= * * Handle output to the remote chassis in the multicast group, if @@ -2035,7 +2035,7 @@ physical_run(struct physical_ctx *p_ctx, flow_table, &ofpacts); } - /* Handle output to multicast groups, in tables 37 and 38. */ + /* Handle output to multicast groups, in tables 40 and 41. */ const struct sbrec_multicast_group *mc; SBREC_MULTICAST_GROUP_TABLE_FOR_EACH (mc, p_ctx->mc_group_table) { consider_mc_group(p_ctx->sbrec_port_binding_by_name, @@ -2056,7 +2056,7 @@ physical_run(struct physical_ctx *p_ctx, * encapsulations have metadata about the ingress and egress logical ports. * VXLAN encapsulations have metadata about the egress logical port only. * We set MFF_LOG_DATAPATH, MFF_LOG_INPORT, and MFF_LOG_OUTPORT from the - * tunnel key data where possible, then resubmit to table 38 to handle + * tunnel key data where possible, then resubmit to table 41 to handle * packets to the local hypervisor. */ struct chassis_tunnel *tun; HMAP_FOR_EACH (tun, hmap_node, p_ctx->chassis_tunnels) { @@ -2158,27 +2158,50 @@ physical_run(struct physical_ctx *p_ctx, */ add_default_drop_flow(p_ctx, OFTABLE_PHY_TO_LOG, flow_table); - /* Table 37, priority 150. + /* Table 34-36, priority 0. + * ======================== + * + * Default resubmit actions for OFTABLE_OUTPUT_LARGE_PKT_* tables. + */ + struct match match; + match_init_catchall(&match); + ofpbuf_clear(&ofpacts); + put_resubmit(OFTABLE_OUTPUT_LARGE_PKT_DETECT, &ofpacts); + ofctrl_add_flow(flow_table, OFTABLE_OUTPUT_INIT, 0, 0, &match, + &ofpacts, hc_uuid); + + match_init_catchall(&match); + ofpbuf_clear(&ofpacts); + put_resubmit(OFTABLE_REMOTE_OUTPUT, &ofpacts); + ofctrl_add_flow(flow_table, OFTABLE_OUTPUT_LARGE_PKT_DETECT, 0, 0, &match, + &ofpacts, hc_uuid); + + match_init_catchall(&match); + ofpbuf_clear(&ofpacts); + put_resubmit(OFTABLE_REMOTE_OUTPUT, &ofpacts); + ofctrl_add_flow(flow_table, OFTABLE_OUTPUT_LARGE_PKT_PROCESS, 0, 0, &match, + &ofpacts, hc_uuid); + + /* Table 40, priority 150. * ======================= * * Handles packets received from a VXLAN tunnel which get resubmitted to * OFTABLE_LOG_INGRESS_PIPELINE due to lack of needed metadata in VXLAN, - * explicitly skip sending back out any tunnels and resubmit to table 38 + * explicitly skip sending back out any tunnels and resubmit to table 41 * for local delivery, except packets which have MLF_ALLOW_LOOPBACK bit * set. */ - struct match match; match_init_catchall(&match); match_set_reg_masked(&match, MFF_LOG_FLAGS - MFF_REG0, MLF_RCV_FROM_RAMP, MLF_RCV_FROM_RAMP | MLF_ALLOW_LOOPBACK); - /* Resubmit to table 38. */ + /* Resubmit to table 41. */ ofpbuf_clear(&ofpacts); put_resubmit(OFTABLE_LOCAL_OUTPUT, &ofpacts); ofctrl_add_flow(flow_table, OFTABLE_REMOTE_OUTPUT, 150, 0, &match, &ofpacts, hc_uuid); - /* Table 37, priority 150. + /* Table 40, priority 150. * ======================= * * Packets that should not be sent to other hypervisors. @@ -2186,13 +2209,13 @@ physical_run(struct physical_ctx *p_ctx, match_init_catchall(&match); match_set_reg_masked(&match, MFF_LOG_FLAGS - MFF_REG0, MLF_LOCAL_ONLY, MLF_LOCAL_ONLY); - /* Resubmit to table 38. */ + /* Resubmit to table 41. */ ofpbuf_clear(&ofpacts); put_resubmit(OFTABLE_LOCAL_OUTPUT, &ofpacts); ofctrl_add_flow(flow_table, OFTABLE_REMOTE_OUTPUT, 150, 0, &match, &ofpacts, hc_uuid); - /* Table 37, Priority 0. + /* Table 40, Priority 0. * ======================= * * Resubmit packets that are not directed at tunnels or part of a @@ -2203,18 +2226,18 @@ physical_run(struct physical_ctx *p_ctx, ofctrl_add_flow(flow_table, OFTABLE_REMOTE_OUTPUT, 0, 0, &match, &ofpacts, hc_uuid); - /* Table 38, priority 0. + /* Table 41, priority 0. * ====================== * * Drop packets that do not match previous flows. */ add_default_drop_flow(p_ctx, OFTABLE_LOCAL_OUTPUT, flow_table); - /* Table 39, Priority 0. + /* Table 42, Priority 0. * ======================= * * Resubmit packets that don't output to the ingress port (already checked - * in table 38) to the logical egress pipeline, clearing the logical + * in table 41) to the logical egress pipeline, clearing the logical * registers (for consistent behavior with packets that get tunneled). */ match_init_catchall(&match); ofpbuf_clear(&ofpacts); diff --git a/controller/pinctrl.c b/controller/pinctrl.c index 97a5e392f..456388cf0 100644 --- a/controller/pinctrl.c +++ b/controller/pinctrl.c @@ -627,7 +627,7 @@ set_actions_and_enqueue_msg(struct rconn *swconn, } /* Forwards a packet to 'out_port_key' even if that's on a remote - * hypervisor, i.e., the packet is re-injected in table OFTABLE_REMOTE_OUTPUT. + * hypervisor, i.e., the packet is re-injected in table OFTABLE_OUTPUT_INIT. */ static void pinctrl_forward_pkt(struct rconn *swconn, int64_t dp_key, @@ -644,7 +644,7 @@ pinctrl_forward_pkt(struct rconn *swconn, int64_t dp_key, struct ofpact_resubmit *resubmit = ofpact_put_RESUBMIT(&ofpacts); resubmit->in_port = OFPP_CONTROLLER; - resubmit->table_id = OFTABLE_REMOTE_OUTPUT; + resubmit->table_id = OFTABLE_OUTPUT_INIT; struct ofputil_packet_out po = { .packet = dp_packet_data(pkt), @@ -870,7 +870,7 @@ pinctrl_parse_dhcpv6_advt(struct rconn *swconn, const struct flow *ip_flow, 0, 32, &ofpacts); struct ofpact_resubmit *resubmit = ofpact_put_RESUBMIT(&ofpacts); resubmit->in_port = OFPP_CONTROLLER; - resubmit->table_id = OFTABLE_REMOTE_OUTPUT; + resubmit->table_id = OFTABLE_OUTPUT_INIT; struct ofputil_packet_out po = { .packet = dp_packet_data(&packet), @@ -1499,7 +1499,7 @@ buffered_push_packet(struct buffered_packets *bp, struct ofpact_resubmit *resubmit = ofpact_put_RESUBMIT(&bi->ofpacts); resubmit->in_port = OFPP_CONTROLLER; - resubmit->table_id = OFTABLE_REMOTE_OUTPUT; + resubmit->table_id = OFTABLE_OUTPUT_INIT; bi->p = packet; diff --git a/ovn-architecture.7.xml b/ovn-architecture.7.xml index cb1064f71..306821d69 100644 --- a/ovn-architecture.7.xml +++ b/ovn-architecture.7.xml @@ -1233,8 +1233,8 @@ output port field, and since they do not carry a logical output port field in the tunnel key, when a packet is received from ramp switch VXLAN tunnel by an OVN hypervisor, the packet is resubmitted to table 8 - to determine the output port(s); when the packet reaches table 37, - these packets are resubmitted to table 38 for local delivery by + to determine the output port(s); when the packet reaches table 40, + these packets are resubmitted to table 41 for local delivery by checking a MLF_RCV_FROM_RAMP flag, which is set when the packet arrives from a ramp tunnel.

@@ -1439,38 +1439,42 @@

  • - OpenFlow tables 37 through 39 implement the output action - in the logical ingress pipeline. Specifically, table 37 handles - packets to remote hypervisors, table 38 handles packets to the local - hypervisor, and table 39 checks whether packets whose logical ingress - and egress port are the same should be discarded. + OpenFlow tables 37 through 42 implement the output action + in the logical ingress pipeline. Specifically, table 37 serves as an + entry point to egress pipeline. Table 38 detects IP packets that are + too big for a corresponding interface. Table 39 produces ICMPv4 + Fragmentation Needed (or ICMPv6 Too Big) errors and deliver them back + to the offending port. table 40 handles packets to remote hypervisors, + table 41 handles packets to the local hypervisor, and table 42 checks + whether packets whose logical ingress and egress port are the same + should be discarded.

    Logical patch ports are a special case. Logical patch ports do not have a physical location and effectively reside on every hypervisor. - Thus, flow table 38, for output to ports on the local hypervisor, + Thus, flow table 41, for output to ports on the local hypervisor, naturally implements output to unicast logical patch ports too. However, applying the same logic to a logical patch port that is part of a logical multicast group yields packet duplication, because each hypervisor that contains a logical port in the multicast group will also output the packet to the logical patch port. Thus, multicast - groups implement output to logical patch ports in table 37. + groups implement output to logical patch ports in table 40.

    - Each flow in table 37 matches on a logical output port for unicast or + Each flow in table 40 matches on a logical output port for unicast or multicast logical ports that include a logical port on a remote hypervisor. Each flow's actions implement sending a packet to the port it matches. For unicast logical output ports on remote hypervisors, the actions set the tunnel key to the correct value, then send the packet on the tunnel port to the correct hypervisor. (When the remote hypervisor receives the packet, table 0 there will recognize it as a - tunneled packet and pass it along to table 38.) For multicast logical + tunneled packet and pass it along to table 41.) For multicast logical output ports, the actions send one copy of the packet to each remote hypervisor, in the same way as for unicast destinations. If a multicast group includes a logical port or ports on the local - hypervisor, then its actions also resubmit to table 38. Table 37 also + hypervisor, then its actions also resubmit to table 41. Table 40 also includes:

    @@ -1478,7 +1482,7 @@
  • A higher-priority rule to match packets received from ramp switch tunnels, based on flag MLF_RCV_FROM_RAMP, and resubmit these packets - to table 38 for local delivery. Packets received from ramp switch + to table 41 for local delivery. Packets received from ramp switch tunnels reach here because of a lack of logical output port field in the tunnel key and thus these packets needed to be submitted to table 8 to determine the output port. @@ -1486,7 +1490,7 @@
  • A higher-priority rule to match packets received from ports of type localport, based on the logical input port, and resubmit - these packets to table 38 for local delivery. Ports of type + these packets to table 41 for local delivery. Ports of type localport exist on every hypervisor and by definition their traffic should never go out through a tunnel.
    • @@ -1501,41 +1505,41 @@ packets, the packets only need to be delivered to local ports.
  • - A fallback flow that resubmits to table 38 if there is no other + A fallback flow that resubmits to table 41 if there is no other match.

    • - Flows in table 38 resemble those in table 37 but for logical ports that + Flows in table 41 resemble those in table 40 but for logical ports that reside locally rather than remotely. For unicast logical output ports - on the local hypervisor, the actions just resubmit to table 39. For + on the local hypervisor, the actions just resubmit to table 42. For multicast output ports that include one or more logical ports on the local hypervisor, for each such logical port P, the actions change the logical output port to P, then resubmit to table - 39. + 42.

    A special case is that when a localnet port exists on the datapath, remote port is connected by switching to the localnet port. In this - case, instead of adding a flow in table 37 to reach the remote port, a - flow is added in table 38 to switch the logical outport to the localnet - port, and resubmit to table 38 as if it were unicasted to a logical + case, instead of adding a flow in table 40 to reach the remote port, a + flow is added in table 41 to switch the logical outport to the localnet + port, and resubmit to table 41 as if it were unicasted to a logical port on the local hypervisor.

    - Table 39 matches and drops packets for which the logical input and + Table 42 matches and drops packets for which the logical input and output ports are the same and the MLF_ALLOW_LOOPBACK flag is not set. It also drops MLF_LOCAL_ONLY packets directed to a localnet port. - It resubmits other packets to table 40. + It resubmits other packets to table 43.

  • - OpenFlow tables 40 through 63 execute the logical egress pipeline from + OpenFlow tables 43 through 63 execute the logical egress pipeline from the Logical_Flow table in the OVN Southbound database. The egress pipeline can perform a final stage of validation before packet delivery. Eventually, it may execute an output @@ -1554,7 +1558,7 @@

  • Table 64 bypasses OpenFlow loopback when MLF_ALLOW_LOOPBACK is set. - Logical loopback was handled in table 39, but OpenFlow by default also + Logical loopback was handled in table 42, but OpenFlow by default also prevents loopback to the OpenFlow ingress port. Thus, when MLF_ALLOW_LOOPBACK is set, OpenFlow table 64 saves the OpenFlow ingress port, sets it to zero, resubmits to table 65 for logical-to-physical @@ -1592,8 +1596,8 @@ traverse tables 0 to 65 as described in the previous section Architectural Physical Life Cycle of a Packet, using the logical datapath representing the logical switch that the sender is - attached to. At table 37, the packet will use the fallback flow that - resubmits locally to table 38 on the same hypervisor. In this case, + attached to. At table 40, the packet will use the fallback flow that + resubmits locally to table 41 on the same hypervisor. In this case, all of the processing from table 0 to table 65 occurs on the hypervisor where the sender resides.

    @@ -1624,7 +1628,7 @@

    The packet traverses tables 8 to 65 a third and final time. If the destination VM or container resides on a remote hypervisor, then table - 37 will send the packet on a tunnel port from the sender's hypervisor + 40 will send the packet on a tunnel port from the sender's hypervisor to the remote hypervisor. Finally table 65 will output the packet directly to the destination VM or container.

    @@ -1651,9 +1655,9 @@ When a hypervisor processes a packet on a logical datapath representing a logical switch, and the logical egress port is a l3gateway port representing connectivity to a gateway - router, the packet will match a flow in table 37 that sends the + router, the packet will match a flow in table 40 that sends the packet on a tunnel port to the chassis where the gateway router - resides. This processing in table 37 is done in the same manner as + resides. This processing in table 40 is done in the same manner as for VIFs.

    @@ -1746,21 +1750,21 @@ chassis, one additional mechanism is required. When a packet leaves the ingress pipeline and the logical egress port is the distributed gateway port, one of two different sets of actions is - required at table 37: + required at table 40:

    • If the packet can be handled locally on the sender's hypervisor (e.g. one-to-one NAT traffic), then the packet should just be - resubmitted locally to table 38, in the normal manner for + resubmitted locally to table 41, in the normal manner for distributed logical patch ports.
    • However, if the packet needs to be handled on the chassis associated with the distributed gateway port (e.g. one-to-many - SNAT traffic or non-NAT traffic), then table 37 must send the + SNAT traffic or non-NAT traffic), then table 40 must send the packet on a tunnel port to that chassis.
    @@ -1772,11 +1776,11 @@ egress port to the type chassisredirect logical port is simply a way to indicate that although the packet is destined for the distributed gateway port, it needs to be redirected to a - different chassis. At table 37, packets with this logical egress - port are sent to a specific chassis, in the same way that table 37 + different chassis. At table 40, packets with this logical egress + port are sent to a specific chassis, in the same way that table 40 directs packets whose logical egress port is a VIF or a type l3gateway port to different chassis. Once the packet - arrives at that chassis, table 38 resets the logical egress port to + arrives at that chassis, table 41 resets the logical egress port to the value representing the distributed gateway port. For each distributed gateway port, there is one type chassisredirect port, in addition to the distributed diff --git a/tests/ovn-controller.at b/tests/ovn-controller.at index 137724723..a1d16a86b 100644 --- a/tests/ovn-controller.at +++ b/tests/ovn-controller.at @@ -873,7 +873,7 @@ meta=$(ovn-sbctl get datapath ls1 tunnel_key) port=$(ovn-sbctl get port_binding ls1-rp tunnel_key) check ovn-nbctl lrp-add lr0 rp-ls1 00:00:01:01:02:03 192.168.1.254/24 -OVS_WAIT_UNTIL([as hv1 ovs-ofctl dump-flows br-int | grep table=38 | grep -q "reg15=0x${port},metadata=0x${meta}"]) +OVS_WAIT_UNTIL([as hv1 ovs-ofctl dump-flows br-int | grep table=41 | grep -q "reg15=0x${port},metadata=0x${meta}"]) OVN_CLEANUP([hv1]) AT_CLEANUP @@ -917,14 +917,14 @@ for i in $(seq 10); do check ovn-nbctl add address_set as1 addresses 10.0.0.$i check ovn-nbctl --wait=hv sync if test "$i" = 3; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | sort], [0], [dnl priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1 actions=drop priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.2 actions=drop priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.3 actions=drop ]) fi - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep -c "priority=1100"], [0], [$i + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47 | grep -c "priority=1100"], [0], [$i ]) done @@ -939,15 +939,15 @@ for i in $(seq 10); do check ovn-nbctl remove address_set as1 addresses 10.0.0.$i check ovn-nbctl --wait=hv sync if test "$i" = 9; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}'], [0], [dnl priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.10 actions=drop ]) fi if test "$i" = 10; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep "priority=1100"], [1], [ignore]) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47 | grep "priority=1100"], [1], [ignore]) else - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep -c "priority=1100"], [0], [$((10 - $i)) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47 | grep -c "priority=1100"], [0], [$((10 - $i)) ]) fi done @@ -965,7 +965,7 @@ for i in $(seq 10); do check ovn-nbctl add address_set as1 addresses 10.0.0.$i,10.0.1.$i check ovn-nbctl --wait=hv sync if test "$i" = 3; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | sort], [0], [dnl priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1 actions=drop priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.2 actions=drop @@ -975,7 +975,7 @@ priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.1.2 actions=dr priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.1.3 actions=drop ]) fi - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep -c "priority=1100"], [0], [$(($i * 2)) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47 | grep -c "priority=1100"], [0], [$(($i * 2)) ]) done @@ -992,11 +992,11 @@ reprocess_count_old=$(read_counter consider_logical_flow) check ovn-nbctl add address_set as1 addresses 10.0.0.21,10.0.0.22 -- \ remove address_set as1 addresses 10.0.0.10 check ovn-nbctl --wait=hv sync -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep -c 10\.0\.0\.21], [0], [1 +AT_CHECK([ovs-ofctl dump-flows br-int table=47 | grep -c 10\.0\.0\.21], [0], [1 ]) -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep -c 10\.0\.0\.22], [0], [1 +AT_CHECK([ovs-ofctl dump-flows br-int table=47 | grep -c 10\.0\.0\.22], [0], [1 ]) -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep 10\.0\.0\.10], [1], [ignore]) +AT_CHECK([ovs-ofctl dump-flows br-int table=47 | grep 10\.0\.0\.10], [1], [ignore]) reprocess_count_new=$(read_counter consider_logical_flow) AT_CHECK([echo $(($reprocess_count_new - $reprocess_count_old))], [0], [0 @@ -1008,9 +1008,9 @@ reprocess_count_old=$(read_counter consider_logical_flow) check ovn-nbctl remove address_set as1 addresses 10.0.0.21,10.0.0.22 -- \ add address_set as1 addresses 10.0.0.10 check ovn-nbctl --wait=hv sync -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep 10\.0\.0\.21], [1], [ignore]) -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep 10\.0\.0\.22], [1], [ignore]) -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep -c 10\.0\.0\.10], [0], [1 +AT_CHECK([ovs-ofctl dump-flows br-int table=47 | grep 10\.0\.0\.21], [1], [ignore]) +AT_CHECK([ovs-ofctl dump-flows br-int table=47 | grep 10\.0\.0\.22], [1], [ignore]) +AT_CHECK([ovs-ofctl dump-flows br-int table=47 | grep -c 10\.0\.0\.10], [0], [1 ]) reprocess_count_new=$(read_counter consider_logical_flow) @@ -1023,9 +1023,9 @@ reprocess_count_old=$(read_counter consider_logical_flow) check ovn-nbctl add address_set as1 addresses 10.0.0.21 -- \ remove address_set as1 addresses 10.0.0.10 check ovn-nbctl --wait=hv sync -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep -c 10\.0\.0\.21], [0], [1 +AT_CHECK([ovs-ofctl dump-flows br-int table=47 | grep -c 10\.0\.0\.21], [0], [1 ]) -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep 10\.0\.0\.10], [1], [ignore]) +AT_CHECK([ovs-ofctl dump-flows br-int table=47 | grep 10\.0\.0\.10], [1], [ignore]) reprocess_count_new=$(read_counter consider_logical_flow) AT_CHECK([echo $(($reprocess_count_new - $reprocess_count_old))], [0], [0 @@ -1037,12 +1037,12 @@ reprocess_count_old=$(read_counter consider_logical_flow) check ovn-nbctl add address_set as1 addresses 10.0.0.22,10.0.0.23 -- \ remove address_set as1 addresses 10.0.0.9,10.0.0.8 check ovn-nbctl --wait=hv sync -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep -c 10\.0\.0\.22], [0], [1 +AT_CHECK([ovs-ofctl dump-flows br-int table=47 | grep -c 10\.0\.0\.22], [0], [1 ]) -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep -c 10\.0\.0\.23], [0], [1 +AT_CHECK([ovs-ofctl dump-flows br-int table=47 | grep -c 10\.0\.0\.23], [0], [1 ]) -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep 10\.0\.0\.8], [1], [ignore]) -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep 10\.0\.0\.9], [1], [ignore]) +AT_CHECK([ovs-ofctl dump-flows br-int table=47 | grep 10\.0\.0\.8], [1], [ignore]) +AT_CHECK([ovs-ofctl dump-flows br-int table=47 | grep 10\.0\.0\.9], [1], [ignore]) reprocess_count_new=$(read_counter consider_logical_flow) AT_CHECK([echo $(($reprocess_count_new - $reprocess_count_old))], [0], [0 @@ -1090,7 +1090,7 @@ for i in $(seq 10); do check ovn-nbctl add address_set as1 addresses 10.0.0.$i check ovn-nbctl --wait=hv sync if test "$i" = 1; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | sort], [0], [dnl priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1,tp_dst=111 actions=drop priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1,tp_dst=222 actions=drop @@ -1098,12 +1098,12 @@ priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1,tp_dst=33 ]) else # (1 conj_id flow + 3 tp_dst flows) = 4 extra flows - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep -c "priority=1100"], [0], [$(($i + 4)) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47 | grep -c "priority=1100"], [0], [$(($i + 4)) ]) fi if test "$i" = 3; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | \ sed -r 's/conjunction.*,/conjunction,/' | \ sed -r 's/conj_id=.*,/conj_id=,/' | sort], [0], [dnl @@ -1129,17 +1129,17 @@ for i in $(seq 10); do check ovn-nbctl remove address_set as1 addresses 10.0.0.$i check ovn-nbctl --wait=hv sync if test "$i" = 10; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep "priority=1100"], [1], [ignore]) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47 | grep "priority=1100"], [1], [ignore]) elif test "$i" = 9; then # no conjunction left - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | sort], [0], [dnl priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.10,tp_dst=111 actions=drop priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.10,tp_dst=222 actions=drop priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.10,tp_dst=333 actions=drop ]) else - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep -c "priority=1100"], [0], [$((14 - $i)) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47 | grep -c "priority=1100"], [0], [$((14 - $i)) ]) fi done @@ -1155,7 +1155,7 @@ for i in $(seq 10); do check ovn-nbctl add address_set as1 addresses 10.0.0.$i,10.0.1.$i check ovn-nbctl --wait=hv sync if test "$i" = 3; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | \ sed -r 's/conjunction.*,/conjunction,/' | \ sed -r 's/conj_id=.*,/conj_id=,/' | sort], [0], [dnl @@ -1171,7 +1171,7 @@ priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,tp_dst=222 actions=conjun priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,tp_dst=333 actions=conjunction,2/2) ]) fi - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep -c "priority=1100"], [0], [$(($i * 2 + 4)) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47 | grep -c "priority=1100"], [0], [$(($i * 2 + 4)) ]) done @@ -1187,11 +1187,11 @@ reprocess_count_old=$(read_counter consider_logical_flow) check ovn-nbctl add address_set as1 addresses 10.0.0.21,10.0.0.22 -- \ remove address_set as1 addresses 10.0.0.10 check ovn-nbctl --wait=hv sync -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep -c 10\.0\.0\.21], [0], [1 +AT_CHECK([ovs-ofctl dump-flows br-int table=47 | grep -c 10\.0\.0\.21], [0], [1 ]) -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep -c 10\.0\.0\.22], [0], [1 +AT_CHECK([ovs-ofctl dump-flows br-int table=47 | grep -c 10\.0\.0\.22], [0], [1 ]) -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep 10\.0\.0\.10], [1], [ignore]) +AT_CHECK([ovs-ofctl dump-flows br-int table=47 | grep 10\.0\.0\.10], [1], [ignore]) reprocess_count_new=$(read_counter consider_logical_flow) AT_CHECK([echo $(($reprocess_count_new - $reprocess_count_old))], [0], [0 @@ -1203,9 +1203,9 @@ reprocess_count_old=$(read_counter consider_logical_flow) check ovn-nbctl remove address_set as1 addresses 10.0.0.21,10.0.0.22 -- \ add address_set as1 addresses 10.0.0.10 check ovn-nbctl --wait=hv sync -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep 10\.0\.0\.21], [1], [ignore]) -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep 10\.0\.0\.22], [1], [ignore]) -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep -c 10\.0\.0\.10], [0], [1 +AT_CHECK([ovs-ofctl dump-flows br-int table=47 | grep 10\.0\.0\.21], [1], [ignore]) +AT_CHECK([ovs-ofctl dump-flows br-int table=47 | grep 10\.0\.0\.22], [1], [ignore]) +AT_CHECK([ovs-ofctl dump-flows br-int table=47 | grep -c 10\.0\.0\.10], [0], [1 ]) reprocess_count_new=$(read_counter consider_logical_flow) @@ -1218,9 +1218,9 @@ reprocess_count_old=$(read_counter consider_logical_flow) check ovn-nbctl add address_set as1 addresses 10.0.0.21 -- \ remove address_set as1 addresses 10.0.0.10 check ovn-nbctl --wait=hv sync -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep -c 10\.0\.0\.21], [0], [1 +AT_CHECK([ovs-ofctl dump-flows br-int table=47 | grep -c 10\.0\.0\.21], [0], [1 ]) -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep 10\.0\.0\.10], [1], [ignore]) +AT_CHECK([ovs-ofctl dump-flows br-int table=47 | grep 10\.0\.0\.10], [1], [ignore]) reprocess_count_new=$(read_counter consider_logical_flow) AT_CHECK([echo $(($reprocess_count_new - $reprocess_count_old))], [0], [0 @@ -1232,12 +1232,12 @@ reprocess_count_old=$(read_counter consider_logical_flow) check ovn-nbctl add address_set as1 addresses 10.0.0.22,10.0.0.23 -- \ remove address_set as1 addresses 10.0.0.9,10.0.0.8 check ovn-nbctl --wait=hv sync -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep -c 10\.0\.0\.22], [0], [1 +AT_CHECK([ovs-ofctl dump-flows br-int table=47 | grep -c 10\.0\.0\.22], [0], [1 ]) -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep -c 10\.0\.0\.23], [0], [1 +AT_CHECK([ovs-ofctl dump-flows br-int table=47 | grep -c 10\.0\.0\.23], [0], [1 ]) -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep 10\.0\.0\.8], [1], [ignore]) -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep 10\.0\.0\.9], [1], [ignore]) +AT_CHECK([ovs-ofctl dump-flows br-int table=47 | grep 10\.0\.0\.8], [1], [ignore]) +AT_CHECK([ovs-ofctl dump-flows br-int table=47 | grep 10\.0\.0\.9], [1], [ignore]) reprocess_count_new=$(read_counter consider_logical_flow) AT_CHECK([echo $(($reprocess_count_new - $reprocess_count_old))], [0], [0 @@ -1287,18 +1287,18 @@ for i in $(seq 10); do add address_set as2 addresses 10.0.0.$j check ovn-nbctl --wait=hv sync if test "$i" = 1; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | sort], [0], [dnl priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1,nw_dst=10.0.0.6 actions=drop ]) else # (1 conj_id + nw_src * i + nw_dst * i) = 1 + i*2 flows - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep -c "priority=1100"], [0], [$(($i*2 + 1)) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47 | grep -c "priority=1100"], [0], [$(($i*2 + 1)) ]) fi if test "$i" = 3; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | \ sed -r 's/conjunction.*,/conjunction,/' | \ sed -r 's/conj_id=.*,/conj_id=,/' | sort], [0], [dnl @@ -1326,15 +1326,15 @@ for i in $(seq 10); do remove address_set as2 addresses 10.0.0.$j check ovn-nbctl --wait=hv sync if test "$i" = 10; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep "priority=1100"], [1], [ignore]) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47 | grep "priority=1100"], [1], [ignore]) elif test "$i" = 9; then # no conjunction left - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | sort], [0], [dnl priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.10,nw_dst=10.0.0.15 actions=drop ]) else - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep -c "priority=1100"], [0], [$((21 - $i*2)) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47 | grep -c "priority=1100"], [0], [$((21 - $i*2)) ]) fi done @@ -1355,14 +1355,14 @@ for i in $(seq 2 10); do check ovn-nbctl add address_set as1 addresses 10.0.0.$i check ovn-nbctl --wait=hv sync if test "$i" = 3; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | sort], [0], [dnl priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1,nw_dst=10.0.0.6 actions=drop priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.2,nw_dst=10.0.0.6 actions=drop priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.3,nw_dst=10.0.0.6 actions=drop ]) fi - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep -c "priority=1100"], [0], [$i + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47 | grep -c "priority=1100"], [0], [$i ]) done @@ -1381,16 +1381,16 @@ for i in $(seq 10); do check ovn-nbctl remove address_set as1 addresses 10.0.0.$i check ovn-nbctl --wait=hv sync if test "$i" = 9; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}'], [0], [dnl priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.10,nw_dst=10.0.0.6 actions=drop priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.10,nw_dst=10.0.0.7 actions=drop ]) elif test "$i" = 10; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep "priority=1100"], [1], [ignore]) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47 | grep "priority=1100"], [1], [ignore]) else # 2 dst + (10 - i) src + 1 conj_id - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep -c "priority=1100"], [0], [$((10 - $i + 3)) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47 | grep -c "priority=1100"], [0], [$((10 - $i + 3)) ]) fi done @@ -1444,18 +1444,18 @@ for i in $(seq 10); do add address_set as2 addresses 10.0.0.$j check ovn-nbctl --wait=hv sync if test "$i" = 1; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | sort], [0], [dnl priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.0.6 actions=drop priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1 actions=drop ]) else - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep -c "priority=1100"], [0], [$(($i*2)) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47 | grep -c "priority=1100"], [0], [$(($i*2)) ]) fi if test "$i" = 3; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | \ sed -r 's/conjunction.*,/conjunction,/' | \ sed -r 's/conj_id=.*,/conj_id=,/' | sort], [0], [dnl @@ -1482,9 +1482,9 @@ for i in $(seq 10); do remove address_set as2 addresses 10.0.0.$j check ovn-nbctl --wait=hv sync if test "$i" = 10; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep "priority=1100"], [1], [ignore]) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47 | grep "priority=1100"], [1], [ignore]) else - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep -c "priority=1100"], [0], [$((20 - $i*2)) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47 | grep -c "priority=1100"], [0], [$((20 - $i*2)) ]) fi done @@ -1540,21 +1540,21 @@ for i in $(seq 10); do add address_set as2 addresses 10.0.0.$j check ovn-nbctl --wait=hv sync if test "$i" = 1; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | sort], [0], [dnl priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1 actions=drop priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.6 actions=drop ]) elif test "$i" -lt 6; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep -c "priority=1100"], [0], [$(($i*2)) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47 | grep -c "priority=1100"], [0], [$(($i*2)) ]) else - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep -c "priority=1100"], [0], [$((5 + $i)) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47 | grep -c "priority=1100"], [0], [$((5 + $i)) ]) fi if test "$i" = 3; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | \ sed -r 's/conjunction.*,/conjunction,/' | \ sed -r 's/conj_id=.*,/conj_id=,/' | sort], [0], [dnl @@ -1581,12 +1581,12 @@ for i in $(seq 10); do remove address_set as2 addresses 10.0.0.$j check ovn-nbctl --wait=hv sync if test "$i" = 10; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep "priority=1100"], [1], [ignore]) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47 | grep "priority=1100"], [1], [ignore]) elif test "$i" -lt 6; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep -c "priority=1100"], [0], [$((15 - $i)) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47 | grep -c "priority=1100"], [0], [$((15 - $i)) ]) else - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep -c "priority=1100"], [0], [$((10 - ($i - 5)*2)) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47 | grep -c "priority=1100"], [0], [$((10 - ($i - 5)*2)) ]) fi done @@ -1638,18 +1638,18 @@ for i in $(seq 10); do check ovn-nbctl add address_set as1 addresses 10.0.0.$i check ovn-nbctl --wait=hv sync if test "$i" = 1; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | sort], [0], [dnl priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1,nw_dst=10.0.0.1 actions=drop ]) else # (1 conj_id + nw_src * i + nw_dst * i) = 1 + i*2 flows - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep -c "priority=1100"], [0], [$(($i*2 + 1)) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47 | grep -c "priority=1100"], [0], [$(($i*2 + 1)) ]) fi if test "$i" = 3; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | \ sed -r 's/conjunction.*,/conjunction,/' | \ sed -r 's/conj_id=.*,/conj_id=,/' | sort], [0], [dnl @@ -1675,15 +1675,15 @@ for i in $(seq 10); do check ovn-nbctl remove address_set as1 addresses 10.0.0.$i check ovn-nbctl --wait=hv sync if test "$i" = 10; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep "priority=1100"], [1], [ignore]) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47 | grep "priority=1100"], [1], [ignore]) elif test "$i" = 9; then # no conjunction left - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | sort], [0], [dnl priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.10,nw_dst=10.0.0.10 actions=drop ]) else - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep -c "priority=1100"], [0], [$((21 - $i*2)) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47 | grep -c "priority=1100"], [0], [$((21 - $i*2)) ]) fi done @@ -1699,7 +1699,7 @@ for i in $(seq 10); do check ovn-nbctl add address_set as1 addresses 10.0.0.$i,10.0.1.$i check ovn-nbctl --wait=hv sync if test "$i" = 3; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | \ sed -r 's/conjunction.*,/conjunction,/' | \ sed -r 's/conj_id=.*,/conj_id=,/' | sort], [0], [dnl @@ -1718,7 +1718,7 @@ priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.1.2 actions=co priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.1.3 actions=conjunction,2/2) ]) fi - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep -c "priority=1100"], [0], [$(($i * 4 + 1)) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47 | grep -c "priority=1100"], [0], [$(($i * 4 + 1)) ]) done @@ -1739,7 +1739,7 @@ check ovn-nbctl --wait=hv sync reprocess_count_old=$(read_counter consider_logical_flow) check ovn-nbctl add address_set as1 addresses 10.0.0.4,10.0.0.5 check ovn-nbctl --wait=hv sync -AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ +AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | \ sed -r 's/conjunction.*,/conjunction,/' | \ sed -r 's/conj_id=.*,/conj_id=,/' | sort], [0], [dnl @@ -1763,7 +1763,7 @@ AT_CHECK([echo $(($reprocess_count_new - $reprocess_count_old))], [0], [1 # Delete 2 IPs reprocess_count_old=$(read_counter consider_logical_flow) check ovn-nbctl --wait=hv remove address_set as1 addresses 10.0.0.4,10.0.0.5 -AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ +AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | \ sed -r 's/conjunction.*,/conjunction,/' | \ sed -r 's/conj_id=.*,/conj_id=,/' | sort], [0], [dnl @@ -1821,7 +1821,7 @@ check ovn-nbctl acl-add ls1 to-lport 100 'outport == "ls1-lp1" && ip4.src == $as check ovn-nbctl acl-add ls1 to-lport 100 'outport == "ls1-lp1" && ip4.src == $as2 && tcp && tcp.dst == {201, 202}' drop check ovn-nbctl --wait=hv sync -AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ +AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | \ sed -r 's/conjunction.[[0-9]]*,/conjunction,/g' | \ sed -r 's/conj_id=.*,/conj_id=,/' | sort], [0], [dnl @@ -1846,7 +1846,7 @@ reprocess_count_old=$(read_counter consider_logical_flow) check ovn-nbctl add address_set as1 addresses 10.0.0.14,10.0.0.33 -- \ add address_set as2 addresses 10.0.0.24,10.0.0.33 check ovn-nbctl --wait=hv sync -AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ +AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | \ sed -r 's/conjunction.[[0-9]]*,/conjunction,/g' | \ sed -r 's/conj_id=.*,/conj_id=,/' | sort], [0], [dnl @@ -1877,7 +1877,7 @@ reprocess_count_old=$(read_counter consider_logical_flow) check ovn-nbctl remove address_set as1 addresses 10.0.0.14,10.0.0.33 -- \ remove address_set as2 addresses 10.0.0.24,10.0.0.33 check ovn-nbctl --wait=hv sync -AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ +AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | \ sed -r 's/conjunction.[[0-9]]*,/conjunction,/g' | \ sed -r 's/conj_id=.*,/conj_id=,/' | sort], [0], [dnl @@ -1942,14 +1942,14 @@ for i in $(seq 5); do check ovn-nbctl add address_set as1 addresses "aa\:aa\:aa\:aa\:aa\:0$i" check ovn-nbctl --wait=hv sync if test "$i" = 3; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | sort], [0], [dnl priority=1100,reg15=0x$port_key,metadata=0x$dp_key,dl_src=aa:aa:aa:aa:aa:01 actions=drop priority=1100,reg15=0x$port_key,metadata=0x$dp_key,dl_src=aa:aa:aa:aa:aa:02 actions=drop priority=1100,reg15=0x$port_key,metadata=0x$dp_key,dl_src=aa:aa:aa:aa:aa:03 actions=drop ]) fi - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep -c "priority=1100"], [0], [$i + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47 | grep -c "priority=1100"], [0], [$i ]) done @@ -1963,17 +1963,17 @@ reprocess_count_old=$(read_counter consider_logical_flow) for i in $(seq 5); do check ovn-nbctl remove address_set as1 addresses "aa\:aa\:aa\:aa\:aa\:0$i" check ovn-nbctl --wait=hv sync - ovs-ofctl dump-flows br-int table=44 | grep "priority=1100" + ovs-ofctl dump-flows br-int table=47 | grep "priority=1100" if test "$i" = 4; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}'], [0], [dnl priority=1100,reg15=0x$port_key,metadata=0x$dp_key,dl_src=aa:aa:aa:aa:aa:05 actions=drop ]) fi if test "$i" = 5; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep "priority=1100"], [1], [ignore]) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47 | grep "priority=1100"], [1], [ignore]) else - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep -c "priority=1100"], [0], [$((5 - $i)) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47 | grep -c "priority=1100"], [0], [$((5 - $i)) ]) fi done @@ -2023,14 +2023,14 @@ for i in $(seq 5); do check ovn-nbctl add address_set as1 addresses "ff\:\:0$i" check ovn-nbctl --wait=hv sync if test "$i" = 3; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | sort], [0], [dnl priority=1100,ipv6,reg15=0x$port_key,metadata=0x$dp_key,ipv6_src=ff::1 actions=drop priority=1100,ipv6,reg15=0x$port_key,metadata=0x$dp_key,ipv6_src=ff::2 actions=drop priority=1100,ipv6,reg15=0x$port_key,metadata=0x$dp_key,ipv6_src=ff::3 actions=drop ]) fi - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep -c "priority=1100"], [0], [$i + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47 | grep -c "priority=1100"], [0], [$i ]) done @@ -2045,15 +2045,15 @@ for i in $(seq 5); do check ovn-nbctl remove address_set as1 addresses "ff\:\:0$i" check ovn-nbctl --wait=hv sync if test "$i" = 4; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}'], [0], [dnl priority=1100,ipv6,reg15=0x$port_key,metadata=0x$dp_key,ipv6_src=ff::5 actions=drop ]) fi if test "$i" = 5; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep "priority=1100"], [1], [ignore]) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47 | grep "priority=1100"], [1], [ignore]) else - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=44 | grep -c "priority=1100"], [0], [$((5 - $i)) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=47 | grep -c "priority=1100"], [0], [$((5 - $i)) ]) fi done diff --git a/tests/ovn.at b/tests/ovn.at index 616036156..b0439d99e 100644 --- a/tests/ovn.at +++ b/tests/ovn.at @@ -1004,10 +1004,10 @@ next(pipeline=ingress, table=11); next(pipeline=egress); formats as next(pipeline=egress, table=11); - encodes as resubmit(,51) + encodes as resubmit(,54) next(pipeline=egress, table=5); - encodes as resubmit(,45) + encodes as resubmit(,48) next(table=10); formats as next(10); @@ -11226,7 +11226,7 @@ hv1_gw1_ofport=$(as hv1 ovs-vsctl --bare --columns ofport find Interface name=ov hv1_gw2_ofport=$(as hv1 ovs-vsctl --bare --columns ofport find Interface name=ovn-gw2-0) OVS_WAIT_UNTIL([ - test 1 = $(as hv1 ovs-ofctl dump-flows br-int table=37 | grep -c "active_backup,ofport,members:$hv1_gw1_ofport,$hv1_gw2_ofport") + test 1 = $(as hv1 ovs-ofctl dump-flows br-int table=40 | grep -c "active_backup,ofport,members:$hv1_gw1_ofport,$hv1_gw2_ofport") ]) test_ip_packet() @@ -11336,7 +11336,7 @@ AT_CHECK( ]) OVS_WAIT_UNTIL([ - test 1 = $(as hv1 ovs-ofctl dump-flows br-int table=37 | grep -c "active_backup,ofport,members:$hv1_gw2_ofport,$hv1_gw1_ofport") + test 1 = $(as hv1 ovs-ofctl dump-flows br-int table=40 | grep -c "active_backup,ofport,members:$hv1_gw2_ofport,$hv1_gw1_ofport") ]) test_ip_packet gw2 gw1 0 @@ -11514,7 +11514,7 @@ hv1_gw1_ofport=$(as hv1 ovs-vsctl --bare --columns ofport find Interface name=ov hv1_gw2_ofport=$(as hv1 ovs-vsctl --bare --columns ofport find Interface name=ovn-gw2-0) OVS_WAIT_UNTIL([ - test 1 = $(as hv1 ovs-ofctl dump-flows br-int table=37 | grep -c "active_backup,ofport,members:$hv1_gw1_ofport,$hv1_gw2_ofport") + test 1 = $(as hv1 ovs-ofctl dump-flows br-int table=40 | grep -c "active_backup,ofport,members:$hv1_gw1_ofport,$hv1_gw2_ofport") ]) test_ip_packet() @@ -11594,7 +11594,7 @@ AT_CHECK([ovn-nbctl --wait=hv \ ]) OVS_WAIT_UNTIL([ - test 1 = $(as hv1 ovs-ofctl dump-flows br-int table=37 | grep -c "active_backup,ofport,members:$hv1_gw2_ofport,$hv1_gw1_ofport") + test 1 = $(as hv1 ovs-ofctl dump-flows br-int table=40 | grep -c "active_backup,ofport,members:$hv1_gw2_ofport,$hv1_gw1_ofport") ]) test_ip_packet gw2 gw1 @@ -11760,12 +11760,12 @@ AT_CAPTURE_FILE([hv2flows]) AT_CHECK( [# Check that redirect mapping is programmed only on hv2 - grep table=38 hv1flows | grep =0x3,metadata=0x1 | wc -l - grep table=38 hv2flows | grep =0x3,metadata=0x1 | grep load:0x2- | wc -l + grep table=41 hv1flows | grep =0x3,metadata=0x1 | wc -l + grep table=41 hv2flows | grep =0x3,metadata=0x1 | grep load:0x2- | wc -l # Check that hv1 sends chassisredirect port traffic to hv2 - grep table=37 hv1flows | grep =0x3,metadata=0x1 | grep output | wc -l - grep table=37 hv2flows | grep =0x3,metadata=0x1 | wc -l + grep table=40 hv1flows | grep =0x3,metadata=0x1 | grep output | wc -l + grep table=40 hv2flows | grep =0x3,metadata=0x1 | wc -l # Check that arp reply on distributed gateway port is only programmed on hv2 grep arp hv1flows | grep load:0x2- | grep =0x2,metadata=0x1 | wc -l @@ -12293,8 +12293,8 @@ as hv1 ovs-appctl netdev-dummy/receive hv1-vif1 $packet as hv1 ovs-appctl ofproto/trace br-int in_port=hv1-vif1 $packet sleep 2 -AS_BOX([On hv1, table 37 check that no packet goes via the tunnel port]) -OVS_WAIT_FOR_OUTPUT([as hv1 ovs-ofctl dump-flows br-int table=37 \ +AS_BOX([On hv1, table 40 check that no packet goes via the tunnel port]) +OVS_WAIT_FOR_OUTPUT([as hv1 ovs-ofctl dump-flows br-int table=40 \ | grep "NXM_NX_TUN_ID" | grep -v n_packets=0 | wc -l], [0], [[0 ]]) @@ -16401,25 +16401,25 @@ sleep 2 # Get total number of ipv4 packets that received on ovs # sender side -flow=$(as hv1 ovs-ofctl dump-flows br-int table=44 | grep priority=2002|grep ip,metadata=0x1) +flow=$(as hv1 ovs-ofctl dump-flows br-int table=47 | grep priority=2002|grep ip,metadata=0x1) n_pkts="$(echo $flow|awk -F',' '{ print $4 }'|awk -F'=' '{ print $2 }')" check test $n_pkts -eq 1 # receiver side -flow=$(as hv2 ovs-ofctl dump-flows br-int table=44 | grep priority=2002|grep ip,metadata=0x1) +flow=$(as hv2 ovs-ofctl dump-flows br-int table=47 | grep priority=2002|grep ip,metadata=0x1) n_pkts="$(echo $flow|awk -F',' '{ print $4 }'|awk -F'=' '{ print $2 }')" check test $n_pkts -eq 1 # Get total number of ipv6 packets that received on ovs # sender side -flow=$(as hv1 ovs-ofctl dump-flows br-int table=44 | grep priority=2002|grep ipv6,metadata=0x1) +flow=$(as hv1 ovs-ofctl dump-flows br-int table=47 | grep priority=2002|grep ipv6,metadata=0x1) n_pkts="$(echo $flow|awk -F',' '{ print $4 }'|awk -F'=' '{ print $2 }')" check test $n_pkts -eq 1 # receiver side -flow=$(as hv2 ovs-ofctl dump-flows br-int table=44 | grep priority=2002|grep ipv6,metadata=0x1) +flow=$(as hv2 ovs-ofctl dump-flows br-int table=47 | grep priority=2002|grep ipv6,metadata=0x1) n_pkts="$(echo $flow|awk -F',' '{ print $4 }'|awk -F'=' '{ print $2 }')" check test $n_pkts -eq 1 @@ -17979,17 +17979,17 @@ check ovn-nbctl acl-add ls1 to-lport 3 'ip4.src==10.0.0.1' allow check ovn-nbctl --wait=hv sync # Check OVS flows, the less restrictive flows should have been installed. -AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=44 | ofctl_strip_all | \ +AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=47 | ofctl_strip_all | \ grep "priority=1003" | \ sed 's/conjunction([[^)]]*)/conjunction()/g' | \ sed 's/conj_id=[[0-9]]*,/conj_id=xxx,/g' | sort], [0], [dnl - table=44, priority=1003,conj_id=xxx,ip,metadata=0x1 actions=resubmit(,45) - table=44, priority=1003,conj_id=xxx,ip,metadata=0x1 actions=resubmit(,45) - table=44, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.3 actions=conjunction(),conjunction() - table=44, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.4 actions=conjunction(),conjunction() - table=44, priority=1003,ip,metadata=0x1,nw_src=10.0.0.1 actions=resubmit(,45) - table=44, priority=1003,ip,metadata=0x1,nw_src=10.0.0.2 actions=conjunction() - table=44, priority=1003,ip,metadata=0x1,nw_src=10.0.0.42 actions=conjunction() + table=47, priority=1003,conj_id=xxx,ip,metadata=0x1 actions=resubmit(,48) + table=47, priority=1003,conj_id=xxx,ip,metadata=0x1 actions=resubmit(,48) + table=47, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.3 actions=conjunction(),conjunction() + table=47, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.4 actions=conjunction(),conjunction() + table=47, priority=1003,ip,metadata=0x1,nw_src=10.0.0.1 actions=resubmit(,48) + table=47, priority=1003,ip,metadata=0x1,nw_src=10.0.0.2 actions=conjunction() + table=47, priority=1003,ip,metadata=0x1,nw_src=10.0.0.42 actions=conjunction() ]) # Traffic 10.0.0.1, 10.0.0.2 -> 10.0.0.3, 10.0.0.4 should be allowed. @@ -18024,17 +18024,17 @@ check ovn-nbctl acl-del ls1 to-lport 3 'ip4.src==10.0.0.1 || ip4.src==10.0.0.1' check ovn-nbctl --wait=hv sync # Check OVS flows, the second less restrictive allow ACL should have been installed. -AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=44 | ofctl_strip_all | \ +AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=47 | ofctl_strip_all | \ grep "priority=1003" | \ sed 's/conjunction([[^)]]*)/conjunction()/g' | \ sed 's/conj_id=[[0-9]]*,/conj_id=xxx,/g' | sort], [0], [dnl - table=44, priority=1003,conj_id=xxx,ip,metadata=0x1 actions=resubmit(,45) - table=44, priority=1003,conj_id=xxx,ip,metadata=0x1 actions=resubmit(,45) - table=44, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.3 actions=conjunction(),conjunction() - table=44, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.4 actions=conjunction(),conjunction() - table=44, priority=1003,ip,metadata=0x1,nw_src=10.0.0.1 actions=resubmit(,45) - table=44, priority=1003,ip,metadata=0x1,nw_src=10.0.0.2 actions=conjunction() - table=44, priority=1003,ip,metadata=0x1,nw_src=10.0.0.42 actions=conjunction() + table=47, priority=1003,conj_id=xxx,ip,metadata=0x1 actions=resubmit(,48) + table=47, priority=1003,conj_id=xxx,ip,metadata=0x1 actions=resubmit(,48) + table=47, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.3 actions=conjunction(),conjunction() + table=47, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.4 actions=conjunction(),conjunction() + table=47, priority=1003,ip,metadata=0x1,nw_src=10.0.0.1 actions=resubmit(,48) + table=47, priority=1003,ip,metadata=0x1,nw_src=10.0.0.2 actions=conjunction() + table=47, priority=1003,ip,metadata=0x1,nw_src=10.0.0.42 actions=conjunction() ]) # Remove the less restrictive allow ACL. @@ -18042,17 +18042,17 @@ check ovn-nbctl acl-del ls1 to-lport 3 'ip4.src==10.0.0.1' check ovn-nbctl --wait=hv sync # Check OVS flows, the 10.0.0.1 conjunction should have been reinstalled. -AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=44 | ofctl_strip_all | \ +AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=47 | ofctl_strip_all | \ grep "priority=1003" | \ sed 's/conjunction([[^)]]*)/conjunction()/g' | \ sed 's/conj_id=[[0-9]]*,/conj_id=xxx,/g' | sort], [0], [dnl - table=44, priority=1003,conj_id=xxx,ip,metadata=0x1 actions=resubmit(,45) - table=44, priority=1003,conj_id=xxx,ip,metadata=0x1 actions=resubmit(,45) - table=44, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.3 actions=conjunction(),conjunction() - table=44, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.4 actions=conjunction(),conjunction() - table=44, priority=1003,ip,metadata=0x1,nw_src=10.0.0.1 actions=conjunction(),conjunction() - table=44, priority=1003,ip,metadata=0x1,nw_src=10.0.0.2 actions=conjunction() - table=44, priority=1003,ip,metadata=0x1,nw_src=10.0.0.42 actions=conjunction() + table=47, priority=1003,conj_id=xxx,ip,metadata=0x1 actions=resubmit(,48) + table=47, priority=1003,conj_id=xxx,ip,metadata=0x1 actions=resubmit(,48) + table=47, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.3 actions=conjunction(),conjunction() + table=47, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.4 actions=conjunction(),conjunction() + table=47, priority=1003,ip,metadata=0x1,nw_src=10.0.0.1 actions=conjunction(),conjunction() + table=47, priority=1003,ip,metadata=0x1,nw_src=10.0.0.2 actions=conjunction() + table=47, priority=1003,ip,metadata=0x1,nw_src=10.0.0.42 actions=conjunction() ]) # Traffic 10.0.0.1, 10.0.0.2 -> 10.0.0.3, 10.0.0.4 should be allowed. @@ -18082,17 +18082,17 @@ check ovn-nbctl acl-add ls1 to-lport 3 'ip4.src==10.0.0.1' allow check ovn-nbctl --wait=hv sync # Check OVS flows, the less restrictive flows should have been installed. -AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=44 | ofctl_strip_all | \ +AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=47 | ofctl_strip_all | \ grep "priority=1003" | \ sed 's/conjunction([[^)]]*)/conjunction()/g' | \ sed 's/conj_id=[[0-9]]*,/conj_id=xxx,/g' | sort], [0], [dnl - table=44, priority=1003,conj_id=xxx,ip,metadata=0x1 actions=resubmit(,45) - table=44, priority=1003,conj_id=xxx,ip,metadata=0x1 actions=resubmit(,45) - table=44, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.3 actions=conjunction(),conjunction() - table=44, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.4 actions=conjunction(),conjunction() - table=44, priority=1003,ip,metadata=0x1,nw_src=10.0.0.1 actions=resubmit(,45) - table=44, priority=1003,ip,metadata=0x1,nw_src=10.0.0.2 actions=conjunction() - table=44, priority=1003,ip,metadata=0x1,nw_src=10.0.0.42 actions=conjunction() + table=47, priority=1003,conj_id=xxx,ip,metadata=0x1 actions=resubmit(,48) + table=47, priority=1003,conj_id=xxx,ip,metadata=0x1 actions=resubmit(,48) + table=47, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.3 actions=conjunction(),conjunction() + table=47, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.4 actions=conjunction(),conjunction() + table=47, priority=1003,ip,metadata=0x1,nw_src=10.0.0.1 actions=resubmit(,48) + table=47, priority=1003,ip,metadata=0x1,nw_src=10.0.0.2 actions=conjunction() + table=47, priority=1003,ip,metadata=0x1,nw_src=10.0.0.42 actions=conjunction() ]) # Add another ACL that overlaps with the existing less restrictive ones. @@ -18103,20 +18103,20 @@ check ovn-nbctl --wait=hv sync # with an additional conjunction action. # # New non-conjunctive flows should be added to match on 'udp'. -AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=44 | ofctl_strip_all | \ +AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=47 | ofctl_strip_all | \ grep "priority=1003" | \ sed 's/conjunction([[^)]]*)/conjunction()/g' | \ sed 's/conj_id=[[0-9]]*,/conj_id=xxx,/g' | sort], [0], [dnl - table=44, priority=1003,conj_id=xxx,ip,metadata=0x1 actions=resubmit(,45) - table=44, priority=1003,conj_id=xxx,ip,metadata=0x1 actions=resubmit(,45) - table=44, priority=1003,conj_id=xxx,ip,metadata=0x1 actions=resubmit(,45) - table=44, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.3 actions=conjunction(),conjunction(),conjunction() - table=44, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.4 actions=conjunction(),conjunction(),conjunction() - table=44, priority=1003,ip,metadata=0x1,nw_src=10.0.0.1 actions=resubmit(,45) - table=44, priority=1003,ip,metadata=0x1,nw_src=10.0.0.2 actions=conjunction(),conjunction() - table=44, priority=1003,ip,metadata=0x1,nw_src=10.0.0.42 actions=conjunction() - table=44, priority=1003,udp,metadata=0x1 actions=resubmit(,45) - table=44, priority=1003,udp6,metadata=0x1 actions=resubmit(,45) + table=47, priority=1003,conj_id=xxx,ip,metadata=0x1 actions=resubmit(,48) + table=47, priority=1003,conj_id=xxx,ip,metadata=0x1 actions=resubmit(,48) + table=47, priority=1003,conj_id=xxx,ip,metadata=0x1 actions=resubmit(,48) + table=47, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.3 actions=conjunction(),conjunction(),conjunction() + table=47, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.4 actions=conjunction(),conjunction(),conjunction() + table=47, priority=1003,ip,metadata=0x1,nw_src=10.0.0.1 actions=resubmit(,48) + table=47, priority=1003,ip,metadata=0x1,nw_src=10.0.0.2 actions=conjunction(),conjunction() + table=47, priority=1003,ip,metadata=0x1,nw_src=10.0.0.42 actions=conjunction() + table=47, priority=1003,udp,metadata=0x1 actions=resubmit(,48) + table=47, priority=1003,udp6,metadata=0x1 actions=resubmit(,48) ]) OVN_CLEANUP([hv1]) @@ -18171,17 +18171,17 @@ check ovn-nbctl acl-add pg1 to-lport 100 'outport == @pg1 && ip4.src == $as2' al wait_for_ports_up check ovn-nbctl --wait=hv sync -ovs-ofctl dump-flows br-int table=44 -AT_CHECK([test `ovs-ofctl dump-flows br-int table=44 | grep -c conj_id` = 2]) +ovs-ofctl dump-flows br-int table=47 +AT_CHECK([test `ovs-ofctl dump-flows br-int table=47 | grep -c conj_id` = 2]) echo ------- # Add another address in as1, so that the 1st ACL will now generate 2 conjunctions. ovn-nbctl set address_set as1 addresses="10.0.0.1,10.0.0.2" check ovn-nbctl --wait=hv sync -ovs-ofctl dump-flows br-int table=44 +ovs-ofctl dump-flows br-int table=47 # There should be 3 conjunctions in total (2 from 1st ACL + 1 from 2nd ACL) -AT_CHECK([test `ovs-ofctl dump-flows br-int table=44 | grep -c conj_id` = 3]) +AT_CHECK([test `ovs-ofctl dump-flows br-int table=47 | grep -c conj_id` = 3]) OVN_CLEANUP([hv1]) AT_CLEANUP @@ -21144,8 +21144,8 @@ check_virtual_offlows_present() { lr0_dp_key=$(printf "%x" $(fetch_column Datapath_Binding tunnel_key external_ids:name=lr0)) lr0_public_dp_key=$(printf "%x" $(fetch_column Port_Binding tunnel_key logical_port=lr0-public)) - AT_CHECK_UNQUOTED([as $hv ovs-ofctl dump-flows br-int table=44,ip | ofctl_strip_all | grep "priority=2000"], [0], [dnl - table=44, priority=2000,ip,metadata=0x$sw0_dp_key actions=resubmit(,45) + AT_CHECK_UNQUOTED([as $hv ovs-ofctl dump-flows br-int table=47,ip | ofctl_strip_all | grep "priority=2000"], [0], [dnl + table=47, priority=2000,ip,metadata=0x$sw0_dp_key actions=resubmit(,48) ]) AT_CHECK_UNQUOTED([as $hv ovs-ofctl dump-flows br-int table=11 | ofctl_strip_all | \ @@ -21156,7 +21156,7 @@ check_virtual_offlows_present() { check_virtual_offlows_not_present() { hv=$1 - AT_CHECK([as $hv ovs-ofctl dump-flows br-int table=44,ip | ofctl_strip_all | grep "priority=2000"], [1], [dnl + AT_CHECK([as $hv ovs-ofctl dump-flows br-int table=47,ip | ofctl_strip_all | grep "priority=2000"], [1], [dnl ]) AT_CHECK([as $hv ovs-ofctl dump-flows br-int table=11 | ofctl_strip_all | \ @@ -28067,22 +28067,22 @@ AT_CHECK([test ! -z $p1_zoneid]) p2_zoneid=$(as hv1 ovs-vsctl get bridge br-int external_ids:ct-zone-sw0-p2 | sed 's/"//g') AT_CHECK([test ! -z $p2_zoneid]) -AT_CHECK([test $(ovs-ofctl dump-flows br-int table=38,metadata=${sw0_dpkey},\ +AT_CHECK([test $(ovs-ofctl dump-flows br-int table=41,metadata=${sw0_dpkey},\ reg15=0x${p1_dpkey} | grep REG13 | wc -l) -eq 1]) -AT_CHECK([test $(ovs-ofctl dump-flows br-int table=38,metadata=${sw0_dpkey},\ +AT_CHECK([test $(ovs-ofctl dump-flows br-int table=41,metadata=${sw0_dpkey},\ reg15=0x${p1_dpkey} | grep "load:0x${p1_zoneid}->NXM_NX_REG13" | wc -l) -eq 1]) -AT_CHECK([test $(ovs-ofctl dump-flows br-int table=38,metadata=${sw1_dpkey},\ +AT_CHECK([test $(ovs-ofctl dump-flows br-int table=41,metadata=${sw1_dpkey},\ reg15=0x${p2_dpkey} | grep REG13 | wc -l) -eq 1]) -AT_CHECK([test $(ovs-ofctl dump-flows br-int table=38,metadata=${sw1_dpkey},\ +AT_CHECK([test $(ovs-ofctl dump-flows br-int table=41,metadata=${sw1_dpkey},\ reg15=0x${p2_dpkey} | grep "load:0x${p2_zoneid}->NXM_NX_REG13" | wc -l) -eq 1]) ovs-vsctl set interface hv1-vif1 external_ids:iface-id=foo OVS_WAIT_UNTIL([test x$(ovn-nbctl lsp-get-up sw0-p1) = xdown]) -AT_CHECK([test $(ovs-ofctl dump-flows br-int table=38,metadata=${sw0_dpkey},\ +AT_CHECK([test $(ovs-ofctl dump-flows br-int table=41,metadata=${sw0_dpkey},\ reg15=0x${p1_dpkey} | grep REG13 | wc -l) -eq 0]) p1_zoneid=$(as hv1 ovs-vsctl get bridge br-int external_ids:ct-zone-sw0-p1 | sed 's/"//g') @@ -28094,16 +28094,16 @@ OVS_WAIT_UNTIL([test x$(ovn-nbctl lsp-get-up sw0-p1) = xup]) p1_zoneid=$(as hv1 ovs-vsctl get bridge br-int external_ids:ct-zone-sw0-p1 | sed 's/"//g') AT_CHECK([test ! -z $p1_zoneid]) -AT_CHECK([test $(ovs-ofctl dump-flows br-int table=38,metadata=${sw0_dpkey},\ +AT_CHECK([test $(ovs-ofctl dump-flows br-int table=41,metadata=${sw0_dpkey},\ reg15=0x${p1_dpkey} | grep REG13 | wc -l) -eq 1]) -AT_CHECK([test $(ovs-ofctl dump-flows br-int table=38,metadata=${sw0_dpkey},\ +AT_CHECK([test $(ovs-ofctl dump-flows br-int table=41,metadata=${sw0_dpkey},\ reg15=0x${p1_dpkey} | grep "load:0x${p1_zoneid}->NXM_NX_REG13" | wc -l) -eq 1]) ovs-vsctl del-port hv1-vif2 OVS_WAIT_UNTIL([test x$(ovn-nbctl lsp-get-up sw0-p2) = xdown]) -AT_CHECK([test $(ovs-ofctl dump-flows br-int table=38,metadata=${sw0_dpkey},\ +AT_CHECK([test $(ovs-ofctl dump-flows br-int table=41,metadata=${sw0_dpkey},\ reg15=0x${p2_dpkey} | grep REG13 | wc -l) -eq 0]) p2_zoneid=$(as hv1 ovs-vsctl get bridge br-int external_ids:ct-zone-sw0-p2 | sed 's/"//g') @@ -28111,7 +28111,7 @@ AT_CHECK([test -z $p2_zoneid]) ovn-nbctl lsp-del sw0-p1 -OVS_WAIT_UNTIL([test $(ovs-ofctl dump-flows br-int table=38,metadata=${sw0_dpkey},\ +OVS_WAIT_UNTIL([test $(ovs-ofctl dump-flows br-int table=41,metadata=${sw0_dpkey},\ reg15=0x${p1_dpkey} | grep REG13 | wc -l) -eq 0]) p1_zoneid=$(as hv1 ovs-vsctl get bridge br-int external_ids:ct-zone-sw0-p1 | sed 's/"//g') @@ -30566,46 +30566,46 @@ AT_CHECK([kill -0 $(cat hv1/ovn-controller.pid)]) check ovn-nbctl --wait=hv sync # Check OVS flows are installed properly. -AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=44 | ofctl_strip_all | \ +AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=47 | ofctl_strip_all | \ grep "priority=2002" | grep conjunction | \ sed 's/conjunction([[^)]]*)/conjunction()/g' | \ sed 's/reg15=0x[[1-9]]/reg15=0xN/g' | sort], [0], [dnl - table=44, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x10/0xfff0 actions=conjunction() - table=44, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x100/0xff00 actions=conjunction() - table=44, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x1000/0xf000 actions=conjunction() - table=44, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x2/0xfffe actions=conjunction() - table=44, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x20/0xffe0 actions=conjunction() - table=44, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x200/0xfe00 actions=conjunction() - table=44, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x2000/0xe000 actions=conjunction() - table=44, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x4/0xfffc actions=conjunction() - table=44, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x40/0xffc0 actions=conjunction() - table=44, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x400/0xfc00 actions=conjunction() - table=44, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x4000/0xc000 actions=conjunction() - table=44, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x8/0xfff8 actions=conjunction() - table=44, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x80/0xff80 actions=conjunction() - table=44, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x800/0xf800 actions=conjunction() - table=44, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x8000/0x8000 actions=conjunction() - table=44, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=1 actions=conjunction() - table=44, priority=2002,udp,reg0=0x100/0x100,reg15=0xN,metadata=0x1,nw_src=192.168.47.4 actions=conjunction() - table=44, priority=2002,udp,reg0=0x100/0x100,reg15=0xN,metadata=0x1,nw_src=192.168.47.4 actions=conjunction() - table=44, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x10/0xfff0 actions=conjunction() - table=44, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x100/0xff00 actions=conjunction() - table=44, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x1000/0xf000 actions=conjunction() - table=44, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x2/0xfffe actions=conjunction() - table=44, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x20/0xffe0 actions=conjunction() - table=44, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x200/0xfe00 actions=conjunction() - table=44, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x2000/0xe000 actions=conjunction() - table=44, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x4/0xfffc actions=conjunction() - table=44, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x40/0xffc0 actions=conjunction() - table=44, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x400/0xfc00 actions=conjunction() - table=44, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x4000/0xc000 actions=conjunction() - table=44, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x8/0xfff8 actions=conjunction() - table=44, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x80/0xff80 actions=conjunction() - table=44, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x800/0xf800 actions=conjunction() - table=44, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x8000/0x8000 actions=conjunction() - table=44, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=1 actions=conjunction() - table=44, priority=2002,udp,reg0=0x80/0x80,reg15=0xN,metadata=0x1,nw_src=192.168.47.4 actions=conjunction() - table=44, priority=2002,udp,reg0=0x80/0x80,reg15=0xN,metadata=0x1,nw_src=192.168.47.4 actions=conjunction() + table=47, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x10/0xfff0 actions=conjunction() + table=47, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x100/0xff00 actions=conjunction() + table=47, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x1000/0xf000 actions=conjunction() + table=47, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x2/0xfffe actions=conjunction() + table=47, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x20/0xffe0 actions=conjunction() + table=47, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x200/0xfe00 actions=conjunction() + table=47, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x2000/0xe000 actions=conjunction() + table=47, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x4/0xfffc actions=conjunction() + table=47, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x40/0xffc0 actions=conjunction() + table=47, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x400/0xfc00 actions=conjunction() + table=47, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x4000/0xc000 actions=conjunction() + table=47, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x8/0xfff8 actions=conjunction() + table=47, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x80/0xff80 actions=conjunction() + table=47, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x800/0xf800 actions=conjunction() + table=47, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x8000/0x8000 actions=conjunction() + table=47, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=1 actions=conjunction() + table=47, priority=2002,udp,reg0=0x100/0x100,reg15=0xN,metadata=0x1,nw_src=192.168.47.4 actions=conjunction() + table=47, priority=2002,udp,reg0=0x100/0x100,reg15=0xN,metadata=0x1,nw_src=192.168.47.4 actions=conjunction() + table=47, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x10/0xfff0 actions=conjunction() + table=47, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x100/0xff00 actions=conjunction() + table=47, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x1000/0xf000 actions=conjunction() + table=47, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x2/0xfffe actions=conjunction() + table=47, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x20/0xffe0 actions=conjunction() + table=47, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x200/0xfe00 actions=conjunction() + table=47, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x2000/0xe000 actions=conjunction() + table=47, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x4/0xfffc actions=conjunction() + table=47, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x40/0xffc0 actions=conjunction() + table=47, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x400/0xfc00 actions=conjunction() + table=47, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x4000/0xc000 actions=conjunction() + table=47, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x8/0xfff8 actions=conjunction() + table=47, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x80/0xff80 actions=conjunction() + table=47, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x800/0xf800 actions=conjunction() + table=47, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x8000/0x8000 actions=conjunction() + table=47, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=1 actions=conjunction() + table=47, priority=2002,udp,reg0=0x80/0x80,reg15=0xN,metadata=0x1,nw_src=192.168.47.4 actions=conjunction() + table=47, priority=2002,udp,reg0=0x80/0x80,reg15=0xN,metadata=0x1,nw_src=192.168.47.4 actions=conjunction() ]) OVN_CLEANUP([hv1]) @@ -31780,7 +31780,7 @@ ovs-vsctl add-port br-int lsp0-0 -- set interface lsp0-0 external_ids:iface-id=l ovs-vsctl add-port br-int lsp0-1 -- set interface lsp0-1 external_ids:iface-id=lsp0-1 check ovn-nbctl --wait=hv sync -AT_CHECK([test $(ovs-ofctl dump-flows br-int table=44 | grep conjunction | wc -l) == 22]) +AT_CHECK([test $(ovs-ofctl dump-flows br-int table=47 | grep conjunction | wc -l) == 22]) # Save the current lflow_run counter lflow_run=$(ovn-appctl -t ovn-controller coverage/read-counter lflow_run) @@ -31790,7 +31790,7 @@ lflow_run=$(ovn-appctl -t ovn-controller coverage/read-counter lflow_run) # 1. Remove half of the ports from pg1. The excepted conjunction flows should be: # 2 + 10 = 12 check ovn-nbctl --wait=hv pg-set-ports pg1 $(for i in 0 1 2 3 4; do for j in 0 1; do echo lsp${i}-${j}; done; done) -AT_CHECK([test $(ovs-ofctl dump-flows br-int table=44 | grep conjunction | wc -l) == 12]) +AT_CHECK([test $(ovs-ofctl dump-flows br-int table=47 | grep conjunction | wc -l) == 12]) # 2. Unbind lsp0-0. The there shouldn't be any conjunction flows because the # port group const set should have only one member (lsp0-1). And the total @@ -31798,25 +31798,25 @@ AT_CHECK([test $(ovs-ofctl dump-flows br-int table=44 | grep conjunction | wc -l # 10. ovs-vsctl del-port br-int lsp0-0 check ovn-nbctl --wait=hv sync -AT_CHECK([test $(ovs-ofctl dump-flows br-int table=44 | grep conjunction | wc -l) == 0]) -AT_CHECK([test $(ovs-ofctl dump-flows br-int table=44 | grep 192.168 | wc -l) == 10]) +AT_CHECK([test $(ovs-ofctl dump-flows br-int table=47 | grep conjunction | wc -l) == 0]) +AT_CHECK([test $(ovs-ofctl dump-flows br-int table=47 | grep 192.168 | wc -l) == 10]) # 3. Rebind lsp0-0. The expected conjunction flows are back to 12. ovs-vsctl add-port br-int lsp0-0 -- set interface lsp0-0 external_ids:iface-id=lsp0-0 check ovn-nbctl --wait=hv sync -AT_CHECK([test $(ovs-ofctl dump-flows br-int table=44 | grep conjunction | wc -l) == 12]) +AT_CHECK([test $(ovs-ofctl dump-flows br-int table=47 | grep conjunction | wc -l) == 12]) # 4. Bind a lsp (lsp9-0) that doesn't belong to pg1, should not see any change. ovs-vsctl add-port br-int lsp9-0 -- set interface lsp9-0 external_ids:iface-id=lsp9-0 check ovn-nbctl --wait=hv sync -AT_CHECK([test $(ovs-ofctl dump-flows br-int table=44 | grep conjunction | wc -l) == 12]) +AT_CHECK([test $(ovs-ofctl dump-flows br-int table=47 | grep conjunction | wc -l) == 12]) # 5. Bind another 2 lsps (lsp1-0 lsp1-1) that belong to pg1 and on a different # LS (ls1), should see conjunction flows doubled (12 x 2 = 24) ovs-vsctl add-port br-int lsp1-0 -- set interface lsp1-0 external_ids:iface-id=lsp1-0 ovs-vsctl add-port br-int lsp1-1 -- set interface lsp1-1 external_ids:iface-id=lsp1-1 check ovn-nbctl --wait=hv sync -AT_CHECK([test $(ovs-ofctl dump-flows br-int table=44 | grep conjunction | wc -l) == 24]) +AT_CHECK([test $(ovs-ofctl dump-flows br-int table=47 | grep conjunction | wc -l) == 24]) # 6. Simulate a SB port-group "del and add" notification to ovn-controller in the # same IDL iteration. ovn-controller should still program the same flows. In @@ -31841,7 +31841,7 @@ for i in $(seq 1 10); do check ovn-nbctl --wait=hv sync # Finally check flow count is the same as before. - AT_CHECK([test $(ovs-ofctl dump-flows br-int table=44 | grep conjunction | wc -l) == 24]) + AT_CHECK([test $(ovs-ofctl dump-flows br-int table=47 | grep conjunction | wc -l) == 24]) done # Make sure all the above was performed with I-P (no recompute) @@ -32247,8 +32247,8 @@ check ovn-nbctl acl-add lsw0 to-lport 1002 'outport == "lp2" && ip4.src == 10.0. # The first ACL should be programmed, but the second one shouldn't. check ovn-nbctl --wait=hv sync -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep 10.0.0.111], [0], [ignore]) -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep 10.0.0.122], [1], [ignore]) +AT_CHECK([ovs-ofctl dump-flows br-int table=47 | grep 10.0.0.111], [0], [ignore]) +AT_CHECK([ovs-ofctl dump-flows br-int table=47 | grep 10.0.0.122], [1], [ignore]) # Now create the lport lp2. check ovn-nbctl lsp-add lsw0 lp2 \ @@ -32256,12 +32256,12 @@ check ovn-nbctl lsp-add lsw0 lp2 \ check ovn-nbctl --wait=hv sync # Now the second ACL should be programmed. -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep 10.0.0.122], [0], [ignore]) +AT_CHECK([ovs-ofctl dump-flows br-int table=47 | grep 10.0.0.122], [0], [ignore]) # Remove the lport lp2 again, the OVS flow for the second ACL should be # removed. check ovn-nbctl --wait=hv lsp-del lp2 -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep 10.0.0.122], [1], [ignore]) +AT_CHECK([ovs-ofctl dump-flows br-int table=47 | grep 10.0.0.122], [1], [ignore]) # Test similar scenario but when the referenced lport is not bound locally. @@ -32275,8 +32275,8 @@ check ovn-nbctl acl-add lsw0 to-lport 1002 'inport == "lp4" && ip4.dst == 10.0.0 # The ACL for lp3 should be programmed, but the one for lp4 shouldn't. check ovn-nbctl --wait=hv sync -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep 10.0.0.133], [0], [ignore]) -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep 10.0.0.144], [1], [ignore]) +AT_CHECK([ovs-ofctl dump-flows br-int table=47 | grep 10.0.0.133], [0], [ignore]) +AT_CHECK([ovs-ofctl dump-flows br-int table=47 | grep 10.0.0.144], [1], [ignore]) # Now create the lport lp4. check ovn-nbctl lsp-add lsw0 lp4 \ @@ -32284,7 +32284,7 @@ check ovn-nbctl lsp-add lsw0 lp4 \ # Now the ACL for lp4 should be programmed. check ovn-nbctl --wait=hv sync -AT_CHECK([ovs-ofctl dump-flows br-int table=44 | grep 10.0.0.144], [0], [ignore]) +AT_CHECK([ovs-ofctl dump-flows br-int table=47 | grep 10.0.0.144], [0], [ignore]) OVN_CLEANUP([hv1]) AT_CLEANUP @@ -33718,7 +33718,7 @@ check ovn-nbctl --wait=hv sync # Use constants so that if tables or registers change, this test can # be updated easily. DNAT_TABLE=15 -SNAT_TABLE=43 +SNAT_TABLE=46 DNAT_ZONE_REG="NXM_NX_REG11[[0..15]]" SNAT_ZONE_REG="NXM_NX_REG12[[0..15]]"