@@ -6426,7 +6426,7 @@ AT_CHECK([grep -e "lr_in_defrag" lr0flows | ovn_strip_lflows], [0], [dnl
dnl The chassis was created with other_config:ct-no-masked-label=false, the flows
dnl should be using ct_label.ecmp_reply_port.
-AT_CHECK([grep -e "lr_in_arp_resolve.*ecmp" lr0flows | sed 's/table=../table=??/'], [0], [dnl
+AT_CHECK([grep -e "lr_in_arp_resolve.*ecmp" lr0flows | ovn_strip_lflows], [0], [dnl
table=??(lr_in_arp_resolve ), priority=200 , match=(ct.rpl && ct_label.ecmp_reply_port == 1), action=(push(xxreg1); xxreg1 = ct_label; eth.dst = xxreg1[[32..79]]; pop(xxreg1); next;)
])
@@ -6436,7 +6436,7 @@ dnl ct-no-masked-label. ovn-northd should start using ct_mark.ecmp_reply_port.
check ovn-sbctl set chassis ch1 other_config:ct-no-masked-label=true
check ovn-nbctl --wait=sb sync
ovn-sbctl dump-flows lr0 > lr0flows
-AT_CHECK([grep -e "lr_in_arp_resolve.*ecmp" lr0flows | sed 's/table=../table=??/'], [0], [dnl
+AT_CHECK([grep -e "lr_in_arp_resolve.*ecmp" lr0flows | ovn_strip_lflows], [0], [dnl
table=??(lr_in_arp_resolve ), priority=200 , match=(ct.rpl && ct_mark.ecmp_reply_port == 1), action=(push(xxreg1); xxreg1 = ct_label; eth.dst = xxreg1[[32..79]]; pop(xxreg1); next;)
])
@@ -6780,7 +6780,7 @@ check ovn-nbctl --wait=sb sync
ovn-sbctl dump-flows lr0 > lr0flows
AT_CAPTURE_FILE([lr0flows])
-AT_CHECK([grep -e "lr_in_ip_routing_pre.*match=(1)" lr0flows | sed 's/table=../table=??/'], [0], [dnl
+AT_CHECK([grep -e "lr_in_ip_routing_pre.*match=(1)" lr0flows | ovn_strip_lflows], [0], [dnl
table=??(lr_in_ip_routing_pre), priority=0 , match=(1), action=(reg7 = 0; next;)
])
@@ -7158,27 +7158,27 @@ ovn-sbctl dump-flows lr > lrflows
AT_CAPTURE_FILE([lrflows])
dnl Flows to skip TTL == {0, 1} check for IGMP and MLD packets.
-AT_CHECK([grep -e 'lr_in_ip_input ' lrflows | grep -e 'igmp' -e 'mld' -e 'ip.ttl == {0, 1}' | sed 's/table=../table=??/'], [0], [dnl
+AT_CHECK([grep -e 'lr_in_ip_input ' lrflows | grep -e 'igmp' -e 'mld' -e 'ip.ttl == {0, 1}' | ovn_strip_lflows], [0], [dnl
table=??(lr_in_ip_input ), priority=120 , match=((mldv1 || mldv2) && ip.ttl == 1), action=(next;)
table=??(lr_in_ip_input ), priority=120 , match=(igmp && ip.ttl == 1), action=(next;)
- table=??(lr_in_ip_input ), priority=32 , match=(ip.ttl == {0, 1} && !ip.later_frag && (ip4.mcast || ip6.mcast)), action=(drop;)
+ table=??(lr_in_ip_input ), priority=30 , match=(ip.ttl == {0, 1}), action=(drop;)
table=??(lr_in_ip_input ), priority=31 , match=(inport == "lrp1" && ip4 && ip.ttl == {0, 1} && !ip.later_frag), action=(icmp4 {eth.dst <-> eth.src; icmp4.type = 11; /* Time exceeded */ icmp4.code = 0; /* TTL exceeded in transit */ ip4.dst = ip4.src; ip4.src = 10.10.10.1 ; ip.ttl = 254; outport = "lrp1"; flags.loopback = 1; output; };)
table=??(lr_in_ip_input ), priority=31 , match=(inport == "lrp1" && ip6 && ip6.src == 1010::/64 && ip.ttl == {0, 1} && !ip.later_frag), action=(icmp6 {eth.dst <-> eth.src; ip6.dst = ip6.src; ip6.src = 1010::1 ; ip.ttl = 254; icmp6.type = 3; /* Time exceeded */ icmp6.code = 0; /* TTL exceeded in transit */ outport = "lrp1"; flags.loopback = 1; output; };)
table=??(lr_in_ip_input ), priority=31 , match=(inport == "lrp2" && ip4 && ip.ttl == {0, 1} && !ip.later_frag), action=(icmp4 {eth.dst <-> eth.src; icmp4.type = 11; /* Time exceeded */ icmp4.code = 0; /* TTL exceeded in transit */ ip4.dst = ip4.src; ip4.src = 20.20.20.1 ; ip.ttl = 254; outport = "lrp2"; flags.loopback = 1; output; };)
table=??(lr_in_ip_input ), priority=31 , match=(inport == "lrp2" && ip6 && ip6.src == 2020::/64 && ip.ttl == {0, 1} && !ip.later_frag), action=(icmp6 {eth.dst <-> eth.src; ip6.dst = ip6.src; ip6.src = 2020::1 ; ip.ttl = 254; icmp6.type = 3; /* Time exceeded */ icmp6.code = 0; /* TTL exceeded in transit */ outport = "lrp2"; flags.loopback = 1; output; };)
- table=??(lr_in_ip_input ), priority=30 , match=(ip.ttl == {0, 1}), action=(drop;)
+ table=??(lr_in_ip_input ), priority=32 , match=(ip.ttl == {0, 1} && !ip.later_frag && (ip4.mcast || ip6.mcast)), action=(drop;)
])
dnl Flows to "route" (statically forward) without decrementing TTL for
dnl IGMP and MLD packets. Also, flows to drop potentially looping IGMP/MLD
dnl packets.
-AT_CHECK([grep -e 'lr_in_ip_routing ' lrflows | grep -e 'igmp' -e 'mld' | sed 's/table=../table=??/'], [0], [dnl
+AT_CHECK([grep -e 'lr_in_ip_routing ' lrflows | grep -e 'igmp' -e 'mld' | ovn_strip_lflows], [0], [dnl
+ table=??(lr_in_ip_routing ), priority=10460, match=(igmp), action=(clone { outport = "_MC_static"; next; };)
+ table=??(lr_in_ip_routing ), priority=10460, match=(mldv1 || mldv2), action=(clone { outport = "_MC_static"; next; };)
table=??(lr_in_ip_routing ), priority=10550, match=(eth.src == 00:00:00:00:00:01 && (mldv1 || mldv2)), action=(drop;)
table=??(lr_in_ip_routing ), priority=10550, match=(eth.src == 00:00:00:00:00:01 && igmp), action=(drop;)
table=??(lr_in_ip_routing ), priority=10550, match=(eth.src == 00:00:00:00:00:02 && (mldv1 || mldv2)), action=(drop;)
table=??(lr_in_ip_routing ), priority=10550, match=(eth.src == 00:00:00:00:00:02 && igmp), action=(drop;)
- table=??(lr_in_ip_routing ), priority=10460, match=(igmp), action=(clone { outport = "_MC_static"; next; };)
- table=??(lr_in_ip_routing ), priority=10460, match=(mldv1 || mldv2), action=(clone { outport = "_MC_static"; next; };)
])
AT_CLEANUP
@@ -9867,7 +9867,7 @@ check ovn-nbctl ls-add ls
check ovn-nbctl lsp-add ls lsp
check ovn-nbctl pg-add pg lsp
-m4_define([ACL_FLOWS], [grep -w $1 lflows | grep "$2" | sed 's/table=../table=??/' | sed "s/\($1[[^)]]*\)/$1/" | sort])
+m4_define([ACL_FLOWS], [grep -w $1 lflows | grep "$2" | ovn_strip_lflows | sed "s/\($1[[^)]]*\)/$1/"])
acl_test() {
direction=$1
@@ -9875,7 +9875,6 @@ acl_test() {
thing=$3
eval_stage=$4
action_stage=$5
- eval_stage_table=$6
if test "$direction" = "from-lport" ; then
pipeline=ingress
@@ -9922,7 +9921,7 @@ acl_test() {
])
AT_CHECK_UNQUOTED([ACL_FLOWS([$action_stage], [priority=500])], [0], [dnl
- table=??($action_stage), priority=500 , match=(reg8[[30..31]] == 0), action=(reg8[[30..31]] = 1; next(pipeline=$pipeline,table=$eval_stage_table);)
+ table=??($action_stage), priority=500 , match=(reg8[[30..31]] == 0), action=(reg8[[30..31]] = 1; next(pipeline=$pipeline,table=??);)
])
# Change the ACL to tier 3. Ensure the tier match on the ACL has been
@@ -9935,9 +9934,9 @@ acl_test() {
])
AT_CHECK_UNQUOTED([ACL_FLOWS([$action_stage], [priority=500])], [0], [dnl
- table=??($action_stage), priority=500 , match=(reg8[[30..31]] == 0), action=(reg8[[30..31]] = 1; next(pipeline=$pipeline,table=$eval_stage_table);)
- table=??($action_stage), priority=500 , match=(reg8[[30..31]] == 1), action=(reg8[[30..31]] = 2; next(pipeline=$pipeline,table=$eval_stage_table);)
- table=??($action_stage), priority=500 , match=(reg8[[30..31]] == 2), action=(reg8[[30..31]] = 3; next(pipeline=$pipeline,table=$eval_stage_table);)
+ table=??($action_stage), priority=500 , match=(reg8[[30..31]] == 0), action=(reg8[[30..31]] = 1; next(pipeline=$pipeline,table=??);)
+ table=??($action_stage), priority=500 , match=(reg8[[30..31]] == 1), action=(reg8[[30..31]] = 2; next(pipeline=$pipeline,table=??);)
+ table=??($action_stage), priority=500 , match=(reg8[[30..31]] == 2), action=(reg8[[30..31]] = 3; next(pipeline=$pipeline,table=??);)
])
# Add an untiered ACL. Ensure that it matches on tier 0, but otherwise,
@@ -9950,9 +9949,9 @@ acl_test() {
])
AT_CHECK_UNQUOTED([ACL_FLOWS([$action_stage], [priority=500])], [0], [dnl
- table=??($action_stage), priority=500 , match=(reg8[[30..31]] == 0), action=(reg8[[30..31]] = 1; next(pipeline=$pipeline,table=$eval_stage_table);)
- table=??($action_stage), priority=500 , match=(reg8[[30..31]] == 1), action=(reg8[[30..31]] = 2; next(pipeline=$pipeline,table=$eval_stage_table);)
- table=??($action_stage), priority=500 , match=(reg8[[30..31]] == 2), action=(reg8[[30..31]] = 3; next(pipeline=$pipeline,table=$eval_stage_table);)
+ table=??($action_stage), priority=500 , match=(reg8[[30..31]] == 0), action=(reg8[[30..31]] = 1; next(pipeline=$pipeline,table=??);)
+ table=??($action_stage), priority=500 , match=(reg8[[30..31]] == 1), action=(reg8[[30..31]] = 2; next(pipeline=$pipeline,table=??);)
+ table=??($action_stage), priority=500 , match=(reg8[[30..31]] == 2), action=(reg8[[30..31]] = 3; next(pipeline=$pipeline,table=??);)
])
# Remove the tier 3 ACL. The remaining ACL is untiered, and there are no
@@ -9975,12 +9974,12 @@ acl_test() {
AT_CHECK([ACL_FLOWS([$action_stage], [priority=500])], [0], [])
}
-acl_test from-lport "" ls ls_in_acl_eval ls_in_acl_action 8
-acl_test from-lport "--apply-after-lb" ls ls_in_acl_after_lb_eval ls_in_acl_after_lb_action 18
-acl_test to-lport "" ls ls_out_acl_eval ls_out_acl_action 4
-acl_test from-lport "" pg ls_in_acl_eval ls_in_acl_action 8
-acl_test from-lport "--apply-after-lb" pg ls_in_acl_after_lb_eval ls_in_acl_after_lb_action 18
-acl_test to-lport "" pg ls_out_acl_eval ls_out_acl_action 4
+acl_test from-lport "" ls ls_in_acl_eval ls_in_acl_action
+acl_test from-lport "--apply-after-lb" ls ls_in_acl_after_lb_eval ls_in_acl_after_lb_action
+acl_test to-lport "" ls ls_out_acl_eval ls_out_acl_action
+acl_test from-lport "" pg ls_in_acl_eval ls_in_acl_action
+acl_test from-lport "--apply-after-lb" pg ls_in_acl_after_lb_eval ls_in_acl_after_lb_action
+acl_test to-lport "" pg ls_out_acl_eval ls_out_acl_action
AT_CLEANUP
])
@@ -9994,7 +9993,7 @@ check ovn-nbctl ls-add ls
check ovn-nbctl lsp-add ls lsp
check ovn-nbctl pg-add pg lsp
-m4_define([ACL_FLOWS], [grep -w $1 lflows | grep "$2" | sed 's/table=../table=??/' | sed "s/\($1[[^)]]*\)/$1/" | sort])
+m4_define([ACL_FLOWS], [grep -w $1 lflows | grep "$2" | ovn_strip_lflows | sed "s/\($1[[^)]]*\)/$1/" ])
acl_test() {
direction=$1
@@ -10053,11 +10052,11 @@ check ovn-nbctl --wait=sb sync
# First, ensure that conntrack is skipped for the localnet port since there
# isn't a load balancer configured.
-AT_CHECK([ovn-sbctl lflow-list sw | grep ls_in_pre_lb | grep priority=110 | grep sw-ln | sed 's/table=../table=??/'], [0], [dnl
+AT_CHECK([ovn-sbctl lflow-list sw | grep ls_in_pre_lb | grep priority=110 | grep sw-ln | ovn_strip_lflows], [0], [dnl
table=??(ls_in_pre_lb ), priority=110 , match=(ip && inport == "sw-ln"), action=(next;)
])
-AT_CHECK([ovn-sbctl lflow-list sw | grep ls_out_pre_lb | grep priority=110 | grep sw-ln | sed 's/table=../table=??/'], [0], [dnl
+AT_CHECK([ovn-sbctl lflow-list sw | grep ls_out_pre_lb | grep priority=110 | grep sw-ln | ovn_strip_lflows], [0], [dnl
table=??(ls_out_pre_lb ), priority=110 , match=(ip && outport == "sw-ln"), action=(ct_clear; next;)
])
@@ -10068,10 +10067,10 @@ check ovn-nbctl lb-add lb 10.0.0.1:80 10.0.0.100:8080 tcp
check ovn-nbctl ls-lb-add sw lb
check ovn-nbctl --wait=sb sync
-AT_CHECK([ovn-sbctl lflow-list sw | grep ls_in_pre_lb | grep priority=110 | grep sw-ln | sed 's/table=../table=??/'], [0], [dnl
+AT_CHECK([ovn-sbctl lflow-list sw | grep ls_in_pre_lb | grep priority=110 | grep sw-ln | ovn_strip_lflows], [0], [dnl
])
-AT_CHECK([ovn-sbctl lflow-list sw | grep ls_out_pre_lb | grep priority=110 | grep sw-ln | sed 's/table=../table=??/'], [0], [dnl
+AT_CHECK([ovn-sbctl lflow-list sw | grep ls_out_pre_lb | grep priority=110 | grep sw-ln | ovn_strip_lflows], [0], [dnl
])
# And ensure that removing the load balancer from the switch results in skipping
@@ -10079,11 +10078,11 @@ AT_CHECK([ovn-sbctl lflow-list sw | grep ls_out_pre_lb | grep priority=110 | gre
check ovn-nbctl ls-lb-del sw lb
check ovn-nbctl --wait=sb sync
-AT_CHECK([ovn-sbctl lflow-list sw | grep ls_in_pre_lb | grep priority=110 | grep sw-ln | sed 's/table=../table=??/'], [0], [dnl
+AT_CHECK([ovn-sbctl lflow-list sw | grep ls_in_pre_lb | grep priority=110 | grep sw-ln | ovn_strip_lflows], [0], [dnl
table=??(ls_in_pre_lb ), priority=110 , match=(ip && inport == "sw-ln"), action=(next;)
])
-AT_CHECK([ovn-sbctl lflow-list sw | grep ls_out_pre_lb | grep priority=110 | grep sw-ln | sed 's/table=../table=??/'], [0], [dnl
+AT_CHECK([ovn-sbctl lflow-list sw | grep ls_out_pre_lb | grep priority=110 | grep sw-ln | ovn_strip_lflows], [0], [dnl
table=??(ls_out_pre_lb ), priority=110 , match=(ip && outport == "sw-ln"), action=(ct_clear; next;)
])
@@ -11171,34 +11170,34 @@ check ovn-nbctl acl-add pg_dgw from-lport 1002 "inport == @pg_dgw && ip4" allow-
check ovn-nbctl acl-add pg_dgw to-lport 1003 "outport == @pg_dgw && ip4" allow-related
# Check skip conntrack option with 'enable_router_port_acl' default (false)
-AT_CHECK([ovn-sbctl dump-flows S1 | grep pre_acl | sed 's/table=./table=?/'], [0], [dnl
- table=? (ls_in_pre_acl ), priority=110 , match=(eth.dst == $svc_monitor_mac), action=(next;)
- table=? (ls_in_pre_acl ), priority=110 , match=(eth.mcast), action=(next;)
- table=? (ls_in_pre_acl ), priority=110 , match=(ip && inport == "S1-R1"), action=(next;)
- table=? (ls_in_pre_acl ), priority=110 , match=(nd || nd_rs || nd_ra || mldv1 || mldv2 || (udp && udp.src == 546 && udp.dst == 547)), action=(next;)
- table=? (ls_in_pre_acl ), priority=100 , match=(ip), action=(reg0[[0]] = 1; next;)
- table=? (ls_in_pre_acl ), priority=0 , match=(1), action=(next;)
- table=? (ls_out_pre_acl ), priority=110 , match=(eth.mcast), action=(next;)
- table=? (ls_out_pre_acl ), priority=110 , match=(eth.src == $svc_monitor_mac), action=(next;)
- table=? (ls_out_pre_acl ), priority=110 , match=(ip && outport == "S1-R1"), action=(next;)
- table=? (ls_out_pre_acl ), priority=110 , match=(nd || nd_rs || nd_ra || mldv1 || mldv2 || (udp && udp.src == 546 && udp.dst == 547)), action=(next;)
- table=? (ls_out_pre_acl ), priority=100 , match=(ip), action=(reg0[[0]] = 1; next;)
- table=? (ls_out_pre_acl ), priority=0 , match=(1), action=(next;)
+AT_CHECK([ovn-sbctl dump-flows S1 | grep pre_acl | ovn_strip_lflows], [0], [dnl
+ table=??(ls_in_pre_acl ), priority=0 , match=(1), action=(next;)
+ table=??(ls_in_pre_acl ), priority=100 , match=(ip), action=(reg0[[0]] = 1; next;)
+ table=??(ls_in_pre_acl ), priority=110 , match=(eth.dst == $svc_monitor_mac), action=(next;)
+ table=??(ls_in_pre_acl ), priority=110 , match=(eth.mcast), action=(next;)
+ table=??(ls_in_pre_acl ), priority=110 , match=(ip && inport == "S1-R1"), action=(next;)
+ table=??(ls_in_pre_acl ), priority=110 , match=(nd || nd_rs || nd_ra || mldv1 || mldv2 || (udp && udp.src == 546 && udp.dst == 547)), action=(next;)
+ table=??(ls_out_pre_acl ), priority=0 , match=(1), action=(next;)
+ table=??(ls_out_pre_acl ), priority=100 , match=(ip), action=(reg0[[0]] = 1; next;)
+ table=??(ls_out_pre_acl ), priority=110 , match=(eth.mcast), action=(next;)
+ table=??(ls_out_pre_acl ), priority=110 , match=(eth.src == $svc_monitor_mac), action=(next;)
+ table=??(ls_out_pre_acl ), priority=110 , match=(ip && outport == "S1-R1"), action=(next;)
+ table=??(ls_out_pre_acl ), priority=110 , match=(nd || nd_rs || nd_ra || mldv1 || mldv2 || (udp && udp.src == 546 && udp.dst == 547)), action=(next;)
])
# Enable 'enable_router_port_acl' and check the flows
check ovn-nbctl --wait=sb lsp-set-options S1-R1 router-port=R1-S1 enable_router_port_acl=true
-AT_CHECK([ovn-sbctl dump-flows S1 | grep pre_acl | sed 's/table=./table=?/'], [0], [dnl
- table=? (ls_in_pre_acl ), priority=110 , match=(eth.dst == $svc_monitor_mac), action=(next;)
- table=? (ls_in_pre_acl ), priority=110 , match=(eth.mcast), action=(next;)
- table=? (ls_in_pre_acl ), priority=110 , match=(nd || nd_rs || nd_ra || mldv1 || mldv2 || (udp && udp.src == 546 && udp.dst == 547)), action=(next;)
- table=? (ls_in_pre_acl ), priority=100 , match=(ip), action=(reg0[[0]] = 1; next;)
- table=? (ls_in_pre_acl ), priority=0 , match=(1), action=(next;)
- table=? (ls_out_pre_acl ), priority=110 , match=(eth.mcast), action=(next;)
- table=? (ls_out_pre_acl ), priority=110 , match=(eth.src == $svc_monitor_mac), action=(next;)
- table=? (ls_out_pre_acl ), priority=110 , match=(nd || nd_rs || nd_ra || mldv1 || mldv2 || (udp && udp.src == 546 && udp.dst == 547)), action=(next;)
- table=? (ls_out_pre_acl ), priority=100 , match=(ip), action=(reg0[[0]] = 1; next;)
- table=? (ls_out_pre_acl ), priority=0 , match=(1), action=(next;)
+AT_CHECK([ovn-sbctl dump-flows S1 | grep pre_acl | ovn_strip_lflows], [0], [dnl
+ table=??(ls_in_pre_acl ), priority=0 , match=(1), action=(next;)
+ table=??(ls_in_pre_acl ), priority=100 , match=(ip), action=(reg0[[0]] = 1; next;)
+ table=??(ls_in_pre_acl ), priority=110 , match=(eth.dst == $svc_monitor_mac), action=(next;)
+ table=??(ls_in_pre_acl ), priority=110 , match=(eth.mcast), action=(next;)
+ table=??(ls_in_pre_acl ), priority=110 , match=(nd || nd_rs || nd_ra || mldv1 || mldv2 || (udp && udp.src == 546 && udp.dst == 547)), action=(next;)
+ table=??(ls_out_pre_acl ), priority=0 , match=(1), action=(next;)
+ table=??(ls_out_pre_acl ), priority=100 , match=(ip), action=(reg0[[0]] = 1; next;)
+ table=??(ls_out_pre_acl ), priority=110 , match=(eth.mcast), action=(next;)
+ table=??(ls_out_pre_acl ), priority=110 , match=(eth.src == $svc_monitor_mac), action=(next;)
+ table=??(ls_out_pre_acl ), priority=110 , match=(nd || nd_rs || nd_ra || mldv1 || mldv2 || (udp && udp.src == 546 && udp.dst == 547)), action=(next;)
])
# ICMP packets from router port to external network should go to conntrack
@@ -11216,50 +11215,50 @@ ct_next(ct_state=est|trk) {
# Disable 'enable_router_port_acl' and check the flows
check ovn-nbctl --wait=sb lsp-set-options S1-R1 router-port=R1-S1 enable_router_port_acl=false
-AT_CHECK([ovn-sbctl dump-flows S1 | grep pre_acl | sed 's/table=./table=?/'], [0], [dnl
- table=? (ls_in_pre_acl ), priority=110 , match=(eth.dst == $svc_monitor_mac), action=(next;)
- table=? (ls_in_pre_acl ), priority=110 , match=(eth.mcast), action=(next;)
- table=? (ls_in_pre_acl ), priority=110 , match=(ip && inport == "S1-R1"), action=(next;)
- table=? (ls_in_pre_acl ), priority=110 , match=(nd || nd_rs || nd_ra || mldv1 || mldv2 || (udp && udp.src == 546 && udp.dst == 547)), action=(next;)
- table=? (ls_in_pre_acl ), priority=100 , match=(ip), action=(reg0[[0]] = 1; next;)
- table=? (ls_in_pre_acl ), priority=0 , match=(1), action=(next;)
- table=? (ls_out_pre_acl ), priority=110 , match=(eth.mcast), action=(next;)
- table=? (ls_out_pre_acl ), priority=110 , match=(eth.src == $svc_monitor_mac), action=(next;)
- table=? (ls_out_pre_acl ), priority=110 , match=(ip && outport == "S1-R1"), action=(next;)
- table=? (ls_out_pre_acl ), priority=110 , match=(nd || nd_rs || nd_ra || mldv1 || mldv2 || (udp && udp.src == 546 && udp.dst == 547)), action=(next;)
- table=? (ls_out_pre_acl ), priority=100 , match=(ip), action=(reg0[[0]] = 1; next;)
- table=? (ls_out_pre_acl ), priority=0 , match=(1), action=(next;)
+AT_CHECK([ovn-sbctl dump-flows S1 | grep pre_acl | ovn_strip_lflows], [0], [dnl
+ table=??(ls_in_pre_acl ), priority=0 , match=(1), action=(next;)
+ table=??(ls_in_pre_acl ), priority=100 , match=(ip), action=(reg0[[0]] = 1; next;)
+ table=??(ls_in_pre_acl ), priority=110 , match=(eth.dst == $svc_monitor_mac), action=(next;)
+ table=??(ls_in_pre_acl ), priority=110 , match=(eth.mcast), action=(next;)
+ table=??(ls_in_pre_acl ), priority=110 , match=(ip && inport == "S1-R1"), action=(next;)
+ table=??(ls_in_pre_acl ), priority=110 , match=(nd || nd_rs || nd_ra || mldv1 || mldv2 || (udp && udp.src == 546 && udp.dst == 547)), action=(next;)
+ table=??(ls_out_pre_acl ), priority=0 , match=(1), action=(next;)
+ table=??(ls_out_pre_acl ), priority=100 , match=(ip), action=(reg0[[0]] = 1; next;)
+ table=??(ls_out_pre_acl ), priority=110 , match=(eth.mcast), action=(next;)
+ table=??(ls_out_pre_acl ), priority=110 , match=(eth.src == $svc_monitor_mac), action=(next;)
+ table=??(ls_out_pre_acl ), priority=110 , match=(ip && outport == "S1-R1"), action=(next;)
+ table=??(ls_out_pre_acl ), priority=110 , match=(nd || nd_rs || nd_ra || mldv1 || mldv2 || (udp && udp.src == 546 && udp.dst == 547)), action=(next;)
])
# Clear the option 'enable_router_port_acl' and check the flows. Before that enable the option.
check ovn-nbctl --wait=sb lsp-set-options S1-R1 router-port=R1-S1 enable_router_port_acl=true
-AT_CHECK([ovn-sbctl dump-flows S1 | grep pre_acl | sed 's/table=./table=?/'], [0], [dnl
- table=? (ls_in_pre_acl ), priority=110 , match=(eth.dst == $svc_monitor_mac), action=(next;)
- table=? (ls_in_pre_acl ), priority=110 , match=(eth.mcast), action=(next;)
- table=? (ls_in_pre_acl ), priority=110 , match=(nd || nd_rs || nd_ra || mldv1 || mldv2 || (udp && udp.src == 546 && udp.dst == 547)), action=(next;)
- table=? (ls_in_pre_acl ), priority=100 , match=(ip), action=(reg0[[0]] = 1; next;)
- table=? (ls_in_pre_acl ), priority=0 , match=(1), action=(next;)
- table=? (ls_out_pre_acl ), priority=110 , match=(eth.mcast), action=(next;)
- table=? (ls_out_pre_acl ), priority=110 , match=(eth.src == $svc_monitor_mac), action=(next;)
- table=? (ls_out_pre_acl ), priority=110 , match=(nd || nd_rs || nd_ra || mldv1 || mldv2 || (udp && udp.src == 546 && udp.dst == 547)), action=(next;)
- table=? (ls_out_pre_acl ), priority=100 , match=(ip), action=(reg0[[0]] = 1; next;)
- table=? (ls_out_pre_acl ), priority=0 , match=(1), action=(next;)
+AT_CHECK([ovn-sbctl dump-flows S1 | grep pre_acl | ovn_strip_lflows], [0], [dnl
+ table=??(ls_in_pre_acl ), priority=0 , match=(1), action=(next;)
+ table=??(ls_in_pre_acl ), priority=100 , match=(ip), action=(reg0[[0]] = 1; next;)
+ table=??(ls_in_pre_acl ), priority=110 , match=(eth.dst == $svc_monitor_mac), action=(next;)
+ table=??(ls_in_pre_acl ), priority=110 , match=(eth.mcast), action=(next;)
+ table=??(ls_in_pre_acl ), priority=110 , match=(nd || nd_rs || nd_ra || mldv1 || mldv2 || (udp && udp.src == 546 && udp.dst == 547)), action=(next;)
+ table=??(ls_out_pre_acl ), priority=0 , match=(1), action=(next;)
+ table=??(ls_out_pre_acl ), priority=100 , match=(ip), action=(reg0[[0]] = 1; next;)
+ table=??(ls_out_pre_acl ), priority=110 , match=(eth.mcast), action=(next;)
+ table=??(ls_out_pre_acl ), priority=110 , match=(eth.src == $svc_monitor_mac), action=(next;)
+ table=??(ls_out_pre_acl ), priority=110 , match=(nd || nd_rs || nd_ra || mldv1 || mldv2 || (udp && udp.src == 546 && udp.dst == 547)), action=(next;)
])
check ovn-nbctl --wait=sb lsp-set-options S1-R1 router-port=R1-S1
-AT_CHECK([ovn-sbctl dump-flows S1 | grep pre_acl | sed 's/table=./table=?/'], [0], [dnl
- table=? (ls_in_pre_acl ), priority=110 , match=(eth.dst == $svc_monitor_mac), action=(next;)
- table=? (ls_in_pre_acl ), priority=110 , match=(eth.mcast), action=(next;)
- table=? (ls_in_pre_acl ), priority=110 , match=(ip && inport == "S1-R1"), action=(next;)
- table=? (ls_in_pre_acl ), priority=110 , match=(nd || nd_rs || nd_ra || mldv1 || mldv2 || (udp && udp.src == 546 && udp.dst == 547)), action=(next;)
- table=? (ls_in_pre_acl ), priority=100 , match=(ip), action=(reg0[[0]] = 1; next;)
- table=? (ls_in_pre_acl ), priority=0 , match=(1), action=(next;)
- table=? (ls_out_pre_acl ), priority=110 , match=(eth.mcast), action=(next;)
- table=? (ls_out_pre_acl ), priority=110 , match=(eth.src == $svc_monitor_mac), action=(next;)
- table=? (ls_out_pre_acl ), priority=110 , match=(ip && outport == "S1-R1"), action=(next;)
- table=? (ls_out_pre_acl ), priority=110 , match=(nd || nd_rs || nd_ra || mldv1 || mldv2 || (udp && udp.src == 546 && udp.dst == 547)), action=(next;)
- table=? (ls_out_pre_acl ), priority=100 , match=(ip), action=(reg0[[0]] = 1; next;)
- table=? (ls_out_pre_acl ), priority=0 , match=(1), action=(next;)
+AT_CHECK([ovn-sbctl dump-flows S1 | grep pre_acl | ovn_strip_lflows], [0], [dnl
+ table=??(ls_in_pre_acl ), priority=0 , match=(1), action=(next;)
+ table=??(ls_in_pre_acl ), priority=100 , match=(ip), action=(reg0[[0]] = 1; next;)
+ table=??(ls_in_pre_acl ), priority=110 , match=(eth.dst == $svc_monitor_mac), action=(next;)
+ table=??(ls_in_pre_acl ), priority=110 , match=(eth.mcast), action=(next;)
+ table=??(ls_in_pre_acl ), priority=110 , match=(ip && inport == "S1-R1"), action=(next;)
+ table=??(ls_in_pre_acl ), priority=110 , match=(nd || nd_rs || nd_ra || mldv1 || mldv2 || (udp && udp.src == 546 && udp.dst == 547)), action=(next;)
+ table=??(ls_out_pre_acl ), priority=0 , match=(1), action=(next;)
+ table=??(ls_out_pre_acl ), priority=100 , match=(ip), action=(reg0[[0]] = 1; next;)
+ table=??(ls_out_pre_acl ), priority=110 , match=(eth.mcast), action=(next;)
+ table=??(ls_out_pre_acl ), priority=110 , match=(eth.src == $svc_monitor_mac), action=(next;)
+ table=??(ls_out_pre_acl ), priority=110 , match=(ip && outport == "S1-R1"), action=(next;)
+ table=??(ls_out_pre_acl ), priority=110 , match=(nd || nd_rs || nd_ra || mldv1 || mldv2 || (udp && udp.src == 546 && udp.dst == 547)), action=(next;)
])
AT_CLEANUP
@@ -21914,7 +21914,7 @@ wait_row_count nb:Logical_Switch_Port 1 up=false name=sw0-vir
check ovn-nbctl --wait=hv sync
# verify the traffic from virtual port is discarded if the port is not claimed
-AT_CHECK([grep lr_in_gw_redirect lr0-flows2 | grep "ip4.src == 10.0.0.10" | sed 's/table=../table=??/'], [0], [dnl
+AT_CHECK([grep lr_in_gw_redirect lr0-flows2 | grep "ip4.src == 10.0.0.10" | ovn_strip_lflows], [0], [dnl
table=??(lr_in_gw_redirect ), priority=100 , match=(ip4.src == 10.0.0.10 && outport == "lr0-public" && is_chassis_resident("sw0-vir")), action=(eth.src = 10:54:00:00:00:10; reg1 = 172.168.0.50; next;)
table=??(lr_in_gw_redirect ), priority=80 , match=(ip4.src == 10.0.0.10 && outport == "lr0-public"), action=(drop;)
])
@@ -22157,7 +22157,7 @@ ovn-nbctl --wait=hv set logical_switch_port sw0-vir options:virtual-ip=10.0.0.10
check ovn-nbctl --wait=hv sync
ovn-sbctl dump-flows sw0 > sw0-flows3
AT_CAPTURE_FILE([sw0-flows3])
-AT_CHECK([grep ls_in_arp_rsp sw0-flows3 | grep bind_vport | sed 's/table=../table=??/'], [0], [dnl
+AT_CHECK([grep ls_in_arp_rsp sw0-flows3 | grep bind_vport | ovn_strip_lflows], [0], [dnl
table=??(ls_in_arp_rsp ), priority=100 , match=(inport == "sw0-p1" && ((arp.op == 1 && arp.spa == 10.0.0.10 && arp.tpa == 10.0.0.10) || (arp.op == 2 && arp.spa == 10.0.0.10))), action=(bind_vport("sw0-vir", inport); next;)
table=??(ls_in_arp_rsp ), priority=100 , match=(inport == "sw0-p3" && ((arp.op == 1 && arp.spa == 10.0.0.10 && arp.tpa == 10.0.0.10) || (arp.op == 2 && arp.spa == 10.0.0.10))), action=(bind_vport("sw0-vir", inport); next;)
])
@@ -25217,9 +25217,9 @@ AT_CAPTURE_FILE([sbflows3])
ovn-sbctl dump-flows sw0 > sbflows3
AT_CHECK(
[grep "ip4.dst == 10.0.0.10 && tcp.dst == 80" sbflows3 | grep priority=120 |\
- sed 's/table=../table=??/'], [0], [dnl
- table=??(ls_in_pre_stateful ), priority=120 , match=(reg0[[2]] == 1 && ip4.dst == 10.0.0.10 && tcp.dst == 80), action=(reg1 = 10.0.0.10; reg2[[0..15]] = 80; ct_lb_mark;)
+ ovn_strip_lflows], [0], [dnl
table=??(ls_in_lb ), priority=120 , match=(ct.new && ip4.dst == 10.0.0.10 && tcp.dst == 80), action=(drop;)
+ table=??(ls_in_pre_stateful ), priority=120 , match=(reg0[[2]] == 1 && ip4.dst == 10.0.0.10 && tcp.dst == 80), action=(reg1 = 10.0.0.10; reg2[[0..15]] = 80; ct_lb_mark;)
])
AT_CAPTURE_FILE([sbflows4])
@@ -25415,9 +25415,9 @@ AT_CAPTURE_FILE([sbflows3])
ovn-sbctl dump-flows sw0 > sbflows3
AT_CHECK(
[grep "ip6.dst == 2001::a && tcp.dst == 80" sbflows3 | grep priority=120 |\
- sed 's/table=../table=??/'], [0], [dnl
- table=??(ls_in_pre_stateful ), priority=120 , match=(reg0[[2]] == 1 && ip6.dst == 2001::a && tcp.dst == 80), action=(xxreg1 = 2001::a; reg2[[0..15]] = 80; ct_lb_mark;)
+ ovn_strip_lflows], [0], [dnl
table=??(ls_in_lb ), priority=120 , match=(ct.new && ip6.dst == 2001::a && tcp.dst == 80), action=(drop;)
+ table=??(ls_in_pre_stateful ), priority=120 , match=(reg0[[2]] == 1 && ip6.dst == 2001::a && tcp.dst == 80), action=(xxreg1 = 2001::a; reg2[[0..15]] = 80; ct_lb_mark;)
])
AT_CAPTURE_FILE([sbflows4])
@@ -32936,7 +32936,7 @@ AT_CAPTURE_FILE([sbflows])
AT_CHECK([ovn-sbctl dump-flows |
grep ls_in_arp_rsp |
grep "${arp_proxy_ls1[[1]]}" |
- sed 's/table=../table=??/'], [0], [dnl
+ ovn_strip_lflows], [0], [dnl
table=??(ls_in_arp_rsp ), priority=30 , match=(arp.op == 1 && dnl
arp.tpa == {169.254.238.0/24,169.254.239.2/32}), dnl
action=(eth.dst = eth.src; eth.src = 00:00:00:01:02:f1; arp.op = 2; dnl
@@ -32948,7 +32948,7 @@ arp.tpa <-> arp.spa; outport = inport; flags.loopback = 1; output;)
AT_CHECK([ovn-sbctl dump-flows |
grep ls_in_arp_rsp |
grep "${arp_proxy_ls1[[3]]}" |
- sed 's/table=../table=??/'], [0], [dnl
+ ovn_strip_lflows], [0], [dnl
table=??(ls_in_arp_rsp ), priority=30 , dnl
match=(nd_ns && ip6.dst == { fd7b:6b4d:7b25:d22d::/64, ff02::1:ff00:0/64, dnl
fd7b:6b4d:7b25:d22f::1/128, ff02::1:ff00:1/128 } && dnl
@@ -32962,7 +32962,7 @@ flags.loopback = 1; output; };)
AT_CHECK([ovn-sbctl dump-flows |
grep ls_in_arp_rsp |
grep "${arp_proxy_ls2[[2]]}" |
- sed 's/table=../table=??/'], [0], [dnl
+ ovn_strip_lflows], [0], [dnl
table=??(ls_in_arp_rsp ), priority=30 , dnl
match=(arp.op == 1 && arp.tpa == {169.254.236.0/24,169.254.237.2/32}), dnl
action=(eth.dst = eth.src; eth.src = 00:00:00:02:02:f1; arp.op = 2; dnl
@@ -32974,7 +32974,7 @@ arp.tpa <-> arp.spa; outport = inport; flags.loopback = 1; output;)
AT_CHECK([ovn-sbctl dump-flows |
grep ls_in_arp_rsp |
grep "${arp_proxy_ls2[[4]]}" |
- sed 's/table=../table=??/'], [0], [dnl
+ ovn_strip_lflows], [0], [dnl
table=??(ls_in_arp_rsp ), priority=30 , dnl
match=(nd_ns && ip6.dst == { fd7b:6b4d:7b25:d22b::/64, ff02::1:ff00:0/64, dnl
fd7b:6b4d:7b25:d22c::1/128, ff02::1:ff00:1/128 } && dnl
@@ -32988,7 +32988,7 @@ flags.loopback = 1; output; };)
AT_CHECK([ovn-sbctl dump-flows |
grep ls_in_l2_lkup |
grep "${arp_proxy_ls2[[0]]}" |
- sed 's/table=../table=??/'], [0], [dnl
+ ovn_strip_lflows], [0], [dnl
table=??(ls_in_l2_lkup ), priority=50 , dnl
match=(eth.dst == { 00:00:00:02:02:f1, 00:00:00:01:02:f1 }), dnl
action=(outport = "rp-ls2"; output;)
@@ -32998,7 +32998,7 @@ action=(outport = "rp-ls2"; output;)
AT_CHECK([ovn-sbctl dump-flows |
grep lr_in_admission |
grep "${arp_proxy_ls2[[0]]}" |
- sed 's/table=../table=??/'], [0], [dnl
+ ovn_strip_lflows], [0], [dnl
table=??(lr_in_admission ), priority=50 , dnl
match=(eth.dst == { 00:00:00:02:02:f1, 00:00:00:01:02:f1 } && dnl
inport == "ls1"), action=(xreg0[[0..47]] = 00:00:00:01:02:f1; next;)
Replace all usage of "sed 's/table=./table=?/'" or "sed 's/table=../table=??/' with ovn_strip_lflows. Adjust all table=? to table=?? and re-sort the expected flows. Signed-off-by: Ales Musil <amusil@redhat.com> --- tests/ovn-northd.at | 183 ++++++++++++++++++++++---------------------- tests/ovn.at | 24 +++--- 2 files changed, 103 insertions(+), 104 deletions(-)