From patchwork Tue Feb 6 09:40:36 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ales Musil X-Patchwork-Id: 1895600 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=Osxz9sSl; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=2605:bc80:3010::138; helo=smtp1.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=patchwork.ozlabs.org) Received: from smtp1.osuosl.org (smtp1.osuosl.org [IPv6:2605:bc80:3010::138]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4TTdZR2jR7z23g2 for ; Tue, 6 Feb 2024 20:42:23 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id 1BABB821B7; Tue, 6 Feb 2024 09:42:21 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6qMeo_1JGfcb; Tue, 6 Feb 2024 09:42:16 +0000 (UTC) X-Comment: SPF check N/A for local connections - client-ip=2605:bc80:3010:104::8cd3:938; helo=lists.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver= DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org 35920822B5 Authentication-Results: smtp1.osuosl.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=Osxz9sSl Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [IPv6:2605:bc80:3010:104::8cd3:938]) by smtp1.osuosl.org (Postfix) with ESMTPS id 35920822B5; Tue, 6 Feb 2024 09:41:33 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id F2F1DC0DE7; Tue, 6 Feb 2024 09:41:17 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137]) by lists.linuxfoundation.org (Postfix) with ESMTP id 8B124C0DE1 for ; Tue, 6 Feb 2024 09:41:16 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 4580B41F74 for ; Tue, 6 Feb 2024 09:41:16 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 4580B41F74 Authentication-Results: smtp4.osuosl.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=Osxz9sSl X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WQ2OJLYNr8Pj for ; Tue, 6 Feb 2024 09:41:13 +0000 (UTC) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by smtp4.osuosl.org (Postfix) with ESMTPS id ED7EA41E67 for ; Tue, 6 Feb 2024 09:41:02 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org ED7EA41E67 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1707212461; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=m59RyfEo+x3ZMvF7dVz1sZsRtgE++mtm4ujwBu42kJI=; b=Osxz9sSlW12KeuNhEHVHL+NzI+n7clmwPjkkcdPmKhOUveu/FGftTmso8Das+KYHTzKqnO W1Q9DLTl4JWyonK26Qr9sl5S5FR1VfoU1Q8vWMRb+alJWXNg5Xqe6phYbXVXnqOxplY7VN 3Aj/tXNMoA7A2+qJFStw9D/hyS85yQU= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-497-U0lh4M2lPwWHXKDMwN3NTQ-1; Tue, 06 Feb 2024 04:41:00 -0500 X-MC-Unique: U0lh4M2lPwWHXKDMwN3NTQ-1 Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.rdu2.redhat.com [10.11.54.10]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 4C68B101FA0B for ; Tue, 6 Feb 2024 09:41:00 +0000 (UTC) Received: from amusil.brq.redhat.com (unknown [10.43.17.35]) by smtp.corp.redhat.com (Postfix) with ESMTP id CC1B4492BF0; Tue, 6 Feb 2024 09:40:59 +0000 (UTC) From: Ales Musil To: dev@openvswitch.org Date: Tue, 6 Feb 2024 10:40:36 +0100 Message-ID: <20240206094043.530335-23-amusil@redhat.com> In-Reply-To: <20240206094043.530335-1-amusil@redhat.com> References: <20240206094043.530335-1-amusil@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.10 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Subject: [ovs-dev] [PATCH ovn v2 22/29] tests: Add macro for OFTABLE_CHK_OUT_PORT_SEC table number. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" Add macro for OFTABLE_CHK_OUT_PORT_SEC and replace all table=75 occurrences in OF with table=OFTABLE_CHK_OUT_PORT_SEC. Signed-off-by: Ales Musil --- tests/ovn-macros.at | 1 + tests/ovn.at | 121 ++++++++++++++++++++++---------------------- 2 files changed, 62 insertions(+), 60 deletions(-) diff --git a/tests/ovn-macros.at b/tests/ovn-macros.at index d3e027424..29195fc50 100644 --- a/tests/ovn-macros.at +++ b/tests/ovn-macros.at @@ -1005,3 +1005,4 @@ m4_define([OFTABLE_GET_FDB], [71]) m4_define([OFTABLE_LOOKUP_FDB], [72]) m4_define([OFTABLE_CHK_IN_PORT_SEC], [73]) m4_define([OFTABLE_CHK_IN_PORT_SEC_ND], [74]) +m4_define([OFTABLE_CHK_OUT_PORT_SEC], [75]) diff --git a/tests/ovn.at b/tests/ovn.at index e05eef808..2f8aa4840 100644 --- a/tests/ovn.at +++ b/tests/ovn.at @@ -34273,15 +34273,16 @@ sw0p2_key=$(printf "%x" $(fetch_column Port_Binding tunnel_key logical_port=sw0p in_port_sec=OFTABLE_CHK_IN_PORT_SEC in_port_sec_nd=OFTABLE_CHK_IN_PORT_SEC_ND +out_port_sec=OFTABLE_CHK_OUT_PORT_SEC # There should be no flows in table OFTABLE_CHK_IN_PORT_SEC, 74 and 75 in hv1 and hv2 > hv1_t${in_port_sec}_flows.expected > hv1_t${in_port_sec_nd}_flows.expected -> hv1_t75_flows.expected +> hv1_t${out_port_sec}_flows.expected > hv2_t${in_port_sec}_flows.expected > hv2_t${in_port_sec_nd}_flows.expected -> hv2_t75_flows.expected +> hv2_t${out_port_sec}_flows.expected check_port_sec_offlows() { hv=$1 @@ -34293,11 +34294,11 @@ check_port_sec_offlows() { check_port_sec_offlows hv1 OFTABLE_CHK_IN_PORT_SEC check_port_sec_offlows hv1 OFTABLE_CHK_IN_PORT_SEC_ND -check_port_sec_offlows hv1 75 +check_port_sec_offlows hv1 OFTABLE_CHK_OUT_PORT_SEC check_port_sec_offlows hv2 OFTABLE_CHK_IN_PORT_SEC check_port_sec_offlows hv2 OFTABLE_CHK_IN_PORT_SEC_ND -check_port_sec_offlows hv2 75 +check_port_sec_offlows hv2 OFTABLE_CHK_OUT_PORT_SEC # Set port security for sw0p1 check ovn-nbctl --wait=hv lsp-set-port-security sw0p1 "00:00:00:00:00:03" @@ -34319,18 +34320,18 @@ echo " table=OFTABLE_CHK_IN_PORT_SEC_ND, priority=80,arp,reg14=0x$sw0p1_key,meta check_port_sec_offlows hv1 OFTABLE_CHK_IN_PORT_SEC_ND -echo " table=75, priority=80,reg15=0x$sw0p1_key,metadata=0x1 actions=load:0x1->NXM_NX_REG10[[12]] - table=75, priority=85,reg15=0x$sw0p1_key,metadata=0x1,dl_dst=00:00:00:00:00:03 actions=load:0->NXM_NX_REG10[[12]]" > hv1_t75_flows.expected +echo " table=OFTABLE_CHK_OUT_PORT_SEC, priority=80,reg15=0x$sw0p1_key,metadata=0x1 actions=load:0x1->NXM_NX_REG10[[12]] + table=OFTABLE_CHK_OUT_PORT_SEC, priority=85,reg15=0x$sw0p1_key,metadata=0x1,dl_dst=00:00:00:00:00:03 actions=load:0->NXM_NX_REG10[[12]]" > hv1_t${out_port_sec}_flows.expected -check_port_sec_offlows hv1 75 +check_port_sec_offlows hv1 OFTABLE_CHK_OUT_PORT_SEC > hv2_t${in_port_sec}_flows.expected > hv2_t${in_port_sec_nd}_flows.expected -> hv2_t75_flows.expected +> hv2_t${out_port_sec}_flows.expected check_port_sec_offlows hv2 OFTABLE_CHK_IN_PORT_SEC check_port_sec_offlows hv2 OFTABLE_CHK_IN_PORT_SEC_ND -check_port_sec_offlows hv2 75 +check_port_sec_offlows hv2 OFTABLE_CHK_OUT_PORT_SEC # Add IPv4 addresses to sw0p1 check ovn-nbctl --wait=hv lsp-set-port-security sw0p1 "00:00:00:00:00:03 10.0.0.3" "00:00:00:00:00:13 10.0.0.13" @@ -34358,25 +34359,25 @@ echo " table=OFTABLE_CHK_IN_PORT_SEC_ND, priority=80,arp,reg14=0x$sw0p1_key,meta check_port_sec_offlows hv1 OFTABLE_CHK_IN_PORT_SEC_ND -echo " table=75, priority=80,reg15=0x$sw0p1_key,metadata=0x1 actions=load:0x1->NXM_NX_REG10[[12]] - table=75, priority=85,reg15=0x$sw0p1_key,metadata=0x1,dl_dst=00:00:00:00:00:03 actions=load:0->NXM_NX_REG10[[12]] - table=75, priority=85,reg15=0x$sw0p1_key,metadata=0x1,dl_dst=00:00:00:00:00:13 actions=load:0->NXM_NX_REG10[[12]] - table=75, priority=90,ip,reg15=0x$sw0p1_key,metadata=0x1,dl_dst=00:00:00:00:00:03 actions=load:0x1->NXM_NX_REG10[[12]] - table=75, priority=90,ip,reg15=0x$sw0p1_key,metadata=0x1,dl_dst=00:00:00:00:00:13 actions=load:0x1->NXM_NX_REG10[[12]] - table=75, priority=90,ipv6,reg15=0x$sw0p1_key,metadata=0x1,dl_dst=00:00:00:00:00:03 actions=load:0x1->NXM_NX_REG10[[12]] - table=75, priority=90,ipv6,reg15=0x$sw0p1_key,metadata=0x1,dl_dst=00:00:00:00:00:13 actions=load:0x1->NXM_NX_REG10[[12]] - table=75, priority=95,ip,reg15=0x$sw0p1_key,metadata=0x1,dl_dst=00:00:00:00:00:03,nw_dst=10.0.0.3 actions=load:0->NXM_NX_REG10[[12]] - table=75, priority=95,ip,reg15=0x$sw0p1_key,metadata=0x1,dl_dst=00:00:00:00:00:03,nw_dst=224.0.0.0/4 actions=load:0->NXM_NX_REG10[[12]] - table=75, priority=95,ip,reg15=0x$sw0p1_key,metadata=0x1,dl_dst=00:00:00:00:00:03,nw_dst=255.255.255.255 actions=load:0->NXM_NX_REG10[[12]] - table=75, priority=95,ip,reg15=0x$sw0p1_key,metadata=0x1,dl_dst=00:00:00:00:00:13,nw_dst=10.0.0.13 actions=load:0->NXM_NX_REG10[[12]] - table=75, priority=95,ip,reg15=0x$sw0p1_key,metadata=0x1,dl_dst=00:00:00:00:00:13,nw_dst=224.0.0.0/4 actions=load:0->NXM_NX_REG10[[12]] - table=75, priority=95,ip,reg15=0x$sw0p1_key,metadata=0x1,dl_dst=00:00:00:00:00:13,nw_dst=255.255.255.255 actions=load:0->NXM_NX_REG10[[12]]" > hv1_t75_flows.expected - -check_port_sec_offlows hv1 75 +echo " table=OFTABLE_CHK_OUT_PORT_SEC, priority=80,reg15=0x$sw0p1_key,metadata=0x1 actions=load:0x1->NXM_NX_REG10[[12]] + table=OFTABLE_CHK_OUT_PORT_SEC, priority=85,reg15=0x$sw0p1_key,metadata=0x1,dl_dst=00:00:00:00:00:03 actions=load:0->NXM_NX_REG10[[12]] + table=OFTABLE_CHK_OUT_PORT_SEC, priority=85,reg15=0x$sw0p1_key,metadata=0x1,dl_dst=00:00:00:00:00:13 actions=load:0->NXM_NX_REG10[[12]] + table=OFTABLE_CHK_OUT_PORT_SEC, priority=90,ip,reg15=0x$sw0p1_key,metadata=0x1,dl_dst=00:00:00:00:00:03 actions=load:0x1->NXM_NX_REG10[[12]] + table=OFTABLE_CHK_OUT_PORT_SEC, priority=90,ip,reg15=0x$sw0p1_key,metadata=0x1,dl_dst=00:00:00:00:00:13 actions=load:0x1->NXM_NX_REG10[[12]] + table=OFTABLE_CHK_OUT_PORT_SEC, priority=90,ipv6,reg15=0x$sw0p1_key,metadata=0x1,dl_dst=00:00:00:00:00:03 actions=load:0x1->NXM_NX_REG10[[12]] + table=OFTABLE_CHK_OUT_PORT_SEC, priority=90,ipv6,reg15=0x$sw0p1_key,metadata=0x1,dl_dst=00:00:00:00:00:13 actions=load:0x1->NXM_NX_REG10[[12]] + table=OFTABLE_CHK_OUT_PORT_SEC, priority=95,ip,reg15=0x$sw0p1_key,metadata=0x1,dl_dst=00:00:00:00:00:03,nw_dst=10.0.0.3 actions=load:0->NXM_NX_REG10[[12]] + table=OFTABLE_CHK_OUT_PORT_SEC, priority=95,ip,reg15=0x$sw0p1_key,metadata=0x1,dl_dst=00:00:00:00:00:03,nw_dst=224.0.0.0/4 actions=load:0->NXM_NX_REG10[[12]] + table=OFTABLE_CHK_OUT_PORT_SEC, priority=95,ip,reg15=0x$sw0p1_key,metadata=0x1,dl_dst=00:00:00:00:00:03,nw_dst=255.255.255.255 actions=load:0->NXM_NX_REG10[[12]] + table=OFTABLE_CHK_OUT_PORT_SEC, priority=95,ip,reg15=0x$sw0p1_key,metadata=0x1,dl_dst=00:00:00:00:00:13,nw_dst=10.0.0.13 actions=load:0->NXM_NX_REG10[[12]] + table=OFTABLE_CHK_OUT_PORT_SEC, priority=95,ip,reg15=0x$sw0p1_key,metadata=0x1,dl_dst=00:00:00:00:00:13,nw_dst=224.0.0.0/4 actions=load:0->NXM_NX_REG10[[12]] + table=OFTABLE_CHK_OUT_PORT_SEC, priority=95,ip,reg15=0x$sw0p1_key,metadata=0x1,dl_dst=00:00:00:00:00:13,nw_dst=255.255.255.255 actions=load:0->NXM_NX_REG10[[12]]" > hv1_t${out_port_sec}_flows.expected + +check_port_sec_offlows hv1 OFTABLE_CHK_OUT_PORT_SEC check_port_sec_offlows hv2 OFTABLE_CHK_IN_PORT_SEC check_port_sec_offlows hv2 OFTABLE_CHK_IN_PORT_SEC_ND -check_port_sec_offlows hv2 75 +check_port_sec_offlows hv2 OFTABLE_CHK_OUT_PORT_SEC # Configure IPv4 and IPv6 addresses in sw0p2 check ovn-nbctl --wait=hv lsp-set-port-security sw0p2 "00:00:00:00:00:04 10.0.0.4 20.0.0.4/24 30.0.0.0/16 1000::4 2000::/64" "00:00:00:00:00:13 aef0::4" @@ -34384,11 +34385,11 @@ check ovn-nbctl --wait=hv lsp-set-port-security sw0p2 "00:00:00:00:00:04 10.0.0. # There should be no changes in hv1 and hv2 as sw0p2 is not claimed. check_port_sec_offlows hv1 OFTABLE_CHK_IN_PORT_SEC check_port_sec_offlows hv1 OFTABLE_CHK_IN_PORT_SEC_ND -check_port_sec_offlows hv1 75 +check_port_sec_offlows hv1 OFTABLE_CHK_OUT_PORT_SEC check_port_sec_offlows hv2 OFTABLE_CHK_IN_PORT_SEC check_port_sec_offlows hv2 OFTABLE_CHK_IN_PORT_SEC_ND -check_port_sec_offlows hv2 75 +check_port_sec_offlows hv2 OFTABLE_CHK_OUT_PORT_SEC as hv2 ovs-vsctl -- add-port br-int hv2-vif0 -- \ @@ -34398,7 +34399,7 @@ wait_for_ports_up # There should be no changes in hv1 check_port_sec_offlows hv1 OFTABLE_CHK_IN_PORT_SEC check_port_sec_offlows hv1 OFTABLE_CHK_IN_PORT_SEC_ND -check_port_sec_offlows hv1 75 +check_port_sec_offlows hv1 OFTABLE_CHK_OUT_PORT_SEC #hv2 ovn-controller should program flows. echo " table=OFTABLE_CHK_IN_PORT_SEC, priority=80,reg14=0x$sw0p2_key,metadata=0x1 actions=load:0x1->NXM_NX_REG10[[12]] @@ -34443,48 +34444,48 @@ echo " table=OFTABLE_CHK_IN_PORT_SEC_ND, priority=80,arp,reg14=0x$sw0p2_key,meta check_port_sec_offlows hv2 OFTABLE_CHK_IN_PORT_SEC_ND -echo " table=75, priority=80,reg15=0x$sw0p2_key,metadata=0x1 actions=load:0x1->NXM_NX_REG10[[12]] - table=75, priority=85,reg15=0x$sw0p2_key,metadata=0x1,dl_dst=00:00:00:00:00:04 actions=load:0->NXM_NX_REG10[[12]] - table=75, priority=85,reg15=0x$sw0p2_key,metadata=0x1,dl_dst=00:00:00:00:00:13 actions=load:0->NXM_NX_REG10[[12]] - table=75, priority=90,ip,reg15=0x$sw0p2_key,metadata=0x1,dl_dst=00:00:00:00:00:04 actions=load:0x1->NXM_NX_REG10[[12]] - table=75, priority=90,ip,reg15=0x$sw0p2_key,metadata=0x1,dl_dst=00:00:00:00:00:13 actions=load:0x1->NXM_NX_REG10[[12]] - table=75, priority=90,ipv6,reg15=0x$sw0p2_key,metadata=0x1,dl_dst=00:00:00:00:00:04 actions=load:0x1->NXM_NX_REG10[[12]] - table=75, priority=90,ipv6,reg15=0x$sw0p2_key,metadata=0x1,dl_dst=00:00:00:00:00:13 actions=load:0x1->NXM_NX_REG10[[12]] - table=75, priority=95,ip,reg15=0x$sw0p2_key,metadata=0x1,dl_dst=00:00:00:00:00:04,nw_dst=10.0.0.4 actions=load:0->NXM_NX_REG10[[12]] - table=75, priority=95,ip,reg15=0x$sw0p2_key,metadata=0x1,dl_dst=00:00:00:00:00:04,nw_dst=20.0.0.255 actions=load:0->NXM_NX_REG10[[12]] - table=75, priority=95,ip,reg15=0x$sw0p2_key,metadata=0x1,dl_dst=00:00:00:00:00:04,nw_dst=20.0.0.4 actions=load:0->NXM_NX_REG10[[12]] - table=75, priority=95,ip,reg15=0x$sw0p2_key,metadata=0x1,dl_dst=00:00:00:00:00:04,nw_dst=224.0.0.0/4 actions=load:0->NXM_NX_REG10[[12]] - table=75, priority=95,ip,reg15=0x$sw0p2_key,metadata=0x1,dl_dst=00:00:00:00:00:04,nw_dst=255.255.255.255 actions=load:0->NXM_NX_REG10[[12]] - table=75, priority=95,ip,reg15=0x$sw0p2_key,metadata=0x1,dl_dst=00:00:00:00:00:04,nw_dst=30.0.0.0/16 actions=load:0->NXM_NX_REG10[[12]] - table=75, priority=95,ipv6,reg15=0x$sw0p2_key,metadata=0x1,dl_dst=00:00:00:00:00:04,ipv6_dst=1000::4 actions=load:0->NXM_NX_REG10[[12]] - table=75, priority=95,ipv6,reg15=0x$sw0p2_key,metadata=0x1,dl_dst=00:00:00:00:00:04,ipv6_dst=2000::/64 actions=load:0->NXM_NX_REG10[[12]] - table=75, priority=95,ipv6,reg15=0x$sw0p2_key,metadata=0x1,dl_dst=00:00:00:00:00:04,ipv6_dst=fe80::200:ff:fe00:4 actions=load:0->NXM_NX_REG10[[12]] - table=75, priority=95,ipv6,reg15=0x$sw0p2_key,metadata=0x1,dl_dst=00:00:00:00:00:04,ipv6_dst=ff00::/8 actions=load:0->NXM_NX_REG10[[12]] - table=75, priority=95,ipv6,reg15=0x$sw0p2_key,metadata=0x1,dl_dst=00:00:00:00:00:13,ipv6_dst=aef0::4 actions=load:0->NXM_NX_REG10[[12]] - table=75, priority=95,ipv6,reg15=0x$sw0p2_key,metadata=0x1,dl_dst=00:00:00:00:00:13,ipv6_dst=fe80::200:ff:fe00:13 actions=load:0->NXM_NX_REG10[[12]] - table=75, priority=95,ipv6,reg15=0x$sw0p2_key,metadata=0x1,dl_dst=00:00:00:00:00:13,ipv6_dst=ff00::/8 actions=load:0->NXM_NX_REG10[[12]]" > hv2_t75_flows.expected - -check_port_sec_offlows hv2 75 +echo " table=OFTABLE_CHK_OUT_PORT_SEC, priority=80,reg15=0x$sw0p2_key,metadata=0x1 actions=load:0x1->NXM_NX_REG10[[12]] + table=OFTABLE_CHK_OUT_PORT_SEC, priority=85,reg15=0x$sw0p2_key,metadata=0x1,dl_dst=00:00:00:00:00:04 actions=load:0->NXM_NX_REG10[[12]] + table=OFTABLE_CHK_OUT_PORT_SEC, priority=85,reg15=0x$sw0p2_key,metadata=0x1,dl_dst=00:00:00:00:00:13 actions=load:0->NXM_NX_REG10[[12]] + table=OFTABLE_CHK_OUT_PORT_SEC, priority=90,ip,reg15=0x$sw0p2_key,metadata=0x1,dl_dst=00:00:00:00:00:04 actions=load:0x1->NXM_NX_REG10[[12]] + table=OFTABLE_CHK_OUT_PORT_SEC, priority=90,ip,reg15=0x$sw0p2_key,metadata=0x1,dl_dst=00:00:00:00:00:13 actions=load:0x1->NXM_NX_REG10[[12]] + table=OFTABLE_CHK_OUT_PORT_SEC, priority=90,ipv6,reg15=0x$sw0p2_key,metadata=0x1,dl_dst=00:00:00:00:00:04 actions=load:0x1->NXM_NX_REG10[[12]] + table=OFTABLE_CHK_OUT_PORT_SEC, priority=90,ipv6,reg15=0x$sw0p2_key,metadata=0x1,dl_dst=00:00:00:00:00:13 actions=load:0x1->NXM_NX_REG10[[12]] + table=OFTABLE_CHK_OUT_PORT_SEC, priority=95,ip,reg15=0x$sw0p2_key,metadata=0x1,dl_dst=00:00:00:00:00:04,nw_dst=10.0.0.4 actions=load:0->NXM_NX_REG10[[12]] + table=OFTABLE_CHK_OUT_PORT_SEC, priority=95,ip,reg15=0x$sw0p2_key,metadata=0x1,dl_dst=00:00:00:00:00:04,nw_dst=20.0.0.255 actions=load:0->NXM_NX_REG10[[12]] + table=OFTABLE_CHK_OUT_PORT_SEC, priority=95,ip,reg15=0x$sw0p2_key,metadata=0x1,dl_dst=00:00:00:00:00:04,nw_dst=20.0.0.4 actions=load:0->NXM_NX_REG10[[12]] + table=OFTABLE_CHK_OUT_PORT_SEC, priority=95,ip,reg15=0x$sw0p2_key,metadata=0x1,dl_dst=00:00:00:00:00:04,nw_dst=224.0.0.0/4 actions=load:0->NXM_NX_REG10[[12]] + table=OFTABLE_CHK_OUT_PORT_SEC, priority=95,ip,reg15=0x$sw0p2_key,metadata=0x1,dl_dst=00:00:00:00:00:04,nw_dst=255.255.255.255 actions=load:0->NXM_NX_REG10[[12]] + table=OFTABLE_CHK_OUT_PORT_SEC, priority=95,ip,reg15=0x$sw0p2_key,metadata=0x1,dl_dst=00:00:00:00:00:04,nw_dst=30.0.0.0/16 actions=load:0->NXM_NX_REG10[[12]] + table=OFTABLE_CHK_OUT_PORT_SEC, priority=95,ipv6,reg15=0x$sw0p2_key,metadata=0x1,dl_dst=00:00:00:00:00:04,ipv6_dst=1000::4 actions=load:0->NXM_NX_REG10[[12]] + table=OFTABLE_CHK_OUT_PORT_SEC, priority=95,ipv6,reg15=0x$sw0p2_key,metadata=0x1,dl_dst=00:00:00:00:00:04,ipv6_dst=2000::/64 actions=load:0->NXM_NX_REG10[[12]] + table=OFTABLE_CHK_OUT_PORT_SEC, priority=95,ipv6,reg15=0x$sw0p2_key,metadata=0x1,dl_dst=00:00:00:00:00:04,ipv6_dst=fe80::200:ff:fe00:4 actions=load:0->NXM_NX_REG10[[12]] + table=OFTABLE_CHK_OUT_PORT_SEC, priority=95,ipv6,reg15=0x$sw0p2_key,metadata=0x1,dl_dst=00:00:00:00:00:04,ipv6_dst=ff00::/8 actions=load:0->NXM_NX_REG10[[12]] + table=OFTABLE_CHK_OUT_PORT_SEC, priority=95,ipv6,reg15=0x$sw0p2_key,metadata=0x1,dl_dst=00:00:00:00:00:13,ipv6_dst=aef0::4 actions=load:0->NXM_NX_REG10[[12]] + table=OFTABLE_CHK_OUT_PORT_SEC, priority=95,ipv6,reg15=0x$sw0p2_key,metadata=0x1,dl_dst=00:00:00:00:00:13,ipv6_dst=fe80::200:ff:fe00:13 actions=load:0->NXM_NX_REG10[[12]] + table=OFTABLE_CHK_OUT_PORT_SEC, priority=95,ipv6,reg15=0x$sw0p2_key,metadata=0x1,dl_dst=00:00:00:00:00:13,ipv6_dst=ff00::/8 actions=load:0->NXM_NX_REG10[[12]]" > hv2_t${out_port_sec}_flows.expected + +check_port_sec_offlows hv2 OFTABLE_CHK_OUT_PORT_SEC check ovn-nbctl --wait=hv lsp-set-port-security sw0p2 "" check_port_sec_offlows hv1 OFTABLE_CHK_IN_PORT_SEC check_port_sec_offlows hv1 OFTABLE_CHK_IN_PORT_SEC_ND -check_port_sec_offlows hv1 75 +check_port_sec_offlows hv1 OFTABLE_CHK_OUT_PORT_SEC > hv2_t${in_port_sec}_flows.expected > hv2_t${in_port_sec_nd}_flows.expected -> hv2_t75_flows.expected +> hv2_t${out_port_sec}_flows.expected check_port_sec_offlows hv2 OFTABLE_CHK_IN_PORT_SEC check_port_sec_offlows hv2 OFTABLE_CHK_IN_PORT_SEC_ND -check_port_sec_offlows hv2 75 +check_port_sec_offlows hv2 OFTABLE_CHK_OUT_PORT_SEC check ovn-nbctl --wait=hv lsp-set-port-security sw0p2 "00:00:00:00:00:04" check_port_sec_offlows hv1 OFTABLE_CHK_IN_PORT_SEC check_port_sec_offlows hv1 OFTABLE_CHK_IN_PORT_SEC_ND -check_port_sec_offlows hv1 75 +check_port_sec_offlows hv1 OFTABLE_CHK_OUT_PORT_SEC echo " table=OFTABLE_CHK_IN_PORT_SEC, priority=80,reg14=0x$sw0p2_key,metadata=0x1 actions=load:0x1->NXM_NX_REG10[[12]] table=OFTABLE_CHK_IN_PORT_SEC, priority=90,reg14=0x$sw0p2_key,metadata=0x1,dl_src=00:00:00:00:00:04 actions=resubmit(,OFTABLE_CHK_IN_PORT_SEC_ND) @@ -34497,15 +34498,15 @@ check ovn-nbctl --wait=hv lsp-del sw0p2 > hv2_t${in_port_sec}_flows.expected > hv2_t${in_port_sec_nd}_flows.expected -> hv2_t75_flows.expected +> hv2_t${out_port_sec}_flows.expected check_port_sec_offlows hv1 OFTABLE_CHK_IN_PORT_SEC check_port_sec_offlows hv1 OFTABLE_CHK_IN_PORT_SEC_ND -check_port_sec_offlows hv1 75 +check_port_sec_offlows hv1 OFTABLE_CHK_OUT_PORT_SEC check_port_sec_offlows hv2 OFTABLE_CHK_IN_PORT_SEC check_port_sec_offlows hv2 OFTABLE_CHK_IN_PORT_SEC_ND -check_port_sec_offlows hv2 75 +check_port_sec_offlows hv2 OFTABLE_CHK_OUT_PORT_SEC # Release sw0p1 from hv1 as hv1 ovs-vsctl del-port hv1-vif0 @@ -34514,15 +34515,15 @@ wait_column '' Port_Binding chassis logical_port=sw0p1 > hv1_t${in_port_sec}_flows.expected > hv1_t${in_port_sec_nd}_flows.expected -> hv1_t75_flows.expected +> hv1_t${out_port_sec}_flows.expected check_port_sec_offlows hv1 OFTABLE_CHK_IN_PORT_SEC check_port_sec_offlows hv1 OFTABLE_CHK_IN_PORT_SEC_ND -check_port_sec_offlows hv1 75 +check_port_sec_offlows hv1 OFTABLE_CHK_OUT_PORT_SEC check_port_sec_offlows hv2 OFTABLE_CHK_IN_PORT_SEC check_port_sec_offlows hv2 OFTABLE_CHK_IN_PORT_SEC_ND -check_port_sec_offlows hv2 75 +check_port_sec_offlows hv2 OFTABLE_CHK_OUT_PORT_SEC OVN_CLEANUP([hv1], [hv2]) AT_CLEANUP