From patchwork Fri Mar 15 17:38:28 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ales Musil X-Patchwork-Id: 1912665 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=DsdmE1wG; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.137; helo=smtp4.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=patchwork.ozlabs.org) Received: from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4TxBLc5jsWz23rx for ; Sat, 16 Mar 2024 04:38:48 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id D767D41726; Fri, 15 Mar 2024 17:38:45 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VTh7HcSn7Syb; Fri, 15 Mar 2024 17:38:44 +0000 (UTC) X-Comment: SPF check N/A for local connections - client-ip=2605:bc80:3010:104::8cd3:938; helo=lists.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver= DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org ACA9540915 Authentication-Results: smtp4.osuosl.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=DsdmE1wG Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [IPv6:2605:bc80:3010:104::8cd3:938]) by smtp4.osuosl.org (Postfix) with ESMTPS id ACA9540915; Fri, 15 Mar 2024 17:38:44 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 84700C0077; Fri, 15 Mar 2024 17:38:44 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by lists.linuxfoundation.org (Postfix) with ESMTP id 3DE6CC0077 for ; Fri, 15 Mar 2024 17:38:43 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 010D44092F for ; Fri, 15 Mar 2024 17:38:43 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a2EO3Nj90x4X for ; Fri, 15 Mar 2024 17:38:41 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=170.10.133.124; helo=us-smtp-delivery-124.mimecast.com; envelope-from=amusil@redhat.com; receiver= DMARC-Filter: OpenDMARC Filter v1.4.2 smtp4.osuosl.org 85A90407B6 Authentication-Results: smtp4.osuosl.org; dmarc=pass (p=none dis=none) header.from=redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 85A90407B6 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by smtp4.osuosl.org (Postfix) with ESMTPS id 85A90407B6 for ; Fri, 15 Mar 2024 17:38:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1710524320; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=IU4Hy7rRwsO9BrEOwnOSezcfyekXSzdVb/CnDgTO8GY=; b=DsdmE1wGGiWZVwV1jQlNGAHx88yoDHjoGg4iMQZjJq2aFx1M2wInfHk00zVPTmCt6jGOHx 3jMz4uD0T5DXNl9ZPPc6paBQmkiz8thDQ3xl6Q52hV7fb89hu3SJpGVhePsxGSK5HHJPHq rOHsYIh2qEvA/AyjWnJSikP6xKtDfWk= Received: from mimecast-mx02.redhat.com (mx-ext.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-6-BepbT52OPjqHA-qi3zvBFw-1; Fri, 15 Mar 2024 13:38:38 -0400 X-MC-Unique: BepbT52OPjqHA-qi3zvBFw-1 Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.rdu2.redhat.com [10.11.54.10]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 69085380214F for ; Fri, 15 Mar 2024 17:38:38 +0000 (UTC) Received: from amusil.redhat.com (unknown [10.45.224.137]) by smtp.corp.redhat.com (Postfix) with ESMTP id A36E2492BD1; Fri, 15 Mar 2024 17:38:37 +0000 (UTC) From: Ales Musil To: dev@openvswitch.org Date: Fri, 15 Mar 2024 18:38:28 +0100 Message-ID: <20240315173831.747633-2-amusil@redhat.com> In-Reply-To: <20240315173831.747633-1-amusil@redhat.com> References: <20240315173831.747633-1-amusil@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.10 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Subject: [ovs-dev] [PATCH ovn v5 1/4] tests: Remove hardcoded numbers from comments. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" There were some comments left with hardcoded numbers. Even if it wouldn't break any test table shift/change it would just leave the comment outdated. Signed-off-by: Ales Musil Acked-by: Mark Michelson --- v5: Rebase on top of main. v4: Rebase on top of main. Align the northd.at comment with others. --- tests/ovn-northd.at | 2 +- tests/ovn.at | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/ovn-northd.at b/tests/ovn-northd.at index 89aed5adc..7893b0540 100644 --- a/tests/ovn-northd.at +++ b/tests/ovn-northd.at @@ -2144,7 +2144,7 @@ AT_CLEANUP # This test case tests that when a logical switch has load balancers associated # (with VIPs configured), the below logical flow is added by ovn-northd. -# table=1 (ls_out_pre_lb ), priority=100 , match=(ip), action=(reg0[[0]] = 1; next;) +# table=ls_out_pre_lb, priority=100, match=(ip), action=(reg0[[0]] = 1; next;) # This test case is added for the BZ - # https://bugzilla.redhat.com/show_bug.cgi?id=1849162 # diff --git a/tests/ovn.at b/tests/ovn.at index d49f89f30..f8bde6430 100644 --- a/tests/ovn.at +++ b/tests/ovn.at @@ -18499,8 +18499,8 @@ AT_CHECK([cat 2.packets], [0], [expout]) # There should be total of 9 flows present with conjunction action and 2 flows # with conj match. Eg. -# table=44, priority=2001,conj_id=2,metadata=0x1 actions=resubmit(,45) -# table=44, priority=2001,conj_id=3,metadata=0x1 actions=drop +# table=ls_out_acl_eval, priority=2001,conj_id=2,metadata=0x1 actions=resubmit(,ls_out_acl_action) +# table=ls_out_acl_eval, priority=2001,conj_id=3,metadata=0x1 actions=drop # priority=2001,ip,metadata=0x1,nw_dst=10.0.0.6 actions=conjunction(2,2/2) # priority=2001,ip,metadata=0x1,nw_dst=10.0.0.4 actions=conjunction(2,2/2) # priority=2001,ip,metadata=0x1,nw_dst=10.0.0.5 actions=conjunction(2,2/2) @@ -18540,7 +18540,7 @@ AT_CHECK([cat 2.packets], [0], []) # properly. # There should be total of 6 flows present with conjunction action and 1 flow # with conj match. Eg. -# table=44, priority=2001,conj_id=3,metadata=0x1 actions=drop +# table=ls_out_acl_eval, priority=2001,conj_id=3,metadata=0x1 actions=drop # priority=2001,ip,metadata=0x1,nw_dst=10.0.0.7 actions=conjunction(4,2/2) # priority=2001,ip,metadata=0x1,nw_dst=10.0.0.9 actions=conjunction(4,2/2) # priority=2001,ip,metadata=0x1,nw_dst=10.0.0.8 actions=conjunction(4,2/2) @@ -34577,7 +34577,7 @@ in_port_sec=OFTABLE_CHK_IN_PORT_SEC in_port_sec_nd=OFTABLE_CHK_IN_PORT_SEC_ND out_port_sec=OFTABLE_CHK_OUT_PORT_SEC -# There should be no flows in table OFTABLE_CHK_IN_PORT_SEC, 74 and 75 in hv1 and hv2 +# There should be no flows in table OFTABLE_CHK_IN_PORT_SEC, OFTABLE_CHK_IN_PORT_SEC_ND and OFTABLE_CHK_OUT_PORT_SEC in hv1 and hv2 > hv1_t${in_port_sec}_flows.expected > hv1_t${in_port_sec_nd}_flows.expected > hv1_t${out_port_sec}_flows.expected From patchwork Fri Mar 15 17:38:29 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ales Musil X-Patchwork-Id: 1912666 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=HT+MnC8s; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=2605:bc80:3010::137; helo=smtp4.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=patchwork.ozlabs.org) Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4TxBLg6gXbz23rx for ; Sat, 16 Mar 2024 04:38:51 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 50CCB41738; Fri, 15 Mar 2024 17:38:47 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hOWfWUqJBgPG; Fri, 15 Mar 2024 17:38:45 +0000 (UTC) X-Comment: SPF check N/A for local connections - client-ip=140.211.9.56; helo=lists.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver= DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 99BA741737 Authentication-Results: smtp4.osuosl.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=HT+MnC8s Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp4.osuosl.org (Postfix) with ESMTPS id 99BA741737; Fri, 15 Mar 2024 17:38:45 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 3BEF1C0DD0; Fri, 15 Mar 2024 17:38:45 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by lists.linuxfoundation.org (Postfix) with ESMTP id F288BC0077 for ; Fri, 15 Mar 2024 17:38:43 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id D969D8233C for ; Fri, 15 Mar 2024 17:38:43 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x3n_wItTelkm for ; Fri, 15 Mar 2024 17:38:43 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=170.10.129.124; helo=us-smtp-delivery-124.mimecast.com; envelope-from=amusil@redhat.com; receiver= DMARC-Filter: OpenDMARC Filter v1.4.2 smtp1.osuosl.org CCFB18230F Authentication-Results: smtp1.osuosl.org; dmarc=pass (p=none dis=none) header.from=redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org CCFB18230F Authentication-Results: smtp1.osuosl.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=HT+MnC8s Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by smtp1.osuosl.org (Postfix) with ESMTPS id CCFB18230F for ; Fri, 15 Mar 2024 17:38:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1710524321; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=zFB6nHbWEKrHsagUqpOGHeH9IVL1mOT5wQ/dKqS/D74=; b=HT+MnC8sLpUxIDIDaqWUBvB01VCuoKTLC+OmjzGB0QEObYydG14zn//TVw+JRSNhdYvX3M UCOLYhR6nQvoW8ozPI2K5OPbE3Atk1qIbmtnzZwbsf8knKJ7njap4M1b9Edkb/jencRFcL uTpgBnnxO4eIMmLBAeh6K1PVhMIseYA= Received: from mimecast-mx02.redhat.com (mx-ext.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-35-OGtA7jE7MNSkpMZuJahvPA-1; Fri, 15 Mar 2024 13:38:40 -0400 X-MC-Unique: OGtA7jE7MNSkpMZuJahvPA-1 Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.rdu2.redhat.com [10.11.54.10]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id CB9D41C008BE for ; Fri, 15 Mar 2024 17:38:39 +0000 (UTC) Received: from amusil.redhat.com (unknown [10.45.224.137]) by smtp.corp.redhat.com (Postfix) with ESMTP id C24D3492BD1; Fri, 15 Mar 2024 17:38:38 +0000 (UTC) From: Ales Musil To: dev@openvswitch.org Date: Fri, 15 Mar 2024 18:38:29 +0100 Message-ID: <20240315173831.747633-3-amusil@redhat.com> In-Reply-To: <20240315173831.747633-1-amusil@redhat.com> References: <20240315173831.747633-1-amusil@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.10 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Subject: [ovs-dev] [PATCH ovn v5 2/4] checkpatch: Add rule to check for hardcoded table numbers. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" To avoid issues with hardcoded table numbers in future add rule into check patch. The rule is only warning because there are still legitimate use cases and not everything can be abstracted. Signed-off-by: Ales Musil Acked-by: Mark Michelson --- v5: Rebase on top of main. v4: Rebase on top of main. Address comments from Dumitru: - Fix the regex. - Add test for the new check. --- tests/checkpatch.at | 39 +++++++++++++++++++++++++++++++++++++++ utilities/checkpatch.py | 12 ++++++++++++ 2 files changed, 51 insertions(+) diff --git a/tests/checkpatch.at b/tests/checkpatch.at index e7322fff4..6ac0e51f3 100755 --- a/tests/checkpatch.at +++ b/tests/checkpatch.at @@ -605,3 +605,42 @@ try_checkpatch \ Subject: netdev: This is a way to long commit summary and therefor it should report a WARNING!" AT_CLEANUP + +AT_SETUP([checkpatch - hardcoded table numbers]) +try_checkpatch \ + "COMMON_PATCH_HEADER([tests/something.at]) + +table=12(ls_in_hairpin ), priority=1000 , match=(reg0[[14]] == 1), action=(next(pipeline=ingress, table=??);) + " \ + "WARNING: Use of hardcoded table= or resubmit=(,) is discouraged in tests. Consider using MACRO instead. + #8 FILE: tests/something.at:1: + table=12(ls_in_hairpin ), priority=1000 , match=(reg0[[14]] == 1), action=(next(pipeline=ingress, table=??);) +" + +try_checkpatch \ + "COMMON_PATCH_HEADER([tests/something.at]) + +table=??(ls_in_hairpin ), priority=1000 , match=(reg0[[14]] == 1), action=(next(pipeline=ingress, table=13);) + " \ + "WARNING: Use of hardcoded table= or resubmit=(,) is discouraged in tests. Consider using MACRO instead. + #8 FILE: tests/something.at:1: + table=??(ls_in_hairpin ), priority=1000 , match=(reg0[[14]] == 1), action=(next(pipeline=ingress, table=13);) +" + +try_checkpatch \ + "COMMON_PATCH_HEADER([tests/something.at]) + +priority=1100,ip,reg15=0x1,metadata=0x1,nw_src=10.0.0.1 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47) + " \ + "WARNING: Use of hardcoded table= or resubmit=(,) is discouraged in tests. Consider using MACRO instead. + #8 FILE: tests/something.at:1: + priority=1100,ip,reg15=0x1,metadata=0x1,nw_src=10.0.0.1 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47) +" + +try_checkpatch \ + "COMMON_PATCH_HEADER([tests/something.at]) + +C_H_E_C_K([as gw1 ovs-ofctl dump-flows br-int table=42 | grep "dl_dst=00:00:02:01:02:04" | wc -l], [0], [[1]]) + " \ + "WARNING: Use of hardcoded table= or resubmit=(,) is discouraged in tests. Consider using MACRO instead. + #8 FILE: tests/something.at:1: + C_H_E_C_K([as gw1 ovs-ofctl dump-flows br-int table=42 | grep "dl_dst=00:00:02:01:02:04" | wc -l], [0], [[1]]) +" + +AT_CLEANUP diff --git a/utilities/checkpatch.py b/utilities/checkpatch.py index 52d3fa845..35204daa2 100755 --- a/utilities/checkpatch.py +++ b/utilities/checkpatch.py @@ -202,6 +202,7 @@ __regex_if_macros = re.compile(r'^ +(%s) \([\S]([\s\S]+[\S])*\) { +\\' % __parenthesized_constructs) __regex_nonascii_characters = re.compile("[^\u0000-\u007f]") __regex_efgrep = re.compile(r'.*[ef]grep.*$') +__regex_hardcoded_table = re.compile(r'.*(table=[0-9]+)|.*(resubmit\(,[0-9]+\))') skip_leading_whitespace_check = False skip_trailing_whitespace_check = False @@ -371,6 +372,10 @@ def has_efgrep(line): """Returns TRUE if the current line contains 'egrep' or 'fgrep'.""" return __regex_efgrep.match(line) is not None +def has_hardcoded_table(line): + """Return TRUE if the current line contains table= or + resubmit(,)""" + return __regex_hardcoded_table.match(line) is not None def filter_comments(current_line, keep=False): """remove all of the c-style comments in a line""" @@ -656,6 +661,13 @@ checks = [ 'check': lambda x: has_efgrep(x), 'print': lambda: print_error("grep -E/-F should be used instead of egrep/fgrep")}, + + {'regex': r'\.at$', 'match_name': None, + 'check': lambda x: has_hardcoded_table(x), + 'print': + lambda: print_warning("Use of hardcoded table= or" + " resubmit=(,) is discouraged in tests." + " Consider using MACRO instead.")}, ] From patchwork Fri Mar 15 17:38:30 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ales Musil X-Patchwork-Id: 1912667 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=AVAnk09d; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=2605:bc80:3010::138; helo=smtp1.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=patchwork.ozlabs.org) Received: from smtp1.osuosl.org (smtp1.osuosl.org [IPv6:2605:bc80:3010::138]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4TxBLk4Pxnz23rx for ; Sat, 16 Mar 2024 04:38:54 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id 5B9038235E; Fri, 15 Mar 2024 17:38:52 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RPHNWfqlfIGE; Fri, 15 Mar 2024 17:38:49 +0000 (UTC) X-Comment: SPF check N/A for local connections - client-ip=140.211.9.56; helo=lists.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver= DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org 95BFA82350 Authentication-Results: smtp1.osuosl.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=AVAnk09d Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp1.osuosl.org (Postfix) with ESMTPS id 95BFA82350; Fri, 15 Mar 2024 17:38:49 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 56218C007C; Fri, 15 Mar 2024 17:38:49 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by lists.linuxfoundation.org (Postfix) with ESMTP id CD2BDC0037 for ; Fri, 15 Mar 2024 17:38:48 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id B83B54175E for ; Fri, 15 Mar 2024 17:38:48 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FiR9WUdhklJ2 for ; Fri, 15 Mar 2024 17:38:47 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=170.10.133.124; helo=us-smtp-delivery-124.mimecast.com; envelope-from=amusil@redhat.com; receiver= DMARC-Filter: OpenDMARC Filter v1.4.2 smtp4.osuosl.org 06E664174C Authentication-Results: smtp4.osuosl.org; dmarc=pass (p=none dis=none) header.from=redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 06E664174C Authentication-Results: smtp4.osuosl.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=AVAnk09d Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by smtp4.osuosl.org (Postfix) with ESMTPS id 06E664174C for ; Fri, 15 Mar 2024 17:38:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1710524325; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=KdMRB5mbOlq8Znq5dOkwifeQoJwTVBzM7CN2mTA+mbY=; b=AVAnk09dWiQYv1mMkmTC6S+gJd0PNasKurzP7cePcPZkGb94TpfEArJilzNHWROI7snXqI VMTVv6Dhh8g5Sc8Q0Hx6w9seJ2nmakJof5jlYIdhyURrXwGOHeuzGLPe1HDM8pSyJohPHs s3MZCGmJIF1Rr3hs/Im6BshPX/u/2N0= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-414-wYOaIzCXNUSeX-AkeVBhHQ-1; Fri, 15 Mar 2024 13:38:41 -0400 X-MC-Unique: wYOaIzCXNUSeX-AkeVBhHQ-1 Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.rdu2.redhat.com [10.11.54.10]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id EAD9110189AD for ; Fri, 15 Mar 2024 17:38:40 +0000 (UTC) Received: from amusil.redhat.com (unknown [10.45.224.137]) by smtp.corp.redhat.com (Postfix) with ESMTP id 1ED08492BD1; Fri, 15 Mar 2024 17:38:39 +0000 (UTC) From: Ales Musil To: dev@openvswitch.org Date: Fri, 15 Mar 2024 18:38:30 +0100 Message-ID: <20240315173831.747633-4-amusil@redhat.com> In-Reply-To: <20240315173831.747633-1-amusil@redhat.com> References: <20240315173831.747633-1-amusil@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.10 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Subject: [ovs-dev] [PATCH ovn v5 3/4] utilities: Add ovn-debug binary tool. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" Add ovn-debug binary tool that can be extended with commands that might be useful for tests/debugging of OVN environment. Currently the tool supports only two commands: 1) "lflow-stage-to-ltable STAGE_NAME" that converts stage name into logical flow table id. 2) "lflow-stage-to-oftable STAGE_NAME" that converts stage name into OpenFlow table id. For now it will be used in tests to get rid remaining hardcoded table numbers. Signed-off-by: Ales Musil Acked-by: Mark Michelson --- v5: Rebase on top current main. v4: Rebase on top current main. Address nit from Dumitru. --- NEWS | 5 ++ README.rst | 1 + debian/ovn-common.install | 1 + debian/ovn-common.manpages | 1 + rhel/ovn-fedora.spec.in | 2 + utilities/.gitignore | 2 + utilities/automake.mk | 10 ++- utilities/ovn-debug.8.xml | 28 +++++++ utilities/ovn-debug.c | 155 +++++++++++++++++++++++++++++++++++++ 9 files changed, 204 insertions(+), 1 deletion(-) create mode 100644 utilities/ovn-debug.8.xml create mode 100644 utilities/ovn-debug.c diff --git a/NEWS b/NEWS index 125fde500..c2e01bfe7 100644 --- a/NEWS +++ b/NEWS @@ -5,6 +5,11 @@ Post v24.03.0 cloned to all unknown ports connected to the same Logical Switch. - Added a new logical switch port option "disable_arp_nd_rsp" to disable adding the ARP responder flows if set to true. + - Add ovn-debug tool containing two commands. + "lflow-stage-to-ltable STAGE_NAME" that converts stage name into logical + flow table id. + "lflow-stage-to-oftable STAGE_NAME" that converts stage name into OpenFlow + table id. OVN v24.03.0 - 01 Mar 2024 -------------------------- diff --git a/README.rst b/README.rst index 6fb717742..428cd8ee8 100644 --- a/README.rst +++ b/README.rst @@ -56,6 +56,7 @@ The main components of this distribution are: - ovn-sbctl, a tool for interfacing with the southbound database. - ovn-trace, a debugging utility that allows for tracing of packets through the logical network. +- ovn-debug, a tool to simplify debugging of OVN setup. - Scripts and specs for building RPMs. What other documentation is available? diff --git a/debian/ovn-common.install b/debian/ovn-common.install index 050d1c63a..fc48f07e4 100644 --- a/debian/ovn-common.install +++ b/debian/ovn-common.install @@ -5,6 +5,7 @@ usr/bin/ovn-ic-nbctl usr/bin/ovn-ic-sbctl usr/bin/ovn-trace usr/bin/ovn_detrace.py +usr/bin/ovn-debug usr/share/ovn/scripts/ovn-ctl usr/share/ovn/scripts/ovndb-servers.ocf usr/share/ovn/scripts/ovn-lib diff --git a/debian/ovn-common.manpages b/debian/ovn-common.manpages index 1fa3d9cb3..e864512e3 100644 --- a/debian/ovn-common.manpages +++ b/debian/ovn-common.manpages @@ -11,3 +11,4 @@ utilities/ovn-ic-nbctl.8 utilities/ovn-ic-sbctl.8 utilities/ovn-trace.8 utilities/ovn-detrace.1 +utilities/ovn-debug.8 diff --git a/rhel/ovn-fedora.spec.in b/rhel/ovn-fedora.spec.in index 03c1f27c5..670f1ca9e 100644 --- a/rhel/ovn-fedora.spec.in +++ b/rhel/ovn-fedora.spec.in @@ -495,6 +495,7 @@ fi %{_bindir}/ovn-appctl %{_bindir}/ovn-ic-nbctl %{_bindir}/ovn-ic-sbctl +%{_bindir}/ovn-debug %{_datadir}/ovn/scripts/ovn-ctl %{_datadir}/ovn/scripts/ovn-lib %{_datadir}/ovn/scripts/ovndb-servers.ocf @@ -515,6 +516,7 @@ fi %{_mandir}/man8/ovn-ic.8* %{_mandir}/man5/ovn-ic-nb.5* %{_mandir}/man5/ovn-ic-sb.5* +%{_mandir}/man8/ovn-debug.8* %{_prefix}/lib/ocf/resource.d/ovn/ovndb-servers %config(noreplace) %{_sysconfdir}/logrotate.d/ovn %{_unitdir}/ovn-db@.service diff --git a/utilities/.gitignore b/utilities/.gitignore index da237563b..3ae97b00f 100644 --- a/utilities/.gitignore +++ b/utilities/.gitignore @@ -13,6 +13,8 @@ /ovn-trace.8 /ovn_detrace.py /ovn-detrace.1 +/ovn-debug +/ovn-debug.8 /ovn-docker-overlay-driver /ovn-docker-underlay-driver /ovn-lib diff --git a/utilities/automake.mk b/utilities/automake.mk index ebb74ec34..de4f6efb5 100644 --- a/utilities/automake.mk +++ b/utilities/automake.mk @@ -11,7 +11,8 @@ man_MANS += \ utilities/ovn-ic-sbctl.8 \ utilities/ovn-trace.8 \ utilities/ovn-detrace.1 \ - utilities/ovn-appctl.8 + utilities/ovn-appctl.8 \ + utilities/ovn-debug.8 MAN_ROOTS += \ utilities/ovn-detrace.1.in @@ -34,6 +35,7 @@ EXTRA_DIST += \ utilities/ovn-ic-sbctl.8.xml \ utilities/ovn-appctl.8.xml \ utilities/ovn-trace.8.xml \ + utilities/ovn-debug.8.xml \ utilities/ovn_detrace.py.in \ utilities/ovndb-servers.ocf \ utilities/checkpatch.py \ @@ -63,6 +65,7 @@ CLEANFILES += \ utilities/ovn-ic-nbctl.8 \ utilities/ovn-ic-sbctl.8 \ utilities/ovn-trace.8 \ + utilities/ovn-debug.8 \ utilities/ovn-detrace.1 \ utilities/ovn-detrace \ utilities/ovn_detrace.py \ @@ -120,4 +123,9 @@ UNINSTALL_LOCAL += ovn-detrace-uninstall ovn-detrace-uninstall: rm -f $(DESTDIR)$(bindir)/ovn-detrace +# ovn-debug +bin_PROGRAMS += utilities/ovn-debug +utilities_ovn_debug_SOURCES = utilities/ovn-debug.c +utilities_ovn_debug_LDADD = lib/libovn.la $(OVSDB_LIBDIR)/libovsdb.la $(OVS_LIBDIR)/libopenvswitch.la + include utilities/bugtool/automake.mk diff --git a/utilities/ovn-debug.8.xml b/utilities/ovn-debug.8.xml new file mode 100644 index 000000000..bdd208328 --- /dev/null +++ b/utilities/ovn-debug.8.xml @@ -0,0 +1,28 @@ + + +

Name

+

ovn-debug -- Open Virtual Network debug tool

+ +

Synopsis

+

ovn-debug COMMAND [ARG...]

+ +

Description

+

+ ovn-debug, OVN debug tool, is a tool to help with + debugging of OVN setup. +

+ +

Commands

+
+
lflow-stage-to-ltable STAGE_NAME
+
+ Convert the logical flow stage name e.g. ls_in_lb into + the logical flow table number e.g. 13. +
+
lflow-stage-to-oftable STAGE_NAME
+
+ Convert the logical flow stage name e.g. ls_in_lb into + the OpenFlow table number e.g. 21. +
+
+ diff --git a/utilities/ovn-debug.c b/utilities/ovn-debug.c new file mode 100644 index 000000000..0cec9f671 --- /dev/null +++ b/utilities/ovn-debug.c @@ -0,0 +1,155 @@ +/* Copyright (c) 2024, Red Hat, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include +#include + +#include "command-line.h" +#include "controller/lflow.h" +#include "northd/northd.h" +#include "ovn-util.h" + +struct ovn_lflow_stage { + const char *name; + uint8_t table_id; + enum ovn_pipeline pipeline; +}; + +static const struct ovn_lflow_stage ovn_lflow_stages[] = { +#define PIPELINE_STAGE(DP_TYPE, PIPELINE, STAGE, TABLE, NAME) \ + (struct ovn_lflow_stage) { \ + .name = NAME, \ + .table_id = TABLE, \ + .pipeline = P_##PIPELINE, \ + }, + PIPELINE_STAGES +#undef PIPELINE_STAGE +}; + +static const struct ovn_lflow_stage * +ovn_lflow_stage_find_by_name(const char *name) +{ + + for (size_t i = 0; i < ARRAY_SIZE(ovn_lflow_stages); i++) { + const struct ovn_lflow_stage *stage = &ovn_lflow_stages[i]; + if (!strcmp(stage->name, name)) { + return stage; + } + } + + return NULL; +} + +static void +lflow_stage_to_table(struct ovs_cmdl_context *ctx) +{ + const char *name = ctx->argv[1]; + const struct ovn_lflow_stage *stage = ovn_lflow_stage_find_by_name(name); + + if (!stage) { + ovs_fatal(0, "Couldn't find OVN logical flow stage with name \"%s\"", + name); + } + + uint8_t table = stage->table_id; + + if (!strcmp("lflow-stage-to-oftable", ctx->argv[0])) { + table += stage->pipeline == P_IN + ? OFTABLE_LOG_INGRESS_PIPELINE + : OFTABLE_LOG_EGRESS_PIPELINE; + } + + printf("%"PRIu8"\n", table); + exit(EXIT_SUCCESS); +} + + +static void +usage(void) +{ + printf("\ +%s: OVN debug utility\n\ +usage: %s COMMAND [ARG...]\n\ +\n\ +lflow-stage-to-ltable STAGE_NAME\n\ + Converts STAGE_NAME into logical flow table number.\n\ +lflow-stage-to-oftable STAGE_NAME\n\ + Converts STAGE_NAME into OpenFlow table number.\n\ +\n\ +Options:\n\ + -h, --help display this help message\n\ + -V, --version display version information\n", + program_name, program_name); + exit(EXIT_SUCCESS); +} + +static void +help(struct ovs_cmdl_context *ctx OVS_UNUSED) +{ + usage(); +} + +int +main(int argc, char *argv[]) +{ + static const struct option long_options[] = { + {"help", no_argument, NULL, 'h'}, + {"version", no_argument, NULL, 'V'}, + {NULL, 0, NULL, 0}, + }; + char *short_options = ovs_cmdl_long_options_to_short_options(long_options); + + ovn_set_program_name(argv[0]); + + for (;;) { + int option_index = 0; + int c = getopt_long(argc, argv, short_options, long_options, + &option_index); + + if (c == -1) { + break; + } + switch (c) { + case 'V': + ovn_print_version(0, 0); + exit(EXIT_SUCCESS); + + case 'h': + usage(); + /* fall through */ + + case '?': + exit(1); + + default: + ovs_abort(0, "Invalid option."); + } + } + free(short_options); + + static const struct ovs_cmdl_command commands[] = { + {"lflow-stage-to-oftable", NULL, 1, 1, lflow_stage_to_table, + OVS_RO}, + {"lflow-stage-to-ltable", NULL, 1, 1, lflow_stage_to_table, + OVS_RO}, + { "help", NULL, 0, INT_MAX, help, OVS_RO }, + {NULL, NULL, 0, 0, NULL, OVS_RO}, + }; + struct ovs_cmdl_context ctx; + ctx.argc = argc - optind; + ctx.argv = argv + optind; + ovs_cmdl_run_command(&ctx, commands); +} From patchwork Fri Mar 15 17:38:31 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ales Musil X-Patchwork-Id: 1912668 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=d4ujKjxr; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=2605:bc80:3010::137; helo=smtp4.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=patchwork.ozlabs.org) Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4TxBM04dW6z23rx for ; Sat, 16 Mar 2024 04:39:08 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id C81364179D; Fri, 15 Mar 2024 17:39:06 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id psXi-UR2NgxT; Fri, 15 Mar 2024 17:38:59 +0000 (UTC) X-Comment: SPF check N/A for local connections - client-ip=140.211.9.56; helo=lists.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver= DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 4644B41763 Authentication-Results: smtp4.osuosl.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=d4ujKjxr Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp4.osuosl.org (Postfix) with ESMTPS id 4644B41763; Fri, 15 Mar 2024 17:38:59 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 1448BC0DCF; Fri, 15 Mar 2024 17:38:59 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp1.osuosl.org (smtp1.osuosl.org [IPv6:2605:bc80:3010::138]) by lists.linuxfoundation.org (Postfix) with ESMTP id 1ABF8C0DCF for ; Fri, 15 Mar 2024 17:38:57 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id 5A4F782360 for ; Fri, 15 Mar 2024 17:38:51 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CkVVU5XpBMz1 for ; Fri, 15 Mar 2024 17:38:46 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=170.10.129.124; helo=us-smtp-delivery-124.mimecast.com; envelope-from=amusil@redhat.com; receiver= DMARC-Filter: OpenDMARC Filter v1.4.2 smtp1.osuosl.org 0527C8230D Authentication-Results: smtp1.osuosl.org; dmarc=pass (p=none dis=none) header.from=redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org 0527C8230D Authentication-Results: smtp1.osuosl.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=d4ujKjxr Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by smtp1.osuosl.org (Postfix) with ESMTPS id 0527C8230D for ; Fri, 15 Mar 2024 17:38:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1710524324; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=jDnJz2c1rPL/8Or9NpP+hCEqSrW5OPpHzSXntu0Tpm0=; b=d4ujKjxrp53tPtvk9BfKb/1RO23wZ3pmHQyARXuaXGWxH0teTRusGgOujoeVc/EEJmadc7 dDpud+woW6ZHPvRQZFi/wnNgfCSa1Od224bUXQBVY1TiVbkfZdRwRF8CLrdv4kTAhW7z1s kfm6xXaFrIc2y0ECbyI1tCec+aHJinw= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-447--ERstxTEO1mhQiNXnE5F0Q-1; Fri, 15 Mar 2024 13:38:42 -0400 X-MC-Unique: -ERstxTEO1mhQiNXnE5F0Q-1 Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.rdu2.redhat.com [10.11.54.10]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 9B3468007A7 for ; Fri, 15 Mar 2024 17:38:42 +0000 (UTC) Received: from amusil.redhat.com (unknown [10.45.224.137]) by smtp.corp.redhat.com (Postfix) with ESMTP id 3DB47492BD0; Fri, 15 Mar 2024 17:38:41 +0000 (UTC) From: Ales Musil To: dev@openvswitch.org Date: Fri, 15 Mar 2024 18:38:31 +0100 Message-ID: <20240315173831.747633-5-amusil@redhat.com> In-Reply-To: <20240315173831.747633-1-amusil@redhat.com> References: <20240315173831.747633-1-amusil@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.10 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Subject: [ovs-dev] [PATCH ovn v5 4/4] tests: Use the ovn-debug binary to determine table numbers. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" Use the ovn-debug commands to determine OpenFlow table numbers based on stage name. With this there is no need to hardcode them and it should be future proof for stage shifts/updates. Signed-off-by: Ales Musil Acked-by: Mark Michelson --- v5: Rebase on top of main. v4: Rebase on top of main. Add ack from Mark. --- tests/ovn-controller.at | 342 +++++++++++++++++++--------------- tests/ovn.at | 389 ++++++++++++++++++++++----------------- tests/system-ovn-kmod.at | 16 +- tests/system-ovn.at | 20 +- 4 files changed, 438 insertions(+), 329 deletions(-) diff --git a/tests/ovn-controller.at b/tests/ovn-controller.at index 37f1ded1b..fdcc5aab2 100644 --- a/tests/ovn-controller.at +++ b/tests/ovn-controller.at @@ -941,6 +941,10 @@ check ovn-nbctl lsp-add ls1 ls1-lp1 \ wait_for_ports_up ovn-appctl -t ovn-controller vlog/set file:dbg +# Get the OF table numbers +acl_eval=$(ovn-debug lflow-stage-to-oftable ls_out_acl_eval) +acl_action=$(ovn-debug lflow-stage-to-oftable ls_out_acl_action) + dp_key=$(printf "%x" $(fetch_column datapath tunnel_key external_ids:name=ls1)) port_key=$(printf "%x" $(fetch_column port_binding tunnel_key logical_port=ls1-lp1)) @@ -958,14 +962,14 @@ for i in $(seq 10); do check ovn-nbctl add address_set as1 addresses 10.0.0.$i check ovn-nbctl --wait=hv sync if test "$i" = 3; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | sort], [0], [dnl -priority=1100,ip,reg15=0x1,metadata=0x1,nw_src=10.0.0.1 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47) -priority=1100,ip,reg15=0x1,metadata=0x1,nw_src=10.0.0.2 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47) -priority=1100,ip,reg15=0x1,metadata=0x1,nw_src=10.0.0.3 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47) +priority=1100,ip,reg15=0x1,metadata=0x1,nw_src=10.0.0.1 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action) +priority=1100,ip,reg15=0x1,metadata=0x1,nw_src=10.0.0.2 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action) +priority=1100,ip,reg15=0x1,metadata=0x1,nw_src=10.0.0.3 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action) ]) fi - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46 | grep -c "priority=1100"], [0], [$i + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c "priority=1100"], [0], [$i ]) done @@ -980,15 +984,15 @@ for i in $(seq 10); do check ovn-nbctl remove address_set as1 addresses 10.0.0.$i check ovn-nbctl --wait=hv sync if test "$i" = 9; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}'], [0], [dnl -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.10 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.10 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action) ]) fi if test "$i" = 10; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46 | grep "priority=1100"], [1], [ignore]) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval | grep "priority=1100"], [1], [ignore]) else - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46 | grep -c "priority=1100"], [0], [$((10 - $i)) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c "priority=1100"], [0], [$((10 - $i)) ]) fi done @@ -1006,17 +1010,17 @@ for i in $(seq 10); do check ovn-nbctl add address_set as1 addresses 10.0.0.$i,10.0.1.$i check ovn-nbctl --wait=hv sync if test "$i" = 3; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | sort], [0], [dnl -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47) -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.2 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47) -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.3 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47) -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.1.1 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47) -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.1.2 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47) -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.1.3 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.2 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.3 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.1.1 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.1.2 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.1.3 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action) ]) fi - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46 | grep -c "priority=1100"], [0], [$(($i * 2)) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c "priority=1100"], [0], [$(($i * 2)) ]) done @@ -1033,11 +1037,11 @@ reprocess_count_old=$(read_counter consider_logical_flow) check ovn-nbctl add address_set as1 addresses 10.0.0.21,10.0.0.22 -- \ remove address_set as1 addresses 10.0.0.10 check ovn-nbctl --wait=hv sync -AT_CHECK([ovs-ofctl dump-flows br-int table=46 | grep -c 10\.0\.0\.21], [0], [1 +AT_CHECK([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c 10\.0\.0\.21], [0], [1 ]) -AT_CHECK([ovs-ofctl dump-flows br-int table=46 | grep -c 10\.0\.0\.22], [0], [1 +AT_CHECK([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c 10\.0\.0\.22], [0], [1 ]) -AT_CHECK([ovs-ofctl dump-flows br-int table=46 | grep 10\.0\.0\.10], [1], [ignore]) +AT_CHECK([ovs-ofctl dump-flows br-int table=$acl_eval | grep 10\.0\.0\.10], [1], [ignore]) reprocess_count_new=$(read_counter consider_logical_flow) AT_CHECK([echo $(($reprocess_count_new - $reprocess_count_old))], [0], [0 @@ -1049,9 +1053,9 @@ reprocess_count_old=$(read_counter consider_logical_flow) check ovn-nbctl remove address_set as1 addresses 10.0.0.21,10.0.0.22 -- \ add address_set as1 addresses 10.0.0.10 check ovn-nbctl --wait=hv sync -AT_CHECK([ovs-ofctl dump-flows br-int table=46 | grep 10\.0\.0\.21], [1], [ignore]) -AT_CHECK([ovs-ofctl dump-flows br-int table=46 | grep 10\.0\.0\.22], [1], [ignore]) -AT_CHECK([ovs-ofctl dump-flows br-int table=46 | grep -c 10\.0\.0\.10], [0], [1 +AT_CHECK([ovs-ofctl dump-flows br-int table=$acl_eval | grep 10\.0\.0\.21], [1], [ignore]) +AT_CHECK([ovs-ofctl dump-flows br-int table=$acl_eval | grep 10\.0\.0\.22], [1], [ignore]) +AT_CHECK([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c 10\.0\.0\.10], [0], [1 ]) reprocess_count_new=$(read_counter consider_logical_flow) @@ -1064,9 +1068,9 @@ reprocess_count_old=$(read_counter consider_logical_flow) check ovn-nbctl add address_set as1 addresses 10.0.0.21 -- \ remove address_set as1 addresses 10.0.0.10 check ovn-nbctl --wait=hv sync -AT_CHECK([ovs-ofctl dump-flows br-int table=46 | grep -c 10\.0\.0\.21], [0], [1 +AT_CHECK([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c 10\.0\.0\.21], [0], [1 ]) -AT_CHECK([ovs-ofctl dump-flows br-int table=46 | grep 10\.0\.0\.10], [1], [ignore]) +AT_CHECK([ovs-ofctl dump-flows br-int table=$acl_eval | grep 10\.0\.0\.10], [1], [ignore]) reprocess_count_new=$(read_counter consider_logical_flow) AT_CHECK([echo $(($reprocess_count_new - $reprocess_count_old))], [0], [0 @@ -1078,12 +1082,12 @@ reprocess_count_old=$(read_counter consider_logical_flow) check ovn-nbctl add address_set as1 addresses 10.0.0.22,10.0.0.23 -- \ remove address_set as1 addresses 10.0.0.9,10.0.0.8 check ovn-nbctl --wait=hv sync -AT_CHECK([ovs-ofctl dump-flows br-int table=46 | grep -c 10\.0\.0\.22], [0], [1 +AT_CHECK([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c 10\.0\.0\.22], [0], [1 ]) -AT_CHECK([ovs-ofctl dump-flows br-int table=46 | grep -c 10\.0\.0\.23], [0], [1 +AT_CHECK([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c 10\.0\.0\.23], [0], [1 ]) -AT_CHECK([ovs-ofctl dump-flows br-int table=46 | grep 10\.0\.0\.8], [1], [ignore]) -AT_CHECK([ovs-ofctl dump-flows br-int table=46 | grep 10\.0\.0\.9], [1], [ignore]) +AT_CHECK([ovs-ofctl dump-flows br-int table=$acl_eval | grep 10\.0\.0\.8], [1], [ignore]) +AT_CHECK([ovs-ofctl dump-flows br-int table=$acl_eval | grep 10\.0\.0\.9], [1], [ignore]) reprocess_count_new=$(read_counter consider_logical_flow) AT_CHECK([echo $(($reprocess_count_new - $reprocess_count_old))], [0], [0 @@ -1114,6 +1118,10 @@ check ovn-nbctl lsp-add ls1 ls1-lp1 \ wait_for_ports_up ovn-appctl -t ovn-controller vlog/set file:dbg +# Get the OF table numbers +acl_eval=$(ovn-debug lflow-stage-to-oftable ls_out_acl_eval) +acl_action=$(ovn-debug lflow-stage-to-oftable ls_out_acl_action) + dp_key=$(printf "%x" $(fetch_column datapath tunnel_key external_ids:name=ls1)) port_key=$(printf "%x" $(fetch_column port_binding tunnel_key logical_port=ls1-lp1)) @@ -1131,24 +1139,24 @@ for i in $(seq 10); do check ovn-nbctl add address_set as1 addresses 10.0.0.$i check ovn-nbctl --wait=hv sync if test "$i" = 1; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | sort], [0], [dnl -priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1,tp_dst=111 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47) -priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1,tp_dst=222 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47) -priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1,tp_dst=333 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47) +priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1,tp_dst=111 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action) +priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1,tp_dst=222 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action) +priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1,tp_dst=333 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action) ]) else # (1 conj_id flow + 3 tp_dst flows) = 4 extra flows - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46 | grep -c "priority=1100"], [0], [$(($i + 4)) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c "priority=1100"], [0], [$(($i + 4)) ]) fi if test "$i" = 3; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | \ sed -r 's/conjunction.*,/conjunction,/' | \ sed -r 's/conj_id=.*,metadata/conj_id=,metadata/' | sort], [0], [dnl -priority=1100,conj_id=,metadata=0x$dp_key actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47) +priority=1100,conj_id=,metadata=0x$dp_key actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action) priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1 actions=conjunction,1/2) priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.2 actions=conjunction,1/2) priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.3 actions=conjunction,1/2) @@ -1170,17 +1178,17 @@ for i in $(seq 10); do check ovn-nbctl remove address_set as1 addresses 10.0.0.$i check ovn-nbctl --wait=hv sync if test "$i" = 10; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46 | grep "priority=1100"], [1], [ignore]) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval | grep "priority=1100"], [1], [ignore]) elif test "$i" = 9; then # no conjunction left - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | sort], [0], [dnl -priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.10,tp_dst=111 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47) -priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.10,tp_dst=222 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47) -priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.10,tp_dst=333 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47) +priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.10,tp_dst=111 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action) +priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.10,tp_dst=222 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action) +priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.10,tp_dst=333 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action) ]) else - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46 | grep -c "priority=1100"], [0], [$((14 - $i)) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c "priority=1100"], [0], [$((14 - $i)) ]) fi done @@ -1196,11 +1204,11 @@ for i in $(seq 10); do check ovn-nbctl add address_set as1 addresses 10.0.0.$i,10.0.1.$i check ovn-nbctl --wait=hv sync if test "$i" = 3; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | \ sed -r 's/conjunction.*,/conjunction,/' | \ sed -r 's/conj_id=.*,metadata/conj_id=,metadata/' | sort], [0], [dnl -priority=1100,conj_id=,metadata=0x$dp_key actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47) +priority=1100,conj_id=,metadata=0x$dp_key actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action) priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1 actions=conjunction,1/2) priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.2 actions=conjunction,1/2) priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.3 actions=conjunction,1/2) @@ -1212,7 +1220,7 @@ priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,tp_dst=222 actions=conjun priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,tp_dst=333 actions=conjunction,2/2) ]) fi - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46 | grep -c "priority=1100"], [0], [$(($i * 2 + 4)) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c "priority=1100"], [0], [$(($i * 2 + 4)) ]) done @@ -1228,11 +1236,11 @@ reprocess_count_old=$(read_counter consider_logical_flow) check ovn-nbctl add address_set as1 addresses 10.0.0.21,10.0.0.22 -- \ remove address_set as1 addresses 10.0.0.10 check ovn-nbctl --wait=hv sync -AT_CHECK([ovs-ofctl dump-flows br-int table=46 | grep -c 10\.0\.0\.21], [0], [1 +AT_CHECK([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c 10\.0\.0\.21], [0], [1 ]) -AT_CHECK([ovs-ofctl dump-flows br-int table=46 | grep -c 10\.0\.0\.22], [0], [1 +AT_CHECK([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c 10\.0\.0\.22], [0], [1 ]) -AT_CHECK([ovs-ofctl dump-flows br-int table=46 | grep 10\.0\.0\.10], [1], [ignore]) +AT_CHECK([ovs-ofctl dump-flows br-int table=$acl_eval | grep 10\.0\.0\.10], [1], [ignore]) reprocess_count_new=$(read_counter consider_logical_flow) AT_CHECK([echo $(($reprocess_count_new - $reprocess_count_old))], [0], [0 @@ -1244,9 +1252,9 @@ reprocess_count_old=$(read_counter consider_logical_flow) check ovn-nbctl remove address_set as1 addresses 10.0.0.21,10.0.0.22 -- \ add address_set as1 addresses 10.0.0.10 check ovn-nbctl --wait=hv sync -AT_CHECK([ovs-ofctl dump-flows br-int table=46 | grep 10\.0\.0\.21], [1], [ignore]) -AT_CHECK([ovs-ofctl dump-flows br-int table=46 | grep 10\.0\.0\.22], [1], [ignore]) -AT_CHECK([ovs-ofctl dump-flows br-int table=46 | grep -c 10\.0\.0\.10], [0], [1 +AT_CHECK([ovs-ofctl dump-flows br-int table=$acl_eval | grep 10\.0\.0\.21], [1], [ignore]) +AT_CHECK([ovs-ofctl dump-flows br-int table=$acl_eval | grep 10\.0\.0\.22], [1], [ignore]) +AT_CHECK([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c 10\.0\.0\.10], [0], [1 ]) reprocess_count_new=$(read_counter consider_logical_flow) @@ -1259,9 +1267,9 @@ reprocess_count_old=$(read_counter consider_logical_flow) check ovn-nbctl add address_set as1 addresses 10.0.0.21 -- \ remove address_set as1 addresses 10.0.0.10 check ovn-nbctl --wait=hv sync -AT_CHECK([ovs-ofctl dump-flows br-int table=46 | grep -c 10\.0\.0\.21], [0], [1 +AT_CHECK([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c 10\.0\.0\.21], [0], [1 ]) -AT_CHECK([ovs-ofctl dump-flows br-int table=46 | grep 10\.0\.0\.10], [1], [ignore]) +AT_CHECK([ovs-ofctl dump-flows br-int table=$acl_eval | grep 10\.0\.0\.10], [1], [ignore]) reprocess_count_new=$(read_counter consider_logical_flow) AT_CHECK([echo $(($reprocess_count_new - $reprocess_count_old))], [0], [0 @@ -1273,12 +1281,12 @@ reprocess_count_old=$(read_counter consider_logical_flow) check ovn-nbctl add address_set as1 addresses 10.0.0.22,10.0.0.23 -- \ remove address_set as1 addresses 10.0.0.9,10.0.0.8 check ovn-nbctl --wait=hv sync -AT_CHECK([ovs-ofctl dump-flows br-int table=46 | grep -c 10\.0\.0\.22], [0], [1 +AT_CHECK([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c 10\.0\.0\.22], [0], [1 ]) -AT_CHECK([ovs-ofctl dump-flows br-int table=46 | grep -c 10\.0\.0\.23], [0], [1 +AT_CHECK([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c 10\.0\.0\.23], [0], [1 ]) -AT_CHECK([ovs-ofctl dump-flows br-int table=46 | grep 10\.0\.0\.8], [1], [ignore]) -AT_CHECK([ovs-ofctl dump-flows br-int table=46 | grep 10\.0\.0\.9], [1], [ignore]) +AT_CHECK([ovs-ofctl dump-flows br-int table=$acl_eval | grep 10\.0\.0\.8], [1], [ignore]) +AT_CHECK([ovs-ofctl dump-flows br-int table=$acl_eval | grep 10\.0\.0\.9], [1], [ignore]) reprocess_count_new=$(read_counter consider_logical_flow) AT_CHECK([echo $(($reprocess_count_new - $reprocess_count_old))], [0], [0 @@ -1308,6 +1316,10 @@ check ovn-nbctl lsp-add ls1 ls1-lp1 \ wait_for_ports_up ovn-appctl -t ovn-controller vlog/set file:dbg +# Get the OF table numbers +acl_eval=$(ovn-debug lflow-stage-to-oftable ls_out_acl_eval) +acl_action=$(ovn-debug lflow-stage-to-oftable ls_out_acl_action) + dp_key=$(printf "%x" $(fetch_column datapath tunnel_key external_ids:name=ls1)) port_key=$(printf "%x" $(fetch_column port_binding tunnel_key logical_port=ls1-lp1)) @@ -1328,22 +1340,22 @@ for i in $(seq 10); do add address_set as2 addresses 10.0.0.$j check ovn-nbctl --wait=hv sync if test "$i" = 1; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | sort], [0], [dnl -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1,nw_dst=10.0.0.6 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1,nw_dst=10.0.0.6 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action) ]) else # (1 conj_id + nw_src * i + nw_dst * i) = 1 + i*2 flows - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46 | grep -c "priority=1100"], [0], [$(($i*2 + 1)) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c "priority=1100"], [0], [$(($i*2 + 1)) ]) fi if test "$i" = 3; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | \ sed -r 's/conjunction.*,/conjunction,/' | \ sed -r 's/conj_id=.*,metadata/conj_id=,metadata/' | sort], [0], [dnl -priority=1100,conj_id=,metadata=0x$dp_key actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47) +priority=1100,conj_id=,metadata=0x$dp_key actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action) priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.0.6 actions=conjunction,1/2) priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.0.7 actions=conjunction,1/2) priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.0.8 actions=conjunction,1/2) @@ -1367,15 +1379,15 @@ for i in $(seq 10); do remove address_set as2 addresses 10.0.0.$j check ovn-nbctl --wait=hv sync if test "$i" = 10; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46 | grep "priority=1100"], [1], [ignore]) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval | grep "priority=1100"], [1], [ignore]) elif test "$i" = 9; then # no conjunction left - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | sort], [0], [dnl -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.10,nw_dst=10.0.0.15 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.10,nw_dst=10.0.0.15 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action) ]) else - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46 | grep -c "priority=1100"], [0], [$((21 - $i*2)) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c "priority=1100"], [0], [$((21 - $i*2)) ]) fi done @@ -1396,14 +1408,14 @@ for i in $(seq 2 10); do check ovn-nbctl add address_set as1 addresses 10.0.0.$i check ovn-nbctl --wait=hv sync if test "$i" = 3; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | sort], [0], [dnl -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1,nw_dst=10.0.0.6 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47) -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.2,nw_dst=10.0.0.6 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47) -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.3,nw_dst=10.0.0.6 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1,nw_dst=10.0.0.6 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.2,nw_dst=10.0.0.6 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.3,nw_dst=10.0.0.6 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action) ]) fi - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46 | grep -c "priority=1100"], [0], [$i + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c "priority=1100"], [0], [$i ]) done @@ -1422,16 +1434,16 @@ for i in $(seq 10); do check ovn-nbctl remove address_set as1 addresses 10.0.0.$i check ovn-nbctl --wait=hv sync if test "$i" = 9; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}'], [0], [dnl -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.10,nw_dst=10.0.0.6 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47) -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.10,nw_dst=10.0.0.7 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.10,nw_dst=10.0.0.6 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.10,nw_dst=10.0.0.7 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action) ]) elif test "$i" = 10; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46 | grep "priority=1100"], [1], [ignore]) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval | grep "priority=1100"], [1], [ignore]) else # 2 dst + (10 - i) src + 1 conj_id - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46 | grep -c "priority=1100"], [0], [$((10 - $i + 3)) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c "priority=1100"], [0], [$((10 - $i + 3)) ]) fi done @@ -1463,6 +1475,10 @@ check ovn-nbctl lsp-add ls1 ls1-lp1 \ wait_for_ports_up ovn-appctl -t ovn-controller vlog/set file:dbg +# Get the OF table numbers +acl_eval=$(ovn-debug lflow-stage-to-oftable ls_out_acl_eval) +acl_action=$(ovn-debug lflow-stage-to-oftable ls_out_acl_action) + dp_key=$(printf "%x" $(fetch_column datapath tunnel_key external_ids:name=ls1)) port_key=$(printf "%x" $(fetch_column port_binding tunnel_key logical_port=ls1-lp1)) @@ -1485,27 +1501,27 @@ for i in $(seq 10); do add address_set as2 addresses 10.0.0.$j check ovn-nbctl --wait=hv sync if test "$i" = 1; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | sort], [0], [dnl -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.0.6 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47) -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.0.6 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action) ]) else - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46 | grep -c "priority=1100"], [0], [$(($i*2)) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c "priority=1100"], [0], [$(($i*2)) ]) fi if test "$i" = 3; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | \ sed -r 's/conjunction.*,/conjunction,/' | \ sed -r 's/conj_id=.*,/conj_id=,/' | sort], [0], [dnl -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.0.6 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47) -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.0.7 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47) -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.0.8 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47) -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47) -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.2 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47) -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.3 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.0.6 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.0.7 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.0.8 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.2 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.3 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action) ]) fi done @@ -1523,9 +1539,9 @@ for i in $(seq 10); do remove address_set as2 addresses 10.0.0.$j check ovn-nbctl --wait=hv sync if test "$i" = 10; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46 | grep "priority=1100"], [1], [ignore]) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval | grep "priority=1100"], [1], [ignore]) else - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46 | grep -c "priority=1100"], [0], [$((20 - $i*2)) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c "priority=1100"], [0], [$((20 - $i*2)) ]) fi done @@ -1559,6 +1575,10 @@ check ovn-nbctl lsp-add ls1 ls1-lp1 \ wait_for_ports_up ovn-appctl -t ovn-controller vlog/set file:dbg +# Get the OF table numbers +acl_eval=$(ovn-debug lflow-stage-to-oftable ls_out_acl_eval) +acl_action=$(ovn-debug lflow-stage-to-oftable ls_out_acl_action) + dp_key=$(printf "%x" $(fetch_column datapath tunnel_key external_ids:name=ls1)) port_key=$(printf "%x" $(fetch_column port_binding tunnel_key logical_port=ls1-lp1)) @@ -1581,30 +1601,30 @@ for i in $(seq 10); do add address_set as2 addresses 10.0.0.$j check ovn-nbctl --wait=hv sync if test "$i" = 1; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | sort], [0], [dnl -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47) -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.6 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.6 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action) ]) elif test "$i" -lt 6; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46 | grep -c "priority=1100"], [0], [$(($i*2)) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c "priority=1100"], [0], [$(($i*2)) ]) else - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46 | grep -c "priority=1100"], [0], [$((5 + $i)) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c "priority=1100"], [0], [$((5 + $i)) ]) fi if test "$i" = 3; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | \ sed -r 's/conjunction.*,/conjunction,/' | \ sed -r 's/conj_id=.*,/conj_id=,/' | sort], [0], [dnl -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47) -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.2 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47) -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.3 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47) -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.6 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47) -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.7 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47) -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.8 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.2 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.3 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.6 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.7 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.8 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action) ]) fi done @@ -1622,12 +1642,12 @@ for i in $(seq 10); do remove address_set as2 addresses 10.0.0.$j check ovn-nbctl --wait=hv sync if test "$i" = 10; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46 | grep "priority=1100"], [1], [ignore]) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval | grep "priority=1100"], [1], [ignore]) elif test "$i" -lt 6; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46 | grep -c "priority=1100"], [0], [$((15 - $i)) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c "priority=1100"], [0], [$((15 - $i)) ]) else - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46 | grep -c "priority=1100"], [0], [$((10 - ($i - 5)*2)) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c "priority=1100"], [0], [$((10 - ($i - 5)*2)) ]) fi done @@ -1662,6 +1682,10 @@ check ovn-nbctl lsp-add ls1 ls1-lp1 \ wait_for_ports_up ovn-appctl -t ovn-controller vlog/set file:dbg +# Get the OF table numbers +acl_eval=$(ovn-debug lflow-stage-to-oftable ls_out_acl_eval) +acl_action=$(ovn-debug lflow-stage-to-oftable ls_out_acl_action) + dp_key=$(printf "%x" $(fetch_column datapath tunnel_key external_ids:name=ls1)) port_key=$(printf "%x" $(fetch_column port_binding tunnel_key logical_port=ls1-lp1)) @@ -1679,22 +1703,22 @@ for i in $(seq 10); do check ovn-nbctl add address_set as1 addresses 10.0.0.$i check ovn-nbctl --wait=hv sync if test "$i" = 1; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | sort], [0], [dnl -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1,nw_dst=10.0.0.1 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1,nw_dst=10.0.0.1 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action) ]) else # (1 conj_id + nw_src * i + nw_dst * i) = 1 + i*2 flows - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46 | grep -c "priority=1100"], [0], [$(($i*2 + 1)) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c "priority=1100"], [0], [$(($i*2 + 1)) ]) fi if test "$i" = 3; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | \ sed -r 's/conjunction.*,/conjunction,/' | \ sed -r 's/conj_id=.*,metadata/conj_id=,metadata/' | sort], [0], [dnl -priority=1100,conj_id=,metadata=0x$dp_key actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47) +priority=1100,conj_id=,metadata=0x$dp_key actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action) priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.0.1 actions=conjunction,1/2) priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.0.2 actions=conjunction,1/2) priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.0.3 actions=conjunction,1/2) @@ -1716,15 +1740,15 @@ for i in $(seq 10); do check ovn-nbctl remove address_set as1 addresses 10.0.0.$i check ovn-nbctl --wait=hv sync if test "$i" = 10; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46 | grep "priority=1100"], [1], [ignore]) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval | grep "priority=1100"], [1], [ignore]) elif test "$i" = 9; then # no conjunction left - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | sort], [0], [dnl -priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.10,nw_dst=10.0.0.10 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47) +priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.10,nw_dst=10.0.0.10 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action) ]) else - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46 | grep -c "priority=1100"], [0], [$((21 - $i*2)) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c "priority=1100"], [0], [$((21 - $i*2)) ]) fi done @@ -1740,11 +1764,11 @@ for i in $(seq 10); do check ovn-nbctl add address_set as1 addresses 10.0.0.$i,10.0.1.$i check ovn-nbctl --wait=hv sync if test "$i" = 3; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | \ sed -r 's/conjunction.*,/conjunction,/' | \ sed -r 's/conj_id=.*,metadata/conj_id=,metadata/' | sort], [0], [dnl -priority=1100,conj_id=,metadata=0x$dp_key actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47) +priority=1100,conj_id=,metadata=0x$dp_key actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action) priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.0.1 actions=conjunction,1/2) priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.0.2 actions=conjunction,1/2) priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.0.3 actions=conjunction,1/2) @@ -1759,7 +1783,7 @@ priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.1.2 actions=co priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.1.3 actions=conjunction,2/2) ]) fi - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46 | grep -c "priority=1100"], [0], [$(($i * 4 + 1)) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c "priority=1100"], [0], [$(($i * 4 + 1)) ]) done @@ -1780,11 +1804,11 @@ check ovn-nbctl --wait=hv sync reprocess_count_old=$(read_counter consider_logical_flow) check ovn-nbctl add address_set as1 addresses 10.0.0.4,10.0.0.5 check ovn-nbctl --wait=hv sync -AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46,reg15=0x$port_key | \ +AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | \ sed -r 's/conjunction.*,/conjunction,/' | \ sed -r 's/conj_id=.*,metadata/conj_id=,metadata/' | sort], [0], [dnl -priority=1100,conj_id=,metadata=0x$dp_key actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47) +priority=1100,conj_id=,metadata=0x$dp_key actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action) priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.0.1 actions=conjunction,1/2) priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.0.2 actions=conjunction,1/2) priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.0.3 actions=conjunction,1/2) @@ -1804,11 +1828,11 @@ AT_CHECK([echo $(($reprocess_count_new - $reprocess_count_old))], [0], [1 # Delete 2 IPs reprocess_count_old=$(read_counter consider_logical_flow) check ovn-nbctl --wait=hv remove address_set as1 addresses 10.0.0.4,10.0.0.5 -AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46,reg15=0x$port_key | \ +AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | \ sed -r 's/conjunction.*,/conjunction,/' | \ sed -r 's/conj_id=.*,metadata/conj_id=,metadata/' | sort], [0], [dnl -priority=1100,conj_id=,metadata=0x$dp_key actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47) +priority=1100,conj_id=,metadata=0x$dp_key actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action) priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.0.1 actions=conjunction,1/2) priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.0.2 actions=conjunction,1/2) priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.0.3 actions=conjunction,1/2) @@ -1845,6 +1869,10 @@ check ovn-nbctl lsp-add ls1 ls1-lp1 \ wait_for_ports_up ovn-appctl -t ovn-controller vlog/set file:dbg +# Get the OF table numbers +acl_eval=$(ovn-debug lflow-stage-to-oftable ls_out_acl_eval) +acl_action=$(ovn-debug lflow-stage-to-oftable ls_out_acl_action) + dp_key=$(printf "%x" $(fetch_column datapath tunnel_key external_ids:name=ls1)) port_key=$(printf "%x" $(fetch_column port_binding tunnel_key logical_port=ls1-lp1)) @@ -1862,12 +1890,12 @@ check ovn-nbctl acl-add ls1 to-lport 100 'outport == "ls1-lp1" && ip4.src == $as check ovn-nbctl acl-add ls1 to-lport 100 'outport == "ls1-lp1" && ip4.src == $as2 && tcp && tcp.dst == {201, 202}' drop check ovn-nbctl --wait=hv sync -AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46,reg15=0x$port_key | \ +AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | \ sed -r 's/conjunction.[[0-9]]*,/conjunction,/g' | \ sed -r 's/conj_id=.*,metadata/conj_id=,metadata/' | sort], [0], [dnl -priority=1100,conj_id=,metadata=0x$dp_key actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47) -priority=1100,conj_id=,metadata=0x$dp_key actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47) +priority=1100,conj_id=,metadata=0x$dp_key actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action) +priority=1100,conj_id=,metadata=0x$dp_key actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action) priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.11 actions=conjunction,1/2) priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.12 actions=conjunction,1/2) priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.13 actions=conjunction,1/2) @@ -1887,12 +1915,12 @@ reprocess_count_old=$(read_counter consider_logical_flow) check ovn-nbctl add address_set as1 addresses 10.0.0.14,10.0.0.33 -- \ add address_set as2 addresses 10.0.0.24,10.0.0.33 check ovn-nbctl --wait=hv sync -AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46,reg15=0x$port_key | \ +AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | \ sed -r 's/conjunction.[[0-9]]*,/conjunction,/g' | \ sed -r 's/conj_id=.*,metadata/conj_id=,metadata/' | sort], [0], [dnl -priority=1100,conj_id=,metadata=0x$dp_key actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47) -priority=1100,conj_id=,metadata=0x$dp_key actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47) +priority=1100,conj_id=,metadata=0x$dp_key actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action) +priority=1100,conj_id=,metadata=0x$dp_key actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action) priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.11 actions=conjunction,1/2) priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.12 actions=conjunction,1/2) priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.13 actions=conjunction,1/2) @@ -1918,12 +1946,12 @@ reprocess_count_old=$(read_counter consider_logical_flow) check ovn-nbctl remove address_set as1 addresses 10.0.0.14,10.0.0.33 -- \ remove address_set as2 addresses 10.0.0.24,10.0.0.33 check ovn-nbctl --wait=hv sync -AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46,reg15=0x$port_key | \ +AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | \ sed -r 's/conjunction.[[0-9]]*,/conjunction,/g' | \ sed -r 's/conj_id=.*,metadata/conj_id=,metadata/' | sort], [0], [dnl -priority=1100,conj_id=,metadata=0x$dp_key actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47) -priority=1100,conj_id=,metadata=0x$dp_key actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47) +priority=1100,conj_id=,metadata=0x$dp_key actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action) +priority=1100,conj_id=,metadata=0x$dp_key actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action) priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.11 actions=conjunction,1/2) priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.12 actions=conjunction,1/2) priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.13 actions=conjunction,1/2) @@ -1966,6 +1994,10 @@ check ovn-nbctl lsp-add ls1 ls1-lp1 \ wait_for_ports_up ovn-appctl -t ovn-controller vlog/set file:dbg +# Get the OF table numbers +acl_eval=$(ovn-debug lflow-stage-to-oftable ls_out_acl_eval) +acl_action=$(ovn-debug lflow-stage-to-oftable ls_out_acl_action) + dp_key=$(printf "%x" $(fetch_column datapath tunnel_key external_ids:name=ls1)) port_key=$(printf "%x" $(fetch_column port_binding tunnel_key logical_port=ls1-lp1)) @@ -1983,14 +2015,14 @@ for i in $(seq 5); do check ovn-nbctl add address_set as1 addresses "aa\:aa\:aa\:aa\:aa\:0$i" check ovn-nbctl --wait=hv sync if test "$i" = 3; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | sort], [0], [dnl -priority=1100,reg15=0x$port_key,metadata=0x$dp_key,dl_src=aa:aa:aa:aa:aa:01 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47) -priority=1100,reg15=0x$port_key,metadata=0x$dp_key,dl_src=aa:aa:aa:aa:aa:02 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47) -priority=1100,reg15=0x$port_key,metadata=0x$dp_key,dl_src=aa:aa:aa:aa:aa:03 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47) +priority=1100,reg15=0x$port_key,metadata=0x$dp_key,dl_src=aa:aa:aa:aa:aa:01 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action) +priority=1100,reg15=0x$port_key,metadata=0x$dp_key,dl_src=aa:aa:aa:aa:aa:02 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action) +priority=1100,reg15=0x$port_key,metadata=0x$dp_key,dl_src=aa:aa:aa:aa:aa:03 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action) ]) fi - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46 | grep -c "priority=1100"], [0], [$i + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c "priority=1100"], [0], [$i ]) done @@ -2004,17 +2036,17 @@ reprocess_count_old=$(read_counter consider_logical_flow) for i in $(seq 5); do check ovn-nbctl remove address_set as1 addresses "aa\:aa\:aa\:aa\:aa\:0$i" check ovn-nbctl --wait=hv sync - ovs-ofctl dump-flows br-int table=46 | grep "priority=1100" + ovs-ofctl dump-flows br-int table=$acl_eval | grep "priority=1100" if test "$i" = 4; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}'], [0], [dnl -priority=1100,reg15=0x$port_key,metadata=0x$dp_key,dl_src=aa:aa:aa:aa:aa:05 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47) +priority=1100,reg15=0x$port_key,metadata=0x$dp_key,dl_src=aa:aa:aa:aa:aa:05 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action) ]) fi if test "$i" = 5; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46 | grep "priority=1100"], [1], [ignore]) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval | grep "priority=1100"], [1], [ignore]) else - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46 | grep -c "priority=1100"], [0], [$((5 - $i)) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c "priority=1100"], [0], [$((5 - $i)) ]) fi done @@ -2047,6 +2079,10 @@ check ovn-nbctl lsp-add ls1 ls1-lp1 \ wait_for_ports_up ovn-appctl -t ovn-controller vlog/set file:dbg +# Get the OF table numbers +acl_eval=$(ovn-debug lflow-stage-to-oftable ls_out_acl_eval) +acl_action=$(ovn-debug lflow-stage-to-oftable ls_out_acl_action) + dp_key=$(printf "%x" $(fetch_column datapath tunnel_key external_ids:name=ls1)) port_key=$(printf "%x" $(fetch_column port_binding tunnel_key logical_port=ls1-lp1)) @@ -2064,14 +2100,14 @@ for i in $(seq 5); do check ovn-nbctl add address_set as1 addresses "ff\:\:0$i" check ovn-nbctl --wait=hv sync if test "$i" = 3; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}' | sort], [0], [dnl -priority=1100,ipv6,reg15=0x$port_key,metadata=0x$dp_key,ipv6_src=ff::1 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47) -priority=1100,ipv6,reg15=0x$port_key,metadata=0x$dp_key,ipv6_src=ff::2 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47) -priority=1100,ipv6,reg15=0x$port_key,metadata=0x$dp_key,ipv6_src=ff::3 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47) +priority=1100,ipv6,reg15=0x$port_key,metadata=0x$dp_key,ipv6_src=ff::1 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action) +priority=1100,ipv6,reg15=0x$port_key,metadata=0x$dp_key,ipv6_src=ff::2 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action) +priority=1100,ipv6,reg15=0x$port_key,metadata=0x$dp_key,ipv6_src=ff::3 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action) ]) fi - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46 | grep -c "priority=1100"], [0], [$i + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c "priority=1100"], [0], [$i ]) done @@ -2086,15 +2122,15 @@ for i in $(seq 5); do check ovn-nbctl remove address_set as1 addresses "ff\:\:0$i" check ovn-nbctl --wait=hv sync if test "$i" = 4; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46,reg15=0x$port_key | \ + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval,reg15=0x$port_key | \ grep -v reply | awk '{print $7, $8}'], [0], [dnl -priority=1100,ipv6,reg15=0x$port_key,metadata=0x$dp_key,ipv6_src=ff::5 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47) +priority=1100,ipv6,reg15=0x$port_key,metadata=0x$dp_key,ipv6_src=ff::5 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action) ]) fi if test "$i" = 5; then - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46 | grep "priority=1100"], [1], [ignore]) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval | grep "priority=1100"], [1], [ignore]) else - AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46 | grep -c "priority=1100"], [0], [$((5 - $i)) + AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c "priority=1100"], [0], [$((5 - $i)) ]) fi done @@ -2126,10 +2162,14 @@ check ovn-nbctl lsp-add ls1 ls1-lp1 \ wait_for_ports_up ovn-appctl -t ovn-controller vlog/set file:dbg +# Get the OF table numbers +acl_eval=$(ovn-debug lflow-stage-to-oftable ls_out_acl_eval) +acl_action=$(ovn-debug lflow-stage-to-oftable ls_out_acl_action) + ovn-nbctl create address_set name=as1 addresses=8.8.8.8 check ovn-nbctl acl-add ls1 to-lport 100 'outport == "ls1-lp1" && ip4.src == $as1' drop check ovn-nbctl --wait=hv sync -AT_CHECK([ovs-ofctl dump-flows br-int table=46 | grep -c "priority=1100"], [0], [1 +AT_CHECK([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c "priority=1100"], [0], [1 ]) # pause ovn-northd @@ -2144,13 +2184,13 @@ check as northd ovn-appctl -t ovn-northd pause # undefined. This test runs the scenario ten times to make sure different # orders are covered and handled properly. -flow_count=$(ovs-ofctl dump-flows br-int table=46 | grep -c "priority=1100") +flow_count=$(ovs-ofctl dump-flows br-int table=$acl_eval | grep -c "priority=1100") for i in $(seq 10); do # Delete and recreate the SB address set with same name and an extra IP. addrs_=$(fetch_column address_set addresses name=as1) addrs=${addrs_// /,} AT_CHECK([ovn-sbctl destroy address_set as1 -- create address_set name=as1 addresses=$addrs,1.1.1.$i], [0], [ignore]) - OVS_WAIT_UNTIL([test $(as hv1 ovs-ofctl dump-flows br-int table=46 | grep -c "priority=1100") = "$(($i + 1))"]) + OVS_WAIT_UNTIL([test $(as hv1 ovs-ofctl dump-flows br-int table=$acl_eval | grep -c "priority=1100") = "$(($i + 1))"]) done # Resume northd to be able to properly cleanup diff --git a/tests/ovn.at b/tests/ovn.at index f8bde6430..ec6e824af 100644 --- a/tests/ovn.at +++ b/tests/ovn.at @@ -13598,6 +13598,10 @@ ovn-nbctl lsp-set-options ln-outside network_name=phys wait_for_ports_up check ovn-nbctl --wait=hv sync +# Get the OF table numbers +l2_lkup=$(ovn-debug lflow-stage-to-oftable ls_in_l2_lkup) +arp_rsp=$(ovn-debug lflow-stage-to-oftable ls_in_arp_rsp) + echo "---------NB dump-----" ovn-nbctl show echo "---------------------" @@ -13693,15 +13697,15 @@ sleep 10 as gw1 ovs-ofctl dump-flows br-int -OVS_WAIT_FOR_OUTPUT([as gw1 ovs-ofctl dump-flows br-int table=35 | \ +OVS_WAIT_FOR_OUTPUT([as gw1 ovs-ofctl dump-flows br-int table=$l2_lkup | \ grep "dl_dst=00:00:02:01:02:04" | wc -l], [0], [[1 ]]) -OVS_WAIT_FOR_OUTPUT([as gw2 ovs-ofctl dump-flows br-int table=35 | \ +OVS_WAIT_FOR_OUTPUT([as gw2 ovs-ofctl dump-flows br-int table=$l2_lkup | \ grep "dl_dst=00:00:02:01:02:04" | wc -l], [0], [[0 ]]) # make sure ARP responder flows for outside router port reside on gw1 too through ls_in_arp_rsp table -OVS_WAIT_UNTIL([test `as gw1 ovs-ofctl dump-flows br-int table=29 | \ +OVS_WAIT_UNTIL([test `as gw1 ovs-ofctl dump-flows br-int table=$arp_rsp | \ grep arp_tpa=192.168.0.101 | wc -l` -ge 1]) # check that the chassis redirect port has been claimed by the gw1 chassis @@ -13783,10 +13787,10 @@ AT_CHECK([ovs-vsctl --bare --columns bfd find Interface name=ovn-hv1-0],[0], ]]) # make sure that flows for handling the outside router port reside on gw2 now -OVS_WAIT_FOR_OUTPUT([as gw2 ovs-ofctl dump-flows br-int table=35 | \ +OVS_WAIT_FOR_OUTPUT([as gw2 ovs-ofctl dump-flows br-int table=$l2_lkup | \ grep "dl_dst=00:00:02:01:02:04" | wc -l], [0], [[1 ]]) -OVS_WAIT_FOR_OUTPUT([as gw1 ovs-ofctl dump-flows br-int table=35 | \ +OVS_WAIT_FOR_OUTPUT([as gw1 ovs-ofctl dump-flows br-int table=$l2_lkup | \ grep "dl_dst=00:00:02:01:02:04" | wc -l], [0], [[0 ]]) @@ -13798,10 +13802,10 @@ as main ovs-vsctl del-port n1 $port bfd_dump # make sure that flows for handling the outside router port reside on gw1 now -OVS_WAIT_FOR_OUTPUT([as gw1 ovs-ofctl dump-flows br-int table=35 | \ +OVS_WAIT_FOR_OUTPUT([as gw1 ovs-ofctl dump-flows br-int table=$l2_lkup | \ grep "dl_dst=00:00:02:01:02:04" | wc -l], [0], [[1 ]]) -OVS_WAIT_FOR_OUTPUT([as gw2 ovs-ofctl dump-flows br-int table=35 | \ +OVS_WAIT_FOR_OUTPUT([as gw2 ovs-ofctl dump-flows br-int table=$l2_lkup | \ grep "dl_dst=00:00:02:01:02:04" | wc -l], [0], [[0 ]]) @@ -13915,15 +13919,15 @@ grep active_backup | grep members:$hv2_gw1_ofport,$hv2_gw2_ofport \ ]) # make sure that flows for handling the outside router port reside on gw1 -OVS_WAIT_FOR_OUTPUT([as gw1 ovs-ofctl dump-flows br-int table=35 | \ +OVS_WAIT_FOR_OUTPUT([as gw1 ovs-ofctl dump-flows br-int table=$l2_lkup | \ grep "dl_dst=00:00:02:01:02:04" | wc -l], [0], [[1 ]]) -OVS_WAIT_FOR_OUTPUT([as gw2 ovs-ofctl dump-flows br-int table=35 | \ +OVS_WAIT_FOR_OUTPUT([as gw2 ovs-ofctl dump-flows br-int table=$l2_lkup | \ grep "dl_dst:00:00:02:01:02:04" | wc -l], [0], [[0 ]]) # make sure ARP responder flows for outside router port reside on gw1 too -OVS_WAIT_UNTIL([test `as gw1 ovs-ofctl dump-flows br-int table=29 | \ +OVS_WAIT_UNTIL([test `as gw1 ovs-ofctl dump-flows br-int table=$arp_rsp | \ grep arp_tpa=192.168.0.101 | wc -l` -ge 1 ]) # check that the chassis redirect port has been claimed by the gw1 chassis @@ -13987,10 +13991,10 @@ AT_CHECK([ovs-vsctl --bare --columns bfd find Interface name=ovn-hv1-0],[0], ]]) # make sure that flows for handling the outside router port reside on gw2 now -OVS_WAIT_FOR_OUTPUT([as gw2 ovs-ofctl dump-flows br-int table=35 | \ +OVS_WAIT_FOR_OUTPUT([as gw2 ovs-ofctl dump-flows br-int table=$l2_lkup | \ grep "dl_dst=00:00:02:01:02:04" | wc -l], [0], [[1 ]]) -OVS_WAIT_FOR_OUTPUT([as gw1 ovs-ofctl dump-flows br-int table=35 | \ +OVS_WAIT_FOR_OUTPUT([as gw1 ovs-ofctl dump-flows br-int table=$l2_lkup | \ grep "dl_dst=00:00:02:01:02:04" | wc -l], [0], [[0 ]]) @@ -14002,10 +14006,10 @@ as main ovs-vsctl del-port n1 $port bfd_dump # make sure that flows for handling the outside router port reside on gw2 now -OVS_WAIT_FOR_OUTPUT([as gw1 ovs-ofctl dump-flows br-int table=35 | \ +OVS_WAIT_FOR_OUTPUT([as gw1 ovs-ofctl dump-flows br-int table=$l2_lkup | \ grep "dl_dst=00:00:02:01:02:04" | wc -l], [0], [[1 ]]) -OVS_WAIT_FOR_OUTPUT([as gw2 ovs-ofctl dump-flows br-int table=35 | \ +OVS_WAIT_FOR_OUTPUT([as gw2 ovs-ofctl dump-flows br-int table=$l2_lkup | \ grep "dl_dst=00:00:02:01:02:04" | wc -l], [0], [[0 ]]) @@ -17127,6 +17131,9 @@ OVN_POPULATE_ARP wait_for_ports_up ovn-nbctl --wait=hv sync +# Get the OF table numbers +acl_eval=$(ovn-debug lflow-stage-to-oftable ls_out_acl_eval) + # Wait for pinctrl thread to be connected OVS_WAIT_UNTIL([grep pinctrl hv1/ovn-controller.log | grep -c connected]) OVS_WAIT_UNTIL([grep pinctrl hv2/ovn-controller.log | grep -c connected]) @@ -17152,18 +17159,18 @@ send_icmp6_packet 1 1 $eth_src $eth_dst $ipv6_src $ipv6_dst # Get total number of ipv4 packets that received on ovs # sender side -OVS_WAIT_UNTIL([test 1 = `as hv1 ovs-ofctl dump-flows br-int table=46 | grep priority=2002 | grep ip,metadata=0x1 | grep -c n_packets=1`]) +OVS_WAIT_UNTIL([test 1 = `as hv1 ovs-ofctl dump-flows br-int table=$acl_eval | grep priority=2002 | grep ip,metadata=0x1 | grep -c n_packets=1`]) # receiver side -OVS_WAIT_UNTIL([test 1 = `as hv2 ovs-ofctl dump-flows br-int table=46 | grep priority=2002 | grep ip,metadata=0x1 | grep -c n_packets=1`]) +OVS_WAIT_UNTIL([test 1 = `as hv2 ovs-ofctl dump-flows br-int table=$acl_eval | grep priority=2002 | grep ip,metadata=0x1 | grep -c n_packets=1`]) # Get total number of ipv6 packets that received on ovs # sender side -OVS_WAIT_UNTIL([test 1 = `as hv1 ovs-ofctl dump-flows br-int table=46 | grep priority=2002 | grep ipv6,metadata=0x1 | grep -c n_packets=1`]) +OVS_WAIT_UNTIL([test 1 = `as hv1 ovs-ofctl dump-flows br-int table=$acl_eval | grep priority=2002 | grep ipv6,metadata=0x1 | grep -c n_packets=1`]) # receiver side -OVS_WAIT_UNTIL([test 1 = `as hv2 ovs-ofctl dump-flows br-int table=46 | grep priority=2002 | grep ipv6,metadata=0x1 | grep -c n_packets=1`]) +OVS_WAIT_UNTIL([test 1 = `as hv2 ovs-ofctl dump-flows br-int table=$acl_eval | grep priority=2002 | grep ipv6,metadata=0x1 | grep -c n_packets=1`]) OVN_CLEANUP([hv1], [hv2]) AT_CLEANUP @@ -18788,6 +18795,10 @@ check ovn-nbctl acl-add ls1 to-lport 3 '(ip4.src==10.0.0.1 || ip4.src==10.0.0.42 wait_for_ports_up check ovn-nbctl --wait=hv sync +# Get the OF table numbers +acl_eval=$(ovn-debug lflow-stage-to-oftable ls_out_acl_eval) +acl_action=$(ovn-debug lflow-stage-to-oftable ls_out_acl_action) + ovn-sbctl dump-flows > sbflows AT_CAPTURE_FILE([sbflows]) @@ -18850,17 +18861,17 @@ check ovn-nbctl acl-add ls1 to-lport 3 'ip4.src==10.0.0.1' allow check ovn-nbctl --wait=hv sync # Check OVS flows, the less restrictive flows should have been installed. -AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=46 | ofctl_strip_all | +AT_CHECK_UNQUOTED([as hv1 ovs-ofctl dump-flows br-int table=$acl_eval | ofctl_strip_all | grep "priority=1003" | \ sed 's/conjunction([[^)]]*)/conjunction()/g' | \ sed 's/conj_id=[[0-9]]*,/conj_id=xxx,/g' | sort], [0], [dnl - table=46, priority=1003,conj_id=xxx,ip,metadata=0x1 actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,47) - table=46, priority=1003,conj_id=xxx,ip,metadata=0x1 actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,47) - table=46, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.3 actions=conjunction(),conjunction() - table=46, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.4 actions=conjunction(),conjunction() - table=46, priority=1003,ip,metadata=0x1,nw_src=10.0.0.1 actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,47) - table=46, priority=1003,ip,metadata=0x1,nw_src=10.0.0.2 actions=conjunction() - table=46, priority=1003,ip,metadata=0x1,nw_src=10.0.0.42 actions=conjunction() + table=$acl_eval, priority=1003,conj_id=xxx,ip,metadata=0x1 actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,$acl_action) + table=$acl_eval, priority=1003,conj_id=xxx,ip,metadata=0x1 actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,$acl_action) + table=$acl_eval, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.3 actions=conjunction(),conjunction() + table=$acl_eval, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.4 actions=conjunction(),conjunction() + table=$acl_eval, priority=1003,ip,metadata=0x1,nw_src=10.0.0.1 actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,$acl_action) + table=$acl_eval, priority=1003,ip,metadata=0x1,nw_src=10.0.0.2 actions=conjunction() + table=$acl_eval, priority=1003,ip,metadata=0x1,nw_src=10.0.0.42 actions=conjunction() ]) # Traffic 10.0.0.1, 10.0.0.2 -> 10.0.0.3, 10.0.0.4 should be allowed. @@ -18895,17 +18906,17 @@ check ovn-nbctl acl-del ls1 to-lport 3 'ip4.src==10.0.0.1 || ip4.src==10.0.0.1' check ovn-nbctl --wait=hv sync # Check OVS flows, the second less restrictive allow ACL should have been installed. -AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=46 | ofctl_strip_all | \ +AT_CHECK_UNQUOTED([as hv1 ovs-ofctl dump-flows br-int table=$acl_eval | ofctl_strip_all | \ grep "priority=1003" | \ sed 's/conjunction([[^)]]*)/conjunction()/g' | \ sed 's/conj_id=[[0-9]]*,/conj_id=xxx,/g' | sort], [0], [dnl - table=46, priority=1003,conj_id=xxx,ip,metadata=0x1 actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,47) - table=46, priority=1003,conj_id=xxx,ip,metadata=0x1 actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,47) - table=46, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.3 actions=conjunction(),conjunction() - table=46, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.4 actions=conjunction(),conjunction() - table=46, priority=1003,ip,metadata=0x1,nw_src=10.0.0.1 actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,47) - table=46, priority=1003,ip,metadata=0x1,nw_src=10.0.0.2 actions=conjunction() - table=46, priority=1003,ip,metadata=0x1,nw_src=10.0.0.42 actions=conjunction() + table=$acl_eval, priority=1003,conj_id=xxx,ip,metadata=0x1 actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,$acl_action) + table=$acl_eval, priority=1003,conj_id=xxx,ip,metadata=0x1 actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,$acl_action) + table=$acl_eval, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.3 actions=conjunction(),conjunction() + table=$acl_eval, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.4 actions=conjunction(),conjunction() + table=$acl_eval, priority=1003,ip,metadata=0x1,nw_src=10.0.0.1 actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,$acl_action) + table=$acl_eval, priority=1003,ip,metadata=0x1,nw_src=10.0.0.2 actions=conjunction() + table=$acl_eval, priority=1003,ip,metadata=0x1,nw_src=10.0.0.42 actions=conjunction() ]) # Remove the less restrictive allow ACL. @@ -18913,17 +18924,17 @@ check ovn-nbctl acl-del ls1 to-lport 3 'ip4.src==10.0.0.1' check ovn-nbctl --wait=hv sync # Check OVS flows, the 10.0.0.1 conjunction should have been reinstalled. -AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=46 | ofctl_strip_all | \ +AT_CHECK_UNQUOTED([as hv1 ovs-ofctl dump-flows br-int table=$acl_eval | ofctl_strip_all | \ grep "priority=1003" | \ sed 's/conjunction([[^)]]*)/conjunction()/g' | \ sed 's/conj_id=[[0-9]]*,/conj_id=xxx,/g' | sort], [0], [dnl - table=46, priority=1003,conj_id=xxx,ip,metadata=0x1 actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,47) - table=46, priority=1003,conj_id=xxx,ip,metadata=0x1 actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,47) - table=46, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.3 actions=conjunction(),conjunction() - table=46, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.4 actions=conjunction(),conjunction() - table=46, priority=1003,ip,metadata=0x1,nw_src=10.0.0.1 actions=conjunction(),conjunction() - table=46, priority=1003,ip,metadata=0x1,nw_src=10.0.0.2 actions=conjunction() - table=46, priority=1003,ip,metadata=0x1,nw_src=10.0.0.42 actions=conjunction() + table=$acl_eval, priority=1003,conj_id=xxx,ip,metadata=0x1 actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,$acl_action) + table=$acl_eval, priority=1003,conj_id=xxx,ip,metadata=0x1 actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,$acl_action) + table=$acl_eval, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.3 actions=conjunction(),conjunction() + table=$acl_eval, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.4 actions=conjunction(),conjunction() + table=$acl_eval, priority=1003,ip,metadata=0x1,nw_src=10.0.0.1 actions=conjunction(),conjunction() + table=$acl_eval, priority=1003,ip,metadata=0x1,nw_src=10.0.0.2 actions=conjunction() + table=$acl_eval, priority=1003,ip,metadata=0x1,nw_src=10.0.0.42 actions=conjunction() ]) # Traffic 10.0.0.1, 10.0.0.2 -> 10.0.0.3, 10.0.0.4 should be allowed. @@ -18953,17 +18964,17 @@ check ovn-nbctl acl-add ls1 to-lport 3 'ip4.src==10.0.0.1' allow check ovn-nbctl --wait=hv sync # Check OVS flows, the less restrictive flows should have been installed. -AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=46 | ofctl_strip_all | \ +AT_CHECK_UNQUOTED([as hv1 ovs-ofctl dump-flows br-int table=$acl_eval | ofctl_strip_all | \ grep "priority=1003" | \ sed 's/conjunction([[^)]]*)/conjunction()/g' | \ sed 's/conj_id=[[0-9]]*,/conj_id=xxx,/g' | sort], [0], [dnl - table=46, priority=1003,conj_id=xxx,ip,metadata=0x1 actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,47) - table=46, priority=1003,conj_id=xxx,ip,metadata=0x1 actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,47) - table=46, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.3 actions=conjunction(),conjunction() - table=46, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.4 actions=conjunction(),conjunction() - table=46, priority=1003,ip,metadata=0x1,nw_src=10.0.0.1 actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,47) - table=46, priority=1003,ip,metadata=0x1,nw_src=10.0.0.2 actions=conjunction() - table=46, priority=1003,ip,metadata=0x1,nw_src=10.0.0.42 actions=conjunction() + table=$acl_eval, priority=1003,conj_id=xxx,ip,metadata=0x1 actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,$acl_action) + table=$acl_eval, priority=1003,conj_id=xxx,ip,metadata=0x1 actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,$acl_action) + table=$acl_eval, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.3 actions=conjunction(),conjunction() + table=$acl_eval, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.4 actions=conjunction(),conjunction() + table=$acl_eval, priority=1003,ip,metadata=0x1,nw_src=10.0.0.1 actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,$acl_action) + table=$acl_eval, priority=1003,ip,metadata=0x1,nw_src=10.0.0.2 actions=conjunction() + table=$acl_eval, priority=1003,ip,metadata=0x1,nw_src=10.0.0.42 actions=conjunction() ]) # Add another ACL that overlaps with the existing less restrictive ones. @@ -18974,20 +18985,20 @@ check ovn-nbctl --wait=hv sync # with an additional conjunction action. # # New non-conjunctive flows should be added to match on 'udp'. -AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=46 | ofctl_strip_all | \ +AT_CHECK_UNQUOTED([as hv1 ovs-ofctl dump-flows br-int table=$acl_eval | ofctl_strip_all | \ grep "priority=1003" | \ sed 's/conjunction([[^)]]*)/conjunction()/g' | \ sed 's/conj_id=[[0-9]]*,/conj_id=xxx,/g' | sort], [0], [dnl - table=46, priority=1003,conj_id=xxx,ip,metadata=0x1 actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,47) - table=46, priority=1003,conj_id=xxx,ip,metadata=0x1 actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,47) - table=46, priority=1003,conj_id=xxx,ip,metadata=0x1 actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,47) - table=46, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.3 actions=conjunction(),conjunction(),conjunction() - table=46, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.4 actions=conjunction(),conjunction(),conjunction() - table=46, priority=1003,ip,metadata=0x1,nw_src=10.0.0.1 actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,47) - table=46, priority=1003,ip,metadata=0x1,nw_src=10.0.0.2 actions=conjunction(),conjunction() - table=46, priority=1003,ip,metadata=0x1,nw_src=10.0.0.42 actions=conjunction() - table=46, priority=1003,udp,metadata=0x1 actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,47) - table=46, priority=1003,udp6,metadata=0x1 actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,47) + table=$acl_eval, priority=1003,conj_id=xxx,ip,metadata=0x1 actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,$acl_action) + table=$acl_eval, priority=1003,conj_id=xxx,ip,metadata=0x1 actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,$acl_action) + table=$acl_eval, priority=1003,conj_id=xxx,ip,metadata=0x1 actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,$acl_action) + table=$acl_eval, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.3 actions=conjunction(),conjunction(),conjunction() + table=$acl_eval, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.4 actions=conjunction(),conjunction(),conjunction() + table=$acl_eval, priority=1003,ip,metadata=0x1,nw_src=10.0.0.1 actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,$acl_action) + table=$acl_eval, priority=1003,ip,metadata=0x1,nw_src=10.0.0.2 actions=conjunction(),conjunction() + table=$acl_eval, priority=1003,ip,metadata=0x1,nw_src=10.0.0.42 actions=conjunction() + table=$acl_eval, priority=1003,udp,metadata=0x1 actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,$acl_action) + table=$acl_eval, priority=1003,udp6,metadata=0x1 actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,$acl_action) ]) OVN_CLEANUP([hv1]) @@ -19042,17 +19053,21 @@ check ovn-nbctl acl-add pg1 to-lport 100 'outport == @pg1 && ip4.src == $as2' al wait_for_ports_up check ovn-nbctl --wait=hv sync -ovs-ofctl dump-flows br-int table=46 -AT_CHECK([test `ovs-ofctl dump-flows br-int table=46 | grep -c conj_id` = 2]) + +# Get the OF table numbers +acl_eval=$(ovn-debug lflow-stage-to-oftable ls_out_acl_eval) + +ovs-ofctl dump-flows br-int table=$acl_eval +AT_CHECK([test `ovs-ofctl dump-flows br-int table=$acl_eval | grep -c conj_id` = 2]) echo ------- # Add another address in as1, so that the 1st ACL will now generate 2 conjunctions. ovn-nbctl set address_set as1 addresses="10.0.0.1,10.0.0.2" check ovn-nbctl --wait=hv sync -ovs-ofctl dump-flows br-int table=46 +ovs-ofctl dump-flows br-int table=$acl_eval # There should be 3 conjunctions in total (2 from 1st ACL + 1 from 2nd ACL) -AT_CHECK([test `ovs-ofctl dump-flows br-int table=46 | grep -c conj_id` = 3]) +AT_CHECK([test `ovs-ofctl dump-flows br-int table=$acl_eval | grep -c conj_id` = 3]) OVN_CLEANUP([hv1]) AT_CLEANUP @@ -19789,17 +19804,17 @@ ovs-vsctl set open . external-ids:ovn-bridge-mappings=phys:br-phys AT_CHECK([ovn-sbctl dump-flows ls1 | grep "offerip = 10.0.0.6" | \ wc -l], [0], [0 ]) -AT_CHECK([as hv1 ovs-ofctl dump-flows br-int | grep table=26 | \ +AT_CHECK([as hv1 ovs-ofctl dump-flows br-int | \ grep controller | grep "0a.00.00.06" | wc -l], [0], [0 ]) -AT_CHECK([as hv2 ovs-ofctl dump-flows br-int | grep table=26 | \ +AT_CHECK([as hv2 ovs-ofctl dump-flows br-int | \ grep controller | grep "0a.00.00.06" | wc -l], [0], [0 ]) -AT_CHECK([as hv1 ovs-ofctl dump-flows br-int | grep table=26 | \ +AT_CHECK([as hv1 ovs-ofctl dump-flows br-int | \ grep controller | grep tp_src=546 | grep \ "ae.70.00.00.00.00.00.00.00.00.00.00.00.00.00.06" | wc -l], [0], [0 ]) -AT_CHECK([as hv2 ovs-ofctl dump-flows br-int | grep table=26 | \ +AT_CHECK([as hv2 ovs-ofctl dump-flows br-int | \ grep controller | grep tp_src=546 | grep \ "ae.70.00.00.00.00.00.00.00.00.00.00.00.00.00.06" | wc -l], [0], [0 ]) @@ -20368,7 +20383,7 @@ wait_for_ports_up ls1-lp_ext1 # There should be a flow in hv2 to drop traffic from ls1-lp_ext1 destined # to router mac. AT_CHECK([as hv2 ovs-ofctl dump-flows br-int \ -table=34,dl_src=f0:00:00:00:00:03,dl_dst=a0:10:00:00:00:01 | \ +table=$(ovn-debug lflow-stage-to-oftable ls_in_external_port),dl_src=f0:00:00:00:00:03,dl_dst=a0:10:00:00:00:01 | \ grep -c "actions=drop"], [0], [1 ]) # Stop ovn-controllers on hv1 and hv3. @@ -21953,6 +21968,10 @@ OVN_POPULATE_ARP wait_for_ports_up ovn-nbctl --wait=hv sync +# Get the OF table numbers +acl_eval=$(ovn-debug lflow-stage-to-oftable ls_out_acl_eval) +ip_input=$(ovn-debug lflow-stage-to-oftable lr_in_ip_input) + # Check that logical flows are added for sw0-vir/sw0vir6 in lsp_in_arp_rsp pipeline # with bind_vport action. @@ -22002,22 +22021,22 @@ check_virtual_offlows_present() { lr0_dp_key=$(printf "%x" $(fetch_column Datapath_Binding tunnel_key external_ids:name=lr0)) lr0_public_dp_key=$(printf "%x" $(fetch_column Port_Binding tunnel_key logical_port=lr0-public)) - AT_CHECK_UNQUOTED([as $hv ovs-ofctl dump-flows br-int table=46,ip | ofctl_strip_all | grep "priority=2000"], [0], [dnl - table=46, priority=2000,ip,metadata=0x$sw0_dp_key actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,47) + AT_CHECK_UNQUOTED([as $hv ovs-ofctl dump-flows br-int table=$acl_eval,ip | ofctl_strip_all | grep "priority=2000"], [0], [dnl + table=$acl_eval, priority=2000,ip,metadata=0x$sw0_dp_key actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,$(ovn-debug lflow-stage-to-oftable ls_out_acl_action)) ]) - AT_CHECK_UNQUOTED([as $hv ovs-ofctl dump-flows br-int table=11 | ofctl_strip_all | \ + AT_CHECK_UNQUOTED([as $hv ovs-ofctl dump-flows br-int table=$ip_input | ofctl_strip_all | \ grep "priority=92" | grep 172.168.0.50], [0], [dnl - table=11, priority=92,arp,reg14=0x$lr0_public_dp_key,metadata=0x$lr0_dp_key,arp_tpa=172.168.0.50,arp_op=1 actions=move:NXM_OF_ETH_SRC[[]]->NXM_OF_ETH_DST[[]],mod_dl_src:10:54:00:00:00:10,load:0x2->NXM_OF_ARP_OP[[]],move:NXM_NX_ARP_SHA[[]]->NXM_NX_ARP_THA[[]],load:0x105400000010->NXM_NX_ARP_SHA[[]],push:NXM_OF_ARP_SPA[[]],push:NXM_OF_ARP_TPA[[]],pop:NXM_OF_ARP_SPA[[]],pop:NXM_OF_ARP_TPA[[]],move:NXM_NX_REG14[[]]->NXM_NX_REG15[[]],load:0x1->NXM_NX_REG10[[0]],resubmit(,OFTABLE_OUTPUT_LARGE_PKT_DETECT) + table=$ip_input, priority=92,arp,reg14=0x$lr0_public_dp_key,metadata=0x$lr0_dp_key,arp_tpa=172.168.0.50,arp_op=1 actions=move:NXM_OF_ETH_SRC[[]]->NXM_OF_ETH_DST[[]],mod_dl_src:10:54:00:00:00:10,load:0x2->NXM_OF_ARP_OP[[]],move:NXM_NX_ARP_SHA[[]]->NXM_NX_ARP_THA[[]],load:0x105400000010->NXM_NX_ARP_SHA[[]],push:NXM_OF_ARP_SPA[[]],push:NXM_OF_ARP_TPA[[]],pop:NXM_OF_ARP_SPA[[]],pop:NXM_OF_ARP_TPA[[]],move:NXM_NX_REG14[[]]->NXM_NX_REG15[[]],load:0x1->NXM_NX_REG10[[0]],resubmit(,OFTABLE_OUTPUT_LARGE_PKT_DETECT) ]) } check_virtual_offlows_not_present() { hv=$1 - AT_CHECK([as $hv ovs-ofctl dump-flows br-int table=46,ip | ofctl_strip_all | grep "priority=2000"], [1], [dnl + AT_CHECK([as $hv ovs-ofctl dump-flows br-int table=$acl_eval,ip | ofctl_strip_all | grep "priority=2000"], [1], [dnl ]) - AT_CHECK([as $hv ovs-ofctl dump-flows br-int table=11 | ofctl_strip_all | \ + AT_CHECK([as $hv ovs-ofctl dump-flows br-int table=$acl_eval | ofctl_strip_all | \ grep "priority=92" | grep 172.168.0.50], [1], [dnl ]) } @@ -22081,7 +22100,7 @@ eth_dst=00000000ff01 ip_src=$(ip_to_hex 10 0 0 10) ip_dst=$(ip_to_hex 172 168 0 101) send_icmp_packet 1 1 $eth_src $eth_dst $ip_src $ip_dst c4c9 0000000000000000000000 -AT_CHECK_UNQUOTED([as hv1 ovs-ofctl dump-flows br-int metadata=0x$lr0_dp_key | awk '/table=28, n_packets=1, n_bytes=45/{print $7" "$8}'],[0],[dnl +AT_CHECK_UNQUOTED([as hv1 ovs-ofctl dump-flows br-int table=$(ovn-debug lflow-stage-to-oftable lr_in_gw_redirect),metadata=0x$lr0_dp_key | awk '/n_packets=1, n_bytes=45/{print $7" "$8}'],[0],[dnl priority=80,ip,reg15=0x$lr0_public_dp_key,metadata=0x$lr0_dp_key,nw_src=10.0.0.10 actions=drop ]) @@ -24705,6 +24724,9 @@ OVN_POPULATE_ARP wait_for_ports_up ovn-nbctl --wait=hv sync +# Get the OF table numbers +learn_neigh=$(ovn-debug lflow-stage-to-oftable lr_in_learn_neighbor) + as hv1 ovs-appctl -t ovn-controller vlog/set dbg # From sw0-p1 send GARP for 10.0.0.30. @@ -24735,7 +24757,7 @@ grep table_id=10 | wc -l`]) AT_CHECK([test 1 = `cat hv1/ovn-controller.log | grep "pinctrl received packet-in" | \ grep opcode=PUT_ARP | grep OF_Table_ID=10 | wc -l`]) -AT_CHECK([test 1 = `as hv1 ovs-ofctl dump-flows br-int table=10 | grep arp | \ +AT_CHECK([test 1 = `as hv1 ovs-ofctl dump-flows br-int table=$learn_neigh | grep arp | \ grep controller | grep -v n_packets=0 | wc -l`]) # Wait for an entry in table=OFTABLE_MAC_LOOKUP @@ -24753,7 +24775,7 @@ OVS_WAIT_UNTIL([test 1 = `as hv1 ovs-ofctl dump-flows br-int table=OFTABLE_MAC_L # count should be 1 only. AT_CHECK([test 1 = `cat hv1/ovn-controller.log | grep NXT_PACKET_IN2 | \ grep table_id=10 | wc -l`]) -AT_CHECK([test 1 = `as hv1 ovs-ofctl dump-flows br-int table=10 | grep arp | \ +AT_CHECK([test 1 = `as hv1 ovs-ofctl dump-flows br-int table=$learn_neigh | grep arp | \ grep controller | grep -v n_packets=0 | wc -l`]) # Now send garp packet with different mac. @@ -28345,11 +28367,14 @@ check ovn-nbctl set logical_router_policy $pol4 options:pkt_mark=4 check ovn-nbctl set logical_router_policy $pol5 options:pkt_mark=4294967295 check ovn-nbctl --wait=hv sync +# Get the OF table numbers +lr_policy=$(ovn-debug lflow-stage-to-oftable lr_in_policy) + ovn-sbctl dump-flows > sbflows AT_CAPTURE_FILE([sbflows]) AT_CAPTURE_FILE([offlows]) OVS_WAIT_UNTIL([ - as hv1 ovs-ofctl dump-flows br-int table=23 > offlows + as hv1 ovs-ofctl dump-flows br-int table=$lr_policy > offlows test $(grep -c "load:0x64->NXM_NX_PKT_MARK" offlows) = 1 && \ test $(grep -c "load:0x3->NXM_NX_PKT_MARK" offlows) = 1 && \ test $(grep -c "load:0x4->NXM_NX_PKT_MARK" offlows) = 1 && \ @@ -28447,12 +28472,12 @@ send_ipv4_pkt hv1 hv1-vif1 505400000003 00000000ff01 \ c3ad 83dc OVS_WAIT_UNTIL([ - test 1 -eq $(as hv1 ovs-ofctl dump-flows br-int table=23 | \ + test 1 -eq $(as hv1 ovs-ofctl dump-flows br-int table=$lr_policy | \ grep "load:0x2->NXM_NX_PKT_MARK" -c) ]) AT_CHECK([ - test 0 -eq $(as hv1 ovs-ofctl dump-flows br-int table=23 | \ + test 0 -eq $(as hv1 ovs-ofctl dump-flows br-int table=$lr_policy | \ grep "load:0x64->NXM_NX_PKT_MARK" -c) ]) @@ -29143,25 +29168,29 @@ check ovn-nbctl --ecmp-symmetric-reply --policy="src-ip" lr-route-add GW 10.0.0. wait_for_ports_up check ovn-nbctl --wait=hv sync +# Get the OF table numbers +ecmp_stateful=$(ovn-debug lflow-stage-to-oftable lr_in_ecmp_stateful) +arp_resolve=$(ovn-debug lflow-stage-to-oftable lr_in_arp_resolve) + # Ensure ECMP symmetric reply flows are not present on any hypervisor. AT_CHECK([ - test 0 -eq $(as hv1 ovs-ofctl dump-flows br-int table=17 | \ + test 0 -eq $(as hv1 ovs-ofctl dump-flows br-int table=$ecmp_stateful | \ grep "priority=100" | \ grep "ct(commit,zone=NXM_NX_REG11\\[[0..15\\]],exec(move:NXM_OF_ETH_SRC\\[[\\]]->NXM_NX_CT_LABEL\\[[32..79\\]],load:0x[[0-9]]->NXM_NX_CT_LABEL\\[[80..95\\]]))" -c) ]) AT_CHECK([ - test 0 -eq $(as hv1 ovs-ofctl dump-flows br-int table=25 | \ + test 0 -eq $(as hv1 ovs-ofctl dump-flows br-int table=$arp_resolve | \ grep "priority=200" | \ grep "actions=move:NXM_NX_CT_LABEL\\[[32..79\\]]->NXM_OF_ETH_DST\\[[\\]]" -c) ]) AT_CHECK([ - test 0 -eq $(as hv2 ovs-ofctl dump-flows br-int table=17 | \ + test 0 -eq $(as hv2 ovs-ofctl dump-flows br-int table=$ecmp_stateful | \ grep "priority=100" | \ grep "ct(commit,zone=NXM_NX_REG11\\[[0..15\\]],exec(move:NXM_OF_ETH_SRC\\[[\\]]->NXM_NX_CT_LABEL\\[[32..79\\]],load:0x[[0-9]]->NXM_NX_CT_LABEL\\[[80..95\\]]))" -c) ]) AT_CHECK([ - test 0 -eq $(as hv2 ovs-ofctl dump-flows br-int table=25 | \ + test 0 -eq $(as hv2 ovs-ofctl dump-flows br-int table=$arp_resolve | \ grep "priority=200" | \ grep "actions=move:NXM_NX_CT_LABEL\\[[32..79\\]]->NXM_OF_ETH_DST\\[[\\]]" -c) ]) @@ -29179,11 +29208,11 @@ AT_CAPTURE_FILE([hv2flows]) AT_CHECK([ for hv in 1 2; do - grep table=17 hv${hv}flows | \ + grep table=$ecmp_stateful hv${hv}flows | \ grep "priority=100" | \ grep -c "ct(commit,zone=NXM_NX_REG11\\[[0..15\\]],.*exec(move:NXM_OF_ETH_SRC\\[[\\]]->NXM_NX_CT_LABEL\\[[32..79\\]],load:0x[[0-9]]->NXM_NX_CT_MARK\\[[16..31\\]]))" - grep table=25 hv${hv}flows | \ + grep table=$arp_resolve hv${hv}flows | \ grep "priority=200" | \ grep -c "move:NXM_NX_CT_LABEL\\[[\\]]->NXM_NX_XXREG1\\[[\\]],move:NXM_NX_XXREG1\\[[32..79\\]]->NXM_OF_ETH_DST" done; :], [0], [dnl @@ -29269,25 +29298,29 @@ check ovn-nbctl --ecmp-symmetric-reply --policy="src-ip" lr-route-add GW 1001::/ wait_for_ports_up check ovn-nbctl --wait=hv sync +# Get the OF table numbers +ecmp_stateful=$(ovn-debug lflow-stage-to-oftable lr_in_ecmp_stateful) +arp_resolve=$(ovn-debug lflow-stage-to-oftable lr_in_arp_resolve) + # Ensure ECMP symmetric reply flows are not present on any hypervisor. AT_CHECK([ - test 0 -eq $(as hv1 ovs-ofctl dump-flows br-int table=17 | \ + test 0 -eq $(as hv1 ovs-ofctl dump-flows br-int table=$ecmp_stateful | \ grep "priority=100" | \ grep "ct(commit,zone=NXM_NX_REG11\\[[0..15\\]],exec(move:NXM_OF_ETH_SRC\\[[\\]]->NXM_NX_CT_LABEL\\[[32..79\\]],load:0x[[0-9]]->NXM_NX_CT_LABEL\\[[80..95\\]]))" -c) ]) AT_CHECK([ - test 0 -eq $(as hv1 ovs-ofctl dump-flows br-int table=25 | \ + test 0 -eq $(as hv1 ovs-ofctl dump-flows br-int table=$arp_resolve | \ grep "priority=200" | \ grep "actions=move:NXM_NX_CT_LABEL\\[[32..79\\]]->NXM_OF_ETH_DST\\[[\\]]" -c) ]) AT_CHECK([ - test 0 -eq $(as hv2 ovs-ofctl dump-flows br-int table=17 | \ + test 0 -eq $(as hv2 ovs-ofctl dump-flows br-int table=$ecmp_stateful | \ grep "priority=100" | \ grep "ct(commit,zone=NXM_NX_REG11\\[[0..15\\]],exec(move:NXM_OF_ETH_SRC\\[[\\]]->NXM_NX_CT_LABEL\\[[32..79\\]],load:0x[[0-9]]->NXM_NX_CT_MARK\\[[16..31\\]]))" -c) ]) AT_CHECK([ - test 0 -eq $(as hv2 ovs-ofctl dump-flows br-int table=25 | \ + test 0 -eq $(as hv2 ovs-ofctl dump-flows br-int table=$arp_resolve | \ grep "priority=200" | \ grep "actions=move:NXM_NX_CT_LABEL\\[[\\]]->NXM_OF_ETH_DST\\[[\\]]" -c) ]) @@ -29304,11 +29337,11 @@ AT_CAPTURE_FILE([hv2flows]) AT_CHECK([ for hv in 1 2; do - grep table=17 hv${hv}flows | \ + grep table=$ecmp_stateful hv${hv}flows | \ grep "priority=100" | \ grep -c "ct(commit,zone=NXM_NX_REG11\\[[0..15\\]],.*exec(move:NXM_OF_ETH_SRC\\[[\\]]->NXM_NX_CT_LABEL\\[[32..79\\]],load:0x[[0-9]]->NXM_NX_CT_MARK\\[[16..31\\]]))" - grep table=25 hv${hv}flows | \ + grep table=$arp_resolve hv${hv}flows | \ grep "priority=200" | \ grep -c "move:NXM_NX_CT_LABEL\\[[\\]]->NXM_NX_XXREG1\\[[\\]],move:NXM_NX_XXREG1\\[[32..79\\]]->NXM_OF_ETH_DST" done; :], [0], [dnl @@ -29761,6 +29794,9 @@ OVN_POPULATE_ARP wait_for_ports_up ovn-nbctl --wait=hv sync +# Get the OF table numbers +arp_resolve=$(ovn-debug lflow-stage-to-oftable lr_in_arp_resolve) + sw_key=$(ovn-sbctl --bare --columns tunnel_key list datapath_binding r1) echo sw_key: $sw_key @@ -29780,7 +29816,7 @@ AT_CHECK([as hv1 ovs-ofctl dump-flows br-int | grep "actions=controller" | grep ]) # The packet should have been dropped in the lr_in_ip_input stage. -AT_CHECK([as hv1 ovs-ofctl dump-flows br-int | grep -E "table=11, n_packets=1,.* priority=60,ip,metadata=0x${sw_key},nw_dst=10.0.1.1 actions=drop" -c], [0], [dnl +AT_CHECK([as hv1 ovs-ofctl dump-flows br-int | grep -E "table=$(ovn-debug lflow-stage-to-oftable lr_in_ip_input), n_packets=1,.* priority=60,ip,metadata=0x${sw_key},nw_dst=10.0.1.1 actions=drop" -c], [0], [dnl 1 ]) @@ -29810,7 +29846,7 @@ if test X"$1" = X"DGP"; then else prio=2 fi -AT_CHECK([as hv1 ovs-ofctl dump-flows br-int | grep -E "table=25, n_packets=1,.* priority=$prio,ip,$inport.*$outport.*metadata=0x${sw_key},nw_dst=10.0.1.1 actions=drop" -c], [0], [dnl +AT_CHECK([as hv1 ovs-ofctl dump-flows br-int | grep -E "table=$arp_resolve, n_packets=1,.* priority=$prio,ip,$inport.*$outport.*metadata=0x${sw_key},nw_dst=10.0.1.1 actions=drop" -c], [0], [dnl 1 ]) @@ -29829,13 +29865,13 @@ AT_CHECK([as hv1 ovs-ofctl dump-flows br-int | grep "actions=controller" | grep if test X"$1" = X"DGP"; then # The packet dst should be resolved once for E/W centralized NAT purpose. - AT_CHECK([as hv1 ovs-ofctl dump-flows br-int | grep -E "table=25, n_packets=1,.* priority=100,reg0=0xa000101,reg15=.*metadata=0x${sw_key} actions=mod_dl_dst:00:00:00:00:01:01,resubmit" -c], [0], [dnl + AT_CHECK([as hv1 ovs-ofctl dump-flows br-int | grep -E "table=$arp_resolve, n_packets=1,.* priority=100,reg0=0xa000101,reg15=.*metadata=0x${sw_key} actions=mod_dl_dst:00:00:00:00:01:01,resubmit" -c], [0], [dnl 1 ]) fi # The packet should've been finally dropped in the lr_in_arp_resolve stage. -AT_CHECK([as hv1 ovs-ofctl dump-flows br-int | grep -E "table=25, n_packets=2,.* priority=$prio,ip,$inport.*$outport.*metadata=0x${sw_key},nw_dst=10.0.1.1 actions=drop" -c], [0], [dnl +AT_CHECK([as hv1 ovs-ofctl dump-flows br-int | grep -E "table=$arp_resolve, n_packets=2,.* priority=$prio,ip,$inport.*$outport.*metadata=0x${sw_key},nw_dst=10.0.1.1 actions=drop" -c], [0], [dnl 1 ]) OVN_CLEANUP([hv1]) @@ -31705,47 +31741,50 @@ ovn-nbctl --wait=hv pg-set-ports pg1 sw0-p1 sw0-p2 sw0-p3 sw0-p4 AT_CHECK([kill -0 $(cat hv1/ovn-controller.pid)]) check ovn-nbctl --wait=hv sync +# Get the OF table numbers +acl_eval=$(ovn-debug lflow-stage-to-oftable ls_out_acl_eval) + # Check OVS flows are installed properly. -AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=46 | ofctl_strip_all | \ +AT_CHECK_UNQUOTED([as hv1 ovs-ofctl dump-flows br-int table=$acl_eval | ofctl_strip_all | \ grep "priority=2002" | grep conjunction | \ sed 's/conjunction([[^)]]*)/conjunction()/g' | \ sed 's/reg15=0x[[1-9]]/reg15=0xN/g' | sort], [0], [dnl - table=46, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x10/0xfff0 actions=conjunction() - table=46, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x100/0xff00 actions=conjunction() - table=46, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x1000/0xf000 actions=conjunction() - table=46, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x2/0xfffe actions=conjunction() - table=46, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x20/0xffe0 actions=conjunction() - table=46, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x200/0xfe00 actions=conjunction() - table=46, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x2000/0xe000 actions=conjunction() - table=46, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x4/0xfffc actions=conjunction() - table=46, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x40/0xffc0 actions=conjunction() - table=46, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x400/0xfc00 actions=conjunction() - table=46, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x4000/0xc000 actions=conjunction() - table=46, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x8/0xfff8 actions=conjunction() - table=46, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x80/0xff80 actions=conjunction() - table=46, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x800/0xf800 actions=conjunction() - table=46, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x8000/0x8000 actions=conjunction() - table=46, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=1 actions=conjunction() - table=46, priority=2002,udp,reg0=0x100/0x100,reg15=0xN,metadata=0x1,nw_src=192.168.47.4 actions=conjunction() - table=46, priority=2002,udp,reg0=0x100/0x100,reg15=0xN,metadata=0x1,nw_src=192.168.47.4 actions=conjunction() - table=46, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x10/0xfff0 actions=conjunction() - table=46, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x100/0xff00 actions=conjunction() - table=46, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x1000/0xf000 actions=conjunction() - table=46, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x2/0xfffe actions=conjunction() - table=46, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x20/0xffe0 actions=conjunction() - table=46, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x200/0xfe00 actions=conjunction() - table=46, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x2000/0xe000 actions=conjunction() - table=46, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x4/0xfffc actions=conjunction() - table=46, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x40/0xffc0 actions=conjunction() - table=46, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x400/0xfc00 actions=conjunction() - table=46, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x4000/0xc000 actions=conjunction() - table=46, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x8/0xfff8 actions=conjunction() - table=46, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x80/0xff80 actions=conjunction() - table=46, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x800/0xf800 actions=conjunction() - table=46, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x8000/0x8000 actions=conjunction() - table=46, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=1 actions=conjunction() - table=46, priority=2002,udp,reg0=0x80/0x80,reg15=0xN,metadata=0x1,nw_src=192.168.47.4 actions=conjunction() - table=46, priority=2002,udp,reg0=0x80/0x80,reg15=0xN,metadata=0x1,nw_src=192.168.47.4 actions=conjunction() + table=$acl_eval, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x10/0xfff0 actions=conjunction() + table=$acl_eval, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x100/0xff00 actions=conjunction() + table=$acl_eval, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x1000/0xf000 actions=conjunction() + table=$acl_eval, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x2/0xfffe actions=conjunction() + table=$acl_eval, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x20/0xffe0 actions=conjunction() + table=$acl_eval, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x200/0xfe00 actions=conjunction() + table=$acl_eval, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x2000/0xe000 actions=conjunction() + table=$acl_eval, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x4/0xfffc actions=conjunction() + table=$acl_eval, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x40/0xffc0 actions=conjunction() + table=$acl_eval, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x400/0xfc00 actions=conjunction() + table=$acl_eval, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x4000/0xc000 actions=conjunction() + table=$acl_eval, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x8/0xfff8 actions=conjunction() + table=$acl_eval, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x80/0xff80 actions=conjunction() + table=$acl_eval, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x800/0xf800 actions=conjunction() + table=$acl_eval, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x8000/0x8000 actions=conjunction() + table=$acl_eval, priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=1 actions=conjunction() + table=$acl_eval, priority=2002,udp,reg0=0x100/0x100,reg15=0xN,metadata=0x1,nw_src=192.168.47.4 actions=conjunction() + table=$acl_eval, priority=2002,udp,reg0=0x100/0x100,reg15=0xN,metadata=0x1,nw_src=192.168.47.4 actions=conjunction() + table=$acl_eval, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x10/0xfff0 actions=conjunction() + table=$acl_eval, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x100/0xff00 actions=conjunction() + table=$acl_eval, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x1000/0xf000 actions=conjunction() + table=$acl_eval, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x2/0xfffe actions=conjunction() + table=$acl_eval, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x20/0xffe0 actions=conjunction() + table=$acl_eval, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x200/0xfe00 actions=conjunction() + table=$acl_eval, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x2000/0xe000 actions=conjunction() + table=$acl_eval, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x4/0xfffc actions=conjunction() + table=$acl_eval, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x40/0xffc0 actions=conjunction() + table=$acl_eval, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x400/0xfc00 actions=conjunction() + table=$acl_eval, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x4000/0xc000 actions=conjunction() + table=$acl_eval, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x8/0xfff8 actions=conjunction() + table=$acl_eval, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x80/0xff80 actions=conjunction() + table=$acl_eval, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x800/0xf800 actions=conjunction() + table=$acl_eval, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x8000/0x8000 actions=conjunction() + table=$acl_eval, priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=1 actions=conjunction() + table=$acl_eval, priority=2002,udp,reg0=0x80/0x80,reg15=0xN,metadata=0x1,nw_src=192.168.47.4 actions=conjunction() + table=$acl_eval, priority=2002,udp,reg0=0x80/0x80,reg15=0xN,metadata=0x1,nw_src=192.168.47.4 actions=conjunction() ]) OVN_CLEANUP([hv1]) @@ -32920,7 +32959,11 @@ ovs-vsctl add-port br-int lsp0-0 -- set interface lsp0-0 external_ids:iface-id=l ovs-vsctl add-port br-int lsp0-1 -- set interface lsp0-1 external_ids:iface-id=lsp0-1 check ovn-nbctl --wait=hv sync -AT_CHECK([test $(ovs-ofctl dump-flows br-int table=46 | grep conjunction | wc -l) == 22]) + +# Get the OF table numbers +acl_eval=$(ovn-debug lflow-stage-to-oftable ls_out_acl_eval) + +AT_CHECK([test $(ovs-ofctl dump-flows br-int table=$acl_eval | grep conjunction | wc -l) == 22]) # Save the current lflow_run counter lflow_run=$(ovn-appctl -t ovn-controller coverage/read-counter lflow_run) @@ -32930,7 +32973,7 @@ lflow_run=$(ovn-appctl -t ovn-controller coverage/read-counter lflow_run) # 1. Remove half of the ports from pg1. The excepted conjunction flows should be: # 2 + 10 = 12 check ovn-nbctl --wait=hv pg-set-ports pg1 $(for i in 0 1 2 3 4; do for j in 0 1; do echo lsp${i}-${j}; done; done) -AT_CHECK([test $(ovs-ofctl dump-flows br-int table=46 | grep conjunction | wc -l) == 12]) +AT_CHECK([test $(ovs-ofctl dump-flows br-int table=$acl_eval | grep conjunction | wc -l) == 12]) # 2. Unbind lsp0-0. The there shouldn't be any conjunction flows because the # port group const set should have only one member (lsp0-1). And the total @@ -32938,25 +32981,25 @@ AT_CHECK([test $(ovs-ofctl dump-flows br-int table=46 | grep conjunction | wc -l # 10. ovs-vsctl del-port br-int lsp0-0 check ovn-nbctl --wait=hv sync -AT_CHECK([test $(ovs-ofctl dump-flows br-int table=46 | grep conjunction | wc -l) == 0]) -AT_CHECK([test $(ovs-ofctl dump-flows br-int table=46 | grep 192.168 | wc -l) == 10]) +AT_CHECK([test $(ovs-ofctl dump-flows br-int table=$acl_eval | grep conjunction | wc -l) == 0]) +AT_CHECK([test $(ovs-ofctl dump-flows br-int table=$acl_eval | grep 192.168 | wc -l) == 10]) # 3. Rebind lsp0-0. The expected conjunction flows are back to 12. ovs-vsctl add-port br-int lsp0-0 -- set interface lsp0-0 external_ids:iface-id=lsp0-0 check ovn-nbctl --wait=hv sync -AT_CHECK([test $(ovs-ofctl dump-flows br-int table=46 | grep conjunction | wc -l) == 12]) +AT_CHECK([test $(ovs-ofctl dump-flows br-int table=$acl_eval | grep conjunction | wc -l) == 12]) # 4. Bind a lsp (lsp9-0) that doesn't belong to pg1, should not see any change. ovs-vsctl add-port br-int lsp9-0 -- set interface lsp9-0 external_ids:iface-id=lsp9-0 check ovn-nbctl --wait=hv sync -AT_CHECK([test $(ovs-ofctl dump-flows br-int table=46 | grep conjunction | wc -l) == 12]) +AT_CHECK([test $(ovs-ofctl dump-flows br-int table=$acl_eval | grep conjunction | wc -l) == 12]) # 5. Bind another 2 lsps (lsp1-0 lsp1-1) that belong to pg1 and on a different # LS (ls1), should see conjunction flows doubled (12 x 2 = 24) ovs-vsctl add-port br-int lsp1-0 -- set interface lsp1-0 external_ids:iface-id=lsp1-0 ovs-vsctl add-port br-int lsp1-1 -- set interface lsp1-1 external_ids:iface-id=lsp1-1 check ovn-nbctl --wait=hv sync -AT_CHECK([test $(ovs-ofctl dump-flows br-int table=46 | grep conjunction | wc -l) == 24]) +AT_CHECK([test $(ovs-ofctl dump-flows br-int table=$acl_eval | grep conjunction | wc -l) == 24]) # 6. Simulate a SB port-group "del and add" notification to ovn-controller in the # same IDL iteration. ovn-controller should still program the same flows. In @@ -32981,7 +33024,7 @@ for i in $(seq 1 10); do check ovn-nbctl --wait=hv sync # Finally check flow count is the same as before. - AT_CHECK([test $(ovs-ofctl dump-flows br-int table=46 | grep conjunction | wc -l) == 24]) + AT_CHECK([test $(ovs-ofctl dump-flows br-int table=$acl_eval | grep conjunction | wc -l) == 24]) done # Make sure all the above was performed with I-P (no recompute) @@ -33026,15 +33069,18 @@ check ovs-vsctl add-port br-int vm1 \ wait_for_ports_up check ovn-nbctl --wait=hv sync +# Get the OF table numbers +acl_eval=$(ovn-debug lflow-stage-to-oftable ls_in_acl_eval) + dp_key=$(fetch_column Datapath_Binding tunnel_key external_ids:name=ls) rtr_port_key=$(fetch_column Port_Binding tunnel_key logical_port=ls_lr) -ovs-ofctl dump-flows br-int table=16 | grep "reg14=0x${rtr_port_key},metadata=0x${dp_key},nw_dst=42.42.42.42" +ovs-ofctl dump-flows br-int table=$acl_eval | grep "reg14=0x${rtr_port_key},metadata=0x${dp_key},nw_dst=42.42.42.42" # Check that ovn-controller adds a flow to drop packets with dest IP # 42.42.42.42 coming from the router port. -AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=16 | ofctl_strip_all | \ +AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval | ofctl_strip_all | \ grep "reg14=0x${rtr_port_key},metadata=0x${dp_key},nw_dst=42.42.42.42"], [0], [dnl - table=16, priority=1001,ip,reg14=0x${rtr_port_key},metadata=0x${dp_key},nw_dst=42.42.42.42 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,17) + table=$acl_eval, priority=1001,ip,reg14=0x${rtr_port_key},metadata=0x${dp_key},nw_dst=42.42.42.42 actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$(ovn-debug lflow-stage-to-oftable ls_in_acl_action)) ]) OVN_CLEANUP([hv1]) @@ -33389,8 +33435,12 @@ check ovn-nbctl acl-add lsw0 to-lport 1002 'outport == "lp2" && ip4.src == 10.0. # The first ACL should be programmed, but the second one shouldn't. check ovn-nbctl --wait=hv sync -AT_CHECK([ovs-ofctl dump-flows br-int table=46 | grep 10.0.0.111], [0], [ignore]) -AT_CHECK([ovs-ofctl dump-flows br-int table=46 | grep 10.0.0.122], [1], [ignore]) + +# Get the OF table numbers +acl_eval=$(ovn-debug lflow-stage-to-oftable ls_out_acl_eval) + +AT_CHECK([ovs-ofctl dump-flows br-int table=$acl_eval | grep 10.0.0.111], [0], [ignore]) +AT_CHECK([ovs-ofctl dump-flows br-int table=$acl_eval | grep 10.0.0.122], [1], [ignore]) # Now create the lport lp2. check ovn-nbctl lsp-add lsw0 lp2 \ @@ -33398,12 +33448,12 @@ check ovn-nbctl lsp-add lsw0 lp2 \ check ovn-nbctl --wait=hv sync # Now the second ACL should be programmed. -AT_CHECK([ovs-ofctl dump-flows br-int table=46 | grep 10.0.0.122], [0], [ignore]) +AT_CHECK([ovs-ofctl dump-flows br-int table=$acl_eval | grep 10.0.0.122], [0], [ignore]) # Remove the lport lp2 again, the OVS flow for the second ACL should be # removed. check ovn-nbctl --wait=hv lsp-del lp2 -AT_CHECK([ovs-ofctl dump-flows br-int table=46 | grep 10.0.0.122], [1], [ignore]) +AT_CHECK([ovs-ofctl dump-flows br-int table=$acl_eval | grep 10.0.0.122], [1], [ignore]) # Test similar scenario but when the referenced lport is not bound locally. @@ -33417,8 +33467,8 @@ check ovn-nbctl acl-add lsw0 to-lport 1002 'inport == "lp4" && ip4.dst == 10.0.0 # The ACL for lp3 should be programmed, but the one for lp4 shouldn't. check ovn-nbctl --wait=hv sync -AT_CHECK([ovs-ofctl dump-flows br-int table=46 | grep 10.0.0.133], [0], [ignore]) -AT_CHECK([ovs-ofctl dump-flows br-int table=46 | grep 10.0.0.144], [1], [ignore]) +AT_CHECK([ovs-ofctl dump-flows br-int table=$acl_eval | grep 10.0.0.133], [0], [ignore]) +AT_CHECK([ovs-ofctl dump-flows br-int table=$acl_eval | grep 10.0.0.144], [1], [ignore]) # Now create the lport lp4. check ovn-nbctl lsp-add lsw0 lp4 \ @@ -33426,7 +33476,7 @@ check ovn-nbctl lsp-add lsw0 lp4 \ # Now the ACL for lp4 should be programmed. check ovn-nbctl --wait=hv sync -AT_CHECK([ovs-ofctl dump-flows br-int table=46 | grep 10.0.0.144], [0], [ignore]) +AT_CHECK([ovs-ofctl dump-flows br-int table=$acl_eval | grep 10.0.0.144], [0], [ignore]) OVN_CLEANUP([hv1]) AT_CLEANUP @@ -33789,16 +33839,19 @@ done check ovn-nbctl --wait=hv sync +# Get the OF table numbers +arp_rsp=$(ovn-debug lflow-stage-to-oftable ls_in_arp_rsp) + # hv0 should see flows for lsp1 but not lsp2 -AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=29 | grep 10.0.1.2], [0], [ignore]) -AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=29 | grep 10.0.2.2], [1]) +AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=$arp_rsp | grep 10.0.1.2], [0], [ignore]) +AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=$arp_rsp | grep 10.0.2.2], [1]) # hv2 should see flows for lsp2 but not lsp1 -AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=29 | grep 10.0.2.2], [0], [ignore]) -AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=29 | grep 10.0.1.2], [1]) +AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=$arp_rsp | grep 10.0.2.2], [0], [ignore]) +AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=$arp_rsp | grep 10.0.1.2], [1]) # Change lrp_lr_ls1 to a regular lrp, hv2 should see flows for lsp1 check ovn-nbctl --wait=hv lrp-del-gateway-chassis lrp_lr_ls1 hv1 -AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=29 | grep 10.0.1.2], [0], [ignore]) +AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=$arp_rsp | grep 10.0.1.2], [0], [ignore]) # Change it back, and trigger recompute to make sure extra flows are removed # from hv2 (recompute is needed because currently I-P adds local datapaths but @@ -33806,11 +33859,11 @@ AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=29 | grep 10.0.1.2], [0], [ig check ovn-nbctl --wait=hv lrp-set-gateway-chassis lrp_lr_ls1 hv1 1 as hv2 check ovn-appctl -t ovn-controller recompute ovn-nbctl --wait=hv sync -AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=29 | grep 10.0.1.2], [1]) +AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=$arp_rsp | grep 10.0.1.2], [1]) # Enable dnat_and_snat on lr, and now hv2 should see flows for lsp1. AT_CHECK([ovn-nbctl --wait=hv --gateway-port=lrp_lr_ls1 lr-nat-add lr dnat_and_snat 192.168.0.1 10.0.1.3 lsp1 f0:00:00:00:00:03]) -AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=29 | grep 10.0.1.2], [0], [ignore]) +AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=$arp_rsp | grep 10.0.1.2], [0], [ignore]) OVN_CLEANUP([hv1],[hv2]) AT_CLEANUP @@ -35900,6 +35953,10 @@ check ovs-vsctl add-port br-int p2 -- set interface p2 external_ids:iface-id=lsp wait_for_ports_up ovn-nbctl --wait=hv sync +# Get the OF table numbers +acl_eval=$(ovn-debug lflow-stage-to-oftable ls_in_acl_eval) +acl_action=$(ovn-debug lflow-stage-to-oftable ls_in_acl_action) + dnl Ensure the ACL is not translated to OpenFlow. as hv1 AT_CHECK([ovs-ofctl dump-flows br-int | grep '42\.42\.42\.42'], [1], []) @@ -35913,14 +35970,14 @@ lsp2=0x$(fetch_column Port_Binding tunnel_key logical_port=lsp2) dnl Ensure the ACL is translated to OpenFlows expanding pg1. as hv1 AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int | grep '42\.42\.42\.42' | ofctl_strip_all], [0], [dnl - table=16, priority=1001,ip,reg14=$lsp1,metadata=0x1,nw_src=42.42.42.42 actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,17) - table=16, priority=1001,ip,reg14=$lsp2,metadata=0x1,nw_src=42.42.42.42 actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,17) + table=$acl_eval, priority=1001,ip,reg14=$lsp1,metadata=0x1,nw_src=42.42.42.42 actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,$acl_action) + table=$acl_eval, priority=1001,ip,reg14=$lsp2,metadata=0x1,nw_src=42.42.42.42 actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,$acl_action) ]) dnl Remove a port from pg1 and expect OpenFlows to be correctly updated. check ovn-nbctl --wait=hv pg-set-ports pg1 lsp2 AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int | grep '42\.42\.42\.42' | ofctl_strip_all], [0], [dnl - table=16, priority=1001,ip,reg14=$lsp2,metadata=0x1,nw_src=42.42.42.42 actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,17) + table=$acl_eval, priority=1001,ip,reg14=$lsp2,metadata=0x1,nw_src=42.42.42.42 actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,$acl_action) ]) dnl Change the Chassis_Template_Var mapping to use the address set. @@ -35929,14 +35986,14 @@ check ovn-nbctl --wait=hv set Chassis_Template_Var hv1 variables:CONDITION='ip4. dnl Ensure the ACL is translated to OpenFlows expanding as1. as hv1 AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int | grep '42\.42\.42\.42' | ofctl_strip_all], [0], [dnl - table=16, priority=1001,ip,metadata=0x1,nw_src=42.42.42.42,nw_dst=1.1.1.1 actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,17) - table=16, priority=1001,ip,metadata=0x1,nw_src=42.42.42.42,nw_dst=1.1.1.2 actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,17) + table=$acl_eval, priority=1001,ip,metadata=0x1,nw_src=42.42.42.42,nw_dst=1.1.1.1 actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,$acl_action) + table=$acl_eval, priority=1001,ip,metadata=0x1,nw_src=42.42.42.42,nw_dst=1.1.1.2 actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,$acl_action) ]) dnl Remove an IP from AS1 and expect OpenFlows to be correctly updated. check ovn-nbctl --wait=hv set address_set as1 addresses=\"1.1.1.1\" AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int | grep '42\.42\.42\.42' | ofctl_strip_all], [0], [dnl - table=16, priority=1001,ip,metadata=0x1,nw_src=42.42.42.42,nw_dst=1.1.1.1 actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,17) + table=$acl_eval, priority=1001,ip,metadata=0x1,nw_src=42.42.42.42,nw_dst=1.1.1.1 actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,$acl_action) ]) dnl Remove the mapping and expect OpenFlows to be removed. diff --git a/tests/system-ovn-kmod.at b/tests/system-ovn-kmod.at index 14fe4ecec..41d548201 100644 --- a/tests/system-ovn-kmod.at +++ b/tests/system-ovn-kmod.at @@ -112,6 +112,10 @@ NETNS_DAEMONIZE([bar1], [nc -l -k 192.168.2.2 80], [nc-bar1.pid]) # Wait for ovn-controller to catch up. ovn-nbctl --wait=hv sync + +# Get the OF table numbers +dnat=$(ovn-debug lflow-stage-to-oftable lr_in_dnat) + OVS_WAIT_UNTIL([ovs-ofctl -O OpenFlow13 dump-groups br-int | \ grep 'nat(dst=192.168.2.2:80)']) @@ -151,8 +155,8 @@ AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=OFTABLE_CHK_LB_AFFINITY --n ]) check_affinity_flows () { -n1=$(ovs-ofctl dump-flows br-int table=15 |awk '/priority=150,ct_state=\+new\+trk,ip,reg4=0xc0a80102,.*nw_dst=172.16.1.100/{print substr($4,11,length($4)-11)}') -n2=$(ovs-ofctl dump-flows br-int table=15 |awk '/priority=150,ct_state=\+new\+trk,ip,reg4=0xc0a80202,.*nw_dst=172.16.1.100/{print substr($4,11,length($4)-11)}') +n1=$(ovs-ofctl dump-flows br-int table=$dnat |awk '/priority=150,ct_state=\+new\+trk,ip,reg4=0xc0a80102,.*nw_dst=172.16.1.100/{print substr($4,11,length($4)-11)}') +n2=$(ovs-ofctl dump-flows br-int table=$dnat |awk '/priority=150,ct_state=\+new\+trk,ip,reg4=0xc0a80202,.*nw_dst=172.16.1.100/{print substr($4,11,length($4)-11)}') [[ $n1 -gt 0 -a $n2 -eq 0 ]] || [[ $n1 -eq 0 -a $n2 -gt 0 ]] echo $? } @@ -404,6 +408,10 @@ ovn-nbctl lr-lb-add R2 lb10-no-aff # Wait for ovn-controller to catch up. ovn-nbctl --wait=hv sync + +# Get the OF table numbers +dnat=$(ovn-debug lflow-stage-to-oftable lr_in_dnat) + OVS_WAIT_UNTIL([ovs-ofctl -O OpenFlow13 dump-groups br-int | \ grep 'nat(dst=\[[fd11::2\]]:80)']) @@ -448,8 +456,8 @@ AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=OFTABLE_CHK_LB_AFFINITY --n ]) check_affinity_flows () { -n1=$(ovs-ofctl dump-flows br-int table=15 |awk '/priority=150,ct_state=\+new\+trk,ipv6,reg4=0xfd110000,.*ipv6_dst=fd30::1\s/{print substr($4,11,length($4)-11)}') -n2=$(ovs-ofctl dump-flows br-int table=15 |awk '/priority=150,ct_state=\+new\+trk,ipv6,reg4=0xfd120000,.*ipv6_dst=fd30::1\s/{print substr($4,11,length($4)-11)}') +n1=$(ovs-ofctl dump-flows br-int table=$dnat |awk '/priority=150,ct_state=\+new\+trk,ipv6,reg4=0xfd110000,.*ipv6_dst=fd30::1\s/{print substr($4,11,length($4)-11)}') +n2=$(ovs-ofctl dump-flows br-int table=$dnat |awk '/priority=150,ct_state=\+new\+trk,ipv6,reg4=0xfd120000,.*ipv6_dst=fd30::1\s/{print substr($4,11,length($4)-11)}') [[ $n1 -gt 0 -a $n2 -eq 0 ]] || [[ $n1 -eq 0 -a $n2 -gt 0 ]] echo $? } diff --git a/tests/system-ovn.at b/tests/system-ovn.at index 2411b0267..3bc06f057 100644 --- a/tests/system-ovn.at +++ b/tests/system-ovn.at @@ -2168,6 +2168,10 @@ ovn-nbctl -- --id=@nat create nat type="snat" logical_ip=192.168.2.2 \ # Wait for ovn-controller to catch up. ovn-nbctl --wait=hv sync + +# Get the OF table numbers +snat=$(ovn-debug lflow-stage-to-oftable lr_out_snat) + OVS_WAIT_UNTIL([ovs-ofctl -O OpenFlow13 dump-groups br-int | \ grep 'nat(dst=192.168.2.2:80)']) @@ -2204,7 +2208,7 @@ tcp,orig=(src=172.16.1.2,dst=30.0.0.2,sport=,dport=),reply=(sr ]) check_est_flows () { - n=$(ovs-ofctl dump-flows br-int table=13 | grep \ + n=$(ovs-ofctl dump-flows br-int table=$(ovn-debug lflow-stage-to-oftable lr_in_defrag) | grep \ "priority=100,tcp,metadata=0x2,nw_dst=30.0.0.2" | grep nat | sed -n 's/.*n_packets=\([[0-9]]\{1,\}\).*/\1/p') @@ -2230,7 +2234,7 @@ ovn-nbctl set load_balancer $uuid vips:'"30.0.0.2:8000"'='"192.168.1.2:80,192.16 ovn-nbctl list load_balancer ovn-sbctl dump-flows R2 -OVS_WAIT_UNTIL([ovs-ofctl -O OpenFlow13 dump-flows br-int table=45 | \ +OVS_WAIT_UNTIL([ovs-ofctl -O OpenFlow13 dump-flows br-int table=$snat | \ grep 'nat(src=20.0.0.2)']) check ovs-appctl dpctl/flush-conntrack @@ -2269,7 +2273,7 @@ ovn-nbctl set load_balancer $uuid vips:'"30.0.0.2:8000"'='"192.168.1.2:80,192.16 ovn-nbctl list load_balancer ovn-sbctl dump-flows R2 -OVS_WAIT_UNTIL([ovs-ofctl -O OpenFlow13 dump-flows br-int table=45 | \ +OVS_WAIT_UNTIL([ovs-ofctl -O OpenFlow13 dump-flows br-int table=$snat | \ grep 'nat(src=20.0.0.2)']) rm -f wget*.log @@ -5055,7 +5059,7 @@ OVS_WAIT_UNTIL([ ]) OVS_WAIT_UNTIL([ - n_pkt=$(ovs-ofctl dump-flows br-int table=46 | grep -v n_packets=0 | \ + n_pkt=$(ovs-ofctl dump-flows br-int table=$(ovn-debug lflow-stage-to-oftable ls_out_acl_eval) | grep -v n_packets=0 | \ grep controller | grep tp_dst=84 -c) test $n_pkt -eq 1 ]) @@ -5302,7 +5306,7 @@ OVS_WAIT_UNTIL([ ]) OVS_WAIT_UNTIL([ - n_pkt=$(ovs-ofctl dump-flows br-int table=46 | grep -v n_packets=0 | \ + n_pkt=$(ovs-ofctl dump-flows br-int table=$(ovn-debug lflow-stage-to-oftable ls_out_acl_eval) | grep -v n_packets=0 | \ grep controller | grep tp_dst=84 -c) test $n_pkt -eq 1 ]) @@ -8818,7 +8822,7 @@ ovn-sbctl list ip_multicast wait_igmp_flows_installed() { - OVS_WAIT_UNTIL([ovs-ofctl dump-flows br-int table=35 | \ + OVS_WAIT_UNTIL([ovs-ofctl dump-flows br-int table=$(ovn-debug lflow-stage-to-oftable ls_in_l2_lkup) | \ grep 'priority=90' | grep "nw_dst=$1"]) } @@ -12029,7 +12033,7 @@ sctp,orig=(src=172.16.1.2,dst=30.0.0.2,sport=,dport=),reply=(s ]) check_est_flows () { - n=$(ovs-ofctl dump-flows br-int table=15 | grep "+est" \ + n=$(ovs-ofctl dump-flows br-int table=$(ovn-debug lflow-stage-to-oftable lr_in_dnat) | grep "+est" \ | grep "ct_mark=$1" | sed -n 's/.*n_packets=\([[0-9]]\{1,\}\).*/\1/p') echo "n_packets=$n" @@ -12055,7 +12059,7 @@ ovn-nbctl set load_balancer $uuid vips:'"30.0.0.2:8000"'='"192.168.1.2:12345,192 ovn-nbctl list load_balancer ovn-sbctl dump-flows R2 -OVS_WAIT_UNTIL([ovs-ofctl -O OpenFlow13 dump-flows br-int table=45 | grep 'nat(src=20.0.0.2)']) +OVS_WAIT_UNTIL([ovs-ofctl -O OpenFlow13 dump-flows br-int table=$(ovn-debug lflow-stage-to-oftable lr_out_snat) | grep 'nat(src=20.0.0.2)']) dnl Test load-balancing that includes L4 ports in NAT. for i in `seq 1 20`; do