Minor change to ovn-nbctl to prevent users from attempting
to use port range and stateless together. That is so
because port range uses conntrack to set the source port.
Signed-off-by: Flavio Fernandes <fla...@flaviof.com>
---
tests/ovn-nbctl.at | 4 ++++
utilities/ovn-nbctl.c | 6 ++++++
2 files changed, 10 insertions(+)
diff --git a/tests/ovn-nbctl.at b/tests/ovn-nbctl.at
index 66fbcc748..637d88fcd 100644
--- a/tests/ovn-nbctl.at
+++ b/tests/ovn-nbctl.at
@@ -652,6 +652,10 @@ AT_CHECK([ovn-nbctl --portrange lr-nat-add lr0
dnat_and_snat 40.0.0.6 192.168.1.
[ovn-nbctl: invalid port range 0-10.
])
+AT_CHECK([ovn-nbctl --stateless --portrange lr-nat-add lr0 dnat_and_snat
40.0.0.5 192.168.1.8 6], [1], [],
+[ovn-nbctl: --stateless and --portrange may not be used together
+])
+
AT_CHECK([ovn-nbctl show lr0 | grep -c 'external port(s): "1-3000"'], [0], [dnl
3
])
diff --git a/utilities/ovn-nbctl.c b/utilities/ovn-nbctl.c
index cb46d3aa5..95eb54bf3 100644
--- a/utilities/ovn-nbctl.c
+++ b/utilities/ovn-nbctl.c
@@ -4167,6 +4167,12 @@ nbctl_lr_nat_add(struct ctl_context *ctx)
ctl_error(ctx, "stateless is not applicable to dnat or snat types");
return;
}
+ /* Port range needs conntrack, so it can't be stateless. */
+ if (stateless && is_portrange) {
+ ctl_error(ctx, "--stateless and --portrange may not be used "
+ "together");
+ return;
+ }
int is_snat = !strcmp("snat", nat_type);
for (size_t i = 0; i < lr->n_nat; i++) {
--
2.17.1
_______________________________________________
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
