This makes it more debuggable. Signed-off-by: Ben Pfaff <b...@ovn.org> --- tests/ovn-northd.at | 67 +++++++++++++++++++++++++++++---------------- 1 file changed, 44 insertions(+), 23 deletions(-)
diff --git a/tests/ovn-northd.at b/tests/ovn-northd.at index 9e7d8750f8fd..0bf20c1a7053 100644 --- a/tests/ovn-northd.at +++ b/tests/ovn-northd.at @@ -909,14 +909,14 @@ AT_CHECK([ ]) # Stateful FIP with ALLOWED_IPs -ovn-nbctl lr-nat-del DR snat 50.0.0.11 -ovn-nbctl lr-nat-del CR snat 50.0.0.11 +check ovn-nbctl lr-nat-del DR snat 50.0.0.11 +check ovn-nbctl lr-nat-del CR snat 50.0.0.11 -ovn-nbctl lr-nat-add DR dnat_and_snat 172.16.1.2 50.0.0.11 -ovn-nbctl lr-nat-add CR dnat_and_snat 172.16.1.2 50.0.0.11 +check ovn-nbctl lr-nat-add DR dnat_and_snat 172.16.1.2 50.0.0.11 +check ovn-nbctl lr-nat-add CR dnat_and_snat 172.16.1.2 50.0.0.11 -ovn-nbctl lr-nat-update-ext-ip DR dnat_and_snat 172.16.1.2 allowed_range -ovn-nbctl lr-nat-update-ext-ip CR dnat_and_snat 172.16.1.2 allowed_range +check ovn-nbctl lr-nat-update-ext-ip DR dnat_and_snat 172.16.1.2 allowed_range +check ovn-nbctl lr-nat-update-ext-ip CR dnat_and_snat 172.16.1.2 allowed_range ovn-nbctl show DR ovn-sbctl dump-flows DR @@ -1691,45 +1691,59 @@ AT_CLEANUP AT_SETUP([ovn-northd -- reject ACL]) ovn_start -ovn-nbctl ls-add sw0 -ovn-nbctl lsp-add sw0 sw0-p1 +check ovn-nbctl ls-add sw0 +check ovn-nbctl lsp-add sw0 sw0-p1 -ovn-nbctl ls-add sw1 -ovn-nbctl lsp-add sw1 sw1-p1 +check ovn-nbctl ls-add sw1 +check ovn-nbctl lsp-add sw1 sw1-p1 + +check ovn-nbctl pg-add pg0 sw0-p1 sw1-p1 +check ovn-nbctl acl-add pg0 from-lport 1002 "inport == @pg0 && ip4 && tcp && tcp.dst == 80" reject +check ovn-nbctl acl-add pg0 to-lport 1003 "outport == @pg0 && ip6 && udp" reject + +check ovn-nbctl --wait=hv sync -ovn-nbctl pg-add pg0 sw0-p1 sw1-p1 -ovn-nbctl acl-add pg0 from-lport 1002 "inport == @pg0 && ip4 && tcp && tcp.dst == 80" reject -ovn-nbctl acl-add pg0 to-lport 1003 "outport == @pg0 && ip6 && udp" reject +AS_BOX([1]) -ovn-nbctl --wait=hv sync +ovn-sbctl dump-flows sw0 > sw0flows +AT_CAPTURE_FILE([sw0flows]) +ovn-sbctl dump-flows sw1 > sw1flows +AT_CAPTURE_FILE([sw1flows]) -AT_CHECK([ovn-sbctl lflow-list sw0 | grep "ls_in_acl" | grep pg0 | sort], [0], [dnl +AT_CHECK([grep "ls_in_acl" sw0flows | grep pg0 | sort], [0], [dnl table=7 (ls_in_acl ), priority=2002 , dnl match=(inport == @pg0 && ip4 && tcp && tcp.dst == 80), dnl action=(reg0 = 0; reject { /* eth.dst <-> eth.src; ip.dst <-> ip.src; is implicit. */ outport <-> inport; next(pipeline=egress,table=6); };) ]) -AT_CHECK([ovn-sbctl lflow-list sw1 | grep "ls_in_acl" | grep pg0 | sort], [0], [dnl +AT_CHECK([grep "ls_in_acl" sw1flows | grep pg0 | sort], [0], [dnl table=7 (ls_in_acl ), priority=2002 , dnl match=(inport == @pg0 && ip4 && tcp && tcp.dst == 80), dnl action=(reg0 = 0; reject { /* eth.dst <-> eth.src; ip.dst <-> ip.src; is implicit. */ outport <-> inport; next(pipeline=egress,table=6); };) ]) -AT_CHECK([ovn-sbctl lflow-list sw0 | grep "ls_out_acl" | grep pg0 | sort], [0], [dnl +AT_CHECK([grep "ls_out_acl" sw0flows | grep pg0 | sort], [0], [dnl table=5 (ls_out_acl ), priority=2003 , dnl match=(outport == @pg0 && ip6 && udp), dnl action=(reg0 = 0; reject { /* eth.dst <-> eth.src; ip.dst <-> ip.src; is implicit. */ outport <-> inport; next(pipeline=ingress,table=20); };) ]) -AT_CHECK([ovn-sbctl lflow-list sw1 | grep "ls_out_acl" | grep pg0 | sort], [0], [dnl +AT_CHECK([grep "ls_out_acl" sw1flows | grep pg0 | sort], [0], [dnl table=5 (ls_out_acl ), priority=2003 , dnl match=(outport == @pg0 && ip6 && udp), dnl action=(reg0 = 0; reject { /* eth.dst <-> eth.src; ip.dst <-> ip.src; is implicit. */ outport <-> inport; next(pipeline=ingress,table=20); };) ]) -ovn-nbctl acl-add pg0 to-lport 1002 "outport == @pg0 && ip4 && udp" reject +AS_BOX([2]) -AT_CHECK([ovn-sbctl lflow-list sw0 | grep "ls_out_acl" | grep pg0 | sort], [0], [dnl +ovn-nbctl --wait=sb acl-add pg0 to-lport 1002 "outport == @pg0 && ip4 && udp" reject + +ovn-sbctl dump-flows sw0 > sw0flows2 +AT_CAPTURE_FILE([sw0flows2]) +ovn-sbctl dump-flows sw1 > sw1flows2 +AT_CAPTURE_FILE([sw1flows2]) + +AT_CHECK([grep "ls_out_acl" sw0flows2 | grep pg0 | sort], [0], [dnl table=5 (ls_out_acl ), priority=2002 , dnl match=(outport == @pg0 && ip4 && udp), dnl action=(reg0 = 0; reject { /* eth.dst <-> eth.src; ip.dst <-> ip.src; is implicit. */ outport <-> inport; next(pipeline=ingress,table=20); };) @@ -1738,7 +1752,7 @@ match=(outport == @pg0 && ip6 && udp), dnl action=(reg0 = 0; reject { /* eth.dst <-> eth.src; ip.dst <-> ip.src; is implicit. */ outport <-> inport; next(pipeline=ingress,table=20); };) ]) -AT_CHECK([ovn-sbctl lflow-list sw1 | grep "ls_out_acl" | grep pg0 | sort], [0], [dnl +AT_CHECK([grep "ls_out_acl" sw1flows2 | grep pg0 | sort], [0], [dnl table=5 (ls_out_acl ), priority=2002 , dnl match=(outport == @pg0 && ip4 && udp), dnl action=(reg0 = 0; reject { /* eth.dst <-> eth.src; ip.dst <-> ip.src; is implicit. */ outport <-> inport; next(pipeline=ingress,table=20); };) @@ -1747,9 +1761,16 @@ match=(outport == @pg0 && ip6 && udp), dnl action=(reg0 = 0; reject { /* eth.dst <-> eth.src; ip.dst <-> ip.src; is implicit. */ outport <-> inport; next(pipeline=ingress,table=20); };) ]) +AS_BOX([3]) + ovn-nbctl --wait=sb acl-add pg0 to-lport 1001 "outport == @pg0 && ip" allow-related -AT_CHECK([ovn-sbctl lflow-list sw0 | grep "ls_out_acl" | grep pg0 | sort], [0], [dnl +ovn-sbctl dump-flows sw0 > sw0flows3 +AT_CAPTURE_FILE([sw0flows3]) +ovn-sbctl dump-flows sw1 > sw1flows3 +AT_CAPTURE_FILE([sw1flows3]) + +AT_CHECK([grep "ls_out_acl" sw0flows3 | grep pg0 | sort], [0], [dnl table=5 (ls_out_acl ), priority=2001 , dnl match=(reg0[[7]] == 1 && (outport == @pg0 && ip)), action=(reg0[[1]] = 1; next;) table=5 (ls_out_acl ), priority=2001 , dnl @@ -1768,7 +1789,7 @@ match=((reg0[[9]] == 1) && outport == @pg0 && ip6 && udp), dnl action=(reg0 = 0; reject { /* eth.dst <-> eth.src; ip.dst <-> ip.src; is implicit. */ outport <-> inport; next(pipeline=ingress,table=20); };) ]) -AT_CHECK([ovn-sbctl lflow-list sw1 | grep "ls_out_acl" | grep pg0 | sort], [0], [dnl +AT_CHECK([grep "ls_out_acl" sw1flows3 | grep pg0 | sort], [0], [dnl table=5 (ls_out_acl ), priority=2001 , dnl match=(reg0[[7]] == 1 && (outport == @pg0 && ip)), action=(reg0[[1]] = 1; next;) table=5 (ls_out_acl ), priority=2001 , dnl -- 2.26.2 _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev