[ovs-dev] [PATCH ovn] nbctl: Display "apply-after-lb" information when listing ACLs.

Fri, 13 Jan 2023 01:52:32 -0800 

Otherwise it's hard to tell which ones are applied before and which ones
are applied after load balancing.

Signed-off-by: Dumitru Ceara <dce...@redhat.com>
---
 tests/ovn-nbctl.at    | 9 +++++++++
 utilities/ovn-nbctl.c | 7 +++++++
 2 files changed, 16 insertions(+)

diff --git a/tests/ovn-nbctl.at b/tests/ovn-nbctl.at
index 8885ac9fcc..2fffe18500 100644
--- a/tests/ovn-nbctl.at
+++ b/tests/ovn-nbctl.at
@@ -223,6 +223,9 @@ ovn_nbctl_test_acl() {
    AT_CHECK([ovn-nbctl $2 acl-add $1 to-lport 100 ip drop])
    AT_CHECK([ovn-nbctl $2 --label=1234 acl-add $1 from-lport 70 icmp 
allow-related])
    AT_CHECK([ovn-nbctl $2 --label=1235 acl-add $1 to-lport 70 icmp 
allow-related])
+   AT_CHECK([ovn-nbctl $2 --apply-after-lb acl-add $1 from-lport 500 tcp 
allow])
+   AT_CHECK([ovn-nbctl $2 --apply-after-lb acl-add $1 from-lport 300 tcp drop])
+   AT_CHECK([ovn-nbctl $2 --apply-after-lb acl-add $1 from-lport 300 udp 
allow])
 
    dnl Add duplicated ACL
    AT_CHECK([ovn-nbctl $2 acl-add $1 to-lport 100 ip drop], [1], [], [stderr])
@@ -247,6 +250,9 @@ from-lport   600 (udp) drop log()
 from-lport   400 (tcp) drop
 from-lport   200 (ip) drop
 from-lport    70 (icmp) allow-related label=1234
+from-lport   500 (tcp) allow [[after-lb]]
+from-lport   300 (tcp) drop [[after-lb]]
+from-lport   300 (udp) allow [[after-lb]]
   to-lport   500 (udp) drop log(name=test,severity=info)
   to-lport   300 (tcp) drop
   to-lport   100 (ip) drop
@@ -260,6 +266,9 @@ from-lport   600 (udp) drop log()
 from-lport   400 (tcp) drop
 from-lport   200 (ip) drop
 from-lport    70 (icmp) allow-related label=1234
+from-lport   500 (tcp) allow [[after-lb]]
+from-lport   300 (tcp) drop [[after-lb]]
+from-lport   300 (udp) allow [[after-lb]]
 ])
 
    dnl Delete all ACLs.
diff --git a/utilities/ovn-nbctl.c b/utilities/ovn-nbctl.c
index 9d4fb8c757..ae4d6c4036 100644
--- a/utilities/ovn-nbctl.c
+++ b/utilities/ovn-nbctl.c
@@ -2091,9 +2091,13 @@ acl_cmp(const void *acl1_, const void *acl2_)
 
     int dir1 = dir_encode(acl1->direction);
     int dir2 = dir_encode(acl2->direction);
+    bool after_lb1 = smap_get_bool(&acl1->options, "apply-after-lb", false);
+    bool after_lb2 = smap_get_bool(&acl2->options, "apply-after-lb", false);
 
     if (dir1 != dir2) {
         return dir1 < dir2 ? -1 : 1;
+    } else if (after_lb1 != after_lb2) {
+        return after_lb2 ? -1 : 1;
     } else if (acl1->priority != acl2->priority) {
         return acl1->priority > acl2->priority ? -1 : 1;
     } else {
@@ -2192,6 +2196,9 @@ nbctl_acl_list(struct ctl_context *ctx)
         if (acl->label) {
           ds_put_format(&ctx->output, " label=%"PRId64, acl->label);
         }
+        if (smap_get_bool(&acl->options, "apply-after-lb", false)) {
+            ds_put_cstr(&ctx->output, " [after-lb]");
+        }
         ds_put_cstr(&ctx->output, "\n");
     }
 
-- 
2.31.1

_______________________________________________
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Reply via email to