Use the ovn-debug commands to determine OpenFlow table numbers
based on stage name. With this there is no need to hardcode them
and it should be future proof for stage shifts/updates.
Signed-off-by: Ales Musil <amu...@redhat.com>
Acked-by: Mark Michelson <mmich...@redhat.com>
---
v4: Rebase on top of main.
Add ack from Mark.
---
tests/ovn-controller.at | 342 +++++++++++++++++++---------------
tests/ovn.at | 389 ++++++++++++++++++++++-----------------
tests/system-ovn-kmod.at | 16 +-
tests/system-ovn.at | 20 +-
4 files changed, 438 insertions(+), 329 deletions(-)
diff --git a/tests/ovn-controller.at b/tests/ovn-controller.at
index f77e032d4..66e870876 100644
--- a/tests/ovn-controller.at
+++ b/tests/ovn-controller.at
@@ -901,6 +901,10 @@ check ovn-nbctl lsp-add ls1 ls1-lp1 \
wait_for_ports_up
ovn-appctl -t ovn-controller vlog/set file:dbg
+# Get the OF table numbers
+acl_eval=$(ovn-debug lflow-stage-to-oftable ls_out_acl_eval)
+acl_action=$(ovn-debug lflow-stage-to-oftable ls_out_acl_action)
+
dp_key=$(printf "%x" $(fetch_column datapath tunnel_key
external_ids:name=ls1))
port_key=$(printf "%x" $(fetch_column port_binding tunnel_key
logical_port=ls1-lp1))
@@ -918,14 +922,14 @@ for i in $(seq 10); do
check ovn-nbctl add address_set as1 addresses 10.0.0.$i
check ovn-nbctl --wait=hv sync
if test "$i" = 3; then
- AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int
table=46,reg15=0x$port_key | \
+ AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int
table=$acl_eval,reg15=0x$port_key | \
grep -v reply | awk '{print $7, $8}' | sort], [0], [dnl
-priority=1100,ip,reg15=0x1,metadata=0x1,nw_src=10.0.0.1
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
-priority=1100,ip,reg15=0x1,metadata=0x1,nw_src=10.0.0.2
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
-priority=1100,ip,reg15=0x1,metadata=0x1,nw_src=10.0.0.3
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
+priority=1100,ip,reg15=0x1,metadata=0x1,nw_src=10.0.0.1
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action)
+priority=1100,ip,reg15=0x1,metadata=0x1,nw_src=10.0.0.2
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action)
+priority=1100,ip,reg15=0x1,metadata=0x1,nw_src=10.0.0.3
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action)
])
fi
- AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46 | grep -c
"priority=1100"], [0], [$i
+ AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c
"priority=1100"], [0], [$i
])
done
@@ -940,15 +944,15 @@ for i in $(seq 10); do
check ovn-nbctl remove address_set as1 addresses 10.0.0.$i
check ovn-nbctl --wait=hv sync
if test "$i" = 9; then
- AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int
table=46,reg15=0x$port_key | \
+ AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int
table=$acl_eval,reg15=0x$port_key | \
grep -v reply | awk '{print $7, $8}'], [0], [dnl
-priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.10
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
+priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.10
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action)
])
fi
if test "$i" = 10; then
- AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46 | grep
"priority=1100"], [1], [ignore])
+ AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval | grep
"priority=1100"], [1], [ignore])
else
- AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46 | grep -c
"priority=1100"], [0], [$((10 - $i))
+ AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c
"priority=1100"], [0], [$((10 - $i))
])
fi
done
@@ -966,17 +970,17 @@ for i in $(seq 10); do
check ovn-nbctl add address_set as1 addresses 10.0.0.$i,10.0.1.$i
check ovn-nbctl --wait=hv sync
if test "$i" = 3; then
- AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int
table=46,reg15=0x$port_key | \
+ AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int
table=$acl_eval,reg15=0x$port_key | \
grep -v reply | awk '{print $7, $8}' | sort], [0], [dnl
-priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
-priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.2
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
-priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.3
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
-priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.1.1
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
-priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.1.2
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
-priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.1.3
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
+priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action)
+priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.2
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action)
+priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.3
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action)
+priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.1.1
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action)
+priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.1.2
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action)
+priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.1.3
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action)
])
fi
- AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46 | grep -c
"priority=1100"], [0], [$(($i * 2))
+ AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c
"priority=1100"], [0], [$(($i * 2))
])
done
@@ -993,11 +997,11 @@ reprocess_count_old=$(read_counter consider_logical_flow)
check ovn-nbctl add address_set as1 addresses 10.0.0.21,10.0.0.22 -- \
remove address_set as1 addresses 10.0.0.10
check ovn-nbctl --wait=hv sync
-AT_CHECK([ovs-ofctl dump-flows br-int table=46 | grep -c 10\.0\.0\.21], [0], [1
+AT_CHECK([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c 10\.0\.0\.21],
[0], [1
])
-AT_CHECK([ovs-ofctl dump-flows br-int table=46 | grep -c 10\.0\.0\.22], [0], [1
+AT_CHECK([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c 10\.0\.0\.22],
[0], [1
])
-AT_CHECK([ovs-ofctl dump-flows br-int table=46 | grep 10\.0\.0\.10], [1],
[ignore])
+AT_CHECK([ovs-ofctl dump-flows br-int table=$acl_eval | grep 10\.0\.0\.10],
[1], [ignore])
reprocess_count_new=$(read_counter consider_logical_flow)
AT_CHECK([echo $(($reprocess_count_new - $reprocess_count_old))], [0], [0
@@ -1009,9 +1013,9 @@ reprocess_count_old=$(read_counter consider_logical_flow)
check ovn-nbctl remove address_set as1 addresses 10.0.0.21,10.0.0.22 -- \
add address_set as1 addresses 10.0.0.10
check ovn-nbctl --wait=hv sync
-AT_CHECK([ovs-ofctl dump-flows br-int table=46 | grep 10\.0\.0\.21], [1],
[ignore])
-AT_CHECK([ovs-ofctl dump-flows br-int table=46 | grep 10\.0\.0\.22], [1],
[ignore])
-AT_CHECK([ovs-ofctl dump-flows br-int table=46 | grep -c 10\.0\.0\.10], [0], [1
+AT_CHECK([ovs-ofctl dump-flows br-int table=$acl_eval | grep 10\.0\.0\.21],
[1], [ignore])
+AT_CHECK([ovs-ofctl dump-flows br-int table=$acl_eval | grep 10\.0\.0\.22],
[1], [ignore])
+AT_CHECK([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c 10\.0\.0\.10],
[0], [1
])
reprocess_count_new=$(read_counter consider_logical_flow)
@@ -1024,9 +1028,9 @@ reprocess_count_old=$(read_counter consider_logical_flow)
check ovn-nbctl add address_set as1 addresses 10.0.0.21 -- \
remove address_set as1 addresses 10.0.0.10
check ovn-nbctl --wait=hv sync
-AT_CHECK([ovs-ofctl dump-flows br-int table=46 | grep -c 10\.0\.0\.21], [0], [1
+AT_CHECK([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c 10\.0\.0\.21],
[0], [1
])
-AT_CHECK([ovs-ofctl dump-flows br-int table=46 | grep 10\.0\.0\.10], [1],
[ignore])
+AT_CHECK([ovs-ofctl dump-flows br-int table=$acl_eval | grep 10\.0\.0\.10],
[1], [ignore])
reprocess_count_new=$(read_counter consider_logical_flow)
AT_CHECK([echo $(($reprocess_count_new - $reprocess_count_old))], [0], [0
@@ -1038,12 +1042,12 @@ reprocess_count_old=$(read_counter
consider_logical_flow)
check ovn-nbctl add address_set as1 addresses 10.0.0.22,10.0.0.23 -- \
remove address_set as1 addresses 10.0.0.9,10.0.0.8
check ovn-nbctl --wait=hv sync
-AT_CHECK([ovs-ofctl dump-flows br-int table=46 | grep -c 10\.0\.0\.22], [0], [1
+AT_CHECK([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c 10\.0\.0\.22],
[0], [1
])
-AT_CHECK([ovs-ofctl dump-flows br-int table=46 | grep -c 10\.0\.0\.23], [0], [1
+AT_CHECK([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c 10\.0\.0\.23],
[0], [1
])
-AT_CHECK([ovs-ofctl dump-flows br-int table=46 | grep 10\.0\.0\.8], [1],
[ignore])
-AT_CHECK([ovs-ofctl dump-flows br-int table=46 | grep 10\.0\.0\.9], [1],
[ignore])
+AT_CHECK([ovs-ofctl dump-flows br-int table=$acl_eval | grep 10\.0\.0\.8],
[1], [ignore])
+AT_CHECK([ovs-ofctl dump-flows br-int table=$acl_eval | grep 10\.0\.0\.9],
[1], [ignore])
reprocess_count_new=$(read_counter consider_logical_flow)
AT_CHECK([echo $(($reprocess_count_new - $reprocess_count_old))], [0], [0
@@ -1074,6 +1078,10 @@ check ovn-nbctl lsp-add ls1 ls1-lp1 \
wait_for_ports_up
ovn-appctl -t ovn-controller vlog/set file:dbg
+# Get the OF table numbers
+acl_eval=$(ovn-debug lflow-stage-to-oftable ls_out_acl_eval)
+acl_action=$(ovn-debug lflow-stage-to-oftable ls_out_acl_action)
+
dp_key=$(printf "%x" $(fetch_column datapath tunnel_key
external_ids:name=ls1))
port_key=$(printf "%x" $(fetch_column port_binding tunnel_key
logical_port=ls1-lp1))
@@ -1091,24 +1099,24 @@ for i in $(seq 10); do
check ovn-nbctl add address_set as1 addresses 10.0.0.$i
check ovn-nbctl --wait=hv sync
if test "$i" = 1; then
- AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int
table=46,reg15=0x$port_key | \
+ AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int
table=$acl_eval,reg15=0x$port_key | \
grep -v reply | awk '{print $7, $8}' | sort], [0], [dnl
-priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1,tp_dst=111
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
-priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1,tp_dst=222
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
-priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1,tp_dst=333
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
+priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1,tp_dst=111
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action)
+priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1,tp_dst=222
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action)
+priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1,tp_dst=333
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action)
])
else
# (1 conj_id flow + 3 tp_dst flows) = 4 extra flows
- AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46 | grep -c
"priority=1100"], [0], [$(($i + 4))
+ AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c
"priority=1100"], [0], [$(($i + 4))
])
fi
if test "$i" = 3; then
- AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int
table=46,reg15=0x$port_key | \
+ AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int
table=$acl_eval,reg15=0x$port_key | \
grep -v reply | awk '{print $7, $8}' | \
sed -r 's/conjunction.*,/conjunction,/' | \
sed -r 's/conj_id=.*,metadata/conj_id=,metadata/' | sort], [0],
[dnl
-priority=1100,conj_id=,metadata=0x$dp_key
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
+priority=1100,conj_id=,metadata=0x$dp_key
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action)
priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1
actions=conjunction,1/2)
priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.2
actions=conjunction,1/2)
priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.3
actions=conjunction,1/2)
@@ -1130,17 +1138,17 @@ for i in $(seq 10); do
check ovn-nbctl remove address_set as1 addresses 10.0.0.$i
check ovn-nbctl --wait=hv sync
if test "$i" = 10; then
- AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46 | grep
"priority=1100"], [1], [ignore])
+ AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval | grep
"priority=1100"], [1], [ignore])
elif test "$i" = 9; then
# no conjunction left
- AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int
table=46,reg15=0x$port_key | \
+ AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int
table=$acl_eval,reg15=0x$port_key | \
grep -v reply | awk '{print $7, $8}' | sort], [0], [dnl
-priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.10,tp_dst=111
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
-priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.10,tp_dst=222
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
-priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.10,tp_dst=333
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
+priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.10,tp_dst=111
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action)
+priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.10,tp_dst=222
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action)
+priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.10,tp_dst=333
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action)
])
else
- AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46 | grep -c
"priority=1100"], [0], [$((14 - $i))
+ AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c
"priority=1100"], [0], [$((14 - $i))
])
fi
done
@@ -1156,11 +1164,11 @@ for i in $(seq 10); do
check ovn-nbctl add address_set as1 addresses 10.0.0.$i,10.0.1.$i
check ovn-nbctl --wait=hv sync
if test "$i" = 3; then
- AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int
table=46,reg15=0x$port_key | \
+ AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int
table=$acl_eval,reg15=0x$port_key | \
grep -v reply | awk '{print $7, $8}' | \
sed -r 's/conjunction.*,/conjunction,/' | \
sed -r 's/conj_id=.*,metadata/conj_id=,metadata/' | sort], [0],
[dnl
-priority=1100,conj_id=,metadata=0x$dp_key
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
+priority=1100,conj_id=,metadata=0x$dp_key
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action)
priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1
actions=conjunction,1/2)
priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.2
actions=conjunction,1/2)
priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.3
actions=conjunction,1/2)
@@ -1172,7 +1180,7 @@
priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,tp_dst=222 actions=conjun
priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,tp_dst=333
actions=conjunction,2/2)
])
fi
- AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46 | grep -c
"priority=1100"], [0], [$(($i * 2 + 4))
+ AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c
"priority=1100"], [0], [$(($i * 2 + 4))
])
done
@@ -1188,11 +1196,11 @@ reprocess_count_old=$(read_counter consider_logical_flow)
check ovn-nbctl add address_set as1 addresses 10.0.0.21,10.0.0.22 -- \
remove address_set as1 addresses 10.0.0.10
check ovn-nbctl --wait=hv sync
-AT_CHECK([ovs-ofctl dump-flows br-int table=46 | grep -c 10\.0\.0\.21], [0], [1
+AT_CHECK([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c 10\.0\.0\.21],
[0], [1
])
-AT_CHECK([ovs-ofctl dump-flows br-int table=46 | grep -c 10\.0\.0\.22], [0], [1
+AT_CHECK([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c 10\.0\.0\.22],
[0], [1
])
-AT_CHECK([ovs-ofctl dump-flows br-int table=46 | grep 10\.0\.0\.10], [1],
[ignore])
+AT_CHECK([ovs-ofctl dump-flows br-int table=$acl_eval | grep 10\.0\.0\.10],
[1], [ignore])
reprocess_count_new=$(read_counter consider_logical_flow)
AT_CHECK([echo $(($reprocess_count_new - $reprocess_count_old))], [0], [0
@@ -1204,9 +1212,9 @@ reprocess_count_old=$(read_counter consider_logical_flow)
check ovn-nbctl remove address_set as1 addresses 10.0.0.21,10.0.0.22 -- \
add address_set as1 addresses 10.0.0.10
check ovn-nbctl --wait=hv sync
-AT_CHECK([ovs-ofctl dump-flows br-int table=46 | grep 10\.0\.0\.21], [1],
[ignore])
-AT_CHECK([ovs-ofctl dump-flows br-int table=46 | grep 10\.0\.0\.22], [1],
[ignore])
-AT_CHECK([ovs-ofctl dump-flows br-int table=46 | grep -c 10\.0\.0\.10], [0], [1
+AT_CHECK([ovs-ofctl dump-flows br-int table=$acl_eval | grep 10\.0\.0\.21],
[1], [ignore])
+AT_CHECK([ovs-ofctl dump-flows br-int table=$acl_eval | grep 10\.0\.0\.22],
[1], [ignore])
+AT_CHECK([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c 10\.0\.0\.10],
[0], [1
])
reprocess_count_new=$(read_counter consider_logical_flow)
@@ -1219,9 +1227,9 @@ reprocess_count_old=$(read_counter consider_logical_flow)
check ovn-nbctl add address_set as1 addresses 10.0.0.21 -- \
remove address_set as1 addresses 10.0.0.10
check ovn-nbctl --wait=hv sync
-AT_CHECK([ovs-ofctl dump-flows br-int table=46 | grep -c 10\.0\.0\.21], [0], [1
+AT_CHECK([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c 10\.0\.0\.21],
[0], [1
])
-AT_CHECK([ovs-ofctl dump-flows br-int table=46 | grep 10\.0\.0\.10], [1],
[ignore])
+AT_CHECK([ovs-ofctl dump-flows br-int table=$acl_eval | grep 10\.0\.0\.10],
[1], [ignore])
reprocess_count_new=$(read_counter consider_logical_flow)
AT_CHECK([echo $(($reprocess_count_new - $reprocess_count_old))], [0], [0
@@ -1233,12 +1241,12 @@ reprocess_count_old=$(read_counter
consider_logical_flow)
check ovn-nbctl add address_set as1 addresses 10.0.0.22,10.0.0.23 -- \
remove address_set as1 addresses 10.0.0.9,10.0.0.8
check ovn-nbctl --wait=hv sync
-AT_CHECK([ovs-ofctl dump-flows br-int table=46 | grep -c 10\.0\.0\.22], [0], [1
+AT_CHECK([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c 10\.0\.0\.22],
[0], [1
])
-AT_CHECK([ovs-ofctl dump-flows br-int table=46 | grep -c 10\.0\.0\.23], [0], [1
+AT_CHECK([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c 10\.0\.0\.23],
[0], [1
])
-AT_CHECK([ovs-ofctl dump-flows br-int table=46 | grep 10\.0\.0\.8], [1],
[ignore])
-AT_CHECK([ovs-ofctl dump-flows br-int table=46 | grep 10\.0\.0\.9], [1],
[ignore])
+AT_CHECK([ovs-ofctl dump-flows br-int table=$acl_eval | grep 10\.0\.0\.8],
[1], [ignore])
+AT_CHECK([ovs-ofctl dump-flows br-int table=$acl_eval | grep 10\.0\.0\.9],
[1], [ignore])
reprocess_count_new=$(read_counter consider_logical_flow)
AT_CHECK([echo $(($reprocess_count_new - $reprocess_count_old))], [0], [0
@@ -1268,6 +1276,10 @@ check ovn-nbctl lsp-add ls1 ls1-lp1 \
wait_for_ports_up
ovn-appctl -t ovn-controller vlog/set file:dbg
+# Get the OF table numbers
+acl_eval=$(ovn-debug lflow-stage-to-oftable ls_out_acl_eval)
+acl_action=$(ovn-debug lflow-stage-to-oftable ls_out_acl_action)
+
dp_key=$(printf "%x" $(fetch_column datapath tunnel_key
external_ids:name=ls1))
port_key=$(printf "%x" $(fetch_column port_binding tunnel_key
logical_port=ls1-lp1))
@@ -1288,22 +1300,22 @@ for i in $(seq 10); do
add address_set as2 addresses 10.0.0.$j
check ovn-nbctl --wait=hv sync
if test "$i" = 1; then
- AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int
table=46,reg15=0x$port_key | \
+ AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int
table=$acl_eval,reg15=0x$port_key | \
grep -v reply | awk '{print $7, $8}' | sort], [0], [dnl
-priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1,nw_dst=10.0.0.6
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
+priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1,nw_dst=10.0.0.6
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action)
])
else
# (1 conj_id + nw_src * i + nw_dst * i) = 1 + i*2 flows
- AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46 | grep -c
"priority=1100"], [0], [$(($i*2 + 1))
+ AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c
"priority=1100"], [0], [$(($i*2 + 1))
])
fi
if test "$i" = 3; then
- AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int
table=46,reg15=0x$port_key | \
+ AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int
table=$acl_eval,reg15=0x$port_key | \
grep -v reply | awk '{print $7, $8}' | \
sed -r 's/conjunction.*,/conjunction,/' | \
sed -r 's/conj_id=.*,metadata/conj_id=,metadata/' | sort], [0],
[dnl
-priority=1100,conj_id=,metadata=0x$dp_key
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
+priority=1100,conj_id=,metadata=0x$dp_key
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action)
priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.0.6
actions=conjunction,1/2)
priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.0.7
actions=conjunction,1/2)
priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.0.8
actions=conjunction,1/2)
@@ -1327,15 +1339,15 @@ for i in $(seq 10); do
remove address_set as2 addresses 10.0.0.$j
check ovn-nbctl --wait=hv sync
if test "$i" = 10; then
- AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46 | grep
"priority=1100"], [1], [ignore])
+ AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval | grep
"priority=1100"], [1], [ignore])
elif test "$i" = 9; then
# no conjunction left
- AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int
table=46,reg15=0x$port_key | \
+ AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int
table=$acl_eval,reg15=0x$port_key | \
grep -v reply | awk '{print $7, $8}' | sort], [0], [dnl
-priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.10,nw_dst=10.0.0.15
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
+priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.10,nw_dst=10.0.0.15
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action)
])
else
- AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46 | grep -c
"priority=1100"], [0], [$((21 - $i*2))
+ AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c
"priority=1100"], [0], [$((21 - $i*2))
])
fi
done
@@ -1356,14 +1368,14 @@ for i in $(seq 2 10); do
check ovn-nbctl add address_set as1 addresses 10.0.0.$i
check ovn-nbctl --wait=hv sync
if test "$i" = 3; then
- AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int
table=46,reg15=0x$port_key | \
+ AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int
table=$acl_eval,reg15=0x$port_key | \
grep -v reply | awk '{print $7, $8}' | sort], [0], [dnl
-priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1,nw_dst=10.0.0.6
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
-priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.2,nw_dst=10.0.0.6
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
-priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.3,nw_dst=10.0.0.6
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
+priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1,nw_dst=10.0.0.6
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action)
+priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.2,nw_dst=10.0.0.6
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action)
+priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.3,nw_dst=10.0.0.6
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action)
])
fi
- AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46 | grep -c
"priority=1100"], [0], [$i
+ AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c
"priority=1100"], [0], [$i
])
done
@@ -1382,16 +1394,16 @@ for i in $(seq 10); do
check ovn-nbctl remove address_set as1 addresses 10.0.0.$i
check ovn-nbctl --wait=hv sync
if test "$i" = 9; then
- AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int
table=46,reg15=0x$port_key | \
+ AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int
table=$acl_eval,reg15=0x$port_key | \
grep -v reply | awk '{print $7, $8}'], [0], [dnl
-priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.10,nw_dst=10.0.0.6
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
-priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.10,nw_dst=10.0.0.7
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
+priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.10,nw_dst=10.0.0.6
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action)
+priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.10,nw_dst=10.0.0.7
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action)
])
elif test "$i" = 10; then
- AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46 | grep
"priority=1100"], [1], [ignore])
+ AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval | grep
"priority=1100"], [1], [ignore])
else
# 2 dst + (10 - i) src + 1 conj_id
- AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46 | grep -c
"priority=1100"], [0], [$((10 - $i + 3))
+ AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c
"priority=1100"], [0], [$((10 - $i + 3))
])
fi
done
@@ -1423,6 +1435,10 @@ check ovn-nbctl lsp-add ls1 ls1-lp1 \
wait_for_ports_up
ovn-appctl -t ovn-controller vlog/set file:dbg
+# Get the OF table numbers
+acl_eval=$(ovn-debug lflow-stage-to-oftable ls_out_acl_eval)
+acl_action=$(ovn-debug lflow-stage-to-oftable ls_out_acl_action)
+
dp_key=$(printf "%x" $(fetch_column datapath tunnel_key
external_ids:name=ls1))
port_key=$(printf "%x" $(fetch_column port_binding tunnel_key
logical_port=ls1-lp1))
@@ -1445,27 +1461,27 @@ for i in $(seq 10); do
add address_set as2 addresses 10.0.0.$j
check ovn-nbctl --wait=hv sync
if test "$i" = 1; then
- AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int
table=46,reg15=0x$port_key | \
+ AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int
table=$acl_eval,reg15=0x$port_key | \
grep -v reply | awk '{print $7, $8}' | sort], [0], [dnl
-priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.0.6
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
-priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
+priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.0.6
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action)
+priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action)
])
else
- AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46 | grep -c
"priority=1100"], [0], [$(($i*2))
+ AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c
"priority=1100"], [0], [$(($i*2))
])
fi
if test "$i" = 3; then
- AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int
table=46,reg15=0x$port_key | \
+ AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int
table=$acl_eval,reg15=0x$port_key | \
grep -v reply | awk '{print $7, $8}' | \
sed -r 's/conjunction.*,/conjunction,/' | \
sed -r 's/conj_id=.*,/conj_id=,/' | sort], [0], [dnl
-priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.0.6
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
-priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.0.7
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
-priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.0.8
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
-priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
-priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.2
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
-priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.3
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
+priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.0.6
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action)
+priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.0.7
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action)
+priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.0.8
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action)
+priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action)
+priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.2
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action)
+priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.3
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action)
])
fi
done
@@ -1483,9 +1499,9 @@ for i in $(seq 10); do
remove address_set as2 addresses 10.0.0.$j
check ovn-nbctl --wait=hv sync
if test "$i" = 10; then
- AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46 | grep
"priority=1100"], [1], [ignore])
+ AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval | grep
"priority=1100"], [1], [ignore])
else
- AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46 | grep -c
"priority=1100"], [0], [$((20 - $i*2))
+ AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c
"priority=1100"], [0], [$((20 - $i*2))
])
fi
done
@@ -1519,6 +1535,10 @@ check ovn-nbctl lsp-add ls1 ls1-lp1 \
wait_for_ports_up
ovn-appctl -t ovn-controller vlog/set file:dbg
+# Get the OF table numbers
+acl_eval=$(ovn-debug lflow-stage-to-oftable ls_out_acl_eval)
+acl_action=$(ovn-debug lflow-stage-to-oftable ls_out_acl_action)
+
dp_key=$(printf "%x" $(fetch_column datapath tunnel_key
external_ids:name=ls1))
port_key=$(printf "%x" $(fetch_column port_binding tunnel_key
logical_port=ls1-lp1))
@@ -1541,30 +1561,30 @@ for i in $(seq 10); do
add address_set as2 addresses 10.0.0.$j
check ovn-nbctl --wait=hv sync
if test "$i" = 1; then
- AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int
table=46,reg15=0x$port_key | \
+ AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int
table=$acl_eval,reg15=0x$port_key | \
grep -v reply | awk '{print $7, $8}' | sort], [0], [dnl
-priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
-priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.6
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
+priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action)
+priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.6
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action)
])
elif test "$i" -lt 6; then
- AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46 | grep -c
"priority=1100"], [0], [$(($i*2))
+ AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c
"priority=1100"], [0], [$(($i*2))
])
else
- AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46 | grep -c
"priority=1100"], [0], [$((5 + $i))
+ AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c
"priority=1100"], [0], [$((5 + $i))
])
fi
if test "$i" = 3; then
- AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int
table=46,reg15=0x$port_key | \
+ AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int
table=$acl_eval,reg15=0x$port_key | \
grep -v reply | awk '{print $7, $8}' | \
sed -r 's/conjunction.*,/conjunction,/' | \
sed -r 's/conj_id=.*,/conj_id=,/' | sort], [0], [dnl
-priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
-priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.2
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
-priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.3
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
-priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.6
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
-priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.7
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
-priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.8
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
+priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action)
+priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.2
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action)
+priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.3
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action)
+priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.6
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action)
+priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.7
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action)
+priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.8
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action)
])
fi
done
@@ -1582,12 +1602,12 @@ for i in $(seq 10); do
remove address_set as2 addresses 10.0.0.$j
check ovn-nbctl --wait=hv sync
if test "$i" = 10; then
- AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46 | grep
"priority=1100"], [1], [ignore])
+ AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval | grep
"priority=1100"], [1], [ignore])
elif test "$i" -lt 6; then
- AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46 | grep -c
"priority=1100"], [0], [$((15 - $i))
+ AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c
"priority=1100"], [0], [$((15 - $i))
])
else
- AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46 | grep -c
"priority=1100"], [0], [$((10 - ($i - 5)*2))
+ AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c
"priority=1100"], [0], [$((10 - ($i - 5)*2))
])
fi
done
@@ -1622,6 +1642,10 @@ check ovn-nbctl lsp-add ls1 ls1-lp1 \
wait_for_ports_up
ovn-appctl -t ovn-controller vlog/set file:dbg
+# Get the OF table numbers
+acl_eval=$(ovn-debug lflow-stage-to-oftable ls_out_acl_eval)
+acl_action=$(ovn-debug lflow-stage-to-oftable ls_out_acl_action)
+
dp_key=$(printf "%x" $(fetch_column datapath tunnel_key
external_ids:name=ls1))
port_key=$(printf "%x" $(fetch_column port_binding tunnel_key
logical_port=ls1-lp1))
@@ -1639,22 +1663,22 @@ for i in $(seq 10); do
check ovn-nbctl add address_set as1 addresses 10.0.0.$i
check ovn-nbctl --wait=hv sync
if test "$i" = 1; then
- AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int
table=46,reg15=0x$port_key | \
+ AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int
table=$acl_eval,reg15=0x$port_key | \
grep -v reply | awk '{print $7, $8}' | sort], [0], [dnl
-priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1,nw_dst=10.0.0.1
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
+priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.1,nw_dst=10.0.0.1
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action)
])
else
# (1 conj_id + nw_src * i + nw_dst * i) = 1 + i*2 flows
- AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46 | grep -c
"priority=1100"], [0], [$(($i*2 + 1))
+ AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c
"priority=1100"], [0], [$(($i*2 + 1))
])
fi
if test "$i" = 3; then
- AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int
table=46,reg15=0x$port_key | \
+ AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int
table=$acl_eval,reg15=0x$port_key | \
grep -v reply | awk '{print $7, $8}' | \
sed -r 's/conjunction.*,/conjunction,/' | \
sed -r 's/conj_id=.*,metadata/conj_id=,metadata/' | sort], [0],
[dnl
-priority=1100,conj_id=,metadata=0x$dp_key
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
+priority=1100,conj_id=,metadata=0x$dp_key
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action)
priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.0.1
actions=conjunction,1/2)
priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.0.2
actions=conjunction,1/2)
priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.0.3
actions=conjunction,1/2)
@@ -1676,15 +1700,15 @@ for i in $(seq 10); do
check ovn-nbctl remove address_set as1 addresses 10.0.0.$i
check ovn-nbctl --wait=hv sync
if test "$i" = 10; then
- AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46 | grep
"priority=1100"], [1], [ignore])
+ AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval | grep
"priority=1100"], [1], [ignore])
elif test "$i" = 9; then
# no conjunction left
- AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int
table=46,reg15=0x$port_key | \
+ AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int
table=$acl_eval,reg15=0x$port_key | \
grep -v reply | awk '{print $7, $8}' | sort], [0], [dnl
-priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.10,nw_dst=10.0.0.10
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
+priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.10,nw_dst=10.0.0.10
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action)
])
else
- AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46 | grep -c
"priority=1100"], [0], [$((21 - $i*2))
+ AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c
"priority=1100"], [0], [$((21 - $i*2))
])
fi
done
@@ -1700,11 +1724,11 @@ for i in $(seq 10); do
check ovn-nbctl add address_set as1 addresses 10.0.0.$i,10.0.1.$i
check ovn-nbctl --wait=hv sync
if test "$i" = 3; then
- AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int
table=46,reg15=0x$port_key | \
+ AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int
table=$acl_eval,reg15=0x$port_key | \
grep -v reply | awk '{print $7, $8}' | \
sed -r 's/conjunction.*,/conjunction,/' | \
sed -r 's/conj_id=.*,metadata/conj_id=,metadata/' | sort], [0],
[dnl
-priority=1100,conj_id=,metadata=0x$dp_key
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
+priority=1100,conj_id=,metadata=0x$dp_key
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action)
priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.0.1
actions=conjunction,1/2)
priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.0.2
actions=conjunction,1/2)
priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.0.3
actions=conjunction,1/2)
@@ -1719,7 +1743,7 @@
priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.1.2 actions=co
priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.1.3
actions=conjunction,2/2)
])
fi
- AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46 | grep -c
"priority=1100"], [0], [$(($i * 4 + 1))
+ AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c
"priority=1100"], [0], [$(($i * 4 + 1))
])
done
@@ -1740,11 +1764,11 @@ check ovn-nbctl --wait=hv sync
reprocess_count_old=$(read_counter consider_logical_flow)
check ovn-nbctl add address_set as1 addresses 10.0.0.4,10.0.0.5
check ovn-nbctl --wait=hv sync
-AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46,reg15=0x$port_key | \
+AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int
table=$acl_eval,reg15=0x$port_key | \
grep -v reply | awk '{print $7, $8}' | \
sed -r 's/conjunction.*,/conjunction,/' | \
sed -r 's/conj_id=.*,metadata/conj_id=,metadata/' | sort], [0], [dnl
-priority=1100,conj_id=,metadata=0x$dp_key
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
+priority=1100,conj_id=,metadata=0x$dp_key
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action)
priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.0.1
actions=conjunction,1/2)
priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.0.2
actions=conjunction,1/2)
priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.0.3
actions=conjunction,1/2)
@@ -1764,11 +1788,11 @@ AT_CHECK([echo $(($reprocess_count_new -
$reprocess_count_old))], [0], [1
# Delete 2 IPs
reprocess_count_old=$(read_counter consider_logical_flow)
check ovn-nbctl --wait=hv remove address_set as1 addresses 10.0.0.4,10.0.0.5
-AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46,reg15=0x$port_key | \
+AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int
table=$acl_eval,reg15=0x$port_key | \
grep -v reply | awk '{print $7, $8}' | \
sed -r 's/conjunction.*,/conjunction,/' | \
sed -r 's/conj_id=.*,metadata/conj_id=,metadata/' | sort], [0], [dnl
-priority=1100,conj_id=,metadata=0x$dp_key
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
+priority=1100,conj_id=,metadata=0x$dp_key
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action)
priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.0.1
actions=conjunction,1/2)
priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.0.2
actions=conjunction,1/2)
priority=1100,ip,reg15=0x$port_key,metadata=0x$dp_key,nw_dst=10.0.0.3
actions=conjunction,1/2)
@@ -1805,6 +1829,10 @@ check ovn-nbctl lsp-add ls1 ls1-lp1 \
wait_for_ports_up
ovn-appctl -t ovn-controller vlog/set file:dbg
+# Get the OF table numbers
+acl_eval=$(ovn-debug lflow-stage-to-oftable ls_out_acl_eval)
+acl_action=$(ovn-debug lflow-stage-to-oftable ls_out_acl_action)
+
dp_key=$(printf "%x" $(fetch_column datapath tunnel_key
external_ids:name=ls1))
port_key=$(printf "%x" $(fetch_column port_binding tunnel_key
logical_port=ls1-lp1))
@@ -1822,12 +1850,12 @@ check ovn-nbctl acl-add ls1 to-lport 100 'outport == "ls1-lp1" && ip4.src == $as
check ovn-nbctl acl-add ls1 to-lport 100 'outport == "ls1-lp1" && ip4.src == $as2 &&
tcp && tcp.dst == {201, 202}' drop
check ovn-nbctl --wait=hv sync
-AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46,reg15=0x$port_key | \
+AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int
table=$acl_eval,reg15=0x$port_key | \
grep -v reply | awk '{print $7, $8}' | \
sed -r 's/conjunction.[[0-9]]*,/conjunction,/g' | \
sed -r 's/conj_id=.*,metadata/conj_id=,metadata/' | sort], [0], [dnl
-priority=1100,conj_id=,metadata=0x$dp_key
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
-priority=1100,conj_id=,metadata=0x$dp_key
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
+priority=1100,conj_id=,metadata=0x$dp_key
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action)
+priority=1100,conj_id=,metadata=0x$dp_key
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action)
priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.11
actions=conjunction,1/2)
priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.12
actions=conjunction,1/2)
priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.13
actions=conjunction,1/2)
@@ -1847,12 +1875,12 @@ reprocess_count_old=$(read_counter
consider_logical_flow)
check ovn-nbctl add address_set as1 addresses 10.0.0.14,10.0.0.33 -- \
add address_set as2 addresses 10.0.0.24,10.0.0.33
check ovn-nbctl --wait=hv sync
-AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46,reg15=0x$port_key | \
+AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int
table=$acl_eval,reg15=0x$port_key | \
grep -v reply | awk '{print $7, $8}' | \
sed -r 's/conjunction.[[0-9]]*,/conjunction,/g' | \
sed -r 's/conj_id=.*,metadata/conj_id=,metadata/' | sort], [0], [dnl
-priority=1100,conj_id=,metadata=0x$dp_key
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
-priority=1100,conj_id=,metadata=0x$dp_key
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
+priority=1100,conj_id=,metadata=0x$dp_key
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action)
+priority=1100,conj_id=,metadata=0x$dp_key
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action)
priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.11
actions=conjunction,1/2)
priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.12
actions=conjunction,1/2)
priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.13
actions=conjunction,1/2)
@@ -1878,12 +1906,12 @@ reprocess_count_old=$(read_counter
consider_logical_flow)
check ovn-nbctl remove address_set as1 addresses 10.0.0.14,10.0.0.33 -- \
remove address_set as2 addresses 10.0.0.24,10.0.0.33
check ovn-nbctl --wait=hv sync
-AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46,reg15=0x$port_key | \
+AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int
table=$acl_eval,reg15=0x$port_key | \
grep -v reply | awk '{print $7, $8}' | \
sed -r 's/conjunction.[[0-9]]*,/conjunction,/g' | \
sed -r 's/conj_id=.*,metadata/conj_id=,metadata/' | sort], [0], [dnl
-priority=1100,conj_id=,metadata=0x$dp_key
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
-priority=1100,conj_id=,metadata=0x$dp_key
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
+priority=1100,conj_id=,metadata=0x$dp_key
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action)
+priority=1100,conj_id=,metadata=0x$dp_key
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action)
priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.11
actions=conjunction,1/2)
priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.12
actions=conjunction,1/2)
priority=1100,tcp,reg15=0x$port_key,metadata=0x$dp_key,nw_src=10.0.0.13
actions=conjunction,1/2)
@@ -1926,6 +1954,10 @@ check ovn-nbctl lsp-add ls1 ls1-lp1 \
wait_for_ports_up
ovn-appctl -t ovn-controller vlog/set file:dbg
+# Get the OF table numbers
+acl_eval=$(ovn-debug lflow-stage-to-oftable ls_out_acl_eval)
+acl_action=$(ovn-debug lflow-stage-to-oftable ls_out_acl_action)
+
dp_key=$(printf "%x" $(fetch_column datapath tunnel_key
external_ids:name=ls1))
port_key=$(printf "%x" $(fetch_column port_binding tunnel_key
logical_port=ls1-lp1))
@@ -1943,14 +1975,14 @@ for i in $(seq 5); do
check ovn-nbctl add address_set as1 addresses "aa\:aa\:aa\:aa\:aa\:0$i"
check ovn-nbctl --wait=hv sync
if test "$i" = 3; then
- AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int
table=46,reg15=0x$port_key | \
+ AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int
table=$acl_eval,reg15=0x$port_key | \
grep -v reply | awk '{print $7, $8}' | sort], [0], [dnl
-priority=1100,reg15=0x$port_key,metadata=0x$dp_key,dl_src=aa:aa:aa:aa:aa:01
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
-priority=1100,reg15=0x$port_key,metadata=0x$dp_key,dl_src=aa:aa:aa:aa:aa:02
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
-priority=1100,reg15=0x$port_key,metadata=0x$dp_key,dl_src=aa:aa:aa:aa:aa:03
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
+priority=1100,reg15=0x$port_key,metadata=0x$dp_key,dl_src=aa:aa:aa:aa:aa:01
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action)
+priority=1100,reg15=0x$port_key,metadata=0x$dp_key,dl_src=aa:aa:aa:aa:aa:02
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action)
+priority=1100,reg15=0x$port_key,metadata=0x$dp_key,dl_src=aa:aa:aa:aa:aa:03
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action)
])
fi
- AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46 | grep -c
"priority=1100"], [0], [$i
+ AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c
"priority=1100"], [0], [$i
])
done
@@ -1964,17 +1996,17 @@ reprocess_count_old=$(read_counter consider_logical_flow)
for i in $(seq 5); do
check ovn-nbctl remove address_set as1 addresses "aa\:aa\:aa\:aa\:aa\:0$i"
check ovn-nbctl --wait=hv sync
- ovs-ofctl dump-flows br-int table=46 | grep "priority=1100"
+ ovs-ofctl dump-flows br-int table=$acl_eval | grep "priority=1100"
if test "$i" = 4; then
- AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int
table=46,reg15=0x$port_key | \
+ AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int
table=$acl_eval,reg15=0x$port_key | \
grep -v reply | awk '{print $7, $8}'], [0], [dnl
-priority=1100,reg15=0x$port_key,metadata=0x$dp_key,dl_src=aa:aa:aa:aa:aa:05
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
+priority=1100,reg15=0x$port_key,metadata=0x$dp_key,dl_src=aa:aa:aa:aa:aa:05
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action)
])
fi
if test "$i" = 5; then
- AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46 | grep
"priority=1100"], [1], [ignore])
+ AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval | grep
"priority=1100"], [1], [ignore])
else
- AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46 | grep -c
"priority=1100"], [0], [$((5 - $i))
+ AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c
"priority=1100"], [0], [$((5 - $i))
])
fi
done
@@ -2007,6 +2039,10 @@ check ovn-nbctl lsp-add ls1 ls1-lp1 \
wait_for_ports_up
ovn-appctl -t ovn-controller vlog/set file:dbg
+# Get the OF table numbers
+acl_eval=$(ovn-debug lflow-stage-to-oftable ls_out_acl_eval)
+acl_action=$(ovn-debug lflow-stage-to-oftable ls_out_acl_action)
+
dp_key=$(printf "%x" $(fetch_column datapath tunnel_key
external_ids:name=ls1))
port_key=$(printf "%x" $(fetch_column port_binding tunnel_key
logical_port=ls1-lp1))
@@ -2024,14 +2060,14 @@ for i in $(seq 5); do
check ovn-nbctl add address_set as1 addresses "ff\:\:0$i"
check ovn-nbctl --wait=hv sync
if test "$i" = 3; then
- AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int
table=46,reg15=0x$port_key | \
+ AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int
table=$acl_eval,reg15=0x$port_key | \
grep -v reply | awk '{print $7, $8}' | sort], [0], [dnl
-priority=1100,ipv6,reg15=0x$port_key,metadata=0x$dp_key,ipv6_src=ff::1
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
-priority=1100,ipv6,reg15=0x$port_key,metadata=0x$dp_key,ipv6_src=ff::2
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
-priority=1100,ipv6,reg15=0x$port_key,metadata=0x$dp_key,ipv6_src=ff::3
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
+priority=1100,ipv6,reg15=0x$port_key,metadata=0x$dp_key,ipv6_src=ff::1
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action)
+priority=1100,ipv6,reg15=0x$port_key,metadata=0x$dp_key,ipv6_src=ff::2
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action)
+priority=1100,ipv6,reg15=0x$port_key,metadata=0x$dp_key,ipv6_src=ff::3
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action)
])
fi
- AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46 | grep -c
"priority=1100"], [0], [$i
+ AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c
"priority=1100"], [0], [$i
])
done
@@ -2046,15 +2082,15 @@ for i in $(seq 5); do
check ovn-nbctl remove address_set as1 addresses "ff\:\:0$i"
check ovn-nbctl --wait=hv sync
if test "$i" = 4; then
- AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int
table=46,reg15=0x$port_key | \
+ AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int
table=$acl_eval,reg15=0x$port_key | \
grep -v reply | awk '{print $7, $8}'], [0], [dnl
-priority=1100,ipv6,reg15=0x$port_key,metadata=0x$dp_key,ipv6_src=ff::5
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,47)
+priority=1100,ipv6,reg15=0x$port_key,metadata=0x$dp_key,ipv6_src=ff::5
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$acl_action)
])
fi
if test "$i" = 5; then
- AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46 | grep
"priority=1100"], [1], [ignore])
+ AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval | grep
"priority=1100"], [1], [ignore])
else
- AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=46 | grep -c
"priority=1100"], [0], [$((5 - $i))
+ AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c
"priority=1100"], [0], [$((5 - $i))
])
fi
done
@@ -2086,10 +2122,14 @@ check ovn-nbctl lsp-add ls1 ls1-lp1 \
wait_for_ports_up
ovn-appctl -t ovn-controller vlog/set file:dbg
+# Get the OF table numbers
+acl_eval=$(ovn-debug lflow-stage-to-oftable ls_out_acl_eval)
+acl_action=$(ovn-debug lflow-stage-to-oftable ls_out_acl_action)
+
ovn-nbctl create address_set name=as1 addresses=8.8.8.8
check ovn-nbctl acl-add ls1 to-lport 100 'outport == "ls1-lp1" && ip4.src ==
$as1' drop
check ovn-nbctl --wait=hv sync
-AT_CHECK([ovs-ofctl dump-flows br-int table=46 | grep -c "priority=1100"],
[0], [1
+AT_CHECK([ovs-ofctl dump-flows br-int table=$acl_eval | grep -c
"priority=1100"], [0], [1
])
# pause ovn-northd
@@ -2104,13 +2144,13 @@ check as northd ovn-appctl -t ovn-northd pause
# undefined. This test runs the scenario ten times to make sure different
# orders are covered and handled properly.
-flow_count=$(ovs-ofctl dump-flows br-int table=46 | grep -c "priority=1100")
+flow_count=$(ovs-ofctl dump-flows br-int table=$acl_eval | grep -c
"priority=1100")
for i in $(seq 10); do
# Delete and recreate the SB address set with same name and an extra IP.
addrs_=$(fetch_column address_set addresses name=as1)
addrs=${addrs_// /,}
AT_CHECK([ovn-sbctl destroy address_set as1 -- create address_set
name=as1 addresses=$addrs,1.1.1.$i], [0], [ignore])
- OVS_WAIT_UNTIL([test $(as hv1 ovs-ofctl dump-flows br-int table=46 | grep -c
"priority=1100") = "$(($i + 1))"])
+ OVS_WAIT_UNTIL([test $(as hv1 ovs-ofctl dump-flows br-int table=$acl_eval | grep -c
"priority=1100") = "$(($i + 1))"])
done
OVN_CLEANUP([hv1])
diff --git a/tests/ovn.at b/tests/ovn.at
index 0d31d5cbb..34e8163b4 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -13543,6 +13543,10 @@ ovn-nbctl lsp-set-options ln-outside network_name=phys
wait_for_ports_up
check ovn-nbctl --wait=hv sync
+# Get the OF table numbers
+l2_lkup=$(ovn-debug lflow-stage-to-oftable ls_in_l2_lkup)
+arp_rsp=$(ovn-debug lflow-stage-to-oftable ls_in_arp_rsp)
+
echo "---------NB dump-----"
ovn-nbctl show
echo "---------------------"
@@ -13638,15 +13642,15 @@ sleep 10
as gw1 ovs-ofctl dump-flows br-int
-OVS_WAIT_FOR_OUTPUT([as gw1 ovs-ofctl dump-flows br-int table=35 | \
+OVS_WAIT_FOR_OUTPUT([as gw1 ovs-ofctl dump-flows br-int table=$l2_lkup | \
grep "dl_dst=00:00:02:01:02:04" | wc -l], [0], [[1
]])
-OVS_WAIT_FOR_OUTPUT([as gw2 ovs-ofctl dump-flows br-int table=35 | \
+OVS_WAIT_FOR_OUTPUT([as gw2 ovs-ofctl dump-flows br-int table=$l2_lkup | \
grep "dl_dst=00:00:02:01:02:04" | wc -l], [0], [[0
]])
# make sure ARP responder flows for outside router port reside on gw1 too through ls_in_arp_rsp table
-OVS_WAIT_UNTIL([test `as gw1 ovs-ofctl dump-flows br-int table=29 | \
+OVS_WAIT_UNTIL([test `as gw1 ovs-ofctl dump-flows br-int table=$arp_rsp | \
grep arp_tpa=192.168.0.101 | wc -l` -ge 1])
# check that the chassis redirect port has been claimed by the gw1 chassis
@@ -13728,10 +13732,10 @@ AT_CHECK([ovs-vsctl --bare --columns bfd find
Interface name=ovn-hv1-0],[0],
]])
# make sure that flows for handling the outside router port reside on gw2 now
-OVS_WAIT_FOR_OUTPUT([as gw2 ovs-ofctl dump-flows br-int table=35 | \
+OVS_WAIT_FOR_OUTPUT([as gw2 ovs-ofctl dump-flows br-int table=$l2_lkup | \
grep "dl_dst=00:00:02:01:02:04" | wc -l], [0], [[1
]])
-OVS_WAIT_FOR_OUTPUT([as gw1 ovs-ofctl dump-flows br-int table=35 | \
+OVS_WAIT_FOR_OUTPUT([as gw1 ovs-ofctl dump-flows br-int table=$l2_lkup | \
grep "dl_dst=00:00:02:01:02:04" | wc -l], [0], [[0
]])
@@ -13743,10 +13747,10 @@ as main ovs-vsctl del-port n1 $port
bfd_dump
# make sure that flows for handling the outside router port reside on gw1 now
-OVS_WAIT_FOR_OUTPUT([as gw1 ovs-ofctl dump-flows br-int table=35 | \
+OVS_WAIT_FOR_OUTPUT([as gw1 ovs-ofctl dump-flows br-int table=$l2_lkup | \
grep "dl_dst=00:00:02:01:02:04" | wc -l], [0], [[1
]])
-OVS_WAIT_FOR_OUTPUT([as gw2 ovs-ofctl dump-flows br-int table=35 | \
+OVS_WAIT_FOR_OUTPUT([as gw2 ovs-ofctl dump-flows br-int table=$l2_lkup | \
grep "dl_dst=00:00:02:01:02:04" | wc -l], [0], [[0
]])
@@ -13860,15 +13864,15 @@ grep active_backup | grep members:$hv2_gw1_ofport,$hv2_gw2_ofport \
])
# make sure that flows for handling the outside router port reside on gw1
-OVS_WAIT_FOR_OUTPUT([as gw1 ovs-ofctl dump-flows br-int table=35 | \
+OVS_WAIT_FOR_OUTPUT([as gw1 ovs-ofctl dump-flows br-int table=$l2_lkup | \
grep "dl_dst=00:00:02:01:02:04" | wc -l], [0], [[1
]])
-OVS_WAIT_FOR_OUTPUT([as gw2 ovs-ofctl dump-flows br-int table=35 | \
+OVS_WAIT_FOR_OUTPUT([as gw2 ovs-ofctl dump-flows br-int table=$l2_lkup | \
grep "dl_dst:00:00:02:01:02:04" | wc -l], [0], [[0
]])
# make sure ARP responder flows for outside router port reside on gw1 too
-OVS_WAIT_UNTIL([test `as gw1 ovs-ofctl dump-flows br-int table=29 | \
+OVS_WAIT_UNTIL([test `as gw1 ovs-ofctl dump-flows br-int table=$arp_rsp | \
grep arp_tpa=192.168.0.101 | wc -l` -ge 1 ])
# check that the chassis redirect port has been claimed by the gw1 chassis
@@ -13932,10 +13936,10 @@ AT_CHECK([ovs-vsctl --bare --columns bfd find
Interface name=ovn-hv1-0],[0],
]])
# make sure that flows for handling the outside router port reside on gw2 now
-OVS_WAIT_FOR_OUTPUT([as gw2 ovs-ofctl dump-flows br-int table=35 | \
+OVS_WAIT_FOR_OUTPUT([as gw2 ovs-ofctl dump-flows br-int table=$l2_lkup | \
grep "dl_dst=00:00:02:01:02:04" | wc -l], [0], [[1
]])
-OVS_WAIT_FOR_OUTPUT([as gw1 ovs-ofctl dump-flows br-int table=35 | \
+OVS_WAIT_FOR_OUTPUT([as gw1 ovs-ofctl dump-flows br-int table=$l2_lkup | \
grep "dl_dst=00:00:02:01:02:04" | wc -l], [0], [[0
]])
@@ -13947,10 +13951,10 @@ as main ovs-vsctl del-port n1 $port
bfd_dump
# make sure that flows for handling the outside router port reside on gw2 now
-OVS_WAIT_FOR_OUTPUT([as gw1 ovs-ofctl dump-flows br-int table=35 | \
+OVS_WAIT_FOR_OUTPUT([as gw1 ovs-ofctl dump-flows br-int table=$l2_lkup | \
grep "dl_dst=00:00:02:01:02:04" | wc -l], [0], [[1
]])
-OVS_WAIT_FOR_OUTPUT([as gw2 ovs-ofctl dump-flows br-int table=35 | \
+OVS_WAIT_FOR_OUTPUT([as gw2 ovs-ofctl dump-flows br-int table=$l2_lkup | \
grep "dl_dst=00:00:02:01:02:04" | wc -l], [0], [[0
]])
@@ -17054,6 +17058,9 @@ OVN_POPULATE_ARP
wait_for_ports_up
ovn-nbctl --wait=hv sync
+# Get the OF table numbers
+acl_eval=$(ovn-debug lflow-stage-to-oftable ls_out_acl_eval)
+
# Wait for pinctrl thread to be connected
OVS_WAIT_UNTIL([grep pinctrl hv1/ovn-controller.log | grep -c connected])
OVS_WAIT_UNTIL([grep pinctrl hv2/ovn-controller.log | grep -c connected])
@@ -17079,18 +17086,18 @@ send_icmp6_packet 1 1 $eth_src $eth_dst $ipv6_src
$ipv6_dst
# Get total number of ipv4 packets that received on ovs
# sender side
-OVS_WAIT_UNTIL([test 1 = `as hv1 ovs-ofctl dump-flows br-int table=46 | grep
priority=2002 | grep ip,metadata=0x1 | grep -c n_packets=1`])
+OVS_WAIT_UNTIL([test 1 = `as hv1 ovs-ofctl dump-flows br-int table=$acl_eval |
grep priority=2002 | grep ip,metadata=0x1 | grep -c n_packets=1`])
# receiver side
-OVS_WAIT_UNTIL([test 1 = `as hv2 ovs-ofctl dump-flows br-int table=46 | grep
priority=2002 | grep ip,metadata=0x1 | grep -c n_packets=1`])
+OVS_WAIT_UNTIL([test 1 = `as hv2 ovs-ofctl dump-flows br-int table=$acl_eval |
grep priority=2002 | grep ip,metadata=0x1 | grep -c n_packets=1`])
# Get total number of ipv6 packets that received on ovs
# sender side
-OVS_WAIT_UNTIL([test 1 = `as hv1 ovs-ofctl dump-flows br-int table=46 | grep
priority=2002 | grep ipv6,metadata=0x1 | grep -c n_packets=1`])
+OVS_WAIT_UNTIL([test 1 = `as hv1 ovs-ofctl dump-flows br-int table=$acl_eval |
grep priority=2002 | grep ipv6,metadata=0x1 | grep -c n_packets=1`])
# receiver side
-OVS_WAIT_UNTIL([test 1 = `as hv2 ovs-ofctl dump-flows br-int table=46 | grep
priority=2002 | grep ipv6,metadata=0x1 | grep -c n_packets=1`])
+OVS_WAIT_UNTIL([test 1 = `as hv2 ovs-ofctl dump-flows br-int table=$acl_eval |
grep priority=2002 | grep ipv6,metadata=0x1 | grep -c n_packets=1`])
OVN_CLEANUP([hv1], [hv2])
AT_CLEANUP
@@ -18712,6 +18719,10 @@ check ovn-nbctl acl-add ls1 to-lport 3
'(ip4.src==10.0.0.1 || ip4.src==10.0.0.42
wait_for_ports_up
check ovn-nbctl --wait=hv sync
+# Get the OF table numbers
+acl_eval=$(ovn-debug lflow-stage-to-oftable ls_out_acl_eval)
+acl_action=$(ovn-debug lflow-stage-to-oftable ls_out_acl_action)
+
ovn-sbctl dump-flows > sbflows
AT_CAPTURE_FILE([sbflows])
@@ -18774,17 +18785,17 @@ check ovn-nbctl acl-add ls1 to-lport 3 'ip4.src==10.0.0.1' allow
check ovn-nbctl --wait=hv sync
# Check OVS flows, the less restrictive flows should have been installed.
-AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=46 | ofctl_strip_all |
+AT_CHECK_UNQUOTED([as hv1 ovs-ofctl dump-flows br-int table=$acl_eval |
ofctl_strip_all |
grep "priority=1003" | \
sed 's/conjunction([[^)]]*)/conjunction()/g' | \
sed 's/conj_id=[[0-9]]*,/conj_id=xxx,/g' | sort], [0], [dnl
- table=46, priority=1003,conj_id=xxx,ip,metadata=0x1
actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,47)
- table=46, priority=1003,conj_id=xxx,ip,metadata=0x1
actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,47)
- table=46, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.3
actions=conjunction(),conjunction()
- table=46, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.4
actions=conjunction(),conjunction()
- table=46, priority=1003,ip,metadata=0x1,nw_src=10.0.0.1
actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,47)
- table=46, priority=1003,ip,metadata=0x1,nw_src=10.0.0.2 actions=conjunction()
- table=46, priority=1003,ip,metadata=0x1,nw_src=10.0.0.42 actions=conjunction()
+ table=$acl_eval, priority=1003,conj_id=xxx,ip,metadata=0x1
actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,$acl_action)
+ table=$acl_eval, priority=1003,conj_id=xxx,ip,metadata=0x1
actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,$acl_action)
+ table=$acl_eval, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.3
actions=conjunction(),conjunction()
+ table=$acl_eval, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.4
actions=conjunction(),conjunction()
+ table=$acl_eval, priority=1003,ip,metadata=0x1,nw_src=10.0.0.1
actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,$acl_action)
+ table=$acl_eval, priority=1003,ip,metadata=0x1,nw_src=10.0.0.2
actions=conjunction()
+ table=$acl_eval, priority=1003,ip,metadata=0x1,nw_src=10.0.0.42
actions=conjunction()
])
# Traffic 10.0.0.1, 10.0.0.2 -> 10.0.0.3, 10.0.0.4 should be allowed.
@@ -18819,17 +18830,17 @@ check ovn-nbctl acl-del ls1 to-lport 3
'ip4.src==10.0.0.1 || ip4.src==10.0.0.1'
check ovn-nbctl --wait=hv sync
# Check OVS flows, the second less restrictive allow ACL should have been installed.
-AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=46 | ofctl_strip_all | \
+AT_CHECK_UNQUOTED([as hv1 ovs-ofctl dump-flows br-int table=$acl_eval |
ofctl_strip_all | \
grep "priority=1003" | \
sed 's/conjunction([[^)]]*)/conjunction()/g' | \
sed 's/conj_id=[[0-9]]*,/conj_id=xxx,/g' | sort], [0], [dnl
- table=46, priority=1003,conj_id=xxx,ip,metadata=0x1
actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,47)
- table=46, priority=1003,conj_id=xxx,ip,metadata=0x1
actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,47)
- table=46, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.3
actions=conjunction(),conjunction()
- table=46, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.4
actions=conjunction(),conjunction()
- table=46, priority=1003,ip,metadata=0x1,nw_src=10.0.0.1
actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,47)
- table=46, priority=1003,ip,metadata=0x1,nw_src=10.0.0.2 actions=conjunction()
- table=46, priority=1003,ip,metadata=0x1,nw_src=10.0.0.42 actions=conjunction()
+ table=$acl_eval, priority=1003,conj_id=xxx,ip,metadata=0x1
actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,$acl_action)
+ table=$acl_eval, priority=1003,conj_id=xxx,ip,metadata=0x1
actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,$acl_action)
+ table=$acl_eval, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.3
actions=conjunction(),conjunction()
+ table=$acl_eval, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.4
actions=conjunction(),conjunction()
+ table=$acl_eval, priority=1003,ip,metadata=0x1,nw_src=10.0.0.1
actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,$acl_action)
+ table=$acl_eval, priority=1003,ip,metadata=0x1,nw_src=10.0.0.2
actions=conjunction()
+ table=$acl_eval, priority=1003,ip,metadata=0x1,nw_src=10.0.0.42
actions=conjunction()
])
# Remove the less restrictive allow ACL.
@@ -18837,17 +18848,17 @@ check ovn-nbctl acl-del ls1 to-lport 3
'ip4.src==10.0.0.1'
check ovn-nbctl --wait=hv sync
# Check OVS flows, the 10.0.0.1 conjunction should have been reinstalled.
-AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=46 | ofctl_strip_all | \
+AT_CHECK_UNQUOTED([as hv1 ovs-ofctl dump-flows br-int table=$acl_eval |
ofctl_strip_all | \
grep "priority=1003" | \
sed 's/conjunction([[^)]]*)/conjunction()/g' | \
sed 's/conj_id=[[0-9]]*,/conj_id=xxx,/g' | sort], [0], [dnl
- table=46, priority=1003,conj_id=xxx,ip,metadata=0x1
actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,47)
- table=46, priority=1003,conj_id=xxx,ip,metadata=0x1
actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,47)
- table=46, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.3
actions=conjunction(),conjunction()
- table=46, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.4
actions=conjunction(),conjunction()
- table=46, priority=1003,ip,metadata=0x1,nw_src=10.0.0.1
actions=conjunction(),conjunction()
- table=46, priority=1003,ip,metadata=0x1,nw_src=10.0.0.2 actions=conjunction()
- table=46, priority=1003,ip,metadata=0x1,nw_src=10.0.0.42 actions=conjunction()
+ table=$acl_eval, priority=1003,conj_id=xxx,ip,metadata=0x1
actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,$acl_action)
+ table=$acl_eval, priority=1003,conj_id=xxx,ip,metadata=0x1
actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,$acl_action)
+ table=$acl_eval, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.3
actions=conjunction(),conjunction()
+ table=$acl_eval, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.4
actions=conjunction(),conjunction()
+ table=$acl_eval, priority=1003,ip,metadata=0x1,nw_src=10.0.0.1
actions=conjunction(),conjunction()
+ table=$acl_eval, priority=1003,ip,metadata=0x1,nw_src=10.0.0.2
actions=conjunction()
+ table=$acl_eval, priority=1003,ip,metadata=0x1,nw_src=10.0.0.42
actions=conjunction()
])
# Traffic 10.0.0.1, 10.0.0.2 -> 10.0.0.3, 10.0.0.4 should be allowed.
@@ -18877,17 +18888,17 @@ check ovn-nbctl acl-add ls1 to-lport 3
'ip4.src==10.0.0.1' allow
check ovn-nbctl --wait=hv sync
# Check OVS flows, the less restrictive flows should have been installed.
-AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=46 | ofctl_strip_all | \
+AT_CHECK_UNQUOTED([as hv1 ovs-ofctl dump-flows br-int table=$acl_eval |
ofctl_strip_all | \
grep "priority=1003" | \
sed 's/conjunction([[^)]]*)/conjunction()/g' | \
sed 's/conj_id=[[0-9]]*,/conj_id=xxx,/g' | sort], [0], [dnl
- table=46, priority=1003,conj_id=xxx,ip,metadata=0x1
actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,47)
- table=46, priority=1003,conj_id=xxx,ip,metadata=0x1
actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,47)
- table=46, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.3
actions=conjunction(),conjunction()
- table=46, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.4
actions=conjunction(),conjunction()
- table=46, priority=1003,ip,metadata=0x1,nw_src=10.0.0.1
actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,47)
- table=46, priority=1003,ip,metadata=0x1,nw_src=10.0.0.2 actions=conjunction()
- table=46, priority=1003,ip,metadata=0x1,nw_src=10.0.0.42 actions=conjunction()
+ table=$acl_eval, priority=1003,conj_id=xxx,ip,metadata=0x1
actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,$acl_action)
+ table=$acl_eval, priority=1003,conj_id=xxx,ip,metadata=0x1
actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,$acl_action)
+ table=$acl_eval, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.3
actions=conjunction(),conjunction()
+ table=$acl_eval, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.4
actions=conjunction(),conjunction()
+ table=$acl_eval, priority=1003,ip,metadata=0x1,nw_src=10.0.0.1
actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,$acl_action)
+ table=$acl_eval, priority=1003,ip,metadata=0x1,nw_src=10.0.0.2
actions=conjunction()
+ table=$acl_eval, priority=1003,ip,metadata=0x1,nw_src=10.0.0.42
actions=conjunction()
])
# Add another ACL that overlaps with the existing less restrictive ones.
@@ -18898,20 +18909,20 @@ check ovn-nbctl --wait=hv sync
# with an additional conjunction action.
#
# New non-conjunctive flows should be added to match on 'udp'.
-AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=46 | ofctl_strip_all | \
+AT_CHECK_UNQUOTED([as hv1 ovs-ofctl dump-flows br-int table=$acl_eval |
ofctl_strip_all | \
grep "priority=1003" | \
sed 's/conjunction([[^)]]*)/conjunction()/g' | \
sed 's/conj_id=[[0-9]]*,/conj_id=xxx,/g' | sort], [0], [dnl
- table=46, priority=1003,conj_id=xxx,ip,metadata=0x1
actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,47)
- table=46, priority=1003,conj_id=xxx,ip,metadata=0x1
actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,47)
- table=46, priority=1003,conj_id=xxx,ip,metadata=0x1
actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,47)
- table=46, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.3
actions=conjunction(),conjunction(),conjunction()
- table=46, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.4
actions=conjunction(),conjunction(),conjunction()
- table=46, priority=1003,ip,metadata=0x1,nw_src=10.0.0.1
actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,47)
- table=46, priority=1003,ip,metadata=0x1,nw_src=10.0.0.2
actions=conjunction(),conjunction()
- table=46, priority=1003,ip,metadata=0x1,nw_src=10.0.0.42 actions=conjunction()
- table=46, priority=1003,udp,metadata=0x1
actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,47)
- table=46, priority=1003,udp6,metadata=0x1
actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,47)
+ table=$acl_eval, priority=1003,conj_id=xxx,ip,metadata=0x1
actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,$acl_action)
+ table=$acl_eval, priority=1003,conj_id=xxx,ip,metadata=0x1
actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,$acl_action)
+ table=$acl_eval, priority=1003,conj_id=xxx,ip,metadata=0x1
actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,$acl_action)
+ table=$acl_eval, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.3
actions=conjunction(),conjunction(),conjunction()
+ table=$acl_eval, priority=1003,ip,metadata=0x1,nw_dst=10.0.0.4
actions=conjunction(),conjunction(),conjunction()
+ table=$acl_eval, priority=1003,ip,metadata=0x1,nw_src=10.0.0.1
actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,$acl_action)
+ table=$acl_eval, priority=1003,ip,metadata=0x1,nw_src=10.0.0.2
actions=conjunction(),conjunction()
+ table=$acl_eval, priority=1003,ip,metadata=0x1,nw_src=10.0.0.42
actions=conjunction()
+ table=$acl_eval, priority=1003,udp,metadata=0x1
actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,$acl_action)
+ table=$acl_eval, priority=1003,udp6,metadata=0x1
actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,$acl_action)
])
OVN_CLEANUP([hv1])
@@ -18966,17 +18977,21 @@ check ovn-nbctl acl-add pg1 to-lport 100 'outport == @pg1
&& ip4.src == $as2' al
wait_for_ports_up
check ovn-nbctl --wait=hv sync
-ovs-ofctl dump-flows br-int table=46
-AT_CHECK([test `ovs-ofctl dump-flows br-int table=46 | grep -c conj_id` = 2])
+
+# Get the OF table numbers
+acl_eval=$(ovn-debug lflow-stage-to-oftable ls_out_acl_eval)
+
+ovs-ofctl dump-flows br-int table=$acl_eval
+AT_CHECK([test `ovs-ofctl dump-flows br-int table=$acl_eval | grep -c conj_id`
= 2])
echo -------
# Add another address in as1, so that the 1st ACL will now generate 2
conjunctions.
ovn-nbctl set address_set as1 addresses="10.0.0.1,10.0.0.2"
check ovn-nbctl --wait=hv sync
-ovs-ofctl dump-flows br-int table=46
+ovs-ofctl dump-flows br-int table=$acl_eval
# There should be 3 conjunctions in total (2 from 1st ACL + 1 from 2nd ACL)
-AT_CHECK([test `ovs-ofctl dump-flows br-int table=46 | grep -c conj_id` = 3])
+AT_CHECK([test `ovs-ofctl dump-flows br-int table=$acl_eval | grep -c conj_id`
= 3])
OVN_CLEANUP([hv1])
AT_CLEANUP
@@ -19713,17 +19728,17 @@ ovs-vsctl set open .
external-ids:ovn-bridge-mappings=phys:br-phys
AT_CHECK([ovn-sbctl dump-flows ls1 | grep "offerip = 10.0.0.6" | \
wc -l], [0], [0
])
-AT_CHECK([as hv1 ovs-ofctl dump-flows br-int | grep table=26 | \
+AT_CHECK([as hv1 ovs-ofctl dump-flows br-int | \
grep controller | grep "0a.00.00.06" | wc -l], [0], [0
])
-AT_CHECK([as hv2 ovs-ofctl dump-flows br-int | grep table=26 | \
+AT_CHECK([as hv2 ovs-ofctl dump-flows br-int | \
grep controller | grep "0a.00.00.06" | wc -l], [0], [0
])
-AT_CHECK([as hv1 ovs-ofctl dump-flows br-int | grep table=26 | \
+AT_CHECK([as hv1 ovs-ofctl dump-flows br-int | \
grep controller | grep tp_src=546 | grep \
"ae.70.00.00.00.00.00.00.00.00.00.00.00.00.00.06" | wc -l], [0], [0
])
-AT_CHECK([as hv2 ovs-ofctl dump-flows br-int | grep table=26 | \
+AT_CHECK([as hv2 ovs-ofctl dump-flows br-int | \
grep controller | grep tp_src=546 | grep \
"ae.70.00.00.00.00.00.00.00.00.00.00.00.00.00.06" | wc -l], [0], [0
])
@@ -20292,7 +20307,7 @@ wait_for_ports_up ls1-lp_ext1
# There should be a flow in hv2 to drop traffic from ls1-lp_ext1 destined
# to router mac.
AT_CHECK([as hv2 ovs-ofctl dump-flows br-int \
-table=34,dl_src=f0:00:00:00:00:03,dl_dst=a0:10:00:00:00:01 | \
+table=$(ovn-debug lflow-stage-to-oftable
ls_in_external_port),dl_src=f0:00:00:00:00:03,dl_dst=a0:10:00:00:00:01 | \
grep -c "actions=drop"], [0], [1
])
# Stop ovn-controllers on hv1 and hv3.
@@ -21868,6 +21883,10 @@ OVN_POPULATE_ARP
wait_for_ports_up
ovn-nbctl --wait=hv sync
+# Get the OF table numbers
+acl_eval=$(ovn-debug lflow-stage-to-oftable ls_out_acl_eval)
+ip_input=$(ovn-debug lflow-stage-to-oftable lr_in_ip_input)
+
# Check that logical flows are added for sw0-vir/sw0vir6 in lsp_in_arp_rsp
pipeline
# with bind_vport action.
@@ -21917,22 +21936,22 @@ check_virtual_offlows_present() {
lr0_dp_key=$(printf "%x" $(fetch_column Datapath_Binding tunnel_key
external_ids:name=lr0))
lr0_public_dp_key=$(printf "%x" $(fetch_column Port_Binding tunnel_key
logical_port=lr0-public))
- AT_CHECK_UNQUOTED([as $hv ovs-ofctl dump-flows br-int table=46,ip | ofctl_strip_all | grep "priority=2000"], [0], [dnl
- table=46, priority=2000,ip,metadata=0x$sw0_dp_key
actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,47)
+ AT_CHECK_UNQUOTED([as $hv ovs-ofctl dump-flows br-int table=$acl_eval,ip |
ofctl_strip_all | grep "priority=2000"], [0], [dnl
+ table=$acl_eval, priority=2000,ip,metadata=0x$sw0_dp_key
actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,$(ovn-debug
lflow-stage-to-oftable ls_out_acl_action))
])
- AT_CHECK_UNQUOTED([as $hv ovs-ofctl dump-flows br-int table=11 | ofctl_strip_all | \
+ AT_CHECK_UNQUOTED([as $hv ovs-ofctl dump-flows br-int table=$ip_input |
ofctl_strip_all | \
grep "priority=92" | grep 172.168.0.50], [0], [dnl
- table=11,
priority=92,arp,reg14=0x$lr0_public_dp_key,metadata=0x$lr0_dp_key,arp_tpa=172.168.0.50,arp_op=1
actions=move:NXM_OF_ETH_SRC[[]]->NXM_OF_ETH_DST[[]],mod_dl_src:10:54:00:00:00:10,load:0x2->NXM_OF_ARP_OP[[]],move:NXM_NX_ARP_SHA[[]]->NXM_NX_ARP_THA[[]],load:0x105400000010->NXM_NX_ARP_SHA[[]],push:NXM_OF_ARP_SPA[[]],push:NXM_OF_ARP_TPA[[]],pop:NXM_OF_ARP_SPA[[]],pop:NXM_OF_ARP_TPA[[]],move:NXM_NX_REG14[[]]->NXM_NX_REG15[[]],load:0x1->NXM_NX_REG10[[0]],resubmit(,OFTABLE_OUTPUT_LARGE_PKT_DETECT)
+ table=$ip_input,
priority=92,arp,reg14=0x$lr0_public_dp_key,metadata=0x$lr0_dp_key,arp_tpa=172.168.0.50,arp_op=1
actions=move:NXM_OF_ETH_SRC[[]]->NXM_OF_ETH_DST[[]],mod_dl_src:10:54:00:00:00:10,load:0x2->NXM_OF_ARP_OP[[]],move:NXM_NX_ARP_SHA[[]]->NXM_NX_ARP_THA[[]],load:0x105400000010->NXM_NX_ARP_SHA[[]],push:NXM_OF_ARP_SPA[[]],push:NXM_OF_ARP_TPA[[]],pop:NXM_OF_ARP_SPA[[]],pop:NXM_OF_ARP_TPA[[]],move:NXM_NX_REG14[[]]->NXM_NX_REG15[[]],load:0x1->NXM_NX_REG10[[0]],resubmit(,OFTABLE_OUTPUT_LARGE_PKT_DETECT)
])
}
check_virtual_offlows_not_present() {
hv=$1
- AT_CHECK([as $hv ovs-ofctl dump-flows br-int table=46,ip | ofctl_strip_all | grep
"priority=2000"], [1], [dnl
+ AT_CHECK([as $hv ovs-ofctl dump-flows br-int table=$acl_eval,ip | ofctl_strip_all |
grep "priority=2000"], [1], [dnl
])
- AT_CHECK([as $hv ovs-ofctl dump-flows br-int table=11 | ofctl_strip_all | \
+ AT_CHECK([as $hv ovs-ofctl dump-flows br-int table=$acl_eval |
ofctl_strip_all | \
grep "priority=92" | grep 172.168.0.50], [1], [dnl
])
}
@@ -21996,7 +22015,7 @@ eth_dst=00000000ff01
ip_src=$(ip_to_hex 10 0 0 10)
ip_dst=$(ip_to_hex 172 168 0 101)
send_icmp_packet 1 1 $eth_src $eth_dst $ip_src $ip_dst c4c9
0000000000000000000000
-AT_CHECK_UNQUOTED([as hv1 ovs-ofctl dump-flows br-int metadata=0x$lr0_dp_key | awk
'/table=28, n_packets=1, n_bytes=45/{print $7" "$8}'],[0],[dnl
+AT_CHECK_UNQUOTED([as hv1 ovs-ofctl dump-flows br-int table=$(ovn-debug
lflow-stage-to-oftable lr_in_gw_redirect),metadata=0x$lr0_dp_key | awk '/n_packets=1,
n_bytes=45/{print $7" "$8}'],[0],[dnl
priority=80,ip,reg15=0x$lr0_public_dp_key,metadata=0x$lr0_dp_key,nw_src=10.0.0.10
actions=drop
])
@@ -24603,6 +24622,9 @@ OVN_POPULATE_ARP
wait_for_ports_up
ovn-nbctl --wait=hv sync
+# Get the OF table numbers
+learn_neigh=$(ovn-debug lflow-stage-to-oftable lr_in_learn_neighbor)
+
as hv1 ovs-appctl -t ovn-controller vlog/set dbg
# From sw0-p1 send GARP for 10.0.0.30.
@@ -24633,7 +24655,7 @@ grep table_id=10 | wc -l`])
AT_CHECK([test 1 = `cat hv1/ovn-controller.log | grep "pinctrl received
packet-in" | \
grep opcode=PUT_ARP | grep OF_Table_ID=10 | wc -l`])
-AT_CHECK([test 1 = `as hv1 ovs-ofctl dump-flows br-int table=10 | grep arp | \
+AT_CHECK([test 1 = `as hv1 ovs-ofctl dump-flows br-int table=$learn_neigh |
grep arp | \
grep controller | grep -v n_packets=0 | wc -l`])
# Wait for an entry in table=OFTABLE_MAC_LOOKUP
@@ -24651,7 +24673,7 @@ OVS_WAIT_UNTIL([test 1 = `as hv1 ovs-ofctl dump-flows
br-int table=OFTABLE_MAC_L
# count should be 1 only.
AT_CHECK([test 1 = `cat hv1/ovn-controller.log | grep NXT_PACKET_IN2 | \
grep table_id=10 | wc -l`])
-AT_CHECK([test 1 = `as hv1 ovs-ofctl dump-flows br-int table=10 | grep arp | \
+AT_CHECK([test 1 = `as hv1 ovs-ofctl dump-flows br-int table=$learn_neigh |
grep arp | \
grep controller | grep -v n_packets=0 | wc -l`])
# Now send garp packet with different mac.
@@ -28217,11 +28239,14 @@ check ovn-nbctl set logical_router_policy $pol4
options:pkt_mark=4
check ovn-nbctl set logical_router_policy $pol5 options:pkt_mark=4294967295
check ovn-nbctl --wait=hv sync
+# Get the OF table numbers
+lr_policy=$(ovn-debug lflow-stage-to-oftable lr_in_policy)
+
ovn-sbctl dump-flows > sbflows
AT_CAPTURE_FILE([sbflows])
AT_CAPTURE_FILE([offlows])
OVS_WAIT_UNTIL([
- as hv1 ovs-ofctl dump-flows br-int table=23 > offlows
+ as hv1 ovs-ofctl dump-flows br-int table=$lr_policy > offlows
test $(grep -c "load:0x64->NXM_NX_PKT_MARK" offlows) = 1 && \
test $(grep -c "load:0x3->NXM_NX_PKT_MARK" offlows) = 1 && \
test $(grep -c "load:0x4->NXM_NX_PKT_MARK" offlows) = 1 && \
@@ -28319,12 +28344,12 @@ send_ipv4_pkt hv1 hv1-vif1 505400000003 00000000ff01 \
c3ad 83dc
OVS_WAIT_UNTIL([
- test 1 -eq $(as hv1 ovs-ofctl dump-flows br-int table=23 | \
+ test 1 -eq $(as hv1 ovs-ofctl dump-flows br-int table=$lr_policy | \
grep "load:0x2->NXM_NX_PKT_MARK" -c)
])
AT_CHECK([
- test 0 -eq $(as hv1 ovs-ofctl dump-flows br-int table=23 | \
+ test 0 -eq $(as hv1 ovs-ofctl dump-flows br-int table=$lr_policy | \
grep "load:0x64->NXM_NX_PKT_MARK" -c)
])
@@ -29015,25 +29040,29 @@ check ovn-nbctl --ecmp-symmetric-reply --policy="src-ip" lr-route-add GW 10.0.0.
wait_for_ports_up
check ovn-nbctl --wait=hv sync
+# Get the OF table numbers
+ecmp_stateful=$(ovn-debug lflow-stage-to-oftable lr_in_ecmp_stateful)
+arp_resolve=$(ovn-debug lflow-stage-to-oftable lr_in_arp_resolve)
+
# Ensure ECMP symmetric reply flows are not present on any hypervisor.
AT_CHECK([
- test 0 -eq $(as hv1 ovs-ofctl dump-flows br-int table=17 | \
+ test 0 -eq $(as hv1 ovs-ofctl dump-flows br-int table=$ecmp_stateful | \
grep "priority=100" | \
grep
"ct(commit,zone=NXM_NX_REG11\\[[0..15\\]],exec(move:NXM_OF_ETH_SRC\\[[\\]]->NXM_NX_CT_LABEL\\[[32..79\\]],load:0x[[0-9]]->NXM_NX_CT_LABEL\\[[80..95\\]]))"
-c)
])
AT_CHECK([
- test 0 -eq $(as hv1 ovs-ofctl dump-flows br-int table=25 | \
+ test 0 -eq $(as hv1 ovs-ofctl dump-flows br-int table=$arp_resolve | \
grep "priority=200" | \
grep "actions=move:NXM_NX_CT_LABEL\\[[32..79\\]]->NXM_OF_ETH_DST\\[[\\]]"
-c)
])
AT_CHECK([
- test 0 -eq $(as hv2 ovs-ofctl dump-flows br-int table=17 | \
+ test 0 -eq $(as hv2 ovs-ofctl dump-flows br-int table=$ecmp_stateful | \
grep "priority=100" | \
grep
"ct(commit,zone=NXM_NX_REG11\\[[0..15\\]],exec(move:NXM_OF_ETH_SRC\\[[\\]]->NXM_NX_CT_LABEL\\[[32..79\\]],load:0x[[0-9]]->NXM_NX_CT_LABEL\\[[80..95\\]]))"
-c)
])
AT_CHECK([
- test 0 -eq $(as hv2 ovs-ofctl dump-flows br-int table=25 | \
+ test 0 -eq $(as hv2 ovs-ofctl dump-flows br-int table=$arp_resolve | \
grep "priority=200" | \
grep "actions=move:NXM_NX_CT_LABEL\\[[32..79\\]]->NXM_OF_ETH_DST\\[[\\]]"
-c)
])
@@ -29051,11 +29080,11 @@ AT_CAPTURE_FILE([hv2flows])
AT_CHECK([
for hv in 1 2; do
- grep table=17 hv${hv}flows | \
+ grep table=$ecmp_stateful hv${hv}flows | \
grep "priority=100" | \
grep -c
"ct(commit,zone=NXM_NX_REG11\\[[0..15\\]],.*exec(move:NXM_OF_ETH_SRC\\[[\\]]->NXM_NX_CT_LABEL\\[[32..79\\]],load:0x[[0-9]]->NXM_NX_CT_MARK\\[[16..31\\]]))"
- grep table=25 hv${hv}flows | \
+ grep table=$arp_resolve hv${hv}flows | \
grep "priority=200" | \
grep -c
"move:NXM_NX_CT_LABEL\\[[\\]]->NXM_NX_XXREG1\\[[\\]],move:NXM_NX_XXREG1\\[[32..79\\]]->NXM_OF_ETH_DST"
done; :], [0], [dnl
@@ -29141,25 +29170,29 @@ check ovn-nbctl --ecmp-symmetric-reply
--policy="src-ip" lr-route-add GW 1001::/
wait_for_ports_up
check ovn-nbctl --wait=hv sync
+# Get the OF table numbers
+ecmp_stateful=$(ovn-debug lflow-stage-to-oftable lr_in_ecmp_stateful)
+arp_resolve=$(ovn-debug lflow-stage-to-oftable lr_in_arp_resolve)
+
# Ensure ECMP symmetric reply flows are not present on any hypervisor.
AT_CHECK([
- test 0 -eq $(as hv1 ovs-ofctl dump-flows br-int table=17 | \
+ test 0 -eq $(as hv1 ovs-ofctl dump-flows br-int table=$ecmp_stateful | \
grep "priority=100" | \
grep
"ct(commit,zone=NXM_NX_REG11\\[[0..15\\]],exec(move:NXM_OF_ETH_SRC\\[[\\]]->NXM_NX_CT_LABEL\\[[32..79\\]],load:0x[[0-9]]->NXM_NX_CT_LABEL\\[[80..95\\]]))"
-c)
])
AT_CHECK([
- test 0 -eq $(as hv1 ovs-ofctl dump-flows br-int table=25 | \
+ test 0 -eq $(as hv1 ovs-ofctl dump-flows br-int table=$arp_resolve | \
grep "priority=200" | \
grep "actions=move:NXM_NX_CT_LABEL\\[[32..79\\]]->NXM_OF_ETH_DST\\[[\\]]"
-c)
])
AT_CHECK([
- test 0 -eq $(as hv2 ovs-ofctl dump-flows br-int table=17 | \
+ test 0 -eq $(as hv2 ovs-ofctl dump-flows br-int table=$ecmp_stateful | \
grep "priority=100" | \
grep
"ct(commit,zone=NXM_NX_REG11\\[[0..15\\]],exec(move:NXM_OF_ETH_SRC\\[[\\]]->NXM_NX_CT_LABEL\\[[32..79\\]],load:0x[[0-9]]->NXM_NX_CT_MARK\\[[16..31\\]]))"
-c)
])
AT_CHECK([
- test 0 -eq $(as hv2 ovs-ofctl dump-flows br-int table=25 | \
+ test 0 -eq $(as hv2 ovs-ofctl dump-flows br-int table=$arp_resolve | \
grep "priority=200" | \
grep "actions=move:NXM_NX_CT_LABEL\\[[\\]]->NXM_OF_ETH_DST\\[[\\]]" -c)
])
@@ -29176,11 +29209,11 @@ AT_CAPTURE_FILE([hv2flows])
AT_CHECK([
for hv in 1 2; do
- grep table=17 hv${hv}flows | \
+ grep table=$ecmp_stateful hv${hv}flows | \
grep "priority=100" | \
grep -c
"ct(commit,zone=NXM_NX_REG11\\[[0..15\\]],.*exec(move:NXM_OF_ETH_SRC\\[[\\]]->NXM_NX_CT_LABEL\\[[32..79\\]],load:0x[[0-9]]->NXM_NX_CT_MARK\\[[16..31\\]]))"
- grep table=25 hv${hv}flows | \
+ grep table=$arp_resolve hv${hv}flows | \
grep "priority=200" | \
grep -c
"move:NXM_NX_CT_LABEL\\[[\\]]->NXM_NX_XXREG1\\[[\\]],move:NXM_NX_XXREG1\\[[32..79\\]]->NXM_OF_ETH_DST"
done; :], [0], [dnl
@@ -29628,6 +29661,9 @@ OVN_POPULATE_ARP
wait_for_ports_up
ovn-nbctl --wait=hv sync
+# Get the OF table numbers
+arp_resolve=$(ovn-debug lflow-stage-to-oftable lr_in_arp_resolve)
+
sw_key=$(ovn-sbctl --bare --columns tunnel_key list datapath_binding r1)
echo sw_key: $sw_key
@@ -29647,7 +29683,7 @@ AT_CHECK([as hv1 ovs-ofctl dump-flows br-int | grep
"actions=controller" | grep
])
# The packet should have been dropped in the lr_in_ip_input stage.
-AT_CHECK([as hv1 ovs-ofctl dump-flows br-int | grep -E "table=11, n_packets=1,.*
priority=60,ip,metadata=0x${sw_key},nw_dst=10.0.1.1 actions=drop" -c], [0], [dnl
+AT_CHECK([as hv1 ovs-ofctl dump-flows br-int | grep -E "table=$(ovn-debug
lflow-stage-to-oftable lr_in_ip_input), n_packets=1,.*
priority=60,ip,metadata=0x${sw_key},nw_dst=10.0.1.1 actions=drop" -c], [0], [dnl
1
])
@@ -29677,7 +29713,7 @@ if test X"$1" = X"DGP"; then
else
prio=2
fi
-AT_CHECK([as hv1 ovs-ofctl dump-flows br-int | grep -E "table=25, n_packets=1,.*
priority=$prio,ip,$inport.*$outport.*metadata=0x${sw_key},nw_dst=10.0.1.1
actions=drop" -c], [0], [dnl
+AT_CHECK([as hv1 ovs-ofctl dump-flows br-int | grep -E "table=$arp_resolve,
n_packets=1,.* priority=$prio,ip,$inport.*$outport.*metadata=0x${sw_key},nw_dst=10.0.1.1
actions=drop" -c], [0], [dnl
1
])
@@ -29696,13 +29732,13 @@ AT_CHECK([as hv1 ovs-ofctl dump-flows br-int | grep "actions=controller" | grep
if test X"$1" = X"DGP"; then
# The packet dst should be resolved once for E/W centralized NAT purpose.
- AT_CHECK([as hv1 ovs-ofctl dump-flows br-int | grep -E "table=25,
n_packets=1,.* priority=100,reg0=0xa000101,reg15=.*metadata=0x${sw_key}
actions=mod_dl_dst:00:00:00:00:01:01,resubmit" -c], [0], [dnl
+ AT_CHECK([as hv1 ovs-ofctl dump-flows br-int | grep -E "table=$arp_resolve,
n_packets=1,.* priority=100,reg0=0xa000101,reg15=.*metadata=0x${sw_key}
actions=mod_dl_dst:00:00:00:00:01:01,resubmit" -c], [0], [dnl
1
])
fi
# The packet should've been finally dropped in the lr_in_arp_resolve stage.
-AT_CHECK([as hv1 ovs-ofctl dump-flows br-int | grep -E "table=25, n_packets=2,.*
priority=$prio,ip,$inport.*$outport.*metadata=0x${sw_key},nw_dst=10.0.1.1
actions=drop" -c], [0], [dnl
+AT_CHECK([as hv1 ovs-ofctl dump-flows br-int | grep -E "table=$arp_resolve,
n_packets=2,.* priority=$prio,ip,$inport.*$outport.*metadata=0x${sw_key},nw_dst=10.0.1.1
actions=drop" -c], [0], [dnl
1
])
OVN_CLEANUP([hv1])
@@ -31481,47 +31517,50 @@ ovn-nbctl --wait=hv pg-set-ports pg1 sw0-p1 sw0-p2
sw0-p3 sw0-p4
AT_CHECK([kill -0 $(cat hv1/ovn-controller.pid)])
check ovn-nbctl --wait=hv sync
+# Get the OF table numbers
+acl_eval=$(ovn-debug lflow-stage-to-oftable ls_out_acl_eval)
+
# Check OVS flows are installed properly.
-AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=46 | ofctl_strip_all | \
+AT_CHECK_UNQUOTED([as hv1 ovs-ofctl dump-flows br-int table=$acl_eval |
ofctl_strip_all | \
grep "priority=2002" | grep conjunction | \
sed 's/conjunction([[^)]]*)/conjunction()/g' | \
sed 's/reg15=0x[[1-9]]/reg15=0xN/g' | sort], [0], [dnl
- table=46,
priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x10/0xfff0
actions=conjunction()
- table=46,
priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x100/0xff00
actions=conjunction()
- table=46,
priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x1000/0xf000
actions=conjunction()
- table=46,
priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x2/0xfffe
actions=conjunction()
- table=46,
priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x20/0xffe0
actions=conjunction()
- table=46,
priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x200/0xfe00
actions=conjunction()
- table=46,
priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x2000/0xe000
actions=conjunction()
- table=46,
priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x4/0xfffc
actions=conjunction()
- table=46,
priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x40/0xffc0
actions=conjunction()
- table=46,
priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x400/0xfc00
actions=conjunction()
- table=46,
priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x4000/0xc000
actions=conjunction()
- table=46,
priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x8/0xfff8
actions=conjunction()
- table=46,
priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x80/0xff80
actions=conjunction()
- table=46,
priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x800/0xf800
actions=conjunction()
- table=46,
priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x8000/0x8000
actions=conjunction()
- table=46,
priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=1
actions=conjunction()
- table=46,
priority=2002,udp,reg0=0x100/0x100,reg15=0xN,metadata=0x1,nw_src=192.168.47.4
actions=conjunction()
- table=46,
priority=2002,udp,reg0=0x100/0x100,reg15=0xN,metadata=0x1,nw_src=192.168.47.4
actions=conjunction()
- table=46,
priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x10/0xfff0
actions=conjunction()
- table=46,
priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x100/0xff00
actions=conjunction()
- table=46,
priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x1000/0xf000
actions=conjunction()
- table=46,
priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x2/0xfffe
actions=conjunction()
- table=46,
priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x20/0xffe0
actions=conjunction()
- table=46,
priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x200/0xfe00
actions=conjunction()
- table=46,
priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x2000/0xe000
actions=conjunction()
- table=46,
priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x4/0xfffc
actions=conjunction()
- table=46,
priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x40/0xffc0
actions=conjunction()
- table=46,
priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x400/0xfc00
actions=conjunction()
- table=46,
priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x4000/0xc000
actions=conjunction()
- table=46,
priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x8/0xfff8
actions=conjunction()
- table=46,
priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x80/0xff80
actions=conjunction()
- table=46,
priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x800/0xf800
actions=conjunction()
- table=46,
priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x8000/0x8000
actions=conjunction()
- table=46,
priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=1
actions=conjunction()
- table=46,
priority=2002,udp,reg0=0x80/0x80,reg15=0xN,metadata=0x1,nw_src=192.168.47.4
actions=conjunction()
- table=46,
priority=2002,udp,reg0=0x80/0x80,reg15=0xN,metadata=0x1,nw_src=192.168.47.4
actions=conjunction()
+ table=$acl_eval,
priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x10/0xfff0
actions=conjunction()
+ table=$acl_eval,
priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x100/0xff00
actions=conjunction()
+ table=$acl_eval,
priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x1000/0xf000
actions=conjunction()
+ table=$acl_eval,
priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x2/0xfffe
actions=conjunction()
+ table=$acl_eval,
priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x20/0xffe0
actions=conjunction()
+ table=$acl_eval,
priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x200/0xfe00
actions=conjunction()
+ table=$acl_eval,
priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x2000/0xe000
actions=conjunction()
+ table=$acl_eval,
priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x4/0xfffc
actions=conjunction()
+ table=$acl_eval,
priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x40/0xffc0
actions=conjunction()
+ table=$acl_eval,
priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x400/0xfc00
actions=conjunction()
+ table=$acl_eval,
priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x4000/0xc000
actions=conjunction()
+ table=$acl_eval,
priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x8/0xfff8
actions=conjunction()
+ table=$acl_eval,
priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x80/0xff80
actions=conjunction()
+ table=$acl_eval,
priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x800/0xf800
actions=conjunction()
+ table=$acl_eval,
priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x8000/0x8000
actions=conjunction()
+ table=$acl_eval,
priority=2002,udp,reg0=0x100/0x100,metadata=0x1,nw_src=192.168.47.4,tp_dst=1
actions=conjunction()
+ table=$acl_eval,
priority=2002,udp,reg0=0x100/0x100,reg15=0xN,metadata=0x1,nw_src=192.168.47.4
actions=conjunction()
+ table=$acl_eval,
priority=2002,udp,reg0=0x100/0x100,reg15=0xN,metadata=0x1,nw_src=192.168.47.4
actions=conjunction()
+ table=$acl_eval,
priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x10/0xfff0
actions=conjunction()
+ table=$acl_eval,
priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x100/0xff00
actions=conjunction()
+ table=$acl_eval,
priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x1000/0xf000
actions=conjunction()
+ table=$acl_eval,
priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x2/0xfffe
actions=conjunction()
+ table=$acl_eval,
priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x20/0xffe0
actions=conjunction()
+ table=$acl_eval,
priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x200/0xfe00
actions=conjunction()
+ table=$acl_eval,
priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x2000/0xe000
actions=conjunction()
+ table=$acl_eval,
priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x4/0xfffc
actions=conjunction()
+ table=$acl_eval,
priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x40/0xffc0
actions=conjunction()
+ table=$acl_eval,
priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x400/0xfc00
actions=conjunction()
+ table=$acl_eval,
priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x4000/0xc000
actions=conjunction()
+ table=$acl_eval,
priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x8/0xfff8
actions=conjunction()
+ table=$acl_eval,
priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x80/0xff80
actions=conjunction()
+ table=$acl_eval,
priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x800/0xf800
actions=conjunction()
+ table=$acl_eval,
priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=0x8000/0x8000
actions=conjunction()
+ table=$acl_eval,
priority=2002,udp,reg0=0x80/0x80,metadata=0x1,nw_src=192.168.47.4,tp_dst=1
actions=conjunction()
+ table=$acl_eval,
priority=2002,udp,reg0=0x80/0x80,reg15=0xN,metadata=0x1,nw_src=192.168.47.4
actions=conjunction()
+ table=$acl_eval,
priority=2002,udp,reg0=0x80/0x80,reg15=0xN,metadata=0x1,nw_src=192.168.47.4
actions=conjunction()
])
OVN_CLEANUP([hv1])
@@ -32696,7 +32735,11 @@ ovs-vsctl add-port br-int lsp0-0 -- set interface
lsp0-0 external_ids:iface-id=l
ovs-vsctl add-port br-int lsp0-1 -- set interface lsp0-1
external_ids:iface-id=lsp0-1
check ovn-nbctl --wait=hv sync
-AT_CHECK([test $(ovs-ofctl dump-flows br-int table=46 | grep conjunction | wc
-l) == 22])
+
+# Get the OF table numbers
+acl_eval=$(ovn-debug lflow-stage-to-oftable ls_out_acl_eval)
+
+AT_CHECK([test $(ovs-ofctl dump-flows br-int table=$acl_eval | grep
conjunction | wc -l) == 22])
# Save the current lflow_run counter
lflow_run=$(ovn-appctl -t ovn-controller coverage/read-counter lflow_run)
@@ -32706,7 +32749,7 @@ lflow_run=$(ovn-appctl -t ovn-controller
coverage/read-counter lflow_run)
# 1. Remove half of the ports from pg1. The excepted conjunction flows should
be:
# 2 + 10 = 12
check ovn-nbctl --wait=hv pg-set-ports pg1 $(for i in 0 1 2 3 4; do for j in
0 1; do echo lsp${i}-${j}; done; done)
-AT_CHECK([test $(ovs-ofctl dump-flows br-int table=46 | grep conjunction | wc
-l) == 12])
+AT_CHECK([test $(ovs-ofctl dump-flows br-int table=$acl_eval | grep
conjunction | wc -l) == 12])
# 2. Unbind lsp0-0. The there shouldn't be any conjunction flows because the
# port group const set should have only one member (lsp0-1). And the total
@@ -32714,25 +32757,25 @@ AT_CHECK([test $(ovs-ofctl dump-flows br-int table=46
| grep conjunction | wc -l
# 10.
ovs-vsctl del-port br-int lsp0-0
check ovn-nbctl --wait=hv sync
-AT_CHECK([test $(ovs-ofctl dump-flows br-int table=46 | grep conjunction | wc
-l) == 0])
-AT_CHECK([test $(ovs-ofctl dump-flows br-int table=46 | grep 192.168 | wc -l)
== 10])
+AT_CHECK([test $(ovs-ofctl dump-flows br-int table=$acl_eval | grep
conjunction | wc -l) == 0])
+AT_CHECK([test $(ovs-ofctl dump-flows br-int table=$acl_eval | grep 192.168 |
wc -l) == 10])
# 3. Rebind lsp0-0. The expected conjunction flows are back to 12.
ovs-vsctl add-port br-int lsp0-0 -- set interface lsp0-0
external_ids:iface-id=lsp0-0
check ovn-nbctl --wait=hv sync
-AT_CHECK([test $(ovs-ofctl dump-flows br-int table=46 | grep conjunction | wc
-l) == 12])
+AT_CHECK([test $(ovs-ofctl dump-flows br-int table=$acl_eval | grep
conjunction | wc -l) == 12])
# 4. Bind a lsp (lsp9-0) that doesn't belong to pg1, should not see any change.
ovs-vsctl add-port br-int lsp9-0 -- set interface lsp9-0
external_ids:iface-id=lsp9-0
check ovn-nbctl --wait=hv sync
-AT_CHECK([test $(ovs-ofctl dump-flows br-int table=46 | grep conjunction | wc
-l) == 12])
+AT_CHECK([test $(ovs-ofctl dump-flows br-int table=$acl_eval | grep
conjunction | wc -l) == 12])
# 5. Bind another 2 lsps (lsp1-0 lsp1-1) that belong to pg1 and on a different
# LS (ls1), should see conjunction flows doubled (12 x 2 = 24)
ovs-vsctl add-port br-int lsp1-0 -- set interface lsp1-0
external_ids:iface-id=lsp1-0
ovs-vsctl add-port br-int lsp1-1 -- set interface lsp1-1
external_ids:iface-id=lsp1-1
check ovn-nbctl --wait=hv sync
-AT_CHECK([test $(ovs-ofctl dump-flows br-int table=46 | grep conjunction | wc
-l) == 24])
+AT_CHECK([test $(ovs-ofctl dump-flows br-int table=$acl_eval | grep
conjunction | wc -l) == 24])
# 6. Simulate a SB port-group "del and add" notification to ovn-controller in the
# same IDL iteration. ovn-controller should still program the same flows.
In
@@ -32757,7 +32800,7 @@ for i in $(seq 1 10); do
check ovn-nbctl --wait=hv sync
# Finally check flow count is the same as before.
- AT_CHECK([test $(ovs-ofctl dump-flows br-int table=46 | grep conjunction |
wc -l) == 24])
+ AT_CHECK([test $(ovs-ofctl dump-flows br-int table=$acl_eval | grep
conjunction | wc -l) == 24])
done
# Make sure all the above was performed with I-P (no recompute)
@@ -32802,15 +32845,18 @@ check ovs-vsctl add-port br-int vm1 \
wait_for_ports_up
check ovn-nbctl --wait=hv sync
+# Get the OF table numbers
+acl_eval=$(ovn-debug lflow-stage-to-oftable ls_in_acl_eval)
+
dp_key=$(fetch_column Datapath_Binding tunnel_key external_ids:name=ls)
rtr_port_key=$(fetch_column Port_Binding tunnel_key logical_port=ls_lr)
-ovs-ofctl dump-flows br-int table=16 | grep "reg14=0x${rtr_port_key},metadata=0x${dp_key},nw_dst=42.42.42.42"
+ovs-ofctl dump-flows br-int table=$acl_eval | grep
"reg14=0x${rtr_port_key},metadata=0x${dp_key},nw_dst=42.42.42.42"
# Check that ovn-controller adds a flow to drop packets with dest IP
# 42.42.42.42 coming from the router port.
-AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=16 | ofctl_strip_all | \
+AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=$acl_eval |
ofctl_strip_all | \
grep "reg14=0x${rtr_port_key},metadata=0x${dp_key},nw_dst=42.42.42.42"],
[0], [dnl
- table=16,
priority=1001,ip,reg14=0x${rtr_port_key},metadata=0x${dp_key},nw_dst=42.42.42.42
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,17)
+ table=$acl_eval,
priority=1001,ip,reg14=0x${rtr_port_key},metadata=0x${dp_key},nw_dst=42.42.42.42
actions=load:0x1->OXM_OF_PKT_REG4[[49]],resubmit(,$(ovn-debug
lflow-stage-to-oftable ls_in_acl_action))
])
OVN_CLEANUP([hv1])
@@ -33165,8 +33211,12 @@ check ovn-nbctl acl-add lsw0 to-lport 1002 'outport == "lp2"
&& ip4.src == 10.0.
# The first ACL should be programmed, but the second one shouldn't.
check ovn-nbctl --wait=hv sync
-AT_CHECK([ovs-ofctl dump-flows br-int table=46 | grep 10.0.0.111], [0],
[ignore])
-AT_CHECK([ovs-ofctl dump-flows br-int table=46 | grep 10.0.0.122], [1],
[ignore])
+
+# Get the OF table numbers
+acl_eval=$(ovn-debug lflow-stage-to-oftable ls_out_acl_eval)
+
+AT_CHECK([ovs-ofctl dump-flows br-int table=$acl_eval | grep 10.0.0.111], [0],
[ignore])
+AT_CHECK([ovs-ofctl dump-flows br-int table=$acl_eval | grep 10.0.0.122], [1],
[ignore])
# Now create the lport lp2.
check ovn-nbctl lsp-add lsw0 lp2 \
@@ -33174,12 +33224,12 @@ check ovn-nbctl lsp-add lsw0 lp2 \
check ovn-nbctl --wait=hv sync
# Now the second ACL should be programmed.
-AT_CHECK([ovs-ofctl dump-flows br-int table=46 | grep 10.0.0.122], [0],
[ignore])
+AT_CHECK([ovs-ofctl dump-flows br-int table=$acl_eval | grep 10.0.0.122], [0],
[ignore])
# Remove the lport lp2 again, the OVS flow for the second ACL should be
# removed.
check ovn-nbctl --wait=hv lsp-del lp2
-AT_CHECK([ovs-ofctl dump-flows br-int table=46 | grep 10.0.0.122], [1],
[ignore])
+AT_CHECK([ovs-ofctl dump-flows br-int table=$acl_eval | grep 10.0.0.122], [1],
[ignore])
# Test similar scenario but when the referenced lport is not bound locally.
@@ -33193,8 +33243,8 @@ check ovn-nbctl acl-add lsw0 to-lport 1002 'inport == "lp4" && ip4.dst == 10.0.0
# The ACL for lp3 should be programmed, but the one for lp4 shouldn't.
check ovn-nbctl --wait=hv sync
-AT_CHECK([ovs-ofctl dump-flows br-int table=46 | grep 10.0.0.133], [0],
[ignore])
-AT_CHECK([ovs-ofctl dump-flows br-int table=46 | grep 10.0.0.144], [1],
[ignore])
+AT_CHECK([ovs-ofctl dump-flows br-int table=$acl_eval | grep 10.0.0.133], [0],
[ignore])
+AT_CHECK([ovs-ofctl dump-flows br-int table=$acl_eval | grep 10.0.0.144], [1],
[ignore])
# Now create the lport lp4.
check ovn-nbctl lsp-add lsw0 lp4 \
@@ -33202,7 +33252,7 @@ check ovn-nbctl lsp-add lsw0 lp4 \
# Now the ACL for lp4 should be programmed.
check ovn-nbctl --wait=hv sync
-AT_CHECK([ovs-ofctl dump-flows br-int table=46 | grep 10.0.0.144], [0],
[ignore])
+AT_CHECK([ovs-ofctl dump-flows br-int table=$acl_eval | grep 10.0.0.144], [0],
[ignore])
OVN_CLEANUP([hv1])
AT_CLEANUP
@@ -33564,16 +33614,19 @@ done
check ovn-nbctl --wait=hv sync
+# Get the OF table numbers
+arp_rsp=$(ovn-debug lflow-stage-to-oftable ls_in_arp_rsp)
+
# hv0 should see flows for lsp1 but not lsp2
-AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=29 | grep 10.0.1.2], [0],
[ignore])
-AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=29 | grep 10.0.2.2], [1])
+AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=$arp_rsp | grep 10.0.1.2],
[0], [ignore])
+AT_CHECK([as hv1 ovs-ofctl dump-flows br-int table=$arp_rsp | grep 10.0.2.2],
[1])
# hv2 should see flows for lsp2 but not lsp1
-AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=29 | grep 10.0.2.2], [0],
[ignore])
-AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=29 | grep 10.0.1.2], [1])
+AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=$arp_rsp | grep 10.0.2.2],
[0], [ignore])
+AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=$arp_rsp | grep 10.0.1.2],
[1])
# Change lrp_lr_ls1 to a regular lrp, hv2 should see flows for lsp1
check ovn-nbctl --wait=hv lrp-del-gateway-chassis lrp_lr_ls1 hv1
-AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=29 | grep 10.0.1.2], [0],
[ignore])
+AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=$arp_rsp | grep 10.0.1.2],
[0], [ignore])
# Change it back, and trigger recompute to make sure extra flows are removed
# from hv2 (recompute is needed because currently I-P adds local datapaths but
@@ -33581,11 +33634,11 @@ AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=29
| grep 10.0.1.2], [0], [ig
check ovn-nbctl --wait=hv lrp-set-gateway-chassis lrp_lr_ls1 hv1 1
as hv2 check ovn-appctl -t ovn-controller recompute
ovn-nbctl --wait=hv sync
-AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=29 | grep 10.0.1.2], [1])
+AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=$arp_rsp | grep 10.0.1.2],
[1])
# Enable dnat_and_snat on lr, and now hv2 should see flows for lsp1.
AT_CHECK([ovn-nbctl --wait=hv --gateway-port=lrp_lr_ls1 lr-nat-add lr
dnat_and_snat 192.168.0.1 10.0.1.3 lsp1 f0:00:00:00:00:03])
-AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=29 | grep 10.0.1.2], [0],
[ignore])
+AT_CHECK([as hv2 ovs-ofctl dump-flows br-int table=$arp_rsp | grep 10.0.1.2],
[0], [ignore])
OVN_CLEANUP([hv1],[hv2])
AT_CLEANUP
@@ -35668,6 +35721,10 @@ check ovs-vsctl add-port br-int p2 -- set interface p2
external_ids:iface-id=lsp
wait_for_ports_up
ovn-nbctl --wait=hv sync
+# Get the OF table numbers
+acl_eval=$(ovn-debug lflow-stage-to-oftable ls_in_acl_eval)
+acl_action=$(ovn-debug lflow-stage-to-oftable ls_in_acl_action)
+
dnl Ensure the ACL is not translated to OpenFlow.
as hv1
AT_CHECK([ovs-ofctl dump-flows br-int | grep '42\.42\.42\.42'], [1], [])
@@ -35681,14 +35738,14 @@ lsp2=0x$(fetch_column Port_Binding tunnel_key
logical_port=lsp2)
dnl Ensure the ACL is translated to OpenFlows expanding pg1.
as hv1
AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int | grep '42\.42\.42\.42' |
ofctl_strip_all], [0], [dnl
- table=16, priority=1001,ip,reg14=$lsp1,metadata=0x1,nw_src=42.42.42.42
actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,17)
- table=16, priority=1001,ip,reg14=$lsp2,metadata=0x1,nw_src=42.42.42.42
actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,17)
+ table=$acl_eval, priority=1001,ip,reg14=$lsp1,metadata=0x1,nw_src=42.42.42.42
actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,$acl_action)
+ table=$acl_eval, priority=1001,ip,reg14=$lsp2,metadata=0x1,nw_src=42.42.42.42
actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,$acl_action)
])
dnl Remove a port from pg1 and expect OpenFlows to be correctly updated.
check ovn-nbctl --wait=hv pg-set-ports pg1 lsp2
AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int | grep '42\.42\.42\.42' |
ofctl_strip_all], [0], [dnl
- table=16, priority=1001,ip,reg14=$lsp2,metadata=0x1,nw_src=42.42.42.42
actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,17)
+ table=$acl_eval, priority=1001,ip,reg14=$lsp2,metadata=0x1,nw_src=42.42.42.42
actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,$acl_action)
])
dnl Change the Chassis_Template_Var mapping to use the address set.
@@ -35697,14 +35754,14 @@ check ovn-nbctl --wait=hv set Chassis_Template_Var
hv1 variables:CONDITION='ip4.
dnl Ensure the ACL is translated to OpenFlows expanding as1.
as hv1
AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int | grep '42\.42\.42\.42' |
ofctl_strip_all], [0], [dnl
- table=16, priority=1001,ip,metadata=0x1,nw_src=42.42.42.42,nw_dst=1.1.1.1
actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,17)
- table=16, priority=1001,ip,metadata=0x1,nw_src=42.42.42.42,nw_dst=1.1.1.2
actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,17)
+ table=$acl_eval, priority=1001,ip,metadata=0x1,nw_src=42.42.42.42,nw_dst=1.1.1.1
actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,$acl_action)
+ table=$acl_eval, priority=1001,ip,metadata=0x1,nw_src=42.42.42.42,nw_dst=1.1.1.2
actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,$acl_action)
])
dnl Remove an IP from AS1 and expect OpenFlows to be correctly updated.
check ovn-nbctl --wait=hv set address_set as1 addresses=\"1.1.1.1\"
AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int | grep '42\.42\.42\.42' |
ofctl_strip_all], [0], [dnl
- table=16, priority=1001,ip,metadata=0x1,nw_src=42.42.42.42,nw_dst=1.1.1.1
actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,17)
+ table=$acl_eval, priority=1001,ip,metadata=0x1,nw_src=42.42.42.42,nw_dst=1.1.1.1
actions=load:0x1->OXM_OF_PKT_REG4[[48]],resubmit(,$acl_action)
])
dnl Remove the mapping and expect OpenFlows to be removed.
diff --git a/tests/system-ovn-kmod.at b/tests/system-ovn-kmod.at
index 14fe4ecec..41d548201 100644
--- a/tests/system-ovn-kmod.at
+++ b/tests/system-ovn-kmod.at
@@ -112,6 +112,10 @@ NETNS_DAEMONIZE([bar1], [nc -l -k 192.168.2.2 80],
[nc-bar1.pid])
# Wait for ovn-controller to catch up.
ovn-nbctl --wait=hv sync
+
+# Get the OF table numbers
+dnat=$(ovn-debug lflow-stage-to-oftable lr_in_dnat)
+
OVS_WAIT_UNTIL([ovs-ofctl -O OpenFlow13 dump-groups br-int | \
grep 'nat(dst=192.168.2.2:80)'])
@@ -151,8 +155,8 @@ AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=OFTABLE_CHK_LB_AFFINITY --n
])
check_affinity_flows () {
-n1=$(ovs-ofctl dump-flows br-int table=15 |awk
'/priority=150,ct_state=\+new\+trk,ip,reg4=0xc0a80102,.*nw_dst=172.16.1.100/{print
substr($4,11,length($4)-11)}')
-n2=$(ovs-ofctl dump-flows br-int table=15 |awk
'/priority=150,ct_state=\+new\+trk,ip,reg4=0xc0a80202,.*nw_dst=172.16.1.100/{print
substr($4,11,length($4)-11)}')
+n1=$(ovs-ofctl dump-flows br-int table=$dnat |awk
'/priority=150,ct_state=\+new\+trk,ip,reg4=0xc0a80102,.*nw_dst=172.16.1.100/{print
substr($4,11,length($4)-11)}')
+n2=$(ovs-ofctl dump-flows br-int table=$dnat |awk
'/priority=150,ct_state=\+new\+trk,ip,reg4=0xc0a80202,.*nw_dst=172.16.1.100/{print
substr($4,11,length($4)-11)}')
[[ $n1 -gt 0 -a $n2 -eq 0 ]] || [[ $n1 -eq 0 -a $n2 -gt 0 ]]
echo $?
}
@@ -404,6 +408,10 @@ ovn-nbctl lr-lb-add R2 lb10-no-aff
# Wait for ovn-controller to catch up.
ovn-nbctl --wait=hv sync
+
+# Get the OF table numbers
+dnat=$(ovn-debug lflow-stage-to-oftable lr_in_dnat)
+
OVS_WAIT_UNTIL([ovs-ofctl -O OpenFlow13 dump-groups br-int | \
grep 'nat(dst=\[[fd11::2\]]:80)'])
@@ -448,8 +456,8 @@ AT_CHECK_UNQUOTED([ovs-ofctl dump-flows br-int table=OFTABLE_CHK_LB_AFFINITY --n
])
check_affinity_flows () {
-n1=$(ovs-ofctl dump-flows br-int table=15 |awk
'/priority=150,ct_state=\+new\+trk,ipv6,reg4=0xfd110000,.*ipv6_dst=fd30::1\s/{print
substr($4,11,length($4)-11)}')
-n2=$(ovs-ofctl dump-flows br-int table=15 |awk
'/priority=150,ct_state=\+new\+trk,ipv6,reg4=0xfd120000,.*ipv6_dst=fd30::1\s/{print
substr($4,11,length($4)-11)}')
+n1=$(ovs-ofctl dump-flows br-int table=$dnat |awk
'/priority=150,ct_state=\+new\+trk,ipv6,reg4=0xfd110000,.*ipv6_dst=fd30::1\s/{print
substr($4,11,length($4)-11)}')
+n2=$(ovs-ofctl dump-flows br-int table=$dnat |awk
'/priority=150,ct_state=\+new\+trk,ipv6,reg4=0xfd120000,.*ipv6_dst=fd30::1\s/{print
substr($4,11,length($4)-11)}')
[[ $n1 -gt 0 -a $n2 -eq 0 ]] || [[ $n1 -eq 0 -a $n2 -gt 0 ]]
echo $?
}
diff --git a/tests/system-ovn.at b/tests/system-ovn.at
index c22c7882f..e1373f185 100644
--- a/tests/system-ovn.at
+++ b/tests/system-ovn.at
@@ -2168,6 +2168,10 @@ ovn-nbctl -- --id=@nat create nat type="snat"
logical_ip=192.168.2.2 \
# Wait for ovn-controller to catch up.
ovn-nbctl --wait=hv sync
+
+# Get the OF table numbers
+snat=$(ovn-debug lflow-stage-to-oftable lr_out_snat)
+
OVS_WAIT_UNTIL([ovs-ofctl -O OpenFlow13 dump-groups br-int | \
grep 'nat(dst=192.168.2.2:80)'])
@@ -2204,7 +2208,7 @@ tcp,orig=(src=172.16.1.2,dst=30.0.0.2,sport=<cleared>,dport=<cleared>),reply=(sr
])
check_est_flows () {
- n=$(ovs-ofctl dump-flows br-int table=13 | grep \
+ n=$(ovs-ofctl dump-flows br-int table=$(ovn-debug lflow-stage-to-oftable
lr_in_defrag) | grep \
"priority=100,tcp,metadata=0x2,nw_dst=30.0.0.2" | grep nat |
sed -n 's/.*n_packets=\([[0-9]]\{1,\}\).*/\1/p')
@@ -2230,7 +2234,7 @@ ovn-nbctl set load_balancer $uuid vips:'"30.0.0.2:8000"'='"192.168.1.2:80,192.16
ovn-nbctl list load_balancer
ovn-sbctl dump-flows R2
-OVS_WAIT_UNTIL([ovs-ofctl -O OpenFlow13 dump-flows br-int table=45 | \
+OVS_WAIT_UNTIL([ovs-ofctl -O OpenFlow13 dump-flows br-int table=$snat | \
grep 'nat(src=20.0.0.2)'])
check ovs-appctl dpctl/flush-conntrack
@@ -2269,7 +2273,7 @@ ovn-nbctl set load_balancer $uuid
vips:'"30.0.0.2:8000"'='"192.168.1.2:80,192.16
ovn-nbctl list load_balancer
ovn-sbctl dump-flows R2
-OVS_WAIT_UNTIL([ovs-ofctl -O OpenFlow13 dump-flows br-int table=45 | \
+OVS_WAIT_UNTIL([ovs-ofctl -O OpenFlow13 dump-flows br-int table=$snat | \
grep 'nat(src=20.0.0.2)'])
rm -f wget*.log
@@ -5055,7 +5059,7 @@ OVS_WAIT_UNTIL([
])
OVS_WAIT_UNTIL([
- n_pkt=$(ovs-ofctl dump-flows br-int table=46 | grep -v n_packets=0 | \
+ n_pkt=$(ovs-ofctl dump-flows br-int table=$(ovn-debug
lflow-stage-to-oftable ls_out_acl_eval) | grep -v n_packets=0 | \
grep controller | grep tp_dst=84 -c)
test $n_pkt -eq 1
])
@@ -5302,7 +5306,7 @@ OVS_WAIT_UNTIL([
])
OVS_WAIT_UNTIL([
- n_pkt=$(ovs-ofctl dump-flows br-int table=46 | grep -v n_packets=0 | \
+ n_pkt=$(ovs-ofctl dump-flows br-int table=$(ovn-debug
lflow-stage-to-oftable ls_out_acl_eval) | grep -v n_packets=0 | \
grep controller | grep tp_dst=84 -c)
test $n_pkt -eq 1
])
@@ -8818,7 +8822,7 @@ ovn-sbctl list ip_multicast
wait_igmp_flows_installed()
{
- OVS_WAIT_UNTIL([ovs-ofctl dump-flows br-int table=35 | \
+ OVS_WAIT_UNTIL([ovs-ofctl dump-flows br-int table=$(ovn-debug
lflow-stage-to-oftable ls_in_l2_lkup) | \
grep 'priority=90' | grep "nw_dst=$1"])
}
@@ -12029,7 +12033,7 @@ sctp,orig=(src=172.16.1.2,dst=30.0.0.2,sport=<cleared>,dport=<cleared>),reply=(s
])
check_est_flows () {
- n=$(ovs-ofctl dump-flows br-int table=15 | grep "+est" \
+ n=$(ovs-ofctl dump-flows br-int table=$(ovn-debug lflow-stage-to-oftable lr_in_dnat)
| grep "+est" \
| grep "ct_mark=$1" | sed -n 's/.*n_packets=\([[0-9]]\{1,\}\).*/\1/p')
echo "n_packets=$n"
@@ -12055,7 +12059,7 @@ ovn-nbctl set load_balancer $uuid
vips:'"30.0.0.2:8000"'='"192.168.1.2:12345,192
ovn-nbctl list load_balancer
ovn-sbctl dump-flows R2
-OVS_WAIT_UNTIL([ovs-ofctl -O OpenFlow13 dump-flows br-int table=45 | grep
'nat(src=20.0.0.2)'])
+OVS_WAIT_UNTIL([ovs-ofctl -O OpenFlow13 dump-flows br-int table=$(ovn-debug
lflow-stage-to-oftable lr_out_snat) | grep 'nat(src=20.0.0.2)'])
dnl Test load-balancing that includes L4 ports in NAT.
for i in `seq 1 20`; do
