The order of Port Binding key generation is not guaranteed, and
it might happen that sw0p1 and sw0p2 get different value than
the hardcoded 1 and 2 (e.g. 2 and 1).
Get the value from DB instead.
In addition, move "check_port_sec_offlows" definition
before it is being used the first time.
Fixes: 8cab00bdb581 ("ovn-controller: Add OF rules for port security.")
Signed-off-by: Xavier Simonart
---
tests/ovn.at | 216 +--
1 file changed, 108 insertions(+), 108 deletions(-)
diff --git a/tests/ovn.at b/tests/ovn.at
index 53fd1c495..bd7eb928f 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -34036,6 +34036,14 @@ sw0p2_key=$(printf "%x" $(fetch_column Port_Binding
tunnel_key logical_port=sw0p
> hv2_t74_flows.expected
> hv2_t75_flows.expected
+check_port_sec_offlows() {
+hv=$1
+t=$2
+
+as $hv ovs-ofctl dump-flows br-int table=${t} | ofctl_strip_all | sort |
grep -v NXST_FLOW > ${hv}_t${t}_flows.actual
+AT_CHECK([diff -u ${hv}_t${t}_flows.actual ${hv}_t${t}_flows.expected])
+}
+
check_port_sec_offlows hv1 73
check_port_sec_offlows hv1 74
check_port_sec_offlows hv1 75
@@ -34047,33 +34055,25 @@ check_port_sec_offlows hv2 75
# Set port security for sw0p1
check ovn-nbctl --wait=hv lsp-set-port-security sw0p1 "00:00:00:00:00:03"
-check_port_sec_offlows() {
-hv=$1
-t=$2
-
-as $hv ovs-ofctl dump-flows br-int table=${t} | ofctl_strip_all | sort |
grep -v NXST_FLOW > ${hv}_t${t}_flows.actual
-AT_CHECK([diff -u ${hv}_t${t}_flows.actual ${hv}_t${t}_flows.expected])
-}
-
echo " table=73, priority=80,reg14=0x$sw0p1_key,metadata=0x$sw0_dp_key
actions=load:0x1->NXM_NX_REG10[[12]]
table=73,
priority=90,reg14=0x$sw0p1_key,metadata=0x$sw0_dp_key,dl_src=00:00:00:00:00:03
actions=resubmit(,74)
- table=73, priority=95,arp,reg14=0x1,metadata=0x$sw0_dp_key
actions=resubmit(,74)" > hv1_t73_flows.expected
+ table=73, priority=95,arp,reg14=0x$sw0p1_key,metadata=0x$sw0_dp_key
actions=resubmit(,74)" > hv1_t73_flows.expected
check_port_sec_offlows hv1 73
-echo " table=74, priority=80,arp,reg14=0x1,metadata=0x1
actions=load:0x1->NXM_NX_REG10[[12]]
- table=74, priority=80,icmp6,reg14=0x1,metadata=0x1,nw_ttl=255,icmp_type=135
actions=load:0->NXM_NX_REG10[[12]]
- table=74, priority=80,icmp6,reg14=0x1,metadata=0x1,nw_ttl=255,icmp_type=136
actions=load:0x1->NXM_NX_REG10[[12]]
- table=74,
priority=90,arp,reg14=0x1,metadata=0x1,dl_src=00:00:00:00:00:03,arp_sha=00:00:00:00:00:03
actions=load:0->NXM_NX_REG10[[12]]
- table=74,
priority=90,icmp6,reg14=0x1,metadata=0x1,nw_ttl=225,icmp_type=135,icmp_code=0,nd_sll=00:00:00:00:00:00
actions=load:0->NXM_NX_REG10[[12]]
- table=74,
priority=90,icmp6,reg14=0x1,metadata=0x1,nw_ttl=225,icmp_type=135,icmp_code=0,nd_sll=00:00:00:00:00:03
actions=load:0->NXM_NX_REG10[[12]]
- table=74,
priority=90,icmp6,reg14=0x1,metadata=0x1,nw_ttl=225,icmp_type=136,icmp_code=0,nd_tll=00:00:00:00:00:00
actions=load:0->NXM_NX_REG10[[12]]
- table=74,
priority=90,icmp6,reg14=0x1,metadata=0x1,nw_ttl=225,icmp_type=136,icmp_code=0,nd_tll=00:00:00:00:00:03
actions=load:0->NXM_NX_REG10[[12]]" > hv1_t74_flows.expected
+echo " table=74, priority=80,arp,reg14=0x$sw0p1_key,metadata=0x1
actions=load:0x1->NXM_NX_REG10[[12]]
+ table=74,
priority=80,icmp6,reg14=0x$sw0p1_key,metadata=0x1,nw_ttl=255,icmp_type=135
actions=load:0->NXM_NX_REG10[[12]]
+ table=74,
priority=80,icmp6,reg14=0x$sw0p1_key,metadata=0x1,nw_ttl=255,icmp_type=136
actions=load:0x1->NXM_NX_REG10[[12]]
+ table=74,
priority=90,arp,reg14=0x$sw0p1_key,metadata=0x1,dl_src=00:00:00:00:00:03,arp_sha=00:00:00:00:00:03
actions=load:0->NXM_NX_REG10[[12]]
+ table=74,
priority=90,icmp6,reg14=0x$sw0p1_key,metadata=0x1,nw_ttl=225,icmp_type=135,icmp_code=0,nd_sll=00:00:00:00:00:00
actions=load:0->NXM_NX_REG10[[12]]
+ table=74,
priority=90,icmp6,reg14=0x$sw0p1_key,metadata=0x1,nw_ttl=225,icmp_type=135,icmp_code=0,nd_sll=00:00:00:00:00:03
actions=load:0->NXM_NX_REG10[[12]]
+ table=74,
priority=90,icmp6,reg14=0x$sw0p1_key,metadata=0x1,nw_ttl=225,icmp_type=136,icmp_code=0,nd_tll=00:00:00:00:00:00
actions=load:0->NXM_NX_REG10[[12]]
+ table=74,
priority=90,icmp6,reg14=0x$sw0p1_key,metadata=0x1,nw_ttl=225,icmp_type=136,icmp_code=0,nd_tll=00:00:00:00:00:03
actions=load:0->NXM_NX_REG10[[12]]" > hv1_t74_flows.expected
check_port_sec_offlows hv1 74
-echo " table=75, priority=80,reg15=0x1,metadata=0x1
actions=load:0x1->NXM_NX_REG10[[12]]
- table=75, priority=85,reg15=0x1,metadata=0x1,dl_dst=00:00:00:00:00:03
actions=load:0->NXM_NX_REG10[[12]]" > hv1_t75_flows.expected
+echo " table=75, priority=80,reg15=0x$sw0p1_key,metadata=0x1
actions=load:0x1->NXM_NX_REG10[[12]]
+ table=75,
priority=85,reg15=0x$sw0p1_key,metadata=0x1,dl_dst=00:00:00:00:00:03
actions=load:0->NXM_NX_REG10[[12]]" > hv1_t75_flows.expected
check_port_sec_offlows hv1 75
@@ -34088,42 +34088,42 @@ check_port_sec_offlows hv2 75
# Add IPv4 addresses to sw0p1
check ovn-nbctl --wait=hv lsp-set-port-secu