In test case acl-reject, there are no stateful ACLs and the test case works well. However, adding a stateful ACL even with a low priority (which shouldn't change the expected behavior of the test case) resulted in the test case failing. Below is the change for the test case.
----- 8>< ------------------------------------------------ ><8 ----- diff --git a/tests/ovn.at b/tests/ovn.at index b6c8622ba..85601c0f5 100644 --- a/tests/ovn.at +++ b/tests/ovn.at @@ -12885,6 +12885,7 @@ done ovn-nbctl --log acl-add sw0 to-lport 1000 "outport == \"sw0-p12\"" reject ovn-nbctl --log acl-add sw0 from-lport 1000 "inport == \"sw0-p11\"" reject ovn-nbctl --log acl-add sw0 from-lport 1000 "inport == \"sw0-p21\"" reject +ovn-nbctl --log acl-add sw0 from-lport 100 "inport == \"sw0-p21\"" allow-related # Allow some time for ovn-northd and ovn-controller to catch up. ovn-nbctl --timeout=3 --wait=hv sync ----- 8>< ------------------------------------------------ ><8 ----- I haven't checked the root cause yet, but it seems to be a bug that has exsited for a long time - it fails even on branch 20.03. I haven't tried older branches yet. Thanks, Han
_______________________________________________ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss