On Wed, Dec 19, 2018 at 10:26 AM Darrell Ball <[email protected]> wrote:
> > On Wed, Dec 19, 2018 at 1:10 AM David Marchand <[email protected]> > wrote: > >> >> If you look at the postrecirc seqadj test, you can see the following >> rules: >> >> table=0 ip, action=ct(table=1) >> table=0 priority=100 arp arp_op=1 >> action=move:OXM_OF_ARP_TPA[[]]->NXM_NX_REG2[[]],resubmit(,8),goto_table:10 >> table=0 priority=10 arp action=normal >> table=0 priority=0 action=drop >> >> table=1 in_port=1 ct_state=+new, tcp, tp_dst=21, >> action=ct(alg=ftp,commit,nat(src=$2)),2 >> table=1 in_port=1 ct_state=+est, tcp, action=ct(nat),2 >> table=1 in_port=2 ct_state=+est, tcp, action=ct(nat),1 >> table=1 in_port=2 ct_state=+new+rel, tcp, action=ct(commit,nat),1 >> table=1 in_port=2 ct_state=+rel, icmp, action=ct(nat),1 >> table=1 priority=0, action=drop >> >> ... >> >> >> The packets for the established tcp command connection get natted at the >> evaluation of the first rule. >> table=0 ip, action=ct(table=1) >> Because the ct contains a nat action. >> > > Just create a test case that fails before a code change and passes with > the code change. > The test should be part of the same patch as the fix code. > Ok, working on it. -- David Marchand _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
