The ACLs configured by the "ovn -- L2 Drop and Allow ACL w/ Stateful
ACL" test were incorrect because they didn't enclose logical port names
in quotes. This caused stateful ACLs to never be applied so the L2
drop rules were not properly tested.
ovn-controller was logging the following errors:
lflow|WARN|error parsing match "reg0[8] == 1 && (inport == lp31 && ip)": Syntax
error at `lp31' expecting constant.
lflow|WARN|error parsing match "reg0[8] == 1 && (inport == lp31 && ip)": Syntax
error at `lp31' expecting constant.
lflow|WARN|error parsing match "reg0[8] == 1 && (inport == lp31 && ip)": Syntax
error at `lp31' expecting constant.
Fixes: 63640c0d1199 ("ovn-northd: ls_*_acl behavior not consistent for
untracked flows")
Signed-off-by: Dumitru Ceara <dce...@redhat.com>
---
tests/ovn.at | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/tests/ovn.at b/tests/ovn.at
index 8f88424..718b2ee 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -14096,7 +14096,7 @@ for sf in 0 1; do
if test ${sf} = 1; then
# Add a stateful rule and re-run the check to make sure the
# drop rule is still effective..
- ovn-nbctl --wait=hv acl-add lsw0 from-lport 2000 "inport == lp31 &&
ip" allow-related
+ ovn-nbctl --wait=hv acl-add lsw0 from-lport 2000 'inport == "lp31" &&
ip' allow-related
fi
for is in 1 2 3; do
s=${is}1
@@ -14135,7 +14135,7 @@ for sf in 0 1; do
if test ${sf} = 1; then
# Add a stateful rule and re-run the check to make sure the
# allow rule is still effective..
- check ovn-nbctl --wait=hv acl-add lsw0 from-lport 2000 "inport ==
lp31 && ip" allow-related
+ check ovn-nbctl --wait=hv acl-add lsw0 from-lport 2000 'inport ==
"lp31" && ip' allow-related
fi
# dump information and flows with counters
ovn-sbctl dump-flows -- list multicast_group > sbflows$sf
--
1.8.3.1
_______________________________________________
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
