Re: [ovs-dev] [PATCH ovn] tests: Fix L2 ACL test.

Mon, 25 Jan 2021 03:03:20 -0800 

On Fri, Jan 22, 2021 at 5:01 PM Dumitru Ceara <[email protected]> wrote:

> The ACLs configured by the "ovn -- L2 Drop and Allow ACL w/ Stateful
> ACL" test were incorrect because they didn't enclose logical port names
> in quotes.  This caused stateful ACLs to never be applied so the L2
> drop rules were not properly tested.
>
> ovn-controller was logging the following errors:
> lflow|WARN|error parsing match "reg0[8] == 1 && (inport == lp31 && ip)":
> Syntax error at `lp31' expecting constant.
> lflow|WARN|error parsing match "reg0[8] == 1 && (inport == lp31 && ip)":
> Syntax error at `lp31' expecting constant.
> lflow|WARN|error parsing match "reg0[8] == 1 && (inport == lp31 && ip)":
> Syntax error at `lp31' expecting constant.
>
> Fixes: 63640c0d1199 ("ovn-northd: ls_*_acl behavior not consistent for
> untracked flows")
> Signed-off-by: Dumitru Ceara <[email protected]>


Good catch.  Thanks. I applied this patch to master and backported upto
20.06 branch.

Thanks
Numan



---
>  tests/ovn.at | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/tests/ovn.at b/tests/ovn.at
> index 8f88424..718b2ee 100644
> --- a/tests/ovn.at
> +++ b/tests/ovn.at
> @@ -14096,7 +14096,7 @@ for sf in 0 1; do
>      if test ${sf} = 1; then
>          # Add a stateful rule and re-run the check to make sure the
>          # drop rule is still effective..
> -        ovn-nbctl --wait=hv acl-add lsw0 from-lport 2000  "inport == lp31
> && ip" allow-related
> +        ovn-nbctl --wait=hv acl-add lsw0 from-lport 2000 'inport ==
> "lp31" && ip' allow-related
>      fi
>      for is in 1 2 3; do
>          s=${is}1
> @@ -14135,7 +14135,7 @@ for sf in 0 1; do
>      if test ${sf} = 1; then
>          # Add a stateful rule and re-run the check to make sure the
>          # allow rule is still effective..
> -        check ovn-nbctl --wait=hv acl-add lsw0 from-lport 2000  "inport
> == lp31 && ip" allow-related
> +        check ovn-nbctl --wait=hv acl-add lsw0 from-lport 2000  'inport
> == "lp31" && ip' allow-related
>      fi
>      # dump information and flows with counters
>      ovn-sbctl dump-flows -- list multicast_group > sbflows$sf
> --
> 1.8.3.1
>
> _______________________________________________
> dev mailing list
> [email protected]
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
>
>
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Reply via email to