> On Wed, May 19, 2021 at 11:36 AM Lorenzo Bianconi
> <[email protected]> wrote:
> >
> > Introduce chec_pkt_len action for ingress traffic entering the cluster
> > from a distributed gw router port or from a gw router.
> > Rearrange logical router ingress pipeline in order to properly manage
> > icmp error packets.
> >
> > Signed-off-by: Lorenzo Bianconi <[email protected]>
>
> Hi Lorenzo,
>
> Thanks for working on this support.
>
> This patch series adds the below logical flow
>
> table=5 (lr_in_chk_pkt_len ), priority=50 , match=(1),
> action=(reg9[1] = check_pkt_larger(1460); next;)
>
> which means all the packets which enter the router pipeline are
> checked for the packet length.
>
> In the case of a logical router with a distributed gateway port, it
> seems totally unnecessary to me to check for
> packet length for packets entering from all router ports.
>
> I think we should add the flow like
>
> table=5 (lr_in_chk_pkt_len ), priority=50 , match=(inport ==
> lr0-public || outport == lr0-public), action=(reg9[1] =
> check_pkt_larger(1460); next;)
Hi Numan,
thx for the review :)
I think the issue with the flow above is outport is not set yet.
I moved the lr_in_chk_pkt_len stage earlier in router pipeline because otherwise
the packet incoming packet is snatted and the original packet contained in the
icmp error message has a wrong destination address (the internal one).
Moreover in the upstream codebase we already have a flow for each router port in
lr_in_larger_pkts stage, right?
Regards,
Lorenzo
>
> where lr0-public is the router port which has the gateway_chassis configured.
>
> Even in the case of a gateway router, it seems unnecessary to do the
> same. I think whichever router port has the gateway_mtu configured
> we should check the packet lengths for the packets received from that
> router port or destined towards that router port.
>
> What was the reason to move up the lr_in_chk_pkt_len stage ? If we
> have chk_pkt_len stage after lr_in_arp_resolve
> we can match both on inport and outport since by this time, outport
> would be determined.
>
> I spotted a missing space for the lflow matching for IPv6 case.
>
> **
> match=(inport == "lr0-public"&& ip6 && reg9[1]) -> notice the
> missing space before "&&".
> ***
>
> Thanks
> Numan
>
>
>
>
> > ---
> > northd/ovn-northd.c | 154 +++++++++++++-------------
> > tests/ovn-northd.at | 150 +++++++++++++-------------
> > tests/ovn.at | 258 ++++++++++++++++++++++++++++++++++++++++----
> > 3 files changed, 394 insertions(+), 168 deletions(-)
> >
> > diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
> > index ec63eb75c..95fcee69d 100644
> > --- a/northd/ovn-northd.c
> > +++ b/northd/ovn-northd.c
> > @@ -183,18 +183,18 @@ enum ovn_stage {
> > PIPELINE_STAGE(ROUTER, IN, LEARN_NEIGHBOR, 2,
> > "lr_in_learn_neighbor") \
> > PIPELINE_STAGE(ROUTER, IN, IP_INPUT, 3, "lr_in_ip_input") \
> > PIPELINE_STAGE(ROUTER, IN, DEFRAG, 4, "lr_in_defrag") \
> > - PIPELINE_STAGE(ROUTER, IN, UNSNAT, 5, "lr_in_unsnat") \
> > - PIPELINE_STAGE(ROUTER, IN, DNAT, 6, "lr_in_dnat") \
> > - PIPELINE_STAGE(ROUTER, IN, ECMP_STATEFUL, 7, "lr_in_ecmp_stateful")
> > \
> > - PIPELINE_STAGE(ROUTER, IN, ND_RA_OPTIONS, 8, "lr_in_nd_ra_options")
> > \
> > - PIPELINE_STAGE(ROUTER, IN, ND_RA_RESPONSE, 9,
> > "lr_in_nd_ra_response") \
> > - PIPELINE_STAGE(ROUTER, IN, IP_ROUTING, 10, "lr_in_ip_routing")
> > \
> > - PIPELINE_STAGE(ROUTER, IN, IP_ROUTING_ECMP, 11,
> > "lr_in_ip_routing_ecmp") \
> > - PIPELINE_STAGE(ROUTER, IN, POLICY, 12, "lr_in_policy")
> > \
> > - PIPELINE_STAGE(ROUTER, IN, POLICY_ECMP, 13, "lr_in_policy_ecmp")
> > \
> > - PIPELINE_STAGE(ROUTER, IN, ARP_RESOLVE, 14, "lr_in_arp_resolve")
> > \
> > - PIPELINE_STAGE(ROUTER, IN, CHK_PKT_LEN , 15, "lr_in_chk_pkt_len")
> > \
> > - PIPELINE_STAGE(ROUTER, IN, LARGER_PKTS, 16, "lr_in_larger_pkts")
> > \
> > + PIPELINE_STAGE(ROUTER, IN, CHK_PKT_LEN, 5, "lr_in_chk_pkt_len") \
> > + PIPELINE_STAGE(ROUTER, IN, LARGER_PKTS, 6, "lr_in_larger_pkts") \
> > + PIPELINE_STAGE(ROUTER, IN, UNSNAT, 7, "lr_in_unsnat") \
> > + PIPELINE_STAGE(ROUTER, IN, DNAT, 8, "lr_in_dnat") \
> > + PIPELINE_STAGE(ROUTER, IN, ECMP_STATEFUL, 9, "lr_in_ecmp_stateful")
> > \
> > + PIPELINE_STAGE(ROUTER, IN, ND_RA_OPTIONS, 10,
> > "lr_in_nd_ra_options") \
> > + PIPELINE_STAGE(ROUTER, IN, ND_RA_RESPONSE, 11,
> > "lr_in_nd_ra_response") \
> > + PIPELINE_STAGE(ROUTER, IN, IP_ROUTING, 12, "lr_in_ip_routing")
> > \
> > + PIPELINE_STAGE(ROUTER, IN, IP_ROUTING_ECMP, 13,
> > "lr_in_ip_routing_ecmp") \
> > + PIPELINE_STAGE(ROUTER, IN, POLICY, 14, "lr_in_policy")
> > \
> > + PIPELINE_STAGE(ROUTER, IN, POLICY_ECMP, 15, "lr_in_policy_ecmp")
> > \
> > + PIPELINE_STAGE(ROUTER, IN, ARP_RESOLVE, 16, "lr_in_arp_resolve")
> > \
> > PIPELINE_STAGE(ROUTER, IN, GW_REDIRECT, 17, "lr_in_gw_redirect")
> > \
> > PIPELINE_STAGE(ROUTER, IN, ARP_REQUEST, 18, "lr_in_arp_request")
> > \
> > \
> > @@ -10399,6 +10399,67 @@ build_arp_resolve_flows_for_lrouter_port(
> >
> > }
> >
> > +static void
> > +build_icmperr_pkt_big_flows(struct ovn_port *op, int mtu, struct hmap
> > *lflows,
> > + struct ds *match, struct ds *actions)
> > +{
> > + if (op->lrp_networks.ipv4_addrs) {
> > + ds_clear(match);
> > + ds_put_format(match, "inport == %s && ip4 && "REGBIT_PKT_LARGER,
> > + op->json_key);
> > +
> > + ds_clear(actions);
> > + /* Set icmp4.frag_mtu to gw_mtu */
> > + ds_put_format(actions,
> > + "icmp4_error {"
> > + REGBIT_EGRESS_LOOPBACK" = 1; "
> > + REGBIT_PKT_LARGER" = 0; "
> > + "eth.dst = %s; "
> > + "ip4.dst = ip4.src; "
> > + "ip4.src = %s; "
> > + "ip.ttl = 255; "
> > + "icmp4.type = 3; /* Destination Unreachable. */ "
> > + "icmp4.code = 4; /* Frag Needed and DF was Set. */ "
> > + "icmp4.frag_mtu = %d; "
> > + "next(pipeline=ingress, table=%d); };",
> > + op->lrp_networks.ea_s,
> > + op->lrp_networks.ipv4_addrs[0].addr_s,
> > + mtu, ovn_stage_get_table(S_ROUTER_IN_ADMISSION));
> > + ovn_lflow_add_with_hint(lflows, op->od,
> > + S_ROUTER_IN_LARGER_PKTS, 50,
> > + ds_cstr(match), ds_cstr(actions),
> > + &op->nbrp->header_);
> > + }
> > +
> > + if (op->lrp_networks.ipv6_addrs) {
> > + ds_clear(match);
> > + ds_put_format(match, "inport == %s&& ip6 && "REGBIT_PKT_LARGER,
> > + op->json_key);
> > +
> > + ds_clear(actions);
> > + /* Set icmp6.frag_mtu to gw_mtu */
> > + ds_put_format(actions,
> > + "icmp6_error {"
> > + REGBIT_EGRESS_LOOPBACK" = 1; "
> > + REGBIT_PKT_LARGER" = 0; "
> > + "eth.dst = %s; "
> > + "ip6.dst = ip6.src; "
> > + "ip6.src = %s; "
> > + "ip.ttl = 255; "
> > + "icmp6.type = 2; /* Packet Too Big. */ "
> > + "icmp6.code = 0; "
> > + "icmp6.frag_mtu = %d; "
> > + "next(pipeline=ingress, table=%d); };",
> > + op->lrp_networks.ea_s,
> > + op->lrp_networks.ipv6_addrs[0].addr_s,
> > + mtu, ovn_stage_get_table(S_ROUTER_IN_ADMISSION));
> > + ovn_lflow_add_with_hint(lflows, op->od,
> > + S_ROUTER_IN_LARGER_PKTS, 50,
> > + ds_cstr(match), ds_cstr(actions),
> > + &op->nbrp->header_);
> > + }
> > +}
> > +
> > static void
> > build_check_pkt_len_flows_for_lrp(struct ovn_port *op,
> > struct hmap *lflows, struct hmap *ports,
> > @@ -10414,81 +10475,26 @@ build_check_pkt_len_flows_for_lrp(struct ovn_port
> > *op,
> > return;
> > }
> >
> > - ds_clear(match);
> > - ds_put_format(match, "outport == %s", op->json_key);
> > -
> > ds_clear(actions);
> > ds_put_format(actions,
> > REGBIT_PKT_LARGER" = check_pkt_larger(%d);"
> > " next;", gw_mtu + VLAN_ETH_HEADER_LEN);
> > +
> > + ovn_lflow_add_with_hint(lflows, op->od, S_ROUTER_IN_CHK_PKT_LEN, 100,
> > + REGBIT_EGRESS_LOOPBACK, "next;",
> > + &op->nbrp->header_);
> > ovn_lflow_add_with_hint(lflows, op->od, S_ROUTER_IN_CHK_PKT_LEN, 50,
> > - ds_cstr(match), ds_cstr(actions),
> > + "1", ds_cstr(actions),
> > &op->nbrp->header_);
> >
> > for (size_t i = 0; i < op->od->nbr->n_ports; i++) {
> > struct ovn_port *rp = ovn_port_find(ports,
> > op->od->nbr->ports[i]->name);
> > - if (!rp || rp == op) {
> > + if (!rp) {
> > continue;
> > }
> >
> > - if (rp->lrp_networks.ipv4_addrs) {
> > - ds_clear(match);
> > - ds_put_format(match, "inport == %s && outport == %s"
> > - " && ip4 && "REGBIT_PKT_LARGER,
> > - rp->json_key, op->json_key);
> > -
> > - ds_clear(actions);
> > - /* Set icmp4.frag_mtu to gw_mtu */
> > - ds_put_format(actions,
> > - "icmp4_error {"
> > - REGBIT_EGRESS_LOOPBACK" = 1; "
> > - "eth.dst = %s; "
> > - "ip4.dst = ip4.src; "
> > - "ip4.src = %s; "
> > - "ip.ttl = 255; "
> > - "icmp4.type = 3; /* Destination Unreachable. */ "
> > - "icmp4.code = 4; /* Frag Needed and DF was Set. */ "
> > - "icmp4.frag_mtu = %d; "
> > - "next(pipeline=ingress, table=%d); };",
> > - rp->lrp_networks.ea_s,
> > - rp->lrp_networks.ipv4_addrs[0].addr_s,
> > - gw_mtu,
> > - ovn_stage_get_table(S_ROUTER_IN_ADMISSION));
> > - ovn_lflow_add_with_hint(lflows, op->od,
> > - S_ROUTER_IN_LARGER_PKTS, 50,
> > - ds_cstr(match), ds_cstr(actions),
> > - &rp->nbrp->header_);
> > - }
> > -
> > - if (rp->lrp_networks.ipv6_addrs) {
> > - ds_clear(match);
> > - ds_put_format(match, "inport == %s && outport == %s"
> > - " && ip6 && "REGBIT_PKT_LARGER,
> > - rp->json_key, op->json_key);
> > -
> > - ds_clear(actions);
> > - /* Set icmp6.frag_mtu to gw_mtu */
> > - ds_put_format(actions,
> > - "icmp6_error {"
> > - REGBIT_EGRESS_LOOPBACK" = 1; "
> > - "eth.dst = %s; "
> > - "ip6.dst = ip6.src; "
> > - "ip6.src = %s; "
> > - "ip.ttl = 255; "
> > - "icmp6.type = 2; /* Packet Too Big. */ "
> > - "icmp6.code = 0; "
> > - "icmp6.frag_mtu = %d; "
> > - "next(pipeline=ingress, table=%d); };",
> > - rp->lrp_networks.ea_s,
> > - rp->lrp_networks.ipv6_addrs[0].addr_s,
> > - gw_mtu,
> > - ovn_stage_get_table(S_ROUTER_IN_ADMISSION));
> > - ovn_lflow_add_with_hint(lflows, op->od,
> > - S_ROUTER_IN_LARGER_PKTS, 50,
> > - ds_cstr(match), ds_cstr(actions),
> > - &rp->nbrp->header_);
> > - }
> > + build_icmperr_pkt_big_flows(rp, gw_mtu, lflows, match, actions);
> > }
> > }
> >
> > diff --git a/tests/ovn-northd.at b/tests/ovn-northd.at
> > index bff2ade43..77d3abdb3 100644
> > --- a/tests/ovn-northd.at
> > +++ b/tests/ovn-northd.at
> > @@ -1466,8 +1466,8 @@ ovn-nbctl set logical_router lr0
> > options:dnat_force_snat_ip=192.168.2.3
> > ovn-nbctl --wait=sb sync
> >
> > AT_CHECK([ovn-sbctl lflow-list lr0 | grep lr_in_unsnat | sort], [0], [dnl
> > - table=5 (lr_in_unsnat ), priority=0 , match=(1), action=(next;)
> > - table=5 (lr_in_unsnat ), priority=110 , match=(ip4 && ip4.dst ==
> > 192.168.2.3), action=(ct_snat;)
> > + table=7 (lr_in_unsnat ), priority=0 , match=(1), action=(next;)
> > + table=7 (lr_in_unsnat ), priority=110 , match=(ip4 && ip4.dst ==
> > 192.168.2.3), action=(ct_snat;)
> > ])
> >
> > AT_CLEANUP
> > @@ -2596,11 +2596,11 @@ ovn-sbctl dump-flows lr0 > lr0flows3
> > AT_CAPTURE_FILE([lr0flows3])
> >
> > AT_CHECK([grep "lr_in_policy" lr0flows3 | sort], [0], [dnl
> > - table=12(lr_in_policy ), priority=0 , match=(1),
> > action=(reg8[[0..15]] = 0; next;)
> > - table=12(lr_in_policy ), priority=10 , match=(ip4.src ==
> > 10.0.0.3), action=(reg8[[0..15]] = 1; reg8[[16..31]] = select(1, 2);)
> > - table=13(lr_in_policy_ecmp ), priority=100 , match=(reg8[[0..15]] == 1
> > && reg8[[16..31]] == 1), action=(reg0 = 172.168.0.101; reg1 =
> > 172.168.0.100; eth.src = 00:00:20:20:12:13; outport = "lr0-public";
> > flags.loopback = 1; next;)
> > - table=13(lr_in_policy_ecmp ), priority=100 , match=(reg8[[0..15]] == 1
> > && reg8[[16..31]] == 2), action=(reg0 = 172.168.0.102; reg1 =
> > 172.168.0.100; eth.src = 00:00:20:20:12:13; outport = "lr0-public";
> > flags.loopback = 1; next;)
> > - table=13(lr_in_policy_ecmp ), priority=150 , match=(reg8[[0..15]] ==
> > 0), action=(next;)
> > + table=14(lr_in_policy ), priority=0 , match=(1),
> > action=(reg8[[0..15]] = 0; next;)
> > + table=14(lr_in_policy ), priority=10 , match=(ip4.src ==
> > 10.0.0.3), action=(reg8[[0..15]] = 1; reg8[[16..31]] = select(1, 2);)
> > + table=15(lr_in_policy_ecmp ), priority=100 , match=(reg8[[0..15]] == 1
> > && reg8[[16..31]] == 1), action=(reg0 = 172.168.0.101; reg1 =
> > 172.168.0.100; eth.src = 00:00:20:20:12:13; outport = "lr0-public";
> > flags.loopback = 1; next;)
> > + table=15(lr_in_policy_ecmp ), priority=100 , match=(reg8[[0..15]] == 1
> > && reg8[[16..31]] == 2), action=(reg0 = 172.168.0.102; reg1 =
> > 172.168.0.100; eth.src = 00:00:20:20:12:13; outport = "lr0-public";
> > flags.loopback = 1; next;)
> > + table=15(lr_in_policy_ecmp ), priority=150 , match=(reg8[[0..15]] ==
> > 0), action=(next;)
> > ])
> >
> > check ovn-nbctl --wait=sb lr-policy-add lr0 10 "ip4.src == 10.0.0.4"
> > reroute 172.168.0.101,172.168.0.102,172.168.0.103
> > @@ -2610,15 +2610,15 @@ AT_CAPTURE_FILE([lr0flows3])
> > AT_CHECK([grep "lr_in_policy" lr0flows3 | \
> > sed 's/reg8\[[0..15\]] = [[0-9]]*/reg8\[[0..15\]] = <cleared>/' | \
> > sed 's/reg8\[[0..15\]] == [[0-9]]*/reg8\[[0..15\]] == <cleared>/' | sort],
> > [0], [dnl
> > - table=12(lr_in_policy ), priority=0 , match=(1),
> > action=(reg8[[0..15]] = <cleared>; next;)
> > - table=12(lr_in_policy ), priority=10 , match=(ip4.src ==
> > 10.0.0.3), action=(reg8[[0..15]] = <cleared>; reg8[[16..31]] = select(1,
> > 2);)
> > - table=12(lr_in_policy ), priority=10 , match=(ip4.src ==
> > 10.0.0.4), action=(reg8[[0..15]] = <cleared>; reg8[[16..31]] = select(1, 2,
> > 3);)
> > - table=13(lr_in_policy_ecmp ), priority=100 , match=(reg8[[0..15]] ==
> > <cleared> && reg8[[16..31]] == 1), action=(reg0 = 172.168.0.101; reg1 =
> > 172.168.0.100; eth.src = 00:00:20:20:12:13; outport = "lr0-public";
> > flags.loopback = 1; next;)
> > - table=13(lr_in_policy_ecmp ), priority=100 , match=(reg8[[0..15]] ==
> > <cleared> && reg8[[16..31]] == 1), action=(reg0 = 172.168.0.101; reg1 =
> > 172.168.0.100; eth.src = 00:00:20:20:12:13; outport = "lr0-public";
> > flags.loopback = 1; next;)
> > - table=13(lr_in_policy_ecmp ), priority=100 , match=(reg8[[0..15]] ==
> > <cleared> && reg8[[16..31]] == 2), action=(reg0 = 172.168.0.102; reg1 =
> > 172.168.0.100; eth.src = 00:00:20:20:12:13; outport = "lr0-public";
> > flags.loopback = 1; next;)
> > - table=13(lr_in_policy_ecmp ), priority=100 , match=(reg8[[0..15]] ==
> > <cleared> && reg8[[16..31]] == 2), action=(reg0 = 172.168.0.102; reg1 =
> > 172.168.0.100; eth.src = 00:00:20:20:12:13; outport = "lr0-public";
> > flags.loopback = 1; next;)
> > - table=13(lr_in_policy_ecmp ), priority=100 , match=(reg8[[0..15]] ==
> > <cleared> && reg8[[16..31]] == 3), action=(reg0 = 172.168.0.103; reg1 =
> > 172.168.0.100; eth.src = 00:00:20:20:12:13; outport = "lr0-public";
> > flags.loopback = 1; next;)
> > - table=13(lr_in_policy_ecmp ), priority=150 , match=(reg8[[0..15]] ==
> > <cleared>), action=(next;)
> > + table=14(lr_in_policy ), priority=0 , match=(1),
> > action=(reg8[[0..15]] = <cleared>; next;)
> > + table=14(lr_in_policy ), priority=10 , match=(ip4.src ==
> > 10.0.0.3), action=(reg8[[0..15]] = <cleared>; reg8[[16..31]] = select(1,
> > 2);)
> > + table=14(lr_in_policy ), priority=10 , match=(ip4.src ==
> > 10.0.0.4), action=(reg8[[0..15]] = <cleared>; reg8[[16..31]] = select(1, 2,
> > 3);)
> > + table=15(lr_in_policy_ecmp ), priority=100 , match=(reg8[[0..15]] ==
> > <cleared> && reg8[[16..31]] == 1), action=(reg0 = 172.168.0.101; reg1 =
> > 172.168.0.100; eth.src = 00:00:20:20:12:13; outport = "lr0-public";
> > flags.loopback = 1; next;)
> > + table=15(lr_in_policy_ecmp ), priority=100 , match=(reg8[[0..15]] ==
> > <cleared> && reg8[[16..31]] == 1), action=(reg0 = 172.168.0.101; reg1 =
> > 172.168.0.100; eth.src = 00:00:20:20:12:13; outport = "lr0-public";
> > flags.loopback = 1; next;)
> > + table=15(lr_in_policy_ecmp ), priority=100 , match=(reg8[[0..15]] ==
> > <cleared> && reg8[[16..31]] == 2), action=(reg0 = 172.168.0.102; reg1 =
> > 172.168.0.100; eth.src = 00:00:20:20:12:13; outport = "lr0-public";
> > flags.loopback = 1; next;)
> > + table=15(lr_in_policy_ecmp ), priority=100 , match=(reg8[[0..15]] ==
> > <cleared> && reg8[[16..31]] == 2), action=(reg0 = 172.168.0.102; reg1 =
> > 172.168.0.100; eth.src = 00:00:20:20:12:13; outport = "lr0-public";
> > flags.loopback = 1; next;)
> > + table=15(lr_in_policy_ecmp ), priority=100 , match=(reg8[[0..15]] ==
> > <cleared> && reg8[[16..31]] == 3), action=(reg0 = 172.168.0.103; reg1 =
> > 172.168.0.100; eth.src = 00:00:20:20:12:13; outport = "lr0-public";
> > flags.loopback = 1; next;)
> > + table=15(lr_in_policy_ecmp ), priority=150 , match=(reg8[[0..15]] ==
> > <cleared>), action=(next;)
> > ])
> >
> > check ovn-nbctl --wait=sb lr-policy-add lr0 10 "ip4.src == 10.0.0.5"
> > reroute 172.168.0.110
> > @@ -2628,16 +2628,16 @@ AT_CAPTURE_FILE([lr0flows3])
> > AT_CHECK([grep "lr_in_policy" lr0flows3 | \
> > sed 's/reg8\[[0..15\]] = [[0-9]]*/reg8\[[0..15\]] = <cleared>/' | \
> > sed 's/reg8\[[0..15\]] == [[0-9]]*/reg8\[[0..15\]] == <cleared>/' | sort],
> > [0], [dnl
> > - table=12(lr_in_policy ), priority=0 , match=(1),
> > action=(reg8[[0..15]] = <cleared>; next;)
> > - table=12(lr_in_policy ), priority=10 , match=(ip4.src ==
> > 10.0.0.3), action=(reg8[[0..15]] = <cleared>; reg8[[16..31]] = select(1,
> > 2);)
> > - table=12(lr_in_policy ), priority=10 , match=(ip4.src ==
> > 10.0.0.4), action=(reg8[[0..15]] = <cleared>; reg8[[16..31]] = select(1, 2,
> > 3);)
> > - table=12(lr_in_policy ), priority=10 , match=(ip4.src ==
> > 10.0.0.5), action=(reg0 = 172.168.0.110; reg1 = 172.168.0.100; eth.src =
> > 00:00:20:20:12:13; outport = "lr0-public"; flags.loopback = 1;
> > reg8[[0..15]] = <cleared>; next;)
> > - table=13(lr_in_policy_ecmp ), priority=100 , match=(reg8[[0..15]] ==
> > <cleared> && reg8[[16..31]] == 1), action=(reg0 = 172.168.0.101; reg1 =
> > 172.168.0.100; eth.src = 00:00:20:20:12:13; outport = "lr0-public";
> > flags.loopback = 1; next;)
> > - table=13(lr_in_policy_ecmp ), priority=100 , match=(reg8[[0..15]] ==
> > <cleared> && reg8[[16..31]] == 1), action=(reg0 = 172.168.0.101; reg1 =
> > 172.168.0.100; eth.src = 00:00:20:20:12:13; outport = "lr0-public";
> > flags.loopback = 1; next;)
> > - table=13(lr_in_policy_ecmp ), priority=100 , match=(reg8[[0..15]] ==
> > <cleared> && reg8[[16..31]] == 2), action=(reg0 = 172.168.0.102; reg1 =
> > 172.168.0.100; eth.src = 00:00:20:20:12:13; outport = "lr0-public";
> > flags.loopback = 1; next;)
> > - table=13(lr_in_policy_ecmp ), priority=100 , match=(reg8[[0..15]] ==
> > <cleared> && reg8[[16..31]] == 2), action=(reg0 = 172.168.0.102; reg1 =
> > 172.168.0.100; eth.src = 00:00:20:20:12:13; outport = "lr0-public";
> > flags.loopback = 1; next;)
> > - table=13(lr_in_policy_ecmp ), priority=100 , match=(reg8[[0..15]] ==
> > <cleared> && reg8[[16..31]] == 3), action=(reg0 = 172.168.0.103; reg1 =
> > 172.168.0.100; eth.src = 00:00:20:20:12:13; outport = "lr0-public";
> > flags.loopback = 1; next;)
> > - table=13(lr_in_policy_ecmp ), priority=150 , match=(reg8[[0..15]] ==
> > <cleared>), action=(next;)
> > + table=14(lr_in_policy ), priority=0 , match=(1),
> > action=(reg8[[0..15]] = <cleared>; next;)
> > + table=14(lr_in_policy ), priority=10 , match=(ip4.src ==
> > 10.0.0.3), action=(reg8[[0..15]] = <cleared>; reg8[[16..31]] = select(1,
> > 2);)
> > + table=14(lr_in_policy ), priority=10 , match=(ip4.src ==
> > 10.0.0.4), action=(reg8[[0..15]] = <cleared>; reg8[[16..31]] = select(1, 2,
> > 3);)
> > + table=14(lr_in_policy ), priority=10 , match=(ip4.src ==
> > 10.0.0.5), action=(reg0 = 172.168.0.110; reg1 = 172.168.0.100; eth.src =
> > 00:00:20:20:12:13; outport = "lr0-public"; flags.loopback = 1;
> > reg8[[0..15]] = <cleared>; next;)
> > + table=15(lr_in_policy_ecmp ), priority=100 , match=(reg8[[0..15]] ==
> > <cleared> && reg8[[16..31]] == 1), action=(reg0 = 172.168.0.101; reg1 =
> > 172.168.0.100; eth.src = 00:00:20:20:12:13; outport = "lr0-public";
> > flags.loopback = 1; next;)
> > + table=15(lr_in_policy_ecmp ), priority=100 , match=(reg8[[0..15]] ==
> > <cleared> && reg8[[16..31]] == 1), action=(reg0 = 172.168.0.101; reg1 =
> > 172.168.0.100; eth.src = 00:00:20:20:12:13; outport = "lr0-public";
> > flags.loopback = 1; next;)
> > + table=15(lr_in_policy_ecmp ), priority=100 , match=(reg8[[0..15]] ==
> > <cleared> && reg8[[16..31]] == 2), action=(reg0 = 172.168.0.102; reg1 =
> > 172.168.0.100; eth.src = 00:00:20:20:12:13; outport = "lr0-public";
> > flags.loopback = 1; next;)
> > + table=15(lr_in_policy_ecmp ), priority=100 , match=(reg8[[0..15]] ==
> > <cleared> && reg8[[16..31]] == 2), action=(reg0 = 172.168.0.102; reg1 =
> > 172.168.0.100; eth.src = 00:00:20:20:12:13; outport = "lr0-public";
> > flags.loopback = 1; next;)
> > + table=15(lr_in_policy_ecmp ), priority=100 , match=(reg8[[0..15]] ==
> > <cleared> && reg8[[16..31]] == 3), action=(reg0 = 172.168.0.103; reg1 =
> > 172.168.0.100; eth.src = 00:00:20:20:12:13; outport = "lr0-public";
> > flags.loopback = 1; next;)
> > + table=15(lr_in_policy_ecmp ), priority=150 , match=(reg8[[0..15]] ==
> > <cleared>), action=(next;)
> > ])
> >
> > check ovn-nbctl --wait=sb lr-policy-del lr0 10 "ip4.src == 10.0.0.3"
> > @@ -2647,13 +2647,13 @@ AT_CAPTURE_FILE([lr0flows3])
> > AT_CHECK([grep "lr_in_policy" lr0flows3 | \
> > sed 's/reg8\[[0..15\]] = [[0-9]]*/reg8\[[0..15\]] = <cleared>/' | \
> > sed 's/reg8\[[0..15\]] == [[0-9]]*/reg8\[[0..15\]] == <cleared>/' | sort],
> > [0], [dnl
> > - table=12(lr_in_policy ), priority=0 , match=(1),
> > action=(reg8[[0..15]] = <cleared>; next;)
> > - table=12(lr_in_policy ), priority=10 , match=(ip4.src ==
> > 10.0.0.4), action=(reg8[[0..15]] = <cleared>; reg8[[16..31]] = select(1, 2,
> > 3);)
> > - table=12(lr_in_policy ), priority=10 , match=(ip4.src ==
> > 10.0.0.5), action=(reg0 = 172.168.0.110; reg1 = 172.168.0.100; eth.src =
> > 00:00:20:20:12:13; outport = "lr0-public"; flags.loopback = 1;
> > reg8[[0..15]] = <cleared>; next;)
> > - table=13(lr_in_policy_ecmp ), priority=100 , match=(reg8[[0..15]] ==
> > <cleared> && reg8[[16..31]] == 1), action=(reg0 = 172.168.0.101; reg1 =
> > 172.168.0.100; eth.src = 00:00:20:20:12:13; outport = "lr0-public";
> > flags.loopback = 1; next;)
> > - table=13(lr_in_policy_ecmp ), priority=100 , match=(reg8[[0..15]] ==
> > <cleared> && reg8[[16..31]] == 2), action=(reg0 = 172.168.0.102; reg1 =
> > 172.168.0.100; eth.src = 00:00:20:20:12:13; outport = "lr0-public";
> > flags.loopback = 1; next;)
> > - table=13(lr_in_policy_ecmp ), priority=100 , match=(reg8[[0..15]] ==
> > <cleared> && reg8[[16..31]] == 3), action=(reg0 = 172.168.0.103; reg1 =
> > 172.168.0.100; eth.src = 00:00:20:20:12:13; outport = "lr0-public";
> > flags.loopback = 1; next;)
> > - table=13(lr_in_policy_ecmp ), priority=150 , match=(reg8[[0..15]] ==
> > <cleared>), action=(next;)
> > + table=14(lr_in_policy ), priority=0 , match=(1),
> > action=(reg8[[0..15]] = <cleared>; next;)
> > + table=14(lr_in_policy ), priority=10 , match=(ip4.src ==
> > 10.0.0.4), action=(reg8[[0..15]] = <cleared>; reg8[[16..31]] = select(1, 2,
> > 3);)
> > + table=14(lr_in_policy ), priority=10 , match=(ip4.src ==
> > 10.0.0.5), action=(reg0 = 172.168.0.110; reg1 = 172.168.0.100; eth.src =
> > 00:00:20:20:12:13; outport = "lr0-public"; flags.loopback = 1;
> > reg8[[0..15]] = <cleared>; next;)
> > + table=15(lr_in_policy_ecmp ), priority=100 , match=(reg8[[0..15]] ==
> > <cleared> && reg8[[16..31]] == 1), action=(reg0 = 172.168.0.101; reg1 =
> > 172.168.0.100; eth.src = 00:00:20:20:12:13; outport = "lr0-public";
> > flags.loopback = 1; next;)
> > + table=15(lr_in_policy_ecmp ), priority=100 , match=(reg8[[0..15]] ==
> > <cleared> && reg8[[16..31]] == 2), action=(reg0 = 172.168.0.102; reg1 =
> > 172.168.0.100; eth.src = 00:00:20:20:12:13; outport = "lr0-public";
> > flags.loopback = 1; next;)
> > + table=15(lr_in_policy_ecmp ), priority=100 , match=(reg8[[0..15]] ==
> > <cleared> && reg8[[16..31]] == 3), action=(reg0 = 172.168.0.103; reg1 =
> > 172.168.0.100; eth.src = 00:00:20:20:12:13; outport = "lr0-public";
> > flags.loopback = 1; next;)
> > + table=15(lr_in_policy_ecmp ), priority=150 , match=(reg8[[0..15]] ==
> > <cleared>), action=(next;)
> > ])
> >
> > check ovn-nbctl --wait=sb lr-policy-del lr0 10 "ip4.src == 10.0.0.4"
> > @@ -2663,9 +2663,9 @@ AT_CAPTURE_FILE([lr0flows3])
> > AT_CHECK([grep "lr_in_policy" lr0flows3 | \
> > sed 's/reg8\[[0..15\]] = [[0-9]]*/reg8\[[0..15\]] = <cleared>/' | \
> > sed 's/reg8\[[0..15\]] == [[0-9]]*/reg8\[[0..15\]] == <cleared>/' | sort],
> > [0], [dnl
> > - table=12(lr_in_policy ), priority=0 , match=(1),
> > action=(reg8[[0..15]] = <cleared>; next;)
> > - table=12(lr_in_policy ), priority=10 , match=(ip4.src ==
> > 10.0.0.5), action=(reg0 = 172.168.0.110; reg1 = 172.168.0.100; eth.src =
> > 00:00:20:20:12:13; outport = "lr0-public"; flags.loopback = 1;
> > reg8[[0..15]] = <cleared>; next;)
> > - table=13(lr_in_policy_ecmp ), priority=150 , match=(reg8[[0..15]] ==
> > <cleared>), action=(next;)
> > + table=14(lr_in_policy ), priority=0 , match=(1),
> > action=(reg8[[0..15]] = <cleared>; next;)
> > + table=14(lr_in_policy ), priority=10 , match=(ip4.src ==
> > 10.0.0.5), action=(reg0 = 172.168.0.110; reg1 = 172.168.0.100; eth.src =
> > 00:00:20:20:12:13; outport = "lr0-public"; flags.loopback = 1;
> > reg8[[0..15]] = <cleared>; next;)
> > + table=15(lr_in_policy_ecmp ), priority=150 , match=(reg8[[0..15]] ==
> > <cleared>), action=(next;)
> > ])
> >
> > check ovn-nbctl --wait=sb add logical_router_policy . nexthops "2000\:\:b"
> > @@ -2675,8 +2675,8 @@ AT_CAPTURE_FILE([lr0flows3])
> > AT_CHECK([grep "lr_in_policy" lr0flows3 | \
> > sed 's/reg8\[[0..15\]] = [[0-9]]*/reg8\[[0..15\]] = <cleared>/' | \
> > sed 's/reg8\[[0..15\]] == [[0-9]]*/reg8\[[0..15\]] == <cleared>/' | sort],
> > [0], [dnl
> > - table=12(lr_in_policy ), priority=0 , match=(1),
> > action=(reg8[[0..15]] = <cleared>; next;)
> > - table=13(lr_in_policy_ecmp ), priority=150 , match=(reg8[[0..15]] ==
> > <cleared>), action=(next;)
> > + table=14(lr_in_policy ), priority=0 , match=(1),
> > action=(reg8[[0..15]] = <cleared>; next;)
> > + table=15(lr_in_policy_ecmp ), priority=150 , match=(reg8[[0..15]] ==
> > <cleared>), action=(next;)
> > ])
> >
> > AT_CLEANUP
> > @@ -3113,14 +3113,14 @@ ovn-sbctl dump-flows lr0 > lr0flows
> > AT_CAPTURE_FILE([lr0flows])
> >
> > AT_CHECK([grep "lr_in_unsnat" lr0flows | sort], [0], [dnl
> > - table=5 (lr_in_unsnat ), priority=0 , match=(1), action=(next;)
> > + table=7 (lr_in_unsnat ), priority=0 , match=(1), action=(next;)
> > ])
> >
> > AT_CHECK([grep "lr_in_dnat" lr0flows | sort], [0], [dnl
> > - table=6 (lr_in_dnat ), priority=0 , match=(1), action=(next;)
> > - table=6 (lr_in_dnat ), priority=120 , match=(ct.est && ip &&
> > ip4.dst == 10.0.0.10 && tcp && tcp.dst == 80), action=(ct_dnat;)
> > - table=6 (lr_in_dnat ), priority=120 , match=(ct.new && ip &&
> > ip4.dst == 10.0.0.10 && tcp && tcp.dst == 80),
> > action=(ct_lb(backends=10.0.0.4:8080);)
> > - table=6 (lr_in_dnat ), priority=50 , match=(ip),
> > action=(flags.loopback = 1; ct_dnat;)
> > + table=8 (lr_in_dnat ), priority=0 , match=(1), action=(next;)
> > + table=8 (lr_in_dnat ), priority=120 , match=(ct.est && ip &&
> > ip4.dst == 10.0.0.10 && tcp && tcp.dst == 80), action=(ct_dnat;)
> > + table=8 (lr_in_dnat ), priority=120 , match=(ct.new && ip &&
> > ip4.dst == 10.0.0.10 && tcp && tcp.dst == 80),
> > action=(ct_lb(backends=10.0.0.4:8080);)
> > + table=8 (lr_in_dnat ), priority=50 , match=(ip),
> > action=(flags.loopback = 1; ct_dnat;)
> > ])
> >
> > check ovn-nbctl --wait=sb set logical_router lr0
> > options:lb_force_snat_ip="20.0.0.4 aef0::4"
> > @@ -3130,16 +3130,16 @@ AT_CAPTURE_FILE([lr0flows])
> >
> >
> > AT_CHECK([grep "lr_in_unsnat" lr0flows | sort], [0], [dnl
> > - table=5 (lr_in_unsnat ), priority=0 , match=(1), action=(next;)
> > - table=5 (lr_in_unsnat ), priority=110 , match=(ip4 && ip4.dst ==
> > 20.0.0.4), action=(ct_snat;)
> > - table=5 (lr_in_unsnat ), priority=110 , match=(ip6 && ip6.dst ==
> > aef0::4), action=(ct_snat;)
> > + table=7 (lr_in_unsnat ), priority=0 , match=(1), action=(next;)
> > + table=7 (lr_in_unsnat ), priority=110 , match=(ip4 && ip4.dst ==
> > 20.0.0.4), action=(ct_snat;)
> > + table=7 (lr_in_unsnat ), priority=110 , match=(ip6 && ip6.dst ==
> > aef0::4), action=(ct_snat;)
> > ])
> >
> > AT_CHECK([grep "lr_in_dnat" lr0flows | sort], [0], [dnl
> > - table=6 (lr_in_dnat ), priority=0 , match=(1), action=(next;)
> > - table=6 (lr_in_dnat ), priority=120 , match=(ct.est && ip &&
> > ip4.dst == 10.0.0.10 && tcp && tcp.dst == 80),
> > action=(flags.force_snat_for_lb = 1; ct_dnat;)
> > - table=6 (lr_in_dnat ), priority=120 , match=(ct.new && ip &&
> > ip4.dst == 10.0.0.10 && tcp && tcp.dst == 80),
> > action=(flags.force_snat_for_lb = 1; ct_lb(backends=10.0.0.4:8080);)
> > - table=6 (lr_in_dnat ), priority=50 , match=(ip),
> > action=(flags.loopback = 1; ct_dnat;)
> > + table=8 (lr_in_dnat ), priority=0 , match=(1), action=(next;)
> > + table=8 (lr_in_dnat ), priority=120 , match=(ct.est && ip &&
> > ip4.dst == 10.0.0.10 && tcp && tcp.dst == 80),
> > action=(flags.force_snat_for_lb = 1; ct_dnat;)
> > + table=8 (lr_in_dnat ), priority=120 , match=(ct.new && ip &&
> > ip4.dst == 10.0.0.10 && tcp && tcp.dst == 80),
> > action=(flags.force_snat_for_lb = 1; ct_lb(backends=10.0.0.4:8080);)
> > + table=8 (lr_in_dnat ), priority=50 , match=(ip),
> > action=(flags.loopback = 1; ct_dnat;)
> > ])
> >
> > AT_CHECK([grep "lr_out_snat" lr0flows | sort], [0], [dnl
> > @@ -3158,17 +3158,17 @@ AT_CHECK([grep "lr_in_ip_input" lr0flows | grep
> > "priority=60" | sort], [0], [dnl
> > ])
> >
> > AT_CHECK([grep "lr_in_unsnat" lr0flows | sort], [0], [dnl
> > - table=5 (lr_in_unsnat ), priority=0 , match=(1), action=(next;)
> > - table=5 (lr_in_unsnat ), priority=110 , match=(inport ==
> > "lr0-public" && ip4.dst == 172.168.0.100), action=(ct_snat;)
> > - table=5 (lr_in_unsnat ), priority=110 , match=(inport ==
> > "lr0-sw0" && ip4.dst == 10.0.0.1), action=(ct_snat;)
> > - table=5 (lr_in_unsnat ), priority=110 , match=(inport ==
> > "lr0-sw1" && ip4.dst == 20.0.0.1), action=(ct_snat;)
> > + table=7 (lr_in_unsnat ), priority=0 , match=(1), action=(next;)
> > + table=7 (lr_in_unsnat ), priority=110 , match=(inport ==
> > "lr0-public" && ip4.dst == 172.168.0.100), action=(ct_snat;)
> > + table=7 (lr_in_unsnat ), priority=110 , match=(inport ==
> > "lr0-sw0" && ip4.dst == 10.0.0.1), action=(ct_snat;)
> > + table=7 (lr_in_unsnat ), priority=110 , match=(inport ==
> > "lr0-sw1" && ip4.dst == 20.0.0.1), action=(ct_snat;)
> > ])
> >
> > AT_CHECK([grep "lr_in_dnat" lr0flows | sort], [0], [dnl
> > - table=6 (lr_in_dnat ), priority=0 , match=(1), action=(next;)
> > - table=6 (lr_in_dnat ), priority=120 , match=(ct.est && ip &&
> > ip4.dst == 10.0.0.10 && tcp && tcp.dst == 80),
> > action=(flags.force_snat_for_lb = 1; ct_dnat;)
> > - table=6 (lr_in_dnat ), priority=120 , match=(ct.new && ip &&
> > ip4.dst == 10.0.0.10 && tcp && tcp.dst == 80),
> > action=(flags.force_snat_for_lb = 1; ct_lb(backends=10.0.0.4:8080);)
> > - table=6 (lr_in_dnat ), priority=50 , match=(ip),
> > action=(flags.loopback = 1; ct_dnat;)
> > + table=8 (lr_in_dnat ), priority=0 , match=(1), action=(next;)
> > + table=8 (lr_in_dnat ), priority=120 , match=(ct.est && ip &&
> > ip4.dst == 10.0.0.10 && tcp && tcp.dst == 80),
> > action=(flags.force_snat_for_lb = 1; ct_dnat;)
> > + table=8 (lr_in_dnat ), priority=120 , match=(ct.new && ip &&
> > ip4.dst == 10.0.0.10 && tcp && tcp.dst == 80),
> > action=(flags.force_snat_for_lb = 1; ct_lb(backends=10.0.0.4:8080);)
> > + table=8 (lr_in_dnat ), priority=50 , match=(ip),
> > action=(flags.loopback = 1; ct_dnat;)
> > ])
> >
> > AT_CHECK([grep "lr_out_snat" lr0flows | sort], [0], [dnl
> > @@ -3185,7 +3185,7 @@ ovn-sbctl dump-flows lr0 > lr0flows
> > AT_CAPTURE_FILE([lr0flows])
> >
> > AT_CHECK([grep "lr_in_unsnat" lr0flows | sort], [0], [dnl
> > - table=5 (lr_in_unsnat ), priority=0 , match=(1), action=(next;)
> > + table=7 (lr_in_unsnat ), priority=0 , match=(1), action=(next;)
> > ])
> >
> > AT_CHECK([grep "lr_out_snat" lr0flows | sort], [0], [dnl
> > @@ -3200,18 +3200,18 @@ ovn-sbctl dump-flows lr0 > lr0flows
> > AT_CAPTURE_FILE([lr0flows])
> >
> > AT_CHECK([grep "lr_in_unsnat" lr0flows | sort], [0], [dnl
> > - table=5 (lr_in_unsnat ), priority=0 , match=(1), action=(next;)
> > - table=5 (lr_in_unsnat ), priority=110 , match=(inport ==
> > "lr0-public" && ip4.dst == 172.168.0.100), action=(ct_snat;)
> > - table=5 (lr_in_unsnat ), priority=110 , match=(inport ==
> > "lr0-sw0" && ip4.dst == 10.0.0.1), action=(ct_snat;)
> > - table=5 (lr_in_unsnat ), priority=110 , match=(inport ==
> > "lr0-sw1" && ip4.dst == 20.0.0.1), action=(ct_snat;)
> > - table=5 (lr_in_unsnat ), priority=110 , match=(inport ==
> > "lr0-sw1" && ip6.dst == bef0::1), action=(ct_snat;)
> > + table=7 (lr_in_unsnat ), priority=0 , match=(1), action=(next;)
> > + table=7 (lr_in_unsnat ), priority=110 , match=(inport ==
> > "lr0-public" && ip4.dst == 172.168.0.100), action=(ct_snat;)
> > + table=7 (lr_in_unsnat ), priority=110 , match=(inport ==
> > "lr0-sw0" && ip4.dst == 10.0.0.1), action=(ct_snat;)
> > + table=7 (lr_in_unsnat ), priority=110 , match=(inport ==
> > "lr0-sw1" && ip4.dst == 20.0.0.1), action=(ct_snat;)
> > + table=7 (lr_in_unsnat ), priority=110 , match=(inport ==
> > "lr0-sw1" && ip6.dst == bef0::1), action=(ct_snat;)
> > ])
> >
> > AT_CHECK([grep "lr_in_dnat" lr0flows | sort], [0], [dnl
> > - table=6 (lr_in_dnat ), priority=0 , match=(1), action=(next;)
> > - table=6 (lr_in_dnat ), priority=120 , match=(ct.est && ip &&
> > ip4.dst == 10.0.0.10 && tcp && tcp.dst == 80),
> > action=(flags.force_snat_for_lb = 1; ct_dnat;)
> > - table=6 (lr_in_dnat ), priority=120 , match=(ct.new && ip &&
> > ip4.dst == 10.0.0.10 && tcp && tcp.dst == 80),
> > action=(flags.force_snat_for_lb = 1; ct_lb(backends=10.0.0.4:8080);)
> > - table=6 (lr_in_dnat ), priority=50 , match=(ip),
> > action=(flags.loopback = 1; ct_dnat;)
> > + table=8 (lr_in_dnat ), priority=0 , match=(1), action=(next;)
> > + table=8 (lr_in_dnat ), priority=120 , match=(ct.est && ip &&
> > ip4.dst == 10.0.0.10 && tcp && tcp.dst == 80),
> > action=(flags.force_snat_for_lb = 1; ct_dnat;)
> > + table=8 (lr_in_dnat ), priority=120 , match=(ct.new && ip &&
> > ip4.dst == 10.0.0.10 && tcp && tcp.dst == 80),
> > action=(flags.force_snat_for_lb = 1; ct_lb(backends=10.0.0.4:8080);)
> > + table=8 (lr_in_dnat ), priority=50 , match=(ip),
> > action=(flags.loopback = 1; ct_dnat;)
> > ])
> >
> > AT_CHECK([grep "lr_out_snat" lr0flows | sort], [0], [dnl
> > @@ -3230,16 +3230,16 @@ check ovn-nbctl --wait=sb lb-del lb1
> > ovn-sbctl dump-flows lr0 > lr0flows
> >
> > AT_CHECK([grep "lr_in_unsnat" lr0flows | sort], [0], [dnl
> > - table=5 (lr_in_unsnat ), priority=0 , match=(1), action=(next;)
> > - table=5 (lr_in_unsnat ), priority=110 , match=(inport ==
> > "lr0-public" && ip4.dst == 172.168.0.100), action=(ct_snat;)
> > - table=5 (lr_in_unsnat ), priority=110 , match=(inport ==
> > "lr0-sw0" && ip4.dst == 10.0.0.1), action=(ct_snat;)
> > - table=5 (lr_in_unsnat ), priority=110 , match=(inport ==
> > "lr0-sw1" && ip4.dst == 20.0.0.1), action=(ct_snat;)
> > - table=5 (lr_in_unsnat ), priority=110 , match=(inport ==
> > "lr0-sw1" && ip6.dst == bef0::1), action=(ct_snat;)
> > + table=7 (lr_in_unsnat ), priority=0 , match=(1), action=(next;)
> > + table=7 (lr_in_unsnat ), priority=110 , match=(inport ==
> > "lr0-public" && ip4.dst == 172.168.0.100), action=(ct_snat;)
> > + table=7 (lr_in_unsnat ), priority=110 , match=(inport ==
> > "lr0-sw0" && ip4.dst == 10.0.0.1), action=(ct_snat;)
> > + table=7 (lr_in_unsnat ), priority=110 , match=(inport ==
> > "lr0-sw1" && ip4.dst == 20.0.0.1), action=(ct_snat;)
> > + table=7 (lr_in_unsnat ), priority=110 , match=(inport ==
> > "lr0-sw1" && ip6.dst == bef0::1), action=(ct_snat;)
> > ])
> >
> > AT_CHECK([grep "lr_in_dnat" lr0flows | grep skip_snat_for_lb | sort], [0],
> > [dnl
> > - table=6 (lr_in_dnat ), priority=120 , match=(ct.est && ip &&
> > ip4.dst == 10.0.0.20 && tcp && tcp.dst == 80),
> > action=(flags.skip_snat_for_lb = 1; ct_dnat;)
> > - table=6 (lr_in_dnat ), priority=120 , match=(ct.new && ip &&
> > ip4.dst == 10.0.0.20 && tcp && tcp.dst == 80),
> > action=(flags.skip_snat_for_lb = 1; ct_lb(backends=10.0.0.40:8080);)
> > + table=8 (lr_in_dnat ), priority=120 , match=(ct.est && ip &&
> > ip4.dst == 10.0.0.20 && tcp && tcp.dst == 80),
> > action=(flags.skip_snat_for_lb = 1; ct_dnat;)
> > + table=8 (lr_in_dnat ), priority=120 , match=(ct.new && ip &&
> > ip4.dst == 10.0.0.20 && tcp && tcp.dst == 80),
> > action=(flags.skip_snat_for_lb = 1; ct_lb(backends=10.0.0.40:8080);)
> > ])
> >
> > AT_CHECK([grep "lr_out_snat" lr0flows | grep skip_snat_for_lb | sort],
> > [0], [dnl
> > diff --git a/tests/ovn.at b/tests/ovn.at
> > index 248319262..eef03982c 100644
> > --- a/tests/ovn.at
> > +++ b/tests/ovn.at
> > @@ -16246,7 +16246,7 @@ test_ip_packet_larger() {
> > ip_csum=f993
> >
> > icmp_reply=${src_mac}${dst_mac}08004500${reply_pkt_len}00004000fe016867
> >
> > icmp_reply=${icmp_reply}${src_ip}${dst_ip}0304${ip_csum}0000$(printf "%04x"
> > $mtu)
> > - icmp_reply=${icmp_reply}4500${pkt_len}000000003f01c4d9
> > + icmp_reply=${icmp_reply}4500${pkt_len}000000004001c3d9
> > icmp_reply=${icmp_reply}${orig_packet_l3}
> > echo $icmp_reply > hv1-vif1.expected
> > fi
> > @@ -16275,6 +16275,52 @@ test_ip_packet_larger() {
> > fi
> > }
> >
> > +test_ip_packet_larger_ext() {
> > + local mtu=$1
> > +
> > + # Send ip packet from sw0-port1 to outside
> > + src_mac="00000012af11" # external mac
> > + dst_mac="000020201213" # lr0-public mac
> > + src_ip=`ip_to_hex 172 168 0 4`
> > + dst_ip=`ip_to_hex 172 168 0 100`
> > + # Set the packet length to 118.
> > + pkt_len=0076
> > + packet=${dst_mac}${src_mac}08004500${pkt_len}000000004001c3d9
> > + orig_packet_l3=${src_ip}${dst_ip}0900000000000000
> > + orig_packet_l3=${orig_packet_l3}000000000000000000000000000000000000
> > + orig_packet_l3=${orig_packet_l3}000000000000000000000000000000000000
> > + orig_packet_l3=${orig_packet_l3}000000000000000000000000000000000000
> > + orig_packet_l3=${orig_packet_l3}000000000000000000000000000000000000
> > + orig_packet_l3=${orig_packet_l3}000000000000000000000000000000000000
> > + packet=${packet}${orig_packet_l3}
> > +
> > +
> > gw_ip_garp=ffffffffffff00002020121308060001080006040001000020201213aca80064000000000000aca80064
> > +
> > ext_ip_garp=ffffffffffff00000012af110806000108000604000100000012af11aca80004000000000000aca80004
> > +
> > + src_ip=`ip_to_hex 172 168 0 100`
> > + dst_ip=`ip_to_hex 172 168 0 4`
> > + # pkt len should be 146 (28 (icmp packet) + 118 (orig ip + payload))
> > + reply_pkt_len=0092
> > + ip_csum=508d
> > + icmp_reply=${src_mac}${dst_mac}08004500${reply_pkt_len}00004000fe0122b2
> > + icmp_reply=${icmp_reply}${src_ip}${dst_ip}0304${ip_csum}0000$(printf
> > "%04x" $mtu)
> > + icmp_reply=${icmp_reply}4500${pkt_len}000000004001c3d9
> > + icmp_reply=${icmp_reply}${orig_packet_l3}
> > + echo $icmp_reply > br-phys_n1.expected
> > +
> > + echo $gw_ip_garp >> br-phys_n1.expected
> > +
> > + as hv1 reset_pcap_file br-phys_n1 hv1/br-phys_n1
> > + as hv1 reset_pcap_file hv1-vif1 hv1/vif1
> > +
> > + check as hv1 ovs-appctl netdev-dummy/receive br-phys_n1 $ext_ip_garp
> > + sleep 1
> > + # Send packet from sw0-port1 to outside
> > + check as hv1 ovs-appctl netdev-dummy/receive br-phys_n1 $packet
> > +
> > + OVN_CHECK_PACKETS([hv1/br-phys_n1-tx.pcap], [br-phys_n1.expected])
> > +}
> > +
> > test_ip6_packet_larger() {
> > local mtu=$1
> >
> > @@ -16307,7 +16353,7 @@ test_ip6_packet_larger() {
> > mtu_needed=$(expr ${packet_bytes} - 18)
> > if test $mtu -lt $mtu_needed; then
> > # First construct the inner IPv6 packet.
> > - inner_ip6=6000000000583afe${ipv6_src}${ipv6_dst}
> > + inner_ip6=6000000000583aff${ipv6_src}${ipv6_dst}
> > inner_icmp6=8000000062f00001
> > inner_icmp6_and_payload=$(icmp6_csum_inplace
> > ${inner_icmp6}${payload} ${inner_ip6})
> > inner_packet=${inner_ip6}${inner_icmp6_and_payload}
> > @@ -16329,6 +16375,53 @@ test_ip6_packet_larger() {
> > fi
> > }
> >
> > +test_ip6_packet_larger_ext() {
> > + local mtu=$1
> > +
> > + local eth_src=00000012af11
> > + local eth_dst=000020201213
> > +
> > + local ipv6_src=20000000000000000000000000000004
> > + local ipv6_dst=20000000000000000000000000000001
> > +
> > + local payload=0000000000000000000000000000000000000000
> > + local payload=${payload}0000000000000000000000000000000000000000
> > + local payload=${payload}0000000000000000000000000000000000000000
> > + local payload=${payload}0000000000000000000000000000000000000000
> > +
> > + local ip6_hdr=6000000000583aff${ipv6_src}${ipv6_dst}
> > + local
> > packet=${eth_dst}${eth_src}86dd${ip6_hdr}9000cc7662f00001${payload}
> > +
> > + local
> > ns=ffffffffffff00002020121308060001080006040001000020201213aca80064000000000000aca80064
> > + echo $ns > br-phys_n1.expected
> > +
> > + as hv1 reset_pcap_file br-phys_n1 hv1/br-phys_n1
> > + as hv1 reset_pcap_file hv1-vif1 hv1/vif1
> > +
> > + local na_ip6_hdr=6000000000203aff${ipv6_src}${ipv6_dst}
> > + local
> > na=${eth_dst}${eth_src}86dd${na_ip6_hdr}8800d78440000000${ipv6_src}0201${eth_src}
> > + check as hv1 ovs-appctl netdev-dummy/receive br-phys_n1 $na
> > + sleep 1
> > + check as hv1 ovs-appctl netdev-dummy/receive br-phys_n1 $packet
> > + AT_CAPTURE_FILE([trace-$mtu])
> > +
> > + # First construct the inner IPv6 packet.
> > + inner_ip6=6000000000583aff${ipv6_src}${ipv6_dst}
> > + inner_icmp6=9000000062f00001
> > + inner_icmp6_and_payload=$(icmp6_csum_inplace ${inner_icmp6}${payload}
> > ${inner_ip6})
> > + inner_packet=${inner_ip6}${inner_icmp6_and_payload}
> > +
> > + # Then the outer.
> > + outer_ip6=6000000000883afe${ipv6_dst}${ipv6_src}
> > + outer_icmp6_and_payload=$(icmp6_csum_inplace 020000000000$(printf
> > "%04x" $mtu)${inner_packet} $outer_ip6)
> > + outer_packet=${outer_ip6}${outer_icmp6_and_payload}
> > +
> > + icmp6_reply=${eth_src}${eth_dst}86dd${outer_packet}
> > + echo $icmp6_reply >> br-phys_n1.expected
> > +
> > + OVN_CHECK_PACKETS([hv1/br-phys_n1-tx.pcap], [br-phys_n1.expected])
> > +}
> > +
> > wait_for_ports_up
> > ovn-nbctl --wait=hv sync
> >
> > @@ -16371,6 +16464,23 @@ for mtu in 100 500 118; do
> > test_ip6_packet_larger $mtu
> > done
> >
> > +AS_BOX([testing mtu $mtu])
> > +check ovn-nbctl --wait=hv set logical_router_port lr0-public
> > options:gateway_mtu=100
> > +ovn-sbctl dump-flows > ext-sbflows-100
> > +AT_CAPTURE_FILE([ext-sbflows-$mtu])
> > +
> > +OVS_WAIT_FOR_OUTPUT([
> > + as hv1 ovs-ofctl dump-flows br-int > ext-br-int-flows-100
> > + AT_CAPTURE_FILE([ext-br-int-flows-100])
> > + grep "check_pkt_larger(118)" ext-br-int-flows-100 | wc -l], [0], [1
> > +])
> > +
> > +AS_BOX([testing ext mtu 100 - IPv4])
> > +test_ip_packet_larger_ext 100
> > +
> > +AS_BOX([testing mtu 100 - IPv6])
> > +test_ip6_packet_larger_ext 100
> > +
> > OVN_CLEANUP([hv1])
> > AT_CLEANUP
> > ])
> > @@ -16484,7 +16594,7 @@ test_ip_packet_larger() {
> > ip_csum=f993
> >
> > icmp_reply=${src_mac}${dst_mac}08004500${reply_pkt_len}00004000fe016867
> >
> > icmp_reply=${icmp_reply}${src_ip}${dst_ip}0304${ip_csum}0000$(printf "%04x"
> > $mtu)
> > - icmp_reply=${icmp_reply}4500${pkt_len}000000003f01c4d9
> > + icmp_reply=${icmp_reply}4500${pkt_len}000000004001c3d9
> > icmp_reply=${icmp_reply}${orig_packet_l3}
> > echo $icmp_reply > hv1-vif1.expected
> > fi
> > @@ -16513,6 +16623,52 @@ test_ip_packet_larger() {
> > fi
> > }
> >
> > +test_ip_packet_larger_ext() {
> > + local mtu=$1
> > +
> > + # Send ip packet from sw0-port1 to outside
> > + src_mac="00000012af11" # external mac
> > + dst_mac="000020201213" # lr0-public mac
> > + src_ip=`ip_to_hex 172 168 0 4`
> > + dst_ip=`ip_to_hex 172 168 0 100`
> > + # Set the packet length to 118.
> > + pkt_len=0076
> > + packet=${dst_mac}${src_mac}08004500${pkt_len}000000004001c3d9
> > + orig_packet_l3=${src_ip}${dst_ip}0900000000000000
> > + orig_packet_l3=${orig_packet_l3}000000000000000000000000000000000000
> > + orig_packet_l3=${orig_packet_l3}000000000000000000000000000000000000
> > + orig_packet_l3=${orig_packet_l3}000000000000000000000000000000000000
> > + orig_packet_l3=${orig_packet_l3}000000000000000000000000000000000000
> > + orig_packet_l3=${orig_packet_l3}000000000000000000000000000000000000
> > + packet=${packet}${orig_packet_l3}
> > +
> > +
> > gw_ip_garp=ffffffffffff00002020121308060001080006040001000020201213aca80064000000000000aca80064
> > +
> > ext_ip_garp=ffffffffffff00000012af110806000108000604000100000012af11aca80004000000000000aca80004
> > +
> > + src_ip=`ip_to_hex 172 168 0 100`
> > + dst_ip=`ip_to_hex 172 168 0 4`
> > + # pkt len should be 146 (28 (icmp packet) + 118 (orig ip + payload))
> > + reply_pkt_len=0092
> > + ip_csum=508d
> > + icmp_reply=${src_mac}${dst_mac}08004500${reply_pkt_len}00004000fe0122b2
> > + icmp_reply=${icmp_reply}${src_ip}${dst_ip}0304${ip_csum}0000$(printf
> > "%04x" $mtu)
> > + icmp_reply=${icmp_reply}4500${pkt_len}000000004001c3d9
> > + icmp_reply=${icmp_reply}${orig_packet_l3}
> > + echo $icmp_reply > br-phys_n1.expected
> > +
> > + echo $gw_ip_garp >> br-phys_n1.expected
> > +
> > + as hv1 reset_pcap_file br-phys_n1 hv1/br-phys_n1
> > + as hv1 reset_pcap_file hv1-vif1 hv1/vif1
> > +
> > + check as hv1 ovs-appctl netdev-dummy/receive br-phys_n1 $ext_ip_garp
> > + sleep 1
> > + # Send packet from sw0-port1 to outside
> > + check as hv1 ovs-appctl netdev-dummy/receive br-phys_n1 $packet
> > +
> > + OVN_CHECK_PACKETS([hv1/br-phys_n1-tx.pcap], [br-phys_n1.expected])
> > +}
> > +
> > test_ip6_packet_larger() {
> > local mtu=$1
> >
> > @@ -16545,7 +16701,7 @@ test_ip6_packet_larger() {
> > mtu_needed=$(expr ${packet_bytes} - 18)
> > if test $mtu -lt $mtu_needed; then
> > # First construct the inner IPv6 packet.
> > - inner_ip6=6000000000583afe${ipv6_src}${ipv6_dst}
> > + inner_ip6=6000000000583aff${ipv6_src}${ipv6_dst}
> > inner_icmp6=8000000062f00001
> > inner_icmp6_and_payload=$(icmp6_csum_inplace
> > ${inner_icmp6}${payload} ${inner_ip6})
> > inner_packet=${inner_ip6}${inner_icmp6_and_payload}
> > @@ -16567,6 +16723,53 @@ test_ip6_packet_larger() {
> > fi
> > }
> >
> > +test_ip6_packet_larger_ext() {
> > + local mtu=$1
> > +
> > + local eth_src=00000012af11
> > + local eth_dst=000020201213
> > +
> > + local ipv6_src=20000000000000000000000000000004
> > + local ipv6_dst=20000000000000000000000000000001
> > +
> > + local payload=0000000000000000000000000000000000000000
> > + local payload=${payload}0000000000000000000000000000000000000000
> > + local payload=${payload}0000000000000000000000000000000000000000
> > + local payload=${payload}0000000000000000000000000000000000000000
> > +
> > + local ip6_hdr=6000000000583aff${ipv6_src}${ipv6_dst}
> > + local
> > packet=${eth_dst}${eth_src}86dd${ip6_hdr}9000cc7662f00001${payload}
> > +
> > + local
> > ns=ffffffffffff00002020121308060001080006040001000020201213aca80064000000000000aca80064
> > + echo $ns > br-phys_n1.expected
> > +
> > + as hv1 reset_pcap_file br-phys_n1 hv1/br-phys_n1
> > + as hv1 reset_pcap_file hv1-vif1 hv1/vif1
> > +
> > + local na_ip6_hdr=6000000000203aff${ipv6_src}${ipv6_dst}
> > + local
> > na=${eth_dst}${eth_src}86dd${na_ip6_hdr}8800d78440000000${ipv6_src}0201${eth_src}
> > + check as hv1 ovs-appctl netdev-dummy/receive br-phys_n1 $na
> > + sleep 1
> > + check as hv1 ovs-appctl netdev-dummy/receive br-phys_n1 $packet
> > + AT_CAPTURE_FILE([trace-$mtu])
> > +
> > + # First construct the inner IPv6 packet.
> > + inner_ip6=6000000000583aff${ipv6_src}${ipv6_dst}
> > + inner_icmp6=9000000062f00001
> > + inner_icmp6_and_payload=$(icmp6_csum_inplace ${inner_icmp6}${payload}
> > ${inner_ip6})
> > + inner_packet=${inner_ip6}${inner_icmp6_and_payload}
> > +
> > + # Then the outer.
> > + outer_ip6=6000000000883afe${ipv6_dst}${ipv6_src}
> > + outer_icmp6_and_payload=$(icmp6_csum_inplace 020000000000$(printf
> > "%04x" $mtu)${inner_packet} $outer_ip6)
> > + outer_packet=${outer_ip6}${outer_icmp6_and_payload}
> > +
> > + icmp6_reply=${eth_src}${eth_dst}86dd${outer_packet}
> > + echo $icmp6_reply >> br-phys_n1.expected
> > +
> > + OVN_CHECK_PACKETS([hv1/br-phys_n1-tx.pcap], [br-phys_n1.expected])
> > +}
> > +
> > wait_for_ports_up
> > ovn-nbctl --wait=hv sync
> >
> > @@ -16609,6 +16812,23 @@ for mtu in 100 500 118; do
> > test_ip6_packet_larger $mtu
> > done
> >
> > +AS_BOX([testing mtu $mtu])
> > +check ovn-nbctl --wait=hv set logical_router_port lr0-public
> > options:gateway_mtu=100
> > +ovn-sbctl dump-flows > ext-sbflows-100
> > +AT_CAPTURE_FILE([ext-sbflows-$mtu])
> > +
> > +OVS_WAIT_FOR_OUTPUT([
> > + as hv1 ovs-ofctl dump-flows br-int > ext-br-int-flows-100
> > + AT_CAPTURE_FILE([ext-br-int-flows-100])
> > + grep "check_pkt_larger(118)" ext-br-int-flows-100 | wc -l], [0], [1
> > +])
> > +
> > +AS_BOX([testing ext mtu 100 - IPv4])
> > +test_ip_packet_larger_ext 100
> > +
> > +AS_BOX([testing mtu 100 - IPv6])
> > +test_ip6_packet_larger_ext 100
> > +
> > OVN_CLEANUP([hv1])
> > AT_CLEANUP
> > ])
> > @@ -22511,7 +22731,7 @@ ovn-sbctl dump-flows > sbflows
> > AT_CAPTURE_FILE([sbflows])
> > AT_CAPTURE_FILE([offlows])
> > OVS_WAIT_UNTIL([
> > - as hv1 ovs-ofctl dump-flows br-int table=20 > offlows
> > + as hv1 ovs-ofctl dump-flows br-int table=22 > offlows
> > test $(grep -c "load:0x64->NXM_NX_PKT_MARK" offlows) = 1 && \
> > test $(grep -c "load:0x3->NXM_NX_PKT_MARK" offlows) = 1 && \
> > test $(grep -c "load:0x4->NXM_NX_PKT_MARK" offlows) = 1 && \
> > @@ -22604,12 +22824,12 @@ send_ipv4_pkt hv1 hv1-vif1 505400000003
> > 00000000ff01 \
> > $(ip_to_hex 10 0 0 3) $(ip_to_hex 172 168 0 120)
> >
> > OVS_WAIT_UNTIL([
> > - test 1 -eq $(as hv1 ovs-ofctl dump-flows br-int table=20 | \
> > + test 1 -eq $(as hv1 ovs-ofctl dump-flows br-int table=22 | \
> > grep "load:0x2->NXM_NX_PKT_MARK" -c)
> > ])
> >
> > AT_CHECK([
> > - test 0 -eq $(as hv1 ovs-ofctl dump-flows br-int table=20 | \
> > + test 0 -eq $(as hv1 ovs-ofctl dump-flows br-int table=22 | \
> > grep "load:0x64->NXM_NX_PKT_MARK" -c)
> > ])
> >
> > @@ -22681,31 +22901,31 @@ AT_CHECK([
> > ])
> >
> > AT_CHECK([ovn-sbctl lflow-list | grep -E "lr_in_policy.*priority=1001" |
> > sort], [0], [dnl
> > - table=12(lr_in_policy ), priority=1001 , dnl
> > + table=14(lr_in_policy ), priority=1001 , dnl
> > match=(ip6), action=(pkt.mark = 4294967295; reg8[[0..15]] = 0; next;)
> > ])
> >
> > ovn-nbctl --wait=hv set logical_router_policy $pol5 options:pkt_mark=-1
> > AT_CHECK([ovn-sbctl lflow-list | grep -E "lr_in_policy.*priority=1001" |
> > sort], [0], [dnl
> > - table=12(lr_in_policy ), priority=1001 , dnl
> > + table=14(lr_in_policy ), priority=1001 , dnl
> > match=(ip6), action=(reg8[[0..15]] = 0; next;)
> > ])
> >
> > ovn-nbctl --wait=hv set logical_router_policy $pol5
> > options:pkt_mark=2147483648
> > AT_CHECK([ovn-sbctl lflow-list | grep -E "lr_in_policy.*priority=1001" |
> > sort], [0], [dnl
> > - table=12(lr_in_policy ), priority=1001 , dnl
> > + table=14(lr_in_policy ), priority=1001 , dnl
> > match=(ip6), action=(pkt.mark = 2147483648; reg8[[0..15]] = 0; next;)
> > ])
> >
> > ovn-nbctl --wait=hv set logical_router_policy $pol5 options:pkt_mark=foo
> > AT_CHECK([ovn-sbctl lflow-list | grep -E "lr_in_policy.*priority=1001" |
> > sort], [0], [dnl
> > - table=12(lr_in_policy ), priority=1001 , dnl
> > + table=14(lr_in_policy ), priority=1001 , dnl
> > match=(ip6), action=(reg8[[0..15]] = 0; next;)
> > ])
> >
> > ovn-nbctl --wait=hv set logical_router_policy $pol5
> > options:pkt_mark=4294967296
> > AT_CHECK([ovn-sbctl lflow-list | grep -E "lr_in_policy.*priority=1001" |
> > sort], [0], [dnl
> > - table=12(lr_in_policy ), priority=1001 , dnl
> > + table=14(lr_in_policy ), priority=1001 , dnl
> > match=(ip6), action=(reg8[[0..15]] = 0; next;)
> > ])
> >
> > @@ -23275,23 +23495,23 @@ check ovn-nbctl --wait=hv sync
> >
> > # Ensure ECMP symmetric reply flows are not present on any hypervisor.
> > AT_CHECK([
> > - test 0 -eq $(as hv1 ovs-ofctl dump-flows br-int table=15 | \
> > + test 0 -eq $(as hv1 ovs-ofctl dump-flows br-int table=17 | \
> > grep "priority=100" | \
> > grep
> > "ct(commit,zone=NXM_NX_REG11\\[[0..15\\]],exec(move:NXM_OF_ETH_SRC\\[[\\]]->NXM_NX_CT_LABEL\\[[32..79\\]],load:0x[[0-9]]->NXM_NX_CT_LABEL\\[[80..95\\]]))"
> > -c)
> > ])
> > AT_CHECK([
> > - test 0 -eq $(as hv1 ovs-ofctl dump-flows br-int table=21 | \
> > + test 0 -eq $(as hv1 ovs-ofctl dump-flows br-int table=23 | \
> > grep "priority=200" | \
> > grep
> > "actions=move:NXM_NX_CT_LABEL\\[[32..79\\]]->NXM_OF_ETH_DST\\[[\\]]" -c)
> > ])
> >
> > AT_CHECK([
> > - test 0 -eq $(as hv2 ovs-ofctl dump-flows br-int table=15 | \
> > + test 0 -eq $(as hv2 ovs-ofctl dump-flows br-int table=17 | \
> > grep "priority=100" | \
> > grep
> > "ct(commit,zone=NXM_NX_REG11\\[[0..15\\]],exec(move:NXM_OF_ETH_SRC\\[[\\]]->NXM_NX_CT_LABEL\\[[32..79\\]],load:0x[[0-9]]->NXM_NX_CT_LABEL\\[[80..95\\]]))"
> > -c)
> > ])
> > AT_CHECK([
> > - test 0 -eq $(as hv2 ovs-ofctl dump-flows br-int table=21 | \
> > + test 0 -eq $(as hv2 ovs-ofctl dump-flows br-int table=23 | \
> > grep "priority=200" | \
> > grep
> > "actions=move:NXM_NX_CT_LABEL\\[[32..79\\]]->NXM_OF_ETH_DST\\[[\\]]" -c)
> > ])
> > @@ -23308,11 +23528,11 @@ AT_CAPTURE_FILE([hv2flows])
> >
> > AT_CHECK([
> > for hv in 1 2; do
> > - grep table=15 hv${hv}flows | \
> > + grep table=17 hv${hv}flows | \
> > grep "priority=100" | \
> > grep -c
> > "ct(commit,zone=NXM_NX_REG11\\[[0..15\\]],exec(move:NXM_OF_ETH_SRC\\[[\\]]->NXM_NX_CT_LABEL\\[[32..79\\]],load:0x[[0-9]]->NXM_NX_CT_LABEL\\[[80..95\\]]))"
> >
> > - grep table=22 hv${hv}flows | \
> > + grep table=24 hv${hv}flows | \
> > grep "priority=200" | \
> > grep -c
> > "actions=move:NXM_NX_CT_LABEL\\[[32..79\\]]->NXM_OF_ETH_DST\\[[\\]]"
> > done; :], [0], [dnl
> > @@ -23932,7 +24152,7 @@ AT_CHECK([as hv1 ovs-ofctl dump-flows br-int | grep
> > "actions=controller" | grep
> > ])
> >
> > # The packet should've been dropped in the lr_in_arp_resolve stage.
> > -AT_CHECK([as hv1 ovs-ofctl dump-flows br-int | grep -E "table=22,
> > n_packets=1,.* priority=1,ip,metadata=0x${sw_key},nw_dst=10.0.1.1
> > actions=drop" -c], [0], [dnl
> > +AT_CHECK([as hv1 ovs-ofctl dump-flows br-int | grep -E "table=24,
> > n_packets=1,.* priority=1,ip,metadata=0x${sw_key},nw_dst=10.0.1.1
> > actions=drop" -c], [0], [dnl
> > 1
> > ])
> >
> > --
> > 2.31.1
> >
> > _______________________________________________
> > dev mailing list
> > [email protected]
> > https://mail.openvswitch.org/mailman/listinfo/ovs-dev
> >
>
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
