On Fri, Sep 9, 2022 at 7:43 AM Han Zhou <[email protected]> wrote:
>
>
> On Tue, Sep 6, 2022 at 6:02 AM Ales Musil <[email protected]> wrote:
> >
> > The current behavior is that load balancers
> > default to tcp protocol if it is not specified.
> > However, this is not propagated to lflows which
> > specify proto only when port is specified as part
> > of the protocol e.g. udp.port == X. Always include
> > the protocol in the lb flow even if the port is not
> > specified.
> >
> > Signed-off-by: Ales Musil <[email protected]>
>
> Hi Ales,
>
Hi Han,
> Sorry that I don't understand the problem. The ovn-nb.xml defines:
>
> <column name="protocol">
> <p>
> Valid protocols are <code>tcp</code>, <code>udp</code>, or
> <code>sctp</code>. This column is useful when a port number is
> provided as part of the <code>vips</code> column. If this column
> is
> empty and a port number is provided as part of <code>vips</code>
> column, OVN assumes the protocol to be <code>tcp</code>.
> </p>
> </column>
>
> So it defaults to TCP only if a port number is provided. Your patch seems
> to change this definition and is trying to default to TCP even if a port
> number is NOT provided? Did I misunderstand?
>
right, but everything is presented as tcp being default even if we don't
specify proto e.g. lb-list. Also ovn-northd.8.xml specifies:
For all the configured load balancing rules for a switch in
<code>OVN_Northbound</code> database that includes a L4 port
<var>PORT</var> of protocol <var>P</var> and IP address
<var>VIP</var>, a priority-120 flow is added. For IPv4 <var>VIPs
</var>, the flow matches <code>ct.new && ip &&
ip4.dst == <var>VIP</var> && <var>P</var> &&
<var>P</var>.dst == <var>PORT</var></code>. For IPv6 <var>VIPs</var>,
the flow matches <code>ct.new && ip && ip6.dst == <var>
VIP </var>&& <var>P</var> && <var>P</var>.dst == <var>
PORT</var></code>.
Suggesting that the protocol should be present which was not the case for
even if the port was specified.
This patch tries to make it consistent. So that we include the protocol
always in the rule and it default to tcp.
Thanks,
Ales
> Thanks,
> Han
>
> > ---
> > northd/northd.c | 7 +++--
> > tests/ovn-northd.at | 56 +++++++++++++++++++--------------------
> > tests/ovn.at | 6 ++---
> > utilities/ovn-nbctl.8.xml | 5 ++--
> > 4 files changed, 36 insertions(+), 38 deletions(-)
> >
> > diff --git a/northd/northd.c b/northd/northd.c
> > index 7e2681865..3ab335fec 100644
> > --- a/northd/northd.c
> > +++ b/northd/northd.c
> > @@ -6870,9 +6870,8 @@ build_lb_rules(struct hmap *lflows, struct
> ovn_northd_lb *lb, bool ct_lb_mark,
> > lb_vip->vip_str);
> > }
> >
> > - const char *proto = NULL;
> > + const char *proto = "tcp";
> > if (lb_vip->vip_port) {
> > - proto = "tcp";
> > if (lb->nlb->protocol) {
> > if (!strcmp(lb->nlb->protocol, "udp")) {
> > proto = "udp";
> > @@ -6894,8 +6893,8 @@ build_lb_rules(struct hmap *lflows, struct
> ovn_northd_lb *lb, bool ct_lb_mark,
> > lb->selection_fields, true,
> > ct_lb_mark);
> >
> > - ds_put_format(match, "ct.new && %s.dst == %s", ip_match,
> > - lb_vip->vip_str);
> > + ds_put_format(match, "ct.new && %s.dst == %s && %s", ip_match,
> > + lb_vip->vip_str, proto);
> > int priority = 110;
> > if (lb_vip->vip_port) {
> > ds_put_format(match, " && %s.dst == %d", proto,
> lb_vip->vip_port);
> > diff --git a/tests/ovn-northd.at b/tests/ovn-northd.at
> > index 157f9f60c..6559a6ade 100644
> > --- a/tests/ovn-northd.at
> > +++ b/tests/ovn-northd.at
> > @@ -1227,7 +1227,7 @@ check ovn-nbctl --wait=sb ls-lb-add sw0 lb1
> > AT_CAPTURE_FILE([sbflows])
> > OVS_WAIT_FOR_OUTPUT(
> > [ovn-sbctl dump-flows sw0 | tee sbflows | grep
> 'priority=120.*backends' | sed 's/table=..//'], 0, [dnl
> > - (ls_in_lb ), priority=120 , match=(ct.new && ip4.dst ==
> 10.0.0.10 && tcp.dst == 80), action=(reg0[[1]] = 0; reg1 = 10.0.0.10;
> reg2[[0..15]] = 80; ct_lb(backends=10.0.0.3:80,20.0.0.3:80);)
> > + (ls_in_lb ), priority=120 , match=(ct.new && ip4.dst ==
> 10.0.0.10 && tcp && tcp.dst == 80), action=(reg0[[1]] = 0; reg1 =
> 10.0.0.10; reg2[[0..15]] = 80; ct_lb(backends=10.0.0.3:80,20.0.0.3:80);)
> > ])
> >
> > AS_BOX([Delete the Load_Balancer_Health_Check])
> > @@ -1237,7 +1237,7 @@ wait_row_count Service_Monitor 0
> > AT_CAPTURE_FILE([sbflows2])
> > OVS_WAIT_FOR_OUTPUT(
> > [ovn-sbctl dump-flows sw0 | tee sbflows2 | grep
> 'priority=120.*backends' | sed 's/table=..//'], [0],
> > -[ (ls_in_lb ), priority=120 , match=(ct.new && ip4.dst ==
> 10.0.0.10 && tcp.dst == 80), action=(reg0[[1]] = 0; reg1 = 10.0.0.10;
> reg2[[0..15]] = 80; ct_lb(backends=10.0.0.3:80,20.0.0.3:80);)
> > +[ (ls_in_lb ), priority=120 , match=(ct.new && ip4.dst ==
> 10.0.0.10 && tcp && tcp.dst == 80), action=(reg0[[1]] = 0; reg1 =
> 10.0.0.10; reg2[[0..15]] = 80; ct_lb(backends=10.0.0.3:80,20.0.0.3:80);)
> > ])
> >
> > AS_BOX([Create the Load_Balancer_Health_Check again.])
> > @@ -1249,7 +1249,7 @@ check ovn-nbctl --wait=sb sync
> >
> > ovn-sbctl dump-flows sw0 | grep backends | grep priority=120 >
> lflows.txt
> > AT_CHECK([cat lflows.txt | sed 's/table=..//'], [0], [dnl
> > - (ls_in_lb ), priority=120 , match=(ct.new && ip4.dst ==
> 10.0.0.10 && tcp.dst == 80), action=(reg0[[1]] = 0; reg1 = 10.0.0.10;
> reg2[[0..15]] = 80; ct_lb(backends=10.0.0.3:80,20.0.0.3:80);)
> > + (ls_in_lb ), priority=120 , match=(ct.new && ip4.dst ==
> 10.0.0.10 && tcp && tcp.dst == 80), action=(reg0[[1]] = 0; reg1 =
> 10.0.0.10; reg2[[0..15]] = 80; ct_lb(backends=10.0.0.3:80,20.0.0.3:80);)
> > ])
> >
> > AS_BOX([Get the uuid of both the service_monitor])
> > @@ -1259,7 +1259,7 @@ sm_sw1_p1=$(fetch_column Service_Monitor _uuid
> logical_port=sw1-p1)
> > AT_CAPTURE_FILE([sbflows3])
> > OVS_WAIT_FOR_OUTPUT(
> > [ovn-sbctl dump-flows sw0 | tee sbflows 3 | grep
> 'priority=120.*backends' | sed 's/table=..//'], [0],
> > -[ (ls_in_lb ), priority=120 , match=(ct.new && ip4.dst ==
> 10.0.0.10 && tcp.dst == 80), action=(reg0[[1]] = 0; reg1 = 10.0.0.10;
> reg2[[0..15]] = 80; ct_lb(backends=10.0.0.3:80,20.0.0.3:80);)
> > +[ (ls_in_lb ), priority=120 , match=(ct.new && ip4.dst ==
> 10.0.0.10 && tcp && tcp.dst == 80), action=(reg0[[1]] = 0; reg1 =
> 10.0.0.10; reg2[[0..15]] = 80; ct_lb(backends=10.0.0.3:80,20.0.0.3:80);)
> > ])
> >
> > AS_BOX([Set the service monitor for sw1-p1 to offline])
> > @@ -1270,7 +1270,7 @@ check ovn-nbctl --wait=sb sync
> > AT_CAPTURE_FILE([sbflows4])
> > OVS_WAIT_FOR_OUTPUT(
> > [ovn-sbctl dump-flows sw0 | tee sbflows4 | grep
> 'priority=120.*backends' | sed 's/table=..//'], [0],
> > -[ (ls_in_lb ), priority=120 , match=(ct.new && ip4.dst ==
> 10.0.0.10 && tcp.dst == 80), action=(reg0[[1]] = 0; reg1 = 10.0.0.10;
> reg2[[0..15]] = 80; ct_lb(backends=10.0.0.3:80);)
> > +[ (ls_in_lb ), priority=120 , match=(ct.new && ip4.dst ==
> 10.0.0.10 && tcp && tcp.dst == 80), action=(reg0[[1]] = 0; reg1 =
> 10.0.0.10; reg2[[0..15]] = 80; ct_lb(backends=10.0.0.3:80);)
> > ])
> >
> > AS_BOX([Set the service monitor for sw0-p1 to offline])
> > @@ -1285,8 +1285,8 @@ OVS_WAIT_FOR_OUTPUT(
> >
> > AT_CAPTURE_FILE([sbflows6])
> > OVS_WAIT_FOR_OUTPUT(
> > - [ovn-sbctl dump-flows sw0 | tee sbflows6 | grep "ip4.dst == 10.0.0.10
> && tcp.dst == 80" | grep priority=120 | sed 's/table=..//'], [0], [dnl
> > - (ls_in_lb ), priority=120 , match=(ct.new && ip4.dst ==
> 10.0.0.10 && tcp.dst == 80), action=(drop;)
> > + [ovn-sbctl dump-flows sw0 | tee sbflows6 | grep "ip4.dst == 10.0.0.10
> && tcp && tcp.dst == 80" | grep priority=120 | sed 's/table=..//'], [0],
> [dnl
> > + (ls_in_lb ), priority=120 , match=(ct.new && ip4.dst ==
> 10.0.0.10 && tcp && tcp.dst == 80), action=(drop;)
> > ])
> >
> > AS_BOX([Set the service monitor for sw0-p1 and sw1-p1 to online])
> > @@ -1299,7 +1299,7 @@ check ovn-nbctl --wait=sb sync
> > AT_CAPTURE_FILE([sbflows7])
> > OVS_WAIT_FOR_OUTPUT(
> > [ovn-sbctl dump-flows sw0 | tee sbflows7 | grep backends | grep
> priority=120 | sed 's/table=..//'], 0,
> > -[ (ls_in_lb ), priority=120 , match=(ct.new && ip4.dst ==
> 10.0.0.10 && tcp.dst == 80), action=(reg0[[1]] = 0; reg1 = 10.0.0.10;
> reg2[[0..15]] = 80; ct_lb(backends=10.0.0.3:80,20.0.0.3:80);)
> > +[ (ls_in_lb ), priority=120 , match=(ct.new && ip4.dst ==
> 10.0.0.10 && tcp && tcp.dst == 80), action=(reg0[[1]] = 0; reg1 =
> 10.0.0.10; reg2[[0..15]] = 80; ct_lb(backends=10.0.0.3:80,20.0.0.3:80);)
> > ])
> >
> > AS_BOX([Set the service monitor for sw1-p1 to error])
> > @@ -1307,10 +1307,10 @@ ovn-sbctl set service_monitor $sm_sw1_p1
> status=error
> > wait_row_count Service_Monitor 1 logical_port=sw1-p1 status=error
> > check ovn-nbctl --wait=sb sync
> >
> > -ovn-sbctl dump-flows sw0 | grep "ip4.dst == 10.0.0.10 && tcp.dst == 80"
> \
> > +ovn-sbctl dump-flows sw0 | grep "ip4.dst == 10.0.0.10 && tcp && tcp.dst
> == 80" \
> > | grep priority=120 > lflows.txt
> > AT_CHECK([cat lflows.txt | sed 's/table=..//'], [0], [dnl
> > - (ls_in_lb ), priority=120 , match=(ct.new && ip4.dst ==
> 10.0.0.10 && tcp.dst == 80), action=(reg0[[1]] = 0; reg1 = 10.0.0.10;
> reg2[[0..15]] = 80; ct_lb(backends=10.0.0.3:80);)
> > + (ls_in_lb ), priority=120 , match=(ct.new && ip4.dst ==
> 10.0.0.10 && tcp && tcp.dst == 80), action=(reg0[[1]] = 0; reg1 =
> 10.0.0.10; reg2[[0..15]] = 80; ct_lb(backends=10.0.0.3:80);)
> > ])
> >
> > AS_BOX([Add one more vip to lb1])
> > @@ -1336,8 +1336,8 @@ AT_CAPTURE_FILE([sbflows9])
> > OVS_WAIT_FOR_OUTPUT(
> > [ovn-sbctl dump-flows sw0 | tee sbflows9 | grep backends | grep
> priority=120 | sed 's/table=..//' | sort],
> > 0,
> > -[ (ls_in_lb ), priority=120 , match=(ct.new && ip4.dst ==
> 10.0.0.10 && tcp.dst == 80), action=(reg0[[1]] = 0; reg1 = 10.0.0.10;
> reg2[[0..15]] = 80; ct_lb(backends=10.0.0.3:80);)
> > - (ls_in_lb ), priority=120 , match=(ct.new && ip4.dst ==
> 10.0.0.40 && tcp.dst == 1000), action=(reg0[[1]] = 0; reg1 = 10.0.0.40;
> reg2[[0..15]] = 1000; ct_lb(backends=10.0.0.3:1000);)
> > +[ (ls_in_lb ), priority=120 , match=(ct.new && ip4.dst ==
> 10.0.0.10 && tcp && tcp.dst == 80), action=(reg0[[1]] = 0; reg1 =
> 10.0.0.10; reg2[[0..15]] = 80; ct_lb(backends=10.0.0.3:80);)
> > + (ls_in_lb ), priority=120 , match=(ct.new && ip4.dst ==
> 10.0.0.40 && tcp && tcp.dst == 1000), action=(reg0[[1]] = 0; reg1 =
> 10.0.0.40; reg2[[0..15]] = 1000; ct_lb(backends=10.0.0.3:1000);)
> > ])
> >
> > AS_BOX([Set the service monitor for sw1-p1 to online])
> > @@ -1350,8 +1350,8 @@ AT_CAPTURE_FILE([sbflows10])
> > OVS_WAIT_FOR_OUTPUT(
> > [ovn-sbctl dump-flows sw0 | tee sbflows10 | grep backends | grep
> priority=120 | sed 's/table=..//' | sort],
> > 0,
> > -[ (ls_in_lb ), priority=120 , match=(ct.new && ip4.dst ==
> 10.0.0.10 && tcp.dst == 80), action=(reg0[[1]] = 0; reg1 = 10.0.0.10;
> reg2[[0..15]] = 80; ct_lb(backends=10.0.0.3:80,20.0.0.3:80);)
> > - (ls_in_lb ), priority=120 , match=(ct.new && ip4.dst ==
> 10.0.0.40 && tcp.dst == 1000), action=(reg0[[1]] = 0; reg1 = 10.0.0.40;
> reg2[[0..15]] = 1000; ct_lb(backends=10.0.0.3:1000,20.0.0.3:80);)
> > +[ (ls_in_lb ), priority=120 , match=(ct.new && ip4.dst ==
> 10.0.0.10 && tcp && tcp.dst == 80), action=(reg0[[1]] = 0; reg1 =
> 10.0.0.10; reg2[[0..15]] = 80; ct_lb(backends=10.0.0.3:80,20.0.0.3:80);)
> > + (ls_in_lb ), priority=120 , match=(ct.new && ip4.dst ==
> 10.0.0.40 && tcp && tcp.dst == 1000), action=(reg0[[1]] = 0; reg1 =
> 10.0.0.40; reg2[[0..15]] = 1000; ct_lb(backends=10.0.0.3:1000,20.0.0.3:80
> );)
> > ])
> >
> > AS_BOX([Associate lb1 to sw1])
> > @@ -1360,8 +1360,8 @@ AT_CAPTURE_FILE([sbflows11])
> > OVS_WAIT_FOR_OUTPUT(
> > [ovn-sbctl dump-flows sw1 | tee sbflows11 | grep backends | grep
> priority=120 | sed 's/table=..//' | sort],
> > 0, [dnl
> > - (ls_in_lb ), priority=120 , match=(ct.new && ip4.dst ==
> 10.0.0.10 && tcp.dst == 80), action=(reg0[[1]] = 0; reg1 = 10.0.0.10;
> reg2[[0..15]] = 80; ct_lb(backends=10.0.0.3:80,20.0.0.3:80);)
> > - (ls_in_lb ), priority=120 , match=(ct.new && ip4.dst ==
> 10.0.0.40 && tcp.dst == 1000), action=(reg0[[1]] = 0; reg1 = 10.0.0.40;
> reg2[[0..15]] = 1000; ct_lb(backends=10.0.0.3:1000,20.0.0.3:80);)
> > + (ls_in_lb ), priority=120 , match=(ct.new && ip4.dst ==
> 10.0.0.10 && tcp && tcp.dst == 80), action=(reg0[[1]] = 0; reg1 =
> 10.0.0.10; reg2[[0..15]] = 80; ct_lb(backends=10.0.0.3:80,20.0.0.3:80);)
> > + (ls_in_lb ), priority=120 , match=(ct.new && ip4.dst ==
> 10.0.0.40 && tcp && tcp.dst == 1000), action=(reg0[[1]] = 0; reg1 =
> 10.0.0.40; reg2[[0..15]] = 1000; ct_lb(backends=10.0.0.3:1000,20.0.0.3:80
> );)
> > ])
> >
> > AS_BOX([Now create lb2 same as lb1 but udp protocol.])
> > @@ -1417,8 +1417,8 @@ ovn-sbctl set service_monitor $sm_sw1_p1
> status=offline
> >
> > AT_CAPTURE_FILE([sbflows12])
> > OVS_WAIT_FOR_OUTPUT(
> > - [ovn-sbctl dump-flows sw0 | tee sbflows12 | grep "ip4.dst ==
> 10.0.0.10 && tcp.dst == 80" | grep priority=120 | sed 's/table=..//'], [0],
> [dnl
> > - (ls_in_lb ), priority=120 , match=(ct.new && ip4.dst ==
> 10.0.0.10 && tcp.dst == 80), action=(reg0 = 0; reject { outport <-> inport;
> next(pipeline=egress,table=5);};)
> > + [ovn-sbctl dump-flows sw0 | tee sbflows12 | grep "ip4.dst ==
> 10.0.0.10 && tcp && tcp.dst == 80" | grep priority=120 | sed
> 's/table=..//'], [0], [dnl
> > + (ls_in_lb ), priority=120 , match=(ct.new && ip4.dst ==
> 10.0.0.10 && tcp && tcp.dst == 80), action=(reg0 = 0; reject { outport <->
> inport; next(pipeline=egress,table=5);};)
> > ])
> >
> > AT_CLEANUP
> > @@ -3899,8 +3899,8 @@ check_stateful_flows() {
> >
> > AT_CHECK([grep "ls_in_lb" sw0flows | sort | sed
> 's/table=../table=??/'], [0], [dnl
> > table=??(ls_in_lb ), priority=0 , match=(1),
> action=(next;)
> > - table=??(ls_in_lb ), priority=120 , match=(ct.new &&
> ip4.dst == 10.0.0.10 && tcp.dst == 80), action=(reg0[[1]] = 0; reg1 =
> 10.0.0.10; reg2[[0..15]] = 80; ct_lb_mark(backends=10.0.0.4:8080);)
> > - table=??(ls_in_lb ), priority=120 , match=(ct.new &&
> ip4.dst == 10.0.0.20 && tcp.dst == 80), action=(reg0[[1]] = 0; reg1 =
> 10.0.0.20; reg2[[0..15]] = 80; ct_lb_mark(backends=10.0.0.40:8080);)
> > + table=??(ls_in_lb ), priority=120 , match=(ct.new &&
> ip4.dst == 10.0.0.10 && tcp && tcp.dst == 80), action=(reg0[[1]] = 0; reg1
> = 10.0.0.10; reg2[[0..15]] = 80; ct_lb_mark(backends=10.0.0.4:8080);)
> > + table=??(ls_in_lb ), priority=120 , match=(ct.new &&
> ip4.dst == 10.0.0.20 && tcp && tcp.dst == 80), action=(reg0[[1]] = 0; reg1
> = 10.0.0.20; reg2[[0..15]] = 80; ct_lb_mark(backends=10.0.0.40:8080);)
> > ])
> >
> > AT_CHECK([grep "ls_in_stateful" sw0flows | sort | sed
> 's/table=../table=??/'], [0], [dnl
> > @@ -6415,7 +6415,7 @@ AT_CHECK([grep -e "ls_in_acl" lsflows | sed
> 's/table=../table=??/' | sort], [0],
> >
> > AT_CHECK([grep -e "ls_in_lb" lsflows | sed 's/table=../table=??/' |
> sort], [0], [dnl
> > table=??(ls_in_lb ), priority=0 , match=(1),
> action=(next;)
> > - table=??(ls_in_lb ), priority=110 , match=(ct.new &&
> ip4.dst == 10.0.0.2), action=(reg0[[1]] = 0; reg1 = 10.0.0.2;
> ct_lb_mark(backends=10.0.0.10);)
> > + table=??(ls_in_lb ), priority=110 , match=(ct.new &&
> ip4.dst == 10.0.0.2 && tcp), action=(reg0[[1]] = 0; reg1 = 10.0.0.2;
> ct_lb_mark(backends=10.0.0.10);)
> > ])
> >
> > AT_CHECK([grep -e "ls_in_stateful" lsflows | sed 's/table=../table=??/'
> | sort], [0], [dnl
> > @@ -6468,7 +6468,7 @@ AT_CHECK([grep -e "ls_in_acl" lsflows | sed
> 's/table=../table=??/' | sort], [0],
> >
> > AT_CHECK([grep -e "ls_in_lb" lsflows | sed 's/table=../table=??/' |
> sort], [0], [dnl
> > table=??(ls_in_lb ), priority=0 , match=(1),
> action=(next;)
> > - table=??(ls_in_lb ), priority=110 , match=(ct.new &&
> ip4.dst == 10.0.0.2), action=(reg0[[1]] = 0; reg1 = 10.0.0.2;
> ct_lb_mark(backends=10.0.0.10);)
> > + table=??(ls_in_lb ), priority=110 , match=(ct.new &&
> ip4.dst == 10.0.0.2 && tcp), action=(reg0[[1]] = 0; reg1 = 10.0.0.2;
> ct_lb_mark(backends=10.0.0.10);)
> > ])
> >
> > AT_CHECK([grep -e "ls_in_stateful" lsflows | sed 's/table=../table=??/'
> | sort], [0], [dnl
> > @@ -6521,7 +6521,7 @@ AT_CHECK([grep -e "ls_in_acl" lsflows | sed
> 's/table=../table=??/' | sort], [0],
> >
> > AT_CHECK([grep -e "ls_in_lb" lsflows | sed 's/table=../table=??/' |
> sort], [0], [dnl
> > table=??(ls_in_lb ), priority=0 , match=(1),
> action=(next;)
> > - table=??(ls_in_lb ), priority=110 , match=(ct.new &&
> ip4.dst == 10.0.0.2), action=(reg0[[1]] = 0; reg1 = 10.0.0.2;
> ct_lb_mark(backends=10.0.0.10);)
> > + table=??(ls_in_lb ), priority=110 , match=(ct.new &&
> ip4.dst == 10.0.0.2 && tcp), action=(reg0[[1]] = 0; reg1 = 10.0.0.2;
> ct_lb_mark(backends=10.0.0.10);)
> > ])
> >
> > AT_CHECK([grep -e "ls_in_stateful" lsflows | sed 's/table=../table=??/'
> | sort], [0], [dnl
> > @@ -7487,7 +7487,7 @@ AT_CHECK([ovn-sbctl lflow-list | grep -e natted -e
> ct_lb], [0], [dnl
> > table=6 (ls_in_pre_stateful ), priority=120 , match=(reg0[[2]] == 1
> && ip6 && tcp), action=(xxreg1 = ip6.dst; reg2[[0..15]] = tcp.dst;
> ct_lb_mark;)
> > table=6 (ls_in_pre_stateful ), priority=120 , match=(reg0[[2]] == 1
> && ip6 && udp), action=(xxreg1 = ip6.dst; reg2[[0..15]] = udp.dst;
> ct_lb_mark;)
> > table=6 (ls_in_pre_stateful ), priority=110 , match=(reg0[[2]] ==
> 1), action=(ct_lb_mark;)
> > - table=11(ls_in_lb ), priority=110 , match=(ct.new &&
> ip4.dst == 66.66.66.66), action=(reg0[[1]] = 0; reg1 = 66.66.66.66;
> ct_lb_mark(backends=42.42.42.2);)
> > + table=11(ls_in_lb ), priority=110 , match=(ct.new &&
> ip4.dst == 66.66.66.66 && tcp), action=(reg0[[1]] = 0; reg1 = 66.66.66.66;
> ct_lb_mark(backends=42.42.42.2);)
> > table=2 (ls_out_pre_stateful), priority=110 , match=(reg0[[2]] ==
> 1), action=(ct_lb_mark;)
> > ])
> >
> > @@ -7504,7 +7504,7 @@ AT_CHECK([ovn-sbctl lflow-list | grep -e natted -e
> ct_lb], [0], [dnl
> > table=6 (ls_in_pre_stateful ), priority=120 , match=(reg0[[2]] == 1
> && ip6 && tcp), action=(xxreg1 = ip6.dst; reg2[[0..15]] = tcp.dst; ct_lb;)
> > table=6 (ls_in_pre_stateful ), priority=120 , match=(reg0[[2]] == 1
> && ip6 && udp), action=(xxreg1 = ip6.dst; reg2[[0..15]] = udp.dst; ct_lb;)
> > table=6 (ls_in_pre_stateful ), priority=110 , match=(reg0[[2]] ==
> 1), action=(ct_lb;)
> > - table=11(ls_in_lb ), priority=110 , match=(ct.new &&
> ip4.dst == 66.66.66.66), action=(reg0[[1]] = 0; reg1 = 66.66.66.66;
> ct_lb(backends=42.42.42.2);)
> > + table=11(ls_in_lb ), priority=110 , match=(ct.new &&
> ip4.dst == 66.66.66.66 && tcp), action=(reg0[[1]] = 0; reg1 = 66.66.66.66;
> ct_lb(backends=42.42.42.2);)
> > table=2 (ls_out_pre_stateful), priority=110 , match=(reg0[[2]] ==
> 1), action=(ct_lb;)
> > ])
> >
> > @@ -7521,7 +7521,7 @@ AT_CHECK([ovn-sbctl lflow-list | grep -e natted -e
> ct_lb], [0], [dnl
> > table=6 (ls_in_pre_stateful ), priority=120 , match=(reg0[[2]] == 1
> && ip6 && tcp), action=(xxreg1 = ip6.dst; reg2[[0..15]] = tcp.dst;
> ct_lb_mark;)
> > table=6 (ls_in_pre_stateful ), priority=120 , match=(reg0[[2]] == 1
> && ip6 && udp), action=(xxreg1 = ip6.dst; reg2[[0..15]] = udp.dst;
> ct_lb_mark;)
> > table=6 (ls_in_pre_stateful ), priority=110 , match=(reg0[[2]] ==
> 1), action=(ct_lb_mark;)
> > - table=11(ls_in_lb ), priority=110 , match=(ct.new &&
> ip4.dst == 66.66.66.66), action=(reg0[[1]] = 0; reg1 = 66.66.66.66;
> ct_lb_mark(backends=42.42.42.2);)
> > + table=11(ls_in_lb ), priority=110 , match=(ct.new &&
> ip4.dst == 66.66.66.66 && tcp), action=(reg0[[1]] = 0; reg1 = 66.66.66.66;
> ct_lb_mark(backends=42.42.42.2);)
> > table=2 (ls_out_pre_stateful), priority=110 , match=(reg0[[2]] ==
> 1), action=(ct_lb_mark;)
> > ])
> >
> > @@ -7692,11 +7692,11 @@ AT_CAPTURE_FILE([S1flows])
> >
> > AT_CHECK([grep "ls_in_lb" S0flows | sort], [0], [dnl
> > table=11(ls_in_lb ), priority=0 , match=(1),
> action=(next;)
> > - table=11(ls_in_lb ), priority=120 , match=(ct.new &&
> ip4.dst == 172.16.0.10 && tcp.dst == 80), action=(reg0[[1]] = 0; reg1 =
> 172.16.0.10; reg2[[0..15]] = 80; ct_lb_mark(backends=10.0.0.2:80);)
> > + table=11(ls_in_lb ), priority=120 , match=(ct.new &&
> ip4.dst == 172.16.0.10 && tcp && tcp.dst == 80), action=(reg0[[1]] = 0;
> reg1 = 172.16.0.10; reg2[[0..15]] = 80; ct_lb_mark(backends=10.0.0.2:80);)
> > ])
> > AT_CHECK([grep "ls_in_lb" S1flows | sort], [0], [dnl
> > table=11(ls_in_lb ), priority=0 , match=(1),
> action=(next;)
> > - table=11(ls_in_lb ), priority=120 , match=(ct.new &&
> ip4.dst == 172.16.0.10 && tcp.dst == 80), action=(reg0[[1]] = 0; reg1 =
> 172.16.0.10; reg2[[0..15]] = 80; ct_lb_mark(backends=10.0.0.2:80);)
> > + table=11(ls_in_lb ), priority=120 , match=(ct.new &&
> ip4.dst == 172.16.0.10 && tcp && tcp.dst == 80), action=(reg0[[1]] = 0;
> reg1 = 172.16.0.10; reg2[[0..15]] = 80; ct_lb_mark(backends=10.0.0.2:80);)
> > ])
> >
> > ovn-sbctl get datapath S0 _uuid > dp_uuids
> > diff --git a/tests/ovn.at b/tests/ovn.at
> > index c2bcb721a..6dbb88a5e 100644
> > --- a/tests/ovn.at
> > +++ b/tests/ovn.at
> > @@ -23606,7 +23606,7 @@ OVS_WAIT_FOR_OUTPUT(
> > (ls_in_pre_stateful ), priority=120 , match=(reg0[[2]] == 1 && ip6
> && sctp), action=(xxreg1 = ip6.dst; reg2[[0..15]] = sctp.dst; ct_lb_mark;)
> > (ls_in_pre_stateful ), priority=120 , match=(reg0[[2]] == 1 && ip6
> && tcp), action=(xxreg1 = ip6.dst; reg2[[0..15]] = tcp.dst; ct_lb_mark;)
> > (ls_in_pre_stateful ), priority=120 , match=(reg0[[2]] == 1 && ip6
> && udp), action=(xxreg1 = ip6.dst; reg2[[0..15]] = udp.dst; ct_lb_mark;)
> > - (ls_in_lb ), priority=120 , match=(ct.new && ip4.dst ==
> 10.0.0.10 && tcp.dst == 80), action=(reg0[[1]] = 0; reg1 = 10.0.0.10;
> reg2[[0..15]] = 80; ct_lb_mark(backends=10.0.0.3:80,20.0.0.3:80;
> hash_fields="ip_dst,ip_src,tcp_dst,tcp_src");)
> > + (ls_in_lb ), priority=120 , match=(ct.new && ip4.dst ==
> 10.0.0.10 && tcp && tcp.dst == 80), action=(reg0[[1]] = 0; reg1 =
> 10.0.0.10; reg2[[0..15]] = 80; ct_lb_mark(backends=10.0.0.3:80,20.0.0.3:80;
> hash_fields="ip_dst,ip_src,tcp_dst,tcp_src");)
> > ])
> >
> > AT_CAPTURE_FILE([sbflows2])
> > @@ -23646,9 +23646,9 @@ grep "405400000003${svc_mon_src_mac}" | wc -l`]
> > AT_CAPTURE_FILE([sbflows3])
> > ovn-sbctl dump-flows sw0 > sbflows3
> > AT_CHECK(
> > - [grep "ip4.dst == 10.0.0.10 && tcp.dst == 80" sbflows3 | grep
> priority=120 |\
> > + [grep "ip4.dst == 10.0.0.10 && tcp && tcp.dst == 80" sbflows3 | grep
> priority=120 |\
> > sed 's/table=../table=??/'], [0],
> > - [ table=??(ls_in_lb ), priority=120 , match=(ct.new &&
> ip4.dst == 10.0.0.10 && tcp.dst == 80), action=(drop;)
> > + [ table=??(ls_in_lb ), priority=120 , match=(ct.new &&
> ip4.dst == 10.0.0.10 && tcp && tcp.dst == 80), action=(drop;)
> > ])
> >
> > AT_CAPTURE_FILE([sbflows4])
> > diff --git a/utilities/ovn-nbctl.8.xml b/utilities/ovn-nbctl.8.xml
> > index 040d05227..a127c5b34 100644
> > --- a/utilities/ovn-nbctl.8.xml
> > +++ b/utilities/ovn-nbctl.8.xml
> > @@ -1276,9 +1276,8 @@
> > The optional argument <var>protocol</var> must be either
> > <code>tcp</code>, <code>udp</code> or <code>sctp</code>. This
> argument
> > is useful when a port number is provided as part of the
> <var>vip</var>.
> > - If the <var>protocol</var> is unspecified and a port number is
> provided
> > - as part of the <var>vip</var>, OVN assumes the
> <var>protocol</var> to
> > - be <code>tcp</code>.
> > + If the <var>protocol</var> is unspecified OVN assumes the
> > + <var>protocol</var> to be <code>tcp</code>.
> > </p>
> >
> > <p>
> > --
> > 2.37.2
> >
> > _______________________________________________
> > dev mailing list
> > [email protected]
> > https://mail.openvswitch.org/mailman/listinfo/ovs-dev
>
--
Ales Musil
Senior Software Engineer - OVN Core
Red Hat EMEA <https://www.redhat.com>
[email protected] IM: amusil
<https://red.ht/sig>
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
