On 1/13/23 12:20, Ales Musil wrote: > On Fri, Jan 13, 2023 at 10:52 AM Dumitru Ceara <[email protected]> wrote: > >> Otherwise it's hard to tell which ones are applied before and which ones >> are applied after load balancing. >> >> Signed-off-by: Dumitru Ceara <[email protected]> >> --- >> tests/ovn-nbctl.at | 9 +++++++++ >> utilities/ovn-nbctl.c | 7 +++++++ >> 2 files changed, 16 insertions(+) >> >> diff --git a/tests/ovn-nbctl.at b/tests/ovn-nbctl.at >> index 8885ac9fcc..2fffe18500 100644 >> --- a/tests/ovn-nbctl.at >> +++ b/tests/ovn-nbctl.at >> @@ -223,6 +223,9 @@ ovn_nbctl_test_acl() { >> AT_CHECK([ovn-nbctl $2 acl-add $1 to-lport 100 ip drop]) >> AT_CHECK([ovn-nbctl $2 --label=1234 acl-add $1 from-lport 70 icmp >> allow-related]) >> AT_CHECK([ovn-nbctl $2 --label=1235 acl-add $1 to-lport 70 icmp >> allow-related]) >> + AT_CHECK([ovn-nbctl $2 --apply-after-lb acl-add $1 from-lport 500 tcp >> allow]) >> + AT_CHECK([ovn-nbctl $2 --apply-after-lb acl-add $1 from-lport 300 tcp >> drop]) >> + AT_CHECK([ovn-nbctl $2 --apply-after-lb acl-add $1 from-lport 300 udp >> allow]) >> >> dnl Add duplicated ACL >> AT_CHECK([ovn-nbctl $2 acl-add $1 to-lport 100 ip drop], [1], [], >> [stderr]) >> @@ -247,6 +250,9 @@ from-lport 600 (udp) drop log() >> from-lport 400 (tcp) drop >> from-lport 200 (ip) drop >> from-lport 70 (icmp) allow-related label=1234 >> +from-lport 500 (tcp) allow [[after-lb]] >> +from-lport 300 (tcp) drop [[after-lb]] >> +from-lport 300 (udp) allow [[after-lb]] >> to-lport 500 (udp) drop log(name=test,severity=info) >> to-lport 300 (tcp) drop >> to-lport 100 (ip) drop >> @@ -260,6 +266,9 @@ from-lport 600 (udp) drop log() >> from-lport 400 (tcp) drop >> from-lport 200 (ip) drop >> from-lport 70 (icmp) allow-related label=1234 >> +from-lport 500 (tcp) allow [[after-lb]] >> +from-lport 300 (tcp) drop [[after-lb]] >> +from-lport 300 (udp) allow [[after-lb]] >> ]) >> >> dnl Delete all ACLs. >> diff --git a/utilities/ovn-nbctl.c b/utilities/ovn-nbctl.c >> index 9d4fb8c757..ae4d6c4036 100644 >> --- a/utilities/ovn-nbctl.c >> +++ b/utilities/ovn-nbctl.c >> @@ -2091,9 +2091,13 @@ acl_cmp(const void *acl1_, const void *acl2_) >> >> int dir1 = dir_encode(acl1->direction); >> int dir2 = dir_encode(acl2->direction); >> + bool after_lb1 = smap_get_bool(&acl1->options, "apply-after-lb", >> false); >> + bool after_lb2 = smap_get_bool(&acl2->options, "apply-after-lb", >> false); >> >> if (dir1 != dir2) { >> return dir1 < dir2 ? -1 : 1; >> + } else if (after_lb1 != after_lb2) { >> + return after_lb2 ? -1 : 1; >> } else if (acl1->priority != acl2->priority) { >> return acl1->priority > acl2->priority ? -1 : 1; >> } else { >> @@ -2192,6 +2196,9 @@ nbctl_acl_list(struct ctl_context *ctx) >> if (acl->label) { >> ds_put_format(&ctx->output, " label=%"PRId64, acl->label); >> } >> + if (smap_get_bool(&acl->options, "apply-after-lb", false)) { >> + ds_put_cstr(&ctx->output, " [after-lb]"); >> + } >> ds_put_cstr(&ctx->output, "\n"); >> } >> >> -- >> 2.31.1 >> >> _______________________________________________ >> dev mailing list >> [email protected] >> https://mail.openvswitch.org/mailman/listinfo/ovs-dev >> >> > Looks good to me, thanks. > > Acked-by: Ales Musil <[email protected]> >
I applied this to the main branch, thanks for the review! _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
