Fix missing enclose for LB lflows when both
"ct-no-masked-label" and "ovn-ct-lb-related"
features are set false and the LB is configured
with either "skip_snat" or "force_snat".
Add missing test case for those.
Fixes: cd600de6 ("northd: Add flag for CT related.")
Signed-off-by: Ales Musil <[email protected]>
---
This patch should be backported all the way down to 21.12.
---
northd/northd.c | 8 ++++----
tests/ovn-northd.at | 32 ++++++++++++++++++++++++++++++++
2 files changed, 36 insertions(+), 4 deletions(-)
diff --git a/northd/northd.c b/northd/northd.c
index b3aa3a26b..b8126e05f 100644
--- a/northd/northd.c
+++ b/northd/northd.c
@@ -10535,9 +10535,9 @@ build_lrouter_nat_flows_for_lb(struct ovn_lb_vip
*lb_vip,
if (lb->skip_snat) {
const char *skip_snat = features->ct_lb_related && !drop
- ? "; skip_snat);"
+ ? "; skip_snat"
: "";
- skip_snat_new_action = xasprintf("flags.skip_snat_for_lb = 1; %s%s",
+ skip_snat_new_action = xasprintf("flags.skip_snat_for_lb = 1; %s%s);",
ds_cstr(action), skip_snat);
skip_snat_est_action = xasprintf("flags.skip_snat_for_lb = 1; "
"next;");
@@ -10672,9 +10672,9 @@ build_lrouter_nat_flows_for_lb(struct ovn_lb_vip
*lb_vip,
skip_snat_est_action, lflows, prio, meter_groups);
const char *force_snat = features->ct_lb_related && !drop
- ? "; force_snat);"
+ ? "; force_snat"
: "";
- char *new_actions = xasprintf("flags.force_snat_for_lb = 1; %s%s",
+ char *new_actions = xasprintf("flags.force_snat_for_lb = 1; %s%s);",
ds_cstr(action), force_snat);
build_gw_lrouter_nat_flows_for_lb(lb, gw_router_force_snat,
n_gw_router_force_snat, reject, new_match,
diff --git a/tests/ovn-northd.at b/tests/ovn-northd.at
index ab06d0406..52f4757b4 100644
--- a/tests/ovn-northd.at
+++ b/tests/ovn-northd.at
@@ -7840,6 +7840,22 @@ AT_CHECK([ovn-sbctl lflow-list | grep -e natted -e
ct_lb], [0], [dnl
table=2 (ls_out_pre_stateful), priority=110 , match=(reg0[[2]] == 1),
action=(ct_lb;)
])
+check ovn-nbctl --wait=sb set logical_router lr
options:lb_force_snat_ip="42.42.42.1"
+AT_CHECK([ovn-sbctl lflow-list | grep lr_in_dnat], [0], [dnl
+ table=7 (lr_in_dnat ), priority=110 , match=(ct.est && !ct.rel &&
ip4 && reg0 == 66.66.66.66 && ct_label.natted == 1),
action=(flags.force_snat_for_lb = 1; next;)
+ table=7 (lr_in_dnat ), priority=110 , match=(ct.new && !ct.rel &&
ip4 && reg0 == 66.66.66.66), action=(flags.force_snat_for_lb = 1;
ct_lb(backends=42.42.42.2);)
+ table=7 (lr_in_dnat ), priority=0 , match=(1), action=(next;)
+])
+check ovn-nbctl remove logical_router lr options lb_force_snat_ip
+
+check ovn-nbctl --wait=sb set load_balancer lb-test options:skip_snat="true"
+AT_CHECK([ovn-sbctl lflow-list | grep lr_in_dnat], [0], [dnl
+ table=7 (lr_in_dnat ), priority=110 , match=(ct.est && !ct.rel &&
ip4 && reg0 == 66.66.66.66 && ct_label.natted == 1),
action=(flags.skip_snat_for_lb = 1; next;)
+ table=7 (lr_in_dnat ), priority=110 , match=(ct.new && !ct.rel &&
ip4 && reg0 == 66.66.66.66), action=(flags.skip_snat_for_lb = 1;
ct_lb(backends=42.42.42.2);)
+ table=7 (lr_in_dnat ), priority=0 , match=(1), action=(next;)
+])
+check ovn-nbctl remove load_balancer lb-test options skip_snat
+
AS_BOX([Chassis upgrades and supports ct_lb_mark - use ct_lb_mark and
ct_mark.natted])
check ovn-sbctl set chassis hv other_config:ct-no-masked-label=true
check ovn-nbctl --wait=sb sync
@@ -8502,6 +8518,22 @@ AT_CHECK([grep -e "lr_in_defrag" -e "lr_in_dnat"
lflows1], [0], [dnl
table=? (lr_in_dnat ), priority=110 , match=(ct.new && !ct.rel &&
ip4 && reg0 == 192.168.0.1), action=(ct_lb(backends=192.168.1.10);)
])
+check ovn-nbctl --wait=sb set logical_router lr
options:lb_force_snat_ip="192.168.1.1"
+AT_CHECK([ovn-sbctl lflow-list | grep lr_in_dnat], [0], [dnl
+ table=7 (lr_in_dnat ), priority=110 , match=(ct.est && !ct.rel &&
ip4 && reg0 == 192.168.0.1 && ct_label.natted == 1),
action=(flags.force_snat_for_lb = 1; next;)
+ table=7 (lr_in_dnat ), priority=110 , match=(ct.new && !ct.rel &&
ip4 && reg0 == 192.168.0.1), action=(flags.force_snat_for_lb = 1;
ct_lb(backends=192.168.1.10);)
+ table=7 (lr_in_dnat ), priority=0 , match=(1), action=(next;)
+])
+check ovn-nbctl remove logical_router lr options lb_force_snat_ip
+
+check ovn-nbctl --wait=sb set load_balancer lb-test options:skip_snat="true"
+AT_CHECK([ovn-sbctl lflow-list | grep lr_in_dnat], [0], [dnl
+ table=7 (lr_in_dnat ), priority=110 , match=(ct.est && !ct.rel &&
ip4 && reg0 == 192.168.0.1 && ct_label.natted == 1),
action=(flags.skip_snat_for_lb = 1; next;)
+ table=7 (lr_in_dnat ), priority=110 , match=(ct.new && !ct.rel &&
ip4 && reg0 == 192.168.0.1), action=(flags.skip_snat_for_lb = 1;
ct_lb(backends=192.168.1.10);)
+ table=7 (lr_in_dnat ), priority=0 , match=(1), action=(next;)
+])
+check ovn-nbctl remove load_balancer lb-test options skip_snat
+
AT_CHECK([grep -e "ls_in_acl" -e "ls_out_acl" lflows1 | grep
"priority=65532"], [0], [dnl
table=? (ls_in_acl ), priority=65532, match=(!ct.est && ct.rel &&
!ct.new && !ct.inv && ct_label.blocked == 0), action=(reg0[[17]] = 1; next;)
table=? (ls_in_acl ), priority=65532, match=(ct.est && !ct.rel &&
!ct.new && !ct.inv && ct.rpl && ct_label.blocked == 0), action=(reg0[[9]] = 0;
reg0[[10]] = 0; reg0[[17]] = 1; next;)
--
2.39.2
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
