On Mon, Feb 24, 2025 at 11:47 PM Lorenzo Bianconi < lorenzo.bianc...@redhat.com> wrote:
> Fix the following error reported in build_lb_vip_actions() if the CMS > configure a load balancer with no backends: > > 2025-01-21T18:18:26.668Z|04152|lflow|WARN|error parsing actions > "flags.force_snat_for_lb = 1; drop;": Syntax error at `drop' expecting > action. > > The issue can be triggered with the following reproducer in ovn-sandbox: > > $ovn-nbctl create load_balancer name=lb-empty vips:\"172.168.10.30\"=\"\" > protocol=tcp options:skip_snat=true > $ovn-nbctl lr-lb-add lr0 lb-empty > $grep Syntax ./sandbox/ovn-controller.log > 2025-01-22T17:13:49.709Z|00047|lflow|WARN|error parsing actions > "flags.skip_snat_for_lb = 1; drop;": Syntax error at `drop' expecting > action. > > Reported-at: https://issues.redhat.com/browse/FDP-1095 > Signed-off-by: Lorenzo Bianconi <lorenzo.bianc...@redhat.com> > --- > northd/northd.c | 8 ++++++-- > tests/ovn-northd.at | 4 ++-- > 2 files changed, 8 insertions(+), 4 deletions(-) > > diff --git a/northd/northd.c b/northd/northd.c > index a91e48ac2..b0086c337 100644 > --- a/northd/northd.c > +++ b/northd/northd.c > @@ -3792,10 +3792,14 @@ build_lb_vip_actions(const struct ovn_northd_lb > *lb, > const char *enclose = is_lb_action ? ");" : ""; > > if (!ls_dp) { > - ds_put_format(skip_snat_action, "flags.skip_snat_for_lb = 1; > %s%s", > + if (!drop) { > + ds_put_cstr(skip_snat_action, "flags.skip_snat_for_lb = 1; "); > + ds_put_cstr(force_snat_action, "flags.force_snat_for_lb = 1; > "); > + } > + ds_put_format(skip_snat_action, "%s%s", > ds_cstr(action), > is_lb_action ? "; skip_snat);" : enclose); > - ds_put_format(force_snat_action, "flags.force_snat_for_lb = 1; > %s%s", > + ds_put_format(force_snat_action, "%s%s", > ds_cstr(action), > is_lb_action ? "; force_snat);" : enclose); > } > diff --git a/tests/ovn-northd.at b/tests/ovn-northd.at > index c74d57f7e..fd491c5b6 100644 > --- a/tests/ovn-northd.at > +++ b/tests/ovn-northd.at > @@ -6566,7 +6566,7 @@ check ovn-nbctl --wait=sb set load_balancer lb6 > options:skip_snat=true > > AT_CHECK([ovn-sbctl dump-flows lr0 | grep "lr_in_dnat" | > ovn_strip_lflows], [0], [dnl > table=??(lr_in_dnat ), priority=0 , match=(1), action=(next;) > - table=??(lr_in_dnat ), priority=110 , match=(ct.new && !ct.rel > && ip4 && ip4.dst == 172.168.10.30), action=(flags.skip_snat_for_lb = 1; > drop;) > + table=??(lr_in_dnat ), priority=110 , match=(ct.new && !ct.rel > && ip4 && ip4.dst == 172.168.10.30), action=(drop;) > table=??(lr_in_dnat ), priority=50 , match=(ct.est && !ct.rel > && !ct.new && !ct.rpl && ct_mark.natted), action=(next;) > table=??(lr_in_dnat ), priority=50 , match=(ct.rel && !ct.est > && !ct.new && !ct.rpl), action=(ct_commit_nat;) > table=??(lr_in_dnat ), priority=70 , match=(ct.est && !ct.rel > && !ct.new && !ct.rpl && ct_mark.natted && ct_mark.force_snat == 1), > action=(flags.force_snat_for_lb = 1; next;) > @@ -6582,7 +6582,7 @@ check ovn-nbctl --wait=sb set logical_router lr0 > options:lb_force_snat_ip="route > > AT_CHECK([ovn-sbctl dump-flows lr0 | grep "lr_in_dnat" | > ovn_strip_lflows], [0], [dnl > table=??(lr_in_dnat ), priority=0 , match=(1), action=(next;) > - table=??(lr_in_dnat ), priority=110 , match=(ct.new && !ct.rel > && ip4 && ip4.dst == 172.168.10.30), action=(flags.force_snat_for_lb = 1; > drop;) > + table=??(lr_in_dnat ), priority=110 , match=(ct.new && !ct.rel > && ip4 && ip4.dst == 172.168.10.30), action=(drop;) > table=??(lr_in_dnat ), priority=50 , match=(ct.est && !ct.rel > && !ct.new && !ct.rpl && ct_mark.natted), action=(next;) > table=??(lr_in_dnat ), priority=50 , match=(ct.rel && !ct.est > && !ct.new && !ct.rpl), action=(ct_commit_nat;) > table=??(lr_in_dnat ), priority=70 , match=(ct.est && !ct.rel > && !ct.new && !ct.rpl && ct_mark.natted && ct_mark.force_snat == 1), > action=(flags.force_snat_for_lb = 1; next;) > -- > 2.48.1 > > _______________________________________________ > dev mailing list > d...@openvswitch.org > https://mail.openvswitch.org/mailman/listinfo/ovs-dev > > Looks good to me, thanks. Acked-by: Ales Musil <amu...@redhat.com> _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
