Hi Flavio,
Changes look fine to me.
Acked-by: Ankur Sharma
Regards,
Ankur
From: dev on behalf of Flavio Fernandes
Sent: Wednesday, April 22, 2020 3:07 AM
To: d...@openvswitch.org
Subject: [ovs-dev] [PATCH ovn v1] NAT: port range cannot be stateless
Minor change to ovn-nbctl to prevent users from attempting
to use port range and stateless together. That is so
because port range uses conntrack to set the source port.
Signed-off-by: Flavio Fernandes
---
tests/ovn-nbctl.at| 4
utilities/ovn-nbctl.c | 6 ++
2 files changed, 10 insertions(+)
diff --git a/tests/ovn-nbctl.at b/tests/ovn-nbctl.at
index 66fbcc748..637d88fcd 100644
--- a/tests/ovn-nbctl.at
+++ b/tests/ovn-nbctl.at
@@ -652,6 +652,10 @@ AT_CHECK([ovn-nbctl --portrange lr-nat-add lr0
dnat_and_snat 40.0.0.6 192.168.1.
[ovn-nbctl: invalid port range 0-10.
])
+AT_CHECK([ovn-nbctl --stateless --portrange lr-nat-add lr0 dnat_and_snat
40.0.0.5 192.168.1.8 6], [1], [],
+[ovn-nbctl: --stateless and --portrange may not be used together
+])
+
AT_CHECK([ovn-nbctl show lr0 | grep -c 'external port(s): "1-3000"'], [0], [dnl
3
])
diff --git a/utilities/ovn-nbctl.c b/utilities/ovn-nbctl.c
index cb46d3aa5..95eb54bf3 100644
--- a/utilities/ovn-nbctl.c
+++ b/utilities/ovn-nbctl.c
@@ -4167,6 +4167,12 @@ nbctl_lr_nat_add(struct ctl_context *ctx)
ctl_error(ctx, "stateless is not applicable to dnat or snat types");
return;
}
+/* Port range needs conntrack, so it can't be stateless. */
+if (stateless && is_portrange) {
+ctl_error(ctx, "--stateless and --portrange may not be used "
+ "together");
+return;
+}
int is_snat = !strcmp("snat", nat_type);
for (size_t i = 0; i < lr->n_nat; i++) {
--
2.17.1
___
dev mailing list
d...@openvswitch.org
https://urldefense.proofpoint.com/v2/url?u=https-3A__mail.openvswitch.org_mailman_listinfo_ovs-2Ddev=DwICAg=s883GpUCOChKOHiocYtGcg=mZwX9gFQgeJHzTg-68aCJgsODyUEVsHGFOfL90J6MJY=xNkp1l1aS0wzzCO0Cl0IOWE8eoCoKlh0eQyn2TTeoQM=pKYanI7NOuKdC1X_F_QrPy9JKQexeG6q7boRHJWpv8c=
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev