| Message ID | 20230113095213.793913-1-dceara@redhat.com |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [ovs-dev] nbctl: Display "apply-after-lb" information when listing ACLs. | expand |
| Context | Check | Description |
|---|---|---|
| ovsrobot/apply-robot | success | apply and check: success |
| ovsrobot/github-robot-_Build_and_Test | fail | github build: failed |
| ovsrobot/github-robot-_ovn-kubernetes | fail | github build: failed |
On Fri, Jan 13, 2023 at 10:52 AM Dumitru Ceara <dceara@redhat.com> wrote: > Otherwise it's hard to tell which ones are applied before and which ones > are applied after load balancing. > > Signed-off-by: Dumitru Ceara <dceara@redhat.com> > --- > tests/ovn-nbctl.at | 9 +++++++++ > utilities/ovn-nbctl.c | 7 +++++++ > 2 files changed, 16 insertions(+) > > diff --git a/tests/ovn-nbctl.at b/tests/ovn-nbctl.at > index 8885ac9fcc..2fffe18500 100644 > --- a/tests/ovn-nbctl.at > +++ b/tests/ovn-nbctl.at > @@ -223,6 +223,9 @@ ovn_nbctl_test_acl() { > AT_CHECK([ovn-nbctl $2 acl-add $1 to-lport 100 ip drop]) > AT_CHECK([ovn-nbctl $2 --label=1234 acl-add $1 from-lport 70 icmp > allow-related]) > AT_CHECK([ovn-nbctl $2 --label=1235 acl-add $1 to-lport 70 icmp > allow-related]) > + AT_CHECK([ovn-nbctl $2 --apply-after-lb acl-add $1 from-lport 500 tcp > allow]) > + AT_CHECK([ovn-nbctl $2 --apply-after-lb acl-add $1 from-lport 300 tcp > drop]) > + AT_CHECK([ovn-nbctl $2 --apply-after-lb acl-add $1 from-lport 300 udp > allow]) > > dnl Add duplicated ACL > AT_CHECK([ovn-nbctl $2 acl-add $1 to-lport 100 ip drop], [1], [], > [stderr]) > @@ -247,6 +250,9 @@ from-lport 600 (udp) drop log() > from-lport 400 (tcp) drop > from-lport 200 (ip) drop > from-lport 70 (icmp) allow-related label=1234 > +from-lport 500 (tcp) allow [[after-lb]] > +from-lport 300 (tcp) drop [[after-lb]] > +from-lport 300 (udp) allow [[after-lb]] > to-lport 500 (udp) drop log(name=test,severity=info) > to-lport 300 (tcp) drop > to-lport 100 (ip) drop > @@ -260,6 +266,9 @@ from-lport 600 (udp) drop log() > from-lport 400 (tcp) drop > from-lport 200 (ip) drop > from-lport 70 (icmp) allow-related label=1234 > +from-lport 500 (tcp) allow [[after-lb]] > +from-lport 300 (tcp) drop [[after-lb]] > +from-lport 300 (udp) allow [[after-lb]] > ]) > > dnl Delete all ACLs. > diff --git a/utilities/ovn-nbctl.c b/utilities/ovn-nbctl.c > index 9d4fb8c757..ae4d6c4036 100644 > --- a/utilities/ovn-nbctl.c > +++ b/utilities/ovn-nbctl.c > @@ -2091,9 +2091,13 @@ acl_cmp(const void *acl1_, const void *acl2_) > > int dir1 = dir_encode(acl1->direction); > int dir2 = dir_encode(acl2->direction); > + bool after_lb1 = smap_get_bool(&acl1->options, "apply-after-lb", > false); > + bool after_lb2 = smap_get_bool(&acl2->options, "apply-after-lb", > false); > > if (dir1 != dir2) { > return dir1 < dir2 ? -1 : 1; > + } else if (after_lb1 != after_lb2) { > + return after_lb2 ? -1 : 1; > } else if (acl1->priority != acl2->priority) { > return acl1->priority > acl2->priority ? -1 : 1; > } else { > @@ -2192,6 +2196,9 @@ nbctl_acl_list(struct ctl_context *ctx) > if (acl->label) { > ds_put_format(&ctx->output, " label=%"PRId64, acl->label); > } > + if (smap_get_bool(&acl->options, "apply-after-lb", false)) { > + ds_put_cstr(&ctx->output, " [after-lb]"); > + } > ds_put_cstr(&ctx->output, "\n"); > } > > -- > 2.31.1 > > _______________________________________________ > dev mailing list > dev@openvswitch.org > https://mail.openvswitch.org/mailman/listinfo/ovs-dev > > Looks good to me, thanks. Acked-by: Ales Musil <amusil@redhat.com>
On 1/13/23 12:20, Ales Musil wrote: > On Fri, Jan 13, 2023 at 10:52 AM Dumitru Ceara <dceara@redhat.com> wrote: > >> Otherwise it's hard to tell which ones are applied before and which ones >> are applied after load balancing. >> >> Signed-off-by: Dumitru Ceara <dceara@redhat.com> >> --- >> tests/ovn-nbctl.at | 9 +++++++++ >> utilities/ovn-nbctl.c | 7 +++++++ >> 2 files changed, 16 insertions(+) >> >> diff --git a/tests/ovn-nbctl.at b/tests/ovn-nbctl.at >> index 8885ac9fcc..2fffe18500 100644 >> --- a/tests/ovn-nbctl.at >> +++ b/tests/ovn-nbctl.at >> @@ -223,6 +223,9 @@ ovn_nbctl_test_acl() { >> AT_CHECK([ovn-nbctl $2 acl-add $1 to-lport 100 ip drop]) >> AT_CHECK([ovn-nbctl $2 --label=1234 acl-add $1 from-lport 70 icmp >> allow-related]) >> AT_CHECK([ovn-nbctl $2 --label=1235 acl-add $1 to-lport 70 icmp >> allow-related]) >> + AT_CHECK([ovn-nbctl $2 --apply-after-lb acl-add $1 from-lport 500 tcp >> allow]) >> + AT_CHECK([ovn-nbctl $2 --apply-after-lb acl-add $1 from-lport 300 tcp >> drop]) >> + AT_CHECK([ovn-nbctl $2 --apply-after-lb acl-add $1 from-lport 300 udp >> allow]) >> >> dnl Add duplicated ACL >> AT_CHECK([ovn-nbctl $2 acl-add $1 to-lport 100 ip drop], [1], [], >> [stderr]) >> @@ -247,6 +250,9 @@ from-lport 600 (udp) drop log() >> from-lport 400 (tcp) drop >> from-lport 200 (ip) drop >> from-lport 70 (icmp) allow-related label=1234 >> +from-lport 500 (tcp) allow [[after-lb]] >> +from-lport 300 (tcp) drop [[after-lb]] >> +from-lport 300 (udp) allow [[after-lb]] >> to-lport 500 (udp) drop log(name=test,severity=info) >> to-lport 300 (tcp) drop >> to-lport 100 (ip) drop >> @@ -260,6 +266,9 @@ from-lport 600 (udp) drop log() >> from-lport 400 (tcp) drop >> from-lport 200 (ip) drop >> from-lport 70 (icmp) allow-related label=1234 >> +from-lport 500 (tcp) allow [[after-lb]] >> +from-lport 300 (tcp) drop [[after-lb]] >> +from-lport 300 (udp) allow [[after-lb]] >> ]) >> >> dnl Delete all ACLs. >> diff --git a/utilities/ovn-nbctl.c b/utilities/ovn-nbctl.c >> index 9d4fb8c757..ae4d6c4036 100644 >> --- a/utilities/ovn-nbctl.c >> +++ b/utilities/ovn-nbctl.c >> @@ -2091,9 +2091,13 @@ acl_cmp(const void *acl1_, const void *acl2_) >> >> int dir1 = dir_encode(acl1->direction); >> int dir2 = dir_encode(acl2->direction); >> + bool after_lb1 = smap_get_bool(&acl1->options, "apply-after-lb", >> false); >> + bool after_lb2 = smap_get_bool(&acl2->options, "apply-after-lb", >> false); >> >> if (dir1 != dir2) { >> return dir1 < dir2 ? -1 : 1; >> + } else if (after_lb1 != after_lb2) { >> + return after_lb2 ? -1 : 1; >> } else if (acl1->priority != acl2->priority) { >> return acl1->priority > acl2->priority ? -1 : 1; >> } else { >> @@ -2192,6 +2196,9 @@ nbctl_acl_list(struct ctl_context *ctx) >> if (acl->label) { >> ds_put_format(&ctx->output, " label=%"PRId64, acl->label); >> } >> + if (smap_get_bool(&acl->options, "apply-after-lb", false)) { >> + ds_put_cstr(&ctx->output, " [after-lb]"); >> + } >> ds_put_cstr(&ctx->output, "\n"); >> } >> >> -- >> 2.31.1 >> >> _______________________________________________ >> dev mailing list >> dev@openvswitch.org >> https://mail.openvswitch.org/mailman/listinfo/ovs-dev >> >> > Looks good to me, thanks. > > Acked-by: Ales Musil <amusil@redhat.com> > I applied this to the main branch, thanks for the review!
diff --git a/tests/ovn-nbctl.at b/tests/ovn-nbctl.at index 8885ac9fcc..2fffe18500 100644 --- a/tests/ovn-nbctl.at +++ b/tests/ovn-nbctl.at @@ -223,6 +223,9 @@ ovn_nbctl_test_acl() { AT_CHECK([ovn-nbctl $2 acl-add $1 to-lport 100 ip drop]) AT_CHECK([ovn-nbctl $2 --label=1234 acl-add $1 from-lport 70 icmp allow-related]) AT_CHECK([ovn-nbctl $2 --label=1235 acl-add $1 to-lport 70 icmp allow-related]) + AT_CHECK([ovn-nbctl $2 --apply-after-lb acl-add $1 from-lport 500 tcp allow]) + AT_CHECK([ovn-nbctl $2 --apply-after-lb acl-add $1 from-lport 300 tcp drop]) + AT_CHECK([ovn-nbctl $2 --apply-after-lb acl-add $1 from-lport 300 udp allow]) dnl Add duplicated ACL AT_CHECK([ovn-nbctl $2 acl-add $1 to-lport 100 ip drop], [1], [], [stderr]) @@ -247,6 +250,9 @@ from-lport 600 (udp) drop log() from-lport 400 (tcp) drop from-lport 200 (ip) drop from-lport 70 (icmp) allow-related label=1234 +from-lport 500 (tcp) allow [[after-lb]] +from-lport 300 (tcp) drop [[after-lb]] +from-lport 300 (udp) allow [[after-lb]] to-lport 500 (udp) drop log(name=test,severity=info) to-lport 300 (tcp) drop to-lport 100 (ip) drop @@ -260,6 +266,9 @@ from-lport 600 (udp) drop log() from-lport 400 (tcp) drop from-lport 200 (ip) drop from-lport 70 (icmp) allow-related label=1234 +from-lport 500 (tcp) allow [[after-lb]] +from-lport 300 (tcp) drop [[after-lb]] +from-lport 300 (udp) allow [[after-lb]] ]) dnl Delete all ACLs. diff --git a/utilities/ovn-nbctl.c b/utilities/ovn-nbctl.c index 9d4fb8c757..ae4d6c4036 100644 --- a/utilities/ovn-nbctl.c +++ b/utilities/ovn-nbctl.c @@ -2091,9 +2091,13 @@ acl_cmp(const void *acl1_, const void *acl2_) int dir1 = dir_encode(acl1->direction); int dir2 = dir_encode(acl2->direction); + bool after_lb1 = smap_get_bool(&acl1->options, "apply-after-lb", false); + bool after_lb2 = smap_get_bool(&acl2->options, "apply-after-lb", false); if (dir1 != dir2) { return dir1 < dir2 ? -1 : 1; + } else if (after_lb1 != after_lb2) { + return after_lb2 ? -1 : 1; } else if (acl1->priority != acl2->priority) { return acl1->priority > acl2->priority ? -1 : 1; } else { @@ -2192,6 +2196,9 @@ nbctl_acl_list(struct ctl_context *ctx) if (acl->label) { ds_put_format(&ctx->output, " label=%"PRId64, acl->label); } + if (smap_get_bool(&acl->options, "apply-after-lb", false)) { + ds_put_cstr(&ctx->output, " [after-lb]"); + } ds_put_cstr(&ctx->output, "\n"); }
Otherwise it's hard to tell which ones are applied before and which ones are applied after load balancing. Signed-off-by: Dumitru Ceara <dceara@redhat.com> --- tests/ovn-nbctl.at | 9 +++++++++ utilities/ovn-nbctl.c | 7 +++++++ 2 files changed, 16 insertions(+)