From patchwork Wed Apr 15 22:10:06 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Flaviof X-Patchwork-Id: 1271435 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.137; helo=fraxinus.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=flaviof.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=flaviof.com header.i=@flaviof.com header.a=rsa-sha1 header.s=flaviof.com header.b=GFK9VqDL; dkim-atps=neutral Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 492c9518t7z9sP7 for ; Thu, 16 Apr 2020 08:14:48 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id 027538613E; Wed, 15 Apr 2020 22:14:47 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l1w1av9mkOhb; Wed, 15 Apr 2020 22:14:45 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by fraxinus.osuosl.org (Postfix) with ESMTP id 9DFD5847B3; Wed, 15 Apr 2020 22:14:45 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 83D8EC1AE2; Wed, 15 Apr 2020 22:14:45 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by lists.linuxfoundation.org (Postfix) with ESMTP id B74E0C0172 for ; Wed, 15 Apr 2020 22:14:43 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id B34F684AD2 for ; Wed, 15 Apr 2020 22:14:43 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xSTeByUl6vnN for ; Wed, 15 Apr 2020 22:14:42 +0000 (UTC) X-Greylist: delayed 00:05:49 by SQLgrey-1.7.6 Received: from beige.elm.relay.mailchannels.net (beige.elm.relay.mailchannels.net [23.83.212.16]) by fraxinus.osuosl.org (Postfix) with ESMTPS id D9D50847B3 for ; Wed, 15 Apr 2020 22:14:41 +0000 (UTC) X-Sender-Id: dreamhost|x-authsender|flavio@flaviof.com Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 0D92734130F; Wed, 15 Apr 2020 22:08:52 +0000 (UTC) Received: from pdx1-sub0-mail-a3.g.dreamhost.com (100-96-2-17.trex.outbound.svc.cluster.local [100.96.2.17]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 634B73413B1; Wed, 15 Apr 2020 22:08:51 +0000 (UTC) X-Sender-Id: dreamhost|x-authsender|flavio@flaviof.com Received: from pdx1-sub0-mail-a3.g.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by 0.0.0.0:2500 (trex/5.18.6); Wed, 15 Apr 2020 22:08:52 +0000 X-MC-Relay: Neutral X-MailChannels-SenderId: dreamhost|x-authsender|flavio@flaviof.com X-MailChannels-Auth-Id: dreamhost X-Rock-Cooperative: 2eeb7baa6ab0d924_1586988531844_1580320542 X-MC-Loop-Signature: 1586988531844:101970542 X-MC-Ingress-Time: 1586988531843 Received: from pdx1-sub0-mail-a3.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a3.g.dreamhost.com (Postfix) with ESMTP id 12EE97F765; Wed, 15 Apr 2020 15:08:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=flaviof.com; h=from:to:cc :subject:date:message-id:in-reply-to:references; s=flaviof.com; bh=gWzFeafZqWH7EZCp8Vif/hG6cWM=; b=GFK9VqDLRu3UiyocHa6vwrIVHAU5 eiD+zBFlhMNj6JO+EXaEmF0Gxm0nCHumRFQLZDGvoxzhbD5xQ+H/xUW0NbsOIOLl JaHklsp6KRgrfBX+rR/SXzJKd5K3RMwJ0NqgXA/y8c9szVDvPdIwXTaeD16fyTcA 6jWS0nCD29ufVC4= Received: from flaviof-laptop.bos.redhat.com (nat-pool-bos-t.redhat.com [66.187.233.206]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: flavio@flaviof.com) by pdx1-sub0-mail-a3.g.dreamhost.com (Postfix) with ESMTPSA id 0B8BC7F73F; Wed, 15 Apr 2020 15:08:49 -0700 (PDT) X-DH-BACKEND: pdx1-sub0-mail-a3 From: Flavio Fernandes To: dev@openvswitch.org Date: Wed, 15 Apr 2020 18:10:06 -0400 Message-Id: <20200415221006.22628-2-flavio@flaviof.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200415221006.22628-1-flavio@flaviof.com> References: <20200415221006.22628-1-flavio@flaviof.com> X-VR-OUT-STATUS: OK X-VR-OUT-SCORE: 0 X-VR-OUT-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgeduhedrfeeggddthecutefuodetggdotefrodftvfcurfhrohhfihhlvgemucggtfgfnhhsuhgsshgtrhhisggvpdfftffgtefojffquffvnecuuegrihhlohhuthemuceftddtnecunecujfgurhephffvufffkffojghfsedttdertdertddtnecuhfhrohhmpefhlhgrvhhiohcuhfgvrhhnrghnuggvshcuoehflhgrvhhiohesfhhlrghvihhofhdrtghomheqnecuffhomhgrihhnpehoiihlrggsshdrohhrghenucfkphepieeirddukeejrddvfeefrddvtdeinecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmohguvgepshhmthhppdhhvghlohepfhhlrghvihhofhdqlhgrphhtohhprdgsohhsrdhrvgguhhgrthdrtghomhdpihhnvghtpeeiiedrudekjedrvdeffedrvddtiedprhgvthhurhhnqdhprghthhephfhlrghvihhoucfhvghrnhgrnhguvghsuceofhhlrghvihhosehflhgrvhhiohhfrdgtohhmqedpmhgrihhlfhhrohhmpehflhgrvhhiohesfhhlrghvihhofhdrtghomhdpnhhrtghpthhtohepfhhlrghvihhosehflhgrvhhiohhfrdgtohhm Subject: [ovs-dev] [PATCH ovn v1 1/1] NAT: Enhancements to external port range support X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" This change is a mix of minor fixes to the external port range support recently merged to OVN [1], as well as some enhancements. - Added external port range column to ovn-nbctl lr-nat-list output; - Added external port range to NAT section of "ovn-nbctl show" (if needed); - Minor fix to is_valid_port_range() checker, to catch cases when string with multiple '-' tokens are provided. An example would be "12-34-56"; - Minor fix to actions parser, to ensure that value "0" is not allowed; - Updated tests as needed to account for the changes mentioned above; - Added line in NEWS to mention about this update to the NB schema; - Minor typo in description of external port range; - Instead of using "if (strlen(str))", use "if (str[0])" code convention. [1]: https://patchwork.ozlabs.org/project/openvswitch/list/?series=169084 Signed-off-by: Flavio Fernandes Acked-by: Numan Siddique Acked-by: Ankur Sharma --- NEWS | 1 + lib/actions.c | 5 +- northd/ovn-northd.c | 8 +-- ovn-nb.xml | 2 +- tests/ovn-nbctl.at | 130 ++++++++++++++++++++++++++---------------- tests/ovn.at | 4 +- utilities/ovn-nbctl.c | 27 ++++++--- 7 files changed, 112 insertions(+), 65 deletions(-) diff --git a/NEWS b/NEWS index 623c8810e..765b79f1c 100644 --- a/NEWS +++ b/NEWS @@ -1,5 +1,6 @@ Post-v20.03.0 -------------------------- + - Added support for external_port_range in NAT table. OVN v20.03.0 - xx xxx xxxx diff --git a/lib/actions.c b/lib/actions.c index b3bf98106..c19813de0 100644 --- a/lib/actions.c +++ b/lib/actions.c @@ -779,6 +779,9 @@ parse_ct_nat(struct action_context *ctx, const char *name, } cn->port_range.port_lo = ntohll(ctx->lexer->token.value.integer); + if (cn->port_range.port_lo == 0) { + lexer_syntax_error(ctx->lexer, "range can't be 0"); + } lexer_get(ctx->lexer); if (lexer_match(ctx->lexer, LEX_T_HYPHEN)) { @@ -792,7 +795,7 @@ parse_ct_nat(struct action_context *ctx, const char *name, if (cn->port_range.port_hi <= cn->port_range.port_lo) { lexer_syntax_error(ctx->lexer, "range high should be " - "greater than range lo"); + "greater than range low"); } lexer_get(ctx->lexer); } else { diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index 198028c50..25fca20e1 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -8917,7 +8917,7 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, ds_put_format(&actions, "flags.loopback = 1; " "ct_dnat(%s", nat->logical_ip); - if (strlen(nat->external_port_range)) { + if (nat->external_port_range[0]) { ds_put_format(&actions, ",%s", nat->external_port_range); } @@ -8950,7 +8950,7 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, is_v6 ? "6" : "4", nat->logical_ip); } else { ds_put_format(&actions, "ct_dnat(%s", nat->logical_ip); - if (strlen(nat->external_port_range)) { + if (nat->external_port_range[0]) { ds_put_format(&actions, ",%s", nat->external_port_range); } @@ -9061,7 +9061,7 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, ds_put_format(&actions, "ct_snat(%s", nat->external_ip); - if (strlen(nat->external_port_range)) { + if (nat->external_port_range[0]) { ds_put_format(&actions, ",%s", nat->external_port_range); } @@ -9104,7 +9104,7 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports, } else { ds_put_format(&actions, "ct_snat(%s", nat->external_ip); - if (strlen(nat->external_port_range)) { + if (nat->external_port_range[0]) { ds_put_format(&actions, ",%s", nat->external_port_range); } diff --git a/ovn-nb.xml b/ovn-nb.xml index 4dfdffdd7..163dd12ee 100644 --- a/ovn-nb.xml +++ b/ovn-nb.xml @@ -2579,7 +2579,7 @@

- Range of port, from which a port number will be picked that will + Range of ports, from which a port number will be picked that will replace the source port of to be NATed packet. This is basically PAT (port address translation).

diff --git a/tests/ovn-nbctl.at b/tests/ovn-nbctl.at index 0f98c70d0..66fbcc748 100644 --- a/tests/ovn-nbctl.at +++ b/tests/ovn-nbctl.at @@ -473,15 +473,15 @@ AT_CHECK([ovn-nbctl lr-nat-add lr0 dnat_and_snat fd01::1 fd11::2]) AT_CHECK([ovn-nbctl lr-nat-add lr0 dnat_and_snat 30.0.0.2 192.168.1.3 lp0 00:00:00:01:02:03]) AT_CHECK([ovn-nbctl lr-nat-add lr0 dnat_and_snat fd01::2 fd11::3 lp0 00:00:00:01:02:03]) AT_CHECK([ovn-nbctl lr-nat-list lr0], [0], [dnl -TYPE EXTERNAL_IP LOGICAL_IP EXTERNAL_MAC LOGICAL_PORT -dnat 30.0.0.1 192.168.1.2 -dnat fd01::1 fd11::2 -dnat_and_snat 30.0.0.1 192.168.1.2 -dnat_and_snat 30.0.0.2 192.168.1.3 00:00:00:01:02:03 lp0 -dnat_and_snat fd01::1 fd11::2 -dnat_and_snat fd01::2 fd11::3 00:00:00:01:02:03 lp0 -snat 30.0.0.1 192.168.1.0/24 -snat fd01::1 fd11::/64 +TYPE EXTERNAL_IP EXTERNAL_PORT LOGICAL_IP EXTERNAL_MAC LOGICAL_PORT +dnat 30.0.0.1 192.168.1.2 +dnat fd01::1 fd11::2 +dnat_and_snat 30.0.0.1 192.168.1.2 +dnat_and_snat 30.0.0.2 192.168.1.3 00:00:00:01:02:03 lp0 +dnat_and_snat fd01::1 fd11::2 +dnat_and_snat fd01::2 fd11::3 00:00:00:01:02:03 lp0 +snat 30.0.0.1 192.168.1.0/24 +snat fd01::1 fd11::/64 ]) AT_CHECK([ovn-nbctl lr-nat-add lr0 snat 30.0.0.1 192.168.1.0/24], [1], [], [ovn-nbctl: 30.0.0.1, 192.168.1.0/24: a NAT with this external_ip and logical_ip already exists @@ -509,28 +509,28 @@ AT_CHECK([ovn-nbctl lr-nat-add lr0 dnat_and_snat 30.0.0.1 192.168.1.3], [1], [], ]) AT_CHECK([ovn-nbctl --may-exist lr-nat-add lr0 dnat_and_snat 30.0.0.2 192.168.1.3 lp0 00:00:00:04:05:06]) AT_CHECK([ovn-nbctl lr-nat-list lr0], [0], [dnl -TYPE EXTERNAL_IP LOGICAL_IP EXTERNAL_MAC LOGICAL_PORT -dnat 30.0.0.1 192.168.1.2 -dnat fd01::1 fd11::2 -dnat_and_snat 30.0.0.1 192.168.1.2 -dnat_and_snat 30.0.0.2 192.168.1.3 00:00:00:04:05:06 lp0 -dnat_and_snat fd01::1 fd11::2 -dnat_and_snat fd01::2 fd11::3 00:00:00:01:02:03 lp0 -snat 30.0.0.1 192.168.1.0/24 -snat fd01::1 fd11::/64 +TYPE EXTERNAL_IP EXTERNAL_PORT LOGICAL_IP EXTERNAL_MAC LOGICAL_PORT +dnat 30.0.0.1 192.168.1.2 +dnat fd01::1 fd11::2 +dnat_and_snat 30.0.0.1 192.168.1.2 +dnat_and_snat 30.0.0.2 192.168.1.3 00:00:00:04:05:06 lp0 +dnat_and_snat fd01::1 fd11::2 +dnat_and_snat fd01::2 fd11::3 00:00:00:01:02:03 lp0 +snat 30.0.0.1 192.168.1.0/24 +snat fd01::1 fd11::/64 ]) AT_CHECK([ovn-nbctl --may-exist lr-nat-add lr0 dnat_and_snat 30.0.0.2 192.168.1.3]) AT_CHECK([ovn-nbctl --may-exist lr-nat-add lr0 dnat_and_snat fd01::2 fd11::3]) AT_CHECK([ovn-nbctl lr-nat-list lr0], [0], [dnl -TYPE EXTERNAL_IP LOGICAL_IP EXTERNAL_MAC LOGICAL_PORT -dnat 30.0.0.1 192.168.1.2 -dnat fd01::1 fd11::2 -dnat_and_snat 30.0.0.1 192.168.1.2 -dnat_and_snat 30.0.0.2 192.168.1.3 -dnat_and_snat fd01::1 fd11::2 -dnat_and_snat fd01::2 fd11::3 -snat 30.0.0.1 192.168.1.0/24 -snat fd01::1 fd11::/64 +TYPE EXTERNAL_IP EXTERNAL_PORT LOGICAL_IP EXTERNAL_MAC LOGICAL_PORT +dnat 30.0.0.1 192.168.1.2 +dnat fd01::1 fd11::2 +dnat_and_snat 30.0.0.1 192.168.1.2 +dnat_and_snat 30.0.0.2 192.168.1.3 +dnat_and_snat fd01::1 fd11::2 +dnat_and_snat fd01::2 fd11::3 +snat 30.0.0.1 192.168.1.0/24 +snat fd01::1 fd11::/64 ]) AT_CHECK([ovn-nbctl --bare --columns=options list nat | grep stateless=true| wc -l], [0], @@ -581,30 +581,30 @@ AT_CHECK([ovn-nbctl --if-exists lr-nat-del lr0 snat 192.168.10.0/24]) AT_CHECK([ovn-nbctl lr-nat-del lr0 dnat_and_snat 30.0.0.1]) AT_CHECK([ovn-nbctl lr-nat-del lr0 dnat_and_snat fd01::1]) AT_CHECK([ovn-nbctl lr-nat-list lr0], [0], [dnl -TYPE EXTERNAL_IP LOGICAL_IP EXTERNAL_MAC LOGICAL_PORT -dnat 30.0.0.1 192.168.1.2 -dnat fd01::1 fd11::2 -dnat_and_snat 30.0.0.2 192.168.1.3 -dnat_and_snat 40.0.0.2 192.168.1.4 -dnat_and_snat fd01::2 fd11::3 -snat 30.0.0.1 192.168.1.0/24 -snat 40.0.0.3 192.168.1.6 -snat fd01::1 fd11::/64 +TYPE EXTERNAL_IP EXTERNAL_PORT LOGICAL_IP EXTERNAL_MAC LOGICAL_PORT +dnat 30.0.0.1 192.168.1.2 +dnat fd01::1 fd11::2 +dnat_and_snat 30.0.0.2 192.168.1.3 +dnat_and_snat 40.0.0.2 192.168.1.4 +dnat_and_snat fd01::2 fd11::3 +snat 30.0.0.1 192.168.1.0/24 +snat 40.0.0.3 192.168.1.6 +snat fd01::1 fd11::/64 ]) AT_CHECK([ovn-nbctl lr-nat-del lr0 dnat]) AT_CHECK([ovn-nbctl lr-nat-list lr0], [0], [dnl -TYPE EXTERNAL_IP LOGICAL_IP EXTERNAL_MAC LOGICAL_PORT -dnat_and_snat 30.0.0.2 192.168.1.3 -dnat_and_snat 40.0.0.2 192.168.1.4 -dnat_and_snat fd01::2 fd11::3 -snat 30.0.0.1 192.168.1.0/24 -snat 40.0.0.3 192.168.1.6 -snat fd01::1 fd11::/64 +TYPE EXTERNAL_IP EXTERNAL_PORT LOGICAL_IP EXTERNAL_MAC LOGICAL_PORT +dnat_and_snat 30.0.0.2 192.168.1.3 +dnat_and_snat 40.0.0.2 192.168.1.4 +dnat_and_snat fd01::2 fd11::3 +snat 30.0.0.1 192.168.1.0/24 +snat 40.0.0.3 192.168.1.6 +snat fd01::1 fd11::/64 ]) AT_CHECK([ovn-nbctl lr-nat-del lr0]) -AT_CHECK([ovn-nbctl --portrange lr-nat-add lr0 snat 40.0.0.3 192.168.1.6 1-3000]) +AT_CHECK([ovn-nbctl --portrange lr-nat-add lr0 snat 40.0.0.3 192.168.1.6 21-65535]) AT_CHECK([ovn-nbctl --portrange lr-nat-add lr0 dnat 40.0.0.4 192.168.1.7 1-3000]) AT_CHECK([ovn-nbctl --portrange lr-nat-add lr0 dnat 40.0.0.5 192.168.1.10 1]) AT_CHECK([ovn-nbctl --portrange lr-nat-add lr0 dnat_and_snat 40.0.0.5 192.168.1.8 1-3000]) @@ -616,6 +616,10 @@ AT_CHECK([ovn-nbctl --portrange lr-nat-add lr0 dnat_and_snat 40.0.0.6 192.168.1. [ovn-nbctl: lr-nat-add with logical_port must also specify external_mac. ]) +AT_CHECK([ovn-nbctl --portrange lr-nat-add lr0 dnat_and_snat 40.0.0.7 192.168.1.10 0], [1], [], +[ovn-nbctl: invalid port range 0. +]) + AT_CHECK([ovn-nbctl --portrange lr-nat-add lr0 dnat_and_snat 40.0.0.7 192.168.1.10 1-], [1], [], [ovn-nbctl: invalid port range 1-. ]) @@ -624,6 +628,14 @@ AT_CHECK([ovn-nbctl --portrange lr-nat-add lr0 dnat_and_snat 40.0.0.6 192.168.1. [ovn-nbctl: invalid port range -300. ]) +AT_CHECK([ovn-nbctl --portrange lr-nat-add lr0 dnat_and_snat 40.0.0.7 192.168.1.10 1-2-3], [1], [], +[ovn-nbctl: invalid port range 1-2-3. +]) + +AT_CHECK([ovn-nbctl --portrange lr-nat-add lr0 dnat_and_snat 40.0.0.6 192.168.1.9 300-300], [1], [], +[ovn-nbctl: invalid port range 300-300. +]) + AT_CHECK([ovn-nbctl --portrange lr-nat-add lr0 dnat_and_snat 40.0.0.6 192.168.1.9 500-300], [1], [], [ovn-nbctl: invalid port range 500-300. ]) @@ -640,13 +652,31 @@ AT_CHECK([ovn-nbctl --portrange lr-nat-add lr0 dnat_and_snat 40.0.0.6 192.168.1. [ovn-nbctl: invalid port range 0-10. ]) +AT_CHECK([ovn-nbctl show lr0 | grep -c 'external port(s): "1-3000"'], [0], [dnl +3 +]) +AT_CHECK([ovn-nbctl show lr0 | grep -C2 'external port(s): "21-65535"' | uuidfilt], [0], [dnl + nat <0> + external ip: "40.0.0.3" + external port(s): "21-65535" + logical ip: "192.168.1.6" + type: "snat" +]) +AT_CHECK([ovn-nbctl show lr0 | grep -C2 'external port(s): "1"' | uuidfilt], [0], [dnl + nat <0> + external ip: "40.0.0.5" + external port(s): "1" + logical ip: "192.168.1.10" + type: "dnat" +]) + AT_CHECK([ovn-nbctl lr-nat-list lr0], [0], [dnl -TYPE EXTERNAL_IP LOGICAL_IP EXTERNAL_MAC LOGICAL_PORT -dnat 40.0.0.4 192.168.1.7 -dnat 40.0.0.5 192.168.1.10 -dnat_and_snat 40.0.0.5 192.168.1.8 -dnat_and_snat 40.0.0.6 192.168.1.9 00:00:00:04:05:06 lp0 -snat 40.0.0.3 192.168.1.6 +TYPE EXTERNAL_IP EXTERNAL_PORT LOGICAL_IP EXTERNAL_MAC LOGICAL_PORT +dnat 40.0.0.4 1-3000 192.168.1.7 +dnat 40.0.0.5 1 192.168.1.10 +dnat_and_snat 40.0.0.5 1-3000 192.168.1.8 +dnat_and_snat 40.0.0.6 1-3000 192.168.1.9 00:00:00:04:05:06 lp0 +snat 40.0.0.3 21-65535 192.168.1.6 ]) AT_CHECK([ovn-nbctl lr-nat-del lr0]) diff --git a/tests/ovn.at b/tests/ovn.at index f83d3f536..cf695bb41 100644 --- a/tests/ovn.at +++ b/tests/ovn.at @@ -1073,7 +1073,7 @@ ct_dnat(192.168.1.2, 1000); encodes as ct(commit,table=19,zone=NXM_NX_REG11[0..15],nat(dst=192.168.1.2:1000)) has prereqs ip ct_dnat(192.168.1.2, 1000-100); - Syntax error at `100' range high should be greater than range lo. + Syntax error at `100' range high should be greater than range low. # ct_snat ct_snat; @@ -1107,7 +1107,7 @@ ct_snat(192.168.1.2, 1000); encodes as ct(commit,table=19,zone=NXM_NX_REG12[0..15],nat(src=192.168.1.2:1000)) has prereqs ip ct_snat(192.168.1.2, 1000-100); - Syntax error at `100' range high should be greater than range lo. + Syntax error at `100' range high should be greater than range low. # ct_clear ct_clear; encodes as ct_clear diff --git a/utilities/ovn-nbctl.c b/utilities/ovn-nbctl.c index 63e5b0405..df13b9054 100644 --- a/utilities/ovn-nbctl.c +++ b/utilities/ovn-nbctl.c @@ -1034,6 +1034,10 @@ print_lr(const struct nbrec_logical_router *lr, struct ds *s) UUID_ARGS(&nat->header_.uuid)); ds_put_cstr(s, " external ip: "); ds_put_format(s, "\"%s\"\n", nat->external_ip); + if (nat->external_port_range[0]) { + ds_put_cstr(s, " external port(s): "); + ds_put_format(s, "\"%s\"\n", nat->external_port_range); + } ds_put_cstr(s, " logical ip: "); ds_put_format(s, "\"%s\"\n", nat->logical_ip); ds_put_cstr(s, " type: "); @@ -3990,7 +3994,7 @@ is_valid_port_range(const char *port_range) goto done; } - char *range_hi = strtok_r(NULL, "", &save_ptr); + char *range_hi = strtok_r(NULL, "-", &save_ptr); if (!range_hi) { goto done; } @@ -3999,11 +4003,16 @@ is_valid_port_range(const char *port_range) goto done; } + /* Check that there is nothing after range_hi. */ + if (strtok_r(NULL, "", &save_ptr)) { + goto done; + } + if (range_lo_int >= range_hi_int) { goto done; } - if (range_lo_int <= 0 || range_hi_int > 65535) { + if (range_hi_int > 65535) { goto done; } @@ -4320,20 +4329,24 @@ nbctl_lr_nat_list(struct ctl_context *ctx) const struct nbrec_nat *nat = lr->nat[i]; char *key = xasprintf("%-17.13s%s", nat->type, nat->external_ip); if (nat->external_mac && nat->logical_port) { - smap_add_format(&lr_nats, key, "%-22.18s%-21.17s%s", + smap_add_format(&lr_nats, key, "%-17.13s%-22.18s%-21.17s%s", + nat->external_port_range, nat->logical_ip, nat->external_mac, nat->logical_port); } else { - smap_add_format(&lr_nats, key, "%s", nat->logical_ip); + smap_add_format(&lr_nats, key, "%-17.13s%s", + nat->external_port_range, + nat->logical_ip); } free(key); } const struct smap_node **nodes = smap_sort(&lr_nats); if (nodes) { - ds_put_format(&ctx->output, "%-17.13s%-19.15s%-22.18s%-21.17s%s\n", - "TYPE", "EXTERNAL_IP", "LOGICAL_IP", "EXTERNAL_MAC", - "LOGICAL_PORT"); + ds_put_format(&ctx->output, + "%-17.13s%-19.15s%-17.13s%-22.18s%-21.17s%s\n", + "TYPE", "EXTERNAL_IP", "EXTERNAL_PORT", "LOGICAL_IP", + "EXTERNAL_MAC", "LOGICAL_PORT"); for (size_t i = 0; i < smap_count(&lr_nats); i++) { const struct smap_node *node = nodes[i]; ds_put_format(&ctx->output, "%-36.32s%s\n",