From patchwork Thu Apr 2 05:33:59 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ankur Sharma
X-Patchwork-Id: 1265430
Return-Path:
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized)
smtp.mailfrom=openvswitch.org (client-ip=140.211.166.133;
helo=hemlock.osuosl.org;
envelope-from=ovs-dev-bounces@openvswitch.org;
receiver=)
Authentication-Results: ozlabs.org;
dmarc=fail (p=none dis=none) header.from=nutanix.com
Authentication-Results: ozlabs.org;
dkim=fail reason="signature verification failed" (2048-bit key;
unprotected) header.d=nutanix.com header.i=@nutanix.com
header.a=rsa-sha256 header.s=proofpoint20171006
header.b=w9CHeLCX; dkim-atps=neutral
Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
bits)) (No client certificate requested)
by ozlabs.org (Postfix) with ESMTPS id 48tBZv1Wfvz9sR4
for ;
Thu, 2 Apr 2020 16:34:30 +1100 (AEDT)
Received: from localhost (localhost [127.0.0.1])
by hemlock.osuosl.org (Postfix) with ESMTP id 568A788193;
Thu, 2 Apr 2020 05:34:27 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from hemlock.osuosl.org ([127.0.0.1])
by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id Dn0+ic1W+PUk; Thu, 2 Apr 2020 05:34:24 +0000 (UTC)
Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56])
by hemlock.osuosl.org (Postfix) with ESMTP id 31D9F87ECD;
Thu, 2 Apr 2020 05:34:24 +0000 (UTC)
Received: from lf-lists.osuosl.org (localhost [127.0.0.1])
by lists.linuxfoundation.org (Postfix) with ESMTP id 1770DC1AE2;
Thu, 2 Apr 2020 05:34:24 +0000 (UTC)
X-Original-To: ovs-dev@openvswitch.org
Delivered-To: ovs-dev@lists.linuxfoundation.org
Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138])
by lists.linuxfoundation.org (Postfix) with ESMTP id 57107C07FF
for ; Thu, 2 Apr 2020 05:34:22 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by whitealder.osuosl.org (Postfix) with ESMTP id 5372D86C0E
for ; Thu, 2 Apr 2020 05:34:22 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from whitealder.osuosl.org ([127.0.0.1])
by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id Oa+f8uRpsLiE for ;
Thu, 2 Apr 2020 05:34:21 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from mx0a-002c1b01.pphosted.com (mx0a-002c1b01.pphosted.com
[148.163.151.68])
by whitealder.osuosl.org (Postfix) with ESMTPS id CE35086BB9
for ; Thu, 2 Apr 2020 05:34:20 +0000 (UTC)
Received: from pps.filterd (m0127839.ppops.net [127.0.0.1])
by mx0a-002c1b01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id
0325U0Yd005597
for ; Wed, 1 Apr 2020 22:34:19 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nutanix.com;
h=from : to : cc :
subject : date : message-id : in-reply-to : references : content-type
: mime-version; s=proofpoint20171006;
bh=mInqV/r8yRhnKQeFoVSQurZfhybPgu6IWN21Vr7kmYg=;
b=w9CHeLCXQnq30+EnoHKdjvo8nBlDRqbGaOdq8EKrQUMRUJ2ZYmZuDhvl7oonj24U3Wbg
hkPNMbC44E3ghqBw9lOHIFXn8WC4VXIzDMVz8hsfKwo76ort2kczzNU449j3ihTw4JCm
9wucwUKP9yDjVEbb4qSK8e933cQitcddjzULOqpSlE3ZfY+O5nRcb1GP9QO6ob93WWaL
YbWhdV8x/qs8W79Kw26yqmGwAY507L2YijhplrGv3TZG4cvcgY4orkWWjysED8/Aq/K5
dBj9ANe+iwxXM4v+K2/VPm3+wEirxA8wYxK7I40V6DriTbybrCGN8Du+iCVG3HwTNYSf
3w==
Received: from nam10-bn7-obe.outbound.protection.outlook.com
(mail-bn7nam10lp2101.outbound.protection.outlook.com [104.47.70.101])
by mx0a-002c1b01.pphosted.com with ESMTP id 302ss3gpt6-1
(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
verify=NOT)
for ; Wed, 01 Apr 2020 22:34:19 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=hyjONPvS9i7hFhQ/G4+c4cb6Dtiqh2DouEn1O1tvQkXeX/AZErvvvDEzVyspckQOzL0mEtO6oYCzAd3OKk/RmO+uhuInO48X1Hypcb8L76+lE5A5lo7YFzxpOQRqAtiT7UldYj7GUSa2aThgwES8epHzfkn8OST/A/0KVkWOYx7DBA4ht3iT+xUbenE5V119qCJxxCaiaaA9sNMXsJ6R9i80AJqzEgOXS5CP70VVEFEDFun5FVgrts1ySUD3y2X/etDejiZ45F05fuU872zQnzdd5akq4DPOMz1FjsBCZ1oeE+41spLiyOMsgSmSbDbz5ZEucBvTIJwtJVmwmnH0fA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=mInqV/r8yRhnKQeFoVSQurZfhybPgu6IWN21Vr7kmYg=;
b=ViWdbJNvH89Mah+GGgidSSE9rKZzZSdwTI3JWJJ2mOA5eDOnh22EPy31wh2D5v23GK5mwkqDypcgpK1J1m2i55V2BjhKrSFh8Xjix0tOBWYda0OVycM5s9pGeqcRJkPIC9VysFTa3bRusXZ/D24AN5R7zquYQp+WOMiSc7PWXBLhNzejGhfdTRLg7nAMAu1IC/ySCDGlIneRYTWRNe5e88viUqIlxVVxMRIGsGIJvBOVxYNTHx733vP/svszV+jnE+TzbKsqp2UgdbAsWhr/LffdiVrDBl9nQqQLfU5P45K559gErPLla8VDZ35a/mDhVjlSWK4oZI10OCIygkyzWQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
smtp.mailfrom=nutanix.com;
dmarc=pass action=none header.from=nutanix.com;
dkim=pass header.d=nutanix.com; arc=none
Received: from BL0PR02MB3714.namprd02.prod.outlook.com (2603:10b6:207:44::16)
by BL0PR02MB5588.namprd02.prod.outlook.com (2603:10b6:208:8a::20)
with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2856.20;
Thu, 2 Apr 2020 05:34:18 +0000
Received: from BL0PR02MB3714.namprd02.prod.outlook.com
([fe80::c43f:ba9f:6c04:d0fb]) by
BL0PR02MB3714.namprd02.prod.outlook.com
([fe80::c43f:ba9f:6c04:d0fb%7]) with mapi id 15.20.2878.016;
Thu, 2 Apr 2020 05:34:18 +0000
From: Ankur Sharma
To: ovs-dev@openvswitch.org
Date: Wed, 1 Apr 2020 22:33:59 -0700
Message-Id: <1585805640-94503-2-git-send-email-svc.mail.git@nutanix.com>
X-Mailer: git-send-email 1.8.3.1
In-Reply-To: <1585805640-94503-1-git-send-email-svc.mail.git@nutanix.com>
References: <1585805640-94503-1-git-send-email-svc.mail.git@nutanix.com>
X-ClientProxiedBy: BYAPR01CA0034.prod.exchangelabs.com (2603:10b6:a02:80::47)
To BL0PR02MB3714.namprd02.prod.outlook.com
(2603:10b6:207:44::16)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from northd.localdomain (192.146.154.98) by
BYAPR01CA0034.prod.exchangelabs.com (2603:10b6:a02:80::47) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.2878.15 via Frontend Transport; Thu, 2 Apr 2020 05:34:17 +0000
X-Mailer: git-send-email 1.8.3.1
X-Originating-IP: [192.146.154.98]
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 4def4caf-45fa-48b3-0c9d-08d7d6c77cc2
X-MS-TrafficTypeDiagnostic: BL0PR02MB5588:
X-MS-Exchange-Transport-Forked: True
X-Microsoft-Antispam-PRVS:
x-proofpoint-crosstenant: true
X-MS-Oob-TLC-OOBClassifiers: OLM:1443;
X-Forefront-PRVS: 0361212EA8
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;
IPV:NLI; SFV:NSPM; H:BL0PR02MB3714.namprd02.prod.outlook.com; PTR:;
CAT:NONE; SFTY:;
SFS:(10019020)(366004)(39860400002)(396003)(376002)(346002)(136003)(6512007)(2616005)(8676002)(956004)(186003)(16526019)(26005)(36756003)(5660300002)(6486002)(52116002)(478600001)(66476007)(6506007)(2906002)(107886003)(81166006)(81156014)(316002)(6666004)(54906003)(66946007)(66556008)(4326008)(8936002)(6916009)(66574012)(86362001);
DIR:OUT; SFP:1102;
Received-SPF: None (protection.outlook.com: nutanix.com does not designate
permitted sender hosts)
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
XVKVAHSMW2qlflSouAyCB+dnCR7uiZeNqKOM7uIGONUTQ2tqxg2TMdE2JtZCQYxEz0vmh5ZterjhS7xjb/SOTUVFCYhoGN2dZqPKPB9HVdlDl5I8o3qpweEXjKOXSbRHeQyahpOiUryAzJisZLVR15Fuhl8A2oAjh2E+qjSJRdSxP/Itw8YYZd7Sa9b/jBy4fq6SSdHUn76F6WJCWXkKmLCcYC+XJnex+ZESHpxEFxCBP1Pvu/wxkDvQh9+VhCdmpi2W571vuLIbJd9bunYAAjebBuEj35p4e/7cblp52UpU6nZV1tyLxk5DXKeVaYh8+3otq0lKB3U3wmkJAebPp6FEl4mwJGCrgMuIb8RqqNeycLye3wGAcRvnDlr8A5iIetydHwmiWic6odr7xvHL5tYJqR/2enETkqNpjGm7KebognMzPrqKnyCsYNKIvJQD
X-MS-Exchange-AntiSpam-MessageData:
7Db37U4WIkK0syXmV+LAUGeW9NQg/djZognuWFNyceoUWeSjnfY6ytpmV5h7gcxu/i7vtQhd46VJaATSbq59IZcuZEcDMxPb5Y4ZAqYFdC+neUm90ZqjLRHZA1OnrPEZO0yaU8Esqu1V1VGYMd23fQ==
X-OriginatorOrg: nutanix.com
X-MS-Exchange-CrossTenant-Network-Message-Id:
4def4caf-45fa-48b3-0c9d-08d7d6c77cc2
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Apr 2020 05:34:17.8840
(UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: bb047546-786f-4de1-bd75-24e5b6f79043
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName:
BOvGgwCv+VnqI0I9+meC4BJsG42Vx7h/iENqbpl3DEyd4XWxSWpdI7ZrAhvH2l1UIedhQdsVptQ+yyDJxcO/kmEVmGtG1qxoVOtzpx1q7QA=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR02MB5588
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138,
18.0.676 definitions=2020-04-01_04:2020-03-31,
2020-04-01 signatures=0
X-Proofpoint-Spam-Reason: safe
Cc: Ankur Sharma
Subject: [ovs-dev] [PATCH v3 1/2 ovn] NAT: Provide port range in input
X-BeenThere: ovs-dev@openvswitch.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id:
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
Errors-To: ovs-dev-bounces@openvswitch.org
Sender: "dev"
This patch enhances the NB OVSSCHEMA to
add an additional comuln in NAT table.
external_port_range: Specifies the range of port numbers
to translate source port to.
Changes also add corresponding ovn-nbctl cli.
Signed-off-by: Ankur Sharma
---
ovn-nb.ovsschema | 5 ++-
ovn-nb.xml | 23 +++++++++++
tests/ovn-nbctl.at | 46 +++++++++++++++++++++
utilities/ovn-nbctl.c | 108 +++++++++++++++++++++++++++++++++++++++++++++-----
4 files changed, 169 insertions(+), 13 deletions(-)
diff --git a/ovn-nb.ovsschema b/ovn-nb.ovsschema
index ea6f4e3..affa0ce 100644
--- a/ovn-nb.ovsschema
+++ b/ovn-nb.ovsschema
@@ -1,7 +1,7 @@
{
"name": "OVN_Northbound",
- "version": "5.20.1",
- "cksum": "721375950 25251",
+ "version": "5.20.2",
+ "cksum": "623498453 25310",
"tables": {
"NB_Global": {
"columns": {
@@ -379,6 +379,7 @@
"external_ip": {"type": "string"},
"external_mac": {"type": {"key": "string",
"min": 0, "max": 1}},
+ "external_port_range": {"type": "string"},
"logical_ip": {"type": "string"},
"logical_port": {"type": {"key": "string",
"min": 0, "max": 1}},
diff --git a/ovn-nb.xml b/ovn-nb.xml
index 541ec20..61c1ae8 100644
--- a/ovn-nb.xml
+++ b/ovn-nb.xml
@@ -2552,6 +2552,29 @@
+
+
+ L4 source port range
+
+
+
+ Range of port, from which a port number will be picked that will
+ replace the source port of to be NATed packet. This is basically
+ PAT (port address translation).
+
+
+
+ Value of the column is in the format, port_lo-port_hi.
+ For example:
+ external_port_range : "1-30000"
+
+
+
+ Valid range of ports is 1-65535.
+
+
+
+
An IPv4 network (e.g 192.168.1.0/24) or an IPv4 address.
diff --git a/tests/ovn-nbctl.at b/tests/ovn-nbctl.at
index fcb6ad7..39189fd 100644
--- a/tests/ovn-nbctl.at
+++ b/tests/ovn-nbctl.at
@@ -604,6 +604,52 @@ snat fd01::1 fd11::/64
])
AT_CHECK([ovn-nbctl lr-nat-del lr0])
+AT_CHECK([ovn-nbctl --portrange lr-nat-add lr0 snat 40.0.0.3 192.168.1.6 1-3000])
+AT_CHECK([ovn-nbctl --portrange lr-nat-add lr0 dnat 40.0.0.4 192.168.1.7 1-3000])
+AT_CHECK([ovn-nbctl --portrange lr-nat-add lr0 dnat 40.0.0.5 192.168.1.10 1])
+AT_CHECK([ovn-nbctl --portrange lr-nat-add lr0 dnat_and_snat 40.0.0.5 192.168.1.8 1-3000])
+AT_CHECK([ovn-nbctl --portrange lr-nat-add lr0 dnat_and_snat 40.0.0.6 192.168.1.9 lp0 00:00:00:04:05:06 1-3000])
+AT_CHECK([ovn-nbctl --portrange lr-nat-add lr0 dnat_and_snat 40.0.0.6 192.168.1.9 lp0 1-3000], [1], [],
+[ovn-nbctl: lr-nat-add with logical_port must also specify external_mac.
+])
+AT_CHECK([ovn-nbctl --portrange lr-nat-add lr0 dnat_and_snat 40.0.0.6 192.168.1.9 00:00:00:04:05:06 1-3000], [1], [],
+[ovn-nbctl: lr-nat-add with logical_port must also specify external_mac.
+])
+
+AT_CHECK([ovn-nbctl --portrange lr-nat-add lr0 dnat_and_snat 40.0.0.7 192.168.1.10 1-], [1], [],
+[ovn-nbctl: invalid port range 1-.
+])
+
+AT_CHECK([ovn-nbctl --portrange lr-nat-add lr0 dnat_and_snat 40.0.0.6 192.168.1.9 -300], [1], [],
+[ovn-nbctl: invalid port range -300.
+])
+
+AT_CHECK([ovn-nbctl --portrange lr-nat-add lr0 dnat_and_snat 40.0.0.6 192.168.1.9 500-300], [1], [],
+[ovn-nbctl: invalid port range 500-300.
+])
+
+AT_CHECK([ovn-nbctl --portrange lr-nat-add lr0 dnat_and_snat 40.0.0.6 192.168.1.9 a-300], [1], [],
+[ovn-nbctl: invalid port range a-300.
+])
+
+AT_CHECK([ovn-nbctl --portrange lr-nat-add lr0 dnat_and_snat 40.0.0.6 192.168.1.9 100-b], [1], [],
+[ovn-nbctl: invalid port range 100-b.
+])
+
+AT_CHECK([ovn-nbctl --portrange lr-nat-add lr0 dnat_and_snat 40.0.0.6 192.168.1.9 0-10], [1], [],
+[ovn-nbctl: invalid port range 0-10.
+])
+
+AT_CHECK([ovn-nbctl lr-nat-list lr0], [0], [dnl
+TYPE EXTERNAL_IP LOGICAL_IP EXTERNAL_MAC LOGICAL_PORT
+dnat 40.0.0.4 192.168.1.7
+dnat 40.0.0.5 192.168.1.10
+dnat_and_snat 40.0.0.5 192.168.1.8
+dnat_and_snat 40.0.0.6 192.168.1.9 00:00:00:04:05:06 lp0
+snat 40.0.0.3 192.168.1.6
+])
+
+AT_CHECK([ovn-nbctl lr-nat-del lr0])
AT_CHECK([ovn-nbctl lr-nat-list lr0], [0], [])
AT_CHECK([ovn-nbctl lr-nat-del lr0])
AT_CHECK([ovn-nbctl lr-nat-del lr0 dnat])])
diff --git a/utilities/ovn-nbctl.c b/utilities/ovn-nbctl.c
index 59abe00..ab37b49 100644
--- a/utilities/ovn-nbctl.c
+++ b/utilities/ovn-nbctl.c
@@ -702,7 +702,8 @@ Policy commands:\n\
\n\
NAT commands:\n\
[--stateless]\n\
- lr-nat-add ROUTER TYPE EXTERNAL_IP LOGICAL_IP [LOGICAL_PORT EXTERNAL_MAC]\n\
+ [--portrange]\n\
+ lr-nat-add ROUTER TYPE EXTERNAL_IP LOGICAL_IP [LOGICAL_PORT EXTERNAL_MAC] [EXTERNAL_PORT_RANGE]\n\
add a NAT to ROUTER\n\
lr-nat-del ROUTER [TYPE [IP]]\n\
remove NATs from ROUTER\n\
@@ -3963,6 +3964,56 @@ out:
free(nexthop);
}
+static bool
+is_valid_port_range(const char *port_range)
+{
+ int range_lo_int, range_hi_int;
+ bool ret = false;
+
+ if (!port_range) {
+ return false;
+ }
+
+ char *save_ptr = NULL;
+ char *tokstr = xstrdup(port_range);
+ char *range_lo = strtok_r(tokstr, "-", &save_ptr);
+ if (!range_lo) {
+ goto done;
+ }
+ range_lo_int = strtol(range_lo, NULL, 10);
+ if (errno == EINVAL || range_lo_int <= 0) {
+ goto done;
+ }
+
+ if (!strchr(port_range, '-')) {
+ ret = true;
+ goto done;
+ }
+
+ char *range_hi = strtok_r(NULL, "", &save_ptr);
+ if (!range_hi) {
+ goto done;
+ }
+ range_hi_int = strtol(range_hi, NULL, 10);
+ if (errno == EINVAL) {
+ goto done;
+ }
+
+ if (range_lo_int >= range_hi_int) {
+ goto done;
+ }
+
+ if (range_lo_int <= 0 || range_hi_int > 65535) {
+ goto done;
+ }
+
+ ret = true;
+
+done:
+ free(tokstr);
+ return ret;
+}
+
static void
nbctl_lr_nat_add(struct ctl_context *ctx)
{
@@ -3971,6 +4022,7 @@ nbctl_lr_nat_add(struct ctl_context *ctx)
const char *external_ip = ctx->argv[3];
const char *logical_ip = ctx->argv[4];
char *new_logical_ip = NULL;
+ bool is_portrange = shash_find(&ctx->options, "--portrange") != NULL;
char *error = lr_by_name_or_uuid(ctx, ctx->argv[1], true, &lr);
if (error) {
@@ -4034,14 +4086,25 @@ nbctl_lr_nat_add(struct ctl_context *ctx)
}
}
- const char *logical_port;
- const char *external_mac;
+ const char *logical_port = NULL;
+ const char *external_mac = NULL;
+ const char *port_range = NULL;
+
if (ctx->argc == 6) {
- ctl_error(ctx, "lr-nat-add with logical_port "
- "must also specify external_mac.");
- free(new_logical_ip);
- return;
- } else if (ctx->argc == 7) {
+ if (!is_portrange) {
+ ctl_error(ctx, "lr-nat-add with logical_port "
+ "must also specify external_mac.");
+ free(new_logical_ip);
+ return;
+ }
+ port_range = ctx->argv[5];
+ if (!is_valid_port_range(port_range)) {
+ ctl_error(ctx, "invalid port range %s.", port_range);
+ free(new_logical_ip);
+ return;
+ }
+
+ } else if (ctx->argc >= 7) {
if (strcmp(nat_type, "dnat_and_snat")) {
ctl_error(ctx, "logical_port and external_mac are only valid when "
"type is \"dnat_and_snat\".");
@@ -4049,6 +4112,13 @@ nbctl_lr_nat_add(struct ctl_context *ctx)
return;
}
+ if (ctx->argc == 7 && is_portrange) {
+ ctl_error(ctx, "lr-nat-add with logical_port "
+ "must also specify external_mac.");
+ free(new_logical_ip);
+ return;
+ }
+
logical_port = ctx->argv[5];
const struct nbrec_logical_switch_port *lsp;
error = lsp_by_name_or_uuid(ctx, logical_port, true, &lsp);
@@ -4065,7 +4135,18 @@ nbctl_lr_nat_add(struct ctl_context *ctx)
free(new_logical_ip);
return;
}
+
+ if (ctx->argc > 7) {
+ port_range = ctx->argv[7];
+ if (!is_valid_port_range(port_range)) {
+ ctl_error(ctx, "invalid port range %s.", port_range);
+ free(new_logical_ip);
+ return;
+ }
+ }
+
} else {
+ port_range = NULL;
logical_port = NULL;
external_mac = NULL;
}
@@ -4137,6 +4218,10 @@ nbctl_lr_nat_add(struct ctl_context *ctx)
nbrec_nat_set_external_mac(nat, external_mac);
}
+ if (port_range) {
+ nbrec_nat_set_external_port_range(nat, port_range);
+ }
+
smap_add(&nat_options, "stateless", stateless ? "true":"false");
nbrec_nat_set_options(nat, &nat_options);
@@ -6133,9 +6218,10 @@ static const struct ctl_command_syntax nbctl_commands[] = {
"", RO },
/* NAT commands. */
- { "lr-nat-add", 4, 6,
- "ROUTER TYPE EXTERNAL_IP LOGICAL_IP [LOGICAL_PORT EXTERNAL_MAC]", NULL,
- nbctl_lr_nat_add, NULL, "--may-exist,--stateless", RW },
+ { "lr-nat-add", 4, 7,
+ "ROUTER TYPE EXTERNAL_IP LOGICAL_IP"
+ "[LOGICAL_PORT EXTERNAL_MAC] [EXTERNAL_PORT_RANGE]", NULL,
+ nbctl_lr_nat_add, NULL, "--may-exist,--stateless,--portrange", RW },
{ "lr-nat-del", 1, 3, "ROUTER [TYPE [IP]]", NULL,
nbctl_lr_nat_del, NULL, "--if-exists", RW },
{ "lr-nat-list", 1, 1, "ROUTER", NULL, nbctl_lr_nat_list, NULL, "", RO },
From patchwork Thu Apr 2 05:34:00 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ankur Sharma
X-Patchwork-Id: 1265431
Return-Path:
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized)
smtp.mailfrom=openvswitch.org (client-ip=140.211.166.133;
helo=hemlock.osuosl.org;
envelope-from=ovs-dev-bounces@openvswitch.org;
receiver=)
Authentication-Results: ozlabs.org;
dmarc=fail (p=none dis=none) header.from=nutanix.com
Authentication-Results: ozlabs.org;
dkim=fail reason="signature verification failed" (2048-bit key;
unprotected) header.d=nutanix.com header.i=@nutanix.com
header.a=rsa-sha256 header.s=proofpoint20171006
header.b=xtGxYvRa; dkim-atps=neutral
Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
bits)) (No client certificate requested)
by ozlabs.org (Postfix) with ESMTPS id 48tBZv3zwKz9sRN
for ;
Thu, 2 Apr 2020 16:34:31 +1100 (AEDT)
Received: from localhost (localhost [127.0.0.1])
by hemlock.osuosl.org (Postfix) with ESMTP id B989988246;
Thu, 2 Apr 2020 05:34:29 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from hemlock.osuosl.org ([127.0.0.1])
by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id VTNcT2eWAM2z; Thu, 2 Apr 2020 05:34:27 +0000 (UTC)
Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56])
by hemlock.osuosl.org (Postfix) with ESMTP id D1D81880C7;
Thu, 2 Apr 2020 05:34:26 +0000 (UTC)
Received: from lf-lists.osuosl.org (localhost [127.0.0.1])
by lists.linuxfoundation.org (Postfix) with ESMTP id BACE1C1D89;
Thu, 2 Apr 2020 05:34:26 +0000 (UTC)
X-Original-To: ovs-dev@openvswitch.org
Delivered-To: ovs-dev@lists.linuxfoundation.org
Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133])
by lists.linuxfoundation.org (Postfix) with ESMTP id 66388C1AE2
for ; Thu, 2 Apr 2020 05:34:25 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by hemlock.osuosl.org (Postfix) with ESMTP id 55EFA87EBB
for ; Thu, 2 Apr 2020 05:34:25 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from hemlock.osuosl.org ([127.0.0.1])
by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id UaI8oAAGbDBj for ;
Thu, 2 Apr 2020 05:34:22 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from mx0a-002c1b01.pphosted.com (mx0a-002c1b01.pphosted.com
[148.163.151.68])
by hemlock.osuosl.org (Postfix) with ESMTPS id 7B42D87EA9
for ; Thu, 2 Apr 2020 05:34:22 +0000 (UTC)
Received: from pps.filterd (m0127839.ppops.net [127.0.0.1])
by mx0a-002c1b01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id
0325U0Ye005597
for ; Wed, 1 Apr 2020 22:34:21 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nutanix.com;
h=from : to : cc :
subject : date : message-id : in-reply-to : references : content-type
: mime-version; s=proofpoint20171006;
bh=s9banIcb7LQkTEG3GhAjdIL90b4YgfE/6KVnyywO9W8=;
b=xtGxYvRaiZ/brsH/e5h568bMGXltQETfXesKwUZZGbz6f4/9IBbMs8/crNB33M9q/ryu
5fYwlopwNUpzj+7uRAVgsx0YV0YBpHI13CMUjZUs76hXM4tl6DBVyCYUQuqOL2QDD2yZ
OqGlNTdlJYpRBhD1wSjGBKEbEXH5vPW8ZwxipazFQyisdtymk4Qf5B+05x6cVuigbtf1
RmW7pdld2C57PwZMPTiJ2x/GUUOoQRIUoBaB+xCNWCudtkwSCOjf2eWDOst0N7gn7pic
wuODpB6CYayfwTvFa/BRJCPMTC6if00epSDY2Yc29MblrB9739GkeddijpMFuS6mmL8W
sw==
Received: from nam10-bn7-obe.outbound.protection.outlook.com
(mail-bn7nam10lp2100.outbound.protection.outlook.com [104.47.70.100])
by mx0a-002c1b01.pphosted.com with ESMTP id 302ss3gpt8-1
(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
verify=NOT)
for ; Wed, 01 Apr 2020 22:34:21 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=HlIelsye6ReYC4gc0nLJisbs8arWz/nUHsxvcDExjyjQitpSk0Xn8+qINdvBBgwRq6n/QoL8dpy7+te07yypKweeySKapk5Bzqn04Ob1Z8oA4j9vhqGvVwyEqIp3NlFdhYxf9gdV6BkyPupBFRRioFyZiKUzzXMRt3QPGHDbH4meI+QdmKBRda2LQ91it6kurTAfiWb0diGXzVIPfDY+bamGtgTI2sSQKXDGF7Zn9K08S0j3ngqxxL0p01tvL3g6emJ1MT5Zq2nGKzYj0N4wqG0qouizO1mupItUTF/kJCYy4BH/qKcvcUTF4Ra65Y/XJlWxhm4B0iZGstoFgjlI8Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=s9banIcb7LQkTEG3GhAjdIL90b4YgfE/6KVnyywO9W8=;
b=JH6h4JtLkc+5wQ8vsHn8vJgatdfS07oA2ZJlaU8wnIdf+Cf/sCV+z44qbxinJhm02wMAQ78uf0fru8TDrc8D42P52ygD6R7KAHn3MLpTXd0CuKIc90EmCL/7+W4mJWeVdAPXsbbicb6iqJCEuyQHuKybMNONWhyOALRD2+IRDIWCPAOpAPEGy7vfMprLb5i5hPI/GdoaiVxX4cJiKCi2/cytxxWP9CHLENKclUSRgK/h2k+YQKmxfbQ8Jahlkv5UDz11PkSrVtEglrZSqJ/rIdEfgtp6j31Sl8/eGIgc7wUfiX0+xcV3Nz+Beg4gPgVqAj3oEdB3Rs5ARwnVkT9ZHw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
smtp.mailfrom=nutanix.com;
dmarc=pass action=none header.from=nutanix.com;
dkim=pass header.d=nutanix.com; arc=none
Received: from BL0PR02MB3714.namprd02.prod.outlook.com (2603:10b6:207:44::16)
by BL0PR02MB5588.namprd02.prod.outlook.com (2603:10b6:208:8a::20)
with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2856.20;
Thu, 2 Apr 2020 05:34:19 +0000
Received: from BL0PR02MB3714.namprd02.prod.outlook.com
([fe80::c43f:ba9f:6c04:d0fb]) by
BL0PR02MB3714.namprd02.prod.outlook.com
([fe80::c43f:ba9f:6c04:d0fb%7]) with mapi id 15.20.2878.016;
Thu, 2 Apr 2020 05:34:19 +0000
From: Ankur Sharma
To: ovs-dev@openvswitch.org
Date: Wed, 1 Apr 2020 22:34:00 -0700
Message-Id: <1585805640-94503-3-git-send-email-svc.mail.git@nutanix.com>
X-Mailer: git-send-email 1.8.3.1
In-Reply-To: <1585805640-94503-1-git-send-email-svc.mail.git@nutanix.com>
References: <1585805640-94503-1-git-send-email-svc.mail.git@nutanix.com>
X-ClientProxiedBy: BYAPR01CA0034.prod.exchangelabs.com (2603:10b6:a02:80::47)
To BL0PR02MB3714.namprd02.prod.outlook.com
(2603:10b6:207:44::16)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from northd.localdomain (192.146.154.98) by
BYAPR01CA0034.prod.exchangelabs.com (2603:10b6:a02:80::47) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.2878.15 via Frontend Transport; Thu, 2 Apr 2020 05:34:18 +0000
X-Mailer: git-send-email 1.8.3.1
X-Originating-IP: [192.146.154.98]
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 281ccb36-d351-4103-86c2-08d7d6c77dab
X-MS-TrafficTypeDiagnostic: BL0PR02MB5588:
X-MS-Exchange-Transport-Forked: True
X-Microsoft-Antispam-PRVS:
x-proofpoint-crosstenant: true
X-MS-Oob-TLC-OOBClassifiers: OLM:197;
X-Forefront-PRVS: 0361212EA8
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;
IPV:NLI; SFV:NSPM; H:BL0PR02MB3714.namprd02.prod.outlook.com; PTR:;
CAT:NONE; SFTY:;
SFS:(10019020)(366004)(39860400002)(396003)(376002)(346002)(136003)(6512007)(2616005)(8676002)(956004)(186003)(16526019)(26005)(36756003)(5660300002)(6486002)(52116002)(478600001)(66476007)(6506007)(2906002)(107886003)(81166006)(81156014)(316002)(6666004)(54906003)(66946007)(66556008)(4326008)(8936002)(30864003)(6916009)(66574012)(86362001);
DIR:OUT; SFP:1102;
Received-SPF: None (protection.outlook.com: nutanix.com does not designate
permitted sender hosts)
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
mn9OCIhznA7B6ZjVTOp34sMr70jHRkUXxAFTrbnjh7KNdzOPF20QcMYJBmr5i71lfQe3cklbLkL/8RjfX396zf+uCkXfESDfJ736QElnCQoJbbYHS4X7ts+6c2BN/lX9AkS5WogDLKLvZDR+d5aZuofsR2eyYJB77YesTosve6xNa/am6ybLZcujEYRNWAMMLfJzSAej0M7qRGNeY3q47v2SxTEh0+Lvy2uD0l7cIN+qlpcM755XTwSlj86NiGu8QbUQ+nDstODw5vg7mCVDDAL1WksFAXH+DuRS1otGt8QQTmv/ft5rba8D86vPD8tdriVaPTh4WCxmiGQ/M2SMbEoLIvJj+kN+GaSTBe5r3+AeKlucDpi4FjKaZHt8R/c6tFIg3N5/dMGWa93aHd6QU4PfYiRTScX5oYw3oAxRCT+uhOfd9QCJ62Fa35lU0k2K
X-MS-Exchange-AntiSpam-MessageData:
hHlsVRn0clE1iUbiUgcOR6xWWx5oc27p0aUeky+5+3kThOxelnPbkbEhSA6cluiJ70OxrO8lOp7aF9Dq3C9ZklgKiZ1wGtAHEpB7dFmLnqCM5euYH/mZX6bCNEA1HEfZjQLAnTHOeQ+4Zqh79oVDkg==
X-OriginatorOrg: nutanix.com
X-MS-Exchange-CrossTenant-Network-Message-Id:
281ccb36-d351-4103-86c2-08d7d6c77dab
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Apr 2020 05:34:19.4112
(UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: bb047546-786f-4de1-bd75-24e5b6f79043
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName:
ZXAwa+f2RnEaR5PIJcgPwStCdTlq6iEr12hm/yFOUxCAtcpjIRiqBvt/q43Rj2jE/sYpb51KLHeYI4Q5kcBbRJUAHffKa+wGx0pILeQp4AA=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR02MB5588
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138,
18.0.676 definitions=2020-04-01_04:2020-03-31,
2020-04-01 signatures=0
X-Proofpoint-Spam-Reason: safe
Cc: Ankur Sharma
Subject: [ovs-dev] [PATCH v3 2/2 ovn] NAT: Northd and parser changes to
support port range
X-BeenThere: ovs-dev@openvswitch.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id:
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
Errors-To: ovs-dev-bounces@openvswitch.org
Sender: "dev"
This patch has northd changes to put
port range in the logical flow based on configuration.
Port range is NOT applicable for stateless dnat_and_snat
rules.
Changes to parse the logical flow, which specifies port_range
for ct_nat action.
Example logical flow:
ct_snat(10.15.24.135,1-30000)
Signed-off-by: Ankur Sharma
---
include/ovn/actions.h | 7 ++++++
include/ovn/lex.h | 1 +
lib/actions.c | 48 ++++++++++++++++++++++++++++++++++++++
lib/lex.c | 5 +++-
northd/ovn-northd.c | 31 +++++++++++++++++++++----
tests/ovn-northd.at | 64 +++++++++++++++++++++++++++++++++++++++++++++++++++
tests/ovn.at | 34 +++++++++++++++++++++++----
7 files changed, 180 insertions(+), 10 deletions(-)
diff --git a/include/ovn/actions.h b/include/ovn/actions.h
index 9b01492..2cec369 100644
--- a/include/ovn/actions.h
+++ b/include/ovn/actions.h
@@ -233,6 +233,13 @@ struct ovnact_ct_nat {
struct in6_addr ipv6;
ovs_be32 ipv4;
};
+
+ struct {
+ bool exists;
+ uint16_t port_lo;
+ uint16_t port_hi;
+ } port_range;
+
uint8_t ltable; /* Logical table ID of next table. */
};
diff --git a/include/ovn/lex.h b/include/ovn/lex.h
index 8d55857..1da6ccc 100644
--- a/include/ovn/lex.h
+++ b/include/ovn/lex.h
@@ -63,6 +63,7 @@ enum lex_type {
LEX_T_EXCHANGE, /* <-> */
LEX_T_DECREMENT, /* -- */
LEX_T_COLON, /* : */
+ LEX_T_HYPHEN, /* - */
};
/* Subtype for LEX_T_INTEGER and LEX_T_MASKED_INTEGER tokens.
diff --git a/lib/actions.c b/lib/actions.c
index 6351db7..5d9d93b 100644
--- a/lib/actions.c
+++ b/lib/actions.c
@@ -770,6 +770,38 @@ parse_ct_nat(struct action_context *ctx, const char *name,
}
lexer_get(ctx->lexer);
+ if (lexer_match(ctx->lexer, LEX_T_COMMA)) {
+
+ if (ctx->lexer->token.type != LEX_T_INTEGER ||
+ ctx->lexer->token.format != LEX_F_DECIMAL) {
+ lexer_syntax_error(ctx->lexer, "expecting Integer for port "
+ "range");
+ }
+
+ cn->port_range.port_lo = ntohll(ctx->lexer->token.value.integer);
+ lexer_get(ctx->lexer);
+
+ if (lexer_match(ctx->lexer, LEX_T_HYPHEN)) {
+
+ if (ctx->lexer->token.type != LEX_T_INTEGER) {
+ lexer_syntax_error(ctx->lexer, "expecting Integer for port "
+ "range");
+ }
+ cn->port_range.port_hi = ntohll(
+ ctx->lexer->token.value.integer);
+
+ if (cn->port_range.port_hi <= cn->port_range.port_lo) {
+ lexer_syntax_error(ctx->lexer, "range high should be "
+ "greater than range lo");
+ }
+ lexer_get(ctx->lexer);
+ } else {
+ cn->port_range.port_hi = 0;
+ }
+
+ cn->port_range.exists = true;
+ }
+
if (!lexer_force_match(ctx->lexer, LEX_T_RPAREN)) {
return;
}
@@ -799,6 +831,17 @@ format_ct_nat(const struct ovnact_ct_nat *cn, const char *name, struct ds *s)
ipv6_format_addr(&cn->ipv6, s);
ds_put_char(s, ')');
}
+
+ if (cn->port_range.exists) {
+ ds_chomp(s, ')');
+ ds_put_format(s, ",%d", cn->port_range.port_lo);
+
+ if (cn->port_range.port_hi) {
+ ds_put_format(s, "-%d", cn->port_range.port_hi);
+ }
+ ds_put_char(s, ')');
+ }
+
ds_put_char(s, ';');
}
@@ -861,6 +904,11 @@ encode_ct_nat(const struct ovnact_ct_nat *cn,
}
}
+ if (cn->port_range.exists) {
+ nat->range.proto.min = cn->port_range.port_lo;
+ nat->range.proto.max = cn->port_range.port_hi;
+ }
+
ofpacts->header = ofpbuf_push_uninit(ofpacts, nat_offset);
ct = ofpacts->header;
if (cn->family == AF_INET || cn->family == AF_INET6) {
diff --git a/lib/lex.c b/lib/lex.c
index 7a2ab41..94f6c77 100644
--- a/lib/lex.c
+++ b/lib/lex.c
@@ -301,6 +301,9 @@ lex_token_format(const struct lex_token *token, struct ds *s)
case LEX_T_COLON:
ds_put_char(s, ':');
break;
+ case LEX_T_HYPHEN:
+ ds_put_char(s, '-');
+ break;
default:
OVS_NOT_REACHED();
}
@@ -757,7 +760,7 @@ next:
token->type = LEX_T_DECREMENT;
p++;
} else {
- lex_error(token, "`-' is only valid as part of `--'.");
+ token->type = LEX_T_HYPHEN;
}
break;
diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
index 0762781..71d420d 100644
--- a/northd/ovn-northd.c
+++ b/northd/ovn-northd.c
@@ -8849,7 +8849,13 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports,
is_v6 ? "6" : "4", nat->logical_ip);
} else {
ds_put_format(&actions, "flags.loopback = 1; "
- "ct_dnat(%s);", nat->logical_ip);
+ "ct_dnat(%s", nat->logical_ip);
+
+ if (strlen(nat->external_port_range)) {
+ ds_put_format(&actions, ",%s",
+ nat->external_port_range);
+ }
+ ds_put_format(&actions, ");");
}
ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_DNAT, 100,
@@ -8877,8 +8883,12 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports,
ds_put_format(&actions, "ip%s.dst=%s; next;",
is_v6 ? "6" : "4", nat->logical_ip);
} else {
- ds_put_format(&actions, "ct_dnat(%s);",
- nat->logical_ip);
+ ds_put_format(&actions, "ct_dnat(%s", nat->logical_ip);
+ if (strlen(nat->external_port_range)) {
+ ds_put_format(&actions, ",%s",
+ nat->external_port_range);
+ }
+ ds_put_format(&actions, ");");
}
ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_DNAT, 100,
@@ -8982,8 +8992,14 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports,
ds_put_format(&actions, "ip%s.src=%s; next;",
is_v6 ? "6" : "4", nat->external_ip);
} else {
- ds_put_format(&actions, "ct_snat(%s);",
+ ds_put_format(&actions, "ct_snat(%s",
nat->external_ip);
+
+ if (strlen(nat->external_port_range)) {
+ ds_put_format(&actions, ",%s",
+ nat->external_port_range);
+ }
+ ds_put_format(&actions, ");");
}
/* The priority here is calculated such that the
@@ -9020,8 +9036,13 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports,
ds_put_format(&actions, "ip%s.src=%s; next;",
is_v6 ? "6" : "4", nat->external_ip);
} else {
- ds_put_format(&actions, "ct_snat(%s);",
+ ds_put_format(&actions, "ct_snat(%s",
nat->external_ip);
+ if (strlen(nat->external_port_range)) {
+ ds_put_format(&actions, ",%s",
+ nat->external_port_range);
+ }
+ ds_put_format(&actions, ");");
}
/* The priority here is calculated such that the
diff --git a/tests/ovn-northd.at b/tests/ovn-northd.at
index d127152..8cc3f70 100644
--- a/tests/ovn-northd.at
+++ b/tests/ovn-northd.at
@@ -1074,6 +1074,70 @@ AT_CHECK([ovn-sbctl dump-flows R1 | grep ip6.src=| wc -l], [0], [2
AT_CLEANUP
+AT_SETUP([ovn -- check portrange dnat, snat and dnat_and_snat rules])
+ovn_start
+
+ovn-sbctl chassis-add gw1 geneve 127.0.0.1
+
+ovn-nbctl lr-add R1
+ovn-nbctl lrp-add R1 R1-S1 02:ac:10:01:00:01 172.16.1.1/24
+
+ovn-nbctl ls-add S1
+ovn-nbctl lsp-add S1 S1-R1
+ovn-nbctl lsp-set-type S1-R1 router
+ovn-nbctl lsp-set-addresses S1-R1 router
+ovn-nbctl --wait=sb lsp-set-options S1-R1 router-port=R1-S1
+
+ovn-nbctl lrp-set-gateway-chassis R1-S1 gw1
+
+uuid=`ovn-sbctl --columns=_uuid --bare find Port_Binding logical_port=cr-R1-S1`
+echo "CR-LRP UUID is: " $uuid
+
+# IPV4
+ovn-nbctl --portrange lr-nat-add R1 dnat_and_snat 172.16.1.1 50.0.0.11 1-3000
+
+OVS_WAIT_UNTIL([test 2 = `ovn-sbctl dump-flows R1 | grep lr_in_unsnat | \
+wc -l`])
+
+AT_CHECK([ovn-sbctl dump-flows R1 | grep ct_snat | grep 3000 | wc -l], [0], [1
+])
+
+AT_CHECK([ovn-sbctl dump-flows R1 | grep ct_dnat | grep 3000 | wc -l], [0], [1
+])
+
+
+ovn-nbctl lr-nat-del R1 dnat_and_snat 172.16.1.1
+
+ovn-nbctl --portrange lr-nat-add R1 snat 172.16.1.1 50.0.0.11 1-3000
+
+OVS_WAIT_UNTIL([test 2 = `ovn-sbctl dump-flows R1 | grep lr_in_unsnat | \
+wc -l`])
+
+AT_CHECK([ovn-sbctl dump-flows R1 | grep ct_snat | grep 3000 | wc -l], [0], [1
+])
+
+AT_CHECK([ovn-sbctl dump-flows R1 | grep ct_dnat | grep 3000 | wc -l], [0], [0
+])
+
+ovn-nbctl lr-nat-del R1 snat 172.16.1.1
+
+ovn-nbctl --portrange --stateless lr-nat-add R1 dnat_and_snat 172.16.1.2 50.0.0.12 1-3000
+ovn-sbctl dump-flows R1
+
+OVS_WAIT_UNTIL([test 3 = `ovn-sbctl dump-flows R1 | grep lr_in_unsnat | \
+wc -l`])
+
+AT_CHECK([ovn-sbctl dump-flows R1 | grep ct_snat | grep 3000 | grep 172.16.1.2 | wc -l], [0], [0
+])
+
+AT_CHECK([ovn-sbctl dump-flows R1 | grep ct_dnat | grep 3000 | grep 172.16.1.2 | wc -l], [0], [0
+])
+
+
+ovn-nbctl lr-nat-del R1 dnat_and_snat 172.16.1.1
+
+AT_CLEANUP
+
AT_SETUP([ovn -- check Load balancer health check and Service Monitor sync])
AT_SKIP_IF([test $HAVE_PYTHON = no])
ovn_start
diff --git a/tests/ovn.at b/tests/ovn.at
index 0135838..314be47 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -136,7 +136,6 @@ fe:x => error("Invalid numeric constant.")
(){}[[]]==!=<<=>>=!&&||..,;=<->--: => ( ) { } [[ ]] == != < <= > >= ! && || .. , ; = <-> -- :
& => error("`&' is only valid as part of `&&'.")
| => error("`|' is only valid as part of `||'.")
-- => error("`-' is only valid as part of `--'.")
^ => error("Invalid character `^' in input.")
])
@@ -1049,15 +1048,29 @@ ct_dnat(192.168.1.2);
ct_dnat(fd11::2);
encodes as ct(commit,table=19,zone=NXM_NX_REG11[0..15],nat(dst=fd11::2))
has prereqs ip
+ct_dnat(192.168.1.2, 1-3000);
+ formats as ct_dnat(192.168.1.2,1-3000);
+ encodes as ct(commit,table=19,zone=NXM_NX_REG11[0..15],nat(dst=192.168.1.2:1-3000))
+ has prereqs ip
ct_dnat(192.168.1.2, 192.168.1.3);
- Syntax error at `,' expecting `)'.
+ Syntax error at `192.168.1.3' expecting Integer for port range.
ct_dnat(foo);
Syntax error at `foo' expecting IPv4 or IPv6 address.
ct_dnat(foo, bar);
Syntax error at `foo' expecting IPv4 or IPv6 address.
ct_dnat();
Syntax error at `)' expecting IPv4 or IPv6 address.
+ct_dnat(192.168.1.2, foo);
+ Syntax error at `foo' expecting Integer for port range.
+ct_dnat(192.168.1.2, 1000-foo);
+ Syntax error at `foo' expecting Integer for port range.
+ct_dnat(192.168.1.2, 1000);
+ formats as ct_dnat(192.168.1.2,1000);
+ encodes as ct(commit,table=19,zone=NXM_NX_REG11[0..15],nat(dst=192.168.1.2:1000))
+ has prereqs ip
+ct_dnat(192.168.1.2, 1000-100);
+ Syntax error at `100' range high should be greater than range lo.
# ct_snat
ct_snat;
@@ -1069,16 +1082,29 @@ ct_snat(192.168.1.2);
ct_snat(fd11::2);
encodes as ct(commit,table=19,zone=NXM_NX_REG12[0..15],nat(src=fd11::2))
has prereqs ip
+ct_snat(192.168.1.2, 1-3000);
+ formats as ct_snat(192.168.1.2,1-3000);
+ encodes as ct(commit,table=19,zone=NXM_NX_REG12[0..15],nat(src=192.168.1.2:1-3000))
+ has prereqs ip
ct_snat(192.168.1.2, 192.168.1.3);
- Syntax error at `,' expecting `)'.
+ Syntax error at `192.168.1.3' expecting Integer for port range.
ct_snat(foo);
Syntax error at `foo' expecting IPv4 or IPv6 address.
ct_snat(foo, bar);
Syntax error at `foo' expecting IPv4 or IPv6 address.
ct_snat();
Syntax error at `)' expecting IPv4 or IPv6 address.
-
+ct_snat(192.168.1.2, foo);
+ Syntax error at `foo' expecting Integer for port range.
+ct_snat(192.168.1.2, 1000-foo);
+ Syntax error at `foo' expecting Integer for port range.
+ct_snat(192.168.1.2, 1000);
+ formats as ct_snat(192.168.1.2,1000);
+ encodes as ct(commit,table=19,zone=NXM_NX_REG12[0..15],nat(src=192.168.1.2:1000))
+ has prereqs ip
+ct_snat(192.168.1.2, 1000-100);
+ Syntax error at `100' range high should be greater than range lo.
# ct_clear
ct_clear;
encodes as ct_clear