[ovs-discuss] ACL tcp reject action problem when stateful ACL exists
Han Zhou
hzhou at ovn.org
Mon Sep 28 00:59:10 UTC 2020
In test case acl-reject, there are no stateful ACLs and the test case works
well. However, adding a stateful ACL even with a low priority (which
shouldn't change the expected behavior of the test case) resulted in the
test case failing. Below is the change for the test case.
----- 8>< ------------------------------------------------ ><8 -----
diff --git a/tests/ovn.at b/tests/ovn.at
index b6c8622ba..85601c0f5 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -12885,6 +12885,7 @@ done
ovn-nbctl --log acl-add sw0 to-lport 1000 "outport == \"sw0-p12\"" reject
ovn-nbctl --log acl-add sw0 from-lport 1000 "inport == \"sw0-p11\"" reject
ovn-nbctl --log acl-add sw0 from-lport 1000 "inport == \"sw0-p21\"" reject
+ovn-nbctl --log acl-add sw0 from-lport 100 "inport == \"sw0-p21\""
allow-related
# Allow some time for ovn-northd and ovn-controller to catch up.
ovn-nbctl --timeout=3 --wait=hv sync
----- 8>< ------------------------------------------------ ><8 -----
I haven't checked the root cause yet, but it seems to be a bug that has
exsited for a long time - it fails even on branch 20.03. I haven't tried
older branches yet.
Thanks,
Han
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20200927/b8656350/attachment.html>
More information about the discuss
mailing list