priority=100,in_port=2,ct_state=+trk+est,udp,action=controller
])
-AT_CHECK([ovs-ofctl add-flows br0 flows.txt])
+AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt])
AT_CAPTURE_FILE([ofctl_monitor.log])
AT_CHECK([ovs-ofctl monitor br0 65534 invalid_ttl --detach --no-chdir --pidfile 2> ofctl_monitor.log])
priority=100,in_port=2,ct_state=+trk+est,tcp,action=1
])
-AT_CHECK([ovs-ofctl add-flows br0 flows.txt])
+AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt])
dnl Basic connectivity check.
NS_CHECK_EXEC([at_ns0], [ping -q -c 3 -i 0.3 -w 2 10.1.1.2 >/dev/null])
priority=100,in_port=2,ct_state=+trk+est,tcp6,action=1
])
-AT_CHECK([ovs-ofctl add-flows br0 flows.txt])
+AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt])
dnl Without this sleep, we get occasional failures due to the following error:
dnl "connect: Cannot assign requested address"
priority=100,in_port=4,tcp,ct_state=+trk,action=3
])
-AT_CHECK([ovs-ofctl add-flows br0 flows.txt])
+AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt])
dnl HTTP requests from p0->p1 should work fine.
NETNS_DAEMONIZE([at_ns1], [[$PYTHON $srcdir/test-l7.py]], [http0.pid])
priority=100,in_port=4,tcp,ct_state=+trk,action=3
])
-AT_CHECK([ovs-ofctl add-flows br0 flows.txt])
+AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt])
dnl HTTP requests from p0->p1 should work fine.
NETNS_DAEMONIZE([at_ns1], [[$PYTHON $srcdir/test-l7.py]], [http0.pid])
priority=100,in_port=4,ct_state=+trk+new,tcp,action=3
])
-AT_CHECK([ovs-ofctl add-flows br0 flows.txt])
+AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt])
dnl We set up our rules to allow the request without committing. The return
dnl traffic can't be identified, because the initial request wasn't committed.
priority=100,in_port=4,ct_state=+trk,ct_zone=1,tcp,action=3
])
-AT_CHECK([ovs-ofctl add-flows br0 flows.txt])
+AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt])
dnl HTTP requests from p0->p1 should work fine.
NETNS_DAEMONIZE([at_ns1], [[$PYTHON $srcdir/test-l7.py]], [http0.pid])
priority=100,in_port=4,ct_state=+trk,ct_zone=0x1001,tcp,action=3
])
-AT_CHECK([ovs-ofctl add-flows br0 flows.txt])
+AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt])
dnl HTTP requests from p0->p1 should work fine.
NETNS_DAEMONIZE([at_ns1], [[$PYTHON $srcdir/test-l7.py]], [http0.pid])
priority=100,in_port=2,tcp,ct_state=+trk+est,ct_zone=2,action=ct(commit,zone=2),1
])
-AT_CHECK([ovs-ofctl add-flows br0 flows-br0.txt])
-AT_CHECK([ovs-ofctl add-flows br1 flows-br1.txt])
+AT_CHECK([ovs-ofctl --bundle add-flows br0 flows-br0.txt])
+AT_CHECK([ovs-ofctl --bundle add-flows br1 flows-br1.txt])
dnl HTTP requests from p0->p1 should work fine.
NETNS_DAEMONIZE([at_ns1], [[$PYTHON $srcdir/test-l7.py]], [http0.pid])
priority=100,in_port=2,ct_state=+trk,ct_zone=2,tcp,action=1
])
-AT_CHECK([ovs-ofctl add-flows br0 flows.txt])
+AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt])
dnl HTTP requests from p0->p1 should work fine.
NETNS_DAEMONIZE([at_ns1], [[$PYTHON $srcdir/test-l7.py]], [http0.pid])
table=2,priority=100,in_port=1,ip,ct_state=+trk+est,ct_zone=2,action=LOCAL
])
-AT_CHECK([ovs-ofctl add-flows br0 flows.txt])
+AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt])
AT_CHECK([ping -q -c 3 -i 0.3 -w 2 10.1.1.2 | FORMAT_PING], [0], [dnl
3 packets transmitted, 3 received, 0% packet loss, time 0ms
table=4,priority=100,ip,action=output:NXM_NX_REG0[[]]
])
-AT_CHECK([ovs-ofctl add-flows br0 flows.txt])
+AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt])
AT_CHECK([ping -q -c 3 -i 0.3 -w 2 10.1.1.2 | FORMAT_PING], [0], [dnl
3 packets transmitted, 3 received, 0% packet loss, time 0ms
priority=100,in_port=4,ct_state=+trk,ct_mark=1,tcp,action=3
])
-AT_CHECK([ovs-ofctl add-flows br0 flows.txt])
+AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt])
dnl HTTP requests from p0->p1 should work fine.
NETNS_DAEMONIZE([at_ns1], [[$PYTHON $srcdir/test-l7.py]], [http0.pid])
priority=100,in_port=4,ct_state=+trk,ct_mark=1,tcp,action=3
])
-AT_CHECK([ovs-ofctl add-flows br0 flows.txt])
+AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt])
dnl HTTP requests from p0->p1 should work fine.
NETNS_DAEMONIZE([at_ns1], [[$PYTHON $srcdir/test-l7.py]], [http0.pid])
priority=100,in_port=4,ct_state=+trk,ct_label=0x0a000d000005000001,tcp,action=3
])
-AT_CHECK([ovs-ofctl add-flows br0 flows.txt])
+AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt])
dnl HTTP requests from p0->p1 should work fine.
NETNS_DAEMONIZE([at_ns1], [[$PYTHON $srcdir/test-l7.py]], [http0.pid])
priority=100,in_port=2,icmp,ct_state=+trk+rel,ct_mark=1,action=1
])
-AT_CHECK([ovs-ofctl add-flows br0 flows.txt])
+AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt])
dnl UDP packets from ns0->ns1 should solicit "destination unreachable" response.
dnl We pass "-q 1" here to handle openbsd-style nc that can't quit immediately.
AT_DATA([flows.txt], [dnl
priority=1,action=drop
priority=10,arp,action=normal
-priority=100,in_port=1,ct_state=-trk,udp,action=ct(commit,table=0)
-priority=100,in_port=1,ct_state=+trk,actions=controller
-priority=100,in_port=2,ct_state=-trk,action=ct(table=0)
-priority=100,in_port=2,ct_state=+trk+rel+rpl,action=controller
+priority=100,in_port=1,udp,ct_state=-trk,action=ct(commit,table=0)
+priority=100,in_port=1,ip,ct_state=+trk,actions=controller
+priority=100,in_port=2,ip,ct_state=-trk,action=ct(table=0)
+priority=100,in_port=2,ip,ct_state=+trk+rel+rpl,action=controller
])
-AT_CHECK([ovs-ofctl add-flows br0 flows.txt])
+AT_CHECK([ovs-ofctl --bundle replace-flows br0 flows.txt])
AT_CAPTURE_FILE([ofctl_monitor.log])
AT_CHECK([ovs-ofctl monitor br0 65534 invalid_ttl --detach --no-chdir --pidfile 2> ofctl_monitor.log])
priority=100,in_port=2,tcp,ct_state=+trk-new+rel,action=1
])
-AT_CHECK([ovs-ofctl add-flows br0 flows1.txt])
+AT_CHECK([ovs-ofctl --bundle replace-flows br0 flows1.txt])
NETNS_DAEMONIZE([at_ns0], [[$PYTHON $srcdir/test-l7.py ftp]], [ftp1.pid])
NETNS_DAEMONIZE([at_ns1], [[$PYTHON $srcdir/test-l7.py ftp]], [ftp0.pid])
])
dnl Try the second set of flows.
+AT_CHECK([ovs-ofctl --bundle replace-flows br0 flows2.txt])
conntrack -F
-AT_CHECK([ovs-ofctl del-flows br0])
-AT_CHECK([ovs-ofctl add-flows br0 flows2.txt])
dnl FTP requests from p1->p0 should fail due to network failure.
dnl Try 3 times, in 1 second intervals.
priority=100,in_port=2,tcp,ct_zone=1,ct_state=+trk+est,action=1
])
-AT_CHECK([ovs-ofctl add-flows br0 flows.txt])
+AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt])
NETNS_DAEMONIZE([at_ns0], [[$PYTHON $srcdir/test-l7.py ftp]], [ftp1.pid])
NETNS_DAEMONIZE([at_ns1], [[$PYTHON $srcdir/test-l7.py ftp]], [ftp0.pid])
priority=100,in_port=2,ct_state=+trk+est-new,icmp,action=1
])
-AT_CHECK([ovs-ofctl add-flows br0 flows.txt])
+AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt])
dnl Basic connectivity check.
NS_CHECK_EXEC([at_ns0], [ping -q -c 3 -i 0.3 -w 2 10.1.1.2 | FORMAT_PING], [0], [dnl
priority=100,in_port=2,ct_state=+trk+est-new,icmp,action=1
])
-AT_CHECK([ovs-ofctl add-flows br0 flows.txt])
+AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt])
dnl Basic connectivity check.
NS_CHECK_EXEC([at_ns0], [ping -q -c 3 -i 0.3 -w 2 10.2.2.2 | FORMAT_PING], [0], [dnl
priority=100,icmp6,icmp_type=136,action=normal
])
-AT_CHECK([ovs-ofctl add-flows br0 flows.txt])
+AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt])
dnl Without this sleep, we get occasional failures due to the following error:
dnl "connect: Cannot assign requested address"
priority=100,icmp6,icmp_type=136,action=normal
])
-AT_CHECK([ovs-ofctl add-flows br0 flows.txt])
+AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt])
dnl Without this sleep, we get occasional failures due to the following error:
dnl "connect: Cannot assign requested address"
priority=100,in_port=LOCAL,ct_state=+trk+est,icmp,action=1
])
-AT_CHECK([ovs-ofctl add-flows br0 flows.txt])
+AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt])
dnl Set up underlay link from host into the namespace using veth pair.
ADD_VETH(p0, at_ns0, br-underlay, "172.31.1.1/24")