]> git.proxmox.com Git - mirror_ovs.git/blame - tests/ovn.at
projects / mirror_ovs.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
ovn: specify addresses of type "router" lsps as "router"
[mirror_ovs.git] / tests / ovn.at
CommitLineData
49d7c759
BP		 1# OVN_CHECK_PACKETS([PCAP], [EXPECTED])
2#
3# This compares packets read from PCAP, in pcap format, to those read
4# from EXPECTED, which is a text file containing packets as hex
5# strings, one per line. If PCAP contains fewer packets than
6# EXPECTED, it waits up to 10 seconds for more packets to appear.
7#
8# The implementation is an m4 macro that is mostly implemented in
9# terms of a shell function. This reduces the size of the generated
10# testsuite file since the shell function is only emitted once even
11# when this macro is invoked many times.
12m4_divert_text([PREPARE_TESTS],
13 [ovn_check_packets__ () {
14 echo
15 echo "checking packets in $1 against $2:"
16 rcv_pcap=$1
17 rcv_text=`echo "$rcv_pcap.packets" | sed 's/\.pcap//'`
18 exp_text=$2
19 exp_n=`wc -l < "$exp_text"`
20 ovs_wait_cond () {
abb37b6b
FF		 21 $PYTHON "$top_srcdir/utilities/ovs-pcap.in" $rcv_pcap > $rcv_text
22 rcv_n=`wc -l < "$rcv_text"`
23 test $rcv_n -ge $exp_n
49d7c759
BP		 24 }
25 ovs_wait || echo "expected $exp_n packets, only received $rcv_n"
26
e4543cfe 27 sort $exp_text > expout
49d7c759
BP		 28 }
29])
30m4_define([OVN_CHECK_PACKETS],
31 [ovn_check_packets__ "$1" "$2"
32 AT_CHECK([sort $rcv_text], [0], [expout])])
33
f295c17b 34AT_BANNER([OVN components])
10b1662b
BP		 35
36AT_SETUP([ovn -- lexer])
37dnl For lines without =>, input and expected output are identical.
38dnl For lines with =>, input precedes => and expected output follows =>.
39AT_DATA([test-cases.txt], [dnl
40foo bar baz quuxquuxquux _abcd_ a.b.c.d a123_.456
41"abc\u0020def" => "abc def"
42" => error("Input ends inside quoted string.")dnl "
43
2c5cbb15
RB		 44$foo $bar $baz $quuxquuxquux $_abcd_ $a.b.c.d $a123_.456
45$1 => error("`$' must be followed by a valid identifier.") 1
46
10b1662b
BP		 47a/*b*/c => a c
48a//b c => a
49a/**/b => a b
50a/*/b => a error("`/*' without matching `*/'.")
51a/*/**/b => a b
52a/b => a error("`/' is only valid as part of `//' or `/*'.") b
53
540 1 12345 18446744073709551615
5518446744073709551616 => error("Decimal constants must be less than 2**64.")
569999999999999999999999 => error("Decimal constants must be less than 2**64.")
5701 => error("Decimal constants must not have leading zeros.")
58
590/0
600/1
611/0 => error("Value contains unmasked 1-bits.")
621/1
63128/384
641/3
651/ => error("Integer constant expected.")
66
671/0x123 => error("Value and mask have incompatible formats.")
68
690x1234
700x01234 => 0x1234
710x0 => 0
720x000 => 0
730xfedcba9876543210
740XFEDCBA9876543210 => 0xfedcba9876543210
750xfedcba9876543210fedcba9876543210
10b1662b
BP		 760x0000fedcba9876543210fedcba9876543210 => 0xfedcba9876543210fedcba9876543210
770x => error("Hex digits expected following 0x.")
780X => error("Hex digits expected following 0X.")
790x0/0x0 => 0/0
800x0/0x1 => 0/0x1
810x1/0x0 => error("Value contains unmasked 1-bits.")
820xffff/0x1ffff
830x. => error("Invalid syntax in hexadecimal constant.")
84
85192.168.128.1 1.2.3.4 255.255.255.255 0.0.0.0
86256.1.2.3 => error("Invalid numeric constant.")
87192.168.0.0/16
88192.168.0.0/255.255.0.0 => 192.168.0.0/16
89192.168.0.0/255.255.255.0 => 192.168.0.0/24
90192.168.0.0/255.255.0.255
91192.168.0.0/255.0.0.0 => error("Value contains unmasked 1-bits.")
92192.168.0.0/32
93192.168.0.0/255.255.255.255 => 192.168.0.0/32
52c0fc39 941.2.3.4:5 => 1.2.3.4 : 5
10b1662b
BP		 95
96::
97::1
98ff00::1234 => ff00::1234
992001:db8:85a3::8a2e:370:7334
1002001:db8:85a3:0:0:8a2e:370:7334 => 2001:db8:85a3::8a2e:370:7334
1012001:0db8:85a3:0000:0000:8a2e:0370:7334 => 2001:db8:85a3::8a2e:370:7334
102::ffff:192.0.2.128
103::ffff:c000:0280 => ::ffff:192.0.2.128
104::1/::1
105::1/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff => ::1/128
106::1/128
107ff00::/8
108ff00::/ff00:: => ff00::/8
109
11001:23:45:67:ab:cd
11101:23:45:67:AB:CD => 01:23:45:67:ab:cd
112fe:dc:ba:98:76:54
113FE:DC:ba:98:76:54 => fe:dc:ba:98:76:54
11401:00:00:00:00:00/01:00:00:00:00:00
115ff:ff:ff:ff:ff:ff/ff:ff:ff:ff:ff:ff
116fe:ff:ff:ff:ff:ff/ff:ff:ff:ff:ff:ff
117ff:ff:ff:ff:ff:ff/fe:ff:ff:ff:ff:ff => error("Value contains unmasked 1-bits.")
118fe:x => error("Invalid numeric constant.")
11900:01:02:03:04:x => error("Invalid numeric constant.")
120
a20c96c6 121# Test that operators are tokenized as expected, even without white space.
52c0fc39 122(){}[[]]==!=<<=>>=!&&||..,;=<->--: => ( ) { } [[ ]] == != < <= > >= ! && || .. , ; = <-> -- :
10b1662b
BP		 123& => error("`&' is only valid as part of `&&'.")
124| => error("`|' is only valid as part of `||'.")
56091efe 125- => error("`-' is only valid as part of `--'.")
10b1662b
BP		 126
127^ => error("Invalid character `^' in input.")
128])
129AT_CAPTURE_FILE([input.txt])
130sed 's/ =>.*//' test-cases.txt > input.txt
131sed 's/.* => //' test-cases.txt > expout
132AT_CHECK([ovstest test-ovn lex < input.txt], [0], [expout])
133AT_CLEANUP
e0840f11 134
7700eea0
BP		 135dnl The OVN expression parser needs to know what fields overlap with one
136dnl another. This test therefore verifies that all the smaller registers
137dnl are defined as terms of subfields of the larger ones.
138dnl
139dnl When we add or remove registers this test needs to be updated, of course.
140AT_SETUP([ovn -- registers])
141AT_CHECK([ovstest test-ovn dump-symtab | grep reg | sort], [0],
142[[reg0 = xxreg0[96..127]
143reg1 = xxreg0[64..95]
144reg2 = xxreg0[32..63]
145reg3 = xxreg0[0..31]
146reg4 = xxreg1[96..127]
147reg5 = xxreg1[64..95]
148reg6 = xxreg1[32..63]
149reg7 = xxreg1[0..31]
150reg8 = xreg4[32..63]
151reg9 = xreg4[0..31]
152xreg0 = xxreg0[64..127]
153xreg1 = xxreg0[0..63]
154xreg2 = xxreg1[64..127]
155xreg3 = xxreg1[0..63]
156xreg4 = OXM_OF_PKT_REG4
157xxreg0 = NXM_NX_XXREG0
158xxreg1 = NXM_NX_XXREG1
159]])
160AT_CLEANUP
161
2277b860
BP		 162dnl Check that the OVN conntrack field definitions are correct.
163AT_SETUP([ovn -- conntrack fields])
164AT_CHECK([ovstest test-ovn dump-symtab | grep ^ct | sort], [0],
858c2f76
GS		 165[[ct.dnat = ct_state[7]
166ct.est = ct_state[1]
2277b860
BP		 167ct.inv = ct_state[4]
168ct.new = ct_state[0]
169ct.rel = ct_state[2]
170ct.rpl = ct_state[3]
858c2f76 171ct.snat = ct_state[6]
2277b860
BP		 172ct.trk = ct_state[5]
173ct_label = NXM_NX_CT_LABEL
b73db61d 174ct_label.blocked = ct_label[0]
2277b860
BP		 175ct_mark = NXM_NX_CT_MARK
176ct_state = NXM_NX_CT_STATE
177]])
178AT_CLEANUP
179
42d36b58
AZ		 180AT_SETUP([ovn -- compsition])
181AT_CHECK([ovstest test-ovn composition 2], [0], [ignore])
182AT_CLEANUP
183
e0840f11
BP		 184AT_SETUP([ovn -- expression parser])
185dnl For lines without =>, input and expected output are identical.
186dnl For lines with =>, input precedes => and expected output follows =>.
187AT_DATA([test-cases.txt], [[
188eth.type == 0x800
189eth.type==0x800 => eth.type == 0x800
190eth.type[0..15] == 0x800 => eth.type == 0x800
191
192vlan.present
193vlan.present == 1 => vlan.present
194!(vlan.present == 0) => vlan.present
195!(vlan.present != 1) => vlan.present
196!vlan.present
197vlan.present == 0 => !vlan.present
198vlan.present != 1 => !vlan.present
199!(vlan.present == 1) => !vlan.present
200!(vlan.present != 0) => !vlan.present
201
202eth.dst[0]
203eth.dst[0] == 1 => eth.dst[0]
204eth.dst[0] != 0 => eth.dst[0]
205!(eth.dst[0] == 0) => eth.dst[0]
206!(eth.dst[0] != 1) => eth.dst[0]
207
208!eth.dst[0]
209eth.dst[0] == 0 => !eth.dst[0]
210eth.dst[0] != 1 => !eth.dst[0]
211!(eth.dst[0] == 1) => !eth.dst[0]
212!(eth.dst[0] != 0) => !eth.dst[0]
213
214vlan.tci[12..15] == 0x3
215vlan.tci == 0x3000/0xf000 => vlan.tci[12..15] == 0x3
216vlan.tci[12..15] != 0x3
217vlan.tci != 0x3000/0xf000 => vlan.tci[12..15] != 0x3
218
219!vlan.pcp => vlan.pcp == 0
220!(vlan.pcp) => vlan.pcp == 0
221vlan.pcp == 0x4
222vlan.pcp != 0x4
223vlan.pcp > 0x4
224vlan.pcp >= 0x4
225vlan.pcp < 0x4
226vlan.pcp <= 0x4
227!(vlan.pcp != 0x4) => vlan.pcp == 0x4
228!(vlan.pcp == 0x4) => vlan.pcp != 0x4
229!(vlan.pcp <= 0x4) => vlan.pcp > 0x4
230!(vlan.pcp < 0x4) => vlan.pcp >= 0x4
231!(vlan.pcp >= 0x4) => vlan.pcp < 0x4
232!(vlan.pcp > 0x4) => vlan.pcp <= 0x4
2330x4 == vlan.pcp => vlan.pcp == 0x4
2340x4 != vlan.pcp => vlan.pcp != 0x4
2350x4 < vlan.pcp => vlan.pcp > 0x4
2360x4 <= vlan.pcp => vlan.pcp >= 0x4
2370x4 > vlan.pcp => vlan.pcp < 0x4
2380x4 >= vlan.pcp => vlan.pcp <= 0x4
239!(0x4 != vlan.pcp) => vlan.pcp == 0x4
240!(0x4 == vlan.pcp) => vlan.pcp != 0x4
241!(0x4 >= vlan.pcp) => vlan.pcp > 0x4
242!(0x4 > vlan.pcp) => vlan.pcp >= 0x4
243!(0x4 <= vlan.pcp) => vlan.pcp < 0x4
244!(0x4 < vlan.pcp) => vlan.pcp <= 0x4
245
2461 < vlan.pcp < 4 => vlan.pcp > 0x1 && vlan.pcp < 0x4
2471 <= vlan.pcp <= 4 => vlan.pcp >= 0x1 && vlan.pcp <= 0x4
2481 < vlan.pcp <= 4 => vlan.pcp > 0x1 && vlan.pcp <= 0x4
2491 <= vlan.pcp < 4 => vlan.pcp >= 0x1 && vlan.pcp < 0x4
2501 <= vlan.pcp <= 4 => vlan.pcp >= 0x1 && vlan.pcp <= 0x4
2514 > vlan.pcp > 1 => vlan.pcp < 0x4 && vlan.pcp > 0x1
2524 >= vlan.pcp > 1 => vlan.pcp <= 0x4 && vlan.pcp > 0x1
2534 > vlan.pcp >= 1 => vlan.pcp < 0x4 && vlan.pcp >= 0x1
2544 >= vlan.pcp >= 1 => vlan.pcp <= 0x4 && vlan.pcp >= 0x1
255!(1 < vlan.pcp < 4) => vlan.pcp <= 0x1 || vlan.pcp >= 0x4
256!(1 <= vlan.pcp <= 4) => vlan.pcp < 0x1 || vlan.pcp > 0x4
257!(1 < vlan.pcp <= 4) => vlan.pcp <= 0x1 || vlan.pcp > 0x4
258!(1 <= vlan.pcp < 4) => vlan.pcp < 0x1 || vlan.pcp >= 0x4
259!(1 <= vlan.pcp <= 4) => vlan.pcp < 0x1 || vlan.pcp > 0x4
260!(4 > vlan.pcp > 1) => vlan.pcp >= 0x4 || vlan.pcp <= 0x1
261!(4 >= vlan.pcp > 1) => vlan.pcp > 0x4 || vlan.pcp <= 0x1
262!(4 > vlan.pcp >= 1) => vlan.pcp >= 0x4 || vlan.pcp < 0x1
263!(4 >= vlan.pcp >= 1) => vlan.pcp > 0x4 || vlan.pcp < 0x1
264
265vlan.pcp == {1, 2, 3, 4} => vlan.pcp == 0x1 || vlan.pcp == 0x2 || vlan.pcp == 0x3 || vlan.pcp == 0x4
266vlan.pcp == 1 || ((vlan.pcp == 2 || vlan.pcp == 3) || vlan.pcp == 4) => vlan.pcp == 0x1 || vlan.pcp == 0x2 || vlan.pcp == 0x3 || vlan.pcp == 0x4
267
268vlan.pcp != {1, 2, 3, 4} => vlan.pcp != 0x1 && vlan.pcp != 0x2 && vlan.pcp != 0x3 && vlan.pcp != 0x4
269vlan.pcp == 1 && ((vlan.pcp == 2 && vlan.pcp == 3) && vlan.pcp == 4) => vlan.pcp == 0x1 && vlan.pcp == 0x2 && vlan.pcp == 0x3 && vlan.pcp == 0x4
270
271vlan.pcp == 1 && !((vlan.pcp == 2 && vlan.pcp == 3) && vlan.pcp == 4) => vlan.pcp == 0x1 && (vlan.pcp != 0x2 || vlan.pcp != 0x3 || vlan.pcp != 0x4)
272vlan.pcp == 1 && (!(vlan.pcp == 2 && vlan.pcp == 3) && vlan.pcp == 4) => vlan.pcp == 0x1 && (vlan.pcp != 0x2 || vlan.pcp != 0x3) && vlan.pcp == 0x4
273vlan.pcp == 1 && !(!(vlan.pcp == 2 && vlan.pcp == 3) && vlan.pcp == 4) => vlan.pcp == 0x1 && ((vlan.pcp == 0x2 && vlan.pcp == 0x3) || vlan.pcp != 0x4)
274
275ip4.src == {10.0.0.0/8, 192.168.0.0/16, 172.16.20.0/24, 8.8.8.8} => ip4.src[24..31] == 0xa || ip4.src[16..31] == 0xc0a8 || ip4.src[8..31] == 0xac1014 || ip4.src == 0x8080808
276ip6.src == ::1 => ip6.src == 0x1
277
278ip4.src == 1.2.3.4 => ip4.src == 0x1020304
279ip4.src == ::1.2.3.4/::ffff:ffff => ip4.src == 0x1020304
280ip6.src == ::1 => ip6.src == 0x1
281
2821
2830
284!1 => 0
285!0 => 1
286
287inport == "eth0"
288!(inport != "eth0") => inport == "eth0"
289
3b7cb7e1
BP		 290ip4.src == "eth0" => Integer field ip4.src is not compatible with string constant.
291inport == 1 => String field inport is not compatible with integer constant.
76da94b5 292ip4.src = 1.2.3.4 => Syntax error at `=' expecting relational operator.
e0840f11
BP		 293
294ip4.src > {1, 2, 3} => Only == and != operators may be used with value sets.
295eth.type > 0x800 => Only == and != operators may be used with nominal field eth.type.
296vlan.present > 0 => Only == and != operators may be used with Boolean field vlan.present.
297
298inport != "eth0" => Nominal field inport may only be tested for equality (taking enclosing `!' operators into account).
299!(inport == "eth0") => Nominal field inport may only be tested for equality (taking enclosing `!' operators into account).
300eth.type != 0x800 => Nominal field eth.type may only be tested for equality (taking enclosing `!' operators into account).
301!(eth.type == 0x800) => Nominal field eth.type may only be tested for equality (taking enclosing `!' operators into account).
76da94b5 302inport = "eth0" => Syntax error at `=' expecting relational operator.
e0840f11
BP		 303
304123 == 123 => Syntax error at `123' expecting field name.
305
2c5cbb15
RB		 306$name => Syntax error at `$name' expecting address set name.
307
e0840f11
BP		 308123 == xyzzy => Syntax error at `xyzzy' expecting field name.
309xyzzy == 1 => Syntax error at `xyzzy' expecting field name.
310
311inport[1] == 1 => Cannot select subfield of string field inport.
312
313eth.type[] == 1 => Syntax error at `@:>@' expecting small integer.
314eth.type[::1] == 1 => Syntax error at `::1' expecting small integer.
315eth.type[18446744073709551615] == 1 => Syntax error at `18446744073709551615' expecting small integer.
316
317eth.type[5!] => Syntax error at `!' expecting `@:>@'.
318
319eth.type[5..1] => Invalid bit range 5 to 1.
320
321eth.type[12..16] => Cannot select bits 12 to 16 of 16-bit field eth.type.
322
323eth.type[10] == 1 => Cannot select subfield of nominal field eth.type.
324
325eth.type => Explicit `!= 0' is required for inequality test of multibit field against 0.
326
327!(!(vlan.pcp)) => Explicit `!= 0' is required for inequality test of multibit field against 0.
328
329123 => Syntax error at end of input expecting relational operator.
330
331123 x => Syntax error at `x' expecting relational operator.
332
333{1, "eth0"} => Syntax error at `"eth0"' expecting integer.
334
335eth.type == xyzzy => Syntax error at `xyzzy' expecting constant.
336
337(1 x) => Syntax error at `x' expecting `)'.
338
339!0x800 != eth.type => Missing parentheses around operand of !.
340
341eth.type == 0x800 || eth.type == 0x86dd && ip.proto == 17 => && and || must be parenthesized when used together.
342
343eth.dst == {} => Syntax error at `}' expecting constant.
344
345eth.src > 00:00:00:00:11:11/00:00:00:00:ff:ff => Only == and != operators may be used with masked constants. Consider using subfields instead (e.g. eth.src[0..15] > 0x1111 in place of eth.src > 00:00:00:00:11:11/00:00:00:00:ff:ff).
346
3b7cb7e1 347ip4.src == ::1 => 128-bit constant is not compatible with 32-bit field ip4.src.
e0840f11
BP		 348
3491 == eth.type == 2 => Range expressions must have the form `x < field < y' or `x > field > y', with each `<' optionally replaced by `<=' or `>' by `>=').
8b34ccda 350
9aef3c1b 351eth.dst[40] x => Syntax error at `x' expecting end of input.
ea382567
RB		 352
353ip4.src == {1.2.3.4, $set1, $unknownset} => Syntax error at `$unknownset' expecting address set name.
354eth.src == {$set3, badmac, 00:00:00:00:00:01} => Syntax error at `badmac' expecting constant.
e0840f11
BP		 355]])
356sed 's/ =>.*//' test-cases.txt > input.txt
357sed 's/.* => //' test-cases.txt > expout
358AT_CHECK([ovstest test-ovn parse-expr < input.txt], [0], [expout])
359AT_CLEANUP
360
361AT_SETUP([ovn -- expression annotation])
362dnl Input precedes =>, expected output follows =>.
363AT_DATA([test-cases.txt], [[
364ip4.src == 1.2.3.4 => ip4.src == 0x1020304 && eth.type == 0x800
365ip4.src != 1.2.3.4 => ip4.src != 0x1020304 && eth.type == 0x800
366ip.proto == 123 => ip.proto == 0x7b && (eth.type == 0x800 || eth.type == 0x86dd)
367ip.proto == {123, 234} => (ip.proto == 0x7b && (eth.type == 0x800 || eth.type == 0x86dd)) || (ip.proto == 0xea && (eth.type == 0x800 || eth.type == 0x86dd))
368ip4.src == 1.2.3.4 && ip4.dst == 5.6.7.8 => ip4.src == 0x1020304 && eth.type == 0x800 && ip4.dst == 0x5060708 && eth.type == 0x800
369
370ip => eth.type == 0x800 || eth.type == 0x86dd
371ip == 1 => eth.type == 0x800 || eth.type == 0x86dd
372ip[0] == 1 => eth.type == 0x800 || eth.type == 0x86dd
373ip > 0 => Only == and != operators may be used with nominal field ip.
374!ip => Nominal predicate ip may only be tested positively, e.g. `ip' or `ip == 1' but not `!ip' or `ip == 0'.
375ip == 0 => Nominal predicate ip may only be tested positively, e.g. `ip' or `ip == 1' but not `!ip' or `ip == 0'.
376
377vlan.present => vlan.tci[12]
378!vlan.present => !vlan.tci[12]
379
380!vlan.pcp => vlan.tci[13..15] == 0 && vlan.tci[12]
381vlan.pcp == 1 && vlan.vid == 2 => vlan.tci[13..15] == 0x1 && vlan.tci[12] && vlan.tci[0..11] == 0x2 && vlan.tci[12]
7700eea0 382!reg0 && !reg1 && !reg2 && !reg3 => xxreg0[96..127] == 0 && xxreg0[64..95] == 0 && xxreg0[32..63] == 0 && xxreg0[0..31] == 0
e0840f11
BP		 383
384ip.first_frag => ip.frag[0] && (eth.type == 0x800 || eth.type == 0x86dd) && (!ip.frag[1] || (eth.type != 0x800 && eth.type != 0x86dd))
385!ip.first_frag => !ip.frag[0] || (eth.type != 0x800 && eth.type != 0x86dd) || (ip.frag[1] && (eth.type == 0x800 || eth.type == 0x86dd))
386ip.later_frag => ip.frag[1] && (eth.type == 0x800 || eth.type == 0x86dd)
387
388bad_prereq != 0 => Error parsing expression `xyzzy' encountered as prerequisite or predicate of initial expression: Syntax error at `xyzzy' expecting field name.
389self_recurse != 0 => Error parsing expression `self_recurse != 0' encountered as prerequisite or predicate of initial expression: Recursive expansion of symbol `self_recurse'.
390mutual_recurse_1 != 0 => Error parsing expression `mutual_recurse_2 != 0' encountered as prerequisite or predicate of initial expression: Error parsing expression `mutual_recurse_1 != 0' encountered as prerequisite or predicate of initial expression: Recursive expansion of symbol `mutual_recurse_1'.
391mutual_recurse_2 != 0 => Error parsing expression `mutual_recurse_1 != 0' encountered as prerequisite or predicate of initial expression: Error parsing expression `mutual_recurse_2 != 0' encountered as prerequisite or predicate of initial expression: Recursive expansion of symbol `mutual_recurse_2'.
392]])
393sed 's/ =>.*//' test-cases.txt > input.txt
394sed 's/.* => //' test-cases.txt > expout
395AT_CHECK([ovstest test-ovn annotate-expr < input.txt], [0], [expout])
396AT_CLEANUP
397
9d4aecca 398AT_SETUP([ovn -- 1-term expression conversion])
e0840f11 399AT_CHECK([ovstest test-ovn exhaustive --operation=convert 1], [0],
9d4aecca 400 [Tested converting all 1-terminal expressions with 2 numeric vars (each 3 bits) in terms of operators == != < <= > >= and 2 string vars.
e0840f11
BP		 401])
402AT_CLEANUP
403
9d4aecca 404AT_SETUP([ovn -- 2-term expression conversion])
e0840f11 405AT_CHECK([ovstest test-ovn exhaustive --operation=convert 2], [0],
8c3caa2c 406 [Tested converting 578 expressions of 2 terminals with 2 numeric vars (each 3 bits) in terms of operators == != < <= > >= and 2 string vars.
e0840f11
BP		 407])
408AT_CLEANUP
409
9d4aecca 410AT_SETUP([ovn -- 3-term expression conversion])
e0840f11 411AT_CHECK([ovstest test-ovn exhaustive --operation=convert --bits=2 3], [0],
8c3caa2c 412 [Tested converting 67410 expressions of 3 terminals with 2 numeric vars (each 2 bits) in terms of operators == != < <= > >= and 2 string vars.
e0840f11
BP		 413])
414AT_CLEANUP
415
9d4aecca
BP		 416AT_SETUP([ovn -- 3-term numeric expression simplification])
417AT_CHECK([ovstest test-ovn exhaustive --operation=simplify --nvars=2 --svars=0 3], [0],
8c3caa2c 418 [Tested simplifying 490770 expressions of 3 terminals with 2 numeric vars (each 3 bits) in terms of operators == != < <= > >=.
e0840f11
BP		 419])
420AT_CLEANUP
421
9d4aecca
BP		 422AT_SETUP([ovn -- 4-term string expression simplification])
423AT_CHECK([ovstest test-ovn exhaustive --operation=simplify --nvars=0 --svars=4 4], [0],
424 [Tested simplifying 21978 expressions of 4 terminals with 4 string vars.
e0840f11
BP		 425])
426AT_CLEANUP
427
9d4aecca
BP		 428AT_SETUP([ovn -- 3-term mixed expression simplification])
429AT_CHECK([ovstest test-ovn exhaustive --operation=simplify --nvars=1 --svars=1 3], [0],
8c3caa2c 430 [Tested simplifying 127890 expressions of 3 terminals with 1 numeric vars (each 3 bits) in terms of operators == != < <= > >= and 1 string vars.
e0840f11
BP		 431])
432AT_CLEANUP
433
97ba1d55
BP		 434AT_SETUP([ovn -- simplification special cases])
435simplify() {
436 echo "$1" | ovstest test-ovn simplify-expr
437}
438AT_CHECK([simplify 'eth.dst == 0/0'], [0], [1
439])
a3d79068
BP		 440AT_CHECK([simplify 'eth.dst != 0/0'], [0], [0
441])
33f15d17
BP		 442AT_CHECK([simplify 'tcp.dst >= 0'], [0],
443 [ip.proto == 0x6 && (eth.type == 0x800 || eth.type == 0x86dd)
444])
445AT_CHECK([simplify 'tcp.dst <= 65535'], [0],
446 [ip.proto == 0x6 && (eth.type == 0x800 || eth.type == 0x86dd)
447])
448AT_CHECK([simplify 'tcp.dst > 0'], [0],
449 [[(tcp.dst[0] || tcp.dst[1] || tcp.dst[2] || tcp.dst[3] || tcp.dst[4] || tcp.dst[5] || tcp.dst[6] || tcp.dst[7] || tcp.dst[8] || tcp.dst[9] || tcp.dst[10] || tcp.dst[11] || tcp.dst[12] || tcp.dst[13] || tcp.dst[14] || tcp.dst[15]) && ip.proto == 0x6 && (eth.type == 0x800 || eth.type == 0x86dd)
450]])
451AT_CHECK([simplify 'tcp.dst < 65535'], [0],
452 [[(!tcp.dst[0] || !tcp.dst[1] || !tcp.dst[2] || !tcp.dst[3] || !tcp.dst[4] || !tcp.dst[5] || !tcp.dst[6] || !tcp.dst[7] || !tcp.dst[8] || !tcp.dst[9] || !tcp.dst[10] || !tcp.dst[11] || !tcp.dst[12] || !tcp.dst[13] || !tcp.dst[14] || !tcp.dst[15]) && ip.proto == 0x6 && (eth.type == 0x800 || eth.type == 0x86dd)
453]])
97ba1d55
BP		 454AT_CLEANUP
455
9d4aecca
BP		 456AT_SETUP([ovn -- 4-term numeric expression normalization])
457AT_CHECK([ovstest test-ovn exhaustive --operation=normalize --nvars=3 --svars=0 --bits=1 4], [0],
8c3caa2c 458 [Tested normalizing 1874026 expressions of 4 terminals with 3 numeric vars (each 1 bits) in terms of operators == != < <= > >=.
e0840f11
BP		 459])
460AT_CLEANUP
461
9d4aecca
BP		 462AT_SETUP([ovn -- 4-term string expression normalization])
463AT_CHECK([ovstest test-ovn exhaustive --operation=normalize --nvars=0 --svars=3 --bits=1 4], [0],
464 [Tested normalizing 11242 expressions of 4 terminals with 3 string vars.
465])
466AT_CLEANUP
467
468AT_SETUP([ovn -- 4-term mixed expression normalization])
469AT_CHECK([ovstest test-ovn exhaustive --operation=normalize --nvars=1 --bits=1 --svars=2 4], [0],
8c3caa2c 470 [Tested normalizing 175978 expressions of 4 terminals with 1 numeric vars (each 1 bits) in terms of operators == != < <= > >= and 2 string vars.
9d4aecca
BP		 471])
472AT_CLEANUP
473
474AT_SETUP([ovn -- 5-term numeric expression normalization])
475AT_CHECK([ovstest test-ovn exhaustive --operation=normalize --nvars=3 --svars=0 --bits=1 --relops='==' 5], [0],
8c3caa2c 476 [Tested normalizing 1317600 expressions of 5 terminals with 3 numeric vars (each 1 bits) in terms of operators ==.
9d4aecca
BP		 477])
478AT_CLEANUP
479
480AT_SETUP([ovn -- 5-term string expression normalization])
481AT_CHECK([ovstest test-ovn exhaustive --operation=normalize --nvars=0 --svars=3 --bits=1 --relops='==' 5], [0],
482 [Tested normalizing 368550 expressions of 5 terminals with 3 string vars.
483])
484AT_CLEANUP
485
486AT_SETUP([ovn -- 5-term mixed expression normalization])
487AT_CHECK([ovstest test-ovn exhaustive --operation=normalize --nvars=1 --svars=1 --bits=1 --relops='==' 5], [0],
8c3caa2c 488 [Tested normalizing 216000 expressions of 5 terminals with 1 numeric vars (each 1 bits) in terms of operators == and 1 string vars.
9d4aecca
BP		 489])
490AT_CLEANUP
491
492AT_SETUP([ovn -- 4-term numeric expressions to flows])
8c3caa2c 493AT_KEYWORDS([expression])
9d4aecca 494AT_CHECK([ovstest test-ovn exhaustive --operation=flow --nvars=2 --svars=0 --bits=2 --relops='==' 4], [0],
8c3caa2c 495 [Tested converting to flows 175978 expressions of 4 terminals with 2 numeric vars (each 2 bits) in terms of operators ==.
9d4aecca
BP		 496])
497AT_CLEANUP
498
499AT_SETUP([ovn -- 4-term string expressions to flows])
8c3caa2c 500AT_KEYWORDS([expression])
9d4aecca
BP		 501AT_CHECK([ovstest test-ovn exhaustive --operation=flow --nvars=0 --svars=4 4], [0],
502 [Tested converting to flows 21978 expressions of 4 terminals with 4 string vars.
503])
504AT_CLEANUP
505
506AT_SETUP([ovn -- 4-term mixed expressions to flows])
8c3caa2c 507AT_KEYWORDS([expression])
9d4aecca 508AT_CHECK([ovstest test-ovn exhaustive --operation=flow --nvars=1 --bits=2 --svars=1 --relops='==' 4], [0],
8c3caa2c 509 [Tested converting to flows 48312 expressions of 4 terminals with 1 numeric vars (each 2 bits) in terms of operators == and 1 string vars.
9d4aecca
BP		 510])
511AT_CLEANUP
512
513AT_SETUP([ovn -- 3-term numeric expressions to flows])
8c3caa2c 514AT_KEYWORDS([expression])
9d4aecca 515AT_CHECK([ovstest test-ovn exhaustive --operation=flow --nvars=3 --svars=0 --bits=3 --relops='==' 3], [0],
8c3caa2c 516 [Tested converting to flows 41328 expressions of 3 terminals with 3 numeric vars (each 3 bits) in terms of operators ==.
e0840f11
BP		 517])
518AT_CLEANUP
f386a8a7
BP		 519
520AT_SETUP([ovn -- converting expressions to flows -- string fields])
8c3caa2c 521AT_KEYWORDS([expression])
f386a8a7
BP		 522expr_to_flow () {
523 echo "$1" | ovstest test-ovn expr-to-flows | sort
524}
cc5e28d8 525AT_CHECK([expr_to_flow 'inport == "eth0"'], [0], [reg14=0x5
f386a8a7 526])
cc5e28d8 527AT_CHECK([expr_to_flow 'inport == "eth1"'], [0], [reg14=0x6
f386a8a7
BP		 528])
529AT_CHECK([expr_to_flow 'inport == "eth2"'], [0], [(no flows)
530])
531AT_CHECK([expr_to_flow 'inport == "eth0" && ip'], [0], [dnl
cc5e28d8
JP		 532ip,reg14=0x5
533ipv6,reg14=0x5
f386a8a7
BP		 534])
535AT_CHECK([expr_to_flow 'inport == "eth1" && ip'], [0], [dnl
cc5e28d8
JP		 536ip,reg14=0x6
537ipv6,reg14=0x6
f386a8a7
BP		 538])
539AT_CHECK([expr_to_flow 'inport == "eth2" && ip'], [0], [(no flows)
540])
541AT_CHECK([expr_to_flow 'inport == {"eth0", "eth1", "eth2", "LOCAL"}'], [0],
cc5e28d8
JP		 542[reg14=0x5
543reg14=0x6
544reg14=0xfffe
f386a8a7
BP		 545])
546AT_CHECK([expr_to_flow 'inport == {"eth0", "eth1", "eth2"} && ip'], [0], [dnl
cc5e28d8
JP		 547ip,reg14=0x5
548ip,reg14=0x6
549ipv6,reg14=0x5
550ipv6,reg14=0x6
f386a8a7 551])
9d4aecca
BP		 552AT_CHECK([expr_to_flow 'inport == "eth0" && inport == "eth1"'], [0], [dnl
553(no flows)
554])
f386a8a7 555AT_CLEANUP
3b7cb7e1 556
2c5cbb15 557AT_SETUP([ovn -- converting expressions to flows -- address sets])
8c3caa2c 558AT_KEYWORDS([expression])
2c5cbb15
RB		 559expr_to_flow () {
560 echo "$1" | ovstest test-ovn expr-to-flows | sort
561}
562AT_CHECK([expr_to_flow 'ip4.src == {10.0.0.1, 10.0.0.2, 10.0.0.3}'], [0], [dnl
563ip,nw_src=10.0.0.1
564ip,nw_src=10.0.0.2
565ip,nw_src=10.0.0.3
566])
567AT_CHECK([expr_to_flow 'ip4.src == $set1'], [0], [dnl
568ip,nw_src=10.0.0.1
569ip,nw_src=10.0.0.2
570ip,nw_src=10.0.0.3
571])
572AT_CHECK([expr_to_flow 'ip4.src == {1.2.3.4, $set1}'], [0], [dnl
573ip,nw_src=1.2.3.4
574ip,nw_src=10.0.0.1
575ip,nw_src=10.0.0.2
576ip,nw_src=10.0.0.3
577])
578AT_CHECK([expr_to_flow 'ip4.src == {1.2.0.0/20, 5.5.5.0/24, $set1}'], [0], [dnl
579ip,nw_src=1.2.0.0/20
580ip,nw_src=10.0.0.1
581ip,nw_src=10.0.0.2
582ip,nw_src=10.0.0.3
583ip,nw_src=5.5.5.0/24
584])
585AT_CHECK([expr_to_flow 'ip6.src == {::1, ::2, ::3}'], [0], [dnl
586ipv6,ipv6_src=::1
587ipv6,ipv6_src=::2
588ipv6,ipv6_src=::3
589])
590AT_CHECK([expr_to_flow 'ip6.src == {::1, $set2, ::4}'], [0], [dnl
591ipv6,ipv6_src=::1
592ipv6,ipv6_src=::2
593ipv6,ipv6_src=::3
594ipv6,ipv6_src=::4
595])
596AT_CHECK([expr_to_flow 'eth.src == {00:00:00:00:00:01, 00:00:00:00:00:02, 00:00:00:00:00:03}'], [0], [dnl
597dl_src=00:00:00:00:00:01
598dl_src=00:00:00:00:00:02
599dl_src=00:00:00:00:00:03
600])
601AT_CHECK([expr_to_flow 'eth.src == {$set3}'], [0], [dnl
602dl_src=00:00:00:00:00:01
603dl_src=00:00:00:00:00:02
604dl_src=00:00:00:00:00:03
605])
ea382567
RB		 606AT_CHECK([expr_to_flow 'eth.src == {00:00:00:00:00:01, $set3, ba:be:be:ef:de:ad, $set3}'], [0], [dnl
607dl_src=00:00:00:00:00:01
608dl_src=00:00:00:00:00:02
609dl_src=00:00:00:00:00:03
610dl_src=ba:be:be:ef:de:ad
611])
2c5cbb15
RB		 612AT_CLEANUP
613
3b7cb7e1 614AT_SETUP([ovn -- action parsing])
d5a76da4
BP		 615dnl Unindented text is input (a set of OVN logical actions).
616dnl Indented text is expected output.
617AT_DATA([test-cases.txt],
618[[# drop
619drop;
620 encodes as drop
621drop; next;
622 Syntax error at `next' expecting end of input.
623next; drop;
624 Syntax error at `drop' expecting action.
5f822129
BP		 625
626# output
d5a76da4
BP		 627output;
628 encodes as resubmit(,64)
5f822129
BP		 629
630# next
d5a76da4
BP		 631next;
632 formats as next(11);
633 encodes as resubmit(,27)
634next(11);
635 encodes as resubmit(,27)
636next(0);
637 encodes as resubmit(,16)
638next(15);
639 encodes as resubmit(,31)
640
641next();
642 Syntax error at `)' expecting small integer.
643next(10;
644 Syntax error at `;' expecting `)'.
645next(16);
646 "next" argument must be in range 0 to 15.
5f822129
BP		 647
648# Loading a constant value.
d5a76da4
BP		 649tcp.dst=80;
650 formats as tcp.dst = 80;
651 encodes as set_field:80->tcp_dst
652 has prereqs ip.proto == 0x6 && (eth.type == 0x800 || eth.type == 0x86dd)
653eth.dst[40] = 1;
654 encodes as set_field:01:00:00:00:00:00/01:00:00:00:00:00->eth_dst
655vlan.pcp = 2;
656 encodes as set_field:0x4000/0xe000->vlan_tci
657 has prereqs vlan.tci[12]
658vlan.tci[13..15] = 2;
659 encodes as set_field:0x4000/0xe000->vlan_tci
660inport = "";
661 encodes as set_field:0->reg14
662ip.ttl=4;
663 formats as ip.ttl = 4;
664 encodes as set_field:4->nw_ttl
665 has prereqs eth.type == 0x800 || eth.type == 0x86dd
666outport="eth0"; next; outport="LOCAL"; next;
667 formats as outport = "eth0"; next(11); outport = "LOCAL"; next(11);
668 encodes as set_field:0x5->reg15,resubmit(,27),set_field:0xfffe->reg15,resubmit(,27)
669
670inport[1] = 1;
671 Cannot select subfield of string field inport.
672ip.proto[1] = 1;
673 Cannot select subfield of nominal field ip.proto.
674eth.dst[40] == 1;
675 Syntax error at `==' expecting `=' or `<->'.
676ip = 1;
677 Predicate symbol ip used where lvalue required.
678ip.proto = 6;
679 Field ip.proto is not modifiable.
680inport = {"a", "b"};
681 Syntax error at `{' expecting constant.
682inport = {};
683 Syntax error at `{' expecting constant.
684bad_prereq = 123;
685 Error parsing expression `xyzzy' encountered as prerequisite or predicate of initial expression: Syntax error at `xyzzy' expecting field name.
686self_recurse = 123;
687 Error parsing expression `self_recurse != 0' encountered as prerequisite or predicate of initial expression: Error parsing expression `self_recurse != 0' encountered as prerequisite or predicate of initial expression: Recursive expansion of symbol `self_recurse'.
688vlan.present = 0;
689 Predicate symbol vlan.present used where lvalue required.
5f822129
BP		 690
691# Moving one field into another.
d5a76da4
BP		 692reg0=reg1;
693 formats as reg0 = reg1;
694 encodes as move:NXM_NX_XXREG0[64..95]->NXM_NX_XXREG0[96..127]
695vlan.pcp = reg0[0..2];
696 encodes as move:NXM_NX_XXREG0[96..98]->NXM_OF_VLAN_TCI[13..15]
697 has prereqs vlan.tci[12]
698reg0[10] = vlan.pcp[1];
699 encodes as move:NXM_OF_VLAN_TCI[14]->NXM_NX_XXREG0[106]
700 has prereqs vlan.tci[12]
701outport = inport;
702 encodes as move:NXM_NX_REG14[]->NXM_NX_REG15[]
703
704reg0[0] = vlan.present;
705 Predicate symbol vlan.present used where lvalue required.
706reg0 = reg1[0..10];
707 Can't assign 11-bit value to 32-bit destination.
708inport = reg0;
709 Can't assign integer field (reg0) to string field (inport).
710inport = big_string;
711 String fields inport and big_string are incompatible for assignment.
712ip.proto = reg0[0..7];
713 Field ip.proto is not modifiable.
5f822129
BP		 714
715# Exchanging fields.
d5a76da4
BP		 716reg0 <-> reg1;
717 encodes as push:NXM_NX_XXREG0[64..95],push:NXM_NX_XXREG0[96..127],pop:NXM_NX_XXREG0[64..95],pop:NXM_NX_XXREG0[96..127]
718vlan.pcp <-> reg0[0..2];
719 encodes as push:NXM_NX_XXREG0[96..98],push:NXM_OF_VLAN_TCI[13..15],pop:NXM_NX_XXREG0[96..98],pop:NXM_OF_VLAN_TCI[13..15]
720 has prereqs vlan.tci[12]
721reg0[10] <-> vlan.pcp[1];
722 encodes as push:NXM_OF_VLAN_TCI[14],push:NXM_NX_XXREG0[106],pop:NXM_OF_VLAN_TCI[14],pop:NXM_NX_XXREG0[106]
723 has prereqs vlan.tci[12]
724outport <-> inport;
725 encodes as push:NXM_NX_REG14[],push:NXM_NX_REG15[],pop:NXM_NX_REG14[],pop:NXM_NX_REG15[]
726
727reg0[0] <-> vlan.present;
728 Predicate symbol vlan.present used where lvalue required.
729reg0 <-> reg1[0..10];
730 Can't exchange 32-bit field with 11-bit field.
731inport <-> reg0;
732 Can't exchange string field (inport) with integer field (reg0).
733inport <-> big_string;
734 String fields inport and big_string are incompatible for exchange.
735ip.proto <-> reg0[0..7];
736 Field ip.proto is not modifiable.
737reg0[0..7] <-> ip.proto;
738 Field ip.proto is not modifiable.
5f822129
BP		 739
740# TTL decrement.
d5a76da4
BP		 741ip.ttl--;
742 encodes as dec_ttl
743 has prereqs ip
744ip.ttl
745 Syntax error at end of input expecting `--'.
5f822129 746
467085fd 747# load balancing.
d5a76da4
BP		 748ct_lb;
749 encodes as ct(table=27,zone=NXM_NX_REG13[0..15],nat)
750 has prereqs ip
751ct_lb();
752 formats as ct_lb;
753 encodes as ct(table=27,zone=NXM_NX_REG13[0..15],nat)
754 has prereqs ip
755ct_lb(192.168.1.2:80, 192.168.1.3:80);
756 encodes as group:1
757 has prereqs ip
758ct_lb(192.168.1.2, 192.168.1.3, );
759 formats as ct_lb(192.168.1.2, 192.168.1.3);
760 encodes as group:2
761 has prereqs ip
762
763ct_lb(192.168.1.2:);
764 Syntax error at `)' expecting port number.
765ct_lb(192.168.1.2:123456);
766 Syntax error at `123456' expecting port number.
767ct_lb(foo);
768 Syntax error at `foo' expecting IPv4 address.
769
770# ct_next
771ct_next;
772 encodes as ct(table=27,zone=NXM_NX_REG13[0..15])
773 has prereqs ip
774
775# ct_commit
776ct_commit;
777 encodes as ct(commit,zone=NXM_NX_REG13[0..15])
778 has prereqs ip
779ct_commit();
780 formats as ct_commit;
781 encodes as ct(commit,zone=NXM_NX_REG13[0..15])
782 has prereqs ip
783ct_commit(ct_mark=1);
784 formats as ct_commit(ct_mark=0x1);
785 encodes as ct(commit,zone=NXM_NX_REG13[0..15],exec(set_field:0x1->ct_mark))
786 has prereqs ip
787ct_commit(ct_mark=1/1);
788 formats as ct_commit(ct_mark=0x1/0x1);
789 encodes as ct(commit,zone=NXM_NX_REG13[0..15],exec(set_field:0x1/0x1->ct_mark))
790 has prereqs ip
791ct_commit(ct_label=1);
792 formats as ct_commit(ct_label=0x1);
793 encodes as ct(commit,zone=NXM_NX_REG13[0..15],exec(set_field:0x1->ct_label))
794 has prereqs ip
795ct_commit(ct_label=1/1);
796 formats as ct_commit(ct_label=0x1/0x1);
797 encodes as ct(commit,zone=NXM_NX_REG13[0..15],exec(set_field:0x1/0x1->ct_label))
798 has prereqs ip
799ct_commit(ct_mark=1, ct_label=2);
800 formats as ct_commit(ct_mark=0x1, ct_label=0x2);
801 encodes as ct(commit,zone=NXM_NX_REG13[0..15],exec(set_field:0x1->ct_mark,set_field:0x2->ct_label))
802 has prereqs ip
803
804ct_commit(ct_label=0x01020304050607080910111213141516);
805 formats as ct_commit(ct_label=0x1020304050607080910111213141516);
806 encodes as ct(commit,zone=NXM_NX_REG13[0..15],exec(set_field:0x1020304050607080910111213141516->ct_label))
807 has prereqs ip
808ct_commit(ct_label=0x181716151413121110090807060504030201);
809 formats as ct_commit(ct_label=0x16151413121110090807060504030201);
810 encodes as ct(commit,zone=NXM_NX_REG13[0..15],exec(set_field:0x16151413121110090807060504030201->ct_label))
811 has prereqs ip
812ct_commit(ct_label=0x1000000000000000000000000000000/0x1000000000000000000000000000000);
813 encodes as ct(commit,zone=NXM_NX_REG13[0..15],exec(set_field:0x1000000000000000000000000000000/0x1000000000000000000000000000000->ct_label))
814 has prereqs ip
815ct_commit(ct_label=18446744073709551615);
816 formats as ct_commit(ct_label=0xffffffffffffffff);
817 encodes as ct(commit,zone=NXM_NX_REG13[0..15],exec(set_field:0xffffffffffffffff->ct_label))
818 has prereqs ip
819ct_commit(ct_label=18446744073709551616);
820 Decimal constants must be less than 2**64.
821
822# ct_dnat
823ct_dnat;
824 encodes as ct(table=27,zone=NXM_NX_REG11[0..15],nat)
825 has prereqs ip
826ct_dnat(192.168.1.2);
827 encodes as ct(commit,table=27,zone=NXM_NX_REG11[0..15],nat(dst=192.168.1.2))
828 has prereqs ip
829
830ct_dnat(192.168.1.2, 192.168.1.3);
831 Syntax error at `,' expecting `)'.
832ct_dnat(foo);
833 Syntax error at `foo' expecting IPv4 address.
834ct_dnat(foo, bar);
835 Syntax error at `foo' expecting IPv4 address.
836ct_dnat();
837 Syntax error at `)' expecting IPv4 address.
838
839# ct_snat
840ct_snat;
841 encodes as ct(zone=NXM_NX_REG12[0..15],nat)
842 has prereqs ip
843ct_snat(192.168.1.2);
844 encodes as ct(commit,table=27,zone=NXM_NX_REG12[0..15],nat(src=192.168.1.2))
845 has prereqs ip
846
847ct_snat(192.168.1.2, 192.168.1.3);
848 Syntax error at `,' expecting `)'.
849ct_snat(foo);
850 Syntax error at `foo' expecting IPv4 address.
851ct_snat(foo, bar);
852 Syntax error at `foo' expecting IPv4 address.
853ct_snat();
854 Syntax error at `)' expecting IPv4 address.
de297547 855
6335d074 856# arp
d5a76da4
BP		 857arp { eth.dst = ff:ff:ff:ff:ff:ff; output; };
858 encodes as controller(userdata=00.00.00.00.00.00.00.00.00.19.00.10.80.00.06.06.ff.ff.ff.ff.ff.ff.00.00.ff.ff.00.10.00.00.23.20.00.0e.ff.f8.40.00.00.00)
859 has prereqs ip4
6335d074 860
0bac7164 861# get_arp
d5a76da4
BP		 862get_arp(outport, ip4.dst);
863 encodes as push:NXM_NX_REG0[],push:NXM_OF_IP_DST[],pop:NXM_NX_REG0[],set_field:00:00:00:00:00:00->eth_dst,resubmit(,65),pop:NXM_NX_REG0[]
864 has prereqs eth.type == 0x800
865get_arp(inport, reg0);
866 encodes as push:NXM_NX_REG15[],push:NXM_NX_REG0[],push:NXM_NX_XXREG0[96..127],push:NXM_NX_REG14[],pop:NXM_NX_REG15[],pop:NXM_NX_REG0[],set_field:00:00:00:00:00:00->eth_dst,resubmit(,65),pop:NXM_NX_REG0[],pop:NXM_NX_REG15[]
867
868get_arp;
869 Syntax error at `;' expecting `('.
870get_arp();
871 Syntax error at `)' expecting field name.
872get_arp(inport);
873 Syntax error at `)' expecting `,'.
874get_arp(inport ip4.dst);
875 Syntax error at `ip4.dst' expecting `,'.
876get_arp(inport, ip4.dst;
877 Syntax error at `;' expecting `)'.
878get_arp(inport, eth.dst);
879 Cannot use 48-bit field eth.dst[0..47] where 32-bit field is required.
880get_arp(inport, outport);
881 Cannot use string field outport where numeric field is required.
882get_arp(reg0, ip4.dst);
883 Cannot use numeric field reg0 where string field is required.
0bac7164
BP		 884
885# put_arp
d5a76da4
BP		 886put_arp(inport, arp.spa, arp.sha);
887 encodes as push:NXM_NX_REG0[],push:NXM_OF_ETH_SRC[],push:NXM_NX_ARP_SHA[],push:NXM_OF_ARP_SPA[],pop:NXM_NX_REG0[],pop:NXM_OF_ETH_SRC[],controller(userdata=00.00.00.01.00.00.00.00),pop:NXM_OF_ETH_SRC[],pop:NXM_NX_REG0[]
888 has prereqs eth.type == 0x806 && eth.type == 0x806
0bac7164 889
42814145 890# put_dhcp_opts
d5a76da4
BP		 891reg1[0] = put_dhcp_opts(offerip = 1.2.3.4, router = 10.0.0.1);
892 encodes as controller(userdata=00.00.00.02.00.00.00.00.00.01.de.10.00.00.00.40.01.02.03.04.03.04.0a.00.00.01,pause)
893reg2[5] = put_dhcp_opts(offerip=10.0.0.4,router=10.0.0.1,netmask=255.255.254.0,mtu=1400,domain="ovn.org");
894 formats as reg2[5] = put_dhcp_opts(offerip = 10.0.0.4, router = 10.0.0.1, netmask = 255.255.254.0, mtu = 1400, domain = "ovn.org");
895 encodes as controller(userdata=00.00.00.02.00.00.00.00.00.01.de.10.00.00.00.25.0a.00.00.04.03.04.0a.00.00.01.01.04.ff.ff.fe.00.1a.02.05.78.0f.07.6f.76.6e.2e.6f.72.67,pause)
896reg0[15] = put_dhcp_opts(offerip=10.0.0.4,router=10.0.0.1,netmask=255.255.255.0,mtu=1400,ip_forward_enable=1,default_ttl=121,dns_server={8.8.8.8,7.7.7.7},classless_static_route={30.0.0.0/24,10.0.0.4,40.0.0.0/16,10.0.0.6,0.0.0.0/0,10.0.0.1},ethernet_encap=1,router_discovery=0);
897 formats as reg0[15] = put_dhcp_opts(offerip = 10.0.0.4, router = 10.0.0.1, netmask = 255.255.255.0, mtu = 1400, ip_forward_enable = 1, default_ttl = 121, dns_server = {8.8.8.8, 7.7.7.7}, classless_static_route = {30.0.0.0/24, 10.0.0.4, 40.0.0.0/16, 10.0.0.6, 0.0.0.0/0, 10.0.0.1}, ethernet_encap = 1, router_discovery = 0);
898 encodes as controller(userdata=00.00.00.02.00.00.00.00.00.01.de.10.00.00.00.6f.0a.00.00.04.03.04.0a.00.00.01.01.04.ff.ff.ff.00.1a.02.05.78.13.01.01.17.01.79.06.08.08.08.08.08.07.07.07.07.79.14.18.1e.00.00.0a.00.00.04.10.28.00.0a.00.00.06.00.0a.00.00.01.24.01.01.1f.01.00,pause)
899
900reg1[0..1] = put_dhcp_opts(offerip = 1.2.3.4, router = 10.0.0.1);
901 Cannot use 2-bit field reg1[0..1] where 1-bit field is required.
902reg1[0] = put_dhcp_opts();
903 put_dhcp_opts requires offerip to be specified.
904reg1[0] = put_dhcp_opts(x = 1.2.3.4, router = 10.0.0.1);
905 Syntax error at `x' expecting DHCPv4 option name.
906reg1[0] = put_dhcp_opts(router = 10.0.0.1);
907 put_dhcp_opts requires offerip to be specified.
908reg1[0] = put_dhcp_opts(offerip=1.2.3.4, "hi");
909 Syntax error at `"hi"'.
910reg1[0] = put_dhcp_opts(offerip=1.2.3.4, xyzzy);
911 Syntax error at `xyzzy' expecting DHCPv4 option name.
912reg1[0] = put_dhcp_opts(offerip="xyzzy");
913 DHCPv4 option offerip requires numeric value.
914reg1[0] = put_dhcp_opts(offerip=1.2.3.4, domain=1.2.3.4);
915 DHCPv4 option domain requires string value.
42814145 916
f8a8db39 917# nd_na
d5a76da4
BP		 918nd_na { eth.src = 12:34:56:78:9a:bc; nd.tll = 12:34:56:78:9a:bc; outport = inport; inport = ""; /* Allow sending out inport. */ output; };
919 formats as nd_na { eth.src = 12:34:56:78:9a:bc; nd.tll = 12:34:56:78:9a:bc; outport = inport; inport = ""; output; };
920 encodes as controller(userdata=00.00.00.03.00.00.00.00.00.19.00.10.80.00.08.06.12.34.56.78.9a.bc.00.00.00.19.00.10.80.00.42.06.12.34.56.78.9a.bc.00.00.ff.ff.00.18.00.00.23.20.00.06.00.20.00.00.00.00.00.01.1c.04.00.01.1e.04.00.19.00.10.00.01.1c.04.00.00.00.00.00.00.00.00.ff.ff.00.10.00.00.23.20.00.0e.ff.f8.40.00.00.00)
921 has prereqs nd_ns
e75451fe 922
c34a87b6 923# get_nd
d5a76da4
BP		 924get_nd(outport, ip6.dst);
925 encodes as push:NXM_NX_XXREG0[],push:NXM_NX_IPV6_DST[],pop:NXM_NX_XXREG0[],set_field:00:00:00:00:00:00->eth_dst,resubmit(,65),pop:NXM_NX_XXREG0[]
926 has prereqs eth.type == 0x86dd
927get_nd(inport, xxreg0);
928 encodes as push:NXM_NX_REG15[],push:NXM_NX_REG14[],pop:NXM_NX_REG15[],set_field:00:00:00:00:00:00->eth_dst,resubmit(,65),pop:NXM_NX_REG15[]
929get_nd;
930 Syntax error at `;' expecting `('.
931get_nd();
932 Syntax error at `)' expecting field name.
933get_nd(inport);
934 Syntax error at `)' expecting `,'.
935get_nd(inport ip6.dst);
936 Syntax error at `ip6.dst' expecting `,'.
937get_nd(inport, ip6.dst;
938 Syntax error at `;' expecting `)'.
939get_nd(inport, eth.dst);
940 Cannot use 48-bit field eth.dst[0..47] where 128-bit field is required.
941get_nd(inport, outport);
942 Cannot use string field outport where numeric field is required.
943get_nd(xxreg0, ip6.dst);
944 Cannot use numeric field xxreg0 where string field is required.
c34a87b6
JP		 945
946# put_nd
d5a76da4
BP		 947put_nd(inport, nd.target, nd.sll);
948 encodes as push:NXM_NX_XXREG0[],push:NXM_OF_ETH_SRC[],push:NXM_NX_ND_SLL[],push:NXM_NX_ND_TARGET[],pop:NXM_NX_XXREG0[],pop:NXM_OF_ETH_SRC[],controller(userdata=00.00.00.04.00.00.00.00),pop:NXM_OF_ETH_SRC[],pop:NXM_NX_XXREG0[]
949 has prereqs ((icmp6.type == 0x87 && eth.type == 0x86dd && ip.proto == 0x3a && (eth.type == 0x800 || eth.type == 0x86dd)) || (icmp6.type == 0x88 && eth.type == 0x86dd && ip.proto == 0x3a && (eth.type == 0x800 || eth.type == 0x86dd))) && icmp6.code == 0 && eth.type == 0x86dd && ip.proto == 0x3a && (eth.type == 0x800 || eth.type == 0x86dd) && ip.ttl == 0xff && (eth.type == 0x800 || eth.type == 0x86dd) && icmp6.type == 0x87 && eth.type == 0x86dd && ip.proto == 0x3a && (eth.type == 0x800 || eth.type == 0x86dd) && icmp6.code == 0 && eth.type == 0x86dd && ip.proto == 0x3a && (eth.type == 0x800 || eth.type == 0x86dd) && ip.ttl == 0xff && (eth.type == 0x800 || eth.type == 0x86dd)
c34a87b6 950
01cfdb2f 951# put_dhcpv6_opts
d5a76da4 952reg1[0] = put_dhcpv6_opts(ia_addr = ae70::4, server_id = 00:00:00:00:10:02);
a55dacac 953 encodes as controller(userdata=00.00.00.05.00.00.00.00.00.01.de.10.00.00.00.40.00.05.00.10.ae.70.00.00.00.00.00.00.00.00.00.00.00.00.00.04.00.02.00.06.00.00.00.00.10.02,pause)
d5a76da4
BP		 954reg1[0] = put_dhcpv6_opts();
955 encodes as controller(userdata=00.00.00.05.00.00.00.00.00.01.de.10.00.00.00.40,pause)
956reg1[0] = put_dhcpv6_opts(dns_server={ae70::1,ae70::2});
957 formats as reg1[0] = put_dhcpv6_opts(dns_server = {ae70::1, ae70::2});
a55dacac 958 encodes as controller(userdata=00.00.00.05.00.00.00.00.00.01.de.10.00.00.00.40.00.17.00.20.ae.70.00.00.00.00.00.00.00.00.00.00.00.00.00.01.ae.70.00.00.00.00.00.00.00.00.00.00.00.00.00.02,pause)
40df4566
ZKL		 959reg1[0] = put_dhcpv6_opts(server_id=12:34:56:78:9a:bc, dns_server={ae70::1,ae89::2});
960 formats as reg1[0] = put_dhcpv6_opts(server_id = 12:34:56:78:9a:bc, dns_server = {ae70::1, ae89::2});
a55dacac 961 encodes as controller(userdata=00.00.00.05.00.00.00.00.00.01.de.10.00.00.00.40.00.02.00.06.12.34.56.78.9a.bc.00.17.00.20.ae.70.00.00.00.00.00.00.00.00.00.00.00.00.00.01.ae.89.00.00.00.00.00.00.00.00.00.00.00.00.00.02,pause)
d5a76da4 962reg1[0] = put_dhcpv6_opts(domain_search = "ovn.org");
a55dacac 963 encodes as controller(userdata=00.00.00.05.00.00.00.00.00.01.de.10.00.00.00.40.00.18.00.07.6f.76.6e.2e.6f.72.67,pause)
d5a76da4
BP		 964reg1[0] = put_dhcpv6_opts(x = 1.2.3.4);
965 Syntax error at `x' expecting DHCPv6 option name.
966reg1[0] = put_dhcpv6_opts(ia_addr=ae70::4, "hi");
967 Syntax error at `"hi"'.
968reg1[0] = put_dhcpv6_opts(ia_addr=ae70::4, xyzzy);
969 Syntax error at `xyzzy' expecting DHCPv6 option name.
970reg1[0] = put_dhcpv6_opts(ia_addr="ae70::4");
971 DHCPv6 option ia_addr requires numeric value.
972reg1[0] = put_dhcpv6_opts(ia_addr=ae70::4, domain_search=ae70::1);
973 DHCPv6 option domain_search requires string value.
01cfdb2f 974
a6095f81
BS		 975# set_queue
976set_queue(0);
977 encodes as set_queue:0
978set_queue(61440);
979 encodes as set_queue:61440
980set_queue(65535);
981 Queue ID 65535 for set_queue is not in valid range 0 to 61440.
982
5f822129 983# Contradictionary prerequisites (allowed but not useful):
d5a76da4
BP		 984ip4.src = ip6.src[0..31];
985 encodes as move:NXM_NX_IPV6_SRC[0..31]->NXM_OF_IP_SRC[]
986 has prereqs eth.type == 0x800 && eth.type == 0x86dd
987ip4.src <-> ip6.src[0..31];
988 encodes as push:NXM_NX_IPV6_SRC[0..31],push:NXM_OF_IP_SRC[],pop:NXM_NX_IPV6_SRC[0..31],pop:NXM_OF_IP_SRC[]
989 has prereqs eth.type == 0x800 && eth.type == 0x86dd
990
991# Miscellaneous negative tests.
992;
993 Syntax error at `;'.
994xyzzy;
995 Syntax error at `xyzzy' expecting action.
996next; 123;
997 Syntax error at `123'.
998next; xyzzy;
999 Syntax error at `xyzzy' expecting action.
1000next
9aef3c1b 1001 Syntax error at end of input expecting `;'.
3b7cb7e1 1002]])
d5a76da4
BP		 1003sed '/^[[ ]]/d' test-cases.txt > input.txt
1004cp test-cases.txt expout
3b7cb7e1
BP		 1005AT_CHECK([ovstest test-ovn parse-actions < input.txt], [0], [expout])
1006AT_CLEANUP
f295c17b
BP		 1007
1008AT_BANNER([OVN end-to-end tests])
1009
9975d7be
BP		 1010# 3 hypervisors, one logical switch, 3 logical ports per hypervisor
1011AT_SETUP([ovn -- 3 HVs, 1 LS, 3 lports/HV])
57d143eb 1012AT_KEYWORDS([ovnarp])
f295c17b
BP		 1013AT_SKIP_IF([test $HAVE_PYTHON = no])
1014ovn_start
1015
1016# Create hypervisors hv[123].
9975d7be 1017# Add vif1[123] to hv1, vif2[123] to hv2, vif3[123] to hv3.
f295c17b
BP		 1018# Add all of the vifs to a single logical switch lsw0.
1019# Turn on port security on all the vifs except vif[123]1.
1020# Make vif13, vif2[23], vif3[123] destinations for unknown MACs.
1021# Add some ACLs for Ethertypes 1234, 1235, 1236.
ea46a4e9 1022ovn-nbctl ls-add lsw0
f295c17b
BP		 1023net_add n1
1024for i in 1 2 3; do
1025 sim_add hv$i
1026 as hv$i
1027 ovs-vsctl add-br br-phys
1028 ovn_attach n1 br-phys 192.168.0.$i
1029
1030 for j in 1 2 3; do
1031 ovs-vsctl add-port br-int vif$i$j -- set Interface vif$i$j external-ids:iface-id=lp$i$j options:tx_pcap=hv$i/vif$i$j-tx.pcap options:rxq_pcap=hv$i/vif$i$j-rx.pcap ofport-request=$i$j
31ed1192 1032 ovn-nbctl lsp-add lsw0 lp$i$j
4d5c43d5 1033 if test $j = 1; then
31ed1192 1034 ovn-nbctl lsp-set-addresses lp$i$j "f0:00:00:00:00:$i$j 192.168.0.$i$j" unknown
f295c17b 1035 else
7dc88496
NS		 1036 if test $j = 3; then
1037 ip_addrs="192.168.0.$i$j fe80::ea2a:eaff:fe28:$i$j/64 192.169.0.$i$j"
1038 else
1039 ip_addrs="192.168.0.$i$j"
1040 fi
31ed1192
JP		 1041 ovn-nbctl lsp-set-addresses lp$i$j "f0:00:00:00:00:$i$j $ip_addrs"
1042 ovn-nbctl lsp-set-port-security lp$i$j f0:00:00:00:00:$i$j
f295c17b
BP		 1043 fi
1044 done
1045done
1046ovn-nbctl acl-add lsw0 from-lport 1000 'eth.type == 0x1234' drop
1047ovn-nbctl acl-add lsw0 from-lport 1000 'eth.type == 0x1235 && inport == "lp11"' drop
1048ovn-nbctl acl-add lsw0 to-lport 1000 'eth.type == 0x1236 && outport == "lp33"' drop
ea382567
RB		 1049ovn-nbctl create Address_Set name=set1 addresses=\"f0:00:00:00:00:11\",\"f0:00:00:00:00:21\",\"f0:00:00:00:00:31\"
1050ovn-nbctl acl-add lsw0 to-lport 1000 'eth.type == 0x1237 && eth.src == $set1 && outport == "lp33"' drop
f295c17b
BP		 1051
1052# Pre-populate the hypervisors' ARP tables so that we don't lose any
1053# packets for ARP resolution (native tunneling doesn't queue packets
1054# for ARP resolution).
1055ovn_populate_arp
1056
1057# Allow some time for ovn-northd and ovn-controller to catch up.
1058# XXX This should be more systematic.
1059sleep 1
611099dc 1060
fc6f9978
HZ		 1061# Make sure there is no attempt to adding duplicated flows by ovn-controller
1062AT_FAIL_IF([test -n "`grep duplicate hv1/ovn-controller.log`"])
1063AT_FAIL_IF([test -n "`grep duplicate hv2/ovn-controller.log`"])
1064AT_FAIL_IF([test -n "`grep duplicate hv3/ovn-controller.log`"])
1065
57d143eb
HZ		 1066# Given the name of a logical port, prints the name of the hypervisor
1067# on which it is located.
1068vif_to_hv() {
1069 echo hv${1%?}
1070}
1071
f295c17b
BP		 1072# test_packet INPORT DST SRC ETHTYPE OUTPORT...
1073#
1074# This shell function causes a packet to be received on INPORT. The packet's
1075# content has Ethernet destination DST and source SRC (each exactly 12 hex
1076# digits) and Ethernet type ETHTYPE (4 hex digits). The OUTPORTs (zero or
1077# more) list the VIFs on which the packet should be received. INPORT and the
31ed1192 1078# OUTPORTs are specified as logical switch port numbers, e.g. 11 for vif11.
f295c17b
BP		 1079for i in 1 2 3; do
1080 for j in 1 2 3; do
1081 : > $i$j.expected
1082 done
1083done
1084test_packet() {
1085 local inport=$1 packet=$2$3$4; shift; shift; shift; shift
57d143eb 1086 hv=`vif_to_hv $inport`
f295c17b
BP		 1087 vif=vif$inport
1088 as $hv ovs-appctl netdev-dummy/receive $vif $packet
1089 for outport; do
e4543cfe 1090 echo $packet >> $outport.expected
f295c17b
BP		 1091 done
1092}
1093
57d143eb
HZ		 1094# test_arp INPORT SHA SPA TPA [REPLY_HA]
1095#
1096# Causes a packet to be received on INPORT. The packet is an ARP
1097# request with SHA, SPA, and TPA as specified. If REPLY_HA is provided, then
1098# it should be the hardware address of the target to expect to receive in an
1099# ARP reply; otherwise no reply is expected.
1100#
31ed1192 1101# INPORT is an logical switch port number, e.g. 11 for vif11.
57d143eb
HZ		 1102# SHA and REPLY_HA are each 12 hex digits.
1103# SPA and TPA are each 8 hex digits.
1104test_arp() {
1105 local inport=$1 sha=$2 spa=$3 tpa=$4 reply_ha=$5
1106 local request=ffffffffffff${sha}08060001080006040001${sha}${spa}ffffffffffff${tpa}
1107 hv=`vif_to_hv $inport`
1108 as $hv ovs-appctl netdev-dummy/receive vif$inport $request
1109
92f9822b 1110 if test X$reply_ha = X; then
57d143eb
HZ		 1111 # Expect to receive the broadcast ARP on the other logical switch ports
1112 # if no reply is expected.
1113 local i j
1114 for i in 1 2 3; do
1115 for j in 1 2 3; do
1116 if test $i$j != $inport; then
1117 echo $request >> $i$j.expected
1118 fi
1119 done
1120 done
1121 else
1122 # Expect to receive the reply, if any.
1123 local reply=${sha}${reply_ha}08060001080006040002${reply_ha}${tpa}${sha}${spa}
1124 echo $reply >> $inport.expected
1125 fi
1126}
1127
1128ip_to_hex() {
1129 printf "%02x%02x%02x%02x" "$@"
1130}
1131
f295c17b
BP		 1132# Send packets between all pairs of source and destination ports:
1133#
31ed1192
JP		 1134# 1. Unicast packets are delivered to exactly one logical switch port
1135# (except that packets destined to their input ports are dropped).
f295c17b 1136#
31ed1192
JP		 1137# 2. Broadcast and multicast are delivered to all logical switch ports
1138# except the input port.
f295c17b 1139#
ea46a4e9 1140# 3. When port security is turned on, the switch drops packets from the wrong
f295c17b
BP		 1141# MAC address.
1142#
ea46a4e9 1143# 4. The switch drops all packets with a VLAN tag.
f295c17b 1144#
ea46a4e9 1145# 5. The switch drops all packets with a multicast source address. (This only
f295c17b
BP		 1146# affects behavior when port security is turned off, since otherwise port
1147# security would drop the packet anyway.)
1148#
ea46a4e9 1149# 6. The switch delivers packets with an unknown destination to logical
31ed1192
JP		 1150# switch ports with "unknown" among their MAC addresses (and port
1151# security disabled).
f295c17b 1152#
ea46a4e9 1153# 7. The switch drops unicast packets that violate an ACL.
f295c17b 1154#
ea46a4e9 1155# 8. The switch drops multicast and broadcast packets that violate an ACL.
57d143eb 1156#
9fcb6a18
BP		 1157# 9. OVN generates responses to ARP requests for known IPs, except for
1158# requests from a port for the port's own IP.
57d143eb
HZ		 1159#
1160# 10. No response to ARP requests for unknown IPs.
4acd1e87 1161
f295c17b
BP		 1162for is in 1 2 3; do
1163 for js in 1 2 3; do
1164 s=$is$js
1165 bcast=
4d5c43d5
JP		 1166 unknown=
1167 bacl2=
1168 bacl3=
f295c17b
BP		 1169 for id in 1 2 3; do
1170 for jd in 1 2 3; do
1171 d=$id$jd
1172
1173 if test $d != $s; then unicast=$d; else unicast=; fi
1174 test_packet $s f000000000$d f000000000$s $s$d $unicast #1
1175
1176 if test $d != $s && test $js = 1; then
4d5c43d5
JP		 1177 impersonate=$d
1178 else
1179 impersonate=
1180 fi
f295c17b
BP		 1181 test_packet $s f000000000$d f00000000055 55$d $impersonate #3
1182
4d5c43d5
JP		 1183 if test $d != $s && test $s != 11; then acl2=$d; else acl2=; fi
1184 if test $d != $s && test $d != 33; then acl3=$d; else acl3=; fi
e137131a 1185 if test $d = $s || (test $js = 1 && test $d = 33); then
ea382567
RB		 1186 # Source of 11, 21, or 31 and dest of 33 should be dropped
1187 # due to the 4th ACL that uses address_set(set1).
1188 acl4=
1189 else
1190 acl4=$d
1191 fi
f295c17b
BP		 1192 test_packet $s f000000000$d f000000000$s 1234 #7, acl1
1193 test_packet $s f000000000$d f000000000$s 1235 $acl2 #7, acl2
1194 test_packet $s f000000000$d f000000000$s 1236 $acl3 #7, acl3
ea382567 1195 test_packet $s f000000000$d f000000000$s 1237 $acl4 #7, acl4
f295c17b
BP		 1196
1197 test_packet $s f000000000$d f00000000055 810000091234 #4
1198 test_packet $s f000000000$d 0100000000$s $s$d #5
1199
4d5c43d5
JP		 1200 if test $d != $s && test $jd = 1; then
1201 unknown="$unknown $d"
1202 fi
f295c17b
BP		 1203 bcast="$bcast $unicast"
1204 bacl2="$bacl2 $acl2"
1205 bacl3="$bacl3 $acl3"
57d143eb
HZ		 1206
1207 sip=`ip_to_hex 192 168 0 $i$j`
1208 tip=`ip_to_hex 192 168 0 $id$jd`
1209 tip_unknown=`ip_to_hex 11 11 11 11`
9fcb6a18
BP		 1210 if test $d != $s; then
1211 reply_ha=f000000000$d
1212 else
1213 reply_ha=
1214 fi
1215 test_arp $s f000000000$s $sip $tip $reply_ha #9
57d143eb 1216 test_arp $s f000000000$s $sip $tip_unknown #10
7dc88496
NS		 1217
1218 if test $jd = 3; then
31ed1192 1219 # lsp[123]3 has an additional ip 192.169.0.[123]3.
7dc88496 1220 tip=`ip_to_hex 192 169 0 $id$jd`
9fcb6a18 1221 test_arp $s f000000000$s $sip $tip $reply_ha #9
7dc88496 1222 fi
f295c17b
BP		 1223 done
1224 done
1225
4d5c43d5 1226 # Broadcast and multicast.
f295c17b
BP		 1227 test_packet $s ffffffffffff f000000000$s ${s}ff $bcast #2
1228 test_packet $s 010000000000 f000000000$s ${s}ff $bcast #2
4d5c43d5 1229 if test $js = 1; then
f295c17b
BP		 1230 bcast_impersonate=$bcast
1231 else
4d5c43d5
JP		 1232 bcast_impersonate=
1233 fi
f295c17b
BP		 1234 test_packet $s 010000000000 f00000000044 44ff $bcast_impersonate #3
1235
1236 test_packet $s f0000000ffff f000000000$s ${s}66 $unknown #6
1237
1238 test_packet $s ffffffffffff f000000000$s 1234 #8, acl1
1239 test_packet $s ffffffffffff f000000000$s 1235 $bacl2 #8, acl2
1240 test_packet $s ffffffffffff f000000000$s 1236 $bacl3 #8, acl3
1241 test_packet $s 010000000000 f000000000$s 1234 #8, acl1
1242 test_packet $s 010000000000 f000000000$s 1235 $bacl2 #8, acl2
1243 test_packet $s 010000000000 f000000000$s 1236 $bacl3 #8, acl3
1244 done
1245done
1246
7dc88496
NS		 1247# set address for lp13 with invalid characters.
1248# lp13 should be configured with only 192.168.0.13.
31ed1192 1249ovn-nbctl lsp-set-addresses lp13 "f0:00:00:00:00:13 192.168.0.13 invalid 192.169.0.13"
3b8cd0ea
BP		 1250
1251# Allow some time for ovn-northd and ovn-controller to catch up.
1252# XXX This should be more systematic.
1253sleep 1
1254
7dc88496
NS		 1255sip=`ip_to_hex 192 168 0 11`
1256tip=`ip_to_hex 192 168 0 13`
1257test_arp 11 f00000000011 $sip $tip f00000000013
1258
1259tip=`ip_to_hex 192 169 0 13`
1260#arp request for 192.169.0.13 should be flooded
1261test_arp 11 f00000000011 $sip $tip
1262
91125642 1263# dump information and flows with counters
bb0c41d3
RM		 1264ovn-sbctl dump-flows -- list multicast_group
1265
1266echo "------ hv1 dump ------"
1267as hv1 ovs-vsctl show
1268as hv1 ovs-ofctl -O OpenFlow13 dump-flows br-int
1269
1270echo "------ hv2 dump ------"
1271as hv2 ovs-vsctl show
1272as hv2 ovs-ofctl -O OpenFlow13 dump-flows br-int
1273
1274echo "------ hv3 dump ------"
1275as hv3 ovs-vsctl show
1276as hv3 ovs-ofctl -O OpenFlow13 dump-flows br-int
49d7c759 1277
f295c17b
BP		 1278# Now check the packets actually received against the ones expected.
1279for i in 1 2 3; do
1280 for j in 1 2 3; do
49d7c759 1281 OVN_CHECK_PACKETS([hv$i/vif$i$j-tx.pcap], [$i$j.expected])
f295c17b
BP		 1282 done
1283done
fcde56f5 1284
7a8f15e0 1285OVN_CLEANUP([hv1],[hv2],[hv3])
d9c8c57c 1286
f295c17b 1287AT_CLEANUP
eb6b08eb 1288
4acd1e87
BP		 1289AT_SETUP([ovn -- trace 1 LS, 3 LSPs])
1290AT_SKIP_IF([test $HAVE_PYTHON = no])
1291ovn_start
1292
1293# Create a logical switch and some logical ports.
1294# Turn on port security on all lports except ls1.
1295# Make ls1 a destination for unknown MACs.
1296# Add some ACLs for Ethertypes 1234, 1235, 1236.
1297ovn-nbctl ls-add lsw0
1298ovn-sbctl chassis-add hv0 geneve 127.0.0.1
1299for i in 1 2 3; do
1300 ovn-nbctl lsp-add lsw0 lp$i
7979c444
BP		 1301done
1302ovn-nbctl --wait=sb sync
1303for i in 1 2 3; do
4acd1e87
BP		 1304 ovn-sbctl lsp-bind lp$i hv0
1305 if test $i = 1; then
abb37b6b 1306 ovn-nbctl lsp-set-addresses lp$i "f0:00:00:00:00:0$i 192.168.0.$i" unknown
4acd1e87 1307 else
abb37b6b
FF		 1308 if test $i = 3; then
1309 ip_addrs="192.168.0.$i fe80::ea2a:eaff:fe28:$i/64 192.169.0.$i"
1310 else
1311 ip_addrs="192.168.0.$i"
1312 fi
1313 ovn-nbctl lsp-set-addresses lp$i "f0:00:00:00:00:$i $ip_addrs"
1314 ovn-nbctl lsp-set-port-security lp$i f0:00:00:00:00:$i
4acd1e87
BP		 1315 fi
1316done
1317ovn-nbctl acl-add lsw0 from-lport 1000 'eth.type == 0x1234' drop
1318ovn-nbctl acl-add lsw0 from-lport 1000 'eth.type == 0x1235 && inport == "lp1"' drop
1319ovn-nbctl acl-add lsw0 to-lport 1000 'eth.type == 0x1236 && outport == "lp3"' drop
1320ovn-nbctl create Address_Set name=set1 addresses=\"f0:00:00:00:00:01\",\"f0:00:00:00:00:02\"
1321ovn-nbctl acl-add lsw0 to-lport 1000 'eth.type == 0x1237 && eth.src == $set1 && outport == "lp3"' drop
1322
1323ovn-nbctl --wait=sb sync
1324on_exit 'kill `cat ovn-trace.pid`'
1325ovn-trace --detach --pidfile --no-chdir
1326
1327# test_packet INPORT DST SRC [-vlan] [-eth TYPE] OUTPORT...
1328#
1329# This shell function causes a packet to be received on INPORT. The packet's
1330# content has Ethernet destination DST and source SRC (each exactly 12 hex
1331# digits) and Ethernet type ETHTYPE (4 hex digits). The OUTPORTs (zero or
1332# more) list the VIFs on which the packet should be received. INPORT and the
1333# OUTPORTs are specified as logical switch port numbers, e.g. 11 for vif11.
1334test_packet() {
1335 local inport=$1 eth_dst=$2 eth_src=$3; shift; shift; shift
1336 uflow="inport==\"lp$inport\" && eth.dst==$eth_dst && eth.src==$eth_src"
1337 while :; do
abb37b6b
FF		 1338 case $1 in # (
1339 -vlan) uflow="$uflow && vlan.vid == 1234"; shift ;; # (
1340 -eth) uflow="$uflow && eth.type == 0x$2"; shift; shift ;; # (
1341 *) break ;;
1342 esac
4acd1e87
BP		 1343 done
1344 for outport; do
abb37b6b 1345 echo "output(\"lp$outport\");"
4acd1e87
BP		 1346 done > expout
1347
1348 AT_CAPTURE_FILE([trace])
1349 AT_CHECK([ovs-appctl -t ovn-trace trace --all lsw0 "$uflow" | tee trace | sed '1,/Minimal trace/d'], [0], [expout])
1350}
1351
1352# test_arp INPORT SHA SPA TPA [REPLY_HA]
1353#
1354# Causes a packet to be received on INPORT. The packet is an ARP
1355# request with SHA, SPA, and TPA as specified. If REPLY_HA is provided, then
1356# it should be the hardware address of the target to expect to receive in an
1357# ARP reply; otherwise no reply is expected.
1358#
1359# INPORT is an logical switch port number, e.g. 11 for vif11.
1360# SHA and REPLY_HA are each 12 hex digits.
1361# SPA and TPA are each 8 hex digits.
1362test_arp() {
1363 local inport=$1 sha=$2 spa=$3 tpa=$4 reply_ha=$5
1364
1365 local request="inport == \"lp$inport\"
1366 && eth.dst == ff:ff:ff:ff:ff:ff && eth.src == $sha
1367 && arp.op == 1 && arp.sha == $sha && arp.spa == $spa
abb37b6b 1368 && arp.tha == ff:ff:ff:ff:ff:ff && arp.tpa == $tpa"
4acd1e87
BP		 1369
1370 if test -z "$reply_ha"; then
1371 reply=
abb37b6b
FF		 1372 local i
1373 for i in 1 2 3; do
1374 if test $i != $inport; then
1375 reply="${reply}output(\"lp$i\");
4acd1e87 1376"
abb37b6b
FF		 1377 fi
1378 done
4acd1e87
BP		 1379 else
1380 reply="\
1381eth.dst = $sha;
1382eth.src = $reply_ha;
1383arp.op = 2;
1384arp.tha = $sha;
1385arp.sha = $reply_ha;
1386arp.tpa = $spa;
1387arp.spa = $tpa;
1388output(\"lp$inport\");
1389"
1390 fi
1391
1392 AT_CAPTURE_FILE([trace])
1393 AT_CHECK_UNQUOTED([ovs-appctl -t ovn-trace trace --all lsw0 "$request" | tee trace | sed '1,/Minimal trace/d'], [0], [$reply])
1394}
1395
1396# Send packets between all pairs of source and destination ports:
1397#
1398# 1. Unicast packets are delivered to exactly one logical switch port
1399# (except that packets destined to their input ports are dropped).
1400#
1401# 2. Broadcast and multicast are delivered to all logical switch ports
1402# except the input port.
1403#
1404# 3. When port security is turned on, the switch drops packets from the wrong
1405# MAC address.
1406#
1407# 4. The switch drops all packets with a VLAN tag.
1408#
1409# 5. The switch drops all packets with a multicast source address. (This only
1410# affects behavior when port security is turned off, since otherwise port
1411# security would drop the packet anyway.)
1412#
1413# 6. The switch delivers packets with an unknown destination to logical
1414# switch ports with "unknown" among their MAC addresses (and port
1415# security disabled).
1416#
1417# 7. The switch drops unicast packets that violate an ACL.
1418#
1419# 8. The switch drops multicast and broadcast packets that violate an ACL.
1420#
9fcb6a18
BP		 1421# 9. OVN generates responses to ARP requests for known IPs, except for
1422# requests from a port for the port's own IP.
4acd1e87
BP		 1423#
1424# 10. No response to ARP requests for unknown IPs.
1425
1426for s in 1 2 3; do
1427 bcast=
1428 unknown=
1429 bacl2=
1430 bacl3=
1431 for d in 1 2 3; do
abb37b6b
FF		 1432 echo
1433 echo "lp$s -> lp$d"
1434 if test $d != $s; then unicast=$d; else unicast=; fi
1435 test_packet $s f0:00:00:00:00:0$d f0:00:00:00:00:0$s $unicast #1
1436
1437 if test $d != $s && test $s = 1; then
1438 impersonate=$d
1439 else
1440 impersonate=
1441 fi
1442 test_packet $s f0:00:00:00:00:0$d f0:00:00:00:00:55 $impersonate #3
1443
1444 if test $d != $s && test $s != 1; then acl2=$d; else acl2=; fi
1445 if test $d != $s && test $d != 3; then acl3=$d; else acl3=; fi
1446 if test $d = $s || ( (test $s = 1 || test $s = 2) && test $d = 3); then
1447 # Source of 1 or 2 and dest of 3 should be dropped
1448 # due to the 4th ACL that uses address_set(set1).
1449 acl4=
1450 else
1451 acl4=$d
1452 fi
1453
1454 #7, acl1 to acl4:
1455 test_packet $s f0:00:00:00:00:0$d f0:00:00:00:00:0$s -eth 1234
1456 test_packet $s f0:00:00:00:00:0$d f0:00:00:00:00:0$s -eth 1235 $acl2
1457 test_packet $s f0:00:00:00:00:0$d f0:00:00:00:00:0$s -eth 1236 $acl3
1458 test_packet $s f0:00:00:00:00:0$d f0:00:00:00:00:0$s -eth 1237 $acl4
1459
1460 test_packet $s f0:00:00:00:00:0$d f0:00:00:00:00:55 -vlan #4
1461 test_packet $s f0:00:00:00:00:0$d 01:00:00:00:00:0$s #5
1462
1463 if test $d != $s && test $d = 1; then
1464 unknown="$unknown $d"
1465 fi
1466 bcast="$bcast $unicast"
1467 bacl2="$bacl2 $acl2"
1468 bacl3="$bacl3 $acl3"
1469
1470 sip=192.168.0.$s
1471 tip=192.168.0.$d
1472 tip_unknown=11.11.11.11
9fcb6a18
BP		 1473 if test $d != $s; then reply_ha=f0:00:00:00:00:0$d; else reply_ha=; fi
1474 test_arp $s f0:00:00:00:00:0$s $sip $tip $reply_ha #9
abb37b6b
FF		 1475 test_arp $s f0:00:00:00:00:0$s $sip $tip_unknown #10
1476
1477 if test $d = 3; then
1478 # lp3 has an additional ip 192.169.0.[123]3.
1479 tip=192.169.0.$d
9fcb6a18 1480 test_arp $s f0:00:00:00:00:0$s $sip $tip $reply_ha #9
abb37b6b 1481 fi
4acd1e87
BP		 1482 done
1483
1484 # Broadcast and multicast.
1485 test_packet $s ff:ff:ff:ff:ff:ff f0:00:00:00:00:0$s $bcast #2
1486 test_packet $s 01:00:00:00:00:00 f0:00:00:00:00:0$s $bcast #2
1487 if test $s = 1; then
abb37b6b 1488 bcast_impersonate=$bcast
4acd1e87 1489 else
abb37b6b 1490 bcast_impersonate=
4acd1e87
BP		 1491 fi
1492 test_packet $s 01:00:00:00:00:00 f0:00:00:00:00:44 $bcast_impersonate #3
1493
1494 test_packet $s f0:00:00:00:ff:ff f0:00:00:00:00:0$s $unknown #6
1495
1496 #8, acl1 to acl3:
1497 test_packet $s ff:ff:ff:ff:ff:ff f0:00:00:00:00:0$s -eth 1234
1498 test_packet $s ff:ff:ff:ff:ff:ff f0:00:00:00:00:0$s -eth 1235 $bacl2
1499 test_packet $s ff:ff:ff:ff:ff:ff f0:00:00:00:00:0$s -eth 1236 $bacl3
1500
1501 #8, acl1 to acl3:
1502 test_packet $s 01:00:00:00:00:00 f0:00:00:00:00:0$s -eth 1234
1503 test_packet $s 01:00:00:00:00:00 f0:00:00:00:00:0$s -eth 1235 $bacl2
1504 test_packet $s 01:00:00:00:00:00 f0:00:00:00:00:0$s -eth 1236 $bacl3
1505done
1506
1507AT_CLEANUP
1508
7277bc83
RB		 1509# 2 hypervisors, 4 logical ports per HV
1510# 2 locally attached networks (one flat, one vlan tagged over same device)
1511# 2 ports per HV on each network
e90aeb57 1512AT_SETUP([ovn -- 2 HVs, 4 lports/HV, localnet ports])
d79fc5f4
RB		 1513AT_SKIP_IF([test $HAVE_PYTHON = no])
1514ovn_start
1515
ea46a4e9
JP		 1516# In this test cases we create 3 switches, all connected to same
1517# physical network (through br-phys on each HV). Each switch has
0ee7f7f1
HZ		 1518# VIF ports across 2 HVs. Each HV has 5 VIF ports. The first digit
1519# of VIF port name indicates the hypervisor it is bound to, e.g.
1520# lp23 means VIF 3 on hv2.
1521#
ea46a4e9 1522# Each switch's VLAN tag and their logical switch ports are:
0ee7f7f1
HZ		 1523# - ls1:
1524# - untagged
ea46a4e9 1525# - ports: lp11, lp12, lp21, lp22
0ee7f7f1
HZ		 1526#
1527# - ls2:
1528# - tagged with VLAN 101
ea46a4e9 1529# - ports: lp13, lp14, lp23, lp24
0ee7f7f1
HZ		 1530# - ls3:
1531# - untagged
ea46a4e9 1532# - ports: lp15, lp25
0ee7f7f1 1533#
ea46a4e9 1534# Note: a localnet port is created for each switch to connect to
0ee7f7f1
HZ		 1535# physical network.
1536
1537for i in 1 2 3; do
ea46a4e9
JP		 1538 ls_name=ls$i
1539 ovn-nbctl ls-add $ls_name
0ee7f7f1
HZ		 1540 ln_port_name=ln$i
1541 if test $i -eq 2; then
ea46a4e9 1542 ovn-nbctl lsp-add $ls_name $ln_port_name "" 101
0ee7f7f1 1543 else
ea46a4e9 1544 ovn-nbctl lsp-add $ls_name $ln_port_name
0ee7f7f1 1545 fi
31ed1192
JP		 1546 ovn-nbctl lsp-set-addresses $ln_port_name unknown
1547 ovn-nbctl lsp-set-type $ln_port_name localnet
1548 ovn-nbctl lsp-set-options $ln_port_name network_name=phys
0ee7f7f1 1549done
d79fc5f4 1550
69b72264
BP		 1551# lsp_to_ls LSP
1552#
1553# Prints the name of the logical switch that contains LSP.
1554lsp_to_ls () {
1555 case $1 in dnl (
1556 lp?[[12]]) echo ls1 ;; dnl (
1557 lp?[[34]]) echo ls2 ;; dnl (
1558 lp?5) echo ls3 ;; dnl (
1559 *) AT_FAIL_IF([:]) ;;
1560 esac
1561}
1562
d79fc5f4
RB		 1563net_add n1
1564for i in 1 2; do
1565 sim_add hv$i
1566 as hv$i
1567 ovs-vsctl add-br br-phys
1568 ovs-vsctl set open . external-ids:ovn-bridge-mappings=phys:br-phys
1569 ovn_attach n1 br-phys 192.168.0.$i
1570
0ee7f7f1 1571 for j in 1 2 3 4 5; do
d79fc5f4
RB		 1572 ovs-vsctl add-port br-int vif$i$j -- \
1573 set Interface vif$i$j external-ids:iface-id=lp$i$j \
1574 options:tx_pcap=hv$i/vif$i$j-tx.pcap \
1575 options:rxq_pcap=hv$i/vif$i$j-rx.pcap \
1576 ofport-request=$i$j
1577
31ed1192 1578 lsp_name=lp$i$j
69b72264 1579 ls_name=$(lsp_to_ls $lsp_name)
d79fc5f4 1580
ea46a4e9 1581 ovn-nbctl lsp-add $ls_name $lsp_name
31ed1192
JP		 1582 ovn-nbctl lsp-set-addresses $lsp_name f0:00:00:00:00:$i$j
1583 ovn-nbctl lsp-set-port-security $lsp_name f0:00:00:00:00:$i$j
d79fc5f4 1584
31ed1192 1585 OVS_WAIT_UNTIL([test x`ovn-nbctl lsp-get-up $lsp_name` = xup])
d79fc5f4
RB		 1586 done
1587done
69b72264
BP		 1588ovn-nbctl --wait=sb sync
1589ovn-sbctl dump-flows
d79fc5f4
RB		 1590
1591ovn_populate_arp
1592
1593# XXX This is now the 3rd copy of these functions in this file ...
1594
1595# Given the name of a logical port, prints the name of the hypervisor
1596# on which it is located.
1597vif_to_hv() {
1598 echo hv${1%?}
1599}
1600#
69b72264 1601# test_packet INPORT DST SRC ETHTYPE EOUT LOUT
d79fc5f4
RB		 1602#
1603# This shell function causes a packet to be received on INPORT. The packet's
1604# content has Ethernet destination DST and source SRC (each exactly 12 hex
69b72264
BP		 1605# digits) and Ethernet type ETHTYPE (4 hex digits). INPORT is specified as
1606# logical switch port numbers, e.g. 11 for vif11.
1607#
1608# EOUT is the end-to-end output port, that is, where the packet will end up
1609# after possibly bouncing through one or more localnet ports. LOUT is the
1610# logical output port, which might be a localnet port, as seen by ovn-trace
1611# (which doesn't know what localnet ports are connected to and therefore can't
1612# figure out the end-to-end answer).
d79fc5f4 1613for i in 1 2; do
0ee7f7f1 1614 for j in 1 2 3 4 5; do
d79fc5f4
RB		 1615 : > $i$j.expected
1616 done
1617done
1618test_packet() {
69b72264
BP		 1619 local inport=$1 dst=$2 src=$3 eth=$4 eout=$5 lout=$6
1620 echo "$@"
1621
1622 # First try tracing the packet.
1623 uflow="inport==\"lp$inport\" && eth.dst==$dst && eth.src==$src && eth.type==0x$eth"
1624 if test $lout != drop; then
1625 echo "output(\"$lout\");"
1626 fi > expout
1627 AT_CAPTURE_FILE([trace])
1628 AT_CHECK([ovn-trace --all $(lsp_to_ls lp$inport) "$uflow" | tee trace | sed '1,/Minimal trace/d'], [0], [expout])
1629
1630 # Then actually send a packet, for an end-to-end test.
1631 local packet=$(echo $dst$src | sed 's/://g')${eth}
d79fc5f4
RB		 1632 hv=`vif_to_hv $inport`
1633 vif=vif$inport
1634 as $hv ovs-appctl netdev-dummy/receive $vif $packet
69b72264
BP		 1635 if test $eout != drop; then
1636 echo $packet >> ${eout#lp}.expected
1637 fi
d79fc5f4
RB		 1638}
1639
7277bc83
RB		 1640# lp11 and lp21 are on the same network (phys, untagged)
1641# and on different hypervisors
69b72264
BP		 1642test_packet 11 f0:00:00:00:00:21 f0:00:00:00:00:11 1121 lp21 lp21
1643test_packet 21 f0:00:00:00:00:11 f0:00:00:00:00:21 2111 lp11 lp11
d79fc5f4 1644
7277bc83
RB		 1645# lp11 and lp12 are on the same network (phys, untagged)
1646# and on the same hypervisor
69b72264
BP		 1647test_packet 11 f0:00:00:00:00:12 f0:00:00:00:00:11 1112 lp12 lp12
1648test_packet 12 f0:00:00:00:00:11 f0:00:00:00:00:12 1211 lp11 lp11
7277bc83
RB		 1649
1650# lp13 and lp23 are on the same network (phys, VLAN 101)
1651# and on different hypervisors
69b72264
BP		 1652test_packet 13 f0:00:00:00:00:23 f0:00:00:00:00:13 1323 lp23 lp23
1653test_packet 23 f0:00:00:00:00:13 f0:00:00:00:00:23 2313 lp13 lp13
7277bc83
RB		 1654
1655# lp13 and lp14 are on the same network (phys, VLAN 101)
1656# and on the same hypervisor
69b72264
BP		 1657test_packet 13 f0:00:00:00:00:14 f0:00:00:00:00:13 1314 lp14 lp14
1658test_packet 14 f0:00:00:00:00:13 f0:00:00:00:00:14 1413 lp13 lp13
d79fc5f4 1659
0ee7f7f1 1660# lp11 and lp15 are on the same network (phys, untagged),
ea46a4e9 1661# same hypervisor, and on different switches
69b72264
BP		 1662test_packet 11 f0:00:00:00:00:15 f0:00:00:00:00:11 1115 lp15 ln1
1663test_packet 15 f0:00:00:00:00:11 f0:00:00:00:00:15 1511 lp11 ln3
0ee7f7f1
HZ		 1664
1665# lp11 and lp25 are on the same network (phys, untagged),
ea46a4e9 1666# different hypervisors, and on different switches
69b72264
BP		 1667test_packet 11 f0:00:00:00:00:25 f0:00:00:00:00:11 1125 lp25 ln1
1668test_packet 25 f0:00:00:00:00:11 f0:00:00:00:00:25 2511 lp11 ln3
0ee7f7f1 1669
d79fc5f4 1670# Ports that should not be able to communicate
69b72264
BP		 1671test_packet 11 f0:00:00:00:00:13 f0:00:00:00:00:11 1113 drop ln1
1672test_packet 11 f0:00:00:00:00:23 f0:00:00:00:00:11 1123 drop ln1
1673test_packet 21 f0:00:00:00:00:13 f0:00:00:00:00:21 2113 drop ln1
1674test_packet 21 f0:00:00:00:00:23 f0:00:00:00:00:21 2123 drop ln1
1675test_packet 13 f0:00:00:00:00:11 f0:00:00:00:00:13 1311 drop ln2
1676test_packet 13 f0:00:00:00:00:21 f0:00:00:00:00:13 1321 drop ln2
1677test_packet 23 f0:00:00:00:00:11 f0:00:00:00:00:23 2311 drop ln2
1678test_packet 23 f0:00:00:00:00:21 f0:00:00:00:00:23 2321 drop ln2
d79fc5f4 1679
d79fc5f4
RB		 1680# Dump a bunch of info helpful for debugging if there's a failure.
1681
1682echo "------ OVN dump ------"
1683ovn-nbctl show
1684ovn-sbctl show
1685
1686echo "------ hv1 dump ------"
1687as hv1 ovs-vsctl show
1688as hv1 ovs-ofctl -O OpenFlow13 dump-flows br-int
1689
1690echo "------ hv2 dump ------"
1691as hv2 ovs-vsctl show
1692as hv2 ovs-ofctl -O OpenFlow13 dump-flows br-int
1693
1694# Now check the packets actually received against the ones expected.
1695for i in 1 2; do
0ee7f7f1 1696 for j in 1 2 3 4 5; do
49d7c759 1697 OVN_CHECK_PACKETS([hv$i/vif$i$j-tx.pcap], [$i$j.expected])
d79fc5f4
RB		 1698 done
1699done
1700
7a8f15e0 1701OVN_CLEANUP([hv1],[hv2])
d9c8c57c 1702
d79fc5f4
RB		 1703AT_CLEANUP
1704
91125642
FF		 1705AT_SETUP([ovn -- vtep: 3 HVs, 1 VIFs/HV, 1 GW, 1 LS])
1706AT_KEYWORDS([vtep])
eb6b08eb
JP		 1707AT_SKIP_IF([test $HAVE_PYTHON = no])
1708ovn_start
1709
1710# Configure the Northbound database
ea46a4e9 1711ovn-nbctl ls-add lsw0
eb6b08eb 1712
31ed1192
JP		 1713ovn-nbctl lsp-add lsw0 lp1
1714ovn-nbctl lsp-set-addresses lp1 f0:00:00:00:00:01
eb6b08eb 1715
31ed1192
JP		 1716ovn-nbctl lsp-add lsw0 lp2
1717ovn-nbctl lsp-set-addresses lp2 f0:00:00:00:00:02
eb6b08eb 1718
31ed1192
JP		 1719ovn-nbctl lsp-add lsw0 lp-vtep
1720ovn-nbctl lsp-set-type lp-vtep vtep
1721ovn-nbctl lsp-set-options lp-vtep vtep-physical-switch=br-vtep vtep-logical-switch=lsw0
1722ovn-nbctl lsp-set-addresses lp-vtep unknown
eb6b08eb 1723
77adbb62
DB		 1724# lpr, lr and lrp1 are used for the ARP request handling test only.
1725ovn-nbctl lsp-add lsw0 lpr
1726ovn-nbctl lr-add lr
1727ovn-nbctl lrp-add lr lrp1 f0:00:00:00:00:f1 192.168.1.1/24
1728ovn-nbctl set Logical_Switch_Port lpr type=router \
1729 options:router-port=lrp1 \
1730 addresses='"f0:00:00:00:00:f1 192.168.1.1"'
1731
1732
eb6b08eb
JP		 1733net_add n1 # Network to connect hv1, hv2, and vtep
1734net_add n2 # Network to connect vtep and hv3
1735
1736# Create hypervisor hv1 connected to n1
1737sim_add hv1
1738as hv1
1739ovs-vsctl add-br br-phys
1740ovn_attach n1 br-phys 192.168.0.1
1741ovs-vsctl add-port br-int vif1 -- set Interface vif1 external-ids:iface-id=lp1 options:tx_pcap=hv1/vif1-tx.pcap options:rxq_pcap=hv1/vif1-rx.pcap ofport-request=1
1742
1743# Create hypervisor hv2 connected to n1
1744sim_add hv2
1745as hv2
1746ovs-vsctl add-br br-phys
1747ovn_attach n1 br-phys 192.168.0.2
1748ovs-vsctl add-port br-int vif2 -- set Interface vif2 external-ids:iface-id=lp2 options:tx_pcap=hv2/vif2-tx.pcap options:rxq_pcap=hv2/vif2-rx.pcap ofport-request=1
1749
1750
1751# Start the vtep emulator with a leg in both networks
1752sim_add vtep
1753as vtep
1754
1755ovsdb-tool create "$ovs_base"/vtep/vtep.db "$abs_top_srcdir"/vtep/vtep.ovsschema || return 1
1756ovs-appctl -t ovsdb-server ovsdb-server/add-db "$ovs_base"/vtep/vtep.db
1757
1758ovs-vsctl add-br br-phys
1759net_attach n1 br-phys
1760
1761mac=`ovs-vsctl get Interface br-phys mac_in_use | sed s/\"//g`
1762arp_table="$arp_table $sandbox,br-phys,192.168.0.3,$mac"
1763ovs-appctl netdev-dummy/ip4addr br-phys 192.168.0.3/24 >/dev/null || return 1
1764ovs-appctl ovs/route/add 192.168.0.3/24 br-phys >/dev/null || return 1
1765
1766ovs-vsctl add-br br-vtep
1767net_attach n2 br-vtep
1768
1769vtep-ctl add-ps br-vtep
1770vtep-ctl set Physical_Switch br-vtep tunnel_ips=192.168.0.3
1771vtep-ctl add-ls lsw0
1772
1773start_daemon ovs-vtep br-vtep
1774start_daemon ovn-controller-vtep --vtep-db=unix:"$ovs_base"/vtep/db.sock --ovnsb-db=unix:"$ovs_base"/ovn-sb/ovn-sb.sock
1775
8cdc4312 1776OVS_WAIT_UNTIL([vtep-ctl bind-ls br-vtep br-vtep_n2 0 lsw0])
eb6b08eb 1777
475f0a2c
DB		 1778OVS_WAIT_UNTIL([test -n "`as vtep vtep-ctl get-replication-mode lsw0 |
1779 grep -- source`"])
1780# It takes more time for the update to be processed by ovs-vtep.
eb6b08eb
JP		 1781sleep 1
1782
1783# Add hv3 on the other side of the vtep
1784sim_add hv3
1785as hv3
1786ovs-vsctl add-br br-phys
1787net_attach n2 br-phys
1788
1789ovs-vsctl add-port br-phys vif3 -- set Interface vif3 options:tx_pcap=hv3/vif3-tx.pcap options:rxq_pcap=hv3/vif3-rx.pcap ofport-request=1
1790
1791# Pre-populate the hypervisors' ARP tables so that we don't lose any
1792# packets for ARP resolution (native tunneling doesn't queue packets
1793# for ARP resolution).
1794ovn_populate_arp
1795
1796# Allow some time for ovn-northd and ovn-controller to catch up.
1797# XXX This should be more systematic.
1798sleep 1
6977df72 1799
eb6b08eb
JP		 1800# test_packet INPORT DST SRC ETHTYPE OUTPORT...
1801#
1802# This shell function causes a packet to be received on INPORT. The packet's
1803# content has Ethernet destination DST and source SRC (each exactly 12 hex
1804# digits) and Ethernet type ETHTYPE (4 hex digits). The OUTPORTs (zero or
1805# more) list the VIFs on which the packet should be received. INPORT and the
31ed1192 1806# OUTPORTs are specified as logical switch port numbers, e.g. 1 for vif1.
eb6b08eb
JP		 1807for i in 1 2 3; do
1808 : > $i.expected
1809done
1810test_packet() {
1811 local inport=$1 packet=$2$3$4; shift; shift; shift; shift
1812 #hv=hv`echo $inport | sed 's/^\(.\).*/\1/'`
1813 hv=hv$inport
1814 vif=vif$inport
1815 as $hv ovs-appctl netdev-dummy/receive $vif $packet
1816 for outport; do
e4543cfe 1817 echo $packet >> $outport.expected
eb6b08eb
JP		 1818 done
1819}
1820
1821# Send packets between all pairs of source and destination ports:
1822#
31ed1192
JP		 1823# 1. Unicast packets are delivered to exactly one logical switch port
1824# (except that packets destined to their input ports are dropped).
eb6b08eb 1825#
31ed1192
JP		 1826# 2. Broadcast and multicast are delivered to all logical switch ports
1827# except the input port.
eb6b08eb 1828#
ea46a4e9 1829# 3. The switch delivers packets with an unknown destination to logical
31ed1192
JP		 1830# switch ports with "unknown" among their MAC addresses (and port
1831# security disabled).
eb6b08eb
JP		 1832for s in 1 2 3; do
1833 bcast=
1834 unknown=
1835 for d in 1 2 3; do
1836 if test $d != $s; then unicast=$d; else unicast=; fi
1837 test_packet $s f0000000000$d f0000000000$s 00$s$d $unicast #1
1838
1839 # The vtep (vif3) is the only one configured for "unknown"
1840 if test $d != $s && test $d = 3; then
1841 unknown="$unknown $d"
1842 fi
1843 bcast="$bcast $unicast"
1844 done
1845
1846 # Broadcast and multicast.
46ed1382
DB		 1847 test_packet $s ffffffffffff f0000000000$s 0${s}ff $bcast #2
1848 test_packet $s 010000000000 f0000000000$s 0${s}ff $bcast #2
eb6b08eb
JP		 1849
1850 test_packet $s f0000000ffff f0000000000$s 0${s}66 $unknown #3
1851done
1852
77adbb62
DB		 1853# ARP request should not be responded to by logical switch router
1854# type arp responder on HV1 and HV2 and should reach directly to
1855# vif1 and vif2
1856ip_to_hex() {
1857 printf "%02x%02x%02x%02x" "$@"
1858}
1859sha=f00000000003
1860spa=`ip_to_hex 192 168 1 2`
1861tpa=`ip_to_hex 192 168 1 1`
1862request=ffffffffffff${sha}08060001080006040001${sha}${spa}ffffffffffff${tpa}
1863as hv3 ovs-appctl netdev-dummy/receive vif3 $request
1864echo $request >> 1.expected
1865echo $request >> 2.expected
1866
bb0c41d3
RM		 1867# dump information with counters
1868echo "------ OVN dump ------"
1869ovn-nbctl show
1870ovn-sbctl show
1871
77adbb62
DB		 1872echo "---------SB dump-----"
1873ovn-sbctl list datapath_binding
1874echo "---------------------"
1875ovn-sbctl list port_binding
1876echo "---------------------"
1877ovn-sbctl dump-flows
1878
bb0c41d3
RM		 1879echo "------ hv1 dump ------"
1880as hv1 ovs-vsctl show
6195e2e7 1881as hv1 ovs-ofctl -O OpenFlow13 show br-int
bb0c41d3
RM		 1882as hv1 ovs-ofctl -O OpenFlow13 dump-flows br-int
1883
1884echo "------ hv2 dump ------"
1885as hv2 ovs-vsctl show
6195e2e7 1886as hv2 ovs-ofctl -O OpenFlow13 show br-int
bb0c41d3
RM		 1887as hv2 ovs-ofctl -O OpenFlow13 dump-flows br-int
1888
1889echo "------ hv3 dump ------"
1890as hv3 ovs-vsctl show
6754e92d
FF		 1891# note: hv3 has no logical port bind, thus it should not have br-int
1892AT_CHECK([as hv3 ovs-ofctl -O OpenFlow13 show br-int], [1], [],
1893[ovs-ofctl: br-int is not a bridge or a socket
1894])
bb0c41d3 1895
eb6b08eb
JP		 1896# Now check the packets actually received against the ones expected.
1897for i in 1 2 3; do
49d7c759 1898 OVN_CHECK_PACKETS([hv$i/vif$i-tx.pcap], [$i.expected])
eb6b08eb 1899done
fcde56f5
LR		 1900
1901# Gracefully terminate daemons
7a8f15e0
LR		 1902OVN_CLEANUP([hv1],[hv2],[vtep])
1903OVN_CLEANUP_VSWITCH([hv3])
d9c8c57c 1904
eb6b08eb 1905AT_CLEANUP
9975d7be 1906
184bc3ca
RB		 1907# Similar test to "hardware GW"
1908AT_SETUP([ovn -- 3 HVs, 1 VIFs/HV, 1 software GW, 1 LS])
1909AT_SKIP_IF([test $HAVE_PYTHON = no])
1910ovn_start
1911
1912# Configure the Northbound database
1913ovn-nbctl ls-add lsw0
1914
1915ovn-nbctl lsp-add lsw0 lp1
1916ovn-nbctl lsp-set-addresses lp1 f0:00:00:00:00:01
1917
1918ovn-nbctl lsp-add lsw0 lp2
1919ovn-nbctl lsp-set-addresses lp2 f0:00:00:00:00:02
1920
1921ovn-nbctl lsp-add lsw0 lp-gw
1922ovn-nbctl lsp-set-type lp-gw l2gateway
62b87eab 1923ovn-nbctl lsp-set-options lp-gw network_name=physnet1 l2gateway-chassis=hv_gw
184bc3ca
RB		 1924ovn-nbctl lsp-set-addresses lp-gw unknown
1925
1926net_add n1 # Network to connect hv1, hv2, and gw
1927net_add n2 # Network to connect gw and hv3
1928
1929# Create hypervisor hv1 connected to n1
1930sim_add hv1
1931as hv1
1932ovs-vsctl add-br br-phys
1933ovn_attach n1 br-phys 192.168.0.1
1934ovs-vsctl add-port br-int vif1 -- set Interface vif1 external-ids:iface-id=lp1 options:tx_pcap=hv1/vif1-tx.pcap options:rxq_pcap=hv1/vif1-rx.pcap ofport-request=1
1935
1936# Create hypervisor hv2 connected to n1
1937sim_add hv2
1938as hv2
1939ovs-vsctl add-br br-phys
1940ovn_attach n1 br-phys 192.168.0.2
1941ovs-vsctl add-port br-int vif2 -- set Interface vif2 external-ids:iface-id=lp2 options:tx_pcap=hv2/vif2-tx.pcap options:rxq_pcap=hv2/vif2-rx.pcap ofport-request=1
1942
1943# Create hypervisor hv_gw connected to n1 and n2
1944# connect br-phys bridge to n1; connect hv-gw bridge to n2
1945sim_add hv_gw
1946as hv_gw
1947ovs-vsctl add-br br-phys
1948ovn_attach n1 br-phys 192.168.0.3
1949ovs-vsctl add-br br-phys2
1950net_attach n2 br-phys2
1951ovs-vsctl set open . external_ids:ovn-bridge-mappings="physnet1:br-phys2"
1952
184bc3ca
RB		 1953# Add hv3 on the other side of the GW
1954sim_add hv3
1955as hv3
1956ovs-vsctl add-br br-phys
1957net_attach n2 br-phys
1958ovs-vsctl add-port br-phys vif3 -- set Interface vif3 options:tx_pcap=hv3/vif3-tx.pcap options:rxq_pcap=hv3/vif3-rx.pcap ofport-request=1
1959
1960
1961# Pre-populate the hypervisors' ARP tables so that we don't lose any
1962# packets for ARP resolution (native tunneling doesn't queue packets
1963# for ARP resolution).
1964ovn_populate_arp
1965
1966# Allow some time for ovn-northd and ovn-controller to catch up.
1967# XXX This should be more systematic.
1968sleep 1
1969
1970# test_packet INPORT DST SRC ETHTYPE OUTPORT...
1971#
1972# This shell function causes a packet to be received on INPORT. The packet's
1973# content has Ethernet destination DST and source SRC (each exactly 12 hex
1974# digits) and Ethernet type ETHTYPE (4 hex digits). The OUTPORTs (zero or
1975# more) list the VIFs on which the packet should be received. INPORT and the
1976# OUTPORTs are specified as lport numbers, e.g. 1 for vif1.
184bc3ca
RB		 1977for i in 1 2 3; do
1978 : > $i.expected
1979done
1980test_packet() {
1981 local inport=$1 packet=$2$3$4; shift; shift; shift; shift
1982 #hv=hv`echo $inport | sed 's/^\(.\).*/\1/'`
1983 hv=hv$inport
1984 vif=vif$inport
1985 as $hv ovs-appctl netdev-dummy/receive $vif $packet
1986 for outport; do
e4543cfe 1987 echo $packet >> $outport.expected
184bc3ca
RB		 1988 done
1989}
1990
1991# Send packets between all pairs of source and destination ports:
1992#
1993# 1. Unicast packets are delivered to exactly one lport (except that packets
1994# destined to their input ports are dropped).
1995#
1996# 2. Broadcast and multicast are delivered to all lports except the input port.
1997#
1998# 3. The lswitch delivers packets with an unknown destination to lports with
1999# "unknown" among their MAC addresses (and port security disabled).
2000for s in 1 2 3 ; do
2001 bcast=
2002 unknown=
2003 for d in 1 2 3 ; do
2004 if test $d != $s; then unicast=$d; else unicast=; fi
2005 test_packet $s f0000000000$d f0000000000$s 00$s$d $unicast #1
2006
2007 # The vtep (vif3) is the only one configured for "unknown"
2008 if test $d != $s && test $d = 3; then
2009 unknown="$unknown $d"
2010 fi
2011 bcast="$bcast $unicast"
2012 done
2013
2014 test_packet $s ffffffffffff f0000000000$s 0${s}ff $bcast #2
2015 test_packet $s 010000000000 f0000000000$s 0${s}ff $bcast #3
2016 test_packet $s f0000000ffff f0000000000$s 0${s}66 $unknown #4
2017done
2018
184bc3ca
RB		 2019echo "------ ovn-nbctl show ------"
2020ovn-nbctl show
2021echo "------ ovn-sbctl show ------"
2022ovn-sbctl show
2023
2024echo "------ hv1 ------"
2025as hv1 ovs-vsctl show
2026echo "------ hv1 br-int ------"
2027as hv1 ovs-ofctl -O OpenFlow13 dump-flows br-int
2028echo "------ hv1 br-phys ------"
2029as hv1 ovs-ofctl -O OpenFlow13 dump-flows br-phys
2030
2031echo "------ hv2 ------"
2032as hv2 ovs-vsctl show
2033echo "------ hv2 br-int ------"
2034as hv2 ovs-ofctl -O OpenFlow13 dump-flows br-int
2035echo "------ hv2 br-phys ------"
2036as hv2 ovs-ofctl -O OpenFlow13 dump-flows br-phys
2037
2038echo "------ hv_gw ------"
2039as hv_gw ovs-vsctl show
2040echo "------ hv_gw br-phys ------"
2041as hv_gw ovs-ofctl -O OpenFlow13 dump-flows br-phys
2042echo "------ hv_gw br-phys2 ------"
2043as hv_gw ovs-ofctl -O OpenFlow13 dump-flows br-phys2
2044
2045echo "------ hv3 ------"
2046as hv3 ovs-vsctl show
2047echo "------ hv3 br-phys ------"
2048as hv3 ovs-ofctl -O OpenFlow13 dump-flows br-phys
2049
2050# Now check the packets actually received against the ones expected.
2051for i in 1 2 3; do
49d7c759 2052 OVN_CHECK_PACKETS([hv$i/vif$i-tx.pcap], [$i.expected])
184bc3ca
RB		 2053done
2054AT_CLEANUP
2055
9975d7be
BP		 2056# 3 hypervisors, 3 logical switches with 3 logical ports each, 1 logical router
2057AT_SETUP([ovn -- 3 HVs, 3 LS, 3 lports/LS, 1 LR])
2058AT_SKIP_IF([test $HAVE_PYTHON = no])
2059ovn_start
2060
2061# Logical network:
2062#
2063# Three logical switches ls1, ls2, ls3.
86e98048
BP		 2064# One logical router lr0 connected to ls[123],
2065# with nine subnets, three per logical switch:
2066#
2067# lrp11 on ls1 for subnet 192.168.11.0/24
2068# lrp12 on ls1 for subnet 192.168.12.0/24
2069# lrp13 on ls1 for subnet 192.168.13.0/24
2070# ...
2071# lrp33 on ls3 for subnet 192.168.33.0/24
2072#
2073# 27 VIFs, 9 per LS, 3 per subnet: lp[123][123][123], where the first two
2074# digits are the subnet and the last digit distinguishes the VIF.
9975d7be 2075for i in 1 2 3; do
ea46a4e9 2076 ovn-nbctl ls-add ls$i
9975d7be 2077 for j in 1 2 3; do
86e98048 2078 for k in 1 2 3; do
31ed1192
JP		 2079 # Add "unknown" to MAC addresses for lp?11, so packets for
2080 # MAC-IP bindings discovered via ARP later have somewhere to go.
2081 if test $j$k = 11; then unknown=unknown; else unknown=; fi
2082
2083 ovn-nbctl \
2084 -- lsp-add ls$i lp$i$j$k \
2085 -- lsp-set-addresses lp$i$j$k "f0:00:00:00:0$i:$j$k \
2086 192.168.$i$j.$k" $unknown
86e98048
BP		 2087 done
2088 done
2089done
2090
fa2a27b2 2091ovn-nbctl lr-add lr0
86e98048
BP		 2092for i in 1 2 3; do
2093 for j in 1 2 3; do
bf44c2cd 2094 ovn-nbctl lrp-add lr0 lrp$i$j 00:00:00:00:ff:$i$j 192.168.$i$j.254/24
269ecccc 2095 ovn-nbctl \
31ed1192 2096 -- lsp-add ls$i lrp$i$j-attachment \
269ecccc 2097 -- set Logical_Switch_Port lrp$i$j-attachment type=router \
00007447 2098 options:router-port=lrp$i$j \
86e98048 2099 addresses='"00:00:00:00:ff:'$i$j'"'
9975d7be
BP		 2100 done
2101done
2102
80f408f4 2103ovn-nbctl set Logical_Switch_Port lrp33-attachment \
57d143eb
HZ		 2104 addresses='"00:00:00:00:ff:33 192.168.33.254"'
2105
9975d7be
BP		 2106# Physical network:
2107#
2108# Three hypervisors hv[123].
86e98048
BP		 2109# lp?1[123] spread across hv[123]: lp?11 on hv1, lp?12 on hv2, lp?13 on hv3.
2110# lp?2[123] spread across hv[23]: lp?21 and lp?22 on hv2, lp?23 on hv3.
2111# lp?3[123] all on hv3.
2112
9975d7be
BP		 2113
2114# Given the name of a logical port, prints the name of the hypervisor
2115# on which it is located.
2116vif_to_hv() {
2117 case $1 in dnl (
86e98048
BP		 2118 ?11) echo 1 ;; dnl (
2119 ?12 | ?21 | ?22) echo 2 ;; dnl (
2120 ?13 | ?23 | ?3?) echo 3 ;;
9975d7be
BP		 2121 esac
2122}
2123
86e98048
BP		 2124# Given the name of a logical port, prints the name of its logical router
2125# port, e.g. "vif_to_lrp 123" yields 12.
2126vif_to_lrp() {
2127 echo ${1%?}
2128}
2129
2130# Given the name of a logical port, prints the name of its logical
2131# switch, e.g. "vif_to_ls 123" yields 1.
e3393e3f 2132vif_to_ls() {
86e98048 2133 echo ${1%??}
e3393e3f
BP		 2134}
2135
9975d7be
BP		 2136net_add n1
2137for i in 1 2 3; do
2138 sim_add hv$i
2139 as hv$i
2140 ovs-vsctl add-br br-phys
2141 ovn_attach n1 br-phys 192.168.0.$i
2142done
2143for i in 1 2 3; do
2144 for j in 1 2 3; do
86e98048 2145 for k in 1 2 3; do
269ecccc
JP		 2146 hv=`vif_to_hv $i$j$k`
2147 as hv$hv ovs-vsctl \
2148 -- add-port br-int vif$i$j$k \
2149 -- set Interface vif$i$j$k \
2150 external-ids:iface-id=lp$i$j$k \
2151 options:tx_pcap=hv$hv/vif$i$j$k-tx.pcap \
2152 options:rxq_pcap=hv$hv/vif$i$j$k-rx.pcap \
2153 ofport-request=$i$j$k
86e98048 2154 done
9975d7be
BP		 2155 done
2156done
2157
2158# Pre-populate the hypervisors' ARP tables so that we don't lose any
2159# packets for ARP resolution (native tunneling doesn't queue packets
2160# for ARP resolution).
2161ovn_populate_arp
2162
2163# Allow some time for ovn-northd and ovn-controller to catch up.
2164# XXX This should be more systematic.
2165sleep 1
2166
e3393e3f 2167# test_ip INPORT SRC_MAC DST_MAC SRC_IP DST_IP OUTPORT...
9975d7be
BP		 2168#
2169# This shell function causes a packet to be received on INPORT. The packet's
2170# content has Ethernet destination DST and source SRC (each exactly 12 hex
2171# digits) and Ethernet type ETHTYPE (4 hex digits). The OUTPORTs (zero or
2172# more) list the VIFs on which the packet should be received. INPORT and the
31ed1192 2173# OUTPORTs are specified as logical switch port numbers, e.g. 123 for vif123.
9975d7be
BP		 2174for i in 1 2 3; do
2175 for j in 1 2 3; do
86e98048
BP		 2176 for k in 1 2 3; do
2177 : > $i$j$k.expected
269ecccc 2178 done
9975d7be
BP		 2179 done
2180done
e3393e3f 2181test_ip() {
9975d7be
BP		 2182 # This packet has bad checksums but logical L3 routing doesn't check.
2183 local inport=$1 src_mac=$2 dst_mac=$3 src_ip=$4 dst_ip=$5
ba43992e 2184 local packet=${dst_mac}${src_mac}08004500001c0000000040110000${src_ip}${dst_ip}0035111100080000
9975d7be
BP		 2185 shift; shift; shift; shift; shift
2186 hv=hv`vif_to_hv $inport`
2187 as $hv ovs-appctl netdev-dummy/receive vif$inport $packet
2188 #as $hv ovs-appctl ofproto/trace br-int in_port=$inport $packet
86e98048
BP		 2189 in_ls=`vif_to_ls $inport`
2190 in_lrp=`vif_to_lrp $inport`
9975d7be 2191 for outport; do
269ecccc 2192 out_ls=`vif_to_ls $outport`
86e98048 2193 if test $in_ls = $out_ls; then
9975d7be
BP		 2194 # Ports on the same logical switch receive exactly the same packet.
2195 echo $packet
2196 else
2197 # Routing decrements TTL and updates source and dest MAC
2198 # (and checksum).
269ecccc 2199 out_lrp=`vif_to_lrp $outport`
86e98048 2200 echo f00000000${outport}00000000ff${out_lrp}08004500001c00000000"3f1101"00${src_ip}${dst_ip}0035111100080000
e4543cfe 2201 fi >> $outport.expected
9975d7be
BP		 2202 done
2203}
2204
e3393e3f 2205as hv1 ovs-vsctl --columns=name,ofport list interface
0bac7164
BP		 2206as hv1 ovn-sbctl list port_binding
2207as hv1 ovn-sbctl list datapath_binding
9975d7be
BP		 2208as hv1 ovn-sbctl dump-flows
2209as hv1 ovs-ofctl dump-flows br-int
2210
e3393e3f 2211# Send IP packets between all pairs of source and destination ports:
9975d7be 2212#
31ed1192
JP		 2213# 1. Unicast IP packets are delivered to exactly one logical switch port
2214# (except that packets destined to their input ports are dropped).
9975d7be 2215#
31ed1192
JP		 2216# 2. Broadcast IP packets are delivered to all logical switch ports
2217# except the input port.
86e98048
BP		 2218ip_to_hex() {
2219 printf "%02x%02x%02x%02x" "$@"
2220}
9975d7be 2221for is in 1 2 3; do
269ecccc
JP		 2222 for js in 1 2 3; do
2223 for ks in 1 2 3; do
2224 bcast=
2225 s=$is$js$ks
2226 smac=f00000000$s
2227 sip=`ip_to_hex 192 168 $is$js $ks`
2228 for id in 1 2 3; do
2229 for jd in 1 2 3; do
2230 for kd in 1 2 3; do
2231 d=$id$jd$kd
2232 dip=`ip_to_hex 192 168 $id$jd $kd`
2233 if test $is = $id; then dmac=f00000000$d; else dmac=00000000ff$is$js; fi
2234 if test $d != $s; then unicast=$d; else unicast=; fi
2235
2236 test_ip $s $smac $dmac $sip $dip $unicast #1
2237
2238 if test $id = $is && test $d != $s; then bcast="$bcast $d"; fi
2239 done
2240 done
9975d7be 2241 done
269ecccc
JP		 2242 test_ip $s $smac ffffffffffff $sip ffffffff $bcast #2
2243 done
2244 done
e3393e3f
BP		 2245done
2246
0bac7164
BP		 2247# 3. Send an IP packet from every logical port to every other subnet,
2248# to an IP address that does not have a static IP-MAC binding.
2249# This should generate a broadcast ARP request for the destination
2250# IP address in the destination subnet.
2251for is in 1 2 3; do
269ecccc
JP		 2252 for js in 1 2 3; do
2253 for ks in 1 2 3; do
2254 s=$is$js$ks
2255 smac=f00000000$s
2256 sip=`ip_to_hex 192 168 $is$js $ks`
2257 for id in 1 2 3; do
2258 for jd in 1 2 3; do
2259 if test $is$js = $id$jd; then
2260 continue
2261 fi
2262
2263 # Send the packet.
2264 dmac=00000000ff$is$js
2265 # Calculate a 4th octet for the destination that is
2266 # unique per $s, avoids the .1 .2 .3 and .254 IP addresses
2267 # that have static MAC bindings, and fits in the range
2268 # 0-255.
2269 o4=`expr $is '*' 9 + $js '*' 3 + $ks + 10`
2270 dip=`ip_to_hex 192 168 $id$jd $o4`
2271 test_ip $s $smac $dmac $sip $dip
2272
2273 # Every LP on the destination subnet's lswitch should
2274 # receive the ARP request.
2275 lrmac=00000000ff$id$jd
2276 lrip=`ip_to_hex 192 168 $id$jd 254`
2277 arp=ffffffffffff${lrmac}08060001080006040001${lrmac}${lrip}000000000000${dip}
2278 for jd2 in 1 2 3; do
2279 for kd in 1 2 3; do
e4543cfe 2280 echo $arp >> $id$jd2$kd.expected
0bac7164 2281 done
269ecccc 2282 done
0bac7164 2283 done
269ecccc 2284 done
0bac7164 2285 done
269ecccc 2286 done
0bac7164
BP		 2287done
2288
e3393e3f
BP		 2289# test_arp INPORT SHA SPA TPA [REPLY_HA]
2290#
2291# Causes a packet to be received on INPORT. The packet is an ARP
2292# request with SHA, SPA, and TPA as specified. If REPLY_HA is provided, then
2293# it should be the hardware address of the target to expect to receive in an
2294# ARP reply; otherwise no reply is expected.
2295#
31ed1192 2296# INPORT is an logical switch port number, e.g. 11 for vif11.
e3393e3f
BP		 2297# SHA and REPLY_HA are each 12 hex digits.
2298# SPA and TPA are each 8 hex digits.
2299test_arp() {
2300 local inport=$1 sha=$2 spa=$3 tpa=$4 reply_ha=$5
2301 local request=ffffffffffff${sha}08060001080006040001${sha}${spa}ffffffffffff${tpa}
2302 hv=hv`vif_to_hv $inport`
2303 as $hv ovs-appctl netdev-dummy/receive vif$inport $request
2d9b49dd 2304 as $hv ovs-appctl ofproto/trace br-int in_port=$inport $request
e3393e3f 2305
57d143eb 2306 # Expect to receive the broadcast ARP on the other logical switch ports if
ea46a4e9 2307 # IP address is not configured to the switch patch port.
e3393e3f 2308 local i=`vif_to_ls $inport`
86e98048 2309 local j k
e3393e3f 2310 for j in 1 2 3; do
86e98048 2311 for k in 1 2 3; do
ea46a4e9 2312 # 192.168.33.254 is configured to the switch patch port for lrp33,
57d143eb
HZ		 2313 # so no ARP flooding expected for it.
2314 if test $i$j$k != $inport && test $tpa != `ip_to_hex 192 168 33 254`; then
86e98048
BP		 2315 echo $request >> $i$j$k.expected
2316 fi
2317 done
e3393e3f
BP		 2318 done
2319
2320 # Expect to receive the reply, if any.
2321 if test X$reply_ha != X; then
86e98048
BP		 2322 lrp=`vif_to_lrp $inport`
2323 local reply=${sha}00000000ff${lrp}08060001080006040002${reply_ha}${tpa}${sha}${spa}
e3393e3f
BP		 2324 echo $reply >> $inport.expected
2325 fi
2326}
2327
2328# Test router replies to ARP requests from all source ports:
2329#
0bac7164 2330# 4. Router replies to query for its MAC address from port's own IP address.
e3393e3f 2331#
0bac7164 2332# 5. Router replies to query for its MAC address from any random IP address
e3393e3f
BP		 2333# in its subnet.
2334#
0bac7164 2335# 6. Router replies to query for its MAC address from another subnet.
e3393e3f 2336#
0bac7164 2337# 7. No reply to query for IP address other than router IP.
e3393e3f 2338for i in 1 2 3; do
269ecccc
JP		 2339 for j in 1 2 3; do
2340 for k in 1 2 3; do
2341 smac=f00000000$i$j$k # Source MAC
2342 sip=`ip_to_hex 192 168 $i$j $k` # Source IP
2343 rip=`ip_to_hex 192 168 $i$j 254` # Router IP
2344 rmac=00000000ff$i$j # Router MAC
2345 otherip=`ip_to_hex 192 168 $i$j 55` # Some other IP in subnet
2346 test_arp $i$j$k $smac $sip $rip $rmac #4
2347 test_arp $i$j$k $smac $otherip $rip $rmac #5
2348 test_arp $i$j$k $smac 0a123456 $rip $rmac #6
2349 test_arp $i$j$k $smac $sip $otherip #7
0bac7164 2350 done
269ecccc 2351 done
0bac7164
BP		 2352done
2353
2354# Allow some time for packet forwarding.
2355# XXX This can be improved.
2356sleep 1
2357
2358# 8. Generate an ARP reply for each of the IP addresses ARPed for
2359# earlier as #3.
2360#
2361# Here, the $s is the VIF that originated the ARP request and $d is
2362# the VIF that sends the ARP reply, which is somewhat backward but
2363# it means that $s and $d are the same as #3.
2364: > mac_bindings.expected
2365for is in 1 2 3; do
269ecccc
JP		 2366 for js in 1 2 3; do
2367 for ks in 1 2 3; do
2368 s=$is$js$ks
2369 for id in 1 2 3; do
2370 for jd in 1 2 3; do
2371 if test $is$js = $id$jd; then
2372 continue
2373 fi
2374
2375 kd=1
2376 d=$id$jd$kd
2377
2378 o4=`expr $is '*' 9 + $js '*' 3 + $ks + 10`
2379 host_ip=`ip_to_hex 192 168 $id$jd $o4`
2380 host_mac=8000000000$o4
2381
2382 lrmac=00000000ff$id$jd
2383 lrip=`ip_to_hex 192 168 $id$jd 254`
2384
2385 arp=${lrmac}${host_mac}08060001080006040002${host_mac}${host_ip}${lrmac}${lrip}
2386
2387 echo
2388 echo
2389 echo
2390 hv=hv`vif_to_hv $d`
2391 as $hv ovs-appctl netdev-dummy/receive vif$d $arp
2392 #as $hv ovs-appctl ofproto/trace br-int in_port=$d $arp
2393 #as $hv ovs-ofctl dump-flows br-int table=19
2394
2395 host_ip_pretty=192.168.$id$jd.$o4
2396 host_mac_pretty=80:00:00:00:00:$o4
2397 echo lrp$id$jd,$host_ip_pretty,$host_mac_pretty >> mac_bindings.expected
86e98048 2398 done
269ecccc 2399 done
9975d7be 2400 done
269ecccc 2401 done
9975d7be 2402done
0bac7164 2403
9975d7be
BP		 2404# Allow some time for packet forwarding.
2405# XXX This can be improved.
2406sleep 1
2407
0bac7164
BP		 2408# 9. Send an IP packet from every logical port to every other subnet. These
2409# are the same packets already sent as #3, but now the destinations' IP-MAC
2410# bindings have been discovered via ARP, so instead of provoking an ARP
2411# request, these packets now get routed to their destinations (which don't
2412# have static MAC bindings, so they go to the port we've designated as
2413# accepting "unknown" MACs.)
2414for is in 1 2 3; do
269ecccc
JP		 2415 for js in 1 2 3; do
2416 for ks in 1 2 3; do
2417 s=$is$js$ks
2418 smac=f00000000$s
2419 sip=`ip_to_hex 192 168 $is$js $ks`
2420 for id in 1 2 3; do
2421 for jd in 1 2 3; do
2422 if test $is$js = $id$jd; then
2423 continue
2424 fi
2425
2426 # Send the packet.
2427 dmac=00000000ff$is$js
2428 # Calculate a 4th octet for the destination that is
2429 # unique per $s, avoids the .1 .2 .3 and .254 IP addresses
2430 # that have static MAC bindings, and fits in the range
2431 # 0-255.
2432 o4=`expr $is '*' 9 + $js '*' 3 + $ks + 10`
2433 dip=`ip_to_hex 192 168 $id$jd $o4`
2434 test_ip $s $smac $dmac $sip $dip
2435
2436 # Expect the packet egress.
2437 host_mac=8000000000$o4
2438 outport=${id}11
2439 out_lrp=$id$jd
e4543cfe 2440 echo ${host_mac}00000000ff${out_lrp}08004500001c00000000"3f1101"00${sip}${dip}0035111100080000 >> $outport.expected
0bac7164 2441 done
269ecccc 2442 done
0bac7164 2443 done
269ecccc 2444 done
0bac7164
BP		 2445done
2446
0bac7164
BP		 2447ovn-sbctl -f csv -d bare --no-heading \
2448 -- --columns=logical_port,ip,mac list mac_binding > mac_bindings
2449
9975d7be
BP		 2450# Now check the packets actually received against the ones expected.
2451for i in 1 2 3; do
2452 for j in 1 2 3; do
86e98048 2453 for k in 1 2 3; do
abb37b6b
FF		 2454 OVN_CHECK_PACKETS([hv`vif_to_hv $i$j$k`/vif$i$j$k-tx.pcap],
2455 [$i$j$k.expected])
86e98048 2456 done
9975d7be
BP		 2457 done
2458done
fcde56f5 2459
0bac7164
BP		 2460# Check the MAC bindings against those expected.
2461AT_CHECK_UNQUOTED([sort < mac_bindings], [0], [`sort < mac_bindings.expected`
2462])
2463
fcde56f5 2464# Gracefully terminate daemons
7a8f15e0 2465OVN_CLEANUP([hv1], [hv2], [hv3])
eff49a56 2466
9975d7be 2467AT_CLEANUP
685f4dfe
NS		 2468
2469# 3 hypervisors, one logical switch, 3 logical ports per hypervisor
2470AT_SETUP([ovn -- portsecurity : 3 HVs, 1 LS, 3 lports/HV])
685f4dfe
NS		 2471AT_SKIP_IF([test $HAVE_PYTHON = no])
2472ovn_start
2473
2474# Create hypervisors hv[123].
2475# Add vif1[123] to hv1, vif2[123] to hv2, vif3[123] to hv3.
2476# Add all of the vifs to a single logical switch lsw0.
2477# Turn off port security on vifs vif[123]1
2478# Turn on l2 port security on vifs vif[123]2
2479# Turn of l2 and l3 port security on vifs vif[123]3
2480# Make vif13, vif2[23], vif3[123] destinations for unknown MACs.
ea46a4e9 2481ovn-nbctl ls-add lsw0
685f4dfe
NS		 2482net_add n1
2483for i in 1 2 3; do
2484 sim_add hv$i
2485 as hv$i
2486 ovs-vsctl add-br br-phys
2487 ovn_attach n1 br-phys 192.168.0.$i
2488
2489 for j in 1 2 3; do
2490 ovs-vsctl add-port br-int vif$i$j -- set Interface vif$i$j external-ids:iface-id=lp$i$j options:tx_pcap=hv$i/vif$i$j-tx.pcap options:rxq_pcap=hv$i/vif$i$j-rx.pcap ofport-request=$i$j
31ed1192 2491 ovn-nbctl lsp-add lsw0 lp$i$j
685f4dfe 2492 if test $j = 1; then
31ed1192 2493 ovn-nbctl lsp-set-addresses lp$i$j "f0:00:00:00:00:$i$j 192.168.0.$i$j" unknown
685f4dfe 2494 elif test $j = 2; then
31ed1192
JP		 2495 ovn-nbctl lsp-set-addresses lp$i$j "f0:00:00:00:00:$i$j 192.168.0.$i$j"
2496 ovn-nbctl lsp-set-port-security lp$i$j f0:00:00:00:00:$i$j
685f4dfe
NS		 2497 else
2498 extra_addr="f0:00:00:00:0$i:$i$j fe80::ea2a:eaff:fe28:$i$j"
31ed1192
JP		 2499 ovn-nbctl lsp-set-addresses lp$i$j "f0:00:00:00:00:$i$j 192.168.0.$i$j" "$extra_addr"
2500 ovn-nbctl lsp-set-port-security lp$i$j "f0:00:00:00:00:$i$j 192.168.0.$i$j" "$extra_addr"
685f4dfe
NS		 2501 fi
2502 done
2503done
2504
685f4dfe
NS		 2505# Pre-populate the hypervisors' ARP tables so that we don't lose any
2506# packets for ARP resolution (native tunneling doesn't queue packets
2507# for ARP resolution).
2508ovn_populate_arp
2509
2510# Allow some time for ovn-northd and ovn-controller to catch up.
2511# XXX This should be more systematic.
2512sleep 1
685f4dfe
NS		 2513
2514# Given the name of a logical port, prints the name of the hypervisor
2515# on which it is located.
2516vif_to_hv() {
2517 echo hv${1%?}
2518}
2519
685f4dfe
NS		 2520for i in 1 2 3; do
2521 for j in 1 2 3; do
2522 : > $i$j.expected
2523 done
2524done
2525
2526# test_ip INPORT SRC_MAC DST_MAC SRC_IP DST_IP OUTPORT...
2527#
2528# This shell function causes an ip packet to be received on INPORT.
2529# The packet's content has Ethernet destination DST and source SRC
2530# (each exactly 12 hex digits) and Ethernet type ETHTYPE (4 hex digits).
2531# The OUTPORTs (zero or more) list the VIFs on which the packet should
31ed1192
JP		 2532# be received. INPORT and the OUTPORTs are specified as logical switch
2533# port numbers, e.g. 11 for vif11.
685f4dfe
NS		 2534test_ip() {
2535 # This packet has bad checksums but logical L3 routing doesn't check.
2536 local inport=$1 src_mac=$2 dst_mac=$3 src_ip=$4 dst_ip=$5
efe179e0 2537 local packet=${dst_mac}${src_mac}08004500001c0000000040110000${src_ip}${dst_ip}0035111100080000
685f4dfe
NS		 2538 shift; shift; shift; shift; shift
2539 hv=`vif_to_hv $inport`
2540 as $hv ovs-appctl netdev-dummy/receive vif$inport $packet
2541 #as $hv ovs-appctl ofproto/trace br-int in_port=$inport $packet
2542 for outport; do
e4543cfe 2543 echo $packet >> $outport.expected
685f4dfe
NS		 2544 done
2545}
2546
2547# test_arp INPORT SHA SPA TPA DROP [REPLY_HA]
2548#
2549# Causes a packet to be received on INPORT. The packet is an ARP
2550# request with SHA, SPA, and TPA as specified. If REPLY_HA is provided, then
2551# it should be the hardware address of the target to expect to receive in an
2552# ARP reply; otherwise no reply is expected.
2553#
31ed1192 2554# INPORT is an logical switch port number, e.g. 11 for vif11.
685f4dfe
NS		 2555# SHA and REPLY_HA are each 12 hex digits.
2556# SPA and TPA are each 8 hex digits.
2557test_arp() {
2558 local inport=$1 smac=$2 sha=$3 spa=$4 tpa=$5 drop=$6 reply_ha=$7
2559 local request=ffffffffffff${smac}08060001080006040001${sha}${spa}ffffffffffff${tpa}
2560 hv=`vif_to_hv $inport`
2561 as $hv ovs-appctl netdev-dummy/receive vif$inport $request
2562 #as $hv ovs-appctl ofproto/trace br-int in_port=$inport $request
2563 if test $drop != 1; then
e137131a 2564 if test X$reply_ha = X; then
685f4dfe
NS		 2565 # Expect to receive the broadcast ARP on the other logical switch ports
2566 # if no reply is expected.
2567 local i j
2568 for i in 1 2 3; do
2569 for j in 1 2 3; do
2570 if test $i$j != $inport; then
2571 echo $request >> $i$j.expected
2572 fi
2573 done
2574 done
2575 else
2576 # Expect to receive the reply, if any.
2577 local reply=${smac}${reply_ha}08060001080006040002${reply_ha}${tpa}${sha}${spa}
2578 echo $reply >> $inport.expected
2579 fi
2580 fi
2581}
2582
2583# test_ipv6 INPORT SRC_MAC DST_MAC SRC_IP DST_IP OUTPORT...
2584# This function is similar to test_ip() except that it sends
2585# ipv6 packet
2586test_ipv6() {
2587 local inport=$1 src_mac=$2 dst_mac=$3 src_ip=$4 dst_ip=$5
2588 local packet=${dst_mac}${src_mac}86dd6000000000083aff${src_ip}${dst_ip}0000000000000000
2589 shift; shift; shift; shift; shift
2590 hv=`vif_to_hv $inport`
2591 as $hv ovs-appctl netdev-dummy/receive vif$inport $packet
2592 #as $hv ovs-appctl ofproto/trace br-int in_port=$inport $packet
2593 for outport; do
e4543cfe 2594 echo $packet >> $outport.expected
685f4dfe
NS		 2595 done
2596}
2597
9e687b23
DL		 2598# test_icmpv6 INPORT SRC_MAC DST_MAC SRC_IP DST_IP ICMP_TYPE OUTPORT...
2599# This function is similar to test_ipv6() except it specifies the ICMPv6 type
2600# of the test packet
2601test_icmpv6() {
2602 local inport=$1 src_mac=$2 dst_mac=$3 src_ip=$4 dst_ip=$5 icmp_type=$6
2603 local packet=${dst_mac}${src_mac}86dd6000000000083aff${src_ip}${dst_ip}${icmp_type}00000000000000
2604 shift; shift; shift; shift; shift; shift
2605 hv=`vif_to_hv $inport`
2606 as $hv ovs-appctl netdev-dummy/receive vif$inport $packet
2607 #as $hv ovs-appctl ofproto/trace br-int in_port=$inport $packet
2608 for outport; do
e4543cfe 2609 echo $packet >> $outport.expected
9e687b23
DL		 2610 done
2611}
2612
685f4dfe
NS		 2613ip_to_hex() {
2614 printf "%02x%02x%02x%02x" "$@"
2615}
2616
2617# no port security
2618sip=`ip_to_hex 192 168 0 12`
2619tip=`ip_to_hex 192 168 0 13`
2620# the arp packet should be allowed even if lp[123]1 is
2621# not configured with mac f00000000023 and ip 192.168.0.12
2622for i in 1 2 3; do
2623 test_arp ${i}1 f00000000023 f00000000023 $sip $tip 0 f00000000013
2624 for j in 1 2 3; do
2625 if test $i != $j; then
2626 test_ip ${i}1 f000000000${i}1 f000000000${j}1 $sip $tip ${j}1
2627 fi
2628 done
2629done
2630
2631# l2 port security
2632sip=`ip_to_hex 192 168 0 12`
2633tip=`ip_to_hex 192 168 0 13`
2634
2635# arp packet should be allowed since lp22 is configured with
2636# mac f00000000022
2637test_arp 22 f00000000022 f00000000022 $sip $tip 0 f00000000013
2638
2639# arp packet should not be allowed since lp32 is not configured with
2640# mac f00000000021
2641test_arp 32 f00000000021 f00000000021 $sip $tip 1
2642
2643# arp packet with sha set to f00000000021 should not be allowed
2644# for lp12
2645test_arp 12 f00000000012 f00000000021 $sip $tip 1
2646
2647# ip packets should be allowed and received since lp[123]2 do not
2648# have l3 port security
2649sip=`ip_to_hex 192 168 0 55`
2650tip=`ip_to_hex 192 168 0 66`
2651for i in 1 2 3; do
2652 for j in 1 2 3; do
2653 if test $i != $j; then
2654 test_ip ${i}2 f000000000${i}2 f000000000${j}2 $sip $tip ${j}2
2655 fi
2656 done
2657done
2658
2659# ipv6 packets should be received by lp[123]2
2660# lp[123]1 can send ipv6 traffic as there is no port security
2661sip=fe800000000000000000000000000000
2662tip=ff020000000000000000000000000000
2663
2664for i in 1 2 3; do
2665 test_ipv6 ${i}1 f000000000${i}1 f000000000${i}2 $sip $tip ${i}2
2666done
2667
2668
2669# l2 and l3 port security
2670sip=`ip_to_hex 192 168 0 13`
2671tip=`ip_to_hex 192 168 0 22`
2672# arp packet should be allowed since lp13 is configured with
2673# f00000000013 and 192.168.0.13
2674test_arp 13 f00000000013 f00000000013 $sip $tip 0 f00000000022
2675
2676# the arp packet should be dropped because lp23 is not configured
2677# with mac f00000000022
2678sip=`ip_to_hex 192 168 0 13`
2679tip=`ip_to_hex 192 168 0 22`
2680test_arp 23 f00000000022 f00000000022 $sip $tip 1
2681
2682# the arp packet should be dropped because lp33 is not configured
2683# with ip 192.168.0.55
2684spa=`ip_to_hex 192 168 0 55`
2685tpa=`ip_to_hex 192 168 0 22`
2686test_arp 33 f00000000031 f00000000031 $spa $tpa 1
2687
2688# ip packets should not be received by lp[123]3 since
2689# l3 port security is enabled
2690sip=`ip_to_hex 192 168 0 55`
2691tip=`ip_to_hex 192 168 0 66`
2692for i in 1 2 3; do
2693 for j in 1 2 3; do
2694 test_ip ${i}2 f000000000${i}2 f000000000${j}3 $sip $tip
2695 done
2696done
2697
2698# ipv6 packets should be dropped for lp[123]3 since
2699# it is configured with only ipv4 address
2700sip=fe800000000000000000000000000000
2701tip=ff020000000000000000000000000000
2702
2703for i in 1 2 3; do
2704 test_ipv6 ${i}3 f000000000${i}3 f00000000022 $sip $tip
2705done
2706
2707# ipv6 packets should not be received by lp[123]3 with mac f000000000$[123]3
2708# lp[123]1 can send ipv6 traffic as there is no port security
2709for i in 1 2 3; do
2710 test_ipv6 ${i}1 f000000000${i}1 f000000000${i}3 $sip $tip
2711done
2712
2713# lp13 has extra port security with mac f0000000113 and ipv6 addr
2714# fe80::ea2a:eaff:fe28:0012
2715
2716# ipv4 packet should be dropped for lp13 with mac f0000000113
2717sip=`ip_to_hex 192 168 0 13`
2718tip=`ip_to_hex 192 168 0 23`
2719test_ip 13 f00000000113 f00000000023 $sip $tip
2720
6d53e8a9
BP		 2721# ipv6 packet should be received by lp[123]3 with mac f00000000${i}${i}3
2722# and ip6.dst as fe80::ea2a:eaff:fe28:0${i}${i}3.
685f4dfe
NS		 2723# lp11 can send ipv6 traffic as there is no port security
2724sip=ee800000000000000000000000000000
2725for i in 1 2 3; do
6d53e8a9
BP		 2726 tip=fe80000000000000ea2aeafffe2800${i}3
2727 test_ipv6 11 f00000000011 f00000000${i}${i}3 $sip $tip ${i}3
685f4dfe
NS		 2728done
2729
2730
2731# ipv6 packet should not be received by lp33 with mac f0000000333
2732# and ip6.dst as fe80::ea2a:eaff:fe28:0023 as it is
2733# configured with fe80::ea2a:eaff:fe28:0033
2734# lp11 can send ipv6 traffic as there is no port security
2735
2736sip=ee800000000000000000000000000000
2737tip=fe80000000000000ea2aeafffe280023
2738test_ipv6 11 f00000000011 f00000000333 $sip $tip
2739
6d53e8a9
BP		 2740# ipv6 packet should be allowed for lp[123]3 with mac f0000000${i}${i}3
2741# and ip6.src fe80::ea2a:eaff:fe28:0${i}${i}3 and ip6.src ::.
685f4dfe
NS		 2742# and should be dropped for any other ip6.src
2743# lp21 can receive ipv6 traffic as there is no port security
2744
2745tip=ee800000000000000000000000000000
2746for i in 1 2 3; do
2747 sip=fe80000000000000ea2aeafffe2800${i}3
2748 test_ipv6 ${i}3 f00000000${i}${i}3 f00000000021 $sip $tip 21
2749
9e687b23 2750 # Test ICMPv6 MLD reports (v1 and v2) and NS for DAD
685f4dfe 2751 sip=00000000000000000000000000000000
9e687b23
DL		 2752 test_icmpv6 ${i}3 f00000000${i}${i}3 f00000000021 $sip ff020000000000000000000000160000 83 21
2753 test_icmpv6 ${i}3 f00000000${i}${i}3 f00000000021 $sip ff020000000000000000000000160000 8f 21
2754 test_icmpv6 ${i}3 f00000000${i}${i}3 f00000000021 $sip ff0200000000000000ea2aeafffe2800 87 21
2755 # Traffic to non-multicast traffic should be dropped
2756 test_icmpv6 ${i}3 f00000000${i}${i}3 f00000000021 $sip $tip 83
2757 # Traffic of other ICMPv6 types should be dropped
2758 test_icmpv6 ${i}3 f00000000${i}${i}3 f00000000021 $sip ff020000000000000000000000160000 80
685f4dfe
NS		 2759
2760 # should be dropped
2761 sip=ae80000000000000ea2aeafffe2800aa
2762 test_ipv6 ${i}3 f00000000${i}${i}3 f00000000021 $sip $tip
2763done
2764
31ed1192
JP		 2765# configure lsp13 to send and received IPv4 packets with an address range
2766ovn-nbctl lsp-set-port-security lp13 "f0:00:00:00:00:13 192.168.0.13 20.0.0.4/24 10.0.0.0/24"
7d9d86ad 2767
8ff5a966
NS		 2768sleep 2
2769
7d9d86ad
NS		 2770sip=`ip_to_hex 10 0 0 13`
2771tip=`ip_to_hex 192 168 0 22`
31ed1192 2772# arp packet with inner ip 10.0.0.13 should be allowed for lsp13
7d9d86ad
NS		 2773test_arp 13 f00000000013 f00000000013 $sip $tip 0 f00000000022
2774
2775sip=`ip_to_hex 10 0 0 14`
2776tip=`ip_to_hex 192 168 0 23`
31ed1192 2777# IPv4 packet from lsp13 with src ip 10.0.0.14 destined to lsp23
7d9d86ad
NS		 2778# with dst ip 192.168.0.23 should be allowed
2779test_ip 13 f00000000013 f00000000023 $sip $tip 23
2780
2781sip=`ip_to_hex 192 168 0 33`
2782tip=`ip_to_hex 10 0 0 15`
31ed1192
JP		 2783# IPv4 packet from lsp33 with src ip 192.168.0.33 destined to lsp13
2784# with dst ip 10.0.0.15 should be received by lsp13
7d9d86ad
NS		 2785test_ip 33 f00000000033 f00000000013 $sip $tip 13
2786
2787sip=`ip_to_hex 192 168 0 33`
2788tip=`ip_to_hex 20 0 0 4`
31ed1192
JP		 2789# IPv4 packet from lsp33 with src ip 192.168.0.33 destined to lsp13
2790# with dst ip 20.0.0.4 should be received by lsp13
7d9d86ad
NS		 2791test_ip 33 f00000000033 f00000000013 $sip $tip 13
2792
2793sip=`ip_to_hex 192 168 0 33`
2794tip=`ip_to_hex 20 0 0 5`
31ed1192
JP		 2795# IPv4 packet from lsp33 with src ip 192.168.0.33 destined to lsp13
2796# with dst ip 20.0.0.5 should not be received by lsp13
7d9d86ad
NS		 2797test_ip 33 f00000000033 f00000000013 $sip $tip
2798
2799sip=`ip_to_hex 192 168 0 33`
2800tip=`ip_to_hex 20 0 0 255`
31ed1192
JP		 2801# IPv4 packet from lsp33 with src ip 192.168.0.33 destined to lsp13
2802# with dst ip 20.0.0.255 should be received by lsp13
7d9d86ad
NS		 2803test_ip 33 f00000000033 f00000000013 $sip $tip 13
2804
2805sip=`ip_to_hex 192 168 0 33`
2806tip=`ip_to_hex 192 168 0 255`
31ed1192
JP		 2807# IPv4 packet from lsp33 with src ip 192.168.0.33 destined to lsp13
2808# with dst ip 192.168.0.255 should not be received by lsp13
7d9d86ad
NS		 2809test_ip 33 f00000000033 f00000000013 $sip $tip
2810
2811sip=`ip_to_hex 192 168 0 33`
2812tip=`ip_to_hex 224 0 0 4`
31ed1192
JP		 2813# IPv4 packet from lsp33 with src ip 192.168.0.33 destined to lsp13
2814# with dst ip 224.0.0.4 should be received by lsp13
7d9d86ad 2815test_ip 33 f00000000033 f00000000013 $sip $tip 13
685f4dfe 2816
bb0c41d3
RM		 2817#dump information including flow counters
2818ovn-nbctl show
2819ovn-sbctl dump-flows -- list multicast_group
2820
2821echo "------ hv1 dump ------"
2822as hv1 ovs-vsctl show
6195e2e7 2823as hv1 ovs-ofctl -O OpenFlow13 show br-int
bb0c41d3
RM		 2824as hv1 ovs-ofctl -O OpenFlow13 dump-flows br-int
2825
2826echo "------ hv2 dump ------"
2827as hv2 ovs-vsctl show
6195e2e7 2828as hv2 ovs-ofctl -O OpenFlow13 show br-int
bb0c41d3
RM		 2829as hv2 ovs-ofctl -O OpenFlow13 dump-flows br-int
2830
2831echo "------ hv3 dump ------"
2832as hv3 ovs-vsctl show
6195e2e7 2833as hv3 ovs-ofctl -O OpenFlow13 show br-int
bb0c41d3
RM		 2834as hv3 ovs-ofctl -O OpenFlow13 dump-flows br-int
2835
685f4dfe
NS		 2836# Now check the packets actually received against the ones expected.
2837for i in 1 2 3; do
2838 for j in 1 2 3; do
49d7c759 2839 OVN_CHECK_PACKETS([hv$i/vif$i$j-tx.pcap], [$i$j.expected])
685f4dfe
NS		 2840 done
2841done
2842
7a8f15e0 2843OVN_CLEANUP([hv1],[hv2],[hv3])
d9c8c57c 2844
685f4dfe 2845AT_CLEANUP
509afdc3
GS		 2846
2847AT_SETUP([ovn -- 2 HVs, 2 LS, 1 lport/LS, 2 peer LRs])
509afdc3
GS		 2848AT_SKIP_IF([test $HAVE_PYTHON = no])
2849ovn_start
2850
2851# Logical network:
2852# Two LRs - R1 and R2 that are connected to each other as peers in 20.0.0.0/24
2853# network. R1 has a switchs ls1 (191.168.1.0/24) connected to it.
2854# R2 has ls2 (172.16.1.0/24) connected to it.
2855
3c1ae70a
JP		 2856ls1_lp1_mac="f0:00:00:01:02:03"
2857rp_ls1_mac="00:00:00:01:02:03"
2858rp_ls2_mac="00:00:00:01:02:04"
2859ls2_lp1_mac="f0:00:00:01:02:04"
2860
2861ls1_lp1_ip="192.168.1.2"
2862ls2_lp1_ip="172.16.1.2"
2863
fa2a27b2
JP		 2864ovn-nbctl lr-add R1
2865ovn-nbctl lr-add R2
509afdc3 2866
ea46a4e9
JP		 2867ovn-nbctl ls-add ls1
2868ovn-nbctl ls-add ls2
509afdc3
GS		 2869
2870# Connect ls1 to R1
3c1ae70a 2871ovn-nbctl lrp-add R1 ls1 $rp_ls1_mac 192.168.1.1/24
509afdc3 2872
31ed1192 2873ovn-nbctl lsp-add ls1 rp-ls1 -- set Logical_Switch_Port rp-ls1 type=router \
3c1ae70a 2874 options:router-port=ls1 addresses=\"$rp_ls1_mac\"
509afdc3
GS		 2875
2876# Connect ls2 to R2
3c1ae70a 2877ovn-nbctl lrp-add R2 ls2 $rp_ls2_mac 172.16.1.1/24
509afdc3 2878
31ed1192 2879ovn-nbctl lsp-add ls2 rp-ls2 -- set Logical_Switch_Port rp-ls2 type=router \
3c1ae70a 2880 options:router-port=ls2 addresses=\"$rp_ls2_mac\"
509afdc3
GS		 2881
2882# Connect R1 to R2
4685e523
JP		 2883ovn-nbctl lrp-add R1 R1_R2 00:00:00:02:03:04 20.0.0.1/24 peer=R2_R1
2884ovn-nbctl lrp-add R2 R2_R1 00:00:00:02:03:05 20.0.0.2/24 peer=R1_R2
509afdc3 2885
6d9ecfa9
JP		 2886ovn-nbctl lr-route-add R1 "0.0.0.0/0" 20.0.0.2
2887ovn-nbctl lr-route-add R2 "0.0.0.0/0" 20.0.0.1
509afdc3
GS		 2888
2889# Create logical port ls1-lp1 in ls1
31ed1192 2890ovn-nbctl lsp-add ls1 ls1-lp1 \
3c1ae70a 2891-- lsp-set-addresses ls1-lp1 "$ls1_lp1_mac $ls1_lp1_ip"
509afdc3
GS		 2892
2893# Create logical port ls2-lp1 in ls2
31ed1192 2894ovn-nbctl lsp-add ls2 ls2-lp1 \
3c1ae70a 2895-- lsp-set-addresses ls2-lp1 "$ls2_lp1_mac $ls2_lp1_ip"
509afdc3
GS		 2896
2897# Create two hypervisor and create OVS ports corresponding to logical ports.
2898net_add n1
2899
2900sim_add hv1
2901as hv1
2902ovs-vsctl add-br br-phys
2903ovn_attach n1 br-phys 192.168.0.1
2904ovs-vsctl -- add-port br-int hv1-vif1 -- \
2905 set interface hv1-vif1 external-ids:iface-id=ls1-lp1 \
2906 options:tx_pcap=hv1/vif1-tx.pcap \
2907 options:rxq_pcap=hv1/vif1-rx.pcap \
2908 ofport-request=1
2909
2910sim_add hv2
2911as hv2
2912ovs-vsctl add-br br-phys
2913ovn_attach n1 br-phys 192.168.0.2
2914ovs-vsctl -- add-port br-int hv2-vif1 -- \
2915 set interface hv2-vif1 external-ids:iface-id=ls2-lp1 \
2916 options:tx_pcap=hv2/vif1-tx.pcap \
2917 options:rxq_pcap=hv2/vif1-rx.pcap \
2918 ofport-request=1
2919
2920
2921# Pre-populate the hypervisors' ARP tables so that we don't lose any
2922# packets for ARP resolution (native tunneling doesn't queue packets
2923# for ARP resolution).
2924ovn_populate_arp
2925
2926# Allow some time for ovn-northd and ovn-controller to catch up.
2927# XXX This should be more systematic.
2928sleep 1
2929
509afdc3 2930# Packet to send.
3c1ae70a
JP		 2931packet="inport==\"ls1-lp1\" && eth.src==$ls1_lp1_mac && eth.dst==$rp_ls1_mac &&
2932 ip4 && ip.ttl==64 && ip4.src==$ls1_lp1_ip && ip4.dst==$ls2_lp1_ip &&
2933 udp && udp.src==53 && udp.dst==4369"
2934as hv1 ovs-appctl -t ovn-controller inject-pkt "$packet"
509afdc3
GS		 2935
2936
2937echo "---------NB dump-----"
2938ovn-nbctl show
2939echo "---------------------"
2940ovn-nbctl list logical_router
2941echo "---------------------"
2942ovn-nbctl list logical_router_port
2943echo "---------------------"
2944
2945echo "---------SB dump-----"
2946ovn-sbctl list datapath_binding
2947echo "---------------------"
2948ovn-sbctl list port_binding
2949echo "---------------------"
2950
2951echo "------ hv1 dump ----------"
8dab1022 2952as hv1 ovs-ofctl show br-int
509afdc3
GS		 2953as hv1 ovs-ofctl dump-flows br-int
2954echo "------ hv2 dump ----------"
8dab1022 2955as hv2 ovs-ofctl show br-int
509afdc3
GS		 2956as hv2 ovs-ofctl dump-flows br-int
2957
2958# Packet to Expect
3c1ae70a
JP		 2959# The TTL should be decremented by 2.
2960packet="eth.src==$rp_ls2_mac && eth.dst==$ls2_lp1_mac &&
2961 ip4 && ip.ttl==62 && ip4.src==$ls1_lp1_ip && ip4.dst==$ls2_lp1_ip &&
2962 udp && udp.src==53 && udp.dst==4369"
2963echo $packet | ovstest test-ovn expr-to-packets > expected
509afdc3 2964
49d7c759 2965OVN_CHECK_PACKETS([hv2/vif1-tx.pcap], [expected])
509afdc3 2966
7a8f15e0 2967OVN_CLEANUP([hv1],[hv2])
509afdc3
GS		 2968
2969AT_CLEANUP
5412db30
J		 2970
2971
4685e523
JP		 2972AT_SETUP([ovn -- 1 HV, 1 LS, 2 lport/LS, 1 LR])
2973AT_KEYWORDS([router-admin-state])
2974AT_SKIP_IF([test $HAVE_PYTHON = no])
2975ovn_start
2976
2977# Logical network:
2978# One LR - R1 has switch ls1 with two subnets attached to it (191.168.1.0/24
2979# and 172.16.1.0/24) connected to it.
2980
2981ovn-nbctl lr-add R1
2982
2983ovn-nbctl ls-add ls1
2984
2985# Connect ls1 to R1
bf44c2cd 2986ovn-nbctl lrp-add R1 ls1 00:00:00:01:02:03 192.168.1.1/24 172.16.1.1/24
4685e523
JP		 2987ovn-nbctl lsp-add ls1 rp-ls1 -- set Logical_Switch_Port rp-ls1 type=router \
2988 options:router-port=ls1 addresses=\"00:00:00:01:02:03\"
2989
2990# Create logical port ls1-lp1 in ls1
2991ovn-nbctl lsp-add ls1 ls1-lp1 \
2992 -- lsp-set-addresses ls1-lp1 "f0:00:00:01:02:03 192.168.1.2"
2993
2994# Create logical port ls1-lp2 in ls1
2995ovn-nbctl lsp-add ls1 ls1-lp2 \
2996 -- lsp-set-addresses ls1-lp2 "f0:00:00:01:02:04 172.16.1.2"
2997
2998# Create one hypervisor and create OVS ports corresponding to logical ports.
2999net_add n1
3000
3001sim_add hv1
3002as hv1
3003ovs-vsctl add-br br-phys
3004ovn_attach n1 br-phys 192.168.0.1
3005ovs-vsctl -- add-port br-int vif1 -- \
3006 set interface vif1 external-ids:iface-id=ls1-lp1 \
3007 options:tx_pcap=hv1/vif1-tx.pcap \
3008 options:rxq_pcap=hv1/vif1-rx.pcap \
3009 ofport-request=1
3010
3011ovs-vsctl -- add-port br-int vif2 -- \
3012 set interface vif2 external-ids:iface-id=ls1-lp2 \
3013 options:tx_pcap=hv1/vif2-tx.pcap \
3014 options:rxq_pcap=hv1/vif2-rx.pcap \
3015 ofport-request=1
3016
3017
3018# Allow some time for ovn-northd and ovn-controller to catch up.
3019# XXX This should be more systematic.
3020sleep 1
3021
3022# Send ip packets between the two ports.
3023ip_to_hex() {
3024 printf "%02x%02x%02x%02x" "$@"
3025}
4685e523
JP		 3026
3027# Packet to send.
3028src_mac="f00000010203"
3029dst_mac="000000010203"
3030src_ip=`ip_to_hex 192 168 1 2`
3031dst_ip=`ip_to_hex 172 16 1 2`
3032packet=${dst_mac}${src_mac}08004500001c0000000040110000${src_ip}${dst_ip}0035111100080000
3033as hv1 ovs-appctl netdev-dummy/receive vif1 $packet
3034
3035
3036echo "---------NB dump-----"
3037ovn-nbctl show
3038echo "---------------------"
3039ovn-nbctl list logical_router
3040echo "---------------------"
3041ovn-nbctl list logical_router_port
3042echo "---------------------"
3043
3044echo "---------SB dump-----"
3045ovn-sbctl list datapath_binding
3046echo "---------------------"
3047ovn-sbctl list logical_flow
3048echo "---------------------"
3049
3050echo "------ hv1 dump ----------"
3051as hv1 ovs-ofctl dump-flows br-int
3052
3053
3054#Disable router R1
3055ovn-nbctl set Logical_Router R1 enabled=false
3056
3b8cd0ea
BP		 3057# Allow some time for ovn-northd and ovn-controller to catch up.
3058# XXX This should be more systematic.
3059sleep 1
3060
4685e523
JP		 3061echo "---------SB dump-----"
3062ovn-sbctl list datapath_binding
3063echo "---------------------"
3064ovn-sbctl list logical_flow
3065echo "---------------------"
3066
3067echo "------ hv1 dump ----------"
3068as hv1 ovs-ofctl dump-flows br-int
3069
3070as hv1 ovs-appctl netdev-dummy/receive vif1 $packet
3071
3072# Packet to Expect
3073expect_src_mac="000000010203"
3074expect_dst_mac="f00000010204"
49d7c759 3075echo "${expect_dst_mac}${expect_src_mac}08004500001c000000003f110100${src_ip}${dst_ip}0035111100080000" > expected
4685e523 3076
49d7c759 3077OVN_CHECK_PACKETS([hv1/vif2-tx.pcap], [expected])
4685e523
JP		 3078
3079
3080as hv1
3081OVS_APP_EXIT_AND_WAIT([ovn-controller])
3082OVS_APP_EXIT_AND_WAIT([ovs-vswitchd])
3083OVS_APP_EXIT_AND_WAIT([ovsdb-server])
3084
3085as ovn-sb
3086OVS_APP_EXIT_AND_WAIT([ovsdb-server])
3087
3088as ovn-nb
3089OVS_APP_EXIT_AND_WAIT([ovsdb-server])
3090
3091as northd
3092OVS_APP_EXIT_AND_WAIT([ovn-northd])
3093
3094as main
3095OVS_APP_EXIT_AND_WAIT([ovs-vswitchd])
3096OVS_APP_EXIT_AND_WAIT([ovsdb-server])
3097
3098AT_CLEANUP
3099
3100
3101AT_SETUP([ovn -- 1 HV, 2 LSs, 1 lport/LS, 1 LR])
5412db30
J		 3102AT_KEYWORDS([router-admin-state])
3103AT_SKIP_IF([test $HAVE_PYTHON = no])
3104ovn_start
3105
3106# Logical network:
3107# One LR - R1 has switch ls1 (191.168.1.0/24) connected to it,
3108# and has switch ls2 (172.16.1.0/24) connected to it.
3109
fa2a27b2 3110ovn-nbctl lr-add R1
5412db30 3111
ea46a4e9
JP		 3112ovn-nbctl ls-add ls1
3113ovn-nbctl ls-add ls2
5412db30
J		 3114
3115# Connect ls1 to R1
bf44c2cd 3116ovn-nbctl lrp-add R1 ls1 00:00:00:01:02:03 192.168.1.1/24
31ed1192 3117ovn-nbctl lsp-add ls1 rp-ls1 -- set Logical_Switch_Port rp-ls1 type=router \
31114af7 3118 options:router-port=ls1 addresses=\"00:00:00:01:02:03\"
5412db30
J		 3119
3120# Connect ls2 to R1
bf44c2cd 3121ovn-nbctl lrp-add R1 ls2 00:00:00:01:02:04 172.16.1.1/24
31ed1192 3122ovn-nbctl lsp-add ls2 rp-ls2 -- set Logical_Switch_Port rp-ls2 type=router \
31114af7 3123 options:router-port=ls2 addresses=\"00:00:00:01:02:04\"
5412db30
J		 3124
3125# Create logical port ls1-lp1 in ls1
31ed1192
JP		 3126ovn-nbctl lsp-add ls1 ls1-lp1 \
3127-- lsp-set-addresses ls1-lp1 "f0:00:00:01:02:03 192.168.1.2"
5412db30
J		 3128
3129# Create logical port ls2-lp1 in ls2
31ed1192
JP		 3130ovn-nbctl lsp-add ls2 ls2-lp1 \
3131-- lsp-set-addresses ls2-lp1 "f0:00:00:01:02:04 172.16.1.2"
5412db30
J		 3132
3133# Create one hypervisor and create OVS ports corresponding to logical ports.
3134net_add n1
3135
3136sim_add hv1
3137as hv1
3138ovs-vsctl add-br br-phys
3139ovn_attach n1 br-phys 192.168.0.1
3140ovs-vsctl -- add-port br-int vif1 -- \
3141 set interface vif1 external-ids:iface-id=ls1-lp1 \
3142 options:tx_pcap=hv1/vif1-tx.pcap \
3143 options:rxq_pcap=hv1/vif1-rx.pcap \
3144 ofport-request=1
3145
3146ovs-vsctl -- add-port br-int vif2 -- \
3147 set interface vif2 external-ids:iface-id=ls2-lp1 \
3148 options:tx_pcap=hv1/vif2-tx.pcap \
3149 options:rxq_pcap=hv1/vif2-rx.pcap \
3150 ofport-request=1
3151
3152
3153# Allow some time for ovn-northd and ovn-controller to catch up.
3154# XXX This should be more systematic.
3155sleep 1
3156
3157# Send ip packets between the two ports.
3158ip_to_hex() {
3159 printf "%02x%02x%02x%02x" "$@"
3160}
5412db30
J		 3161
3162# Packet to send.
3163src_mac="f00000010203"
3164dst_mac="000000010203"
3165src_ip=`ip_to_hex 192 168 1 2`
3166dst_ip=`ip_to_hex 172 16 1 2`
3167packet=${dst_mac}${src_mac}08004500001c0000000040110000${src_ip}${dst_ip}0035111100080000
3168as hv1 ovs-appctl netdev-dummy/receive vif1 $packet
3169
3170
3171echo "---------NB dump-----"
3172ovn-nbctl show
3173echo "---------------------"
3174ovn-nbctl list logical_router
3175echo "---------------------"
3176ovn-nbctl list logical_router_port
3177echo "---------------------"
3178
3179echo "---------SB dump-----"
3180ovn-sbctl list datapath_binding
3181echo "---------------------"
3182ovn-sbctl list logical_flow
3183echo "---------------------"
3184
3185echo "------ hv1 dump ----------"
3186as hv1 ovs-ofctl dump-flows br-int
3187
5412db30
J		 3188#Disable router R1
3189ovn-nbctl set Logical_Router R1 enabled=false
3190
3191echo "---------SB dump-----"
3192ovn-sbctl list datapath_binding
3193echo "---------------------"
3194ovn-sbctl list logical_flow
3195echo "---------------------"
3196
3197echo "------ hv1 dump ----------"
3198as hv1 ovs-ofctl dump-flows br-int
3199
a1361a6e
LR		 3200# Allow some time for the disabling of logical router R1 to propagate.
3201# XXX This should be more systematic.
3202sleep 1
3203
5412db30
J		 3204as hv1 ovs-appctl netdev-dummy/receive vif1 $packet
3205
3206# Packet to Expect
3207expect_src_mac="000000010204"
3208expect_dst_mac="f00000010204"
49d7c759 3209echo "${expect_dst_mac}${expect_src_mac}08004500001c000000003f110100${src_ip}${dst_ip}0035111100080000" > expected
5412db30 3210
49d7c759 3211OVN_CHECK_PACKETS([hv1/vif2-tx.pcap], [expected])
5412db30 3212
7a8f15e0 3213OVN_CLEANUP([hv1])
5412db30
J		 3214
3215AT_CLEANUP
3216
28dc3fe9 3217AT_SETUP([ovn -- 2 HVs, 3 LS, 1 lport/LS, 2 peer LRs, static routes])
28dc3fe9
SR		 3218AT_SKIP_IF([test $HAVE_PYTHON = no])
3219ovn_start
3220
3221# Logical network:
3222# Two LRs - R1 and R2 that are connected to each other as peers in 20.0.0.0/24
3223# network. R1 has switchess foo (192.168.1.0/24)
3224# connected to it.
3225# R2 has alice (172.16.1.0/24) and bob (172.16.2.0/24) connected to it.
3226
fa2a27b2
JP		 3227ovn-nbctl lr-add R1
3228ovn-nbctl lr-add R2
28dc3fe9 3229
ea46a4e9
JP		 3230ovn-nbctl ls-add foo
3231ovn-nbctl ls-add alice
3232ovn-nbctl ls-add bob
28dc3fe9
SR		 3233
3234# Connect foo to R1
bf44c2cd 3235ovn-nbctl lrp-add R1 foo 00:00:00:01:02:03 192.168.1.1/24
31ed1192 3236ovn-nbctl lsp-add foo rp-foo -- set Logical_Switch_Port rp-foo type=router \
31114af7 3237 options:router-port=foo addresses=\"00:00:00:01:02:03\"
28dc3fe9
SR		 3238
3239# Connect alice to R2
bf44c2cd 3240ovn-nbctl lrp-add R2 alice 00:00:00:01:02:04 172.16.1.1/24
31ed1192 3241ovn-nbctl lsp-add alice rp-alice -- set Logical_Switch_Port rp-alice \
80f408f4 3242 type=router options:router-port=alice addresses=\"00:00:00:01:02:04\"
28dc3fe9
SR		 3243
3244# Connect bob to R2
bf44c2cd 3245ovn-nbctl lrp-add R2 bob 00:00:00:01:02:05 172.16.2.1/24
31ed1192 3246ovn-nbctl lsp-add bob rp-bob -- set Logical_Switch_Port rp-bob type=router \
31114af7 3247 options:router-port=bob addresses=\"00:00:00:01:02:05\"
28dc3fe9
SR		 3248
3249# Connect R1 to R2
4685e523
JP		 3250ovn-nbctl lrp-add R1 R1_R2 00:00:00:02:03:04 20.0.0.1/24 peer=R2_R1
3251ovn-nbctl lrp-add R2 R2_R1 00:00:00:02:03:05 20.0.0.2/24 peer=R1_R2
28dc3fe9
SR		 3252
3253#install static routes
e48ccf3c
JP		 3254ovn-nbctl lr-route-add R1 172.16.1.0/24 20.0.0.2
3255ovn-nbctl lr-route-add R2 172.16.2.0/24 20.0.0.2 R1_R2
3256ovn-nbctl lr-route-add R2 192.168.1.0/24 20.0.0.1
28dc3fe9
SR		 3257
3258# Create logical port foo1 in foo
31ed1192
JP		 3259ovn-nbctl lsp-add foo foo1 \
3260-- lsp-set-addresses foo1 "f0:00:00:01:02:03 192.168.1.2"
28dc3fe9
SR		 3261
3262# Create logical port alice1 in alice
31ed1192
JP		 3263ovn-nbctl lsp-add alice alice1 \
3264-- lsp-set-addresses alice1 "f0:00:00:01:02:04 172.16.1.2"
28dc3fe9
SR		 3265
3266# Create logical port bob1 in bob
31ed1192
JP		 3267ovn-nbctl lsp-add bob bob1 \
3268-- lsp-set-addresses bob1 "f0:00:00:01:02:05 172.16.2.2"
28dc3fe9
SR		 3269
3270# Create two hypervisor and create OVS ports corresponding to logical ports.
3271net_add n1
3272
3273sim_add hv1
3274as hv1
3275ovs-vsctl add-br br-phys
3276ovn_attach n1 br-phys 192.168.0.1
3277ovs-vsctl -- add-port br-int hv1-vif1 -- \
3278 set interface hv1-vif1 external-ids:iface-id=foo1 \
3279 options:tx_pcap=hv1/vif1-tx.pcap \
3280 options:rxq_pcap=hv1/vif1-rx.pcap \
3281 ofport-request=1
3282
3283ovs-vsctl -- add-port br-int hv1-vif2 -- \
3284 set interface hv1-vif2 external-ids:iface-id=alice1 \
3285 options:tx_pcap=hv1/vif2-tx.pcap \
3286 options:rxq_pcap=hv1/vif2-rx.pcap \
3287 ofport-request=2
3288
3289sim_add hv2
3290as hv2
3291ovs-vsctl add-br br-phys
3292ovn_attach n1 br-phys 192.168.0.2
3293ovs-vsctl -- add-port br-int hv2-vif1 -- \
3294 set interface hv2-vif1 external-ids:iface-id=bob1 \
3295 options:tx_pcap=hv2/vif1-tx.pcap \
3296 options:rxq_pcap=hv2/vif1-rx.pcap \
3297 ofport-request=1
3298
3299
3300# Pre-populate the hypervisors' ARP tables so that we don't lose any
3301# packets for ARP resolution (native tunneling doesn't queue packets
3302# for ARP resolution).
3303ovn_populate_arp
3304
3305# Allow some time for ovn-northd and ovn-controller to catch up.
3306# XXX This should be more systematic.
3307sleep 1
3308
3309ip_to_hex() {
3310 printf "%02x%02x%02x%02x" "$@"
3311}
28dc3fe9
SR		 3312
3313# Send ip packets between foo1 and alice1
3314src_mac="f00000010203"
3315dst_mac="000000010203"
3316src_ip=`ip_to_hex 192 168 1 2`
3317dst_ip=`ip_to_hex 172 16 1 2`
3318packet=${dst_mac}${src_mac}08004500001c0000000040110000${src_ip}${dst_ip}0035111100080000
3319as hv1 ovs-appctl netdev-dummy/receive hv1-vif1 $packet
3320
3321# Send ip packets between foo1 and bob1
3322src_mac="f00000010203"
3323dst_mac="000000010203"
3324src_ip=`ip_to_hex 192 168 1 2`
3325dst_ip=`ip_to_hex 172 16 2 2`
3326packet=${dst_mac}${src_mac}08004500001c0000000040110000${src_ip}${dst_ip}0035111100080000
3327as hv1 ovs-appctl netdev-dummy/receive hv1-vif1 $packet
3328
3329echo "---------NB dump-----"
3330ovn-nbctl show
3331echo "---------------------"
3332ovn-nbctl list logical_router
3333echo "---------------------"
3334ovn-nbctl list logical_router_port
3335echo "---------------------"
3336
3337echo "---------SB dump-----"
3338ovn-sbctl list datapath_binding
3339echo "---------------------"
3340ovn-sbctl list port_binding
3341echo "---------------------"
3342
3343echo "------ hv1 dump ----------"
3344as hv1 ovs-ofctl dump-flows br-int
3345echo "------ hv2 dump ----------"
3346as hv2 ovs-ofctl dump-flows br-int
3347
3348# Packet to Expect at bob1
3349src_mac="000000010205"
3350dst_mac="f00000010205"
3351src_ip=`ip_to_hex 192 168 1 2`
3352dst_ip=`ip_to_hex 172 16 2 2`
49d7c759 3353echo "${dst_mac}${src_mac}08004500001c000000003e110200${src_ip}${dst_ip}0035111100080000" > expected
28dc3fe9 3354
49d7c759 3355OVN_CHECK_PACKETS([hv2/vif1-tx.pcap], [expected])
28dc3fe9
SR		 3356
3357# Packet to Expect at alice1
3358src_mac="000000010204"
3359dst_mac="f00000010204"
3360src_ip=`ip_to_hex 192 168 1 2`
3361dst_ip=`ip_to_hex 172 16 1 2`
49d7c759 3362echo "${dst_mac}${src_mac}08004500001c000000003e110200${src_ip}${dst_ip}0035111100080000" > expected
28dc3fe9 3363
49d7c759 3364OVN_CHECK_PACKETS([hv1/vif2-tx.pcap], [expected])
28dc3fe9 3365
7a8f15e0 3366OVN_CLEANUP([hv1],[hv2])
28dc3fe9
SR		 3367
3368AT_CLEANUP
5412db30 3369
0ee8aaf6 3370AT_SETUP([ovn -- send gratuitous arp on localnet])
d08dbed7 3371AT_SKIP_IF([test $HAVE_PYTHON = no])
0ee8aaf6 3372ovn_start
ea46a4e9 3373ovn-nbctl ls-add lsw0
0ee8aaf6
RR		 3374net_add n1
3375sim_add hv
3376as hv
3377ovs-vsctl \
3378 -- add-br br-phys \
3379 -- add-br br-eth0
3380
3381ovn_attach n1 br-phys 192.168.0.1
3382
3383AT_CHECK([ovs-vsctl set Open_vSwitch . external-ids:ovn-bridge-mappings=physnet1:br-eth0])
3384AT_CHECK([ovs-vsctl add-port br-eth0 snoopvif -- set Interface snoopvif options:tx_pcap=hv/snoopvif-tx.pcap options:rxq_pcap=hv/snoopvif-rx.pcap])
3385
3386# Create a vif.
31ed1192
JP		 3387AT_CHECK([ovn-nbctl lsp-add lsw0 localvif1])
3388AT_CHECK([ovn-nbctl lsp-set-addresses localvif1 "f0:00:00:00:00:01 192.168.1.2"])
3389AT_CHECK([ovn-nbctl lsp-set-port-security localvif1 "f0:00:00:00:00:01"])
0ee8aaf6
RR		 3390
3391# Create a localnet port.
31ed1192
JP		 3392AT_CHECK([ovn-nbctl lsp-add lsw0 ln_port])
3393AT_CHECK([ovn-nbctl lsp-set-addresses ln_port unknown])
3394AT_CHECK([ovn-nbctl lsp-set-type ln_port localnet])
3395AT_CHECK([ovn-nbctl lsp-set-options ln_port network_name=physnet1])
0ee8aaf6
RR		 3396
3397AT_CHECK([ovs-vsctl add-port br-int localvif1 -- set Interface localvif1 external_ids:iface-id=localvif1])
3398
3399# Wait for packet to be received.
49d7c759
BP		 3400echo "fffffffffffff0000000000108060001080006040001f00000000001c0a80102000000000000c0a80102" > expected
3401OVN_CHECK_PACKETS([hv/snoopvif-tx.pcap], [expected])
0ee8aaf6
RR		 3402
3403# Delete the localnet ports.
3404AT_CHECK([ovs-vsctl del-port localvif1])
31ed1192 3405AT_CHECK([ovn-nbctl lsp-del ln_port])
0ee8aaf6 3406
7a8f15e0 3407OVN_CLEANUP([hv])
0ee8aaf6
RR		 3408
3409AT_CLEANUP
75cf9d2b
GS		 3410
3411AT_SETUP([ovn -- 2 HVs, 3 LRs connected via LS, static routes])
75cf9d2b
GS		 3412AT_SKIP_IF([test $HAVE_PYTHON = no])
3413ovn_start
3414
3415# Logical network:
3416# Three LRs - R1, R2 and R3 that are connected to each other via LS "join"
3417# in 20.0.0.0/24 network. R1 has switchess foo (192.168.1.0/24)
3418# connected to it. R2 has alice (172.16.1.0/24) and R3 has bob (10.32.1.0/24)
3419# connected to it.
3420
fa2a27b2
JP		 3421ovn-nbctl lr-add R1
3422ovn-nbctl lr-add R2
3423ovn-nbctl lr-add R3
75cf9d2b 3424
ea46a4e9
JP		 3425ovn-nbctl ls-add foo
3426ovn-nbctl ls-add alice
3427ovn-nbctl ls-add bob
3428ovn-nbctl ls-add join
75cf9d2b
GS		 3429
3430# Connect foo to R1
31114af7 3431ovn-nbctl lrp-add R1 foo 00:00:01:01:02:03 192.168.1.1/24
31ed1192 3432ovn-nbctl lsp-add foo rp-foo -- set Logical_Switch_Port rp-foo type=router \
31114af7 3433 options:router-port=foo addresses=\"00:00:01:01:02:03\"
75cf9d2b
GS		 3434
3435# Connect alice to R2
31114af7 3436ovn-nbctl lrp-add R2 alice 00:00:02:01:02:03 172.16.1.1/24
31ed1192 3437ovn-nbctl lsp-add alice rp-alice -- set Logical_Switch_Port rp-alice \
80f408f4 3438 type=router options:router-port=alice addresses=\"00:00:02:01:02:03\"
75cf9d2b
GS		 3439
3440# Connect bob to R3
31114af7 3441ovn-nbctl lrp-add R3 bob 00:00:03:01:02:03 10.32.1.1/24
31ed1192 3442ovn-nbctl lsp-add bob rp-bob -- set Logical_Switch_Port rp-bob \
80f408f4 3443 type=router options:router-port=bob addresses=\"00:00:03:01:02:03\"
75cf9d2b
GS		 3444
3445# Connect R1 to join
31114af7 3446ovn-nbctl lrp-add R1 R1_join 00:00:04:01:02:03 20.0.0.1/24
31ed1192 3447ovn-nbctl lsp-add join r1-join -- set Logical_Switch_Port r1-join \
80f408f4 3448 type=router options:router-port=R1_join addresses='"00:00:04:01:02:03"'
75cf9d2b
GS		 3449
3450# Connect R2 to join
31114af7 3451ovn-nbctl lrp-add R2 R2_join 00:00:04:01:02:04 20.0.0.2/24
31ed1192 3452ovn-nbctl lsp-add join r2-join -- set Logical_Switch_Port r2-join \
80f408f4 3453 type=router options:router-port=R2_join addresses='"00:00:04:01:02:04"'
75cf9d2b
GS		 3454
3455# Connect R3 to join
31114af7 3456ovn-nbctl lrp-add R3 R3_join 00:00:04:01:02:05 20.0.0.3/24
31ed1192 3457ovn-nbctl lsp-add join r3-join -- set Logical_Switch_Port r3-join \
80f408f4 3458 type=router options:router-port=R3_join addresses='"00:00:04:01:02:05"'
75cf9d2b
GS		 3459
3460#install static routes
e48ccf3c
JP		 3461ovn-nbctl lr-route-add R1 172.16.1.0/24 20.0.0.2
3462ovn-nbctl lr-route-add R1 10.32.1.0/24 20.0.0.3
75cf9d2b 3463
e48ccf3c
JP		 3464ovn-nbctl lr-route-add R2 192.168.1.0/24 20.0.0.1
3465ovn-nbctl lr-route-add R2 10.32.1.0/24 20.0.0.3
75cf9d2b 3466
e48ccf3c
JP		 3467ovn-nbctl lr-route-add R3 192.168.1.0/24 20.0.0.1
3468ovn-nbctl lr-route-add R3 172.16.1.0/24 20.0.0.2
75cf9d2b
GS		 3469
3470# Create logical port foo1 in foo
31ed1192
JP		 3471ovn-nbctl lsp-add foo foo1 \
3472-- lsp-set-addresses foo1 "f0:00:00:01:02:03 192.168.1.2"
75cf9d2b
GS		 3473
3474# Create logical port alice1 in alice
31ed1192
JP		 3475ovn-nbctl lsp-add alice alice1 \
3476-- lsp-set-addresses alice1 "f0:00:00:01:02:04 172.16.1.2"
75cf9d2b
GS		 3477
3478# Create logical port bob1 in bob
31ed1192
JP		 3479ovn-nbctl lsp-add bob bob1 \
3480-- lsp-set-addresses bob1 "f0:00:00:01:02:05 10.32.1.2"
75cf9d2b
GS		 3481
3482# Create two hypervisor and create OVS ports corresponding to logical ports.
3483net_add n1
3484
3485sim_add hv1
3486as hv1
3487ovs-vsctl add-br br-phys
3488ovn_attach n1 br-phys 192.168.0.1
3489ovs-vsctl -- add-port br-int hv1-vif1 -- \
3490 set interface hv1-vif1 external-ids:iface-id=foo1 \
3491 options:tx_pcap=hv1/vif1-tx.pcap \
3492 options:rxq_pcap=hv1/vif1-rx.pcap \
3493 ofport-request=1
3494
3495ovs-vsctl -- add-port br-int hv1-vif2 -- \
3496 set interface hv1-vif2 external-ids:iface-id=alice1 \
3497 options:tx_pcap=hv1/vif2-tx.pcap \
3498 options:rxq_pcap=hv1/vif2-rx.pcap \
3499 ofport-request=2
3500
3501sim_add hv2
3502as hv2
3503ovs-vsctl add-br br-phys
3504ovn_attach n1 br-phys 192.168.0.2
3505ovs-vsctl -- add-port br-int hv2-vif1 -- \
3506 set interface hv2-vif1 external-ids:iface-id=bob1 \
3507 options:tx_pcap=hv2/vif1-tx.pcap \
3508 options:rxq_pcap=hv2/vif1-rx.pcap \
3509 ofport-request=1
3510
3511
3512# Pre-populate the hypervisors' ARP tables so that we don't lose any
3513# packets for ARP resolution (native tunneling doesn't queue packets
3514# for ARP resolution).
3515ovn_populate_arp
3516
3517# Allow some time for ovn-northd and ovn-controller to catch up.
3518# XXX This should be more systematic.
3519sleep 1
3520
3521ip_to_hex() {
3522 printf "%02x%02x%02x%02x" "$@"
3523}
75cf9d2b
GS		 3524
3525# Send ip packets between foo1 and alice1
3526src_mac="f00000010203"
3527dst_mac="000001010203"
3528src_ip=`ip_to_hex 192 168 1 2`
3529dst_ip=`ip_to_hex 172 16 1 2`
3530packet=${dst_mac}${src_mac}08004500001c0000000040110000${src_ip}${dst_ip}0035111100080000
3531as hv1 ovs-appctl netdev-dummy/receive hv1-vif1 $packet
3532as hv1 ovs-appctl ofproto/trace br-int in_port=1 $packet
3533
3534# Send ip packets between foo1 and bob1
3535src_mac="f00000010203"
3536dst_mac="000001010203"
3537src_ip=`ip_to_hex 192 168 1 2`
3538dst_ip=`ip_to_hex 10 32 1 2`
3539packet=${dst_mac}${src_mac}08004500001c0000000040110000${src_ip}${dst_ip}0035111100080000
3540as hv1 ovs-appctl netdev-dummy/receive hv1-vif1 $packet
3541
3542echo "---------NB dump-----"
3543ovn-nbctl show
3544echo "---------------------"
3545ovn-nbctl list logical_router
3546echo "---------------------"
3547ovn-nbctl list logical_router_port
3548echo "---------------------"
3549
3550echo "---------SB dump-----"
3551ovn-sbctl list datapath_binding
3552echo "---------------------"
3553ovn-sbctl list port_binding
3554echo "---------------------"
3555ovn-sbctl dump-flows
3556echo "---------------------"
3557
3558echo "------ hv1 dump ----------"
3559as hv1 ovs-ofctl show br-int
3560as hv1 ovs-ofctl dump-flows br-int
3561echo "------ hv2 dump ----------"
3562as hv2 ovs-ofctl show br-int
3563as hv2 ovs-ofctl dump-flows br-int
3564echo "----------------------------"
3565
3566# Packet to Expect at bob1
3567src_mac="000003010203"
3568dst_mac="f00000010205"
3569src_ip=`ip_to_hex 192 168 1 2`
3570dst_ip=`ip_to_hex 10 32 1 2`
49d7c759 3571echo "${dst_mac}${src_mac}08004500001c000000003e110200${src_ip}${dst_ip}0035111100080000" > expected
75cf9d2b 3572
49d7c759 3573OVN_CHECK_PACKETS([hv2/vif1-tx.pcap], [expected])
75cf9d2b
GS		 3574
3575# Packet to Expect at alice1
3576src_mac="000002010203"
3577dst_mac="f00000010204"
3578src_ip=`ip_to_hex 192 168 1 2`
3579dst_ip=`ip_to_hex 172 16 1 2`
49d7c759 3580echo "${dst_mac}${src_mac}08004500001c000000003e110200${src_ip}${dst_ip}0035111100080000" > expected
75cf9d2b 3581
49d7c759 3582OVN_CHECK_PACKETS([hv1/vif2-tx.pcap], [expected])
75cf9d2b 3583
7a8f15e0 3584OVN_CLEANUP([hv1],[hv2])
75cf9d2b
GS		 3585
3586AT_CLEANUP
c1645003 3587
281977f7 3588AT_SETUP([ovn -- dhcpv4 : 1 HV, 2 LS, 2 LSPs/LS])
281977f7
NS		 3589AT_SKIP_IF([test $HAVE_PYTHON = no])
3590ovn_start
3591
3592ovn-nbctl ls-add ls1
3593
3594ovn-nbctl lsp-add ls1 ls1-lp1 \
3595-- lsp-set-addresses ls1-lp1 "f0:00:00:00:00:01 10.0.0.4"
3596
3597ovn-nbctl lsp-set-port-security ls1-lp1 "f0:00:00:00:00:01 10.0.0.4"
3598
3599ovn-nbctl lsp-add ls1 ls1-lp2 \
3600-- lsp-set-addresses ls1-lp2 "f0:00:00:00:00:02 10.0.0.6 20.0.0.4"
3601
3602ovn-nbctl lsp-set-port-security ls1-lp2 "f0:00:00:00:00:02 10.0.0.6 20.0.0.4"
3603
3604ovn-nbctl ls-add ls2
3605ovn-nbctl lsp-add ls2 ls2-lp1 \
3606-- lsp-set-addresses ls2-lp1 "f0:00:00:00:00:03 30.0.0.6 40.0.0.4"
3607ovn-nbctl lsp-set-port-security ls2-lp1 "f0:00:00:00:00:03 30.0.0.6 40.0.0.4"
3608ovn-nbctl lsp-add ls2 ls2-lp2 \
3609-- lsp-set-addresses ls2-lp2 "f0:00:00:00:00:04 30.0.0.7"
3610ovn-nbctl lsp-set-port-security ls2-lp2 "f0:00:00:00:00:04 30.0.0.7"
3611
3612ovn-nbctl -- --id=@d1 create DHCP_Options cidr=10.0.0.0/24 \
3613options="\"server_id\"=\"10.0.0.1\" \"server_mac\"=\"ff:10:00:00:00:01\" \
3614\"lease_time\"=\"3600\" \"router\"=\"10.0.0.1\"" \
3615-- add Logical_Switch_Port ls1-lp1 dhcpv4_options @d1 \
3616-- add Logical_Switch_Port ls1-lp2 dhcpv4_options @d1
3617
3618ovn-nbctl -- --id=@d2 create DHCP_Options cidr=30.0.0.0/24 \
3619options="\"server_id\"=\"30.0.0.1\" \"server_mac\"=\"ff:10:00:00:00:02\" \
3620\"lease_time\"=\"3600\"" -- add Logical_Switch_Port ls2-lp2 dhcpv4_options @d2
3621
3622net_add n1
3623sim_add hv1
3624
3625as hv1
3626ovs-vsctl add-br br-phys
3627ovn_attach n1 br-phys 192.168.0.1
3628ovs-vsctl -- add-port br-int hv1-vif1 -- \
3629 set interface hv1-vif1 external-ids:iface-id=ls1-lp1 \
3630 options:tx_pcap=hv1/vif1-tx.pcap \
3631 options:rxq_pcap=hv1/vif1-rx.pcap \
3632 ofport-request=1
3633
3634ovs-vsctl -- add-port br-int hv1-vif2 -- \
3635 set interface hv1-vif2 external-ids:iface-id=ls1-lp2 \
3636 options:tx_pcap=hv1/vif2-tx.pcap \
3637 options:rxq_pcap=hv1/vif2-rx.pcap \
3638 ofport-request=2
3639
3640ovs-vsctl -- add-port br-int hv1-vif3 -- \
3641 set interface hv1-vif3 external-ids:iface-id=ls2-lp1 \
3642 options:tx_pcap=hv1/vif3-tx.pcap \
3643 options:rxq_pcap=hv1/vif3-rx.pcap \
3644 ofport-request=3
3645
3646ovs-vsctl -- add-port br-int hv1-vif4 -- \
3647 set interface hv1-vif4 external-ids:iface-id=ls2-lp2 \
3648 options:tx_pcap=hv1/vif4-tx.pcap \
3649 options:rxq_pcap=hv1/vif4-rx.pcap \
3650 ofport-request=4
3651
3652ovn_populate_arp
3653
3654sleep 2
3655
3656as hv1 ovs-vsctl show
3657
281977f7
NS		 3658# This shell function sends a DHCP request packet
3659# test_dhcp INPORT SRC_MAC DHCP_TYPE OFFER_IP ...
3660test_dhcp() {
3661 local inport=$1 src_mac=$2 dhcp_type=$3 offer_ip=$4
3662 local request=ffffffffffff${src_mac}080045100110000000008011000000000000ffffffff
3663 # udp header and dhcp header
ab187e7e
BP		 3664 request=${request}0044004300fc0000
3665 request=${request}010106006359aa760000000000000000000000000000000000000000${src_mac}
281977f7 3666 # client hardware padding
ab187e7e 3667 request=${request}00000000000000000000
281977f7 3668 # server hostname
ab187e7e
BP		 3669 request=${request}0000000000000000000000000000000000000000000000000000000000000000
3670 request=${request}0000000000000000000000000000000000000000000000000000000000000000
281977f7 3671 # boot file name
ab187e7e
BP		 3672 request=${request}0000000000000000000000000000000000000000000000000000000000000000
3673 request=${request}0000000000000000000000000000000000000000000000000000000000000000
3674 request=${request}0000000000000000000000000000000000000000000000000000000000000000
3675 request=${request}0000000000000000000000000000000000000000000000000000000000000000
281977f7 3676 # dhcp magic cookie
ab187e7e 3677 request=${request}63825363
281977f7 3678 # dhcp message type
ab187e7e 3679 request=${request}3501${dhcp_type}ff
281977f7
NS		 3680
3681 if test $offer_ip != 0; then
3682 local srv_mac=$5 srv_ip=$6 expected_dhcp_opts=$7
3683 # total IP length will be the IP length of the request packet
3684 # (which is 272 in our case) + 8 (padding bytes) + (expected_dhcp_opts / 2)
3685 ip_len=`expr 280 + ${#expected_dhcp_opts} / 2`
3686 udp_len=`expr $ip_len - 20`
04d60f6e
YT		 3687 ip_len=$(printf "%x" $ip_len)
3688 udp_len=$(printf "%x" $udp_len)
281977f7
NS		 3689 # $ip_len var will be in 3 digits i.e 134. So adding a '0' before $ip_len
3690 local reply=${src_mac}${srv_mac}080045100${ip_len}000000008011XXXX${srv_ip}${offer_ip}
3691 # udp header and dhcp header.
3692 # $udp_len var will be in 3 digits. So adding a '0' before $udp_len
ab187e7e 3693 reply=${reply}004300440${udp_len}0000020106006359aa760000000000000000
281977f7 3694 # your ip address
ab187e7e 3695 reply=${reply}${offer_ip}
281977f7 3696 # next server ip address, relay agent ip address, client mac address
ab187e7e 3697 reply=${reply}0000000000000000${src_mac}
281977f7 3698 # client hardware padding
ab187e7e 3699 reply=${reply}00000000000000000000
281977f7 3700 # server hostname
ab187e7e
BP		 3701 reply=${reply}0000000000000000000000000000000000000000000000000000000000000000
3702 reply=${reply}0000000000000000000000000000000000000000000000000000000000000000
281977f7 3703 # boot file name
ab187e7e
BP		 3704 reply=${reply}0000000000000000000000000000000000000000000000000000000000000000
3705 reply=${reply}0000000000000000000000000000000000000000000000000000000000000000
3706 reply=${reply}0000000000000000000000000000000000000000000000000000000000000000
3707 reply=${reply}0000000000000000000000000000000000000000000000000000000000000000
281977f7 3708 # dhcp magic cookie
ab187e7e 3709 reply=${reply}63825363
281977f7
NS		 3710 # dhcp message type
3711 local dhcp_reply_type=02
3712 if test $dhcp_type = 03; then
3713 dhcp_reply_type=05
3714 fi
ab187e7e 3715 reply=${reply}3501${dhcp_reply_type}${expected_dhcp_opts}00000000ff00000000
281977f7
NS		 3716 echo $reply >> $inport.expected
3717 else
3718 shift; shift; shift; shift;
3719 for outport; do
e4543cfe 3720 echo $request >> $outport.expected
281977f7
NS		 3721 done
3722 fi
3723 as hv1 ovs-appctl netdev-dummy/receive hv1-vif$inport $request
3724}
3725
3726reset_pcap_file() {
3727 local iface=$1
3728 local pcap_file=$2
3729 ovs-vsctl -- set Interface $iface options:tx_pcap=dummy-tx.pcap \
3730options:rxq_pcap=dummy-rx.pcap
3731 rm -f ${pcap_file}*.pcap
3732 ovs-vsctl -- set Interface $iface options:tx_pcap=${pcap_file}-tx.pcap \
3733options:rxq_pcap=${pcap_file}-rx.pcap
3734}
3735
3736ip_to_hex() {
3737 printf "%02x%02x%02x%02x" "$@"
3738}
3739
3740AT_CAPTURE_FILE([ofctl_monitor0.log])
3741as hv1 ovs-ofctl monitor br-int resume --detach --no-chdir \
3742--pidfile=ovs-ofctl0.pid 2> ofctl_monitor0.log
3743
3744echo "---------NB dump-----"
3745ovn-nbctl show
3746echo "---------------------"
3747echo "---------SB dump-----"
3748ovn-sbctl list datapath_binding
3749echo "---------------------"
3750ovn-sbctl list logical_flow
3751echo "---------------------"
3752
3753echo "---------------------"
3754ovn-sbctl dump-flows
3755echo "---------------------"
3756
3757echo "------ hv1 dump ----------"
3758as hv1 ovs-ofctl dump-flows br-int
3759
3760# Send DHCPDISCOVER.
3761offer_ip=`ip_to_hex 10 0 0 4`
3762server_ip=`ip_to_hex 10 0 0 1`
7c76bf4e 3763expected_dhcp_opts=330400000e100104ffffff0003040a00000136040a000001
281977f7
NS		 3764test_dhcp 1 f00000000001 01 $offer_ip ff1000000001 $server_ip $expected_dhcp_opts
3765
3766# NXT_RESUMEs should be 1.
3767OVS_WAIT_UNTIL([test 1 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
3768
3769$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/vif1-tx.pcap > 1.packets
3770cat 1.expected | cut -c -48 > expout
3771AT_CHECK([cat 1.packets | cut -c -48], [0], [expout])
3772# Skipping the IPv4 checksum.
3773cat 1.expected | cut -c 53- > expout
3774AT_CHECK([cat 1.packets | cut -c 53-], [0], [expout])
3775
3776# ovs-ofctl also resumes the packets and this causes other ports to receive
3777# the DHCP request packet. So reset the pcap files so that its easier to test.
3778reset_pcap_file hv1-vif1 hv1/vif1
3779reset_pcap_file hv1-vif2 hv1/vif2
3780rm -f 1.expected
3781rm -f 2.expected
3782
3783# Send DHCPREQUEST.
3784offer_ip=`ip_to_hex 10 0 0 6`
3785server_ip=`ip_to_hex 10 0 0 1`
7c76bf4e 3786expected_dhcp_opts=330400000e100104ffffff0003040a00000136040a000001
281977f7
NS		 3787test_dhcp 2 f00000000002 03 $offer_ip ff1000000001 $server_ip $expected_dhcp_opts
3788
3789# NXT_RESUMEs should be 2.
3790OVS_WAIT_UNTIL([test 2 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
3791
3792$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/vif2-tx.pcap > 2.packets
3793cat 2.expected | cut -c -48 > expout
3794AT_CHECK([cat 2.packets | cut -c -48], [0], [expout])
3795# Skipping the IPv4 checksum.
3796cat 2.expected | cut -c 53- > expout
3797AT_CHECK([cat 2.packets | cut -c 53-], [0], [expout])
3798
3799reset_pcap_file hv1-vif1 hv1/vif1
3800reset_pcap_file hv1-vif2 hv1/vif2
3801rm -f 1.expected
3802rm -f 2.expected
3803
3804# Send Invalid DHCPv4 packet on ls1-lp2. It should be received by ovn-controller
3805# but should be resumed without the reply.
3806# ls1-lp1 (vif1-tx.pcap) should receive the DHCPv4 request packet twice,
3807# one from ovn-controller and the other from "ovs-ofctl resume."
3808offer_ip=0
3809test_dhcp 2 f00000000002 08 $offer_ip 1 1
3810
3811# NXT_RESUMEs should be 3.
3812OVS_WAIT_UNTIL([test 3 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
3813
3814# vif1-tx.pcap should have received the DHCPv4 (invalid) request packet
49d7c759 3815OVN_CHECK_PACKETS([hv1/vif1-tx.pcap], [1.expected])
281977f7
NS		 3816
3817reset_pcap_file hv1-vif1 hv1/vif1
3818reset_pcap_file hv1-vif2 hv1/vif2
3819rm -f 1.expected
3820rm -f 2.expected
3821
3822# Send DHCPv4 packet on ls2-lp1. It doesn't have any DHCPv4 options defined.
3823# ls2-lp2 (vif4-tx.pcap) should receive the DHCPv4 request packet once.
3824
3825test_dhcp 3 f00000000003 01 0 4
3826
3827# Send DHCPv4 packet on ls2-lp2. "router" DHCPv4 option is not defined for
3828# this lport.
3829test_dhcp 4 f00000000004 01 0 3
3830
3831# NXT_RESUMEs should be 3.
3832OVS_WAIT_UNTIL([test 3 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
3833
49d7c759
BP		 3834OVN_CHECK_PACKETS([hv1/vif3-tx.pcap], [3.expected])
3835OVN_CHECK_PACKETS([hv1/vif4-tx.pcap], [4.expected])
281977f7
NS		 3836
3837as hv1
33ac3c83
NS		 3838OVS_APP_EXIT_AND_WAIT([ovn-controller])
3839OVS_APP_EXIT_AND_WAIT([ovs-vswitchd])
3840OVS_APP_EXIT_AND_WAIT([ovsdb-server])
3841
3842as ovn-sb
3843OVS_APP_EXIT_AND_WAIT([ovsdb-server])
3844
3845as ovn-nb
3846OVS_APP_EXIT_AND_WAIT([ovsdb-server])
3847
3848as northd
3849OVS_APP_EXIT_AND_WAIT([ovn-northd])
3850
3851as main
3852OVS_APP_EXIT_AND_WAIT([ovs-vswitchd])
3853OVS_APP_EXIT_AND_WAIT([ovsdb-server])
3854
3855AT_CLEANUP
3856
40df4566 3857AT_SETUP([ovn -- dhcpv6 : 1 HV, 2 LS, 5 LSPs])
33ac3c83
NS		 3858AT_SKIP_IF([test $HAVE_PYTHON = no])
3859ovn_start
3860
3861ovn-nbctl ls-add ls1
3862ovn-nbctl lsp-add ls1 ls1-lp1 \
3863-- lsp-set-addresses ls1-lp1 "f0:00:00:00:00:01 10.0.0.4 ae70::4"
3864
3865ovn-nbctl lsp-set-port-security ls1-lp1 "f0:00:00:00:00:01 10.0.0.4 ae70::4"
3866
3867ovn-nbctl lsp-add ls1 ls1-lp2 \
3868-- lsp-set-addresses ls1-lp2 "f0:00:00:00:00:02 ae70::5"
3869
3870ovn-nbctl lsp-set-port-security ls1-lp2 "f0:00:00:00:00:02 ae70::5"
3871
40df4566
ZKL		 3872ovn-nbctl lsp-add ls1 ls1-lp3 \
3873-- lsp-set-addresses ls1-lp3 "f0:00:00:00:00:22 ae70::22"
3874
3875ovn-nbctl lsp-set-port-security ls1-lp3 "f0:00:00:00:00:22 ae70::22"
3876
33ac3c83
NS		 3877ovn-nbctl -- --id=@d1 create DHCP_Options cidr="ae70\:\:/64" \
3878options="\"server_id\"=\"00:00:00:10:00:01\"" \
3879-- add Logical_Switch_Port ls1-lp1 dhcpv6_options @d1 \
3880-- add Logical_Switch_Port ls1-lp2 dhcpv6_options @d1
3881
40df4566
ZKL		 3882ovn-nbctl -- --id=@d2 create DHCP_Options cidr="ae70\:\:/64" \
3883options="\"dhcpv6_stateless\"=\"true\" \"server_id\"=\"00:00:00:10:00:01\"" \
3884-- add Logical_Switch_Port ls1-lp3 dhcpv6_options @d2
3885
33ac3c83
NS		 3886ovn-nbctl ls-add ls2
3887ovn-nbctl lsp-add ls2 ls2-lp1 \
3888-- lsp-set-addresses ls2-lp1 "f0:00:00:00:00:03 be70::3"
3889ovn-nbctl lsp-set-port-security ls2-lp1 "f0:00:00:00:00:03 be70::3"
3890ovn-nbctl lsp-add ls2 ls2-lp2 \
3891-- lsp-set-addresses ls2-lp2 "f0:00:00:00:00:04 be70::4"
3892ovn-nbctl lsp-set-port-security ls2-lp2 "f0:00:00:00:00:04 be70::4"
3893
3894net_add n1
3895sim_add hv1
3896
3897as hv1
3898ovs-vsctl add-br br-phys
3899ovn_attach n1 br-phys 192.168.0.1
3900ovs-vsctl -- add-port br-int hv1-vif1 -- \
3901 set interface hv1-vif1 external-ids:iface-id=ls1-lp1 \
3902 options:tx_pcap=hv1/vif1-tx.pcap \
3903 options:rxq_pcap=hv1/vif1-rx.pcap \
3904 ofport-request=1
3905
3906ovs-vsctl -- add-port br-int hv1-vif2 -- \
3907 set interface hv1-vif2 external-ids:iface-id=ls1-lp2 \
3908 options:tx_pcap=hv1/vif2-tx.pcap \
3909 options:rxq_pcap=hv1/vif2-rx.pcap \
3910 ofport-request=2
3911
3912ovs-vsctl -- add-port br-int hv1-vif3 -- \
3913 set interface hv1-vif3 external-ids:iface-id=ls2-lp1 \
3914 options:tx_pcap=hv1/vif3-tx.pcap \
3915 options:rxq_pcap=hv1/vif3-rx.pcap \
3916 ofport-request=3
3917
3918ovs-vsctl -- add-port br-int hv1-vif4 -- \
3919 set interface hv1-vif4 external-ids:iface-id=ls2-lp2 \
3920 options:tx_pcap=hv1/vif4-tx.pcap \
3921 options:rxq_pcap=hv1/vif4-rx.pcap \
3922 ofport-request=4
3923
40df4566
ZKL		 3924ovs-vsctl -- add-port br-int hv1-vif5 -- \
3925 set interface hv1-vif5 external-ids:iface-id=ls1-lp3 \
3926 options:tx_pcap=hv1/vif5-tx.pcap \
3927 options:rxq_pcap=hv1/vif5-rx.pcap \
3928 ofport-request=5
3929
33ac3c83
NS		 3930ovn_populate_arp
3931
3932sleep 2
3933
3934trim_zeros() {
3935 sed 's/\(00\)\{1,\}$//'
3936}
3937
3938# This shell function sends a DHCPv6 request packet
40df4566
ZKL		 3939# test_dhcpv6 INPORT SRC_MAC SRC_LLA DHCPv6_MSG_TYPE OFFER_IP OUTPORT...
3940# The OUTPORTs (zero or more) list the VIFs on which the original DHCPv6
33ac3c83
NS		 3941# packet should be received twice (one from ovn-controller and the other
3942# from the "ovs-ofctl monitor br-int resume"
3943test_dhcpv6() {
3944 local inport=$1 src_mac=$2 src_lla=$3 msg_code=$4 offer_ip=$5
3945 local request=ffffffffffff${src_mac}86dd00000000002a1101${src_lla}
3946 # dst ip ff02::1:2
ab187e7e 3947 request=${request}ff020000000000000000000000010002
33ac3c83 3948 # udp header and dhcpv6 header
ab187e7e 3949 request=${request}02220223002affff${msg_code}010203
33ac3c83 3950 # Client identifier
ab187e7e 3951 request=${request}0001000a00030001${src_mac}
33ac3c83 3952 # IA-NA (Identity Association for Non Temporary Address)
ab187e7e 3953 request=${request}0003000c0102030400000e1000001518
33ac3c83
NS		 3954 shift; shift; shift; shift; shift;
3955 if test $offer_ip != 0; then
3956 local server_mac=000000100001
3957 local server_lla=fe80000000000000020000fffe100001
3958 local reply_code=07
3959 if test $msg_code = 01; then
3960 reply_code=02
3961 fi
40df4566
ZKL		 3962 local msg_len=54
3963 if test $offer_ip = 1; then
3964 msg_len=28
3965 fi
3966 local reply=${src_mac}${server_mac}86dd0000000000${msg_len}1101${server_lla}${src_lla}
33ac3c83 3967 # udp header and dhcpv6 header
ab187e7e 3968 reply=${reply}0223022200${msg_len}ffff${reply_code}010203
33ac3c83 3969 # Client identifier
ab187e7e 3970 reply=${reply}0001000a00030001${src_mac}
33ac3c83 3971 # IA-NA
40df4566 3972 if test $offer_ip != 1; then
ab187e7e 3973 reply=${reply}0003002801020304ffffffffffffffff00050018${offer_ip}ffffffffffffffff
40df4566 3974 fi
33ac3c83 3975 # Server identifier
ab187e7e 3976 reply=${reply}0002000a00030001${server_mac}
33ac3c83
NS		 3977 echo $reply | trim_zeros >> $inport.expected
3978 else
3979 for outport; do
3980 echo $request | trim_zeros >> $outport.expected
3981 done
3982 fi
3983
3984 as hv1 ovs-appctl netdev-dummy/receive hv1-vif$inport $request
3985}
3986
3987reset_pcap_file() {
3988 local iface=$1
3989 local pcap_file=$2
3990 ovs-vsctl -- set Interface $iface options:tx_pcap=dummy-tx.pcap \
3991options:rxq_pcap=dummy-rx.pcap
3992 rm -f ${pcap_file}*.pcap
3993 ovs-vsctl -- set Interface $iface options:tx_pcap=${pcap_file}-tx.pcap \
3994options:rxq_pcap=${pcap_file}-rx.pcap
3995}
3996
3997AT_CAPTURE_FILE([ofctl_monitor0.log])
3998as hv1 ovs-ofctl monitor br-int resume --detach --no-chdir \
3999--pidfile=ovs-ofctl0.pid 2> ofctl_monitor0.log
4000
4001echo "---------NB dump-----"
4002ovn-nbctl show
4003echo "---------------------"
4004echo "---------SB dump-----"
4005ovn-sbctl list datapath_binding
4006echo "---------------------"
4007ovn-sbctl list logical_flow
4008echo "---------------------"
4009
4010echo "---------------------"
4011ovn-sbctl dump-flows
4012echo "---------------------"
4013
4014echo "------ hv1 dump ----------"
4015as hv1 ovs-ofctl dump-flows br-int
4016
4017src_mac=f00000000001
4018src_lla=fe80000000000000f20000fffe000001
4019offer_ip=ae700000000000000000000000000004
4020test_dhcpv6 1 $src_mac $src_lla 01 $offer_ip
4021
4022# NXT_RESUMEs should be 1.
4023OVS_WAIT_UNTIL([test 1 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
4024
4025$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/vif1-tx.pcap | trim_zeros > 1.packets
4026# cat 1.expected | trim_zeros > expout
4027cat 1.expected | cut -c -120 > expout
4028AT_CHECK([cat 1.packets | cut -c -120], [0], [expout])
4029# Skipping the UDP checksum
4030cat 1.expected | cut -c 125- > expout
4031AT_CHECK([cat 1.packets | cut -c 125-], [0], [expout])
4032
4033rm 1.expected
4034
4035# Send invalid packet on ls1-lp2. ovn-controller should resume the packet
4036# without any modifications and the packet should be received by ls1-lp1.
4037# ls1-lp1 will receive the packet twice, one from the ovn-controller after the
4038# resume and the other from ovs-ofctl monitor resume.
4039
4040reset_pcap_file hv1-vif1 hv1/vif1
4041reset_pcap_file hv1-vif2 hv1/vif2
4042
4043src_mac=f00000000002
4044src_lla=fe80000000000000f20000fffe000002
4045offer_ip=ae700000000000000000000000000005
4046# Set invalid msg_type
4047
4048test_dhcpv6 2 $src_mac $src_lla 10 0 1 1
4049
4050# NXT_RESUMEs should be 2.
4051OVS_WAIT_UNTIL([test 2 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
4052
4053# vif2-tx.pcap should not have received the DHCPv6 reply packet
4054rm 2.packets
4055$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/vif2-tx.pcap | trim_zeros > 2.packets
4056AT_CHECK([cat 2.packets], [0], [])
4057
4058# vif1-tx.pcap should have received the DHCPv6 (invalid) request packet
4059$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/vif1-tx.pcap | trim_zeros > 1.packets
4060cat 1.expected > expout
4061AT_CHECK([cat 1.packets], [0], [expout])
4062
4063# Send DHCPv6 packet on ls2-lp1. native DHCPv6 is disabled on this port.
4064# There should be no DHCPv6 reply from ovn-controller and the request packet
4065# should be received by ls2-lp2.
4066
4067src_mac=f00000000003
4068src_lla=fe80000000000000f20000fffe000003
4069test_dhcpv6 3 $src_mac $src_lla 01 0 4
4070
4071# NXT_RESUMEs should be 2 only.
4072OVS_WAIT_UNTIL([test 2 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
4073
4074# vif3-tx.pcap should not have received the DHCPv6 reply packet
4075$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/vif3-tx.pcap | trim_zeros > 3.packets
4076AT_CHECK([cat 3.packets], [0], [])
4077
4078# vif4-tx.pcap should have received the DHCPv6 request packet
4079$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/vif4-tx.pcap | trim_zeros > 4.packets
4080cat 4.expected > expout
4081AT_CHECK([cat 4.packets], [0], [expout])
4082
40df4566
ZKL		 4083# Send DHCPv6 packet on ls1-lp3. native DHCPv6 works as stateless mode for this port.
4084# The DHCPv6 reply should doesn't contian offer_ip.
4085src_mac=f00000000022
4086src_lla=fe80000000000000f20000fffe000022
4087reset_pcap_file hv1-vif5 hv1/vif5
4088test_dhcpv6 5 $src_mac $src_lla 01 1 5
4089
4090# NXT_RESUMEs should be 3.
4091OVS_WAIT_UNTIL([test 3 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`])
4092
4093$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/vif5-tx.pcap | trim_zeros > 5.packets
4094# Skipping the UDP checksum
4095cat 5.expected | cut -c 1-120,125- > expout
4096AT_CHECK([cat 5.packets | cut -c 1-120,125- ], [0], [expout])
4097
33ac3c83 4098as hv1
281977f7
NS		 4099OVS_APP_EXIT_AND_WAIT([ovn-controller])
4100OVS_APP_EXIT_AND_WAIT([ovs-vswitchd])
4101OVS_APP_EXIT_AND_WAIT([ovsdb-server])
4102
4103as ovn-sb
4104OVS_APP_EXIT_AND_WAIT([ovsdb-server])
4105
4106as ovn-nb
4107OVS_APP_EXIT_AND_WAIT([ovsdb-server])
4108
4109as northd
4110OVS_APP_EXIT_AND_WAIT([ovn-northd])
4111
4112as main
4113OVS_APP_EXIT_AND_WAIT([ovs-vswitchd])
4114OVS_APP_EXIT_AND_WAIT([ovsdb-server])
4115
4116AT_CLEANUP
4117
c1645003 4118AT_SETUP([ovn -- 2 HVs, 2 LRs connected via LS, gateway router])
c1645003
GS		 4119AT_SKIP_IF([test $HAVE_PYTHON = no])
4120ovn_start
4121
4122# Logical network:
4123# Two LRs - R1 and R2 that are connected to each other via LS "join"
4124# in 20.0.0.0/24 network. R1 has switchess foo (192.168.1.0/24)
4125# connected to it. R2 has alice (172.16.1.0/24) connected to it.
4126# R2 is a gateway router.
4127
4128
4129
4130# Create two hypervisor and create OVS ports corresponding to logical ports.
4131net_add n1
4132
4133sim_add hv1
4134as hv1
4135ovs-vsctl add-br br-phys
4136ovn_attach n1 br-phys 192.168.0.1
4137ovs-vsctl -- add-port br-int hv1-vif1 -- \
4138 set interface hv1-vif1 external-ids:iface-id=foo1 \
4139 options:tx_pcap=hv1/vif1-tx.pcap \
4140 options:rxq_pcap=hv1/vif1-rx.pcap \
4141 ofport-request=1
4142
4143
4144sim_add hv2
4145as hv2
4146ovs-vsctl add-br br-phys
4147ovn_attach n1 br-phys 192.168.0.2
4148ovs-vsctl -- add-port br-int hv2-vif1 -- \
4149 set interface hv2-vif1 external-ids:iface-id=alice1 \
4150 options:tx_pcap=hv2/vif1-tx.pcap \
4151 options:rxq_pcap=hv2/vif1-rx.pcap \
4152 ofport-request=1
4153
4154# Pre-populate the hypervisors' ARP tables so that we don't lose any
4155# packets for ARP resolution (native tunneling doesn't queue packets
4156# for ARP resolution).
4157ovn_populate_arp
4158
4159ovn-nbctl create Logical_Router name=R1
4160ovn-nbctl create Logical_Router name=R2 options:chassis="hv2"
4161
ea46a4e9
JP		 4162ovn-nbctl ls-add foo
4163ovn-nbctl ls-add alice
4164ovn-nbctl ls-add join
c1645003
GS		 4165
4166# Connect foo to R1
31114af7 4167ovn-nbctl lrp-add R1 foo 00:00:01:01:02:03 192.168.1.1/24
31ed1192 4168ovn-nbctl lsp-add foo rp-foo -- set Logical_Switch_Port rp-foo \
80f408f4 4169 type=router options:router-port=foo addresses=\"00:00:01:01:02:03\"
c1645003
GS		 4170
4171# Connect alice to R2
31114af7 4172ovn-nbctl lrp-add R2 alice 00:00:02:01:02:03 172.16.1.1/24
31ed1192 4173ovn-nbctl lsp-add alice rp-alice -- set Logical_Switch_Port rp-alice \
80f408f4 4174 type=router options:router-port=alice addresses=\"00:00:02:01:02:03\"
c1645003
GS		 4175
4176# Connect R1 to join
31114af7 4177ovn-nbctl lrp-add R1 R1_join 00:00:04:01:02:03 20.0.0.1/24
31ed1192 4178ovn-nbctl lsp-add join r1-join -- set Logical_Switch_Port r1-join \
80f408f4 4179 type=router options:router-port=R1_join addresses='"00:00:04:01:02:03"'
c1645003
GS		 4180
4181# Connect R2 to join
31114af7 4182ovn-nbctl lrp-add R2 R2_join 00:00:04:01:02:04 20.0.0.2/24
31ed1192 4183ovn-nbctl lsp-add join r2-join -- set Logical_Switch_Port r2-join \
80f408f4 4184 type=router options:router-port=R2_join addresses='"00:00:04:01:02:04"'
c1645003
GS		 4185
4186
4187#install static routes
4188ovn-nbctl -- --id=@lrt create Logical_Router_Static_Route \
4189ip_prefix=172.16.1.0/24 nexthop=20.0.0.2 -- add Logical_Router \
4190R1 static_routes @lrt
4191
4192ovn-nbctl -- --id=@lrt create Logical_Router_Static_Route \
4193ip_prefix=192.168.1.0/24 nexthop=20.0.0.1 -- add Logical_Router \
4194R2 static_routes @lrt
4195
4196# Create logical port foo1 in foo
31ed1192
JP		 4197ovn-nbctl lsp-add foo foo1 \
4198-- lsp-set-addresses foo1 "f0:00:00:01:02:03 192.168.1.2"
c1645003
GS		 4199
4200# Create logical port alice1 in alice
31ed1192
JP		 4201ovn-nbctl lsp-add alice alice1 \
4202-- lsp-set-addresses alice1 "f0:00:00:01:02:04 172.16.1.2"
c1645003
GS		 4203
4204
4205# Allow some time for ovn-northd and ovn-controller to catch up.
4206# XXX This should be more systematic.
4207sleep 2
4208
4209ip_to_hex() {
4210 printf "%02x%02x%02x%02x" "$@"
4211}
c1645003
GS		 4212
4213# Send ip packets between foo1 and alice1
4214src_mac="f00000010203"
4215dst_mac="000001010203"
4216src_ip=`ip_to_hex 192 168 1 2`
4217dst_ip=`ip_to_hex 172 16 1 2`
4218packet=${dst_mac}${src_mac}08004500001c0000000040110000${src_ip}${dst_ip}0035111100080000
4219
4220echo "---------NB dump-----"
4221ovn-nbctl show
4222echo "---------------------"
4223ovn-nbctl list logical_router
4224echo "---------------------"
4225ovn-nbctl list logical_router_port
4226echo "---------------------"
4227
4228echo "---------SB dump-----"
4229ovn-sbctl list datapath_binding
4230echo "---------------------"
4231ovn-sbctl list port_binding
4232echo "---------------------"
4233ovn-sbctl dump-flows
4234echo "---------------------"
4235ovn-sbctl list chassis
4236ovn-sbctl list encap
4237echo "---------------------"
4238
c1645003
GS		 4239# Packet to Expect at alice1
4240src_mac="000002010203"
4241dst_mac="f00000010204"
4242src_ip=`ip_to_hex 192 168 1 2`
4243dst_ip=`ip_to_hex 172 16 1 2`
4244expected=${dst_mac}${src_mac}08004500001c000000003e110200${src_ip}${dst_ip}0035111100080000
4245
4246
4247as hv1 ovs-appctl netdev-dummy/receive hv1-vif1 $packet
4248as hv1 ovs-appctl ofproto/trace br-int in_port=1 $packet
4249
ab39371d
RM		 4250echo "------ hv1 dump after packet 1 ----------"
4251as hv1 ovs-ofctl show br-int
4252as hv1 ovs-ofctl dump-flows br-int
4253echo "------ hv2 dump after packet 1 ----------"
4254as hv2 ovs-ofctl show br-int
4255as hv2 ovs-ofctl dump-flows br-int
4256echo "----------------------------"
4257
49d7c759
BP		 4258echo $expected > expected
4259OVN_CHECK_PACKETS([hv2/vif1-tx.pcap], [expected])
c1645003 4260
34114cf8
GS		 4261# Delete the router and re-create it. Things should work as before.
4262ovn-nbctl lr-del R2
4263ovn-nbctl create Logical_Router name=R2 options:chassis="hv2"
4264# Connect alice to R2
4265ovn-nbctl lrp-add R2 alice 00:00:02:01:02:03 172.16.1.1/24
4266# Connect R2 to join
4267ovn-nbctl lrp-add R2 R2_join 00:00:04:01:02:04 20.0.0.2/24
4268
4269ovn-nbctl -- --id=@lrt create Logical_Router_Static_Route \
4270ip_prefix=192.168.1.0/24 nexthop=20.0.0.1 -- add Logical_Router \
4271R2 static_routes @lrt
4272
4273# Wait for ovn-controller to catch up.
4274sleep 1
4275
4276# Send the packet again.
4277as hv1 ovs-appctl netdev-dummy/receive hv1-vif1 $packet
ab39371d
RM		 4278
4279echo "------ hv1 dump after packet 2 ----------"
4280as hv1 ovs-ofctl show br-int
4281as hv1 ovs-ofctl dump-flows br-int
4282echo "------ hv2 dump after packet 2 ----------"
4283as hv2 ovs-ofctl show br-int
4284as hv2 ovs-ofctl dump-flows br-int
4285echo "----------------------------"
4286
49d7c759
BP		 4287echo $expected >> expected
4288OVN_CHECK_PACKETS([hv2/vif1-tx.pcap], [expected])
34114cf8 4289
7a8f15e0 4290OVN_CLEANUP([hv1],[hv2])
c1645003
GS		 4291
4292AT_CLEANUP
bb3c4568
FF		 4293
4294AT_SETUP([ovn -- icmp_reply: 1 HVs, 2 LSs, 1 lport/LS, 1 LR])
4295AT_KEYWORDS([router-icmp-reply])
4296AT_SKIP_IF([test $HAVE_PYTHON = no])
4297ovn_start
4298
4299# Logical network:
4300# One LR - R1 has switch ls1 (191.168.1.0/24) connected to it,
4301# and has switch ls2 (172.16.1.0/24) connected to it.
4302
fa2a27b2 4303ovn-nbctl lr-add R1
bb3c4568 4304
ea46a4e9
JP		 4305ovn-nbctl ls-add ls1
4306ovn-nbctl ls-add ls2
bb3c4568
FF		 4307
4308# Connect ls1 to R1
31114af7 4309ovn-nbctl lrp-add R1 ls1 00:00:00:01:02:f1 192.168.1.1/24
31ed1192 4310ovn-nbctl lsp-add ls1 rp-ls1 -- set Logical_Switch_Port rp-ls1 \
80f408f4 4311 type=router options:router-port=ls1 addresses=\"00:00:00:01:02:f1\"
bb3c4568
FF		 4312
4313# Connect ls2 to R1
31114af7 4314ovn-nbctl lrp-add R1 ls2 00:00:00:01:02:f2 172.16.1.1/24
31ed1192 4315ovn-nbctl lsp-add ls2 rp-ls2 -- set Logical_Switch_Port rp-ls2 \
80f408f4 4316 type=router options:router-port=ls2 addresses=\"00:00:00:01:02:f2\"
bb3c4568
FF		 4317
4318# Create logical port ls1-lp1 in ls1
31ed1192
JP		 4319ovn-nbctl lsp-add ls1 ls1-lp1 \
4320-- lsp-set-addresses ls1-lp1 "00:00:00:01:02:03 192.168.1.2"
bb3c4568
FF		 4321
4322# Create logical port ls2-lp1 in ls2
31ed1192
JP		 4323ovn-nbctl lsp-add ls2 ls2-lp1 \
4324-- lsp-set-addresses ls2-lp1 "00:00:00:01:02:04 172.16.1.2"
bb3c4568
FF		 4325
4326# Create one hypervisor and create OVS ports corresponding to logical ports.
4327net_add n1
4328
4329sim_add hv1
4330as hv1
4331ovs-vsctl add-br br-phys
4332ovn_attach n1 br-phys 192.168.0.1
4333ovs-vsctl -- add-port br-int vif1 -- \
4334 set interface vif1 external-ids:iface-id=ls1-lp1 \
4335 options:tx_pcap=hv1/vif1-tx.pcap \
4336 options:rxq_pcap=hv1/vif1-rx.pcap \
4337 ofport-request=1
4338
4339ovs-vsctl -- add-port br-int vif2 -- \
4340 set interface vif2 external-ids:iface-id=ls2-lp1 \
4341 options:tx_pcap=hv1/vif2-tx.pcap \
4342 options:rxq_pcap=hv1/vif2-rx.pcap \
4343 ofport-request=1
4344
4345
4346# Allow some time for ovn-northd and ovn-controller to catch up.
4347# XXX This should be more systematic.
4348sleep 1
4349
4350
4351ip_to_hex() {
4352 printf "%02x%02x%02x%02x" "$@"
4353}
bb3c4568
FF		 4354for i in 1 2; do
4355 : > vif$i.expected
4356done
4357# test_ipv4_icmp_request INPORT ETH_SRC ETH_DST IPV4_SRC IPV4_DST IP_CHKSUM ICMP_CHKSUM [EXP_IP_CHKSUM EXP_ICMP_CHKSUM]
4358#
4359# Causes a packet to be received on INPORT. The packet is an ICMPv4
4360# request with ETH_SRC, ETH_DST, IPV4_SRC, IPV4_DST, IP_CHSUM and
4361# ICMP_CHKSUM as specified. If EXP_IP_CHKSUM and EXP_ICMP_CHKSUM are
4362# provided, then it should be the ip and icmp checksums of the packet
4363# responded; otherwise, no reply is expected.
4364# In the absence of an ip checksum calculation helpers, this relies
4365# on the caller to provide the checksums for the ip and icmp headers.
4366# XXX This should be more systematic.
4367#
4368# INPORT is an lport number, e.g. 11 for vif11.
4369# ETH_SRC and ETH_DST are each 12 hex digits.
4370# IPV4_SRC and IPV4_DST are each 8 hex digits.
4371# IP_CHSUM and ICMP_CHKSUM are each 4 hex digits.
4372# EXP_IP_CHSUM and EXP_ICMP_CHKSUM are each 4 hex digits.
4373test_ipv4_icmp_request() {
4374 local inport=$1 eth_src=$2 eth_dst=$3 ipv4_src=$4 ipv4_dst=$5 ip_chksum=$6 icmp_chksum=$7
4375 local exp_ip_chksum=$8 exp_icmp_chksum=$9
4376 shift; shift; shift; shift; shift; shift; shift
4377 shift; shift
4378
4379 # Use ttl to exercise section 4.2.2.9 of RFC1812
4380 local ip_ttl=01
4381 local icmp_id=5fbf
4382 local icmp_seq=0001
4383 local icmp_data=$(seq 1 56 | xargs printf "%02x")
4384 local icmp_type_code_request=0800
4385 local icmp_payload=${icmp_type_code_request}${icmp_chksum}${icmp_id}${icmp_seq}${icmp_data}
4386 local packet=${eth_dst}${eth_src}08004500005400004000${ip_ttl}01${ip_chksum}${ipv4_src}${ipv4_dst}${icmp_payload}
4387
4388 as hv1 ovs-appctl netdev-dummy/receive vif$inport $packet
4389 if test X$exp_icmp_chksum != X; then
4390 # Expect to receive the reply, if any. In same port where packet was sent.
4391 # Note: src and dst fields are expected to be reversed.
4392 local icmp_type_code_response=0000
4393 local reply_icmp_ttl=fe
4394 local reply_icmp_payload=${icmp_type_code_response}${exp_icmp_chksum}${icmp_id}${icmp_seq}${icmp_data}
4395 local reply=${eth_src}${eth_dst}08004500005400004000${reply_icmp_ttl}01${exp_ip_chksum}${ipv4_dst}${ipv4_src}${reply_icmp_payload}
4396 echo $reply >> vif$inport.expected
4397 fi
4398}
4399
4400# Send ping packet to router's ip addresses, from each of the 2 logical ports.
4401rtr_l1_ip=$(ip_to_hex 192 168 1 1)
4402rtr_l2_ip=$(ip_to_hex 172 16 1 1)
4403l1_ip=$(ip_to_hex 192 168 1 2)
4404l2_ip=$(ip_to_hex 172 16 1 2)
4405
4406# Ping router ip address that is on same subnet as the logical port
4407test_ipv4_icmp_request 1 000000010203 0000000102f1 $l1_ip $rtr_l1_ip 0000 8510 02ff 8d10
4408test_ipv4_icmp_request 2 000000010204 0000000102f2 $l2_ip $rtr_l2_ip 0000 8510 02ff 8d10
4409
4410# Ping router ip address that is on the other side of the logical ports
4411test_ipv4_icmp_request 1 000000010203 0000000102f1 $l1_ip $rtr_l2_ip 0000 8510 02ff 8d10
4412test_ipv4_icmp_request 2 000000010204 0000000102f2 $l2_ip $rtr_l1_ip 0000 8510 02ff 8d10
4413
4414echo "---------NB dump-----"
4415ovn-nbctl show
4416echo "---------------------"
4417ovn-nbctl list logical_router
4418echo "---------------------"
4419ovn-nbctl list logical_router_port
4420echo "---------------------"
4421
4422echo "---------SB dump-----"
4423ovn-sbctl list datapath_binding
4424echo "---------------------"
4425ovn-sbctl list logical_flow
4426echo "---------------------"
4427
4428echo "------ hv1 dump ----------"
4429as hv1 ovs-ofctl dump-flows br-int
4430
4431# Now check the packets actually received against the ones expected.
4432for inport in 1 2; do
49d7c759 4433 OVN_CHECK_PACKETS([hv1/vif${inport}-tx.pcap], [vif$inport.expected])
bb3c4568
FF		 4434done
4435
7a8f15e0 4436OVN_CLEANUP([hv1])
bb3c4568
FF		 4437
4438AT_CLEANUP
94f79fcb
RB		 4439
4440# 1 hypervisor, 1 port
4441# make sure that the port state is properly set to up and back down
4442# when created and deleted.
4443AT_SETUP([ovn -- port state up and down])
94f79fcb
RB		 4444ovn_start
4445
4446ovn-nbctl ls-add ls1
4447ovn-nbctl lsp-add ls1 lp1
4448ovn-nbctl lsp-set-addresses lp1 unknown
4449
4450net_add n1
4451sim_add hv1
4452as hv1 ovs-vsctl add-br br-phys
4453as hv1 ovn_attach n1 br-phys 192.168.0.1
4454
4455as hv1 ovs-vsctl add-port br-int vif1 -- set Interface vif1 external-ids:iface-id=lp1
4456OVS_WAIT_UNTIL([test x`ovn-nbctl lsp-get-up lp1` = xup])
4457
4458as hv1 ovs-vsctl del-port br-int vif1
4459OVS_WAIT_UNTIL([test x`ovn-nbctl lsp-get-up lp1` = xdown])
4460
7a8f15e0 4461OVN_CLEANUP([hv1])
94f79fcb 4462
94f79fcb 4463AT_CLEANUP
e75451fe 4464
ccc6e1db
FF		 4465# 1 hypervisor, 1 port
4466# make sure that the OF rules created to support a datapath are added/cleared
4467# when logical switch is created and removed.
4468AT_SETUP([ovn -- datapath rules added/removed])
1794d5f2 4469AT_KEYWORDS([cleanup])
ccc6e1db
FF		 4470ovn_start
4471
4472net_add n1
4473sim_add hv1
4474as hv1 ovs-vsctl add-br br-phys
4475as hv1 ovn_attach n1 br-phys 192.168.0.1
4476
4477# This shell function checks if OF rules in br-int have clauses
4478# related to OVN datapaths. The caller determines if it should find
4479# a match in the output, or not.
4480#
4481# EXPECT_DATAPATH param determines whether flows that refer to
4482# datapath to should be present or not. 0 means
4483# they should not be.
4484# STAGE_INFO param is a simple string to help identify the stage
4485# in the test when this function was invoked.
4486test_datapath_in_of_rules() {
4487 local expect_datapath=$1 stage_info=$2
4488 echo "------ ovn-nbctl show ${stage_info} ------"
4489 ovn-nbctl show
4490 echo "------ ovn-sbctl show ${stage_info} ------"
4491 ovn-sbctl show
4492 echo "------ OF rules ${stage_info} ------"
4493 AT_CHECK([ovs-ofctl dump-flows br-int], [0], [stdout])
4494 # if there is a datapath mentioned in the output, check for the
4495 # magic keyword that represents one, based on the exit status of
4496 # a quiet grep
4497 if test $expect_datapath != 0; then
4618b102 4498 AT_CHECK([grep -q -i 'metadata=' stdout], [0], [ignore-nolog])
ccc6e1db 4499 else
4618b102 4500 AT_CHECK([grep -q -i 'metadata=' stdout], [1], [ignore-nolog])
ccc6e1db
FF		 4501 fi
4502}
4503
4504test_datapath_in_of_rules 0 "before ls+port create"
4505
4506ovn-nbctl ls-add ls1
4507ovn-nbctl lsp-add ls1 lp1
4508ovn-nbctl lsp-set-addresses lp1 unknown
4509
4510as hv1 ovs-vsctl add-port br-int vif1 -- set Interface vif1 external-ids:iface-id=lp1
4511OVS_WAIT_UNTIL([test x`ovn-nbctl lsp-get-up lp1` = xup])
4512
4513test_datapath_in_of_rules 1 "after port is bound"
4514
4515as hv1 ovs-vsctl del-port br-int vif1
4516OVS_WAIT_UNTIL([test x`ovn-nbctl lsp-get-up lp1` = xdown])
4517
4518ovn-nbctl lsp-set-addresses lp1
4519ovn-nbctl lsp-del lp1
4520ovn-nbctl ls-del ls1
4521
4522# wait for earlier changes to take effect
4523AT_CHECK([ovn-nbctl --timeout=3 --wait=sb sync], [0], [ignore])
4524
4525# ensure OF rules are no longer present. There used to be a bug here.
4526test_datapath_in_of_rules 0 "after lport+ls removal"
4527
4528OVN_CLEANUP([hv1])
4529
4530AT_CLEANUP
4531
f8a8db39 4532AT_SETUP([ovn -- nd_na ])
e75451fe
ZKL		 4533AT_SKIP_IF([test $HAVE_PYTHON = no])
4534ovn_start
4535
4536#TODO: since patch port for IPv6 logical router port is not ready not,
4537# so we are not going to test vifs on different lswitches cases. Try
4538# to update for that once relevant stuff implemented.
4539
4540# In this test cases we create 1 lswitch, it has 2 VIF ports attached
4541# with. NS packet we test, from one VIF for another VIF, will be replied
4542# by local ovn-controller, but not by target VIF.
4543
4544# Create hypervisors and logical switch lsw0.
4545ovn-nbctl ls-add lsw0
4546net_add n1
4547sim_add hv1
4548as hv1
4549ovs-vsctl add-br br-phys
4550ovn_attach n1 br-phys 192.168.0.2
4551
4552# Add vif1 to hv1 and lsw0, turn on l2 port security on vif1.
4553ovs-vsctl add-port br-int vif1 -- set Interface vif1 external-ids:iface-id=lp1 options:tx_pcap=hv1/vif1-tx.pcap options:rxq_pcap=hv1/vif1-rx.pcap ofport-request=1
4554ovn-nbctl lsp-add lsw0 lp1
4555ovn-nbctl lsp-set-addresses lp1 "fa:16:3e:94:05:98 192.168.0.3 fd81:ce49:a948:0:f816:3eff:fe94:598"
4556ovn-nbctl lsp-set-port-security lp1 "fa:16:3e:94:05:98 192.168.0.3 fd81:ce49:a948:0:f816:3eff:fe94:598"
4557
4558# Add vif2 to hv1 and lsw0, turn on l2 port security on vif2.
4559ovs-vsctl add-port br-int vif2 -- set Interface vif2 external-ids:iface-id=lp2 options:tx_pcap=hv1/vif2-tx.pcap options:rxq_pcap=hv1/vif2-rx.pcap ofport-request=2
4560ovn-nbctl lsp-add lsw0 lp2
4561ovn-nbctl lsp-set-addresses lp2 "fa:16:3e:a1:f9:ae 192.168.0.4 fd81:ce49:a948:0:f816:3eff:fea1:f9ae"
4562ovn-nbctl lsp-set-port-security lp2 "fa:16:3e:a1:f9:ae 192.168.0.4 fd81:ce49:a948:0:f816:3eff:fea1:f9ae"
4563
4564# Add ACL rule for ICMPv6 on lsw0
4565ovn-nbctl acl-add lsw0 from-lport 1002 'ip6 && icmp6' allow-related
4566ovn-nbctl acl-add lsw0 to-lport 1002 'outport == "lp1" && ip6 && icmp6' allow-related
4567ovn-nbctl acl-add lsw0 to-lport 1002 'outport == "lp2" && ip6 && icmp6' allow-related
4568
4569# Allow some time for ovn-northd and ovn-controller to catch up.
4570# XXX This should be more systematic.
4571sleep 1
4572
4573# Given the name of a logical port, prints the name of the hypervisor
4574# on which it is located.
4575vif_to_hv() {
4576 echo hv1${1%?}
4577}
e75451fe
ZKL		 4578for i in 1 2; do
4579 : > $i.expected
4580done
4581
4582# Complete Neighbor Solicitation packet and Neighbor Advertisement packet
4583# vif1 -> NS -> vif2. vif1 <- NA <- ovn-controller.
4584# vif2 will not receive NS packet, since ovn-controller will reply for it.
4585ns_packet=3333ffa1f9aefa163e94059886dd6000000000203afffd81ce49a9480000f8163efffe940598fd81ce49a9480000f8163efffea1f9ae8700e01160000000fd81ce49a9480000f8163efffea1f9ae0101fa163e940598
4586na_packet=fa163e940598fa163ea1f9ae86dd6000000000203afffd81ce49a9480000f8163efffea1f9aefd81ce49a9480000f8163efffe9405988800e9ed60000000fd81ce49a9480000f8163efffea1f9ae0201fa163ea1f9ae
4587
4588as hv1 ovs-appctl netdev-dummy/receive vif1 $ns_packet
e4543cfe 4589echo $na_packet >> 1.expected
e75451fe 4590
e75451fe
ZKL		 4591echo "------ hv1 dump ------"
4592as hv1 ovs-vsctl show
4593as hv1 ovs-ofctl -O OpenFlow13 show br-int
4594as hv1 ovs-ofctl -O OpenFlow13 dump-flows br-int
4595
4596for i in 1 2; do
49d7c759 4597 OVN_CHECK_PACKETS([hv1/vif$i-tx.pcap], [$i.expected])
e75451fe
ZKL		 4598done
4599
7a8f15e0 4600OVN_CLEANUP([hv1])
e75451fe
ZKL		 4601
4602AT_CLEANUP
7417d147
RM		 4603
4604AT_SETUP([ovn -- address sets modification/removal smoke test])
7417d147
RM		 4605ovn_start
4606
4607net_add n1
4608
4609sim_add hv1
4610as hv1
4611ovs-vsctl add-br br-phys
4612ovn_attach n1 br-phys 192.168.0.1
4613
4614row=`ovn-nbctl create Address_Set name=set1 addresses=\"1.1.1.1\"`
4615ovn-nbctl set Address_Set $row name=set1 addresses=\"1.1.1.1,1.1.1.2\"
4616ovn-nbctl destroy Address_Set $row
4617
4618sleep 1
4619
4620# A bug previously existed in the address set support code
4621# that caused ovn-controller to crash after an address set
4622# was updated and then removed. This test case ensures
4623# that ovn-controller is at least still running after
4624# creating, updating, and deleting an address set.
4625AT_CHECK([ovs-appctl -t ovn-controller version], [0], [ignore])
4626
4627OVN_CLEANUP([hv1])
4628
4629AT_CLEANUP
8639f9be
ND		 4630
4631AT_SETUP([ovn -- ipam])
8639f9be
ND		 4632AT_SKIP_IF([test $HAVE_PYTHON = no])
4633ovn_start
4634
4635# Add a port to a switch that does not have a subnet set, then set the
4636# subnet which should result in an address being allocated for the port.
4637ovn-nbctl ls-add sw0
4638ovn-nbctl lsp-add sw0 p0 -- lsp-set-addresses p0 dynamic
fd3b31e9 4639ovn-nbctl --wait=sb add Logical-Switch sw0 other_config subnet=192.168.1.0/24
8639f9be
ND		 4640AT_CHECK([ovn-nbctl get Logical-Switch-Port p0 dynamic_addresses], [0],
4641 ["0a:00:00:00:00:01 192.168.1.2"
4642])
4643
4644# Add 9 more ports to sw0, addresses should all be unique.
4645for n in `seq 1 9`; do
11547f85 4646 ovn-nbctl --wait=sb lsp-add sw0 "p$n" -- lsp-set-addresses "p$n" dynamic
8639f9be
ND		 4647done
4648AT_CHECK([ovn-nbctl get Logical-Switch-Port p1 dynamic_addresses], [0],
4649 ["0a:00:00:00:00:02 192.168.1.3"
4650])
4651AT_CHECK([ovn-nbctl get Logical-Switch-Port p2 dynamic_addresses], [0],
4652 ["0a:00:00:00:00:03 192.168.1.4"
4653])
4654AT_CHECK([ovn-nbctl get Logical-Switch-Port p3 dynamic_addresses], [0],
4655 ["0a:00:00:00:00:04 192.168.1.5"
4656])
4657AT_CHECK([ovn-nbctl get Logical-Switch-Port p4 dynamic_addresses], [0],
4658 ["0a:00:00:00:00:05 192.168.1.6"
4659])
4660AT_CHECK([ovn-nbctl get Logical-Switch-Port p5 dynamic_addresses], [0],
4661 ["0a:00:00:00:00:06 192.168.1.7"
4662])
4663AT_CHECK([ovn-nbctl get Logical-Switch-Port p6 dynamic_addresses], [0],
4664 ["0a:00:00:00:00:07 192.168.1.8"
4665])
4666AT_CHECK([ovn-nbctl get Logical-Switch-Port p7 dynamic_addresses], [0],
4667 ["0a:00:00:00:00:08 192.168.1.9"
4668])
4669AT_CHECK([ovn-nbctl get Logical-Switch-Port p8 dynamic_addresses], [0],
4670 ["0a:00:00:00:00:09 192.168.1.10"
4671])
4672AT_CHECK([ovn-nbctl get Logical-Switch-Port p9 dynamic_addresses], [0],
4673 ["0a:00:00:00:00:0a 192.168.1.11"
4674])
4675
4676# Trying similar tests with a second switch. MAC addresses should be unique
4677# across both switches but IP's only need to be unique within the same switch.
4678ovn-nbctl ls-add sw1
4679ovn-nbctl lsp-add sw1 p10 -- lsp-set-addresses p10 dynamic
11547f85 4680ovn-nbctl --wait=sb add Logical-Switch sw1 other_config subnet=192.168.1.0/24
8639f9be
ND		 4681AT_CHECK([ovn-nbctl get Logical-Switch-Port p10 dynamic_addresses], [0],
4682 ["0a:00:00:00:00:0b 192.168.1.2"
4683])
4684
4685for n in `seq 11 19`; do
11547f85 4686 ovn-nbctl --wait=sb lsp-add sw1 "p$n" -- lsp-set-addresses "p$n" dynamic
8639f9be
ND		 4687done
4688AT_CHECK([ovn-nbctl get Logical-Switch-Port p11 dynamic_addresses], [0],
4689 ["0a:00:00:00:00:0c 192.168.1.3"
4690])
4691AT_CHECK([ovn-nbctl get Logical-Switch-Port p12 dynamic_addresses], [0],
4692 ["0a:00:00:00:00:0d 192.168.1.4"
4693])
4694AT_CHECK([ovn-nbctl get Logical-Switch-Port p13 dynamic_addresses], [0],
4695 ["0a:00:00:00:00:0e 192.168.1.5"
4696])
4697AT_CHECK([ovn-nbctl get Logical-Switch-Port p14 dynamic_addresses], [0],
4698 ["0a:00:00:00:00:0f 192.168.1.6"
4699])
4700AT_CHECK([ovn-nbctl get Logical-Switch-Port p15 dynamic_addresses], [0],
4701 ["0a:00:00:00:00:10 192.168.1.7"
4702])
4703AT_CHECK([ovn-nbctl get Logical-Switch-Port p16 dynamic_addresses], [0],
4704 ["0a:00:00:00:00:11 192.168.1.8"
4705])
4706AT_CHECK([ovn-nbctl get Logical-Switch-Port p17 dynamic_addresses], [0],
4707 ["0a:00:00:00:00:12 192.168.1.9"
4708])
4709AT_CHECK([ovn-nbctl get Logical-Switch-Port p18 dynamic_addresses], [0],
4710 ["0a:00:00:00:00:13 192.168.1.10"
4711])
4712AT_CHECK([ovn-nbctl get Logical-Switch-Port p19 dynamic_addresses], [0],
4713 ["0a:00:00:00:00:14 192.168.1.11"
4714])
4715
4716# Change a port's address to test for multiple ip's for a single address entry
4717# and addresses set by the user.
4718ovn-nbctl lsp-set-addresses p0 "0a:00:00:00:00:15 192.168.1.12 192.168.1.14"
11547f85 4719ovn-nbctl --wait=sb lsp-add sw0 p20 -- lsp-set-addresses p20 dynamic
8639f9be
ND		 4720AT_CHECK([ovn-nbctl get Logical-Switch-Port p20 dynamic_addresses], [0],
4721 ["0a:00:00:00:00:16 192.168.1.13"
4722])
4723
4724# Test for logical router port address management.
4725ovn-nbctl create Logical_Router name=R1
4726ovn-nbctl -- --id=@lrp create Logical_Router_port name=sw0 \
4727network="192.168.1.1/24" mac=\"0a:00:00:00:00:17\" \
4728-- add Logical_Router R1 ports @lrp -- lsp-add sw0 rp-sw0 \
4729-- set Logical_Switch_Port rp-sw0 type=router options:router-port=sw0
11547f85 4730ovn-nbctl --wait=sb lsp-add sw0 p21 -- lsp-set-addresses p21 dynamic
8639f9be
ND		 4731AT_CHECK([ovn-nbctl get Logical-Switch-Port p21 dynamic_addresses], [0],
4732 ["0a:00:00:00:00:18 192.168.1.15"
4733])
4734
4735# Test for address reuse after logical port is deleted.
4736ovn-nbctl lsp-del p0
11547f85 4737ovn-nbctl --wait=sb lsp-add sw0 p23 -- lsp-set-addresses p23 dynamic
8639f9be
ND		 4738AT_CHECK([ovn-nbctl get Logical-Switch-Port p23 dynamic_addresses], [0],
4739 ["0a:00:00:00:00:19 192.168.1.2"
4740])
4741
4742# Test for multiple addresses to one logical port.
4743ovn-nbctl lsp-add sw0 p25 -- lsp-set-addresses p25 \
4744"0a:00:00:00:00:1a 192.168.1.12" "0a:00:00:00:00:1b 192.168.1.14"
11547f85 4745ovn-nbctl --wait=sb lsp-add sw0 p26 -- lsp-set-addresses p26 dynamic
8639f9be
ND		 4746AT_CHECK([ovn-nbctl get Logical-Switch-Port p26 dynamic_addresses], [0],
4747 ["0a:00:00:00:00:1c 192.168.1.16"
4748])
4749
4750# Test for exhausting subnet address space.
4751ovn-nbctl ls-add sw2 -- add Logical-Switch sw2 other_config subnet=172.16.1.0/30
11547f85 4752ovn-nbctl --wait=sb lsp-add sw2 p27 -- lsp-set-addresses p27 dynamic
8639f9be
ND		 4753AT_CHECK([ovn-nbctl get Logical-Switch-Port p27 dynamic_addresses], [0],
4754 ["0a:00:00:00:00:1d 172.16.1.2"
4755])
4756
11547f85 4757ovn-nbctl --wait=sb lsp-add sw2 p28 -- lsp-set-addresses p28 dynamic
8639f9be
ND		 4758AT_CHECK([ovn-nbctl get Logical-Switch-Port p28 dynamic_addresses], [0],
4759 [[[]]
4760])
4761
4762# Test that address management does not add duplicate MAC for lsp/lrp peers.
4763ovn-nbctl create Logical_Router name=R2
4764ovn-nbctl ls-add sw3
4765ovn-nbctl lsp-add sw3 p29 -- lsp-set-addresses p29 \
4766"0a:00:00:00:00:1e"
4767ovn-nbctl -- --id=@lrp create Logical_Router_port name=sw3 \
4768network="192.168.2.1/24" mac=\"0a:00:00:00:00:1f\" \
4769-- add Logical_Router R2 ports @lrp -- lsp-add sw3 rp-sw3 \
4770-- set Logical_Switch_Port rp-sw3 type=router options:router-port=sw3
11547f85 4771ovn-nbctl --wait=sb lsp-add sw0 p30 -- lsp-set-addresses p30 dynamic
8639f9be
ND		 4772AT_CHECK([ovn-nbctl get Logical-Switch-Port p30 dynamic_addresses], [0],
4773 ["0a:00:00:00:00:20 192.168.1.17"
4774])
4775
6374d518
LR		 4776# Test static MAC address with dynamically allocated IP
4777ovn-nbctl --wait=sb lsp-add sw0 p31 -- lsp-set-addresses p31 \
4778"fe:dc:ba:98:76:54 dynamic"
4779AT_CHECK([ovn-nbctl get Logical-Switch-Port p31 dynamic_addresses], [0],
4780 ["fe:dc:ba:98:76:54 192.168.1.18"
4781])
4782
8639f9be
ND		 4783as ovn-sb
4784OVS_APP_EXIT_AND_WAIT([ovsdb-server])
4785
4786as ovn-nb
4787OVS_APP_EXIT_AND_WAIT([ovsdb-server])
4788
4789as northd
4790OVS_APP_EXIT_AND_WAIT([ovn-northd])
4791
4792AT_CLEANUP
4793
4794AT_SETUP([ovn -- ipam connectivity])
8639f9be
ND		 4795AT_SKIP_IF([test $HAVE_PYTHON = no])
4796ovn_start
4797
4798ovn-nbctl lr-add R1
4799
4800# Test for a ping using dynamically allocated addresses.
4801ovn-nbctl ls-add foo -- add Logical_Switch foo other_config subnet=192.168.1.0/24
4802ovn-nbctl ls-add alice -- add Logical_Switch alice other_config subnet=192.168.2.0/24
4803
4804# Connect foo to R1
4805ovn-nbctl lrp-add R1 foo 00:00:00:01:02:03 192.168.1.1/24
4806ovn-nbctl lsp-add foo rp-foo -- set Logical_Switch_Port rp-foo type=router \
20418099
MS		 4807 options:router-port=foo \
4808 -- lsp-set-addresses rp-foo router
8639f9be
ND		 4809
4810# Connect alice to R1
4811ovn-nbctl lrp-add R1 alice 00:00:00:01:02:04 192.168.2.1/24
4812ovn-nbctl lsp-add alice rp-alice -- set Logical_Switch_Port rp-alice type=router \
4813 options:router-port=alice addresses=\"00:00:00:01:02:04\"
4814
4815# Create logical port foo1 in foo
fd3b31e9 4816ovn-nbctl --wait=sb lsp-add foo foo1 \
8639f9be 4817-- lsp-set-addresses foo1 "dynamic"
8bc2c143 4818AT_CHECK([ovn-nbctl --timeout=10 wait-until Logical-Switch-Port foo1 dynamic_addresses='"0a:00:00:00:00:01 192.168.1.2"'], [0])
8639f9be
ND		 4819
4820# Create logical port alice1 in alice
fd3b31e9 4821ovn-nbctl --wait=sb lsp-add alice alice1 \
8639f9be 4822-- lsp-set-addresses alice1 "dynamic"
8bc2c143 4823AT_CHECK([ovn-nbctl --timeout=10 wait-until Logical-Switch-Port alice1 dynamic_addresses='"0a:00:00:00:00:02 192.168.2.2"'])
8639f9be
ND		 4824
4825# Create logical port foo2 in foo
fd3b31e9 4826ovn-nbctl --wait=sb lsp-add foo foo2 \
8639f9be 4827-- lsp-set-addresses foo2 "dynamic"
8bc2c143 4828AT_CHECK([ovn-nbctl --timeout=10 wait-until Logical-Switch-Port foo2 dynamic_addresses='"0a:00:00:00:00:03 192.168.1.3"'])
8639f9be
ND		 4829
4830# Create a hypervisor and create OVS ports corresponding to logical ports.
4831net_add n1
4832
4833sim_add hv1
4834as hv1
4835ovs-vsctl add-br br-phys
4836ovn_attach n1 br-phys 192.168.0.1
4837ovs-vsctl -- add-port br-int hv1-vif1 -- \
4838 set interface hv1-vif1 external-ids:iface-id=foo1 \
4839 options:tx_pcap=hv1/vif1-tx.pcap \
4840 options:rxq_pcap=hv1/vif1-rx.pcap \
4841 ofport-request=1
4842
4843ovs-vsctl -- add-port br-int hv1-vif2 -- \
4844 set interface hv1-vif2 external-ids:iface-id=foo2 \
4845 options:tx_pcap=hv1/vif2-tx.pcap \
4846 options:rxq_pcap=hv1/vif2-rx.pcap \
4847 ofport-request=2
4848
4849ovs-vsctl -- add-port br-int hv1-vif3 -- \
4850 set interface hv1-vif3 external-ids:iface-id=alice1 \
4851 options:tx_pcap=hv1/vif3-tx.pcap \
4852 options:rxq_pcap=hv1/vif3-rx.pcap \
4853 ofport-request=3
4854
4855# Allow some time for ovn-northd and ovn-controller to catch up.
4856# XXX This should be more systematic.
4857sleep 1
4858
4859ip_to_hex() {
4860 printf "%02x%02x%02x%02x" "$@"
4861}
8639f9be
ND		 4862
4863# Send ip packets between foo1 and foo2
4864src_mac="0a0000000001"
4865dst_mac="0a0000000003"
4866src_ip=`ip_to_hex 192 168 1 2`
4867dst_ip=`ip_to_hex 192 168 1 3`
4868packet=${dst_mac}${src_mac}08004500001c0000000040110000${src_ip}${dst_ip}0035111100080000
4869as hv1 ovs-appctl netdev-dummy/receive hv1-vif1 $packet
4870
4871# Send ip packets between foo1 and alice1
4872src_mac="0a0000000001"
4873dst_mac="000000010203"
4874src_ip=`ip_to_hex 192 168 1 2`
4875dst_ip=`ip_to_hex 192 168 2 2`
4876packet=${dst_mac}${src_mac}08004500001c0000000040110000${src_ip}${dst_ip}0035111100080000
4877as hv1 ovs-appctl netdev-dummy/receive hv1-vif1 $packet
4878
4879echo "---------NB dump-----"
4880ovn-nbctl show
4881echo "---------------------"
4882ovn-nbctl list logical_router
4883echo "---------------------"
4884ovn-nbctl list logical_router_port
4885echo "---------------------"
4886
4887echo "---------SB dump-----"
4888ovn-sbctl list datapath_binding
4889echo "---------------------"
4890ovn-sbctl list port_binding
4891echo "---------------------"
4892
4893echo "------ hv1 dump ----------"
4894as hv1 ovs-ofctl dump-flows br-int
4895
4896# Packet to Expect at foo2
4897src_mac="0a0000000001"
4898dst_mac="0a0000000003"
4899src_ip=`ip_to_hex 192 168 1 2`
4900dst_ip=`ip_to_hex 192 168 1 3`
4901expected=${dst_mac}${src_mac}08004500001c0000000040110000${src_ip}${dst_ip}0035111100080000
4902
e4543cfe
DDP		 4903$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/vif2-tx.pcap > received1.packets
4904echo $expected > expout
8639f9be
ND		 4905AT_CHECK([cat received1.packets], [0], [expout])
4906
4907# Packet to Expect at alice1
4908src_mac="000000010204"
4909dst_mac="0a0000000002"
4910src_ip=`ip_to_hex 192 168 1 2`
4911dst_ip=`ip_to_hex 192 168 2 2`
4912expected=${dst_mac}${src_mac}08004500001c000000003f110100${src_ip}${dst_ip}0035111100080000
4913
e4543cfe
DDP		 4914$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/vif3-tx.pcap > received2.packets
4915echo $expected > expout
8639f9be
ND		 4916AT_CHECK([cat received2.packets], [0], [expout])
4917
4918OVN_CLEANUP([hv1])
4919
4920AT_CLEANUP
f5792c3f
NS		 4921
4922AT_SETUP([ovn -- ovs-vswitchd restart])
1794d5f2 4923AT_KEYWORDS([vswitchd])
f5792c3f
NS		 4924AT_SKIP_IF([test $HAVE_PYTHON = no])
4925ovn_start
4926
4927ovn-nbctl ls-add ls1
4928
4929ovn-nbctl lsp-add ls1 ls1-lp1 \
4930-- lsp-set-addresses ls1-lp1 "f0:00:00:00:00:01 10.0.0.4"
4931
4932ovn-nbctl lsp-set-port-security ls1-lp1 "f0:00:00:00:00:01 10.0.0.4"
4933
4934net_add n1
4935sim_add hv1
4936
4937as hv1
4938ovs-vsctl add-br br-phys
4939ovn_attach n1 br-phys 192.168.0.1
4940ovs-vsctl -- add-port br-int hv1-vif1 -- \
4941 set interface hv1-vif1 external-ids:iface-id=ls1-lp1 \
4942 options:tx_pcap=hv1/vif1-tx.pcap \
4943 options:rxq_pcap=hv1/vif1-rx.pcap \
4944 ofport-request=1
4945
4946ovn_populate_arp
4947sleep 2
4948
4949as hv1 ovs-vsctl show
4950
4951echo "---------------------"
4952ovn-sbctl dump-flows
4953echo "---------------------"
4954
4955echo "------ hv1 dump ----------"
4956as hv1 ovs-ofctl dump-flows br-int
4957total_flows=`as hv1 ovs-ofctl dump-flows br-int | wc -l`
4958
4959echo "Total flows before vswitchd restart = " $total_flows
4960
4961# Code taken from ovs-save utility
4962save_flows () {
4963 echo "ovs-ofctl add-flows br-int - << EOF" > restore_flows.sh
4964 as hv1 ovs-ofctl dump-flows "br-int" | sed -e '/NXST_FLOW/d' \
4965 -e 's/\(idle\|hard\)_age=[^,]*,//g' >> restore_flows.sh
4966 echo "EOF" >> restore_flows.sh
4967}
4968
4969restart_vswitchd () {
4970 restore_flows=$1
4971
4972 if test $restore_flows = true; then
4973 save_flows
4974 fi
4975
4976 as hv1
4977 OVS_APP_EXIT_AND_WAIT([ovs-vswitchd])
4978
4979 if test $restore_flows = true; then
4980 as hv1
4981 ovs-vsctl --no-wait set open_vswitch . other_config:flow-restore-wait="true"
4982 fi
4983
4984 as hv1
4985 start_daemon ovs-vswitchd --enable-dummy=system -vvconn -vofproto_dpif -vunixctl
4986 ovs-ofctl dump-flows br-int
4987
4988 if test $restore_flows = true; then
4989 sh ./restore_flows.sh
4990 echo "Flows after restore"
4991 as hv1
4992 ovs-ofctl dump-flows br-int
4993 ovs-vsctl --no-wait --if-exists remove open_vswitch . other_config \
4994 flow-restore-wait="true"
4995 fi
4996}
4997
4998# Save the flows, restart vswitchd and restore the flows
4999restart_vswitchd true
5000OVS_WAIT_UNTIL([
5001 total_flows_after_restart=`as hv1 ovs-ofctl dump-flows br-int | wc -l`
5002 echo "Total flows after vswitchd restart = " $total_flows_after_restart
5003 test "${total_flows}" = "${total_flows_after_restart}"
5004])
5005
5006# Restart vswitchd without restoring
5007restart_vswitchd false
5008OVS_WAIT_UNTIL([
5009 total_flows_after_restart=`as hv1 ovs-ofctl dump-flows br-int | wc -l`
5010 echo "Total flows after vswitchd restart = " $total_flows_after_restart
5011 test "${total_flows}" = "${total_flows_after_restart}"
5012])
5013
5014OVN_CLEANUP([hv1])
5015AT_CLEANUP
47021598
CSV		 5016
5017AT_SETUP([ovn -- send arp for nexthop])
47021598
CSV		 5018AT_SKIP_IF([test $HAVE_PYTHON = no])
5019ovn_start
5020
5021# Topology: Two LSs - ls1 and ls2 are connected via router r0
5022
5023# Create logical switches
5024ovn-nbctl ls-add ls1
5025ovn-nbctl ls-add ls2
5026
5027# Create router
5028ovn-nbctl create Logical_Router name=lr0
5029
5030# Add router ls1p1 port to gateway router
5031ovn-nbctl lrp-add lr0 lrp-ls1lp1 f0:00:00:00:00:01 192.168.0.1/24
5032ovn-nbctl lsp-add ls1 ls1lp1 -- set Logical_Switch_Port ls1lp1 \
5033 type=router options:router-port=lrp-ls1lp1 \
5034 addresses='"f0:00:00:00:00:01 192.168.0.1"'
5035
5036# Add router ls2p2 port to gateway router
5037ovn-nbctl lrp-add lr0 lrp-ls2lp1 f0:00:00:00:00:02 192.168.1.1/24
5038ovn-nbctl lsp-add ls2 ls2lp1 -- set Logical_Switch_Port ls2lp1 \
5039 type=router options:router-port=lrp-ls2lp1 \
5040 addresses='"f0:00:00:00:00:02 192.168.1.1"'
5041
5042# Set default gateway (nexthop) to 192.168.1.254
5043ovn-nbctl lr-route-add lr0 "0.0.0.0/0" 192.168.1.254 lrp-ls2lp1
5044
5045# Create logical port ls1lp2 in ls1
5046ovn-nbctl lsp-add ls1 ls1lp2 \
5047-- lsp-set-addresses ls1lp2 "f0:00:00:00:00:03 192.168.0.2"
5048
5049# Create logical port ls2lp2 in ls2
5050ovn-nbctl lsp-add ls2 ls2lp2 \
5051-- lsp-set-addresses ls2lp2 "f0:00:00:00:00:04 192.168.1.10"
5052
5053net_add n1
5054sim_add hv1
5055as hv1
5056ovs-vsctl add-br br-phys
5057ovn_attach n1 br-phys 192.168.0.1
5058ovs-vsctl -- add-port br-int hv1-ls1lp2 -- \
5059 set interface hv1-ls1lp2 external-ids:iface-id=ls1lp2 \
5060 options:tx_pcap=hv1/ls1lp2-tx.pcap \
5061 options:rxq_pcap=hv1/ls1lp2-rx.pcap \
5062 ofport-request=1
5063ovs-vsctl -- add-port br-int hv1-ls2lp2 -- \
5064 set interface hv1-ls2lp2 external-ids:iface-id=ls2lp2 \
5065 options:tx_pcap=hv1/ls2lp2-tx.pcap \
5066 options:rxq_pcap=hv1/ls2lp2-rx.pcap \
5067 ofport-request=2
5068
5069# Allow some time for ovn-northd and ovn-controller to catch up.
5070# XXX This should be more systematic.
5071sleep 1
5072
5073echo "---------NB dump-----"
5074ovn-nbctl show
5075echo "---------------------"
5076ovn-nbctl list logical_router
5077echo "---------------------"
5078ovn-nbctl list logical_router_port
5079echo "---------------------"
5080
5081echo "---------SB dump-----"
5082ovn-sbctl list datapath_binding
5083echo "---------------------"
5084ovn-sbctl list port_binding
5085echo "---------------------"
5086ovn-sbctl dump-flows
5087echo "---------------------"
5088ovn-sbctl list chassis
5089ovn-sbctl list encap
5090echo "---------------------"
5091
5092echo "------Flows dump-----"
5093as hv1
5094ovs-ofctl dump-flows
5095echo "---------------------"
5096
5097ip_to_hex() {
5098 printf "%02x%02x%02x%02x" "$@"
5099}
5100
5101src_mac="f00000000003"
5102dst_mac="f00000000001"
5103src_ip=`ip_to_hex 192 168 0 2`
5104dst_ip=`ip_to_hex 8 8 8 8`
5105packet=${dst_mac}${src_mac}08004500001c0000000040110000${src_ip}${dst_ip}0035111100080000
5106
5107# Send IP packet destined to 8.8.8.8 from lsp1lp2
5108as hv1 ovs-appctl netdev-dummy/receive hv1-ls1lp2 $packet
5109
5110trim_zeros() {
5111 sed 's/\(00\)\{1,\}$//'
5112}
5113
5114# ARP packet should be received with Target IP Address set to 192.168.1.254 and
5115# not 8.8.8.8
5116
5117$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/ls2lp2-tx.pcap | trim_zeros > packets
5118expected="fffffffffffff0000000000208060001080006040001f00000000002c0a80101000000000000c0a801fe"
5119echo $expected > expout
5120AT_CHECK([cat packets], [0], [expout])
5121cat packets
5122
5123OVN_CLEANUP([hv1])
5124
5125AT_CLEANUP
8439c2eb
CSV		 5126
5127AT_SETUP([ovn -- send gratuitous arp for nat ips in localnet])
8439c2eb
CSV		 5128AT_SKIP_IF([test $HAVE_PYTHON = no])
5129ovn_start
5130# Create logical switch
5131ovn-nbctl ls-add ls0
5132# Create gateway router
5133ovn-nbctl create Logical_Router name=lr0 options:chassis=hv1
5134# Add router port to gateway router
5135ovn-nbctl lrp-add lr0 lrp0 f0:00:00:00:00:01 192.168.0.1/24
5136ovn-nbctl lsp-add ls0 lrp0-rp -- set Logical_Switch_Port lrp0-rp \
5137 type=router options:router-port=lrp0-rp addresses='"f0:00:00:00:00:01"'
5138# Add nat-address option
5139ovn-nbctl lsp-set-options lrp0-rp router-port=lrp0 nat-addresses="f0:00:00:00:00:01 192.168.0.2"
5140
5141net_add n1
5142sim_add hv1
5143as hv1
5144ovs-vsctl \
5145 -- add-br br-phys \
5146 -- add-br br-eth0
5147
5148ovn_attach n1 br-phys 192.168.0.1
5149
5150AT_CHECK([ovs-vsctl set Open_vSwitch . external-ids:ovn-bridge-mappings=physnet1:br-eth0])
5151AT_CHECK([ovs-vsctl add-port br-eth0 snoopvif -- set Interface snoopvif options:tx_pcap=hv1/snoopvif-tx.pcap options:rxq_pcap=hv1/snoopvif-rx.pcap])
5152
5153# Create a localnet port.
5154AT_CHECK([ovn-nbctl lsp-add ls0 ln_port])
5155AT_CHECK([ovn-nbctl lsp-set-addresses ln_port unknown])
5156AT_CHECK([ovn-nbctl lsp-set-type ln_port localnet])
5157AT_CHECK([ovn-nbctl lsp-set-options ln_port network_name=physnet1])
5158
5159
5160# Wait for packet to be received.
5161OVS_WAIT_UNTIL([test `wc -c < "hv1/snoopvif-tx.pcap"` -ge 50])
5162trim_zeros() {
5163 sed 's/\(00\)\{1,\}$//'
5164}
5165$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/snoopvif-tx.pcap | trim_zeros > packets
5166expected="fffffffffffff0000000000108060001080006040001f00000000001c0a80002000000000000c0a80002"
5167echo $expected > expout
5168AT_CHECK([sort packets], [0], [expout])
5169cat packets
5170
5171OVN_CLEANUP([hv1])
5172
5173AT_CLEANUP
6e31816f
CSV		 5174
5175AT_SETUP([ovn -- delete mac bindings])
6e31816f
CSV		 5176ovn_start
5177net_add n1
5178sim_add hv1
5179as hv1
5180ovs-vsctl -- add-br br-phys
5181ovn_attach n1 br-phys 192.168.0.1
5182# Create logical switch ls0
5183ovn-nbctl ls-add ls0
5184# Create ports lp0, lp1 in ls0
5185ovn-nbctl lsp-add ls0 lp0
5186ovn-nbctl lsp-add ls0 lp1
5187ovn-nbctl lsp-set-addresses lp0 "f0:00:00:00:00:01 192.168.0.1"
5188ovn-nbctl lsp-set-addresses lp1 "f0:00:00:00:00:02 192.168.0.2"
5189dp_uuid=`ovn-sbctl find datapath | grep uuid | cut -f2 -d ":" | cut -f2 -d " "`
5190ovn-sbctl create MAC_Binding ip=10.0.0.1 datapath=$dp_uuid logical_port=lp0 mac="mac1"
5191ovn-sbctl create MAC_Binding ip=10.0.0.1 datapath=$dp_uuid logical_port=lp1 mac="mac2"
5192ovn-sbctl find MAC_Binding
093aa761 5193# Delete port lp0 and check that its MAC_Binding is deleted.
6e31816f
CSV		 5194ovn-nbctl lsp-del lp0
5195ovn-sbctl find MAC_Binding
093aa761
BP		 5196OVS_WAIT_UNTIL([test `ovn-sbctl find MAC_Binding logical_port=lp0 | wc -l` = 0])
5197# Delete logical switch ls0 and check that its MAC_Binding is deleted.
6e31816f
CSV		 5198ovn-nbctl ls-del ls0
5199ovn-sbctl find MAC_Binding
093aa761 5200OVS_WAIT_UNTIL([test `ovn-sbctl find MAC_Binding | wc -l` = 0])
6e31816f
CSV		 5201
5202OVN_CLEANUP([hv1])
5203
5204AT_CLEANUP
926c34fd
RM		 5205
5206AT_SETUP([ovn -- conntrack zone allocation])
926c34fd
RM		 5207AT_SKIP_IF([test $HAVE_PYTHON = no])
5208ovn_start
5209
5210# Logical network:
5211# 2 logical switches "foo" (192.168.1.0/24) and "bar" (172.16.1.0/24)
5212# connected to a router R1.
5213# foo has foo1 to act as a client.
5214# bar has bar1, bar2, bar3 to act as servers.
5215
5216net_add n1
5217
5218sim_add hv1
5219as hv1
5220ovs-vsctl add-br br-phys
5221ovn_attach n1 br-phys 192.168.0.1
5222for i in foo1 bar1 bar2 bar3; do
5223 ovs-vsctl -- add-port br-int $i -- \
5224 set interface $i external-ids:iface-id=$i \
5225 options:tx_pcap=hv1/$i-tx.pcap \
5226 options:rxq_pcap=hv1/$i-rx.pcap
5227done
5228
5229ovn-nbctl create Logical_Router name=R1
5230ovn-nbctl ls-add foo
5231ovn-nbctl ls-add bar
5232
5233# Connect foo to R1
5234ovn-nbctl lrp-add R1 foo 00:00:01:01:02:03 192.168.1.1/24
5235ovn-nbctl lsp-add foo rp-foo -- set Logical_Switch_Port rp-foo \
5236 type=router options:router-port=foo addresses=\"00:00:01:01:02:03\"
5237
5238# Connect bar to R1
5239ovn-nbctl lrp-add R1 bar 00:00:01:01:02:04 172.16.1.1/24
5240ovn-nbctl lsp-add bar rp-bar -- set Logical_Switch_Port rp-bar \
5241 type=router options:router-port=bar addresses=\"00:00:01:01:02:04\"
5242
5243# Create logical port foo1 in foo
5244ovn-nbctl lsp-add foo foo1 \
5245-- lsp-set-addresses foo1 "f0:00:00:01:02:03 192.168.1.2"
5246
5247# Create logical port bar1, bar2 and bar3 in bar
5248for i in `seq 1 3`; do
5249 ip=`expr $i + 1`
5250 ovn-nbctl lsp-add bar bar$i \
5251 -- lsp-set-addresses bar$i "f0:00:0a:01:02:$i 172.16.1.$ip"
5252done
5253
5254OVS_WAIT_UNTIL([test `ovs-ofctl dump-flows br-int table=0 | grep REG13 | wc -l` -eq 4])
5255
5256OVN_CLEANUP([hv1])
5257
5258AT_CLEANUP
b511690b
GS		 5259
5260AT_SETUP([ovn -- tag allocation])
b511690b
GS		 5261ovn_start
5262
5263AT_CHECK([ovn-nbctl ls-add ls0])
5264AT_CHECK([ovn-nbctl lsp-add ls0 parent1])
5265AT_CHECK([ovn-nbctl lsp-add ls0 parent2])
5266AT_CHECK([ovn-nbctl ls-add ls1])
5267
5268dnl When a tag is provided, no allocation is done
5269AT_CHECK([ovn-nbctl --wait=sb lsp-add ls1 c0 parent1 3])
5270AT_CHECK([ovn-nbctl lsp-get-tag c0], [0], [3
5271])
5272dnl The same 'tag' gets created in southbound database.
5273AT_CHECK([ovn-sbctl --data=bare --no-heading --columns=tag find port_binding \
5274logical_port="c0"], [0], [3
5275])
5276
5277dnl Allocate tags and see it getting created in both NB and SB
5278AT_CHECK([ovn-nbctl --wait=sb lsp-add ls1 c1 parent1 0])
5279AT_CHECK([ovn-nbctl lsp-get-tag c1], [0], [1
5280])
5281AT_CHECK([ovn-sbctl --data=bare --no-heading --columns=tag find port_binding \
5282logical_port="c1"], [0], [1
5283])
5284
5285AT_CHECK([ovn-nbctl --wait=sb lsp-add ls1 c2 parent1 0])
5286AT_CHECK([ovn-nbctl lsp-get-tag c2], [0], [2
5287])
5288AT_CHECK([ovn-sbctl --data=bare --no-heading --columns=tag find port_binding \
5289logical_port="c2"], [0], [2
5290])
5291AT_CHECK([ovn-nbctl --wait=sb lsp-add ls1 c3 parent1 0])
5292AT_CHECK([ovn-nbctl lsp-get-tag c3], [0], [4
5293])
5294AT_CHECK([ovn-sbctl --data=bare --no-heading --columns=tag find port_binding \
5295logical_port="c3"], [0], [4
5296])
5297
5298dnl A different parent.
5299AT_CHECK([ovn-nbctl --wait=sb lsp-add ls1 c4 parent2 0])
5300AT_CHECK([ovn-nbctl lsp-get-tag c4], [0], [1
5301])
5302AT_CHECK([ovn-sbctl --data=bare --no-heading --columns=tag find port_binding \
5303logical_port="c4"], [0], [1
5304])
5305
5306AT_CHECK([ovn-nbctl --wait=sb lsp-add ls1 c5 parent2 0])
5307AT_CHECK([ovn-nbctl lsp-get-tag c5], [0], [2
5308])
5309AT_CHECK([ovn-sbctl --data=bare --no-heading --columns=tag find port_binding \
5310logical_port="c5"], [0], [2
5311])
5312
5313dnl Delete a logical port and create a new one.
5314AT_CHECK([ovn-nbctl --wait=sb lsp-del c1])
5315AT_CHECK([ovn-nbctl --wait=sb lsp-add ls1 c6 parent1 0])
5316AT_CHECK([ovn-nbctl lsp-get-tag c6], [0], [1
5317])
5318AT_CHECK([ovn-sbctl --data=bare --no-heading --columns=tag find port_binding \
5319logical_port="c6"], [0], [1
5320])
5321
5322dnl Restart northd to see that the same allocation remains.
5323as northd
5324OVS_APP_EXIT_AND_WAIT([ovn-northd])
5325start_daemon ovn-northd \
5326 --ovnnb-db=unix:"$ovs_base"/ovn-nb/ovn-nb.sock \
5327 --ovnsb-db=unix:"$ovs_base"/ovn-sb/ovn-sb.sock
5328
5329dnl Create a switch to make sure that ovn-northd has run through the main loop.
5330AT_CHECK([ovn-nbctl --wait=sb ls-add ls-dummy])
5331AT_CHECK([ovn-nbctl lsp-get-tag c0], [0], [3
5332])
5333AT_CHECK([ovn-nbctl lsp-get-tag c6], [0], [1
5334])
5335AT_CHECK([ovn-nbctl lsp-get-tag c2], [0], [2
5336])
5337AT_CHECK([ovn-nbctl lsp-get-tag c3], [0], [4
5338])
5339AT_CHECK([ovn-nbctl lsp-get-tag c4], [0], [1
5340])
5341AT_CHECK([ovn-nbctl lsp-get-tag c5], [0], [2
5342])
5343
5344dnl Create a switch port with a tag that has already been allocated.
5345dnl It should go through fine with a duplicate tag.
5346AT_CHECK([ovn-nbctl --wait=sb lsp-add ls1 c7 parent2 2])
5347AT_CHECK([ovn-nbctl lsp-get-tag c7], [0], [2
5348])
5349AT_CHECK([ovn-sbctl --data=bare --no-heading --columns=tag find port_binding \
5350logical_port="c7"], [0], [2
5351])
5352AT_CHECK([ovn-nbctl lsp-get-tag c5], [0], [2
5353])
5354
5355AT_CHECK([ovn-nbctl ls-add ls2])
5356dnl When there is no parent_name provided (for say, 'localnet'), 'tag_request'
5357dnl gets copied to 'tag'
5358AT_CHECK([ovn-nbctl --wait=sb lsp-add ls2 local0 "" 25])
5359AT_CHECK([ovn-nbctl lsp-get-tag local0], [0], [25
5360])
5361dnl The same 'tag' gets created in southbound database.
5362AT_CHECK([ovn-sbctl --data=bare --no-heading --columns=tag find port_binding \
5363logical_port="local0"], [0], [25
5364])
5365dnl If 'tag_request' is 0 for localnet, nothing gets written to 'tag'
5366AT_CHECK([ovn-nbctl --wait=sb lsp-add ls2 local1 "" 0])
5367AT_CHECK([ovn-nbctl lsp-get-tag local1])
5368dnl change the tag_request.
5369AT_CHECK([ovn-nbctl --wait=sb set logical_switch_port local1 tag_request=50])
5370AT_CHECK([ovn-nbctl lsp-get-tag local1], [0], [50
5371])
5372
5373AT_CLEANUP
57afd0c0
RR		 5374
5375AT_SETUP([ovn -- lsp deletion and broadcast-flow deletion on localnet])
57afd0c0
RR		 5376ovn_start
5377ovn-nbctl ls-add lsw0
5378net_add n1
5379for i in 1 2; do
5380 sim_add hv$i
5381 as hv$i
5382 ovs-vsctl add-br br-phys
5383 ovn_attach n1 br-phys 192.168.0.$i
5384 ovs-vsctl add-br br-eth0
5385 AT_CHECK([ovs-vsctl set Open_vSwitch . external-ids:ovn-bridge-mappings=physnet1:br-eth0])
5386done
5387
5388# Create a localnet port.
5389AT_CHECK([ovn-nbctl lsp-add lsw0 ln_port])
5390AT_CHECK([ovn-nbctl lsp-set-addresses ln_port unknown])
5391AT_CHECK([ovn-nbctl lsp-set-type ln_port localnet])
5392AT_CHECK([ovn-nbctl lsp-set-options ln_port network_name=physnet1])
5393
5394
5395# Create 3 vifs.
5396AT_CHECK([ovn-nbctl lsp-add lsw0 localvif1])
5397AT_CHECK([ovn-nbctl lsp-set-addresses localvif1 "f0:00:00:00:00:01 192.168.1.1"])
5398AT_CHECK([ovn-nbctl lsp-set-port-security localvif1 "f0:00:00:00:00:01"])
5399AT_CHECK([ovn-nbctl lsp-add lsw0 localvif2])
5400AT_CHECK([ovn-nbctl lsp-set-addresses localvif2 "f0:00:00:00:00:01 192.168.1.2"])
5401AT_CHECK([ovn-nbctl lsp-set-port-security localvif2 "f0:00:00:00:00:02"])
5402AT_CHECK([ovn-nbctl lsp-add lsw0 localvif3])
5403AT_CHECK([ovn-nbctl lsp-set-addresses localvif3 "f0:00:00:00:00:03 192.168.1.3"])
5404AT_CHECK([ovn-nbctl lsp-set-port-security localvif3 "f0:00:00:00:00:03"])
5405
5406# Bind the localvif1 to hv1.
5407as hv1
5408AT_CHECK([ovs-vsctl add-port br-int localvif1 -- set Interface localvif1 external_ids:iface-id=localvif1])
5409
5410# On hv1, check that there are no flows outputting bcast to tunnel
5411OVS_WAIT_UNTIL([test `ovs-ofctl dump-flows br-int table=32 | ofctl_strip | grep output | wc -l` -eq 0])
5412
1ea9b847 5413# On hv2, check that no flow outputs bcast to tunnel to hv1.
57afd0c0 5414as hv2
1ea9b847 5415OVS_WAIT_UNTIL([test `ovs-ofctl dump-flows br-int table=32 | ofctl_strip | grep output | wc -l` -eq 0])
57afd0c0
RR		 5416
5417# Now bind vif2 on hv2.
5418AT_CHECK([ovs-vsctl add-port br-int localvif2 -- set Interface localvif2 external_ids:iface-id=localvif2])
5419
5420# At this point, the broadcast flow on vif2 should be deleted.
5421# because, there is now a localnet vif bound (table=32 programming logic)
5422OVS_WAIT_UNTIL([test `ovs-ofctl dump-flows br-int table=32 | ofctl_strip | grep output | wc -l` -eq 0])
5423
5424# Verify that the local net patch port exists on hv2.
5425OVS_WAIT_UNTIL([test `ovs-vsctl show | grep "Port patch-br-int-to-ln_port" | wc -l` -eq 1])
5426
5427# Now bind vif3 on hv2.
5428AT_CHECK([ovs-vsctl add-port br-int localvif3 -- set Interface localvif3 external_ids:iface-id=localvif3])
5429
5430# Verify that the local net patch port still exists on hv2
5431OVS_WAIT_UNTIL([test `ovs-vsctl show | grep "Port patch-br-int-to-ln_port" | wc -l` -eq 1])
5432
5433# Delete localvif2
5434AT_CHECK([ovn-nbctl lsp-del localvif2])
5435
5436# Verify that the local net patch port still exists on hv2,
5437# because, localvif3 is still bound.
5438OVS_WAIT_UNTIL([test `ovs-vsctl show | grep "Port patch-br-int-to-ln_port" | wc -l` -eq 1])
5439
57afd0c0 5440OVN_CLEANUP([hv1],[hv2])
1a03fc7d
BS		 5441
5442AT_CLEANUP
5443
5444AT_SETUP([ovn -- DSCP marking check])
5445AT_KEYWORDS([ovn])
5446ovn_start
5447
5448ovn-nbctl ls-add lsw0
5449ovn-nbctl --wait=sb lsp-add lsw0 lp1
5450ovn-nbctl --wait=sb lsp-add lsw0 lp2
5451ovn-nbctl lsp-set-addresses lp1 f0:00:00:00:00:01
5452ovn-nbctl lsp-set-addresses lp2 f0:00:00:00:00:02
5453ovn-nbctl lsp-set-port-security lp1 f0:00:00:00:00:01
5454ovn-nbctl lsp-set-port-security lp2 f0:00:00:00:00:02
5455ovn-nbctl --wait=sb sync
5456net_add n1
5457sim_add hv
5458as hv
5459ovs-vsctl add-br br-phys
5460ovn_attach n1 br-phys 192.168.0.1
5461ovs-vsctl add-port br-int vif1 -- set Interface vif1 external-ids:iface-id=lp1 options:tx_pcap=vif1-tx.pcap options:rxq_pcap=vif1-rx.pcap ofport-request=1
5462ovs-vsctl add-port br-int vif2 -- set Interface vif2 external-ids:iface-id=lp2 options:tx_pcap=vif2-tx.pcap options:rxq_pcap=vif2-rx.pcap ofport-request=2
5463
5464AT_CAPTURE_FILE([trace])
5465ovn_trace () {
5466 ovn-trace --all "$@" | tee trace | sed '1,/Minimal trace/d'
5467}
5468
5469# Extracts nw_tos from the final flow from ofproto/trace output and prints
5470# it on stdout. Prints "none" if no nw_tos was included.
5471get_final_nw_tos() {
5472 if flow=$(grep '^Final flow:' stdout); then :; else
5473 # The output didn't have a final flow.
5474 return 99
5475 fi
5476
5477 tos=$(echo "$flow" | sed -n 's/.*nw_tos=\([[0-9]]\{1,\}\).*/\1/p')
5478 case $tos in
5479 '') echo none ;;
5480 *) echo $tos ;;
5481 esac
5482}
5483
5484# check_tos TOS
5485#
5486# Checks that a packet from 1.1.1.1 to 1.1.1.2 gets its DSCP set to TOS.
5487check_tos() {
5488 # First check with ovn-trace for logical flows.
5489 echo "checking for tos $1"
5490 (if test $1 != 0; then echo "ip.dscp = $1;"; fi;
5491 echo 'output("lp2");') > expout
5492 AT_CHECK_UNQUOTED([ovn_trace lsw0 'inport == "lp1" && eth.src == f0:00:00:00:00:01 && eth.dst == f0:00:00:00:00:02 && ip4.src == 1.1.1.1 && ip4.dst == 1.1.1.2'], [0], [expout])
5493
5494 # Then re-check with ofproto/trace for a physical packet.
5495 AT_CHECK([ovs-appctl ofproto/trace br-int 'in_port=1,dl_src=f0:00:00:00:00:01,dl_dst=f0:00:00:00:00:02,dl_type=0x800,nw_src=1.1.1.1,nw_dst=1.1.1.2'], [0], [stdout-nolog])
5496 AT_CHECK_UNQUOTED([get_final_nw_tos], [0], [`expr $1 \* 4`
5497])
5498}
5499
5500# check at L2
5501AT_CHECK([ovn_trace lsw0 'inport == "lp1" && eth.src == f0:00:00:00:00:01 && eth.dst == f0:00:00:00:00:02'], [0], [output("lp2");
5502])
5503AT_CHECK([ovs-appctl ofproto/trace br-int 'in_port=1,dl_src=f0:00:00:00:00:01,dl_dst=f0:00:00:00:00:02'], [0], [stdout-nolog])
5504AT_CHECK([get_final_nw_tos], [0], [none
5505])
5506
5507# check at L3 without dscp marking
5508check_tos 0
5509
5510# Mark DSCP with a valid value
5511qos_id=$(ovn-nbctl --wait=hv -- --id=@lp1-qos create QoS priority=100 action=dscp=48 match="inport\=\=\"lp1\"" direction="from-lport" -- set Logical_Switch lsw0 qos_rules=@lp1-qos)
5512check_tos 48
5513
5514# Update the DSCP marking
5515ovn-nbctl --wait=hv set QoS $qos_id action=dscp=63
5516check_tos 63
5517
5518ovn-nbctl --wait=hv set QoS $qos_id match="outport\=\=\"lp2\"" direction="to-lport"
5519check_tos 63
5520
5521# Disable DSCP marking
5522ovn-nbctl --wait=hv clear Logical_Switch lsw0 qos_rules
5523check_tos 0
5524
5525OVN_CLEANUP([hv])
57afd0c0 5526AT_CLEANUP
7fff4eb7
LR		 5527
5528AT_SETUP([ovn -- read-only sb db:ptcp access])
5529AT_SKIP_IF([test $HAVE_PYTHON = no])
5530
5531: > .$1.db.~lock~
5532ovsdb-tool create ovn-sb.db "$abs_top_srcdir"/ovn/ovn-sb.ovsschema
5533
5534# Add read-only remote to sb ovsdb-server
5535AT_CHECK(
5536 [ovsdb-tool transact ovn-sb.db \
5537 ['["OVN_Southbound",
5538 {"op": "insert",
5539 "table": "SB_Global",
5540 "row": {
5541 "connections": ["set", [["named-uuid", "xyz"]]]}},
5542 {"op": "insert",
5543 "table": "Connection",
5544 "uuid-name": "xyz",
5545 "row": {"target": "ptcp:0:127.0.0.1",
5546 "read_only": true}}]']], [0], [ignore], [ignore])
5547
5548start_daemon ovsdb-server --remote=punix:ovn-sb.sock --remote=db:OVN_Southbound,SB_Global,connections ovn-sb.db
5549
5550PARSE_LISTENING_PORT([ovsdb-server.log], [TCP_PORT])
5551
5552# read-only accesses should succeed
5553AT_CHECK([ovn-sbctl --db=tcp:127.0.0.1:$TCP_PORT list SB_Global], [0], [stdout], [ignore])
5554AT_CHECK([ovn-sbctl --db=tcp:127.0.0.1:$TCP_PORT list Connection], [0], [stdout], [ignore])
5555
5556# write access should fail
5557AT_CHECK([ovn-sbctl --db=tcp:127.0.0.1:$TCP_PORT chassis-add ch vxlan 1.2.4.8], [1], [ignore],
5558[ovn-sbctl: transaction error: {"details":"insert operation not allowed when database server is in read only mode","error":"not allowed"}
5559])
5560
5561OVS_APP_EXIT_AND_WAIT([ovsdb-server])
5562AT_CLEANUP
5563
5564AT_SETUP([ovn -- read-only sb db:pssl access])
5565AT_SKIP_IF([test $HAVE_PYTHON = no])
5566AT_SKIP_IF([test "$HAVE_OPENSSL" = no])
5567PKIDIR="$(cd $abs_top_builddir/tests && pwd)"
5568AT_SKIP_IF([expr "$PKIDIR" : ".*[ '\"
5569\\]"])
5570
5571: > .$1.db.~lock~
5572ovsdb-tool create ovn-sb.db "$abs_top_srcdir"/ovn/ovn-sb.ovsschema
5573
5574# Add read-only remote to sb ovsdb-server
5575AT_CHECK(
5576 [ovsdb-tool transact ovn-sb.db \
5577 ['["OVN_Southbound",
5578 {"op": "insert",
5579 "table": "SB_Global",
5580 "row": {
5581 "connections": ["set", [["named-uuid", "xyz"]]]}},
5582 {"op": "insert",
5583 "table": "Connection",
5584 "uuid-name": "xyz",
5585 "row": {"target": "pssl:0:127.0.0.1",
5586 "read_only": true}}]']], [0], [ignore], [ignore])
5587
5588start_daemon ovsdb-server --remote=punix:ovn-sb.sock \
5589 --remote=db:OVN_Southbound,SB_Global,connections \
5590 --private-key="$PKIDIR/testpki-privkey2.pem" \
5591 --certificate="$PKIDIR/testpki-cert2.pem" \
5592 --ca-cert="$PKIDIR/testpki-cacert.pem" \
5593 ovn-sb.db
5594
5595PARSE_LISTENING_PORT([ovsdb-server.log], [TCP_PORT])
5596
5597# read-only accesses should succeed
5598AT_CHECK([ovn-sbctl --db=ssl:127.0.0.1:$TCP_PORT \
5599 --private-key=$PKIDIR/testpki-privkey.pem \
5600 --certificate=$PKIDIR/testpki-cert.pem \
5601 --ca-cert=$PKIDIR/testpki-cacert.pem \
5602 list SB_Global], [0], [stdout], [ignore])
5603AT_CHECK([ovn-sbctl --db=ssl:127.0.0.1:$TCP_PORT \
5604 --private-key=$PKIDIR/testpki-privkey.pem \
5605 --certificate=$PKIDIR/testpki-cert.pem \
5606 --ca-cert=$PKIDIR/testpki-cacert.pem \
5607 list Connection], [0], [stdout], [ignore])
5608
5609# write access should fail
5610AT_CHECK([ovn-sbctl --db=ssl:127.0.0.1:$TCP_PORT \
5611 --private-key=$PKIDIR/testpki-privkey.pem \
5612 --certificate=$PKIDIR/testpki-cert.pem \
5613 --ca-cert=$PKIDIR/testpki-cacert.pem \
5614 chassis-add ch vxlan 1.2.4.8], [1], [ignore],
5615[ovn-sbctl: transaction error: {"details":"insert operation not allowed when database server is in read only mode","error":"not allowed"}
5616])
5617
5618OVS_APP_EXIT_AND_WAIT([ovsdb-server])
5619AT_CLEANUP
5620
821302cf
LR		 5621AT_SETUP([ovn -- nb connection/ssl commands])
5622AT_SKIP_IF([test $HAVE_PYTHON = no])
5623AT_SKIP_IF([test "$HAVE_OPENSSL" = no])
5624PKIDIR="$(cd $abs_top_builddir/tests && pwd)"
5625AT_SKIP_IF([expr "$PKIDIR" : ".*[ '\"
5626\\]"])
5627
5628: > .$1.db.~lock~
5629ovsdb-tool create ovn-nb.db "$abs_top_srcdir"/ovn/ovn-nb.ovsschema
5630
5631# Start nb db server using db connection/ssl entries (unpopulated initially)
5632start_daemon ovsdb-server --remote=punix:ovnnb_db.sock \
5633 --remote=db:OVN_Northbound,NB_Global,connections \
5634 --private-key=db:OVN_Northbound,SSL,private_key \
5635 --certificate=db:OVN_Northbound,SSL,certificate \
5636 --ca-cert=db:OVN_Northbound,SSL,ca_cert \
5637 ovn-nb.db
5638
5639# Populate SSL configuration entries in nb db
5640AT_CHECK(
5641 [ovn-nbctl set-ssl $PKIDIR/testpki-privkey.pem \
5642 $PKIDIR/testpki-cert.pem \
5643 $PKIDIR/testpki-cacert.pem], [0], [stdout], [ignore])
5644
5645# Populate a passive SSL connection in nb db
5646AT_CHECK([ovn-nbctl set-connection pssl:0:127.0.0.1], [0], [stdout], [ignore])
5647
5648PARSE_LISTENING_PORT([ovsdb-server.log], [TCP_PORT])
5649
5650# Verify SSL connetivity to nb db server
5651AT_CHECK([ovn-nbctl --db=ssl:127.0.0.1:$TCP_PORT \
5652 --private-key=$PKIDIR/testpki-privkey.pem \
5653 --certificate=$PKIDIR/testpki-cert.pem \
5654 --ca-cert=$PKIDIR/testpki-cacert.pem \
5655 list NB_Global],
5656 [0], [stdout], [ignore])
5657AT_CHECK([ovn-nbctl --db=ssl:127.0.0.1:$TCP_PORT \
5658 --private-key=$PKIDIR/testpki-privkey.pem \
5659 --certificate=$PKIDIR/testpki-cert.pem \
5660 --ca-cert=$PKIDIR/testpki-cacert.pem \
5661 list Connection],
5662 [0], [stdout], [ignore])
5663AT_CHECK([ovn-nbctl --db=ssl:127.0.0.1:$TCP_PORT \
5664 --private-key=$PKIDIR/testpki-privkey.pem \
10471820
LR		 5665 --certificate=$PKIDIR/testpki-cert.pem \
5666 --ca-cert=$PKIDIR/testpki-cacert.pem \
5667 get-connection],
5668 [0], [stdout], [ignore])
5669
5670OVS_APP_EXIT_AND_WAIT([ovsdb-server])
5671AT_CLEANUP
5672
5673AT_SETUP([ovn -- sb connection/ssl commands])
5674AT_SKIP_IF([test $HAVE_PYTHON = no])
5675AT_SKIP_IF([test "$HAVE_OPENSSL" = no])
5676PKIDIR="$(cd $abs_top_builddir/tests && pwd)"
5677AT_SKIP_IF([expr "$PKIDIR" : ".*[ '\"
5678\\]"])
5679
5680: > .$1.db.~lock~
5681ovsdb-tool create ovn-sb.db "$abs_top_srcdir"/ovn/ovn-sb.ovsschema
5682
5683# Start sb db server using db connection/ssl entries (unpopulated initially)
5684start_daemon ovsdb-server --remote=punix:ovnsb_db.sock \
5685 --remote=db:OVN_Southbound,SB_Global,connections \
5686 --private-key=db:OVN_Southbound,SSL,private_key \
5687 --certificate=db:OVN_Southbound,SSL,certificate \
5688 --ca-cert=db:OVN_Southbound,SSL,ca_cert \
5689 ovn-sb.db
5690
5691# Populate SSL configuration entries in sb db
5692AT_CHECK(
5693 [ovn-sbctl set-ssl $PKIDIR/testpki-privkey.pem \
5694 $PKIDIR/testpki-cert.pem \
5695 $PKIDIR/testpki-cacert.pem], [0], [stdout], [ignore])
5696
5697# Populate a passive SSL connection in sb db
5698AT_CHECK([ovn-sbctl set-connection pssl:0:127.0.0.1], [0], [stdout], [ignore])
5699
5700PARSE_LISTENING_PORT([ovsdb-server.log], [TCP_PORT])
5701
5702# Verify SSL connetivity to sb db server
5703AT_CHECK([ovn-sbctl --db=ssl:127.0.0.1:$TCP_PORT \
5704 --private-key=$PKIDIR/testpki-privkey.pem \
5705 --certificate=$PKIDIR/testpki-cert.pem \
5706 --ca-cert=$PKIDIR/testpki-cacert.pem \
5707 list SB_Global],
5708 [0], [stdout], [ignore])
5709AT_CHECK([ovn-sbctl --db=ssl:127.0.0.1:$TCP_PORT \
5710 --private-key=$PKIDIR/testpki-privkey.pem \
5711 --certificate=$PKIDIR/testpki-cert.pem \
5712 --ca-cert=$PKIDIR/testpki-cacert.pem \
5713 list Connection],
5714 [0], [stdout], [ignore])
5715AT_CHECK([ovn-sbctl --db=ssl:127.0.0.1:$TCP_PORT \
5716 --private-key=$PKIDIR/testpki-privkey.pem \
821302cf
LR		 5717 --certificate=$PKIDIR/testpki-cert.pem \
5718 --ca-cert=$PKIDIR/testpki-cacert.pem \
5719 get-connection],
5720 [0], [stdout], [ignore])
5721
5722OVS_APP_EXIT_AND_WAIT([ovsdb-server])
5723AT_CLEANUP
5724
75fd74f8
GS		 5725AT_SETUP([ovn -- nested containers])
5726ovn_start
5727
5728# Physical network:
5729# 2 HVs. HV1 has 2 VMs - "VM1" and "bar3". HV2 has 1 VM - "VM2"
5730
5731# Logical network:
5732# 3 Logical switches - "mgmt" (172.16.1.0/24), "foo" (192.168.1.0/24)
5733# and "bar" (192.168.2.0/24). They are all connected to router R1.
5734
5735ovn-nbctl lr-add R1
5736ovn-nbctl ls-add mgmt
5737ovn-nbctl ls-add foo
5738ovn-nbctl ls-add bar
5739
5740# Connect mgmt to R1
5741ovn-nbctl lrp-add R1 mgmt 00:00:00:01:02:02 172.16.1.1/24
5742ovn-nbctl lsp-add mgmt rp-mgmt -- set Logical_Switch_Port rp-mgmt type=router \
5743 options:router-port=mgmt addresses=\"00:00:00:01:02:02\"
5744
5745# Connect foo to R1
5746ovn-nbctl lrp-add R1 foo 00:00:00:01:02:03 192.168.1.1/24
5747ovn-nbctl lsp-add foo rp-foo -- set Logical_Switch_Port rp-foo type=router \
5748 options:router-port=foo addresses=\"00:00:00:01:02:03\"
5749
5750# Connect bar to R1
5751ovn-nbctl lrp-add R1 bar 00:00:00:01:02:04 192.168.2.1/24
5752ovn-nbctl lsp-add bar rp-bar -- set Logical_Switch_Port rp-bar type=router \
5753 options:router-port=bar addresses=\"00:00:00:01:02:04\"
5754
5755# "mgmt" has VM1 and VM2 connected
5756ovn-nbctl lsp-add mgmt vm1 \
5757-- lsp-set-addresses vm1 "f0:00:00:01:02:03 172.16.1.2"
5758
5759ovn-nbctl lsp-add mgmt vm2 \
5760-- lsp-set-addresses vm2 "f0:00:00:01:02:04 172.16.1.3"
5761
5762# "foo1" and "foo2" are containers belonging to switch "foo"
5763# "foo1" has "VM1" as parent_port and "foo2" has "VM2" as parent_port.
5764ovn-nbctl lsp-add foo foo1 vm1 1 \
5765-- lsp-set-addresses foo1 "f0:00:00:01:02:05 192.168.1.2"
5766
5767ovn-nbctl lsp-add foo foo2 vm2 2 \
5768-- lsp-set-addresses foo2 "f0:00:00:01:02:06 192.168.1.3"
5769
5770# "bar1" and "bar2" are containers belonging to switch "bar"
5771# "bar1" has "VM1" as parent_port and "bar2" has "VM2" as parent_port.
5772ovn-nbctl lsp-add bar bar1 vm1 2 \
5773-- lsp-set-addresses bar1 "f0:00:00:01:02:07 192.168.2.2"
5774
5775ovn-nbctl lsp-add bar bar2 vm2 1 \
5776-- lsp-set-addresses bar2 "f0:00:00:01:02:08 192.168.2.3"
5777
5778# bar3 is a standalone VM belonging to switch "bar"
5779ovn-nbctl lsp-add bar bar3 \
5780-- lsp-set-addresses bar3 "f0:00:00:01:02:09 192.168.2.4"
5781
5782# Create two hypervisor and create OVS ports corresponding to logical ports.
5783net_add n1
5784
5785sim_add hv1
5786as hv1
5787ovs-vsctl add-br br-phys
5788ovn_attach n1 br-phys 192.168.0.1
5789ovs-vsctl -- add-port br-int vm1 -- \
5790 set interface vm1 external-ids:iface-id=vm1 \
5791 options:tx_pcap=hv1/vm1-tx.pcap \
5792 options:rxq_pcap=hv1/vm1-rx.pcap \
5793 ofport-request=1
5794
5795ovs-vsctl -- add-port br-int bar3 -- \
5796 set interface bar3 external-ids:iface-id=bar3 \
5797 options:tx_pcap=hv1/bar3-tx.pcap \
5798 options:rxq_pcap=hv1/bar3-rx.pcap \
5799 ofport-request=2
5800
5801sim_add hv2
5802as hv2
5803ovs-vsctl add-br br-phys
5804ovn_attach n1 br-phys 192.168.0.2
5805ovs-vsctl -- add-port br-int vm2 -- \
5806 set interface vm2 external-ids:iface-id=vm2 \
5807 options:tx_pcap=hv2/vm2-tx.pcap \
5808 options:rxq_pcap=hv2/vm2-rx.pcap \
5809 ofport-request=1
5810
5811# Pre-populate the hypervisors' ARP tables so that we don't lose any
5812# packets for ARP resolution (native tunneling doesn't queue packets
5813# for ARP resolution).
5814ovn_populate_arp
5815
5816# Allow some time for ovn-northd and ovn-controller to catch up.
5817# XXX This should be more systematic.
5818sleep 1
5819
5820ip_to_hex() {
5821 printf "%02x%02x%02x%02x" "$@"
5822}
5823
5824# Send ip packets between foo1 and foo2 (same switch, different HVs and
5825# different VLAN tags).
5826src_mac="f00000010205"
5827dst_mac="f00000010206"
5828src_ip=`ip_to_hex 192 168 1 2`
5829dst_ip=`ip_to_hex 192 168 1 3`
5830packet=${dst_mac}${src_mac}8100000108004500001c0000000040110000${src_ip}${dst_ip}0035111100080000
5831as hv1 ovs-appctl netdev-dummy/receive vm1 $packet
5832
5833# expected packet at foo2
5834packet=${dst_mac}${src_mac}8100000208004500001c0000000040110000${src_ip}${dst_ip}0035111100080000
5835echo $packet > expected
5836OVN_CHECK_PACKETS([hv2/vm2-tx.pcap], [expected])
5837
5838# Send ip packets between foo1 and bar2 (different switch, different HV)
5839src_mac="f00000010205"
5840dst_mac="000000010203"
5841src_ip=`ip_to_hex 192 168 1 2`
5842dst_ip=`ip_to_hex 192 168 2 3`
5843packet=${dst_mac}${src_mac}8100000108004500001c0000000040110000${src_ip}${dst_ip}0035111100080000
5844as hv1 ovs-appctl netdev-dummy/receive vm1 $packet
5845
5846# expected packet at bar2
5847src_mac="000000010204"
5848dst_mac="f00000010208"
5849packet=${dst_mac}${src_mac}8100000108004500001c000000003f110100${src_ip}${dst_ip}0035111100080000
5850echo $packet >> expected
5851OVN_CHECK_PACKETS([hv2/vm2-tx.pcap], [expected])
5852
5853# Send ip packets between foo1 and bar1
5854# (different switch, loopback to same vm but different tag)
5855src_mac="f00000010205"
5856dst_mac="000000010203"
5857src_ip=`ip_to_hex 192 168 1 2`
5858dst_ip=`ip_to_hex 192 168 2 2`
5859packet=${dst_mac}${src_mac}8100000108004500001c0000000040110000${src_ip}${dst_ip}0035111100080000
5860as hv1 ovs-appctl netdev-dummy/receive vm1 $packet
5861
5862# expected packet at bar1
5863src_mac="000000010204"
5864dst_mac="f00000010207"
5865packet=${dst_mac}${src_mac}8100000208004500001c000000003f110100${src_ip}${dst_ip}0035111100080000
5866echo $packet > expected1
5867OVN_CHECK_PACKETS([hv1/vm1-tx.pcap], [expected1])
5868
5869# Send ip packets between bar1 and bar3
5870# (same switch. But one is container and another is a standalone VM)
5871src_mac="f00000010207"
5872dst_mac="f00000010209"
5873src_ip=`ip_to_hex 192 168 2 2`
5874dst_ip=`ip_to_hex 192 168 2 3`
5875packet=${dst_mac}${src_mac}8100000208004500001c0000000040110000${src_ip}${dst_ip}0035111100080000
5876as hv1 ovs-appctl netdev-dummy/receive vm1 $packet
5877
5878# expected packet at bar3
5879packet=${dst_mac}${src_mac}08004500001c0000000040110000${src_ip}${dst_ip}0035111100080000
5880echo $packet > expected
5881OVN_CHECK_PACKETS([hv1/bar3-tx.pcap], [expected])
5882
5883# Send ip packets between foo1 and vm1.
5884(different switch, container to the VM hosting it.)
5885src_mac="f00000010205"
5886dst_mac="000000010203"
5887src_ip=`ip_to_hex 192 168 1 2`
5888dst_ip=`ip_to_hex 172 16 1 2`
5889packet=${dst_mac}${src_mac}8100000108004500001c0000000040110000${src_ip}${dst_ip}0035111100080000
5890as hv1 ovs-appctl netdev-dummy/receive vm1 $packet
5891
5892# expected packet at vm1
5893src_mac="000000010202"
5894dst_mac="f00000010203"
5895packet=${dst_mac}${src_mac}08004500001c000000003f110100${src_ip}${dst_ip}0035111100080000
5896echo $packet >> expected1
5897OVN_CHECK_PACKETS([hv1/vm1-tx.pcap], [expected1])
5898
5899# Send packets from vm1 to bar1.
5900(different switch, A hosting VM to a container inside it)
5901src_mac="f00000010203"
5902dst_mac="000000010202"
5903src_ip=`ip_to_hex 172 16 1 2`
5904dst_ip=`ip_to_hex 192 168 2 2`
5905packet=${dst_mac}${src_mac}08004500001c0000000040110000${src_ip}${dst_ip}0035111100080000
5906as hv1 ovs-appctl netdev-dummy/receive vm1 $packet
5907
5908# expected packet at vm1
5909src_mac="000000010204"
5910dst_mac="f00000010207"
5911packet=${dst_mac}${src_mac}8100000208004500001c000000003f110100${src_ip}${dst_ip}0035111100080000
5912echo $packet >> expected1
5913OVN_CHECK_PACKETS([hv1/vm1-tx.pcap], [expected1])
5914
5915OVN_CLEANUP([hv1],[hv2])
5916
5917AT_CLEANUP
440a9f4b
GS		 5918
5919AT_SETUP([ovn -- 3 HVs, 3 LRs connected via LS, source IP based routes])
5920AT_SKIP_IF([test $HAVE_PYTHON = no])
5921ovn_start
5922
5923# Logical network:
5924# Three LRs - R1, R2 and R3 that are connected to each other via LS "join"
5925# in 20.0.0.0/24 network. R1 has switchess foo (192.168.1.0/24) and bar
5926# (192.168.2.0/24) connected to it.
5927#
5928# R2 and R3 are gateway routers.
5929# R2 has alice (172.16.1.0/24) and R3 has bob (172.16.1.0/24)
5930# connected to it. Note how both alice and bob have the same subnet behind it.
5931# We are trying to simulate external network via those 2 switches. In real
5932# world the switch ports of these switches will have addresses set as "unknown"
5933# to make them learning switches. Or those switches will be "localnet" ones.
5934
5935# Create three hypervisors and create OVS ports corresponding to logical ports.
5936net_add n1
5937
5938sim_add hv1
5939as hv1
5940ovs-vsctl add-br br-phys
5941ovn_attach n1 br-phys 192.168.0.1
5942ovs-vsctl -- add-port br-int hv1-vif1 -- \
5943 set interface hv1-vif1 external-ids:iface-id=foo1 \
5944 options:tx_pcap=hv1/vif1-tx.pcap \
5945 options:rxq_pcap=hv1/vif1-rx.pcap \
5946 ofport-request=1
5947
5948ovs-vsctl -- add-port br-int hv1-vif2 -- \
5949 set interface hv1-vif2 external-ids:iface-id=bar1 \
5950 options:tx_pcap=hv1/vif2-tx.pcap \
5951 options:rxq_pcap=hv1/vif2-rx.pcap \
5952 ofport-request=2
5953
5954sim_add hv2
5955as hv2
5956ovs-vsctl add-br br-phys
5957ovn_attach n1 br-phys 192.168.0.2
5958ovs-vsctl -- add-port br-int hv2-vif1 -- \
5959 set interface hv2-vif1 external-ids:iface-id=alice1 \
5960 options:tx_pcap=hv2/vif1-tx.pcap \
5961 options:rxq_pcap=hv2/vif1-rx.pcap \
5962 ofport-request=1
5963
5964sim_add hv3
5965as hv3
5966ovs-vsctl add-br br-phys
5967ovn_attach n1 br-phys 192.168.0.3
5968ovs-vsctl -- add-port br-int hv3-vif1 -- \
5969 set interface hv3-vif1 external-ids:iface-id=bob1 \
5970 options:tx_pcap=hv3/vif1-tx.pcap \
5971 options:rxq_pcap=hv3/vif1-rx.pcap \
5972 ofport-request=1
5973
5974
5975ovn-nbctl create Logical_Router name=R1
5976ovn-nbctl create Logical_Router name=R2 options:chassis="hv2"
5977ovn-nbctl create Logical_Router name=R3 options:chassis="hv3"
5978
5979ovn-nbctl ls-add foo
5980ovn-nbctl ls-add bar
5981ovn-nbctl ls-add alice
5982ovn-nbctl ls-add bob
5983ovn-nbctl ls-add join
5984
5985# Connect foo to R1
5986ovn-nbctl lrp-add R1 foo 00:00:01:01:02:03 192.168.1.1/24
5987ovn-nbctl lsp-add foo rp-foo -- set Logical_Switch_Port rp-foo type=router \
5988 options:router-port=foo addresses=\"00:00:01:01:02:03\"
5989
5990# Connect bar to R1
5991ovn-nbctl lrp-add R1 bar 00:00:01:01:02:04 192.168.2.1/24
5992ovn-nbctl lsp-add bar rp-bar -- set Logical_Switch_Port rp-bar type=router \
5993 options:router-port=bar addresses=\"00:00:01:01:02:04\"
5994
5995# Connect alice to R2
5996ovn-nbctl lrp-add R2 alice 00:00:02:01:02:03 172.16.1.1/24
5997ovn-nbctl lsp-add alice rp-alice -- set Logical_Switch_Port rp-alice \
5998 type=router options:router-port=alice addresses=\"00:00:02:01:02:03\"
5999
6000# Connect bob to R3
6001ovn-nbctl lrp-add R3 bob 00:00:03:01:02:03 172.16.1.2/24
6002ovn-nbctl lsp-add bob rp-bob -- set Logical_Switch_Port rp-bob \
6003 type=router options:router-port=bob addresses=\"00:00:03:01:02:03\"
6004
6005# Connect R1 to join
6006ovn-nbctl lrp-add R1 R1_join 00:00:04:01:02:03 20.0.0.1/24
6007ovn-nbctl lsp-add join r1-join -- set Logical_Switch_Port r1-join \
6008 type=router options:router-port=R1_join addresses='"00:00:04:01:02:03"'
6009
6010# Connect R2 to join
6011ovn-nbctl lrp-add R2 R2_join 00:00:04:01:02:04 20.0.0.2/24
6012ovn-nbctl lsp-add join r2-join -- set Logical_Switch_Port r2-join \
6013 type=router options:router-port=R2_join addresses='"00:00:04:01:02:04"'
6014
6015# Connect R3 to join
6016ovn-nbctl lrp-add R3 R3_join 00:00:04:01:02:05 20.0.0.3/24
6017ovn-nbctl lsp-add join r3-join -- set Logical_Switch_Port r3-join \
6018 type=router options:router-port=R3_join addresses='"00:00:04:01:02:05"'
6019
6020# Install static routes with source ip address as the policy for routing.
6021# We want traffic from 'foo' to go via R2 and traffic of 'bar' to go via R3.
6022ovn-nbctl --policy="src-ip" lr-route-add R1 192.168.1.0/24 20.0.0.2
6023ovn-nbctl --policy="src-ip" lr-route-add R1 192.168.2.0/24 20.0.0.3
6024
6025# Install static routes with destination ip address as the policy for routing.
6026ovn-nbctl lr-route-add R2 192.168.0.0/16 20.0.0.1
6027
6028ovn-nbctl lr-route-add R3 192.168.0.0/16 20.0.0.1
6029
6030# Create logical port foo1 in foo
6031ovn-nbctl lsp-add foo foo1 \
6032-- lsp-set-addresses foo1 "f0:00:00:01:02:03 192.168.1.2"
6033
6034# Create logical port bar1 in bar
6035ovn-nbctl lsp-add bar bar1 \
6036-- lsp-set-addresses bar1 "f0:00:00:01:02:04 192.168.2.2"
6037
6038# Create logical port alice1 in alice
6039ovn-nbctl lsp-add alice alice1 \
6040-- lsp-set-addresses alice1 "f0:00:00:01:02:05 172.16.1.3"
6041
6042# Create logical port bob1 in bob
6043ovn-nbctl lsp-add bob bob1 \
6044-- lsp-set-addresses bob1 "f0:00:00:01:02:06 172.16.1.4"
6045
6046# Pre-populate the hypervisors' ARP tables so that we don't lose any
6047# packets for ARP resolution (native tunneling doesn't queue packets
6048# for ARP resolution).
6049ovn_populate_arp
6050
6051# Allow some time for ovn-northd and ovn-controller to catch up.
6052# XXX This should be more systematic.
6053sleep 1
6054
6055ip_to_hex() {
6056 printf "%02x%02x%02x%02x" "$@"
6057}
6058trim_zeros() {
6059 sed 's/\(00\)\{1,\}$//'
6060}
6061
6062# Send ip packets between foo1 and bar1
6063# (East-west traffic should flow normally)
6064src_mac="f00000010203"
6065dst_mac="000001010203"
6066src_ip=`ip_to_hex 192 168 1 2`
6067dst_ip=`ip_to_hex 192 168 2 2`
6068packet=${dst_mac}${src_mac}08004500001c0000000040110000${src_ip}${dst_ip}0035111100080000
6069as hv1 ovs-appctl netdev-dummy/receive hv1-vif1 $packet
6070
6071# Send ip packets between foo1 and alice1
6072src_mac="f00000010203"
6073dst_mac="000001010203"
6074src_ip=`ip_to_hex 192 168 1 2`
6075dst_ip=`ip_to_hex 172 16 1 3`
6076packet=${dst_mac}${src_mac}08004500001c0000000040110000${src_ip}${dst_ip}0035111100080000
6077as hv1 ovs-appctl netdev-dummy/receive hv1-vif1 $packet
2d9b49dd 6078as hv1 ovs-appctl ofproto/trace br-int in_port=1 $packet
440a9f4b
GS		 6079
6080# Send ip packets between bar1 and bob1
6081src_mac="f00000010204"
6082dst_mac="000001010204"
6083src_ip=`ip_to_hex 192 168 2 2`
6084dst_ip=`ip_to_hex 172 16 1 4`
6085packet=${dst_mac}${src_mac}08004500001c0000000040110000${src_ip}${dst_ip}0035111100080000
6086as hv1 ovs-appctl netdev-dummy/receive hv1-vif2 $packet
6087#as hv1 ovs-appctl ofproto/trace br-int in_port=2 $packet
6088
6089# Packet to expect at bar1
6090src_mac="000001010204"
6091dst_mac="f00000010204"
6092src_ip=`ip_to_hex 192 168 1 2`
6093dst_ip=`ip_to_hex 192 168 2 2`
6094expected=${dst_mac}${src_mac}08004500001c000000003f110100${src_ip}${dst_ip}0035111100080000
6095echo $expected > expected
6096OVN_CHECK_PACKETS([hv1/vif2-tx.pcap], [expected])
6097
6098# Packet to Expect at alice1
6099src_mac="000002010203"
6100dst_mac="f00000010205"
6101src_ip=`ip_to_hex 192 168 1 2`
6102dst_ip=`ip_to_hex 172 16 1 3`
6103expected=${dst_mac}${src_mac}08004500001c000000003e110200${src_ip}${dst_ip}0035111100080000
6104echo $expected > expected
6105OVN_CHECK_PACKETS([hv2/vif1-tx.pcap], [expected])
6106
6107# Packet to Expect at bob1
6108src_mac="000003010203"
6109dst_mac="f00000010206"
6110src_ip=`ip_to_hex 192 168 2 2`
6111dst_ip=`ip_to_hex 172 16 1 4`
6112expected=${dst_mac}${src_mac}08004500001c000000003e110200${src_ip}${dst_ip}0035111100080000
6113echo $expected > expected
6114OVN_CHECK_PACKETS([hv3/vif1-tx.pcap], [expected])
6115
6116for sim in hv1 hv2 hv3; do
6117 as $sim
6118 OVS_APP_EXIT_AND_WAIT([ovn-controller])
6119 OVS_APP_EXIT_AND_WAIT([ovs-vswitchd])
6120 OVS_APP_EXIT_AND_WAIT([ovsdb-server])
6121done
6122
6123as ovn-sb
6124OVS_APP_EXIT_AND_WAIT([ovsdb-server])
6125
6126as ovn-nb
6127OVS_APP_EXIT_AND_WAIT([ovsdb-server])
6128
6129as northd
6130OVS_APP_EXIT_AND_WAIT([ovn-northd])
6131
6132as main
6133OVS_APP_EXIT_AND_WAIT([ovs-vswitchd])
6134OVS_APP_EXIT_AND_WAIT([ovsdb-server])
6135
6136AT_CLEANUP
openvswitch mirror