diff --git a/tests/system-ovn.at b/tests/system-ovn.at index 4c6ba628f..28fb6737a 100644 --- a/tests/system-ovn.at +++ b/tests/system-ovn.at @@ -6684,6 +6684,11 @@ start_daemon ovn-controller ovn-nbctl ls-add ls1 ovn-nbctl lsp-add ls1 vm1 -- lsp-set-addresses vm1 "00:00:00:00:00:05 192.168.100.5" ovn-nbctl lsp-add ls1 vm2 -- lsp-set-addresses vm2 "00:00:00:00:00:06 192.168.100.6" +ovn-nbctl pg-add pg1 vm1 vm2 +pg1_uuid=$(fetch_column nb:Port_Group _uuid name=pg1) +ovn-nbctl acl-add pg1 from-lport 1002 "inport == @pg1 && ip4" allow-related +ovn-nbctl acl-add pg1 to-lport 1002 "outport == @pg1 && ip4 && icmp4" allow-related +ovn-nbctl acl-add pg1 to-lport 1002 "outport == @pg1 && ip4 && ip4.src == \$pg1_ip4" allow-related ovn-nbctl ls-add ls-pub ovn-nbctl lsp-add ls-pub ext-router -- lsp-set-addresses ext-router "00:00:00:00:01:02 172.18.1.2" @@ -6704,6 +6709,8 @@ ovn-nbctl lsp-add ls-pub ls-pub-lr1 \ ovn-nbctl lr-nat-add lr1 snat 172.18.1.1 192.168.100.0/24 ovn-nbctl lr-nat-add lr1 dnat_and_snat 172.18.2.10 192.168.100.6 +dnat_and_snat_uuid=$(fetch_column nb:NAT _uuid external_ip=172.18.2.10) +ovn-nbctl set NAT $dnat_and_snat_uuid options:stateless=true ovn-nbctl lr-route-add lr1 0.0.0.0/0 172.18.1.2 #ls1_uuid=$(fetch_column Port_Binding datapath logical_port=vm1) @@ -6728,10 +6735,21 @@ ADD_VETH(ext-router, ext-router, br-int, "172.18.1.2/24", "00:00:00:00:01:02", \ ovn-sbctl lflow-list # Let's check what ovn-trace says... -ovn-trace ls1 'inport == "vm1" && eth.src == 00:00:00:00:00:05 && ip4.src == 192.168.100.5 && eth.dst == 00:00:00:00:00:01 && ip4.dst == 172.18.2.10 && ip.ttl == 32' +ovn-trace ls1 'inport == "vm2" && eth.src == 00:00:00:00:00:06 && ip4.src == 192.168.100.6 && eth.dst == 00:00:00:00:00:01 && ip4.dst == 172.18.2.10 && ip.ttl == 32' # A ping from vm1 should hairpin in lr1 and successfully DNAT to vm2 -NS_CHECK_EXEC([vm1], [ping -q -c 3 -i 0.3 -w 2 172.18.2.10 | FORMAT_PING], \ +NS_CHECK_EXEC([vm2], [ping -q -c 3 -i 0.3 -w 2 172.18.2.10 | FORMAT_PING], \ +[0], [dnl +3 packets transmitted, 3 received, 0% packet loss, time 0ms +]) +ovs-appctl -t ovs-vswitchd dpctl/dump-conntrack +# repeat without CHECK first to see conntrack +NS_EXEC([vm2], [ping -q -c 3 -i 0.3 -w 2 172.18.2.10 | FORMAT_PING], \ +[0], [dnl +3 packets transmitted, 3 received, 0% packet loss, time 0ms +]) +ovs-appctl -t ovs-vswitchd dpctl/dump-conntrack +NS_CHECK_EXEC([vm2], [ping -q -c 3 -i 0.3 -w 2 172.18.2.10 | FORMAT_PING], \ [0], [dnl 3 packets transmitted, 3 received, 0% packet loss, time 0ms ])