Merge "Do no use "--strict" for OF deletion in TRANSIENT_TABLE" into stable/ussuri

This commit is contained in:
Zuul 2021-12-15 01:20:19 +00:00 committed by Gerrit Code Review
commit 607dacdd18
2 changed files with 14 additions and 39 deletions

View File

@ -591,14 +591,6 @@ class OVSFirewallDriver(firewall.FirewallDriver):
else:
self.int_br.br.delete_flows(**kwargs)
def _strict_delete_flow(self, **kwargs):
"""Delete given flow right away even if bridge is deferred.
Delete command will use strict delete.
"""
create_reg_numbers(kwargs)
self.int_br.br.delete_flows(strict=True, **kwargs)
@staticmethod
def initialize_bridge(int_br):
int_br.add_protocols(*OVSFirewallDriver.REQUIRED_PROTOCOLS)
@ -779,13 +771,6 @@ class OVSFirewallDriver(firewall.FirewallDriver):
def _update_flows_for_port(self, of_port, old_of_port):
with self.update_cookie_context():
self._set_port_filters(of_port)
# Flush the flows caused by changes made to deferred bridge. The reason
# is that following delete_all_port_flows() call uses --strict
# parameter that cannot be combined with other non-strict rules, hence
# all parameters with --strict are applied right away. In order to
# avoid applying delete rules with --strict *before*
# _set_port_filters() we dump currently cached flows here.
self.int_br.apply_flows()
self.delete_all_port_flows(old_of_port)
# Rewrite update cookie with default cookie
self._set_port_filters(of_port)
@ -898,13 +883,11 @@ class OVSFirewallDriver(firewall.FirewallDriver):
def delete_physical_direct_flow(self, mac, segment_id):
if segment_id:
self._strict_delete_flow(priority=90,
table=ovs_consts.TRANSIENT_TABLE,
self._delete_flows(table=ovs_consts.TRANSIENT_TABLE,
dl_dst=mac,
dl_vlan=segment_id)
else:
self._strict_delete_flow(priority=90,
table=ovs_consts.TRANSIENT_TABLE,
self._delete_flows(table=ovs_consts.TRANSIENT_TABLE,
dl_dst=mac,
vlan_tci=ovs_consts.FLAT_VLAN_TCI)
@ -1551,8 +1534,7 @@ class OVSFirewallDriver(firewall.FirewallDriver):
def delete_all_port_flows(self, port):
"""Delete all flows for given port"""
for mac_addr in port.all_allowed_macs:
self._strict_delete_flow(priority=90,
table=ovs_consts.TRANSIENT_TABLE,
self._delete_flows(table=ovs_consts.TRANSIENT_TABLE,
dl_dst=mac_addr,
dl_vlan=port.vlan_tag)
self.delete_physical_direct_flow(mac_addr, port.segment_id)
@ -1561,8 +1543,7 @@ class OVSFirewallDriver(firewall.FirewallDriver):
self.delete_accepted_egress_direct_flow(
port.mac, port.vlan_tag)
self._strict_delete_flow(priority=100,
table=ovs_consts.TRANSIENT_TABLE,
self._delete_flows(table=ovs_consts.TRANSIENT_TABLE,
in_port=port.ofport)
self._delete_flows(reg_port=port.ofport)

View File

@ -842,16 +842,12 @@ class TestOVSFirewallDriver(base.BaseTestCase):
self.firewall.delete_all_port_flows(port)
call_args1 = {"strict": True,
"priority": 90,
"table": ovs_consts.TRANSIENT_TABLE,
call_args1 = {"table": ovs_consts.TRANSIENT_TABLE,
"dl_dst": port.mac,
"dl_vlan": port.vlan_tag}
flow1 = mock.call(**call_args1)
call_args2 = {"strict": True,
"priority": 90,
"table": ovs_consts.TRANSIENT_TABLE,
call_args2 = {"table": ovs_consts.TRANSIENT_TABLE,
"dl_dst": port.mac,
"dl_vlan": port.segment_id}
flow2 = mock.call(**call_args2)
@ -862,8 +858,6 @@ class TestOVSFirewallDriver(base.BaseTestCase):
flow3 = mock.call(**call_args3)
call_args4 = {"in_port": port.ofport,
"strict": True,
"priority": 100,
"table": ovs_consts.TRANSIENT_TABLE}
flow4 = mock.call(**call_args4)
@ -964,7 +958,7 @@ class TestOVSFirewallDriver(base.BaseTestCase):
self.firewall.prepare_port_filter(port_dict)
with self.firewall.defer_apply():
self.firewall.update_port_filter(port_dict)
self.assertEqual(2, self.mock_bridge.apply_flows.call_count)
self.mock_bridge.apply_flows.assert_called_once()
def test_update_port_filter_clean_when_port_not_found(self):
"""Check flows are cleaned if port is not found in the bridge."""