Merge "Do no use "--strict" for OF deletion in TRANSIENT_TABLE" into stable/train
This commit is contained in:
commit
8bd56d4a3b
|
@ -546,14 +546,6 @@ class OVSFirewallDriver(firewall.FirewallDriver):
|
||||||
else:
|
else:
|
||||||
self.int_br.br.delete_flows(**kwargs)
|
self.int_br.br.delete_flows(**kwargs)
|
||||||
|
|
||||||
def _strict_delete_flow(self, **kwargs):
|
|
||||||
"""Delete given flow right away even if bridge is deferred.
|
|
||||||
|
|
||||||
Delete command will use strict delete.
|
|
||||||
"""
|
|
||||||
create_reg_numbers(kwargs)
|
|
||||||
self.int_br.br.delete_flows(strict=True, **kwargs)
|
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def initialize_bridge(int_br):
|
def initialize_bridge(int_br):
|
||||||
int_br.add_protocols(*OVSFirewallDriver.REQUIRED_PROTOCOLS)
|
int_br.add_protocols(*OVSFirewallDriver.REQUIRED_PROTOCOLS)
|
||||||
|
@ -734,13 +726,6 @@ class OVSFirewallDriver(firewall.FirewallDriver):
|
||||||
def _update_flows_for_port(self, of_port, old_of_port):
|
def _update_flows_for_port(self, of_port, old_of_port):
|
||||||
with self.update_cookie_context():
|
with self.update_cookie_context():
|
||||||
self._set_port_filters(of_port)
|
self._set_port_filters(of_port)
|
||||||
# Flush the flows caused by changes made to deferred bridge. The reason
|
|
||||||
# is that following delete_all_port_flows() call uses --strict
|
|
||||||
# parameter that cannot be combined with other non-strict rules, hence
|
|
||||||
# all parameters with --strict are applied right away. In order to
|
|
||||||
# avoid applying delete rules with --strict *before*
|
|
||||||
# _set_port_filters() we dump currently cached flows here.
|
|
||||||
self.int_br.apply_flows()
|
|
||||||
self.delete_all_port_flows(old_of_port)
|
self.delete_all_port_flows(old_of_port)
|
||||||
# Rewrite update cookie with default cookie
|
# Rewrite update cookie with default cookie
|
||||||
self._set_port_filters(of_port)
|
self._set_port_filters(of_port)
|
||||||
|
@ -853,13 +838,11 @@ class OVSFirewallDriver(firewall.FirewallDriver):
|
||||||
|
|
||||||
def delete_physical_direct_flow(self, mac, segment_id):
|
def delete_physical_direct_flow(self, mac, segment_id):
|
||||||
if segment_id:
|
if segment_id:
|
||||||
self._strict_delete_flow(priority=90,
|
self._delete_flows(table=ovs_consts.TRANSIENT_TABLE,
|
||||||
table=ovs_consts.TRANSIENT_TABLE,
|
|
||||||
dl_dst=mac,
|
dl_dst=mac,
|
||||||
dl_vlan=segment_id)
|
dl_vlan=segment_id)
|
||||||
else:
|
else:
|
||||||
self._strict_delete_flow(priority=90,
|
self._delete_flows(table=ovs_consts.TRANSIENT_TABLE,
|
||||||
table=ovs_consts.TRANSIENT_TABLE,
|
|
||||||
dl_dst=mac,
|
dl_dst=mac,
|
||||||
vlan_tci=ovs_consts.FLAT_VLAN_TCI)
|
vlan_tci=ovs_consts.FLAT_VLAN_TCI)
|
||||||
|
|
||||||
|
@ -1507,8 +1490,7 @@ class OVSFirewallDriver(firewall.FirewallDriver):
|
||||||
def delete_all_port_flows(self, port):
|
def delete_all_port_flows(self, port):
|
||||||
"""Delete all flows for given port"""
|
"""Delete all flows for given port"""
|
||||||
for mac_addr in port.all_allowed_macs:
|
for mac_addr in port.all_allowed_macs:
|
||||||
self._strict_delete_flow(priority=90,
|
self._delete_flows(table=ovs_consts.TRANSIENT_TABLE,
|
||||||
table=ovs_consts.TRANSIENT_TABLE,
|
|
||||||
dl_dst=mac_addr,
|
dl_dst=mac_addr,
|
||||||
dl_vlan=port.vlan_tag)
|
dl_vlan=port.vlan_tag)
|
||||||
self.delete_physical_direct_flow(mac_addr, port.segment_id)
|
self.delete_physical_direct_flow(mac_addr, port.segment_id)
|
||||||
|
@ -1517,8 +1499,7 @@ class OVSFirewallDriver(firewall.FirewallDriver):
|
||||||
|
|
||||||
self.delete_accepted_egress_direct_flow(
|
self.delete_accepted_egress_direct_flow(
|
||||||
port.mac, port.vlan_tag)
|
port.mac, port.vlan_tag)
|
||||||
self._strict_delete_flow(priority=100,
|
self._delete_flows(table=ovs_consts.TRANSIENT_TABLE,
|
||||||
table=ovs_consts.TRANSIENT_TABLE,
|
|
||||||
in_port=port.ofport)
|
in_port=port.ofport)
|
||||||
self._delete_flows(reg_port=port.ofport)
|
self._delete_flows(reg_port=port.ofport)
|
||||||
|
|
||||||
|
|
|
@ -773,16 +773,12 @@ class TestOVSFirewallDriver(base.BaseTestCase):
|
||||||
|
|
||||||
self.firewall.delete_all_port_flows(port)
|
self.firewall.delete_all_port_flows(port)
|
||||||
|
|
||||||
call_args1 = {"strict": True,
|
call_args1 = {"table": ovs_consts.TRANSIENT_TABLE,
|
||||||
"priority": 90,
|
|
||||||
"table": ovs_consts.TRANSIENT_TABLE,
|
|
||||||
"dl_dst": port.mac,
|
"dl_dst": port.mac,
|
||||||
"dl_vlan": port.vlan_tag}
|
"dl_vlan": port.vlan_tag}
|
||||||
flow1 = mock.call(**call_args1)
|
flow1 = mock.call(**call_args1)
|
||||||
|
|
||||||
call_args2 = {"strict": True,
|
call_args2 = {"table": ovs_consts.TRANSIENT_TABLE,
|
||||||
"priority": 90,
|
|
||||||
"table": ovs_consts.TRANSIENT_TABLE,
|
|
||||||
"dl_dst": port.mac,
|
"dl_dst": port.mac,
|
||||||
"dl_vlan": port.segment_id}
|
"dl_vlan": port.segment_id}
|
||||||
flow2 = mock.call(**call_args2)
|
flow2 = mock.call(**call_args2)
|
||||||
|
@ -793,8 +789,6 @@ class TestOVSFirewallDriver(base.BaseTestCase):
|
||||||
flow3 = mock.call(**call_args3)
|
flow3 = mock.call(**call_args3)
|
||||||
|
|
||||||
call_args4 = {"in_port": port.ofport,
|
call_args4 = {"in_port": port.ofport,
|
||||||
"strict": True,
|
|
||||||
"priority": 100,
|
|
||||||
"table": ovs_consts.TRANSIENT_TABLE}
|
"table": ovs_consts.TRANSIENT_TABLE}
|
||||||
flow4 = mock.call(**call_args4)
|
flow4 = mock.call(**call_args4)
|
||||||
|
|
||||||
|
@ -895,7 +889,7 @@ class TestOVSFirewallDriver(base.BaseTestCase):
|
||||||
self.firewall.prepare_port_filter(port_dict)
|
self.firewall.prepare_port_filter(port_dict)
|
||||||
with self.firewall.defer_apply():
|
with self.firewall.defer_apply():
|
||||||
self.firewall.update_port_filter(port_dict)
|
self.firewall.update_port_filter(port_dict)
|
||||||
self.assertEqual(2, self.mock_bridge.apply_flows.call_count)
|
self.assertEqual(1, self.mock_bridge.apply_flows.call_count)
|
||||||
|
|
||||||
def test_update_port_filter_clean_when_port_not_found(self):
|
def test_update_port_filter_clean_when_port_not_found(self):
|
||||||
"""Check flows are cleaned if port is not found in the bridge."""
|
"""Check flows are cleaned if port is not found in the bridge."""
|
||||||
|
|
Loading…
Reference in New Issue