-
Notifications
You must be signed in to change notification settings - Fork 244
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
creating ACL matching on address set name causes syntax error in lflow #35
Comments
To rule out a race condition, I tried adding a check in ovn-k8s before we create the ACL to ensure the address set exists in SB before we create the ACL. Didn't seem to make a difference. |
@trozet I think you'll not see this error when the port group or address set is not empty. |
Is the error message different between an address set that does not exist and one that is empty? If it’s the same the error msg seems misleading. Maybe that’s something to improve. |
thanks @numansiddique I see that the address is set a few moments after the ACL is created. Let me try fixing that in ovn-k8s, and see if the problem goes away. Agree with @russellb that message doesn't make any sense. Also, if the addresss set is configured with an ip later, does the lflow then get installed correctly? I'll try to check that too. |
Address sets were being deleted before the port group. The port group contained an ACL which referenced the address set. This would cause OVN controller to issue: 2020-02-17T16:31:09.160Z|00032|lflow|WARN|error parsing match "!ct.new && ct.est && !ct.rpl && ct_label.blocked == 0 && (ip4.src == {$a2376695646506571724, $a6566950664295833471} && outport == @a5584531700272134285)": Syntax error at `$a6566950664295833471' expecting address set name. With this patch address set is deleted after the associated ACL in the port group is removed. See ovn-org/ovn#35 Signed-off-by: Tim Rozet <trozet@redhat.com>
After investigating it looks like this warning comes on the delete side of things. It happens when the address set is deleted before the port group with the acl that references it. I submitted above fix to fix the order in ovn-k8s and it works. Not sure if this is still a bug in OVN. Should OVN reject deleting and address set if another entity references it? |
The OVS database has the concept of references to other database elements, and in some cases, it will refuse to delete row A if it's referenced by row B. ACLs are a bit weird though. Rather than containing direct references to other database elements, the "match" portion of an ACL is treated as an arbitrary string. An ACL match may contain literals, logical switch ports, port groups, or address sets in any combination. Parsing of the ACL match is not performed until ovn-controller handles the logical flow generated by ovn-northd. Because of the nature of ACL match, I don't think it's possible to restrict references at the ovsdb level. In other words, with the way database schema are defined, you couldn't instruct it that the ACL match may optionally contain references to certain types of database objects. The best you could do is to ensure that specialized ovn-nbctl operations might take some extra precautions to ensure that objects being deleted are not referenced by ACLs. However, this would be very expensive since it would require re-parsing the ACL matches each time an address set, logical switch port, port group, etc. is deleted. By "specialized" ovn-nbctl operations, I refer to operations like As it stands, I think this error is more of a cosmetic nuisance than it is indicative of an actual problem. The error is rate-limited, so it's not going to spam the logs in most cases. And with the submitted patch, the error will go away entirely. I think the error needs to stay for the cases where people legitimately make the mistake of referencing a non-existent address set, though. |
Thanks for the explanation @putnopvut I have not seen the error since and from your explanation it seems like we can just close this bug. |
Avoid the following crash in ovn-trace due to a reject action infinite loop: AddressSanitizer:DEADLYSIGNAL ==569410==ERROR: AddressSanitizer: stack-overflow on address 0x7ffc0a991bc4 (pc 0x000000415081 bp 0x7ffc0a993fa0 sp 0x7ffc0a991b30 T0) #0 0x415081 in trace_actions utilities/ovn-trace.c:2617 ovn-org#1 0x41d878 in trace_actions utilities/ovn-trace.c:2622 ovn-org#2 0x41d878 in trace__ utilities/ovn-trace.c:3007 ovn-org#3 0x41e3a8 in execute_output utilities/ovn-trace.c:1700 ovn-org#4 0x416fcf in trace_actions utilities/ovn-trace.c:2640 ovn-org#5 0x41d878 in trace_actions utilities/ovn-trace.c:2622 ovn-org#6 0x41d878 in trace__ utilities/ovn-trace.c:3007 ovn-org#7 0x41788d in execute_next utilities/ovn-trace.c:2307 ovn-org#8 0x41788d in trace_actions utilities/ovn-trace.c:2644 ovn-org#9 0x41a7c0 in trace_actions utilities/ovn-trace.c:2622 ovn-org#10 0x41a7c0 in execute_sctp4_abort utilities/ovn-trace.c:1985 ovn-org#11 0x419671 in execute_reject utilities/ovn-trace.c:2049 ovn-org#12 0x419671 in trace_actions utilities/ovn-trace.c:2860 ovn-org#13 0x41d878 in trace_actions utilities/ovn-trace.c:2622 ovn-org#14 0x41d878 in trace__ utilities/ovn-trace.c:3007 ovn-org#15 0x41e3a8 in execute_output utilities/ovn-trace.c:1700 ovn-org#16 0x416fcf in trace_actions utilities/ovn-trace.c:2640 ovn-org#17 0x41d878 in trace_actions utilities/ovn-trace.c:2622 ovn-org#18 0x41d878 in trace__ utilities/ovn-trace.c:3007 ovn-org#19 0x41788d in execute_next utilities/ovn-trace.c:2307 ovn-org#20 0x41788d in trace_actions utilities/ovn-trace.c:2644 ovn-org#21 0x41a7c0 in trace_actions utilities/ovn-trace.c:2622 ovn-org#22 0x41a7c0 in execute_sctp4_abort utilities/ovn-trace.c:1985 ovn-org#23 0x419671 in execute_reject utilities/ovn-trace.c:2049 ovn-org#24 0x419671 in trace_actions utilities/ovn-trace.c:2860 ovn-org#25 0x41d878 in trace_actions utilities/ovn-trace.c:2622 ovn-org#26 0x41d878 in trace__ utilities/ovn-trace.c:3007 ovn-org#27 0x41e3a8 in execute_output utilities/ovn-trace.c:1700 ovn-org#28 0x416fcf in trace_actions utilities/ovn-trace.c:2640 ovn-org#29 0x41d878 in trace_actions utilities/ovn-trace.c:2622 ovn-org#30 0x41d878 in trace__ utilities/ovn-trace.c:3007 ovn-org#31 0x41788d in execute_next utilities/ovn-trace.c:2307 ovn-org#32 0x41788d in trace_actions utilities/ovn-trace.c:2644 ovn-org#33 0x41a7c0 in trace_actions utilities/ovn-trace.c:2622 ovn-org#34 0x41a7c0 in execute_sctp4_abort utilities/ovn-trace.c:1985 ovn-org#35 0x419671 in execute_reject utilities/ovn-trace.c:2049 ovn-org#36 0x419671 in trace_actions utilities/ovn-trace.c:2860 ovn-org#37 0x41d878 in trace_actions utilities/ovn-trace.c:2622 ovn-org#38 0x41d878 in trace__ utilities/ovn-trace.c:3007 ovn-org#39 0x41e3a8 in execute_output utilities/ovn-trace.c:1700 ovn-org#40 0x416fcf in trace_actions utilities/ovn-trace.c:2640 ovn-org#41 0x41d878 in trace_actions utilities/ovn-trace.c:2622 ovn-org#42 0x41d878 in trace__ utilities/ovn-trace.c:3007 ovn-org#43 0x41788d in execute_next utilities/ovn-trace.c:2307 .... The issue can be triggered with the following reproducer: $ovn-nbctl ls-add sw $ovn-nbctl lsp-add sw p1 $ovn-nbctl lsp-set-addresses p1 "00:00:00:00:00:02 192.168.0.2" $ovn-nbctl lsp-add sw p2 $ovn-nbctl lsp-set-addresses p2 "00:00:00:00:00:03 192.168.0.3" $ovn-nbctl pg-add pg1 p1 p2 $ovn-nbctl acl-add pg1 to-lport 2003 "inport==@pg1 && ip4 && ip4.src == 192.168.0.0/16 && udp && udp.dst == 9000" allow $ovn-nbctl acl-add pg1 to-lport 2001 "inport==@pg1" reject $ovn-trace 'inport == "p2" && eth.src == 00:00:00:00:00:03 && eth.dst == 00:00:00:00:00:02 && ip.ttl==42 && ip4.src == 192.168.0.3' Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=2074537
Avoid the following crash in ovn-trace due to a reject action infinite loop: AddressSanitizer:DEADLYSIGNAL ==569410==ERROR: AddressSanitizer: stack-overflow on address 0x7ffc0a991bc4 (pc 0x000000415081 bp 0x7ffc0a993fa0 sp 0x7ffc0a991b30 T0) #0 0x415081 in trace_actions utilities/ovn-trace.c:2617 ovn-org#1 0x41d878 in trace_actions utilities/ovn-trace.c:2622 ovn-org#2 0x41d878 in trace__ utilities/ovn-trace.c:3007 ovn-org#3 0x41e3a8 in execute_output utilities/ovn-trace.c:1700 ovn-org#4 0x416fcf in trace_actions utilities/ovn-trace.c:2640 ovn-org#5 0x41d878 in trace_actions utilities/ovn-trace.c:2622 ovn-org#6 0x41d878 in trace__ utilities/ovn-trace.c:3007 ovn-org#7 0x41788d in execute_next utilities/ovn-trace.c:2307 ovn-org#8 0x41788d in trace_actions utilities/ovn-trace.c:2644 ovn-org#9 0x41a7c0 in trace_actions utilities/ovn-trace.c:2622 ovn-org#10 0x41a7c0 in execute_sctp4_abort utilities/ovn-trace.c:1985 ovn-org#11 0x419671 in execute_reject utilities/ovn-trace.c:2049 ovn-org#12 0x419671 in trace_actions utilities/ovn-trace.c:2860 ovn-org#13 0x41d878 in trace_actions utilities/ovn-trace.c:2622 ovn-org#14 0x41d878 in trace__ utilities/ovn-trace.c:3007 ovn-org#15 0x41e3a8 in execute_output utilities/ovn-trace.c:1700 ovn-org#16 0x416fcf in trace_actions utilities/ovn-trace.c:2640 ovn-org#17 0x41d878 in trace_actions utilities/ovn-trace.c:2622 ovn-org#18 0x41d878 in trace__ utilities/ovn-trace.c:3007 ovn-org#19 0x41788d in execute_next utilities/ovn-trace.c:2307 ovn-org#20 0x41788d in trace_actions utilities/ovn-trace.c:2644 ovn-org#21 0x41a7c0 in trace_actions utilities/ovn-trace.c:2622 ovn-org#22 0x41a7c0 in execute_sctp4_abort utilities/ovn-trace.c:1985 ovn-org#23 0x419671 in execute_reject utilities/ovn-trace.c:2049 ovn-org#24 0x419671 in trace_actions utilities/ovn-trace.c:2860 ovn-org#25 0x41d878 in trace_actions utilities/ovn-trace.c:2622 ovn-org#26 0x41d878 in trace__ utilities/ovn-trace.c:3007 ovn-org#27 0x41e3a8 in execute_output utilities/ovn-trace.c:1700 ovn-org#28 0x416fcf in trace_actions utilities/ovn-trace.c:2640 ovn-org#29 0x41d878 in trace_actions utilities/ovn-trace.c:2622 ovn-org#30 0x41d878 in trace__ utilities/ovn-trace.c:3007 ovn-org#31 0x41788d in execute_next utilities/ovn-trace.c:2307 ovn-org#32 0x41788d in trace_actions utilities/ovn-trace.c:2644 ovn-org#33 0x41a7c0 in trace_actions utilities/ovn-trace.c:2622 ovn-org#34 0x41a7c0 in execute_sctp4_abort utilities/ovn-trace.c:1985 ovn-org#35 0x419671 in execute_reject utilities/ovn-trace.c:2049 ovn-org#36 0x419671 in trace_actions utilities/ovn-trace.c:2860 ovn-org#37 0x41d878 in trace_actions utilities/ovn-trace.c:2622 ovn-org#38 0x41d878 in trace__ utilities/ovn-trace.c:3007 ovn-org#39 0x41e3a8 in execute_output utilities/ovn-trace.c:1700 ovn-org#40 0x416fcf in trace_actions utilities/ovn-trace.c:2640 ovn-org#41 0x41d878 in trace_actions utilities/ovn-trace.c:2622 ovn-org#42 0x41d878 in trace__ utilities/ovn-trace.c:3007 ovn-org#43 0x41788d in execute_next utilities/ovn-trace.c:2307 .... The issue can be triggered with the following reproducer: $ovn-nbctl ls-add sw $ovn-nbctl lsp-add sw p1 $ovn-nbctl lsp-set-addresses p1 "00:00:00:00:00:02 192.168.0.2" $ovn-nbctl lsp-add sw p2 $ovn-nbctl lsp-set-addresses p2 "00:00:00:00:00:03 192.168.0.3" $ovn-nbctl pg-add pg1 p1 p2 $ovn-nbctl acl-add pg1 to-lport 2003 "inport==@pg1 && ip4 && ip4.src == 192.168.0.0/16 && udp && udp.dst == 9000" allow $ovn-nbctl acl-add pg1 to-lport 2001 "inport==@pg1" reject $ovn-trace 'inport == "p2" && eth.src == 00:00:00:00:00:03 && eth.dst == 00:00:00:00:00:02 && ip.ttl==42 && ip4.src == 192.168.0.3' Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=2074537 Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com> Signed-off-by: 0-day Robot <robot@bytheb.org>
Avoid the following crash in ovn-trace due to a reject action infinite loop: AddressSanitizer:DEADLYSIGNAL ==569410==ERROR: AddressSanitizer: stack-overflow on address 0x7ffc0a991bc4 (pc 0x000000415081 bp 0x7ffc0a993fa0 sp 0x7ffc0a991b30 T0) #0 0x415081 in trace_actions utilities/ovn-trace.c:2617 #1 0x41d878 in trace_actions utilities/ovn-trace.c:2622 #2 0x41d878 in trace__ utilities/ovn-trace.c:3007 #3 0x41e3a8 in execute_output utilities/ovn-trace.c:1700 #4 0x416fcf in trace_actions utilities/ovn-trace.c:2640 #5 0x41d878 in trace_actions utilities/ovn-trace.c:2622 #6 0x41d878 in trace__ utilities/ovn-trace.c:3007 #7 0x41788d in execute_next utilities/ovn-trace.c:2307 #8 0x41788d in trace_actions utilities/ovn-trace.c:2644 #9 0x41a7c0 in trace_actions utilities/ovn-trace.c:2622 #10 0x41a7c0 in execute_sctp4_abort utilities/ovn-trace.c:1985 #11 0x419671 in execute_reject utilities/ovn-trace.c:2049 #12 0x419671 in trace_actions utilities/ovn-trace.c:2860 #13 0x41d878 in trace_actions utilities/ovn-trace.c:2622 #14 0x41d878 in trace__ utilities/ovn-trace.c:3007 #15 0x41e3a8 in execute_output utilities/ovn-trace.c:1700 #16 0x416fcf in trace_actions utilities/ovn-trace.c:2640 #17 0x41d878 in trace_actions utilities/ovn-trace.c:2622 #18 0x41d878 in trace__ utilities/ovn-trace.c:3007 #19 0x41788d in execute_next utilities/ovn-trace.c:2307 #20 0x41788d in trace_actions utilities/ovn-trace.c:2644 #21 0x41a7c0 in trace_actions utilities/ovn-trace.c:2622 #22 0x41a7c0 in execute_sctp4_abort utilities/ovn-trace.c:1985 #23 0x419671 in execute_reject utilities/ovn-trace.c:2049 #24 0x419671 in trace_actions utilities/ovn-trace.c:2860 #25 0x41d878 in trace_actions utilities/ovn-trace.c:2622 #26 0x41d878 in trace__ utilities/ovn-trace.c:3007 #27 0x41e3a8 in execute_output utilities/ovn-trace.c:1700 #28 0x416fcf in trace_actions utilities/ovn-trace.c:2640 #29 0x41d878 in trace_actions utilities/ovn-trace.c:2622 #30 0x41d878 in trace__ utilities/ovn-trace.c:3007 #31 0x41788d in execute_next utilities/ovn-trace.c:2307 #32 0x41788d in trace_actions utilities/ovn-trace.c:2644 #33 0x41a7c0 in trace_actions utilities/ovn-trace.c:2622 #34 0x41a7c0 in execute_sctp4_abort utilities/ovn-trace.c:1985 #35 0x419671 in execute_reject utilities/ovn-trace.c:2049 #36 0x419671 in trace_actions utilities/ovn-trace.c:2860 #37 0x41d878 in trace_actions utilities/ovn-trace.c:2622 #38 0x41d878 in trace__ utilities/ovn-trace.c:3007 #39 0x41e3a8 in execute_output utilities/ovn-trace.c:1700 #40 0x416fcf in trace_actions utilities/ovn-trace.c:2640 #41 0x41d878 in trace_actions utilities/ovn-trace.c:2622 #42 0x41d878 in trace__ utilities/ovn-trace.c:3007 #43 0x41788d in execute_next utilities/ovn-trace.c:2307 .... The issue can be triggered with the following reproducer: $ovn-nbctl ls-add sw $ovn-nbctl lsp-add sw p1 $ovn-nbctl lsp-set-addresses p1 "00:00:00:00:00:02 192.168.0.2" $ovn-nbctl lsp-add sw p2 $ovn-nbctl lsp-set-addresses p2 "00:00:00:00:00:03 192.168.0.3" $ovn-nbctl pg-add pg1 p1 p2 $ovn-nbctl acl-add pg1 to-lport 2003 "inport==@pg1 && ip4 && ip4.src == 192.168.0.0/16 && udp && udp.dst == 9000" allow $ovn-nbctl acl-add pg1 to-lport 2001 "inport==@pg1" reject $ovn-trace 'inport == "p2" && eth.src == 00:00:00:00:00:03 && eth.dst == 00:00:00:00:00:02 && ip.ttl==42 && ip4.src == 192.168.0.3' Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=2074537 Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com> Acked-by: Mark Michelson <mmichels@redhat.com> Signed-off-by: Mark Michelson <mmichels@redhat.com>
Avoid the following crash in ovn-trace due to a reject action infinite loop: AddressSanitizer:DEADLYSIGNAL ==569410==ERROR: AddressSanitizer: stack-overflow on address 0x7ffc0a991bc4 (pc 0x000000415081 bp 0x7ffc0a993fa0 sp 0x7ffc0a991b30 T0) #0 0x415081 in trace_actions utilities/ovn-trace.c:2617 #1 0x41d878 in trace_actions utilities/ovn-trace.c:2622 #2 0x41d878 in trace__ utilities/ovn-trace.c:3007 #3 0x41e3a8 in execute_output utilities/ovn-trace.c:1700 #4 0x416fcf in trace_actions utilities/ovn-trace.c:2640 #5 0x41d878 in trace_actions utilities/ovn-trace.c:2622 #6 0x41d878 in trace__ utilities/ovn-trace.c:3007 #7 0x41788d in execute_next utilities/ovn-trace.c:2307 #8 0x41788d in trace_actions utilities/ovn-trace.c:2644 #9 0x41a7c0 in trace_actions utilities/ovn-trace.c:2622 #10 0x41a7c0 in execute_sctp4_abort utilities/ovn-trace.c:1985 #11 0x419671 in execute_reject utilities/ovn-trace.c:2049 #12 0x419671 in trace_actions utilities/ovn-trace.c:2860 #13 0x41d878 in trace_actions utilities/ovn-trace.c:2622 #14 0x41d878 in trace__ utilities/ovn-trace.c:3007 #15 0x41e3a8 in execute_output utilities/ovn-trace.c:1700 #16 0x416fcf in trace_actions utilities/ovn-trace.c:2640 #17 0x41d878 in trace_actions utilities/ovn-trace.c:2622 #18 0x41d878 in trace__ utilities/ovn-trace.c:3007 #19 0x41788d in execute_next utilities/ovn-trace.c:2307 #20 0x41788d in trace_actions utilities/ovn-trace.c:2644 #21 0x41a7c0 in trace_actions utilities/ovn-trace.c:2622 #22 0x41a7c0 in execute_sctp4_abort utilities/ovn-trace.c:1985 #23 0x419671 in execute_reject utilities/ovn-trace.c:2049 #24 0x419671 in trace_actions utilities/ovn-trace.c:2860 #25 0x41d878 in trace_actions utilities/ovn-trace.c:2622 #26 0x41d878 in trace__ utilities/ovn-trace.c:3007 #27 0x41e3a8 in execute_output utilities/ovn-trace.c:1700 #28 0x416fcf in trace_actions utilities/ovn-trace.c:2640 #29 0x41d878 in trace_actions utilities/ovn-trace.c:2622 #30 0x41d878 in trace__ utilities/ovn-trace.c:3007 #31 0x41788d in execute_next utilities/ovn-trace.c:2307 #32 0x41788d in trace_actions utilities/ovn-trace.c:2644 #33 0x41a7c0 in trace_actions utilities/ovn-trace.c:2622 #34 0x41a7c0 in execute_sctp4_abort utilities/ovn-trace.c:1985 #35 0x419671 in execute_reject utilities/ovn-trace.c:2049 #36 0x419671 in trace_actions utilities/ovn-trace.c:2860 #37 0x41d878 in trace_actions utilities/ovn-trace.c:2622 #38 0x41d878 in trace__ utilities/ovn-trace.c:3007 #39 0x41e3a8 in execute_output utilities/ovn-trace.c:1700 #40 0x416fcf in trace_actions utilities/ovn-trace.c:2640 #41 0x41d878 in trace_actions utilities/ovn-trace.c:2622 #42 0x41d878 in trace__ utilities/ovn-trace.c:3007 #43 0x41788d in execute_next utilities/ovn-trace.c:2307 .... The issue can be triggered with the following reproducer: $ovn-nbctl ls-add sw $ovn-nbctl lsp-add sw p1 $ovn-nbctl lsp-set-addresses p1 "00:00:00:00:00:02 192.168.0.2" $ovn-nbctl lsp-add sw p2 $ovn-nbctl lsp-set-addresses p2 "00:00:00:00:00:03 192.168.0.3" $ovn-nbctl pg-add pg1 p1 p2 $ovn-nbctl acl-add pg1 to-lport 2003 "inport==@pg1 && ip4 && ip4.src == 192.168.0.0/16 && udp && udp.dst == 9000" allow $ovn-nbctl acl-add pg1 to-lport 2001 "inport==@pg1" reject $ovn-trace 'inport == "p2" && eth.src == 00:00:00:00:00:03 && eth.dst == 00:00:00:00:00:02 && ip.ttl==42 && ip4.src == 192.168.0.3' Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=2074537 Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com> Acked-by: Mark Michelson <mmichels@redhat.com> Signed-off-by: Mark Michelson <mmichels@redhat.com>
Avoid the following crash in ovn-trace due to a reject action infinite loop: AddressSanitizer:DEADLYSIGNAL ==569410==ERROR: AddressSanitizer: stack-overflow on address 0x7ffc0a991bc4 (pc 0x000000415081 bp 0x7ffc0a993fa0 sp 0x7ffc0a991b30 T0) #0 0x415081 in trace_actions utilities/ovn-trace.c:2617 #1 0x41d878 in trace_actions utilities/ovn-trace.c:2622 #2 0x41d878 in trace__ utilities/ovn-trace.c:3007 #3 0x41e3a8 in execute_output utilities/ovn-trace.c:1700 #4 0x416fcf in trace_actions utilities/ovn-trace.c:2640 #5 0x41d878 in trace_actions utilities/ovn-trace.c:2622 #6 0x41d878 in trace__ utilities/ovn-trace.c:3007 #7 0x41788d in execute_next utilities/ovn-trace.c:2307 #8 0x41788d in trace_actions utilities/ovn-trace.c:2644 #9 0x41a7c0 in trace_actions utilities/ovn-trace.c:2622 #10 0x41a7c0 in execute_sctp4_abort utilities/ovn-trace.c:1985 #11 0x419671 in execute_reject utilities/ovn-trace.c:2049 #12 0x419671 in trace_actions utilities/ovn-trace.c:2860 #13 0x41d878 in trace_actions utilities/ovn-trace.c:2622 #14 0x41d878 in trace__ utilities/ovn-trace.c:3007 #15 0x41e3a8 in execute_output utilities/ovn-trace.c:1700 #16 0x416fcf in trace_actions utilities/ovn-trace.c:2640 #17 0x41d878 in trace_actions utilities/ovn-trace.c:2622 #18 0x41d878 in trace__ utilities/ovn-trace.c:3007 #19 0x41788d in execute_next utilities/ovn-trace.c:2307 #20 0x41788d in trace_actions utilities/ovn-trace.c:2644 #21 0x41a7c0 in trace_actions utilities/ovn-trace.c:2622 #22 0x41a7c0 in execute_sctp4_abort utilities/ovn-trace.c:1985 #23 0x419671 in execute_reject utilities/ovn-trace.c:2049 #24 0x419671 in trace_actions utilities/ovn-trace.c:2860 #25 0x41d878 in trace_actions utilities/ovn-trace.c:2622 #26 0x41d878 in trace__ utilities/ovn-trace.c:3007 #27 0x41e3a8 in execute_output utilities/ovn-trace.c:1700 #28 0x416fcf in trace_actions utilities/ovn-trace.c:2640 #29 0x41d878 in trace_actions utilities/ovn-trace.c:2622 #30 0x41d878 in trace__ utilities/ovn-trace.c:3007 #31 0x41788d in execute_next utilities/ovn-trace.c:2307 #32 0x41788d in trace_actions utilities/ovn-trace.c:2644 #33 0x41a7c0 in trace_actions utilities/ovn-trace.c:2622 #34 0x41a7c0 in execute_sctp4_abort utilities/ovn-trace.c:1985 #35 0x419671 in execute_reject utilities/ovn-trace.c:2049 #36 0x419671 in trace_actions utilities/ovn-trace.c:2860 #37 0x41d878 in trace_actions utilities/ovn-trace.c:2622 #38 0x41d878 in trace__ utilities/ovn-trace.c:3007 #39 0x41e3a8 in execute_output utilities/ovn-trace.c:1700 #40 0x416fcf in trace_actions utilities/ovn-trace.c:2640 #41 0x41d878 in trace_actions utilities/ovn-trace.c:2622 #42 0x41d878 in trace__ utilities/ovn-trace.c:3007 #43 0x41788d in execute_next utilities/ovn-trace.c:2307 .... The issue can be triggered with the following reproducer: $ovn-nbctl ls-add sw $ovn-nbctl lsp-add sw p1 $ovn-nbctl lsp-set-addresses p1 "00:00:00:00:00:02 192.168.0.2" $ovn-nbctl lsp-add sw p2 $ovn-nbctl lsp-set-addresses p2 "00:00:00:00:00:03 192.168.0.3" $ovn-nbctl pg-add pg1 p1 p2 $ovn-nbctl acl-add pg1 to-lport 2003 "inport==@pg1 && ip4 && ip4.src == 192.168.0.0/16 && udp && udp.dst == 9000" allow $ovn-nbctl acl-add pg1 to-lport 2001 "inport==@pg1" reject $ovn-trace 'inport == "p2" && eth.src == 00:00:00:00:00:03 && eth.dst == 00:00:00:00:00:02 && ip.ttl==42 && ip4.src == 192.168.0.3' Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=2074537 Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com> Acked-by: Mark Michelson <mmichels@redhat.com> Signed-off-by: Mark Michelson <mmichels@redhat.com>
When creating an ACL for an address group like:
create acl priority=1001 direction=to-lport "match="ip4.src == {$a11661077897478047653} && outport == @a15416135329930652905"" action=allow-related
ovn-nbctl accepts the command, but ovn-controller complains:
2020-02-13T20:00:22.083Z|00059|lflow|WARN|error parsing match "!ct.new && ct.est && !ct.rpl && ct_label.blocked == 0 && (ip4.src == {$a11661077897478047653} && outport == @a15416135329930652905)": Syntax error at `$a11661077897478047653' expecting address set name.
More logs here:
https://gist.githubusercontent.com/trozet/a9fb6c52be80a43aec9cb8aa1f36129f/raw/ae239271655ce030d45da69d8086f0b5ddb35d49/log.txt
The text was updated successfully, but these errors were encountered: