tests/system-route.at | 42 20 + 22 - 0 !
1 file changed, 20 insertions(+), 22 deletions(-)

 tests: make routing rules checks more resilient.
 The "ovs-route - unsupported rules" test routing rule checks were failing
 on systems having non-standard routing rules.
 .
 These failures occurred because the test performed exact output matching
 on the full output of 'ovs-appctl ovs/route/rule/show', which includes
 both user-added and system-cached rules.
 .
 When the system has additional routing rules that meet certain criteria
 (FR_ACT_TO_TBL action without unsupported selectors like fwmark, dport,
 sport, iif, ipproto, or tun_id), OVS caches them, as expected, causing
 them to appear in the "Cached:" section of the output.
 .
 "ovs-route - unsupported rules" was modified in order to take this situation
 into account. It now captures the full initial cache state before adding
 test rules and verifies that the cache state remains unchanged after adding
 unsupported rules (keeping the intent of the test intact).

lib/ovs-router.c | 52 36 + 16 - 0 !
1 file changed, 36 insertions(+), 16 deletions(-)

 ovs-router: fix --disable-system-route rules filter.
 Even with --disable-system-route set, non-standard system routing rules
 were still being cached at startup via route_table_reset()
 calling ovs_router_rule_add() from rule_handle_msg() in route-table.c.
 .
 The use_system_routing_table flag was only checked in ovs_router_insert()
 and ovs_router_lookup_fallback(), but not in ovs_router_rule_add(),
 allowing non-standard system rules to pollute the routing cache.
 .
 Fix this by splitting ovs_router_rule_add() into an internal static
 ovs_router_rule_add__() function and a public ovs_router_rule_add()
 wrapper that checks the use_system_routing_table flag before adding
 rules. Internal callers (init_standard_rules, ovs_router_rule_add_cmd)
 use the internal version directly, while external callers like
 route-table.c go through the public API which respects the flag.
 .
 ovs_router_rules_flush(false) removes all non-user rules, including
 the standard routing rules (local, main, default). These standard
 rules are needed for proper route lookup even when system routing
 is disabled.
 .
 Re-add the standard rules after a non-full flush by calling
 init_standard_rules() within ovs_router_rules_flush().

lib/ovs-router.c | 4 3 + 1 - 0 !
1 file changed, 3 insertions(+), 1 deletion(-)

 ovs-router: fix locking in ovs_router_rule_add().
 ovs_router_rule_add() is annotated with OVS_REQUIRES(mutex) but its
 external caller rule_handle_msg() in route-table.c does not hold the
 mutex. This could lead to data races on the rules pvector.
 .
 Fix this by changing the annotation to OVS_EXCLUDED(mutex) and
 acquiring the mutex inside ovs_router_rule_add() around the call to
 the internal ovs_router_rule_add__() function.