From patchwork Sat Nov 7 20:00:00 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Joe Stringer X-Patchwork-Id: 541380 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from archives.nicira.com (unknown [IPv6:2600:3c00::f03c:91ff:fe6e:bdf7]) by ozlabs.org (Postfix) with ESMTP id 693361402CC for ; Sun, 8 Nov 2015 07:02:14 +1100 (AEDT) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=nicira_com.20150623.gappssmtp.com header.i=@nicira_com.20150623.gappssmtp.com header.b=zF9ImSRG; dkim-atps=neutral Received: from archives.nicira.com (localhost [127.0.0.1]) by archives.nicira.com (Postfix) with ESMTP id 7CFD910AC8; Sat, 7 Nov 2015 12:00:45 -0800 (PST) X-Original-To: dev@openvswitch.org Delivered-To: dev@openvswitch.org Received: from mx1e3.cudamail.com (mx1.cudamail.com [69.90.118.67]) by archives.nicira.com (Postfix) with ESMTPS id 02C1B10ABF for ; Sat, 7 Nov 2015 12:00:44 -0800 (PST) Received: from bar2.cudamail.com (localhost [127.0.0.1]) by mx1e3.cudamail.com (Postfix) with ESMTPS id 7546C42009D for ; Sat, 7 Nov 2015 13:00:43 -0700 (MST) X-ASG-Debug-ID: 1446926443-03dc530881926a0001-byXFYA Received: from mx1-pf2.cudamail.com ([192.168.24.2]) by bar2.cudamail.com with ESMTP id iqqzJh6tWKF3eO2f (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Sat, 07 Nov 2015 13:00:43 -0700 (MST) X-Barracuda-Envelope-From: joestringer@nicira.com X-Barracuda-RBL-Trusted-Forwarder: 192.168.24.2 Received: from unknown (HELO mail-pa0-f48.google.com) (209.85.220.48) by mx1-pf2.cudamail.com with ESMTPS (RC4-SHA encrypted); 7 Nov 2015 20:00:42 -0000 Received-SPF: unknown (mx1-pf2.cudamail.com: Multiple SPF records returned) X-Barracuda-RBL-Trusted-Forwarder: 209.85.220.48 Received: by pacdm15 with SMTP id dm15so132303051pac.3 for ; Sat, 07 Nov 2015 12:00:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nicira_com.20150623.gappssmtp.com; s=20150623; h=from:to:subject:date:message-id:in-reply-to:references; bh=weEKBLvX0mluMF2lRb/kVfGhcm4RK2zoHCt8eC5dFBo=; b=zF9ImSRG8hHmTgC41SaNdm7W0TU+RWcyAYuQCTDkMlacdauZ8YF1GgHIWHGxhp+dT9 CNcZEYBVyQat1rEHK6WrRAsnbvqIwYS7uBLWcyl/axSwR/DQVbD7WwGWBz9gGAQJ31IH 2WStjjQ2N6gv6jU2tkRGGS8dMfNklEOuAm3gUTBmOhf3ctNirtDD672W8DAD3JpFySYJ TOGiM8WivpFpP/8yutj1LqxkWDJ7h5kKGSQLeWuW8u1GS2hbVDevH0k7YVuvCHJUOMIh /z/xBxdNTJoW97+W1u7+LPZ1dLurAetZoTtlRsZVQ5cUEpKWOGP+I2oyKnSk1UwrX+Q/ UHIg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references; bh=weEKBLvX0mluMF2lRb/kVfGhcm4RK2zoHCt8eC5dFBo=; b=Bjl14Yq00ZALTfZ5lG/jVciujTVNq/nyN0YDOqNwLW4OyZRxayTXXKSFMjPJzoQ8Bh IWxNWPrvsmJEqdQdNzvnQ9nOcYmi1qzz3HZ00tVRJaYllaGr0yCPcsfWADKIMAJpRHre zT2ac+cCE3Paw08GZTYh2dPPG6tmJu4+i5p8YlJuV+/kVTnbax20bAOA04JqdNdnI6Ad nENEROOab3QR8nqqkuLJEMUARBPzfsQ+h/ECe4vMFuJOsXWEO32A2xrGI4oi1zWNBCsd dLA2Toyq2FmadZl+nxkWo/qxSrgEbBrR8E2q9xpWwQWaJMH7m8WX4TgxQr5xgZQoKAP8 0FRA== X-Gm-Message-State: ALoCoQkRZZFB+ktKhT6eDdH+qOqdk0KoWJZP7CT26fsEaoLRXcgG8MRXDIEnO4PD1rfwrYlHZU5e X-Received: by 10.68.165.34 with SMTP id yv2mr27512292pbb.153.1446926442220; Sat, 07 Nov 2015 12:00:42 -0800 (PST) Received: from localhost.localdomain ([208.91.2.4]) by smtp.gmail.com with ESMTPSA id nu5sm7312219pbb.65.2015.11.07.12.00.40 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sat, 07 Nov 2015 12:00:41 -0800 (PST) X-CudaMail-Envelope-Sender: joestringer@nicira.com X-Barracuda-Apparent-Source-IP: 208.91.2.4 From: Joe Stringer To: dev@openvswitch.org X-CudaMail-Whitelist-To: dev@openvswitch.org X-CudaMail-MID: CM-E2-1106023147 X-CudaMail-DTE: 110715 X-CudaMail-Originating-IP: 209.85.220.48 Date: Sat, 7 Nov 2015 12:00:00 -0800 X-ASG-Orig-Subj: [##CM-E2-1106023147##][PATCH 22/23] system-traffic: Add internal port conntrack tests. Message-Id: <1446926401-55723-23-git-send-email-joestringer@nicira.com> X-Mailer: git-send-email 2.1.4 In-Reply-To: <1446926401-55723-1-git-send-email-joestringer@nicira.com> References: <1446926401-55723-1-git-send-email-joestringer@nicira.com> X-Barracuda-Connect: UNKNOWN[192.168.24.2] X-Barracuda-Start-Time: 1446926443 X-Barracuda-Encrypted: DHE-RSA-AES256-SHA X-Barracuda-URL: https://web.cudamail.com:443/cgi-mod/mark.cgi X-ASG-Whitelist: Header =?UTF-8?B?eFwtY3VkYW1haWxcLXdoaXRlbGlzdFwtdG8=?= X-Virus-Scanned: by bsmtpd at cudamail.com X-Barracuda-BRTS-Status: 1 Subject: [ovs-dev] [PATCH 22/23] system-traffic: Add internal port conntrack tests. X-BeenThere: dev@openvswitch.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: dev-bounces@openvswitch.org Sender: "dev" Add an additional test that ensures that when receiving packets from internal ports that reside in a foreign namespace, the conntrack information is not populated in the flow. Signed-off-by: Joe Stringer Acked-by: Daniele Di Proietto --- tests/system-common-macros.at | 12 ++++++++++++ tests/system-traffic.at | 41 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 53 insertions(+) diff --git a/tests/system-common-macros.at b/tests/system-common-macros.at index f0da5893905b..581c779e3e28 100644 --- a/tests/system-common-macros.at +++ b/tests/system-common-macros.at @@ -43,6 +43,18 @@ m4_define([NS_CHECK_EXEC], # appropriate type, and allows additional arguments to be passed. m4_define([ADD_BR], [ovs-vsctl _ADD_BR([$1]) -- $2]) +# ADD_INT([port], [namespace], [ovs-br], [ip_addr]) +# +# Add an internal port to 'ovs-br', then shift it into 'namespace' and +# configure it with 'ip_addr' (specified in CIDR notation). +m4_define([ADD_INT], + [ AT_CHECK([ovs-vsctl add-port $3 $1 -- set int $1 type=internal]) + AT_CHECK([ip link set $1 netns $2]) + NS_CHECK_EXEC([$2], [ip addr add $4 dev $1]) + NS_CHECK_EXEC([$2], [ip link set dev $1 up]) + ] +) + # ADD_VETH([port], [namespace], [ovs-br], [ip_addr]) # # Add a pair of veth ports. 'port' will be added to name space 'namespace', diff --git a/tests/system-traffic.at b/tests/system-traffic.at index 3b47cced678f..abe00e149feb 100644 --- a/tests/system-traffic.at +++ b/tests/system-traffic.at @@ -566,6 +566,47 @@ TIME_WAIT src=10.1.1.1 dst=10.1.1.2 sport= dport= src=10.1.1.2 OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP +AT_SETUP([conntrack - multiple zones, internal ports]) +CHECK_CONNTRACK() +OVS_TRAFFIC_VSWITCHD_START( + [set-fail-mode br0 secure -- ]) + +ADD_NAMESPACES(at_ns0, at_ns1) + +ADD_INT(p0, at_ns0, br0, "10.1.1.1/24") +ADD_INT(p1, at_ns1, br0, "10.1.1.2/24") + +dnl Allow any traffic from ns0->ns1. Only allow nd, return traffic from ns1->ns0. +dnl +dnl If skb->nfct is leaking from inside the namespace, this test will fail. +AT_DATA([flows.txt], [dnl +priority=1,action=drop +priority=10,arp,action=normal +priority=10,icmp,action=normal +priority=100,in_port=1,tcp,ct_state=-trk,action=ct(commit,zone=1),ct(commit,zone=2),2 +priority=100,in_port=2,ct_state=-trk,tcp,action=ct(table=0,zone=2) +priority=100,in_port=2,ct_state=+trk,ct_zone=2,tcp,action=1 +]) + +AT_CHECK([ovs-ofctl add-flows br0 flows.txt]) + +dnl HTTP requests from p0->p1 should work fine. +NETNS_DAEMONIZE([at_ns1], [[$PYTHON $srcdir/test-l7.py]], [http0.pid]) +NS_CHECK_EXEC([at_ns0], [wget 10.1.1.2 -t 3 -T 1 --retry-connrefused -v -o wget0.log]) + +dnl (again) HTTP requests from p0->p1 should work fine. +NS_CHECK_EXEC([at_ns0], [wget 10.1.1.2 -t 3 -T 1 --retry-connrefused -v -o wget0.log]) + +AT_CHECK([conntrack -L 2>&1 | FORMAT_CT(10.1.1.2)], [0], [dnl +SYN_SENT src=10.1.1.1 dst=10.1.1.2 sport= dport= [[UNREPLIED]] src=10.1.1.2 dst=10.1.1.1 sport= dport= mark=0 zone=1 use=1 +TIME_WAIT src=10.1.1.1 dst=10.1.1.2 sport= dport= src=10.1.1.2 dst=10.1.1.1 sport= dport= [[ASSURED]] mark=0 zone=2 use=1 +]) + +OVS_TRAFFIC_VSWITCHD_STOP(["dnl +/ioctl(SIOCGIFINDEX) on .* device failed: No such device/d +/removing policing failed: No such device/d"]) +AT_CLEANUP + AT_SETUP([conntrack - multiple zones, local]) CHECK_CONNTRACK() OVS_TRAFFIC_VSWITCHD_START(