From patchwork Sat Mar 11 00:10:41 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jarno Rajahalme X-Patchwork-Id: 737613 X-Patchwork-Delegate: joestringer@nicira.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3vg4Kf0Z4qz9s7x for ; Sat, 11 Mar 2017 11:11:02 +1100 (AEDT) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id 69636BAE; Sat, 11 Mar 2017 00:10:55 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 51BB0826 for ; Sat, 11 Mar 2017 00:10:54 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from relay5-d.mail.gandi.net (relay5-d.mail.gandi.net [217.70.183.197]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id A0633124 for ; Sat, 11 Mar 2017 00:10:53 +0000 (UTC) Received: from mfilter11-d.gandi.net (mfilter11-d.gandi.net [217.70.178.131]) by relay5-d.mail.gandi.net (Postfix) with ESMTP id A747941C074; Sat, 11 Mar 2017 01:10:51 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at mfilter11-d.gandi.net Received: from relay5-d.mail.gandi.net ([IPv6:::ffff:217.70.183.197]) by mfilter11-d.gandi.net (mfilter11-d.gandi.net [::ffff:10.0.15.180]) (amavisd-new, port 10024) with ESMTP id YDGVg0FRn8V1; Sat, 11 Mar 2017 01:10:50 +0100 (CET) X-Originating-IP: 208.91.1.34 Received: from sc9-mailhost3.vmware.com (unknown [208.91.1.34]) (Authenticated sender: jarno@ovn.org) by relay5-d.mail.gandi.net (Postfix) with ESMTPSA id 3BFD041C07F; Sat, 11 Mar 2017 01:10:48 +0100 (CET) From: Jarno Rajahalme To: dev@openvswitch.org Date: Fri, 10 Mar 2017 16:10:41 -0800 Message-Id: <1489191041-103125-1-git-send-email-jarno@ovn.org> X-Mailer: git-send-email 2.1.4 X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: [ovs-dev] [PATCH] tests: ICMP related to original direction test. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org Normally ICMPP responses are in the reply direction of a conntrack entry. This test exercises an ICMP response to the original direction of the conntrack entry. Signed-off-by: Jarno Rajahalme --- tests/system-traffic.at | 58 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) diff --git a/tests/system-traffic.at b/tests/system-traffic.at index 9861fb1..3fef763 100644 --- a/tests/system-traffic.at +++ b/tests/system-traffic.at @@ -1374,6 +1374,64 @@ NXST_FLOW reply: OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP +AT_SETUP([conntrack - ICMP related to original direction]) +AT_SKIP_IF([test $HAVE_NC = no]) +CHECK_CONNTRACK() +OVS_TRAFFIC_VSWITCHD_START() + +ADD_NAMESPACES(at_ns0, at_ns1) + +ADD_VETH(p0, at_ns0, br0, "10.1.1.1/24") +ADD_VETH(p1, at_ns1, br0, "10.1.1.2/24") + +dnl Allow UDP traffic from ns0->ns1. Only allow related ICMP responses back. +AT_DATA([flows.txt], [dnl +priority=1000,arp,action=normal +priority=100,ip,action=ct(table=1) +priority=1,action=drop +table=1,ip,action=ct(zone=34673,table=2) +table=2,in_port=2,udp,action=ct(commit,zone=34673),1 +table=2,in_port=1,udp,action=ct(commit,zone=34673),2 +table=2,in_port=2,icmp,action=1 +]) + +AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) + +dnl 1. Send and UDP packet to port 53 (src=192.100.1.8,dst=192.100.2.5) +AT_CHECK([ovs-ofctl -O OpenFlow13 packet-out br0 2 resubmit\(,0\) '00010200020400232211223308004500001c000100004011f6fac0640108c06402050035003500087b9e']) + +dnl 2. Send and UDP packet to port 53 (src=192.100.2.5,dst=192.100.1.8) +AT_CHECK([ovs-ofctl -O OpenFlow13 packet-out br0 1 resubmit\(,0\) '00232211223300010200020408004500001c000100004011f6fac0640205c06401080035003500087b9e']) + +dnl 3. Send an ICMP port unreach reply for port 53, related to the 2nd +dnl packet, but in the original direction of the conntrack entry created +dnl for the 1st packet. +AT_CHECK([ovs-ofctl -O OpenFlow13 packet-out br0 2 resubmit\(,0\) '000102000204002322112233080045000038000100003f01f7eec0640108c0640205030a80e5ffffffff4500001c000100003f11f7fac0640205c06401080035003500087b9e']) + +AT_CHECK([ovs-appctl revalidator/purge], [0]) + +dnl 4. Repeat 3. +AT_CHECK([ovs-ofctl -O OpenFlow13 packet-out br0 2 resubmit\(,0\) '000102000204002322112233080045000038000100003f01f7eec0640108c0640205030a80e5ffffffff4500001c000100003f11f7fac0640205c06401080035003500087b9e']) + +AT_CHECK([ovs-appctl revalidator/purge], [0]) + +AT_CHECK([ovs-ofctl dump-flows br0 | ofctl_strip | sort | grep -v drop], [0], [dnl + n_packets=4, n_bytes=224, priority=100,ip actions=ct(table=1) + priority=1000,arp actions=NORMAL + table=1, n_packets=4, n_bytes=224, ip actions=ct(table=2,zone=34673) + table=2, n_packets=1, n_bytes=42, udp,in_port=1 actions=ct(commit,zone=34673),output:2 + table=2, n_packets=1, n_bytes=42, udp,in_port=2 actions=ct(commit,zone=34673),output:1 + table=2, n_packets=2, n_bytes=140, icmp,in_port=2 actions=output:1 +NXST_FLOW reply: +]) + +AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(192.100.1.8)], [0], [dnl +udp,orig=(src=192.100.1.8,dst=192.100.2.5,sport=,dport=),reply=(src=192.100.2.5,dst=192.100.1.8,sport=,dport=),zone=34673 +]) + +OVS_TRAFFIC_VSWITCHD_STOP +AT_CLEANUP + AT_SETUP([conntrack - ICMP related 2]) CHECK_CONNTRACK() OVS_TRAFFIC_VSWITCHD_START()