From patchwork Fri Oct 20 18:23:12 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Garver X-Patchwork-Id: 828765 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=openvswitch.org (client-ip=140.211.169.12; helo=mail.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3yJZ1V6tSwz9t39 for ; Sat, 21 Oct 2017 05:23:42 +1100 (AEDT) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id 7DF79B2E; Fri, 20 Oct 2017 18:23:19 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 61324AC9 for ; Fri, 20 Oct 2017 18:23:17 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id A5FD34E9 for ; Fri, 20 Oct 2017 18:23:16 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 05D9D37E88 for ; Fri, 20 Oct 2017 18:23:16 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 05D9D37E88 Authentication-Results: ext-mx05.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=erig.me Authentication-Results: ext-mx05.extmail.prod.ext.phx2.redhat.com; spf=none smtp.mailfrom=e@erig.me DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 05D9D37E88 Received: from dev-rhel7.localdomain (wsfd-netdev-vmhost.ntdv.lab.eng.bos.redhat.com [10.19.17.17]) by smtp.corp.redhat.com (Postfix) with ESMTP id B89815D9C1 for ; Fri, 20 Oct 2017 18:23:15 +0000 (UTC) From: Eric Garver To: dev@openvswitch.org Date: Fri, 20 Oct 2017 14:23:12 -0400 Message-Id: <20171020182312.12888-4-e@erig.me> In-Reply-To: <20171020182312.12888-1-e@erig.me> References: <20171020182312.12888-1-e@erig.me> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Fri, 20 Oct 2017 18:23:16 +0000 (UTC) X-Spam-Status: No, score=-5.0 required=5.0 tests=RCVD_IN_DNSWL_HI autolearn=disabled version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: [ovs-dev] [PATCH 3/3] system-traffic: Add conntrack floating IP test X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org This test cases uses floating IP (FIP) addresses for each endpoint. If the destination is a FIP, the packet will undergo a transformation of the form (dst=FIP, src=non-FIP) --> (dst=non-FIP, src=FIP) before egress. Otherwise the packet is untouched. This exercises the ct_clear action in the datapath. Signed-off-by: Eric Garver --- tests/system-traffic.at | 73 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 73 insertions(+) diff --git a/tests/system-traffic.at b/tests/system-traffic.at index 522eaa615834..7cc1e1e21187 100644 --- a/tests/system-traffic.at +++ b/tests/system-traffic.at @@ -3996,6 +3996,79 @@ ovs-ofctl -O OpenFlow15 dump-group-stats br0 OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP +AT_SETUP([conntrack - floating IP]) +AT_SKIP_IF([test $HAVE_NC = no]) +CHECK_CONNTRACK() +OVS_TRAFFIC_VSWITCHD_START() +OVS_CHECK_CT_CLEAR() + +ADD_NAMESPACES(at_ns0, at_ns1) +ADD_VETH(p0, at_ns0, br0, "10.1.1.1/24", "f0:00:00:01:01:01") dnl FIP 10.254.254.1 +ADD_VETH(p1, at_ns1, br0, "10.1.1.2/24", "f0:00:00:01:01:02") dnl FIP 10.254.254.2 + +dnl Static ARPs +NS_CHECK_EXEC([at_ns0], [ip neigh add 10.1.1.2 lladdr f0:00:00:01:01:02 dev p0]) +NS_CHECK_EXEC([at_ns1], [ip neigh add 10.1.1.1 lladdr f0:00:00:01:01:01 dev p1]) + +dnl Static ARP and route entries for the FIP "gateway" +NS_CHECK_EXEC([at_ns0], [ip neigh add 10.1.1.254 lladdr f0:00:00:01:01:FE dev p0]) +NS_CHECK_EXEC([at_ns1], [ip neigh add 10.1.1.254 lladdr f0:00:00:01:01:FE dev p1]) +NS_CHECK_EXEC([at_ns0], [ip route add default nexthop via 10.1.1.254]) +NS_CHECK_EXEC([at_ns1], [ip route add default nexthop via 10.1.1.254]) + +NETNS_DAEMONIZE([at_ns0], [nc -l -k > /dev/null], [nc0.pid]) + +AT_DATA([flows.txt], [dnl +table=0,priority=10 ip action=ct(table=1) +table=0,priority=1 action=drop +dnl dst FIP +table=1,priority=20 ip,ct_state=+trk+est,nw_dst=10.254.254.0/24 action=goto_table:10 +table=1,priority=20 ip,ct_state=+trk+new,nw_dst=10.254.254.0/24 action=ct(commit,table=10) +dnl dst local +table=1,priority=10 ip,ct_state=+trk+est action=goto_table:20 +table=1,priority=10 ip,ct_state=+trk+new action=ct(commit,table=20) +table=1,priority=1 ip,ct_state=+trk+inv action=drop +dnl +dnl FIP translation (dst FIP, src local) --> (dst local, src FIP) +table=10 ip,nw_dst=10.254.254.1 action=set_field:10.1.1.1->nw_dst,goto_table:11 +table=10 ip,nw_dst=10.254.254.2 action=set_field:10.1.1.2->nw_dst,goto_table:11 +table=11 ip,nw_src=10.1.1.1 action=set_field:10.254.254.1->nw_src,goto_table:12 +table=11 ip,nw_src=10.1.1.2 action=set_field:10.254.254.2->nw_src,goto_table:12 +dnl clear conntrack and do another lookup since we changed the tuple +table=12,priority=10 ip action=ct_clear,ct(table=13) +table=12,priority=1 action=drop +table=13 ip,ct_state=+trk+est action=goto_table:20 +table=13 ip,ct_state=+trk+new action=ct(commit,table=20) +table=13 ip,ct_state=+trk+inv action=drop +dnl +dnl Output +table=20 ip,nw_src=10.1.1.1 action=set_field:f0:00:00:01:01:01->eth_src,goto_table:21 +table=20 ip,nw_src=10.1.1.2 action=set_field:f0:00:00:01:01:02->eth_src,goto_table:21 +table=20 ip,nw_src=10.254.254.0/24 action=set_field:f0:00:00:01:01:FE->eth_src,goto_table:21 +table=21 ip,nw_dst=10.1.1.1 action=set_field:f0:00:00:01:01:01->eth_dst,output:ovs-p0 +table=21 ip,nw_dst=10.1.1.2 action=set_field:f0:00:00:01:01:02->eth_dst,output:ovs-p1 +]) + +AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) + +dnl non-FIP case +NS_CHECK_EXEC([at_ns1], [echo "foobar" |nc $NC_EOF_OPT 10.1.1.1]) +OVS_WAIT_UNTIL([[ovs-appctl dpctl/dump-conntrack | sed -e 's/port=[0-9]*/port=/g' -e 's/id=[0-9]*/id=/g' | +grep "tcp,orig=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),reply=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),protoinfo=(state=TIME_WAIT)" +]]) + +dnl Check that the full session ends as expected (i.e. TIME_WAIT). Otherwise it +dnl means the datapath didn't process the ct_clear action. Ending in SYN_RECV +dnl (OVS maps to ESTABLISHED) means the initial frame was committed, but not a +dnl second time after the FIP translation (because ct_clear didn't occur). +NS_CHECK_EXEC([at_ns1], [echo "foobar" |nc $NC_EOF_OPT 10.254.254.1]) +OVS_WAIT_UNTIL([[ovs-appctl dpctl/dump-conntrack | sed -e 's/port=[0-9]*/port=/g' -e 's/id=[0-9]*/id=/g' | +grep "tcp,orig=(src=10.254.254.2,dst=10.1.1.1,sport=,dport=),reply=(src=10.1.1.1,dst=10.254.254.2,sport=,dport=),protoinfo=(state=TIME_WAIT)" +]]) + +OVS_TRAFFIC_VSWITCHD_STOP +AT_CLEANUP + AT_BANNER([802.1ad]) AT_SETUP([802.1ad - vlan_limit])