From patchwork Mon Oct 7 15:54:24 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Valerio X-Patchwork-Id: 1993721 X-Patchwork-Delegate: aconole@redhat.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=VH1qkeDe; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.138; helo=smtp1.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=patchwork.ozlabs.org) Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4XMkHh4NQwz1xtV for ; Tue, 8 Oct 2024 02:54:55 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id B003380E95; Mon, 7 Oct 2024 15:54:52 +0000 (UTC) X-Virus-Scanned: amavis at osuosl.org Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP id xVYbpI1Yfdgf; Mon, 7 Oct 2024 15:54:51 +0000 (UTC) X-Comment: SPF check N/A for local connections - client-ip=140.211.9.56; helo=lists.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver= DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org 78E5B80E67 Authentication-Results: smtp1.osuosl.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=VH1qkeDe Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp1.osuosl.org (Postfix) with ESMTPS id 78E5B80E67; Mon, 7 Oct 2024 15:54:51 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 461C9C08A6; Mon, 7 Oct 2024 15:54:51 +0000 (UTC) X-Original-To: ovs-dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp2.osuosl.org (smtp2.osuosl.org [IPv6:2605:bc80:3010::133]) by lists.linuxfoundation.org (Postfix) with ESMTP id DEB1FC08A3 for ; Mon, 7 Oct 2024 15:54:49 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id B5B5D40949 for ; Mon, 7 Oct 2024 15:54:49 +0000 (UTC) X-Virus-Scanned: amavis at osuosl.org Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP id GAFnq-wTWvhF for ; Mon, 7 Oct 2024 15:54:48 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=170.10.129.124; helo=us-smtp-delivery-124.mimecast.com; envelope-from=pvalerio@redhat.com; receiver= DMARC-Filter: OpenDMARC Filter v1.4.2 smtp2.osuosl.org 2B94A403AA Authentication-Results: smtp2.osuosl.org; dmarc=pass (p=none dis=none) header.from=redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 2B94A403AA Authentication-Results: smtp2.osuosl.org; dkim=pass (1024-bit key, unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=VH1qkeDe Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by smtp2.osuosl.org (Postfix) with ESMTPS id 2B94A403AA for ; Mon, 7 Oct 2024 15:54:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1728316486; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=pyrxM1shhrgDB72y3tbAMmvPVpmKYbP1HRgksITC68A=; b=VH1qkeDeYkBZzo1ZyQxV6fCOzyjieYmWmIf4q04TQzxDV1XKjJA5eymN/83VA4E9PKTpyi 67+Rk+6JwaPBQxPgWaIWhNLPcZMitt09AgjYHd3E1Mxlr0m6qHh4dteZvgtx4orOqPuqTP v6PbOMxByxUp36Pf39IuSPtkB/MdQiQ= Received: from mail-wm1-f70.google.com (mail-wm1-f70.google.com [209.85.128.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-373-8WS-TEuEMseKZH1I3QOlQA-1; Mon, 07 Oct 2024 11:54:45 -0400 X-MC-Unique: 8WS-TEuEMseKZH1I3QOlQA-1 Received: by mail-wm1-f70.google.com with SMTP id 5b1f17b1804b1-42cb857fc7dso40842195e9.0 for ; Mon, 07 Oct 2024 08:54:45 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728316484; x=1728921284; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=pyrxM1shhrgDB72y3tbAMmvPVpmKYbP1HRgksITC68A=; b=RaqSPAAJ31gIo8clplJqYigVJZ2ZLsGVd5evDS+2UMvURX5llw0kl5UR2S3u4Eaijk q2Am/f2mg3hqF/D12RSaj+cinaaklQYOtMDcoIjUW0fFY3XSq5Zc+WWtCXHDSWVc+cvp 3miVD3dKE1atO/88XQ4S1J+AAJUX+EZHzN9dGvmg9HKHsR6cUtdxz8gnK5vk27MFKbBb +g6/DM6kX9bIqkJa0Aaea77Lx/xICxM/eNS0JbVOYXfQfK1qG/ePT9THX9FhHyTOP8qb +qpVMUwZ6cYuy7kkUabJSavEvNFqEnAO5ZoMkRPx4I4vAnbOVg/R+jmw6Ih4uDNUbAhY ZPBg== X-Gm-Message-State: AOJu0Yyyb9jKN78Otji/U0JKbALyx71qzHhk0YxXKOifqbc6CD3K8fNk IB9qS45PbpwgVExcjnWOvos2hzcqptMdDuoNOs1AOiiFlJM40WP+1tBOwc6n1AymN4I2lptAAoU GRIHWrIHtPj14W5vxFE7GlrUwCZu92+SRGQDTLoF5gmDp0+b5YG2Q+4AZTdfQgFEdhm8XzdAmDw yMG+f0dkP1ISXEIWvQZw2GcSwu8VnDZSZ0ff4Cj9E= X-Received: by 2002:a05:600c:3b27:b0:42f:8515:e4a8 with SMTP id 5b1f17b1804b1-42f85a6d5camr77143615e9.6.1728316483771; Mon, 07 Oct 2024 08:54:43 -0700 (PDT) X-Google-Smtp-Source: AGHT+IG7K25aHZ6Fn0f9Hib6UbZ4EE9gGC8yCbD2ZZQyLlYlt9jemq7fgsd8NRU4z2Un09ckKEzoOw== X-Received: by 2002:a05:600c:3b27:b0:42f:8515:e4a8 with SMTP id 5b1f17b1804b1-42f85a6d5camr77143385e9.6.1728316483272; Mon, 07 Oct 2024 08:54:43 -0700 (PDT) Received: from localhost (net-188-216-80-179.cust.vodafonedsl.it. [188.216.80.179]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-42f86b43f2dsm97114275e9.31.2024.10.07.08.54.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 07 Oct 2024 08:54:42 -0700 (PDT) From: Paolo Valerio To: ovs-dev@openvswitch.org Date: Mon, 7 Oct 2024 17:54:24 +0200 Message-ID: <20241007155425.28710-1-pvalerio@redhat.com> X-Mailer: git-send-email 2.46.1 MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Subject: [ovs-dev] [PATCH v4 1/2] system-traffic: Do not rely on conncount for already tracked packets. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Xin Long Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" As Long reported, kernels built without CONFIG_NETFILTER_CONNCOUNT result in the unexpected failure of the following tests: conntrack - multiple zones, local conntrack - multi-stage pipeline, local conntrack - can match and clear ct_state from outside OVS this happens because the nf_conncount turns on connection tracking and the above tests rely on this side effect. However, this behavior may be corrected in the kernel, which could, in turn, cause the tests to fail. The patch removes the assumption by adding iptables rules to attach an nf_conn template to the skb resulting tracked once hit the OvS pipeline. While at it, introduce $HAVE_IPTABLES and skip tests if iptables binary is not present. Reported-by: Xin Long Reported-at: https://issues.redhat.com/browse/FDP-708 Signed-off-by: Paolo Valerio Acked-by: Eelco Chaudron Acked-by: Simon Horman --- v4: - removed IPTABLES_CT() leftover (Simon) v3: - generalized introducing CHECK_EXTERNAL_CT()/ADD_EXTERNAL_CT() to ease the transition toward a different front-end v2: - add $HAVE_IPTABLES - reduced subject length (0-day Robot) --- tests/atlocal.in | 3 +++ tests/system-kmod-macros.at | 21 +++++++++++++++++++++ tests/system-traffic.at | 8 ++++++++ tests/system-userspace-macros.at | 16 ++++++++++++++++ 4 files changed, 48 insertions(+) diff --git a/tests/atlocal.in b/tests/atlocal.in index 8565a0bae..d6b87f8ec 100644 --- a/tests/atlocal.in +++ b/tests/atlocal.in @@ -185,6 +185,9 @@ find_command lftp # Set HAVE_ETHTOOL find_command ethtool +# Set HAVE_IPTABLES +find_command iptables + CURL_OPT="-g -v --max-time 1 --retry 2 --retry-delay 1 --connect-timeout 1" # Determine whether "diff" supports "normal" diffs. (busybox diff does not.) diff --git a/tests/system-kmod-macros.at b/tests/system-kmod-macros.at index 5203b1df8..135892e91 100644 --- a/tests/system-kmod-macros.at +++ b/tests/system-kmod-macros.at @@ -267,3 +267,24 @@ m4_define([OVS_CHECK_BAREUDP], AT_SKIP_IF([! ip link add dev ovs_bareudp0 type bareudp dstport 6635 ethertype mpls_uc 2>&1 >/dev/null]) AT_CHECK([ip link del dev ovs_bareudp0]) ]) + +# CHECK_EXTERNAL_CT() +# +# Checks if packets can be tracked outside OvS. +m4_define([CHECK_EXTERNAL_CT], +[ + dnl Kernel config (CONFIG_NETFILTER_XT_TARGET_CT) + dnl and user space extensions need to be present. + AT_SKIP_IF([test $HAVE_IPTABLES = no]) + AT_SKIP_IF([! iptables -t raw -I OUTPUT 1 -j CT]) + AT_CHECK([iptables -t raw -D OUTPUT 1]) +]) + +# ADD_EXTERNAL_CT() +# +# Let conntrack start tracking the packets outside OvS. +m4_define([ADD_EXTERNAL_CT], +[ + AT_CHECK([iptables -t raw -I OUTPUT 1 -o $1 -j CT]) + on_exit 'iptables -t raw -D OUTPUT 1' +]) diff --git a/tests/system-traffic.at b/tests/system-traffic.at index 202ff0492..5435a6241 100644 --- a/tests/system-traffic.at +++ b/tests/system-traffic.at @@ -1094,6 +1094,7 @@ OVS_TRAFFIC_VSWITCHD_STOP(["/Invalid Geneve tunnel metadata on bridge br0 while AT_CLEANUP AT_SETUP([datapath - ping over gre tunnel by simulated packets]) +AT_SKIP_IF([test $HAVE_IPTABLES = no]) OVS_CHECK_MIN_KERNEL(3, 10) OVS_TRAFFIC_VSWITCHD_START() @@ -1140,6 +1141,7 @@ OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP AT_SETUP([datapath - ping over erspan v1 tunnel by simulated packets]) +AT_SKIP_IF([test $HAVE_IPTABLES = no]) OVS_CHECK_MIN_KERNEL(3, 10) OVS_TRAFFIC_VSWITCHD_START() @@ -5456,10 +5458,12 @@ OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP AT_SETUP([conntrack - multiple zones, local]) +CHECK_EXTERNAL_CT() CHECK_CONNTRACK() CHECK_CONNTRACK_LOCAL_STACK() OVS_TRAFFIC_VSWITCHD_START() +ADD_EXTERNAL_CT([br0]) ADD_NAMESPACES(at_ns0) AT_CHECK([ip addr add dev br0 "10.1.1.1/24"]) @@ -5505,10 +5509,12 @@ OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP AT_SETUP([conntrack - multi-stage pipeline, local]) +CHECK_EXTERNAL_CT() CHECK_CONNTRACK() CHECK_CONNTRACK_LOCAL_STACK() OVS_TRAFFIC_VSWITCHD_START() +ADD_EXTERNAL_CT([br0]) ADD_NAMESPACES(at_ns0) AT_CHECK([ip addr add dev br0 "10.1.1.1/24"]) @@ -8386,6 +8392,7 @@ OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP AT_SETUP([conntrack - can match and clear ct_state from outside OVS]) +CHECK_EXTERNAL_CT() CHECK_CONNTRACK_LOCAL_STACK() OVS_CHECK_GENEVE() @@ -8396,6 +8403,7 @@ AT_CHECK([ovs-ofctl add-flow br0 "actions=normal"]) AT_CHECK([ovs-ofctl add-flow br-underlay "priority=100,ct_state=+trk,actions=ct_clear,resubmit(,0)"]) AT_CHECK([ovs-ofctl add-flow br-underlay "priority=10,actions=normal"]) +ADD_EXTERNAL_CT([br0]) ADD_NAMESPACES(at_ns0) dnl Set up underlay link from host into the namespace using veth pair. diff --git a/tests/system-userspace-macros.at b/tests/system-userspace-macros.at index d9b5b7e4c..c1be97347 100644 --- a/tests/system-userspace-macros.at +++ b/tests/system-userspace-macros.at @@ -357,3 +357,19 @@ m4_define([OVS_CHECK_BAREUDP], [ AT_SKIP_IF([:]) ]) + +# CHECK_EXTERNAL_CT() +# +# The userspace datapath does not support external ct. +m4_define([CHECK_EXTERNAL_CT], +[ + AT_SKIP_IF([:]) +]) + +# ADD_EXTERNAL_CT() +# +# The userspace datapath does not support external ct. +m4_define([ADD_EXTERNAL_CT], +[ + AT_SKIP_IF([:]) +])