From patchwork Mon Sep 18 16:47:07 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Xavier Simonart <xsimonar@redhat.com>
X-Patchwork-Id: 1836340
Return-Path: <ovs-dev-bounces@openvswitch.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
	dkim=fail reason="signature verification failed" (1024-bit key;
 unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256
 header.s=mimecast20190719 header.b=C5W2y+N6;
	dkim-atps=neutral
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org
 (client-ip=140.211.166.133; helo=smtp2.osuosl.org;
 envelope-from=ovs-dev-bounces@openvswitch.org; receiver=patchwork.ozlabs.org)
Received: from smtp2.osuosl.org (smtp2.osuosl.org [140.211.166.133])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384)
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4Rq9j76rFgz1ync
	for <incoming@patchwork.ozlabs.org>; Tue, 19 Sep 2023 02:48:27 +1000 (AEST)
Received: from localhost (localhost [127.0.0.1])
	by smtp2.osuosl.org (Postfix) with ESMTP id 7DCEA41A41;
	Mon, 18 Sep 2023 16:48:25 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 7DCEA41A41
Authentication-Results: smtp2.osuosl.org;
	dkim=fail reason="signature verification failed" (1024-bit key)
 header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256
 header.s=mimecast20190719 header.b=C5W2y+N6
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from smtp2.osuosl.org ([127.0.0.1])
	by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id hMR8TF2Y1Q3t; Mon, 18 Sep 2023 16:48:23 +0000 (UTC)
Received: from lists.linuxfoundation.org (lf-lists.osuosl.org
 [IPv6:2605:bc80:3010:104::8cd3:938])
	by smtp2.osuosl.org (Postfix) with ESMTPS id F15E84151A;
	Mon, 18 Sep 2023 16:48:06 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org F15E84151A
Received: from lf-lists.osuosl.org (localhost [127.0.0.1])
	by lists.linuxfoundation.org (Postfix) with ESMTP id A9E65C0DDF;
	Mon, 18 Sep 2023 16:47:55 +0000 (UTC)
X-Original-To: dev@openvswitch.org
Delivered-To: ovs-dev@lists.linuxfoundation.org
Received: from smtp1.osuosl.org (smtp1.osuosl.org [IPv6:2605:bc80:3010::138])
 by lists.linuxfoundation.org (Postfix) with ESMTP id 1A35CC0DE1
 for <dev@openvswitch.org>; Mon, 18 Sep 2023 16:47:49 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by smtp1.osuosl.org (Postfix) with ESMTP id 6799E82122
 for <dev@openvswitch.org>; Mon, 18 Sep 2023 16:47:23 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org 6799E82122
Authentication-Results: smtp1.osuosl.org;
 dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com
 header.a=rsa-sha256 header.s=mimecast20190719 header.b=C5W2y+N6
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from smtp1.osuosl.org ([127.0.0.1])
 by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id kMLmyuMUVbrZ for <dev@openvswitch.org>;
 Mon, 18 Sep 2023 16:47:18 +0000 (UTC)
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124])
 by smtp1.osuosl.org (Postfix) with ESMTPS id 3C71C820C0
 for <dev@openvswitch.org>; Mon, 18 Sep 2023 16:47:18 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org 3C71C820C0
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
 s=mimecast20190719; t=1695055637;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=5zLwFY2JAtZOxwNIIci42ESaePDWYPJ3fwMflBa7xEY=;
 b=C5W2y+N62heDvKfLtK8fujwl0I+btwrCPntSFJzvVd4VbWjry95//+rCzXDrQXAZUCz2+k
 sJOMhMefqJKDDT5ZTDgo/U+OMPa+OWMCYpaLiPh9uadGKActOn9xDXVY2+3tqkYK7KDKss
 W1s1+yC88EHwsEXuqQ7RulcDtQEkHs8=
Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com
 [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-257-XLjzXHuNNaGkPz3Mbv4b9A-1; Mon, 18 Sep 2023 12:47:15 -0400
X-MC-Unique: XLjzXHuNNaGkPz3Mbv4b9A-1
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com
 [10.11.54.8])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 54F33100AFE9
 for <dev@openvswitch.org>; Mon, 18 Sep 2023 16:47:15 +0000 (UTC)
Received: from wsfd-netdev90.ntdv.lab.eng.bos.redhat.com
 (wsfd-netdev90.ntdv.lab.eng.bos.redhat.com [10.19.188.196])
 by smtp.corp.redhat.com (Postfix) with ESMTP id 3CE3BC15BB8;
 Mon, 18 Sep 2023 16:47:15 +0000 (UTC)
From: Xavier Simonart <xsimonar@redhat.com>
To: xsimonar@redhat.com,
	dev@openvswitch.org
Date: Mon, 18 Sep 2023 18:47:07 +0200
Message-Id: <20230918164714.3144984-9-xsimonar@redhat.com>
In-Reply-To: <20230918164714.3144984-1-xsimonar@redhat.com>
References: <20230918164714.3144984-1-xsimonar@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.8
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Subject: [ovs-dev] [PATCH ovn 08/15] tests: fixed "L2 Drop and Allow ACL w/
	Stateful ACL"
X-BeenThere: ovs-dev@openvswitch.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <ovs-dev.openvswitch.org>
List-Unsubscribe: <https://mail.openvswitch.org/mailman/options/ovs-dev>,
 <mailto:ovs-dev-request@openvswitch.org?subject=unsubscribe>
List-Archive: <http://mail.openvswitch.org/pipermail/ovs-dev/>
List-Post: <mailto:ovs-dev@openvswitch.org>
List-Help: <mailto:ovs-dev-request@openvswitch.org?subject=help>
List-Subscribe: <https://mail.openvswitch.org/mailman/listinfo/ovs-dev>,
 <mailto:ovs-dev-request@openvswitch.org?subject=subscribe>
Errors-To: ovs-dev-bounces@openvswitch.org
Sender: "dev" <ovs-dev-bounces@openvswitch.org>

The test was setting ACL rules, then sending packets, then changing ACLs rules, then sending packets.
Then it checked whether those packets were properly received/dropped at the end.
It should check whether those packets are properly recived/dropped before updating ACLs rules
for the second test phase, as otherwise there is no guarentee that packet are fully handled when
we update the ACL rules.

Signed-off-by: Xavier Simonart <xsimonar@redhat.com>
---
 tests/ovn.at | 76 ++++++++++++++++++++++++++++------------------------
 1 file changed, 41 insertions(+), 35 deletions(-)

diff --git a/tests/ovn.at b/tests/ovn.at
index b1bdae7d2..863f7c71d 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -18919,6 +18919,46 @@ for sf in 0 1; do
     done
 done
 
+check_packets() {
+    n_allowed=$1
+    > expected
+    > received
+    for i in 1 2 3; do
+        echo "--- hv$i vif${i}1" | tee -a expected >> received
+        sort ${i}1.expected >> expected
+        $PYTHON "$ovs_srcdir/utilities/ovs-pcap.in" hv$i/vif${i}1-tx.pcap | sort >> received
+        echo | tee -a expected >> received
+    done
+
+    # need to verify the log for ACL hit as well, since in the allow case
+    # (unlike the drop case) it is tricky to pass just with the expected;
+    # since with the stateful rule the packet will still get by (default
+    # rule) even if it doesn't hit the allow rule.
+    # The hit count for the ACL is 6 (1 unicast + 2 non-unicast) * 2
+    # (with/without stateful rule) for hv1 and hv2, each.
+    cat >>expected <<EOF
+--- acl logging
+hv1_drop hit 6
+hv2_drop hit 6
+hv1_allow hit $n_allowed
+hv2_allow hit $n_allowed
+EOF
+
+cat >>received <<EOF
+--- acl logging
+hv1_drop hit `grep -c 'acl_log.*|INFO|name="drop-acl"' hv1/ovn-controller.log`
+hv2_drop hit `grep -c 'acl_log.*|INFO|name="drop-acl"' hv2/ovn-controller.log`
+hv1_allow hit `grep -c 'acl_log.*|INFO|name="allow-acl"' hv1/ovn-controller.log`
+hv2_allow hit `grep -c 'acl_log.*|INFO|name="allow-acl"' hv2/ovn-controller.log`
+EOF
+
+    $at_diff expected received >/dev/null
+}
+
+# We need to wait and check here that packets are received as they should as otherwise packets
+# which were just sent might by handled after setting next ACL (allow) rules.
+OVS_WAIT_UNTIL([check_packets 0], [$at_diff -F'^---' expected received])
+
 # Test allow rule
 #----------------
 ovn-nbctl acl-del lsw0
@@ -18967,41 +19007,7 @@ as hv3 ovs-ofctl -O OpenFlow13 dump-flows br-int > offlows3
 # Now check the packets actually received against the ones expected.
 AT_CAPTURE_FILE([expected])
 AT_CAPTURE_FILE([received])
-check_packets() {
-    > expected
-    > received
-    for i in 1 2 3; do
-        echo "--- hv$i vif${i}1" | tee -a expected >> received
-        sort ${i}1.expected >> expected
-        $PYTHON "$ovs_srcdir/utilities/ovs-pcap.in" hv$i/vif${i}1-tx.pcap | sort >> received
-        echo | tee -a expected >> received
-    done
-
-    # need to verify the log for ACL hit as well, since in the allow case
-    # (unlike the drop case) it is tricky to pass just with the expected;
-    # since with the stateful rule the packet will still get by (default
-    # rule) even if it doesn't hit the allow rule.
-    # The hit count for the ACL is 6 (1 unicast + 2 non-unicast) * 2
-    # (with/without stateful rule) for hv1 and hv2, each.
-    cat >>expected <<EOF
---- acl logging
-hv1_drop hit 6
-hv2_drop hit 6
-hv1_allow hit 6
-hv2_allow hit 6
-EOF
-
-cat >>received <<EOF
---- acl logging
-hv1_drop hit `grep -c 'acl_log.*|INFO|name="drop-acl"' hv1/ovn-controller.log`
-hv2_drop hit `grep -c 'acl_log.*|INFO|name="drop-acl"' hv2/ovn-controller.log`
-hv1_allow hit `grep -c 'acl_log.*|INFO|name="allow-acl"' hv1/ovn-controller.log`
-hv2_allow hit `grep -c 'acl_log.*|INFO|name="allow-acl"' hv2/ovn-controller.log`
-EOF
-
-    $at_diff expected received >/dev/null
-}
-OVS_WAIT_UNTIL([check_packets], [$at_diff -F'^---' expected received])
+OVS_WAIT_UNTIL([check_packets 6], [$at_diff -F'^---' expected received])
 
 OVN_CLEANUP([hv1],[hv2],[hv3])