From patchwork Thu Jul 23 16:35:43 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: William Tu X-Patchwork-Id: 1334980 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.138; helo=whitealder.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=tIHLaKX1; dkim-atps=neutral Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4BCHys6cDSz9sRR for ; Fri, 24 Jul 2020 02:36:21 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 030878853B; Thu, 23 Jul 2020 16:36:20 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IRpD8DGRKKlp; Thu, 23 Jul 2020 16:36:19 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by whitealder.osuosl.org (Postfix) with ESMTP id 0A5728851D; Thu, 23 Jul 2020 16:36:19 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id E41BEC004D; Thu, 23 Jul 2020 16:36:18 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by lists.linuxfoundation.org (Postfix) with ESMTP id 867D7C004C for ; Thu, 23 Jul 2020 16:36:17 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 753EE88522 for ; Thu, 23 Jul 2020 16:36:17 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tEx5B+dBrseA for ; Thu, 23 Jul 2020 16:36:17 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail-pj1-f68.google.com (mail-pj1-f68.google.com [209.85.216.68]) by whitealder.osuosl.org (Postfix) with ESMTPS id F1C9C8851D for ; Thu, 23 Jul 2020 16:36:16 +0000 (UTC) Received: by mail-pj1-f68.google.com with SMTP id o22so3315656pjw.2 for ; Thu, 23 Jul 2020 09:36:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=zm4LU18/bB8aiq7Kl2zwTW9amZot+wut23kY7nivOmQ=; b=tIHLaKX1fmrox0dElcb3WReatHhiCF5kc5TAq5rbTv2QlNfcAnGoRvyB8ond6EmDmx Ef0NJz/hLCcTAM4mttCpa0dQJ80cCkfgpiOB1hfFOLe/DQcdkB1UfFRbhAIur7h2g+UC 1nA0nO/0ymMnvzh0f5r7dFN/g8JTGWz9jpMarZrycbm+bEMLZ3s18dHpCFfVkqBYyS/X FlXw2oNn9O1AoGRk5jy5FHAMVgshZSMZlXTlhOMfCudoFnGa8jmYh0za8MjVqYzooOOq nj5Uny6c71c7B/zdKPCTwH/9tKgH6kgnChsvTAIOktOs+6UgJIg7WQ8ACAsgLkVX3dm7 dqlg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=zm4LU18/bB8aiq7Kl2zwTW9amZot+wut23kY7nivOmQ=; b=IvSWNItCFl6ssB663Jqh7Kdv44oQDS4vqffdgY3JWfpAuBymoZ8F396dxr+RiIEF20 Z7JOIK7uN9lIZccLPdi2zGZinXnLhEM5PY4696IF8O/KSSmDs2AHsfmFmmb3ATit2QXq rAyCSkdHyzO9j+wwc9shr/BYQxZ0nTa8SdbDcqihilMVoaPnQgr+/Mp9mbwNPpo//VRx 3D7rnkiXhaO7JyBwkCXRaADlzYXCPjtW7tKL9+PjLtXGmQOBCPEEMPPPU2KncoP5Eykw vDBslmHHFEnCYsLqLhI7NQLTeHBpocaPfhxHx0Cf6bvkCltF5s1wuznfLKrXrnhhkSsR H8vA== X-Gm-Message-State: AOAM530cX31yiBudYj0oHUhL5MEKdP3FxizU/nMamhkRuYWdVorgJXlS F8z/jCe7qzUw40zMOgd8V4dfaoV6Muw= X-Google-Smtp-Source: ABdhPJyzN5fxkUZQ143ni/sYp12tb2Myg+WwIUFxmh9m7oAFvrxGvSxeTju1kihSkm3uKfkw3+MVdA== X-Received: by 2002:a17:90a:3d0e:: with SMTP id h14mr1115945pjc.184.1595522176247; Thu, 23 Jul 2020 09:36:16 -0700 (PDT) Received: from sc9-mailhost2.vmware.com (c-76-21-95-192.hsd1.ca.comcast.net. [76.21.95.192]) by smtp.gmail.com with ESMTPSA id i13sm3238383pjd.33.2020.07.23.09.36.15 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 23 Jul 2020 09:36:15 -0700 (PDT) From: William Tu To: dev@openvswitch.org Date: Thu, 23 Jul 2020 09:35:43 -0700 Message-Id: <1595522143-85526-1-git-send-email-u9012063@gmail.com> X-Mailer: git-send-email 2.7.4 Subject: [ovs-dev] [PATCH] tests: Refactor the iptables accept rule. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" Certain Linux distributions, like CentOS, have default iptable rules to reject input traffic from br-underlay. Refactor by creating a macro 'IPTABLES_ACCEPT([bridge])' for adding the accept rule to the iptable input chain. Signed-off-by: William Tu Acked-by: Greg Rose --- tests/ovs-macros.at | 7 +++++++ tests/system-traffic.at | 12 ++---------- 2 files changed, 9 insertions(+), 10 deletions(-) diff --git a/tests/ovs-macros.at b/tests/ovs-macros.at index fee50901543e..b1f666f4e83f 100644 --- a/tests/ovs-macros.at +++ b/tests/ovs-macros.at @@ -333,3 +333,10 @@ m4_ifndef([AT_FAIL_IF], [m4_define([AT_FAIL_IF], [AT_CHECK([($1) \ && exit 99 || exit 0], [0], [ignore], [ignore])])]) + +dnl Certain Linux distributions, like CentOS, have default iptable rules +dnl to reject input traffic from bridges such as br-underlay. +dnl Add a rule to always accept the traffic. +m4_define([IPTABLES_ACCEPT], + [AT_CHECK([iptables -I INPUT 1 -i $1 -j ACCEPT]) + on_exit 'iptables -D INPUT 1 -i $1']) diff --git a/tests/system-traffic.at b/tests/system-traffic.at index 2a0fbadff4a1..02f0e2716320 100644 --- a/tests/system-traffic.at +++ b/tests/system-traffic.at @@ -688,11 +688,7 @@ AT_CHECK([ip link set dev br-underlay up]) dnl Set up tunnel endpoints on OVS outside the namespace. ADD_OVS_TUNNEL([gre], [br0], [at_gre0], [172.31.1.1], [10.1.1.100/24]) -dnl Certain Linux distributions, like CentOS, have default iptable rules -dnl to reject input traffic from br-underlay. Here we add a rule to walk -dnl around it. -iptables -I INPUT 1 -i br-underlay -j ACCEPT -on_exit 'iptables -D INPUT 1' +IPTABLES_ACCEPT([br-underlay]) ip netns exec at_ns0 tcpdump -n -i p0 dst host 172.31.1.1 -l > p0.pcap & sleep 1 @@ -739,11 +735,7 @@ dnl Set up tunnel endpoints on OVS outside the namespace and emulate a native dnl linux device inside the namespace. ADD_OVS_TUNNEL([erspan], [br0], [at_erspan0], [172.31.1.1], [10.1.1.100/24], [options:key=1 options:erspan_ver=1 options:erspan_idx=7]) -dnl Certain Linux distributions, like CentOS, have default iptable rules -dnl to reject input traffic from br-underlay. Here we add a rule to walk -dnl around it. -iptables -I INPUT 1 -i br-underlay -j ACCEPT -on_exit 'iptables -D INPUT 1' +IPTABLES_ACCEPT([br-underlay]) ip netns exec at_ns0 tcpdump -n -x -i p0 dst host 172.31.1.1 -l > p0.pcap & sleep 1