From patchwork Wed Aug 28 16:36:53 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Valerio X-Patchwork-Id: 1977982 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=MelkEfqP; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=2605:bc80:3010::133; helo=smtp2.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=patchwork.ozlabs.org) Received: from smtp2.osuosl.org (smtp2.osuosl.org [IPv6:2605:bc80:3010::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4Wv97p5Zvvz1yfy for ; Thu, 29 Aug 2024 02:37:58 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id 994364091E; Wed, 28 Aug 2024 16:37:56 +0000 (UTC) X-Virus-Scanned: amavis at osuosl.org Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP id eE1ngOGr8Kze; Wed, 28 Aug 2024 16:37:55 +0000 (UTC) X-Comment: SPF check N/A for local connections - client-ip=140.211.9.56; helo=lists.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver= DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org E462C40243 Authentication-Results: smtp2.osuosl.org; dkim=fail reason="signature verification failed" (1024-bit key, unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=MelkEfqP Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp2.osuosl.org (Postfix) with ESMTPS id E462C40243; Wed, 28 Aug 2024 16:37:54 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id B2B4CC07E7; Wed, 28 Aug 2024 16:37:54 +0000 (UTC) X-Original-To: ovs-dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137]) by lists.linuxfoundation.org (Postfix) with ESMTP id 38EC2C07E6 for ; Wed, 28 Aug 2024 16:37:54 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 1EFDA406D0 for ; Wed, 28 Aug 2024 16:37:54 +0000 (UTC) X-Virus-Scanned: amavis at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP id 4qvjg5dnS270 for ; Wed, 28 Aug 2024 16:37:53 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=170.10.133.124; helo=us-smtp-delivery-124.mimecast.com; envelope-from=pvalerio@redhat.com; receiver= DMARC-Filter: OpenDMARC Filter v1.4.2 smtp4.osuosl.org B4DB5406A1 Authentication-Results: smtp4.osuosl.org; dmarc=pass (p=none dis=none) header.from=redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org B4DB5406A1 Authentication-Results: smtp4.osuosl.org; dkim=pass (1024-bit key, unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=MelkEfqP Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by smtp4.osuosl.org (Postfix) with ESMTPS id B4DB5406A1 for ; Wed, 28 Aug 2024 16:37:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1724863071; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=kd37yn2hb1/WjBgsrvIkaWS2Dgi74CgbA3UwosjmdHU=; b=MelkEfqP7J7Ira+nlvkktfdGQjBOvOYdQ7NpLf+/u92qljpaFNNKGqEeJ0RISPy18RgKB5 AGx5AzkL59SpcS/2Zc7nGLuGIdQ7JR53sst1WJyI9cqZ0LxB9tKsyj+ZOZbdOKpJ5P8MlD 6gMnmfkA+3IdQ5eer4lalOG2M+Qfljs= Received: from mail-ed1-f69.google.com (mail-ed1-f69.google.com [209.85.208.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-230-7iJb7fNfNbar6gbOWzE9tw-1; Wed, 28 Aug 2024 12:37:50 -0400 X-MC-Unique: 7iJb7fNfNbar6gbOWzE9tw-1 Received: by mail-ed1-f69.google.com with SMTP id 4fb4d7f45d1cf-5c085b4f665so5960102a12.3 for ; Wed, 28 Aug 2024 09:37:49 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1724863068; x=1725467868; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=kd37yn2hb1/WjBgsrvIkaWS2Dgi74CgbA3UwosjmdHU=; b=HWqyFjTBQENVI+u+tf0QJp9C6Tido9a884YpQJAg2s0w4qGQcWzBl3QH6dTS+hDCfl hOyGpabAFfVbW1E5+3W8Fv8tajB8ut2gXEiTjyDeqvXv4SFh+G0Jw2eAlQfN9bAzeVx2 6wGWmvDdMrjQz3we5jTfnpHJQbr+WIdU7GcBuH6aD3lIplwlwMwwM64NZFp+oTvNZIkM bnZhP0NaCcw6FITGWPuSlAa/HfJbjDkc8egcN/1bsuly6JPst11ZZ2GjuzeWkTdyGFpk WnsLvr+PmxkgFXohssCZGkhmJltmDKBfT7up9lNnlNvK+iLwLR0/VXcp2/5cbA9v81q7 Negg== X-Gm-Message-State: AOJu0Yy11q4JRxYKzU7MTmEkU3YN4qGnpSKs+pABPm6LgnLI9naEJYEp 2H7LQKVpSZfP61Hf+YYBpI/xKg4hq15mbLjBEGmGOPJHrJKDRi2QF9NHqszHhl1Grngt7JrKZp6 XdFXdahP6l1X/RV6YDCkoH6LT29ZwtZDqzSpuokutcx3fWK71qRTKYZBrObNFAsy4ynFLaHGlgL UCR4Ea8UIrvgyYr+JLaAb2vtFHJH4ve0iyWXwgcCbT2w== X-Received: by 2002:a05:6402:13cc:b0:5c0:a9ae:d333 with SMTP id 4fb4d7f45d1cf-5c21eda0d69mr89770a12.37.1724863068531; Wed, 28 Aug 2024 09:37:48 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFd20VioSsYZsVeXnodE2Sk2m4fY2lP9AJhJmtMpiJFxeaGh5BRxUILp/l+rcFhtJDWeFtR1g== X-Received: by 2002:a05:6402:13cc:b0:5c0:a9ae:d333 with SMTP id 4fb4d7f45d1cf-5c21eda0d69mr89742a12.37.1724863067921; Wed, 28 Aug 2024 09:37:47 -0700 (PDT) Received: from localhost (net-93-66-39-52.cust.vodafonedsl.it. [93.66.39.52]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5c0bb471e0csm2427286a12.78.2024.08.28.09.37.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 28 Aug 2024 09:37:47 -0700 (PDT) From: Paolo Valerio To: ovs-dev@openvswitch.org Date: Wed, 28 Aug 2024 18:36:53 +0200 Message-ID: <20240828163654.274560-1-pvalerio@redhat.com> X-Mailer: git-send-email 2.46.0 MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Subject: [ovs-dev] [PATCH 1/2] system-traffic: Do not rely on conn count for externally tracked packets. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Xin Long Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" As Long reported, kernels built without CONFIG_NETFILTER_CONNCOUNT result in the unexpected failure of the following tests: conntrack - multiple zones, local conntrack - multi-stage pipeline, local conntrack - can match and clear ct_state from outside OVS this happens because the nf_conncount turns on connection tracking and the above tests rely on this side effect. However, this behavior may be corrected in the kernel, which could, in turn, cause the tests to fail. The patch removes the assumption by adding explicit iptables rules to attach an nf_conn template to the skb resulting tracked once hit the OvS pipeline. Reported-by: Xin Long Reported-at: https://issues.redhat.com/browse/FDP-708 Signed-off-by: Paolo Valerio --- tests/ovs-macros.at | 5 +++++ tests/system-traffic.at | 3 +++ 2 files changed, 8 insertions(+) diff --git a/tests/ovs-macros.at b/tests/ovs-macros.at index 06c978555..df2835747 100644 --- a/tests/ovs-macros.at +++ b/tests/ovs-macros.at @@ -366,3 +366,8 @@ dnl Add a rule to always accept the traffic. m4_define([IPTABLES_ACCEPT], [AT_CHECK([iptables -I INPUT 1 -i $1 -j ACCEPT]) on_exit 'iptables -D INPUT 1 -i $1']) + +dnl Required to let conntrack start tracking the packets outside ovs +m4_define([IPTABLES_CT], + [AT_CHECK([iptables -t raw -I OUTPUT 1 -o $1 -j CT]) + on_exit 'iptables -t raw -D OUTPUT 1']) diff --git a/tests/system-traffic.at b/tests/system-traffic.at index 202ff0492..4da640604 100644 --- a/tests/system-traffic.at +++ b/tests/system-traffic.at @@ -5460,6 +5460,7 @@ CHECK_CONNTRACK() CHECK_CONNTRACK_LOCAL_STACK() OVS_TRAFFIC_VSWITCHD_START() +IPTABLES_CT([br0]) ADD_NAMESPACES(at_ns0) AT_CHECK([ip addr add dev br0 "10.1.1.1/24"]) @@ -5509,6 +5510,7 @@ CHECK_CONNTRACK() CHECK_CONNTRACK_LOCAL_STACK() OVS_TRAFFIC_VSWITCHD_START() +IPTABLES_CT([br0]) ADD_NAMESPACES(at_ns0) AT_CHECK([ip addr add dev br0 "10.1.1.1/24"]) @@ -8396,6 +8398,7 @@ AT_CHECK([ovs-ofctl add-flow br0 "actions=normal"]) AT_CHECK([ovs-ofctl add-flow br-underlay "priority=100,ct_state=+trk,actions=ct_clear,resubmit(,0)"]) AT_CHECK([ovs-ofctl add-flow br-underlay "priority=10,actions=normal"]) +IPTABLES_CT([br0]) ADD_NAMESPACES(at_ns0) dnl Set up underlay link from host into the namespace using veth pair. From patchwork Wed Aug 28 16:36:54 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Valerio X-Patchwork-Id: 1977983 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=CzHOYyMF; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=2605:bc80:3010::138; helo=smtp1.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=patchwork.ozlabs.org) Received: from smtp1.osuosl.org (smtp1.osuosl.org [IPv6:2605:bc80:3010::138]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4Wv97t3cnXz1yfy for ; Thu, 29 Aug 2024 02:38:02 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id 0414881431; Wed, 28 Aug 2024 16:38:01 +0000 (UTC) X-Virus-Scanned: amavis at osuosl.org Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP id oSkg12VsKaLF; Wed, 28 Aug 2024 16:38:00 +0000 (UTC) X-Comment: SPF check N/A for local connections - client-ip=140.211.9.56; helo=lists.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver= DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org 037658118E Authentication-Results: smtp1.osuosl.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=CzHOYyMF Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp1.osuosl.org (Postfix) with ESMTPS id 037658118E; Wed, 28 Aug 2024 16:38:00 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id C7D5DC07E7; Wed, 28 Aug 2024 16:37:59 +0000 (UTC) X-Original-To: ovs-dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp1.osuosl.org (smtp1.osuosl.org [IPv6:2605:bc80:3010::138]) by lists.linuxfoundation.org (Postfix) with ESMTP id 15718C07E6 for ; Wed, 28 Aug 2024 16:37:59 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id CF7FB8118E for ; Wed, 28 Aug 2024 16:37:58 +0000 (UTC) X-Virus-Scanned: amavis at osuosl.org Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP id r-axwajvjmPi for ; Wed, 28 Aug 2024 16:37:58 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=170.10.129.124; helo=us-smtp-delivery-124.mimecast.com; envelope-from=pvalerio@redhat.com; receiver= DMARC-Filter: OpenDMARC Filter v1.4.2 smtp1.osuosl.org 085158117B Authentication-Results: smtp1.osuosl.org; dmarc=pass (p=none dis=none) header.from=redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org 085158117B Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by smtp1.osuosl.org (Postfix) with ESMTPS id 085158117B for ; Wed, 28 Aug 2024 16:37:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1724863076; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ojsW/LnLuNS4Y1slXjUDMIsGYBGpm71i+xbZdkPV0Uk=; b=CzHOYyMF2IfWa+rk/vcYgDryewLsvje3H0EP5QlI0XzawVX7lSTKyzYxsZVLN1kxgrp/kJ Um57vHR0DXVBAGRl3MOyJ031oY1tEkJY+sjLmWmzrBzX6W7rVpn781jpDAtVYEIVJfC58D NogEoo4iBUdjA71PMiObjQK0td4ih24= Received: from mail-lf1-f71.google.com (mail-lf1-f71.google.com [209.85.167.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-553-4prgCq8TPAmpFyEwJhNIzA-1; Wed, 28 Aug 2024 12:37:53 -0400 X-MC-Unique: 4prgCq8TPAmpFyEwJhNIzA-1 Received: by mail-lf1-f71.google.com with SMTP id 2adb3069b0e04-5343a54e108so5987170e87.0 for ; Wed, 28 Aug 2024 09:37:53 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1724863071; x=1725467871; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ojsW/LnLuNS4Y1slXjUDMIsGYBGpm71i+xbZdkPV0Uk=; b=dNnp76nb65oLBKnONcP/hjbHC1uWhYbppvrwkr4LdlVr2QQtWTHO6eooVTnAkiezTs /sYP6KfUw5q9me0IPCxSh2aDH9lGXLhx1me/tLg8VeSK8ieZkJXmDHqrO9ES7arTXjA2 b+OmPhktJRI2Y1Yhol6JRXhvigPiAWpXCskc5WZWf92JOyjv3CyWG4BPLv52n6sCZAuo kcFNkw+pyJv46DDttDlYSdvLD8H91WRZT+w79M2ngomqYnz2Rynm6t3hu/pZAjkgWIpV f4Lk/2L+NZWpXFVJgQIdyoKtU6ioT0SudX26Me1ZeD8VW+uKKJNL8+Pu6KPpnIco33bn wd3Q== X-Gm-Message-State: AOJu0YykWGbwiePZ5yQaCsEat1wr3NAvw1PMuO5yVNEpB3JI0dtmXK+S R5KSN+8AJG+mrHZ/cdycWSDd0yksGPywwh8Ue+YLCSznhVsgRuFvja21+OoUUTFOOveCTTmL6Ar sScoTN/Ak/w7xpS4mWSJhAwqMdDTGu72OVF5PSNRQmgP+GRbLxpzhDXTJ8lXmNUgwW1yHxw+EkI LO7PzF6tVOzszzgIKyljR8Y7tiq0QYpIOXr8ucm9gipA== X-Received: by 2002:a05:6512:31c8:b0:52c:f3fa:86c with SMTP id 2adb3069b0e04-5346c5f7f7cmr2083062e87.18.1724863071109; Wed, 28 Aug 2024 09:37:51 -0700 (PDT) X-Google-Smtp-Source: AGHT+IE10YrLMHenPZRhFJXDdojywKaAGCCCbPwgV0cA1hUD5Is+7wmTto4j2y5IpIIZS3dDA2iEKg== X-Received: by 2002:a05:6512:31c8:b0:52c:f3fa:86c with SMTP id 2adb3069b0e04-5346c5f7f7cmr2083037e87.18.1724863070327; Wed, 28 Aug 2024 09:37:50 -0700 (PDT) Received: from localhost (net-93-66-39-52.cust.vodafonedsl.it. [93.66.39.52]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a86e54b29b4sm265846266b.91.2024.08.28.09.37.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 28 Aug 2024 09:37:49 -0700 (PDT) From: Paolo Valerio To: ovs-dev@openvswitch.org Date: Wed, 28 Aug 2024 18:36:54 +0200 Message-ID: <20240828163654.274560-2-pvalerio@redhat.com> X-Mailer: git-send-email 2.46.0 In-Reply-To: <20240828163654.274560-1-pvalerio@redhat.com> References: <20240828163654.274560-1-pvalerio@redhat.com> MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Subject: [ovs-dev] [PATCH 2/2] ovs-macros.at: Correctly delete iptables rule on_exit. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" Currently, at every call of IPTABLES_ACCEPT() an iptables rule gets added. Such rule is supposed to be removed on exit, but the current syntax for deleting the rule is incorrect, resulting in a leftover rule after execution. Fix it by correcting the deletion command. Fixes: 5e06e7ac99dc ("tests: Refactor the iptables accept rule.") Signed-off-by: Paolo Valerio --- tests/ovs-macros.at | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/ovs-macros.at b/tests/ovs-macros.at index df2835747..4cc8e7bc8 100644 --- a/tests/ovs-macros.at +++ b/tests/ovs-macros.at @@ -365,7 +365,7 @@ dnl to reject input traffic from bridges such as br-underlay. dnl Add a rule to always accept the traffic. m4_define([IPTABLES_ACCEPT], [AT_CHECK([iptables -I INPUT 1 -i $1 -j ACCEPT]) - on_exit 'iptables -D INPUT 1 -i $1']) + on_exit 'iptables -D INPUT 1']) dnl Required to let conntrack start tracking the packets outside ovs m4_define([IPTABLES_CT],