[ovs-dev,2/6] northd: fix unsampled drops and unit test

Message ID	20221219161814.55422-3-amorenoz@redhat.com
State	Superseded
Headers	show Return-Path: <ovs-dev-bounces@openvswitch.org> From: Adrian Moreno <amorenoz@redhat.com> To: dev@openvswitch.org Date: Mon, 19 Dec 2022 17:18:10 +0100 Message-Id: <20221219161814.55422-3-amorenoz@redhat.com> In-Reply-To: <20221219161814.55422-1-amorenoz@redhat.com> References: <20221219161814.55422-1-amorenoz@redhat.com> MIME-Version: 1.0 Subject: [ovs-dev] [PATCH ovn 2/6] northd: fix unsampled drops and unit test Precedence: list Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" <ovs-dev-bounces@openvswitch.org>
Series	drop sampling: Fixes and optimizations \| expand [ovs-dev,0/6] drop sampling: Fixes and optimizations [ovs-dev,1/6] controller: fix recompute pflows if sampling changes [ovs-dev,2/6] northd: fix unsampled drops and unit test [ovs-dev,3/6] controller: add missing drop to loopback check table [ovs-dev,4/6] controller: set sampling port to OFP_NONE for drops [ovs-dev,5/6] controller: only sample flow if Collector Set exists [ovs-dev,6/6] controller: only sample pflow if Collector Set exists

Message ID

20221219161814.55422-3-amorenoz@redhat.com

State

Superseded

Headers

From: Adrian Moreno <amorenoz@redhat.com>
To: dev@openvswitch.org
Date: Mon, 19 Dec 2022 17:18:10 +0100
Message-Id: <20221219161814.55422-3-amorenoz@redhat.com>
In-Reply-To: <20221219161814.55422-1-amorenoz@redhat.com>
References: <20221219161814.55422-1-amorenoz@redhat.com>
MIME-Version: 1.0
Subject: [ovs-dev] [PATCH ovn 2/6] northd: fix unsampled drops and unit test
Precedence: list
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ovs-dev-bounces@openvswitch.org
Sender: "dev" <ovs-dev-bounces@openvswitch.org>

Series

drop sampling: Fixes and optimizations | expand

Checks

Context	Check	Description
ovsrobot/apply-robot	success	apply and check: success
ovsrobot/github-robot-_Build_and_Test	success	github build: passed
ovsrobot/github-robot-_ovn-kubernetes	success	github build: passed

Context

Check

Description

ovsrobot/apply-robot

success

apply and check: success

ovsrobot/github-robot-_Build_and_Test

success

github build: passed

ovsrobot/github-robot-_ovn-kubernetes

success

github build: passed

Commit Message

Adrian Moreno Dec. 19, 2022, 4:18 p.m. UTC

Some drops were left unsampled and a change in IFS made the test fail to
detect them. This patch fixes it.

Fixes: a42c808f30b4 ("northd: add drop sampling")
Signed-off-by: Adrian Moreno <amorenoz@redhat.com>
---
 northd/northd.c | 17 ++++++++++-------
 tests/ovn.at    |  7 +++++--
 2 files changed, 15 insertions(+), 9 deletions(-)

Comments

Mark Michelson Jan. 6, 2023, 7:15 p.m. UTC | #1

Acked-by: Mark Michelson <mmichels@redhat.com>

On 12/19/22 11:18, Adrian Moreno wrote:
> Some drops were left unsampled and a change in IFS made the test fail to
> detect them. This patch fixes it.
> 
> Fixes: a42c808f30b4 ("northd: add drop sampling")
> Signed-off-by: Adrian Moreno <amorenoz@redhat.com>
> ---
>   northd/northd.c | 17 ++++++++++-------
>   tests/ovn.at    |  7 +++++--
>   2 files changed, 15 insertions(+), 9 deletions(-)
> 
> diff --git a/northd/northd.c b/northd/northd.c
> index 7c48bb3b4..beba219d6 100644
> --- a/northd/northd.c
> +++ b/northd/northd.c
> @@ -5557,7 +5557,7 @@ build_lswitch_port_sec_op(struct ovn_port *op, struct hmap *lflows,
>           ds_put_format(match, "outport == %s", op->json_key);
>           ovn_lflow_add_with_lport_and_hint(
>               lflows, op->od, S_SWITCH_IN_L2_UNKNOWN, 50, ds_cstr(match),
> -            "drop;", op->key, &op->nbsp->header_);
> +            debug_drop_action(), op->key, &op->nbsp->header_);
>           return;
>       }
>   
> @@ -5651,7 +5651,7 @@ build_lswitch_output_port_sec_od(struct ovn_datapath *od,
>                         REGBIT_PORT_SEC_DROP" = check_out_port_sec(); next;");
>   
>           ovn_lflow_add(lflows, od, S_SWITCH_OUT_APPLY_PORT_SEC, 50,
> -                      REGBIT_PORT_SEC_DROP" == 1", "drop;");
> +                      REGBIT_PORT_SEC_DROP" == 1", debug_drop_action());
>           ovn_lflow_add(lflows, od, S_SWITCH_OUT_APPLY_PORT_SEC, 0,
>                         "1", "output;");
>   
> @@ -6587,7 +6587,8 @@ build_acls(struct ovn_datapath *od, const struct chassis_features *features,
>              struct hmap *lflows, const struct hmap *port_groups,
>              const struct shash *meter_groups)
>   {
> -    const char *default_acl_action = default_acl_drop ? "drop;" : "next;";
> +    const char *default_acl_action = default_acl_drop ? debug_drop_action() :
> +                                                        "next;";
>       bool has_stateful = od->has_stateful_acl || od->has_lb_vip;
>       const char *ct_blocked_match = features->ct_no_masked_label
>                                      ? "ct_mark.blocked"
> @@ -6656,7 +6657,7 @@ build_acls(struct ovn_datapath *od, const struct chassis_features *features,
>                         REGBIT_CONNTRACK_COMMIT" = 1; next;");
>   
>           default_acl_action = default_acl_drop
> -                             ? "drop;"
> +                             ? debug_drop_action()
>                                : REGBIT_CONNTRACK_COMMIT" = 1; next;";
>           ovn_lflow_add(lflows, od, S_SWITCH_IN_ACL, 1, "ip && !ct.est",
>                         default_acl_action);
> @@ -8964,7 +8965,8 @@ build_lswitch_ip_unicast_lookup(struct ovn_port *op,
>                * or IPv6 addresses (or both). */
>               struct eth_addr mac;
>               bool lsp_enabled = lsp_is_enabled(op->nbsp);
> -            char *action = lsp_enabled ? "outport = %s; output;" : "drop;";
> +            const char *action = lsp_enabled ? "outport = %s; output;" :
> +                                               debug_drop_action();
>               if (ovs_scan(op->nbsp->addresses[i],
>                           ETH_ADDR_SCAN_FMT, ETH_ADDR_SCAN_ARGS(mac))) {
>                   ds_clear(match);
> @@ -12763,12 +12765,13 @@ build_gateway_redirect_flows_for_lrouter(
>                                     nat_entry_is_v6(nat) ? "6" : "4",
>                                     nat->nb->external_ip);
>                       ovn_lflow_add(lflows, od, S_ROUTER_IN_GW_REDIRECT, 70,
> -                                  ds_cstr(&match_ext), "drop;");
> +                                  ds_cstr(&match_ext), debug_drop_action());
>                       add_def_flow = false;
>                   }
>               } else if (nat->nb->exempted_ext_ips) {
>                   ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_GW_REDIRECT,
> -                                        75, ds_cstr(&match_ext), "drop;",
> +                                        75, ds_cstr(&match_ext),
> +                                        debug_drop_action(),
>                                           stage_hint);
>               }
>               ds_destroy(&match_ext);
> diff --git a/tests/ovn.at b/tests/ovn.at
> index f3bd53242..4953bee49 100644
> --- a/tests/ovn.at
> +++ b/tests/ovn.at
> @@ -33253,9 +33253,12 @@ check_sample_drops() {
>       AT_CAPTURE_FILE([oflows_sample])
>   
>       # Check that every drop has now contains a "sample" action.
> -    for flow in "$drop_matches"; do
> -        AT_CHECK([grep -q "$flow actions=.*sample.*" oflows_sample], [0], [ignore], [ignore], [echo "Flow $flow has a drop and did not get sampled"])
> +    save_IFS=$IFS
> +    IFS=$'\n'
> +    for flow in $drop_matches; do
> +        AT_CHECK([grep "${flow}actions=.*sample.*" oflows_sample], [0], [ignore], [ignore], [echo "Flow $flow has a drop and did not get sampled"])
>       done
> +    IFS=$save_IFS
>   }
>   
>   check_drops() {

Mark Michelson Jan. 6, 2023, 7:15 p.m. UTC | #2

Acked-by: Mark Michelson <mmichels@redhat.com>

On 12/19/22 11:18, Adrian Moreno wrote:
> Some drops were left unsampled and a change in IFS made the test fail to
> detect them. This patch fixes it.
> 
> Fixes: a42c808f30b4 ("northd: add drop sampling")
> Signed-off-by: Adrian Moreno <amorenoz@redhat.com>
> ---
>   northd/northd.c | 17 ++++++++++-------
>   tests/ovn.at    |  7 +++++--
>   2 files changed, 15 insertions(+), 9 deletions(-)
> 
> diff --git a/northd/northd.c b/northd/northd.c
> index 7c48bb3b4..beba219d6 100644
> --- a/northd/northd.c
> +++ b/northd/northd.c
> @@ -5557,7 +5557,7 @@ build_lswitch_port_sec_op(struct ovn_port *op, struct hmap *lflows,
>           ds_put_format(match, "outport == %s", op->json_key);
>           ovn_lflow_add_with_lport_and_hint(
>               lflows, op->od, S_SWITCH_IN_L2_UNKNOWN, 50, ds_cstr(match),
> -            "drop;", op->key, &op->nbsp->header_);
> +            debug_drop_action(), op->key, &op->nbsp->header_);
>           return;
>       }
>   
> @@ -5651,7 +5651,7 @@ build_lswitch_output_port_sec_od(struct ovn_datapath *od,
>                         REGBIT_PORT_SEC_DROP" = check_out_port_sec(); next;");
>   
>           ovn_lflow_add(lflows, od, S_SWITCH_OUT_APPLY_PORT_SEC, 50,
> -                      REGBIT_PORT_SEC_DROP" == 1", "drop;");
> +                      REGBIT_PORT_SEC_DROP" == 1", debug_drop_action());
>           ovn_lflow_add(lflows, od, S_SWITCH_OUT_APPLY_PORT_SEC, 0,
>                         "1", "output;");
>   
> @@ -6587,7 +6587,8 @@ build_acls(struct ovn_datapath *od, const struct chassis_features *features,
>              struct hmap *lflows, const struct hmap *port_groups,
>              const struct shash *meter_groups)
>   {
> -    const char *default_acl_action = default_acl_drop ? "drop;" : "next;";
> +    const char *default_acl_action = default_acl_drop ? debug_drop_action() :
> +                                                        "next;";
>       bool has_stateful = od->has_stateful_acl || od->has_lb_vip;
>       const char *ct_blocked_match = features->ct_no_masked_label
>                                      ? "ct_mark.blocked"
> @@ -6656,7 +6657,7 @@ build_acls(struct ovn_datapath *od, const struct chassis_features *features,
>                         REGBIT_CONNTRACK_COMMIT" = 1; next;");
>   
>           default_acl_action = default_acl_drop
> -                             ? "drop;"
> +                             ? debug_drop_action()
>                                : REGBIT_CONNTRACK_COMMIT" = 1; next;";
>           ovn_lflow_add(lflows, od, S_SWITCH_IN_ACL, 1, "ip && !ct.est",
>                         default_acl_action);
> @@ -8964,7 +8965,8 @@ build_lswitch_ip_unicast_lookup(struct ovn_port *op,
>                * or IPv6 addresses (or both). */
>               struct eth_addr mac;
>               bool lsp_enabled = lsp_is_enabled(op->nbsp);
> -            char *action = lsp_enabled ? "outport = %s; output;" : "drop;";
> +            const char *action = lsp_enabled ? "outport = %s; output;" :
> +                                               debug_drop_action();
>               if (ovs_scan(op->nbsp->addresses[i],
>                           ETH_ADDR_SCAN_FMT, ETH_ADDR_SCAN_ARGS(mac))) {
>                   ds_clear(match);
> @@ -12763,12 +12765,13 @@ build_gateway_redirect_flows_for_lrouter(
>                                     nat_entry_is_v6(nat) ? "6" : "4",
>                                     nat->nb->external_ip);
>                       ovn_lflow_add(lflows, od, S_ROUTER_IN_GW_REDIRECT, 70,
> -                                  ds_cstr(&match_ext), "drop;");
> +                                  ds_cstr(&match_ext), debug_drop_action());
>                       add_def_flow = false;
>                   }
>               } else if (nat->nb->exempted_ext_ips) {
>                   ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_GW_REDIRECT,
> -                                        75, ds_cstr(&match_ext), "drop;",
> +                                        75, ds_cstr(&match_ext),
> +                                        debug_drop_action(),
>                                           stage_hint);
>               }
>               ds_destroy(&match_ext);
> diff --git a/tests/ovn.at b/tests/ovn.at
> index f3bd53242..4953bee49 100644
> --- a/tests/ovn.at
> +++ b/tests/ovn.at
> @@ -33253,9 +33253,12 @@ check_sample_drops() {
>       AT_CAPTURE_FILE([oflows_sample])
>   
>       # Check that every drop has now contains a "sample" action.
> -    for flow in "$drop_matches"; do
> -        AT_CHECK([grep -q "$flow actions=.*sample.*" oflows_sample], [0], [ignore], [ignore], [echo "Flow $flow has a drop and did not get sampled"])
> +    save_IFS=$IFS
> +    IFS=$'\n'
> +    for flow in $drop_matches; do
> +        AT_CHECK([grep "${flow}actions=.*sample.*" oflows_sample], [0], [ignore], [ignore], [echo "Flow $flow has a drop and did not get sampled"])
>       done
> +    IFS=$save_IFS
>   }
>   
>   check_drops() {

diff --git a/northd/northd.c b/northd/northd.c
index 7c48bb3b4..beba219d6 100644
--- a/northd/northd.c
+++ b/northd/northd.c
@@ -5557,7 +5557,7 @@  build_lswitch_port_sec_op(struct ovn_port *op, struct hmap *lflows,
         ds_put_format(match, "outport == %s", op->json_key);
         ovn_lflow_add_with_lport_and_hint(
             lflows, op->od, S_SWITCH_IN_L2_UNKNOWN, 50, ds_cstr(match),
-            "drop;", op->key, &op->nbsp->header_);
+            debug_drop_action(), op->key, &op->nbsp->header_);
         return;
     }
 
@@ -5651,7 +5651,7 @@  build_lswitch_output_port_sec_od(struct ovn_datapath *od,
                       REGBIT_PORT_SEC_DROP" = check_out_port_sec(); next;");
 
         ovn_lflow_add(lflows, od, S_SWITCH_OUT_APPLY_PORT_SEC, 50,
-                      REGBIT_PORT_SEC_DROP" == 1", "drop;");
+                      REGBIT_PORT_SEC_DROP" == 1", debug_drop_action());
         ovn_lflow_add(lflows, od, S_SWITCH_OUT_APPLY_PORT_SEC, 0,
                       "1", "output;");
 
@@ -6587,7 +6587,8 @@  build_acls(struct ovn_datapath *od, const struct chassis_features *features,
            struct hmap *lflows, const struct hmap *port_groups,
            const struct shash *meter_groups)
 {
-    const char *default_acl_action = default_acl_drop ? "drop;" : "next;";
+    const char *default_acl_action = default_acl_drop ? debug_drop_action() :
+                                                        "next;";
     bool has_stateful = od->has_stateful_acl || od->has_lb_vip;
     const char *ct_blocked_match = features->ct_no_masked_label
                                    ? "ct_mark.blocked"
@@ -6656,7 +6657,7 @@  build_acls(struct ovn_datapath *od, const struct chassis_features *features,
                       REGBIT_CONNTRACK_COMMIT" = 1; next;");
 
         default_acl_action = default_acl_drop
-                             ? "drop;"
+                             ? debug_drop_action()
                              : REGBIT_CONNTRACK_COMMIT" = 1; next;";
         ovn_lflow_add(lflows, od, S_SWITCH_IN_ACL, 1, "ip && !ct.est",
                       default_acl_action);
@@ -8964,7 +8965,8 @@  build_lswitch_ip_unicast_lookup(struct ovn_port *op,
              * or IPv6 addresses (or both). */
             struct eth_addr mac;
             bool lsp_enabled = lsp_is_enabled(op->nbsp);
-            char *action = lsp_enabled ? "outport = %s; output;" : "drop;";
+            const char *action = lsp_enabled ? "outport = %s; output;" :
+                                               debug_drop_action();
             if (ovs_scan(op->nbsp->addresses[i],
                         ETH_ADDR_SCAN_FMT, ETH_ADDR_SCAN_ARGS(mac))) {
                 ds_clear(match);
@@ -12763,12 +12765,13 @@  build_gateway_redirect_flows_for_lrouter(
                                   nat_entry_is_v6(nat) ? "6" : "4",
                                   nat->nb->external_ip);
                     ovn_lflow_add(lflows, od, S_ROUTER_IN_GW_REDIRECT, 70,
-                                  ds_cstr(&match_ext), "drop;");
+                                  ds_cstr(&match_ext), debug_drop_action());
                     add_def_flow = false;
                 }
             } else if (nat->nb->exempted_ext_ips) {
                 ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_GW_REDIRECT,
-                                        75, ds_cstr(&match_ext), "drop;",
+                                        75, ds_cstr(&match_ext),
+                                        debug_drop_action(),
                                         stage_hint);
             }
             ds_destroy(&match_ext);
diff --git a/tests/ovn.at b/tests/ovn.at
index f3bd53242..4953bee49 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -33253,9 +33253,12 @@  check_sample_drops() {
     AT_CAPTURE_FILE([oflows_sample])
 
     # Check that every drop has now contains a "sample" action.
-    for flow in "$drop_matches"; do
-        AT_CHECK([grep -q "$flow actions=.*sample.*" oflows_sample], [0], [ignore], [ignore], [echo "Flow $flow has a drop and did not get sampled"])
+    save_IFS=$IFS
+    IFS=$'\n'
+    for flow in $drop_matches; do
+        AT_CHECK([grep "${flow}actions=.*sample.*" oflows_sample], [0], [ignore], [ignore], [echo "Flow $flow has a drop and did not get sampled"])
     done
+    IFS=$save_IFS
 }
 
 check_drops() {

[ovs-dev,2/6] northd: fix unsampled drops and unit test

Checks

Commit Message

Comments

Patch