From patchwork Tue Aug 13 00:51:38 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yi-Hung Wei X-Patchwork-Id: 1145977 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=openvswitch.org (client-ip=140.211.169.12; helo=mail.linuxfoundation.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="M2jUUu8/"; dkim-atps=neutral Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 466vSH6sYRz9sNf for ; Tue, 13 Aug 2019 10:57:03 +1000 (AEST) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id DA076CBE; Tue, 13 Aug 2019 00:51:59 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id CDA6FB7A for ; Tue, 13 Aug 2019 00:51:58 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-pg1-f193.google.com (mail-pg1-f193.google.com [209.85.215.193]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id B8C2989D for ; Tue, 13 Aug 2019 00:51:57 +0000 (UTC) Received: by mail-pg1-f193.google.com with SMTP id p3so29819pgb.9 for ; Mon, 12 Aug 2019 17:51:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=UNUBWiK14xNPoxuY4/JjSvOFT9g9P6xAKwm3pzn9ZAU=; b=M2jUUu8/FiEW/jYURjarL0fLPYu/FFpCFiBSEd6dLW12P2zFPs7yiKwo4IKQVs+otg 0yasXZh84f4NLmAbE9IAfp9rs0pTqNd5QJtajanUq+/NZ658Wsow4RrWTeAQn3dC1EWS Eqkwdbp9aESpYCYY6KxC8d5RZWa9XhXTq73aqmibjgX+oN/5yn9KaYehNgSQIeUWQZAB P1CRVfQa5BRD8K+XX3M++SGykGWAsdd1tUmCVKi2dctSz+M17FpJliTxKqnm1s6GccdQ 7NwwcPfo2iuVUy878E3c+nQEMkQ+TVpkQEu8MCDwognkrOxUiJ9GdUEZRzaP+tcnL76V Zxiw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=UNUBWiK14xNPoxuY4/JjSvOFT9g9P6xAKwm3pzn9ZAU=; b=E3A/ZcZQYRdt/grfTlRFmHlkigwqGi5xS49x37yMNYJ3/OeUqkpbvZbB1etqMXi537 JALDq3F4FkU4ERrbUJNbVErhv1wY9351PFYs1oYIF0b5KhmTv9G8s1mhQNvtiv3zUDDB B8BTrwAHEAbYC1+T/Hp0ORbAmaq6MzIxDvJi4blN5CKo9EdFIHGYIYKTFUoYJradXuAE B3U9KuUmuUPjFQAmiqIInumhx+6FKUUeF+atOoTnGWmVIVQbcGcA/J5VfgDeXGeer0PD 58zw6C6yEmVWgi7b2Zt1lBmebXZO4jS2WJ2vue9lOErzoulPOahNm9AbfFxONiLa++hl AaOw== X-Gm-Message-State: APjAAAXXfbjYJrOTgIvoyMbCeALiX6l51YyQXzKlgdk0w2x2uHyzOGFf kTCODV6LIxxbW0FIDcABnn9BTpq0 X-Google-Smtp-Source: APXvYqy4fgUXUv6TI6XqZVgBVVaSgGMKBfErn6uml+plDTP8Od4EVdlUdzCHzWXuveuO6bz2Esg3cw== X-Received: by 2002:a17:90a:2ec1:: with SMTP id h1mr1766313pjs.119.1565657516742; Mon, 12 Aug 2019 17:51:56 -0700 (PDT) Received: from vm-main.eng.vmware.com ([66.170.99.1]) by smtp.gmail.com with ESMTPSA id z4sm163581700pfg.166.2019.08.12.17.51.54 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 12 Aug 2019 17:51:55 -0700 (PDT) From: Yi-Hung Wei To: dev@openvswitch.org Date: Mon, 12 Aug 2019 17:51:38 -0700 Message-Id: <1565657498-62682-10-git-send-email-yihung.wei@gmail.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1565657498-62682-1-git-send-email-yihung.wei@gmail.com> References: <1565657498-62682-1-git-send-email-yihung.wei@gmail.com> X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: [ovs-dev] [PATCH v3 9/9] ofproto-dpif-xlate: Translate timeout policy in ct action X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org This patch derives the timeout policy based on ct zone from the internal data structure that we maintain on dpif layer. It also adds a system traffic test to verify the zone-based conntrack timeout feature. The test uses ovs-vsctl commands to configure the customized ICMP and UDP timeout on zone 5 to a shorter period. It then injects ICMP and UDP traffic to conntrack, and checks if the corresponding conntrack entry expires after the predefined timeout. Signed-off-by: Yi-Hung Wei --- NEWS | 1 + lib/ct-dpif.c | 11 +++++++ lib/ct-dpif.h | 3 ++ lib/dpif-netdev.c | 1 + lib/dpif-netlink.c | 12 ++++++++ lib/dpif-provider.h | 10 ++++++ ofproto/ofproto-dpif-xlate.c | 23 ++++++++++++++ ofproto/ofproto-dpif.c | 27 ++++++++++++++++ ofproto/ofproto-dpif.h | 4 +++ tests/system-kmod-macros.at | 27 ++++++++++++++++ tests/system-traffic.at | 66 ++++++++++++++++++++++++++++++++++++++++ tests/system-userspace-macros.at | 26 ++++++++++++++++ 12 files changed, 211 insertions(+) diff --git a/NEWS b/NEWS index c5caa13d6374..9f7fbb852e08 100644 --- a/NEWS +++ b/NEWS @@ -69,6 +69,7 @@ v2.12.0 - xx xxx xxxx - Linux datapath: * Support for the kernel versions 4.19.x and 4.20.x. * Support for the kernel version 5.0.x. + * Add support for conntrack zone-based timeout policy. - 'ovs-dpctl dump-flows' is no longer suitable for dumping offloaded flows. 'ovs-appctl dpctl/dump-flows' should be used instead. - Add L2 GRE tunnel over IPv6 support. diff --git a/lib/ct-dpif.c b/lib/ct-dpif.c index 7f9ce0a561f7..f3bd71b5769d 100644 --- a/lib/ct-dpif.c +++ b/lib/ct-dpif.c @@ -864,3 +864,14 @@ ct_dpif_timeout_policy_dump_done(struct dpif *dpif, void *state) ? dpif->dpif_class->ct_timeout_policy_dump_done(dpif, state) : EOPNOTSUPP); } + +int +ct_dpif_get_timeout_policy_name(struct dpif *dpif, uint32_t tp_id, + uint16_t dl_type, uint8_t nw_proto, + struct ds *tp_name, bool *unwildcard) +{ + return (dpif->dpif_class->ct_get_timeout_policy_name + ? dpif->dpif_class->ct_get_timeout_policy_name( + dpif, tp_id, dl_type, nw_proto, tp_name, unwildcard) + : EOPNOTSUPP); +} diff --git a/lib/ct-dpif.h b/lib/ct-dpif.h index aabd6962f2c0..786dc6d2c474 100644 --- a/lib/ct-dpif.h +++ b/lib/ct-dpif.h @@ -318,5 +318,8 @@ int ct_dpif_timeout_policy_dump_start(struct dpif *dpif, void **statep); int ct_dpif_timeout_policy_dump_next(struct dpif *dpif, void *state, struct ct_dpif_timeout_policy *tp); int ct_dpif_timeout_policy_dump_done(struct dpif *dpif, void *state); +int ct_dpif_get_timeout_policy_name(struct dpif *dpif, uint32_t tp_id, + uint16_t dl_type, uint8_t nw_proto, + struct ds *tp_name, bool *unwildcard); #endif /* CT_DPIF_H */ diff --git a/lib/dpif-netdev.c b/lib/dpif-netdev.c index 7240a3e6f3c8..36637052e598 100644 --- a/lib/dpif-netdev.c +++ b/lib/dpif-netdev.c @@ -7539,6 +7539,7 @@ const struct dpif_class dpif_netdev_class = { NULL, /* ct_timeout_policy_dump_start */ NULL, /* ct_timeout_policy_dump_next */ NULL, /* ct_timeout_policy_dump_done */ + NULL, /* ct_get_timeout_policy_name */ dpif_netdev_ipf_set_enabled, dpif_netdev_ipf_set_min_frag, dpif_netdev_ipf_set_max_nfrags, diff --git a/lib/dpif-netlink.c b/lib/dpif-netlink.c index c2ac19dff887..c306242984ae 100644 --- a/lib/dpif-netlink.c +++ b/lib/dpif-netlink.c @@ -3072,6 +3072,17 @@ dpif_netlink_format_tp_name(uint32_t id, uint16_t l3num, uint8_t l4num, ovs_assert(tp_name->length < CTNL_TIMEOUT_NAME_MAX); } +static int +dpif_netlink_ct_get_timeout_policy_name(struct dpif *dpif OVS_UNUSED, + uint32_t tp_id, uint16_t dl_type, uint8_t nw_proto, struct ds *tp_name, + bool *unwildcard) +{ + dpif_netlink_format_tp_name(tp_id, + dl_type == ETH_TYPE_IP ? AF_INET : AF_INET6, nw_proto, tp_name); + *unwildcard = true; + return 0; +} + #define CT_DPIF_NL_TP_TCP_MAPPINGS \ CT_DPIF_NL_TP_MAPPING(TCP, TCP, SYN_SENT, SYN_SENT) \ CT_DPIF_NL_TP_MAPPING(TCP, TCP, SYN_RECV, SYN_RECV) \ @@ -3898,6 +3909,7 @@ const struct dpif_class dpif_netlink_class = { dpif_netlink_ct_timeout_policy_dump_start, dpif_netlink_ct_timeout_policy_dump_next, dpif_netlink_ct_timeout_policy_dump_done, + dpif_netlink_ct_get_timeout_policy_name, NULL, /* ipf_set_enabled */ NULL, /* ipf_set_min_frag */ NULL, /* ipf_set_max_nfrags */ diff --git a/lib/dpif-provider.h b/lib/dpif-provider.h index e988626ea05b..d12b5a91c2eb 100644 --- a/lib/dpif-provider.h +++ b/lib/dpif-provider.h @@ -542,6 +542,16 @@ struct dpif_class { struct ct_dpif_timeout_policy *tp); int (*ct_timeout_policy_dump_done)(struct dpif *, void *state); + /* Gets timeout policy name based on 'tp_id', 'dl_type' and 'nw_proto'. + * On success, returns 0, stores the timeout policy name in 'tp_name', + * and sets 'unwildcard'. 'unwildcard' is true if the timeout + * policy in 'dpif' is 'dl_type' and 'nw_proto' specific, .i.e. in + * kernel datapath. Sets 'unwildcard' to false if the timeout policy + * is generic to all supported 'dl_type' and 'nw_proto'. */ + int (*ct_get_timeout_policy_name)(struct dpif *, uint32_t tp_id, + uint16_t dl_type, uint8_t nw_proto, + struct ds *tp_name, bool *unwildcard); + /* IP Fragmentation. */ /* Disables or enables conntrack fragment reassembly. The default diff --git a/ofproto/ofproto-dpif-xlate.c b/ofproto/ofproto-dpif-xlate.c index 28a7fdd842a6..0b5c56f443e6 100644 --- a/ofproto/ofproto-dpif-xlate.c +++ b/ofproto/ofproto-dpif-xlate.c @@ -5977,6 +5977,25 @@ put_ct_helper(struct xlate_ctx *ctx, } static void +put_ct_timeout(struct ofpbuf *odp_actions, const struct dpif_backer *backer, + const struct flow *flow, struct flow_wildcards *wc, + uint16_t zone_id) +{ + struct ds tp_name = DS_EMPTY_INITIALIZER; + bool unwildcard; + + if (ofproto_dpif_ct_zone_timeout_policy_get_name(backer, zone_id, + ntohs(flow->dl_type), flow->nw_proto, &tp_name, &unwildcard)) { + nl_msg_put_string(odp_actions, OVS_CT_ATTR_TIMEOUT, ds_cstr(&tp_name)); + + if (unwildcard) { + memset(&wc->masks.nw_proto, 0xff, sizeof wc->masks.nw_proto); + } + } + ds_destroy(&tp_name); +} + +static void put_ct_nat(struct xlate_ctx *ctx) { struct ofpact_nat *ofn = ctx->ct_nat_action; @@ -6071,6 +6090,10 @@ compose_conntrack_action(struct xlate_ctx *ctx, struct ofpact_conntrack *ofc, put_ct_mark(&ctx->xin->flow, ctx->odp_actions, ctx->wc); put_ct_label(&ctx->xin->flow, ctx->odp_actions, ctx->wc); put_ct_helper(ctx, ctx->odp_actions, ofc); + if (ofc->flags & NX_CT_F_COMMIT) { + put_ct_timeout(ctx->odp_actions, ctx->xbridge->ofproto->backer, + &ctx->xin->flow, ctx->wc, zone); + } put_ct_nat(ctx); ctx->ct_nat_action = NULL; nl_msg_end_nested(ctx->odp_actions, ct_offset); diff --git a/ofproto/ofproto-dpif.c b/ofproto/ofproto-dpif.c index 3013d83e96a0..8bbc596e2ce0 100644 --- a/ofproto/ofproto-dpif.c +++ b/ofproto/ofproto-dpif.c @@ -5377,6 +5377,33 @@ ct_del_zone_timeout_policy(const char *datapath_type, uint16_t zone) } } +/* Gets timeout policy name in 'backer' based on 'zone', 'dl_type' and + * 'nw_proto'. Returns true if the zoned-based timeout policy is configured. + * On success, stores the timeout policy name in 'tp_name', and sets + * 'unwildcard' based on the dpif implementation. Sets 'unwildcard' to true + * if the timeout policy is 'dl_type' and 'nw_proto' specific. */ +bool +ofproto_dpif_ct_zone_timeout_policy_get_name( + const struct dpif_backer *backer, uint16_t zone, uint16_t dl_type, + uint8_t nw_proto, struct ds *tp_name, bool *unwildcard) +{ + struct ct_zone *ct_zone; + + if (!ct_dpif_timeout_policy_support_ipproto(nw_proto)) { + return false; + } + + ct_zone = ct_zone_lookup(&backer->ct_zones, zone); + if (!ct_zone) { + return false; + } + + return (!ct_dpif_get_timeout_policy_name(backer->dpif, + ct_zone->ct_tp->tp_id, dl_type, + nw_proto, tp_name, unwildcard) + ? true : false); +} + static bool set_frag_handling(struct ofproto *ofproto_, enum ofputil_frag_handling frag_handling) diff --git a/ofproto/ofproto-dpif.h b/ofproto/ofproto-dpif.h index 0dd7a45fe550..cce6bdbc842d 100644 --- a/ofproto/ofproto-dpif.h +++ b/ofproto/ofproto-dpif.h @@ -374,4 +374,8 @@ int ofproto_dpif_delete_internal_flow(struct ofproto_dpif *, struct match *, bool ovs_native_tunneling_is_on(struct ofproto_dpif *); +bool ofproto_dpif_ct_zone_timeout_policy_get_name( + const struct dpif_backer *backer, uint16_t zone, uint16_t dl_type, + uint8_t nw_proto, struct ds *tp_name, bool *unwildcard); + #endif /* ofproto-dpif.h */ diff --git a/tests/system-kmod-macros.at b/tests/system-kmod-macros.at index 554a61e9bd95..ace0aeae03e7 100644 --- a/tests/system-kmod-macros.at +++ b/tests/system-kmod-macros.at @@ -100,6 +100,17 @@ m4_define([CHECK_CONNTRACK_FRAG_OVERLAP], # m4_define([CHECK_CONNTRACK_NAT]) +# CHECK_CONNTRACK_TIMEOUT() +# +# Perform requirements checks for running conntrack customized timeout tests. +# +m4_define([CHECK_CONNTRACK_TIMEOUT], +[ + AT_SKIP_IF([! cat /boot/config-$(uname -r) | grep NF_CONNTRACK_TIMEOUT | grep '=y' > /dev/null]) + modprobe nfnetlink_cttimeout + on_exit 'modprobe -r nfnetlink_cttimeout' +]) + # CHECK_CT_DPIF_PER_ZONE_LIMIT() # # Perform requirements checks for running ovs-dpctl ct-[set|get|del]-limits per @@ -185,3 +196,19 @@ m4_define([OVS_CHECK_KERNEL_EXCL], sublevel=$(uname -r | sed -e 's/\./ /g' | awk '{print $ 2}') AT_SKIP_IF([ ! ( test $version -lt $1 || ( test $version -eq $1 && test $sublevel -lt $2 ) || test $version -gt $3 || ( test $version -eq $3 && test $sublevel -gt $4 ) ) ]) ]) + +# VSCTL_ADD_DATAPATH_TABLE() +# +# Create system datapath table "system" for kernel tests in ovsdb +m4_define([VSCTL_ADD_DATAPATH_TABLE], +[ + AT_CHECK([ovs-vsctl -- --id=@m create Datapath datapath_version=0 -- set Open_vSwitch . datapaths:"system"=@m], [0], [stdout]) +]) + +# VSCTL_ADD_ZONE_TIMEOUT_POLICY([parameters]) +# +# Add zone based timeout policy to kernel datapath +m4_define([VSCTL_ADD_ZONE_TIMEOUT_POLICY], +[ + AT_CHECK([ovs-vsctl add-zone-tp system $1], [0], [stdout]) +]) diff --git a/tests/system-traffic.at b/tests/system-traffic.at index 1a04199dcfe9..f4ac8a8f2c06 100644 --- a/tests/system-traffic.at +++ b/tests/system-traffic.at @@ -3179,6 +3179,72 @@ NXST_FLOW reply: OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP +AT_SETUP([conntrack - zone-based timeout policy]) +CHECK_CONNTRACK() +CHECK_CONNTRACK_TIMEOUT() +OVS_TRAFFIC_VSWITCHD_START() + +ADD_NAMESPACES(at_ns0, at_ns1) + +ADD_VETH(p0, at_ns0, br0, "10.1.1.1/24") +ADD_VETH(p1, at_ns1, br0, "10.1.1.2/24") + +AT_DATA([flows.txt], [dnl +priority=1,action=drop +priority=10,arp,action=normal +priority=100,in_port=1,ip,action=ct(zone=5, table=1) +priority=100,in_port=2,ip,action=ct(zone=5, table=1) +table=1,in_port=2,ip,ct_state=+trk+est,action=1 +table=1,in_port=1,ip,ct_state=+trk+new,action=ct(commit,zone=5),2 +table=1,in_port=1,ip,ct_state=+trk+est,action=2 +]) + +AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) + +dnl Test with default timeout +dnl The default udp_single and icmp_first timeouts are 30 seconds in +dnl kernel DP, and 60 seconds in userspace DP. + +dnl Send ICMP and UDP traffic +NS_CHECK_EXEC([at_ns0], [ping -q -c 3 -i 0.3 -w 2 10.1.1.2 | FORMAT_PING], [0], [dnl +3 packets transmitted, 3 received, 0% packet loss, time 0ms +]) +AT_CHECK([ovs-ofctl -O OpenFlow13 packet-out br0 "in_port=1 packet=50540000000a50540000000908004500001c000000000011a4cd0a0101010a0101020001000200080000 actions=resubmit(,0)"]) + +sleep 4 + +AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2) | sort], [0], [dnl +icmp,orig=(src=10.1.1.1,dst=10.1.1.2,id=,type=8,code=0),reply=(src=10.1.1.2,dst=10.1.1.1,id=,type=0,code=0),zone=5 +udp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),zone=5 +]) + +AT_CHECK([ovs-appctl dpctl/flush-conntrack]) + +dnl Shorten the udp_single and icmp_first timeout in zone 5 +VSCTL_ADD_DATAPATH_TABLE() +VSCTL_ADD_ZONE_TIMEOUT_POLICY([zone=5 udp_single=3 icmp_first=3]) + +dnl Send ICMP and UDP traffic +NS_CHECK_EXEC([at_ns0], [ping -q -c 3 -i 0.3 -w 2 10.1.1.2 | FORMAT_PING], [0], [dnl +3 packets transmitted, 3 received, 0% packet loss, time 0ms +]) +AT_CHECK([ovs-ofctl -O OpenFlow13 packet-out br0 "in_port=1 packet=50540000000a50540000000908004500001c000000000011a4cd0a0101010a0101020001000200080000 actions=resubmit(,0)"]) + +AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2) | sort], [0], [dnl +icmp,orig=(src=10.1.1.1,dst=10.1.1.2,id=,type=8,code=0),reply=(src=10.1.1.2,dst=10.1.1.1,id=,type=0,code=0),zone=5 +udp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=),zone=5 +]) + +dnl Wait until the timeout expire. +dnl We intend to wait a bit longer, because conntrack does not recycle the entry right after it is expired. +sleep 4 + +AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl +]) + +OVS_TRAFFIC_VSWITCHD_STOP +AT_CLEANUP + AT_BANNER([conntrack - L7]) AT_SETUP([conntrack - IPv4 HTTP]) diff --git a/tests/system-userspace-macros.at b/tests/system-userspace-macros.at index 9d5f3bf419d3..8950a4de7287 100644 --- a/tests/system-userspace-macros.at +++ b/tests/system-userspace-macros.at @@ -98,6 +98,16 @@ m4_define([CHECK_CONNTRACK_FRAG_OVERLAP]) # m4_define([CHECK_CONNTRACK_NAT]) +# CHECK_CONNTRACK_TIMEOUT() +# +# Perform requirements checks for running conntrack customized timeout tests. +* The userspace datapath does not support this feature yet. +# +m4_define([CHECK_CONNTRACK_TIMEOUT], +[ + AT_SKIP_IF([:]) +]) + # CHECK_CT_DPIF_PER_ZONE_LIMIT() # # Perform requirements checks for running ovs-dpctl ct-[set|get|del]-limits per @@ -295,3 +305,19 @@ m4_define([OVS_CHECK_KERNEL_EXCL], [ AT_SKIP_IF([:]) ]) + +# VSCTL_ADD_DATAPATH_TABLE() +# +# Create datapath table "netdev" for userspace tests in ovsdb +m4_define([VSCTL_ADD_DATAPATH_TABLE], +[ + AT_CHECK([ovs-vsctl -- --id=@m create Datapath datapath_version=0 -- set Open_vSwitch . datapaths:"netdev"=@m], [0], [stdout]) +]) + +# VSCTL_ADD_ZONE_TIMEOUT_POLICY([parameters]) +# +# Add zone based timeout policy to userspace datapath +m4_define([VSCTL_ADD_ZONE_TIMEOUT_POLICY], +[ + AT_CHECK([ovs-vsctl add-zone-tp netdev $1], [0], [stdout]) +])