Message ID | 20241105-nft-testsuite-v2-0-e356adf75e81@ovn.org |
---|---|
Headers | show |
Series | tests: use nft when available | expand |
Simon Horman <horms@ovn.org> writes: > Hi, > > This series aims to update the testsuite so that, if available, > nft is used in palce of iptables. The motivation being to move > to more modern tooling. > > --- Hi Simon, The patches look good, I also performed some tests and things work as expected. I noticed that "datapath - ping over erspan v1 tunnel by simulated packets" still uses IPTABLES_ACCEPT(). Also, "datapath - ping over erspan v2 tunnel by simulated packets" does not use the macro, but directly uses iptables with the ACCEPT target These last two also: datapath - ping over ip6erspan v1 tunnel by simulated packets datapath - ping over ip6erspan v2 tunnel by simulated packets instead, do the same but for v6 (ip6tables). They went unnoticed while adding $HAVE_IPTABLES. I guess those should be handled in this set as well. WDYT? > Changes in v2: > - Drop dependency in v2 > - I have verified that nft is used when the CI runs the testsuite > - Link to v1: https://mail.openvswitch.org/pipermail/ovs-dev/2024-October/417704.html > > --- > Simon Horman (3): > tests: add nft accept support. > tests: Add nft support to ADD_EXTERNAL_CT. > tests: Handle marks using nft if available. > > tests/atlocal.in | 3 ++ > tests/ovs-macros.at | 26 ++++++++++++- > tests/system-common-macros.at | 4 ++ > tests/system-kmod-macros.at | 80 +++++++++++++++++++++++++++++++++++++--- > tests/system-offloads-traffic.at | 29 ++++++++++++++- > tests/system-traffic.at | 4 +- > 6 files changed, 135 insertions(+), 11 deletions(-) > > base-commit: e998d4558c10938082e02372ac42f828d252c3cd
Simon Horman <horms@ovn.org> writes: > Hi, > > This series aims to update the testsuite so that, if available, > nft is used in palce of iptables. The motivation being to move > to more modern tooling. > > --- Thanks for the series, Simon. I've tested it on my system, and double checked with the CI systems. Merged.
Paolo Valerio <pvalerio@redhat.com> writes: > Simon Horman <horms@ovn.org> writes: > >> Hi, >> >> This series aims to update the testsuite so that, if available, >> nft is used in palce of iptables. The motivation being to move >> to more modern tooling. >> >> --- > > Hi Simon, Hi Paolo, > The patches look good, I also performed some tests and things work as > expected. > > I noticed that "datapath - ping over erspan v1 tunnel by simulated > packets" still uses IPTABLES_ACCEPT(). > > Also, "datapath - ping over erspan v2 tunnel by simulated packets" does > not use the macro, but directly uses iptables with the ACCEPT target > > These last two also: > datapath - ping over ip6erspan v1 tunnel by simulated packets > datapath - ping over ip6erspan v2 tunnel by simulated packets > > instead, do the same but for v6 (ip6tables). > They went unnoticed while adding $HAVE_IPTABLES. > > I guess those should be handled in this set as well. > WDYT? Sorry - I didn't see your comment when doing the apply (my tool didn't pull the cover letter comments). I guess this should be done as a follow up. >> Changes in v2: >> - Drop dependency in v2 >> - I have verified that nft is used when the CI runs the testsuite >> - Link to v1: https://mail.openvswitch.org/pipermail/ovs-dev/2024-October/417704.html >> >> --- >> Simon Horman (3): >> tests: add nft accept support. >> tests: Add nft support to ADD_EXTERNAL_CT. >> tests: Handle marks using nft if available. >> >> tests/atlocal.in | 3 ++ >> tests/ovs-macros.at | 26 ++++++++++++- >> tests/system-common-macros.at | 4 ++ >> tests/system-kmod-macros.at | 80 +++++++++++++++++++++++++++++++++++++--- >> tests/system-offloads-traffic.at | 29 ++++++++++++++- >> tests/system-traffic.at | 4 +- >> 6 files changed, 135 insertions(+), 11 deletions(-) >> >> base-commit: e998d4558c10938082e02372ac42f828d252c3cd > > _______________________________________________ > dev mailing list > dev@openvswitch.org > https://mail.openvswitch.org/mailman/listinfo/ovs-dev
On Tue, Nov 12, 2024 at 12:07 AM Aaron Conole <aconole@redhat.com> wrote: > > Paolo Valerio <pvalerio@redhat.com> writes: > > > Simon Horman <horms@ovn.org> writes: > > > >> Hi, > >> > >> This series aims to update the testsuite so that, if available, > >> nft is used in palce of iptables. The motivation being to move > >> to more modern tooling. > >> > >> --- > > > > Hi Simon, > > Hi Paolo, > > > The patches look good, I also performed some tests and things work as > > expected. > > > > I noticed that "datapath - ping over erspan v1 tunnel by simulated > > packets" still uses IPTABLES_ACCEPT(). > > > > Also, "datapath - ping over erspan v2 tunnel by simulated packets" does > > not use the macro, but directly uses iptables with the ACCEPT target > > > > These last two also: > > datapath - ping over ip6erspan v1 tunnel by simulated packets > > datapath - ping over ip6erspan v2 tunnel by simulated packets > > > > instead, do the same but for v6 (ip6tables). > > They went unnoticed while adding $HAVE_IPTABLES. > > > > I guess those should be handled in this set as well. > > WDYT? > > Sorry - I didn't see your comment when doing the apply (my tool didn't > pull the cover letter comments). I guess this should be done as a follow > up. No worries. Yes, a follow-up will work. > > >> Changes in v2: > >> - Drop dependency in v2 > >> - I have verified that nft is used when the CI runs the testsuite > >> - Link to v1: https://mail.openvswitch.org/pipermail/ovs-dev/2024-October/417704.html > >> > >> --- > >> Simon Horman (3): > >> tests: add nft accept support. > >> tests: Add nft support to ADD_EXTERNAL_CT. > >> tests: Handle marks using nft if available. > >> > >> tests/atlocal.in | 3 ++ > >> tests/ovs-macros.at | 26 ++++++++++++- > >> tests/system-common-macros.at | 4 ++ > >> tests/system-kmod-macros.at | 80 +++++++++++++++++++++++++++++++++++++--- > >> tests/system-offloads-traffic.at | 29 ++++++++++++++- > >> tests/system-traffic.at | 4 +- > >> 6 files changed, 135 insertions(+), 11 deletions(-) > >> > >> base-commit: e998d4558c10938082e02372ac42f828d252c3cd > > > > _______________________________________________ > > dev mailing list > > dev@openvswitch.org > > https://mail.openvswitch.org/mailman/listinfo/ovs-dev >
On Tue, Nov 12, 2024 at 01:26:56PM +0100, Paolo Valerio wrote: > On Tue, Nov 12, 2024 at 12:07 AM Aaron Conole <aconole@redhat.com> wrote: > > > > Paolo Valerio <pvalerio@redhat.com> writes: > > > > > Simon Horman <horms@ovn.org> writes: > > > > > >> Hi, > > >> > > >> This series aims to update the testsuite so that, if available, > > >> nft is used in palce of iptables. The motivation being to move > > >> to more modern tooling. > > >> > > >> --- > > > > > > Hi Simon, > > > > Hi Paolo, > > > > > The patches look good, I also performed some tests and things work as > > > expected. > > > > > > I noticed that "datapath - ping over erspan v1 tunnel by simulated > > > packets" still uses IPTABLES_ACCEPT(). > > > > > > Also, "datapath - ping over erspan v2 tunnel by simulated packets" does > > > not use the macro, but directly uses iptables with the ACCEPT target > > > > > > These last two also: > > > datapath - ping over ip6erspan v1 tunnel by simulated packets > > > datapath - ping over ip6erspan v2 tunnel by simulated packets > > > > > > instead, do the same but for v6 (ip6tables). > > > They went unnoticed while adding $HAVE_IPTABLES. > > > > > > I guess those should be handled in this set as well. > > > WDYT? > > > > Sorry - I didn't see your comment when doing the apply (my tool didn't > > pull the cover letter comments). I guess this should be done as a follow > > up. > > No worries. > Yes, a follow-up will work. Likewise, sorry for the slow response. I'll work on a follow-up patch for this. ...