mbox series

[ovs-dev,v2,0/3] tests: use nft when available

Message ID 20241105-nft-testsuite-v2-0-e356adf75e81@ovn.org
Headers show
Series tests: use nft when available | expand

Message

Simon Horman Nov. 5, 2024, 8:27 a.m. UTC
Hi,

This series aims to update the testsuite so that, if available,
nft is used in palce of iptables. The motivation being to move
to more modern tooling.

---
Changes in v2:
- Drop dependency in v2
- I have verified that nft is used when the CI runs the testsuite
- Link to v1: https://mail.openvswitch.org/pipermail/ovs-dev/2024-October/417704.html

---
Simon Horman (3):
      tests: add nft accept support.
      tests: Add nft support to ADD_EXTERNAL_CT.
      tests: Handle marks using nft if available.

 tests/atlocal.in                 |  3 ++
 tests/ovs-macros.at              | 26 ++++++++++++-
 tests/system-common-macros.at    |  4 ++
 tests/system-kmod-macros.at      | 80 +++++++++++++++++++++++++++++++++++++---
 tests/system-offloads-traffic.at | 29 ++++++++++++++-
 tests/system-traffic.at          |  4 +-
 6 files changed, 135 insertions(+), 11 deletions(-)

base-commit: e998d4558c10938082e02372ac42f828d252c3cd

Comments

Paolo Valerio Nov. 10, 2024, 8:03 p.m. UTC | #1
Simon Horman <horms@ovn.org> writes:

> Hi,
>
> This series aims to update the testsuite so that, if available,
> nft is used in palce of iptables. The motivation being to move
> to more modern tooling.
>
> ---

Hi Simon,

The patches look good, I also performed some tests and things work as
expected.

I noticed that "datapath - ping over erspan v1 tunnel by simulated
packets" still uses IPTABLES_ACCEPT().

Also, "datapath - ping over erspan v2 tunnel by simulated packets" does
not use the macro, but directly uses iptables with the ACCEPT target

These last two also:
datapath - ping over ip6erspan v1 tunnel by simulated packets
datapath - ping over ip6erspan v2 tunnel by simulated packets

instead, do the same but for v6 (ip6tables).
They went unnoticed while adding $HAVE_IPTABLES.

I guess those should be handled in this set as well.
WDYT?

> Changes in v2:
> - Drop dependency in v2
> - I have verified that nft is used when the CI runs the testsuite
> - Link to v1: https://mail.openvswitch.org/pipermail/ovs-dev/2024-October/417704.html
>
> ---
> Simon Horman (3):
>       tests: add nft accept support.
>       tests: Add nft support to ADD_EXTERNAL_CT.
>       tests: Handle marks using nft if available.
>
>  tests/atlocal.in                 |  3 ++
>  tests/ovs-macros.at              | 26 ++++++++++++-
>  tests/system-common-macros.at    |  4 ++
>  tests/system-kmod-macros.at      | 80 +++++++++++++++++++++++++++++++++++++---
>  tests/system-offloads-traffic.at | 29 ++++++++++++++-
>  tests/system-traffic.at          |  4 +-
>  6 files changed, 135 insertions(+), 11 deletions(-)
>
> base-commit: e998d4558c10938082e02372ac42f828d252c3cd
Aaron Conole Nov. 11, 2024, 11:05 p.m. UTC | #2
Simon Horman <horms@ovn.org> writes:

> Hi,
>
> This series aims to update the testsuite so that, if available,
> nft is used in palce of iptables. The motivation being to move
> to more modern tooling.
>
> ---

Thanks for the series, Simon.  I've tested it on my system, and double
checked with the CI systems.  Merged.
Aaron Conole Nov. 11, 2024, 11:07 p.m. UTC | #3
Paolo Valerio <pvalerio@redhat.com> writes:

> Simon Horman <horms@ovn.org> writes:
>
>> Hi,
>>
>> This series aims to update the testsuite so that, if available,
>> nft is used in palce of iptables. The motivation being to move
>> to more modern tooling.
>>
>> ---
>
> Hi Simon,

Hi Paolo,

> The patches look good, I also performed some tests and things work as
> expected.
>
> I noticed that "datapath - ping over erspan v1 tunnel by simulated
> packets" still uses IPTABLES_ACCEPT().
>
> Also, "datapath - ping over erspan v2 tunnel by simulated packets" does
> not use the macro, but directly uses iptables with the ACCEPT target
>
> These last two also:
> datapath - ping over ip6erspan v1 tunnel by simulated packets
> datapath - ping over ip6erspan v2 tunnel by simulated packets
>
> instead, do the same but for v6 (ip6tables).
> They went unnoticed while adding $HAVE_IPTABLES.
>
> I guess those should be handled in this set as well.
> WDYT?

Sorry - I didn't see your comment when doing the apply (my tool didn't
pull the cover letter comments).  I guess this should be done as a follow
up.

>> Changes in v2:
>> - Drop dependency in v2
>> - I have verified that nft is used when the CI runs the testsuite
>> - Link to v1: https://mail.openvswitch.org/pipermail/ovs-dev/2024-October/417704.html
>>
>> ---
>> Simon Horman (3):
>>       tests: add nft accept support.
>>       tests: Add nft support to ADD_EXTERNAL_CT.
>>       tests: Handle marks using nft if available.
>>
>>  tests/atlocal.in                 |  3 ++
>>  tests/ovs-macros.at              | 26 ++++++++++++-
>>  tests/system-common-macros.at    |  4 ++
>>  tests/system-kmod-macros.at      | 80 +++++++++++++++++++++++++++++++++++++---
>>  tests/system-offloads-traffic.at | 29 ++++++++++++++-
>>  tests/system-traffic.at          |  4 +-
>>  6 files changed, 135 insertions(+), 11 deletions(-)
>>
>> base-commit: e998d4558c10938082e02372ac42f828d252c3cd
>
> _______________________________________________
> dev mailing list
> dev@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Paolo Valerio Nov. 12, 2024, 12:26 p.m. UTC | #4
On Tue, Nov 12, 2024 at 12:07 AM Aaron Conole <aconole@redhat.com> wrote:
>
> Paolo Valerio <pvalerio@redhat.com> writes:
>
> > Simon Horman <horms@ovn.org> writes:
> >
> >> Hi,
> >>
> >> This series aims to update the testsuite so that, if available,
> >> nft is used in palce of iptables. The motivation being to move
> >> to more modern tooling.
> >>
> >> ---
> >
> > Hi Simon,
>
> Hi Paolo,
>
> > The patches look good, I also performed some tests and things work as
> > expected.
> >
> > I noticed that "datapath - ping over erspan v1 tunnel by simulated
> > packets" still uses IPTABLES_ACCEPT().
> >
> > Also, "datapath - ping over erspan v2 tunnel by simulated packets" does
> > not use the macro, but directly uses iptables with the ACCEPT target
> >
> > These last two also:
> > datapath - ping over ip6erspan v1 tunnel by simulated packets
> > datapath - ping over ip6erspan v2 tunnel by simulated packets
> >
> > instead, do the same but for v6 (ip6tables).
> > They went unnoticed while adding $HAVE_IPTABLES.
> >
> > I guess those should be handled in this set as well.
> > WDYT?
>
> Sorry - I didn't see your comment when doing the apply (my tool didn't
> pull the cover letter comments).  I guess this should be done as a follow
> up.

No worries.
Yes, a follow-up will work.

>
> >> Changes in v2:
> >> - Drop dependency in v2
> >> - I have verified that nft is used when the CI runs the testsuite
> >> - Link to v1: https://mail.openvswitch.org/pipermail/ovs-dev/2024-October/417704.html
> >>
> >> ---
> >> Simon Horman (3):
> >>       tests: add nft accept support.
> >>       tests: Add nft support to ADD_EXTERNAL_CT.
> >>       tests: Handle marks using nft if available.
> >>
> >>  tests/atlocal.in                 |  3 ++
> >>  tests/ovs-macros.at              | 26 ++++++++++++-
> >>  tests/system-common-macros.at    |  4 ++
> >>  tests/system-kmod-macros.at      | 80 +++++++++++++++++++++++++++++++++++++---
> >>  tests/system-offloads-traffic.at | 29 ++++++++++++++-
> >>  tests/system-traffic.at          |  4 +-
> >>  6 files changed, 135 insertions(+), 11 deletions(-)
> >>
> >> base-commit: e998d4558c10938082e02372ac42f828d252c3cd
> >
> > _______________________________________________
> > dev mailing list
> > dev@openvswitch.org
> > https://mail.openvswitch.org/mailman/listinfo/ovs-dev
>
Simon Horman Nov. 15, 2024, 10 a.m. UTC | #5
On Tue, Nov 12, 2024 at 01:26:56PM +0100, Paolo Valerio wrote:
> On Tue, Nov 12, 2024 at 12:07 AM Aaron Conole <aconole@redhat.com> wrote:
> >
> > Paolo Valerio <pvalerio@redhat.com> writes:
> >
> > > Simon Horman <horms@ovn.org> writes:
> > >
> > >> Hi,
> > >>
> > >> This series aims to update the testsuite so that, if available,
> > >> nft is used in palce of iptables. The motivation being to move
> > >> to more modern tooling.
> > >>
> > >> ---
> > >
> > > Hi Simon,
> >
> > Hi Paolo,
> >
> > > The patches look good, I also performed some tests and things work as
> > > expected.
> > >
> > > I noticed that "datapath - ping over erspan v1 tunnel by simulated
> > > packets" still uses IPTABLES_ACCEPT().
> > >
> > > Also, "datapath - ping over erspan v2 tunnel by simulated packets" does
> > > not use the macro, but directly uses iptables with the ACCEPT target
> > >
> > > These last two also:
> > > datapath - ping over ip6erspan v1 tunnel by simulated packets
> > > datapath - ping over ip6erspan v2 tunnel by simulated packets
> > >
> > > instead, do the same but for v6 (ip6tables).
> > > They went unnoticed while adding $HAVE_IPTABLES.
> > >
> > > I guess those should be handled in this set as well.
> > > WDYT?
> >
> > Sorry - I didn't see your comment when doing the apply (my tool didn't
> > pull the cover letter comments).  I guess this should be done as a follow
> > up.
> 
> No worries.
> Yes, a follow-up will work.

Likewise, sorry for the slow response.
I'll work on a follow-up patch for this.

...