From patchwork Thu May  5 01:01:04 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Joe Stringer <joe@ovn.org>
X-Patchwork-Id: 618741
Return-Path: <dev-bounces@openvswitch.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from archives.nicira.com (archives.nicira.com [96.126.127.54])
	by ozlabs.org (Postfix) with ESMTP id 3r0c7W73dpz9sdn
	for <incoming@patchwork.ozlabs.org>;
	Thu,  5 May 2016 11:01:59 +1000 (AEST)
Received: from archives.nicira.com (localhost [127.0.0.1])
	by archives.nicira.com (Postfix) with ESMTP id 1B0BB108C1;
	Wed,  4 May 2016 18:01:48 -0700 (PDT)
X-Original-To: dev@openvswitch.org
Delivered-To: dev@openvswitch.org
Received: from mx3v3.cudamail.com (mx3.cudamail.com [64.34.241.5])
	by archives.nicira.com (Postfix) with ESMTPS id 8E76D108B5
	for <dev@openvswitch.org>; Wed,  4 May 2016 18:01:46 -0700 (PDT)
Received: from bar6.cudamail.com (localhost [127.0.0.1])
	by mx3v3.cudamail.com (Postfix) with ESMTPS id 27D7116244A
	for <dev@openvswitch.org>; Wed,  4 May 2016 19:01:46 -0600 (MDT)
X-ASG-Debug-ID: 1462410105-0b3237599f214ee0001-byXFYA
Received: from mx3-pf3.cudamail.com ([192.168.14.3]) by bar6.cudamail.com
	with
	ESMTP id sPySoHCZDpHDEIYR (version=TLSv1 cipher=DHE-RSA-AES256-SHA
	bits=256 verify=NO) for <dev@openvswitch.org>;
	Wed, 04 May 2016 19:01:45 -0600 (MDT)
X-Barracuda-Envelope-From: joe@ovn.org
X-Barracuda-RBL-Trusted-Forwarder: 192.168.14.3
Received: from unknown (HELO relay6-d.mail.gandi.net) (217.70.183.198)
	by mx3-pf3.cudamail.com with ESMTPS (DHE-RSA-AES256-SHA encrypted);
	5 May 2016 01:01:45 -0000
Received-SPF: pass (mx3-pf3.cudamail.com: SPF record at ovn.org designates
	217.70.183.198 as permitted sender)
X-Barracuda-Apparent-Source-IP: 217.70.183.198
X-Barracuda-RBL-IP: 217.70.183.198
Received: from mfilter35-d.gandi.net (mfilter35-d.gandi.net [217.70.178.166])
	by relay6-d.mail.gandi.net (Postfix) with ESMTP id F3B7FFB886;
	Thu,  5 May 2016 03:01:42 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at mfilter35-d.gandi.net
Received: from relay6-d.mail.gandi.net ([IPv6:::ffff:217.70.183.198])
	by mfilter35-d.gandi.net (mfilter35-d.gandi.net [::ffff:10.0.15.180])
	(amavisd-new, port 10024)
	with ESMTP id GsIQXoHsXe-y; Thu,  5 May 2016 03:01:41 +0200 (CEST)
X-Originating-IP: 208.91.1.34
Received: from localhost.localdomain (unknown [208.91.1.34])
	(Authenticated sender: joe@ovn.org)
	by relay6-d.mail.gandi.net (Postfix) with ESMTPSA id 530AFFB8B1;
	Thu,  5 May 2016 03:01:40 +0200 (CEST)
X-CudaMail-Envelope-Sender: joe@ovn.org
From: Joe Stringer <joe@ovn.org>
To: dev@openvswitch.org
X-CudaMail-Whitelist-To: dev@openvswitch.org
X-CudaMail-MID: CM-V3-503068617
X-CudaMail-DTE: 050416
X-CudaMail-Originating-IP: 217.70.183.198
Date: Wed,  4 May 2016 18:01:04 -0700
X-ASG-Orig-Subj: [##CM-V3-503068617##][PATCH 2/4] system-traffic: Update
	tests in flat tables.
Message-Id: <1462410066-41547-3-git-send-email-joe@ovn.org>
X-Mailer: git-send-email 2.1.4
In-Reply-To: <1462410066-41547-1-git-send-email-joe@ovn.org>
References: <1462410066-41547-1-git-send-email-joe@ovn.org>
X-Barracuda-Connect: UNKNOWN[192.168.14.3]
X-Barracuda-Start-Time: 1462410105
X-Barracuda-Encrypted: DHE-RSA-AES256-SHA
X-Barracuda-URL: https://web.cudamail.com:443/cgi-mod/mark.cgi
X-ASG-Whitelist: Header =?UTF-8?B?eFwtY3VkYW1haWxcLXdoaXRlbGlzdFwtdG8=?=
X-Virus-Scanned: by bsmtpd at cudamail.com
X-Barracuda-BRTS-Status: 1
Subject: [ovs-dev] [PATCH 2/4] system-traffic: Update tests in flat tables.
X-BeenThere: dev@openvswitch.org
X-Mailman-Version: 2.1.16
Precedence: list
List-Id: <dev.openvswitch.org>
List-Unsubscribe: <http://openvswitch.org/mailman/options/dev>,
	<mailto:dev-request@openvswitch.org?subject=unsubscribe>
List-Archive: <http://openvswitch.org/pipermail/dev>
List-Post: <mailto:dev@openvswitch.org>
List-Help: <mailto:dev-request@openvswitch.org?subject=help>
List-Subscribe: <http://openvswitch.org/mailman/listinfo/dev>,
	<mailto:dev-request@openvswitch.org?subject=subscribe>
MIME-Version: 1.0
Errors-To: dev-bounces@openvswitch.org
Sender: "dev" <dev-bounces@openvswitch.org>

A few of the earlier tests were written with all flows in a single flat
table. While this is a possible way to write your flows to use
connection tracking, it's easier to understand if the processing
proceeds forward from one table to the next. Update these tests.

Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Jarno Rajahalme <jarno@ovn.org>
---
 tests/system-traffic.at | 65 ++++++++++++++++++++++++++-----------------------
 1 file changed, 35 insertions(+), 30 deletions(-)

diff --git a/tests/system-traffic.at b/tests/system-traffic.at
index 49426eb36c2a..a5ec11775a7b 100644
--- a/tests/system-traffic.at
+++ b/tests/system-traffic.at
@@ -1155,27 +1155,29 @@ ADD_VETH(p1, at_ns1, br0, "10.1.1.2/24")
 
 dnl Allow any traffic from ns0->ns1. Only allow nd, return traffic from ns1->ns0.
 AT_DATA([flows1.txt], [dnl
-priority=1,action=drop
-priority=10,arp,action=normal
-priority=10,icmp,action=normal
-priority=100,in_port=1,tcp,action=ct(alg=ftp,commit),2
-priority=100,in_port=2,tcp,ct_state=-trk,action=ct(table=0)
-priority=100,in_port=2,tcp,ct_state=+trk+est,action=1
-priority=100,in_port=2,tcp,ct_state=+trk+rel,action=1
+table=0,priority=1,action=drop
+table=0,priority=10,arp,action=normal
+table=0,priority=10,icmp,action=normal
+table=0,priority=100,in_port=1,tcp,action=ct(alg=ftp,commit),2
+table=0,priority=100,in_port=2,tcp,action=ct(table=1)
+table=1,priority=100,in_port=2,tcp,ct_state=+trk+est,action=1
+table=1,priority=100,in_port=2,tcp,ct_state=+trk+rel,action=1
 ])
 
 dnl Similar policy but without allowing all traffic from ns0->ns1.
 AT_DATA([flows2.txt], [dnl
-priority=1,action=drop
-priority=10,arp,action=normal
-priority=10,icmp,action=normal
-priority=100,in_port=1,tcp,ct_state=-trk,action=ct(table=0)
-priority=100,in_port=1,tcp,ct_state=+trk+new,action=ct(commit,alg=ftp),2
-priority=100,in_port=1,tcp,ct_state=+trk+est,action=2
-priority=100,in_port=2,tcp,ct_state=-trk,action=ct(table=0)
-priority=100,in_port=2,tcp,ct_state=+trk+new+rel,action=ct(commit),1
-priority=100,in_port=2,tcp,ct_state=+trk+est,action=1
-priority=100,in_port=2,tcp,ct_state=+trk-new+rel,action=1
+table=0,priority=1,action=drop
+table=0,priority=10,arp,action=normal
+table=0,priority=10,icmp,action=normal
+
+table=0,priority=100,in_port=1,tcp,action=ct(table=1)
+table=1,priority=100,in_port=1,tcp,ct_state=+trk+new,action=ct(commit,alg=ftp),2
+table=1,priority=100,in_port=1,tcp,ct_state=+trk+est,action=2
+
+table=0,priority=100,in_port=2,tcp,action=ct(table=1)
+table=1,priority=100,in_port=2,tcp,ct_state=+trk+new+rel,action=ct(commit),1
+table=1,priority=100,in_port=2,tcp,ct_state=+trk+est,action=1
+table=1,priority=100,in_port=2,tcp,ct_state=+trk-new+rel,action=1
 ])
 
 AT_CHECK([ovs-ofctl --bundle replace-flows br0 flows1.txt])
@@ -1287,19 +1289,22 @@ ADD_VETH(p1, at_ns1, br0, "10.1.1.2/24")
 
 dnl Dual-firewall, allow all from ns1->ns2, allow established and ftp ns2->ns1.
 AT_DATA([flows.txt], [dnl
-priority=1,action=drop
-priority=10,arp,action=normal
-priority=10,icmp,action=normal
-priority=100,in_port=1,tcp,ct_state=-trk,action=ct(table=0,zone=1)
-priority=100,in_port=1,tcp,ct_zone=1,ct_state=+trk+new,action=ct(commit,alg=ftp,zone=1),ct(commit,alg=ftp,zone=2),2
-priority=100,in_port=1,tcp,ct_zone=1,ct_state=+trk+est,action=ct(table=0,zone=2)
-priority=100,in_port=1,tcp,ct_zone=2,ct_state=+trk+new,action=ct(commit,alg=ftp,zone=2)
-priority=100,in_port=1,tcp,ct_zone=2,ct_state=+trk+est,action=2
-priority=100,in_port=2,tcp,ct_state=-trk,action=ct(table=0,zone=2)
-priority=100,in_port=2,tcp,ct_zone=2,ct_state=+trk+rel,action=ct(commit,zone=2),ct(commit,zone=1),1
-priority=100,in_port=2,tcp,ct_zone=2,ct_state=+trk+est,action=ct(table=0,zone=1)
-priority=100,in_port=2,tcp,ct_zone=1,ct_state=+trk+rel,action=ct(commit,zone=2),ct(commit,zone=1),1
-priority=100,in_port=2,tcp,ct_zone=1,ct_state=+trk+est,action=1
+table=0,priority=1,action=drop
+table=0,priority=10,arp,action=normal
+table=0,priority=10,icmp,action=normal
+
+dnl Traffic from ns1
+table=0,priority=100,in_port=1,tcp,action=ct(table=1,zone=1,alg=ftp)
+table=1,priority=100,in_port=1,tcp,ct_zone=1,ct_state=+trk+new,action=ct(commit,alg=ftp,zone=1),ct(commit,alg=ftp,zone=2),2
+table=1,priority=100,in_port=1,tcp,ct_zone=1,ct_state=+trk+est,action=ct(table=2,alg=ftp,zone=2)
+table=2,priority=100,in_port=1,tcp,ct_zone=2,ct_state=+trk+est,action=2
+
+dnl Traffic from ns2
+table=0,priority=100,in_port=2,tcp,action=ct(table=1,alg=ftp,zone=2)
+table=1,priority=100,in_port=2,tcp,ct_zone=2,ct_state=+trk+rel,action=ct(commit,zone=2),ct(commit,zone=1),1
+table=1,priority=100,in_port=2,tcp,ct_zone=2,ct_state=+trk+est,action=ct(table=2,alg=ftp,zone=1)
+table=2,priority=100,in_port=2,tcp,ct_zone=1,ct_state=+trk+rel,action=ct(commit,zone=2),ct(commit,zone=1),1
+table=2,priority=100,in_port=2,tcp,ct_zone=1,ct_state=+trk+est,action=1
 ])
 
 AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt])