diff mbox

[ovs-dev,v4,15/17] system-tests: Add ping through conntrack test.

Message ID 1465598863-56688-16-git-send-email-diproiettod@vmware.com
State Changes Requested
Headers show

Commit Message

Daniele Di Proietto June 10, 2016, 10:47 p.m. UTC 
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
---
 tests/system-traffic.at | 86 +++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 86 insertions(+)

Comments

Joe Stringer June 24, 2016, 10:41 p.m. UTC | #1 
On 10 June 2016 at 15:47, Daniele Di Proietto <diproiettod@vmware.com> wrote:
> Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>

Thanks, I didn't realise this basic test would actually be really
helpful if there's something fundamentally going wrong in a setup. One
minor comment below.

Acked-by: Joe Stringer <joe@ovn.org>

> +AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt])
> +
> +dnl Without this sleep, we get occasional failures due to the following error:
> +dnl "connect: Cannot assign requested address"
> +sleep 2;

Commit c10840ff42da ("system-traffic: Wait for IPv6 connectivity.")
replaced all of these in the testsuite, could you also update this to
do the following?

OVS_WAIT_UNTIL([ip netns exec at_ns0 ping6 -c 1 fc00::2])
Daniele Di Proietto June 25, 2016, 1:40 a.m. UTC | #2 
On 24/06/2016 15:41, "Joe Stringer" <joe@ovn.org> wrote:

>On 10 June 2016 at 15:47, Daniele Di Proietto <diproiettod@vmware.com> wrote:

>> Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>

>

>Thanks, I didn't realise this basic test would actually be really

>helpful if there's something fundamentally going wrong in a setup. One

>minor comment below.

>

>Acked-by: Joe Stringer <joe@ovn.org>

>

>> +AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt])

>> +

>> +dnl Without this sleep, we get occasional failures due to the following error:

>> +dnl "connect: Cannot assign requested address"

>> +sleep 2;

>

>Commit c10840ff42da ("system-traffic: Wait for IPv6 connectivity.")

>replaced all of these in the testsuite, could you also update this to

>do the following?

>

>OVS_WAIT_UNTIL([ip netns exec at_ns0 ping6 -c 1 fc00::2])


Thanks for noticing this! I made the suggested change
diff mbox

Patch

diff --git a/tests/system-traffic.at b/tests/system-traffic.at
index eefb657..ef499de 100644
--- a/tests/system-traffic.at
+++ b/tests/system-traffic.at
@@ -375,6 +375,92 @@  NS_CHECK_EXEC([at_ns1], [wget http://[[fc00::1]] -t 3 -T 1 -v -o wget1.log], [4]
 OVS_TRAFFIC_VSWITCHD_STOP
 AT_CLEANUP
 
+AT_SETUP([conntrack - IPv4 ping])
+CHECK_CONNTRACK()
+OVS_TRAFFIC_VSWITCHD_START()
+
+ADD_NAMESPACES(at_ns0, at_ns1)
+
+ADD_VETH(p0, at_ns0, br0, "10.1.1.1/24")
+ADD_VETH(p1, at_ns1, br0, "10.1.1.2/24")
+
+dnl Allow any traffic from ns0->ns1. Only allow nd, return traffic from ns1->ns0.
+AT_DATA([flows.txt], [dnl
+priority=1,action=drop
+priority=10,arp,action=normal
+priority=100,in_port=1,icmp,action=ct(commit),2
+priority=100,in_port=2,icmp,ct_state=-trk,action=ct(table=0)
+priority=100,in_port=2,icmp,ct_state=+trk+est,action=1
+])
+
+AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt])
+
+dnl Pings from ns0->ns1 should work fine.
+NS_CHECK_EXEC([at_ns0], [ping -q -c 3 -i 0.3 -w 2 10.1.1.2 | FORMAT_PING], [0], [dnl
+3 packets transmitted, 3 received, 0% packet loss, time 0ms
+])
+
+AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl
+icmp,orig=(src=10.1.1.1,dst=10.1.1.2,id=<cleared>),reply=(src=10.1.1.2,dst=10.1.1.1,id=<cleared>)
+])
+
+AT_CHECK([ovs-appctl dpctl/flush-conntrack])
+
+dnl Pings from ns1->ns0 should fail.
+NS_CHECK_EXEC([at_ns1], [ping -q -c 3 -i 0.3 -w 2 10.1.1.1 | FORMAT_PING], [0], [dnl
+7 packets transmitted, 0 received, 100% packet loss, time 0ms
+])
+
+OVS_TRAFFIC_VSWITCHD_STOP
+AT_CLEANUP
+
+AT_SETUP([conntrack - IPv6 ping])
+CHECK_CONNTRACK()
+OVS_TRAFFIC_VSWITCHD_START()
+
+ADD_NAMESPACES(at_ns0, at_ns1)
+
+ADD_VETH(p0, at_ns0, br0, "fc00::1/96")
+ADD_VETH(p1, at_ns1, br0, "fc00::2/96")
+
+AT_DATA([flows.txt], [dnl
+
+dnl ICMPv6 echo request and reply go to table 1.  The rest of the traffic goes
+dnl through normal action.
+table=0,priority=10,icmp6,icmp_type=128,action=goto_table:1
+table=0,priority=10,icmp6,icmp_type=129,action=goto_table:1
+table=0,priority=1,action=normal
+
+dnl Allow everything from ns0->ns1. Only allow return traffic from ns1->ns0.
+table=1,priority=100,in_port=1,icmp6,action=ct(commit),2
+table=1,priority=100,in_port=2,icmp6,ct_state=-trk,action=ct(table=0)
+table=1,priority=100,in_port=2,icmp6,ct_state=+trk+est,action=1
+table=1,priority=1,action=drop
+])
+
+AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt])
+
+dnl Without this sleep, we get occasional failures due to the following error:
+dnl "connect: Cannot assign requested address"
+sleep 2;
+
+dnl Pings from ns1->ns0 should fail.
+NS_CHECK_EXEC([at_ns1], [ping6 -q -c 3 -i 0.3 -w 2 fc00::1 | FORMAT_PING], [0], [dnl
+7 packets transmitted, 0 received, 100% packet loss, time 0ms
+])
+
+dnl Pings from ns0->ns1 should work fine.
+NS_CHECK_EXEC([at_ns0], [ping6 -q -c 3 -i 0.3 -w 2 fc00::2 | FORMAT_PING], [0], [dnl
+3 packets transmitted, 3 received, 0% packet loss, time 0ms
+])
+
+AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(fc00::2)], [0], [dnl
+icmpv6,orig=(src=fc00::1,dst=fc00::2,id=<cleared>),reply=(src=fc00::2,dst=fc00::1,id=<cleared>)
+])
+
+OVS_TRAFFIC_VSWITCHD_STOP
+AT_CLEANUP
+
 AT_SETUP([conntrack - commit, recirc])
 CHECK_CONNTRACK()
 OVS_TRAFFIC_VSWITCHD_START()