Message ID | 20241115-more-nft-v1-1-73d4f07a6e83@ovn.org |
---|---|
State | Accepted |
Commit | 2964cbbd41ecbb2c9db0542606b58bf1dd6a013a |
Delegated to: | Ilya Maximets |
Headers | show |
Series | tests: Use OVS_CHECK_XT* for all applicable tests. | expand |
Context | Check | Description |
---|---|---|
ovsrobot/apply-robot | success | apply and check: success |
ovsrobot/github-robot-_Build_and_Test | fail | github build: failed |
ovsrobot/github-robot-_Build_and_Test | success | github build: passed |
On 11/15/24 18:28, Simon Horman wrote: > Commit d595473ccaae ("tests: Add nft accept support.") uses > nft, when available, instead of iptables to add an accept rule. > > Unfortunately several such cases were missed by that patch. > This patch seeks to address the IPv4 cases that were missed. > > In doing so, it adds a missing pre-requisite check to "datapath - ping > over erspan v2 tunnel by simulated packets". Which previously should > have been IPTABLES_ACCEPT() and is now correctly XT_ACCEPT(). > > Reported-by: Paolo Valerio <pvalerio@redhat.com> > Signed-off-by: Simon Horman <horms@ovn.org> > --- > tests/system-traffic.at | 11 ++++------- > 1 file changed, 4 insertions(+), 7 deletions(-) Recheck-request: github-robot
Simon Horman <horms@ovn.org> writes: > Commit d595473ccaae ("tests: Add nft accept support.") uses > nft, when available, instead of iptables to add an accept rule. > > Unfortunately several such cases were missed by that patch. > This patch seeks to address the IPv4 cases that were missed. > > In doing so, it adds a missing pre-requisite check to "datapath - ping > over erspan v2 tunnel by simulated packets". Which previously should > have been IPTABLES_ACCEPT() and is now correctly XT_ACCEPT(). > > Reported-by: Paolo Valerio <pvalerio@redhat.com> > Signed-off-by: Simon Horman <horms@ovn.org> > --- Thanks Simon for the follow up Acked-by: Paolo Valerio <pvalerio@redhat.com>
diff --git a/tests/system-traffic.at b/tests/system-traffic.at index 2b1686e99391..a45946e6ff0f 100644 --- a/tests/system-traffic.at +++ b/tests/system-traffic.at @@ -1233,7 +1233,7 @@ OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP AT_SETUP([datapath - ping over erspan v1 tunnel by simulated packets]) -AT_SKIP_IF([test $HAVE_IPTABLES = no]) +OVS_CHECK_XT() OVS_CHECK_MIN_KERNEL(3, 10) OVS_TRAFFIC_VSWITCHD_START() @@ -1254,7 +1254,7 @@ dnl Set up tunnel endpoints on OVS outside the namespace and emulate a native dnl linux device inside the namespace. ADD_OVS_TUNNEL([erspan], [br0], [at_erspan0], [172.31.1.1], [10.1.1.100/24], [options:key=1 options:erspan_ver=1 options:erspan_idx=7]) -IPTABLES_ACCEPT([br-underlay]) +XT_ACCEPT([br-underlay]) NETNS_DAEMONIZE([at_ns0], [tcpdump -n -x -i p0 dst host 172.31.1.1 -l > p0.pcap 2>/dev/null], [tcpdump.pid]) sleep 1 @@ -1282,6 +1282,7 @@ OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP AT_SETUP([datapath - ping over erspan v2 tunnel by simulated packets]) +OVS_CHECK_XT() OVS_CHECK_MIN_KERNEL(3, 10) OVS_TRAFFIC_VSWITCHD_START() @@ -1302,11 +1303,7 @@ dnl Set up tunnel endpoints on OVS outside the namespace and simulate a native dnl linux device inside the namespace. ADD_OVS_TUNNEL([erspan], [br0], [at_erspan0], [172.31.1.1], [10.1.1.100/24], [options:key=1 options:erspan_ver=2 options:erspan_dir=1 options:erspan_hwid=0x7]) -dnl Certain Linux distributions, like CentOS, have default iptable rules -dnl to reject input traffic from br-underlay. Here we add a rule to walk -dnl around it. -iptables -I INPUT 1 -i br-underlay -j ACCEPT -on_exit 'iptables -D INPUT 1' +XT_ACCEPT([br-underlay]) NETNS_DAEMONIZE([at_ns0], [tcpdump -n -x -i p0 dst host 172.31.1.1 -l > p0.pcap 2>/dev/null], [tcpdump.pid]) sleep 1
Commit d595473ccaae ("tests: Add nft accept support.") uses nft, when available, instead of iptables to add an accept rule. Unfortunately several such cases were missed by that patch. This patch seeks to address the IPv4 cases that were missed. In doing so, it adds a missing pre-requisite check to "datapath - ping over erspan v2 tunnel by simulated packets". Which previously should have been IPTABLES_ACCEPT() and is now correctly XT_ACCEPT(). Reported-by: Paolo Valerio <pvalerio@redhat.com> Signed-off-by: Simon Horman <horms@ovn.org> --- tests/system-traffic.at | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-)