diff mbox series

[ovs-dev,1/2] tests: Use OVS_CHECK_XT for all applicable IPv4 tests.

Message ID 20241115-more-nft-v1-1-73d4f07a6e83@ovn.org
State Accepted
Commit 2964cbbd41ecbb2c9db0542606b58bf1dd6a013a
Delegated to: Ilya Maximets
Headers show
Series tests: Use OVS_CHECK_XT* for all applicable tests. | expand

Checks

Context Check Description
ovsrobot/apply-robot success apply and check: success
ovsrobot/github-robot-_Build_and_Test fail github build: failed
ovsrobot/github-robot-_Build_and_Test success github build: passed

Commit Message

Simon Horman Nov. 15, 2024, 5:28 p.m. UTC
Commit d595473ccaae ("tests: Add nft accept support.") uses
nft, when available, instead of iptables to add an accept rule.

Unfortunately several such cases were missed by that patch.
This patch seeks to address the IPv4 cases that were missed.

In doing so, it adds a missing pre-requisite check to "datapath - ping
over erspan v2 tunnel by simulated packets". Which previously should
have been IPTABLES_ACCEPT() and is now correctly XT_ACCEPT().

Reported-by: Paolo Valerio <pvalerio@redhat.com>
Signed-off-by: Simon Horman <horms@ovn.org>
---
 tests/system-traffic.at | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

Comments

Ilya Maximets Nov. 29, 2024, 12:40 p.m. UTC | #1
On 11/15/24 18:28, Simon Horman wrote:
> Commit d595473ccaae ("tests: Add nft accept support.") uses
> nft, when available, instead of iptables to add an accept rule.
> 
> Unfortunately several such cases were missed by that patch.
> This patch seeks to address the IPv4 cases that were missed.
> 
> In doing so, it adds a missing pre-requisite check to "datapath - ping
> over erspan v2 tunnel by simulated packets". Which previously should
> have been IPTABLES_ACCEPT() and is now correctly XT_ACCEPT().
> 
> Reported-by: Paolo Valerio <pvalerio@redhat.com>
> Signed-off-by: Simon Horman <horms@ovn.org>
> ---
>  tests/system-traffic.at | 11 ++++-------
>  1 file changed, 4 insertions(+), 7 deletions(-)

Recheck-request: github-robot
Paolo Valerio Dec. 1, 2024, 7:32 p.m. UTC | #2
Simon Horman <horms@ovn.org> writes:

> Commit d595473ccaae ("tests: Add nft accept support.") uses
> nft, when available, instead of iptables to add an accept rule.
>
> Unfortunately several such cases were missed by that patch.
> This patch seeks to address the IPv4 cases that were missed.
>
> In doing so, it adds a missing pre-requisite check to "datapath - ping
> over erspan v2 tunnel by simulated packets". Which previously should
> have been IPTABLES_ACCEPT() and is now correctly XT_ACCEPT().
>
> Reported-by: Paolo Valerio <pvalerio@redhat.com>
> Signed-off-by: Simon Horman <horms@ovn.org>
> ---

Thanks Simon for the follow up

Acked-by: Paolo Valerio <pvalerio@redhat.com>
diff mbox series

Patch

diff --git a/tests/system-traffic.at b/tests/system-traffic.at
index 2b1686e99391..a45946e6ff0f 100644
--- a/tests/system-traffic.at
+++ b/tests/system-traffic.at
@@ -1233,7 +1233,7 @@  OVS_TRAFFIC_VSWITCHD_STOP
 AT_CLEANUP
 
 AT_SETUP([datapath - ping over erspan v1 tunnel by simulated packets])
-AT_SKIP_IF([test $HAVE_IPTABLES = no])
+OVS_CHECK_XT()
 OVS_CHECK_MIN_KERNEL(3, 10)
 
 OVS_TRAFFIC_VSWITCHD_START()
@@ -1254,7 +1254,7 @@  dnl Set up tunnel endpoints on OVS outside the namespace and emulate a native
 dnl linux device inside the namespace.
 ADD_OVS_TUNNEL([erspan], [br0], [at_erspan0], [172.31.1.1], [10.1.1.100/24], [options:key=1 options:erspan_ver=1 options:erspan_idx=7])
 
-IPTABLES_ACCEPT([br-underlay])
+XT_ACCEPT([br-underlay])
 
 NETNS_DAEMONIZE([at_ns0], [tcpdump -n -x -i p0 dst host 172.31.1.1 -l > p0.pcap 2>/dev/null], [tcpdump.pid])
 sleep 1
@@ -1282,6 +1282,7 @@  OVS_TRAFFIC_VSWITCHD_STOP
 AT_CLEANUP
 
 AT_SETUP([datapath - ping over erspan v2 tunnel by simulated packets])
+OVS_CHECK_XT()
 OVS_CHECK_MIN_KERNEL(3, 10)
 
 OVS_TRAFFIC_VSWITCHD_START()
@@ -1302,11 +1303,7 @@  dnl Set up tunnel endpoints on OVS outside the namespace and simulate a native
 dnl linux device inside the namespace.
 ADD_OVS_TUNNEL([erspan], [br0], [at_erspan0], [172.31.1.1], [10.1.1.100/24], [options:key=1 options:erspan_ver=2 options:erspan_dir=1 options:erspan_hwid=0x7])
 
-dnl Certain Linux distributions, like CentOS, have default iptable rules
-dnl to reject input traffic from br-underlay. Here we add a rule to walk
-dnl around it.
-iptables -I INPUT 1 -i br-underlay -j ACCEPT
-on_exit 'iptables -D INPUT 1'
+XT_ACCEPT([br-underlay])
 
 NETNS_DAEMONIZE([at_ns0], [tcpdump -n -x -i p0 dst host 172.31.1.1 -l > p0.pcap 2>/dev/null], [tcpdump.pid])
 sleep 1