From patchwork Wed Aug 30 17:56:09 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aaron Conole X-Patchwork-Id: 1827878 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=GJs8saTj; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=2605:bc80:3010::138; helo=smtp1.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=patchwork.ozlabs.org) Received: from smtp1.osuosl.org (smtp1.osuosl.org [IPv6:2605:bc80:3010::138]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4RbX6C6gSvz1ygM for ; Thu, 31 Aug 2023 03:56:19 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id 712788206C; Wed, 30 Aug 2023 17:56:17 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org 712788206C Authentication-Results: smtp1.osuosl.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=GJs8saTj X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4CUta1iaRlnB; Wed, 30 Aug 2023 17:56:16 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [IPv6:2605:bc80:3010:104::8cd3:938]) by smtp1.osuosl.org (Postfix) with ESMTPS id 5D6B2820C0; Wed, 30 Aug 2023 17:56:15 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org 5D6B2820C0 Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 37AC1C0071; Wed, 30 Aug 2023 17:56:15 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137]) by lists.linuxfoundation.org (Postfix) with ESMTP id 667AEC0032 for ; Wed, 30 Aug 2023 17:56:14 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 3EE9640858 for ; Wed, 30 Aug 2023 17:56:14 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 3EE9640858 Authentication-Results: smtp4.osuosl.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=GJs8saTj X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nlJifT8fJC-Y for ; Wed, 30 Aug 2023 17:56:13 +0000 (UTC) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by smtp4.osuosl.org (Postfix) with ESMTPS id C9456405DE for ; Wed, 30 Aug 2023 17:56:12 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org C9456405DE DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1693418171; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=9xeRAX9lL2SwQcyG+RX2c+U58za+JXfZBMdHLT3+gbA=; b=GJs8saTjRdcwNwLpt997//zle5vXHnpY724y0fv1abF07zSooLaeOm5PXAjJoFDEdhEmR7 H0qyVXoa1aFUxKa/ehoPESegwH2X8IWAwUp5hvij+ixpsLM9dbnPN2/oWK3M92Tu8vK4lU OHC+YoH4ol5rd4cUuotngF4l79F6GpA= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-66-8mSRe2kSMhywbVzm0YKKrQ-1; Wed, 30 Aug 2023 13:56:10 -0400 X-MC-Unique: 8mSRe2kSMhywbVzm0YKKrQ-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com [10.11.54.1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id B32558028B2 for ; Wed, 30 Aug 2023 17:56:09 +0000 (UTC) Received: from RHTPC1VM0NT.redhat.com (unknown [10.22.32.194]) by smtp.corp.redhat.com (Postfix) with ESMTP id 8F25A40C2063; Wed, 30 Aug 2023 17:56:09 +0000 (UTC) From: Aaron Conole To: dev@openvswitch.org Date: Wed, 30 Aug 2023 13:56:09 -0400 Message-Id: <20230830175609.794716-1-aconole@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.1 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Subject: [ovs-dev] [PATCH v3] conntrack: Add a test for IPv4 UDP zero checksum X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" In the past, during some conntrack testing a bug was uncovered in a DPDK PMD which didn't support an IPv4 packet with a zero checksum value. In order to show that the connection tracking code in userspace supports IPv4 UDP with a zero checksum, add a test case to enforce this behavior Reported-at: http://mails.dpdk.org/archives/dev/2021-January/198528.html Reported-by: Paolo Valerio Signed-off-by: Aaron Conole --- v1->v2: - Addressed most of the comments by Flavio & William Tu. - Added the 0xffff checksum case - Added a bad checksum case - For the single instance of "sleep 1," this needs to be retained due to the negative test case (we have no WAIT_UNTIL to rely on) but there are other instances of sleep 1 throughout the suite, so I guess it should be okay. v2->v3: - Add a check for the ofproto dropped packet stats - Fix whitespace issue - Restricted the dump-conntrack checks to keep the possibility of UDP queries poisoning the test case lower. tests/system-traffic.at | 67 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 67 insertions(+) diff --git a/tests/system-traffic.at b/tests/system-traffic.at index 808c492a22..65c44c4350 100644 --- a/tests/system-traffic.at +++ b/tests/system-traffic.at @@ -3813,6 +3813,73 @@ OVS_WAIT_UNTIL([ovs-pcap p0.pcap | grep -q "f00000010101f00000010102080045c00045 OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP +AT_SETUP([conntrack - IPv4 UDP zero checksum]) +dnl Checks sending zero checksum packets for udp over ipv4 +CHECK_CONNTRACK() +OVS_TRAFFIC_VSWITCHD_START() +OVS_CHECK_CT_CLEAR() + +ADD_NAMESPACES(at_ns0, at_ns1) +ADD_VETH(p0, at_ns0, br0, "10.1.1.1/24", "f0:00:00:01:01:01") +ADD_VETH(p1, at_ns1, br0, "10.1.1.2/24", "f0:00:00:01:01:02") + +dnl Setup conntrack flows +AT_DATA([flows.txt], [dnl +table=0,priority=10 ip,udp,ct_state=-trk action=ct(zone=1,table=1) +table=0,priority=0 action=drop +table=1,priority=10 ct_state=-est+trk+new,ip,ct_zone=1,in_port=1 action=ct(commit,table=2) +table=1,priority=10 ct_state=+est-new+trk,ct_zone=1,in_port=1 action=resubmit(,2) +table=1,priority=0 action=drop +table=2,priority=10 ct_state=+trk+new,in_port=1 action=2 +table=2,priority=10 ct_state=+trk+est action=2 +]) +AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) + +dnl sending udp pkt with 0000 checksum +NS_CHECK_EXEC([at_ns0], [$PYTHON3 $srcdir/sendpkt.py p0 f0 00 00 01 01 02 f0 00 00 01 01 01 08 00 45 00 00 28 00 01 00 00 40 11 64 c0 0a 01 01 01 0a 01 01 02 04 d2 04 d2 00 14 00 00 aa aa aa aa aa aa aa aa aa aa aa aa > /dev/null]) + +OVS_WAIT_UNTIL([ovs-appctl dpctl/dump-conntrack | grep "udp"]) + +dnl ensure CT picked up the packet +AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1)], [0], [dnl +udp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=) +]) + +dnl clear CT tuples +AT_CHECK([ovs-appctl dpctl/flush-conntrack]) +AT_CHECK([ovs-appctl dpctl/dump-conntrack | grep "udp"], [1]) + +dnl send UDP with ffff checksum +NS_CHECK_EXEC([at_ns0], [$PYTHON3 $srcdir/sendpkt.py p0 f0 00 00 01 01 02 f0 00 00 01 01 01 08 00 45 00 00 40 00 01 00 00 40 11 64 a8 0a 01 01 01 0a 01 01 02 04 d2 04 d2 00 2c ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 df ed > /dev/null]) +OVS_WAIT_UNTIL([ovs-appctl dpctl/dump-conntrack | grep "udp"]) + +dnl ensure CT picked up the packet +AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1)], [0], [dnl +udp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=,dport=),reply=(src=10.1.1.2,dst=10.1.1.1,sport=,dport=) +]) + +dnl clear CT tuples +AT_CHECK([ovs-appctl dpctl/flush-conntrack]) +AT_CHECK([ovs-appctl dpctl/dump-conntrack | grep "udp"], [1]) + +dnl sending udp pkt with bad checksum +NS_CHECK_EXEC([at_ns0], [$PYTHON3 $srcdir/sendpkt.py p0 f0 00 00 01 01 02 f0 00 00 01 01 01 08 00 45 00 00 28 00 01 00 00 40 11 64 c0 0a 01 01 01 0a 01 01 02 04 d2 04 d2 00 14 11 11 aa aa aa aa aa aa aa aa aa aa aa aa > /dev/null]) + +dnl We call a sleep here to ensure that we let the system get through any +dnl needed upcalls. Once the sleep is expired, we can check the drop counter +dnl in table 1 for our bad csum packet, and ensure that there are no entries +dnl in the conntrack table. +sleep 1 + +AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1)], [0], [dnl +]) +AT_CHECK([ovs-ofctl dump-flows br0 | grep 'table=1,' | dnl + grep 'actions=drop' | strip_duration], [0], [ dnl +cookie=0x0, table=1, n_packets=1, n_bytes=54, idle_age=1, priority=0 actions=drop +]) +OVS_TRAFFIC_VSWITCHD_STOP +AT_CLEANUP + AT_SETUP([conntrack - IPv4 fragmentation]) CHECK_CONNTRACK() OVS_TRAFFIC_VSWITCHD_START()