The userspace connection tracker doesn't support ALGs or frag reassembly
yet, so skip those tests.
Also, connection tracking state input from a local port is not possible
in userspace.
Finally, the userspace datapath pads all frames with 0, to make them at
least 64 bytes.
Signed-off-by: Daniele Di Proietto <diproiet...@vmware.com>
---
tests/system-kmod-macros.at | 21 +++++++++++++++++++++
tests/system-traffic.at | 36 +++++++++++++++++++++++-------------
tests/system-userspace-macros.at | 35 ++++++++++++++++++++++++++++++++---
3 files changed, 76 insertions(+), 16 deletions(-)
diff --git a/tests/system-kmod-macros.at b/tests/system-kmod-macros.at
index 3b8edbc..3b78175 100644
--- a/tests/system-kmod-macros.at
+++ b/tests/system-kmod-macros.at
@@ -58,3 +58,24 @@ m4_define([CHECK_CONNTRACK],
on_exit 'ovstest test-netlink-conntrack flush'
]
)
+
+# CHECK_CONNTRACK_ALG()
+#
+# Perform requirements checks for running conntrack ALG tests. The kernel
+# always supports ALG, so no check is needed.
+#
+m4_define([CHECK_CONNTRACK_ALG])
+
+# CHECK_CONNTRACK_FRAG()
+#
+# Perform requirements checks for running conntrack fragmentations tests.
+# The kernel always supports fragmentation, so no check is needed.
+m4_define([CHECK_CONNTRACK_FRAG])
+
+# CHECK_CONNTRACK_LOCAL_STACK()
+#
+# Perform requirements checks for running conntrack tests with local stack.
+# The kernel always supports reading the connection state of an skb coming
+# from an internal port, without an explicit ct() action, so no check is
+# needed.
+m4_define([CHECK_CONNTRACK_LOCAL_STACK])
diff --git a/tests/system-traffic.at b/tests/system-traffic.at
index b405c6f..8a8ffae 100644
--- a/tests/system-traffic.at
+++ b/tests/system-traffic.at
@@ -492,7 +492,7 @@ AT_SETUP([conntrack - multiple bridges])
CHECK_CONNTRACK()
OVS_TRAFFIC_VSWITCHD_START(
[set-fail-mode br0 standalone --\
- add-br br1 --\
+ _ADD_BR(br1) --\
add-port br0 patch+ -- set int patch+ type=patch options:peer=patch- --\
add-port br1 patch- -- set int patch- type=patch options:peer=patch+ --])
@@ -562,7 +562,8 @@ NS_CHECK_EXEC([at_ns0], [wget 10.1.1.2 -t 3 -T 1
--retry-connrefused -v -o wget0
dnl (again) HTTP requests from p0->p1 should work fine.
NS_CHECK_EXEC([at_ns0], [wget 10.1.1.2 -t 3 -T 1 --retry-connrefused -v -o
wget0.log])
-AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl
+dnl The userspace connection tracker here has a different internal TCP state
(CLOSING). Ignore that.
+AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2) | grep -v
"state=CLOSING"], [0], [dnl
tcp orig=(src=10.1.1.1 dst=10.1.1.2 sport=<cleared> dport=<cleared>)
reply=(src=10.1.1.2 dst=10.1.1.1 sport=<cleared> dport=<cleared>) zone=1
protoinfo=(state=SYN_SENT)
tcp orig=(src=10.1.1.1 dst=10.1.1.2 sport=<cleared> dport=<cleared>)
reply=(src=10.1.1.2 dst=10.1.1.1 sport=<cleared> dport=<cleared>) zone=2
protoinfo=(state=TIME_WAIT)
])
@@ -572,6 +573,7 @@ AT_CLEANUP
AT_SETUP([conntrack - multiple zones, local])
CHECK_CONNTRACK()
+CHECK_CONNTRACK_LOCAL_STACK()
OVS_TRAFFIC_VSWITCHD_START(
[set-fail-mode br0 secure -- ])
@@ -620,6 +622,7 @@ AT_CLEANUP
AT_SETUP([conntrack - multi-stage pipeline, local])
CHECK_CONNTRACK()
+CHECK_CONNTRACK_LOCAL_STACK()
OVS_TRAFFIC_VSWITCHD_START(
[set-fail-mode br0 secure -- ])
@@ -849,11 +852,11 @@ dnl We pass "-q 1" here to handle openbsd-style nc that
can't quit immediately.
NS_CHECK_EXEC([at_ns0], [bash -c "echo a | nc -q 1 -u 10.1.1.2 10000"])
AT_CHECK([ovs-appctl revalidator/purge], [0])
-AT_CHECK([ovs-ofctl dump-flows br0 | ofctl_strip | sort | grep -v drop], [0],
[dnl
- n_packets=1, n_bytes=44, priority=100,udp,in_port=1
actions=ct(commit,exec(load:0x1->NXM_NX_CT_MARK[[]])),output:2
- n_packets=1, n_bytes=72,
priority=100,ct_state=+rel+trk,ct_mark=0x1,icmp,in_port=2 actions=output:1
- n_packets=1, n_bytes=72, priority=100,ct_state=-trk,icmp,in_port=2
actions=ct(table=0)
- n_packets=2, n_bytes=84, priority=10,arp actions=NORMAL
+AT_CHECK([ovs-ofctl dump-flows br0 | ofctl_strip | sort | grep -v drop | sed
-e 's/n_bytes=[[0-9]]*/n_bytes=<cleared>/g'], [0], [dnl
+ n_packets=1, n_bytes=<cleared>, priority=100,udp,in_port=1
actions=ct(commit,exec(load:0x1->NXM_NX_CT_MARK[[]])),output:2
+ n_packets=1, n_bytes=<cleared>,
priority=100,ct_state=+rel+trk,ct_mark=0x1,icmp,in_port=2 actions=output:1
+ n_packets=1, n_bytes=<cleared>, priority=100,ct_state=-trk,icmp,in_port=2
actions=ct(table=0)
+ n_packets=2, n_bytes=<cleared>, priority=10,arp actions=NORMAL
NXST_FLOW reply:
])
@@ -908,6 +911,7 @@ AT_CLEANUP
AT_SETUP([conntrack - FTP])
AT_SKIP_IF([test $HAVE_PYFTPDLIB = no])
CHECK_CONNTRACK()
+CHECK_CONNTRACK_ALG()
OVS_TRAFFIC_VSWITCHD_START(
[set-fail-mode br0 standalone -- ])
@@ -991,6 +995,7 @@ AT_CLEANUP
AT_SETUP([conntrack - FTP with multiple expectations])
AT_SKIP_IF([test $HAVE_PYFTPDLIB = no])
CHECK_CONNTRACK()
+CHECK_CONNTRACK_ALG()
OVS_TRAFFIC_VSWITCHD_START(
[set-fail-mode br0 standalone -- ])
@@ -1052,6 +1057,7 @@ AT_CLEANUP
AT_SETUP([conntrack - IPv4 fragmentation ])
CHECK_CONNTRACK()
+CHECK_CONNTRACK_FRAG()
OVS_TRAFFIC_VSWITCHD_START(
[set-fail-mode br0 secure -- ])
@@ -1091,6 +1097,7 @@ AT_CLEANUP
AT_SETUP([conntrack - IPv4 fragmentation + vlan])
CHECK_CONNTRACK()
+CHECK_CONNTRACK_FRAG()
OVS_TRAFFIC_VSWITCHD_START(
[set-fail-mode br0 secure -- ])
@@ -1132,6 +1139,7 @@ AT_CLEANUP
AT_SETUP([conntrack - IPv6 fragmentation])
CHECK_CONNTRACK()
+CHECK_CONNTRACK_FRAG()
OVS_TRAFFIC_VSWITCHD_START(
[set-fail-mode br0 secure -- ])
@@ -1176,6 +1184,7 @@ AT_CLEANUP
AT_SETUP([conntrack - IPv6 fragmentation + vlan])
CHECK_CONNTRACK()
+CHECK_CONNTRACK_FRAG()
OVS_TRAFFIC_VSWITCHD_START(
[set-fail-mode br0 secure -- ])
@@ -1224,6 +1233,7 @@ AT_CLEANUP
AT_SETUP([conntrack - Fragmentation over vxlan])
AT_SKIP_IF([! ip link help 2>&1 | grep vxlan >/dev/null])
CHECK_CONNTRACK()
+CHECK_CONNTRACK_FRAG()
OVS_TRAFFIC_VSWITCHD_START(
[set-fail-mode br0 standalone --])
@@ -1298,12 +1308,12 @@ NS_CHECK_EXEC([at_ns0], [ping -q -c 1 10.1.1.2 |
FORMAT_PING], [0], [dnl
1 packets transmitted, 0 received, 100% packet loss, time 0ms
])
-AT_CHECK([ovs-ofctl dump-flows br0 | ofctl_strip | sort], [0], [dnl
- n_packets=1, n_bytes=98, priority=100,ip,in_port=1
actions=resubmit(,1),resubmit(,2)
- n_packets=2, n_bytes=84, priority=150,arp actions=NORMAL
- table=1, n_packets=1, n_bytes=98, priority=100,ip actions=ct(table=3)
- table=2, n_packets=1, n_bytes=98, priority=100,ip actions=ct(table=3)
- table=3, n_packets=2, n_bytes=196, ip actions=drop
+AT_CHECK([ovs-ofctl dump-flows br0 | ofctl_strip | sort | sed -e
's/n_bytes=[[0-9]]*/n_bytes=<cleared>/g'], [0], [dnl
+ n_packets=1, n_bytes=<cleared>, priority=100,ip,in_port=1
actions=resubmit(,1),resubmit(,2)
+ n_packets=2, n_bytes=<cleared>, priority=150,arp actions=NORMAL
+ table=1, n_packets=1, n_bytes=<cleared>, priority=100,ip actions=ct(table=3)
+ table=2, n_packets=1, n_bytes=<cleared>, priority=100,ip actions=ct(table=3)
+ table=3, n_packets=2, n_bytes=<cleared>, ip actions=drop
NXST_FLOW reply:
])
diff --git a/tests/system-userspace-macros.at b/tests/system-userspace-macros.at
index 16256cb..fe63eb7 100644
--- a/tests/system-userspace-macros.at
+++ b/tests/system-userspace-macros.at
@@ -40,9 +40,38 @@ m4_define([OVS_TRAFFIC_VSWITCHD_STOP],
# CHECK_CONNTRACK()
#
-# Perform requirements checks for running conntrack tests, and flush the
-# kernel conntrack tables when the test is finished.
+# Perform requirements checks for running conntrack tests.
#
m4_define([CHECK_CONNTRACK],
- [AT_SKIP_IF(true)]
+ [AT_SKIP_IF([test $HAVE_PYTHON = no])]
)
+
+# CHECK_CONNTRACK_ALG()
+#
+# Perform requirements checks for running conntrack ALG tests. The userspace
+# doesn't support ALGs yet, so skip the tests
+#
+m4_define([CHECK_CONNTRACK_ALG],
+[
+ AT_SKIP_IF([:])
+])
+
+# CHECK_CONNTRACK_FRAG()
+#
+# Perform requirements checks for running conntrack fragmentations tests.
+# The userspace doesn't support fragmentation yet, so skip the tests.
+m4_define([CHECK_CONNTRACK_FRAG],
+[
+ AT_SKIP_IF([:])
+])
+
+# CHECK_CONNTRACK_LOCAL_STACK()
+#
+# Perform requirements checks for running conntrack tests with local stack.
+# While the kernel connection tracker automatically passes all the connection
+# tracking state from an internal port to the OpenvSwitch kernel module, there
+# is simply no way of doing that with the userspace, so skip the tests.
+m4_define([CHECK_CONNTRACK_LOCAL_STACK],
+[
+ AT_SKIP_IF([:])
+])
--
2.1.4
_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
