On 24 November 2015 at 10:49, Daniele Di Proietto <[email protected]> wrote: > Small comments inline. Otherwise: > > Acked-by: Daniele Di Proietto <[email protected]> > > Thanks for the test > > On 07/11/2015 12:00, "Joe Stringer" <[email protected]> wrote: > >>Add an additional test that ensures that when receiving packets from >>internal ports that reside in a foreign namespace, the conntrack >>information is not populated in the flow. >> >>Signed-off-by: Joe Stringer <[email protected]> >>--- >> tests/system-common-macros.at | 12 ++++++++++++ >> tests/system-traffic.at | 41 >>+++++++++++++++++++++++++++++++++++++++++ >> 2 files changed, 53 insertions(+) >> >>diff --git a/tests/system-common-macros.at b/tests/system-common-macros.at >>index f0da5893905b..581c779e3e28 100644 >>--- a/tests/system-common-macros.at >>+++ b/tests/system-common-macros.at >>@@ -43,6 +43,18 @@ m4_define([NS_CHECK_EXEC], >> # appropriate type, and allows additional arguments to be passed. >> m4_define([ADD_BR], [ovs-vsctl _ADD_BR([$1]) -- $2]) >> >>+# ADD_INT([port], [namespace], [ovs-br], [ip_addr]) >>+# >>+# Add an internal port to 'ovs-br', then shift it into 'namespace' and >>+# configure it with 'ip_addr' (specified in CIDR notation). >>+m4_define([ADD_INT], >>+ [ AT_CHECK([ovs-vsctl add-port $3 $1 -- set int $1 type=internal]) >>+ AT_CHECK([ip link set $1 netns $2]) >>+ NS_CHECK_EXEC([$2], [ip addr add $4 dev $1]) >>+ NS_CHECK_EXEC([$2], [ip link set dev $1 up]) >>+ ] >>+) >>+ >> # ADD_VETH([port], [namespace], [ovs-br], [ip_addr]) >> # >> # Add a pair of veth ports. 'port' will be added to name space >>'namespace', >>diff --git a/tests/system-traffic.at b/tests/system-traffic.at >>index 3b47cced678f..abe00e149feb 100644 >>--- a/tests/system-traffic.at >>+++ b/tests/system-traffic.at >>@@ -566,6 +566,47 @@ TIME_WAIT src=10.1.1.1 dst=10.1.1.2 sport=<cleared> >>dport=<cleared> src=10.1.1.2 >> OVS_TRAFFIC_VSWITCHD_STOP >> AT_CLEANUP >> >>+AT_SETUP([conntrack - multiple zones, internal ports]) >>+CHECK_CONNTRACK() >>+OVS_TRAFFIC_VSWITCHD_START( >>+ [set-fail-mode br0 secure -- ]) >>+ >>+ADD_NAMESPACES(at_ns0, at_ns1) >>+ >>+ADD_INT(p0, at_ns0, br0, "10.1.1.1/24") >>+ADD_INT(p1, at_ns1, br0, "10.1.1.2/24") >>+ >>+dnl Allow any traffic from ns0->ns1. Only allow nd, return traffic from >>ns1->ns0. >>+dnl >>+dnl If skb->nfct is leaking from inside the namespace, this test will >>fail. >>+AT_DATA([flows.txt], [dnl >>+priority=1,action=drop >>+priority=10,arp,action=normal >>+priority=10,icmp,action=normal >>+priority=100,in_port=1,tcp,ct_state=-trk,action=ct(commit,zone=1),ct(comm >>it,zone=2),2 > > I think ct(commit,zone=1) can be removed (unless I misunderstood > your intentions here)
You're right, I was intending this to be more of a test of "multiple namespaces", not "multiple zones". I'll fix this up and push it soon, thanks for the review! _______________________________________________ dev mailing list [email protected] http://openvswitch.org/mailman/listinfo/dev
