[ovs-dev] [PATCH v4 14/17] system-tests: Run conntrack tests with userspace.

Daniele Di Proietto Fri, 10 Jun 2016 15:49:33 -0700

The userspace connection tracker doesn't support ALGs, frag reassembly
or NAT yet, so skip those tests.


Also, connection tracking state input from a local port is not possible
in userspace.

The userspace datapath pads all frames with 0, to make them at
least 64 bytes.

Finally, the userspace datapath checks for the IPv4 header checksum, so
fix those in the hardcoded packets.

Signed-off-by: Daniele Di Proietto <diproiet...@vmware.com>
Acked-by: Joe Stringer <j...@ovn.org>
Acked-by: Flavio Leitner <f...@sysclose.org>
---
 tests/system-kmod-macros.at      | 28 ++++++++++++++++++++
 tests/system-traffic.at          | 57 +++++++++++++++++++++++++++++-----------
 tests/system-userspace-macros.at | 45 ++++++++++++++++++++++++++++---
 3 files changed, 112 insertions(+), 18 deletions(-)

diff --git a/tests/system-kmod-macros.at b/tests/system-kmod-macros.at
index cee0510..4c64a71 100644
--- a/tests/system-kmod-macros.at
+++ b/tests/system-kmod-macros.at
@@ -66,3 +66,31 @@ m4_define([CHECK_CONNTRACK],
      on_exit 'ovstest test-netlink-conntrack flush'
     ]
 )
+
+# CHECK_CONNTRACK_ALG()
+#
+# Perform requirements checks for running conntrack ALG tests. The kernel
+# supports ALG, so no check is needed.
+#
+m4_define([CHECK_CONNTRACK_ALG])
+
+# CHECK_CONNTRACK_FRAG()
+#
+# Perform requirements checks for running conntrack fragmentations tests.
+# The kernel always supports fragmentation, so no check is needed.
+m4_define([CHECK_CONNTRACK_FRAG])
+
+# CHECK_CONNTRACK_LOCAL_STACK()
+#
+# Perform requirements checks for running conntrack tests with local stack.
+# The kernel always supports reading the connection state of an skb coming
+# from an internal port, without an explicit ct() action, so no check is
+# needed.
+m4_define([CHECK_CONNTRACK_LOCAL_STACK])
+
+# CHECK_CONNTRACK_NAT()
+#
+# Perform requirements checks for running conntrack NAT tests. The kernel
+# always supports NAT, so no check is needed.
+#
+m4_define([CHECK_CONNTRACK_NAT])
diff --git a/tests/system-traffic.at b/tests/system-traffic.at
index ceaba62..eefb657 100644
--- a/tests/system-traffic.at
+++ b/tests/system-traffic.at
@@ -274,13 +274,13 @@ AT_CAPTURE_FILE([ofctl_monitor.log])
 AT_CHECK([ovs-ofctl monitor br0 65534 invalid_ttl --detach --no-chdir 
--pidfile 2> ofctl_monitor.log])
 
 dnl Send an unsolicited reply from port 2. This should be dropped.
-AT_CHECK([ovs-ofctl -O OpenFlow13 packet-out br0 2 ct\(table=0\) 
'50540000000a50540000000908004500001c00000000001100000a0101020a0101010002000100080000'])
+AT_CHECK([ovs-ofctl -O OpenFlow13 packet-out br0 2 ct\(table=0\) 
'50540000000a50540000000908004500001c000000000011a4cd0a0101020a0101010002000100080000'])
 
 dnl OK, now start a new connection from port 1.
-AT_CHECK([ovs-ofctl -O OpenFlow13 packet-out br0 1 ct\(commit\),controller 
'50540000000a50540000000908004500001c00000000001100000a0101010a0101020001000200080000'])
+AT_CHECK([ovs-ofctl -O OpenFlow13 packet-out br0 1 ct\(commit\),controller 
'50540000000a50540000000908004500001c000000000011a4cd0a0101010a0101020001000200080000'])
 
 dnl Now try a reply from port 2.
-AT_CHECK([ovs-ofctl -O OpenFlow13 packet-out br0 2 ct\(table=0\) 
'50540000000a50540000000908004500001c00000000001100000a0101020a0101010002000100080000'])
+AT_CHECK([ovs-ofctl -O OpenFlow13 packet-out br0 2 ct\(table=0\) 
'50540000000a50540000000908004500001c000000000011a4cd0a0101020a0101010002000100080000'])
 
 dnl Check this output. We only see the latter two packets, not the first.
 AT_CHECK([cat ofctl_monitor.log], [0], [dnl
@@ -663,7 +663,8 @@ NS_CHECK_EXEC([at_ns0], [wget 10.1.1.2 -t 3 -T 1 
--retry-connrefused -v -o wget0
 dnl (again) HTTP requests from p0->p1 should work fine.
 NS_CHECK_EXEC([at_ns0], [wget 10.1.1.2 -t 3 -T 1 --retry-connrefused -v -o 
wget0.log])
 
-AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl
+dnl The userspace connection tracker here has a different internal TCP state 
(CLOSING). Ignore that.
+AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2) | grep -v 
"state=CLOSING"], [0], [dnl
 
tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=<cleared>,dport=<cleared>),reply=(src=10.1.1.2,dst=10.1.1.1,sport=<cleared>,dport=<cleared>),zone=1,protoinfo=(state=SYN_SENT)
 
tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=<cleared>,dport=<cleared>),reply=(src=10.1.1.2,dst=10.1.1.1,sport=<cleared>,dport=<cleared>),zone=2,protoinfo=(state=TIME_WAIT)
 ])
@@ -673,6 +674,7 @@ AT_CLEANUP
 
 AT_SETUP([conntrack - multiple zones, local])
 CHECK_CONNTRACK()
+CHECK_CONNTRACK_LOCAL_STACK()
 OVS_TRAFFIC_VSWITCHD_START()
 
 ADD_NAMESPACES(at_ns0)
@@ -720,6 +722,7 @@ AT_CLEANUP
 
 AT_SETUP([conntrack - multiple namespaces, internal ports])
 CHECK_CONNTRACK()
+CHECK_CONNTRACK_LOCAL_STACK()
 OVS_TRAFFIC_VSWITCHD_START(
    [set-fail-mode br0 secure -- ])
 
@@ -760,6 +763,7 @@ AT_CLEANUP
 
 AT_SETUP([conntrack - multi-stage pipeline, local])
 CHECK_CONNTRACK()
+CHECK_CONNTRACK_LOCAL_STACK()
 OVS_TRAFFIC_VSWITCHD_START()
 
 ADD_NAMESPACES(at_ns0)
@@ -1091,11 +1095,11 @@ dnl UDP packets from ns0->ns1 should solicit 
"destination unreachable" response.
 NS_CHECK_EXEC([at_ns0], [bash -c "echo a | nc $NC_EOF_OPT -u 10.1.1.2 10000"])
 
 AT_CHECK([ovs-appctl revalidator/purge], [0])
-AT_CHECK([ovs-ofctl dump-flows br0 | ofctl_strip | sort | grep -v drop], [0], 
[dnl
- n_packets=1, n_bytes=44, priority=100,udp,in_port=1 
actions=ct(commit,exec(load:0x1->NXM_NX_CT_MARK[[]])),output:2
- n_packets=1, n_bytes=72, 
priority=100,ct_state=+rel+trk,ct_mark=0x1,icmp,in_port=2 actions=output:1
- n_packets=1, n_bytes=72, priority=100,ct_state=-trk,icmp,in_port=2 
actions=ct(table=0)
- n_packets=2, n_bytes=84, priority=10,arp actions=NORMAL
+AT_CHECK([ovs-ofctl dump-flows br0 | ofctl_strip | sort | grep -v drop | sed 
-e 's/n_bytes=[[0-9]]*/n_bytes=<cleared>/g'], [0], [dnl
+ n_packets=1, n_bytes=<cleared>, priority=100,udp,in_port=1 
actions=ct(commit,exec(load:0x1->NXM_NX_CT_MARK[[]])),output:2
+ n_packets=1, n_bytes=<cleared>, 
priority=100,ct_state=+rel+trk,ct_mark=0x1,icmp,in_port=2 actions=output:1
+ n_packets=1, n_bytes=<cleared>, priority=100,ct_state=-trk,icmp,in_port=2 
actions=ct(table=0)
+ n_packets=2, n_bytes=<cleared>, priority=10,arp actions=NORMAL
 NXST_FLOW reply:
 ])
 
@@ -1149,6 +1153,7 @@ AT_CLEANUP
 AT_SETUP([conntrack - FTP])
 AT_SKIP_IF([test $HAVE_PYFTPDLIB = no])
 CHECK_CONNTRACK()
+CHECK_CONNTRACK_ALG()
 OVS_TRAFFIC_VSWITCHD_START()
 
 ADD_NAMESPACES(at_ns0, at_ns1)
@@ -1232,6 +1237,7 @@ AT_CLEANUP
 AT_SETUP([conntrack - IPv6 FTP])
 AT_SKIP_IF([test $HAVE_PYFTPDLIB = no])
 CHECK_CONNTRACK()
+CHECK_CONNTRACK_ALG()
 OVS_TRAFFIC_VSWITCHD_START()
 
 ADD_NAMESPACES(at_ns0, at_ns1)
@@ -1288,6 +1294,7 @@ AT_CLEANUP
 AT_SETUP([conntrack - FTP with multiple expectations])
 AT_SKIP_IF([test $HAVE_PYFTPDLIB = no])
 CHECK_CONNTRACK()
+CHECK_CONNTRACK_ALG()
 OVS_TRAFFIC_VSWITCHD_START()
 
 ADD_NAMESPACES(at_ns0, at_ns1)
@@ -1348,6 +1355,7 @@ AT_CLEANUP
 
 AT_SETUP([conntrack - IPv4 fragmentation ])
 CHECK_CONNTRACK()
+CHECK_CONNTRACK_FRAG()
 OVS_TRAFFIC_VSWITCHD_START()
 
 ADD_NAMESPACES(at_ns0, at_ns1)
@@ -1386,6 +1394,7 @@ AT_CLEANUP
 
 AT_SETUP([conntrack - IPv4 fragmentation expiry])
 CHECK_CONNTRACK()
+CHECK_CONNTRACK_FRAG()
 OVS_TRAFFIC_VSWITCHD_START()
 
 ADD_NAMESPACES(at_ns0, at_ns1)
@@ -1421,6 +1430,7 @@ AT_CLEANUP
 
 AT_SETUP([conntrack - IPv4 fragmentation + vlan])
 CHECK_CONNTRACK()
+CHECK_CONNTRACK_FRAG()
 OVS_TRAFFIC_VSWITCHD_START()
 
 ADD_NAMESPACES(at_ns0, at_ns1)
@@ -1461,6 +1471,7 @@ AT_CLEANUP
 
 AT_SETUP([conntrack - IPv6 fragmentation])
 CHECK_CONNTRACK()
+CHECK_CONNTRACK_FRAG()
 OVS_TRAFFIC_VSWITCHD_START()
 
 ADD_NAMESPACES(at_ns0, at_ns1)
@@ -1505,6 +1516,7 @@ AT_CLEANUP
 
 AT_SETUP([conntrack - IPv6 fragmentation expiry])
 CHECK_CONNTRACK()
+CHECK_CONNTRACK_FRAG()
 OVS_TRAFFIC_VSWITCHD_START()
 
 ADD_NAMESPACES(at_ns0, at_ns1)
@@ -1550,6 +1562,7 @@ AT_CLEANUP
 
 AT_SETUP([conntrack - IPv6 fragmentation + vlan])
 CHECK_CONNTRACK()
+CHECK_CONNTRACK_FRAG()
 OVS_TRAFFIC_VSWITCHD_START()
 
 ADD_NAMESPACES(at_ns0, at_ns1)
@@ -1598,6 +1611,7 @@ AT_CLEANUP
 AT_SETUP([conntrack - Fragmentation over vxlan])
 OVS_CHECK_VXLAN()
 CHECK_CONNTRACK()
+CHECK_CONNTRACK_FRAG()
 
 OVS_TRAFFIC_VSWITCHD_START()
 ADD_BR([br-underlay])
@@ -1649,6 +1663,7 @@ AT_CLEANUP
 AT_SETUP([conntrack - IPv6 Fragmentation over vxlan])
 OVS_CHECK_VXLAN()
 CHECK_CONNTRACK()
+CHECK_CONNTRACK_FRAG()
 
 OVS_TRAFFIC_VSWITCHD_START()
 ADD_BR([br-underlay])
@@ -1732,12 +1747,12 @@ NS_CHECK_EXEC([at_ns0], [ping -q -c 1 10.1.1.2 | 
FORMAT_PING], [0], [dnl
 1 packets transmitted, 0 received, 100% packet loss, time 0ms
 ])
 
-AT_CHECK([ovs-ofctl dump-flows br0 | ofctl_strip | sort], [0], [dnl
- n_packets=1, n_bytes=98, priority=100,ip,in_port=1 
actions=resubmit(,1),resubmit(,2)
- n_packets=2, n_bytes=84, priority=150,arp actions=NORMAL
- table=1, n_packets=1, n_bytes=98, priority=100,ip actions=ct(table=3)
- table=2, n_packets=1, n_bytes=98, priority=100,ip actions=ct(table=3)
- table=3, n_packets=2, n_bytes=196, ip actions=drop
+AT_CHECK([ovs-ofctl dump-flows br0 | ofctl_strip | sort | sed -e 
's/n_bytes=[[0-9]]*/n_bytes=<cleared>/g'], [0], [dnl
+ n_packets=1, n_bytes=<cleared>, priority=100,ip,in_port=1 
actions=resubmit(,1),resubmit(,2)
+ n_packets=2, n_bytes=<cleared>, priority=150,arp actions=NORMAL
+ table=1, n_packets=1, n_bytes=<cleared>, priority=100,ip actions=ct(table=3)
+ table=2, n_packets=1, n_bytes=<cleared>, priority=100,ip actions=ct(table=3)
+ table=3, n_packets=2, n_bytes=<cleared>, ip actions=drop
 NXST_FLOW reply:
 ])
 
@@ -1747,6 +1762,7 @@ AT_CLEANUP
 
 AT_SETUP([conntrack - simple SNAT])
 CHECK_CONNTRACK()
+CHECK_CONNTRACK_NAT()
 OVS_TRAFFIC_VSWITCHD_START()
 
 ADD_NAMESPACES(at_ns0, at_ns1)
@@ -1793,6 +1809,7 @@ AT_CLEANUP
 
 AT_SETUP([conntrack - SNAT with port range])
 CHECK_CONNTRACK()
+CHECK_CONNTRACK_NAT()
 OVS_TRAFFIC_VSWITCHD_START()
 
 ADD_NAMESPACES(at_ns0, at_ns1)
@@ -1840,6 +1857,7 @@ AT_CLEANUP
 
 AT_SETUP([conntrack - more complex SNAT])
 CHECK_CONNTRACK()
+CHECK_CONNTRACK_NAT()
 OVS_TRAFFIC_VSWITCHD_START()
 
 ADD_NAMESPACES(at_ns0, at_ns1)
@@ -1891,6 +1909,7 @@ AT_CLEANUP
 
 AT_SETUP([conntrack - simple DNAT])
 CHECK_CONNTRACK()
+CHECK_CONNTRACK_NAT()
 OVS_TRAFFIC_VSWITCHD_START()
 
 ADD_NAMESPACES(at_ns0, at_ns1)
@@ -1945,6 +1964,7 @@ AT_CLEANUP
 
 AT_SETUP([conntrack - more complex DNAT])
 CHECK_CONNTRACK()
+CHECK_CONNTRACK_NAT()
 OVS_TRAFFIC_VSWITCHD_START()
 
 ADD_NAMESPACES(at_ns0, at_ns1)
@@ -2005,6 +2025,7 @@ AT_CLEANUP
 
 AT_SETUP([conntrack - ICMP related with NAT])
 CHECK_CONNTRACK()
+CHECK_CONNTRACK_NAT()
 OVS_TRAFFIC_VSWITCHD_START()
 
 ADD_NAMESPACES(at_ns0, at_ns1)
@@ -2066,6 +2087,7 @@ AT_CLEANUP
 AT_SETUP([conntrack - FTP with NAT])
 AT_SKIP_IF([test $HAVE_PYFTPDLIB = no])
 CHECK_CONNTRACK()
+CHECK_CONNTRACK_NAT()
 
 OVS_TRAFFIC_VSWITCHD_START()
 
@@ -2147,6 +2169,7 @@ AT_CLEANUP
 AT_SETUP([conntrack - FTP with NAT 2])
 AT_SKIP_IF([test $HAVE_PYFTPDLIB = no])
 CHECK_CONNTRACK()
+CHECK_CONNTRACK_NAT()
 OVS_TRAFFIC_VSWITCHD_START()
 
 ADD_NAMESPACES(at_ns0, at_ns1)
@@ -2214,6 +2237,7 @@ AT_CLEANUP
 
 AT_SETUP([conntrack - IPv6 HTTP with NAT])
 CHECK_CONNTRACK()
+CHECK_CONNTRACK_NAT()
 OVS_TRAFFIC_VSWITCHD_START()
 
 ADD_NAMESPACES(at_ns0, at_ns1)
@@ -2257,6 +2281,7 @@ AT_CLEANUP
 AT_SETUP([conntrack - IPv6 FTP with NAT])
 AT_SKIP_IF([test $HAVE_PYFTPDLIB = no])
 CHECK_CONNTRACK()
+CHECK_CONNTRACK_NAT()
 OVS_TRAFFIC_VSWITCHD_START()
 
 ADD_NAMESPACES(at_ns0, at_ns1)
@@ -2314,6 +2339,7 @@ AT_CLEANUP
 
 AT_SETUP([conntrack - DNAT load balancing])
 CHECK_CONNTRACK()
+CHECK_CONNTRACK_NAT()
 OVS_TRAFFIC_VSWITCHD_START()
 
 ADD_NAMESPACES(at_ns1, at_ns2, at_ns3, at_ns4)
@@ -2400,6 +2426,7 @@ AT_CLEANUP
 
 AT_SETUP([conntrack - DNAT load balancing with NC])
 CHECK_CONNTRACK()
+CHECK_CONNTRACK_NAT()
 OVS_TRAFFIC_VSWITCHD_START()
 
 ADD_NAMESPACES(at_ns1, at_ns2, at_ns3, at_ns4, at_ns5)
diff --git a/tests/system-userspace-macros.at b/tests/system-userspace-macros.at
index c09a4aa..213425f 100644
--- a/tests/system-userspace-macros.at
+++ b/tests/system-userspace-macros.at
@@ -60,9 +60,48 @@ m4_define([CONFIGURE_VETH_OFFLOADS],
 
 # CHECK_CONNTRACK()
 #
-# Perform requirements checks for running conntrack tests, and flush the
-# kernel conntrack tables when the test is finished.
+# Perform requirements checks for running conntrack tests.
 #
 m4_define([CHECK_CONNTRACK],
-    [AT_SKIP_IF(true)]
+    [AT_SKIP_IF([test $HAVE_PYTHON = no])]
 )
+
+# CHECK_CONNTRACK_ALG()
+#
+# Perform requirements checks for running conntrack ALG tests. The userspace
+# doesn't support ALGs yet, so skip the tests
+#
+m4_define([CHECK_CONNTRACK_ALG],
+[
+    AT_SKIP_IF([:])
+])
+
+# CHECK_CONNTRACK_FRAG()
+#
+# Perform requirements checks for running conntrack fragmentations tests.
+# The userspace doesn't support fragmentation yet, so skip the tests.
+m4_define([CHECK_CONNTRACK_FRAG],
+[
+    AT_SKIP_IF([:])
+])
+
+# CHECK_CONNTRACK_LOCAL_STACK()
+#
+# Perform requirements checks for running conntrack tests with local stack.
+# While the kernel connection tracker automatically passes all the connection
+# tracking state from an internal port to the OpenvSwitch kernel module, there
+# is simply no way of doing that with the userspace, so skip the tests.
+m4_define([CHECK_CONNTRACK_LOCAL_STACK],
+[
+    AT_SKIP_IF([:])
+])
+
+# CHECK_CONNTRACK_NAT()
+#
+# Perform requirements checks for running conntrack NAT tests. The userspace
+# doesn't support NATs yet, so skip the tests
+#
+m4_define([CHECK_CONNTRACK_NAT],
+[
+    AT_SKIP_IF([:])
+])
-- 
2.8.1

_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev

[ovs-dev] [PATCH v4 14/17] system-tests: Run conntrack tests with userspace.

Reply via email to