[ovs-dev] [PATCH v3] ovn.at: Add stateful test for ACL on port groups.

[Daniel Alvarez Sanchez]

Thanks a lot Han!


On Tue, Jun 26, 2018 at 9:41 AM Jakub Sitnicki <jkbs at redhat.com> wrote:

> On Mon, 25 Jun 2018 10:03:02 -0700
> Han Zhou <zhouhan at gmail.com> wrote:
>
> > A bug was reported on the feature of applying ACLs on port groups [1].
> > This bug was not detected by the original test case, because it didn't
> > test the return traffic and so didn't ensure the stateful feature is
> > working. The fix [2] causes the original test case fail, because
> > once the conntrack is enabled, the test packets are dropped because
> > the checksum in those packets are invalid and so marked with "invalid"
> > state by conntrack. To avoid the test case failure, the fix [2] changed
> > it to test stateless acl only, which leaves the scenario untested,
> > although it is fixed. This patch adds back the stateful ACL in the
> > test, and replaced the dummy/receive with inject-pkt to send the test
> > packets, so that checksums can be properly filled in, and it also
> > adds tests for the return traffic, which ensures the stateful is
> > working.
> >
> > [1]
> https://mail.openvswitch.org/pipermail/ovs-discuss/2018-June/046927.html
> >
> > [2] https://patchwork.ozlabs.org/patch/931913/
> >
> > Signed-off-by: Han Zhou <hzhou8 at ebay.com>
> > ---
> > Note: this patch depends on Daniel's patch [2] which is not merged yet.
> > v1->v2:
> >     - Addressed Jacub's comments - simplified packet expr and removed
> >       debug information.
> >     - Renamed test_ip to test_icmp.
> > v2->v3:
> >     - Updated comments.
> >
> >  tests/ovn.at | 69
> ++++++++++++++++++++++++++++++++++++++++++------------------
> >  1 file changed, 48 insertions(+), 21 deletions(-)
>
> Acked-by: Jakub Sitnicki <jkbs at redhat.com>
>
Acked-by: Daniel Alvarez <dalvarez at redhat.com>

> _______________________________________________
> dev mailing list
> dev at openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
>