[ovs-dev] [PATCH v3] ovn.at: Add stateful test for ACL on port groups.

Ben Pfaff blp at ovn.org
Thu Jul 5 19:21:24 UTC 2018


On Mon, Jun 25, 2018 at 10:03:02AM -0700, Han Zhou wrote:
> A bug was reported on the feature of applying ACLs on port groups [1].
> This bug was not detected by the original test case, because it didn't
> test the return traffic and so didn't ensure the stateful feature is
> working. The fix [2] causes the original test case fail, because
> once the conntrack is enabled, the test packets are dropped because
> the checksum in those packets are invalid and so marked with "invalid"
> state by conntrack. To avoid the test case failure, the fix [2] changed
> it to test stateless acl only, which leaves the scenario untested,
> although it is fixed. This patch adds back the stateful ACL in the
> test, and replaced the dummy/receive with inject-pkt to send the test
> packets, so that checksums can be properly filled in, and it also
> adds tests for the return traffic, which ensures the stateful is
> working.
> 
> [1] https://mail.openvswitch.org/pipermail/ovs-discuss/2018-June/046927.html
> 
> [2] https://patchwork.ozlabs.org/patch/931913/
> 
> Signed-off-by: Han Zhou <hzhou8 at ebay.com>

Thanks Han (and reviewers).

I applied this to master.


More information about the dev mailing list