[ovs-dev] [PATCH v2 ovn 1/3] CoPP: add self-test for icmp{4, 6}_error controller action

Numan Siddique numans at ovn.org
Tue Nov 2 20:33:07 UTC 2021 

On Fri, Oct 29, 2021 at 4:48 AM Mark Gray <mark.d.gray at redhat.com> wrote:
>
> On 21/10/2021 23:18, Lorenzo Bianconi wrote:
> > Introduce CoPP selftest for icmp{4,6}_error controller action
> > Remove sleep in CoPP test and rely on tcpdump "-l" option.
> >
> > Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi at redhat.com>
> > ---
> >  tests/ovn-northd.at | 23 +++++++++++++++++++++++
> >  tests/system-ovn.at | 43 ++++++++++++++++++++++++++++---------------
> >  2 files changed, 51 insertions(+), 15 deletions(-)
> >
> > diff --git a/tests/ovn-northd.at b/tests/ovn-northd.at
> > index 544820764..3ff0029f8 100644
> > --- a/tests/ovn-northd.at
> > +++ b/tests/ovn-northd.at
> > @@ -3249,6 +3249,29 @@ AT_CHECK([ovn-nbctl lr-copp-list r0], [0], [dnl
> >
> >  AT_CHECK([ovn-sbctl list logical_flow | grep arp -A 2 | grep -q meter1],[1])
> >
> > +check ovn-nbctl --wait=hv meter-add meter2 drop 400 pktps 10
> > +check ovn-nbctl --wait=hv lr-copp-add r0 icmp4-error meter2
> > +AT_CHECK([ovn-nbctl lr-copp-list r0], [0], [dnl
> > +icmp4-error: meter2
> > +])
> > +
> > +AT_CHECK([ovn-sbctl list logical_flow | grep icmp4 -A 2 | grep -q meter2])
> > +
> > +check ovn-nbctl --wait=hv lr-copp-del r0 icmp4-error
> > +AT_CHECK([ovn-nbctl lr-copp-list r0], [0], [dnl
> > +])
> > +
> > +check ovn-nbctl --wait=hv lr-copp-add r0 icmp6-error meter2
> > +AT_CHECK([ovn-nbctl lr-copp-list r0], [0], [dnl
> > +icmp6-error: meter2
> > +])
> > +
> > +AT_CHECK([ovn-sbctl list logical_flow | grep icmp6 -A 2 | grep -q meter2])
> > +
> > +check ovn-nbctl --wait=hv lr-copp-del r0 icmp6-error
> > +AT_CHECK([ovn-nbctl lr-copp-list r0], [0], [dnl
> > +])
> > +
> >  check ovn-nbctl --wait=hv ls-copp-del sw1 event-elb
> >  AT_CHECK([ovn-nbctl ls-copp-list sw1], [0], [dnl
> >  ])
> > diff --git a/tests/system-ovn.at b/tests/system-ovn.at
> > index 345384223..d003843c3 100644
> > --- a/tests/system-ovn.at
> > +++ b/tests/system-ovn.at
> > @@ -6669,7 +6669,7 @@ check ovn-nbctl lsp-add public public1 \
> >          -- lsp-set-type public1 localnet \
> >          -- lsp-set-options public1 network_name=phynet
> >
> > -NS_EXEC([sw01], [tcpdump -n -i sw01 icmp -Q in > reject.pcap &])
> > +NS_EXEC([sw01], [tcpdump -l -n -i sw01 icmp -Q in > reject.pcap &])
> >  check ovn-nbctl meter-add acl-meter drop 1 pktps 0
> >  check ovn-nbctl --wait=hv ls-copp-add sw0 reject acl-meter
> >  check ovn-nbctl acl-add sw0 from-lport 1002 'inport == "sw01" && ip && udp' reject
> > @@ -6679,37 +6679,33 @@ reject: acl-meter
> >  ])
> >
> >  ip netns exec sw01 scapy -H <<-EOF
> > -p = IP(src="192.168.1.2", dst="192.168.1.1")/ UDP(dport = 12345) / Raw(b"X"*64)
> > +p = IP(src="192.168.1.2", dst="192.168.1.1") / UDP(dport = 12345) / Raw(b"X"*64)
> >  send (p, iface='sw01', loop = 0, verbose = 0, count = 20)
> >  EOF
> >
> > -sleep 2
> > -kill $(pidof tcpdump)
> > -
> >  # 1pps + 1 burst size
> >  OVS_WAIT_UNTIL([
> >      n_reject=$(grep unreachable reject.pcap | wc -l)
> >      test "${n_reject}" = "2"
> >  ])
> > +kill $(pidof tcpdump)
> >
> >  rm -f reject.pcap
> > -NS_EXEC([sw01], [tcpdump -n -i sw01 icmp -Q in > reject.pcap &])
> > +NS_EXEC([sw01], [tcpdump -l -n -i sw01 icmp -Q in > reject.pcap &])
> >  check ovn-nbctl --wait=hv ls-copp-del sw0 reject
> >
> >  ip netns exec sw01 scapy -H <<-EOF
> > -p = IP(src="192.168.1.2", dst="192.168.1.1")/ UDP(dport = 12345) / Raw(b"X"*64)
> > +p = IP(src="192.168.1.2", dst="192.168.1.1") / UDP(dport = 12345) / Raw(b"X"*64)
> >  send (p, iface='sw01', loop = 0, verbose = 0, count = 20)
> >  EOF
> >
> > -sleep 2
> > -kill $(pidof tcpdump)
> > -
> >  OVS_WAIT_UNTIL([
> >      n_reject=$(grep unreachable reject.pcap | wc -l)
> >      test "${n_reject}" = "20"
> >  ])
> > +kill $(pidof tcpdump)
> >
> > -NS_EXEC([server], [tcpdump -n -i s1 arp[[24:4]]=0xac100164 > arp.pcap &])
> > +NS_EXEC([server], [tcpdump -l -n -i s1 arp[[24:4]]=0xac100164 > arp.pcap &])
> >  check ovn-nbctl meter-add arp-meter drop 1 pktps 0
> >  check ovn-nbctl --wait=hv lr-copp-add R1 arp-resolve arp-meter
> >  AT_CHECK([ovn-nbctl lr-copp-list R1], [0], [dnl
> > @@ -6717,18 +6713,35 @@ arp-resolve: arp-meter
> >  ])
> >
> >  ip netns exec sw01 scapy -H <<-EOF
> > -p = IP(src="192.168.1.2", dst="172.16.1.100")/ TCP(dport = 80, flags="S") / Raw(b"X"*64)
> > +p = IP(src="192.168.1.2", dst="172.16.1.100") / TCP(dport = 80, flags="S") / Raw(b"X"*64)
> >  send (p, iface='sw01', loop = 0, verbose = 0, count = 100)
> >  EOF
> >
> > -sleep 2
> > -kill $(pidof tcpdump)
> > -
> >  # 1pps + 1 burst size
> >  OVS_WAIT_UNTIL([
> >      n_arp=$(grep ARP arp.pcap | wc -l)
> >      test "${n_arp}" = "2"
> >  ])
> > +kill $(pidof tcpdump)
> > +
> > +check ovn-nbctl meter-add icmp-meter drop 1 pktps 0
> > +check ovn-nbctl --wait=hv lr-copp-add R1 icmp4-error icmp-meter
> > +AT_CHECK([ovn-nbctl lr-copp-list R1 |grep icmp4-error], [0], [dnl
> > +icmp4-error: icmp-meter
> > +])
> > +
> > +NS_EXEC([sw01], [tcpdump -l -n -i sw01 icmp > icmp.pcap &])
> > +ip netns exec sw01 scapy -H <<-EOF
> > +p = IP(src="192.168.1.2", dst="172.16.1.100", ttl=1) / TCP(dport = 8080, flags="S") / Raw(b"X"*64)
> > +send (p, iface='sw01', loop = 0, verbose = 0, count = 100)
> > +EOF
> > +
> > +# 1pps + 1 burst size
> > +OVS_WAIT_UNTIL([
> > +    n_icmp=$(grep ICMP icmp.pcap | wc -l)
> > +    test "${n_icmp}" = "2"
> > +])
> > +kill $(pidof tcpdump)
> >
> >  kill $(pidof ovn-controller)
> >
> >
> Acked-by: Mark D. Gray <mark.d.gray at redhat.com>

Thanks Lorenzo and Mark.

I applied this patch series to the main branch.

Numan

>
> _______________________________________________
> dev mailing list
> dev at openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
>

More information about the dev mailing list