| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
Add new tunnel-args for creating ipv6 tunnel through iproute2.
Signed-off-by: William Tu <u9012063@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
|
|
|
|
|
|
|
|
|
|
| |
New macro OVS_CHECK_CT_CLEAR() to check if ct_clear action is supported
by the datapath.
Signed-off-by: Eric Garver <e@erig.me>
Tested-by: William Tu <u9012063@gmail.com>
Acked-by: Flavio Leitner <fbl@sysclose.org>
Signed-off-by: Justin Pettit <jpettit@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
| |
The version of ip-route may not support udp6zerocsum for
vxlan6 or geneve6. If we run the kernel check, there may
be always error message. Before running the test units,
we check the ip command.
Signed-off-by: Tonghao Zhang <xiangxia.m.yue@gmail.com>
Acked-by: Eric Garver <e@erig.me>
Signed-off-by: Joe Stringer <joe@ovn.org>
|
|
|
|
|
| |
Signed-off-by: Eric Garver <e@erig.me>
Signed-off-by: Joe Stringer <joe@ovn.org>
|
|
|
|
|
| |
Signed-off-by: Eric Garver <e@erig.me>
Signed-off-by: Joe Stringer <joe@ovn.org>
|
|
|
|
|
|
|
| |
This is used for native layer3 tunnels.
Signed-off-by: Eric Garver <e@erig.me>
Signed-off-by: Joe Stringer <joe@ovn.org>
|
|
|
|
|
| |
Signed-off-by: Eric Garver <e@erig.me>
Signed-off-by: Joe Stringer <joe@ovn.org>
|
|
|
|
|
|
|
|
| |
Add simple macros to wrap existing tunnel create macros, but lowers the
MTU enough to allow IPv6 underlay.
Signed-off-by: Eric Garver <e@erig.me>
Signed-off-by: Joe Stringer <joe@ovn.org>
|
|
|
|
|
|
|
|
| |
Allow passing flags while creating the IP address on a VETH. This can be
used to pass "nodad" to allow IPv6 address to come up faster.
Signed-off-by: Eric Garver <e@erig.me>
Signed-off-by: Joe Stringer <joe@ovn.org>
|
|
|
|
|
|
|
| |
Add macro OVS_CHECK_8021AD().
Signed-off-by: Eric Garver <e@erig.me>
Signed-off-by: Joe Stringer <joe@ovn.org>
|
|
|
|
|
|
|
|
| |
Use OVS_WAIT_UNTIL() with netstat to ensure servers are listening before
sending requests to them.
Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
All of the commands starting L7 servers duplicate detailed specifics
which inhibits readability, and makes it difficult to ensure that the
servers are ready before the test proceeds. Add a new macro that
provides simpler semantics from the test perspective and hide the
details in the macro. A followup patch will extend this macro to ensure
that servers are ready to serve requests before the test proceeds.
Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
|
|
|
|
|
|
|
|
|
| |
The existing clone test fails the system testsuite. The patch provides
fix, removes the unused at_ns2, and uses "ovs-ofctl monitor" to validate
the packet contents after actions inside a clone.
Signed-off-by: William Tu <u9012063@gmail.com>
Signed-off-by: Joe Stringer <joe@ovn.org>
|
|
|
|
|
|
|
|
|
| |
On RHEL 7.3, test cases that use vxlan, gre, and geneve tunnels fail because
traffic is blocked by default firewall configuration. This commit detects the
status of firewalld, and skips the tests if firewalld is on.
Signed-off-by: Yi-Hung Wei <yihung.wei@gmail.com>
Signed-off-by: Joe Stringer <joe@ovn.org>
|
|
|
|
|
|
|
| |
Add macros ADD_SVLAN() and ADD_CVLAN().
Signed-off-by: Eric Garver <e@erig.me>
Signed-off-by: Joe Stringer <joe@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Add a test case to check connectivity over an OVS bond, using a
Linux bond over veth interfaces.
Also added a new macro "ADD_VETH_BOND", modeled after "ADD_VETH",
in anticipation of future additional bonding test cases.
Signed-off-by: Lance Richardson <lrichard@redhat.com>
Signed-off-by: Joe Stringer <joe@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Ubuntu 14.04 with kernel 3.13 fails to set a GRE tunnel's mac address
after device state is up. The patch first introduces additional args
'link-args' for 'ip link set' and uses it to adds mac address setting
in ADD_NATIVE_TUNNEL. As a result, the device could be configured before
becoming up state. Note that the original 'link-args' is renamed to
'type-args'.
Signed-off-by: William Tu <u9012063@gmail.com>
Signed-off-by: Joe Stringer <joe@ovn.org>
|
|
|
|
|
|
|
|
|
| |
IntegrationGuide.md explains the meaning of the key 'iface-id'. Adding
it as part of ADD_VETH is useful for OVN related tests. For non-OVN
tests, it should have no effect. Upcoming commits take advantage of this.
Signed-off-by: Gurucharan Shetty <guru@ovn.org>
Acked-by: Joe Stringer <joe@ovn.org>
|
|
|
|
|
|
|
|
|
| |
It is useful to set the mac address and gateway while using ADD_VETH
to connect a namespace to a OVN logical topology. Upcoming commits
use this enhancement.
Signed-off-by: Gurucharan Shetty <guru@ovn.org>
Acked-by: Joe Stringer <joe@ovn.org>
|
|
|
|
|
|
|
|
| |
When the TCP state is not important it is better ignore it. This
makes test cases more robust w.r.t. kernel versions and timing.
Signed-off-by: Jarno Rajahalme <jarno@ovn.org>
Acked-by: Jesse Gross <jesse@kernel.org>
|
|
|
|
|
|
|
|
|
|
| |
Automatic helper assignment in conntrack can trigger an upstream bug
where namespace deletion followed by immediate unload of conntrack
helper modules may cause kernel crashes. Disable automatic helper
assignment within created namespaces to avoid this issue.
Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Jarno Rajahalme <jarno@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The system userspace testsuite uses the userspace datapath with
netdev-linux devices, connected to veth pairs with the AF_PACKET socket:
(veth pair) (AF_PACKET)
TCP stack -> p0 ---> ovs-p0 -------------> netdev-linux (userspace OVS)
Unfortunately this configuration has some problems with offloads: a
packet generated by the TCP stack maybe sent to p0 without being
checksummed or segmented. The AF_PACKET socket, by default, ignores the
offloads and just transmits the data of the packets to userspace, but:
1. The packet may need GSO, so the data will be too big to be received
by the userspace datapath
2. The packet might have incomplete checksums, so it will likely be
discarded by the receiver.
Problem 1 causes TCP connections to see a congestion window smaller than
the MTU, which hurts performance but doesn't prevent communication.
Problem 2 was hidden in the testsuite by a Linux kernel bug, fixed by
commit ce8c839b74e3("veth: don’t modify ip_summed; doing so treats
packets with bad checksums as good"). In the kernels that include the
fix, the userspace datapath is able to process pings, but not tcp or udp
data.
Unfortunately I couldn't find a way to ask the AF_PACKET to perform
offloads in kernel. A possible fix would be to use the PACKET_VNET_HDR
sockopt and perform the offloads in userspace.
Until a proper fix is worked out for netdev-linux, this commit disables
offloads on the non-OVS side of the veth pair, as a workaround.
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Acked-by: Joe Stringer <joe@ovn.org>
Acked-by: Flavio Leitner <fbl@sysclose.org>
|
|
|
|
|
| |
Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
|
|
|
|
|
| |
Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
|
|
|
|
|
|
|
|
|
| |
This prevents failure of test scenarios 'make check-kernel'
and 'make check-system-userspace' if creation of veth pairs or
network namespaces is not supported by kernel (or module isn't loaded).
Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
Signed-off-by: Joe Stringer <joe@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
| |
The vxlan tests require a new enough 'ip' tool to configure native VXLAN
tunnels on the host kernel (as well as a new enough kernel). If this
isn't available, simply skip the test. This commit makes the cases where
this is checked consistent.
Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>
Acked-by: Russell Bryant <russell@ovn.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Often in the tests we inspect the conntrack tables with the 'conntrack'
command line utility. Since this may not always be available, and since
these tests are supposed to run with the upcoming userspace connection
tracker, it is better to use the newly implemented dpctl command.
Due to the tcp state mapping done in tcp_state_coalesce(), SYN_RECV is
replaced by ESTABLISHED in four places in the testsuite. The rest of
the changes are just done to match the formatting style.
Also, check the conntrack entries for the IPv6 HTTP test.
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Acked-by: Joe Stringer <joe@ovn.org>
|
|
|
|
|
|
|
|
|
| |
Add an additional test that ensures that when receiving packets from
internal ports that reside in a foreign namespace, the conntrack
information is not populated in the flow.
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
|
|
|
|
|
|
|
|
| |
'conntrack' output format varies depending on the system
configuration, i.e., conntrack accounting or timestamping is enabled.
Modify the FORMAT_CT() macro to hide these differences.
Signed-off-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Joe Stringer <joestringer@nicira.com>
|
|
|
|
|
|
|
|
|
|
| |
When interacting with the local stack, the kernel may provide packets
with existing ct state as they ingress OVS. These tests check that we
are able to connection-track such packets successfully in non-zero
zones, using slightly more realistic pipelines.
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds a new action and fields to OVS that allow connection
tracking to be performed. This support works in conjunction with the
Linux kernel support merged into the Linux-4.3 development cycle.
Packets have two possible states with respect to connection tracking:
Untracked packets have not previously passed through the connection
tracker, while tracked packets have previously been through the
connection tracker. For OpenFlow pipeline processing, untracked packets
can become tracked, and they will remain tracked until the end of the
pipeline. Tracked packets cannot become untracked.
Connections can be unknown, uncommitted, or committed. Packets which are
untracked have unknown connection state. To know the connection state,
the packet must become tracked. Uncommitted connections have no
connection state stored about them, so it is only possible for the
connection tracker to identify whether they are a new connection or
whether they are invalid. Committed connections have connection state
stored beyond the lifetime of the packet, which allows later packets in
the same connection to be identified as part of the same established
connection, or related to an existing connection - for instance ICMP
error responses.
The new 'ct' action transitions the packet from "untracked" to
"tracked" by sending this flow through the connection tracker.
The following parameters are supported initally:
- "commit": When commit is executed, the connection moves from
uncommitted state to committed state. This signals that information
about the connection should be stored beyond the lifetime of the
packet within the pipeline. This allows future packets in the same
connection to be recognized as part of the same "established" (est)
connection, as well as identifying packets in the reply (rpl)
direction, or packets related to an existing connection (rel).
- "zone=[u16|NXM]": Perform connection tracking in the zone specified.
Each zone is an independent connection tracking context. When the
"commit" parameter is used, the connection will only be committed in
the specified zone, and not in other zones. This is 0 by default.
- "table=NUMBER": Fork pipeline processing in two. The original instance
of the packet will continue processing the current actions list as an
untracked packet. An additional instance of the packet will be sent to
the connection tracker, which will be re-injected into the OpenFlow
pipeline to resume processing in the specified table, with the
ct_state and other ct match fields set. If the table is not specified,
then the packet is submitted to the connection tracker, but the
pipeline does not fork and the ct match fields are not populated. It
is strongly recommended to specify a table later than the current
table to prevent loops.
When the "table" option is used, the packet that continues processing in
the specified table will have the ct_state populated. The ct_state may
have any of the following flags set:
- Tracked (trk): Connection tracking has occurred.
- Reply (rpl): The flow is in the reply direction.
- Invalid (inv): The connection tracker couldn't identify the connection.
- New (new): This is the beginning of a new connection.
- Established (est): This is part of an already existing connection.
- Related (rel): This connection is related to an existing connection.
For more information, consult the ovs-ofctl(8) man pages.
Below is a simple example flow table to allow outbound TCP traffic from
port 1 and drop traffic from port 2 that was not initiated by port 1:
table=0,priority=1,action=drop
table=0,arp,action=normal
table=0,in_port=1,tcp,ct_state=-trk,action=ct(commit,zone=9),2
table=0,in_port=2,tcp,ct_state=-trk,action=ct(zone=9,table=1)
table=1,in_port=2,ct_state=+trk+est,tcp,action=1
table=1,in_port=2,ct_state=+trk+new,tcp,action=drop
Based on original design by Justin Pettit, contributions from Thomas
Graf and Daniele Di Proietto.
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Jarno Rajahalme <jrajahalme@nicira.com>
Acked-by: Ben Pfaff <blp@nicira.com>
|
|
|
|
|
|
|
|
| |
A shell function doesn't need quoted and unquoted variants and it
integrates naturally with other shell code.
Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Andy Zhou <azhou@nicira.com>
|
|
|
|
|
|
|
|
|
| |
This test is skipped if the 'ip' command cannot interpret the vxlan 'dstport'
option; this is used as a proxy for detecting native kernel support for this
tunnel type.
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch splits ADD_BR into two commands, so they can be used from
different contexts:
ADD_BR(...) is a standalone command to add a bridge to OVS, and allows
additional ovs-vsctl arguments to be passed. It uses _ADD_BR().
_ADD_BR(...) is the implementation-specific ovs-vsctl arguments to
set up the correct datapath type for userspace or kmod tests.
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
|
|
|
|
|
|
|
|
|
| |
Rather than saving all of the ping output to a file then checking at the
end, check each ping and fail as soon as there is a connectivity
failure.
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
|
|
|
|
|
|
|
|
|
| |
This allows arbitrary commands to be passed into the NS_EXEC macro to be
executed within a namespace, including commands that have quotes and
commands chained together.
Signed-off-by: Joe Stringer <joestringer@nicira.com>
Acked-by: Daniele Di Proietto <diproiettod@vmware.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The new system-userspace-testsuite, which can be launched via
`make check-system-userspace`, reuses the kmod tests on the userspace
datapath.
The userspace datapath is already tested by the main testsuite (and
that's not going to change), but having also the
system-userspace-testsuite has the following advantages:
* More complicated tests are possible: real client and server
applications can be used.
* The same tests run on both kernel and userspace datapath: this gives
us an easy way to make sure that the behaviour is consistent (e.g.
with the upcoming connection tracker integration)
The userspace datapath is able to use system network interfaces via an
AF_PACKET socket.
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Acked-by: Joe Stringer <joestringer@nicira.com>
|
|
|
|
|
|
|
|
| |
Instead of repeating every time "ip netns exec ..." it is better to
introduce some macros.
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Acked-by: Joe Stringer <joestringer@nicira.com>
|
|
The name makes more sense, especially with the addition of a userspace
system testsuite. No functional change in this commit.
Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
Acked-by: Joe Stringer <joestringer@nicira.com>
|