mirror of
https://github.com/openvswitch/ovs
synced 2025-08-22 18:07:40 +00:00
501f665a5a
Since a27d70a89 ("conntrack: add generic IP protocol support") all
the unrecognized IP protocols get handled using ct_proto_other ops
and are managed as L3 using 3 tuples.
This patch stores L4 information for SCTP in the conn_key so that
multiple conn instances, instead of one with ports zeroed, will be
created when there are multiple SCTP connections between two hosts.
It also performs crc32c check when not offloaded, and adds SCTP to
pat_enabled.
With this patch, given two SCTP association between two hosts,
tracking the connection will result in:
sctp,orig=(src=10.1.1.2,dst=10.1.1.1,sport=55884,dport=5201),
reply=(src=10.1.1.1,dst=10.1.1.2,sport=5201,dport=12345),zone=1
sctp,orig=(src=10.1.1.2,dst=10.1.1.1,sport=59874,dport=5202),
reply=(src=10.1.1.1,dst=10.1.1.2,sport=5202,dport=12346),zone=1
instead of:
sctp,orig=(src=10.1.1.2,dst=10.1.1.1,sport=0,dport=0),
reply=(src=10.1.1.1,dst=10.1.1.2,sport=0,dport=0),zone=1
Signed-off-by: Paolo Valerio <pvalerio@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
360 lines
12 KiB
Plaintext
360 lines
12 KiB
Plaintext
# _ADD_BR([name])
|
|
#
|
|
# Expands into the proper ovs-vsctl commands to create a bridge with the
|
|
# appropriate type and properties
|
|
m4_define([_ADD_BR], [[add-br $1 -- set Bridge $1 datapath_type="netdev" protocols=OpenFlow10,OpenFlow11,OpenFlow12,OpenFlow13,OpenFlow14,OpenFlow15 fail-mode=secure ]])
|
|
|
|
# OVS_TRAFFIC_VSWITCHD_START([vsctl-args], [vsctl-output], [dbinit-aux-args])
|
|
#
|
|
# Creates a database and starts ovsdb-server, starts ovs-vswitchd
|
|
# connected to that database, calls ovs-vsctl to create a bridge named
|
|
# br0 with predictable settings, passing 'vsctl-args' as additional
|
|
# commands to ovs-vsctl. If 'vsctl-args' causes ovs-vsctl to provide
|
|
# output (e.g. because it includes "create" commands) then 'vsctl-output'
|
|
# specifies the expected output after filtering through uuidfilt.
|
|
# 'dbinit-aux-args' are passed as additional commands to 'ovs-vsctl init'
|
|
# before starting ovs-vswitchd.
|
|
m4_define([OVS_TRAFFIC_VSWITCHD_START],
|
|
[
|
|
OVS_WAIT_WHILE([ip link show ovs-netdev])
|
|
_OVS_VSWITCHD_START([--disable-system], [$3])
|
|
dnl Add bridges, ports, etc.
|
|
OVS_WAIT_WHILE([ip link show br0])
|
|
AT_CHECK([ovs-vsctl -- _ADD_BR([br0]) -- $1 m4_if([$2], [], [], [| uuidfilt])], [0], [$2])
|
|
])
|
|
|
|
# OVS_TRAFFIC_VSWITCHD_STOP([ALLOWLIST], [extra_cmds])
|
|
#
|
|
# Gracefully stops ovs-vswitchd and ovsdb-server, checking their log files
|
|
# for messages with severity WARN or higher and signaling an error if any
|
|
# is present. The optional ALLOWLIST may contain shell-quoted "sed"
|
|
# commands to delete any warnings that are actually expected, e.g.:
|
|
#
|
|
# OVS_TRAFFIC_VSWITCHD_STOP(["/expected error/d"])
|
|
#
|
|
# 'extra_cmds' are shell commands to be executed after OVS_VSWITCHD_STOP() is
|
|
# invoked. They can be used to perform additional cleanups such as name space
|
|
# removal.
|
|
m4_define([OVS_TRAFFIC_VSWITCHD_STOP],
|
|
[OVS_VSWITCHD_STOP([dnl
|
|
$1";/netdev_linux.*obtaining netdev stats via vport failed/d
|
|
/dpif_netlink.*Generic Netlink family 'ovs_datapath' does not exist. The Open vSwitch kernel module is probably not loaded./d
|
|
/dpif_netdev(revalidator.*)|ERR|internal error parsing flow key.*proto=2.*/d
|
|
/dpif(revalidator.*)|WARN|netdev@ovs-netdev: failed to.*proto=2.*/d"])
|
|
AT_CHECK([:; $2])
|
|
])
|
|
|
|
# CONFIGURE_VETH_OFFLOADS([VETH])
|
|
#
|
|
# Disable TX offloads for veths. The userspace datapath uses the AF_PACKET
|
|
# socket to receive packets for veths. Unfortunately, the AF_PACKET socket
|
|
# doesn't play well with offloads:
|
|
# 1. GSO packets are received without segmentation and therefore discarded.
|
|
# 2. Packets with offloaded partial checksum are received with the wrong
|
|
# checksum, therefore discarded by the receiver.
|
|
#
|
|
# By disabling tx offloads in the non-OVS side of the veth peer we make sure
|
|
# that the AF_PACKET socket will not receive bad packets.
|
|
#
|
|
# This is a workaround, and should be removed when offloads are properly
|
|
# supported in netdev-linux.
|
|
m4_define([CONFIGURE_VETH_OFFLOADS],
|
|
[AT_CHECK([ethtool -K $1 tx off], [0], [ignore], [ignore])]
|
|
)
|
|
|
|
# CHECK_CONNTRACK()
|
|
#
|
|
# Perform requirements checks for running conntrack tests.
|
|
#
|
|
m4_define([CHECK_CONNTRACK], [])
|
|
|
|
# CHECK_CONNTRACK_ALG()
|
|
#
|
|
# Perform requirements checks for running conntrack ALG tests. The userspace
|
|
# supports FTP and TFTP.
|
|
#
|
|
m4_define([CHECK_CONNTRACK_ALG])
|
|
|
|
# CHECK_CONNTRACK_LOCAL_STACK()
|
|
#
|
|
# Perform requirements checks for running conntrack tests with local stack.
|
|
# While the kernel connection tracker automatically passes all the connection
|
|
# tracking state from an internal port to the OpenvSwitch kernel module, there
|
|
# is simply no way of doing that with the userspace, so skip the tests.
|
|
m4_define([CHECK_CONNTRACK_LOCAL_STACK],
|
|
[
|
|
AT_SKIP_IF([:])
|
|
])
|
|
|
|
# CHECK_CONNTRACK_FRAG_OVERLAP()
|
|
#
|
|
# The userspace datapath supports fragment overlap check.
|
|
m4_define([CHECK_CONNTRACK_FRAG_OVERLAP])
|
|
|
|
# CHECK_CONNTRACK_NAT()
|
|
#
|
|
# Perform requirements checks for running conntrack NAT tests. The userspace
|
|
# datapath supports NAT.
|
|
#
|
|
m4_define([CHECK_CONNTRACK_NAT])
|
|
|
|
# CHECK_CONNTRACK_ZEROIP_SNAT()
|
|
#
|
|
# Perform requirements checks for running conntrack all-zero IP SNAT tests.
|
|
# The userspace datapath always supports all-zero IP SNAT, so no check is
|
|
# needed.
|
|
#
|
|
m4_define([CHECK_CONNTRACK_ZEROIP_SNAT])
|
|
|
|
# CHECK_CONNTRACK_SCTP()
|
|
#
|
|
# Perform requirements checks for running conntrack SCTP. The userspace
|
|
# datapath has no dependency, so no check is required.
|
|
#
|
|
m4_define([CHECK_CONNTRACK_SCTP])
|
|
|
|
# CHECK_CONNTRACK_TIMEOUT()
|
|
#
|
|
# Perform requirements checks for running conntrack customized timeout tests.
|
|
#
|
|
m4_define([CHECK_CONNTRACK_TIMEOUT])
|
|
|
|
# CHECK_CONNTRACK_DUMP_EXPECTATIONS()
|
|
#
|
|
# Perform requirements checks for dumping conntrack expectations.
|
|
#
|
|
m4_define([CHECK_CONNTRACK_DUMP_EXPECTATIONS])
|
|
|
|
# CHECK_CT_DPIF_SET_GET_MAXCONNS()
|
|
#
|
|
# Perform requirements checks for running ovs-dpctl ct-set-maxconns or
|
|
# ovs-dpctl ct-get-maxconns. The userspace datapath does support this feature.
|
|
m4_define([CHECK_CT_DPIF_SET_GET_MAXCONNS])
|
|
|
|
# CHECK_CT_DPIF_GET_NCONNS()
|
|
#
|
|
# Perform requirements checks for running ovs-dpctl ct-get-nconns. The
|
|
# userspace datapath does support this feature.
|
|
m4_define([CHECK_CT_DPIF_GET_NCONNS])
|
|
|
|
# DPCTL_SET_MIN_FRAG_SIZE()
|
|
#
|
|
# The userspace datapath supports this command.
|
|
m4_define([DPCTL_SET_MIN_FRAG_SIZE],
|
|
[
|
|
AT_CHECK([ovs-appctl dpctl/ipf-set-min-frag v4 400], [], [dnl
|
|
setting minimum fragment size successful
|
|
])
|
|
AT_CHECK([ovs-appctl dpctl/ipf-set-min-frag v6 400], [], [dnl
|
|
setting minimum fragment size successful
|
|
])
|
|
])
|
|
|
|
# DPCTL_MODIFY_FRAGMENTATION()
|
|
#
|
|
# The userspace datapath supports this command.
|
|
m4_define([DPCTL_MODIFY_FRAGMENTATION],
|
|
[
|
|
AT_CHECK([ovs-appctl dpctl/ipf-set-min-frag v4 1000], [], [dnl
|
|
setting minimum fragment size successful
|
|
])
|
|
AT_CHECK([ovs-appctl dpctl/ipf-set-max-nfrags 500], [], [dnl
|
|
setting maximum fragments successful
|
|
])
|
|
AT_CHECK([ovs-appctl dpctl/ipf-get-status], [], [dnl
|
|
Fragmentation Module Status
|
|
---------------------------
|
|
v4 enabled: 1
|
|
v6 enabled: 1
|
|
max num frags (v4/v6): 500
|
|
num frag: 0
|
|
min v4 frag size: 1000
|
|
v4 frags accepted: 0
|
|
v4 frags completed: 0
|
|
v4 frags expired: 0
|
|
v4 frags too small: 0
|
|
v4 frags overlapped: 0
|
|
v4 frags purged: 0
|
|
min v6 frag size: 1280
|
|
v6 frags accepted: 0
|
|
v6 frags completed: 0
|
|
v6 frags expired: 0
|
|
v6 frags too small: 0
|
|
v6 frags overlapped: 0
|
|
v6 frags purged: 0
|
|
])
|
|
])
|
|
|
|
# DPCTL_CHECK_FRAGMENTATION_PASS()
|
|
#
|
|
# Used to check fragmentation counters for some fragmentation tests using
|
|
# the userspace datapath.
|
|
m4_define([DPCTL_CHECK_FRAGMENTATION_PASS],
|
|
[
|
|
AT_CHECK([ovs-appctl dpctl/ipf-get-status --more], [], [dnl
|
|
Fragmentation Module Status
|
|
---------------------------
|
|
v4 enabled: 1
|
|
v6 enabled: 1
|
|
max num frags (v4/v6): 500
|
|
num frag: 0
|
|
min v4 frag size: 1000
|
|
v4 frags accepted: 30
|
|
v4 frags completed: 30
|
|
v4 frags expired: 0
|
|
v4 frags too small: 0
|
|
v4 frags overlapped: 0
|
|
v4 frags purged: 0
|
|
min v6 frag size: 1280
|
|
v6 frags accepted: 0
|
|
v6 frags completed: 0
|
|
v6 frags expired: 0
|
|
v6 frags too small: 0
|
|
v6 frags overlapped: 0
|
|
v6 frags purged: 0
|
|
|
|
Fragment Lists:
|
|
|
|
])
|
|
])
|
|
|
|
# DPCTL_CHECK_V6_FRAGMENTATION_PASS()
|
|
#
|
|
# Used to check fragmentation counters for some fragmentation tests using
|
|
# the userspace datapath.
|
|
m4_define([DPCTL_CHECK_V6_FRAGMENTATION_PASS],
|
|
[
|
|
AT_CHECK([ovs-appctl dpctl/ipf-get-status --more], [], [dnl
|
|
Fragmentation Module Status
|
|
---------------------------
|
|
v4 enabled: 1
|
|
v6 enabled: 1
|
|
max num frags (v4/v6): 1000
|
|
num frag: 0
|
|
min v4 frag size: 1200
|
|
v4 frags accepted: 0
|
|
v4 frags completed: 0
|
|
v4 frags expired: 0
|
|
v4 frags too small: 0
|
|
v4 frags overlapped: 0
|
|
v4 frags purged: 0
|
|
min v6 frag size: 1280
|
|
v6 frags accepted: 30
|
|
v6 frags completed: 30
|
|
v6 frags expired: 0
|
|
v6 frags too small: 0
|
|
v6 frags overlapped: 0
|
|
v6 frags purged: 0
|
|
|
|
Fragment Lists:
|
|
|
|
])
|
|
])
|
|
|
|
# FORMAT_FRAG_LIST([])
|
|
#
|
|
# Strip content from the piped input which can differ from test to test; recirc_id
|
|
# and ip_id fields in an ipf_list vary from test to test and hence are cleared.
|
|
m4_define([FORMAT_FRAG_LIST],
|
|
[[sed -e 's/ip_id=[0-9]*/ip_id=<cleared>/g' -e 's/recirc_id=[0-9]*/recirc_id=<cleared>/g']])
|
|
|
|
# DPCTL_CHECK_FRAGMENTATION_FAIL()
|
|
#
|
|
# Used to check fragmentation counters for some fragmentation tests using
|
|
# the userspace datapath, when failure to transmit fragments is expected.
|
|
m4_define([DPCTL_CHECK_FRAGMENTATION_FAIL],
|
|
[
|
|
AT_CHECK([ovs-appctl dpctl/ipf-get-status -m | FORMAT_FRAG_LIST()], [], [dnl
|
|
Fragmentation Module Status
|
|
---------------------------
|
|
v4 enabled: 1
|
|
v6 enabled: 1
|
|
max num frags (v4/v6): 500
|
|
num frag: 7
|
|
min v4 frag size: 1000
|
|
v4 frags accepted: 7
|
|
v4 frags completed: 0
|
|
v4 frags expired: 0
|
|
v4 frags too small: 0
|
|
v4 frags overlapped: 0
|
|
v4 frags purged: 0
|
|
min v6 frag size: 1280
|
|
v6 frags accepted: 0
|
|
v6 frags completed: 0
|
|
v6 frags expired: 0
|
|
v6 frags too small: 0
|
|
v6 frags overlapped: 0
|
|
v6 frags purged: 0
|
|
|
|
Fragment Lists:
|
|
|
|
(src=10.1.1.1,dst=10.1.1.2,recirc_id=<cleared>,ip_id=<cleared>,dl_type=0x800,zone=9,nw_proto=1,num_fragments=1,state=first frag)
|
|
(src=10.1.1.1,dst=10.1.1.2,recirc_id=<cleared>,ip_id=<cleared>,dl_type=0x800,zone=9,nw_proto=1,num_fragments=1,state=first frag)
|
|
(src=10.1.1.1,dst=10.1.1.2,recirc_id=<cleared>,ip_id=<cleared>,dl_type=0x800,zone=9,nw_proto=1,num_fragments=1,state=first frag)
|
|
(src=10.1.1.1,dst=10.1.1.2,recirc_id=<cleared>,ip_id=<cleared>,dl_type=0x800,zone=9,nw_proto=1,num_fragments=1,state=first frag)
|
|
(src=10.1.1.1,dst=10.1.1.2,recirc_id=<cleared>,ip_id=<cleared>,dl_type=0x800,zone=9,nw_proto=1,num_fragments=1,state=first frag)
|
|
(src=10.1.1.1,dst=10.1.1.2,recirc_id=<cleared>,ip_id=<cleared>,dl_type=0x800,zone=9,nw_proto=1,num_fragments=1,state=first frag)
|
|
(src=10.1.1.1,dst=10.1.1.2,recirc_id=<cleared>,ip_id=<cleared>,dl_type=0x800,zone=9,nw_proto=1,num_fragments=1,state=first frag)
|
|
])
|
|
])
|
|
|
|
# OVS_CHECK_MIN_KERNEL([minversion], [maxversion])
|
|
#
|
|
# The userspace skips all tests that check kernel version.
|
|
m4_define([OVS_CHECK_MIN_KERNEL],
|
|
[
|
|
AT_SKIP_IF([:])
|
|
])
|
|
|
|
# OVS_CHECK_KERNEL_EXCL([minversion], [maxversion], [minsublevel], [maxsublevel])
|
|
#
|
|
# The userspace skips all tests that check kernel version.
|
|
m4_define([OVS_CHECK_KERNEL_EXCL],
|
|
[
|
|
AT_SKIP_IF([:])
|
|
])
|
|
|
|
# OVS_CHECK_SRV6()
|
|
m4_define([OVS_CHECK_SRV6],
|
|
[AT_SKIP_IF([! ip -6 route add fc00::1/96 encap seg6 mode encap dev lo 2>&1 >/dev/null])
|
|
AT_CHECK([ip -6 route del fc00::1/96 2>&1 >/dev/null])
|
|
OVS_CHECK_FIREWALL()])
|
|
|
|
# CHECK_LATER_IPV6_FRAGMENTS()
|
|
#
|
|
# Userspace is parsing later IPv6 fragments correctly.
|
|
m4_define([CHECK_LATER_IPV6_FRAGMENTS], [])
|
|
|
|
# VSCTL_ADD_DATAPATH_TABLE()
|
|
#
|
|
# Create datapath table "netdev" for userspace tests in ovsdb
|
|
m4_define([VSCTL_ADD_DATAPATH_TABLE],
|
|
[
|
|
AT_CHECK([ovs-vsctl -- --id=@m create Datapath datapath_version=0 -- set Open_vSwitch . datapaths:"netdev"=@m], [0], [stdout])
|
|
DP_TYPE=$(echo "netdev")
|
|
])
|
|
|
|
|
|
# CHECK_L3L4_CONNTRACK_REASM()
|
|
#
|
|
# Only allow this test to run on the kernel datapath - it is not useful
|
|
# or necessary for the userspace datapath as it is checking for a kernel
|
|
# specific regression.
|
|
m4_define([CHECK_L3L4_CONNTRACK_REASM],
|
|
[
|
|
AT_SKIP_IF([:])
|
|
])
|
|
|
|
# CHECK_NO_TC_OFFLOAD
|
|
#
|
|
# Userspace tests do not use TC offload.
|
|
m4_define([CHECK_NO_TC_OFFLOAD])
|
|
|
|
# OVS_CHECK_BAREUDP()
|
|
#
|
|
# The userspace datapath does not support bareudp tunnels.
|
|
m4_define([OVS_CHECK_BAREUDP],
|
|
[
|
|
AT_SKIP_IF([:])
|
|
])
|