The pmtu.sh kselftest set up a multi-namespace test topology where the host network itself is part of the test setup. Test packets originating from the created namespace are expected to reach test interface created in the host. When firewall rules are present on the host, this traffic may be blocked, causing the test to fail.
Install temporary firewall rules during the test execution to allow the rest traffic to reach the host interfaces and remove them afterwards. https://virtuozzo.atlassian.net/browse/VSTOR-120995 Signed-off-by: Aleksei Oladko <[email protected]> --- tools/testing/selftests/net/pmtu.sh | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/tools/testing/selftests/net/pmtu.sh b/tools/testing/selftests/net/pmtu.sh index 6c651c880fe8..f60581f2bb03 100755 --- a/tools/testing/selftests/net/pmtu.sh +++ b/tools/testing/selftests/net/pmtu.sh @@ -1534,8 +1534,26 @@ test_pmtu_ipvX_over_ovs_vxlanY_or_geneveY_exception() { mtu "" ${type}_a $((${ll_mtu} + 1000)) 2>/dev/null mtu "${ns_b}" ${type}_b $((${ll_mtu} + 1000)) + chain=$(nft list table ip filter | awk '/chain/ {name=$2} /hook input/ {print name}') + if [ -n "$chain" ]; then + if [ "${type}" = "vxlan" ]; then + port="4789" + elif [ "${type}" = "geneve" ]; then + port="6081" + fi + + if [ ${outer_family} -eq 6 ]; then + rule_family="6" + fi + nft_handle=$(nft --echo --json insert rule ip$rule_family filter $chain \ + iifname "veth_A-R1" udp dport $port accept | \ + jq '.nftables[] | .insert.rule.handle') + fi run_cmd ${ns_c} ${ping} -q -M want -i 0.1 -c 20 -s $((${ll_mtu} + 500)) ${dst} || return 1 + if [ -n "$nft_handle" ]; then + nft delete rule ip$rule_family filter $chain handle $nft_handle + fi # Check that exceptions were created pmtu="$(route_get_dst_pmtu_from_exception "${ns_c}" ${dst})" check_pmtu_value ${exp_mtu} "${pmtu}" "exceeding link layer MTU on Open vSwitch ${type} interface" -- 2.43.0 _______________________________________________ Devel mailing list [email protected] https://lists.openvz.org/mailman/listinfo/devel
