This is a regression test to make sure that all later IPv6 fragments have proto=44 in the flow key, and that there are not any later IPv6 frag flows that do not have it.
Previously, the way that later IPv6 fragments' nw_proto field is parsed in the kernel was changed to equal the next_header field of the last extension header. The same change was not made in OVS userspace. This was a problem because OVS creates actions based on what is parsed in userspace, but the kernel-provided flow key is used as a match criteria. This lead to issues such as packets incorrectly matching on a flow and thus the wrong list of actions being applied to the packet. Therefore, OVS and the kernel must parse this field the same way to prevent this issue. OVS and the kernel both currently parse this field the same way for later IPv6 fragments, with nw_proto=44. Signed-off-by: Rosemarie O'Riorden <rorior...@redhat.com> --- tests/system-traffic.at | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/tests/system-traffic.at b/tests/system-traffic.at index 36e10aa4a..2fa5b1504 100644 --- a/tests/system-traffic.at +++ b/tests/system-traffic.at @@ -192,6 +192,39 @@ NS_CHECK_EXEC([at_ns0], [ping6 -s 3200 -q -c 3 -i 0.3 -w 2 fc00:1::2 | FORMAT_PI OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP +AT_SETUP([datapath - ping6 between two ports grep flow proto=44]) +OVS_TRAFFIC_VSWITCHD_START() + +AT_CHECK([ovs-ofctl add-flow br0 "priority=1,actions=normal"]) +AT_CHECK([ovs-ofctl add-flow br0 "priority=2,tcp6,actions=drop"]) + +ADD_NAMESPACES(at_ns0, at_ns1) + +ADD_VETH(p0, at_ns0, br0, "fc00::1/96") +ADD_VETH(p1, at_ns1, br0, "fc00::2/96") + +dnl Linux seems to take a little time to get its IPv6 stack in order. Without +dnl waiting, we get occasional failures due to the following error: +dnl "connect: Cannot assign requested address" +OVS_WAIT_UNTIL([ip netns exec at_ns0 ping6 -c 1 fc00::2]) + +NS_CHECK_EXEC([at_ns0], [ping6 -q -c 3 -i 0.3 -w 2 fc00::2 | FORMAT_PING], [0], [dnl +3 packets transmitted, 3 received, 0% packet loss, time 0ms +]) +NS_CHECK_EXEC([at_ns0], [ping6 -s 1600 -q -c 3 -i 0.3 -w 2 fc00::2 | FORMAT_PING], [0], [dnl +3 packets transmitted, 3 received, 0% packet loss, time 0ms +]) +NS_CHECK_EXEC([at_ns0], [ping6 -s 3200 -q -c 3 -i 0.3 -w 2 fc00::2 | FORMAT_PING], [0], [dnl +3 packets transmitted, 3 received, 0% packet loss, time 0ms +]) + +NS_CHECK_EXEC([at_ns0], [ovs-appctl dpctl/dump-flows -m --names > stdout.txt]) +NS_CHECK_EXEC([at_ns0], [grep ipv6 stdout.txt | grep frag=later | grep -q proto=44], [0], []) +NS_CHECK_EXEC([at_ns0], [grep ipv6 stdout.txt | grep frag=later | grep -v -q proto=44], [1], []) + +OVS_TRAFFIC_VSWITCHD_STOP +AT_CLEANUP + AT_SETUP([datapath - ping over bond]) OVS_TRAFFIC_VSWITCHD_START() -- 2.35.3 _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
