On 29 September 2015 at 13:40, Joe Stringer <joestrin...@nicira.com> wrote: > When interacting with the local stack, the kernel may provide packets > with existing ct state as they ingress OVS. These tests check that we > are able to connection-track such packets successfully in non-zero > zones, using slightly more realistic pipelines. > > Signed-off-by: Joe Stringer <joestrin...@nicira.com> > --- > tests/system-common-macros.at | 5 +- > tests/system-traffic.at | 117 > ++++++++++++++++++++++++++++++++++++++++++ > 2 files changed, 121 insertions(+), 1 deletion(-) > > diff --git a/tests/system-common-macros.at b/tests/system-common-macros.at > index 8f3b318..f0da589 100644 > --- a/tests/system-common-macros.at > +++ b/tests/system-common-macros.at > @@ -124,7 +124,10 @@ m4_define([FORMAT_PING], [grep "transmitted" | sed > 's/time.*ms$/time 0ms/']) > # Strip content from the piped input which would differ from test to test. > # > m4_define([FORMAT_CT], > - [[grep "dst=$1" | sed -e 's/port=[0-9]*/port=<cleared>/g' -e 's/ */ /g' > -e 's/secctx[^ ]* //' | cut -d' ' -f4- | sort | uniq]]) > + [[grep "dst=$1" | sed -e 's/port=[0-9]*/port=<cleared>/g' -e 's/ */ /g' > \ > + -e 's/secctx[^ ]* //' \ > + -e 's/id=[0-9]*/id=<cleared>/g' \ > + | cut -d' ' -f4- | sort | uniq]]) > > # NETNS_DAEMONIZE([namespace], [command], [pidfile]) > # > diff --git a/tests/system-traffic.at b/tests/system-traffic.at > index 081531b..84f5baa 100644 > --- a/tests/system-traffic.at > +++ b/tests/system-traffic.at > @@ -566,6 +566,123 @@ TIME_WAIT src=10.1.1.1 dst=10.1.1.2 sport=<cleared> > dport=<cleared> src=10.1.1.2 > OVS_TRAFFIC_VSWITCHD_STOP > AT_CLEANUP > > +AT_SETUP([conntrack - multiple zones, local]) > +CHECK_CONNTRACK() > +OVS_TRAFFIC_VSWITCHD_START( > + [set-fail-mode br0 secure -- ]) > + > +ADD_NAMESPACES(at_ns0) > + > +AT_CHECK([ip addr add dev br0 "10.1.1.1/24"]) > +AT_CHECK([ip link set dev br0 up]) > +on_exit 'ip addr del dev br0 "10.1.1.1/24"' > +ADD_VETH(p0, at_ns0, br0, "10.1.1.2/24") > + > +dnl Allow any traffic from ns0->ns1. Only allow nd, return traffic from > ns1->ns0.
This comment keeps leaking into other tests, it's meant to be the same as the comment in the equivalent part of the next test: +dnl Allow traffic from local stack to ns0. Only allow neighbour discovery, +dnl return traffic from ns0 back to the local stack. _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
