On Mon, 25 Jun 2018 10:03:02 -0700 Han Zhou <[email protected]> wrote:
> A bug was reported on the feature of applying ACLs on port groups [1]. > This bug was not detected by the original test case, because it didn't > test the return traffic and so didn't ensure the stateful feature is > working. The fix [2] causes the original test case fail, because > once the conntrack is enabled, the test packets are dropped because > the checksum in those packets are invalid and so marked with "invalid" > state by conntrack. To avoid the test case failure, the fix [2] changed > it to test stateless acl only, which leaves the scenario untested, > although it is fixed. This patch adds back the stateful ACL in the > test, and replaced the dummy/receive with inject-pkt to send the test > packets, so that checksums can be properly filled in, and it also > adds tests for the return traffic, which ensures the stateful is > working. > > [1] https://mail.openvswitch.org/pipermail/ovs-discuss/2018-June/046927.html > > [2] https://patchwork.ozlabs.org/patch/931913/ > > Signed-off-by: Han Zhou <[email protected]> > --- > Note: this patch depends on Daniel's patch [2] which is not merged yet. > v1->v2: > - Addressed Jacub's comments - simplified packet expr and removed > debug information. > - Renamed test_ip to test_icmp. > v2->v3: > - Updated comments. > > tests/ovn.at | 69 > ++++++++++++++++++++++++++++++++++++++++++------------------ > 1 file changed, 48 insertions(+), 21 deletions(-) Acked-by: Jakub Sitnicki <[email protected]> _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
