Re: [ovs-dev] [PATCH 5/5] system-traffic.at: Do not use ranges with broadcast address.

[Ilya Maximets]

On 1/28/22 17:14, Aaron Conole wrote:
> From: Paolo Valerio 
> 
> turn a bunch of test ranges from 10.1.1.240-10.1.1.255 to
> 10.1.1.240-10.1.1.254. 10.1.1.255 is the broadcast address for
> 10.1.1.0/24 and can be picked to SNAT packets causing the subsequent
> failure of the test.
> 
> Fixes: 9ac0aadab9f9 ("conntrack: Add support for NAT.")
> Fixes: e32cd4c6292e ("conntrack: ignore port for ICMP/ICMPv6 NAT.")
> Signed-off-by: Paolo Valerio 
> Acked-by: Eelco Chaudron 
> Acked-by: Aaron Conole 
> Signed-off-by: Aaron Conole 
> ---
>  tests/system-traffic.at | 14 +++---
>  1 file changed, 7 insertions(+), 7 deletions(-)

Applied this one for now.  Thanks!

Best regards, Ilya Maximets.
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH 5/5] system-traffic.at: Do not use ranges with broadcast address.

[0-day Robot]

Bleep bloop.  Greetings Aaron Conole, I am a robot and I have tried out your 
patch.
Thanks for your contribution.

I encountered some error that I wasn't expecting.  See the details below.


checkpatch:
WARNING: Unexpected sign-offs from developers who are not authors or co-authors 
or committers: Aaron Conole 
Lines checked: 84, Warnings: 1, Errors: 0


Please check this out.  If you feel there has been an error, please email 
acon...@redhat.com

Thanks,
0-day Robot
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

[ovs-dev] [PATCH 5/5] system-traffic.at: Do not use ranges with broadcast address.

[Aaron Conole]

From: Paolo Valerio 

turn a bunch of test ranges from 10.1.1.240-10.1.1.255 to
10.1.1.240-10.1.1.254. 10.1.1.255 is the broadcast address for
10.1.1.0/24 and can be picked to SNAT packets causing the subsequent
failure of the test.

Fixes: 9ac0aadab9f9 ("conntrack: Add support for NAT.")
Fixes: e32cd4c6292e ("conntrack: ignore port for ICMP/ICMPv6 NAT.")
Signed-off-by: Paolo Valerio 
Acked-by: Eelco Chaudron 
Acked-by: Aaron Conole 
Signed-off-by: Aaron Conole 
---
 tests/system-traffic.at | 14 +++---
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/tests/system-traffic.at b/tests/system-traffic.at
index 50d281d186..502931270b 100644
--- a/tests/system-traffic.at
+++ b/tests/system-traffic.at
@@ -4871,7 +4871,7 @@ ADD_VETH(p1, at_ns1, br0, "10.1.1.2/24")
 
 dnl Allow any traffic from ns0->ns1. Only allow nd, return traffic from 
ns1->ns0.
 AT_DATA([flows.txt], [dnl
-in_port=1,ip,action=ct(commit,zone=1,nat(src=10.1.1.240-10.1.1.255)),2
+in_port=1,ip,action=ct(commit,zone=1,nat(src=10.1.1.240-10.1.1.254)),2
 in_port=2,ct_state=-trk,ip,action=ct(table=0,zone=1,nat)
 in_port=2,ct_state=+trk,ct_zone=1,ip,action=1
 dnl
@@ -4960,7 +4960,7 @@ ADD_VETH(p1, at_ns1, br0, "10.1.1.2/24")
 
 dnl Allow any traffic from ns0->ns1. Only allow nd, return traffic from 
ns1->ns0.
 AT_DATA([flows.txt], [dnl
-in_port=1,tcp,action=ct(commit,zone=1,nat(src=10.1.1.240-10.1.1.255:34567-34568,random)),2
+in_port=1,tcp,action=ct(commit,zone=1,nat(src=10.1.1.240-10.1.1.254:34567-34568,random)),2
 in_port=2,ct_state=-trk,tcp,tp_dst=34567,action=ct(table=0,zone=1,nat)
 in_port=2,ct_state=-trk,tcp,tp_dst=34568,action=ct(table=0,zone=1,nat)
 in_port=2,ct_state=+trk,ct_zone=1,tcp,action=1
@@ -5008,7 +5008,7 @@ ADD_VETH(p1, at_ns1, br0, "10.1.1.2/24")
 
 dnl Allow any traffic from ns0->ns1. Only allow nd, return traffic from 
ns1->ns0.
 AT_DATA([flows.txt], [dnl
-in_port=1,ip,action=ct(commit,zone=1,nat(src=10.1.1.240-10.1.1.255:2)),2
+in_port=1,ip,action=ct(commit,zone=1,nat(src=10.1.1.240-10.1.1.254:2)),2
 in_port=2,ct_state=-trk,ip,action=ct(table=0,zone=1,nat)
 in_port=2,ct_state=+trk,ct_zone=1,action=1
 dnl
@@ -5113,8 +5113,8 @@ priority=100 arp arp_op=1 
action=move:OXM_OF_ARP_TPA[[]]->NXM_NX_REG2[[]],resubm
 priority=10 arp action=normal
 priority=0 action=drop
 dnl
-dnl Allow any traffic from ns0->ns1. SNAT ns0 to 10.1.1.240-10.1.1.255
-table=1 priority=100 in_port=1 ip ct_state=+trk+new-est 
action=ct(commit,zone=1,nat(src=10.1.1.240-10.1.1.255)),2
+dnl Allow any traffic from ns0->ns1. SNAT ns0 to 10.1.1.240-10.1.1.254
+table=1 priority=100 in_port=1 ip ct_state=+trk+new-est 
action=ct(commit,zone=1,nat(src=10.1.1.240-10.1.1.254)),2
 table=1 priority=100 in_port=1 ip ct_state=+trk-new+est action=2
 dnl Only allow established traffic from ns1->ns0.
 table=1 priority=100 in_port=2 ip ct_state=+trk-new+est action=1
@@ -5358,7 +5358,7 @@ ADD_VETH(p1, at_ns1, br0, "10.1.1.2/24")
 dnl Allow UDP traffic from ns0->ns1. Only allow related ICMP responses back.
 dnl Make sure ICMP responses are reverse-NATted.
 AT_DATA([flows.txt], [dnl
-in_port=1,udp,action=ct(commit,nat(src=10.1.1.240-10.1.1.255),exec(set_field:1->ct_mark)),2
+in_port=1,udp,action=ct(commit,nat(src=10.1.1.240-10.1.1.254),exec(set_field:1->ct_mark)),2
 in_port=2,icmp,ct_state=-trk,action=ct(table=0,nat)
 in_port=2,icmp,nw_dst=10.1.1.1,ct_state=+trk+rel,ct_mark=1,action=1
 dnl
@@ -5390,7 +5390,7 @@ NS_CHECK_EXEC([at_ns0], [bash -c "echo a | nc $NC_EOF_OPT 
-u 10.1.1.2 1"])
 AT_CHECK([ovs-appctl revalidator/purge], [0])
 AT_CHECK([ovs-ofctl -O OpenFlow15 dump-flows br0 | ofctl_strip | sort | grep 
-v drop], [0], [dnl
  n_packets=1, n_bytes=42, priority=10,arp actions=NORMAL
- n_packets=1, n_bytes=44, udp,in_port=1 
actions=ct(commit,nat(src=10.1.1.240-10.1.1.255),exec(set_field:0x1->ct_mark)),output:2
+ n_packets=1, n_bytes=44, udp,in_port=1 
actions=ct(commit,nat(src=10.1.1.240-10.1.1.254),exec(set_field:0x1->ct_mark)),output:2
  n_packets=1, n_bytes=72, 
ct_state=+rel+trk,ct_mark=0x1,icmp,in_port=2,nw_dst=10.1.1.1 actions=output:1
  n_packets=1, n_bytes=72, ct_state=-trk,icmp,in_port=2 actions=ct(table=0,nat)
  n_packets=2, n_bytes=84, priority=100,arp,arp_op=1 
actions=move:NXM_OF_ARP_TPA[[]]->NXM_NX_REG2[[]],resubmit(,8),goto_table:10
-- 
2.31.1

___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev