* [PATCH net-next 0/3] tc-testing: add test for ct DNAT tuple collision
@ 2021-06-22 15:04 Marcelo Ricardo Leitner
2021-06-22 15:05 ` [PATCH net-next 1/3] tc-testing: fix list handling Marcelo Ricardo Leitner
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: Marcelo Ricardo Leitner @ 2021-06-22 15:04 UTC (permalink / raw)
To: netdev; +Cc: dcaratti, Jamal Hadi Salim
That was fixed in 13c62f5371e3 ("net/sched: act_ct: handle DNAT tuple
collision").
For that, it requires that tdc is able to send diverse packets with
scapy, which is then done on the 2nd patch of this series.
Marcelo Ricardo Leitner (3):
tc-testing: fix list handling
tc-testing: add support for sending various scapy packets
tc-testing: add test for ct DNAT tuple collision
.../tc-testing/plugin-lib/scapyPlugin.py | 42 +++++++++--------
.../tc-testing/tc-tests/actions/ct.json | 45 +++++++++++++++++++
2 files changed, 68 insertions(+), 19 deletions(-)
--
2.31.1
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH net-next 1/3] tc-testing: fix list handling
2021-06-22 15:04 [PATCH net-next 0/3] tc-testing: add test for ct DNAT tuple collision Marcelo Ricardo Leitner
@ 2021-06-22 15:05 ` Marcelo Ricardo Leitner
2021-06-22 15:05 ` [PATCH net-next 2/3] tc-testing: add support for sending various scapy packets Marcelo Ricardo Leitner
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: Marcelo Ricardo Leitner @ 2021-06-22 15:05 UTC (permalink / raw)
To: netdev; +Cc: dcaratti, Jamal Hadi Salim
python lists don't have an 'add' method, but 'append'.
Fixes: 14e5175e9e04 ("tc-testing: introduce scapyPlugin for basic traffic")
Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
---
tools/testing/selftests/tc-testing/plugin-lib/scapyPlugin.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/testing/selftests/tc-testing/plugin-lib/scapyPlugin.py b/tools/testing/selftests/tc-testing/plugin-lib/scapyPlugin.py
index 229ee185b27e198dd1a1ec7a4408751e54428d60..a7b21658af9b463cef8c9b3d4023f222426f239b 100644
--- a/tools/testing/selftests/tc-testing/plugin-lib/scapyPlugin.py
+++ b/tools/testing/selftests/tc-testing/plugin-lib/scapyPlugin.py
@@ -36,7 +36,7 @@ class SubPlugin(TdcPlugin):
for k in scapy_keys:
if k not in scapyinfo:
keyfail = True
- missing_keys.add(k)
+ missing_keys.append(k)
if keyfail:
print('{}: Scapy block present in the test, but is missing info:'
.format(self.sub_class))
--
2.31.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH net-next 2/3] tc-testing: add support for sending various scapy packets
2021-06-22 15:04 [PATCH net-next 0/3] tc-testing: add test for ct DNAT tuple collision Marcelo Ricardo Leitner
2021-06-22 15:05 ` [PATCH net-next 1/3] tc-testing: fix list handling Marcelo Ricardo Leitner
@ 2021-06-22 15:05 ` Marcelo Ricardo Leitner
2021-06-22 15:05 ` [PATCH net-next 3/3] tc-testing: add test for ct DNAT tuple collision Marcelo Ricardo Leitner
2021-06-22 18:00 ` [PATCH net-next 0/3] " patchwork-bot+netdevbpf
3 siblings, 0 replies; 5+ messages in thread
From: Marcelo Ricardo Leitner @ 2021-06-22 15:05 UTC (permalink / raw)
To: netdev; +Cc: dcaratti, Jamal Hadi Salim
It can be worth sending different scapy packets on a given test, as in the
last patch of this series. For that, lets listify the scapy attribute and
simply iterate over it.
Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
---
.../tc-testing/plugin-lib/scapyPlugin.py | 42 ++++++++++---------
1 file changed, 23 insertions(+), 19 deletions(-)
diff --git a/tools/testing/selftests/tc-testing/plugin-lib/scapyPlugin.py b/tools/testing/selftests/tc-testing/plugin-lib/scapyPlugin.py
index a7b21658af9b463cef8c9b3d4023f222426f239b..254136e3da5ac401adb5bf91b92b3a6ae3cda042 100644
--- a/tools/testing/selftests/tc-testing/plugin-lib/scapyPlugin.py
+++ b/tools/testing/selftests/tc-testing/plugin-lib/scapyPlugin.py
@@ -29,22 +29,26 @@ class SubPlugin(TdcPlugin):
return
# Check for required fields
- scapyinfo = self.args.caseinfo['scapy']
- scapy_keys = ['iface', 'count', 'packet']
- missing_keys = []
- keyfail = False
- for k in scapy_keys:
- if k not in scapyinfo:
- keyfail = True
- missing_keys.append(k)
- if keyfail:
- print('{}: Scapy block present in the test, but is missing info:'
- .format(self.sub_class))
- print('{}'.format(missing_keys))
-
- pkt = eval(scapyinfo['packet'])
- if '$' in scapyinfo['iface']:
- tpl = Template(scapyinfo['iface'])
- scapyinfo['iface'] = tpl.safe_substitute(NAMES)
- for count in range(scapyinfo['count']):
- sendp(pkt, iface=scapyinfo['iface'])
+ lscapyinfo = self.args.caseinfo['scapy']
+ if type(lscapyinfo) != list:
+ lscapyinfo = [ lscapyinfo, ]
+
+ for scapyinfo in lscapyinfo:
+ scapy_keys = ['iface', 'count', 'packet']
+ missing_keys = []
+ keyfail = False
+ for k in scapy_keys:
+ if k not in scapyinfo:
+ keyfail = True
+ missing_keys.append(k)
+ if keyfail:
+ print('{}: Scapy block present in the test, but is missing info:'
+ .format(self.sub_class))
+ print('{}'.format(missing_keys))
+
+ pkt = eval(scapyinfo['packet'])
+ if '$' in scapyinfo['iface']:
+ tpl = Template(scapyinfo['iface'])
+ scapyinfo['iface'] = tpl.safe_substitute(NAMES)
+ for count in range(scapyinfo['count']):
+ sendp(pkt, iface=scapyinfo['iface'])
--
2.31.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH net-next 3/3] tc-testing: add test for ct DNAT tuple collision
2021-06-22 15:04 [PATCH net-next 0/3] tc-testing: add test for ct DNAT tuple collision Marcelo Ricardo Leitner
2021-06-22 15:05 ` [PATCH net-next 1/3] tc-testing: fix list handling Marcelo Ricardo Leitner
2021-06-22 15:05 ` [PATCH net-next 2/3] tc-testing: add support for sending various scapy packets Marcelo Ricardo Leitner
@ 2021-06-22 15:05 ` Marcelo Ricardo Leitner
2021-06-22 18:00 ` [PATCH net-next 0/3] " patchwork-bot+netdevbpf
3 siblings, 0 replies; 5+ messages in thread
From: Marcelo Ricardo Leitner @ 2021-06-22 15:05 UTC (permalink / raw)
To: netdev; +Cc: dcaratti, Jamal Hadi Salim
When this test fails, /proc/net/nf_conntrack gets only 1 entry:
ipv4 2 tcp 6 119 SYN_SENT src=10.0.0.10 dst=10.0.0.10 sport=5000 dport=10 [UNREPLIED] src=20.0.0.1 dst=10.0.0.10 sport=10 dport=5000 mark=0 secctx=system_u:object_r:unlabeled_t:s0 zone=0 use=2
When it works, it gets 2 entries:
ipv4 2 tcp 6 119 SYN_SENT src=10.0.0.10 dst=10.0.0.20 sport=5000 dport=10 [UNREPLIED] src=20.0.0.1 dst=10.0.0.10 sport=10 dport=58203 mark=0 secctx=system_u:object_r:unlabeled_t:s0 zone=0 use=2
ipv4 2 tcp 6 119 SYN_SENT src=10.0.0.10 dst=10.0.0.10 sport=5000 dport=10 [UNREPLIED] src=20.0.0.1 dst=10.0.0.10 sport=10 dport=5000 mark=0 secctx=system_u:object_r:unlabeled_t:s0 zone=0 use=2
The missing entry is because the 2nd packet hits a tuple collusion and the
conntrack entry doesn't get allocated.
Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
---
.../tc-testing/tc-tests/actions/ct.json | 45 +++++++++++++++++++
1 file changed, 45 insertions(+)
diff --git a/tools/testing/selftests/tc-testing/tc-tests/actions/ct.json b/tools/testing/selftests/tc-testing/tc-tests/actions/ct.json
index 4202e95e27b99536491cd8b94e92b07851551616..bd843ab00a58a44af14182fd30d7a4f74b1c63cd 100644
--- a/tools/testing/selftests/tc-testing/tc-tests/actions/ct.json
+++ b/tools/testing/selftests/tc-testing/tc-tests/actions/ct.json
@@ -406,5 +406,50 @@
"teardown": [
"$TC actions flush action ct"
]
+ },
+ {
+ "id": "3992",
+ "name": "Add ct action triggering DNAT tuple conflict",
+ "category": [
+ "actions",
+ "ct",
+ "scapy"
+ ],
+ "plugins": {
+ "requires": [
+ "nsPlugin",
+ "scapyPlugin"
+ ]
+ },
+ "setup": [
+ [
+ "$TC qdisc del dev $DEV1 ingress",
+ 0,
+ 1,
+ 2,
+ 255
+ ],
+ "$TC qdisc add dev $DEV1 ingress"
+ ],
+ "cmdUnderTest": "$TC filter add dev $DEV1 ingress protocol ip prio 1 flower ct_state -trk action ct commit nat dst addr 20.0.0.1 port 10 pipe action drop",
+ "scapy": [
+ {
+ "iface": "$DEV0",
+ "count": 1,
+ "packet": "Ether(type=0x800)/IP(src='10.0.0.10',dst='10.0.0.10')/TCP(sport=5000,dport=10)"
+ },
+ {
+ "iface": "$DEV0",
+ "count": 1,
+ "packet": "Ether(type=0x800)/IP(src='10.0.0.10',dst='10.0.0.20')/TCP(sport=5000,dport=10)"
+ }
+ ],
+ "expExitCode": "0",
+ "verifyCmd": "cat /proc/net/nf_conntrack",
+ "matchPattern": "dst=10.0.0.20",
+ "matchCount": "1",
+ "teardown": [
+ "$TC qdisc del dev $DEV1 ingress"
+ ]
}
]
--
2.31.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH net-next 0/3] tc-testing: add test for ct DNAT tuple collision
2021-06-22 15:04 [PATCH net-next 0/3] tc-testing: add test for ct DNAT tuple collision Marcelo Ricardo Leitner
` (2 preceding siblings ...)
2021-06-22 15:05 ` [PATCH net-next 3/3] tc-testing: add test for ct DNAT tuple collision Marcelo Ricardo Leitner
@ 2021-06-22 18:00 ` patchwork-bot+netdevbpf
3 siblings, 0 replies; 5+ messages in thread
From: patchwork-bot+netdevbpf @ 2021-06-22 18:00 UTC (permalink / raw)
To: Marcelo Ricardo Leitner; +Cc: netdev, dcaratti, jhs
Hello:
This series was applied to netdev/net-next.git (refs/heads/master):
On Tue, 22 Jun 2021 12:04:59 -0300 you wrote:
> That was fixed in 13c62f5371e3 ("net/sched: act_ct: handle DNAT tuple
> collision").
>
> For that, it requires that tdc is able to send diverse packets with
> scapy, which is then done on the 2nd patch of this series.
>
> Marcelo Ricardo Leitner (3):
> tc-testing: fix list handling
> tc-testing: add support for sending various scapy packets
> tc-testing: add test for ct DNAT tuple collision
>
> [...]
Here is the summary with links:
- [net-next,1/3] tc-testing: fix list handling
https://git.kernel.org/netdev/net-next/c/b4fd096cbb87
- [net-next,2/3] tc-testing: add support for sending various scapy packets
https://git.kernel.org/netdev/net-next/c/11f04de9021a
- [net-next,3/3] tc-testing: add test for ct DNAT tuple collision
https://git.kernel.org/netdev/net-next/c/e46905641316
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2021-06-22 18:00 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-06-22 15:04 [PATCH net-next 0/3] tc-testing: add test for ct DNAT tuple collision Marcelo Ricardo Leitner
2021-06-22 15:05 ` [PATCH net-next 1/3] tc-testing: fix list handling Marcelo Ricardo Leitner
2021-06-22 15:05 ` [PATCH net-next 2/3] tc-testing: add support for sending various scapy packets Marcelo Ricardo Leitner
2021-06-22 15:05 ` [PATCH net-next 3/3] tc-testing: add test for ct DNAT tuple collision Marcelo Ricardo Leitner
2021-06-22 18:00 ` [PATCH net-next 0/3] " patchwork-bot+netdevbpf
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.