From: Aaron Conole <aconole@redhat.com>
To: Adrian Moreno <amorenoz@redhat.com>
Cc: netdev@vger.kernel.org, i.maximets@ovn.org, eric@garver.life,
dev@openvswitch.org
Subject: Re: [net-next v3 7/7] selftests: openvswitch: add explicit drop testcase
Date: Wed, 09 Aug 2023 11:18:32 -0400 [thread overview]
Message-ID: <f7t5y5o2qif.fsf@redhat.com> (raw)
In-Reply-To: <9b6b05e7-ff29-b8cd-66e1-fb931778bee5@redhat.com> (Adrian Moreno's message of "Wed, 9 Aug 2023 09:02:12 +0200")
Adrian Moreno <amorenoz@redhat.com> writes:
> On 8/8/23 17:02, Aaron Conole wrote:
>> Adrian Moreno <amorenoz@redhat.com> writes:
>>
>>> Make ovs-dpctl.py support explicit drops as:
>>> "drop" -> implicit empty-action drop
>>> "drop(0)" -> explicit non-error action drop
>> I also suggest a test in netlink_checks to make sure drop can't be
>> followed by additional actions. Something like:
>> 3,drop(0),2
>> which should generate a NL message that has the drop attribute with
>> additional action data following it.
>
> Ack, will do.
>
> The check I've added in flow_netlink.c does not include any custom
> message. Just returning -EINVAL in __ovs_nla_copy_actions() ends up
> printing "Flow actions may not be safe on all matching packets" to
> dmesg. Maybe it's too generic or even misleading in some cases but I
> saw other action verifications do the same so I thought it might be
> kind of expected at this point.
>
> Do you think a custom message (in addition to the generic one) is needed?
I think the message is fine. There could be a bigger effort at some
point to try and do per-attribute rejection messages.
> Thanks.
> --
> Adrián
>
>>
>>> "drop(42)" -> explicit error action drop
>>>
>>> Signed-off-by: Adrian Moreno <amorenoz@redhat.com>
>>> ---
>>> .../selftests/net/openvswitch/openvswitch.sh | 25 +++++++++++++++++++
>>> .../selftests/net/openvswitch/ovs-dpctl.py | 21 ++++++++++++----
>>> 2 files changed, 41 insertions(+), 5 deletions(-)
>>>
>>> diff --git a/tools/testing/selftests/net/openvswitch/openvswitch.sh b/tools/testing/selftests/net/openvswitch/openvswitch.sh
>>> index a10c345f40ef..c568ba1b7900 100755
>>> --- a/tools/testing/selftests/net/openvswitch/openvswitch.sh
>>> +++ b/tools/testing/selftests/net/openvswitch/openvswitch.sh
>>> @@ -217,6 +217,31 @@ test_drop_reason() {
>>> return 1
>>> fi
>>> + # Drop UDP 6000 traffic with an explicit action and an error
>>> code.
>>> + ovs_add_flow "test_drop_reason" dropreason \
>>> + "in_port(1),eth(),eth_type(0x0800),ipv4(src=172.31.110.10,proto=17),udp(dst=6000)" \
>>> + 'drop(42)'
>>> + # Drop UDP 7000 traffic with an explicit action with no error code.
>>> + ovs_add_flow "test_drop_reason" dropreason \
>>> + "in_port(1),eth(),eth_type(0x0800),ipv4(src=172.31.110.10,proto=17),udp(dst=7000)" \
>>> + 'drop(0)'
>>> +
>>> + ovs_drop_record_and_run \
>>> + "test_drop_reason" ip netns exec client nc -i 1 -zuv 172.31.110.20 6000
>>> + ovs_drop_reason_count 0x30004 # OVS_DROP_EXPLICIT_ACTION_ERROR
>>> + if [[ "$?" -ne "1" ]]; then
>>> + info "Did not detect expected explicit error drops: $?"
>>> + return 1
>>> + fi
>>> +
>>> + ovs_drop_record_and_run \
>>> + "test_drop_reason" ip netns exec client nc -i 1 -zuv 172.31.110.20 7000
>>> + ovs_drop_reason_count 0x30003 # OVS_DROP_EXPLICIT_ACTION
>>> + if [[ "$?" -ne "1" ]]; then
>>> + info "Did not detect expected explicit drops: $?"
>>> + return 1
>>> + fi
>>> +
>>> return 0
>>> }
>>> diff --git a/tools/testing/selftests/net/openvswitch/ovs-dpctl.py
>>> b/tools/testing/selftests/net/openvswitch/ovs-dpctl.py
>>> index 5fee330050c2..912dc8c49085 100644
>>> --- a/tools/testing/selftests/net/openvswitch/ovs-dpctl.py
>>> +++ b/tools/testing/selftests/net/openvswitch/ovs-dpctl.py
>>> @@ -449,7 +449,7 @@ class ovsactions(nla):
>>> elif field[0] == "OVS_ACTION_ATTR_TRUNC":
>>> print_str += "trunc(%d)" % int(self.get_attr(field[0]))
>>> elif field[0] == "OVS_ACTION_ATTR_DROP":
>>> - print_str += "drop"
>>> + print_str += "drop(%d)" % int(self.get_attr(field[0]))
>>> elif field[1] == "flag":
>>> if field[0] == "OVS_ACTION_ATTR_CT_CLEAR":
>>> print_str += "ct_clear"
>>> @@ -471,10 +471,21 @@ class ovsactions(nla):
>>> while len(actstr) != 0:
>>> parsed = False
>>> if actstr.startswith("drop"):
>>> - # for now, drops have no explicit action, so we
>>> - # don't need to set any attributes. The final
>>> - # act of the processing chain will just drop the packet
>>> - return
>>> + # If no reason is provided, the implicit drop is used (i.e no
>>> + # action). If some reason is given, an explicit action is used.
>>> + actstr, reason = parse_extract_field(
>>> + actstr,
>>> + "drop(",
>>> + "([0-9]+)",
>>> + lambda x: int(x, 0),
>>> + False,
>>> + None,
>>> + )
>>> + if reason is not None:
>>> + self["attrs"].append(["OVS_ACTION_ATTR_DROP", reason])
>>> + parsed = True
>>> + else:
>>> + return
>>> elif parse_starts_block(actstr, "^(\d+)", False,
>>> True):
>>> actstr, output = parse_extract_field(
>>
prev parent reply other threads:[~2023-08-09 15:18 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-07 16:45 [net-next v3 0/7] openvswitch: add drop reasons Adrian Moreno
2023-08-07 16:45 ` [net-next v3 1/7] net: openvswitch: add datapath flow drop reason Adrian Moreno
2023-08-08 14:36 ` Aaron Conole
2023-08-08 18:02 ` Ilya Maximets
2023-08-09 6:47 ` Adrian Moreno
2023-08-07 16:45 ` [net-next v3 2/7] net: openvswitch: add action error " Adrian Moreno
2023-08-08 14:37 ` Aaron Conole
2023-08-07 16:45 ` [net-next v3 3/7] net: openvswitch: add explicit drop action Adrian Moreno
2023-08-08 14:53 ` Aaron Conole
2023-08-09 6:49 ` Adrian Moreno
2023-08-08 18:10 ` Ilya Maximets
2023-08-09 7:03 ` Adrian Moreno
2023-08-07 16:45 ` [net-next v3 4/7] net: openvswitch: add meter drop reason Adrian Moreno
2023-08-08 14:53 ` Aaron Conole
2023-08-07 16:45 ` [net-next v3 5/7] net: openvswitch: add misc error drop reasons Adrian Moreno
2023-08-08 14:56 ` Aaron Conole
2023-08-07 16:45 ` [net-next v3 6/7] selftests: openvswitch: add drop reason testcase Adrian Moreno
2023-08-08 15:04 ` Aaron Conole
2023-08-07 16:45 ` [net-next v3 7/7] selftests: openvswitch: add explicit drop testcase Adrian Moreno
2023-08-08 15:02 ` Aaron Conole
2023-08-09 7:02 ` Adrian Moreno
2023-08-09 15:18 ` Aaron Conole [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f7t5y5o2qif.fsf@redhat.com \
--to=aconole@redhat.com \
--cc=amorenoz@redhat.com \
--cc=dev@openvswitch.org \
--cc=eric@garver.life \
--cc=i.maximets@ovn.org \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.