tests: Use fmt_pkt in portsecurity : 3 HVs, 1 LS, 3 lports/HV.

This test is much slower with fmt_pkt compared to main. It's likely due to the high number of fmt_pkt calls made during the test. Execution time: 17.484s Execution time on "main" branch: 4.975s Signed-off-by: Mark Michelson <mmichels@redhat.com> Signed-off-by: 0-day Robot <robot@bytheb.org>
ovsrobot · Oct 10, 2023 · 81d04ac · 81d04ac
1 parent 5855c68
commit 81d04ac
Showing 1 changed file with 115 additions and 109 deletions.
diff --git a/tests/ovn.at b/tests/ovn.at
@@ -5497,9 +5497,10 @@ done
 # be received.  INPORT and the OUTPORTs are specified as logical switch
 # port numbers, e.g. 11 for vif11.
 test_ip() {
-    # This packet has bad checksums but logical L3 routing doesn't check.
     local inport=$1 src_mac=$2 dst_mac=$3 src_ip=$4 dst_ip=$5
-    local packet=${dst_mac}${src_mac}08004500001c0000000040110000${src_ip}${dst_ip}0035111100080000
+    local packet=$(fmt_pkt "Ether(dst='${dst_mac}', src='${src_mac}')/ \
+                            IP(src='${src_ip}', dst='${dst_ip}')/ \
+                            UDP(sport=53, dport=4369)")
     shift; shift; shift; shift; shift
     hv=`vif_to_hv $inport`
     as $hv ovs-appctl netdev-dummy/receive vif$inport $packet
@@ -5520,7 +5521,8 @@ test_ip() {
 # SPA and TPA are each 8 hex digits.
 test_arp() {
     local inport=$1 smac=$2 sha=$3 spa=$4 tpa=$5 drop=$6 reply_ha=$7
-    local request=ffffffffffff${smac}08060001080006040001${sha}${spa}ffffffffffff${tpa}
+    local request=$(fmt_pkt "Ether(dst='ff:ff:ff:ff:ff:ff', src='${smac}')/ \
+                             ARP(hwsrc='${sha}', hwdst='ff:ff:ff:ff:ff:ff', psrc='${spa}', pdst='${tpa}')")
     hv=`vif_to_hv $inport`
     as $hv ovs-appctl netdev-dummy/receive vif$inport $request
     if test $drop != 1; then
@@ -5537,7 +5539,8 @@ test_arp() {
             done
         else
             # Expect to receive the reply, if any.
-            local reply=${smac}${reply_ha}08060001080006040002${reply_ha}${tpa}${sha}${spa}
+            local reply=$(fmt_pkt "Ether(dst='${smac}', src='${reply_ha}')/ \
+                                   ARP(op=2, hwsrc='${reply_ha}', hwdst='${sha}', psrc='${tpa}', pdst='${spa}')")
             echo $reply >> $inport.expected
         fi
     fi
@@ -5548,7 +5551,8 @@ test_arp() {
 # ipv6 packet
 test_ipv6() {
     local inport=$1 src_mac=$2 dst_mac=$3 src_ip=$4 dst_ip=$5
-    local packet=${dst_mac}${src_mac}86dd6000000000083aff${src_ip}${dst_ip}0000000000000000
+    local packet=$(fmt_pkt "Ether(dst='${dst_mac}', src='${src_mac}')/ \
+                            IPv6(src='${src_ip}', dst='${dst_ip}')")
     shift; shift; shift; shift; shift
     hv=`vif_to_hv $inport`
     as $hv ovs-appctl netdev-dummy/receive vif$inport $packet
@@ -5557,12 +5561,14 @@ test_ipv6() {
     done
 }
 
-# test_icmpv6 INPORT  SRC_MAC DST_MAC SRC_IP DST_IP ICMP_TYPE OUTPORT...
-# This function is similar to test_ipv6() except it specifies the ICMPv6 type
+# test_icmpv6 INPORT  SRC_MAC DST_MAC SRC_IP DST_IP ICMPV6 OUTPORT...
+# This function is similar to test_ipv6() except it specifies the ICMPv6 sub-packet
 # of the test packet
 test_icmpv6() {
-    local inport=$1 src_mac=$2 dst_mac=$3 src_ip=$4 dst_ip=$5 icmp_type=$6
-    local packet=${dst_mac}${src_mac}86dd6000000000083aff${src_ip}${dst_ip}${icmp_type}00000000000000
+    local inport=$1 src_mac=$2 dst_mac=$3 src_ip=$4 dst_ip=$5 icmpv6=$6
+    local packet=$(fmt_pkt "Ether(dst='${dst_mac}', src='${src_mac}')/ \
+                            IPv6(src='${src_ip}', dst='${dst_ip}')/ \
+                            ${icmpv6}")
     shift; shift; shift; shift; shift; shift
     hv=`vif_to_hv $inport`
     as $hv ovs-appctl netdev-dummy/receive vif$inport $packet
@@ -5572,226 +5578,226 @@ test_icmpv6() {
 }
 
 # no port security
-sip=`ip_to_hex 192 168 0 12`
-tip=`ip_to_hex 192 168 0 13`
+sip=192.168.0.12
+tip=192.168.0.13
 # the arp packet should be allowed even if lp[123]1 is
-# not configured with mac f00000000023 and ip 192.168.0.12
+# not configured with mac f0:00:00:00:00:23 and ip 192.168.0.12
 for i in 1 2 3; do
-    test_arp ${i}1 f00000000023 f00000000023 $sip $tip 0 f00000000013
+    test_arp ${i}1 f0:00:00:00:00:23 f0:00:00:00:00:23 $sip $tip 0 f0:00:00:00:00:13
     for j in 1 2 3; do
         if test $i != $j; then
-            test_ip ${i}1 f000000000${i}1 f000000000${j}1 $sip $tip ${j}1
+            test_ip ${i}1 f0:00:00:00:00:${i}1 f0:00:00:00:00:${j}1 $sip $tip ${j}1
         fi
     done
 done
 
 # l2 port security
-sip=`ip_to_hex 192 168 0 12`
-tip=`ip_to_hex 192 168 0 13`
+sip=192.168.0.12
+tip=192.168.0.13
 
 # arp packet should be allowed since lp22 is configured with
-# mac f00000000022
-test_arp 22 f00000000022 f00000000022 $sip $tip 0 f00000000013
+# mac f0:00:00:00:00:22
+test_arp 22 f0:00:00:00:00:22 f0:00:00:00:00:22 $sip $tip 0 f0:00:00:00:00:13
 
 # arp packet should not be allowed since lp32 is not configured with
-# mac f00000000021
-test_arp 32 f00000000021 f00000000021 $sip $tip 1
+# mac f0:00:00:00:00:21
+test_arp 32 f0:00:00:00:00:21 f0:00:00:00:00:21 $sip $tip 1
 
-# arp packet with sha set to f00000000021 should not be allowed
+# arp packet with sha set to f0:00:00:00:00:21 should not be allowed
 # for lp12
-test_arp 12 f00000000012 f00000000021 $sip $tip 1
+test_arp 12 f0:00:00:00:00:12 f0:00:00:00:00:21 $sip $tip 1
 
 # ip packets should be allowed and received since lp[123]2 do not
 # have l3 port security
-sip=`ip_to_hex 192 168 0 55`
-tip=`ip_to_hex 192 168 0 66`
+sip=192.168.0.55
+tip=192.168.0.66
 for i in 1 2 3; do
     for j in 1 2 3; do
         if test $i != $j; then
-            test_ip ${i}2 f000000000${i}2 f000000000${j}2 $sip $tip ${j}2
+            test_ip ${i}2 f0:00:00:00:00:${i}2 f0:00:00:00:00:${j}2 $sip $tip ${j}2
         fi
     done
 done
 
 # ipv6 packets should be received by lp[123]2
 # lp[123]1 can send ipv6 traffic as there is no port security
-sip=fe800000000000000000000000000000
-tip=ff020000000000000000000000000000
+sip=fe80::
+tip=ff02::
 
 for i in 1 2 3; do
-    test_ipv6 ${i}1 f000000000${i}1 f000000000${i}2 $sip $tip ${i}2
+    test_ipv6 ${i}1 f0:00:00:00:00:${i}1 f0:00:00:00:00:${i}2 $sip $tip ${i}2
 done
 
 
 # l2 and l3 port security
-sip=`ip_to_hex 192 168 0 13`
-tip=`ip_to_hex 192 168 0 22`
+sip=192.168.0.13
+tip=192.168.0.22
 # arp packet should be allowed since lp13 is configured with
-# f00000000013 and 192.168.0.13
-test_arp 13 f00000000013 f00000000013 $sip $tip 0 f00000000022
+# f0:00:00:00:00:13 and 192.168.0.13
+test_arp 13 f0:00:00:00:00:13 f0:00:00:00:00:13 $sip $tip 0 f0:00:00:00:00:22
 
 # the arp packet should be dropped because lp23 is not configured
-# with mac f00000000022
-sip=`ip_to_hex 192 168 0 13`
-tip=`ip_to_hex 192 168 0 22`
-test_arp 23 f00000000022 f00000000022 $sip $tip 1
+# with mac f0:00:00:00:00:22
+sip=192.168.0.13
+tip=192.168.0.22
+test_arp 23 f0:00:00:00:00:22 f0:00:00:00:00:22 $sip $tip 1
 
 # the arp packet should be dropped because lp33 is not configured
 # with ip 192.168.0.55
-spa=`ip_to_hex 192 168 0 55`
-tpa=`ip_to_hex 192 168 0 22`
-test_arp 33 f00000000031 f00000000031 $spa $tpa 1
+spa=192.168.0.55
+tpa=192.168.0.22
+test_arp 33 f0:00:00:00:00:31 f0:00:00:00:00:31 $spa $tpa 1
 
 # ip packets should not be received by lp[123]3 since
 # l3 port security is enabled
-sip=`ip_to_hex 192 168 0 55`
-tip=`ip_to_hex 192 168 0 66`
+sip=192.168.0.55
+tip=192.168.0.66
 for i in 1 2 3; do
     for j in 1 2 3; do
-        test_ip ${i}2 f000000000${i}2 f000000000${j}3 $sip $tip
+        test_ip ${i}2 f0:00:00:00:00:${i}2 f0:00:00:00:00:${j}3 $sip $tip
     done
 done
 
 # ipv6 packets should be dropped for lp[123]3 since
 # it is configured with only ipv4 address
-sip=fe800000000000000000000000000000
-tip=ff020000000000000000000000000000
+sip=fe80::
+tip=ff02::
 
 for i in 1 2 3; do
-    test_ipv6 ${i}3 f000000000${i}3 f00000000022 $sip $tip
+    test_ipv6 ${i}3 f0:00:00:00:00:${i}3 f0:00:00:00:00:22 $sip $tip
 done
 
-# ipv6 packets should not be received by lp[123]3 with mac f000000000$[123]3
+# ipv6 packets should not be received by lp[123]3 with mac f0:00:00:00:00:$[123]3
 # lp[123]1 can send ipv6 traffic as there is no port security
 for i in 1 2 3; do
-    test_ipv6 ${i}1 f000000000${i}1 f000000000${i}3 $sip $tip
+    test_ipv6 ${i}1 f0:00:00:00:00:${i}1 f0:00:00:00:00:${i}3 $sip $tip
 done
 
 # lp13 has extra port security with mac f0000000113 and ipv6 addr
 # fe80::ea2a:eaff:fe28:0012 and 4242::0013
 
 # ipv4 packet should be dropped for lp13 with mac f0000000113
-sip=`ip_to_hex 192 168 0 13`
-tip=`ip_to_hex 192 168 0 23`
-test_ip 13 f00000000113 f00000000023 $sip $tip
+sip=192.168.0.13
+tip=192.168.0.23
+test_ip 13 f0:00:00:00:01:13 f0:00:00:00:00:23 $sip $tip
 
-# ipv6 packet should be received by lp[123]3 with mac f00000000${i}${i}3
+# ipv6 packet should be received by lp[123]3 with mac f0:00:00:00:0${i}:${i}3
 # and ip6.dst as fe80::ea2a:eaff:fe28:0${i}${i}3.
 # lp11 can send ipv6 traffic as there is no port security
-sip=ee800000000000000000000000000000
+sip=ee80::
 for i in 1 2 3; do
-    tip=fe80000000000000ea2aeafffe2800${i}3
-    test_ipv6 11 f00000000011 f00000000${i}${i}3 $sip $tip ${i}3
-    tip=424200000000000000000000000000${i}3
-    test_ipv6 11 f00000000011 f00000000${i}${i}3 $sip $tip ${i}3
+    tip=fe80::ea2a:eaff:fe28:00${i}3
+    test_ipv6 11 f0:00:00:00:00:11 f0:00:00:00:0${i}:${i}3 $sip $tip ${i}3
+    tip=4242::${i}3
+    test_ipv6 11 f0:00:00:00:00:11 f0:00:00:00:0${i}:${i}3 $sip $tip ${i}3
 done
 
 
-# ipv6 packet should not be received by lp33 with mac f0000000333
+# ipv6 packet should not be received by lp33 with mac f0:00:00:00:03:33
 # and ip6.dst as fe80::ea2a:eaff:fe28:0023 or 4242::0023 as it is
 # configured with fe80::ea2a:eaff:fe28:0033 and 4242::0033
 # lp11 can send ipv6 traffic as there is no port security
 
-sip=ee800000000000000000000000000000
-tip=fe80000000000000ea2aeafffe280023
-test_ipv6 11 f00000000011 f00000000333 $sip $tip
-tip=42420000000000000000000000000023
-test_ipv6 11 f00000000011 f00000000333 $sip $tip
+sip=ee80::
+tip=fe80::ea2a:eaff:fe28:0023
+test_ipv6 11 f0:00:00:00:00:11 f0:00:00:00:03:33 $sip $tip
+tip=4242::23
+test_ipv6 11 f0:00:00:00:00:11 f0:00:00:00:03:33 $sip $tip
 
-# ipv6 packet should be allowed for lp[123]3 with mac f0000000${i}${i}3
+# ipv6 packet should be allowed for lp[123]3 with mac f0:00:00:00:0${i}:${i}3
 # and ip6.src fe80::ea2a:eaff:fe28:0${i}${i}3, 4242::00${i}3 and ip6.src ::.
 # and should be dropped for any other ip6.src
 # lp21 can receive ipv6 traffic as there is no port security
 
-tip=ee800000000000000000000000000000
+tip=ee80::
 for i in 1 2 3; do
-    sip=fe80000000000000ea2aeafffe2800${i}3
-    test_ipv6 ${i}3 f00000000${i}${i}3 f00000000021 $sip $tip 21
-    sip=424200000000000000000000000000${i}3
-    test_ipv6 ${i}3 f00000000${i}${i}3 f00000000021 $sip $tip 21
+    sip=fe80::ea2a:eaff:fe28:00${i}3
+    test_ipv6 ${i}3 f0:00:00:00:0${i}:${i}3 f0:00:00:00:00:21 $sip $tip 21
+    sip=4242::${i}3
+    test_ipv6 ${i}3 f0:00:00:00:0${i}:${i}3 f0:00:00:00:00:21 $sip $tip 21
 
     # Test ICMPv6 MLD reports (v1 and v2) and NS for DAD
-    sip=00000000000000000000000000000000
-    test_icmpv6 ${i}3 f00000000${i}${i}3 f00000000021 $sip ff020000000000000000000000160000 83 21
-    test_icmpv6 ${i}3 f00000000${i}${i}3 f00000000021 $sip ff020000000000000000000000160000 8f 21
-    test_icmpv6 ${i}3 f00000000${i}${i}3 f00000000021 $sip ff0200000000000000ea2aeafffe2800 87 21
+    sip=::
+    test_icmpv6 ${i}3 f0:00:00:00:0${i}:${i}3 f0:00:00:00:00:21 $sip ff02::16:0 "ICMPv6MLReport()" 21
+    test_icmpv6 ${i}3 f0:00:00:00:0${i}:${i}3 f0:00:00:00:00:21 $sip ff02::16:0 "ICMPv6MLReport2()" 21
+    test_icmpv6 ${i}3 f0:00:00:00:0${i}:${i}3 f0:00:00:00:00:21 $sip ff02::ea:2aea:fffe:2800 "ICMPv6ND_NS()" 21
     # Traffic to non-multicast traffic should be dropped
-    test_icmpv6 ${i}3 f00000000${i}${i}3 f00000000021 $sip $tip 83
+    test_icmpv6 ${i}3 f0:00:00:00:0${i}:${i}3 f0:00:00:00:00:21 $sip $tip "ICMPv6MLReport()"
     # Traffic of other ICMPv6 types should be dropped
-    test_icmpv6 ${i}3 f00000000${i}${i}3 f00000000021 $sip ff020000000000000000000000160000 80
+    test_icmpv6 ${i}3 f0:00:00:00:0${i}:${i}3 f0:00:00:00:00:21 $sip ff02::16:0 "ICMPv6EchoRequest()"
 
     # should be dropped
-    sip=ae80000000000000ea2aeafffe2800aa
-    test_ipv6 ${i}3 f00000000${i}${i}3 f00000000021 $sip $tip
+    sip=ae80::ea2aeafffe2800aa
+    test_ipv6 ${i}3 f0:00:00:00:0${i}:${i}3 f0:00:00:00:00:21 $sip $tip
 done
 
 # configure lsp13 to send and received IPv4 packets with an address range
 ovn-nbctl --wait=hv lsp-set-port-security lp13 "f0:00:00:00:00:13 192.168.0.13 20.0.0.4/24 10.0.0.0/24 4242::/64"
 
-sip=`ip_to_hex 10 0 0 13`
-tip=`ip_to_hex 192 168 0 22`
+sip=10.0.0.13
+tip=192.168.0.22
 # arp packet with inner ip 10.0.0.13 should be allowed for lsp13
-test_arp 13 f00000000013 f00000000013 $sip $tip 0 f00000000022
+test_arp 13 f0:00:00:00:00:13 f0:00:00:00:00:13 $sip $tip 0 f0:00:00:00:00:22
 
-sip=`ip_to_hex 10 0 0 14`
-tip=`ip_to_hex 192 168 0 23`
+sip=10.0.0.14
+tip=192.168.0.23
 # IPv4 packet from lsp13 with src ip 10.0.0.14 destined to lsp23
 # with dst ip 192.168.0.23 should be allowed
-test_ip 13 f00000000013 f00000000023 $sip $tip 23
+test_ip 13 f0:00:00:00:00:13 f0:00:00:00:00:23 $sip $tip 23
 
-sip=42420000000000000000000000000014
-tip=42420000000000000000000000000023
+sip=4242::14
+tip=4242::23
 # IPv6 packet from lsp13 with src ip 4242::14 destined to lsp23
 # with dst ip 4242::23 should be received by lsp23
-test_ipv6 13 f00000000013 f00000000223 $sip $tip 23
+test_ipv6 13 f0:00:00:00:00:13 f0:00:00:00:02:23 $sip $tip 23
 
-sip=`ip_to_hex 192 168 0 33`
-tip=`ip_to_hex 10 0 0 15`
+sip=192.168.0.33
+tip=10.0.0.15
 # IPv4 packet from lsp33 with src ip 192.168.0.33 destined to lsp13
 # with dst ip 10.0.0.15 should be received by lsp13
-test_ip 33 f00000000033 f00000000013 $sip $tip 13
+test_ip 33 f0:00:00:00:00:33 f0:00:00:00:00:13 $sip $tip 13
 
-sip=42420000000000000000000000000033
-tip=42420000000000000000000000000013
+sip=4242::33
+tip=4242::13
 # IPv6 packet from lsp33 with src ip 4242::33 destined to lsp13
 # with dst ip 4242::13 should be received by lsp13
-test_ipv6 33 f00000000333 f00000000013 $sip $tip 13
+test_ipv6 33 f0:00:00:00:03:33 f0:00:00:00:00:13 $sip $tip 13
 
-sip=`ip_to_hex 192 168 0 33`
-tip=`ip_to_hex 20 0 0 4`
+sip=192.168.0.33
+tip=20.0.0.4
 # IPv4 packet from lsp33 with src ip 192.168.0.33 destined to lsp13
 # with dst ip 20.0.0.4 should be received by lsp13
-test_ip 33 f00000000033 f00000000013 $sip $tip 13
+test_ip 33 f0:00:00:00:00:33 f0:00:00:00:00:13 $sip $tip 13
 
-sip=`ip_to_hex 192 168 0 33`
-tip=`ip_to_hex 20 0 0 5`
+sip=192.168.0.33
+tip=20.0.0.5
 # IPv4 packet from lsp33 with src ip 192.168.0.33 destined to lsp13
 # with dst ip 20.0.0.5 should not be received by lsp13
-test_ip 33 f00000000033 f00000000013 $sip $tip
+test_ip 33 f0:00:00:00:00:33 f0:00:00:00:00:13 $sip $tip
 
-sip=42420000000000000000000000000033
-tip=42420000000000000000000000000005
+sip=4242::33
+tip=4242::5
 # IPv6 packet from lsp33 with src ip 4242::33 destined to lsp13
 # with dst ip 4242::5 should not be received by lsp13
-test_ipv6 33 f00000000333 f00000000013 $sip $tip 13
+test_ipv6 33 f0:00:00:00:03:33 f0:00:00:00:00:13 $sip $tip 13
 
-sip=`ip_to_hex 192 168 0 33`
-tip=`ip_to_hex 20 0 0 255`
+sip=192.168.0.33
+tip=20.0.0.255
 # IPv4 packet from lsp33 with src ip 192.168.0.33 destined to lsp13
 # with dst ip 20.0.0.255 should be received by lsp13
-test_ip 33 f00000000033 f00000000013 $sip $tip 13
+test_ip 33 f0:00:00:00:00:33 f0:00:00:00:00:13 $sip $tip 13
 
-sip=`ip_to_hex 192 168 0 33`
-tip=`ip_to_hex 192 168 0 255`
+sip=192.168.0.33
+tip=192.168.0.255
 # IPv4 packet from lsp33 with src ip 192.168.0.33 destined to lsp13
 # with dst ip 192.168.0.255 should not be received by lsp13
-test_ip 33 f00000000033 f00000000013 $sip $tip
+test_ip 33 f0:00:00:00:00:33 f0:00:00:00:00:13 $sip $tip
 
-sip=`ip_to_hex 192 168 0 33`
-tip=`ip_to_hex 224 0 0 4`
+sip=192.168.0.33
+tip=224.0.0.4
 # IPv4 packet from lsp33 with src ip 192.168.0.33 destined to lsp13
 # with dst ip 224.0.0.4  should be received by lsp13
-test_ip 33 f00000000033 f00000000013 $sip $tip 13
+test_ip 33 f0:00:00:00:00:33 f0:00:00:00:00:13 $sip $tip 13
 
 #dump information including flow counters
 ovn-nbctl show