lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 30 Jan 2014 21:50:07 +0900 From: Toshiaki Makita <makita.toshiaki@....ntt.co.jp> To: Stephen Hemminger <stephen@...workplumber.org>, vyasevic@...hat.com, "David S . Miller" <davem@...emloft.net> Cc: netdev@...r.kernel.org Subject: Re: [PATCH net v2 5/9] bridge: Fix the way to check if a local fdb entry can be deleted On Fri, 2013-12-20 at 17:02 +0900, Toshiaki Makita wrote: > On Thu, 2013-12-19 at 09:39 -0800, Stephen Hemminger wrote: > ... > > Could we make up as set of test case scripts to validate these changes. > > Now that FDB table can be manipulated by iproute tools, should be possible > > to have set of cases for validation. > > Thank you for your suggestion. > Maybe is it enough to make some test of port attach/detach and confirm > that data/control plane doesn't result in any inconsistency or odd > situation by tcpdump/bridge commands? Sorry for replying an old thread.. I tested traffic and fdb entries when attaching/detaching a bridge port, and couldn't find any problem with this patch. Instead, I found an additional undesirable behavior without this patch: ping to a bridge device (with arp resolution) sometimes fails while detaching a port. The bridge device continues to have its mac address for a while when a port is detached, but in current implementation we immediately delete corresponding fdb entry even though that mac address is used by the bridge device. I think this caused ping fails because the replied mac address actually can't reach the bridge device due to the premature fdb entry deletion. I need to rearrange this patch set, but I'm going to keep this change as is. The test I did is: - Attach/detach a port while sending traffic, and confirm tat the traffic is changed to being [flooded/delivered to the bridge] as expected. Also, confirm that corresponding fdb entry is added/deleted as expected. - Attach/detach a port while flushing arp entry and pinging, and confirm that ping doesn't fail. The test script I used and the result is below. ---- Test script begin ---- #!/bin/sh # This is a test script for validating fdb and traffic consistency # when a bridge port is attached/detached. # # This script does two types of tests. # Forwarding test: # Confirm that traffic to mac address of PORT0 is delivered to bridge # when PORT0 is attached and flooded when PORT0 is detached. # And measure the time window between "ip set master" and actual traffic # change by "date" command (clock_gettime) and timestamp in tcpdump. # ARP/ICMP test: # Confirm that ping can always suceed with arp resolution each time when # PORT0 gets attached/detached. # In each test, this validates fdb entries as well, i.e. if attaching PORT0, # we must have a local entry where its dst and address is those of PORT0, # and if detaching PORT0, we must not have such an entry. # # This test script assumes environment below. # BR0 has three ports. Two of them (PORT1/2) are veths to namespaces. # PORT0 is subject for attaching/detaching. # # +----------------------------------------------+ # | +-------------+ | # | | +-------| +-----+ +---+ +-----| # | | NS0 |NS0_IF0|--VETH--|PORT1|--|BR0|--|PORT0| # | | +-------| +-----+ +---+ +-----| # | +-------------+ | | # | | | # | +-------------+ | | # | | +-------| +-----+ | | # | | NS1 |NS1_IF0|--VETH--|PORT2|----+ | # | | +-------| +-----+ | # | +-------------+ | # | Physical machine | # +----------------------------------------------+ # # Test scenarios are # Forwarding test: # Send traffic from NS0 to the mac address of PORT0. # The traffic should be delivered to BR0 when attached, and to NS1 when # detached. # ARP/ICMP test: # Invalidate the arp entry of the mac address of PORT0 and do "ping -c 1" # to the ip address of BR0. # Ping should always succeed even if attach/detach occurs. export LC_ALL=C # Number of tests ITERATIONS=10 [ -n "$1" ] && ITERATIONS=$1 # Namespace NS0=ns0 NS1=ns1 NS0CMD="ip netns exec $NS0" # Veth interface VETH_TO_NS0_IF=veth0 NS0_IF=ns0-eth0 VETH_TO_NS1_IF=veth1 NS1_IF=ns1-eth0 # Bridge BR0=br0 # Bridge interfaces PORT0=em1 PORT1=$VETH_TO_NS0_IF PORT2=$VETH_TO_NS1_IF # MAC addresses MAC0=12:34:56:78:90:ab # for PORT0, smallest among all bridge ports NS0_MAC=aa:bb:cc:dd:ee:00 NS1_MAC=aa:bb:cc:dd:ee:01 FLOOD_MAC=aa:bb:cc:dd:ee:02 # IP addresses BR0_IP=192.168.0.1 NS0_IP=192.168.0.2 PREFIX=24 # Pktgen parameters PGTHREAD=/proc/net/pktgen/kpktgend_0 PGDEV=/proc/net/pktgen/$NS0_IF PGCTRL=/proc/net/pktgen/pgctrl # Directories to store logs RESULT_DIR=/tmp # Test statistics SEND_FAILS_ATTACH=0 NO_ENTRY_ATTACH=0 WRONG_ENTRY_ATTACH=0 UNDELETED_ENTRY_ATTACH=0 CAPTURE_DROPS_ATTACH=0 NO_CAPTURE_ATTACH=0 DELAYED_FLOW_CHANGE_ATTACH=0 DROPS_UNKNOWN_REASON_ATTACH=0 SEND_FAILS_DETACH=0 NO_ENTRY_DETACH=0 WRONG_ENTRY_DETACH=0 UNDELETED_ENTRY_DETACH=0 CAPTURE_DROPS_DETACH=0 NO_CAPTURE_DETACH=0 DELAYED_FLOW_CHANGE_DETACH=0 DROPS_UNKNOWN_REASON_DETACH=0 WINDOW_SUM_ATTACH=0 WINDOW_MAX_ATTACH=0 WINDOW_MIN_ATTACH=-1 WINDOW_SUM_DETACH=0 WINDOW_MAX_DETACH=0 WINDOW_MIN_DETACH=-1 PING_FAIL_COUNT_ATTACH=0 PING_ERROR_COUNT_ATTACH=0 PING_FAIL_COUNT_DETACH=0 PING_ERROR_COUNT_DETACH=0 FORWARD_TEST_COUNT_ATTACH=0 FORWARD_TEST_COUNT_DETACH=0 REPLY_TEST_COUNT_ATTACH=0 REPLY_TEST_COUNT_DETACH=0 prepare () { modprobe pktgen # Namespace settings for i in 0 1; do eval NS=\$NS$i eval NS_IF=\$NS${i}_IF eval VETH_TO_NS_IF=\$VETH_TO_NS${i}_IF eval NS_MAC=\$NS${i}_MAC if ip netns | grep -q $NS; then ip netns exec $NS ip link show dev $NS_IF > /dev/null 2>&1 && \ ip netns exec $NS ip link del $NS_IF ip netns del $NS fi ip netns add $NS ip link show dev $VETH_TO_NS_IF > /dev/null 2>&1 && \ ip link del $VETH_TO_NS_IF ip link show dev $NS_IF > /dev/null 2>&1 && ip link del $NS_IF ip link add $VETH_TO_NS_IF type veth peer name $NS_IF ip link set $NS_IF netns $NS ip netns exec $NS ip link set $NS_IF up ip link set $VETH_TO_NS_IF address $NS_MAC done # PORT0 address setting ip link set $PORT0 address $MAC0 # Bridge settings ip link show dev $BR0 > /dev/null 2>&1 && ip link del $BR0 ip link add $BR0 type bridge ip link set $PORT1 master $BR0 # NS0 ip link set $PORT2 master $BR0 # NS1 # IP address settings ip addr add ${BR0_IP}/$PREFIX dev $BR0 $NS0CMD ip addr add ${NS0_IP}/$PREFIX dev $NS0_IF # Enable bridge and ports ip link set $PORT0 up ip link set $PORT1 up ip link set $PORT2 up ip link set $BR0 up } # Set a pktgen parameter pgset () { PGPATH=$2 if [ x"$3" == x"bg" -a x"$PGPATH" == x"$PGCTRL" ]; then $NS0CMD sh -c "echo $1 > $PGPATH" & PG_PID=$! ERROR=$? else $NS0CMD sh -c "echo $1 > $PGPATH" ERROR=$? RESULT=`$NS0CMD cat $PGPATH` if ! echo "$RESULT" | fgrep -q "Result: OK:"; then echo "$RESULT" | fgrep Result: 1>&2 ERROR=1 fi fi [ $ERROR -ne 0 ] && return 1 return 0 } # Send frames using pktgen send_frames () { COUNT=$1 DST=$2 BG=$3 pgset "rem_device_all" $PGTHREAD || return 1 pgset "add_device $NS0_IF" $PGTHREAD || return 1 pgset "count $COUNT" $PGDEV || return 1 pgset "pkt_size 60" $PGDEV || return 1 pgset "dst_mac $DST" $PGDEV || return 1 pgset "delay 0" $PGDEV || return 1 pgset "start" $PGCTRL $BG || return 1 return 0 } # Send frames and attach/detach PORT0 do_forward_test () { ATTACH=$1 if [ x"$ATTACH" == x"attach" ]; then MASTER="master $BR0" else MASTER="nomaster" fi DUMP_PROG=tcpdump DATE=`date +%H%M%S%N` BR0_DUMP=${RESULT_DIR}/${BR0}_${DATE}.dump BR0_DUMPLOG=${RESULT_DIR}/${BR0}_${DATE}.log NS1_IF_DUMP=${RESULT_DIR}/${NS1_IF}_${DATE}.dump NS1_IF_DUMPLOG=${RESULT_DIR}/${NS1_IF}_${DATE}.log FILTER="udp and dst port 9" # Start capturing $DUMP_PROG -p -i $BR0 -f "$FILTER" -s 64 \ -w $BR0_DUMP 2> $BR0_DUMPLOG & DUMP_PIDS=$! ip netns exec $NS1 $DUMP_PROG -p -i $NS1_IF -f "$FILTER" -s 64 \ -w $NS1_IF_DUMP 2> $NS1_IF_DUMPLOG & DUMP_PIDS="$DUMP_PIDS $!" # Wait for capturing start BR0_CAPTURE_OK=0 NS1_IF_CAPTURE_OK=0 while [ $BR0_CAPTURE_OK -eq 0 -o $NS1_IF_CAPTURE_OK -eq 0 ]; do [ $BR0_CAPTURE_OK -eq 0 ] && send_frames 1000 "$NS0_MAC" fg [ $NS1_IF_CAPTURE_OK -eq 0 ] && send_frames 1000 "$FLOOD_MAC" fg sleep 0.2 [ $BR0_CAPTURE_OK -eq 0 ] && \ [ `tshark -n -r $BR0_DUMP 2> /dev/null | wc -l` -ne 0 ] && \ BR0_CAPTURE_OK=1 [ $NS1_IF_CAPTURE_OK -eq 0 ] && \ [ `tshark -n -r $NS1_IF_DUMP 2> /dev/null | wc -l` -ne 0 ] && \ NS1_IF_CAPTURE_OK=1 done # Do test PG_PID="" if send_frames 0 "$MAC0" bg; then # Wait for frame sending start sleep 0.2 # Change traffic destination ADD_DEL_IF_TIME=`date +%H%M%S%N` ip link set $PORT0 $MASTER # Wait for traffic flow change sleep 0.1 SEND_FAILED=0 else SEND_FAILED=1 fi # Stop capturing kill $DUMP_PIDS $PG_PID wait $DUMP_PIDS $PG_PID 2> /dev/null DUMP_PIDS="" PG_PID="" if [ $SEND_FAILED -eq 0 ]; then SEND_ERROR_COUNT=`$NS0CMD tail -1 $PGDEV | \ sed -n 's/.*errors: \([0-9]\+\)/\1/p'` [ "$SEND_ERROR_COUNT" -ne 0 ] && SEND_FAILED=1 fi } validate_fdb () { local AT_TYPE=$1 FDB_ENTRY=`bridge fdb show | grep -v self | grep $MAC0` if [ -z "$FDB_ENTRY" ]; then # Retrieving a particular fdb entry might fail because # "bridge fdb show" could consist of multiple netlink # recvmsg()s and fdb might changes between each recvmsg(). # Check fdb again to make sure. FDB_ENTRY=`bridge fdb show | grep -v self | grep $MAC0` fi if [ x"$AT_TYPE" == x"ATTACH" ]; then if [ -z "$FDB_ENTRY" ]; then NO_ENTRY_ATTACH=`expr $NO_ENTRY_ATTACH + 1` return 1 fi if ! echo $FDB_ENTRY | grep -q "permanent"; then WRONG_ENTRY_ATTACH=`expr $WRONG_ENTRY_ATTACH + 1` return 1 fi if ! echo $FDB_ENTRY | grep -q "$PORT0"; then WRONG_ENTRY_ATTACH=`expr $WRONG_ENTRY_ATTACH + 1` return 1 fi else if [ -n "$FDB_ENTRY" ]; then if ! echo $FDB_ENTRY | grep -q "$PORT0"; then WRONG_ENTRY_DETACH=`expr $WRONG_ENTRY_DETACH + 1` return 1 fi UNDELETED_ENTRY_DETACH=`expr $UNDELETED_ENTRY_DETACH + 1` return 1 fi fi return 0 } validate_forward () { if [ x"$1" == x"attach" ]; then DUMP_BEFORE_CHANGE=$NS1_IF_DUMP DUMP_AFTER_CHANGE=$BR0_DUMP local AT_TYPE="ATTACH" else DUMP_BEFORE_CHANGE=$BR0_DUMP DUMP_AFTER_CHANGE=$NS1_IF_DUMP local AT_TYPE="DETACH" fi if [ $SEND_FAILED -eq 1 ]; then eval local SEND_FAILS=\$SEND_FAILS_$AT_TYPE eval SEND_FAILS_$AT_TYPE=`expr $SEND_FAILS + 1` return 2 fi validate_fdb $AT_TYPE local RET=$? [ $RET -ne 0 ] && return $RET # Validate captured data BR0_CAPTURE_DROPS=`tail -1 $BR0_DUMPLOG | awk '{print $1}'` NS1_IF_CAPTURE_DROPS=`tail -1 $NS1_IF_DUMPLOG | awk '{print $1}'` if [ "$BR0_CAPTURE_DROPS" -ne 0 -o \ "$NS1_IF_CAPTURE_DROPS" -ne 0 ]; then # Kernel failed to store captured frames due to no space eval local CAPTURE_DROPS=\$CAPTURE_DROPS_$AT_TYPE eval CAPTURE_DROPS_$AT_TYPE=`expr $CAPTURE_DROPS + 1` return 2 fi CAPTURED_BEFORE_CHANGE=`tshark -n -r $DUMP_BEFORE_CHANGE -T fields \ -e frame.number -Y "eth.dst eq $MAC0" 2> /dev/null | wc -l` CAPTURED_AFTER_CHANGE=`tshark -n -r $DUMP_AFTER_CHANGE -T fields \ -e frame.number -Y "eth.dst eq $MAC0" 2> /dev/null | wc -l` if [ $CAPTURED_BEFORE_CHANGE -eq 0 ]; then # Couldn't captured expected traffic # Maybe one of 'sleep's was too short eval local NO_CAPTURE=\$NO_CAPTURE_$AT_TYPE eval NO_CAPTURE_$AT_TYPE=`expr $NO_CAPTURE + 1` return 2 fi if [ $CAPTURED_AFTER_CHANGE -eq 0 ]; then # This implies too late traffic flow change eval local DELAYED_FLOW_CHANGE=\$DELAYED_FLOW_CHANGE_$AT_TYPE eval DELAYED_FLOW_CHANGE_$AT_TYPE=`expr $DELAYED_FLOW_CHANGE + 1` return 1 fi LAST_SEQ_BEFORE_CHANGE=`tshark -n -r $DUMP_BEFORE_CHANGE -T fields \ -e pktgen.seqnum -Y "eth.dst eq $MAC0" 2> /dev/null | tail -1` FIRST_SEQ_AFTER_CHANGE=`tshark -n -r $DUMP_AFTER_CHANGE -T fields \ -e pktgen.seqnum -Y "eth.dst eq $MAC0" 2> /dev/null | head -1` LAST_SEQ_AFTER_CHANGE=`tshark -n -r $DUMP_AFTER_CHANGE -T fields \ -e pktgen.seqnum -Y "eth.dst eq $MAC0" 2> /dev/null | tail -1` # Check drops by unknown reason if [ `expr $FIRST_SEQ_AFTER_CHANGE - $LAST_SEQ_BEFORE_CHANGE` -ne 1 -o \ "$CAPTURED_BEFORE_CHANGE" -ne "$LAST_SEQ_BEFORE_CHANGE" -o \ "$CAPTURED_AFTER_CHANGE" -ne \ `expr $LAST_SEQ_AFTER_CHANGE - $LAST_SEQ_BEFORE_CHANGE` ]; then eval local DROPS_UNKNOWN_REASON=\$DROPS_UNKNOWN_REASON_$AT_TYPE eval DROPS_UNKNOWN_REASON_$AT_TYPE=`expr $DROPS_UNKNOWN_REASON + 1` return 1 fi # Calculate window time TRAFFIC_CHANGED_TIME=`tshark -n -r $DUMP_AFTER_CHANGE -T fields \ -e frame.time -Y "eth.dst eq $MAC0" 2> /dev/null | head -1 | \ awk '{print $4}' | sed s/[:.]//g` h1=`echo $ADD_DEL_IF_TIME | cut -b 1-2` m1=`echo $ADD_DEL_IF_TIME | cut -b 3-4` s1=`echo $ADD_DEL_IF_TIME | cut -b 5-6` us1=`echo $ADD_DEL_IF_TIME | cut -b 7-12` TIME1=`expr $h1 \* 3600 + $m1 \* 60 + $s1` TIME1=`expr $TIME1 \* 1000000 + $us1` h2=`echo $TRAFFIC_CHANGED_TIME | cut -b 1-2` [ "$h2" -lt "$h1" ] && h2=`expr $h2 + 24` m2=`echo $TRAFFIC_CHANGED_TIME | cut -b 3-4` s2=`echo $TRAFFIC_CHANGED_TIME | cut -b 5-6` us2=`echo $TRAFFIC_CHANGED_TIME | cut -b 7-12` TIME2=`expr $h2 \* 3600 + $m2 \* 60 + $s2` TIME2=`expr $TIME2 \* 1000000 + $us2` WINDOW=`expr $TIME2 - $TIME1` eval local WINDOW_SUM=\$WINDOW_SUM_$AT_TYPE eval WINDOW_SUM_$AT_TYPE=`expr $WINDOW_SUM + $WINDOW` eval local WINDOW_MAX=\$WINDOW_MAX_$AT_TYPE [ "$WINDOW" -gt "$WINDOW_MAX" ] && eval WINDOW_MAX_$AT_TYPE=$WINDOW eval local WINDOW_MIN=\$WINDOW_MIN_$AT_TYPE [ "$WINDOW_MIN" -eq -1 -o "$WINDOW" -lt "$WINDOW_MIN" ] && \ eval WINDOW_MIN_$AT_TYPE=$WINDOW return 0 } cleanup_forward_logs () { /bin/rm -f "$BR0_DUMP" /bin/rm -f "$BR0_DUMPLOG" /bin/rm -f "$NS1_IF_DUMP" /bin/rm -f "$NS1_IF_DUMPLOG" } send_probes () { : > $PROBE_RESULT while :; do # Invalidate arp cache $NS0CMD ip neigh del $BR0_IP dev $NS0_IF 2> /dev/null # Send arp request and echo request. # This may fail when mac address of BR0 changes # between arp reply and echo request. $NS0CMD ping -c 1 -w 1 $BR0_IP > /dev/null 2>&1 || \ echo >> $PROBE_RESULT done } do_reply_test () { ATTACH=$1 if [ x"$ATTACH" == x"attach" ]; then MASTER="master $BR0" else MASTER="nomaster" fi DATE=`date +%H%M%S%N` PROBE_RESULT=${RESULT_DIR}/PROBE_${DATE}.log send_probes & PROBE_PID=$! sleep 0.1 # Change traffic destination ip link set $PORT0 $MASTER # Wait for traffic flow change sleep 1.2 # Stop probing kill $PROBE_PID wait $PROBE_PID 2> /dev/null PROBE_PID="" } validate_reply () { if [ x"$1" == x"attach" ]; then local AT_TYPE="ATTACH" else local AT_TYPE="DETACH" fi validate_fdb $AT_TYPE local RET=$? [ $RET -ne 0 ] && return $RET # validate ping result local PING_FAIL=`cat $PROBE_RESULT | wc -l` if [ $PING_FAIL -eq 1 ]; then # ping may fail if mac address changes between arp reply and # echo request. eval local PING_FAIL_COUNT=\$PING_FAIL_COUNT_$AT_TYPE eval PING_FAIL_COUNT_$AT_TYPE=`expr $PING_FAIL_COUNT + 1` return 2 elif [ $PING_FAIL -gt 1 ]; then # ping should not fail two or more times. eval local PING_ERROR_COUNT=\$PING_ERROR_COUNT_$AT_TYPE eval PING_ERROR_COUNT_$AT_TYPE=`expr $PING_ERROR_COUNT + 1` return 1 fi return 0 } cleanup_reply_logs () { /bin/rm -f "$PROBE_RESULT" } output_results () { echo "" 1>&2 local AT_TYPE for AT_TYPE in ATTACH DETACH; do eval local NO_ENTRY=\$NO_ENTRY_$AT_TYPE eval local WRONG_ENTRY=\$WRONG_ENTRY_$AT_TYPE eval local UNDELETED_ENTRY=\$UNDELETED_ENTRY_$AT_TYPE eval local DELAYED_FLOW_CHANGE=\$DELAYED_FLOW_CHANGE_$AT_TYPE eval local DROPS_UNKNOWN_REASON=\$DROPS_UNKNOWN_REASON_$AT_TYPE eval local PING_ERROR_COUNT=\$PING_ERROR_COUNT_$AT_TYPE ERROR_COUNT=`expr $NO_ENTRY + $WRONG_ENTRY + $UNDELETED_ENTRY + $DELAYED_FLOW_CHANGE + $DROPS_UNKNOWN_REASON + $PING_ERROR_COUNT` eval local SEND_FAILS=\$SEND_FAILS_$AT_TYPE eval local CAPTURE_DROPS=\$CAPTURE_DROPS_$AT_TYPE eval local NO_CAPTURE=\$NO_CAPTURE_$AT_TYPE eval local PING_FAIL_COUNT=\$PING_FAIL_COUNT_$AT_TYPE INFO_COUNT=`expr $SEND_FAILS + $CAPTURE_DROPS + $NO_CAPTURE + $PING_FAIL_COUNT` eval local FORWARD_TEST_COUNT=\$FORWARD_TEST_COUNT_$AT_TYPE eval local REPLY_TEST_COUNT=\$REPLY_TEST_COUNT_$AT_TYPE local TEST_COUNT=`expr $FORWARD_TEST_COUNT + $REPLY_TEST_COUNT` echo "$AT_TYPE test result:" if [ "$ERROR_COUNT" -ne 0 ]; then echo "Validation failed: $ERROR_COUNT" if [ "$NO_ENTRY" -ne 0 ]; then echo -e "\tExpected fdb entry not found: $NO_ENTRY" fi if [ "$WRONG_ENTRY" -ne 0 ]; then echo -e "\tExpected fdb entry had wrong attribute: $WRONG_ENTRY" fi if [ "$UNDELETED_ENTRY" -ne 0 ]; then echo -e "\tUnexpected fdb entry found: $UNDELETED_ENTRY" fi if [ "$DELAYED_FLOW_CHANGE" -ne 0 ]; then echo -e "\tWindow time was too long (over 100 ms): $DELAYED_FLOW_CHANGE" fi if [ "$DROPS_UNKNOWN_REASON" -ne 0 ]; then echo -e "\tCouldn't capture due to unknown reason: $DROPS_UNKNOWN_REASON" fi if [ "$PING_ERROR_COUNT" -ne 0 ]; then echo -e "\tPing failed two or more times: $PING_ERROR_COUNT" fi else if [ "$TEST_COUNT" -ne 0 ]; then echo "All validations succeeded." echo "Number of valid tests: $TEST_COUNT" echo -e "\tForwarding tests: $FORWARD_TEST_COUNT" echo -e "\tARP/ICMP tests: $REPLY_TEST_COUNT" else echo "No valid test was done." fi fi if [ "$FORWARD_TEST_COUNT" -ne 0 ]; then eval local WINDOW_SUM=\$WINDOW_SUM_$AT_TYPE eval local WINDOW_MAX=\$WINDOW_MAX_$AT_TYPE eval local WINDOW_MIN=\$WINDOW_MIN_$AT_TYPE echo "Window time summary:" WINDOW_AVG=`expr $WINDOW_SUM / $FORWARD_TEST_COUNT` WINDOW_AVG_MSEC=`expr $WINDOW_AVG / 1000` WINDOW_AVG_USEC=`expr $WINDOW_AVG % 1000 | xargs printf %03d` echo -e "\tAverage window time: ${WINDOW_AVG_MSEC}.$WINDOW_AVG_USEC msec" WINDOW_MAX_MSEC=`expr $WINDOW_MAX / 1000` WINDOW_MAX_USEC=`expr $WINDOW_MAX % 1000 | xargs printf %03d` echo -e "\tMax window time: ${WINDOW_MAX_MSEC}.$WINDOW_MAX_USEC msec" WINDOW_MIN_MSEC=`expr $WINDOW_MIN / 1000` WINDOW_MIN_USEC=`expr $WINDOW_MIN % 1000 | xargs printf %03d` echo -e "\tMin window time: ${WINDOW_MIN_MSEC}.$WINDOW_MIN_USEC msec" fi if [ "$INFO_COUNT" -ne 0 ]; then echo "INFO: Some tests failed to execute commands normally." echo " These are not validation failures but test environment issues." if [ "$SEND_FAILS" -ne 0 ]; then echo -e "\tFrame send fails: $SEND_FAILS" fi if [ "$CAPTURE_DROPS" -ne 0 ]; then echo -e "\tCouldn't capture due to buffer overflow: $CAPTURE_DROPS" fi if [ "$NO_CAPTURE" -ne 0 ]; then echo -e "\tCouldn't capture due to delayed pktgen start: $NO_CAPTURE" fi if [ "$PING_FAIL_COUNT" -ne 0 ]; then echo -e "\tPing failed (only once): $PING_FAIL_COUNT" echo -e "\t Maybe this happened due to timing issue where mac address changes between arp reply and echo request." fi fi echo "" done } cleanup_settings () { ip link del $BR0 local i for i in 0 1; do eval NS=\$NS$i eval VETH_TO_NS_IF=\$VETH_TO_NS${i}_IF ip link del $VETH_TO_NS_IF ip netns del $NS done } output_exit () { output_results if [ -n "$DUMP_PIDS$PG_PID$PROBE_PID" ]; then kill $DUMP_PIDS $PG_PID $PROBE_PID wait $DUMP_PIDS $PG_PID $PROBE_PID 2> /dev/null fi cleanup_forward_logs cleanup_reply_logs cleanup_settings exit } forward_test () { local j for j in attach detach; do if [ x"$j" == x"attach" ]; then local AT_TYPE=ATTACH else local AT_TYPE=DETACH fi do_forward_test $j validate_forward $j local RET=$? if [ $RET -eq 0 ]; then echo -n "." 1>&2 eval local TEST_COUNT=\$FORWARD_TEST_COUNT_$AT_TYPE eval FORWARD_TEST_COUNT_$AT_TYPE=`expr $TEST_COUNT + 1` elif [ $RET -eq 1 ]; then echo -n "!" 1>&2 else echo -n "?" 1>&2 fi cleanup_forward_logs done } reply_test () { local j for j in attach detach; do if [ x"$j" == x"attach" ]; then local AT_TYPE=ATTACH else local AT_TYPE=DETACH fi do_reply_test $j validate_reply $j local RET=$? if [ $RET -eq 0 ]; then echo -n "." 1>&2 eval local TEST_COUNT=\$REPLY_TEST_COUNT_$AT_TYPE eval REPLY_TEST_COUNT_$AT_TYPE=`expr $TEST_COUNT + 1` elif [ $RET -eq 1 ]; then echo -n "!" 1>&2 else echo -n "?" 1>&2 fi cleanup_reply_logs done } prepare trap output_exit INT TERM trap "output_results 1>&2" USR1 for i in `seq $ITERATIONS`; do forward_test reply_test done output_exit ---- Test script end ---- ---- Test result begin ---- * before this patch set ATTACH test result: All validations succeeded. Number of valid tests: 2000 Forwarding tests: 1000 ARP/ICMP tests: 1000 Window time summary: Average window time: 1.547 msec Max window time: 2.899 msec Min window time: 1.328 msec DETACH test result: All validations succeeded. Number of valid tests: 1982 Forwarding tests: 1000 ARP/ICMP tests: 982 Window time summary: Average window time: 1.276 msec Max window time: 4.030 msec Min window time: 1.056 msec INFO: Some tests failed to execute commands normally. These are not validation failures but test environment issues. Ping failed (only once): 18 Maybe this happened due to timing issue where mac address changes between arp reply and echo request. * after this patch set ATTACH test result: All validations succeeded. Number of valid tests: 2000 Forwarding tests: 1000 ARP/ICMP tests: 1000 Window time summary: Average window time: 1.455 msec Max window time: 2.651 msec Min window time: 1.256 msec DETACH test result: All validations succeeded. Number of valid tests: 1999 Forwarding tests: 1000 ARP/ICMP tests: 999 Window time summary: Average window time: 1.382 msec Max window time: 4.015 msec Min window time: 1.159 msec INFO: Some tests failed to execute commands normally. These are not validation failures but test environment issues. Ping failed (only once): 1 Maybe this happened due to timing issue where mac address changes between arp reply and echo request. ---- Test result end ---- Note: ping failed only once even after applying this patch set. I'm thinking mac address was changed between arp reply and echo request. This can happen on not only bridge device but also in any network environment, and not a bug. Thanks, Toshiaki Makita -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists