[Devel] [PATCH vz10 10/12] selftests: net: pmtu.sh: allow test traffic despite host firewall rules
Aleksei Oladko
aleksey.oladko at virtuozzo.com
Wed Dec 17 00:04:22 MSK 2025
The pmtu.sh kselftest set up a multi-namespace test topology where the
host network itself is part of the test setup. Test packets originating
from the created namespace are expected to reach test interface created
in the host. When firewall rules are present on the host, this traffic
may be blocked, causing the test to fail.
Install temporary firewall rules during the test execution to allow
the rest traffic to reach the host interfaces and remove them
afterwards.
https://virtuozzo.atlassian.net/browse/VSTOR-120995
Signed-off-by: Aleksei Oladko <aleksey.oladko at virtuozzo.com>
---
tools/testing/selftests/net/pmtu.sh | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/tools/testing/selftests/net/pmtu.sh b/tools/testing/selftests/net/pmtu.sh
index 6c651c880fe8..f60581f2bb03 100755
--- a/tools/testing/selftests/net/pmtu.sh
+++ b/tools/testing/selftests/net/pmtu.sh
@@ -1534,8 +1534,26 @@ test_pmtu_ipvX_over_ovs_vxlanY_or_geneveY_exception() {
mtu "" ${type}_a $((${ll_mtu} + 1000)) 2>/dev/null
mtu "${ns_b}" ${type}_b $((${ll_mtu} + 1000))
+ chain=$(nft list table ip filter | awk '/chain/ {name=$2} /hook input/ {print name}')
+ if [ -n "$chain" ]; then
+ if [ "${type}" = "vxlan" ]; then
+ port="4789"
+ elif [ "${type}" = "geneve" ]; then
+ port="6081"
+ fi
+
+ if [ ${outer_family} -eq 6 ]; then
+ rule_family="6"
+ fi
+ nft_handle=$(nft --echo --json insert rule ip$rule_family filter $chain \
+ iifname "veth_A-R1" udp dport $port accept | \
+ jq '.nftables[] | .insert.rule.handle')
+ fi
run_cmd ${ns_c} ${ping} -q -M want -i 0.1 -c 20 -s $((${ll_mtu} + 500)) ${dst} || return 1
+ if [ -n "$nft_handle" ]; then
+ nft delete rule ip$rule_family filter $chain handle $nft_handle
+ fi
# Check that exceptions were created
pmtu="$(route_get_dst_pmtu_from_exception "${ns_c}" ${dst})"
check_pmtu_value ${exp_mtu} "${pmtu}" "exceeding link layer MTU on Open vSwitch ${type} interface"
--
2.43.0
More information about the Devel
mailing list