test: replace loopback with veth pairs in integration tests#1484
Open
cong-or wants to merge 8 commits intoaya-rs:mainfrom
Open
test: replace loopback with veth pairs in integration tests#1484cong-or wants to merge 8 commits intoaya-rs:mainfrom
cong-or wants to merge 8 commits intoaya-rs:mainfrom
Conversation
Loopback only supports generic-mode XDP, not the native mode used in production. Switch to veth pairs which support native XDP. - NetNsGuard creates a veth0/veth1 pair in each test namespace - PeerNsGuard moves veth1 into a second namespace for traffic tests - Lower cpumap_chain kernel gate from 5.15 to 5.9
✅ Deploy Preview for aya-rs-docs ready!Built without sensitive environment variables
To edit notification comments on pull requests, go to your Netlify project configuration. |
Contributor
Author
|
Closes #422 |
The CI VM does not have iproute2. Talk to the kernel directly instead.
cpumap chaining on veth doesn't reliably deliver packets on 5.10; the attachment succeeds but the packet never reaches the socket.
cpumap chaining does not reliably deliver packets through veth on arm64. Use loopback instead.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The integration tests used to run on loopback, but that only supports generic (SKB-mode) XDP, which doesn’t really reflect a real production setup. Now, they use a veth pair instead, which supports native XDP and behaves much more like an actual NIC.
NetNsGuard sets up the veth pair. For the traffic-heavy tests like af_xdp, PeerNsGuard moves the peer into its own namespace, assigns IPs on both ends, and installs static ARP entries to prevent random ARP traffic from interfering with the XDP redirect programs.
The cpumap_chain test stays on loopback for now, because cpumap chaining doesn’t reliably work through veth on arm64. As a result, the old 5.15 kernel version gate for generic XDP mode remains in place.
Additionally, there’s a small veth_connectivity test that sends a plain UDP packet across the pair with no BPF attached. If anything’s broken in the basic setup, it fails quickly and clearly, avoiding confusing issues down the line.
This change is