[ovs-dev] [PATCH 3/3] system-traffic: Fix up FTP tests.

Joe Stringer joe at ovn.org
Tue Jul 19 19:54:08 UTC 2016


Prior to commit b87a5aacefe2 ("datapath: Fix cached ct with helper."),
we were relying on automatic helpers to ensure that FTP connections were
tracked correctly, regardless of the flows that existed in the datapath.
Now, we can drop the automatic helpers in the root namespace and still
have related connections work correctly. Also, the ALG should only be
specified when committing the connection. Update the rules.

Signed-off-by: Joe Stringer <joe at ovn.org>
---
 tests/system-kmod-macros.at | 1 +
 tests/system-traffic.at     | 8 ++++----
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/tests/system-kmod-macros.at b/tests/system-kmod-macros.at
index cee0510bda96..2134db72808c 100644
--- a/tests/system-kmod-macros.at
+++ b/tests/system-kmod-macros.at
@@ -63,6 +63,7 @@ m4_define([CHECK_CONNTRACK],
                 [modprobe mod || echo "Module mod not loaded."
                  on_exit 'modprobe -r mod'
                 ])
+     sysctl -w net.netfilter.nf_conntrack_helper=0
      on_exit 'ovstest test-netlink-conntrack flush'
     ]
 )
diff --git a/tests/system-traffic.at b/tests/system-traffic.at
index 14a75b68fe7e..a337950741bd 100644
--- a/tests/system-traffic.at
+++ b/tests/system-traffic.at
@@ -1458,7 +1458,6 @@ AT_CHECK([ovs-appctl dpctl/flush-conntrack])
 dnl Passive FTP requests from p0->p1 should work fine.
 NS_CHECK_EXEC([at_ns0], [wget ftp://10.1.1.2 -t 3 -T 1 --retry-connrefused -v -o wget0-2.log])
 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl
-tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=<cleared>,dport=<cleared>),reply=(src=10.1.1.2,dst=10.1.1.1,sport=<cleared>,dport=<cleared>),protoinfo=(state=<cleared>)
 tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=<cleared>,dport=<cleared>),reply=(src=10.1.1.2,dst=10.1.1.1,sport=<cleared>,dport=<cleared>),protoinfo=(state=<cleared>),helper=ftp
 ])
 
@@ -1539,13 +1538,14 @@ table=0,priority=10,arp,action=normal
 table=0,priority=10,icmp,action=normal
 
 dnl Traffic from ns1
-table=0,priority=100,in_port=1,tcp,action=ct(table=1,zone=1,alg=ftp)
-table=1,in_port=1,tcp,ct_zone=1,ct_state=+trk+new,action=ct(commit,alg=ftp,zone=1),ct(commit,alg=ftp,zone=2),2
+table=0,priority=100,in_port=1,tcp,action=ct(table=1,zone=1)
+table=1,in_port=1,tcp,ct_zone=1,ct_state=+trk+new-rel,action=ct(commit,alg=ftp,zone=1),ct(commit,alg=ftp,zone=2),2
+table=1,in_port=1,tcp,ct_zone=1,ct_state=+trk+new+rel,action=ct(commit,zone=1),ct(commit,zone=2),2
 table=1,in_port=1,tcp,ct_zone=1,ct_state=+trk+est,action=ct(table=2,zone=2)
 table=2,in_port=1,tcp,ct_zone=2,ct_state=+trk+est,action=2
 
 dnl Traffic from ns2
-table=0,priority=100,in_port=2,tcp,action=ct(table=1,alg=ftp,zone=2)
+table=0,priority=100,in_port=2,tcp,action=ct(table=1,zone=2)
 table=1,in_port=2,tcp,ct_zone=2,ct_state=+trk+rel,action=ct(commit,zone=2),ct(commit,zone=1),1
 table=1,in_port=2,tcp,ct_zone=2,ct_state=+trk+est,action=ct(table=2,zone=1)
 table=2,in_port=2,tcp,ct_zone=1,ct_state=+trk+rel,action=ct(commit,zone=2),ct(commit,zone=1),1
-- 
2.9.0




More information about the dev mailing list