[ovs-dev] conntrack - FTP test case failure

Lance Richardson lrichard at redhat.com
Tue May 31 22:54:27 UTC 2016


With a recent kernel (4.6-ish) and current OVS master, I'm seeing failures
in several system-traffic.at test cases under "make check-kernel".

For the "conntrack - FTP" test failure, all seems to be well up to the
last test case, which is a passive FTP request with flows2.txt policy
installed.

The test case is expecting the output of "ovs-appctl dpctl/dump-conntrack"
to include two entries matching:

tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=<cleared>,dport=<cleared>),reply=(src=10.1.1.2,dst=10.1.1.1,sport=<cleared>,dport=<cleared>),protoinfo=(state=TIME_WAIT)
tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=<cleared>,dport=<cleared>),reply=(src=10.1.1.2,dst=10.1.1.1,sport=<cleared>,dport=<cleared>),protoinfo=(state=TIME_WAIT),helper=ftp

But it is finding:

tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=34148,dport=21),reply=(src=10.1.1.2,dst=10.1.1.1,sport=21,dport=34148),protoinfo=(state=TIME_WAIT),helper=ftp
tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=38742,dport=39537),reply=(src=10.1.1.2,dst=10.1.1.1,sport=39537,dport=38742),protoinfo=(state=TIME_WAIT),helper=ftp

So the test case is expecting only one of the two entries to have
"helper=ftp" attached, but is finding that both have "helper=ftp".

Should both the control and data connections have "helper=ftp"
in the passive FTP case? It seems plausible to me (based on very
limited experience with ovs+conntrack) that they should since both
are initiated on port 1 and the installed rules don't seem to care
about TCP ports:

priority=1,action=drop
priority=10,arp,action=normal
priority=10,icmp,action=normal
priority=100,in_port=1,tcp,ct_state=-trk,action=ct(table=0)
priority=100,in_port=1,tcp,ct_state=+trk+new,action=ct(commit,alg=ftp),2
priority=100,in_port=1,tcp,ct_state=+trk+est,action=2
priority=100,in_port=2,tcp,ct_state=-trk,action=ct(table=0)
priority=100,in_port=2,tcp,ct_state=+trk+new+rel,action=ct(commit),1
priority=100,in_port=2,tcp,ct_state=+trk+est,action=1
priority=100,in_port=2,tcp,ct_state=+trk-new+rel,action=1

Thanks,

    Lance



More information about the dev mailing list