Test the corner case where commit occurs only on "new" related connections.
Signed-off-by: Joe Stringer <[email protected]> --- tests/system-traffic.at | 51 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) diff --git a/tests/system-traffic.at b/tests/system-traffic.at index 0950b840cd15..3b47cced678f 100644 --- a/tests/system-traffic.at +++ b/tests/system-traffic.at @@ -1057,6 +1057,57 @@ TIME_WAIT src=10.1.1.1 dst=10.1.1.2 sport=<cleared> dport=<cleared> src=10.1.1.2 OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP +AT_SETUP([conntrack - FTP commit then decide]) +AT_SKIP_IF([test $HAVE_PYFTPDLIB = no]) +CHECK_CONNTRACK() +OVS_TRAFFIC_VSWITCHD_START( + [set-fail-mode br0 standalone -- ]) + +ADD_NAMESPACES(at_ns0, at_ns1) + +ADD_VETH(p0, at_ns0, br0, "10.1.1.1/24") +ADD_VETH(p1, at_ns1, br0, "10.1.1.2/24") + +dnl Allow any traffic from ns0->ns1. Only allow nd, return traffic from ns1->ns0. +dnl +dnl This tests a bug in the "ct(commit)" action where new,related connections +dnl are not always marked as new. +AT_DATA([flows1.txt], [dnl +priority=1,action=drop +priority=10,arp,action=normal +priority=10,icmp,action=normal +priority=100,in_port=1,tcp,ct_state=-trk,action=ct(alg=ftp,commit,table=1) +priority=100,table=1,in_port=1,tcp,ct_state=+new,action=2 +priority=100,table=1,in_port=1,tcp,ct_state=+est,action=2 +priority=100,in_port=2,tcp,ct_state=-trk,action=ct(commit,table=1) +priority=100,table=1,in_port=2,tcp,ct_state=+trk+est,action=1 +priority=100,table=1,in_port=2,tcp,ct_state=+trk+rel+new,action=1 +]) + +AT_CHECK([ovs-ofctl add-flows br0 flows1.txt]) + +NETNS_DAEMONIZE([at_ns0], [[$PYTHON $srcdir/test-l7.py ftp]], [ftp1.pid]) +NETNS_DAEMONIZE([at_ns1], [[$PYTHON $srcdir/test-l7.py ftp]], [ftp0.pid]) + +dnl FTP requests from p1->p0 should fail due to network failure, even though +dnl FTP daemons are running in both namespaces. +dnl Try 3 times, in 1 second intervals. +NS_CHECK_EXEC([at_ns1], [wget ftp://10.1.1.1 --no-passive-ftp -t 3 -T 1 -v -o wget1.log], [4]) +AT_CHECK([conntrack -L 2>&1 | FORMAT_CT(10.1.1.1)], [0], [dnl +SYN_SENT src=10.1.1.2 dst=10.1.1.1 sport=<cleared> dport=<cleared> [[UNREPLIED]] src=10.1.1.1 dst=10.1.1.2 sport=<cleared> dport=<cleared> mark=0 helper=ftp use=1 +]) + +dnl FTP requests from p0->p1 should work fine. +NS_CHECK_EXEC([at_ns0], [wget ftp://10.1.1.2 --no-passive-ftp -t 3 -T 1 --retry-connrefused -v -o wget0.log]) +AT_CHECK([conntrack -L 2>&1 | FORMAT_CT(10.1.1.2) | grep -v "FIN"], [0], [dnl +SYN_SENT src=10.1.1.2 dst=10.1.1.1 sport=<cleared> dport=<cleared> [[UNREPLIED]] src=10.1.1.1 dst=10.1.1.2 sport=<cleared> dport=<cleared> mark=0 helper=ftp use=1 +TIME_WAIT src=10.1.1.1 dst=10.1.1.2 sport=<cleared> dport=<cleared> src=10.1.1.2 dst=10.1.1.1 sport=<cleared> dport=<cleared> [[ASSURED]] mark=0 helper=ftp use=2 +TIME_WAIT src=10.1.1.2 dst=10.1.1.1 sport=<cleared> dport=<cleared> src=10.1.1.1 dst=10.1.1.2 sport=<cleared> dport=<cleared> [[ASSURED]] mark=0 use=1 +]) + +OVS_TRAFFIC_VSWITCHD_STOP +AT_CLEANUP + AT_SETUP([conntrack - IPv4 fragmentation ]) CHECK_CONNTRACK() OVS_TRAFFIC_VSWITCHD_START( -- 2.1.4 _______________________________________________ dev mailing list [email protected] http://openvswitch.org/mailman/listinfo/dev
