Thanks, I applied this series to master.
On 21 July 2016 at 04:19, Jarno Rajahalme <ja...@ovn.org> wrote:
> For the series:
>
> Acked-by: Jarno Rajahalme <ja...@ovn.org>
>
>> On Jul 19, 2016, at 12:54 PM, Joe Stringer <j...@ovn.org> wrote:
>>
>> Prior to commit b87a5aacefe2 ("datapath: Fix cached ct with helper."),
>> we were relying on automatic helpers to ensure that FTP connections were
>> tracked correctly, regardless of the flows that existed in the datapath.
>> Now, we can drop the automatic helpers in the root namespace and still
>> have related connections work correctly. Also, the ALG should only be
>> specified when committing the connection. Update the rules.
>>
>> Signed-off-by: Joe Stringer <j...@ovn.org>
>> ---
>> tests/system-kmod-macros.at | 1 +
>> tests/system-traffic.at | 8 ++++----
>> 2 files changed, 5 insertions(+), 4 deletions(-)
>>
>> diff --git a/tests/system-kmod-macros.at b/tests/system-kmod-macros.at
>> index cee0510bda96..2134db72808c 100644
>> --- a/tests/system-kmod-macros.at
>> +++ b/tests/system-kmod-macros.at
>> @@ -63,6 +63,7 @@ m4_define([CHECK_CONNTRACK],
>> [modprobe mod || echo "Module mod not loaded."
>> on_exit 'modprobe -r mod'
>> ])
>> + sysctl -w net.netfilter.nf_conntrack_helper=0
>> on_exit 'ovstest test-netlink-conntrack flush'
>> ]
>> )
>> diff --git a/tests/system-traffic.at b/tests/system-traffic.at
>> index 14a75b68fe7e..a337950741bd 100644
>> --- a/tests/system-traffic.at
>> +++ b/tests/system-traffic.at
>> @@ -1458,7 +1458,6 @@ AT_CHECK([ovs-appctl dpctl/flush-conntrack])
>> dnl Passive FTP requests from p0->p1 should work fine.
>> NS_CHECK_EXEC([at_ns0], [wget ftp://10.1.1.2 -t 3 -T 1 --retry-connrefused
>> -v -o wget0-2.log])
>> AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl
>> -tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=<cleared>,dport=<cleared>),reply=(src=10.1.1.2,dst=10.1.1.1,sport=<cleared>,dport=<cleared>),protoinfo=(state=<cleared>)
>> tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=<cleared>,dport=<cleared>),reply=(src=10.1.1.2,dst=10.1.1.1,sport=<cleared>,dport=<cleared>),protoinfo=(state=<cleared>),helper=ftp
>> ])
>>
>> @@ -1539,13 +1538,14 @@ table=0,priority=10,arp,action=normal
>> table=0,priority=10,icmp,action=normal
>>
>> dnl Traffic from ns1
>> -table=0,priority=100,in_port=1,tcp,action=ct(table=1,zone=1,alg=ftp)
>> -table=1,in_port=1,tcp,ct_zone=1,ct_state=+trk+new,action=ct(commit,alg=ftp,zone=1),ct(commit,alg=ftp,zone=2),2
>> +table=0,priority=100,in_port=1,tcp,action=ct(table=1,zone=1)
>> +table=1,in_port=1,tcp,ct_zone=1,ct_state=+trk+new-rel,action=ct(commit,alg=ftp,zone=1),ct(commit,alg=ftp,zone=2),2
>> +table=1,in_port=1,tcp,ct_zone=1,ct_state=+trk+new+rel,action=ct(commit,zone=1),ct(commit,zone=2),2
>> table=1,in_port=1,tcp,ct_zone=1,ct_state=+trk+est,action=ct(table=2,zone=2)
>> table=2,in_port=1,tcp,ct_zone=2,ct_state=+trk+est,action=2
>>
>> dnl Traffic from ns2
>> -table=0,priority=100,in_port=2,tcp,action=ct(table=1,alg=ftp,zone=2)
>> +table=0,priority=100,in_port=2,tcp,action=ct(table=1,zone=2)
>> table=1,in_port=2,tcp,ct_zone=2,ct_state=+trk+rel,action=ct(commit,zone=2),ct(commit,zone=1),1
>> table=1,in_port=2,tcp,ct_zone=2,ct_state=+trk+est,action=ct(table=2,zone=1)
>> table=2,in_port=2,tcp,ct_zone=1,ct_state=+trk+rel,action=ct(commit,zone=2),ct(commit,zone=1),1
>> --
>> 2.9.0
>>
>> _______________________________________________
>> dev mailing list
>> dev@openvswitch.org
>> http://openvswitch.org/mailman/listinfo/dev
>
_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
