diff options
| author | David Marchand <david.marchand@redhat.com> | 2019-01-15 18:58:15 -0800 |
|---|---|---|
| committer | Ben Pfaff <blp@ovn.org> | 2019-01-18 16:16:10 -0800 |
| commit | 253e4dc0683b3e9969a2254bfdcf8d699039ff0e (patch) | |
| tree | a8d6111d632f1f1e9f769779e746946ebdc79a7d /Vagrantfile | |
| parent | 3c61cc7ca9797212a9fcc17cda2bf9fc72a806e3 (diff) | |
| download | openvswitch-253e4dc0683b3e9969a2254bfdcf8d699039ff0e.tar.gz | |
conntrack: fix tcp seq adjustments when mangling commands.
The ftp alg deals with packets in two ways for the command connection:
either they are inspected and can be mangled when nat is enabled
(CT_FTP_CTL_INTEREST) or they just go through without being modified
(CT_FTP_CTL_OTHER).
For CT_FTP_CTL_INTEREST packets, we must both adjust the packet tcp seq
number by the connection current offset, then prepare for the next
packets by setting an accumulated offset in the ct object. However,
this was not done for multiple CT_FTP_CTL_INTEREST packets for the same
connection.
This is relevant for handling multiple child data connections that also
need natting.
The tests are updated so that some ftp+NAT tests send multiple port
commands or other similar commands for a single control connection.
Wget is not able to do this, so switch to lftp.
Fixes: bd5e81a0e596 ("Userspace Datapath: Add ALG infra and FTP.")
Co-authored-by: Darrell Ball <dlu998@gmail.com>
Signed-off-by: Darrell Ball <dlu998@gmail.com>
Signed-off-by: David Marchand <david.marchand@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Diffstat (limited to 'Vagrantfile')
| -rw-r--r-- | Vagrantfile | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/Vagrantfile b/Vagrantfile index 0192f66ea..fbd772a1b 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -12,7 +12,8 @@ dnf -y install autoconf automake openssl-devel libtool \ python-twisted python-zope-interface \ desktop-file-utils groff graphviz rpmdevtools nc curl \ wget python-six pyftpdlib checkpolicy selinux-policy-devel \ - libcap-ng-devel kernel-devel-`uname -r` ethtool python-tftpy + libcap-ng-devel kernel-devel-`uname -r` ethtool python-tftpy \ + lftp echo "search extra update built-in" >/etc/depmod.d/search_path.conf SCRIPT @@ -28,7 +29,8 @@ aptitude -y install -R \ wget python-six ethtool \ libcap-ng-dev libssl-dev python-dev openssl \ python-pyftpdlib python-flake8 python-tftpy \ - linux-headers-`uname -r` + linux-headers-`uname -r` \ + lftp SCRIPT $bootstrap_centos = <<SCRIPT @@ -37,7 +39,8 @@ yum -y install autoconf automake openssl-devel libtool \ python-twisted-core python-zope-interface \ desktop-file-utils groff graphviz rpmdevtools nc curl \ wget python-six pyftpdlib checkpolicy selinux-policy-devel \ - libcap-ng-devel kernel-devel-`uname -r` ethtool net-tools + libcap-ng-devel kernel-devel-`uname -r` ethtool net-tools \ + lftp SCRIPT $configure_ovs = <<SCRIPT |