diff options
| author | David Marchand <david.marchand@redhat.com> | 2019-01-15 18:58:15 -0800 |
|---|---|---|
| committer | Ben Pfaff <blp@ovn.org> | 2019-01-18 16:16:10 -0800 |
| commit | 253e4dc0683b3e9969a2254bfdcf8d699039ff0e (patch) | |
| tree | a8d6111d632f1f1e9f769779e746946ebdc79a7d /tests/system-traffic.at | |
| parent | 3c61cc7ca9797212a9fcc17cda2bf9fc72a806e3 (diff) | |
| download | openvswitch-253e4dc0683b3e9969a2254bfdcf8d699039ff0e.tar.gz | |
conntrack: fix tcp seq adjustments when mangling commands.
The ftp alg deals with packets in two ways for the command connection:
either they are inspected and can be mangled when nat is enabled
(CT_FTP_CTL_INTEREST) or they just go through without being modified
(CT_FTP_CTL_OTHER).
For CT_FTP_CTL_INTEREST packets, we must both adjust the packet tcp seq
number by the connection current offset, then prepare for the next
packets by setting an accumulated offset in the ct object. However,
this was not done for multiple CT_FTP_CTL_INTEREST packets for the same
connection.
This is relevant for handling multiple child data connections that also
need natting.
The tests are updated so that some ftp+NAT tests send multiple port
commands or other similar commands for a single control connection.
Wget is not able to do this, so switch to lftp.
Fixes: bd5e81a0e596 ("Userspace Datapath: Add ALG infra and FTP.")
Co-authored-by: Darrell Ball <dlu998@gmail.com>
Signed-off-by: Darrell Ball <dlu998@gmail.com>
Signed-off-by: David Marchand <david.marchand@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Diffstat (limited to 'tests/system-traffic.at')
| -rw-r--r-- | tests/system-traffic.at | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/tests/system-traffic.at b/tests/system-traffic.at index b2ab80010..14ce7d24e 100644 --- a/tests/system-traffic.at +++ b/tests/system-traffic.at @@ -4226,6 +4226,7 @@ dnl NAT, using the provided flow table. m4_define([CHECK_FTP_NAT], [AT_SETUP([conntrack - FTP NAT $1]) AT_SKIP_IF([test $HAVE_FTP = no]) + AT_SKIP_IF([test $HAVE_LFTP = no]) CHECK_CONNTRACK() CHECK_CONNTRACK_NAT() CHECK_CONNTRACK_ALG() @@ -4246,7 +4247,18 @@ m4_define([CHECK_FTP_NAT], OVS_START_L7([at_ns1], [ftp]) dnl FTP requests from p0->p1 should work fine. - NS_CHECK_EXEC([at_ns0], [wget ftp://10.1.1.2 -4 --no-passive-ftp -t 3 -T 1 --retry-connrefused -v --server-response --no-remove-listing -o wget0.log -d]) + AT_DATA([ftp.cmd], [dnl +set net:max-retries 1 +set net:timeout 1 +set ftp:passive-mode off +cache off +connect ftp://anonymous:@10.1.1.2 +ls +ls +ls +ls +]) + NS_CHECK_EXEC([at_ns0], [lftp -f ftp.cmd > lftp.log]) dnl Discards CLOSE_WAIT and CLOSING AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [$4]) |