diff options
| author | Darrell Ball <dlu998@gmail.com> | 2017-12-04 08:13:07 -0800 |
|---|---|---|
| committer | Ben Pfaff <blp@ovn.org> | 2017-12-11 14:14:24 -0800 |
| commit | 3a2a425b4c4ebd49dcf07e5eb6d901c98424b999 (patch) | |
| tree | c3a6d43b47452922df448889457dd586fc5874d9 /tests | |
| parent | bd7d93f8b4855ff8edc14dc094cd91a48ea10d17 (diff) | |
| download | openvswitch-3a2a425b4c4ebd49dcf07e5eb6d901c98424b999.tar.gz | |
conntrack: Disable algs by default.
Presently, alg processing is enabled by default to better exercise code.
This is similar to kernels before 4.7 as well. The recommended default
behavior in the newer kernels is to only process algs if a helper is
supplied in a conntrack rule. The behavior is changed to match the
later kernels.
A test is extended to check that the control connection is still
created in such a case.
Signed-off-by: Darrell Ball <dlu998@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Aaron Conole <aconole@redhat.com>
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/system-traffic.at | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/tests/system-traffic.at b/tests/system-traffic.at index 56aae6953..0d8727612 100644 --- a/tests/system-traffic.at +++ b/tests/system-traffic.at @@ -2465,6 +2465,17 @@ table=1,in_port=2,tcp,ct_state=+trk+est,action=1 table=1,in_port=2,tcp,ct_state=+trk-new+rel,action=1 ]) +dnl flows3 is same as flows1, except no ALG is specified. +AT_DATA([flows3.txt], [dnl +table=0,priority=1,action=drop +table=0,priority=10,arp,action=normal +table=0,priority=10,icmp,action=normal +table=0,priority=100,in_port=1,tcp,action=ct(commit),2 +table=0,priority=100,in_port=2,tcp,action=ct(table=1) +table=1,in_port=2,tcp,ct_state=+trk+est,action=1 +table=1,in_port=2,tcp,ct_state=+trk+rel,action=1 +]) + AT_CHECK([ovs-ofctl --bundle replace-flows br0 flows1.txt]) OVS_START_L7([at_ns0], [ftp]) @@ -2507,6 +2518,16 @@ AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=<cleared>,dport=<cleared>),reply=(src=10.1.1.2,dst=10.1.1.1,sport=<cleared>,dport=<cleared>),protoinfo=(state=<cleared>),helper=ftp ]) +dnl Try the third set of flows, without alg specifier. +AT_CHECK([ovs-ofctl --bundle replace-flows br0 flows3.txt]) +AT_CHECK([ovs-appctl dpctl/flush-conntrack]) + +dnl FTP control requests from p0->p1 should work fine, but helper will not be assigned. +NS_CHECK_EXEC([at_ns0], [wget ftp://10.1.1.2 --no-passive-ftp -t 3 -T 1 --retry-connrefused -v -o wget0-3.log], [4]) +AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl +tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=<cleared>,dport=<cleared>),reply=(src=10.1.1.2,dst=10.1.1.1,sport=<cleared>,dport=<cleared>),protoinfo=(state=<cleared>) +]) + OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP |