From patchwork Sat Nov 7 19:59:59 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Joe Stringer X-Patchwork-Id: 541379 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from archives.nicira.com (unknown [IPv6:2600:3c00::f03c:91ff:fe6e:bdf7]) by ozlabs.org (Postfix) with ESMTP id B857F1402CC for ; Sun, 8 Nov 2015 07:02:10 +1100 (AEDT) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=nicira_com.20150623.gappssmtp.com header.i=@nicira_com.20150623.gappssmtp.com header.b=B+K4CMrM; dkim-atps=neutral Received: from archives.nicira.com (localhost [127.0.0.1]) by archives.nicira.com (Postfix) with ESMTP id 3575310AC3; Sat, 7 Nov 2015 12:00:44 -0800 (PST) X-Original-To: dev@openvswitch.org Delivered-To: dev@openvswitch.org Received: from mx3v3.cudamail.com (mx3.cudamail.com [64.34.241.5]) by archives.nicira.com (Postfix) with ESMTPS id 8864910AB7 for ; Sat, 7 Nov 2015 12:00:42 -0800 (PST) Received: from bar3.cudamail.com (localhost [127.0.0.1]) by mx3v3.cudamail.com (Postfix) with ESMTPS id 052A6162F8B for ; Sat, 7 Nov 2015 13:00:42 -0700 (MST) X-ASG-Debug-ID: 1446926441-03dd7b490d1f130001-byXFYA Received: from mx3-pf3.cudamail.com ([192.168.14.3]) by bar3.cudamail.com with ESMTP id dQxWHZ6oGCTiuXcD (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Sat, 07 Nov 2015 13:00:41 -0700 (MST) X-Barracuda-Envelope-From: joestringer@nicira.com X-Barracuda-RBL-Trusted-Forwarder: 192.168.14.3 Received: from unknown (HELO mail-pa0-f43.google.com) (209.85.220.43) by mx3-pf3.cudamail.com with ESMTPS (RC4-SHA encrypted); 7 Nov 2015 20:10:49 -0000 Received-SPF: unknown (mx3-pf3.cudamail.com: Multiple SPF records returned) X-Barracuda-RBL-Trusted-Forwarder: 209.85.220.43 Received: by pabfh17 with SMTP id fh17so156586880pab.0 for ; Sat, 07 Nov 2015 12:00:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nicira_com.20150623.gappssmtp.com; s=20150623; h=from:to:subject:date:message-id:in-reply-to:references; bh=TBTsoHkOSPWF6m1dxB330YkB3+8Nldf+m4+0HcJUbIg=; b=B+K4CMrM6Hnai0f7kHFV0k8sqsTf0U5yiIK1ilH3WWcQUC3QY8moFtmoro45B2f4iG gfA/ltiJZ6xKOmJ90qbHsziQv0ojviwUqHeRPjYLYEB6UOS4k3+ATgOe9dTN0vzNV/fy KbuXJGCuAGVeSJEeoC6QYy/b97D276FYr49dfSZL1QXUHzU05aSvSjWYU1X7qdbdaheV J6q8htQgPKzIeL6GD66oT+Ysx7ovhjJr5YlqU6Rei8qdIPuXoaYqlpY+d2Vae9tL/Yz2 jpkEQ1DPQAdtiV4g9OziAx+B5iaM6aBjk05aBR3AicqYCPQfJnAvC45M/W9aIxh6Ddu6 W8aQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references; bh=TBTsoHkOSPWF6m1dxB330YkB3+8Nldf+m4+0HcJUbIg=; b=R2ez/RSKmhgHgNWSyhUn/oCZjVOjZGAEXvclvS6p8G/2620tmAzuN5HH1vUXeuHRK4 gA/zm/hnMWx//5PcvKgCzerpkZ/Ig/3iomynJ8QOvVMb7vA+qMr3fA2O5wnDq6JKcVBR kIm44JxWYu0Iq757/gzDhmzpTrMcYaOA/UWr/CRkSSmdJJ5laWBfGMk0sikgJvk2c/fw 8gvqXC6TK0mYkFjIZCHZdffoM1f/mWuDBX9wiPSP0C1kNe4CKNFE+OUA5k05LUuYnQTe 4FgSFPDEVlsd8Ldisoei9NqROFf4aq689MaUE4Fc3a5euatre0WFWpfOkvzUkumN3e/x 1cag== X-Gm-Message-State: ALoCoQncyQurbKfaeDJ+1XhX14RBAcEydb+xZMHCQfE/LGePSKidm4oOou7+n794ENUU98YWOpSK X-Received: by 10.68.129.40 with SMTP id nt8mr27716094pbb.118.1446926440924; Sat, 07 Nov 2015 12:00:40 -0800 (PST) Received: from localhost.localdomain ([208.91.2.4]) by smtp.gmail.com with ESMTPSA id nu5sm7312219pbb.65.2015.11.07.12.00.39 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sat, 07 Nov 2015 12:00:39 -0800 (PST) X-CudaMail-Envelope-Sender: joestringer@nicira.com X-Barracuda-Apparent-Source-IP: 208.91.2.4 From: Joe Stringer To: dev@openvswitch.org X-CudaMail-Whitelist-To: dev@openvswitch.org X-CudaMail-MID: CM-V3-1106015567 X-CudaMail-DTE: 110715 X-CudaMail-Originating-IP: 209.85.220.43 Date: Sat, 7 Nov 2015 11:59:59 -0800 X-ASG-Orig-Subj: [##CM-V3-1106015567##][PATCH 21/23] system-traffic: Add extra FTP corner case test. Message-Id: <1446926401-55723-22-git-send-email-joestringer@nicira.com> X-Mailer: git-send-email 2.1.4 In-Reply-To: <1446926401-55723-1-git-send-email-joestringer@nicira.com> References: <1446926401-55723-1-git-send-email-joestringer@nicira.com> X-Barracuda-Connect: UNKNOWN[192.168.14.3] X-Barracuda-Start-Time: 1446926441 X-Barracuda-Encrypted: DHE-RSA-AES256-SHA X-Barracuda-URL: https://web.cudamail.com:443/cgi-mod/mark.cgi X-ASG-Whitelist: Header =?UTF-8?B?eFwtY3VkYW1haWxcLXdoaXRlbGlzdFwtdG8=?= X-Virus-Scanned: by bsmtpd at cudamail.com X-Barracuda-BRTS-Status: 1 Subject: [ovs-dev] [PATCH 21/23] system-traffic: Add extra FTP corner case test. X-BeenThere: dev@openvswitch.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: dev-bounces@openvswitch.org Sender: "dev" Test the corner case where commit occurs only on "new" related connections. Signed-off-by: Joe Stringer --- tests/system-traffic.at | 51 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) diff --git a/tests/system-traffic.at b/tests/system-traffic.at index 0950b840cd15..3b47cced678f 100644 --- a/tests/system-traffic.at +++ b/tests/system-traffic.at @@ -1057,6 +1057,57 @@ TIME_WAIT src=10.1.1.1 dst=10.1.1.2 sport= dport= src=10.1.1.2 OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP +AT_SETUP([conntrack - FTP commit then decide]) +AT_SKIP_IF([test $HAVE_PYFTPDLIB = no]) +CHECK_CONNTRACK() +OVS_TRAFFIC_VSWITCHD_START( + [set-fail-mode br0 standalone -- ]) + +ADD_NAMESPACES(at_ns0, at_ns1) + +ADD_VETH(p0, at_ns0, br0, "10.1.1.1/24") +ADD_VETH(p1, at_ns1, br0, "10.1.1.2/24") + +dnl Allow any traffic from ns0->ns1. Only allow nd, return traffic from ns1->ns0. +dnl +dnl This tests a bug in the "ct(commit)" action where new,related connections +dnl are not always marked as new. +AT_DATA([flows1.txt], [dnl +priority=1,action=drop +priority=10,arp,action=normal +priority=10,icmp,action=normal +priority=100,in_port=1,tcp,ct_state=-trk,action=ct(alg=ftp,commit,table=1) +priority=100,table=1,in_port=1,tcp,ct_state=+new,action=2 +priority=100,table=1,in_port=1,tcp,ct_state=+est,action=2 +priority=100,in_port=2,tcp,ct_state=-trk,action=ct(commit,table=1) +priority=100,table=1,in_port=2,tcp,ct_state=+trk+est,action=1 +priority=100,table=1,in_port=2,tcp,ct_state=+trk+rel+new,action=1 +]) + +AT_CHECK([ovs-ofctl add-flows br0 flows1.txt]) + +NETNS_DAEMONIZE([at_ns0], [[$PYTHON $srcdir/test-l7.py ftp]], [ftp1.pid]) +NETNS_DAEMONIZE([at_ns1], [[$PYTHON $srcdir/test-l7.py ftp]], [ftp0.pid]) + +dnl FTP requests from p1->p0 should fail due to network failure, even though +dnl FTP daemons are running in both namespaces. +dnl Try 3 times, in 1 second intervals. +NS_CHECK_EXEC([at_ns1], [wget ftp://10.1.1.1 --no-passive-ftp -t 3 -T 1 -v -o wget1.log], [4]) +AT_CHECK([conntrack -L 2>&1 | FORMAT_CT(10.1.1.1)], [0], [dnl +SYN_SENT src=10.1.1.2 dst=10.1.1.1 sport= dport= [[UNREPLIED]] src=10.1.1.1 dst=10.1.1.2 sport= dport= mark=0 helper=ftp use=1 +]) + +dnl FTP requests from p0->p1 should work fine. +NS_CHECK_EXEC([at_ns0], [wget ftp://10.1.1.2 --no-passive-ftp -t 3 -T 1 --retry-connrefused -v -o wget0.log]) +AT_CHECK([conntrack -L 2>&1 | FORMAT_CT(10.1.1.2) | grep -v "FIN"], [0], [dnl +SYN_SENT src=10.1.1.2 dst=10.1.1.1 sport= dport= [[UNREPLIED]] src=10.1.1.1 dst=10.1.1.2 sport= dport= mark=0 helper=ftp use=1 +TIME_WAIT src=10.1.1.1 dst=10.1.1.2 sport= dport= src=10.1.1.2 dst=10.1.1.1 sport= dport= [[ASSURED]] mark=0 helper=ftp use=2 +TIME_WAIT src=10.1.1.2 dst=10.1.1.1 sport= dport= src=10.1.1.1 dst=10.1.1.2 sport= dport= [[ASSURED]] mark=0 use=1 +]) + +OVS_TRAFFIC_VSWITCHD_STOP +AT_CLEANUP + AT_SETUP([conntrack - IPv4 fragmentation ]) CHECK_CONNTRACK() OVS_TRAFFIC_VSWITCHD_START(