diff mbox

[ovs-dev,v2,10/11] system-traffic: use `dpctl/*conntrack` instead of `conntrack` tool.

Message ID 1446779562-3837-11-git-send-email-diproiettod@vmware.com
State Deferred
Headers show

Commit Message

Daniele Di Proietto Nov. 6, 2015, 3:12 a.m. UTC 
Often in the tests we inspect the conntrack tables with the 'conntrack'
command line utility.  Since this may not always be available, and since
these tests are supposed to run with the upcoming userspace connection
tracker, it is better to use the newly implemented dpctl command.

Due to the tcp state mapping done in tcp_state_coalesce(), SYN_RECV is
replaced by ESTABLISHED in four places in the testsuite.  The rest of
the changes are just done to match the formatting style.

Also, check the conntrack entries for the IPv6 HTTP test.

Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
---
 tests/system-common-macros.at |  18 ++-----
 tests/system-traffic.at       | 114 ++++++++++++++++++++++--------------------
 2 files changed, 64 insertions(+), 68 deletions(-)
diff mbox

Patch

diff --git a/tests/system-common-macros.at b/tests/system-common-macros.at
index 7836f65..c732d28 100644
--- a/tests/system-common-macros.at
+++ b/tests/system-common-macros.at
@@ -119,21 +119,13 @@  m4_define([ADD_NATIVE_TUNNEL],
 #
 m4_define([FORMAT_PING], [grep "transmitted" | sed 's/time.*ms$/time 0ms/'])
 
-# FORMAT_CT()
+# FORMAT_CT([ip-addr])
+#
+# Strip content from the piped input which would differ from test to test
+# and limit the output to the rows containing 'ip-addr'.
 #
-# Strip content from the piped input which would differ from test to test.
-# Strip also content that depends on the system setup (accounting,
-# timestamping)
 m4_define([FORMAT_CT],
-    [[grep "dst=$1" | sed -e 's/port=[0-9]*/port=<cleared>/g' -e 's/  */ /g' \
-                          -e 's/secctx[^ ]* //' \
-                          -e 's/packets=[^ ]* //' \
-                          -e 's/bytes=[^ ]* //' \
-                          -e 's/packets=[^ ]* //' \
-                          -e 's/bytes=[^ ]* //' \
-                          -e 's/delta-time=[^ ]* //' \
-                          -e 's/id=[0-9]*/id=<cleared>/g' \
-                    | cut -d' ' -f4- | sort | uniq]])
+    [[grep "dst=$1" | sed -e 's/port=[0-9]*/port=<cleared>/g' -e 's/id=[0-9]*/id=<cleared>/g' | sort | uniq]])
 
 # NETNS_DAEMONIZE([namespace], [command], [pidfile])
 #
diff --git a/tests/system-traffic.at b/tests/system-traffic.at
index 3b2de83..9a49eae 100644
--- a/tests/system-traffic.at
+++ b/tests/system-traffic.at
@@ -213,8 +213,8 @@  dnl HTTP requests from ns0->ns1 should work fine.
 NETNS_DAEMONIZE([at_ns1], [[$PYTHON $srcdir/test-l7.py]], [http0.pid])
 NS_CHECK_EXEC([at_ns0], [wget 10.1.1.2 -t 3 -T 1 --retry-connrefused -v -o wget0.log])
 
-AT_CHECK([conntrack -L 2>&1 | FORMAT_CT(10.1.1.2)], [0], [dnl
-TIME_WAIT src=10.1.1.1 dst=10.1.1.2 sport=<cleared> dport=<cleared> src=10.1.1.2 dst=10.1.1.1 sport=<cleared> dport=<cleared> [[ASSURED]] mark=0 use=1
+AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl
+tcp orig=(src=10.1.1.1 dst=10.1.1.2 sport=<cleared> dport=<cleared>) reply=(src=10.1.1.2 dst=10.1.1.1 sport=<cleared> dport=<cleared>) protoinfo=(state=TIME_WAIT)
 ])
 
 dnl HTTP requests from ns1->ns0 should fail due to network failure.
@@ -255,6 +255,10 @@  NETNS_DAEMONIZE([at_ns1], [[$PYTHON $srcdir/test-l7.py http6]], [http0.pid])
 
 NS_CHECK_EXEC([at_ns0], [wget http://[[fc00::2]] -t 3 -T 1 --retry-connrefused -v -o wget0.log])
 
+AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(fc00::2)], [0], [dnl
+tcp orig=(src=fc00::1 dst=fc00::2 sport=<cleared> dport=<cleared>) reply=(src=fc00::2 dst=fc00::1 sport=<cleared> dport=<cleared>) protoinfo=(state=TIME_WAIT)
+])
+
 dnl HTTP requests from ns1->ns0 should fail due to network failure.
 dnl Try 3 times, in 1 second intervals.
 NETNS_DAEMONIZE([at_ns0], [[$PYTHON $srcdir/test-l7.py http6]], [http1.pid])
@@ -421,8 +425,8 @@  dnl HTTP requests from p0->p1 should work fine.
 NETNS_DAEMONIZE([at_ns1], [[$PYTHON $srcdir/test-l7.py]], [http0.pid])
 NS_CHECK_EXEC([at_ns0], [wget 10.1.1.2 -t 3 -T 1 --retry-connrefused -v -o wget0.log])
 
-AT_CHECK([conntrack -L 2>&1 | FORMAT_CT(10.1.1.2)], [0], [dnl
-TIME_WAIT src=10.1.1.1 dst=10.1.1.2 sport=<cleared> dport=<cleared> src=10.1.1.2 dst=10.1.1.1 sport=<cleared> dport=<cleared> [[ASSURED]] mark=0 zone=1 use=1
+AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl
+tcp orig=(src=10.1.1.1 dst=10.1.1.2 sport=<cleared> dport=<cleared>) reply=(src=10.1.1.2 dst=10.1.1.1 sport=<cleared> dport=<cleared>) zone=1 protoinfo=(state=TIME_WAIT)
 ])
 
 dnl HTTP requests from p2->p3 should fail due to network failure.
@@ -430,8 +434,8 @@  dnl Try 3 times, in 1 second intervals.
 NETNS_DAEMONIZE([at_ns3], [[$PYTHON $srcdir/test-l7.py]], [http1.pid])
 NS_CHECK_EXEC([at_ns2], [wget 10.1.1.4 -t 3 -T 1 -v -o wget1.log], [4])
 
-AT_CHECK([conntrack -L 2>&1 | FORMAT_CT(10.1.1.4)], [0], [dnl
-SYN_RECV src=10.1.1.3 dst=10.1.1.4 sport=<cleared> dport=<cleared> src=10.1.1.4 dst=10.1.1.3 sport=<cleared> dport=<cleared> mark=0 zone=2 use=1
+AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.4)], [0], [dnl
+tcp orig=(src=10.1.1.3 dst=10.1.1.4 sport=<cleared> dport=<cleared>) reply=(src=10.1.1.4 dst=10.1.1.3 sport=<cleared> dport=<cleared>) zone=2 protoinfo=(state=ESTABLISHED)
 ])
 
 OVS_TRAFFIC_VSWITCHD_STOP
@@ -468,8 +472,8 @@  dnl HTTP requests from p0->p1 should work fine.
 NETNS_DAEMONIZE([at_ns1], [[$PYTHON $srcdir/test-l7.py]], [http0.pid])
 NS_CHECK_EXEC([at_ns0], [wget 10.1.1.2 -t 3 -T 1 --retry-connrefused -v -o wget0.log])
 
-AT_CHECK([conntrack -L 2>&1 | FORMAT_CT(10.1.1.2)], [0], [dnl
-TIME_WAIT src=10.1.1.1 dst=10.1.1.2 sport=<cleared> dport=<cleared> src=10.1.1.2 dst=10.1.1.1 sport=<cleared> dport=<cleared> [[ASSURED]] mark=0 zone=4097 use=1
+AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl
+tcp orig=(src=10.1.1.1 dst=10.1.1.2 sport=<cleared> dport=<cleared>) reply=(src=10.1.1.2 dst=10.1.1.1 sport=<cleared> dport=<cleared>) zone=4097 protoinfo=(state=TIME_WAIT)
 ])
 
 dnl HTTP requests from p2->p3 should fail due to network failure.
@@ -477,8 +481,8 @@  dnl Try 3 times, in 1 second intervals.
 NETNS_DAEMONIZE([at_ns3], [[$PYTHON $srcdir/test-l7.py]], [http1.pid])
 NS_CHECK_EXEC([at_ns2], [wget 10.1.1.4 -t 3 -T 1 -v -o wget1.log], [4])
 
-AT_CHECK([conntrack -L 2>&1 | FORMAT_CT(10.1.1.4)], [0], [dnl
-SYN_RECV src=10.1.1.3 dst=10.1.1.4 sport=<cleared> dport=<cleared> src=10.1.1.4 dst=10.1.1.3 sport=<cleared> dport=<cleared> mark=0 zone=4098 use=1
+AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.4)], [0], [dnl
+tcp orig=(src=10.1.1.3 dst=10.1.1.4 sport=<cleared> dport=<cleared>) reply=(src=10.1.1.4 dst=10.1.1.3 sport=<cleared> dport=<cleared>) zone=4098 protoinfo=(state=ESTABLISHED)
 ])
 
 OVS_TRAFFIC_VSWITCHD_STOP
@@ -558,9 +562,9 @@  NS_CHECK_EXEC([at_ns0], [wget 10.1.1.2 -t 3 -T 1 --retry-connrefused -v -o wget0
 dnl (again) HTTP requests from p0->p1 should work fine.
 NS_CHECK_EXEC([at_ns0], [wget 10.1.1.2 -t 3 -T 1 --retry-connrefused -v -o wget0.log])
 
-AT_CHECK([conntrack -L 2>&1 | FORMAT_CT(10.1.1.2)], [0], [dnl
-SYN_SENT src=10.1.1.1 dst=10.1.1.2 sport=<cleared> dport=<cleared> [[UNREPLIED]] src=10.1.1.2 dst=10.1.1.1 sport=<cleared> dport=<cleared> mark=0 zone=1 use=1
-TIME_WAIT src=10.1.1.1 dst=10.1.1.2 sport=<cleared> dport=<cleared> src=10.1.1.2 dst=10.1.1.1 sport=<cleared> dport=<cleared> [[ASSURED]] mark=0 zone=2 use=1
+AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl
+tcp orig=(src=10.1.1.1 dst=10.1.1.2 sport=<cleared> dport=<cleared>) reply=(src=10.1.1.2 dst=10.1.1.1 sport=<cleared> dport=<cleared>) zone=1 protoinfo=(state=SYN_SENT)
+tcp orig=(src=10.1.1.1 dst=10.1.1.2 sport=<cleared> dport=<cleared>) reply=(src=10.1.1.2 dst=10.1.1.1 sport=<cleared> dport=<cleared>) zone=2 protoinfo=(state=TIME_WAIT)
 ])
 
 OVS_TRAFFIC_VSWITCHD_STOP
@@ -604,11 +608,11 @@  AT_CHECK([wget 10.1.1.2 -t 3 -T 1 --retry-connrefused -v -o wget0.log])
 dnl (again) HTTP requests from root namespace to  p0 should work fine.
 AT_CHECK([wget 10.1.1.2 -t 3 -T 1 --retry-connrefused -v -o wget0.log])
 
-AT_CHECK([conntrack -L 2>&1 | FORMAT_CT(10.1.1.2) | grep "zone"], [0], [dnl
-TIME_WAIT src=10.1.1.1 dst=10.1.1.2 sport=<cleared> dport=<cleared> src=10.1.1.2 dst=10.1.1.1 sport=<cleared> dport=<cleared> [[ASSURED]] mark=0 zone=1 use=1
-TIME_WAIT src=10.1.1.1 dst=10.1.1.2 sport=<cleared> dport=<cleared> src=10.1.1.2 dst=10.1.1.1 sport=<cleared> dport=<cleared> [[ASSURED]] mark=0 zone=2 use=1
-src=10.1.1.1 dst=10.1.1.2 type=8 code=0 id=<cleared> src=10.1.1.2 dst=10.1.1.1 type=0 code=0 id=<cleared> mark=0 zone=1 use=1
-src=10.1.1.1 dst=10.1.1.2 type=8 code=0 id=<cleared> src=10.1.1.2 dst=10.1.1.1 type=0 code=0 id=<cleared> mark=0 zone=2 use=1
+AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2) | grep "zone"], [0], [dnl
+icmp orig=(src=10.1.1.1 dst=10.1.1.2 id=<cleared>) reply=(src=10.1.1.2 dst=10.1.1.1 id=<cleared>) zone=1
+icmp orig=(src=10.1.1.1 dst=10.1.1.2 id=<cleared>) reply=(src=10.1.1.2 dst=10.1.1.1 id=<cleared>) zone=2
+tcp orig=(src=10.1.1.1 dst=10.1.1.2 sport=<cleared> dport=<cleared>) reply=(src=10.1.1.2 dst=10.1.1.1 sport=<cleared> dport=<cleared>) zone=1 protoinfo=(state=TIME_WAIT)
+tcp orig=(src=10.1.1.1 dst=10.1.1.2 sport=<cleared> dport=<cleared>) reply=(src=10.1.1.2 dst=10.1.1.1 sport=<cleared> dport=<cleared>) zone=2 protoinfo=(state=TIME_WAIT)
 ])
 
 OVS_TRAFFIC_VSWITCHD_STOP
@@ -674,11 +678,11 @@  AT_CHECK([wget 10.1.1.2 -t 3 -T 1 --retry-connrefused -v -o wget0.log])
 dnl (again) HTTP requests from root namespace to p0 should work fine.
 AT_CHECK([wget 10.1.1.2 -t 3 -T 1 --retry-connrefused -v -o wget0.log])
 
-AT_CHECK([conntrack -L 2>&1 | FORMAT_CT(10.1.1.2) | grep "zone"], [0], [dnl
-TIME_WAIT src=10.1.1.1 dst=10.1.1.2 sport=<cleared> dport=<cleared> src=10.1.1.2 dst=10.1.1.1 sport=<cleared> dport=<cleared> [[ASSURED]] mark=0 zone=1 use=1
-TIME_WAIT src=10.1.1.1 dst=10.1.1.2 sport=<cleared> dport=<cleared> src=10.1.1.2 dst=10.1.1.1 sport=<cleared> dport=<cleared> [[ASSURED]] mark=0 zone=65534 use=1
-src=10.1.1.1 dst=10.1.1.2 type=8 code=0 id=<cleared> src=10.1.1.2 dst=10.1.1.1 type=0 code=0 id=<cleared> mark=0 zone=1 use=1
-src=10.1.1.1 dst=10.1.1.2 type=8 code=0 id=<cleared> src=10.1.1.2 dst=10.1.1.1 type=0 code=0 id=<cleared> mark=0 zone=65534 use=1
+AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2) | grep "zone"], [0], [dnl
+icmp orig=(src=10.1.1.1 dst=10.1.1.2 id=<cleared>) reply=(src=10.1.1.2 dst=10.1.1.1 id=<cleared>) zone=1
+icmp orig=(src=10.1.1.1 dst=10.1.1.2 id=<cleared>) reply=(src=10.1.1.2 dst=10.1.1.1 id=<cleared>) zone=65534
+tcp orig=(src=10.1.1.1 dst=10.1.1.2 sport=<cleared> dport=<cleared>) reply=(src=10.1.1.2 dst=10.1.1.1 sport=<cleared> dport=<cleared>) zone=1 protoinfo=(state=TIME_WAIT)
+tcp orig=(src=10.1.1.1 dst=10.1.1.2 sport=<cleared> dport=<cleared>) reply=(src=10.1.1.2 dst=10.1.1.1 sport=<cleared> dport=<cleared>) zone=65534 protoinfo=(state=TIME_WAIT)
 ])
 
 OVS_TRAFFIC_VSWITCHD_STOP
@@ -716,8 +720,8 @@  dnl HTTP requests from p0->p1 should work fine.
 NETNS_DAEMONIZE([at_ns1], [[$PYTHON $srcdir/test-l7.py]], [http0.pid])
 NS_CHECK_EXEC([at_ns0], [wget 10.1.1.2 -t 3 -T 1 --retry-connrefused -v -o wget0.log])
 
-AT_CHECK([conntrack -L 2>&1 | FORMAT_CT(10.1.1.2) | grep TIME], [0], [dnl
-TIME_WAIT src=10.1.1.1 dst=10.1.1.2 sport=<cleared> dport=<cleared> src=10.1.1.2 dst=10.1.1.1 sport=<cleared> dport=<cleared> [[ASSURED]] mark=1 use=1
+AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2) | grep TIME], [0], [dnl
+tcp orig=(src=10.1.1.1 dst=10.1.1.2 sport=<cleared> dport=<cleared>) reply=(src=10.1.1.2 dst=10.1.1.1 sport=<cleared> dport=<cleared>) mark=1 protoinfo=(state=TIME_WAIT)
 ])
 
 dnl HTTP requests from p2->p3 should fail due to network failure.
@@ -725,8 +729,8 @@  dnl Try 3 times, in 1 second intervals.
 NETNS_DAEMONIZE([at_ns3], [[$PYTHON $srcdir/test-l7.py]], [http1.pid])
 NS_CHECK_EXEC([at_ns2], [wget 10.1.1.4 -t 3 -T 1 -v -o wget1.log], [4])
 
-AT_CHECK([conntrack -L 2>&1 | FORMAT_CT(10.1.1.4)], [0], [dnl
-SYN_RECV src=10.1.1.3 dst=10.1.1.4 sport=<cleared> dport=<cleared> src=10.1.1.4 dst=10.1.1.3 sport=<cleared> dport=<cleared> mark=2 use=1
+AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.4)], [0], [dnl
+tcp orig=(src=10.1.1.3 dst=10.1.1.4 sport=<cleared> dport=<cleared>) reply=(src=10.1.1.4 dst=10.1.1.3 sport=<cleared> dport=<cleared>) mark=2 protoinfo=(state=ESTABLISHED)
 ])
 
 OVS_TRAFFIC_VSWITCHD_STOP
@@ -763,8 +767,8 @@  dnl HTTP requests from p0->p1 should work fine.
 NETNS_DAEMONIZE([at_ns1], [[$PYTHON $srcdir/test-l7.py]], [http0.pid])
 NS_CHECK_EXEC([at_ns0], [wget 10.1.1.2 -t 3 -T 1 --retry-connrefused -v -o wget0.log])
 
-AT_CHECK([conntrack -L 2>&1 | FORMAT_CT(10.1.1.2) | grep TIME], [0], [dnl
-TIME_WAIT src=10.1.1.1 dst=10.1.1.2 sport=<cleared> dport=<cleared> src=10.1.1.2 dst=10.1.1.1 sport=<cleared> dport=<cleared> [[ASSURED]] mark=1 use=1
+AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2) | grep TIME], [0], [dnl
+tcp orig=(src=10.1.1.1 dst=10.1.1.2 sport=<cleared> dport=<cleared>) reply=(src=10.1.1.2 dst=10.1.1.1 sport=<cleared> dport=<cleared>) mark=1 protoinfo=(state=TIME_WAIT)
 ])
 
 dnl HTTP requests from p2->p3 should fail due to network failure.
@@ -772,8 +776,8 @@  dnl Try 3 times, in 1 second intervals.
 NETNS_DAEMONIZE([at_ns3], [[$PYTHON $srcdir/test-l7.py]], [http1.pid])
 NS_CHECK_EXEC([at_ns2], [wget 10.1.1.4 -t 3 -T 1 -v -o wget1.log], [4])
 
-AT_CHECK([conntrack -L 2>&1 | FORMAT_CT(10.1.1.4)], [0], [dnl
-SYN_RECV src=10.1.1.3 dst=10.1.1.4 sport=<cleared> dport=<cleared> src=10.1.1.4 dst=10.1.1.3 sport=<cleared> dport=<cleared> mark=2 use=1
+AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.4)], [0], [dnl
+tcp orig=(src=10.1.1.3 dst=10.1.1.4 sport=<cleared> dport=<cleared>) reply=(src=10.1.1.4 dst=10.1.1.3 sport=<cleared> dport=<cleared>) mark=2 protoinfo=(state=ESTABLISHED)
 ])
 
 OVS_TRAFFIC_VSWITCHD_STOP
@@ -945,40 +949,40 @@  NETNS_DAEMONIZE([at_ns1], [[$PYTHON $srcdir/test-l7.py ftp]], [ftp0.pid])
 dnl FTP requests from p1->p0 should fail due to network failure.
 dnl Try 3 times, in 1 second intervals.
 NS_CHECK_EXEC([at_ns1], [wget ftp://10.1.1.1 --no-passive-ftp  -t 3 -T 1 -v -o wget1.log], [4])
-AT_CHECK([conntrack -L 2>&1 | FORMAT_CT(10.1.1.1)], [0], [dnl
+AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.1)], [0], [dnl
 ])
 
 dnl FTP requests from p0->p1 should work fine.
 NS_CHECK_EXEC([at_ns0], [wget ftp://10.1.1.2 --no-passive-ftp -t 3 -T 1 --retry-connrefused -v -o wget0.log])
-AT_CHECK([conntrack -L 2>&1 | FORMAT_CT(10.1.1.2) | grep -v "FIN"], [0], [dnl
-TIME_WAIT src=10.1.1.1 dst=10.1.1.2 sport=<cleared> dport=<cleared> src=10.1.1.2 dst=10.1.1.1 sport=<cleared> dport=<cleared> [[ASSURED]] mark=0 helper=ftp use=1
+AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2) | grep -v "FIN"], [0], [dnl
+tcp orig=(src=10.1.1.1 dst=10.1.1.2 sport=<cleared> dport=<cleared>) reply=(src=10.1.1.2 dst=10.1.1.1 sport=<cleared> dport=<cleared>) protoinfo=(state=TIME_WAIT) helper=ftp
 ])
 
 dnl Try the second set of flows.
-conntrack -F
+AT_CHECK([ovs-appctl dpctl/flush-conntrack])
 AT_CHECK([ovs-ofctl del-flows br0])
 AT_CHECK([ovs-ofctl add-flows br0 flows2.txt])
 
 dnl FTP requests from p1->p0 should fail due to network failure.
 dnl Try 3 times, in 1 second intervals.
 NS_CHECK_EXEC([at_ns1], [wget ftp://10.1.1.1 --no-passive-ftp  -t 3 -T 1 -v -o wget1.log], [4])
-AT_CHECK([conntrack -L 2>&1 | FORMAT_CT(10.1.1.1)], [0], [dnl
+AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.1)], [0], [dnl
 ])
 
 dnl Active FTP requests from p0->p1 should work fine.
 NS_CHECK_EXEC([at_ns0], [wget ftp://10.1.1.2 --no-passive-ftp -t 3 -T 1 --retry-connrefused -v -o wget0.log])
-AT_CHECK([conntrack -L 2>&1 | FORMAT_CT(10.1.1.2) | grep -v "FIN"], [0], [dnl
-TIME_WAIT src=10.1.1.1 dst=10.1.1.2 sport=<cleared> dport=<cleared> src=10.1.1.2 dst=10.1.1.1 sport=<cleared> dport=<cleared> [[ASSURED]] mark=0 helper=ftp use=2
-TIME_WAIT src=10.1.1.2 dst=10.1.1.1 sport=<cleared> dport=<cleared> src=10.1.1.1 dst=10.1.1.2 sport=<cleared> dport=<cleared> [[ASSURED]] mark=0 use=1
+AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2) | grep -v "FIN"], [0], [dnl
+tcp orig=(src=10.1.1.1 dst=10.1.1.2 sport=<cleared> dport=<cleared>) reply=(src=10.1.1.2 dst=10.1.1.1 sport=<cleared> dport=<cleared>) protoinfo=(state=TIME_WAIT) helper=ftp
+tcp orig=(src=10.1.1.2 dst=10.1.1.1 sport=<cleared> dport=<cleared>) reply=(src=10.1.1.1 dst=10.1.1.2 sport=<cleared> dport=<cleared>) protoinfo=(state=TIME_WAIT)
 ])
 
-AT_CHECK([conntrack -F 2>/dev/null])
+AT_CHECK([ovs-appctl dpctl/flush-conntrack])
 
 dnl Passive FTP requests from p0->p1 should work fine.
 NS_CHECK_EXEC([at_ns0], [wget ftp://10.1.1.2 -t 3 -T 1 --retry-connrefused -v -o wget0.log])
-AT_CHECK([conntrack -L 2>&1 | FORMAT_CT(10.1.1.2) | grep -v "FIN"], [0], [dnl
-TIME_WAIT src=10.1.1.1 dst=10.1.1.2 sport=<cleared> dport=<cleared> src=10.1.1.2 dst=10.1.1.1 sport=<cleared> dport=<cleared> [[ASSURED]] mark=0 helper=ftp use=2
-TIME_WAIT src=10.1.1.1 dst=10.1.1.2 sport=<cleared> dport=<cleared> src=10.1.1.2 dst=10.1.1.1 sport=<cleared> dport=<cleared> [[ASSURED]] mark=0 use=1
+AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2) | grep -v "FIN"], [0], [dnl
+tcp orig=(src=10.1.1.1 dst=10.1.1.2 sport=<cleared> dport=<cleared>) reply=(src=10.1.1.2 dst=10.1.1.1 sport=<cleared> dport=<cleared>) protoinfo=(state=TIME_WAIT)
+tcp orig=(src=10.1.1.1 dst=10.1.1.2 sport=<cleared> dport=<cleared>) reply=(src=10.1.1.2 dst=10.1.1.1 sport=<cleared> dport=<cleared>) protoinfo=(state=TIME_WAIT) helper=ftp
 ])
 
 OVS_TRAFFIC_VSWITCHD_STOP
@@ -1020,27 +1024,27 @@  NETNS_DAEMONIZE([at_ns1], [[$PYTHON $srcdir/test-l7.py ftp]], [ftp0.pid])
 dnl FTP requests from p1->p0 should fail due to network failure.
 dnl Try 3 times, in 1 second intervals.
 NS_CHECK_EXEC([at_ns1], [wget ftp://10.1.1.1 --no-passive-ftp  -t 3 -T 1 -v -o wget1.log], [4])
-AT_CHECK([conntrack -L 2>&1 | FORMAT_CT(10.1.1.1)], [0], [dnl
+AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.1)], [0], [dnl
 ])
 
 dnl Active FTP requests from p0->p1 should work fine.
 NS_CHECK_EXEC([at_ns0], [wget ftp://10.1.1.2 --no-passive-ftp -t 3 -T 1 --retry-connrefused -v -o wget0.log])
-AT_CHECK([conntrack -L 2>&1 | FORMAT_CT(10.1.1.2) | grep -v "FIN"], [0], [dnl
-TIME_WAIT src=10.1.1.1 dst=10.1.1.2 sport=<cleared> dport=<cleared> src=10.1.1.2 dst=10.1.1.1 sport=<cleared> dport=<cleared> [[ASSURED]] mark=0 zone=1 helper=ftp use=2
-TIME_WAIT src=10.1.1.1 dst=10.1.1.2 sport=<cleared> dport=<cleared> src=10.1.1.2 dst=10.1.1.1 sport=<cleared> dport=<cleared> [[ASSURED]] mark=0 zone=2 helper=ftp use=2
-TIME_WAIT src=10.1.1.2 dst=10.1.1.1 sport=<cleared> dport=<cleared> src=10.1.1.1 dst=10.1.1.2 sport=<cleared> dport=<cleared> [[ASSURED]] mark=0 zone=1 use=1
-TIME_WAIT src=10.1.1.2 dst=10.1.1.1 sport=<cleared> dport=<cleared> src=10.1.1.1 dst=10.1.1.2 sport=<cleared> dport=<cleared> [[ASSURED]] mark=0 zone=2 use=1
+AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2) | grep -v "FIN"], [0], [dnl
+tcp orig=(src=10.1.1.1 dst=10.1.1.2 sport=<cleared> dport=<cleared>) reply=(src=10.1.1.2 dst=10.1.1.1 sport=<cleared> dport=<cleared>) zone=1 protoinfo=(state=TIME_WAIT) helper=ftp
+tcp orig=(src=10.1.1.1 dst=10.1.1.2 sport=<cleared> dport=<cleared>) reply=(src=10.1.1.2 dst=10.1.1.1 sport=<cleared> dport=<cleared>) zone=2 protoinfo=(state=TIME_WAIT) helper=ftp
+tcp orig=(src=10.1.1.2 dst=10.1.1.1 sport=<cleared> dport=<cleared>) reply=(src=10.1.1.1 dst=10.1.1.2 sport=<cleared> dport=<cleared>) zone=1 protoinfo=(state=TIME_WAIT)
+tcp orig=(src=10.1.1.2 dst=10.1.1.1 sport=<cleared> dport=<cleared>) reply=(src=10.1.1.1 dst=10.1.1.2 sport=<cleared> dport=<cleared>) zone=2 protoinfo=(state=TIME_WAIT)
 ])
 
-AT_CHECK([conntrack -F 2>/dev/null])
+AT_CHECK([ovs-appctl dpctl/flush-conntrack])
 
 dnl Passive FTP requests from p0->p1 should work fine.
 NS_CHECK_EXEC([at_ns0], [wget ftp://10.1.1.2 -t 3 -T 1 --retry-connrefused -v -o wget0.log])
-AT_CHECK([conntrack -L 2>&1 | FORMAT_CT(10.1.1.2) | grep -v "FIN"], [0], [dnl
-TIME_WAIT src=10.1.1.1 dst=10.1.1.2 sport=<cleared> dport=<cleared> src=10.1.1.2 dst=10.1.1.1 sport=<cleared> dport=<cleared> [[ASSURED]] mark=0 zone=1 helper=ftp use=2
-TIME_WAIT src=10.1.1.1 dst=10.1.1.2 sport=<cleared> dport=<cleared> src=10.1.1.2 dst=10.1.1.1 sport=<cleared> dport=<cleared> [[ASSURED]] mark=0 zone=1 use=1
-TIME_WAIT src=10.1.1.1 dst=10.1.1.2 sport=<cleared> dport=<cleared> src=10.1.1.2 dst=10.1.1.1 sport=<cleared> dport=<cleared> [[ASSURED]] mark=0 zone=2 helper=ftp use=2
-TIME_WAIT src=10.1.1.1 dst=10.1.1.2 sport=<cleared> dport=<cleared> src=10.1.1.2 dst=10.1.1.1 sport=<cleared> dport=<cleared> [[ASSURED]] mark=0 zone=2 use=1
+AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2) | grep -v "FIN"], [0], [dnl
+tcp orig=(src=10.1.1.1 dst=10.1.1.2 sport=<cleared> dport=<cleared>) reply=(src=10.1.1.2 dst=10.1.1.1 sport=<cleared> dport=<cleared>) zone=1 protoinfo=(state=TIME_WAIT)
+tcp orig=(src=10.1.1.1 dst=10.1.1.2 sport=<cleared> dport=<cleared>) reply=(src=10.1.1.2 dst=10.1.1.1 sport=<cleared> dport=<cleared>) zone=1 protoinfo=(state=TIME_WAIT) helper=ftp
+tcp orig=(src=10.1.1.1 dst=10.1.1.2 sport=<cleared> dport=<cleared>) reply=(src=10.1.1.2 dst=10.1.1.1 sport=<cleared> dport=<cleared>) zone=2 protoinfo=(state=TIME_WAIT)
+tcp orig=(src=10.1.1.1 dst=10.1.1.2 sport=<cleared> dport=<cleared>) reply=(src=10.1.1.2 dst=10.1.1.1 sport=<cleared> dport=<cleared>) zone=2 protoinfo=(state=TIME_WAIT) helper=ftp
 ])
 
 OVS_TRAFFIC_VSWITCHD_STOP