diff mbox

[ovs-dev,21/23] system-traffic: Add extra FTP corner case test.

Message ID 1446926401-55723-22-git-send-email-joestringer@nicira.com
State Superseded
Headers show

Commit Message

Joe Stringer Nov. 7, 2015, 7:59 p.m. UTC 
Test the corner case where commit occurs only on "new" related
connections.

Signed-off-by: Joe Stringer <joestringer@nicira.com>
---
 tests/system-traffic.at | 51 +++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 51 insertions(+)
diff mbox

Patch

diff --git a/tests/system-traffic.at b/tests/system-traffic.at
index 0950b840cd15..3b47cced678f 100644
--- a/tests/system-traffic.at
+++ b/tests/system-traffic.at
@@ -1057,6 +1057,57 @@  TIME_WAIT src=10.1.1.1 dst=10.1.1.2 sport=<cleared> dport=<cleared> src=10.1.1.2
 OVS_TRAFFIC_VSWITCHD_STOP
 AT_CLEANUP
 
+AT_SETUP([conntrack - FTP commit then decide])
+AT_SKIP_IF([test $HAVE_PYFTPDLIB = no])
+CHECK_CONNTRACK()
+OVS_TRAFFIC_VSWITCHD_START(
+   [set-fail-mode br0 standalone -- ])
+
+ADD_NAMESPACES(at_ns0, at_ns1)
+
+ADD_VETH(p0, at_ns0, br0, "10.1.1.1/24")
+ADD_VETH(p1, at_ns1, br0, "10.1.1.2/24")
+
+dnl Allow any traffic from ns0->ns1. Only allow nd, return traffic from ns1->ns0.
+dnl
+dnl This tests a bug in the "ct(commit)" action where new,related connections
+dnl are not always marked as new.
+AT_DATA([flows1.txt], [dnl
+priority=1,action=drop
+priority=10,arp,action=normal
+priority=10,icmp,action=normal
+priority=100,in_port=1,tcp,ct_state=-trk,action=ct(alg=ftp,commit,table=1)
+priority=100,table=1,in_port=1,tcp,ct_state=+new,action=2
+priority=100,table=1,in_port=1,tcp,ct_state=+est,action=2
+priority=100,in_port=2,tcp,ct_state=-trk,action=ct(commit,table=1)
+priority=100,table=1,in_port=2,tcp,ct_state=+trk+est,action=1
+priority=100,table=1,in_port=2,tcp,ct_state=+trk+rel+new,action=1
+])
+
+AT_CHECK([ovs-ofctl add-flows br0 flows1.txt])
+
+NETNS_DAEMONIZE([at_ns0], [[$PYTHON $srcdir/test-l7.py ftp]], [ftp1.pid])
+NETNS_DAEMONIZE([at_ns1], [[$PYTHON $srcdir/test-l7.py ftp]], [ftp0.pid])
+
+dnl FTP requests from p1->p0 should fail due to network failure, even though
+dnl FTP daemons are running in both namespaces.
+dnl Try 3 times, in 1 second intervals.
+NS_CHECK_EXEC([at_ns1], [wget ftp://10.1.1.1 --no-passive-ftp  -t 3 -T 1 -v -o wget1.log], [4])
+AT_CHECK([conntrack -L 2>&1 | FORMAT_CT(10.1.1.1)], [0], [dnl
+SYN_SENT src=10.1.1.2 dst=10.1.1.1 sport=<cleared> dport=<cleared> [[UNREPLIED]] src=10.1.1.1 dst=10.1.1.2 sport=<cleared> dport=<cleared> mark=0 helper=ftp use=1
+])
+
+dnl FTP requests from p0->p1 should work fine.
+NS_CHECK_EXEC([at_ns0], [wget ftp://10.1.1.2 --no-passive-ftp -t 3 -T 1 --retry-connrefused -v -o wget0.log])
+AT_CHECK([conntrack -L 2>&1 | FORMAT_CT(10.1.1.2) | grep -v "FIN"], [0], [dnl
+SYN_SENT src=10.1.1.2 dst=10.1.1.1 sport=<cleared> dport=<cleared> [[UNREPLIED]] src=10.1.1.1 dst=10.1.1.2 sport=<cleared> dport=<cleared> mark=0 helper=ftp use=1
+TIME_WAIT src=10.1.1.1 dst=10.1.1.2 sport=<cleared> dport=<cleared> src=10.1.1.2 dst=10.1.1.1 sport=<cleared> dport=<cleared> [[ASSURED]] mark=0 helper=ftp use=2
+TIME_WAIT src=10.1.1.2 dst=10.1.1.1 sport=<cleared> dport=<cleared> src=10.1.1.1 dst=10.1.1.2 sport=<cleared> dport=<cleared> [[ASSURED]] mark=0 use=1
+])
+
+OVS_TRAFFIC_VSWITCHD_STOP
+AT_CLEANUP
+
 AT_SETUP([conntrack - IPv4 fragmentation ])
 CHECK_CONNTRACK()
 OVS_TRAFFIC_VSWITCHD_START(