system-traffic: Fix up FTP tests.

Prior to commit b87a5aacefe2 ("datapath: Fix cached ct with helper."),
we were relying on automatic helpers to ensure that FTP connections were
tracked correctly, regardless of the flows that existed in the datapath.
Now, we can drop the automatic helpers in the root namespace and still
have related connections work correctly. Also, the ALG should only be
specified when committing the connection. Update the rules.

Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Jarno Rajahalme <jarno@ovn.org>

diff --git a/tests/system-kmod-macros.at b/tests/system-kmod-macros.at
index cee0510..2134db7 100644 (file)
--- a/tests/system-kmod-macros.at
+++ b/tests/system-kmod-macros.at
@@ -63,6 +63,7 @@ m4_define([CHECK_CONNTRACK],
                 [modprobe mod || echo "Module mod not loaded."
                  on_exit 'modprobe -r mod'
                 ])
+     sysctl -w net.netfilter.nf_conntrack_helper=0
      on_exit 'ovstest test-netlink-conntrack flush'
     ]
 )

diff --git a/tests/system-traffic.at b/tests/system-traffic.at
index 14a75b6..a337950 100644 (file)
--- a/tests/system-traffic.at
+++ b/tests/system-traffic.at
@@ -1458,7 +1458,6 @@ AT_CHECK([ovs-appctl dpctl/flush-conntrack])
 dnl Passive FTP requests from p0->p1 should work fine.
 NS_CHECK_EXEC([at_ns0], [wget ftp://10.1.1.2 -t 3 -T 1 --retry-connrefused -v -o wget0-2.log])
 AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl
-tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=<cleared>,dport=<cleared>),reply=(src=10.1.1.2,dst=10.1.1.1,sport=<cleared>,dport=<cleared>),protoinfo=(state=<cleared>)
 tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=<cleared>,dport=<cleared>),reply=(src=10.1.1.2,dst=10.1.1.1,sport=<cleared>,dport=<cleared>),protoinfo=(state=<cleared>),helper=ftp
 ])
 
@@ -1539,13 +1538,14 @@ table=0,priority=10,arp,action=normal
 table=0,priority=10,icmp,action=normal
 
 dnl Traffic from ns1
-table=0,priority=100,in_port=1,tcp,action=ct(table=1,zone=1,alg=ftp)
-table=1,in_port=1,tcp,ct_zone=1,ct_state=+trk+new,action=ct(commit,alg=ftp,zone=1),ct(commit,alg=ftp,zone=2),2
+table=0,priority=100,in_port=1,tcp,action=ct(table=1,zone=1)
+table=1,in_port=1,tcp,ct_zone=1,ct_state=+trk+new-rel,action=ct(commit,alg=ftp,zone=1),ct(commit,alg=ftp,zone=2),2
+table=1,in_port=1,tcp,ct_zone=1,ct_state=+trk+new+rel,action=ct(commit,zone=1),ct(commit,zone=2),2
 table=1,in_port=1,tcp,ct_zone=1,ct_state=+trk+est,action=ct(table=2,zone=2)
 table=2,in_port=1,tcp,ct_zone=2,ct_state=+trk+est,action=2
 
 dnl Traffic from ns2
-table=0,priority=100,in_port=2,tcp,action=ct(table=1,alg=ftp,zone=2)
+table=0,priority=100,in_port=2,tcp,action=ct(table=1,zone=2)
 table=1,in_port=2,tcp,ct_zone=2,ct_state=+trk+rel,action=ct(commit,zone=2),ct(commit,zone=1),1
 table=1,in_port=2,tcp,ct_zone=2,ct_state=+trk+est,action=ct(table=2,zone=1)
 table=2,in_port=2,tcp,ct_zone=1,ct_state=+trk+rel,action=ct(commit,zone=2),ct(commit,zone=1),1