In passive mode, a ftp alg only touches the payload when doing DNAT to the server, so change the test accordingly and update the active mode checks test titles to reflect what they test.
Signed-off-by: David Marchand <[email protected]> --- tests/system-traffic.at | 54 ++++++++++++++++++++++++------------------------- 1 file changed, 27 insertions(+), 27 deletions(-) diff --git a/tests/system-traffic.at b/tests/system-traffic.at index cc2c35b..dae58a1 100644 --- a/tests/system-traffic.at +++ b/tests/system-traffic.at @@ -4218,7 +4218,7 @@ dnl dnl Checks the implementation of conntrack with FTP ALGs in combination with dnl NAT, using the provided flow table. m4_define([CHECK_FTP_NAT], - [AT_SETUP([conntrack - FTP NAT $1]) + [AT_SETUP([conntrack - FTP $1]) AT_SKIP_IF([test $HAVE_FTP = no]) CHECK_CONNTRACK() CHECK_CONNTRACK_NAT() @@ -4257,7 +4257,7 @@ ls OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP]) -dnl CHECK_FTP_NAT_PRE_RECIRC(TITLE, IP_ADDR, IP_ADDR_AS_HEX) +dnl CHECK_FTP_SNAT_PRE_RECIRC(TITLE, IP_ADDR, IP_ADDR_AS_HEX) dnl dnl Checks the implementation of conntrack with FTP ALGs in combination with dnl NAT, with flow tables that implement the NATing as part of handling of @@ -4265,8 +4265,8 @@ dnl initial incoming packets - ie, the first flow is ct(nat,table=foo). dnl dnl IP_ADDR must specify the NAT address in standard "10.1.1.x" format, dnl and IP_ADDR_AS_HEX must specify the same address as hex, eg 0x0a0101xx. -m4_define([CHECK_FTP_NAT_PRE_RECIRC], [dnl - CHECK_FTP_NAT([prerecirc $1], [10.1.1.10], [10.1.1.20], [10.1.1.20], [dnl +m4_define([CHECK_FTP_SNAT_PRE_RECIRC], [dnl + CHECK_FTP_NAT([SNAT prerecirc $1], [10.1.1.10], [10.1.1.20], [10.1.1.20], [dnl dnl track all IP traffic, de-mangle non-NEW connections table=0 in_port=1, ip, action=ct(table=1,nat) table=0 in_port=2, ip, action=ct(table=2,nat) @@ -4320,7 +4320,7 @@ tcp,orig=(src=10.1.1.20,dst=$2,sport=<cleared>,dport=<cleared>),reply=(src=10.1. ]) dnl Check that ct(nat,table=foo) works without TCP sequence adjustment. -CHECK_FTP_NAT_PRE_RECIRC([], [10.1.1.19], [0x0a010113]) +CHECK_FTP_SNAT_PRE_RECIRC([], [10.1.1.19], [0x0a010113]) dnl Check that ct(nat,table=foo) works with TCP sequence adjustment. dnl @@ -4331,10 +4331,10 @@ dnl of 10.1.1.1 used in the test and 10.1.1.240 here), the FTP NAT ALG must dnl resize the packet and adjust TCP sequence numbers. This test is kept dnl separate from the above to easier identify issues in this code on different dnl kernels. -CHECK_FTP_NAT_PRE_RECIRC([seqadj neg], [10.1.1.9], [0x0a010109]) -CHECK_FTP_NAT_PRE_RECIRC([seqadj pos], [10.1.1.240], [0x0a0101f0]) +CHECK_FTP_SNAT_PRE_RECIRC([seqadj neg], [10.1.1.9], [0x0a010109]) +CHECK_FTP_SNAT_PRE_RECIRC([seqadj pos], [10.1.1.240], [0x0a0101f0]) -dnl CHECK_FTP_NAT_POST_RECIRC(TITLE, IP_ADDR, IP_ADDR_AS_HEX) +dnl CHECK_FTP_SNAT_POST_RECIRC(TITLE, IP_ADDR, IP_ADDR_AS_HEX) dnl dnl Checks the implementation of conntrack with FTP ALGs in combination with dnl NAT, with flow tables that implement the NATing after the first round @@ -4343,8 +4343,8 @@ dnl flow will implement the NATing with ct(nat..),output:foo. dnl dnl IP_ADDR must specify the NAT address in standard "10.1.1.x" format, dnl and IP_ADDR_AS_HEX must specify the same address as hex, eg 0x0a0101xx. -m4_define([CHECK_FTP_NAT_POST_RECIRC], [dnl - CHECK_FTP_NAT([postrecirc $1], [10.1.1.10], [10.1.1.20], [10.1.1.20], [dnl +m4_define([CHECK_FTP_SNAT_POST_RECIRC], [dnl + CHECK_FTP_NAT([SNAT postrecirc $1], [10.1.1.10], [10.1.1.20], [10.1.1.20], [dnl dnl track all IP traffic (this includes a helper call to non-NEW packets.) table=0 ip, action=ct(table=1) dnl @@ -4387,7 +4387,7 @@ tcp,orig=(src=10.1.1.20,dst=$2,sport=<cleared>,dport=<cleared>),reply=(src=10.1. ]) dnl Check that ct(nat,table=foo) works without TCP sequence adjustment. -CHECK_FTP_NAT_POST_RECIRC([], [10.1.1.19], [0x0a010113]) +CHECK_FTP_SNAT_POST_RECIRC([], [10.1.1.19], [0x0a010113]) dnl Check that ct(nat,table=foo) works with TCP sequence adjustment. dnl @@ -4398,11 +4398,11 @@ dnl of 10.1.1.1 used in the test and 10.1.1.240 here), the FTP NAT ALG must dnl resize the packet and adjust TCP sequence numbers. This test is kept dnl separate from the above to easier identify issues in this code on different dnl kernels. -CHECK_FTP_NAT_POST_RECIRC([seqadj neg], [10.1.1.9], [0x0a010109]) -CHECK_FTP_NAT_POST_RECIRC([seqadj pos], [10.1.1.240], [0x0a0101f0]) +CHECK_FTP_SNAT_POST_RECIRC([seqadj neg], [10.1.1.9], [0x0a010109]) +CHECK_FTP_SNAT_POST_RECIRC([seqadj pos], [10.1.1.240], [0x0a0101f0]) -dnl CHECK_FTP_NAT_ORIG_TUPLE(TITLE, IP_ADDR, IP_ADDR_AS_HEX) +dnl CHECK_FTP_SNAT_ORIG_TUPLE(TITLE, IP_ADDR, IP_ADDR_AS_HEX) dnl dnl Checks the implementation of conntrack original direction tuple matching dnl with FTP ALGs in combination with NAT, with flow tables that implement @@ -4412,8 +4412,8 @@ dnl commiting of NATed and other connections with ct(nat..),output:foo. dnl dnl IP_ADDR must specify the NAT address in standard "10.1.1.x" format, dnl and IP_ADDR_AS_HEX must specify the same address as hex, eg 0x0a0101xx. -m4_define([CHECK_FTP_NAT_ORIG_TUPLE], [dnl - CHECK_FTP_NAT([orig tuple $1], [10.1.1.10], [10.1.1.20], [10.1.1.20], [dnl +m4_define([CHECK_FTP_SNAT_ORIG_TUPLE], [dnl + CHECK_FTP_NAT([SNAT orig tuple $1], [10.1.1.10], [10.1.1.20], [10.1.1.20], [dnl dnl Store zone in reg4 and packet direction in reg3 (IN=1, OUT=2). dnl NAT is only applied to OUT-direction packets, so that ACL dnl processing can be done with non-NATted headers. @@ -4519,14 +4519,14 @@ tcp,orig=(src=10.1.1.20,dst=$2,sport=<cleared>,dport=<cleared>),reply=(src=10.1. dnl Check that ct(nat,table=foo) works without TCP sequence adjustment with dnl an ACL table based on matching on conntrack original direction tuple only. -CHECK_FTP_NAT_ORIG_TUPLE([], [10.1.1.19], [0x0a010113]) +CHECK_FTP_SNAT_ORIG_TUPLE([], [10.1.1.19], [0x0a010113]) dnl Check that ct(nat,table=foo) works with TCP sequence adjustment with dnl an ACL table based on matching on conntrack original direction tuple only. -CHECK_FTP_NAT_ORIG_TUPLE([seqadj neg], [10.1.1.9], [0x0a010109]) -CHECK_FTP_NAT_ORIG_TUPLE([seqadj pos], [10.1.1.240], [0x0a0101f0]) +CHECK_FTP_SNAT_ORIG_TUPLE([seqadj neg], [10.1.1.9], [0x0a010109]) +CHECK_FTP_SNAT_ORIG_TUPLE([seqadj pos], [10.1.1.240], [0x0a0101f0]) -AT_SETUP([conntrack - IPv4 FTP Passive with NAT]) +AT_SETUP([conntrack - IPv4 FTP Passive with DNAT]) AT_SKIP_IF([test $HAVE_FTP = no]) CHECK_CONNTRACK() CHECK_CONNTRACK_NAT() @@ -4538,12 +4538,12 @@ ADD_NAMESPACES(at_ns0, at_ns1) ADD_VETH(p0, at_ns0, br0, "10.1.1.1/24") NS_CHECK_EXEC([at_ns0], [ip link set dev p0 address e6:66:c1:11:11:11]) +NS_CHECK_EXEC([at_ns0], [arp -s 10.1.1.240 e6:66:c1:22:22:22]) NS_CHECK_EXEC([at_ns0], [arp -s 10.1.1.2 e6:66:c1:22:22:22]) -ADD_VETH(p1, at_ns1, br0, "10.1.1.2/24") +ADD_VETH(p1, at_ns1, br0, "10.1.1.240/24") NS_CHECK_EXEC([at_ns1], [ip link set dev p1 address e6:66:c1:22:22:22]) NS_CHECK_EXEC([at_ns1], [arp -s 10.1.1.1 e6:66:c1:11:11:11]) -NS_CHECK_EXEC([at_ns1], [arp -s 10.1.1.240 e6:66:c1:11:11:11]) dnl Allow any traffic from ns0->ns1. AT_DATA([flows.txt], [dnl @@ -4554,11 +4554,11 @@ dnl dnl Table 1 dnl dnl Allow new FTP control connections. -table=1 in_port=1 ct_state=+new tcp nw_src=10.1.1.1 tp_dst=21 action=ct(alg=ftp,commit,nat(src=10.1.1.240)),2 +table=1 in_port=1 ct_state=+new tcp nw_src=10.1.1.1 tp_dst=21 action=ct(alg=ftp,commit,nat(dst=10.1.1.240)),2 dnl Allow related TCP connections from port 1. table=1 in_port=1 ct_state=+new+rel tcp nw_src=10.1.1.1 action=ct(commit,nat),2 dnl Allow established TCP connections both ways, post-NAT match. -table=1 in_port=1 ct_state=+est tcp nw_src=10.1.1.240 action=2 +table=1 in_port=1 ct_state=+est tcp nw_dst=10.1.1.240 action=2 table=1 in_port=2 ct_state=+est tcp nw_dst=10.1.1.1 action=1 dnl Allow ICMP both ways. @@ -4570,7 +4570,7 @@ table=1 priority=0, action=drop AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) dnl Check that the stacks working to avoid races. -OVS_WAIT_UNTIL([ip netns exec at_ns0 ping -c 1 10.1.1.2 >/dev/null]) +OVS_WAIT_UNTIL([ip netns exec at_ns0 ping -c 1 10.1.1.240 >/dev/null]) OVS_START_L7([at_ns1], [ftp]) @@ -4579,8 +4579,8 @@ NS_CHECK_EXEC([at_ns0], [wget ftp://10.1.1.2 -t 3 -T 1 --retry-connrefused -v -o dnl Discards CLOSE_WAIT and CLOSING AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl -tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=<cleared>,dport=<cleared>),reply=(src=10.1.1.2,dst=10.1.1.240,sport=<cleared>,dport=<cleared>),protoinfo=(state=<cleared>) -tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=<cleared>,dport=<cleared>),reply=(src=10.1.1.2,dst=10.1.1.240,sport=<cleared>,dport=<cleared>),protoinfo=(state=<cleared>),helper=ftp +tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=<cleared>,dport=<cleared>),reply=(src=10.1.1.240,dst=10.1.1.1,sport=<cleared>,dport=<cleared>),protoinfo=(state=<cleared>) +tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=<cleared>,dport=<cleared>),reply=(src=10.1.1.240,dst=10.1.1.1,sport=<cleared>,dport=<cleared>),protoinfo=(state=<cleared>),helper=ftp ]) OVS_TRAFFIC_VSWITCHD_STOP -- 1.8.3.1 _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
