> > On 4/24/20 9:55 AM, [email protected] wrote: > > From: Numan Siddique <[email protected]> > > > > The commit [1] - 28097d5adb95("Fix tcp_reset action handling") fixed an > > issue > > with tcp_reset OVN action. In order to fix that issue, this commit added > > logical flows to skip all the TCP RST packets from conntrack. > > Ideally it should have skipped only the TCP RST packets generated by > > ovn-controller from conntrack. Since all the TCP RST packets are > > skipped from conntrack, the connections in conntrack remain in > > ESTABLISHED state even if the client/server sends TCP RST to close the > > connection. And these entries live for a long time and this is > > causing performance issues as reported in the BZ. > > > > This patch reverts the logical flows added in [1] and modifies the inner > > actions of tcp_reset in the ingress logical switch pipeline > > from - "tcp_reset { outport <-> inport; output; }" > > to "tcp_reset { output <-> inport; next(pipeline=egress,table=5); }". > > This causes the packet to resubmit to the egress table ls_out_qos_mark > > skipping the egress ACL stage. Prior to this packet, next action was > > not allowing a resubmit from ingress to egress pipeline. This patch > > relaxes this limitation. > > > > For the tcp_reset action in the egress logical switch pipeline, this patch > > modifies the inner action > > from - "tcp_reset { outport <-> inport; next(pipeline=ingress,table=0); }" > > to - "tcp_reset { outport <-> inport; next(pipeline=ingress,table=19); }". > > This causes the packet to enter the ingress table ls_in_l2_lkup. > > > > We don't see similar conntrack leaks with UDP. Although there is an issue > > with the acl reject action for UDP packets. When ovn-controller generates > > icmp > > destination unreachable packet, it doesn't get delivered. And the IP > > checksum is > > incorrect in this packet. A follow up patch will fix these issues. > > > > [1] - 28097d5adb95("Fix tcp_reset action handling") > > > > Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=1819785 > > Co-Authored-by: Tim Rozet <[email protected]> > > Signed-off-by: Tim Rozet <[email protected]> > > Signed-off-by: Numan Siddique <[email protected]>
Acked-by: Lorenzo Bianconi <[email protected]> > > Hi Numan, > > Looks good to me. Only a question inline regarding options for avoiding > hardcoding table IDs. Except for that: > > Acked-by: Dumitru Ceara <[email protected]> > > Thanks, > Dumitru > > > --- > > lib/actions.c | 6 +- > > northd/ovn-northd.8.xml | 8 ++ > > northd/ovn-northd.c | 14 ++-- > > ovn-sb.xml | 10 ++- > > tests/automake.mk | 3 +- > > tests/ovn.at | 6 +- > > tests/system-ovn.at | 170 +++++++++++++++++++++++++++++++++++----- > > tests/test-tcp-rst.py | 37 +++++++++ > > 8 files changed, 216 insertions(+), 38 deletions(-) > > create mode 100644 tests/test-tcp-rst.py > > > > diff --git a/lib/actions.c b/lib/actions.c > > index c19813de0..91619c889 100644 > > --- a/lib/actions.c > > +++ b/lib/actions.c > > @@ -319,11 +319,7 @@ parse_NEXT(struct action_context *ctx) > > } > > } > > > > - if (pipeline == OVNACT_P_EGRESS && ctx->pp->pipeline == > > OVNACT_P_INGRESS) { > > - lexer_error(ctx->lexer, > > - "\"next\" action cannot advance from ingress to egress > > " > > - "pipeline (use \"output\" action instead)"); > > - } else if (table >= ctx->pp->n_tables) { > > + if (table >= ctx->pp->n_tables) { > > lexer_error(ctx->lexer, > > "\"next\" action cannot advance beyond table %d.", > > ctx->pp->n_tables - 1); > > diff --git a/northd/ovn-northd.8.xml b/northd/ovn-northd.8.xml > > index efcc4b7fc..d39e259f6 100644 > > --- a/northd/ovn-northd.8.xml > > +++ b/northd/ovn-northd.8.xml > > @@ -373,6 +373,14 @@ > > for new connections and <code>reg0[1] = 1; next;</code> for > > existing > > connections. > > </li> > > + <li> > > + <code>reject</code> ACLs translate into logical > > + flows with the > > + <code>tcp_reset { output <-> inport; > > + next(pipeline=egress,table=5);}</code> > > + action for TCP connections and <code>icmp4/icmp6</code> action > > + for UDP connections. > > + </li> > > <li> > > Other ACLs translate to <code>drop;</code> for new or untracked > > connections and <code>ct_commit(ct_label=1/1);</code> for known > > diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c > > index c4675bd68..f8ae155a2 100644 > > --- a/northd/ovn-northd.c > > +++ b/northd/ovn-northd.c > > @@ -4721,11 +4721,11 @@ build_pre_acls(struct ovn_datapath *od, struct hmap > > *lflows) > > * unreachable packets. */ > > ovn_lflow_add(lflows, od, S_SWITCH_IN_PRE_ACL, 110, > > "nd || nd_rs || nd_ra || icmp4.type == 3 || " > > - "icmp6.type == 1 || (tcp && tcp.flags == 20) || " > > + "icmp6.type == 1 || " > > "(udp && udp.src == 546 && udp.dst == 547)", > > "next;"); > > ovn_lflow_add(lflows, od, S_SWITCH_OUT_PRE_ACL, 110, > > "nd || nd_rs || nd_ra || icmp4.type == 3 || " > > - "icmp6.type == 1 || (tcp && tcp.flags == 20) ||" > > + "icmp6.type == 1 || " > > "(udp && udp.src == 546 && udp.dst == 547)", > > "next;"); > > > > /* Ingress and Egress Pre-ACL Table (Priority 100). > > @@ -4838,11 +4838,11 @@ build_pre_lb(struct ovn_datapath *od, struct hmap > > *lflows, > > /* Do not send ND packets to conntrack */ > > ovn_lflow_add(lflows, od, S_SWITCH_IN_PRE_LB, 110, > > "nd || nd_rs || nd_ra || icmp4.type == 3 ||" > > - "icmp6.type == 1 || (tcp && tcp.flags == 20)", > > + "icmp6.type == 1", > > "next;"); > > ovn_lflow_add(lflows, od, S_SWITCH_OUT_PRE_LB, 110, > > "nd || nd_rs || nd_ra || icmp4.type == 3 ||" > > - "icmp6.type == 1 || (tcp && tcp.flags == 20)", > > + "icmp6.type == 1", > > "next;"); > > > > /* Do not send service monitor packets to conntrack. */ > > @@ -4988,7 +4988,8 @@ build_reject_acl_rules(struct ovn_datapath *od, > > struct hmap *lflows, > > ds_put_format(&actions, "reg0 = 0; " > > "eth.dst <-> eth.src; ip4.dst <-> ip4.src; " > > "tcp_reset { outport <-> inport; %s };", > > - ingress ? "output;" : "next(pipeline=ingress,table=0);"); > > + ingress ? "next(pipeline=egress,table=5);" > > + : "next(pipeline=ingress,table=19);"); > > Do you think there's a way we could avoid hardcoding the table numbers? > I'm thinking of the case when a stage is added/deleted and the > ls_out_qos_mark/"ls_in_l2_lkup" end up having different table ids. I > don't think a macro definition is enough as that still needs updating > every time a table is added/deleted. > > > ovn_lflow_add_with_hint(lflows, od, stage, > > acl->priority + OVN_ACL_PRI_OFFSET + 10, > > ds_cstr(&match), ds_cstr(&actions), > > stage_hint); > > @@ -5002,7 +5003,8 @@ build_reject_acl_rules(struct ovn_datapath *od, > > struct hmap *lflows, > > ds_put_format(&actions, "reg0 = 0; " > > "eth.dst <-> eth.src; ip6.dst <-> ip6.src; " > > "tcp_reset { outport <-> inport; %s };", > > - ingress ? "output;" : "next(pipeline=ingress,table=0);"); > > + ingress ? "next(pipeline=egress,table=5);" > > + : "next(pipeline=ingress,table=19);"); > > Same question as above. > > > ovn_lflow_add_with_hint(lflows, od, stage, > > acl->priority + OVN_ACL_PRI_OFFSET + 10, > > ds_cstr(&match), ds_cstr(&actions), > > stage_hint); > > diff --git a/ovn-sb.xml b/ovn-sb.xml > > index 5f8da534c..3aa7cd4da 100644 > > --- a/ovn-sb.xml > > +++ b/ovn-sb.xml > > @@ -1112,10 +1112,12 @@ > > <var>pipeline</var> as a subroutine. The default > > <var>table</var> is > > just after the current one. If <var>pipeline</var> is > > specified, it > > may be <code>ingress</code> or <code>egress</code>; the default > > - <var>pipeline</var> is the one currently executing. Actions in > > the > > - ingress pipeline may not use <code>next</code> to jump into the > > - egress pipeline (use the <code>output</code> instead), but > > - transitions in the opposite direction are allowed. > > + <var>pipeline</var> is the one currently executing. Actions in > > the > > + both ingress and egress pipeline can use <code>next</code> to > > jump > > + across the other pipeline. Actions in the ingress pipeline > > should > > + use <code>next</code> to jump into the specific table of egress > > + pipeline only if it is certain that the packets are local and not > > + tunnelled and wants to skip certain stages in the packet > > processing. > > </dd> > > > > <dt><code><var>field</var> = <var>constant</var>;</code></dt> > > diff --git a/tests/automake.mk b/tests/automake.mk > > index 215fb432b..ed530dd77 100644 > > --- a/tests/automake.mk > > +++ b/tests/automake.mk > > @@ -205,7 +205,8 @@ tests_ovstest_LDADD = $(OVS_LIBDIR)/libopenvswitch.la > > lib/libovn.la > > # Python tests. > > CHECK_PYFILES = \ > > tests/test-l7.py \ > > - tests/uuidfilt.py > > + tests/uuidfilt.py \ > > + tests/test-tcp-rst.py > > > > EXTRA_DIST += $(CHECK_PYFILES) > > PYCOV_CLEAN_FILES += $(CHECK_PYFILES:.py=.py,cover) .coverage > > diff --git a/tests/ovn.at b/tests/ovn.at > > index 2a7ee7528..b00670816 100644 > > --- a/tests/ovn.at > > +++ b/tests/ovn.at > > @@ -852,7 +852,11 @@ next(pipeline=ingress, table=11); > > encodes as resubmit(,19) > > > > next(pipeline=egress); > > - "next" action cannot advance from ingress to egress pipeline (use > > "output" action instead) > > + formats as next(pipeline=egress, table=11); > > + encodes as resubmit(,51) > > + > > +next(pipeline=egress, table=5); > > + encodes as resubmit(,45) > > > > next(table=10); > > formats as next(10); > > diff --git a/tests/system-ovn.at b/tests/system-ovn.at > > index bdb9768d2..3b11cf92b 100644 > > --- a/tests/system-ovn.at > > +++ b/tests/system-ovn.at > > @@ -3719,60 +3719,86 @@ start_daemon ovn-controller > > > > ovn-nbctl ls-add sw0 > > > > -ovn-nbctl lsp-add sw0 sw0-p1 > > -ovn-nbctl lsp-set-addresses sw0-p1 "50:54:00:00:00:03 10.0.0.3 aef0::3" > > -ovn-nbctl lsp-set-port-security sw0-p1 "50:54:00:00:00:03 10.0.0.3 aef0::3" > > +ovn-nbctl lsp-add sw0 sw0-p1-rej > > +ovn-nbctl lsp-set-addresses sw0-p1-rej "50:54:00:00:00:03 10.0.0.3 aef0::3" > > +ovn-nbctl lsp-set-port-security sw0-p1-rej "50:54:00:00:00:03 10.0.0.3 > > aef0::3" > > > > -ovn-nbctl lsp-add sw0 sw0-p2 > > -ovn-nbctl lsp-set-addresses sw0-p2 "50:54:00:00:00:04 10.0.0.4 aef0::4" > > -ovn-nbctl lsp-set-port-security sw0-p2 "50:54:00:00:00:04 10.0.0.4 aef0::4" > > +ovn-nbctl lsp-add sw0 sw0-p2-rej > > +ovn-nbctl lsp-set-addresses sw0-p2-rej "50:54:00:00:00:04 10.0.0.4 aef0::4" > > +ovn-nbctl lsp-set-port-security sw0-p2-rej "50:54:00:00:00:04 10.0.0.4 > > aef0::4" > > + > > +#ovn-nbctl --log acl-add sw0 from-lport 1000 "inport == \"sw0-p1\" && tcp > > && tcp.dst == 80" reject > > +#ovn-nbctl --log acl-add sw0 from-lport 1000 "inport == \"sw0-p2\" && ip6 > > && tcp && tcp.dst == 80" reject > > + > > +# Create port group and ACLs for sw0 ports. > > +ovn-nbctl pg-add pg0_drop sw0-p1-rej sw0-p2-rej > > +ovn-nbctl acl-add pg0_drop from-lport 1001 "inport == @pg0_drop && ip" drop > > +ovn-nbctl acl-add pg0_drop to-lport 1001 "outport == @pg0_drop && ip" drop > > + > > +ovn-nbctl pg-add pg0 sw0-p1-rej sw0-p2-rej > > +ovn-nbctl acl-add pg0 from-lport 1002 "inport == @pg0 && ip4" allow-related > > +ovn-nbctl --log acl-add pg0 from-lport 1004 "inport == @pg0 && ip && tcp > > && tcp.dst == 80" reject > > > > -ovn-nbctl --log acl-add sw0 from-lport 1000 "inport == \"sw0-p1\" && tcp > > && tcp.dst == 80" reject > > -ovn-nbctl --log acl-add sw0 from-lport 1000 "inport == \"sw0-p2\" && ip6 > > && tcp && tcp.dst == 80" reject > > +ovn-nbctl acl-add pg0 to-lport 1002 "outport == @pg0 && ip4 && ip4.src == > > 0.0.0.0/0 && icmp4" allow-related > > +ovn-nbctl acl-add pg0 to-lport 1002 "outport == @pg0 && ip4 && ip4.src == > > 0.0.0.0/0 && tcp && tcp.dst == 82" allow-related > > +ovn-nbctl acl-add pg0 to-lport 1002 "outport == @pg0 && ip4 && ip4.src == > > 0.0.0.0/0 && udp && udp.dst == 82" allow-related > > +ovn-nbctl --log acl-add pg0 to-lport 1004 "inport == @pg0 && ip && tcp && > > tcp.dst == 84" reject > > > > OVN_POPULATE_ARP > > ovn-nbctl --wait=hv sync > > > > -ADD_NAMESPACES(sw0-p1) > > -ADD_VETH(sw0-p1, sw0-p1, br-int, "10.0.0.3/24", "50:54:00:00:00:03", \ > > +ADD_NAMESPACES(sw0-p1-rej) > > +ADD_VETH(sw0-p1-rej, sw0-p1-rej, br-int, "10.0.0.3/24", > > "50:54:00:00:00:03", \ > > "10.0.0.1") > > > > -ADD_NAMESPACES(sw0-p2) > > -ADD_VETH(sw0-p2, sw0-p2, br-int, "10.0.0.4/24", "50:54:00:00:00:04", \ > > +ADD_NAMESPACES(sw0-p2-rej) > > +ADD_VETH(sw0-p2-rej, sw0-p2-rej, br-int, "10.0.0.4/24", > > "50:54:00:00:00:04", \ > > "10.0.0.1") > > > > -NS_CHECK_EXEC([sw0-p1], [ip a a aef0::3/64 dev sw0-p1], [0]) > > -NS_CHECK_EXEC([sw0-p2], [ip a a aef0::4/64 dev sw0-p2], [0]) > > +NS_CHECK_EXEC([sw0-p1-rej], [ip a a aef0::3/64 dev sw0-p1-rej], [0]) > > +NS_CHECK_EXEC([sw0-p2-rej], [ip a a aef0::4/64 dev sw0-p2-rej], [0]) > > > > -# Capture packets in sw0-p1. > > -NS_CHECK_EXEC([sw0-p1], [tcpdump -n -c 2 -i sw0-p1 tcp port 80 > > > sw0-p1-ip4.pcap &], [0]) > > +# Capture packets in sw0-p1-rej. > > +NS_CHECK_EXEC([sw0-p1-rej], [tcpdump -n -c 2 -i sw0-p1-rej tcp port 80 > > > sw0-p1-rej-ip4.pcap &], [0]) > > sleep 1 > > > > -NS_CHECK_EXEC([sw0-p1], [nc 10.0.0.4 80], [1], [], > > +NS_CHECK_EXEC([sw0-p1-rej], [nc 10.0.0.4 80], [1], [], > > [dnl > > Ncat: Connection refused. > > ]) > > > > OVS_WAIT_UNTIL([ > > - total=`cat sw0-p1-ip4.pcap | wc -l` > > + total=`cat sw0-p1-rej-ip4.pcap | wc -l` > > echo "total = $total" > > test "${total}" = "2" > > ]) > > > > +# Now send traffic to port 84 > > +NS_CHECK_EXEC([sw0-p1-rej], [nc 10.0.0.4 84], [1], [], > > +[dnl > > +Ncat: Connection refused. > > +]) > > + > > +AT_CHECK([ > > + n_pkt=$(ovs-ofctl dump-flows br-int table=44 | grep -v n_packets=0 | \ > > +grep controller | grep tp_dst=84 -c) > > + test $n_pkt -eq 1 > > +]) > > + > > # Without this sleep, test case fails intermittently. > > sleep 3 > > > > -NS_CHECK_EXEC([sw0-p2], [tcpdump -n -c 2 -i sw0-p2 tcp port 80 > > > sw0-p2-ip6.pcap &], [0]) > > +NS_CHECK_EXEC([sw0-p2-rej], [tcpdump -n -c 2 -i sw0-p2-rej tcp port 80 > > > sw0-p2-rej-ip6.pcap &], [0]) > > > > sleep 1 > > > > -NS_CHECK_EXEC([sw0-p2], [nc -6 aef0::3 80], [1], [], > > +NS_CHECK_EXEC([sw0-p2-rej], [nc -6 aef0::3 80], [1], [], > > [dnl > > Ncat: Connection refused. > > ]) > > > > OVS_WAIT_UNTIL([ > > - total=`cat sw0-p2-ip6.pcap | wc -l` > > + total=`cat sw0-p2-rej-ip6.pcap | wc -l` > > echo "total = $total" > > test "${total}" = "2" > > ]) > > @@ -3936,3 +3962,105 @@ as > > OVS_TRAFFIC_VSWITCHD_STOP(["/.*error receiving.*/d > > /.*terminating with signal 15.*/d"]) > > AT_CLEANUP > > + > > +# Tests that when an established connection sends TCP reset, > > +# the conntrack entry is not in established state. > > +AT_SETUP([ovn -- conntrack TCP reset]) > > +AT_KEYWORDS([conntrack]) > > +ovn_start > > + > > +OVS_TRAFFIC_VSWITCHD_START() > > +ADD_BR([br-int]) > > + > > +# Set external-ids in br-int needed for ovn-controller > > +ovs-vsctl \ > > + -- set Open_vSwitch . external-ids:system-id=hv1 \ > > + -- set Open_vSwitch . > > external-ids:ovn-remote=unix:$ovs_base/ovn-sb/ovn-sb.sock \ > > + -- set Open_vSwitch . external-ids:ovn-encap-type=geneve \ > > + -- set Open_vSwitch . external-ids:ovn-encap-ip=169.0.0.1 \ > > + -- set bridge br-int fail-mode=secure > > other-config:disable-in-band=true > > + > > +# Start ovn-controller > > +start_daemon ovn-controller > > + > > +ovn-nbctl ls-add sw0 > > + > > +ovn-nbctl lsp-add sw0 rst-p1 > > +ovn-nbctl lsp-set-addresses rst-p1 "50:54:00:00:00:03" > > +ovn-nbctl lsp-set-port-security rst-p1 "50:54:00:00:00:03" > > + > > +ovn-nbctl lsp-add sw0 rst-p2 > > +ovn-nbctl lsp-set-addresses rst-p2 "50:54:00:00:00:04 10.0.0.4" > > +ovn-nbctl lsp-set-port-security rst-p2 "50:54:00:00:00:04 10.0.0.4" > > + > > +# Create port group and ACLs for sw0 ports. > > +ovn-nbctl pg-add pg0_drop rst-p1 rst-p2 > > +ovn-nbctl acl-add pg0_drop from-lport 1001 "inport == @pg0_drop && ip" drop > > +ovn-nbctl acl-add pg0_drop to-lport 1001 "outport == @pg0_drop && ip" drop > > + > > +ovn-nbctl pg-add pg0 rst-p1 rst-p2 > > +ovn-nbctl acl-add pg0 from-lport 1002 "inport == @pg0 && ip4" allow-related > > +ovn-nbctl acl-add pg0 to-lport 1002 "outport == @pg0 && ip4 && ip4.src == > > 0.0.0.0/0 && icmp4" allow-related > > +ovn-nbctl acl-add pg0 to-lport 1002 "outport == @pg0 && ip4 && ip4.src == > > 0.0.0.0/0 && tcp && tcp.dst == 80" allow-related > > +ovn-nbctl acl-add pg0 to-lport 1002 "outport == @pg0 && ip4 && ip4.src == > > 0.0.0.0/0 && udp && udp.dst == 80" allow-related > > + > > +# Create a logical router and attach to logical switch. > > +ovn-nbctl lr-add lr0 > > +ovn-nbctl lrp-add lr0 lr0-sw0 00:00:00:00:ff:01 10.0.0.1/24 > > +ovn-nbctl lsp-add sw0 sw0-lr0 > > +ovn-nbctl lsp-set-type sw0-lr0 router > > +ovn-nbctl lsp-set-addresses sw0-lr0 router > > +ovn-nbctl lsp-set-options sw0-lr0 router-port=lr0-sw0 > > + > > +ovn-nbctl lb-add lb1 10.0.0.10:80 10.0.0.3:80 > > +ovn-nbctl --wait=sb ls-lb-add sw0 lb1 > > +ovn-nbctl --wait=sb lr-lb-add lr0 lb1 > > + > > +OVN_POPULATE_ARP > > +ovn-nbctl --wait=hv sync > > + > > +ADD_NAMESPACES(rst-p1) > > +ADD_VETH(rst-p1, rst-p1, br-int, "10.0.0.3/24", "50:54:00:00:00:03", \ > > + "10.0.0.1") > > + > > +ADD_NAMESPACES(rst-p2) > > +ADD_VETH(rst-p2, rst-p2, br-int, "10.0.0.4/24", "50:54:00:00:00:04", \ > > + "10.0.0.1") > > + > > +OVS_WAIT_UNTIL([test x$(ovn-nbctl lsp-get-up rst-p1) = xup]) > > +OVS_WAIT_UNTIL([test x$(ovn-nbctl lsp-get-up rst-p2) = xup]) > > + > > +# Start webservers in 'rst-p1'. > > +OVS_START_L7([rst-p1], [http]) > > + > > +NS_CHECK_EXEC([rst-p2], [$PYTHON $srcdir/test-tcp-rst.py --dst-port 80 > > --dst-ip 10.0.0.10]) > > + > > +# When tcp reset is sent, conntrack entry should be in the state - CLOSED > > or CLOSING. > > +# But there is a bug where tcp reset packet was not sent to the conntrack. > > +# This test case checks that the tcp reset packet is sent to conntrack > > +# and the state is not in established state. > > +AT_CHECK([ > > + ct_est_count=$(ovs-appctl dpctl/dump-conntrack | grep 10.0.0.10 | grep > > state=ESTABLISHED -c) > > + test $ct_est_count -eq 0 > > + > > + ct_est_count=$(ovs-appctl dpctl/dump-conntrack | grep 10.0.0.10 | grep > > state=CLOS -c) > > + test $ct_est_count -eq 1 > > +]) > > + > > +OVS_APP_EXIT_AND_WAIT([ovn-controller]) > > + > > +as ovn-sb > > +OVS_APP_EXIT_AND_WAIT([ovsdb-server]) > > + > > +as ovn-nb > > +OVS_APP_EXIT_AND_WAIT([ovsdb-server]) > > + > > +as northd > > +OVS_APP_EXIT_AND_WAIT([ovn-northd]) > > + > > +as > > +OVS_TRAFFIC_VSWITCHD_STOP(["/failed to query port patch-.*/d > > +/connection dropped.*/d > > +/Service monitor not found.*/d"]) > > + > > +AT_CLEANUP > > diff --git a/tests/test-tcp-rst.py b/tests/test-tcp-rst.py > > new file mode 100644 > > index 000000000..6f96c5706 > > --- /dev/null > > +++ b/tests/test-tcp-rst.py > > @@ -0,0 +1,37 @@ > > +#!/usr/bin/env python3 > > +# Copyright (c) 2020 Red Hat, Inc. > > +# > > +# Licensed under the Apache License, Version 2.0 (the "License"); > > +# you may not use this file except in compliance with the License. > > +# You may obtain a copy of the License at: > > +# > > +# http://www.apache.org/licenses/LICENSE-2.0 > > +# > > +# Unless required by applicable law or agreed to in writing, software > > +# distributed under the License is distributed on an "AS IS" BASIS, > > +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. > > +# See the License for the specific language governing permissions and > > +# limitations under the License. > > + > > +# Simple python script which connects to tcp server and then > > +# resets the connection. > > +import argparse > > +import socket > > +import sys > > +import struct > > +import time > > + > > +parser = argparse.ArgumentParser(description='') > > +parser.add_argument("--src-port", type=int, default=11337, help="source > > port to use") > > +parser.add_argument("--dst-port", type=int, help="dst port to use") > > +parser.add_argument("--dst-ip", help="server ip to use") > > +args = parser.parse_args() > > +sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) > > +server_address = (args.dst_ip, args.dst_port) > > +sock.bind(('0.0.0.0', args.src_port)) > > +sock.connect(server_address) > > +l_onoff = 1 > > +l_linger = 0 > > +time.sleep(1) > > +sock.setsockopt(socket.SOL_SOCKET, socket.SO_LINGER, struct.pack('ii', > > l_onoff, l_linger)) > > +sock.close() > > > > _______________________________________________ > dev mailing list > [email protected] > https://mail.openvswitch.org/mailman/listinfo/ovs-dev > _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
