On 10/9/24 22:28, Aaron Conole wrote: > Paolo Valerio <[email protected]> writes: > >> As Long reported, kernels built without CONFIG_NETFILTER_CONNCOUNT >> result in the unexpected failure of the following tests: >> >> conntrack - multiple zones, local >> conntrack - multi-stage pipeline, local >> conntrack - can match and clear ct_state from outside OVS >> >> this happens because the nf_conncount turns on connection tracking and >> the above tests rely on this side effect. However, this behavior may >> be corrected in the kernel, which could, in turn, cause the tests to >> fail. >> >> The patch removes the assumption by adding iptables rules to attach >> an nf_conn template to the skb resulting tracked once hit the OvS >> pipeline. >> >> While at it, introduce $HAVE_IPTABLES and skip tests if iptables >> binary is not present. >> >> Reported-by: Xin Long <[email protected]> >> Reported-at: https://issues.redhat.com/browse/FDP-708 >> Signed-off-by: Paolo Valerio <[email protected]> >> Acked-by: Eelco Chaudron <[email protected]> >> --- > > Thanks to Paolo, Simon, and Eelco - merged.
Thanks, Aaron! AFAIU, we need these changes on all supported branches. Could you, please, check and backport? Best regards, Ilya Maximets. _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
