Ilya Maximets <[email protected]> writes: > On 10/9/24 22:28, Aaron Conole wrote: >> Paolo Valerio <[email protected]> writes: >> >>> As Long reported, kernels built without CONFIG_NETFILTER_CONNCOUNT >>> result in the unexpected failure of the following tests: >>> >>> conntrack - multiple zones, local >>> conntrack - multi-stage pipeline, local >>> conntrack - can match and clear ct_state from outside OVS >>> >>> this happens because the nf_conncount turns on connection tracking and >>> the above tests rely on this side effect. However, this behavior may >>> be corrected in the kernel, which could, in turn, cause the tests to >>> fail. >>> >>> The patch removes the assumption by adding iptables rules to attach >>> an nf_conn template to the skb resulting tracked once hit the OvS >>> pipeline. >>> >>> While at it, introduce $HAVE_IPTABLES and skip tests if iptables >>> binary is not present. >>> >>> Reported-by: Xin Long <[email protected]> >>> Reported-at: https://issues.redhat.com/browse/FDP-708 >>> Signed-off-by: Paolo Valerio <[email protected]> >>> Acked-by: Eelco Chaudron <[email protected]> >>> --- >> >> Thanks to Paolo, Simon, and Eelco - merged. > > Thanks, Aaron! AFAIU, we need these changes on all supported branches. > Could you, please, check and backport?
Will do. > Best regards, Ilya Maximets. _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
