On 10/15/25 9:41 AM, Xavier Simonart via dev wrote: > Hi Mark, Jacob > > @Mark Thanks for the review. To be fair, I first tried a few nc options > before finding this way. > @Jacob Thanks for the review. I had a check and do not think that any other > test in system-ovn can hit a similar issue. The other tests which use nc -z > (or nc -6 -z) either do not check conntrack, or every packet (starting from > SYN) should go to conntrack. >
Hi Xavier, Mark, Jacob, Thanks for the patch and reviews! Applied to main and all stable branches down to 24.09. It didn't apply cleanly on 24.03 so I didn't backport it there. Regards, Dumitru > Thanks > Xavier > > On Tue, Oct 14, 2025 at 5:01 PM Jacob Tanenbaum <[email protected]> wrote: > >> This looks good to me. There are other tests in system-ovn.at that use >> the same method with 'nc -z' to build conntrack entries. Do those tests >> flake the same way? Might there be a benefit to proactively change them if >> they are not flaking? >> >> Thanks >> Jacob Tanenbaum >> >> Acked-by: Jacob Tanenbaum <[email protected]> >> >> On Mon, Oct 13, 2025 at 4:40 PM Mark Michelson via dev < >> [email protected]> wrote: >> >>> Thanks for fixing this Xavier. I had no idea you could use that syntax >>> to put a time gap between sending packets with nc. Thanks for teaching >>> me something! >>> >>> Acked-by: Mark Michelson <[email protected]> >>> >>> On Mon, Oct 13, 2025 at 9:16 AM Xavier Simonart via dev >>> <[email protected]> wrote: >>>> >>>> When a nc connection is established on client side, the client >>>> (using -z) was immediately closing the connection (sending FIN/ACK). >>>> As a result, the server was either sending ACK and FIN/ACK, or >>>> was also sometimes only sending FIN/ACK. >>>> Only ACK (and neither SYN/ACK nor FIN/ACK) causes the connection to >>>> be committed in conntrack. >>>> Fix this by having the client send a Packet, then wait some time >>>> before sending FIN/ACK. >>>> >>>> Reported-at: https://issues.redhat.com/browse/FDP-1026 >>>> Signed-off-by: Xavier Simonart <[email protected]> >>>> --- >>>> tests/system-ovn.at | 8 ++++---- >>>> 1 file changed, 4 insertions(+), 4 deletions(-) >>>> >>>> diff --git a/tests/system-ovn.at b/tests/system-ovn.at >>>> index df5bd716d..16848ec4a 100644 >>>> --- a/tests/system-ovn.at >>>> +++ b/tests/system-ovn.at >>>> @@ -6505,7 +6505,7 @@ NS_CHECK_EXEC([bob1], [ip r d default via >>> 172.16.0.2 dev bob1], [0]) >>>> NS_CHECK_EXEC([bob1], [ip r a default via 172.16.0.3 dev bob1], [0]) >>>> >>>> NETNS_DAEMONIZE([bob1], [nc -l -k 8080], [bob1.pid]) >>>> -NS_CHECK_EXEC([alice1], [nc -z 172.16.0.1 8080], [0]) >>>> +NS_CHECK_EXEC([alice1], [(echo "Packet 1"; sleep 1; echo "Packet 2") | >>> nc 172.16.0.1 8080], [0]) >>>> NS_CHECK_EXEC([alice1], [ping -q -c 3 -i 0.3 -w 2 172.16.0.1 | >>> FORMAT_PING], \ >>>> [0], [dnl >>>> 3 packets transmitted, 3 received, 0% packet loss, time 0ms >>>> @@ -6522,7 +6522,7 @@ check ovn-nbctl --policy="src-ip" lr-route-del R1 >>> 10.0.0.0/24 20.0.0.3 >>>> check ovn-nbctl --wait=hv sync >>>> AT_CHECK([ovs-appctl dpctl/flush-conntrack]) >>>> NETNS_DAEMONIZE([bob1], [nc -l -k 8081], [bob2.pid]) >>>> -NS_CHECK_EXEC([alice1], [nc -z 172.16.0.1 8081], [0]) >>>> +NS_CHECK_EXEC([alice1], [(echo "Packet 1"; sleep 1; echo "Packet 2") | >>> nc 172.16.0.1 8081], [0]) >>>> NS_CHECK_EXEC([alice1], [ping -q -c 3 -i 0.3 -w 2 172.16.0.1 | >>> FORMAT_PING], \ >>>> [0], [dnl >>>> 3 packets transmitted, 3 received, 0% packet loss, time 0ms >>>> @@ -6737,7 +6737,7 @@ test $(ovs-ofctl dump-flows br-int | grep -c >>> 'table=OFTABLE_ECMP_NH, n_packets') >>>> AT_CHECK([ovs-appctl dpctl/flush-conntrack]) >>>> >>>> NETNS_DAEMONIZE([bob1], [nc -6 -l -k 8080], [bob1.pid]) >>>> -NS_CHECK_EXEC([alice1], [nc -6 -z fd07::1 8080], [0]) >>>> +NS_CHECK_EXEC([alice1], [(echo "Packet 1"; sleep 1; echo "Packet 2") | >>> nc -6 fd07::1 8080], [0]) >>>> NS_CHECK_EXEC([alice1], [ping -q -c 3 -i 0.3 -w 2 fd07::1 | >>> FORMAT_PING], \ >>>> [0], [dnl >>>> 3 packets transmitted, 3 received, 0% packet loss, time 0ms >>>> @@ -6754,7 +6754,7 @@ check ovn-nbctl --policy="src-ip" lr-route-del R1 >>> fd01::/126 fd02::3 >>>> check ovn-nbctl --wait=hv sync >>>> AT_CHECK([ovs-appctl dpctl/flush-conntrack]) >>>> NETNS_DAEMONIZE([bob1], [nc -6 -l -k 8081], [bob2.pid]) >>>> -NS_CHECK_EXEC([alice1], [nc -6 -z fd07::1 8081], [0]) >>>> +NS_CHECK_EXEC([alice1], [(echo "Packet 1"; sleep 1; echo "Packet 2") | >>> nc -6 fd07::1 8081], [0]) >>>> NS_CHECK_EXEC([alice1], [ping -q -c 3 -i 0.3 -w 2 fd07::1 | >>> FORMAT_PING], \ >>>> [0], [dnl >>>> 3 packets transmitted, 3 received, 0% packet loss, time 0ms >>>> -- >>>> 2.47.1 >>>> >>>> _______________________________________________ >>>> dev mailing list >>>> [email protected] >>>> https://mail.openvswitch.org/mailman/listinfo/ovs-dev >>>> >>> >>> _______________________________________________ >>> dev mailing list >>> [email protected] >>> https://mail.openvswitch.org/mailman/listinfo/ovs-dev >>> >> > _______________________________________________ > dev mailing list > [email protected] > https://mail.openvswitch.org/mailman/listinfo/ovs-dev _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
