On 3/1/24 12:37, Ilya Maximets wrote: > With a new runner update, GitHub Actions had a kernel update. > And it seems like something changed between kernels 6.2 and 6.5 > so this test now fails very frequently. > > I can reproduce the same issue on RHEL 9, and I can't reproduce > it on Ubuntu 23.04 (kernel 6.2). > > The test is creating a NAT with a single address+port pair in > an attempt to simulate an address space exhaustion. It is > expected that a first connection with wget leaves a conntrack > entry in a TIME_WAIT state and the second wget should fail > as long as this entry remains, because the only available > address+port pair is already taken. > > However, for some reason, very frequently (not always!) the > second connection replaces the first conntrack entry with a > new one and connection succeeds. There is still only one > connection in the conntrack at any single moment in time, so > there is seemingly no issue with the NAT, but the behavior > is unexpected and the test fails. > > Disable the test in CI until we figure out how to fix the > kernel (if it is a kernel bug) or the test.
Marcelo pointed out the following change that went into 6.5 kernel: https://lore.kernel.org/netdev/20230626064749.75525-7-pa...@netfilter.org/ It looks like this test is not going to work anymore as new connections are now allowed to evict closing ones on collisions. We need to re-think the test, i.e. we have to keep the first connection open while we're trying to make the second one, so it is not evicted. > > Signed-off-by: Ilya Maximets <i.maxim...@ovn.org> > --- > tests/system-traffic.at | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/tests/system-traffic.at b/tests/system-traffic.at > index 98e494abf..07d09b912 100644 > --- a/tests/system-traffic.at > +++ b/tests/system-traffic.at > @@ -6388,6 +6388,7 @@ OVS_TRAFFIC_VSWITCHD_STOP > AT_CLEANUP > > AT_SETUP([conntrack - SNAT with port range with exhaustion]) > +OVS_CHECK_GITHUB_ACTION() > CHECK_CONNTRACK() > CHECK_CONNTRACK_NAT() > OVS_TRAFFIC_VSWITCHD_START() _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
