Hi Mark, Jacob @Mark Thanks for the review. To be fair, I first tried a few nc options before finding this way. @Jacob Thanks for the review. I had a check and do not think that any other test in system-ovn can hit a similar issue. The other tests which use nc -z (or nc -6 -z) either do not check conntrack, or every packet (starting from SYN) should go to conntrack.
Thanks Xavier On Tue, Oct 14, 2025 at 5:01 PM Jacob Tanenbaum <[email protected]> wrote: > This looks good to me. There are other tests in system-ovn.at that use > the same method with 'nc -z' to build conntrack entries. Do those tests > flake the same way? Might there be a benefit to proactively change them if > they are not flaking? > > Thanks > Jacob Tanenbaum > > Acked-by: Jacob Tanenbaum <[email protected]> > > On Mon, Oct 13, 2025 at 4:40 PM Mark Michelson via dev < > [email protected]> wrote: > >> Thanks for fixing this Xavier. I had no idea you could use that syntax >> to put a time gap between sending packets with nc. Thanks for teaching >> me something! >> >> Acked-by: Mark Michelson <[email protected]> >> >> On Mon, Oct 13, 2025 at 9:16 AM Xavier Simonart via dev >> <[email protected]> wrote: >> > >> > When a nc connection is established on client side, the client >> > (using -z) was immediately closing the connection (sending FIN/ACK). >> > As a result, the server was either sending ACK and FIN/ACK, or >> > was also sometimes only sending FIN/ACK. >> > Only ACK (and neither SYN/ACK nor FIN/ACK) causes the connection to >> > be committed in conntrack. >> > Fix this by having the client send a Packet, then wait some time >> > before sending FIN/ACK. >> > >> > Reported-at: https://issues.redhat.com/browse/FDP-1026 >> > Signed-off-by: Xavier Simonart <[email protected]> >> > --- >> > tests/system-ovn.at | 8 ++++---- >> > 1 file changed, 4 insertions(+), 4 deletions(-) >> > >> > diff --git a/tests/system-ovn.at b/tests/system-ovn.at >> > index df5bd716d..16848ec4a 100644 >> > --- a/tests/system-ovn.at >> > +++ b/tests/system-ovn.at >> > @@ -6505,7 +6505,7 @@ NS_CHECK_EXEC([bob1], [ip r d default via >> 172.16.0.2 dev bob1], [0]) >> > NS_CHECK_EXEC([bob1], [ip r a default via 172.16.0.3 dev bob1], [0]) >> > >> > NETNS_DAEMONIZE([bob1], [nc -l -k 8080], [bob1.pid]) >> > -NS_CHECK_EXEC([alice1], [nc -z 172.16.0.1 8080], [0]) >> > +NS_CHECK_EXEC([alice1], [(echo "Packet 1"; sleep 1; echo "Packet 2") | >> nc 172.16.0.1 8080], [0]) >> > NS_CHECK_EXEC([alice1], [ping -q -c 3 -i 0.3 -w 2 172.16.0.1 | >> FORMAT_PING], \ >> > [0], [dnl >> > 3 packets transmitted, 3 received, 0% packet loss, time 0ms >> > @@ -6522,7 +6522,7 @@ check ovn-nbctl --policy="src-ip" lr-route-del R1 >> 10.0.0.0/24 20.0.0.3 >> > check ovn-nbctl --wait=hv sync >> > AT_CHECK([ovs-appctl dpctl/flush-conntrack]) >> > NETNS_DAEMONIZE([bob1], [nc -l -k 8081], [bob2.pid]) >> > -NS_CHECK_EXEC([alice1], [nc -z 172.16.0.1 8081], [0]) >> > +NS_CHECK_EXEC([alice1], [(echo "Packet 1"; sleep 1; echo "Packet 2") | >> nc 172.16.0.1 8081], [0]) >> > NS_CHECK_EXEC([alice1], [ping -q -c 3 -i 0.3 -w 2 172.16.0.1 | >> FORMAT_PING], \ >> > [0], [dnl >> > 3 packets transmitted, 3 received, 0% packet loss, time 0ms >> > @@ -6737,7 +6737,7 @@ test $(ovs-ofctl dump-flows br-int | grep -c >> 'table=OFTABLE_ECMP_NH, n_packets') >> > AT_CHECK([ovs-appctl dpctl/flush-conntrack]) >> > >> > NETNS_DAEMONIZE([bob1], [nc -6 -l -k 8080], [bob1.pid]) >> > -NS_CHECK_EXEC([alice1], [nc -6 -z fd07::1 8080], [0]) >> > +NS_CHECK_EXEC([alice1], [(echo "Packet 1"; sleep 1; echo "Packet 2") | >> nc -6 fd07::1 8080], [0]) >> > NS_CHECK_EXEC([alice1], [ping -q -c 3 -i 0.3 -w 2 fd07::1 | >> FORMAT_PING], \ >> > [0], [dnl >> > 3 packets transmitted, 3 received, 0% packet loss, time 0ms >> > @@ -6754,7 +6754,7 @@ check ovn-nbctl --policy="src-ip" lr-route-del R1 >> fd01::/126 fd02::3 >> > check ovn-nbctl --wait=hv sync >> > AT_CHECK([ovs-appctl dpctl/flush-conntrack]) >> > NETNS_DAEMONIZE([bob1], [nc -6 -l -k 8081], [bob2.pid]) >> > -NS_CHECK_EXEC([alice1], [nc -6 -z fd07::1 8081], [0]) >> > +NS_CHECK_EXEC([alice1], [(echo "Packet 1"; sleep 1; echo "Packet 2") | >> nc -6 fd07::1 8081], [0]) >> > NS_CHECK_EXEC([alice1], [ping -q -c 3 -i 0.3 -w 2 fd07::1 | >> FORMAT_PING], \ >> > [0], [dnl >> > 3 packets transmitted, 3 received, 0% packet loss, time 0ms >> > -- >> > 2.47.1 >> > >> > _______________________________________________ >> > dev mailing list >> > [email protected] >> > https://mail.openvswitch.org/mailman/listinfo/ovs-dev >> > >> >> _______________________________________________ >> dev mailing list >> [email protected] >> https://mail.openvswitch.org/mailman/listinfo/ovs-dev >> > _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
