What were you trying to do that didn't work?

Build kernel without CONFIG_NETFILTER_CONNCOUNT, and run ovs selftests for kernel, and there are 3 unexpected failures.

In these 3 tests, they assumed the connection tracking in netfilter is turned on, while OVS conntrack doesn't reply on the netfilter connection tracking turned on. It can work with adding a flow like: priority=100,in_port=LOCAL,ip,ct_state=-trk,action=ct(table=0) for each failed case, and this should be the direction to fix the test case.

Note that with CONFIG_NETFILTER_CONNCOUNT enabled in kernel, the issue can not be reproduced, as nf_conncount turns on the netfilter connection tracking improperly (which will be fixed soon).

Please provide the package NVR for which bug is seen:

upstream kernel and the latest OVS repo

How reproducible:

1/1

Steps to reproduce

1. build and install kernel without CONFIG_NETFILTER_CONNCOUNT in .config
2. # git clone https://github.com/openvswitch/ovs.git
3. # cd ovs/ && ./boot.sh && ./configure && make
4. # yum install lftp -y && pip install pyftpdlib
5. # make check-kernel

Expected results

Only one failed due to nf_conncount is disabled:

119: conntrack - limit by zone                       FAILED (system-traffic.at:5597)

Actual results

four failed:

117: conntrack - multiple zones, local               FAILED (system-traffic.at:5485)
118: conntrack - multi-stage pipeline, local         FAILED (system-traffic.at:5556)
119: conntrack - limit by zone                       FAILED (system-traffic.at:5597)
164: conntrack - can match and clear ct_state from outside OVS FAILED (system-traffic.at:8423)