diff --git a/SOURCES/openvswitch-3.3.0.patch b/SOURCES/openvswitch-3.3.0.patch
index bf424c5..dde1a2c 100644
--- a/SOURCES/openvswitch-3.3.0.patch
+++ b/SOURCES/openvswitch-3.3.0.patch
@@ -48,10 +48,10 @@ index 5028bdc442..5f8a1db6af 100755
  # Install python test dependencies
  pip3 install -r python/test_requirements.txt
 diff --git a/.cirrus.yml b/.cirrus.yml
-index d8a9722809..d73154a971 100644
+index d8a9722809..8835501d4d 100644
 --- a/.cirrus.yml
 +++ b/.cirrus.yml
-@@ -2,8 +2,8 @@ freebsd_build_task:
+@@ -2,13 +2,13 @@ freebsd_build_task:
  
    freebsd_instance:
      matrix:
@@ -62,6 +62,12 @@ index d8a9722809..d73154a971 100644
      cpu: 4
      memory: 4G
  
+   env:
+-    DEPENDENCIES: automake libtool gmake gcc wget openssl python3
++    DEPENDENCIES: automake libtool gmake gcc openssl python3
+     PY_DEPS:      sphinx|netaddr|pyparsing
+     matrix:
+       COMPILER: gcc
 diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml
 index fc75581486..6c37a1d244 100644
 --- a/.github/workflows/build-and-test.yml
@@ -360,10 +366,20 @@ index ad9bdf22c0..e22b5676df 100644
  
  #. Configure and install DPDK using Meson
 diff --git a/Documentation/intro/install/general.rst b/Documentation/intro/install/general.rst
-index 19e360d47c..7eb3a5d370 100644
+index 19e360d47c..769fea346b 100644
 --- a/Documentation/intro/install/general.rst
 +++ b/Documentation/intro/install/general.rst
-@@ -176,10 +176,7 @@ following to obtain better warnings:
+@@ -150,9 +150,6 @@ The datapath tests for userspace and Linux datapaths also rely upon:
+ - pyftpdlib. Version 1.2.0 is known to work. Earlier versions should
+   also work.
+ 
+-- GNU wget. Version 1.16 is known to work. Earlier versions should also
+-  work.
+-
+ - netcat. Several common implementations are known to work.
+ 
+ - curl. Version 7.47.0 is known to work. Earlier versions should also work.
+@@ -176,10 +173,7 @@ following to obtain better warnings:
  
  - clang, version 3.4 or later
  
@@ -6660,7 +6676,7 @@ index 49ac45275a..7cbea51654 100755
  try:
      sockfd = socket.socket(socket.AF_PACKET, socket.SOCK_RAW)
 diff --git a/tests/system-common-macros.at b/tests/system-common-macros.at
-index 01ebe364ee..b8c2757fed 100644
+index 01ebe364ee..860460bc8a 100644
 --- a/tests/system-common-macros.at
 +++ b/tests/system-common-macros.at
 @@ -2,10 +2,7 @@
@@ -6684,6 +6700,40 @@ index 01ebe364ee..b8c2757fed 100644
        CONFIGURE_VETH_OFFLOADS([$1])
        AT_CHECK([ip link set $1 netns $2])
        AT_CHECK([ip link set dev ovs-$1 up])
+@@ -269,6 +266,33 @@ m4_define([NETNS_DAEMONIZE],
+    ]
+ )
+ 
++# OVS_GET_HTTP([url], [optional_curl_arguments])
++#
++# Do a HTTP get; we are currently using the curl command.
++#
++m4_define([OVS_GET_HTTP],
++    [curl $1 --retry 3 --max-time 1 --retry-connrefused -v $2]
++)
++
++# OVS_GET_FTP([url], [optional_curl_arguments])
++#
++# Do a passive FTP get; we are currently using the curl command.
++#
++m4_define([OVS_GET_FTP],
++    [curl ftp://$1 --retry 3 --max-time 1 --retry-connrefused --disable-epsv
++         -v $2]
++)
++
++# OVS_GET_FTP_ACTIVE([url], [optional_curl_arguments])
++#
++# Do an active FTP get; we are currently using the curl command.
++#
++m4_define([OVS_GET_FTP_ACTIVE],
++    [curl ftp://$1 --retry 3 --max-time 1 --retry-connrefused -v \
++        --ftp-port - --disable-eprt $2
++    ]
++)
++
+ # OVS_CHECK_FIREWALL()
+ #
+ # Check if firewalld is active, skip the test if it is on.
 diff --git a/tests/system-dpdk-macros.at b/tests/system-dpdk-macros.at
 index 7cf9bac170..f8ba766739 100644
 --- a/tests/system-dpdk-macros.at
@@ -7102,10 +7152,32 @@ index 114aaebc77..c0ecad6cfb 100644
 +
 +OVS_TRAFFIC_VSWITCHD_STOP
 +AT_CLEANUP
+diff --git a/tests/system-tap.at b/tests/system-tap.at
+index 3d84a53182..03ec01270f 100644
+--- a/tests/system-tap.at
++++ b/tests/system-tap.at
+@@ -27,7 +27,7 @@ NS_CHECK_EXEC([at_ns0], [ping -q -c 3 -i 0.3 -W 2 10.1.1.2 | FORMAT_PING], [0],
+ ])
+ 
+ OVS_START_L7([at_ns1], [http])
+-NS_CHECK_EXEC([at_ns0], [wget 10.1.1.2 -t 3 -T 1 --retry-connrefused -v -o wget0.log])
++NS_CHECK_EXEC([at_ns0], OVS_GET_HTTP([10.1.1.2]), [0], [ignore], [ignore])
+ 
+ OVS_TRAFFIC_VSWITCHD_STOP(["/.*ethtool command ETHTOOL_G.*/d"])
+ 
 diff --git a/tests/system-traffic.at b/tests/system-traffic.at
-index 98e494abf4..80f9ec0dbf 100644
+index 98e494abf4..9ee4399331 100644
 --- a/tests/system-traffic.at
 +++ b/tests/system-traffic.at
+@@ -38,7 +38,7 @@ NS_CHECK_EXEC([at_ns0], [ping -q -c 3 -i 0.3 -W 2 10.1.1.2 | FORMAT_PING], [0],
+ ])
+ 
+ OVS_START_L7([at_ns1], [http])
+-NS_CHECK_EXEC([at_ns0], [wget 10.1.1.2 -t 3 -T 1 --retry-connrefused -v -o wget0.log])
++NS_CHECK_EXEC([at_ns0], OVS_GET_HTTP([10.1.1.2]), [0], [ignore], [ignore])
+ 
+ OVS_TRAFFIC_VSWITCHD_STOP
+ AT_CLEANUP
 @@ -253,6 +253,10 @@ priority=0,actions=NORMAL
  AT_CHECK([ovs-ofctl del-flows br0])
  AT_CHECK([ovs-ofctl add-flows br0 flows.txt])
@@ -7439,6 +7511,472 @@ index 98e494abf4..80f9ec0dbf 100644
  OVS_TRAFFIC_VSWITCHD_STOP
  AT_CLEANUP
  
+@@ -3280,10 +3355,10 @@ OVS_START_L7([at_ns1], [http])
+ OVS_START_L7([at_ns3], [http])
+ 
+ dnl HTTP requests from p0->p1 should work fine.
+-NS_CHECK_EXEC([at_ns0], [wget 10.1.1.2 -t 3 -T 1 --retry-connrefused -v -o wget0.log])
++NS_CHECK_EXEC([at_ns0], OVS_GET_HTTP([10.1.1.2]), [0], [ignore], [ignore])
+ 
+ dnl HTTP requests from p2->p3 should work fine.
+-NS_CHECK_EXEC([at_ns2], [wget 10.1.1.4 -t 3 -T 1 --retry-connrefused -v -o wget1.log])
++NS_CHECK_EXEC([at_ns2], OVS_GET_HTTP([10.1.1.4]), [0], [ignore], [ignore])
+ 
+ OVS_TRAFFIC_VSWITCHD_STOP
+ AT_CLEANUP
+@@ -3323,10 +3398,10 @@ dnl traffic can't be identified, because the initial request wasn't committed.
+ dnl For the first pair of ports, this means that the connection fails.
+ OVS_START_L7([at_ns1], [http])
+ OVS_START_L7([at_ns3], [http])
+-NS_CHECK_EXEC([at_ns0], [wget 10.1.1.2 -t 3 -T 1 --retry-connrefused -v -o wget0.log], [4])
++NS_CHECK_EXEC([at_ns0], OVS_GET_HTTP([10.1.1.2]), [28], [ignore], [ignore])
+ 
+ dnl For the second pair, we allow packets from invalid connections, so it works.
+-NS_CHECK_EXEC([at_ns2], [wget 10.1.1.4 -t 3 -T 1 --retry-connrefused -v -o wget1.log])
++NS_CHECK_EXEC([at_ns2], OVS_GET_HTTP([10.1.1.4]), [0], [ignore], [ignore])
+ 
+ OVS_TRAFFIC_VSWITCHD_STOP
+ AT_CLEANUP
+@@ -3362,7 +3437,7 @@ OVS_START_L7([at_ns1], [http])
+ OVS_START_L7([at_ns3], [http])
+ 
+ dnl HTTP requests from p0->p1 should work fine.
+-NS_CHECK_EXEC([at_ns0], [wget 10.1.1.2 -t 3 -T 1 --retry-connrefused -v -o wget0.log])
++NS_CHECK_EXEC([at_ns0], OVS_GET_HTTP([10.1.1.2]), [0], [ignore], [ignore])
+ 
+ AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl
+ tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=<cleared>,dport=<cleared>),reply=(src=10.1.1.2,dst=10.1.1.1,sport=<cleared>,dport=<cleared>),zone=1,protoinfo=(state=<cleared>)
+@@ -3370,7 +3445,7 @@ tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=<cleared>,dport=<cleared>),reply=(src=
+ 
+ dnl HTTP requests from p2->p3 should fail due to network failure.
+ dnl Try 3 times, in 1 second intervals.
+-NS_CHECK_EXEC([at_ns2], [wget 10.1.1.4 -t 3 -T 1 -v -o wget1.log], [4])
++NS_CHECK_EXEC([at_ns2], OVS_GET_HTTP([10.1.1.4]), [28], [ignore], [ignore])
+ 
+ AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.4)], [0], [dnl
+ tcp,orig=(src=10.1.1.3,dst=10.1.1.4,sport=<cleared>,dport=<cleared>),reply=(src=10.1.1.4,dst=10.1.1.3,sport=<cleared>,dport=<cleared>),zone=2,protoinfo=(state=<cleared>)
+@@ -3409,7 +3484,7 @@ OVS_START_L7([at_ns1], [http])
+ OVS_START_L7([at_ns3], [http])
+ 
+ dnl HTTP requests from p0->p1 should work fine.
+-NS_CHECK_EXEC([at_ns0], [wget 10.1.1.2 -t 3 -T 1 --retry-connrefused -v -o wget0.log])
++NS_CHECK_EXEC([at_ns0], OVS_GET_HTTP([10.1.1.2]), [0], [ignore], [ignore])
+ 
+ AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl
+ tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=<cleared>,dport=<cleared>),reply=(src=10.1.1.2,dst=10.1.1.1,sport=<cleared>,dport=<cleared>),zone=4097,protoinfo=(state=<cleared>)
+@@ -3417,7 +3492,7 @@ tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=<cleared>,dport=<cleared>),reply=(src=
+ 
+ dnl HTTP requests from p2->p3 should fail due to network failure.
+ dnl Try 3 times, in 1 second intervals.
+-NS_CHECK_EXEC([at_ns2], [wget 10.1.1.4 -t 3 -T 1 -v -o wget1.log], [4])
++NS_CHECK_EXEC([at_ns2], OVS_GET_HTTP([10.1.1.4]), [28], [ignore], [ignore])
+ 
+ AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.4)], [0], [dnl
+ tcp,orig=(src=10.1.1.3,dst=10.1.1.4,sport=<cleared>,dport=<cleared>),reply=(src=10.1.1.4,dst=10.1.1.3,sport=<cleared>,dport=<cleared>),zone=4098,protoinfo=(state=<cleared>)
+@@ -3451,7 +3526,7 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt])
+ OVS_START_L7([at_ns1], [http])
+ 
+ dnl HTTP requests from p0->p1 should work fine.
+-NS_CHECK_EXEC([at_ns0], [wget 10.1.1.2 -t 3 -T 1 --retry-connrefused -v -o wget0.log])
++NS_CHECK_EXEC([at_ns0], OVS_GET_HTTP([10.1.1.2]), [0], [ignore], [ignore])
+ 
+ AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl
+ tcp,dnl
+@@ -3477,7 +3552,7 @@ AT_CHECK([ovs-ofctl mod-flows br0 dnl
+ dnl Wait for a flow flush as some datapaths (read TC) might take time to clear.
+ AT_CHECK([ovs-appctl revalidator/wait], [0])
+ 
+-NS_CHECK_EXEC([at_ns0], [wget 10.1.1.2 -t 3 -T 1 --retry-connrefused -v -o wget0.log])
++NS_CHECK_EXEC([at_ns0], OVS_GET_HTTP([10.1.1.2]), [0], [ignore], [ignore])
+ 
+ AT_CHECK([ovs-appctl dpctl/dump-flows --names filter=in_port=ovs-p0 dnl
+               | grep "+trk" | grep -q "ct_zone(0xf)" ], [0], [])
+@@ -3511,7 +3586,7 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt])
+ OVS_START_L7([at_ns1], [http])
+ 
+ dnl HTTP requests from p0->p1 should work fine.
+-NS_CHECK_EXEC([at_ns0], [wget 10.1.1.2 -t 3 -T 1 --retry-connrefused -v -o wget0.log])
++NS_CHECK_EXEC([at_ns0], OVS_GET_HTTP([10.1.1.2]), [0], [ignore], [ignore])
+ 
+ AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl
+ tcp,dnl
+@@ -3529,7 +3604,7 @@ AT_CHECK([ovs-ofctl mod-flows br0 'priority=100,ct_state=-trk,tcp,in_port="ovs-p
+ dnl Wait for a flow flush as some datapaths (read TC) might take time to clear.
+ AT_CHECK([ovs-appctl revalidator/wait], [0])
+ 
+-NS_CHECK_EXEC([at_ns0], [wget 10.1.1.2 -t 3 -T 1 --retry-connrefused -v -o wget0.log])
++NS_CHECK_EXEC([at_ns0], OVS_GET_HTTP([10.1.1.2]), [0], [ignore], [ignore])
+ 
+ AT_CHECK([ovs-appctl dpctl/dump-flows --names filter=in_port=ovs-p0 dnl
+               | grep "+trk" | sed 's/0xffff000f\/0xffff/0xf\/0xffff/' dnl
+@@ -3577,7 +3652,7 @@ AT_CHECK([ovs-ofctl --bundle add-flows br1 flows-br1.txt])
+ 
+ dnl HTTP requests from p0->p1 should work fine.
+ OVS_START_L7([at_ns1], [http])
+-NS_CHECK_EXEC([at_ns0], [wget 10.1.1.2 -t 3 -T 1 --retry-connrefused -v -o wget0.log])
++NS_CHECK_EXEC([at_ns0], OVS_GET_HTTP([10.1.1.2]), [0], [ignore], [ignore])
+ 
+ OVS_TRAFFIC_VSWITCHD_STOP
+ AT_CLEANUP
+@@ -3606,10 +3681,10 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt])
+ OVS_START_L7([at_ns1], [http])
+ 
+ dnl HTTP requests from p0->p1 should work fine.
+-NS_CHECK_EXEC([at_ns0], [wget 10.1.1.2 -t 3 -T 1 --retry-connrefused -v -o wget0.log])
++NS_CHECK_EXEC([at_ns0], OVS_GET_HTTP([10.1.1.2]), [0], [ignore], [ignore])
+ 
+ dnl (again) HTTP requests from p0->p1 should work fine.
+-NS_CHECK_EXEC([at_ns0], [wget 10.1.1.2 -t 3 -T 1 --retry-connrefused -v -o wget0.log])
++NS_CHECK_EXEC([at_ns0], OVS_GET_HTTP([10.1.1.2]), [0], [ignore], [ignore])
+ 
+ AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl
+ tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=<cleared>,dport=<cleared>),reply=(src=10.1.1.2,dst=10.1.1.1,sport=<cleared>,dport=<cleared>),zone=1,protoinfo=(state=<cleared>)
+@@ -3648,10 +3723,10 @@ AT_CHECK([ovs-ofctl add-flows br0 flows.txt])
+ OVS_START_L7([at_ns1], [http])
+ 
+ dnl HTTP requests from p0->p1 should work fine.
+-NS_CHECK_EXEC([at_ns0], [wget 10.1.1.2 -t 3 -T 1 --retry-connrefused -v -o wget0.log])
++NS_CHECK_EXEC([at_ns0], OVS_GET_HTTP([10.1.1.2]), [0], [ignore], [ignore])
+ 
+ dnl (again) HTTP requests from p0->p1 should work fine.
+-NS_CHECK_EXEC([at_ns0], [wget 10.1.1.2 -t 3 -T 1 --retry-connrefused -v -o wget0.log])
++NS_CHECK_EXEC([at_ns0], OVS_GET_HTTP([10.1.1.2]), [0], [ignore], [ignore])
+ 
+ AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl
+ tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=<cleared>,dport=<cleared>),reply=(src=10.1.1.2,dst=10.1.1.1,sport=<cleared>,dport=<cleared>),zone=1,protoinfo=(state=<cleared>)
+@@ -3693,14 +3768,14 @@ OVS_START_L7([at_ns1], [http])
+ OVS_START_L7([at_ns3], [http])
+ 
+ dnl HTTP requests from p0->p1 should work fine.
+-NS_CHECK_EXEC([at_ns0], [wget 10.1.1.2 -t 3 -T 1 --retry-connrefused -v -o wget0.log])
++NS_CHECK_EXEC([at_ns0], OVS_GET_HTTP([10.1.1.2]), [0], [ignore], [ignore])
+ AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl
+ tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=<cleared>,dport=<cleared>),reply=(src=10.1.1.2,dst=10.1.1.1,sport=<cleared>,dport=<cleared>),mark=1,protoinfo=(state=<cleared>)
+ ])
+ 
+ dnl HTTP requests from p2->p3 should fail due to network failure.
+ dnl Try 3 times, in 1 second intervals.
+-NS_CHECK_EXEC([at_ns2], [wget 10.1.1.4 -t 3 -T 1 -v -o wget1.log], [4])
++NS_CHECK_EXEC([at_ns2], OVS_GET_HTTP([10.1.1.4]), [28], [ignore], [ignore])
+ AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.4)], [0], [dnl
+ tcp,orig=(src=10.1.1.3,dst=10.1.1.4,sport=<cleared>,dport=<cleared>),reply=(src=10.1.1.4,dst=10.1.1.3,sport=<cleared>,dport=<cleared>),mark=2,protoinfo=(state=<cleared>)
+ ])
+@@ -3735,7 +3810,7 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt])
+ OVS_START_L7([at_ns1], [http])
+ 
+ dnl HTTP requests from p0->p1 should work fine.
+-NS_CHECK_EXEC([at_ns0], [wget 10.1.1.2 -t 3 -T 1 --retry-connrefused -v -o wget0.log])
++NS_CHECK_EXEC([at_ns0], OVS_GET_HTTP([10.1.1.2]), [0], [ignore], [ignore])
+ 
+ AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl
+ tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=<cleared>,dport=<cleared>),reply=(src=10.1.1.2,dst=10.1.1.1,sport=<cleared>,dport=<cleared>),mark=3,protoinfo=(state=<cleared>)
+@@ -3774,14 +3849,14 @@ OVS_START_L7([at_ns1], [http])
+ OVS_START_L7([at_ns3], [http])
+ 
+ dnl HTTP requests from p0->p1 should work fine.
+-NS_CHECK_EXEC([at_ns0], [wget 10.1.1.2 -t 3 -T 1 --retry-connrefused -v -o wget0.log])
++NS_CHECK_EXEC([at_ns0], OVS_GET_HTTP([10.1.1.2]), [0], [ignore], [ignore])
+ AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl
+ tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=<cleared>,dport=<cleared>),reply=(src=10.1.1.2,dst=10.1.1.1,sport=<cleared>,dport=<cleared>),mark=1,protoinfo=(state=<cleared>)
+ ])
+ 
+ dnl HTTP requests from p2->p3 should fail due to network failure.
+ dnl Try 3 times, in 1 second intervals.
+-NS_CHECK_EXEC([at_ns2], [wget 10.1.1.4 -t 3 -T 1 -v -o wget1.log], [4])
++NS_CHECK_EXEC([at_ns2], OVS_GET_HTTP([10.1.1.4]), [28], [ignore], [ignore])
+ AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.4)], [0], [dnl
+ tcp,orig=(src=10.1.1.3,dst=10.1.1.4,sport=<cleared>,dport=<cleared>),reply=(src=10.1.1.4,dst=10.1.1.3,sport=<cleared>,dport=<cleared>),mark=2,protoinfo=(state=<cleared>)
+ ])
+@@ -3820,11 +3895,11 @@ OVS_START_L7([at_ns1], [http])
+ OVS_START_L7([at_ns3], [http])
+ 
+ dnl HTTP requests from p0->p1 should work fine.
+-NS_CHECK_EXEC([at_ns0], [wget 10.1.1.2 -t 3 -T 1 --retry-connrefused -v -o wget0.log])
++NS_CHECK_EXEC([at_ns0], OVS_GET_HTTP([10.1.1.2]), [0], [ignore], [ignore])
+ 
+ dnl HTTP requests from p2->p3 should fail due to network failure.
+ dnl Try 3 times, in 1 second intervals.
+-NS_CHECK_EXEC([at_ns2], [wget 10.1.1.4 -t 3 -T 1 -v -o wget1.log], [4])
++NS_CHECK_EXEC([at_ns2], OVS_GET_HTTP([10.1.1.4]), [28], [ignore], [ignore])
+ 
+ OVS_TRAFFIC_VSWITCHD_STOP
+ AT_CLEANUP
+@@ -3856,7 +3931,7 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt])
+ OVS_START_L7([at_ns1], [http])
+ 
+ dnl HTTP requests from p0->p1 should work fine.
+-NS_CHECK_EXEC([at_ns0], [wget 10.1.1.2 -t 3 -T 1 --retry-connrefused -v -o wget0.log])
++NS_CHECK_EXEC([at_ns0], OVS_GET_HTTP([10.1.1.2]), [0], [ignore], [ignore])
+ 
+ AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl
+ tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=<cleared>,dport=<cleared>),reply=(src=10.1.1.2,dst=10.1.1.1,sport=<cleared>,dport=<cleared>),labels=0x200000001,protoinfo=(state=<cleared>)
+@@ -3894,7 +3969,7 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt])
+ OVS_START_L7([at_ns1], [http])
+ 
+ dnl HTTP requests from p0->p1 should work fine.
+-NS_CHECK_EXEC([at_ns0], [wget 10.1.1.2 -t 3 -T 1 --retry-connrefused -v -o wget0.log])
++NS_CHECK_EXEC([at_ns0], OVS_GET_HTTP([10.1.1.2]), [0], [ignore], [ignore])
+ 
+ AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl
+ tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=<cleared>,dport=<cleared>),reply=(src=10.1.1.2,dst=10.1.1.1,sport=<cleared>,dport=<cleared>),zone=1,mark=3,labels=0x200000001,protoinfo=(state=<cleared>)
+@@ -3930,7 +4005,7 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows1.txt])
+ 
+ dnl TCP traffic from ns0 to ns1 should fail.
+ OVS_START_L7([at_ns1], [http])
+-NS_CHECK_EXEC([at_ns0], [wget 10.1.1.2 -t 3 -T 1 --retry-connrefused -v -o wget0.log], [4])
++NS_CHECK_EXEC([at_ns0], OVS_GET_HTTP([10.1.1.2]), [28], [ignore], [ignore])
+ 
+ dnl Send UDP packet on port 1 twice.
+ AT_CHECK([ovs-ofctl -O OpenFlow13 packet-out br0 "in_port=1 packet=50540000000a50540000000908004500001c000000000011a4cd0a0101010a0101020001000200080000 actions=resubmit(,0)"])
+@@ -5230,14 +5305,14 @@ OVS_START_L7([at_ns0], [http])
+ OVS_START_L7([at_ns1], [http])
+ 
+ dnl HTTP requests from ns0->ns1 should work fine.
+-NS_CHECK_EXEC([at_ns0], [wget 10.1.1.2 -t 3 -T 1 --retry-connrefused -v -o wget0.log])
++NS_CHECK_EXEC([at_ns0], OVS_GET_HTTP([10.1.1.2]), [0], [ignore], [ignore])
+ AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl
+ tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=<cleared>,dport=<cleared>),reply=(src=10.1.1.2,dst=10.1.1.1,sport=<cleared>,dport=<cleared>),protoinfo=(state=<cleared>)
+ ])
+ 
+ dnl HTTP requests from ns1->ns0 should fail due to network failure.
+ dnl Try 3 times, in 1 second intervals.
+-NS_CHECK_EXEC([at_ns1], [wget 10.1.1.1 -t 3 -T 1 --retry-connrefused -v -o wget1.log], [4])
++NS_CHECK_EXEC([at_ns1], OVS_GET_HTTP([10.1.1.1]), [28], [ignore], [ignore])
+ 
+ OVS_TRAFFIC_VSWITCHD_STOP
+ AT_CLEANUP
+@@ -5271,7 +5346,7 @@ OVS_START_L7([at_ns0], [http6])
+ OVS_START_L7([at_ns1], [http6])
+ 
+ dnl HTTP requests from ns0->ns1 should work fine.
+-NS_CHECK_EXEC([at_ns0], [wget http://[[fc00::2]] -t 3 -T 1 --retry-connrefused -v -o wget0.log])
++NS_CHECK_EXEC([at_ns0], OVS_GET_HTTP([http://[[fc00::2]]]), [0], [ignore], [ignore])
+ 
+ AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(fc00::2)], [0], [dnl
+ tcp,orig=(src=fc00::1,dst=fc00::2,sport=<cleared>,dport=<cleared>),reply=(src=fc00::2,dst=fc00::1,sport=<cleared>,dport=<cleared>),protoinfo=(state=<cleared>)
+@@ -5279,7 +5354,7 @@ tcp,orig=(src=fc00::1,dst=fc00::2,sport=<cleared>,dport=<cleared>),reply=(src=fc
+ 
+ dnl HTTP requests from ns1->ns0 should fail due to network failure.
+ dnl Try 3 times, in 1 second intervals.
+-NS_CHECK_EXEC([at_ns1], [wget http://[[fc00::1]] -t 3 -T 1 --retry-connrefused -v -o wget1.log], [4])
++NS_CHECK_EXEC([at_ns1], OVS_GET_HTTP([http://[[fc00::1]]]), [28], [ignore], [ignore])
+ 
+ OVS_TRAFFIC_VSWITCHD_STOP
+ AT_CLEANUP
+@@ -5317,10 +5392,10 @@ OVS_START_L7([at_ns1], [http])
+ OVS_START_L7([at_ns3], [http])
+ 
+ dnl HTTP requests from p0->p1 should work fine.
+-NS_CHECK_EXEC([at_ns0], [wget 10.1.1.2 -t 3 -T 1 --retry-connrefused -v -o wget0.log])
++NS_CHECK_EXEC([at_ns0], OVS_GET_HTTP([10.1.1.2]), [0], [ignore], [ignore])
+ 
+ dnl HTTP requests from p2->p3 should work fine.
+-NS_CHECK_EXEC([at_ns2], [wget 10.1.1.4 -t 3 -T 1 --retry-connrefused -v -o wget1.log])
++NS_CHECK_EXEC([at_ns2], OVS_GET_HTTP([10.1.1.4]), [0], [ignore], [ignore])
+ 
+ OVS_TRAFFIC_VSWITCHD_STOP
+ AT_CLEANUP
+@@ -5359,10 +5434,10 @@ AT_CHECK([ping -q -c 3 -i 0.3 -W 2 10.1.1.2 | FORMAT_PING], [0], [dnl
+ OVS_START_L7([at_ns0], [http])
+ 
+ dnl HTTP requests from root namespace to p0 should work fine.
+-AT_CHECK([wget 10.1.1.2 -t 3 -T 1 --retry-connrefused -v -o wget0.log])
++AT_CHECK(OVS_GET_HTTP([10.1.1.2]), [0], [ignore], [ignore])
+ 
+-dnl (again) HTTP requests from root namespace to  p0 should work fine.
+-AT_CHECK([wget 10.1.1.2 -t 3 -T 1 --retry-connrefused -v -o wget0.log])
++dnl (again) HTTP requests from root namespace to p0 should work fine.
++AT_CHECK(OVS_GET_HTTP([10.1.1.2]), [0], [ignore], [ignore])
+ 
+ AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2) | grep "zone"], [0], [dnl
+ icmp,orig=(src=10.1.1.1,dst=10.1.1.2,id=<cleared>,type=8,code=0),reply=(src=10.1.1.2,dst=10.1.1.1,id=<cleared>,type=0,code=0),zone=1
+@@ -5430,10 +5505,10 @@ AT_CHECK([ping -q -c 3 -i 0.3 -W 2 10.1.1.2 | FORMAT_PING], [0], [dnl
+ OVS_START_L7([at_ns0], [http])
+ 
+ dnl HTTP requests from root namespace to p0 should work fine.
+-AT_CHECK([wget 10.1.1.2 -t 3 -T 1 --retry-connrefused -v -o wget0.log])
++AT_CHECK(OVS_GET_HTTP([10.1.1.2]), [0], [ignore], [ignore])
+ 
+ dnl (again) HTTP requests from root namespace to p0 should work fine.
+-AT_CHECK([wget 10.1.1.2 -t 3 -T 1 --retry-connrefused -v -o wget0.log])
++AT_CHECK(OVS_GET_HTTP([10.1.1.2]), [0], [ignore], [ignore])
+ 
+ AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2) | grep "zone"], [0], [dnl
+ icmp,orig=(src=10.1.1.1,dst=10.1.1.2,id=<cleared>,type=8,code=0),reply=(src=10.1.1.2,dst=10.1.1.1,id=<cleared>,type=0,code=0),zone=1
+@@ -5682,7 +5757,7 @@ NETNS_DAEMONIZE([at_ns1], [[$PYTHON3 $srcdir/test-l7.py ftp]], [ftp0.pid])
+ OVS_WAIT_UNTIL([ip netns exec at_ns1 netstat -l | grep ftp])
+ 
+ dnl FTP requests from p0->p1 should work fine.
+-NS_CHECK_EXEC([at_ns0], [wget ftp://10.1.1.2 --no-passive-ftp -t 3 -T 1 --retry-connrefused -v -o wget0.log])
++NS_CHECK_EXEC([at_ns0], OVS_GET_FTP_ACTIVE([10.1.1.2], [-o index.html]), [0], [ignore], [ignore])
+ 
+ AT_CHECK([find -name index.html], [0], [dnl
+ ./index.html
+@@ -5749,12 +5824,12 @@ OVS_START_L7([at_ns1], [ftp])
+ 
+ dnl FTP requests from p1->p0 should fail due to network failure.
+ dnl Try 3 times, in 1 second intervals.
+-NS_CHECK_EXEC([at_ns1], [wget ftp://10.1.1.1 --no-passive-ftp  -t 3 -T 1 -v -o wget1.log], [4])
++NS_CHECK_EXEC([at_ns1], OVS_GET_FTP_ACTIVE([10.1.1.1]), [28], [ignore], [ignore])
+ AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.1)], [0], [dnl
+ ])
+ 
+ dnl FTP requests from p0->p1 should work fine.
+-NS_CHECK_EXEC([at_ns0], [wget ftp://10.1.1.2 --no-passive-ftp -t 3 -T 1 --retry-connrefused -v -o wget0.log])
++NS_CHECK_EXEC[at_ns0], (OVS_GET_FTP_ACTIVE([10.1.1.2]), [0], [ignore], [ignore])
+ AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl
+ tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=<cleared>,dport=<cleared>),reply=(src=10.1.1.2,dst=10.1.1.1,sport=<cleared>,dport=<cleared>),protoinfo=(state=<cleared>),helper=ftp
+ ])
+@@ -5765,12 +5840,12 @@ AT_CHECK([ovs-appctl dpctl/flush-conntrack])
+ 
+ dnl FTP requests from p1->p0 should fail due to network failure.
+ dnl Try 3 times, in 1 second intervals.
+-NS_CHECK_EXEC([at_ns1], [wget ftp://10.1.1.1 --no-passive-ftp  -t 3 -T 1 -v -o wget1.log], [4])
++NS_CHECK_EXEC([at_ns1], OVS_GET_FTP_ACTIVE([10.1.1.1]), [28], [ignore], [ignore])
+ AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.1)], [0], [dnl
+ ])
+ 
+ dnl Active FTP requests from p0->p1 should work fine.
+-NS_CHECK_EXEC([at_ns0], [wget ftp://10.1.1.2 --no-passive-ftp -t 3 -T 1 --retry-connrefused -v -o wget0-1.log])
++NS_CHECK_EXEC([at_ns0], OVS_GET_FTP_ACTIVE([10.1.1.2]), [0], [ignore], [ignore])
+ AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl
+ tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=<cleared>,dport=<cleared>),reply=(src=10.1.1.2,dst=10.1.1.1,sport=<cleared>,dport=<cleared>),protoinfo=(state=<cleared>),helper=ftp
+ tcp,orig=(src=10.1.1.2,dst=10.1.1.1,sport=<cleared>,dport=<cleared>),reply=(src=10.1.1.1,dst=10.1.1.2,sport=<cleared>,dport=<cleared>),protoinfo=(state=<cleared>)
+@@ -5779,7 +5854,7 @@ tcp,orig=(src=10.1.1.2,dst=10.1.1.1,sport=<cleared>,dport=<cleared>),reply=(src=
+ AT_CHECK([ovs-appctl dpctl/flush-conntrack])
+ 
+ dnl Passive FTP requests from p0->p1 should work fine.
+-NS_CHECK_EXEC([at_ns0], [wget ftp://10.1.1.2 -t 3 -T 1 --retry-connrefused -v -o wget0-2.log])
++NS_CHECK_EXEC([at_ns0], OVS_GET_FTP([10.1.1.2]), [0], [ignore], [ignore])
+ AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl
+ tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=<cleared>,dport=<cleared>),reply=(src=10.1.1.2,dst=10.1.1.1,sport=<cleared>,dport=<cleared>),protoinfo=(state=<cleared>),helper=ftp
+ ])
+@@ -5789,7 +5864,7 @@ AT_CHECK([ovs-ofctl --bundle replace-flows br0 flows3.txt])
+ AT_CHECK([ovs-appctl dpctl/flush-conntrack])
+ 
+ dnl FTP control requests from p0->p1 should work fine, but helper will not be assigned.
+-NS_CHECK_EXEC([at_ns0], [wget ftp://10.1.1.2 --no-passive-ftp -t 3 -T 1 --retry-connrefused -v -o wget0-3.log], [4])
++NS_CHECK_EXEC([at_ns0], OVS_GET_FTP_ACTIVE([10.1.1.2]), [28], [ignore], [ignore])
+ AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl
+ tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=<cleared>,dport=<cleared>),reply=(src=10.1.1.2,dst=10.1.1.1,sport=<cleared>,dport=<cleared>),protoinfo=(state=<cleared>)
+ ])
+@@ -5855,12 +5930,12 @@ OVS_START_L7([at_ns1], [ftp], [11111])
+ 
+ dnl FTP requests from p1->p0 should fail due to network failure.
+ dnl Try 3 times, in 1 second intervals.
+-NS_CHECK_EXEC([at_ns1], [wget ftp://10.1.1.1:11111 --no-passive-ftp  -t 3 -T 1 -v -o wget1.log], [4])
++NS_CHECK_EXEC([at_ns1], OVS_GET_FTP_ACTIVE([10.1.1.1:11111]), [28], [ignore], [ignore])
+ AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.1)], [0], [dnl
+ ])
+ 
+ dnl FTP requests from p0->p1 should work fine.
+-NS_CHECK_EXEC([at_ns0], [wget ftp://10.1.1.2:11111 --no-passive-ftp -t 3 -T 1 --retry-connrefused -v -o wget0.log])
++NS_CHECK_EXEC([at_ns0], OVS_GET_FTP_ACTIVE([10.1.1.2:11111]), [0], [ignore], [ignore])
+ AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl
+ tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=<cleared>,dport=<cleared>),reply=(src=10.1.1.2,dst=10.1.1.1,sport=<cleared>,dport=<cleared>),protoinfo=(state=<cleared>),helper=ftp
+ ])
+@@ -5871,12 +5946,12 @@ AT_CHECK([ovs-appctl dpctl/flush-conntrack])
+ 
+ dnl FTP requests from p1->p0 should fail due to network failure.
+ dnl Try 3 times, in 1 second intervals.
+-NS_CHECK_EXEC([at_ns1], [wget ftp://10.1.1.1:11111 --no-passive-ftp  -t 3 -T 1 -v -o wget1.log], [4])
++NS_CHECK_EXEC([at_ns1], OVS_GET_FTP_ACTIVE([10.1.1.1:11111]), [28], [ignore], [ignore])
+ AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.1)], [0], [dnl
+ ])
+ 
+ dnl Active FTP requests from p0->p1 should work fine.
+-NS_CHECK_EXEC([at_ns0], [wget ftp://10.1.1.2:11111 --no-passive-ftp -t 3 -T 1 --retry-connrefused -v -o wget0-1.log])
++NS_CHECK_EXEC([at_ns0], OVS_GET_FTP_ACTIVE([10.1.1.2:11111]), [0], [ignore], [ignore])
+ AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl
+ tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=<cleared>,dport=<cleared>),reply=(src=10.1.1.2,dst=10.1.1.1,sport=<cleared>,dport=<cleared>),protoinfo=(state=<cleared>),helper=ftp
+ tcp,orig=(src=10.1.1.2,dst=10.1.1.1,sport=<cleared>,dport=<cleared>),reply=(src=10.1.1.1,dst=10.1.1.2,sport=<cleared>,dport=<cleared>),protoinfo=(state=<cleared>)
+@@ -5885,7 +5960,7 @@ tcp,orig=(src=10.1.1.2,dst=10.1.1.1,sport=<cleared>,dport=<cleared>),reply=(src=
+ AT_CHECK([ovs-appctl dpctl/flush-conntrack])
+ 
+ dnl Passive FTP requests from p0->p1 should work fine.
+-NS_CHECK_EXEC([at_ns0], [wget ftp://10.1.1.2:11111 -t 3 -T 1 --retry-connrefused -v -o wget0-2.log])
++NS_CHECK_EXEC([at_ns0], OVS_GET_FTP([10.1.1.2:11111]), [0], [ignore], [ignore])
+ AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl
+ tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=<cleared>,dport=<cleared>),reply=(src=10.1.1.2,dst=10.1.1.1,sport=<cleared>,dport=<cleared>),protoinfo=(state=<cleared>),helper=ftp
+ ])
+@@ -5895,7 +5970,7 @@ AT_CHECK([ovs-ofctl --bundle replace-flows br0 flows3.txt])
+ AT_CHECK([ovs-appctl dpctl/flush-conntrack])
+ 
+ dnl FTP control requests from p0->p1 should work fine, but helper will not be assigned.
+-NS_CHECK_EXEC([at_ns0], [wget ftp://10.1.1.2:11111 --no-passive-ftp -t 3 -T 1 --retry-connrefused -v -o wget0-3.log], [4])
++NS_CHECK_EXEC([at_ns0], OVS_GET_FTP_ACTIVE([10.1.1.2:11111]), [28], [ignore], [ignore])
+ AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl
+ tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=<cleared>,dport=<cleared>),reply=(src=10.1.1.2,dst=10.1.1.1,sport=<cleared>,dport=<cleared>),protoinfo=(state=<cleared>)
+ ])
+@@ -5930,7 +6005,7 @@ AT_CHECK([ovs-ofctl --bundle replace-flows br0 flows.txt])
+ OVS_START_L7([at_ns1], [ftp])
+ 
+ dnl FTP requests from p0->p1 should work fine.
+-NS_CHECK_EXEC([at_ns0], [wget ftp://10.1.1.2 --no-passive-ftp -t 3 -T 1 --retry-connrefused -v -o wget0.log])
++NS_CHECK_EXEC([at_ns0], OVS_GET_FTP_ACTIVE([10.1.1.2]), [0], [ignore], [ignore])
+ 
+ AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl
+ tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=<cleared>,dport=<cleared>),reply=(src=10.1.1.2,dst=10.1.1.1,sport=<cleared>,dport=<cleared>),protoinfo=(state=<cleared>),helper=ftp
+@@ -5991,7 +6066,7 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping6 -c 1 fc00::2 >/dev/null])
+ OVS_START_L7([at_ns1], [ftp])
+ 
+ dnl FTP requests from p0->p1 should work fine.
+-NS_CHECK_EXEC([at_ns0], [wget ftp://[[fc00::2]] -6 --no-passive-ftp -t 3 -T 1 --retry-connrefused -v --server-response --no-remove-listing -o wget0.log -d])
++NS_CHECK_EXEC([at_ns0], OVS_GET_FTP_ACTIVE([[[fc00::2]]], [--ipv6]), [0], [ignore], [ignore])
+ 
+ dnl Discards CLOSE_WAIT and CLOSING
+ AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(fc00::2)], [0], [dnl
+@@ -6050,7 +6125,7 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping6 -c 1 fc00::2 >/dev/null])
+ OVS_START_L7([at_ns1], [ftp])
+ 
+ dnl FTP passive requests from p0->p1 should work fine.
+-NS_CHECK_EXEC([at_ns0], [wget ftp://[[fc00::2]] -6 -t 3 -T 1 --retry-connrefused -v --server-response --no-remove-listing -o wget0.log -d])
++NS_CHECK_EXEC([at_ns0], OVS_GET_FTP([[[fc00::2]]]), [--ipv6]), [0], [ignore], [ignore])
+ 
+ dnl Discards CLOSE_WAIT and CLOSING
+ AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(fc00::2)], [0], [dnl
+@@ -6100,12 +6175,12 @@ OVS_START_L7([at_ns1], [ftp])
+ 
+ dnl FTP requests from p1->p0 should fail due to network failure.
+ dnl Try 3 times, in 1 second intervals.
+-NS_CHECK_EXEC([at_ns1], [wget ftp://10.1.1.1 --no-passive-ftp  -t 3 -T 1 -v -o wget1.log], [4])
++NS_CHECK_EXEC([at_ns1], OVS_GET_FTP_ACTIVE([10.1.1.1]), [28], [ignore], [ignore])
+ AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.1)], [0], [dnl
+ ])
+ 
+ dnl Active FTP requests from p0->p1 should work fine.
+-NS_CHECK_EXEC([at_ns0], [wget ftp://10.1.1.2 --no-passive-ftp -t 3 -T 1 --retry-connrefused -v -o wget0.log])
++NS_CHECK_EXEC([at_ns0], OVS_GET_FTP_ACTIVE([10.1.1.2]), [0], [ignore], [ignore])
+ AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl
+ tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=<cleared>,dport=<cleared>),reply=(src=10.1.1.2,dst=10.1.1.1,sport=<cleared>,dport=<cleared>),zone=1,protoinfo=(state=<cleared>),helper=ftp
+ tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=<cleared>,dport=<cleared>),reply=(src=10.1.1.2,dst=10.1.1.1,sport=<cleared>,dport=<cleared>),zone=2,protoinfo=(state=<cleared>),helper=ftp
+@@ -6116,7 +6191,7 @@ tcp,orig=(src=10.1.1.2,dst=10.1.1.1,sport=<cleared>,dport=<cleared>),reply=(src=
+ AT_CHECK([ovs-appctl dpctl/flush-conntrack])
+ 
+ dnl Passive FTP requests from p0->p1 should work fine.
+-NS_CHECK_EXEC([at_ns0], [wget ftp://10.1.1.2 -t 3 -T 1 --retry-connrefused -v -o wget0.log])
++NS_CHECK_EXEC([at_ns0], OVS_GET_FTP([10.1.1.2]), [0], [ignore], [ignore])
+ AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl
+ tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=<cleared>,dport=<cleared>),reply=(src=10.1.1.2,dst=10.1.1.1,sport=<cleared>,dport=<cleared>),zone=1,protoinfo=(state=<cleared>)
+ tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=<cleared>,dport=<cleared>),reply=(src=10.1.1.2,dst=10.1.1.1,sport=<cleared>,dport=<cleared>),zone=1,protoinfo=(state=<cleared>),helper=ftp
+@@ -6240,7 +6315,7 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt])
+ 
+ dnl HTTP requests from p0->p1 should work fine.
+ OVS_START_L7([at_ns1], [http])
+-NS_CHECK_EXEC([at_ns0], [wget 10.1.1.2 -t 5 -T 1 --retry-connrefused -v -o wget0.log])
++NS_CHECK_EXEC([at_ns0], OVS_GET_HTTP([10.1.1.2]), [0], [ignore], [ignore])
+ 
+ AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2) | sed -e 's/dst=10.1.1.2[[45]][[0-9]]/dst=10.1.1.2XX/' | uniq], [0], [dnl
+ tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=<cleared>,dport=<cleared>),reply=(src=10.1.1.2,dst=10.1.1.2XX,sport=<cleared>,dport=<cleared>),zone=1,protoinfo=(state=<cleared>)
+@@ -6330,7 +6405,7 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt])
+ 
+ dnl HTTP requests from p0->p1 should work fine.
+ OVS_START_L7([at_ns1], [http])
+-NS_CHECK_EXEC([at_ns0], [wget 10.1.1.2 -t 5 -T 1 --retry-connrefused -v -o wget0.log])
++NS_CHECK_EXEC([at_ns0], OVS_GET_HTTP([10.1.1.2]), [0], [ignore], [ignore])
+ 
+ AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2) | sed -e 's/dst=10.1.1.2[[45]][[0-9]]/dst=10.1.1.2XX/' | uniq], [0], [dnl
+ tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=<cleared>,dport=<cleared>),reply=(src=10.1.1.2,dst=10.1.1.2XX,sport=<cleared>,dport=<cleared>),zone=1,protoinfo=(state=<cleared>)
 @@ -6397,11 +6472,11 @@ ADD_NAMESPACES(at_ns0, at_ns1)
  ADD_VETH(p0, at_ns0, br0, "10.1.1.1/24")
  NS_CHECK_EXEC([at_ns0], [ip link set dev p0 address 80:88:88:88:88:88])
@@ -7458,24 +7996,25 @@ index 98e494abf4..80f9ec0dbf 100644
  dnl HTTP requests from p0->p1 should work fine.
  OVS_START_L7([at_ns1], [http])
 -NS_CHECK_EXEC([at_ns0], [wget 10.1.1.2 -t 1 -T 1 --retry-connrefused -v -o wget0.log])
-+
+ 
+-NS_CHECK_EXEC([at_ns0], [wget 10.1.1.2 -t 1 -T 1 --retry-connrefused -v -o wget0.log], [4])
 +dnl Send a valid SYN to make conntrack pick it up.
 +dnl The source port used is 123 to prevent unwanted reuse in the next HTTP request.
 +syn_pkt=$(ovs-ofctl compose-packet --bare "eth_src=80:88:88:88:88:88,eth_dst=80:89:89:89:89:89,\
 +  dl_type=0x0800,nw_src=10.1.1.1,nw_dst=10.1.1.2,nw_proto=6,nw_ttl=64,nw_frag=no,tcp_flags=syn,\
 +  tcp_src=123,tcp_dst=80")
 +AT_CHECK([ovs-ofctl packet-out br0 "packet=${syn_pkt} actions=ct(commit,zone=1,nat(src=10.1.1.240:34568))"])
-+
-+AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2) | uniq], [0], [dnl
-+tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=<cleared>,dport=<cleared>),reply=(src=10.1.1.2,dst=10.1.1.240,sport=<cleared>,dport=<cleared>),zone=1,protoinfo=(state=<cleared>)
-+])
- 
- NS_CHECK_EXEC([at_ns0], [wget 10.1.1.2 -t 1 -T 1 --retry-connrefused -v -o wget0.log], [4])
  
 -AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2) | sed -e 's/dst=10.1.1.2[[45]][[0-9]]/dst=10.1.1.2XX/' | uniq], [0], [dnl
 -tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=<cleared>,dport=<cleared>),reply=(src=10.1.1.2,dst=10.1.1.2XX,sport=<cleared>,dport=<cleared>),zone=1,protoinfo=(state=<cleared>)
 +AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2) | uniq], [0], [dnl
 +tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=<cleared>,dport=<cleared>),reply=(src=10.1.1.2,dst=10.1.1.240,sport=<cleared>,dport=<cleared>),zone=1,protoinfo=(state=<cleared>)
++])
++
++NS_CHECK_EXEC([at_ns0], OVS_GET_HTTP([10.1.1.2]), [28], [ignore], [ignore])
++
++AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2) | uniq], [0], [dnl
++tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=<cleared>,dport=<cleared>),reply=(src=10.1.1.2,dst=10.1.1.240,sport=<cleared>,dport=<cleared>),zone=1,protoinfo=(state=<cleared>)
  ])
  
  OVS_TRAFFIC_VSWITCHD_STOP(["dnl
@@ -7486,6 +8025,163 @@ index 98e494abf4..80f9ec0dbf 100644
  AT_CLEANUP
  
  AT_SETUP([conntrack - more complex SNAT])
+@@ -6481,7 +6567,7 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt])
+ 
+ dnl HTTP requests from p0->p1 should work fine.
+ OVS_START_L7([at_ns1], [http])
+-NS_CHECK_EXEC([at_ns0], [wget 10.1.1.2 -t 5 -T 1 --retry-connrefused -v -o wget0.log])
++NS_CHECK_EXEC([at_ns0], OVS_GET_HTTP([10.1.1.2]), [0], [ignore], [ignore])
+ 
+ AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2) | sed -e 's/dst=10.1.1.2[[45]][[0-9]]/dst=10.1.1.2XX/' | uniq], [0], [dnl
+ tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=<cleared>,dport=<cleared>),reply=(src=10.1.1.2,dst=10.1.1.2XX,sport=<cleared>,dport=<cleared>),zone=1,protoinfo=(state=<cleared>)
+@@ -6575,14 +6661,14 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt])
+ 
+ dnl Should work with the virtual IP address through NAT
+ OVS_START_L7([at_ns1], [http])
+-NS_CHECK_EXEC([at_ns0], [wget 10.1.1.64 -t 5 -T 1 --retry-connrefused -v -o wget0.log])
++NS_CHECK_EXEC([at_ns0], OVS_GET_HTTP([10.1.1.64]), [0], [ignore], [ignore])
+ 
+ AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.64)], [0], [dnl
+ tcp,orig=(src=10.1.1.1,dst=10.1.1.64,sport=<cleared>,dport=<cleared>),reply=(src=10.1.1.2,dst=10.1.1.1,sport=<cleared>,dport=<cleared>),zone=1,protoinfo=(state=<cleared>)
+ ])
+ 
+ dnl Should work with the assigned IP address as well
+-NS_CHECK_EXEC([at_ns0], [wget 10.1.1.2 -t 3 -T 1 --retry-connrefused -v -o wget0.log])
++NS_CHECK_EXEC([at_ns0], OVS_GET_HTTP([10.1.1.2]), [0], [ignore], [ignore])
+ 
+ AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl
+ tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=<cleared>,dport=<cleared>),reply=(src=10.1.1.2,dst=10.1.1.1,sport=<cleared>,dport=<cleared>),zone=1,protoinfo=(state=<cleared>)
+@@ -6613,7 +6699,7 @@ table=2,in_port=1,ip,ct_mark=0xac,ct_label=0xac,actions=2
+ ])
+ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt])
+ 
+-NS_CHECK_EXEC([at_ns0], [wget http://172.1.1.2:8080 -t 5 -T 1 --retry-connrefused -v -o wget0.log])
++NS_CHECK_EXEC([at_ns0], OVS_GET_HTTP([http://172.1.1.2:8080]), [0], [ignore], [ignore])
+ 
+ dnl - make sure only dst nat has been performed
+ AT_CHECK([ovs-appctl dpctl/dump-conntrack |  FORMAT_CT(10.1.1.240)], [0], [dnl
+@@ -6671,14 +6757,14 @@ AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt])
+ 
+ dnl Should work with the virtual IP address through NAT
+ OVS_START_L7([at_ns1], [http])
+-NS_CHECK_EXEC([at_ns0], [wget 10.1.1.64 -t 5 -T 1 --retry-connrefused -v -o wget0.log])
++NS_CHECK_EXEC([at_ns0], OVS_GET_HTTP([10.1.1.64]), [0], [ignore], [ignore])
+ 
+ AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.64)], [0], [dnl
+ tcp,orig=(src=10.1.1.1,dst=10.1.1.64,sport=<cleared>,dport=<cleared>),reply=(src=10.1.1.2,dst=10.1.1.1,sport=<cleared>,dport=<cleared>),zone=1,protoinfo=(state=<cleared>)
+ ])
+ 
+ dnl Should work with the assigned IP address as well
+-NS_CHECK_EXEC([at_ns0], [wget 10.1.1.2 -t 3 -T 1 --retry-connrefused -v -o wget0.log])
++NS_CHECK_EXEC([at_ns0], OVS_GET_HTTP([10.1.1.2]), [0], [ignore], [ignore])
+ 
+ AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl
+ tcp,orig=(src=10.1.1.1,dst=10.1.1.2,sport=<cleared>,dport=<cleared>),reply=(src=10.1.1.2,dst=10.1.1.1,sport=<cleared>,dport=<cleared>),zone=1,protoinfo=(state=<cleared>)
+@@ -7206,7 +7292,7 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping -c 1 10.1.1.2 >/dev/null])
+ OVS_START_L7([at_ns1], [ftp])
+ 
+ dnl FTP requests from p0->p1 should work fine.
+-NS_CHECK_EXEC([at_ns0], [wget ftp://10.1.1.2 -t 3 -T 1 --retry-connrefused -v -o wget0.log])
++NS_CHECK_EXEC([at_ns0], OVS_GET_FTP([10.1.1.2]), [0], [ignore], [ignore])
+ 
+ dnl Discards CLOSE_WAIT and CLOSING
+ AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl
+@@ -7266,7 +7352,7 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping -c 1 10.1.1.240 >/dev/null])
+ OVS_START_L7([at_ns1], [ftp])
+ 
+ dnl FTP requests from p0->p1 should work fine.
+-NS_CHECK_EXEC([at_ns0], [wget ftp://10.1.1.2 -t 3 -T 1 --retry-connrefused -v -o wget0.log])
++NS_CHECK_EXEC([at_ns0], OVS_GET_FTP([10.1.1.2]), [0], [ignore], [ignore])
+ 
+ dnl Discards CLOSE_WAIT and CLOSING
+ AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl
+@@ -7326,7 +7412,7 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping -c 1 10.1.100.1 >/dev/null])
+ OVS_START_L7([at_ns1], [ftp])
+ 
+ dnl FTP requests from p0->p1 should work fine.
+-NS_CHECK_EXEC([at_ns0], [wget ftp://10.1.1.200 -t 3 -T 1 --retry-connrefused -v -o wget0.log])
++NS_CHECK_EXEC([at_ns0], OVS_GET_FTP([10.1.1.200]), [0], [ignore], [ignore])
+ 
+ dnl Discards CLOSE_WAIT and CLOSING
+ AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.200)], [0], [dnl
+@@ -7386,7 +7472,7 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping -c 1 10.1.1.240 >/dev/null])
+ OVS_START_L7([at_ns1], [ftp])
+ 
+ dnl FTP requests from p0->p1 should work fine.
+-NS_CHECK_EXEC([at_ns0], [wget ftp://10.1.1.2 --no-passive-ftp -t 3 -T 1 --retry-connrefused -v -o wget0.log])
++NS_CHECK_EXEC([at_ns0], OVS_GET_FTP_ACTIVE([10.1.1.2]), [0], [ignore], [ignore])
+ 
+ dnl Discards CLOSE_WAIT and CLOSING
+ AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl
+@@ -7446,7 +7532,7 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping -c 1 10.1.1.2 >/dev/null])
+ OVS_START_L7([at_ns1], [ftp])
+ 
+ dnl FTP requests from p0->p1 should work fine.
+-NS_CHECK_EXEC([at_ns0], [wget ftp://10.1.120.240 --no-passive-ftp -t 3 -T 1 --retry-connrefused -v -o wget0.log])
++NS_CHECK_EXEC([at_ns0], OVS_GET_FTP_ACTIVE([10.1.120.240]), [0], [ignore], [ignore])
+ 
+ dnl Discards CLOSE_WAIT and CLOSING
+ AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.120.240)], [0], [dnl
+@@ -7491,12 +7577,12 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping6 -c 1 fc00::2])
+ dnl HTTP requests from ns0->ns1 should work fine.
+ OVS_START_L7([at_ns1], [http6])
+ 
+-NS_CHECK_EXEC([at_ns0], [wget http://[[fc00::2]] -t 3 -T 1 --retry-connrefused -v -o wget0.log])
++NS_CHECK_EXEC([at_ns0], OVS_GET_HTTP([http://[[fc00::2]]]), [0], [ignore], [ignore])
+ 
+ dnl HTTP requests from ns1->ns0 should fail due to network failure.
+ dnl Try 3 times, in 1 second intervals.
+ OVS_START_L7([at_ns0], [http6])
+-NS_CHECK_EXEC([at_ns1], [wget http://[[fc00::1]] -t 3 -T 1 -v -o wget1.log], [4])
++NS_CHECK_EXEC([at_ns1], OVS_GET_HTTP([http://[[fc00::1]]]), [28], [ignore], [ignore])
+ 
+ OVS_TRAFFIC_VSWITCHD_STOP
+ AT_CLEANUP
+@@ -7535,7 +7621,7 @@ NS_CHECK_EXEC([at_ns0], [ping6 -q -c 3 -i 0.3 -W 2 fc00::240 | FORMAT_PING], [0]
+ 
+ dnl Should work with the virtual IP address through NAT
+ OVS_START_L7([at_ns1], [http6])
+-NS_CHECK_EXEC([at_ns0], [wget http://[[fc00::240]] -t 5 -T 1 --retry-connrefused -v -o wget0.log])
++NS_CHECK_EXEC([at_ns0], OVS_GET_HTTP([http://[[fc00::240]]]), [0], [ignore], [ignore])
+ 
+ AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(fc00::1)], [0], [dnl
+ icmpv6,orig=(src=fc00::1,dst=fc00::240,id=<cleared>,type=128,code=0),reply=(src=fc00::2,dst=fc00::1,id=<cleared>,type=129,code=0),zone=1
+@@ -7685,7 +7771,7 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping6 -c 1 fc00::2 >/dev/null])
+ OVS_START_L7([at_ns1], [ftp])
+ 
+ dnl FTP requests from p0->p1 should work fine.
+-NS_CHECK_EXEC([at_ns0], [wget ftp://[[fc00::2]] -6 --no-passive-ftp -t 3 -T 1 --retry-connrefused -v --server-response --no-remove-listing -o wget0.log -d])
++NS_CHECK_EXEC([at_ns0], OVS_GET_FTP_ACTIVE([[[fc00::2]]], [--ipv6]), [0], [ignore], [ignore])
+ 
+ dnl Discards CLOSE_WAIT and CLOSING
+ AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(fc00::2)], [0], [dnl
+@@ -7746,7 +7832,7 @@ OVS_WAIT_UNTIL([ip netns exec at_ns0 ping6 -c 1 fc00::2 >/dev/null])
+ OVS_START_L7([at_ns1], [ftp])
+ 
+ dnl FTP requests from p0->p1 should work fine.
+-NS_CHECK_EXEC([at_ns0], [wget ftp://[[fc00::2]] -6 -t 3 -T 1 --retry-connrefused -v --server-response --no-remove-listing -o wget0.log -d])
++NS_CHECK_EXEC([at_ns0], OVS_GET_FTP([[[fc00::2]]], [--ipv6]), [0], [ignore], [ignore])
+ 
+ dnl Discards CLOSE_WAIT and CLOSING
+ AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(fc00::2)], [0], [dnl
+@@ -7806,7 +7892,7 @@ NETNS_DAEMONIZE([at_ns1], [[$PYTHON3 $srcdir/test-l7.py ftp]], [ftp0.pid])
+ OVS_WAIT_UNTIL([ip netns exec at_ns1 netstat -l | grep ftp])
+ 
+ dnl FTP requests from p0->p1 should work fine.
+-NS_CHECK_EXEC([at_ns0], [wget ftp://[[fc00::2]] -6 --no-passive-ftp -t 3 -T 1 --retry-connrefused -v --server-response --no-remove-listing -o wget0.log -d])
++NS_CHECK_EXEC([at_ns0], OVS_GET_FTP_ACTIVE([[[fc00::2]]], [--ipv6]), [0], [ignore], [ignore])
+ 
+ dnl Discards CLOSE_WAIT and CLOSING
+ AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(fc00::2)], [0], [dnl
+@@ -7949,7 +8035,7 @@ on_exit 'ovs-appctl dpif/dump-flows br0'
+ dnl Should work with the virtual IP address through NAT
+ for i in $(seq 1 50); do
+     echo Request $i
+-    NS_CHECK_EXEC([at_ns1], [wget 10.1.1.64 -t 5 -T 1 --retry-connrefused -v -o wget$i.log])
++    NS_CHECK_EXEC([at_ns1], OVS_GET_HTTP([10.1.1.64]), [0], [ignore], [ignore])
+ done
+ 
+ dnl Each server should have at least one connection.
 @@ -8215,10 +8301,18 @@ table=2,priority=10  ct_state=+trk+est action=drop
  
  AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt])
@@ -7497,12 +8193,12 @@ index 98e494abf4..80f9ec0dbf 100644
 +  [nw_src=10.1.1.1,nw_dst=10.1.1.2],
 +  [nw_proto=1,nw_ttl=64,nw_frag=no],
 +  [icmp_type=8,icmp_code=0])])
-+
+ 
+-NS_CHECK_EXEC([at_ns0], [$PYTHON3 $srcdir/sendpkt.py p0 f0 00 00 01 01 02 f0 00 00 01 01 01 08 00 45 00 00 1c 00 01 00 00 40 01 64 dc 0a 01 01 01 0a 01 01 02 08 00 f7 ff ff ff ff ff > /dev/null])
 +# Sending ICMP packets, first and second.
 +NS_CHECK_EXEC([at_ns0], [$PYTHON3 $srcdir/sendpkt.py p0 \
 +    $(ovs-ofctl compose-packet --bare 'ICMP_PKT' '')], [0], [ignore])
- 
--NS_CHECK_EXEC([at_ns0], [$PYTHON3 $srcdir/sendpkt.py p0 f0 00 00 01 01 02 f0 00 00 01 01 01 08 00 45 00 00 1c 00 01 00 00 40 01 64 dc 0a 01 01 01 0a 01 01 02 08 00 f7 ff ff ff ff ff > /dev/null])
++
 +NS_CHECK_EXEC([at_ns0], [$PYTHON3 $srcdir/sendpkt.py p0 \
 +    $(ovs-ofctl compose-packet --bare 'ICMP_PKT' '')], [0], [ignore])
  
diff --git a/SPECS/openvswitch3.3.spec b/SPECS/openvswitch3.3.spec
index d513fd1..fc055f8 100644
--- a/SPECS/openvswitch3.3.spec
+++ b/SPECS/openvswitch3.3.spec
@@ -57,7 +57,7 @@ Summary: Open vSwitch
 Group: System Environment/Daemons daemon/database/utilities
 URL: http://www.openvswitch.org/
 Version: 3.3.0
-Release: 16%{?dist}
+Release: 17%{?dist}
 
 # Nearly all of openvswitch is ASL 2.0.  The bugtool is LGPLv2+, and the
 # lib/sflow*.[ch] files are SISSL
@@ -769,6 +769,13 @@ exit 0
 %endif
 
 %changelog
+* Fri Nov 29 2024 Open vSwitch CI <ovs-ci@redhat.com> - 3.3.0-17
+- Merging upstream branch-3.3 [RH git: 87a57cfed4]
+    Commit list:
+    8155bbd1d3 system-traffic: Standardize by replacing all wget instances with curl.
+    c41e9f5ec5 system-traffic: Replace wget with curl for negative and ftp tests.
+
+
 * Wed Nov 27 2024 Open vSwitch CI <ovs-ci@redhat.com> - 3.3.0-16
 - Merging upstream branch-3.3 [RH git: 68822af9c4]
     Commit list: