On 2/17/26 4:12 PM, Erlon R. Cruz wrote: > At the current state, OVN can not handle fragmented traffic for ACLs > in the userspace datapath (DPDK). Just like in the case of LB > (commit 20a96b9), the kernel DP will try to reassemble the fragments > during CT lookup, however userspace won't reassemble them. > > This patch allows OVN to handle fragmented traffic by defining a > translation table on southbound that leverages OpenFlow connection > tracking capabilities. When a stateful flow is created on NB, we add > a hint in the flow. This hint will be read in SB and if the > connection tracking is set to be used, SB will use the alternative > translation table that will use the connection tracking information. > > This approach should not change the current behavior and it's only > enabled if acl_ct_translation is set: > > ovn-nbctl set NB_Global . options:acl_ct_translation=true > > Signed-off-by: Erlon R. Cruz <[email protected]> > --- > v2: Rebased on current upstream main, removed external python > code traffic generators, added scenario tests for: dhcp, negative > udp and ovn rule generation, documentation and many code clean ups. > DHCP traffic is being dropped for some reason. Still need to figure > that out for v3. > v3: Rebased on current upstream main, clean ups. Fix DHCP/broadcast > bug > v4: Rebase, code cleanup > v5: Rebase, code cleanup, make ovn_lflow_find acl_ct_translation aware > ---
Recheck-request: github-robot-_Build_and_Test Recheck-request: github-robot-_ovn-kubernetes GitHub infra issues again. Mostly along the lines of: Error: fatal: could not read Username for 'https://github.com': terminal prompts disabled Error: fatal: the remote end hung up unexpectedly Error: fatal: Fetched in submodule path 'ovs', but it did not contain 1d57509ef1cc9ff7fbd6e450a5bb82e91480959f. Direct fetching of that commit failed. Error: The process '/usr/bin/git' failed with exit code 128 _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
