On Wed, Feb 24, 2021 at 06:56:38PM +0530, num...@ovn.org wrote: > From: Numan Siddique <num...@ovn.org> > > Presently we add 65535 priority lflows in the stages - > 'ls_in_acl' and 'ls_out_acl' to drop packets which > match on 'ct.inv'. > > As per the 'ovs-fields' man page, this > ct state field can be used to identify problems such as: > • L3/L4 protocol handler is not loaded/unavailable. > > • L3/L4 protocol handler determines that the packet is > malformed. > > • Packets are unexpected length for protocol. > > This patch removes the usage of this field for the following > reasons: > > • Some of the smart NICs which support offloading datapath > flows don't support this field. > > • A recent commit in kernel ovs datapath sets the committed > connection tracking entry to be liberal for out-of-window > tcp packets (nf_ct_set_tcp_be_liberal()). Such TCP > packets will not be marked as invalid. > > • Even if a ct.inv packet is delivered to a VIF, the > networking stack of the VIF's kernel can handle such > packets. > > Signed-off-by: Numan Siddique <num...@ovn.org>
At first glance, it looks to me like adapting this patch for ovn-northd-ddlog should be straightforward, since it only changes the deatils of some flows. If you'd like some assistance with that, please do let me know. Thanks, Ben. _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
