On Wed, Mar 8, 2023 at 6:45 AM Simon Horman <simon.hor...@corigine.com> wrote: > > On Mon, Feb 27, 2023 at 02:52:54PM +0100, Lorenzo Bianconi wrote: > > Introduce a priority-100 flow in the ingress router defrag stage in > > order to just perform IP traffic defragmentation without doing any dnat > > operation. This change is necessary since the logical flow reported > > below fails for IP fragmented traffic since L4 port info is available > > just in the first fragment: > > > > table=5 (lr_in_defrag ), priority=110 , match=(ip && ip4.dst == > > 172.16.0.111 && udp), action=(reg0 = 172.16.0.111; reg9[16..31] = udp.dst; > > ct_dnat;) > > > > Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=2170885 > > Fixes: d91f359b7694 ("northd: Add VIP port to established flows in DNAT > > table for Load Balancers") > > Signed-off-by: Lorenzo Bianconi <lorenzo.bianc...@redhat.com> > > Reviewed-by: Simon Horman <simon.hor...@corigine.com>
Hi Lorenzo, Can you please add some tests in ovn-northd.at ? I'd have expected the existing test cases to fail since this patch is adding a new logical flow in the lr_in_defrag stage. I think we need to note here that OVN is assuming that the datapath defragments the packet when sent to conntrack. From the discussions we had offline with Ilya, what I understand is that the ovs userspace datapath may not defragment the packets in its conntrack implementation. (Ilya - Please correct me if I'm wrong). I don't think your patch series is changing the existing behavior of OVN as OVN kind of assumes that the packets are defragmented when sent to conntrack since the beginning. IMO the datapath (be it kernel or userspace) should provide this support. Thanks Numan > > _______________________________________________ > dev mailing list > d...@openvswitch.org > https://mail.openvswitch.org/mailman/listinfo/ovs-dev > _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
