Hi Lorenzo, Break is a bit of a strong word here, as per the patch description "all established connection packets are impacted and not offloaded .", so the traffic would work but without offloading. That would be a tradeoff for simplicity, so we can get the fragmentation issue solved in older stable versions. In any case, that is disabled by default and only enabled when acl_udp_ct_translation=true.
Erlon On Fri, Sep 12, 2025 at 6:24 PM Lorenzo Bianconi < [email protected]> wrote: > > From: Frode Nordahl <[email protected]> > > > > While there is a hardware offload friendly approach to fixing > > processing of fragmented traffic to load balancers in 8e6f9a8355e2 > > ("northd: Fix HW offload problem related to ct_tuple."), the change > > is quite invasive, and not compatible with our requirement to make > > UDP fragmentation work for switch egress pipeline user space data > > path back to OVN 22.03. > > > > In a subsequent commit a optional workaround to this problem is > > provided, which relies on this field being available. > > > > The documentation for OVN Northbound ACL table already states that > > the match column uses the same expression language as the OVN > > Southbound Logical_Flow match column. > > Hi Erlon and Frode, > > I think this patch is fine since it was already part of 20a96b9d2c3d, > but IIUC (according to commit 8e6f9a8355e2) this feature (if used) will > break offload, right? I guess we should a comment clarifying it. > What do you think? > > Regards, > Lorenzo > > > > > As we know use of these fields may be considered low level and > > problematic, consequently notes are added to mark them as internal > > API and discourage their use. > > > > Related: https://bugs.launchpad.net/ubuntu/+source/ovn/+bug/2115795 > > Related: https://issues.redhat.com/browse/FDP-684 > > Signed-off-by: Frode Nordahl <[email protected]> > > --- > > lib/logical-fields.c | 9 +++++++++ > > ovn-nb.xml | 8 ++++++++ > > ovn-sb.xml | 10 ++++++++++ > > tests/ovn.at | 4 ++++ > > 4 files changed, 31 insertions(+) > > > > diff --git a/lib/logical-fields.c b/lib/logical-fields.c > > index fcafeeac2..ac33f7bf1 100644 > > --- a/lib/logical-fields.c > > +++ b/lib/logical-fields.c > > @@ -368,6 +368,15 @@ ovn_init_symtab(struct shash *symtab) > > > > expr_symtab_add_ovn_field(symtab, "icmp4.frag_mtu", > OVN_ICMP4_FRAG_MTU); > > expr_symtab_add_ovn_field(symtab, "icmp6.frag_mtu", > OVN_ICMP6_FRAG_MTU); > > + > > + expr_symtab_add_field(symtab, "ct_proto", MFF_CT_NW_PROTO, > > + "ct.trk", false); > > + > > + expr_symtab_add_predicate(symtab, "ct_udp", "ct_proto == 17"); > > + expr_symtab_add_field(symtab, "ct_udp.dst", MFF_CT_TP_DST, > > + "ct_udp", false); > > + expr_symtab_add_field(symtab, "ct_udp.src", MFF_CT_TP_SRC, > > + "ct_udp", false); > > } > > > > const char * > > diff --git a/ovn-nb.xml b/ovn-nb.xml > > index b7b5b5c40..3f4398afb 100644 > > --- a/ovn-nb.xml > > +++ b/ovn-nb.xml > > @@ -2644,6 +2644,14 @@ or > > Note that you can not create an ACL matching on a port with > > type=router or type=localnet. > > </p> > > + > > + <p> > > + Note that matching directly on connection tracker metadata > fields such > > + as <code>ct_proto</code>, <code>ct_udp</code> and their > subfields is > > + for internal use between ovn-northd and ovn-controller, may be > removed > > + at any time and consequently not supported as part of the > Northbound > > + API. > > + </p> > > </column> > > > > <column name="action"> > > diff --git a/ovn-sb.xml b/ovn-sb.xml > > index 4b563c5f1..e792b87a5 100644 > > --- a/ovn-sb.xml > > +++ b/ovn-sb.xml > > @@ -1147,6 +1147,16 @@ > > </li> > > </ul> > > </li> > > + <li> > > + <p> > > + <code>ct_proto</code> and <code>ct_udp</code> subfields > represent > > + connection tracker metadata containing L4 information for > UDP > > + packets. Note: for internal use, may be removed at any > time. > > + </p> > > + <ul> > > + <li><code>ct_udp.src</code> <code>ct_udp.dst</code></li> > > + </ul> > > + </li> > > </ul> > > > > <p> > > diff --git a/tests/ovn.at b/tests/ovn.at > > index 292ca0dae..e4fba8aaa 100644 > > --- a/tests/ovn.at > > +++ b/tests/ovn.at > > @@ -154,7 +154,11 @@ ct_mark.natted = ct_mark[1] > > ct_mark.obs_collector_id = ct_mark[16..23] > > ct_mark.obs_stage = ct_mark[4..5] > > ct_mark.skip_snat = ct_mark[2] > > +ct_proto = NXM_NX_CT_NW_PROTO > > ct_state = NXM_NX_CT_STATE > > +ct_udp = ct_proto == 17 > > +ct_udp.dst = NXM_NX_CT_TP_DST > > +ct_udp.src = NXM_NX_CT_TP_SRC > > ]]) > > AT_CLEANUP > > > > -- > > 2.43.0 > > > > _______________________________________________ > > dev mailing list > > [email protected] > > https://mail.openvswitch.org/mailman/listinfo/ovs-dev > > > _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
