Depending on the kernel version in use, the nf_conntrack module may register hooks for each namespace and execute conntrack prior to passing packets to OVS (or not). In cases where this happens, the previous flow table in this test would trust the local stack's connection tracking and use it rather than sending packets through conntrack itself (and therefore handling IP defragmentation/fragmentation).
This patch revealed two fatal datapath bugs, fixed by these commits: 86c2eb45fd82 datapath: Fix panic sending IP frags over tunnels. XXXXXXXXXXXX datapath: inet: frag: Always orphan skbs inside ip_defrag(). Signed-off-by: Joe Stringer <j...@ovn.org> --- The second patch was applied to the upstream kernel, but not to OVS tree yet. I'll update the commit ID with the OVS commit ID when applied. --- tests/system-traffic.at | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/system-traffic.at b/tests/system-traffic.at index 102b56fba033..c35241275ad1 100644 --- a/tests/system-traffic.at +++ b/tests/system-traffic.at @@ -1309,8 +1309,8 @@ AT_DATA([flows.txt], [dnl priority=1,action=drop priority=10,arp,action=normal priority=100,in_port=1,icmp,action=ct(commit,zone=9),LOCAL -priority=100,in_port=LOCAL,ct_state=-trk,icmp,action=ct(table=0,zone=9) -priority=100,in_port=LOCAL,ct_state=+trk+est,icmp,action=1 +priority=100,in_port=LOCAL,icmp,action=ct(table=1,zone=9) +table=1,priority=100,in_port=LOCAL,ct_state=+trk+est,icmp,action=1 ]) AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt]) -- 2.1.4 _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
