On Fri, Apr 29, 2016 at 12:11 PM, Michael Ben-Ami
<mben...@digitalocean.com> wrote:
>
> OVS version:
>
> ovs-ofctl (Open vSwitch) 2.3.2
> Compiled Aug 24 2015 18:39:15
> OpenFlow versions 0x1:0x4
>
> Linux version:
>
> Linux version 3.13.0-52-generic (buildd@comet) (gcc version 4.8.2 (Ubuntu
> 4.8.2-19ubuntu1) ) #86-Ubuntu SMP Mon May 4 04:32:59 UTC 2015
>
> When IP-fragemented UDP datagrams hit a rule that looks like:
>
> cookie=0x0, duration=176936.052s, table=1, n_packets=68911, n_bytes=8452972,
> idle_age=8, hard_age=65534,
> priority=1020,ip,dl_dst=04:01:d7:6f:80:01,nw_dst=xx.xx.104.241
> actions=strip_vlan,mod_nw_dst:10.19.0.5,output:10
>
> All IP traffic that hits this flow is successfully received by the VM with IP
> address 10.19.0.5, besides UDP traffic that is IP fragmented.
>
> We used netcat and wireshark to test. An example case is a VM receiving 5000
> bytes of UDP traffic over netcat. If the sender does UDP segmentation to
> sizes of 2048, 2048, and 904 bytes, and the first two segments are further IP
> fragmented on the wire (before hitting OVS), the listening netcat on the VM
> will receive 904 bytes, and the counter of Udp InCsumErrors in netstat -su
> output will increase by 2.
I looks like you should upgrade to 2.3.3 (or later). I see the
following commit that will presumably fix the problem:
8247b1ac ("datapath: Fix L4 checksum handling when dealing with IP fragments")
_______________________________________________
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss
