diff options
| author | Paolo Valerio <pvalerio@redhat.com> | 2022-08-05 17:08:44 +0200 |
|---|---|---|
| committer | Ilya Maximets <i.maximets@ovn.org> | 2022-08-08 16:38:01 +0200 |
| commit | f77c14b639bf08b830ea30d49436dcee5d55bd6c (patch) | |
| tree | f0e11253e240a376364d2f440a66424c38ff592c | |
| parent | ae74f3ffe3d067e349857658605c8563312b6cc0 (diff) | |
| download | openvswitch-f77c14b639bf08b830ea30d49436dcee5d55bd6c.tar.gz | |
system-traffic: Fix IPv4 fragmentation test sequence for check-kernel.
The following test sequence:
conntrack - IPv4 fragmentation incomplete reassembled packet
conntrack - IPv4 fragmentation with fragments specified
leads to a systematic failure of the latter test on the kernel
datapath (linux). Multiple executions of the former may also lead to
multiple failures.
This is due to the fact that fragments not yet reassembled are kept in
a queue for /proc/sys/net/ipv4/ipfrag_time seconds, and if the
kernel receives a fragment already present in the queue, it returns
-EINVAL.
Below the related log message:
|00058|dpif|WARN|system@ovs-system: execute ct(commit) failed (Invalid argument)
on packet udp,vlan_tci=0x0000,dl_src=50:54:00:00:00:09,dl_dst=50:54:00:00:00:0a,
nw_src=10.1.1.1,nw_dst=10.1.1.2,nw_tos=0,nw_ecn=0,nw_ttl=0,nw_frag=first,tp_src=1,
tp_dst=2 udp_csum:0
Fix the sequence by sending the second fragment in "conntrack - IPv4
fragmentation incomplete reassembled packet", once the checks are
done.
IPv6 tests are not affected as the defrag kernel code path pretends to
add the duplicate fragment to the queue returning -EINPROGRESS, when a
duplicate is detected.
Signed-off-by: Paolo Valerio <pvalerio@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
| -rw-r--r-- | tests/system-traffic.at | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/tests/system-traffic.at b/tests/system-traffic.at index 33108c5ab..f7f885036 100644 --- a/tests/system-traffic.at +++ b/tests/system-traffic.at @@ -3492,6 +3492,11 @@ AT_CHECK([ovs-ofctl bundle br0 bundle.txt]) AT_CHECK([ovs-appctl dpctl/dump-conntrack | FORMAT_CT(10.1.1.2)], [0], [dnl ]) +dnl Send the second fragment in order to avoid keeping the first fragment +dnl in the queue until the expiration occurs. Fragments already queued, if resent, +dnl may lead to failures on the kernel datapath. +AT_CHECK([ovs-ofctl -O OpenFlow13 packet-out br0 "in_port=1, packet=50540000000a505400000009080045000030000100320011a4860a0101010a01010200010002000800000010203040506070809000010203040506070809, actions=ct(commit)"]) + OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP |