On 1/16/26 7:44 PM, Mark Michelson via dev wrote: > Thanks for the rebase, Alexandra! > > Acked-by: Mark Michelson <[email protected]> > > On Thu, Jan 15, 2026 at 4:51 PM Alexandra Rukomoinikova > <[email protected]> wrote: >> >> When a logical router port has multiple IP addresses from different networks, >> northd generates multiple TTL exceeded flows. Previously, these flows had >> identical match conditions but different actions (using different ICMP reply >> source IPs), leading to non-deterministic behavior where replies could use >> an incorrect source IP not belonging to the original packet's destination >> network. >> >> The fix adds source IP network matching to flow, ensuring that ICMP TTL >> exceeded >> replies always originate from an IP in the same network as the source of the >> original packet. >> >> Additionally, the default TTL exceeded flow behavior has been unified for >> IPv4 >> and IPv6: previously, packets that didn't match any configured subnet were >> dropped; now we trigger a reply using the first IP address configured on the >> router port. >> >> Fixes: c0321040c703 ("OVN: add ICMPv6 time exceeded support to OVN logical >> router") >> Fixes: 7f19374c5933 ("OVN: add ICMP time exceeded support to OVN logical >> router") >> Reported-at: https://issues.redhat.com/browse/FDP-2870 >> Signed-off-by: Alexandra Rukomoinikova <[email protected]> >> --- >> v4 --> v5: rebased to use new lflow addition API: changed >> ovn_lflow_add_with_hint__ to ovn_lflow_add >> ---
Hi Alexandra, Mark, Thanks for the fix and review! Applied to main and backported to all stable branches down to 24.03. Regards, Dumitru _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
