On Thu, Feb 25, 2021 at 10:19 PM Ben Pfaff <[email protected]> wrote: > > On Wed, Feb 24, 2021 at 06:56:38PM +0530, [email protected] wrote: > > From: Numan Siddique <[email protected]> > > > > Presently we add 65535 priority lflows in the stages - > > 'ls_in_acl' and 'ls_out_acl' to drop packets which > > match on 'ct.inv'. > > > > As per the 'ovs-fields' man page, this > > ct state field can be used to identify problems such as: > > • L3/L4 protocol handler is not loaded/unavailable. > > > > • L3/L4 protocol handler determines that the packet is > > malformed. > > > > • Packets are unexpected length for protocol. > > > > This patch removes the usage of this field for the following > > reasons: > > > > • Some of the smart NICs which support offloading datapath > > flows don't support this field. > > > > • A recent commit in kernel ovs datapath sets the committed > > connection tracking entry to be liberal for out-of-window > > tcp packets (nf_ct_set_tcp_be_liberal()). Such TCP > > packets will not be marked as invalid. > > > > • Even if a ct.inv packet is delivered to a VIF, the > > networking stack of the VIF's kernel can handle such > > packets. > > > > Signed-off-by: Numan Siddique <[email protected]> > > At first glance, it looks to me like adapting this patch for > ovn-northd-ddlog should be straightforward, since it only changes the > deatils of some flows. If you'd like some assistance with that, please > do let me know.
Thanks a lot for the help. I will reach out to you in case I need any assistance. Numan > > Thanks, > > Ben. > _______________________________________________ > dev mailing list > [email protected] > https://mail.openvswitch.org/mailman/listinfo/ovs-dev _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
