On Wed, Dec 6, 2023 at 11:19 AM Ales Musil <[email protected]> wrote:
> The ICMP need frag could be generated after routing > stage when the unSNAT already happened. Add flows > that will ensure that we are keeping track of the CT > state and do appropriate CT nat action later on. > > Because the ICMP traffic is related to already existing > one in this case we can use adjusted ct_commit_nat > that will perform this action in SNAT zone. > > Ales Musil (3): > actions: Adjust the ct_commit_nat action > northd, controller: Add feature flag for the updated ct_commit_nat > northd: Explicitly handle SNAT for ICMP need frag > > controller/chassis.c | 8 ++ > include/ovn/actions.h | 12 ++- > include/ovn/features.h | 1 + > include/ovn/lex.h | 1 + > include/ovn/logical-fields.h | 1 + > lib/actions.c | 68 ++++++++++--- > lib/lex.c | 15 +++ > lib/logical-fields.c | 4 + > northd/northd.c | 192 ++++++++++++++++++++--------------- > northd/northd.h | 1 + > tests/ovn-northd.at | 118 ++++++++++++++------- > tests/ovn.at | 20 +++- > tests/system-ovn-kmod.at | 3 +- > utilities/ovn-trace.c | 2 +- > 14 files changed, 307 insertions(+), 139 deletions(-) > > -- > 2.43.0 > > The test for ovn-kubernetes passes even with the SNAT workaround removed [0]. I tried the test case that was reported to fail [1]. Thanks, Ales [0] https://github.com/ovn-org/ovn-kubernetes/commit/27d1fb56852b837d863d5db30f7b538101fd06b6#diff-9c68f154bc9189eb61d17c17d1392ee36c13a497f4f742a98250c2e0a272d48cR482 [1] WHAT=".*queries to the hostNetworked server pod on another node shall work for UDP.*" -- Ales Musil Senior Software Engineer - OVN Core Red Hat EMEA <https://www.redhat.com> [email protected] <https://red.ht/sig> _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
