** Description changed: [SRU Justification] [Impact] Packets encapsulated into a vxlan tunnel with openvswitch don't have the same udp source port for the first packet and the following ones of the same TCP flow in a DOCKER scenario usecase. In fact, when using the kernel datapath, the upcall don't include skb hash info relatived. As VXLAN module uses the skb hash to select UDP src port, the source port is different for the first packet. More information can be found here: https://mail.openvswitch.org/pipermail/ovs-dev/2019-October/364062.html This has been fixed in v5.5 by the following upstream commit: bd1903b7c4596 ("net: openvswitch: add hash info to upcall") https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/openvswitch?id=bd1903b7c4596ba6f7677d0dfefd05ba5876707d The bug exists since the beginning of vxlan support in openvswitch. - + == Fix == - - Backport the requested patches to Focal (5.4), Disco (5.0), Bionic (4.15) and + Backport the requested patches to Focal (5.4), Eoan (5.3), Bionic (4.15) and Xenial (4.4). - == Risk of Regression == This patch only add hash information when we do upcall, thus the risk should be low.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1860986 Title: openvswitch: same tcp session encapsulated with different udp src port for ovs vxlan tunnel To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1860986/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
