** Description changed:
- OVN 25.09.1+ produces duplicate/malformed ICMP fragmentation-needed replies
on distributed routers with SNAT. The regression was introduced by commit
d702b0ed1 ("northd: Avoid committing DNAT traffic to SNAT zone"). Two logical
flows at S_ROUTER_OUT_SNAT overlap — one matching (!ct.trk || !ct.rpl) &&
flags.unsnat_new == 1 and another matching ct.new — both execute for
SNAT-originated ICMP errors, causing a double ct_commit_to_zone(snat).
Failing autopkgtests:
- LR with SNAT fragmentation needed for external server
- DNAT and SNAT on distributed router - N/S - IPv6
- Traffic to router port via LLA
- Fix: Add flags.unsnat_new == 0 guard to the second flow so the two are
mutually exclusive.
+
+ These are due to certain conntrack changes in 6.17, that lead to the packets
being different to what OV
+ S expects (ie larger and with more data). OVS upstream has a number of
commits that fix these, the one of most importance to this being "conntrack:
Fix replace_substring to handle larger packets". Which is conviniently
available as part of OVS 3.6.3, for which we have a point release in progress.
+
+ Fix: Depend on openvswitch-switch >= 3.6.3.
** Changed in: ovn (Ubuntu)
Status: Incomplete => In Progress
** Description changed:
Failing autopkgtests:
- LR with SNAT fragmentation needed for external server
- DNAT and SNAT on distributed router - N/S - IPv6
- Traffic to router port via LLA
- These are due to certain conntrack changes in 6.17, that lead to the packets
being different to what OV
- S expects (ie larger and with more data). OVS upstream has a number of
commits that fix these, the one of most importance to this being "conntrack:
Fix replace_substring to handle larger packets". Which is conviniently
available as part of OVS 3.6.3, for which we have a point release in progress.
+ These are due to certain conntrack changes in 6.17, that lead to the
+ packets being different to what OVS expects (ie larger and with more
+ data). OVS upstream has a number of commits that fix these, the one of
+ most importance to this being "conntrack: Fix replace_substring to
+ handle larger packets". Which is conviniently available as part of OVS
+ 3.6.3, for which we have a point release in progress.
Fix: Depend on openvswitch-switch >= 3.6.3.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2154492
Title:
25.09: System Kernel Module Tests failing
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ovn/+bug/2154492/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
