@@ -20,6 +20,8 @@ Post-v2.9.0
conntrack fragmentation support.
* New "ovs-appctl dpctl/ipf-set-disabled" command for userspace datapath
conntrack fragmentation support.
+ * New "ovs-appctl dpctl/ipf-set-min-frag" command for userspace
+ datapath conntrack fragmentation support.
- ovs-vsctl: New commands "add-bond-iface" and "del-bond-iface".
- OpenFlow:
* OFPT_ROLE_STATUS is now available in OpenFlow 1.3.
@@ -172,6 +172,14 @@ ct_dpif_ipf_set_enabled(struct dpif *dpif, bool v6, bool enable)
: EOPNOTSUPP);
}
+int
+ct_dpif_ipf_set_min_frag(struct dpif *dpif, bool v6, uint32_t min_frag)
+{
+ return (dpif->dpif_class->ipf_set_min_frag
+ ? dpif->dpif_class->ipf_set_min_frag(dpif, v6, min_frag)
+ : EOPNOTSUPP);
+}
+
void
ct_dpif_entry_uninit(struct ct_dpif_entry *entry)
{
@@ -201,6 +201,7 @@ int ct_dpif_set_maxconns(struct dpif *dpif, uint32_t maxconns);
int ct_dpif_get_maxconns(struct dpif *dpif, uint32_t *maxconns);
int ct_dpif_get_nconns(struct dpif *dpif, uint32_t *nconns);
int ct_dpif_ipf_set_enabled(struct dpif *, bool v6, bool enable);
+int ct_dpif_ipf_set_min_frag(struct dpif *, bool, uint32_t);
void ct_dpif_entry_uninit(struct ct_dpif_entry *);
void ct_dpif_format_entry(const struct ct_dpif_entry *, struct ds *,
bool verbose, bool print_stats);
@@ -1726,6 +1726,44 @@ dpctl_ipf_set_disabled(int argc, const char *argv[],
return ipf_set_enabled__(argc, argv, dpctl_p, false);
}
+static int
+dpctl_ipf_set_min_frag(int argc, const char *argv[],
+ struct dpctl_params *dpctl_p)
+{
+ struct dpif *dpif;
+ int error = opt_dpif_open(argc, argv, dpctl_p, 4, &dpif);
+ if (!error) {
+ char v4_or_v6[3] = {0};
+ if (ovs_scan(argv[argc - 2], "%2s", v4_or_v6) &&
+ (!strncmp(v4_or_v6, "v4", 2) || !strncmp(v4_or_v6, "v6", 2))) {
+ uint32_t min_fragment;
+ if (ovs_scan(argv[argc - 1], "%"SCNu32, &min_fragment)) {
+ error = ct_dpif_ipf_set_min_frag(
+ dpif, !strncmp(v4_or_v6, "v6", 2), min_fragment);
+ if (!error) {
+ dpctl_print(dpctl_p,
+ "setting minimum fragment size successful");
+ } else {
+ dpctl_error(dpctl_p, error,
+ "requested minimum fragment size too small;"
+ " see documentation");
+ }
+ } else {
+ error = EINVAL;
+ dpctl_error(dpctl_p, error,
+ "parameter missing for minimum fragment size");
+ }
+ } else {
+ error = EINVAL;
+ dpctl_error(dpctl_p, error,
+ "parameter missing: v4 for ipv4 or v6 for ipv6");
+ }
+ dpif_close(dpif);
+ }
+
+ return error;
+}
+
/* Undocumented commands for unit testing. */
static int
@@ -2029,6 +2067,8 @@ static const struct dpctl_command all_commands[] = {
dpctl_ipf_set_enabled, DP_RW },
{ "ipf-set-disabled", "[dp] v4 | v6", 1, 2,
dpctl_ipf_set_disabled, DP_RW },
+ { "ipf-set-min-frag", "[dp] v4 | v6 minfragment", 2, 3,
+ dpctl_ipf_set_min_frag, DP_RW },
{ "help", "", 0, INT_MAX, dpctl_help, DP_RO },
{ "list-commands", "", 0, INT_MAX, dpctl_list_commands, DP_RO },
@@ -287,3 +287,12 @@ after conntrack. Both v4 and v6 are enabled by default.
Disables fragmentation handling for the userspace datapath connection
tracker. Either \fBv4\fR or \fBv6\fR must be specified. Both v4 and v6 are
enabled by default.
+.
+.TP
+\*(DX\fBipf\-set\-min\-frag\fR [\fIdp\fR] \fBv4\fR | \fBv6\fR \fIminfrag\fR
+Sets the minimum fragment size, which applies to non-last fragments,
+supported by the userspace datapath connection tracker. Either v4 or v6
+must be specified. The default v4 value is 1200 and the clamped minimum is
+400. The default v6 value is 1280, with a clamped minimum of 400, for
+testing flexibility. The maximum frag size is not clamped, however setting
+this value too high might result in valid fragments being dropped.
@@ -6539,6 +6539,13 @@ dpif_netdev_ipf_set_enabled(struct dpif *dpif OVS_UNUSED, bool v6,
return ipf_set_enabled(v6, enable);
}
+static int
+dpif_netdev_ipf_set_min_frag(struct dpif *dpif OVS_UNUSED, bool v6,
+ uint32_t min_frag)
+{
+ return ipf_set_min_frag(v6, min_frag);
+}
+
const struct dpif_class dpif_netdev_class = {
"netdev",
dpif_netdev_init,
@@ -6588,6 +6595,7 @@ const struct dpif_class dpif_netdev_class = {
dpif_netdev_ct_get_maxconns,
dpif_netdev_ct_get_nconns,
dpif_netdev_ipf_set_enabled,
+ dpif_netdev_ipf_set_min_frag,
dpif_netdev_meter_get_features,
dpif_netdev_meter_set,
dpif_netdev_meter_get,
@@ -3007,6 +3007,7 @@ const struct dpif_class dpif_netlink_class = {
NULL, /* ct_get_maxconns */
NULL, /* ct_get_nconns */
NULL, /* ipf_set_enabled */
+ NULL, /* ipf_set_min_frag */
dpif_netlink_meter_get_features,
dpif_netlink_meter_set,
dpif_netlink_meter_get,
@@ -446,6 +446,8 @@ struct dpif_class {
/* IP Fragmentation. */
int (*ipf_set_enabled)(struct dpif *, bool v6, bool enabled);
+ /* Set minimum fragment allowed. */
+ int (*ipf_set_min_frag)(struct dpif *, bool v6, uint32_t min_frag);
/* Meters */
/* Queries 'dpif' for supported meter features.
@@ -1271,3 +1271,26 @@ ipf_set_enabled(bool v6, bool enable)
atomic_store_relaxed(v6 ? &ifp_v6_enabled : &ifp_v4_enabled, enable);
return 0;
}
+
+int
+ipf_set_min_frag(bool v6, uint32_t value)
+{
+ /* If the user specifies an unreasonably large number, fragmentation
+ * will not work well but it will not blow up. */
+ if ((!v6 && value < IPF_V4_FRAG_SIZE_LBOUND) ||
+ (v6 && value < IPF_V6_FRAG_SIZE_LBOUND)) {
+ return 1;
+ }
+
+ ipf_lock_lock(&ipf_lock);
+ if (v6) {
+ atomic_store_relaxed(&min_v6_frag_size, value);
+ } else {
+ atomic_store_relaxed(&min_v4_frag_size, value);
+ max_v4_frag_list_size = DIV_ROUND_UP(
+ IPV4_PACKET_MAX_SIZE - IPV4_PACKET_MAX_HDR_SIZE,
+ min_v4_frag_size - IPV4_PACKET_MAX_HDR_SIZE);
+ }
+ ipf_lock_unlock(&ipf_lock);
+ return 0;
+}
@@ -59,4 +59,6 @@ void ipf_destroy(void);
int ipf_set_enabled(bool v6, bool enable);
+int ipf_set_min_frag(bool v6, uint32_t value);
+
#endif /* ipf.h */
@@ -130,3 +130,11 @@ m4_define([CHECK_CT_DPIF_GET_NCONNS],
[
AT_SKIP_IF([:])
])
+
+# DPCTL_SET_MIN_FRAG_SIZE()
+#
+# The kernel does not support this command.
+m4_define([DPCTL_SET_MIN_FRAG_SIZE],
+[
+
+])
@@ -2062,6 +2062,8 @@ ADD_NAMESPACES(at_ns0, at_ns1)
ADD_VETH(p0, at_ns0, br0, "10.1.1.1/24")
ADD_VETH(p1, at_ns1, br0, "10.1.1.2/24")
+DPCTL_SET_MIN_FRAG_SIZE()
+
AT_DATA([bundle.txt], [dnl
packet-out in_port=1, packet=50540000000a5054000000090800450001a400012000001183440a0101010a01010200010002000800000304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809, actions=ct(commit)
])
@@ -2077,7 +2079,6 @@ AT_CLEANUP
dnl Uses same first fragment as above 'incomplete reassembled packet' test.
AT_SETUP([conntrack - IPv4 fragmentation with fragments specified])
CHECK_CONNTRACK()
-CHECK_CONNTRACK_SMALL_FRAG()
OVS_TRAFFIC_VSWITCHD_START()
ADD_NAMESPACES(at_ns0, at_ns1)
@@ -2085,6 +2086,8 @@ ADD_NAMESPACES(at_ns0, at_ns1)
ADD_VETH(p0, at_ns0, br0, "10.1.1.1/24")
ADD_VETH(p1, at_ns1, br0, "10.1.1.2/24")
+DPCTL_SET_MIN_FRAG_SIZE()
+
AT_DATA([bundle.txt], [dnl
packet-out in_port=1, packet=50540000000a5054000000090800450001a400012000001183440a0101010a01010200010002000800000304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809, actions=ct(commit)
packet-out in_port=1, packet=50540000000a505400000009080045000030000100320011a4860a0101010a01010200010002000800000010203040506070809000010203040506070809, actions=ct(commit)
@@ -2101,7 +2104,6 @@ AT_CLEANUP
AT_SETUP([conntrack - IPv4 fragmentation out of order])
CHECK_CONNTRACK()
-CHECK_CONNTRACK_SMALL_FRAG()
OVS_TRAFFIC_VSWITCHD_START()
ADD_NAMESPACES(at_ns0, at_ns1)
@@ -2109,6 +2111,8 @@ ADD_NAMESPACES(at_ns0, at_ns1)
ADD_VETH(p0, at_ns0, br0, "10.1.1.1/24")
ADD_VETH(p1, at_ns1, br0, "10.1.1.2/24")
+DPCTL_SET_MIN_FRAG_SIZE()
+
AT_DATA([bundle.txt], [dnl
packet-out in_port=1, packet=50540000000a505400000009080045000030000100320011a4860a0101010a01010200010002000800000010203040506070809000010203040506070809, actions=ct(commit)
packet-out in_port=1, packet=50540000000a5054000000090800450001a400012000001183440a0101010a01010200010002000800000304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809, actions=ct(commit)
@@ -2125,7 +2129,6 @@ AT_CLEANUP
AT_SETUP([conntrack - IPv4 fragmentation overlapping fragments by 1 octet])
CHECK_CONNTRACK()
-CHECK_CONNTRACK_SMALL_FRAG()
CHECK_CONNTRACK_FRAG_OVERLAP()
OVS_TRAFFIC_VSWITCHD_START()
@@ -2134,6 +2137,8 @@ ADD_NAMESPACES(at_ns0, at_ns1)
ADD_VETH(p0, at_ns0, br0, "10.1.1.1/24")
ADD_VETH(p1, at_ns1, br0, "10.1.1.2/24")
+DPCTL_SET_MIN_FRAG_SIZE()
+
AT_DATA([bundle.txt], [dnl
packet-out in_port=1, packet=50540000000a5054000000090800450001a400012000001183440a0101010a01010200010002000800000304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809, actions=ct(commit)
packet-out in_port=1, packet=50540000000a505400000009080045000030000100310011a4870a0101010a01010200010002000800000010203040506070809000010203040506070809, actions=ct(commit)
@@ -2149,7 +2154,6 @@ AT_CLEANUP
AT_SETUP([conntrack - IPv4 fragmentation overlapping fragments by 1 octet out of order])
CHECK_CONNTRACK()
-CHECK_CONNTRACK_SMALL_FRAG()
CHECK_CONNTRACK_FRAG_OVERLAP()
OVS_TRAFFIC_VSWITCHD_START()
@@ -2158,6 +2162,8 @@ ADD_NAMESPACES(at_ns0, at_ns1)
ADD_VETH(p0, at_ns0, br0, "10.1.1.1/24")
ADD_VETH(p1, at_ns1, br0, "10.1.1.2/24")
+DPCTL_SET_MIN_FRAG_SIZE()
+
AT_DATA([bundle.txt], [dnl
packet-out in_port=1, packet=50540000000a505400000009080045000030000100310011a4870a0101010a01010200010002000800000010203040506070809000010203040506070809, actions=ct(commit)
packet-out in_port=1, packet=50540000000a5054000000090800450001a400012000001183440a0101010a01010200010002000800000304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809, actions=ct(commit)
@@ -2354,6 +2360,8 @@ ADD_NAMESPACES(at_ns0, at_ns1)
ADD_VETH(p0, at_ns0, br0, "fc00::1/96")
ADD_VETH(p1, at_ns1, br0, "fc00::2/96")
+DPCTL_SET_MIN_FRAG_SIZE()
+
AT_DATA([bundle.txt], [dnl
packet-out in_port=1, packet=50540000000a50540000000986dd6000000001a02cfffc000000000000000000000000000001fc0000000000000000000000000000021100000100000001000100020008f62900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809, actions=ct(commit
)
])
@@ -2368,7 +2376,6 @@ AT_CLEANUP
AT_SETUP([conntrack - IPv6 fragmentation with fragments specified])
CHECK_CONNTRACK()
-CHECK_CONNTRACK_SMALL_FRAG()
OVS_TRAFFIC_VSWITCHD_START()
ADD_NAMESPACES(at_ns0, at_ns1)
@@ -2376,6 +2383,8 @@ ADD_NAMESPACES(at_ns0, at_ns1)
ADD_VETH(p0, at_ns0, br0, "fc00::1/96")
ADD_VETH(p1, at_ns1, br0, "fc00::2/96")
+DPCTL_SET_MIN_FRAG_SIZE()
+
AT_DATA([bundle.txt], [dnl
packet-out in_port=1, packet=50540000000a50540000000986dd6000000001a02cfffc000000000000000000000000000001fc0000000000000000000000000000021100000100000001000100020008ba0200010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809, actions=ct(commit
)
packet-out in_port=1, packet=50540000000a50540000000986dd6000000000242cfffc000000000000000000000000000001fc000000000000000000000000000002110001980000000100010002000800000001020304050607080900010203040506070809, actions=ct(commit)
@@ -2392,7 +2401,6 @@ AT_CLEANUP
AT_SETUP([conntrack - IPv6 fragmentation out of order])
CHECK_CONNTRACK()
-CHECK_CONNTRACK_SMALL_FRAG()
OVS_TRAFFIC_VSWITCHD_START()
ADD_NAMESPACES(at_ns0, at_ns1)
@@ -2400,6 +2408,8 @@ ADD_NAMESPACES(at_ns0, at_ns1)
ADD_VETH(p0, at_ns0, br0, "fc00::1/96")
ADD_VETH(p1, at_ns1, br0, "fc00::2/96")
+DPCTL_SET_MIN_FRAG_SIZE()
+
AT_DATA([bundle.txt], [dnl
packet-out in_port=1, packet=50540000000a50540000000986dd6000000000242cfffc000000000000000000000000000001fc000000000000000000000000000002110001980000000100010002000800000001020304050607080900010203040506070809, actions=ct(commit)
packet-out in_port=1, packet=50540000000a50540000000986dd6000000001a02cfffc000000000000000000000000000001fc0000000000000000000000000000021100000100000001000100020008ba0200010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809, actions=ct(commit
)
@@ -2416,7 +2426,6 @@ AT_CLEANUP
AT_SETUP([conntrack - IPv6 fragmentation, multiple extension headers])
CHECK_CONNTRACK()
-CHECK_CONNTRACK_SMALL_FRAG()
CHECK_CONNTRACK_FRAG_IPV6_MULT_EXTEN()
OVS_TRAFFIC_VSWITCHD_START()
@@ -2425,6 +2434,8 @@ ADD_NAMESPACES(at_ns0, at_ns1)
ADD_VETH(p0, at_ns0, br0, "fc00::1/96")
ADD_VETH(p1, at_ns1, br0, "fc00::2/96")
+DPCTL_SET_MIN_FRAG_SIZE()
+
# Add different extension headers
AT_DATA([bundle.txt], [dnl
packet-out in_port=1, packet=50540000000a50540000000986dd60000000019800fffc000000000000000000000000000001fc0000000000000000000000000000022c000000000000001100000100000001000100020008d62c00010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607, actions=ct(commit)
@@ -2442,7 +2453,6 @@ AT_CLEANUP
AT_SETUP([conntrack - IPv6 fragmentation, multiple extension headers + out of order])
CHECK_CONNTRACK()
-CHECK_CONNTRACK_SMALL_FRAG()
CHECK_CONNTRACK_FRAG_IPV6_MULT_EXTEN()
OVS_TRAFFIC_VSWITCHD_START()
@@ -2451,6 +2461,8 @@ ADD_NAMESPACES(at_ns0, at_ns1)
ADD_VETH(p0, at_ns0, br0, "fc00::1/96")
ADD_VETH(p1, at_ns1, br0, "fc00::2/96")
+DPCTL_SET_MIN_FRAG_SIZE()
+
# Add different extension headers
AT_DATA([bundle.txt], [dnl
packet-out in_port=1, packet=50540000000a50540000000986dd60000000002c00fffc000000000000000000000000000001fc0000000000000000000000000000022c00000000000000110001880000000100010002000800000001020304050607080900010203040506070809, actions=ct(commit)
@@ -2468,7 +2480,6 @@ AT_CLEANUP
AT_SETUP([conntrack - IPv6 fragmentation, multiple extension headers 2])
CHECK_CONNTRACK()
-CHECK_CONNTRACK_SMALL_FRAG()
CHECK_CONNTRACK_FRAG_IPV6_MULT_EXTEN()
OVS_TRAFFIC_VSWITCHD_START()
@@ -2477,6 +2488,8 @@ ADD_NAMESPACES(at_ns0, at_ns1)
ADD_VETH(p0, at_ns0, br0, "fc00::1/96")
ADD_VETH(p1, at_ns1, br0, "fc00::2/96")
+DPCTL_SET_MIN_FRAG_SIZE()
+
# Add different extension headers
AT_DATA([bundle.txt], [dnl
packet-out in_port=1, packet=50540000000a50540000000986dd60000000019800fffc000000000000000000000000000001fc0000000000000000000000000000022c000000050200001100000100000001000100020008d62c00010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607080900010203040506070809000102030405060708090001020304050607, actions=ct(commit)
@@ -2494,7 +2507,6 @@ AT_CLEANUP
AT_SETUP([conntrack - IPv6 fragmentation, multiple extension headers 2 + out of order])
CHECK_CONNTRACK()
-CHECK_CONNTRACK_SMALL_FRAG()
CHECK_CONNTRACK_FRAG_IPV6_MULT_EXTEN()
OVS_TRAFFIC_VSWITCHD_START()
@@ -2503,6 +2515,8 @@ ADD_NAMESPACES(at_ns0, at_ns1)
ADD_VETH(p0, at_ns0, br0, "fc00::1/96")
ADD_VETH(p1, at_ns1, br0, "fc00::2/96")
+DPCTL_SET_MIN_FRAG_SIZE()
+
# Add different extension headers
AT_DATA([bundle.txt], [dnl
packet-out in_port=1, packet=50540000000a50540000000986dd60000000002c00fffc000000000000000000000000000001fc0000000000000000000000000000022c00000005020000110001880000000100010002000800000001020304050607080900010203040506070809, actions=ct(commit)
@@ -119,3 +119,16 @@ m4_define([CHECK_CT_DPIF_SET_GET_MAXCONNS])
# Perform requirements checks for running ovs-dpctl ct-get-nconns. The
# userspace datapath does support this feature.
m4_define([CHECK_CT_DPIF_GET_NCONNS])
+
+# DPCTL_SET_MIN_FRAG_SIZE()
+#
+# The userspace datapath supports this command.
+m4_define([DPCTL_SET_MIN_FRAG_SIZE],
+[
+AT_CHECK([ovs-appctl dpctl/ipf-set-min-frag v4 400], [], [dnl
+setting minimum fragment size successful
+])
+AT_CHECK([ovs-appctl dpctl/ipf-set-min-frag v6 400], [], [dnl
+setting minimum fragment size successful
+])
+])
A new command "ovs-appctl dpctl/ipf-set-min-frag" is added for userspace datapath conntrack fragmentation support. Signed-off-by: Darrell Ball <dlu998@gmail.com> --- NEWS | 2 ++ lib/ct-dpif.c | 8 ++++++++ lib/ct-dpif.h | 1 + lib/dpctl.c | 40 ++++++++++++++++++++++++++++++++++++++++ lib/dpctl.man | 9 +++++++++ lib/dpif-netdev.c | 8 ++++++++ lib/dpif-netlink.c | 1 + lib/dpif-provider.h | 2 ++ lib/ipf.c | 23 +++++++++++++++++++++++ lib/ipf.h | 2 ++ tests/system-kmod-macros.at | 8 ++++++++ tests/system-traffic.at | 34 ++++++++++++++++++++++++---------- tests/system-userspace-macros.at | 13 +++++++++++++ 13 files changed, 141 insertions(+), 10 deletions(-)