system-traffic: Make vxlan frag test more reliable.

Depending on the kernel version in use, the nf_conntrack module may
register hooks for each namespace and execute conntrack prior to passing
packets to OVS (or not). In cases where this happens, the previous flow
table in this test would trust the local stack's connection tracking and
use it rather than sending packets through conntrack itself (and
therefore handling IP defragmentation/fragmentation).

This patch revealed two fatal datapath bugs, fixed by these commits:
86c2eb45fd82 datapath: Fix panic sending IP frags over tunnels.
792e5ed750ce datapath: inet: frag: Always orphan skbs inside ip_defrag().

Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>

diff --git a/tests/system-traffic.at b/tests/system-traffic.at
index 102b56f..c352412 100644 (file)
--- a/tests/system-traffic.at
+++ b/tests/system-traffic.at
@@ -1309,8 +1309,8 @@ AT_DATA([flows.txt], [dnl
 priority=1,action=drop
 priority=10,arp,action=normal
 priority=100,in_port=1,icmp,action=ct(commit,zone=9),LOCAL
-priority=100,in_port=LOCAL,ct_state=-trk,icmp,action=ct(table=0,zone=9)
-priority=100,in_port=LOCAL,ct_state=+trk+est,icmp,action=1
+priority=100,in_port=LOCAL,icmp,action=ct(table=1,zone=9)
+table=1,priority=100,in_port=LOCAL,ct_state=+trk+est,icmp,action=1
 ])
 
 AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt])