system-traffic: Make vxlan frag test more reliable.

Depending on the kernel version in use, the nf_conntrack module may
register hooks for each namespace and execute conntrack prior to passing
packets to OVS (or not). In cases where this happens, the previous flow
table in this test would trust the local stack's connection tracking and
use it rather than sending packets through conntrack itself (and
therefore handling IP defragmentation/fragmentation).

This patch revealed two fatal datapath bugs, fixed by these commits:
86c2eb4 datapath: Fix panic sending IP frags over tunnels.
792e5ed datapath: inet: frag: Always orphan skbs inside ip_defrag().

Signed-off-by: Joe Stringer <joe@ovn.org>
Acked-by: Ben Pfaff <blp@ovn.org>

tests/system-traffic.at

@@ -1309,8 +1309,8 @@ AT_DATA([flows.txt], [dnl
 priority=1,action=drop
 priority=10,arp,action=normal
 priority=100,in_port=1,icmp,action=ct(commit,zone=9),LOCAL
-priority=100,in_port=LOCAL,ct_state=-trk,icmp,action=ct(table=0,zone=9)
-priority=100,in_port=LOCAL,ct_state=+trk+est,icmp,action=1
+priority=100,in_port=LOCAL,icmp,action=ct(table=1,zone=9)
+table=1,priority=100,in_port=LOCAL,ct_state=+trk+est,icmp,action=1
 ])
 
 AT_CHECK([ovs-ofctl --bundle add-flows br0 flows.txt])