Bug 1997711

Summary: Add support for SNAT/DNAT in same ct action
Product: Red Hat Enterprise Linux Fast Datapath Reporter: Tim Rozet <trozet>
Component: openvswitchAssignee: Aaron Conole <aconole>
openvswitch sub component: other QA Contact: Jiying Qiu <jiqiu>
Status: NEW --- Docs Contact:
Severity: unspecified    
Priority: unspecified CC: aconole, ctrautma, mleitner, qding
Version: RHEL 8.0Keywords: FutureFeature
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Tim Rozet 2021-08-25 16:42:52 UTC 
Description of problem:
Currently with OVS, a ct action may only take a single nat operation (snat or dnat), but conntrack supports doing both. We should be able to add support in the ct action to have both. Currently:

[trozet@fedora ~]$ sudo ovs-ofctl add-flow br-ex 'ip,action=ct(commit,zone=1,nat(src=10.1.1.1,dst=11.1.1.1))'
ovs-ofctl: May only specify one of "src" or "dst".
Comment 1 Aaron Conole 2021-08-25 16:44:39 UTC 
For sure this is possible to do from DP side.  I will investigate from the OpenFlow side.

After looking, it doesn't seem like ct() action is part of openflow 
proper (so it's a nicira extension).