Bug 2149021

Summary:	SNAT commits every packet to CT
Product:	Red Hat Enterprise Linux Fast Datapath	Reporter:	Ales Musil <amusil>
Component:	ovn22.09	Assignee:	OVN Team <ovnteam>
Status:	NEW ---	QA Contact:	Jianlin Shi <jishi>
Severity:	medium	Docs Contact:
Priority:	medium
Version:	FDP 22.E	CC:	ctrautma, dcaratti, i.maximets, jiji, mleitner, mmichels, nusiddiq, wizhao
Target Milestone:	---
Target Release:	---
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:		Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:		Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:
Bug Depends On:
Bug Blocks:	2172622

Description Ales Musil 2022-11-28 15:32:12 UTC

Description of problem:
OVN commits every packet that goes through source nat.

We have an action in the router pipeline that deals with the SNAT:

table=3 (lr_out_snat        ), priority=161  , match=(ip && ip4.src == 192.168.10.10 && outport == "lr-ls1" && is_chassis_resident("cr-lr-ls1")), action=(ct_snat_in_czone(192.168.20.10);)

This action actually does not filter on ct_state so we don't know if the traffic
was commited already or not which results in commiting every packet. 

The resulting OvS flows are as follow:

recirc_id(0x1),in_port(3),ct_mark(0/0x2),eth(src=00:00:00:00:20:00,dst=00:00:00:00:20:10),eth_type(0x0800),ipv4(dst=192.168.20.16/255.255.255.240,frag=no), packets:4, bytes:270, used:0.005s, flags:FP., actions:ct_clear,4
 
recirc_id(0),in_port(3),ct_mark(0/0x2),eth(src=00:00:00:00:10:10,dst=00:00:00:00:10:00),eth_type(0x0800),ipv4(src=192.168.10.10,dst=192.168.20.20,ttl=64,frag=no), packets:4, bytes:270, used:0.005s, flags:FP., actions:set(eth(src=00:00:00:00:20:00,dst=00:00:00:00:20:10)),set(ipv4(ttl=63)),ct(commit,zone=4,nat(src=192.168.20.10)),recirc(0x1)



The problem is that this might not work very well with HWOL.