Bug 2149021

Summary: SNAT commits every packet to CT
Product: Red Hat Enterprise Linux Fast Datapath Reporter: Ales Musil <amusil>
Component: ovn22.09Assignee: OVN Team <ovnteam>
Status: NEW --- QA Contact: Jianlin Shi <jishi>
Severity: medium Docs Contact:
Priority: medium    
Version: FDP 22.ECC: ctrautma, dcaratti, i.maximets, jiji, mleitner, mmichels, nusiddiq, wizhao
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2172622    

Description Ales Musil 2022-11-28 15:32:12 UTC
Description of problem:
OVN commits every packet that goes through source nat.

We have an action in the router pipeline that deals with the SNAT:

table=3 (lr_out_snat        ), priority=161  , match=(ip && ip4.src == 192.168.10.10 && outport == "lr-ls1" && is_chassis_resident("cr-lr-ls1")), action=(ct_snat_in_czone(192.168.20.10);)

This action actually does not filter on ct_state so we don't know if the traffic
was commited already or not which results in commiting every packet. 

The resulting OvS flows are as follow:

recirc_id(0x1),in_port(3),ct_mark(0/0x2),eth(src=00:00:00:00:20:00,dst=00:00:00:00:20:10),eth_type(0x0800),ipv4(dst=192.168.20.16/255.255.255.240,frag=no), packets:4, bytes:270, used:0.005s, flags:FP., actions:ct_clear,4
 
recirc_id(0),in_port(3),ct_mark(0/0x2),eth(src=00:00:00:00:10:10,dst=00:00:00:00:10:00),eth_type(0x0800),ipv4(src=192.168.10.10,dst=192.168.20.20,ttl=64,frag=no), packets:4, bytes:270, used:0.005s, flags:FP., actions:set(eth(src=00:00:00:00:20:00,dst=00:00:00:00:20:10)),set(ipv4(ttl=63)),ct(commit,zone=4,nat(src=192.168.20.10)),recirc(0x1)



The problem is that this might not work very well with HWOL.