Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
The FDP team is no longer accepting new bugs in Bugzilla. Please report your issues under FDP project in Jira. Thanks.

Bug 1791190

Summary: After guest send a malformed arp, it can't ping other host through a logical router
Product: Red Hat Enterprise Linux Fast Datapath Reporter: ying xu <yinxu>
Component: ovn2.12Assignee: OVN Team <ovnteam>
Status: CLOSED WONTFIX QA Contact: ying xu <yinxu>
Severity: medium Docs Contact:
Priority: medium    
Version: RHEL 7.7CC: ctrautma, dcbw, jishi, nusiddiq, ralongi, tredaelli
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1775525 Environment:
Last Closed: 2020-06-18 11:02:44 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1775525, 1805592    
Bug Blocks:    

Description ying xu 2020-01-15 08:01:34 UTC 
+++ This bug was initially created as a clone of Bug #1775525 +++

Description of problem:
After guest send a malformed arp, it can't ping other host through a logical router

Version-Release number of selected component (if applicable):
[root@dell-per730-57 multicast]# rpm -qa|grep openvs
openvswitch-selinux-extra-policy-1.0-14.el7fdp.noarch
openvswitch2.11-2.11.0-26.el7fdp.x86_64
[root@dell-per730-57 multicast]# rpm -qa|grep ovn
ovn2.11-2.11.1-20.el7fdp.x86_64
ovn2.11-central-2.11.1-20.el7fdp.x86_64
ovn2.11-host-2.11.1-20.el7fdp.x86_64


How reproducible:
everytime 

Steps to Reproduce:
topo
         hv1_v1
           |
hv1_vm0---S2----r1-----public(ls)
                |
     hv0_vm0---S3---vm2

1. setup a env of the topo above(or run the case ovn_test_nat to get the env)
[root@dell-per730-19 multicast]# ovn-nbctl show
switch b726549c-4249-4e34-8300-c62f1cbc6ca1 (s2)
    port hv1_vm01_vnet1
        addresses: ["00:de:ad:01:01:01 172.16.102.12"]
    port hv1_vm00_vnet1
        addresses: ["00:de:ad:01:00:01 172.16.102.11"]
    port s2_r1
        type: router
        addresses: ["00:de:ad:ff:01:02 172.16.102.1"]
        router-port: r1_s2
switch 67056c80-7d36-4730-9036-fd4fb5d29310 (public)
    port ln_p1
        type: localnet
        addresses: ["unknown"]
    port public_r1
        type: router
        router-port: r1_public
switch c8f319ef-4db1-4964-aefd-b5288ad1b652 (s3)
    port hv0_vm00_vnet1
        addresses: ["00:de:ad:00:00:01 172.16.103.11"]
    port vm2
        addresses: ["00:00:00:00:00:02"]
    port s3_r1
        type: router
        addresses: ["00:de:ad:ff:01:03 172.16.103.1"]
        router-port: r1_s3
    port hv0_vm01_vnet1
        addresses: ["00:de:ad:00:01:01 172.16.103.12"]
router 964bb90a-f52c-4fae-ba32-520da109b83b (r1)
    port r1_public
        mac: "40:44:00:00:00:03"
        networks: ["172.16.104.1/24"]
    port r1_s2
        mac: "00:de:ad:ff:01:02"
        networks: ["172.16.102.1/24"]
    port r1_s3
        mac: "00:de:ad:ff:01:03"
        networks: ["172.16.103.1/24"]
    nat 2f3e76c8-ab37-4345-b84c-bcea8f3ec231
        external ip: "172.16.104.200"
        logical ip: "172.16.102.11"
        type: "dnat_and_snat"
    nat dbc3612c-bc65-4221-b52b-d29aa7ed7a4b
        external ip: "172.16.104.201"
        logical ip: "172.16.103.11"
        type: "dnat_and_snat"

2. after this step,ping from vm2 to hv0_vm0/hv1_vm0/hv1_vm1 all pass.
ip netns exec vm2 ping 172.16.102.11 -c 3'
PING 172.16.102.11 (172.16.102.11) 56(84) bytes of data.
64 bytes from 172.16.102.11: icmp_seq=1 ttl=63 time=1.24 ms
64 bytes from 172.16.102.11: icmp_seq=2 ttl=63 time=0.294 ms
64 bytes from 172.16.102.11: icmp_seq=3 ttl=63 time=0.230 ms

--- 172.16.102.11 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms

3. send a malformed arp packets from vm2
from scapy.all import *

sendp(Ether(src="00:de:ad:01:00:01", dst="ff:ff:ff:ff:ff:ff")/ARP(op=1,hwsrc='00:de:ad:01:00:01',hwdst='00:00:00:00:00:00',psrc='172.16.103.13',pdst='0.0.0.0'),iface="vm2")

4. from vm2 to hv0_vm0/hv1_vm0/hv1_vm1,only to hv0_vm0 pass.
vm2 can't communicate hosts through router.
ping the ip of the router also failed.
ip netns exec vm2 ping 172.16.102.11 -c 3'
PING 172.16.102.11 (172.16.102.11) 56(84) bytes of data.

--- 172.16.102.11 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 1999ms
ip netns exec vm2 ping 172.16.103.1 -c 3'
PING 172.16.103.1 (172.16.103.1) 56(84) bytes of data.

--- 172.16.103.1 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 1999ms


Actual results:
ping failed

Expected results:
ping pass

Additional info:

--- Additional comment from ying xu on 2019-11-22 07:58:55 UTC ---