Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
The FDP team is no longer accepting new bugs in Bugzilla. Please report your issues under FDP project in Jira. Thanks.

Bug 2099311

Summary: [ovn-trace] Doesn't implement chk_lb_hairpin_reply action
Product: Red Hat Enterprise Linux Fast Datapath Reporter: Surya Seetharaman <surya>
Component: OVNAssignee: lorenzo bianconi <lorenzo.bianconi>
Status: CLOSED CURRENTRELEASE QA Contact: Ehsan Elahi <eelahi>
Severity: unspecified Docs Contact:
Priority: medium    
Version: FDP 21.CCC: ctrautma, jiji, mmichels
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-03-13 07:19:10 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Surya Seetharaman 2022-06-20 14:23:12 UTC 
Description of problem: Unable to run traces from pod towards service VIP that is backed by the same pod.

sh-4.4# ovn-trace --ct new 'inport=="89eaa4ef-d390-48f0-b6ad-866bbe7777ae-1_nginx-4-1-1" && eth.src==0a:58:0a:be:06:e4 && eth.dst==0a:58:0a:be:04:01 && ip4.src==10.190.6.228
 && ip4.dst==172.30.75.178 && ip.ttl==64 && tcp && tcp.src==80 && tcp.dst==8080' --lb-dst 10.190.6.228:8080                                                                  
                                                                                                                                                                             
# tcp,reg14=0x13,vlan_tci=0x0000,dl_src=0a:58:0a:be:06:e4,dl_dst=0a:58:0a:be:04:01,nw_src=10.190.6.228,nw_dst=172.30.75.178,nw_tos=0,nw_ecn=0,nw_ttl=64,tp_src=80,tp_dst=8080
,tcp_flags=0

ingress(dp="ip-10-0-198-250.us-west-2.compute.internal", inport="89eaa4ef-d390-48f0-b6ad-866bbe7777ae-1_nginx-4-1-1")
---------------------------------------------------------------------------------------------------------------------
 0. ls_in_port_sec_l2 (northd.c:5574): inport == "89eaa4ef-d390-48f0-b6ad-866bbe7777ae-1_nginx-4-1-1" && eth.src == {0a:58:0a:be:06:e4}, priority 50, uuid 0ad49437
    next;
 1. ls_in_port_sec_ip (northd.c:5207): inport == "89eaa4ef-d390-48f0-b6ad-866bbe7777ae-1_nginx-4-1-1" && eth.src == 0a:58:0a:be:06:e4 && ip4.src == {10.190.6.228}, priority 
90, uuid a3768937
    next;
 5. ls_in_pre_acl (northd.c:5834): ip, priority 100, uuid 9a144b1d
    reg0[0] = 1;
    next;
 6. ls_in_pre_lb (northd.c:5966): ip, priority 100, uuid 8a23fbc0
    reg0[2] = 1;
    next;
 7. ls_in_pre_stateful (northd.c:5993): reg0[2] == 1 && ip4 && tcp, priority 120, uuid 08431aa8
    reg1 = ip4.dst;
    reg2[0..15] = tcp.dst;
    ct_lb;
ct_lb
-----
 8. ls_in_acl_hint (northd.c:6066): ct.new && !ct.est, priority 7, uuid 3ebfbd4e
    reg0[7] = 1;
    reg0[9] = 1;
    next;
 9. ls_in_acl (northd.c:6632): ip && (!ct.est || (ct.est && ct_label.blocked == 1)), priority 1, uuid 335cc96a
    reg0[1] = 1;
    next;
14. ls_in_stateful (northd.c:6980): reg0[1] == 1 && reg0[13] == 0, priority 100, uuid 64b10df2
    ct_commit { ct_label.blocked = 0; };
    next;
15. ls_in_pre_hairpin (northd.c:7007): ip && ct.trk, priority 100, uuid b716ab9e
    reg0[6] = chk_lb_hairpin();
    reg0[12] = chk_lb_hairpin_reply();
    *** chk_lb_hairpin_reply action not implemented
    next;
16. ls_in_nat_hairpin (northd.c:7015): ip && ct.new && ct.trk && reg0[6] == 1, priority 100, uuid 07fb72a4
    ct_snat_to_vip;
    *** ct_snat_to_vip action not implemented
    next;
17. ls_in_hairpin (northd.c:7040): (reg0[6] == 1 || reg0[12] == 1), priority 1, uuid d802f597
    eth.dst <-> eth.src;
    outport = inport;
    flags.loopback = 1;
    output;
egress(dp="ip-10-0-198-250.us-west-2.compute.internal", inport="89eaa4ef-d390-48f0-b6ad-866bbe7777ae-1_nginx-4-1-1", outport="89eaa4ef-d390-48f0-b6ad-866bbe7777ae-1_nginx-4-
1-1")
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-----
 0. ls_out_pre_lb (northd.c:5968): ip, priority 100, uuid 50601f9a
    reg0[2] = 1;
    next;
 1. ls_out_pre_acl (northd.c:5836): ip, priority 100, uuid 71405907
    reg0[0] = 1;
    next;
 2. ls_out_pre_stateful (northd.c:6013): reg0[2] == 1, priority 110, uuid 1c070aa5
    ct_lb;

ct_lb /* default (use --ct to customize) */ 
------------------------------------------- 
 3. ls_out_acl_hint (northd.c:6118): ct.est && ct_label.blocked == 0, priority 1, uuid edd04405
    reg0[10] = 1;
    next;
 4. ls_out_acl (northd.c:6427): reg0[10] == 1 && (outport == @a11949504362839656604_ingressDefaultDeny), priority 2000, uuid ff713e1f
    ct_commit { ct_label.blocked = 1; };

Version-Release number of selected component (if applicable):
OVN 22.06 and lower


How reproducible:
always 
https://coreos.slack.com/archives/C01G7T6SYSD/p1654169639364839?thread_ts=1654114735.260069&cid=C01G7T6SYSD

Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 1 lorenzo bianconi 2022-06-30 13:23:47 UTC 
upstream patch: https://patchwork.ozlabs.org/project/ovn/patch/91ab11c91b827e09c4f5f43e1ad20a05d3f918a4.1656595260.git.lorenzo.bianconi@redhat.com/