Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
The FDP team is no longer accepting new bugs in Bugzilla. Please report your issues under FDP project in Jira. Thanks.

Bug 2178200

Summary: [CT] Inner header of ICMP related traffic does not get DNATed
Product: Red Hat Enterprise Linux Fast Datapath Reporter: Timothy Redaelli <tredaelli>
Component: openvswitch2.17Assignee: Ales Musil <amusil>
Status: CLOSED ERRATA QA Contact: Jiying Qiu <jiqiu>
Severity: high Docs Contact:
Priority: unspecified    
Version: FDP 22.ECC: ctrautma, jhsiao, ralongi
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openvswitch2.17-2.17.0-79.el8fdp Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-04-13 09:04:54 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Timothy Redaelli 2023-03-14 14:11:35 UTC 
+++ This bug was initially created as a clone of Bug #2137754 +++

Description of problem:
When we have a ICMP related message from different source address the inner header does not get DNATed. 

How reproducible:
100%

Steps to Reproduce:
1. Run the reproducer script


Actual results:
06:09:43.044558 00:00:00:00:20:00 > 00:00:00:00:10:20, ethertype IPv4 (0x0800), length 70: (tos 0x0, ttl 255, id 287, offset 0, flags [none], proto ICMP (1), length 56)
    192.168.20.1 > 192.168.10.20: ICMP 192.168.20.10 unreachable - need to frag (mtu 1400), length 36
	(tos 0x0, ttl 10, id 0, offset 0, flags [DF], proto UDP (17), length 28)
    192.168.20.20.2 > 192.168.20.10.1: UDP, length 0


Expected results:
06:09:43.044558 00:00:00:00:20:00 > 00:00:00:00:10:20, ethertype IPv4 (0x0800), length 70: (tos 0x0, ttl 255, id 287, offset 0, flags [none], proto ICMP (1), length 56)
    192.168.20.1 > 192.168.10.20: ICMP 192.168.20.10 unreachable - need to frag (mtu 1400), length 36
	(tos 0x0, ttl 10, id 0, offset 0, flags [DF], proto UDP (17), length 28)
    192.168.10.20.2 > 192.168.20.10.1: UDP, length 0
Comment 1 Timothy Redaelli 2023-03-14 14:11:38 UTC 
+++ This bug was initially created as a clone of Bug #2137754 +++

Description of problem:
When we have a ICMP related message from different source address the inner header does not get DNATed. 

How reproducible:
100%

Steps to Reproduce:
1. Run the reproducer script


Actual results:
06:09:43.044558 00:00:00:00:20:00 > 00:00:00:00:10:20, ethertype IPv4 (0x0800), length 70: (tos 0x0, ttl 255, id 287, offset 0, flags [none], proto ICMP (1), length 56)
    192.168.20.1 > 192.168.10.20: ICMP 192.168.20.10 unreachable - need to frag (mtu 1400), length 36
	(tos 0x0, ttl 10, id 0, offset 0, flags [DF], proto UDP (17), length 28)
    192.168.20.20.2 > 192.168.20.10.1: UDP, length 0


Expected results:
06:09:43.044558 00:00:00:00:20:00 > 00:00:00:00:10:20, ethertype IPv4 (0x0800), length 70: (tos 0x0, ttl 255, id 287, offset 0, flags [none], proto ICMP (1), length 56)
    192.168.20.1 > 192.168.10.20: ICMP 192.168.20.10 unreachable - need to frag (mtu 1400), length 36
	(tos 0x0, ttl 10, id 0, offset 0, flags [DF], proto UDP (17), length 28)
    192.168.10.20.2 > 192.168.20.10.1: UDP, length 0
Comment 5 Jiying Qiu 2023-03-21 04:28:26 UTC 
Verified on openvswitch2.17-2.17.0-79.el8fdp

Use the reproducer in https://bugzilla.redhat.com/show_bug.cgi?id=2137754
Comment 7 errata-xmlrpc 2023-04-13 09:04:54 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: openvswitch2.17 security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2023:1765