The FDP team is no longer accepting new bugs in Bugzilla. Please report your issues under FDP project in Jira. Thanks.
Bug 2178200 - [CT] Inner header of ICMP related traffic does not get DNATed
Summary: [CT] Inner header of ICMP related traffic does not get DNATed
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux Fast Datapath
Classification: Red Hat
Component: openvswitch2.17
Version: FDP 22.E
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
: ---
Assignee: Ales Musil
QA Contact: Jiying Qiu
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2023-03-14 14:11 UTC by Timothy Redaelli
Modified: 2023-04-13 09:05 UTC (History)
3 users (show)

Fixed In Version: openvswitch2.17-2.17.0-79.el8fdp
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2023-04-13 09:04:54 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker FD-2739 0 None None None 2023-03-14 14:43:04 UTC
Red Hat Product Errata RHSA-2023:1765 0 None None None 2023-04-13 09:05:02 UTC

Description Timothy Redaelli 2023-03-14 14:11:35 UTC 
+++ This bug was initially created as a clone of Bug #2137754 +++

Description of problem:
When we have a ICMP related message from different source address the inner header does not get DNATed. 

How reproducible:
100%

Steps to Reproduce:
1. Run the reproducer script


Actual results:
06:09:43.044558 00:00:00:00:20:00 > 00:00:00:00:10:20, ethertype IPv4 (0x0800), length 70: (tos 0x0, ttl 255, id 287, offset 0, flags [none], proto ICMP (1), length 56)
    192.168.20.1 > 192.168.10.20: ICMP 192.168.20.10 unreachable - need to frag (mtu 1400), length 36
	(tos 0x0, ttl 10, id 0, offset 0, flags [DF], proto UDP (17), length 28)
    192.168.20.20.2 > 192.168.20.10.1: UDP, length 0


Expected results:
06:09:43.044558 00:00:00:00:20:00 > 00:00:00:00:10:20, ethertype IPv4 (0x0800), length 70: (tos 0x0, ttl 255, id 287, offset 0, flags [none], proto ICMP (1), length 56)
    192.168.20.1 > 192.168.10.20: ICMP 192.168.20.10 unreachable - need to frag (mtu 1400), length 36
	(tos 0x0, ttl 10, id 0, offset 0, flags [DF], proto UDP (17), length 28)
    192.168.10.20.2 > 192.168.20.10.1: UDP, length 0
Comment 1 Timothy Redaelli 2023-03-14 14:11:38 UTC 
+++ This bug was initially created as a clone of Bug #2137754 +++

Description of problem:
When we have a ICMP related message from different source address the inner header does not get DNATed. 

How reproducible:
100%

Steps to Reproduce:
1. Run the reproducer script


Actual results:
06:09:43.044558 00:00:00:00:20:00 > 00:00:00:00:10:20, ethertype IPv4 (0x0800), length 70: (tos 0x0, ttl 255, id 287, offset 0, flags [none], proto ICMP (1), length 56)
    192.168.20.1 > 192.168.10.20: ICMP 192.168.20.10 unreachable - need to frag (mtu 1400), length 36
	(tos 0x0, ttl 10, id 0, offset 0, flags [DF], proto UDP (17), length 28)
    192.168.20.20.2 > 192.168.20.10.1: UDP, length 0


Expected results:
06:09:43.044558 00:00:00:00:20:00 > 00:00:00:00:10:20, ethertype IPv4 (0x0800), length 70: (tos 0x0, ttl 255, id 287, offset 0, flags [none], proto ICMP (1), length 56)
    192.168.20.1 > 192.168.10.20: ICMP 192.168.20.10 unreachable - need to frag (mtu 1400), length 36
	(tos 0x0, ttl 10, id 0, offset 0, flags [DF], proto UDP (17), length 28)
    192.168.10.20.2 > 192.168.20.10.1: UDP, length 0
Comment 5 Jiying Qiu 2023-03-21 04:28:26 UTC 
Verified on openvswitch2.17-2.17.0-79.el8fdp

Use the reproducer in https://bugzilla.redhat.com/show_bug.cgi?id=2137754
Comment 7 errata-xmlrpc 2023-04-13 09:04:54 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: openvswitch2.17 security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2023:1765
Note You need to log in before you can comment on or make changes to this bug.