search

openvswitch / ovs-issues

Issue tracker repo for Open vSwitch
10 stars 3 forks source link

[Windows] Reverse SNAT not work #214

Open lzhecheng opened 3 years ago

lzhecheng commented 3 years ago

Related issue: https://github.com/antrea-io/antrea/issues/2289

We have 2 flows to do SNAT and d-SNAT (revert SNAT): table=105, priority=200,ct_state=+new+trk-dnat,ip,reg0=0x20000/0x20000 actions=ct(commit,table=106,zone=65520,na t(src=10.176.26.134),exec(load:0x40->NXM_NX_CT_MARK[])) table=30, priority=200,ip actions=ct(table=31,zone=65520,nat)

We observed that when a packet hits d-SNAT flow, the DST IP is not d-SNATed from time to time. We added some flows to prove our thought:

 cookie=0x2711, duration=1365.181s, table=31, n_packets=16, n_bytes=1032, priority=225,ct_state=-new+trk,ct_mark=0x40,ip,reg0=0x4/0xffff,nw_src=10.1
76.27.233,nw_dst=10.176.27.78 actions=load:0x1->NXM_NX_REG0[19],resubmit(,42)                                                                       
 cookie=0x2711, duration=3926.920s, table=31, n_packets=148, n_bytes=55759, priority=220,ct_state=-new+trk,ct_mark=0x40,ip,reg0=0x4/0xffff actions=l
oad:0x1->NXM_NX_REG0[19],resubmit(,42)                                                                                                              
 cookie=0x2711, duration=3986.013s, table=31, n_packets=82, n_bytes=9669, priority=230,ct_state=-new+trk,ct_mark=0x40,ip,reg0=0x4/0xffff,nw_src=10.1
76.27.233,nw_dst=192.168.194.151 actions=load:0x1->NXM_NX_REG0[19],resubmit(,42)

The expected DST IP after d-SNAT is 192.168.194.151 but actually it is 10.176.27.78 (unchanged).