If TCP packets do not go thru conntrack, then that would explain why the TCP
traffic is not natted (since you don't have any other rules that could do that)
You need to find out where the TCP packets are going.
Try making the rules L4 protocol specific (i.e. look for TCP and also do
something different for ICMP)
Maybe add some other debug rules to trace the TCP packets otherwise
On 2/8/19, 1:47 PM, "Rostyslav Fridman" <rostyslav_frid...@epam.com> wrote:
I have sent TCP traffic. It does not show up in dump-conntrack for some
reason. However, I see it on the external server.
-----Исходное сообщение-----
От: Darrell Ball [mailto:db...@vmware.com]
Отправлено: 8 февраля 2019 г. 23:29
Кому: Rostyslav Fridman <rostyslav_frid...@epam.com>; Ben Pfaff
<b...@ovn.org>
Копия: ovs-dev@openvswitch.org; Vasyl Samoilov <vasyl_samoi...@epam.com>
Тема: Re: [ovs-dev] SNAT on OVN logical_router in userspace works for ICMP
but not TCP or UDP
I thought the problem was with TCP/UDP traffic ?
Did you send TCP traffic for this test ?; if not, can you run the test with
TCP ?
On 2/8/19, 12:53 PM, "Rostyslav Fridman" <rostyslav_frid...@epam.com> wrote:
# ovs-appctl dpif/dump-flows br-int
recirc_id(0x1),dp_hash(0x9eeb76ae/0xff),in_port(8),packet_type(ns=0,id=0),eth_type(0x8100),vlan(vid=111,pcp=0),encap(eth_type(0x0800),ipv4(frag=no)),
packets:20, bytes:2040, used:0.942s, actions:4
ct_state(-new-est-rel-inv-trk),recirc_id(0),in_port(8),packet_type(ns=0,id=0),eth(src=0a:00:00:00:00:03/01:00:00:00:00:00,dst=00:00:00:6b:83:b1),eth_type(0x0800),ipv4(src=10.0.0.2/255.255.254.0,dst=216.58.215.110/224.0.0.0,ttl=64,frag=no),
packets:25, bytes:2354, used:0.942s, flags:S,
actions:ct_clear,ct(zone=5,nat),recirc(0xb1)
ct_state(+new-est-rel-inv+trk),recirc_id(0xb2),in_port(8),packet_type(ns=0,id=0),eth(src=00:00:00:73:a8:30,dst=00:00:00:da:6b:85),eth_type(0x0800),ipv4(src=10.0.0.2/255.0.0.0,dst=216.58.215.110/128.0.0.0,ttl=63,frag=no),
packets:20, bytes:1960, used:0.942s,
actions:set(eth(src=00:00:00:61:f0:c0,dst=00:25:90:e7:23:94)),set(ipv4(src=10.0.0.0/255.0.0.0,dst=128.0.0.0/128.0.0.0,ttl=62)),ct(commit,zone=3,nat(src=10.250.111.40)),recirc(0xb3)
ct_state(+new-est-rel-inv+trk),recirc_id(0xb1),in_port(8),packet_type(ns=0,id=0),eth(src=0a:00:00:00:00:03,dst=00:00:00:6b:83:b1),eth_type(0x0800),ipv4(src=10.0.0.2/255.255.254.0,dst=216.58.215.110/224.0.0.0,ttl=64,frag=no),
packets:20, bytes:1960, used:0.942s,
actions:ct_clear,ct_clear,set(eth(src=00:00:00:73:a8:30,dst=00:00:00:da:6b:85)),set(ipv4(src=10.0.0.0/255.255.254.0,dst=192.0.0.0/224.0.0.0,ttl=63)),ct(zone=2,nat),recirc(0xb2)
ct_state(-new+est-rel-inv+trk),recirc_id(0xb3),in_port(8),packet_type(ns=0,id=0),eth(src=00:00:00:61:f0:c0,dst=00:25:90:e7:23:94),eth_type(0x0800),ipv4(frag=no),
packets:19, bytes:1862, used:0.942s,
actions:ct_clear,push_vlan(vid=111,pcp=0),hash(l4(0)),recirc(0x1)
==================================
# ovs-appctl dpctl/dump-conntrack
icmp,orig=(src=10.0.0.2,dst=216.58.215.110,id=246,type=8,code=0),reply=(src=216.58.215.110,dst=10.250.111.40,id=246,type=0,code=0),zone=3
_______________________________________________
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
