Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
northd: Allow need frag to be SNATed
Considering following topology: client - sw0 - lrp0 - lr - lrp1 - sw1 - server sw0 in subnet 192.168.0.0/24 sw1 in subnet 172.168.0.0/24 SNAT configured for sw0 subnet gateway_mtu=1400 configured for lrp0 If we send UDP traffic from client to server and server responds with packet bigger than 1400 the following sequence will happen: 1) Packet is coming into lr via lrp1 2) unSNAT 3) Routing, the outport will be set to lrp0 4) Check for packet larger will fail 5) We will generate ICMP need frag However, the last step is wrong from the server perspective. The ICMP message will have IP source address = lrp1 IP address. Which means that SNAT won't happen because the source is not within the sw0 subnet, but the inner packet has sw0 subnet address, because it was unSNATted. This results in server ignoring the ICMP message because server never sent any packet to the sw0 subnet. To fix this issue use outport IP address as source instead of the inport one for the ICMP error message. This will lead to SNAT for the packet which will result in correct addresses on the sw1 side. Reported-at: https://issues.redhat.com/browse/FDP-39 Signed-off-by: Ales Musil <amusil@redhat.com> Co-authored-by: Ilya Maximets <i.maximets@ovn.org> Signed-off-by: Ilya Maximets <i.maximets@ovn.org> Signed-off-by: Dumitru Ceara <dceara@redhat.com> (cherry picked from commit 0e49f49)
- Loading branch information