If TCP packets do not go thru conntrack, then that would explain why the TCP traffic is not natted (since you don't have any other rules that could do that)
You need to find out where the TCP packets are going. Try making the rules L4 protocol specific (i.e. look for TCP and also do something different for ICMP) Maybe add some other debug rules to trace the TCP packets otherwise On 2/8/19, 1:47 PM, "Rostyslav Fridman" <[email protected]> wrote: I have sent TCP traffic. It does not show up in dump-conntrack for some reason. However, I see it on the external server. -----Исходное сообщение----- От: Darrell Ball [mailto:[email protected]] Отправлено: 8 февраля 2019 г. 23:29 Кому: Rostyslav Fridman <[email protected]>; Ben Pfaff <[email protected]> Копия: [email protected]; Vasyl Samoilov <[email protected]> Тема: Re: [ovs-dev] SNAT on OVN logical_router in userspace works for ICMP but not TCP or UDP I thought the problem was with TCP/UDP traffic ? Did you send TCP traffic for this test ?; if not, can you run the test with TCP ? On 2/8/19, 12:53 PM, "Rostyslav Fridman" <[email protected]> wrote: # ovs-appctl dpif/dump-flows br-int recirc_id(0x1),dp_hash(0x9eeb76ae/0xff),in_port(8),packet_type(ns=0,id=0),eth_type(0x8100),vlan(vid=111,pcp=0),encap(eth_type(0x0800),ipv4(frag=no)), packets:20, bytes:2040, used:0.942s, actions:4 ct_state(-new-est-rel-inv-trk),recirc_id(0),in_port(8),packet_type(ns=0,id=0),eth(src=0a:00:00:00:00:03/01:00:00:00:00:00,dst=00:00:00:6b:83:b1),eth_type(0x0800),ipv4(src=10.0.0.2/255.255.254.0,dst=216.58.215.110/224.0.0.0,ttl=64,frag=no), packets:25, bytes:2354, used:0.942s, flags:S, actions:ct_clear,ct(zone=5,nat),recirc(0xb1) ct_state(+new-est-rel-inv+trk),recirc_id(0xb2),in_port(8),packet_type(ns=0,id=0),eth(src=00:00:00:73:a8:30,dst=00:00:00:da:6b:85),eth_type(0x0800),ipv4(src=10.0.0.2/255.0.0.0,dst=216.58.215.110/128.0.0.0,ttl=63,frag=no), packets:20, bytes:1960, used:0.942s, actions:set(eth(src=00:00:00:61:f0:c0,dst=00:25:90:e7:23:94)),set(ipv4(src=10.0.0.0/255.0.0.0,dst=128.0.0.0/128.0.0.0,ttl=62)),ct(commit,zone=3,nat(src=10.250.111.40)),recirc(0xb3) ct_state(+new-est-rel-inv+trk),recirc_id(0xb1),in_port(8),packet_type(ns=0,id=0),eth(src=0a:00:00:00:00:03,dst=00:00:00:6b:83:b1),eth_type(0x0800),ipv4(src=10.0.0.2/255.255.254.0,dst=216.58.215.110/224.0.0.0,ttl=64,frag=no), packets:20, bytes:1960, used:0.942s, actions:ct_clear,ct_clear,set(eth(src=00:00:00:73:a8:30,dst=00:00:00:da:6b:85)),set(ipv4(src=10.0.0.0/255.255.254.0,dst=192.0.0.0/224.0.0.0,ttl=63)),ct(zone=2,nat),recirc(0xb2) ct_state(-new+est-rel-inv+trk),recirc_id(0xb3),in_port(8),packet_type(ns=0,id=0),eth(src=00:00:00:61:f0:c0,dst=00:25:90:e7:23:94),eth_type(0x0800),ipv4(frag=no), packets:19, bytes:1862, used:0.942s, actions:ct_clear,push_vlan(vid=111,pcp=0),hash(l4(0)),recirc(0x1) ================================== # ovs-appctl dpctl/dump-conntrack icmp,orig=(src=10.0.0.2,dst=216.58.215.110,id=246,type=8,code=0),reply=(src=216.58.215.110,dst=10.250.111.40,id=246,type=0,code=0),zone=3 _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
