conntrack will not work for icmp/icmpv6 protocol, if the src/dst port is set in nat. like this: actions=ct(nat(dst=172.16.1.100:5000),commit,table=40)
This patch fix this. This bug is introduced by commit 4cd0481c9e. commit 4cd0481c9e8b30bca5c0394f4e94ae126bde4908 Author: Darrell Ball <[email protected]> Date: Mon Feb 25 15:36:31 2019 -0800 conntrack: Fix wasted work for ICMP NAT. Signed-off-by: solomon <[email protected]> --- lib/conntrack.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/lib/conntrack.c b/lib/conntrack.c index d7d48a43a..9d6b8a358 100644 --- a/lib/conntrack.c +++ b/lib/conntrack.c @@ -2039,10 +2039,14 @@ nat_select_range_tuple(struct conntrack *ct, const struct conn *conn, while (true) { if (conn->nat_info->nat_action & NAT_ACTION_SRC) { nat_conn->rev_key.dst.addr = ct_addr; - nat_conn->rev_key.dst.port = htons(port); + if (pat_enabled) { + nat_conn->rev_key.dst.port = htons(port); + } } else { nat_conn->rev_key.src.addr = ct_addr; - nat_conn->rev_key.src.port = htons(port); + if (pat_enabled) { + nat_conn->rev_key.src.port = htons(port); + } } uint32_t conn_hash = conn_key_hash(&nat_conn->rev_key, -- 2.20.1 _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
