[Bug 1967856] Re: Hairpin traffic does not work with centralized NAT gw
Launchpad Bug Tracker
1967856 at bugs.launchpad.net
Thu Jul 28 10:25:44 UTC 2022
This bug was fixed in the package linux - 5.15.0-43.46
---------------
linux (5.15.0-43.46) jammy; urgency=medium
* jammy/linux: 5.15.0-43.46 -proposed tracker (LP: #1981243)
* Packaging resync (LP: #1786013)
- debian/dkms-versions -- update from kernel-versions (main/2022.07.11)
* nbd: requests can become stuck when disconnecting from server with qemu-nbd
(LP: #1896350)
- nbd: don't handle response without a corresponding request message
- nbd: make sure request completion won't concurrent
- nbd: don't clear 'NBD_CMD_INFLIGHT' flag if request is not completed
- nbd: fix io hung while disconnecting device
* Ubuntu 22.04 and 20.04 DPC Fixes for Failure Cases of DownPort Containment
events (LP: #1965241)
- PCI/portdrv: Rename pm_iter() to pcie_port_device_iter()
- PCI: pciehp: Ignore Link Down/Up caused by error-induced Hot Reset
- [Config] Enable config option CONFIG_PCIE_EDR
* [SRU] Ubuntu 22.04 Feature Request-Add support for a NVMe-oF-TCP CDC Client
- TP 8010 (LP: #1948626)
- nvme: add CNTRLTYPE definitions for 'identify controller'
- nvme: send uevent on connection up
- nvme: expose cntrltype and dctype through sysfs
* [UBUNTU 22.04] Kernel oops while removing device from cio_ignore list
(LP: #1980951)
- s390/cio: derive cdev information only for IO-subchannels
* Jammy Charmed OpenStack deployment fails over connectivity issues when using
converged OVS bridge for control and data planes (LP: #1978820)
- net/mlx5e: TC NIC mode, fix tc chains miss table
* Hairpin traffic does not work with centralized NAT gw (LP: #1967856)
- net: openvswitch: fix misuse of the cached connection on tuple changes
* alsa: asoc: amd: the internal mic can't be dedected on yellow carp machines
(LP: #1980700)
- ASoC: amd: Add driver data to acp6x machine driver
- ASoC: amd: Add support for enabling DMIC on acp6x via _DSD
* AMD ACP 6.x DMIC Supports (LP: #1949245)
- ASoC: amd: add Yellow Carp ACP6x IP register header
- ASoC: amd: add Yellow Carp ACP PCI driver
- ASoC: amd: add acp6x init/de-init functions
- ASoC: amd: add platform devices for acp6x pdm driver and dmic driver
- ASoC: amd: add acp6x pdm platform driver
- ASoC: amd: add acp6x irq handler
- ASoC: amd: add acp6x pdm driver dma ops
- ASoC: amd: add acp6x pci driver pm ops
- ASoC: amd: add acp6x pdm driver pm ops
- ASoC: amd: enable Yellow carp acp6x drivers build
- ASoC: amd: create platform device for acp6x machine driver
- ASoC: amd: add YC machine driver using dmic
- ASoC: amd: enable Yellow Carp platform machine driver build
- ASoC: amd: fix uninitialized variable in snd_acp6x_probe()
- [Config] Enable AMD ACP 6 DMIC Support
* [UBUNTU 20.04] Include patches to avoid self-detected stall with Secure
Execution (LP: #1979296)
- KVM: s390: pv: add macros for UVC CC values
- KVM: s390: pv: avoid stalls when making pages secure
* [22.04 FEAT] KVM: Attestation support for Secure Execution (crypto)
(LP: #1959973)
- drivers/s390/char: Add Ultravisor io device
- s390/uv_uapi: depend on CONFIG_S390
- [Config] CONFIG_S390_UV_UAPI=y for s390x
* CVE-2022-1679
- SAUCE: ath9k: fix use-after-free in ath9k_hif_usb_rx_cb
* CVE-2022-28893
- SUNRPC: Ensure we flush any closed sockets before xs_xprt_free()
- SUNRPC: Don't leak sockets in xs_local_connect()
* CVE-2022-34918
- netfilter: nf_tables: stricter validation of element data
* CVE-2022-1652
- floppy: use a statically allocated error counter
-- Stefan Bader <stefan.bader at canonical.com> Tue, 12 Jul 2022 10:51:03
+0200
** Changed in: linux (Ubuntu Jammy)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-1652
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-1679
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-28893
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-34918
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to ovn in Ubuntu.
https://bugs.launchpad.net/bugs/1967856
Title:
Hairpin traffic does not work with centralized NAT gw
Status in linux package in Ubuntu:
Invalid
Status in openvswitch package in Ubuntu:
Invalid
Status in ovn package in Ubuntu:
Invalid
Status in linux source package in Focal:
Fix Committed
Status in openvswitch source package in Focal:
Invalid
Status in ovn source package in Focal:
Invalid
Status in linux source package in Impish:
Won't Fix
Status in openvswitch source package in Impish:
New
Status in ovn source package in Impish:
New
Status in linux source package in Jammy:
Fix Released
Status in openvswitch source package in Jammy:
Invalid
Status in ovn source package in Jammy:
Invalid
Status in linux source package in Kinetic:
Invalid
Status in openvswitch source package in Kinetic:
Invalid
Status in ovn source package in Kinetic:
Invalid
Bug description:
[Impact]
Users of Open vSwitch on Focal will not be able to upgrade to v2.16.0 or newer until this long standing kernel bug has been fixed.
Users of Open vSwitch on Jammy will be affected by this bug and
have no user space fix available. This bug currently blocks the
OpenStack Engineering team's charm product gate.
[Test Plan]
Execute the OVN system testsuite utilizing the kernel data path with the test synthesis patch in comment #7 applied.
In addition to that validating that the OpenStack charm test gate is
unblocked would be valuable.
[Regression Potential]
The regression potential can be considered as low because:
- The calls added in the openvswitch kernel datapath code would
prior to Open vSwitch 2.16.0 have been initiated from the
userspace code and by chance concealed this bug.
- After an optimization done in 2.16.0 the kernel bug was
revealed and these calls now must be made from the kernel
datapath to retain functionality in use in the wild.
[Original Bug Description]
If you have two hvs where hv1 is the gateway chassis and you have an instance running on hv2.
On instance on hv2 hairpin traffic works for the first session, but
not for the next:
$ ping -c1 10.78.95.89
PING 10.78.95.89 (10.78.95.89) 56(84) bytes of data.
64 bytes from 10.78.95.89: icmp_seq=1 ttl=62 time=1.07 ms
--- 10.78.95.89 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 1.078/1.078/1.078/0.000 ms
$ sudo ovs-appctl -t ovs-vswitchd dpctl/dump-conntrack
icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7334,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7334,type=0,code=0),zone=7
icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7334,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7334,type=0,code=0),zone=7
$ ping -c1 10.78.95.89
PING 10.78.95.89 (10.78.95.89) 56(84) bytes of data.
--- 10.78.95.89 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms
$ sudo ovs-appctl -t ovs-vswitchd dpctl/dump-conntrack
icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7334,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7334,type=0,code=0),zone=7
icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7334,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7334,type=0,code=0),zone=7
icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7335,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7335,type=0,code=0),zone=7
We made an attempt at using OVN built with [0], but that did
unfortunately not help.
If we however revert [1] it works again:
$ ping -c1 10.78.95.89
PING 10.78.95.89 (10.78.95.89) 56(84) bytes of data.
64 bytes from 10.78.95.89: icmp_seq=1 ttl=62 time=1.31 ms
--- 10.78.95.89 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 1.318/1.318/1.318/0.000 ms
$ sudo ovs-appctl -t ovs-vswitchd dpctl/dump-conntrack
icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7336,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7336,type=0,code=0),zone=7
icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7336,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7336,type=0,code=0),zone=7
icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7336,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7336,type=0,code=0),zone=1
$ ping -c1 10.78.95.89
PING 10.78.95.89 (10.78.95.89) 56(84) bytes of data.
64 bytes from 10.78.95.89: icmp_seq=1 ttl=62 time=0.307 ms
--- 10.78.95.89 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.307/0.307/0.307/0.000 ms
$ sudo ovs-appctl -t ovs-vswitchd dpctl/dump-conntrack
icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7337,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7337,type=0,code=0),zone=7
icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7337,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7337,type=0,code=0),zone=1
icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7337,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7337,type=0,code=0),zone=7
icmp,orig=(src=192.168.0.211,dst=10.78.95.89,id=7336,type=8,code=0),reply=(src=10.78.95.89,dst=192.168.0.211,id=7336,type=0,code=0),zone=7
icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7336,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7336,type=0,code=0),zone=7
icmp,orig=(src=10.78.95.89,dst=192.168.0.211,id=7336,type=8,code=0),reply=(src=192.168.0.211,dst=10.78.95.89,id=7336,type=0,code=0),zone=1
0: https://patchwork.ozlabs.org/project/ovn/patch/20220401175516.2139179-1-mmichels@redhat.com/
1: https://github.com/ovn-org/ovn/commit/4deac4509abbedd6ffaecf27eed01ddefccea40a
---
ProblemType: Bug
AlsaDevices:
total 0
crw-rw---- 1 root audio 116, 1 Jun 9 11:35 seq
crw-rw---- 1 root audio 116, 33 Jun 9 11:35 timer
AplayDevices: Error: [Errno 2] No such file or directory: 'aplay'
ApportVersion: 2.20.11-0ubuntu82.1
Architecture: amd64
ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord'
AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1:
CRDA: N/A
CasperMD5CheckResult: unknown
DistroRelease: Ubuntu 22.04
IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig'
Lsusb:
Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Lsusb-t:
/: Bus 02.Port 1: Dev 1, Class=root_hub, Driver=xhci_hcd/8p, 5000M
/: Bus 01.Port 1: Dev 1, Class=root_hub, Driver=xhci_hcd/8p, 480M
MachineType: QEMU Standard PC (Q35 + ICH9, 2009)
Package: linux (not installed)
PciMultimedia:
ProcEnviron:
TERM=xterm-256color
PATH=(custom, no user)
LANG=C.UTF-8
SHELL=/bin/bash
ProcFB: 0 virtio_gpudrmfb
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.15.0-37-generic root=UUID=63713e6b-8e8d-4f97-ac5a-883317b24711 ro console=tty1 console=ttyS0
ProcVersionSignature: Ubuntu 5.15.0-37.39-generic 5.15.35
RelatedPackageVersions:
linux-restricted-modules-5.15.0-37-generic N/A
linux-backports-modules-5.15.0-37-generic N/A
linux-firmware 20220329.git681281e4-0ubuntu1
RfKill: Error: [Errno 2] No such file or directory: 'rfkill'
Tags: jammy uec-images
Uname: Linux 5.15.0-37-generic x86_64
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: N/A
_MarkForUpload: True
dmi.bios.date: 02/06/2015
dmi.bios.release: 0.0
dmi.bios.vendor: EFI Development Kit II / OVMF
dmi.bios.version: 0.0.0
dmi.board.name: LXD
dmi.board.vendor: Canonical Ltd.
dmi.board.version: pc-q35-7.0
dmi.chassis.type: 1
dmi.chassis.vendor: QEMU
dmi.chassis.version: pc-q35-7.0
dmi.modalias: dmi:bvnEFIDevelopmentKitII/OVMF:bvr0.0.0:bd02/06/2015:br0.0:svnQEMU:pnStandardPC(Q35+ICH9,2009):pvrpc-q35-7.0:rvnCanonicalLtd.:rnLXD:rvrpc-q35-7.0:cvnQEMU:ct1:cvrpc-q35-7.0:sku:
dmi.product.name: Standard PC (Q35 + ICH9, 2009)
dmi.product.version: pc-q35-7.0
dmi.sys.vendor: QEMU
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1967856/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list