Normal Problem Description: Clearly explain the issue.
A load balancer with skip_snat or force_snat, but without backends, generates syntactically incorrect logical flow actions:
2025-01-21T18:18:26.668Z|04152|lflow|WARN|error parsing actions "flags.force_snat_for_lb = 1; drop;": Syntax error at `drop' expecting action.
2025-01-22T17:13:49.709Z|00047|lflow|WARN|error parsing actions "flags.skip_snat_for_lb = 1; drop;": Syntax error at `drop' expecting action.
Impact Assessment: Describe the severity and impact (e.g., network down,availability of a workaround, etc.).
The packet must be dropped and OVN will attempt to route it instead. it's unlikely that routing will be successful, but anyway.
Software Versions: Specify the exact versions in use (e.g.,openvswitch3.1-3.1.0-147.el8fdp).
OVN 24.09.0-33.el9fdp
Issue Type: Indicate whether this is a new issue or a regression (if a regression, state the last known working version).
New issue.
Reproducibility: Confirm if the issue can be reproduced consistently. If not, describe how often it occurs.
For some reason, it's hard to reproduce with force_snat, but skip_snat is 100% reproducible in the OVN sandbox.
Reproduction Steps: Provide detailed steps or scripts to replicate the issue.
$ make sandbox $ ./ovn-setup.sh $ ovn-nbctl create load_balancer name=lb-empty vips:\"172.168.10.30\"=\"\" protocol=tcp options:skip_snat=true $ ovn-nbctl lr-lb-add lr0 lb-empty $ ovn-sbctl lflow-list lr0 | grep '172.168.10.30' table=6 (lr_in_defrag ), priority=100 , match=(ip && ip4.dst == 172.168.10.30), action=(ct_dnat;) table=8 (lr_in_dnat ), priority=110 , match=(ct.new && !ct.rel && ip4 && ip4.dst == 172.168.10.30), action=(flags.skip_snat_for_lb = 1; drop;) $ grep Syntax ./sandbox/ovn-controller.log 2025-01-22T17:13:49.709Z|00047|lflow|WARN|error parsing actions "flags.skip_snat_for_lb = 1; drop;": Syntax error at `drop' expecting action.
Expected Behavior: Describe what should happen under normal circumstances.
No syntax errors and the packet is explicitly dropped.
Observed Behavior: Explain what actually happens.
Syntax error.
Troubleshooting Actions: Outline the steps taken to diagnose or resolve the issue so far.
The issue originates from this code in northd:
if (reject) { int stage = ls_dp ? ovn_stage_get_table(S_SWITCH_OUT_QOS) : ovn_stage_get_table(S_ROUTER_OUT_SNAT); ds_clear(action); ds_put_format(action, "reg0 = 0; reject { outport <-> inport; " "next(pipeline=egress,table=%d);};", stage); } else if (drop) { ds_clear(action); ds_put_cstr(action, debug_drop_action()); <--- drop action } else if (selection_fields && selection_fields[0]) { ds_put_format(action, "; hash_fields=\"%s\"", selection_fields); } bool is_lb_action = !(reject || drop); const char *enclose = is_lb_action ? ");" : ""; if (!ls_dp) { ds_put_format(skip_snat_action, "flags.skip_snat_for_lb = 1; %s%s", ds_cstr(action), <--- drop action is_lb_action ? "; skip_snat);" : enclose); ds_put_format(force_snat_action, "flags.force_snat_for_lb = 1; %s%s", ds_cstr(action), is_lb_action ? "; force_snat);" : enclose); } ds_put_cstr(action, enclose);
The code should work the same for both skip and force, so it's unclear which part is missing in order to trigger the issue for the force_snat.
- links to