Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
northd: Don't SNAT reply packets on LBs with lb_force_snat_ip set.
In case of LB having client as VIP and lb_force_snat_ip being set to specific IP we would SNAT the reply traffic for the load balancer. That was caused by premature unDNAT due to the client IP being LB VIP with combination of match for SNAT that was checking only the flag "force_snat_for_lb == 1". Add match to ensure that the reply traffic is not being sent to SNAT. Also extend the test for LB related traffic to ensure that this doesn't brake the scenaro when related traffic originates from LB backend as reply. Reported-at: https://issues.redhat.com/browse/FDP-1009 Signed-off-by: Ales Musil <amusil@redhat.com>
- Loading branch information