[Bug 2119151] Re: [hwol] Traffic from SNATed networks to LB VIPs is broken

Launchpad Bug Tracker 2119151 at bugs.launchpad.net
Tue Sep 23 09:49:57 UTC 2025 

This bug was fixed in the package ovn - 24.03.6-0ubuntu0.24.04.1

---------------
ovn (24.03.6-0ubuntu0.24.04.1) noble; urgency=medium

  * New upstream point release 24.03.6 (LP: #2119289).
  * d/control: Bump openvswitch-source version.
  * d/p/CVE-2025-0650.patch: Drop, redundant after point
    release update.
  * d/p/lp-2119151-Revert-northd-Don-t-skip-the-unSNAT-stage-for-traffi.patch:
    [Hardware Offload] Fix traffic from SNATed networks to Load Balancer
    VIPs (LP: #2119151).

 -- Martin Kalcok <martin.kalcok at canonical.com>  Fri, 01 Aug 2025
08:42:42 +0000

** Changed in: ovn (Ubuntu Noble)
       Status: Fix Committed => Fix Released

** CVE added: https://cve.org/CVERecord?id=CVE-2025-0650

** Changed in: ovn (Ubuntu Jammy)
       Status: Fix Committed => Fix Released

** CVE added: https://cve.org/CVERecord?id=CVE-2024-2182

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to ovn in Ubuntu.
https://bugs.launchpad.net/bugs/2119151

Title:
  [hwol] Traffic from SNATed networks to LB VIPs is broken

Status in ovn package in Ubuntu:
  Fix Released
Status in ovn source package in Jammy:
  Fix Released
Status in ovn source package in Noble:
  Fix Released
Status in ovn source package in Plucky:
  Fix Committed
Status in ovn source package in Questing:
  Fix Released

Bug description:
  [Impact]
  With Hardware Offload enabled, traffic from network with SNAT enabled can't reach service behind a Load Balancer's VIP.

  Fix was proposed and merged upstream [0] and additional discussion can
  be found on mailing list [1].

  [0] https://github.com/ovn-org/ovn/commit/342eb7fec33392642bb7b79526851bb1f4eda880
  [1] https://mail.openvswitch.org/pipermail/ovs-dev/2025-May/423389.html

  [Test Case]
  The change includes both unit and system test cases that will be executed as part of package build and autopkgtest.

  In addition full end to end validation will be performed as documented
  in the test case for point release updates submitted simultaneously
  (bug 2119301, bug 2119289 and bug 2119283).

  [Regression Potential]
  The patch, which in reality is a revert of a previous commit, has been merged and backported to upstream stable branches [2] since June 25th.

  The change has received scrutiny from maintainers of the project as
  well as stake holders among hardware vendors.

  [2] https://mail.openvswitch.org/pipermail/ovs-
  dev/2025-June/424285.html

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ovn/+bug/2119151/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list