From 46f93eab7fe5a29b43c4314b5b661a9709bd6b43 Mon Sep 17 00:00:00 2001
From: Guvenc Gulce <guevenc.guelce@sap.com>
Date: Mon, 4 Nov 2024 18:02:41 +0100
Subject: [PATCH] Do not delete conntrack reply direction keys

Do not delete conntrack reply direction keys to satisfy the assumption
that conntrack entries have two references.

Signed-off-by: Guvenc Gulce <guevenc.guelce@sap.com>
---
 src/dp_cntrack.c      | 7 +++++++
 src/nodes/dnat_node.c | 8 +++++---
 src/nodes/lb_node.c   | 1 -
 3 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/src/dp_cntrack.c b/src/dp_cntrack.c
index aed71a39..bf911576 100644
--- a/src/dp_cntrack.c
+++ b/src/dp_cntrack.c
@@ -297,6 +297,13 @@ int dp_cntrack_handle(struct rte_mbuf *m, struct dp_flow *df)
 		dp_cntrack_tcp_state(flow_val, tcp_hdr);
 		dp_cntrack_set_timeout_tcp_flow(m, flow_val, df);
 	}
+
+	// Network neighbour and LB forward flows are not allowed to have reply flows
+	if (unlikely((flow_val->nf_info.nat_type == DP_FLOW_NAT_TYPE_NETWORK_NEIGH
+				  || flow_val->nf_info.nat_type == DP_FLOW_LB_TYPE_FORWARD)
+				 && (df->flow_dir == DP_FLOW_DIR_REPLY)))
+		return DP_ERROR;
+
 	df->conntrack = flow_val;
 	dp_cntrack_set_pkt_offload_decision(df);
 
diff --git a/src/nodes/dnat_node.c b/src/nodes/dnat_node.c
index f7fd7777..cd7a3c38 100644
--- a/src/nodes/dnat_node.c
+++ b/src/nodes/dnat_node.c
@@ -34,7 +34,11 @@ static __rte_always_inline rte_edge_t get_next_index(__rte_unused struct rte_nod
 	if (!cntrack)
 		goto out;
 
-	if (DP_FLOW_HAS_NO_FLAGS(cntrack->flow_flags) && df->flow_dir == DP_FLOW_DIR_ORG && df->l3_type == RTE_ETHER_TYPE_IPV4) {
+	if (DP_FLOW_HAS_NO_FLAGS(cntrack->flow_flags)
+		&& df->flow_dir == DP_FLOW_DIR_ORG
+		&& df->l3_type == RTE_ETHER_TYPE_IPV4
+		&& cntrack->nf_info.nat_type != DP_FLOW_NAT_TYPE_NETWORK_NEIGH
+	) {
 		dst_ip = ntohl(df->dst.dst_addr);
 		vni = df->tun_info.dst_vni;
 		if (vni == 0)
@@ -57,8 +61,6 @@ static __rte_always_inline rte_edge_t get_next_index(__rte_unused struct rte_nod
 					df->nat_type = DP_CHG_UL_DST_IP;
 					cntrack->nf_info.l4_type = df->l4_type;
 					dp_copy_ipv6(&cntrack->nf_info.underlay_dst, underlay_dst);
-
-					dp_delete_flow(&cntrack->flow_key[DP_FLOW_DIR_REPLY], cntrack); // no reverse traffic for relaying pkts
 					return DNAT_NEXT_PACKET_RELAY;
 				}
 
diff --git a/src/nodes/lb_node.c b/src/nodes/lb_node.c
index 644a3e01..b0636912 100644
--- a/src/nodes/lb_node.c
+++ b/src/nodes/lb_node.c
@@ -79,7 +79,6 @@ static __rte_always_inline rte_edge_t get_next_index(__rte_unused struct rte_nod
 
 		if (df->nat_type != DP_LB_RECIRC) {
 			cntrack->nf_info.nat_type = DP_FLOW_LB_TYPE_FORWARD;
-			dp_delete_flow(&cntrack->flow_key[DP_FLOW_DIR_REPLY], cntrack); // no reverse traffic for relaying pkts
 		} else
 			cntrack->nf_info.nat_type = DP_FLOW_LB_TYPE_RECIRC;