From 5f3e15c3d5809134d70892b4f65031e5bd110c8f Mon Sep 17 00:00:00 2001
From: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
Date: Wed, 11 Mar 2020 17:41:59 +0100
Subject: [PATCH 1/2] northd: do not insert identical lflows in
 S_ROUTER_IN_ARP_RESOLVE

Avoid to configure multiple identical logical flows in
S_ROUTER_IN_ARP_RESOLVE stage. This can happen adding L2 destination
address info about snat since multiple nat entries will use the same
external_ip

Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
Signed-off-by: Numan Siddique <numans@ovn.org>

(cherry picked from upstream OVS branch20.03 commit 20aa8c3c5a1930805a32ec8121affa07b2ac7dff)

Change-Id: Ic5c1df529363469092a55454fdfbcae31a06ccf5
---
 northd/ovn-northd.c | 36 ++++++++++++++++++++++--------------
 1 file changed, 22 insertions(+), 14 deletions(-)

diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
index 787ca2f80..cdaeff401 100644
--- a/northd/ovn-northd.c
+++ b/northd/ovn-northd.c
@@ -8630,6 +8630,8 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports,
             continue;
         }
 
+        struct sset nat_entries = SSET_INITIALIZER(&nat_entries);
+
         struct v46_ip snat_ip, lb_snat_ip;
         const char *dnat_force_snat_ip = get_force_snat_ip(od, "dnat",
                                                            &snat_ip);
@@ -8855,20 +8857,24 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports,
                                             &nat->header_);
                 }
 
-                ds_clear(&match);
-                ds_put_format(
-                    &match, "outport == %s && %s == %s",
-                    od->l3dgw_port->json_key,
-                    is_v6 ? "xxreg0" : "reg0", nat->external_ip);
-                ds_clear(&actions);
-                ds_put_format(
-                    &actions, "eth.dst = %s; next;",
-                    distributed ? nat->external_mac :
-                    od->l3dgw_port->lrp_networks.ea_s);
-                ovn_lflow_add_with_hint(lflows, od, S_ROUTER_IN_ARP_RESOLVE,
-                                        100, ds_cstr(&match),
-                                        ds_cstr(&actions),
-                                        &nat->header_);
+                if (!sset_contains(&nat_entries, nat->external_ip)) {
+                    ds_clear(&match);
+                    ds_put_format(
+                        &match, "outport == %s && %s == %s",
+                        od->l3dgw_port->json_key,
+                        is_v6 ? "xxreg0" : "reg0", nat->external_ip);
+                    ds_clear(&actions);
+                    ds_put_format(
+                        &actions, "eth.dst = %s; next;",
+                        distributed ? nat->external_mac :
+                        od->l3dgw_port->lrp_networks.ea_s);
+                    ovn_lflow_add_with_hint(lflows, od,
+                                            S_ROUTER_IN_ARP_RESOLVE,
+                                            100, ds_cstr(&match),
+                                            ds_cstr(&actions),
+                                            &nat->header_);
+                    sset_add(&nat_entries, nat->external_ip);
+                }
             }
 
             /* Egress UNDNAT table: It is for already established connections'
@@ -9049,6 +9055,8 @@ build_lrouter_flows(struct hmap *datapaths, struct hmap *ports,
             }
         }
 
+        sset_destroy(&nat_entries);
+
         /* Handle force SNAT options set in the gateway router. */
         if (dnat_force_snat_ip && !od->l3dgw_port) {
             /* If a packet with destination IP address as that of the
-- 
2.25.1