yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #35093
[Bug 1472452] [NEW] arp spoofing protection flow install failed
Public bug reported:
Now ovs-agent failed to install arp spoofing protection flow for new VMs, because it will firstly install arp spoofing protection flow in funstion 'treat_devices_added_or_updated':
def treat_devices_added_or_updated(self, devices, ovs_restarted):
.....
.....
if self.prevent_arp_spoofing:
self.setup_arp_spoofing_protection(self.int_br, port, details)
but then in function '_bind_devices', it will clear all flows for this
new port, so the arp spoofing protection flow is also be clean
def _bind_devices(self, need_binding_ports):
.....
....
if cur_tag != lvm.vlan:
self.int_br.set_db_attribute(
"Port", port.port_name, "tag", lvm.vlan)
if port.ofport != -1:
# NOTE(yamamoto): Remove possible drop_port flow
# installed by port_dead.
self.int_br.delete_flows(in_port=port.ofport)
** Affects: neutron
Importance: Undecided
Assignee: shihanzhang (shihanzhang)
Status: New
** Changed in: neutron
Assignee: (unassigned) => shihanzhang (shihanzhang)
** Description changed:
Now ovs-agent failed to install arp spoofing protection flow for new VMs, because it will firstly install arp spoofing protection flow in funstion 'treat_devices_added_or_updated':
- def treat_devices_added_or_updated(self, devices, ovs_restarted):
- .....
- .....
- if 'port_id' in details:
- LOG.info(_LI("Port %(device)s updated. Details: %(details)s"),
- {'device': device, 'details': details})
- need_binding = self.treat_vif_port(port, details['port_id'],
- details['network_id'],
- details['network_type'],
- details['physical_network'],
- details['segmentation_id'],
- details['admin_state_up'],
- details['fixed_ips'],
- details['device_owner'],
- ovs_restarted)
- if self.prevent_arp_spoofing:
- self.setup_arp_spoofing_protection(self.int_br,
- port, details)
+ def treat_devices_added_or_updated(self, devices, ovs_restarted):
+ .....
+ .....
+ if 'port_id' in details:
+ if self.prevent_arp_spoofing:
+ self.setup_arp_spoofing_protection(self.int_br,
+ port, details)
but then in function '_bind_devices', it will clear all flows for this
new port, so the arp spoofing protection flow is also be clean
- def _bind_devices(self, need_binding_ports):
- .....
- ....
- if cur_tag != lvm.vlan:
- self.int_br.set_db_attribute(
- "Port", port.port_name, "tag", lvm.vlan)
- if port.ofport != -1:
- # NOTE(yamamoto): Remove possible drop_port flow
- # installed by port_dead.
- self.int_br.delete_flows(in_port=port.ofport)
+ def _bind_devices(self, need_binding_ports):
+ .....
+ ....
+ if cur_tag != lvm.vlan:
+ self.int_br.set_db_attribute(
+ "Port", port.port_name, "tag", lvm.vlan)
+ if port.ofport != -1:
+ # NOTE(yamamoto): Remove possible drop_port flow
+ # installed by port_dead.
+ self.int_br.delete_flows(in_port=port.ofport)
** Description changed:
Now ovs-agent failed to install arp spoofing protection flow for new VMs, because it will firstly install arp spoofing protection flow in funstion 'treat_devices_added_or_updated':
def treat_devices_added_or_updated(self, devices, ovs_restarted):
.....
.....
- if 'port_id' in details:
- if self.prevent_arp_spoofing:
- self.setup_arp_spoofing_protection(self.int_br,
- port, details)
+
+ if self.prevent_arp_spoofing:
+ self.setup_arp_spoofing_protection(self.int_br, port, details)
but then in function '_bind_devices', it will clear all flows for this
new port, so the arp spoofing protection flow is also be clean
def _bind_devices(self, need_binding_ports):
.....
....
if cur_tag != lvm.vlan:
self.int_br.set_db_attribute(
"Port", port.port_name, "tag", lvm.vlan)
if port.ofport != -1:
# NOTE(yamamoto): Remove possible drop_port flow
# installed by port_dead.
self.int_br.delete_flows(in_port=port.ofport)
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1472452
Title:
arp spoofing protection flow install failed
Status in OpenStack Neutron (virtual network service):
New
Bug description:
Now ovs-agent failed to install arp spoofing protection flow for new VMs, because it will firstly install arp spoofing protection flow in funstion 'treat_devices_added_or_updated':
def treat_devices_added_or_updated(self, devices, ovs_restarted):
.....
.....
if self.prevent_arp_spoofing:
self.setup_arp_spoofing_protection(self.int_br, port, details)
but then in function '_bind_devices', it will clear all flows for this
new port, so the arp spoofing protection flow is also be clean
def _bind_devices(self, need_binding_ports):
.....
....
if cur_tag != lvm.vlan:
self.int_br.set_db_attribute(
"Port", port.port_name, "tag", lvm.vlan)
if port.ofport != -1:
# NOTE(yamamoto): Remove possible drop_port flow
# installed by port_dead.
self.int_br.delete_flows(in_port=port.ofport)
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1472452/+subscriptions
Follow ups
