| Thread Previous • Date Previous • Date Next • Thread Next |
Reviewed: https://review.openstack.org/284259
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=4f6aa3ffde2fd68b85bc5dfdaf6c2684931f3f61
Submitter: Jenkins
Branch: master
commit 4f6aa3ffde2fd68b85bc5dfdaf6c2684931f3f61
Author: Jakub Libosvar <libosvar@xxxxxxxxxx>
Date: Wed Feb 24 16:34:07 2016 +0000
ovs-fw: Mark conntrack entries invalid if no rule is matched
This patch makes sure that existing connection breaks once security
group rule that allowed such connection is removed. Due to correctly
track connections on the same hypervisor, zones were changed from
per-port to per-network (based on port's vlan tag). This information is
now stored in register 6. Also there was added a test for RELATED
connections to avoid marking such connection as invalid by REPLY rules.
Closes-Bug: 1549370
Change-Id: Ibb5942a980ddd8f2dd7ac328e9559a80c05789bb
** Changed in: neutron
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1549370
Title:
Existing connections are not dropped with ovs-firewall when rule is
removed
Status in neutron:
Fix Released
Bug description:
When rule that allows some traffic is removed from security group, all
existing connections going to port using this rule should be cut.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1549370/+subscriptions
| Thread Previous • Date Previous • Date Next • Thread Next |
