yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1564947] Re: ovs-firewall doesn't work with tunneling and vlan tagging

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <1564947@xxxxxxxxxxxxxxxxxx>
Date: Tue, 05 Apr 2016 13:00:51 -0000
Reply-to: Bug 1564947 <1564947@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Reviewed:  https://review.openstack.org/300542
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=0f9ec7b72a8ca173b760f20323f90bffefa91681
Submitter: Jenkins
Branch:    master

commit 0f9ec7b72a8ca173b760f20323f90bffefa91681
Author: Jakub Libosvar <libosvar@xxxxxxxxxx>
Date:   Fri Apr 1 14:53:03 2016 +0000

    ovsfw: Remove vlan tag before injecting packets to port
    
    Open vSwitch takes care of vlan tagging in case normal switching is
    used. When ingress traffic packets are accepted, the
    actions=output:<port_number> is used but we need to explicitly take care
    of stripping out the vlan tags.
    
    Closes-Bug: 1564947
    Change-Id: If3fc44c9fd1ac0f7bc9dfe9dc48e76352e981f8e


** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1564947

Title:
  ovs-firewall doesn't work with tunneling and vlan tagging

Status in neutron:
  Fix Released

Bug description:
  As firewall uses actions=output: which doesn't handle vlan tags,
  accepted ingress traffic gets packets that are still tagged. Normal
  actions take care of vlan tags according tags on ports, so those are
  fine. We should use strip_vlan for all actions using
  output:<port_number>

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1564947/+subscriptions

References

[Bug 1564947] [NEW] ovs-firewall doesn't work with tunneling and vlan tagging
From: Jakub Libosvar, 2016-04-01