← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #60712

[Bug 1625516] Re: OVS FW driver ignores all non tcp udp icmp protocol rules

  Thread PreviousDate PreviousThread Next 
Reviewed:  https://review.openstack.org/402174
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=d5c07fe512502342cfde7c49e6ed75686608cc65
Submitter: Jenkins
Branch:    master

commit d5c07fe512502342cfde7c49e6ed75686608cc65
Author: Jakub Libosvar <libosvar@xxxxxxxxxx>
Date:   Thu Nov 24 12:32:55 2016 -0500

    ovsfw: Support protocol numbers instead of just tcp and udp
    
    Neutron API accepts also protocol numbers as protocols for security
    groups. This patch makes support for it in OVS firewall driver. iptables
    driver already supports it.
    
    Fullstack test covering SCTP connection was added and it requires
    ip_conntrack_proto_sctp kernel module in order to make conntrack work
    with SCTP.
    
    Change-Id: I6c5665a994c4a50ddbb95cd1360be0de0a6c7e40
    Closes-bug: 1625516


** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1625516

Title:
  OVS FW driver ignores all non tcp udp icmp protocol rules

Status in neutron:
  Fix Released

Bug description:
  Tested ovs 2.5 OVS FW driver.

  Could not run sctp traffic between VMs in the same tenant and network
  after allowing ip protocol 132 (sctp) ingress and egress traffic in
  the security group.

  With iptables driver worked well.

  Tested on rhel7.3

  OSP10- Newton

  2016-09-20 11:20:38.121 17370 DEBUG
  neutron.agent.linux.openvswitch_firewall.firewall [req-1e1ee4b4-0722
  -42fb-b9a6-5499eeac7028 - - - - -] RULGEN: Rules generated for flow
  {u'ethertype': u'IPv4', u'direction': u'ingress', u'source_ip_prefix':
  u'0.0.0.0/0', u'protocol': u'132'} are [{'dl_type': 2048, 'reg_port':
  7, 'actions': 'strip_vlan,output:7', 'priority': 70, 'table': 82,
  'dl_dst': u'fa:16:3e:5b:c9:06'}] add_flows_from_rules
  /usr/lib/python2.7/site-
  packages/neutron/agent/linux/openvswitch_firewall/firewall.py:667

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1625516/+subscriptions

References

  Thread PreviousDate PreviousThread Next