yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #71714
[Bug 1756273] [NEW] Security group Closed but arp spoof still open
Public bug reported:
branch: Master
In openstack, Security group has been closed,configurations as follows:
enable_security_group=False
firewall_driver = noop
extension_drivers = qos
but in br-int bridge:
[root@tecs200 ~]# ovs-ofctl dump-flows br-int | grep spa
cookie=0x5c3fa3f8e803ff0c, duration=1071.862s, table=24, n_packets=0, n_bytes=0, idle_age=2317, priority=2,arp,in_port=33,arp_spa=192.168.100.5 actions=resubmit(,25)
cookie=0x5c3fa3f8e803ff0c, duration=1071.842s, table=24, n_packets=0, n_bytes=0, idle_age=2317, priority=2,arp,in_port=22,arp_spa=192.168.100.11 actions=resubmit(,25)
cookie=0x5c3fa3f8e803ff0c, duration=1071.823s, table=24, n_packets=0, n_bytes=0, idle_age=2317, priority=2,arp,in_port=28,arp_spa=192.168.100.10 actions=resubmit(,25)
cookie=0x5c3fa3f8e803ff0c, duration=1071.804s, table=24, n_packets=0, n_bytes=0, idle_age=2317, priority=2,arp,in_port=20,arp_spa=192.168.100.4 actions=resubmit(,25)
cookie=0x5c3fa3f8e803ff0c, duration=1071.784s, table=24, n_packets=0, n_bytes=0, idle_age=2317, priority=2,arp,in_port=29,arp_spa=192.168.100.7 actions=resubmit(,25)
cookie=0x5c3fa3f8e803ff0c, duration=1071.765s, table=24, n_packets=0, n_bytes=0, idle_age=2317, priority=2,arp,in_port=23,arp_spa=192.168.100.8 actions=resubmit(,25)
cookie=0x5c3fa3f8e803ff0c, duration=1071.745s, table=24, n_packets=0, n_bytes=0, idle_age=2317, priority=2,arp,in_port=30,arp_spa=192.168.100.20 actions=resubmit(,25)
cookie=0x5c3fa3f8e803ff0c, duration=1071.719s, table=24, n_packets=0, n_bytes=0, idle_age=2316, priority=2,arp,in_port=21,arp_spa=192.168.100.6 actions=resubmit(,25)
cookie=0x5c3fa3f8e803ff0c, duration=1071.699s, table=24, n_packets=0, n_bytes=0, idle_age=2316, priority=2,arp,in_port=34,arp_spa=192.168.100.26 actions=resubmit(,25)
cookie=0x5c3fa3f8e803ff0c, duration=1071.679s, table=24, n_packets=0, n_bytes=0, idle_age=2316, priority=2,arp,in_port=31,arp_spa=192.168.100.23 actions=resubmit(,25)
cookie=0x5c3fa3f8e803ff0c, duration=1071.660s, table=24, n_packets=0, n_bytes=0, idle_age=2316, priority=2,arp,in_port=26,arp_spa=192.168.100.17 actions=resubmit(,25)
cookie=0x5c3fa3f8e803ff0c, duration=1071.640s, table=24, n_packets=0, n_bytes=0, idle_age=2316, priority=2,arp,in_port=24,arp_spa=192.168.100.9 actions=resubmit(,25)
cookie=0x5c3fa3f8e803ff0c, duration=1071.620s, table=24, n_packets=0, n_bytes=0, idle_age=2316, priority=2,arp,in_port=32,arp_spa=192.168.100.14 actions=resubmit(,25)
cookie=0x5c3fa3f8e803ff0c, duration=1071.601s, table=24, n_packets=0, n_bytes=0, idle_age=2316, priority=2,arp,in_port=27,arp_spa=192.168.100.12 actions=resubmit(,25)
cookie=0x5c3fa3f8e803ff0c, duration=1071.573s, table=24, n_packets=0, n_bytes=0, idle_age=2316, priority=2,arp,in_port=25,arp_spa=192.168.100.3 actions=resubmit(,25)
[root@tecs200 ~]#
** Affects: neutron
Importance: Undecided
Assignee: QunyingRan (ran-qunying)
Status: New
** Changed in: neutron
Assignee: (unassigned) => QunyingRan (ran-qunying)
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1756273
Title:
Security group Closed but arp spoof still open
Status in neutron:
New
Bug description:
branch: Master
In openstack, Security group has been closed,configurations as
follows:
enable_security_group=False
firewall_driver = noop
extension_drivers = qos
but in br-int bridge:
[root@tecs200 ~]# ovs-ofctl dump-flows br-int | grep spa
cookie=0x5c3fa3f8e803ff0c, duration=1071.862s, table=24, n_packets=0, n_bytes=0, idle_age=2317, priority=2,arp,in_port=33,arp_spa=192.168.100.5 actions=resubmit(,25)
cookie=0x5c3fa3f8e803ff0c, duration=1071.842s, table=24, n_packets=0, n_bytes=0, idle_age=2317, priority=2,arp,in_port=22,arp_spa=192.168.100.11 actions=resubmit(,25)
cookie=0x5c3fa3f8e803ff0c, duration=1071.823s, table=24, n_packets=0, n_bytes=0, idle_age=2317, priority=2,arp,in_port=28,arp_spa=192.168.100.10 actions=resubmit(,25)
cookie=0x5c3fa3f8e803ff0c, duration=1071.804s, table=24, n_packets=0, n_bytes=0, idle_age=2317, priority=2,arp,in_port=20,arp_spa=192.168.100.4 actions=resubmit(,25)
cookie=0x5c3fa3f8e803ff0c, duration=1071.784s, table=24, n_packets=0, n_bytes=0, idle_age=2317, priority=2,arp,in_port=29,arp_spa=192.168.100.7 actions=resubmit(,25)
cookie=0x5c3fa3f8e803ff0c, duration=1071.765s, table=24, n_packets=0, n_bytes=0, idle_age=2317, priority=2,arp,in_port=23,arp_spa=192.168.100.8 actions=resubmit(,25)
cookie=0x5c3fa3f8e803ff0c, duration=1071.745s, table=24, n_packets=0, n_bytes=0, idle_age=2317, priority=2,arp,in_port=30,arp_spa=192.168.100.20 actions=resubmit(,25)
cookie=0x5c3fa3f8e803ff0c, duration=1071.719s, table=24, n_packets=0, n_bytes=0, idle_age=2316, priority=2,arp,in_port=21,arp_spa=192.168.100.6 actions=resubmit(,25)
cookie=0x5c3fa3f8e803ff0c, duration=1071.699s, table=24, n_packets=0, n_bytes=0, idle_age=2316, priority=2,arp,in_port=34,arp_spa=192.168.100.26 actions=resubmit(,25)
cookie=0x5c3fa3f8e803ff0c, duration=1071.679s, table=24, n_packets=0, n_bytes=0, idle_age=2316, priority=2,arp,in_port=31,arp_spa=192.168.100.23 actions=resubmit(,25)
cookie=0x5c3fa3f8e803ff0c, duration=1071.660s, table=24, n_packets=0, n_bytes=0, idle_age=2316, priority=2,arp,in_port=26,arp_spa=192.168.100.17 actions=resubmit(,25)
cookie=0x5c3fa3f8e803ff0c, duration=1071.640s, table=24, n_packets=0, n_bytes=0, idle_age=2316, priority=2,arp,in_port=24,arp_spa=192.168.100.9 actions=resubmit(,25)
cookie=0x5c3fa3f8e803ff0c, duration=1071.620s, table=24, n_packets=0, n_bytes=0, idle_age=2316, priority=2,arp,in_port=32,arp_spa=192.168.100.14 actions=resubmit(,25)
cookie=0x5c3fa3f8e803ff0c, duration=1071.601s, table=24, n_packets=0, n_bytes=0, idle_age=2316, priority=2,arp,in_port=27,arp_spa=192.168.100.12 actions=resubmit(,25)
cookie=0x5c3fa3f8e803ff0c, duration=1071.573s, table=24, n_packets=0, n_bytes=0, idle_age=2316, priority=2,arp,in_port=25,arp_spa=192.168.100.3 actions=resubmit(,25)
[root@tecs200 ~]#
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1756273/+subscriptions
Follow ups
