← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #91203

[Bug 2003706] Re: [OVN] Security group logging only logs half of the connection

  Thread PreviousDate PreviousThread Next 
Reviewed:  https://review.opendev.org/c/openstack/neutron/+/871096
Committed: https://opendev.org/openstack/neutron/commit/f7e31b4c0533687622f8f2644c802574e31536f7
Submitter: "Zuul (22348)"
Branch:    master

commit f7e31b4c0533687622f8f2644c802574e31536f7
Author: Elvira García <egarciar@xxxxxxxxxx>
Date:   Thu Jan 19 14:48:23 2023 +0100

    [OVN] Allow logging all traffic related to an ACL
    
    Before this patch, we would only get logged the client to server side of
    the communication. The OVN allow-related ACL option was implemented [0]
    so as to be able to log also the packets that are going from server to
    client. This patch implements the addition of that feature in Neutron
    and needs OVN version 22.03 or updated 21.12.
    
    [0] https://patchwork.ozlabs.org/project/ovn/patch/20220201141118.1846390-1-mmichels@xxxxxxxxxx/
    
    Closes-Bug: #2003706
    Change-Id: I72d061c333f53e07f6feedec032e2c0b06a61248
    Signed-off-by: Elvira García <egarciar@xxxxxxxxxx>


** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2003706

Title:
  [OVN] Security group logging only logs half of the connection

Status in neutron:
  Fix Released

Bug description:
  With the OVN security group logging feature enabled there is only one
  direction (from client to server) packets are actually logged. It
  happens because there is a single OpenFlow rule created for the
  returned traffic and it has no logging action

  Steps:
  - Create server associated to security group.
  - Add a network log object that logs accepted traffic from that security group.
  - Check logs in ovn-controller.log

  Expected results:
  - We get the packets incoming and outcoming from the server.

  Actual results:
  - We only see incoming packets.

  More info at: https://bugzilla.redhat.com/show_bug.cgi?id=2152877

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2003706/+subscriptions

References

  Thread PreviousDate PreviousThread Next