yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #91451
[Bug 2009221] [NEW] [OVS] Custom ethertype traffic is not coming into the VM
Public bug reported:
This bug is related to https://bugs.launchpad.net/neutron/+bug/1832758.
In [1], the ability to allow custom ethertypes was added to the OVS
native firewall. This patch was adding a bypass for traffic with custom
ethertypes and a MAC address matching one of the local ports in this OVS
(in the table 60 the traffic should match the VLAN tag and the
destination MAC).
In [2], this piece of code was moved to the EGRESS section to allow the
traffic sent by a port with one of the allowed custom ethertypes to
bypass the firewall and go directly to the accepted egress table, where
the traffic is sent explicitly to the corresponding physical bridge or
tunnel bridge, depending on the network type.
None of these patches can live without the other. Now we are missing the
code of the first one [1], removed by the second one [2]: we need an
explicit bypass in the INGRESS section to allow this traffic and sent it
directly to the corresponding port.
[1]https://review.opendev.org/c/openstack/neutron/+/668224
[2]https://review.opendev.org/c/openstack/neutron/+/678021
** Affects: neutron
Importance: Medium
Assignee: Rodolfo Alonso (rodolfo-alonso-hernandez)
Status: New
** Changed in: neutron
Assignee: (unassigned) => Rodolfo Alonso (rodolfo-alonso-hernandez)
** Changed in: neutron
Importance: Undecided => Medium
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2009221
Title:
[OVS] Custom ethertype traffic is not coming into the VM
Status in neutron:
New
Bug description:
This bug is related to
https://bugs.launchpad.net/neutron/+bug/1832758.
In [1], the ability to allow custom ethertypes was added to the OVS
native firewall. This patch was adding a bypass for traffic with
custom ethertypes and a MAC address matching one of the local ports in
this OVS (in the table 60 the traffic should match the VLAN tag and
the destination MAC).
In [2], this piece of code was moved to the EGRESS section to allow
the traffic sent by a port with one of the allowed custom ethertypes
to bypass the firewall and go directly to the accepted egress table,
where the traffic is sent explicitly to the corresponding physical
bridge or tunnel bridge, depending on the network type.
None of these patches can live without the other. Now we are missing
the code of the first one [1], removed by the second one [2]: we need
an explicit bypass in the INGRESS section to allow this traffic and
sent it directly to the corresponding port.
[1]https://review.opendev.org/c/openstack/neutron/+/668224
[2]https://review.opendev.org/c/openstack/neutron/+/678021
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2009221/+subscriptions
Follow ups