port's allowed_address_pairs allow different IP and MAC set for port.
The current ovsfw implementation has this issue for allowed_address_pairs with different MAC with VM's MAC:
1. Packets with allowed_address_pairs' MAC and IP (different MAC with VM's MAC) cannot come out from VM because the table=72 OpenFlow only check dl_src=VM-MAC in br-int.
2. Cannot ping from outside to VM's allowed_address_pairs' MAC and IP (different MAC with VM's MAC) because the table=0 OpenFlow only check dl_dst=VM-MAC.
We need to allow the situation that address_pairs with different MAC with VM's MAC.
Suggest change:
1. Do not check dl_src in table=72 because table=71 has checked
dl_src for Egress.
2. Add all allowed MACs in table=0 and table=73 for Ingress.
3. Check dl_dst and nw_dst in table=81 like table=71 does.
4. Do not check dl_dst in table=82 because this check has done
in table=0 and table=73.
Fix proposed to branch: master /review. openstack. org/473751
Review: https:/