2015-07-08 01:38:23 |
shihanzhang |
description |
Now ovs-agent failed to install arp spoofing protection flow for new VMs, because it will firstly install arp spoofing protection flow in funstion 'treat_devices_added_or_updated':
def treat_devices_added_or_updated(self, devices, ovs_restarted):
.....
.....
if 'port_id' in details:
LOG.info(_LI("Port %(device)s updated. Details: %(details)s"),
{'device': device, 'details': details})
need_binding = self.treat_vif_port(port, details['port_id'],
details['network_id'],
details['network_type'],
details['physical_network'],
details['segmentation_id'],
details['admin_state_up'],
details['fixed_ips'],
details['device_owner'],
ovs_restarted)
if self.prevent_arp_spoofing:
self.setup_arp_spoofing_protection(self.int_br,
port, details)
but then in function '_bind_devices', it will clear all flows for this new port, so the arp spoofing protection flow is also be clean
def _bind_devices(self, need_binding_ports):
.....
....
if cur_tag != lvm.vlan:
self.int_br.set_db_attribute(
"Port", port.port_name, "tag", lvm.vlan)
if port.ofport != -1:
# NOTE(yamamoto): Remove possible drop_port flow
# installed by port_dead.
self.int_br.delete_flows(in_port=port.ofport) |
Now ovs-agent failed to install arp spoofing protection flow for new VMs, because it will firstly install arp spoofing protection flow in funstion 'treat_devices_added_or_updated':
def treat_devices_added_or_updated(self, devices, ovs_restarted):
.....
.....
if 'port_id' in details:
if self.prevent_arp_spoofing:
self.setup_arp_spoofing_protection(self.int_br,
port, details)
but then in function '_bind_devices', it will clear all flows for this new port, so the arp spoofing protection flow is also be clean
def _bind_devices(self, need_binding_ports):
.....
....
if cur_tag != lvm.vlan:
self.int_br.set_db_attribute(
"Port", port.port_name, "tag", lvm.vlan)
if port.ofport != -1:
# NOTE(yamamoto): Remove possible drop_port flow
# installed by port_dead.
self.int_br.delete_flows(in_port=port.ofport) |
|
2015-07-08 01:39:12 |
shihanzhang |
description |
Now ovs-agent failed to install arp spoofing protection flow for new VMs, because it will firstly install arp spoofing protection flow in funstion 'treat_devices_added_or_updated':
def treat_devices_added_or_updated(self, devices, ovs_restarted):
.....
.....
if 'port_id' in details:
if self.prevent_arp_spoofing:
self.setup_arp_spoofing_protection(self.int_br,
port, details)
but then in function '_bind_devices', it will clear all flows for this new port, so the arp spoofing protection flow is also be clean
def _bind_devices(self, need_binding_ports):
.....
....
if cur_tag != lvm.vlan:
self.int_br.set_db_attribute(
"Port", port.port_name, "tag", lvm.vlan)
if port.ofport != -1:
# NOTE(yamamoto): Remove possible drop_port flow
# installed by port_dead.
self.int_br.delete_flows(in_port=port.ofport) |
Now ovs-agent failed to install arp spoofing protection flow for new VMs, because it will firstly install arp spoofing protection flow in funstion 'treat_devices_added_or_updated':
def treat_devices_added_or_updated(self, devices, ovs_restarted):
.....
.....
if self.prevent_arp_spoofing:
self.setup_arp_spoofing_protection(self.int_br, port, details)
but then in function '_bind_devices', it will clear all flows for this new port, so the arp spoofing protection flow is also be clean
def _bind_devices(self, need_binding_ports):
.....
....
if cur_tag != lvm.vlan:
self.int_br.set_db_attribute(
"Port", port.port_name, "tag", lvm.vlan)
if port.ofport != -1:
# NOTE(yamamoto): Remove possible drop_port flow
# installed by port_dead.
self.int_br.delete_flows(in_port=port.ofport) |
|