Through [1] ipset members are updated in update_security_group_members
instead of updating during firewall apply. In the same way, we will
delete conntrack entries immediately after deleting remote ipset
members(in update_security_group_members) instead of deleting them after
firewall apply.
As explained in [2], this change partially fixes bug #1580377 i.e it
deletes conntrack entries on remote hosts for a removed port.
Reviewed: https:/ /review. openstack. org/352440 /git.openstack. org/cgit/ openstack/ neutron/ commit/ ?id=9168dbf93d7 0ec4df6ab29d2b3 00497fef401682
Committed: https:/
Submitter: Jenkins
Branch: master
commit 9168dbf93d70ec4 df6ab29d2b30049 7fef401682
Author: venkata anil <email address hidden>
Date: Mon Aug 8 14:11:11 2016 +0000
Delete conntrack when remote ipset member removed
Through [1] ipset members are updated in update_ security_ group_members security_ group_members) instead of deleting them after
instead of updating during firewall apply. In the same way, we will
delete conntrack entries immediately after deleting remote ipset
members(in update_
firewall apply.
As explained in [2], this change partially fixes bug #1580377 i.e it
deletes conntrack entries on remote hosts for a removed port.
[1] https:/ /review. openstack. org/#/c/ 347068/ /bugs.launchpad .net/neutron/ +bug/1580377/ comments/ 13
[2] https:/
Co- Authored- By:shihanzhang <email address hidden> 8b794c44796b4c9 45432379c13
Partial-Bug: #1580377
Change-Id: Iea3344a24e2a06