Through [1] ipset members are updated in update_security_group_members
instead of updating during firewall apply. In the same way, we will
delete conntrack entries immediately after deleting remote ipset
members(in update_security_group_members) instead of deleting them after
firewall apply.
As explained in [2], this change partially fixes bug #1580377 i.e it
deletes conntrack entries on remote hosts for a removed port.
Reviewed: https:/ /review. openstack. org/408982 /git.openstack. org/cgit/ openstack/ neutron/ commit/ ?id=ceb1b95b48f 28f4c3ac022237e 9f68c80bc8afe4
Committed: https:/
Submitter: Jenkins
Branch: stable/newton
commit ceb1b95b48f28f4 c3ac022237e9f68 c80bc8afe4
Author: venkata anil <email address hidden>
Date: Mon Aug 8 14:11:11 2016 +0000
Delete conntrack when remote ipset member removed
Through [1] ipset members are updated in update_ security_ group_members security_ group_members) instead of deleting them after
instead of updating during firewall apply. In the same way, we will
delete conntrack entries immediately after deleting remote ipset
members(in update_
firewall apply.
As explained in [2], this change partially fixes bug #1580377 i.e it
deletes conntrack entries on remote hosts for a removed port.
[1] https:/ /review. openstack. org/#/c/ 347068/ /bugs.launchpad .net/neutron/ +bug/1580377/ comments/ 13
[2] https:/
Co- Authored- By:shihanzhang <email address hidden> 8b794c44796b4c9 45432379c13 df6ab29d2b30049 7fef401682)
Partial-Bug: #1580377
Change-Id: Iea3344a24e2a06
(cherry picked from commit 9168dbf93d70ec4