commit 6370a0471076ccb095a90f97ffc869ae7ea2e5ed
Author: Jakub Libosvar <email address hidden>
Date: Tue Jun 13 12:07:28 2017 +0000
ovsfw: Fix overlapping MAC addresses on integration bridge
The patch relies on the fact that traffic not going from instance
(and thus port not managed by firewall) is tagged. Traffic coming from
the instance is not tagged and thus net register is used for marking
such traffic. These two approaches make matching rules unique even if
two ports from different networks share its' mac addressess.
Traffic coming from trusted ports is marked with network in registry
so firewall can decide later to which network traffic belongs.
Reviewed: https:/ /review. openstack. org/385085 /git.openstack. org/cgit/ openstack/ neutron/ commit/ ?id=6370a047107 6ccb095a90f97ff c869ae7ea2e5ed
Committed: https:/
Submitter: Jenkins
Branch: master
commit 6370a0471076ccb 095a90f97ffc869 ae7ea2e5ed
Author: Jakub Libosvar <email address hidden>
Date: Tue Jun 13 12:07:28 2017 +0000
ovsfw: Fix overlapping MAC addresses on integration bridge
The patch relies on the fact that traffic not going from instance
(and thus port not managed by firewall) is tagged. Traffic coming from
the instance is not tagged and thus net register is used for marking
such traffic. These two approaches make matching rules unique even if
two ports from different networks share its' mac addressess.
Traffic coming from trusted ports is marked with network in registry
so firewall can decide later to which network traffic belongs.
Closes-bug: #1626010
Change-Id: Ia05d75a01b0469 a0eaa82ada67b16 a9481c50f1c