Comment 34 for bug 1832758

Reviewed: https://review.opendev.org/c/openstack/neutron/+/877608
Committed: https://opendev.org/openstack/neutron/commit/8c7f3b61f75368f05369785f7931b5134a7e93fa
Submitter: "Zuul (22348)"
Branch: stable/yoga

commit 8c7f3b61f75368f05369785f7931b5134a7e93fa
Author: Rodolfo Alonso Hernandez <email address hidden>
Date: Sun Mar 5 22:12:55 2023 +0100

    [OVS] Allow custom ethertype traffic in the ingress table

    This patch is a partial revert of [1], reinstantiating the code merged
    in [2]. This patch is the complementary to [1]: the traffic with
    custom ethertypes is allowed in the ingress processing tables, same
    as [1] is allowing all traffic from the virtual machine ports in this
    host to leave the node. Both, this patch and [1], are bypassing the
    OVS firewall just for the traffic with the configured allowed
    ethertypes and just for/to the local ports and MAC addresses.

    Any other traffic not coming from a local port or with destination
    a local port, will be blocked as is now.

    [1]https://review.opendev.org/c/openstack/neutron/+/678021
    [2]https://review.opendev.org/c/openstack/neutron/+/668224/

    Conflicts:
           doc/source/admin/config-ovsfwdriver.rst
           neutron/tests/unit/agent/linux/openvswitch_firewall/test_firewall.py

    Closes-Bug: #2009221
    Related-Bug: #1832758
    Change-Id: Ib8340d9430b946a446edf80886c49fbac729073c
    (cherry picked from commit 008277b8c12d99438951a308b278203fa7a7c3ef)
    (cherry picked from commit 5026d805fe01aaf237081c606f1d1bf87bbff6d4)