commit 8b5427dbdaf21c86f24f5451151e4603062a7360
Author: Rodolfo Alonso Hernandez <email address hidden>
Date: Tue Nov 30 16:01:27 2021 +0000
Do no use "--strict" for OF deletion in TRANSIENT_TABLE
There are two types of OF rules in TRANSIENT_TABLE:
- With priority 100: these rules match by "in_port", that is a
unique identifier.
- With priority 90: these rules match by MAC address and VLAN ID.
This combination (MAC, VLAN) is unique.
That means when a deleting an OF rule in TRANSIENT_TABLE, it is
enough to specify the "in_port" or the (MAC, VLAN) tuple. The
"--strict" parameter, added to also define the priority, is not
needed.
By removing the "--strict" parameter, these deletion commands can
be executed synchronously at the end of the OVS deferred context,
when all the OF rule commands (addition or deletion), are executed
at the same time. That removes the small window, detected in the
related bug, when the OF rule set for a port is not complete.
Reviewed: https:/ /review. opendev. org/c/openstack /neutron/ +/820496 /opendev. org/openstack/ neutron/ commit/ 8b5427dbdaf21c8 6f24f5451151e46 03062a7360
Committed: https:/
Submitter: "Zuul (22348)"
Branch: stable/queens
commit 8b5427dbdaf21c8 6f24f5451151e46 03062a7360
Author: Rodolfo Alonso Hernandez <email address hidden>
Date: Tue Nov 30 16:01:27 2021 +0000
Do no use "--strict" for OF deletion in TRANSIENT_TABLE
There are two types of OF rules in TRANSIENT_TABLE:
- With priority 100: these rules match by "in_port", that is a
unique identifier.
- With priority 90: these rules match by MAC address and VLAN ID.
This combination (MAC, VLAN) is unique.
That means when a deleting an OF rule in TRANSIENT_TABLE, it is
enough to specify the "in_port" or the (MAC, VLAN) tuple. The
"--strict" parameter, added to also define the priority, is not
needed.
By removing the "--strict" parameter, these deletion commands can
be executed synchronously at the end of the OVS deferred context,
when all the OF rule commands (addition or deletion), are executed
at the same time. That removes the small window, detected in the
related bug, when the OF rule set for a port is not complete.
Conflicts:
neutron/ agent/linux/ openvswitch_ firewall/ firewall. py
neutron/ tests/unit/ agent/linux/ openvswitch_ firewall/ test_firewall. py
Closes-Bug: #1952770 3a0aa163ce72aef 2961f537676 74365f6f4ed2073 4f29309f08)
Change-Id: I9f5bd8a1404dde
(cherry picked from commit ef7f673098c2a45