commit 557458e45052164d5fb32c1a3f3241131aec127c
Author: Rodolfo Alonso Hernandez <email address hidden>
Date: Tue Nov 30 16:01:27 2021 +0000
Do no use "--strict" for OF deletion in TRANSIENT_TABLE
There are two types of OF rules in TRANSIENT_TABLE:
- With priority 100: these rules match by "in_port", that is a
unique identifier.
- With priority 90: these rules match by MAC address and VLAN ID.
This combination (MAC, VLAN) is unique.
That means when a deleting an OF rule in TRANSIENT_TABLE, it is
enough to specify the "in_port" or the (MAC, VLAN) tuple. The
"--strict" parameter, added to also define the priority, is not
needed.
By removing the "--strict" parameter, these deletion commands can
be executed synchronously at the end of the OVS deferred context,
when all the OF rule commands (addition or deletion), are executed
at the same time. That removes the small window, detected in the
related bug, when the OF rule set for a port is not complete.
Reviewed: https:/ /review. opendev. org/c/openstack /neutron/ +/820481 /opendev. org/openstack/ neutron/ commit/ 557458e45052164 d5fb32c1a3f3241 131aec127c
Committed: https:/
Submitter: "Zuul (22348)"
Branch: stable/stein
commit 557458e45052164 d5fb32c1a3f3241 131aec127c
Author: Rodolfo Alonso Hernandez <email address hidden>
Date: Tue Nov 30 16:01:27 2021 +0000
Do no use "--strict" for OF deletion in TRANSIENT_TABLE
There are two types of OF rules in TRANSIENT_TABLE:
- With priority 100: these rules match by "in_port", that is a
unique identifier.
- With priority 90: these rules match by MAC address and VLAN ID.
This combination (MAC, VLAN) is unique.
That means when a deleting an OF rule in TRANSIENT_TABLE, it is
enough to specify the "in_port" or the (MAC, VLAN) tuple. The
"--strict" parameter, added to also define the priority, is not
needed.
By removing the "--strict" parameter, these deletion commands can
be executed synchronously at the end of the OVS deferred context,
when all the OF rule commands (addition or deletion), are executed
at the same time. That removes the small window, detected in the
related bug, when the OF rule set for a port is not complete.
Conflicts:
neutron/ agent/linux/ openvswitch_ firewall/ firewall. py
neutron/ tests/unit/ agent/linux/ openvswitch_ firewall/ test_firewall. py
Closes-Bug: #1952770 3a0aa163ce72aef 2961f537676 74365f6f4ed2073 4f29309f08)
Change-Id: I9f5bd8a1404dde
(cherry picked from commit ef7f673098c2a45