neutron

  1. Bug #1952770
  2. Comment #21

Comment 21 for bug 1952770

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/stein)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/820481
Committed: https://opendev.org/openstack/neutron/commit/557458e45052164d5fb32c1a3f3241131aec127c
Submitter: "Zuul (22348)"
Branch: stable/stein

commit 557458e45052164d5fb32c1a3f3241131aec127c
Author: Rodolfo Alonso Hernandez <email address hidden>
Date: Tue Nov 30 16:01:27 2021 +0000

    Do no use "--strict" for OF deletion in TRANSIENT_TABLE

    There are two types of OF rules in TRANSIENT_TABLE:
    - With priority 100: these rules match by "in_port", that is a
      unique identifier.
    - With priority 90: these rules match by MAC address and VLAN ID.
      This combination (MAC, VLAN) is unique.

    That means when a deleting an OF rule in TRANSIENT_TABLE, it is
    enough to specify the "in_port" or the (MAC, VLAN) tuple. The
    "--strict" parameter, added to also define the priority, is not
    needed.

    By removing the "--strict" parameter, these deletion commands can
    be executed synchronously at the end of the OVS deferred context,
    when all the OF rule commands (addition or deletion), are executed
    at the same time. That removes the small window, detected in the
    related bug, when the OF rule set for a port is not complete.

    Conflicts:
        neutron/agent/linux/openvswitch_firewall/firewall.py
        neutron/tests/unit/agent/linux/openvswitch_firewall/test_firewall.py

    Closes-Bug: #1952770
    Change-Id: I9f5bd8a1404dde3a0aa163ce72aef2961f537676
    (cherry picked from commit ef7f673098c2a4574365f6f4ed20734f29309f08)