commit 7dbd06d66e4daebab90e4d334ae43013580e555a
Author: Rodolfo Alonso Hernandez <email address hidden>
Date: Mon Oct 16 00:09:50 2023 +0000
"ebtables-nft" MAC rule deletion failing
"ebtables-nft" is failing to delete the rule filtering by MAC address:
Bridge chain: neutronMAC-test-veth024379, entries: 2, policy: DROP
-i test-veth024379 --among-src fa:16:3e:47:87:0 -j RETURN
-j DROP
A workaround for this issue, that works with both "ebtables-nft" and
"ebtables-legacy", is to flush the table and recreate the DROP rule.
The MAC spoofing tables have two rules: the one filtering by MAC address
and the default DROP rule. This workaround has the same effect as just
deleting the filtering rule.
Closes-Bug: #2038541
Change-Id: I38bd016c35d7a76d88c6eceec797d1cea84c45d1
(cherry picked from commit 1879d925330af5598a105a8893ab6cfda9dc37e6)
Reviewed: https:/ /review. opendev. org/c/openstack /neutron/ +/898833 /opendev. org/openstack/ neutron/ commit/ 7dbd06d66e4daeb ab90e4d334ae430 13580e555a
Committed: https:/
Submitter: "Zuul (22348)"
Branch: stable/yoga
commit 7dbd06d66e4daeb ab90e4d334ae430 13580e555a
Author: Rodolfo Alonso Hernandez <email address hidden>
Date: Mon Oct 16 00:09:50 2023 +0000
"ebtables-nft" MAC rule deletion failing
"ebtables-nft" is failing to delete the rule filtering by MAC address: test-veth024379 , entries: 2, policy: DROP
Bridge chain: neutronMAC-
-i test-veth024379 --among-src fa:16:3e:47:87:0 -j RETURN
-j DROP
A workaround for this issue, that works with both "ebtables-nft" and legacy" , is to flush the table and recreate the DROP rule.
"ebtables-
The MAC spoofing tables have two rules: the one filtering by MAC address
and the default DROP rule. This workaround has the same effect as just
deleting the filtering rule.
Closes-Bug: #2038541 6d88c6eceec797d 1cea84c45d1 98a105a8893ab6c fda9dc37e6)
Change-Id: I38bd016c35d7a7
(cherry picked from commit 1879d925330af55