neutron

  1. Bug #2038541
  2. Comment #8

Comment 8 for bug 2038541

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (master)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/898729
Committed: https://opendev.org/openstack/neutron/commit/1879d925330af5598a105a8893ab6cfda9dc37e6
Submitter: "Zuul (22348)"
Branch: master

commit 1879d925330af5598a105a8893ab6cfda9dc37e6
Author: Rodolfo Alonso Hernandez <email address hidden>
Date: Mon Oct 16 00:09:50 2023 +0000

    "ebtables-nft" MAC rule deletion failing

    "ebtables-nft" is failing to delete the rule filtering by MAC address:
      Bridge chain: neutronMAC-test-veth024379, entries: 2, policy: DROP
      -i test-veth024379 --among-src fa:16:3e:47:87:0 -j RETURN
      -j DROP

    A workaround for this issue, that works with both "ebtables-nft" and
    "ebtables-legacy", is to flush the table and recreate the DROP rule.
    The MAC spoofing tables have two rules: the one filtering by MAC address
    and the default DROP rule. This workaround has the same effect as just
    deleting the filtering rule.

    Closes-Bug: #2038541
    Change-Id: I38bd016c35d7a76d88c6eceec797d1cea84c45d1