Public bug reported: Now ovs-agent failed to install arp spoofing protection flow for new VMs, because it will firstly install arp spoofing protection flow in funstion 'treat_devices_added_or_updated': def treat_devices_added_or_updated(self, devices, ovs_restarted): ..... ..... if self.prevent_arp_spoofing: self.setup_arp_spoofing_protection(self.int_br, port, details)
but then in function '_bind_devices', it will clear all flows for this new port, so the arp spoofing protection flow is also be clean def _bind_devices(self, need_binding_ports): ..... .... if cur_tag != lvm.vlan: self.int_br.set_db_attribute( "Port", port.port_name, "tag", lvm.vlan) if port.ofport != -1: # NOTE(yamamoto): Remove possible drop_port flow # installed by port_dead. self.int_br.delete_flows(in_port=port.ofport) ** Affects: neutron Importance: Undecided Assignee: shihanzhang (shihanzhang) Status: New ** Changed in: neutron Assignee: (unassigned) => shihanzhang (shihanzhang) ** Description changed: Now ovs-agent failed to install arp spoofing protection flow for new VMs, because it will firstly install arp spoofing protection flow in funstion 'treat_devices_added_or_updated': - def treat_devices_added_or_updated(self, devices, ovs_restarted): - ..... - ..... - if 'port_id' in details: - LOG.info(_LI("Port %(device)s updated. Details: %(details)s"), - {'device': device, 'details': details}) - need_binding = self.treat_vif_port(port, details['port_id'], - details['network_id'], - details['network_type'], - details['physical_network'], - details['segmentation_id'], - details['admin_state_up'], - details['fixed_ips'], - details['device_owner'], - ovs_restarted) - if self.prevent_arp_spoofing: - self.setup_arp_spoofing_protection(self.int_br, - port, details) + def treat_devices_added_or_updated(self, devices, ovs_restarted): + ..... + ..... + if 'port_id' in details: + if self.prevent_arp_spoofing: + self.setup_arp_spoofing_protection(self.int_br, + port, details) but then in function '_bind_devices', it will clear all flows for this new port, so the arp spoofing protection flow is also be clean - def _bind_devices(self, need_binding_ports): - ..... - .... - if cur_tag != lvm.vlan: - self.int_br.set_db_attribute( - "Port", port.port_name, "tag", lvm.vlan) - if port.ofport != -1: - # NOTE(yamamoto): Remove possible drop_port flow - # installed by port_dead. - self.int_br.delete_flows(in_port=port.ofport) + def _bind_devices(self, need_binding_ports): + ..... + .... + if cur_tag != lvm.vlan: + self.int_br.set_db_attribute( + "Port", port.port_name, "tag", lvm.vlan) + if port.ofport != -1: + # NOTE(yamamoto): Remove possible drop_port flow + # installed by port_dead. + self.int_br.delete_flows(in_port=port.ofport) ** Description changed: Now ovs-agent failed to install arp spoofing protection flow for new VMs, because it will firstly install arp spoofing protection flow in funstion 'treat_devices_added_or_updated': def treat_devices_added_or_updated(self, devices, ovs_restarted): ..... ..... - if 'port_id' in details: - if self.prevent_arp_spoofing: - self.setup_arp_spoofing_protection(self.int_br, - port, details) + + if self.prevent_arp_spoofing: + self.setup_arp_spoofing_protection(self.int_br, port, details) but then in function '_bind_devices', it will clear all flows for this new port, so the arp spoofing protection flow is also be clean def _bind_devices(self, need_binding_ports): ..... .... if cur_tag != lvm.vlan: self.int_br.set_db_attribute( "Port", port.port_name, "tag", lvm.vlan) if port.ofport != -1: # NOTE(yamamoto): Remove possible drop_port flow # installed by port_dead. self.int_br.delete_flows(in_port=port.ofport) -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1472452 Title: arp spoofing protection flow install failed Status in OpenStack Neutron (virtual network service): New Bug description: Now ovs-agent failed to install arp spoofing protection flow for new VMs, because it will firstly install arp spoofing protection flow in funstion 'treat_devices_added_or_updated': def treat_devices_added_or_updated(self, devices, ovs_restarted): ..... ..... if self.prevent_arp_spoofing: self.setup_arp_spoofing_protection(self.int_br, port, details) but then in function '_bind_devices', it will clear all flows for this new port, so the arp spoofing protection flow is also be clean def _bind_devices(self, need_binding_ports): ..... .... if cur_tag != lvm.vlan: self.int_br.set_db_attribute( "Port", port.port_name, "tag", lvm.vlan) if port.ofport != -1: # NOTE(yamamoto): Remove possible drop_port flow # installed by port_dead. self.int_br.delete_flows(in_port=port.ofport) To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1472452/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp