Re: [ovs-dev] [PATCH] ovn-northd: Skip icmp4 packets destined for router ports from conntrack

2017-03-15 Thread Numan Siddique
> > Cc: "ovs dev" <d...@openvswitch.org> > > Sent: Tuesday, March 14, 2017 11:21:33 AM > > Subject: Re: [ovs-dev] [PATCH] ovn-northd: Skip icmp4 packets destined > for router ports from conntrack > > > > On Tue, Mar 14, 2017 at 12:57 AM, Russell

Re: [ovs-dev] [PATCH] ovn-northd: Skip icmp4 packets destined for router ports from conntrack

2017-03-14 Thread Lance Richardson
- Original Message - > From: "Numan Siddique" <nusid...@redhat.com> > To: "Russell Bryant" <russ...@ovn.org> > Cc: "ovs dev" <d...@openvswitch.org> > Sent: Tuesday, March 14, 2017 11:21:33 AM > Subject: Re: [ovs-dev] [PAT

Re: [ovs-dev] [PATCH] ovn-northd: Skip icmp4 packets destined for router ports from conntrack

2017-03-14 Thread Numan Siddique
On Tue, Mar 14, 2017 at 12:57 AM, Russell Bryant wrote: > On Fri, Mar 10, 2017 at 4:48 PM, Russell Bryant wrote: > > On Fri, Mar 10, 2017 at 2:35 PM, Russell Bryant wrote: > >> On Thu, Mar 9, 2017 at 11:52 PM, Numan Siddique

Re: [ovs-dev] [PATCH] ovn-northd: Skip icmp4 packets destined for router ports from conntrack

2017-03-13 Thread Russell Bryant
On Fri, Mar 10, 2017 at 4:48 PM, Russell Bryant wrote: > On Fri, Mar 10, 2017 at 2:35 PM, Russell Bryant wrote: >> On Thu, Mar 9, 2017 at 11:52 PM, Numan Siddique wrote: >> I don't think it's a Neutron issue. >> >> I see the conntrack entry

Re: [ovs-dev] [PATCH] ovn-northd: Skip icmp4 packets destined for router ports from conntrack

2017-03-10 Thread Russell Bryant
On Fri, Mar 10, 2017 at 2:35 PM, Russell Bryant wrote: > On Thu, Mar 9, 2017 at 11:52 PM, Numan Siddique wrote: >> Thanks for the review. Please see inline. >> >> >> On Fri, Mar 10, 2017 at 1:44 AM, Russell Bryant wrote: >>> >>> On Mon, Feb

Re: [ovs-dev] [PATCH] ovn-northd: Skip icmp4 packets destined for router ports from conntrack

2017-03-10 Thread Russell Bryant
On Thu, Mar 9, 2017 at 11:52 PM, Numan Siddique wrote: > Thanks for the review. Please see inline. > > > On Fri, Mar 10, 2017 at 1:44 AM, Russell Bryant wrote: >> >> On Mon, Feb 27, 2017 at 12:59 AM, wrote: >> > From: Numan Siddique

Re: [ovs-dev] [PATCH] ovn-northd: Skip icmp4 packets destined for router ports from conntrack

2017-03-10 Thread Numan Siddique
On Fri, Mar 10, 2017 at 10:22 AM, Numan Siddique wrote: > Thanks for the review. Please see inline. > > > On Fri, Mar 10, 2017 at 1:44 AM, Russell Bryant wrote: > >> On Mon, Feb 27, 2017 at 12:59 AM, wrote: >> > From: Numan Siddique

Re: [ovs-dev] [PATCH] ovn-northd: Skip icmp4 packets destined for router ports from conntrack

2017-03-09 Thread Numan Siddique
Thanks for the review. Please see inline. On Fri, Mar 10, 2017 at 1:44 AM, Russell Bryant wrote: > On Mon, Feb 27, 2017 at 12:59 AM, wrote: > > From: Numan Siddique > > > > Presently, the icmp4 requests to the router gateway ip are

Re: [ovs-dev] [PATCH] ovn-northd: Skip icmp4 packets destined for router ports from conntrack

2017-03-09 Thread Russell Bryant
On Mon, Feb 27, 2017 at 12:59 AM, wrote: > From: Numan Siddique > > Presently, the icmp4 requests to the router gateway ip are sent to the > connectiont tracker, but the icmp4 reply packets responded by > 'lr_in_ip_input' stage are not sent to the

Re: [ovs-dev] [PATCH] ovn-northd: Skip icmp4 packets destined for router ports from conntrack

2017-03-08 Thread Numan Siddique
Thanks for the review and comments. On Thu, Mar 9, 2017 at 10:00 AM, Darrell Ball wrote: > Daniele and I discussed > > 1) Seems ok in that there is security at the VM LP so weakening the > Check at the router port for ICMP seems ok. > 2) The same applies to V6 ? > ​I need to

Re: [ovs-dev] [PATCH] ovn-northd: Skip icmp4 packets destined for router ports from conntrack

2017-03-08 Thread Russell Bryant
I'm also looking at this one. I was trying to review today, but have been slowed down by getting an OpenStack test environment working for testing this and looking closer. On Wed, Mar 8, 2017 at 4:32 PM, Ben Pfaff wrote: > Hi Darrell and Daniele, do one of you have an opinion on

Re: [ovs-dev] [PATCH] ovn-northd: Skip icmp4 packets destined for router ports from conntrack

2017-03-08 Thread Ben Pfaff
Hi Darrell and Daniele, do one of you have an opinion on whether this is the right approach? Thanks, Ben. On Mon, Feb 27, 2017 at 11:29:14AM +0530, nusid...@redhat.com wrote: > From: Numan Siddique > > Presently, the icmp4 requests to the router gateway ip are sent to the

[ovs-dev] [PATCH] ovn-northd: Skip icmp4 packets destined for router ports from conntrack

2017-02-26 Thread nusiddiq
From: Numan Siddique Presently, the icmp4 requests to the router gateway ip are sent to the connectiont tracker, but the icmp4 reply packets responded by 'lr_in_ip_input' stage are not sent to the connection tracker. Also no zone ids are assigned for the router ports.