Reviewed: https://review.openstack.org/353782 Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=0494f212aa625a03587af3d75e823008f1198012 Submitter: Jenkins Branch: master
commit 0494f212aa625a03587af3d75e823008f1198012 Author: Inessa Vasilevskaya <[email protected]> Date: Thu Aug 11 02:21:29 2016 +0300 ovsfw: fix troublesome port_rule_masking In several cases port masking algorithm borrowed from networking_ovs_dpdk didn't behave correctly. This caused non-restricted ports to be open due to wrong tp_src field value in resulting ovs rules. This was fixed by alternative port masking implementation. Functional and unit tests to cover the bug added as well. Co-Authored-By: Jakub Libosvar <[email protected]> Co-Authored-By: IWAMOTO Toshihiro <[email protected]> Closes-Bug: #1611991 Change-Id: Idfc0e9c52e0dd08852c91c17e12edb034606a361 ** Changed in: neutron Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1611991 Title: [ovs firewall] Port masking adds wrong masks in several cases. Status in neutron: Fix Released Status in OpenStack Security Advisory: Won't Fix Bug description: Seen on master devstack, ubuntu xenial. Steps to reproduce: 1. Enable ovs firewall in /etc/neutron/plugins/ml2/ml2.conf [securitygroup] firewall_driver = openvswitch 2. Create a security group with icmp, tcp to 22. 3. Boot a VM, assign a floating ip. 4. Check that port 23 can be accessed via tcp (telnet, nc, etc). To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1611991/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
