[Yahoo-eng-team] [Bug 2000046] [NEW] [ml2][ovs] port flows Unexpectedly deleted by arp_spoofing_protection

Sun, 18 Dec 2022 22:51:46 -0800 

Public bug reported:

Port arp_spoofing_protection will install flows like this:

table=0, priority=9,in_port=2 actions=goto_table:25
table=25, priority=2,in_port=2,dl_src=fa:16:3e:54:f0:71 actions=goto_table:60

For network ports or port_security_enabled = False, those flows
will be delete by setup_arp_spoofing_protection in _bind_devices [1][2][3][4].

Besides, the ovs_agent extension handle_port will be run before
these actions [5]. So, if any extesnion adds flows in table=0 with "in_port=x".
will be delete unexpectedly.

[1] 
https://github.com/openstack/neutron/blob/master/neutron/plugins/ml2/drivers/openvswitch/agent/openflow/native/br_int.py#L385
[2] 
https://github.com/openstack/neutron/blob/master/neutron/plugins/ml2/drivers/openvswitch/agent/ovs_neutron_agent.py#L1300
[3] 
https://github.com/openstack/neutron/blob/master/neutron/plugins/ml2/drivers/openvswitch/agent/ovs_neutron_agent.py#L1307
[4] 
https://github.com/openstack/neutron/blob/master/neutron/plugins/ml2/drivers/openvswitch/agent/ovs_neutron_agent.py#L1241
[5] 
https://github.com/openstack/neutron/blob/master/neutron/plugins/ml2/drivers/openvswitch/agent/ovs_neutron_agent.py#L2038

** Affects: neutron
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2000046

Title:
  [ml2][ovs] port flows Unexpectedly  deleted by arp_spoofing_protection

Status in neutron:
  New

Bug description:
  Port arp_spoofing_protection will install flows like this:

  table=0, priority=9,in_port=2 actions=goto_table:25
  table=25, priority=2,in_port=2,dl_src=fa:16:3e:54:f0:71 actions=goto_table:60

  For network ports or port_security_enabled = False, those flows
  will be delete by setup_arp_spoofing_protection in _bind_devices [1][2][3][4].

  Besides, the ovs_agent extension handle_port will be run before
  these actions [5]. So, if any extesnion adds flows in table=0 with 
"in_port=x".
  will be delete unexpectedly.

  [1] 
https://github.com/openstack/neutron/blob/master/neutron/plugins/ml2/drivers/openvswitch/agent/openflow/native/br_int.py#L385
  [2] 
https://github.com/openstack/neutron/blob/master/neutron/plugins/ml2/drivers/openvswitch/agent/ovs_neutron_agent.py#L1300
  [3] 
https://github.com/openstack/neutron/blob/master/neutron/plugins/ml2/drivers/openvswitch/agent/ovs_neutron_agent.py#L1307
  [4] 
https://github.com/openstack/neutron/blob/master/neutron/plugins/ml2/drivers/openvswitch/agent/ovs_neutron_agent.py#L1241
  [5] 
https://github.com/openstack/neutron/blob/master/neutron/plugins/ml2/drivers/openvswitch/agent/ovs_neutron_agent.py#L2038

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2000046/+subscriptions


-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

Reply via email to