-
Notifications
You must be signed in to change notification settings - Fork 1.5k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Make ARP protection commands compatible with "ebtables-nft"
"nftables" compatible binary, "ebtables-nft", is not 100% compatible with the legacy API, as reported in LP#1922892. This patch fixes the following issues when using "ebtables-nft" (while keeping compatibility with legacy binary): - When a new chain is created, a default DROP rule is added at the end of the chain (append). This will prevent the error code 4 when the chain is listed. - The chain rules are added at the begining of the chain (insert), before the default DROP rule. This will prioritize the port rules. - The MAC rules are cleaned before the new ones are added. That will prevent the deletion of any new needed rule, now added after the deletion. - The "ebtables" command will retry on error code 4. This is the error returned when the chains are listed and no rule is present in a new created chain (reporeted in LP#1922892). This code is backwards compatible, that means it works with the legacy "ebtables" binary; this is currently installed in the Neutron CI [1]. In order to test with the new binary, "ebtables-nft", two new CI jobs are added to the periodic queue [2]. [1]https://github.com/openstack/neutron/blob/1ad9ca56b07ffdc9f7e0bc6a62af61961b9128eb/roles/legacy_ebtables/tasks/main.yaml [2]https://review.opendev.org/c/openstack/neutron/+/785144 Closes-Bug: #1922892 Related-Bug: #1508155 Change-Id: I9463b000f6f63e65aaf91d60b30f6c92c01e3baf
- Loading branch information
Showing
2 changed files
with
36 additions
and
69 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters