]> review.fuel-infra Code Review - openstack-build/neutron-build.git/commit
Code Review / openstack-build / neutron-build.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 8978516) | patch
Use iptables zone to separate different ip_conntrack
authoryangxurong <yangxurong@huawei.com>
Tue, 26 Aug 2014 07:15:40 +0000 (15:15 +0800)
committershihanzhang <shihanzhang@huawei.com>
Tue, 5 May 2015 08:59:37 +0000 (16:59 +0800)
commitbd5373b670cdd7f21f8a1ece98fde6be9fda71ab
tree450921eef91cc5b4441867983e60418c9bd646c0tree | snapshot
parent8978516e49a246fb490dad9a2a4e34f1e98afea5commit | diff
Use iptables zone to separate different ip_conntrack

ip_conntrack causes security group rule failures when packets share
the same 5-tuple. Use iptables zone option to separate different
conntrack zone. Currently this patch only works for OVS agent.

Co-authored-by: shihanzhang <shihanzhang@huawei.com>
Change-Id: I90b4d2485e3e491f496dfb7bdee03d57f393be35
Partial-Bug: #1359523
neutron/agent/linux/iptables_firewall.py diff | blob | history
neutron/agent/linux/iptables_manager.py diff | blob | history
neutron/agent/securitygroups_rpc.py diff | blob | history
neutron/plugins/openvswitch/agent/ovs_neutron_agent.py diff | blob | history
neutron/tests/unit/agent/linux/test_iptables_firewall.py diff | blob | history
neutron/tests/unit/agent/linux/test_iptables_manager.py diff | blob | history
neutron/tests/unit/agent/test_securitygroups_rpc.py diff | blob | history
neutron/tests/unit/plugins/openvswitch/agent/test_ovs_neutron_agent.py diff | blob | history
neutron/tests/unit/plugins/openvswitch/test_ovs_tunnel.py diff | blob | history