)]}'
{"neutron/plugins/ml2/drivers/openvswitch/agent/ovs_neutron_agent.py":[{"author":{"_account_id":7787,"name":"Kevin Benton","email":"kevin@benton.pub","username":"blak111"},"change_message_id":"804319f442926d83a32c73eff8fab06aef069ae9","unresolved":false,"context_lines":[{"line_number":1645,"context_line":""},{"line_number":1646,"context_line":"        # Handle port in extmgr after _bind_devices to avoid flow deleted"},{"line_number":1647,"context_line":"        # by mistake"},{"line_number":1648,"context_line":"        for device in extmgr_handle_devices:"},{"line_number":1649,"context_line":"            self.ext_manager.handle_port(self.context, device)"},{"line_number":1650,"context_line":""},{"line_number":1651,"context_line":"        if \u0027removed\u0027 in port_info and port_info[\u0027removed\u0027]:"}],"source_content_type":"text/x-python","patch_set":1,"id":"df140735_39e78243","line":1648,"updated":"2017-05-31 10:12:06.000000000","message":"This means the port will be able to begin sending traffic before the extension manager has been processed, right? If so, we need to avoid that because it might introduce vulnerabilities for extensions that are meant to control the flow of traffic.","commit_id":"a31e6fcdad83e9c7987bf711b77c692d02f9063e"},{"author":{"_account_id":19644,"name":"Yan Xing\u0027an","email":"yanxingan@cmss.chinamobile.com","username":"yanxingan"},"change_message_id":"c4817c526501b38d95b245dc34c70acd65cdf43b","unresolved":false,"context_lines":[{"line_number":1645,"context_line":""},{"line_number":1646,"context_line":"        # Handle port in extmgr after _bind_devices to avoid flow deleted"},{"line_number":1647,"context_line":"        # by mistake"},{"line_number":1648,"context_line":"        for device in extmgr_handle_devices:"},{"line_number":1649,"context_line":"            self.ext_manager.handle_port(self.context, device)"},{"line_number":1650,"context_line":""},{"line_number":1651,"context_line":"        if \u0027removed\u0027 in port_info and port_info[\u0027removed\u0027]:"}],"source_content_type":"text/x-python","patch_set":1,"id":"df140735_98be8363","line":1648,"in_reply_to":"df140735_39e78243","updated":"2017-05-31 13:49:08.000000000","message":"In sfc extension handle_port [1], a flow matching classifier rule with in_port and priority 0 is added in table 0. [2]\n\nIn self._bind_devices() [3]\nsetup_arp_spoofing_protection-\u003e\nbridge.set_allowed_macs_for_port(port\u003dvif.ofport, allow_all\u003dTrue)\nthis function will delete all flows in table 0 matching the in_port. Thus the flow classifier flows are deleted.\n\n\n1. https://github.com/openstack/networking-sfc/blob/master/networking_sfc/services/sfc/agent/extensions/sfc.py#L93\n2. https://github.com/openstack/networking-sfc/blob/master/networking_sfc/services/sfc/agent/extensions/openvswitch/sfc_driver.py#L491\n3. https://github.com/openstack/neutron/blob/master/neutron/plugins/ml2/drivers/openvswitch/agent/ovs_neutron_agent.py#L856","commit_id":"a31e6fcdad83e9c7987bf711b77c692d02f9063e"}]}