)]}'
{"doc/source/contributor/internals/openvswitch_firewall.rst":[{"author":{"_account_id":10518,"name":"Jesse","email":"jesse@easystack.cn","username":"jesse"},"change_message_id":"3fe563fe6cb7722c8708c889fd38aa500e1e644b","unresolved":false,"context_lines":[{"line_number":359,"context_line":" table\u003d73, priority\u003d0 actions\u003ddrop"},{"line_number":360,"context_line":""},{"line_number":361,"context_line":"|table_81| is similar to |table_71|, allows basic ingress traffic for"},{"line_number":362,"context_line":"obtaining IP address and ARP queries. Note that vlan tag must be removed by"},{"line_number":363,"context_line":"adding ``strip_vlan`` to actions list, prior to injecting packet directly to"},{"line_number":364,"context_line":"port. Not tracked packets are sent to obtain conntrack information."},{"line_number":365,"context_line":""},{"line_number":366,"context_line":"::"},{"line_number":367,"context_line":""}],"source_content_type":"text/x-rst","patch_set":8,"id":"9fdfeff1_f421404e","line":364,"range":{"start_line":362,"start_character":38,"end_line":364,"end_character":4},"updated":"2019-03-01 12:14:33.000000000","message":"This should be updated.","commit_id":"aa6e189efb88ff44b72919f8018c33275a6447d5"},{"author":{"_account_id":10518,"name":"Jesse","email":"jesse@easystack.cn","username":"jesse"},"change_message_id":"8164b8c683affb7698044b3e224aa2d5d5e38ad2","unresolved":false,"context_lines":[{"line_number":476,"context_line":""},{"line_number":477,"context_line":" table\u003d82, priority\u003d50,ct_mark\u003d0x1,reg5\u003d0x1 actions\u003dresubmit(,93)"},{"line_number":478,"context_line":" table\u003d82, priority\u003d50,ct_mark\u003d0x1,reg5\u003d0x2 actions\u003dresubmit(,93)"},{"line_number":479,"context_line":" table\u003d82, priority\u003d50,ct_state\u003d+est-rel+rpl,ct_zone\u003d644,ct_mark\u003d0,reg5\u003d0x1 actions\u003dstrip_vlan,output:1"},{"line_number":480,"context_line":" table\u003d82, priority\u003d50,ct_state\u003d+est-rel+rpl,ct_zone\u003d644,ct_mark\u003d0,reg5\u003d0x2 actions\u003dstrip_vlan,output:2"},{"line_number":481,"context_line":" table\u003d82, priority\u003d50,ct_state\u003d-new-est+rel-inv,ct_zone\u003d644,ct_mark\u003d0,reg5\u003d0x1 actions\u003dstrip_vlan,output:1"},{"line_number":482,"context_line":" table\u003d82, priority\u003d50,ct_state\u003d-new-est+rel-inv,ct_zone\u003d644,ct_mark\u003d0,reg5\u003d0x2 actions\u003dstrip_vlan,output:2"}],"source_content_type":"text/x-rst","patch_set":15,"id":"5fc1f717_94998ad1","line":479,"range":{"start_line":479,"start_character":76,"end_line":479,"end_character":103},"updated":"2019-04-03 06:27:04.000000000","message":"Should we update all actions\u003dstrip_vlan,output?","commit_id":"4b3398edf701c2f312f8d8efba9026b051f8c7b9"},{"author":{"_account_id":19956,"name":"Yang Li","email":"yang.li@easystack.cn","username":"leonstack"},"change_message_id":"604199fea6f836cd7c1061c954a5006ca3583f5f","unresolved":false,"context_lines":[{"line_number":476,"context_line":""},{"line_number":477,"context_line":" table\u003d82, priority\u003d50,ct_mark\u003d0x1,reg5\u003d0x1 actions\u003dresubmit(,93)"},{"line_number":478,"context_line":" table\u003d82, priority\u003d50,ct_mark\u003d0x1,reg5\u003d0x2 actions\u003dresubmit(,93)"},{"line_number":479,"context_line":" table\u003d82, priority\u003d50,ct_state\u003d+est-rel+rpl,ct_zone\u003d644,ct_mark\u003d0,reg5\u003d0x1 actions\u003dstrip_vlan,output:1"},{"line_number":480,"context_line":" table\u003d82, priority\u003d50,ct_state\u003d+est-rel+rpl,ct_zone\u003d644,ct_mark\u003d0,reg5\u003d0x2 actions\u003dstrip_vlan,output:2"},{"line_number":481,"context_line":" table\u003d82, priority\u003d50,ct_state\u003d-new-est+rel-inv,ct_zone\u003d644,ct_mark\u003d0,reg5\u003d0x1 actions\u003dstrip_vlan,output:1"},{"line_number":482,"context_line":" table\u003d82, priority\u003d50,ct_state\u003d-new-est+rel-inv,ct_zone\u003d644,ct_mark\u003d0,reg5\u003d0x2 actions\u003dstrip_vlan,output:2"}],"source_content_type":"text/x-rst","patch_set":15,"id":"5fc1f717_47f36da0","line":479,"range":{"start_line":479,"start_character":76,"end_line":479,"end_character":103},"in_reply_to":"5fc1f717_94998ad1","updated":"2019-04-03 12:24:01.000000000","message":"Seems this flow is created by firewall rule, should also modify to normal","commit_id":"4b3398edf701c2f312f8d8efba9026b051f8c7b9"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"88a7dcafeee5f3c86cacc72ebad2b7c8b86b8f7e","unresolved":false,"context_lines":[{"line_number":360,"context_line":""},{"line_number":361,"context_line":"|table_81| is similar to |table_71|, allows basic ingress traffic for"},{"line_number":362,"context_line":"obtaining IP address and ARP queries. Note that vlan tag must be removed by"},{"line_number":363,"context_line":"adding ``strip_vlan`` to actions list, prior to injecting packet directly to"},{"line_number":364,"context_line":"port. Not tracked packets are sent to obtain conntrack information."},{"line_number":365,"context_line":""},{"line_number":366,"context_line":"::"}],"source_content_type":"text/x-rst","patch_set":26,"id":"ffb9cba7_2e8cc134","line":363,"updated":"2019-04-29 00:15:12.000000000","message":"here is info that \"strip_vlan\" has to be added to actions and You removed it below. Which version is correct then?","commit_id":"96612b33622ba2f7bb67ef846b645c5a1be6e65f"},{"author":{"_account_id":30243,"name":"Zhengdong Wu","email":"zhengdong.wu@easystack.cn","username":"wuzhengdong"},"change_message_id":"fbb122f1f27e3de5d8e28494f8fe1a021314c4ac","unresolved":false,"context_lines":[{"line_number":360,"context_line":""},{"line_number":361,"context_line":"|table_81| is similar to |table_71|, allows basic ingress traffic for"},{"line_number":362,"context_line":"obtaining IP address and ARP queries. Note that vlan tag must be removed by"},{"line_number":363,"context_line":"adding ``strip_vlan`` to actions list, prior to injecting packet directly to"},{"line_number":364,"context_line":"port. Not tracked packets are sent to obtain conntrack information."},{"line_number":365,"context_line":""},{"line_number":366,"context_line":"::"}],"source_content_type":"text/x-rst","patch_set":26,"id":"ffb9cba7_4e3815ee","line":363,"in_reply_to":"ffb9cba7_2e8cc134","updated":"2019-04-29 02:11:49.000000000","message":"The document was not updated in time. Done :)","commit_id":"96612b33622ba2f7bb67ef846b645c5a1be6e65f"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"88a7dcafeee5f3c86cacc72ebad2b7c8b86b8f7e","unresolved":false,"context_lines":[{"line_number":405,"context_line":" table\u003d82, priority\u003d71,ct_state\u003d+new-est,ip,reg6\u003d0x284,nw_src\u003d10.0.0.1 actions\u003dconjunction(19,1/2)"},{"line_number":406,"context_line":" table\u003d82, priority\u003d71,ct_state\u003d+est-rel-rpl,icmp,reg5\u003d0x2 actions\u003dconjunction(18,2/2)"},{"line_number":407,"context_line":" table\u003d82, priority\u003d71,ct_state\u003d+new-est,icmp,reg5\u003d0x2 actions\u003dconjunction(19,2/2)"},{"line_number":408,"context_line":" table\u003d82, priority\u003d71,conj_id\u003d18,ct_state\u003d+est-rel-rpl,ip,reg5\u003d0x2 actions\u003dnormal"},{"line_number":409,"context_line":" table\u003d82, priority\u003d71,conj_id\u003d19,ct_state\u003d+new-est,ip,reg5\u003d0x2 actions\u003dct(commit,zone\u003dNXM_NX_REG6[0..15]),normal,resubmit(,92)"},{"line_number":410,"context_line":" table\u003d82, priority\u003d50,ct_state\u003d+inv+trk actions\u003dresubmit(,93)"},{"line_number":411,"context_line":""}],"source_content_type":"text/x-rst","patch_set":26,"id":"ffb9cba7_4e91f54d","line":408,"updated":"2019-04-29 00:15:12.000000000","message":"don\u0027t we need \"strip_vlan\" action here anymore?","commit_id":"96612b33622ba2f7bb67ef846b645c5a1be6e65f"},{"author":{"_account_id":30243,"name":"Zhengdong Wu","email":"zhengdong.wu@easystack.cn","username":"wuzhengdong"},"change_message_id":"fbb122f1f27e3de5d8e28494f8fe1a021314c4ac","unresolved":false,"context_lines":[{"line_number":405,"context_line":" table\u003d82, priority\u003d71,ct_state\u003d+new-est,ip,reg6\u003d0x284,nw_src\u003d10.0.0.1 actions\u003dconjunction(19,1/2)"},{"line_number":406,"context_line":" table\u003d82, priority\u003d71,ct_state\u003d+est-rel-rpl,icmp,reg5\u003d0x2 actions\u003dconjunction(18,2/2)"},{"line_number":407,"context_line":" table\u003d82, priority\u003d71,ct_state\u003d+new-est,icmp,reg5\u003d0x2 actions\u003dconjunction(19,2/2)"},{"line_number":408,"context_line":" table\u003d82, priority\u003d71,conj_id\u003d18,ct_state\u003d+est-rel-rpl,ip,reg5\u003d0x2 actions\u003dnormal"},{"line_number":409,"context_line":" table\u003d82, priority\u003d71,conj_id\u003d19,ct_state\u003d+new-est,ip,reg5\u003d0x2 actions\u003dct(commit,zone\u003dNXM_NX_REG6[0..15]),normal,resubmit(,92)"},{"line_number":410,"context_line":" table\u003d82, priority\u003d50,ct_state\u003d+inv+trk actions\u003dresubmit(,93)"},{"line_number":411,"context_line":""}],"source_content_type":"text/x-rst","patch_set":26,"id":"ffb9cba7_ceb0858d","line":408,"in_reply_to":"ffb9cba7_4e91f54d","updated":"2019-04-29 02:11:49.000000000","message":"We use fdb table for ingress forwarding,so need to keep vlan tag in packet.","commit_id":"96612b33622ba2f7bb67ef846b645c5a1be6e65f"},{"author":{"_account_id":28329,"name":"yangjianfeng","display_name":"JeffYang","email":"yjf1970231893@gmail.com","username":"yangjianfeng"},"change_message_id":"1a651c24e0c7392e7b4f7552d790a30e4bdaa650","unresolved":false,"context_lines":[{"line_number":364,"context_line":""},{"line_number":365,"context_line":"::"},{"line_number":366,"context_line":""},{"line_number":367,"context_line":" table\u003d81, priority\u003d100,arp,reg5\u003d0x1 actions\u003dnormal"},{"line_number":368,"context_line":" table\u003d81, priority\u003d100,arp,reg5\u003d0x2 actions\u003dnormal"},{"line_number":369,"context_line":" table\u003d81, priority\u003d100,icmp6,reg5\u003d0x1,icmp_type\u003d130 actions\u003dnormal"},{"line_number":370,"context_line":" table\u003d81, priority\u003d100,icmp6,reg5\u003d0x1,icmp_type\u003d131 actions\u003dnormal"},{"line_number":371,"context_line":" table\u003d81, priority\u003d100,icmp6,reg5\u003d0x1,icmp_type\u003d132 actions\u003dnormal"},{"line_number":372,"context_line":" table\u003d81, priority\u003d100,icmp6,reg5\u003d0x1,icmp_type\u003d135 actions\u003dnormal"},{"line_number":373,"context_line":" table\u003d81, priority\u003d100,icmp6,reg5\u003d0x1,icmp_type\u003d136 actions\u003dnormal"},{"line_number":374,"context_line":" table\u003d81, priority\u003d100,icmp6,reg5\u003d0x2,icmp_type\u003d130 actions\u003dnormal"},{"line_number":375,"context_line":" table\u003d81, priority\u003d100,icmp6,reg5\u003d0x2,icmp_type\u003d131 actions\u003dnormal"},{"line_number":376,"context_line":" table\u003d81, priority\u003d100,icmp6,reg5\u003d0x2,icmp_type\u003d132 actions\u003dnormal"},{"line_number":377,"context_line":" table\u003d81, priority\u003d100,icmp6,reg5\u003d0x2,icmp_type\u003d135 actions\u003dnormal"},{"line_number":378,"context_line":" table\u003d81, priority\u003d100,icmp6,reg5\u003d0x2,icmp_type\u003d136 actions\u003dnormal"},{"line_number":379,"context_line":" table\u003d81, priority\u003d95,udp,reg5\u003d0x1,tp_src\u003d67,tp_dst\u003d68 actions\u003dnormal"},{"line_number":380,"context_line":" table\u003d81, priority\u003d95,udp6,reg5\u003d0x1,tp_src\u003d547,tp_dst\u003d546 actions\u003dnormal"},{"line_number":381,"context_line":" table\u003d81, priority\u003d95,udp,reg5\u003d0x2,tp_src\u003d67,tp_dst\u003d68 actions\u003dnormal"},{"line_number":382,"context_line":" table\u003d81, priority\u003d95,udp6,reg5\u003d0x2,tp_src\u003d547,tp_dst\u003d546 actions\u003dnormal"},{"line_number":383,"context_line":" table\u003d81, priority\u003d90,ct_state\u003d-trk,ip,reg5\u003d0x1 actions\u003dct(table\u003d82,zone\u003dNXM_NX_REG6[0..15])"},{"line_number":384,"context_line":" table\u003d81, priority\u003d90,ct_state\u003d-trk,ipv6,reg5\u003d0x1 actions\u003dct(table\u003d82,zone\u003dNXM_NX_REG6[0..15])"},{"line_number":385,"context_line":" table\u003d81, priority\u003d90,ct_state\u003d-trk,ip,reg5\u003d0x2 actions\u003dct(table\u003d82,zone\u003dNXM_NX_REG6[0..15])"}],"source_content_type":"text/x-rst","patch_set":27,"id":"9fb8cfa7_4fe4983c","line":382,"range":{"start_line":367,"start_character":0,"end_line":382,"end_character":73},"updated":"2019-06-10 11:18:56.000000000","message":"Whether `reg5` is necessary still? I think we can simplify the flows, like this:\n table\u003d81, priority\u003d100,arp actions\u003dnormal\n table\u003d81, priority\u003d100,icmp6,icmp_type\u003d130 actions\u003dnormal\n table\u003d81, priority\u003d100,icmp6,icmp_type\u003d131 actions\u003dnormal\n table\u003d81, priority\u003d100,icmp6,icmp_type\u003d132 actions\u003dnormal\n table\u003d81, priority\u003d100,icmp6,icmp_type\u003d135 actions\u003dnormal\n table\u003d81, priority\u003d100,icmp6,icmp_type\u003d136 actions\u003dnormal\n table\u003d81, priority\u003d95,udp,tp_src\u003d67,tp_dst\u003d68 actions\u003dnormal\n table\u003d81, priority\u003d95,udp6,tp_src\u003d547,tp_dst\u003d546 actions\u003dnormal","commit_id":"8003844f8b429e01e079b281173fdb8ecf81dfe9"}],"neutron/agent/linux/openvswitch_firewall/firewall.py":[{"author":{"_account_id":16688,"name":"Rodolfo Alonso","email":"ralonsoh@redhat.com","username":"rodolfo-alonso-hernandez"},"change_message_id":"bf413ec4864762d83137df8b5ecfdfaebcea33d4","unresolved":false,"context_lines":[{"line_number":1057,"context_line":"                ct_state\u003dstate,"},{"line_number":1058,"context_line":"                ct_mark\u003dovsfw_consts.CT_MARK_NORMAL,"},{"line_number":1059,"context_line":"                ct_zone\u003dport.vlan_tag,"},{"line_number":1060,"context_line":"                actions\u003d\u0027normal\u0027"},{"line_number":1061,"context_line":"            )"},{"line_number":1062,"context_line":"        self._add_flow("},{"line_number":1063,"context_line":"            table\u003dovs_consts.RULES_INGRESS_TABLE,"}],"source_content_type":"text/x-python","patch_set":5,"id":"9fdfeff1_426fa427","line":1060,"updated":"2019-02-25 11:02:59.000000000","message":"Although this normal action should deliver the packet only into the ofport, we should be more restrictive and keep the original \"output\" action.\n\nAs commented in [1], only changes in ARP and DHCP are enough to learn the VMs src mac addresses.\n\n[1] https://bugs.launchpad.net/neutron/+bug/1732067/comments/10","commit_id":"e2eabe7dddfa15786068794d88f62e47cd698115"},{"author":{"_account_id":28722,"name":"Anton Kurbatov","email":"anton.kurbatov@acronis.com","username":"akurbatov"},"change_message_id":"afd6e295bfba13a36224831d4e46980363d647c3","unresolved":false,"context_lines":[{"line_number":1057,"context_line":"                ct_state\u003dstate,"},{"line_number":1058,"context_line":"                ct_mark\u003dovsfw_consts.CT_MARK_NORMAL,"},{"line_number":1059,"context_line":"                ct_zone\u003dport.vlan_tag,"},{"line_number":1060,"context_line":"                actions\u003d\u0027normal\u0027"},{"line_number":1061,"context_line":"            )"},{"line_number":1062,"context_line":"        self._add_flow("},{"line_number":1063,"context_line":"            table\u003dovs_consts.RULES_INGRESS_TABLE,"}],"source_content_type":"text/x-python","patch_set":5,"id":"9fdfeff1_9cdc0475","line":1060,"in_reply_to":"9fdfeff1_41c5595b","updated":"2019-02-25 18:09:10.000000000","message":"I got it. Looks reasonable.\nBut as I understand then the original issue with packets flooding will depend on internals of guest configuration, or, for example, fdb flushing/ovs-vswitchd restart.","commit_id":"e2eabe7dddfa15786068794d88f62e47cd698115"},{"author":{"_account_id":28722,"name":"Anton Kurbatov","email":"anton.kurbatov@acronis.com","username":"akurbatov"},"change_message_id":"e3d8747356d59156c5c1190a811fa120aa5ae07a","unresolved":false,"context_lines":[{"line_number":1057,"context_line":"                ct_state\u003dstate,"},{"line_number":1058,"context_line":"                ct_mark\u003dovsfw_consts.CT_MARK_NORMAL,"},{"line_number":1059,"context_line":"                ct_zone\u003dport.vlan_tag,"},{"line_number":1060,"context_line":"                actions\u003d\u0027normal\u0027"},{"line_number":1061,"context_line":"            )"},{"line_number":1062,"context_line":"        self._add_flow("},{"line_number":1063,"context_line":"            table\u003dovs_consts.RULES_INGRESS_TABLE,"}],"source_content_type":"text/x-python","patch_set":5,"id":"9fdfeff1_d314c44f","line":1060,"in_reply_to":"9fdfeff1_426fa427","updated":"2019-02-25 17:21:58.000000000","message":"Fdb entry is removed after 300s (an ovs-vswitchd timeout) if there is no packets to/from a VM during 300 seconds.\n\nIf assume a client/the VM knows each other mac address then a new client \u003c-\u003e VM communication after 300s will again cause a packets flooding.\n\nSo, I am not sure the normal action restriction only in ARP and DHCP will be enough to avoid the VM\u0027s packets flooding.","commit_id":"e2eabe7dddfa15786068794d88f62e47cd698115"},{"author":{"_account_id":10518,"name":"Jesse","email":"jesse@easystack.cn","username":"jesse"},"change_message_id":"7d86d4cc68b3ade62841d94476be4c78df0ac3cb","unresolved":false,"context_lines":[{"line_number":1057,"context_line":"                ct_state\u003dstate,"},{"line_number":1058,"context_line":"                ct_mark\u003dovsfw_consts.CT_MARK_NORMAL,"},{"line_number":1059,"context_line":"                ct_zone\u003dport.vlan_tag,"},{"line_number":1060,"context_line":"                actions\u003d\u0027normal\u0027"},{"line_number":1061,"context_line":"            )"},{"line_number":1062,"context_line":"        self._add_flow("},{"line_number":1063,"context_line":"            table\u003dovs_consts.RULES_INGRESS_TABLE,"}],"source_content_type":"text/x-python","patch_set":5,"id":"9fdfeff1_ab3e5726","line":1060,"in_reply_to":"9fdfeff1_9cdc0475","updated":"2019-02-26 03:27:23.000000000","message":"Hi, as my understanding, FDB entry in br-int will be updated only if guest send ARP if we only add normal action for ARP flow, same for DHCP.\nWe\u0027d better not depend on guest ARP settings. \nYou can use ping to test this. After FDB entry in br-int deleted after timeout, response ICMP will flood.","commit_id":"e2eabe7dddfa15786068794d88f62e47cd698115"},{"author":{"_account_id":16688,"name":"Rodolfo Alonso","email":"ralonsoh@redhat.com","username":"rodolfo-alonso-hernandez"},"change_message_id":"e68699962660cd68e10f162224a4570b9ad166b2","unresolved":false,"context_lines":[{"line_number":1057,"context_line":"                ct_state\u003dstate,"},{"line_number":1058,"context_line":"                ct_mark\u003dovsfw_consts.CT_MARK_NORMAL,"},{"line_number":1059,"context_line":"                ct_zone\u003dport.vlan_tag,"},{"line_number":1060,"context_line":"                actions\u003d\u0027normal\u0027"},{"line_number":1061,"context_line":"            )"},{"line_number":1062,"context_line":"        self._add_flow("},{"line_number":1063,"context_line":"            table\u003dovs_consts.RULES_INGRESS_TABLE,"}],"source_content_type":"text/x-python","patch_set":5,"id":"9fdfeff1_41c5595b","line":1060,"in_reply_to":"9fdfeff1_d314c44f","updated":"2019-02-25 17:37:03.000000000","message":"Good point. But ARP will be sent when cache entry expires.","commit_id":"e2eabe7dddfa15786068794d88f62e47cd698115"},{"author":{"_account_id":28722,"name":"Anton Kurbatov","email":"anton.kurbatov@acronis.com","username":"akurbatov"},"change_message_id":"e35326fe183266d3d22667cc5a7b330dde7a1b50","unresolved":false,"context_lines":[{"line_number":991,"context_line":"            priority\u003d100,"},{"line_number":992,"context_line":"            dl_type\u003dconstants.ETHERTYPE_ARP,"},{"line_number":993,"context_line":"            reg_port\u003dport.ofport,"},{"line_number":994,"context_line":"            actions\u003d\u0027normal\u0027"},{"line_number":995,"context_line":"        )"},{"line_number":996,"context_line":"        self._initialize_ingress_ipv6_icmp(port)"},{"line_number":997,"context_line":""}],"source_content_type":"text/x-python","patch_set":6,"id":"9fdfeff1_99b86875","line":994,"updated":"2019-02-27 13:12:07.000000000","message":"I\u0027ve applied the patch on my stand and it broke connectivity with VMs that are plugged into flat network.\n\nThe \u0027normal\u0027 action floods packets only to ovs ports witch tags are matched to the current flow vlan tag or port is trunk.\n\nIn the TRANSIENT_TABLE a vlan tag is stripped (`strip_vlan` action in `initialize_port_flows` method)\n\nSo, looks like it\u0027s the reason why I lost connectivity with my VM: VM is plugged to an access port but \u0027normal\u0027 action floods packet only to ovs trunk ports (because a vlan tag is stripped in the TRANSIENT_TABLE for ingress traffic)\n\n\nFor example,\n\u0027fa:16:3e:f9:33:e7\u0027 is a VM mac address;\n\u0027tapf62aaee9-6e\u0027 is the VM\u0027s tap interface on the node.\n\u0027br-enp5s0f0\u0027 is an external network bridge;\n\u0027int-br-enp5s0f0\u0027 is a patch port for the external bridge in br-int\n\ntrace for unicast ARP request (the same result is for IP packets):\n\n[root@os1 ~]# ovs-appctl ofproto/trace br-int in_port\u003dint-br-enp5s0f0,arp,dl_dst\u003dfa:16:3e:f9:33:e7\nFlow: arp,in_port\u003d1,vlan_tci\u003d0x0000,dl_src\u003d00:00:00:00:00:00,dl_dst\u003dfa:16:3e:f9:33:e7,arp_spa\u003d0.0.0.0,arp_tpa\u003d0.0.0.0,arp_op\u003d0,arp_sha\u003d00:00:00:00:00:00,arp_tha\u003d00:00:00:00:00:00\n\nbridge(\"br-int\")\n----------------\n 0. in_port\u003d1,vlan_tci\u003d0x0000/0x1fff, priority 3, cookie 0xefc92a9ec6366435\n    push_vlan:0x8100\n    set_field:4099-\u003evlan_vid\n    goto_table:60\n60. dl_vlan\u003d3,dl_dst\u003dfa:16:3e:f9:33:e7, priority 90, cookie 0xefc92a9ec6366435\n    set_field:0xf-\u003ereg5\n    set_field:0x3-\u003ereg6\n    pop_vlan\n    resubmit(,81)\n81. arp,reg5\u003d0xf, priority 100, cookie 0xefc92a9ec6366435\n    NORMAL\n     -\u003e no learned MAC for destination, flooding\n\nbridge(\"br-tun\")\n\u003ccut, not interesting\u003e\n\nFinal flow: arp,reg5\u003d0xf,reg6\u003d0x3,in_port\u003d1,vlan_tci\u003d0x0000,dl_src\u003d00:00:00:00:00:00,dl_dst\u003dfa:16:3e:f9:33:e7,arp_spa\u003d0.0.0.0,arp_tpa\u003d0.0.0.0,arp_op\u003d0,arp_sha\u003d00:00:00:00:00:00,arp_tha\u003d00:00:00:00:00:00\nMegaflow: recirc_id\u003d0,eth,arp,in_port\u003d1,vlan_tci\u003d0x0000/0x1fff,dl_src\u003d00:00:00:00:00:00,dl_dst\u003dfa:16:3e:f9:33:e7\nDatapath actions: 3\n[root@os1 ~]#\n[root@os1 ~]# ovs-appctl dpctl/show\nsystem@ovs-system:\n        lookups: hit:40600425 missed:3502564 lost:1145\n        flows: 139\n        masks: hit:150898980 total:10 hit/pkt:3.42\n        port 0: ovs-system (internal)\n        port 1: br-enp5s0f0 (internal)\n        port 2: enp5s0f0\n        port 3: br-int (internal)\n        port 4: br-tun (internal)\n        port 9: tapf62aaee9-6e\n        port 11: tap8ff923a5-8b (internal)\n[root@os1 ~]#\n\n\nThe resulted datapath action is an output to port 3 (to \u0027br-int\u0027 that is the trunk port), while the VM\u0027s port has number 11 (\u0027tap8ff923a5-8b\u0027 port).\n\nCan you, please, also check that your patch doesn\u0027t break VMs connectivity that are plugged to a flat network.\n\nSorry for the long comment and thanks for the patch.","commit_id":"d4a3b0146d7ad15ec491c3a9b6aa1709cf51af27"},{"author":{"_account_id":28722,"name":"Anton Kurbatov","email":"anton.kurbatov@acronis.com","username":"akurbatov"},"change_message_id":"5564eab192c86d00e38a12e8189783dc47d9353d","unresolved":false,"context_lines":[{"line_number":991,"context_line":"            priority\u003d100,"},{"line_number":992,"context_line":"            dl_type\u003dconstants.ETHERTYPE_ARP,"},{"line_number":993,"context_line":"            reg_port\u003dport.ofport,"},{"line_number":994,"context_line":"            actions\u003d\u0027normal\u0027"},{"line_number":995,"context_line":"        )"},{"line_number":996,"context_line":"        self._initialize_ingress_ipv6_icmp(port)"},{"line_number":997,"context_line":""}],"source_content_type":"text/x-python","patch_set":6,"id":"9fdfeff1_cf0942dd","line":994,"in_reply_to":"9fdfeff1_99b86875","updated":"2019-02-27 13:28:15.000000000","message":"Sorry for mislead in:\n\u0027while the VM\u0027s port has number 11 (\u0027tap8ff923a5-8b\u0027 port).\u0027\n\nIt should be:\n\u0027while the VM\u0027s port has number 9 (\u0027tapf62aaee9-6e\u0027 port).\u0027\n\n\ntap8ff923a5-8b is the tap interface of a dhcp server in my case.","commit_id":"d4a3b0146d7ad15ec491c3a9b6aa1709cf51af27"}],"neutron/agent/linux/openvswitch_firewall/rules.py":[{"author":{"_account_id":16688,"name":"Rodolfo Alonso","email":"ralonsoh@redhat.com","username":"rodolfo-alonso-hernandez"},"change_message_id":"bf413ec4864762d83137df8b5ecfdfaebcea33d4","unresolved":false,"context_lines":[{"line_number":202,"context_line":"    \"\"\"Initialize common flow fields.\"\"\""},{"line_number":203,"context_line":"    if direction \u003d\u003d n_consts.INGRESS_DIRECTION:"},{"line_number":204,"context_line":"        flow_template[\u0027table\u0027] \u003d ovs_consts.RULES_INGRESS_TABLE"},{"line_number":205,"context_line":"        flow_template[\u0027actions\u0027] \u003d \"output:{:d}\".format(port.ofport)"},{"line_number":206,"context_line":"    elif direction \u003d\u003d n_consts.EGRESS_DIRECTION:"},{"line_number":207,"context_line":"        flow_template[\u0027table\u0027] \u003d ovs_consts.RULES_EGRESS_TABLE"},{"line_number":208,"context_line":"        # Traffic can be both ingress and egress, check that no ingress rules"}],"source_content_type":"text/x-python","patch_set":5,"id":"9fdfeff1_c25cf47e","side":"PARENT","line":205,"updated":"2019-02-25 11:02:59.000000000","message":"Same comment as in firewall.py. We should restrict normal action only to DHCP and ARP responses.","commit_id":"5323e9549d907de54c8f1208cba5c4e7693f0630"},{"author":{"_account_id":28722,"name":"Anton Kurbatov","email":"anton.kurbatov@acronis.com","username":"akurbatov"},"change_message_id":"e35326fe183266d3d22667cc5a7b330dde7a1b50","unresolved":false,"context_lines":[{"line_number":198,"context_line":"    return flows"},{"line_number":199,"context_line":""},{"line_number":200,"context_line":""},{"line_number":201,"context_line":"def populate_flow_common(direction, flow_template, port):"},{"line_number":202,"context_line":"    \"\"\"Initialize common flow fields.\"\"\""},{"line_number":203,"context_line":"    if direction \u003d\u003d n_consts.INGRESS_DIRECTION:"},{"line_number":204,"context_line":"        flow_template[\u0027table\u0027] \u003d ovs_consts.RULES_INGRESS_TABLE"}],"source_content_type":"text/x-python","patch_set":6,"id":"9fdfeff1_79a6e4c2","line":201,"updated":"2019-02-27 13:12:07.000000000","message":"For now the `port` argument is not used anymore.","commit_id":"d4a3b0146d7ad15ec491c3a9b6aa1709cf51af27"},{"author":{"_account_id":28722,"name":"Anton Kurbatov","email":"anton.kurbatov@acronis.com","username":"akurbatov"},"change_message_id":"13b06a793d5b4a4ae6c28d9a05dd1c3d470c7dd5","unresolved":false,"context_lines":[{"line_number":204,"context_line":"    return flows"},{"line_number":205,"context_line":""},{"line_number":206,"context_line":""},{"line_number":207,"context_line":"def populate_flow_common(direction, flow_template, port):"},{"line_number":208,"context_line":"    \"\"\"Initialize common flow fields.\"\"\""},{"line_number":209,"context_line":"    if direction \u003d\u003d n_consts.INGRESS_DIRECTION:"},{"line_number":210,"context_line":"        flow_template[\u0027table\u0027] \u003d ovs_consts.RULES_INGRESS_TABLE"}],"source_content_type":"text/x-python","patch_set":25,"id":"ffb9cba7_d69cba5e","line":207,"updated":"2019-04-26 12:41:26.000000000","message":"\u0027port\u0027 is not used anymore in this function.\nSeems better to remove it from the function interface.","commit_id":"86acea8f47856d27a29b5e4bdde427214d5106ff"},{"author":{"_account_id":30243,"name":"Zhengdong Wu","email":"zhengdong.wu@easystack.cn","username":"wuzhengdong"},"change_message_id":"cc55cc0ba6580092afc51dcf1266ee45facd1b72","unresolved":false,"context_lines":[{"line_number":204,"context_line":"    return flows"},{"line_number":205,"context_line":""},{"line_number":206,"context_line":""},{"line_number":207,"context_line":"def populate_flow_common(direction, flow_template, port):"},{"line_number":208,"context_line":"    \"\"\"Initialize common flow fields.\"\"\""},{"line_number":209,"context_line":"    if direction \u003d\u003d n_consts.INGRESS_DIRECTION:"},{"line_number":210,"context_line":"        flow_template[\u0027table\u0027] \u003d ovs_consts.RULES_INGRESS_TABLE"}],"source_content_type":"text/x-python","patch_set":25,"id":"ffb9cba7_6e2cf9ab","line":207,"in_reply_to":"ffb9cba7_d69cba5e","updated":"2019-04-29 02:15:12.000000000","message":"Done :)","commit_id":"86acea8f47856d27a29b5e4bdde427214d5106ff"},{"author":{"_account_id":30243,"name":"Zhengdong Wu","email":"zhengdong.wu@easystack.cn","username":"wuzhengdong"},"change_message_id":"9e6379461c7129df9f3e1a7312811bbdefcec325","unresolved":false,"context_lines":[{"line_number":204,"context_line":"    return flows"},{"line_number":205,"context_line":""},{"line_number":206,"context_line":""},{"line_number":207,"context_line":"def populate_flow_common(direction, flow_template, port):"},{"line_number":208,"context_line":"    \"\"\"Initialize common flow fields.\"\"\""},{"line_number":209,"context_line":"    if direction \u003d\u003d n_consts.INGRESS_DIRECTION:"},{"line_number":210,"context_line":"        flow_template[\u0027table\u0027] \u003d ovs_consts.RULES_INGRESS_TABLE"}],"source_content_type":"text/x-python","patch_set":25,"id":"ffb9cba7_a311b85f","line":207,"in_reply_to":"ffb9cba7_d69cba5e","updated":"2019-04-27 08:24:14.000000000","message":"Done :)","commit_id":"86acea8f47856d27a29b5e4bdde427214d5106ff"}],"neutron/plugins/ml2/drivers/openvswitch/agent/common/constants.py":[{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"d72027bc7195ab3e8818e74e76c2c22b3fa08d15","unresolved":false,"context_lines":[{"line_number":204,"context_line":"# ovs_cleanup script is used."},{"line_number":205,"context_line":"SKIP_CLEANUP \u003d \u0027skip_cleanup\u0027"},{"line_number":206,"context_line":""},{"line_number":207,"context_line":"REG_NET \u003d 6"}],"source_content_type":"text/x-python","patch_set":20,"id":"3fce034c_570e8d3b","line":207,"range":{"start_line":207,"start_character":0,"end_line":207,"end_character":11},"updated":"2019-04-17 15:08:53.000000000","message":"Add a comment to this like others?","commit_id":"d7bc167058cf5d4479d6583565f45a09d8521d54"}],"neutron/plugins/ml2/drivers/openvswitch/agent/openflow/ovs_ofctl/br_int.py":[{"author":{"_account_id":9531,"name":"liuyulong","display_name":"LIU Yulong","email":"i@liuyulong.me","username":"LIU-Yulong"},"change_message_id":"d72027bc7195ab3e8818e74e76c2c22b3fa08d15","unresolved":false,"context_lines":[{"line_number":52,"context_line":"        else:"},{"line_number":53,"context_line":"            return constants.OVS_NORMAL"},{"line_number":54,"context_line":""},{"line_number":55,"context_line":"    def provision_local_vlan(self, port, lvid, segmentation_id):"},{"line_number":56,"context_line":"        if segmentation_id is None:"},{"line_number":57,"context_line":"            dl_vlan \u003d 0xffff"},{"line_number":58,"context_line":"        else:"}],"source_content_type":"text/x-python","patch_set":20,"id":"3fce034c_7a1db00d","line":55,"range":{"start_line":55,"start_character":8,"end_line":55,"end_character":28},"updated":"2019-04-17 15:08:53.000000000","message":"No need to change for the `native` br-int OpenFlow interface?\nhttps://github.com/openstack/neutron/blob/master/neutron/plugins/ml2/drivers/openvswitch/agent/openflow/native/br_int.py#L67\n\nAnd `native` is the default:\nhttps://github.com/openstack/neutron/blob/master/neutron/conf/plugins/ml2/drivers/ovs_conf.py#L98","commit_id":"d7bc167058cf5d4479d6583565f45a09d8521d54"}],"neutron/tests/unit/agent/linux/openvswitch_firewall/test_rules.py":[{"author":{"_account_id":16688,"name":"Rodolfo Alonso","email":"ralonsoh@redhat.com","username":"rodolfo-alonso-hernandez"},"change_message_id":"17593d0e2c6d1b35b425ebdaf02a6273a1f92e73","unresolved":false,"context_lines":[{"line_number":173,"context_line":"            flow.update(flow_template)"},{"line_number":174,"context_line":"        flows \u003d rules.create_protocol_flows("},{"line_number":175,"context_line":"            direction, flow_template, self.port, rule)"},{"line_number":176,"context_line":"        self.assertEqual(expected_flows, flows)"},{"line_number":177,"context_line":""},{"line_number":178,"context_line":"    def test_create_protocol_flows_ingress(self):"},{"line_number":179,"context_line":"        rule \u003d {\u0027protocol\u0027: constants.PROTO_NUM_TCP}"}],"source_content_type":"text/x-python","patch_set":13,"id":"5fc1f717_da01a606","line":176,"range":{"start_line":176,"start_character":25,"end_line":176,"end_character":46},"updated":"2019-04-01 11:22:50.000000000","message":"You should sort first both lists: http://logs.openstack.org/09/639009/13/check/openstack-tox-py27/9464faf/testr_results.html.gz","commit_id":"e3e2b1b636380971708380d04a0896392ce5e5ff"},{"author":{"_account_id":18480,"name":"zhengy","email":"zhengy23@163.com","username":"zhengyong"},"change_message_id":"1f7e37236ca30597c7d42ac52bf7931ced38bc3e","unresolved":false,"context_lines":[{"line_number":173,"context_line":"            flow.update(flow_template)"},{"line_number":174,"context_line":"        flows \u003d rules.create_protocol_flows("},{"line_number":175,"context_line":"            direction, flow_template, self.port, rule)"},{"line_number":176,"context_line":"        self.assertEqual(expected_flows, flows)"},{"line_number":177,"context_line":""},{"line_number":178,"context_line":"    def test_create_protocol_flows_ingress(self):"},{"line_number":179,"context_line":"        rule \u003d {\u0027protocol\u0027: constants.PROTO_NUM_TCP}"}],"source_content_type":"text/x-python","patch_set":13,"id":"5fc1f717_fa1ee2b9","line":176,"range":{"start_line":176,"start_character":25,"end_line":176,"end_character":46},"in_reply_to":"5fc1f717_da01a606","updated":"2019-04-01 12:09:33.000000000","message":"Thank you for your reminder, I have fix it.","commit_id":"e3e2b1b636380971708380d04a0896392ce5e5ff"},{"author":{"_account_id":18480,"name":"zhengy","email":"zhengy23@163.com","username":"zhengyong"},"change_message_id":"1783b6e55b996678c5b2a3ab2d47bd7d341b9399","unresolved":false,"context_lines":[{"line_number":173,"context_line":"            flow.update(flow_template)"},{"line_number":174,"context_line":"        flows \u003d rules.create_protocol_flows("},{"line_number":175,"context_line":"            direction, flow_template, self.port, rule)"},{"line_number":176,"context_line":"        self.assertEqual(expected_flows, flows)"},{"line_number":177,"context_line":""},{"line_number":178,"context_line":"    def test_create_protocol_flows_ingress(self):"},{"line_number":179,"context_line":"        rule \u003d {\u0027protocol\u0027: constants.PROTO_NUM_TCP}"}],"source_content_type":"text/x-python","patch_set":13,"id":"5fc1f717_7a80b2c0","line":176,"range":{"start_line":176,"start_character":25,"end_line":176,"end_character":46},"in_reply_to":"5fc1f717_fa1ee2b9","updated":"2019-04-01 12:10:08.000000000","message":"Done","commit_id":"e3e2b1b636380971708380d04a0896392ce5e5ff"}]}