)]}'
{"neutron/agent/linux/openvswitch_firewall/firewall.py":[{"author":{"_account_id":1131,"name":"Brian Haley","email":"haleyb.dev@gmail.com","username":"brian-haley"},"change_message_id":"21bcd57e68953953c356809fa7ee99381a1841d2","unresolved":false,"context_lines":[{"line_number":967,"context_line":"                ct_mark\u003dovsfw_consts.CT_MARK_NORMAL,"},{"line_number":968,"context_line":"                reg_port\u003dport.ofport,"},{"line_number":969,"context_line":"                ct_zone\u003dport.vlan_tag,"},{"line_number":970,"context_line":"                nw_proto\u003d47,"},{"line_number":971,"context_line":"                actions\u003d\u0027normal\u0027"},{"line_number":972,"context_line":"            )"},{"line_number":973,"context_line":"        self._add_flow("}],"source_content_type":"text/x-python","patch_set":1,"id":"9fb8cfa7_62226aa5","line":970,"range":{"start_line":970,"start_character":25,"end_line":970,"end_character":27},"updated":"2019-07-02 02:56:32.000000000","message":"s/lib_const.PROTO_NUM_GRE","commit_id":"ea41b651ffe43d3eb1ffa5c1070c6158cb293172"},{"author":{"_account_id":19956,"name":"Yang Li","email":"yang.li@easystack.cn","username":"leonstack"},"change_message_id":"e4e2054d3a6b637ef5c96fecc094ea675bbd3232","unresolved":false,"context_lines":[{"line_number":967,"context_line":"                ct_mark\u003dovsfw_consts.CT_MARK_NORMAL,"},{"line_number":968,"context_line":"                reg_port\u003dport.ofport,"},{"line_number":969,"context_line":"                ct_zone\u003dport.vlan_tag,"},{"line_number":970,"context_line":"                nw_proto\u003d47,"},{"line_number":971,"context_line":"                actions\u003d\u0027normal\u0027"},{"line_number":972,"context_line":"            )"},{"line_number":973,"context_line":"        self._add_flow("}],"source_content_type":"text/x-python","patch_set":1,"id":"9fb8cfa7_16916f52","line":970,"range":{"start_line":970,"start_character":25,"end_line":970,"end_character":27},"in_reply_to":"9fb8cfa7_62226aa5","updated":"2019-07-02 05:39:17.000000000","message":"Thanks, I will fix this.","commit_id":"ea41b651ffe43d3eb1ffa5c1070c6158cb293172"},{"author":{"_account_id":1131,"name":"Brian Haley","email":"haleyb.dev@gmail.com","username":"brian-haley"},"change_message_id":"21bcd57e68953953c356809fa7ee99381a1841d2","unresolved":false,"context_lines":[{"line_number":1086,"context_line":"                dl_type\u003dethertype,"},{"line_number":1087,"context_line":"                ct_mark\u003dovsfw_consts.CT_MARK_NORMAL,"},{"line_number":1088,"context_line":"                ct_zone\u003dport.vlan_tag,"},{"line_number":1089,"context_line":"                nw_proto\u003d47,"},{"line_number":1090,"context_line":"                actions\u003d\u0027normal\u0027"},{"line_number":1091,"context_line":"            )"},{"line_number":1092,"context_line":"        self._add_flow("}],"source_content_type":"text/x-python","patch_set":1,"id":"9fb8cfa7_023daec2","line":1089,"updated":"2019-07-02 02:56:32.000000000","message":"same","commit_id":"ea41b651ffe43d3eb1ffa5c1070c6158cb293172"},{"author":{"_account_id":16688,"name":"Rodolfo Alonso","email":"ralonsoh@redhat.com","username":"rodolfo-alonso-hernandez"},"change_message_id":"8638670e560f233127d31d7523cf60b09a505315","unresolved":false,"context_lines":[{"line_number":958,"context_line":"                actions\u003d\u0027resubmit(,%d)\u0027 % ("},{"line_number":959,"context_line":"                    ovs_consts.ACCEPTED_EGRESS_TRAFFIC_NORMAL_TABLE)"},{"line_number":960,"context_line":"            )"},{"line_number":961,"context_line":"        for ethertype in [lib_const.ETHERTYPE_IP, lib_const.ETHERTYPE_IPV6]:"},{"line_number":962,"context_line":"            self._add_flow("},{"line_number":963,"context_line":"                table\u003dovs_consts.RULES_EGRESS_TABLE,"},{"line_number":964,"context_line":"                priority\u003d50,"}],"source_content_type":"text/x-python","patch_set":3,"id":"7faddb67_2a0dfe3d","line":961,"updated":"2019-07-05 09:13:37.000000000","message":"What you are doing here is drilling a hole in the firewall just for an specific protocol, instead of adding this rule in the Neutron Security Group (SG).\n\nIf the rule is marked with mark\u003d1, that means the flow is hitting this rule [1]. If, as you commented in the bug description, you have a SG rule to allow this egress traffic, this rule should be in the same table (RULES_EGRESS_TABLE\u003d72), with a priority of \u003e\u003d70 (greater than 40, which is the reject rule default priority).\n\nBut in the bug description you are talking about the following rule:\ncookie\u003d0x8bbcb4f28e827fee, duration\u003d81.097s, table\u003d82, n_packets\u003d2, n_bytes\u003d158, idle_age\u003d1, priority\u003d40,ct_state\u003d+est,ip,reg5\u003d0x23 actions\u003dct(commit,zone\u003dNXM_NX_REG6[0..15],exec(load:0x1-\u003eNXM_NX_CT_MARK[]))\n\nThis is, as you can see in the table number (RULES_INGRESS_TABLE\u003d82), an ingress rule. Same as before, you should review the rules applied in this ingress table according to your SG rule definition. You should have a rule with priority \u003e\u003d70.\n\nAnother comment about this rule. The default action should not be \"normal\", but a resubmit to the corresponding processing table.\n\n[1] https://github.com/openstack/neutron/blob/dec5eed17f9c74b945f2b8b3136854746deb10ee/neutron/agent/linux/openvswitch_firewall/firewall.py#L970","commit_id":"808c85445daed198f227e5d2ecb99891c74188ba"}],"neutron/tests/unit/agent/linux/openvswitch_firewall/test_firewall.py":[{"author":{"_account_id":1131,"name":"Brian Haley","email":"haleyb.dev@gmail.com","username":"brian-haley"},"change_message_id":"21bcd57e68953953c356809fa7ee99381a1841d2","unresolved":false,"context_lines":[{"line_number":525,"context_line":"            ct_mark\u003dovsfw_consts.CT_MARK_NORMAL,"},{"line_number":526,"context_line":"            reg5\u003dself.port_ofport,"},{"line_number":527,"context_line":"            ct_zone\u003dTESTING_VLAN_TAG,"},{"line_number":528,"context_line":"            nw_proto\u003d47,"},{"line_number":529,"context_line":"            actions\u003d\u0027normal\u0027)"},{"line_number":530,"context_line":"        exp_ingress_gre_classifier \u003d mock.call("},{"line_number":531,"context_line":"            table\u003dovs_consts.RULES_INGRESS_TABLE,"}],"source_content_type":"text/x-python","patch_set":1,"id":"9fb8cfa7_2238f2d0","line":528,"updated":"2019-07-02 02:56:32.000000000","message":"same","commit_id":"ea41b651ffe43d3eb1ffa5c1070c6158cb293172"},{"author":{"_account_id":1131,"name":"Brian Haley","email":"haleyb.dev@gmail.com","username":"brian-haley"},"change_message_id":"21bcd57e68953953c356809fa7ee99381a1841d2","unresolved":false,"context_lines":[{"line_number":535,"context_line":"            ct_mark\u003dovsfw_consts.CT_MARK_NORMAL,"},{"line_number":536,"context_line":"            reg5\u003dself.port_ofport,"},{"line_number":537,"context_line":"            ct_zone\u003dTESTING_VLAN_TAG,"},{"line_number":538,"context_line":"            nw_proto\u003d47,"},{"line_number":539,"context_line":"            actions\u003d\u0027normal\u0027)"},{"line_number":540,"context_line":"        exp_ingress_classifier \u003d mock.call("},{"line_number":541,"context_line":"            actions\u003d\u0027set_field:{:d}-\u003ereg5,set_field:{:d}-\u003ereg6,\u0027"}],"source_content_type":"text/x-python","patch_set":1,"id":"9fb8cfa7_c23236f2","line":538,"updated":"2019-07-02 02:56:32.000000000","message":"same","commit_id":"ea41b651ffe43d3eb1ffa5c1070c6158cb293172"}]}