Browse Source

Fix OVS conjunctive IP flows cleanup

Currently when deleting a remote-group's member IPs, the deleted IPs'
 conjunctive flows are not cleaned up in OF tables. This is because
 the conjunctive flows' cookies don't match with the OVSBridge default
 cookie used by the delete flow method. This patch fixed the issue by
 using an ANY cookie that can always match with the cookies of the
 conjunctive flows.

Conflicts:
    neutron/agent/linux/openvswitch_firewall/firewall.py

Change-Id: I74916acf8311989dca267f23261ec4cf449a6abf
Closes-Bug: 1907491
(cherry picked from commit f4b64e519c)
(cherry picked from commit 03f0a832a8)
changes/54/776454/3
Hang Yang 12 months ago
committed by Slawek Kaplonski
parent
commit
480ede535a
  1. 5
      neutron/agent/linux/openvswitch_firewall/firewall.py
  2. 10
      neutron/tests/unit/agent/linux/openvswitch_firewall/test_firewall.py

5
neutron/agent/linux/openvswitch_firewall/firewall.py

@ -1494,4 +1494,9 @@ class OVSFirewallDriver(firewall.FirewallDriver):
# the actions field is bogus anyway.
del flow['actions']
del flow['priority']
# NOTE(hangyang) If cookie is not set then _delete_flows will
# use the OVSBridge._default_cookie to filter the flows but that
# will not match with the ip flow's cookie so OVS won't actually
# delete the flow
flow['cookie'] = ovs_lib.COOKIE_ANY
self._delete_flows(deferred=False, **flow)

10
neutron/tests/unit/agent/linux/openvswitch_firewall/test_firewall.py

@ -1001,6 +1001,16 @@ class TestOVSFirewallDriver(base.BaseTestCase):
addr_to_conj = {'addr1': {8, 16, 24}}
self._test_delete_flows_for_flow_state(addr_to_conj, False)
def test_delete_flow_for_ip_using_cookie_any(self):
with mock.patch.object(self.firewall, '_delete_flows') as \
mock_delete_flows:
self.firewall.delete_flow_for_ip('10.1.2.3',
constants.INGRESS_DIRECTION,
constants.IPv4, 100, [0])
_, kwargs = mock_delete_flows.call_args
self.assertIn('cookie', kwargs)
self.assertIs(ovs_lib.COOKIE_ANY, kwargs['cookie'])
class TestCookieContext(base.BaseTestCase):
def setUp(self):

Loading…
Cancel
Save