Fix lost connection when create security group log
Packet sent to table 91 are considered accepted by the egress pipeline
and NORMAL action is used by default in this table. However, if we
create a security group logging resource, then ovs flows log will be
added into this table with higher priority. Therefore packet matches
with ovs flows log will be sent to CONTROLLER and never forward.
So this patch append action=NORMAL into ovs flows log to forward
the packet and send it to CONTROLLER for logging.
Closes-Bug: #1787106
Change-Id: I6e95e2e646ec8a5507c7f140ab2c4a56be8404c3
(cherry picked from commit 7d2ac2d0af
)
This commit is contained in:
parent
e789f92eb9
commit
684ea39801
|
@ -336,6 +336,9 @@ class OVSFirewallLoggingDriver(log_ext.LoggingDriver):
|
|||
flow['ct_state'] = ovsfw_consts.OF_STATE_NEW_NOT_ESTABLISHED
|
||||
flow['table'] = OVS_FW_TO_LOG_TABLES[flow['table']]
|
||||
flow['actions'] = 'controller'
|
||||
# forward egress accepted packet and log
|
||||
if flow['table'] == ovs_consts.ACCEPTED_EGRESS_TRAFFIC_TABLE:
|
||||
flow['actions'] = 'normal,controller'
|
||||
self._add_flow(**flow)
|
||||
|
||||
def _add_flow(self, **kwargs):
|
||||
|
|
|
@ -103,7 +103,8 @@ class TestLoggingExtension(LoggingExtensionTestFramework):
|
|||
def _is_log_flow_set(self, table):
|
||||
flows = self.log_driver.int_br.br.dump_flows_for_table(table)
|
||||
pattern = re.compile(
|
||||
r"^.* table=%s.* actions=CONTROLLER:65535" % table
|
||||
r"^.* table=%s.* "
|
||||
r"actions=(NORMAL,CONTROLLER:65535|CONTROLLER:65535)" % table
|
||||
)
|
||||
for flow in flows.splitlines():
|
||||
if pattern.match(flow.strip()):
|
||||
|
|
|
@ -183,7 +183,7 @@ class TestOVSFirewallLoggingDriver(base.BaseTestCase):
|
|||
tcp_dst='0x007b'),
|
||||
# log egress tcp6
|
||||
mock.call(
|
||||
actions='controller',
|
||||
actions='normal,controller',
|
||||
cookie=accept_cookie.id,
|
||||
ct_state=ovsfw_consts.OF_STATE_NEW_NOT_ESTABLISHED,
|
||||
reg5=self.port_ofport,
|
||||
|
@ -193,7 +193,7 @@ class TestOVSFirewallLoggingDriver(base.BaseTestCase):
|
|||
table=ovs_consts.ACCEPTED_EGRESS_TRAFFIC_TABLE),
|
||||
# log egress udp
|
||||
mock.call(
|
||||
actions='controller',
|
||||
actions='normal,controller',
|
||||
cookie=accept_cookie.id,
|
||||
ct_state=ovsfw_consts.OF_STATE_NEW_NOT_ESTABLISHED,
|
||||
reg5=self.port_ofport,
|
||||
|
|
Loading…
Reference in New Issue