85 Commits (99f0a1116328183f68820057aae146f814ed1dff)

Author SHA1 Message Date
Slawek Kaplonski 9f4a9f8f86 [ovs fw] Restrict IPv6 NA and DHCP(v6) IP and MAC source addresses 6 months ago
Hang Yang 480ede535a Fix OVS conjunctive IP flows cleanup 10 months ago
Slawek Kaplonski 9ab5159d2d [OVS FW] Allow egress ICMPv6 only for know addresses 7 months ago
Slawek Kaplonski d016082e18 [OVS FW] Clean conntrack entries with mark == CT_MARK_INVALID 7 months ago
Marc Gariepy 36fc4708be Fix losses of ovs flows when ovs is restarted 8 months ago
Moshe Levi 51c7c3cb2e ovs firewall: fix mac learning on the ingress rule table when ovs offload enabled 12 months ago
Rodolfo Alonso Hernandez abeda5aece [OVS][FW] Remote SG IDs left behind when a SG is removed 1 year ago
LIU Yulong fdc8987f79 Add accepted egress direct flow 2 years ago
LIU Yulong dabb77fcbc Add VLAN type conntrack direct flow 2 years ago
Hang Yang 1adda631c4 Check SG members instead of ports to skip flow update 2 years ago
Lajos Katona 6d17829aa6 Catch OVSFWTagNotFound in update_port_filter 3 years ago
Rodolfo Alonso Hernandez 7d10d29020 Improve "OVSFirewallDriver.process_trusted_ports" 2 years ago
Slawek Kaplonski 50a02ebc06 [OVS FW] Clean port rules if port not found in ovsdb 2 years ago
Yang Li ed76c15735 Add more condition to check sg member exist 2 years ago
Oleg Bondarev 879bb90328 Handle OVSFWPortNotFound and OVSFWTagNotFound in ovs firewall 2 years ago
Nate Johnston f85cfe395d Log OVS firewall conjunction creation 2 years ago
Nate Johnston f88d703efe OVS flows for custom ethertypes must be on EGRESS 2 years ago
Yang Li 56cd50e9d2 Make sure the port still in port map when prepare_port_filter 2 years ago
Oleg Bondarev eabd114a9b Yield control to other greenthreads while processing trusted ports 2 years ago
Nate Johnston 55a503b4c9 Add custom ethertype processing 2 years ago
Slawek Kaplonski 2c11424178 Reinitialize ovs firewall after ovs-vswitchd restart 3 years ago
Thomas Morin 116e73ba9b ovs fw: apply the NORMAL action on egress traffic in a single table 3 years ago
Nguyen Phuong An 8aec1ecb09 Fix no ACCEPT event can get for security group logging 3 years ago
Brian Haley 7cfdf4aa81 Fix all pep8 E129 errors 3 years ago
Jakub Libosvar 8b2c40366b ovs-fw: Apply openflow rules immediately during update 3 years ago
Jakub Libosvar 6f7ba76075 ovs-fw: Fix firewall blink 4 years ago
Jakub Libosvar 3327db80be ovs-fw: Clear conntrack information before egress pipeline 4 years ago
Jakub Libosvar b3b2df142e ovsfw: Use bundle when adding security group rules 4 years ago
Boden R d55e824310 use EGRESS_DIRECTION and INGRESS_DIRECTION from neutron-lib 4 years ago
Sławek Kapłoński 02cc3ca307 ovsfw: Update SG rules even if OVSFW Port is not found 4 years ago
Jakub Libosvar 37aba76275 ovs-fw: Don't modify passed rules to update 4 years ago
Nguyen Phuong An 7bd8b37e38 [log] ovs fw logging implementation 5 years ago
Jakub Libosvar ed57c3de42 ovsfw: Don't create rules if updated port doesn't exist 4 years ago
Frank Wang e2ebc7d7f8 [trivial fix]fix typos in neutron 4 years ago
Jakub Libosvar 29080700eb ovsfw: Create tables for further consumption 4 years ago
Zachary 364e5db586 ovs-fw: catches exception from ovsdb 4 years ago
IWAMOTO Toshihiro 4ac4c22a64 ovsfw: Use multiple priorities in RULES_*_TABLE 4 years ago
IWAMOTO Toshihiro 237ec30ca9 ovsfw: Merge multiple conjunction flows 4 years ago
Hunt Xu 675ecb8190 Fix typo: allow_address_pair -> allowed_address_pair 4 years ago
Jakub Libosvar 9d74de162a ovs-fw: Remove iptables rules on hybrid ports 4 years ago
IWAMOTO Toshihiro effa12889b ovsfw: Fix port_ranges handling 4 years ago
Inessa Vasilevskaya 7322bd6efb Make code follow log translation guideline 5 years ago
Jakub Libosvar 1d80c960f6 ovs-fw: Handle only known trusted ports 4 years ago
jufeng b7892b16b2 ovsfw: fix allowed_address_pairs MAC issue 4 years ago
Jakub Libosvar 6370a04710 ovsfw: Fix overlapping MAC addresses on integration bridge 4 years ago
Thomas Morin f2caa7c823 OVS firewall: do strip_vlan in TRANSIENT_TABLE 5 years ago
Jakub Libosvar d559cd53e8 ovs-fw: Use TRANSIENT table for traffic classification 4 years ago
Brian Haley 0cb9b5254f Split allowed ICMPv6 types into two constants 4 years ago
Brian Haley ce0352aa7b Drop IPv6 Router Advertisements in OVS firewall 4 years ago
IWAMOTO Toshihiro a429678b21 ovsfw: followup cleanups for the conjunction patch 4 years ago