52 Commits (b76800474d2d3e23bcbd8d0fc9239de799d37501)

Author SHA1 Message Date
Slawek Kaplonski ac474307d3 [ovs fw] Restrict IPv6 NA and DHCP(v6) IP and MAC source addresses 6 months ago
Slawek Kaplonski 580e57b2ad [OVS FW] Allow egress ICMPv6 only for know addresses 7 months ago
Slawek Kaplonski 817c5f2249 [OVS FW] Clean conntrack entries with mark == CT_MARK_INVALID 7 months ago
Hang Yang c720f26b6a Fix OVS conjunctive IP flows cleanup 10 months ago
Rodolfo Alonso Hernandez ed22f7a2ff [OVS][FW] Remote SG IDs left behind when a SG is removed 1 year ago
Yang JianFeng 7b41d63f8f Make DVR router support FLAT network for ovs-agent 1 year ago
LIU Yulong 00298fe6e8 [Security] fix allowed-address-pair 0.0.0.0/0 issue 2 years ago
Hang Yang 6dbba8d5ce Check SG members instead of ports to skip flow update 2 years ago
LIU Yulong efa8dd0895 Add accepted egress direct flow 2 years ago
Slawek Kaplonski b01e0c2aa9 [OVS FW] Clean port rules if port not found in ovsdb 2 years ago
Yang Li 5cb0ff418a Add more condition to check sg member exist 2 years ago
LIU Yulong aa58542e82 Add VLAN type conntrack direct flow 2 years ago
Rodolfo Alonso Hernandez ae1d36fa9d Improve "OVSFirewallDriver.process_trusted_ports" 2 years ago
Rodolfo Alonso Hernandez 11380ff5da Register SG opts when testing test_firewall 2 years ago
Ihar Hrachyshka 4aeec20001 Drop of_interface option 4 years ago
Yang Li 82782d3763 Make sure the port still in port map when prepare_port_filter 2 years ago
Boden R 9bbe9911c4 remove neutron.common.constants 3 years ago
Slawek Kaplonski 2ba9e95156 Reinitialize ovs firewall after ovs-vswitchd restart 3 years ago
Brian Haley cf37563c83 Remove deprecated vsctl ovsdb_interface api 3 years ago
Jakub Libosvar 8b2c40366b ovs-fw: Apply openflow rules immediately during update 3 years ago
Jakub Libosvar 6f7ba76075 ovs-fw: Fix firewall blink 4 years ago
Boden R d55e824310 use EGRESS_DIRECTION and INGRESS_DIRECTION from neutron-lib 4 years ago
Sławek Kapłoński 02cc3ca307 ovsfw: Update SG rules even if OVSFW Port is not found 4 years ago
Nguyen Phuong An 7bd8b37e38 [log] ovs fw logging implementation 5 years ago
Jakub Libosvar ed57c3de42 ovsfw: Don't create rules if updated port doesn't exist 4 years ago
Jakub Libosvar 29080700eb ovsfw: Create tables for further consumption 4 years ago
IWAMOTO Toshihiro 4ac4c22a64 ovsfw: Use multiple priorities in RULES_*_TABLE 4 years ago
IWAMOTO Toshihiro effa12889b ovsfw: Fix port_ranges handling 4 years ago
Jakub Libosvar 1d80c960f6 ovs-fw: Handle only known trusted ports 4 years ago
jufeng b7892b16b2 ovsfw: fix allowed_address_pairs MAC issue 4 years ago
Jakub Libosvar 6370a04710 ovsfw: Fix overlapping MAC addresses on integration bridge 4 years ago
Thomas Morin f2caa7c823 OVS firewall: do strip_vlan in TRANSIENT_TABLE 5 years ago
Jakub Libosvar d559cd53e8 ovs-fw: Use TRANSIENT table for traffic classification 4 years ago
IWAMOTO Toshihiro a429678b21 ovsfw: followup cleanups for the conjunction patch 4 years ago
IWAMOTO Toshihiro 192bc5f1a8 Use conjunction for security group rules with remote_group_id 5 years ago
Ravi Kota 864a8a7ce8 Handle CIDR IP address in allowed address pairs 5 years ago
IWAMOTO Toshihiro 829b39b1eb ovsfw: Refresh OFPort when necessary 5 years ago
Jakub Libosvar a66c271935 ovsfw: Raise exception if tag cannot be found in other_config 5 years ago
Jakub Libosvar b9e737bc3b ovsfw: Fix variable names in UT 5 years ago
Henry Gessau 4148a347b3 Use constants from neutron-lib 6 years ago
Jakub Libosvar d93466923f ovsfw: Remove vlan tag before injecting packets to port 6 years ago
Jakub Libosvar 0f9ec7b72a ovsfw: Remove vlan tag before injecting packets to port 6 years ago
Jakub Libosvar c6ef57a6d5 ovs-fw: Mark conntrack entries invalid if no rule is matched 6 years ago
Jakub Libosvar 4f6aa3ffde ovs-fw: Mark conntrack entries invalid if no rule is matched 6 years ago
Jakub Libosvar cd84563623 security-groups: Add ipv6 support to ovs firewall 6 years ago
Jakub Libosvar 9af8f56d1d ovs-fw: Enhance port ranges with masks 6 years ago
Jakub Libosvar ef29f7eb9a Open vSwitch conntrack based firewall driver 6 years ago