master
stable/zed
stable/wallaby
stable/xena
stable/yoga
stable/victoria
stable/train
stable/ussuri
19.5.0
stein-eol
rocky-eol
queens-eol
wallaby-em
18.6.0
21.0.0
21.0.0.0rc2
21.0.0.0rc1
20.2.0
19.4.0
18.5.0
20.1.0
19.3.0
18.4.0
pike-eol
victoria-em
17.4.1
19.2.0
18.3.0
17.4.0
20.0.0
20.0.0.0rc2
20.0.0.0rc1
18.2.0
17.3.0
19.1.0
ussuri-em
16.4.2
19.0.0
19.0.0.0rc2
19.0.0.0rc1
18.1.1
17.2.1
16.4.1
18.1.0
17.2.0
16.4.0
ocata-eol
train-em
17.1.2
16.3.2
15.3.4
18.0.0
18.0.0.0rc2
18.0.0.0rc1
17.1.1
16.3.1
15.3.3
15.3.2
17.1.0
16.3.0
15.3.1
stein-em
14.4.2
14.4.1
17.0.0
17.0.0.0rc2
16.2.0
15.3.0
14.4.0
17.0.0.0rc1
14.3.1
16.1.0
15.2.0
14.3.0
14.2.0
15.1.0
16.0.0
16.0.0.0rc2
16.0.0.0rc1
rocky-em
13.0.7
16.0.0.0b1
14.1.0
15.0.2
15.0.1
14.0.4
13.0.6
queens-em
12.1.1
13.0.5
14.0.3
15.0.0
15.0.0.0rc2
15.0.0.0rc1
15.0.0.0b1
12.1.0
14.0.2
13.0.4
pike-em
11.0.8
14.0.1
ocata-em
12.0.6
13.0.3
11.0.7
14.0.0
14.0.0.0rc1
14.0.0.0b3
14.0.0.0b2
14.0.0.0b1
12.0.5
11.0.6
13.0.2
12.0.4
13.0.1
13.0.0
13.0.0.0rc2
13.0.0.0rc1
13.0.0.0b3
10.0.7
11.0.5
12.0.3
13.0.0.0b2
10.0.6
12.0.2
11.0.4
13.0.0.0b1
12.0.1
11.0.3
10.0.5
12.0.0
12.0.0.0rc2
12.0.0.0rc1
12.0.0.0b3
12.0.0.0b2
11.0.2
12.0.0.0b1
newton-eol
11.0.1
10.0.4
11.0.0
10.0.3
9.4.1
11.0.0.0rc3
11.0.0.0rc2
11.0.0.0rc1
11.0.0.0b3
mitaka-eol
11.0.0.0b2
10.0.2
9.4.0
11.0.0.0b1
9.3.1
10.0.1
9.3.0
10.0.0
10.0.0.0rc2
liberty-eol
10.0.0.0rc1
8.4.0
9.2.0
10.0.0.0b3
10.0.0.0b2
9.1.1
10.0.0.0b1
9.1.0
8.3.0
7.2.0
9.0.0
9.0.0.0rc3
9.0.0.0rc2
9.0.0.0rc1
9.0.0.0b3
8.2.0
7.1.2
9.0.0.0b2
8.1.2
7.1.1
9.0.0.0b1
7.1.0
8.1.1
kilo-eol
2015.1.4
8.1.0
8.0.0
8.0.0.0rc3
7.0.4
8.0.0.0rc2
8.0.0.0rc1
8.0.0.0b3
7.0.3
7.0.2
2015.1.3
8.0.0.0b2
juno-eol
7.0.1
8.0.0.0b1
2014.2.4
7.0.0
7.0.0.0rc3
2015.1.2
7.0.0.0rc2
7.0.0.0rc1
7.0.0.0b3
2015.1.1
7.0.0.0b2
icehouse-eol
7.0.0.0b1
2014.1.5
7.0.0a0
2015.1.0
2015.1.0rc3
2015.1.0rc2
2014.2.3
2015.1.0rc1
2015.1.0b3
2014.1.4
2014.2.2
2015.1.0b2
2015.1.0b1
2014.2.1
2014.2
2014.2.rc3
2014.2.rc2
2014.2.rc1
2014.1.3
havana-eol
2013.2.4
2014.2.b3
2014.1.2
2014.2.b2
2014.2.b1
2014.1.1
2014.1
2014.1.rc2
2013.2.3
2014.1.rc1
grizzly-eol
2013.1.5
2014.1.b3
2013.2.2
2014.1.b2
2013.2.1
2014.1.b1
folsom-eol
2013.1.4
2013.2
2013.2.rc3
2013.2.rc2
2013.2.rc1
2013.2.b3
2013.1.3
2013.2.b2
2013.1.2
2013.2.b1
2013.1.1
essex-eol
diablo-eol
2012.2.4
2013.1
2013.1.rc3
2013.1.rc2
2013.1.rc1
2013.1.g3
2012.2.3
grizzly-2
2012.2.1
grizzly-1
2012.2
folsom-rc3
folsom-rc2
folsom-rc1
folsom-3
folsom-2
folsom-1
2012.1
essex-rc2
essex-rc1
2011.3
essex-1
essex-2
essex-3
essex-4
${ noResults }
7 Commits (cfc77635060b8b09944df02c7039dc4a708a76f4)
| Author | SHA1 | Message | Date |
|---|---|---|---|
Boden R
|
9bbe9911c4 |
remove neutron.common.constants
All of the externally consumed variables from neutron.common.constants now live in neutron-lib. This patch removes neutron.common.constants and switches all uses over to lib. NeutronLibImpact Depends-On: https://review.openstack.org/#/c/647836/ Change-Id: I3c2f28ecd18996a1cee1ae3af399166defe9da87 |
4 years ago |
|
Nguyen Phuong An
|
7bd8b37e38 |
[log] ovs fw logging implementation
This patch implements ovs firewall logging driver for security group base discussed on the spec [1] and [2] [1] https://specs.openstack.org/openstack/neutron-specs/specs/pike/logging-API-for-security-group-rules.html [2] https://docs.google.com/presentation/d/1fteBesETsmA7CWV6wf1i2QKa7k8EHPpRjytj8Rzeb-A/edit#slide=id.p Change-Id: Ib8668dd25ee7c5000a6dafcc7db3dbc33ad190be Co-Authored-By: IWAMOTO Toshihiro <iwamoto@valinux.co.jp> Co-Authored-By: Yushiro FURUKAWA <y.furukawa_2@jp.fujitsu.com> Partially-implements: blueprint security-group-logging Related-Bug: #1468366 |
5 years ago |
|
IWAMOTO Toshihiro
|
effa12889b |
ovsfw: Fix port_ranges handling
ovsfw ignored port_ranges when a SG rule protocol was sctp or given in a number rather than a token. This commit fixes that. Change-Id: I6c810a152990246d42d98c3673c4b5ee126ebb4b Closes-bug: #1708580 |
6 years ago |
|
Jakub Libosvar
|
d5c07fe512 |
ovsfw: Support protocol numbers instead of just tcp and udp
Neutron API accepts also protocol numbers as protocols for security groups. This patch makes support for it in OVS firewall driver. iptables driver already supports it. Fullstack test covering SCTP connection was added and it requires ip_conntrack_proto_sctp kernel module in order to make conntrack work with SCTP. Change-Id: I6c5665a994c4a50ddbb95cd1360be0de0a6c7e40 Closes-bug: 1625516 |
6 years ago |
|
Henry Gessau
|
4148a347b3 |
Use constants from neutron-lib
With this we enable the deprecation warnings by default. Related-Blueprint: neutron-lib Change-Id: I5b9e53751dd164010e5bbeb15f534ac0fe2a5105 |
7 years ago |
|
Jakub Libosvar
|
4f6aa3ffde |
ovs-fw: Mark conntrack entries invalid if no rule is matched
This patch makes sure that existing connection breaks once security group rule that allowed such connection is removed. Due to correctly track connections on the same hypervisor, zones were changed from per-port to per-network (based on port's vlan tag). This information is now stored in register 6. Also there was added a test for RELATED connections to avoid marking such connection as invalid by REPLY rules. Closes-Bug: 1549370 Change-Id: Ibb5942a980ddd8f2dd7ac328e9559a80c05789bb |
7 years ago |
|
Jakub Libosvar
|
ef29f7eb9a |
Open vSwitch conntrack based firewall driver
This firewall requires OVS 2.5+ version supporting conntrack and kernel conntrack datapath support (kernel>=4.3). For more information, see https://github.com/openvswitch/ovs/blob/master/FAQ.md As part of this new entry points for current reference firewalls were added. Configuration: in openvswitch_agent.ini: - in securitygroup section set firewall_driver to openvswitch DocImpact Closes-bug: #1461000 Co-Authored-By: Miguel Angel Ajo Pelayo <mangelajo@redhat.com> Co-Authored-By: Amir Sadoughi <amir.sadoughi@rackspace.com> Change-Id: I13e5cda8b5f3a13a60b14d80e54f198f32d7a529 |
7 years ago |