4245963c71
"nftables" compatible binary, "ebtables-nft", is not 100% compatible with the legacy API, as reported in LP#1922892. This patch fixes the following issues when using "ebtables-nft" (while keeping compatibility with legacy binary): - When a new chain is created, a default DROP rule is added at the end of the chain (append). This will prevent the error code 4 when the chain is listed. - The chain rules are added at the begining of the chain (insert), before the default DROP rule. This will prioritize the port rules. - The MAC rules are cleaned before the new ones are added. That will prevent the deletion of any new needed rule, now added after the deletion. - The "ebtables" command will retry on error code 4. This is the error returned when the chains are listed and no rule is present in a new created chain (reporeted in LP#1922892). This code is backwards compatible, that means it works with the legacy "ebtables" binary; this is currently installed in the Neutron CI [1]. In order to test with the new binary, "ebtables-nft", two new CI jobs are added to the periodic queue [2]. [1] |
||
|---|---|---|
| .. | ||
| common | ||
| ml2 | ||
| __init__.py | ||