ff3132d8d4
![Kevin Benton](/assets/img/avatar_default.png)
The conntrack clearing code was belligerenty killing connections without a conntrack zone specifier when it couldn't get the zone for a given device. This means it would kill all connections based on an IP address match, which meant hitting innocent bystanders in other tenant networks with overlapping IP addresses. This bad fallback was being triggered every time because it was using the wrong identifier for a port to look up the zone. This patch fixes the port lookup and adjusts the fallback behavior to never clear conntrack entries if we can't find the conntrack zone for a port. This triggered the bug below (in the cases I root-caused) by killing a metadata connection right in the middle of retrieving a key. Closes-Bug: #1668958 Change-Id: Ia4ee9b3305e89c958ac927980d80119c53ea519b
Team and repository tags
Welcome!
To learn more about neutron:
- Documentation: http://docs.openstack.org
- Features: http://specs.openstack.org/openstack/neutron-specs
- Defects: http://launchpad.net/neutron
Get in touch via email. Use [Neutron] in your subject.
To learn how to contribute:
CONTRIBUTING.rst
Description
Languages
Python
99.7%
Shell
0.3%