Comment 22 for bug 1508155
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Related fix merged to neutron (master) | #22 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
513534c
demo site
(Get the code!)
Reviewed: https:/
Committed: https:/
Submitter: "Zuul (22348)"
Branch: master
commit 0a931391d8990f3
Author: Rodolfo Alonso Hernandez <email address hidden>
Date: Wed Apr 7 13:16:21 2021 +0000
Make ARP protection commands compatible with "ebtables-nft"
"nftables" compatible binary, "ebtables-nft", is not 100% compatible
with the legacy API, as reported in LP#1922892.
This patch fixes the following issues when using "ebtables-nft" (while
keeping compatibility with legacy binary):
- When a new chain is created, a default DROP rule is added at the end
of the chain (append). This will prevent the error code 4 when the
chain is listed.
- The chain rules are added at the begining of the chain (insert),
before the default DROP rule. This will prioritize the port rules.
- The MAC rules are cleaned before the new ones are added. That will
prevent the deletion of any new needed rule, now added after the
deletion.
- The "ebtables" command will retry on error code 4. This is the
error returned when the chains are listed and no rule is present
in a new created chain (reporeted in LP#1922892).
This code is backwards compatible, that means it works with the legacy
"ebtables" binary; this is currently installed in the Neutron CI [1].
In order to test with the new binary, "ebtables-nft", two new CI jobs
are added to the periodic queue [2].
[1]https:/
[2]https:/
Closes-Bug: #1922892
Related-Bug: #1508155
Change-Id: I9463b000f6f63e