Uploaded image for project: 'netvirt'
  1. netvirt
  2. NETVIRT-160

Learn SG - correct matches for rules for ICMP and other general changes

    XMLWordPrintable

Details

    • Bug
    • Status: Resolved
    • Resolution: Done
    • Carbon
    • None
    • General
    • None

    • Operating System: All
      Platform: All

    • 6769

    Description

      1. When configuring an ICMP allow rule - I got this:
      table=42, priority=61010,ip,metadata=0x30000000000/0x1fffff0000000000 actions=learn(table=252,idle_timeout=60,hard_timeout=60,priority=61010,cookie=0x6900000,eth_type=0x800,NXM_OF_IP_SRC[]=NXM_OF_IP_DST[],NXM_OF_IP_PROTO[],load:0x1->NXM_NX_REG6[0..7]),resubmit(,17)

      We need to match on ICMP not IP in this case - otherwise it conflicts with other SG rules

      2. Why dont we match on both directions of IP? This would be more correct - add NXM_OF_IP_DST[]=NXM_OF_IP_SRC[]

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            Unassigned Unassigned
            alonko@hpe.com Alon Kochba
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: