Details
-
Bug
-
Status: Resolved
-
Resolution: Done
-
Boron
-
None
-
None
-
Operating System: All
Platform: All
-
7105
Description
Description:
*************
Lunch 2 vms in same network and different Hosts:
vm_x(Sg1=egress for Tcp 80+ALL tcp),vm_y(Sg2=All protocol - ingress&Egress).
Action
*******
Try to open ssh from vm_x->vm_y - succeed
Try to open ssh from vm_y->vm_x - succeed (should fail!!!)
Defect
******
As it can be seen in All Tcp rule in table 42,no src and dst port.
This cause to condition that packets from external vm can send packets on learn rule.
Note!!
*******
Need to check for both All Tcp and All Icmp
root@devstack-man21-zan:~# ovs-ofctl dump-flows -OOpenFlow13 br-int | grep table=42
cookie=0x6900000, duration=1056.458s, table=42, n_packets=0, n_bytes=0, priority=61010,reg5=0x1 actions=resubmit(,17)
cookie=0x6900000, duration=446.635s, table=42, n_packets=0, n_bytes=0, priority=61010,tcp,metadata=0x40000000000/0x1fffff0000000000,tp_dst=80 actions=learn(table=252,idle_timeout=18000,fin_idle_timeout=300,priority=61010,cookie=0x6900000,eth_type=0x800,nw_proto=6,NXM_OF_IP_SRC[]=NXM_OF_IP_DST[],NXM_OF_TCP_SRC[]=NXM_OF_TCP_DST[],NXM_OF_IP_DST[]=NXM_OF_IP_SRC[],NXM_OF_TCP_DST[]=NXM_OF_TCP_SRC[],load:0x1->NXM_NX_REG5[0..7]),resubmit(,17)
cookie=0x6900000, duration=446.635s, table=42, n_packets=15, n_bytes=2506, priority=61010,tcp,metadata=0x40000000000/0x1fffff0000000000 actions=learn(table=252,idle_timeout=300,priority=61010,cookie=0x6900000,eth_type=0x800,NXM_OF_IP_SRC[]=NXM_OF_IP_DST[],NXM_OF_IP_DST[]=NXM_OF_IP_SRC[],NXM_OF_IP_PROTO[],load:0x1->NXM_NX_REG5[0..7]),resubmit(,17)
cookie=0x6900000, duration=1056.615s, table=42, n_packets=15, n_bytes=1418, priority=0 actions=drop
