Updated openstack/openstack

Project: openstack/neutron-fwaas  43d6d29f131e16ba15b83922efe40181303422c7

Modify an order between iptables and conntrack when update firewall

When update a firewall, we should update the iptables firstly,
and then remove the conntrack record, just like the function
create_firewall() and create_firewall_group(). Otherwise, the
contrack record could be reproduced. It will be occurred more
easily in scenario of large flow, because removing conntrack
and updating firewall will take some time, and in this interval
the subsequent flow could be came to reproduced the same
conntrack record.

Change-Id: I7bd36964199c6ce7c146f3ef06a693e9c6fe5353
Closes-bug: #1696093

This commit is contained in:

Jenkins

2017-06-08 14:29:18 +00:00

committed by

Gerrit Code Review

parent ac2c7a2a29

commit 0aa78a831c

1 changed files with 1 additions and 1 deletions

2

neutron-fwaas

 @ -1 +1 @@
 Subproject commit 628b6f4207fededab3e6d8d817fdbd727974933e
 Subproject commit 43d6d29f131e16ba15b83922efe40181303422c7

Updated openstack/openstack

2 neutron-fwaas

2

neutron-fwaas