Hello, Apologies for multiple posts, forgot to set proper subject in previous one. I'd like to turn attention to the broken port rule masking problem [1], which affects 2 projects so far: neutron (mitaka+ with ovs firewall driver configuration) and networking-ovs-dpdk [2]. To keep it short: the existing port masking implementation is broken and in several cases it will either leave a range of ports open (causing unrestricted access) or make some ports inaccessible (when they should be open) because of bad tp_src value being generated. 2 solutions have been proposed so far: * The "low-level one" with O(log n) complexity by IWAMOTO Toshihiro and me [2] * The "high-level one" with O(n^2) complexity by Jakub Libosvar [3] As long as the bug looks like a security vulnerability and is kind of critical for ovs firewall feature, maybe we should choose one algorithm to go on with and have this fixed in Newton? [1] https://bugs.launchpad.net/neutron/+bug/1611991 [2] https://review.openstack.org/#/c/353782/30 [3] https://review.openstack.org/#/c/353782/16 Best regards, Inessa Vasilevskaya -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20160922/e163e715/attachment.html>