yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1369431] Re: Don't create ipset chain if corresponding security group has no member

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Thierry Carrez <thierry.carrez+lp@xxxxxxxxx>
Date: Fri, 03 Oct 2014 06:59:19 -0000
Reply-to: Bug 1369431 <1369431@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: neutron
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1369431

Title:
  Don't create ipset chain if corresponding security group has  no
  member

Status in OpenStack Neutron (virtual network service):
  Fix Released

Bug description:
  when a security group has bellow rule, it should not create ipset chain:
  security group id is: fake_sgid, it has rule bellow:
  {'direction': 'ingress', 'remote_group_id': 'fake_sgid2'}
  but the security group:fake_sgid2 has no member, so when the port in security group:fake_sgid should not create corresponding ipset chain

  root@devstack:/opt/stack/neutron# ipset list
  Name: IPv409040f9f-cb86-4f72-a
  Type: hash:ip
  Revision: 2
  Header: family inet hashsize 1024 maxelem 65536
  Size in memory: 16520
  References: 1
  Members:
  20.20.20.11

  Name: IPv609040f9f-cb86-4f72-a
  Type: hash:ip
  Revision: 2
  Header: family inet6 hashsize 1024 maxelem 65536
  Size in memory: 16504
  References: 1
  Members:

  because the security group:09040f9f-cb86-4f72-af74-4de4f2b86442 has no
  ipv6 member, so it should't create ipset chain:IPv609040f9f-
  cb86-4f72-a

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1369431/+subscriptions

References

[Bug 1369431] [NEW] Don't create ipset chain if corresponding security group has no member
From: shihanzhang, 2014-09-15