← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #37375

[Bug 1489690] [NEW] neutron-openvswitch-agent leak sg iptables rules

  Thread PreviousDate PreviousThread Next 
Public bug reported:

In function 'treat_devices_added_or_updated', port not exist at 'br-int' will be added into 'skipped_devices', and return to parent function 'process_network_ports', and 'process_network_ports' will remove these ports from port_info['current'].
If a port updated due to 'sg_member', and the port deleted just in function 'treat_devices_added_or_updated', so the port aded into 'skipped_devices', then it removed from port_info['current']. When next 'scan_port', the port not in 'registered_ports', so it not added into port_info['removed'], it's chains and rules will never been removed. These waste chains and rules stay in iptables util ovs-agent restart or compute node restart.

** Affects: neutron
     Importance: Undecided
     Assignee: Zhangqi Chen (chenzhangqi79)
         Status: New


** Tags: sg-fw

** Changed in: neutron
     Assignee: (unassigned) => Zhangqi Chen (chenzhangqi79)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1489690

Title:
  neutron-openvswitch-agent leak sg iptables rules

Status in neutron:
  New

Bug description:
  In function 'treat_devices_added_or_updated', port not exist at 'br-int' will be added into 'skipped_devices', and return to parent function 'process_network_ports', and 'process_network_ports' will remove these ports from port_info['current'].
  If a port updated due to 'sg_member', and the port deleted just in function 'treat_devices_added_or_updated', so the port aded into 'skipped_devices', then it removed from port_info['current']. When next 'scan_port', the port not in 'registered_ports', so it not added into port_info['removed'], it's chains and rules will never been removed. These waste chains and rules stay in iptables util ovs-agent restart or compute node restart.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1489690/+subscriptions

Follow ups

  Thread PreviousDate PreviousThread Next