yahoo-eng-team team mailing list archive

[Kevin Benton <1502917@xxxxxxxxxxxxxxxxxx>]

Public bug reported:

We currently generate single host rules as just the IP address and /0
rules for any address (for source and destination matching criteria).
This is compatible with the input of iptables but it's not the way the
rules are represented by iptables when they come back.

Iptables eliminates the /0 rules completely because they aren't a
filtering criteria and it converts single IPs into /32 or /128 depending
on IP version.

We need to generate the rules in the same fashion so the counter
matching code can find them and not destroy the counters on every
update.

** Affects: neutron
     Importance: Undecided
     Assignee: Kevin Benton (kevinbenton)
         Status: New

** Changed in: neutron
     Assignee: (unassigned) => Kevin Benton (kevinbenton)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1502917

Title:
  iptables rule generation doesn't match prefixes of /0, /32 and /128
  correctly

Status in neutron:
  New

Bug description:
  We currently generate single host rules as just the IP address and /0
  rules for any address (for source and destination matching criteria).
  This is compatible with the input of iptables but it's not the way the
  rules are represented by iptables when they come back.

  Iptables eliminates the /0 rules completely because they aren't a
  filtering criteria and it converts single IPs into /32 or /128
  depending on IP version.

  We need to generate the rules in the same fashion so the counter
  matching code can find them and not destroy the counters on every
  update.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1502917/+subscriptions