yahoo-eng-team team mailing list archive

Thread
Date
[Bug 1622938] [NEW] generating duplicate LLA iptables rules

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Kevin Benton <1622938@xxxxxxxxxxxxxxxxxx>
Date: Tue, 13 Sep 2016 09:10:33 -0000
Reply-to: Bug 1622938 <1622938@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
Public bug reported:

Spotted in gate. Looks like we are generating duplicate iptables rules
for LLA v6 entries.

2016-09-13 08:10:15.769 13401 WARNING neutron.agent.linux.iptables_manager [req-4534b4a3-484e-4fc5-8b44-0e91d70feb88 - -] Duplicate iptables rule detected. This may indicate a bug in the the iptables rule generation code. Line: -A neutron-linuxbri-sa16bbb04-2 -s fe80::f816:3eff:fecd:f5b1/128 -m mac --mac-source FA:16:3E:CD:F5:B1 -m comment --comment "Allow traffic from defined IP/MAC pairs." -j RETURN
2016-09-13 08:10:41.844 13401 WARNING neutron.agent.linux.iptables_manager [req-4534b4a3-484e-4fc5-8b44-0e91d70feb88 - -] Duplicate iptables rule detected. This may indicate a bug in the the iptables rule generation code. Line: -A neutron-linuxbri-sd39667db-b -s fe80::f816:3eff:fe30:7756/128 -m mac --mac-source FA:16:3E:30:77:56 -m comment --comment "Allow traffic from defined IP/MAC pairs." -j RETURN
2016-09-13 08:10:41.844 13401 WARNING neutron.agent.linux.iptables_manager [req-4534b4a3-484e-4fc5-8b44-0e91d70feb88 - -] Duplicate iptables rule detected. This may indicate a bug in the the iptables rule generation code. Line: -A neutron-linuxbri-sa16bbb04-2 -s fe80::f816:3eff:fecd:f5b1/128 -m mac --mac-source FA:16:3E:CD:F5:B1 -m comment --comment "Allow traffic from defined IP/MAC pairs." -j RETURN
2016-09-13 08:10:55.708 13401 WARNING neutron.agent.linux.iptables_manager [req-4534b4a3-484e-4fc5-8b44-0e91d70feb88 - -] Duplicate iptables rule detected. This may indicate a bug in the the iptables rule generation code. Line: -A neutron-linuxbri-sd39667db-b -s fe80::f816:3eff:fe30:7756/128 -m mac --mac-source FA:16:3E:30:77:56 -m comment --comment "Allow traffic from defined IP/MAC pairs." -j RETURN
2016-09-13 08:10:55.708 13401 WARNING neutron.agent.linux.iptables_manager [req-4534b4a3-484e-4fc5-8b44-0e91d70feb88 - -] Duplicate iptables rule detected. This may indicate a bug in the the iptables rule generation code. Line: -A neutron-linuxbri-sa16bbb04-2 -s fe80::f816:3eff:fecd:f5b1/128 -m mac --mac-source FA:16:3E:CD:F5:B1 -m comment --comment "Allow traffic from defined IP/MAC pairs." -j RETURN
2016-09-13 08:10:55.798 13401 WARNING neutron.agent.linux.iptables_manager [req-4534b4a3-484e-4fc5-8b44-0e91d70feb88 - -] Duplicate iptables rule detected. This may indicate a bug in the the iptables rule generation code. Line: -A neutron-linuxbri-sd39667db-b -s fe80::f816:3eff:fe30:7756/128 -m mac --mac-source FA:16:3E:30:77:56 -m comment --comment "Allow traffic from defined IP/MAC pairs." -j RETURN
2016-09-13 08:10:55.798 13401 WARNING neutron.agent.linux.iptables_manager [req-4534b4a3-484e-4fc5-8b44-0e91d70feb88 - -] Duplicate iptables rule detected. This may indicate a bug in the the iptables rule generation code. Line: -A neutron-linuxbri-sa16bbb04-2 -s fe80::f816:3eff:fecd:f5b1/128 -m mac --mac-source FA:16:3E:CD:F5:B1 -m comment --comment "Allow traffic from defined IP/MAC pairs." -j RETURN
2016-09-13 08:10:59.713 13401 WARNING neutron.agent.linux.iptables_manager [req-4534b4a3-484e-4fc5-8b44-0e91d70feb88 - -] Duplicate iptables rule detected. This may indicate a bug in the the iptables rule generation code. Line: -A neutron-linuxbri-sd39667db-b -s fe80::f816:3eff:fe30:7756/128 -m mac --mac-source FA:16:3E:30:77:56 -m comment --comment "Allow traffic from defined IP/MAC pairs." -j RETURN
2016-09-13 08:10:59.713 13401 WARNING neutron.agent.linux.iptables_manager [req-4534b4a3-484e-4fc5-8b44-0e91d70feb88 - -] Duplicate iptables rule detected. This may indicate a bug in the the iptables rule generation code. Line: -A neutron-linuxbri-sa16bbb04-2 -s fe80::f816:3eff:fecd:f5b1/128 -m mac --mac-source FA:16:3E:CD:F5:B1 -m comment --comment "Allow traffic from defined IP/MAC pairs." -j RETURN
2016-09-13 08:11:03.825 13401 WARNING neutron.agent.linux.iptables_manager [req-4534b4a3-484e-4fc5-8b44-0e91d70feb88 - -] Duplicate iptables rule detected. This may indicate a bug in the the iptables rule generation code. Line: -A neutron-linuxbri-sd39667db-b -s fe80::f816:3eff:fe30:7756/128 -m mac --mac-source FA:16:3E:30:77:56 -m comment --comment "Allow traffic from defined IP/MAC pairs." -j RETURN
2016-09-13 08:11:03.825 13401 WARNING neutron.agent.linux.iptables_manager [req-4534b4a3-484e-4fc5-8b44-0e91d70feb88 - -] Duplicate iptables rule detected. This may indicate a bug in the the iptables rule generation code. Line: -A neutron-linuxbri-sa16bbb04-2 -s fe80::f816:3eff:fecd:f5b1/128 -m mac --mac-source FA:16:3E:CD:F5:B1 -m comment --comment "Allow traffic from defined IP/MAC pairs." -j RETURN
2016-09-13 08:11:09.679 13401 WARNING neutron.agent.linux.iptables_manager [req-4534b4a3-484e-4fc5-8b44-0e91d70feb88 - -] Duplicate iptables rule detected. This may indicate a bug in the the iptables rule generation code. Line: -A neutron-linuxbri-sa16bbb04-2 -s fe80::f816:3eff:fecd:f5b1/128 -m mac --mac-source FA:16:3E:CD:F5:B1 -m comment --comment "Allow traffic from defined IP/MAC pairs." -j RETURN

** Affects: neutron
     Importance: Medium
     Assignee: Kevin Benton (kevinbenton)
         Status: In Progress

** Changed in: neutron
     Assignee: (unassigned) => Kevin Benton (kevinbenton)

** Changed in: neutron
    Milestone: None => newton-rc1

** Changed in: neutron
   Importance: Undecided => Medium

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1622938

Title:
  generating duplicate LLA iptables rules

Status in neutron:
  In Progress

Bug description:
  Spotted in gate. Looks like we are generating duplicate iptables rules
  for LLA v6 entries.

  2016-09-13 08:10:15.769 13401 WARNING neutron.agent.linux.iptables_manager [req-4534b4a3-484e-4fc5-8b44-0e91d70feb88 - -] Duplicate iptables rule detected. This may indicate a bug in the the iptables rule generation code. Line: -A neutron-linuxbri-sa16bbb04-2 -s fe80::f816:3eff:fecd:f5b1/128 -m mac --mac-source FA:16:3E:CD:F5:B1 -m comment --comment "Allow traffic from defined IP/MAC pairs." -j RETURN
  2016-09-13 08:10:41.844 13401 WARNING neutron.agent.linux.iptables_manager [req-4534b4a3-484e-4fc5-8b44-0e91d70feb88 - -] Duplicate iptables rule detected. This may indicate a bug in the the iptables rule generation code. Line: -A neutron-linuxbri-sd39667db-b -s fe80::f816:3eff:fe30:7756/128 -m mac --mac-source FA:16:3E:30:77:56 -m comment --comment "Allow traffic from defined IP/MAC pairs." -j RETURN
  2016-09-13 08:10:41.844 13401 WARNING neutron.agent.linux.iptables_manager [req-4534b4a3-484e-4fc5-8b44-0e91d70feb88 - -] Duplicate iptables rule detected. This may indicate a bug in the the iptables rule generation code. Line: -A neutron-linuxbri-sa16bbb04-2 -s fe80::f816:3eff:fecd:f5b1/128 -m mac --mac-source FA:16:3E:CD:F5:B1 -m comment --comment "Allow traffic from defined IP/MAC pairs." -j RETURN
  2016-09-13 08:10:55.708 13401 WARNING neutron.agent.linux.iptables_manager [req-4534b4a3-484e-4fc5-8b44-0e91d70feb88 - -] Duplicate iptables rule detected. This may indicate a bug in the the iptables rule generation code. Line: -A neutron-linuxbri-sd39667db-b -s fe80::f816:3eff:fe30:7756/128 -m mac --mac-source FA:16:3E:30:77:56 -m comment --comment "Allow traffic from defined IP/MAC pairs." -j RETURN
  2016-09-13 08:10:55.708 13401 WARNING neutron.agent.linux.iptables_manager [req-4534b4a3-484e-4fc5-8b44-0e91d70feb88 - -] Duplicate iptables rule detected. This may indicate a bug in the the iptables rule generation code. Line: -A neutron-linuxbri-sa16bbb04-2 -s fe80::f816:3eff:fecd:f5b1/128 -m mac --mac-source FA:16:3E:CD:F5:B1 -m comment --comment "Allow traffic from defined IP/MAC pairs." -j RETURN
  2016-09-13 08:10:55.798 13401 WARNING neutron.agent.linux.iptables_manager [req-4534b4a3-484e-4fc5-8b44-0e91d70feb88 - -] Duplicate iptables rule detected. This may indicate a bug in the the iptables rule generation code. Line: -A neutron-linuxbri-sd39667db-b -s fe80::f816:3eff:fe30:7756/128 -m mac --mac-source FA:16:3E:30:77:56 -m comment --comment "Allow traffic from defined IP/MAC pairs." -j RETURN
  2016-09-13 08:10:55.798 13401 WARNING neutron.agent.linux.iptables_manager [req-4534b4a3-484e-4fc5-8b44-0e91d70feb88 - -] Duplicate iptables rule detected. This may indicate a bug in the the iptables rule generation code. Line: -A neutron-linuxbri-sa16bbb04-2 -s fe80::f816:3eff:fecd:f5b1/128 -m mac --mac-source FA:16:3E:CD:F5:B1 -m comment --comment "Allow traffic from defined IP/MAC pairs." -j RETURN
  2016-09-13 08:10:59.713 13401 WARNING neutron.agent.linux.iptables_manager [req-4534b4a3-484e-4fc5-8b44-0e91d70feb88 - -] Duplicate iptables rule detected. This may indicate a bug in the the iptables rule generation code. Line: -A neutron-linuxbri-sd39667db-b -s fe80::f816:3eff:fe30:7756/128 -m mac --mac-source FA:16:3E:30:77:56 -m comment --comment "Allow traffic from defined IP/MAC pairs." -j RETURN
  2016-09-13 08:10:59.713 13401 WARNING neutron.agent.linux.iptables_manager [req-4534b4a3-484e-4fc5-8b44-0e91d70feb88 - -] Duplicate iptables rule detected. This may indicate a bug in the the iptables rule generation code. Line: -A neutron-linuxbri-sa16bbb04-2 -s fe80::f816:3eff:fecd:f5b1/128 -m mac --mac-source FA:16:3E:CD:F5:B1 -m comment --comment "Allow traffic from defined IP/MAC pairs." -j RETURN
  2016-09-13 08:11:03.825 13401 WARNING neutron.agent.linux.iptables_manager [req-4534b4a3-484e-4fc5-8b44-0e91d70feb88 - -] Duplicate iptables rule detected. This may indicate a bug in the the iptables rule generation code. Line: -A neutron-linuxbri-sd39667db-b -s fe80::f816:3eff:fe30:7756/128 -m mac --mac-source FA:16:3E:30:77:56 -m comment --comment "Allow traffic from defined IP/MAC pairs." -j RETURN
  2016-09-13 08:11:03.825 13401 WARNING neutron.agent.linux.iptables_manager [req-4534b4a3-484e-4fc5-8b44-0e91d70feb88 - -] Duplicate iptables rule detected. This may indicate a bug in the the iptables rule generation code. Line: -A neutron-linuxbri-sa16bbb04-2 -s fe80::f816:3eff:fecd:f5b1/128 -m mac --mac-source FA:16:3E:CD:F5:B1 -m comment --comment "Allow traffic from defined IP/MAC pairs." -j RETURN
  2016-09-13 08:11:09.679 13401 WARNING neutron.agent.linux.iptables_manager [req-4534b4a3-484e-4fc5-8b44-0e91d70feb88 - -] Duplicate iptables rule detected. This may indicate a bug in the the iptables rule generation code. Line: -A neutron-linuxbri-sa16bbb04-2 -s fe80::f816:3eff:fecd:f5b1/128 -m mac --mac-source FA:16:3E:CD:F5:B1 -m comment --comment "Allow traffic from defined IP/MAC pairs." -j RETURN

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1622938/+subscriptions
Follow ups

[Bug 1622938] Re: generating duplicate LLA iptables rules
From: OpenStack Infra, 2016-09-14