← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #56493

[Bug 1618879] Re: iptables rule always be thrashed when update a little rule

  Thread PreviousDate PreviousThread Next 
Reviewed:  https://review.openstack.org/364019
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=5b7c71a327d735134fa0eeb4427d0e1bd1f7d1e5
Submitter: Jenkins
Branch:    master

commit 5b7c71a327d735134fa0eeb4427d0e1bd1f7d1e5
Author: gaozhengwei <gaozhengwei1@xxxxxxxx>
Date:   Wed Aug 31 23:11:10 2016 +0800

    Preventing iptables rule to be thrashed
    
    When update meter label or rule, iptables_manager will update iptables
    rule in router's namespace. In order to, it will clean traffic counter
    number collected in interval time, the other iptables always trashing
    that will clean old iptalbes rule and generate new same significance
    iptables rule.
    
    Change-Id: Ide2b26c98587258175234acded38ce481b7e7f76
    Closes-Bug: #1618879


** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1618879

Title:
  iptables rule always be thrashed when update a little rule

Status in neutron:
  Fix Released
Status in OpenStack Security Advisory:
  Incomplete

Bug description:
  When update meter label or rule, iptables_manager will update iptables
  rule in router's namespace. In order to, it will clean traffic counter
  number collected in interval time, the other iptables always trashing
  that will clean old iptalbes rule and generate new same significance
  iptables rule.

  the example from update meter label:
   
  Generated by iptables_manager
  *filter
  :neutron-meter-neutron-met - [0:0]
  :neutron-meter-r-00599199-632 - [0:0]
  -I FORWARD 2 -j neutron-meter-FORWARD
  -D FORWARD 4
  -I INPUT 1 -j neutron-meter-INPUT
  -D INPUT 3
  -I OUTPUT 2 -j neutron-meter-OUTPUT
  -D OUTPUT 4
  -I neutron-filter-top 1 -j neutron-meter-local
  -D neutron-filter-top 3
  -D neutron-meter-l-00e4e019-099 1
  -I neutron-meter-l-00e4e019-099 1
  -D neutron-meter-l-01e4e019-099 1
  -I neutron-meter-l-01e4e019-099 1
  -I neutron-meter-r-00599199-632 1 -i qg-f0732f6f-8e -d 192.168.10.0/24 -j neutron-meter-l-00599199-632
  COMMIT
  # Completed by iptables_manager
  # Generated by iptables_manager
  *raw
  -I OUTPUT 1 -j neutron-meter-OUTPUT
  -D OUTPUT 3
  -I PREROUTING 1 -j neutron-meter-PREROUTING
  -D PREROUTING 3
  COMMIT
  # Completed by iptables_manager

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1618879/+subscriptions
  Thread PreviousDate PreviousThread Next