← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #66384

[Bug 1708465] [NEW] Neutron duplicated provider rule for ICMPv6 Router Advertisements

  Thread PreviousDate PreviousThread Next 
Public bug reported:

Change https://review.openstack.org/#/c/432506/ introduced new way of
providing provider rules to sg agent. ICMPv6 RA rule generation has been
moved to neutron/db/securitygroups_rpc_base.py, but its not removed from
neutron/agent/linux/iptables_firewall.py.

In result each time we update SG rule in neutron logs there is a warning
about rules duplication:

2017-08-03 10:41:12.873 28184 WARNING
neutron.agent.linux.iptables_manager [-] Duplicate iptables rule
detected. This may indicate a bug in the the iptables rule generation
code. Line: -A neutron-openvswi-PREROUTING -i gwbf6069f7-2cc -j CT


=== How to reproduce ===
1. Spawn devstack.
2. Boot VM
3. Add new rule to SG which this VM uses.
4. Observe neutron-openvswitch-agent logs.


=== Environment ===
Upstream master devstack.

** Affects: neutron
     Importance: Undecided
     Assignee: Maciej Jozefczyk (maciej.jozefczyk)
         Status: New

** Changed in: neutron
     Assignee: (unassigned) => Maciej Jozefczyk (maciej.jozefczyk)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1708465

Title:
  Neutron duplicated provider rule for ICMPv6 Router Advertisements

Status in neutron:
  New

Bug description:
  Change https://review.openstack.org/#/c/432506/ introduced new way of
  providing provider rules to sg agent. ICMPv6 RA rule generation has
  been moved to neutron/db/securitygroups_rpc_base.py, but its not
  removed from neutron/agent/linux/iptables_firewall.py.

  In result each time we update SG rule in neutron logs there is a
  warning about rules duplication:

  2017-08-03 10:41:12.873 28184 WARNING
  neutron.agent.linux.iptables_manager [-] Duplicate iptables rule
  detected. This may indicate a bug in the the iptables rule generation
  code. Line: -A neutron-openvswi-PREROUTING -i gwbf6069f7-2cc -j CT

  
  === How to reproduce ===
  1. Spawn devstack.
  2. Boot VM
  3. Add new rule to SG which this VM uses.
  4. Observe neutron-openvswitch-agent logs.

  
  === Environment ===
  Upstream master devstack.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1708465/+subscriptions

Follow ups

  Thread PreviousDate PreviousThread Next