← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #80125

[Bug 1845145] [NEW] [L3] add abilitiy for iptables_manager to ensure rule was added only once

  Thread PreviousDate PreviousThread Next 
Public bug reported:

iptables_manager should have abilitiy to ensure rule was added only
once. In function [1], it just adds the new rule to the cache list no
matter if it is duplicated. And finally, warning LOG [2] will be raised.
Sometimes, there will have multiple threads to add rule for one same
resource, it may be not easy for users to ensure that their rule
generation code was run as expected. So rule will be duplicated in
cache. And during the removal procedure, cache has duplicated rules,
remove one then there still has same rule remained. As a result, the
linux netfilter rule may have nothing changed after user's removal
action.

[1] https://github.com/openstack/neutron/blob/master/neutron/agent/linux/iptables_manager.py#L205-L225
[2] https://github.com/openstack/neutron/blob/master/neutron/agent/linux/iptables_manager.py#L718-L725

** Affects: neutron
     Importance: High
     Assignee: LIU Yulong (dragon889)
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1845145

Title:
  [L3] add abilitiy for iptables_manager to ensure rule was added only
  once

Status in neutron:
  New

Bug description:
  iptables_manager should have abilitiy to ensure rule was added only
  once. In function [1], it just adds the new rule to the cache list no
  matter if it is duplicated. And finally, warning LOG [2] will be
  raised. Sometimes, there will have multiple threads to add rule for
  one same resource, it may be not easy for users to ensure that their
  rule generation code was run as expected. So rule will be duplicated
  in cache. And during the removal procedure, cache has duplicated
  rules, remove one then there still has same rule remained. As a
  result, the linux netfilter rule may have nothing changed after user's
  removal action.

  [1] https://github.com/openstack/neutron/blob/master/neutron/agent/linux/iptables_manager.py#L205-L225
  [2] https://github.com/openstack/neutron/blob/master/neutron/agent/linux/iptables_manager.py#L718-L725

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1845145/+subscriptions

Follow ups

  Thread PreviousDate PreviousThread Next