yahoo-eng-team team mailing list archive

[OpenStack Infra <1880691@xxxxxxxxxxxxxxxxxx>]

Reviewed:  https://review.opendev.org/730793
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=d8eac6fa50f237b94739522bc527a7a5ca93c328
Submitter: Zuul
Branch:    master

commit d8eac6fa50f237b94739522bc527a7a5ca93c328
Author: Slawek Kaplonski <skaplons@xxxxxxxxxx>
Date:   Tue May 26 14:58:52 2020 +0200

    Fix iptables rules comments
    
    In case when value of port['device'] don't starts with "tap_",
    in comments to the conntrack or stateless rules in the iptables there
    should be full port['device'] written. It will make things easier to
    debug for the operators e.g. when using iptables_hybrid driver.
    
    Change-Id: I427321fbb87865931b2b28abf7687d37e8d01a53
    Closes-bug: #1880691


** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1880691

Title:
  Comments for stateles security group are missleading

Status in neutron:
  Fix Released

Bug description:
  Currently comments looks like:

  [14:53:46] vagrant@devstack-ubuntu-ovs:~/python-openstackclient$ sudo iptables-save | grep notrack
  -A neutron-openvswi-PREROUTING -m physdev --physdev-in qvb2bcf6ca7-86 -m comment --comment "Make 6ca7-8611-486e-8bbb-05141fa62f57 stateless" -j CT --notrack
  -A neutron-openvswi-PREROUTING -i qvb2bcf6ca7-86 -m comment --comment "Make 6ca7-8611-486e-8bbb-05141fa62f57 stateless" -j CT --notrack
  -A neutron-openvswi-PREROUTING -m physdev --physdev-in tap2bcf6ca7-86 -m comment --comment "Make 6ca7-8611-486e-8bbb-05141fa62f57 stateless" -j CT --notrack

  which is wrong as first 4 chars are dropped. That may be confusing for
  operator in debugging.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1880691/+subscriptions