← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #83265

[Bug 1887281] [NEW] [linuxbridge] ebtables delete arp protect chain fails

  Thread PreviousDate PreviousThread Next 
Public bug reported:

After stopping or deleting an instance the linuxbridge-agent tries to
clean up the ARP protect firewall rules and fails with

```
 neutron_lib.exceptions.ProcessExecutionError: Exit code: 4; Stdin: ; Stdout: ; Stderr: ebtables v1.8.4 (nf_tables):  CHAIN_USER_DEL failed (Device or resource busy): chain neutronARP-tapc6f37d57-46
```

Flushing the chain with `ebtables -L chain` before deleting it, seems to
solve the problem. Same for the neutronMAC-tapc6f37d57-46 chain.
There're two rules which aren't removed before the agent tries to delete
the chain:

```
Bridge chain: neutronMAC-tapc6f37d57-46, entries: 1, policy: DROP
-i tapc6f37d57-46 --among-src fa:16:3e:f1:de:e -j RETURN
Bridge chain: neutronARP-tapc6f37d57-46, entries: 1, policy: RETURN
-p ARP --arp-ip-src 192.168.1.148 -j ACCEPT
```

OpenStack Version: ussuri
Linux distro: CentOS 8

** Affects: neutron
     Importance: Undecided
         Status: New


** Tags: linuxbridge

** Tags added: linuxbridge

** Summary changed:

- ebtables delete arp protect chain failes
+ [linuxbridge] ebtables delete arp protect chain failes

** Summary changed:

- [linuxbridge] ebtables delete arp protect chain failes
+ [linuxbridge] ebtables delete arp protect chain fails

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1887281

Title:
  [linuxbridge] ebtables delete arp protect chain fails

Status in neutron:
  New

Bug description:
  After stopping or deleting an instance the linuxbridge-agent tries to
  clean up the ARP protect firewall rules and fails with

  ```
   neutron_lib.exceptions.ProcessExecutionError: Exit code: 4; Stdin: ; Stdout: ; Stderr: ebtables v1.8.4 (nf_tables):  CHAIN_USER_DEL failed (Device or resource busy): chain neutronARP-tapc6f37d57-46
  ```

  Flushing the chain with `ebtables -L chain` before deleting it, seems
  to solve the problem. Same for the neutronMAC-tapc6f37d57-46 chain.
  There're two rules which aren't removed before the agent tries to
  delete the chain:

  ```
  Bridge chain: neutronMAC-tapc6f37d57-46, entries: 1, policy: DROP
  -i tapc6f37d57-46 --among-src fa:16:3e:f1:de:e -j RETURN
  Bridge chain: neutronARP-tapc6f37d57-46, entries: 1, policy: RETURN
  -p ARP --arp-ip-src 192.168.1.148 -j ACCEPT
  ```

  OpenStack Version: ussuri
  Linux distro: CentOS 8

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1887281/+subscriptions

Follow ups

  Thread PreviousDate PreviousThread Next