yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #88803
[Bug 1869121] Re: [FWaaS] Can't add rule with destination_port large than source_port
Reviewed: https://review.opendev.org/c/openstack/neutron-fwaas/+/715117
Committed: https://opendev.org/openstack/neutron-fwaas/commit/147116b7b1ce20d3db9162702364028d3227de45
Submitter: "Zuul (22348)"
Branch: master
commit 147116b7b1ce20d3db9162702364028d3227de45
Author: Nguyen Thanh Cong <ntcong1705@xxxxxxxxx>
Date: Thu Mar 26 10:35:19 2020 +0700
Fix error when apply rule with dst port large than src port
When apply firewall group to a port with rule have dest port large than
source port, neutron-openvswitch-agent raise error 'port_max' is smaller
than 'port_min'. It because key 'port_range_max' is assigned by
source_port_range_max. Fix hard code 'port_range_max' to key_max.
Change-Id: I32d9efd857932547a13d275b8a4f294e03fe7535
Closes-Bug: #1869121
** Changed in: neutron
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1869121
Title:
[FWaaS] Can't add rule with destination_port large than source_port
Status in neutron:
Fix Released
Bug description:
When i create a rule with destination port large than source_port and
apply it to a port, neutron-openvswitch-agent get error.
Reproduce:
1. Create Rule with destination port > source_port
openstack firewall group rule create --protocol tcp --action allow --source-ip-address 192.168.58.139 --destination-ip-address 192.168.57.108 --source-port 5000 --destination-port 5500 --name test2
2. Apply it to firewall group policy
openstack firewall group policy set --firewall-rule test-2 fw-gr-policy-test
3. Apply firewall group policy to firewall group (ingress or egress
same)
openstack firewall group set --ingress-firewall-policy fw-gr-policy-test fw-gr-test
4. Apply fw group to a port
openstack firewall group set --port port-test fw-gr-test
5. Check log neutron-openvswitch-agent on node port reside
2020-03-26 10:18:34.882 3365 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent [req-86194ab1-4f71-4c5d-9c2c-bbb9d92599d8 - - - - -] Error while process[3015/90399]
s: ValueError: 'port_max' is smaller than 'port_min' 2020-03-26 10:18:34.882 3365 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent Traceback (most recent call last):
2020-03-26 10:18:34.882 3365 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent File "/usr/lib/python3/dist-packages/neutron/plugins/ml2/drivers/openvswitch/agent/ovs_neutron_agent.py", line 2545, in rpc_loop
2020-03-26 10:18:34.882 3365 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent port_info, provisioning_needed) 2020-03-26 10:18:34.882 3365 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent File "/usr/lib/python3/dist-packages/neutron/plugins/ml2/drivers/openvswitch/agent
/ovs_neutron_agent.py", line 1998, in process_network_ports 2020-03-26 10:18:34.882 3365 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent devices_added_updated, provisioning_needed))
2020-03-26 10:18:34.882 3365 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent File "/usr/lib/python3/dist-packages/neutron/plugins/ml2/drivers/openvswitch/agent/ovs_neutron_agent.py", line 1885, in treat_devices_added_or_updated
2020-03-26 10:18:34.882 3365 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent self.ext_manager.handle_port(self.context, details) 2020-03-26 10:18:34.882 3365 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent File "/usr/lib/python3/dist-packages/neutron/agent/l2/l2_agent_extensions_manager.
py", line 42, in handle_port 2020-03-26 10:18:34.882 3365 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent extension.obj.handle_port(context, data)
2020-03-26 10:18:34.882 3365 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent File "/usr/lib/python3/dist-packages/oslo_concurrency/lockutils.py", line 328, in inner
2020-03-26 10:18:34.882 3365 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent return f(*args, **kwargs) 2020-03-26 10:18:34.882 3365 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent File "/usr/local/lib/python3.6/dist-packages/neutron_fwaas/services/firewall/servi
ce_drivers/agents/l2/fwaas_v2.py", line 361, in handle_port 2020-03-26 10:18:34.882 3365 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent ret = self._apply_fwg_rules(fwg, [port])
2020-03-26 10:18:34.882 3365 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent File "/usr/local/lib/python3.6/dist-packages/neutron_fwaas/services/firewall/service_drivers/agents/l2/fwaas_v2.py", line 218, in _apply_fwg_rules
2020-03-26 10:18:34.882 3365 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent self.driver.update_firewall_group(ports_for_driver, fwg) 2020-03-26 10:18:34.882 3365 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent File "/usr/local/lib/python3.6/dist-packages/neutron_fwaas/services/firewall/servi
ce_drivers/agents/drivers/linux/l2/openvswitch_firewall/firewall.py", line 1016, in update_firewall_group 2020-03-26 10:18:34.882 3365 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent self.create_firewall_group(ports_for_fwg, firewall_group)
2020-03-26 10:18:34.882 3365 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent File "/usr/local/lib/python3.6/dist-packages/neutron_fwaas/services/firewall/service_drivers/agents/drivers/linux/l2/openvswitch_firewall/firewall.py", line 1013, in create_firewall_group
2020-03-26 10:18:34.882 3365 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent self.update_port_filter(port) 2020-03-26 10:18:34.882 3365 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent File "/usr/local/lib/python3.6/dist-packages/neutron_fwaas/services/firewall/servi
ce_drivers/agents/drivers/linux/l2/openvswitch_firewall/firewall.py", line 396, in update_port_filter 2020-03-26 10:18:34.882 3365 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent self.add_flows_from_rules(of_port)
2020-03-26 10:18:34.882 3365 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent File "/usr/local/lib/python3.6/dist-packages/neutron_fwaas/services/firewall/service_drivers/agents/drivers/linux/l2/openvswitch_firewall/firewall.py", line 924, in add_flows_from_rules
2020-03-26 10:18:34.882 3365 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent flows = rules.create_flows_from_rule_and_port(rule, port) 2020-03-26 10:18:34.882 3365 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent File "/usr/local/lib/python3.6/dist-packages/neutron_fwaas/services/firewall/servi
ce_drivers/agents/drivers/linux/l2/openvswitch_firewall/rules.py", line 80, in create_flows_from_rule_and_port 2020-03-26 10:18:34.882 3365 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent flows = create_protocol_flows(direction, flow_template, port, rule)
2020-03-26 10:18:34.882 3365 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent File "/usr/local/lib/python3.6/dist-packages/neutron_fwaas/services/firewall/servi
ce_drivers/agents/drivers/linux/l2/openvswitch_firewall/rules.py", line 113, in create_protocol_flows
2020-03-26 10:18:34.882 3365 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent flows = create_port_range_flows(flow_template, rule)
2020-03-26 10:18:34.882 3365 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent File "/usr/local/lib/python3.6/dist-packages/neutron_fwaas/services/firewall/servi
ce_drivers/agents/drivers/linux/l2/openvswitch_firewall/rules.py", line 140, in create_port_range_flows
2020-03-26 10:18:34.882 3365 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent dst_port_range = utils.port_rule_masking(dst_port_min, dst_port_max)
2020-03-26 10:18:34.882 3365 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent File "/usr/lib/python3/dist-packages/neutron/common/utils.py", line 568, in port_r
ule_masking
2020-03-26 10:18:34.882 3365 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent raise ValueError(_("'port_max' is smaller than 'port_min'"))
2020-03-26 10:18:34.882 3365 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent ValueError: 'port_max' is smaller than 'port_min'
2020-03-26 10:18:34.882 3365 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1869121/+subscriptions
References