yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #92972
[Bug 2038541] Re: LinuxBridgeARPSpoofTestCase functional tests fails with latest jammy kernel 5.15.0-86.96
Reviewed: https://review.opendev.org/c/openstack/neutron/+/898729
Committed: https://opendev.org/openstack/neutron/commit/1879d925330af5598a105a8893ab6cfda9dc37e6
Submitter: "Zuul (22348)"
Branch: master
commit 1879d925330af5598a105a8893ab6cfda9dc37e6
Author: Rodolfo Alonso Hernandez <ralonsoh@xxxxxxxxxx>
Date: Mon Oct 16 00:09:50 2023 +0000
"ebtables-nft" MAC rule deletion failing
"ebtables-nft" is failing to delete the rule filtering by MAC address:
Bridge chain: neutronMAC-test-veth024379, entries: 2, policy: DROP
-i test-veth024379 --among-src fa:16:3e:47:87:0 -j RETURN
-j DROP
A workaround for this issue, that works with both "ebtables-nft" and
"ebtables-legacy", is to flush the table and recreate the DROP rule.
The MAC spoofing tables have two rules: the one filtering by MAC address
and the default DROP rule. This workaround has the same effect as just
deleting the filtering rule.
Closes-Bug: #2038541
Change-Id: I38bd016c35d7a76d88c6eceec797d1cea84c45d1
** Changed in: neutron
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2038541
Title:
LinuxBridgeARPSpoofTestCase functional tests fails with latest jammy
kernel 5.15.0-86.96
Status in neutron:
Fix Released
Bug description:
Tests fails while running ebtables(['-D', chain] + rule.split()) with:-
2023-10-05 12:09:19.307 41358 ERROR neutron.agent.linux.utils [None req-defd197a-c4e2-4761-a4cc-cc960a3ff71a - - - - - -] Exit code: 4; Cmd: ['ip', 'netns', 'exec', 'test-b58b5cf9-5018-4801-aacb-8b00fae3fe37', 'ebtables', '-t', 'nat', '--concurrent', '-D', 'neutronMAC-test-veth09e6dc', '-i', 'test-veth09e6dc', '--among-src', 'fa:16:3e:ac:fd:b6', '-j', 'RETURN']; Stdin: ; Stdout: ; Stderr: ebtables v1.8.7 (nf_tables): RULE_DELETE failed (Invalid argument): rule in chain neutronMAC-test-veth09e6dc
2023-10-05 12:09:29.576 41358 ERROR neutron.agent.linux.utils [None
req-defd197a-c4e2-4761-a4cc-cc960a3ff71a - - - - - -] Exit code: 4;
Cmd: ['ip', 'netns', 'exec',
'test-b58b5cf9-5018-4801-aacb-8b00fae3fe37', 'ebtables', '-t', 'nat',
'--concurrent', '-D', 'neutronMAC-test-veth09e6dc', '-i', 'test-
veth09e6dc', '--among-src', 'fa:16:3e:ac:fd:b6', '-j', 'RETURN'];
Stdin: ; Stdout: ; Stderr: ebtables v1.8.7 (nf_tables): RULE_DELETE
failed (Invalid argument): rule in chain neutronMAC-test-veth09e6dc
2023-10-05 12:09:50.099 41358 ERROR neutron.agent.linux.utils [None
req-defd197a-c4e2-4761-a4cc-cc960a3ff71a - - - - - -] Exit code: 4;
Cmd: ['ip', 'netns', 'exec',
'test-b58b5cf9-5018-4801-aacb-8b00fae3fe37', 'ebtables', '-t', 'nat',
'--concurrent', '-D', 'neutronMAC-test-veth09e6dc', '-i', 'test-
veth09e6dc', '--among-src', 'fa:16:3e:ac:fd:b6', '-j', 'RETURN'];
Stdin: ; Stdout: ; Stderr: ebtables v1.8.7 (nf_tables): RULE_DELETE
failed (Invalid argument): rule in chain neutronMAC-test-veth09e6dc
The new kernel includes below changes which have triggered this, described in https://launchpad.net/ubuntu/+source/linux/5.15.0-86.96:-
- netfilter: nf_tables: disallow element updates of bound anonymous sets
- netfilter: nf_tables: reject unbound anonymous set before commit phase
- netfilter: nf_tables: reject unbound chain set before commit phase
- netfilter: nf_tables: disallow updates of anonymous sets
Following two test fails:-
- test_arp_protection_update
- test_arp_fails_incorrect_mac_protection
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2038541/+subscriptions
References
