Reviewed: https://review.opendev.org/c/openstack/neutron-fwaas/+/715117 Committed: https://opendev.org/openstack/neutron-fwaas/commit/147116b7b1ce20d3db9162702364028d3227de45 Submitter: "Zuul (22348)" Branch: master
commit 147116b7b1ce20d3db9162702364028d3227de45 Author: Nguyen Thanh Cong <[email protected]> Date: Thu Mar 26 10:35:19 2020 +0700 Fix error when apply rule with dst port large than src port When apply firewall group to a port with rule have dest port large than source port, neutron-openvswitch-agent raise error 'port_max' is smaller than 'port_min'. It because key 'port_range_max' is assigned by source_port_range_max. Fix hard code 'port_range_max' to key_max. Change-Id: I32d9efd857932547a13d275b8a4f294e03fe7535 Closes-Bug: #1869121 ** Changed in: neutron Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1869121 Title: [FWaaS] Can't add rule with destination_port large than source_port Status in neutron: Fix Released Bug description: When i create a rule with destination port large than source_port and apply it to a port, neutron-openvswitch-agent get error. Reproduce: 1. Create Rule with destination port > source_port openstack firewall group rule create --protocol tcp --action allow --source-ip-address 192.168.58.139 --destination-ip-address 192.168.57.108 --source-port 5000 --destination-port 5500 --name test2 2. Apply it to firewall group policy openstack firewall group policy set --firewall-rule test-2 fw-gr-policy-test 3. Apply firewall group policy to firewall group (ingress or egress same) openstack firewall group set --ingress-firewall-policy fw-gr-policy-test fw-gr-test 4. Apply fw group to a port openstack firewall group set --port port-test fw-gr-test 5. Check log neutron-openvswitch-agent on node port reside 2020-03-26 10:18:34.882 3365 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent [req-86194ab1-4f71-4c5d-9c2c-bbb9d92599d8 - - - - -] Error while process[3015/90399] s: ValueError: 'port_max' is smaller than 'port_min' 2020-03-26 10:18:34.882 3365 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent Traceback (most recent call last): 2020-03-26 10:18:34.882 3365 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent File "/usr/lib/python3/dist-packages/neutron/plugins/ml2/drivers/openvswitch/agent/ovs_neutron_agent.py", line 2545, in rpc_loop 2020-03-26 10:18:34.882 3365 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent port_info, provisioning_needed) 2020-03-26 10:18:34.882 3365 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent File "/usr/lib/python3/dist-packages/neutron/plugins/ml2/drivers/openvswitch/agent /ovs_neutron_agent.py", line 1998, in process_network_ports 2020-03-26 10:18:34.882 3365 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent devices_added_updated, provisioning_needed)) 2020-03-26 10:18:34.882 3365 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent File "/usr/lib/python3/dist-packages/neutron/plugins/ml2/drivers/openvswitch/agent/ovs_neutron_agent.py", line 1885, in treat_devices_added_or_updated 2020-03-26 10:18:34.882 3365 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent self.ext_manager.handle_port(self.context, details) 2020-03-26 10:18:34.882 3365 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent File "/usr/lib/python3/dist-packages/neutron/agent/l2/l2_agent_extensions_manager. py", line 42, in handle_port 2020-03-26 10:18:34.882 3365 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent extension.obj.handle_port(context, data) 2020-03-26 10:18:34.882 3365 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent File "/usr/lib/python3/dist-packages/oslo_concurrency/lockutils.py", line 328, in inner 2020-03-26 10:18:34.882 3365 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent return f(*args, **kwargs) 2020-03-26 10:18:34.882 3365 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent File "/usr/local/lib/python3.6/dist-packages/neutron_fwaas/services/firewall/servi ce_drivers/agents/l2/fwaas_v2.py", line 361, in handle_port 2020-03-26 10:18:34.882 3365 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent ret = self._apply_fwg_rules(fwg, [port]) 2020-03-26 10:18:34.882 3365 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent File "/usr/local/lib/python3.6/dist-packages/neutron_fwaas/services/firewall/service_drivers/agents/l2/fwaas_v2.py", line 218, in _apply_fwg_rules 2020-03-26 10:18:34.882 3365 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent self.driver.update_firewall_group(ports_for_driver, fwg) 2020-03-26 10:18:34.882 3365 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent File "/usr/local/lib/python3.6/dist-packages/neutron_fwaas/services/firewall/servi ce_drivers/agents/drivers/linux/l2/openvswitch_firewall/firewall.py", line 1016, in update_firewall_group 2020-03-26 10:18:34.882 3365 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent self.create_firewall_group(ports_for_fwg, firewall_group) 2020-03-26 10:18:34.882 3365 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent File "/usr/local/lib/python3.6/dist-packages/neutron_fwaas/services/firewall/service_drivers/agents/drivers/linux/l2/openvswitch_firewall/firewall.py", line 1013, in create_firewall_group 2020-03-26 10:18:34.882 3365 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent self.update_port_filter(port) 2020-03-26 10:18:34.882 3365 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent File "/usr/local/lib/python3.6/dist-packages/neutron_fwaas/services/firewall/servi ce_drivers/agents/drivers/linux/l2/openvswitch_firewall/firewall.py", line 396, in update_port_filter 2020-03-26 10:18:34.882 3365 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent self.add_flows_from_rules(of_port) 2020-03-26 10:18:34.882 3365 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent File "/usr/local/lib/python3.6/dist-packages/neutron_fwaas/services/firewall/service_drivers/agents/drivers/linux/l2/openvswitch_firewall/firewall.py", line 924, in add_flows_from_rules 2020-03-26 10:18:34.882 3365 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent flows = rules.create_flows_from_rule_and_port(rule, port) 2020-03-26 10:18:34.882 3365 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent File "/usr/local/lib/python3.6/dist-packages/neutron_fwaas/services/firewall/servi ce_drivers/agents/drivers/linux/l2/openvswitch_firewall/rules.py", line 80, in create_flows_from_rule_and_port 2020-03-26 10:18:34.882 3365 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent flows = create_protocol_flows(direction, flow_template, port, rule) 2020-03-26 10:18:34.882 3365 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent File "/usr/local/lib/python3.6/dist-packages/neutron_fwaas/services/firewall/servi ce_drivers/agents/drivers/linux/l2/openvswitch_firewall/rules.py", line 113, in create_protocol_flows 2020-03-26 10:18:34.882 3365 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent flows = create_port_range_flows(flow_template, rule) 2020-03-26 10:18:34.882 3365 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent File "/usr/local/lib/python3.6/dist-packages/neutron_fwaas/services/firewall/servi ce_drivers/agents/drivers/linux/l2/openvswitch_firewall/rules.py", line 140, in create_port_range_flows 2020-03-26 10:18:34.882 3365 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent dst_port_range = utils.port_rule_masking(dst_port_min, dst_port_max) 2020-03-26 10:18:34.882 3365 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent File "/usr/lib/python3/dist-packages/neutron/common/utils.py", line 568, in port_r ule_masking 2020-03-26 10:18:34.882 3365 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent raise ValueError(_("'port_max' is smaller than 'port_min'")) 2020-03-26 10:18:34.882 3365 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent ValueError: 'port_max' is smaller than 'port_min' 2020-03-26 10:18:34.882 3365 ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1869121/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
