[Yahoo-eng-team] [Bug 1664782] Re: iptables manager wrongly deletes other agents' rules

Tue, 17 Jan 2023 13:11:57 -0800 

** Changed in: neutron
       Status: In Progress => Won't Fix

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1664782

Title:
  iptables manager wrongly deletes other agents' rules

Status in neutron:
  Won't Fix

Bug description:
  Calico's Felix agent generates iptables chains that intentionally
  include rules that the Neutron iptables_manager code considers to be
  duplicates - as revealed by logs like these from the DHCP agent:

  2017-02-02 18:50:29.482 3376 WARNING neutron.agent.linux.iptables_manager [-] 
Duplicate iptables rule detected. This may indicate a bug in the iptables rule 
generation code. Line: -A felix-to-ebf1bc0b-ba -m mark --mark 
0x1000000/0x1000000 -m comment --comment "Profile accepted packet" -j RETURN
  2017-02-02 18:50:29.483 3376 WARNING neutron.agent.linux.iptables_manager [-] 
Duplicate iptables rule detected. This may indicate a bug in the iptables rule 
generation code. Line: -A felix-to-3d959cf9-36 -m mark --mark 
0x1000000/0x1000000 -m comment --comment "Profile accepted packet" -j RETURN
  2017-02-02 18:50:29.483 3376 WARNING neutron.agent.linux.iptables_manager [-] 
Duplicate iptables rule detected. This may indicate a bug in the iptables rule 
generation code. Line: -A felix-from-ebf1bc0b-ba -m mark --mark 
0x1000000/0x1000000 -m comment --comment "Profile accepted packet" -j RETURN
  2017-02-02 18:50:29.483 3376 WARNING neutron.agent.linux.iptables_manager [-] 
Duplicate iptables rule detected. This may indicate a bug in the iptables rule 
generation code. Line: -A felix-from-3d959cf9-36 -m mark --mark 
0x1000000/0x1000000 -m comment --comment "Profile accepted packet" -j RETURN

  IIUC, iptables_manager then reprograms iptables with these 'duplicates'
  removed, and thereby breaks Calico's iptables.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1664782/+subscriptions


-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

Reply via email to