neutron

address pair rules not matched in iptables counter-preservation code

Series kilo
Bug #1456823

Bug #1456823 reported by Kevin Benton on 2015-05-19

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
neutron	Fix Released	Undecided	Kevin Benton	neutron 7.0.0 "liberty"
Juno	Fix Released	Undecided	Unassigned	neutron 2014.2.4
Kilo	New	Undecided	Unassigned

Bug Description

There are a couple of issues with the way our iptables rules are formed that prevent them from being matched in the code that looks at existing rules to preserve counters. So the counters end up getting wiped out.

Tags:

Kevin Benton (kevinbenton) on 2015-05-19

Changed in neutron:
assignee:	nobody → Kevin Benton (kevinbenton)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-05-19: Fix proposed to neutron (master)

Fix proposed to branch: master
Review: https://review.openstack.org/184355

Changed in neutron:
status:	New → In Progress

OpenStack Infra (hudson-openstack) on 2015-05-20

Changed in neutron:
assignee:	Kevin Benton (kevinbenton) → Brian Haley (brian-haley)

Kevin Benton (kevinbenton) on 2015-05-21

Changed in neutron:
assignee:	Brian Haley (brian-haley) → Kevin Benton (kevinbenton)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-05-21: Fix merged to neutron (master)

Reviewed: https://review.openstack.org/184355
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=12889f70e1ae547598f4c663e9da5b9bb03e347e
Submitter: Jenkins
Branch: master

commit 12889f70e1ae547598f4c663e9da5b9bb03e347e
Author: Kevin Benton <email address hidden>
Date: Fri May 15 19:44:16 2015 -0700

Match order of iptables arguments to iptables-save

    The way we were forming our iptables rules was not matching
    the output of iptables-save. This caused the logic that preserves
    counters to miss many of the rules.

This patch corrects the order for the comments and the allowed address
pairs to match the output order of iptables-save.

Closes-Bug: #1456823
Change-Id: I34c2249d0865485578767865c82414e1d813d563

Changed in neutron:
status:	In Progress → Fix Committed

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-05-21: Fix proposed to neutron (stable/kilo)

Fix proposed to branch: stable/kilo
Review: https://review.openstack.org/184853

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-05-21: Fix proposed to neutron (stable/juno)

Fix proposed to branch: stable/juno
Review: https://review.openstack.org/184904

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-05-22: Fix proposed to neutron (neutron-pecan)

Fix proposed to branch: neutron-pecan
Review: https://review.openstack.org/185072

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-05-29: Fix merged to neutron (stable/juno)

Reviewed: https://review.openstack.org/184904
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=cf8f5c9240ec5d8f03a494d3daae9440c86ee3e1
Submitter: Jenkins
Branch: stable/juno

commit cf8f5c9240ec5d8f03a494d3daae9440c86ee3e1
Author: Kevin Benton <email address hidden>
Date: Fri May 15 19:44:16 2015 -0700

Match order of iptables arguments to iptables-save

    The way we were forming our iptables rules was not matching
    the output of iptables-save. This caused the logic that preserves
    counters to miss many of the rules.

This patch corrects the order for the comments and the allowed address
pairs to match the output order of iptables-save.

    Closes-Bug: #1456823
    Change-Id: I34c2249d0865485578767865c82414e1d813d563
    (cherry picked from commit 12889f70e1ae547598f4c663e9da5b9bb03e347e)

tags:

added: in-stable-juno

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-05-29: Fix merged to neutron (stable/kilo)

Reviewed: https://review.openstack.org/184853
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=6b127ab6859588d97833b9caea92661b2ae4591a
Submitter: Jenkins
Branch: stable/kilo

commit 6b127ab6859588d97833b9caea92661b2ae4591a
Author: Kevin Benton <email address hidden>
Date: Fri May 15 19:44:16 2015 -0700

Match order of iptables arguments to iptables-save

    The way we were forming our iptables rules was not matching
    the output of iptables-save. This caused the logic that preserves
    counters to miss many of the rules.

This patch corrects the order for the comments and the allowed address
pairs to match the output order of iptables-save.

    Closes-Bug: #1456823
    Change-Id: I34c2249d0865485578767865c82414e1d813d563
    (cherry picked from commit 12889f70e1ae547598f4c663e9da5b9bb03e347e)

tags:

added: in-stable-kilo

Thierry Carrez (ttx) on 2015-06-24

Changed in neutron:
milestone:	none → liberty-1
status:	Fix Committed → Fix Released

Thierry Carrez (ttx) on 2015-10-15

Changed in neutron:
milestone:	liberty-1 → 7.0.0

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.