neutron

FirewallDriver's defer_apply might need better exception handling

Bug #1706285 reported by IWAMOTO Toshihiro on 2017-07-25

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	neutron	New	Undecided	Unassigned

Bug Description

The current code is:

    @contextlib.contextmanager
    def defer_apply(self):
        """Defer apply context."""
        self.filter_defer_apply_on()
        try:
            yield
        finally:
            self.filter_defer_apply_off()

This means filter_defer_apply_off will be called even if there is an exception and the exception will be reraised.

Assuming the SG rules were consistent before this contextmanager call, it might make more sense to just discard deferred SG programming.

Tags:

Revision history for this message

Brian Haley (brian-haley) wrote on 2017-07-26:

The iptables defer_apply() code is a little better in that it catches the exception in defer_apply_off() and raises a consistent value.

But I think we need to always make the filter_defer_apply_off() call so that things like self._defer_apply are correctly set to False, else we could get in a state where the agent can't apply anything, right? Maybe a patch with your proposed change would be a better place to discuss?

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.