[L3] add abilitiy for iptables_manager to ensure rule was added only once
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Won't Fix
|
High
|
LIU Yulong |
Bug Description
iptables_manager should have abilitiy to ensure rule was added only once. In function [1], it just adds the new rule to the cache list no matter if it is duplicated. And finally, warning LOG [2] will be raised. Sometimes, there will have multiple threads to add rule for one same resource, it may be not easy for users to ensure that their rule generation code was run as expected. So rule will be duplicated in cache. And during the removal procedure, cache has duplicated rules, remove one then there still has same rule remained. As a result, the linux netfilter rule may have nothing changed after user's removal action.
[1] https:/
[2] https:/
Changed in neutron: | |
assignee: | LIU Yulong (dragon889) → Brian Haley (brian-haley) |
Changed in neutron: | |
status: | New → In Progress |
Changed in neutron: | |
assignee: | nobody → LIU Yulong (dragon889) |
Upstream log search: logstash. openstack. org/#dashboard/ file/logstash. json?query= message% 3A%5C%22Duplica te%20iptables% 5C%22%20and% 20message% 3A%20%5C% 22may%20indicat e%20a%20bug% 20in%20the% 20iptables% 5C%22
http://