neutron

Don't create ipset chain if corresponding security group has no member

Bug #1369431 reported by shihanzhang on 2014-09-15

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	neutron	Fix Released	Low	shihanzhang	neutron 2014.2 "juno"

Bug Description

when a security group has bellow rule, it should not create ipset chain:
security group id is: fake_sgid, it has rule bellow:
{'direction': 'ingress', 'remote_group_id': 'fake_sgid2'}
but the security group:fake_sgid2 has no member, so when the port in security group:fake_sgid should not create corresponding ipset chain

root@devstack:/opt/stack/neutron# ipset list
Name: IPv409040f9f-cb86-4f72-a
Type: hash:ip
Revision: 2
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 16520
References: 1
Members:
20.20.20.11

Name: IPv609040f9f-cb86-4f72-a
Type: hash:ip
Revision: 2
Header: family inet6 hashsize 1024 maxelem 65536
Size in memory: 16504
References: 1
Members:

because the security group:09040f9f-cb86-4f72-af74-4de4f2b86442 has no ipv6 member, so it should't create ipset chain:IPv609040f9f-cb86-4f72-a

shihanzhang (shihanzhang) on 2014-09-15

Changed in neutron:
assignee:	nobody → shihanzhang (shihanzhang)

OpenStack Infra (hudson-openstack) on 2014-09-15

Changed in neutron:
status:	New → In Progress

Oleg Bondarev (obondarev) on 2014-09-15

Changed in neutron:
importance:	Undecided → Low

Kyle Mestery (mestery) on 2014-09-15

Changed in neutron:
milestone:	none → juno-rc1

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-09-15: Fix merged to neutron (master)

Reviewed: https://review.openstack.org/121455
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=bf4a0199a73374d786e3a5bda770fd8545ebc4e9
Submitter: Jenkins
Branch: master

commit bf4a0199a73374d786e3a5bda770fd8545ebc4e9
Author: shihanzhang <email address hidden>
Date: Mon Sep 15 14:46:31 2014 +0800

Don't create unused ipset chain

when a security group don't have members, it should not create corresponding
ipset chain.

Change-Id: Ia04ffb3ac539c9a89a882e6dd91f373cb67c6f8b
Closes-bug: #1369431

Changed in neutron:
status:	In Progress → Fix Committed

Thierry Carrez (ttx) on 2014-10-03

Changed in neutron:
status:	Fix Committed → Fix Released

Thierry Carrez (ttx) on 2014-10-16

Changed in neutron:
milestone:	juno-rc1 → 2014.2

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.