IPtables firewall code sometimes tries to remove non-existent rules
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Fix Released
|
Low
|
Brian Haley |
Bug Description
I've seen errors like this in some of the OVS agent logs recently:
WARNING neutron.
(there's usually 5 more similar lines)
Looking into it, the line right before we had allocated a conntrack zone:
DEBUG neutron.
So we allocate a zone and immediately try and remove some iptables rules associated with it, but they won't exist since the zone was just allocated. Instead, we should return early if there was no zone - the caller in question is _remove_
Changed in neutron: | |
importance: | Undecided → Low |
http:// logs.openstack. org/73/ 351773/ 17/check/ neutron- tempest- linuxbridge/ 73755f3/ logs/screen- q-agt.txt# _Apr_18_ 02_27_08_ 591035