[FWaas-DVR]wrong port name in iptables rules
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Won't Fix
|
Medium
|
Wang Weijia |
Bug Description
Bug description:
In DVR model, when we bind a FWG on a gateway port, the port names(sg port and rfp port) in iptables rules are wrong.
Steps:
1.create a firewall group named fw
2.create a router(
3.bind FWG fw on gateway port (b013ad9f-
Here is my environment:
[root@vm ~]# openstack firewall group show fw
+------
| Field | Value |
+------
| Description | |
| Egress Policy ID | c907b32c-
| ID | deb36e9f-
| Ingress Policy ID | 3996f090-
| Name | fw |
| Ports | [u'b013ad9f-
| Project | 9355437b66f64e8
| Shared | False |
| State | UP |
| Status | ACTIVE |
| project_id | 9355437b66f64e8
+------
[root@vm ~]# ip netns exec qrouter-
2: rfp-0cbd237f-
link/ether 6e:22:a5:20:18:20 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 169.254.106.114/31 scope global rfp-0cbd237f-3
valid_lft forever preferred_lft forever
109: qr-b013ad9f-b1: <BROADCAST,
link/ether fa:16:3e:c5:cf:73 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.1/24 brd 192.168.1.255 scope global qr-b013ad9f-b1
valid_lft forever preferred_lft forever
inet6 fe80::f816:
valid_lft forever preferred_lft forever
[root@vm ~]# ip netns exec snat-0cbd237f-
110: sg-66024492-92: <BROADCAST,
link/ether fa:16:3e:85:3b:0a brd ff:ff:ff:ff:ff:ff
Below is the wrong place, please focus on the name of 'sg-'port name and 'rfp-' port name:
[root@vm ~]# ip netns exec snat-0cbd237f-
-A neutron-
-A neutron-
-A neutron-
-A neutron-
[root@vm ~]# ip netns exec qrouter-
-A neutron-
-A neutron-
-A neutron-
-A neutron-
We can see 'sg-' port name and 'rfp-' port name are different from the correct names.
The correct name is below:
[root@vm ~]# ip netns exec snat-0cbd237f-
-A neutron-
-A neutron-
-A neutron-
-A neutron-
[root@vm ~]# ip netns exec qrouter-
-A neutron-
-A neutron-
-A neutron-
-A neutron-
I have checked the code of l3-agent, the name of 'sg-' port name comes from the port id of snat_interface, and 'rfp-' port name comes from router id.
Changed in neutron: | |
status: | New → Confirmed |
Changed in neutron: | |
importance: | Undecided → Medium |
Changed in neutron: | |
status: | Confirmed → In Progress |
I have commit the solution in this patch: /review. openstack. org/#/c/ 606007/
https:/
Welcome to review:)