conntrack v1.4.4 (conntrack-tools): `0' unsupported protocol

Bug #1820744 reported by Gaëtan Trellu on 2019-03-18
20
This bug affects 4 people
Affects Status Importance Assigned to Milestone
neutron
High
Brian Haley

Bug Description

Hi,

In neutron-openvswitch-agent.log I got some error related to conntrack. I'm not sure about when _delete_conntrack_state function is triggered.

From the code it seem to be related to a port update.

Does it has something to do with the fact than during security group rule creation sometime we could set a number[1] ?

2019-03-18 17:15:45.700 7 ERROR neutron.agent.linux.utils [-] Exit code: 2; Stdin: ; Stdout: ; Stderr: conntrack v1.4.4 (conntrack-tools): `0' unsupported protocol
Try `conntrack -h' or 'conntrack --help' for more information.

2019-03-18 17:15:45.701 7 ERROR neutron.agent.linux.ip_conntrack [-] Failed execute conntrack command ('conntrack', '-D', '-p', '0', '-f', 'ipv4', '-d', '192.168.3.25', '-w', 4591): ProcessExecutionError: Exit code: 2; Stdin: ; Stdout: ; Stderr: conntrack v1.4.4 (conntrack-tools): `0' unsupported protocol
Try `conntrack -h' or 'conntrack --help' for more information.
2019-03-18 17:15:45.701 7 ERROR neutron.agent.linux.ip_conntrack Traceback (most recent call last):
2019-03-18 17:15:45.701 7 ERROR neutron.agent.linux.ip_conntrack File "/var/lib/kolla/venv/local/lib/python2.7/site-packages/neutron/agent/linux/ip_conntrack.py", line 165, in _delete_conntrack_state
2019-03-18 17:15:45.701 7 ERROR neutron.agent.linux.ip_conntrack extra_ok_codes=[1])
2019-03-18 17:15:45.701 7 ERROR neutron.agent.linux.ip_conntrack File "/var/lib/kolla/venv/local/lib/python2.7/site-packages/neutron/agent/linux/utils.py", line 147, in execute
2019-03-18 17:15:45.701 7 ERROR neutron.agent.linux.ip_conntrack returncode=returncode)
2019-03-18 17:15:45.701 7 ERROR neutron.agent.linux.ip_conntrack ProcessExecutionError: Exit code: 2; Stdin: ; Stdout: ; Stderr: conntrack v1.4.4 (conntrack-tools): `0' unsupported protocol
2019-03-18 17:15:45.701 7 ERROR neutron.agent.linux.ip_conntrack Try `conntrack -h' or 'conntrack --help' for more information.
2019-03-18 17:15:45.701 7 ERROR neutron.agent.linux.ip_conntrack
2019-03-18 17:15:45.701 7 ERROR neutron.agent.linux.ip_conntrack

This happens on Rocky version.

[1] https://github.com/openstack/python-openstackclient/blob/4bde9af89251431791fc8d69fe09d5e17a8fba8f/openstackclient/network/v2/security_group_rule.py#L155-L164

Changed in neutron:
importance: Undecided → High
status: New → Confirmed
Brian Haley (brian-haley) wrote :

So did you just run 'openstack security group rule create --ingress --protocol 0 default' and then delete the rule? Looks like there might be a bug in conntrack-tools I need to chase down.

Changed in neutron:
assignee: nobody → Brian Haley (brian-haley)

Fix proposed to branch: master
Review: https://review.openstack.org/644633

Changed in neutron:
status: Confirmed → In Progress
Brian Haley (brian-haley) wrote :

conntrack-tools commit 8ae8c537cd7fd0f2fe18e30046d73c59d3a7fe85 fixes the '-p 0' issue :) but we'll still need something to deal with this in neutron, I'll get my change merged. If you could test it that would be great.

Gaëtan Trellu (goldyfruit) wrote :

Hey Brian,

Thanks for the review, I can't test right now but it LGTM.

Reviewed: https://review.openstack.org/644633
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=de810e04fb1d243ad4f82f6b35a7821fefe0a2cc
Submitter: Zuul
Branch: master

commit de810e04fb1d243ad4f82f6b35a7821fefe0a2cc
Author: Brian Haley <email address hidden>
Date: Tue Mar 19 14:28:56 2019 -0400

    Use '-p ip' instead of '-p 0' with conntrack

    The conntrack command does not allow '-p 0' as an argument,
    but does allow it's equivalent '-p ip'. Use it instead
    so it doesn't generate an error.

    Change-Id: Ica69eb85a6835952904a6390bb8a31e6afdecf69
    Closes-bug: #1820744

Changed in neutron:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers