neutron

conntrack v1.4.4 (conntrack-tools): `0' unsupported protocol

Bug #1820744 reported by Gaëtan Trellu
20
This bug affects 4 people
Affects Status Importance Assigned to Milestone
neutron
Fix Released
High
Brian Haley

Bug Description

Hi,

In neutron-openvswitch-agent.log I got some error related to conntrack. I'm not sure about when _delete_conntrack_state function is triggered.

From the code it seem to be related to a port update.

Does it has something to do with the fact than during security group rule creation sometime we could set a number[1] ?

2019-03-18 17:15:45.700 7 ERROR neutron.agent.linux.utils [-] Exit code: 2; Stdin: ; Stdout: ; Stderr: conntrack v1.4.4 (conntrack-tools): `0' unsupported protocol
Try `conntrack -h' or 'conntrack --help' for more information.

2019-03-18 17:15:45.701 7 ERROR neutron.agent.linux.ip_conntrack [-] Failed execute conntrack command ('conntrack', '-D', '-p', '0', '-f', 'ipv4', '-d', '192.168.3.25', '-w', 4591): ProcessExecutionError: Exit code: 2; Stdin: ; Stdout: ; Stderr: conntrack v1.4.4 (conntrack-tools): `0' unsupported protocol
Try `conntrack -h' or 'conntrack --help' for more information.
2019-03-18 17:15:45.701 7 ERROR neutron.agent.linux.ip_conntrack Traceback (most recent call last):
2019-03-18 17:15:45.701 7 ERROR neutron.agent.linux.ip_conntrack File "/var/lib/kolla/venv/local/lib/python2.7/site-packages/neutron/agent/linux/ip_conntrack.py", line 165, in _delete_conntrack_state
2019-03-18 17:15:45.701 7 ERROR neutron.agent.linux.ip_conntrack extra_ok_codes=[1])
2019-03-18 17:15:45.701 7 ERROR neutron.agent.linux.ip_conntrack File "/var/lib/kolla/venv/local/lib/python2.7/site-packages/neutron/agent/linux/utils.py", line 147, in execute
2019-03-18 17:15:45.701 7 ERROR neutron.agent.linux.ip_conntrack returncode=returncode)
2019-03-18 17:15:45.701 7 ERROR neutron.agent.linux.ip_conntrack ProcessExecutionError: Exit code: 2; Stdin: ; Stdout: ; Stderr: conntrack v1.4.4 (conntrack-tools): `0' unsupported protocol
2019-03-18 17:15:45.701 7 ERROR neutron.agent.linux.ip_conntrack Try `conntrack -h' or 'conntrack --help' for more information.
2019-03-18 17:15:45.701 7 ERROR neutron.agent.linux.ip_conntrack
2019-03-18 17:15:45.701 7 ERROR neutron.agent.linux.ip_conntrack

This happens on Rocky version.

[1] https://github.com/openstack/python-openstackclient/blob/4bde9af89251431791fc8d69fe09d5e17a8fba8f/openstackclient/network/v2/security_group_rule.py#L155-L164

YAMAMOTO Takashi (yamamoto)
Changed in neutron:
importance: Undecided → High
status: New → Confirmed
Revision history for this message
Brian Haley (brian-haley) wrote :

So did you just run 'openstack security group rule create --ingress --protocol 0 default' and then delete the rule? Looks like there might be a bug in conntrack-tools I need to chase down.

Changed in neutron:
assignee: nobody → Brian Haley (brian-haley)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (master)

Fix proposed to branch: master
Review: https://review.openstack.org/644633

Changed in neutron:
status: Confirmed → In Progress
Revision history for this message
Brian Haley (brian-haley) wrote :

conntrack-tools commit 8ae8c537cd7fd0f2fe18e30046d73c59d3a7fe85 fixes the '-p 0' issue :) but we'll still need something to deal with this in neutron, I'll get my change merged. If you could test it that would be great.

Revision history for this message
Gaëtan Trellu (goldyfruit) wrote :

Hey Brian,

Thanks for the review, I can't test right now but it LGTM.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (master)

Reviewed: https://review.openstack.org/644633
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=de810e04fb1d243ad4f82f6b35a7821fefe0a2cc
Submitter: Zuul
Branch: master

commit de810e04fb1d243ad4f82f6b35a7821fefe0a2cc
Author: Brian Haley <email address hidden>
Date: Tue Mar 19 14:28:56 2019 -0400

    Use '-p ip' instead of '-p 0' with conntrack

    The conntrack command does not allow '-p 0' as an argument,
    but does allow it's equivalent '-p ip'. Use it instead
    so it doesn't generate an error.

    Change-Id: Ica69eb85a6835952904a6390bb8a31e6afdecf69
    Closes-bug: #1820744

Changed in neutron:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 15.0.0.0b1

This issue was fixed in the openstack/neutron 15.0.0.0b1 development milestone.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.