[jira] [Updated] (CLOUDSTACK-9968) VR iptables rules are not properly processed due to this rule config is failing.

Thu, 06 Jul 2017 03:34:28 -0700 

     [ 
https://issues.apache.org/jira/browse/CLOUDSTACK-9968?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Rajani Karuturi updated CLOUDSTACK-9968:
----------------------------------------
    Fix Version/s:     (was: 4.10.0.0)
                   4.10.1.0

> VR iptables rules are not properly processed due to this rule config is 
> failing.
> --------------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-9968
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9968
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the 
> default.) 
>    Affects Versions: 4.9.0
>            Reporter: Jayapal Reddy
>             Fix For: 4.10.1.0
>
>
> 1. enable and disable the static nat you will observe the below issue.
> In CsNetfilter.py to_str method is inefficient, it can't handle CONNMARK 
> target  iptables rules option. It receives a dictionary which contains 
> iptables value (hex) as key.
> 1. iptables mangle rule when iptables-save is run.
> -A PREROUTING -s 10.1.1.68/32 -m state --state NEW -j CONNMARK --save-mark 
> --nfmask 0xffffffff --ctmask 0xffffffff
> 2. To_str method recieved the following dictionary in which only one 
> 0xffffffff and it is a key.
> 2017-06-20 08:40:37,682  CsNetfilter.py to_str:287 Before to_str rule: : 
> {u'--save-mark': u'--nfmask', u'-A': u'PREROUTING', u'-s': u'10.1.1.68/32', 
> u'-j': u'CONNMARK', u'0xffffffff': u'--ctmask', u'--state': u'NEW', u'-m2': 
> u'state'}
> 3. Based on the above the below incorrect rule is framed.
> 2017-06-20 08:40:37,682  CsNetfilter.py to_str:303 After str rule: : -D 
> PREROUTING -s 10.1.1.68/32 -m state --state NEW -j CONNMARK
> 4. Rule execution fails because of the missing options.
> 2017-06-20 08:40:37,682  CsNetfilter.py get_unseen:129 unseen cmd:  iptables 
> -t mangle -D PREROUTING -s 10.1.1.68/32 -m state --state NEW -j CONNMARK
> 2017-06-20 08:40:37,688  CsHelper.py execute:188 Executed: iptables -t mangle 
> -D PREROUTING -s 10.1.1.68/32 -m state --state NEW -j CONNMARK -* 
> exitstatus=2*



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to