Public bug reported: In neutron/agent/linux/iptables_manager.py, wrapped chains and rules specific to the address scope feature were added to __init__, lines 393 to 434 as part of https://review.openstack.org/#/c/270001/.
These chains and rules should be moved out of iptables_manager.py, since iptables_manager.py is used by many features including security groups, FWaaS, metering. With the current code, each new feature using a separate instance of IptablesManager with a different wrap_name will create a separate copy of these chains and rules. It is not clear if there is any functional impact. The '-j CONNMARK --restore-mark' rule in mangle PREROUTING would be reapplied by each feature. ** Affects: neutron Importance: Undecided Status: New ** Tags: address-scopes l3-ipam-dhcp -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1549513 Title: Feature specific code should be moved out of iptables_manager Status in neutron: New Bug description: In neutron/agent/linux/iptables_manager.py, wrapped chains and rules specific to the address scope feature were added to __init__, lines 393 to 434 as part of https://review.openstack.org/#/c/270001/. These chains and rules should be moved out of iptables_manager.py, since iptables_manager.py is used by many features including security groups, FWaaS, metering. With the current code, each new feature using a separate instance of IptablesManager with a different wrap_name will create a separate copy of these chains and rules. It is not clear if there is any functional impact. The '-j CONNMARK --restore-mark' rule in mangle PREROUTING would be reapplied by each feature. To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1549513/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp