Reviewed: https://review.openstack.org/590682 Committed: https://git.openstack.org/cgit/openstack/neutron-fwaas/commit/?id=6ccdd943a3cec92e559dd842407382a3dca5f484 Submitter: Zuul Branch: master
commit 6ccdd943a3cec92e559dd842407382a3dca5f484 Author: Kim Bao Long <[email protected]> Date: Fri Aug 10 14:41:54 2018 +0700 Remove remaining NFLOG rules on deleting log resource Currently, NFLOG rules are still remaining after deletion of log resources from "ACCEPT" or "DROP" events. This patch aims to remove these rules. In addition, it also cleans up unused iptables manager per port to avoid memory consumption of self.ipt_mgr_list in [1] [1] https://review.openstack.org/#/c/553738/ Closes-Bug: #1786746 Change-Id: Id8db35c9e11c11f186f15565fcbc2cfa67d9ebd4 Co-Authored-By: Nguyen Phuong An <[email protected]> ** Changed in: neutron Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1786746 Title: [FW Logging] NFLOG rules still remains after deleting log resource Status in neutron: Fix Released Bug description: I have tested a logging feature for firewall_group in stable/rocky [1], and found a bug. Please follow the following testcase to reproduce this bug: Environment: - Devstack stable/rocky - Install devstack with local.conf: http://paste.openstack.org/show/727916/ - Topology: Set up topolocy with the following script http://paste.openstack.org/show/727918/ Testcase -------- - Create log resource: openstack network log create --resource-type firewall_group --event accept testAccept - Show iptables config: router_id=$(openstack router list | grep router0 | awk '{print$2}') router_ns='qrouter-'$router_id sudo ip netns exec $router_ns iptables -nvL - The results showed that NFLOG already added correctly into iptables: http://paste.openstack.org/show/727920/ Bug triggering -------------- Delete log-resource with: openstack network log delete testAccept Error logs: http://paste.openstack.org/show/727919/ => Expectation: NFLOGs for ACCEPT disappears => Observed: NFLOGs for ACCEPT still remains => Bug References: [1] https://docs.openstack.org/neutron/latest/admin/config-logging.html#service-workflow-for-operator To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1786746/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
