Skip unknown protocols while deleting conntrack
This patch updates the legacy conntrack driver to skip any conntrack entries in the virtual router with an unknown protocol. The conntrack driver currently handles sessions for TCP/UDP/ICMP/ICMP6 protocols only Change-Id: Ic2572086a13ea9c3acc3aee1350b569740aa0d8f Closes-Bug: #1753507
This commit is contained in:
parent
17276cca63
commit
9b89d4802c
|
@ -77,7 +77,8 @@ class ConntrackLegacy(conntrack_base.ConntrackDriverBase):
|
|||
raw_entries = self._execute_command(cmd).splitlines()
|
||||
for raw_entry in raw_entries:
|
||||
parsed_entry = self._parse_entry(raw_entry.split(), ip_version)
|
||||
parsed_entries.append(parsed_entry)
|
||||
if parsed_entry is not None:
|
||||
parsed_entries.append(parsed_entry)
|
||||
return sorted(parsed_entries)
|
||||
|
||||
def _get_conntrack_cmd_from_entry(self, entry, namespace):
|
||||
|
@ -109,6 +110,11 @@ class ConntrackLegacy(conntrack_base.ConntrackDriverBase):
|
|||
and compare with firewall rule
|
||||
"""
|
||||
protocol = entry[0]
|
||||
if protocol in ATTR_POSITIONS:
|
||||
LOG.info('Skipping conntrack entry %s with unsupported protocol',
|
||||
entry)
|
||||
return None
|
||||
|
||||
parsed_entry = [ip_version, protocol]
|
||||
for attr, position in ATTR_POSITIONS[protocol]:
|
||||
val = entry[position].partition('=')[2]
|
||||
|
|
|
@ -80,6 +80,7 @@ FW_RULES = [
|
|||
ICMP_ENTRY = (4, 'icmp', 8, 0, '1.1.1.1', '2.2.2.2', '1234')
|
||||
TCP_ENTRY = (4, 'tcp', 1, 2, '1.1.1.1', '2.2.2.2')
|
||||
UDP_ENTRY = (4, 'udp', 1, 2, '1.1.1.1', '2.2.2.2')
|
||||
UNKNOWN_ENTRY = (4, 'unknown', 1, 2, '1.1.1.1', '2.2.2.2')
|
||||
|
||||
ROUTER_NAMESPACE = 'qrouter-fake-namespace'
|
||||
|
||||
|
@ -112,7 +113,7 @@ class ConntrackLegacyTestCase(base.BaseTestCase):
|
|||
|
||||
def test_delete_entries(self):
|
||||
self.conntrack_driver.list_entries.return_value = [
|
||||
ICMP_ENTRY, TCP_ENTRY, UDP_ENTRY]
|
||||
ICMP_ENTRY, TCP_ENTRY, UDP_ENTRY, UNKNOWN_ENTRY]
|
||||
self.conntrack_driver.delete_entries(FW_RULES, ROUTER_NAMESPACE)
|
||||
calls = [
|
||||
mock.call(['ip', 'netns', 'exec', ROUTER_NAMESPACE,
|
||||
|
|
Loading…
Reference in New Issue