[Bug 1832210] Re: fwaas netfilter_log: incorrect decode of log prefix under python 3

James Page james.page at ubuntu.com
Thu Jul 4 06:06:47 UTC 2019 

Verified in disco-proposed:

2019-07-04 06:05:18.647 24829 INFO neutron_fwaas.services.logapi.agents.drivers.iptables.log [-] action=DROP, project_id=7ff67d14319b40fd925e8926b68090df, log_resource_ids=['6e386314-2e36-456e-b90b-d1d51e91ee8d'], port=59fc8ffd-f724-447c-b95a-f11f35441c9d, pkt=ethernet(dst='fa:16:3e:c3:b2:28',ethertype=2048,src='fa:16:3e:41:6f:cc')ipv4(csum=50040,dst='192.168.21.47',flags=2,header_length=5,identification=38986,offset=0,option=None,proto=1,src='10.5.0.10',tos=0,total_length=84,ttl=63,version=4)icmp(code=0,csum=61993,data=echo(data=b'\x1d\x97\x1d]\x00\x00\x00\x00\x98[\t\x00\x00\x00\x00\x00\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !"#$%&\'()*+,-./01234567',id=27314,seq=1),type=8)
2019-07-04 06:05:19.852 24829 INFO neutron_fwaas.services.logapi.agents.drivers.iptables.log [-] action=DROP, project_id=7ff67d14319b40fd925e8926b68090df, log_resource_ids=['6e386314-2e36-456e-b90b-d1d51e91ee8d'], port=59fc8ffd-f724-447c-b95a-f11f35441c9d, pkt=ethernet(dst='fa:16:3e:c3:b2:28',ethertype=2048,src='fa:16:3e:41:6f:cc')ipv4(csum=50015,dst='192.168.21.47',flags=2,header_length=5,identification=39011,offset=0,option=None,proto=1,src='10.5.0.10',tos=0,total_length=84,ttl=63,version=4)icmp(code=0,csum=33733,data=echo(data=b'\x1e\x97\x1d]\x00\x00\x00\x00\x05\xbf\t\x00\x00\x00\x00\x00\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !"#$%&\'()*+,-./01234567',id=27314,seq=2),type=8)
2019-07-04 06:05:21.978 24829 INFO neutron_fwaas.services.logapi.agents.drivers.iptables.log [-] action=ACCEPT, project_id=7ff67d14319b40fd925e8926b68090df, log_resource_ids=['6e386314-2e36-456e-b90b-d1d51e91ee8d'], port=59fc8ffd-f724-447c-b95a-f11f35441c9d, pkt=ethernet(dst='fa:16:3e:c3:b2:28',ethertype=2048,src='fa:16:3e:41:6f:cc')ipv4(csum=14078,dst='192.168.21.47',flags=2,header_length=5,identification=9432,offset=0,option=None,proto=6,src='10.5.0.10',tos=0,total_length=60,ttl=63,version=4)tcp(ack=0,bits=2,csum=46828,dst_port=22,offset=10,option=[TCPOptionMaximumSegmentSize(kind=2,length=4,max_seg_size=8918), TCPOptionSACKPermitted(kind=4,length=2), TCPOptionTimestamps(kind=8,length=10,ts_ecr=0,ts_val=1865326999), TCPOptionNoOperation(kind=1,length=1), TCPOptionWindowScale(kind=3,length=3,shift_cnt=7)],seq=3543962897,src_port=45662,urgent=0,window_size=26754)


# apt-cache policy python3-neutron-fwaas
python3-neutron-fwaas:
  Installed: 1:14.0.0-0ubuntu1.1
  Candidate: 1:14.0.0-0ubuntu1.1
  Version table:
 *** 1:14.0.0-0ubuntu1.1 500
        500 http://archive.ubuntu.com/ubuntu disco-proposed/main amd64 Packages
        100 /var/lib/dpkg/status
     1:14.0.0-0ubuntu1 500
        500 http://nova.clouds.archive.ubuntu.com/ubuntu disco/main amd64 Packages


** Tags removed: verification-needed-disco
** Tags added: verification-done-disco

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to Ubuntu Cloud Archive.
https://bugs.launchpad.net/bugs/1832210

Title:
  fwaas netfilter_log: incorrect decode of log prefix under python 3

Status in Ubuntu Cloud Archive:
  Fix Committed
Status in Ubuntu Cloud Archive rocky series:
  Fix Committed
Status in Ubuntu Cloud Archive stein series:
  Fix Committed
Status in Ubuntu Cloud Archive train series:
  Fix Committed
Status in neutron:
  Fix Released
Status in neutron-fwaas package in Ubuntu:
  Fix Released
Status in neutron-fwaas source package in Cosmic:
  Fix Committed
Status in neutron-fwaas source package in Disco:
  Fix Committed
Status in neutron-fwaas source package in Eoan:
  Fix Released

Bug description:
  Under Python 3, the prefix of a firewall log message is not correctly
  decoded "b'10612530182266949194'":

  2019-06-10 09:14:34 Unknown cookie packet_in pkt=ethernet(dst='fa:16:3e:c6:58:5e',ethertype=2048,src='fa:16:3e:e0:2c:be')ipv4(csum=51290,dst='10.5.0.10',flags=2,header_length=5,identification=37612,offset=0,option=None,proto=6,src='192.168.21.182',tos=16,total_length=52,ttl=63,version=4)tcp(ack=3151291228,bits=17,csum=23092,dst_port=57776,offset=8,option=[TCPOptionNoOperation(kind=1,length=1), TCPOptionNoOperation(kind=1,length=1), TCPOptionTimestamps(kind=8,length=10,ts_ecr=1574746440,ts_val=482688)],seq=2769917228,src_port=22,urgent=0,window_size=3120)
  2019-06-10 09:14:34 {'prefix': "b'10612530182266949194'", 'msg': "ethernet(dst='fa:16:3e:c6:58:5e',ethertype=2048,src='fa:16:3e:e0:2c:be')ipv4(csum=51290,dst='10.5.0.10',flags=2,header_length=5,identification=37612,offset=0,option=None,proto=6,src='192.168.21.182',tos=16,total_length=52,ttl=63,version=4)tcp(ack=3151291228,bits=17,csum=23092,dst_port=57776,offset=8,option=[TCPOptionNoOperation(kind=1,length=1), TCPOptionNoOperation(kind=1,length=1), TCPOptionTimestamps(kind=8,length=10,ts_ecr=1574746440,ts_val=482688)],seq=2769917228,src_port=22,urgent=0,window_size=3120)"}
  2019-06-10 09:14:34 {'0bf81ded-bf94-437d-ad49-063bba9be9bb': [<neutron_fwaas.services.logapi.agents.drivers.iptables.log.LogPrefix object at 0x7f7563079048>, <neutron_fwaas.services.logapi.agents.drivers.iptables.log.LogPrefix object at 0x7f756308abe0>]}

  This results in the firewall log driver not being able to map the
  message to the associated port and log resources in neutron resulting
  in the 'unknown cookie packet_in' warning message.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1832210/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list