Arturo Borrero Gonzalez <arturo@xxxxxxxxxxxxx> wrote: > Hi Phil, > > (CC'ing netfilter-devel) > > I discovered my openstack neutron linuxbridge-agent malfunctioning when using > iptables-nft and it seems this ruleset is causing the issue: > === 8< === > *raw > :OUTPUT - [0:0] > :PREROUTING - [0:0] > :neutron-linuxbri-OUTPUT - [0:0] > :neutron-linuxbri-PREROUTING - [0:0] > -I OUTPUT 1 -j neutron-linuxbri-OUTPUT > -I PREROUTING 1 -j neutron-linuxbri-PREROUTING > -I neutron-linuxbri-PREROUTING 1 -m physdev --physdev-in brq7425e328-56 -m > comment --comment "Set zone for f101a28-1d" -j CT --zone 4097 > -I neutron-linuxbri-PREROUTING 2 -i brq7425e328-56 -m comment --comment "Set > zone for f101a28-1d" -j CT --zone 4097 > -I neutron-linuxbri-PREROUTING 3 -m physdev --physdev-in tap7f101a28-1d -m > comment --comment "Set zone for f101a28-1d" -j CT --zone 4097 > > COMMIT git bisect start # good: [bba6bc692b0e6137e13881a1f398c134822e9f83] configure: bump # versions for 1.8.2 release git bisect good bba6bc692b0e6137e13881a1f398c134822e9f83 # bad: [72ed608bf1ea550ac13b5b880afc7ad3ffa0afd0] nft: Fix for broken # address mask match detection git bisect bad 72ed608bf1ea550ac13b5b880afc7ad3ffa0afd0 # good: [4e9782cae29034c4eefd31703ba77aee7eca2233] nft: Pass nft_handle # to flush_cache() git bisect good 4e9782cae29034c4eefd31703ba77aee7eca2233 # good: [f56d91bd80f0e86aaad56a32ddc84f373bb80745] connlabel: Allow # numeric labels even if connlabel.conf exists git bisect good f56d91bd80f0e86aaad56a32ddc84f373bb80745 # bad: [869e38fcdecda3de35d999b75fbaacc750fe3aaa] ebtables: Free # statically loaded extensions again git bisect bad 869e38fcdecda3de35d999b75fbaacc750fe3aaa # good: [72470c66326d9b5186dd4614bc2d18269324e54b] nft: cache: Eliminate # init_chain_cache() git bisect good 72470c66326d9b5186dd4614bc2d18269324e54b # bad: [6d1d5aa5c93eca890e28b508ef426b7844caf2b7] nft: cache: Introduce # struct nft_cache_req git bisect bad 6d1d5aa5c93eca890e28b508ef426b7844caf2b7 # bad: [9d07514ac5c7a27ec72df5a81bf067073d63bd99] nft: calculate cache # requirements from list of commands git bisect bad 9d07514ac5c7a27ec72df5a81bf067073d63bd99 # good: [accaecdf5889911e6a1ca4737c6f6599a77afe24] nft: cache: Fetch # sets per table git bisect good accaecdf5889911e6a1ca4737c6f6599a77afe24 # bad: [a7f1e208cdf9c6392c99d3c52764701d004bdde7] nft: split parsing # from netlink commands git bisect bad a7f1e208cdf9c6392c99d3c52764701d004bdde7 # good: [70a3c1a07585de64b5780a415dc157079c34911b] ebtables-restore: # Table line to trigger implicit commit git bisect good 70a3c1a07585de64b5780a415dc157079c34911b # first bad commit: [a7f1e208cdf9c6392c99d3c52764701d004bdde7] nft: # split parsing from netlink commands Can't look at it further ATM, I double-checked that the commit preceeding a7f1e208cdf9c6392c99d3c52764701d004bdde7 works.
