202205: caclmgrd traceback KeyError: 'dst_ports' #12179
Comments
|
@abdosi , @SuvarnaMeenakshi , @ZhaohuiS , FYI- |
|
@anamehra I will take a look. |
|
@ZhaohuiS I have pr already with fix. Will create it by tomorrow. Please help in review that |
@abdosi Sure, thank you for your quick fix. I haven't considered multi-asic scenario. |
abdosi
added a commit
to sonic-net/sonic-host-services
that referenced
this issue
Sep 28, 2022
What I did: Fixes: sonic-net/sonic-buildimage#12179 Why I did: Fix the issue where if dest port is not specified in ACL rule than for multi-asic where we create NAT rule to forward traffic from Namespace to host fail with exception. How I verify:- Added UT for the scenario.
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
Description
caclmgrd process throws traceback
Sep 23 23:25:48.993340 sfd-t2-lc0 INFO caclmgrd[247606]: File "/usr/local/bin/caclmgrd", line 973, in
Sep 23 23:25:48.993535 sfd-t2-lc0 INFO caclmgrd[247606]: main()
Sep 23 23:25:48.993577 sfd-t2-lc0 INFO caclmgrd[247606]: File "/usr/local/bin/caclmgrd", line 969, in main
Sep 23 23:25:48.993724 sfd-t2-lc0 INFO caclmgrd[247606]: caclmgr.run()
Sep 23 23:25:48.993764 sfd-t2-lc0 INFO caclmgrd[247606]: File "/usr/local/bin/caclmgrd", line 854, in run
Sep 23 23:25:48.993887 sfd-t2-lc0 INFO caclmgrd[247606]: self.update_control_plane_acls(namespace)
Sep 23 23:25:48.993933 sfd-t2-lc0 INFO caclmgrd[247606]: File "/usr/local/bin/caclmgrd", line 736, in update_control_plane_acls
Sep 23 23:25:48.994062 sfd-t2-lc0 INFO caclmgrd[247606]: self.update_control_plane_nat_acls(namespace, service_to_source_ip_map)
Sep 23 23:25:48.994100 sfd-t2-lc0 INFO caclmgrd[247606]: File "/usr/local/bin/caclmgrd", line 746, in update_control_plane_nat_acls
Sep 23 23:25:48.994255 sfd-t2-lc0 INFO caclmgrd[247606]: iptables_cmds = self.generate_fwd_traffic_from_namespace_to_host_commands(namespace, service_to_source_ip_map)
Sep 23 23:25:48.994296 sfd-t2-lc0 INFO caclmgrd[247606]: File "/usr/local/bin/caclmgrd", line 354, in generate_fwd_traffic_from_namespace_to_host_commands
Sep 23 23:25:48.994388 sfd-t2-lc0 INFO caclmgrd[247606]: for dst_port in self.ACL_SERVICES[acl_service]["dst_ports"]:
Sep 23 23:25:48.994434 sfd-t2-lc0 INFO caclmgrd[247606]: KeyError: 'dst_ports'
Looks like comming from
"EXTERNAL_CLIENT": {
"ip_protocols": ["tcp"],
"multi_asic_ns_to_host_fwd":True
},
This block is missing
"dst_ports": ["8081"],
but there is no check-in line 354 to ignore missing dst_ports
Steps to reproduce the issue:
Describe the results you received:
calcmgr traceback as mentioned above
Describe the results you expected:
No traceback and no acl errors
Output of
show version:Output of
show techsupport:Additional information you deem important (e.g. issue happens only occasionally):
The text was updated successfully, but these errors were encountered: