202205: caclmgrd traceback KeyError: 'dst_ports' #12179
Comments
|
@abdosi , @SuvarnaMeenakshi , @ZhaohuiS , FYI- |
|
@anamehra I will take a look. |
|
@ZhaohuiS I have pr already with fix. Will create it by tomorrow. Please help in review that |
@abdosi Sure, thank you for your quick fix. I haven't considered multi-asic scenario. |
abdosi
added a commit
to sonic-net/sonic-host-services
that referenced
this issue
Sep 28, 2022
What I did: Fixes: sonic-net/sonic-buildimage#12179 Why I did: Fix the issue where if dest port is not specified in ACL rule than for multi-asic where we create NAT rule to forward traffic from Namespace to host fail with exception. How I verify:- Added UT for the scenario.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
caclmgrd process throws traceback
Sep 23 23:25:48.993340 sfd-t2-lc0 INFO caclmgrd[247606]: File "/usr/local/bin/caclmgrd", line 973, in
Sep 23 23:25:48.993535 sfd-t2-lc0 INFO caclmgrd[247606]: main()
Sep 23 23:25:48.993577 sfd-t2-lc0 INFO caclmgrd[247606]: File "/usr/local/bin/caclmgrd", line 969, in main
Sep 23 23:25:48.993724 sfd-t2-lc0 INFO caclmgrd[247606]: caclmgr.run()
Sep 23 23:25:48.993764 sfd-t2-lc0 INFO caclmgrd[247606]: File "/usr/local/bin/caclmgrd", line 854, in run
Sep 23 23:25:48.993887 sfd-t2-lc0 INFO caclmgrd[247606]: self.update_control_plane_acls(namespace)
Sep 23 23:25:48.993933 sfd-t2-lc0 INFO caclmgrd[247606]: File "/usr/local/bin/caclmgrd", line 736, in update_control_plane_acls
Sep 23 23:25:48.994062 sfd-t2-lc0 INFO caclmgrd[247606]: self.update_control_plane_nat_acls(namespace, service_to_source_ip_map)
Sep 23 23:25:48.994100 sfd-t2-lc0 INFO caclmgrd[247606]: File "/usr/local/bin/caclmgrd", line 746, in update_control_plane_nat_acls
Sep 23 23:25:48.994255 sfd-t2-lc0 INFO caclmgrd[247606]: iptables_cmds = self.generate_fwd_traffic_from_namespace_to_host_commands(namespace, service_to_source_ip_map)
Sep 23 23:25:48.994296 sfd-t2-lc0 INFO caclmgrd[247606]: File "/usr/local/bin/caclmgrd", line 354, in generate_fwd_traffic_from_namespace_to_host_commands
Sep 23 23:25:48.994388 sfd-t2-lc0 INFO caclmgrd[247606]: for dst_port in self.ACL_SERVICES[acl_service]["dst_ports"]:
Sep 23 23:25:48.994434 sfd-t2-lc0 INFO caclmgrd[247606]: KeyError: 'dst_ports'
Looks like comming from
"EXTERNAL_CLIENT": {
"ip_protocols": ["tcp"],
"multi_asic_ns_to_host_fwd":True
},
This block is missing
"dst_ports": ["8081"],
but there is no check-in line 354 to ignore missing dst_ports
Steps to reproduce the issue:
Describe the results you received:
calcmgr traceback as mentioned above
Describe the results you expected:
No traceback and no acl errors
Output of
show version:Output of
show techsupport:Additional information you deem important (e.g. issue happens only occasionally):
The text was updated successfully, but these errors were encountered: