kernel log warning regarding usage of --physdev-out

[murali-reddy]

What you expected to happen?

Weave net started using physdev module in its weave-npc component to efficiently identify the traffic originating or destined to local pods refer #3344

-A WEAVE-NPC -m physdev --physdev-out vethwe-bridge -j ACCEPT
-A WEAVE-NPC-EGRESS -m physdev --physdev-in vethwe-bridge -j RETURN

Usage of this module should not have any effect on performance, regression in functionality etc.

What happened?

We see below error in /var/log/kern.log

Nov 12 14:00:49 weave-master kernel: [  526.420089] xt_physdev: using --physdev-out in the OUTPUT, FORWARD and POSTROUTING chains for non-bridged traffic is not supported anymore.

How to reproduce it?

Message in kernel log should come up as soon as 2.5.0 release istalled

Versions:

$ weave version
weave 2.5.0

$ docker version
$ uname -a
Linux weave-master 4.4.0-116-generic #140-Ubuntu SMP Mon Feb 12 21:23:04 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

$ kubectl version
Client Version: version.Info{Major:"1", Minor:"12", GitVersion:"v1.12.0", GitCommit:"0ed33881dc4355495f623c6f22e7dd0b7632b7c0", GitTreeState:"clean", BuildDate:"2018-09-27T17:05:32Z", GoVersion:"go1.10.4", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"12", GitVersion:"v1.12.2", GitCommit:"17c77c7898218073f14c8d573582e8d2313dc740", GitTreeState:"clean", BuildDate:"2018-10-24T06:43:59Z", GoVersion:"go1.10.4", Compiler:"gc", Platform:"linux/amd64"}

[philipmather]

Seeing the same thing, doesn't appear to cause an issue other than spaming the terminal although others report it causes performance issues (see https://www.redhat.com/archives/libvir-list/2013-January/msg01107.html).

Possible fix seems to be...

iptables -D WEAVE-NPC -m physdev --physdev-out vethwe-bridge -j ACCEPT
iptables -A WEAVE-NPC -m physdev --physdev-is-bridged --physdev-out vethwe-bridge -j ACCEPT

...I haven't tested significantly as I'm using a really small test env.

[murali-reddy]

thanks @philipmather for your suggestion. I tested out suggested change it does mute the log message.

Care to raise a PR please?

Note that for fix we dont need to delete the rule, as chains are flushed whenever weave-net pod is restarted.

[notmaxx]

seeing the same on 2.5.0

[murali-reddy]

Fixed in #3453, shall be part of 2.5.1

[notmaxx]

@murali-reddy when do you plan to release 2.5.1 ?

[murali-reddy]

Do not think there is any targeted date. Other than this, no issues reported for 2.5.0 release so far.

I did see kernel log pile up due to this issue. So from operations point of view if users are having any issues then perhaps make sense to do 2.5.1 release sooner.

[notmaxx]

hi @murali-reddy would be great to have a build with fixed logs, i used 2.5.0 for a week on test env and in general it works well for me. I want to promote it but this log flood is concern. Is it possible to release 2.5.1 with fix or at least have some build?

thank you

[jjo]

Appreciate an update re: 2.5.1 release with this fix, we're also getting impacted
by this (weave 2.5.0 deployed via kops-1.11 on several kubernetes-1.11.6 clusters)

[murali-reddy]

there are some open PR's targeted for 2.5.1 we will do a release once merged.

[murali-reddy]

@notmaxx @jjo Please find the new release https://github.com/weaveworks/weave/releases/tag/v2.5.1

[jjo]

@notmaxx @jjo Please find the new release https://github.com/weaveworks/weave/releases/tag/v2.5.1

Thanks @murali-reddy !