2293382 – dropped packets are logged and can cause stalls if console=ttyS0

Bug 2293382 - dropped packets are logged and can cause stalls if console=ttyS0

Summary: dropped packets are logged and can cause stalls if console=ttyS0

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	tripleo-ansible
Sub Component:
Version:	17.1 (Wallaby)
Hardware:	Unspecified
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	z4
Target Release:	17.1
Assignee:	Brendan Shephard
QA Contact:	Joe H. Rahme
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	2295875 (view as bug list)
Depends On:
Blocks:	2222869 2276671
TreeView+	depends on / blocked

Reported:	2024-06-20 14:42 UTC by Robin Jarry
Modified:	2024-11-21 09:41 UTC (History)
CC List:	9 users (show)
Fixed In Version:	tripleo-ansible-3.3.1-17.1.20240918100824.8debef3.el9ost
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2024-11-21 09:41:21 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	OSP-32363	0	None	None	None	2024-06-20 14:43:44 UTC
Red Hat Product Errata	RHBA-2024:9974	0	None	None	None	2024-11-21 09:41:31 UTC

Description Robin Jarry 2024-06-20 14:42:21 UTC

There is an iptables/nftables rules installed by tripleo ansible which logs all dropped packets. When the console is redirected to serial with certain UART controllers, this can cause very long stalls (see bz 2276671 for more details).

I don't see any reason why we would need to log all dropped packets. This seems excessive and could even be the source of serious issues in the case of DOS attacks.

Could this rule be removed entirely?

Comment 2 Robin Jarry 2024-07-09 12:41:28 UTC

*** Bug 2295875 has been marked as a duplicate of this bug. ***

Comment 17 errata-xmlrpc 2024-11-21 09:41:21 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (RHOSP 17.1.4 bug fix and enhancement advisory), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2024:9974

Note You need to log in before you can comment on or make changes to this bug.