Return-Path: X-Original-To: apmail-cloudstack-issues-archive@www.apache.org Delivered-To: apmail-cloudstack-issues-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id D11E01944F for ; Sun, 27 Mar 2016 21:53:30 +0000 (UTC) Received: (qmail 3877 invoked by uid 500); 27 Mar 2016 21:53:25 -0000 Delivered-To: apmail-cloudstack-issues-archive@cloudstack.apache.org Received: (qmail 3842 invoked by uid 500); 27 Mar 2016 21:53:25 -0000 Mailing-List: contact issues-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cloudstack.apache.org Delivered-To: mailing list issues@cloudstack.apache.org Received: (qmail 3831 invoked by uid 500); 27 Mar 2016 21:53:25 -0000 Delivered-To: apmail-incubator-cloudstack-issues@incubator.apache.org Received: (qmail 3828 invoked by uid 99); 27 Mar 2016 21:53:25 -0000 Received: from arcas.apache.org (HELO arcas) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 27 Mar 2016 21:53:25 +0000 Received: from arcas.apache.org (localhost [127.0.0.1]) by arcas (Postfix) with ESMTP id 7076A2C1F5A for ; Sun, 27 Mar 2016 21:53:25 +0000 (UTC) Date: Sun, 27 Mar 2016 21:53:25 +0000 (UTC) From: "ASF GitHub Bot (JIRA)" To: cloudstack-issues@incubator.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (CLOUDSTACK-9317) Disabling static NAT on many IPs can leave wrong IPs on the router MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/CLOUDSTACK-9317?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15213632#comment-15213632 ] ASF GitHub Bot commented on CLOUDSTACK-9317: -------------------------------------------- Github user cristofolini commented on the pull request: https://github.com/apache/cloudstack/pull/1450#issuecomment-202152926 @ProjectMoon According to that comment on line 781 in `CommandSetupHelper` the conditional that follows is there to enable sourceNAT, yet you removed the command setting the sourceNat variable to true. Is that being done somewhere else? You might want to change that comment to clarify your change and avoid confusion in the future. :) > Disabling static NAT on many IPs can leave wrong IPs on the router > ------------------------------------------------------------------ > > Key: CLOUDSTACK-9317 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9317 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the default.) > Components: Management Server, Virtual Router > Affects Versions: 4.7.0, 4.7.1, 4.7.2 > Reporter: Jeff Hair > > The current behavior of enabling or disabling static NAT will call the apply IP associations method in the management server. The method is not thread-safe. If it's called from multiple threads, each thread will load up the list of public IPs in different states (add or revoke)--correct for the thread, but not correct overall. Depending on execution order on the virtual router, the router can end up with public IPs assigned to it that are not supposed to be on it anymore. When another account acquires the same IP, this of course leads to network problems. > The problem has been in CS since at least 4.2, and likely affects all recently released versions. Affected version is set to 4.7.x because that's what we verified against. -- This message was sent by Atlassian JIRA (v6.3.4#6332)