OpenStack Compute (nova)

tweak port validation for secuirty groups

Bug #956967 reported by Greg Althaus on 2012-03-16

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Compute (nova)	Fix Released	Medium	Greg Althaus	OpenStack Compute (nova) 2012.1 "essex"

Bug Description

When trying to use horizon to set various port ranges for icmp, nova api rejects various forms of the icmp request.

The ICMP port rule should take a type and a code. The type and code are independent and should not follow the validation of udp and tcp that require to_port > from_port. Also, the type and code values may be 0. The api code doesn't support this and returns errors.

See original description

Tags:

Greg Althaus (gregory-althaus) on 2012-03-16

Changed in nova:
assignee:	nobody → Greg Althaus (gregory-althaus)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2012-03-16: Fix proposed to nova (master)

Fix proposed to branch: master
Review: https://review.openstack.org/5449

Changed in nova:
status:	New → In Progress

Greg Althaus (gregory-althaus) on 2012-03-16

description:

updated

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2012-03-23: Fix merged to nova (master)

Reviewed: https://review.openstack.org/5449
Committed: http://github.com/openstack/nova/commit/c2de5c61b25dccb6d355640e6c8c9eedd94fdef4
Submitter: Jenkins
Branch: master

commit c2de5c61b25dccb6d355640e6c8c9eedd94fdef4
Author: Greg Althaus <email address hidden>
Date: Fri Mar 16 06:41:54 2012 -0700

Tweak security port validation for ICMP

Horizon allows for ICMP to be type:code.
Type and code can be from -1 to 255.

API refers to both EC2 and Nova APIs

    This patch attempts to resolve:
    1. API code throws exceptations when 0 is passed for either field
    2. API code validates type:code like from->to range. type and code
       are independent
    3. Update unit tests for this new set of operations.

    A side effect is that the following are allowed type:code.
    -1:X
    X:-1

The code assumes that -1 is a wildcard for the field.

bug 956967

Change-Id: Ieb6989815afc6986b72e0efc7611c2cc353ab5d8

Changed in nova:
status:	In Progress → Fix Committed

Vish Ishaya (vishvananda) on 2012-03-23

tags:	added: essex-release-potential
tags:	added: essex-rc-potential removed: essex-release-potential

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2012-03-25: Fix proposed to nova (milestone-proposed)

Fix proposed to branch: milestone-proposed
Review: https://review.openstack.org/5776

Thierry Carrez (ttx) on 2012-03-26

Changed in nova:
milestone:	none → essex-rc2
tags:	removed: essex-rc-potential

Thierry Carrez (ttx) on 2012-03-26

Changed in nova:
importance:	Undecided → Medium

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2012-03-28: Fix merged to nova (milestone-proposed)

Reviewed: https://review.openstack.org/5776
Committed: http://github.com/openstack/nova/commit/bacc688897047b06df15326b67d4130ce706604e
Submitter: Jenkins
Branch: milestone-proposed

commit bacc688897047b06df15326b67d4130ce706604e
Author: Greg Althaus <email address hidden>
Date: Fri Mar 16 06:41:54 2012 -0700

Tweak security port validation for ICMP

Horizon allows for ICMP to be type:code.
Type and code can be from -1 to 255.

API refers to both EC2 and Nova APIs

    A side effect is that the following are allowed type:code.
    -1:X
    X:-1

The code assumes that -1 is a wildcard for the field.

bug 956967

Change-Id: Ieb6989815afc6986b72e0efc7611c2cc353ab5d8

Changed in nova:
status:	Fix Committed → Fix Released

Thierry Carrez (ttx) on 2012-04-05

Changed in nova:
milestone:	essex-rc2 → 2012.1

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.