Cannot create ICMP secgroup rule with a specific type and any code
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Fix Released
|
High
|
Akihiro Motoki |
Bug Description
We cannot create a ICMP secgroup rule for a specific type with ANY type.
quantum security-
For TCP/UDP protocols, port_range_min must be <= port_range_max
The above means ICMP rule with type = 8 and code = ANY.
It should be accepted.
In addition, icmp type and icmp code are 8 bit field, so the values should be 0 to 255, but we can create a ICMP rule with type 10000 and code 12000. port range validation for a specific protocol should be done.
$ quantum security-
Created a new security_
+------
| Field | Value |
+------
| direction | ingress |
| ethertype | IPv4 |
| id | 62822ee1-
| port_range_max | 12000 |
| port_range_min | 10000 |
| protocol | icmp |
| remote_group_id | |
| remote_ip_prefix | 0.0.0.0/0 |
| security_group_id | faad7c80-
| tenant_id | 797885303e52430
+------
Changed in neutron: | |
milestone: | none → havana-2 |
status: | Fix Committed → Fix Released |
Changed in neutron: | |
milestone: | havana-2 → 2013.2 |
tags: | removed: grizzly-backport-potential |
I think it is wrong to use port_range_min as icmp type in the first place.