networking-hyperv

Hyper-V: Cannot add ICMPv6 security group rule

Bug #1466547 reported by Claudiu Belu
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
networking-hyperv
Fix Released
Medium
Claudiu Belu
neutron
Invalid
Undecided
Unassigned
Juno
Fix Released
Medium
Unassigned
neutron 2014.2.4

Bug Description

Security Group rules created with ethertype 'IPv6' and protocol 'icmp' cannot be added by the Hyper-V Security Groups Driver, as it cannot add rules with the protocol 'icmpv6'.

This can be easily fixed by having the Hyper-V Security Groups Driver create rules with protocol '58' instead. [1] These rules will also have to be stateless, as ICMP rules cannot be stateful on Hyper-V.

This bug is causing the test tempest.scenario.test_network_v6.TestGettingAddress.test_slaac_from_os to fail on Hyper-V.

[1] http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml

Log: http://paste.openstack.org/show/301866/

Security Groups: http://paste.openstack.org/show/301870/

See original description
Claudiu Belu (cbelu)
description: updated
tags: added: juno-backport-potential
Changed in neutron:
assignee: nobody → Claudiu Belu (cbelu)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/juno)

Fix proposed to branch: stable/juno
Review: https://review.openstack.org/193200

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to networking-hyperv (stable/kilo)

Fix proposed to branch: stable/kilo
Review: https://review.openstack.org/193226

Changed in networking-hyperv:
status: In Progress → Fix Committed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to networking-hyperv (stable/kilo)

Reviewed: https://review.openstack.org/193226
Committed: https://git.openstack.org/cgit/stackforge/networking-hyperv/commit/?id=58e617e0c0e322ec471bd7cf0a86503d84760b5a
Submitter: Jenkins
Branch: stable/kilo

commit 58e617e0c0e322ec471bd7cf0a86503d84760b5a
Author: Claudiu Belu <email address hidden>
Date: Thu Jun 18 18:43:15 2015 +0300

    Hyper-V: Fixes Security Group Driver ICMPv6 rules

    Security Group rules created with ethertype 'IPv6' and protocol 'icmp'
    cannot be added by the Hyper-V Security Groups Driver, as it cannot add
    rules with the protocol 'icmpv6'.

    Creates stateless ICMPv6 security group rules properly.

    Change-Id: Id49294965c7adb6d4fbc6c799e4ae7f30070bb71
    Closes-Bug: #1466547
    (cherry picked from commit 1ea0f15e6a3b050e1301274496494d732d18f0d9)

tags: added: in-stable-kilo
Revision history for this message
Eugene Nikanorov (enikanorov) wrote :

Doen neutron has anything to do with that?

Changed in neutron:
status: New → Incomplete
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/juno)

Reviewed: https://review.openstack.org/193200
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=44cb3c11d69d6c5fac883dd50c5f65bd6f0364d3
Submitter: Jenkins
Branch: stable/juno

commit 44cb3c11d69d6c5fac883dd50c5f65bd6f0364d3
Author: Claudiu Belu <email address hidden>
Date: Thu Jun 18 19:27:19 2015 +0300

    Hyper-V: Fixes Security Group Driver ICMPv6 rules

    Security Group rules created with ethertype 'IPv6' and protocol 'icmp'
    cannot be added by the Hyper-V Security Groups Driver, as it cannot add
    rules with the protocol 'icmpv6'.

    Creates stateless ICMPv6 security group rules properly.

    Note: This is not a direct cherry-pick, as the Hyper-V Security Groups
    Driver was refactored in the Kilo cycle.

    (cherry picked from commit 1ea0f15e6a3b050e1301274496494d732d18f0d9)
    Change-Id: Id49294965c7adb6d4fbc6c799e4ae7f30070bb71
    Closes-Bug: #1466547

tags: added: in-stable-juno
Armando Migliaccio (armando-migliaccio)
no longer affects: neutron
tags: removed: hyper-v
Alan Pevec (apevec)
Changed in neutron:
status: New → Invalid
Claudiu Belu (cbelu)
Changed in networking-hyperv:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.