networking-hyperv

Issue with deleting security rules

Bug #1634082 reported by Alin Balutoiu on 2016-10-17

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	networking-hyperv	Fix Released	High	Alin Balutoiu

Bug Description

Port security rules might contain rules that apply to any protocol.

Currently there is no checking to see if a rule
which will be deleted belongs to a security
rule that applies to all protocols.

Steps to reproduce the issue:
1. Boot a VM with default security rule allowing any protocol egress.
2. Add and delete a security rule which allows ICMP egress.

Expected output: VM should be able to send ICMP traffic since the rule that applies to any protocol is still there
Actual output: The VM is not able to send ICMP traffic anymore

Tags:

Revision history for this message

Claudiu Belu (cbelu) wrote on 2016-10-17:

Addressed by: https://review.openstack.org/#/c/387316/

Changed in networking-hyperv:
status:	New → In Progress
importance:	Undecided → High
assignee:	nobody → Alin Balutoiu (abalutoiu)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-11-08: Fix merged to networking-hyperv (master)

Reviewed: https://review.openstack.org/387316
Committed: https://git.openstack.org/cgit/openstack/networking-hyperv/commit/?id=02e2337ac7223f97d78812846defe345372b785e
Submitter: Jenkins
Branch: master

commit 02e2337ac7223f97d78812846defe345372b785e
Author: Alin Balutoiu <email address hidden>
Date: Sun Oct 16 21:38:36 2016 +0300

Fixes port security rules deletion

Port security rules might contain rules that apply
to any protocol.

    Currently there is no checking to see if a rule
    which will be deleted belongs to a security
    rule that applies to all protocols.

This patch addresses this issue by adding a check
to make sure the rule can be safely removed.

Closes-Bug: #1634082
Change-Id: Icfa7d77609394a2a7030f68c2643baf309a5de74

Changed in networking-hyperv:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-11-08: Fix proposed to networking-hyperv (stable/newton)

Fix proposed to branch: stable/newton
Review: https://review.openstack.org/395077

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-11-08: Fix proposed to networking-hyperv (stable/mitaka)

Fix proposed to branch: stable/mitaka
Review: https://review.openstack.org/395078

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-11-11: Fix merged to networking-hyperv (stable/newton)

Reviewed: https://review.openstack.org/395077
Committed: https://git.openstack.org/cgit/openstack/networking-hyperv/commit/?id=08eba4e73081882f590ccd2dc50faea0b8e8ea61
Submitter: Jenkins
Branch: stable/newton

commit 08eba4e73081882f590ccd2dc50faea0b8e8ea61
Author: Alin Balutoiu <email address hidden>
Date: Sun Oct 16 21:38:36 2016 +0300

Fixes port security rules deletion

Port security rules might contain rules that apply
to any protocol.

    Currently there is no checking to see if a rule
    which will be deleted belongs to a security
    rule that applies to all protocols.

This patch addresses this issue by adding a check
to make sure the rule can be safely removed.

    Closes-Bug: #1634082
    Change-Id: Icfa7d77609394a2a7030f68c2643baf309a5de74
    (cherry picked from commit 02e2337ac7223f97d78812846defe345372b785e)

tags:

added: in-stable-newton

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-11-15: Fix merged to networking-hyperv (stable/mitaka)

Reviewed: https://review.openstack.org/395078
Committed: https://git.openstack.org/cgit/openstack/networking-hyperv/commit/?id=d66448b13a61d943d0305105bd366d648fa9be3b
Submitter: Jenkins
Branch: stable/mitaka

commit d66448b13a61d943d0305105bd366d648fa9be3b
Author: Alin Balutoiu <email address hidden>
Date: Sun Oct 16 21:38:36 2016 +0300

Fixes port security rules deletion

Port security rules might contain rules that apply
to any protocol.

    Currently there is no checking to see if a rule
    which will be deleted belongs to a security
    rule that applies to all protocols.

This patch addresses this issue by adding a check
to make sure the rule can be safely removed.

    Closes-Bug: #1634082
    Change-Id: Icfa7d77609394a2a7030f68c2643baf309a5de74
    (cherry picked from commit 02e2337ac7223f97d78812846defe345372b785e)