neutron

fwaas - ip_version and IP address conflicts are not raised

Bug #1487599 reported by Sean M. Collins on 2015-08-21

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	neutron	Fix Released	High	Unassigned	neutron mitaka-1 "m1"

Bug Description

The FwaaS API currently allows the creation of firewall rules where the IP version is 4 but the source and destination IPs are IPv6 addresses.

http://paste.openstack.org/show/412434/

This causes failures when a firewall is created, because iptables is being invoked with IPv6 addresses, which causes an exception in the iptables driver.

Tags:

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-08-21: Fix proposed to neutron-fwaas (master)

Fix proposed to branch: master
Review: https://review.openstack.org/215768

Changed in neutron:
assignee:	nobody → Sean M. Collins (scollins)
status:	New → In Progress

OpenStack Infra (hudson-openstack) on 2015-10-13

Changed in neutron:
assignee:	Sean M. Collins (scollins) → Reedip (reedip-banerjee)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-10-13: Fix merged to neutron-fwaas (master)

Reviewed: https://review.openstack.org/215768
Committed: https://git.openstack.org/cgit/openstack/neutron-fwaas/commit/?id=29c51879683087e8ea486aaa9866bbce1f47a15c
Submitter: Jenkins
Branch: master

commit 29c51879683087e8ea486aaa9866bbce1f47a15c
Author: Sean M. Collins <email address hidden>
Date: Mon Aug 10 15:24:52 2015 -0400

Validate src_ip_adress, dest_ip_address and ip_version

    The FwaaS API should not allow the creation of firewall rules where
    the ip_version is set to 4, but the source or destination IPs are IPv6
    addresses

APIImpact
DocImpact

Closes-Bug: #1487599

Change-Id: Iad680996a47adcf27f9dc7e0bc0fea924fff4f9f

Changed in neutron:
status:	In Progress → Fix Committed

German Eichberger (german-eichberger) on 2015-10-14

Changed in neutron:
importance:	Undecided → High
milestone:	none → mitaka-1

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-10-16: Fix proposed to neutron-fwaas (stable/liberty)

Fix proposed to branch: stable/liberty
Review: https://review.openstack.org/235880

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-10-20: Fix merged to neutron-fwaas (stable/liberty)

Reviewed: https://review.openstack.org/235880
Committed: https://git.openstack.org/cgit/openstack/neutron-fwaas/commit/?id=04fc6017233c9bb7032d8af5f3860df274ef0ed0
Submitter: Jenkins
Branch: stable/liberty

commit 04fc6017233c9bb7032d8af5f3860df274ef0ed0
Author: Sean M. Collins <email address hidden>
Date: Mon Aug 10 15:24:52 2015 -0400

Validate src_ip_adress, dest_ip_address and ip_version

    The FwaaS API should not allow the creation of firewall rules where
    the ip_version is set to 4, but the source or destination IPs are IPv6
    addresses

APIImpact
DocImpact

Closes-Bug: #1487599

Change-Id: Iad680996a47adcf27f9dc7e0bc0fea924fff4f9f
(cherry picked from commit 29c51879683087e8ea486aaa9866bbce1f47a15c)

tags:

added: in-stable-liberty

Revision history for this message

Thierry Carrez (ttx) wrote on 2015-12-03: Fix included in openstack/neutron-fwaas 8.0.0.0b1

This issue was fixed in the openstack/neutron-fwaas 8.0.0.0b1 development milestone.

Doug Hellmann (doug-hellmann) on 2015-12-03

Changed in neutron:
status:	Fix Committed → Fix Released

Revision history for this message

Doug Hellmann (doug-hellmann) wrote on 2015-12-07: Fix included in openstack/neutron-fwaas 7.0.1

This issue was fixed in the openstack/neutron-fwaas 7.0.1 release.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.