security group: ipv6 protocol integer works in ipv4 ethertype
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Fix Released
|
Undecided
|
Trevor McCasland |
Bug Description
Creating a security group rule with ethertype IPv4 and an IPv6 protocol integer succeeds when it should fail.
1. create security group, 'mygroup'
2. create security group rule --protocol 43 --ethertype IPv4 mygroup
Expected output:
ubuntu@
Error while executing command: Bad Request (HTTP 400) (Request-ID: req-c51a4492-
Actual output:
ubuntu@
+------
| Field | Value |
+------
| created_at | 2017-07-
| description | |
| direction | ingress |
| ether_type | IPv4 |
| id | 230d5bd4-
| name | None |
| port_range_max | None |
| port_range_min | None |
| project_id | 4cdd24e0cfb54cf
| protocol | 43 |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 0 |
| security_group_id | 439a1eb6-
| updated_at | 2017-07-
+------
The problem is here neutron/
if rule['protocol'] in [constants.
if rule['ethertype'] == constants.IPv4:
It should check for numbers and names from neutron_lib constants.
Changed in neutron: | |
assignee: | nobody → Trevor McCasland (twm2016) |
description: | updated |
tags: | added: neutron-proactive-backport-potential |
Fix proposed to branch: master /review. openstack. org/487130
Review: https:/