neutron

Neutron API port range validation not working correctly

Bug #1738371 reported by Hunt Xu on 2017-12-15

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	neutron	Fix Released	Medium	Hunt Xu

Bug Description

Neutron API port range validation is not working correctly.

In neutron-api, when doing port range validation, we compares min_port and max_port as strings. Which leads to wrong port range specification could pass the validation successfully.

* Step-by-step reproduction steps:
1. create a firewall rule with wrong port range specification:
openstack firewall group rule create --source-port 1111:9 --protocol tcp

* Expected output:
- "Invalid input for source_port. Reason: First port in a port range must be lower than the second port."
- This is the error message from neutron API port range validator.

* Actual output:
- "Invalid value for port 1111:9."
- This is the error message from FWaaS exception InvalidPortValue, which means that the problematic port range specification passed the API validation.

* Version:
- neutron-lib 1.11.0 installed from PyPI as a requirement.

* Environment:
- devstack with FWaaS(master commit 66d3d57ac4fd8630b757d343106de7e974afe698, Oct 25, 2017)

Tags:

Hunt Xu (huntxu) on 2017-12-15

Changed in neutron:
assignee:	nobody → Hunt Xu (huntxu)
status:	New → Confirmed
status:	Confirmed → New

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-12-15: Fix proposed to neutron-lib (master)

Fix proposed to branch: master
Review: https://review.openstack.org/528205

Changed in neutron:
status:	New → In Progress

Slawek Kaplonski (slaweq) on 2017-12-15

Changed in neutron:
importance:	Undecided → Medium

Revision history for this message

Hunt Xu (huntxu) wrote on 2017-12-15:

For the same reason, create firewall rule with correct port range specification would fail:

$ openstack firewall group rule create --source-port 9:100 --protocol tcp
Invalid input for source_port. Reason: First port in a port range must be lower than the second port..

Boden R (boden) on 2017-12-15

tags:

added: lib

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-12-20: Fix merged to neutron-lib (master)

Reviewed: https://review.openstack.org/528205
Committed: https://git.openstack.org/cgit/openstack/neutron-lib/commit/?id=4c49003bb8aa08bde8d8d760d7435d6c48609709
Submitter: Zuul
Branch: master

commit 4c49003bb8aa08bde8d8d760d7435d6c48609709
Author: Hunt Xu <email address hidden>
Date: Fri Dec 15 16:28:34 2017 +0800

Fix port comparison in port range validation

Ports are compared as integers.

Change-Id: Icfe0c101f5095a779580ea3794d2e7c939b12af5
Closes-Bug: #1738371

Changed in neutron:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-01-09: Fix included in openstack/neutron-lib 1.12.0

This issue was fixed in the openstack/neutron-lib 1.12.0 release.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.