neutron

Port can be created with an invalid MAC address

Bug #1926273 reported by Rodolfo Alonso on 2021-04-27

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	neutron	Fix Released	Medium	Rodolfo Alonso

Bug Description

For example:

  $ openstack port create --network private --mac-address \
      11:22:33:4:5:66 port200
  ...
  | mac_address | 11:22:33:4:5:66
  ...

The ML2 plugin should check the validity of the MAC address provided.

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1949632

See original description

Rodolfo Alonso (rodolfo-alonso-hernandez) on 2021-04-27

description:	updated
Changed in neutron:
assignee:	nobody → Rodolfo Alonso (rodolfo-alonso-hernandez)
importance:	Undecided → Medium

Rodolfo Alonso (rodolfo-alonso-hernandez) on 2021-04-27

description:

updated

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2021-04-27: Fix proposed to neutron-lib (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/neutron-lib/+/788300

Changed in neutron:
status:	New → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2021-05-05: Related fix proposed to neutron (master)

Related fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/neutron/+/789831

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2021-05-06: Fix merged to neutron-lib (master)

Reviewed: https://review.opendev.org/c/openstack/neutron-lib/+/788300
Committed: https://opendev.org/openstack/neutron-lib/commit/9d3cac1d69a143c0a44230144760dd86c52d6ac7
Submitter: "Zuul (22348)"
Branch: master

commit 9d3cac1d69a143c0a44230144760dd86c52d6ac7
Author: Rodolfo Alonso Hernandez <email address hidden>
Date: Tue Apr 27 13:43:31 2021 +0000

Modify "port.mac_address" API definition

    Added a convertion method in the "port.mac_address" parameter. This
    convertion will return a sanitized MAC address formatted as:
      xx:xx:xx:xx:xx:xx

    This patch is not creating a new extension (that should be the
    regular process):
    - To avoid the Neutron extension explosion.
    - Because this method will not validate the MAC address but
      sanitize it, if valid. Other services or projects will expect
      a MAC address with the defined format.
    - This sanitization won't change the MAC address value.
    - This sanitization will be always enabled (no extension needed).

Closes-Bug: #1926273

Change-Id: I95d596c84716835076365981376fb23166c6b23c

Changed in neutron:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2021-05-31: Fix included in openstack/neutron-lib 2.12.0

This issue was fixed in the openstack/neutron-lib 2.12.0 release.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2021-07-28: Related fix merged to neutron (master)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/789831
Committed: https://opendev.org/openstack/neutron/commit/827cca2ed75b159c3a1a2e5f193150fe32491b1b
Submitter: "Zuul (22348)"
Branch: master

commit 827cca2ed75b159c3a1a2e5f193150fe32491b1b
Author: Rodolfo Alonso Hernandez <email address hidden>
Date: Wed May 5 10:45:36 2021 +0000

Sanitize MAC addresses

    This patch sanitizes the MAC address coming from a user input:
    - The "base_mac" address configuration parameter.
    - The "port.mac_address" stored in the database, if the script
      provided is not executed.

This patch relays on [1], that will sanitize any input coming from
the server API.

This patch adds a new script to sanitize all "port.mac_address"
registers stored in the dabatabase.

[1]https://review.opendev.org/c/openstack/neutron-lib/+/788300

Related-Bug: #1926273

Change-Id: I8572906cc435feda1f82263fd94dda47fc1526e1