Restrict netmask of CIDR to avoid DHCP resync is not enough
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Security Advisory |
Won't Fix
|
Undecided
|
Unassigned | ||
neutron |
Fix Released
|
Critical
|
Kevin Benton | ||
Icehouse |
Fix Released
|
Undecided
|
Unassigned | ||
Juno |
Fix Released
|
Undecided
|
Unassigned | ||
Kilo |
Fix Released
|
Critical
|
Unassigned |
Bug Description
Restrict netmask of CIDR to avoid DHCP resync is not enough.
https:/
I'd like to prevent following case:
[Condition]
- Plugin: ML2
- subnet with "enable_dhcp" is True
[Operations]
A. Specify "[]"(empty list) at "allocation_pools" when create/
-------
$ $ curl -X POST -d '{"subnet": {"name": "test_subnet", "cidr": "192.168.200.0/24", "ip_version": 4, "network_id": "649c5531-
Then, the dhcp-agent creates own DHCP-port, it is reproduced resync bug.
B. Create port and exhaust allocation_pools
-------
1. Create subnet with 192.168.1.0/24. And, DHCP-port has alteady created.
gateway_ip: 192.168.1.1
DHCP-port: 192.168.1.2
allocation_
the number of availability ip_addresses is 252.
2. Create non-dhcp port and exhaust ip_addresses in allocation_pools
In this case, user creates a port 252 times.
the number of availability ip_addresses is 0.
3. User deletes the DHCP-port(
the number of availability ip_addresses is 1.
4. User creates a non-dhcp port.
the number of availability ports are 0.
Then, dhcp-agent tries to create DHCP-port. It is reproduced resync bug.
Changed in neutron: | |
assignee: | nobody → Kevin Benton (kevinbenton) |
tags: | removed: kilo-rc-potential |
tags: | added: kilo-rc-potential |
tags: | removed: kilo-rc-potential |
Changed in neutron: | |
status: | Fix Committed → Fix Released |
Changed in neutron: | |
milestone: | liberty-1 → 7.0.0 |
Fix proposed to branch: master /review. openstack. org/177080
Review: https:/