OpenStack Compute (Nova)

tweak port validation for secuirty groups

Reported by Greg Althaus on 2012-03-16
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Medium
Greg Althaus

Bug Description

When trying to use horizon to set various port ranges for icmp, nova api rejects various forms of the icmp request.

The ICMP port rule should take a type and a code. The type and code are independent and should not follow the validation of udp and tcp that require to_port > from_port. Also, the type and code values may be 0. The api code doesn't support this and returns errors.

Changed in nova:
assignee: nobody → Greg Althaus (gregory-althaus)

Fix proposed to branch: master
Review: https://review.openstack.org/5449

Changed in nova:
status: New → In Progress
description: updated

Reviewed: https://review.openstack.org/5449
Committed: http://github.com/openstack/nova/commit/c2de5c61b25dccb6d355640e6c8c9eedd94fdef4
Submitter: Jenkins
Branch: master

commit c2de5c61b25dccb6d355640e6c8c9eedd94fdef4
Author: Greg Althaus <email address hidden>
Date: Fri Mar 16 06:41:54 2012 -0700

    Tweak security port validation for ICMP

    Horizon allows for ICMP to be type:code.
    Type and code can be from -1 to 255.

    API refers to both EC2 and Nova APIs

    This patch attempts to resolve:
    1. API code throws exceptations when 0 is passed for either field
    2. API code validates type:code like from->to range. type and code
       are independent
    3. Update unit tests for this new set of operations.

    A side effect is that the following are allowed type:code.
    -1:X
    X:-1

    The code assumes that -1 is a wildcard for the field.

    bug 956967

    Change-Id: Ieb6989815afc6986b72e0efc7611c2cc353ab5d8

Changed in nova:
status: In Progress → Fix Committed
tags: added: essex-release-potential
tags: added: essex-rc-potential
removed: essex-release-potential
Thierry Carrez (ttx) on 2012-03-26
Changed in nova:
milestone: none → essex-rc2
tags: removed: essex-rc-potential
Thierry Carrez (ttx) on 2012-03-26
Changed in nova:
importance: Undecided → Medium

Reviewed: https://review.openstack.org/5776
Committed: http://github.com/openstack/nova/commit/bacc688897047b06df15326b67d4130ce706604e
Submitter: Jenkins
Branch: milestone-proposed

commit bacc688897047b06df15326b67d4130ce706604e
Author: Greg Althaus <email address hidden>
Date: Fri Mar 16 06:41:54 2012 -0700

    Tweak security port validation for ICMP

    Horizon allows for ICMP to be type:code.
    Type and code can be from -1 to 255.

    API refers to both EC2 and Nova APIs

    This patch attempts to resolve:
    1. API code throws exceptations when 0 is passed for either field
    2. API code validates type:code like from->to range. type and code
       are independent
    3. Update unit tests for this new set of operations.

    A side effect is that the following are allowed type:code.
    -1:X
    X:-1

    The code assumes that -1 is a wildcard for the field.

    bug 956967

    Change-Id: Ieb6989815afc6986b72e0efc7611c2cc353ab5d8

Changed in nova:
status: Fix Committed → Fix Released
Thierry Carrez (ttx) on 2012-04-05
Changed in nova:
milestone: essex-rc2 → 2012.1
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers