For SG, ICMP rule type and code is not respected
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
Juniper Openstack | Status tracked in Trunk | |||||
R1.1 |
Won't Fix
|
Medium
|
Hampapur Ajay | |||
Trunk |
New
|
Medium
|
Sahil Sabharwal |
Bug Description
R1.10 28
Created a SG . Added rule with ingress-allow icmp type1 code1.
Started two VMs in a project with this SG .
Ping passed between these vms.
{
security-group: {
virtual_
{
to: [
"default-domain",
"project1",
"088c8741-
],
href: "http://
attr: null,
uuid: "088c8741-
},
{
to: [
"default-domain",
"project1",
"58b0ac93-
],
href: "http://
attr: null,
uuid: "58b0ac93-
}
],
fq_name: [
"default-domain",
"project1",
"sg1"
],
uuid: "bfb96501-
access_
{
to: [
"default-domain",
"project1",
"sg1",
"ingress-
],
href: "http://
uuid: "14067bad-
},
{
to: [
"default-domain",
"project1",
"sg1",
"egress-
],
href: "http://
uuid: "ac0fc983-
}
],
parent_uuid: "4c935d93-
parent_href: "http://
parent_type: "project",
security_group_id: 6,
display_name: "sg1",
href: "http://
id_perms: {
enable: true,
uuid: {
uuid_mslong: 138151843898736
uuid_lslong: 132489628530990
},
created: "2014-09-
description: "sg1",
last_modified: "2014-09-
permissions: {
owner: "cloud-admin",
owner_access: 7,
other_access: 7,
group: "cloud-
group_access: 7
}
},
security_
policy_rule: [
{
direction: ">",
protocol: "any",
dst_addresses: [
{
security_group: null,
subnet: {
ip_prefix: "0.0.0.0",
ip_prefix_len: 0
},
virtual_network: null,
network_policy: null
}
],
action_list: null,
rule_uuid: "518dcf76-
dst_ports: [
{
end_port: 65535,
start_port: 0
}
],
application: [ ],
src_addresses: [
{
security_group: "local",
subnet: null,
virtual_network: null,
network_policy: null
}
],
rule_sequence: null,
src_ports: [
{
end_port: 65535,
start_port: 0
}
]
},
{
direction: ">",
protocol: "icmp",
dst_addresses: [
{
security_group: "local",
subnet: null,
virtual_network: null,
network_policy: null
}
],
action_list: null,
rule_uuid: "f9d4dd23-
dst_ports: [
{
end_port: 1,
start_port: 1
}
],
application: [ ],
src_addresses: [
{
security_group: null,
subnet: {
ip_prefix: "0.0.0.0",
ip_prefix_len: 0
},
virtual_network: null,
network_policy: null
}
],
rule_sequence: null,
src_ports: [
{
end_port: 65535,
start_port: 0
}
]
}
]
},
name: "sg1"
}
}
Changed in opencontrail: | |
importance: | Undecided → Medium |
assignee: | nobody → Hampapur Ajay (hajay) |
no longer affects: | opencontrail |
The below tempest test is also failing due to this issue.
tempest. api.network. test_security_ groups. SecGroupTest. test_create_ security_ group_rule_ with_icmp_ type_code testresult. real._StringExc eption: Empty attachments:
Traceback (most recent call last):
testtools.
pythonlogging:''
stderr
stdout
Traceback (most recent call last): omp/tempest/ tempest/ api/network/ test_security_ groups. py", line 178, in test_create_ security_ group_rule_ with_icmp_ type_code omp/tempest/ tempest/ api/network/ test_security_ groups. py", line 69, in _create_ verify_ security_ group_rule lib/python2. 7/dist- packages/ testtools/ testcase. py", line 350, in assertEqual assertThat( observed, matcher, message) lib/python2. 7/dist- packages/ testtools/ testcase. py", line 435, in assertThat matchers. _impl.MismatchE rror: None != 65535: Field port_range_max of the created security group rule does not match with None.
File "/home/
icmp_type, icmp_code)
File "/home/
(key, value))
File "/usr/local/
self.
File "/usr/local/
raise mismatch_error
testtools.