yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #03550
[Bug 1197769] Re: Cannot create ICMP secgroup rule with a specific type and any code
** Changed in: neutron
Status: Fix Committed => Fix Released
** Changed in: neutron
Milestone: None => havana-2
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1197769
Title:
Cannot create ICMP secgroup rule with a specific type and any code
Status in OpenStack Neutron (virtual network service):
Fix Released
Bug description:
We cannot create a ICMP secgroup rule for a specific type with ANY
type.
quantum security-group-rule-create --protocol icmp --port-range-min 8 --remote-ip-prefix 0.0.0.0/0 default
For TCP/UDP protocols, port_range_min must be <= port_range_max
The above means ICMP rule with type = 8 and code = ANY.
It should be accepted.
In addition, icmp type and icmp code are 8 bit field, so the values
should be 0 to 255, but we can create a ICMP rule with type 10000 and
code 12000. port range validation for a specific protocol should be
done.
$ quantum security-group-rule-create --protocol icmp --port-range-min 10000 --port-range-max 12000 --remote-ip-prefix 0.0.0.0/0 default
Created a new security_group_rule:
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| direction | ingress |
| ethertype | IPv4 |
| id | 62822ee1-ee4f-4c65-9322-582f3a7a3063 |
| port_range_max | 12000 |
| port_range_min | 10000 |
| protocol | icmp |
| remote_group_id | |
| remote_ip_prefix | 0.0.0.0/0 |
| security_group_id | faad7c80-3b62-4440-967c-13808c37131d |
| tenant_id | 797885303e524308b76d97686b1c5698 |
+-------------------+--------------------------------------+
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1197769/+subscriptions