yahoo-eng-team team mailing list archive

[Phil Day <1284741@xxxxxxxxxxxxxxxxxx>]

Public bug reported:

When an EC2 metadata request is received via the neutron metadata proxy
Nova assumes that the X-Forwarded-For item in teh header is the address
of the instance:

https://github.com/openstack/nova/blob/master/nova/api/metadata/handler.py#L149

In fact depending on the network path this could be a comma separated
list of of addresses, only the first element of which is the address of
the instance.

The correct handling should be something like:

remote_address = req.headers.get('X-Forwarded-For').split(',')[0]

** Affects: nova
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1284741

Title:
  EC2 metadata service doesn't account for request forwarding when using
  neutron metadata-proxy

Status in OpenStack Compute (Nova):
  New

Bug description:
  When an EC2 metadata request is received via the neutron metadata
  proxy Nova assumes that the X-Forwarded-For item in teh header is the
  address of the instance:

  https://github.com/openstack/nova/blob/master/nova/api/metadata/handler.py#L149

  In fact depending on the network path this could be a comma separated
  list of of addresses, only the first element of which is the address
  of the instance.

  The correct handling should be something like:

  remote_address = req.headers.get('X-Forwarded-For').split(',')[0]

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1284741/+subscriptions