← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1393589] [NEW] Attaching or detaching an interface to a router causes all VPNaaS daemons to be restarted.

 

Public bug reported:

'sync' in services/vpn/device_drivers/ipsec.py is called any time an
interface is attached or detached from a router.  This occurs whether or
not the edited router hosts a VPNaaS instance.

'sync' loops through the results of 'get_vpn_services_on_host' and
stops/starts all IPsec daemons on the network node that hosts the router
being edited, regardless of if they're on the router being edited, or
even the same tenant.

An authorized user can trivially loop through the attach/detach API
calls, causing the IPsec daemons for every tenant to be continuously
restarted.

** Affects: neutron
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1393589

Title:
  Attaching or detaching an interface to a router causes all VPNaaS
  daemons to be restarted.

Status in OpenStack Neutron (virtual network service):
  New

Bug description:
  'sync' in services/vpn/device_drivers/ipsec.py is called any time an
  interface is attached or detached from a router.  This occurs whether
  or not the edited router hosts a VPNaaS instance.

  'sync' loops through the results of 'get_vpn_services_on_host' and
  stops/starts all IPsec daemons on the network node that hosts the
  router being edited, regardless of if they're on the router being
  edited, or even the same tenant.

  An authorized user can trivially loop through the attach/detach API
  calls, causing the IPsec daemons for every tenant to be continuously
  restarted.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1393589/+subscriptions


Follow ups

References