yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1708580] Re: ovsfw ignores port_ranges under some conditions

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Tristan Cacqueray <tdecacqu@xxxxxxxxxx>
Date: Wed, 23 Aug 2017 01:08:31 -0000
Reply-to: Bug 1708580 <1708580@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Since this report concerns a possible security risk, an incomplete
security advisory task has been added while the core security reviewers
for the affected project or projects confirm the bug and discuss the
scope of any vulnerability along with potential solutions.

Back in Mitaka, OVS was an experimental security groups driver. Is it
deemed production ready in Newton ?

** Also affects: ossa
   Importance: Undecided
       Status: New

** Changed in: ossa
       Status: New => Incomplete

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1708580

Title:
  ovsfw ignores port_ranges under some conditions

Status in neutron:
  In Progress
Status in OpenStack Security Advisory:
  Incomplete

Bug description:
  ovsfw ignores port_ranges when protocol is not literal udp or tcp.
  sctp and numeric protocol values don't work and result in too permissive filtering.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1708580/+subscriptions

References

[Bug 1708580] [NEW] ovsfw ignores port_ranges under some conditions
From: IWAMOTO Toshihiro, 2017-08-04