← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #69933

[Bug 1738371] [NEW] Neutron API port range validation not working correctly

  Thread PreviousDate PreviousThread Next 
Public bug reported:

Neutron API port range validation is not working correctly.

In neutron-api, when doing port range validation, we compares min_port
and max_port as strings. Which leads to wrong port range specification
could pass the validation successfully.

* Step-by-step reproduction steps:
  1. create a firewall rule with wrong port range specification:
     openstack firewall group rule create --source-port 1111:9 --protocol tcp

* Expected output:
  - "Invalid input for source_port. Reason: First port in a port range must be lower than the second port."
  - This is the error message from neutron API port range validator.

* Actual output:
  - "Invalid value for port 1111:9."
  - This is the error message from FWaaS exception InvalidPortValue, which means that the problematic port range specification passed the API validation.

* Version:
  - neutron-lib 1.11.0 installed from PyPI as a requirement.

* Environment:
  - devstack with FWaaS(master commit 66d3d57ac4fd8630b757d343106de7e974afe698, Oct 25, 2017)

** Affects: neutron
     Importance: Undecided
     Assignee: Hunt Xu (huntxu)
         Status: In Progress


** Tags: api fwaas

** Changed in: neutron
     Assignee: (unassigned) => Hunt Xu (huntxu)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1738371

Title:
  Neutron API port range validation not working correctly

Status in neutron:
  In Progress

Bug description:
  Neutron API port range validation is not working correctly.

  In neutron-api, when doing port range validation, we compares min_port
  and max_port as strings. Which leads to wrong port range specification
  could pass the validation successfully.

  * Step-by-step reproduction steps:
    1. create a firewall rule with wrong port range specification:
       openstack firewall group rule create --source-port 1111:9 --protocol tcp

  * Expected output:
    - "Invalid input for source_port. Reason: First port in a port range must be lower than the second port."
    - This is the error message from neutron API port range validator.

  * Actual output:
    - "Invalid value for port 1111:9."
    - This is the error message from FWaaS exception InvalidPortValue, which means that the problematic port range specification passed the API validation.

  * Version:
    - neutron-lib 1.11.0 installed from PyPI as a requirement.

  * Environment:
    - devstack with FWaaS(master commit 66d3d57ac4fd8630b757d343106de7e974afe698, Oct 25, 2017)

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1738371/+subscriptions

Follow ups

  Thread PreviousDate PreviousThread Next