yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1850630] [NEW] firewall rule update validating func is not robust enough，missing considering the stock data

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Yue Qu <1850630@xxxxxxxxxxxxxxxxxx>
Date: Wed, 30 Oct 2019 11:53:37 -0000
Reply-to: Bug 1850630 <1850630@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

When we try to update a firewall rule, both protocol and s/d_port could
be modified. However, the validate func is not robust enough, missing
considering the stock data. As a result: 1.some unavailable rules will
probably be constructed. 2: When try to update s/d port, must input the
current protocol

e.g.

1.1.update r1(protocol:imcp, sport:None, dport:None) protocol to tcp, will get 
  r1`(protocol:tcp, sport:None, dport:None), which is unavailable. 

1.2.update r2(protocol:tcp, sport:123, dport:234) protocol to icmp, will get 
  r2`(protocol:tcp, sport:None, dport:None), which is unavailable. 

2. update r3(protocol:tcp, sport:123, dport:234) sport to 456, could not assign the sport only,
  otherwise the following execption will be raised:  
   Source, destination port are not allowed when protocol is set to ICMP.

** Affects: neutron
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1850630

Title:
  firewall rule update validating func is not  robust enough，missing
  considering the stock data

Status in neutron:
  New

Bug description:
  When we try to update a firewall rule, both protocol and s/d_port
  could be modified. However, the validate func is not robust enough,
  missing considering the stock data. As a result: 1.some unavailable
  rules will probably be constructed. 2: When try to update s/d port,
  must input the current protocol

  e.g.

  1.1.update r1(protocol:imcp, sport:None, dport:None) protocol to tcp, will get 
    r1`(protocol:tcp, sport:None, dport:None), which is unavailable. 

  1.2.update r2(protocol:tcp, sport:123, dport:234) protocol to icmp, will get 
    r2`(protocol:tcp, sport:None, dport:None), which is unavailable. 

  2. update r3(protocol:tcp, sport:123, dport:234) sport to 456, could not assign the sport only,
    otherwise the following execption will be raised:  
     Source, destination port are not allowed when protocol is set to ICMP.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1850630/+subscriptions

Follow ups

[Bug 1850630] Re: firewall rule update validating func is not robust enough，missing considering the stock data
From: Yue Qu, 2019-11-06