yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1850630] Re: firewall rule update validating func is not robust enough，missing considering the stock data

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Yue Qu <1850630@xxxxxxxxxxxxxxxxxx>
Date: Wed, 06 Nov 2019 07:32:32 -0000
Reply-to: Bug 1850630 <1850630@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Sorry, I find this bug has been fixed in fwaas v2...

** Changed in: neutron
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1850630

Title:
  firewall rule update validating func is not  robust enough，missing
  considering the stock data

Status in neutron:
  Invalid

Bug description:
  When we try to update a firewall rule, both protocol and s/d_port
  could be modified. However, the validate func is not robust enough,
  missing considering the stock data. As a result: 1.some unavailable
  rules will probably be constructed. 2: When try to update s/d port,
  must input the current protocol

  e.g.

  1.1.update r1(protocol:imcp, sport:None, dport:None) protocol to tcp, will get 
    r1`(protocol:tcp, sport:None, dport:None), which is unavailable. 

  1.2.update r2(protocol:tcp, sport:123, dport:234) protocol to icmp, will get 
    r2`(protocol:tcp, sport:None, dport:None), which is unavailable. 

  2. update r3(protocol:tcp, sport:123, dport:234) sport to 456, could not assign the sport only,
    otherwise the following execption will be raised:  
     Source, destination port are not allowed when protocol is set to ICMP.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1850630/+subscriptions

References

[Bug 1850630] [NEW] firewall rule update validating func is not robust enough，missing considering the stock data
From: Yue Qu, 2019-10-30