[Openstack-security] [Bug 1334926] Re: floatingip still working once connected even after it is disociated

OpenStack Infra 1334926 at bugs.launchpad.net
Mon Sep 29 22:11:45 UTC 2014


Reviewed:  https://review.openstack.org/124375
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=3a30d19e4e2e5bf4f54045561158661b43beecb3
Submitter: Jenkins
Branch:    stable/icehouse

commit 3a30d19e4e2e5bf4f54045561158661b43beecb3
Author: Cedric Brandily <zzelle at gmail.com>
Date:   Fri Sep 26 12:00:33 2014 +0200

    Deletes floating ip related connection states
    
    When a floating ip is dissociated with a port, the current
    connection with the floating ip is still working. This patch
    will clear the connection state and cut off the connection
    immediately.
    
    Since conntrack -D will return 1, which is not an error code,
    so add extra_ok_codes argument to execute methods.
    
    Change-Id: Ia9bd7ae243a0859dcb97e2fa939f7d16f9c2456c
    Closes-Bug: #1334926
    (cherry picked from commit 966645538395079b5337b5ed30d597112279283c)


** Tags added: in-stable-icehouse

-- 
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1334926

Title:
  floatingip still working once connected even after it is disociated

Status in OpenStack Neutron (virtual network service):
  Fix Committed
Status in OpenStack Security Notes:
  Fix Released

Bug description:
  After we create an SSH connection to a VM via its floating ip, even
  though we have removed the floating ip association, we can still
  access the VM via that connection. Namely, SSH is not disconnected
  when the floating ip is not valid

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1334926/+subscriptions




More information about the Openstack-security mailing list