[Openstack-security] [Bug 1382562] Re: security groups remote_group fails with CIDR in address pairs
Thierry Carrez
thierry.carrez+lp at gmail.com
Thu Apr 30 09:31:25 UTC 2015
** Changed in: neutron
Milestone: kilo-1 => 2015.1.0
--
You received this bug notification because you are a member of OpenStack
Security, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1382562
Title:
security groups remote_group fails with CIDR in address pairs
Status in OpenStack Neutron (virtual network service):
Fix Released
Status in neutron juno series:
Fix Released
Status in OpenStack Security Advisories:
Won't Fix
Bug description:
Add a CIDR to allowed address pairs of a host. RPC calls from the
agents will run into this issue now when retrieving the security group
members' IPs. I haven't confirmed because I came across this working
on other code, but I think this may stop all members of the security
groups referencing that group from getting their rules over the RPC
channel.
File "neutron/api/rpc/handlers/securitygroups_rpc.py", line 75, in security_group_info_for_devices
return self.plugin.security_group_info_for_ports(context, ports)
File "neutron/db/securitygroups_rpc_base.py", line 202, in security_group_info_for_ports
return self._get_security_group_member_ips(context, sg_info)
File "neutron/db/securitygroups_rpc_base.py", line 209, in _get_security_group_member_ips
ethertype = 'IPv%d' % netaddr.IPAddress(ip).version
File "/home/administrator/code/neutron/.tox/py27/local/lib/python2.7/site-packages/netaddr/ip/__init__.py", line 281, in __init__
% self.__class__.__name__)
ValueError: IPAddress() does not support netmasks or subnet prefixes! See documentation for details.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1382562/+subscriptions
More information about the Openstack-security
mailing list