[openstack-dev] [Neutron] Need some clarity on security group protocol numbers vs names
Mark McClain
mark.mcclain at dreamhost.com
Wed Sep 11 20:57:14 UTC 2013
On Sep 11, 2013, at 1:46 PM, Akihiro Motoki <amotoki at gmail.com> wrote:
>
> On Thu, Sep 12, 2013 at 12:46 AM, Justin Hammond
> <justin.hammond at rackspace.com> wrote:
>> As it seems the review is no longer the place for this discussion, I will
>> copy/paste my inline comments here:
>>
>> I dislike the idea of passing magical numbers around to define protocols
>> (defined or otherwise). I believe there should be a common set of
>> protocols with their numbers mapped (such as this constants business) and
>> a well defined way to validate/list said common constants.
>
> I agree that value should be validated appropriately in general.
> A configurable list of allowed protocols looks good to me.
I'm -2. The original bug has morphed into a mini-feature and is not allowable under our feature freeze rules.
There are many valid reasons for allowing 41, 47, etc to a guest and we should continue to allow 0<=proto_num<=255 in Havana. We should also refocus on the original bug intent and normalize the data to prevent duplicate rules in the common cases (tcp, udp, icmp, icmp, icmpv6).
Any other changes should be open for discussion in Icehouse as we'll need to consider the deployment and backwards compatibility issues. Feel free to proposal a session on this for the Hong Kong summit.
mark
More information about the OpenStack-dev
mailing list