Open Stack

In testing some new function I've written, I've unsurfaced the problem that
the ML2 vlan type driver does not enforce the vlan range specified in the
network_vlan_ranges option in ml2_conf.ini file.  It is properly enforcing
the physical network name, and even checking to be sure the segmentation_id
is valid in the sense that it's not outside the range of ALL valid vlan
ids.  But it does not actually enforce that segmentation_id is within the
vlan range specified for the given physical network in network_vlan_ranges.

The fix I propose is simple.  Add the following check
to /neutron/plugins/ml2/drivers/type_vlan.py
(TypeVlanDriver.validate_provider_segment()):

        range_min, range_max = self.network_vlan_ranges
[physical_network][0]
        if segmentation_id not in range(range_min, range_max):
            msg = (_("segmentation_id out of range (%(min)s through "
                     "%(max)s)") %
                   {'min': range_min,
                    'max': range_max})
            raise exc.InvalidInput(error_message=msg)

This would go near line 182 in
https://github.com/openstack/neutron/blob/master/neutron/plugins/ml2/drivers/type_vlan.py.

One question I have is whether self.network_vlan_ranges[physical_network]
could actually be an empty list rather than a tuple representing the vlan
range.  I believe that should always exist, but the documentation is not
clear on this.  For reference, the corresponding line in ml2_conf.ini is
this:

[ml2_type_vlan]
network_vlan_ranges = default:1:4093

Thanks in advance to any that choose to provide some insight here!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140116/9fcabd3e/attachment.html>