Thanks Kevin. In that case I've tagged it as a security hardening
opportunity (removes a foot-cannon), and switched the advisory task to
won't-fix.
** Information type changed from Public Security to Public
** Changed in: ossa
Status: Incomplete => Won't Fix
** Tags added: security
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1382562
Title:
security groups remote_group fails with CIDR in address pairs
Status in OpenStack Neutron (virtual network service):
In Progress
Status in OpenStack Security Advisories:
Won't Fix
Bug description:
Add a CIDR to allowed address pairs of a host. RPC calls from the
agents will run into this issue now when retrieving the security group
members' IPs. I haven't confirmed because I came across this working
on other code, but I think this may stop all members of the security
groups referencing that group from getting their rules over the RPC
channel.
File "neutron/api/rpc/handlers/securitygroups_rpc.py", line 75, in
security_group_info_for_devices
return self.plugin.security_group_info_for_ports(context, ports)
File "neutron/db/securitygroups_rpc_base.py", line 202, in
security_group_info_for_ports
return self._get_security_group_member_ips(context, sg_info)
File "neutron/db/securitygroups_rpc_base.py", line 209, in
_get_security_group_member_ips
ethertype = 'IPv%d' % netaddr.IPAddress(ip).version
File
"/home/administrator/code/neutron/.tox/py27/local/lib/python2.7/site-packages/netaddr/ip/__init__.py",
line 281, in __init__
% self.__class__.__name__)
ValueError: IPAddress() does not support netmasks or subnet prefixes! See
documentation for details.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1382562/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
