[NEUTRON-76] Security Groups : For "Other Protocol" rule, NeutronSecurityRule.getSecurityRuleProtocol() is set to NULL Created: 26/Oct/15  Updated: 21/Oct/16  Resolved: 21/Oct/16

Status: Resolved
Project: neutron
Component/s: neutron-spi
Affects Version/s: Multiple
Fix Version/s: None

Type: Bug
Reporter: Ravindra Kenchappa Assignee: Ritu Sood
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

Operating System: All
Platform: All

Attachments: File local.conf     Text File q-svc.log    
External issue ID: 4527
Priority: High

 Description   

From openstack Horizon I have created a security group rule for "Other Protocol" (ID : 0 to 255) and when I check the datastore the protocol filed was not set. I am work on net-virt:security groups implementation and on port added/update NorthBound event I am reading the MD for security groups rule associated to the neuton port. When the port is assocaited to "Other Protocol" rule the protocol field is set to NULL (protocol field is properly set for ICMP/UDP/TCP). I verified using the following neutron APIs:

http://172.16.100.47:8181/restconf/config/neutron:neutron/security-groups/

{ "uuid": "565faa54-2e2c-4481-bb77-b5dc64e56024", "security-rules": [ "159eb2e0-d16e-4162-b44b-7232d826adbf", "21a367c0-df97-4f2e-9e7e-fcc5f8ef5180", "04d74957-dd00-48fb-993b-61e86308f13d", "9d2e779a-6b0c-4921-8822-086164b1d2a8" ], "tenant-id": "5730197f-a527-4c6e-b56d-579ae544ef5a", "name": "OTHERS", "description": "OTHER-PROTO" }

,

http://172.16.100.47:8181/restconf/config/neutron:neutron/security-rules/security-rule/9d2e779a-6b0c-4921-8822-086164b1d2a8/

{
"security-rule": [

{ "id": "9d2e779a-6b0c-4921-8822-086164b1d2a8", "security-group-id": "565faa54-2e2c-4481-bb77-b5dc64e56024", "tenant-id": "5730197f-a527-4c6e-b56d-579ae544ef5a", "ethertype": "neutron-constants:ethertype-v4", "direction": "neutron-constants:direction-egress" }

]
}

ICMP:

http://172.16.100.47:8181/restconf/config/neutron:neutron/security-rules/security-rule/adc94c53-21a3-440b-a24c-20efd357520f/

{
"security-rule": [

{ "id": "adc94c53-21a3-440b-a24c-20efd357520f", "security-group-id": "42a139a8-0412-4b67-b7a4-8f1949532f43", "remote-ip-prefix": "0.0.0.0/24", "tenant-id": "5730197f-a527-4c6e-b56d-579ae544ef5a", "ethertype": "neutron-constants:ethertype-v4", "direction": "neutron-constants:direction-ingress", "protocol": "neutron-constants:protocol-icmp" }

]
}

 Comments   
Comment by Isaku Yamahata [ 26/Oct/15 ]

can you please post not only ODL NN, but also neutron api?
Ideally can you post packet capture at both openstack neutron API and also ODL neutron northbound?

Comment by Ravindra Kenchappa [ 28/Oct/15 ]

Attachment q-svc.log has been added with description: lgo contains the openstack API and NN API

Comment by Ravindra Kenchappa [ 28/Oct/15 ]

Ran the following openstack neutron CLI command:

neutron net-create vx-net --provider:network_type vxlan

neutron subnet-create vx-net 10.100.5.0/24 --name vx-subnet
neutron security-group-create OtherProto --description OtherProtocol
neutron security-group-rule-create --direction ingress --protocol 200 --remote-ip-prefix 0.0.0.0/24 OtherProto
neutron security-group-rule-create --direction egress --protocol 200 --remote-ip-prefix 0.0.0.0/24 OtherProto

And from the horizon GUI created a with associating the security group "OtherProto"

Also from the NN code: the NeutronSecurityRuleInterface.PROTOCOL_MAP is a constant map and only contains icmp,tcp,udp and icmpv6.

Comment by Pramod Raghavendra Jayathirth [ 29/Jan/16 ]

can you upload the local.conf which you have used for the environment?

Comment by Ravindra Kenchappa [ 09/Feb/16 ]

I have uploaded the local.conf file that I am using.

Comment by Ravindra Kenchappa [ 09/Feb/16 ]

Attachment local.conf has been added with description: local.conf uploaded

Comment by Isaku Yamahata [ 09/Feb/16 ]

https://git.opendaylight.org/gerrit/#/c/33932/
This patch is partial-fix.
Another patches will follow.

Comment by A H [ 12/Feb/16 ]

As Isaku Yamahata mentioned here [1], can someone change the target for this bug to Beryllium-SR1?

[1] https://lists.opendaylight.org/pipermail/release/2016-February/005502.html

Comment by Isaku Yamahata [ 26/Aug/16 ]

As record, the target was changed to Beryllium-SR1

Comment by Isaku Yamahata [ 21/Oct/16 ]

Now model was fixed and patches in networking-odl were merged.
I'll close this. If you still have this issue, please re-open.

Generated at Wed Feb 07 20:25:30 UTC 2024 using Jira 8.20.10#820010-sha1:ace47f9899e9ee25d7157d59aa17ab06aee30d3d.