[GitHub] cloudstack issue #1653: Prevent DNS reflection attacks
Github user rhtyd commented on the issue: https://github.com/apache/cloudstack/pull/1653 @NuxRo this PR can be closed as we've moved to a new one with a marvin test #1663 Thanks. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack issue #1653: Prevent DNS reflection attacks
Github user NuxRo commented on the issue: https://github.com/apache/cloudstack/pull/1653 Understood, thanks. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack issue #1653: Prevent DNS reflection attacks
Github user jburwell commented on the issue: https://github.com/apache/cloudstack/pull/1653 @NuxRo this patch does not appear to break things. However, we want to add a Marvin test case to verify that the fix does not regress again. Does that make sense? @rhtyd is planning to write the Marvin test case this week. Once he is done and we retest, we will merge this PR. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack issue #1653: Prevent DNS reflection attacks
Github user NuxRo commented on the issue: https://github.com/apache/cloudstack/pull/1653 So, you guys kind of lost me, all I want is my VRs not to be used in DNS reflection attacks. Do we have a go or does it break things? :) --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack issue #1653: Prevent DNS reflection attacks
Github user blueorangutan commented on the issue: https://github.com/apache/cloudstack/pull/1653 Trillian test result (trillian-pr1653-36-vmware-55u3-cs49): Test completed. 32 look ok, 20 have errors Test | Result | Time --- | --- | --- test_DeployVmAntiAffinityGroup_in_project | Success | 428.373 test_create_pvlan_network | Success | 5.160 test_DeployVmAntiAffinityGroup | Success | 178.132 test_dedicatePublicIpRange | `Error` | 0.216 test_deploy_vgpu_enabled_vm | Skipped | 0.004 test_deploy_vm_from_iso | Success | 348.045 test_01_scale_vm | Skipped | 66.545 test_00_deploy_vm_root_resize | Success | 6.484 test_01_deploy_vm_root_resize | Success | 6.569 test_02_deploy_vm_root_resize | Success | 6.240 test_01_router_internal_basic | Success | 0.413 test_02_router_internal_adv | Success | 0.939 test_03_restart_network_cleanup | Success | 191.231 test_04_restart_network_wo_cleanup | Success | 5.598 test_05_router_basic | Success | 0.030 test_06_router_advanced | Success | 0.053 test_07_stop_router | Success | 30.235 test_08_start_router | Success | 135.816 test_09_reboot_router | Success | 160.970 test_deployvm_firstfit | Success | 161.175 test_deployvm_userconcentrated | Success | 90.952 test_deployvm_userdispersing | Success | 50.704 test_deployvm_userdata | Success | 141.327 test_deployvm_userdata_post | Success | 25.499 test_01_sys_vm_start | Success | 0.133 test_02_sys_template_ready | Success | 0.111 test_01_create_disk_offering | Success | 0.087 test_02_create_sparse_type_disk_offering | Success | 0.059 test_04_create_fat_type_disk_offering | Success | 0.058 test_02_edit_disk_offering | Success | 0.046 test_03_delete_disk_offering | Success | 0.036 test_default_role_deletion | Success | 6.376 test_role_account_acls | Success | 8.546 test_role_account_acls_multiple_mgmt_servers | `Error` | 1.137 test_role_inuse_deletion | Success | 6.302 test_role_lifecycle_create | Success | 6.224 test_role_lifecycle_delete | Success | 11.430 test_role_lifecycle_list | Success | 6.335 test_role_lifecycle_update | Success | 6.332 test_role_lifecycle_update_role_inuse | Success | 6.696 test_rolepermission_lifecycle_concurrent_updates | Success | 6.730 test_rolepermission_lifecycle_create | Success | 6.331 test_rolepermission_lifecycle_delete | Success | 6.234 test_rolepermission_lifecycle_list | Success | 6.327 test_rolepermission_lifecycle_update | Success | 6.815 test_01_create_service_offering | Success | 0.090 test_02_edit_service_offering | Success | 0.059 test_03_delete_service_offering | Success | 0.035 test_04_change_offering_small | Success | 98.049 test_UpdateConfigParamWithScope | Success | 0.123 ContextSuite context=TestDedicateGuestVlanRange>:setup | `Error` | 0.000 test_01_snapshot_root_disk | `Error` | 150.951 test_01_internallb_roundrobin_1VPC_3VM_HTTP_port80 | `Error` | 314.192 test_02_internallb_roundrobin_1RVPC_3VM_HTTP_port80 | `Failure` | 546.268 test_03_vpc_internallb_haproxy_stats_on_all_interfaces | `Failure` | 151.572 test_04_rvpc_internallb_haproxy_stats_on_all_interfaces | `Error` | 561.917 test_01_list_sec_storage_vm | Success | 0.124 test_02_list_cpvm_vm | Success | 0.175 test_03_ssvm_internals | Success | 3.233 test_04_cpvm_internals | Success | 0.967 test_05_stop_ssvm | `Error` | 416.021 test_06_stop_cpvm | Success | 166.612 test_07_reboot_ssvm | Success | 158.412 test_08_reboot_cpvm | Success | 126.325 test_09_destroy_ssvm | Success | 299.035 test_10_destroy_cpvm | Success | 196.608 test_01_create_iso | Success | 66.344 test_02_edit_iso | Success | 0.061 test_03_delete_iso | Success | 95.159 test_04_extract_Iso | Success | 5.201 test_05_iso_permissions | Success | 0.053 test_06_copy_iso | Skipped | 0.000 test_07_list_default_iso | Success | 0.047 test_01_list_volumes | Success | 0.025 test_02_list_templates | Success | 0.033 test_03_list_snapshots | Success | 0.057 test_static_role_account_acls | Skipped | 0.018 test_01_create_lb_rule_src_nat | Success | 207.967 test_02_create_lb_rule_non_nat | Success | 208.359 test_assign_and_removal_lb | Success | 149.755 login_test_saml_user | `Error` | 1.047 test_01_create_template | `Error` | 5.107 test_CreateTemplateWithDuplicateName | `Error` | 5.119 ContextSuite context=TestTemplates>:setup | `Error` | 205.285 test_nic_secondaryip_add_remove | Success | 238.232 test_network_acl | Success | 186.616 test_delete_account | Success | 293.164 test_01_port_fwd_on_src_nat | Success | 112.030 test_02_port_fwd_on_non_src_nat | Success | 55.675 test_public_ip_admin_account | Success | 40.238 test_public_ip_user_account | Success | 10.224 test_reboot_router | `Error` |
[GitHub] cloudstack issue #1653: Prevent DNS reflection attacks
Github user blueorangutan commented on the issue: https://github.com/apache/cloudstack/pull/1653 Trillian test result (trillian-pr1653-34-xenserver-65sp1-cs49): Test completed. 41 look ok, 11 have errors Test | Result | Time --- | --- | --- test_DeployVmAntiAffinityGroup_in_project | Success | 191.851 test_create_pvlan_network | Success | 5.210 test_DeployVmAntiAffinityGroup | Success | 201.681 test_dedicatePublicIpRange | `Error` | 0.293 test_deploy_vgpu_enabled_vm | Skipped | 0.004 test_deploy_vm_from_iso | `Error` | 458.479 test_01_scale_vm | Success | 5.190 test_00_deploy_vm_root_resize | Success | 6.396 test_01_deploy_vm_root_resize | Success | 6.252 test_02_deploy_vm_root_resize | Success | 6.303 test_01_router_internal_basic | Success | 0.593 test_02_router_internal_adv | Success | 0.767 test_03_restart_network_cleanup | Success | 116.260 test_04_restart_network_wo_cleanup | Success | 5.496 test_05_router_basic | Success | 0.029 test_06_router_advanced | Success | 0.048 test_07_stop_router | Success | 15.167 test_08_start_router | Success | 50.404 test_09_reboot_router | Success | 75.506 test_deployvm_firstfit | Success | 271.988 test_deployvm_userconcentrated | Success | 101.006 test_deployvm_userdispersing | Success | 45.671 test_deployvm_userdata | Success | 116.193 test_deployvm_userdata_post | Success | 20.380 test_01_sys_vm_start | Success | 0.136 test_02_sys_template_ready | Success | 0.099 test_01_create_disk_offering | Success | 0.119 test_02_create_sparse_type_disk_offering | Success | 0.088 test_04_create_fat_type_disk_offering | Success | 0.090 test_02_edit_disk_offering | Success | 0.053 test_03_delete_disk_offering | Success | 0.038 test_default_role_deletion | Success | 6.423 test_role_account_acls | Success | 8.189 test_role_account_acls_multiple_mgmt_servers | Success | 7.805 test_role_inuse_deletion | Success | 6.256 test_role_lifecycle_create | Success | 6.293 test_role_lifecycle_delete | Success | 6.291 test_role_lifecycle_list | Success | 6.276 test_role_lifecycle_update | Success | 11.448 test_role_lifecycle_update_role_inuse | Success | 6.332 test_rolepermission_lifecycle_concurrent_updates | Success | 7.395 test_rolepermission_lifecycle_create | Success | 6.434 test_rolepermission_lifecycle_delete | Success | 6.380 test_rolepermission_lifecycle_list | Success | 6.486 test_rolepermission_lifecycle_update | Success | 6.584 test_01_create_service_offering | Success | 0.074 test_02_edit_service_offering | Success | 0.084 test_03_delete_service_offering | Success | 0.048 test_04_change_offering_small | Success | 126.082 test_UpdateConfigParamWithScope | Success | 0.140 ContextSuite context=TestDedicateGuestVlanRange>:setup | `Error` | 0.000 test_01_snapshot_root_disk | Success | 61.380 test_01_internallb_roundrobin_1VPC_3VM_HTTP_port80 | `Error` | 157.244 test_01_internallb_roundrobin_1VPC_3VM_HTTP_port80 | `Error` | 167.471 test_02_internallb_roundrobin_1RVPC_3VM_HTTP_port80 | `Error` | 287.671 test_02_internallb_roundrobin_1RVPC_3VM_HTTP_port80 | `Error` | 297.856 test_03_vpc_internallb_haproxy_stats_on_all_interfaces | `Error` | 141.649 test_03_vpc_internallb_haproxy_stats_on_all_interfaces | `Error` | 146.758 test_04_rvpc_internallb_haproxy_stats_on_all_interfaces | `Error` | 282.539 test_04_rvpc_internallb_haproxy_stats_on_all_interfaces | `Error` | 287.635 test_01_list_sec_storage_vm | Success | 0.106 test_02_list_cpvm_vm | Success | 0.095 test_03_ssvm_internals | Success | 3.406 test_04_cpvm_internals | Success | 1.012 test_05_stop_ssvm | Success | 168.918 test_06_stop_cpvm | Success | 166.673 test_07_reboot_ssvm | Success | 154.144 test_08_reboot_cpvm | Success | 141.467 test_09_destroy_ssvm | Success | 199.000 test_10_destroy_cpvm | Success | 196.600 test_01_create_iso | Success | 66.395 test_02_edit_iso | Success | 0.073 test_03_delete_iso | Success | 95.172 test_04_extract_Iso | Success | 5.161 test_05_iso_permissions | Success | 0.068 test_06_copy_iso | Skipped | 0.000 test_07_list_default_iso | Success | 0.074 test_01_list_volumes | Success | 0.032 test_02_list_templates | Success | 0.034 test_03_list_snapshots | Success | 0.074 test_static_role_account_acls | Skipped | 0.017 test_01_create_lb_rule_src_nat | Success | 208.204 test_02_create_lb_rule_non_nat | Success | 207.507 test_assign_and_removal_lb | Success | 148.821 login_test_saml_user | Success | 21.745 test_01_create_template | Success | 65.513 test_CreateTemplateWithDuplicateName | Success | 100.747 test_02_edit_template | Success | 90.143 test_03_delete_template | Success | 5.092 test_04_extract_template | Success | 5.180
[GitHub] cloudstack issue #1653: Prevent DNS reflection attacks
Github user rhtyd commented on the issue: https://github.com/apache/cloudstack/pull/1653 @NuxRo can you give me push permission on your repository once again to push the refactoring change, thanks. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack issue #1653: Prevent DNS reflection attacks
Github user rhtyd commented on the issue: https://github.com/apache/cloudstack/pull/1653 @NuxRo np, I'll help with the refactoring fixes etc. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack issue #1653: Prevent DNS reflection attacks
Github user jburwell commented on the issue: https://github.com/apache/cloudstack/pull/1653 @NuxRo understood. I am working to get you some assistance. That work for you? --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack issue #1653: Prevent DNS reflection attacks
Github user NuxRo commented on the issue: https://github.com/apache/cloudstack/pull/1653 @jburwell I am afraid I do not have the coding skills to do what you want re that variable, I am just submitting @ustcweizhou's code from that Jira issue. Right now basic/sg zones are vulnerable to this and need manual patching, so it must be a regression I guess. I've opened a new issue: https://issues.apache.org/jira/browse/CLOUDSTACK-9464 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack issue #1653: Prevent DNS reflection attacks
Github user jburwell commented on the issue: https://github.com/apache/cloudstack/pull/1653 @NuxRo is it possible to create/update a Marvin test case to verify this change? --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack issue #1653: Prevent DNS reflection attacks
Github user blueorangutan commented on the issue: https://github.com/apache/cloudstack/pull/1653 @rhtyd a Trillian-Jenkins matrix job (centos6 mgmt + xs56sp1, centos7 mgmt + vmware55u3, ubuntu mgmt + kvmcentos7) has been kicked to run smoke tests against packages at http://packages.shapeblue.com/cloudstack/pr/1653 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack issue #1653: Prevent DNS reflection attacks
Github user rhtyd commented on the issue: https://github.com/apache/cloudstack/pull/1653 @blueorangutan test matrix --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack issue #1653: Prevent DNS reflection attacks
Github user blueorangutan commented on the issue: https://github.com/apache/cloudstack/pull/1653 Packaging result: âcentos6 âcentos7 âdebian repo: http://packages.shapeblue.com/cloudstack/pr/1653 Job ID-94 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack issue #1653: Prevent DNS reflection attacks
Github user rhtyd commented on the issue: https://github.com/apache/cloudstack/pull/1653 @NuxRo thanks, fixed the branch, you may remove my access now :) @blueorangutan package --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack issue #1653: Prevent DNS reflection attacks
Github user blueorangutan commented on the issue: https://github.com/apache/cloudstack/pull/1653 @rhtyd a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack issue #1653: Prevent DNS reflection attacks
Github user rhtyd commented on the issue: https://github.com/apache/cloudstack/pull/1653 @NuxRo okay, can you grant me push access on your fork: https://github.com/NuxRo/cloudstack/tree/patch-4 and I can help fix it for you? --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack issue #1653: Prevent DNS reflection attacks
Github user NuxRo commented on the issue: https://github.com/apache/cloudstack/pull/1653 Rohit unfortunately I do not have git setup properly, I am limited to what the github interface offers me. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack issue #1653: Prevent DNS reflection attacks
Github user rhtyd commented on the issue: https://github.com/apache/cloudstack/pull/1653 @NuxRo there are still several commits which have come from master; can you export the commit (git format-patch -1) and reset --hard origin/4.9 and re-apply the commit (git am ) and then git push -f. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack issue #1653: Prevent DNS reflection attacks
Github user NuxRo commented on the issue: https://github.com/apache/cloudstack/pull/1653 Done? --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack issue #1653: Prevent DNS reflection attacks
Github user rhtyd commented on the issue: https://github.com/apache/cloudstack/pull/1653 Thanks @NuxRo can you rebase against latest 4.9, looks like some more commits came in. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack issue #1653: Prevent DNS reflection attacks
Github user NuxRo commented on the issue: https://github.com/apache/cloudstack/pull/1653 Rohit, done, go right ahead. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack issue #1653: Prevent DNS reflection attacks
Github user rhtyd commented on the issue: https://github.com/apache/cloudstack/pull/1653 @NuxRo if you can change the base-branch of the PR to 4.9, I can initiate some tests on VR/trillian. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack issue #1653: Prevent DNS reflection attacks
Github user NuxRo commented on the issue: https://github.com/apache/cloudstack/pull/1653 I've tested this in Adv zone with Security Groups and it works. Can't vouch for "pure" Adv zones. Perhaps @ustcweizhou can say more. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack issue #1653: Prevent DNS reflection attacks
Github user rhtyd commented on the issue: https://github.com/apache/cloudstack/pull/1653 LGTM, we need to also test for users who connect to VPN on that network (will DNS work for them as well?). --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] cloudstack issue #1653: Prevent DNS reflection attacks
Github user ustcweizhou commented on the issue: https://github.com/apache/cloudstack/pull/1653 LGTM --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---