Public bug reported:
While looking at an unrelated issue I noticed log lines like this in the
neutron-ovn-metadata-agent log file:
No port found in network b62452f3-ec93-4cd7-af2d-9f9eabb33b12 with IP
address 10.246.166.21,10.131.84.23
While it might seem harmless, looking at the code it only showed a
single value being logged:
LOG.error("No port found in network %s with IP address %s",
network_id, remote_address)
The code in question is looking for a matching IP address, but will
never match the concatenated string.
Google shows the additional IP address(es) that might be present in this
header are actually proxies:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-
For
And sure enough in my case the second IP was always the same.
The code needs to be changed to account for proxies, which aren't
actually necessary to lookup what port is making the request, but it
could be logged for posterity.
I'll send a change for that soon.
** Affects: neutron
Importance: Medium
Assignee: Brian Haley (brian-haley)
Status: In Progress
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2026775
Title:
Metadata agents do not parse X-Forwarded-For headers properly
Status in neutron:
In Progress
Bug description:
While looking at an unrelated issue I noticed log lines like this in
the neutron-ovn-metadata-agent log file:
No port found in network b62452f3-ec93-4cd7-af2d-9f9eabb33b12 with
IP address 10.246.166.21,10.131.84.23
While it might seem harmless, looking at the code it only showed a
single value being logged:
LOG.error("No port found in network %s with IP address %s",
network_id, remote_address)
The code in question is looking for a matching IP address, but will
never match the concatenated string.
Google shows the additional IP address(es) that might be present in
this header are actually proxies:
https://developer.mozilla.org/en-
US/docs/Web/HTTP/Headers/X-Forwarded-For
And sure enough in my case the second IP was always the same.
The code needs to be changed to account for proxies, which aren't
actually necessary to lookup what port is making the request, but it
could be logged for posterity.
I'll send a change for that soon.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2026775/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
