Reviewed: https://review.opendev.org/689050 Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=26b8026cee1b83923744f1ca486a94d513f65964 Submitter: Zuul Branch: master
commit 26b8026cee1b83923744f1ca486a94d513f65964 Author: Brian Haley <[email protected]> Date: Wed Oct 16 17:30:08 2019 -0400 Update security group rule if port range is all ports A security group rule where port_range_min:port_range_max is 1:65535 is specifying all ports, but it is not optimal for backends to try and implement this potentially large rule. Since it is essentially the entire port range, change min:max to be None, making the rule specify the entire protocol instead. Change-Id: Iff22e2fc84d679e20a5a04b8516750c6ea949078 Closes-bug: #1848213 ** Changed in: neutron Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1848213 Title: Do not pass port-range to backend if all ports specified in security group rule Status in neutron: Fix Released Bug description: If user creates a security group rule specifying all the ports, like above: openstack security group rule create --protocol udp --ingress --dst- port 1:65535 47420676-21d8-4d82-b43c-73e100c5b397 the rule shouldn't be passed with ranges to the neutron ml2 backend. For some backends, like OVN, this leads to not optimal flows creation. We have potentially two ways to solve this: 1) Do not accept such kind of requests (HTTP 400) 2) Modify the rule in-fly somewhere around _validate_port_range() in ./neutron/db/securitygroups_db.py to drop max and min ports, and accept all traffic for given protocol. To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1848213/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
