neutron

FIP attached to fixed-ip remains even when port is update with other fixed-ips

Bug #1765828 reported by sunny on 2018-04-20

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	neutron	In Progress	Medium	yanpuqing

Bug Description

When we create a port on a network and attach fip to the port with let's say fixed-ip IP1
Then we attach FIP to the port. Now update the port with other fixed-ips other than IP1, the port gets updated but the FIP is not and the FIP is still attached to the port with fixed-ip IP1.
Neutron should block updation of port if that Fip is already attached to the vport with fixed-ip.

Step-by-step reproduction steps:
neutron router-create router
neutron net-create private
neutron subnet-create private 10.0.0.0/24 --name private_subnet
neutron router-interface-add router private_subnet
neutron net-create public --router:external=True
neutron subnet-create public 192.124.0.0/24 --name public_subnet --enable_dhcp=False --allocation-pool start=192.124.0.5,end=192.124.0.250 --gateway=192.124.0.1
neutron router-gateway-set router public
neutron port-create private --fixed-ip subnet_id=<private_subnet-id>,ip_address=10.0.0.10 --name port1

neutron floatingip-create public --name fip
neutron floatingip-associate fip port1
neutron port-update port1 --fixed-ip subnet_id=<private_subnet-id>,ip_address=10.0.0.11 --fixed-ip subnet_id=<private_subnet-id>,ip_address=10.0.0.12 --fixed-ip subnet_id=<private_subnet-id>,ip_address=10.0.0.13

neutron floatingip-show fip1 -> will show the fip is associate with port with fixed-ip 10.0.0.10 which even doesn

Expected output:
I think we should fail at a point when we update a port with fixed-ips, if fixed-ip doesn't contain original fixed-ip and fip is attached to it.

Actual output: did the system silently fail (in this case log traces are useful)?
https://pastebin.com/J2Yv947c

* Version:
  ** stable/ocata, stable/pike etc...
  ** Ubuntu16.04
  ** DevStack

Perceived severity: Medium

Tags:

YAMAMOTO Takashi (yamamoto) on 2018-04-24

Changed in neutron:
importance:	Undecided → Medium
status:	New → Confirmed

yanpuqing (ycx) on 2018-06-06

Changed in neutron:
assignee:	nobody → yanpuqing (ycx)

NickKush (nickkush) on 2023-06-08

information type:

Public → Public Security

Revision history for this message

Jeremy Stanley (fungi) wrote on 2023-06-08:

I've switched this report back to a normal bug. If you really do believe it to represent a potential security vulnerability, please comment with your rationale. Thanks.

information type:

Public Security → Public

Revision history for this message

NickKush (nickkush) wrote on 2023-06-13:

Sorry about that. It was a missclick

information type:	Public → Public Security
information type:	Public Security → Public

OpenStack Infra (hudson-openstack) on 2023-06-13

Changed in neutron:
status:	Confirmed → In Progress

Revision history for this message

Lajos Katona (lajos-katona) wrote on 2023-06-16:

PS pushed for this bug: https://review.opendev.org/c/openstack/neutron/+/885999

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2023-08-16: Change abandoned on neutron (master)

Change abandoned by "Slawek Kaplonski <email address hidden>" on branch: master
Review: https://review.opendev.org/c/openstack/neutron/+/885999
Reason: This review is > 4 weeks without comment, and failed Zuul jobs the last time it was checked. We are abandoning this for now. Feel free to reactivate the review by pressing the restore button and leaving a 'recheck' comment to get fresh test results.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.