You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cloudstack.apache.org by "Chandan Purushothama (JIRA)" <ji...@apache.org> on 2013/07/25 21:46:03 UTC
[jira] [Closed] (CLOUDSTACK-2494) NTier: No Check is made to
validate the supported Protocol Number during ACL Rule Creation
[ https://issues.apache.org/jira/browse/CLOUDSTACK-2494?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Chandan Purushothama closed CLOUDSTACK-2494.
--------------------------------------------
Verified on 4.2 Build
> NTier: No Check is made to validate the supported Protocol Number during ACL Rule Creation
> ------------------------------------------------------------------------------------------
>
> Key: CLOUDSTACK-2494
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-2494
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the default.)
> Components: Management Server
> Affects Versions: 4.2.0
> Reporter: Chandan Purushothama
> Assignee: Kishan Kavala
> Fix For: 4.2.0
>
>
> ================
> Steps to Reproduce:
> ================
> 1. Create a VPC.
> 2. Create a Network Tier
> 3. Create an ACL rule on the Network Tier with protocol number 92 (92 is not supported)
> ==========
> Observations:
> ==========
> 2013-05-14 15:16:36,242 DEBUG [cloud.api.ApiServlet] (catalina-exec-7:null) ===START=== 10.216.133.86 -- GET command=createNetworkACL&response=json&sessionkey=1ew3VD0LppS%2BSreQld9FNtVnLwo%3D&cidrlist=10.223.195.44%2F32&protocol=92&startport=99&endport=100&networkid=bcc163c5-c23f-4b47-a0c8-562b8460b3fe&traffictype=Ingress&_=1368569838485
> 2013-05-14 15:16:36,248 DEBUG [cloud.user.AccountManagerImpl] (catalina-exec-7:null) Access to Acct[3-atoms] granted to Acct[3-atoms] by DomainChecker_EnhancerByCloudStack_32dba8cb
> 2013-05-14 15:16:36,252 DEBUG [cloud.user.AccountManagerImpl] (catalina-exec-7:null) Access to [VPC [1-Atoms-VPC-1] granted to Acct[3-atoms] by DomainChecker_EnhancerByCloudStack_32dba8cb
> 2013-05-14 15:16:36,286 DEBUG [cloud.async.AsyncJobManagerImpl] (catalina-exec-7:null) submit async job-28, details: AsyncJobVO {id:28, userId: 3, accountId: 3, sessionKey: null, instanceType: None, instanceId: 17, cmd: org.apache.cloudstack.api.command.user.network.CreateNetworkACLCmd, cmdOriginator: null, cmdInfo: {"sessionkey":"1ew3VD0LppS+SreQld9FNtVnLwo\u003d","protocol":"92","ctxUserId":"3","traffictype":"Ingress","httpmethod":"GET","startport":"99","endport":"100","response":"json","id":"17","cidrlist":"10.223.195.44/32","_":"1368569838485","ctxAccountId":"3","networkid":"bcc163c5-c23f-4b47-a0c8-562b8460b3fe","ctxStartEventId":"90"}, cmdVersion: 0, callbackType: 0, callbackAddress: null, status: 0, processStatus: 0, resultCode: 0, result: null, initMsid: 7508777239729, completeMsid: null, lastUpdated: null, lastPolled: null, created: null}
> 2013-05-14 15:16:36,288 DEBUG [cloud.api.ApiServlet] (catalina-exec-7:null) ===END=== 10.216.133.86 -- GET command=createNetworkACL&response=json&sessionkey=1ew3VD0LppS%2BSreQld9FNtVnLwo%3D&cidrlist=10.223.195.44%2F32&protocol=92&startport=99&endport=100&networkid=bcc163c5-c23f-4b47-a0c8-562b8460b3fe&traffictype=Ingress&_=1368569838485
> 2013-05-14 15:16:36,290 DEBUG [cloud.async.AsyncJobManagerImpl] (Job-Executor-15:job-28) Executing org.apache.cloudstack.api.command.user.network.CreateNetworkACLCmd for job-28
> 2013-05-14 15:16:36,299 DEBUG [cloud.user.AccountManagerImpl] (Job-Executor-15:job-28) Access to Acct[3-atoms] granted to Acct[3-atoms] by DomainChecker_EnhancerByCloudStack_32dba8cb
> 2013-05-14 15:16:36,319 DEBUG [network.router.VirtualNetworkApplianceManagerImpl] (Job-Executor-15:job-28) Applying network acls in network Ntwk[206|Guest|11]
> 2013-05-14 15:16:36,329 DEBUG [cloud.network.NetworkModelImpl] (Job-Executor-15:job-28) Service SecurityGroup is not supported in the network id=206
> 2013-05-14 15:16:36,342 DEBUG [agent.transport.Request] (Job-Executor-15:job-28) Seq 1-1228472517: Sending { Cmd , MgmtId: 7508777239729, via: 1, Ver: v1, Flags: 100001, [{"routing.SetNetworkACLCommand":{"rules":[{"id":0,"vlanTag":"2072","protocol":"all","revoked":false,"alreadyAdded":true,"cidrList":["0.0.0.0/0"],"trafficType":"Ingress","action":"DROP","number":1},{"id":0,"vlanTag":"2072","protocol":"all","revoked":false,"alreadyAdded":true,"cidrList":["0.0.0.0/0"],"trafficType":"Egress","action":"DROP","number":2},{"id":0,"vlanTag":"2072","protocol":"tcp","portRange":[22,23],"revoked":false,"alreadyAdded":true,"cidrList":["10.223.195.44/32"],"trafficType":"Ingress","action":"ACCEPT","number":3},{"id":0,"vlanTag":"2072","protocol":"6","portRange":[80,81],"revoked":false,"alreadyAdded":true,"cidrList":["10.223.131.170/32"],"trafficType":"Ingress","action":"ACCEPT","number":4},{"id":0,"vlanTag":"2072","protocol":"6","portRange":[56,67],"revoked":false,"alreadyAdded":true,"cidrList":["10.223.131.170/32"],"trafficType":"Ingress","action":"ACCEPT","number":5},{"id":0,"vlanTag":"2072","protocol":"6","portRange":[44,45],"revoked":false,"alreadyAdded":true,"cidrList":["10.223.195.44/32"],"trafficType":"Ingress","action":"ACCEPT","number":6},{"id":0,"vlanTag":"2072","protocol":"udp","portRange":[23,24],"revoked":false,"alreadyAdded":true,"cidrList":["10.223.195.44/32"],"trafficType":"Ingress","action":"ACCEPT","number":7},{"id":0,"vlanTag":"2072","protocol":"17","portRange":[79,80],"revoked":false,"alreadyAdded":true,"cidrList":["10.223.195.44/32"],"trafficType":"Ingress","action":"ACCEPT","number":8},{"id":0,"vlanTag":"2072","protocol":"51","portRange":[81,82],"revoked":false,"alreadyAdded":false,"cidrList":["10.223.195.44/32"],"trafficType":"Ingress","action":"ACCEPT","number":9},{"id":0,"vlanTag":"2072","protocol":"50","portRange":[82,83],"revoked":false,"alreadyAdded":false,"cidrList":["10.223.195.44/32"],"trafficType":"Ingress","action":"ACCEPT","number":10},{"id":0,"vlanTag":"2072","protocol":"47","portRange":[83,84],"revoked":false,"alreadyAdded":false,"cidrList":["10.223.195.44/32"],"trafficType":"Ingress","action":"ACCEPT","number":11},{"id":0,"vlanTag":"2072","protocol":"40","portRange":[84,85],"revoked":false,"alreadyAdded":false,"cidrList":["10.223.195.44/32"],"trafficType":"Ingress","action":"ACCEPT","number":12},{"id":0,"vlanTag":"2072","protocol":"132","portRange":[85,86],"revoked":false,"alreadyAdded":false,"cidrList":["10.223.195.44/32"],"trafficType":"Ingress","action":"ACCEPT","number":13},{"id":0,"vlanTag":"2072","protocol":"33","portRange":[86,87],"revoked":false,"alreadyAdded":false,"cidrList":["10.223.195.44/32"],"trafficType":"Ingress","action":"ACCEPT","number":14},{"id":0,"vlanTag":"2072","protocol":"92","portRange":[99,100],"revoked":false,"alreadyAdded":false,"cidrList":["10.223.195.44/32"],"trafficType":"Ingress","action":"ACCEPT","number":15}],"nic":{"deviceId":2,"networkRateMbps":200,"defaultNic":false,"uuid":"1a0c7f7d-d2f2-4be7-b148-4582f741633a","ip":"192.168.10.1","netmask":"255.255.255.0","gateway":"192.168.10.1","mac":"02:00:25:a3:00:02","broadcastType":"Vlan","type":"Guest","broadcastUri":"vlan://2072","isolationUri":"vlan://2072","isSecurityGroupEnabled":false},"accessDetails":{"router.guest.ip":"192.168.10.1","guest.vlan.tag":"2072","zone.network.type":"Advanced","router.ip":"169.254.1.178","router.name":"r-3-NTIER"},"wait":0}}] }
> 2013-05-14 15:16:36,345 DEBUG [agent.transport.Request] (Job-Executor-15:job-28) Seq 1-1228472517: Executing: { Cmd , MgmtId: 7508777239729, via: 1, Ver: v1, Flags: 100001, [{"routing.SetNetworkACLCommand":{"rules":[{"id":0,"vlanTag":"2072","protocol":"all","revoked":false,"alreadyAdded":true,"cidrList":["0.0.0.0/0"],"trafficType":"Ingress","action":"DROP","number":1},{"id":0,"vlanTag":"2072","protocol":"all","revoked":false,"alreadyAdded":true,"cidrList":["0.0.0.0/0"],"trafficType":"Egress","action":"DROP","number":2},{"id":0,"vlanTag":"2072","protocol":"tcp","portRange":[22,23],"revoked":false,"alreadyAdded":true,"cidrList":["10.223.195.44/32"],"trafficType":"Ingress","action":"ACCEPT","number":3},{"id":0,"vlanTag":"2072","protocol":"6","portRange":[80,81],"revoked":false,"alreadyAdded":true,"cidrList":["10.223.131.170/32"],"trafficType":"Ingress","action":"ACCEPT","number":4},{"id":0,"vlanTag":"2072","protocol":"6","portRange":[56,67],"revoked":false,"alreadyAdded":true,"cidrList":["10.223.131.170/32"],"trafficType":"Ingress","action":"ACCEPT","number":5},{"id":0,"vlanTag":"2072","protocol":"6","portRange":[44,45],"revoked":false,"alreadyAdded":true,"cidrList":["10.223.195.44/32"],"trafficType":"Ingress","action":"ACCEPT","number":6},{"id":0,"vlanTag":"2072","protocol":"udp","portRange":[23,24],"revoked":false,"alreadyAdded":true,"cidrList":["10.223.195.44/32"],"trafficType":"Ingress","action":"ACCEPT","number":7},{"id":0,"vlanTag":"2072","protocol":"17","portRange":[79,80],"revoked":false,"alreadyAdded":true,"cidrList":["10.223.195.44/32"],"trafficType":"Ingress","action":"ACCEPT","number":8},{"id":0,"vlanTag":"2072","protocol":"51","portRange":[81,82],"revoked":false,"alreadyAdded":false,"cidrList":["10.223.195.44/32"],"trafficType":"Ingress","action":"ACCEPT","number":9},{"id":0,"vlanTag":"2072","protocol":"50","portRange":[82,83],"revoked":false,"alreadyAdded":false,"cidrList":["10.223.195.44/32"],"trafficType":"Ingress","action":"ACCEPT","number":10},{"id":0,"vlanTag":"2072","protocol":"47","portRange":[83,84],"revoked":false,"alreadyAdded":false,"cidrList":["10.223.195.44/32"],"trafficType":"Ingress","action":"ACCEPT","number":11},{"id":0,"vlanTag":"2072","protocol":"40","portRange":[84,85],"revoked":false,"alreadyAdded":false,"cidrList":["10.223.195.44/32"],"trafficType":"Ingress","action":"ACCEPT","number":12},{"id":0,"vlanTag":"2072","protocol":"132","portRange":[85,86],"revoked":false,"alreadyAdded":false,"cidrList":["10.223.195.44/32"],"trafficType":"Ingress","action":"ACCEPT","number":13},{"id":0,"vlanTag":"2072","protocol":"33","portRange":[86,87],"revoked":false,"alreadyAdded":false,"cidrList":["10.223.195.44/32"],"trafficType":"Ingress","action":"ACCEPT","number":14},{"id":0,"vlanTag":"2072","protocol":"92","portRange":[99,100],"revoked":false,"alreadyAdded":false,"cidrList":["10.223.195.44/32"],"trafficType":"Ingress","action":"ACCEPT","number":15}],"nic":{"deviceId":2,"networkRateMbps":200,"defaultNic":false,"uuid":"1a0c7f7d-d2f2-4be7-b148-4582f741633a","ip":"192.168.10.1","netmask":"255.255.255.0","gateway":"192.168.10.1","mac":"02:00:25:a3:00:02","broadcastType":"Vlan","type":"Guest","broadcastUri":"vlan://2072","isolationUri":"vlan://2072","isSecurityGroupEnabled":false},"accessDetails":{"router.guest.ip":"192.168.10.1","guest.vlan.tag":"2072","zone.network.type":"Advanced","router.ip":"169.254.1.178","router.name":"r-3-NTIER"},"wait":0}}] }
> .
> .
> .
> .
> mysql> select * from network_acl_item where protocol=92 \G
> *************************** 1. row ***************************
> id: 17
> uuid: 24aba3f4-db6c-4f67-9c93-b2596201d5b6
> acl_id: 1
> start_port: 99
> end_port: 100
> state: Add
> protocol: 92
> created: 2013-05-14 22:16:36
> icmp_code: NULL
> icmp_type: NULL
> traffic_type: Ingress
> cidr: 10.223.195.44/32
> number: 15
> action: Allow
> 1 row in set, 6 warnings (0.00 sec)
> mysql>
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira