Skip to content
This repository has been archived by the owner on Mar 25, 2023. It is now read-only.

Distinguish IPv4/IPv6 in Security Group rules view mode #671

Closed
bwsw opened this issue Nov 18, 2017 · 7 comments
Closed

Distinguish IPv4/IPv6 in Security Group rules view mode #671

bwsw opened this issue Nov 18, 2017 · 7 comments
Assignees
@dariashka
Labels
priority: high requirement
Milestone
Release 1.410.19

Comments

@bwsw
Copy link
Owner

bwsw commented Nov 18, 2017
edited by elenaustyugova
Loading

Acceptance criteria:

  1. Ingress SG rules are displayed incorrectly. Semantics should be like:
  • Protocol (correct)
  • ICMP or Ports (correct)
  • FROM CIDR (incorrect - now is TO)
  1. Distinguish IPv4 and IPv6. Correct:

Incoming TCP traffic from IPv4 X.X.X.X/Y to VM (add the word) port range M-N
Incoming TCP traffic from IPv6 X:Y::C/D to VM (add the word) port range M-N

Outgoing TCP traffic to IPv4 X.X.X.X/Y to port range M-N
Outgoing TCP traffic to IPv6 X:Y::C/D to port range M-N

IPv4 and V6 addresses can be easily distinguished with Regexp.

  1. IPv4/IPv6 rules filtering:
    Filtering when view - add new 2 checkboxes ipv4, ipv6 on the right side of 2 existing filterings

Includes #920

Connected feature ID:

  • firewall_rules_view
  • firewall_rules_view_filter
  • vm_firewall_rules_view
@bwsw
Copy link
Owner Author

bwsw commented Nov 18, 2017
edited
Loading

Might be it's better to implement new rule creation as modal dialog? It could help define the context like, if i have chosen incoming then show From if outgoing then To, like single screen master when context of the first field dwfines the next. Just to think about it...

@bwsw bwsw added this to the 1.410.19 milestone Jan 15, 2018
Repository owner deleted a comment from bwsw Jan 19, 2018
@elenaustyugova
Copy link
Collaborator

A comment of 18.11.17 is moved to a separate issue #903

@elenaustyugova elenaustyugova changed the title Ingress SG rules wrong semantics Distinguish IPv4/IPv6 in Security Groups view mode Jan 19, 2018
@ksendart ksendart assigned ksendart and unassigned ksendart Jan 23, 2018
@elenaustyugova elenaustyugova changed the title Distinguish IPv4/IPv6 in Security Groups view mode Distinguish IPv4/IPv6 in Security Group rules in view mode Jan 25, 2018
@elenaustyugova elenaustyugova changed the title Distinguish IPv4/IPv6 in Security Group rules in view mode Distinguish IPv4/IPv6 in Security Group rules view mode Jan 25, 2018
@dariashka dariashka self-assigned this Jan 30, 2018
@dariashka dariashka mentioned this issue Feb 2, 2018
Closed
@dariashka
Copy link
Contributor

dariashka commented Feb 2, 2018
edited
Loading

To test:

  • firewall_rules_view_filter
  • firewall_rules_view
  • firewall_rules_edit

Test on qqcky/671-ipv6-support. (with #920)

@dariashka dariashka assigned Nadya913 and unassigned dariashka Feb 5, 2018
@Nadya913 Nadya913 assigned rennervo and unassigned Nadya913 Feb 5, 2018
@dariashka dariashka assigned dariashka and rennervo and unassigned rennervo and dariashka Feb 6, 2018
@dariashka dariashka mentioned this issue Feb 6, 2018
Closed
@rennervo
Copy link
Collaborator

rennervo commented Feb 7, 2018
edited
Loading

@qqcky
Errors:

  1. The system incorrectly determines the type of CIDR. All the rules that are created are defined as IPv6, even if it's IPv4. Because of this, the following errors occur:
  • Data is false in a row with a new rule. CIDR type is IPv6 instead of IPv4.
    ipv4 vs ipv6
  • Items in fields "ICMP type" and "ICMP code" not matching with ICMPv4 protocol when an ICMPv4 rule is creating. In this case in these fields are items from the ICMPv6 protocol.

  1. When displaying rules between words "TCP/UDP" and "traffic" there is no space when incoming rule is creating with protocol type is TCP or UDP and same start and end port (Only for English version)
    tcp and udp space

  2. In egress rule doesn't specify the type of CIDR (Only for Russian version) when displaying rules.
    cidr type russian

@rennervo rennervo assigned dariashka and unassigned rennervo Feb 7, 2018
@dariashka dariashka assigned rennervo and unassigned dariashka Feb 7, 2018
@rennervo
Copy link
Collaborator

rennervo commented Feb 8, 2018
edited
Loading

@qqcky
Invalid items in a drop-down list of "ICMP type" field when creating a new rule with IPv4 protocol.

security

@rennervo rennervo assigned dariashka and unassigned rennervo Feb 8, 2018
@dariashka dariashka assigned rennervo and unassigned dariashka Feb 12, 2018
@rennervo
Copy link
Collaborator

@qqcky
Tested on qqcky/671-ipv6-support

@rennervo rennervo assigned dariashka and unassigned rennervo Feb 12, 2018
@chewlite
Copy link
Collaborator

chewlite commented Feb 20, 2018
edited
Loading

Tested on master

Detected issues:
#996
#997
#998

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@dariashka dariashka

Labels
priority: high requirement
Projects
None yet
Milestone
Release 1.410.19
Development

No branches or pull requests
8 participants
@zolotyx @dariashka @bwsw @ksendart @rennervo @elenaustyugova @chewlite @Nadya913