OpenStack Compute (nova)

SecurityGroupIngressRule doesn't make sense for ICMP

Registered by Brian Lamar on 2011-10-07

The "SecurityGroupIngressRule" model contains the fields: protocol, from_port, and to_port. These values make perfect sense when thinking about TCP/UDP, but not a lot of sense when dealing with ICMP.

For IP, we're using "from_port" and "to_port" to mean: A range of IP ports.
For ICMP we're using "from_port" and "to_port" to mean: A range of ICMP message types.

Off the top of my head I don't have a solution, but in my opinion this is confusing and not an ideal situation. Perhaps the fields can be renamed or the database model can be rethought.

Blueprint information

Status:: Complete

Approver:: None

Priority:: Undefined

Drafter:: Nova Network

Direction:: Needs approval

Assignee:: None

Definition:: Obsolete

Series goal:: None

Implementation:: Deferred

Milestone target:: None

Completed by: Vish Ishaya on 2012-05-17

Related branches

Related bugs

Sprints

Whiteboard

seems like overkill to special case db fields for icmp when we already have two integer fields. I assume this is why ec2 works the same way.

(?)

Work Items

This blueprint contains Public information

Everyone can see this information.

Subscribers

steve friday