Revert "Skip unknown protocols while deleting conntrack"

This reverts commit 9b89d4802c due to wrong validation for retrieving 'unknown' status of conntrack. Taking back-porting into consideration, it's better to summarize into 1 patch for this fix. Change-Id: Id5ef5abb1d5eb499418c5e85b6d91f1d86ed76b7
2018-03-08 14:34:56 +00:00 · 2018-03-08 14:34:56 +00:00 · 29fd5ffcfd
commit 29fd5ffcfd
parent 9b89d4802c
2 changed files with 2 additions and 9 deletions
--- a/neutron_fwaas/services/firewall/drivers/linux/legacy_conntrack.py
+++ b/neutron_fwaas/services/firewall/drivers/linux/legacy_conntrack.py
@ -77,8 +77,7 @@ class ConntrackLegacy(conntrack_base.ConntrackDriverBase):
            raw_entries = self._execute_command(cmd).splitlines()
            for raw_entry in raw_entries:
                parsed_entry = self._parse_entry(raw_entry.split(), ip_version)
-                if parsed_entry is not None:
-                    parsed_entries.append(parsed_entry)
+                parsed_entries.append(parsed_entry)
        return sorted(parsed_entries)

    def _get_conntrack_cmd_from_entry(self, entry, namespace):
@ -110,11 +109,6 @@ class ConntrackLegacy(conntrack_base.ConntrackDriverBase):
        and compare with firewall rule
        """
        protocol = entry[0]
-        if protocol in ATTR_POSITIONS:
-            LOG.info('Skipping conntrack entry %s with unsupported protocol',
-                     entry)
-            return None
-
        parsed_entry = [ip_version, protocol]
        for attr, position in ATTR_POSITIONS[protocol]:
            val = entry[position].partition('=')[2]
--- a/neutron_fwaas/tests/unit/services/firewall/drivers/linux/test_legacy_conntrack.py
+++ b/neutron_fwaas/tests/unit/services/firewall/drivers/linux/test_legacy_conntrack.py
@ -80,7 +80,6 @@ FW_RULES = [
 ICMP_ENTRY = (4, 'icmp', 8, 0, '1.1.1.1', '2.2.2.2', '1234')
 TCP_ENTRY = (4, 'tcp', 1, 2, '1.1.1.1', '2.2.2.2')
 UDP_ENTRY = (4, 'udp', 1, 2, '1.1.1.1', '2.2.2.2')
-UNKNOWN_ENTRY = (4, 'unknown', 1, 2, '1.1.1.1', '2.2.2.2')

 ROUTER_NAMESPACE = 'qrouter-fake-namespace'

@ -113,7 +112,7 @@ class ConntrackLegacyTestCase(base.BaseTestCase):

    def test_delete_entries(self):
        self.conntrack_driver.list_entries.return_value = [
-            ICMP_ENTRY, TCP_ENTRY, UDP_ENTRY, UNKNOWN_ENTRY]
+            ICMP_ENTRY, TCP_ENTRY, UDP_ENTRY]
        self.conntrack_driver.delete_entries(FW_RULES, ROUTER_NAMESPACE)
        calls = [
            mock.call(['ip', 'netns', 'exec', ROUTER_NAMESPACE,