From 067a5c2a47026fccd09ce10e45eb16f5f9310234 Mon Sep 17 00:00:00 2001
From: Doug Wiegley <dougw@a10networks.com>
Date: Mon, 23 May 2016 21:56:02 -0600
Subject: [PATCH] Fix unit test for new list of icmpv6 allowed_types

But, we now have accept and reject rules for 134. Was this change to the
list correct?  IPv6 types need to take a look at this.

Closes-bug: #1585022
Change-Id: Icc408a2ca3121f32e605ce612dcc07905a069cd5
---
 .../unit/agent/test_securitygroups_rpc.py     | 39 +++++++++----------
 1 file changed, 18 insertions(+), 21 deletions(-)

diff --git a/neutron/tests/unit/agent/test_securitygroups_rpc.py b/neutron/tests/unit/agent/test_securitygroups_rpc.py
index 06cdb729b5b..8436effc150 100644
--- a/neutron/tests/unit/agent/test_securitygroups_rpc.py
+++ b/neutron/tests/unit/agent/test_securitygroups_rpc.py
@@ -2499,13 +2499,12 @@ IPTABLES_FILTER_V6_1 = """# Generated by iptables_manager
 -I %(bn)s-INPUT 1 %(physdev_mod)s --physdev-EGRESS tap_port1 \
 %(physdev_is_bridged)s -j %(bn)s-o_port1
 -I %(bn)s-i_port1 1 -p ipv6-icmp -m icmp6 --icmpv6-type 130 -j RETURN
--I %(bn)s-i_port1 2 -p ipv6-icmp -m icmp6 --icmpv6-type 131 -j RETURN
--I %(bn)s-i_port1 3 -p ipv6-icmp -m icmp6 --icmpv6-type 132 -j RETURN
--I %(bn)s-i_port1 4 -p ipv6-icmp -m icmp6 --icmpv6-type 135 -j RETURN
--I %(bn)s-i_port1 5 -p ipv6-icmp -m icmp6 --icmpv6-type 136 -j RETURN
--I %(bn)s-i_port1 6 -m state --state RELATED,ESTABLISHED -j RETURN
--I %(bn)s-i_port1 7 -m state --state INVALID -j DROP
--I %(bn)s-i_port1 8 -j %(bn)s-sg-fallback
+-I %(bn)s-i_port1 2 -p ipv6-icmp -m icmp6 --icmpv6-type 134 -j RETURN
+-I %(bn)s-i_port1 3 -p ipv6-icmp -m icmp6 --icmpv6-type 135 -j RETURN
+-I %(bn)s-i_port1 4 -p ipv6-icmp -m icmp6 --icmpv6-type 136 -j RETURN
+-I %(bn)s-i_port1 5 -m state --state RELATED,ESTABLISHED -j RETURN
+-I %(bn)s-i_port1 6 -m state --state INVALID -j DROP
+-I %(bn)s-i_port1 7 -j %(bn)s-sg-fallback
 -I %(bn)s-o_port1 1 -s ::/128 -d ff02::/16 -p ipv6-icmp -m icmp6 \
 --icmpv6-type 131 -j RETURN
 -I %(bn)s-o_port1 2 -s ::/128 -d ff02::/16 -p ipv6-icmp -m icmp6 \
@@ -2567,21 +2566,19 @@ IPTABLES_FILTER_V6_2 = """# Generated by iptables_manager
 -I %(bn)s-INPUT 2 %(physdev_mod)s --physdev-EGRESS tap_%(port2)s \
 %(physdev_is_bridged)s -j %(bn)s-o_%(port2)s
 -I %(bn)s-i_%(port1)s 1 -p ipv6-icmp -m icmp6 --icmpv6-type 130 -j RETURN
--I %(bn)s-i_%(port1)s 2 -p ipv6-icmp -m icmp6 --icmpv6-type 131 -j RETURN
--I %(bn)s-i_%(port1)s 3 -p ipv6-icmp -m icmp6 --icmpv6-type 132 -j RETURN
--I %(bn)s-i_%(port1)s 4 -p ipv6-icmp -m icmp6 --icmpv6-type 135 -j RETURN
--I %(bn)s-i_%(port1)s 5 -p ipv6-icmp -m icmp6 --icmpv6-type 136 -j RETURN
--I %(bn)s-i_%(port1)s 6 -m state --state RELATED,ESTABLISHED -j RETURN
--I %(bn)s-i_%(port1)s 7 -m state --state INVALID -j DROP
--I %(bn)s-i_%(port1)s 8 -j %(bn)s-sg-fallback
+-I %(bn)s-i_%(port1)s 2 -p ipv6-icmp -m icmp6 --icmpv6-type 134 -j RETURN
+-I %(bn)s-i_%(port1)s 3 -p ipv6-icmp -m icmp6 --icmpv6-type 135 -j RETURN
+-I %(bn)s-i_%(port1)s 4 -p ipv6-icmp -m icmp6 --icmpv6-type 136 -j RETURN
+-I %(bn)s-i_%(port1)s 5 -m state --state RELATED,ESTABLISHED -j RETURN
+-I %(bn)s-i_%(port1)s 6 -m state --state INVALID -j DROP
+-I %(bn)s-i_%(port1)s 7 -j %(bn)s-sg-fallback
 -I %(bn)s-i_%(port2)s 1 -p ipv6-icmp -m icmp6 --icmpv6-type 130 -j RETURN
--I %(bn)s-i_%(port2)s 2 -p ipv6-icmp -m icmp6 --icmpv6-type 131 -j RETURN
--I %(bn)s-i_%(port2)s 3 -p ipv6-icmp -m icmp6 --icmpv6-type 132 -j RETURN
--I %(bn)s-i_%(port2)s 4 -p ipv6-icmp -m icmp6 --icmpv6-type 135 -j RETURN
--I %(bn)s-i_%(port2)s 5 -p ipv6-icmp -m icmp6 --icmpv6-type 136 -j RETURN
--I %(bn)s-i_%(port2)s 6 -m state --state RELATED,ESTABLISHED -j RETURN
--I %(bn)s-i_%(port2)s 7 -m state --state INVALID -j DROP
--I %(bn)s-i_%(port2)s 8 -j %(bn)s-sg-fallback
+-I %(bn)s-i_%(port2)s 2 -p ipv6-icmp -m icmp6 --icmpv6-type 134 -j RETURN
+-I %(bn)s-i_%(port2)s 3 -p ipv6-icmp -m icmp6 --icmpv6-type 135 -j RETURN
+-I %(bn)s-i_%(port2)s 4 -p ipv6-icmp -m icmp6 --icmpv6-type 136 -j RETURN
+-I %(bn)s-i_%(port2)s 5 -m state --state RELATED,ESTABLISHED -j RETURN
+-I %(bn)s-i_%(port2)s 6 -m state --state INVALID -j DROP
+-I %(bn)s-i_%(port2)s 7 -j %(bn)s-sg-fallback
 -I %(bn)s-o_%(port1)s 1 -s ::/128 -d ff02::/16 -p ipv6-icmp -m icmp6 \
 --icmpv6-type 131 -j RETURN
 -I %(bn)s-o_%(port1)s 2 -s ::/128 -d ff02::/16 -p ipv6-icmp -m icmp6 \