Merge "Delete conntrack entry on the other direction"

neutron/agent/linux/ip_conntrack.py

@@ -79,10 +79,12 @@ class IpConntrackManager(object):
 
     def delete_conntrack_state_by_remote_ips(self, device_info_list,
                                              ethertype, remote_ips):
-        rule = {'ethertype': str(ethertype).lower(), 'direction': 'ingress'}
-        if remote_ips:
-            for remote_ip in remote_ips:
-                self._delete_conntrack_state(
-                    device_info_list, rule, remote_ip)
-        else:
-            self._delete_conntrack_state(device_info_list, rule)
+        for direction in ['ingress', 'egress']:
+            rule = {'ethertype': str(ethertype).lower(),
+                    'direction': direction}
+            if remote_ips:
+                for remote_ip in remote_ips:
+                    self._delete_conntrack_state(
+                        device_info_list, rule, remote_ip)
+            else:
+                self._delete_conntrack_state(device_info_list, rule)

neutron/tests/unit/agent/linux/test_iptables_firewall.py

@@ -1131,9 +1131,17 @@ class IptablesFirewallTestCase(BaseIptablesFirewallTestCase):
                        '-w', 10],
                       run_as_root=True, check_exit_code=True,
                       extra_ok_codes=[1]),
+            mock.call(['conntrack', '-D', '-f', 'ipv4', '-s', '10.0.0.1',
+                       '-w', 10],
+                      run_as_root=True, check_exit_code=True,
+                      extra_ok_codes=[1]),
             mock.call(['conntrack', '-D', '-f', 'ipv6', '-d', 'fe80::1',
                        '-w', 10],
                       run_as_root=True, check_exit_code=True,
+                      extra_ok_codes=[1]),
+            mock.call(['conntrack', '-D', '-f', 'ipv6', '-s', 'fe80::1',
+                       '-w', 10],
+                      run_as_root=True, check_exit_code=True,
                       extra_ok_codes=[1])]
         self.utils_exec.assert_has_calls(calls)