openstack
/
neutron
Code Issues Proposed changes

Fix meter label rule creation 

In the case of outbound traffic, set remote_ip to dst.
In the case of inbound traffic, set remote_ip to src.

Change-Id: I7f27b93efa67baf3efccaa94f6a1337d6886e230
Closes-Bug: #1528137
DocImpact: Clarify remote_ip_prefix description of metering label rule in API site
This commit is contained in:
Yu Fukuyama 2015-12-22 05:17:30 +00:00 committed by Akihiro Motoki
parent 89fa5b997a
commit 6659a93558
2 changed files with 20 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
neutron/services/metering/drivers/iptables/iptables_driver.py
View File

@ -176,9 +176,9 @@ class IptablesMeteringDriver(abstract_driver.MeteringAbstractDriver):
def _prepare_rule(self, ext_dev, rule, label_chain):
remote_ip = rule['remote_ip_prefix']
if rule['direction'] == 'egress':
dir_opt = '-o %s -s %s' % (ext_dev, remote_ip)
dir_opt = '-o %s -d %s' % (ext_dev, remote_ip)
else:
dir_opt = '-i %s -d %s' % (ext_dev, remote_ip)
dir_opt = '-i %s -s %s' % (ext_dev, remote_ip)
if rule['excluded']:
ipt_rule = '%s -j RETURN' % dir_opt

36
neutron/tests/unit/services/metering/drivers/test_iptables.py
View File

@ -137,7 +137,7 @@ class IptablesDriverTestCase(base.BaseTestCase):
'',
wrap=False),
mock.call.add_rule('neutron-meter-r-c5df2fe5-c60',
'-i qg-6d411f48-ec -d 10.0.0.0/24'
'-i qg-6d411f48-ec -s 10.0.0.0/24'
' -j neutron-meter-l-c5df2fe5-c60',
wrap=False, top=False),
mock.call.add_chain('neutron-meter-l-eeef45da-c60',
@ -151,7 +151,7 @@ class IptablesDriverTestCase(base.BaseTestCase):
'',
wrap=False),
mock.call.add_rule('neutron-meter-r-eeef45da-c60',
'-o qg-7d411f48-ec -s 20.0.0.0/24'
'-o qg-7d411f48-ec -d 20.0.0.0/24'
' -j neutron-meter-l-eeef45da-c60',
wrap=False, top=False)]
@ -176,7 +176,7 @@ class IptablesDriverTestCase(base.BaseTestCase):
'',
wrap=False),
mock.call.add_rule('neutron-meter-r-c5df2fe5-c60',
'-i qg-6d411f48-ec -d 10.0.0.0/24'
'-i qg-6d411f48-ec -s 10.0.0.0/24'
' -j neutron-meter-l-c5df2fe5-c60',
wrap=False, top=False),
mock.call.add_chain('neutron-meter-l-eeef45da-c60',
@ -190,7 +190,7 @@ class IptablesDriverTestCase(base.BaseTestCase):
'',
wrap=False),
mock.call.add_rule('neutron-meter-r-eeef45da-c60',
'-i qg-7d411f48-ec -d 20.0.0.0/24'
'-i qg-7d411f48-ec -s 20.0.0.0/24'
' -j RETURN',
wrap=False, top=True)]
@ -227,17 +227,17 @@ class IptablesDriverTestCase(base.BaseTestCase):
'',
wrap=False),
mock.call.add_rule('neutron-meter-r-c5df2fe5-c60',
'-i qg-6d411f48-ec -d 10.0.0.0/24'
'-i qg-6d411f48-ec -s 10.0.0.0/24'
' -j neutron-meter-l-c5df2fe5-c60',
wrap=False, top=False),
mock.call.empty_chain('neutron-meter-r-c5df2fe5-c60',
wrap=False),
mock.call.add_rule('neutron-meter-r-c5df2fe5-c60',
'-o qg-6d411f48-ec -s 10.0.0.0/24'
'-o qg-6d411f48-ec -d 10.0.0.0/24'
' -j RETURN',
wrap=False, top=True),
mock.call.add_rule('neutron-meter-r-c5df2fe5-c60',
'-i qg-6d411f48-ec -d 20.0.0.0/24 -j '
'-i qg-6d411f48-ec -s 20.0.0.0/24 -j '
'neutron-meter-l-c5df2fe5-c60',
wrap=False, top=False)]
@ -269,17 +269,17 @@ class IptablesDriverTestCase(base.BaseTestCase):
'',
wrap=False),
mock.call.add_rule('neutron-meter-r-c5df2fe5-c60',
'-i qg-6d411f48-ec -d 10.0.0.0/24'
'-i qg-6d411f48-ec -s 10.0.0.0/24'
' -j neutron-meter-l-c5df2fe5-c60',
wrap=False, top=False),
mock.call.add_rule('neutron-meter-r-c5df2fe5-c60',
'-i qg-6d411f48-ec -d 20.0.0.0/24'
'-i qg-6d411f48-ec -s 20.0.0.0/24'
' -j neutron-meter-l-c5df2fe5-c60',
wrap=False, top=False),
mock.call.empty_chain('neutron-meter-r-c5df2fe5-c60',
wrap=False),
mock.call.add_rule('neutron-meter-r-c5df2fe5-c60',
'-i qg-6d411f48-ec -d 10.0.0.0/24'
'-i qg-6d411f48-ec -s 10.0.0.0/24'
' -j neutron-meter-l-c5df2fe5-c60',
wrap=False, top=False)]
@ -291,11 +291,11 @@ class IptablesDriverTestCase(base.BaseTestCase):
self.metering.add_metering_label_rule(None, new_routers_rules)
calls = [
mock.call.add_rule('neutron-meter-r-c5df2fe5-c60',
'-i qg-6d411f48-ec -d 30.0.0.0/24'
'-i qg-6d411f48-ec -s 30.0.0.0/24'
' -j neutron-meter-l-c5df2fe5-c60',
wrap=False, top=False),
mock.call.add_rule('neutron-meter-r-eeef45da-c60',
'-o qg-7d411f48-ec -s 40.0.0.0/24'
'-o qg-7d411f48-ec -d 40.0.0.0/24'
' -j neutron-meter-l-eeef45da-c60',
wrap=False, top=False),
@ -309,11 +309,11 @@ class IptablesDriverTestCase(base.BaseTestCase):
self.metering.remove_metering_label_rule(None, new_routers_rules)
calls = [
mock.call.remove_rule('neutron-meter-r-c5df2fe5-c60',
'-i qg-6d411f48-ec -d 30.0.0.0/24'
'-i qg-6d411f48-ec -s 30.0.0.0/24'
' -j neutron-meter-l-c5df2fe5-c60',
wrap=False, top=False),
mock.call.remove_rule('neutron-meter-r-eeef45da-c60',
'-o qg-7d411f48-ec -s 40.0.0.0/24'
'-o qg-7d411f48-ec -d 40.0.0.0/24'
' -j neutron-meter-l-eeef45da-c60',
wrap=False, top=False)
]
@ -335,7 +335,7 @@ class IptablesDriverTestCase(base.BaseTestCase):
'',
wrap=False),
mock.call.add_rule('neutron-meter-r-c5df2fe5-c60',
'-i qg-6d411f48-ec -d 10.0.0.0/24'
'-i qg-6d411f48-ec -s 10.0.0.0/24'
' -j neutron-meter-l-c5df2fe5-c60',
wrap=False, top=False),
mock.call.remove_chain('neutron-meter-l-c5df2fe5-c60',
@ -369,7 +369,7 @@ class IptablesDriverTestCase(base.BaseTestCase):
'',
wrap=False),
mock.call.add_rule('neutron-meter-r-c5df2fe5-c60',
'-i qg-6d411f48-ec -d 10.0.0.0/24'
'-i qg-6d411f48-ec -s 10.0.0.0/24'
' -j neutron-meter-l-c5df2fe5-c60',
wrap=False, top=False),
mock.call.add_chain('neutron-meter-l-eeef45da-c60',
@ -383,7 +383,7 @@ class IptablesDriverTestCase(base.BaseTestCase):
'',
wrap=False),
mock.call.add_rule('neutron-meter-r-eeef45da-c60',
'-i qg-7d411f48-ec -d 20.0.0.0/24'
'-i qg-7d411f48-ec -s 20.0.0.0/24'
' -j RETURN',
wrap=False, top=True),
mock.call.remove_chain('neutron-meter-l-c5df2fe5-c60',
@ -401,7 +401,7 @@ class IptablesDriverTestCase(base.BaseTestCase):
'',
wrap=False),
mock.call.add_rule('neutron-meter-r-c5df2fe5-c60',
'-i qg-587b63c1-22 -d 10.0.0.0/24'
'-i qg-587b63c1-22 -s 10.0.0.0/24'
' -j neutron-meter-l-c5df2fe5-c60',
wrap=False, top=False)]