From 72e8b5dc5a5e36722327efca4c399f0321e9bbbb Mon Sep 17 00:00:00 2001 From: Koteswara Rao Kelam Date: Mon, 26 May 2014 06:44:33 -0700 Subject: [PATCH] Add -s option for neutron metering rules While adding iptables rule, cidr is added as destination for both ingress and egress directions. Modified code to add -s for egress and -d for ingress. Closes-bug: 1310589 Change-Id: Id9ca10855e6527d4bec689f8f9bcd6f681221954 --- .../drivers/iptables/iptables_driver.py | 13 ++-- .../metering/drivers/test_iptables_driver.py | 64 ++++++++++++++++++- 2 files changed, 70 insertions(+), 7 deletions(-) diff --git a/neutron/services/metering/drivers/iptables/iptables_driver.py b/neutron/services/metering/drivers/iptables/iptables_driver.py index 3eb17c24607..8f2890fadc5 100644 --- a/neutron/services/metering/drivers/iptables/iptables_driver.py +++ b/neutron/services/metering/drivers/iptables/iptables_driver.py @@ -141,16 +141,17 @@ class IptablesMeteringDriver(abstract_driver.MeteringAbstractDriver): for rule in rules: remote_ip = rule['remote_ip_prefix'] - dir = '-i ' + ext_dev if rule['direction'] == 'egress': - dir = '-o ' + ext_dev + dir_opt = '-o %s -s %s' % (ext_dev, remote_ip) + else: + dir_opt = '-i %s -d %s' % (ext_dev, remote_ip) if rule['excluded']: - ipt_rule = dir + ' -d ' + remote_ip + ' -j RETURN' - im.ipv4['filter'].add_rule(rules_chain, ipt_rule, wrap=False, - top=True) + ipt_rule = '%s -j RETURN' % dir_opt + im.ipv4['filter'].add_rule(rules_chain, ipt_rule, + wrap=False, top=True) else: - ipt_rule = dir + ' -d ' + remote_ip + ' -j ' + label_chain + ipt_rule = '%s -j %s' % (dir_opt, label_chain) im.ipv4['filter'].add_rule(rules_chain, ipt_rule, wrap=False, top=False) diff --git a/neutron/tests/unit/services/metering/drivers/test_iptables_driver.py b/neutron/tests/unit/services/metering/drivers/test_iptables_driver.py index ad056f40122..fe30edb747b 100644 --- a/neutron/tests/unit/services/metering/drivers/test_iptables_driver.py +++ b/neutron/tests/unit/services/metering/drivers/test_iptables_driver.py @@ -92,6 +92,68 @@ class IptablesDriverTestCase(base.BaseTestCase): self.v4filter_inst.assert_has_calls(calls) + def test_process_metering_label_rules(self): + routers = [{'_metering_labels': [ + {'id': 'c5df2fe5-c600-4a2a-b2f4-c0fb6df73c83', + 'rules': [{ + 'direction': 'ingress', + 'excluded': False, + 'id': '7f1a261f-2489-4ed1-870c-a62754501379', + 'metering_label_id': 'c5df2fe5-c600-4a2a-b2f4-c0fb6df73c83', + 'remote_ip_prefix': '10.0.0.0/24'}]}], + 'admin_state_up': True, + 'gw_port_id': '6d411f48-ecc7-45e0-9ece-3b5bdb54fcee', + 'id': '473ec392-1711-44e3-b008-3251ccfc5099', + 'name': 'router1', + 'status': 'ACTIVE', + 'tenant_id': '6c5f5d2a1fa2441e88e35422926f48e8'}, + {'_metering_labels': [ + {'id': 'eeef45da-c600-4a2a-b2f4-c0fb6df73c83', + 'rules': [{ + 'direction': 'egress', + 'excluded': False, + 'id': 'fa2441e8-2489-4ed1-870c-a62754501379', + 'metering_label_id': 'eeef45da-c600-4a2a-b2f4-c0fb6df73c83', + 'remote_ip_prefix': '20.0.0.0/24'}]}], + 'admin_state_up': True, + 'gw_port_id': '7d411f48-ecc7-45e0-9ece-3b5bdb54fcee', + 'id': '373ec392-1711-44e3-b008-3251ccfc5099', + 'name': 'router2', + 'status': 'ACTIVE', + 'tenant_id': '6c5f5d2a1fa2441e88e35422926f48e8'}] + self.metering.add_metering_label(None, routers) + + calls = [mock.call.add_chain('neutron-meter-l-c5df2fe5-c60', + wrap=False), + mock.call.add_chain('neutron-meter-r-c5df2fe5-c60', + wrap=False), + mock.call.add_rule('neutron-meter-FORWARD', '-j ' + 'neutron-meter-r-c5df2fe5-c60', + wrap=False), + mock.call.add_rule('neutron-meter-l-c5df2fe5-c60', + '', + wrap=False), + mock.call.add_rule('neutron-meter-r-c5df2fe5-c60', + '-i qg-6d411f48-ec -d 10.0.0.0/24' + ' -j neutron-meter-l-c5df2fe5-c60', + wrap=False, top=False), + mock.call.add_chain('neutron-meter-l-eeef45da-c60', + wrap=False), + mock.call.add_chain('neutron-meter-r-eeef45da-c60', + wrap=False), + mock.call.add_rule('neutron-meter-FORWARD', '-j ' + 'neutron-meter-r-eeef45da-c60', + wrap=False), + mock.call.add_rule('neutron-meter-l-eeef45da-c60', + '', + wrap=False), + mock.call.add_rule('neutron-meter-r-eeef45da-c60', + '-o qg-7d411f48-ec -s 20.0.0.0/24' + ' -j neutron-meter-l-eeef45da-c60', + wrap=False, top=False)] + + self.v4filter_inst.assert_has_calls(calls) + def test_add_metering_label_with_rules(self): routers = [{'_metering_labels': [ {'id': 'c5df2fe5-c600-4a2a-b2f4-c0fb6df73c83', @@ -204,7 +266,7 @@ class IptablesDriverTestCase(base.BaseTestCase): mock.call.empty_chain('neutron-meter-r-c5df2fe5-c60', wrap=False), mock.call.add_rule('neutron-meter-r-c5df2fe5-c60', - '-o qg-6d411f48-ec -d 10.0.0.0/24' + '-o qg-6d411f48-ec -s 10.0.0.0/24' ' -j RETURN', wrap=False, top=True), mock.call.add_rule('neutron-meter-r-c5df2fe5-c60',