Add -s option for neutron metering rules
While adding iptables rule, cidr is added as destination for both ingress and egress directions. Modified code to add -s for egress and -d for ingress. Closes-bug: 1310589 Change-Id: Id9ca10855e6527d4bec689f8f9bcd6f681221954
This commit is contained in:
parent
59da928e94
commit
72e8b5dc5a
@ -141,16 +141,17 @@ class IptablesMeteringDriver(abstract_driver.MeteringAbstractDriver):
|
|||||||
for rule in rules:
|
for rule in rules:
|
||||||
remote_ip = rule['remote_ip_prefix']
|
remote_ip = rule['remote_ip_prefix']
|
||||||
|
|
||||||
dir = '-i ' + ext_dev
|
|
||||||
if rule['direction'] == 'egress':
|
if rule['direction'] == 'egress':
|
||||||
dir = '-o ' + ext_dev
|
dir_opt = '-o %s -s %s' % (ext_dev, remote_ip)
|
||||||
|
else:
|
||||||
|
dir_opt = '-i %s -d %s' % (ext_dev, remote_ip)
|
||||||
|
|
||||||
if rule['excluded']:
|
if rule['excluded']:
|
||||||
ipt_rule = dir + ' -d ' + remote_ip + ' -j RETURN'
|
ipt_rule = '%s -j RETURN' % dir_opt
|
||||||
im.ipv4['filter'].add_rule(rules_chain, ipt_rule, wrap=False,
|
im.ipv4['filter'].add_rule(rules_chain, ipt_rule,
|
||||||
top=True)
|
wrap=False, top=True)
|
||||||
else:
|
else:
|
||||||
ipt_rule = dir + ' -d ' + remote_ip + ' -j ' + label_chain
|
ipt_rule = '%s -j %s' % (dir_opt, label_chain)
|
||||||
im.ipv4['filter'].add_rule(rules_chain, ipt_rule,
|
im.ipv4['filter'].add_rule(rules_chain, ipt_rule,
|
||||||
wrap=False, top=False)
|
wrap=False, top=False)
|
||||||
|
|
||||||
|
@ -92,6 +92,68 @@ class IptablesDriverTestCase(base.BaseTestCase):
|
|||||||
|
|
||||||
self.v4filter_inst.assert_has_calls(calls)
|
self.v4filter_inst.assert_has_calls(calls)
|
||||||
|
|
||||||
|
def test_process_metering_label_rules(self):
|
||||||
|
routers = [{'_metering_labels': [
|
||||||
|
{'id': 'c5df2fe5-c600-4a2a-b2f4-c0fb6df73c83',
|
||||||
|
'rules': [{
|
||||||
|
'direction': 'ingress',
|
||||||
|
'excluded': False,
|
||||||
|
'id': '7f1a261f-2489-4ed1-870c-a62754501379',
|
||||||
|
'metering_label_id': 'c5df2fe5-c600-4a2a-b2f4-c0fb6df73c83',
|
||||||
|
'remote_ip_prefix': '10.0.0.0/24'}]}],
|
||||||
|
'admin_state_up': True,
|
||||||
|
'gw_port_id': '6d411f48-ecc7-45e0-9ece-3b5bdb54fcee',
|
||||||
|
'id': '473ec392-1711-44e3-b008-3251ccfc5099',
|
||||||
|
'name': 'router1',
|
||||||
|
'status': 'ACTIVE',
|
||||||
|
'tenant_id': '6c5f5d2a1fa2441e88e35422926f48e8'},
|
||||||
|
{'_metering_labels': [
|
||||||
|
{'id': 'eeef45da-c600-4a2a-b2f4-c0fb6df73c83',
|
||||||
|
'rules': [{
|
||||||
|
'direction': 'egress',
|
||||||
|
'excluded': False,
|
||||||
|
'id': 'fa2441e8-2489-4ed1-870c-a62754501379',
|
||||||
|
'metering_label_id': 'eeef45da-c600-4a2a-b2f4-c0fb6df73c83',
|
||||||
|
'remote_ip_prefix': '20.0.0.0/24'}]}],
|
||||||
|
'admin_state_up': True,
|
||||||
|
'gw_port_id': '7d411f48-ecc7-45e0-9ece-3b5bdb54fcee',
|
||||||
|
'id': '373ec392-1711-44e3-b008-3251ccfc5099',
|
||||||
|
'name': 'router2',
|
||||||
|
'status': 'ACTIVE',
|
||||||
|
'tenant_id': '6c5f5d2a1fa2441e88e35422926f48e8'}]
|
||||||
|
self.metering.add_metering_label(None, routers)
|
||||||
|
|
||||||
|
calls = [mock.call.add_chain('neutron-meter-l-c5df2fe5-c60',
|
||||||
|
wrap=False),
|
||||||
|
mock.call.add_chain('neutron-meter-r-c5df2fe5-c60',
|
||||||
|
wrap=False),
|
||||||
|
mock.call.add_rule('neutron-meter-FORWARD', '-j '
|
||||||
|
'neutron-meter-r-c5df2fe5-c60',
|
||||||
|
wrap=False),
|
||||||
|
mock.call.add_rule('neutron-meter-l-c5df2fe5-c60',
|
||||||
|
'',
|
||||||
|
wrap=False),
|
||||||
|
mock.call.add_rule('neutron-meter-r-c5df2fe5-c60',
|
||||||
|
'-i qg-6d411f48-ec -d 10.0.0.0/24'
|
||||||
|
' -j neutron-meter-l-c5df2fe5-c60',
|
||||||
|
wrap=False, top=False),
|
||||||
|
mock.call.add_chain('neutron-meter-l-eeef45da-c60',
|
||||||
|
wrap=False),
|
||||||
|
mock.call.add_chain('neutron-meter-r-eeef45da-c60',
|
||||||
|
wrap=False),
|
||||||
|
mock.call.add_rule('neutron-meter-FORWARD', '-j '
|
||||||
|
'neutron-meter-r-eeef45da-c60',
|
||||||
|
wrap=False),
|
||||||
|
mock.call.add_rule('neutron-meter-l-eeef45da-c60',
|
||||||
|
'',
|
||||||
|
wrap=False),
|
||||||
|
mock.call.add_rule('neutron-meter-r-eeef45da-c60',
|
||||||
|
'-o qg-7d411f48-ec -s 20.0.0.0/24'
|
||||||
|
' -j neutron-meter-l-eeef45da-c60',
|
||||||
|
wrap=False, top=False)]
|
||||||
|
|
||||||
|
self.v4filter_inst.assert_has_calls(calls)
|
||||||
|
|
||||||
def test_add_metering_label_with_rules(self):
|
def test_add_metering_label_with_rules(self):
|
||||||
routers = [{'_metering_labels': [
|
routers = [{'_metering_labels': [
|
||||||
{'id': 'c5df2fe5-c600-4a2a-b2f4-c0fb6df73c83',
|
{'id': 'c5df2fe5-c600-4a2a-b2f4-c0fb6df73c83',
|
||||||
@ -204,7 +266,7 @@ class IptablesDriverTestCase(base.BaseTestCase):
|
|||||||
mock.call.empty_chain('neutron-meter-r-c5df2fe5-c60',
|
mock.call.empty_chain('neutron-meter-r-c5df2fe5-c60',
|
||||||
wrap=False),
|
wrap=False),
|
||||||
mock.call.add_rule('neutron-meter-r-c5df2fe5-c60',
|
mock.call.add_rule('neutron-meter-r-c5df2fe5-c60',
|
||||||
'-o qg-6d411f48-ec -d 10.0.0.0/24'
|
'-o qg-6d411f48-ec -s 10.0.0.0/24'
|
||||||
' -j RETURN',
|
' -j RETURN',
|
||||||
wrap=False, top=True),
|
wrap=False, top=True),
|
||||||
mock.call.add_rule('neutron-meter-r-c5df2fe5-c60',
|
mock.call.add_rule('neutron-meter-r-c5df2fe5-c60',
|
||||||
|
Loading…
Reference in New Issue
Block a user