Browse Source

Merge "Fix iptables rules comments" into stable/ussuri

changes/99/734899/1
Zuul 1 month ago
committed by Gerrit Code Review
parent
commit
a75e214aa3
2 changed files with 16 additions and 2 deletions
  1. +7
    -2
      neutron/agent/linux/iptables_firewall.py
  2. +9
    -0
      neutron/tests/unit/agent/linux/test_iptables_firewall.py

+ 7
- 2
neutron/agent/linux/iptables_firewall.py View File

@@ -387,6 +387,11 @@ class IptablesFirewallDriver(firewall.FirewallDriver):
def _get_br_device_name(self, port):
return ('brq' + port['network_id'])[:constants.LINUX_DEV_LEN]

def _get_port_device_name(self, port):
if port['device'].startswith(constants.TAP_DEVICE_PREFIX):
return port['device'][4:]
return port['device']

def _get_jump_rules(self, port, create=True):
zone = self.ipconntrack.get_device_zone(port, create=create)
if not zone:
@@ -400,10 +405,10 @@ class IptablesFirewallDriver(firewall.FirewallDriver):
if self._are_sg_rules_stateful(port_sg_rules):
# comment to prevent duplicate warnings for different devices using
# same bridge. truncate start to remove prefixes
comment = 'Set zone for %s' % port['device'][4:]
comment = 'Set zone for %s' % self._get_port_device_name(port)
conntrack = '--zone %s' % self.ipconntrack.get_device_zone(port)
else:
comment = 'Make %s stateless' % port['device'][4:]
comment = 'Make %s stateless' % self._get_port_device_name(port)
conntrack = '--notrack'
rules = []
for dev, match in ((br_dev, match_physdev), (br_dev, match_interface),


+ 9
- 0
neutron/tests/unit/agent/linux/test_iptables_firewall.py View File

@@ -118,6 +118,15 @@ class BaseIptablesFirewallTestCase(base.BaseTestCase):

class IptablesFirewallTestCase(BaseIptablesFirewallTestCase):

def test__get_port_device_name(self):
self.assertEqual(
"name",
self.firewall._get_port_device_name({'device': 'name'}))
self.assertEqual(
"name",
self.firewall._get_port_device_name(
{'device': '%s_name' % constants.TAP_DEVICE_PREFIX}))

def test_prepare_port_filter_with_no_sg(self):
port = self._fake_port()
self.firewall.prepare_port_filter(port)


Loading…
Cancel
Save