Merge "Egress sg_rules should get 'prefix' from 'dest_ip_prefix'"

This commit is contained in:
Jenkins 2017-03-31 19:26:20 +00:00 committed by Gerrit Code Review
commit bb7b357d92
1 changed files with 53 additions and 43 deletions

View File

@ -391,7 +391,17 @@ class IptablesFirewallTestCase(BaseIptablesFirewallTestCase):
ingress = None
self._test_prepare_port_filter(rule, ingress, egress)
def test_filter_ipv4_egress_prefix(self):
def test_filter_ipv4_egress_dest_prefix(self):
prefix = FAKE_PREFIX['IPv4']
rule = {'ethertype': 'IPv4',
'direction': 'egress',
'dest_ip_prefix': prefix}
egress = mock.call.add_rule(
'ofake_dev', '-d %s -j RETURN' % prefix, comment=None)
ingress = None
self._test_prepare_port_filter(rule, ingress, egress)
def test_filter_ipv4_egress_source_prefix(self):
prefix = FAKE_PREFIX['IPv4']
rule = {'ethertype': 'IPv4',
'direction': 'egress',
@ -415,9 +425,9 @@ class IptablesFirewallTestCase(BaseIptablesFirewallTestCase):
rule = {'ethertype': 'IPv4',
'direction': 'egress',
'protocol': 'tcp',
'source_ip_prefix': prefix}
'dest_ip_prefix': prefix}
egress = mock.call.add_rule('ofake_dev',
'-s %s -p tcp -j RETURN' % prefix,
'-d %s -p tcp -j RETURN' % prefix,
comment=None)
ingress = None
self._test_prepare_port_filter(rule, ingress, egress)
@ -436,9 +446,9 @@ class IptablesFirewallTestCase(BaseIptablesFirewallTestCase):
rule = {'ethertype': 'IPv4',
'direction': 'egress',
'protocol': 'icmp',
'source_ip_prefix': prefix}
'dest_ip_prefix': prefix}
egress = mock.call.add_rule(
'ofake_dev', '-s %s -p icmp -j RETURN' % prefix,
'ofake_dev', '-d %s -p icmp -j RETURN' % prefix,
comment=None)
ingress = None
self._test_prepare_port_filter(rule, ingress, egress)
@ -448,11 +458,11 @@ class IptablesFirewallTestCase(BaseIptablesFirewallTestCase):
rule = {'ethertype': 'IPv4',
'direction': 'egress',
'protocol': 'icmp',
'source_port_range_min': 8,
'source_ip_prefix': prefix}
'port_range_min': 8,
'dest_ip_prefix': prefix}
egress = mock.call.add_rule(
'ofake_dev',
'-s %s -p icmp -m icmp --icmp-type 8 -j RETURN' % prefix,
'-d %s -p icmp -m icmp --icmp-type 8 -j RETURN' % prefix,
comment=None)
ingress = None
self._test_prepare_port_filter(rule, ingress, egress)
@ -462,11 +472,11 @@ class IptablesFirewallTestCase(BaseIptablesFirewallTestCase):
rule = {'ethertype': 'IPv4',
'direction': 'egress',
'protocol': 'icmp',
'source_port_range_min': 'echo-request',
'source_ip_prefix': prefix}
'port_range_min': 'echo-request',
'dest_ip_prefix': prefix}
egress = mock.call.add_rule(
'ofake_dev',
'-s %s -p icmp -m icmp --icmp-type echo-request '
'-d %s -p icmp -m icmp --icmp-type echo-request '
'-j RETURN' % prefix,
comment=None)
ingress = None
@ -477,12 +487,12 @@ class IptablesFirewallTestCase(BaseIptablesFirewallTestCase):
rule = {'ethertype': 'IPv4',
'direction': 'egress',
'protocol': 'icmp',
'source_port_range_min': 8,
'source_port_range_max': 0,
'source_ip_prefix': prefix}
'port_range_min': 8,
'port_range_max': 0,
'dest_ip_prefix': prefix}
egress = mock.call.add_rule(
'ofake_dev',
'-s %s -p icmp -m icmp --icmp-type 8/0 -j RETURN' % prefix,
'-d %s -p icmp -m icmp --icmp-type 8/0 -j RETURN' % prefix,
comment=None)
ingress = None
self._test_prepare_port_filter(rule, ingress, egress)
@ -519,10 +529,10 @@ class IptablesFirewallTestCase(BaseIptablesFirewallTestCase):
'protocol': 'tcp',
'port_range_min': 10,
'port_range_max': 100,
'source_ip_prefix': prefix}
'dest_ip_prefix': prefix}
egress = mock.call.add_rule(
'ofake_dev',
'-s %s -p tcp -m tcp -m multiport --dports 10:100 '
'-d %s -p tcp -m tcp -m multiport --dports 10:100 '
'-j RETURN' % prefix, comment=None)
ingress = None
self._test_prepare_port_filter(rule, ingress, egress)
@ -541,9 +551,9 @@ class IptablesFirewallTestCase(BaseIptablesFirewallTestCase):
rule = {'ethertype': 'IPv4',
'direction': 'egress',
'protocol': 'udp',
'source_ip_prefix': prefix}
'dest_ip_prefix': prefix}
egress = mock.call.add_rule('ofake_dev',
'-s %s -p udp -j RETURN' % prefix,
'-d %s -p udp -j RETURN' % prefix,
comment=None)
ingress = None
self._test_prepare_port_filter(rule, ingress, egress)
@ -580,10 +590,10 @@ class IptablesFirewallTestCase(BaseIptablesFirewallTestCase):
'protocol': 'udp',
'port_range_min': 10,
'port_range_max': 100,
'source_ip_prefix': prefix}
'dest_ip_prefix': prefix}
egress = mock.call.add_rule(
'ofake_dev',
'-s %s -p udp -m udp -m multiport --dports 10:100 '
'-d %s -p udp -m udp -m multiport --dports 10:100 '
'-j RETURN' % prefix, comment=None)
ingress = None
self._test_prepare_port_filter(rule, ingress, egress)
@ -779,9 +789,9 @@ class IptablesFirewallTestCase(BaseIptablesFirewallTestCase):
prefix = FAKE_PREFIX['IPv6']
rule = {'ethertype': 'IPv6',
'direction': 'egress',
'source_ip_prefix': prefix}
'dest_ip_prefix': prefix}
egress = mock.call.add_rule(
'ofake_dev', '-s %s -j RETURN' % prefix, comment=None)
'ofake_dev', '-d %s -j RETURN' % prefix, comment=None)
ingress = None
self._test_prepare_port_filter(rule, ingress, egress)
@ -799,9 +809,9 @@ class IptablesFirewallTestCase(BaseIptablesFirewallTestCase):
rule = {'ethertype': 'IPv6',
'direction': 'egress',
'protocol': 'tcp',
'source_ip_prefix': prefix}
'dest_ip_prefix': prefix}
egress = mock.call.add_rule('ofake_dev',
'-s %s -p tcp -j RETURN' % prefix,
'-d %s -p tcp -j RETURN' % prefix,
comment=None)
ingress = None
self._test_prepare_port_filter(rule, ingress, egress)
@ -820,9 +830,9 @@ class IptablesFirewallTestCase(BaseIptablesFirewallTestCase):
rule = {'ethertype': 'IPv6',
'direction': 'egress',
'protocol': 'icmp',
'source_ip_prefix': prefix}
'dest_ip_prefix': prefix}
egress = mock.call.add_rule(
'ofake_dev', '-s %s -p ipv6-icmp -j RETURN' % prefix,
'ofake_dev', '-d %s -p ipv6-icmp -j RETURN' % prefix,
comment=None)
ingress = None
self._test_prepare_port_filter(rule, ingress, egress)
@ -832,11 +842,11 @@ class IptablesFirewallTestCase(BaseIptablesFirewallTestCase):
rule = {'ethertype': 'IPv6',
'direction': 'egress',
'protocol': 'icmp',
'source_port_range_min': 8,
'source_ip_prefix': prefix}
'port_range_min': 8,
'dest_ip_prefix': prefix}
egress = mock.call.add_rule(
'ofake_dev',
'-s %s -p ipv6-icmp -m icmp6 --icmpv6-type 8 -j RETURN' % prefix,
'-d %s -p ipv6-icmp -m icmp6 --icmpv6-type 8 -j RETURN' % prefix,
comment=None)
ingress = None
self._test_prepare_port_filter(rule, ingress, egress)
@ -846,11 +856,11 @@ class IptablesFirewallTestCase(BaseIptablesFirewallTestCase):
rule = {'ethertype': 'IPv6',
'direction': 'egress',
'protocol': 'icmp',
'source_port_range_min': 'echo-request',
'source_ip_prefix': prefix}
'port_range_min': 'echo-request',
'dest_ip_prefix': prefix}
egress = mock.call.add_rule(
'ofake_dev',
'-s %s -p ipv6-icmp -m icmp6 --icmpv6-type echo-request '
'-d %s -p ipv6-icmp -m icmp6 --icmpv6-type echo-request '
'-j RETURN' % prefix,
comment=None)
ingress = None
@ -861,12 +871,12 @@ class IptablesFirewallTestCase(BaseIptablesFirewallTestCase):
rule = {'ethertype': 'IPv6',
'direction': 'egress',
'protocol': 'icmp',
'source_port_range_min': 8,
'source_port_range_max': 0,
'source_ip_prefix': prefix}
'port_range_min': 8,
'port_range_max': 0,
'dest_ip_prefix': prefix}
egress = mock.call.add_rule(
'ofake_dev',
'-s %s -p ipv6-icmp -m icmp6 --icmpv6-type 8/0 -j RETURN' % prefix,
'-d %s -p ipv6-icmp -m icmp6 --icmpv6-type 8/0 -j RETURN' % prefix,
comment=None)
ingress = None
self._test_prepare_port_filter(rule, ingress, egress)
@ -903,10 +913,10 @@ class IptablesFirewallTestCase(BaseIptablesFirewallTestCase):
'protocol': 'tcp',
'port_range_min': 10,
'port_range_max': 100,
'source_ip_prefix': prefix}
'dest_ip_prefix': prefix}
egress = mock.call.add_rule(
'ofake_dev',
'-s %s -p tcp -m tcp -m multiport --dports 10:100 '
'-d %s -p tcp -m tcp -m multiport --dports 10:100 '
'-j RETURN' % prefix, comment=None)
ingress = None
self._test_prepare_port_filter(rule, ingress, egress)
@ -925,9 +935,9 @@ class IptablesFirewallTestCase(BaseIptablesFirewallTestCase):
rule = {'ethertype': 'IPv6',
'direction': 'egress',
'protocol': 'udp',
'source_ip_prefix': prefix}
'dest_ip_prefix': prefix}
egress = mock.call.add_rule('ofake_dev',
'-s %s -p udp -j RETURN' % prefix,
'-d %s -p udp -j RETURN' % prefix,
comment=None)
ingress = None
self._test_prepare_port_filter(rule, ingress, egress)
@ -964,10 +974,10 @@ class IptablesFirewallTestCase(BaseIptablesFirewallTestCase):
'protocol': 'udp',
'port_range_min': 10,
'port_range_max': 100,
'source_ip_prefix': prefix}
'dest_ip_prefix': prefix}
egress = mock.call.add_rule(
'ofake_dev',
'-s %s -p udp -m udp -m multiport --dports 10:100 '
'-d %s -p udp -m udp -m multiport --dports 10:100 '
'-j RETURN' % prefix, comment=None)
ingress = None
self._test_prepare_port_filter(rule, ingress, egress)