openstack
/
neutron
Code Issues Proposed changes

Merge "Filter out port with invalid ofport in OVS firewall" into stable/victoria

This commit is contained in:
Zuul 2020-10-23 01:22:24 +00:00 committed by Gerrit Code Review
parent 5a3d2adce3 24dd977c22
commit c2875b14ce
2 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
neutron/agent/linux/openvswitch_firewall/firewall.py
View File

@ -585,7 +585,8 @@ class OVSFirewallDriver(firewall.FirewallDriver):
def get_ovs_port(self, port_id):
ovs_port = self.int_br.br.get_vif_port_by_id(port_id)
if not ovs_port:
if not ovs_port or ovs_port.ofport in (ovs_lib.UNASSIGNED_OFPORT,
ovs_lib.INVALID_OFPORT):
raise exceptions.OVSFWPortNotFound(port_id=port_id)
return ovs_port

8
neutron/tests/unit/agent/linux/openvswitch_firewall/test_firewall.py
View File

@ -933,6 +933,14 @@ class TestOVSFirewallDriver(base.BaseTestCase):
with testtools.ExpectedException(exceptions.OVSFWPortNotFound):
self.firewall.get_ovs_port('port_id')
def test_get_ovs_port_invalid(self):
vif_port = ovs_lib.VifPort('name', 'ofport', 'id', 'mac', 'switch')
self.mock_bridge.br.get_vif_port_by_id.return_value = vif_port
for ofport in (ovs_lib.UNASSIGNED_OFPORT, ovs_lib.INVALID_OFPORT):
vif_port.ofport = ofport
with testtools.ExpectedException(exceptions.OVSFWPortNotFound):
self.firewall.get_ovs_port('port_id')
def test__initialize_egress_no_port_security_sends_to_egress(self):
self.mock_bridge.br.db_get_val.return_value = {'tag': TESTING_VLAN_TAG}
self.firewall._initialize_egress_no_port_security('port_id')