neutron/neutron/tests/unit/api
LIU Yulong 64a0916d2b [Security] fix allowed-address-pair 0.0.0.0/0 issue
When add allowed-address-pair 0.0.0.0/0 to one port, it will
unexpectedly open all others' protocol under same security
group. IPv6 has the same problem.

The root cause is the openflow rules calculation of the
security group, it will unexpectedly allow all IP(4&6)
traffic to get through.

For openvswitch openflow firewall, this patch adds a source
mac address match for the allowed-address-pair which has
prefix lenght 0, that means all ethernet packets from this
mac will be accepted. It exactly will meet the request of
accepting any IP address from the configured VM.

Test result shows that the remote security group and
allowed address pair works:
1. Port has 0.0.0.0/0 allowed-address-pair clould send any
   IP (src) packet out.
2. Port has x.x.x.x/y allowed-address-pair could be accepted
   for those VMs under same security group.
3. Ports under same network can reach each other (remote
   security group).
4. Protocol port number could be accessed only when there
   has related rule.

Closes-bug: #1867119
Change-Id: I2e3aa7c400d7bb17cc117b65faaa160b41013dde
(cherry picked from commit 00298fe6e8)
2020-07-31 11:23:18 +00:00
..
rpc [Security] fix allowed-address-pair 0.0.0.0/0 issue 2020-07-31 11:23:18 +00:00
v2 Fix bug: AttributeError arises while sorting with standard attributes 2020-02-15 12:32:24 +01:00
__init__.py Send DHCP notifications regardless of agent status 2013-12-19 07:08:19 +00:00
test_api_common.py Add a new configuration variable for api links. 2017-04-18 15:16:41 +00:00
test_extensions.py Update neutron files for new over-indentation hacking rule (E117) 2019-01-30 20:05:18 +03:00