x/python-ganttclient
Code Issues Proposed changes

Fix up rule generation. It turns out nwfilter gets very, very wonky indeed

Browse Source 
if you mix <ip> rules and <tcp> rules. Setting a TCP rule adds an early rule
to ebtables that ends up overriding the <ip> rules which are last in that
table.
This commit is contained in:
Soren Hansen
2010-09-14 15:17:52 +02:00
parent 0f13e80c2c
commit 78e876c6ab
2 changed files with 4 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
nova/endpoint/cloud.py
View File

@@ -326,7 +326,7 @@ class CloudController(object):
security_group = db.security_group_get_by_name(context,
context.project.id,
group_name)
values = { 'parent_group_id' : security_group.id }
values = { 'parent_group' : security_group }
if source_security_group_name:
source_project_id = self._get_source_project_id(context,
@@ -349,7 +349,6 @@ class CloudController(object):
else:
# If cidr based filtering, protocol and ports are mandatory
if 'cidr' in values:
print values
return None
security_group_rule = db.security_group_rule_create(context, values)

6
nova/tests/virt_unittest.py
View File

@@ -118,15 +118,15 @@ class NWFilterTestCase(test.TrialTestCase):
self.assertEqual(len(rules), 1)
# It's supposed to allow inbound traffic.
self.assertEqual(rules[0].getAttribute('action'), 'allow')
self.assertEqual(rules[0].getAttribute('action'), 'accept')
self.assertEqual(rules[0].getAttribute('direction'), 'in')
# Must be lower priority than the base filter (which blocks everything)
self.assertTrue(int(rules[0].getAttribute('priority')) < 1000)
ip_conditions = rules[0].getElementsByTagName('ip')
ip_conditions = rules[0].getElementsByTagName('tcp')
self.assertEqual(len(ip_conditions), 1)
self.assertEqual(ip_conditions[0].getAttribute('protocol'), 'tcp')
self.assertEqual(ip_conditions[0].getAttribute('srcipaddr'), '0.0.0.0/0')
self.assertEqual(ip_conditions[0].getAttribute('dstportstart'), '80')
self.assertEqual(ip_conditions[0].getAttribute('dstportend'), '81')