Browse Source

Merge "NSX|V: Fix SG icmp rules creation"

tags/16.0.0
Zuul 3 months ago
committed by Gerrit Code Review
parent
commit
4d01aee204
1 changed files with 9 additions and 2 deletions
  1. +9
    -2
      vmware_nsx/plugins/nsx_v/vshield/securitygroup_utils.py

+ 9
- 2
vmware_nsx/plugins/nsx_v/vshield/securitygroup_utils.py View File

@@ -117,8 +117,14 @@ class NsxSecurityGroupUtils(object):
svcPortTag = et.SubElement(svcTag, 'subProtocol')
svcPortTag.text = str(icmptype)
if icmpcode is not None:
svcPortTag = et.SubElement(svcTag, 'icmpCode')
svcPortTag.text = str(icmpcode)
if icmptype in ('0', '8') and icmpcode == '0':
# icmpcode 0 should not be sent
# TODO(asarfaty): Validate if this is needed for all
# NSX versions and all icmp types
pass
else:
svcPortTag = et.SubElement(svcTag, 'icmpCode')
svcPortTag.text = str(icmpcode)

if application_services:
s = et.SubElement(ruleTag, 'services')
@@ -150,6 +156,7 @@ class NsxSecurityGroupUtils(object):

def fix_existing_section_rules(self, section):
# fix section existing rules before extending it with new rules
# TODO(asarfaty): Validate if this is needed for all NSX versions
for rule in section.iter('rule'):
services = rule.find('services')
if services:


Loading…
Cancel
Save