From 4fa7c0da15e8284de32445254af49f212e1e5f2b Mon Sep 17 00:00:00 2001
From: Tong Liu <tongl@vmware.com>
Date: Tue, 14 Mar 2017 16:12:51 +0000
Subject: [PATCH] Fix FIP DNAT rule match_ports bug

When we create FIP in Neutron, default DNAT is created without
passing match_ports to add_fip_nat_rules. However, when adding
nat rules, [] is not None, and it goes ahead to create default
DNAT rule only allowing TCP protocol which is wrong. We should
ANY protocol for FIP DNAT.

Closes-Bug: #1672939

Change-Id: Ib3743018646c521923bb8bbc5fad1409eb4fbe16
---
 vmware_nsxlib/v3/__init__.py | 2 +-
 vmware_nsxlib/v3/router.py   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/vmware_nsxlib/v3/__init__.py b/vmware_nsxlib/v3/__init__.py
index 82dcc927..9bea2e2b 100644
--- a/vmware_nsxlib/v3/__init__.py
+++ b/vmware_nsxlib/v3/__init__.py
@@ -416,7 +416,7 @@ class NsxLibLogicalRouter(utils.NsxLibApiBase):
             body['match_destination_network'] = dest_net
         if rule_priority:
             body['rule_priority'] = rule_priority
-        if match_ports is not None:
+        if match_ports:
             body['match_service'] = {
                 'resource_type': (match_resource_type or
                                   nsx_constants.L4_PORT_SET_NSSERVICE),
diff --git a/vmware_nsxlib/v3/router.py b/vmware_nsxlib/v3/router.py
index b9e2f99c..a9da79be 100644
--- a/vmware_nsxlib/v3/router.py
+++ b/vmware_nsxlib/v3/router.py
@@ -172,7 +172,7 @@ class RouterLib(object):
             translated_network=int_ip,
             dest_net=ext_ip,
             rule_priority=FIP_NAT_PRI,
-            match_ports=match_ports or [])
+            match_ports=match_ports)
 
     def delete_fip_nat_rules_by_internal_ip(self, logical_router_id, int_ip):
         self.nsxlib.logical_router.delete_nat_rule_by_values(