Merge "Fix security group rules created for dhcpv6" into stable/ocata

This commit is contained in:
Jenkins 2017-05-31 02:55:22 +00:00 committed by Gerrit Code Review
commit 151310cdc3
2 changed files with 12 additions and 0 deletions

View File

@ -337,6 +337,9 @@ class SecurityGroupServerRpcMixin(sg_db.SecurityGroupDbMixin):
if ip_version == 4:
# v4 dhcp servers can also talk to broadcast
dests.append('255.255.255.255/32')
elif ip_version == 6:
# v6 dhcp responses can target link-local addresses
dests.append('fe80::/64')
source_port, dest_port, ethertype = DHCP_RULE_PORT[ip_version]
for dest in dests:
dhcp_rule = {'direction': 'ingress',

View File

@ -87,6 +87,15 @@ def ingress_address_assignment_rules(port):
'source_port_range_max': 547,
'source_port_range_min': 547,
'dest_ip_prefix': '%s/128' % dest})
for dest in ['fe80::/64']:
rules.append({'direction': 'ingress',
'ethertype': 'IPv6',
'port_range_max': 546,
'port_range_min': 546,
'protocol': 'udp',
'source_port_range_max': 547,
'source_port_range_min': 547,
'dest_ip_prefix': '%s' % dest})
return rules