From 5706252c7947887e3c5b00f258dd847027497b97 Mon Sep 17 00:00:00 2001 From: Reedip Date: Thu, 7 Sep 2017 05:36:11 +0000 Subject: [PATCH] DVR-FWaaS: Fix DVR FWaaS rules for fipnamespace FWaaS for DVR routers were only supported for North-South traffic. But with the recent change in the DVR router-info to handle FloatingIP's as mentioned in the reference patch[1], the dist_fip_count variable was removed and was replaced by rtr_fip_connect. So change in variable 'rtr_fip_connect' was not fixed in FWaaS. This patch fixes it in the FWaaS to apply the Firewall rule in the router namespace for the North-South traffic. [1] https://review.openstack.org/#/c/283757 Closes-Bug: #1715395 Change-Id: Id8c902381f95e39bc13e3b3aeeeaa799c72f0dca --- neutron_fwaas/services/firewall/drivers/linux/iptables_fwaas.py | 2 +- .../services/firewall/drivers/linux/iptables_fwaas_v2.py | 2 +- .../unit/services/firewall/drivers/linux/test_iptables_fwaas.py | 2 +- .../services/firewall/drivers/linux/test_iptables_fwaas_v2.py | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/neutron_fwaas/services/firewall/drivers/linux/iptables_fwaas.py b/neutron_fwaas/services/firewall/drivers/linux/iptables_fwaas.py index 167e5208d..7b43fa1ae 100644 --- a/neutron_fwaas/services/firewall/drivers/linux/iptables_fwaas.py +++ b/neutron_fwaas/services/firewall/drivers/linux/iptables_fwaas.py @@ -94,7 +94,7 @@ class IptablesFwaasDriver(fwaas_base.FwaasDriverBase): if router_info.snat_iptables_manager: ipt_mgrs.append({'ipt': router_info.snat_iptables_manager, 'if_prefix': SNAT_INT_DEV_PREFIX}) - if router_info.dist_fip_count: + if router_info.rtr_fip_connect: # handle the fip case on n/w or compute node. ipt_mgrs.append({'ipt': router_info.iptables_manager, 'if_prefix': ROUTER_2_FIP_DEV_PREFIX}) diff --git a/neutron_fwaas/services/firewall/drivers/linux/iptables_fwaas_v2.py b/neutron_fwaas/services/firewall/drivers/linux/iptables_fwaas_v2.py index 61d28c5a8..bdd0eb4bd 100644 --- a/neutron_fwaas/services/firewall/drivers/linux/iptables_fwaas_v2.py +++ b/neutron_fwaas/services/firewall/drivers/linux/iptables_fwaas_v2.py @@ -98,7 +98,7 @@ class IptablesFwaasDriver(fwaas_base_v2.FwaasDriverBase): if ri.snat_iptables_manager: ipt_mgrs.append({'ipt': ri.snat_iptables_manager, 'if_prefix': SNAT_INT_DEV_PREFIX}) - if ri.dist_fip_count: + if ri.rtr_fip_connect: # handle the fip case on n/w or compute node. ipt_mgrs.append({'ipt': ri.iptables_manager, 'if_prefix': ROUTER_2_FIP_DEV_PREFIX}) diff --git a/neutron_fwaas/tests/unit/services/firewall/drivers/linux/test_iptables_fwaas.py b/neutron_fwaas/tests/unit/services/firewall/drivers/linux/test_iptables_fwaas.py index 64e972d6b..eef0264c3 100644 --- a/neutron_fwaas/tests/unit/services/firewall/drivers/linux/test_iptables_fwaas.py +++ b/neutron_fwaas/tests/unit/services/firewall/drivers/linux/test_iptables_fwaas.py @@ -121,7 +121,7 @@ class IptablesFwaasTestCase(base.BaseTestCase): router_info_inst.iptables_manager = iptables_inst router_info_inst.snat_iptables_manager = iptables_inst if distributed_mode == 'dvr': - router_info_inst.dist_fip_count = 1 + router_info_inst.rtr_fip_connect = True router_info_inst.router = router_inst apply_list.append(router_info_inst) router_count -= 1 diff --git a/neutron_fwaas/tests/unit/services/firewall/drivers/linux/test_iptables_fwaas_v2.py b/neutron_fwaas/tests/unit/services/firewall/drivers/linux/test_iptables_fwaas_v2.py index eba20d9f0..e3eb640e0 100644 --- a/neutron_fwaas/tests/unit/services/firewall/drivers/linux/test_iptables_fwaas_v2.py +++ b/neutron_fwaas/tests/unit/services/firewall/drivers/linux/test_iptables_fwaas_v2.py @@ -123,7 +123,7 @@ class IptablesFwaasTestCase(base.BaseTestCase): router_info_inst.iptables_manager = iptables_inst router_info_inst.snat_iptables_manager = iptables_inst if distributed_mode == 'dvr': - router_info_inst.dist_fip_count = 1 + router_info_inst.rtr_fip_connect = True router_info_inst.router = router_inst apply_list.append((router_info_inst, FAKE_PORT_IDS)) router_count -= 1