Merge "Correct MAC representation to match iptables output"

2015-10-09 16:00:06 +00:00 · 2015-10-09 16:00:06 +00:00 · 6bc5fd3b2c
parent 522ba2fd91 5cab062465
commit 6bc5fd3b2c
2 changed files with 8 additions and 3 deletions
--- a/neutron/agent/linux/iptables_firewall.py
+++ b/neutron/agent/linux/iptables_firewall.py
@ -51,6 +51,11 @@ MAX_CONNTRACK_ZONES = 65535
 comment_rule = iptables_manager.comment_rule


+class mac_iptables(netaddr.mac_eui48):
+    """mac format class for netaddr to match iptables representation."""
+    word_sep = ':'
+
+
 class IptablesFirewallDriver(firewall.FirewallDriver):
    """Driver which enforces security groups through iptables rules."""
    IPTABLES_DIRECTION = {firewall.INGRESS_DIRECTION: 'physdev-out',
@ -368,7 +373,7 @@ class IptablesFirewallDriver(firewall.FirewallDriver):

    def _build_ipv4v6_mac_ip_list(self, mac, ip_address, mac_ipv4_pairs,
                                  mac_ipv6_pairs):
-        mac = str(netaddr.EUI(mac, dialect=netaddr.mac_unix))
+        mac = str(netaddr.EUI(mac, dialect=mac_iptables))
        if netaddr.IPNetwork(ip_address).version == 4:
            mac_ipv4_pairs.append((mac, ip_address))
        else:
--- a/neutron/tests/unit/agent/linux/test_iptables_firewall.py
+++ b/neutron/tests/unit/agent/linux/test_iptables_firewall.py
@ -1817,8 +1817,8 @@ class IptablesFirewallEnhancedIpsetTestCase(BaseIptablesFirewallTestCase):
                          for ip in other_ips])

    def test_build_ipv4v6_mac_ip_list(self):
-        mac_oth = 'ffff-ffff-ffff'
-        mac_unix = 'ff:ff:ff:ff:ff:ff'
+        mac_oth = 'ffff-ff0f-ffff'
+        mac_unix = 'FF:FF:FF:0F:FF:FF'
        ipv4 = FAKE_IP['IPv4']
        ipv6 = FAKE_IP['IPv6']
        fake_ipv4_pair = []