openstack
/
neutron
Code Issues Proposed changes

Merge "Enforce ethertype with IPv6 integer protocols"

This commit is contained in:
Jenkins 2017-07-28 10:25:40 +00:00 committed by Gerrit Code Review
parent 03707a61d9 2ec36dc812
commit d34aa00d4b
2 changed files with 19 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
neutron/db/securitygroups_db.py
View File

@ -473,7 +473,13 @@ class SecurityGroupDbMixin(ext_sg.SecurityGroupPluginBase):
constants.PROTO_NAME_IPV6_ICMP_LEGACY,
constants.PROTO_NAME_IPV6_NONXT,
constants.PROTO_NAME_IPV6_OPTS,
constants.PROTO_NAME_IPV6_ROUTE]:
constants.PROTO_NAME_IPV6_ROUTE,
str(constants.PROTO_NUM_IPV6_ENCAP),
str(constants.PROTO_NUM_IPV6_FRAG),
str(constants.PROTO_NUM_IPV6_ICMP),
str(constants.PROTO_NUM_IPV6_NONXT),
str(constants.PROTO_NUM_IPV6_OPTS),
str(constants.PROTO_NUM_IPV6_ROUTE)]:
if rule['ethertype'] == constants.IPv4:
raise ext_sg.SecurityGroupEthertypeConflictWithProtocol(
ethertype=rule['ethertype'], protocol=rule['protocol'])

12
neutron/tests/unit/db/test_securitygroups_db.py
View File

@ -217,6 +217,18 @@ class SecurityGroupDbMixinTestCase(testlib_api.SqlTestCase):
{'protocol': constants.PROTO_NAME_IPV6_NONXT,
'ethertype': constants.IPv4},
{'protocol': constants.PROTO_NAME_IPV6_OPTS,
'ethertype': constants.IPv4},
{'protocol': str(constants.PROTO_NUM_IPV6_ICMP),
'ethertype': constants.IPv4},
{'protocol': str(constants.PROTO_NUM_IPV6_ENCAP),
'ethertype': constants.IPv4},
{'protocol': str(constants.PROTO_NUM_IPV6_ROUTE),
'ethertype': constants.IPv4},
{'protocol': str(constants.PROTO_NUM_IPV6_FRAG),
'ethertype': constants.IPv4},
{'protocol': str(constants.PROTO_NUM_IPV6_NONXT),
'ethertype': constants.IPv4},
{'protocol': str(constants.PROTO_NUM_IPV6_OPTS),
'ethertype': constants.IPv4}]
# test wrong protocols
for rule in fake_ipv4_rules: