Prevent duplicate LLA iptables rules
Check if lla,mac tuple is in pairs before appending it again. Otherwise we end up generating duplicate iptables rules. Closes-Bug: #1622938 Change-Id: I43658a31f9853cbc94784f497193210990f769dd
This commit is contained in:
parent
dedb632ba5
commit
d1b9026729
|
@ -389,7 +389,9 @@ class IptablesFirewallDriver(firewall.FirewallDriver):
|
|||
mac_ipv6_pairs.append((mac, ip_address))
|
||||
lla = str(netutils.get_ipv6_addr_by_EUI64(
|
||||
constants.IPv6_LLA_PREFIX, mac))
|
||||
mac_ipv6_pairs.append((mac, lla))
|
||||
if (mac, lla) not in mac_ipv6_pairs:
|
||||
# only add once so we don't generate duplicate rules
|
||||
mac_ipv6_pairs.append((mac, lla))
|
||||
|
||||
def _spoofing_rule(self, port, ipv4_rules, ipv6_rules):
|
||||
# Fixed rules for traffic sourced from unspecified addresses: 0.0.0.0
|
||||
|
|
|
@ -1910,6 +1910,12 @@ class IptablesFirewallEnhancedIpsetTestCase(BaseIptablesFirewallTestCase):
|
|||
self.firewall._build_ipv4v6_mac_ip_list(mac_oth, ipv6,
|
||||
mac_ipv4_pairs, mac_ipv6_pairs)
|
||||
self.assertEqual(fake_ipv6_pair, mac_ipv6_pairs)
|
||||
# ensure that LLA is not added again for another v6 addr
|
||||
ipv62 = 'fe81::1'
|
||||
self.firewall._build_ipv4v6_mac_ip_list(mac_oth, ipv62,
|
||||
mac_ipv4_pairs, mac_ipv6_pairs)
|
||||
fake_ipv6_pair.append((mac_unix, ipv62))
|
||||
self.assertEqual(fake_ipv6_pair, mac_ipv6_pairs)
|
||||
|
||||
|
||||
class OVSHybridIptablesFirewallTestCase(BaseIptablesFirewallTestCase):
|
||||
|
|
Loading…
Reference in New Issue