DVR-FWaaS: Fix DVR FWaaS rules for fipnamespace

FWaaS for DVR routers were only supported for North-South traffic. But with the recent change in the DVR router-info to handle FloatingIP's as mentioned in the reference patch[1], the dist_fip_count variable was removed and was replaced by rtr_fip_connect. So change in variable 'rtr_fip_connect' was not fixed in FWaaS. This patch fixes it in the FWaaS to apply the Firewall rule in the router namespace for the North-South traffic. [1] https://review.openstack.org/#/c/283757 Closes-Bug: #1715395 Change-Id: Id8c902381f95e39bc13e3b3aeeeaa799c72f0dca
2017-09-07 05:36:11 +00:00 · 2017-09-07 05:36:11 +00:00 · 5706252c79
parent a791da25fc
commit 5706252c79
4 changed files with 4 additions and 4 deletions
--- a/neutron_fwaas/services/firewall/drivers/linux/iptables_fwaas.py
+++ b/neutron_fwaas/services/firewall/drivers/linux/iptables_fwaas.py
@ -94,7 +94,7 @@ class IptablesFwaasDriver(fwaas_base.FwaasDriverBase):
            if router_info.snat_iptables_manager:
                ipt_mgrs.append({'ipt': router_info.snat_iptables_manager,
                                 'if_prefix': SNAT_INT_DEV_PREFIX})
-        if router_info.dist_fip_count:
+        if router_info.rtr_fip_connect:
            # handle the fip case on n/w or compute node.
            ipt_mgrs.append({'ipt': router_info.iptables_manager,
                             'if_prefix': ROUTER_2_FIP_DEV_PREFIX})
--- a/neutron_fwaas/services/firewall/drivers/linux/iptables_fwaas_v2.py
+++ b/neutron_fwaas/services/firewall/drivers/linux/iptables_fwaas_v2.py
@ -98,7 +98,7 @@ class IptablesFwaasDriver(fwaas_base_v2.FwaasDriverBase):
            if ri.snat_iptables_manager:
                ipt_mgrs.append({'ipt': ri.snat_iptables_manager,
                                 'if_prefix': SNAT_INT_DEV_PREFIX})
-        if ri.dist_fip_count:
+        if ri.rtr_fip_connect:
            # handle the fip case on n/w or compute node.
            ipt_mgrs.append({'ipt': ri.iptables_manager,
                             'if_prefix': ROUTER_2_FIP_DEV_PREFIX})
--- a/neutron_fwaas/tests/unit/services/firewall/drivers/linux/test_iptables_fwaas.py
+++ b/neutron_fwaas/tests/unit/services/firewall/drivers/linux/test_iptables_fwaas.py
@ -121,7 +121,7 @@ class IptablesFwaasTestCase(base.BaseTestCase):
            router_info_inst.iptables_manager = iptables_inst
            router_info_inst.snat_iptables_manager = iptables_inst
            if distributed_mode == 'dvr':
-                router_info_inst.dist_fip_count = 1
+                router_info_inst.rtr_fip_connect = True
            router_info_inst.router = router_inst
            apply_list.append(router_info_inst)
            router_count -= 1
--- a/neutron_fwaas/tests/unit/services/firewall/drivers/linux/test_iptables_fwaas_v2.py
+++ b/neutron_fwaas/tests/unit/services/firewall/drivers/linux/test_iptables_fwaas_v2.py
@ -123,7 +123,7 @@ class IptablesFwaasTestCase(base.BaseTestCase):
            router_info_inst.iptables_manager = iptables_inst
            router_info_inst.snat_iptables_manager = iptables_inst
            if distributed_mode == 'dvr':
-                router_info_inst.dist_fip_count = 1
+                router_info_inst.rtr_fip_connect = True
            router_info_inst.router = router_inst
            apply_list.append((router_info_inst, FAKE_PORT_IDS))
            router_count -= 1