diff --git a/neutron/agent/linux/openvswitch_firewall/constants.py b/neutron/agent/linux/openvswitch_firewall/constants.py index c03fdc3ba8d..00d142b4079 100644 --- a/neutron/agent/linux/openvswitch_firewall/constants.py +++ b/neutron/agent/linux/openvswitch_firewall/constants.py @@ -35,12 +35,6 @@ CT_MARK_INVALID = '0x1' REG_PORT = 5 REG_NET = 6 -protocol_to_nw_proto = { - constants.PROTO_NAME_ICMP: constants.PROTO_NUM_ICMP, - constants.PROTO_NAME_TCP: constants.PROTO_NUM_TCP, - constants.PROTO_NAME_UDP: constants.PROTO_NUM_UDP, -} - PROTOCOLS_WITH_PORTS = (constants.PROTO_NAME_TCP, constants.PROTO_NAME_UDP) ethertype_to_dl_type_map = { diff --git a/neutron/agent/linux/openvswitch_firewall/rules.py b/neutron/agent/linux/openvswitch_firewall/rules.py index 1c7c5f7d471..233972ed91f 100644 --- a/neutron/agent/linux/openvswitch_firewall/rules.py +++ b/neutron/agent/linux/openvswitch_firewall/rules.py @@ -79,12 +79,13 @@ def create_protocol_flows(direction, flow_template, port, rule): flow_template['actions'] = 'resubmit(,{:d})'.format( ovs_consts.ACCEPT_OR_INGRESS_TABLE) protocol = rule.get('protocol') - try: - flow_template['nw_proto'] = ovsfw_consts.protocol_to_nw_proto[protocol] - if rule['ethertype'] == n_consts.IPv6 and protocol == 'icmp': + if protocol: + if (rule.get('ethertype') == n_consts.IPv6 and + protocol == n_consts.PROTO_NAME_ICMP): flow_template['nw_proto'] = n_consts.PROTO_NUM_IPV6_ICMP - except KeyError: - pass + else: + flow_template['nw_proto'] = n_consts.IP_PROTOCOL_MAP.get( + protocol, protocol) flows = create_port_range_flows(flow_template, rule) return flows or [flow_template] diff --git a/neutron/tests/common/net_helpers.py b/neutron/tests/common/net_helpers.py index 40ca0112c78..3c96a638548 100644 --- a/neutron/tests/common/net_helpers.py +++ b/neutron/tests/common/net_helpers.py @@ -72,7 +72,8 @@ READ_TIMEOUT = os.environ.get('OS_TEST_READ_TIMEOUT', 5) CHILD_PROCESS_TIMEOUT = os.environ.get('OS_TEST_CHILD_PROCESS_TIMEOUT', 20) CHILD_PROCESS_SLEEP = os.environ.get('OS_TEST_CHILD_PROCESS_SLEEP', 0.5) -TRANSPORT_PROTOCOLS = (n_const.PROTO_NAME_TCP, n_const.PROTO_NAME_UDP) +TRANSPORT_PROTOCOLS = (n_const.PROTO_NAME_TCP, n_const.PROTO_NAME_UDP, + n_const.PROTO_NAME_SCTP) OVS_MANAGER_TEST_PORT_FIRST = 6610 OVS_MANAGER_TEST_PORT_LAST = 6639 @@ -382,6 +383,7 @@ class Pinger(object): class NetcatTester(object): TCP = n_const.PROTO_NAME_TCP UDP = n_const.PROTO_NAME_UDP + SCTP = n_const.PROTO_NAME_SCTP VERSION_TO_ALL_ADDRESS = { 4: '0.0.0.0', 6: '::', @@ -402,7 +404,7 @@ class NetcatTester(object): will be spawned :param address: Server address from client point of view :param dst_port: Port on which netcat listens - :param protocol: Transport protocol, either 'tcp' or 'udp' + :param protocol: Transport protocol, either 'tcp', 'udp' or 'sctp' :param server_address: Address in server namespace on which netcat should listen :param src_port: Source port of netcat process spawned in client @@ -488,9 +490,12 @@ class NetcatTester(object): cmd = ['nc', address, self.dst_port] if self.protocol == self.UDP: cmd.append('-u') + elif self.protocol == self.SCTP: + cmd.append('--sctp') + if listen: cmd.append('-l') - if self.protocol == self.TCP: + if self.protocol in (self.TCP, self.SCTP): cmd.append('-k') else: cmd.extend(['-w', '20']) diff --git a/tools/configure_for_func_testing.sh b/tools/configure_for_func_testing.sh index f603b125a5d..a001edaa1cd 100755 --- a/tools/configure_for_func_testing.sh +++ b/tools/configure_for_func_testing.sh @@ -280,4 +280,5 @@ fi if [[ "$VENV" =~ "dsvm-fullstack" ]]; then _configure_iptables_rules + sudo modprobe ip_conntrack_proto_sctp fi