diff --git a/neutron/agent/linux/ipset_manager.py b/neutron/agent/linux/ipset_manager.py index f80cba979b2..f0dc7de4ad0 100644 --- a/neutron/agent/linux/ipset_manager.py +++ b/neutron/agent/linux/ipset_manager.py @@ -17,7 +17,8 @@ from neutron.agent.linux import utils as linux_utils from neutron.common import utils IPSET_ADD_BULK_THRESHOLD = 5 -SWAP_SUFFIX = '-new' +NET_PREFIX = 'N' +SWAP_SUFFIX = '-n' IPSET_NAME_MAX_LENGTH = 31 - len(SWAP_SUFFIX) @@ -38,7 +39,7 @@ class IpsetManager(object): """Returns the given ipset name for an id+ethertype pair. This reference can be used from iptables. """ - name = 'NET' + ethertype + id + name = NET_PREFIX + ethertype + id return name[:IPSET_NAME_MAX_LENGTH] def set_exists(self, id, ethertype): diff --git a/neutron/tests/unit/agent/linux/test_ipset_manager.py b/neutron/tests/unit/agent/linux/test_ipset_manager.py index 44840086f60..1e22c304221 100644 --- a/neutron/tests/unit/agent/linux/test_ipset_manager.py +++ b/neutron/tests/unit/agent/linux/test_ipset_manager.py @@ -36,8 +36,8 @@ class BaseIpsetManagerTest(base.BaseTestCase): self.execute.assert_has_calls(self.expected_calls, any_order=False) def expect_set(self, addresses): - temp_input = ['create NETIPv4fake_sgid-new hash:net family inet'] - temp_input.extend('add NETIPv4fake_sgid-new %s' % ip + temp_input = ['create %s hash:net family inet' % TEST_SET_NAME_NEW] + temp_input.extend('add %s %s' % (TEST_SET_NAME_NEW, ip) for ip in addresses) input = '\n'.join(temp_input) self.expected_calls.extend([ diff --git a/neutron/tests/unit/agent/test_securitygroups_rpc.py b/neutron/tests/unit/agent/test_securitygroups_rpc.py index 783c08c5c51..fe6474ba90a 100644 --- a/neutron/tests/unit/agent/test_securitygroups_rpc.py +++ b/neutron/tests/unit/agent/test_securitygroups_rpc.py @@ -1775,7 +1775,7 @@ IPSET_FILTER_1 = """# Generated by iptables_manager [0:0] -A %(bn)s-i_port1 -s 10.0.0.2/32 -p udp -m udp --sport 67 --dport 68 \ -j RETURN [0:0] -A %(bn)s-i_port1 -p tcp -m tcp --dport 22 -j RETURN -[0:0] -A %(bn)s-i_port1 -m set --match-set NETIPv4security_group1 src -j \ +[0:0] -A %(bn)s-i_port1 -m set --match-set NIPv4security_group1 src -j \ RETURN [0:0] -A %(bn)s-i_port1 -j %(bn)s-sg-fallback [0:0] -A %(bn)s-FORWARD %(physdev_mod)s --physdev-EGRESS tap_port1 \ @@ -1934,7 +1934,7 @@ IPSET_FILTER_2 = """# Generated by iptables_manager [0:0] -A %(bn)s-i_%(port1)s -s 10.0.0.2/32 -p udp -m udp --sport 67 \ --dport 68 -j RETURN [0:0] -A %(bn)s-i_%(port1)s -p tcp -m tcp --dport 22 -j RETURN -[0:0] -A %(bn)s-i_%(port1)s -m set --match-set NETIPv4security_group1 src -j \ +[0:0] -A %(bn)s-i_%(port1)s -m set --match-set NIPv4security_group1 src -j \ RETURN [0:0] -A %(bn)s-i_%(port1)s -j %(bn)s-sg-fallback [0:0] -A %(bn)s-FORWARD %(physdev_mod)s --physdev-EGRESS tap_%(port1)s \ @@ -1962,7 +1962,7 @@ RETURN [0:0] -A %(bn)s-i_%(port2)s -s 10.0.0.2/32 -p udp -m udp --sport 67 \ --dport 68 -j RETURN [0:0] -A %(bn)s-i_%(port2)s -p tcp -m tcp --dport 22 -j RETURN -[0:0] -A %(bn)s-i_%(port2)s -m set --match-set NETIPv4security_group1 src -j \ +[0:0] -A %(bn)s-i_%(port2)s -m set --match-set NIPv4security_group1 src -j \ RETURN [0:0] -A %(bn)s-i_%(port2)s -j %(bn)s-sg-fallback [0:0] -A %(bn)s-FORWARD %(physdev_mod)s --physdev-EGRESS tap_%(port2)s \ @@ -2017,7 +2017,7 @@ IPSET_FILTER_2_3 = """# Generated by iptables_manager [0:0] -A %(bn)s-i_%(port1)s -s 10.0.0.2/32 -p udp -m udp --sport 67 \ --dport 68 -j RETURN [0:0] -A %(bn)s-i_%(port1)s -p tcp -m tcp --dport 22 -j RETURN -[0:0] -A %(bn)s-i_%(port1)s -m set --match-set NETIPv4security_group1 src -j \ +[0:0] -A %(bn)s-i_%(port1)s -m set --match-set NIPv4security_group1 src -j \ RETURN [0:0] -A %(bn)s-i_%(port1)s -p icmp -j RETURN [0:0] -A %(bn)s-i_%(port1)s -j %(bn)s-sg-fallback @@ -2046,7 +2046,7 @@ RETURN [0:0] -A %(bn)s-i_%(port2)s -s 10.0.0.2/32 -p udp -m udp --sport 67 \ --dport 68 -j RETURN [0:0] -A %(bn)s-i_%(port2)s -p tcp -m tcp --dport 22 -j RETURN -[0:0] -A %(bn)s-i_%(port2)s -m set --match-set NETIPv4security_group1 src -j \ +[0:0] -A %(bn)s-i_%(port2)s -m set --match-set NIPv4security_group1 src -j \ RETURN [0:0] -A %(bn)s-i_%(port2)s -p icmp -j RETURN [0:0] -A %(bn)s-i_%(port2)s -j %(bn)s-sg-fallback