Mercurial Mercurial > upstream > oracle > userland-gate / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
19898528 PBR rule must not forward packets addressed to internal default gateway s11u2-sru 0.175.2.4.0.5.0 S11.2SRU4.5
authorGirish Moodalbail <Girish.Moodalbail@oracle.COM>
Wed, 29 Oct 2014 10:08:29 -0700
branchs11u2-sru
changeset 3438 40c3d53194f6
parent 3437 6c1c26005852
child 3439 b756aaa57436
19898528 PBR rule must not forward packets addressed to internal default gateway
components/openstack/neutron/files/agent/evs_l3_agent.py file | annotate | diff | comparison | revisions 
--- a/components/openstack/neutron/files/agent/evs_l3_agent.py	Wed Oct 29 00:53:18 2014 -0700
+++ b/components/openstack/neutron/files/agent/evs_l3_agent.py	Wed Oct 29 10:08:29 2014 -0700
@@ -264,8 +264,9 @@
             # Routing (PBR) rule
             for port in ri.internal_ports:
                 internal_dlname = self.get_internal_device_name(port['id'])
-                rules = ['pass in on %s to %s:%s from any to any' %
-                         (internal_dlname, external_dlname, gw_ip)]
+                rules = ['pass in on %s to %s:%s from any to !%s' %
+                         (internal_dlname, external_dlname, gw_ip,
+                          port['subnet']['cidr'])]
                 ipversion = netaddr.IPNetwork(port['subnet']['cidr']).version
                 ri.ipfilters_manager.add_ipf_rules(rules, ipversion)
 
@@ -277,8 +278,9 @@
             # remove PBR rules
             for port in ri.internal_ports:
                 internal_dlname = self.get_internal_device_name(port['id'])
-                rules = ['pass in on %s to %s:%s from any to any' %
-                         (internal_dlname, external_dlname, gw_ip)]
+                rules = ['pass in on %s to %s:%s from any to !%s' %
+                         (internal_dlname, external_dlname, gw_ip,
+                          port['subnet']['cidr'])]
                 ipversion = netaddr.IPNetwork(port['subnet']['cidr']).version
                 ri.ipfilters_manager.remove_ipf_rules(rules, ipversion)
 
@@ -359,8 +361,9 @@
         ex_gw_ip = (ex_gw_port['subnet']['gateway_ip'] if ex_gw_port else None)
         if ex_gw_ip:
             external_dlname = self.get_external_device_name(ex_gw_port['id'])
-            rules.append('pass in on %s to %s:%s from any to any' %
-                         (internal_dlname, external_dlname, ex_gw_ip))
+            rules.append('pass in on %s to %s:%s from any to !%s' %
+                         (internal_dlname, external_dlname, ex_gw_ip,
+                          port_subnet))
 
         ipversion = netaddr.IPNetwork(port_subnet).version
         ri.ipfilters_manager.add_ipf_rules(rules, ipversion)
@@ -384,8 +387,9 @@
         ex_gw_ip = (ex_gw_port['subnet']['gateway_ip'] if ex_gw_port else None)
         if ex_gw_ip:
             external_dlname = self.get_external_device_name(ex_gw_port['id'])
-            rules.append('pass in on %s to %s:%s from any to any' %
-                         (internal_dlname, external_dlname, ex_gw_ip))
+            rules.append('pass in on %s to %s:%s from any to !%s' %
+                         (internal_dlname, external_dlname, ex_gw_ip,
+                          port_subnet))
         ipversion = netaddr.IPNetwork(port['subnet']['cidr']).version
         ri.ipfilters_manager.remove_ipf_rules(rules, ipversion)
upstream/oracle/userland-gate