yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1523835] Re: egress sg_rule use 'dest_ip_prefix' but not 'source_ip_prefix'

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1523835@xxxxxxxxxxxxxxxxxx>
Date: Wed, 22 Feb 2017 04:19:16 -0000
Reply-to: Bug 1523835 <1523835@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

[Expired for neutron because there has been no activity for 60 days.]

** Changed in: neutron
       Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1523835

Title:
  egress sg_rule use 'dest_ip_prefix' but not 'source_ip_prefix'

Status in neutron:
  Expired

Bug description:
  When we add sg_rule, if it is an ingress rule, the remote CIRD
  x.x.x.x/x means traffic from source ip belong to the CIRD  satisfy
  this rule; if it is an egress rule, the remote CIRD x.x.x.x/x means
  traffic to dest ip belong to the CIRD satisfy this rule.

  But the test cases for sg egress rule in
  neutron/tests/unit/agent/linux/test_iptables_firewall.py  using wrong
  prefix to add_rule. Which should be fixed. Take one for example:

  def test_filter_ipv4_egress_prefix(self):
          prefix = FAKE_PREFIX['IPv4']
          rule = {'ethertype': 'IPv4',
                  'direction': 'egress',
                  'source_ip_prefix': prefix}
          egress = mock.call.add_rule(
              'ofake_dev', '-s %s -j RETURN' % prefix, comment=None)
          ingress = None
          self._test_prepare_port_filter(rule, ingress, egress)

    'source_ip_prefix'  should changes to 'dest_ip_prefix'.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1523835/+subscriptions

References

[Bug 1523835] [NEW] Call fun _ip_prefix_arg twice but only one play a role
From: yujie, 2015-12-08