From 696d9ae991f86b1f2dbff309f66a76cf35a992b3 Mon Sep 17 00:00:00 2001
From: Adit Sarfaty <asarfaty@vmware.com>
Date: Thu, 3 May 2018 11:32:11 +0300
Subject: [PATCH] NSX|v3: : ensure that 0.0.0.0/# is treated correctly in SG
 rules

Commit I24adc9da9f52d17621117b46d8a535ccedf93227 handled ips of
0.0.0.0/0 in security group rules.
This commit extends the fix to any ip starting with 0.0.0.0, since
those are also not supported by the nSX.

Change-Id: I08d89b070b08e5e100e9e1c6cf7a4d509968152c
---
 vmware_nsx/plugins/nsx_v3/plugin.py | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/vmware_nsx/plugins/nsx_v3/plugin.py b/vmware_nsx/plugins/nsx_v3/plugin.py
index be8b7e378c..660e3b5978 100644
--- a/vmware_nsx/plugins/nsx_v3/plugin.py
+++ b/vmware_nsx/plugins/nsx_v3/plugin.py
@@ -4622,11 +4622,13 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
                 remote_nsgroup_id = nsx_db.get_nsx_security_group_id(
                     context.session, remote_group_id)
             ruleid_2_remote_nsgroup_map[sg_rule['id']] = remote_nsgroup_id
-            # 0.0.0.0/0 is not a valid entry for local and remote so we need
+            # 0.0.0.0/# is not a valid entry for local and remote so we need
             # to change this to None
-            if sg_rule.get('remote_ip_prefix') == '0.0.0.0/0':
+            if (sg_rule.get('remote_ip_prefix') and
+                sg_rule['remote_ip_prefix'].startswith('0.0.0.0/')):
                 sg_rule['remote_ip_prefix'] = None
-            if sg_rule.get('local_ip_prefix') == '0.0.0.0/0':
+            if (sg_rule.get('local_ip_prefix') and
+                sg_rule['local_ip_prefix'].startswith('0.0.0.0/')):
                 sg_rule['local_ip_prefix'] = None
 
         return self.nsxlib.firewall_section.create_rules(
@@ -4778,7 +4780,7 @@ class NsxV3Plugin(agentschedulers_db.AZDhcpAgentSchedulerDbMixin,
         sg_rules = security_group_rules['security_group_rules']
         for r in sg_rules:
             self._check_local_ip_prefix(context, r['security_group_rule'])
-            # Generate id for security group rule or use one sepecified,
+            # Generate id for security group rule or use one specified,
             # if specified we are running in api-replay as server doesn't
             # allow id to be specified by default
             r['security_group_rule']['id'] = (