x/vmware-nsx
Code Issues Proposed changes

Ignore 0.0.0.0 ips in FWaaS (and not just 0.0.0.0/x cidrs)

Browse Source 
This affects FWaaS V2 drivers for all of the plugins, as the backend
does not support this ip.

Change-Id: I4aec5f2718581fc867d9bae1722770b448ccdfd5
This commit is contained in:
Adit Sarfaty 2019-04-28 12:08:03 +03:00
parent f4decdafeb
commit 868631123e
4 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
vmware_nsx/services/fwaas/common/fwaas_driver_base.py
View File

@ -75,14 +75,14 @@ class EdgeFwaasDriverBaseV2(fwaas_base.FwaasDriverBase):
"""Validate the rules in the firewall group"""
for rule in firewall_group['egress_rule_list']:
if (rule.get('source_ip_address') and
not rule['source_ip_address'].startswith('0.0.0.0/')):
not rule['source_ip_address'].startswith('0.0.0.0')):
# Ignoring interface port as we cannot set it with the ip
LOG.info("Rule %(id)s with source ips used in an egress "
"policy: interface port will be ignored in the NSX "
"rule", {'id': rule['id']})
for rule in firewall_group['ingress_rule_list']:
if (rule.get('destination_ip_address') and
not rule['destination_ip_address'].startswith('0.0.0.0/')):
not rule['destination_ip_address'].startswith('0.0.0.0')):
# Ignoring interface port as we cannot set it with the ip
LOG.info("Rule %(id)s with destination ips used in an "
"ingress policy: interface port will be ignored "

2
vmware_nsx/services/fwaas/nsx_p/fwaas_callbacks_v2.py
View File

@ -133,7 +133,7 @@ class NsxpFwaasCallbacksV2(com_callbacks.NsxCommonv3FwaasCallbacksV2):
def _is_empty_cidr(self, cidr, fwaas_rule_id):
net = netaddr.IPNetwork(cidr)
if ((net.version == 4 and cidr.startswith('0.0.0.0/')) or
if ((net.version == 4 and cidr.startswith('0.0.0.0')) or
(net.version == 6 and str(net.ip) == "::")):
LOG.warning("Unsupported FWaaS cidr %(cidr)s for rule %(id)s",
{'cidr': cidr, 'id': fwaas_rule_id})

4
vmware_nsx/services/fwaas/nsx_v/fwaas_callbacks_v2.py
View File

@ -152,13 +152,13 @@ class NsxvFwaasCallbacksV2(com_callbacks.NsxFwaasCallbacksV2):
rule['id'] = ('egress-%s' % rule['id'])[:36]
# source & destination should be lists
if (rule.get('destination_ip_address') and
not rule['destination_ip_address'].startswith('0.0.0.0/')):
not rule['destination_ip_address'].startswith('0.0.0.0')):
rule['destination_ip_address'] = [
rule['destination_ip_address']]
elif replace_dest:
rule['destination_vnic_groups'] = [replace_dest]
if (rule.get('source_ip_address') and
not rule['source_ip_address'].startswith('0.0.0.0/')):
not rule['source_ip_address'].startswith('0.0.0.0')):
rule['source_ip_address'] = [rule['source_ip_address']]
elif replace_src:
rule['source_vnic_groups'] = [replace_src]

6
vmware_nsx/services/fwaas/nsx_v3/edge_fwaas_driver_v2.py
View File

@ -85,7 +85,7 @@ class EdgeFwaasV3DriverV2(base_driver.CommonEdgeFwaasV3Driver):
'cidr': cidr, 'id': fwaas_rule_id})
net = netaddr.IPNetwork(cidr)
if net.version == 4:
if cidr.startswith('0.0.0.0/'):
if cidr.startswith('0.0.0.0'):
# Treat as ANY and just log warning
LOG.warning(error_msg)
return
@ -165,7 +165,7 @@ class EdgeFwaasV3DriverV2(base_driver.CommonEdgeFwaasV3Driver):
raise self.driver_exception(driver=self.driver_name)
if (rule.get('destination_ip_address') and
not rule['destination_ip_address'].startswith('0.0.0.0/')):
not rule['destination_ip_address'].startswith('0.0.0.0')):
nsx_rule['destinations'] = self.translate_addresses_to_target(
[rule['destination_ip_address']], rule['id'])
elif replace_dest:
@ -174,7 +174,7 @@ class EdgeFwaasV3DriverV2(base_driver.CommonEdgeFwaasV3Driver):
nsx_rule['destinations'] = [{'target_type': 'LogicalSwitch',
'target_id': replace_dest}]
if (rule.get('source_ip_address') and
not rule['source_ip_address'].startswith('0.0.0.0/')):
not rule['source_ip_address'].startswith('0.0.0.0')):
nsx_rule['sources'] = self.translate_addresses_to_target(
[rule['source_ip_address']], rule['id'])
elif replace_src: