diff options
| author | Radomir Dopieralski <openstack@sheep.art.pl> | 2017-06-12 16:23:54 +0200 |
|---|---|---|
| committer | Nate Johnston <nate.johnston@redhat.com> | 2019-08-26 21:16:59 +0000 |
| commit | 4debec8524c81b85fd44d054c1b99c2109c6e17f (patch) | |
| tree | da7d09358be91e93c91f624b4bf4d1e348e5bca9 | |
| parent | 5cf44f0e1282a042625dd02b3a053a8545529e6e (diff) | |
| download | horizon-4debec8524c81b85fd44d054c1b99c2109c6e17f.tar.gz | |
Allow creating ICMPV6 rules
Right now, even if we specify a ::/0 (or other IPv6) CIDR in an
ICMP rule, Horizon sets 'icmp' as the ip_protocol of that rule but
neutron expects 'ipv6-icmp' which is the right ip_protocol for ICMPv6.
This results in that rule never matching anything.
This change makes Horizon set the ip_protocol to ipv6-icmp when
the CIDR is an IPv6 one, and icmp when it's IPv4.
Co-Authored-By: Akihiro Motoki <amotoki@gmail.com>
Change-Id: I1f68e1e5a3e073e38ac258de5ed9c43f8acb04e9
Closes-Bug: #1652619
(cherry picked from commit d5dcf1be93d9bb26bda7b375e41f03dd297888bb)
| -rw-r--r-- | openstack_dashboard/dashboards/project/security_groups/forms.py | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/openstack_dashboard/dashboards/project/security_groups/forms.py b/openstack_dashboard/dashboards/project/security_groups/forms.py index 4a551178f..2833ae752 100644 --- a/openstack_dashboard/dashboards/project/security_groups/forms.py +++ b/openstack_dashboard/dashboards/project/security_groups/forms.py @@ -397,6 +397,35 @@ class AddRule(forms.SelfHandlingForm): else: self._apply_rule_menu(cleaned_data, rule_menu) + def _adjust_ip_protocol_of_icmp(self, data): + # Note that this needs to be called after IPv4/IPv6 is determined. + try: + ip_protocol = int(data['ip_protocol']) + except ValueError: + # string representation of IP protocol + ip_protocol = data['ip_protocol'] + is_ipv6 = data['ethertype'] == 'IPv6' + + if isinstance(ip_protocol, int): + # When IP protocol number is specified, we assume a user + # knows more detail on IP protocol number, + # so a warning message on a mismatch between IP proto number + # and IP version is displayed. + if is_ipv6 and ip_protocol == 1: + msg = _('58 (ipv6-icmp) should be specified for IPv6 ' + 'instead of 1.') + self._errors['ip_protocol'] = self.error_class([msg]) + elif not is_ipv6 and ip_protocol == 58: + msg = _('1 (icmp) should be specified for IPv4 ' + 'instead of 58.') + self._errors['ip_protocol'] = self.error_class([msg]) + else: + # ICMPv6 uses different an IP protocol name and number. + # To allow 'icmp' for both IPv4 and IPv6 in the form, + # we need to replace 'icmp' with 'ipv6-icmp' based on IP version. + if is_ipv6 and ip_protocol == 'icmp': + data['ip_protocol'] = 'ipv6-icmp' + def clean(self): cleaned_data = super(AddRule, self).clean() @@ -431,6 +460,8 @@ class AddRule(forms.SelfHandlingForm): ip_ver = netaddr.IPNetwork(cidr).version cleaned_data['ethertype'] = 'IPv6' if ip_ver == 6 else 'IPv4' + self._adjust_ip_protocol_of_icmp(cleaned_data) + return cleaned_data def handle(self, request, data): |