review.fuel-infra Code Review - openstack-build/neutron-build.git/commit

author	Brian Haley <brian.haley@hp.com>
	Thu, 14 Mar 2013 14:35:49 +0000 (10:35 -0400)
committer	Brian Haley <brian.haley@hp.com>
	Mon, 8 Jul 2013 16:41:21 +0000 (12:41 -0400)
commit	62d872e4cf0186f59c7902a396e2ee7a3154cbf4
tree	67d47af3a35fea4dbb77c3272618ba33522545bc	tree \| snapshot
parent	93efc1dd78c4e97bb7c8e191115be98f9383b40c	commit \| diff

Preserve packet:byte counts in iptables_manager.

Ported the nova iptables manager code to neutron, so that we
use iptables-save/restore with the -c flag to save/restore
the chains and rules with their packet:byte counts. All other
changes were ported as well to keep the code as similar as
possible between the two, although they will be different as
I had to fix other bugs found during testing.

Updated tests accordingly to account for new calls and
input/output changes in formatting.

Changed iptables_firewall code to add iptables rules in the same
order that iptables-save will print them: source/dest, protocol,
sport, dport, target; else iptables_manager won't be able
to find them to preserve their [packet:byte] counts.
Tweaked other rules accordingly as necessary.

Fixed a bug introduced in an earlier version of this patch where
_modify_rules() sometimes wouldn't match an existing rule correctly
if not top=true.

Fixes bug 1125393

Change-Id: I858c552d8a7ae24f52f8e8daa05ac37026705773

neutron/agent/linux/iptables_firewall.py		diff \| blob \| history
neutron/agent/linux/iptables_manager.py		diff \| blob \| history
neutron/tests/unit/test_iptables_firewall.py		diff \| blob \| history
neutron/tests/unit/test_iptables_manager.py		diff \| blob \| history
neutron/tests/unit/test_security_groups_rpc.py		diff \| blob \| history