From 9b893767a5214177e30f596b6eed8324278d5050 Mon Sep 17 00:00:00 2001
From: Anand Shanmugam <anand1712@gmail.com>
Date: Sat, 23 May 2015 01:22:23 -0700
Subject: [PATCH] Ensure mac address added to iptables is always in unix format

When a allowed address pair entry is added with a mac format
other than unix format the ovs-vs agent keeps on restarting as
it is not able to save the proper iptables due to the error
"Error while processing VIF ports". This fix makes sure
that the mac address sent to the iptables firewall is always
in the unix format

Change-Id: I86bbf3cb2adf9b998190e472691c01d068ebab9c
Closes-Bug: #1457971
---
 neutron/agent/linux/iptables_firewall.py      |  1 +
 .../agent/linux/test_iptables_firewall.py     | 20 +++++++++++++++++++
 2 files changed, 21 insertions(+)

diff --git a/neutron/agent/linux/iptables_firewall.py b/neutron/agent/linux/iptables_firewall.py
index dc1d8901b..840fba7f6 100644
--- a/neutron/agent/linux/iptables_firewall.py
+++ b/neutron/agent/linux/iptables_firewall.py
@@ -313,6 +313,7 @@ class IptablesFirewallDriver(firewall.FirewallDriver):
 
     def _build_ipv4v6_mac_ip_list(self, mac, ip_address, mac_ipv4_pairs,
                                   mac_ipv6_pairs):
+        mac = str(netaddr.EUI(mac, dialect=netaddr.mac_unix))
         if netaddr.IPNetwork(ip_address).version == 4:
             mac_ipv4_pairs.append((mac, ip_address))
         else:
diff --git a/neutron/tests/unit/agent/linux/test_iptables_firewall.py b/neutron/tests/unit/agent/linux/test_iptables_firewall.py
index 77d98e8b1..97fd19208 100644
--- a/neutron/tests/unit/agent/linux/test_iptables_firewall.py
+++ b/neutron/tests/unit/agent/linux/test_iptables_firewall.py
@@ -1674,3 +1674,23 @@ class IptablesFirewallEnhancedIpsetTestCase(BaseIptablesFirewallTestCase):
                          [dict(rule.items() +
                                [('source_ip_prefix', '%s/32' % ip)])
                           for ip in other_ips])
+
+    def test_build_ipv4v6_mac_ip_list(self):
+        mac_oth = 'ffff-ffff-ffff'
+        mac_unix = 'ff:ff:ff:ff:ff:ff'
+        ipv4 = FAKE_IP['IPv4']
+        ipv6 = FAKE_IP['IPv6']
+        fake_ipv4_pair = []
+        fake_ipv4_pair.append((mac_unix, ipv4))
+        fake_ipv6_pair = []
+        fake_ipv6_pair.append((mac_unix, ipv6))
+
+        mac_ipv4_pairs = []
+        mac_ipv6_pairs = []
+
+        self.firewall._build_ipv4v6_mac_ip_list(mac_oth, ipv4,
+                                                mac_ipv4_pairs, mac_ipv6_pairs)
+        self.assertEqual(fake_ipv4_pair, mac_ipv4_pairs)
+        self.firewall._build_ipv4v6_mac_ip_list(mac_oth, ipv6,
+                                                mac_ipv4_pairs, mac_ipv6_pairs)
+        self.assertEqual(fake_ipv6_pair, mac_ipv6_pairs)
-- 
2.45.2