Enables hairpin_mode for virtual bridge ports, allowing NAT reflection

Code Issues Proposed changes

* enables hairpin_mode on virtual bridge ports on instance spawn
* adds conntrack DNAT state criteria to fixed/fixed SNAT exception so reflected traffic SNATs
* updates get_interface ElementTree to work with Python 2.6/2.7
* fixes bug 933640
Change-Id: I63b3e91b41898fcffda8a288be503f9b740b4b4e

This commit is contained in:

Evan Callicoat

2012年02月16日 07:28:31 +00:00

parent f5e17bbc15

commit b61e1ea12c

3 changed files with 17 additions and 3 deletions

Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL

Download Patch File Download Diff File Expand all files Collapse all files

1
Authors

View File

@@ -56,6 +56,7 @@ Eldar Nugaev <reldan@oscloud.ru>

Eoghan Glynn <eglynn@redhat.com>

Eric Day <eday@oddments.org>

Eric Windisch <eric@cloudscaling.com>

Evan Callicoat <diopter@gmail.com>

Ewan Mellor <ewan.mellor@citrix.com>

François Charlier <francois.charlier@enovance.com>

Gabe Westmaas <gabe.westmaas@rackspace.com>

1
nova/network/linux_net.py

View File

@@ -448,6 +448,7 @@ def init_host(ip_range=None):

iptables_manager.ipv4['nat'].add_rule('POSTROUTING',

'-s %(range)s -d %(range)s'

'-m conntrack ! --ctstate DNAT '

'-j ACCEPT' %

{'range': ip_range})

iptables_manager.apply()

18
nova/virt/libvirt/connection.py

View File

@@ -775,6 +775,17 @@ class LibvirtConnection(driver.ComputeDriver):

LOG.info(_("Automatically confirming migration %d"), migration.id)

self.compute_api.confirm_resize(ctxt, migration.instance_uuid)

def _enable_hairpin(self, instance):

interfaces = self.get_interfaces(instance['name'])

for interface in interfaces:

utils.execute('tee',

'/sys/class/net/%s/brport/hairpin_mode' % interface,

'>',

'/dev/null',

process_input='1',

run_as_root=True,

check_exit_code=[0, 1])

# NOTE(ilyaalekseyev): Implementation like in multinics

# for xenapi(tr3buchet)

@exception.wrap_exception()

@@ -789,6 +800,7 @@ class LibvirtConnection(driver.ComputeDriver):

domain = self._create_new_domain(xml)

LOG.debug(_("Instance is running"), instance=instance)

self._enable_hairpin(instance)

self.firewall_driver.apply_instance_filter(instance, network_info)

def _wait_for_boot():

@@ -1443,9 +1455,9 @@ class LibvirtConnection(driver.ComputeDriver):

for node in ret:

devdst = None

for child in node.children:

if child.name == 'target':

devdst = child.prop('dev')

for child in list(node):

if child.tag == 'target':

devdst = child.attrib['dev']

if devdst is None:

continue