Merge "Enables hairpin_mode for virtual bridge ports, allowing NAT reflection"

author: Jenkins <jenkins@review.openstack.org> 2012-02-17 21:27:13 +0000
committer: Gerrit Code Review <review@openstack.org> 2012-02-17 21:27:13 +0000
commit: 9535c092cb4bb60b5a983c07690412ca6d95ac36 (patch)
tree: 597012c2d56b8f0e580c2ed6250607269d8b31ca
parent: a485d973b38bb09c764079af274d22da641a512e (diff)
parent: b61e1ea12cd41ea507b1f6496ec1413c93bd679b (diff)
3 files changed, 17 insertions, 3 deletions
diff --git a/Authors b/Authors
index 8de5e3ca8..af9020207 100644
--- a/Authors
+++ b/Authors
@@ -56,6 +56,7 @@ Eldar Nugaev <reldan@oscloud.ru>
 Eoghan Glynn <eglynn@redhat.com>
 Eric Day <eday@oddments.org>
 Eric Windisch <eric@cloudscaling.com>
+Evan Callicoat <diopter@gmail.com>
 Ewan Mellor <ewan.mellor@citrix.com>
 François Charlier <francois.charlier@enovance.com>
 Gabe Westmaas <gabe.westmaas@rackspace.com>
diff --git a/nova/network/linux_net.py b/nova/network/linux_net.py
index 987a063db..46d2aadd6 100755
--- a/nova/network/linux_net.py
+++ b/nova/network/linux_net.py
@@ -448,6 +448,7 @@ def init_host(ip_range=None):
 
     iptables_manager.ipv4['nat'].add_rule('POSTROUTING',
                                           '-s %(range)s -d %(range)s '
+                                          '-m conntrack ! --ctstate DNAT '
                                           '-j ACCEPT' %
                                           {'range': ip_range})
     iptables_manager.apply()
diff --git a/nova/virt/libvirt/connection.py b/nova/virt/libvirt/connection.py
index 8312764b4..b89b67372 100644
--- a/nova/virt/libvirt/connection.py
+++ b/nova/virt/libvirt/connection.py
@@ -782,6 +782,17 @@ class LibvirtConnection(driver.ComputeDriver):
             LOG.info(_("Automatically confirming migration %d"), migration.id)
             self.compute_api.confirm_resize(ctxt, migration.instance_uuid)
 
+    def _enable_hairpin(self, instance):
+        interfaces = self.get_interfaces(instance['name'])
+        for interface in interfaces:
+            utils.execute('tee',
+                          '/sys/class/net/%s/brport/hairpin_mode' % interface,
+                          '>',
+                          '/dev/null',
+                          process_input='1',
+                          run_as_root=True,
+                          check_exit_code=[0, 1])
+
     # NOTE(ilyaalekseyev): Implementation like in multinics
     # for xenapi(tr3buchet)
     @exception.wrap_exception()
@@ -796,6 +807,7 @@ class LibvirtConnection(driver.ComputeDriver):
 
         domain = self._create_new_domain(xml)
         LOG.debug(_("Instance is running"), instance=instance)
+        self._enable_hairpin(instance)
         self.firewall_driver.apply_instance_filter(instance, network_info)
 
         def _wait_for_boot():
@@ -1435,9 +1447,9 @@ class LibvirtConnection(driver.ComputeDriver):
         for node in ret:
             devdst = None
 
-            for child in node.children:
-                if child.name == 'target':
-                    devdst = child.prop('dev')
+            for child in list(node):
+                if child.tag == 'target':
+                    devdst = child.attrib['dev']
 
             if devdst is None:
                 continue
author	Jenkins <jenkins@review.openstack.org>	2012-02-17 21:27:13 +0000
committer	Gerrit Code Review <review@openstack.org>	2012-02-17 21:27:13 +0000
commit	9535c092cb4bb60b5a983c07690412ca6d95ac36 (patch)
tree	597012c2d56b8f0e580c2ed6250607269d8b31ca
parent	a485d973b38bb09c764079af274d22da641a512e (diff)
parent	b61e1ea12cd41ea507b1f6496ec1413c93bd679b (diff)