diff options
| author | Evan Callicoat <diopter@gmail.com> | 2012-02-16 07:28:31 +0000 |
|---|---|---|
| committer | Evan Callicoat <diopter@gmail.com> | 2012-02-16 18:11:19 +0000 |
| commit | b61e1ea12cd41ea507b1f6496ec1413c93bd679b (patch) | |
| tree | 39a6fe6a95f759a7c812392b332ff6233a334535 | |
| parent | f5e17bbc155203feb8bba4f34ed93d22b1b8e95b (diff) | |
| download | nova-b61e1ea12cd41ea507b1f6496ec1413c93bd679b.tar.gz nova-b61e1ea12cd41ea507b1f6496ec1413c93bd679b.tar.xz nova-b61e1ea12cd41ea507b1f6496ec1413c93bd679b.zip | |
Enables hairpin_mode for virtual bridge ports, allowing NAT reflection
* enables hairpin_mode on virtual bridge ports on instance spawn
* adds conntrack DNAT state criteria to fixed/fixed SNAT exception so reflected traffic SNATs
* updates get_interface ElementTree to work with Python 2.6/2.7
* fixes bug 933640
Change-Id: I63b3e91b41898fcffda8a288be503f9b740b4b4e
| -rw-r--r-- | Authors | 1 | ||||
| -rwxr-xr-x | nova/network/linux_net.py | 1 | ||||
| -rw-r--r-- | nova/virt/libvirt/connection.py | 18 |
3 files changed, 17 insertions, 3 deletions
@@ -56,6 +56,7 @@ Eldar Nugaev <reldan@oscloud.ru> Eoghan Glynn <eglynn@redhat.com> Eric Day <eday@oddments.org> Eric Windisch <eric@cloudscaling.com> +Evan Callicoat <diopter@gmail.com> Ewan Mellor <ewan.mellor@citrix.com> François Charlier <francois.charlier@enovance.com> Gabe Westmaas <gabe.westmaas@rackspace.com> diff --git a/nova/network/linux_net.py b/nova/network/linux_net.py index d7465e461..6803e9e2f 100755 --- a/nova/network/linux_net.py +++ b/nova/network/linux_net.py @@ -448,6 +448,7 @@ def init_host(ip_range=None): iptables_manager.ipv4['nat'].add_rule('POSTROUTING', '-s %(range)s -d %(range)s ' + '-m conntrack ! --ctstate DNAT ' '-j ACCEPT' % {'range': ip_range}) iptables_manager.apply() diff --git a/nova/virt/libvirt/connection.py b/nova/virt/libvirt/connection.py index c3bfdedda..a9f1c70a9 100644 --- a/nova/virt/libvirt/connection.py +++ b/nova/virt/libvirt/connection.py @@ -775,6 +775,17 @@ class LibvirtConnection(driver.ComputeDriver): LOG.info(_("Automatically confirming migration %d"), migration.id) self.compute_api.confirm_resize(ctxt, migration.instance_uuid) + def _enable_hairpin(self, instance): + interfaces = self.get_interfaces(instance['name']) + for interface in interfaces: + utils.execute('tee', + '/sys/class/net/%s/brport/hairpin_mode' % interface, + '>', + '/dev/null', + process_input='1', + run_as_root=True, + check_exit_code=[0, 1]) + # NOTE(ilyaalekseyev): Implementation like in multinics # for xenapi(tr3buchet) @exception.wrap_exception() @@ -789,6 +800,7 @@ class LibvirtConnection(driver.ComputeDriver): domain = self._create_new_domain(xml) LOG.debug(_("Instance is running"), instance=instance) + self._enable_hairpin(instance) self.firewall_driver.apply_instance_filter(instance, network_info) def _wait_for_boot(): @@ -1443,9 +1455,9 @@ class LibvirtConnection(driver.ComputeDriver): for node in ret: devdst = None - for child in node.children: - if child.name == 'target': - devdst = child.prop('dev') + for child in list(node): + if child.tag == 'target': + devdst = child.attrib['dev'] if devdst is None: continue |