From b61e1ea12cd41ea507b1f6496ec1413c93bd679b Mon Sep 17 00:00:00 2001
From: Evan Callicoat <diopter@gmail.com>
Date: Thu, 16 Feb 2012 07:28:31 +0000
Subject: Enables hairpin_mode for virtual bridge ports, allowing NAT
 reflection

* enables hairpin_mode on virtual bridge ports on instance spawn
* adds conntrack DNAT state criteria to fixed/fixed SNAT exception so reflected traffic SNATs
* updates get_interface ElementTree to work with Python 2.6/2.7
* fixes bug 933640

Change-Id: I63b3e91b41898fcffda8a288be503f9b740b4b4e
---
 Authors                         |  1 +
 nova/network/linux_net.py       |  1 +
 nova/virt/libvirt/connection.py | 18 +++++++++++++++---
 3 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/Authors b/Authors
index 8de5e3ca8..af9020207 100644
--- a/Authors
+++ b/Authors
@@ -56,6 +56,7 @@ Eldar Nugaev <reldan@oscloud.ru>
 Eoghan Glynn <eglynn@redhat.com>
 Eric Day <eday@oddments.org>
 Eric Windisch <eric@cloudscaling.com>
+Evan Callicoat <diopter@gmail.com>
 Ewan Mellor <ewan.mellor@citrix.com>
 François Charlier <francois.charlier@enovance.com>
 Gabe Westmaas <gabe.westmaas@rackspace.com>
diff --git a/nova/network/linux_net.py b/nova/network/linux_net.py
index d7465e461..6803e9e2f 100755
--- a/nova/network/linux_net.py
+++ b/nova/network/linux_net.py
@@ -448,6 +448,7 @@ def init_host(ip_range=None):
 
     iptables_manager.ipv4['nat'].add_rule('POSTROUTING',
                                           '-s %(range)s -d %(range)s '
+                                          '-m conntrack ! --ctstate DNAT '
                                           '-j ACCEPT' %
                                           {'range': ip_range})
     iptables_manager.apply()
diff --git a/nova/virt/libvirt/connection.py b/nova/virt/libvirt/connection.py
index c3bfdedda..a9f1c70a9 100644
--- a/nova/virt/libvirt/connection.py
+++ b/nova/virt/libvirt/connection.py
@@ -775,6 +775,17 @@ class LibvirtConnection(driver.ComputeDriver):
             LOG.info(_("Automatically confirming migration %d"), migration.id)
             self.compute_api.confirm_resize(ctxt, migration.instance_uuid)
 
+    def _enable_hairpin(self, instance):
+        interfaces = self.get_interfaces(instance['name'])
+        for interface in interfaces:
+            utils.execute('tee',
+                          '/sys/class/net/%s/brport/hairpin_mode' % interface,
+                          '>',
+                          '/dev/null',
+                          process_input='1',
+                          run_as_root=True,
+                          check_exit_code=[0, 1])
+
     # NOTE(ilyaalekseyev): Implementation like in multinics
     # for xenapi(tr3buchet)
     @exception.wrap_exception()
@@ -789,6 +800,7 @@ class LibvirtConnection(driver.ComputeDriver):
 
         domain = self._create_new_domain(xml)
         LOG.debug(_("Instance is running"), instance=instance)
+        self._enable_hairpin(instance)
         self.firewall_driver.apply_instance_filter(instance, network_info)
 
         def _wait_for_boot():
@@ -1443,9 +1455,9 @@ class LibvirtConnection(driver.ComputeDriver):
         for node in ret:
             devdst = None
 
-            for child in node.children:
-                if child.name == 'target':
-                    devdst = child.prop('dev')
+            for child in list(node):
+                if child.tag == 'target':
+                    devdst = child.attrib['dev']
 
             if devdst is None:
                 continue
-- 
cgit