From bbdf82c5ec3e31a5dc43948291c4f37ce1098714 Mon Sep 17 00:00:00 2001
From: Soren Hansen <sorhanse@cisco.com>
Date: Mon, 11 Jun 2012 09:23:33 +0200
Subject: Only invoke .lower() on non-None protocols

When using source group based security group rules (rather than CIDR
based ones), it's permissible to not set a protocol and port. However,
Nova would always try to convert the protocol to lower case, which would
fail if the protocol wasn't set.

Fixes bug 1010514

Change-Id: I9b1519a52ececd16a497acebfe022508cbe96126
---
 nova/virt/firewall.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'nova/virt')

diff --git a/nova/virt/firewall.py b/nova/virt/firewall.py
index be6a0f7c9..89559a829 100644
--- a/nova/virt/firewall.py
+++ b/nova/virt/firewall.py
@@ -331,7 +331,11 @@ class IptablesFirewallDriver(FirewallDriver):
                 else:
                     fw_rules = ipv6_rules
 
-                protocol = rule.protocol.lower()
+                protocol = rule.protocol
+
+                if protocol:
+                    protocol = rule.protocol.lower()
+
                 if version == 6 and protocol == 'icmp':
                     protocol = 'icmpv6'
 
-- 
cgit