cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jaya...@apache.org
Subject [2/2] git commit: updated refs/heads/4.4-forward to 37a3a65
Date Tue, 27 May 2014 05:32:26 GMT
CLOUDSTACK-6761: Fixed removing proxy arp rule on deleting static nat or PF rule on ip

    The proxy-arp add/del is done on firewall rule add/del.
    The proxy-arp rule is deleted only when there is no static nat or dest nat rule is not
using the ip.

    When there is static nat or PF and firewall rule
     a. Delete firewall rule. It skips delete proxy-arp because the rule is used by static
nat rule.
     b. After deleting fw rule if we disable static nat there is no way to delete proxy-arp
rule.

     On VM expunge we are deleting firewall rules first then static nat rules. This caused
the stale proxy-arp
     rules.

    With this fix adding/deleting proxy arp rule on static nat/PF rule add/del.


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/37a3a65c
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/37a3a65c
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/37a3a65c

Branch: refs/heads/4.4-forward
Commit: 37a3a65c7c7f083a5536c078a1c8436ef9e14597
Parents: 587ee54
Author: Jayapal <jayapal@apache.org>
Authored: Mon May 26 15:10:35 2014 +0530
Committer: Jayapal <jayapal@apache.org>
Committed: Tue May 27 10:56:21 2014 +0530

----------------------------------------------------------------------
 .../src/com/cloud/network/resource/JuniperSrxResource.java       | 4 ++++
 1 file changed, 4 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/37a3a65c/plugins/network-elements/juniper-srx/src/com/cloud/network/resource/JuniperSrxResource.java
----------------------------------------------------------------------
diff --git a/plugins/network-elements/juniper-srx/src/com/cloud/network/resource/JuniperSrxResource.java
b/plugins/network-elements/juniper-srx/src/com/cloud/network/resource/JuniperSrxResource.java
index ed6011b..2089b1d 100644
--- a/plugins/network-elements/juniper-srx/src/com/cloud/network/resource/JuniperSrxResource.java
+++ b/plugins/network-elements/juniper-srx/src/com/cloud/network/resource/JuniperSrxResource.java
@@ -965,6 +965,7 @@ public class JuniperSrxResource implements ServerResource {
     private void addStaticNatRule(Long publicVlanTag, String publicIp, String privateIp,
List<FirewallRuleTO> rules) throws ExecutionException {
         manageStaticNatRule(SrxCommand.ADD, publicIp, privateIp);
         manageAddressBookEntry(SrxCommand.ADD, _privateZone, privateIp, null);
+        manageProxyArp(SrxCommand.ADD, publicVlanTag, publicIp);
 
         // Add a new security policy with the current set of applications
         addSecurityPolicyAndApplications(SecurityPolicyType.STATIC_NAT, privateIp, extractApplications(rules));
@@ -979,6 +980,7 @@ public class JuniperSrxResource implements ServerResource {
         removeSecurityPolicyAndApplications(SecurityPolicyType.STATIC_NAT, privateIp);
 
         manageAddressBookEntry(SrxCommand.DELETE, _privateZone, privateIp, null);
+        manageProxyArp(SrxCommand.DELETE, publicVlanTag, publicIp);
 
         s_logger.debug("Removed static NAT rule for public IP " + publicIp + ", and private
IP " + privateIp);
     }
@@ -1248,6 +1250,7 @@ public class JuniperSrxResource implements ServerResource {
         List<Object[]> applications = new ArrayList<Object[]>();
         applications.add(new Object[] {protocol, destPortStart, destPortEnd});
         addSecurityPolicyAndApplications(SecurityPolicyType.DESTINATION_NAT, privateIp, applications);
+        manageProxyArp(SrxCommand.ADD, publicVlanTag, publicIp);
 
         String srcPortRange = srcPortStart + "-" + srcPortEnd;
         String destPortRange = destPortStart + "-" + destPortEnd;
@@ -1258,6 +1261,7 @@ public class JuniperSrxResource implements ServerResource {
     private void removeDestinationNatRule(Long publicVlanTag, String publicIp, String privateIp,
int srcPort, int destPort) throws ExecutionException {
         manageDestinationNatRule(SrxCommand.DELETE, publicIp, privateIp, srcPort, destPort);
         manageDestinationNatPool(SrxCommand.DELETE, privateIp, destPort);
+        manageProxyArp(SrxCommand.DELETE, publicVlanTag, publicIp);
 
         removeSecurityPolicyAndApplications(SecurityPolicyType.DESTINATION_NAT, privateIp);
 


Mime
View raw message