Merge branch 'dev-mtsugawa-euca-12578'

eucalyptus · Jul 19, 2016 · b36393c · b36393c
2 parents 860ea5c + 82deef1
commit b36393c
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 7 deletions.
diff --git a/net/dev_handler.c b/net/dev_handler.c
@@ -1223,6 +1223,10 @@ dev_entry *dev_create_bridge(const char *psBridgeName, const char *psStpState)
     if (euca_execlp(&rc, config->cmdprefix, BRCTL_PATH, "sethello", psBridgeName, "2", NULL) != EUCA_OK) {
         LOGERROR("Fail to set hello time on bridge device '%s'. error=%d\n", psBridgeName, rc);
     }
+    // RHEL7/CentOS7 - set bridge interface in promiscuous mode
+    if (euca_execlp(&rc, config->cmdprefix, "ip", "link", "set", "dev", psBridgeName, "promisc", "on", NULL) != EUCA_OK) {
+        LOGERROR("Fail to set bridge device '%s' in promisc. error=%d\n", psBridgeName, rc);
+    }
     // This must work since we know the device exists
     dev_get_bridges(psBridgeName, &pBridge, &nbBridges);
     return (pBridge);

diff --git a/net/euca_gni.c b/net/euca_gni.c
@@ -1779,6 +1779,13 @@ int gni_secgroup_get_instances(globalNetworkInfo * gni, gni_secgroup * secgroup,
         do_outstructs = 1;
     }
 
+    if (out_max_instance_names) {
+        *out_max_instance_names = 0;
+    }
+    if (out_max_instances) {
+        *out_max_instances = 0;
+    }
+
     if (!do_outnames && !do_outstructs) {
         LOGEXTREME("nothing to do, both output variables are NULL\n");
         return (0);
@@ -1789,12 +1796,10 @@ int gni_secgroup_get_instances(globalNetworkInfo * gni, gni_secgroup * secgroup,
     }
     if (do_outnames) {
         *out_instance_names = EUCA_ZALLOC_C(secgroup->max_instances, sizeof (char *));
-        *out_max_instance_names = 0;
         ret_instance_names = *out_instance_names;
     }
     if (do_outstructs) {
         *out_instances = EUCA_ZALLOC_C(secgroup->max_instances, sizeof (gni_instance));
-        *out_max_instances = 0;
         ret_instances = *out_instances;
     }
 
@@ -2566,7 +2571,7 @@ int gni_populate_configuration(globalNetworkInfo *gni, gni_hostname_info *host_i
     rc += evaluate_xpath_nodeset(ctxptr, doc, xmlnode, expression, &nodeset);
     if (nodeset.nodeNr > 0) {
         LOGTRACE("Found %d managed subnets\n", nodeset.nodeNr);
-        gni->managedSubnet = EUCA_ZALLOC_C(nodeset.nodeNr, sizeof (gni_subnet));
+        gni->managedSubnet = EUCA_ZALLOC_C(nodeset.nodeNr, sizeof (gni_managedsubnet));
         gni->max_managedSubnets = nodeset.nodeNr;
 
         for (j = 0; j < gni->max_managedSubnets; j++) {

diff --git a/net/eucanetd_managed.c b/net/eucanetd_managed.c
@@ -1090,8 +1090,8 @@ boolean managed_has_sg_changed(globalNetworkInfo * pGni, lni_t * pLni) {
             ret |= ((ipt_chain_find_rule(pLni->pIpTables, IPT_TABLE_FILTER, IPT_CHAIN_FORWARD, sRule) == NULL) ? 1 : 0);
 
             // then check the group specific IPT rules (temporary one here)
-            if (pSecGroup->max_grouprules) {
-                for (j = 0; j < pSecGroup->max_grouprules; j++) {
+            if (pSecGroup->max_ingress_rules) {
+                for (j = 0; j < pSecGroup->max_ingress_rules; j++) {
                     // are we authorizing 1 group into another?
                     if (strlen(pSecGroup->ingress_rules[j].groupId) == 0) {
                         // This is CIDR-based rule
@@ -1623,8 +1623,8 @@ int managed_setup_sg_filters(globalNetworkInfo * pGni) {
             ipt_chain_add_rule(config->ipt, IPT_TABLE_FILTER, IPT_CHAIN_FORWARD, sRule);
 
             // then put all the group specific IPT rules (temporary one here)
-            if (pSecGroup->max_grouprules) {
-                for (j = 0; j < pSecGroup->max_grouprules; j++) {
+            if (pSecGroup->max_ingress_rules) {
+                for (j = 0; j < pSecGroup->max_ingress_rules; j++) {
                     // are we authorizing 1 group into another?
                     if (strlen(pSecGroup->ingress_rules[j].groupId) == 0) {
                         // This is CIDR-based rule