when a security group has bellow rule, it should not create ipset chain:
security group id is: fake_sgid, it has rule bellow:
{'direction': 'ingress', 'remote_group_id': 'fake_sgid2'}
but the security group:fake_sgid2 has no member, so when the port in security group:fake_sgid should not create corresponding ipset chain
root@devstack:/opt/stack/neutron# ipset list
Name: IPv409040f9f-cb86-4f72-a
Type: hash:ip
Revision: 2
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 16520
References: 1
Members:
20.20.20.11
Name: IPv609040f9f-cb86-4f72-a
Type: hash:ip
Revision: 2
Header: family inet6 hashsize 1024 maxelem 65536
Size in memory: 16504
References: 1
Members:
because the security group:09040f9f-cb86-4f72-af74-4de4f2b86442 has no ipv6 member, so it should't create ipset chain:IPv609040f9f-cb86-4f72-a
Reviewed: https:/ /review. openstack. org/121455 /git.openstack. org/cgit/ openstack/ neutron/ commit/ ?id=bf4a0199a73 374d786e3a5bda7 70fd8545ebc4e9
Committed: https:/
Submitter: Jenkins
Branch: master
commit bf4a0199a73374d 786e3a5bda770fd 8545ebc4e9
Author: shihanzhang <email address hidden>
Date: Mon Sep 15 14:46:31 2014 +0800
Don't create unused ipset chain
when a security group don't have members, it should not create corresponding
ipset chain.
Change-Id: Ia04ffb3ac539c9 a89a882e6dd91f3 73cb67c6f8b
Closes-bug: #1369431