Comment 71 for bug 1461054

Reviewed: https://review.openstack.org/194696
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=d9c78880d2b7e5b0544e821c45e6ad3700a06b9a
Submitter: Jenkins
Branch: stable/juno

commit d9c78880d2b7e5b0544e821c45e6ad3700a06b9a
Author: Aaron Rosen <email address hidden>
Date: Thu Jun 11 13:58:16 2015 -0700

    Disable allowed_address_pair ip 0.0.0.0/0 ::/0 for ipset

    Previously, the ipset_manager would pass in 0.0.0.0/0 or ::/0 if
    these addresses were inputted as allowed address pairs. This causes
    ipset to raise an error as it does not work with zero prefix sizes.
    To solve this problem we use two ipset rules to represent this.

    This was correctly fixed in a backport to kilo though we did not have the
    cycles to backport this exact fix to juno as in juno additional work needs to
    be done because the iptable and ipset code are interleaved together. This
    patch fixes this issue by disabling one from creating an address pair of
    zero lenght. This patch also provides a small tool which one should run:
    tools/fix_zero_length_ip_prefix.py which changes all zero length address_pair
    rules into two address pair rules of:

    Ipv4: 0.0.0.0/1 and 128.0.0.1/1
    IPv6: ::/1' and '8000::/1

    to avoid the problem.
    After this patch is merged into juno it will be easier for us to apply
    a better change to allow /0 addresses again in juno.

    Change-Id: I8c6a08e0cf3b5b5386fe03af9f2174c666b8ac75
    Closes-bug: 1461054
    Co-Authored-by: Darragh O'Reilly <email address hidden>