From 9f9e9da777161426a6f8cb4314b78e09beac2978 Mon Sep 17 00:00:00 2001
From: Vishvananda Ishaya <vishvananda@gmail.com>
Date: Wed, 6 Jun 2012 13:25:04 -0400
Subject: [PATCH] Fix up protocol case handling for security groups.

Fix bug 985184.

When creating security group rules, any case for the protocol was
accepted as input, such as TCP, Tcp, tcp, etc., and was stored in the
database as specified.  However, unless specified as all lowercase, the
code to apply the rules would break and result in some rules not being
applied.

(cherry picked from commit ff06c7c885dc94ed7c828e8cdbb8b5d850a7e654)

Change-Id: If737104f492aacd3688f04d78eb9bc993ffa33fc
---
 nova/api/ec2/cloud.py                                 |    2 +-
 nova/api/openstack/compute/contrib/security_groups.py |    2 +-
 nova/virt/firewall.py                                 |    4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/nova/api/ec2/cloud.py b/nova/api/ec2/cloud.py
index 52def33..ac445c2 100644
--- a/nova/api/ec2/cloud.py
+++ b/nova/api/ec2/cloud.py
@@ -610,7 +610,7 @@ class CloudController(object):
                       to_port=to_port, msg="For ICMP, the"
                                            " type:code must be valid")
 
-            values['protocol'] = ip_protocol
+            values['protocol'] = ip_protocol.lower()
             values['from_port'] = from_port
             values['to_port'] = to_port
         else:
diff --git a/nova/api/openstack/compute/contrib/security_groups.py b/nova/api/openstack/compute/contrib/security_groups.py
index 281cc8c..a9368c5 100644
--- a/nova/api/openstack/compute/contrib/security_groups.py
+++ b/nova/api/openstack/compute/contrib/security_groups.py
@@ -497,7 +497,7 @@ class SecurityGroupRulesController(SecurityGroupControllerBase):
                       to_port=to_port, msg="For ICMP, the"
                                            " type:code must be valid")
 
-            values['protocol'] = ip_protocol
+            values['protocol'] = ip_protocol.lower()
             values['from_port'] = from_port
             values['to_port'] = to_port
         else:
diff --git a/nova/virt/firewall.py b/nova/virt/firewall.py
index 3f53334..a41ece6 100644
--- a/nova/virt/firewall.py
+++ b/nova/virt/firewall.py
@@ -300,8 +300,8 @@ class IptablesFirewallDriver(FirewallDriver):
                 else:
                     fw_rules = ipv6_rules
 
-                protocol = rule.protocol
-                if version == 6 and rule.protocol == 'icmp':
+                protocol = rule.protocol.lower()
+                if version == 6 and protocol == 'icmp':
                     protocol = 'icmpv6'
 
                 args = ['-j ACCEPT']
-- 
1.7.10.2