From 3e58118f8c3b077c1b79c164bdd551e8bc2008e3 Mon Sep 17 00:00:00 2001
From: Ranjeet R <rranjeet@juniper.net>
Date: Fri, 29 Apr 2016 14:28:43 -0700
Subject: [PATCH] Fixes: IPv6- allow all egress IPv6 rule should be added for
 newly created SG by default

Create default IPv6 rule in a security group as in a IPv4 rule.

Change-Id: Ic400a32458c93f0e79f30411e6bd9725094c3dc8
Closes-Bug: 1540772
---
 .../vnc_openstack/neutron_plugin_db.py        | 35 +++++++++++++------
 1 file changed, 25 insertions(+), 10 deletions(-)

diff --git a/src/config/vnc_openstack/vnc_openstack/neutron_plugin_db.py b/src/config/vnc_openstack/vnc_openstack/neutron_plugin_db.py
index d304632a3f9..2042369bd78 100644
--- a/src/config/vnc_openstack/vnc_openstack/neutron_plugin_db.py
+++ b/src/config/vnc_openstack/vnc_openstack/neutron_plugin_db.py
@@ -3800,6 +3800,23 @@ def port_count(self, filters=None):
         return nports
     #end port_count
 
+    def populate_default_rule(self, ethertype = 'IPv4'):
+        def_rule = {}
+        def_rule['port_range_min'] = 0
+        def_rule['port_range_max'] = 65535
+        def_rule['direction'] = 'egress'
+        def_rule['remote_group_id'] = None
+        def_rule['protocol'] = 'any'
+
+        if ethertype == 'IPv4':
+            def_rule['ethertype'] = 'IPv4'
+            def_rule['remote_ip_prefix'] = '0.0.0.0/0'
+        else:
+            def_rule['ethertype'] = 'IPv6'
+            def_rule['remote_ip_prefix'] = '::/0'
+
+        return def_rule
+
     # security group api handlers
     @wait_for_api_server_connection
     def security_group_create(self, sg_q):
@@ -3812,15 +3829,13 @@ def security_group_create(self, sg_q):
 
         sg_uuid = self._resource_create('security_group', sg_obj)
 
-        #allow all egress traffic
-        def_rule = {}
-        def_rule['port_range_min'] = 0
-        def_rule['port_range_max'] = 65535
-        def_rule['direction'] = 'egress'
-        def_rule['remote_ip_prefix'] = '0.0.0.0/0'
-        def_rule['remote_group_id'] = None
-        def_rule['protocol'] = 'any'
-        def_rule['ethertype'] = 'IPv4'
+        #allow all IPv4 egress traffic
+        def_rule = self.populate_default_rule('IPv4')
+        rule = self._security_group_rule_neutron_to_vnc(def_rule, CREATE)
+        self._security_group_rule_create(sg_uuid, rule)
+
+        #allow all IPv6 egress traffic
+        def_rule = self.populate_default_rule('IPv6')
         rule = self._security_group_rule_neutron_to_vnc(def_rule, CREATE)
         self._security_group_rule_create(sg_uuid, rule)
 
@@ -4045,7 +4060,7 @@ def route_table_create(self, rt_q):
                 resource='route_table', msg=str(e))
         ret_rt_q = self._route_table_vnc_to_neutron(rt_obj)
         return ret_rt_q
-    #end security_group_create
+    #end route_table_create
 
     @wait_for_api_server_connection
     def route_table_read(self, rt_id):