From 455920a0383b501417130439db41615fcf685768 Mon Sep 17 00:00:00 2001
From: Ranjeet R <rranjeet@juniper.net>
Date: Tue, 19 Apr 2016 20:18:17 -0700
Subject: [PATCH] Fixes: [Mainline-Build 2708]: IPv6- allow all egress IPv6
 rule should be added for newly created SG by default

Create default IPv6 rule in a security group as in a IPv4 rule.

Change-Id: I2a569ec5b302c29726c5b5bc0d4861e04a86b00d
Closes-Bug: 1540772
---
 .../vnc_openstack/neutron_plugin_db.py        | 35 +++++++++++++------
 1 file changed, 25 insertions(+), 10 deletions(-)

diff --git a/src/config/vnc_openstack/vnc_openstack/neutron_plugin_db.py b/src/config/vnc_openstack/vnc_openstack/neutron_plugin_db.py
index 295aebbd184..cb4834454d4 100644
--- a/src/config/vnc_openstack/vnc_openstack/neutron_plugin_db.py
+++ b/src/config/vnc_openstack/vnc_openstack/neutron_plugin_db.py
@@ -3802,6 +3802,23 @@ def port_count(self, filters=None):
         return nports
     #end port_count
 
+    def populate_default_rule(self, ethertype = 'IPv4'):
+        def_rule = {}
+        def_rule['port_range_min'] = 0
+        def_rule['port_range_max'] = 65535
+        def_rule['direction'] = 'egress'
+        def_rule['remote_group_id'] = None
+        def_rule['protocol'] = 'any'
+
+        if ethertype == 'IPv4':
+            def_rule['ethertype'] = 'IPv4'
+            def_rule['remote_ip_prefix'] = '0.0.0.0/0'
+        else:
+            def_rule['ethertype'] = 'IPv6'
+            def_rule['remote_ip_prefix'] = '::/0'
+
+        return def_rule
+
     # security group api handlers
     @wait_for_api_server_connection
     def security_group_create(self, sg_q):
@@ -3814,15 +3831,13 @@ def security_group_create(self, sg_q):
 
         sg_uuid = self._resource_create('security_group', sg_obj)
 
-        #allow all egress traffic
-        def_rule = {}
-        def_rule['port_range_min'] = 0
-        def_rule['port_range_max'] = 65535
-        def_rule['direction'] = 'egress'
-        def_rule['remote_ip_prefix'] = '0.0.0.0/0'
-        def_rule['remote_group_id'] = None
-        def_rule['protocol'] = 'any'
-        def_rule['ethertype'] = 'IPv4'
+        #allow all IPv4 egress traffic
+        def_rule = self.populate_default_rule('IPv4')
+        rule = self._security_group_rule_neutron_to_vnc(def_rule, CREATE)
+        self._security_group_rule_create(sg_uuid, rule)
+
+        #allow all IPv6 egress traffic
+        def_rule = self.populate_default_rule('IPv6')
         rule = self._security_group_rule_neutron_to_vnc(def_rule, CREATE)
         self._security_group_rule_create(sg_uuid, rule)
 
@@ -4047,7 +4062,7 @@ def route_table_create(self, rt_q):
                 resource='route_table', msg=str(e))
         ret_rt_q = self._route_table_vnc_to_neutron(rt_obj)
         return ret_rt_q
-    #end security_group_create
+    #end route_table_create
 
     @wait_for_api_server_connection
     def route_table_read(self, rt_id):