[caclmgrd] Fix application of IPv6 service ACL rules (#3917)

2019-12-19 07:15:27 -08:00 · 2019-12-19 07:15:27 -08:00 · 77d636256b
commit 77d636256b
parent 1e05a41c7f
1 changed files with 7 additions and 6 deletions
--- a/files/image_config/caclmgrd/caclmgrd
+++ b/files/image_config/caclmgrd/caclmgrd
@ -194,13 +194,14 @@ class ControlPlaneAclManager(object):
                            continue

                        # If we haven't determined the IP version for this ACL table yet,
-                        # try to do it now. We determine heuristically based on whether the
-                        # src IP is an IPv4 or IPv6 address.
-                        if not table_ip_version and "SRC_IP" in rule_props and rule_props["SRC_IP"]:
-                            ip_addr = ipaddress.IPAddress(rule_props["SRC_IP"].split("/")[0])
-                            if isinstance(ip_addr, ipaddress.IPv6Address):
+                        # try to do it now. We attempt to determine heuristically based on
+                        # whether the src or dst IP of this rule is an IPv4 or IPv6 address.
+                        if not table_ip_version:
+                            if (("SRC_IPV6" in rule_props and rule_props["SRC_IPV6"]) or
+                                ("DST_IPV6" in rule_props and rule_props["DST_IPV6"])):
                                table_ip_version = 6
-                            elif isinstance(ip_addr, ipaddress.IPv4Address):
+                            elif (("SRC_IP" in rule_props and rule_props["SRC_IP"]) or
+                                  ("DST_IP" in rule_props and rule_props["DST_IP"])):
                                table_ip_version = 4

                # If we were unable to determine whether this ACL table contains