legacy netvirt: forcibly disable port security for network port

Security group applies to only VM port. Not to internal used port.
router interface port, dhc port and floating ip port.
which can be identified by its device owner.
"network:{routerxxx, dhcp, floatingip}"
It can be realized by forcibly disabling port security on those port.

With port security extension enabled, neutron disabled port security.
The extension is, however, optional, so ODL shouldn't depend on it.

Partial-bug: #7128
Change-Id: I3295ebc0e77d387cdfb80be318ef048ba9763994
Signed-off-by: Isaku Yamahata <isaku.yamahata@intel.com>
(cherry picked from commit 5da83fc96656d5be54b3451a2f221a2e780e52d4)

diff --git a/openstack/net-virt/src/main/java/org/opendaylight/netvirt/openstack/netvirt/translator/NeutronPort.java b/openstack/net-virt/src/main/java/org/opendaylight/netvirt/openstack/netvirt/translator/NeutronPort.java
index d5a5a55de3cd736a8905945db5c13873b9953516..c0033215b84d41441e61578a6c7e05d3da7af8e4 100644 (file)
--- a/openstack/net-virt/src/main/java/org/opendaylight/netvirt/openstack/netvirt/translator/NeutronPort.java
+++ b/openstack/net-virt/src/main/java/org/opendaylight/netvirt/openstack/netvirt/translator/NeutronPort.java
@@ -241,6 +241,12 @@ public class NeutronPort implements Serializable, INeutronObject {
 
     public Boolean getPortSecurityEnabled() {
         if (portSecurityEnabled == null) {
+            if (deviceOwner != null && deviceOwner.startsWith("network:")) {
+                // port with device owner of network:xxx is created by
+                // neutorn for its internal use. So security group doesn't apply.
+                // router interface, dhcp port and floating ip.
+                return false;
+            }
             return true;
         }
         return portSecurityEnabled;