SG: Apply rules for both ipv4/ipv6 of VMs with associated account/SG (apache#11243)

weizhouapache · dhslove · commit 655b065f40b4 · 2025-09-04T15:05:31.000+09:00
diff --git a/engine/schema/src/main/java/com/cloud/network/security/SecurityGroupVMMapVO.java b/engine/schema/src/main/java/com/cloud/network/security/SecurityGroupVMMapVO.java
@@ -50,6 +50,9 @@ public class SecurityGroupVMMapVO implements InternalIdentity {
     @Column(name = "ip4_address", table = "nics", insertable = false, updatable = false)
     private String guestIpAddress;
 
+    @Column(name = "ip6_address", table = "nics", insertable = false, updatable = false)
+    private String guestIpv6Address;
+
     @Column(name = "state", table = "vm_instance", insertable = false, updatable = false)
     private State vmState;
 
@@ -77,6 +80,10 @@ public String getGuestIpAddress() {
         return guestIpAddress;
     }
 
+    public String getGuestIpv6Address() {
+        return guestIpv6Address;
+    }
+
     public long getInstanceId() {
         return instanceId;
     }
diff --git a/server/src/main/java/com/cloud/network/security/SecurityGroupManagerImpl.java b/server/src/main/java/com/cloud/network/security/SecurityGroupManagerImpl.java
@@ -355,6 +355,9 @@ protected Map<PortAndProto, Set<String>> generateRulesForVM(Long userVmId, Secur
                             String cidr = defaultNic.getIPv4Address();
                             cidr = cidr + "/32";
                             cidrs.add(cidr);
+                            if (defaultNic.getIPv6Address() != null) {
+                                cidrs.add(defaultNic.getIPv6Address() + "/64");
+                            }
                         }
                     }
                 } else if (rule.getAllowedSourceIpCidr() != null) {
diff --git a/server/src/main/java/com/cloud/network/security/SecurityGroupManagerImpl2.java b/server/src/main/java/com/cloud/network/security/SecurityGroupManagerImpl2.java
@@ -249,6 +249,9 @@ protected Map<PortAndProto, Set<String>> generateRulesForVM(Long userVmId, Secur
                         //did a join with the nics table
                         String cidr = ngmapVO.getGuestIpAddress() + "/32";
                         cidrs.add(cidr);
+                        if (ngmapVO.getGuestIpv6Address() != null) {
+                            cidrs.add(ngmapVO.getGuestIpv6Address() + "/64");
+                        }
                     }
                 } else if (rule.getAllowedSourceIpCidr() != null) {
                     cidrs.add(rule.getAllowedSourceIpCidr());

Original file line number	Diff line number	Diff line change
`@@ -355,6 +355,9 @@ protected Map<PortAndProto, Set<String>> generateRulesForVM(Long userVmId, Secur`
`355`	`355`	`String cidr = defaultNic.getIPv4Address();`
`356`	`356`	`cidr = cidr + "/32";`
`357`	`357`	`cidrs.add(cidr);`
	`358`	`+ if (defaultNic.getIPv6Address() != null) {`
	`359`	`+ cidrs.add(defaultNic.getIPv6Address() + "/64");`
	`360`	`+ }`
`358`	`361`	`}`
`359`	`362`	`}`
`360`	`363`	`} else if (rule.getAllowedSourceIpCidr() != null) {`