SG: Apply rules for both ipv4/ipv6 of VMs with associated account/SG

weizhouapache · weizhouapache · commit b8b3ab0285b7 · 2025-07-17T02:22:19.000+02:00
diff --git a/engine/schema/src/main/java/com/cloud/network/security/SecurityGroupVMMapVO.java b/engine/schema/src/main/java/com/cloud/network/security/SecurityGroupVMMapVO.java
@@ -50,6 +50,9 @@ public class SecurityGroupVMMapVO implements InternalIdentity {
     @Column(name = "ip4_address", table = "nics", insertable = false, updatable = false)
     private String guestIpAddress;
 
+    @Column(name = "ip6_address", table = "nics", insertable = false, updatable = false)
+    private String guestIpv6Address;
+
     @Column(name = "state", table = "vm_instance", insertable = false, updatable = false)
     private State vmState;
 
@@ -77,6 +80,10 @@ public String getGuestIpAddress() {
         return guestIpAddress;
     }
 
+    public String getGuestIpv6Address() {
+        return guestIpv6Address;
+    }
+
     public long getInstanceId() {
         return instanceId;
     }
diff --git a/server/src/main/java/com/cloud/network/security/SecurityGroupManagerImpl.java b/server/src/main/java/com/cloud/network/security/SecurityGroupManagerImpl.java
@@ -354,6 +354,9 @@ protected Map<PortAndProto, Set<String>> generateRulesForVM(Long userVmId, Secur
                             String cidr = defaultNic.getIPv4Address();
                             cidr = cidr + "/32";
                             cidrs.add(cidr);
+                            if (defaultNic.getIPv6Address() != null) {
+                                cidrs.add(defaultNic.getIPv6Address() + "/64");
+                            }
                         }
                     }
                 } else if (rule.getAllowedSourceIpCidr() != null) {
diff --git a/server/src/main/java/com/cloud/network/security/SecurityGroupManagerImpl2.java b/server/src/main/java/com/cloud/network/security/SecurityGroupManagerImpl2.java
@@ -250,6 +250,9 @@ protected Map<PortAndProto, Set<String>> generateRulesForVM(Long userVmId, Secur
                         //did a join with the nics table
                         String cidr = ngmapVO.getGuestIpAddress() + "/32";
                         cidrs.add(cidr);
+                        if (ngmapVO.getGuestIpv6Address() != null) {
+                            cidrs.add(ngmapVO.getGuestIpv6Address() + "/64");
+                        }
                     }
                 } else if (rule.getAllowedSourceIpCidr() != null) {
                     cidrs.add(rule.getAllowedSourceIpCidr());

Original file line number	Diff line number	Diff line change
`@@ -354,6 +354,9 @@ protected Map<PortAndProto, Set<String>> generateRulesForVM(Long userVmId, Secur`
`354`	`354`	`String cidr = defaultNic.getIPv4Address();`
`355`	`355`	`cidr = cidr + "/32";`
`356`	`356`	`cidrs.add(cidr);`
	`357`	`+ if (defaultNic.getIPv6Address() != null) {`
	`358`	`+ cidrs.add(defaultNic.getIPv6Address() + "/64");`
	`359`	`+ }`
`357`	`360`	`}`
`358`	`361`	`}`
`359`	`362`	`} else if (rule.getAllowedSourceIpCidr() != null) {`