Do not initialize the iptables nat table in the dhcp-agent

The dhcp-agent is initializing the iptables 'nat' table even
though it is never inserting any rules there besides the
ones being done at init time.  Since this table is really
intended for the l3-agent, add an argument so we can control
the initialization.

Change-Id: Iebda49e7da99bd3bc8c985132516ae5edafdfe20
changes/31/654631/2
Brian Haley 3 years ago
parent 5d607a13ba
commit 5e9f298c97
  1. 1
      neutron/agent/linux/dhcp.py
  2. 5
      neutron/agent/linux/iptables_manager.py
  3. 20
      neutron/tests/unit/agent/linux/test_iptables_manager.py

@ -1589,6 +1589,7 @@ class DeviceManager(object):
def fill_dhcp_udp_checksums(self, namespace):
"""Ensure DHCP reply packets always have correct UDP checksums."""
iptables_mgr = iptables_manager.IptablesManager(use_ipv6=True,
nat=False,
namespace=namespace)
ipv4_rule = ('-p udp -m udp --dport %d -j CHECKSUM --checksum-fill'
% constants.DHCP_RESPONSE_PORT)

@ -303,7 +303,7 @@ class IptablesManager(object):
use_table_lock = False
def __init__(self, _execute=None, state_less=False, use_ipv6=False,
namespace=None, binary_name=binary_name):
nat=True, namespace=None, binary_name=binary_name):
if _execute:
self.execute = _execute
else:
@ -343,7 +343,8 @@ class IptablesManager(object):
if not state_less:
self.initialize_mangle_table()
self.initialize_nat_table()
if nat:
self.initialize_nat_table()
def initialize_mangle_table(self):
self.ipv4.update(

@ -1340,3 +1340,23 @@ class IptablesManagerStateLessTestCase(base.BaseTestCase):
iptables.initialize_nat_table()
self.assertIn('nat', iptables.ipv4)
self.assertNotIn('mangle', iptables.ipv4)
class IptablesManagerNoNatTestCase(base.BaseTestCase):
def setUp(self):
super(IptablesManagerNoNatTestCase, self).setUp()
cfg.CONF.set_override('comment_iptables_rules', False, 'AGENT')
self.iptables = (iptables_manager.IptablesManager(nat=False))
def test_nat_not_found(self):
self.assertNotIn('nat', self.iptables.ipv4)
def test_mangle_found(self):
self.assertIn('mangle', self.iptables.ipv4)
def test_initialize_nat_table(self):
iptables = iptables_manager.IptablesManager(nat=False)
iptables.initialize_nat_table()
self.assertIn('nat', iptables.ipv4)
self.assertIn('mangle', iptables.ipv4)

Loading…
Cancel
Save