Do not initialize the iptables nat table in the dhcp-agent

The dhcp-agent is initializing the iptables 'nat' table even
though it is never inserting any rules there besides the
ones being done at init time.  Since this table is really
intended for the l3-agent, add an argument so we can control
the initialization.

Change-Id: Iebda49e7da99bd3bc8c985132516ae5edafdfe20
This commit is contained in:
Brian Haley 2019-04-22 17:26:06 -04:00
parent 5d607a13ba
commit 5e9f298c97
3 changed files with 24 additions and 2 deletions

View File

@ -1589,6 +1589,7 @@ class DeviceManager(object):
def fill_dhcp_udp_checksums(self, namespace):
"""Ensure DHCP reply packets always have correct UDP checksums."""
iptables_mgr = iptables_manager.IptablesManager(use_ipv6=True,
nat=False,
namespace=namespace)
ipv4_rule = ('-p udp -m udp --dport %d -j CHECKSUM --checksum-fill'
% constants.DHCP_RESPONSE_PORT)

View File

@ -303,7 +303,7 @@ class IptablesManager(object):
use_table_lock = False
def __init__(self, _execute=None, state_less=False, use_ipv6=False,
namespace=None, binary_name=binary_name):
nat=True, namespace=None, binary_name=binary_name):
if _execute:
self.execute = _execute
else:
@ -343,6 +343,7 @@ class IptablesManager(object):
if not state_less:
self.initialize_mangle_table()
if nat:
self.initialize_nat_table()
def initialize_mangle_table(self):

View File

@ -1340,3 +1340,23 @@ class IptablesManagerStateLessTestCase(base.BaseTestCase):
iptables.initialize_nat_table()
self.assertIn('nat', iptables.ipv4)
self.assertNotIn('mangle', iptables.ipv4)
class IptablesManagerNoNatTestCase(base.BaseTestCase):
def setUp(self):
super(IptablesManagerNoNatTestCase, self).setUp()
cfg.CONF.set_override('comment_iptables_rules', False, 'AGENT')
self.iptables = (iptables_manager.IptablesManager(nat=False))
def test_nat_not_found(self):
self.assertNotIn('nat', self.iptables.ipv4)
def test_mangle_found(self):
self.assertIn('mangle', self.iptables.ipv4)
def test_initialize_nat_table(self):
iptables = iptables_manager.IptablesManager(nat=False)
iptables.initialize_nat_table()
self.assertIn('nat', iptables.ipv4)
self.assertIn('mangle', iptables.ipv4)