Do not initialize the iptables nat table in the dhcp-agent
The dhcp-agent is initializing the iptables 'nat' table even though it is never inserting any rules there besides the ones being done at init time. Since this table is really intended for the l3-agent, add an argument so we can control the initialization. Change-Id: Iebda49e7da99bd3bc8c985132516ae5edafdfe20
This commit is contained in:
parent
5d607a13ba
commit
5e9f298c97
|
@ -1589,6 +1589,7 @@ class DeviceManager(object):
|
|||
def fill_dhcp_udp_checksums(self, namespace):
|
||||
"""Ensure DHCP reply packets always have correct UDP checksums."""
|
||||
iptables_mgr = iptables_manager.IptablesManager(use_ipv6=True,
|
||||
nat=False,
|
||||
namespace=namespace)
|
||||
ipv4_rule = ('-p udp -m udp --dport %d -j CHECKSUM --checksum-fill'
|
||||
% constants.DHCP_RESPONSE_PORT)
|
||||
|
|
|
@ -303,7 +303,7 @@ class IptablesManager(object):
|
|||
use_table_lock = False
|
||||
|
||||
def __init__(self, _execute=None, state_less=False, use_ipv6=False,
|
||||
namespace=None, binary_name=binary_name):
|
||||
nat=True, namespace=None, binary_name=binary_name):
|
||||
if _execute:
|
||||
self.execute = _execute
|
||||
else:
|
||||
|
@ -343,6 +343,7 @@ class IptablesManager(object):
|
|||
|
||||
if not state_less:
|
||||
self.initialize_mangle_table()
|
||||
if nat:
|
||||
self.initialize_nat_table()
|
||||
|
||||
def initialize_mangle_table(self):
|
||||
|
|
|
@ -1340,3 +1340,23 @@ class IptablesManagerStateLessTestCase(base.BaseTestCase):
|
|||
iptables.initialize_nat_table()
|
||||
self.assertIn('nat', iptables.ipv4)
|
||||
self.assertNotIn('mangle', iptables.ipv4)
|
||||
|
||||
|
||||
class IptablesManagerNoNatTestCase(base.BaseTestCase):
|
||||
|
||||
def setUp(self):
|
||||
super(IptablesManagerNoNatTestCase, self).setUp()
|
||||
cfg.CONF.set_override('comment_iptables_rules', False, 'AGENT')
|
||||
self.iptables = (iptables_manager.IptablesManager(nat=False))
|
||||
|
||||
def test_nat_not_found(self):
|
||||
self.assertNotIn('nat', self.iptables.ipv4)
|
||||
|
||||
def test_mangle_found(self):
|
||||
self.assertIn('mangle', self.iptables.ipv4)
|
||||
|
||||
def test_initialize_nat_table(self):
|
||||
iptables = iptables_manager.IptablesManager(nat=False)
|
||||
iptables.initialize_nat_table()
|
||||
self.assertIn('nat', iptables.ipv4)
|
||||
self.assertIn('mangle', iptables.ipv4)
|
||||
|
|
Loading…
Reference in New Issue