diff --git a/neutron/agent/linux/dhcp.py b/neutron/agent/linux/dhcp.py index 4eb197862fd..12cba762aab 100644 --- a/neutron/agent/linux/dhcp.py +++ b/neutron/agent/linux/dhcp.py @@ -1554,9 +1554,12 @@ class DeviceManager(object): def fill_dhcp_udp_checksums(self, namespace): """Ensure DHCP reply packets always have correct UDP checksums.""" - iptables_mgr = iptables_manager.IptablesManager(use_ipv6=False, + iptables_mgr = iptables_manager.IptablesManager(use_ipv6=True, namespace=namespace) ipv4_rule = ('-p udp -m udp --dport %d -j CHECKSUM --checksum-fill' % constants.DHCP_RESPONSE_PORT) + ipv6_rule = ('-p udp -m udp --dport %d -j CHECKSUM --checksum-fill' + % n_const.DHCPV6_CLIENT_PORT) iptables_mgr.ipv4['mangle'].add_rule('POSTROUTING', ipv4_rule) + iptables_mgr.ipv6['mangle'].add_rule('POSTROUTING', ipv6_rule) iptables_mgr.apply() diff --git a/neutron/common/constants.py b/neutron/common/constants.py index 91d519174c7..f96977d21dd 100644 --- a/neutron/common/constants.py +++ b/neutron/common/constants.py @@ -179,6 +179,9 @@ IP_ALLOWED_VERSIONS = [lib_constants.IP_VERSION_4, lib_constants.IP_VERSION_6] PORT_RANGE_MIN = 1 PORT_RANGE_MAX = 65535 +# TODO(bence romsics): move this to neutron_lib.constants +DHCPV6_CLIENT_PORT = 546 + # Configuration values for accept_ra sysctl, copied from linux kernel # networking (netdev) tree, file Documentation/networking/ip-sysctl.txt # diff --git a/neutron/tests/unit/agent/dhcp/test_agent.py b/neutron/tests/unit/agent/dhcp/test_agent.py index c1aeda8b149..68380c5b75a 100644 --- a/neutron/tests/unit/agent/dhcp/test_agent.py +++ b/neutron/tests/unit/agent/dhcp/test_agent.py @@ -33,6 +33,7 @@ from neutron.agent.linux import dhcp from neutron.agent.linux import interface from neutron.agent.metadata import driver as metadata_driver from neutron.common import config as common_config +from neutron.common import constants as n_const from neutron.common import utils from neutron.conf.agent import common as config from neutron.conf.agent import dhcp as dhcp_config @@ -1570,8 +1571,10 @@ class TestDeviceManager(base.BaseTestCase): iptables_cls = iptables_cls_p.start() self.iptables_inst = mock.Mock() iptables_cls.return_value = self.iptables_inst - self.mangle_inst = mock.Mock() - self.iptables_inst.ipv4 = {'mangle': self.mangle_inst} + self.mangle_inst_v4 = mock.Mock() + self.iptables_inst.ipv4 = {'mangle': self.mangle_inst_v4} + self.mangle_inst_v6 = mock.Mock() + self.iptables_inst.ipv6 = {'mangle': self.mangle_inst_v6} self.mock_ip_wrapper_p = mock.patch("neutron.agent.linux.ip_lib." "IPWrapper") @@ -1645,12 +1648,19 @@ class TestDeviceManager(base.BaseTestCase): self.mock_ipv6_enabled.return_value = False self._test_setup_helper(False, ipv6_enabled=False) - def test_setup_calls_fill_dhcp_udp_checksums(self): + def test_setup_calls_fill_dhcp_udp_checksums_v4(self): self._test_setup_helper(False) rule = ('-p udp -m udp --dport %d -j CHECKSUM --checksum-fill' % const.DHCP_RESPONSE_PORT) expected = [mock.call.add_rule('POSTROUTING', rule)] - self.mangle_inst.assert_has_calls(expected) + self.mangle_inst_v4.assert_has_calls(expected) + + def test_setup_calls_fill_dhcp_udp_checksums_v6(self): + self._test_setup_helper(False) + rule = ('-p udp -m udp --dport %d -j CHECKSUM --checksum-fill' + % n_const.DHCPV6_CLIENT_PORT) + expected = [mock.call.add_rule('POSTROUTING', rule)] + self.mangle_inst_v6.assert_has_calls(expected) def test_setup_dhcp_port_doesnt_orphan_devices(self): with mock.patch.object(dhcp.ip_lib, 'IPDevice') as mock_IPDevice: