Merge "Do not initialize the iptables nat table in the dhcp-agent"

4 years ago · 7dc958a642
parent 3e265616b3 5e9f298c97
commit 7dc958a642
3 changed files with 24 additions and 2 deletions
--- a/neutron/agent/linux/dhcp.py
+++ b/neutron/agent/linux/dhcp.py
@ -1589,6 +1589,7 @@ class DeviceManager(object):
    def fill_dhcp_udp_checksums(self, namespace):
        """Ensure DHCP reply packets always have correct UDP checksums."""
        iptables_mgr = iptables_manager.IptablesManager(use_ipv6=True,
+                                                        nat=False,
                                                        namespace=namespace)
        ipv4_rule = ('-p udp -m udp --dport %d -j CHECKSUM --checksum-fill'
                     % constants.DHCP_RESPONSE_PORT)
--- a/neutron/agent/linux/iptables_manager.py
+++ b/neutron/agent/linux/iptables_manager.py
@ -308,7 +308,7 @@ class IptablesManager(object):
    _random_fully = None

    def __init__(self, _execute=None, state_less=False, use_ipv6=False,
-                 namespace=None, binary_name=binary_name):
+                 nat=True, namespace=None, binary_name=binary_name):
        if _execute:
            self.execute = _execute
        else:
@ -348,7 +348,8 @@ class IptablesManager(object):

        if not state_less:
            self.initialize_mangle_table()
-            self.initialize_nat_table()
+            if nat:
+                self.initialize_nat_table()

    def initialize_mangle_table(self):
        self.ipv4.update(
--- a/neutron/tests/unit/agent/linux/test_iptables_manager.py
+++ b/neutron/tests/unit/agent/linux/test_iptables_manager.py
@ -1340,3 +1340,23 @@ class IptablesManagerStateLessTestCase(base.BaseTestCase):
        iptables.initialize_nat_table()
        self.assertIn('nat', iptables.ipv4)
        self.assertNotIn('mangle', iptables.ipv4)
+
+
+class IptablesManagerNoNatTestCase(base.BaseTestCase):
+
+    def setUp(self):
+        super(IptablesManagerNoNatTestCase, self).setUp()
+        cfg.CONF.set_override('comment_iptables_rules', False, 'AGENT')
+        self.iptables = (iptables_manager.IptablesManager(nat=False))
+
+    def test_nat_not_found(self):
+        self.assertNotIn('nat', self.iptables.ipv4)
+
+    def test_mangle_found(self):
+        self.assertIn('mangle', self.iptables.ipv4)
+
+    def test_initialize_nat_table(self):
+        iptables = iptables_manager.IptablesManager(nat=False)
+        iptables.initialize_nat_table()
+        self.assertIn('nat', iptables.ipv4)
+        self.assertIn('mangle', iptables.ipv4)