Merge "Do not initialize the iptables nat table in the dhcp-agent"
This commit is contained in:
commit
7dc958a642
|
@ -1589,6 +1589,7 @@ class DeviceManager(object):
|
||||||
def fill_dhcp_udp_checksums(self, namespace):
|
def fill_dhcp_udp_checksums(self, namespace):
|
||||||
"""Ensure DHCP reply packets always have correct UDP checksums."""
|
"""Ensure DHCP reply packets always have correct UDP checksums."""
|
||||||
iptables_mgr = iptables_manager.IptablesManager(use_ipv6=True,
|
iptables_mgr = iptables_manager.IptablesManager(use_ipv6=True,
|
||||||
|
nat=False,
|
||||||
namespace=namespace)
|
namespace=namespace)
|
||||||
ipv4_rule = ('-p udp -m udp --dport %d -j CHECKSUM --checksum-fill'
|
ipv4_rule = ('-p udp -m udp --dport %d -j CHECKSUM --checksum-fill'
|
||||||
% constants.DHCP_RESPONSE_PORT)
|
% constants.DHCP_RESPONSE_PORT)
|
||||||
|
|
|
@ -308,7 +308,7 @@ class IptablesManager(object):
|
||||||
_random_fully = None
|
_random_fully = None
|
||||||
|
|
||||||
def __init__(self, _execute=None, state_less=False, use_ipv6=False,
|
def __init__(self, _execute=None, state_less=False, use_ipv6=False,
|
||||||
namespace=None, binary_name=binary_name):
|
nat=True, namespace=None, binary_name=binary_name):
|
||||||
if _execute:
|
if _execute:
|
||||||
self.execute = _execute
|
self.execute = _execute
|
||||||
else:
|
else:
|
||||||
|
@ -348,6 +348,7 @@ class IptablesManager(object):
|
||||||
|
|
||||||
if not state_less:
|
if not state_less:
|
||||||
self.initialize_mangle_table()
|
self.initialize_mangle_table()
|
||||||
|
if nat:
|
||||||
self.initialize_nat_table()
|
self.initialize_nat_table()
|
||||||
|
|
||||||
def initialize_mangle_table(self):
|
def initialize_mangle_table(self):
|
||||||
|
|
|
@ -1340,3 +1340,23 @@ class IptablesManagerStateLessTestCase(base.BaseTestCase):
|
||||||
iptables.initialize_nat_table()
|
iptables.initialize_nat_table()
|
||||||
self.assertIn('nat', iptables.ipv4)
|
self.assertIn('nat', iptables.ipv4)
|
||||||
self.assertNotIn('mangle', iptables.ipv4)
|
self.assertNotIn('mangle', iptables.ipv4)
|
||||||
|
|
||||||
|
|
||||||
|
class IptablesManagerNoNatTestCase(base.BaseTestCase):
|
||||||
|
|
||||||
|
def setUp(self):
|
||||||
|
super(IptablesManagerNoNatTestCase, self).setUp()
|
||||||
|
cfg.CONF.set_override('comment_iptables_rules', False, 'AGENT')
|
||||||
|
self.iptables = (iptables_manager.IptablesManager(nat=False))
|
||||||
|
|
||||||
|
def test_nat_not_found(self):
|
||||||
|
self.assertNotIn('nat', self.iptables.ipv4)
|
||||||
|
|
||||||
|
def test_mangle_found(self):
|
||||||
|
self.assertIn('mangle', self.iptables.ipv4)
|
||||||
|
|
||||||
|
def test_initialize_nat_table(self):
|
||||||
|
iptables = iptables_manager.IptablesManager(nat=False)
|
||||||
|
iptables.initialize_nat_table()
|
||||||
|
self.assertIn('nat', iptables.ipv4)
|
||||||
|
self.assertIn('mangle', iptables.ipv4)
|
||||||
|
|
Loading…
Reference in New Issue