Merge "Do not initialize the iptables nat table in the dhcp-agent"

This commit is contained in:
Zuul 2019-04-26 06:42:34 +00:00 committed by Gerrit Code Review
commit 7dc958a642
3 changed files with 24 additions and 2 deletions

View File

@ -1589,6 +1589,7 @@ class DeviceManager(object):
def fill_dhcp_udp_checksums(self, namespace): def fill_dhcp_udp_checksums(self, namespace):
"""Ensure DHCP reply packets always have correct UDP checksums.""" """Ensure DHCP reply packets always have correct UDP checksums."""
iptables_mgr = iptables_manager.IptablesManager(use_ipv6=True, iptables_mgr = iptables_manager.IptablesManager(use_ipv6=True,
nat=False,
namespace=namespace) namespace=namespace)
ipv4_rule = ('-p udp -m udp --dport %d -j CHECKSUM --checksum-fill' ipv4_rule = ('-p udp -m udp --dport %d -j CHECKSUM --checksum-fill'
% constants.DHCP_RESPONSE_PORT) % constants.DHCP_RESPONSE_PORT)

View File

@ -308,7 +308,7 @@ class IptablesManager(object):
_random_fully = None _random_fully = None
def __init__(self, _execute=None, state_less=False, use_ipv6=False, def __init__(self, _execute=None, state_less=False, use_ipv6=False,
namespace=None, binary_name=binary_name): nat=True, namespace=None, binary_name=binary_name):
if _execute: if _execute:
self.execute = _execute self.execute = _execute
else: else:
@ -348,7 +348,8 @@ class IptablesManager(object):
if not state_less: if not state_less:
self.initialize_mangle_table() self.initialize_mangle_table()
self.initialize_nat_table() if nat:
self.initialize_nat_table()
def initialize_mangle_table(self): def initialize_mangle_table(self):
self.ipv4.update( self.ipv4.update(

View File

@ -1340,3 +1340,23 @@ class IptablesManagerStateLessTestCase(base.BaseTestCase):
iptables.initialize_nat_table() iptables.initialize_nat_table()
self.assertIn('nat', iptables.ipv4) self.assertIn('nat', iptables.ipv4)
self.assertNotIn('mangle', iptables.ipv4) self.assertNotIn('mangle', iptables.ipv4)
class IptablesManagerNoNatTestCase(base.BaseTestCase):
def setUp(self):
super(IptablesManagerNoNatTestCase, self).setUp()
cfg.CONF.set_override('comment_iptables_rules', False, 'AGENT')
self.iptables = (iptables_manager.IptablesManager(nat=False))
def test_nat_not_found(self):
self.assertNotIn('nat', self.iptables.ipv4)
def test_mangle_found(self):
self.assertIn('mangle', self.iptables.ipv4)
def test_initialize_nat_table(self):
iptables = iptables_manager.IptablesManager(nat=False)
iptables.initialize_nat_table()
self.assertIn('nat', iptables.ipv4)
self.assertIn('mangle', iptables.ipv4)