Switches metering agent to stateless iptables

If state_less parameter is not specified then neutron-postrouting-bottom rule goes up in POSTROUTING chain, which causes premature NATing of traffic, for ex. traffic between internal networks becomes NATed. Closes-Bug: 1544508 Co-Authored-By: Sergey Belous <sbelous@mirantis.com> Change-Id: I2e0011237d50a59d417cfee01dcd5f9d0da2e7f5 (cherry picked from commit 5d2d1120fc)
2016-02-12 12:18:14 +03:00 · 2016-02-12 12:18:14 +03:00 · 844cae4960
parent 33c01f4d49
commit 844cae4960
2 changed files with 10 additions and 0 deletions
--- a/neutron/services/metering/drivers/iptables/iptables_driver.py
+++ b/neutron/services/metering/drivers/iptables/iptables_driver.py
@ -73,6 +73,7 @@ class RouterWithMetering(object):
        self.iptables_manager = iptables_manager.IptablesManager(
            namespace=self.ns_name,
            binary_name=WRAP_NAME,
+            state_less=True,
            use_ipv6=ipv6_utils.is_enabled())
        self.metering_labels = {}

--- a/neutron/tests/unit/services/metering/drivers/test_iptables.py
+++ b/neutron/tests/unit/services/metering/drivers/test_iptables.py
@ -106,6 +106,15 @@ class IptablesDriverTestCase(base.BaseTestCase):
        self.metering = iptables_driver.IptablesMeteringDriver('metering',
                                                               cfg.CONF)

+    def test_create_stateless_iptables_manager(self):
+        routers = TEST_ROUTERS[:1]
+        self.metering.add_metering_label(None, routers)
+        self.iptables_cls.assert_called_with(
+            binary_name=mock.ANY,
+            namespace=mock.ANY,
+            state_less=True,
+            use_ipv6=mock.ANY)
+
    def test_add_metering_label(self):
        routers = TEST_ROUTERS[:1]