From 844cae4960cb2e3aedad750ceb91aa675f8e1142 Mon Sep 17 00:00:00 2001
From: Dmitry Sutyagin <dsutyagin@mirantis.com>
Date: Fri, 12 Feb 2016 12:18:14 +0300
Subject: [PATCH] Switches metering agent to stateless iptables

If state_less parameter is not specified then
neutron-postrouting-bottom rule goes up in POSTROUTING
chain, which causes premature NATing of traffic,
for ex. traffic between internal networks becomes NATed.

Closes-Bug: 1544508
Co-Authored-By: Sergey Belous <sbelous@mirantis.com>
Change-Id: I2e0011237d50a59d417cfee01dcd5f9d0da2e7f5
(cherry picked from commit 5d2d1120fcdcd5977d3c760ac1520a841048d456)
---
 .../metering/drivers/iptables/iptables_driver.py         | 1 +
 .../unit/services/metering/drivers/test_iptables.py      | 9 +++++++++
 2 files changed, 10 insertions(+)

diff --git a/neutron/services/metering/drivers/iptables/iptables_driver.py b/neutron/services/metering/drivers/iptables/iptables_driver.py
index 7a8c8fd0a8c..5c2c080f094 100644
--- a/neutron/services/metering/drivers/iptables/iptables_driver.py
+++ b/neutron/services/metering/drivers/iptables/iptables_driver.py
@@ -73,6 +73,7 @@ class RouterWithMetering(object):
         self.iptables_manager = iptables_manager.IptablesManager(
             namespace=self.ns_name,
             binary_name=WRAP_NAME,
+            state_less=True,
             use_ipv6=ipv6_utils.is_enabled())
         self.metering_labels = {}
 
diff --git a/neutron/tests/unit/services/metering/drivers/test_iptables.py b/neutron/tests/unit/services/metering/drivers/test_iptables.py
index 91858e46417..a33a18b2880 100644
--- a/neutron/tests/unit/services/metering/drivers/test_iptables.py
+++ b/neutron/tests/unit/services/metering/drivers/test_iptables.py
@@ -106,6 +106,15 @@ class IptablesDriverTestCase(base.BaseTestCase):
         self.metering = iptables_driver.IptablesMeteringDriver('metering',
                                                                cfg.CONF)
 
+    def test_create_stateless_iptables_manager(self):
+        routers = TEST_ROUTERS[:1]
+        self.metering.add_metering_label(None, routers)
+        self.iptables_cls.assert_called_with(
+            binary_name=mock.ANY,
+            namespace=mock.ANY,
+            state_less=True,
+            use_ipv6=mock.ANY)
+
     def test_add_metering_label(self):
         routers = TEST_ROUTERS[:1]