openstack/neutron
Code Issues Proposed changes

Revert iptables TCP checksum-fill code

Browse Source 
To fix bug 1722584 we inserted a checksum-fill rule for
metadata proxy replies.  Recent kernels have disabled
this support for TCP because it was invalid, and
supposedly not doing anything, so let's get ahead of
things and remove the code.

Kernel mailing list discussion is at
https://lore.kernel.org/patchwork/patch/824819/

Partially reverts ed1c3b021751273e427d47fcf544c56bdabf97bb

Change-Id: Ib7cc8f82a91972f17987fb95130edc4069d9423f
Related-bug: #1722584
This commit is contained in:
Brian Haley 2019-04-22 18:53:45 -04:00 committed by Brian Haley
parent 5d607a13ba
commit b1b8a438fe
2 changed files with 0 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
neutron/agent/metadata/driver.py
View File

@ -196,14 +196,6 @@ class MetadataDriver(object):
{'interface_name': namespaces.INTERNAL_DEV_PREFIX + '+',
'port': port})]
@classmethod
def metadata_checksum_rules(cls, port):
return [('POSTROUTING', '-o %(interface_name)s '
'-p tcp -m tcp --sport %(port)s -j CHECKSUM '
'--checksum-fill' %
{'interface_name': namespaces.INTERNAL_DEV_PREFIX + '+',
'port': port})]
@classmethod
def _get_metadata_proxy_user_group(cls, conf):
user = conf.metadata_proxy_user or str(os.geteuid())
@ -279,8 +271,6 @@ def after_router_added(resource, event, l3_agent, **kwargs):
router.iptables_manager.ipv4['filter'].add_rule(c, r)
for c, r in proxy.metadata_nat_rules(proxy.metadata_port):
router.iptables_manager.ipv4['nat'].add_rule(c, r)
for c, r in proxy.metadata_checksum_rules(proxy.metadata_port):
router.iptables_manager.ipv4['mangle'].add_rule(c, r)
router.iptables_manager.apply()
if not isinstance(router, ha_router.HaRouter):

7
neutron/tests/unit/agent/metadata/test_driver.py
View File

@ -52,13 +52,6 @@ class TestMetadataDriverRules(base.BaseTestCase):
rules,
metadata_driver.MetadataDriver.metadata_filter_rules(9697, '0x1'))
def test_metadata_checksum_rules(self):
rules = ('POSTROUTING', '-o qr-+ -p tcp -m tcp --sport 9697 '
'-j CHECKSUM --checksum-fill')
self.assertEqual(
[rules],
metadata_driver.MetadataDriver.metadata_checksum_rules(9697))
class TestMetadataDriverProcess(base.BaseTestCase):