diff options
author | Brian Haley <bhaley@redhat.com> | 2019-04-22 18:53:45 -0400 |
---|---|---|
committer | Darragh O'Reilly <doreilly@suse.com> | 2020-06-11 07:55:28 +0000 |
commit | 8f280339096ed702928f704fd20543ce4370c0d4 (patch) | |
tree | 1653fd337ec369f7cf01f3e94522a7e4039b3f07 | |
parent | d4f75f0ab07c028b443d55ae9ce9169e92134a3e (diff) | |
download | neutron-8f280339096ed702928f704fd20543ce4370c0d4.tar.gz |
Revert iptables TCP checksum-fill code
To fix bug 1722584 we inserted a checksum-fill rule for
metadata proxy replies. Recent kernels have disabled
this support for TCP because it was invalid, and
supposedly not doing anything, so let's get ahead of
things and remove the code.
Kernel mailing list discussion is at
https://lore.kernel.org/patchwork/patch/824819/
Partially reverts ed1c3b021751273e427d47fcf544c56bdabf97bb
Depends-On: https://review.opendev.org/#/c/725213/
Change-Id: Ib7cc8f82a91972f17987fb95130edc4069d9423f
Related-bug: #1722584
(cherry picked from commit b1b8a438fe3cdc422b8deb61548f47d383ee2fe8)
(cherry picked from commit 31320156e464d27d8dfb9df82777b92e9eed1e2c)
-rw-r--r-- | neutron/agent/metadata/driver.py | 10 | ||||
-rw-r--r-- | neutron/tests/unit/agent/metadata/test_driver.py | 7 |
2 files changed, 0 insertions, 17 deletions
diff --git a/neutron/agent/metadata/driver.py b/neutron/agent/metadata/driver.py index 79f6d2f138..6d96a8ac4c 100644 --- a/neutron/agent/metadata/driver.py +++ b/neutron/agent/metadata/driver.py @@ -194,14 +194,6 @@ class MetadataDriver(object): 'port': port})] @classmethod - def metadata_checksum_rules(cls, port): - return [('POSTROUTING', '-o %(interface_name)s ' - '-p tcp -m tcp --sport %(port)s -j CHECKSUM ' - '--checksum-fill' % - {'interface_name': namespaces.INTERNAL_DEV_PREFIX + '+', - 'port': port})] - - @classmethod def _get_metadata_proxy_user_group(cls, conf): user = conf.metadata_proxy_user or str(os.geteuid()) group = conf.metadata_proxy_group or str(os.getegid()) @@ -294,8 +286,6 @@ def after_router_added(resource, event, l3_agent, **kwargs): router.iptables_manager.ipv4['filter'].add_rule(c, r) for c, r in proxy.metadata_nat_rules(proxy.metadata_port): router.iptables_manager.ipv4['nat'].add_rule(c, r) - for c, r in proxy.metadata_checksum_rules(proxy.metadata_port): - router.iptables_manager.ipv4['mangle'].add_rule(c, r) router.iptables_manager.apply() if not isinstance(router, ha_router.HaRouter): diff --git a/neutron/tests/unit/agent/metadata/test_driver.py b/neutron/tests/unit/agent/metadata/test_driver.py index 037c75ec75..2833b3697a 100644 --- a/neutron/tests/unit/agent/metadata/test_driver.py +++ b/neutron/tests/unit/agent/metadata/test_driver.py @@ -52,13 +52,6 @@ class TestMetadataDriverRules(base.BaseTestCase): rules, metadata_driver.MetadataDriver.metadata_filter_rules(9697, '0x1')) - def test_metadata_checksum_rules(self): - rules = ('POSTROUTING', '-o qr-+ -p tcp -m tcp --sport 9697 ' - '-j CHECKSUM --checksum-fill') - self.assertEqual( - [rules], - metadata_driver.MetadataDriver.metadata_checksum_rules(9697)) - class TestMetadataDriverProcess(base.BaseTestCase): |