summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBrian Haley <bhaley@redhat.com>2019-04-22 18:53:45 -0400
committerDarragh O'Reilly <doreilly@suse.com>2020-06-11 07:55:28 +0000
commit8f280339096ed702928f704fd20543ce4370c0d4 (patch)
tree1653fd337ec369f7cf01f3e94522a7e4039b3f07
parentd4f75f0ab07c028b443d55ae9ce9169e92134a3e (diff)
downloadneutron-8f280339096ed702928f704fd20543ce4370c0d4.tar.gz
Revert iptables TCP checksum-fill code
To fix bug 1722584 we inserted a checksum-fill rule for metadata proxy replies. Recent kernels have disabled this support for TCP because it was invalid, and supposedly not doing anything, so let's get ahead of things and remove the code. Kernel mailing list discussion is at https://lore.kernel.org/patchwork/patch/824819/ Partially reverts ed1c3b021751273e427d47fcf544c56bdabf97bb Depends-On: https://review.opendev.org/#/c/725213/ Change-Id: Ib7cc8f82a91972f17987fb95130edc4069d9423f Related-bug: #1722584 (cherry picked from commit b1b8a438fe3cdc422b8deb61548f47d383ee2fe8) (cherry picked from commit 31320156e464d27d8dfb9df82777b92e9eed1e2c)
Diffstat
-rw-r--r--neutron/agent/metadata/driver.py10
-rw-r--r--neutron/tests/unit/agent/metadata/test_driver.py7
2 files changed, 0 insertions, 17 deletions
diff --git a/neutron/agent/metadata/driver.py b/neutron/agent/metadata/driver.py
index 79f6d2f138..6d96a8ac4c 100644
--- a/neutron/agent/metadata/driver.py
+++ b/neutron/agent/metadata/driver.py
@@ -194,14 +194,6 @@ class MetadataDriver(object):
'port': port})]
@classmethod
- def metadata_checksum_rules(cls, port):
- return [('POSTROUTING', '-o %(interface_name)s '
- '-p tcp -m tcp --sport %(port)s -j CHECKSUM '
- '--checksum-fill' %
- {'interface_name': namespaces.INTERNAL_DEV_PREFIX + '+',
- 'port': port})]
-
- @classmethod
def _get_metadata_proxy_user_group(cls, conf):
user = conf.metadata_proxy_user or str(os.geteuid())
group = conf.metadata_proxy_group or str(os.getegid())
@@ -294,8 +286,6 @@ def after_router_added(resource, event, l3_agent, **kwargs):
router.iptables_manager.ipv4['filter'].add_rule(c, r)
for c, r in proxy.metadata_nat_rules(proxy.metadata_port):
router.iptables_manager.ipv4['nat'].add_rule(c, r)
- for c, r in proxy.metadata_checksum_rules(proxy.metadata_port):
- router.iptables_manager.ipv4['mangle'].add_rule(c, r)
router.iptables_manager.apply()
if not isinstance(router, ha_router.HaRouter):
diff --git a/neutron/tests/unit/agent/metadata/test_driver.py b/neutron/tests/unit/agent/metadata/test_driver.py
index 037c75ec75..2833b3697a 100644
--- a/neutron/tests/unit/agent/metadata/test_driver.py
+++ b/neutron/tests/unit/agent/metadata/test_driver.py
@@ -52,13 +52,6 @@ class TestMetadataDriverRules(base.BaseTestCase):
rules,
metadata_driver.MetadataDriver.metadata_filter_rules(9697, '0x1'))
- def test_metadata_checksum_rules(self):
- rules = ('POSTROUTING', '-o qr-+ -p tcp -m tcp --sport 9697 '
- '-j CHECKSUM --checksum-fill')
- self.assertEqual(
- [rules],
- metadata_driver.MetadataDriver.metadata_checksum_rules(9697))
-
class TestMetadataDriverProcess(base.BaseTestCase):
View Lorry Controller Status