Revert iptables TCP checksum-fill code

To fix bug 1722584 we inserted a checksum-fill rule for metadata proxy replies. Recent kernels have disabled this support for TCP because it was invalid, and supposedly not doing anything, so let's get ahead of things and remove the code. Kernel mailing list discussion is at https://lore.kernel.org/patchwork/patch/824819/ Partially reverts ed1c3b0217 Change-Id: Ib7cc8f82a91972f17987fb95130edc4069d9423f Related-bug: #1722584 (cherry picked from commit b1b8a438fe)
2019-04-22 18:53:45 -04:00 · 2019-04-22 18:53:45 -04:00 · 04e995be98
parent b4f3163dc4
commit 04e995be98
2 changed files with 0 additions and 17 deletions
--- a/neutron/agent/metadata/driver.py
+++ b/neutron/agent/metadata/driver.py
@ -195,14 +195,6 @@ class MetadataDriver(object):
                 {'interface_name': namespaces.INTERNAL_DEV_PREFIX + '+',
                  'port': port})]

-    @classmethod
-    def metadata_checksum_rules(cls, port):
-        return [('POSTROUTING', '-o %(interface_name)s '
-                 '-p tcp -m tcp --sport %(port)s -j CHECKSUM '
-                 '--checksum-fill' %
-                 {'interface_name': namespaces.INTERNAL_DEV_PREFIX + '+',
-                  'port': port})]
-
    @classmethod
    def _get_metadata_proxy_user_group(cls, conf):
        user = conf.metadata_proxy_user or str(os.geteuid())
@ -299,8 +291,6 @@ def after_router_added(resource, event, l3_agent, **kwargs):
        router.iptables_manager.ipv4['filter'].add_rule(c, r)
    for c, r in proxy.metadata_nat_rules(proxy.metadata_port):
        router.iptables_manager.ipv4['nat'].add_rule(c, r)
-    for c, r in proxy.metadata_checksum_rules(proxy.metadata_port):
-        router.iptables_manager.ipv4['mangle'].add_rule(c, r)
    router.iptables_manager.apply()

    if not isinstance(router, ha_router.HaRouter):
--- a/neutron/tests/unit/agent/metadata/test_driver.py
+++ b/neutron/tests/unit/agent/metadata/test_driver.py
@ -52,13 +52,6 @@ class TestMetadataDriverRules(base.BaseTestCase):
            rules,
            metadata_driver.MetadataDriver.metadata_filter_rules(9697, '0x1'))

-    def test_metadata_checksum_rules(self):
-        rules = ('POSTROUTING', '-o qr-+ -p tcp -m tcp --sport 9697 '
-                 '-j CHECKSUM --checksum-fill')
-        self.assertEqual(
-            [rules],
-            metadata_driver.MetadataDriver.metadata_checksum_rules(9697))
-

 class TestMetadataDriverProcess(base.BaseTestCase):