openstack
/
astara-appliance
Code Issues Proposed changes

force the udp checksum for dhcp 

The default vm setting assume udp checksums will be computed in
hardware. This fix forces the appliance to calculate the checksum for
DHCP replies.

This fix was inspired by the upstream reference implementation [1].

[1] https://review.openstack.org/#/c/148718/8/neutron/agent/linux/dhcp.py

Change-Id: Id5d4ecdb3ce803b4b2a571f9033a637b7818ee08
This commit is contained in:
Mark McClain 2015-05-11 19:43:38 -04:00
parent 91e1bf3981
commit fc15f4b404
2 changed files with 25 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
akanda/router/drivers/iptables.py
View File

@ -58,6 +58,7 @@ class IPTablesManager(base.Manager):
rules = itertools.chain(
self._build_filter_table(config),
self._build_nat_table(config),
self._build_mangle_table(config),
self._build_raw_table(config)
)
@ -360,6 +361,22 @@ class IPTablesManager(base.Manager):
return rules
def _build_mangle_table(self, config):
rules = [
Rule('*mangle', ip_version=4),
Rule(':INPUT - [0:0]', ip_version=4),
Rule(':OUTPUT - [0:0]', ip_version=4),
Rule(':FORWARD - [0:0]', ip_version=4),
Rule(':PREROUTING - [0:0]', ip_version=4),
Rule(':POSTROUTING - [0:0]', ip_version=4),
Rule(
('-A POSTROUTING -p udp -m udp --dport 68 '
'-j CHECKSUM --checksum-fill'),
ip_version=4),
Rule('COMMIT', ip_version=4)
]
return rules
def _build_raw_table(self, config):
'''
Add raw rules (so we can mark private traffic and avoid NATing it)

8
test/unit/drivers/test_iptables.py
View File

@ -88,6 +88,14 @@ V4_OUTPUT = [
'-A PREROUTING -i eth2 -d 169.254.169.254 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.0.1:9602', # noqa
'-A POSTROUTING -o eth1 -j MASQUERADE',
'COMMIT',
'*mangle',
':INPUT - [0:0]',
':OUTPUT - [0:0]',
':FORWARD - [0:0]',
':PREROUTING - [0:0]',
':POSTROUTING - [0:0]',
'-A POSTROUTING -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill',
'COMMIT',
'*raw',
':INPUT - [0:0]',
':OUTPUT - [0:0]',