Revert iptables TCP checksum-fill code

To fix bug 1722584 we inserted a checksum-fill rule for metadata proxy replies. Recent kernels have disabled this support for TCP because it was invalid, and supposedly not doing anything, so let's get ahead of things and remove the code. Kernel mailing list discussion is at https://lore.kernel.org/patchwork/patch/824819/ Partially reverts ed1c3b0217 Depends-On: https://review.opendev.org/#/c/725213/ Change-Id: Ib7cc8f82a91972f17987fb95130edc4069d9423f Related-bug: #1722584 (cherry picked from commit b1b8a438fe) (cherry picked from commit 31320156e4)
2019-04-22 18:53:45 -04:00 · 2019-04-22 18:53:45 -04:00 · 8f28033909
parent d4f75f0ab0
commit 8f28033909
2 changed files with 0 additions and 17 deletions
--- a/neutron/agent/metadata/driver.py
+++ b/neutron/agent/metadata/driver.py
@ -193,14 +193,6 @@ class MetadataDriver(object):
                 {'interface_name': namespaces.INTERNAL_DEV_PREFIX + '+',
                  'port': port})]

-    @classmethod
-    def metadata_checksum_rules(cls, port):
-        return [('POSTROUTING', '-o %(interface_name)s '
-                 '-p tcp -m tcp --sport %(port)s -j CHECKSUM '
-                 '--checksum-fill' %
-                 {'interface_name': namespaces.INTERNAL_DEV_PREFIX + '+',
-                  'port': port})]
-
    @classmethod
    def _get_metadata_proxy_user_group(cls, conf):
        user = conf.metadata_proxy_user or str(os.geteuid())
@ -294,8 +286,6 @@ def after_router_added(resource, event, l3_agent, **kwargs):
        router.iptables_manager.ipv4['filter'].add_rule(c, r)
    for c, r in proxy.metadata_nat_rules(proxy.metadata_port):
        router.iptables_manager.ipv4['nat'].add_rule(c, r)
-    for c, r in proxy.metadata_checksum_rules(proxy.metadata_port):
-        router.iptables_manager.ipv4['mangle'].add_rule(c, r)
    router.iptables_manager.apply()

    if not isinstance(router, ha_router.HaRouter):
--- a/neutron/tests/unit/agent/metadata/test_driver.py
+++ b/neutron/tests/unit/agent/metadata/test_driver.py
@ -52,13 +52,6 @@ class TestMetadataDriverRules(base.BaseTestCase):
            rules,
            metadata_driver.MetadataDriver.metadata_filter_rules(9697, '0x1'))

-    def test_metadata_checksum_rules(self):
-        rules = ('POSTROUTING', '-o qr-+ -p tcp -m tcp --sport 9697 '
-                 '-j CHECKSUM --checksum-fill')
-        self.assertEqual(
-            [rules],
-            metadata_driver.MetadataDriver.metadata_checksum_rules(9697))
-

 class TestMetadataDriverProcess(base.BaseTestCase):