diff --git a/neutron/agent/l3/extensions/port_forwarding.py b/neutron/agent/l3/extensions/port_forwarding.py index b8001306458..f7b172f173c 100644 --- a/neutron/agent/l3/extensions/port_forwarding.py +++ b/neutron/agent/l3/extensions/port_forwarding.py @@ -24,6 +24,7 @@ from neutron.api.rpc.callbacks.consumer import registry from neutron.api.rpc.callbacks import events from neutron.api.rpc.callbacks import resources from neutron.api.rpc.handlers import resources_rpc +from neutron.common import constants from neutron.common import rpc as n_rpc from neutron_lib.agent import l3_extension from neutron_lib import constants as lib_consts @@ -32,10 +33,6 @@ LOG = logging.getLogger(__name__) DEFAULT_PORT_FORWARDING_CHAIN = 'fip-pf' PORT_FORWARDING_PREFIX = 'fip_portforwarding-' PORT_FORWARDING_CHAIN_PREFIX = 'pf-' -# TODO(bzhao) If there are other files use this constant, and move it into -# constants file. This line will be removed and get the value from constants -# file. -MAX_CHAIN_LEN_WRAP = 11 class RouterFipPortForwardingMapping(object): @@ -379,7 +376,7 @@ class PortForwardingAgentExtension(l3_extension.L3AgentExtension): def _get_port_forwarding_chain_name(self, pf_id): chain_name = PORT_FORWARDING_CHAIN_PREFIX + pf_id - return chain_name[:MAX_CHAIN_LEN_WRAP] + return chain_name[:constants.MAX_IPTABLES_CHAIN_LEN_WRAP] def _install_default_rules(self, iptables_manager): default_rule = '-j %s-%s' % (iptables_manager.wrap_name, diff --git a/neutron/agent/linux/iptables_manager.py b/neutron/agent/linux/iptables_manager.py index 15d2708d484..c0e7778057b 100644 --- a/neutron/agent/linux/iptables_manager.py +++ b/neutron/agent/linux/iptables_manager.py @@ -35,6 +35,7 @@ from neutron._i18n import _ from neutron.agent.linux import ip_lib from neutron.agent.linux import iptables_comments as ic from neutron.agent.linux import utils as linux_utils +from neutron.common import constants from neutron.common import exceptions as n_exc from neutron.conf.agent import common as config @@ -54,11 +55,6 @@ def get_binary_name(): binary_name = get_binary_name() -# A length of a chain name must be less than or equal to 11 characters. -# - ( + '-') = 28-(16+1) = 11 -MAX_CHAIN_LEN_WRAP = 11 -MAX_CHAIN_LEN_NOWRAP = 28 - # Number of iptables rules to print before and after a rule that causes a # a failure during iptables-restore IPTABLES_ERROR_LINES_OF_CONTEXT = 5 @@ -88,9 +84,9 @@ def comment_rule(rule, comment): def get_chain_name(chain_name, wrap=True): if wrap: - return chain_name[:MAX_CHAIN_LEN_WRAP] + return chain_name[:constants.MAX_IPTABLES_CHAIN_LEN_WRAP] else: - return chain_name[:MAX_CHAIN_LEN_NOWRAP] + return chain_name[:constants.MAX_IPTABLES_CHAIN_LEN_NOWRAP] class IptablesRule(object): diff --git a/neutron/common/constants.py b/neutron/common/constants.py index ca91f3623fb..bb16f1dfaa0 100644 --- a/neutron/common/constants.py +++ b/neutron/common/constants.py @@ -134,6 +134,12 @@ IPTABLES_PROTOCOL_NAME_MAP = {lib_constants.PROTO_NAME_IPV6_ENCAP: 'ipv6', '141': 'wesp', '142': 'rohc'} +# A length of a iptables chain name must be less than or equal to 11 +# characters. +# - ( + '-') = 28-(16+1) = 11 +MAX_IPTABLES_CHAIN_LEN_WRAP = 11 +MAX_IPTABLES_CHAIN_LEN_NOWRAP = 28 + # Timeout in seconds for getting an IPv6 LLA LLA_TASK_TIMEOUT = 40 diff --git a/neutron/tests/unit/agent/l3/extensions/test_port_forwarding.py b/neutron/tests/unit/agent/l3/extensions/test_port_forwarding.py index c2316359cd3..368ff694306 100644 --- a/neutron/tests/unit/agent/l3/extensions/test_port_forwarding.py +++ b/neutron/tests/unit/agent/l3/extensions/test_port_forwarding.py @@ -26,6 +26,7 @@ from neutron.agent.linux import iptables_manager from neutron.api.rpc.callbacks.consumer import registry from neutron.api.rpc.callbacks import resources from neutron.api.rpc.handlers import resources_rpc +from neutron.common import constants from neutron.objects import port_forwarding as pf_obj from neutron.objects import router from neutron.tests import base @@ -144,7 +145,8 @@ class FipPortForwardingExtensionTestCase(PortForwardingExtensionBaseTestCase): def _get_chainrule_tag_from_pf_obj(self, target_obj): rule_tag = 'fip_portforwarding-' + target_obj.id - chain_name = ('pf-' + target_obj.id)[:pf.MAX_CHAIN_LEN_WRAP] + chain_name = ( + 'pf-' + target_obj.id)[:constants.MAX_IPTABLES_CHAIN_LEN_WRAP] chain_rule = (chain_name, '-d %s/32 -p %s -m %s --dport %s ' '-j DNAT --to-destination %s:%s' % ( @@ -235,7 +237,7 @@ class FipPortForwardingExtensionTestCase(PortForwardingExtensionBaseTestCase): mock_ip_device.return_value = mock_delete self.fip_pf_ext.update_router(self.context, self.router) current_chain = ('pf-' + self.portforwarding1.id)[ - :pf.MAX_CHAIN_LEN_WRAP] + :constants.MAX_IPTABLES_CHAIN_LEN_WRAP] mock_remove_chain.assert_called_once_with(current_chain) mock_delete.delete_socket_conntrack_state.assert_called_once_with( str(self.portforwarding1.floating_ip_address), @@ -266,7 +268,7 @@ class FipPortForwardingExtensionTestCase(PortForwardingExtensionBaseTestCase): mock_ip_device.return_value = mock_device self.fip_pf_ext.update_router(self.context, self.router) current_chain = ('pf-' + self.portforwarding1.id)[ - :pf.MAX_CHAIN_LEN_WRAP] + :constants.MAX_IPTABLES_CHAIN_LEN_WRAP] mock_remove_chain.assert_called_once_with(current_chain) mock_device.delete_socket_conntrack_state.assert_called_once_with( str(self.portforwarding1.floating_ip_address),