def ip_nonlocal_bind():
nsname1 = "ipnonlocalbind1-" + uuidutils.generate_uuid()
nsname2 = "ipnonlocalbind2-" + uuidutils.generate_uuid()
ip_lib.create_network_namespace(nsname1)
try:
ip_lib.create_network_namespace(nsname2)
try:
original_value = ip_lib.get_ip_nonlocal_bind(namespace=None)
try:
ip_lib.set_ip_nonlocal_bind(value=0, namespace=nsname1)
ip_lib.set_ip_nonlocal_bind(value=1, namespace=nsname2)
ns1_value = ip_lib.get_ip_nonlocal_bind(namespace=nsname1)
finally:
_fix_ip_nonlocal_bind_root_value(original_value)
except RuntimeError as e:
LOG.debug(
"Exception while checking ip_nonlocal_bind. "
"Exception: %s", e)
return False
finally:
ip_lib.delete_network_namespace(nsname2)
finally:
ip_lib.delete_network_namespace(nsname1)
return ns1_value == 0
def ip_nonlocal_bind():
ipw = ip_lib.IPWrapper()
nsname1 = "ipnonlocalbind1-" + uuidutils.generate_uuid()
nsname2 = "ipnonlocalbind2-" + uuidutils.generate_uuid()
ipw.netns.add(nsname1)
try:
ipw.netns.add(nsname2)
try:
original_value = ip_lib.get_ip_nonlocal_bind(namespace=None)
try:
ip_lib.set_ip_nonlocal_bind(value=0, namespace=nsname1)
ip_lib.set_ip_nonlocal_bind(value=1, namespace=nsname2)
ns1_value = ip_lib.get_ip_nonlocal_bind(namespace=nsname1)
finally:
_fix_ip_nonlocal_bind_root_value(original_value)
except RuntimeError as e:
LOG.debug("Exception while checking ip_nonlocal_bind. "
"Exception: %s", e)
return False
finally:
ipw.netns.delete(nsname2)
finally:
ipw.netns.delete(nsname1)
return ns1_value == 0
def test_assigned_value(self):
namespace = self.useFixture(net_helpers.NamespaceFixture())
for expected in (0, 1):
try:
ip_lib.set_ip_nonlocal_bind(expected, namespace.name)
except RuntimeError as rte:
stat_message = (
'cannot stat /proc/sys/net/ipv4/ip_nonlocal_bind')
if stat_message in str(rte):
raise self.skipException(
"This kernel doesn't support %s in network "
"namespaces." % ip_lib.IP_NONLOCAL_BIND)
raise
observed = ip_lib.get_ip_nonlocal_bind(namespace.name)
self.assertEqual(expected, observed)
def create(self):
LOG.debug("DVR: add fip namespace: %s", self.name)
# parent class will ensure the namespace exists and turn-on forwarding
super(FipNamespace, self).create()
# Somewhere in the 3.19 kernel timeframe ip_nonlocal_bind was
# changed to be a per-namespace attribute. To be backwards
# compatible we need to try both if at first we fail.
failed = ip_lib.set_ip_nonlocal_bind(
value=1, namespace=self.name, log_fail_as_error=False)
if failed:
LOG.debug('DVR: fip namespace (%s) does not support setting '
'net.ipv4.ip_nonlocal_bind, trying in root namespace',
self.name)
ip_lib.set_ip_nonlocal_bind(value=1)
# no connection tracking needed in fip namespace
self._iptables_manager.ipv4['raw'].add_rule('PREROUTING',
'-j CT --notrack')
self._iptables_manager.apply()
def create(self):
LOG.debug("DVR: add fip namespace: %s", self.name)
# parent class will ensure the namespace exists and turn-on forwarding
super(FipNamespace, self).create()
# Somewhere in the 3.19 kernel timeframe ip_nonlocal_bind was
# changed to be a per-namespace attribute. To be backwards
# compatible we need to try both if at first we fail.
failed = ip_lib.set_ip_nonlocal_bind(
value=1, namespace=self.name, log_fail_as_error=False)
if failed:
LOG.debug('DVR: fip namespace (%s) does not support setting '
'net.ipv4.ip_nonlocal_bind, trying in root namespace',
self.name)
ip_lib.set_ip_nonlocal_bind(value=1)
# no connection tracking needed in fip namespace
self._iptables_manager.ipv4['raw'].add_rule('PREROUTING',
'-j CT --notrack')
self._iptables_manager.apply()
def test_assigned_value(self):
namespace = self.useFixture(net_helpers.NamespaceFixture())
for expected in (0, 1):
failed = ip_lib.set_ip_nonlocal_bind(expected, namespace.name)
try:
observed = ip_lib.get_ip_nonlocal_bind(namespace.name)
except RuntimeError as rte:
stat_message = (
'cannot stat /proc/sys/net/ipv4/ip_nonlocal_bind')
if stat_message in str(rte):
raise self.skipException(
"This kernel doesn't support %s in network "
"namespaces." % ip_lib.IP_NONLOCAL_BIND)
raise
self.assertFalse(failed)
self.assertEqual(expected, observed)
def _fix_ip_nonlocal_bind_root_value(original_value):
current_value = ip_lib.get_ip_nonlocal_bind(namespace=None)
if current_value != original_value:
ip_lib.set_ip_nonlocal_bind(value=original_value, namespace=None)
def _fix_ip_nonlocal_bind_root_value(original_value):
current_value = ip_lib.get_ip_nonlocal_bind(namespace=None)
if current_value != original_value:
ip_lib.set_ip_nonlocal_bind(value=original_value, namespace=None)
