You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by ro...@apache.org on 2018/04/20 09:59:15 UTC

[cloudstack] branch 4.11 updated: router: Fix routing tables for public IP NAT based access (#2579)

This is an automated email from the ASF dual-hosted git repository.

rohit pushed a commit to branch 4.11
in repository https://gitbox.apache.org/repos/asf/cloudstack.git


The following commit(s) were added to refs/heads/4.11 by this push:
     new 561630e  router: Fix routing tables for public IP NAT based access (#2579)
561630e is described below

commit 561630e44991918faf4ea5a999c1cba3d0e140a9
Author: Rohit Yadav <ro...@apache.org>
AuthorDate: Fri Apr 20 15:29:04 2018 +0530

    router: Fix routing tables for public IP NAT based access (#2579)
    
    This fixes routing table rule setup regression to correctly router
    marked packets based on interface related ip route tables. This thereby
    fixes the access of VMs in the same VPC using NAT/SNAT public IPs.
    
    Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
---
 systemvm/debian/opt/cloud/bin/configure.py    |  4 ++--
 systemvm/debian/opt/cloud/bin/cs/CsAddress.py | 12 +++++++++---
 systemvm/debian/opt/cloud/bin/cs/CsRoute.py   |  7 +++++--
 3 files changed, 16 insertions(+), 7 deletions(-)

diff --git a/systemvm/debian/opt/cloud/bin/configure.py b/systemvm/debian/opt/cloud/bin/configure.py
index b94333f..f9247ad 100755
--- a/systemvm/debian/opt/cloud/bin/configure.py
+++ b/systemvm/debian/opt/cloud/bin/configure.py
@@ -926,8 +926,8 @@ class CsForwardingRules(CsDataBag):
                         "-I PREROUTING -s %s/32 -m state --state NEW -j CONNMARK --save-mark --nfmask 0xffffffff --ctmask 0xffffffff" %
                         rule["internal_ip"]])
         self.fw.append(["mangle", "",
-                        "-I PREROUTING -s %s/32 -m state --state NEW -j MARK --set-xmark 0x%s/0xffffffff" %
-                        (rule["internal_ip"], device[len("eth"):])])
+                        "-I PREROUTING -s %s/32 -m state --state NEW -j MARK --set-xmark %s/0xffffffff" %
+                        (rule["internal_ip"], hex(int(device[len("eth"):])))])
         self.fw.append(["nat", "front",
                         "-A PREROUTING -d %s/32 -j DNAT --to-destination %s" % (rule["public_ip"], rule["internal_ip"])])
         self.fw.append(["nat", "front",
diff --git a/systemvm/debian/opt/cloud/bin/cs/CsAddress.py b/systemvm/debian/opt/cloud/bin/cs/CsAddress.py
index dbafa1d..8df5162 100755
--- a/systemvm/debian/opt/cloud/bin/cs/CsAddress.py
+++ b/systemvm/debian/opt/cloud/bin/cs/CsAddress.py
@@ -297,9 +297,7 @@ class CsIP:
 
             interfaces = [CsInterface(address, self.config)]
             CsHelper.reconfigure_interfaces(self.cl, interfaces)
-            if not self.config.is_vpc() and (self.get_type() in ['public']):
-                self.set_mark()
-            if self.config.is_vpc() and (self.get_type() in ['public']):
+            if self.get_type() in ['public']:
                 self.set_mark()
 
             if 'gateway' in self.address:
@@ -363,6 +361,7 @@ class CsIP:
     def fw_router(self):
         if self.config.is_vpc():
             return
+
         self.fw.append(["mangle", "front", "-A PREROUTING " +
                         "-m state --state RELATED,ESTABLISHED " +
                         "-j CONNMARK --restore-mark --nfmask 0xffffffff --ctmask 0xffffffff"])
@@ -534,6 +533,13 @@ class CsIP:
             if self.config.is_vpc():
                 if self.get_type() in ["public"] and "gateway" in self.address and self.address["gateway"] != "None":
                     route.add_route(self.dev, self.address["gateway"])
+                    for inf, addresses in self.config.address().dbag.iteritems():
+                        if not inf.startswith("eth"):
+                            continue
+                        for address in addresses:
+                            if "nw_type" in address and address["nw_type"] == "guest":
+                                route.add_network_route(self.dev, str(address["network"]))
+
                 route.add_network_route(self.dev, str(self.address["network"]))
 
             CsHelper.execute("sudo ip route flush cache")
diff --git a/systemvm/debian/opt/cloud/bin/cs/CsRoute.py b/systemvm/debian/opt/cloud/bin/cs/CsRoute.py
index 02cc881..74544d9 100755
--- a/systemvm/debian/opt/cloud/bin/cs/CsRoute.py
+++ b/systemvm/debian/opt/cloud/bin/cs/CsRoute.py
@@ -62,13 +62,16 @@ class CsRoute:
         table = self.get_tablename(dev)
         logging.info("Adding route: dev " + dev + " table: " +
                      table + " network: " + address + " if not present")
-        cmd = "dev %s table %s throw %s proto static" % (dev, table, address)
+        cmd = "throw %s table %s proto static" % (address, table)
         self.set_route(cmd)
 
     def set_route(self, cmd, method="add"):
         """ Add a route if it is not already defined """
         found = False
-        for i in CsHelper.execute("ip route show " + cmd):
+        search = cmd
+        if "throw" in search:
+            search = "type " + search
+        for i in CsHelper.execute("ip route show " + search):
             found = True
         if not found and method == "add":
             logging.info("Add " + cmd)

-- 
To stop receiving notification emails like this one, please contact
rohit@apache.org.