Skip to content

Commit

Permalink
[NAT]: Update NAT conntrack entries from natmgr instead of natorch (s…
Browse files Browse the repository at this point in the history
…onic-net#1274)

* Update NAT conntrack entries from natmgr instead of natorch

 Signed-off-by: Akhilesh Samineni <akhilesh.samineni@broadcom.com>
  • Loading branch information
AkhileshSamineni authored Jul 8, 2020
1 parent 94c622f commit 5ddea37
Show file tree
Hide file tree
Showing 8 changed files with 995 additions and 536 deletions.
711 changes: 659 additions & 52 deletions cfgmgr/natmgr.cpp

Large diffs are not rendered by default.

48 changes: 38 additions & 10 deletions cfgmgr/natmgr.h
Original file line number Diff line number Diff line change
Expand Up @@ -17,10 +17,12 @@
#ifndef __NATMGR__
#define __NATMGR__

#include "selectabletimer.h"
#include "dbconnector.h"
#include "producerstatetable.h"
#include "orch.h"
#include "notificationproducer.h"
#include "timer.h"
#include <unistd.h>
#include <set>
#include <map>
Expand Down Expand Up @@ -60,6 +62,7 @@ namespace swss {
#define NAT_TIMEOUT_MIN 300
#define NAT_TIMEOUT_MAX 432000
#define NAT_TIMEOUT_DEFAULT 600
#define NAT_TIMEOUT_LOW 0
#define NAT_TCP_TIMEOUT "nat_tcp_timeout"
#define NAT_TCP_TIMEOUT_MIN 300
#define NAT_TCP_TIMEOUT_MAX 432000
Expand Down Expand Up @@ -119,6 +122,9 @@ namespace swss {
#define IS_RESERVED_ADDR(ipaddr) (ipaddr >= 0xF0000000)
#define IS_ZERO_ADDR(ipaddr) (ipaddr == 0)
#define IS_BROADCAST_ADDR(ipaddr) (ipaddr == 0xFFFFFFFF)
#define NAT_ENTRY_REFRESH_PERIOD 86400 // 1 day
#define REDIRECT_TO_DEV_NULL " &> /dev/null"
#define FLUSH " -F"

const char ip_address_delimiter = '/';

Expand Down Expand Up @@ -234,13 +240,15 @@ class NatMgr : public Orch
void cleanupPoolIpTable();
void cleanupMangleIpTables();
bool isPortInitDone(DBConnector *app_db);

void timeoutNotifications(std::string op, std::string data);
void flushNotifications(std::string op, std::string data);

private:
/* Declare APPL_DB, CFG_DB and STATE_DB tables */
ProducerStateTable m_appNatTableProducer, m_appNaptTableProducer, m_appNatGlobalTableProducer;
ProducerStateTable m_appTwiceNatTableProducer, m_appTwiceNaptTableProducer;
Table m_statePortTable, m_stateLagTable, m_stateVlanTable, m_stateInterfaceTable, m_appNaptPoolIpTable;
std::shared_ptr<swss::NotificationProducer> flushNotifier;
Table m_stateWarmRestartEnableTable, m_stateWarmRestartTable;

/* Declare containers to store NAT Info */
int m_natTimeout;
Expand All @@ -256,9 +264,12 @@ class NatMgr : public Orch
natZoneInterface_map_t m_natZoneInterfaceInfo;
natAclTable_map_t m_natAclTableInfo;
natAclRule_map_t m_natAclRuleInfo;
SelectableTimer *m_natRefreshTimer;

/* Declare doTask related fucntions */
void doTask(Consumer &consumer);
void doTask(SelectableTimer &timer);
void doNatRefreshTimerTask();
void doStaticNatTask(Consumer &consumer);
void doStaticNaptTask(Consumer &consumer);
void doNatPoolTask(Consumer &consumer);
Expand All @@ -271,15 +282,26 @@ class NatMgr : public Orch
/* Declare all NAT functionality member functions*/
void enableNatFeature(void);
void disableNatFeature(void);
void addConntrackSingleNatEntry(const std::string &key);
void addConntrackSingleNaptEntry(const std::string &key);
void deleteConntrackSingleNatEntry(const std::string &key);
void deleteConntrackSingleNaptEntry(const std::string &key);
void addConntrackTwiceNatEntry(const std::string &snatKey, const std::string &dnatKey);
void addConntrackTwiceNaptEntry(const std::string &snatKey, const std::string &dnatKey);
void deleteConntrackTwiceNatEntry(const std::string &snatKey, const std::string &dnatKey);
void deleteConntrackTwiceNaptEntry(const std::string &snatKey, const std::string &dnatKey);
bool warmBootingInProgress(void);
void flushAllNatEntries(void);
void addAllStaticConntrackEntries(void);
void addConntrackStaticSingleNatEntry(const std::string &key);
void addConntrackStaticSingleNaptEntry(const std::string &key);
void updateConntrackStaticSingleNatEntry(const std::string &key);
void updateConntrackStaticSingleNaptEntry(const std::string &key);
void deleteConntrackStaticSingleNatEntry(const std::string &key);
void deleteConntrackStaticSingleNaptEntry(const std::string &key);
void addConntrackStaticTwiceNatEntry(const std::string &snatKey, const std::string &dnatKey);
void addConntrackStaticTwiceNaptEntry(const std::string &snatKey, const std::string &dnatKey);
void updateConntrackStaticTwiceNatEntry(const std::string &snatKey, const std::string &dnatKey);
void updateConntrackStaticTwiceNaptEntry(const std::string &snatKey, const std::string &dnatKey);
void deleteConntrackStaticTwiceNatEntry(const std::string &snatKey, const std::string &dnatKey);
void deleteConntrackStaticTwiceNaptEntry(const std::string &snatKey, const std::string &dnatKey);
void deleteConntrackDynamicEntries(const std::string &ip_range);
void updateDynamicSingleNatConnTrackTimeout(std::string key, int timeout);
void updateDynamicSingleNaptConnTrackTimeout(std::string key, int timeout);
void updateDynamicTwiceNatConnTrackTimeout(std::string key, int timeout);
void updateDynamicTwiceNaptConnTrackTimeout(std::string key, int timeout);
void addStaticNatEntry(const std::string &key);
void addStaticNaptEntry(const std::string &key);
void addStaticSingleNatEntry(const std::string &key);
Expand Down Expand Up @@ -308,6 +330,12 @@ class NatMgr : public Orch
void addStaticNaptIptables(const std::string port);
void removeStaticNatIptables(const std::string port);
void removeStaticNaptIptables(const std::string port);
void setStaticNatConntrackEntries(std::string mode);
void setStaticSingleNatConntrackEntry(const std::string &key, std::string &mode);
void setStaticTwiceNatConntrackEntry(const std::string &key, std::string &mode);
void setStaticNaptConntrackEntries(std::string mode);
void setStaticSingleNaptConntrackEntry(const std::string &key, std::string &mode);
void setStaticTwiceNaptConntrackEntry(const std::string &key, std::string &mode);
void addDynamicNatRule(const std::string &key);
void removeDynamicNatRule(const std::string &key);
void addDynamicNatRuleByAcl(const std::string &key, bool isRuleId = false);
Expand Down
32 changes: 32 additions & 0 deletions cfgmgr/natmgrd.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,9 @@ string gRecordFile;
mutex gDbMutex;
NatMgr *natmgr = NULL;

NotificationConsumer *timeoutNotificationsConsumer = NULL;
NotificationConsumer *flushNotificationsConsumer = NULL;

std::shared_ptr<swss::NotificationProducer> cleanupNotifier;

void sigterm_handler(int signo)
Expand Down Expand Up @@ -142,6 +145,12 @@ int main(int argc, char **argv)
s.addSelectables(o->getSelectables());
}

timeoutNotificationsConsumer = new NotificationConsumer(&appDb, "SETTIMEOUTNAT");
s.addSelectable(timeoutNotificationsConsumer);

flushNotificationsConsumer = new NotificationConsumer(&appDb, "FLUSHNATENTRIES");
s.addSelectable(flushNotificationsConsumer);

SWSS_LOG_NOTICE("starting main loop");
while (true)
{
Expand All @@ -154,6 +163,29 @@ int main(int argc, char **argv)
SWSS_LOG_NOTICE("Error: %s!", strerror(errno));
continue;
}

if (sel == timeoutNotificationsConsumer)
{
std::string op;
std::string data;
std::vector<swss::FieldValueTuple> values;

timeoutNotificationsConsumer->pop(op, data, values);
natmgr->timeoutNotifications(op, data);
continue;
}

if (sel == flushNotificationsConsumer)
{
std::string op;
std::string data;
std::vector<swss::FieldValueTuple> values;

flushNotificationsConsumer->pop(op, data, values);
natmgr->flushNotifications(op, data);
continue;
}

if (ret == Select::TIMEOUT)
{
natmgr->doTask();
Expand Down
8 changes: 8 additions & 0 deletions natsyncd/natsync.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,8 @@ NatSync::NatSync(RedisPipeline *pipelineAppDB, DBConnector *appDb, DBConnector *
m_AppRestartAssist->registerAppTable(APP_NAT_TWICE_TABLE_NAME, &m_natTwiceTable);
m_AppRestartAssist->registerAppTable(APP_NAPT_TWICE_TABLE_NAME, &m_naptTwiceTable);
}

setTimeoutNotifier = std::make_shared<swss::NotificationProducer>(appDb, "SETTIMEOUTNAT");
}

NatSync::~NatSync()
Expand Down Expand Up @@ -490,6 +492,7 @@ int NatSync::addNatEntry(struct nfnl_ct *ct, struct naptEntry &entry, bool addFl
{
m_naptTwiceTable.set(key, fvVector);
SWSS_LOG_NOTICE("Twice NAPT entry with key %s added to APP_DB", key.c_str());
setTimeoutNotifier->send("SET-TWICE-NAPT", key, fvVector);
m_naptTwiceTable.set(reverseEntryKey, reverseFvVector);
SWSS_LOG_NOTICE("Twice NAPT entry with reverse key %s added to APP_DB", reverseEntryKey.c_str());
}
Expand Down Expand Up @@ -530,6 +533,7 @@ int NatSync::addNatEntry(struct nfnl_ct *ct, struct naptEntry &entry, bool addFl
{
m_natTwiceTable.set(key, fvVector);
SWSS_LOG_NOTICE("Twice NAT entry with key %s added to APP_DB", key.c_str());
setTimeoutNotifier->send("SET-TWICE-NAT", key, fvVector);
m_natTwiceTable.set(reverseEntryKey, reverseFvVector);
SWSS_LOG_NOTICE("Twice NAT entry with reverse key %s added to APP_DB", reverseEntryKey.c_str());
}
Expand Down Expand Up @@ -682,6 +686,7 @@ int NatSync::addNatEntry(struct nfnl_ct *ct, struct naptEntry &entry, bool addFl
{
m_naptTable.set(key, fvVector);
SWSS_LOG_NOTICE("SNAPT entry with key %s added to APP_DB", key.c_str());
setTimeoutNotifier->send("SET-SINGLE-NAPT", key, fvVector);
m_naptTable.set(reverseEntryKey, reverseFvVector);
SWSS_LOG_NOTICE("Implicit DNAPT entry with key %s added to APP_DB", reverseEntryKey.c_str());
}
Expand Down Expand Up @@ -786,6 +791,7 @@ int NatSync::addNatEntry(struct nfnl_ct *ct, struct naptEntry &entry, bool addFl
{
m_natTable.set(key, fvVector);
SWSS_LOG_NOTICE("SNAT entry with key %s added to APP_DB", key.c_str());
setTimeoutNotifier->send("SET-SINGLE-NAT", key, fvVector);
m_natTable.set(reverseEntryKey, reverseFvVector);
SWSS_LOG_NOTICE("Implicit DNAT entry with key %s added to APP_DB", reverseEntryKey.c_str());
}
Expand Down Expand Up @@ -890,6 +896,7 @@ int NatSync::addNatEntry(struct nfnl_ct *ct, struct naptEntry &entry, bool addFl
{
m_naptTable.set(key, fvVector);
SWSS_LOG_NOTICE("DNAPT entry with key %s added to APP_DB", key.c_str());
setTimeoutNotifier->send("SET-SINGLE-NAPT", key, fvVector);
m_naptTable.set(reverseEntryKey, reverseFvVector);
SWSS_LOG_NOTICE("Implicit SNAPT entry with key %s added to APP_DB", reverseEntryKey.c_str());
}
Expand Down Expand Up @@ -963,6 +970,7 @@ int NatSync::addNatEntry(struct nfnl_ct *ct, struct naptEntry &entry, bool addFl
{
m_natTable.set(key, fvVector);
SWSS_LOG_NOTICE("DNAT entry with key %s added to APP_DB", key.c_str());
setTimeoutNotifier->send("SET-SINGLE-NAT", key, fvVector);
m_natTable.set(reverseEntryKey, reverseFvVector);
SWSS_LOG_NOTICE("Implicit SNAT entry with key %s added to APP_DB", reverseEntryKey.c_str());
}
Expand Down
3 changes: 3 additions & 0 deletions natsyncd/natsync.h
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@

#include "dbconnector.h"
#include "producerstatetable.h"
#include "notificationproducer.h"
#include "netmsg.h"
#include "warmRestartAssist.h"
#include "ipaddress.h"
Expand Down Expand Up @@ -65,6 +66,8 @@ class NatSync : public NetMsg
bool matchingDnaptEntryExists(const naptEntry &entry);
int addNatEntry(struct nfnl_ct *ct, struct naptEntry &entry, bool addFlag);

std::shared_ptr<swss::NotificationProducer> setTimeoutNotifier;

ProducerStateTable m_natTable;
ProducerStateTable m_naptTable;
ProducerStateTable m_natTwiceTable;
Expand Down
Loading

0 comments on commit 5ddea37

Please sign in to comment.