router: Fix routing tables for public IP NAT based access (#2579)

This fixes routing table rule setup regression to correctly router
marked packets based on interface related ip route tables. This thereby
fixes the access of VMs in the same VPC using NAT/SNAT public IPs.

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>

systemvm/debian/opt/cloud/bin/configure.py

@@ -926,8 +926,8 @@ class CsForwardingRules(CsDataBag):
                         "-I PREROUTING -s %s/32 -m state --state NEW -j CONNMARK --save-mark --nfmask 0xffffffff --ctmask 0xffffffff" %
                         rule["internal_ip"]])
         self.fw.append(["mangle", "",
-                        "-I PREROUTING -s %s/32 -m state --state NEW -j MARK --set-xmark 0x%s/0xffffffff" %
-                        (rule["internal_ip"], device[len("eth"):])])
+                        "-I PREROUTING -s %s/32 -m state --state NEW -j MARK --set-xmark %s/0xffffffff" %
+                        (rule["internal_ip"], hex(int(device[len("eth"):])))])
         self.fw.append(["nat", "front",
                         "-A PREROUTING -d %s/32 -j DNAT --to-destination %s" % (rule["public_ip"], rule["internal_ip"])])
         self.fw.append(["nat", "front",

systemvm/debian/opt/cloud/bin/cs/CsAddress.py

@@ -297,9 +297,7 @@ class CsIP:
 
             interfaces = [CsInterface(address, self.config)]
             CsHelper.reconfigure_interfaces(self.cl, interfaces)
-            if not self.config.is_vpc() and (self.get_type() in ['public']):
-                self.set_mark()
-            if self.config.is_vpc() and (self.get_type() in ['public']):
+            if self.get_type() in ['public']:
                 self.set_mark()
 
             if 'gateway' in self.address:
@@ -363,6 +361,7 @@ class CsIP:
     def fw_router(self):
         if self.config.is_vpc():
             return
+
         self.fw.append(["mangle", "front", "-A PREROUTING " +
                         "-m state --state RELATED,ESTABLISHED " +
                         "-j CONNMARK --restore-mark --nfmask 0xffffffff --ctmask 0xffffffff"])
@@ -534,6 +533,13 @@ class CsIP:
             if self.config.is_vpc():
                 if self.get_type() in ["public"] and "gateway" in self.address and self.address["gateway"] != "None":
                     route.add_route(self.dev, self.address["gateway"])
+                    for inf, addresses in self.config.address().dbag.iteritems():
+                        if not inf.startswith("eth"):
+                            continue
+                        for address in addresses:
+                            if "nw_type" in address and address["nw_type"] == "guest":
+                                route.add_network_route(self.dev, str(address["network"]))
+
                 route.add_network_route(self.dev, str(self.address["network"]))
 
             CsHelper.execute("sudo ip route flush cache")

systemvm/debian/opt/cloud/bin/cs/CsRoute.py

@@ -62,13 +62,16 @@ class CsRoute:
         table = self.get_tablename(dev)
         logging.info("Adding route: dev " + dev + " table: " +
                      table + " network: " + address + " if not present")
-        cmd = "dev %s table %s throw %s proto static" % (dev, table, address)
+        cmd = "throw %s table %s proto static" % (address, table)
         self.set_route(cmd)
 
     def set_route(self, cmd, method="add"):
         """ Add a route if it is not already defined """
         found = False
-        for i in CsHelper.execute("ip route show " + cmd):
+        search = cmd
+        if "throw" in search:
+            search = "type " + search
+        for i in CsHelper.execute("ip route show " + search):
             found = True
         if not found and method == "add":
             logging.info("Add " + cmd)