mirror of https://github.com/apache/cloudstack.git
83f705ddc5
* Fix static routes to be added to PBR tables in VPC routers Static routes were only being added to the main routing table, but policy-based routing (PBR) is active on VPC routers. This caused traffic coming in from specific interfaces to not find the static routes, as they use interface-specific routing tables (Table_ethX). This fix: - Adds a helper method to find which interface a gateway belongs to by matching the gateway IP against configured interface subnets - Modifies route add/delete operations to update both the main table and the appropriate interface-specific PBR table - Uses existing CsAddress databag metadata to avoid OS queries - Handles both add and revoke operations for proper cleanup - Adds comprehensive logging for troubleshooting Fixes #12857 * Add iptables FORWARD rules for nexthop-based static routes When static routes use nexthop (gateway) instead of referencing a private gateway's public IP, the iptables FORWARD rules were not being generated. This caused traffic to be dropped by ACLs. This fix: - Adds a shared helper CsHelper.find_device_for_gateway() to determine which interface a gateway belongs to by checking subnet membership - Updates CsStaticRoutes to use the shared helper instead of duplicating the device-finding logic - Modifies CsAddress firewall rule generation to handle both old-style (ip_address-based) and new-style (nexthop-based) static routes - Generates the required FORWARD and PREROUTING rules for nexthop routes: * -A PREROUTING -s <network> ! -d <interface_ip>/32 -i <dev> -j ACL_OUTBOUND_<dev> * -A FORWARD -d <network> -o <dev> -j ACL_INBOUND_<dev> * -A FORWARD -d <network> -o <dev> -m state --state RELATED,ESTABLISHED -j ACCEPT Fixes the second part of #12857 * network matching grep fix, don't let 1.2.3.4/32 match 11.2.3.4/32 |
||
|---|---|---|
| .. | ||
| CsAddress.py | ||
| CsApp.py | ||
| CsBgpPeers.py | ||
| CsConfig.py | ||
| CsDatabag.py | ||
| CsDhcp.py | ||
| CsFile.py | ||
| CsGuestNetwork.py | ||
| CsHelper.py | ||
| CsLoadBalancer.py | ||
| CsMonitor.py | ||
| CsNetfilter.py | ||
| CsProcess.py | ||
| CsRedundant.py | ||
| CsRoute.py | ||
| CsRule.py | ||
| CsStaticRoutes.py | ||
| CsVpcGuestNetwork.py | ||
| __init__.py | ||