[NAT]: Update NAT conntrack entries from natmgr instead of natorch (sonic-net#1274)

* Update NAT conntrack entries from natmgr instead of natorch

 Signed-off-by: Akhilesh Samineni <akhilesh.samineni@broadcom.com>

Author: AkhileshSamineni

cfgmgr/natmgr.cpp

@@ -17,10 +17,12 @@
 #ifndef __NATMGR__
 #define __NATMGR__
 
+#include "selectabletimer.h"
 #include "dbconnector.h"
 #include "producerstatetable.h"
 #include "orch.h"
 #include "notificationproducer.h"
+#include "timer.h"
 #include <unistd.h>
 #include <set>
 #include <map>
@@ -60,6 +62,7 @@ namespace swss {
 #define NAT_TIMEOUT_MIN            300
 #define NAT_TIMEOUT_MAX            432000
 #define NAT_TIMEOUT_DEFAULT        600
+#define NAT_TIMEOUT_LOW            0
 #define NAT_TCP_TIMEOUT            "nat_tcp_timeout"
 #define NAT_TCP_TIMEOUT_MIN        300
 #define NAT_TCP_TIMEOUT_MAX        432000
@@ -119,6 +122,9 @@ namespace swss {
 #define IS_RESERVED_ADDR(ipaddr)   (ipaddr >= 0xF0000000)
 #define IS_ZERO_ADDR(ipaddr)       (ipaddr == 0)
 #define IS_BROADCAST_ADDR(ipaddr)  (ipaddr == 0xFFFFFFFF)
+#define NAT_ENTRY_REFRESH_PERIOD   86400    // 1 day
+#define REDIRECT_TO_DEV_NULL       " &> /dev/null"
+#define FLUSH                      " -F"
 
 const char ip_address_delimiter = '/';
 
@@ -234,13 +240,15 @@ class NatMgr : public Orch
     void cleanupPoolIpTable();
     void cleanupMangleIpTables();
     bool isPortInitDone(DBConnector *app_db);
-   
+    void timeoutNotifications(std::string op, std::string data);
+    void flushNotifications(std::string op, std::string data);
+
 private:
     /* Declare APPL_DB, CFG_DB and STATE_DB tables */
     ProducerStateTable m_appNatTableProducer, m_appNaptTableProducer, m_appNatGlobalTableProducer;
     ProducerStateTable m_appTwiceNatTableProducer, m_appTwiceNaptTableProducer;
     Table m_statePortTable, m_stateLagTable, m_stateVlanTable, m_stateInterfaceTable, m_appNaptPoolIpTable;
-    std::shared_ptr<swss::NotificationProducer> flushNotifier;
+    Table m_stateWarmRestartEnableTable, m_stateWarmRestartTable;
 
     /* Declare containers to store NAT Info */
     int          m_natTimeout;
@@ -256,9 +264,12 @@ class NatMgr : public Orch
     natZoneInterface_map_t   m_natZoneInterfaceInfo;
     natAclTable_map_t        m_natAclTableInfo;
     natAclRule_map_t         m_natAclRuleInfo;
+    SelectableTimer          *m_natRefreshTimer;
 
     /* Declare doTask related fucntions */
     void doTask(Consumer &consumer);
+    void doTask(SelectableTimer &timer);
+    void doNatRefreshTimerTask();
     void doStaticNatTask(Consumer &consumer);
     void doStaticNaptTask(Consumer &consumer);
     void doNatPoolTask(Consumer &consumer);
@@ -271,15 +282,26 @@ class NatMgr : public Orch
     /* Declare all NAT functionality member functions*/
     void enableNatFeature(void);
     void disableNatFeature(void);
-    void addConntrackSingleNatEntry(const std::string &key);
-    void addConntrackSingleNaptEntry(const std::string &key);
-    void deleteConntrackSingleNatEntry(const std::string &key);
-    void deleteConntrackSingleNaptEntry(const std::string &key);
-    void addConntrackTwiceNatEntry(const std::string &snatKey, const std::string &dnatKey);
-    void addConntrackTwiceNaptEntry(const std::string &snatKey, const std::string &dnatKey);
-    void deleteConntrackTwiceNatEntry(const std::string &snatKey, const std::string &dnatKey);
-    void deleteConntrackTwiceNaptEntry(const std::string &snatKey, const std::string &dnatKey);
+    bool warmBootingInProgress(void);
+    void flushAllNatEntries(void);
+    void addAllStaticConntrackEntries(void);
+    void addConntrackStaticSingleNatEntry(const std::string &key);
+    void addConntrackStaticSingleNaptEntry(const std::string &key);
+    void updateConntrackStaticSingleNatEntry(const std::string &key);
+    void updateConntrackStaticSingleNaptEntry(const std::string &key);
+    void deleteConntrackStaticSingleNatEntry(const std::string &key);
+    void deleteConntrackStaticSingleNaptEntry(const std::string &key);
+    void addConntrackStaticTwiceNatEntry(const std::string &snatKey, const std::string &dnatKey);
+    void addConntrackStaticTwiceNaptEntry(const std::string &snatKey, const std::string &dnatKey);
+    void updateConntrackStaticTwiceNatEntry(const std::string &snatKey, const std::string &dnatKey);
+    void updateConntrackStaticTwiceNaptEntry(const std::string &snatKey, const std::string &dnatKey);
+    void deleteConntrackStaticTwiceNatEntry(const std::string &snatKey, const std::string &dnatKey);
+    void deleteConntrackStaticTwiceNaptEntry(const std::string &snatKey, const std::string &dnatKey);
     void deleteConntrackDynamicEntries(const std::string &ip_range);
+    void updateDynamicSingleNatConnTrackTimeout(std::string key, int timeout);
+    void updateDynamicSingleNaptConnTrackTimeout(std::string key, int timeout);
+    void updateDynamicTwiceNatConnTrackTimeout(std::string key, int timeout);
+    void updateDynamicTwiceNaptConnTrackTimeout(std::string key, int timeout);
     void addStaticNatEntry(const std::string &key);
     void addStaticNaptEntry(const std::string &key);
     void addStaticSingleNatEntry(const std::string &key);
@@ -308,6 +330,12 @@ class NatMgr : public Orch
     void addStaticNaptIptables(const std::string port);
     void removeStaticNatIptables(const std::string port);
     void removeStaticNaptIptables(const std::string port);
+    void setStaticNatConntrackEntries(std::string mode);
+    void setStaticSingleNatConntrackEntry(const std::string &key, std::string &mode);
+    void setStaticTwiceNatConntrackEntry(const std::string &key, std::string &mode);
+    void setStaticNaptConntrackEntries(std::string mode);
+    void setStaticSingleNaptConntrackEntry(const std::string &key, std::string &mode);
+    void setStaticTwiceNaptConntrackEntry(const std::string &key, std::string &mode);
     void addDynamicNatRule(const std::string &key);
     void removeDynamicNatRule(const std::string &key);
     void addDynamicNatRuleByAcl(const std::string &key, bool isRuleId = false);

cfgmgr/natmgr.h

@@ -55,6 +55,9 @@ string    gRecordFile;
 mutex     gDbMutex;
 NatMgr    *natmgr = NULL;
 
+NotificationConsumer   *timeoutNotificationsConsumer = NULL;
+NotificationConsumer   *flushNotificationsConsumer = NULL;
+
 std::shared_ptr<swss::NotificationProducer> cleanupNotifier;
 
 void sigterm_handler(int signo)
@@ -142,6 +145,12 @@ int main(int argc, char **argv)
             s.addSelectables(o->getSelectables());
         }
 
+        timeoutNotificationsConsumer = new NotificationConsumer(&appDb, "SETTIMEOUTNAT");
+        s.addSelectable(timeoutNotificationsConsumer);
+
+        flushNotificationsConsumer = new NotificationConsumer(&appDb, "FLUSHNATENTRIES");
+        s.addSelectable(flushNotificationsConsumer);
+
         SWSS_LOG_NOTICE("starting main loop");
         while (true)
         {
@@ -154,6 +163,29 @@ int main(int argc, char **argv)
                 SWSS_LOG_NOTICE("Error: %s!", strerror(errno));
                 continue;
             }
+
+            if (sel == timeoutNotificationsConsumer)
+            {
+               std::string op;
+               std::string data;
+               std::vector<swss::FieldValueTuple> values;
+
+               timeoutNotificationsConsumer->pop(op, data, values);
+               natmgr->timeoutNotifications(op, data);
+               continue;
+            }
+
+            if (sel == flushNotificationsConsumer)
+            {
+               std::string op;
+               std::string data;
+               std::vector<swss::FieldValueTuple> values;
+
+               flushNotificationsConsumer->pop(op, data, values);
+               natmgr->flushNotifications(op, data);
+               continue;
+            }
+
             if (ret == Select::TIMEOUT)
             {
                 natmgr->doTask();

cfgmgr/natmgrd.cpp

@@ -59,6 +59,8 @@ NatSync::NatSync(RedisPipeline *pipelineAppDB, DBConnector *appDb, DBConnector *
         m_AppRestartAssist->registerAppTable(APP_NAT_TWICE_TABLE_NAME, &m_natTwiceTable);
         m_AppRestartAssist->registerAppTable(APP_NAPT_TWICE_TABLE_NAME, &m_naptTwiceTable);
     }
+
+    setTimeoutNotifier = std::make_shared<swss::NotificationProducer>(appDb, "SETTIMEOUTNAT");
 }
 
 NatSync::~NatSync()
@@ -490,6 +492,7 @@ int NatSync::addNatEntry(struct nfnl_ct *ct, struct naptEntry &entry, bool addFl
                 {
                     m_naptTwiceTable.set(key, fvVector);
                     SWSS_LOG_NOTICE("Twice NAPT entry with key %s added to APP_DB", key.c_str());
+                    setTimeoutNotifier->send("SET-TWICE-NAPT", key, fvVector);
                     m_naptTwiceTable.set(reverseEntryKey, reverseFvVector);
                     SWSS_LOG_NOTICE("Twice NAPT entry with reverse key %s added to APP_DB", reverseEntryKey.c_str());
                 }
@@ -530,6 +533,7 @@ int NatSync::addNatEntry(struct nfnl_ct *ct, struct naptEntry &entry, bool addFl
                 {
                     m_natTwiceTable.set(key, fvVector);
                     SWSS_LOG_NOTICE("Twice NAT entry with key %s added to APP_DB", key.c_str());
+                    setTimeoutNotifier->send("SET-TWICE-NAT", key, fvVector);
                     m_natTwiceTable.set(reverseEntryKey, reverseFvVector);
                     SWSS_LOG_NOTICE("Twice NAT entry with reverse key %s added to APP_DB", reverseEntryKey.c_str());
                 }
@@ -682,6 +686,7 @@ int NatSync::addNatEntry(struct nfnl_ct *ct, struct naptEntry &entry, bool addFl
                         {
                             m_naptTable.set(key, fvVector);
                             SWSS_LOG_NOTICE("SNAPT entry with key %s added to APP_DB", key.c_str());
+                            setTimeoutNotifier->send("SET-SINGLE-NAPT", key, fvVector);
                             m_naptTable.set(reverseEntryKey, reverseFvVector);
                             SWSS_LOG_NOTICE("Implicit DNAPT entry with key %s added to APP_DB", reverseEntryKey.c_str());
                         }
@@ -786,6 +791,7 @@ int NatSync::addNatEntry(struct nfnl_ct *ct, struct naptEntry &entry, bool addFl
                         {
                             m_natTable.set(key, fvVector);
                             SWSS_LOG_NOTICE("SNAT entry with key %s added to APP_DB", key.c_str());
+                            setTimeoutNotifier->send("SET-SINGLE-NAT", key, fvVector);
                             m_natTable.set(reverseEntryKey, reverseFvVector);
                             SWSS_LOG_NOTICE("Implicit DNAT entry with key %s added to APP_DB", reverseEntryKey.c_str());
                         }
@@ -890,6 +896,7 @@ int NatSync::addNatEntry(struct nfnl_ct *ct, struct naptEntry &entry, bool addFl
                     {
                         m_naptTable.set(key, fvVector);
                         SWSS_LOG_NOTICE("DNAPT entry with key %s added to APP_DB", key.c_str());
+                        setTimeoutNotifier->send("SET-SINGLE-NAPT", key, fvVector);
                         m_naptTable.set(reverseEntryKey, reverseFvVector);
                         SWSS_LOG_NOTICE("Implicit SNAPT entry with key %s added to APP_DB", reverseEntryKey.c_str());
                     }
@@ -963,6 +970,7 @@ int NatSync::addNatEntry(struct nfnl_ct *ct, struct naptEntry &entry, bool addFl
                     {
                         m_natTable.set(key, fvVector);
                         SWSS_LOG_NOTICE("DNAT entry with key %s added to APP_DB", key.c_str());
+                        setTimeoutNotifier->send("SET-SINGLE-NAT", key, fvVector);
                         m_natTable.set(reverseEntryKey, reverseFvVector);
                         SWSS_LOG_NOTICE("Implicit SNAT entry with key %s added to APP_DB", reverseEntryKey.c_str());
                     }

natsyncd/natsync.cpp

@@ -19,6 +19,7 @@
 
 #include "dbconnector.h"
 #include "producerstatetable.h"
+#include "notificationproducer.h"
 #include "netmsg.h"
 #include "warmRestartAssist.h"
 #include "ipaddress.h"
@@ -65,6 +66,8 @@ class NatSync : public NetMsg
     bool        matchingDnaptEntryExists(const naptEntry &entry);
     int         addNatEntry(struct nfnl_ct *ct, struct naptEntry &entry, bool addFlag);
 
+    std::shared_ptr<swss::NotificationProducer> setTimeoutNotifier;
+
     ProducerStateTable m_natTable;
     ProducerStateTable m_naptTable;
     ProducerStateTable m_natTwiceTable;