gh-681: privateVIP traslation when dealing with cloudAPIs

loxilb-io · May 28, 2024 · 062094a · 062094a
1 parent 0a6fe44
commit 062094a
Showing 1 changed file with 79 additions and 36 deletions.
diff --git a/pkg/loxinet/rules.go b/pkg/loxinet/rules.go
@@ -317,13 +317,18 @@ type epChecker struct {
  tD chan bool
 }
 
+type vipElem struct {
+ ref int
+ pVIP net.IP
+}
+
 // RuleH - context container
 type RuleH struct {
  zone *Zone
  cfg RuleCfg
  tables [RtMax]ruleTable
  epMap map[string]*epHost
- vipMap map[string]int
+ vipMap map[string]*vipElem
  epCs [MaxEndPointCheckers]epChecker
  wg sync.WaitGroup
  lepHID uint8
@@ -340,7 +345,7 @@ func RulesInit(zone *Zone) *RuleH {
  nRh.cfg.RuleInactChkTime = DflLbaCheckTimeout
  nRh.cfg.RuleInactTries = DflLbaInactiveTries
 
- nRh.vipMap = make(map[string]int)
+ nRh.vipMap = make(map[string]*vipElem)
  nRh.epMap = make(map[string]*epHost)
  nRh.tables[RtFw].tableMatch = RmMax - 1
  nRh.tables[RtFw].tableType = RtMf
@@ -1190,6 +1195,7 @@ func (R *RuleH) AddNatLbRule(serv cmn.LbServiceArg, servSecIPs []cmn.LbSecIPArg,
  var natActs ruleNatActs
  var nSecIP []ruleNatSIP
  var ipProto uint8
+ var privIP net.IP
 
  // Validate service args
  service := ""
@@ -1203,6 +1209,14 @@ func (R *RuleH) AddNatLbRule(serv cmn.LbServiceArg, servSecIPs []cmn.LbSecIPArg,
  return RuleUnknownServiceErr, errors.New("malformed-service error")
  }
 
+ privIP = nil
+ if serv.PrivateIP != "" {
+ privIP = net.ParseIP(serv.PrivateIP)
+ if privIP == nil {
+ return RuleUnknownServiceErr, errors.New("malformed-service privateIP error")
+ }
+ }
+
  // Validate inactivity timeout
  if serv.InactiveTimeout > LbMaxInactiveTimeout {
  return RuleArgsErr, errors.New("service-args error")
@@ -1444,7 +1458,7 @@ func (R *RuleH) AddNatLbRule(serv cmn.LbServiceArg, servSecIPs []cmn.LbSecIPArg,
  r.iTo = serv.InactiveTimeout
  r.bgp = serv.Bgp
  r.ci = cmn.CIDefault
- r.privIP, _ = R.RuleVIP2PrivIP(sNetAddr.IP)
+ r.privIP = privIP
 
  R.FoldRecursiveEPs(r)
 
@@ -1457,12 +1471,9 @@ func (R *RuleH) AddNatLbRule(serv cmn.LbServiceArg, servSecIPs []cmn.LbSecIPArg,
  if r.ruleNum < RtMaximumLbs {
  R.tables[RtLB].rArr[r.ruleNum] = r
  }
- if !strings.Contains(r.name, "ipvs") {
- R.vipMap[sNetAddr.IP.String()]++
 
- if R.vipMap[sNetAddr.IP.String()] == 1 {
- R.AdvRuleVIPIfL2(sNetAddr.IP)
- }
+ if !strings.Contains(r.name, "ipvs") {
+ R.AddRuleVIP(sNetAddr.IP, r.RuleVIP2PrivIP())
  }
 
  r.DP(DpCreate)
@@ -1527,23 +1538,7 @@ func (R *RuleH) DeleteNatLbRule(serv cmn.LbServiceArg) (int, error) {
  }
 
  if !strings.Contains(rule.name, "ipvs") {
- R.vipMap[sNetAddr.IP.String()]--
-
- if R.vipMap[sNetAddr.IP.String()] == 0 {
- if utils.IsIPHostAddr(sNetAddr.IP.String()) {
- loxinlp.DelAddrNoHook(sNetAddr.IP.String()+"/32", "lo")
- err := CloudUpdatePrivateIP(sNetAddr.IP, false)
- if err != nil {
- tk.LogIt(tk.LogError, "%s: lb-rule vip %s delete failed. err: %v\n", mh.cloudLabel, sNetAddr.IP.String(), err)
- }
- }
- dev := fmt.Sprintf("llb-rule-%s", sNetAddr.IP.String())
- ret, _ := mh.zr.L3.IfaFind(dev, sNetAddr.IP)
- if ret == 0 {
- mh.zr.L3.IfaDelete(dev, sNetAddr.IP.String()+"/32")
- }
- delete(R.vipMap, sNetAddr.IP.String())
- }
+ R.DeleteRuleVIP(sNetAddr.IP)
  }
 
  tk.LogIt(tk.LogDebug, "nat lb-rule deleted %s-%s\n", rule.tuples.String(), rule.act.String())
@@ -2311,11 +2306,7 @@ func (r *ruleEnt) Nat2DP(work DpWorkT) int {
  nWork.Work = work
  nWork.Status = &r.sync
  nWork.ZoneNum = r.zone.ZoneNum
- if r.privIP == nil || r.privIP.IsUnspecified() {
- nWork.ServiceIP = r.tuples.l3Dst.addr.IP.Mask(r.tuples.l3Dst.addr.Mask)
- } else {
- nWork.ServiceIP = r.privIP
- }
+ nWork.ServiceIP = r.RuleVIP2PrivIP()
  nWork.L4Port = r.tuples.l4Dst.val
  nWork.Proto = r.tuples.l4Prot.val
  nWork.Mark = int(r.ruleNum)
@@ -2685,17 +2676,69 @@ func (R *RuleH) AdvRuleVIPIfL2(IP net.IP) error {
 }
 
 func (R *RuleH) RuleVIPSyncToClusterState() {
- for vip := range R.vipMap {
- ip := net.ParseIP(vip)
+ for vip, vipElem := range R.vipMap {
+ ip := vipElem.pVIP
+ if ip == nil {
+ ip = net.ParseIP(vip)
+ }
  if ip != nil {
  R.AdvRuleVIPIfL2(ip)
  }
  }
 }
 
-func (R *RuleH) RuleVIP2PrivIP(vip net.IP) (net.IP, error) {
- if mh.cloudLabel == "aws" {
- return AWSPrivateIpMapper(vip)
+func (r *ruleEnt) RuleVIP2PrivIP() net.IP {
+ if r.privIP == nil || r.privIP.IsUnspecified() {
+ return r.tuples.l3Dst.addr.IP.Mask(r.tuples.l3Dst.addr.Mask)
+ } else {
+ return r.privIP
+ }
+}
+
+func (R *RuleH) AddRuleVIP(VIP net.IP, pVIP net.IP) {
+ vipEnt := R.vipMap[VIP.String()]
+ if vipEnt == nil {
+ vipEnt = new(vipElem)
+ vipEnt.ref = 1
+ vipEnt.pVIP = pVIP
+ R.vipMap[VIP.String()] = vipEnt
+ } else {
+ vipEnt.ref++
+ }
+
+ if vipEnt.ref == 1 {
+ if pVIP == nil {
+ R.AdvRuleVIPIfL2(pVIP)
+ } else {
+ R.AdvRuleVIPIfL2(VIP)
+ }
+ }
+}
+
+func (R *RuleH) DeleteRuleVIP(VIP net.IP) {
+
+ vipEnt := R.vipMap[VIP.String()]
+ if vipEnt != nil {
+ vipEnt.ref--
+ }
+
+ if vipEnt != nil && vipEnt.ref == 0 {
+ xVIP := VIP
+ if vipEnt.pVIP != nil {
+ xVIP = vipEnt.pVIP
+ }
+ if utils.IsIPHostAddr(xVIP.String()) {
+ loxinlp.DelAddrNoHook(xVIP.String()+"/32", "lo")
+ err := CloudUpdatePrivateIP(xVIP, false)
+ if err != nil {
+ tk.LogIt(tk.LogError, "%s: lb-rule vip %s delete failed. err: %v\n", mh.cloudLabel, xVIP.String(), err)
+ }
+ }
+ dev := fmt.Sprintf("llb-rule-%s", xVIP.String())
+ ret, _ := mh.zr.L3.IfaFind(dev, xVIP)
+ if ret == 0 {
+ mh.zr.L3.IfaDelete(dev, xVIP.String()+"/32")
+ }
+ delete(R.vipMap, VIP.String())
  }
- return nil, nil
 }