Orchagent changes in sonic-swss submodule to support NAT feature. (sonic-net#1125)

Signed-off-by: Akhilesh Samineni [email protected]

Author: lguohan

orchagent/Makefile.am

@@ -55,7 +55,8 @@ orchagent_SOURCES = \
             policerorch.cpp \
             sfloworch.cpp \
             chassisorch.cpp \
-            debugcounterorch.cpp
+            debugcounterorch.cpp \
+            natorch.cpp
 
 orchagent_SOURCES += flex_counter/flex_counter_manager.cpp flex_counter/flex_counter_stat_manager.cpp
 orchagent_SOURCES += debug_counter/debug_counter.cpp debug_counter/drop_counter.cpp

orchagent/aclorch.cpp

@@ -65,6 +65,7 @@ static acl_rule_attr_lookup_t aclL3ActionLookup =
 {
     { ACTION_PACKET_ACTION,                    SAI_ACL_ENTRY_ATTR_ACTION_PACKET_ACTION },
     { ACTION_REDIRECT_ACTION,                  SAI_ACL_ENTRY_ATTR_ACTION_REDIRECT },
+    { ACTION_DO_NOT_NAT_ACTION,                SAI_ACL_ENTRY_ATTR_ACTION_NO_NAT },
 };
 
 static acl_rule_attr_lookup_t aclMirrorStageLookup =
@@ -797,6 +798,12 @@ bool AclRuleL3::validateAddAction(string attr_name, string _attr_value)
 
             action_str = ACTION_REDIRECT_ACTION;
         }
+        // handle PACKET_ACTION_DO_NOT_NAT in ACTION_PACKET_ACTION
+        else if (attr_value == PACKET_ACTION_DO_NOT_NAT)
+        {
+            value.aclaction.parameter.booldata = true;
+            action_str = ACTION_DO_NOT_NAT_ACTION;
+        }
         else
         {
             return false;

orchagent/aclorch.h

@@ -63,6 +63,7 @@
 
 #define ACTION_PACKET_ACTION                "PACKET_ACTION"
 #define ACTION_REDIRECT_ACTION              "REDIRECT_ACTION"
+#define ACTION_DO_NOT_NAT_ACTION            "DO_NOT_NAT_ACTION"
 #define ACTION_MIRROR_ACTION                "MIRROR_ACTION"
 #define ACTION_MIRROR_INGRESS_ACTION        "MIRROR_INGRESS_ACTION"
 #define ACTION_MIRROR_EGRESS_ACTION         "MIRROR_EGRESS_ACTION"
@@ -73,9 +74,10 @@
 #define ACTION_DTEL_FLOW_SAMPLE_PERCENT     "FLOW_SAMPLE_PERCENT"
 #define ACTION_DTEL_REPORT_ALL_PACKETS      "REPORT_ALL_PACKETS"
 
-#define PACKET_ACTION_FORWARD   "FORWARD"
-#define PACKET_ACTION_DROP      "DROP"
-#define PACKET_ACTION_REDIRECT  "REDIRECT"
+#define PACKET_ACTION_FORWARD     "FORWARD"
+#define PACKET_ACTION_DROP        "DROP"
+#define PACKET_ACTION_REDIRECT    "REDIRECT"
+#define PACKET_ACTION_DO_NOT_NAT  "DO_NOT_NAT"
 
 #define DTEL_FLOW_OP_NOP        "NOP"
 #define DTEL_FLOW_OP_POSTCARD   "POSTCARD"

orchagent/copporch.cpp

@@ -18,6 +18,7 @@ extern sai_switch_api_t*    sai_switch_api;
 
 extern sai_object_id_t      gSwitchId;
 extern PortsOrch*           gPortsOrch;
+extern bool                 gIsNatSupported;
 
 static map<string, sai_meter_type_t> policer_meter_map = {
     {"packets", SAI_METER_TYPE_PACKETS},
@@ -72,7 +73,9 @@ static map<string, sai_hostif_trap_type_t> trap_id_map = {
     {"ttl_error", SAI_HOSTIF_TRAP_TYPE_TTL_ERROR},
     {"udld", SAI_HOSTIF_TRAP_TYPE_UDLD},
     {"bfd", SAI_HOSTIF_TRAP_TYPE_BFD},
-    {"bfdv6", SAI_HOSTIF_TRAP_TYPE_BFDV6}
+    {"bfdv6", SAI_HOSTIF_TRAP_TYPE_BFDV6},
+    {"src_nat_miss", SAI_HOSTIF_TRAP_TYPE_SNAT_MISS},
+    {"dest_nat_miss", SAI_HOSTIF_TRAP_TYPE_DNAT_MISS}
 };
 
 static map<string, sai_packet_action_t> packet_action_map = {
@@ -189,6 +192,12 @@ void CoppOrch::getTrapIdList(vector<string> &trap_id_name_list, vector<sai_hosti
         SWSS_LOG_DEBUG("processing trap_id:%s", trap_id_str.c_str());
         trap_id = trap_id_map.at(trap_id_str);
         SWSS_LOG_DEBUG("Pushing trap_id:%d", trap_id);
+        if (((trap_id == SAI_HOSTIF_TRAP_TYPE_SNAT_MISS) or (trap_id == SAI_HOSTIF_TRAP_TYPE_DNAT_MISS)) and
+            (gIsNatSupported == false))
+        {
+            SWSS_LOG_NOTICE("Ignoring the trap_id: %s, as NAT is not supported", trap_id_str.c_str());
+            continue;
+        }
         trap_id_list.push_back(trap_id);
     }
 }

orchagent/intfsorch.cpp

@@ -23,12 +23,14 @@ extern Directory<Orch*> gDirectory;
 extern sai_router_interface_api_t*  sai_router_intfs_api;
 extern sai_route_api_t*             sai_route_api;
 extern sai_neighbor_api_t*          sai_neighbor_api;
+extern sai_switch_api_t*            sai_switch_api;
 
 extern sai_object_id_t gSwitchId;
 extern PortsOrch *gPortsOrch;
 extern RouteOrch *gRouteOrch;
 extern CrmOrch *gCrmOrch;
 extern BufferOrch *gBufferOrch;
+extern bool gIsNatSupported;
 
 const int intfsorch_pri = 35;
 
@@ -165,6 +167,35 @@ bool IntfsOrch::setRouterIntfsMtu(const Port &port)
     return true;
 }
 
+bool IntfsOrch::setRouterIntfsNatZoneId(Port &port)
+{
+    SWSS_LOG_ENTER();
+
+    /* Return true if the router interface is not exists */
+    if (!port.m_rif_id)
+    {
+        SWSS_LOG_WARN("Router interface is not exists on %s",
+                      port.m_alias.c_str());
+        return true;
+    }
+
+    sai_attribute_t attr;
+    attr.id = SAI_ROUTER_INTERFACE_ATTR_NAT_ZONE_ID;
+    attr.value.u32 = port.m_nat_zone_id;
+
+    sai_status_t status = sai_router_intfs_api->
+            set_router_interface_attribute(port.m_rif_id, &attr);
+    if (status != SAI_STATUS_SUCCESS)
+    {
+         SWSS_LOG_ERROR("Failed to set router interface %s NAT Zone Id to %u, rv:%d",
+                port.m_alias.c_str(), port.m_nat_zone_id, status);
+        return false;
+    }
+    SWSS_LOG_NOTICE("Set router interface %s NAT Zone Id to %u",
+            port.m_alias.c_str(), port.m_nat_zone_id);
+    return true;
+}
+
 bool IntfsOrch::setRouterIntfsAdminStatus(const Port &port)
 {
     SWSS_LOG_ENTER();
@@ -404,9 +435,11 @@ void IntfsOrch::doTask(Consumer &consumer)
         }
 
         const vector<FieldValueTuple>& data = kfvFieldsValues(t);
-        string vrf_name = "", vnet_name = "";
+        string vrf_name = "", vnet_name = "", nat_zone = "";
         uint32_t mtu;
         bool adminUp;
+        uint32_t nat_zone_id = 0;
+
         for (auto idx : data)
         {
             const auto &field = fvField(idx);
@@ -419,6 +452,19 @@ void IntfsOrch::doTask(Consumer &consumer)
             {
                 vnet_name = value;
             }
+            else if (field == "nat_zone")
+            {
+                try
+                {
+                    nat_zone_id = (uint32_t)stoul(value);
+                }
+                catch (...)
+                {
+                    SWSS_LOG_ERROR("Invalid argument %s for nat zone", value.c_str());
+                    continue;
+                }
+                nat_zone = value;
+            }
             else if (field == "mtu")
             {
                 try
@@ -452,6 +498,10 @@ void IntfsOrch::doTask(Consumer &consumer)
                     }
                 }
             }
+            else if (field == "nat_zone")
+            {
+                nat_zone = value;
+            }
         }
 
         if (alias == "eth0" || alias == "docker0")
@@ -555,6 +605,23 @@ void IntfsOrch::doTask(Consumer &consumer)
                     it++;
                     continue;
                 }
+
+                /* Set nat zone id */
+                if ((!nat_zone.empty()) and (port.m_nat_zone_id != nat_zone_id))
+                {
+                    port.m_nat_zone_id = nat_zone_id;
+
+                    if (gIsNatSupported)
+                    {
+                        setRouterIntfsNatZoneId(port);
+                    }
+                    else
+                    {
+                        SWSS_LOG_NOTICE("Not set router interface %s NAT Zone Id to %u, as NAT is not supported",
+                                        port.m_alias.c_str(), port.m_nat_zone_id);
+                    }
+                    gPortsOrch->setPort(alias, port);
+                }
             }
 
             it = consumer.m_toSync.erase(it);
@@ -739,6 +806,15 @@ bool IntfsOrch::addRouterIntfs(sai_object_id_t vrf_id, Port &port)
     attr.value.u32 = port.m_mtu;
     attrs.push_back(attr);
 
+    if (gIsNatSupported)
+    {
+        attr.id = SAI_ROUTER_INTERFACE_ATTR_NAT_ZONE_ID;
+        attr.value.u32 = port.m_nat_zone_id;
+
+        SWSS_LOG_INFO("Assinging NAT zone id %d to interface %s\n", attr.value.u32, port.m_alias.c_str());
+        attrs.push_back(attr);
+    }
+
     sai_status_t status = sai_router_intfs_api->create_router_interface(&port.m_rif_id, gSwitchId, (uint32_t)attrs.size(), attrs.data());
     if (status != SAI_STATUS_SUCCESS)
     {
@@ -779,6 +855,7 @@ bool IntfsOrch::removeRouterIntfs(Port &port)
 
     port.m_rif_id = 0;
     port.m_vr_id = 0;
+    port.m_nat_zone_id = 0;
     gPortsOrch->setPort(port.m_alias, port);
 
     SWSS_LOG_NOTICE("Remove router interface for port %s", port.m_alias.c_str());

orchagent/intfsorch.h

@@ -40,7 +40,9 @@ class IntfsOrch : public Orch
     void decreaseRouterIntfsRefCount(const string&);
 
     bool setRouterIntfsMtu(const Port &port);
+    bool setRouterIntfsNatZoneId(Port &port);
     bool setRouterIntfsAdminStatus(const Port &port);
+
     std::set<IpPrefix> getSubnetRoutes();
 
     void generateInterfaceMap();

orchagent/main.cpp

@@ -50,6 +50,8 @@ bool gLogRotate = false;
 bool gSaiRedisLogRotate = false;
 bool gSyncMode = false;
 
+extern bool gIsNatSupported;
+
 ofstream gRecordOfs;
 string gRecordFile;
 
@@ -262,6 +264,22 @@ int main(int argc, char **argv)
     gVirtualRouterId = attr.value.oid;
     SWSS_LOG_NOTICE("Get switch virtual router ID %" PRIx64, gVirtualRouterId);
 
+    /* Get the NAT supported info */
+    attr.id = SAI_SWITCH_ATTR_AVAILABLE_SNAT_ENTRY;
+
+    status = sai_switch_api->get_switch_attribute(gSwitchId, 1, &attr);
+    if (status != SAI_STATUS_SUCCESS)
+    {
+        SWSS_LOG_NOTICE("Failed to get the SNAT available entry count, rv:%d", status);
+    }
+    else
+    {
+        if (attr.value.u32 != 0)
+        {
+            gIsNatSupported = true;
+        }
+    }
+
     /* Create a loopback underlay router interface */
     vector<sai_attribute_t> underlay_intf_attrs;