From 8a68617eee1a8a78f8d5c06a67aee40b2e19baac Mon Sep 17 00:00:00 2001
From: Wei Zhou <w.zhou@global.leaseweb.com>
Date: Thu, 19 Nov 2020 17:23:53 +0000
Subject: [PATCH] bugfix #9 vpc vr: Add PREROUTING rule for vm with static nat
 to multiple private gateways

---
 systemvm/debian/opt/cloud/bin/configure.py    | 26 +++++++++++++++----
 systemvm/debian/opt/cloud/bin/cs/CsAddress.py |  3 +++
 2 files changed, 24 insertions(+), 5 deletions(-)

diff --git a/systemvm/debian/opt/cloud/bin/configure.py b/systemvm/debian/opt/cloud/bin/configure.py
index 0f9d6eadf76..be67f403c8b 100755
--- a/systemvm/debian/opt/cloud/bin/configure.py
+++ b/systemvm/debian/opt/cloud/bin/configure.py
@@ -817,6 +817,13 @@ class CsForwardingRules(CsDataBag):
                 return interface.get_gateway()
         return None
 
+    def getPrivateGatewayNetworks(self):
+        interfaces = []
+        for interface in self.config.address().get_interfaces():
+            if interface.is_private_gateway():
+                interfaces.append(interface)
+        return interfaces
+
     def portsToString(self, ports, delimiter):
         ports_parts = ports.split(":", 2)
         if ports_parts[0] == ports_parts[1]:
@@ -948,12 +955,21 @@ class CsForwardingRules(CsDataBag):
         if device is None:
             raise Exception("Ip address %s has no device in the ips databag" % rule["public_ip"])
 
+        chain_name = "PREROUTING-%s-def" % device
         self.fw.append(["mangle", "front",
-                        "-A PREROUTING -s %s/32 -m state --state NEW -j CONNMARK --save-mark --nfmask 0xffffffff --ctmask 0xffffffff" %
-                        rule["internal_ip"]])
-        self.fw.append(["mangle", "front",
-                        "-A PREROUTING -s %s/32 -m state --state NEW -j MARK --set-xmark %s/0xffffffff" %
-                        (rule["internal_ip"], hex(100 + int(device[len("eth"):])))])
+                        "-A PREROUTING -s %s/32 -m state --state NEW -j %s" %
+                        (rule["internal_ip"], chain_name)])
+        self.fw.append(["mangle", "",
+                        "-A %s -j MARK --set-xmark %s/0xffffffff" %
+                        (chain_name, hex(100 + int(device[len("eth"):])))])
+        self.fw.append(["mangle", "",
+                        "-A %s -j CONNMARK --save-mark --nfmask 0xffffffff --ctmask 0xffffffff" %
+                        chain_name])
+        private_gateways = self.getPrivateGatewayNetworks()
+        for private_gw in private_gateways:
+            self.fw.append(["mangle", "front", "-A %s -d %s -j RETURN" %
+                            (chain_name, private_gw.get_network())])
+
         self.fw.append(["nat", "front",
                         "-A PREROUTING -d %s/32 -j DNAT --to-destination %s" % (rule["public_ip"], rule["internal_ip"])])
         self.fw.append(["nat", "front",
diff --git a/systemvm/debian/opt/cloud/bin/cs/CsAddress.py b/systemvm/debian/opt/cloud/bin/cs/CsAddress.py
index 489840028e8..44b69500b4c 100755
--- a/systemvm/debian/opt/cloud/bin/cs/CsAddress.py
+++ b/systemvm/debian/opt/cloud/bin/cs/CsAddress.py
@@ -488,6 +488,9 @@ class CsIP:
             self.fw.append(["mangle", "",
                             "-A PREROUTING -m state --state NEW -i %s -s %s ! -d %s/32 -j ACL_OUTBOUND_%s" %
                             (self.dev, self.address['network'], self.address['gateway'], self.dev)])
+            self.fw.append(["mangle", "front",
+                            "-A PREROUTING -s %s -d %s -m state --state NEW -j MARK --set-xmark %s/0xffffffff" %
+                            (self.cl.get_vpccidr(), self.address['network'], hex(100 + int(self.dev[3:])))])
             if self.address["source_nat"]:
                 self.fw.append(["nat", "front",
                                 "-A POSTROUTING -o %s -j SNAT --to-source %s" %