From 4eabb4a9abb36acc24df3e6237727aaf0f3525a3 Mon Sep 17 00:00:00 2001
From: QxBytes <alexanderlew@microsoft.com>
Date: Mon, 23 Oct 2023 12:12:19 -0700
Subject: [PATCH 1/9] Enable ipv4 forwarding on network creation

---
 network/network_linux.go                   |  5 +++++
 network/networkutils/networkutils_linux.go | 12 ++++++++++++
 2 files changed, 17 insertions(+)

diff --git a/network/network_linux.go b/network/network_linux.go
index 73dd394ad4..62d9734d5e 100644
--- a/network/network_linux.go
+++ b/network/network_linux.go
@@ -93,6 +93,11 @@ func (nm *networkManager) newNetworkImpl(nwInfo *NetworkInfo, extIf *externalInt
 	case opModeTransparentVlan:
 		logger.Info("Transparent vlan mode")
 		ifName = extIf.Name
+		nu := networkutils.NewNetworkUtils(nm.netlink, nm.plClient)
+		if err := nu.EnableIPV4Forwarding(); err != nil {
+			return nil, fmt.Errorf("Ipv4 forwarding failed: %w", err)
+		}
+		logger.Info("Ipv4 forwarding enabled")
 	default:
 		return nil, errNetworkModeInvalid
 	}
diff --git a/network/networkutils/networkutils_linux.go b/network/networkutils/networkutils_linux.go
index 1555687ba2..3f59677029 100644
--- a/network/networkutils/networkutils_linux.go
+++ b/network/networkutils/networkutils_linux.go
@@ -34,6 +34,7 @@ const (
 	enableIPForwardCmd   = "sysctl -w net.ipv4.ip_forward=1"
 	toggleIPV6Cmd        = "sysctl -w net.ipv6.conf.all.disable_ipv6=%d"
 	enableIPV6ForwardCmd = "sysctl -w net.ipv6.conf.all.forwarding=1"
+	enableIPV4ForwardCmd = "sysctl -w net.ipv4.conf.all.forwarding=1"
 	disableRACmd         = "sysctl -w net.ipv6.conf.%s.accept_ra=0"
 	acceptRAV6File       = "/proc/sys/net/ipv6/conf/%s/accept_ra"
 )
@@ -220,6 +221,17 @@ func (nu NetworkUtils) EnableIPForwarding(ifName string) error {
 	return nil
 }
 
+func (nu NetworkUtils) EnableIPV4Forwarding() error {
+	cmd := fmt.Sprint(enableIPV4ForwardCmd)
+	_, err := nu.plClient.ExecuteCommand(cmd)
+	if err != nil {
+		logger.Error("Enable ipv4 forwarding failed with", zap.Error(err))
+		return err
+	}
+
+	return nil
+}
+
 func (nu NetworkUtils) EnableIPV6Forwarding() error {
 	cmd := fmt.Sprint(enableIPV6ForwardCmd)
 	_, err := nu.plClient.ExecuteCommand(cmd)

From 07b1e98b1284a2c5ba9da25e04385dfa107752b0 Mon Sep 17 00:00:00 2001
From: QxBytes <alexanderlew@microsoft.com>
Date: Mon, 23 Oct 2023 13:07:39 -0700
Subject: [PATCH 2/9] Add multitenancy transparent vlan conflist to dropgz

---
 dropgz/build/cniTest_linux.Dockerfile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/dropgz/build/cniTest_linux.Dockerfile b/dropgz/build/cniTest_linux.Dockerfile
index b92b993c84..89788fd7bb 100644
--- a/dropgz/build/cniTest_linux.Dockerfile
+++ b/dropgz/build/cniTest_linux.Dockerfile
@@ -20,6 +20,7 @@ COPY --from=azure-ipam /azure-ipam/*.conflist pkg/embed/fs
 COPY --from=azure-ipam /azure-ipam/bin/* pkg/embed/fs
 COPY --from=azure-vnet /azure-container-networking/cni/azure-$OS.conflist pkg/embed/fs/azure.conflist
 COPY --from=azure-vnet /azure-container-networking/cni/azure-$OS-swift.conflist pkg/embed/fs/azure-swift.conflist
+COPY --from=azure-vnet /azure-container-networking/cni/azure-$OS-multitenancy-transparent-vlan.conflist pkg/embed/fs/azure-multitenancy-transparent-vlan.conflist
 COPY --from=azure-vnet /azure-container-networking/cni/azure-$OS-swift-overlay.conflist pkg/embed/fs/azure-swift-overlay.conflist
 COPY --from=azure-vnet /azure-container-networking/cni/azure-$OS-swift-overlay-dualstack.conflist pkg/embed/fs/azure-swift-overlay-dualstack.conflist
 COPY --from=azure-vnet /azure-container-networking/bin/* pkg/embed/fs

From 8989dedc2ed420642287d5de4664d3286f4dc9d6 Mon Sep 17 00:00:00 2001
From: QxBytes <alexanderlew@microsoft.com>
Date: Mon, 23 Oct 2023 16:03:42 -0700
Subject: [PATCH 3/9] Test if applying fix each time works

---
 network/transparent_vlan_endpointclient_linux.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/network/transparent_vlan_endpointclient_linux.go b/network/transparent_vlan_endpointclient_linux.go
index 795832a8ce..f321475b65 100644
--- a/network/transparent_vlan_endpointclient_linux.go
+++ b/network/transparent_vlan_endpointclient_linux.go
@@ -308,6 +308,9 @@ func (client *TransparentVlanEndpointClient) PopulateVnet(epInfo *EndpointInfo)
 	if err != nil {
 		return errors.Wrap(err, "transparent vlan failed to disable rp filter vlan interface in vnet")
 	}
+	if err := client.netUtilsClient.EnableIPV4Forwarding(); err != nil {
+		return errors.Wrap(err, "transparent vlan failed to enable ipv4 forwarding in vnet namespace")
+	}
 	return nil
 }
 

From cb7fc23171998373c8194970bf272fe6bed9cc6a Mon Sep 17 00:00:00 2001
From: QxBytes <alexanderlew@microsoft.com>
Date: Fri, 27 Oct 2023 11:33:23 -0700
Subject: [PATCH 4/9] Address linter issues

---
 network/networkutils/networkutils_linux.go | 10 ++--------
 1 file changed, 2 insertions(+), 8 deletions(-)

diff --git a/network/networkutils/networkutils_linux.go b/network/networkutils/networkutils_linux.go
index 3f59677029..e63f90a0f6 100644
--- a/network/networkutils/networkutils_linux.go
+++ b/network/networkutils/networkutils_linux.go
@@ -222,14 +222,8 @@ func (nu NetworkUtils) EnableIPForwarding(ifName string) error {
 }
 
 func (nu NetworkUtils) EnableIPV4Forwarding() error {
-	cmd := fmt.Sprint(enableIPV4ForwardCmd)
-	_, err := nu.plClient.ExecuteCommand(cmd)
-	if err != nil {
-		logger.Error("Enable ipv4 forwarding failed with", zap.Error(err))
-		return err
-	}
-
-	return nil
+	_, err := nu.plClient.ExecuteCommand(enableIPV4ForwardCmd)
+	return errors.Wrap(err, "enable ipv4 forwarding failed")
 }
 
 func (nu NetworkUtils) EnableIPV6Forwarding() error {

From b1970685bd81d0ef6b568ed2b58dec942cadd3cf Mon Sep 17 00:00:00 2001
From: QxBytes <alexanderlew@microsoft.com>
Date: Mon, 30 Oct 2023 13:06:49 -0700
Subject: [PATCH 5/9] Revert "Test if applying fix each time works"

This reverts commit 8989dedc2ed420642287d5de4664d3286f4dc9d6.
---
 network/transparent_vlan_endpointclient_linux.go | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/network/transparent_vlan_endpointclient_linux.go b/network/transparent_vlan_endpointclient_linux.go
index f321475b65..795832a8ce 100644
--- a/network/transparent_vlan_endpointclient_linux.go
+++ b/network/transparent_vlan_endpointclient_linux.go
@@ -308,9 +308,6 @@ func (client *TransparentVlanEndpointClient) PopulateVnet(epInfo *EndpointInfo)
 	if err != nil {
 		return errors.Wrap(err, "transparent vlan failed to disable rp filter vlan interface in vnet")
 	}
-	if err := client.netUtilsClient.EnableIPV4Forwarding(); err != nil {
-		return errors.Wrap(err, "transparent vlan failed to enable ipv4 forwarding in vnet namespace")
-	}
 	return nil
 }
 

From 65d703edd9ae486bf93b1bdddd89110d95adc0e7 Mon Sep 17 00:00:00 2001
From: QxBytes <alexanderlew@microsoft.com>
Date: Tue, 31 Oct 2023 10:03:10 -0700
Subject: [PATCH 6/9] Remove overlap in adding dropgz conflist

---
 dropgz/build/cniTest_linux.Dockerfile | 1 -
 1 file changed, 1 deletion(-)

diff --git a/dropgz/build/cniTest_linux.Dockerfile b/dropgz/build/cniTest_linux.Dockerfile
index 89788fd7bb..b92b993c84 100644
--- a/dropgz/build/cniTest_linux.Dockerfile
+++ b/dropgz/build/cniTest_linux.Dockerfile
@@ -20,7 +20,6 @@ COPY --from=azure-ipam /azure-ipam/*.conflist pkg/embed/fs
 COPY --from=azure-ipam /azure-ipam/bin/* pkg/embed/fs
 COPY --from=azure-vnet /azure-container-networking/cni/azure-$OS.conflist pkg/embed/fs/azure.conflist
 COPY --from=azure-vnet /azure-container-networking/cni/azure-$OS-swift.conflist pkg/embed/fs/azure-swift.conflist
-COPY --from=azure-vnet /azure-container-networking/cni/azure-$OS-multitenancy-transparent-vlan.conflist pkg/embed/fs/azure-multitenancy-transparent-vlan.conflist
 COPY --from=azure-vnet /azure-container-networking/cni/azure-$OS-swift-overlay.conflist pkg/embed/fs/azure-swift-overlay.conflist
 COPY --from=azure-vnet /azure-container-networking/cni/azure-$OS-swift-overlay-dualstack.conflist pkg/embed/fs/azure-swift-overlay-dualstack.conflist
 COPY --from=azure-vnet /azure-container-networking/bin/* pkg/embed/fs

From c147e1b7dd4bf465c2011e2a90512a0c9aedb9f6 Mon Sep 17 00:00:00 2001
From: QxBytes <alexanderlew@microsoft.com>
Date: Wed, 1 Nov 2023 16:23:36 -0700
Subject: [PATCH 7/9] Add unit test if forwarding fails

---
 network/network_test.go | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/network/network_test.go b/network/network_test.go
index 7bd353577c..37fdcd8605 100644
--- a/network/network_test.go
+++ b/network/network_test.go
@@ -181,6 +181,26 @@ var _ = Describe("Test Network", func() {
 				Expect(nw.Id).To(Equal(nwInfo.Id))
 			})
 		})
+
+		Context("When we cannot enable ipv4 forwarding", func() {
+			It("Should error when ipv4 forwarding failed", func() {
+				nm := &networkManager{
+					ExternalInterfaces: map[string]*externalInterface{},
+					plClient:           platform.NewMockExecClient(true),
+				}
+				nm.ExternalInterfaces["eth0"] = &externalInterface{
+					Networks: map[string]*network{},
+				}
+				nwInfo := &NetworkInfo{
+					Id:           "nw",
+					MasterIfName: "eth0",
+					Mode:         opModeTransparentVlan,
+				}
+				nw, err := nm.newNetwork(nwInfo)
+				Expect(err).To(MatchError(platform.ErrMockExec))
+				Expect(nw).To(BeNil())
+			})
+		})
 	})
 
 	Describe("Test deleteNetwork", func() {

From 721848bb710641cabcfc894fdf1b146cce7431b3 Mon Sep 17 00:00:00 2001
From: QxBytes <alexanderlew@microsoft.com>
Date: Thu, 2 Nov 2023 11:44:32 -0700
Subject: [PATCH 8/9] Make error handling consistent with ipv6 forwarding

---
 network/networkutils/networkutils_linux.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/network/networkutils/networkutils_linux.go b/network/networkutils/networkutils_linux.go
index e63f90a0f6..ac54372ebd 100644
--- a/network/networkutils/networkutils_linux.go
+++ b/network/networkutils/networkutils_linux.go
@@ -223,7 +223,12 @@ func (nu NetworkUtils) EnableIPForwarding(ifName string) error {
 
 func (nu NetworkUtils) EnableIPV4Forwarding() error {
 	_, err := nu.plClient.ExecuteCommand(enableIPV4ForwardCmd)
-	return errors.Wrap(err, "enable ipv4 forwarding failed")
+	if err != nil {
+		logger.Error("Enable ipv4 forwarding failed with", zap.Error(err))
+		return err
+	}
+
+	return nil
 }
 
 func (nu NetworkUtils) EnableIPV6Forwarding() error {

From 8e6b09493c8739d673717199ef73c04f05e48d4c Mon Sep 17 00:00:00 2001
From: QxBytes <alexanderlew@microsoft.com>
Date: Thu, 2 Nov 2023 11:53:55 -0700
Subject: [PATCH 9/9] Address linter issue

---
 network/networkutils/networkutils_linux.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/network/networkutils/networkutils_linux.go b/network/networkutils/networkutils_linux.go
index ac54372ebd..c6b94ddb2e 100644
--- a/network/networkutils/networkutils_linux.go
+++ b/network/networkutils/networkutils_linux.go
@@ -225,7 +225,7 @@ func (nu NetworkUtils) EnableIPV4Forwarding() error {
 	_, err := nu.plClient.ExecuteCommand(enableIPV4ForwardCmd)
 	if err != nil {
 		logger.Error("Enable ipv4 forwarding failed with", zap.Error(err))
-		return err
+		return errors.Wrap(err, "enable ipv4 forwarding failed")
 	}
 
 	return nil