Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[cfgmgr/natmgrd] added disabling of NAT feature (Azure#1835) #2088

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[cfgmgr/natmgrd] added disabling of NAT feature (Azure#1835) #2088

wants to merge 1 commit into from

Conversation

KonstiantynHalushka
Copy link

Signed-off-by: KonstiantynHalushka Konstiantyn_Halushka@jabil.com

What I did
Added disabling of NAT feature
Why I did it
IP table rule was not removed after config reload (Azure#1835)
How I verified it
sudo config feature state nat enabled
sudo config nat feature enable
sudo iptables -nL -t nat

target prot opt source destination
DNAT all -- 0.0.0.0/0 0.0.0.0/0 to:1.1.1.1 fullcone
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination

sudo config reload
sudo iptables -nL -t nat

Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Details if related

@KonstiantynHalushka
[cfgmgr/natmgrd] added disabling of NAT feature (Azure#1835)
70b01e5 
Signed-off-by: KonstiantynHalushka <Konstiantyn_Halushka@jabil.com>
@KonstiantynHalushka
Copy link
Author

/azpw run

@mssonicbld
Copy link
Collaborator

/AzurePipelines run

@azure-pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@KonstiantynHalushka
Copy link
Author

@prsunny please, review this PR

@prsunny prsunny requested a review from arlakshm January 26, 2022 02:41
@AkhileshSamineni
Copy link
Contributor

@KonstiantynHalushka Please address my comment.

@KonstiantynHalushka
Copy link
Author

@AkhileshSamineni Could you tell me exactly what you mean?

AkhileshSamineni
AkhileshSamineni reviewed May 27, 2022
View reviewed changes
cfgmgr/natmgrd.cpp
@@ -97,6 +97,7 @@ void sigterm_handler(int signo)

natmgr->cleanupMangleIpTables();
natmgr->cleanupPoolIpTable();
natmgr->disableNatFeature();
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@KonstiantynHalushka Instead of "natmgr->disableNatFeature()", calling "natmgr->setFullConeDnatIptablesRule(DELETE);" would be appropriate.
It will clean up the 1.1.1.1 full-cone rule.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AkhileshSamineni AkhileshSamineni AkhileshSamineni left review comments

@prsunny prsunny Awaiting requested review from prsunny prsunny is a code owner

@arlakshm arlakshm Awaiting requested review from arlakshm

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@KonstiantynHalushka @mssonicbld @AkhileshSamineni