pcn-nat: update masquerade rules when attached

The masquerade rules should be updated with the new external IP if they are
enabled when the nat is attached to a cube's port.

This commit also fixes two small problems when creating a nat with the full
configuration in a single operation:
- objects in rule were created after the call to update (segfault)
- masquerade enabled was not taken into consideration

Signed-off-by: Mauricio Vasquez B <mauriciovasquezbernal@gmail.com>

Author: mauriciovasquezbernal

src/services/pcn-nat/src/Nat.cpp

@@ -83,6 +83,12 @@ void Nat::attach() {
     auto temp = get_parent_parameter("ip");
     external_ip_ = temp.substr(1, temp.length() - 2);  // remove qoutes
     logger()->info("external ip is : {}", external_ip_);
+    // if masquerare is enabled we need to update the IP address
+    // TODO: this action should also be performed when the IP address on the
+    // parent changes (it needs the subscription mechanishm)
+    if (rule_->getMasquerade()->getEnabled()) {
+      rule_->getMasquerade()->inject(utils::ip_string_to_be_uint(external_ip_));
+    }
   } catch (...) {
     logger()->warn("External IP not found. Is this enabled on a router?");
   }

src/services/pcn-nat/src/Rule.cpp

@@ -20,11 +20,11 @@
 #include "Nat.h"
 
 Rule::Rule(Nat &parent, const RuleJsonObject &conf) : parent_(parent) {
-  update(conf);
   snat_ = std::make_shared<RuleSnat>(*this);
   dnat_ = std::make_shared<RuleDnat>(*this);
   portforwarding_ = std::make_shared<RulePortForwarding>(*this);
   masquerade_ = std::make_shared<RuleMasquerade>(*this);
+  update(conf);
 }
 
 Rule::~Rule() {

src/services/pcn-nat/src/RuleMasquerade.cpp

@@ -50,14 +50,8 @@ RuleMasqueradeJsonObject RuleMasquerade::toJsonObject() {
   return conf;
 }
 
-RuleMasqueradeEnableOutputJsonObject RuleMasquerade::enable() {
-  RuleMasqueradeEnableOutputJsonObject output;
-  if (enabled) {
-    // Already enabled
-    output.setResult(true);
-    return output;
-  }
-  try {
+bool RuleMasquerade::inject(uint32_t ip) {
+ try {
     // Inject rule in the datapath table
     auto sm_rules = parent_.getParent().get_hash_table<sm_k, sm_v>(
         "sm_rules", 0, ProgramType::EGRESS);
@@ -66,50 +60,75 @@ RuleMasqueradeEnableOutputJsonObject RuleMasquerade::enable() {
     };
 
     sm_v value{
-        .external_ip = utils::ip_string_to_be_uint(
-            parent_.getParent().getExternalIpString()),
+        .external_ip = ip,
         .entry_type = (uint8_t)NattingTableOriginatingRuleEnum::MASQUERADE,
     };
     sm_rules.set(key, value);
-    enabled = true;
+  } catch (std::exception &e) {
+    logger()->error("Error injecting masquerate rule " + std::string(e.what()));
+    return false;
+  }
+
+  return true;
+}
+
+RuleMasqueradeEnableOutputJsonObject RuleMasquerade::enable() {
+  RuleMasqueradeEnableOutputJsonObject output;
+  if (enabled) {
+    // Already enabled
     output.setResult(true);
+    return output;
+  }
+
+  uint32_t ip = 0;
+
+  try {
+    ip = utils::ip_string_to_be_uint(
+                       parent_.getParent().getExternalIpString());
+  } catch(...) {
+    output.setResult(false);
+    return output;
+  }
+
+  bool result = inject(ip);
+  output.setResult(result);
+  if (result) {
+    enabled = true;
     logger()->info("Enabled masquerade: 0.0.0.0 -> {0}",
                    parent_.getParent().getExternalIpString());
-  } catch (std::exception &e) {
-    logger()->info("Could not enable masquerade: " + std::string(e.what()));
-    output.setResult(false);
   }
+
   return output;
 }
+
 RuleMasqueradeDisableOutputJsonObject RuleMasquerade::disable() {
   RuleMasqueradeDisableOutputJsonObject output;
   if (!enabled) {
     // Already disabled
     output.setResult(true);
     return output;
   }
-  try {
-    auto sm_rules = parent_.getParent().get_hash_table<sm_k, sm_v>(
-        "sm_rules", 0, ProgramType::EGRESS);
-    sm_k key{
-        .internal_netmask_len = 0, .internal_ip = 0,
-    };
-
-    sm_rules.remove(key);
 
+  bool result = inject(0);
+  output.setResult(result);
+  if (result) {
     enabled = false;
-    output.setResult(true);
     logger()->info("Disabled masquerade");
-  } catch (std::exception &e) {
-    logger()->info("Could not disable masquerade: " + std::string(e.what()));
-    output.setResult(false);
   }
+
   return output;
 }
 
 void RuleMasquerade::setEnabled(const bool &value) {
+  if (value) {
+    enable();
+  } else {
+    disable();
+  }
+
   enabled = value;
 }
+
 bool RuleMasquerade::getEnabled() {
   return enabled;
 }

src/services/pcn-nat/src/RuleMasquerade.h

@@ -25,6 +25,7 @@ class Rule;
 using namespace io::swagger::server::model;
 
 class RuleMasquerade : public RuleMasqueradeInterface {
+  friend class Nat;
  public:
   RuleMasquerade(Rule &parent);
   RuleMasquerade(Rule &parent, const RuleMasqueradeJsonObject &conf);
@@ -41,6 +42,7 @@ class RuleMasquerade : public RuleMasqueradeInterface {
   void setEnabled(const bool &value) override;
 
  private:
+  bool inject(uint32_t ip); // injects the rule in datapath
   Rule &parent_;
   bool enabled;
 };