Fix private gateway acl on static routes

[vishesh92]

Description

This PR fixes #9837

Types of changes

• Breaking change (fix or feature that would cause existing functionality to change)
• New feature (non-breaking change which adds functionality)
• Bug fix (non-breaking change which fixes an issue)
• Enhancement (improves an existing feature and functionality)
• Cleanup (Code refactoring and cleanup, that may add test cases)
• build/CI
• test (unit or integration test code)

Feature/Enhancement Scale or Bug Severity

Feature/Enhancement Scale

• Major
• Minor

Bug Severity

• BLOCKER
• Critical
• Major
• Minor
• Trivial

Screenshots (if appropriate):

How Has This Been Tested?

How did you try to break this feature and the system with this change?

[vishesh92]

@blueorangutan package

[blueorangutan]

@vishesh92 a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 15.15%. Comparing base (90c960e) to head (77fb01c).
Report is 1 commits behind head on 4.19.

Additional details and impacted files

@@             Coverage Diff              @@
##               4.19   #10262      +/-   ##
============================================
- Coverage     15.16%   15.15%   -0.01%     
- Complexity    11314    11318       +4     
============================================
  Files          5409     5409              
  Lines        474473   474663     +190     
  Branches      57876    57903      +27     
============================================
+ Hits          71947    71952       +5     
- Misses       394482   394666     +184     
- Partials       8044     8045       +1     

Flag	Coverage Δ
uitests	4.29% <ø> (ø)
unittests	15.88% <ø> (-0.01%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[blueorangutan]

Packaging result [SF]: ✖️ el8 ✖️ el9 ✖️ debian ✖️ suse15. SL-JID 12197

[weizhouapache]

@blueorangutan package

[blueorangutan]

@weizhouapache a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 12199

[vishesh92]

@blueorangutan test

[blueorangutan]

@vishesh92 a [SL] Trillian-Jenkins test job (ol8 mgmt + kvm-ol8) has been kicked to run smoke tests

[weizhouapache]

iptables rules for ingress look good

-A FORWARD -d 10.200.0.0/24 -o eth2 -j ACL_INBOUND_eth2
-A FORWARD -d xx.xx.80.0/24 -o eth2 -j ACL_INBOUND_eth2
-A FORWARD -d xx.xx.81.0/24 -o eth2 -j ACL_INBOUND_eth2

however, the rules for egress seem wrong

-A PREROUTING -s 10.200.0.0/24 ! -d 10.200.0.1/32 -i eth2 -m state --state NEW -j ACL_OUTBOUND_eth2
-A PREROUTING -s 10.200.0.0/24 ! -d xx.xx.80.0/24 -i eth2 -m state --state NEW -j ACL_OUTBOUND_eth2
-A PREROUTING -s 10.200.0.0/24 ! -d xx.xx.81.0/24 -i eth2 -m state --state NEW -j ACL_OUTBOUND_eth2

I think it should be like

-A PREROUTING -s 10.200.0.0/24 ! -d 10.200.0.4/32 -i eth2 -m state --state NEW -j ACL_OUTBOUND_eth2
-A PREROUTING -s xx.xx.80.0/24 ! -d 10.200.0.4/32 -i eth2 -m state --state NEW -j ACL_OUTBOUND_eth2
-A PREROUTING -s xx.xx.81.0/24 ! -d 10.200.0.4/32 -i eth2 -m state --state NEW -j ACL_OUTBOUND_eth2

note:
in my testing, private gatway ip is 10.200.0.4, gateway is 10.200.0.1

[blueorangutan]

[SF] Trillian test result (tid-12183)
Environment: kvm-ol8 (x2), Advanced Networking with Mgmt server ol8
Total time taken: 41690 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr10262-t12183-kvm-ol8.zip
Smoke tests completed. 133 look OK, 0 have errors, 0 did not run
Only failed and skipped tests results shown below:

Test	Result	Time (s)	Test File

[vishesh92]

@blueorangutan package

[blueorangutan]

@vishesh92 a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 12216

[weizhouapache]

@vishesh92
I added a commit to #10268
8d3468e

similar change might be needed

[weizhouapache]

@blueorangutan package

[blueorangutan]

@weizhouapache a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result [SF]: ✖️ el8 ✖️ el9 ✖️ debian ✖️ suse15. SL-JID 12359

[weizhouapache]

@blueorangutan package

[blueorangutan]

@weizhouapache a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 12362

[weizhouapache]

@blueorangutan test

[blueorangutan]

@weizhouapache a [SL] Trillian-Jenkins test job (ol8 mgmt + kvm-ol8) has been kicked to run smoke tests

[blueorangutan]

[SF] Trillian Build Failed (tid-12330)

[blueorangutan]

[LL] Trillian Build Failed (tid-7084)