projects / mirror_iproute2.git / blame
| Commit | Line | Data |
|---|---|---|
| 1949f82c DA |
1 | /* |
| 2 | * ipvrf.c "ip vrf" | |
| 3 | * | |
| 4 | * This program is free software; you can redistribute it and/or | |
| 5 | * modify it under the terms of the GNU General Public License | |
| 6 | * as published by the Free Software Foundation; either version | |
| 7 | * 2 of the License, or (at your option) any later version. | |
| 8 | * | |
| 9 | * Authors: David Ahern <dsa@cumulusnetworks.com> | |
| 10 | * | |
| 11 | */ | |
| 12 | ||
| 13 | #include <sys/types.h> | |
| 14 | #include <sys/stat.h> | |
| 15 | #include <sys/socket.h> | |
| 16 | #include <sys/mount.h> | |
| 17 | #include <linux/bpf.h> | |
| 18 | #include <linux/if.h> | |
| 19 | #include <fcntl.h> | |
| 20 | #include <stdio.h> | |
| 21 | #include <stdlib.h> | |
| 22 | #include <unistd.h> | |
| 23 | #include <string.h> | |
| 24 | #include <errno.h> | |
| 25 | #include <limits.h> | |
| 26 | ||
| 27 | #include "rt_names.h" | |
| 28 | #include "utils.h" | |
| 29 | #include "ip_common.h" | |
| 30 | #include "bpf_util.h" | |
| 31 | ||
| 32 | #define CGRP_PROC_FILE "/cgroup.procs" | |
| 33 | ||
| 34 | static void usage(void) | |
| 35 | { | |
| 36 | fprintf(stderr, "Usage: ip vrf exec [NAME] cmd ...\n"); | |
| 37 | fprintf(stderr, " ip vrf identify [PID]\n"); | |
| 38 | fprintf(stderr, " ip vrf pids [NAME]\n"); | |
| 39 | ||
| 40 | exit(-1); | |
| 41 | } | |
| 42 | ||
| 43 | static int ipvrf_identify(int argc, char **argv) | |
| 44 | { | |
| 45 | char path[PATH_MAX]; | |
| 46 | char buf[4096]; | |
| 47 | char *vrf, *end; | |
| 48 | int fd, rc = -1; | |
| 49 | unsigned int pid; | |
| 50 | ssize_t n; | |
| 51 | ||
| 52 | if (argc < 1) | |
| 53 | pid = getpid(); | |
| 54 | else if (argc > 1) | |
| 55 | invarg("Extra arguments specified\n", argv[1]); | |
| 56 | else if (get_unsigned(&pid, argv[0], 10)) | |
| 57 | invarg("Invalid pid\n", argv[0]); | |
| 58 | ||
| 59 | snprintf(path, sizeof(path), "/proc/%d/cgroup", pid); | |
| 60 | fd = open(path, O_RDONLY); | |
| 61 | if (fd < 0) { | |
| 62 | fprintf(stderr, | |
| 63 | "Failed to open cgroups file: %s\n", strerror(errno)); | |
| 64 | return -1; | |
| 65 | } | |
| 66 | ||
| 67 | n = read(fd, buf, sizeof(buf) - 1); | |
| 68 | if (n < 0) { | |
| 69 | fprintf(stderr, | |
| 70 | "Failed to read cgroups file: %s\n", strerror(errno)); | |
| 71 | goto out; | |
| 72 | } | |
| 73 | buf[n] = '\0'; | |
| 74 | vrf = strstr(buf, "::/vrf/"); | |
| 75 | if (vrf) { | |
| 76 | vrf += 7; /* skip past "::/vrf/" */ | |
| 77 | end = strchr(vrf, '\n'); | |
| 78 | if (end) | |
| 79 | *end = '\0'; | |
| 80 | ||
| 81 | printf("%s\n", vrf); | |
| 82 | } | |
| 83 | ||
| 84 | rc = 0; | |
| 85 | out: | |
| 86 | close(fd); | |
| 87 | ||
| 88 | return rc; | |
| 89 | } | |
| 90 | ||
| 91 | static int ipvrf_pids(int argc, char **argv) | |
| 92 | { | |
| 93 | char path[PATH_MAX]; | |
| 94 | char buf[4096]; | |
| 95 | char *mnt, *vrf; | |
| 96 | int fd, rc = -1; | |
| 97 | ssize_t n; | |
| 98 | ||
| 99 | if (argc != 1) { | |
| 100 | fprintf(stderr, "Invalid arguments\n"); | |
| 101 | return -1; | |
| 102 | } | |
| 103 | ||
| 104 | vrf = argv[0]; | |
| 105 | ||
| 106 | mnt = find_cgroup2_mount(); | |
| 107 | if (!mnt) | |
| 108 | return -1; | |
| 109 | ||
| 110 | snprintf(path, sizeof(path), "%s/vrf/%s%s", mnt, vrf, CGRP_PROC_FILE); | |
| 111 | free(mnt); | |
| 112 | fd = open(path, O_RDONLY); | |
| 113 | if (fd < 0) | |
| 114 | return 0; /* no cgroup file, nothing to show */ | |
| 115 | ||
| 116 | while (1) { | |
| 117 | n = read(fd, buf, sizeof(buf) - 1); | |
| 118 | if (n < 0) { | |
| 119 | fprintf(stderr, | |
| 120 | "Failed to read cgroups file: %s\n", strerror(errno)); | |
| 121 | break; | |
| 122 | } else if (n == 0) { | |
| 123 | rc = 0; | |
| 124 | break; | |
| 125 | } | |
| 126 | printf("%s", buf); | |
| 127 | } | |
| 128 | ||
| 129 | close(fd); | |
| 130 | ||
| 131 | return rc; | |
| 132 | } | |
| 133 | ||
| 134 | /* load BPF program to set sk_bound_dev_if for sockets */ | |
| 135 | static char bpf_log_buf[256*1024]; | |
| 136 | ||
| 137 | static int prog_load(int idx) | |
| 138 | { | |
| 139 | struct bpf_insn prog[] = { | |
| 140 | BPF_MOV64_REG(BPF_REG_6, BPF_REG_1), | |
| 141 | BPF_MOV64_IMM(BPF_REG_3, idx), | |
| 142 | BPF_MOV64_IMM(BPF_REG_2, offsetof(struct bpf_sock, bound_dev_if)), | |
| 143 | BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_3, offsetof(struct bpf_sock, bound_dev_if)), | |
| 144 | BPF_MOV64_IMM(BPF_REG_0, 1), /* r0 = verdict */ | |
| 145 | BPF_EXIT_INSN(), | |
| 146 | }; | |
| 147 | ||
| 148 | return bpf_prog_load(BPF_PROG_TYPE_CGROUP_SOCK, prog, sizeof(prog), | |
| 149 | "GPL", bpf_log_buf, sizeof(bpf_log_buf)); | |
| 150 | } | |
| 151 | ||
| 152 | static int vrf_configure_cgroup(const char *path, int ifindex) | |
| 153 | { | |
| 154 | int rc = -1, cg_fd, prog_fd = -1; | |
| 155 | ||
| 156 | cg_fd = open(path, O_DIRECTORY | O_RDONLY); | |
| 157 | if (cg_fd < 0) { | |
| 158 | fprintf(stderr, "Failed to open cgroup path: '%s'\n", strerror(errno)); | |
| 159 | goto out; | |
| 160 | } | |
| 161 | ||
| 162 | /* | |
| 163 | * Load bpf program into kernel and attach to cgroup to affect | |
| 164 | * socket creates | |
| 165 | */ | |
| 166 | prog_fd = prog_load(ifindex); | |
| 167 | if (prog_fd < 0) { | |
| 168 | printf("Failed to load BPF prog: '%s'\n", strerror(errno)); | |
| 169 | goto out; | |
| 170 | } | |
| 171 | ||
| 172 | if (bpf_prog_attach_fd(prog_fd, cg_fd, BPF_CGROUP_INET_SOCK_CREATE)) { | |
| 173 | fprintf(stderr, "Failed to attach prog to cgroup: '%s'\n", | |
| 174 | strerror(errno)); | |
| 175 | fprintf(stderr, "Kernel compiled with CGROUP_BPF enabled?\n"); | |
| 176 | goto out; | |
| 177 | } | |
| 178 | ||
| 179 | rc = 0; | |
| 180 | out: | |
| 181 | close(cg_fd); | |
| 182 | close(prog_fd); | |
| 183 | ||
| 184 | return rc; | |
| 185 | } | |
| 186 | ||
| 187 | static int vrf_switch(const char *name) | |
| 188 | { | |
| 189 | char path[PATH_MAX], *mnt, pid[16]; | |
| 190 | int ifindex = name_is_vrf(name); | |
| 191 | bool default_vrf = false; | |
| 192 | int rc = -1, len, fd = -1; | |
| 193 | ||
| 194 | if (!ifindex) { | |
| 195 | if (strcmp(name, "default")) { | |
| 196 | fprintf(stderr, "Invalid VRF name\n"); | |
| 197 | return -1; | |
| 198 | } | |
| 199 | default_vrf = true; | |
| 200 | } | |
| 201 | ||
| 202 | mnt = find_cgroup2_mount(); | |
| 203 | if (!mnt) | |
| 204 | return -1; | |
| 205 | ||
| 206 | /* path to cgroup; make sure buffer has room to cat "/cgroup.procs" | |
| 207 | * to the end of the path | |
| 208 | */ | |
| 209 | len = snprintf(path, sizeof(path) - sizeof(CGRP_PROC_FILE), "%s%s/%s", | |
| 210 | mnt, default_vrf ? "" : "/vrf", name); | |
| 211 | if (len > sizeof(path) - sizeof(CGRP_PROC_FILE)) { | |
| 212 | fprintf(stderr, "Invalid path to cgroup2 mount\n"); | |
| 213 | goto out; | |
| 214 | } | |
| 215 | ||
| 216 | if (make_path(path, 0755)) { | |
| 217 | fprintf(stderr, "Failed to setup vrf cgroup2 directory\n"); | |
| 218 | goto out; | |
| 219 | } | |
| 220 | ||
| 221 | if (!default_vrf && vrf_configure_cgroup(path, ifindex)) | |
| 222 | goto out; | |
| 223 | ||
| 224 | /* | |
| 225 | * write pid to cgroup.procs making process part of cgroup | |
| 226 | */ | |
| 227 | strcat(path, CGRP_PROC_FILE); | |
| 228 | fd = open(path, O_RDWR | O_APPEND); | |
| 229 | if (fd < 0) { | |
| 230 | fprintf(stderr, "Failed to open cgroups.procs file: %s.\n", | |
| 231 | strerror(errno)); | |
| 232 | goto out; | |
| 233 | } | |
| 234 | ||
| 235 | snprintf(pid, sizeof(pid), "%d", getpid()); | |
| 236 | if (write(fd, pid, strlen(pid)) < 0) { | |
| 237 | fprintf(stderr, "Failed to join cgroup\n"); | |
| 238 | goto out; | |
| 239 | } | |
| 240 | ||
| 241 | rc = 0; | |
| 242 | out: | |
| 243 | free(mnt); | |
| 244 | close(fd); | |
| 245 | ||
| 246 | return rc; | |
| 247 | } | |
| 248 | ||
| 249 | static int ipvrf_exec(int argc, char **argv) | |
| 250 | { | |
| 251 | if (argc < 1) { | |
| 252 | fprintf(stderr, "No VRF name specified\n"); | |
| 253 | return -1; | |
| 254 | } | |
| 255 | if (argc < 2) { | |
| 256 | fprintf(stderr, "No command specified\n"); | |
| 257 | return -1; | |
| 258 | } | |
| 259 | ||
| 260 | if (vrf_switch(argv[0])) | |
| 261 | return -1; | |
| 262 | ||
| 263 | return -cmd_exec(argv[1], argv + 1, !!batch_mode); | |
| 264 | } | |
| 265 | ||
| 266 | int do_ipvrf(int argc, char **argv) | |
| 267 | { | |
| 268 | if (argc == 0) { | |
| 269 | fprintf(stderr, "No command given. Try \"ip vrf help\".\n"); | |
| 270 | exit(-1); | |
| 271 | } | |
| 272 | ||
| 273 | if (matches(*argv, "identify") == 0) | |
| 274 | return ipvrf_identify(argc-1, argv+1); | |
| 275 | ||
| 276 | if (matches(*argv, "pids") == 0) | |
| 277 | return ipvrf_pids(argc-1, argv+1); | |
| 278 | ||
| 279 | if (matches(*argv, "exec") == 0) | |
| 280 | return ipvrf_exec(argc-1, argv+1); | |
| 281 | ||
| 282 | if (matches(*argv, "help") == 0) | |
| 283 | usage(); | |
| 284 | ||
| 285 | fprintf(stderr, "Command \"%s\" is unknown, try \"ip vrf help\".\n", | |
| 286 | *argv); | |
| 287 | ||
| 288 | exit(-1); | |
| 289 | } |