]>
Commit | Line | Data |
---|---|---|
b72ede27 FL |
1 | /* |
2 | * VRF functions. | |
3 | * Copyright (C) 2014 6WIND S.A. | |
4 | * | |
5 | * This file is part of GNU Zebra. | |
6 | * | |
7 | * GNU Zebra is free software; you can redistribute it and/or modify | |
8 | * it under the terms of the GNU General Public License as published | |
9 | * by the Free Software Foundation; either version 2, or (at your | |
10 | * option) any later version. | |
11 | * | |
12 | * GNU Zebra is distributed in the hope that it will be useful, but | |
13 | * WITHOUT ANY WARRANTY; without even the implied warranty of | |
14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
15 | * General Public License for more details. | |
16 | * | |
896014f4 DL |
17 | * You should have received a copy of the GNU General Public License along |
18 | * with this program; see the file COPYING; if not, write to the Free Software | |
19 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA | |
b72ede27 FL |
20 | */ |
21 | ||
22 | #include <zebra.h> | |
23 | ||
4691b65a PG |
24 | /* for basename */ |
25 | #include <libgen.h> | |
26 | ||
6a69b354 | 27 | #include "if.h" |
b72ede27 | 28 | #include "vrf.h" |
7922fc65 | 29 | #include "vrf_int.h" |
b72ede27 FL |
30 | #include "prefix.h" |
31 | #include "table.h" | |
32 | #include "log.h" | |
33 | #include "memory.h" | |
19dc275e | 34 | #include "command.h" |
b95c1883 | 35 | #include "ns.h" |
3bc34908 | 36 | #include "privs.h" |
98cbbaea | 37 | #include "nexthop_group.h" |
19dc275e | 38 | |
ec31f30d PG |
39 | /* default VRF ID value used when VRF backend is not NETNS */ |
40 | #define VRF_DEFAULT_INTERNAL 0 | |
41 | ||
d62a17ae | 42 | DEFINE_MTYPE_STATIC(LIB, VRF, "VRF") |
4a1ab8e4 DL |
43 | DEFINE_MTYPE_STATIC(LIB, VRF_BITMAP, "VRF bit-map") |
44 | ||
e80e7cce DL |
45 | DEFINE_QOBJ_TYPE(vrf) |
46 | ||
d62a17ae | 47 | static __inline int vrf_id_compare(const struct vrf *, const struct vrf *); |
48 | static __inline int vrf_name_compare(const struct vrf *, const struct vrf *); | |
1a1a7065 | 49 | |
d62a17ae | 50 | RB_GENERATE(vrf_id_head, vrf, id_entry, vrf_id_compare); |
51 | RB_GENERATE(vrf_name_head, vrf, name_entry, vrf_name_compare); | |
1a1a7065 | 52 | |
d62a17ae | 53 | struct vrf_id_head vrfs_by_id = RB_INITIALIZER(&vrfs_by_id); |
54 | struct vrf_name_head vrfs_by_name = RB_INITIALIZER(&vrfs_by_name); | |
1a1a7065 | 55 | |
78dd30b2 | 56 | static int vrf_backend; |
3bc34908 | 57 | static struct zebra_privs_t *vrf_daemon_privs; |
78dd30b2 | 58 | |
19dc275e DS |
59 | /* |
60 | * Turn on/off debug code | |
61 | * for vrf. | |
62 | */ | |
63 | int debug_vrf = 0; | |
b72ede27 | 64 | |
b72ede27 | 65 | /* Holding VRF hooks */ |
d62a17ae | 66 | struct vrf_master { |
67 | int (*vrf_new_hook)(struct vrf *); | |
68 | int (*vrf_delete_hook)(struct vrf *); | |
69 | int (*vrf_enable_hook)(struct vrf *); | |
70 | int (*vrf_disable_hook)(struct vrf *); | |
71 | } vrf_master = { | |
72 | 0, | |
73 | }; | |
b72ede27 | 74 | |
d62a17ae | 75 | static int vrf_is_enabled(struct vrf *vrf); |
e5bf3e1e | 76 | |
216b18ef | 77 | /* VRF list existance check by name. */ |
d62a17ae | 78 | struct vrf *vrf_lookup_by_name(const char *name) |
216b18ef | 79 | { |
d62a17ae | 80 | struct vrf vrf; |
81 | strlcpy(vrf.name, name, sizeof(vrf.name)); | |
82 | return (RB_FIND(vrf_name_head, &vrfs_by_name, &vrf)); | |
216b18ef | 83 | } |
216b18ef | 84 | |
d62a17ae | 85 | static __inline int vrf_id_compare(const struct vrf *a, const struct vrf *b) |
b72ede27 | 86 | { |
d62a17ae | 87 | return (a->vrf_id - b->vrf_id); |
216b18ef DS |
88 | } |
89 | ||
d62a17ae | 90 | static int vrf_name_compare(const struct vrf *a, const struct vrf *b) |
b72ede27 | 91 | { |
d62a17ae | 92 | return strcmp(a->name, b->name); |
b72ede27 FL |
93 | } |
94 | ||
e26aedbe PG |
95 | /* if ns_id is different and not VRF_UNKNOWN, |
96 | * then update vrf identifier, and enable VRF | |
97 | */ | |
98 | static void vrf_update_vrf_id(ns_id_t ns_id, void *opaqueptr) | |
99 | { | |
100 | ns_id_t vrf_id = (vrf_id_t)ns_id; | |
101 | vrf_id_t old_vrf_id; | |
102 | struct vrf *vrf = (struct vrf *)opaqueptr; | |
103 | ||
104 | if (!vrf) | |
105 | return; | |
106 | old_vrf_id = vrf->vrf_id; | |
107 | if (vrf_id == vrf->vrf_id) | |
108 | return; | |
109 | if (vrf->vrf_id != VRF_UNKNOWN) | |
110 | RB_REMOVE(vrf_id_head, &vrfs_by_id, vrf); | |
111 | vrf->vrf_id = vrf_id; | |
112 | RB_INSERT(vrf_id_head, &vrfs_by_id, vrf); | |
113 | if (old_vrf_id == VRF_UNKNOWN) | |
114 | vrf_enable((struct vrf *)vrf); | |
115 | } | |
116 | ||
ce1be369 PG |
117 | int vrf_switch_to_netns(vrf_id_t vrf_id) |
118 | { | |
119 | char *name; | |
120 | struct vrf *vrf = vrf_lookup_by_id(vrf_id); | |
121 | ||
ce1be369 | 122 | /* VRF is default VRF. silently ignore */ |
e26aedbe PG |
123 | if (!vrf || vrf->vrf_id == VRF_DEFAULT) |
124 | return 0; | |
125 | /* VRF has no NETNS backend. silently ignore */ | |
126 | if (vrf->data.l.netns_name[0] == '\0') | |
ce1be369 PG |
127 | return 0; |
128 | name = ns_netns_pathname(NULL, vrf->data.l.netns_name); | |
129 | if (debug_vrf) | |
130 | zlog_debug("VRF_SWITCH: %s(%u)", name, vrf->vrf_id); | |
131 | return ns_switch_to_netns(name); | |
132 | } | |
133 | ||
134 | int vrf_switchback_to_initial(void) | |
135 | { | |
136 | int ret = ns_switchback_to_initial(); | |
137 | ||
138 | if (ret == 0 && debug_vrf) | |
139 | zlog_debug("VRF_SWITCHBACK"); | |
140 | return ret; | |
141 | } | |
142 | ||
216b18ef | 143 | /* Get a VRF. If not found, create one. |
34f8e6af DS |
144 | * Arg: |
145 | * name - The name of the vrf. May be NULL if unknown. | |
146 | * vrf_id - The vrf_id of the vrf. May be VRF_UNKNOWN if unknown | |
216b18ef | 147 | * Description: Please note that this routine can be called with just the name |
34f8e6af DS |
148 | * and 0 vrf-id |
149 | */ | |
d62a17ae | 150 | struct vrf *vrf_get(vrf_id_t vrf_id, const char *name) |
151 | { | |
152 | struct vrf *vrf = NULL; | |
153 | int new = 0; | |
154 | ||
155 | if (debug_vrf) | |
996c9314 LB |
156 | zlog_debug("VRF_GET: %s(%u)", name == NULL ? "(NULL)" : name, |
157 | vrf_id); | |
d62a17ae | 158 | |
159 | /* Nothing to see, move along here */ | |
160 | if (!name && vrf_id == VRF_UNKNOWN) | |
161 | return NULL; | |
162 | ||
0c2bac38 PG |
163 | /* attempt to find already available VRF |
164 | */ | |
165 | if (name) | |
166 | vrf = vrf_lookup_by_name(name); | |
d62a17ae | 167 | /* Try to find VRF both by ID and name */ |
0c2bac38 | 168 | if (!vrf && vrf_id != VRF_UNKNOWN) |
d62a17ae | 169 | vrf = vrf_lookup_by_id(vrf_id); |
d62a17ae | 170 | |
171 | if (vrf == NULL) { | |
172 | vrf = XCALLOC(MTYPE_VRF, sizeof(struct vrf)); | |
173 | vrf->vrf_id = VRF_UNKNOWN; | |
d62a17ae | 174 | QOBJ_REG(vrf, vrf); |
175 | new = 1; | |
176 | ||
177 | if (debug_vrf) | |
178 | zlog_debug("VRF(%u) %s is created.", vrf_id, | |
179 | (name) ? name : "(NULL)"); | |
180 | } | |
181 | ||
182 | /* Set identifier */ | |
183 | if (vrf_id != VRF_UNKNOWN && vrf->vrf_id == VRF_UNKNOWN) { | |
184 | vrf->vrf_id = vrf_id; | |
185 | RB_INSERT(vrf_id_head, &vrfs_by_id, vrf); | |
186 | } | |
187 | ||
188 | /* Set name */ | |
189 | if (name && vrf->name[0] != '\0' && strcmp(name, vrf->name)) { | |
190 | RB_REMOVE(vrf_name_head, &vrfs_by_name, vrf); | |
191 | strlcpy(vrf->name, name, sizeof(vrf->name)); | |
192 | RB_INSERT(vrf_name_head, &vrfs_by_name, vrf); | |
193 | } else if (name && vrf->name[0] == '\0') { | |
194 | strlcpy(vrf->name, name, sizeof(vrf->name)); | |
195 | RB_INSERT(vrf_name_head, &vrfs_by_name, vrf); | |
196 | } | |
d62a17ae | 197 | if (new &&vrf_master.vrf_new_hook) |
198 | (*vrf_master.vrf_new_hook)(vrf); | |
199 | ||
200 | return vrf; | |
b72ede27 FL |
201 | } |
202 | ||
84915b0a | 203 | /* Delete a VRF. This is called when the underlying VRF goes away, a |
204 | * pre-configured VRF is deleted or when shutting down (vrf_terminate()). | |
205 | */ | |
d62a17ae | 206 | void vrf_delete(struct vrf *vrf) |
b72ede27 | 207 | { |
d62a17ae | 208 | if (debug_vrf) |
209 | zlog_debug("VRF %u is to be deleted.", vrf->vrf_id); | |
b72ede27 | 210 | |
d62a17ae | 211 | if (vrf_is_enabled(vrf)) |
212 | vrf_disable(vrf); | |
e5bf3e1e | 213 | |
84915b0a | 214 | /* If the VRF is user configured, it'll stick around, just remove |
215 | * the ID mapping. Interfaces assigned to this VRF should've been | |
216 | * removed already as part of the VRF going down. | |
217 | */ | |
218 | if (vrf_is_user_cfged(vrf)) { | |
219 | if (vrf->vrf_id != VRF_UNKNOWN) { | |
220 | /* Delete any VRF interfaces - should be only | |
221 | * the VRF itself, other interfaces should've | |
222 | * been moved out of the VRF. | |
223 | */ | |
224 | if_terminate(vrf); | |
225 | RB_REMOVE(vrf_id_head, &vrfs_by_id, vrf); | |
226 | vrf->vrf_id = VRF_UNKNOWN; | |
227 | } | |
228 | return; | |
229 | } | |
230 | ||
d62a17ae | 231 | if (vrf_master.vrf_delete_hook) |
232 | (*vrf_master.vrf_delete_hook)(vrf); | |
216b18ef | 233 | |
d62a17ae | 234 | QOBJ_UNREG(vrf); |
f4e14fdb | 235 | if_terminate(vrf); |
b72ede27 | 236 | |
d62a17ae | 237 | if (vrf->vrf_id != VRF_UNKNOWN) |
238 | RB_REMOVE(vrf_id_head, &vrfs_by_id, vrf); | |
239 | if (vrf->name[0] != '\0') | |
240 | RB_REMOVE(vrf_name_head, &vrfs_by_name, vrf); | |
b72ede27 | 241 | |
d62a17ae | 242 | XFREE(MTYPE_VRF, vrf); |
b72ede27 FL |
243 | } |
244 | ||
245 | /* Look up a VRF by identifier. */ | |
d62a17ae | 246 | struct vrf *vrf_lookup_by_id(vrf_id_t vrf_id) |
b72ede27 | 247 | { |
d62a17ae | 248 | struct vrf vrf; |
249 | vrf.vrf_id = vrf_id; | |
250 | return (RB_FIND(vrf_id_head, &vrfs_by_id, &vrf)); | |
b72ede27 FL |
251 | } |
252 | ||
e5bf3e1e FL |
253 | /* |
254 | * Enable a VRF - that is, let the VRF be ready to use. | |
255 | * The VRF_ENABLE_HOOK callback will be called to inform | |
256 | * that they can allocate resources in this VRF. | |
257 | * | |
258 | * RETURN: 1 - enabled successfully; otherwise, 0. | |
259 | */ | |
d62a17ae | 260 | int vrf_enable(struct vrf *vrf) |
e5bf3e1e | 261 | { |
d62a17ae | 262 | if (vrf_is_enabled(vrf)) |
263 | return 1; | |
05e8e11e | 264 | |
d62a17ae | 265 | if (debug_vrf) |
266 | zlog_debug("VRF %u is enabled.", vrf->vrf_id); | |
e5bf3e1e | 267 | |
d62a17ae | 268 | SET_FLAG(vrf->status, VRF_ACTIVE); |
e5bf3e1e | 269 | |
d62a17ae | 270 | if (vrf_master.vrf_enable_hook) |
271 | (*vrf_master.vrf_enable_hook)(vrf); | |
e5bf3e1e | 272 | |
98cbbaea DS |
273 | /* |
274 | * If we have any nexthop group entries that | |
275 | * are awaiting vrf initialization then | |
276 | * let's let people know about it | |
277 | */ | |
278 | nexthop_group_enable_vrf(vrf); | |
279 | ||
d62a17ae | 280 | return 1; |
e5bf3e1e FL |
281 | } |
282 | ||
283 | /* | |
284 | * Disable a VRF - that is, let the VRF be unusable. | |
285 | * The VRF_DELETE_HOOK callback will be called to inform | |
286 | * that they must release the resources in the VRF. | |
287 | */ | |
697d3ec7 | 288 | void vrf_disable(struct vrf *vrf) |
e5bf3e1e | 289 | { |
d62a17ae | 290 | if (!vrf_is_enabled(vrf)) |
291 | return; | |
a647bfa8 | 292 | |
d62a17ae | 293 | UNSET_FLAG(vrf->status, VRF_ACTIVE); |
e5bf3e1e | 294 | |
d62a17ae | 295 | if (debug_vrf) |
296 | zlog_debug("VRF %u is to be disabled.", vrf->vrf_id); | |
e5bf3e1e | 297 | |
d62a17ae | 298 | /* Till now, nothing to be done for the default VRF. */ |
299 | // Pending: see why this statement. | |
e74f14fc | 300 | |
d62a17ae | 301 | if (vrf_master.vrf_disable_hook) |
302 | (*vrf_master.vrf_disable_hook)(vrf); | |
e5bf3e1e FL |
303 | } |
304 | ||
b7cfce93 MK |
305 | const char *vrf_id_to_name(vrf_id_t vrf_id) |
306 | { | |
307 | struct vrf *vrf; | |
308 | ||
309 | vrf = vrf_lookup_by_id(vrf_id); | |
310 | if (vrf) | |
311 | return vrf->name; | |
312 | ||
181c08c6 | 313 | return "n/a"; |
b7cfce93 MK |
314 | } |
315 | ||
d62a17ae | 316 | vrf_id_t vrf_name_to_id(const char *name) |
216b18ef | 317 | { |
d62a17ae | 318 | struct vrf *vrf; |
319 | vrf_id_t vrf_id = VRF_DEFAULT; // Pending: need a way to return invalid | |
320 | // id/ routine not used. | |
216b18ef | 321 | |
d62a17ae | 322 | vrf = vrf_lookup_by_name(name); |
323 | if (vrf) | |
324 | vrf_id = vrf->vrf_id; | |
216b18ef | 325 | |
d62a17ae | 326 | return vrf_id; |
216b18ef DS |
327 | } |
328 | ||
b72ede27 | 329 | /* Get the data pointer of the specified VRF. If not found, create one. */ |
d62a17ae | 330 | void *vrf_info_get(vrf_id_t vrf_id) |
b72ede27 | 331 | { |
d62a17ae | 332 | struct vrf *vrf = vrf_get(vrf_id, NULL); |
333 | return vrf->info; | |
b72ede27 FL |
334 | } |
335 | ||
336 | /* Look up the data pointer of the specified VRF. */ | |
d62a17ae | 337 | void *vrf_info_lookup(vrf_id_t vrf_id) |
b72ede27 | 338 | { |
d62a17ae | 339 | struct vrf *vrf = vrf_lookup_by_id(vrf_id); |
340 | return vrf ? vrf->info : NULL; | |
b72ede27 FL |
341 | } |
342 | ||
7076bb2f FL |
343 | /* |
344 | * VRF bit-map | |
345 | */ | |
346 | ||
3bd74754 | 347 | #define VRF_BITMAP_NUM_OF_GROUPS 1024 |
a9ff90c4 | 348 | #define VRF_BITMAP_NUM_OF_BITS_IN_GROUP (UINT32_MAX / VRF_BITMAP_NUM_OF_GROUPS) |
d62a17ae | 349 | #define VRF_BITMAP_NUM_OF_BYTES_IN_GROUP \ |
350 | (VRF_BITMAP_NUM_OF_BITS_IN_GROUP / CHAR_BIT + 1) /* +1 for ensure */ | |
351 | ||
352 | #define VRF_BITMAP_GROUP(_id) ((_id) / VRF_BITMAP_NUM_OF_BITS_IN_GROUP) | |
353 | #define VRF_BITMAP_BIT_OFFSET(_id) ((_id) % VRF_BITMAP_NUM_OF_BITS_IN_GROUP) | |
354 | ||
355 | #define VRF_BITMAP_INDEX_IN_GROUP(_bit_offset) ((_bit_offset) / CHAR_BIT) | |
d7c0a89a QY |
356 | #define VRF_BITMAP_FLAG(_bit_offset) \ |
357 | (((uint8_t)1) << ((_bit_offset) % CHAR_BIT)) | |
d62a17ae | 358 | |
359 | struct vrf_bitmap { | |
d7c0a89a | 360 | uint8_t *groups[VRF_BITMAP_NUM_OF_GROUPS]; |
7076bb2f FL |
361 | }; |
362 | ||
d62a17ae | 363 | vrf_bitmap_t vrf_bitmap_init(void) |
7076bb2f | 364 | { |
d62a17ae | 365 | return (vrf_bitmap_t)XCALLOC(MTYPE_VRF_BITMAP, |
366 | sizeof(struct vrf_bitmap)); | |
7076bb2f FL |
367 | } |
368 | ||
d62a17ae | 369 | void vrf_bitmap_free(vrf_bitmap_t bmap) |
7076bb2f | 370 | { |
d62a17ae | 371 | struct vrf_bitmap *bm = (struct vrf_bitmap *)bmap; |
372 | int i; | |
7076bb2f | 373 | |
d62a17ae | 374 | if (bmap == VRF_BITMAP_NULL) |
375 | return; | |
7076bb2f | 376 | |
d62a17ae | 377 | for (i = 0; i < VRF_BITMAP_NUM_OF_GROUPS; i++) |
378 | if (bm->groups[i]) | |
379 | XFREE(MTYPE_VRF_BITMAP, bm->groups[i]); | |
7076bb2f | 380 | |
d62a17ae | 381 | XFREE(MTYPE_VRF_BITMAP, bm); |
7076bb2f FL |
382 | } |
383 | ||
d62a17ae | 384 | void vrf_bitmap_set(vrf_bitmap_t bmap, vrf_id_t vrf_id) |
7076bb2f | 385 | { |
d62a17ae | 386 | struct vrf_bitmap *bm = (struct vrf_bitmap *)bmap; |
d7c0a89a QY |
387 | uint8_t group = VRF_BITMAP_GROUP(vrf_id); |
388 | uint8_t offset = VRF_BITMAP_BIT_OFFSET(vrf_id); | |
7076bb2f | 389 | |
d62a17ae | 390 | if (bmap == VRF_BITMAP_NULL || vrf_id == VRF_UNKNOWN) |
391 | return; | |
7076bb2f | 392 | |
d62a17ae | 393 | if (bm->groups[group] == NULL) |
394 | bm->groups[group] = XCALLOC(MTYPE_VRF_BITMAP, | |
395 | VRF_BITMAP_NUM_OF_BYTES_IN_GROUP); | |
7076bb2f | 396 | |
d62a17ae | 397 | SET_FLAG(bm->groups[group][VRF_BITMAP_INDEX_IN_GROUP(offset)], |
398 | VRF_BITMAP_FLAG(offset)); | |
7076bb2f FL |
399 | } |
400 | ||
d62a17ae | 401 | void vrf_bitmap_unset(vrf_bitmap_t bmap, vrf_id_t vrf_id) |
7076bb2f | 402 | { |
d62a17ae | 403 | struct vrf_bitmap *bm = (struct vrf_bitmap *)bmap; |
d7c0a89a QY |
404 | uint8_t group = VRF_BITMAP_GROUP(vrf_id); |
405 | uint8_t offset = VRF_BITMAP_BIT_OFFSET(vrf_id); | |
7076bb2f | 406 | |
d62a17ae | 407 | if (bmap == VRF_BITMAP_NULL || vrf_id == VRF_UNKNOWN |
408 | || bm->groups[group] == NULL) | |
409 | return; | |
7076bb2f | 410 | |
d62a17ae | 411 | UNSET_FLAG(bm->groups[group][VRF_BITMAP_INDEX_IN_GROUP(offset)], |
412 | VRF_BITMAP_FLAG(offset)); | |
7076bb2f FL |
413 | } |
414 | ||
d62a17ae | 415 | int vrf_bitmap_check(vrf_bitmap_t bmap, vrf_id_t vrf_id) |
7076bb2f | 416 | { |
d62a17ae | 417 | struct vrf_bitmap *bm = (struct vrf_bitmap *)bmap; |
d7c0a89a QY |
418 | uint8_t group = VRF_BITMAP_GROUP(vrf_id); |
419 | uint8_t offset = VRF_BITMAP_BIT_OFFSET(vrf_id); | |
7076bb2f | 420 | |
d62a17ae | 421 | if (bmap == VRF_BITMAP_NULL || vrf_id == VRF_UNKNOWN |
422 | || bm->groups[group] == NULL) | |
423 | return 0; | |
7076bb2f | 424 | |
d62a17ae | 425 | return CHECK_FLAG(bm->groups[group][VRF_BITMAP_INDEX_IN_GROUP(offset)], |
426 | VRF_BITMAP_FLAG(offset)) | |
427 | ? 1 | |
428 | : 0; | |
7076bb2f FL |
429 | } |
430 | ||
d62a17ae | 431 | static void vrf_autocomplete(vector comps, struct cmd_token *token) |
d617d5fe | 432 | { |
d62a17ae | 433 | struct vrf *vrf = NULL; |
d617d5fe | 434 | |
a2addae8 | 435 | RB_FOREACH (vrf, vrf_name_head, &vrfs_by_name) { |
a9ff90c4 | 436 | if (vrf->vrf_id != VRF_DEFAULT) |
d62a17ae | 437 | vector_set(comps, XSTRDUP(MTYPE_COMPLETION, vrf->name)); |
438 | } | |
d617d5fe DS |
439 | } |
440 | ||
441 | static const struct cmd_variable_handler vrf_var_handlers[] = { | |
d62a17ae | 442 | { |
443 | .varname = "vrf", | |
444 | .completions = vrf_autocomplete, | |
445 | }, | |
446 | {.completions = NULL}, | |
d617d5fe DS |
447 | }; |
448 | ||
b72ede27 | 449 | /* Initialize VRF module. */ |
d62a17ae | 450 | void vrf_init(int (*create)(struct vrf *), int (*enable)(struct vrf *), |
451 | int (*disable)(struct vrf *), int (*delete)(struct vrf *)) | |
452 | { | |
453 | struct vrf *default_vrf; | |
454 | ||
e26aedbe PG |
455 | /* initialise NS, in case VRF backend if NETNS */ |
456 | ns_init(); | |
d62a17ae | 457 | if (debug_vrf) |
458 | zlog_debug("%s: Initializing VRF subsystem", | |
459 | __PRETTY_FUNCTION__); | |
460 | ||
461 | vrf_master.vrf_new_hook = create; | |
462 | vrf_master.vrf_enable_hook = enable; | |
463 | vrf_master.vrf_disable_hook = disable; | |
464 | vrf_master.vrf_delete_hook = delete; | |
465 | ||
466 | /* The default VRF always exists. */ | |
467 | default_vrf = vrf_get(VRF_DEFAULT, VRF_DEFAULT_NAME); | |
468 | if (!default_vrf) { | |
469 | zlog_err("vrf_init: failed to create the default VRF!"); | |
470 | exit(1); | |
471 | } | |
472 | ||
473 | /* Enable the default VRF. */ | |
474 | if (!vrf_enable(default_vrf)) { | |
475 | zlog_err("vrf_init: failed to enable the default VRF!"); | |
476 | exit(1); | |
477 | } | |
478 | ||
479 | cmd_variable_handler_register(vrf_var_handlers); | |
b72ede27 FL |
480 | } |
481 | ||
482 | /* Terminate VRF module. */ | |
d62a17ae | 483 | void vrf_terminate(void) |
b72ede27 | 484 | { |
d62a17ae | 485 | struct vrf *vrf; |
b72ede27 | 486 | |
d62a17ae | 487 | if (debug_vrf) |
488 | zlog_debug("%s: Shutting down vrf subsystem", | |
489 | __PRETTY_FUNCTION__); | |
19dc275e | 490 | |
55cd0f61 DS |
491 | while (!RB_EMPTY(vrf_id_head, &vrfs_by_id)) { |
492 | vrf = RB_ROOT(vrf_id_head, &vrfs_by_id); | |
493 | ||
65c3a7c4 | 494 | /* Clear configured flag and invoke delete. */ |
495 | UNSET_FLAG(vrf->status, VRF_CONFIGURED); | |
d62a17ae | 496 | vrf_delete(vrf); |
65c3a7c4 | 497 | } |
55cd0f61 DS |
498 | |
499 | while (!RB_EMPTY(vrf_name_head, &vrfs_by_name)) { | |
500 | vrf = RB_ROOT(vrf_name_head, &vrfs_by_name); | |
501 | ||
65c3a7c4 | 502 | /* Clear configured flag and invoke delete. */ |
503 | UNSET_FLAG(vrf->status, VRF_CONFIGURED); | |
d62a17ae | 504 | vrf_delete(vrf); |
65c3a7c4 | 505 | } |
b72ede27 FL |
506 | } |
507 | ||
e5bf3e1e | 508 | /* Create a socket for the VRF. */ |
0f4977c6 PG |
509 | int vrf_socket(int domain, int type, int protocol, vrf_id_t vrf_id, |
510 | char *interfacename) | |
e5bf3e1e | 511 | { |
2e0d2b3d | 512 | int ret, save_errno, ret2; |
e5bf3e1e | 513 | |
2e0d2b3d PG |
514 | ret = vrf_switch_to_netns(vrf_id); |
515 | if (ret < 0) | |
996c9314 LB |
516 | zlog_err("%s: Can't switch to VRF %u (%s)", __func__, vrf_id, |
517 | safe_strerror(errno)); | |
d62a17ae | 518 | ret = socket(domain, type, protocol); |
2e0d2b3d PG |
519 | save_errno = errno; |
520 | ret2 = vrf_switchback_to_initial(); | |
521 | if (ret2 < 0) | |
996c9314 LB |
522 | zlog_err("%s: Can't switchback from VRF %u (%s)", __func__, |
523 | vrf_id, safe_strerror(errno)); | |
2e0d2b3d | 524 | errno = save_errno; |
0f4977c6 PG |
525 | if (ret <= 0) |
526 | return ret; | |
527 | ret2 = vrf_bind(vrf_id, ret, interfacename); | |
528 | if (ret2 < 0) { | |
529 | close(ret); | |
530 | ret = ret2; | |
531 | } | |
d62a17ae | 532 | return ret; |
e5bf3e1e FL |
533 | } |
534 | ||
78dd30b2 PG |
535 | int vrf_is_backend_netns(void) |
536 | { | |
537 | return (vrf_backend == VRF_BACKEND_NETNS); | |
538 | } | |
539 | ||
540 | int vrf_get_backend(void) | |
541 | { | |
542 | return vrf_backend; | |
543 | } | |
544 | ||
545 | void vrf_configure_backend(int vrf_backend_netns) | |
546 | { | |
547 | vrf_backend = vrf_backend_netns; | |
548 | } | |
549 | ||
03aff2d8 PG |
550 | int vrf_handler_create(struct vty *vty, const char *vrfname, |
551 | struct vrf **vrf) | |
f30c50b9 | 552 | { |
d62a17ae | 553 | struct vrf *vrfp; |
f30c50b9 | 554 | |
d62a17ae | 555 | if (strlen(vrfname) > VRF_NAMSIZ) { |
697d3ec7 PG |
556 | if (vty) |
557 | vty_out(vty, | |
996c9314 LB |
558 | "%% VRF name %s invalid: length exceeds %d bytes\n", |
559 | vrfname, VRF_NAMSIZ); | |
697d3ec7 PG |
560 | else |
561 | zlog_warn( | |
996c9314 LB |
562 | "%% VRF name %s invalid: length exceeds %d bytes\n", |
563 | vrfname, VRF_NAMSIZ); | |
d62a17ae | 564 | return CMD_WARNING_CONFIG_FAILED; |
565 | } | |
f30c50b9 | 566 | |
d62a17ae | 567 | vrfp = vrf_get(VRF_UNKNOWN, vrfname); |
f30c50b9 | 568 | |
697d3ec7 PG |
569 | if (vty) |
570 | VTY_PUSH_CONTEXT(VRF_NODE, vrfp); | |
f30c50b9 | 571 | |
697d3ec7 PG |
572 | if (vrf) |
573 | *vrf = vrfp; | |
d62a17ae | 574 | return CMD_SUCCESS; |
f30c50b9 RW |
575 | } |
576 | ||
996c9314 | 577 | int vrf_netns_handler_create(struct vty *vty, struct vrf *vrf, char *pathname, |
03aff2d8 | 578 | ns_id_t ns_id, ns_id_t internal_ns_id) |
e26aedbe PG |
579 | { |
580 | struct ns *ns = NULL; | |
581 | ||
582 | if (!vrf) | |
583 | return CMD_WARNING_CONFIG_FAILED; | |
584 | if (vrf->vrf_id != VRF_UNKNOWN && vrf->ns_ctxt == NULL) { | |
585 | if (vty) | |
586 | vty_out(vty, | |
587 | "VRF %u is already configured with VRF %s\n", | |
588 | vrf->vrf_id, vrf->name); | |
589 | else | |
590 | zlog_warn("VRF %u is already configured with VRF %s\n", | |
591 | vrf->vrf_id, vrf->name); | |
592 | return CMD_WARNING_CONFIG_FAILED; | |
593 | } | |
594 | if (vrf->ns_ctxt != NULL) { | |
996c9314 | 595 | ns = (struct ns *)vrf->ns_ctxt; |
e26aedbe PG |
596 | if (ns && 0 != strcmp(ns->name, pathname)) { |
597 | if (vty) | |
598 | vty_out(vty, | |
996c9314 LB |
599 | "VRF %u already configured with NETNS %s\n", |
600 | vrf->vrf_id, ns->name); | |
e26aedbe PG |
601 | else |
602 | zlog_warn( | |
996c9314 LB |
603 | "VRF %u already configured with NETNS %s", |
604 | vrf->vrf_id, ns->name); | |
e26aedbe PG |
605 | return CMD_WARNING_CONFIG_FAILED; |
606 | } | |
607 | } | |
608 | ns = ns_lookup_name(pathname); | |
609 | if (ns && ns->vrf_ctxt) { | |
610 | struct vrf *vrf2 = (struct vrf *)ns->vrf_ctxt; | |
611 | ||
612 | if (vrf2 == vrf) | |
613 | return CMD_SUCCESS; | |
614 | if (vty) | |
996c9314 LB |
615 | vty_out(vty, |
616 | "NS %s is already configured" | |
e26aedbe | 617 | " with VRF %u(%s)\n", |
996c9314 | 618 | ns->name, vrf2->vrf_id, vrf2->name); |
e26aedbe PG |
619 | else |
620 | zlog_warn("NS %s is already configured with VRF %u(%s)", | |
621 | ns->name, vrf2->vrf_id, vrf2->name); | |
622 | return CMD_WARNING_CONFIG_FAILED; | |
623 | } | |
624 | ns = ns_get_created(ns, pathname, ns_id); | |
03aff2d8 | 625 | ns->internal_ns_id = internal_ns_id; |
e26aedbe PG |
626 | ns->vrf_ctxt = (void *)vrf; |
627 | vrf->ns_ctxt = (void *)ns; | |
628 | /* update VRF netns NAME */ | |
629 | if (vrf) | |
630 | strlcpy(vrf->data.l.netns_name, basename(pathname), NS_NAMSIZ); | |
631 | ||
632 | if (!ns_enable(ns, vrf_update_vrf_id)) { | |
633 | if (vty) | |
634 | vty_out(vty, "Can not associate NS %u with NETNS %s\n", | |
996c9314 | 635 | ns->ns_id, ns->name); |
e26aedbe PG |
636 | else |
637 | zlog_warn("Can not associate NS %u with NETNS %s", | |
638 | ns->ns_id, ns->name); | |
639 | return CMD_WARNING_CONFIG_FAILED; | |
640 | } | |
641 | ||
642 | return CMD_SUCCESS; | |
643 | } | |
644 | ||
ce1be369 PG |
645 | int vrf_is_mapped_on_netns(vrf_id_t vrf_id) |
646 | { | |
647 | struct vrf *vrf = vrf_lookup_by_id(vrf_id); | |
648 | ||
649 | if (!vrf || vrf->data.l.netns_name[0] == '\0') | |
650 | return 0; | |
651 | if (vrf->vrf_id == VRF_DEFAULT) | |
652 | return 0; | |
653 | return 1; | |
654 | } | |
655 | ||
697d3ec7 | 656 | /* vrf CLI commands */ |
16d6ea59 QY |
657 | DEFUN_NOSH(vrf_exit, |
658 | vrf_exit_cmd, | |
659 | "exit-vrf", | |
660 | "Exit current mode and down to previous mode\n") | |
661 | { | |
662 | /* We have to set vrf context to default vrf */ | |
663 | VTY_PUSH_CONTEXT(VRF_NODE, vrf_get(VRF_DEFAULT, VRF_DEFAULT_NAME)); | |
664 | vty->node = CONFIG_NODE; | |
665 | return CMD_SUCCESS; | |
666 | } | |
667 | ||
697d3ec7 PG |
668 | DEFUN_NOSH (vrf, |
669 | vrf_cmd, | |
670 | "vrf NAME", | |
671 | "Select a VRF to configure\n" | |
672 | "VRF's name\n") | |
673 | { | |
674 | int idx_name = 1; | |
675 | const char *vrfname = argv[idx_name]->arg; | |
676 | ||
677 | return vrf_handler_create(vty, vrfname, NULL); | |
678 | } | |
679 | ||
f30c50b9 RW |
680 | DEFUN_NOSH (no_vrf, |
681 | no_vrf_cmd, | |
d7a75a6c | 682 | "no vrf NAME", |
f30c50b9 RW |
683 | NO_STR |
684 | "Delete a pseudo VRF's configuration\n" | |
685 | "VRF's name\n") | |
686 | { | |
d62a17ae | 687 | const char *vrfname = argv[2]->arg; |
53dc2b05 | 688 | |
d62a17ae | 689 | struct vrf *vrfp; |
f30c50b9 | 690 | |
d62a17ae | 691 | vrfp = vrf_lookup_by_name(vrfname); |
f30c50b9 | 692 | |
d62a17ae | 693 | if (vrfp == NULL) { |
694 | vty_out(vty, "%% VRF %s does not exist\n", vrfname); | |
695 | return CMD_WARNING_CONFIG_FAILED; | |
696 | } | |
f30c50b9 | 697 | |
d62a17ae | 698 | if (CHECK_FLAG(vrfp->status, VRF_ACTIVE)) { |
699 | vty_out(vty, "%% Only inactive VRFs can be deleted\n"); | |
700 | return CMD_WARNING_CONFIG_FAILED; | |
701 | } | |
f30c50b9 | 702 | |
84915b0a | 703 | /* Clear configured flag and invoke delete. */ |
704 | UNSET_FLAG(vrfp->status, VRF_CONFIGURED); | |
d62a17ae | 705 | vrf_delete(vrfp); |
f30c50b9 | 706 | |
d62a17ae | 707 | return CMD_SUCCESS; |
f30c50b9 RW |
708 | } |
709 | ||
53dc2b05 | 710 | |
d62a17ae | 711 | struct cmd_node vrf_node = {VRF_NODE, "%s(config-vrf)# ", 1}; |
7ddcfca4 | 712 | |
e26aedbe PG |
713 | DEFUN_NOSH (vrf_netns, |
714 | vrf_netns_cmd, | |
715 | "netns NAME", | |
716 | "Attach VRF to a Namespace\n" | |
717 | "The file name in " NS_RUN_DIR ", or a full pathname\n") | |
718 | { | |
3bc34908 | 719 | int idx_name = 1, ret; |
e26aedbe PG |
720 | char *pathname = ns_netns_pathname(vty, argv[idx_name]->arg); |
721 | ||
722 | VTY_DECLVAR_CONTEXT(vrf, vrf); | |
723 | ||
724 | if (!pathname) | |
725 | return CMD_WARNING_CONFIG_FAILED; | |
3bc34908 PG |
726 | |
727 | if (vrf_daemon_privs && | |
728 | vrf_daemon_privs->change(ZPRIVS_RAISE)) | |
729 | zlog_err("%s: Can't raise privileges", __func__); | |
730 | ||
03aff2d8 PG |
731 | ret = vrf_netns_handler_create(vty, vrf, pathname, |
732 | NS_UNKNOWN, NS_UNKNOWN); | |
3bc34908 PG |
733 | |
734 | if (vrf_daemon_privs && | |
735 | vrf_daemon_privs->change(ZPRIVS_LOWER)) | |
736 | zlog_err("%s: Can't lower privileges", __func__); | |
737 | return ret; | |
e26aedbe PG |
738 | } |
739 | ||
740 | DEFUN (no_vrf_netns, | |
741 | no_vrf_netns_cmd, | |
742 | "no netns [NAME]", | |
743 | NO_STR | |
744 | "Detach VRF from a Namespace\n" | |
745 | "The file name in " NS_RUN_DIR ", or a full pathname\n") | |
746 | { | |
747 | struct ns *ns = NULL; | |
748 | ||
749 | VTY_DECLVAR_CONTEXT(vrf, vrf); | |
750 | ||
751 | if (!vrf_is_backend_netns()) { | |
752 | vty_out(vty, "VRF backend is not Netns. Aborting\n"); | |
753 | return CMD_WARNING_CONFIG_FAILED; | |
754 | } | |
755 | if (!vrf->ns_ctxt) { | |
756 | vty_out(vty, "VRF %s(%u) is not configured with NetNS\n", | |
757 | vrf->name, vrf->vrf_id); | |
758 | return CMD_WARNING_CONFIG_FAILED; | |
759 | } | |
760 | ||
761 | ns = (struct ns *)vrf->ns_ctxt; | |
762 | ||
763 | ns->vrf_ctxt = NULL; | |
764 | vrf_disable(vrf); | |
765 | /* vrf ID from VRF is necessary for Zebra | |
766 | * so that propagate to other clients is done | |
767 | */ | |
768 | ns_delete(ns); | |
769 | vrf->ns_ctxt = NULL; | |
770 | return CMD_SUCCESS; | |
771 | } | |
772 | ||
19dc275e DS |
773 | /* |
774 | * Debug CLI for vrf's | |
775 | */ | |
776 | DEFUN (vrf_debug, | |
777 | vrf_debug_cmd, | |
778 | "debug vrf", | |
779 | DEBUG_STR | |
780 | "VRF Debugging\n") | |
781 | { | |
d62a17ae | 782 | debug_vrf = 1; |
19dc275e | 783 | |
d62a17ae | 784 | return CMD_SUCCESS; |
19dc275e DS |
785 | } |
786 | ||
787 | DEFUN (no_vrf_debug, | |
788 | no_vrf_debug_cmd, | |
789 | "no debug vrf", | |
790 | NO_STR | |
791 | DEBUG_STR | |
792 | "VRF Debugging\n") | |
793 | { | |
d62a17ae | 794 | debug_vrf = 0; |
19dc275e | 795 | |
d62a17ae | 796 | return CMD_SUCCESS; |
19dc275e DS |
797 | } |
798 | ||
d62a17ae | 799 | static int vrf_write_host(struct vty *vty) |
19dc275e | 800 | { |
d62a17ae | 801 | if (debug_vrf) |
802 | vty_out(vty, "debug vrf\n"); | |
19dc275e | 803 | |
d62a17ae | 804 | return 1; |
19dc275e DS |
805 | } |
806 | ||
d62a17ae | 807 | static struct cmd_node vrf_debug_node = {VRF_DEBUG_NODE, "", 1}; |
19dc275e | 808 | |
d62a17ae | 809 | void vrf_install_commands(void) |
19dc275e | 810 | { |
d62a17ae | 811 | install_node(&vrf_debug_node, vrf_write_host); |
19dc275e | 812 | |
d62a17ae | 813 | install_element(CONFIG_NODE, &vrf_debug_cmd); |
814 | install_element(ENABLE_NODE, &vrf_debug_cmd); | |
815 | install_element(CONFIG_NODE, &no_vrf_debug_cmd); | |
816 | install_element(ENABLE_NODE, &no_vrf_debug_cmd); | |
19dc275e | 817 | } |
53dc2b05 | 818 | |
3bc34908 PG |
819 | void vrf_cmd_init(int (*writefunc)(struct vty *vty), |
820 | struct zebra_privs_t *daemon_privs) | |
7ddcfca4 | 821 | { |
d62a17ae | 822 | install_element(CONFIG_NODE, &vrf_cmd); |
823 | install_element(CONFIG_NODE, &no_vrf_cmd); | |
824 | install_node(&vrf_node, writefunc); | |
825 | install_default(VRF_NODE); | |
16d6ea59 | 826 | install_element(VRF_NODE, &vrf_exit_cmd); |
e26aedbe PG |
827 | if (vrf_is_backend_netns() && ns_have_netns()) { |
828 | /* Install NS commands. */ | |
3bc34908 | 829 | vrf_daemon_privs = daemon_privs; |
e26aedbe PG |
830 | install_element(VRF_NODE, &vrf_netns_cmd); |
831 | install_element(VRF_NODE, &no_vrf_netns_cmd); | |
832 | } | |
19dc275e | 833 | } |
ec31f30d PG |
834 | |
835 | vrf_id_t vrf_get_default_id(void) | |
836 | { | |
837 | struct vrf *vrf = vrf_lookup_by_name(VRF_DEFAULT_NAME); | |
838 | ||
839 | if (vrf) | |
840 | return vrf->vrf_id; | |
03aff2d8 PG |
841 | /* backend netns is only known by zebra |
842 | * for other daemons, we return VRF_DEFAULT_INTERNAL | |
843 | */ | |
ec31f30d PG |
844 | if (vrf_is_backend_netns()) |
845 | return ns_get_default_id(); | |
846 | else | |
847 | return VRF_DEFAULT_INTERNAL; | |
848 | } | |
2e0d2b3d | 849 | |
0f4977c6 PG |
850 | int vrf_bind(vrf_id_t vrf_id, int fd, char *name) |
851 | { | |
852 | int ret = 0; | |
853 | ||
854 | if (fd < 0 || name == NULL) | |
855 | return fd; | |
856 | if (vrf_is_mapped_on_netns(vrf_id)) | |
857 | return fd; | |
858 | #ifdef SO_BINDTODEVICE | |
996c9314 | 859 | ret = setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, name, strlen(name)); |
0f4977c6 | 860 | if (ret < 0) |
996c9314 LB |
861 | zlog_debug("bind to interface %s failed, errno=%d", name, |
862 | errno); | |
0f4977c6 PG |
863 | #endif /* SO_BINDTODEVICE */ |
864 | return ret; | |
865 | } | |
2e0d2b3d | 866 | int vrf_getaddrinfo(const char *node, const char *service, |
996c9314 LB |
867 | const struct addrinfo *hints, struct addrinfo **res, |
868 | vrf_id_t vrf_id) | |
2e0d2b3d PG |
869 | { |
870 | int ret, ret2, save_errno; | |
871 | ||
872 | ret = vrf_switch_to_netns(vrf_id); | |
873 | if (ret < 0) | |
996c9314 LB |
874 | zlog_err("%s: Can't switch to VRF %u (%s)", __func__, vrf_id, |
875 | safe_strerror(errno)); | |
2e0d2b3d PG |
876 | ret = getaddrinfo(node, service, hints, res); |
877 | save_errno = errno; | |
878 | ret2 = vrf_switchback_to_initial(); | |
879 | if (ret2 < 0) | |
996c9314 LB |
880 | zlog_err("%s: Can't switchback from VRF %u (%s)", __func__, |
881 | vrf_id, safe_strerror(errno)); | |
2e0d2b3d PG |
882 | errno = save_errno; |
883 | return ret; | |
884 | } | |
885 | ||
516d7591 PG |
886 | int vrf_ioctl(vrf_id_t vrf_id, int d, unsigned long request, char *params) |
887 | { | |
888 | int ret, saved_errno, rc; | |
889 | ||
890 | ret = vrf_switch_to_netns(vrf_id); | |
891 | if (ret < 0) { | |
996c9314 LB |
892 | zlog_err("%s: Can't switch to VRF %u (%s)", __func__, vrf_id, |
893 | safe_strerror(errno)); | |
516d7591 PG |
894 | return 0; |
895 | } | |
896 | rc = ioctl(d, request, params); | |
897 | saved_errno = errno; | |
898 | ret = vrf_switchback_to_initial(); | |
899 | if (ret < 0) | |
996c9314 LB |
900 | zlog_err("%s: Can't switchback from VRF %u (%s)", __func__, |
901 | vrf_id, safe_strerror(errno)); | |
516d7591 PG |
902 | errno = saved_errno; |
903 | return rc; | |
904 | } | |
905 | ||
0f4977c6 PG |
906 | int vrf_sockunion_socket(const union sockunion *su, vrf_id_t vrf_id, |
907 | char *interfacename) | |
2e0d2b3d PG |
908 | { |
909 | int ret, save_errno, ret2; | |
910 | ||
911 | ret = vrf_switch_to_netns(vrf_id); | |
912 | if (ret < 0) | |
996c9314 LB |
913 | zlog_err("%s: Can't switch to VRF %u (%s)", __func__, vrf_id, |
914 | safe_strerror(errno)); | |
2e0d2b3d PG |
915 | ret = sockunion_socket(su); |
916 | save_errno = errno; | |
917 | ret2 = vrf_switchback_to_initial(); | |
918 | if (ret2 < 0) | |
996c9314 LB |
919 | zlog_err("%s: Can't switchback from VRF %u (%s)", __func__, |
920 | vrf_id, safe_strerror(errno)); | |
2e0d2b3d | 921 | errno = save_errno; |
0f4977c6 PG |
922 | |
923 | if (ret <= 0) | |
924 | return ret; | |
925 | ret2 = vrf_bind(vrf_id, ret, interfacename); | |
926 | if (ret2 < 0) { | |
927 | close(ret); | |
928 | ret = ret2; | |
929 | } | |
2e0d2b3d PG |
930 | return ret; |
931 | } |