]> git.proxmox.com Git - mirror_frr.git/blame - lib/vrf.c
projects / mirror_frr.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge remote-tracking branch 'upstream/master' into evpn-extended-mobility
[mirror_frr.git] / lib / vrf.c
CommitLineData
b72ede27
FL		 1/*
2 * VRF functions.
3 * Copyright (C) 2014 6WIND S.A.
4 *
5 * This file is part of GNU Zebra.
6 *
7 * GNU Zebra is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published
9 * by the Free Software Foundation; either version 2, or (at your
10 * option) any later version.
11 *
12 * GNU Zebra is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * General Public License for more details.
16 *
896014f4
DL		 17 * You should have received a copy of the GNU General Public License along
18 * with this program; see the file COPYING; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
b72ede27
FL		 20 */
21
22#include <zebra.h>
23
4691b65a
PG		 24/* for basename */
25#include <libgen.h>
26
6a69b354 27#include "if.h"
b72ede27 28#include "vrf.h"
7922fc65 29#include "vrf_int.h"
b72ede27
FL		 30#include "prefix.h"
31#include "table.h"
32#include "log.h"
33#include "memory.h"
19dc275e 34#include "command.h"
b95c1883 35#include "ns.h"
3bc34908 36#include "privs.h"
98cbbaea 37#include "nexthop_group.h"
b66d022e 38#include "lib_errors.h"
19dc275e 39
ec31f30d
PG		 40/* default VRF ID value used when VRF backend is not NETNS */
41#define VRF_DEFAULT_INTERNAL 0
42
d62a17ae 43DEFINE_MTYPE_STATIC(LIB, VRF, "VRF")
4a1ab8e4
DL		 44DEFINE_MTYPE_STATIC(LIB, VRF_BITMAP, "VRF bit-map")
45
e80e7cce
DL		 46DEFINE_QOBJ_TYPE(vrf)
47
d62a17ae 48static __inline int vrf_id_compare(const struct vrf *, const struct vrf *);
49static __inline int vrf_name_compare(const struct vrf *, const struct vrf *);
1a1a7065 50
d62a17ae 51RB_GENERATE(vrf_id_head, vrf, id_entry, vrf_id_compare);
52RB_GENERATE(vrf_name_head, vrf, name_entry, vrf_name_compare);
1a1a7065 53
d62a17ae 54struct vrf_id_head vrfs_by_id = RB_INITIALIZER(&vrfs_by_id);
55struct vrf_name_head vrfs_by_name = RB_INITIALIZER(&vrfs_by_name);
1a1a7065 56
78dd30b2 57static int vrf_backend;
3bc34908 58static struct zebra_privs_t *vrf_daemon_privs;
78dd30b2 59
19dc275e
DS		 60/*
61 * Turn on/off debug code
62 * for vrf.
63 */
64int debug_vrf = 0;
b72ede27 65
b72ede27 66/* Holding VRF hooks */
d62a17ae 67struct vrf_master {
68 int (*vrf_new_hook)(struct vrf *);
69 int (*vrf_delete_hook)(struct vrf *);
70 int (*vrf_enable_hook)(struct vrf *);
71 int (*vrf_disable_hook)(struct vrf *);
72} vrf_master = {
73 0,
74};
b72ede27 75
d62a17ae 76static int vrf_is_enabled(struct vrf *vrf);
e5bf3e1e 77
216b18ef 78/* VRF list existance check by name. */
d62a17ae 79struct vrf *vrf_lookup_by_name(const char *name)
216b18ef 80{
d62a17ae 81 struct vrf vrf;
82 strlcpy(vrf.name, name, sizeof(vrf.name));
83 return (RB_FIND(vrf_name_head, &vrfs_by_name, &vrf));
216b18ef 84}
216b18ef 85
d62a17ae 86static __inline int vrf_id_compare(const struct vrf *a, const struct vrf *b)
b72ede27 87{
d62a17ae 88 return (a->vrf_id - b->vrf_id);
216b18ef
DS		 89}
90
d62a17ae 91static int vrf_name_compare(const struct vrf *a, const struct vrf *b)
b72ede27 92{
d62a17ae 93 return strcmp(a->name, b->name);
b72ede27
FL		 94}
95
e26aedbe
PG		 96/* if ns_id is different and not VRF_UNKNOWN,
97 * then update vrf identifier, and enable VRF
98 */
99static void vrf_update_vrf_id(ns_id_t ns_id, void *opaqueptr)
100{
101 ns_id_t vrf_id = (vrf_id_t)ns_id;
102 vrf_id_t old_vrf_id;
103 struct vrf *vrf = (struct vrf *)opaqueptr;
104
105 if (!vrf)
106 return;
107 old_vrf_id = vrf->vrf_id;
108 if (vrf_id == vrf->vrf_id)
109 return;
110 if (vrf->vrf_id != VRF_UNKNOWN)
111 RB_REMOVE(vrf_id_head, &vrfs_by_id, vrf);
112 vrf->vrf_id = vrf_id;
113 RB_INSERT(vrf_id_head, &vrfs_by_id, vrf);
114 if (old_vrf_id == VRF_UNKNOWN)
115 vrf_enable((struct vrf *)vrf);
116}
117
ce1be369
PG		 118int vrf_switch_to_netns(vrf_id_t vrf_id)
119{
120 char *name;
121 struct vrf *vrf = vrf_lookup_by_id(vrf_id);
122
ce1be369 123 /* VRF is default VRF. silently ignore */
e26aedbe 124 if (!vrf || vrf->vrf_id == VRF_DEFAULT)
9dff1132 125 return 1; /* 1 = default */
e26aedbe
PG		 126 /* VRF has no NETNS backend. silently ignore */
127 if (vrf->data.l.netns_name[0] == '\0')
9dff1132 128 return 2; /* 2 = no netns */
ce1be369
PG		 129 name = ns_netns_pathname(NULL, vrf->data.l.netns_name);
130 if (debug_vrf)
131 zlog_debug("VRF_SWITCH: %s(%u)", name, vrf->vrf_id);
132 return ns_switch_to_netns(name);
133}
134
135int vrf_switchback_to_initial(void)
136{
137 int ret = ns_switchback_to_initial();
138
139 if (ret == 0 && debug_vrf)
140 zlog_debug("VRF_SWITCHBACK");
141 return ret;
142}
143
216b18ef 144/* Get a VRF. If not found, create one.
34f8e6af
DS		 145 * Arg:
146 * name - The name of the vrf. May be NULL if unknown.
147 * vrf_id - The vrf_id of the vrf. May be VRF_UNKNOWN if unknown
216b18ef 148 * Description: Please note that this routine can be called with just the name
34f8e6af
DS		 149 * and 0 vrf-id
150 */
d62a17ae 151struct vrf *vrf_get(vrf_id_t vrf_id, const char *name)
152{
153 struct vrf *vrf = NULL;
154 int new = 0;
155
156 if (debug_vrf)
996c9314
LB		 157 zlog_debug("VRF_GET: %s(%u)", name == NULL ? "(NULL)" : name,
158 vrf_id);
d62a17ae 159
160 /* Nothing to see, move along here */
161 if (!name && vrf_id == VRF_UNKNOWN)
162 return NULL;
163
0c2bac38
PG		 164 /* attempt to find already available VRF
165 */
166 if (name)
167 vrf = vrf_lookup_by_name(name);
d62a17ae 168 /* Try to find VRF both by ID and name */
0c2bac38 169 if (!vrf && vrf_id != VRF_UNKNOWN)
d62a17ae 170 vrf = vrf_lookup_by_id(vrf_id);
d62a17ae 171
172 if (vrf == NULL) {
173 vrf = XCALLOC(MTYPE_VRF, sizeof(struct vrf));
174 vrf->vrf_id = VRF_UNKNOWN;
d62a17ae 175 QOBJ_REG(vrf, vrf);
176 new = 1;
177
178 if (debug_vrf)
179 zlog_debug("VRF(%u) %s is created.", vrf_id,
180 (name) ? name : "(NULL)");
181 }
182
183 /* Set identifier */
184 if (vrf_id != VRF_UNKNOWN && vrf->vrf_id == VRF_UNKNOWN) {
185 vrf->vrf_id = vrf_id;
186 RB_INSERT(vrf_id_head, &vrfs_by_id, vrf);
187 }
188
189 /* Set name */
190 if (name && vrf->name[0] != '\0' && strcmp(name, vrf->name)) {
191 RB_REMOVE(vrf_name_head, &vrfs_by_name, vrf);
192 strlcpy(vrf->name, name, sizeof(vrf->name));
193 RB_INSERT(vrf_name_head, &vrfs_by_name, vrf);
194 } else if (name && vrf->name[0] == '\0') {
195 strlcpy(vrf->name, name, sizeof(vrf->name));
196 RB_INSERT(vrf_name_head, &vrfs_by_name, vrf);
197 }
d62a17ae 198 if (new &&vrf_master.vrf_new_hook)
199 (*vrf_master.vrf_new_hook)(vrf);
200
201 return vrf;
b72ede27
FL		 202}
203
84915b0a 204/* Delete a VRF. This is called when the underlying VRF goes away, a
205 * pre-configured VRF is deleted or when shutting down (vrf_terminate()).
206 */
d62a17ae 207void vrf_delete(struct vrf *vrf)
b72ede27 208{
d62a17ae 209 if (debug_vrf)
210 zlog_debug("VRF %u is to be deleted.", vrf->vrf_id);
b72ede27 211
d62a17ae 212 if (vrf_is_enabled(vrf))
213 vrf_disable(vrf);
e5bf3e1e 214
84915b0a 215 /* If the VRF is user configured, it'll stick around, just remove
216 * the ID mapping. Interfaces assigned to this VRF should've been
217 * removed already as part of the VRF going down.
218 */
219 if (vrf_is_user_cfged(vrf)) {
220 if (vrf->vrf_id != VRF_UNKNOWN) {
221 /* Delete any VRF interfaces - should be only
222 * the VRF itself, other interfaces should've
223 * been moved out of the VRF.
224 */
225 if_terminate(vrf);
226 RB_REMOVE(vrf_id_head, &vrfs_by_id, vrf);
227 vrf->vrf_id = VRF_UNKNOWN;
228 }
229 return;
230 }
231
d62a17ae 232 if (vrf_master.vrf_delete_hook)
233 (*vrf_master.vrf_delete_hook)(vrf);
216b18ef 234
d62a17ae 235 QOBJ_UNREG(vrf);
f4e14fdb 236 if_terminate(vrf);
b72ede27 237
d62a17ae 238 if (vrf->vrf_id != VRF_UNKNOWN)
239 RB_REMOVE(vrf_id_head, &vrfs_by_id, vrf);
240 if (vrf->name[0] != '\0')
241 RB_REMOVE(vrf_name_head, &vrfs_by_name, vrf);
b72ede27 242
d62a17ae 243 XFREE(MTYPE_VRF, vrf);
b72ede27
FL		 244}
245
246/* Look up a VRF by identifier. */
d62a17ae 247struct vrf *vrf_lookup_by_id(vrf_id_t vrf_id)
b72ede27 248{
d62a17ae 249 struct vrf vrf;
250 vrf.vrf_id = vrf_id;
251 return (RB_FIND(vrf_id_head, &vrfs_by_id, &vrf));
b72ede27
FL		 252}
253
e5bf3e1e
FL		 254/*
255 * Enable a VRF - that is, let the VRF be ready to use.
256 * The VRF_ENABLE_HOOK callback will be called to inform
257 * that they can allocate resources in this VRF.
258 *
259 * RETURN: 1 - enabled successfully; otherwise, 0.
260 */
d62a17ae 261int vrf_enable(struct vrf *vrf)
e5bf3e1e 262{
d62a17ae 263 if (vrf_is_enabled(vrf))
264 return 1;
05e8e11e 265
d62a17ae 266 if (debug_vrf)
267 zlog_debug("VRF %u is enabled.", vrf->vrf_id);
e5bf3e1e 268
d62a17ae 269 SET_FLAG(vrf->status, VRF_ACTIVE);
e5bf3e1e 270
d62a17ae 271 if (vrf_master.vrf_enable_hook)
272 (*vrf_master.vrf_enable_hook)(vrf);
e5bf3e1e 273
98cbbaea
DS		 274 /*
275 * If we have any nexthop group entries that
276 * are awaiting vrf initialization then
277 * let's let people know about it
278 */
279 nexthop_group_enable_vrf(vrf);
280
d62a17ae 281 return 1;
e5bf3e1e
FL		 282}
283
284/*
285 * Disable a VRF - that is, let the VRF be unusable.
286 * The VRF_DELETE_HOOK callback will be called to inform
287 * that they must release the resources in the VRF.
288 */
697d3ec7 289void vrf_disable(struct vrf *vrf)
e5bf3e1e 290{
d62a17ae 291 if (!vrf_is_enabled(vrf))
292 return;
a647bfa8 293
d62a17ae 294 UNSET_FLAG(vrf->status, VRF_ACTIVE);
e5bf3e1e 295
d62a17ae 296 if (debug_vrf)
297 zlog_debug("VRF %u is to be disabled.", vrf->vrf_id);
e5bf3e1e 298
d62a17ae 299 /* Till now, nothing to be done for the default VRF. */
300 // Pending: see why this statement.
e74f14fc 301
d62a17ae 302 if (vrf_master.vrf_disable_hook)
303 (*vrf_master.vrf_disable_hook)(vrf);
e5bf3e1e
FL		 304}
305
b7cfce93
MK		 306const char *vrf_id_to_name(vrf_id_t vrf_id)
307{
308 struct vrf *vrf;
309
310 vrf = vrf_lookup_by_id(vrf_id);
311 if (vrf)
312 return vrf->name;
313
181c08c6 314 return "n/a";
b7cfce93
MK		 315}
316
d62a17ae 317vrf_id_t vrf_name_to_id(const char *name)
216b18ef 318{
d62a17ae 319 struct vrf *vrf;
320 vrf_id_t vrf_id = VRF_DEFAULT; // Pending: need a way to return invalid
321 // id/ routine not used.
216b18ef 322
d62a17ae 323 vrf = vrf_lookup_by_name(name);
324 if (vrf)
325 vrf_id = vrf->vrf_id;
216b18ef 326
d62a17ae 327 return vrf_id;
216b18ef
DS		 328}
329
b72ede27 330/* Get the data pointer of the specified VRF. If not found, create one. */
d62a17ae 331void *vrf_info_get(vrf_id_t vrf_id)
b72ede27 332{
d62a17ae 333 struct vrf *vrf = vrf_get(vrf_id, NULL);
334 return vrf->info;
b72ede27
FL		 335}
336
337/* Look up the data pointer of the specified VRF. */
d62a17ae 338void *vrf_info_lookup(vrf_id_t vrf_id)
b72ede27 339{
d62a17ae 340 struct vrf *vrf = vrf_lookup_by_id(vrf_id);
341 return vrf ? vrf->info : NULL;
b72ede27
FL		 342}
343
7076bb2f 344/*
4a8bf858 345 * VRF hash for storing set or not.
7076bb2f 346 */
4a8bf858
DS		 347struct vrf_bit_set {
348 vrf_id_t vrf_id;
349 bool set;
350};
7076bb2f 351
4a8bf858
DS		 352static unsigned int vrf_hash_bitmap_key(void *data)
353{
354 struct vrf_bit_set *bit = data;
d62a17ae 355
4a8bf858
DS		 356 return bit->vrf_id;
357}
d62a17ae 358
4a8bf858
DS		 359static int vrf_hash_bitmap_cmp(const void *a, const void *b)
360{
361 const struct vrf_bit_set *bit1 = a;
362 const struct vrf_bit_set *bit2 = b;
d62a17ae 363
4a8bf858
DS		 364 return bit1->vrf_id == bit2->vrf_id;
365}
366
367static void *vrf_hash_bitmap_alloc(void *data)
368{
369 struct vrf_bit_set *copy = data;
370 struct vrf_bit_set *bit;
371
372 bit = XMALLOC(MTYPE_VRF_BITMAP, sizeof(*bit));
373 bit->vrf_id = copy->vrf_id;
374
375 return bit;
376}
377
378static void vrf_hash_bitmap_free(void *data)
379{
380 struct vrf_bit_set *bit = data;
381
382 XFREE(MTYPE_VRF_BITMAP, bit);
383}
7076bb2f 384
d62a17ae 385vrf_bitmap_t vrf_bitmap_init(void)
7076bb2f 386{
4a8bf858
DS		 387 return hash_create_size(32, vrf_hash_bitmap_key, vrf_hash_bitmap_cmp,
388 "VRF BIT HASH");
7076bb2f
FL		 389}
390
d62a17ae 391void vrf_bitmap_free(vrf_bitmap_t bmap)
7076bb2f 392{
4a8bf858 393 struct hash *vrf_hash = bmap;
7076bb2f 394
4a8bf858 395 if (vrf_hash == NULL)
d62a17ae 396 return;
7076bb2f 397
4a8bf858
DS		 398 hash_clean(vrf_hash, vrf_hash_bitmap_free);
399 hash_free(vrf_hash);
7076bb2f
FL		 400}
401
d62a17ae 402void vrf_bitmap_set(vrf_bitmap_t bmap, vrf_id_t vrf_id)
7076bb2f 403{
4a8bf858
DS		 404 struct vrf_bit_set lookup = { .vrf_id = vrf_id };
405 struct hash *vrf_hash = bmap;
406 struct vrf_bit_set *bit;
7076bb2f 407
4a8bf858 408 if (vrf_hash == NULL || vrf_id == VRF_UNKNOWN)
d62a17ae 409 return;
7076bb2f 410
4a8bf858
DS		 411 bit = hash_get(vrf_hash, &lookup, vrf_hash_bitmap_alloc);
412 bit->set = true;
7076bb2f
FL		 413}
414
d62a17ae 415void vrf_bitmap_unset(vrf_bitmap_t bmap, vrf_id_t vrf_id)
7076bb2f 416{
4a8bf858
DS		 417 struct vrf_bit_set lookup = { .vrf_id = vrf_id };
418 struct hash *vrf_hash = bmap;
419 struct vrf_bit_set *bit;
7076bb2f 420
4a8bf858 421 if (vrf_hash == NULL || vrf_id == VRF_UNKNOWN)
d62a17ae 422 return;
7076bb2f 423
4a8bf858
DS		 424 bit = hash_get(vrf_hash, &lookup, vrf_hash_bitmap_alloc);
425 bit->set = false;
7076bb2f
FL		 426}
427
d62a17ae 428int vrf_bitmap_check(vrf_bitmap_t bmap, vrf_id_t vrf_id)
7076bb2f 429{
4a8bf858
DS		 430 struct vrf_bit_set lookup = { .vrf_id = vrf_id };
431 struct hash *vrf_hash = bmap;
432 struct vrf_bit_set *bit;
7076bb2f 433
4a8bf858 434 if (vrf_hash == NULL || vrf_id == VRF_UNKNOWN)
d62a17ae 435 return 0;
7076bb2f 436
4a8bf858
DS		 437 bit = hash_lookup(vrf_hash, &lookup);
438 if (bit)
439 return bit->set;
440
441 return 0;
7076bb2f
FL		 442}
443
d62a17ae 444static void vrf_autocomplete(vector comps, struct cmd_token *token)
d617d5fe 445{
d62a17ae 446 struct vrf *vrf = NULL;
d617d5fe 447
a2addae8 448 RB_FOREACH (vrf, vrf_name_head, &vrfs_by_name) {
a9ff90c4 449 if (vrf->vrf_id != VRF_DEFAULT)
d62a17ae 450 vector_set(comps, XSTRDUP(MTYPE_COMPLETION, vrf->name));
451 }
d617d5fe
DS		 452}
453
454static const struct cmd_variable_handler vrf_var_handlers[] = {
d62a17ae 455 {
456 .varname = "vrf",
457 .completions = vrf_autocomplete,
458 },
459 {.completions = NULL},
d617d5fe
DS		 460};
461
b72ede27 462/* Initialize VRF module. */
d62a17ae 463void vrf_init(int (*create)(struct vrf *), int (*enable)(struct vrf *),
464 int (*disable)(struct vrf *), int (*delete)(struct vrf *))
465{
466 struct vrf *default_vrf;
467
e26aedbe
PG		 468 /* initialise NS, in case VRF backend if NETNS */
469 ns_init();
d62a17ae 470 if (debug_vrf)
471 zlog_debug("%s: Initializing VRF subsystem",
472 __PRETTY_FUNCTION__);
473
474 vrf_master.vrf_new_hook = create;
475 vrf_master.vrf_enable_hook = enable;
476 vrf_master.vrf_disable_hook = disable;
477 vrf_master.vrf_delete_hook = delete;
478
479 /* The default VRF always exists. */
480 default_vrf = vrf_get(VRF_DEFAULT, VRF_DEFAULT_NAME);
481 if (!default_vrf) {
af4c2728 482 flog_err(LIB_ERR_VRF_START,
b66d022e 483 "vrf_init: failed to create the default VRF!");
d62a17ae 484 exit(1);
485 }
486
487 /* Enable the default VRF. */
488 if (!vrf_enable(default_vrf)) {
af4c2728 489 flog_err(LIB_ERR_VRF_START,
b66d022e 490 "vrf_init: failed to enable the default VRF!");
d62a17ae 491 exit(1);
492 }
493
494 cmd_variable_handler_register(vrf_var_handlers);
b72ede27
FL		 495}
496
497/* Terminate VRF module. */
d62a17ae 498void vrf_terminate(void)
b72ede27 499{
d62a17ae 500 struct vrf *vrf;
b72ede27 501
d62a17ae 502 if (debug_vrf)
503 zlog_debug("%s: Shutting down vrf subsystem",
504 __PRETTY_FUNCTION__);
19dc275e 505
55cd0f61
DS		 506 while (!RB_EMPTY(vrf_id_head, &vrfs_by_id)) {
507 vrf = RB_ROOT(vrf_id_head, &vrfs_by_id);
508
65c3a7c4 509 /* Clear configured flag and invoke delete. */
510 UNSET_FLAG(vrf->status, VRF_CONFIGURED);
d62a17ae 511 vrf_delete(vrf);
65c3a7c4 512 }
55cd0f61
DS		 513
514 while (!RB_EMPTY(vrf_name_head, &vrfs_by_name)) {
515 vrf = RB_ROOT(vrf_name_head, &vrfs_by_name);
516
65c3a7c4 517 /* Clear configured flag and invoke delete. */
518 UNSET_FLAG(vrf->status, VRF_CONFIGURED);
d62a17ae 519 vrf_delete(vrf);
65c3a7c4 520 }
b72ede27
FL		 521}
522
9dff1132
LB		 523static int vrf_default_accepts_vrf(int type)
524{
525 const char *fname = NULL;
526 char buf[32] = {0x0};
527 int ret = 0;
528 FILE *fd = NULL;
529
530 /*
531 * TCP & UDP services running in the default VRF context (ie., not bound
532 * to any VRF device) can work across all VRF domains by enabling the
533 * tcp_l3mdev_accept and udp_l3mdev_accept sysctl options:
534 * sysctl -w net.ipv4.tcp_l3mdev_accept=1
535 * sysctl -w net.ipv4.udp_l3mdev_accept=1
536 */
537 if (type == SOCK_STREAM)
538 fname = "/proc/sys/net/ipv4/tcp_l3mdev_accept";
539 else if (type == SOCK_DGRAM)
540 fname = "/proc/sys/net/ipv4/udp_l3mdev_accept";
541 else
542 return ret;
543 fd = fopen(fname, "r");
544 if (fd == NULL)
545 return ret;
546 fgets(buf, 32, fd);
547 ret = atoi(buf);
548 fclose(fd);
549 return ret;
550}
551
e5bf3e1e 552/* Create a socket for the VRF. */
0f4977c6
PG		 553int vrf_socket(int domain, int type, int protocol, vrf_id_t vrf_id,
554 char *interfacename)
e5bf3e1e 555{
2e0d2b3d 556 int ret, save_errno, ret2;
e5bf3e1e 557
2e0d2b3d
PG		 558 ret = vrf_switch_to_netns(vrf_id);
559 if (ret < 0)
09c866e3
QY		 560 flog_err_sys(LIB_ERR_SOCKET, "%s: Can't switch to VRF %u (%s)",
561 __func__, vrf_id, safe_strerror(errno));
b66d022e 562
9dff1132
LB		 563 if (ret > 0 && interfacename && vrf_default_accepts_vrf(type)) {
564 zlog_err("VRF socket not used since net.ipv4.%s_l3mdev_accept != 0",
565 (type == SOCK_STREAM ? "tcp" : "udp"));
566 errno = EEXIST; /* not sure if this is the best error... */
567 return -2;
568 }
b66d022e 569
d62a17ae 570 ret = socket(domain, type, protocol);
2e0d2b3d
PG		 571 save_errno = errno;
572 ret2 = vrf_switchback_to_initial();
573 if (ret2 < 0)
09c866e3
QY		 574 flog_err_sys(LIB_ERR_SOCKET,
575 "%s: Can't switchback from VRF %u (%s)", __func__,
576 vrf_id, safe_strerror(errno));
2e0d2b3d 577 errno = save_errno;
0f4977c6
PG		 578 if (ret <= 0)
579 return ret;
580 ret2 = vrf_bind(vrf_id, ret, interfacename);
581 if (ret2 < 0) {
582 close(ret);
583 ret = ret2;
584 }
d62a17ae 585 return ret;
e5bf3e1e
FL		 586}
587
78dd30b2
PG		 588int vrf_is_backend_netns(void)
589{
590 return (vrf_backend == VRF_BACKEND_NETNS);
591}
592
593int vrf_get_backend(void)
594{
595 return vrf_backend;
596}
597
598void vrf_configure_backend(int vrf_backend_netns)
599{
600 vrf_backend = vrf_backend_netns;
601}
602
03aff2d8
PG		 603int vrf_handler_create(struct vty *vty, const char *vrfname,
604 struct vrf **vrf)
f30c50b9 605{
d62a17ae 606 struct vrf *vrfp;
f30c50b9 607
d62a17ae 608 if (strlen(vrfname) > VRF_NAMSIZ) {
697d3ec7
PG		 609 if (vty)
610 vty_out(vty,
996c9314
LB		 611 "%% VRF name %s invalid: length exceeds %d bytes\n",
612 vrfname, VRF_NAMSIZ);
697d3ec7
PG		 613 else
614 zlog_warn(
996c9314
LB		 615 "%% VRF name %s invalid: length exceeds %d bytes\n",
616 vrfname, VRF_NAMSIZ);
d62a17ae 617 return CMD_WARNING_CONFIG_FAILED;
618 }
f30c50b9 619
d62a17ae 620 vrfp = vrf_get(VRF_UNKNOWN, vrfname);
f30c50b9 621
697d3ec7
PG		 622 if (vty)
623 VTY_PUSH_CONTEXT(VRF_NODE, vrfp);
f30c50b9 624
697d3ec7
PG		 625 if (vrf)
626 *vrf = vrfp;
d62a17ae 627 return CMD_SUCCESS;
f30c50b9
RW		 628}
629
996c9314 630int vrf_netns_handler_create(struct vty *vty, struct vrf *vrf, char *pathname,
03aff2d8 631 ns_id_t ns_id, ns_id_t internal_ns_id)
e26aedbe
PG		 632{
633 struct ns *ns = NULL;
634
635 if (!vrf)
636 return CMD_WARNING_CONFIG_FAILED;
637 if (vrf->vrf_id != VRF_UNKNOWN && vrf->ns_ctxt == NULL) {
638 if (vty)
639 vty_out(vty,
640 "VRF %u is already configured with VRF %s\n",
641 vrf->vrf_id, vrf->name);
642 else
643 zlog_warn("VRF %u is already configured with VRF %s\n",
644 vrf->vrf_id, vrf->name);
645 return CMD_WARNING_CONFIG_FAILED;
646 }
647 if (vrf->ns_ctxt != NULL) {
996c9314 648 ns = (struct ns *)vrf->ns_ctxt;
2e1cc436 649 if (!strcmp(ns->name, pathname)) {
e26aedbe
PG		 650 if (vty)
651 vty_out(vty,
996c9314
LB		 652 "VRF %u already configured with NETNS %s\n",
653 vrf->vrf_id, ns->name);
e26aedbe
PG		 654 else
655 zlog_warn(
996c9314
LB		 656 "VRF %u already configured with NETNS %s",
657 vrf->vrf_id, ns->name);
e26aedbe
PG		 658 return CMD_WARNING_CONFIG_FAILED;
659 }
660 }
661 ns = ns_lookup_name(pathname);
662 if (ns && ns->vrf_ctxt) {
663 struct vrf *vrf2 = (struct vrf *)ns->vrf_ctxt;
664
665 if (vrf2 == vrf)
666 return CMD_SUCCESS;
667 if (vty)
996c9314
LB		 668 vty_out(vty,
669 "NS %s is already configured"
e26aedbe 670 " with VRF %u(%s)\n",
996c9314 671 ns->name, vrf2->vrf_id, vrf2->name);
e26aedbe
PG		 672 else
673 zlog_warn("NS %s is already configured with VRF %u(%s)",
674 ns->name, vrf2->vrf_id, vrf2->name);
675 return CMD_WARNING_CONFIG_FAILED;
676 }
677 ns = ns_get_created(ns, pathname, ns_id);
03aff2d8 678 ns->internal_ns_id = internal_ns_id;
e26aedbe
PG		 679 ns->vrf_ctxt = (void *)vrf;
680 vrf->ns_ctxt = (void *)ns;
681 /* update VRF netns NAME */
2e1cc436 682 strlcpy(vrf->data.l.netns_name, basename(pathname), NS_NAMSIZ);
e26aedbe
PG		 683
684 if (!ns_enable(ns, vrf_update_vrf_id)) {
685 if (vty)
686 vty_out(vty, "Can not associate NS %u with NETNS %s\n",
996c9314 687 ns->ns_id, ns->name);
e26aedbe
PG		 688 else
689 zlog_warn("Can not associate NS %u with NETNS %s",
690 ns->ns_id, ns->name);
691 return CMD_WARNING_CONFIG_FAILED;
692 }
693
694 return CMD_SUCCESS;
695}
696
3d4c0b49 697int vrf_is_mapped_on_netns(struct vrf *vrf)
ce1be369 698{
ce1be369
PG		 699 if (!vrf || vrf->data.l.netns_name[0] == '\0')
700 return 0;
701 if (vrf->vrf_id == VRF_DEFAULT)
702 return 0;
703 return 1;
704}
705
697d3ec7 706/* vrf CLI commands */
16d6ea59
QY		 707DEFUN_NOSH(vrf_exit,
708 vrf_exit_cmd,
709 "exit-vrf",
710 "Exit current mode and down to previous mode\n")
711{
712 /* We have to set vrf context to default vrf */
713 VTY_PUSH_CONTEXT(VRF_NODE, vrf_get(VRF_DEFAULT, VRF_DEFAULT_NAME));
714 vty->node = CONFIG_NODE;
715 return CMD_SUCCESS;
716}
717
697d3ec7
PG		 718DEFUN_NOSH (vrf,
719 vrf_cmd,
720 "vrf NAME",
721 "Select a VRF to configure\n"
722 "VRF's name\n")
723{
724 int idx_name = 1;
725 const char *vrfname = argv[idx_name]->arg;
726
727 return vrf_handler_create(vty, vrfname, NULL);
728}
729
34c46274
RW		 730DEFUN (no_vrf,
731 no_vrf_cmd,
732 "no vrf NAME",
733 NO_STR
734 "Delete a pseudo VRF's configuration\n"
735 "VRF's name\n")
f30c50b9 736{
d62a17ae 737 const char *vrfname = argv[2]->arg;
53dc2b05 738
d62a17ae 739 struct vrf *vrfp;
f30c50b9 740
d62a17ae 741 vrfp = vrf_lookup_by_name(vrfname);
f30c50b9 742
d62a17ae 743 if (vrfp == NULL) {
744 vty_out(vty, "%% VRF %s does not exist\n", vrfname);
745 return CMD_WARNING_CONFIG_FAILED;
746 }
f30c50b9 747
d62a17ae 748 if (CHECK_FLAG(vrfp->status, VRF_ACTIVE)) {
749 vty_out(vty, "%% Only inactive VRFs can be deleted\n");
750 return CMD_WARNING_CONFIG_FAILED;
751 }
f30c50b9 752
84915b0a 753 /* Clear configured flag and invoke delete. */
754 UNSET_FLAG(vrfp->status, VRF_CONFIGURED);
d62a17ae 755 vrf_delete(vrfp);
f30c50b9 756
d62a17ae 757 return CMD_SUCCESS;
f30c50b9
RW		 758}
759
53dc2b05 760
d62a17ae 761struct cmd_node vrf_node = {VRF_NODE, "%s(config-vrf)# ", 1};
7ddcfca4 762
34c46274 763DEFUN_NOSH (vrf_netns,
4a541e8c
PG		 764 vrf_netns_cmd,
765 "netns NAME",
766 "Attach VRF to a Namespace\n"
767 "The file name in " NS_RUN_DIR ", or a full pathname\n")
e26aedbe 768{
3bc34908 769 int idx_name = 1, ret;
e26aedbe
PG		 770 char *pathname = ns_netns_pathname(vty, argv[idx_name]->arg);
771
772 VTY_DECLVAR_CONTEXT(vrf, vrf);
773
774 if (!pathname)
775 return CMD_WARNING_CONFIG_FAILED;
3bc34908 776
6bb30c2c
DL		 777 frr_elevate_privs(vrf_daemon_privs) {
778 ret = vrf_netns_handler_create(vty, vrf, pathname,
779 NS_UNKNOWN, NS_UNKNOWN);
780 }
3bc34908 781 return ret;
e26aedbe
PG		 782}
783
34c46274 784DEFUN_NOSH (no_vrf_netns,
e26aedbe
PG		 785 no_vrf_netns_cmd,
786 "no netns [NAME]",
787 NO_STR
788 "Detach VRF from a Namespace\n"
789 "The file name in " NS_RUN_DIR ", or a full pathname\n")
790{
791 struct ns *ns = NULL;
792
793 VTY_DECLVAR_CONTEXT(vrf, vrf);
794
795 if (!vrf_is_backend_netns()) {
796 vty_out(vty, "VRF backend is not Netns. Aborting\n");
797 return CMD_WARNING_CONFIG_FAILED;
798 }
799 if (!vrf->ns_ctxt) {
800 vty_out(vty, "VRF %s(%u) is not configured with NetNS\n",
801 vrf->name, vrf->vrf_id);
802 return CMD_WARNING_CONFIG_FAILED;
803 }
804
805 ns = (struct ns *)vrf->ns_ctxt;
806
807 ns->vrf_ctxt = NULL;
808 vrf_disable(vrf);
809 /* vrf ID from VRF is necessary for Zebra
810 * so that propagate to other clients is done
811 */
812 ns_delete(ns);
813 vrf->ns_ctxt = NULL;
814 return CMD_SUCCESS;
815}
816
19dc275e
DS		 817/*
818 * Debug CLI for vrf's
819 */
820DEFUN (vrf_debug,
821 vrf_debug_cmd,
822 "debug vrf",
823 DEBUG_STR
824 "VRF Debugging\n")
825{
d62a17ae 826 debug_vrf = 1;
19dc275e 827
d62a17ae 828 return CMD_SUCCESS;
19dc275e
DS		 829}
830
831DEFUN (no_vrf_debug,
832 no_vrf_debug_cmd,
833 "no debug vrf",
834 NO_STR
835 DEBUG_STR
836 "VRF Debugging\n")
837{
d62a17ae 838 debug_vrf = 0;
19dc275e 839
d62a17ae 840 return CMD_SUCCESS;
19dc275e
DS		 841}
842
d62a17ae 843static int vrf_write_host(struct vty *vty)
19dc275e 844{
d62a17ae 845 if (debug_vrf)
846 vty_out(vty, "debug vrf\n");
19dc275e 847
d62a17ae 848 return 1;
19dc275e
DS		 849}
850
d62a17ae 851static struct cmd_node vrf_debug_node = {VRF_DEBUG_NODE, "", 1};
19dc275e 852
d62a17ae 853void vrf_install_commands(void)
19dc275e 854{
d62a17ae 855 install_node(&vrf_debug_node, vrf_write_host);
19dc275e 856
d62a17ae 857 install_element(CONFIG_NODE, &vrf_debug_cmd);
858 install_element(ENABLE_NODE, &vrf_debug_cmd);
859 install_element(CONFIG_NODE, &no_vrf_debug_cmd);
860 install_element(ENABLE_NODE, &no_vrf_debug_cmd);
19dc275e 861}
53dc2b05 862
3bc34908
PG		 863void vrf_cmd_init(int (*writefunc)(struct vty *vty),
864 struct zebra_privs_t *daemon_privs)
7ddcfca4 865{
d62a17ae 866 install_element(CONFIG_NODE, &vrf_cmd);
867 install_element(CONFIG_NODE, &no_vrf_cmd);
868 install_node(&vrf_node, writefunc);
869 install_default(VRF_NODE);
16d6ea59 870 install_element(VRF_NODE, &vrf_exit_cmd);
e26aedbe
PG		 871 if (vrf_is_backend_netns() && ns_have_netns()) {
872 /* Install NS commands. */
3bc34908 873 vrf_daemon_privs = daemon_privs;
e26aedbe
PG		 874 install_element(VRF_NODE, &vrf_netns_cmd);
875 install_element(VRF_NODE, &no_vrf_netns_cmd);
876 }
19dc275e 877}
ec31f30d
PG		 878
879vrf_id_t vrf_get_default_id(void)
880{
881 struct vrf *vrf = vrf_lookup_by_name(VRF_DEFAULT_NAME);
882
883 if (vrf)
884 return vrf->vrf_id;
03aff2d8
PG		 885 /* backend netns is only known by zebra
886 * for other daemons, we return VRF_DEFAULT_INTERNAL
887 */
ec31f30d
PG		 888 if (vrf_is_backend_netns())
889 return ns_get_default_id();
890 else
891 return VRF_DEFAULT_INTERNAL;
892}
2e0d2b3d 893
0f4977c6
PG		 894int vrf_bind(vrf_id_t vrf_id, int fd, char *name)
895{
896 int ret = 0;
897
898 if (fd < 0 || name == NULL)
899 return fd;
3d4c0b49 900 if (vrf_is_mapped_on_netns(vrf_lookup_by_id(vrf_id)))
0f4977c6
PG		 901 return fd;
902#ifdef SO_BINDTODEVICE
c9c70dd1 903 ret = setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, name, strlen(name)+1);
0f4977c6 904 if (ret < 0)
996c9314
LB		 905 zlog_debug("bind to interface %s failed, errno=%d", name,
906 errno);
0f4977c6
PG		 907#endif /* SO_BINDTODEVICE */
908 return ret;
909}
2e0d2b3d 910int vrf_getaddrinfo(const char *node, const char *service,
996c9314
LB		 911 const struct addrinfo *hints, struct addrinfo **res,
912 vrf_id_t vrf_id)
2e0d2b3d
PG		 913{
914 int ret, ret2, save_errno;
915
916 ret = vrf_switch_to_netns(vrf_id);
917 if (ret < 0)
09c866e3
QY		 918 flog_err_sys(LIB_ERR_SOCKET, "%s: Can't switch to VRF %u (%s)",
919 __func__, vrf_id, safe_strerror(errno));
2e0d2b3d
PG		 920 ret = getaddrinfo(node, service, hints, res);
921 save_errno = errno;
922 ret2 = vrf_switchback_to_initial();
923 if (ret2 < 0)
09c866e3
QY		 924 flog_err_sys(LIB_ERR_SOCKET,
925 "%s: Can't switchback from VRF %u (%s)", __func__,
926 vrf_id, safe_strerror(errno));
2e0d2b3d
PG		 927 errno = save_errno;
928 return ret;
929}
930
516d7591
PG		 931int vrf_ioctl(vrf_id_t vrf_id, int d, unsigned long request, char *params)
932{
933 int ret, saved_errno, rc;
934
935 ret = vrf_switch_to_netns(vrf_id);
936 if (ret < 0) {
09c866e3
QY		 937 flog_err_sys(LIB_ERR_SOCKET, "%s: Can't switch to VRF %u (%s)",
938 __func__, vrf_id, safe_strerror(errno));
516d7591
PG		 939 return 0;
940 }
941 rc = ioctl(d, request, params);
942 saved_errno = errno;
943 ret = vrf_switchback_to_initial();
944 if (ret < 0)
09c866e3
QY		 945 flog_err_sys(LIB_ERR_SOCKET,
946 "%s: Can't switchback from VRF %u (%s)", __func__,
947 vrf_id, safe_strerror(errno));
516d7591
PG		 948 errno = saved_errno;
949 return rc;
950}
951
0f4977c6
PG		 952int vrf_sockunion_socket(const union sockunion *su, vrf_id_t vrf_id,
953 char *interfacename)
2e0d2b3d
PG		 954{
955 int ret, save_errno, ret2;
956
957 ret = vrf_switch_to_netns(vrf_id);
958 if (ret < 0)
09c866e3
QY		 959 flog_err_sys(LIB_ERR_SOCKET, "%s: Can't switch to VRF %u (%s)",
960 __func__, vrf_id, safe_strerror(errno));
2e0d2b3d
PG		 961 ret = sockunion_socket(su);
962 save_errno = errno;
963 ret2 = vrf_switchback_to_initial();
964 if (ret2 < 0)
09c866e3
QY		 965 flog_err_sys(LIB_ERR_SOCKET,
966 "%s: Can't switchback from VRF %u (%s)", __func__,
967 vrf_id, safe_strerror(errno));
2e0d2b3d 968 errno = save_errno;
0f4977c6
PG		 969
970 if (ret <= 0)
971 return ret;
972 ret2 = vrf_bind(vrf_id, ret, interfacename);
973 if (ret2 < 0) {
974 close(ret);
975 ret = ret2;
976 }
2e0d2b3d
PG		 977 return ret;
978}
FRRouting mirror