]>
Commit | Line | Data |
---|---|---|
1 | /* | |
2 | * VRF functions. | |
3 | * Copyright (C) 2014 6WIND S.A. | |
4 | * | |
5 | * This file is part of GNU Zebra. | |
6 | * | |
7 | * GNU Zebra is free software; you can redistribute it and/or modify | |
8 | * it under the terms of the GNU General Public License as published | |
9 | * by the Free Software Foundation; either version 2, or (at your | |
10 | * option) any later version. | |
11 | * | |
12 | * GNU Zebra is distributed in the hope that it will be useful, but | |
13 | * WITHOUT ANY WARRANTY; without even the implied warranty of | |
14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
15 | * General Public License for more details. | |
16 | * | |
17 | * You should have received a copy of the GNU General Public License along | |
18 | * with this program; see the file COPYING; if not, write to the Free Software | |
19 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA | |
20 | */ | |
21 | ||
22 | #include <zebra.h> | |
23 | ||
24 | /* for basename */ | |
25 | #include <libgen.h> | |
26 | ||
27 | #include "if.h" | |
28 | #include "vrf.h" | |
29 | #include "vrf_int.h" | |
30 | #include "prefix.h" | |
31 | #include "table.h" | |
32 | #include "log.h" | |
33 | #include "memory.h" | |
34 | #include "command.h" | |
35 | #include "ns.h" | |
36 | #include "privs.h" | |
37 | #include "nexthop_group.h" | |
38 | #include "lib_errors.h" | |
39 | ||
40 | /* default VRF ID value used when VRF backend is not NETNS */ | |
41 | #define VRF_DEFAULT_INTERNAL 0 | |
42 | #define VRF_DEFAULT_NAME_INTERNAL "default" | |
43 | ||
44 | DEFINE_MTYPE_STATIC(LIB, VRF, "VRF") | |
45 | DEFINE_MTYPE_STATIC(LIB, VRF_BITMAP, "VRF bit-map") | |
46 | ||
47 | DEFINE_QOBJ_TYPE(vrf) | |
48 | ||
49 | static __inline int vrf_id_compare(const struct vrf *, const struct vrf *); | |
50 | static __inline int vrf_name_compare(const struct vrf *, const struct vrf *); | |
51 | ||
52 | RB_GENERATE(vrf_id_head, vrf, id_entry, vrf_id_compare); | |
53 | RB_GENERATE(vrf_name_head, vrf, name_entry, vrf_name_compare); | |
54 | ||
55 | struct vrf_id_head vrfs_by_id = RB_INITIALIZER(&vrfs_by_id); | |
56 | struct vrf_name_head vrfs_by_name = RB_INITIALIZER(&vrfs_by_name); | |
57 | ||
58 | static int vrf_backend; | |
59 | static int vrf_backend_configured; | |
60 | static struct zebra_privs_t *vrf_daemon_privs; | |
61 | static char vrf_default_name[VRF_NAMSIZ] = VRF_DEFAULT_NAME_INTERNAL; | |
62 | ||
63 | /* | |
64 | * Turn on/off debug code | |
65 | * for vrf. | |
66 | */ | |
67 | static int debug_vrf = 0; | |
68 | ||
69 | /* Holding VRF hooks */ | |
70 | static struct vrf_master { | |
71 | int (*vrf_new_hook)(struct vrf *); | |
72 | int (*vrf_delete_hook)(struct vrf *); | |
73 | int (*vrf_enable_hook)(struct vrf *); | |
74 | int (*vrf_disable_hook)(struct vrf *); | |
75 | int (*vrf_update_name_hook)(struct vrf *vrf); | |
76 | } vrf_master = { | |
77 | 0, | |
78 | }; | |
79 | ||
80 | static int vrf_is_enabled(struct vrf *vrf); | |
81 | ||
82 | /* VRF list existance check by name. */ | |
83 | struct vrf *vrf_lookup_by_name(const char *name) | |
84 | { | |
85 | struct vrf vrf; | |
86 | strlcpy(vrf.name, name, sizeof(vrf.name)); | |
87 | return (RB_FIND(vrf_name_head, &vrfs_by_name, &vrf)); | |
88 | } | |
89 | ||
90 | static __inline int vrf_id_compare(const struct vrf *a, const struct vrf *b) | |
91 | { | |
92 | return (a->vrf_id - b->vrf_id); | |
93 | } | |
94 | ||
95 | static int vrf_name_compare(const struct vrf *a, const struct vrf *b) | |
96 | { | |
97 | return strcmp(a->name, b->name); | |
98 | } | |
99 | ||
100 | /* if ns_id is different and not VRF_UNKNOWN, | |
101 | * then update vrf identifier, and enable VRF | |
102 | */ | |
103 | static void vrf_update_vrf_id(ns_id_t ns_id, void *opaqueptr) | |
104 | { | |
105 | ns_id_t vrf_id = (vrf_id_t)ns_id; | |
106 | vrf_id_t old_vrf_id; | |
107 | struct vrf *vrf = (struct vrf *)opaqueptr; | |
108 | ||
109 | if (!vrf) | |
110 | return; | |
111 | old_vrf_id = vrf->vrf_id; | |
112 | if (vrf_id == vrf->vrf_id) | |
113 | return; | |
114 | if (vrf->vrf_id != VRF_UNKNOWN) | |
115 | RB_REMOVE(vrf_id_head, &vrfs_by_id, vrf); | |
116 | vrf->vrf_id = vrf_id; | |
117 | RB_INSERT(vrf_id_head, &vrfs_by_id, vrf); | |
118 | if (old_vrf_id == VRF_UNKNOWN) | |
119 | vrf_enable(vrf); | |
120 | } | |
121 | ||
122 | int vrf_switch_to_netns(vrf_id_t vrf_id) | |
123 | { | |
124 | char *name; | |
125 | struct vrf *vrf = vrf_lookup_by_id(vrf_id); | |
126 | ||
127 | /* VRF is default VRF. silently ignore */ | |
128 | if (!vrf || vrf->vrf_id == VRF_DEFAULT) | |
129 | return 1; /* 1 = default */ | |
130 | /* VRF has no NETNS backend. silently ignore */ | |
131 | if (vrf->data.l.netns_name[0] == '\0') | |
132 | return 2; /* 2 = no netns */ | |
133 | name = ns_netns_pathname(NULL, vrf->data.l.netns_name); | |
134 | if (debug_vrf) | |
135 | zlog_debug("VRF_SWITCH: %s(%u)", name, vrf->vrf_id); | |
136 | return ns_switch_to_netns(name); | |
137 | } | |
138 | ||
139 | int vrf_switchback_to_initial(void) | |
140 | { | |
141 | int ret = ns_switchback_to_initial(); | |
142 | ||
143 | if (ret == 0 && debug_vrf) | |
144 | zlog_debug("VRF_SWITCHBACK"); | |
145 | return ret; | |
146 | } | |
147 | ||
148 | /* Get a VRF. If not found, create one. | |
149 | * Arg: | |
150 | * name - The name of the vrf. May be NULL if unknown. | |
151 | * vrf_id - The vrf_id of the vrf. May be VRF_UNKNOWN if unknown | |
152 | * Description: Please note that this routine can be called with just the name | |
153 | * and 0 vrf-id | |
154 | */ | |
155 | struct vrf *vrf_get(vrf_id_t vrf_id, const char *name) | |
156 | { | |
157 | struct vrf *vrf = NULL; | |
158 | int new = 0; | |
159 | ||
160 | if (debug_vrf) | |
161 | zlog_debug("VRF_GET: %s(%u)", name == NULL ? "(NULL)" : name, | |
162 | vrf_id); | |
163 | ||
164 | /* Nothing to see, move along here */ | |
165 | if (!name && vrf_id == VRF_UNKNOWN) | |
166 | return NULL; | |
167 | ||
168 | /* attempt to find already available VRF | |
169 | */ | |
170 | if (name) | |
171 | vrf = vrf_lookup_by_name(name); | |
172 | if (vrf && vrf_id != VRF_UNKNOWN | |
173 | && vrf->vrf_id != VRF_UNKNOWN | |
174 | && vrf->vrf_id != vrf_id) { | |
175 | zlog_debug("VRF_GET: avoid %s creation(%u), same name exists (%u)", | |
176 | name, vrf_id, vrf->vrf_id); | |
177 | return NULL; | |
178 | } | |
179 | /* Try to find VRF both by ID and name */ | |
180 | if (!vrf && vrf_id != VRF_UNKNOWN) | |
181 | vrf = vrf_lookup_by_id(vrf_id); | |
182 | ||
183 | if (vrf == NULL) { | |
184 | vrf = XCALLOC(MTYPE_VRF, sizeof(struct vrf)); | |
185 | vrf->vrf_id = VRF_UNKNOWN; | |
186 | QOBJ_REG(vrf, vrf); | |
187 | new = 1; | |
188 | ||
189 | if (debug_vrf) | |
190 | zlog_debug("VRF(%u) %s is created.", vrf_id, | |
191 | (name) ? name : "(NULL)"); | |
192 | } | |
193 | ||
194 | /* Set identifier */ | |
195 | if (vrf_id != VRF_UNKNOWN && vrf->vrf_id == VRF_UNKNOWN) { | |
196 | vrf->vrf_id = vrf_id; | |
197 | RB_INSERT(vrf_id_head, &vrfs_by_id, vrf); | |
198 | } | |
199 | ||
200 | /* Set name */ | |
201 | if (name && vrf->name[0] != '\0' && strcmp(name, vrf->name)) { | |
202 | /* update the vrf name */ | |
203 | RB_REMOVE(vrf_name_head, &vrfs_by_name, vrf); | |
204 | strlcpy(vrf->data.l.netns_name, | |
205 | name, NS_NAMSIZ); | |
206 | strlcpy(vrf->name, name, sizeof(vrf->name)); | |
207 | RB_INSERT(vrf_name_head, &vrfs_by_name, vrf); | |
208 | if (vrf->vrf_id == VRF_DEFAULT) | |
209 | vrf_set_default_name(vrf->name, false); | |
210 | } else if (name && vrf->name[0] == '\0') { | |
211 | strlcpy(vrf->name, name, sizeof(vrf->name)); | |
212 | RB_INSERT(vrf_name_head, &vrfs_by_name, vrf); | |
213 | } | |
214 | if (new &&vrf_master.vrf_new_hook) | |
215 | (*vrf_master.vrf_new_hook)(vrf); | |
216 | ||
217 | return vrf; | |
218 | } | |
219 | ||
220 | /* Delete a VRF. This is called when the underlying VRF goes away, a | |
221 | * pre-configured VRF is deleted or when shutting down (vrf_terminate()). | |
222 | */ | |
223 | void vrf_delete(struct vrf *vrf) | |
224 | { | |
225 | if (debug_vrf) | |
226 | zlog_debug("VRF %u is to be deleted.", vrf->vrf_id); | |
227 | ||
228 | if (vrf_is_enabled(vrf)) | |
229 | vrf_disable(vrf); | |
230 | ||
231 | /* If the VRF is user configured, it'll stick around, just remove | |
232 | * the ID mapping. Interfaces assigned to this VRF should've been | |
233 | * removed already as part of the VRF going down. | |
234 | */ | |
235 | if (vrf_is_user_cfged(vrf)) { | |
236 | if (vrf->vrf_id != VRF_UNKNOWN) { | |
237 | /* Delete any VRF interfaces - should be only | |
238 | * the VRF itself, other interfaces should've | |
239 | * been moved out of the VRF. | |
240 | */ | |
241 | if_terminate(vrf); | |
242 | RB_REMOVE(vrf_id_head, &vrfs_by_id, vrf); | |
243 | vrf->vrf_id = VRF_UNKNOWN; | |
244 | } | |
245 | return; | |
246 | } | |
247 | ||
248 | if (vrf_master.vrf_delete_hook) | |
249 | (*vrf_master.vrf_delete_hook)(vrf); | |
250 | ||
251 | QOBJ_UNREG(vrf); | |
252 | if_terminate(vrf); | |
253 | ||
254 | if (vrf->vrf_id != VRF_UNKNOWN) | |
255 | RB_REMOVE(vrf_id_head, &vrfs_by_id, vrf); | |
256 | if (vrf->name[0] != '\0') | |
257 | RB_REMOVE(vrf_name_head, &vrfs_by_name, vrf); | |
258 | ||
259 | XFREE(MTYPE_VRF, vrf); | |
260 | } | |
261 | ||
262 | /* Look up a VRF by identifier. */ | |
263 | struct vrf *vrf_lookup_by_id(vrf_id_t vrf_id) | |
264 | { | |
265 | struct vrf vrf; | |
266 | vrf.vrf_id = vrf_id; | |
267 | return (RB_FIND(vrf_id_head, &vrfs_by_id, &vrf)); | |
268 | } | |
269 | ||
270 | /* | |
271 | * Enable a VRF - that is, let the VRF be ready to use. | |
272 | * The VRF_ENABLE_HOOK callback will be called to inform | |
273 | * that they can allocate resources in this VRF. | |
274 | * | |
275 | * RETURN: 1 - enabled successfully; otherwise, 0. | |
276 | */ | |
277 | int vrf_enable(struct vrf *vrf) | |
278 | { | |
279 | if (vrf_is_enabled(vrf)) | |
280 | return 1; | |
281 | ||
282 | if (debug_vrf) | |
283 | zlog_debug("VRF %u is enabled.", vrf->vrf_id); | |
284 | ||
285 | SET_FLAG(vrf->status, VRF_ACTIVE); | |
286 | ||
287 | if (vrf_master.vrf_enable_hook) | |
288 | (*vrf_master.vrf_enable_hook)(vrf); | |
289 | ||
290 | /* | |
291 | * If we have any nexthop group entries that | |
292 | * are awaiting vrf initialization then | |
293 | * let's let people know about it | |
294 | */ | |
295 | nexthop_group_enable_vrf(vrf); | |
296 | ||
297 | return 1; | |
298 | } | |
299 | ||
300 | /* | |
301 | * Disable a VRF - that is, let the VRF be unusable. | |
302 | * The VRF_DELETE_HOOK callback will be called to inform | |
303 | * that they must release the resources in the VRF. | |
304 | */ | |
305 | void vrf_disable(struct vrf *vrf) | |
306 | { | |
307 | if (!vrf_is_enabled(vrf)) | |
308 | return; | |
309 | ||
310 | UNSET_FLAG(vrf->status, VRF_ACTIVE); | |
311 | ||
312 | if (debug_vrf) | |
313 | zlog_debug("VRF %u is to be disabled.", vrf->vrf_id); | |
314 | ||
315 | /* Till now, nothing to be done for the default VRF. */ | |
316 | // Pending: see why this statement. | |
317 | ||
318 | if (vrf_master.vrf_disable_hook) | |
319 | (*vrf_master.vrf_disable_hook)(vrf); | |
320 | } | |
321 | ||
322 | const char *vrf_id_to_name(vrf_id_t vrf_id) | |
323 | { | |
324 | struct vrf *vrf; | |
325 | ||
326 | vrf = vrf_lookup_by_id(vrf_id); | |
327 | if (vrf) | |
328 | return vrf->name; | |
329 | ||
330 | return "n/a"; | |
331 | } | |
332 | ||
333 | vrf_id_t vrf_name_to_id(const char *name) | |
334 | { | |
335 | struct vrf *vrf; | |
336 | vrf_id_t vrf_id = VRF_DEFAULT; // Pending: need a way to return invalid | |
337 | // id/ routine not used. | |
338 | ||
339 | if (!name) | |
340 | return vrf_id; | |
341 | vrf = vrf_lookup_by_name(name); | |
342 | if (vrf) | |
343 | vrf_id = vrf->vrf_id; | |
344 | ||
345 | return vrf_id; | |
346 | } | |
347 | ||
348 | /* Get the data pointer of the specified VRF. If not found, create one. */ | |
349 | void *vrf_info_get(vrf_id_t vrf_id) | |
350 | { | |
351 | struct vrf *vrf = vrf_get(vrf_id, NULL); | |
352 | return vrf->info; | |
353 | } | |
354 | ||
355 | /* Look up the data pointer of the specified VRF. */ | |
356 | void *vrf_info_lookup(vrf_id_t vrf_id) | |
357 | { | |
358 | struct vrf *vrf = vrf_lookup_by_id(vrf_id); | |
359 | return vrf ? vrf->info : NULL; | |
360 | } | |
361 | ||
362 | /* | |
363 | * VRF hash for storing set or not. | |
364 | */ | |
365 | struct vrf_bit_set { | |
366 | vrf_id_t vrf_id; | |
367 | bool set; | |
368 | }; | |
369 | ||
370 | static unsigned int vrf_hash_bitmap_key(const void *data) | |
371 | { | |
372 | const struct vrf_bit_set *bit = data; | |
373 | ||
374 | return bit->vrf_id; | |
375 | } | |
376 | ||
377 | static bool vrf_hash_bitmap_cmp(const void *a, const void *b) | |
378 | { | |
379 | const struct vrf_bit_set *bit1 = a; | |
380 | const struct vrf_bit_set *bit2 = b; | |
381 | ||
382 | return bit1->vrf_id == bit2->vrf_id; | |
383 | } | |
384 | ||
385 | static void *vrf_hash_bitmap_alloc(void *data) | |
386 | { | |
387 | struct vrf_bit_set *copy = data; | |
388 | struct vrf_bit_set *bit; | |
389 | ||
390 | bit = XMALLOC(MTYPE_VRF_BITMAP, sizeof(*bit)); | |
391 | bit->vrf_id = copy->vrf_id; | |
392 | ||
393 | return bit; | |
394 | } | |
395 | ||
396 | static void vrf_hash_bitmap_free(void *data) | |
397 | { | |
398 | struct vrf_bit_set *bit = data; | |
399 | ||
400 | XFREE(MTYPE_VRF_BITMAP, bit); | |
401 | } | |
402 | ||
403 | vrf_bitmap_t vrf_bitmap_init(void) | |
404 | { | |
405 | return hash_create_size(32, vrf_hash_bitmap_key, vrf_hash_bitmap_cmp, | |
406 | "VRF BIT HASH"); | |
407 | } | |
408 | ||
409 | void vrf_bitmap_free(vrf_bitmap_t bmap) | |
410 | { | |
411 | struct hash *vrf_hash = bmap; | |
412 | ||
413 | if (vrf_hash == NULL) | |
414 | return; | |
415 | ||
416 | hash_clean(vrf_hash, vrf_hash_bitmap_free); | |
417 | hash_free(vrf_hash); | |
418 | } | |
419 | ||
420 | void vrf_bitmap_set(vrf_bitmap_t bmap, vrf_id_t vrf_id) | |
421 | { | |
422 | struct vrf_bit_set lookup = { .vrf_id = vrf_id }; | |
423 | struct hash *vrf_hash = bmap; | |
424 | struct vrf_bit_set *bit; | |
425 | ||
426 | if (vrf_hash == NULL || vrf_id == VRF_UNKNOWN) | |
427 | return; | |
428 | ||
429 | bit = hash_get(vrf_hash, &lookup, vrf_hash_bitmap_alloc); | |
430 | bit->set = true; | |
431 | } | |
432 | ||
433 | void vrf_bitmap_unset(vrf_bitmap_t bmap, vrf_id_t vrf_id) | |
434 | { | |
435 | struct vrf_bit_set lookup = { .vrf_id = vrf_id }; | |
436 | struct hash *vrf_hash = bmap; | |
437 | struct vrf_bit_set *bit; | |
438 | ||
439 | if (vrf_hash == NULL || vrf_id == VRF_UNKNOWN) | |
440 | return; | |
441 | ||
442 | bit = hash_get(vrf_hash, &lookup, vrf_hash_bitmap_alloc); | |
443 | bit->set = false; | |
444 | } | |
445 | ||
446 | int vrf_bitmap_check(vrf_bitmap_t bmap, vrf_id_t vrf_id) | |
447 | { | |
448 | struct vrf_bit_set lookup = { .vrf_id = vrf_id }; | |
449 | struct hash *vrf_hash = bmap; | |
450 | struct vrf_bit_set *bit; | |
451 | ||
452 | if (vrf_hash == NULL || vrf_id == VRF_UNKNOWN) | |
453 | return 0; | |
454 | ||
455 | bit = hash_lookup(vrf_hash, &lookup); | |
456 | if (bit) | |
457 | return bit->set; | |
458 | ||
459 | return 0; | |
460 | } | |
461 | ||
462 | static void vrf_autocomplete(vector comps, struct cmd_token *token) | |
463 | { | |
464 | struct vrf *vrf = NULL; | |
465 | ||
466 | RB_FOREACH (vrf, vrf_name_head, &vrfs_by_name) | |
467 | vector_set(comps, XSTRDUP(MTYPE_COMPLETION, vrf->name)); | |
468 | } | |
469 | ||
470 | static const struct cmd_variable_handler vrf_var_handlers[] = { | |
471 | { | |
472 | .varname = "vrf", | |
473 | .completions = vrf_autocomplete, | |
474 | }, | |
475 | { | |
476 | .varname = "vrf_name", | |
477 | .completions = vrf_autocomplete, | |
478 | }, | |
479 | { | |
480 | .varname = "nexthop_vrf", | |
481 | .completions = vrf_autocomplete, | |
482 | }, | |
483 | {.completions = NULL}, | |
484 | }; | |
485 | ||
486 | /* Initialize VRF module. */ | |
487 | void vrf_init(int (*create)(struct vrf *), int (*enable)(struct vrf *), | |
488 | int (*disable)(struct vrf *), int (*destroy)(struct vrf *), | |
489 | int ((*update)(struct vrf *))) | |
490 | { | |
491 | struct vrf *default_vrf; | |
492 | ||
493 | /* initialise NS, in case VRF backend if NETNS */ | |
494 | ns_init(); | |
495 | if (debug_vrf) | |
496 | zlog_debug("%s: Initializing VRF subsystem", __func__); | |
497 | ||
498 | vrf_master.vrf_new_hook = create; | |
499 | vrf_master.vrf_enable_hook = enable; | |
500 | vrf_master.vrf_disable_hook = disable; | |
501 | vrf_master.vrf_delete_hook = destroy; | |
502 | vrf_master.vrf_update_name_hook = update; | |
503 | ||
504 | /* The default VRF always exists. */ | |
505 | default_vrf = vrf_get(VRF_DEFAULT, VRF_DEFAULT_NAME); | |
506 | if (!default_vrf) { | |
507 | flog_err(EC_LIB_VRF_START, | |
508 | "vrf_init: failed to create the default VRF!"); | |
509 | exit(1); | |
510 | } | |
511 | if (vrf_is_backend_netns()) { | |
512 | struct ns *ns; | |
513 | ||
514 | strlcpy(default_vrf->data.l.netns_name, | |
515 | VRF_DEFAULT_NAME, NS_NAMSIZ); | |
516 | ns = ns_lookup(ns_get_default_id()); | |
517 | ns->vrf_ctxt = default_vrf; | |
518 | default_vrf->ns_ctxt = ns; | |
519 | } | |
520 | ||
521 | /* Enable the default VRF. */ | |
522 | if (!vrf_enable(default_vrf)) { | |
523 | flog_err(EC_LIB_VRF_START, | |
524 | "vrf_init: failed to enable the default VRF!"); | |
525 | exit(1); | |
526 | } | |
527 | ||
528 | cmd_variable_handler_register(vrf_var_handlers); | |
529 | } | |
530 | ||
531 | /* Terminate VRF module. */ | |
532 | void vrf_terminate(void) | |
533 | { | |
534 | struct vrf *vrf; | |
535 | ||
536 | if (debug_vrf) | |
537 | zlog_debug("%s: Shutting down vrf subsystem", __func__); | |
538 | ||
539 | while (!RB_EMPTY(vrf_id_head, &vrfs_by_id)) { | |
540 | vrf = RB_ROOT(vrf_id_head, &vrfs_by_id); | |
541 | ||
542 | /* Clear configured flag and invoke delete. */ | |
543 | UNSET_FLAG(vrf->status, VRF_CONFIGURED); | |
544 | vrf_delete(vrf); | |
545 | } | |
546 | ||
547 | while (!RB_EMPTY(vrf_name_head, &vrfs_by_name)) { | |
548 | vrf = RB_ROOT(vrf_name_head, &vrfs_by_name); | |
549 | ||
550 | /* Clear configured flag and invoke delete. */ | |
551 | UNSET_FLAG(vrf->status, VRF_CONFIGURED); | |
552 | vrf_delete(vrf); | |
553 | } | |
554 | } | |
555 | ||
556 | int vrf_socket(int domain, int type, int protocol, vrf_id_t vrf_id, | |
557 | const char *interfacename) | |
558 | { | |
559 | int ret, save_errno, ret2; | |
560 | ||
561 | ret = vrf_switch_to_netns(vrf_id); | |
562 | if (ret < 0) | |
563 | flog_err_sys(EC_LIB_SOCKET, "%s: Can't switch to VRF %u (%s)", | |
564 | __func__, vrf_id, safe_strerror(errno)); | |
565 | ||
566 | ret = socket(domain, type, protocol); | |
567 | save_errno = errno; | |
568 | ret2 = vrf_switchback_to_initial(); | |
569 | if (ret2 < 0) | |
570 | flog_err_sys(EC_LIB_SOCKET, | |
571 | "%s: Can't switchback from VRF %u (%s)", __func__, | |
572 | vrf_id, safe_strerror(errno)); | |
573 | errno = save_errno; | |
574 | if (ret <= 0) | |
575 | return ret; | |
576 | ret2 = vrf_bind(vrf_id, ret, interfacename); | |
577 | if (ret2 < 0) { | |
578 | close(ret); | |
579 | ret = ret2; | |
580 | } | |
581 | return ret; | |
582 | } | |
583 | ||
584 | int vrf_is_backend_netns(void) | |
585 | { | |
586 | return (vrf_backend == VRF_BACKEND_NETNS); | |
587 | } | |
588 | ||
589 | int vrf_get_backend(void) | |
590 | { | |
591 | if (!vrf_backend_configured) | |
592 | return VRF_BACKEND_UNKNOWN; | |
593 | return vrf_backend; | |
594 | } | |
595 | ||
596 | void vrf_configure_backend(int vrf_backend_netns) | |
597 | { | |
598 | vrf_backend = vrf_backend_netns; | |
599 | vrf_backend_configured = 1; | |
600 | } | |
601 | ||
602 | int vrf_handler_create(struct vty *vty, const char *vrfname, | |
603 | struct vrf **vrf) | |
604 | { | |
605 | struct vrf *vrfp; | |
606 | ||
607 | if (strlen(vrfname) > VRF_NAMSIZ) { | |
608 | if (vty) | |
609 | vty_out(vty, | |
610 | "%% VRF name %s invalid: length exceeds %d bytes\n", | |
611 | vrfname, VRF_NAMSIZ); | |
612 | else | |
613 | flog_warn( | |
614 | EC_LIB_VRF_LENGTH, | |
615 | "%% VRF name %s invalid: length exceeds %d bytes\n", | |
616 | vrfname, VRF_NAMSIZ); | |
617 | return CMD_WARNING_CONFIG_FAILED; | |
618 | } | |
619 | ||
620 | vrfp = vrf_get(VRF_UNKNOWN, vrfname); | |
621 | ||
622 | if (vty) | |
623 | VTY_PUSH_CONTEXT(VRF_NODE, vrfp); | |
624 | ||
625 | if (vrf) | |
626 | *vrf = vrfp; | |
627 | return CMD_SUCCESS; | |
628 | } | |
629 | ||
630 | int vrf_netns_handler_create(struct vty *vty, struct vrf *vrf, char *pathname, | |
631 | ns_id_t ns_id, ns_id_t internal_ns_id) | |
632 | { | |
633 | struct ns *ns = NULL; | |
634 | ||
635 | if (!vrf) | |
636 | return CMD_WARNING_CONFIG_FAILED; | |
637 | if (vrf->vrf_id != VRF_UNKNOWN && vrf->ns_ctxt == NULL) { | |
638 | if (vty) | |
639 | vty_out(vty, | |
640 | "VRF %u is already configured with VRF %s\n", | |
641 | vrf->vrf_id, vrf->name); | |
642 | else | |
643 | zlog_info("VRF %u is already configured with VRF %s", | |
644 | vrf->vrf_id, vrf->name); | |
645 | return CMD_WARNING_CONFIG_FAILED; | |
646 | } | |
647 | if (vrf->ns_ctxt != NULL) { | |
648 | ns = (struct ns *)vrf->ns_ctxt; | |
649 | if (!strcmp(ns->name, pathname)) { | |
650 | if (vty) | |
651 | vty_out(vty, | |
652 | "VRF %u already configured with NETNS %s\n", | |
653 | vrf->vrf_id, ns->name); | |
654 | else | |
655 | zlog_info( | |
656 | "VRF %u already configured with NETNS %s", | |
657 | vrf->vrf_id, ns->name); | |
658 | return CMD_WARNING_CONFIG_FAILED; | |
659 | } | |
660 | } | |
661 | ns = ns_lookup_name(pathname); | |
662 | if (ns && ns->vrf_ctxt) { | |
663 | struct vrf *vrf2 = (struct vrf *)ns->vrf_ctxt; | |
664 | ||
665 | if (vrf2 == vrf) | |
666 | return CMD_SUCCESS; | |
667 | if (vty) | |
668 | vty_out(vty, | |
669 | "NS %s is already configured" | |
670 | " with VRF %u(%s)\n", | |
671 | ns->name, vrf2->vrf_id, vrf2->name); | |
672 | else | |
673 | zlog_info("NS %s is already configured with VRF %u(%s)", | |
674 | ns->name, vrf2->vrf_id, vrf2->name); | |
675 | return CMD_WARNING_CONFIG_FAILED; | |
676 | } | |
677 | ns = ns_get_created(ns, pathname, ns_id); | |
678 | ns->internal_ns_id = internal_ns_id; | |
679 | ns->vrf_ctxt = (void *)vrf; | |
680 | vrf->ns_ctxt = (void *)ns; | |
681 | /* update VRF netns NAME */ | |
682 | strlcpy(vrf->data.l.netns_name, basename(pathname), NS_NAMSIZ); | |
683 | ||
684 | if (!ns_enable(ns, vrf_update_vrf_id)) { | |
685 | if (vty) | |
686 | vty_out(vty, "Can not associate NS %u with NETNS %s\n", | |
687 | ns->ns_id, ns->name); | |
688 | else | |
689 | zlog_info("Can not associate NS %u with NETNS %s", | |
690 | ns->ns_id, ns->name); | |
691 | return CMD_WARNING_CONFIG_FAILED; | |
692 | } | |
693 | ||
694 | return CMD_SUCCESS; | |
695 | } | |
696 | ||
697 | /* vrf CLI commands */ | |
698 | DEFUN_NOSH(vrf_exit, | |
699 | vrf_exit_cmd, | |
700 | "exit-vrf", | |
701 | "Exit current mode and down to previous mode\n") | |
702 | { | |
703 | /* We have to set vrf context to default vrf */ | |
704 | VTY_PUSH_CONTEXT(VRF_NODE, vrf_get(VRF_DEFAULT, VRF_DEFAULT_NAME)); | |
705 | vty->node = CONFIG_NODE; | |
706 | return CMD_SUCCESS; | |
707 | } | |
708 | ||
709 | DEFUN_NOSH (vrf, | |
710 | vrf_cmd, | |
711 | "vrf NAME", | |
712 | "Select a VRF to configure\n" | |
713 | "VRF's name\n") | |
714 | { | |
715 | int idx_name = 1; | |
716 | const char *vrfname = argv[idx_name]->arg; | |
717 | ||
718 | return vrf_handler_create(vty, vrfname, NULL); | |
719 | } | |
720 | ||
721 | DEFUN (no_vrf, | |
722 | no_vrf_cmd, | |
723 | "no vrf NAME", | |
724 | NO_STR | |
725 | "Delete a pseudo VRF's configuration\n" | |
726 | "VRF's name\n") | |
727 | { | |
728 | const char *vrfname = argv[2]->arg; | |
729 | ||
730 | struct vrf *vrfp; | |
731 | ||
732 | vrfp = vrf_lookup_by_name(vrfname); | |
733 | ||
734 | if (vrfp == NULL) { | |
735 | vty_out(vty, "%% VRF %s does not exist\n", vrfname); | |
736 | return CMD_WARNING_CONFIG_FAILED; | |
737 | } | |
738 | ||
739 | if (CHECK_FLAG(vrfp->status, VRF_ACTIVE)) { | |
740 | vty_out(vty, "%% Only inactive VRFs can be deleted\n"); | |
741 | return CMD_WARNING_CONFIG_FAILED; | |
742 | } | |
743 | ||
744 | /* Clear configured flag and invoke delete. */ | |
745 | UNSET_FLAG(vrfp->status, VRF_CONFIGURED); | |
746 | vrf_delete(vrfp); | |
747 | ||
748 | return CMD_SUCCESS; | |
749 | } | |
750 | ||
751 | ||
752 | static struct cmd_node vrf_node = {VRF_NODE, "%s(config-vrf)# ", 1}; | |
753 | ||
754 | DEFUN_NOSH (vrf_netns, | |
755 | vrf_netns_cmd, | |
756 | "netns NAME", | |
757 | "Attach VRF to a Namespace\n" | |
758 | "The file name in " NS_RUN_DIR ", or a full pathname\n") | |
759 | { | |
760 | int idx_name = 1, ret; | |
761 | char *pathname = ns_netns_pathname(vty, argv[idx_name]->arg); | |
762 | ||
763 | VTY_DECLVAR_CONTEXT(vrf, vrf); | |
764 | ||
765 | if (!pathname) | |
766 | return CMD_WARNING_CONFIG_FAILED; | |
767 | ||
768 | frr_with_privs(vrf_daemon_privs) { | |
769 | ret = vrf_netns_handler_create(vty, vrf, pathname, | |
770 | NS_UNKNOWN, NS_UNKNOWN); | |
771 | } | |
772 | return ret; | |
773 | } | |
774 | ||
775 | DEFUN_NOSH (no_vrf_netns, | |
776 | no_vrf_netns_cmd, | |
777 | "no netns [NAME]", | |
778 | NO_STR | |
779 | "Detach VRF from a Namespace\n" | |
780 | "The file name in " NS_RUN_DIR ", or a full pathname\n") | |
781 | { | |
782 | struct ns *ns = NULL; | |
783 | ||
784 | VTY_DECLVAR_CONTEXT(vrf, vrf); | |
785 | ||
786 | if (!vrf_is_backend_netns()) { | |
787 | vty_out(vty, "VRF backend is not Netns. Aborting\n"); | |
788 | return CMD_WARNING_CONFIG_FAILED; | |
789 | } | |
790 | if (!vrf->ns_ctxt) { | |
791 | vty_out(vty, "VRF %s(%u) is not configured with NetNS\n", | |
792 | vrf->name, vrf->vrf_id); | |
793 | return CMD_WARNING_CONFIG_FAILED; | |
794 | } | |
795 | ||
796 | ns = (struct ns *)vrf->ns_ctxt; | |
797 | ||
798 | ns->vrf_ctxt = NULL; | |
799 | vrf_disable(vrf); | |
800 | /* vrf ID from VRF is necessary for Zebra | |
801 | * so that propagate to other clients is done | |
802 | */ | |
803 | ns_delete(ns); | |
804 | vrf->ns_ctxt = NULL; | |
805 | return CMD_SUCCESS; | |
806 | } | |
807 | ||
808 | /* | |
809 | * Debug CLI for vrf's | |
810 | */ | |
811 | DEFUN (vrf_debug, | |
812 | vrf_debug_cmd, | |
813 | "debug vrf", | |
814 | DEBUG_STR | |
815 | "VRF Debugging\n") | |
816 | { | |
817 | debug_vrf = 1; | |
818 | ||
819 | return CMD_SUCCESS; | |
820 | } | |
821 | ||
822 | DEFUN (no_vrf_debug, | |
823 | no_vrf_debug_cmd, | |
824 | "no debug vrf", | |
825 | NO_STR | |
826 | DEBUG_STR | |
827 | "VRF Debugging\n") | |
828 | { | |
829 | debug_vrf = 0; | |
830 | ||
831 | return CMD_SUCCESS; | |
832 | } | |
833 | ||
834 | static int vrf_write_host(struct vty *vty) | |
835 | { | |
836 | if (debug_vrf) | |
837 | vty_out(vty, "debug vrf\n"); | |
838 | ||
839 | return 1; | |
840 | } | |
841 | ||
842 | static struct cmd_node vrf_debug_node = {VRF_DEBUG_NODE, "", 1}; | |
843 | ||
844 | void vrf_install_commands(void) | |
845 | { | |
846 | install_node(&vrf_debug_node, vrf_write_host); | |
847 | ||
848 | install_element(CONFIG_NODE, &vrf_debug_cmd); | |
849 | install_element(ENABLE_NODE, &vrf_debug_cmd); | |
850 | install_element(CONFIG_NODE, &no_vrf_debug_cmd); | |
851 | install_element(ENABLE_NODE, &no_vrf_debug_cmd); | |
852 | } | |
853 | ||
854 | void vrf_cmd_init(int (*writefunc)(struct vty *vty), | |
855 | struct zebra_privs_t *daemon_privs) | |
856 | { | |
857 | install_element(CONFIG_NODE, &vrf_cmd); | |
858 | install_element(CONFIG_NODE, &no_vrf_cmd); | |
859 | install_node(&vrf_node, writefunc); | |
860 | install_default(VRF_NODE); | |
861 | install_element(VRF_NODE, &vrf_exit_cmd); | |
862 | if (vrf_is_backend_netns() && ns_have_netns()) { | |
863 | /* Install NS commands. */ | |
864 | vrf_daemon_privs = daemon_privs; | |
865 | install_element(VRF_NODE, &vrf_netns_cmd); | |
866 | install_element(VRF_NODE, &no_vrf_netns_cmd); | |
867 | } | |
868 | } | |
869 | ||
870 | void vrf_set_default_name(const char *default_name, bool force) | |
871 | { | |
872 | struct vrf *def_vrf; | |
873 | static bool def_vrf_forced; | |
874 | ||
875 | def_vrf = vrf_lookup_by_id(VRF_DEFAULT); | |
876 | assert(default_name); | |
877 | if (def_vrf && !force && def_vrf_forced) { | |
878 | zlog_debug("VRF: %s, avoid changing name to %s, previously forced (%u)", | |
879 | def_vrf->name, default_name, | |
880 | def_vrf->vrf_id); | |
881 | return; | |
882 | } | |
883 | if (strmatch(vrf_default_name, default_name)) | |
884 | return; | |
885 | snprintf(vrf_default_name, VRF_NAMSIZ, "%s", default_name); | |
886 | if (def_vrf) { | |
887 | if (force) | |
888 | def_vrf_forced = true; | |
889 | RB_REMOVE(vrf_name_head, &vrfs_by_name, def_vrf); | |
890 | strlcpy(def_vrf->data.l.netns_name, | |
891 | vrf_default_name, NS_NAMSIZ); | |
892 | strlcpy(def_vrf->name, vrf_default_name, sizeof(def_vrf->name)); | |
893 | RB_INSERT(vrf_name_head, &vrfs_by_name, def_vrf); | |
894 | if (vrf_master.vrf_update_name_hook) | |
895 | (*vrf_master.vrf_update_name_hook)(def_vrf); | |
896 | } | |
897 | } | |
898 | ||
899 | const char *vrf_get_default_name(void) | |
900 | { | |
901 | return vrf_default_name; | |
902 | } | |
903 | ||
904 | vrf_id_t vrf_get_default_id(void) | |
905 | { | |
906 | /* backend netns is only known by zebra | |
907 | * for other daemons, we return VRF_DEFAULT_INTERNAL | |
908 | */ | |
909 | if (vrf_is_backend_netns()) | |
910 | return ns_get_default_id(); | |
911 | else | |
912 | return VRF_DEFAULT_INTERNAL; | |
913 | } | |
914 | ||
915 | int vrf_bind(vrf_id_t vrf_id, int fd, const char *name) | |
916 | { | |
917 | int ret = 0; | |
918 | struct interface *ifp; | |
919 | ||
920 | if (fd < 0 || name == NULL) | |
921 | return fd; | |
922 | /* the device should exist | |
923 | * otherwise we should return | |
924 | * case ifname = vrf in netns mode => return | |
925 | */ | |
926 | ifp = if_lookup_by_name(name, vrf_id); | |
927 | if (!ifp) | |
928 | return fd; | |
929 | #ifdef SO_BINDTODEVICE | |
930 | ret = setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, name, strlen(name)+1); | |
931 | if (ret < 0) | |
932 | zlog_debug("bind to interface %s failed, errno=%d", name, | |
933 | errno); | |
934 | #endif /* SO_BINDTODEVICE */ | |
935 | return ret; | |
936 | } | |
937 | int vrf_getaddrinfo(const char *node, const char *service, | |
938 | const struct addrinfo *hints, struct addrinfo **res, | |
939 | vrf_id_t vrf_id) | |
940 | { | |
941 | int ret, ret2, save_errno; | |
942 | ||
943 | ret = vrf_switch_to_netns(vrf_id); | |
944 | if (ret < 0) | |
945 | flog_err_sys(EC_LIB_SOCKET, "%s: Can't switch to VRF %u (%s)", | |
946 | __func__, vrf_id, safe_strerror(errno)); | |
947 | ret = getaddrinfo(node, service, hints, res); | |
948 | save_errno = errno; | |
949 | ret2 = vrf_switchback_to_initial(); | |
950 | if (ret2 < 0) | |
951 | flog_err_sys(EC_LIB_SOCKET, | |
952 | "%s: Can't switchback from VRF %u (%s)", __func__, | |
953 | vrf_id, safe_strerror(errno)); | |
954 | errno = save_errno; | |
955 | return ret; | |
956 | } | |
957 | ||
958 | int vrf_ioctl(vrf_id_t vrf_id, int d, unsigned long request, char *params) | |
959 | { | |
960 | int ret, saved_errno, rc; | |
961 | ||
962 | ret = vrf_switch_to_netns(vrf_id); | |
963 | if (ret < 0) { | |
964 | flog_err_sys(EC_LIB_SOCKET, "%s: Can't switch to VRF %u (%s)", | |
965 | __func__, vrf_id, safe_strerror(errno)); | |
966 | return 0; | |
967 | } | |
968 | rc = ioctl(d, request, params); | |
969 | saved_errno = errno; | |
970 | ret = vrf_switchback_to_initial(); | |
971 | if (ret < 0) | |
972 | flog_err_sys(EC_LIB_SOCKET, | |
973 | "%s: Can't switchback from VRF %u (%s)", __func__, | |
974 | vrf_id, safe_strerror(errno)); | |
975 | errno = saved_errno; | |
976 | return rc; | |
977 | } | |
978 | ||
979 | int vrf_sockunion_socket(const union sockunion *su, vrf_id_t vrf_id, | |
980 | const char *interfacename) | |
981 | { | |
982 | int ret, save_errno, ret2; | |
983 | ||
984 | ret = vrf_switch_to_netns(vrf_id); | |
985 | if (ret < 0) | |
986 | flog_err_sys(EC_LIB_SOCKET, "%s: Can't switch to VRF %u (%s)", | |
987 | __func__, vrf_id, safe_strerror(errno)); | |
988 | ret = sockunion_socket(su); | |
989 | save_errno = errno; | |
990 | ret2 = vrf_switchback_to_initial(); | |
991 | if (ret2 < 0) | |
992 | flog_err_sys(EC_LIB_SOCKET, | |
993 | "%s: Can't switchback from VRF %u (%s)", __func__, | |
994 | vrf_id, safe_strerror(errno)); | |
995 | errno = save_errno; | |
996 | ||
997 | if (ret <= 0) | |
998 | return ret; | |
999 | ret2 = vrf_bind(vrf_id, ret, interfacename); | |
1000 | if (ret2 < 0) { | |
1001 | close(ret); | |
1002 | ret = ret2; | |
1003 | } | |
1004 | return ret; | |
1005 | } | |
1006 | ||
1007 | vrf_id_t vrf_generate_id(void) | |
1008 | { | |
1009 | static int vrf_id_local; | |
1010 | ||
1011 | return ++vrf_id_local; | |
1012 | } |