]> git.proxmox.com Git - mirror_ovs.git/blob - lib/ovs-router.c
projects / mirror_ovs.git / blob
? search:


b387657f8faae2d533d664402bd814467d469907
[mirror_ovs.git] / lib / ovs-router.c
1 /*
2 * Copyright (c) 2014, 2015, 2016, 2017 Nicira, Inc.
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at:
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <config.h>
18
19 #include "ovs-router.h"
20
21 #include <arpa/inet.h>
22 #include <errno.h>
23 #include <inttypes.h>
24 #include <sys/socket.h>
25 #include <net/if.h>
26 #include <netinet/in.h>
27 #include <stdarg.h>
28 #include <stdlib.h>
29 #include <string.h>
30 #include <unistd.h>
31
32 #include "classifier.h"
33 #include "command-line.h"
34 #include "compiler.h"
35 #include "dpif.h"
36 #include "fatal-signal.h"
37 #include "openvswitch/dynamic-string.h"
38 #include "netdev.h"
39 #include "packets.h"
40 #include "seq.h"
41 #include "ovs-thread.h"
42 #include "route-table.h"
43 #include "tnl-ports.h"
44 #include "unixctl.h"
45 #include "util.h"
46 #include "unaligned.h"
47 #include "unixctl.h"
48 #include "util.h"
49 #include "openvswitch/vlog.h"
50
51 VLOG_DEFINE_THIS_MODULE(ovs_router);
52
53 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
54
55 static struct ovs_mutex mutex = OVS_MUTEX_INITIALIZER;
56 static struct classifier cls;
57
58 struct ovs_router_entry {
59 struct cls_rule cr;
60 char output_bridge[IFNAMSIZ];
61 struct in6_addr gw;
62 struct in6_addr nw_addr;
63 struct in6_addr src_addr;
64 uint8_t plen;
65 uint8_t priority;
66 uint32_t mark;
67 };
68
69 static struct ovs_router_entry *
70 ovs_router_entry_cast(const struct cls_rule *cr)
71 {
72 if (offsetof(struct ovs_router_entry, cr) == 0) {
73 return CONTAINER_OF(cr, struct ovs_router_entry, cr);
74 } else {
75 return cr ? CONTAINER_OF(cr, struct ovs_router_entry, cr) : NULL;
76 }
77 }
78
79 static bool
80 ovs_router_lookup_fallback(const struct in6_addr *ip6_dst, char output_bridge[],
81 struct in6_addr *src6, struct in6_addr *gw6)
82 {
83 ovs_be32 src;
84
85 if (!route_table_fallback_lookup(ip6_dst, output_bridge, gw6)) {
86 return false;
87 }
88 if (netdev_get_in4_by_name(output_bridge, (struct in_addr *)&src)) {
89 return false;
90 }
91 if (src6) {
92 in6_addr_set_mapped_ipv4(src6, src);
93 }
94 return true;
95 }
96
97 bool
98 ovs_router_lookup(uint32_t mark, const struct in6_addr *ip6_dst,
99 char output_bridge[],
100 struct in6_addr *src, struct in6_addr *gw)
101 {
102 const struct cls_rule *cr;
103 struct flow flow = {.ipv6_dst = *ip6_dst, .pkt_mark = mark};
104
105 cr = classifier_lookup(&cls, OVS_VERSION_MAX, &flow, NULL);
106 if (cr) {
107 struct ovs_router_entry *p = ovs_router_entry_cast(cr);
108
109 ovs_strlcpy(output_bridge, p->output_bridge, IFNAMSIZ);
110 *gw = p->gw;
111 if (src) {
112 *src = p->src_addr;
113 }
114 return true;
115 }
116 return ovs_router_lookup_fallback(ip6_dst, output_bridge, src, gw);
117 }
118
119 static void
120 rt_entry_free(struct ovs_router_entry *p)
121 {
122 cls_rule_destroy(&p->cr);
123 free(p);
124 }
125
126 static void rt_init_match(struct match *match, uint32_t mark,
127 const struct in6_addr *ip6_dst,
128 uint8_t plen)
129 {
130 struct in6_addr dst;
131 struct in6_addr mask;
132
133 mask = ipv6_create_mask(plen);
134
135 dst = ipv6_addr_bitand(ip6_dst, &mask);
136 memset(match, 0, sizeof *match);
137 match->flow.ipv6_dst = dst;
138 match->wc.masks.ipv6_dst = mask;
139 match->wc.masks.pkt_mark = UINT32_MAX;
140 match->flow.pkt_mark = mark;
141 }
142
143 static int
144 get_src_addr(const struct in6_addr *ip6_dst,
145 const char output_bridge[], struct in6_addr *psrc)
146 {
147 struct in6_addr *mask, *addr6;
148 int err, n_in6, i, max_plen = -1;
149 struct netdev *dev;
150 bool is_ipv4;
151
152 err = netdev_open(output_bridge, NULL, &dev);
153 if (err) {
154 return err;
155 }
156
157 err = netdev_get_addr_list(dev, &addr6, &mask, &n_in6);
158 if (err) {
159 goto out;
160 }
161
162 is_ipv4 = IN6_IS_ADDR_V4MAPPED(ip6_dst);
163
164 for (i = 0; i < n_in6; i++) {
165 struct in6_addr a1, a2;
166 int mask_bits;
167
168 if (is_ipv4 && !IN6_IS_ADDR_V4MAPPED(&addr6[i])) {
169 continue;
170 }
171
172 a1 = ipv6_addr_bitand(ip6_dst, &mask[i]);
173 a2 = ipv6_addr_bitand(&addr6[i], &mask[i]);
174 mask_bits = bitmap_count1(ALIGNED_CAST(const unsigned long *, &mask[i]), 128);
175
176 if (!memcmp(&a1, &a2, sizeof (a1)) && mask_bits > max_plen) {
177 *psrc = addr6[i];
178 max_plen = mask_bits;
179 }
180 }
181 if (max_plen == -1) {
182 err = ENOENT;
183 }
184 out:
185 free(addr6);
186 free(mask);
187 netdev_close(dev);
188 return err;
189 }
190
191 static int
192 ovs_router_insert__(uint32_t mark, uint8_t priority,
193 const struct in6_addr *ip6_dst,
194 uint8_t plen, const char output_bridge[],
195 const struct in6_addr *gw)
196 {
197 const struct cls_rule *cr;
198 struct ovs_router_entry *p;
199 struct match match;
200 int err;
201
202 rt_init_match(&match, mark, ip6_dst, plen);
203
204 p = xzalloc(sizeof *p);
205 ovs_strlcpy(p->output_bridge, output_bridge, sizeof p->output_bridge);
206 if (ipv6_addr_is_set(gw)) {
207 p->gw = *gw;
208 }
209 p->mark = mark;
210 p->nw_addr = match.flow.ipv6_dst;
211 p->plen = plen;
212 p->priority = priority;
213 err = get_src_addr(ip6_dst, output_bridge, &p->src_addr);
214 if (err && ipv6_addr_is_set(gw)) {
215 err = get_src_addr(gw, output_bridge, &p->src_addr);
216 }
217 if (err) {
218 struct ds ds = DS_EMPTY_INITIALIZER;
219
220 ipv6_format_mapped(ip6_dst, &ds);
221 VLOG_DBG_RL(&rl, "src addr not available for route %s", ds_cstr(&ds));
222 free(p);
223 ds_destroy(&ds);
224 return err;
225 }
226 /* Longest prefix matches first. */
227 cls_rule_init(&p->cr, &match, priority);
228
229 ovs_mutex_lock(&mutex);
230 cr = classifier_replace(&cls, &p->cr, OVS_VERSION_MIN, NULL, 0);
231 ovs_mutex_unlock(&mutex);
232
233 if (cr) {
234 /* An old rule with the same match was displaced. */
235 ovsrcu_postpone(rt_entry_free, ovs_router_entry_cast(cr));
236 }
237 tnl_port_map_insert_ipdev(output_bridge);
238 seq_change(tnl_conf_seq);
239 return 0;
240 }
241
242 void
243 ovs_router_insert(uint32_t mark, const struct in6_addr *ip_dst, uint8_t plen,
244 const char output_bridge[], const struct in6_addr *gw)
245 {
246 ovs_router_insert__(mark, plen, ip_dst, plen, output_bridge, gw);
247 }
248
249 static bool
250 __rt_entry_delete(const struct cls_rule *cr)
251 {
252 struct ovs_router_entry *p = ovs_router_entry_cast(cr);
253
254 tnl_port_map_delete_ipdev(p->output_bridge);
255 /* Remove it. */
256 cr = classifier_remove(&cls, cr);
257 if (cr) {
258 ovsrcu_postpone(rt_entry_free, ovs_router_entry_cast(cr));
259 return true;
260 }
261 return false;
262 }
263
264 static bool
265 rt_entry_delete(uint32_t mark, uint8_t priority,
266 const struct in6_addr *ip6_dst, uint8_t plen)
267 {
268 const struct cls_rule *cr;
269 struct cls_rule rule;
270 struct match match;
271 bool res = false;
272
273 rt_init_match(&match, mark, ip6_dst, plen);
274
275 cls_rule_init(&rule, &match, priority);
276
277 /* Find the exact rule. */
278 cr = classifier_find_rule_exactly(&cls, &rule, OVS_VERSION_MAX);
279 if (cr) {
280 ovs_mutex_lock(&mutex);
281 res = __rt_entry_delete(cr);
282 ovs_mutex_unlock(&mutex);
283 }
284
285 cls_rule_destroy(&rule);
286 return res;
287 }
288
289 static bool
290 scan_ipv6_route(const char *s, struct in6_addr *addr, unsigned int *plen)
291 {
292 char *error = ipv6_parse_cidr(s, addr, plen);
293 if (error) {
294 free(error);
295 return false;
296 }
297 return true;
298 }
299
300 static bool
301 scan_ipv4_route(const char *s, ovs_be32 *addr, unsigned int *plen)
302 {
303 char *error = ip_parse_cidr(s, addr, plen);
304 if (error) {
305 free(error);
306 return false;
307 }
308 return true;
309 }
310
311 static void
312 ovs_router_add(struct unixctl_conn *conn, int argc,
313 const char *argv[], void *aux OVS_UNUSED)
314 {
315 struct in6_addr gw6 = in6addr_any;
316 struct in6_addr ip6;
317 uint32_t mark = 0;
318 unsigned int plen;
319 ovs_be32 ip;
320 int err;
321
322 if (scan_ipv4_route(argv[1], &ip, &plen)) {
323 ovs_be32 gw = 0;
324
325 if (argc > 3) {
326 if (!ovs_scan(argv[3], "pkt_mark=%"SCNi32, &mark) &&
327 !ip_parse(argv[3], &gw)) {
328 unixctl_command_reply_error(conn, "Invalid pkt_mark or gateway");
329 return;
330 }
331 }
332 in6_addr_set_mapped_ipv4(&ip6, ip);
333 if (gw) {
334 in6_addr_set_mapped_ipv4(&gw6, gw);
335 }
336 plen += 96;
337 } else if (scan_ipv6_route(argv[1], &ip6, &plen)) {
338 if (argc > 3) {
339 if (!ovs_scan(argv[3], "pkt_mark=%"SCNi32, &mark) &&
340 !ipv6_parse(argv[3], &gw6)) {
341 unixctl_command_reply_error(conn, "Invalid pkt_mark or IPv6 gateway");
342 return;
343 }
344 }
345 } else {
346 unixctl_command_reply_error(conn, "Invalid parameters");
347 return;
348 }
349 if (argc > 4) {
350 if (!ovs_scan(argv[4], "pkt_mark=%"SCNi32, &mark)) {
351 unixctl_command_reply_error(conn, "Invalid pkt_mark");
352 return;
353 }
354 }
355
356 err = ovs_router_insert__(mark, plen + 32, &ip6, plen, argv[2], &gw6);
357 if (err) {
358 unixctl_command_reply_error(conn, "Error while inserting route.");
359 } else {
360 unixctl_command_reply(conn, "OK");
361 }
362 }
363
364 static void
365 ovs_router_del(struct unixctl_conn *conn, int argc OVS_UNUSED,
366 const char *argv[], void *aux OVS_UNUSED)
367 {
368 struct in6_addr ip6;
369 uint32_t mark = 0;
370 unsigned int plen;
371 ovs_be32 ip;
372
373 if (scan_ipv4_route(argv[1], &ip, &plen)) {
374 in6_addr_set_mapped_ipv4(&ip6, ip);
375 plen += 96;
376 } else if (!scan_ipv6_route(argv[1], &ip6, &plen)) {
377 unixctl_command_reply_error(conn, "Invalid parameters");
378 return;
379 }
380 if (argc > 2) {
381 if (!ovs_scan(argv[2], "pkt_mark=%"SCNi32, &mark)) {
382 unixctl_command_reply_error(conn, "Invalid pkt_mark");
383 return;
384 }
385 }
386
387 if (rt_entry_delete(mark, plen + 32, &ip6, plen)) {
388 unixctl_command_reply(conn, "OK");
389 seq_change(tnl_conf_seq);
390 } else {
391 unixctl_command_reply_error(conn, "Not found");
392 }
393 }
394
395 static void
396 ovs_router_show(struct unixctl_conn *conn, int argc OVS_UNUSED,
397 const char *argv[] OVS_UNUSED, void *aux OVS_UNUSED)
398 {
399 struct ovs_router_entry *rt;
400 struct ds ds = DS_EMPTY_INITIALIZER;
401
402 ds_put_format(&ds, "Route Table:\n");
403 CLS_FOR_EACH(rt, cr, &cls) {
404 uint8_t plen;
405 if (rt->priority == rt->plen) {
406 ds_put_format(&ds, "Cached: ");
407 } else {
408 ds_put_format(&ds, "User: ");
409 }
410 ipv6_format_mapped(&rt->nw_addr, &ds);
411 plen = rt->plen;
412 if (IN6_IS_ADDR_V4MAPPED(&rt->nw_addr)) {
413 plen -= 96;
414 }
415 ds_put_format(&ds, "/%"PRIu8, plen);
416 if (rt->mark) {
417 ds_put_format(&ds, " MARK %"PRIu32, rt->mark);
418 }
419
420 ds_put_format(&ds, " dev %s", rt->output_bridge);
421 if (ipv6_addr_is_set(&rt->gw)) {
422 ds_put_format(&ds, " GW ");
423 ipv6_format_mapped(&rt->gw, &ds);
424 }
425 ds_put_format(&ds, " SRC ");
426 ipv6_format_mapped(&rt->src_addr, &ds);
427 ds_put_format(&ds, "\n");
428 }
429 unixctl_command_reply(conn, ds_cstr(&ds));
430 ds_destroy(&ds);
431 }
432
433 static void
434 ovs_router_lookup_cmd(struct unixctl_conn *conn, int argc,
435 const char *argv[], void *aux OVS_UNUSED)
436 {
437 struct in6_addr gw, src;
438 char iface[IFNAMSIZ];
439 struct in6_addr ip6;
440 unsigned int plen;
441 uint32_t mark = 0;
442 ovs_be32 ip;
443
444 if (scan_ipv4_route(argv[1], &ip, &plen) && plen == 32) {
445 in6_addr_set_mapped_ipv4(&ip6, ip);
446 } else if (!(scan_ipv6_route(argv[1], &ip6, &plen) && plen == 128)) {
447 unixctl_command_reply_error(conn, "Invalid parameters");
448 return;
449 }
450 if (argc > 2) {
451 if (!ovs_scan(argv[2], "pkt_mark=%"SCNi32, &mark)) {
452 unixctl_command_reply_error(conn, "Invalid pkt_mark");
453 return;
454 }
455 }
456 if (ovs_router_lookup(mark, &ip6, iface, &src, &gw)) {
457 struct ds ds = DS_EMPTY_INITIALIZER;
458
459 ds_put_format(&ds, "src ");
460 ipv6_format_mapped(&src, &ds);
461 ds_put_format(&ds, "\ngateway ");
462 ipv6_format_mapped(&gw, &ds);
463 ds_put_format(&ds, "\ndev %s\n", iface);
464 unixctl_command_reply(conn, ds_cstr(&ds));
465 ds_destroy(&ds);
466 } else {
467 unixctl_command_reply_error(conn, "Not found");
468 }
469 }
470
471 void
472 ovs_router_flush(void)
473 {
474 struct ovs_router_entry *rt;
475
476 ovs_mutex_lock(&mutex);
477 classifier_defer(&cls);
478 CLS_FOR_EACH(rt, cr, &cls) {
479 if (rt->priority == rt->plen) {
480 __rt_entry_delete(&rt->cr);
481 }
482 }
483 classifier_publish(&cls);
484 ovs_mutex_unlock(&mutex);
485 seq_change(tnl_conf_seq);
486 }
487
488 static void
489 ovs_router_flush_handler(void *aux OVS_UNUSED)
490 {
491 ovs_router_flush();
492 }
493
494 void
495 ovs_router_init(void)
496 {
497 static struct ovsthread_once once = OVSTHREAD_ONCE_INITIALIZER;
498
499 if (ovsthread_once_start(&once)) {
500 fatal_signal_add_hook(ovs_router_flush_handler, NULL, NULL, true);
501 classifier_init(&cls, NULL);
502 unixctl_command_register("ovs/route/add",
503 "ip_addr/prefix_len out_br_name [gw] "
504 "[pkt_mark=mark]",
505 2, 4, ovs_router_add, NULL);
506 unixctl_command_register("ovs/route/show", "", 0, 0,
507 ovs_router_show, NULL);
508 unixctl_command_register("ovs/route/del", "ip_addr/prefix_len "
509 "[pkt_mark=mark]", 1, 2, ovs_router_del,
510 NULL);
511 unixctl_command_register("ovs/route/lookup", "ip_addr "
512 "[pkt_mark=mark]", 1, 2,
513 ovs_router_lookup_cmd, NULL);
514 ovsthread_once_done(&once);
515 }
516 }
openvswitch mirror