vrf.c 16 KB


  1. /*
  2. * VRF functions.
  3. * Copyright (C) 2014 6WIND S.A.
  4. *
  5. * This file is part of GNU Zebra.
  6. *
  7. * GNU Zebra is free software; you can redistribute it and/or modify
  8. * it under the terms of the GNU General Public License as published
  9. * by the Free Software Foundation; either version 2, or (at your
  10. * option) any later version.
  11. *
  12. * GNU Zebra is distributed in the hope that it will be useful, but
  13. * WITHOUT ANY WARRANTY; without even the implied warranty of
  14. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  15. * General Public License for more details.
  16. *
  17. * You should have received a copy of the GNU General Public License
  18. * along with GNU Zebra; see the file COPYING. If not, write to the
  19. * Free Software Foundation, Inc., 59 Temple Place - Suite 330,
  20. * Boston, MA 02111-1307, USA.
  21. */
  22. #include <zebra.h>
  23. #ifdef HAVE_NETNS
  24. #undef _GNU_SOURCE
  25. #define _GNU_SOURCE
  26. #include <sched.h>
  27. #endif
  28. #include "if.h"
  29. #include "vrf.h"
  30. #include "prefix.h"
  31. #include "table.h"
  32. #include "log.h"
  33. #include "memory.h"
  34. #include "command.h"
  35. #include "vty.h"
  36. #ifndef CLONE_NEWNET
  37. #define CLONE_NEWNET 0x40000000 /* New network namespace (lo, device, names sockets, etc) */
  38. #endif
  39. #ifndef HAVE_SETNS
  40. static inline int setns(int fd, int nstype)
  41. {
  42. #ifdef __NR_setns
  43. return syscall(__NR_setns, fd, nstype);
  44. #else
  45. errno = ENOSYS;
  46. return -1;
  47. #endif
  48. }
  49. #endif /* HAVE_SETNS */
  50. #define VRF_RUN_DIR "/var/run/netns"
  51. #ifdef HAVE_NETNS
  52. #define VRF_DEFAULT_NAME "/proc/self/ns/net"
  53. static int have_netns_enabled = -1;
  54. #else /* !HAVE_NETNS */
  55. #define VRF_DEFAULT_NAME "Default-IP-Routing-Table"
  56. #endif /* HAVE_NETNS */
  57. static int have_netns(void)
  58. {
  59. #ifdef HAVE_NETNS
  60. if (have_netns_enabled < 0)
  61. {
  62. int fd = open (VRF_DEFAULT_NAME, O_RDONLY);
  63. if (fd < 0)
  64. have_netns_enabled = 0;
  65. else
  66. {
  67. have_netns_enabled = 1;
  68. close(fd);
  69. }
  70. }
  71. return have_netns_enabled;
  72. #else
  73. return 0;
  74. #endif
  75. }
  76. struct vrf
  77. {
  78. /* Identifier, same as the vector index */
  79. vrf_id_t vrf_id;
  80. /* Name */
  81. char *name;
  82. /* File descriptor */
  83. int fd;
  84. /* Master list of interfaces belonging to this VRF */
  85. struct list *iflist;
  86. /* User data */
  87. void *info;
  88. };
  89. /* Holding VRF hooks */
  90. struct vrf_master
  91. {
  92. int (*vrf_new_hook) (vrf_id_t, void **);
  93. int (*vrf_delete_hook) (vrf_id_t, void **);
  94. int (*vrf_enable_hook) (vrf_id_t, void **);
  95. int (*vrf_disable_hook) (vrf_id_t, void **);
  96. } vrf_master = {0,};
  97. /* VRF table */
  98. struct route_table *vrf_table = NULL;
  99. static int vrf_is_enabled (struct vrf *vrf);
  100. static int vrf_enable (struct vrf *vrf);
  101. static void vrf_disable (struct vrf *vrf);
  102. /* Build the table key */
  103. static void
  104. vrf_build_key (vrf_id_t vrf_id, struct prefix *p)
  105. {
  106. p->family = AF_INET;
  107. p->prefixlen = IPV4_MAX_BITLEN;
  108. p->u.prefix4.s_addr = vrf_id;
  109. }
  110. /* Get a VRF. If not found, create one. */
  111. static struct vrf *
  112. vrf_get (vrf_id_t vrf_id)
  113. {
  114. struct prefix p;
  115. struct route_node *rn;
  116. struct vrf *vrf;
  117. vrf_build_key (vrf_id, &p);
  118. rn = route_node_get (vrf_table, &p);
  119. if (rn->info)
  120. {
  121. vrf = (struct vrf *)rn->info;
  122. route_unlock_node (rn); /* get */
  123. return vrf;
  124. }
  125. vrf = XCALLOC (MTYPE_VRF, sizeof (struct vrf));
  126. vrf->vrf_id = vrf_id;
  127. vrf->fd = -1;
  128. rn->info = vrf;
  129. /* Initialize interfaces. */
  130. if_init (vrf_id, &vrf->iflist);
  131. zlog_info ("VRF %u is created.", vrf_id);
  132. if (vrf_master.vrf_new_hook)
  133. (*vrf_master.vrf_new_hook) (vrf_id, &vrf->info);
  134. return vrf;
  135. }
  136. /* Delete a VRF. This is called in vrf_terminate(). */
  137. static void
  138. vrf_delete (struct vrf *vrf)
  139. {
  140. zlog_info ("VRF %u is to be deleted.", vrf->vrf_id);
  141. vrf_disable (vrf);
  142. if (vrf_master.vrf_delete_hook)
  143. (*vrf_master.vrf_delete_hook) (vrf->vrf_id, &vrf->info);
  144. if_terminate (vrf->vrf_id, &vrf->iflist);
  145. if (vrf->name)
  146. XFREE (MTYPE_VRF_NAME, vrf->name);
  147. XFREE (MTYPE_VRF, vrf);
  148. }
  149. /* Look up a VRF by identifier. */
  150. static struct vrf *
  151. vrf_lookup (vrf_id_t vrf_id)
  152. {
  153. struct prefix p;
  154. struct route_node *rn;
  155. struct vrf *vrf = NULL;
  156. vrf_build_key (vrf_id, &p);
  157. rn = route_node_lookup (vrf_table, &p);
  158. if (rn)
  159. {
  160. vrf = (struct vrf *)rn->info;
  161. route_unlock_node (rn); /* lookup */
  162. }
  163. return vrf;
  164. }
  165. /*
  166. * Check whether the VRF is enabled - that is, whether the VRF
  167. * is ready to allocate resources. Currently there's only one
  168. * type of resource: socket.
  169. */
  170. static int
  171. vrf_is_enabled (struct vrf *vrf)
  172. {
  173. if (have_netns())
  174. return vrf && vrf->fd >= 0;
  175. else
  176. return vrf && vrf->fd == -2 && vrf->vrf_id == VRF_DEFAULT;
  177. }
  178. /*
  179. * Enable a VRF - that is, let the VRF be ready to use.
  180. * The VRF_ENABLE_HOOK callback will be called to inform
  181. * that they can allocate resources in this VRF.
  182. *
  183. * RETURN: 1 - enabled successfully; otherwise, 0.
  184. */
  185. static int
  186. vrf_enable (struct vrf *vrf)
  187. {
  188. if (!vrf_is_enabled (vrf))
  189. {
  190. if (have_netns()) {
  191. vrf->fd = open (vrf->name, O_RDONLY);
  192. } else {
  193. vrf->fd = -2; /* Remember that vrf_enable_hook has been called */
  194. errno = -ENOTSUP;
  195. }
  196. if (!vrf_is_enabled (vrf))
  197. {
  198. zlog_err ("Can not enable VRF %u: %s!",
  199. vrf->vrf_id, safe_strerror (errno));
  200. return 0;
  201. }
  202. if (have_netns())
  203. zlog_info ("VRF %u is associated with NETNS %s.",
  204. vrf->vrf_id, vrf->name);
  205. zlog_info ("VRF %u is enabled.", vrf->vrf_id);
  206. if (vrf_master.vrf_enable_hook)
  207. (*vrf_master.vrf_enable_hook) (vrf->vrf_id, &vrf->info);
  208. }
  209. return 1;
  210. }
  211. /*
  212. * Disable a VRF - that is, let the VRF be unusable.
  213. * The VRF_DELETE_HOOK callback will be called to inform
  214. * that they must release the resources in the VRF.
  215. */
  216. static void
  217. vrf_disable (struct vrf *vrf)
  218. {
  219. if (vrf_is_enabled (vrf))
  220. {
  221. zlog_info ("VRF %u is to be disabled.", vrf->vrf_id);
  222. if (vrf_master.vrf_disable_hook)
  223. (*vrf_master.vrf_disable_hook) (vrf->vrf_id, &vrf->info);
  224. if (have_netns())
  225. close (vrf->fd);
  226. vrf->fd = -1;
  227. }
  228. }
  229. /* Add a VRF hook. Please add hooks before calling vrf_init(). */
  230. void
  231. vrf_add_hook (int type, int (*func)(vrf_id_t, void **))
  232. {
  233. switch (type) {
  234. case VRF_NEW_HOOK:
  235. vrf_master.vrf_new_hook = func;
  236. break;
  237. case VRF_DELETE_HOOK:
  238. vrf_master.vrf_delete_hook = func;
  239. break;
  240. case VRF_ENABLE_HOOK:
  241. vrf_master.vrf_enable_hook = func;
  242. break;
  243. case VRF_DISABLE_HOOK:
  244. vrf_master.vrf_disable_hook = func;
  245. break;
  246. default:
  247. break;
  248. }
  249. }
  250. /* Return the iterator of the first VRF. */
  251. vrf_iter_t
  252. vrf_first (void)
  253. {
  254. struct route_node *rn;
  255. for (rn = route_top (vrf_table); rn; rn = route_next (rn))
  256. if (rn->info)
  257. {
  258. route_unlock_node (rn); /* top/next */
  259. return (vrf_iter_t)rn;
  260. }
  261. return VRF_ITER_INVALID;
  262. }
  263. /* Return the next VRF iterator to the given iterator. */
  264. vrf_iter_t
  265. vrf_next (vrf_iter_t iter)
  266. {
  267. struct route_node *rn = NULL;
  268. /* Lock it first because route_next() will unlock it. */
  269. if (iter != VRF_ITER_INVALID)
  270. rn = route_next (route_lock_node ((struct route_node *)iter));
  271. for (; rn; rn = route_next (rn))
  272. if (rn->info)
  273. {
  274. route_unlock_node (rn); /* next */
  275. return (vrf_iter_t)rn;
  276. }
  277. return VRF_ITER_INVALID;
  278. }
  279. /* Return the VRF iterator of the given VRF ID. If it does not exist,
  280. * the iterator of the next existing VRF is returned. */
  281. vrf_iter_t
  282. vrf_iterator (vrf_id_t vrf_id)
  283. {
  284. struct prefix p;
  285. struct route_node *rn;
  286. vrf_build_key (vrf_id, &p);
  287. rn = route_node_get (vrf_table, &p);
  288. if (rn->info)
  289. {
  290. /* OK, the VRF exists. */
  291. route_unlock_node (rn); /* get */
  292. return (vrf_iter_t)rn;
  293. }
  294. /* Find the next VRF. */
  295. for (rn = route_next (rn); rn; rn = route_next (rn))
  296. if (rn->info)
  297. {
  298. route_unlock_node (rn); /* next */
  299. return (vrf_iter_t)rn;
  300. }
  301. return VRF_ITER_INVALID;
  302. }
  303. /* Obtain the VRF ID from the given VRF iterator. */
  304. vrf_id_t
  305. vrf_iter2id (vrf_iter_t iter)
  306. {
  307. struct route_node *rn = (struct route_node *) iter;
  308. return (rn && rn->info) ? ((struct vrf *)rn->info)->vrf_id : VRF_DEFAULT;
  309. }
  310. /* Obtain the data pointer from the given VRF iterator. */
  311. void *
  312. vrf_iter2info (vrf_iter_t iter)
  313. {
  314. struct route_node *rn = (struct route_node *) iter;
  315. return (rn && rn->info) ? ((struct vrf *)rn->info)->info : NULL;
  316. }
  317. /* Obtain the interface list from the given VRF iterator. */
  318. struct list *
  319. vrf_iter2iflist (vrf_iter_t iter)
  320. {
  321. struct route_node *rn = (struct route_node *) iter;
  322. return (rn && rn->info) ? ((struct vrf *)rn->info)->iflist : NULL;
  323. }
  324. /* Get the data pointer of the specified VRF. If not found, create one. */
  325. void *
  326. vrf_info_get (vrf_id_t vrf_id)
  327. {
  328. struct vrf *vrf = vrf_get (vrf_id);
  329. return vrf->info;
  330. }
  331. /* Look up the data pointer of the specified VRF. */
  332. void *
  333. vrf_info_lookup (vrf_id_t vrf_id)
  334. {
  335. struct vrf *vrf = vrf_lookup (vrf_id);
  336. return vrf ? vrf->info : NULL;
  337. }
  338. /* Look up the interface list in a VRF. */
  339. struct list *
  340. vrf_iflist (vrf_id_t vrf_id)
  341. {
  342. struct vrf * vrf = vrf_lookup (vrf_id);
  343. return vrf ? vrf->iflist : NULL;
  344. }
  345. /* Get the interface list of the specified VRF. Create one if not find. */
  346. struct list *
  347. vrf_iflist_get (vrf_id_t vrf_id)
  348. {
  349. struct vrf * vrf = vrf_get (vrf_id);
  350. return vrf->iflist;
  351. }
  352. /*
  353. * VRF bit-map
  354. */
  355. #define VRF_BITMAP_NUM_OF_GROUPS 8
  356. #define VRF_BITMAP_NUM_OF_BITS_IN_GROUP \
  357. (UINT16_MAX / VRF_BITMAP_NUM_OF_GROUPS)
  358. #define VRF_BITMAP_NUM_OF_BYTES_IN_GROUP \
  359. (VRF_BITMAP_NUM_OF_BITS_IN_GROUP / CHAR_BIT + 1) /* +1 for ensure */
  360. #define VRF_BITMAP_GROUP(_id) \
  361. ((_id) / VRF_BITMAP_NUM_OF_BITS_IN_GROUP)
  362. #define VRF_BITMAP_BIT_OFFSET(_id) \
  363. ((_id) % VRF_BITMAP_NUM_OF_BITS_IN_GROUP)
  364. #define VRF_BITMAP_INDEX_IN_GROUP(_bit_offset) \
  365. ((_bit_offset) / CHAR_BIT)
  366. #define VRF_BITMAP_FLAG(_bit_offset) \
  367. (((u_char)1) << ((_bit_offset) % CHAR_BIT))
  368. struct vrf_bitmap
  369. {
  370. u_char *groups[VRF_BITMAP_NUM_OF_GROUPS];
  371. };
  372. vrf_bitmap_t
  373. vrf_bitmap_init (void)
  374. {
  375. return (vrf_bitmap_t) XCALLOC (MTYPE_VRF_BITMAP, sizeof (struct vrf_bitmap));
  376. }
  377. void
  378. vrf_bitmap_free (vrf_bitmap_t bmap)
  379. {
  380. struct vrf_bitmap *bm = (struct vrf_bitmap *) bmap;
  381. int i;
  382. if (bmap == VRF_BITMAP_NULL)
  383. return;
  384. for (i = 0; i < VRF_BITMAP_NUM_OF_GROUPS; i++)
  385. if (bm->groups[i])
  386. XFREE (MTYPE_VRF_BITMAP, bm->groups[i]);
  387. XFREE (MTYPE_VRF_BITMAP, bm);
  388. }
  389. void
  390. vrf_bitmap_set (vrf_bitmap_t bmap, vrf_id_t vrf_id)
  391. {
  392. struct vrf_bitmap *bm = (struct vrf_bitmap *) bmap;
  393. u_char group = VRF_BITMAP_GROUP (vrf_id);
  394. u_char offset = VRF_BITMAP_BIT_OFFSET (vrf_id);
  395. if (bmap == VRF_BITMAP_NULL)
  396. return;
  397. if (bm->groups[group] == NULL)
  398. bm->groups[group] = XCALLOC (MTYPE_VRF_BITMAP,
  399. VRF_BITMAP_NUM_OF_BYTES_IN_GROUP);
  400. SET_FLAG (bm->groups[group][VRF_BITMAP_INDEX_IN_GROUP (offset)],
  401. VRF_BITMAP_FLAG (offset));
  402. }
  403. void
  404. vrf_bitmap_unset (vrf_bitmap_t bmap, vrf_id_t vrf_id)
  405. {
  406. struct vrf_bitmap *bm = (struct vrf_bitmap *) bmap;
  407. u_char group = VRF_BITMAP_GROUP (vrf_id);
  408. u_char offset = VRF_BITMAP_BIT_OFFSET (vrf_id);
  409. if (bmap == VRF_BITMAP_NULL || bm->groups[group] == NULL)
  410. return;
  411. UNSET_FLAG (bm->groups[group][VRF_BITMAP_INDEX_IN_GROUP (offset)],
  412. VRF_BITMAP_FLAG (offset));
  413. }
  414. int
  415. vrf_bitmap_check (vrf_bitmap_t bmap, vrf_id_t vrf_id)
  416. {
  417. struct vrf_bitmap *bm = (struct vrf_bitmap *) bmap;
  418. u_char group = VRF_BITMAP_GROUP (vrf_id);
  419. u_char offset = VRF_BITMAP_BIT_OFFSET (vrf_id);
  420. if (bmap == VRF_BITMAP_NULL || bm->groups[group] == NULL)
  421. return 0;
  422. return CHECK_FLAG (bm->groups[group][VRF_BITMAP_INDEX_IN_GROUP (offset)],
  423. VRF_BITMAP_FLAG (offset)) ? 1 : 0;
  424. }
  425. /*
  426. * VRF realization with NETNS
  427. */
  428. static char *
  429. vrf_netns_pathname (struct vty *vty, const char *name)
  430. {
  431. static char pathname[PATH_MAX];
  432. char *result;
  433. if (name[0] == '/') /* absolute pathname */
  434. result = realpath (name, pathname);
  435. else /* relevant pathname */
  436. {
  437. char tmp_name[PATH_MAX];
  438. snprintf (tmp_name, PATH_MAX, "%s/%s", VRF_RUN_DIR, name);
  439. result = realpath (tmp_name, pathname);
  440. }
  441. if (! result)
  442. {
  443. vty_out (vty, "Invalid pathname: %s%s", safe_strerror (errno),
  444. VTY_NEWLINE);
  445. return NULL;
  446. }
  447. return pathname;
  448. }
  449. DEFUN (vrf_netns,
  450. vrf_netns_cmd,
  451. "vrf <1-65535> netns NAME",
  452. "Enable a VRF\n"
  453. "Specify the VRF identifier\n"
  454. "Associate with a NETNS\n"
  455. "The file name in " VRF_RUN_DIR ", or a full pathname\n")
  456. {
  457. vrf_id_t vrf_id = VRF_DEFAULT;
  458. struct vrf *vrf = NULL;
  459. char *pathname = vrf_netns_pathname (vty, argv[1]);
  460. if (!pathname)
  461. return CMD_WARNING;
  462. VTY_GET_INTEGER ("VRF ID", vrf_id, argv[0]);
  463. vrf = vrf_get (vrf_id);
  464. if (vrf->name && strcmp (vrf->name, pathname) != 0)
  465. {
  466. vty_out (vty, "VRF %u is already configured with NETNS %s%s",
  467. vrf->vrf_id, vrf->name, VTY_NEWLINE);
  468. return CMD_WARNING;
  469. }
  470. if (!vrf->name)
  471. vrf->name = XSTRDUP (MTYPE_VRF_NAME, pathname);
  472. if (!vrf_enable (vrf))
  473. {
  474. vty_out (vty, "Can not associate VRF %u with NETNS %s%s",
  475. vrf->vrf_id, vrf->name, VTY_NEWLINE);
  476. return CMD_WARNING;
  477. }
  478. return CMD_SUCCESS;
  479. }
  480. DEFUN (no_vrf_netns,
  481. no_vrf_netns_cmd,
  482. "no vrf <1-65535> netns NAME",
  483. NO_STR
  484. "Enable a VRF\n"
  485. "Specify the VRF identifier\n"
  486. "Associate with a NETNS\n"
  487. "The file name in " VRF_RUN_DIR ", or a full pathname\n")
  488. {
  489. vrf_id_t vrf_id = VRF_DEFAULT;
  490. struct vrf *vrf = NULL;
  491. char *pathname = vrf_netns_pathname (vty, argv[1]);
  492. if (!pathname)
  493. return CMD_WARNING;
  494. VTY_GET_INTEGER ("VRF ID", vrf_id, argv[0]);
  495. vrf = vrf_lookup (vrf_id);
  496. if (!vrf)
  497. {
  498. vty_out (vty, "VRF %u is not found%s", vrf_id, VTY_NEWLINE);
  499. return CMD_SUCCESS;
  500. }
  501. if (vrf->name && strcmp (vrf->name, pathname) != 0)
  502. {
  503. vty_out (vty, "Incorrect NETNS file name%s", VTY_NEWLINE);
  504. return CMD_WARNING;
  505. }
  506. vrf_disable (vrf);
  507. if (vrf->name)
  508. {
  509. XFREE (MTYPE_VRF_NAME, vrf->name);
  510. vrf->name = NULL;
  511. }
  512. return CMD_SUCCESS;
  513. }
  514. /* VRF node. */
  515. static struct cmd_node vrf_node =
  516. {
  517. VRF_NODE,
  518. "", /* VRF node has no interface. */
  519. 1
  520. };
  521. /* VRF configuration write function. */
  522. static int
  523. vrf_config_write (struct vty *vty)
  524. {
  525. struct route_node *rn;
  526. struct vrf *vrf;
  527. int write = 0;
  528. for (rn = route_top (vrf_table); rn; rn = route_next (rn))
  529. if ((vrf = rn->info) != NULL &&
  530. vrf->vrf_id != VRF_DEFAULT && vrf->name)
  531. {
  532. vty_out (vty, "vrf %u netns %s%s", vrf->vrf_id, vrf->name, VTY_NEWLINE);
  533. write++;
  534. }
  535. return write;
  536. }
  537. /* Initialize VRF module. */
  538. void
  539. vrf_init (void)
  540. {
  541. struct vrf *default_vrf;
  542. /* Allocate VRF table. */
  543. vrf_table = route_table_init ();
  544. /* The default VRF always exists. */
  545. default_vrf = vrf_get (VRF_DEFAULT);
  546. if (!default_vrf)
  547. {
  548. zlog_err ("vrf_init: failed to create the default VRF!");
  549. exit (1);
  550. }
  551. /* Set the default VRF name. */
  552. default_vrf->name = XSTRDUP (MTYPE_VRF_NAME, VRF_DEFAULT_NAME);
  553. /* Enable the default VRF. */
  554. if (!vrf_enable (default_vrf))
  555. {
  556. zlog_err ("vrf_init: failed to enable the default VRF!");
  557. exit (1);
  558. }
  559. if (have_netns())
  560. {
  561. /* Install VRF commands. */
  562. install_node (&vrf_node, vrf_config_write);
  563. install_element (CONFIG_NODE, &vrf_netns_cmd);
  564. install_element (CONFIG_NODE, &no_vrf_netns_cmd);
  565. }
  566. }
  567. /* Terminate VRF module. */
  568. void
  569. vrf_terminate (void)
  570. {
  571. struct route_node *rn;
  572. struct vrf *vrf;
  573. for (rn = route_top (vrf_table); rn; rn = route_next (rn))
  574. if ((vrf = rn->info) != NULL)
  575. vrf_delete (vrf);
  576. route_table_finish (vrf_table);
  577. vrf_table = NULL;
  578. }
  579. /* Create a socket for the VRF. */
  580. int
  581. vrf_socket (int domain, int type, int protocol, vrf_id_t vrf_id)
  582. {
  583. struct vrf *vrf = vrf_lookup (vrf_id);
  584. int ret = -1;
  585. if (!vrf_is_enabled (vrf))
  586. {
  587. errno = ENOSYS;
  588. return -1;
  589. }
  590. if (have_netns())
  591. {
  592. ret = (vrf_id != VRF_DEFAULT) ? setns (vrf->fd, CLONE_NEWNET) : 0;
  593. if (ret >= 0)
  594. {
  595. ret = socket (domain, type, protocol);
  596. if (vrf_id != VRF_DEFAULT)
  597. setns (vrf_lookup (VRF_DEFAULT)->fd, CLONE_NEWNET);
  598. }
  599. }
  600. else
  601. ret = socket (domain, type, protocol);
  602. return ret;
  603. }