/**
* Add a link to a bond (enslave)
* @arg sock netlink socket
* @arg master bonding master
* @arg slave slave link to add to bond
*
* Constructs a RTM_NEWLINK or RTM_SETLINK message adding the slave to
* the master and sends the request via the specified netlink socket.
*
* @note The feature of enslaving/releasing via netlink has only been added
* recently to the kernel (Feb 2011). Also, the kernel does not signal
* if the operation is not supported. Therefore this function will
* verify if the master assignment has changed and will return
* -NLE_OPNOTSUPP if it did not.
*
* @see rtnl_link_bond_enslave_ifindex()
* @see rtnl_link_bond_release()
*
* @return 0 on success or a negative error code.
*/
int rtnl_link_bond_enslave(struct nl_sock *sock, struct rtnl_link *master,
struct rtnl_link *slave)
{
return rtnl_link_bond_enslave_ifindex(sock,
rtnl_link_get_ifindex(master),
rtnl_link_get_ifindex(slave));
}
bool nl_bridge::is_bridge_interface(rtnl_link *link) {
assert(link);
if (rtnl_link_get_ifindex(link) != rtnl_link_get_ifindex(bridge))
return false;
// TODO compare more?
return true;
}
/*
* Get the first AF_INET address on 'link'. Returns 0 if successful. Caller
* must release reference to *addr.
*/
static int get_link_inet_addr(struct nl_sock *sk, struct rtnl_link *link,
struct nl_addr **addr)
{
struct nl_cache *addr_cache;
int err;
err = rtnl_addr_alloc_cache(sk, &addr_cache);
if (err < 0) {
warnx("rtnl_addr_alloc_cache() failed: %s", nl_geterror(err));
return 1;
}
/* Retrieve the first AF_INET address on the requested interface. */
struct rtnl_addr *filter;
filter = rtnl_addr_alloc();
assert(filter);
rtnl_addr_set_ifindex(filter, rtnl_link_get_ifindex(link));
rtnl_addr_set_family(filter, AF_INET);
*addr = NULL;
nl_cache_foreach_filter(addr_cache, (struct nl_object *)filter,
match_first_addr, addr);
if (*addr == NULL) {
warnx("No AF_INET address found on veth");
rtnl_addr_put(filter);
nl_cache_free(addr_cache);
return 1;
}
rtnl_addr_put(filter);
nl_cache_free(addr_cache);
return 0;
}
static void print_link(struct nl_object *obj, void *arg)
{
struct rtnl_link *link = (struct rtnl_link *) obj;
struct rtnl_qdisc *qdisc;
ifindex = rtnl_link_get_ifindex(link);
dump_params.dp_prefix = 0;
nl_object_dump(obj, &dump_params);
class_cache = rtnl_class_alloc_cache(nl_handle, ifindex);
if (!class_cache)
return;
qdisc = rtnl_qdisc_get_by_parent(qdisc_cache, ifindex, TC_H_ROOT);
if (qdisc) {
print_qdisc((struct nl_object *) qdisc, (void *) 2);
rtnl_qdisc_put(qdisc);
}
qdisc = rtnl_qdisc_get_by_parent(qdisc_cache, ifindex, 0);
if (qdisc) {
print_qdisc((struct nl_object *) qdisc, (void *) 2);
rtnl_qdisc_put(qdisc);
}
qdisc = rtnl_qdisc_get_by_parent(qdisc_cache, ifindex, TC_H_INGRESS);
if (qdisc) {
print_qdisc((struct nl_object *) qdisc, (void *) 2);
rtnl_qdisc_put(qdisc);
}
nl_cache_free(class_cache);
}
static void
_j4status_nl_cache_change(struct nl_cache *cache, struct nl_object *object, int something, void *user_data)
{
J4statusPluginContext *self = user_data;
J4statusNlSection *section;
if ( cache == self->link_cache )
{
struct rtnl_link *link = nl_object_priv(object);
section = g_hash_table_lookup(self->sections, GINT_TO_POINTER(rtnl_link_get_ifindex(link)));
if ( section == NULL )
return;
g_debug("Link cache update: %p = %s", object, rtnl_link_get_ifalias(link));
if ( section->link != link )
{
nl_object_get(object);
rtnl_link_put(section->link);
section->link = link;
}
}
else if ( cache == self->addr_cache )
{
struct rtnl_addr *addr = nl_object_priv(object);
section = g_hash_table_lookup(self->sections, GINT_TO_POINTER(rtnl_addr_get_ifindex(addr)));
if ( section == NULL )
return;
g_debug("Addr cache update: %p = %d", object, rtnl_addr_get_ifindex(addr));
GList **list;
switch ( rtnl_addr_get_family(addr) )
{
case AF_INET:
list = §ion->ipv4_addresses;
break;
case AF_INET6:
list = §ion->ipv6_addresses;
break;
default:
/* Not supported */
return;
}
if ( g_list_find_custom(*list, addr,_j4status_nl_address_compare) != NULL )
/* Already got it */
return;
nl_object_get(object);
*list = g_list_prepend(*list, addr);
}
else
g_assert_not_reached();
_j4status_nl_section_update(section);
}
Result<int> index(const string& _link)
{
Result<Netlink<struct rtnl_link> > link = internal::get(_link);
if (link.isError()) {
return Error(link.error());
} else if (link.isNone()) {
return None();
}
return rtnl_link_get_ifindex(link.get().get());
}
TError TNlLink::Load() {
struct rtnl_link *link;
int ret;
ret = rtnl_link_get_kernel(GetSock(), rtnl_link_get_ifindex(Link),
rtnl_link_get_name(Link), &link);
if (ret)
return Error(ret, "Cannot load link");
rtnl_link_put(Link);
Link = link;
return TError::Success();
}
std::deque<rtnl_neigh *> nl_bridge::get_fdb_entries_of_port(rtnl_link *br_port,
uint16_t vid) {
std::unique_ptr<rtnl_neigh, decltype(&rtnl_neigh_put)> filter(
rtnl_neigh_alloc(), rtnl_neigh_put);
rtnl_neigh_set_ifindex(filter.get(), rtnl_link_get_ifindex(br_port));
rtnl_neigh_set_master(filter.get(), rtnl_link_get_ifindex(bridge));
rtnl_neigh_set_vlan(filter.get(), vid);
rtnl_neigh_set_family(filter.get(), AF_BRIDGE);
std::deque<rtnl_neigh *> neighs;
nl_cache_foreach_filter(
nl->get_cache(cnetlink::NL_NEIGH_CACHE), OBJ_CAST(filter.get()),
[](struct nl_object *o, void *arg) {
std::deque<rtnl_neigh *> *neighs = (std::deque<rtnl_neigh *> *)arg;
neighs->push_back(NEIGH_CAST(o));
VLOG(3) << "needs to be updated " << o;
},
&neighs);
return neighs;
}
static J4statusNlSection *
_j4status_nl_section_new(J4statusPluginContext *context, J4statusCoreInterface *core, const gchar *interface)
{
struct rtnl_link *link;
link = rtnl_link_get_by_name(context->link_cache, interface);
if ( link == NULL )
{
g_warning("Couldn't get interface %s", interface);
return NULL;
}
const gchar *name = NULL;
switch ( rtnl_link_get_arptype(link) )
{
case ARPHRD_ETHER:
name = "nl-ether";
break;
case ARPHRD_IEEE80211:
name = "nl-802.11";
break;
default:
g_warning("Interface %s has an unsupported type", interface);
rtnl_link_put(link);
return NULL;
}
J4statusNlSection *self;
self = g_new0(J4statusNlSection, 1);
self->context = context;
self->ifindex = rtnl_link_get_ifindex(link);
self->link = link;
self->section = j4status_section_new(core);
j4status_section_set_name(self->section, name);
j4status_section_set_instance(self->section, interface);
j4status_section_set_label(self->section, interface);
if ( ! j4status_section_insert(self->section) )
{
_j4status_nl_section_free(self);
return NULL;
}
_j4status_nl_section_update(self);
return self;
}
void nl_bridge::add_interface(rtnl_link *link) {
assert(rtnl_link_get_family(link) == AF_BRIDGE);
if (bridge == nullptr) {
LOG(ERROR) << __FUNCTION__ << ": cannot be done without bridge";
return;
}
if (rtnl_link_get_ifindex(bridge) != rtnl_link_get_master(link)) {
LOG(INFO) << __FUNCTION__ << ": link " << rtnl_link_get_name(link)
<< " is no slave of " << rtnl_link_get_name(bridge);
return;
}
update_vlans(nullptr, link);
}
void nl_bridge::update_interface(rtnl_link *old_link, rtnl_link *new_link) {
assert(rtnl_link_get_family(old_link) == AF_BRIDGE);
assert(rtnl_link_get_family(new_link) == AF_BRIDGE);
// sanity checks
if (bridge == nullptr) {
LOG(ERROR) << __FUNCTION__ << ": cannot be done without bridge";
return;
}
if (rtnl_link_get_ifindex(bridge) != rtnl_link_get_master(new_link)) {
LOG(INFO) << __FUNCTION__ << ": link " << rtnl_link_get_name(new_link)
<< " is no slave of " << rtnl_link_get_name(bridge);
return;
}
update_vlans(old_link, new_link);
}
static void print_cls(struct nl_object *obj, void *arg)
{
struct nl_cache *cls_cache;
int err, ifindex;
if (obj)
ifindex = rtnl_link_get_ifindex((struct rtnl_link *) obj);
else
ifindex = rtnl_cls_get_ifindex(cls);
err = rtnl_cls_alloc_cache(sock, ifindex, rtnl_cls_get_parent(cls),
&cls_cache);
if (err < 0)
fatal(err, "Unable to allocate classifier cache: %s",
nl_geterror(err));
nl_cache_dump_filter(cls_cache, ¶ms, OBJ_CAST(cls));
nl_cache_free(cls_cache);
}
int nl_bridge::fdb_timeout(rtnl_link *br_link, uint16_t vid,
const rofl::caddress_ll &mac) {
int rv = 0;
std::unique_ptr<rtnl_neigh, decltype(&rtnl_neigh_put)> n(rtnl_neigh_alloc(),
rtnl_neigh_put);
std::unique_ptr<nl_addr, decltype(&nl_addr_put)> h_src(
nl_addr_build(AF_LLC, mac.somem(), mac.memlen()), nl_addr_put);
rtnl_neigh_set_ifindex(n.get(), rtnl_link_get_ifindex(br_link));
rtnl_neigh_set_master(n.get(), rtnl_link_get_master(br_link));
rtnl_neigh_set_family(n.get(), AF_BRIDGE);
rtnl_neigh_set_vlan(n.get(), vid);
rtnl_neigh_set_lladdr(n.get(), h_src.get());
rtnl_neigh_set_flags(n.get(), NTF_MASTER | NTF_EXT_LEARNED);
rtnl_neigh_set_state(n.get(), NUD_REACHABLE);
// find entry in local l2_cache
std::unique_ptr<rtnl_neigh, decltype(&rtnl_neigh_put)> n_lookup(
NEIGH_CAST(nl_cache_search(l2_cache.get(), OBJ_CAST(n.get()))),
rtnl_neigh_put);
if (n_lookup) {
// * remove l2 entry from kernel
nl_msg *msg = nullptr;
rtnl_neigh_build_delete_request(n.get(), NLM_F_REQUEST, &msg);
assert(msg);
// send the message and create new fdb entry
if (nl->send_nl_msg(msg) < 0) {
LOG(ERROR) << __FUNCTION__ << ": failed to send netlink message";
return -EINVAL;
}
// XXX TODO maybe delete after NL event and not yet here
nl_cache_remove(OBJ_CAST(n_lookup.get()));
}
return rv;
}
static void
link_msg_handler (struct nl_object *obj, void *arg)
{
NMNetlinkMonitor *self = NM_NETLINK_MONITOR (arg);
struct rtnl_link *filter;
struct rtnl_link *link_obj;
guint flags;
guint ifidx;
filter = rtnl_link_alloc ();
if (!filter) {
log_error_limited (self, NM_NETLINK_MONITOR_ERROR_BAD_ALLOC,
_("error processing netlink message: %s"),
nl_geterror (ENOMEM));
return;
}
/* Ensure it's a link object */
if (nl_object_match_filter (obj, OBJ_CAST (filter)) == 0) {
rtnl_link_put (filter);
return;
}
link_obj = (struct rtnl_link *) obj;
flags = rtnl_link_get_flags (link_obj);
ifidx = rtnl_link_get_ifindex (link_obj);
nm_log_dbg (LOGD_HW, "netlink link message: iface idx %d flags 0x%X", ifidx, flags);
/* IFF_LOWER_UP is the indicator of carrier status since kernel commit
* b00055aacdb172c05067612278ba27265fcd05ce in 2.6.17.
*/
if (flags & IFF_LOWER_UP)
g_signal_emit (self, signals[CARRIER_ON], 0, ifidx);
else
g_signal_emit (self, signals[CARRIER_OFF], 0, ifidx);
rtnl_link_put (filter);
}
static void nl_obj_input(struct nl_object *obj, void *arg)
{
struct _obj
{
NLHDR_COMMON
};
struct _obj *o = (struct _obj *)obj;
if( o->ce_msgtype == RTM_NEWLINK || o->ce_msgtype == RTM_DELLINK )
{
struct rtnl_link *link = (struct rtnl_link *)obj;
struct nl_addr *a = rtnl_link_get_addr(link);
char buf[123];
nl_addr2str(a, buf, sizeof(buf));
int ifindex = rtnl_link_get_ifindex(link);
bool active = rtnl_link_get_flags(link) & IFF_UP;
char *iface = rtnl_link_get_name(link);
if( o->ce_msgtype == RTM_NEWLINK )
{
struct link_addr *nla = g_hash_table_lookup(nl_runtime.link_addr_cache, &ifindex);
if( nla == NULL )
{
g_critical("LINK NEW %s %i", iface, ifindex);
struct link_addr *nla = link_addr_new(iface, ifindex, active);
g_hash_table_insert(nl_runtime.link_addr_cache, &nla->ifindex, nla);
}else
{
g_critical("LINK CHANGE %s %i", iface, ifindex);
GHashTableIter iter;
gpointer key, value;
g_hash_table_iter_init(&iter, nla->addrs);
if( active != nla->active )
{
while( g_hash_table_iter_next(&iter, &key, &value) )
{
struct incident *i;
if( active )
{
g_critical("LINK UP");
i = incident_new("dionaea.module.nl.addr.new");
}else
{
g_critical("LINK DOWN");
i = incident_new("dionaea.module.nl.addr.del");
}
incident_value_string_set(i, "addr", g_string_new(key));
incident_value_string_set(i, "iface", g_string_new(nla->iface));
incident_value_int_set(i, "scope", nla->ifindex);
incident_report(i);
incident_free(i);
}
nla->active = active;
}
}
}else
if( o->ce_msgtype == RTM_DELLINK )
{
g_critical("LINK DEL %s %i", iface, ifindex);
struct link_addr *nla = g_hash_table_lookup(nl_runtime.link_addr_cache, &ifindex);
g_hash_table_remove(nl_runtime.link_addr_cache, &ifindex);
link_addr_free(nla);
}
}else
if( o->ce_msgtype == RTM_NEWADDR || o->ce_msgtype == RTM_DELADDR )
{
char buf[128];
struct rtnl_addr *addr = (struct rtnl_addr *)obj;
struct nl_addr *a = rtnl_addr_get_local(addr);
int ifindex = rtnl_addr_get_ifindex(addr);
nl_addr2str(a, buf, 128);
char *slash;
if( (slash = strstr(buf, "/")) != NULL)
*slash = '\0';
char *saddr = NULL;
struct link_addr *nla = g_hash_table_lookup(nl_runtime.link_addr_cache, &ifindex);
if( !nla )
return;
if( o->ce_msgtype == RTM_NEWADDR )
{
if( g_hash_table_lookup(nla->addrs, buf) == NULL )
{
g_warning("NEW ADDR %s!", buf);
saddr = g_strdup(buf);
g_hash_table_insert(nla->addrs, saddr, saddr);
if( nla->active )
{
struct incident *i = incident_new("dionaea.module.nl.addr.new");
incident_value_string_set(i, "addr", g_string_new(saddr));
incident_value_string_set(i, "iface", g_string_new(nla->iface));
incident_value_int_set(i, "scope", nla->ifindex);
incident_report(i);
incident_free(i);
}
}
}else
if( o->ce_msgtype == RTM_DELADDR )
{
if( ( saddr = g_hash_table_lookup(nla->addrs, buf) ) != NULL )
{
g_warning("DEL ADDR! %s", buf);
if( nla->active )
{
struct incident *i = incident_new("dionaea.module.nl.addr.del");
incident_value_string_set(i, "addr", g_string_new(saddr));
incident_value_string_set(i, "iface", g_string_new(nla->iface));
incident_value_int_set(i, "scope", nla->ifindex);
incident_report(i);
incident_free(i);
}
g_hash_table_remove(nla->addrs, buf);
g_free(saddr);
}
}
}
/*
struct nl_dump_params dp = {
.dp_type = NL_DUMP_STATS,
.dp_fd = stdout,
.dp_dump_msgtype = 1,
};
nl_object_dump(obj, &dp);
struct nl_dump_params params = {
.dp_type = NL_DUMP_LINE,
.dp_fd = stdout,
.dp_prefix = 1,
};
g_debug("addr cache");
nl_cache_dump(nl_runtime.addr_cache, ¶ms);
g_debug("arp cache");
nl_cache_dump(nl_runtime.neigh_cache, ¶ms);
g_debug("link cache");
nl_cache_dump(nl_runtime.link_cache, ¶ms);
*/
}
int main(int argc, char *argv[])
{
char *unikernel;
enum {
QEMU,
KVM,
UKVM,
UNIX
} hypervisor;
if (argc < 3) {
fprintf(stderr, "usage: runner HYPERVISOR UNIKERNEL [ ARGS... ]\n");
fprintf(stderr, "HYPERVISOR: qemu | kvm | ukvm | unix\n");
return 1;
}
if (strcmp(argv[1], "qemu") == 0)
hypervisor = QEMU;
else if (strcmp(argv[1], "kvm") == 0)
hypervisor = KVM;
else if (strcmp(argv[1], "ukvm") == 0)
hypervisor = UKVM;
else if (strcmp(argv[1], "unix") == 0)
hypervisor = UNIX;
else {
warnx("error: Invalid hypervisor: %s", argv[1]);
return 1;
}
unikernel = argv[2];
/*
* Remaining arguments are to be passed on to the unikernel.
*/
argv += 3;
argc -= 3;
/*
* Check we have CAP_NET_ADMIN.
*/
if (capng_get_caps_process() != 0) {
warnx("error: capng_get_caps_process() failed");
return 1;
}
if (!capng_have_capability(CAPNG_EFFECTIVE, CAP_NET_ADMIN)) {
warnx("error: CAP_NET_ADMIN is required");
return 1;
}
/*
* Connect to netlink, load link cache from kernel.
*/
struct nl_sock *sk;
struct nl_cache *link_cache;
int err;
sk = nl_socket_alloc();
assert(sk);
err = nl_connect(sk, NETLINK_ROUTE);
if (err < 0) {
warnx("nl_connect() failed: %s", nl_geterror(err));
return 1;
}
err = rtnl_link_alloc_cache(sk, AF_UNSPEC, &link_cache);
if (err < 0) {
warnx("rtnl_link_alloc_cache() failed: %s", nl_geterror(err));
return 1;
}
/*
* Retrieve container network configuration -- IP address and
* default gateway.
*/
struct rtnl_link *l_veth;
l_veth = rtnl_link_get_by_name(link_cache, VETH_LINK_NAME);
if (l_veth == NULL) {
warnx("error: Could not get link information for %s", VETH_LINK_NAME);
return 1;
}
struct nl_addr *veth_addr;
err = get_link_inet_addr(sk, l_veth, &veth_addr);
if (err) {
warnx("error: Unable to determine IP address of %s",
VETH_LINK_NAME);
return 1;
}
struct nl_addr *gw_addr;
err = get_default_gw_inet_addr(sk, &gw_addr);
if (err) {
warnx("error: get_deGfault_gw_inet_addr() failed");
return 1;
}
if (gw_addr == NULL) {
warnx("error: No default gateway found. This is currently "
"not supported");
return 1;
}
/*
* Create bridge and tap interface, enslave veth and tap interfaces to
* bridge.
*/
err = create_bridge_link(sk, BRIDGE_LINK_NAME);
if (err < 0) {
warnx("create_bridge_link(%s) failed: %s", BRIDGE_LINK_NAME,
nl_geterror(err));
return 1;
}
int tap_fd;
if (hypervisor == UKVM)
err = create_tap_link(TAP_LINK_NAME, &tap_fd);
else
err = create_tap_link(TAP_LINK_NAME, NULL);
if (err != 0) {
warnx("create_tap_link(%s) failed: %s", TAP_LINK_NAME, strerror(err));
return 1;
}
/* Refill link cache with newly-created interfaces */
nl_cache_refill(sk, link_cache);
struct rtnl_link *l_bridge;
l_bridge = rtnl_link_get_by_name(link_cache, BRIDGE_LINK_NAME);
if (l_bridge == NULL) {
warnx("error: Could not get link information for %s", BRIDGE_LINK_NAME);
return 1;
}
struct rtnl_link *l_tap;
l_tap = rtnl_link_get_by_name(link_cache, TAP_LINK_NAME);
if (l_tap == NULL) {
warnx("error: Could not get link information for %s", TAP_LINK_NAME);
return 1;
}
err = rtnl_link_enslave(sk, l_bridge, l_veth);
if (err < 0) {
warnx("error: Unable to enslave %s to %s: %s", VETH_LINK_NAME,
BRIDGE_LINK_NAME, nl_geterror(err));
return 1;
}
err = rtnl_link_enslave(sk, l_bridge, l_tap);
if (err < 0) {
warnx("error: Unable to enslave %s to %s: %s", TAP_LINK_NAME,
BRIDGE_LINK_NAME, nl_geterror(err));
return 1;
}
/*
* Flush all IPv4 addresses from the veth interface. This is now safe
* as we are good to commit and have retrieved the existing configuration.
*/
struct rtnl_addr *flush_addr;
flush_addr = rtnl_addr_alloc();
assert(flush_addr);
rtnl_addr_set_ifindex(flush_addr, rtnl_link_get_ifindex(l_veth));
rtnl_addr_set_family(flush_addr, AF_INET);
rtnl_addr_set_local(flush_addr, veth_addr);
err = rtnl_addr_delete(sk, flush_addr, 0);
if (err < 0) {
warnx("error: Could not flush addresses on %s: %s", VETH_LINK_NAME,
nl_geterror(err));
return 1;
}
rtnl_addr_put(flush_addr);
/*
* Bring up the tap and bridge interfaces.
*/
struct rtnl_link *l_up;
l_up = rtnl_link_alloc();
assert(l_up);
/* You'd think set_operstate was the thing to do here. It's not. */
rtnl_link_set_flags(l_up, IFF_UP);
err = rtnl_link_change(sk, l_tap, l_up, 0);
if (err < 0) {
warnx("error: rtnl_link_change(%s, UP) failed: %s", TAP_LINK_NAME,
nl_geterror(err));
return 1;
}
err = rtnl_link_change(sk, l_bridge, l_up, 0);
if (err < 0) {
warnx("error: rtnl_link_change(%s, UP) failed: %s", BRIDGE_LINK_NAME,
nl_geterror(err));
return 1;
}
rtnl_link_put(l_up);
/*
* Collect network configuration data.
*/
char ip[AF_INET_BUFSIZE];
if (inet_ntop(AF_INET, nl_addr_get_binary_addr(veth_addr), ip,
sizeof ip) == NULL) {
perror("inet_ntop()");
return 1;
}
char uarg_ip[AF_INET_BUFSIZE];
unsigned int prefixlen = nl_addr_get_prefixlen(veth_addr);
snprintf(uarg_ip, sizeof uarg_ip, "%s/%u", ip, prefixlen);
char uarg_gw[AF_INET_BUFSIZE];
if (inet_ntop(AF_INET, nl_addr_get_binary_addr(gw_addr), uarg_gw,
sizeof uarg_gw) == NULL) {
perror("inet_ntop()");
return 1;
}
/*
* Build unikernel and hypervisor arguments.
*/
ptrvec* uargpv = pvnew();
char *uarg_buf;
/*
* QEMU/KVM:
* /usr/bin/qemu-system-x86_64 <qemu args> -kernel <unikernel> -append "<unikernel args>"
*/
if (hypervisor == QEMU || hypervisor == KVM) {
pvadd(uargpv, "/usr/bin/qemu-system-x86_64");
pvadd(uargpv, "-nodefaults");
pvadd(uargpv, "-no-acpi");
pvadd(uargpv, "-display");
pvadd(uargpv, "none");
pvadd(uargpv, "-serial");
pvadd(uargpv, "stdio");
pvadd(uargpv, "-m");
pvadd(uargpv, "512");
if (hypervisor == KVM) {
pvadd(uargpv, "-enable-kvm");
pvadd(uargpv, "-cpu");
pvadd(uargpv, "host");
}
else {
/*
* Required for AESNI use in Mirage.
*/
pvadd(uargpv, "-cpu");
pvadd(uargpv, "Westmere");
}
pvadd(uargpv, "-device");
char *guest_mac = generate_mac();
assert(guest_mac);
err = asprintf(&uarg_buf, "virtio-net-pci,netdev=n0,mac=%s", guest_mac);
assert(err != -1);
pvadd(uargpv, uarg_buf);
pvadd(uargpv, "-netdev");
err = asprintf(&uarg_buf, "tap,id=n0,ifname=%s,script=no,downscript=no",
TAP_LINK_NAME);
assert(err != -1);
pvadd(uargpv, uarg_buf);
pvadd(uargpv, "-kernel");
pvadd(uargpv, unikernel);
pvadd(uargpv, "-append");
/*
* TODO: Replace any occurences of ',' with ',,' in -append, because
* QEMU arguments are insane.
*/
char cmdline[1024];
char *cmdline_p = cmdline;
size_t cmdline_free = sizeof cmdline;
for (; *argv; argc--, argv++) {
size_t alen = snprintf(cmdline_p, cmdline_free, "%s%s", *argv,
(argc > 1) ? " " : "");
if (alen >= cmdline_free) {
warnx("error: Command line too long");
return 1;
}
cmdline_free -= alen;
cmdline_p += alen;
}
size_t alen = snprintf(cmdline_p, cmdline_free,
"--ipv4=%s --ipv4-gateway=%s", uarg_ip, uarg_gw);
if (alen >= cmdline_free) {
warnx("error: Command line too long");
return 1;
}
pvadd(uargpv, cmdline);
}
/*
* UKVM:
* /unikernel/ukvm <ukvm args> <unikernel> -- <unikernel args>
*/
else if (hypervisor == UKVM) {
pvadd(uargpv, "/unikernel/ukvm");
err = asprintf(&uarg_buf, "--net=@%d", tap_fd);
assert(err != -1);
pvadd(uargpv, uarg_buf);
pvadd(uargpv, "--");
pvadd(uargpv, unikernel);
for (; *argv; argc--, argv++) {
pvadd(uargpv, *argv);
}
err = asprintf(&uarg_buf, "--ipv4=%s", uarg_ip);
assert(err != -1);
pvadd(uargpv, uarg_buf);
err = asprintf(&uarg_buf, "--ipv4-gateway=%s", uarg_gw);
assert(err != -1);
pvadd(uargpv, uarg_buf);
}
/*
* UNIX:
* <unikernel> <unikernel args>
*/
else if (hypervisor == UNIX) {
pvadd(uargpv, unikernel);
err = asprintf(&uarg_buf, "--interface=%s", TAP_LINK_NAME);
assert(err != -1);
pvadd(uargpv, uarg_buf);
for (; *argv; argc--, argv++) {
pvadd(uargpv, *argv);
}
err = asprintf(&uarg_buf, "--ipv4=%s", uarg_ip);
assert(err != -1);
pvadd(uargpv, uarg_buf);
err = asprintf(&uarg_buf, "--ipv4-gateway=%s", uarg_gw);
assert(err != -1);
pvadd(uargpv, uarg_buf);
}
char **uargv = (char **)pvfinal(uargpv);
/*
* Done with netlink, free all resources and close socket.
*/
rtnl_link_put(l_veth);
rtnl_link_put(l_bridge);
rtnl_link_put(l_tap);
nl_addr_put(veth_addr);
nl_addr_put(gw_addr);
nl_cache_free(link_cache);
nl_close(sk);
nl_socket_free(sk);
/*
* Drop all capabilities except CAP_NET_BIND_SERVICE.
*/
capng_clear(CAPNG_SELECT_BOTH);
capng_update(CAPNG_ADD,
CAPNG_EFFECTIVE | CAPNG_PERMITTED | CAPNG_INHERITABLE,
CAP_NET_BIND_SERVICE);
if (capng_apply(CAPNG_SELECT_BOTH) != 0) {
warnx("error: Could not drop capabilities");
return 1;
}
/*
* Run the unikernel.
*/
err = execv(uargv[0], uargv);
warn("error: execv() of %s failed", uargv[0]);
return 1;
}
/**
* Release a link from a bond
* @arg sock netlink socket
* @arg slave slave link to be released
*
* Constructs a RTM_NEWLINK or RTM_SETLINK message releasing the slave from
* its master and sends the request via the specified netlink socket.
*
* @note The feature of enslaving/releasing via netlink has only been added
* recently to the kernel (Feb 2011). Also, the kernel does not signal
* if the operation is not supported. Therefore this function will
* verify if the master assignment has changed and will return
* -NLE_OPNOTSUPP if it did not.
*
* @see rtnl_link_bond_release_ifindex()
* @see rtnl_link_bond_enslave()
*
* @return 0 on success or a negative error code.
*/
int rtnl_link_bond_release(struct nl_sock *sock, struct rtnl_link *slave)
{
return rtnl_link_bond_release_ifindex(sock,
rtnl_link_get_ifindex(slave));
}
int TNlLink::GetIndex() const {
return rtnl_link_get_ifindex(Link);
}
static void delete_link(struct nl_object *obj, void *arg)
{
struct rtnl_link *link = nl_object_priv(obj);
__delete_link(rtnl_link_get_ifindex(link), arg);
}
static void handle_class(struct nl_object *obj, void *arg)
{
struct rtnl_tc *tc = (struct rtnl_tc *) obj;
struct element *e;
struct rdata *rdata = arg;
struct rdata ndata = {
.level = rdata->level + 1,
};
if (!(e = handle_tc_obj(tc, "class", rdata)))
return;
ndata.parent = e;
if (!strcmp(rtnl_tc_get_kind(tc), "htb"))
element_set_txmax(e, rtnl_htb_get_rate((struct rtnl_class *) tc));
find_classes(rtnl_tc_get_handle(tc), &ndata);
find_qdiscs(rtnl_tc_get_handle(tc), &ndata);
}
static void find_qdiscs(uint32_t parent, struct rdata *rdata)
{
struct rtnl_qdisc *filter;
if (!(filter = rtnl_qdisc_alloc()))
return;
rtnl_tc_set_parent((struct rtnl_tc *) filter, parent);
nl_cache_foreach_filter(qdisc_cache, OBJ_CAST(filter),
handle_qdisc, rdata);
rtnl_qdisc_put(filter);
}
static void find_cls(int ifindex, uint32_t parent, struct rdata *rdata)
{
struct nl_cache *cls_cache;
if (rtnl_cls_alloc_cache(sock, ifindex, parent, &cls_cache) < 0)
return;
nl_cache_foreach(cls_cache, handle_cls, rdata);
nl_cache_free(cls_cache);
}
static void find_classes(uint32_t parent, struct rdata *rdata)
{
struct rtnl_class *filter;
if (!(filter = rtnl_class_alloc()))
return;
rtnl_tc_set_parent((struct rtnl_tc *) filter, parent);
nl_cache_foreach_filter(class_cache, OBJ_CAST(filter),
handle_class, rdata);
rtnl_class_put(filter);
}
static void handle_qdisc(struct nl_object *obj, void *arg)
{
struct rtnl_tc *tc = (struct rtnl_tc *) obj;
struct element *e;
struct rdata *rdata = arg;
struct rdata ndata = {
.level = rdata->level + 1,
};
if (!(e = handle_tc_obj(tc, "qdisc", rdata)))
return;
ndata.parent = e;
find_cls(rtnl_tc_get_ifindex(tc), rtnl_tc_get_handle(tc), &ndata);
if (rtnl_tc_get_parent(tc) == TC_H_ROOT) {
find_cls(rtnl_tc_get_ifindex(tc), TC_H_ROOT, &ndata);
find_classes(TC_H_ROOT, &ndata);
}
find_classes(rtnl_tc_get_handle(tc), &ndata);
}
static void handle_tc(struct element *e, struct rtnl_link *link)
{
struct rtnl_qdisc *qdisc;
int ifindex = rtnl_link_get_ifindex(link);
struct rdata rdata = {
.level = 1,
.parent = e,
};
if (rtnl_class_alloc_cache(sock, ifindex, &class_cache) < 0)
return;
qdisc = rtnl_qdisc_get_by_parent(qdisc_cache, ifindex, TC_H_ROOT);
if (qdisc) {
handle_qdisc(OBJ_CAST(qdisc), &rdata);
rtnl_qdisc_put(qdisc);
}
qdisc = rtnl_qdisc_get_by_parent(qdisc_cache, ifindex, 0);
if (qdisc) {
handle_qdisc(OBJ_CAST(qdisc), &rdata);
rtnl_qdisc_put(qdisc);
}
qdisc = rtnl_qdisc_get_by_parent(qdisc_cache, ifindex, TC_H_INGRESS);
if (qdisc) {
handle_qdisc(OBJ_CAST(qdisc), &rdata);
rtnl_qdisc_put(qdisc);
}
nl_cache_free(class_cache);
}
static void update_link_infos(struct element *e, struct rtnl_link *link)
{
char buf[64];
snprintf(buf, sizeof(buf), "%u", rtnl_link_get_mtu(link));
element_update_info(e, "MTU", buf);
rtnl_link_flags2str(rtnl_link_get_flags(link), buf, sizeof(buf));
element_update_info(e, "Flags", buf);
rtnl_link_operstate2str(rtnl_link_get_operstate(link),
buf, sizeof(buf));
element_update_info(e, "Operstate", buf);
snprintf(buf, sizeof(buf), "%u", rtnl_link_get_ifindex(link));
element_update_info(e, "IfIndex", buf);
nl_addr2str(rtnl_link_get_addr(link), buf, sizeof(buf));
element_update_info(e, "Address", buf);
nl_addr2str(rtnl_link_get_broadcast(link), buf, sizeof(buf));
element_update_info(e, "Broadcast", buf);
rtnl_link_mode2str(rtnl_link_get_linkmode(link),
buf, sizeof(buf));
element_update_info(e, "Mode", buf);
snprintf(buf, sizeof(buf), "%u", rtnl_link_get_txqlen(link));
element_update_info(e, "TXQlen", buf);
nl_af2str(rtnl_link_get_family(link), buf, sizeof(buf));
element_update_info(e, "Family", buf);
element_update_info(e, "Alias",
rtnl_link_get_ifalias(link) ? : "");
element_update_info(e, "Qdisc",
rtnl_link_get_qdisc(link) ? : "");
if (rtnl_link_get_link(link)) {
snprintf(buf, sizeof(buf), "%u", rtnl_link_get_link(link));
element_update_info(e, "SlaveOfIndex", buf);
}
}
static void do_link(struct nl_object *obj, void *arg)
{
struct rtnl_link *link = (struct rtnl_link *) obj;
struct element *e, *e_parent = NULL;
int i, master_ifindex;
if (!cfg_show_all && !(rtnl_link_get_flags(link) & IFF_UP)) {
/* FIXME: delete element */
return;
}
/* Check if the interface is a slave of another interface */
if ((master_ifindex = rtnl_link_get_link(link))) {
char parent[IFNAMSIZ+1];
rtnl_link_i2name(link_cache, master_ifindex,
parent, sizeof(parent));
e_parent = element_lookup(grp, parent, master_ifindex, NULL, 0);
}
if (!(e = element_lookup(grp, rtnl_link_get_name(link),
rtnl_link_get_ifindex(link), e_parent, ELEMENT_CREAT)))
return;
if (e->e_flags & ELEMENT_FLAG_CREATED) {
if (e->e_parent)
e->e_level = e->e_parent->e_level + 1;
if (element_set_key_attr(e, "bytes", "packets") ||
element_set_usage_attr(e, "bytes"))
BUG();
/* FIXME: Update link infos every 1s or so */
update_link_infos(e, link);
e->e_flags &= ~ELEMENT_FLAG_CREATED;
}
for (i = 0; i < ARRAY_SIZE(link_attrs); i++) {
struct attr_map *m = &link_attrs[i];
uint64_t c_rx = 0, c_tx = 0;
int flags = 0;
if (m->rxid >= 0) {
c_rx = rtnl_link_get_stat(link, m->rxid);
flags |= UPDATE_FLAG_RX;
}
if (m->txid >= 0) {
c_tx = rtnl_link_get_stat(link, m->txid);
flags |= UPDATE_FLAG_TX;
}
attr_update(e, m->attrid, c_rx, c_tx, flags);
}
if (!c_notc)
handle_tc(e, link);
element_notify_update(e, NULL);
element_lifesign(e, 1);
}
static void netlink_read(void)
{
int err;
if ((err = nl_cache_resync(sock, link_cache, NULL, NULL)) < 0) {
fprintf(stderr, "Unable to resync link cache: %s\n", nl_geterror(err));
goto disable;
}
if ((err = nl_cache_resync(sock, qdisc_cache, NULL, NULL)) < 0) {
fprintf(stderr, "Unable to resync qdisc cache: %s\n", nl_geterror(err));
goto disable;
}
nl_cache_foreach(link_cache, do_link, NULL);
return;
disable:
netlink_ops.m_flags &= ~BMON_MODULE_ENABLED;
}
static void netlink_shutdown(void)
{
nl_cache_free(link_cache);
nl_cache_free(qdisc_cache);
nl_socket_free(sock);
}
int nl_bridge::learn_source_mac(rtnl_link *br_link, packet *p) {
// we still assume vlan filtering bridge
assert(rtnl_link_get_family(br_link) == AF_BRIDGE);
VLOG(2) << __FUNCTION__ << ": pkt " << p << " on link " << OBJ_CAST(br_link);
rtnl_link_bridge_vlan *br_vlan = rtnl_link_bridge_get_port_vlan(br_link);
if (br_vlan == nullptr) {
LOG(ERROR) << __FUNCTION__
<< ": only the vlan filtering bridge is supported";
return -EINVAL;
}
// parse ether frame and check for vid
vlan_hdr *hdr = reinterpret_cast<basebox::vlan_hdr *>(p->data);
uint16_t vid = 0;
// XXX TODO maybe move this to the utils to have a std lib for parsing the
// ether frame
switch (ntohs(hdr->eth.h_proto)) {
case ETH_P_8021Q:
// vid
vid = ntohs(hdr->vlan);
break;
default:
// no vid, set vid to pvid
vid = br_vlan->pvid;
LOG(WARNING) << __FUNCTION__ << ": assuming untagged for ethertype "
<< std::showbase << std::hex << ntohs(hdr->eth.h_proto);
break;
}
// verify that the vid is in use here
if (!is_vid_set(vid, br_vlan->vlan_bitmap)) {
LOG(WARNING) << __FUNCTION__ << ": got packet on unconfigured port";
return -ENOTSUP;
}
// set nl neighbour to NL
std::unique_ptr<nl_addr, decltype(&nl_addr_put)> h_src(
nl_addr_build(AF_LLC, hdr->eth.h_source, sizeof(hdr->eth.h_source)),
nl_addr_put);
if (!h_src) {
LOG(ERROR) << __FUNCTION__ << ": failed to allocate src mac";
return -ENOMEM;
}
std::unique_ptr<rtnl_neigh, decltype(&rtnl_neigh_put)> n(rtnl_neigh_alloc(),
rtnl_neigh_put);
rtnl_neigh_set_ifindex(n.get(), rtnl_link_get_ifindex(br_link));
rtnl_neigh_set_master(n.get(), rtnl_link_get_master(br_link));
rtnl_neigh_set_family(n.get(), AF_BRIDGE);
rtnl_neigh_set_vlan(n.get(), vid);
rtnl_neigh_set_lladdr(n.get(), h_src.get());
rtnl_neigh_set_flags(n.get(), NTF_MASTER | NTF_EXT_LEARNED);
rtnl_neigh_set_state(n.get(), NUD_REACHABLE);
// check if entry already exists in cache
if (is_mac_in_l2_cache(n.get())) {
return 0;
}
nl_msg *msg = nullptr;
rtnl_neigh_build_add_request(n.get(),
NLM_F_REQUEST | NLM_F_CREATE | NLM_F_EXCL, &msg);
assert(msg);
// send the message and create new fdb entry
if (nl->send_nl_msg(msg) < 0) {
LOG(ERROR) << __FUNCTION__ << ": failed to send netlink message";
return -EINVAL;
}
// cache the entry
if (nl_cache_add(l2_cache.get(), OBJ_CAST(n.get())) < 0) {
LOG(ERROR) << __FUNCTION__ << ": failed to add entry to l2_cache "
<< OBJ_CAST(n.get());
return -EINVAL;
}
VLOG(2) << __FUNCTION__ << ": learned new source mac " << OBJ_CAST(n.get());
return 0;
}
void nl_bridge::update_access_ports(rtnl_link *vxlan_link, rtnl_link *br_link,
const uint16_t vid,
const uint32_t tunnel_id,
const std::deque<rtnl_link *> &bridge_ports,
bool add) {
// XXX pvid is currently not taken into account
for (auto _br_port : bridge_ports) {
auto br_port_vlans = rtnl_link_bridge_get_port_vlan(_br_port);
if (rtnl_link_get_ifindex(vxlan_link) == rtnl_link_get_ifindex(_br_port))
continue;
if (br_port_vlans == nullptr)
continue;
if (!is_vid_set(vid, br_port_vlans->vlan_bitmap))
continue;
bool untagged = is_vid_set(vid, br_port_vlans->untagged_bitmap);
int ifindex = rtnl_link_get_ifindex(_br_port);
uint32_t pport_no = nl->get_port_id(ifindex);
if (pport_no == 0) {
LOG(WARNING) << __FUNCTION__ << ": ignoring unknown port "
<< OBJ_CAST(_br_port);
continue;
}
rtnl_link *link = nl->get_link(rtnl_link_get_ifindex(_br_port), AF_UNSPEC);
VLOG(2) << __FUNCTION__ << ": vid=" << vid << ", untagged=" << untagged
<< ", tunnel_id=" << tunnel_id << ", add=" << add
<< ", ifindex=" << ifindex << ", pport_no=" << pport_no
<< ", port: " << OBJ_CAST(_br_port);
if (add) {
std::string port_name = std::string(rtnl_link_get_name(_br_port));
// this is no longer a normal bridge interface thus we delete all the
// bridging entries
sw->l2_addr_remove_all_in_vlan(pport_no, vid);
vxlan->create_access_port(_br_port, tunnel_id, port_name, pport_no, vid,
untagged, nullptr);
auto neighs = get_fdb_entries_of_port(_br_port, vid);
for (auto n : neighs) {
// ignore ll addr of bridge on slave
if (nl_addr_cmp(rtnl_link_get_addr(bridge), rtnl_neigh_get_lladdr(n)) ==
0) {
continue;
}
VLOG(3) << ": needs to be updated " << OBJ_CAST(n);
vxlan->add_l2_neigh(n, link, br_link);
}
} else {
// delete access port and all bridging entries
vxlan->delete_access_port(_br_port, pport_no, vid, true);
// XXX FIXME check if we have to add the VLANs again (ingress/egress)
}
}
}
static int init_qdisc(libxl__checkpoint_devices_state *cds,
libxl__remus_device_nic *remus_nic)
{
int rc, ret, ifindex;
struct rtnl_link *ifb = NULL;
struct rtnl_qdisc *qdisc = NULL;
libxl__remus_state *rs = cds->concrete_data;
STATE_AO_GC(cds->ao);
/* Now that we have brought up REMUS_IFB device with plug qdisc for
* this vif, so we need to refill the qdisc cache.
*/
ret = nl_cache_refill(rs->nlsock, rs->qdisc_cache);
if (ret) {
LOGD(ERROR, cds->domid,
"cannot refill qdisc cache: %s", nl_geterror(ret));
rc = ERROR_FAIL;
goto out;
}
/* get a handle to the REMUS_IFB interface */
ret = rtnl_link_get_kernel(rs->nlsock, 0, remus_nic->ifb, &ifb);
if (ret) {
LOGD(ERROR, cds->domid,
"cannot obtain handle for %s: %s", remus_nic->ifb,
nl_geterror(ret));
rc = ERROR_FAIL;
goto out;
}
ifindex = rtnl_link_get_ifindex(ifb);
if (!ifindex) {
LOGD(ERROR, cds->domid,
"interface %s has no index", remus_nic->ifb);
rc = ERROR_FAIL;
goto out;
}
/* Get a reference to the root qdisc installed on the REMUS_IFB, by
* querying the qdisc list we obtained earlier. The netbufscript
* sets up the plug qdisc as the root qdisc, so we don't have to
* search the entire qdisc tree on the REMUS_IFB dev.
* There is no need to explicitly free this qdisc as its just a
* reference from the qdisc cache we allocated earlier.
*/
qdisc = rtnl_qdisc_get_by_parent(rs->qdisc_cache, ifindex, TC_H_ROOT);
if (qdisc) {
const char *tc_kind = rtnl_tc_get_kind(TC_CAST(qdisc));
/* Sanity check: Ensure that the root qdisc is a plug qdisc. */
if (!tc_kind || strcmp(tc_kind, "plug")) {
LOGD(ERROR, cds->domid,
"plug qdisc is not installed on %s", remus_nic->ifb);
rc = ERROR_FAIL;
goto out;
}
remus_nic->qdisc = qdisc;
} else {
LOGD(ERROR, cds->domid,
"Cannot get qdisc handle from ifb %s", remus_nic->ifb);
rc = ERROR_FAIL;
goto out;
}
rc = 0;
out:
if (ifb)
rtnl_link_put(ifb);
if (rc && qdisc)
nl_object_put((struct nl_object *)qdisc);
return rc;
}
void nl_bridge::update_vlans(rtnl_link *old_link, rtnl_link *new_link) {
assert(sw);
assert(bridge); // already checked
rtnl_link_bridge_vlan *old_br_vlan, *new_br_vlan;
rtnl_link *_link;
if (old_link == nullptr) {
// link added
old_br_vlan = &empty_br_vlan;
new_br_vlan = rtnl_link_bridge_get_port_vlan(new_link);
_link = nl->get_link(rtnl_link_get_ifindex(new_link), AF_UNSPEC);
} else if (new_link == nullptr) {
// link deleted
old_br_vlan = rtnl_link_bridge_get_port_vlan(old_link);
new_br_vlan = &empty_br_vlan;
_link = nl->get_link(rtnl_link_get_ifindex(old_link), AF_UNSPEC);
} else {
// link updated
old_br_vlan = rtnl_link_bridge_get_port_vlan(old_link);
new_br_vlan = rtnl_link_bridge_get_port_vlan(new_link);
_link = nl->get_link(rtnl_link_get_ifindex(new_link), AF_UNSPEC);
}
if (old_br_vlan == nullptr) {
old_br_vlan = &empty_br_vlan;
}
if (new_br_vlan == nullptr) {
new_br_vlan = &empty_br_vlan;
}
if (_link == nullptr) {
// XXX FIXME in case a vxlan has been deleted the vxlan_domain and
// vxlan_dom_bitmap need an update, maybe this can be handled already from
// the link_deleted of the vxlan itself?
LOG(WARNING) << __FUNCTION__
<< ": could not get parent link of bridge interface. This "
"case needs further checks if everything got already "
"deleted.";
return;
}
// check for vid changes
if (br_vlan_equal(old_br_vlan, new_br_vlan)) {
VLOG(2) << __FUNCTION__ << ": vlans did not change";
return;
}
link_type lt = get_link_type(_link);
uint32_t pport_no = 0;
uint32_t tunnel_id = -1;
std::deque<rtnl_link *> bridge_ports;
if (lt == LT_VXLAN) {
assert(nl);
nl->get_bridge_ports(rtnl_link_get_master(_link), &bridge_ports);
if (vxlan->get_tunnel_id(_link, nullptr, &tunnel_id) != 0) {
LOG(ERROR) << __FUNCTION__ << ": failed to get vni of link "
<< OBJ_CAST(_link);
}
} else {
pport_no = nl->get_port_id(rtnl_link_get_ifindex(_link));
if (pport_no == 0) {
LOG(ERROR) << __FUNCTION__
<< ": invalid pport_no=0 of link: " << OBJ_CAST(_link);
return;
}
}
for (int k = 0; k < RTNL_LINK_BRIDGE_VLAN_BITMAP_LEN; k++) {
int base_bit;
uint32_t a = old_br_vlan->vlan_bitmap[k];
uint32_t b = new_br_vlan->vlan_bitmap[k];
uint32_t vlan_diff = a ^ b;
#if 0 // untagged change not yet implemented
uint32_t c = old_br_vlan->untagged_bitmap[k];
uint32_t d = new_br_vlan->untagged_bitmap[k];
uint32_t untagged_diff = c ^ d;
#endif // 0
base_bit = k * 32;
int i = -1;
int done = 0;
while (!done) {
int j = find_next_bit(i, vlan_diff);
if (j > 0) {
// vlan added or removed
int vid = j - 1 + base_bit;
bool egress_untagged = false;
// check if egress is untagged
if (new_br_vlan->untagged_bitmap[k] & 1 << (j - 1)) {
egress_untagged = true;
#if 0 // untagged change not yet implemented
// clear untagged_diff bit
untagged_diff &= ~((uint32_t)1 << (j - 1));
#endif // 0
}
if (new_br_vlan->vlan_bitmap[k] & 1 << (j - 1)) {
// vlan added
if (lt == LT_VXLAN) {
// update vxlan domain
if (!is_vid_set(vid, vxlan_dom_bitmap)) {
VLOG(1) << __FUNCTION__ << ": new vxlan domain vid=" << vid
<< ", tunnel_id=" << tunnel_id;
vxlan_domain.emplace(vid, tunnel_id);
set_vid(vid, vxlan_dom_bitmap);
} else {
// XXX TODO check the map
}
// update all bridge ports to be access ports
update_access_ports(_link, new_link ? new_link : old_link, vid,
tunnel_id, bridge_ports, true);
} else {
assert(pport_no);
if (is_vid_set(vid, vxlan_dom_bitmap)) {
// configure as access port
std::string port_name = std::string(rtnl_link_get_name(_link));
auto vxd_it = vxlan_domain.find(vid);
if (vxd_it != vxlan_domain.end()) {
vxlan->create_access_port((new_link) ? new_link : old_link,
vxd_it->second, port_name, pport_no,
vid, egress_untagged, nullptr);
} else {
LOG(FATAL) << __FUNCTION__
<< ": should not happen, something is broken";
}
} else {
// normal vlan port
VLOG(3) << __FUNCTION__ << ": add vid=" << vid
<< " on pport_no=" << pport_no
<< " link: " << OBJ_CAST(_link);
sw->egress_bridge_port_vlan_add(pport_no, vid, egress_untagged);
sw->ingress_port_vlan_add(pport_no, vid,
new_br_vlan->pvid == vid);
}
}
} else {
// vlan removed
if (lt == LT_VXLAN) {
unset_vid(vid, vxlan_dom_bitmap);
vxlan_domain.erase(vid);
// update all bridge ports to be normal bridge ports
update_access_ports(_link, new_link ? new_link : old_link, vid,
tunnel_id, bridge_ports, false);
} else {
VLOG(3) << __FUNCTION__ << ": remove vid=" << vid
<< " on pport_no=" << pport_no
<< " link: " << OBJ_CAST(_link);
sw->ingress_port_vlan_remove(pport_no, vid,
old_br_vlan->pvid == vid);
// delete all FM pointing to this group first
sw->l2_addr_remove_all_in_vlan(pport_no, vid);
std::unique_ptr<rtnl_neigh, decltype(&rtnl_neigh_put)> filter(
rtnl_neigh_alloc(), rtnl_neigh_put);
rtnl_neigh_set_ifindex(filter.get(), rtnl_link_get_ifindex(bridge));
rtnl_neigh_set_master(filter.get(), rtnl_link_get_master(bridge));
rtnl_neigh_set_family(filter.get(), AF_BRIDGE);
rtnl_neigh_set_vlan(filter.get(), vid);
rtnl_neigh_set_flags(filter.get(), NTF_MASTER | NTF_EXT_LEARNED);
rtnl_neigh_set_state(filter.get(), NUD_REACHABLE);
nl_cache_foreach_filter(l2_cache.get(), OBJ_CAST(filter.get()),
[](struct nl_object *o, void *arg) {
VLOG(3) << "l2_cache remove object " << o;
nl_cache_remove(o);
},
nullptr);
sw->egress_bridge_port_vlan_remove(pport_no, vid);
}
}
i = j;
} else {
done = 1;
}
}
#if 0 // not yet implemented the update
done = 0;
i = -1;
while (!done) {
// vlan is existing, but swapping egress tagged/untagged
int j = find_next_bit(i, untagged_diff);
if (j > 0) {
// egress untagged changed
int vid = j - 1 + base_bit;
bool egress_untagged = false;
// check if egress is untagged
if (new_br_vlan->untagged_bitmap[k] & 1 << (j-1)) {
egress_untagged = true;
}
// XXX implement update
fm_driver.update_port_vid_egress(devname, vid, egress_untagged);
i = j;
} else {
done = 1;
}
}
#endif
}
}