src - OpenBSD base system

diff options


context:
space:
mode:

author	Reyk Floeter <reyk@cvs.openbsd.org>	2017-05-04 08:26:07 +0000
committer	Reyk Floeter <reyk@cvs.openbsd.org>	2017-05-04 08:26:07 +0000
commit	d9710761626ca18772a1225525894d5d09353d11 (patch)
tree	cfb412e09d1dff2ef04dff50054c80b95717ec98 /usr.sbin
parent	487e53113bfbb64ce3a522451bb7310096ff3b78 (diff)

Add support for rdomains.

This allows to configure VM interfaces and switches in individual rdomains. OK mlarkin@

Diffstat (limited to 'usr.sbin')

-rw-r--r--

usr.sbin/vmd/config.c

-rw-r--r--

usr.sbin/vmd/parse.y

-rw-r--r--

usr.sbin/vmd/priv.c

-rw-r--r--

usr.sbin/vmd/vm.conf.5

-rw-r--r--

usr.sbin/vmd/vmd.c

-rw-r--r--

usr.sbin/vmd/vmd.h

6 files changed, 80 insertions, 9 deletions

diff --git a/usr.sbin/vmd/config.c b/usr.sbin/vmd/config.c
index f100c7b8aa5..7d738a3cc64 100644
--- a/usr.sbin/vmd/config.c
+++ b/usr.sbin/vmd/config.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: config.c,v 1.30 2017/04/21 07:03:26 reyk Exp $ */

+/* $OpenBSD: config.c,v 1.31 2017/05/04 08:26:06 reyk Exp $ */

@@ -282,6 +282,9 @@ config_setvm(struct privsep *ps, struct vmd_vm *vm, uint32_t peerid, uid_t uid)

}

+ /* non-default rdomain (requires VMIFF_RDOMAIN below) */

+ vif->vif_rdomain = vmc->vmc_ifrdomain[i];

/* Set the interface status */

vif->vif_flags =

vmc->vmc_ifflags[i] & (VMIFF_UP|VMIFF_OPTMASK);

diff --git a/usr.sbin/vmd/parse.y b/usr.sbin/vmd/parse.y
index d400d4eb242..55a9b0c7acc 100644
--- a/usr.sbin/vmd/parse.y
+++ b/usr.sbin/vmd/parse.y

@@ -1,4 +1,4 @@

-/* $OpenBSD: parse.y,v 1.28 2017/05/03 08:21:57 reyk Exp $ */

+/* $OpenBSD: parse.y,v 1.29 2017/05/04 08:26:06 reyk Exp $ */

@@ -116,7 +116,7 @@ typedef struct {

%token INCLUDE ERROR

%token ADD BOOT DISABLE DISK DOWN ENABLE GROUP INTERFACE LLADDR LOCAL LOCKED

-%token MEMORY NIFS OWNER PATH PREFIX SIZE SWITCH UP VM VMID

+%token MEMORY NIFS OWNER PATH PREFIX RDOMAIN SIZE SWITCH UP VM VMID

%token <v.number> NUMBER

%token <v.string> STRING

%type <v.lladdr> lladdr

@@ -263,6 +263,14 @@ switch_opts : disable {

| LOCKED LLADDR {

vsw->sw_flags |= VMIFF_LOCKED;

}

+ | RDOMAIN NUMBER {

+ if ($2 < 0 || $2 > RT_TABLEID_MAX) {

+ yyerror("invalid rdomain: %lld", $2);

+ YYERROR;

+ }

+ vsw->sw_flags |= VMIFF_RDOMAIN;

+ vsw->sw_rdomain = $2;

+ }

| updown {

if ($1)

vsw->sw_flags |= VMIFF_UP;

@@ -532,6 +540,14 @@ iface_opts : SWITCH string {

vmc.vmc_ifflags[vcp_nnics] |= VMIFF_LOCKED;

memcpy(vcp->vcp_macs[vcp_nnics], $3, ETHER_ADDR_LEN);

}

+ | RDOMAIN NUMBER {

+ if ($2 < 0 || $2 > RT_TABLEID_MAX) {

+ yyerror("invalid rdomain: %lld", $2);

+ YYERROR;

+ }

+ vmc.vmc_ifflags[vcp_nnics] |= VMIFF_RDOMAIN;

+ vmc.vmc_ifrdomain[vcp_nnics] = $2;

+ }

| updown {

if ($1)

vmc.vmc_ifflags[vcp_nnics] |= VMIFF_UP;

@@ -645,6 +661,7 @@ lookup(char *s)

{ "memory", MEMORY },

{ "owner", OWNER },

{ "prefix", PREFIX },

+ { "rdomain", RDOMAIN },

{ "size", SIZE },

{ "switch", SWITCH },

{ "up", UP },

diff --git a/usr.sbin/vmd/priv.c b/usr.sbin/vmd/priv.c
index a1e6414cf6b..f540a1b1bd1 100644
--- a/usr.sbin/vmd/priv.c
+++ b/usr.sbin/vmd/priv.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: priv.c,v 1.8 2017/04/21 07:03:26 reyk Exp $ */

+/* $OpenBSD: priv.c,v 1.9 2017/05/04 08:26:06 reyk Exp $ */

@@ -88,6 +88,7 @@ priv_dispatch_parent(int fd, struct privsep_proc *p, struct imsg *imsg)

switch (imsg->hdr.type) {

case IMSG_VMDOP_PRIV_IFDESCR:

case IMSG_VMDOP_PRIV_IFCREATE:

+ case IMSG_VMDOP_PRIV_IFRDOMAIN:

case IMSG_VMDOP_PRIV_IFADD:

case IMSG_VMDOP_PRIV_IFUP:

case IMSG_VMDOP_PRIV_IFDOWN:

@@ -124,6 +125,12 @@ priv_dispatch_parent(int fd, struct privsep_proc *p, struct imsg *imsg)

errno != EEXIST)

log_warn("SIOCIFCREATE");

break;

+ case IMSG_VMDOP_PRIV_IFRDOMAIN:

+ strlcpy(ifr.ifr_name, vfr.vfr_name, sizeof(ifr.ifr_name));

+ ifr.ifr_rdomainid = vfr.vfr_id;

+ if (ioctl(env->vmd_fd, SIOCSIFRDOMAIN, &ifr) < 0)

+ log_warn("SIOCSIFRDOMAIN");

+ break;

case IMSG_VMDOP_PRIV_IFADD:

if (priv_getiftype(vfr.vfr_value, type, NULL) == -1)

fatalx("%s: rejected to add interface: %s",

@@ -272,6 +279,17 @@ vm_priv_ifconfig(struct privsep *ps, struct vmd_vm *vm)

sizeof(vfr.vfr_name)) >= sizeof(vfr.vfr_name))

return (-1);

+ /* Set non-default rdomain */

+ if (vif->vif_flags & VMIFF_RDOMAIN) {

+ vfr.vfr_id = vif->vif_rdomain;

+ log_debug("%s: interface %s rdomain %u", __func__,

+ vfr.vfr_name, vfr.vfr_id);

+ proc_compose(ps, PROC_PRIV, IMSG_VMDOP_PRIV_IFRDOMAIN,

+ &vfr, sizeof(vfr));

+ }

/* Description can be truncated */

(void)snprintf(vfr.vfr_value, sizeof(vfr.vfr_value),

"vm%u-if%u-%s", vm->vm_vmid, i, vcp->vcp_name);

@@ -284,18 +302,25 @@ vm_priv_ifconfig(struct privsep *ps, struct vmd_vm *vm)

/* Add interface to bridge/switch */

if ((vsw = switch_getbyname(vif->vif_switch)) != NULL) {

+ memset(&vfbr, 0, sizeof(vfbr));

if (strlcpy(vfbr.vfr_name, vsw->sw_ifname,

sizeof(vfbr.vfr_name)) >= sizeof(vfbr.vfr_name))

return (-1);

if (strlcpy(vfbr.vfr_value, vif->vif_name,

sizeof(vfbr.vfr_value)) >= sizeof(vfbr.vfr_value))

return (-1);

+ vfbr.vfr_id = vsw->sw_rdomain;

log_debug("%s: interface %s add %s", __func__,

vfbr.vfr_name, vfbr.vfr_value);

proc_compose(ps, PROC_PRIV, IMSG_VMDOP_PRIV_IFCREATE,

&vfbr, sizeof(vfbr));

+ if (vsw->sw_flags & VMIFF_RDOMAIN)

+ proc_compose(ps,

+ PROC_PRIV, IMSG_VMDOP_PRIV_IFRDOMAIN,

+ &vfbr, sizeof(vfbr));

proc_compose(ps, PROC_PRIV, IMSG_VMDOP_PRIV_IFADD,

&vfbr, sizeof(vfbr));

} else if (vif->vif_switch != NULL)

@@ -365,13 +390,21 @@ vm_priv_brconfig(struct privsep *ps, struct vmd_switch *vsw)

struct vmd_if *vif;

struct vmop_ifreq vfr;

+ memset(&vfr, 0, sizeof(vfr));

if (strlcpy(vfr.vfr_name, vsw->sw_ifname,

sizeof(vfr.vfr_name)) >= sizeof(vfr.vfr_name))

return (-1);

+ vfr.vfr_id = vsw->sw_rdomain;

proc_compose(ps, PROC_PRIV, IMSG_VMDOP_PRIV_IFCREATE,

&vfr, sizeof(vfr));

+ /* Set non-default rdomain */

+ if (vsw->sw_flags & VMIFF_RDOMAIN)

+ proc_compose(ps, PROC_PRIV, IMSG_VMDOP_PRIV_IFRDOMAIN,

+ &vfr, sizeof(vfr));

/* Description can be truncated */

(void)snprintf(vfr.vfr_value, sizeof(vfr.vfr_value),

"switch%u-%s", vsw->sw_id, vsw->sw_name);

diff --git a/usr.sbin/vmd/vm.conf.5 b/usr.sbin/vmd/vm.conf.5
index e1dd3997005..4e8d2d9304b 100644
--- a/usr.sbin/vmd/vm.conf.5
+++ b/usr.sbin/vmd/vm.conf.5

@@ -1,4 +1,4 @@

-.\" $OpenBSD: vm.conf.5,v 1.19 2017/04/21 07:03:26 reyk Exp $

+.\" $OpenBSD: vm.conf.5,v 1.20 2017/05/04 08:26:06 reyk Exp $

.\"

@@ -15,7 +15,7 @@

.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF

.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

.\"

-.Dd $Mdocdate: April 21 2017 $

+.Dd $Mdocdate: May 4 2017 $

.Dt VM.CONF 5

.Os

.Sh NAME

@@ -161,6 +161,9 @@ If the

keyword is specified,

.Xr vmd 8

will drop packets from the VM with altered source addresses.

+.It Cm rdomain Ar rdomainid

+Attach the interface to the routing domain with the specified

+.Ar rdomainid .

.It Cm switch Ar name

Set the virtual switch

@@ -282,6 +285,12 @@ e.g.\&

If the type is changed to

.Ar switch0 ,

it will be used for each following switch.

+.It Cm rdomain Ar rdomainid

+Set the routing domain of the switch and all of its VM interfaces to

+.Ar rdomainid .

+This overwrites the

+.Cm rdomain

+option of VM interfaces.

.It Cm up

Start the switch forwarding packets.

This is the default.

diff --git a/usr.sbin/vmd/vmd.c b/usr.sbin/vmd/vmd.c
index 91f387d09e2..df84346c388 100644
--- a/usr.sbin/vmd/vmd.c
+++ b/usr.sbin/vmd/vmd.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: vmd.c,v 1.59 2017/04/25 16:38:23 reyk Exp $ */

+/* $OpenBSD: vmd.c,v 1.60 2017/05/04 08:26:06 reyk Exp $ */

@@ -863,6 +863,10 @@ vm_register(struct privsep *ps, struct vmop_create_params *vmc,

vm->vm_ifs[i].vif_fd = -1;

if ((sw = switch_getbyname(vmc->vmc_ifswitch[i])) != NULL) {

+ /* overwrite the rdomain, if configured on the switch */

+ if (sw->sw_flags & VMIFF_RDOMAIN)

+ vmc->vmc_ifrdomain[i] = sw->sw_rdomain;

/* inherit per-interface flags from the switch */

vmc->vmc_ifflags[i] |= (sw->sw_flags & VMIFF_OPTMASK);

}

diff --git a/usr.sbin/vmd/vmd.h b/usr.sbin/vmd/vmd.h
index 0846dbb6436..e111b3a6406 100644
--- a/usr.sbin/vmd/vmd.h
+++ b/usr.sbin/vmd/vmd.h

@@ -1,4 +1,4 @@

-/* $OpenBSD: vmd.h,v 1.52 2017/04/21 07:03:26 reyk Exp $ */

+/* $OpenBSD: vmd.h,v 1.53 2017/05/04 08:26:06 reyk Exp $ */

@@ -80,6 +80,7 @@ enum imsg_type {

IMSG_VMDOP_PRIV_IFDOWN,

IMSG_VMDOP_PRIV_IFGROUP,

IMSG_VMDOP_PRIV_IFADDR,

+ IMSG_VMDOP_PRIV_IFRDOMAIN,

IMSG_VMDOP_VM_SHUTDOWN,

IMSG_VMDOP_VM_REBOOT,

IMSG_VMDOP_CONFIG

@@ -125,10 +126,12 @@ struct vmop_create_params {

#define VMIFF_UP 0x01

#define VMIFF_LOCKED 0x02

#define VMIFF_LOCAL 0x04

-#define VMIFF_OPTMASK (VMIFF_LOCKED|VMIFF_LOCAL)

+#define VMIFF_RDOMAIN 0x08

+#define VMIFF_OPTMASK (VMIFF_LOCKED|VMIFF_LOCAL|VMIFF_RDOMAIN)

char vmc_ifnames[VMM_MAX_NICS_PER_VM][IF_NAMESIZE];

char vmc_ifswitch[VMM_MAX_NICS_PER_VM][VM_NAME_MAX];

char vmc_ifgroup[VMM_MAX_NICS_PER_VM][IF_NAMESIZE];

+ unsigned int vmc_ifrdomain[VMM_MAX_NICS_PER_VM];

uid_t vmc_uid;

int64_t vmc_gid;

};

@@ -148,6 +151,7 @@ struct vmd_if {

char *vif_switch;

char *vif_group;

int vif_fd;

+ unsigned int vif_rdomain;

unsigned int vif_flags;

TAILQ_ENTRY(vmd_if) vif_entry;

};

@@ -158,6 +162,7 @@ struct vmd_switch {

char *sw_name;

char sw_ifname[IF_NAMESIZE];

char *sw_group;

+ unsigned int sw_rdomain;

unsigned int sw_flags;

struct viflist sw_ifs;

int sw_running;