/* * Copyright (C) 2007-2014 Red Hat, Inc. * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library. If not, see * . */ #include #include "virmacaddr.h" #include "virnetdevtap.h" #include "virnetdev.h" #include "virnetdevbridge.h" #include "virnetdevmidonet.h" #include "virnetdevopenvswitch.h" #include "virerror.h" #include "virfile.h" #include "viralloc.h" #include "virlog.h" #include "virstring.h" #include "datatypes.h" #include #include #ifndef WIN32 # include #endif #ifdef WITH_NET_IF_H # include #endif #include #ifdef __linux__ # include /* IFF_TUN, IFF_NO_PI */ #elif defined(__FreeBSD__) # include # include #endif #if defined(WITH_GETIFADDRS) && defined(AF_LINK) # include #endif #define VIR_FROM_THIS VIR_FROM_NONE VIR_LOG_INIT("util.netdevtap"); /** * virNetDevTapGetName: * @tapfd: a tun/tap file descriptor * @ifname: a pointer that will receive the interface name * * Retrieve the interface name given a file descriptor for a tun/tap * interface. * * Returns 0 if the interface name is successfully queried, -1 otherwise */ int virNetDevTapGetName(int tapfd G_GNUC_UNUSED, char **ifname G_GNUC_UNUSED) { #ifdef TUNGETIFF struct ifreq ifr; if (ioctl(tapfd, TUNGETIFF, &ifr) < 0) { virReportSystemError(errno, "%s", _("Unable to query tap interface name")); return -1; } *ifname = g_strdup(ifr.ifr_name); return 0; #else return -1; #endif } /** * virNetDevTapGetRealDeviceName: * @ifname: the interface name * * Lookup real interface name (i.e. name of the device entry in /dev), * because e.g. on FreeBSD if we rename tap device to vnetN its device * entry still remains unchanged (/dev/tapX), but bhyve needs a name * that matches /dev entry. * * Returns the proper interface name or NULL if no corresponding interface * found. */ char* virNetDevTapGetRealDeviceName(char *ifname G_GNUC_UNUSED) { #ifdef IFDATA_DRIVERNAME int ifindex = 0; int name[6]; size_t len = 0; char *ret = NULL; if ((ifindex = if_nametoindex(ifname)) == 0) { virReportSystemError(errno, _("Unable to get interface index for '%s'"), ifname); return NULL; } name[0] = CTL_NET; name[1] = PF_LINK; name[2] = NETLINK_GENERIC; name[3] = IFMIB_IFDATA; name[4] = ifindex; name[5] = IFDATA_DRIVERNAME; if (sysctl(name, 6, NULL, &len, 0, 0) < 0) { virReportSystemError(errno, _("Unable to get driver name for '%s'"), ifname); return NULL; } ret = g_new0(char, len); if (sysctl(name, 6, ret, &len, 0, 0) < 0) { virReportSystemError(errno, _("Unable to get driver name for '%s'"), ifname); VIR_FREE(ret); return NULL; } return ret; #else return NULL; #endif } #ifdef TUNSETIFF /** * virNetDevTapCreate: * @ifname: the interface name * @tunpath: path to the tun device (if NULL, /dev/net/tun is used) * @tapfds: array of file descriptors return value for the new tap device * @tapfdSize: number of file descriptors in @tapfd * @flags: OR of virNetDevTapCreateFlags. Only one flag is recognized: * * VIR_NETDEV_TAP_CREATE_VNET_HDR * - Enable IFF_VNET_HDR on the tap device * VIR_NETDEV_TAP_CREATE_PERSIST * - The device will persist after the file descriptor is closed * * Creates a tap interface. The caller must use virNetDevTapDelete to * remove a persistent TAP device when it is no longer needed. In case * @tapfdSize is greater than one, multiqueue extension is requested * from kernel. * * Returns 0 in case of success or -1 on failure. */ int virNetDevTapCreate(char **ifname, const char *tunpath, int *tapfd, size_t tapfdSize, unsigned int flags) { size_t i = 0; struct ifreq ifr; int ret = -1; int fd = -1; /* if ifname is empty, then auto-generate a name for the new * device (the kernel could do this for us, but has a bad habit of * immediately re-using names that have just been released, which * can lead to race conditions). if ifname is just a * user-provided name, virNetDevGenerateName leaves it * unchanged. */ if (virNetDevGenerateName(ifname, VIR_NET_DEV_GEN_NAME_VNET) < 0) return -1; if (!tunpath) tunpath = "/dev/net/tun"; memset(&ifr, 0, sizeof(ifr)); for (i = 0; i < tapfdSize; i++) { if ((fd = open(tunpath, O_RDWR)) < 0) { virReportSystemError(errno, _("Unable to open %s, is tun module loaded?"), tunpath); goto cleanup; } memset(&ifr, 0, sizeof(ifr)); ifr.ifr_flags = IFF_TAP | IFF_NO_PI; /* If tapfdSize is greater than one, request multiqueue */ if (tapfdSize > 1) ifr.ifr_flags |= IFF_MULTI_QUEUE; if (flags & VIR_NETDEV_TAP_CREATE_VNET_HDR) ifr.ifr_flags |= IFF_VNET_HDR; if (virStrcpyStatic(ifr.ifr_name, *ifname) < 0) { virReportSystemError(ERANGE, _("Network interface name '%s' is too long"), *ifname); goto cleanup; } if (ioctl(fd, TUNSETIFF, &ifr) < 0) { virReportSystemError(errno, _("Unable to create tap device %s"), NULLSTR(*ifname)); goto cleanup; } if (i == 0) { /* In case we are looping more than once, set other * TAPs to have the same name */ VIR_FREE(*ifname); *ifname = g_strdup(ifr.ifr_name); } if ((flags & VIR_NETDEV_TAP_CREATE_PERSIST) && ioctl(fd, TUNSETPERSIST, 1) < 0) { virReportSystemError(errno, _("Unable to set tap device %s to persistent"), NULLSTR(*ifname)); goto cleanup; } tapfd[i] = fd; } VIR_INFO("created device: '%s'", *ifname); ret = 0; cleanup: if (ret < 0) { VIR_FORCE_CLOSE(fd); while (i--) VIR_FORCE_CLOSE(tapfd[i]); } return ret; } int virNetDevTapDelete(const char *ifname, const char *tunpath) { struct ifreq try; int fd; int ret = -1; if (!tunpath) tunpath = "/dev/net/tun"; if ((fd = open(tunpath, O_RDWR)) < 0) { virReportSystemError(errno, _("Unable to open %s, is tun module loaded?"), tunpath); return -1; } memset(&try, 0, sizeof(struct ifreq)); try.ifr_flags = IFF_TAP|IFF_NO_PI; if (virStrcpyStatic(try.ifr_name, ifname) < 0) { virReportSystemError(ERANGE, _("Network interface name '%s' is too long"), ifname); goto cleanup; } if (ioctl(fd, TUNSETIFF, &try) < 0) { virReportSystemError(errno, "%s", _("Unable to associate TAP device")); goto cleanup; } if (ioctl(fd, TUNSETPERSIST, 0) < 0) { virReportSystemError(errno, "%s", _("Unable to make TAP device non-persistent")); goto cleanup; } VIR_INFO("delete device: '%s'", ifname); ret = 0; cleanup: VIR_FORCE_CLOSE(fd); return ret; } #elif defined(SIOCIFCREATE2) && defined(SIOCIFDESTROY) && defined(IF_MAXUNIT) int virNetDevTapCreate(char **ifname, const char *tunpath G_GNUC_UNUSED, int *tapfd, size_t tapfdSize, unsigned int flags G_GNUC_UNUSED) { int s; struct ifreq ifr; int ret = -1; if (tapfdSize > 1) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", _("Multiqueue devices are not supported on this system")); goto cleanup; } /* auto-generate an unused name for the new device (this * is NOP if a name has been provided) */ if (virNetDevGenerateName(ifname, VIR_NET_DEV_GEN_NAME_VNET) < 0) return -1; /* As FreeBSD determines interface type by name, * we have to create 'tap' interface first and * then rename it to 'vnet' */ if ((s = virNetDevSetupControl("tap", &ifr)) < 0) return -1; if (ioctl(s, SIOCIFCREATE2, &ifr) < 0) { virReportSystemError(errno, "%s", _("Unable to create tap device")); goto cleanup; } if (tapfd) { g_autofree char *dev_path = NULL; dev_path = g_strdup_printf("/dev/%s", ifr.ifr_name); if ((*tapfd = open(dev_path, O_RDWR)) < 0) { virReportSystemError(errno, _("Unable to open %s"), dev_path); goto cleanup; } } if (virNetDevSetName(ifr.ifr_name, *ifname) == -1) goto cleanup; ret = 0; cleanup: VIR_FORCE_CLOSE(s); return ret; } int virNetDevTapDelete(const char *ifname, const char *tunpath G_GNUC_UNUSED) { int s; struct ifreq ifr; int ret = -1; if ((s = virNetDevSetupControl(ifname, &ifr)) < 0) return -1; if (ioctl(s, SIOCIFDESTROY, &ifr) < 0) { virReportSystemError(errno, _("Unable to remove tap device %s"), ifname); goto cleanup; } ret = 0; cleanup: VIR_FORCE_CLOSE(s); return ret; } #else int virNetDevTapCreate(char **ifname G_GNUC_UNUSED, const char *tunpath G_GNUC_UNUSED, int *tapfd G_GNUC_UNUSED, size_t tapfdSize G_GNUC_UNUSED, unsigned int flags G_GNUC_UNUSED) { virReportSystemError(ENOSYS, "%s", _("Unable to create TAP devices on this platform")); return -1; } int virNetDevTapDelete(const char *ifname G_GNUC_UNUSED, const char *tunpath G_GNUC_UNUSED) { virReportSystemError(ENOSYS, "%s", _("Unable to delete TAP devices on this platform")); return -1; } #endif /** * virNetDevTapAttachBridge: * @tapname: the tap interface name (or name template) * @brname: the bridge name * @macaddr: desired MAC address * @virtPortProfile: bridge/port specific configuration * @virtVlan: vlan tag info * @mtu: requested MTU for port (or 0 for "default") * @actualMTU: MTU actually set for port (after accounting for bridge's MTU) * * This attaches an existing tap device (@tapname) to a bridge * (@brname). * * Returns 0 in case of success or -1 on failure */ int virNetDevTapAttachBridge(const char *tapname, const char *brname, const virMacAddr *macaddr, const unsigned char *vmuuid, const virNetDevVPortProfile *virtPortProfile, const virNetDevVlan *virtVlan, virTristateBool isolatedPort, unsigned int mtu, unsigned int *actualMTU) { /* If an MTU is specified for the new device, set it before * attaching the device to the bridge, as it may affect the MTU of * the bridge (in particular if it is the first device attached to * the bridge, or if it is smaller than the current MTU of the * bridge). If MTU isn't specified for the new device (i.e. 0), * we need to set the interface MTU to the current MTU of the * bridge (to avoid inadvertently changing the bridge's MTU). */ if (mtu > 0) { if (virNetDevSetMTU(tapname, mtu) < 0) return -1; } else { if (virNetDevSetMTUFromDevice(tapname, brname) < 0) return -1; } if (actualMTU) { int retMTU = virNetDevGetMTU(tapname); if (retMTU < 0) return -1; *actualMTU = retMTU; } if (virtPortProfile) { if (virtPortProfile->virtPortType == VIR_NETDEV_VPORT_PROFILE_MIDONET) { if (virNetDevMidonetBindPort(tapname, virtPortProfile) < 0) return -1; } else if (virtPortProfile->virtPortType == VIR_NETDEV_VPORT_PROFILE_OPENVSWITCH) { if (virNetDevOpenvswitchAddPort(brname, tapname, macaddr, vmuuid, virtPortProfile, virtVlan) < 0) return -1; } } else { if (virNetDevBridgeAddPort(brname, tapname) < 0) return -1; if (isolatedPort == VIR_TRISTATE_BOOL_YES && virNetDevBridgePortSetIsolated(brname, tapname, true) < 0) { virErrorPtr err; virErrorPreserveLast(&err); ignore_value(virNetDevBridgeRemovePort(brname, tapname)); virErrorRestore(&err); return -1; } } return 0; } /** * virNetDevTapReattachBridge: * @tapname: the tap interface name (or name template) * @brname: the bridge name * @macaddr: desired MAC address * @virtPortProfile: bridge/port specific configuration * @virtVlan: vlan tag info * @mtu: requested MTU for port (or 0 for "default") * @actualMTU: MTU actually set for port (after accounting for bridge's MTU) * * Ensures that the tap device (@tapname) is connected to the bridge * (@brname), potentially removing it from any existing bridge that * does not match. * * Returns 0 in case of success or -1 on failure */ int virNetDevTapReattachBridge(const char *tapname, const char *brname, const virMacAddr *macaddr, const unsigned char *vmuuid, const virNetDevVPortProfile *virtPortProfile, const virNetDevVlan *virtVlan, virTristateBool isolatedPort, unsigned int mtu, unsigned int *actualMTU) { bool useOVS = false; g_autofree char *master = NULL; if (virNetDevGetMaster(tapname, &master) < 0) return -1; /* IFLA_MASTER for a tap on an OVS switch is always "ovs-system" */ if (STREQ_NULLABLE(master, "ovs-system")) { useOVS = true; if (virNetDevOpenvswitchInterfaceGetMaster(tapname, &master) < 0) return -1; } /* Nothing more todo if we're on the right bridge already */ if (STREQ_NULLABLE(brname, master)) return 0; /* disconnect from current (incorrect) bridge, if any */ if (master) { int ret; VIR_INFO("Removing %s from %s", tapname, master); if (useOVS) ret = virNetDevOpenvswitchRemovePort(master, tapname); else ret = virNetDevBridgeRemovePort(master, tapname); if (ret < 0) return -1; } VIR_INFO("Attaching %s to %s", tapname, brname); if (virNetDevTapAttachBridge(tapname, brname, macaddr, vmuuid, virtPortProfile, virtVlan, isolatedPort, mtu, actualMTU) < 0) return -1; return 0; } /** * virNetDevTapCreateInBridgePort: * @brname: the bridge name * @ifname: the interface name (or name template) * @macaddr: desired MAC address * @tunpath: path to the tun device (if NULL, /dev/net/tun is used) * @tapfd: array of file descriptor return value for the new tap device * @tapfdSize: number of file descriptors in @tapfd * @virtPortProfile: bridge/port specific configuration * @coalesce: optional coalesce parameters * @mtu: requested MTU for port (or 0 for "default") * @actualMTU: MTU actually set for port (after accounting for bridge's MTU) * @flags: OR of virNetDevTapCreateFlags: * VIR_NETDEV_TAP_CREATE_IFUP * - Bring the interface up * VIR_NETDEV_TAP_CREATE_VNET_HDR * - Enable IFF_VNET_HDR on the tap device * VIR_NETDEV_TAP_CREATE_USE_MAC_FOR_BRIDGE * - Set this interface's MAC as the bridge's MAC address * VIR_NETDEV_TAP_CREATE_PERSIST * - The device will persist after the file descriptor is closed * * This function creates a new tap device on a bridge. @ifname can be either * a fixed name or a name template with '%d' for dynamic name allocation. * in either case the final name for the bridge will be stored in @ifname. * If the @tapfd parameter is supplied, the open tap device file descriptor * will be returned, otherwise the TAP device will be closed. The caller must * use virNetDevTapDelete to remove a persistent TAP device when it is no * longer needed. * * Returns 0 in case of success or -1 on failure */ int virNetDevTapCreateInBridgePort(const char *brname, char **ifname, const virMacAddr *macaddr, const unsigned char *vmuuid, const char *tunpath, int *tapfd, size_t tapfdSize, const virNetDevVPortProfile *virtPortProfile, const virNetDevVlan *virtVlan, virTristateBool isolatedPort, virNetDevCoalesce *coalesce, unsigned int mtu, unsigned int *actualMTU, unsigned int flags) { virMacAddr tapmac; size_t i; if (virNetDevTapCreate(ifname, tunpath, tapfd, tapfdSize, flags) < 0) return -1; /* We need to set the interface MAC before adding it * to the bridge, because the bridge assumes the lowest * MAC of all enslaved interfaces & we don't want it * seeing the kernel allocate random MAC for the TAP * device before we set our static MAC. */ virMacAddrSet(&tapmac, macaddr); if (!(flags & VIR_NETDEV_TAP_CREATE_USE_MAC_FOR_BRIDGE)) { /* The tap device's MAC address cannot match the MAC address * used by the guest. This results in "received packet on * vnetX with own address as source address" error logs from * the kernel. Making the tap address as high as possible * discourages the bridge from using this tap's MAC as its own * (a Linux host bridge will take on the lowest numbered MAC * of all devices attached to it). */ if (tapmac.addr[0] == 0xFE) tapmac.addr[0] = 0xFA; else tapmac.addr[0] = 0xFE; } if (virNetDevSetMAC(*ifname, &tapmac) < 0) goto error; if (virNetDevTapAttachBridge(*ifname, brname, macaddr, vmuuid, virtPortProfile, virtVlan, isolatedPort, mtu, actualMTU) < 0) { goto error; } if (virNetDevSetOnline(*ifname, !!(flags & VIR_NETDEV_TAP_CREATE_IFUP)) < 0) goto error; if (virNetDevSetCoalesce(*ifname, coalesce, false) < 0) goto error; return 0; error: for (i = 0; i < tapfdSize && tapfd[i] >= 0; i++) VIR_FORCE_CLOSE(tapfd[i]); return -1; } /*-------------------- interface stats --------------------*/ /** * virNetDevTapInterfaceStats: * @ifname: interface * @stats: where to store statistics * @swapped: whether to swap RX/TX fields * * Fetch RX/TX statistics for given named interface (@ifname) and * store them at @stats. The returned statistics are always from * domain POV. Because in some cases this means swapping RX/TX in * the stats and in others this means no swapping (consider TAP * vs macvtap) caller might choose if the returned stats should * be @swapped or not. * * Returns 0 on success, -1 otherwise (with error reported). */ #ifdef __linux__ int virNetDevTapInterfaceStats(const char *ifname, virDomainInterfaceStatsPtr stats, bool swapped) { int ifname_len; FILE *fp; char line[256], *colon; if (!ifname) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("Interface name not provided")); return -1; } fp = fopen("/proc/net/dev", "r"); if (!fp) { virReportSystemError(errno, "%s", _("Could not open /proc/net/dev")); return -1; } ifname_len = strlen(ifname); while (fgets(line, sizeof(line), fp)) { long long dummy; long long rx_bytes; long long rx_packets; long long rx_errs; long long rx_drop; long long tx_bytes; long long tx_packets; long long tx_errs; long long tx_drop; /* The line looks like: * " eth0:..." * Split it at the colon. */ colon = strchr(line, ':'); if (!colon) continue; *colon = '\0'; if (colon-ifname_len >= line && STREQ(colon-ifname_len, ifname)) { if (sscanf(colon+1, "%lld %lld %lld %lld %lld %lld %lld %lld %lld %lld %lld %lld %lld %lld %lld %lld", &rx_bytes, &rx_packets, &rx_errs, &rx_drop, &dummy, &dummy, &dummy, &dummy, &tx_bytes, &tx_packets, &tx_errs, &tx_drop, &dummy, &dummy, &dummy, &dummy) != 16) continue; if (swapped) { stats->rx_bytes = tx_bytes; stats->rx_packets = tx_packets; stats->rx_errs = tx_errs; stats->rx_drop = tx_drop; stats->tx_bytes = rx_bytes; stats->tx_packets = rx_packets; stats->tx_errs = rx_errs; stats->tx_drop = rx_drop; } else { stats->rx_bytes = rx_bytes; stats->rx_packets = rx_packets; stats->rx_errs = rx_errs; stats->rx_drop = rx_drop; stats->tx_bytes = tx_bytes; stats->tx_packets = tx_packets; stats->tx_errs = tx_errs; stats->tx_drop = tx_drop; } VIR_FORCE_FCLOSE(fp); return 0; } } VIR_FORCE_FCLOSE(fp); virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("/proc/net/dev: Interface not found")); return -1; } #elif defined(WITH_GETIFADDRS) && defined(AF_LINK) int virNetDevTapInterfaceStats(const char *ifname, virDomainInterfaceStatsPtr stats, bool swapped) { struct ifaddrs *ifap, *ifa; struct if_data *ifd; int ret = -1; if (!ifname) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("Interface name not provided")); return -1; } if (getifaddrs(&ifap) < 0) { virReportSystemError(errno, "%s", _("Could not get interface list")); return -1; } for (ifa = ifap; ifa; ifa = ifa->ifa_next) { if (!ifa->ifa_addr) continue; if (ifa->ifa_addr->sa_family != AF_LINK) continue; if (STREQ(ifa->ifa_name, ifname)) { ifd = (struct if_data *)ifa->ifa_data; if (swapped) { stats->tx_bytes = ifd->ifi_ibytes; stats->tx_packets = ifd->ifi_ipackets; stats->tx_errs = ifd->ifi_ierrors; stats->tx_drop = ifd->ifi_iqdrops; stats->rx_bytes = ifd->ifi_obytes; stats->rx_packets = ifd->ifi_opackets; stats->rx_errs = ifd->ifi_oerrors; # ifndef __APPLE__ stats->rx_drop = ifd->ifi_oqdrops; # else stats->rx_drop = 0; # endif } else { stats->tx_bytes = ifd->ifi_obytes; stats->tx_packets = ifd->ifi_opackets; stats->tx_errs = ifd->ifi_oerrors; # ifndef __APPLE__ stats->tx_drop = ifd->ifi_oqdrops; # else stats->tx_drop = 0; # endif stats->rx_bytes = ifd->ifi_ibytes; stats->rx_packets = ifd->ifi_ipackets; stats->rx_errs = ifd->ifi_ierrors; stats->rx_drop = ifd->ifi_iqdrops; } ret = 0; break; } } if (ret < 0) virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("Interface not found")); freeifaddrs(ifap); return ret; } #else int virNetDevTapInterfaceStats(const char *ifname G_GNUC_UNUSED, virDomainInterfaceStatsPtr stats G_GNUC_UNUSED, bool swapped G_GNUC_UNUSED) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("interface stats not implemented on this platform")); return -1; } #endif /* __linux__ */