1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. 23 */ 24 25 #include <errno.h> 26 #include <fcntl.h> 27 #include <priv_utils.h> 28 #include <signal.h> 29 #include <stdlib.h> 30 #include <stdio.h> 31 #include <strings.h> 32 #include <sys/param.h> 33 #include <sys/stat.h> 34 #include <unistd.h> 35 #include <zone.h> 36 #include <libipadm.h> 37 #include <libdladm.h> 38 #include <libdllink.h> 39 #include <net/route.h> 40 #include <netinet/in.h> 41 #include <net/route.h> 42 #include <errno.h> 43 #include <inet/ip.h> 44 #include <string.h> 45 #include <libinetutil.h> 46 #include <unistd.h> 47 #include <libipadm_impl.h> 48 #include <sys/brand.h> 49 50 #define ROUNDUP_LONG(a) \ 51 ((a) > 0 ? (1 + (((a) - 1) | (sizeof (long) - 1))) : sizeof (long)) 52 #define HOST_MASK 0xffffffffU 53 54 typedef struct ngz_walk_data_s { 55 ipadm_handle_t ngz_iph; 56 zoneid_t ngz_zoneid; 57 char *ngz_ifname; 58 boolean_t ngz_s10c; 59 ipadm_status_t ngz_ipstatus; 60 persist_cb_t ngz_persist_if; 61 } ngz_walk_data_t; 62 63 /* 64 * Tell the kernel to add, delete or change a route 65 */ 66 static void 67 i_ipadm_rtioctl4(int rtsock, 68 int action, /* RTM_DELETE, etc */ 69 in_addr_t dst, 70 in_addr_t gate, 71 uint_t masklen, 72 char *ifname, 73 uint8_t metric, 74 int flags) 75 { 76 static int rt_sock_seqno = 0; 77 struct { 78 struct rt_msghdr w_rtm; 79 struct sockaddr_in w_dst; 80 struct sockaddr_in w_gate; 81 uint8_t w_space[512]; 82 } w; 83 struct sockaddr_in w_mask; 84 struct sockaddr_dl w_ifp; 85 uint8_t *cp; 86 long cc; 87 88 again: 89 (void) memset(&w, 0, sizeof (w)); 90 (void) memset(&w_mask, 0, sizeof (w_mask)); 91 (void) memset(&w_ifp, 0, sizeof (w_ifp)); 92 cp = w.w_space; 93 w.w_rtm.rtm_msglen = sizeof (struct rt_msghdr) + 94 2 * ROUNDUP_LONG(sizeof (struct sockaddr_in)); 95 w.w_rtm.rtm_version = RTM_VERSION; 96 w.w_rtm.rtm_type = action; 97 w.w_rtm.rtm_flags = (flags | RTF_ZONE); 98 w.w_rtm.rtm_seq = ++rt_sock_seqno; 99 w.w_rtm.rtm_addrs = RTA_DST|RTA_GATEWAY; 100 if (metric != 0 || action == RTM_CHANGE) { 101 w.w_rtm.rtm_rmx.rmx_hopcount = metric; 102 w.w_rtm.rtm_inits |= RTV_HOPCOUNT; 103 } 104 w.w_dst.sin_family = AF_INET; 105 w.w_dst.sin_addr.s_addr = dst; 106 w.w_gate.sin_family = AF_INET; 107 w.w_gate.sin_addr.s_addr = gate; 108 if (masklen == HOST_MASK) { 109 w.w_rtm.rtm_flags |= RTF_HOST; 110 } else { 111 struct sockaddr_storage m4; 112 113 w.w_rtm.rtm_addrs |= RTA_NETMASK; 114 w_mask.sin_family = AF_INET; 115 if (plen2mask(masklen, AF_INET, (struct sockaddr *)&m4) != 0) { 116 return; 117 } 118 w_mask.sin_addr = ((struct sockaddr_in *)&m4)->sin_addr; 119 (void) memmove(cp, &w_mask, sizeof (w_mask)); 120 cp += ROUNDUP_LONG(sizeof (struct sockaddr_in)); 121 w.w_rtm.rtm_msglen += ROUNDUP_LONG(sizeof (struct sockaddr_in)); 122 } 123 w_ifp.sdl_family = AF_LINK; 124 w.w_rtm.rtm_addrs |= RTA_IFP; 125 w_ifp.sdl_index = if_nametoindex(ifname); 126 (void) memmove(cp, &w_ifp, sizeof (w_ifp)); 127 w.w_rtm.rtm_msglen += ROUNDUP_LONG(sizeof (struct sockaddr_dl)); 128 129 cc = write(rtsock, &w, w.w_rtm.rtm_msglen); 130 if (cc < 0) { 131 if (errno == ESRCH && (action == RTM_CHANGE || 132 action == RTM_DELETE)) { 133 if (action == RTM_CHANGE) { 134 action = RTM_ADD; 135 goto again; 136 } 137 return; 138 } 139 return; 140 } else if (cc != w.w_rtm.rtm_msglen) { 141 return; 142 } 143 } 144 145 static void 146 i_ipadm_rtioctl6(int rtsock, 147 int action, /* RTM_DELETE, etc */ 148 in6_addr_t dst, 149 in6_addr_t gate, 150 uint_t prefix_length, 151 char *ifname, 152 int flags) 153 { 154 static int rt_sock_seqno = 0; 155 struct { 156 struct rt_msghdr w_rtm; 157 struct sockaddr_in6 w_dst; 158 struct sockaddr_in6 w_gate; 159 uint8_t w_space[512]; 160 } w; 161 struct sockaddr_in6 w_mask; 162 struct sockaddr_dl w_ifp; 163 uint8_t *cp; 164 long cc; 165 166 again: 167 (void) memset(&w, 0, sizeof (w)); 168 (void) memset(&w_mask, 0, sizeof (w_mask)); 169 (void) memset(&w_ifp, 0, sizeof (w_ifp)); 170 cp = w.w_space; 171 w.w_rtm.rtm_msglen = sizeof (struct rt_msghdr) + 172 2 * ROUNDUP_LONG(sizeof (struct sockaddr_in6)); 173 w.w_rtm.rtm_version = RTM_VERSION; 174 w.w_rtm.rtm_type = action; 175 w.w_rtm.rtm_flags = (flags | RTF_ZONE); 176 w.w_rtm.rtm_seq = ++rt_sock_seqno; 177 w.w_rtm.rtm_addrs = RTA_DST|RTA_GATEWAY; 178 w.w_dst.sin6_family = AF_INET6; 179 w.w_dst.sin6_addr = dst; 180 w.w_gate.sin6_family = AF_INET6; 181 w.w_gate.sin6_addr = gate; 182 if (prefix_length == IPV6_ABITS) { 183 w.w_rtm.rtm_flags |= RTF_HOST; 184 } else { 185 struct sockaddr_storage m6; 186 187 w.w_rtm.rtm_addrs |= RTA_NETMASK; 188 w_mask.sin6_family = AF_INET6; 189 if (plen2mask(prefix_length, AF_INET6, 190 (struct sockaddr *)&m6) != 0) { 191 return; 192 } 193 w_mask.sin6_addr = ((struct sockaddr_in6 *)&m6)->sin6_addr; 194 (void) memmove(cp, &w_mask, sizeof (w_mask)); 195 cp += ROUNDUP_LONG(sizeof (struct sockaddr_in6)); 196 w.w_rtm.rtm_msglen += 197 ROUNDUP_LONG(sizeof (struct sockaddr_in6)); 198 } 199 w_ifp.sdl_family = AF_LINK; 200 w.w_rtm.rtm_addrs |= RTA_IFP; 201 w_ifp.sdl_index = if_nametoindex(ifname); 202 (void) memmove(cp, &w_ifp, sizeof (w_ifp)); 203 w.w_rtm.rtm_msglen += ROUNDUP_LONG(sizeof (struct sockaddr_dl)); 204 205 cc = write(rtsock, &w, w.w_rtm.rtm_msglen); 206 if (cc < 0) { 207 if (errno == ESRCH && (action == RTM_CHANGE || 208 action == RTM_DELETE)) { 209 if (action == RTM_CHANGE) { 210 action = RTM_ADD; 211 goto again; 212 } 213 return; 214 } 215 return; 216 } else if (cc != w.w_rtm.rtm_msglen) { 217 return; 218 } 219 } 220 221 /* 222 * Return TRUE if running in a Solaris 10 Container. 223 */ 224 static boolean_t 225 i_ipadm_zone_is_s10c(zoneid_t zoneid) 226 { 227 char brand[MAXNAMELEN]; 228 229 if (zone_getattr(zoneid, ZONE_ATTR_BRAND, brand, sizeof (brand)) < 0) 230 return (B_FALSE); 231 return (strcmp(brand, NATIVE_BRAND_NAME) != 0); 232 } 233 234 /* 235 * Configure addresses on link. `buf' is a string of comma-separated 236 * IP addresses. 237 */ 238 static ipadm_status_t 239 i_ipadm_ngz_addr(ipadm_handle_t iph, char *link, char *buf) 240 { 241 ipadm_status_t ipstatus; 242 ipadm_addrobj_t ipaddr; 243 char *cp; 244 245 for (cp = strtok(buf, ","); cp != NULL; cp = strtok(NULL, ",")) { 246 ipstatus = ipadm_create_addrobj(IPADM_ADDR_STATIC, link, 247 &ipaddr); 248 if (ipstatus != IPADM_SUCCESS) 249 return (ipstatus); 250 /* 251 * ipadm_set_addr does the appropriate name resolution and 252 * sets up the ipadm_static_addr field. 253 */ 254 ipstatus = ipadm_set_addr(ipaddr, cp, AF_UNSPEC); 255 if (ipstatus != IPADM_SUCCESS) { 256 ipadm_destroy_addrobj(ipaddr); 257 return (ipstatus); 258 } 259 260 ipstatus = ipadm_create_addr(iph, ipaddr, 261 (IPADM_OPT_ACTIVE | IPADM_OPT_UP)); 262 if (ipstatus != IPADM_SUCCESS) { 263 ipadm_destroy_addrobj(ipaddr); 264 return (ipstatus); 265 } 266 ipadm_destroy_addrobj(ipaddr); 267 } 268 return (IPADM_SUCCESS); 269 } 270 271 /* 272 * The (*persist_if)() will set up persistent information for the interface, 273 * based on what interface families are required, so just resolve the 274 * address and inform the callback about the linkname, and required address 275 * families. 276 */ 277 static ipadm_status_t 278 i_ipadm_ngz_persist_if(char *link, char *buf, 279 void (*ngz_persist_if)(char *, boolean_t, boolean_t)) 280 { 281 char *cp, *slashp, addr[INET6_ADDRSTRLEN]; 282 ipadm_status_t ipstatus; 283 struct sockaddr_storage ss; 284 boolean_t v4 = B_FALSE; 285 boolean_t v6 = B_FALSE; 286 287 for (cp = strtok(buf, ","); cp != NULL; cp = strtok(NULL, ",")) { 288 /* remove the /<masklen> that's always added by zoneadmd */ 289 slashp = strchr(cp, '/'); 290 (void) strlcpy(addr, cp, (slashp - cp + 1)); 291 292 /* resolve the address to find the family */ 293 bzero(&ss, sizeof (ss)); 294 ipstatus = i_ipadm_resolve_addr(addr, AF_UNSPEC, &ss); 295 if (ipstatus != IPADM_SUCCESS) 296 return (ipstatus); 297 switch (ss.ss_family) { 298 case AF_INET: 299 v4 = B_TRUE; 300 break; 301 case AF_INET6: 302 v6 = B_TRUE; 303 break; 304 default: 305 return (IPADM_BAD_ADDR); 306 } 307 } 308 (*ngz_persist_if)(link, v4, v6); 309 return (IPADM_SUCCESS); 310 } 311 312 static void 313 i_ipadm_create_ngz_route(int rtsock, char *link, uint8_t *buf, size_t buflen) 314 { 315 struct in6_addr defrouter; 316 boolean_t isv6; 317 struct in_addr gw4; 318 uint8_t *cp; 319 const in6_addr_t ipv6_all_zeros = { 0, 0, 0, 0 }; 320 321 if (rtsock == -1) 322 return; 323 324 for (cp = buf; cp < buf + buflen; cp += sizeof (defrouter)) { 325 bcopy(cp, &defrouter, sizeof (defrouter)); 326 if (IN6_IS_ADDR_UNSPECIFIED(&defrouter)) 327 break; 328 isv6 = !IN6_IS_ADDR_V4MAPPED(&defrouter); 329 if (isv6) { 330 i_ipadm_rtioctl6(rtsock, RTM_ADD, ipv6_all_zeros, 331 defrouter, 0, link, RTF_GATEWAY); 332 } else { 333 IN6_V4MAPPED_TO_INADDR(&defrouter, &gw4); 334 i_ipadm_rtioctl4(rtsock, RTM_ADD, INADDR_ANY, 335 gw4.s_addr, 0, link, 0, RTF_GATEWAY); 336 } 337 } 338 } 339 340 /* 341 * Wrapper function to zone_getattr() for retrieving from-gz attributes that 342 * were made availabe for exclusive IP non-global zones by zoneadmd from teh 343 * global zone. 344 */ 345 static ipadm_status_t 346 i_ipadm_zone_get_network(zoneid_t zoneid, datalink_id_t linkid, int type, 347 void *buf, size_t *bufsize) 348 { 349 zone_net_data_t *zndata; 350 351 zndata = calloc(1, sizeof (*zndata) + *bufsize); 352 if (zndata == NULL) 353 return (IPADM_NO_MEMORY); 354 zndata->zn_type = type; 355 zndata->zn_linkid = linkid; 356 zndata->zn_len = *bufsize; 357 358 if (zone_getattr(zoneid, ZONE_ATTR_NETWORK, zndata, 359 sizeof (*zndata) + *bufsize) < 0) { 360 return (ipadm_errno2status(errno)); 361 } 362 *bufsize = zndata->zn_len; 363 bcopy(zndata->zn_val, buf, *bufsize); 364 return (IPADM_SUCCESS); 365 } 366 367 /* 368 * Callback function that configures a single datalink in a non-global zone. 369 */ 370 static int 371 i_ipadm_zone_network_attr(dladm_handle_t dh, datalink_id_t linkid, void *arg) 372 { 373 ngz_walk_data_t *nwd = arg; 374 zoneid_t zoneid = nwd->ngz_zoneid; 375 uint8_t buf[PIPE_BUF]; 376 dladm_status_t dlstatus; 377 ipadm_status_t ipstatus; 378 char link[MAXLINKNAMELEN]; 379 ipadm_handle_t iph = nwd->ngz_iph; 380 int rtsock = iph->iph_rtsock; 381 char *ifname = nwd->ngz_ifname; 382 boolean_t s10c = nwd->ngz_s10c; 383 boolean_t is_ipmgmtd = (iph->iph_flags & IPH_IPMGMTD); 384 size_t bufsize = sizeof (buf); 385 386 bzero(buf, bufsize); 387 ipstatus = i_ipadm_zone_get_network(zoneid, linkid, 388 ZONE_NETWORK_ADDRESS, buf, &bufsize); 389 if (ipstatus != IPADM_SUCCESS) 390 goto fail; 391 392 dlstatus = dladm_datalink_id2info(dh, linkid, NULL, NULL, 393 NULL, link, sizeof (link)); 394 if (dlstatus != DLADM_STATUS_OK) 395 return (DLADM_WALK_CONTINUE); 396 397 /* 398 * if ifname has been specified, then skip interfaces that don't match 399 */ 400 if (ifname != NULL && strcmp(ifname, link) != 0) 401 return (DLADM_WALK_CONTINUE); 402 403 /* 404 * Plumb the interface and configure addresses on for S10 Containers. 405 * We need to always do this for S10C because ipadm persistent 406 * configuration is not available in S10C. For ipkg zones, 407 * we skip the actual plumbing/configuration, but will call the 408 * (*ngz_persist_if)() callback to create the persistent state for the 409 * interface. The interface will be configured in ipkg zones when 410 * ipadm_enable_if() is invoked to restore persistent configuration. 411 */ 412 if (is_ipmgmtd && !s10c) { 413 (void) i_ipadm_ngz_persist_if(link, (char *)buf, 414 nwd->ngz_persist_if); 415 return (DLADM_WALK_CONTINUE); 416 } 417 ipstatus = i_ipadm_ngz_addr(iph, link, (char *)buf); 418 if (ipstatus != IPADM_SUCCESS) 419 goto fail; 420 421 /* apply any default router information. */ 422 bufsize = sizeof (buf); 423 bzero(buf, bufsize); 424 ipstatus = i_ipadm_zone_get_network(zoneid, linkid, 425 ZONE_NETWORK_DEFROUTER, buf, &bufsize); 426 if (ipstatus != IPADM_SUCCESS) 427 goto fail; 428 429 i_ipadm_create_ngz_route(rtsock, link, buf, bufsize); 430 431 return (DLADM_WALK_CONTINUE); 432 fail: 433 if (ifname != NULL) { 434 nwd->ngz_ipstatus = ipstatus; 435 return (DLADM_WALK_TERMINATE); 436 } 437 return (DLADM_WALK_CONTINUE); 438 } 439 440 /* 441 * ipmgmt_net_from_gz_init() initializes exclusive-IP stack non-global zones by 442 * extracting configuration that has been saved in the kernel and applying 443 * that information to the appropriate datalinks for the zone. If an ifname 444 * argument is passed in, only the selected IP interface corresponding to 445 * datalink will be initialized, otherwise all datalinks will be plumbed for IP 446 * and IP address and route information will be configured. 447 */ 448 ipadm_status_t 449 ipadm_init_net_from_gz(ipadm_handle_t iph, char *ifname, 450 void (*persist_if)(char *, boolean_t, boolean_t)) 451 { 452 ngz_walk_data_t nwd; 453 uint64_t flags; 454 dladm_handle_t dlh = iph->iph_dlh; 455 datalink_id_t linkid; 456 457 if (iph->iph_zoneid == GLOBAL_ZONEID) 458 return (IPADM_NOTSUP); 459 460 if (ifname != NULL && 461 i_ipadm_get_flags(iph, ifname, AF_INET, &flags) != IPADM_SUCCESS && 462 i_ipadm_get_flags(iph, ifname, AF_INET6, &flags) != IPADM_SUCCESS) 463 return (IPADM_ENXIO); 464 465 if (ifname != NULL && !(flags & IFF_L3PROTECT)) 466 return (IPADM_SUCCESS); /* nothing to initialize */ 467 468 nwd.ngz_iph = iph; 469 nwd.ngz_zoneid = iph->iph_zoneid; 470 nwd.ngz_ifname = ifname; 471 nwd.ngz_persist_if = persist_if; 472 nwd.ngz_s10c = i_ipadm_zone_is_s10c(iph->iph_zoneid); 473 nwd.ngz_ipstatus = IPADM_SUCCESS; 474 if (ifname != NULL) { 475 if (dladm_name2info(dlh, ifname, &linkid, NULL, NULL, 476 NULL) != DLADM_STATUS_OK) { 477 return (IPADM_ENXIO); 478 } 479 (void) i_ipadm_zone_network_attr(dlh, linkid, &nwd); 480 } else { 481 (void) dladm_walk_datalink_id(i_ipadm_zone_network_attr, dlh, 482 &nwd, DATALINK_CLASS_ALL, DATALINK_ANY_MEDIATYPE, 483 DLADM_OPT_PERSIST); 484 } 485 return (nwd.ngz_ipstatus); 486 } 487