Gitiles
Code Review Sign In
gerrit.openfyde.cn / chromium.googlesource.com / chromiumos / platform2 / 2f581a0c6d88167d7c5635ef8b53287d9609b2ee / . / patchpanel / datapath.h
blob: 526061e80dc13b0bba3eaad810f353f07ecf32be [file] [log] [blame]
Garrick Evansf0ab7132019-06-18 14:50:42 +0900[diff] [blame]1// Copyright 2019 The Chromium OS Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
Garrick Evans3388a032020-03-24 11:25:55 +0900[diff] [blame]5#ifndef PATCHPANEL_DATAPATH_H_
6#define PATCHPANEL_DATAPATH_H_
Garrick Evansf0ab7132019-06-18 14:50:42 +0900[diff] [blame]7
Hugo Benichie8758b52020-04-03 14:49:01 +0900[diff] [blame]8#include <net/route.h>
9
Garrick Evansf0ab7132019-06-18 14:50:42 +0900[diff] [blame]10#include <string>
11
12#include <base/macros.h>
13
Garrick Evans3388a032020-03-24 11:25:55 +0900[diff] [blame]14#include "patchpanel/mac_address_generator.h"
15#include "patchpanel/minijailed_process_runner.h"
16#include "patchpanel/subnet.h"
Garrick Evansf0ab7132019-06-18 14:50:42 +0900[diff] [blame]17
Garrick Evans3388a032020-03-24 11:25:55 +0900[diff] [blame]18namespace patchpanel {
Garrick Evansf0ab7132019-06-18 14:50:42 +0900[diff] [blame]19
Taoyu Li90c13912019-11-26 17:56:54 +0900[diff] [blame]20// cros lint will yell to force using int16/int64 instead of long here, however
21// note that unsigned long IS the correct signature for ioctl in Linux kernel -
22// it's 32 bits on 32-bit platform and 64 bits on 64-bit one.
23using ioctl_req_t = unsigned long;
24typedef int (*ioctl_t)(int, ioctl_req_t, ...);
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]25
Garrick Evans54861622019-07-19 09:05:09 +0900[diff] [blame]26// Returns for given interface name the host name of a ARC veth pair.
Garrick Evans2f581a02020-05-11 10:43:35 +0900[diff] [blame^]27std::string ArcVethHostName(const std::string& ifname);
Garrick Evans54861622019-07-19 09:05:09 +0900[diff] [blame]28
Garrick Evansf0ab7132019-06-18 14:50:42 +0900[diff] [blame]29// ARC networking data path configuration utility.
Garrick Evans54861622019-07-19 09:05:09 +0900[diff] [blame]30// IPV4 addresses are always specified in singular dotted-form (a.b.c.d)
31// (not in CIDR representation
Garrick Evansf0ab7132019-06-18 14:50:42 +0900[diff] [blame]32class Datapath {
33 public:
34 // |process_runner| must not be null; it is not owned.
35 explicit Datapath(MinijailedProcessRunner* process_runner);
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]36 // Provided for testing only.
37 Datapath(MinijailedProcessRunner* process_runner, ioctl_t ioctl_hook);
Garrick Evansf0ab7132019-06-18 14:50:42 +0900[diff] [blame]38 virtual ~Datapath() = default;
39
Garrick Evans8a949dc2019-07-18 16:17:53 +0900[diff] [blame]40 virtual bool AddBridge(const std::string& ifname,
Garrick Evans7a1a9ee2020-01-28 11:03:57 +0900[diff] [blame]41 uint32_t ipv4_addr,
42 uint32_t ipv4_prefix_len);
Garrick Evans8a949dc2019-07-18 16:17:53 +0900[diff] [blame]43 virtual void RemoveBridge(const std::string& ifname);
44
Garrick Evans621ed262019-11-13 12:28:43 +0900[diff] [blame]45 virtual bool AddToBridge(const std::string& br_ifname,
46 const std::string& ifname);
47
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]48 // Adds a new TAP device.
49 // |name| may be empty, in which case a default device name will be used;
50 // it may be a template (e.g. vmtap%d), in which case the kernel will
51 // generate the name; or it may be fully defined. In all cases, upon success,
52 // the function returns the actual name of the interface.
Garrick Evans621ed262019-11-13 12:28:43 +0900[diff] [blame]53 // |mac_addr| and |ipv4_addr| should be null if this interface will be later
54 // bridged.
Garrick Evans4f9f5572019-11-26 10:25:16 +0900[diff] [blame]55 // If |user| is empty, no owner will be set
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]56 virtual std::string AddTAP(const std::string& name,
Garrick Evans621ed262019-11-13 12:28:43 +0900[diff] [blame]57 const MacAddress* mac_addr,
58 const SubnetAddress* ipv4_addr,
Garrick Evans4f9f5572019-11-26 10:25:16 +0900[diff] [blame]59 const std::string& user);
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]60
61 // |ifname| must be the actual name of the interface.
62 virtual void RemoveTAP(const std::string& ifname);
63
64 // The following are iptables methods.
65 // When specified, |ipv4_addr| is always singlar dotted-form (a.b.c.d)
66 // IPv4 address (not a CIDR representation).
67
Hugo Benichi76675592020-04-08 14:29:57 +0900[diff] [blame]68 // Creates a virtual interface pair split across the current namespace and the
69 // namespace corresponding to |pid|, and set up the remote interface
70 // |peer_ifname| according // to the given parameters.
71 virtual bool ConnectVethPair(pid_t pid,
72 const std::string& veth_ifname,
73 const std::string& peer_ifname,
74 const MacAddress& remote_mac_addr,
75 uint32_t remote_ipv4_addr,
76 uint32_t remote_ipv4_prefix_len,
77 bool remote_multicast_flag);
78
Garrick Evans2470caa2020-03-04 14:15:41 +0900[diff] [blame]79 // Creates a virtual interface pair.
80 virtual bool AddVirtualInterfacePair(const std::string& veth_ifname,
81 const std::string& peer_ifname);
82
83 // Sets the link status.
84 virtual bool ToggleInterface(const std::string& ifname, bool up);
85
86 // Sets the configuration of an interface.
87 virtual bool ConfigureInterface(const std::string& ifname,
88 const MacAddress& mac_addr,
89 uint32_t ipv4_addr,
90 uint32_t ipv4_prefix_len,
91 bool up,
92 bool enable_multicast);
93
Garrick Evans54861622019-07-19 09:05:09 +0900[diff] [blame]94 virtual void RemoveInterface(const std::string& ifname);
95
Garrick Evansf0ab7132019-06-18 14:50:42 +0900[diff] [blame]96 // Create (or flush and delete) pre-routing rules supporting legacy (ARC N)
97 // single networking DNAT configuration.
98 virtual bool AddLegacyIPv4DNAT(const std::string& ipv4_addr);
99 virtual void RemoveLegacyIPv4DNAT();
100
Garrick Evans54861622019-07-19 09:05:09 +0900[diff] [blame]101 // Enable ingress traffic from a specific physical device to the legacy
102 // single networkng DNAT configuration.
103 virtual bool AddLegacyIPv4InboundDNAT(const std::string& ifname);
104 virtual void RemoveLegacyIPv4InboundDNAT();
105
Garrick Evansf0ab7132019-06-18 14:50:42 +0900[diff] [blame]106 // Create (or delete) pre-routing rules allowing direct ingress on |ifname|
107 // to guest desintation |ipv4_addr|.
108 virtual bool AddInboundIPv4DNAT(const std::string& ifname,
109 const std::string& ipv4_addr);
110 virtual void RemoveInboundIPv4DNAT(const std::string& ifname,
111 const std::string& ipv4_addr);
112
113 // Create (or delete) a forwarding rule for |ifname|.
114 virtual bool AddOutboundIPv4(const std::string& ifname);
115 virtual void RemoveOutboundIPv4(const std::string& ifname);
116
Hugo Benichie8758b52020-04-03 14:49:01 +0900[diff] [blame]117 // Create (or delete) a mangle PREROUTING rule for marking IPv4 traffic
118 // outgoing of |ifname| with the SNAT fwmark value 0x1.
119 // TODO(hugobenichi) Refer to RoutingService to obtain the fwmark value and
120 // add a fwmark mask in the generated rule.
121 virtual bool AddOutboundIPv4SNATMark(const std::string& ifname);
122 virtual void RemoveOutboundIPv4SNATMark(const std::string& ifname);
123
Taoyu Li90c13912019-11-26 17:56:54 +0900[diff] [blame]124 // Methods supporting IPv6 configuration for ARC.
Garrick Evans664a82f2019-12-17 12:18:05 +0900[diff] [blame]125 virtual bool MaskInterfaceFlags(const std::string& ifname,
126 uint16_t on,
127 uint16_t off = 0);
Garrick Evans260ff302019-07-25 11:22:50 +0900[diff] [blame]128
Taoyu Li90c13912019-11-26 17:56:54 +0900[diff] [blame]129 virtual bool AddIPv6Forwarding(const std::string& ifname1,
130 const std::string& ifname2);
131 virtual void RemoveIPv6Forwarding(const std::string& ifname1,
132 const std::string& ifname2);
133
Garrick Evans260ff302019-07-25 11:22:50 +0900[diff] [blame]134 virtual bool AddIPv6HostRoute(const std::string& ifname,
135 const std::string& ipv6_addr,
136 int ipv6_prefix_len);
137 virtual void RemoveIPv6HostRoute(const std::string& ifname,
138 const std::string& ipv6_addr,
139 int ipv6_prefix_len);
140
141 virtual bool AddIPv6Neighbor(const std::string& ifname,
142 const std::string& ipv6_addr);
143 virtual void RemoveIPv6Neighbor(const std::string& ifname,
144 const std::string& ipv6_addr);
145
Hugo Benichie8758b52020-04-03 14:49:01 +0900[diff] [blame]146 // Adds (or deletes) a route to direct to |gateway_addr| the traffic destined
147 // to the subnet defined by |addr| and |netmask|.
Garrick Evans3d97a392020-02-21 15:24:37 +0900[diff] [blame]148 virtual bool AddIPv4Route(uint32_t gateway_addr,
149 uint32_t addr,
150 uint32_t netmask);
Hugo Benichie8758b52020-04-03 14:49:01 +0900[diff] [blame]151 virtual bool DeleteIPv4Route(uint32_t gateway_addr,
152 uint32_t addr,
153 uint32_t netmask);
154 // Adds (or deletes) a route to direct to |ifname| the traffic destined to the
155 // subnet defined by |addr| and |netmask|.
156 virtual bool AddIPv4Route(const std::string& ifname,
157 uint32_t addr,
158 uint32_t netmask);
159 virtual bool DeleteIPv4Route(const std::string& ifname,
160 uint32_t addr,
161 uint32_t netmask);
Garrick Evans3d97a392020-02-21 15:24:37 +0900[diff] [blame]162
Garrick Evans260ff302019-07-25 11:22:50 +0900[diff] [blame]163 MinijailedProcessRunner& runner() const;
164
Garrick Evansf0ab7132019-06-18 14:50:42 +0900[diff] [blame]165 private:
166 MinijailedProcessRunner* process_runner_;
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]167 ioctl_t ioctl_;
Garrick Evansf0ab7132019-06-18 14:50:42 +0900[diff] [blame]168
Hugo Benichie8758b52020-04-03 14:49:01 +0900[diff] [blame]169 bool ModifyRtentry(unsigned long op, struct rtentry* route);
170
Garrick Evansf0ab7132019-06-18 14:50:42 +0900[diff] [blame]171 DISALLOW_COPY_AND_ASSIGN(Datapath);
172};
173
Garrick Evans3388a032020-03-24 11:25:55 +0900[diff] [blame]174} // namespace patchpanel
Garrick Evansf0ab7132019-06-18 14:50:42 +0900[diff] [blame]175
Garrick Evans3388a032020-03-24 11:25:55 +0900[diff] [blame]176#endif // PATCHPANEL_DATAPATH_H_