Gitiles
Code Review Sign In
gerrit.openfyde.cn / chromium.googlesource.com / chromiumos / platform2 / c6ae67cb15ea26b6a99a81fd7d86b41da9074fcb / . / patchpanel / datapath.h
blob: 03b13b6301a57ff046af30c50130ded96e27a090 [file] [log] [blame]
Garrick Evansf0ab7132019-06-18 14:50:42 +0900[diff] [blame]1// Copyright 2019 The Chromium OS Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
Garrick Evans3388a032020-03-24 11:25:55 +0900[diff] [blame]5#ifndef PATCHPANEL_DATAPATH_H_
6#define PATCHPANEL_DATAPATH_H_
Garrick Evansf0ab7132019-06-18 14:50:42 +0900[diff] [blame]7
Hugo Benichie8758b52020-04-03 14:49:01 +0900[diff] [blame]8#include <net/route.h>
Hugo Benichi33860d72020-07-09 16:34:01 +0900[diff] [blame]9#include <sys/types.h>
Hugo Benichie8758b52020-04-03 14:49:01 +0900[diff] [blame]10
Garrick Evansf0ab7132019-06-18 14:50:42 +0900[diff] [blame]11#include <string>
12
13#include <base/macros.h>
14
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]15#include "patchpanel/firewall.h"
Garrick Evans3388a032020-03-24 11:25:55 +0900[diff] [blame]16#include "patchpanel/mac_address_generator.h"
17#include "patchpanel/minijailed_process_runner.h"
Hugo Benichi8d622b52020-08-13 15:24:12 +0900[diff] [blame]18#include "patchpanel/routing_service.h"
Garrick Evans3388a032020-03-24 11:25:55 +0900[diff] [blame]19#include "patchpanel/subnet.h"
Garrick Evansf0ab7132019-06-18 14:50:42 +0900[diff] [blame]20
Garrick Evans3388a032020-03-24 11:25:55 +0900[diff] [blame]21namespace patchpanel {
Garrick Evansf0ab7132019-06-18 14:50:42 +0900[diff] [blame]22
Hugo Benichid82d8832020-08-14 10:05:03 +0900[diff] [blame]23// Simple enum of bitmasks used for specifying a set of IP family values.
24enum IpFamily {
25 NONE = 0,
26 IPv4 = 1 << 0,
27 IPv6 = 1 << 1,
28 Dual = IPv4 | IPv6, //(1 << 0) | (1 << 1);
29};
30
Taoyu Li90c13912019-11-26 17:56:54 +0900[diff] [blame]31// cros lint will yell to force using int16/int64 instead of long here, however
32// note that unsigned long IS the correct signature for ioctl in Linux kernel -
33// it's 32 bits on 32-bit platform and 64 bits on 64-bit one.
34using ioctl_req_t = unsigned long;
35typedef int (*ioctl_t)(int, ioctl_req_t, ...);
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]36
Garrick Evans54861622019-07-19 09:05:09 +0900[diff] [blame]37// Returns for given interface name the host name of a ARC veth pair.
Garrick Evans2f581a02020-05-11 10:43:35 +0900[diff] [blame]38std::string ArcVethHostName(const std::string& ifname);
Garrick Evans54861622019-07-19 09:05:09 +0900[diff] [blame]39
Garrick Evans8a067562020-05-11 12:47:30 +0900[diff] [blame]40// Returns the ARC bridge interface name for the given interface.
41std::string ArcBridgeName(const std::string& ifname);
42
Garrick Evansf0ab7132019-06-18 14:50:42 +0900[diff] [blame]43// ARC networking data path configuration utility.
Garrick Evans54861622019-07-19 09:05:09 +0900[diff] [blame]44// IPV4 addresses are always specified in singular dotted-form (a.b.c.d)
45// (not in CIDR representation
Garrick Evansf0ab7132019-06-18 14:50:42 +0900[diff] [blame]46class Datapath {
47 public:
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]48 // |process_runner| and |firewall| must not be null; it is not owned.
49 Datapath(MinijailedProcessRunner* process_runner, Firewall* firewall);
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]50 // Provided for testing only.
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]51 Datapath(MinijailedProcessRunner* process_runner,
52 Firewall* firewall,
53 ioctl_t ioctl_hook);
Garrick Evansf0ab7132019-06-18 14:50:42 +0900[diff] [blame]54 virtual ~Datapath() = default;
55
Hugo Benichi33860d72020-07-09 16:34:01 +0900[diff] [blame]56 // Attaches the name |netns_name| to a network namespace identified by
57 // |netns_pid|. If |netns_name| had already been created, it will be deleted
58 // first.
59 virtual bool NetnsAttachName(const std::string& netns_name, pid_t netns_pid);
60
61 // Deletes the name |netns_name| of a network namespace.
62 virtual bool NetnsDeleteName(const std::string& netns_name);
63
Garrick Evans8a949dc2019-07-18 16:17:53 +0900[diff] [blame]64 virtual bool AddBridge(const std::string& ifname,
Garrick Evans7a1a9ee2020-01-28 11:03:57 +0900[diff] [blame]65 uint32_t ipv4_addr,
66 uint32_t ipv4_prefix_len);
Garrick Evans8a949dc2019-07-18 16:17:53 +0900[diff] [blame]67 virtual void RemoveBridge(const std::string& ifname);
68
Garrick Evans621ed262019-11-13 12:28:43 +0900[diff] [blame]69 virtual bool AddToBridge(const std::string& br_ifname,
70 const std::string& ifname);
71
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]72 // Adds a new TAP device.
73 // |name| may be empty, in which case a default device name will be used;
74 // it may be a template (e.g. vmtap%d), in which case the kernel will
75 // generate the name; or it may be fully defined. In all cases, upon success,
76 // the function returns the actual name of the interface.
Garrick Evans621ed262019-11-13 12:28:43 +0900[diff] [blame]77 // |mac_addr| and |ipv4_addr| should be null if this interface will be later
78 // bridged.
Garrick Evans4f9f5572019-11-26 10:25:16 +0900[diff] [blame]79 // If |user| is empty, no owner will be set
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]80 virtual std::string AddTAP(const std::string& name,
Garrick Evans621ed262019-11-13 12:28:43 +0900[diff] [blame]81 const MacAddress* mac_addr,
82 const SubnetAddress* ipv4_addr,
Garrick Evans4f9f5572019-11-26 10:25:16 +0900[diff] [blame]83 const std::string& user);
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]84
85 // |ifname| must be the actual name of the interface.
86 virtual void RemoveTAP(const std::string& ifname);
87
88 // The following are iptables methods.
89 // When specified, |ipv4_addr| is always singlar dotted-form (a.b.c.d)
90 // IPv4 address (not a CIDR representation).
91
Hugo Benichi76675592020-04-08 14:29:57 +0900[diff] [blame]92 // Creates a virtual interface pair split across the current namespace and the
93 // namespace corresponding to |pid|, and set up the remote interface
94 // |peer_ifname| according // to the given parameters.
95 virtual bool ConnectVethPair(pid_t pid,
Hugo Benichi33860d72020-07-09 16:34:01 +0900[diff] [blame]96 const std::string& netns_name,
Hugo Benichi76675592020-04-08 14:29:57 +0900[diff] [blame]97 const std::string& veth_ifname,
98 const std::string& peer_ifname,
99 const MacAddress& remote_mac_addr,
100 uint32_t remote_ipv4_addr,
101 uint32_t remote_ipv4_prefix_len,
102 bool remote_multicast_flag);
103
Garrick Evans2470caa2020-03-04 14:15:41 +0900[diff] [blame]104 // Creates a virtual interface pair.
Hugo Benichi9ab5a052020-07-28 11:29:01 +0900[diff] [blame]105 virtual bool AddVirtualInterfacePair(const std::string& netns_name,
Hugo Benichi33860d72020-07-09 16:34:01 +0900[diff] [blame]106 const std::string& veth_ifname,
Garrick Evans2470caa2020-03-04 14:15:41 +0900[diff] [blame]107 const std::string& peer_ifname);
108
109 // Sets the link status.
110 virtual bool ToggleInterface(const std::string& ifname, bool up);
111
112 // Sets the configuration of an interface.
113 virtual bool ConfigureInterface(const std::string& ifname,
114 const MacAddress& mac_addr,
115 uint32_t ipv4_addr,
116 uint32_t ipv4_prefix_len,
117 bool up,
118 bool enable_multicast);
119
Garrick Evans54861622019-07-19 09:05:09 +0900[diff] [blame]120 virtual void RemoveInterface(const std::string& ifname);
121
Hugo Benichi8d622b52020-08-13 15:24:12 +0900[diff] [blame]122 // Sets up IPv4 SNAT, IP forwarding, and traffic marking for the given
123 // virtual device |int_ifname| associated to |source|. if |ext_ifname| is
124 // empty, the device is implicitly routed through the highest priority
125 // network.
126 virtual void StartRoutingDevice(const std::string& ext_ifname,
127 const std::string& int_ifname,
128 uint32_t int_ipv4_addr,
129 TrafficSource source);
130
131 // Removes IPv4 iptables, IP forwarding, and traffic marking for the given
132 // virtual device |int_ifname|.
133 virtual void StopRoutingDevice(const std::string& ext_ifname,
134 const std::string& int_ifname,
135 uint32_t int_ipv4_addr,
136 TrafficSource source);
137
Garrick Evansf0ab7132019-06-18 14:50:42 +0900[diff] [blame]138 // Create (or delete) pre-routing rules allowing direct ingress on |ifname|
139 // to guest desintation |ipv4_addr|.
140 virtual bool AddInboundIPv4DNAT(const std::string& ifname,
141 const std::string& ipv4_addr);
142 virtual void RemoveInboundIPv4DNAT(const std::string& ifname,
143 const std::string& ipv4_addr);
144
145 // Create (or delete) a forwarding rule for |ifname|.
146 virtual bool AddOutboundIPv4(const std::string& ifname);
147 virtual void RemoveOutboundIPv4(const std::string& ifname);
148
Garrick Evansd291af62020-05-25 10:39:06 +0900[diff] [blame]149 // Creates (or deletes) the forwarding and postrouting rules for SNAT
150 // fwmarked IPv4 traffic.
151 virtual bool AddSNATMarkRules();
152 virtual void RemoveSNATMarkRules();
153
Garrick Evansff6e37f2020-05-25 10:54:47 +0900[diff] [blame]154 virtual bool AddInterfaceSNAT(const std::string& ifname);
155 virtual void RemoveInterfaceSNAT(const std::string& ifname);
156
Hugo Benichie8758b52020-04-03 14:49:01 +0900[diff] [blame]157 // Create (or delete) a mangle PREROUTING rule for marking IPv4 traffic
158 // outgoing of |ifname| with the SNAT fwmark value 0x1.
159 // TODO(hugobenichi) Refer to RoutingService to obtain the fwmark value and
160 // add a fwmark mask in the generated rule.
161 virtual bool AddOutboundIPv4SNATMark(const std::string& ifname);
162 virtual void RemoveOutboundIPv4SNATMark(const std::string& ifname);
163
Garrick Evansd291af62020-05-25 10:39:06 +0900[diff] [blame]164 // Create (or delete) a forward rule for established connections.
165 virtual bool AddForwardEstablishedRule();
166 virtual void RemoveForwardEstablishedRule();
167
Taoyu Li90c13912019-11-26 17:56:54 +0900[diff] [blame]168 // Methods supporting IPv6 configuration for ARC.
Garrick Evans664a82f2019-12-17 12:18:05 +0900[diff] [blame]169 virtual bool MaskInterfaceFlags(const std::string& ifname,
170 uint16_t on,
171 uint16_t off = 0);
Garrick Evans260ff302019-07-25 11:22:50 +0900[diff] [blame]172
Hugo Benichid82d8832020-08-14 10:05:03 +0900[diff] [blame]173 // Starts or stops accepting IP traffic forwarded between |iif| and |oif|
174 // by adding or removing ACCEPT rules in the filter FORWARD chain of iptables
175 // and/or ip6tables. If |iif| is empty, only specifies |oif| as the output
176 // interface. If |iif| is empty, only specifies |iif| as the input interface.
177 // |oif| and |iif| cannot be both empty.
178 virtual bool StartIpForwarding(IpFamily family,
179 const std::string& iif,
180 const std::string& oif);
181 virtual bool StopIpForwarding(IpFamily family,
182 const std::string& iif,
183 const std::string& oif);
184
185 // Convenience functions for enabling or disabling IPv6 forwarding in both
186 // directions between a pair of interfaces
Taoyu Li90c13912019-11-26 17:56:54 +0900[diff] [blame]187 virtual bool AddIPv6Forwarding(const std::string& ifname1,
188 const std::string& ifname2);
189 virtual void RemoveIPv6Forwarding(const std::string& ifname1,
190 const std::string& ifname2);
191
Garrick Evans260ff302019-07-25 11:22:50 +0900[diff] [blame]192 virtual bool AddIPv6HostRoute(const std::string& ifname,
193 const std::string& ipv6_addr,
194 int ipv6_prefix_len);
195 virtual void RemoveIPv6HostRoute(const std::string& ifname,
196 const std::string& ipv6_addr,
197 int ipv6_prefix_len);
198
199 virtual bool AddIPv6Neighbor(const std::string& ifname,
200 const std::string& ipv6_addr);
201 virtual void RemoveIPv6Neighbor(const std::string& ifname,
202 const std::string& ipv6_addr);
203
Hugo Benichie8758b52020-04-03 14:49:01 +0900[diff] [blame]204 // Adds (or deletes) a route to direct to |gateway_addr| the traffic destined
205 // to the subnet defined by |addr| and |netmask|.
Garrick Evans3d97a392020-02-21 15:24:37 +0900[diff] [blame]206 virtual bool AddIPv4Route(uint32_t gateway_addr,
207 uint32_t addr,
208 uint32_t netmask);
Hugo Benichie8758b52020-04-03 14:49:01 +0900[diff] [blame]209 virtual bool DeleteIPv4Route(uint32_t gateway_addr,
210 uint32_t addr,
211 uint32_t netmask);
212 // Adds (or deletes) a route to direct to |ifname| the traffic destined to the
213 // subnet defined by |addr| and |netmask|.
214 virtual bool AddIPv4Route(const std::string& ifname,
215 uint32_t addr,
216 uint32_t netmask);
217 virtual bool DeleteIPv4Route(const std::string& ifname,
218 uint32_t addr,
219 uint32_t netmask);
Garrick Evans3d97a392020-02-21 15:24:37 +0900[diff] [blame]220
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]221 // Adds (or deletes) an iptables rule for ADB port forwarding.
222 virtual bool AddAdbPortForwardRule(const std::string& ifname);
223 virtual void DeleteAdbPortForwardRule(const std::string& ifname);
224
225 // Adds (or deletes) an iptables rule for ADB port access.
226 virtual bool AddAdbPortAccessRule(const std::string& ifname);
227 virtual void DeleteAdbPortAccessRule(const std::string& ifname);
228
Garrick Evans260ff302019-07-25 11:22:50 +0900[diff] [blame]229 MinijailedProcessRunner& runner() const;
230
Garrick Evansf0ab7132019-06-18 14:50:42 +0900[diff] [blame]231 private:
Hugo Benichid82d8832020-08-14 10:05:03 +0900[diff] [blame]232 bool ModifyIpForwarding(IpFamily family,
233 const std::string& op,
234 const std::string& iif,
235 const std::string& oif,
236 bool log_failures = true);
237
Garrick Evansf0ab7132019-06-18 14:50:42 +0900[diff] [blame]238 MinijailedProcessRunner* process_runner_;
Jason Jeremy Imana7273a32020-08-04 11:25:31 +0900[diff] [blame]239 Firewall* firewall_;
Garrick Evansc7ae82c2019-09-04 16:25:10 +0900[diff] [blame]240 ioctl_t ioctl_;
Garrick Evansf0ab7132019-06-18 14:50:42 +0900[diff] [blame]241
Hugo Benichie8758b52020-04-03 14:49:01 +0900[diff] [blame]242 bool ModifyRtentry(unsigned long op, struct rtentry* route);
243
Garrick Evansf0ab7132019-06-18 14:50:42 +0900[diff] [blame]244 DISALLOW_COPY_AND_ASSIGN(Datapath);
245};
246
Garrick Evans3388a032020-03-24 11:25:55 +0900[diff] [blame]247} // namespace patchpanel
Garrick Evansf0ab7132019-06-18 14:50:42 +0900[diff] [blame]248
Garrick Evans3388a032020-03-24 11:25:55 +0900[diff] [blame]249#endif // PATCHPANEL_DATAPATH_H_