/* * Copyright (C) 2000-2011, Parallels, Inc. All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include "types.h" #include "net.h" #include "vzerror.h" #include "logger.h" #include "list.h" #include "dist.h" #include "exec.h" #include "env.h" #include "script.h" #include "util.h" #include "vps_configure.h" char *find_ip(list_head_t *ip_h, const char *ipaddr) { ip_param *ip; char *slash, *ip_slash, *ip_only; int len; if (list_empty(ip_h)) return NULL; slash = strchr(ipaddr, '/'); if (slash) { len = slash - ipaddr + 1; ip_slash = strndupa(ipaddr, len); ip_only = strndupa(ipaddr, len - 1); } else { ip_only = NULL; len = asprintf(&ip_slash, "%s/", ipaddr); } list_for_each(ip, ip_h, list) { /* Match complete IP or IP/mask string */ if (!strcmp(ip->val, ipaddr)) return ip->val; /* Match only IP */ if ((ip_only != NULL) && (!strcmp(ip->val, ip_only))) return ip->val; /* Match IP/ (same IP, different mask) */ if (!strncmp(ip->val, ip_slash, len)) return ip->val; } return NULL; } int merge_ip_list(int delall, list_head_t *old, list_head_t *add, list_head_t *del, list_head_t *merged) { return __merge_str_list(delall, old, add, del, merged, find_ip); } static int ip_ctl(vps_handler *h, envid_t veid, int op, char *str) { const char *ip, *mask; mask = strchr(str, '/'); if (mask) { ip = strndupa(str, mask - str); mask++; } else { ip = str; } return h->ip_ctl(h, veid, op, ip); } int run_net_script(envid_t veid, int op, list_head_t *ip_h, int state, int skip_arpdetect) { char *argv[3]; char *envp[10]; char *script; int ret; char buf[STR_SIZE]; int i = 0; char *skip_str = "SKIP_ARPDETECT=yes"; if (list_empty(ip_h)) return 0; snprintf(buf, sizeof(buf), "VEID=%d", veid); envp[i++] = strdup(buf); snprintf(buf, sizeof(buf), "VE_STATE=%s", state2str(state)); envp[i++] = strdup(buf); envp[i++] = list2str("IP_ADDR", ip_h); envp[i++] = strdup(ENV_PATH); if (skip_arpdetect) envp[i++] = strdup(skip_str); envp[i] = NULL; switch (op) { case ADD: script = VPS_NET_ADD; break; case DEL: script = VPS_NET_DEL; break; default: return 0; } argv[0] = script; argv[1] = NULL; ret = run_script(script, argv, envp, 0); free_arg(envp); return ret; } static inline int invert_ip_op(int op) { if (op == VE_IP_ADD) return VE_IP_DEL; else return VE_IP_ADD; } static int vps_ip_ctl(vps_handler *h, envid_t veid, int op, list_head_t *ip_h, int rollback) { int ret = 0; ip_param *ip; int inv_op; list_for_each(ip, ip_h, list) { if ((ret = ip_ctl(h, veid, op, ip->val))) break; } if (ret && rollback) { /* restore original ip state op of error */ inv_op = invert_ip_op(op); list_for_each_prev(ip, ip_h, list) { ip_ctl(h, veid, inv_op, ip->val); } } return ret; } static int vps_add_ip(vps_handler *h, envid_t veid, net_param *net, int state) { char *str; int ret; list_head_t *ip_h = &net->ip; if ((str = list2str(NULL, ip_h)) != NULL) { if (str[0] != '\0') logger(0, 0, "Adding IP address(es): %s", str); free(str); } if ((ret = vps_ip_ctl(h, veid, VE_IP_ADD, ip_h, 1))) return ret; if ((ret = run_net_script(veid, ADD, ip_h, state, net->skip_arpdetect))) vps_ip_ctl(h, veid, VE_IP_DEL, ip_h, 0); return ret; } static int vps_del_ip(vps_handler *h, envid_t veid, net_param *net, int state) { char *str; int ret; list_head_t *ip_h = &net->ip; if (net->delall) /* Add existing VE IPs to the list */ if (get_vps_ip(h, veid, ip_h) < 0) return VZ_GET_IP_ERROR; str = list2str(NULL, ip_h); if ((str != NULL) || (net->delall)) { logger(0, 0, "Deleting %sIP address(es): %s", (net->delall) ? "all " : "", str ? str : ""); free(str); } if ((ret = vps_ip_ctl(h, veid, VE_IP_DEL, ip_h, 1))) return ret; run_net_script(veid, DEL, ip_h, state, net->skip_arpdetect); return ret; } static int set_netdev(vps_handler *h, envid_t veid, int cmd, net_param *net) { int ret = 0; list_head_t *dev_h = &net->dev; net_dev_param *dev; if (list_empty(dev_h)) return 0; list_for_each(dev, dev_h, list) { if ((ret = h->netdev_ctl(h, veid, cmd, dev->val))) { logger(-1, errno, "Unable to %s netdev %s", (cmd == VE_NETDEV_ADD ) ? "add": "del", dev->val); break; } } return ret; } int vps_set_netdev(vps_handler *h, envid_t veid, ub_param *ub, net_param *net_add, net_param *net_del) { int ret, pid, pid1, status; if (list_empty(&net_add->dev) && list_empty(&net_del->dev)) return 0; if (!vps_is_run(h, veid)) { logger(-1, 0, "Unable to setup network devices: " "container is not running"); return VZ_VE_NOT_RUNNING; } if ((ret = set_netdev(h, veid, VE_NETDEV_DEL, net_del))) return ret; /* Adding device(s) to CT should be done under setluid() */ if ((pid1 = fork()) < 0) { logger(-1, errno, "Can't fork"); return VZ_RESOURCE_ERROR; } else if (pid1 == 0) { if ((ret = h->setcontext(veid))) exit(ret); exit(set_netdev(h, veid, VE_NETDEV_ADD, net_add)); } while ((pid = waitpid(pid1, &status, 0)) == -1) if (errno != EINTR) { logger(-1, errno, "Error in waitpid()"); break; } ret = VZ_SYSTEM_ERROR; if (pid == pid1) { if (WIFEXITED(status)) ret = WEXITSTATUS(status); else if (WIFSIGNALED(status)) logger(-1, 0, "Got signal %d", WTERMSIG(status)); } else if (pid < 0) logger(-1, errno, "Error in waitpid()"); return ret; } static int remove_ipv6_addr(net_param *net) { list_head_t *head = &net->ip; ip_param *ip, *tmp; int cnt; cnt = 0; list_for_each_safe(ip, tmp, head, list) { if (get_addr_family(ip->val) == AF_INET6) { free(ip->val); list_del(&ip->list); free(ip); cnt++; } } return cnt; } int vps_net_ctl(vps_handler *h, envid_t veid, int op, net_param *net, dist_actions *actions, const char *root, int state, int skip) { int ret = 0; if (list_empty(&net->ip) && /* Skip if no IPs in list, */ /* except for these cases: * (1) starting, do always run ADD */ !(state == STATE_STARTING && op == ADD) && /* (2) deleting all, do delete */ !(op == DEL && net->delall)) return 0; if (!vps_is_run(h, veid)) { logger(-1, 0, "Unable to apply network parameters: " "container is not running"); return VZ_VE_NOT_RUNNING; } if (net->ipv6_net != YES) { if (remove_ipv6_addr(net)) logger(0, 0, "WARNING: IPv6 support is disabled"); } if (op == ADD) { ret = vps_add_ip(h, veid, net, state); } else if (op == DEL) { ret = vps_del_ip(h, veid, net, state); } if (!ret && !(skip & SKIP_CONFIGURE)) vps_ip_configure(h, veid, actions, root, op, net, state); return ret; } #define PROC_VEINFO "/proc/vz/veinfo" static int get_vps_ip_proc(envid_t veid, list_head_t *ip_h) { FILE *fd; char str[16384]; char data[16]; char *token; int id, cnt = 0; if ((fd = fopen(PROC_VEINFO, "r")) == NULL) { logger(-1, errno, "Unable to open %s", PROC_VEINFO); return -1; } while (!feof(fd)) { if (fgets(str, sizeof(str), fd) == NULL) break; token = strtok(str, " "); if (token == NULL) continue; if (parse_int(token, &id)) continue; if (veid != (envid_t)id) continue; if ((token = strtok(NULL, " ")) != NULL) token = strtok(NULL, " "); if (token == NULL) break; while ((token = strtok(NULL, " \t\n")) != NULL) { /* Canonicalize IPv6 addresses */ if ((get_addr_family(token) == AF_INET6) && inet_pton(AF_INET6, token, data) > 0 && !inet_ntop(AF_INET6, data, token, strlen(token)+1)) break; if (add_str_param(ip_h, token)) { free_str_param(ip_h); cnt = -1; break; } cnt++; } break; } fclose(fd); return cnt; } #if HAVE_VZLIST_IOCTL #ifndef NIPQUAD #define NIPQUAD(addr) \ ((unsigned char *)&addr)[0], \ ((unsigned char *)&addr)[1], \ ((unsigned char *)&addr)[2], \ ((unsigned char *)&addr)[3] #endif static int get_vps_ip_ioctl(vps_handler *h, envid_t veid, list_head_t *ip_h) { int ret = -1; struct vzlist_veipv4ctl veip; uint32_t *addr, *tmp; char buf[64]; int i; veip.veid = veid; veip.num = 256; addr = malloc(veip.num * sizeof(*veip.ip)); if (addr == NULL) return -1; for (;;) { veip.ip = addr; ret = ioctl(h->vzfd, VZCTL_GET_VEIPS, &veip); if (ret < 0) goto out; else if (ret <= veip.num) break; veip.num = ret; tmp = realloc(addr, veip.num * sizeof(*veip.ip)); if (tmp == NULL) { ret = -1; goto out; } addr = tmp; } if (ret > 0) { for (i = ret - 1; i >= 0; i--) { snprintf(buf, sizeof(buf), "%d.%d.%d.%d", NIPQUAD(addr[i])); if ((ret = add_str_param(ip_h, buf))) break; } } out: free(addr); return ret; } int get_vps_ip(vps_handler *h, envid_t veid, list_head_t *ip_h) { int ret; ret = get_vps_ip_ioctl(h, veid, ip_h); if (ret < 0) ret = get_vps_ip_proc(veid, ip_h); if (ret < 0) free_str_param(ip_h); return ret; } #else int get_vps_ip(vps_handler *h, envid_t veid, list_head_t *ip_h) { int ret; if ((ret = get_vps_ip_proc(veid, ip_h)) < 0) free_str_param(ip_h); return ret; } #endif