From c08448e5a29385b324a5f3ac603080d28647ea5c Mon Sep 17 00:00:00 2001

Message-Id: <c08448e5a29385b324a5f3ac603080d28647ea5c@dist-git>

From: Laine Stump <laine@laine.org>

Date: Mon, 15 Dec 2014 10:51:26 -0500

Subject: [PATCH] util: functions to manage bridge fdb (forwarding database)

This is part of the fix for:

  https://bugzilla.redhat.com/show_bug.cgi?id=1099210

These two functions use netlink RTM_NEWNEIGH and RTM_DELNEIGH messages

to add and delete entries from a bridge's fdb. The bridge itself is

not referenced in the arguments to the functions, only the name of the

device that is attached to the bridge (since a device can only be

attached to one bridge at a time, and must be attached for this

function to make sense, the kernel easily infers which bridge's fdb is

being modified by looking at the device name/index).

(cherry picked from commit 19a5474d04a497dd12928b694c4c3ab9621c9552)

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>

---

 src/libvirt_private.syms   |   2 +

 src/util/virnetdevbridge.c | 147 +++++++++++++++++++++++++++++++++++++++++++++

 src/util/virnetdevbridge.h |  16 +++++

 3 files changed, 165 insertions(+)

diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms

index 2b7526a..ec795aa 100644

--- a/src/libvirt_private.syms

+++ b/src/libvirt_private.syms

@@ -1630,6 +1630,8 @@ virNetDevBandwidthUpdateRate;

 virNetDevBridgeAddPort;

 virNetDevBridgeCreate;

 virNetDevBridgeDelete;

+virNetDevBridgeFDBAdd;

+virNetDevBridgeFDBDel;

 virNetDevBridgeGetSTP;

 virNetDevBridgeGetSTPDelay;

 virNetDevBridgeGetVlanFiltering;

diff --git a/src/util/virnetdevbridge.c b/src/util/virnetdevbridge.c

index 1f3f221..5f31343 100644

--- a/src/util/virnetdevbridge.c

+++ b/src/util/virnetdevbridge.c

@@ -37,6 +37,9 @@

 #include <netinet/in.h>

 #ifdef __linux__

+# if defined(HAVE_LIBNL)

+#  include "virnetlink.h"

+# endif

 # include <linux/sockios.h>

 # include <linux/param.h>     /* HZ                 */

 # if NETINET_LINUX_WORKAROUND

@@ -914,3 +917,147 @@ virNetDevBridgeSetVlanFiltering(const char *brname ATTRIBUTE_UNUSED,

     return -1;

 }

 #endif

+

+

+#if defined(__linux__) && defined(HAVE_LIBNL)

+/* virNetDevBridgeFDBAddDel:

+ * @mac: the MAC address being added to the table

+ * @ifname: name of the port (interface) of the bridge that wants this MAC

+ * @flags: any of virNetDevBridgeFDBFlags ORed together.

+ * @isAdd: true if adding the entry, fals if deleting

+ *

+ * Use netlink RTM_NEWNEIGH and RTM_DELNEIGH messages to add and

+ * delete entries from a bridge's fdb. The bridge itself is not

+ * referenced in the arguments to the function, only the name of the

+ * device that is attached to the bridge (since a device can only be

+ * attached to one bridge at a time, and must be attached for this

+ * function to make sense, the kernel easily infers which bridge's fdb

+ * is being modified by looking at the device name/index).

+ *

+ * Attempting to add an existing entry, or delete a non-existing entry

+ * *is* an error.

+ *

+ * returns 0 on success, -1 on failure.

+ */

+static int

+virNetDevBridgeFDBAddDel(const virMacAddr *mac, const char *ifname,

+                         unsigned int flags, bool isAdd)

+{

+    int ret = -1;

+    struct nlmsghdr *resp = NULL;

+    struct nlmsgerr *err;

+    unsigned int recvbuflen;

+    struct nl_msg *nl_msg;

+    struct ndmsg ndm = { .ndm_family = PF_BRIDGE, .ndm_state = NUD_NOARP };

+

+    if (virNetDevGetIndex(ifname, &ndm.ndm_ifindex) < 0)

+        return -1;

+

+    if (flags & VIR_NETDEVBRIDGE_FDB_FLAG_ROUTER)

+        ndm.ndm_flags |= NTF_ROUTER;

+    if (flags & VIR_NETDEVBRIDGE_FDB_FLAG_SELF)

+        ndm.ndm_flags |= NTF_SELF;

+    if (flags & VIR_NETDEVBRIDGE_FDB_FLAG_MASTER)

+        ndm.ndm_flags |= NTF_MASTER;

+    /* default self (same as iproute2's bridge command */

+    if (!(ndm.ndm_flags & (NTF_MASTER | NTF_SELF)))

+        ndm.ndm_flags |= NTF_SELF;

+

+    if (flags & VIR_NETDEVBRIDGE_FDB_FLAG_PERMANENT)

+        ndm.ndm_state |= NUD_PERMANENT;

+    if (flags & VIR_NETDEVBRIDGE_FDB_FLAG_TEMP)

+        ndm.ndm_state |= NUD_REACHABLE;

+    /* default permanent, same as iproute2's bridge command */

+    if (!(ndm.ndm_state & (NUD_PERMANENT | NUD_REACHABLE)))

+        ndm.ndm_state |= NUD_PERMANENT;

+

+    nl_msg = nlmsg_alloc_simple(isAdd ? RTM_NEWNEIGH : RTM_DELNEIGH,

+                                NLM_F_REQUEST |

+                                (isAdd ? (NLM_F_CREATE | NLM_F_EXCL) : 0));

+    if (!nl_msg) {

+        virReportOOMError();

+        return -1;

+    }

+

+    if (nlmsg_append(nl_msg, &ndm, sizeof(ndm), NLMSG_ALIGNTO) < 0)

+        goto buffer_too_small;

+    if (nla_put(nl_msg, NDA_LLADDR, VIR_MAC_BUFLEN, mac) < 0)

+        goto buffer_too_small;

+

+    /* NB: this message can also accept a Destination IP, a port, a

+     * vlan tag, and a via (see iproute2/bridge/fdb.c:fdb_modify()),

+     * but those aren't required for our application

+     */

+

+    if (virNetlinkCommand(nl_msg, &resp, &recvbuflen, 0, 0,

+                          NETLINK_ROUTE, 0) < 0) {

+        goto cleanup;

+    }

+    if (recvbuflen < NLMSG_LENGTH(0) || resp == NULL)

+        goto malformed_resp;

+

+    switch (resp->nlmsg_type) {

+    case NLMSG_ERROR:

+        err = (struct nlmsgerr *)NLMSG_DATA(resp);

+        if (resp->nlmsg_len < NLMSG_LENGTH(sizeof(*err)))

+            goto malformed_resp;

+        if (err->error) {

+            virReportSystemError(-err->error,

+                                 _("error adding fdb entry for %s"), ifname);

+            goto cleanup;

+        }

+        break;

+    case NLMSG_DONE:

+        break;

+

+    default:

+        goto malformed_resp;

+    }

+

+    ret = 0;

+ cleanup:

+    nlmsg_free(nl_msg);

+    VIR_FREE(resp);

+    return ret;

+

+ malformed_resp:

+    virReportError(VIR_ERR_INTERNAL_ERROR, "%s",

+                   _("malformed netlink response message"));

+    goto cleanup;

+

+ buffer_too_small:

+    virReportError(VIR_ERR_INTERNAL_ERROR, "%s",

+                   _("allocated netlink buffer is too small"));

+    goto cleanup;

+}

+

+

+#else

+static int

+virNetDevBridgeFDBAddDel(const virMacAddr *mac ATTRIBUTE_UNUSED,

+                         const char *ifname ATTRIBUTE_UNUSED,

+                         unsigned int fdbFlags ATTRIBUTE_UNUSED,

+                         bool isAdd ATTRIBUTE_UNUSED)

+{

+    virReportSystemError(ENOSYS, "%s",

+                         _("Unable to add/delete fdb entries on this platform"));

+    return -1;

+}

+

+

+#endif

+

+int

+virNetDevBridgeFDBAdd(const virMacAddr *mac, const char *ifname,

+                      unsigned int flags)

+{

+    return virNetDevBridgeFDBAddDel(mac, ifname, flags, true);

+}

+

+

+int

+virNetDevBridgeFDBDel(const virMacAddr *mac, const char *ifname,

+                      unsigned int flags)

+{

+    return virNetDevBridgeFDBAddDel(mac, ifname, flags, false);

+}

diff --git a/src/util/virnetdevbridge.h b/src/util/virnetdevbridge.h

index 8188a2f..141f231 100644

--- a/src/util/virnetdevbridge.h

+++ b/src/util/virnetdevbridge.h

@@ -24,6 +24,7 @@

 # define __VIR_NETDEV_BRIDGE_H__

 # include "internal.h"

+# include "virmacaddr.h"

 int virNetDevBridgeCreate(const char *brname)

     ATTRIBUTE_NONNULL(1) ATTRIBUTE_RETURN_CHECK;

@@ -77,4 +78,19 @@ int virNetDevBridgePortSetUnicastFlood(const char *brname,

                                        bool enable)

     ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_RETURN_CHECK;

+typedef enum {

+    VIR_NETDEVBRIDGE_FDB_FLAG_ROUTER    = (1 << 0),

+    VIR_NETDEVBRIDGE_FDB_FLAG_SELF      = (1 << 1),

+    VIR_NETDEVBRIDGE_FDB_FLAG_MASTER    = (1 << 2),

+

+    VIR_NETDEVBRIDGE_FDB_FLAG_PERMANENT = (1 << 3),

+    VIR_NETDEVBRIDGE_FDB_FLAG_TEMP      = (1 << 4),

+} virNetDevBridgeFDBFlags;

+

+int virNetDevBridgeFDBAdd(const virMacAddr *mac, const char *ifname,

+                          unsigned int flags)

+    ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_RETURN_CHECK;

+int virNetDevBridgeFDBDel(const virMacAddr *mac, const char *ifname,

+                          unsigned int flags)

+    ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_RETURN_CHECK;

 #endif /* __VIR_NETDEV_BRIDGE_H__ */

-- 

2.2.0