shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2025-02-06 01:57:47 +03:00
Code

Merge pull request #23576 from yuwata/network-erspan-version

Browse Source 
network: support erspan version 0 and 2
This commit is contained in:
Zbigniew Jędrzejewski-Szmek 2022-06-02 16:58:55 +02:00 committed by GitHub
commit 6a9f3cef8c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
12 changed files with 379 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
man/systemd.netdev.xml
View File

@ -1369,12 +1369,34 @@
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>ERSPANVersion=</varname></term>
<listitem>
<para>Specifies the ERSPAN version number. Takes 0 for version 0 (a.k.a. type I), 1 for version 1
(a.k.a. type II), or 2 for version 2 (a.k.a. type III). Defaults to 1.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>ERSPANIndex=</varname></term>
<listitem>
<para>Specifies the ERSPAN index field for the interface, an integer in the range 1…1048575 associated with
the ERSPAN traffic's source port and direction. This field is mandatory.
</para>
<para>Specifies the ERSPAN v1 index field for the interface. Takes an integer in the range
0…1048575, which is associated with the ERSPAN traffic's source port and direction. Only used when
<varname>ERSPANVersion=1</varname>. Defaults to 0.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>ERSPANDirection=</varname></term>
<listitem>
<para>Specifies the ERSPAN v2 mirrored traffic's direction. Takes <literal>ingress</literal> or
<literal>egress</literal>. Only used when <varname>ERSPANVersion=2</varname>. Defaults to
<literal>ingress</literal>.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>ERSPANHardwareId=</varname></term>
<listitem>
<para>Specifies an unique identifier of the ERSPAN v2 engine. Takes an integer in the range 0…63.
Only used when <varname>ERSPANVersion=2</varname>. Defaults to 0.</para>
</listitem>
</varlistentry>
</variablelist>

5
src/network/netdev/netdev-gperf.gperf
View File

@ -89,7 +89,10 @@ Tunnel.FOUDestinationPort, config_parse_ip_port,
Tunnel.FOUSourcePort, config_parse_ip_port, 0, offsetof(Tunnel, encap_src_port)
Tunnel.Encapsulation, config_parse_fou_encap_type, 0, offsetof(Tunnel, fou_encap_type)
Tunnel.IPv6RapidDeploymentPrefix, config_parse_6rd_prefix, 0, 0
Tunnel.ERSPANIndex, config_parse_uint32, 0, offsetof(Tunnel, erspan_index)
Tunnel.ERSPANVersion, config_parse_erspan_version, 0, offsetof(Tunnel, erspan_version)
Tunnel.ERSPANIndex, config_parse_erspan_index, 0, offsetof(Tunnel, erspan_index)
Tunnel.ERSPANDirection, config_parse_erspan_direction, 0, offsetof(Tunnel, erspan_direction)
Tunnel.ERSPANHardwareId, config_parse_erspan_hwid, 0, offsetof(Tunnel, erspan_hwid)
Tunnel.SerializeTunneledPackets, config_parse_tristate, 0, offsetof(Tunnel, gre_erspan_sequence)
Tunnel.ISATAP, config_parse_tristate, 0, offsetof(Tunnel, isatap)
Tunnel.External, config_parse_bool, 0, offsetof(Tunnel, external)

170
src/network/netdev/tunnel.c
View File

@ -335,9 +335,24 @@ static int netdev_gre_erspan_fill_message_create(NetDev *netdev, Link *link, sd_
}
if (netdev->kind == NETDEV_KIND_ERSPAN) {
r = sd_netlink_message_append_u32(m, IFLA_GRE_ERSPAN_INDEX, t->erspan_index);
r = sd_netlink_message_append_u8(m, IFLA_GRE_ERSPAN_VER, t->erspan_version);
if (r < 0)
return r;
if (t->erspan_version == 1) {
r = sd_netlink_message_append_u32(m, IFLA_GRE_ERSPAN_INDEX, t->erspan_index);
if (r < 0)
return r;
} else if (t->erspan_version == 2) {
r = sd_netlink_message_append_u8(m, IFLA_GRE_ERSPAN_DIR, t->erspan_direction);
if (r < 0)
return r;
r = sd_netlink_message_append_u16(m, IFLA_GRE_ERSPAN_HWID, t->erspan_hwid);
if (r < 0)
return r;
}
}
r = tunnel_get_local_address(t, link, &local);
@ -720,9 +735,6 @@ static int netdev_tunnel_verify(NetDev *netdev, const char *filename) {
return log_netdev_error_errno(netdev, SYNTHETIC_ERRNO(EINVAL),
"FooOverUDP missing port configured in %s. Ignoring", filename);
if (netdev->kind == NETDEV_KIND_ERSPAN && (t->erspan_index >= (1 << 20) || t->erspan_index == 0))
return log_netdev_error_errno(netdev, SYNTHETIC_ERRNO(EINVAL), "Invalid erspan index %d. Ignoring", t->erspan_index);
/* netlink_message_append_in_addr_union() is used for vti/vti6. So, t->family cannot be AF_UNSPEC. */
if (netdev->kind == NETDEV_KIND_VTI)
t->family = AF_INET;
@ -1021,6 +1033,155 @@ int config_parse_6rd_prefix(
return 0;
}
int config_parse_erspan_version(
const char* unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
uint8_t n, *v = ASSERT_PTR(data);
int r;
assert(filename);
assert(lvalue);
assert(rvalue);
if (isempty(rvalue)) {
*v = 1; /* defaults to 1 */
return 0;
}
r = safe_atou8(rvalue, &n);
if (r < 0) {
log_syntax(unit, LOG_WARNING, filename, line, r,
"Failed to parse erspan version \"%s\", ignoring: %m", rvalue);
return 0;
}
if (!IN_SET(n, 0, 1, 2)) {
log_syntax(unit, LOG_WARNING, filename, line, 0,
"Invalid erspan version \"%s\", which must be 0, 1 or 2, ignoring.", rvalue);
return 0;
}
*v = n;
return 0;
}
int config_parse_erspan_index(
const char* unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
uint32_t n, *v = ASSERT_PTR(data);
int r;
assert(filename);
assert(lvalue);
assert(rvalue);
if (isempty(rvalue)) {
*v = 0; /* defaults to 0 */
return 0;
}
r = safe_atou32(rvalue, &n);
if (r < 0) {
log_syntax(unit, LOG_WARNING, filename, line, r,
"Failed to parse erspan index \"%s\", ignoring: %m", rvalue);
return 0;
}
if (n >= 0x100000) {
log_syntax(unit, LOG_WARNING, filename, line, 0,
"Invalid erspan index \"%s\", which must be less than 0x100000, ignoring.", rvalue);
return 0;
}
*v = n;
return 0;
}
int config_parse_erspan_direction(
const char* unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
uint8_t *v = ASSERT_PTR(data);
assert(filename);
assert(lvalue);
assert(rvalue);
if (isempty(rvalue) || streq(rvalue, "ingress"))
*v = 0; /* defaults to ingress */
else if (streq(rvalue, "egress"))
*v = 1;
else
log_syntax(unit, LOG_WARNING, filename, line, 0,
"Invalid erspan direction \"%s\", which must be \"ingress\" or \"egress\", ignoring.", rvalue);
return 0;
}
int config_parse_erspan_hwid(
const char* unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
uint16_t n, *v = ASSERT_PTR(data);
int r;
assert(filename);
assert(lvalue);
assert(rvalue);
if (isempty(rvalue)) {
*v = 0; /* defaults to 0 */
return 0;
}
r = safe_atou16(rvalue, &n);
if (r < 0) {
log_syntax(unit, LOG_WARNING, filename, line, r,
"Failed to parse erspan hwid \"%s\", ignoring: %m", rvalue);
return 0;
}
if (n >= 64) {
log_syntax(unit, LOG_WARNING, filename, line, 0,
"Invalid erspan index \"%s\", which must be less than 64, ignoring.", rvalue);
return 0;
}
*v = n;
return 0;
}
static void netdev_tunnel_init(NetDev *netdev) {
Tunnel *t;
@ -1039,6 +1200,7 @@ static void netdev_tunnel_init(NetDev *netdev) {
t->ip6tnl_mode = _NETDEV_IP6_TNL_MODE_INVALID;
t->ipv6_flowlabel = _NETDEV_IPV6_FLOWLABEL_INVALID;
t->allow_localremote = -1;
t->erspan_version = 1;
if (IN_SET(netdev->kind, NETDEV_KIND_IP6GRE, NETDEV_KIND_IP6GRETAP, NETDEV_KIND_IP6TNL))
t->ttl = DEFAULT_IPV6_TTL;

10
src/network/netdev/tunnel.h
View File

@ -41,7 +41,11 @@ typedef struct Tunnel {
uint32_t key;
uint32_t ikey;
uint32_t okey;
uint32_t erspan_index;
uint8_t erspan_version;
uint32_t erspan_index; /* version 1 */
uint8_t erspan_direction; /* version 2 */
uint16_t erspan_hwid; /* version 2 */
NetDevLocalAddressType local_type;
union in_addr_union local;
@ -128,3 +132,7 @@ CONFIG_PARSER_PROTOTYPE(config_parse_ipv6_flowlabel);
CONFIG_PARSER_PROTOTYPE(config_parse_encap_limit);
CONFIG_PARSER_PROTOTYPE(config_parse_tunnel_key);
CONFIG_PARSER_PROTOTYPE(config_parse_6rd_prefix);
CONFIG_PARSER_PROTOTYPE(config_parse_erspan_version);
CONFIG_PARSER_PROTOTYPE(config_parse_erspan_index);
CONFIG_PARSER_PROTOTYPE(config_parse_erspan_direction);
CONFIG_PARSER_PROTOTYPE(config_parse_erspan_hwid);

3
test/fuzz/fuzz-netdev-parser/directives.netdev
View File

@ -92,7 +92,10 @@ EncapsulationLimit=
TTL=
FOUSourcePort=
IPv6RapidDeploymentPrefix=
ERSPANVersion=
ERSPANIndex=
ERSPANDirection=
ERSPANHardwareId=
SerializeTunneledPackets=
ISATAP=
External=

15
test/test-network/conf/25-erspan0-tunnel-local-any.netdev Normal file
View File

@ -0,0 +1,15 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
[NetDev]
Name=erspan98
Kind=erspan
[Tunnel]
ERSPANVersion=0
# The three settings below will be ignored
ERSPANIndex=124
ERSPANDirection=egress
ERSPANHardwareId=0x2f
Local = any
Remote = 172.16.1.100
Key=102
SerializeTunneledPackets=true

15
test/test-network/conf/25-erspan0-tunnel.netdev Normal file
View File

@ -0,0 +1,15 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
[NetDev]
Name=erspan99
Kind=erspan
[Tunnel]
ERSPANVersion=0
# The three settings below will be ignored
ERSPANIndex=123
ERSPANDirection=ingress
ERSPANHardwareId=0x1f
Local = 172.16.1.200
Remote = 172.16.1.100
Key=101
SerializeTunneledPackets=true

15
test/test-network/conf/25-erspan1-tunnel-local-any.netdev Normal file
View File

@ -0,0 +1,15 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
[NetDev]
Name=erspan98
Kind=erspan
[Tunnel]
ERSPANVersion=1
ERSPANIndex=124
# The two settings below will be ignored
ERSPANDirection=egress
ERSPANHardwareId=0x2f
Local = any
Remote = 172.16.1.100
Key=102
SerializeTunneledPackets=true

15
test/test-network/conf/25-erspan1-tunnel.netdev Normal file
View File

@ -0,0 +1,15 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
[NetDev]
Name=erspan99
Kind=erspan
[Tunnel]
ERSPANVersion=1
ERSPANIndex=123
# The two settings below will be ignored
ERSPANDirection=ingress
ERSPANHardwareId=0x1f
Local = 172.16.1.200
Remote = 172.16.1.100
Key=101
SerializeTunneledPackets=true

4
test/test-network/conf/25-erspan-tunnel-local-any.netdev → test/test-network/conf/25-erspan2-tunnel-local-any.netdev
View File

@ -4,7 +4,11 @@ Name=erspan98
Kind=erspan
[Tunnel]
ERSPANVersion=2
# ERSPANIndex= will be ignored
ERSPANIndex=124
ERSPANDirection=egress
ERSPANHardwareId=0x2f
Local = any
Remote = 172.16.1.100
Key=102

4
test/test-network/conf/25-erspan-tunnel.netdev → test/test-network/conf/25-erspan2-tunnel.netdev
View File

@ -4,7 +4,11 @@ Name=erspan99
Kind=erspan
[Tunnel]
ERSPANVersion=2
# ERSPANIndex= will be ignored
ERSPANIndex=123
ERSPANDirection=ingress
ERSPANHardwareId=0x1f
Local = 172.16.1.200
Remote = 172.16.1.100
Key=101

125
test/test-network/systemd-networkd-tests.py
View File

@ -85,9 +85,22 @@ def expectedFailureIfModuleIsNotAvailable(module_name):
return f
def expectedFailureIfERSPANModuleIsNotAvailable():
def expectedFailureIfERSPANv0IsNotSupported():
# erspan version 0 is supported since f989d546a2d5a9f001f6f8be49d98c10ab9b1897 (v5.8)
def f(func):
rc = call('ip link add dev erspan99 type erspan seq key 30 local 192.168.1.4 remote 192.168.1.1 erspan_ver 1 erspan 123', stderr=subprocess.DEVNULL)
rc = call('ip link add dev erspan99 type erspan seq key 30 local 192.168.1.4 remote 192.168.1.1 erspan_ver 0', stderr=subprocess.DEVNULL)
if rc == 0:
call('ip link del erspan99')
return func
return unittest.expectedFailure(func)
return f
def expectedFailureIfERSPANv2IsNotSupported():
# erspan version 2 is supported since f551c91de262ba36b20c3ac19538afb4f4507441 (v4.16)
def f(func):
rc = call('ip link add dev erspan99 type erspan seq key 30 local 192.168.1.4 remote 192.168.1.1 erspan_ver 2', stderr=subprocess.DEVNULL)
if rc == 0:
call('ip link del erspan99')
return func
@ -686,8 +699,10 @@ class Utilities():
check_output(*args, env=env)
except subprocess.CalledProcessError:
for link in links_with_operstate:
output = check_output(*networkctl_cmd, '-n', '0', 'status', link.split(':')[0], env=env)
print(output)
name = link.split(':')[0]
if link_exists(name):
output = check_output(*networkctl_cmd, '-n', '0', 'status', name, env=env)
print(output)
raise
if not bool_any and setup_state:
for link in links_with_operstate:
@ -993,8 +1008,12 @@ class NetworkdNetDevTests(unittest.TestCase, Utilities):
'25-bridge.netdev',
'25-bridge-configure-without-carrier.network',
'25-bridge.network',
'25-erspan-tunnel-local-any.netdev',
'25-erspan-tunnel.netdev',
'25-erspan0-tunnel-local-any.netdev',
'25-erspan0-tunnel.netdev',
'25-erspan1-tunnel-local-any.netdev',
'25-erspan1-tunnel.netdev',
'25-erspan2-tunnel-local-any.netdev',
'25-erspan2-tunnel.netdev',
'25-fou-gretap.netdev',
'25-fou-gre.netdev',
'25-fou-ipip.netdev',
@ -1795,29 +1814,93 @@ class NetworkdNetDevTests(unittest.TestCase, Utilities):
print(output)
self.assertRegex(output, '6rd-prefix 2602::/24')
@expectedFailureIfERSPANModuleIsNotAvailable()
def test_erspan_tunnel(self):
@expectedFailureIfERSPANv0IsNotSupported()
def test_erspan_tunnel_v0(self):
copy_unit_to_networkd_unit_path('12-dummy.netdev', '25-erspan.network',
'25-erspan-tunnel.netdev', '25-tunnel.network',
'25-erspan-tunnel-local-any.netdev', '25-tunnel-local-any.network')
'25-erspan0-tunnel.netdev', '25-tunnel.network',
'25-erspan0-tunnel-local-any.netdev', '25-tunnel-local-any.network')
start_networkd()
self.wait_online(['erspan99:routable', 'erspan98:routable', 'dummy98:degraded'])
output = check_output('ip -d link show erspan99')
print(output)
self.assertRegex(output, 'erspan remote 172.16.1.100 local 172.16.1.200')
self.assertRegex(output, 'ikey 0.0.0.101')
self.assertRegex(output, 'okey 0.0.0.101')
self.assertRegex(output, 'iseq')
self.assertRegex(output, 'oseq')
self.assertIn('erspan remote 172.16.1.100 local 172.16.1.200', output)
self.assertIn('erspan_ver 0', output)
self.assertNotIn('erspan_index 123', output)
self.assertNotIn('erspan_dir ingress', output)
self.assertNotIn('erspan_hwid 1f', output)
self.assertIn('ikey 0.0.0.101', output)
self.assertIn('iseq', output)
output = check_output('ip -d link show erspan98')
print(output)
self.assertRegex(output, 'erspan remote 172.16.1.100 local any')
self.assertRegex(output, '102')
self.assertRegex(output, 'ikey 0.0.0.102')
self.assertRegex(output, 'okey 0.0.0.102')
self.assertRegex(output, 'iseq')
self.assertRegex(output, 'oseq')
self.assertIn('erspan remote 172.16.1.100 local any', output)
self.assertIn('erspan_ver 0', output)
self.assertNotIn('erspan_index 124', output)
self.assertNotIn('erspan_dir egress', output)
self.assertNotIn('erspan_hwid 2f', output)
self.assertIn('ikey 0.0.0.102', output)
self.assertIn('iseq', output)
def test_erspan_tunnel_v1(self):
copy_unit_to_networkd_unit_path('12-dummy.netdev', '25-erspan.network',
'25-erspan1-tunnel.netdev', '25-tunnel.network',
'25-erspan1-tunnel-local-any.netdev', '25-tunnel-local-any.network')
start_networkd()
self.wait_online(['erspan99:routable', 'erspan98:routable', 'dummy98:degraded'])
output = check_output('ip -d link show erspan99')
print(output)
self.assertIn('erspan remote 172.16.1.100 local 172.16.1.200', output)
self.assertIn('erspan_ver 1', output)
self.assertIn('erspan_index 123', output)
self.assertNotIn('erspan_dir ingress', output)
self.assertNotIn('erspan_hwid 1f', output)
self.assertIn('ikey 0.0.0.101', output)
self.assertIn('okey 0.0.0.101', output)
self.assertIn('iseq', output)
self.assertIn('oseq', output)
output = check_output('ip -d link show erspan98')
print(output)
self.assertIn('erspan remote 172.16.1.100 local any', output)
self.assertIn('erspan_ver 1', output)
self.assertIn('erspan_index 124', output)
self.assertNotIn('erspan_dir egress', output)
self.assertNotIn('erspan_hwid 2f', output)
self.assertIn('ikey 0.0.0.102', output)
self.assertIn('okey 0.0.0.102', output)
self.assertIn('iseq', output)
self.assertIn('oseq', output)
@expectedFailureIfERSPANv2IsNotSupported()
def test_erspan_tunnel_v2(self):
copy_unit_to_networkd_unit_path('12-dummy.netdev', '25-erspan.network',
'25-erspan2-tunnel.netdev', '25-tunnel.network',
'25-erspan2-tunnel-local-any.netdev', '25-tunnel-local-any.network')
start_networkd()
self.wait_online(['erspan99:routable', 'erspan98:routable', 'dummy98:degraded'])
output = check_output('ip -d link show erspan99')
print(output)
self.assertIn('erspan remote 172.16.1.100 local 172.16.1.200', output)
self.assertIn('erspan_ver 2', output)
self.assertNotIn('erspan_index 123', output)
self.assertIn('erspan_dir ingress', output)
self.assertIn('erspan_hwid 0x1f', output)
self.assertIn('ikey 0.0.0.101', output)
self.assertIn('okey 0.0.0.101', output)
self.assertIn('iseq', output)
self.assertIn('oseq', output)
output = check_output('ip -d link show erspan98')
print(output)
self.assertIn('erspan remote 172.16.1.100 local any', output)
self.assertIn('erspan_ver 2', output)
self.assertNotIn('erspan_index 124', output)
self.assertIn('erspan_dir egress', output)
self.assertIn('erspan_hwid 0x2f', output)
self.assertIn('ikey 0.0.0.102', output)
self.assertIn('okey 0.0.0.102', output)
self.assertIn('iseq', output)
self.assertIn('oseq', output)
def test_tunnel_independent(self):
copy_unit_to_networkd_unit_path('25-ipip-tunnel-independent.netdev', '26-netdev-link-local-addressing-yes.network')