diff options
28 files changed, 182 insertions, 147 deletions
diff --git a/data/templates/accel-ppp/pppoe.config.j2 b/data/templates/accel-ppp/pppoe.config.j2 index 811c4ccc0..dd53edd28 100644 --- a/data/templates/accel-ppp/pppoe.config.j2 +++ b/data/templates/accel-ppp/pppoe.config.j2 @@ -30,6 +30,11 @@ syslog=accel-pppoe,daemon copy=1 level=5 +{% if authentication.mode is vyos_defined("noauth") %} +[auth] +noauth=1 +{% endif %} + {% if snmp.master_agent is vyos_defined %} [snmp] master=1 @@ -133,7 +138,10 @@ pado-delay={{ pado_delay_param.value }} called-sid={{ authentication.radius.called_sid_format }} {% endif %} -{% if authentication.mode is vyos_defined("local") %} +{% if authentication.mode is vyos_defined("local") or authentication.mode is vyos_defined("noauth") %} +{% if authentication.mode is vyos_defined("noauth") %} +noauth=1 +{% endif %} {% if client_ip_pool.name is vyos_defined %} {% for pool, pool_config in client_ip_pool.name.items() %} {% if pool_config.subnet is vyos_defined %} diff --git a/data/templates/chrony/override.conf.j2 b/data/templates/chrony/override.conf.j2 index 9eaea7608..0ab8f0824 100644 --- a/data/templates/chrony/override.conf.j2 +++ b/data/templates/chrony/override.conf.j2 @@ -5,6 +5,7 @@ ConditionPathExists={{ config_file }} After=vyos-router.service [Service] +User=root EnvironmentFile= ExecStart= ExecStart={{ vrf_command }}/usr/sbin/chronyd -F 1 -f {{ config_file }} @@ -13,5 +14,5 @@ PIDFile={{ config_file | replace('.conf', '.pid') }} Restart=always RestartSec=10 # Required for VRF support -ProtectControlGroups=No - +ProcSubset=all +ProtectControlGroups=no diff --git a/data/templates/dynamic-dns/ddclient.conf.j2 b/data/templates/dynamic-dns/ddclient.conf.j2 index 3c2d17cbb..c2c9b1dd6 100644 --- a/data/templates/dynamic-dns/ddclient.conf.j2 +++ b/data/templates/dynamic-dns/ddclient.conf.j2 @@ -10,7 +10,7 @@ ssl=yes {% set web_skip = ", web-skip='" ~ iface_config.use_web.skip ~ "'" if iface_config.use_web.skip is vyos_defined else '' %} use=web, web='{{ iface_config.use_web.url }}'{{ web_skip }} {% else %} -{{ 'usev6=if' if iface_config.ipv6_enable is vyos_defined else 'use=if' }}, if={{ iface }} +{{ 'usev6=ifv6' if iface_config.ipv6_enable is vyos_defined else 'use=if' }}, if={{ iface }} {% endif %} {% if iface_config.rfc2136 is vyos_defined %} diff --git a/debian/control b/debian/control index 2b940a412..fb29697d4 100644 --- a/debian/control +++ b/debian/control @@ -8,6 +8,7 @@ Build-Depends: fakeroot, gcc-multilib [amd64], clang [amd64], + iproute2, llvm [amd64], libbpf-dev [amd64], libelf-dev (>= 0.2) [amd64], @@ -45,7 +46,6 @@ Depends: conserver-client, conserver-server, console-data, - crda, cron, curl, dbus, @@ -79,7 +79,7 @@ Depends: lcdproc, lcdproc-extra-drivers, libatomic1, - libbpf0 [amd64], + libbpf1 [amd64], libcharon-extra-plugins (>=5.9), libcharon-extauth-plugins (>=5.9), libndp-tools, diff --git a/interface-definitions/include/accel-ppp/auth-mode.xml.i b/interface-definitions/include/accel-ppp/auth-mode.xml.i index c1a87cfe3..ccaed6f04 100644 --- a/interface-definitions/include/accel-ppp/auth-mode.xml.i +++ b/interface-definitions/include/accel-ppp/auth-mode.xml.i @@ -10,11 +10,15 @@ <format>radius</format> <description>Use RADIUS server for user autentication</description> </valueHelp> + <valueHelp> + <format>noauth</format> + <description>Authentication disabled</description> + </valueHelp> <constraint> - <regex>(local|radius)</regex> + <regex>(local|radius|noauth)</regex> </constraint> <completionHelp> - <list>local radius</list> + <list>local radius noauth</list> </completionHelp> </properties> <defaultValue>local</defaultValue> diff --git a/interface-definitions/include/firewall/connection-mark.xml.i b/interface-definitions/include/firewall/connection-mark.xml.i index 2cb826635..69f7fe62c 100644 --- a/interface-definitions/include/firewall/connection-mark.xml.i +++ b/interface-definitions/include/firewall/connection-mark.xml.i @@ -3,11 +3,11 @@ <properties> <help>Connection mark</help> <valueHelp> - <format>u32:1-2147483647</format> + <format>u32:0-2147483647</format> <description>Connection-mark to match</description> </valueHelp> <constraint> - <validator name="numeric" argument="--range 1-2147483647"/> + <validator name="numeric" argument="--range 0-2147483647"/> </constraint> <multi/> </properties> diff --git a/interface-definitions/include/policy/route-common.xml.i b/interface-definitions/include/policy/route-common.xml.i index 6973d7a8f..216ec9bea 100644 --- a/interface-definitions/include/policy/route-common.xml.i +++ b/interface-definitions/include/policy/route-common.xml.i @@ -163,11 +163,11 @@ <properties>
<help>Connection marking</help>
<valueHelp>
- <format>u32:1-2147483647</format>
+ <format>u32:0-2147483647</format>
<description>Connection marking</description>
</valueHelp>
<constraint>
- <validator name="numeric" argument="--range 1-2147483647"/>
+ <validator name="numeric" argument="--range 0-2147483647"/>
</constraint>
</properties>
</leafNode>
diff --git a/interface-definitions/include/qos/hfsc-m1.xml.i b/interface-definitions/include/qos/hfsc-m1.xml.i index 749d01f57..677d817ba 100644 --- a/interface-definitions/include/qos/hfsc-m1.xml.i +++ b/interface-definitions/include/qos/hfsc-m1.xml.i @@ -27,6 +27,6 @@ <description>bps(8),kbps(8*10^3),mbps(8*10^6), gbps, tbps - Byte/sec</description> </valueHelp> </properties> - <defaultValue>100%</defaultValue> + <defaultValue>100%%</defaultValue> </leafNode> <!-- include end --> diff --git a/interface-definitions/include/qos/hfsc-m2.xml.i b/interface-definitions/include/qos/hfsc-m2.xml.i index 24e8f5d63..7690df4b0 100644 --- a/interface-definitions/include/qos/hfsc-m2.xml.i +++ b/interface-definitions/include/qos/hfsc-m2.xml.i @@ -27,6 +27,6 @@ <description>bps(8),kbps(8*10^3),mbps(8*10^6), gbps, tbps - Byte/sec</description> </valueHelp> </properties> - <defaultValue>100%</defaultValue> + <defaultValue>100%%</defaultValue> </leafNode> <!-- include end --> diff --git a/interface-definitions/interfaces-macsec.xml.in b/interface-definitions/interfaces-macsec.xml.in index 4b4f9149d..6bc28e44b 100644 --- a/interface-definitions/interfaces-macsec.xml.in +++ b/interface-definitions/interfaces-macsec.xml.in @@ -75,10 +75,10 @@ <help>Secure Connectivity Association Key Name</help> <valueHelp> <format>txt</format> - <description>32-byte (256-bit) hex-string (64 hex-digits)</description> + <description>1..32-bytes (8..256 bit) hex-string (2..64 hex-digits)</description> </valueHelp> <constraint> - <regex>[A-Fa-f0-9]{64}</regex> + <regex>[A-Fa-f0-9]{2,64}</regex> </constraint> </properties> </leafNode> diff --git a/interface-definitions/service-ipoe-server.xml.in b/interface-definitions/service-ipoe-server.xml.in index ca4929249..ebe99d3aa 100644 --- a/interface-definitions/service-ipoe-server.xml.in +++ b/interface-definitions/service-ipoe-server.xml.in @@ -117,29 +117,7 @@ <help>Client authentication methods</help> </properties> <children> - <leafNode name="mode"> - <properties> - <help>Authetication mode</help> - <completionHelp> - <list>local radius noauth</list> - </completionHelp> - <constraint> - <regex>(local|radius|noauth)</regex> - </constraint> - <valueHelp> - <format>local</format> - <description>Authentication based on local definition</description> - </valueHelp> - <valueHelp> - <format>radius</format> - <description>Authentication based on a RADIUS server</description> - </valueHelp> - <valueHelp> - <format>noauth</format> - <description>Authentication disabled</description> - </valueHelp> - </properties> - </leafNode> + #include <include/accel-ppp/auth-mode.xml.i> <tagNode name="interface"> <properties> <help>Network interface for client MAC addresses</help> diff --git a/interface-definitions/system-option.xml.in b/interface-definitions/system-option.xml.in index bb15e467e..0fa349e0b 100644 --- a/interface-definitions/system-option.xml.in +++ b/interface-definitions/system-option.xml.in @@ -36,13 +36,17 @@ <properties> <help>System keyboard layout, type ISO2</help> <completionHelp> - <list>us fr de es fi jp106 no dk dvorak</list> + <list>us uk fr de es fi jp106 no dk dvorak</list> </completionHelp> <valueHelp> <format>us</format> <description>United States</description> </valueHelp> <valueHelp> + <format>uk</format> + <description>United Kingdom</description> + </valueHelp> + <valueHelp> <format>fr</format> <description>France</description> </valueHelp> @@ -75,7 +79,7 @@ <description>Dvorak</description> </valueHelp> <constraint> - <regex>(us|fr|de|es|fi|jp106|no|dk|dvorak)</regex> + <regex>(us|uk|fr|de|es|fi|jp106|no|dk|dvorak)</regex> </constraint> <constraintErrorMessage>Invalid keyboard layout</constraintErrorMessage> </properties> diff --git a/python/vyos/config_mgmt.py b/python/vyos/config_mgmt.py index 22a49ff50..fade3081c 100644 --- a/python/vyos/config_mgmt.py +++ b/python/vyos/config_mgmt.py @@ -24,7 +24,7 @@ from datetime import datetime from tabulate import tabulate from vyos.config import Config -from vyos.configtree import ConfigTree +from vyos.configtree import ConfigTree, ConfigTreeError, show_diff from vyos.defaults import directories from vyos.util import is_systemd_service_active, ask_yes_no, rc_cmd @@ -93,15 +93,7 @@ class ConfigMgmt: # a call to compare without args is edit_level aware edit_level = os.getenv('VYATTA_EDIT_LEVEL', '') - edit_path = [l for l in edit_level.split('/') if l] - if edit_path: - eff_conf = config.show_config(edit_path, effective=True) - self.edit_level_active_config = ConfigTree(eff_conf) - conf = config.show_config(edit_path) - self.edit_level_working_config = ConfigTree(conf) - else: - self.edit_level_active_config = None - self.edit_level_working_config = None + self.edit_path = [l for l in edit_level.split('/') if l] self.active_config = config._running_config self.working_config = config._session_config @@ -241,14 +233,8 @@ Proceed ?''' revision n vs. revision m; working version vs. active version; or working version vs. saved version. """ - from difflib import unified_diff - - ct1 = self.edit_level_active_config - if ct1 is None: - ct1 = self.active_config - ct2 = self.edit_level_working_config - if ct2 is None: - ct2 = self.working_config + ct1 = self.active_config + ct2 = self.working_config msg = 'No changes between working and active configurations.\n' if saved: ct1 = self._get_saved_config_tree() @@ -268,19 +254,16 @@ Proceed ?''' ct1 = self._get_config_tree_revision(rev2) msg = f'No changes between revisions {rev2} and {rev1} configurations.\n' - if commands: - lines1 = ct1.to_commands().splitlines(keepends=True) - lines2 = ct2.to_commands().splitlines(keepends=True) - else: - lines1 = ct1.to_string().splitlines(keepends=True) - lines2 = ct2.to_string().splitlines(keepends=True) - out = '' - comp = unified_diff(lines1, lines2) - for line in comp: - if re.match(r'(\-\-)|(\+\+)|(@@)', line): - continue - out += line + path = [] if commands else self.edit_path + try: + if commands: + out = show_diff(ct1, ct2, path=path, commands=True) + else: + out = show_diff(ct1, ct2, path=path) + except ConfigTreeError as e: + return e, 1 + if out: msg = out diff --git a/python/vyos/configtree.py b/python/vyos/configtree.py index f2358ee4f..c0b3ebd78 100644 --- a/python/vyos/configtree.py +++ b/python/vyos/configtree.py @@ -16,7 +16,7 @@ import os import re import json -from ctypes import cdll, c_char_p, c_void_p, c_int +from ctypes import cdll, c_char_p, c_void_p, c_int, c_bool LIBPATH = '/usr/lib/libvyosconfig.so.0' @@ -322,6 +322,36 @@ class ConfigTree(object): subt = ConfigTree(address=res) return subt +def show_diff(left, right, path=[], commands=False, libpath=LIBPATH): + if left is None: + left = ConfigTree(config_string='\n') + if right is None: + right = ConfigTree(config_string='\n') + if not (isinstance(left, ConfigTree) and isinstance(right, ConfigTree)): + raise TypeError("Arguments must be instances of ConfigTree") + if path: + if (not left.exists(path)) and (not right.exists(path)): + raise ConfigTreeError(f"Path {path} doesn't exist") + + check_path(path) + path_str = " ".join(map(str, path)).encode() + + __lib = cdll.LoadLibrary(libpath) + __show_diff = __lib.show_diff + __show_diff.argtypes = [c_bool, c_char_p, c_void_p, c_void_p] + __show_diff.restype = c_char_p + __get_error = __lib.get_error + __get_error.argtypes = [] + __get_error.restype = c_char_p + + res = __show_diff(commands, path_str, left._get_config(), right._get_config()) + res = res.decode() + if res == "#1@": + msg = __get_error().decode() + raise ConfigTreeError(msg) + + return res + class DiffTree: def __init__(self, left, right, path=[], libpath=LIBPATH): if left is None: diff --git a/python/vyos/configverify.py b/python/vyos/configverify.py index 30bdd2d47..8fddd91d0 100644 --- a/python/vyos/configverify.py +++ b/python/vyos/configverify.py @@ -36,8 +36,14 @@ def verify_mtu(config): mtu = int(config['mtu']) tmp = Interface(config['ifname']) - min_mtu = tmp.get_min_mtu() - max_mtu = tmp.get_max_mtu() + # Not all interfaces support min/max MTU + # https://vyos.dev/T5011 + try: + min_mtu = tmp.get_min_mtu() + max_mtu = tmp.get_max_mtu() + except: # Fallback to defaults + min_mtu = 68 + max_mtu = 9000 if mtu < min_mtu: raise ConfigError(f'Interface MTU too low, ' \ @@ -420,11 +426,12 @@ def verify_accel_ppp_base_service(config, local_users=True): if 'gateway_address' in config: gateway = True else: - if dict_search_recursive(config, 'gateway_address', ['client_ip_pool', 'name']): - for _, v in config['client_ip_pool']['name'].items(): - if 'gateway_address' in v: - gateway = True - break + if 'client_ip_pool' in config: + if dict_search_recursive(config, 'gateway_address', ['client_ip_pool', 'name']): + for _, v in config['client_ip_pool']['name'].items(): + if 'gateway_address' in v: + gateway = True + break if not gateway: raise ConfigError('Server requires gateway-address to be configured!') diff --git a/python/vyos/ifconfig/tunnel.py b/python/vyos/ifconfig/tunnel.py index 5258a2cb1..f776240a1 100644 --- a/python/vyos/ifconfig/tunnel.py +++ b/python/vyos/ifconfig/tunnel.py @@ -162,6 +162,15 @@ class TunnelIf(Interface): """ Get a synthetic MAC address. """ return self.get_mac_synthetic() + def set_multicast(self): + """ Set multicast """ + if self.config.get('multicast', 'disable') == 'enable': + cmd = 'ip link set dev {ifname} multicast on' + else: + cmd = 'ip link set dev {ifname} multicast off' + + self._cmd(cmd.format(**self.config)) + def update(self, config): """ General helper function which works on a dictionary retrived by get_config_dict(). It's main intention is to consolidate the scattered @@ -170,5 +179,8 @@ class TunnelIf(Interface): # Adjust iproute2 tunnel parameters if necessary self._change_options() + # Add multicast + self.set_multicast() + # call base class first super().update(config) diff --git a/smoketest/bin/vyos-smoketest b/smoketest/bin/vyos-smoketest index cb039db42..135388afe 100755 --- a/smoketest/bin/vyos-smoketest +++ b/smoketest/bin/vyos-smoketest @@ -26,7 +26,7 @@ for root, dirs, files in os.walk('/usr/libexec/vyos/tests/smoke'): test_file = os.path.join(root, name) mode = os.stat(test_file).st_mode - if mode & S_IXOTH: + if name.startswith("test_") and mode & S_IXOTH: print('Running Testcase: ' + test_file) process = Popen([test_file], stdout=PIPE) (output, err) = process.communicate() diff --git a/smoketest/scripts/cli/test_load_balancing_wan.py b/smoketest/scripts/cli/test_load_balancing_wan.py index 33c69c595..0e1806f66 100755 --- a/smoketest/scripts/cli/test_load_balancing_wan.py +++ b/smoketest/scripts/cli/test_load_balancing_wan.py @@ -143,15 +143,15 @@ class TestLoadBalancingWan(VyOSUnitTestSHIM.TestCase): container_iface3 = 'ceth2' mangle_isp1 = """table ip mangle { chain ISP_veth1 { - counter ct mark set 0xc9 - counter meta mark set 0xc9 + counter ct mark set 0xc9 + counter meta mark set 0xc9 counter accept } }""" mangle_isp2 = """table ip mangle { chain ISP_veth2 { - counter ct mark set 0xca - counter meta mark set 0xca + counter ct mark set 0xca + counter meta mark set 0xca counter accept } }""" @@ -163,7 +163,7 @@ class TestLoadBalancingWan(VyOSUnitTestSHIM.TestCase): }""" mangle_wanloadbalance_pre = """table ip mangle { chain WANLOADBALANCE_PRE { - iifname "veth3" ip saddr 198.51.100.0/24 ct state new counter jump ISP_veth1 + iifname "veth3" ip saddr 198.51.100.0/24 ct state new meta random & 2147483647 < 1073741824 counter jump ISP_veth1 iifname "veth3" ip saddr 198.51.100.0/24 ct state new counter jump ISP_veth2 iifname "veth3" ip saddr 198.51.100.0/24 counter meta mark set ct mark } @@ -177,7 +177,6 @@ class TestLoadBalancingWan(VyOSUnitTestSHIM.TestCase): nat_vyos_pre_snat_hook = """table ip nat { chain VYOS_PRE_SNAT_HOOK { type nat hook postrouting priority srcnat - 1; policy accept; - counter jump WANLOADBALANCE return } }""" diff --git a/smoketest/scripts/cli/test_service_dns_dynamic.py b/smoketest/scripts/cli/test_service_dns_dynamic.py index 90d10d40b..57705e26f 100755 --- a/smoketest/scripts/cli/test_service_dns_dynamic.py +++ b/smoketest/scripts/cli/test_service_dns_dynamic.py @@ -155,7 +155,7 @@ class TestServiceDDNS(VyOSUnitTestSHIM.TestCase): self.assertEqual(login, user) self.assertEqual(pwd, f"'{password}'") self.assertEqual(server, srv) - self.assertEqual(usev6, f"if, if={interface}") + self.assertEqual(usev6, f"ifv6, if={interface}") if __name__ == '__main__': unittest.main(verbosity=2) diff --git a/src/conf_mode/container.py b/src/conf_mode/container.py index 08861053d..90e5f84f2 100755 --- a/src/conf_mode/container.py +++ b/src/conf_mode/container.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2021-2022 VyOS maintainers and contributors +# Copyright (C) 2021-2023 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -84,16 +84,16 @@ def get_config(config=None): # tagNodes in place, it is better to blend in the defaults manually. if 'port' in container['name'][name]: for port in container['name'][name]['port']: - default_values = defaults(base + ['name', 'port']) + default_values_port = defaults(base + ['name', 'port']) container['name'][name]['port'][port] = dict_merge( - default_values, container['name'][name]['port'][port]) + default_values_port, container['name'][name]['port'][port]) # XXX: T2665: we can not safely rely on the defaults() when there are # tagNodes in place, it is better to blend in the defaults manually. if 'volume' in container['name'][name]: for volume in container['name'][name]['volume']: - default_values = defaults(base + ['name', 'volume']) + default_values_volume = defaults(base + ['name', 'volume']) container['name'][name]['volume'][volume] = dict_merge( - default_values, container['name'][name]['volume'][volume]) + default_values_volume, container['name'][name]['volume'][volume]) # Delete container network, delete containers tmp = node_changed(conf, base + ['network']) diff --git a/src/etc/systemd/system/ddclient.service.d/override.conf b/src/etc/systemd/system/ddclient.service.d/override.conf index d9c9963b0..09d929d39 100644 --- a/src/etc/systemd/system/ddclient.service.d/override.conf +++ b/src/etc/systemd/system/ddclient.service.d/override.conf @@ -8,4 +8,4 @@ WorkingDirectory=/run/ddclient PIDFile= PIDFile=/run/ddclient/ddclient.pid ExecStart= -ExecStart=/usr/sbin/ddclient -cache /run/ddclient/ddclient.cache -pid /run/ddclient/ddclient.pid -file /run/ddclient/ddclient.conf +ExecStart=/usr/bin/ddclient -cache /run/ddclient/ddclient.cache -pid /run/ddclient/ddclient.pid -file /run/ddclient/ddclient.conf diff --git a/src/op_mode/openvpn.py b/src/op_mode/openvpn.py index 3797a7153..d957a1d01 100755 --- a/src/op_mode/openvpn.py +++ b/src/op_mode/openvpn.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2022 VyOS maintainers and contributors +# Copyright (C) 2022-2023 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -153,6 +153,8 @@ def _get_raw_data(mode: str) -> dict: d = data[intf] d['local_host'] = conf_dict[intf].get('local-host', '') d['local_port'] = conf_dict[intf].get('local-port', '') + if conf.exists(f'interfaces openvpn {intf} server client'): + d['configured_clients'] = conf.list_nodes(f'interfaces openvpn {intf} server client') if mode in ['client', 'site-to-site']: for client in d['clients']: if 'shared-secret-key-file' in list(conf_dict[intf]): diff --git a/src/services/vyos-http-api-server b/src/services/vyos-http-api-server index f59e089ae..cd73f38ec 100755 --- a/src/services/vyos-http-api-server +++ b/src/services/vyos-http-api-server @@ -425,7 +425,7 @@ async def validation_exception_handler(request, exc): return error(400, str(exc.errors()[0])) @app.post('/configure') -def configure_op(data: Union[ConfigureModel, ConfigureListModel]): +async def configure_op(data: Union[ConfigureModel, ConfigureListModel]): session = app.state.vyos_session env = session.get_session_env() config = vyos.config.Config(session_env=env) @@ -494,7 +494,7 @@ def configure_op(data: Union[ConfigureModel, ConfigureListModel]): return success(None) @app.post("/retrieve") -def retrieve_op(data: RetrieveModel): +async def retrieve_op(data: RetrieveModel): session = app.state.vyos_session env = session.get_session_env() config = vyos.config.Config(session_env=env) diff --git a/src/tests/test_configverify.py b/src/tests/test_configverify.py index ad7e053db..6fb43ece2 100644 --- a/src/tests/test_configverify.py +++ b/src/tests/test_configverify.py @@ -27,11 +27,6 @@ class TestDictSearch(TestCase): def test_dh_key_none(self): self.assertFalse(verify_diffie_hellman_length('/tmp/non_existing_file', '1024')) - def test_dh_key_256(self): - key_len = '256' - cmd(f'openssl dhparam -out {dh_file} {key_len}') - self.assertTrue(verify_diffie_hellman_length(dh_file, key_len)) - def test_dh_key_512(self): key_len = '512' cmd(f'openssl dhparam -out {dh_file} {key_len}') diff --git a/src/xdp/common/common_libbpf.c b/src/xdp/common/common_libbpf.c index 5788ecd9e..443ca4c66 100644 --- a/src/xdp/common/common_libbpf.c +++ b/src/xdp/common/common_libbpf.c @@ -24,10 +24,6 @@ static inline bool IS_ERR_OR_NULL(const void *ptr) int bpf_prog_load_xattr_maps(const struct bpf_prog_load_attr_maps *attr, struct bpf_object **pobj, int *prog_fd) { - struct bpf_object_open_attr open_attr = { - .file = attr->file, - .prog_type = attr->prog_type, - }; struct bpf_program *prog, *first_prog = NULL; enum bpf_attach_type expected_attach_type; enum bpf_prog_type prog_type; @@ -41,10 +37,13 @@ int bpf_prog_load_xattr_maps(const struct bpf_prog_load_attr_maps *attr, if (!attr->file) return -EINVAL; + obj = bpf_object__open_file(attr->file, NULL); - obj = bpf_object__open_xattr(&open_attr); - if (IS_ERR_OR_NULL(obj)) - return -ENOENT; + if (libbpf_get_error(obj)) + return -EINVAL; + + prog = bpf_object__next_program(obj, NULL); + bpf_program__set_type(prog, attr->prog_type); bpf_object__for_each_program(prog, obj) { /* @@ -82,7 +81,7 @@ int bpf_prog_load_xattr_maps(const struct bpf_prog_load_attr_maps *attr, bpf_map__for_each(map, obj) { const char* mapname = bpf_map__name(map); - if (!bpf_map__is_offload_neutral(map)) + if (bpf_map__type(map) != BPF_MAP_TYPE_PERF_EVENT_ARRAY) bpf_map__set_ifindex(map, attr->ifindex); /* Was: map->map_ifindex = attr->ifindex; */ diff --git a/src/xdp/common/common_user_bpf_xdp.c b/src/xdp/common/common_user_bpf_xdp.c index faf7f4f91..524f08c9d 100644 --- a/src/xdp/common/common_user_bpf_xdp.c +++ b/src/xdp/common/common_user_bpf_xdp.c @@ -21,7 +21,7 @@ int xdp_link_attach(int ifindex, __u32 xdp_flags, int prog_fd) int err; /* libbpf provide the XDP net_device link-level hook attach helper */ - err = bpf_set_link_xdp_fd(ifindex, prog_fd, xdp_flags); + err = bpf_xdp_attach(ifindex, prog_fd, xdp_flags, NULL); if (err == -EEXIST && !(xdp_flags & XDP_FLAGS_UPDATE_IF_NOEXIST)) { /* Force mode didn't work, probably because a program of the * opposite type is loaded. Let's unload that and try loading @@ -32,9 +32,9 @@ int xdp_link_attach(int ifindex, __u32 xdp_flags, int prog_fd) xdp_flags &= ~XDP_FLAGS_MODES; xdp_flags |= (old_flags & XDP_FLAGS_SKB_MODE) ? XDP_FLAGS_DRV_MODE : XDP_FLAGS_SKB_MODE; - err = bpf_set_link_xdp_fd(ifindex, -1, xdp_flags); + err = bpf_xdp_detach(ifindex, xdp_flags, NULL); if (!err) - err = bpf_set_link_xdp_fd(ifindex, prog_fd, old_flags); + err = bpf_xdp_attach(ifindex, prog_fd, old_flags, NULL); } if (err < 0) { fprintf(stderr, "ERR: " @@ -65,7 +65,7 @@ int xdp_link_detach(int ifindex, __u32 xdp_flags, __u32 expected_prog_id) __u32 curr_prog_id; int err; - err = bpf_get_link_xdp_id(ifindex, &curr_prog_id, xdp_flags); + err = bpf_xdp_query_id(ifindex, xdp_flags, &curr_prog_id); if (err) { fprintf(stderr, "ERR: get link xdp id failed (err=%d): %s\n", -err, strerror(-err)); @@ -86,7 +86,7 @@ int xdp_link_detach(int ifindex, __u32 xdp_flags, __u32 expected_prog_id) return EXIT_FAIL; } - if ((err = bpf_set_link_xdp_fd(ifindex, -1, xdp_flags)) < 0) { + if ((err = bpf_xdp_detach(ifindex, xdp_flags, NULL)) < 0) { fprintf(stderr, "ERR: %s() link set xdp failed (err=%d): %s\n", __func__, err, strerror(-err)); return EXIT_FAIL_XDP; @@ -109,22 +109,28 @@ struct bpf_object *load_bpf_object_file(const char *filename, int ifindex) * hardware offloading XDP programs (note this sets libbpf * bpf_program->prog_ifindex and foreach bpf_map->map_ifindex). */ - struct bpf_prog_load_attr prog_load_attr = { - .prog_type = BPF_PROG_TYPE_XDP, - .ifindex = ifindex, - }; - prog_load_attr.file = filename; + struct bpf_program *prog; + obj = bpf_object__open_file(filename, NULL); + + if (libbpf_get_error(obj)) + return NULL; + + prog = bpf_object__next_program(obj, NULL); + bpf_program__set_type(prog, BPF_PROG_TYPE_XDP); + bpf_program__set_ifindex(prog, ifindex); /* Use libbpf for extracting BPF byte-code from BPF-ELF object, and * loading this into the kernel via bpf-syscall */ - err = bpf_prog_load_xattr(&prog_load_attr, &obj, &first_prog_fd); + err = bpf_object__load(obj); if (err) { fprintf(stderr, "ERR: loading BPF-OBJ file(%s) (%d): %s\n", filename, err, strerror(-err)); return NULL; } + first_prog_fd = bpf_program__fd(prog); + /* Notice how a pointer to a libbpf bpf_object is returned */ return obj; } @@ -136,12 +142,15 @@ static struct bpf_object *open_bpf_object(const char *file, int ifindex) struct bpf_map *map; struct bpf_program *prog, *first_prog = NULL; - struct bpf_object_open_attr open_attr = { - .file = file, - .prog_type = BPF_PROG_TYPE_XDP, - }; + obj = bpf_object__open_file(file, NULL); - obj = bpf_object__open_xattr(&open_attr); + if (libbpf_get_error(obj)) + return NULL; + + prog = bpf_object__next_program(obj, NULL); + bpf_program__set_type(prog, BPF_PROG_TYPE_XDP); + + err = bpf_object__load(obj); if (IS_ERR_OR_NULL(obj)) { err = -PTR_ERR(obj); fprintf(stderr, "ERR: opening BPF-OBJ file(%s) (%d): %s\n", @@ -157,7 +166,7 @@ static struct bpf_object *open_bpf_object(const char *file, int ifindex) } bpf_object__for_each_map(map, obj) { - if (!bpf_map__is_offload_neutral(map)) + if (bpf_map__type(map) != BPF_MAP_TYPE_PERF_EVENT_ARRAY) bpf_map__set_ifindex(map, ifindex); } @@ -264,10 +273,10 @@ struct bpf_object *load_bpf_and_xdp_attach(struct config *cfg) if (cfg->progsec[0]) /* Find a matching BPF prog section name */ - bpf_prog = bpf_object__find_program_by_title(bpf_obj, cfg->progsec); + bpf_prog = bpf_object__find_program_by_name(bpf_obj, cfg->progsec); else /* Find the first program */ - bpf_prog = bpf_program__next(NULL, bpf_obj); + bpf_prog = bpf_object__next_program(bpf_obj, NULL); if (!bpf_prog) { fprintf(stderr, "ERR: couldn't find a program in ELF section '%s'\n", cfg->progsec); diff --git a/src/xdp/common/xdp_stats_kern.h b/src/xdp/common/xdp_stats_kern.h index 4e08551a0..c061a149d 100644 --- a/src/xdp/common/xdp_stats_kern.h +++ b/src/xdp/common/xdp_stats_kern.h @@ -13,12 +13,12 @@ #endif /* Keeps stats per (enum) xdp_action */ -struct bpf_map_def SEC("maps") xdp_stats_map = { - .type = BPF_MAP_TYPE_PERCPU_ARRAY, - .key_size = sizeof(__u32), - .value_size = sizeof(struct datarec), - .max_entries = XDP_ACTION_MAX, -}; +struct { + __uint(type, BPF_MAP_TYPE_PERCPU_ARRAY); + __type(key, __u32); + __type(value, struct datarec); + __uint(max_entries, XDP_ACTION_MAX); +} xdp_stats_map SEC(".maps"); static __always_inline __u32 xdp_stats_record_action(struct xdp_md *ctx, __u32 action) diff --git a/src/xdp/xdp_prog_kern.c b/src/xdp/xdp_prog_kern.c index a1eb395af..59308325d 100644 --- a/src/xdp/xdp_prog_kern.c +++ b/src/xdp/xdp_prog_kern.c @@ -16,19 +16,19 @@ #define memcpy(dest, src, n) __builtin_memcpy((dest), (src), (n)) #endif -struct bpf_map_def SEC("maps") tx_port = { - .type = BPF_MAP_TYPE_DEVMAP, - .key_size = sizeof(int), - .value_size = sizeof(int), - .max_entries = 256, -}; - -struct bpf_map_def SEC("maps") redirect_params = { - .type = BPF_MAP_TYPE_HASH, - .key_size = ETH_ALEN, - .value_size = ETH_ALEN, - .max_entries = 1, -}; +struct { + __uint(type, BPF_MAP_TYPE_DEVMAP); + __type(key, int); + __type(value, int); + __uint(max_entries, 256); +} tx_port SEC(".maps"); + +struct { + __uint(type, BPF_MAP_TYPE_HASH); + __type(key, ETH_ALEN); + __type(value, ETH_ALEN); + __uint(max_entries, 1); +} redirect_params SEC(".maps"); static __always_inline __u16 csum_fold_helper(__u32 csum) { @@ -208,8 +208,12 @@ out: return xdp_stats_record_action(ctx, action); } +#ifndef AF_INET #define AF_INET 2 +#endif +#ifndef AF_INET6 #define AF_INET6 10 +#endif #define IPV6_FLOWINFO_MASK bpf_htonl(0x0FFFFFFF) /* from include/net/ip.h */ |