diff options
26 files changed, 200 insertions, 183 deletions
diff --git a/data/templates/accel-ppp/pppoe.config.j2 b/data/templates/accel-ppp/pppoe.config.j2 index 811c4ccc0..dd53edd28 100644 --- a/data/templates/accel-ppp/pppoe.config.j2 +++ b/data/templates/accel-ppp/pppoe.config.j2 @@ -30,6 +30,11 @@ syslog=accel-pppoe,daemon copy=1 level=5 +{% if authentication.mode is vyos_defined("noauth") %} +[auth] +noauth=1 +{% endif %} + {% if snmp.master_agent is vyos_defined %} [snmp] master=1 @@ -133,7 +138,10 @@ pado-delay={{ pado_delay_param.value }} called-sid={{ authentication.radius.called_sid_format }} {% endif %} -{% if authentication.mode is vyos_defined("local") %} +{% if authentication.mode is vyos_defined("local") or authentication.mode is vyos_defined("noauth") %} +{% if authentication.mode is vyos_defined("noauth") %} +noauth=1 +{% endif %} {% if client_ip_pool.name is vyos_defined %} {% for pool, pool_config in client_ip_pool.name.items() %} {% if pool_config.subnet is vyos_defined %} diff --git a/data/templates/chrony/override.conf.j2 b/data/templates/chrony/override.conf.j2 index 9eaea7608..0ab8f0824 100644 --- a/data/templates/chrony/override.conf.j2 +++ b/data/templates/chrony/override.conf.j2 @@ -5,6 +5,7 @@ ConditionPathExists={{ config_file }} After=vyos-router.service [Service] +User=root EnvironmentFile= ExecStart= ExecStart={{ vrf_command }}/usr/sbin/chronyd -F 1 -f {{ config_file }} @@ -13,5 +14,5 @@ PIDFile={{ config_file | replace('.conf', '.pid') }} Restart=always RestartSec=10 # Required for VRF support -ProtectControlGroups=No - +ProcSubset=all +ProtectControlGroups=no diff --git a/data/templates/dynamic-dns/ddclient.conf.j2 b/data/templates/dynamic-dns/ddclient.conf.j2 index 3c2d17cbb..c2c9b1dd6 100644 --- a/data/templates/dynamic-dns/ddclient.conf.j2 +++ b/data/templates/dynamic-dns/ddclient.conf.j2 @@ -10,7 +10,7 @@ ssl=yes {% set web_skip = ", web-skip='" ~ iface_config.use_web.skip ~ "'" if iface_config.use_web.skip is vyos_defined else '' %} use=web, web='{{ iface_config.use_web.url }}'{{ web_skip }} {% else %} -{{ 'usev6=if' if iface_config.ipv6_enable is vyos_defined else 'use=if' }}, if={{ iface }} +{{ 'usev6=ifv6' if iface_config.ipv6_enable is vyos_defined else 'use=if' }}, if={{ iface }} {% endif %} {% if iface_config.rfc2136 is vyos_defined %} diff --git a/data/templates/ipsec/ipsec.conf.j2 b/data/templates/ipsec/ipsec.conf.j2 deleted file mode 100644 index f63995b38..000000000 --- a/data/templates/ipsec/ipsec.conf.j2 +++ /dev/null @@ -1,19 +0,0 @@ -# Created by VyOS - manual changes will be overwritten - -config setup -{% set charondebug = '' %} -{% if log.subsystem is vyos_defined %} -{% set subsystem = log.subsystem %} -{% if 'any' in log.subsystem %} -{% set subsystem = ['dmn', 'mgr', 'ike', 'chd','job', 'cfg', 'knl', - 'net', 'asn', 'enc', 'lib', 'esp', 'tls', 'tnc', - 'imc', 'imv', 'pts'] %} -{% endif %} -{% set charondebug = subsystem | join (' ' ~ log.level ~ ', ') ~ ' ' ~ log.level %} -{% endif %} - charondebug = "{{ charondebug }}" - uniqueids = {{ "no" if disable_uniqreqids is vyos_defined else "yes" }} - -{% if include_ipsec_conf is vyos_defined %} -include {{ include_ipsec_conf }} -{% endif %} diff --git a/data/templates/ipsec/ipsec.secrets.j2 b/data/templates/ipsec/ipsec.secrets.j2 deleted file mode 100644 index a87ac9bc7..000000000 --- a/data/templates/ipsec/ipsec.secrets.j2 +++ /dev/null @@ -1,5 +0,0 @@ -# Created by VyOS - manual changes will be overwritten - -{% if include_ipsec_secrets is vyos_defined %} -include {{ include_ipsec_secrets }} -{% endif %} diff --git a/debian/control b/debian/control index 2b940a412..fb29697d4 100644 --- a/debian/control +++ b/debian/control @@ -8,6 +8,7 @@ Build-Depends: fakeroot, gcc-multilib [amd64], clang [amd64], + iproute2, llvm [amd64], libbpf-dev [amd64], libelf-dev (>= 0.2) [amd64], @@ -45,7 +46,6 @@ Depends: conserver-client, conserver-server, console-data, - crda, cron, curl, dbus, @@ -79,7 +79,7 @@ Depends: lcdproc, lcdproc-extra-drivers, libatomic1, - libbpf0 [amd64], + libbpf1 [amd64], libcharon-extra-plugins (>=5.9), libcharon-extauth-plugins (>=5.9), libndp-tools, diff --git a/interface-definitions/include/accel-ppp/auth-mode.xml.i b/interface-definitions/include/accel-ppp/auth-mode.xml.i index c1a87cfe3..ccaed6f04 100644 --- a/interface-definitions/include/accel-ppp/auth-mode.xml.i +++ b/interface-definitions/include/accel-ppp/auth-mode.xml.i @@ -10,11 +10,15 @@ <format>radius</format> <description>Use RADIUS server for user autentication</description> </valueHelp> + <valueHelp> + <format>noauth</format> + <description>Authentication disabled</description> + </valueHelp> <constraint> - <regex>(local|radius)</regex> + <regex>(local|radius|noauth)</regex> </constraint> <completionHelp> - <list>local radius</list> + <list>local radius noauth</list> </completionHelp> </properties> <defaultValue>local</defaultValue> diff --git a/interface-definitions/include/version/ipsec-version.xml.i b/interface-definitions/include/version/ipsec-version.xml.i index 8d019b466..de7a9c088 100644 --- a/interface-definitions/include/version/ipsec-version.xml.i +++ b/interface-definitions/include/version/ipsec-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/ipsec-version.xml.i --> -<syntaxVersion component='ipsec' version='11'></syntaxVersion> +<syntaxVersion component='ipsec' version='12'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/service-ipoe-server.xml.in b/interface-definitions/service-ipoe-server.xml.in index ca4929249..ebe99d3aa 100644 --- a/interface-definitions/service-ipoe-server.xml.in +++ b/interface-definitions/service-ipoe-server.xml.in @@ -117,29 +117,7 @@ <help>Client authentication methods</help> </properties> <children> - <leafNode name="mode"> - <properties> - <help>Authetication mode</help> - <completionHelp> - <list>local radius noauth</list> - </completionHelp> - <constraint> - <regex>(local|radius|noauth)</regex> - </constraint> - <valueHelp> - <format>local</format> - <description>Authentication based on local definition</description> - </valueHelp> - <valueHelp> - <format>radius</format> - <description>Authentication based on a RADIUS server</description> - </valueHelp> - <valueHelp> - <format>noauth</format> - <description>Authentication disabled</description> - </valueHelp> - </properties> - </leafNode> + #include <include/accel-ppp/auth-mode.xml.i> <tagNode name="interface"> <properties> <help>Network interface for client MAC addresses</help> diff --git a/interface-definitions/system-option.xml.in b/interface-definitions/system-option.xml.in index bb15e467e..0fa349e0b 100644 --- a/interface-definitions/system-option.xml.in +++ b/interface-definitions/system-option.xml.in @@ -36,13 +36,17 @@ <properties> <help>System keyboard layout, type ISO2</help> <completionHelp> - <list>us fr de es fi jp106 no dk dvorak</list> + <list>us uk fr de es fi jp106 no dk dvorak</list> </completionHelp> <valueHelp> <format>us</format> <description>United States</description> </valueHelp> <valueHelp> + <format>uk</format> + <description>United Kingdom</description> + </valueHelp> + <valueHelp> <format>fr</format> <description>France</description> </valueHelp> @@ -75,7 +79,7 @@ <description>Dvorak</description> </valueHelp> <constraint> - <regex>(us|fr|de|es|fi|jp106|no|dk|dvorak)</regex> + <regex>(us|uk|fr|de|es|fi|jp106|no|dk|dvorak)</regex> </constraint> <constraintErrorMessage>Invalid keyboard layout</constraintErrorMessage> </properties> diff --git a/interface-definitions/vpn-ipsec.xml.in b/interface-definitions/vpn-ipsec.xml.in index 5ba9c9388..1b3a5532e 100644 --- a/interface-definitions/vpn-ipsec.xml.in +++ b/interface-definitions/vpn-ipsec.xml.in @@ -546,16 +546,6 @@ </tagNode> </children> </tagNode> - <leafNode name="include-ipsec-conf"> - <properties> - <help>Absolute path to specify a strongSwan config include file</help> - </properties> - </leafNode> - <leafNode name="include-ipsec-secrets"> - <properties> - <help>Absolute path to a strongSwan secrets include file</help> - </properties> - </leafNode> #include <include/generic-interface-multi.xml.i> <node name="log"> <properties> diff --git a/python/vyos/config_mgmt.py b/python/vyos/config_mgmt.py index 22a49ff50..fade3081c 100644 --- a/python/vyos/config_mgmt.py +++ b/python/vyos/config_mgmt.py @@ -24,7 +24,7 @@ from datetime import datetime from tabulate import tabulate from vyos.config import Config -from vyos.configtree import ConfigTree +from vyos.configtree import ConfigTree, ConfigTreeError, show_diff from vyos.defaults import directories from vyos.util import is_systemd_service_active, ask_yes_no, rc_cmd @@ -93,15 +93,7 @@ class ConfigMgmt: # a call to compare without args is edit_level aware edit_level = os.getenv('VYATTA_EDIT_LEVEL', '') - edit_path = [l for l in edit_level.split('/') if l] - if edit_path: - eff_conf = config.show_config(edit_path, effective=True) - self.edit_level_active_config = ConfigTree(eff_conf) - conf = config.show_config(edit_path) - self.edit_level_working_config = ConfigTree(conf) - else: - self.edit_level_active_config = None - self.edit_level_working_config = None + self.edit_path = [l for l in edit_level.split('/') if l] self.active_config = config._running_config self.working_config = config._session_config @@ -241,14 +233,8 @@ Proceed ?''' revision n vs. revision m; working version vs. active version; or working version vs. saved version. """ - from difflib import unified_diff - - ct1 = self.edit_level_active_config - if ct1 is None: - ct1 = self.active_config - ct2 = self.edit_level_working_config - if ct2 is None: - ct2 = self.working_config + ct1 = self.active_config + ct2 = self.working_config msg = 'No changes between working and active configurations.\n' if saved: ct1 = self._get_saved_config_tree() @@ -268,19 +254,16 @@ Proceed ?''' ct1 = self._get_config_tree_revision(rev2) msg = f'No changes between revisions {rev2} and {rev1} configurations.\n' - if commands: - lines1 = ct1.to_commands().splitlines(keepends=True) - lines2 = ct2.to_commands().splitlines(keepends=True) - else: - lines1 = ct1.to_string().splitlines(keepends=True) - lines2 = ct2.to_string().splitlines(keepends=True) - out = '' - comp = unified_diff(lines1, lines2) - for line in comp: - if re.match(r'(\-\-)|(\+\+)|(@@)', line): - continue - out += line + path = [] if commands else self.edit_path + try: + if commands: + out = show_diff(ct1, ct2, path=path, commands=True) + else: + out = show_diff(ct1, ct2, path=path) + except ConfigTreeError as e: + return e, 1 + if out: msg = out diff --git a/python/vyos/configtree.py b/python/vyos/configtree.py index f2358ee4f..c0b3ebd78 100644 --- a/python/vyos/configtree.py +++ b/python/vyos/configtree.py @@ -16,7 +16,7 @@ import os import re import json -from ctypes import cdll, c_char_p, c_void_p, c_int +from ctypes import cdll, c_char_p, c_void_p, c_int, c_bool LIBPATH = '/usr/lib/libvyosconfig.so.0' @@ -322,6 +322,36 @@ class ConfigTree(object): subt = ConfigTree(address=res) return subt +def show_diff(left, right, path=[], commands=False, libpath=LIBPATH): + if left is None: + left = ConfigTree(config_string='\n') + if right is None: + right = ConfigTree(config_string='\n') + if not (isinstance(left, ConfigTree) and isinstance(right, ConfigTree)): + raise TypeError("Arguments must be instances of ConfigTree") + if path: + if (not left.exists(path)) and (not right.exists(path)): + raise ConfigTreeError(f"Path {path} doesn't exist") + + check_path(path) + path_str = " ".join(map(str, path)).encode() + + __lib = cdll.LoadLibrary(libpath) + __show_diff = __lib.show_diff + __show_diff.argtypes = [c_bool, c_char_p, c_void_p, c_void_p] + __show_diff.restype = c_char_p + __get_error = __lib.get_error + __get_error.argtypes = [] + __get_error.restype = c_char_p + + res = __show_diff(commands, path_str, left._get_config(), right._get_config()) + res = res.decode() + if res == "#1@": + msg = __get_error().decode() + raise ConfigTreeError(msg) + + return res + class DiffTree: def __init__(self, left, right, path=[], libpath=LIBPATH): if left is None: diff --git a/python/vyos/configverify.py b/python/vyos/configverify.py index 30bdd2d47..fcc8cc733 100644 --- a/python/vyos/configverify.py +++ b/python/vyos/configverify.py @@ -420,11 +420,12 @@ def verify_accel_ppp_base_service(config, local_users=True): if 'gateway_address' in config: gateway = True else: - if dict_search_recursive(config, 'gateway_address', ['client_ip_pool', 'name']): - for _, v in config['client_ip_pool']['name'].items(): - if 'gateway_address' in v: - gateway = True - break + if 'client_ip_pool' in config: + if dict_search_recursive(config, 'gateway_address', ['client_ip_pool', 'name']): + for _, v in config['client_ip_pool']['name'].items(): + if 'gateway_address' in v: + gateway = True + break if not gateway: raise ConfigError('Server requires gateway-address to be configured!') diff --git a/smoketest/bin/vyos-smoketest b/smoketest/bin/vyos-smoketest index cb039db42..135388afe 100755 --- a/smoketest/bin/vyos-smoketest +++ b/smoketest/bin/vyos-smoketest @@ -26,7 +26,7 @@ for root, dirs, files in os.walk('/usr/libexec/vyos/tests/smoke'): test_file = os.path.join(root, name) mode = os.stat(test_file).st_mode - if mode & S_IXOTH: + if name.startswith("test_") and mode & S_IXOTH: print('Running Testcase: ' + test_file) process = Popen([test_file], stdout=PIPE) (output, err) = process.communicate() diff --git a/smoketest/scripts/cli/test_load_balancing_wan.py b/smoketest/scripts/cli/test_load_balancing_wan.py index 33c69c595..0e1806f66 100755 --- a/smoketest/scripts/cli/test_load_balancing_wan.py +++ b/smoketest/scripts/cli/test_load_balancing_wan.py @@ -143,15 +143,15 @@ class TestLoadBalancingWan(VyOSUnitTestSHIM.TestCase): container_iface3 = 'ceth2' mangle_isp1 = """table ip mangle { chain ISP_veth1 { - counter ct mark set 0xc9 - counter meta mark set 0xc9 + counter ct mark set 0xc9 + counter meta mark set 0xc9 counter accept } }""" mangle_isp2 = """table ip mangle { chain ISP_veth2 { - counter ct mark set 0xca - counter meta mark set 0xca + counter ct mark set 0xca + counter meta mark set 0xca counter accept } }""" @@ -163,7 +163,7 @@ class TestLoadBalancingWan(VyOSUnitTestSHIM.TestCase): }""" mangle_wanloadbalance_pre = """table ip mangle { chain WANLOADBALANCE_PRE { - iifname "veth3" ip saddr 198.51.100.0/24 ct state new counter jump ISP_veth1 + iifname "veth3" ip saddr 198.51.100.0/24 ct state new meta random & 2147483647 < 1073741824 counter jump ISP_veth1 iifname "veth3" ip saddr 198.51.100.0/24 ct state new counter jump ISP_veth2 iifname "veth3" ip saddr 198.51.100.0/24 counter meta mark set ct mark } @@ -177,7 +177,6 @@ class TestLoadBalancingWan(VyOSUnitTestSHIM.TestCase): nat_vyos_pre_snat_hook = """table ip nat { chain VYOS_PRE_SNAT_HOOK { type nat hook postrouting priority srcnat - 1; policy accept; - counter jump WANLOADBALANCE return } }""" diff --git a/smoketest/scripts/cli/test_service_dns_dynamic.py b/smoketest/scripts/cli/test_service_dns_dynamic.py index 90d10d40b..57705e26f 100755 --- a/smoketest/scripts/cli/test_service_dns_dynamic.py +++ b/smoketest/scripts/cli/test_service_dns_dynamic.py @@ -155,7 +155,7 @@ class TestServiceDDNS(VyOSUnitTestSHIM.TestCase): self.assertEqual(login, user) self.assertEqual(pwd, f"'{password}'") self.assertEqual(server, srv) - self.assertEqual(usev6, f"if, if={interface}") + self.assertEqual(usev6, f"ifv6, if={interface}") if __name__ == '__main__': unittest.main(verbosity=2) diff --git a/src/conf_mode/vpn_ipsec.py b/src/conf_mode/vpn_ipsec.py index 10bad8c74..8263358ea 100755 --- a/src/conf_mode/vpn_ipsec.py +++ b/src/conf_mode/vpn_ipsec.py @@ -53,8 +53,6 @@ dhcp_wait_attempts = 2 dhcp_wait_sleep = 1 swanctl_dir = '/etc/swanctl' -ipsec_conf = '/etc/ipsec.conf' -ipsec_secrets = '/etc/ipsec.secrets' charon_conf = '/etc/strongswan.d/charon.conf' charon_dhcp_conf = '/etc/strongswan.d/charon/dhcp.conf' charon_radius_conf = '/etc/strongswan.d/charon/eap-radius.conf' @@ -618,8 +616,6 @@ def generate(ipsec): if id: ipsec['authentication']['psk'][psk]['id'].append(id) - render(ipsec_conf, 'ipsec/ipsec.conf.j2', ipsec) - render(ipsec_secrets, 'ipsec/ipsec.secrets.j2', ipsec) render(charon_conf, 'ipsec/charon.j2', ipsec) render(charon_dhcp_conf, 'ipsec/charon/dhcp.conf.j2', ipsec) render(charon_radius_conf, 'ipsec/charon/eap-radius.conf.j2', ipsec) @@ -634,25 +630,12 @@ def resync_nhrp(ipsec): if tmp > 0: print('ERROR: failed to reapply NHRP settings!') -def wait_for_vici_socket(timeout=5, sleep_interval=0.1): - start_time = time() - test_command = f'sudo socat -u OPEN:/dev/null UNIX-CONNECT:{vici_socket}' - while True: - if (start_time + timeout) < time(): - return None - result = run(test_command) - if result == 0: - return True - sleep(sleep_interval) - def apply(ipsec): systemd_service = 'strongswan.service' if not ipsec: call(f'systemctl stop {systemd_service}') else: call(f'systemctl reload-or-restart {systemd_service}') - if wait_for_vici_socket(): - call('sudo swanctl -q') resync_nhrp(ipsec) diff --git a/src/etc/systemd/system/ddclient.service.d/override.conf b/src/etc/systemd/system/ddclient.service.d/override.conf index d9c9963b0..09d929d39 100644 --- a/src/etc/systemd/system/ddclient.service.d/override.conf +++ b/src/etc/systemd/system/ddclient.service.d/override.conf @@ -8,4 +8,4 @@ WorkingDirectory=/run/ddclient PIDFile= PIDFile=/run/ddclient/ddclient.pid ExecStart= -ExecStart=/usr/sbin/ddclient -cache /run/ddclient/ddclient.cache -pid /run/ddclient/ddclient.pid -file /run/ddclient/ddclient.conf +ExecStart=/usr/bin/ddclient -cache /run/ddclient/ddclient.cache -pid /run/ddclient/ddclient.pid -file /run/ddclient/ddclient.conf diff --git a/src/migration-scripts/ipsec/11-to-12 b/src/migration-scripts/ipsec/11-to-12 new file mode 100755 index 000000000..8bbde5efa --- /dev/null +++ b/src/migration-scripts/ipsec/11-to-12 @@ -0,0 +1,53 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2023 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +# Remove legacy ipsec.conf and ipsec.secrets - Not supported with swanctl + +import re + +from sys import argv +from sys import exit + +from vyos.configtree import ConfigTree + +if (len(argv) < 1): + print("Must specify file name!") + exit(1) + +file_name = argv[1] + +with open(file_name, 'r') as f: + config_file = f.read() + +base = ['vpn', 'ipsec'] +config = ConfigTree(config_file) + +if not config.exists(base): + # Nothing to do + exit(0) + +if config.exists(base + ['include-ipsec-conf']): + config.delete(base + ['include-ipsec-conf']) + +if config.exists(base + ['include-ipsec-secrets']): + config.delete(base + ['include-ipsec-secrets']) + +try: + with open(file_name, 'w') as f: + f.write(config.to_string()) +except OSError as e: + print(f'Failed to save the modified config: {e}') + exit(1) diff --git a/src/services/vyos-http-api-server b/src/services/vyos-http-api-server index f59e089ae..cd73f38ec 100755 --- a/src/services/vyos-http-api-server +++ b/src/services/vyos-http-api-server @@ -425,7 +425,7 @@ async def validation_exception_handler(request, exc): return error(400, str(exc.errors()[0])) @app.post('/configure') -def configure_op(data: Union[ConfigureModel, ConfigureListModel]): +async def configure_op(data: Union[ConfigureModel, ConfigureListModel]): session = app.state.vyos_session env = session.get_session_env() config = vyos.config.Config(session_env=env) @@ -494,7 +494,7 @@ def configure_op(data: Union[ConfigureModel, ConfigureListModel]): return success(None) @app.post("/retrieve") -def retrieve_op(data: RetrieveModel): +async def retrieve_op(data: RetrieveModel): session = app.state.vyos_session env = session.get_session_env() config = vyos.config.Config(session_env=env) diff --git a/src/tests/test_configverify.py b/src/tests/test_configverify.py index ad7e053db..6fb43ece2 100644 --- a/src/tests/test_configverify.py +++ b/src/tests/test_configverify.py @@ -27,11 +27,6 @@ class TestDictSearch(TestCase): def test_dh_key_none(self): self.assertFalse(verify_diffie_hellman_length('/tmp/non_existing_file', '1024')) - def test_dh_key_256(self): - key_len = '256' - cmd(f'openssl dhparam -out {dh_file} {key_len}') - self.assertTrue(verify_diffie_hellman_length(dh_file, key_len)) - def test_dh_key_512(self): key_len = '512' cmd(f'openssl dhparam -out {dh_file} {key_len}') diff --git a/src/xdp/common/common_libbpf.c b/src/xdp/common/common_libbpf.c index 5788ecd9e..443ca4c66 100644 --- a/src/xdp/common/common_libbpf.c +++ b/src/xdp/common/common_libbpf.c @@ -24,10 +24,6 @@ static inline bool IS_ERR_OR_NULL(const void *ptr) int bpf_prog_load_xattr_maps(const struct bpf_prog_load_attr_maps *attr, struct bpf_object **pobj, int *prog_fd) { - struct bpf_object_open_attr open_attr = { - .file = attr->file, - .prog_type = attr->prog_type, - }; struct bpf_program *prog, *first_prog = NULL; enum bpf_attach_type expected_attach_type; enum bpf_prog_type prog_type; @@ -41,10 +37,13 @@ int bpf_prog_load_xattr_maps(const struct bpf_prog_load_attr_maps *attr, if (!attr->file) return -EINVAL; + obj = bpf_object__open_file(attr->file, NULL); - obj = bpf_object__open_xattr(&open_attr); - if (IS_ERR_OR_NULL(obj)) - return -ENOENT; + if (libbpf_get_error(obj)) + return -EINVAL; + + prog = bpf_object__next_program(obj, NULL); + bpf_program__set_type(prog, attr->prog_type); bpf_object__for_each_program(prog, obj) { /* @@ -82,7 +81,7 @@ int bpf_prog_load_xattr_maps(const struct bpf_prog_load_attr_maps *attr, bpf_map__for_each(map, obj) { const char* mapname = bpf_map__name(map); - if (!bpf_map__is_offload_neutral(map)) + if (bpf_map__type(map) != BPF_MAP_TYPE_PERF_EVENT_ARRAY) bpf_map__set_ifindex(map, attr->ifindex); /* Was: map->map_ifindex = attr->ifindex; */ diff --git a/src/xdp/common/common_user_bpf_xdp.c b/src/xdp/common/common_user_bpf_xdp.c index faf7f4f91..524f08c9d 100644 --- a/src/xdp/common/common_user_bpf_xdp.c +++ b/src/xdp/common/common_user_bpf_xdp.c @@ -21,7 +21,7 @@ int xdp_link_attach(int ifindex, __u32 xdp_flags, int prog_fd) int err; /* libbpf provide the XDP net_device link-level hook attach helper */ - err = bpf_set_link_xdp_fd(ifindex, prog_fd, xdp_flags); + err = bpf_xdp_attach(ifindex, prog_fd, xdp_flags, NULL); if (err == -EEXIST && !(xdp_flags & XDP_FLAGS_UPDATE_IF_NOEXIST)) { /* Force mode didn't work, probably because a program of the * opposite type is loaded. Let's unload that and try loading @@ -32,9 +32,9 @@ int xdp_link_attach(int ifindex, __u32 xdp_flags, int prog_fd) xdp_flags &= ~XDP_FLAGS_MODES; xdp_flags |= (old_flags & XDP_FLAGS_SKB_MODE) ? XDP_FLAGS_DRV_MODE : XDP_FLAGS_SKB_MODE; - err = bpf_set_link_xdp_fd(ifindex, -1, xdp_flags); + err = bpf_xdp_detach(ifindex, xdp_flags, NULL); if (!err) - err = bpf_set_link_xdp_fd(ifindex, prog_fd, old_flags); + err = bpf_xdp_attach(ifindex, prog_fd, old_flags, NULL); } if (err < 0) { fprintf(stderr, "ERR: " @@ -65,7 +65,7 @@ int xdp_link_detach(int ifindex, __u32 xdp_flags, __u32 expected_prog_id) __u32 curr_prog_id; int err; - err = bpf_get_link_xdp_id(ifindex, &curr_prog_id, xdp_flags); + err = bpf_xdp_query_id(ifindex, xdp_flags, &curr_prog_id); if (err) { fprintf(stderr, "ERR: get link xdp id failed (err=%d): %s\n", -err, strerror(-err)); @@ -86,7 +86,7 @@ int xdp_link_detach(int ifindex, __u32 xdp_flags, __u32 expected_prog_id) return EXIT_FAIL; } - if ((err = bpf_set_link_xdp_fd(ifindex, -1, xdp_flags)) < 0) { + if ((err = bpf_xdp_detach(ifindex, xdp_flags, NULL)) < 0) { fprintf(stderr, "ERR: %s() link set xdp failed (err=%d): %s\n", __func__, err, strerror(-err)); return EXIT_FAIL_XDP; @@ -109,22 +109,28 @@ struct bpf_object *load_bpf_object_file(const char *filename, int ifindex) * hardware offloading XDP programs (note this sets libbpf * bpf_program->prog_ifindex and foreach bpf_map->map_ifindex). */ - struct bpf_prog_load_attr prog_load_attr = { - .prog_type = BPF_PROG_TYPE_XDP, - .ifindex = ifindex, - }; - prog_load_attr.file = filename; + struct bpf_program *prog; + obj = bpf_object__open_file(filename, NULL); + + if (libbpf_get_error(obj)) + return NULL; + + prog = bpf_object__next_program(obj, NULL); + bpf_program__set_type(prog, BPF_PROG_TYPE_XDP); + bpf_program__set_ifindex(prog, ifindex); /* Use libbpf for extracting BPF byte-code from BPF-ELF object, and * loading this into the kernel via bpf-syscall */ - err = bpf_prog_load_xattr(&prog_load_attr, &obj, &first_prog_fd); + err = bpf_object__load(obj); if (err) { fprintf(stderr, "ERR: loading BPF-OBJ file(%s) (%d): %s\n", filename, err, strerror(-err)); return NULL; } + first_prog_fd = bpf_program__fd(prog); + /* Notice how a pointer to a libbpf bpf_object is returned */ return obj; } @@ -136,12 +142,15 @@ static struct bpf_object *open_bpf_object(const char *file, int ifindex) struct bpf_map *map; struct bpf_program *prog, *first_prog = NULL; - struct bpf_object_open_attr open_attr = { - .file = file, - .prog_type = BPF_PROG_TYPE_XDP, - }; + obj = bpf_object__open_file(file, NULL); - obj = bpf_object__open_xattr(&open_attr); + if (libbpf_get_error(obj)) + return NULL; + + prog = bpf_object__next_program(obj, NULL); + bpf_program__set_type(prog, BPF_PROG_TYPE_XDP); + + err = bpf_object__load(obj); if (IS_ERR_OR_NULL(obj)) { err = -PTR_ERR(obj); fprintf(stderr, "ERR: opening BPF-OBJ file(%s) (%d): %s\n", @@ -157,7 +166,7 @@ static struct bpf_object *open_bpf_object(const char *file, int ifindex) } bpf_object__for_each_map(map, obj) { - if (!bpf_map__is_offload_neutral(map)) + if (bpf_map__type(map) != BPF_MAP_TYPE_PERF_EVENT_ARRAY) bpf_map__set_ifindex(map, ifindex); } @@ -264,10 +273,10 @@ struct bpf_object *load_bpf_and_xdp_attach(struct config *cfg) if (cfg->progsec[0]) /* Find a matching BPF prog section name */ - bpf_prog = bpf_object__find_program_by_title(bpf_obj, cfg->progsec); + bpf_prog = bpf_object__find_program_by_name(bpf_obj, cfg->progsec); else /* Find the first program */ - bpf_prog = bpf_program__next(NULL, bpf_obj); + bpf_prog = bpf_object__next_program(bpf_obj, NULL); if (!bpf_prog) { fprintf(stderr, "ERR: couldn't find a program in ELF section '%s'\n", cfg->progsec); diff --git a/src/xdp/common/xdp_stats_kern.h b/src/xdp/common/xdp_stats_kern.h index 4e08551a0..c061a149d 100644 --- a/src/xdp/common/xdp_stats_kern.h +++ b/src/xdp/common/xdp_stats_kern.h @@ -13,12 +13,12 @@ #endif /* Keeps stats per (enum) xdp_action */ -struct bpf_map_def SEC("maps") xdp_stats_map = { - .type = BPF_MAP_TYPE_PERCPU_ARRAY, - .key_size = sizeof(__u32), - .value_size = sizeof(struct datarec), - .max_entries = XDP_ACTION_MAX, -}; +struct { + __uint(type, BPF_MAP_TYPE_PERCPU_ARRAY); + __type(key, __u32); + __type(value, struct datarec); + __uint(max_entries, XDP_ACTION_MAX); +} xdp_stats_map SEC(".maps"); static __always_inline __u32 xdp_stats_record_action(struct xdp_md *ctx, __u32 action) diff --git a/src/xdp/xdp_prog_kern.c b/src/xdp/xdp_prog_kern.c index a1eb395af..59308325d 100644 --- a/src/xdp/xdp_prog_kern.c +++ b/src/xdp/xdp_prog_kern.c @@ -16,19 +16,19 @@ #define memcpy(dest, src, n) __builtin_memcpy((dest), (src), (n)) #endif -struct bpf_map_def SEC("maps") tx_port = { - .type = BPF_MAP_TYPE_DEVMAP, - .key_size = sizeof(int), - .value_size = sizeof(int), - .max_entries = 256, -}; - -struct bpf_map_def SEC("maps") redirect_params = { - .type = BPF_MAP_TYPE_HASH, - .key_size = ETH_ALEN, - .value_size = ETH_ALEN, - .max_entries = 1, -}; +struct { + __uint(type, BPF_MAP_TYPE_DEVMAP); + __type(key, int); + __type(value, int); + __uint(max_entries, 256); +} tx_port SEC(".maps"); + +struct { + __uint(type, BPF_MAP_TYPE_HASH); + __type(key, ETH_ALEN); + __type(value, ETH_ALEN); + __uint(max_entries, 1); +} redirect_params SEC(".maps"); static __always_inline __u16 csum_fold_helper(__u32 csum) { @@ -208,8 +208,12 @@ out: return xdp_stats_record_action(ctx, action); } +#ifndef AF_INET #define AF_INET 2 +#endif +#ifndef AF_INET6 #define AF_INET6 10 +#endif #define IPV6_FLOWINFO_MASK bpf_htonl(0x0FFFFFFF) /* from include/net/ip.h */ |