ip, link: Add support for netkit

author Daniel Borkmann <daniel@iogearbox.net>

Mon, 20 Nov 2023 23:33:41 +0000 (00:33 +0100)

committer David Ahern <dsahern@kernel.org>

Wed, 22 Nov 2023 19:27:45 +0000 (19:27 +0000)
author Daniel Borkmann <daniel@iogearbox.net>
Mon, 20 Nov 2023 23:33:41 +0000 (00:33 +0100)
committer David Ahern <dsahern@kernel.org>
Wed, 22 Nov 2023 19:27:45 +0000 (19:27 +0000)
diff --git a/MAINTAINERS b/MAINTAINERS

index 85e21a2c4369c1c48d4ce4c566fbd0468d6fea1b..1b49d69eb2dd2a4b858dea20566ffdf6977a5745 100644 (file)
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -39,6 +39,12 @@ devlink
  M: Jiri Pirko <jiri@resnulli.us>
  F: devlink/*
  
+netkit
+M: Daniel Borkmann <daniel@iogearbox.net>
+M: Nikolay Aleksandrov <razor@blackwall.org>
+L: bpf@vger.kernel.org
+F: ip/iplink_netkit.c
+
  Remote DMA - rdma
  M: Leon Romanovsky <leon@kernel.org>
  F: rdma/*
diff --git a/ip/Makefile b/ip/Makefile

index 8fd9e295f344a9f1b3200902a418c4c850492b12..3535ba78dda8aa347bd7f6524548837b18af2712 100644 (file)
--- a/ip/Makefile
+++ b/ip/Makefile
@@ -13,7 +13,7 @@ IPOBJ=ip.o ipaddress.o ipaddrlabel.o iproute.o iprule.o ipnetns.o \
      ipvrf.o iplink_xstats.o ipseg6.o iplink_netdevsim.o iplink_rmnet.o \
      ipnexthop.o ipmptcp.o iplink_bareudp.o iplink_wwan.o ipioam6.o \
      iplink_amt.o iplink_batadv.o iplink_gtp.o iplink_virt_wifi.o \
-    ipstats.o
+    iplink_netkit.o ipstats.o
  
  RTMONOBJ=rtmon.o
  
diff --git a/ip/iplink.c b/ip/iplink.c

index 9a548dd35f54bcfef81ca8ae74d7702227bf437e..6989cc4d9cd60f00af3d7bde6ab3b0427dda8426 100644 (file)
--- a/ip/iplink.c
+++ b/ip/iplink.c
@@ -46,8 +46,8 @@ void iplink_types_usage(void)
                 "          dsa | dummy | erspan | geneve | gre | gretap | gtp | ifb |\n"
                 "          ip6erspan | ip6gre | ip6gretap | ip6tnl |\n"
                 "          ipip | ipoib | ipvlan | ipvtap |\n"
-               "          macsec | macvlan | macvtap |\n"
-               "          netdevsim | nlmon | rmnet | sit | team | team_slave |\n"
+               "          macsec | macvlan | macvtap | netdevsim |\n"
+               "          netkit | nlmon | rmnet | sit | team | team_slave |\n"
                 "          vcan | veth | vlan | vrf | vti | vxcan | vxlan | wwan |\n"
                 "          xfrm | virt_wifi }\n");
  }
diff --git a/ip/iplink_netkit.c b/ip/iplink_netkit.c

new file mode 100644 (file)

index 0000000..a838a41
--- /dev/null
+++ b/ip/iplink_netkit.c
@@ -0,0 +1,183 @@
+/* SPDX-License-Identifier: GPL-2.0-or-later */
+/*
+ * iplink_netkit.c netkit device management
+ *
+ * Authors:        Daniel Borkmann <daniel@iogearbox.net>
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/socket.h>
+#include <linux/if_link.h>
+
+#include "rt_names.h"
+#include "utils.h"
+#include "ip_common.h"
+
+static const char * const netkit_mode_strings[] = {
+       [NETKIT_L2]             = "l2",
+       [NETKIT_L3]             = "l3",
+};
+
+static const char * const netkit_policy_strings[] = {
+       [NETKIT_PASS]           = "forward",
+       [NETKIT_DROP]           = "blackhole",
+};
+
+static void explain(struct link_util *lu, FILE *f)
+{
+       fprintf(f,
+               "Usage: ... %s [ mode MODE ] [ POLICY ] [ peer [ POLICY <options> ] ]\n"
+               "\n"
+               "MODE: l3 | l2\n"
+               "POLICY: forward | blackhole\n"
+               "(first values are the defaults if nothing is specified)\n"
+               "\n"
+               "To get <options> type 'ip link add help'.\n",
+               lu->id);
+}
+
+static int netkit_parse_opt(struct link_util *lu, int argc, char **argv,
+                           struct nlmsghdr *n)
+{
+       __u32 ifi_flags, ifi_change, ifi_index;
+       struct ifinfomsg *ifm, *peer_ifm;
+       static bool seen_mode, seen_peer;
+       static struct rtattr *data;
+       int err;
+
+       ifm = NLMSG_DATA(n);
+       ifi_flags = ifm->ifi_flags;
+       ifi_change = ifm->ifi_change;
+       ifi_index = ifm->ifi_index;
+       ifm->ifi_flags = 0;
+       ifm->ifi_change = 0;
+       ifm->ifi_index = 0;
+       while (argc > 0) {
+               if (strcmp(*argv, "mode") == 0) {
+                       __u32 mode = 0;
+
+                       NEXT_ARG();
+                       if (seen_mode)
+                               duparg("mode", *argv);
+                       seen_mode = true;
+
+                       if (strcmp(*argv, "l3") == 0) {
+                               mode = NETKIT_L3;
+                       } else if (strcmp(*argv, "l2") == 0) {
+                               mode = NETKIT_L2;
+                       } else {
+                               fprintf(stderr, "Error: argument of \"mode\" must be either \"l3\" or \"l2\"\n");
+                               return -1;
+                       }
+                       addattr32(n, 1024, IFLA_NETKIT_MODE, mode);
+               } else if (strcmp(*argv, "forward") == 0 ||
+                          strcmp(*argv, "blackhole") == 0) {
+                       int attr_name = seen_peer ?
+                                       IFLA_NETKIT_PEER_POLICY :
+                                       IFLA_NETKIT_POLICY;
+                       __u32 policy = 0;
+
+                       if (strcmp(*argv, "forward") == 0) {
+                               policy = NETKIT_PASS;
+                       } else if (strcmp(*argv, "blackhole") == 0) {
+                               policy = NETKIT_DROP;
+                       } else {
+                               fprintf(stderr, "Error: policy must be either \"forward\" or \"blackhole\"\n");
+                               return -1;
+                       }
+                       addattr32(n, 1024, attr_name, policy);
+               } else if (strcmp(*argv, "peer") == 0) {
+                       if (seen_peer)
+                               duparg("peer", *(argv + 1));
+                       seen_peer = true;
+               } else {
+                       char *type = NULL;
+
+                       if (seen_peer) {
+                               data = addattr_nest(n, 1024, IFLA_NETKIT_PEER_INFO);
+                               n->nlmsg_len += sizeof(struct ifinfomsg);
+                               err = iplink_parse(argc, argv, (struct iplink_req *)n, &type);
+                               if (err < 0)
+                                       return err;
+                               if (type)
+                                       duparg("type", argv[err]);
+                               goto out_ok;
+                       }
+                       fprintf(stderr, "%s: unknown option \"%s\"?\n",
+                               lu->id, *argv);
+                       explain(lu, stderr);
+                       return -1;
+               }
+               argc--;
+               argv++;
+       }
+out_ok:
+       if (data) {
+               peer_ifm = RTA_DATA(data);
+               peer_ifm->ifi_index = ifm->ifi_index;
+               peer_ifm->ifi_flags = ifm->ifi_flags;
+               peer_ifm->ifi_change = ifm->ifi_change;
+               addattr_nest_end(n, data);
+       }
+       ifm->ifi_flags = ifi_flags;
+       ifm->ifi_change = ifi_change;
+       ifm->ifi_index = ifi_index;
+       return 0;
+}
+
+static const char *netkit_print_policy(__u32 policy)
+{
+       const char *inv = "UNKNOWN";
+
+       if (policy >= ARRAY_SIZE(netkit_policy_strings))
+               return inv;
+       return netkit_policy_strings[policy] ? : inv;
+}
+
+static const char *netkit_print_mode(__u32 mode)
+{
+       const char *inv = "UNKNOWN";
+
+       if (mode >= ARRAY_SIZE(netkit_mode_strings))
+               return inv;
+       return netkit_mode_strings[mode] ? : inv;
+}
+
+static void netkit_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[])
+{
+       if (!tb)
+               return;
+       if (tb[IFLA_NETKIT_MODE]) {
+               __u32 mode = rta_getattr_u32(tb[IFLA_NETKIT_MODE]);
+
+               print_string(PRINT_ANY, "mode", "mode %s ",
+                            netkit_print_mode(mode));
+       }
+       if (tb[IFLA_NETKIT_PRIMARY]) {
+               __u8 primary = rta_getattr_u8(tb[IFLA_NETKIT_PRIMARY]);
+
+               print_string(PRINT_ANY, "type", "type %s ",
+                            primary ? "primary" : "peer");
+       }
+       if (tb[IFLA_NETKIT_POLICY]) {
+               __u32 policy = rta_getattr_u32(tb[IFLA_NETKIT_POLICY]);
+
+               print_string(PRINT_ANY, "policy", "policy %s ",
+                            netkit_print_policy(policy));
+       }
+}
+
+static void netkit_print_help(struct link_util *lu,
+                             int argc, char **argv, FILE *f)
+{
+       explain(lu, f);
+}
+
+struct link_util netkit_link_util = {
+       .id             = "netkit",
+       .maxattr        = IFLA_NETKIT_MAX,
+       .parse_opt      = netkit_parse_opt,
+       .print_opt      = netkit_print_opt,
+       .print_help     = netkit_print_help,
+};
diff --git a/man/man8/ip-address.8.in b/man/man8/ip-address.8.in

index b9a476a5fc7f87763e4865d0b32c5d5584ba23db..9d34a6a1bd929001f98fcbb4719cbe0c440ca4ef 100644 (file)
--- a/man/man8/ip-address.8.in
+++ b/man/man8/ip-address.8.in
@@ -146,7 +146,8 @@ ip-address \- protocol address management
  .BR ipvlan " |"
  .BR lowpan " |"
  .BR geneve " |"
-.BR macsec " ]"
+.BR macsec " |"
+.BR netkit " ]"
  
  .SH "DESCRIPTION"
  The
diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in

index e82b2dbb00706f233978d495c539e2fd61a2a019..ca49b00816bfb5d0be243ebe371ea3b541bbaabc 100644 (file)
--- a/man/man8/ip-link.8.in
+++ b/man/man8/ip-link.8.in
@@ -247,6 +247,7 @@ ip-link \- network device configuration
  .BR macvlan  " | "
  .BR macvtap  " | "
  .BR netdevsim " |"
+.BR netkit " |"
  .BR nlmon " |"
  .BR rmnet " |"
  .BR sit " |"
@@ -384,6 +385,9 @@ Link types:
  .BR netdevsim
  - Interface for netdev API tests
  .sp
+.BR netkit
+- BPF-programmable network device
+.sp
  .BR nlmon
  - Netlink monitoring device
  .sp
@@ -848,6 +852,46 @@ tunnel.
  
  .in -8
  
+.TP
+netkit Type Support
+For a link of type
+.I netkit
+the following additional arguments are supported:
+
+.BI "ip link add " DEVICE
+.BR type " netkit "
+[
+.BI mode " MODE "
+] [
+.I "POLICY "
+] [
+.BR peer
+[
+.I "POLICY "
+] [
+.I "NAME "
+] ]
+
+.in +8
+
+.sp
+.BI mode " MODE"
+- specifies the operation mode of the netkit device with "l3" and "l2"
+as possible values. Default option is "l3".
+
+.sp
+.I "POLICY"
+- specifies the default device policy when no BPF programs are attached
+with "forward" and "blackhole" as possible values. Default option is
+"forward". Specifying policy before the peer option refers to the primary
+device, after the peer option refers to the peer device.
+
+.sp
+.I "NAME"
+- specifies the device name of the peer device.
+
+.in -8
+
  .TP
  IPIP, SIT Type Support
  For a link of type
author	Daniel Borkmann <daniel@iogearbox.net>
	Mon, 20 Nov 2023 23:33:41 +0000 (00:33 +0100)
committer	David Ahern <dsahern@kernel.org>
	Wed, 22 Nov 2023 19:27:45 +0000 (19:27 +0000)
MAINTAINERS		patch \| blob \| blame \| history
ip/Makefile		patch \| blob \| blame \| history
ip/iplink.c		patch \| blob \| blame \| history
ip/iplink_netkit.c	[new file with mode: 0644]	patch \| blob
man/man8/ip-address.8.in		patch \| blob \| blame \| history
man/man8/ip-link.8.in		patch \| blob \| blame \| history