forked from os-autoinst/os-autoinst
-
Notifications
You must be signed in to change notification settings - Fork 0
/
os-autoinst-openvswitch
executable file
·224 lines (174 loc) · 7.72 KB
/
os-autoinst-openvswitch
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
#!/usr/bin/perl
package OVS;
use strict;
use warnings;
use autodie ':all';
use base 'Net::DBus::Object';
use Net::DBus::Exporter 'org.opensuse.os_autoinst.switch';
require IPC::System::Simple;
use IPC::Open3;
use Symbol 'gensym';
sub new {
my $class = shift;
my $service = shift;
my $self = $class->SUPER::new($service, '/switch');
bless $self, $class;
$self->init_switch;
return $self;
}
sub init_switch {
my $self = shift;
$self->{BRIDGE} = $ENV{OS_AUTOINST_USE_BRIDGE};
$self->{BRIDGE} //= 'br0';
#the bridge must be already created and configured
system('ovs-vsctl', 'br-exists', $self->{BRIDGE});
my $bridge_conf = `ip addr show $self->{BRIDGE}`;
$self->{MAC} = $1 if $bridge_conf =~ /ether\s+(([0-9a-f]{2}:){5}[0-9a-f]{2})\s/;
$self->{IP} = $1 if $bridge_conf =~ /inet\s+(([0-9]+.){3}[0-9]+\/[0-9]+)\s/;
die "can't parse bridge local port MAC" unless $self->{MAC};
die "can't parse bridge local port IP" unless $self->{IP};
# the VM have unique MAC that differs in the last 16 bits (see /usr/lib/os-autoinst/backend/qemu.pm)
# the IP can conflict across vlans
# to allow connection from VM to host os-autoinst (10.0.2.2), we have to do some IP translation
# we use simple scheme:
# MAC 52:54:00:12:XX:YY -> IP 10.1.XX.YY
# br0 has IP 10.0.2.2 and netmask /15 that covers 10.0.0.0 and 10.1.0.0 ranges
# this should be also configured permanently in /etc/sysconfig/network
die "bridge local port IP is expected to be 10.0.2.2/15" unless $self->{IP} eq '10.0.2.2/15';
# openflow rules don't survive reboot so they must be installed on each startup
for my $rule (
# openflow ports:
# LOCAL = br0
# 1,2,3 ... tap devices
# default: normal action
'table=0,priority=0,action=normal',
# reply packets from local port are handled by learned rules in table 1
'table=0,priority=1,in_port=LOCAL,actions=resubmit(,1)',
# arp 10.0.2.2 - learn rule for handling replies, rewrite ARP sender IP to 10.1.x.x range and send to local
# the learned rule rewrites ARP target to the original IP and sends the packet to the original port
'table=0,priority=100,dl_type=0x0806,nw_dst=10.0.2.2,actions=' . #
'learn(table=1,priority=100,in_port=LOCAL,dl_type=0x0806,NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_ARP_SPA[]->NXM_OF_ARP_TPA[],output:NXM_OF_IN_PORT[]),' . #
'load:0xa010000->NXM_OF_ARP_SPA[],move:NXM_OF_ETH_SRC[0..15]->NXM_OF_ARP_SPA[0..15],' . #
'local',
# tcp to $self->{MAC} syn - learn rule for handling replies, rewrite source IP to 10.1.x.x range and send to local
# the learned rule rewrites DST to the original IP and sends the packet to the original port
"table=0,priority=100,dl_type=0x0800,tcp_flags=+syn-ack,dl_dst=$self->{MAC},actions=" . #
'learn(table=1,priority=100,in_port=LOCAL,dl_type=0x0800,NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_OF_IP_SRC[]->NXM_OF_IP_DST[],output:NXM_OF_IN_PORT[]),' . #
'mod_nw_src:10.1.0.0,move:NXM_OF_ETH_SRC[0..15]->NXM_OF_IP_SRC[0..15],' . #
'local',
# tcp to $self->{MAC} other - rewrite source IP to 10.1.x.x range and send to local
"table=0,priority=99,dl_type=0x0800,dl_dst=$self->{MAC},actions=" . #
'mod_nw_src:10.1.0.0,move:NXM_OF_ETH_SRC[0..15]->NXM_OF_IP_SRC[0..15],local',
)
{
system('ovs-ofctl', 'add-flow', $self->{BRIDGE}, $rule);
}
}
# Check if tap and vlan are in the correct format.
sub _ovs_check {
my $tap = shift;
my $vlan = shift;
my $bridge = shift;
my $return_output;
my $return_code = 1;
if ($tap !~ /^tap[0-9]+$/) {
$return_output = "'$tap' does not fit the naming scheme";
return ($return_code, $return_output);
}
if ($vlan !~ /^[0-9]+$/) {
$return_output = "'$vlan' does not fit the naming scheme (only numbers)";
return ($return_code, $return_output);
}
my $check_bridge = `ovs-vsctl port-to-br $tap`;
chomp $check_bridge;
if ($check_bridge ne $bridge) {
$return_output = "'$tap' is not connected to bridge '$bridge'";
return ($return_code, $return_output);
}
return 0;
}
sub _cmd {
my @args = @_;
my($wtr, $rdr, $err);
$err = gensym;
# We need open3 because otherwise STDERR is captured by systemd.
# In such way we collect the error and send it back in the dbus call as well.
my $ovs_vsctl_pid = open3($wtr, $rdr, $err, @args);
my @ovs_vsctl_output = <$rdr>;
my @ovs_vsctl_error = <$err>;
waitpid( $ovs_vsctl_pid, 0 );
my $return_code = $?;
return $return_code, "@ovs_vsctl_error","@ovs_vsctl_output";
}
sub check_min_ovs_version {
my $min_ver = shift;
my $out = `ovs-vsctl --version`;
return if ($out !~ /\(Open vSwitch\)\s+(\d+\.\d+\.\d+)/m);
my @ver = split(/\./, $1);
my @min_ver = split(/\./, $min_ver);
return if (@ver != @min_ver);
return sprintf("%04d%04d%04d", @ver) >= sprintf("%04d%04d%04d", @min_ver);
}
dbus_method("set_vlan", ["string", "uint32"], ["int32", "string"]);
sub set_vlan {
my $self = shift;
my $tap = shift;
my $vlan = shift;
my $return_output;
my $return_code = 1;
my $ovs_vsctl_error;
my $ovs_vsctl_output;
my @cmd;
($return_code, $return_output) = _ovs_check($tap, $vlan, $self->{BRIDGE});
unless ($return_code == 0){
print STDERR $return_output."\n";
return ($return_code,$return_output);
}
@cmd = ('ovs-vsctl', 'set', 'port', $tap, "tag=$vlan");
if (check_min_ovs_version('2.8.1')) {
push(@cmd, 'vlan_mode=dot1q-tunnel');
}
# Connect tap device to given vlan
($return_code, $ovs_vsctl_error, $ovs_vsctl_output) = _cmd(@cmd);
print STDERR $ovs_vsctl_error if length($ovs_vsctl_error) > 0;
print $ovs_vsctl_output if length($ovs_vsctl_output) > 0;
return $return_code, $ovs_vsctl_error unless $return_code == 0;
$return_code = system('ip', 'link', 'set', $tap, 'up');
return $return_code, $return_code != 0 ? "Failed to set $tap up " : '';
}
dbus_method("unset_vlan", ["string", "uint32"], ["int32", "string"]);
sub unset_vlan {
my $self = shift;
my $tap = shift;
my $vlan = shift;
my $return_output;
my $return_code = 1;
my $ovs_vsctl_error;
my $ovs_vsctl_output;
($return_code, $return_output) = _ovs_check($tap, $vlan, $self->{BRIDGE});
unless ($return_code == 0){
print STDERR $return_output."\n";
return ($return_code,$return_output);
}
# Remove tap device to given vlan
($return_code, $ovs_vsctl_error, $ovs_vsctl_output) = _cmd( 'ovs-vsctl', 'remove', 'port', $tap, 'tag', $vlan );
print STDERR $ovs_vsctl_error if length($ovs_vsctl_error) > 0;
print $ovs_vsctl_output if length($ovs_vsctl_output) > 0;
return $return_code, $return_code != 0 ? $ovs_vsctl_error : '';
}
dbus_method("show", [], ["int32", "string"]);
sub show {
my $self = shift;
my ($return_code, undef, $ovs_vsctl_output) = _cmd( 'ovs-vsctl', 'show' );
return $return_code, $ovs_vsctl_output;
}
################################################################################
package main;
use strict;
use Net::DBus;
use Net::DBus::Reactor;
my $bus = Net::DBus->system;
my $service = $bus->export_service("org.opensuse.os_autoinst.switch");
my $object = OVS->new($service);
Net::DBus::Reactor->main->run;
exit 0;