nlink 0.15.0

Async netlink library for Linux network configuration
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181

//! Three-namespace lab topology — showcasing `nlink::lab`.
//!
//! Builds a central bridged namespace (`hq`) with two client
//! namespaces (`alpha`, `beta`) connected via veth pairs on a shared
//! bridge, all inside transient `LabNamespace`s that clean up when the
//! example returns.
//!
//! Run modes:
//!
//! ```bash
//! # Print the topology diagram + usage (no privileges)
//! cargo run -p nlink --features lab --example lab_three_namespace
//!
//! # Build the topology, bring everything up, addresses, dump, teardown.
//! # Requires root (CAP_NET_ADMIN).
//! sudo cargo run -p nlink --features lab --example lab_three_namespace -- --apply
//! ```
//!
//! The topology after `--apply`:
//!
//! ```text
//!                ┌──────────────────┐
//!                │   ns: hq         │
//!                │   br0 10.0.0.1/24│
//!                │   ├── hq_alpha   │   veth    ┌───────────────┐
//!                │   │     <- - - - │ - - - - ->│ ns: alpha     │
//!                │   │              │           │ alpha0 10.0.0.2│
//!                │   └── hq_beta    │   veth    ├───────────────┤
//!                │         <- - - - │ - - - - ->│ ns: beta      │
//!                │                  │           │ beta0 10.0.0.3 │
//!                └──────────────────┘           └───────────────┘
//! ```
//!
//! The demo never touches the host's real network state — everything
//! lives in the three transient namespaces.

use nlink::lab::{LabBridge, LabNamespace, LabVeth, with_namespace};

#[tokio::main]
async fn main() -> nlink::Result<()> {
    let do_apply = std::env::args().any(|a| a == "--apply");

    print_overview();

    if !do_apply {
        println!();
        println!("Re-run with `--apply` (as root) to actually build the topology.");
        return Ok(());
    }

    if !nlink::lab::is_root() {
        eprintln!("--apply requires root (CAP_NET_ADMIN). Aborting.");
        std::process::exit(1);
    }

    run_topology().await
}

async fn run_topology() -> nlink::Result<()> {
    println!();
    println!("=== Building topology ===");

    // Use the manual LabNamespace API for the clients so we can pass
    // references into connect builders. Wrap the whole thing in a
    // single `with_namespace` call for the hq ns to keep the example
    // terse — cleanup happens on return from the closure.
    with_namespace("hq", |hq| async move {
        let alpha = LabNamespace::new("alpha")?;
        let beta = LabNamespace::new("beta")?;

        // Create the two veth pairs: local end in hq, peer end in the client.
        LabVeth::new("hq_alpha", "alpha0")
            .peer_in(&alpha)
            .create_in(&hq)
            .await?;
        LabVeth::new("hq_beta", "beta0")
            .peer_in(&beta)
            .create_in(&hq)
            .await?;

        // Bridge the hq-side ports.
        let br = LabBridge::new(&hq, "br0")
            .create()
            .await?
            .add_port("hq_alpha")
            .await?
            .add_port("hq_beta")
            .await?
            .up()
            .await?;

        // Address + bring-up via the command-style helpers.
        hq.add_addr(br.name(), "10.0.0.1/24")?;
        hq.link_up("hq_alpha")?;
        hq.link_up("hq_beta")?;

        alpha.add_addr("alpha0", "10.0.0.2/24")?;
        alpha.link_up("alpha0")?;

        beta.add_addr("beta0", "10.0.0.3/24")?;
        beta.link_up("beta0")?;

        println!("\n  --- Post-setup inventory ---");
        for (label, ns) in [
            ("hq", hq.name()),
            ("alpha", alpha.name()),
            ("beta", beta.name()),
        ] {
            println!();
            println!("  [{label}] namespace: {ns}");
            // Use the convenience helper: run `ip -br addr` in the ns and print.
            match alpha_level_addr_dump(ns) {
                Ok(s) => {
                    for line in s.lines() {
                        println!("    {line}");
                    }
                }
                Err(e) => eprintln!("    <dump failed: {e}>"),
            }
        }

        println!();
        println!("Done. Namespaces are about to be deleted as we unwind.");
        Ok(())
    })
    .await
}

fn alpha_level_addr_dump(ns_name: &str) -> nlink::Result<String> {
    let mut cmd = std::process::Command::new("ip");
    cmd.args(["-br", "addr"]);
    let output = nlink::netlink::namespace::spawn_output(ns_name, cmd)?;
    if !output.status.success() {
        return Err(nlink::Error::InvalidMessage(
            String::from_utf8_lossy(&output.stderr).into_owned(),
        ));
    }
    Ok(String::from_utf8_lossy(&output.stdout).into_owned())
}

fn print_overview() {
    println!("=== lab::LabNamespace + LabBridge + LabVeth demo ===\n");
    println!("Builds three namespaces (hq, alpha, beta) bridged on br0:\n");
    println!(
        "                ┌──────────────────┐
                │   ns: hq         │
                │   br0 10.0.0.1/24│
                │   ├── hq_alpha   │   veth    ┌───────────────┐
                │   │     <- - - - │ - - - - ->│ ns: alpha     │
                │   │              │           │ alpha0 10.0.0.2│
                │   └── hq_beta    │   veth    ├───────────────┤
                │         <- - - - │ - - - - ->│ ns: beta      │
                │                  │           │ beta0 10.0.0.3 │
                └──────────────────┘           └───────────────┘"
    );
    println!();
    println!("Built with (abridged):");
    println!(
        r#"    use nlink::lab::{{LabNamespace, LabBridge, LabVeth, with_namespace}};

    with_namespace("hq", |hq| async move {{
        let alpha = LabNamespace::new("alpha")?;
        let beta  = LabNamespace::new("beta")?;

        LabVeth::new("hq_alpha", "alpha0").peer_in(&alpha).create_in(&hq).await?;
        LabVeth::new("hq_beta",  "beta0" ).peer_in(&beta ).create_in(&hq).await?;

        LabBridge::new(&hq, "br0")
            .create().await?
            .add_port("hq_alpha").await?
            .add_port("hq_beta" ).await?
            .up().await?;

        hq.add_addr("br0", "10.0.0.1/24")?;
        alpha.add_addr("alpha0", "10.0.0.2/24")?;
        beta.add_addr("beta0", "10.0.0.3/24")?;
        // ... link_up on each ...
        Ok(())
    }}).await"#
    );
}