swan-updown 0.2.2

swan-updown helps create ipsec interfaces
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164

use crate::misc;
use crate::netns;
use futures::TryStreamExt;
use log::{error, info};
use netlink_packet_route::rtnl;
use netlink_packet_route::rtnl::link::nlas::Info;
use netlink_packet_route::rtnl::link::nlas::InfoData;
use netlink_packet_route::rtnl::link::nlas::InfoKind;
use netlink_packet_route::rtnl::link::nlas::InfoXfrmTun;
use netlink_packet_route::rtnl::link::nlas::Nla;
use std::os::unix::prelude::AsRawFd;

#[derive(Debug)]
pub enum GetResults {
    TypeNotMatch,
    IfIdNotMatch,
    NotFound,
    TokioJoinError,
    NoHandle,
}

// waiting for new rtnetlink release
pub async fn new_xfrm(interface: String, if_id: u32) -> Result<(), ()> {
    info!("adding new xfrm interface {}, if_id {}", interface, if_id);

    let handle = misc::netlink_handle()?;
    let mut add_device_req = handle.link().add();
    let mut add_device_msg = add_device_req.message_mut();
    // header
    add_device_msg.header.link_layer_type = rtnl::ARPHRD_NONE;
    add_device_msg.header.flags = rtnl::IFF_UP | rtnl::IFF_MULTICAST;
    // set its name
    let if_name = Nla::IfName(interface.clone());
    add_device_msg.nlas.push(if_name);
    // set the necessary info for adding a xfrm iface
    let xfrm_parent = InfoXfrmTun::Link(1);
    let xfrm_ifid = InfoXfrmTun::IfId(if_id);
    let xfrm_meta = Info::Data(InfoData::Xfrm(vec![xfrm_parent, xfrm_ifid]));
    let if_info = Nla::Info(vec![Info::Kind(InfoKind::Xfrm), xfrm_meta]);
    add_device_msg.nlas.push(if_info);
    // exec
    add_device_req
        .execute()
        .await
        .map_err(|e| error!("Failed to add a XFRM interface {}: {}", interface, e))
}

// wrapper to delete an interface by its name
pub async fn del(interface: String) -> Result<(), ()> {
    info!("deleting interface {}", interface);

    let handle = misc::netlink_handle()?;
    let mut del_req = handle.link().del(0);

    let if_name = Nla::IfName(interface.clone());
    del_req.message_mut().nlas.push(if_name);

    del_req
        .execute()
        .await
        .map_err(|e| error!("Failed to del interface {}: {}", interface, e))
}

// move an interface to the given netns
pub async fn move_to_netns(interface: String, netns_name: &str) -> Result<(), ()> {
    info!("moving interface {} to netns {}", interface, netns_name);

    let handle = misc::netlink_handle()?;
    let netns_file = netns::get_netns_by_name(netns_name)?;

    handle
        .link()
        .set(0)
        .name(interface.clone())
        .setns_by_fd(netns_file.as_raw_fd())
        .up()
        .execute()
        .await
        .map_err(|e| error!("Failed to move {} to netns: {}", interface, e))
}

pub async fn get(name: String, expected_if_id: u32) -> Result<(), GetResults> {
    // log
    let handle = misc::netlink_handle().map_err(|_| GetResults::NoHandle)?;
    let mut links = handle.link().get().match_name(name.clone()).execute();
    //
    if let Some(link) = links.try_next().await.map_err(|_| GetResults::NotFound)? {
        let mut nlas = link.nlas.iter();
        while let Some(Nla::Info(infos)) = nlas.next() {
            for info in infos {
                match info {
                    Info::Kind(InfoKind::Xfrm) => continue,
                    Info::Kind(InfoKind::Other(desc)) => {
                        if desc.ne("xfrm") {
                            info!("get interface {}, but it is a {:?} device", name, desc);
                            return Err(GetResults::TypeNotMatch);
                        }
                    }
                    Info::Kind(kind) => {
                        info!("get interface {}, but it is a {:?} device", name, kind);
                        return Err(GetResults::TypeNotMatch);
                    }
                    Info::Data(InfoData::Xfrm(info_data)) => {
                        let mut info_data_iter = info_data.iter();
                        while let Some(InfoXfrmTun::IfId(if_id)) = info_data_iter.next() {
                            if expected_if_id.ne(if_id) {
                                info!("get interface {}, but if_id {} was not the expected value ({})", name, if_id, expected_if_id);
                                return Err(GetResults::IfIdNotMatch);
                            }
                        }
                    }
                    _ => continue,
                }
            }
        }
    }
    info!("get interface {}, everything is ok", name);
    Ok(())
}

// wrapper to add an XFRM interface by its name in a given netns
pub async fn add_to_netns(
    netns_name: Option<String>,
    interface: String,
    if_id: u32,
) -> Result<(), ()> {
    match netns_name {
        None => new_xfrm(interface, if_id).await,
        Some(my_netns_name) => {
            new_xfrm(interface.clone(), if_id).await?;
            move_to_netns(interface, &my_netns_name).await
        }
    }
}

// wrapper to delete an interface by its name in a given netns
pub async fn del_in_netns(netns_name: Option<String>, interface: String) -> Result<(), ()> {
    match netns_name {
        None => del(interface).await,
        #[allow(clippy::unit_arg)]
        Some(my_netns_name) => netns::operate_in_netns(my_netns_name, del(interface))
            .await
            .unwrap_or_else(|e| Err(error!("{}", e))),
    }
}

// wrapper to get an interface by its name in a given netns
pub async fn get_in_netns(
    netns_name: Option<String>,
    interface: String,
    expected_if_id: u32,
) -> Result<(), GetResults> {
    match netns_name {
        None => get(interface, expected_if_id).await,
        Some(my_netns_name) => {
            netns::operate_in_netns(my_netns_name, get(interface, expected_if_id))
                .await
                .unwrap_or_else(|e| {
                    error!("{}", e);
                    Err(GetResults::TokioJoinError)
                })
        }
    }
}