tyler/proxmox-backup
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

move network config to pbs_config workspace

Browse Source
This commit is contained in:
Dietmar Maurer
2021-09-08 12:22:48 +02:00
parent 5af3bcf062
commit 6f4228809e
13 changed files with 563 additions and 537 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
pbs-config/Cargo.toml
View File

@ -6,12 +6,14 @@ edition = "2018"
description = "Configuration file management for PBS"
[dependencies]
libc = "0.2"
anyhow = "1.0"
lazy_static = "1.4"
serde = { version = "1.0", features = ["derive"] }
serde_json = "1.0"
openssl = "0.10"
nix = "0.19.1"
regex = "1.2"
proxmox = { version = "0.13.0", default-features = false, features = [ "cli" ] }

1
pbs-config/src/lib.rs
View File

@ -2,6 +2,7 @@ pub mod domains;
pub mod drive;
pub mod key_config;
pub mod media_pool;
pub mod network;
pub mod remote;
pub mod sync;
pub mod tape_encryption_keys;

217
pbs-config/src/network/helper.rs Normal file
View File

@ -0,0 +1,217 @@
use std::path::Path;
use std::process::Command;
use std::collections::HashMap;
use std::os::unix::io::{AsRawFd, FromRawFd};
use anyhow::{Error, bail, format_err};
use lazy_static::lazy_static;
use nix::ioctl_read_bad;
use nix::sys::socket::{socket, AddressFamily, SockType, SockFlag};
use regex::Regex;
use proxmox::*; // for IP macros
use proxmox::tools::fd::Fd;
pub static IPV4_REVERSE_MASK: &[&str] = &[
"0.0.0.0",
"128.0.0.0",
"192.0.0.0",
"224.0.0.0",
"240.0.0.0",
"248.0.0.0",
"252.0.0.0",
"254.0.0.0",
"255.0.0.0",
"255.128.0.0",
"255.192.0.0",
"255.224.0.0",
"255.240.0.0",
"255.248.0.0",
"255.252.0.0",
"255.254.0.0",
"255.255.0.0",
"255.255.128.0",
"255.255.192.0",
"255.255.224.0",
"255.255.240.0",
"255.255.248.0",
"255.255.252.0",
"255.255.254.0",
"255.255.255.0",
"255.255.255.128",
"255.255.255.192",
"255.255.255.224",
"255.255.255.240",
"255.255.255.248",
"255.255.255.252",
"255.255.255.254",
"255.255.255.255",
];
lazy_static! {
pub static ref IPV4_MASK_HASH_LOCALNET: HashMap<&'static str, u8> = {
let mut map = HashMap::new();
#[allow(clippy::needless_range_loop)]
for i in 8..32 {
map.insert(IPV4_REVERSE_MASK[i], i as u8);
}
map
};
}
pub fn parse_cidr(cidr: &str) -> Result<(String, u8, bool), Error> {
let (address, mask, is_v6) = parse_address_or_cidr(cidr)?;
if let Some(mask) = mask {
Ok((address, mask, is_v6))
} else {
bail!("missing netmask in '{}'", cidr);
}
}
pub fn check_netmask(mask: u8, is_v6: bool) -> Result<(), Error> {
let (ver, min, max) = if is_v6 {
("IPv6", 1, 128)
} else {
("IPv4", 1, 32)
};
if !(mask >= min && mask <= max) {
bail!("{} mask '{}' is out of range ({}..{}).", ver, mask, min, max);
}
Ok(())
}
// parse ip address with optional cidr mask
pub fn parse_address_or_cidr(cidr: &str) -> Result<(String, Option<u8>, bool), Error> {
lazy_static! {
pub static ref CIDR_V4_REGEX: Regex = Regex::new(
concat!(r"^(", IPV4RE!(), r")(?:/(\d{1,2}))?$")
).unwrap();
pub static ref CIDR_V6_REGEX: Regex = Regex::new(
concat!(r"^(", IPV6RE!(), r")(?:/(\d{1,3}))?$")
).unwrap();
}
if let Some(caps) = CIDR_V4_REGEX.captures(&cidr) {
let address = &caps[1];
if let Some(mask) = caps.get(2) {
let mask = u8::from_str_radix(mask.as_str(), 10)?;
check_netmask(mask, false)?;
Ok((address.to_string(), Some(mask), false))
} else {
Ok((address.to_string(), None, false))
}
} else if let Some(caps) = CIDR_V6_REGEX.captures(&cidr) {
let address = &caps[1];
if let Some(mask) = caps.get(2) {
let mask = u8::from_str_radix(mask.as_str(), 10)?;
check_netmask(mask, true)?;
Ok((address.to_string(), Some(mask), true))
} else {
Ok((address.to_string(), None, true))
}
} else {
bail!("invalid address/mask '{}'", cidr);
}
}
pub fn get_network_interfaces() -> Result<HashMap<String, bool>, Error> {
const PROC_NET_DEV: &str = "/proc/net/dev";
#[repr(C)]
pub struct ifreq {
ifr_name: [libc::c_uchar; libc::IFNAMSIZ],
ifru_flags: libc::c_short,
}
ioctl_read_bad!(get_interface_flags, libc::SIOCGIFFLAGS, ifreq);
lazy_static!{
static ref IFACE_LINE_REGEX: Regex = Regex::new(r"^\s*([^:\s]+):").unwrap();
}
let raw = std::fs::read_to_string(PROC_NET_DEV)
.map_err(|err| format_err!("unable to read {} - {}", PROC_NET_DEV, err))?;
let lines = raw.lines();
let sock = unsafe {
Fd::from_raw_fd(
socket(
AddressFamily::Inet,
SockType::Datagram,
SockFlag::empty(),
None,
)
.or_else(|_| {
socket(
AddressFamily::Inet6,
SockType::Datagram,
SockFlag::empty(),
None,
)
})?,
)
};
let mut interface_list = HashMap::new();
for line in lines {
if let Some(cap) = IFACE_LINE_REGEX.captures(line) {
let ifname = &cap[1];
let mut req = ifreq { ifr_name: *b"0000000000000000", ifru_flags: 0 };
for (i, b) in std::ffi::CString::new(ifname)?.as_bytes_with_nul().iter().enumerate() {
if i < (libc::IFNAMSIZ-1) { req.ifr_name[i] = *b as libc::c_uchar; }
}
let res = unsafe { get_interface_flags(sock.as_raw_fd(), &mut req)? };
if res != 0 {
bail!("ioctl get_interface_flags for '{}' failed ({})", ifname, res);
}
let is_up = (req.ifru_flags & (libc::IFF_UP as libc::c_short)) != 0;
interface_list.insert(ifname.to_string(), is_up);
}
}
Ok(interface_list)
}
pub fn compute_file_diff(filename: &str, shadow: &str) -> Result<String, Error> {
let output = Command::new("diff")
.arg("-b")
.arg("-u")
.arg(filename)
.arg(shadow)
.output()
.map_err(|err| format_err!("failed to execute diff - {}", err))?;
let diff = pbs_tools::command_output_as_string(output, Some(|c| c == 0 || c == 1))
.map_err(|err| format_err!("diff failed: {}", err))?;
Ok(diff)
}
pub fn assert_ifupdown2_installed() -> Result<(), Error> {
if !Path::new("/usr/share/ifupdown2").exists() {
bail!("ifupdown2 is not installed.");
}
Ok(())
}
pub fn network_reload() -> Result<(), Error> {
let output = Command::new("ifreload")
.arg("-a")
.output()
.map_err(|err| format_err!("failed to execute 'ifreload' - {}", err))?;
pbs_tools::command_output(output, None)
.map_err(|err| format_err!("ifreload failed: {}", err))?;
Ok(())
}

128
pbs-config/src/network/lexer.rs Normal file
View File

@ -0,0 +1,128 @@
use std::io::BufRead;
use std::iter::Iterator;
use std::collections::{HashMap, VecDeque};
use lazy_static::lazy_static;
#[derive(Debug, Copy, Clone, PartialEq)]
pub enum Token {
Text,
Comment,
DHCP,
Newline,
Address,
Auto,
Gateway,
Inet,
Inet6,
Iface,
Loopback,
Manual,
Netmask,
Static,
Attribute,
MTU,
BridgePorts,
BridgeVlanAware,
BondSlaves,
BondMode,
BondPrimary,
BondXmitHashPolicy,
EOF,
}
lazy_static! {
static ref KEYWORDS: HashMap<&'static str, Token> = {
let mut map = HashMap::new();
map.insert("address", Token::Address);
map.insert("auto", Token::Auto);
map.insert("dhcp", Token::DHCP);
map.insert("gateway", Token::Gateway);
map.insert("inet", Token::Inet);
map.insert("inet6", Token::Inet6);
map.insert("iface", Token::Iface);
map.insert("loopback", Token::Loopback);
map.insert("manual", Token::Manual);
map.insert("netmask", Token::Netmask);
map.insert("static", Token::Static);
map.insert("mtu", Token::MTU);
map.insert("bridge-ports", Token::BridgePorts);
map.insert("bridge_ports", Token::BridgePorts);
map.insert("bridge-vlan-aware", Token::BridgeVlanAware);
map.insert("bridge_vlan_aware", Token::BridgeVlanAware);
map.insert("bond-slaves", Token::BondSlaves);
map.insert("bond_slaves", Token::BondSlaves);
map.insert("bond-mode", Token::BondMode);
map.insert("bond-primary", Token::BondPrimary);
map.insert("bond_primary", Token::BondPrimary);
map.insert("bond_xmit_hash_policy", Token::BondXmitHashPolicy);
map.insert("bond-xmit-hash-policy", Token::BondXmitHashPolicy);
map
};
}
pub struct Lexer<R> {
input: R,
eof_count: usize,
cur_line: Option<VecDeque<(Token, String)>>,
}
impl <R: BufRead> Lexer<R> {
pub fn new(input: R) -> Self {
Self { input, eof_count: 0, cur_line: None }
}
fn split_line(line: &str) -> VecDeque<(Token, String)> {
if let Some(comment) = line.strip_prefix('#') {
let mut res = VecDeque::new();
res.push_back((Token::Comment, comment.trim().to_string()));
return res;
}
let mut list: VecDeque<(Token, String)> = line.split_ascii_whitespace().map(|text| {
let token = KEYWORDS.get(text).unwrap_or(&Token::Text);
(*token, text.to_string())
}).collect();
if line.starts_with(|c: char| c.is_ascii_whitespace() && c != '\n') {
list.push_front((Token::Attribute, String::from("\t")));
}
list
}
}
impl <R: BufRead> Iterator for Lexer<R> {
type Item = Result<(Token, String), std::io::Error>;
fn next(&mut self) -> Option<Self::Item> {
if self.cur_line.is_none() {
let mut line = String::new();
match self.input.read_line(&mut line) {
Err(err) => return Some(Err(err)),
Ok(0) => {
self.eof_count += 1;
if self.eof_count == 1 { return Some(Ok((Token::EOF, String::new()))); }
return None;
}
_ => {}
}
self.cur_line = Some(Self::split_line(&line));
}
match self.cur_line {
Some(ref mut cur_line) => {
if cur_line.is_empty() {
self.cur_line = None;
Some(Ok((Token::Newline, String::from("\n"))))
} else {
let (token, text) = cur_line.pop_front().unwrap();
Some(Ok((token, text)))
}
}
None => {
None
}
}
}
}

630
pbs-config/src/network/mod.rs Normal file
View File

@ -0,0 +1,630 @@
use std::io::{Write};
use std::collections::{HashSet, HashMap, BTreeMap};
use anyhow::{Error, format_err, bail};
use serde::de::{value, IntoDeserializer, Deserialize};
use lazy_static::lazy_static;
use regex::Regex;
use proxmox::tools::{fs::replace_file, fs::CreateOptions};
mod helper;
pub use helper::*;
mod lexer;
pub use lexer::*;
mod parser;
pub use parser::*;
use pbs_api_types::{Interface, NetworkConfigMethod, NetworkInterfaceType, LinuxBondMode, BondXmitHashPolicy};
use crate::{open_backup_lockfile, BackupLockGuard};
lazy_static!{
static ref PHYSICAL_NIC_REGEX: Regex = Regex::new(r"^(?:eth\d+|en[^:.]+|ib\d+)$").unwrap();
}
pub fn is_physical_nic(iface: &str) -> bool {
PHYSICAL_NIC_REGEX.is_match(iface)
}
pub fn bond_mode_from_str(s: &str) -> Result<LinuxBondMode, Error> {
LinuxBondMode::deserialize(s.into_deserializer())
.map_err(|_: value::Error| format_err!("invalid bond_mode '{}'", s))
}
pub fn bond_mode_to_str(mode: LinuxBondMode) -> &'static str {
match mode {
LinuxBondMode::balance_rr => "balance-rr",
LinuxBondMode::active_backup => "active-backup",
LinuxBondMode::balance_xor => "balance-xor",
LinuxBondMode::broadcast => "broadcast",
LinuxBondMode::ieee802_3ad => "802.3ad",
LinuxBondMode::balance_tlb => "balance-tlb",
LinuxBondMode::balance_alb => "balance-alb",
}
}
pub fn bond_xmit_hash_policy_from_str(s: &str) -> Result<BondXmitHashPolicy, Error> {
BondXmitHashPolicy::deserialize(s.into_deserializer())
.map_err(|_: value::Error| format_err!("invalid bond_xmit_hash_policy '{}'", s))
}
pub fn bond_xmit_hash_policy_to_str(policy: &BondXmitHashPolicy) -> &'static str {
match policy {
BondXmitHashPolicy::layer2 => "layer2",
BondXmitHashPolicy::layer2_3 => "layer2+3",
BondXmitHashPolicy::layer3_4 => "layer3+4",
}
}
// Write attributes not depending on address family
fn write_iface_attributes(iface: &Interface, w: &mut dyn Write) -> Result<(), Error> {
static EMPTY_LIST: Vec<String> = Vec::new();
match iface.interface_type {
NetworkInterfaceType::Bridge => {
if let Some(true) = iface.bridge_vlan_aware {
writeln!(w, "\tbridge-vlan-aware yes")?;
}
let ports = iface.bridge_ports.as_ref().unwrap_or(&EMPTY_LIST);
if ports.is_empty() {
writeln!(w, "\tbridge-ports none")?;
} else {
writeln!(w, "\tbridge-ports {}", ports.join(" "))?;
}
}
NetworkInterfaceType::Bond => {
let mode = iface.bond_mode.unwrap_or(LinuxBondMode::balance_rr);
writeln!(w, "\tbond-mode {}", bond_mode_to_str(mode))?;
if let Some(primary) = &iface.bond_primary {
if mode == LinuxBondMode::active_backup {
writeln!(w, "\tbond-primary {}", primary)?;
}
}
if let Some(xmit_policy) = &iface.bond_xmit_hash_policy {
if mode == LinuxBondMode::ieee802_3ad ||
mode == LinuxBondMode::balance_xor
{
writeln!(w, "\tbond_xmit_hash_policy {}", bond_xmit_hash_policy_to_str(xmit_policy))?;
}
}
let slaves = iface.slaves.as_ref().unwrap_or(&EMPTY_LIST);
if slaves.is_empty() {
writeln!(w, "\tbond-slaves none")?;
} else {
writeln!(w, "\tbond-slaves {}", slaves.join(" "))?;
}
}
_ => {}
}
if let Some(mtu) = iface.mtu {
writeln!(w, "\tmtu {}", mtu)?;
}
Ok(())
}
// Write attributes depending on address family inet (IPv4)
fn write_iface_attributes_v4(iface: &Interface, w: &mut dyn Write, method: NetworkConfigMethod) -> Result<(), Error> {
if method == NetworkConfigMethod::Static {
if let Some(address) = &iface.cidr {
writeln!(w, "\taddress {}", address)?;
}
if let Some(gateway) = &iface.gateway {
writeln!(w, "\tgateway {}", gateway)?;
}
}
for option in &iface.options {
writeln!(w, "\t{}", option)?;
}
if let Some(ref comments) = iface.comments {
for comment in comments.lines() {
writeln!(w, "#{}", comment)?;
}
}
Ok(())
}
/// Write attributes depending on address family inet6 (IPv6)
fn write_iface_attributes_v6(iface: &Interface, w: &mut dyn Write, method: NetworkConfigMethod) -> Result<(), Error> {
if method == NetworkConfigMethod::Static {
if let Some(address) = &iface.cidr6 {
writeln!(w, "\taddress {}", address)?;
}
if let Some(gateway) = &iface.gateway6 {
writeln!(w, "\tgateway {}", gateway)?;
}
}
for option in &iface.options6 {
writeln!(w, "\t{}", option)?;
}
if let Some(ref comments) = iface.comments6 {
for comment in comments.lines() {
writeln!(w, "#{}", comment)?;
}
}
Ok(())
}
fn write_iface(iface: &Interface, w: &mut dyn Write) -> Result<(), Error> {
fn method_to_str(method: NetworkConfigMethod) -> &'static str {
match method {
NetworkConfigMethod::Static => "static",
NetworkConfigMethod::Loopback => "loopback",
NetworkConfigMethod::Manual => "manual",
NetworkConfigMethod::DHCP => "dhcp",
}
}
if iface.method.is_none() && iface.method6.is_none() { return Ok(()); }
if iface.autostart {
writeln!(w, "auto {}", iface.name)?;
}
if let Some(method) = iface.method {
writeln!(w, "iface {} inet {}", iface.name, method_to_str(method))?;
write_iface_attributes_v4(iface, w, method)?;
write_iface_attributes(iface, w)?;
writeln!(w)?;
}
if let Some(method6) = iface.method6 {
let mut skip_v6 = false; // avoid empty inet6 manual entry
if iface.method.is_some()
&& method6 == NetworkConfigMethod::Manual
&& iface.comments6.is_none()
&& iface.options6.is_empty()
{
skip_v6 = true;
}
if !skip_v6 {
writeln!(w, "iface {} inet6 {}", iface.name, method_to_str(method6))?;
write_iface_attributes_v6(iface, w, method6)?;
if iface.method.is_none() { // only write common attributes once
write_iface_attributes(iface, w)?;
}
writeln!(w)?;
}
}
Ok(())
}
#[derive(Debug)]
enum NetworkOrderEntry {
Iface(String),
Comment(String),
Option(String),
}
#[derive(Debug, Default)]
pub struct NetworkConfig {
pub interfaces: BTreeMap<String, Interface>,
order: Vec<NetworkOrderEntry>,
}
use std::convert::TryFrom;
impl TryFrom<NetworkConfig> for String {
type Error = Error;
fn try_from(config: NetworkConfig) -> Result<Self, Self::Error> {
let mut output = Vec::new();
config.write_config(&mut output)?;
let res = String::from_utf8(output)?;
Ok(res)
}
}
impl NetworkConfig {
pub fn new() -> Self {
Self {
interfaces: BTreeMap::new(),
order: Vec::new(),
}
}
pub fn lookup(&self, name: &str) -> Result<&Interface, Error> {
let interface = self.interfaces.get(name).ok_or_else(|| {
format_err!("interface '{}' does not exist.", name)
})?;
Ok(interface)
}
pub fn lookup_mut(&mut self, name: &str) -> Result<&mut Interface, Error> {
let interface = self.interfaces.get_mut(name).ok_or_else(|| {
format_err!("interface '{}' does not exist.", name)
})?;
Ok(interface)
}
/// Check if ports are used only once
pub fn check_port_usage(&self) -> Result<(), Error> {
let mut used_ports = HashMap::new();
let mut check_port_usage = |iface, ports: &Vec<String>| {
for port in ports.iter() {
if let Some(prev_iface) = used_ports.get(port) {
bail!("iface '{}' port '{}' is already used on interface '{}'",
iface, port, prev_iface);
}
used_ports.insert(port.to_string(), iface);
}
Ok(())
};
for (iface, interface) in self.interfaces.iter() {
if let Some(ports) = &interface.bridge_ports { check_port_usage(iface, ports)?; }
if let Some(slaves) = &interface.slaves { check_port_usage(iface, slaves)?; }
}
Ok(())
}
/// Check if child mtu is less or equal than parent mtu
pub fn check_mtu(&self, parent_name: &str, child_name: &str) -> Result<(), Error> {
let parent = self.interfaces.get(parent_name)
.ok_or_else(|| format_err!("check_mtu - missing parent interface '{}'", parent_name))?;
let child = self.interfaces.get(child_name)
.ok_or_else(|| format_err!("check_mtu - missing child interface '{}'", child_name))?;
let child_mtu = match child.mtu {
Some(mtu) => mtu,
None => return Ok(()),
};
let parent_mtu = match parent.mtu {
Some(mtu) => mtu,
None => {
if parent.interface_type == NetworkInterfaceType::Bond {
child_mtu
} else {
1500
}
}
};
if parent_mtu < child_mtu {
bail!("interface '{}' - mtu {} is lower than '{}' - mtu {}\n",
parent_name, parent_mtu, child_name, child_mtu);
}
Ok(())
}
/// Check if bond slaves exists
pub fn check_bond_slaves(&self) -> Result<(), Error> {
for (iface, interface) in self.interfaces.iter() {
if let Some(slaves) = &interface.slaves {
for slave in slaves.iter() {
match self.interfaces.get(slave) {
Some(entry) => {
if entry.interface_type != NetworkInterfaceType::Eth {
bail!("bond '{}' - wrong interface type on slave '{}' ({:?} != {:?})",
iface, slave, entry.interface_type, NetworkInterfaceType::Eth);
}
}
None => {
bail!("bond '{}' - unable to find slave '{}'", iface, slave);
}
}
self.check_mtu(iface, slave)?;
}
}
}
Ok(())
}
/// Check if bridge ports exists
pub fn check_bridge_ports(&self) -> Result<(), Error> {
lazy_static!{
static ref VLAN_INTERFACE_REGEX: Regex = Regex::new(r"^(\S+)\.(\d+)$").unwrap();
}
for (iface, interface) in self.interfaces.iter() {
if let Some(ports) = &interface.bridge_ports {
for port in ports.iter() {
let captures = VLAN_INTERFACE_REGEX.captures(port);
let port = if let Some(ref caps) = captures { &caps[1] } else { port.as_str() };
if !self.interfaces.contains_key(port) {
bail!("bridge '{}' - unable to find port '{}'", iface, port);
}
self.check_mtu(iface, port)?;
}
}
}
Ok(())
}
pub fn write_config(&self, w: &mut dyn Write) -> Result<(), Error> {
self.check_port_usage()?;
self.check_bond_slaves()?;
self.check_bridge_ports()?;
let mut done = HashSet::new();
let mut last_entry_was_comment = false;
for entry in self.order.iter() {
match entry {
NetworkOrderEntry::Comment(comment) => {
writeln!(w, "#{}", comment)?;
last_entry_was_comment = true;
}
NetworkOrderEntry::Option(option) => {
if last_entry_was_comment { writeln!(w)?; }
last_entry_was_comment = false;
writeln!(w, "{}", option)?;
writeln!(w)?;
}
NetworkOrderEntry::Iface(name) => {
let interface = match self.interfaces.get(name) {
Some(interface) => interface,
None => continue,
};
if last_entry_was_comment { writeln!(w)?; }
last_entry_was_comment = false;
if done.contains(name) { continue; }
done.insert(name);
write_iface(interface, w)?;
}
}
}
for (name, interface) in &self.interfaces {
if done.contains(name) { continue; }
write_iface(interface, w)?;
}
Ok(())
}
}
pub const NETWORK_INTERFACES_FILENAME: &str = "/etc/network/interfaces";
pub const NETWORK_INTERFACES_NEW_FILENAME: &str = "/etc/network/interfaces.new";
pub const NETWORK_LOCKFILE: &str = "/var/lock/pve-network.lck";
pub fn lock_config() -> Result<BackupLockGuard, Error> {
open_backup_lockfile(NETWORK_LOCKFILE, None, true)
}
pub fn config() -> Result<(NetworkConfig, [u8;32]), Error> {
let content = match proxmox::tools::fs::file_get_optional_contents(NETWORK_INTERFACES_NEW_FILENAME)? {
Some(content) => content,
None => {
let content = proxmox::tools::fs::file_get_optional_contents(NETWORK_INTERFACES_FILENAME)?;
content.unwrap_or_default()
}
};
let digest = openssl::sha::sha256(&content);
let existing_interfaces = get_network_interfaces()?;
let mut parser = NetworkParser::new(&content[..]);
let data = parser.parse_interfaces(Some(&existing_interfaces))?;
Ok((data, digest))
}
pub fn changes() -> Result<String, Error> {
if !std::path::Path::new(NETWORK_INTERFACES_NEW_FILENAME).exists() {
return Ok(String::new());
}
compute_file_diff(NETWORK_INTERFACES_FILENAME, NETWORK_INTERFACES_NEW_FILENAME)
}
pub fn save_config(config: &NetworkConfig) -> Result<(), Error> {
let mut raw = Vec::new();
config.write_config(&mut raw)?;
let mode = nix::sys::stat::Mode::from_bits_truncate(0o0644);
// set the correct owner/group/permissions while saving file
// owner(rw) = root, group(r)=root, others(r)
let options = CreateOptions::new()
.perm(mode)
.owner(nix::unistd::ROOT)
.group(nix::unistd::Gid::from_raw(0));
replace_file(NETWORK_INTERFACES_NEW_FILENAME, &raw, options)?;
Ok(())
}
// shell completion helper
pub fn complete_interface_name(_arg: &str, _param: &HashMap<String, String>) -> Vec<String> {
match config() {
Ok((data, _digest)) => data.interfaces.keys().map(|id| id.to_string()).collect(),
Err(_) => return vec![],
}
}
pub fn complete_port_list(arg: &str, _param: &HashMap<String, String>) -> Vec<String> {
let mut ports = Vec::new();
match config() {
Ok((data, _digest)) => {
for (iface, interface) in data.interfaces.iter() {
if interface.interface_type == NetworkInterfaceType::Eth {
ports.push(iface.to_string());
}
}
}
Err(_) => return vec![],
};
let arg = arg.trim();
let prefix = if let Some(idx) = arg.rfind(',') { &arg[..idx+1] } else { "" };
ports.iter().map(|port| format!("{}{}", prefix, port)).collect()
}
#[cfg(test)]
mod test {
use anyhow::{Error};
use super::*;
#[test]
fn test_network_config_create_lo_1() -> Result<(), Error> {
let input = "";
let mut parser = NetworkParser::new(&input.as_bytes()[..]);
let config = parser.parse_interfaces(None)?;
let output = String::try_from(config)?;
let expected = "auto lo\niface lo inet loopback\n\n";
assert_eq!(output, expected);
// run again using output as input
let mut parser = NetworkParser::new(&output.as_bytes()[..]);
let config = parser.parse_interfaces(None)?;
let output = String::try_from(config)?;
assert_eq!(output, expected);
Ok(())
}
#[test]
fn test_network_config_create_lo_2() -> Result<(), Error> {
let input = "#c1\n\n#c2\n\niface test inet manual\n";
let mut parser = NetworkParser::new(&input.as_bytes()[..]);
let config = parser.parse_interfaces(None)?;
let output = String::try_from(config)?;
// Note: loopback should be added in front of other interfaces
let expected = "#c1\n#c2\n\nauto lo\niface lo inet loopback\n\niface test inet manual\n\n";
assert_eq!(output, expected);
Ok(())
}
#[test]
fn test_network_config_parser_no_blank_1() -> Result<(), Error> {
let input = "auto lo\n\
iface lo inet loopback\n\
iface lo inet6 loopback\n\
auto ens18\n\
iface ens18 inet static\n\
\taddress 192.168.20.144/20\n\
\tgateway 192.168.16.1\n\
# comment\n\
iface ens20 inet static\n\
\taddress 192.168.20.145/20\n\
iface ens21 inet manual\n\
iface ens22 inet manual\n";
let mut parser = NetworkParser::new(&input.as_bytes()[..]);
let config = parser.parse_interfaces(None)?;
let output = String::try_from(config)?;
let expected = "auto lo\n\
iface lo inet loopback\n\
\n\
iface lo inet6 loopback\n\
\n\
auto ens18\n\
iface ens18 inet static\n\
\taddress 192.168.20.144/20\n\
\tgateway 192.168.16.1\n\
#comment\n\
\n\
iface ens20 inet static\n\
\taddress 192.168.20.145/20\n\
\n\
iface ens21 inet manual\n\
\n\
iface ens22 inet manual\n\
\n";
assert_eq!(output, expected);
Ok(())
}
#[test]
fn test_network_config_parser_no_blank_2() -> Result<(), Error> {
// Adapted from bug 2926
let input = "### Hetzner Online GmbH installimage\n\
\n\
source /etc/network/interfaces.d/*\n\
\n\
auto lo\n\
iface lo inet loopback\n\
iface lo inet6 loopback\n\
\n\
auto enp4s0\n\
iface enp4s0 inet static\n\
\taddress 10.10.10.10/24\n\
\tgateway 10.10.10.1\n\
\t# route 10.10.20.10/24 via 10.10.20.1\n\
\tup route add -net 10.10.20.10 netmask 255.255.255.0 gw 10.10.20.1 dev enp4s0\n\
\n\
iface enp4s0 inet6 static\n\
\taddress fe80::5496:35ff:fe99:5a6a/64\n\
\tgateway fe80::1\n";
let mut parser = NetworkParser::new(&input.as_bytes()[..]);
let config = parser.parse_interfaces(None)?;
let output = String::try_from(config)?;
let expected = "### Hetzner Online GmbH installimage\n\
\n\
source /etc/network/interfaces.d/*\n\
\n\
auto lo\n\
iface lo inet loopback\n\
\n\
iface lo inet6 loopback\n\
\n\
auto enp4s0\n\
iface enp4s0 inet static\n\
\taddress 10.10.10.10/24\n\
\tgateway 10.10.10.1\n\
\t# route 10.10.20.10/24 via 10.10.20.1\n\
\tup route add -net 10.10.20.10 netmask 255.255.255.0 gw 10.10.20.1 dev enp4s0\n\
\n\
iface enp4s0 inet6 static\n\
\taddress fe80::5496:35ff:fe99:5a6a/64\n\
\tgateway fe80::1\n\
\n";
assert_eq!(output, expected);
Ok(())
}
}

568
pbs-config/src/network/parser.rs Normal file
View File

@ -0,0 +1,568 @@
use std::io::{BufRead};
use std::iter::{Peekable, Iterator};
use std::collections::{HashMap, HashSet};
use anyhow::{Error, bail, format_err};
use lazy_static::lazy_static;
use regex::Regex;
use super::helper::*;
use super::lexer::*;
use super::{NetworkConfig, NetworkOrderEntry, Interface, NetworkConfigMethod, NetworkInterfaceType, bond_mode_from_str, bond_xmit_hash_policy_from_str};
fn set_method_v4(iface: &mut Interface, method: NetworkConfigMethod) -> Result<(), Error> {
if iface.method.is_none() {
iface.method = Some(method);
} else {
bail!("inet configuration method already set.");
}
Ok(())
}
fn set_method_v6(iface: &mut Interface, method: NetworkConfigMethod) -> Result<(), Error> {
if iface.method6.is_none() {
iface.method6 = Some(method);
} else {
bail!("inet6 configuration method already set.");
}
Ok(())
}
fn set_cidr_v4(iface: &mut Interface, address: String) -> Result<(), Error> {
if iface.cidr.is_none() {
iface.cidr = Some(address);
} else {
bail!("duplicate IPv4 address.");
}
Ok(())
}
fn set_gateway_v4(iface: &mut Interface, gateway: String) -> Result<(), Error> {
if iface.gateway.is_none() {
iface.gateway = Some(gateway);
} else {
bail!("duplicate IPv4 gateway.");
}
Ok(())
}
fn set_cidr_v6(iface: &mut Interface, address: String) -> Result<(), Error> {
if iface.cidr6.is_none() {
iface.cidr6 = Some(address);
} else {
bail!("duplicate IPv6 address.");
}
Ok(())
}
fn set_gateway_v6(iface: &mut Interface, gateway: String) -> Result<(), Error> {
if iface.gateway6.is_none() {
iface.gateway6 = Some(gateway);
} else {
bail!("duplicate IPv4 gateway.");
}
Ok(())
}
fn set_interface_type(iface: &mut Interface, interface_type: NetworkInterfaceType) -> Result<(), Error> {
if iface.interface_type == NetworkInterfaceType::Unknown {
iface.interface_type = interface_type;
} else if iface.interface_type != interface_type {
bail!("interface type already defined - cannot change from {:?} to {:?}", iface.interface_type, interface_type);
}
Ok(())
}
pub struct NetworkParser<R: BufRead> {
input: Peekable<Lexer<R>>,
line_nr: usize,
}
impl <R: BufRead> NetworkParser<R> {
pub fn new(reader: R) -> Self {
let input = Lexer::new(reader).peekable();
Self { input, line_nr: 1 }
}
fn peek(&mut self) -> Result<Token, Error> {
match self.input.peek() {
Some(Err(err)) => {
bail!("input error - {}", err);
}
Some(Ok((token, _))) => {
Ok(*token)
}
None => {
bail!("got unexpected end of stream (inside peek)");
}
}
}
fn next(&mut self) -> Result<(Token, String), Error> {
match self.input.next() {
Some(Err(err)) => {
bail!("input error - {}", err);
}
Some(Ok((token, text))) => {
if token == Token::Newline { self.line_nr += 1; }
Ok((token, text))
}
None => {
bail!("got unexpected end of stream (inside peek)");
}
}
}
fn next_text(&mut self) -> Result<String, Error> {
match self.next()? {
(Token::Text, text) => Ok(text),
(unexpected, _) => bail!("got unexpected token {:?} (expecting Text)", unexpected),
}
}
fn eat(&mut self, expected: Token) -> Result<String, Error> {
let (next, text) = self.next()?;
if next != expected {
bail!("expected {:?}, got {:?}", expected, next);
}
Ok(text)
}
fn parse_auto(&mut self, auto_flag: &mut HashSet<String>) -> Result<(), Error> {
self.eat(Token::Auto)?;
loop {
match self.next()? {
(Token::Text, iface) => {
auto_flag.insert(iface.to_string());
}
(Token::Newline, _) => break,
unexpected => {
bail!("expected {:?}, got {:?}", Token::Text, unexpected);
}
}
}
Ok(())
}
fn parse_netmask(&mut self) -> Result<u8, Error> {
self.eat(Token::Netmask)?;
let netmask = self.next_text()?;
let mask = if let Some(mask) = IPV4_MASK_HASH_LOCALNET.get(netmask.as_str()) {
*mask
} else {
match u8::from_str_radix(netmask.as_str(), 10) {
Ok(mask) => mask,
Err(err) => {
bail!("unable to parse netmask '{}' - {}", netmask, err);
}
}
};
self.eat(Token::Newline)?;
Ok(mask)
}
fn parse_iface_address(&mut self) -> Result<(String, Option<u8>, bool), Error> {
self.eat(Token::Address)?;
let cidr = self.next_text()?;
let (_address, mask, ipv6) = parse_address_or_cidr(&cidr)?;
self.eat(Token::Newline)?;
Ok((cidr, mask, ipv6))
}
fn parse_iface_gateway(&mut self, interface: &mut Interface) -> Result<(), Error> {
self.eat(Token::Gateway)?;
let gateway = self.next_text()?;
if proxmox::tools::common_regex::IP_REGEX.is_match(&gateway) {
if gateway.contains(':') {
set_gateway_v6(interface, gateway)?;
} else {
set_gateway_v4(interface, gateway)?;
}
} else {
bail!("unable to parse gateway address");
}
self.eat(Token::Newline)?;
Ok(())
}
fn parse_iface_mtu(&mut self) -> Result<u64, Error> {
self.eat(Token::MTU)?;
let mtu = self.next_text()?;
let mtu = match u64::from_str_radix(&mtu, 10) {
Ok(mtu) => mtu,
Err(err) => {
bail!("unable to parse mtu value '{}' - {}", mtu, err);
}
};
self.eat(Token::Newline)?;
Ok(mtu)
}
fn parse_yes_no(&mut self) -> Result<bool, Error> {
let text = self.next_text()?;
let value = match text.to_lowercase().as_str() {
"yes" => true,
"no" => false,
_ => {
bail!("unable to bool value '{}' - (expected yes/no)", text);
}
};
self.eat(Token::Newline)?;
Ok(value)
}
fn parse_to_eol(&mut self) -> Result<String, Error> {
let mut line = String::new();
loop {
match self.next()? {
(Token::Newline, _) => return Ok(line),
(_, text) => {
if !line.is_empty() { line.push(' '); }
line.push_str(&text);
}
}
}
}
fn parse_iface_list(&mut self) -> Result<Vec<String>, Error> {
let mut list = Vec::new();
loop {
let (token, text) = self.next()?;
match token {
Token::Newline => break,
Token::Text => {
if &text != "none" {
list.push(text);
}
}
_ => bail!("unable to parse interface list - unexpected token '{:?}'", token),
}
}
Ok(list)
}
fn parse_iface_attributes(
&mut self,
interface: &mut Interface,
address_family_v4: bool,
address_family_v6: bool,
) -> Result<(), Error> {
let mut netmask = None;
let mut address_list = Vec::new();
loop {
match self.peek()? {
Token::Attribute => { self.eat(Token::Attribute)?; },
Token::Comment => {
let comment = self.eat(Token::Comment)?;
if !address_family_v4 && address_family_v6 {
let mut comments = interface.comments6.take().unwrap_or_default();
if !comments.is_empty() { comments.push('\n'); }
comments.push_str(&comment);
interface.comments6 = Some(comments);
} else {
let mut comments = interface.comments.take().unwrap_or_default();
if !comments.is_empty() { comments.push('\n'); }
comments.push_str(&comment);
interface.comments = Some(comments);
}
self.eat(Token::Newline)?;
continue;
}
_ => break,
}
match self.peek()? {
Token::Address => {
let (cidr, mask, is_v6) = self.parse_iface_address()?;
address_list.push((cidr, mask, is_v6));
}
Token::Gateway => self.parse_iface_gateway(interface)?,
Token::Netmask => {
//Note: netmask is deprecated, but we try to do our best
netmask = Some(self.parse_netmask()?);
}
Token::MTU => {
let mtu = self.parse_iface_mtu()?;
interface.mtu = Some(mtu);
}
Token::BridgeVlanAware => {
self.eat(Token::BridgeVlanAware)?;
let bridge_vlan_aware = self.parse_yes_no()?;
interface.bridge_vlan_aware = Some(bridge_vlan_aware);
}
Token::BridgePorts => {
self.eat(Token::BridgePorts)?;
let ports = self.parse_iface_list()?;
interface.bridge_ports = Some(ports);
set_interface_type(interface, NetworkInterfaceType::Bridge)?;
}
Token::BondSlaves => {
self.eat(Token::BondSlaves)?;
let slaves = self.parse_iface_list()?;
interface.slaves = Some(slaves);
set_interface_type(interface, NetworkInterfaceType::Bond)?;
}
Token::BondMode => {
self.eat(Token::BondMode)?;
let mode = self.next_text()?;
interface.bond_mode = Some(bond_mode_from_str(&mode)?);
self.eat(Token::Newline)?;
}
Token::BondPrimary => {
self.eat(Token::BondPrimary)?;
let primary = self.next_text()?;
interface.bond_primary = Some(primary);
self.eat(Token::Newline)?;
}
Token::BondXmitHashPolicy => {
self.eat(Token::BondXmitHashPolicy)?;
let policy = bond_xmit_hash_policy_from_str(&self.next_text()?)?;
interface.bond_xmit_hash_policy = Some(policy);
self.eat(Token::Newline)?;
}
_ => { // parse addon attributes
let option = self.parse_to_eol()?;
if !option.is_empty() {
if !address_family_v4 && address_family_v6 {
interface.options6.push(option);
} else {
interface.options.push(option);
}
};
},
}
}
#[allow(clippy::comparison_chain)]
if let Some(netmask) = netmask {
if address_list.len() > 1 {
bail!("unable to apply netmask to multiple addresses (please use cidr notation)");
} else if address_list.len() == 1 {
let (mut cidr, mask, is_v6) = address_list.pop().unwrap();
if mask.is_some() {
// address already has a mask - ignore netmask
} else {
check_netmask(netmask, is_v6)?;
cidr.push_str(&format!("/{}", netmask));
}
if is_v6 {
set_cidr_v6(interface, cidr)?;
} else {
set_cidr_v4(interface, cidr)?;
}
} else {
// no address - simply ignore useless netmask
}
} else {
for (cidr, mask, is_v6) in address_list {
if mask.is_none() {
bail!("missing netmask in '{}'", cidr);
}
if is_v6 {
set_cidr_v6(interface, cidr)?;
} else {
set_cidr_v4(interface, cidr)?;
}
}
}
Ok(())
}
fn parse_iface(&mut self, config: &mut NetworkConfig) -> Result<(), Error> {
self.eat(Token::Iface)?;
let iface = self.next_text()?;
let mut address_family_v4 = false;
let mut address_family_v6 = false;
let mut config_method = None;
loop {
let (token, text) = self.next()?;
match token {
Token::Newline => break,
Token::Inet => address_family_v4 = true,
Token::Inet6 => address_family_v6 = true,
Token::Loopback => config_method = Some(NetworkConfigMethod::Loopback),
Token::Static => config_method = Some(NetworkConfigMethod::Static),
Token::Manual => config_method = Some(NetworkConfigMethod::Manual),
Token::DHCP => config_method = Some(NetworkConfigMethod::DHCP),
_ => bail!("unknown iface option {}", text),
}
}
let config_method = config_method.unwrap_or(NetworkConfigMethod::Static);
if !(address_family_v4 || address_family_v6) {
address_family_v4 = true;
address_family_v6 = true;
}
if let Some(mut interface) = config.interfaces.get_mut(&iface) {
if address_family_v4 {
set_method_v4(interface, config_method)?;
}
if address_family_v6 {
set_method_v6(interface, config_method)?;
}
self.parse_iface_attributes(&mut interface, address_family_v4, address_family_v6)?;
} else {
let mut interface = Interface::new(iface.clone());
if address_family_v4 {
set_method_v4(&mut interface, config_method)?;
}
if address_family_v6 {
set_method_v6(&mut interface, config_method)?;
}
self.parse_iface_attributes(&mut interface, address_family_v4, address_family_v6)?;
config.interfaces.insert(interface.name.clone(), interface);
config.order.push(NetworkOrderEntry::Iface(iface));
}
Ok(())
}
pub fn parse_interfaces(&mut self, existing_interfaces: Option<&HashMap<String, bool>>) -> Result<NetworkConfig, Error> {
self._parse_interfaces(existing_interfaces)
.map_err(|err| format_err!("line {}: {}", self.line_nr, err))
}
pub fn _parse_interfaces(&mut self, existing_interfaces: Option<&HashMap<String, bool>>) -> Result<NetworkConfig, Error> {
let mut config = NetworkConfig::new();
let mut auto_flag: HashSet<String> = HashSet::new();
loop {
match self.peek()? {
Token::EOF => {
break;
}
Token::Newline => {
// skip empty lines
self.eat(Token::Newline)?;
}
Token::Comment => {
let (_, text) = self.next()?;
config.order.push(NetworkOrderEntry::Comment(text));
self.eat(Token::Newline)?;
}
Token::Auto => {
self.parse_auto(&mut auto_flag)?;
}
Token::Iface => {
self.parse_iface(&mut config)?;
}
_ => {
let option = self.parse_to_eol()?;
if !option.is_empty() {
config.order.push(NetworkOrderEntry::Option(option));
}
}
}
}
for iface in auto_flag.iter() {
if let Some(interface) = config.interfaces.get_mut(iface) {
interface.autostart = true;
}
}
lazy_static!{
static ref INTERFACE_ALIAS_REGEX: Regex = Regex::new(r"^\S+:\d+$").unwrap();
static ref VLAN_INTERFACE_REGEX: Regex = Regex::new(r"^\S+\.\d+$").unwrap();
}
if let Some(existing_interfaces) = existing_interfaces {
for (iface, active) in existing_interfaces.iter() {
if let Some(interface) = config.interfaces.get_mut(iface) {
interface.active = *active;
if interface.interface_type == NetworkInterfaceType::Unknown && super::is_physical_nic(iface) {
interface.interface_type = NetworkInterfaceType::Eth;
}
} else if super::is_physical_nic(iface) { // also add all physical NICs
let mut interface = Interface::new(iface.clone());
set_method_v4(&mut interface, NetworkConfigMethod::Manual)?;
interface.interface_type = NetworkInterfaceType::Eth;
interface.active = *active;
config.interfaces.insert(interface.name.clone(), interface);
config.order.push(NetworkOrderEntry::Iface(iface.to_string()));
}
}
}
for (name, interface) in config.interfaces.iter_mut() {
if interface.interface_type != NetworkInterfaceType::Unknown { continue; }
if name == "lo" {
interface.interface_type = NetworkInterfaceType::Loopback;
continue;
}
if INTERFACE_ALIAS_REGEX.is_match(name) {
interface.interface_type = NetworkInterfaceType::Alias;
continue;
}
if VLAN_INTERFACE_REGEX.is_match(name) {
interface.interface_type = NetworkInterfaceType::Vlan;
continue;
}
if super::is_physical_nic(name) {
interface.interface_type = NetworkInterfaceType::Eth;
continue;
}
}
if config.interfaces.get("lo").is_none() {
let mut interface = Interface::new(String::from("lo"));
set_method_v4(&mut interface, NetworkConfigMethod::Loopback)?;
interface.interface_type = NetworkInterfaceType::Loopback;
interface.autostart = true;
config.interfaces.insert(interface.name.clone(), interface);
// Note: insert 'lo' as first interface after initial comments
let mut new_order = Vec::new();
let mut added_lo = false;
for entry in config.order {
if added_lo { new_order.push(entry); continue; } // copy the rest
match entry {
NetworkOrderEntry::Comment(_) => {
new_order.push(entry);
}
_ => {
new_order.push(NetworkOrderEntry::Iface(String::from("lo")));
added_lo = true;
new_order.push(entry);
}
}
}
config.order = new_order;
}
Ok(config)
}
}