Cleanup RFC Compliant implementation

  1. Make vmac and normal modes more integrated
  2. Remove unneeded additional variables from vrrp_rt
  3. Shutdown vmac interface when going to backup or fault state:
     this elimenates the need for iptables filters in backup mode
  4. Integrate with new patched macvlan driver
  5. Listen on the lowerdev of macvlan instead of the macvlan interface
     requires new macvlan driver with vyatta patch.

Author: jsouthworth

keepalived/include/vrrp.h

@@ -89,11 +89,11 @@ typedef struct _vrrp_rt {
 	sa_family_t family;	/* AF_INET|AF_INET6 */
 	char *iname;		/* Instance Name */
 	vrrp_sgroup *sync;	/* Sync group we belong to */
-	interface *ifp;		/* Interface we belong to */
-	unsigned int ifindex;	/* ifindex of (parent)interface (if vmac)*/
+	interface *ifp;		/* Interface on which we receive traffic */
+	interface *xmit_ifp;	/* Interface on which we transmit traffic */
+	unsigned int vmac_ifindex; /* ifindex of the vmac interface used upon deletion */
 	int dont_track_primary; /* If set ignores ifp faults */
 	int vmac;		/* If set try to set VRRP VMAC */
-	unsigned int vmac_ifindex;	/* ifindex of vmac interface */
 	char vmac_ifname[IFNAMSIZ];	/* name of vmac interface */
 	list track_ifp;		/* Interface state we monitor */
 	list track_script;	/* Script state we monitor */
@@ -216,7 +216,7 @@ typedef struct _vrrp_rt {
 /* prototypes */
 extern vrrp_pkt *vrrp_get_header(sa_family_t, char *, int *, uint32_t *);
 extern int open_vrrp_send_socket(sa_family_t, int, int);
-extern int open_vrrp_socket(sa_family_t, int, int, int);
+extern int open_vrrp_socket(sa_family_t, int, int);
 extern int new_vrrp_socket(vrrp_rt *);
 extern void close_vrrp_socket(vrrp_rt *);
 extern void vrrp_send_link_update(vrrp_rt *);

keepalived/include/vrrp_data.h

@@ -42,8 +42,8 @@
 typedef struct _sock {
 	sa_family_t family;
 	int proto;
-	int ifindex;
-	int parent_ifindex; /* store parent if index in vmac case */
+	int recv_ifindex; /* ifindex of in_fd */
+	int xmit_ifindex; /* ifindex of out_fd */
 	int fd_in;
 	int fd_out;
 } sock_t;

keepalived/include/vrrp_vmac.h

@@ -38,5 +38,7 @@
 /* prototypes */
 extern int netlink_link_add_vmac(vrrp_rt *);
 extern int netlink_link_del_vmac(vrrp_rt *);
+extern int netlink_link_down(vrrp_rt *);
+extern int netlink_link_up(vrrp_rt *);
 
 #endif

keepalived/vrrp/vrrp.c

@@ -715,10 +715,7 @@ void
 vrrp_state_become_master(vrrp_rt * vrrp)
 {
         if (vrrp->vmac) {
-	        if (vrrp->auth_type == VRRP_AUTH_AH)
-			vyatta_if_drop_iptables_input_filter(IF_NAME(vrrp->ifp), 1); 
-	        else
-			vyatta_if_drop_iptables_input_filter(IF_NAME(vrrp->ifp), 0); 
+		netlink_link_up(vrrp);
 	}
 
 	/* add the ip addresses */
@@ -800,18 +797,9 @@ vrrp_restore_interface(vrrp_rt * vrrp, int advF)
 	}
 	if (vrrp->vmac){
 		if (advF) {
-			if (vrrp->auth_type == VRRP_AUTH_AH)
-				vyatta_if_drop_iptables_input_filter(IF_NAME(vrrp->ifp), 1); 
-			else
-				vyatta_if_drop_iptables_input_filter(IF_NAME(vrrp->ifp), 0); 
+			netlink_link_up(vrrp);
 		} else {
-			if (vrrp->auth_type == VRRP_AUTH_AH) {
-				vyatta_if_drop_iptables_input_filter(IF_NAME(vrrp->ifp), 1);
-				vyatta_if_create_iptables_input_filter(IF_NAME(vrrp->ifp), 1);
-			} else {
-				vyatta_if_drop_iptables_input_filter(IF_NAME(vrrp->ifp), 0);
-				vyatta_if_create_iptables_input_filter(IF_NAME(vrrp->ifp), 0);
-			}
+			netlink_link_down(vrrp);
 		}
 	}
 
@@ -1098,14 +1086,13 @@ open_vrrp_send_socket(sa_family_t family, int proto, int idx)
 
 /* open a VRRP socket and join the multicast group. */
 int
-open_vrrp_socket(sa_family_t family, int proto, int idx, int parent_idx)
+open_vrrp_socket(sa_family_t family, int proto, int idx)
 {
-	interface *ifp, *parent_ifp;
+	interface *ifp;
 	int fd = -1;
-
+        
 	/* Retreive interface */
 	ifp = if_get_by_ifindex(idx);
-	parent_ifp = if_get_by_ifindex(parent_idx);
 
 	/* open the socket */
 	fd = socket(family, SOCK_RAW, proto);
@@ -1117,9 +1104,6 @@ open_vrrp_socket(sa_family_t family, int proto, int idx, int parent_idx)
 
 	/* Join the VRRP MCAST group */
 	if_join_vrrp_group(family, &fd, ifp, proto);
-	/* Only join on parent interface if its different than the current */
-	if (idx != parent_idx)
-		if_join_vrrp_group(family, &fd, parent_ifp, proto);
 
 	if (fd < 0)
 		return -1;
@@ -1149,8 +1133,8 @@ new_vrrp_socket(vrrp_rt * vrrp)
 	close_vrrp_socket(vrrp);
 	remove_vrrp_fd_bucket(vrrp);
 	proto = (vrrp->auth_type == VRRP_AUTH_AH) ? IPPROTO_IPSEC_AH : IPPROTO_VRRP;
-	vrrp->fd_in = open_vrrp_socket(vrrp->family, proto, IF_INDEX(vrrp->ifp), vrrp->ifindex);
-	vrrp->fd_out = open_vrrp_send_socket(vrrp->family, proto, IF_INDEX(vrrp->ifp));
+	vrrp->fd_in = open_vrrp_socket(vrrp->family, proto, IF_INDEX(vrrp->ifp));
+	vrrp->fd_out = open_vrrp_send_socket(vrrp->family, proto, IF_INDEX(vrrp->xmit_ifp));
 	alloc_vrrp_fd_bucket(vrrp);
 
 	/* Sync the other desc */
@@ -1351,11 +1335,7 @@ clear_diff_vrrp(void)
 			clear_diff_vrrp_vroutes(vrrp);
 
 			if (vrrp->vmac) {
-	                        if (vrrp->auth_type == VRRP_AUTH_AH) {
-					vyatta_if_drop_iptables_input_filter(IF_NAME(new_vrrp->ifp), 1); 
-				} else {
-					vyatta_if_drop_iptables_input_filter(IF_NAME(new_vrrp->ifp), 0); 
-				}
+				netlink_link_up(vrrp);	
 			}
 
 

keepalived/vrrp/vrrp_data.c

@@ -138,7 +138,7 @@ free_sock(void *sock_data)
 	sock_t *sock = sock_data;
 	interface *ifp;
 	if (sock->fd_in > 0) {
-		ifp = if_get_by_ifindex(sock->ifindex);
+		ifp = if_get_by_ifindex(sock->recv_ifindex);
 		if_leave_vrrp_group(sock->family, sock->fd_in, ifp);
 	}
 	if (sock->fd_out > 0)
@@ -150,9 +150,9 @@ static void
 dump_sock(void *sock_data)
 {
 	sock_t *sock = sock_data;
-	log_message(LOG_INFO, "VRRP sockpool: [ifindex(%d), parent_ifindex(%d), proto(%d), fd(%d,%d)]"
-			    , sock->ifindex
-			    , sock->parent_ifindex
+	log_message(LOG_INFO, "VRRP sockpool: [recv_ifindex(%d), xmit_ifindex(%d), proto(%d), fd(%d,%d)]"
+			    , sock->recv_ifindex
+			    , sock->xmit_ifindex
 			    , sock->proto
 			    , sock->fd_in
 			    , sock->fd_out);
@@ -336,13 +336,13 @@ void
 alloc_vrrp_vip(vector strvec)
 {
 	vrrp_rt *vrrp = LIST_TAIL_DATA(vrrp_data->vrrp);
-	if (vrrp->ifp == NULL) {
+	if (vrrp->xmit_ifp == NULL) {
 		log_message(LOG_ERR, "Configuration error: VRRP definition must belong to an interface");
 	}
 
 	if (LIST_ISEMPTY(vrrp->vip))
 		vrrp->vip = alloc_list(free_ipaddress, dump_ipaddress);
-	alloc_ipaddress(vrrp->vip, strvec, vrrp->ifp);
+	alloc_ipaddress(vrrp->vip, strvec, vrrp->xmit_ifp);
 }
 void
 alloc_vrrp_evip(vector strvec)

keepalived/vrrp/vrrp_parser.c

@@ -107,8 +107,6 @@ vrrp_vmac_handler(vector strvec)
 	vrrp->vmac = 1;
 	if (!(vrrp->mcast_saddr))
 		vrrp->mcast_saddr  = IF_ADDR(vrrp->ifp);
-	if (!(vrrp->ifindex))
-		vrrp->ifindex = IF_INDEX(vrrp->ifp);
 	if (strvec && (strvec->allocated == 2))
 		strncpy(vrrp->vmac_ifname, VECTOR_SLOT(strvec, 1),
 			IFNAMSIZ - 1);
@@ -151,7 +149,7 @@ vrrp_int_handler(vector strvec)
 	vrrp_rt *vrrp = LIST_TAIL_DATA(vrrp_data->vrrp);
 	char *name = VECTOR_SLOT(strvec, 1);
 	vrrp->ifp = if_get_by_ifname(name);
-	vrrp->ifindex = IF_INDEX(vrrp->ifp); //hold parent if index
+	vrrp->xmit_ifp = vrrp->ifp;
 	if (vrrp->vmac && !(vrrp->vmac & 2))
 		netlink_link_add_vmac(vrrp);
 }

keepalived/vrrp/vrrp_scheduler.c

@@ -418,22 +418,22 @@ already_exist_sock(list l, sa_family_t family, int proto, int ifindex)
 		sock = ELEMENT_DATA(e);
 		if ((sock->family == family) &&
 		    (sock->proto == proto)	 &&
-		    (sock->ifindex == ifindex))
+		    (sock->recv_ifindex == ifindex))
 			return 1;
 	}
 	return 0;
 }
 
 void
-alloc_sock(sa_family_t family, list l, int proto, int ifindex, int p_ifindex)
+alloc_sock(sa_family_t family, list l, int proto, int r_ifindex, int x_ifindex)
 {
 	sock_t *new;
 
 	new = (sock_t *) MALLOC(sizeof (sock_t));
 	new->family = family;
 	new->proto = proto;
-	new->ifindex = ifindex;
-	new->parent_ifindex = p_ifindex;
+	new->recv_ifindex = r_ifindex;
+	new->xmit_ifindex = x_ifindex;
 
 	list_add(l, new);
 }
@@ -444,26 +444,28 @@ vrrp_create_sockpool(list l)
 	vrrp_rt *vrrp;
 	list p = vrrp_data->vrrp;
 	element e;
-	int ifindex, parent_ifindex;
+	int recv_ifindex, xmit_ifindex;
 	int proto;
 
 	for (e = LIST_HEAD(p); e; ELEMENT_NEXT(e)) {
 		vrrp = ELEMENT_DATA(e);
-		ifindex = IF_INDEX(vrrp->ifp);
 
-		if (vrrp->vmac) 
-		  parent_ifindex = vrrp->ifindex;
-		else 
-		  parent_ifindex = ifindex;
+		if (vrrp->vmac) {
+		  recv_ifindex = IF_INDEX(vrrp->ifp);
+		  xmit_ifindex = vrrp->vmac_ifindex;
+		} else {
+		  recv_ifindex = IF_INDEX(vrrp->ifp);
+		  xmit_ifindex = recv_ifindex;
+		}
 
 		if (vrrp->auth_type == VRRP_AUTH_AH)
 			proto = IPPROTO_IPSEC_AH;
 		else
 			proto = IPPROTO_VRRP;
 
 		/* add the vrrp element if not exist */
-		if (!already_exist_sock(l, vrrp->family, proto, ifindex))
-			alloc_sock(vrrp->family, l, proto, ifindex, parent_ifindex);
+		if (!already_exist_sock(l, vrrp->family, proto, recv_ifindex))
+			alloc_sock(vrrp->family, l, proto, recv_ifindex, xmit_ifindex);
 	}
 }
 
@@ -476,12 +478,12 @@ vrrp_open_sockpool(list l)
 	for (e = LIST_HEAD(l); e; ELEMENT_NEXT(e)) {
 		sock = ELEMENT_DATA(e);
 		sock->fd_in = open_vrrp_socket(sock->family, sock->proto,
-					   sock->ifindex, sock->parent_ifindex);
+					   sock->recv_ifindex);
 		if (sock->fd_in == -1)
 			sock->fd_out = -1;
 		else
 			sock->fd_out = open_vrrp_send_socket(sock->family, sock->proto,
-								 sock->ifindex);
+								 sock->xmit_ifindex);
 	}
 }
 
@@ -504,7 +506,7 @@ vrrp_set_fds(list l)
 			else
 				proto = IPPROTO_VRRP;
 
-			if ((sock->ifindex == IF_INDEX(vrrp->ifp)) &&
+			if ((sock->recv_ifindex == IF_INDEX(vrrp->ifp)) &&
 			    (sock->proto == proto)) {
 				vrrp->fd_in = sock->fd_in;
 				vrrp->fd_out = sock->fd_out;

keepalived/vrrp/vrrp_snmp.c

@@ -1191,7 +1191,7 @@ vrrp_rfc_snmp_new_master_trap(vrrp_rt *vrrp)
 	oid objid_snmptrap[] = { SNMPTRAP_OID };
 	size_t objid_snmptrap_len = OID_LENGTH(objid_snmptrap);
 	/* OID for trap data vrrpOperMasterIPAddr */
-	oid masterip_oid[] = { VRRP_RFC_OID, 1, 3, 1, 7, vrrp->ifindex, vrrp->vrid };
+	oid masterip_oid[] = { VRRP_RFC_OID, 1, 3, 1, 7, IF_INDEX(vrrp->ifp), vrrp->vrid };
 	size_t masterip_oid_len = OID_LENGTH(masterip_oid);
 
 	netsnmp_variable_list *notification_vars = NULL;

keepalived/vrrp/vrrp_vmac.c

@@ -51,14 +51,14 @@ netlink_link_setlladdr(vrrp_rt *vrrp)
 	req.n.nlmsg_flags = NLM_F_REQUEST;
 	req.n.nlmsg_type = RTM_NEWLINK;
 	req.ifi.ifi_family = AF_INET;
-	req.ifi.ifi_index = IF_INDEX(vrrp->ifp);
+	req.ifi.ifi_index = IF_INDEX(vrrp->xmit_ifp);
 
 	addattr_l(&req.n, sizeof(req), IFLA_ADDRESS, ll_addr, ETH_ALEN);
 
 	if (netlink_talk(&nl_cmd, &req.n) < 0)
 		status = -1;
 	else
-		memcpy(vrrp->ifp->hw_addr, ll_addr, ETH_ALEN);
+		memcpy(vrrp->xmit_ifp->hw_addr, ll_addr, ETH_ALEN);
 
 	return status;
 }
@@ -80,7 +80,7 @@ netlink_link_setmode(vrrp_rt *vrrp)
 	req.n.nlmsg_flags = NLM_F_REQUEST;
 	req.n.nlmsg_type = RTM_NEWLINK;
 	req.ifi.ifi_family = AF_INET;
-	req.ifi.ifi_index = IF_INDEX(vrrp->ifp);
+	req.ifi.ifi_index = IF_INDEX(vrrp->xmit_ifp);
 
 	linkinfo = NLMSG_TAIL(&req.n);
 	addattr_l(&req.n, sizeof(req), IFLA_LINKINFO, NULL, 0);
@@ -94,8 +94,11 @@ netlink_link_setmode(vrrp_rt *vrrp)
 	 * In private mode, macvlan will receive frames with same MAC addr
 	 * as configured on the interface.
 	 */
+#ifndef MACVLAN_MODE_VRRP
+#define MACVLAN_MODE_VRRP 16
+#endif
 	addattr32(&req.n, sizeof(req), IFLA_MACVLAN_MODE,
-		  MACVLAN_MODE_PRIVATE);
+		  MACVLAN_MODE_VRRP);
 	data->rta_len = (void *)NLMSG_TAIL(&req.n) - (void *)data;
 
 	linkinfo->rta_len = (void *)NLMSG_TAIL(&req.n) - (void *)linkinfo;
@@ -106,7 +109,7 @@ netlink_link_setmode(vrrp_rt *vrrp)
 	return status;
 }
 
-static int
+int
 netlink_link_up(vrrp_rt *vrrp)
 {
 	int status = 1;
@@ -122,7 +125,7 @@ netlink_link_up(vrrp_rt *vrrp)
 	req.n.nlmsg_flags = NLM_F_REQUEST;
 	req.n.nlmsg_type = RTM_NEWLINK;
 	req.ifi.ifi_family = AF_UNSPEC;
-	req.ifi.ifi_index = IF_INDEX(vrrp->ifp);
+	req.ifi.ifi_index = IF_INDEX(vrrp->xmit_ifp);
 	req.ifi.ifi_change |= IFF_UP;
 	req.ifi.ifi_flags |= IFF_UP;
 
@@ -132,6 +135,32 @@ netlink_link_up(vrrp_rt *vrrp)
 	return status;
 }
 
+int
+netlink_link_down(vrrp_rt *vrrp)
+{
+	int status = 1;
+	struct {
+		struct nlmsghdr n;
+		struct ifinfomsg ifi;
+		char buf[256];
+	} req;
+
+	memset(&req, 0, sizeof (req));
+	
+	req.n.nlmsg_len = NLMSG_LENGTH(sizeof (struct ifinfomsg));
+	req.n.nlmsg_flags = NLM_F_REQUEST;
+	req.n.nlmsg_type = RTM_NEWLINK;
+	req.ifi.ifi_family = AF_UNSPEC;
+	req.ifi.ifi_index = IF_INDEX(vrrp->xmit_ifp);
+	req.ifi.ifi_change |= IFF_UP;
+	req.ifi.ifi_flags &= ~IFF_UP;
+
+	if (netlink_talk(&nl_cmd, &req.n) < 0)
+		status = -1;
+
+	return status;
+}
+
 int
 netlink_link_add_vmac(vrrp_rt *vrrp)
 {
@@ -156,9 +185,9 @@ netlink_link_add_vmac(vrrp_rt *vrrp)
 	 * by a previous instance.
 	 */
 	if (reload && (ifp = if_get_by_ifname(ifname))) {
-		vrrp->ifp = ifp;
+		vrrp->xmit_ifp = ifp;
 		/* Save ifindex for use on delete */
-		vrrp->vmac_ifindex = IF_INDEX(vrrp->ifp);
+		vrrp->vmac_ifindex = IF_INDEX(vrrp->xmit_ifp);
 		vrrp->vmac |= 2;
 		return 1;
 	}
@@ -187,8 +216,8 @@ netlink_link_add_vmac(vrrp_rt *vrrp)
 	ifp = if_get_by_ifname(ifname);
 	if (!ifp)
 		return -1;
-	vrrp->ifp = ifp;
-	vrrp->vmac_ifindex = IF_INDEX(vrrp->ifp); /* For use on delete */
+	vrrp->xmit_ifp = ifp;
+	vrrp->vmac_ifindex = IF_INDEX(vrrp->xmit_ifp); /* For use on delete */
 	vrrp->vmac |= 2;
 	netlink_link_setlladdr(vrrp);
 	vyatta_if_setup(ifname);