Adds basic support for IPv6 (#255)

* Adds basic support for IPv6 - Adds IPv6 support to the OPTE API and main engine types. This includes fleshing out some missing edges for IPv6 addresses and CIDRs, and adding support for specifying IPv6 addresses in router entries, etc. The main type expanded here is the `VpcCfg`, which now supports an `IpCfg` that specifies all L3 information. That supports exactly one IPv4 or IPv6, or one of each, for private addresses. An optional SNAT and external address for each are also supported. - Updates the `opte-ioctl` and `opteadm` crates to support IPv6, and to use a `VpcCfg` as the argument, rather than a bunch of disparate arguments. Fleshes out handling for IPv6 in router entries, port info and printing, and layer / rule printing. - Adds a few niceties to the D scripts for pretty-printing IPv6 - Renames a lot of IPv4 specific types, such as `Dhcp4Reply` to `DhcpReply`. Types without a prefix will be assumed to refer to IPv4, and IPv6 will always have a version number. - Adds an `icmpv6` layer to `opte` and the `oxide-vpc`, and inserts it in the configuration created by the `xde` driver. This supports ICMPv6 echo requests from the guest to the gateway only. An integration test verifying the hairpinned echo reply is also here. - Updates the API version check script to compare all commits relative to the `master` branch, rather than the last. * Review feedback - Better router error message - Better error messages when parsing IpAddr / IpCidr - Better comments throughout, some better type names - DCE - Fix ARP handling to unconditionally drop outbound requests for anything other than the gateway, and all inbound requests. * Review feedback 2 - Renamed `public_ip` -> `external_ip` fields on NAT-related types. This is important because the "outside" IP address for NAT need not actually be an address that's routable on the public Internet. It can be any address in any network on the other side of the NAT node. - Fix location of Copy derive
oxidecomputer · Sep 19, 2022 · 0023d5a · 0023d5a
1 parent a24dbb9
commit 0023d5a
Show file tree

Hide file tree

Showing 43 changed files with 2,143 additions and 951 deletions.
diff --git a/dtrace/common.h b/dtrace/common.h
@@ -27,13 +27,13 @@
 	*this->src_ip6 = fvar->src_ip6;				\
 	*this->dst_ip6 = fvar->dst_ip6;				\
 	svar = protos[fvar->proto];				\
-	svar = strjoin(svar, ",");				\
+	svar = strjoin(svar, ",[");				\
 	svar = strjoin(svar, inet_ntoa6(this->src_ip6));	\
-	svar = strjoin(svar, ":");				\
+	svar = strjoin(svar, "]:");				\
 	svar = strjoin(svar, lltostr(ntohs(fvar->src_port)));	\
-	svar = strjoin(svar, ",");				\
+	svar = strjoin(svar, ",[");				\
 	svar = strjoin(svar, inet_ntoa6(this->dst_ip6));	\
-	svar = strjoin(svar, ":");				\
+	svar = strjoin(svar, "]:");				\
 	svar = strjoin(svar, lltostr(ntohs(fvar->dst_port)));
 
 #define ETH_FMT(svar, evar)					\

diff --git a/dtrace/opte-flow-expire.d b/dtrace/opte-flow-expire.d
@@ -6,18 +6,11 @@
  * dtrace -L ./lib -I . -Cqs ./opte-flow-expire.d
  */
 #include "common.h"
+#include "protos.d"
 
 #define	HDR_FMT "%-24s %-18s %s\n"
 
 BEGIN {
-	/*
-	 * Use an associative array to stringify the protocol number.
-	 */
-	protos[1]= "ICMP";
-	protos[2] = "IGMP";
-	protos[6] = "TCP";
-	protos[17] = "UDP";
-
 	printf(HDR_FMT, "PORT", "FT NAME", "FLOW");
 	num = 0;
 }

diff --git a/dtrace/opte-gen-desc-fail.d b/dtrace/opte-gen-desc-fail.d
@@ -4,18 +4,11 @@
  * dtrace -L ./lib -I . -Cqs ./opte-gen-desc-fail.d
  */
 #include "common.h"
+#include "protos.d"
 
 #define HDR_FMT	"%-12s %-12s %-4s %-48s %s\n"
 
 BEGIN {
-	/*
-	 * Use an associative array to stringify the protocol number.
-	 */
-	protos[1] = "ICMP";
-	protos[2] = "IGMP";
-	protos[6] = "TCP";
-	protos[17] = "UDP";
-
 	printf(HDR_FMT, "PORT", "LAYER", "DIR", "FLOW", "MSG");
 	num = 0;
 }

diff --git a/dtrace/opte-gen-ht-fail.d b/dtrace/opte-gen-ht-fail.d
@@ -4,17 +4,11 @@
  * dtrace -L ./lib -I . -Cqs ./opte-gen-desc-fail.d
  */
 #include "common.h"
+#include "protos.d"
 
 #define HDR_FMT	"%-12s %-12s %-4s %-48s %s\n"
 
 BEGIN {
-	/*
-	 * Use an associative array to stringify the protocol number.
-	 */
-	protos[1] = "ICMP";
-	protos[2] = "IGMP";
-	protos[6] = "TCP";
-	protos[17] = "UDP";
 
 	printf(HDR_FMT, "PORT", "LAYER", "DIR", "FLOW", "MSG");
 	num = 0;

diff --git a/dtrace/opte-guest-loopback.d b/dtrace/opte-guest-loopback.d
@@ -4,19 +4,11 @@
  * dtrace -L ./lib -I . -Cqs ./opte-guest-loopback.d
  */
 #include "common.h"
+#include "protos.d"
 
 #define	HDR_FMT		"%-43s %-12s %-12s\n"
 
 BEGIN {
-	/*
-	 * Use an associative array to stringify the protocol number.
-	 */
-	protos[1] = "ICMP";
-	protos[2] = "IGMP";
-	protos[6] = "TCP";
-	protos[17] = "UDP";
-	protos[255] = "XXX";
-
 	printf(HDR_FMT, "FLOW", "SRC PORT", "DST PORT");
 	num = 0;
 }

diff --git a/dtrace/opte-ht.d b/dtrace/opte-ht.d
@@ -1,21 +1,14 @@
 /*
- * Track Header Transpositions as they happen.
+ * Track Header Transformations as they happen.
  *
  * dtrace -L ./lib -I . -Cqs ./opte-ht.d
  */
 #include "common.h"
+#include "protos.d"
 
 #define	HDR_FMT "%-3s %-12s %-12s %-40s %-40s\n"
 
 BEGIN {
-	/*
-	 * Use an associative array to stringify the protocol number.
-	 */
-	protos[1]= "ICMP";
-	protos[2] = "IGMP";
-	protos[6] = "TCP";
-	protos[17] = "UDP";
-
 	printf(HDR_FMT, "DIR", "PORT", "LOCATION", "BEFORE", "AFTER");
 	num = 0;
 }

diff --git a/dtrace/opte-layer-process.d b/dtrace/opte-layer-process.d
@@ -7,19 +7,11 @@
  * dtrace -L ./lib -I . -Cqs ./opte-layer-process.d
  */
 #include "common.h"
+#include "protos.d"
 
 #define	HDR_FMT		"%-16s %-16s %-3s %-48s %s\n"
 
 BEGIN {
-	/*
-	 * Use an associative array to stringify the protocol number.
-	 */
-	protos[1] = "ICMP";
-	protos[2] = "IGMP";
-	protos[6] = "TCP";
-	protos[17] = "UDP";
-	protos[255] = "XXX";
-
 	printf(HDR_FMT, "PORT", "LAYER", "DIR", "FLOW", "RES");
 	num = 0;
 }

diff --git a/dtrace/opte-port-process.d b/dtrace/opte-port-process.d
@@ -4,6 +4,7 @@
  * dtrace -L ./lib -I . -Cqs ./opte-port-process.d
  */
 #include "common.h"
+#include "protos.d"
 
 #define	HDR_FMT		"%-12s %-3s %-8s %-43s %-5s %s\n"
 #define	LINE_FMT	"%-12s %-3s %-8u %-43s %-5u %s\n"
@@ -12,11 +13,6 @@ BEGIN {
 	/*
 	 * Use an associative array to stringify the protocol number.
 	 */
-	protos[1] = "ICMP";
-	protos[2] = "IGMP";
-	protos[6] = "TCP";
-	protos[17] = "UDP";
-	protos[255] = "XXX";
 
 	printf(HDR_FMT, "NAME", "DIR", "EPOCH", "FLOW", "LEN", "RESULT");
 	num = 0;

diff --git a/dtrace/opte-rule-match.d b/dtrace/opte-rule-match.d
@@ -4,19 +4,11 @@
  * dtrace -L ./lib -I . -Cqs ./opte-rule-match.d
  */
 #include "common.h"
+#include "protos.d"
 
 #define	HDR_FMT		"%-8s %-12s %-6s %-3s %-43s %s\n"
 
 BEGIN {
-	/*
-	 * Use an associative array to stringify the protocol number.
-	 */
-	protos[1] = "ICMP";
-	protos[2] = "IGMP";
-	protos[6] = "TCP";
-	protos[17] = "UDP";
-	protos[255] = "XXX";
-
 	printf(HDR_FMT, "PORT", "LAYER", "MATCH", "DIR", "FLOW", "ACTION");
 	num = 0;
 }

diff --git a/dtrace/opte-tcp-flow-state.d b/dtrace/opte-tcp-flow-state.d
@@ -4,17 +4,11 @@
  * dtrace -L ./lib -I . -Cqs ./opte-tcp-flow-state.d
  */
 #include "common.h"
+#include "protos.d"
 
 #define	FMT	"%-16s %-12s %-12s %s\n"
 
 BEGIN {
-	/*
-	 * Use an associative array to stringify the protocol number.
-	 * It's always going to be TCP but we need this declared so
-	 * the FLOW_FMT macros work.
-	 */
-	protos[6] = "TCP";
-
 	/*
 	 * Use an associative array to stringify the TCP state
 	 * values.

diff --git a/dtrace/opte-uft-invaildate.d b/dtrace/opte-uft-invaildate.d
@@ -8,20 +8,12 @@
  * dtrace -L ./lib -I . -Cqs ./opte-uft-invalidate.d
  */
 #include "common.h"
+#include "protos.d"
 
 #define	HDR_FMT		"%-8s %-3s %-43s %s\n"
 #define	LINE_FMT	"%-8s %-3s %-43s %u\n"
 
 BEGIN {
-	/*
-	 * Use an associative array to stringify the protocol number.
-	 */
-	protos[1] = "ICMP";
-	protos[2] = "IGMP";
-	protos[6] = "TCP";
-	protos[17] = "UDP";
-	protos[255] = "XXX";
-
 	printf(HDR_FMT, "PORT", "DIR", "FLOW", "EPOCH");
 	num = 0;
 }

diff --git a/dtrace/protos.d b/dtrace/protos.d
@@ -0,0 +1,11 @@
+/*
+ * Definitions of the IP protocol numbers as an associative array.
+ */
+BEGIN {
+	protos[1] = "ICMP";
+	protos[2] = "IGMP";
+	protos[6] = "TCP";
+	protos[17] = "UDP";
+	protos[58] = "ICMPv6";
+	protos[255] = "XXX";
+}
diff --git a/opte-api/check-api-version.sh b/opte-api/check-api-version.sh
@@ -1,8 +1,8 @@
 #!/bin/bash
 #
-# If there is a change to an opte-api source file in the last commit,
-# then verify that the API_VERSION value has increased.
-if git log -1 -p master..HEAD | grep '^diff.*opte-api/src'
+# If there is a change to an opte-api source file relative to the `master`
+# branch, # then verify that the API_VERSION value has increased.
+if git diff master..HEAD | grep '^diff.*opte-api/src'
 then
-	git log -p -1 master..HEAD | awk -f check-api-version.awk
+	git diff master..HEAD | awk -f check-api-version.awk
 fi
diff --git a/opte-api/src/cmd.rs b/opte-api/src/cmd.rs
@@ -5,6 +5,7 @@
 // Copyright 2022 Oxide Computer Company
 
 use super::encap::Vni;
+use super::ip::IpCidr;
 use super::mac::MacAddr;
 use super::API_VERSION;
 use illumos_sys_hdrs::{c_int, size_t};
@@ -24,21 +25,21 @@ pub const XDE_DLD_OPTE_CMD: i32 = XDE_DLD_PREFIX | 7777;
 #[derive(Clone, Copy, Debug)]
 #[repr(C)]
 pub enum OpteCmd {
-    ListPorts = 1,           // list all ports
-    AddFwRule = 20,          // add firewall rule
-    RemFwRule = 21,          // remove firewall rule
-    SetFwRules = 22,         // set/replace all firewall rules at once
-    DumpTcpFlows = 30,       // dump TCP flows
-    DumpLayer = 31,          // dump the specified Layer
-    DumpUft = 32,            // dump the Unified Flow Table
-    ListLayers = 33,         // list the layers on a given port
-    ClearUft = 40,           // clear the UFT
-    SetVirt2Phys = 50,       // set a v2p mapping
-    DumpVirt2Phys = 51,      // dump the v2p mappings
-    AddRouterEntryIpv4 = 60, // add a router entry for IPv4 dest
-    CreateXde = 70,          // create a new xde device
-    DeleteXde = 71,          // delete an xde device
-    SetXdeUnderlay = 72,     // set xde underlay devices
+    ListPorts = 1,       // list all ports
+    AddFwRule = 20,      // add firewall rule
+    RemFwRule = 21,      // remove firewall rule
+    SetFwRules = 22,     // set/replace all firewall rules at once
+    DumpTcpFlows = 30,   // dump TCP flows
+    DumpLayer = 31,      // dump the specified Layer
+    DumpUft = 32,        // dump the Unified Flow Table
+    ListLayers = 33,     // list the layers on a given port
+    ClearUft = 40,       // clear the UFT
+    SetVirt2Phys = 50,   // set a v2p mapping
+    DumpVirt2Phys = 51,  // dump the v2p mappings
+    AddRouterEntry = 60, // add a router entry for IP dest
+    CreateXde = 70,      // create a new xde device
+    DeleteXde = 71,      // delete an xde device
+    SetXdeUnderlay = 72, // set xde underlay devices
 }
 
 impl TryFrom<c_int> for OpteCmd {
@@ -57,7 +58,7 @@ impl TryFrom<c_int> for OpteCmd {
             40 => Ok(Self::ClearUft),
             50 => Ok(Self::SetVirt2Phys),
             51 => Ok(Self::DumpVirt2Phys),
-            60 => Ok(Self::AddRouterEntryIpv4),
+            60 => Ok(Self::AddRouterEntry),
             70 => Ok(Self::CreateXde),
             71 => Ok(Self::DeleteXde),
             72 => Ok(Self::SetXdeUnderlay),
@@ -146,7 +147,7 @@ pub enum OpteError {
     DeserCmdErr(String),
     DeserCmdReq(String),
     FlowExists(String),
-    InvalidRouteDest(String),
+    InvalidRouterEntry { dest: IpCidr, target: String },
     LayerNotFound(String),
     MacExists { port: String, vni: Vni, mac: MacAddr },
     MaxCapacity(u64),
@@ -181,7 +182,7 @@ impl OpteError {
             Self::DeserCmdErr(_) => ENOMSG,
             Self::DeserCmdReq(_) => ENOMSG,
             Self::FlowExists(_) => EEXIST,
-            Self::InvalidRouteDest(_) => EINVAL,
+            Self::InvalidRouterEntry { .. } => EINVAL,
             Self::LayerNotFound(_) => ENOENT,
             Self::MacExists { .. } => EEXIST,
             Self::MaxCapacity(_) => ENFILE,