From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id D63C990942 for ; Tue, 2 Apr 2024 19:16:45 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 1DC12A812 for ; Tue, 2 Apr 2024 19:16:42 +0200 (CEST) Received: from lana.proxmox.com (unknown [94.136.29.99]) by firstgate.proxmox.com (Proxmox) with ESMTP for ; Tue, 2 Apr 2024 19:16:32 +0200 (CEST) Received: by lana.proxmox.com (Postfix, from userid 10043) id E05C92C3445; Tue, 2 Apr 2024 19:16:30 +0200 (CEST) From: Stefan Hanreich To: pve-devel@lists.proxmox.com Cc: Stefan Hanreich , Wolfgang Bumiller Date: Tue, 2 Apr 2024 19:15:59 +0200 Message-Id: <20240402171629.536804-8-s.hanreich@proxmox.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20240402171629.536804-1-s.hanreich@proxmox.com> References: <20240402171629.536804-1-s.hanreich@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL -0.325 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment KAM_LAZY_DOMAIN_SECURITY 1 Sending domain does not have any anti-forgery methods RDNS_NONE 0.793 Delivered to internal network by a host with no rDNS SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_NONE 0.001 SPF: sender does not publish an SPF Record Subject: [pve-devel] [PATCH proxmox-firewall 07/37] config: guest: add helpers for parsing guest network config X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Apr 2024 17:16:45 -0000 Currently this is parsing the config files via the filesystem. In the future we could also get this information from pmxcfs directly via IPC which should be more performant, particularly for a large number of VMs. Co-authored-by: Wolfgang Bumiller Signed-off-by: Stefan Hanreich --- proxmox-ve-config/Cargo.toml | 2 + proxmox-ve-config/src/firewall/parse.rs | 15 + proxmox-ve-config/src/guest/mod.rs | 100 ++++++ proxmox-ve-config/src/guest/types.rs | 32 ++ proxmox-ve-config/src/guest/vm.rs | 431 ++++++++++++++++++++++++ proxmox-ve-config/src/lib.rs | 1 + 6 files changed, 581 insertions(+) create mode 100644 proxmox-ve-config/src/guest/mod.rs create mode 100644 proxmox-ve-config/src/guest/types.rs create mode 100644 proxmox-ve-config/src/guest/vm.rs diff --git a/proxmox-ve-config/Cargo.toml b/proxmox-ve-config/Cargo.toml index 480eb58..b009d53 100644 --- a/proxmox-ve-config/Cargo.toml +++ b/proxmox-ve-config/Cargo.toml @@ -19,3 +19,5 @@ serde = { version = "1", features = [ "derive" ] } serde_json = "1" serde_plain = "1" serde_with = "2.3.3" + +proxmox-schema = "3.1.0" diff --git a/proxmox-ve-config/src/firewall/parse.rs b/proxmox-ve-config/src/firewall/parse.rs index 8e30006..669623b 100644 --- a/proxmox-ve-config/src/firewall/parse.rs +++ b/proxmox-ve-config/src/firewall/parse.rs @@ -44,6 +44,21 @@ pub fn match_non_whitespace(line: &str) -> Option<(&str, &str)> { Some((text, rest)) } } + +pub fn match_digits(line: &str) -> Option<(&str, &str)> { + let split_position = line.as_bytes().iter().position(|&b| !b.is_ascii_digit()); + + let (digits, rest) = match split_position { + Some(pos) => line.split_at(pos), + None => (line, ""), + }; + + if !digits.is_empty() { + return Some((digits, rest)); + } + + None +} pub fn parse_bool(value: &str) -> Result { Ok( if value == "0" diff --git a/proxmox-ve-config/src/guest/mod.rs b/proxmox-ve-config/src/guest/mod.rs new file mode 100644 index 0000000..b10318e --- /dev/null +++ b/proxmox-ve-config/src/guest/mod.rs @@ -0,0 +1,100 @@ +use core::ops::Deref; +use std::collections::HashMap; + +use anyhow::{format_err, Error}; +use serde::Deserialize; + +use crate::host::utils::hostname; +use types::Vmid; + +pub mod types; +pub mod vm; + +#[derive(Clone, Copy, Debug, Eq, PartialEq, Deserialize)] +pub enum GuestType { + #[serde(rename = "qemu")] + Vm, + #[serde(rename = "lxc")] + Ct, +} + +impl GuestType { + pub fn iface_prefix(self) -> &'static str { + match self { + GuestType::Vm => "tap", + GuestType::Ct => "veth", + } + } + + fn config_folder(&self) -> &'static str { + match self { + GuestType::Vm => "qemu-server", + GuestType::Ct => "lxc", + } + } +} + +#[derive(Deserialize)] +pub struct GuestEntry { + node: String, + + #[serde(rename = "type")] + ty: GuestType, + + #[serde(rename = "version")] + _version: usize, +} + +impl GuestEntry { + pub fn is_local(&self) -> bool { + hostname() == self.node + } + + pub fn ty(&self) -> &GuestType { + &self.ty + } +} + +const VMLIST_CONFIG_PATH: &str = "/etc/pve/.vmlist"; + +#[derive(Deserialize)] +pub struct GuestMap { + #[serde(rename = "version")] + _version: usize, + #[serde(rename = "ids", default)] + guests: HashMap, +} + +impl Deref for GuestMap { + type Target = HashMap; + + fn deref(&self) -> &Self::Target { + &self.guests + } +} + +impl GuestMap { + pub fn load() -> Result { + let data = std::fs::read(VMLIST_CONFIG_PATH) + .map_err(|err| format_err!("failed to read {VMLIST_CONFIG_PATH} {err}"))?; + + serde_json::from_slice(&data) + .map_err(|err| format_err!("failed to parse {VMLIST_CONFIG_PATH} {err}")) + } + + pub fn firewall_config_path(&self, vmid: &Vmid) -> String { + format!("/etc/pve/firewall/{}.fw", vmid) + } + + pub fn config_path_local(&self, vmid: &Vmid) -> Option { + if let Some(vm) = self.get(vmid) { + return Some(format!( + "/etc/pve/local/{}/{}.conf", + vm.ty.config_folder(), + vmid + )); + } + + None + } +} diff --git a/proxmox-ve-config/src/guest/types.rs b/proxmox-ve-config/src/guest/types.rs new file mode 100644 index 0000000..3e3e5ba --- /dev/null +++ b/proxmox-ve-config/src/guest/types.rs @@ -0,0 +1,32 @@ +use std::fmt; +use std::str::FromStr; + +use anyhow::{format_err, Error}; + +#[derive(Clone, Copy, Debug, Eq, PartialEq, Hash)] +pub struct Vmid(u32); + +impl Vmid { + pub fn new(id: u32) -> Self { + Vmid(id) + } +} + +impl fmt::Display for Vmid { + fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { + fmt::Display::fmt(&self.0, f) + } +} + +impl FromStr for Vmid { + type Err = Error; + + fn from_str(s: &str) -> Result { + Ok(Self( + s.parse() + .map_err(|_| format_err!("not a valid vmid: {s:?}"))?, + )) + } +} + +serde_plain::derive_deserialize_from_fromstr!(Vmid, "valid vmid"); diff --git a/proxmox-ve-config/src/guest/vm.rs b/proxmox-ve-config/src/guest/vm.rs new file mode 100644 index 0000000..18970f0 --- /dev/null +++ b/proxmox-ve-config/src/guest/vm.rs @@ -0,0 +1,431 @@ +use anyhow::{bail, Error}; +use core::fmt::Display; +use std::collections::HashMap; +use std::io; +use std::str::FromStr; + +use proxmox_schema::property_string::PropertyIterator; + +use crate::firewall::parse::{match_digits, parse_bool}; + +#[derive(Debug)] +#[cfg_attr(test, derive(Eq, PartialEq))] +pub struct MacAddress([u8; 6]); + +impl FromStr for MacAddress { + type Err = Error; + + fn from_str(s: &str) -> Result { + let split = s.split(':'); + + let parsed = split + .into_iter() + .map(|elem| u8::from_str_radix(elem, 16)) + .collect::, _>>() + .map_err(Error::msg)?; + + if parsed.len() != 6 { + bail!("Invalid amount of elements in MAC address!"); + } + + let address = &parsed.as_slice()[0..6]; + Ok(Self(address.try_into().unwrap())) + } +} + +impl Display for MacAddress { + fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { + write!( + f, + "{:<02X}:{:<02X}:{:<02X}:{:<02X}:{:<02X}:{:<02X}", + self.0[0], self.0[1], self.0[2], self.0[3], self.0[4], self.0[5] + ) + } +} + +#[derive(Debug, Clone, Copy)] +#[cfg_attr(test, derive(Eq, PartialEq))] +pub enum NetworkDeviceModel { + VirtIO, + Veth, + E1000, + Vmxnet3, + RTL8139, +} + +impl FromStr for NetworkDeviceModel { + type Err = Error; + + fn from_str(s: &str) -> Result { + match s { + "virtio" => Ok(NetworkDeviceModel::VirtIO), + "e1000" => Ok(NetworkDeviceModel::E1000), + "rtl8139" => Ok(NetworkDeviceModel::RTL8139), + "vmxnet3" => Ok(NetworkDeviceModel::Vmxnet3), + "veth" => Ok(NetworkDeviceModel::Veth), + _ => bail!("Invalid network device model: {s}"), + } + } +} + +#[derive(Debug)] +#[cfg_attr(test, derive(Eq, PartialEq))] +pub struct NetworkDevice { + model: NetworkDeviceModel, + mac_address: MacAddress, + firewall: bool, +} + +impl NetworkDevice { + pub fn model(&self) -> NetworkDeviceModel { + self.model + } + + pub fn mac_address(&self) -> &MacAddress { + &self.mac_address + } + + pub fn has_firewall(&self) -> bool { + self.firewall + } +} + +impl FromStr for NetworkDevice { + type Err = Error; + + fn from_str(s: &str) -> Result { + let (mut ty, mut hwaddr, mut firewall) = (None, None, true); + + for entry in PropertyIterator::new(s) { + let (key, value) = entry.unwrap(); + + if let Some(key) = key { + match key { + "type" | "model" => { + ty = Some(NetworkDeviceModel::from_str(&value)?); + } + "hwaddr" | "macaddr" => { + hwaddr = Some(MacAddress::from_str(&value)?); + } + "firewall" => { + firewall = parse_bool(&value)?; + } + _ => { + if let Ok(model) = NetworkDeviceModel::from_str(key) { + ty = Some(model); + hwaddr = Some(MacAddress::from_str(&value)?); + } + } + } + } + } + + if let (Some(ty), Some(hwaddr)) = (ty, hwaddr) { + return Ok(NetworkDevice { + model: ty, + mac_address: hwaddr, + firewall, + }); + } + + bail!("No valid network device detected in string {s}"); + } +} + +#[derive(Debug, Default)] +#[cfg_attr(test, derive(Eq, PartialEq))] +pub struct NetworkConfig { + network_devices: HashMap, +} + +impl NetworkConfig { + pub fn new() -> Self { + Self::default() + } + + pub fn index_from_net_key(key: &str) -> Result { + if let Some(digits) = key.strip_prefix("net") { + if let Some((digits, rest)) = match_digits(digits) { + let index: i64 = digits.parse()?; + + if (0..31).contains(&index) && rest.is_empty() { + return Ok(index); + } + } + } + + bail!("No index found in net key string: {key}") + } + + pub fn network_devices(&self) -> &HashMap { + &self.network_devices + } + + pub fn parse(input: R) -> Result { + let mut network_devices = HashMap::new(); + + for line in input.lines() { + let line = line?; + let line = line.trim(); + + if line.is_empty() || line.starts_with('#') { + continue; + } + + if line.starts_with('[') { + break; + } + + if line.starts_with("net") { + if let Some((mut key, mut value)) = line.split_once(':') { + if key.is_empty() || value.is_empty() { + continue; + } + + key = key.trim(); + value = value.trim(); + + if let Ok(index) = Self::index_from_net_key(key) { + let network_device = NetworkDevice::from_str(value)?; + + let exists = network_devices.insert(index, network_device); + + if exists.is_some() { + bail!("Duplicated config key detected: {key}"); + } + } else { + bail!("Encountered invalid net key in cfg: {key}"); + } + } + } + } + + Ok(Self { network_devices }) + } +} + +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn test_parse_mac_address() { + for input in [ + "aa:aa:aa:11:22:33", + "AA:BB:FF:11:22:33", + "bc:24:11:AA:bb:Ef", + ] { + let mac_address = input.parse::().expect("valid mac address"); + + assert_eq!(input.to_uppercase(), mac_address.to_string()); + } + + for input in [ + "aa:aa:aa:11:22:33:aa", + "AA:BB:FF:11:22", + "AA:BB:GG:11:22:33", + "AABBGG112233", + "", + ] { + input + .parse::() + .expect_err("invalid mac address"); + } + } + + #[test] + fn test_parse_network_device() { + let mut network_device: NetworkDevice = + "virtio=AA:AA:AA:17:19:81,bridge=public,firewall=1,queues=4" + .parse() + .expect("valid network configuration"); + + assert_eq!( + network_device, + NetworkDevice { + model: NetworkDeviceModel::VirtIO, + mac_address: MacAddress([0xAA, 0xAA, 0xAA, 0x17, 0x19, 0x81]), + firewall: true, + } + ); + + network_device = "model=virtio,macaddr=AA:AA:AA:17:19:81,bridge=public,firewall=1,queues=4" + .parse() + .expect("valid network configuration"); + + assert_eq!( + network_device, + NetworkDevice { + model: NetworkDeviceModel::VirtIO, + mac_address: MacAddress([0xAA, 0xAA, 0xAA, 0x17, 0x19, 0x81]), + firewall: true, + } + ); + + network_device = + "name=eth0,bridge=public,firewall=0,hwaddr=AA:AA:AA:E2:3E:24,ip=dhcp,type=veth" + .parse() + .expect("valid network configuration"); + + assert_eq!( + network_device, + NetworkDevice { + model: NetworkDeviceModel::Veth, + mac_address: MacAddress([0xAA, 0xAA, 0xAA, 0xE2, 0x3E, 0x24]), + firewall: false, + } + ); + + "model=virtio" + .parse::() + .expect_err("invalid network configuration"); + + "bridge=public,firewall=0" + .parse::() + .expect_err("invalid network configuration"); + + "".parse::() + .expect_err("invalid network configuration"); + + "name=eth0,bridge=public,firewall=0,hwaddr=AA:AA:AG:E2:3E:24,ip=dhcp,type=veth" + .parse::() + .expect_err("invalid network configuration"); + } + + #[test] + fn test_parse_network_confg() { + let mut guest_config = "\ +boot: order=scsi0;net0 +cores: 4 +cpu: host +memory: 8192 +meta: creation-qemu=8.0.2,ctime=1700141675 +name: hoan-sdn +net0: virtio=AA:BB:CC:F2:FE:75,bridge=public +numa: 0 +ostype: l26 +parent: uwu +scsi0: local-lvm:vm-999-disk-0,discard=on,iothread=1,size=32G +scsihw: virtio-scsi-single +smbios1: uuid=addb0cc6-0393-4269-a504-1eb46604cb8a +sockets: 1 +vmgenid: 13bcbb05-3608-4d74-bf4f-d5d20c3538e8 + +[snapshot] +boot: order=scsi0;ide2;net0 +cores: 4 +cpu: x86-64-v2-AES +ide2: NFS-iso:iso/proxmox-ve_8.0-2.iso,media=cdrom,size=1166488K +memory: 8192 +meta: creation-qemu=8.0.2,ctime=1700141675 +name: test +net2: virtio=AA:AA:AA:F2:FE:75,bridge=public,firewall=1 +numa: 0 +ostype: l26 +parent: pre-SDN +scsi0: local-lvm:vm-999-disk-0,discard=on,iothread=1,size=32G +scsihw: virtio-scsi-single +smbios1: uuid=addb0cc6-0393-4269-a504-1eb46604cb8a +snaptime: 1700143513 +sockets: 1 +vmgenid: 706fbe99-d28b-4047-a9cd-3677c859ca8a + +[snapshott] +boot: order=scsi0;ide2;net0 +cores: 4 +cpu: host +ide2: NFS-iso:iso/proxmox-ve_8.0-2.iso,media=cdrom,size=1166488K +memory: 8192 +meta: creation-qemu=8.0.2,ctime=1700141675 +name: hoan-sdn +net0: virtio=AA:AA:FF:F2:FE:75,bridge=public,firewall=0 +numa: 0 +ostype: l26 +parent: SDN +scsi0: local-lvm:vm-999-disk-0,discard=on,iothread=1,size=32G +scsihw: virtio-scsi-single +smbios1: uuid=addb0cc6-0393-4269-a504-1eb46604cb8a +snaptime: 1700158473 +sockets: 1 +vmgenid: 706fbe99-d28b-4047-a9cd-3677c859ca8a" + .as_bytes(); + + let mut network_config: NetworkConfig = + NetworkConfig::parse(guest_config).expect("valid network configuration"); + + assert_eq!(network_config.network_devices().len(), 1); + + assert_eq!( + network_config.network_devices()[&0], + NetworkDevice { + model: NetworkDeviceModel::VirtIO, + mac_address: MacAddress([0xAA, 0xBB, 0xCC, 0xF2, 0xFE, 0x75]), + firewall: true, + } + ); + + guest_config = "\ +arch: amd64 +cores: 1 +features: nesting=1 +hostname: dnsct +memory: 512 +net0: name=eth0,bridge=data,firewall=1,hwaddr=BC:24:11:47:83:11,ip=dhcp,type=veth +net2: name=eth0,bridge=data,firewall=0,hwaddr=BC:24:11:47:83:12,ip=dhcp,type=veth +net5: name=eth0,bridge=data,firewall=1,hwaddr=BC:24:11:47:83:13,ip=dhcp,type=veth +ostype: alpine +rootfs: local-lvm:vm-10001-disk-0,size=1G +swap: 512 +unprivileged: 1" + .as_bytes(); + + network_config = NetworkConfig::parse(guest_config).expect("valid network configuration"); + + assert_eq!(network_config.network_devices().len(), 3); + + assert_eq!( + network_config.network_devices()[&0], + NetworkDevice { + model: NetworkDeviceModel::Veth, + mac_address: MacAddress([0xBC, 0x24, 0x11, 0x47, 0x83, 0x11]), + firewall: true, + } + ); + + assert_eq!( + network_config.network_devices()[&2], + NetworkDevice { + model: NetworkDeviceModel::Veth, + mac_address: MacAddress([0xBC, 0x24, 0x11, 0x47, 0x83, 0x12]), + firewall: false, + } + ); + + assert_eq!( + network_config.network_devices()[&5], + NetworkDevice { + model: NetworkDeviceModel::Veth, + mac_address: MacAddress([0xBC, 0x24, 0x11, 0x47, 0x83, 0x13]), + firewall: true, + } + ); + + NetworkConfig::parse( + "netqwe: name=eth0,bridge=data,firewall=1,hwaddr=BC:24:11:47:83:11,ip=dhcp,type=veth" + .as_bytes(), + ) + .expect_err("invalid net key"); + + NetworkConfig::parse( + "net0 name=eth0,bridge=data,firewall=1,hwaddr=BC:24:11:47:83:11,ip=dhcp,type=veth" + .as_bytes(), + ) + .expect_err("invalid net key"); + + NetworkConfig::parse( + "net33: name=eth0,bridge=data,firewall=1,hwaddr=BC:24:11:47:83:11,ip=dhcp,type=veth" + .as_bytes(), + ) + .expect_err("invalid net key"); + } +} diff --git a/proxmox-ve-config/src/lib.rs b/proxmox-ve-config/src/lib.rs index 2bf9352..856b14f 100644 --- a/proxmox-ve-config/src/lib.rs +++ b/proxmox-ve-config/src/lib.rs @@ -1,2 +1,3 @@ pub mod firewall; +pub mod guest; pub mod host; -- 2.39.2