OS-6817 Would like route -z

Reviewed by: Dan McDonald <danmcd@joyent.com> Reviewed by: Cody Peter Mello <cody.mello@joyent.com> Approved by: Cody Peter Mello <cody.mello@joyent.com>
author: Jason King <jason.king@joyent.com> 2018-03-21 18:53:59 -0500
committer: Jason King <jason.king@joyent.com> 2018-04-20 16:35:41 -0500
commit: 73dd2365dcd084d8ce1e3c7e1051570c1724de3f (patch)
tree: 3982e2f554a0e2c8e01792d473e4c0fa8f3b9ee7
parent: b760b016c3ad8dc22270becb1dbc932c1cf0a595 (diff)
download: illumos-joyent-73dd2365dcd084d8ce1e3c7e1051570c1724de3f.tar.gz
3 files changed, 110 insertions, 12 deletions
diff --git a/usr/src/cmd/cmd-inet/usr.sbin/Makefile b/usr/src/cmd/cmd-inet/usr.sbin/Makefile
index 7a72f274b8..5b2d0b1af2 100644
--- a/usr/src/cmd/cmd-inet/usr.sbin/Makefile
+++ b/usr/src/cmd/cmd-inet/usr.sbin/Makefile
@@ -22,6 +22,7 @@
 #
 # Copyright (c) 1990, 2010, Oracle and/or its affiliates. All rights reserved.
 # Copyright 2014 Garrett D'Amore <garrett@damore.org>
+# Copyright 2018, Joyent, Inc.
 #
 
 SYNCPROG=	syncinit syncloop syncstat
@@ -161,6 +162,7 @@ if_mpadm.po		:=	XGETFLAGS += -a
 route			:=	CPPFLAGS += -DNDEBUG
 ndd			:=	LDLIBS += -ldladm -lipadm
 in.comsat		:=	LDFLAGS += $(MAPFILE.NGB:%=-M%)
+route			:=	LDLIBS += -lzonecfg -lcontract
 
 .KEEP_STATE:
 
@@ -263,7 +265,7 @@ lint: $(LINTSUBDIRS)
 		in.telnetd.c $(LDLIBS) -lbsm -lpam -lsocket -lnsl
 	$(LINT.c) if_mpadm.c $(LDLIBS) -lsocket -lnsl -lipmp -linetutil
 	$(LINT.c) ipaddrsel.c $(LDLIBS) -lsocket -lnsl
-	$(LINT.c) route.c $(LDLIBS) -lsocket -lnsl -ltsnet
+	$(LINT.c) route.c $(LDLIBS) -lsocket -lnsl -ltsnet -lcontract -lzonecfg
 	$(LINT.c) syncinit.c $(LDLIBS) -ldlpi
 	$(LINT.c) syncloop.c $(LDLIBS) -ldlpi
 	$(LINT.c) syncstat.c $(LDLIBS) -ldlpi
diff --git a/usr/src/cmd/cmd-inet/usr.sbin/route.c b/usr/src/cmd/cmd-inet/usr.sbin/route.c
index a2fd0d2d17..29ccf97bb1 100644
--- a/usr/src/cmd/cmd-inet/usr.sbin/route.c
+++ b/usr/src/cmd/cmd-inet/usr.sbin/route.c
@@ -6,6 +6,7 @@
 /* All Rights Reserved	*/
 
 /* Copyright (c) 1990  Mentat Inc. */
+/* Copyright 2018, Joyent, Inc. */
 
 /*
  *
@@ -79,6 +80,13 @@
 #include <assert.h>
 #include <strings.h>
 
+#include <libcontract.h>
+#include <sys/ctfs.h>
+#include <sys/contract/process.h>
+#include <sys/wait.h>
+#include <libzonecfg.h>
+#include <zone.h>
+
 #include <libtsnet.h>
 #include <tsol/label.h>
 
@@ -292,6 +300,7 @@ static void		syntax_error(char *err, ...);
 static void		usage(char *cp);
 static void		write_to_rtfile(FILE *fp, int argc, char **argv);
 static void		pmsg_secattr(const char *, size_t, const char *);
+static void		do_zone(char *);
 
 static pid_t		pid;
 static int		s;
@@ -308,6 +317,7 @@ static char		perm_file_sfx[] = "/etc/inet/static_routes";
 static char		*perm_file;
 static char		temp_file_sfx[] = "/etc/inet/static_routes.tmp";
 static char		*temp_file;
+static char		*zonename;
 static struct in6_addr	in6_host_mask = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
 /*
@@ -354,7 +364,7 @@ usage(char *cp)
 		    cp);
 	}
 	(void) fprintf(stderr, gettext("usage: route [ -fnpqv ] "
-	    "[ -R <root-dir> ] cmd [[ -<qualifers> ] args ]\n"));
+	    "[-z <zone> ] [ -R <root-dir> ] cmd [[ -<qualifers> ] args ]\n"));
 	exit(1);
 	/* NOTREACHED */
 }
@@ -418,7 +428,7 @@ main(int argc, char **argv)
 	if (argc < 2)
 		usage(NULL);
 
-	while ((ch = getopt(argc, argv, "R:nqdtvfp")) != EOF) {
+	while ((ch = getopt(argc, argv, "R:nqdtvfpz:")) != EOF) {
 		switch (ch) {
 		case 'n':
 			nflag = B_TRUE;
@@ -444,6 +454,9 @@ main(int argc, char **argv)
 		case 'R':
 			root_dir = optarg;
 			break;
+		case 'z':
+			zonename = optarg;
+			break;
 		case '?':
 		default:
 			usage(NULL);
@@ -453,6 +466,8 @@ main(int argc, char **argv)
 	argc -= optind;
 	argv += optind;
 
+	do_zone(zonename);
+
 	pid = getpid();
 	if (tflag)
 		s = open("/dev/null", O_WRONLY);
@@ -3252,3 +3267,74 @@ pmsg_secattr(const char *sptr, size_t msglen, const char *labelstr)
 		    sizeof (buf)));
 	}
 }
+
+static void
+do_zone(char *name)
+{
+	zoneid_t zoneid;
+	zone_state_t st;
+	int fd, status, rc = 0;
+	pid_t pid;
+
+	if (name == NULL)
+		return;
+
+	if (getzoneid() != GLOBAL_ZONEID) {
+		(void) fprintf(stderr,
+		    "route: -z can only be specified from the global zone\n");
+		exit(EXIT_FAILURE);
+	}
+
+	if (strcmp(name, GLOBAL_ZONENAME) == 0)
+		return;
+
+	if (zone_get_state(name, &st) != Z_OK)
+		quit("unable to get zone state", errno);
+
+	if (st != ZONE_STATE_RUNNING) {
+		(void) fprintf(stderr, "route: zone must be running\n");
+		exit(EXIT_FAILURE);
+	}
+
+	if ((zoneid = getzoneidbyname(name)) == -1)
+		quit("cannot determine zone id", errno);
+
+	if ((fd = open64(CTFS_ROOT "/process/template", O_RDWR)) == -1)
+		quit("cannot open ctfs template", errno);
+
+	/*
+	 * zone_enter() does not allow contracts to straddle zones, so we must
+	 * create a new, though largely unused contract.  Once we fork, the
+	 * child is the only member of the new contract, so it can perform a
+	 * zone_enter().
+	 */
+	rc |= ct_tmpl_set_critical(fd, 0);
+	rc |= ct_tmpl_set_informative(fd, 0);
+	rc |= ct_pr_tmpl_set_fatal(fd, CT_PR_EV_HWERR);
+	rc |= ct_pr_tmpl_set_param(fd, CT_PR_PGRPONLY | CT_PR_REGENT);
+	if (rc || ct_tmpl_activate(fd)) {
+		(void) close(fd);
+		quit("could not create contract", errno);
+	}
+
+	switch (pid = fork1()) {
+	case 0:
+		(void) ct_tmpl_clear(fd);
+		(void) close(fd);
+		if (zone_enter(zoneid) == -1)
+			quit("could not enter zone", errno);
+		return;
+
+	case -1:
+		quit("fork1 failed", errno);
+
+	default:
+		(void) ct_tmpl_clear(fd);
+		(void) close(fd);
+		if (waitpid(pid, &status, 0) < 0)
+			quit("waitpid failed", errno);
+
+		exit(WEXITSTATUS(status));
+	}
+
+}
diff --git a/usr/src/man/man1m/route.1m b/usr/src/man/man1m/route.1m
index 3cafaee41a..2ba5c932e6 100644
--- a/usr/src/man/man1m/route.1m
+++ b/usr/src/man/man1m/route.1m
@@ -3,40 +3,40 @@
 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
 .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
 .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
-.TH ROUTE 1M "May 13, 2017"
+.TH ROUTE 1M "Mar 26, 2018"
 .SH NAME
 route \- manually manipulate the routing tables
 .SH SYNOPSIS
 .LP
 .nf
-\fBroute\fR [\fB-fnvq\fR] \fIsub-command\fR [ [\fImodifiers\fR] \fIargs\fR]
+\fBroute\fR [\fB-fnvq\fR] [\fB-z\fR \fIzone\fR] \fIsub-command\fR [ [\fImodifiers\fR] \fIargs\fR]
 .fi
 
 .LP
 .nf
-\fBroute\fR [\fB-fnvq\fR] [\fB-p\fR [\fB-R\fR \fIroot-dir\fR]] add | delete [\fImodifiers\fR] \fIdestination\fR \fIgateway\fR
+\fBroute\fR [\fB-fnvq\fR] [\fB-z\fR \fIzone\fR] [\fB-p\fR [\fB-R\fR \fIroot-dir\fR]] add | delete [\fImodifiers\fR] \fIdestination\fR \fIgateway\fR
      [\fIargs\fR]
 .fi
 
 .LP
 .nf
-\fBroute\fR [\fB-fnvq\fR] change | get [\fImodifiers\fR] \fIdestination\fR
+\fBroute\fR [\fB-fnvq\fR] [\fB-z\fR \fIzone\fR] change | get [\fImodifiers\fR] \fIdestination\fR
      [\fIgateway\fR [\fIargs\fR]]
 .fi
 
 .LP
 .nf
-\fBroute\fR [\fB-fn\fR] monitor [\fImodifiers\fR]
+\fBroute\fR [\fB-fn\fR] [\fB-z\fR \fIzone\fR] monitor [\fImodifiers\fR]
 .fi
 
 .LP
 .nf
-\fBroute\fR [\fB-fnvq\fR] flush [\fImodifiers\fR]
+\fBroute\fR [\fB-fnvq\fR] [\fB-z\fR \fIzone\fR] flush [\fImodifiers\fR]
 .fi
 
 .LP
 .nf
-\fBroute\fR \fB-p\fR [\fB-R\fR \fIroot-dir\fR] show
+\fBroute\fR \fB-p\fR [\fB-R\fR \fIroot-dir\fR] [\fB-z\fR \fIzone\fR] show
 .fi
 
 .SH DESCRIPTION
@@ -126,6 +126,16 @@ addition, certain checks, such as the existence of network interfaces used with
 Print additional details in verbose mode.
 .RE
 
+.sp
+.ne 2
+.na
+\fB\fB-z\fR \fIzone\fR\fR
+.ad
+.RS 15n
+Apply commands to the zone \fIzone\fR.  The zone must be running and must not
+be a shared-\fBIP\fR zone.
+.RE
+
 .SS "Subcommands"
 .LP
 The following subcommands are supported:
@@ -652,7 +662,7 @@ List of network names and addresses
 \fBuname\fR(1), \fBin.ripngd\fR(1M), \fBin.routed\fR(1M), \fBnetstat\fR(1M),
 \fBrouted\fR(1M), \fBioctl\fR(2), \fBgetipnodebyname\fR(3SOCKET),
 \fBgetnetbyname\fR(3SOCKET), \fBinet_addr\fR(3SOCKET), \fBdefaultrouter\fR(4),
-\fBhosts\fR(4), \fBnetworks\fR(4), \fBattributes\fR(5), \fBARP\fR(7P),
+\fBhosts\fR(4), \fBnetworks\fR(4), \fBattributes\fR(5), \fBzones\fR(5), \fBARP\fR(7P),
 \fBip\fR(7P), \fBroute\fR(7P), \fBrouting\fR(7P)
 .SH DIAGNOSTICS
 .ne 2
@@ -752,7 +762,7 @@ process does not have appropriate privileges.
 
 .SH NOTES
 .LP
-Specifying that destinations are local (with the \fB-interface\fRmodifier)
+Specifying that destinations are local (with the \fB-interface\fR modifier)
 assumes that the routers implement \fBproxy ARP\fR, meaning that they respond
 to ARP queries for all reachable destinations. Normally, using either router
 discovery or RIP is more reliable and scalable than using proxy ARP. See
author	Jason King <jason.king@joyent.com>	2018-03-21 18:53:59 -0500
committer	Jason King <jason.king@joyent.com>	2018-04-20 16:35:41 -0500
commit	73dd2365dcd084d8ce1e3c7e1051570c1724de3f (patch)
tree	3982e2f554a0e2c8e01792d473e4c0fa8f3b9ee7
parent	b760b016c3ad8dc22270becb1dbc932c1cf0a595 (diff)
download	illumos-joyent-73dd2365dcd084d8ce1e3c7e1051570c1724de3f.tar.gz