OS-281 brand hook adding flows with flowadm, but not removing them before deleting the vnic.

OS-282 flowadm needs -z option to work with delegated vnics
author: Jerry Jelinek <jerry.jelinek@joyent.com> 2011-03-03 05:01:39 -0800
committer: Jerry Jelinek <jerry.jelinek@joyent.com> 2011-03-03 05:01:39 -0800
commit: c08e6a42dbb0b144a601797df287cc8080359042 (patch)
tree: 99d66946e1c11240cf4a5c2dbb6402a36d81d7b3
parent: 26204c7d5048483a0c81c654800b77079cedeb8c (diff)
download: illumos-joyent-c08e6a42dbb0b144a601797df287cc8080359042.tar.gz
3 files changed, 56 insertions, 30 deletions
diff --git a/usr/src/cmd/flowadm/flowadm.c b/usr/src/cmd/flowadm/flowadm.c
index 374fa1675c..34e597dc78 100644
--- a/usr/src/cmd/flowadm/flowadm.c
+++ b/usr/src/cmd/flowadm/flowadm.c
@@ -21,6 +21,7 @@
 /*
  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
+ * Copyright 2011 Joyent, Inc.  All rights reserved.
  */
 
 #include <stdio.h>
@@ -233,9 +234,9 @@ usage(void)
 	(void) fprintf(stderr, gettext("usage: flowadm <subcommand>"
 	    " <args>...\n"
 	    "    add-flow       [-t] -l <link> -a <attr>=<value>[,...]\n"
-	    "\t\t   [-p <prop>=<value>,...] <flow>\n"
-	    "    remove-flow    [-t] {-l <link> | <flow>}\n"
-	    "    show-flow      [-p] [-l <link>] "
+	    "\t\t   [-p <prop>=<value>,...] [-z zonename] <flow>\n"
+	    "    remove-flow    [-t] [-z zonename] {-l <link> | <flow>}\n"
+	    "    show-flow      [-p] [-l <link>] [-z zonename] "
 	    "[<flow>]\n\n"
 	    "    set-flowprop   [-t] -p <prop>=<value>[,...] <flow>\n"
 	    "    reset-flowprop [-t] [-p <prop>,...] <flow>\n"
@@ -333,11 +334,12 @@ do_add_flow(int argc, char *argv[])
 	dladm_arg_list_t	*proplist = NULL;
 	dladm_arg_list_t	*attrlist = NULL;
 	dladm_status_t		status;
+	char			*zonename = NULL;
 
 	bzero(propstr, DLADM_STRSIZE);
 	bzero(attrstr, DLADM_STRSIZE);
 
-	while ((option = getopt_long(argc, argv, "tR:l:a:p:",
+	while ((option = getopt_long(argc, argv, "tR:l:a:p:z:",
 	    prop_longopts, NULL)) != -1) {
 		switch (option) {
 		case 't':
@@ -351,9 +353,6 @@ do_add_flow(int argc, char *argv[])
 			    MAXLINKNAMELEN) >= MAXLINKNAMELEN) {
 				die("link name too long");
 			}
-			if (dladm_name2info(handle, devname, &linkid, NULL,
-			    NULL, NULL) != DLADM_STATUS_OK)
-				die("invalid link '%s'", devname);
 			l_arg = B_TRUE;
 			break;
 		case 'a':
@@ -368,6 +367,9 @@ do_add_flow(int argc, char *argv[])
 			    DLADM_STRSIZE)
 				die("property list too long '%s'", propstr);
 			break;
+		case 'z':
+			zonename = optarg;
+			break;
 		default:
 			die_opterr(optopt, option);
 		}
@@ -376,6 +378,10 @@ do_add_flow(int argc, char *argv[])
 		die("link is required");
 	}
 
+	if (dladm_zname2info(handle, zonename, devname, &linkid, NULL,
+	    NULL, NULL) != DLADM_STATUS_OK)
+		die("invalid link '%s'", devname);
+
 	opterr = 0;
 	index = optind;
 
@@ -414,11 +420,12 @@ do_remove_flow(int argc, char *argv[])
 	boolean_t		l_arg = B_FALSE;
 	remove_flow_state_t	state;
 	dladm_status_t		status;
+	char			*zonename = NULL;
 
 	bzero(&state, sizeof (state));
 
 	opterr = 0;
-	while ((option = getopt_long(argc, argv, ":tR:l:",
+	while ((option = getopt_long(argc, argv, ":tR:l:z:",
 	    longopts, NULL)) != -1) {
 		switch (option) {
 		case 't':
@@ -432,12 +439,11 @@ do_remove_flow(int argc, char *argv[])
 			    MAXLINKNAMELEN) >= MAXLINKNAMELEN) {
 				die("link name too long");
 			}
-			if (dladm_name2info(handle, linkname, &linkid, NULL,
-			    NULL, NULL) != DLADM_STATUS_OK) {
-				die("invalid link '%s'", linkname);
-			}
 			l_arg = B_TRUE;
 			break;
+		case 'z':
+			zonename = optarg;
+			break;
 		default:
 			die_opterr(optopt, option);
 			break;
@@ -458,6 +464,12 @@ do_remove_flow(int argc, char *argv[])
 		/* if link is specified then flow name should not be there */
 		if (optind == argc-1)
 			usage();
+
+		if (dladm_zname2info(handle, zonename, linkname, &linkid, NULL,
+		    NULL, NULL) != DLADM_STATUS_OK) {
+			die("invalid link '%s'", linkname);
+		}
+
 		/* walk the link to find flows and remove them */
 		state.fs_tempop = t_arg;
 		state.fs_altroot = altroot;
@@ -597,11 +609,12 @@ do_show_flow(int argc, char *argv[])
 	ofmt_handle_t		ofmt;
 	ofmt_status_t		oferr;
 	uint_t			ofmtflags = 0;
+	char			*zonename = NULL;
 
 	bzero(&state, sizeof (state));
 
 	opterr = 0;
-	while ((option = getopt_long(argc, argv, ":pPl:o:",
+	while ((option = getopt_long(argc, argv, ":pPl:o:z:",
 	    longopts, NULL)) != -1) {
 		switch (option) {
 		case 'p':
@@ -622,17 +635,23 @@ do_show_flow(int argc, char *argv[])
 			if (strlcpy(linkname, optarg, MAXLINKNAMELEN)
 			    >= MAXLINKNAMELEN)
 				die("link name too long\n");
-			if (dladm_name2info(handle, linkname, &linkid, NULL,
-			    NULL, NULL) != DLADM_STATUS_OK)
-				die("invalid link '%s'", linkname);
 			l_arg = B_TRUE;
 			break;
+		case 'z':
+			zonename = optarg;
+			break;
 		default:
 			die_opterr(optopt, option);
 			break;
 		}
 	}
 
+	if (l_arg) {
+		if (dladm_zname2info(handle, zonename, linkname, &linkid, NULL,
+		    NULL, NULL) != DLADM_STATUS_OK)
+			die("invalid link '%s'", linkname);
+	}
+
 	/* get flow name (optional last argument */
 	if (optind == (argc-1)) {
 		if (strlcpy(flowname, argv[optind], MAXFLOWNAMELEN)
diff --git a/usr/src/lib/brand/joyent/zone/poststate.ksh b/usr/src/lib/brand/joyent/zone/poststate.ksh
index d6b100d612..903e3f6b17 100644
--- a/usr/src/lib/brand/joyent/zone/poststate.ksh
+++ b/usr/src/lib/brand/joyent/zone/poststate.ksh
@@ -180,7 +180,7 @@ do
 		for port in $blocked_outgoing_ports; do
 			# br='block remote'.  Flow names should be < 31 chars
 			# in length so that they get unique kstats
-			flowadm add-flow -l $nic \
+			flowadm add-flow -t -l $nic -z $ZONENAME \
 			    -a transport=tcp,remote_port=$port \
 			    -p maxbw=0 ${nic}_br_${port}
 		done
diff --git a/usr/src/lib/brand/joyent/zone/prestate.ksh b/usr/src/lib/brand/joyent/zone/prestate.ksh
index 2c5b7bd1b5..cb7f8ae830 100644
--- a/usr/src/lib/brand/joyent/zone/prestate.ksh
+++ b/usr/src/lib/brand/joyent/zone/prestate.ksh
@@ -51,20 +51,27 @@ state=$3
 cmd=$4
 ALTROOT=$5
 
-# We only do work if we're readying the zone.
-if [ $cmd -ne 0 ]; then
-	exit 0;
-fi
+if (( $cmd == 0 )); then
+	# We're readying the zone.  Make sure the per-zone writable
+	# directories exist so that we can lofs mount them.  We do this here,
+	# instead of in the install script, since this list has evolved and
+	# there are already zones out there in the installed state.
+	[ ! -d $ZONEPATH/site ] && mkdir -m755 $ZONEPATH/site
+	[ ! -d $ZONEPATH/local ] && mkdir -m755 $ZONEPATH/local
+	[ ! -d $ZONEPATH/root/checkpoints ] && \
+	    mkdir -m755 $ZONEPATH/root/checkpoints
 
-# We're readying the zone.  Make sure the per-zone writable
-# directories exist so that we can lofs mount them.  We do this here,
-# instead of in the install script, since this list has evolved and there
-# are already zones out there in the installed state.
-[ ! -d $ZONEPATH/site ] && mkdir -m755 $ZONEPATH/site
-[ ! -d $ZONEPATH/local ] && mkdir -m755 $ZONEPATH/local
-[ ! -d $ZONEPATH/root/checkpoints ] &&  mkdir -m755 $ZONEPATH/root/checkpoints
+	# Force zone snapshots to get mounted
+	ls $ZONEPATH/.zfs/snapshot/* >/dev/null 2>&1
+fi
 
-# Force zone snapshots to get mounted
-ls $ZONEPATH/.zfs/snapshot/* >/dev/null 2>&1
+if (( $cmd == 4 )); then
+	# We're halting the zone.
+	# Cleanup any flows that were setup.
+	for nic in $_ZONECFG_net_resources
+	do
+		flowadm remove-flow -t -z $ZONENAME -l $nic
+	done
+fi
 
 exit 0
author	Jerry Jelinek <jerry.jelinek@joyent.com>	2011-03-03 05:01:39 -0800
committer	Jerry Jelinek <jerry.jelinek@joyent.com>	2011-03-03 05:01:39 -0800
commit	c08e6a42dbb0b144a601797df287cc8080359042 (patch)
tree	99d66946e1c11240cf4a5c2dbb6402a36d81d7b3
parent	26204c7d5048483a0c81c654800b77079cedeb8c (diff)
download	illumos-joyent-c08e6a42dbb0b144a601797df287cc8080359042.tar.gz