krata/crates/network/src/backend.rs

use crate::autonet::NetworkMetadata;
use crate::chandev::ChannelDevice;
use crate::nat::Nat;
use crate::proxynat::ProxyNatHandlerFactory;
use crate::raw_socket::{AsyncRawSocketChannel, RawSocketHandle, RawSocketProtocol};
use crate::vbridge::{BridgeJoinHandle, VirtualBridge};
use crate::EXTRA_MTU;
use anyhow::{anyhow, Result};
use bytes::BytesMut;
use futures::TryStreamExt;
use log::{info, trace, warn};
use smoltcp::iface::{Config, Interface, SocketSet};
use smoltcp::phy::Medium;
use smoltcp::time::Instant;
use smoltcp::wire::{HardwareAddress, IpCidr};
use tokio::select;
use tokio::sync::mpsc::{channel, Receiver};
use tokio::task::JoinHandle;

const TX_CHANNEL_BUFFER_LEN: usize = 3000;

#[derive(Clone)]
pub struct NetworkBackend {
    metadata: NetworkMetadata,
    bridge: VirtualBridge,
}

#[derive(Debug)]
enum NetworkStackSelect {
    Receive(Option<BytesMut>),
    Send(Option<BytesMut>),
}

struct NetworkStack<'a> {
    tx: Receiver<BytesMut>,
    kdev: AsyncRawSocketChannel,
    udev: ChannelDevice,
    interface: Interface,
    sockets: SocketSet<'a>,
    nat: Nat,
    bridge: BridgeJoinHandle,
}

impl NetworkStack<'_> {
    async fn poll(&mut self) -> Result<bool> {
        let what = select! {
            biased;
            x = self.kdev.receiver.recv() => NetworkStackSelect::Receive(x),
            x = self.tx.recv() => NetworkStackSelect::Send(x),
            x = self.bridge.from_bridge_receiver.recv() => NetworkStackSelect::Send(x),
            x = self.bridge.from_broadcast_receiver.recv() => NetworkStackSelect::Send(x.ok()),
        };

        match what {
            NetworkStackSelect::Receive(Some(packet)) => {
                if let Err(error) = self.bridge.to_bridge_sender.try_send(packet.clone()) {
                    trace!("failed to send guest packet to bridge: {}", error);
                }

                if let Err(error) = self.nat.receive_sender.try_send(packet.clone()) {
                    trace!("failed to send guest packet to nat: {}", error);
                }

                self.udev.rx = Some(packet);
                self.interface
                    .poll(Instant::now(), &mut self.udev, &mut self.sockets);
            }

            NetworkStackSelect::Send(Some(packet)) => {
                if let Err(error) = self.kdev.sender.try_send(packet) {
                    warn!("failed to transmit packet to interface: {}", error);
                }
            }

            NetworkStackSelect::Receive(None) | NetworkStackSelect::Send(None) => {
                return Ok(false);
            }
        }

        Ok(true)
    }
}

impl NetworkBackend {
    pub fn new(metadata: NetworkMetadata, bridge: VirtualBridge) -> Result<Self> {
        Ok(Self { metadata, bridge })
    }

    pub async fn init(&mut self) -> Result<()> {
        let interface = self.metadata.interface();
        let (connection, handle, _) = rtnetlink::new_connection()?;
        tokio::spawn(connection);

        let mut links = handle.link().get().match_name(interface.clone()).execute();
        let link = links.try_next().await?;
        if link.is_none() {
            return Err(anyhow!(
                "unable to find network interface named {}",
                interface
            ));
        }
        let link = link.unwrap();
        handle.link().set(link.header.index).up().execute().await?;
        Ok(())
    }

    pub async fn run(&self) -> Result<()> {
        let mut stack = self.create_network_stack().await?;
        loop {
            if !stack.poll().await? {
                break;
            }
        }
        Ok(())
    }

    async fn create_network_stack(&self) -> Result<NetworkStack> {
        let interface = self.metadata.interface();
        let proxy = Box::new(ProxyNatHandlerFactory::new());
        let addresses: Vec<IpCidr> = vec![
            self.metadata.gateway.ipv4.into(),
            self.metadata.gateway.ipv6.into(),
        ];
        let mut kdev =
            RawSocketHandle::bound_to_interface(&interface, RawSocketProtocol::Ethernet)?;
        let mtu = kdev.mtu_of_interface(&interface)? + EXTRA_MTU;
        let (tx_sender, tx_receiver) = channel::<BytesMut>(TX_CHANNEL_BUFFER_LEN);
        let mut udev = ChannelDevice::new(mtu, Medium::Ethernet, tx_sender.clone());
        let mac = self.metadata.gateway.mac;
        let nat = Nat::new(mtu, proxy, mac, addresses.clone(), tx_sender.clone())?;
        let hardware_addr = HardwareAddress::Ethernet(mac);
        let config = Config::new(hardware_addr);
        let mut iface = Interface::new(config, &mut udev, Instant::now());
        iface.update_ip_addrs(|addrs| {
            addrs
                .extend_from_slice(&addresses)
                .expect("failed to set ip addresses");
        });
        let sockets = SocketSet::new(vec![]);
        let handle = self.bridge.join(self.metadata.guest.mac).await?;
        let kdev = AsyncRawSocketChannel::new(mtu, kdev)?;
        Ok(NetworkStack {
            tx: tx_receiver,
            kdev,
            udev,
            interface: iface,
            sockets,
            nat,
            bridge: handle,
        })
    }

    pub async fn launch(self) -> Result<JoinHandle<()>> {
        Ok(tokio::task::spawn(async move {
            info!(
                "launched network backend for krata guest {}",
                self.metadata.uuid
            );
            if let Err(error) = self.run().await {
                warn!(
                    "network backend for krata guest {} failed: {}",
                    self.metadata.uuid, error
                );
            }
        }))
    }
}

impl Drop for NetworkBackend {
    fn drop(&mut self) {
        info!(
            "destroyed network backend for krata guest {}",
            self.metadata.uuid
        );
    }
}
network: inter-container networking support 2024-02-12 14:24:38 +00:00			`use crate::autonet::NetworkMetadata;`
network: start work on NAT implementation 2024-02-09 13:06:00 +00:00			`use crate::chandev::ChannelDevice;`
network: split nat into separate mods 2024-02-13 18:01:52 +00:00			`use crate::nat::Nat;`
network: start work on NAT implementation 2024-02-09 13:06:00 +00:00			`use crate::proxynat::ProxyNatHandlerFactory;`
network: rework raw sockets to use channels 2024-02-13 14:58:21 +00:00			`use crate::raw_socket::{AsyncRawSocketChannel, RawSocketHandle, RawSocketProtocol};`
network: inter-container networking support 2024-02-12 14:24:38 +00:00			`use crate::vbridge::{BridgeJoinHandle, VirtualBridge};`
network: configure mtu and segmentation offloading properly 2024-03-04 12:19:03 +00:00			`use crate::EXTRA_MTU;`
network: split backend into slices 2024-02-09 08:04:23 +00:00			`use anyhow::{anyhow, Result};`
network: utilize bytes crate 2024-02-12 17:01:47 +00:00			`use bytes::BytesMut;`
network: start work on NAT implementation 2024-02-09 13:06:00 +00:00			`use futures::TryStreamExt;`
network: split nat into separate mods 2024-02-13 18:01:52 +00:00			`use log::{info, trace, warn};`
network: split backend into slices 2024-02-09 08:04:23 +00:00			`use smoltcp::iface::{Config, Interface, SocketSet};`
network: implement TCP proxy NAT via smoltcp 2024-02-11 10:07:47 +00:00			`use smoltcp::phy::Medium;`
network: split backend into slices 2024-02-09 08:04:23 +00:00			`use smoltcp::time::Instant;`
			`use smoltcp::wire::{HardwareAddress, IpCidr};`
network: start work on NAT implementation 2024-02-09 13:06:00 +00:00			`use tokio::select;`
			`use tokio::sync::mpsc::{channel, Receiver};`
network: implement proper backend destruction 2024-02-13 17:01:59 +00:00			`use tokio::task::JoinHandle;`
network: split backend into slices 2024-02-09 08:04:23 +00:00
network: gigabit performance tuning 2024-03-04 07:04:32 +00:00			`const TX_CHANNEL_BUFFER_LEN: usize = 3000;`
network: move out channel size constants 2024-02-12 17:40:11 +00:00
network: start work on NAT implementation 2024-02-09 13:06:00 +00:00			`#[derive(Clone)]`
			`pub struct NetworkBackend {`
network: inter-container networking support 2024-02-12 14:24:38 +00:00			`metadata: NetworkMetadata,`
			`bridge: VirtualBridge,`
network: split backend into slices 2024-02-09 08:04:23 +00:00			`}`

network: rework raw sockets to use channels 2024-02-13 14:58:21 +00:00			`#[derive(Debug)]`
			`enum NetworkStackSelect {`
			`Receive(Option<BytesMut>),`
network: utilize bytes crate 2024-02-12 17:01:47 +00:00			`Send(Option<BytesMut>),`
network: start work on NAT implementation 2024-02-09 13:06:00 +00:00			`}`

			`struct NetworkStack<'a> {`
network: utilize bytes crate 2024-02-12 17:01:47 +00:00			`tx: Receiver<BytesMut>,`
network: rework raw sockets to use channels 2024-02-13 14:58:21 +00:00			`kdev: AsyncRawSocketChannel,`
network: start work on NAT implementation 2024-02-09 13:06:00 +00:00			`udev: ChannelDevice,`
			`interface: Interface,`
			`sockets: SocketSet<'a>,`
network: split nat into separate mods 2024-02-13 18:01:52 +00:00			`nat: Nat,`
network: inter-container networking support 2024-02-12 14:24:38 +00:00			`bridge: BridgeJoinHandle,`
network: start work on NAT implementation 2024-02-09 13:06:00 +00:00			`}`

			`impl NetworkStack<'_> {`
network: implement proper backend destruction 2024-02-13 17:01:59 +00:00			`async fn poll(&mut self) -> Result<bool> {`
network: start work on NAT implementation 2024-02-09 13:06:00 +00:00			`let what = select! {`
network: performance tuning using tear off buffers 2024-03-29 03:09:41 +00:00			`biased;`
network: rework raw sockets to use channels 2024-02-13 14:58:21 +00:00			`x = self.kdev.receiver.recv() => NetworkStackSelect::Receive(x),`
network: performance tuning using tear off buffers 2024-03-29 03:09:41 +00:00			`x = self.tx.recv() => NetworkStackSelect::Send(x),`
network: rework raw sockets to use channels 2024-02-13 14:58:21 +00:00			`x = self.bridge.from_bridge_receiver.recv() => NetworkStackSelect::Send(x),`
			`x = self.bridge.from_broadcast_receiver.recv() => NetworkStackSelect::Send(x.ok()),`
network: start work on NAT implementation 2024-02-09 13:06:00 +00:00			`};`

			`match what {`
network: rework raw sockets to use channels 2024-02-13 14:58:21 +00:00			`NetworkStackSelect::Receive(Some(packet)) => {`
			`if let Err(error) = self.bridge.to_bridge_sender.try_send(packet.clone()) {`
network: don't block icmp proxies on ping awaits 2024-02-12 16:11:29 +00:00			`trace!("failed to send guest packet to bridge: {}", error);`
network: inter-container networking support 2024-02-12 14:24:38 +00:00			`}`

network: split nat into separate mods 2024-02-13 18:01:52 +00:00			`if let Err(error) = self.nat.receive_sender.try_send(packet.clone()) {`
			`trace!("failed to send guest packet to nat: {}", error);`
network: auto-retry backend startup 2024-02-13 10:03:28 +00:00			`}`
network: split nat into separate mods 2024-02-13 18:01:52 +00:00
			`self.udev.rx = Some(packet);`
			`self.interface`
			`.poll(Instant::now(), &mut self.udev, &mut self.sockets);`
network: start work on NAT implementation 2024-02-09 13:06:00 +00:00			`}`
network: implement NAT table reclaim 2024-02-10 14:02:54 +00:00
network: rework raw sockets to use channels 2024-02-13 14:58:21 +00:00			`NetworkStackSelect::Send(Some(packet)) => {`
			`if let Err(error) = self.kdev.sender.try_send(packet) {`
			`warn!("failed to transmit packet to interface: {}", error);`
			`}`
			`}`
network: inter-container networking support 2024-02-12 14:24:38 +00:00
network: implement proper backend destruction 2024-02-13 17:01:59 +00:00			`NetworkStackSelect::Receive(None) \| NetworkStackSelect::Send(None) => {`
			`return Ok(false);`
			`}`
network: start work on NAT implementation 2024-02-09 13:06:00 +00:00			`}`

network: implement proper backend destruction 2024-02-13 17:01:59 +00:00			`Ok(true)`
network: start work on NAT implementation 2024-02-09 13:06:00 +00:00			`}`
network: split backend into slices 2024-02-09 08:04:23 +00:00			`}`

			`impl NetworkBackend {`
network: inter-container networking support 2024-02-12 14:24:38 +00:00			`pub fn new(metadata: NetworkMetadata, bridge: VirtualBridge) -> Result<Self> {`
			`Ok(Self { metadata, bridge })`
network: split backend into slices 2024-02-09 08:04:23 +00:00			`}`

			`pub async fn init(&mut self) -> Result<()> {`
network: inter-container networking support 2024-02-12 14:24:38 +00:00			`let interface = self.metadata.interface();`
network: split backend into slices 2024-02-09 08:04:23 +00:00			`let (connection, handle, _) = rtnetlink::new_connection()?;`
			`tokio::spawn(connection);`

network: inter-container networking support 2024-02-12 14:24:38 +00:00			`let mut links = handle.link().get().match_name(interface.clone()).execute();`
network: split backend into slices 2024-02-09 08:04:23 +00:00			`let link = links.try_next().await?;`
			`if link.is_none() {`
			`return Err(anyhow!(`
			`"unable to find network interface named {}",`
network: inter-container networking support 2024-02-12 14:24:38 +00:00			`interface`
network: split backend into slices 2024-02-09 08:04:23 +00:00			`));`
			`}`
			`let link = link.unwrap();`
			`handle.link().set(link.header.index).up().execute().await?;`
			`Ok(())`
			`}`

network: start work on NAT implementation 2024-02-09 13:06:00 +00:00			`pub async fn run(&self) -> Result<()> {`
network: inter-container networking support 2024-02-12 14:24:38 +00:00			`let mut stack = self.create_network_stack().await?;`
network: start work on NAT implementation 2024-02-09 13:06:00 +00:00			`loop {`
network: implement proper backend destruction 2024-02-13 17:01:59 +00:00			`if !stack.poll().await? {`
			`break;`
			`}`
network: start work on NAT implementation 2024-02-09 13:06:00 +00:00			`}`
network: implement proper backend destruction 2024-02-13 17:01:59 +00:00			`Ok(())`
network: split backend into slices 2024-02-09 08:04:23 +00:00			`}`

network: inter-container networking support 2024-02-12 14:24:38 +00:00			`async fn create_network_stack(&self) -> Result<NetworkStack> {`
			`let interface = self.metadata.interface();`
network: start work on NAT implementation 2024-02-09 13:06:00 +00:00			`let proxy = Box::new(ProxyNatHandlerFactory::new());`
network: inter-container networking support 2024-02-12 14:24:38 +00:00			`let addresses: Vec<IpCidr> = vec![`
			`self.metadata.gateway.ipv4.into(),`
			`self.metadata.gateway.ipv6.into(),`
			`];`
network: configure mtu and segmentation offloading properly 2024-03-04 12:19:03 +00:00			`let mut kdev =`
			`RawSocketHandle::bound_to_interface(&interface, RawSocketProtocol::Ethernet)?;`
			`let mtu = kdev.mtu_of_interface(&interface)? + EXTRA_MTU;`
network: move out channel size constants 2024-02-12 17:40:11 +00:00			`let (tx_sender, tx_receiver) = channel::<BytesMut>(TX_CHANNEL_BUFFER_LEN);`
network: implement TCP proxy NAT via smoltcp 2024-02-11 10:07:47 +00:00			`let mut udev = ChannelDevice::new(mtu, Medium::Ethernet, tx_sender.clone());`
network: inter-container networking support 2024-02-12 14:24:38 +00:00			`let mac = self.metadata.gateway.mac;`
network: split nat into separate mods 2024-02-13 18:01:52 +00:00			`let nat = Nat::new(mtu, proxy, mac, addresses.clone(), tx_sender.clone())?;`
network: inter-container networking support 2024-02-12 14:24:38 +00:00			`let hardware_addr = HardwareAddress::Ethernet(mac);`
			`let config = Config::new(hardware_addr);`
network: start work on NAT implementation 2024-02-09 13:06:00 +00:00			`let mut iface = Interface::new(config, &mut udev, Instant::now());`
network: split backend into slices 2024-02-09 08:04:23 +00:00			`iface.update_ip_addrs(\|addrs\| {`
			`addrs`
			`.extend_from_slice(&addresses)`
			`.expect("failed to set ip addresses");`
			`});`
network: start work on NAT implementation 2024-02-09 13:06:00 +00:00			`let sockets = SocketSet::new(vec![]);`
network: inter-container networking support 2024-02-12 14:24:38 +00:00			`let handle = self.bridge.join(self.metadata.guest.mac).await?;`
network: split nat into separate mods 2024-02-13 18:01:52 +00:00			`let kdev = AsyncRawSocketChannel::new(mtu, kdev)?;`
network: start work on NAT implementation 2024-02-09 13:06:00 +00:00			`Ok(NetworkStack {`
network: successfully implement NAT support for UDP. timeouts are not yet implemented. 2024-02-10 12:00:15 +00:00			`tx: tx_receiver,`
network: start work on NAT implementation 2024-02-09 13:06:00 +00:00			`kdev,`
			`udev,`
			`interface: iface,`
			`sockets,`
network: split nat into separate mods 2024-02-13 18:01:52 +00:00			`nat,`
network: inter-container networking support 2024-02-12 14:24:38 +00:00			`bridge: handle,`
network: split backend into slices 2024-02-09 08:04:23 +00:00			`})`
			`}`
network: inter-container networking support 2024-02-12 14:24:38 +00:00
network: implement proper backend destruction 2024-02-13 17:01:59 +00:00			`pub async fn launch(self) -> Result<JoinHandle<()>> {`
			`Ok(tokio::task::spawn(async move {`
network: inter-container networking support 2024-02-12 14:24:38 +00:00			`info!(`
krata: fix guest destruction 2024-03-30 03:49:13 +00:00			`"launched network backend for krata guest {}",`
network: inter-container networking support 2024-02-12 14:24:38 +00:00			`self.metadata.uuid`
			`);`
			`if let Err(error) = self.run().await {`
			`warn!(`
rebrand to krata 2024-02-21 20:57:46 +00:00			`"network backend for krata guest {} failed: {}",`
network: inter-container networking support 2024-02-12 14:24:38 +00:00			`self.metadata.uuid, error`
			`);`
			`}`
network: implement proper backend destruction 2024-02-13 17:01:59 +00:00			`}))`
			`}`
			`}`

			`impl Drop for NetworkBackend {`
			`fn drop(&mut self) {`
			`info!(`
rebrand to krata 2024-02-21 20:57:46 +00:00			`"destroyed network backend for krata guest {}",`
network: implement proper backend destruction 2024-02-13 17:01:59 +00:00			`self.metadata.uuid`
			`);`
network: inter-container networking support 2024-02-12 14:24:38 +00:00			`}`
network: split backend into slices 2024-02-09 08:04:23 +00:00			`}`