Lua: attempt to index a nil value (global 'io')

[k0ste]

Hi, I try to setup custom kernel rules (see #3242) with scripting feature. But seems shell commands are not possible to execute from frr

Sep 03 17:03:40 example.com zebra[575]: [Q2X3Y-1Z9T1] Lua hook call 'on_rib_process_dplane_results' : runtime error: /etc/frr/scripts/kek.lua:11: attempt to index a nil value (global 'io')
Sep 03 17:03:40 example.com zebra[575]: [MZAMG-GFFX1] frrscript: 'kek.lua': 'on_rib_process_dplane_results': this function called but returned non-zero exit code. No variables modified.

The script is:

local function isempty(v)
  return v == nil or v == ''
end

function on_rib_process_dplane_results(ctx)
  if isempty(ctx.rule) then
    log.info("table rule is not exists")
  elseif ctx.zd_op == 25 and not isempty(ctx.rule) then
    log.info("table rule is: " .. ctx.rule.ifname .. " " .. ctx.rule.table .. " " .. ctx.rule.fwmark)
    command = 'ip route show table ' .. ctx.rule.table
    local handle = io.popen(command)
    local result = handle:read("*a")
    log.info("result is: " .. result)
    handle:close()
  end
return {}
end

The documentation is only says that on_rib_process_dplane_results exists as hook. May be some actions for this hook are exists and not documented?
Thanks

[ton31337]

You are trying to use io.popen(command) where io is nil.

[k0ste]

Thank you. I see. I am wondering how to get around or solve this

[Cerebus]

Running into the same issue. Scripts are loaded into an empty namespace, so all the Lua built-ins don't work. Without functions likd pairs and ipairs it's really hard to do anything useful.

Having a sandbox for user scripts makes sense, but there's gotta be some wiggle room else the Lua capability is mostly useless.

[ton31337]

Should be fixed by #16907.

[k0ste]

Added this patch to 10.1.1

Seems works as expected

Sep 27 16:32:54 k0ste.ru zebra[56420]: [JZMNV-MDH8J] table rule is not exists
Sep 27 16:32:54 k0ste.ru zebra[56420]: [JZMNV-MDH8J] table rule is not exists
Sep 27 16:32:54 k0ste.ru zebra[56420]: [JZMNV-MDH8J] table rule is not exists
Sep 27 16:32:54 k0ste.ru zebra[56420]: [JZMNV-MDH8J] table rule is not exists
Sep 27 16:32:54 k0ste.ru zebra[56420]: [JZMNV-MDH8J] table rule is not exists
Sep 27 16:32:54 k0ste.ru zebra[56420]: [JZMNV-MDH8J] table rule is: lo 10001 211
Sep 27 16:32:54 k0ste.ru zebra[56420]: [JZMNV-MDH8J] result is: default nhid 19 via 172.16.255.1 dev lo proto pbr metric 20

I will continue research the implementation of the desired function, after which I will write about the results
Thanks!

[k0ste]

Now works as expected 🚀

Final script (seems not ideal)

• the idea with zebra_dplane.h form here [thanks to @Cerebus]
• also added dump() function from some gist, for see what currently inside ctx table

require("io")

local function dump(value, call_indent)
  if not call_indent then
    call_indent = ""
  end

  local indent = call_indent .. "  "
  local output = ""

  if type(value) == "table" then
    output = output .. "{"

    local first = true

    for inner_key, inner_value in pairs(value) do
      if not first then
        output = output .. ", "
      else
        first = false
      end

      output = output .. "\n" .. indent
      output = output .. inner_key .. " = " .. dump(inner_value, indent)
    end

    output = output .. "\n" .. call_indent .. "}"

  elseif type(value) == "userdata" then
    output = "userdata"
  else
    output = value
  end

  return output
end

-- Cribbed from zebra_dplane.h (dropped the DPLANE_OP prefix)
local ops = {[0]="NONE", "ROUTE_INSTALL", "ROUTE_UPDATE", "ROUTE_DELETE", "ROUTE_NOTIFY",
             "NH_INSTALL", "NH_UPDATE", "NH_DELETE", "LSP_INSTALL", "LSP_UPDATE",
             "LSP_DELETE", "LSP_NOTIFY", "PW_INSTALL", "PW_UNINSTALL", "SYS_ROUTE_ADD",
             "SYS_ROUTE_DELETE", "ADDR_INSTALL", "ADD_UNINSTALL", "MAC_INSTALL",
             "MAC_DELETE", "NEIGH_INSTALL", "NEIGH_UDPATE", "NEIGH_DELETE",
             "VTEP_ADD", "VTEP_DELETE", "RULE_ADD", "RULE_DELETE", "RULE_UPDATE",
             "NEIGH_DISCOVER", "BR_PORT_UPDATE", "IPTABLE_ADD", "IPTABLE_DELETE",
             "IPSET_ADD", "IPSET_DELETE", "IPSET_ENTRY_ADD", "IPSET_ENTRY_DELETE",
             "NEIGH_IP_INSTALL", "NEIGH_IP_DELETE", "NEIGH_TABLE_UPDATE", "GRE_SET",
             "INTF_ADDR_ADD", "INTF_ADDR_DELETE", "INTF_NETCONFIG", "INTF_INSTALL",
             "INTF_UPDATE", "INTF_DELETE", "TC_QDISC_INSTALL", "TC_QDISC_UNINSTALL",
             "TC_QDISC_CLASS_ADD", "TC_QDISC_CLASS_DELETE", "TC_QDISC_CLASS_UPDATE",
             "TC_QDISC_FILTER_ADD", "TC_QDISC_FILTER_DELETE", "TC_QDISC_FILTER_UPDATE",
             "STARTUP_STAGE", "SRV6_ENCAP_SRCADDR_SET"}


local function isempty(v)
  return v == nil or v == ''
end

function on_rib_process_dplane_results(ctx)
  if ctx.zd_ifname == "lo" then
  --log.info(dump(ctx))
    if ops[ctx.zd_op] == "RULE_DELETE" and not isempty(ctx.rule) then
      local r = ctx.rule
      command = "sudo ip rule delete prio " .. (r.priority - 1) .. " 2>&1"
      local handle = io.popen(command)
      local result = handle:read("*a")
      local rc = {handle:close()}

      if rc[3] == 0 then
        log.info("Succes removed rule: " .. command)
      else
        log.error("Failed to remove rule: " .. result)
      end

    elseif ops[ctx.zd_op] == "RULE_ADD" and not isempty(ctx.rule) then
      local r = ctx.rule
      command = "sudo ip rule add prio " .. (r.priority - 1) .. " fwmark "
        .. r.fwmark .. " lookup " .. r.table .. " proto zebra 2>&1"
      local handle = io.popen(command)
      local result = handle:read("*a")
      local rc = {handle:close()}

      if rc[3] == 0 then
        log.info("Succes installed rule: " .. command)
      else
        log.error("Failed to install rule: " .. result)
      end
    end
  end
return {}
end

---

Rule add:

Oct 18 16:46:38 example.com sudo[2537391]: pam_systemd_home(sudo:account): New sd-bus connection (system-bus-pam-systemd-home-2537391) opened.
Oct 18 16:46:38 example.com sudo[2537391]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=989)
Oct 18 16:46:38 example.com sudo[2537391]: pam_unix(sudo:session): session closed for user root
Oct 18 16:46:38 example.com zebra[56420]: [JZMNV-MDH8J] Succes installed rule: sudo ip rule add prio 299 fwmark 211 lookup 10001 proto zebra 2>&1

Rule remove:

Oct 18 17:03:15 example.com sudo[2538834]: pam_systemd_home(sudo:account): New sd-bus connection (system-bus-pam-systemd-home-2538834) opened.
Oct 18 17:03:15 example.com sudo[2538834]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=989)
Oct 18 17:03:15 example.com sudo[2538834]: pam_unix(sudo:session): session closed for user root
Oct 18 17:03:15 example.com zebra[56420]: [JZMNV-MDH8J] Succes removed rule: sudo ip rule delete prio 299 2>&1

---

Result

0:      from all lookup local
299:    from all fwmark 0xd3 lookup 10001 proto zebra <---- lua rule
300:    from x.x.x.x iif ppp0 lookup 10000 proto zebra
300:    from all fwmark 0xd3 iif lo lookup 10001 proto zebra <---- pbr rule
32766:  from all lookup main
32767:  from all lookup default