[ddmd] add --no-state-machine flag for test fixtures and Linux build

Omicron's oxidecomputer/omicron#10381 introduces a stubbed `ddmd`
admin endpoint because spawning a real `ddmd` in a generic test
toolchain is not viable: the routing state machine (discovery, exchange, route
synchronization) depends on illumos networking facilities the toolchain does not
provide. Consumers of the stub, e.g., Nexus RPW (multicast members),
sled-agent's DDM reconciler, and anything that resolves the DDM internal-DNS
service name, cannot exercise the real admin surface from Omicron's test harness.

This work adds an opt-in `--no-state-machine` flag to `ddmd` that runs only
the admin API server and skips the state machine entirely, allowing the fixture
to spawn the real binary. This is analogous to `mgd --no-bgp-dispatcher`, which
Omicron's `MgdInstance` already uses for the same purpose.

To make the fixture path usable on Linux, `ddmd` itself must build on Linux.
The previous code pulled the illumos-only crates `libnet`, `dpd-client`,
`opte-ioctl`, and `oxide-vpc` unconditionally through `ddm`, which failed to
link on Linux (`-lzfs`, `-ldlpi`). This change introduces an `illumos` feature
in both `ddm` and `ddmd` (default-on, mirroring `mgd`'s `mg-lower` pattern) that
marks those four crates optional. The buildomat `linux.sh` job now builds `ddmd`
and `ddmadm`, with `ddmd` invoked as `cargo build --bin ddmd --no-default-features`.

The illumos-only halves of `ddm` are isolated by the feature gate:

- The routing state machine implementation moves from `sm.rs` into
  `sm/state.rs`.
- The exchange runtime (HTTP push/pull and route programming) moves from
  `exchange.rs` into `exchange/runtime.rs`.
- The discovery runtime (UDPv6 solicitation/advertisement loops) moves from
  `discovery.rs` into `discovery/runtime.rs`.

Each parent `mod.rs` keeps the platform-agnostic types and re-exports the
runtime surface so existing call sites resolve unchanged on illumos. The runtime
submodules are gated as a unit by `#[cfg(all(feature = "illumos",
target_os = "illumos"))]`. We also remove the single-function `ddm/src/util.rs`,
inlining the function into `discovery/runtime.rs`, where its sole caller lives.

The SIGTERM cleanup handler is installed regardless of the flag, so
Ctrl-C still exits cleanly in `--no-state-machine` mode. The imported
route sets are empty in that mode, so the cleanup itself is a noop.
Passing `--addr` alongside `--no-state-machine` is harmless but ignored,
with a warning logged.

Author: zeeshanlakhani

.github/buildomat/jobs/linux.sh

@@ -28,6 +28,26 @@
 #: series = "linux"
 #: name = "mgadm.sha256.txt"
 #: from_output = "/work/release/mgadm.sha256.txt"
+#:
+#: [[publish]]
+#: series = "linux"
+#: name = "ddmd"
+#: from_output = "/work/release/ddmd"
+#:
+#: [[publish]]
+#: series = "linux"
+#: name = "ddmd.sha256.txt"
+#: from_output = "/work/release/ddmd.sha256.txt"
+#:
+#: [[publish]]
+#: series = "linux"
+#: name = "ddmadm"
+#: from_output = "/work/release/ddmadm"
+#:
+#: [[publish]]
+#: series = "linux"
+#: name = "ddmadm.sha256.txt"
+#: from_output = "/work/release/ddmadm.sha256.txt"
 
 set -o errexit
 set -o pipefail
@@ -64,3 +84,21 @@ popd
 cp target/debug/mgadm /work/debug
 cp target/release/mgadm /work/release
 digest /work/release/mgadm > /work/release/mgadm.sha256.txt
+
+banner "ddmd"
+pushd ddmd
+cargo build --bin ddmd --no-default-features
+cargo build --bin ddmd --no-default-features --release
+popd
+cp target/debug/ddmd /work/debug
+cp target/release/ddmd /work/release
+digest /work/release/ddmd > /work/release/ddmd.sha256.txt
+
+banner "ddmadm"
+pushd ddmadm
+cargo build --bin ddmadm
+cargo build --bin ddmadm --release
+popd
+cp target/debug/ddmadm /work/debug
+cp target/release/ddmadm /work/release
+digest /work/release/ddmadm > /work/release/ddmadm.sha256.txt

ddm/Cargo.toml

@@ -21,10 +21,6 @@ hyper.workspace = true
 hyper-util.workspace = true
 http-body-util.workspace = true
 serde_json.workspace = true
-libnet.workspace = true
-dpd-client.workspace = true
-opte-ioctl.workspace = true
-oxide-vpc.workspace = true
 sled.workspace = true
 mg-common.workspace = true
 chrono.workspace = true
@@ -35,3 +31,15 @@ oxnet.workspace = true
 uuid.workspace = true
 ddm-api.workspace = true
 ddm-types.workspace = true
+
+# illumos-only deps used by the routing state machine and platform sys layer.
+# Gated by the `illumos` feature so non-illumos builds (e.g. Linux test
+# fixtures running ddmd with `--no-state-machine`) link cleanly.
+libnet = { workspace = true, optional = true }
+dpd-client = { workspace = true, optional = true }
+opte-ioctl = { workspace = true, optional = true }
+oxide-vpc = { workspace = true, optional = true }
+
+[features]
+default = ["illumos"]
+illumos = ["dep:libnet", "dep:dpd-client", "dep:opte-ioctl", "dep:oxide-vpc"]

ddm/src/admin.rs

@@ -12,8 +12,6 @@ use ddm_types::exchange::PathVector;
 use dropshot::ApiDescription;
 use dropshot::ApiDescriptionBuildErrors;
 use dropshot::ConfigDropshot;
-use dropshot::ConfigLogging;
-use dropshot::ConfigLoggingLevel;
 use dropshot::HttpError;
 use dropshot::HttpResponseOk;
 use dropshot::HttpResponseUpdatedNoContent;
@@ -23,7 +21,7 @@ use dropshot::TypedBody;
 use mg_common::lock;
 use mg_common::net::TunnelOrigin;
 use oxnet::Ipv6Net;
-use slog::{Logger, error, info};
+use slog::{Logger, error, info, o};
 use std::collections::{HashMap, HashSet};
 use std::net::{IpAddr, SocketAddr, SocketAddrV4, SocketAddrV6};
 use std::sync::Arc;
@@ -35,6 +33,8 @@ use tokio::task::JoinHandle;
 
 pub const DDM_STATS_PORT: u16 = 8001;
 
+const UNIT_API_SERVER: &str = "api_server";
+
 #[derive(Default)]
 pub struct RouterStats {
     pub originated_underlay_prefixes: AtomicU64,
@@ -68,11 +68,11 @@ pub fn handler(
         ..Default::default()
     };
 
-    let ds_log = ConfigLogging::StderrTerminal {
-        level: ConfigLoggingLevel::Error,
-    }
-    .to_logger("admin")
-    .map_err(|e| e.to_string())?;
+    let ds_log = log.new(o!(
+        "component" => crate::COMPONENT_DDM,
+        "module" => crate::MOD_ADMIN,
+        "unit" => UNIT_API_SERVER,
+    ));
 
     let api = api_description().map_err(|e| e.to_string())?;
 

ddm/src/discovery/mod.rs

@@ -0,0 +1,117 @@
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at https://mozilla.org/MPL/2.0/.
+
+//! This module implements the ddm router discovery mechanisms. These
+//! mechanisms are responsible for three primary things
+//!
+//! 1. Soliciting other routers through UDP/IPv6 link local multicast.
+//! 2. Sending out router advertisements in response to solicitations.
+//! 3. Continuously soliciting link-local at a configurable rate to keep
+//!    sessions alive and sending out notifications when peering arrangements
+//!    expire due to not getting a solicitation response within a configurable
+//!    time threshold.
+//!
+//! [`Version`] and [`DiscoveryError`] are platform-agnostic and stay in this
+//! module so the state machine type definitions in [`crate::sm`] continue to
+//! compile when the routing runtime is gated out (e.g. Linux test fixtures
+//! running ddmd with `--no-state-machine`). The runtime helpers that drive
+//! the protocol over UDPv6 sockets live in the [`runtime`] submodule and
+//! are illumos-only.
+//!
+//! ## Protocol
+//!
+//! The general sequence of events is depicted in the following diagram.
+//!
+//!             *==========*                *==========*
+//!             |  violin  |                |  piano   |
+//!             *==========*                *==========*
+//!                  |                           |
+//!                  |     solicit(ff02::dd)     |
+//!                  |-------------------------->|
+//!                  |    advertise(fe80::47)    |
+//!                  |<--------------------------|
+//!                  |                           |
+//!                  |            ...            |
+//!                  |                           |
+//!                  |                           |
+//!                  |     solicit(ff02::dd)     |
+//!                  |-------------------------->|
+//!                  |    advertise(fe80::47)    |
+//!                  |<--------------------------|
+//!                  |                           |
+//!                  |     solicit(ff02::dd)     |
+//!                  |-------------------------->|
+//!                  |     solicit(ff02::dd)     |
+//!                  |-------------------------->|
+//!                  |     solicit(ff02::dd)     |
+//!                  |-------------------------->|
+//!                  |                           |
+//!             +----|                           |
+//!      expire |    |                           |
+//!       piano |    |                           |
+//!             +--->|                           |
+//!
+//! This shows violin sending a link-local multicast solicitation over the wire.
+//! That solicitation is received by piano and piano respons with an
+//! advertisement to violin's link-local unicast address. From this point
+//! forward solicitations and responses continue. Each time violin gets a
+//! response from piano, it updates the last seen timestamp for piano. If at
+//! some point piano stops responding to solicitations and the last seen
+//! timestamp is older than the expiration threshold, violin will expire the
+//! session and send out a notification to the ddm state machine that started
+//! it. Violin will continue to send out solicitations in case piano comes back.
+//!
+//! In the event that piano undergoes renumbering e.g. it's link-local unicast
+//! address changes, this will be detected by violin and an advertisement update
+//! will be sent to the ddm state machine through the notification channel
+//! provided to the discovery subsystem.
+//!
+//! The DDM discovery multicast address is ff02::dd. Discovery packets are sent
+//! over UDP using port number 0xddd.
+//!
+//! ## Packets
+//!
+//! Discovery packets follow a very simple format
+//!
+//!                      1                   2                   3
+//!  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+//! +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+//! |   version     |S A r r r r r r|  router kind  | hostname len  |
+//! +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+//! |                           hostname                            :
+//! +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+//! :                             ....                              :
+//! +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+//!
+//! The first byte indicates the version. The only valid version at present is
+//! version 1. The second byte is a flags bitfield. The first position `S`
+//! indicates a solicitation. The second position `A` indicates and
+//! advertisement. All other positions are reserved for future use. The third
+//! byte indicates the kind of router. Current values are 0 for a server router
+//! and 1 for a transit routers. The fourth byte is a hostname length followed
+//! directly by a hostname of up to 255 bytes in length.
+
+use thiserror::Error;
+
+#[cfg(all(feature = "illumos", target_os = "illumos"))]
+mod runtime;
+
+#[cfg(all(feature = "illumos", target_os = "illumos"))]
+pub(crate) use runtime::handler;
+
+#[derive(Debug, Copy, Clone)]
+#[repr(u8)]
+pub enum Version {
+    V2 = 2,
+    V3 = 3,
+}
+
+#[derive(Error, Debug)]
+pub enum DiscoveryError {
+    #[error("io error: {0}")]
+    Io(#[from] std::io::Error),
+
+    #[error("serialization error: {0}")]
+    Serialization(#[from] ispf::Error),
+}