netlink: augment group writer with priv(9) argument

This will allow to broadcast messages visible only to priveleged
subscribers.

Reviewed by: melifaro
Differential Revision: https://reviews.freeb

netlink: augment group writer with priv(9) argument

This will allow to broadcast messages visible only to priveleged
subscribers.

Reviewed by: melifaro
Differential Revision: https://reviews.freebsd.org/D48307

show more ...

netlink: use nitems() and roundup(2) from param.h

While here style nested includes (kernel ones go first).

Reviewed by: melifaro
Differential Revision: https://reviews.freebsd.org/D47557

netlink: refactor writer initialization KPI

o Allow callers to initialize a writer that will malloc(9) with M_WAITOK.
o Use size_t for expected malloc size.
o Use correct types to initialize a group

netlink: refactor writer initialization KPI

o Allow callers to initialize a writer that will malloc(9) with M_WAITOK.
o Use size_t for expected malloc size.
o Use correct types to initialize a group writer.
o Rename functions into nl_writer_ namespace instead of nlmsg_, cause
they are working on nl_writer, not on nlmsg.
o Make the KPI responsible to sparsely initialize the writer structure.
o Garbage collect chain writer. Fixes 17083b94a915.

All current consumers are left as is, however some may benefit from
M_WAITOK allocation as well as supplying a correct expected size.

Reviewed by: melifaro
Differential Revision: https://reviews.freebsd.org/D47549

show more ...

netlink/route: Fix the argument list for rtnl_handle_iflink()

This function is registered as a ifnet_link_event and so should have the
corresponding argument list.

PR: 282870
Reported by: nakayama

netlink/route: Fix the argument list for rtnl_handle_iflink()

This function is registered as a ifnet_link_event and so should have the
corresponding argument list.

PR: 282870
Reported by: nakayamakenjiro@gmail.com
MFC after: 1 week

show more ...

netlink: Don't directly access ifnet members

Summary:
Remove the final direct access of struct ifnet members from netlink.
Since only the first address is used, create the iterator and then free,
wi

netlink: Don't directly access ifnet members

Summary:
Remove the final direct access of struct ifnet members from netlink.
Since only the first address is used, create the iterator and then free,
without fully iterating.

Reviewed By: kp
Sponsored by: Juniper Networks, Inc.
Differential Revision: https://reviews.freebsd.org/D42972

show more ...

netinet: correct SIOCDIFADDR{,_IN6} calls to use {,in6_}ifreq

The SIOCDIFADDR{,_IN6} ioctls take an ifreq structure object, not an
ifaliasreq/in_aliasreq/in6_aliasreq structure object, as their argu

netinet: correct SIOCDIFADDR{,_IN6} calls to use {,in6_}ifreq

The SIOCDIFADDR{,_IN6} ioctls take an ifreq structure object, not an
ifaliasreq/in_aliasreq/in6_aliasreq structure object, as their argument.
As opposed to ifaliasreq/in_aliasreq/in6_aliasreq used by
SIOCAIFADDR{,_IN6}, the ifreq/in6_ifreq structures used by the
SIOCDIFADDR{,_IN6} ioctls do not include a separate field for a
broadcast address and other values required to add an address to a
network interface with SIOCAIFADDR{,_IN6}.

Whilst this issue is not specific to CHERI-extended architectures, it
was first observed on CheriBSD running on Arm Morello. For example,
incorrect calls using the in6_aliasreq object result in CHERI capability
violations. A pointer to the ifra_addr field in in6_aliasreq cast to the
ifru_addr union member of in6_ifreq results in bounds being set to the
union's larger size. Such bounds exceed the bounds of of in6_aliasreq
object and the bounds-setting instruction clears a tag of the object's
capability.

Reviewed by: brooks, kp, oshogbo
Accepted by: oshogbo (mentor)
Reported by: CHERI
Obtained from: CheriBSD
Differential Revision: https://reviews.freebsd.org/D46016

show more ...

netlink: pass the correct arguments for SIOCDIFADDR and SIOCDIFADDR_IN6

These take struct ifreq and struct in6_ifreq respectively. Passing struct
in_aliasreq or struct in6_aliasreq means we're suppl

netlink: pass the correct arguments for SIOCDIFADDR and SIOCDIFADDR_IN6

These take struct ifreq and struct in6_ifreq respectively. Passing struct
in_aliasreq or struct in6_aliasreq means we're supplying a shorter object than
expected. While this doesn't actively break things on most architectures other
than CHERI it is still wrong.

Reported by: CheriBSD
Event: Kitchener-Waterloo Hackathon 202406

show more ...

sys/netlink/route/iface.c: remove an extra semicolon

Signed-off-by: rilysh <nightquick@proton.me>
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/959

netlink: move NETLINK define to opt_global.h

Move the NETLINK define into opt_global.h so we can rely on it being
set correctly, without having to remember to include opt_netlink.h.
This ensures tha

netlink: move NETLINK define to opt_global.h

Move the NETLINK define into opt_global.h so we can rely on it being
set correctly, without having to remember to include opt_netlink.h.
This ensures that the NETLINK define is correctly set. If not we
may end up with unloadable modules, due to missing symbols (such as
nlmsg_get_group_writer).

PR: 274306
Reviewed by: imp, markj
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D42179

show more ...

netlink: fix accessing freed memory

The check for if_addrlen in dump_iface() is not sufficient to determine
if we still have a valid if_addr. Rather than directly accessing if_addr
check the STAILQ

netlink: fix accessing freed memory

The check for if_addrlen in dump_iface() is not sufficient to determine
if we still have a valid if_addr. Rather than directly accessing if_addr
check the STAILQ (for the first entry).
This avoids panics when destroying cloned interfaces as experienced with
net80211 wlan ones.

Sponsored by: The FreeBSD Foundation
MFC after: 3 days
Reviewed by: jhibbits (earlier version), kp
Differential Revision: https://reviews.freebsd.org/D42027

show more ...

sys: Remove $FreeBSD$: one-line .c pattern

Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/

netinet[6]: make in[6]_control use ucred instead of td.

Reviewed by: markj, zlei
Differential Revision: https://reviews.freebsd.org/D40793
MFC after: 2 weeks

netlink: convert to IfAPI.

Convert to IfAPI everything except `IF_AFDATA_WLOCK` usage in neigh.c.

Reviewed By: jhibbits
Differential Revision: https://reviews.freebsd.org/D40577

netlink: dump interface capabilities with other interface data.

This change exports interface capabilities using the standard
Netlink attribute type, bitset, and switches `ifconfig(8)` to use
it whe

netlink: dump interface capabilities with other interface data.

This change exports interface capabilities using the standard
Netlink attribute type, bitset, and switches `ifconfig(8)` to use
it when displaying interface data.
Bitset comes in two representations. The first one is "compact",
where the bits are exported via two arrays - "mask" listing the
"valid" bits and "values, providing the values for those bits.
The second one is more verbose, listing each bit as a separate item,
with its name, id and value. The latter option is handy when submitting
update requests.

The support for setting capabilities will be added in the upcoming diffs.

Differential Revision: https://reviews.freebsd.org/D40331

show more ...

netlink: fix compilation withous INET6

Fixes: a77facd27368f618520d25391cfce11149879a41

ifnet: consistently call hooks when the interface gets up.

Some context on the current IPv6 interface setup & address management:

There are two data path for IPv6 initialisation in context of assig

ifnet: consistently call hooks when the interface gets up.

Some context on the current IPv6 interface setup & address management:

There are two data path for IPv6 initialisation in context of assigning
LL addresses:
1) Userland explicitly requests IFF_UP for the interface w/o any addresses.
if_up() then calls in6_if_up(), which calls in6_ifattach().
The latter sets up some initial ND/IN6 state and disables IPv6 for the
interface if it’s not loopback. If the interface is loopback, then it
adds ::1/128 and LL addresses via in6_ifattach_loopback().
Then, devd notification is generated (if the VNET is the default one),
which triggers rc.network ifconfig_up(), causing ifdisabled to be removed
via SIOCSIFINFO_IN6 from ifconfig. The kernel SIOCSIFINFO_IN6 handler
calls in6_if_up() once again and it assigns the interface link-local address.

2) Userland adds IPv4 or IPv6 address to the interface. SIOCAIFADDR[_IN6]
kernel handler calls IPv4/IPv6 protocol handler to add the address.
Both then call if_ioctl() with SIOCSIFADDR. Ethernet/loopback ioctl handlers
silently sets IFF_UP for the interface. Finally, if.c:ifioctl() wrapper code
compares old and new interface flags and, if IFF_UP is added, it explicitly
calls in6_if_up(), which adds link-local address if either the original
address is IPv6 or the interface is loopback.

In the latter case, “formal” interface-up notifications are missing.
The kernel does not trigger event handler event, does not call carp hook
and does not provide any userland notification.

This diff unifies the event handling in both scenarios, providing the
necessary notifications to the kernel and userland.

Reviewed By: kp
Differential Revision: https://reviews.freebsd.org/D40332
MFC after: 2 weeks

show more ...

netlink: fix ifconfig P2P inet ADDR ADDR netmask 255.255.255.255 addition

Adding P2P addresses is complex in both ioctl and Netlink.
In the ioctl interface, "broadcast" field is the same field as th

netlink: fix ifconfig P2P inet ADDR ADDR netmask 255.255.255.255 addition

Adding P2P addresses is complex in both ioctl and Netlink.
In the ioctl interface, "broadcast" field is the same field as the
"peer". In is possible to specify non-p2p address for the p2p
interface in IPv6, but not in IPv4.
In the Netlink interface, "address" field means "peer" address.
As a result, a common notion for the Netlink users is to submit
same address/peer for non-P2P interfaces.

This change customises mapping the attribute on per-family basis.
Specifically,
for IPv4 - if the interface is P2P, assume "address" is p2p and
"local" is the address. If the interfase is non-p2p, use "local"
attribute as the address. If it's not set, use "address" attribute.
for IPv6 - start with "local" attribute as the address. If it's not set,
use use "address" attribute. If both are set and both are the same,
assume non p2p, otherwise add as p2p.

MFC after: 2 weeks
Reported by: jkim

show more ...

netlink: fix bulding with NOINET6

netlink: call IPv6 hook after the ifaddr operation when ifp is brought
up.

This change fixes the case when the first address added to the interface
is IPv6 GU address. Before the change, IPv6 LL ad

netlink: call IPv6 hook after the ifaddr operation when ifp is brought
up.

This change fixes the case when the first address added to the interface
is IPv6 GU address. Before the change, IPv6 LL addition was not
triggered.

PR: 271661
MFC after: 2 weeks

show more ...

netlink: call IPv6 hook when adding IPv4 addresses.

This provides compatibility with ifioctl() version of SIOCAIFADDR.
This change is temporary until the IPv4/IPv6 address handling code
is moved to

netlink: call IPv6 hook when adding IPv4 addresses.

This provides compatibility with ifioctl() version of SIOCAIFADDR.
This change is temporary until the IPv4/IPv6 address handling code
is moved to netinet[6].

show more ...

netlink: Move an INET-only variable under #if.

This fixes the LINT-NOIP build.

netlink: automatically generate broadcast for IPv4 ifa if not set.

MFC after: 2 weeks

netlink: add support for adding/deleting interface addresses

Differential Revision: https://reviews.freebsd.org/D40103
MFC after: 2 weeks

spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD

The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch
up to that fact and revert to their recommended match of

spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD

The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch
up to that fact and revert to their recommended match of BSD-2-Clause.

Discussed with: pfg
MFC After: 3 days
Sponsored by: Netflix

show more ...

netlink: reduce default log levels

Reduce the default log level for netlink to LOG_INFO. This removes a
number of messages such as

> [nl_iface] dump_sa: unsupported family: 0, skipping
or
> [nl_ifa

netlink: reduce default log levels

Reduce the default log level for netlink to LOG_INFO. This removes a
number of messages such as

> [nl_iface] dump_sa: unsupported family: 0, skipping
or
> [nl_iface] get_operstate_ether: error calling SIOCGIFMEDIA on vlan0: 22

that are useful for debugging, but not for most users.

Reviewed by: melifaro
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D40062

show more ...