netlink: reduce default log levels

Reduce the default log level for netlink to LOG_INFO. This removes a
number of messages such as

> [nl_iface] dump_sa: unsupported family: 0, skipping
or
> [nl_ifa

netlink: reduce default log levels

Reduce the default log level for netlink to LOG_INFO. This removes a
number of messages such as

> [nl_iface] dump_sa: unsupported family: 0, skipping
or
> [nl_iface] get_operstate_ether: error calling SIOCGIFMEDIA on vlan0: 22

that are useful for debugging, but not for most users.

Reviewed by: melifaro
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D40062

show more ...

netlink: provide original interface lladdr in the interface dump.

* Store lladdr in the FreeBSD-specific IFLAF_ORIG_HWADDR attr
* Do not export empty IFLA_ADDRESS for interfaces w/o lladdrs.

MFC af

netlink: provide original interface lladdr in the interface dump.

* Store lladdr in the FreeBSD-specific IFLAF_ORIG_HWADDR attr
* Do not export empty IFLA_ADDRESS for interfaces w/o lladdrs.

MFC after: 2 weeks

show more ...

netlink: export more IPv6 ifa info

* Fill in IFA_CACHEINFO with prefix lifetime data
* Map IPv6 IN6_IFF_ flags to Netlink IFA_F_ flags
* Store original ia6_flags in the FreeBSD-specific IFAF_FLAGS f

netlink: export more IPv6 ifa info

* Fill in IFA_CACHEINFO with prefix lifetime data
* Map IPv6 IN6_IFF_ flags to Netlink IFA_F_ flags
* Store original ia6_flags in the FreeBSD-specific IFAF_FLAGS field

MFC after: 2 weeks

show more ...

netlink: export carp VHID when dumping interface addresses.

MFC after: 2 weeks

netlink: remove now-unused rtnl_iface_find_cloner_locked().

netlink: add netlink interfaces to if_clone

This change adds netlink create/modify/dump interfaces to the `if_clone.c`.
The previous attempt with storing the logic inside `netlink/route/iface_driver

netlink: add netlink interfaces to if_clone

This change adds netlink create/modify/dump interfaces to the `if_clone.c`.
The previous attempt with storing the logic inside `netlink/route/iface_drivers.c`
did not quite work, as, for example, dumping interface-specific state
(like vlan id or vlan parent) required some peeking into the private interfaces.

The new interfaces are added in a compatible way - callers don't have to do anything
unless they are extended with Netlink.

Reviewed by: kp
Differential Revision: https://reviews.freebsd.org/D39032
MFC after: 1 month

show more ...

netlink: do not print "unknown sa family" warnings at the default debug
level.

MFC after: 2 weeks

netlink: fix !INET6 warning

Reported by: Gary Jennejohn <garyj@gmx.de>
MFC after: 2 weeks

netlink: add netlink KPI to the kernel by default

This change does the following:

Base Netlink KPIs (ability to register the family, parse and/or
write a Netlink message) are always present in the

netlink: add netlink KPI to the kernel by default

This change does the following:

Base Netlink KPIs (ability to register the family, parse and/or
write a Netlink message) are always present in the kernel. Specifically,
* Implementation of genetlink family/group registration/removal,
some base accessors (netlink_generic_kpi.c, 260 LoC) are compiled in
unconditionally.
* Basic TLV parser functions (netlink_message_parser.c, 507 LoC) are
compiled in unconditionally.
* Glue functions (netlink<>rtsock), malloc/core sysctl definitions
(netlink_glue.c, 259 LoC) are compiled in unconditionally.
* The rest of the KPI _functions_ are defined in the netlink_glue.c,
but their implementation calls a pointer to either the stub function
or the actual function, depending on whether the module is loaded or not.

This approach allows to have only 1k LoC out of ~3.7k LoC (current
sys/netlink implementation) in the kernel, which will not grow further.
It also allows for the generic netlink kernel customers to load
successfully without requiring Netlink module and operate correctly
once Netlink module is loaded.

Reviewed by: imp
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D39269

show more ...

netlink: allow netlink sockets in non-vnet jails.

This change allow to open Netlink sockets in the non-vnet jails, even for
unpriviledged processes.
The security model largely follows the existing

netlink: allow netlink sockets in non-vnet jails.

This change allow to open Netlink sockets in the non-vnet jails, even for
unpriviledged processes.
The security model largely follows the existing one. To be more specific:
* by default, every `NETLINK_ROUTE` command is **NOT** allowed in non-VNET
jail UNLESS `RTNL_F_ALLOW_NONVNET_JAIL` flag is specified in the command
handler.
* All notifications are **disabled** for non-vnet jails (requests to
subscribe for the notifications are ignored). This will change to be more
fine-grained model once the first netlink provider requiring this gets
committed.
* Listing interfaces (RTM_GETLINK) is **allowed** w/o limits (**including**
interfaces w/o any addresses attached to the jail). The value of this is
questionable, but it follows the existing approach.
* Listing ARP/NDP neighbours is **forbidden**. This is a **change** from the
current approach - currently we list static ARP/ND entries belonging to the
addresses attached to the jail.
* Listing interface addresses is **allowed**, but the addresses are filtered
to match only ones attached to the jail.
* Listing routes is **allowed**, but the routes are filtered to provide only
host routes matching the addresses attached to the jail.
* By default, every `NETLINK_GENERIC` command is **allowed** in non-VNET jail
(as sub-families may be unrelated to network at all).
It is the goal of the family author to implement the restriction if
necessary.

Differential Revision: https://reviews.freebsd.org/D39206
MFC after: 1 month

show more ...

netlink: use newly-added if_foreach_sleep() to iterate over the interface list.

Summary: MFC after: 2 weeks

Subscribers: imp, glebius

Differential Revision: https://reviews.freebsd.org/D38907

netlink: remove redundant check.

MFC after: 2 weeks
CID: 1498867

netlink: simplify temporary address allocation in rtnl_handle_getlink().

MFC after: 3 days

netlink: fix interface dump.

The current code missed interface addition when reallocating
temporary buffer.
Tweak the code to perform the reallocation first and add
interface afterwards unconditio

netlink: fix interface dump.

The current code missed interface addition when reallocating
temporary buffer.
Tweak the code to perform the reallocation first and add
interface afterwards unconditionally.

Reported by: Marek Zarychta <zarychtam@plan-b.pwste.edu.pl>
MFC after: 3 days

show more ...

netlink: use ifmedia to provide vlan interface operstate.

Netlink customers rely on admin and operational state when
working with interfaces. The current implementation retuns
"unknown" operstate

netlink: use ifmedia to provide vlan interface operstate.

Netlink customers rely on admin and operational state when
working with interfaces. The current implementation retuns
"unknown" operstate for all interface types except IFT_ETHER
and IFT_LOOP.

This change updates the code to fetch vlan operstate in the same way
as for the ether interfaces. For the rest of the interface types,
operstate is now mapped to the admin state.

Reported by: Marek Zarychta <zarychtam@plan-b.pwste.edu.pl>
MFC after: 3 days

show more ...

netlink: improve RTM_GETADDR handling.

* Allow filtering by ifa_family & ifa_index.
* Add common RTM_<NEW|DEL|GET>ADDR parser
* Add tests verifying RTM_GETADDR filtering behaviour & output
* Factor

netlink: improve RTM_GETADDR handling.

* Allow filtering by ifa_family & ifa_index.
* Add common RTM_<NEW|DEL|GET>ADDR parser
* Add tests verifying RTM_GETADDR filtering behaviour & output
* Factor out common netlink socket test methods into NetlinkTestTemplate
* Add NLMSG_DONE message handler

Reviewed By: pauamma
Differential Revision: https://reviews.freebsd.org/D37970

show more ...

netlink: fix ifaddr reporting.

Output the proper attributes for IPv4/IPvv6 ifaddrs:
* IFA_ADDRESS contains local address in every case except p2p,
in that case it contains the peer address
* IFA_

netlink: fix ifaddr reporting.

Output the proper attributes for IPv4/IPvv6 ifaddrs:
* IFA_ADDRESS contains local address in every case except p2p,
in that case it contains the peer address
* IFA_LOCAL contains local address. It is always present in IPv4,
or in IPv6/p2p.
* IFA_BROADCAST contains the network broadcast address (if any)

Reported by: Adam Wood <aswood@gmail.com>
Tested by: Adam Wood <aswood@gmail.com>

show more ...

netlink: improve interface handling

* Separate interface creation from interface modification code
* Support setting some interface attributes (ifdescr, mtu, up/down, promisc)
* Improve interaction

netlink: improve interface handling

* Separate interface creation from interface modification code
* Support setting some interface attributes (ifdescr, mtu, up/down, promisc)
* Improve interaction with the cloners requiring to parse/write custom
interface attributes
* Add bitmask-based way of checking if the attribute is present in the
message
* Don't use multipart RTM_GETLINK replies when searching for the
specific interface names
* Use ENODEV instead of ENOENT in case of failed RTM_GETLINK search
* Add python netlink test helpers
* Add some netlink interface tests

Differential Revision: https://reviews.freebsd.org/D37668

show more ...

netlink: add interface notification on link status / flags change.

* Add link-state change notifications by subscribing to ifnet_link_event.
In the Linux netlink model, link state is reported in 2

netlink: add interface notification on link status / flags change.

* Add link-state change notifications by subscribing to ifnet_link_event.
In the Linux netlink model, link state is reported in 2 places: first is
the IFLA_OPERSTATE, which stores state per RFC2863.
The second is an IFF_LOWER_UP interface flag. As many applications rely
on the latter, reserve 1 bit from if_flags, named as IFF_NETLINK_1.
This flag is mapped to IFF_LOWER_UP in the netlink headers. This is done
to avoid making applications think this flag is actually
supported / presented in non-netlink outputs.
* Add flag change notifications, by hooking into rt_ifmsg().
In the netlink model, notification should include the bitmask for the
change flags. Update rt_ifmsg() to include such bitmask.

Differential Revision: https://reviews.freebsd.org/D37597

show more ...

netlink: make it working without INET6

netlink: Fix build without VIMAGE

netlink: add netlink support

Netlinks is a communication protocol currently used in Linux kernel to modify,
read and subscribe for nearly all networking state. Interfaces, addresses, routes,
firew

netlink: add netlink support

Netlinks is a communication protocol currently used in Linux kernel to modify,
read and subscribe for nearly all networking state. Interfaces, addresses, routes,
firewall, fibs, vnets, etc are controlled via netlink.
It is async, TLV-based protocol, providing 1-1 and 1-many communications.

The current implementation supports the subset of NETLINK_ROUTE
family. To be more specific, the following is supported:
* Dumps:
- routes
- nexthops / nexthop groups
- interfaces
- interface addresses
- neighbors (arp/ndp)
* Notifications:
- interface arrival/departure
- interface address arrival/departure
- route addition/deletion
* Modifications:
- adding/deleting routes
- adding/deleting nexthops/nexthops groups
- adding/deleting neghbors
- adding/deleting interfaces (basic support only)
* Rtsock interaction
- route events are bridged both ways

The implementation also supports the NETLINK_GENERIC family framework.

Implementation notes:
Netlink is implemented via loadable/unloadable kernel module,
not touching many kernel parts.
Each netlink socket uses dedicated taskqueue to support async operations
that can sleep, such as interface creation. All message processing is
performed within these taskqueues.

Compatibility:
Most of the Netlink data models specified above maps to FreeBSD concepts
nicely. Unmodified ip(8) binary correctly works with
interfaces, addresses, routes, nexthops and nexthop groups. Some
software such as net/bird require header-only modifications to compile
and work with FreeBSD netlink.

Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D36002
MFC after: 2 months

show more ...