1 /*- 2 * SPDX-License-Identifier: BSD-2-Clause 3 * 4 * Copyright (c) 2022 Alexander V. Chernikov <melifaro@FreeBSD.org> 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25 * SUCH DAMAGE. 26 */ 27 28 #include <sys/cdefs.h> 29 #include "opt_inet.h" 30 #include "opt_inet6.h" 31 #include <sys/types.h> 32 #include <sys/malloc.h> 33 #include <sys/rmlock.h> 34 #include <sys/socket.h> 35 36 #include <machine/stdarg.h> 37 38 #include <net/if.h> 39 #include <net/route.h> 40 #include <net/route/nhop.h> 41 42 #include <net/route/route_ctl.h> 43 #include <netinet/in.h> 44 #include <netlink/netlink.h> 45 #include <netlink/netlink_ctl.h> 46 #include <netlink/netlink_var.h> 47 #include <netlink/netlink_route.h> 48 49 #define DEBUG_MOD_NAME nl_parser 50 #define DEBUG_MAX_LEVEL LOG_DEBUG3 51 #include <netlink/netlink_debug.h> 52 _DECLARE_DEBUG(LOG_INFO); 53 54 bool 55 nlmsg_report_err_msg(struct nl_pstate *npt, const char *fmt, ...) 56 { 57 va_list ap; 58 59 if (npt->err_msg != NULL) 60 return (false); 61 char *buf = npt_alloc(npt, NL_MAX_ERROR_BUF); 62 if (buf == NULL) 63 return (false); 64 va_start(ap, fmt); 65 vsnprintf(buf, NL_MAX_ERROR_BUF, fmt, ap); 66 va_end(ap); 67 68 npt->err_msg = buf; 69 return (true); 70 } 71 72 bool 73 nlmsg_report_err_offset(struct nl_pstate *npt, uint32_t off) 74 { 75 if (npt->err_off != 0) 76 return (false); 77 npt->err_off = off; 78 return (true); 79 } 80 81 void 82 nlmsg_report_cookie(struct nl_pstate *npt, struct nlattr *nla) 83 { 84 MPASS(nla->nla_type == NLMSGERR_ATTR_COOKIE); 85 MPASS(nla->nla_len >= sizeof(struct nlattr)); 86 npt->cookie = nla; 87 } 88 89 void 90 nlmsg_report_cookie_u32(struct nl_pstate *npt, uint32_t val) 91 { 92 struct nlattr *nla = npt_alloc(npt, sizeof(*nla) + sizeof(uint32_t)); 93 94 nla->nla_type = NLMSGERR_ATTR_COOKIE; 95 nla->nla_len = sizeof(*nla) + sizeof(uint32_t); 96 memcpy(nla + 1, &val, sizeof(uint32_t)); 97 nlmsg_report_cookie(npt, nla); 98 } 99 100 static const struct nlattr_parser * 101 search_states(const struct nlattr_parser *ps, u_int pslen, int key) 102 { 103 int left_i = 0, right_i = pslen - 1; 104 105 if (key < ps[0].type || key > ps[pslen - 1].type) 106 return (NULL); 107 108 while (left_i + 1 < right_i) { 109 int mid_i = (left_i + right_i) / 2; 110 if (key < ps[mid_i].type) 111 right_i = mid_i; 112 else if (key > ps[mid_i].type) 113 left_i = mid_i + 1; 114 else 115 return (&ps[mid_i]); 116 } 117 if (ps[left_i].type == key) 118 return (&ps[left_i]); 119 else if (ps[right_i].type == key) 120 return (&ps[right_i]); 121 return (NULL); 122 } 123 124 int 125 nl_parse_attrs_raw(struct nlattr *nla_head, uint16_t len, 126 const struct nlattr_parser *ps, u_int pslen, struct nl_pstate *npt, 127 void *target) 128 { 129 const struct nlattr_parser *s; 130 struct nlattr *nla; 131 uint16_t orig_len, off; 132 int error = 0; 133 134 NL_LOG(LOG_DEBUG3, "parse %p remaining_len %d", nla_head, len); 135 orig_len = len; 136 NLA_FOREACH(nla, nla_head, len) { 137 NL_LOG(LOG_DEBUG3, ">> parsing %p attr_type %u len %u (rem %u)", 138 nla, nla->nla_type, nla->nla_len, len); 139 if (nla->nla_len < sizeof(struct nlattr)) { 140 NLMSG_REPORT_ERR_MSG(npt, 141 "Invalid attr %p type %u len: %u", 142 nla, nla->nla_type, nla->nla_len); 143 off = (char *)nla - (char *)npt->hdr; 144 nlmsg_report_err_offset(npt, off); 145 return (EINVAL); 146 } 147 148 s = search_states(ps, pslen, nla->nla_type & NLA_TYPE_MASK); 149 if (s != NULL) { 150 void *ptr; 151 152 ptr = (void *)((char *)target + s->off); 153 error = s->cb(nla, npt, s->arg, ptr); 154 if (error != 0) { 155 off = (char *)nla - (char *)npt->hdr; 156 nlmsg_report_err_offset(npt, off); 157 NL_LOG(LOG_DEBUG3, 158 "parse failed at offset %u", off); 159 return (error); 160 } 161 } else { 162 /* Ignore non-specified attributes */ 163 NL_LOG(LOG_DEBUG3, "ignoring attr %u", nla->nla_type); 164 } 165 } 166 if (len >= sizeof(struct nlattr)) { 167 nla = (struct nlattr *)((char *)nla_head + (orig_len - len)); 168 NL_LOG(LOG_DEBUG3, " >>> end %p attr_type %u len %u", nla, 169 nla->nla_type, nla->nla_len); 170 } 171 NL_LOG(LOG_DEBUG3, "end parse: %p remaining_len %u", nla, len); 172 173 return (0); 174 } 175 176 void 177 nl_get_attrs_bmask_raw(struct nlattr *nla_head, uint32_t len, 178 struct nlattr_bmask *bm) 179 { 180 struct nlattr *nla = NULL; 181 uint16_t nla_type; 182 183 BIT_ZERO(NL_ATTR_BMASK_SIZE, bm); 184 185 NLA_FOREACH(nla, nla_head, len) { 186 if (nla->nla_len < sizeof(struct nlattr)) 187 return; 188 nla_type = nla->nla_type & NLA_TYPE_MASK; 189 if (nla_type < NL_ATTR_BMASK_SIZE) 190 BIT_SET(NL_ATTR_BMASK_SIZE, nla_type, bm); 191 else 192 NL_LOG(LOG_DEBUG2, 193 "Skipping type %u in the mask: too short", 194 nla_type); 195 } 196 } 197 198 bool 199 nl_has_attr(const struct nlattr_bmask *bm, uint16_t nla_type) 200 { 201 MPASS(nla_type < NL_ATTR_BMASK_SIZE); 202 203 return (BIT_ISSET(NL_ATTR_BMASK_SIZE, nla_type, bm)); 204 } 205 206 int 207 nlattr_get_flag(struct nlattr *nla, struct nl_pstate *npt, const void *arg, 208 void *target) 209 { 210 if (__predict_false(NLA_DATA_LEN(nla) != 0)) { 211 NLMSG_REPORT_ERR_MSG(npt, "nla type %d size(%u) is not a flag", 212 nla->nla_type, NLA_DATA_LEN(nla)); 213 return (EINVAL); 214 } 215 216 *((uint8_t *)target) = 1; 217 return (0); 218 } 219 220 static struct sockaddr * 221 parse_rta_ip4(void *rta_data, struct nl_pstate *npt, int *perror) 222 { 223 struct sockaddr_in *sin; 224 225 sin = (struct sockaddr_in *)npt_alloc_sockaddr(npt, 226 sizeof(struct sockaddr_in)); 227 if (__predict_false(sin == NULL)) { 228 *perror = ENOBUFS; 229 return (NULL); 230 } 231 sin->sin_len = sizeof(struct sockaddr_in); 232 sin->sin_family = AF_INET; 233 memcpy(&sin->sin_addr, rta_data, sizeof(struct in_addr)); 234 return ((struct sockaddr *)sin); 235 } 236 237 static struct sockaddr * 238 parse_rta_ip6(void *rta_data, struct nl_pstate *npt, int *perror) 239 { 240 struct sockaddr_in6 *sin6; 241 242 sin6 = (struct sockaddr_in6 *)npt_alloc_sockaddr(npt, 243 sizeof(struct sockaddr_in6)); 244 if (__predict_false(sin6 == NULL)) { 245 *perror = ENOBUFS; 246 return (NULL); 247 } 248 sin6->sin6_len = sizeof(struct sockaddr_in6); 249 sin6->sin6_family = AF_INET6; 250 memcpy(&sin6->sin6_addr, rta_data, sizeof(struct in6_addr)); 251 return ((struct sockaddr *)sin6); 252 } 253 254 static struct sockaddr * 255 parse_rta_ip(struct rtattr *rta, struct nl_pstate *npt, int *perror) 256 { 257 void *rta_data = NL_RTA_DATA(rta); 258 int rta_len = NL_RTA_DATA_LEN(rta); 259 260 if (rta_len == sizeof(struct in_addr)) { 261 return (parse_rta_ip4(rta_data, npt, perror)); 262 } else if (rta_len == sizeof(struct in6_addr)) { 263 return (parse_rta_ip6(rta_data, npt, perror)); 264 } else { 265 NLMSG_REPORT_ERR_MSG(npt, "unknown IP len: %d for rta type %d", 266 rta_len, rta->rta_type); 267 *perror = ENOTSUP; 268 return (NULL); 269 } 270 return (NULL); 271 } 272 273 int 274 nlattr_get_ip(struct nlattr *nla, struct nl_pstate *npt, const void *arg, 275 void *target) 276 { 277 int error = 0; 278 279 struct sockaddr *sa = parse_rta_ip((struct rtattr *)nla, npt, &error); 280 281 *((struct sockaddr **)target) = sa; 282 return (error); 283 } 284 285 static struct sockaddr * 286 parse_rta_via(struct rtattr *rta, struct nl_pstate *npt, int *perror) 287 { 288 struct rtvia *via = NL_RTA_DATA(rta); 289 int data_len = NL_RTA_DATA_LEN(rta); 290 291 if (__predict_false(data_len) < sizeof(struct rtvia)) { 292 NLMSG_REPORT_ERR_MSG(npt, "undersized RTA_VIA(%d) attr: len %d", 293 rta->rta_type, data_len); 294 *perror = EINVAL; 295 return (NULL); 296 } 297 data_len -= offsetof(struct rtvia, rtvia_addr); 298 299 switch (via->rtvia_family) { 300 case AF_INET: 301 if (__predict_false(data_len < sizeof(struct in_addr))) { 302 *perror = EINVAL; 303 return (NULL); 304 } 305 return (parse_rta_ip4(via->rtvia_addr, npt, perror)); 306 case AF_INET6: 307 if (__predict_false(data_len < sizeof(struct in6_addr))) { 308 *perror = EINVAL; 309 return (NULL); 310 } 311 return (parse_rta_ip6(via->rtvia_addr, npt, perror)); 312 default: 313 *perror = ENOTSUP; 314 return (NULL); 315 } 316 } 317 318 int 319 nlattr_get_ipvia(struct nlattr *nla, struct nl_pstate *npt, const void *arg, 320 void *target) 321 { 322 int error = 0; 323 324 struct sockaddr *sa = parse_rta_via((struct rtattr *)nla, npt, &error); 325 326 *((struct sockaddr **)target) = sa; 327 return (error); 328 } 329 330 int 331 nlattr_get_bool(struct nlattr *nla, struct nl_pstate *npt, const void *arg, 332 void *target) 333 { 334 if (__predict_false(NLA_DATA_LEN(nla) != sizeof(bool))) { 335 NLMSG_REPORT_ERR_MSG(npt, "nla type %d size(%u) is not bool", 336 nla->nla_type, NLA_DATA_LEN(nla)); 337 return (EINVAL); 338 } 339 *((bool *)target) = *((const bool *)NL_RTA_DATA_CONST(nla)); 340 return (0); 341 } 342 343 int 344 nlattr_get_uint8(struct nlattr *nla, struct nl_pstate *npt, const void *arg, 345 void *target) 346 { 347 if (__predict_false(NLA_DATA_LEN(nla) != sizeof(uint8_t))) { 348 NLMSG_REPORT_ERR_MSG(npt, "nla type %d size(%u) is not uint8", 349 nla->nla_type, NLA_DATA_LEN(nla)); 350 return (EINVAL); 351 } 352 *((uint8_t *)target) = *((const uint8_t *)NL_RTA_DATA_CONST(nla)); 353 return (0); 354 } 355 356 int 357 nlattr_get_uint16(struct nlattr *nla, struct nl_pstate *npt, const void *arg, 358 void *target) 359 { 360 if (__predict_false(NLA_DATA_LEN(nla) != sizeof(uint16_t))) { 361 NLMSG_REPORT_ERR_MSG(npt, "nla type %d size(%u) is not uint16", 362 nla->nla_type, NLA_DATA_LEN(nla)); 363 return (EINVAL); 364 } 365 *((uint16_t *)target) = *((const uint16_t *)NL_RTA_DATA_CONST(nla)); 366 return (0); 367 } 368 369 int 370 nlattr_get_uint32(struct nlattr *nla, struct nl_pstate *npt, const void *arg, 371 void *target) 372 { 373 if (__predict_false(NLA_DATA_LEN(nla) != sizeof(uint32_t))) { 374 NLMSG_REPORT_ERR_MSG(npt, "nla type %d size(%u) is not uint32", 375 nla->nla_type, NLA_DATA_LEN(nla)); 376 return (EINVAL); 377 } 378 *((uint32_t *)target) = *((const uint32_t *)NL_RTA_DATA_CONST(nla)); 379 return (0); 380 } 381 382 int 383 nlattr_get_uint64(struct nlattr *nla, struct nl_pstate *npt, const void *arg, 384 void *target) 385 { 386 if (__predict_false(NLA_DATA_LEN(nla) != sizeof(uint64_t))) { 387 NLMSG_REPORT_ERR_MSG(npt, "nla type %d size(%u) is not uint64", 388 nla->nla_type, NLA_DATA_LEN(nla)); 389 return (EINVAL); 390 } 391 memcpy(target, NL_RTA_DATA_CONST(nla), sizeof(uint64_t)); 392 return (0); 393 } 394 395 int 396 nlattr_get_in_addr(struct nlattr *nla, struct nl_pstate *npt, const void *arg, 397 void *target) 398 { 399 if (__predict_false(NLA_DATA_LEN(nla) != sizeof(in_addr_t))) { 400 NLMSG_REPORT_ERR_MSG(npt, 401 "nla type %d size(%u) is not in_addr_t", 402 nla->nla_type, NLA_DATA_LEN(nla)); 403 return (EINVAL); 404 } 405 memcpy(target, NLA_DATA_CONST(nla), sizeof(in_addr_t)); 406 return (0); 407 } 408 409 int 410 nlattr_get_in6_addr(struct nlattr *nla, struct nl_pstate *npt, const void *arg, 411 void *target) 412 { 413 if (__predict_false(NLA_DATA_LEN(nla) != sizeof(struct in6_addr))) { 414 NLMSG_REPORT_ERR_MSG(npt, 415 "nla type %d size(%u) is not struct in6_addr", 416 nla->nla_type, NLA_DATA_LEN(nla)); 417 return (EINVAL); 418 } 419 memcpy(target, NLA_DATA_CONST(nla), sizeof(struct in6_addr)); 420 return (0); 421 } 422 423 static int 424 nlattr_get_ifp_internal(struct nlattr *nla, struct nl_pstate *npt, 425 void *target, bool zero_ok) 426 { 427 struct ifnet *ifp; 428 u_int ifindex; 429 430 if (__predict_false(NLA_DATA_LEN(nla) != sizeof(uint32_t))) { 431 NLMSG_REPORT_ERR_MSG(npt, "nla type %d size(%u) is not uint32", 432 nla->nla_type, NLA_DATA_LEN(nla)); 433 return (EINVAL); 434 } 435 ifindex = *((const u_int *)NLA_DATA_CONST(nla)); 436 437 if (ifindex == 0 && zero_ok) { 438 *((struct ifnet **)target) = NULL; 439 return (0); 440 } 441 442 NET_EPOCH_ASSERT(); 443 444 ifp = ifnet_byindex(ifindex); 445 if (__predict_false(ifp == NULL)) { 446 NLMSG_REPORT_ERR_MSG(npt, "nla type %d: ifindex %u invalid", 447 nla->nla_type, ifindex); 448 return (ENOENT); 449 } 450 *((struct ifnet **)target) = ifp; 451 NL_LOG(LOG_DEBUG3, "nla type %d: ifindex %u -> %s", nla->nla_type, 452 ifindex, if_name(ifp)); 453 454 return (0); 455 } 456 457 int 458 nlattr_get_ifp(struct nlattr *nla, struct nl_pstate *npt, const void *arg, 459 void *target) 460 { 461 return (nlattr_get_ifp_internal(nla, npt, target, false)); 462 } 463 464 int 465 nlattr_get_ifpz(struct nlattr *nla, struct nl_pstate *npt, const void *arg, 466 void *target) 467 { 468 return (nlattr_get_ifp_internal(nla, npt, target, true)); 469 } 470 471 int 472 nlattr_get_chara(struct nlattr *nla, struct nl_pstate *npt, const void *arg, 473 void *target) 474 { 475 int maxlen = NLA_DATA_LEN(nla); 476 int target_size = (size_t)arg; 477 int len = strnlen((char *)NLA_DATA(nla), maxlen); 478 479 if (__predict_false(len >= maxlen) || 480 __predict_false(len >= target_size)) { 481 NLMSG_REPORT_ERR_MSG(npt, "nla type %d size(%u) is not " 482 "NULL-terminated or longer than %u", 483 nla->nla_type, maxlen, target_size); 484 return (EINVAL); 485 } 486 487 strncpy((char *)target, (char *)NLA_DATA(nla), target_size); 488 return (0); 489 } 490 491 int 492 nlattr_get_string(struct nlattr *nla, struct nl_pstate *npt, const void *arg, 493 void *target) 494 { 495 int maxlen = NLA_DATA_LEN(nla); 496 497 if (__predict_false(strnlen((char *)NLA_DATA(nla), maxlen) >= maxlen)) { 498 NLMSG_REPORT_ERR_MSG(npt, 499 "nla type %d size(%u) is not NULL-terminated", 500 nla->nla_type, maxlen); 501 return (EINVAL); 502 } 503 504 *((char **)target) = (char *)NLA_DATA(nla); 505 return (0); 506 } 507 508 int 509 nlattr_get_stringn(struct nlattr *nla, struct nl_pstate *npt, const void *arg, 510 void *target) 511 { 512 int maxlen = NLA_DATA_LEN(nla); 513 514 char *buf = npt_alloc(npt, maxlen + 1); 515 if (buf == NULL) 516 return (ENOMEM); 517 buf[maxlen] = '\0'; 518 memcpy(buf, NLA_DATA(nla), maxlen); 519 520 *((char **)target) = buf; 521 return (0); 522 } 523 524 int 525 nlattr_get_bytes(struct nlattr *nla, struct nl_pstate *npt, const void *arg, 526 void *target) 527 { 528 size_t size = (size_t)arg; 529 530 if (NLA_DATA_LEN(nla) != size) 531 return (EINVAL); 532 533 memcpy(target, NLA_DATA(nla), size); 534 535 return (0); 536 } 537 538 int 539 nlattr_get_nla(struct nlattr *nla, struct nl_pstate *npt, const void *arg, 540 void *target) 541 { 542 NL_LOG(LOG_DEBUG3, "STORING %p len %d", nla, nla->nla_len); 543 *((struct nlattr **)target) = nla; 544 return (0); 545 } 546 547 int 548 nlattr_get_nested(struct nlattr *nla, struct nl_pstate *npt, const void *arg, 549 void *target) 550 { 551 const struct nlhdr_parser *p = (const struct nlhdr_parser *)arg; 552 553 /* Assumes target points to the beginning of the structure. */ 554 return (nl_parse_header(NLA_DATA(nla), NLA_DATA_LEN(nla), p, npt, 555 target)); 556 } 557 558 int 559 nlattr_get_nested_ptr(struct nlattr *nla, struct nl_pstate *npt, 560 const void *arg, void *target) 561 { 562 const struct nlhdr_parser *p = (const struct nlhdr_parser *)arg; 563 564 /* Assumes target points to the beginning of the structure. */ 565 return (nl_parse_header(NLA_DATA(nla), NLA_DATA_LEN(nla), p, npt, 566 *(void **)target)); 567 } 568 569 int 570 nlf_get_ifp(void *src, struct nl_pstate *npt, void *target) 571 { 572 struct ifnet *ifp; 573 u_int ifindex; 574 575 NET_EPOCH_ASSERT(); 576 577 ifindex = *((const u_int *)src); 578 ifp = ifnet_byindex(ifindex); 579 if (ifp == NULL) { 580 NL_LOG(LOG_DEBUG, "ifindex %u invalid", ifindex); 581 return (ENOENT); 582 } 583 *((struct ifnet **)target) = ifp; 584 585 return (0); 586 } 587 588 int 589 nlf_get_ifpz(void *src, struct nl_pstate *npt, void *target) 590 { 591 struct ifnet *ifp; 592 u_int ifindex; 593 594 NET_EPOCH_ASSERT(); 595 596 ifindex = *((const u_int *)src); 597 ifp = ifnet_byindex(ifindex); 598 if (ifindex != 0 && ifp == NULL) { 599 NL_LOG(LOG_DEBUG, "ifindex %u invalid", ifindex); 600 return (ENOENT); 601 } 602 *((struct ifnet **)target) = ifp; 603 604 return (0); 605 } 606 607 int 608 nlf_get_u8(void *src, struct nl_pstate *npt, void *target) 609 { 610 uint8_t val = *((const uint8_t *)src); 611 612 *((uint8_t *)target) = val; 613 614 return (0); 615 } 616 617 int 618 nlf_get_u8_u32(void *src, struct nl_pstate *npt, void *target) 619 { 620 *((uint32_t *)target) = *((const uint8_t *)src); 621 return (0); 622 } 623 624 int 625 nlf_get_u16(void *src, struct nl_pstate *npt, void *target) 626 { 627 *((uint16_t *)target) = *((const uint16_t *)src); 628 return (0); 629 } 630 631 int 632 nlf_get_u32(void *src, struct nl_pstate *npt, void *target) 633 { 634 *((uint32_t *)target) = *((const uint32_t *)src); 635 return (0); 636 } 637