1 /*-
2 * SPDX-License-Identifier: BSD-2-Clause
3 *
4 * Copyright (c) 2022 Alexander V. Chernikov <melifaro@FreeBSD.org>
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25 * SUCH DAMAGE.
26 */
27
28 #include <sys/cdefs.h>
29 #include "opt_inet.h"
30 #include "opt_inet6.h"
31 #include <sys/types.h>
32 #include <sys/eventhandler.h>
33 #include <sys/kernel.h>
34 #include <sys/jail.h>
35 #include <sys/malloc.h>
36 #include <sys/socket.h>
37 #include <sys/sockio.h>
38 #include <sys/syslog.h>
39
40 #include <net/if.h>
41 #include <net/if_dl.h>
42 #include <net/if_media.h>
43 #include <net/if_var.h>
44 #include <net/if_clone.h>
45 #include <net/route.h>
46 #include <net/route/nhop.h>
47 #include <net/route/route_ctl.h>
48 #include <netinet/in_var.h>
49 #include <netinet6/in6_var.h>
50 #include <netinet6/scope6_var.h> /* scope deembedding */
51 #include <netlink/netlink.h>
52 #include <netlink/netlink_ctl.h>
53 #include <netlink/netlink_route.h>
54 #include <netlink/route/route_var.h>
55
56 #define DEBUG_MOD_NAME nl_iface
57 #define DEBUG_MAX_LEVEL LOG_DEBUG3
58 #include <netlink/netlink_debug.h>
59 _DECLARE_DEBUG(LOG_INFO);
60
61 struct netlink_walkargs {
62 struct nl_writer *nw;
63 struct nlmsghdr hdr;
64 struct nlpcb *so;
65 struct ucred *cred;
66 uint32_t fibnum;
67 int family;
68 int error;
69 int count;
70 int dumped;
71 };
72
73 static eventhandler_tag ifdetach_event, ifattach_event, ifrename_event,
74 iflink_event, ifaddr_event;
75
76 static SLIST_HEAD(, nl_cloner) nl_cloners = SLIST_HEAD_INITIALIZER(nl_cloners);
77
78 static struct sx rtnl_cloner_lock;
79 SX_SYSINIT(rtnl_cloner_lock, &rtnl_cloner_lock, "rtnl cloner lock");
80
81 /* These are external hooks for CARP. */
82 extern int (*carp_get_vhid_p)(struct ifaddr *);
83
84 /*
85 * RTM_GETLINK request
86 * sendto(3, {{len=32, type=RTM_GETLINK, flags=NLM_F_REQUEST|NLM_F_DUMP, seq=1641940952, pid=0},
87 * {ifi_family=AF_INET, ifi_type=ARPHRD_NETROM, ifi_index=0, ifi_flags=0, ifi_change=0}}, 32, 0, NULL, 0) = 32
88 *
89 * Reply:
90 * {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_ETHER, ifi_index=if_nametoindex("enp0s31f6"), ifi_flags=IFF_UP|IFF_BROADCAST|IFF_RUNNING|IFF_MULTICAST|IFF_LOWER_UP, ifi_change=0},
91 {{nla_len=10, nla_type=IFLA_ADDRESS}, "\xfe\x54\x00\x52\x3e\x90"}
92
93 [
94 {{nla_len=14, nla_type=IFLA_IFNAME}, "enp0s31f6"},
95 {{nla_len=8, nla_type=IFLA_TXQLEN}, 1000},
96 {{nla_len=5, nla_type=IFLA_OPERSTATE}, 6},
97 {{nla_len=5, nla_type=IFLA_LINKMODE}, 0},
98 {{nla_len=8, nla_type=IFLA_MTU}, 1500},
99 {{nla_len=8, nla_type=IFLA_MIN_MTU}, 68},
100 {{nla_len=8, nla_type=IFLA_MAX_MTU}, 9000},
101 {{nla_len=8, nla_type=IFLA_GROUP}, 0},
102 {{nla_len=8, nla_type=IFLA_PROMISCUITY}, 0},
103 {{nla_len=8, nla_type=IFLA_NUM_TX_QUEUES}, 1},
104 {{nla_len=8, nla_type=IFLA_GSO_MAX_SEGS}, 65535},
105 {{nla_len=8, nla_type=IFLA_GSO_MAX_SIZE}, 65536},
106 {{nla_len=8, nla_type=IFLA_NUM_RX_QUEUES}, 1},
107 {{nla_len=5, nla_type=IFLA_CARRIER}, 1},
108 {{nla_len=13, nla_type=IFLA_QDISC}, "fq_codel"},
109 {{nla_len=8, nla_type=IFLA_CARRIER_CHANGES}, 2},
110 {{nla_len=5, nla_type=IFLA_PROTO_DOWN}, 0},
111 {{nla_len=8, nla_type=IFLA_CARRIER_UP_COUNT}, 1},
112 {{nla_len=8, nla_type=IFLA_CARRIER_DOWN_COUNT}, 1},
113 */
114
115 struct if_state {
116 uint8_t ifla_operstate;
117 uint8_t ifla_carrier;
118 };
119
120 static void
get_operstate_ether(if_t ifp,struct if_state * pstate)121 get_operstate_ether(if_t ifp, struct if_state *pstate)
122 {
123 struct ifmediareq ifmr = {};
124 int error;
125 error = if_ioctl(ifp, SIOCGIFMEDIA, (void *)&ifmr);
126
127 if (error != 0) {
128 NL_LOG(LOG_DEBUG, "error calling SIOCGIFMEDIA on %s: %d",
129 if_name(ifp), error);
130 return;
131 }
132
133 switch (IFM_TYPE(ifmr.ifm_active)) {
134 case IFM_ETHER:
135 if (ifmr.ifm_status & IFM_ACTIVE) {
136 pstate->ifla_carrier = 1;
137 if (if_getflags(ifp) & IFF_MONITOR)
138 pstate->ifla_operstate = IF_OPER_DORMANT;
139 else
140 pstate->ifla_operstate = IF_OPER_UP;
141 } else
142 pstate->ifla_operstate = IF_OPER_DOWN;
143 }
144 }
145
146 static bool
get_stats(struct nl_writer * nw,if_t ifp)147 get_stats(struct nl_writer *nw, if_t ifp)
148 {
149 struct rtnl_link_stats64 *stats;
150
151 int nla_len = sizeof(struct nlattr) + sizeof(*stats);
152 struct nlattr *nla = nlmsg_reserve_data(nw, nla_len, struct nlattr);
153 if (nla == NULL)
154 return (false);
155 nla->nla_type = IFLA_STATS64;
156 nla->nla_len = nla_len;
157 stats = (struct rtnl_link_stats64 *)(nla + 1);
158
159 stats->rx_packets = if_getcounter(ifp, IFCOUNTER_IPACKETS);
160 stats->tx_packets = if_getcounter(ifp, IFCOUNTER_OPACKETS);
161 stats->rx_bytes = if_getcounter(ifp, IFCOUNTER_IBYTES);
162 stats->tx_bytes = if_getcounter(ifp, IFCOUNTER_OBYTES);
163 stats->rx_errors = if_getcounter(ifp, IFCOUNTER_IERRORS);
164 stats->tx_errors = if_getcounter(ifp, IFCOUNTER_OERRORS);
165 stats->rx_dropped = if_getcounter(ifp, IFCOUNTER_IQDROPS);
166 stats->tx_dropped = if_getcounter(ifp, IFCOUNTER_OQDROPS);
167 stats->multicast = if_getcounter(ifp, IFCOUNTER_IMCASTS);
168 stats->rx_nohandler = if_getcounter(ifp, IFCOUNTER_NOPROTO);
169
170 return (true);
171 }
172
173 static void
get_operstate(if_t ifp,struct if_state * pstate)174 get_operstate(if_t ifp, struct if_state *pstate)
175 {
176 pstate->ifla_operstate = IF_OPER_UNKNOWN;
177 pstate->ifla_carrier = 0; /* no carrier */
178
179 switch (if_gettype(ifp)) {
180 case IFT_ETHER:
181 case IFT_L2VLAN:
182 get_operstate_ether(ifp, pstate);
183 break;
184 default:
185 /* Map admin state to the operstate */
186 if (if_getflags(ifp) & IFF_UP) {
187 pstate->ifla_operstate = IF_OPER_UP;
188 pstate->ifla_carrier = 1;
189 } else
190 pstate->ifla_operstate = IF_OPER_DOWN;
191 break;
192 }
193 }
194
195 static void
get_hwaddr(struct nl_writer * nw,if_t ifp)196 get_hwaddr(struct nl_writer *nw, if_t ifp)
197 {
198 struct ifreq ifr = {};
199
200 if (if_gethwaddr(ifp, &ifr) == 0) {
201 nlattr_add(nw, IFLAF_ORIG_HWADDR, if_getaddrlen(ifp),
202 ifr.ifr_addr.sa_data);
203 }
204 }
205
206 static unsigned
ifp_flags_to_netlink(const if_t ifp)207 ifp_flags_to_netlink(const if_t ifp)
208 {
209 return (if_getflags(ifp) | if_getdrvflags(ifp));
210 }
211
212 #define LLADDR_CONST(s) ((const void *)((s)->sdl_data + (s)->sdl_nlen))
213 static bool
dump_sa(struct nl_writer * nw,int attr,const struct sockaddr * sa)214 dump_sa(struct nl_writer *nw, int attr, const struct sockaddr *sa)
215 {
216 uint32_t addr_len = 0;
217 const void *addr_data = NULL;
218 #ifdef INET6
219 struct in6_addr addr6;
220 #endif
221
222 if (sa == NULL)
223 return (true);
224
225 switch (sa->sa_family) {
226 #ifdef INET
227 case AF_INET:
228 addr_len = sizeof(struct in_addr);
229 addr_data = &((const struct sockaddr_in *)sa)->sin_addr;
230 break;
231 #endif
232 #ifdef INET6
233 case AF_INET6:
234 in6_splitscope(&((const struct sockaddr_in6 *)sa)->sin6_addr, &addr6, &addr_len);
235 addr_len = sizeof(struct in6_addr);
236 addr_data = &addr6;
237 break;
238 #endif
239 case AF_LINK:
240 addr_len = ((const struct sockaddr_dl *)sa)->sdl_alen;
241 addr_data = LLADDR_CONST((const struct sockaddr_dl *)sa);
242 break;
243 case AF_UNSPEC:
244 /* Ignore empty SAs without warning */
245 return (true);
246 default:
247 NL_LOG(LOG_DEBUG2, "unsupported family: %d, skipping", sa->sa_family);
248 return (true);
249 }
250
251 return (nlattr_add(nw, attr, addr_len, addr_data));
252 }
253
254 static bool
dump_iface_caps(struct nl_writer * nw,struct ifnet * ifp)255 dump_iface_caps(struct nl_writer *nw, struct ifnet *ifp)
256 {
257 int off = nlattr_add_nested(nw, IFLAF_CAPS);
258 uint32_t active_caps[roundup2(IFCAP_B_SIZE, 32) / 32] = {};
259 uint32_t all_caps[roundup2(IFCAP_B_SIZE, 32) / 32] = {};
260
261 MPASS(sizeof(active_caps) >= 8);
262 MPASS(sizeof(all_caps) >= 8);
263
264 if (off == 0)
265 return (false);
266
267 active_caps[0] = (uint32_t)if_getcapabilities(ifp);
268 all_caps[0] = (uint32_t)if_getcapenable(ifp);
269 active_caps[1] = (uint32_t)if_getcapabilities2(ifp);
270 all_caps[1] = (uint32_t)if_getcapenable2(ifp);
271
272 nlattr_add_u32(nw, NLA_BITSET_SIZE, IFCAP_B_SIZE);
273 nlattr_add(nw, NLA_BITSET_MASK, sizeof(all_caps), all_caps);
274 nlattr_add(nw, NLA_BITSET_VALUE, sizeof(active_caps), active_caps);
275
276 nlattr_set_len(nw, off);
277
278 return (true);
279 }
280
281 /*
282 * Dumps interface state, properties and metrics.
283 * @nw: message writer
284 * @ifp: target interface
285 * @hdr: template header
286 * @if_flags_mask: changed if_[drv]_flags bitmask
287 *
288 * This function is called without epoch and MAY sleep.
289 */
290 static bool
dump_iface(struct nl_writer * nw,if_t ifp,const struct nlmsghdr * hdr,int if_flags_mask,const char * ifname)291 dump_iface(struct nl_writer *nw, if_t ifp, const struct nlmsghdr *hdr,
292 int if_flags_mask, const char *ifname)
293 {
294 struct epoch_tracker et;
295 struct ifinfomsg *ifinfo;
296
297 NL_LOG(LOG_DEBUG3, "dumping interface %s data", if_name(ifp));
298
299 if (!nlmsg_reply(nw, hdr, sizeof(struct ifinfomsg)))
300 goto enomem;
301
302 ifinfo = nlmsg_reserve_object(nw, struct ifinfomsg);
303 ifinfo->ifi_family = AF_UNSPEC;
304 ifinfo->__ifi_pad = 0;
305 ifinfo->ifi_type = if_gettype(ifp);
306 ifinfo->ifi_index = if_getindex(ifp);
307 ifinfo->ifi_flags = ifp_flags_to_netlink(ifp);
308 ifinfo->ifi_change = if_flags_mask;
309
310 struct if_state ifs = {};
311 get_operstate(ifp, &ifs);
312
313 if (ifs.ifla_operstate == IF_OPER_UP)
314 ifinfo->ifi_flags |= IFF_LOWER_UP;
315
316 nlattr_add_string(nw, IFLA_IFNAME,
317 ifname != NULL ? ifname : if_name(ifp));
318 nlattr_add_u8(nw, IFLA_OPERSTATE, ifs.ifla_operstate);
319 nlattr_add_u8(nw, IFLA_CARRIER, ifs.ifla_carrier);
320
321 /*
322 nlattr_add_u8(nw, IFLA_PROTO_DOWN, val);
323 nlattr_add_u8(nw, IFLA_LINKMODE, val);
324 */
325 if (if_getaddrlen(ifp) != 0) {
326 struct ifaddr *ifa;
327 struct ifa_iter it;
328
329 NET_EPOCH_ENTER(et);
330 ifa = ifa_iter_start(ifp, &it);
331 if (ifa != NULL)
332 dump_sa(nw, IFLA_ADDRESS, ifa->ifa_addr);
333 ifa_iter_finish(&it);
334 NET_EPOCH_EXIT(et);
335 }
336
337 if ((if_getbroadcastaddr(ifp) != NULL)) {
338 nlattr_add(nw, IFLA_BROADCAST, if_getaddrlen(ifp),
339 if_getbroadcastaddr(ifp));
340 }
341
342 nlattr_add_u32(nw, IFLA_MTU, if_getmtu(ifp));
343 /*
344 nlattr_add_u32(nw, IFLA_MIN_MTU, 60);
345 nlattr_add_u32(nw, IFLA_MAX_MTU, 9000);
346 nlattr_add_u32(nw, IFLA_GROUP, 0);
347 */
348
349 if (if_getdescr(ifp) != NULL)
350 nlattr_add_string(nw, IFLA_IFALIAS, if_getdescr(ifp));
351
352 /* Store FreeBSD-specific attributes */
353 int off = nlattr_add_nested(nw, IFLA_FREEBSD);
354 if (off != 0) {
355 get_hwaddr(nw, ifp);
356 dump_iface_caps(nw, ifp);
357
358 nlattr_set_len(nw, off);
359 }
360
361 get_stats(nw, ifp);
362
363 uint32_t val = (if_getflags(ifp) & IFF_PROMISC) != 0;
364 nlattr_add_u32(nw, IFLA_PROMISCUITY, val);
365
366 ifc_dump_ifp_nl(ifp, nw);
367
368 nw->ifp = ifp;
369
370 if (nlmsg_end(nw))
371 return (true);
372
373 enomem:
374 NL_LOG(LOG_DEBUG, "unable to dump interface %s state (ENOMEM)", if_name(ifp));
375 nlmsg_abort(nw);
376 return (false);
377 }
378
379 static bool
check_ifmsg(void * hdr,struct nl_pstate * npt)380 check_ifmsg(void *hdr, struct nl_pstate *npt)
381 {
382 struct ifinfomsg *ifm = hdr;
383
384 if (ifm->__ifi_pad != 0 || ifm->ifi_type != 0 ||
385 ifm->ifi_flags != 0 || ifm->ifi_change != 0) {
386 nlmsg_report_err_msg(npt,
387 "strict checking: non-zero values in ifinfomsg header");
388 return (false);
389 }
390
391 return (true);
392 }
393
394 #define _IN(_field) offsetof(struct ifinfomsg, _field)
395 #define _OUT(_field) offsetof(struct nl_parsed_link, _field)
396 static const struct nlfield_parser nlf_p_if[] = {
397 { .off_in = _IN(ifi_type), .off_out = _OUT(ifi_type), .cb = nlf_get_u16 },
398 { .off_in = _IN(ifi_index), .off_out = _OUT(ifi_index), .cb = nlf_get_u32 },
399 { .off_in = _IN(ifi_flags), .off_out = _OUT(ifi_flags), .cb = nlf_get_u32 },
400 { .off_in = _IN(ifi_change), .off_out = _OUT(ifi_change), .cb = nlf_get_u32 },
401 };
402
403 static const struct nlattr_parser nla_p_linfo[] = {
404 { .type = IFLA_INFO_KIND, .off = _OUT(ifla_cloner), .cb = nlattr_get_stringn },
405 { .type = IFLA_INFO_DATA, .off = _OUT(ifla_idata), .cb = nlattr_get_nla },
406 };
407 NL_DECLARE_ATTR_PARSER(linfo_parser, nla_p_linfo);
408
409 static const struct nlattr_parser nla_p_if[] = {
410 { .type = IFLA_ADDRESS, .off = _OUT(ifla_address), .cb = nlattr_get_nla },
411 { .type = IFLA_IFNAME, .off = _OUT(ifla_ifname), .cb = nlattr_get_string },
412 { .type = IFLA_MTU, .off = _OUT(ifla_mtu), .cb = nlattr_get_uint32 },
413 { .type = IFLA_LINK, .off = _OUT(ifla_link), .cb = nlattr_get_uint32 },
414 { .type = IFLA_LINKINFO, .arg = &linfo_parser, .cb = nlattr_get_nested },
415 { .type = IFLA_IFALIAS, .off = _OUT(ifla_ifalias), .cb = nlattr_get_string },
416 { .type = IFLA_GROUP, .off = _OUT(ifla_group), .cb = nlattr_get_string },
417 { .type = IFLA_ALT_IFNAME, .off = _OUT(ifla_ifname), .cb = nlattr_get_string },
418 };
419 #undef _IN
420 #undef _OUT
421 NL_DECLARE_STRICT_PARSER(ifmsg_parser, struct ifinfomsg, check_ifmsg, nlf_p_if, nla_p_if);
422
423 static bool
match_iface(if_t ifp,void * _arg)424 match_iface(if_t ifp, void *_arg)
425 {
426 struct nl_parsed_link *attrs = (struct nl_parsed_link *)_arg;
427
428 if (attrs->ifi_index != 0 && attrs->ifi_index != if_getindex(ifp))
429 return (false);
430 if (attrs->ifi_type != 0 && attrs->ifi_index != if_gettype(ifp))
431 return (false);
432 if (attrs->ifla_ifname != NULL && strcmp(attrs->ifla_ifname, if_name(ifp)))
433 return (false);
434 /* TODO: add group match */
435
436 return (true);
437 }
438
439 static int
dump_cb(if_t ifp,void * _arg)440 dump_cb(if_t ifp, void *_arg)
441 {
442 struct netlink_walkargs *wa = (struct netlink_walkargs *)_arg;
443 if (!dump_iface(wa->nw, ifp, &wa->hdr, 0, NULL))
444 return (ENOMEM);
445 return (0);
446 }
447
448 /*
449 * {nlmsg_len=52, nlmsg_type=RTM_GETLINK, nlmsg_flags=NLM_F_REQUEST, nlmsg_seq=1662842818, nlmsg_pid=0},
450 * {ifi_family=AF_PACKET, ifi_type=ARPHRD_NETROM, ifi_index=0, ifi_flags=0, ifi_change=0},
451 * [
452 * [{nla_len=10, nla_type=IFLA_IFNAME}, "vnet9"],
453 * [{nla_len=8, nla_type=IFLA_EXT_MASK}, RTEXT_FILTER_VF]
454 * ]
455 */
456 static int
rtnl_handle_getlink(struct nlmsghdr * hdr,struct nlpcb * nlp,struct nl_pstate * npt)457 rtnl_handle_getlink(struct nlmsghdr *hdr, struct nlpcb *nlp, struct nl_pstate *npt)
458 {
459 struct epoch_tracker et;
460 if_t ifp;
461 int error = 0;
462
463 struct nl_parsed_link attrs = {};
464 error = nl_parse_nlmsg(hdr, &ifmsg_parser, npt, &attrs);
465 if (error != 0)
466 return (error);
467
468 struct netlink_walkargs wa = {
469 .so = nlp,
470 .nw = npt->nw,
471 .hdr.nlmsg_pid = hdr->nlmsg_pid,
472 .hdr.nlmsg_seq = hdr->nlmsg_seq,
473 .hdr.nlmsg_flags = hdr->nlmsg_flags,
474 .hdr.nlmsg_type = NL_RTM_NEWLINK,
475 };
476
477 /* Fast track for an interface w/ explicit name or index match */
478 if ((attrs.ifi_index != 0) || (attrs.ifla_ifname != NULL)) {
479 if (attrs.ifi_index != 0) {
480 NLP_LOG(LOG_DEBUG3, nlp, "fast track -> searching index %u",
481 attrs.ifi_index);
482 NET_EPOCH_ENTER(et);
483 ifp = ifnet_byindex_ref(attrs.ifi_index);
484 NET_EPOCH_EXIT(et);
485 } else {
486 NLP_LOG(LOG_DEBUG3, nlp, "fast track -> searching name %s",
487 attrs.ifla_ifname);
488 ifp = ifunit_ref(attrs.ifla_ifname);
489 }
490
491 if (ifp != NULL) {
492 if (match_iface(ifp, &attrs)) {
493 if (!dump_iface(wa.nw, ifp, &wa.hdr, 0, NULL))
494 error = ENOMEM;
495 } else
496 error = ENODEV;
497 if_rele(ifp);
498 } else
499 error = ENODEV;
500 return (error);
501 }
502
503 /* Always treat non-direct-match as a multipart message */
504 wa.hdr.nlmsg_flags |= NLM_F_MULTI;
505
506 /*
507 * Fetching some link properties require performing ioctl's that may be blocking.
508 * Address it by saving referenced pointers of the matching links,
509 * exiting from epoch and going through the list one-by-one.
510 */
511
512 NL_LOG(LOG_DEBUG2, "Start dump");
513 if_foreach_sleep(match_iface, &attrs, dump_cb, &wa);
514 NL_LOG(LOG_DEBUG2, "End dump, iterated %d dumped %d", wa.count, wa.dumped);
515
516 if (!nlmsg_end_dump(wa.nw, error, &wa.hdr)) {
517 NL_LOG(LOG_DEBUG, "Unable to finalize the dump");
518 return (ENOMEM);
519 }
520
521 return (error);
522 }
523
524 /*
525 * sendmsg(3, {msg_name={sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, msg_namelen=12, msg_iov=[{iov_base=[
526 * {nlmsg_len=60, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=1662715618, nlmsg_pid=0},
527 * {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=0, ifi_flags=0, ifi_change=0},
528 * {nla_len=11, nla_type=IFLA_IFNAME}, "dummy0"],
529 * [
530 * {nla_len=16, nla_type=IFLA_LINKINFO},
531 * [
532 * {nla_len=9, nla_type=IFLA_INFO_KIND}, "dummy"...
533 * ]
534 * ]
535 */
536
537 static int
rtnl_handle_dellink(struct nlmsghdr * hdr,struct nlpcb * nlp,struct nl_pstate * npt)538 rtnl_handle_dellink(struct nlmsghdr *hdr, struct nlpcb *nlp, struct nl_pstate *npt)
539 {
540 struct epoch_tracker et;
541 if_t ifp;
542 int error;
543
544 struct nl_parsed_link attrs = {};
545 error = nl_parse_nlmsg(hdr, &ifmsg_parser, npt, &attrs);
546 if (error != 0)
547 return (error);
548
549 NET_EPOCH_ENTER(et);
550 ifp = ifnet_byindex_ref(attrs.ifi_index);
551 NET_EPOCH_EXIT(et);
552 if (ifp == NULL) {
553 NLP_LOG(LOG_DEBUG, nlp, "unable to find interface %u", attrs.ifi_index);
554 return (ENOENT);
555 }
556 NLP_LOG(LOG_DEBUG3, nlp, "mapped ifindex %u to %s", attrs.ifi_index, if_name(ifp));
557
558 sx_xlock(&ifnet_detach_sxlock);
559 error = if_clone_destroy(if_name(ifp));
560 sx_xunlock(&ifnet_detach_sxlock);
561
562 NLP_LOG(LOG_DEBUG2, nlp, "deleting interface %s returned %d", if_name(ifp), error);
563
564 if_rele(ifp);
565 return (error);
566 }
567
568 /*
569 * New link:
570 * type=RTM_NEWLINK, flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, seq=1668185590, pid=0},
571 * {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=0, ifi_flags=0, ifi_change=0}
572 * [
573 * {{nla_len=8, nla_type=IFLA_MTU}, 123},
574 * {{nla_len=10, nla_type=IFLA_IFNAME}, "vlan1"},
575 * {{nla_len=24, nla_type=IFLA_LINKINFO},
576 * [
577 * {{nla_len=8, nla_type=IFLA_INFO_KIND}, "vlan"...},
578 * {{nla_len=12, nla_type=IFLA_INFO_DATA}, "\x06\x00\x01\x00\x7b\x00\x00\x00"}]}]}
579 *
580 * Update link:
581 * type=RTM_NEWLINK, flags=NLM_F_REQUEST|NLM_F_ACK, seq=1668185923, pid=0},
582 * {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=if_nametoindex("lo"), ifi_flags=0, ifi_change=0},
583 * {{nla_len=8, nla_type=IFLA_MTU}, 123}}
584 *
585 *
586 * Check command availability:
587 * type=RTM_NEWLINK, flags=NLM_F_REQUEST|NLM_F_ACK, seq=0, pid=0},
588 * {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=0, ifi_flags=0, ifi_change=0}
589 */
590
591
592 static int
create_link(struct nlmsghdr * hdr,struct nl_parsed_link * lattrs,struct nlattr_bmask * bm,struct nlpcb * nlp,struct nl_pstate * npt)593 create_link(struct nlmsghdr *hdr, struct nl_parsed_link *lattrs,
594 struct nlattr_bmask *bm, struct nlpcb *nlp, struct nl_pstate *npt)
595 {
596 if (lattrs->ifla_ifname == NULL || strlen(lattrs->ifla_ifname) == 0) {
597 NLMSG_REPORT_ERR_MSG(npt, "empty IFLA_IFNAME attribute");
598 return (EINVAL);
599 }
600 if (lattrs->ifla_cloner == NULL || strlen(lattrs->ifla_cloner) == 0) {
601 NLMSG_REPORT_ERR_MSG(npt, "empty IFLA_INFO_KIND attribute");
602 return (EINVAL);
603 }
604
605 struct ifc_data_nl ifd = {
606 .flags = IFC_F_CREATE,
607 .lattrs = lattrs,
608 .bm = bm,
609 .npt = npt,
610 };
611 if (ifc_create_ifp_nl(lattrs->ifla_ifname, &ifd) && ifd.error == 0)
612 nl_store_ifp_cookie(npt, ifd.ifp);
613
614 return (ifd.error);
615 }
616
617 static int
modify_link(struct nlmsghdr * hdr,struct nl_parsed_link * lattrs,struct nlattr_bmask * bm,struct nlpcb * nlp,struct nl_pstate * npt)618 modify_link(struct nlmsghdr *hdr, struct nl_parsed_link *lattrs,
619 struct nlattr_bmask *bm, struct nlpcb *nlp, struct nl_pstate *npt)
620 {
621 if_t ifp = NULL;
622 struct epoch_tracker et;
623
624 if (lattrs->ifi_index == 0 && lattrs->ifla_ifname == NULL) {
625 /*
626 * Applications like ip(8) verify RTM_NEWLINK command
627 * existence by calling it with empty arguments. Always
628 * return "innocent" error in that case.
629 */
630 NLMSG_REPORT_ERR_MSG(npt, "empty ifi_index field");
631 return (EPERM);
632 }
633
634 if (lattrs->ifi_index != 0) {
635 NET_EPOCH_ENTER(et);
636 ifp = ifnet_byindex_ref(lattrs->ifi_index);
637 NET_EPOCH_EXIT(et);
638 if (ifp == NULL) {
639 NLMSG_REPORT_ERR_MSG(npt, "unable to find interface #%u",
640 lattrs->ifi_index);
641 return (ENOENT);
642 }
643 }
644
645 if (ifp == NULL && lattrs->ifla_ifname != NULL) {
646 ifp = ifunit_ref(lattrs->ifla_ifname);
647 if (ifp == NULL) {
648 NLMSG_REPORT_ERR_MSG(npt, "unable to find interface %s",
649 lattrs->ifla_ifname);
650 return (ENOENT);
651 }
652 }
653
654 MPASS(ifp != NULL);
655
656 /*
657 * Modification request can address either
658 * 1) cloned interface, in which case we call the cloner-specific
659 * modification routine
660 * or
661 * 2) non-cloned (e.g. "physical") interface, in which case we call
662 * generic modification routine
663 */
664 struct ifc_data_nl ifd = { .lattrs = lattrs, .bm = bm, .npt = npt };
665 if (!ifc_modify_ifp_nl(ifp, &ifd))
666 ifd.error = nl_modify_ifp_generic(ifp, lattrs, bm, npt);
667
668 if_rele(ifp);
669
670 return (ifd.error);
671 }
672
673
674 static int
rtnl_handle_newlink(struct nlmsghdr * hdr,struct nlpcb * nlp,struct nl_pstate * npt)675 rtnl_handle_newlink(struct nlmsghdr *hdr, struct nlpcb *nlp, struct nl_pstate *npt)
676 {
677 struct nlattr_bmask bm;
678 int error;
679
680 struct nl_parsed_link attrs = {};
681 error = nl_parse_nlmsg(hdr, &ifmsg_parser, npt, &attrs);
682 if (error != 0)
683 return (error);
684 nl_get_attrs_bmask_nlmsg(hdr, &ifmsg_parser, &bm);
685
686 if (hdr->nlmsg_flags & NLM_F_CREATE)
687 return (create_link(hdr, &attrs, &bm, nlp, npt));
688 else
689 return (modify_link(hdr, &attrs, &bm, nlp, npt));
690 }
691
692 static void
set_scope6(struct sockaddr * sa,uint32_t ifindex)693 set_scope6(struct sockaddr *sa, uint32_t ifindex)
694 {
695 #ifdef INET6
696 if (sa != NULL && sa->sa_family == AF_INET6) {
697 struct sockaddr_in6 *sa6 = (struct sockaddr_in6 *)sa;
698
699 if (IN6_IS_ADDR_LINKLOCAL(&sa6->sin6_addr))
700 in6_set_unicast_scopeid(&sa6->sin6_addr, ifindex);
701 }
702 #endif
703 }
704
705 static bool
check_sa_family(const struct sockaddr * sa,int family,const char * attr_name,struct nl_pstate * npt)706 check_sa_family(const struct sockaddr *sa, int family, const char *attr_name,
707 struct nl_pstate *npt)
708 {
709 if (sa == NULL || sa->sa_family == family)
710 return (true);
711
712 nlmsg_report_err_msg(npt, "wrong family for %s attribute: %d != %d",
713 attr_name, family, sa->sa_family);
714 return (false);
715 }
716
717 struct nl_parsed_ifa {
718 uint8_t ifa_family;
719 uint8_t ifa_prefixlen;
720 uint8_t ifa_scope;
721 uint32_t ifa_index;
722 uint32_t ifa_flags;
723 uint32_t ifaf_vhid;
724 uint32_t ifaf_flags;
725 struct sockaddr *ifa_address;
726 struct sockaddr *ifa_local;
727 struct sockaddr *ifa_broadcast;
728 struct ifa_cacheinfo *ifa_cacheinfo;
729 struct sockaddr *f_ifa_addr;
730 struct sockaddr *f_ifa_dst;
731 };
732
733 static int
nlattr_get_cinfo(struct nlattr * nla,struct nl_pstate * npt,const void * arg __unused,void * target)734 nlattr_get_cinfo(struct nlattr *nla, struct nl_pstate *npt,
735 const void *arg __unused, void *target)
736 {
737 if (__predict_false(NLA_DATA_LEN(nla) != sizeof(struct ifa_cacheinfo))) {
738 NLMSG_REPORT_ERR_MSG(npt, "nla type %d size(%u) is not ifa_cacheinfo",
739 nla->nla_type, NLA_DATA_LEN(nla));
740 return (EINVAL);
741 }
742 *((struct ifa_cacheinfo **)target) = (struct ifa_cacheinfo *)NL_RTA_DATA(nla);
743 return (0);
744 }
745
746 #define _IN(_field) offsetof(struct ifaddrmsg, _field)
747 #define _OUT(_field) offsetof(struct nl_parsed_ifa, _field)
748 static const struct nlfield_parser nlf_p_ifa[] = {
749 { .off_in = _IN(ifa_family), .off_out = _OUT(ifa_family), .cb = nlf_get_u8 },
750 { .off_in = _IN(ifa_prefixlen), .off_out = _OUT(ifa_prefixlen), .cb = nlf_get_u8 },
751 { .off_in = _IN(ifa_scope), .off_out = _OUT(ifa_scope), .cb = nlf_get_u8 },
752 { .off_in = _IN(ifa_flags), .off_out = _OUT(ifa_flags), .cb = nlf_get_u8_u32 },
753 { .off_in = _IN(ifa_index), .off_out = _OUT(ifa_index), .cb = nlf_get_u32 },
754 };
755
756 static const struct nlattr_parser nla_p_ifa_fbsd[] = {
757 { .type = IFAF_VHID, .off = _OUT(ifaf_vhid), .cb = nlattr_get_uint32 },
758 { .type = IFAF_FLAGS, .off = _OUT(ifaf_flags), .cb = nlattr_get_uint32 },
759 };
760 NL_DECLARE_ATTR_PARSER(ifa_fbsd_parser, nla_p_ifa_fbsd);
761
762 static const struct nlattr_parser nla_p_ifa[] = {
763 { .type = IFA_ADDRESS, .off = _OUT(ifa_address), .cb = nlattr_get_ip },
764 { .type = IFA_LOCAL, .off = _OUT(ifa_local), .cb = nlattr_get_ip },
765 { .type = IFA_BROADCAST, .off = _OUT(ifa_broadcast), .cb = nlattr_get_ip },
766 { .type = IFA_CACHEINFO, .off = _OUT(ifa_cacheinfo), .cb = nlattr_get_cinfo },
767 { .type = IFA_FLAGS, .off = _OUT(ifa_flags), .cb = nlattr_get_uint32 },
768 { .type = IFA_FREEBSD, .arg = &ifa_fbsd_parser, .cb = nlattr_get_nested },
769 };
770 #undef _IN
771 #undef _OUT
772
773 static bool
post_p_ifa(void * _attrs,struct nl_pstate * npt)774 post_p_ifa(void *_attrs, struct nl_pstate *npt)
775 {
776 struct nl_parsed_ifa *attrs = (struct nl_parsed_ifa *)_attrs;
777
778 if (!check_sa_family(attrs->ifa_address, attrs->ifa_family, "IFA_ADDRESS", npt))
779 return (false);
780 if (!check_sa_family(attrs->ifa_local, attrs->ifa_family, "IFA_LOCAL", npt))
781 return (false);
782 if (!check_sa_family(attrs->ifa_broadcast, attrs->ifa_family, "IFA_BROADADDR", npt))
783 return (false);
784
785 set_scope6(attrs->ifa_address, attrs->ifa_index);
786 set_scope6(attrs->ifa_local, attrs->ifa_index);
787
788 return (true);
789 }
790
791 NL_DECLARE_PARSER_EXT(ifa_parser, struct ifaddrmsg, NULL, nlf_p_ifa, nla_p_ifa, post_p_ifa);
792
793
794 /*
795
796 {ifa_family=AF_INET, ifa_prefixlen=8, ifa_flags=IFA_F_PERMANENT, ifa_scope=RT_SCOPE_HOST, ifa_index=if_nametoindex("lo")},
797 [
798 {{nla_len=8, nla_type=IFA_ADDRESS}, inet_addr("127.0.0.1")},
799 {{nla_len=8, nla_type=IFA_LOCAL}, inet_addr("127.0.0.1")},
800 {{nla_len=7, nla_type=IFA_LABEL}, "lo"},
801 {{nla_len=8, nla_type=IFA_FLAGS}, IFA_F_PERMANENT},
802 {{nla_len=20, nla_type=IFA_CACHEINFO}, {ifa_prefered=4294967295, ifa_valid=4294967295, cstamp=3619, tstamp=3619}}]},
803 ---
804
805 {{len=72, type=RTM_NEWADDR, flags=NLM_F_MULTI, seq=1642191126, pid=566735},
806 {ifa_family=AF_INET6, ifa_prefixlen=96, ifa_flags=IFA_F_PERMANENT, ifa_scope=RT_SCOPE_UNIVERSE, ifa_index=if_nametoindex("virbr0")},
807 [
808 {{nla_len=20, nla_type=IFA_ADDRESS}, inet_pton(AF_INET6, "2a01:4f8:13a:70c:ffff::1")},
809 {{nla_len=20, nla_type=IFA_CACHEINFO}, {ifa_prefered=4294967295, ifa_valid=4294967295, cstamp=4283, tstamp=4283}},
810 {{nla_len=8, nla_type=IFA_FLAGS}, IFA_F_PERMANENT}]},
811 */
812
813 static uint8_t
ifa_get_scope(const struct ifaddr * ifa)814 ifa_get_scope(const struct ifaddr *ifa)
815 {
816 const struct sockaddr *sa;
817 uint8_t addr_scope = RT_SCOPE_UNIVERSE;
818
819 sa = ifa->ifa_addr;
820 switch (sa->sa_family) {
821 #ifdef INET
822 case AF_INET:
823 {
824 struct in_addr addr;
825 addr = ((const struct sockaddr_in *)sa)->sin_addr;
826 if (IN_LOOPBACK(ntohl(addr.s_addr)))
827 addr_scope = RT_SCOPE_HOST;
828 else if (IN_LINKLOCAL(ntohl(addr.s_addr)))
829 addr_scope = RT_SCOPE_LINK;
830 break;
831 }
832 #endif
833 #ifdef INET6
834 case AF_INET6:
835 {
836 const struct in6_addr *addr;
837 addr = &((const struct sockaddr_in6 *)sa)->sin6_addr;
838 if (IN6_IS_ADDR_LOOPBACK(addr))
839 addr_scope = RT_SCOPE_HOST;
840 else if (IN6_IS_ADDR_LINKLOCAL(addr))
841 addr_scope = RT_SCOPE_LINK;
842 break;
843 }
844 #endif
845 }
846
847 return (addr_scope);
848 }
849
850 #ifdef INET6
851 static uint8_t
inet6_get_plen(const struct in6_addr * addr)852 inet6_get_plen(const struct in6_addr *addr)
853 {
854
855 return (bitcount32(addr->s6_addr32[0]) + bitcount32(addr->s6_addr32[1]) +
856 bitcount32(addr->s6_addr32[2]) + bitcount32(addr->s6_addr32[3]));
857 }
858 #endif
859
860 static uint8_t
get_sa_plen(const struct sockaddr * sa)861 get_sa_plen(const struct sockaddr *sa)
862 {
863 #ifdef INET
864 const struct in_addr *paddr;
865 #endif
866 #ifdef INET6
867 const struct in6_addr *paddr6;
868 #endif
869
870 switch (sa->sa_family) {
871 #ifdef INET
872 case AF_INET:
873 paddr = &(((const struct sockaddr_in *)sa)->sin_addr);
874 return bitcount32(paddr->s_addr);
875 #endif
876 #ifdef INET6
877 case AF_INET6:
878 paddr6 = &(((const struct sockaddr_in6 *)sa)->sin6_addr);
879 return inet6_get_plen(paddr6);
880 #endif
881 }
882
883 return (0);
884 }
885
886 #ifdef INET6
887 static uint32_t
in6_flags_to_nl(uint32_t flags)888 in6_flags_to_nl(uint32_t flags)
889 {
890 uint32_t nl_flags = 0;
891
892 if (flags & IN6_IFF_TEMPORARY)
893 nl_flags |= IFA_F_TEMPORARY;
894 if (flags & IN6_IFF_NODAD)
895 nl_flags |= IFA_F_NODAD;
896 if (flags & IN6_IFF_DEPRECATED)
897 nl_flags |= IFA_F_DEPRECATED;
898 if (flags & IN6_IFF_TENTATIVE)
899 nl_flags |= IFA_F_TENTATIVE;
900 if ((flags & (IN6_IFF_AUTOCONF|IN6_IFF_TEMPORARY)) == 0)
901 flags |= IFA_F_PERMANENT;
902 if (flags & IN6_IFF_DUPLICATED)
903 flags |= IFA_F_DADFAILED;
904 return (nl_flags);
905 }
906
907 static uint32_t
nl_flags_to_in6(uint32_t flags)908 nl_flags_to_in6(uint32_t flags)
909 {
910 uint32_t in6_flags = 0;
911
912 if (flags & IFA_F_TEMPORARY)
913 in6_flags |= IN6_IFF_TEMPORARY;
914 if (flags & IFA_F_NODAD)
915 in6_flags |= IN6_IFF_NODAD;
916 if (flags & IFA_F_DEPRECATED)
917 in6_flags |= IN6_IFF_DEPRECATED;
918 if (flags & IFA_F_TENTATIVE)
919 in6_flags |= IN6_IFF_TENTATIVE;
920 if (flags & IFA_F_DADFAILED)
921 in6_flags |= IN6_IFF_DUPLICATED;
922
923 return (in6_flags);
924 }
925
926 static void
export_cache_info6(struct nl_writer * nw,const struct in6_ifaddr * ia)927 export_cache_info6(struct nl_writer *nw, const struct in6_ifaddr *ia)
928 {
929 struct ifa_cacheinfo ci = {
930 .cstamp = ia->ia6_createtime * 1000,
931 .tstamp = ia->ia6_updatetime * 1000,
932 .ifa_prefered = ia->ia6_lifetime.ia6t_pltime,
933 .ifa_valid = ia->ia6_lifetime.ia6t_vltime,
934 };
935
936 nlattr_add(nw, IFA_CACHEINFO, sizeof(ci), &ci);
937 }
938 #endif
939
940 static void
export_cache_info(struct nl_writer * nw,struct ifaddr * ifa)941 export_cache_info(struct nl_writer *nw, struct ifaddr *ifa)
942 {
943 switch (ifa->ifa_addr->sa_family) {
944 #ifdef INET6
945 case AF_INET6:
946 export_cache_info6(nw, (struct in6_ifaddr *)ifa);
947 break;
948 #endif
949 }
950 }
951
952 /*
953 * {'attrs': [('IFA_ADDRESS', '12.0.0.1'),
954 ('IFA_LOCAL', '12.0.0.1'),
955 ('IFA_LABEL', 'eth10'),
956 ('IFA_FLAGS', 128),
957 ('IFA_CACHEINFO', {'ifa_preferred': 4294967295, 'ifa_valid': 4294967295, 'cstamp': 63745746, 'tstamp': 63745746})],
958 */
959 static bool
dump_iface_addr(struct nl_writer * nw,if_t ifp,struct ifaddr * ifa,const struct nlmsghdr * hdr)960 dump_iface_addr(struct nl_writer *nw, if_t ifp, struct ifaddr *ifa,
961 const struct nlmsghdr *hdr)
962 {
963 struct ifaddrmsg *ifamsg;
964 struct sockaddr *sa = ifa->ifa_addr;
965 struct sockaddr *sa_dst = ifa->ifa_dstaddr;
966
967 NL_LOG(LOG_DEBUG3, "dumping ifa %p type %s(%d) for interface %s",
968 ifa, rib_print_family(sa->sa_family), sa->sa_family, if_name(ifp));
969
970 if (!nlmsg_reply(nw, hdr, sizeof(struct ifaddrmsg)))
971 goto enomem;
972
973 ifamsg = nlmsg_reserve_object(nw, struct ifaddrmsg);
974 ifamsg->ifa_family = sa->sa_family;
975 ifamsg->ifa_prefixlen = get_sa_plen(ifa->ifa_netmask);
976 ifamsg->ifa_flags = 0; // ifa_flags is useless
977 ifamsg->ifa_scope = ifa_get_scope(ifa);
978 ifamsg->ifa_index = if_getindex(ifp);
979
980 if ((if_getflags(ifp) & IFF_POINTOPOINT) && sa_dst != NULL && sa_dst->sa_family != 0) {
981 /* P2P interface may have IPv6 LL with no dst address */
982 dump_sa(nw, IFA_ADDRESS, sa_dst);
983 dump_sa(nw, IFA_LOCAL, sa);
984 } else {
985 dump_sa(nw, IFA_ADDRESS, sa);
986 #ifdef INET
987 /*
988 * In most cases, IFA_ADDRESS == IFA_LOCAL
989 * Skip IFA_LOCAL for anything except INET
990 */
991 if (sa->sa_family == AF_INET)
992 dump_sa(nw, IFA_LOCAL, sa);
993 #endif
994 }
995 if (if_getflags(ifp) & IFF_BROADCAST)
996 dump_sa(nw, IFA_BROADCAST, ifa->ifa_broadaddr);
997
998 nlattr_add_string(nw, IFA_LABEL, if_name(ifp));
999
1000 uint32_t nl_ifa_flags = 0;
1001 #ifdef INET6
1002 if (sa->sa_family == AF_INET6) {
1003 struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa;
1004 nl_ifa_flags = in6_flags_to_nl(ia->ia6_flags);
1005 }
1006 #endif
1007 nlattr_add_u32(nw, IFA_FLAGS, nl_ifa_flags);
1008
1009 export_cache_info(nw, ifa);
1010
1011 /* Store FreeBSD-specific attributes */
1012 int off = nlattr_add_nested(nw, IFA_FREEBSD);
1013 if (off != 0) {
1014 if (ifa->ifa_carp != NULL && carp_get_vhid_p != NULL) {
1015 uint32_t vhid = (uint32_t)(*carp_get_vhid_p)(ifa);
1016 nlattr_add_u32(nw, IFAF_VHID, vhid);
1017 }
1018 #ifdef INET6
1019 if (sa->sa_family == AF_INET6) {
1020 uint32_t ifa_flags = ((struct in6_ifaddr *)ifa)->ia6_flags;
1021
1022 nlattr_add_u32(nw, IFAF_FLAGS, ifa_flags);
1023 }
1024 #endif
1025
1026 nlattr_set_len(nw, off);
1027 }
1028
1029 if (nlmsg_end(nw))
1030 return (true);
1031 enomem:
1032 NL_LOG(LOG_DEBUG, "Failed to dump ifa type %s(%d) for interface %s",
1033 rib_print_family(sa->sa_family), sa->sa_family, if_name(ifp));
1034 nlmsg_abort(nw);
1035 return (false);
1036 }
1037
1038 static int
dump_iface_addrs(struct netlink_walkargs * wa,if_t ifp)1039 dump_iface_addrs(struct netlink_walkargs *wa, if_t ifp)
1040 {
1041 struct ifaddr *ifa;
1042 struct ifa_iter it;
1043 int error = 0;
1044
1045 for (ifa = ifa_iter_start(ifp, &it); ifa != NULL; ifa = ifa_iter_next(&it)) {
1046 if (wa->family != 0 && wa->family != ifa->ifa_addr->sa_family)
1047 continue;
1048 if (ifa->ifa_addr->sa_family == AF_LINK)
1049 continue;
1050 if (prison_if(wa->cred, ifa->ifa_addr) != 0)
1051 continue;
1052 wa->count++;
1053 if (!dump_iface_addr(wa->nw, ifp, ifa, &wa->hdr)) {
1054 error = ENOMEM;
1055 break;
1056 }
1057 wa->dumped++;
1058 }
1059 ifa_iter_finish(&it);
1060
1061 return (error);
1062 }
1063
1064 static int
rtnl_handle_getaddr(struct nlmsghdr * hdr,struct nlpcb * nlp,struct nl_pstate * npt)1065 rtnl_handle_getaddr(struct nlmsghdr *hdr, struct nlpcb *nlp, struct nl_pstate *npt)
1066 {
1067 if_t ifp;
1068 int error = 0;
1069
1070 struct nl_parsed_ifa attrs = {};
1071 error = nl_parse_nlmsg(hdr, &ifa_parser, npt, &attrs);
1072 if (error != 0)
1073 return (error);
1074
1075 struct netlink_walkargs wa = {
1076 .so = nlp,
1077 .nw = npt->nw,
1078 .cred = nlp_get_cred(nlp),
1079 .family = attrs.ifa_family,
1080 .hdr.nlmsg_pid = hdr->nlmsg_pid,
1081 .hdr.nlmsg_seq = hdr->nlmsg_seq,
1082 .hdr.nlmsg_flags = hdr->nlmsg_flags | NLM_F_MULTI,
1083 .hdr.nlmsg_type = NL_RTM_NEWADDR,
1084 };
1085
1086 NL_LOG(LOG_DEBUG2, "Start dump");
1087
1088 if (attrs.ifa_index != 0) {
1089 ifp = ifnet_byindex(attrs.ifa_index);
1090 if (ifp == NULL)
1091 error = ENOENT;
1092 else
1093 error = dump_iface_addrs(&wa, ifp);
1094 } else {
1095 struct if_iter it;
1096
1097 for (ifp = if_iter_start(&it); ifp != NULL; ifp = if_iter_next(&it)) {
1098 error = dump_iface_addrs(&wa, ifp);
1099 if (error != 0)
1100 break;
1101 }
1102 if_iter_finish(&it);
1103 }
1104
1105 NL_LOG(LOG_DEBUG2, "End dump, iterated %d dumped %d", wa.count, wa.dumped);
1106
1107 if (!nlmsg_end_dump(wa.nw, error, &wa.hdr)) {
1108 NL_LOG(LOG_DEBUG, "Unable to finalize the dump");
1109 return (ENOMEM);
1110 }
1111
1112 return (error);
1113 }
1114
1115 #ifdef INET
1116 static int
handle_newaddr_inet(struct nlmsghdr * hdr,struct nl_parsed_ifa * attrs,if_t ifp,struct nlpcb * nlp,struct nl_pstate * npt)1117 handle_newaddr_inet(struct nlmsghdr *hdr, struct nl_parsed_ifa *attrs,
1118 if_t ifp, struct nlpcb *nlp, struct nl_pstate *npt)
1119 {
1120 int plen = attrs->ifa_prefixlen;
1121 int if_flags = if_getflags(ifp);
1122 struct sockaddr_in *addr, *dst;
1123
1124 if (plen > 32) {
1125 nlmsg_report_err_msg(npt, "invalid ifa_prefixlen");
1126 return (EINVAL);
1127 };
1128
1129 if (if_flags & IFF_POINTOPOINT) {
1130 /*
1131 * Only P2P IFAs are allowed by the implementation.
1132 */
1133 if (attrs->ifa_address == NULL || attrs->ifa_local == NULL) {
1134 nlmsg_report_err_msg(npt, "Empty IFA_LOCAL/IFA_ADDRESS");
1135 return (EINVAL);
1136 }
1137 addr = (struct sockaddr_in *)attrs->ifa_local;
1138 dst = (struct sockaddr_in *)attrs->ifa_address;
1139 } else {
1140 /*
1141 * Map the Netlink attributes to FreeBSD ifa layout.
1142 * If only IFA_ADDRESS or IFA_LOCAL is set OR
1143 * both are set to the same value => ifa is not p2p
1144 * and the attribute value contains interface address.
1145 *
1146 * Otherwise (both IFA_ADDRESS and IFA_LOCAL are set and
1147 * different), IFA_LOCAL contains an interface address and
1148 * IFA_ADDRESS contains peer address.
1149 */
1150 addr = (struct sockaddr_in *)attrs->ifa_local;
1151 if (addr == NULL)
1152 addr = (struct sockaddr_in *)attrs->ifa_address;
1153
1154 if (addr == NULL) {
1155 nlmsg_report_err_msg(npt, "Empty IFA_LOCAL/IFA_ADDRESS");
1156 return (EINVAL);
1157 }
1158
1159 /* Generate broadcast address if not set */
1160 if ((if_flags & IFF_BROADCAST) && attrs->ifa_broadcast == NULL) {
1161 uint32_t s_baddr;
1162 struct sockaddr_in *sin_brd;
1163
1164 if (plen == 31)
1165 s_baddr = INADDR_BROADCAST; /* RFC 3021 */
1166 else {
1167 uint32_t s_mask;
1168
1169 s_mask = htonl(plen ? ~((1 << (32 - plen)) - 1) : 0);
1170 s_baddr = addr->sin_addr.s_addr | ~s_mask;
1171 }
1172
1173 sin_brd = (struct sockaddr_in *)npt_alloc(npt, sizeof(*sin_brd));
1174 if (sin_brd == NULL)
1175 return (ENOMEM);
1176 sin_brd->sin_family = AF_INET;
1177 sin_brd->sin_len = sizeof(*sin_brd);
1178 sin_brd->sin_addr.s_addr = s_baddr;
1179 attrs->ifa_broadcast = (struct sockaddr *)sin_brd;
1180 }
1181 dst = (struct sockaddr_in *)attrs->ifa_broadcast;
1182 }
1183
1184 struct sockaddr_in mask = {
1185 .sin_len = sizeof(struct sockaddr_in),
1186 .sin_family = AF_INET,
1187 .sin_addr.s_addr = htonl(plen ? ~((1 << (32 - plen)) - 1) : 0),
1188 };
1189 struct in_aliasreq req = {
1190 .ifra_addr = *addr,
1191 .ifra_mask = mask,
1192 .ifra_vhid = attrs->ifaf_vhid,
1193 };
1194 if (dst != NULL)
1195 req.ifra_dstaddr = *dst;
1196
1197 return (in_control_ioctl(SIOCAIFADDR, &req, ifp, nlp_get_cred(nlp)));
1198 }
1199
1200 static int
handle_deladdr_inet(struct nlmsghdr * hdr,struct nl_parsed_ifa * attrs,if_t ifp,struct nlpcb * nlp,struct nl_pstate * npt)1201 handle_deladdr_inet(struct nlmsghdr *hdr, struct nl_parsed_ifa *attrs,
1202 if_t ifp, struct nlpcb *nlp, struct nl_pstate *npt)
1203 {
1204 struct sockaddr *addr = attrs->ifa_local;
1205
1206 if (addr == NULL)
1207 addr = attrs->ifa_address;
1208
1209 if (addr == NULL) {
1210 nlmsg_report_err_msg(npt, "empty IFA_ADDRESS/IFA_LOCAL");
1211 return (EINVAL);
1212 }
1213
1214 struct ifreq req = { .ifr_addr = *addr };
1215
1216 return (in_control_ioctl(SIOCDIFADDR, &req, ifp, nlp_get_cred(nlp)));
1217 }
1218 #endif
1219
1220 #ifdef INET6
1221 static int
handle_newaddr_inet6(struct nlmsghdr * hdr,struct nl_parsed_ifa * attrs,if_t ifp,struct nlpcb * nlp,struct nl_pstate * npt)1222 handle_newaddr_inet6(struct nlmsghdr *hdr, struct nl_parsed_ifa *attrs,
1223 if_t ifp, struct nlpcb *nlp, struct nl_pstate *npt)
1224 {
1225 struct sockaddr_in6 *addr, *dst;
1226
1227 if (attrs->ifa_prefixlen > 128) {
1228 nlmsg_report_err_msg(npt, "invalid ifa_prefixlen");
1229 return (EINVAL);
1230 }
1231
1232 /*
1233 * In IPv6 implementation, adding non-P2P address to the P2P interface
1234 * is allowed.
1235 */
1236 addr = (struct sockaddr_in6 *)(attrs->ifa_local);
1237 dst = (struct sockaddr_in6 *)(attrs->ifa_address);
1238
1239 if (addr == NULL) {
1240 addr = dst;
1241 dst = NULL;
1242 } else if (dst != NULL) {
1243 if (IN6_ARE_ADDR_EQUAL(&addr->sin6_addr, &dst->sin6_addr)) {
1244 /*
1245 * Sometimes Netlink users fills in both attributes
1246 * with the same address. It still means "non-p2p".
1247 */
1248 dst = NULL;
1249 }
1250 }
1251
1252 if (addr == NULL) {
1253 nlmsg_report_err_msg(npt, "Empty IFA_LOCAL/IFA_ADDRESS");
1254 return (EINVAL);
1255 }
1256
1257 uint32_t flags = nl_flags_to_in6(attrs->ifa_flags) | attrs->ifaf_flags;
1258
1259 uint32_t pltime = 0, vltime = 0;
1260 if (attrs->ifa_cacheinfo != 0) {
1261 pltime = attrs->ifa_cacheinfo->ifa_prefered;
1262 vltime = attrs->ifa_cacheinfo->ifa_valid;
1263 }
1264
1265 struct sockaddr_in6 mask = {
1266 .sin6_len = sizeof(struct sockaddr_in6),
1267 .sin6_family = AF_INET6,
1268 };
1269 ip6_writemask(&mask.sin6_addr, attrs->ifa_prefixlen);
1270
1271 struct in6_aliasreq req = {
1272 .ifra_addr = *addr,
1273 .ifra_prefixmask = mask,
1274 .ifra_flags = flags,
1275 .ifra_lifetime = { .ia6t_vltime = vltime, .ia6t_pltime = pltime },
1276 .ifra_vhid = attrs->ifaf_vhid,
1277 };
1278 if (dst != NULL)
1279 req.ifra_dstaddr = *dst;
1280
1281 return (in6_control_ioctl(SIOCAIFADDR_IN6, &req, ifp, nlp_get_cred(nlp)));
1282 }
1283
1284 static int
handle_deladdr_inet6(struct nlmsghdr * hdr,struct nl_parsed_ifa * attrs,if_t ifp,struct nlpcb * nlp,struct nl_pstate * npt)1285 handle_deladdr_inet6(struct nlmsghdr *hdr, struct nl_parsed_ifa *attrs,
1286 if_t ifp, struct nlpcb *nlp, struct nl_pstate *npt)
1287 {
1288 struct sockaddr_in6 *addr = (struct sockaddr_in6 *)attrs->ifa_local;
1289
1290 if (addr == NULL)
1291 addr = (struct sockaddr_in6 *)(attrs->ifa_address);
1292
1293 if (addr == NULL) {
1294 nlmsg_report_err_msg(npt, "Empty IFA_LOCAL/IFA_ADDRESS");
1295 return (EINVAL);
1296 }
1297
1298 struct in6_ifreq req = { .ifr_addr = *addr };
1299
1300 return (in6_control_ioctl(SIOCDIFADDR_IN6, &req, ifp, nlp_get_cred(nlp)));
1301 }
1302 #endif
1303
1304
1305 static int
rtnl_handle_addr(struct nlmsghdr * hdr,struct nlpcb * nlp,struct nl_pstate * npt)1306 rtnl_handle_addr(struct nlmsghdr *hdr, struct nlpcb *nlp, struct nl_pstate *npt)
1307 {
1308 struct epoch_tracker et;
1309 int error;
1310
1311 struct nl_parsed_ifa attrs = {};
1312 error = nl_parse_nlmsg(hdr, &ifa_parser, npt, &attrs);
1313 if (error != 0)
1314 return (error);
1315
1316 NET_EPOCH_ENTER(et);
1317 if_t ifp = ifnet_byindex_ref(attrs.ifa_index);
1318 NET_EPOCH_EXIT(et);
1319
1320 if (ifp == NULL) {
1321 nlmsg_report_err_msg(npt, "Unable to find interface with index %u",
1322 attrs.ifa_index);
1323 return (ENOENT);
1324 }
1325 int if_flags = if_getflags(ifp);
1326
1327 #if defined(INET) || defined(INET6)
1328 bool new = hdr->nlmsg_type == NL_RTM_NEWADDR;
1329 #endif
1330
1331 /*
1332 * TODO: Properly handle NLM_F_CREATE / NLM_F_EXCL.
1333 * The current ioctl-based KPI always does an implicit create-or-replace.
1334 * It is not possible to specify fine-grained options.
1335 */
1336
1337 switch (attrs.ifa_family) {
1338 #ifdef INET
1339 case AF_INET:
1340 if (new)
1341 error = handle_newaddr_inet(hdr, &attrs, ifp, nlp, npt);
1342 else
1343 error = handle_deladdr_inet(hdr, &attrs, ifp, nlp, npt);
1344 break;
1345 #endif
1346 #ifdef INET6
1347 case AF_INET6:
1348 if (new)
1349 error = handle_newaddr_inet6(hdr, &attrs, ifp, nlp, npt);
1350 else
1351 error = handle_deladdr_inet6(hdr, &attrs, ifp, nlp, npt);
1352 break;
1353 #endif
1354 default:
1355 error = EAFNOSUPPORT;
1356 }
1357
1358 if (error == 0 && !(if_flags & IFF_UP) && (if_getflags(ifp) & IFF_UP))
1359 if_up(ifp);
1360
1361 if_rele(ifp);
1362
1363 return (error);
1364 }
1365
1366
1367 static void
rtnl_handle_ifaddr(void * arg __unused,struct ifaddr * ifa,int cmd)1368 rtnl_handle_ifaddr(void *arg __unused, struct ifaddr *ifa, int cmd)
1369 {
1370 struct nlmsghdr hdr = {};
1371 struct nl_writer nw;
1372 uint32_t group = 0;
1373
1374 switch (ifa->ifa_addr->sa_family) {
1375 #ifdef INET
1376 case AF_INET:
1377 group = RTNLGRP_IPV4_IFADDR;
1378 break;
1379 #endif
1380 #ifdef INET6
1381 case AF_INET6:
1382 group = RTNLGRP_IPV6_IFADDR;
1383 break;
1384 #endif
1385 default:
1386 NL_LOG(LOG_DEBUG2, "ifa notification for unknown AF: %d",
1387 ifa->ifa_addr->sa_family);
1388 return;
1389 }
1390
1391 if (!nl_writer_group(&nw, NLMSG_LARGE, NETLINK_ROUTE, group, 0,
1392 false)) {
1393 NL_LOG(LOG_DEBUG, "error allocating group writer");
1394 return;
1395 }
1396
1397 hdr.nlmsg_type = (cmd == RTM_DELETE) ? NL_RTM_DELADDR : NL_RTM_NEWADDR;
1398
1399 dump_iface_addr(&nw, ifa->ifa_ifp, ifa, &hdr);
1400 nlmsg_flush(&nw);
1401 }
1402
1403 static void
rtnl_handle_ifevent(if_t ifp,int nlmsg_type,int if_flags_mask,const char * ifname)1404 rtnl_handle_ifevent(if_t ifp, int nlmsg_type, int if_flags_mask,
1405 const char *ifname)
1406 {
1407 struct nlmsghdr hdr = { .nlmsg_type = nlmsg_type };
1408 struct nl_writer nw;
1409
1410 if (!nl_writer_group(&nw, NLMSG_LARGE, NETLINK_ROUTE, RTNLGRP_LINK, 0,
1411 false)) {
1412 NL_LOG(LOG_DEBUG, "error allocating group writer");
1413 return;
1414 }
1415 dump_iface(&nw, ifp, &hdr, if_flags_mask, ifname);
1416 nlmsg_flush(&nw);
1417 }
1418
1419 static void
rtnl_handle_ifattach(void * arg,if_t ifp)1420 rtnl_handle_ifattach(void *arg, if_t ifp)
1421 {
1422 NL_LOG(LOG_DEBUG2, "ifnet %s", if_name(ifp));
1423 rtnl_handle_ifevent(ifp, NL_RTM_NEWLINK, 0, NULL);
1424 }
1425
1426 static void
rtnl_handle_ifdetach(void * arg,if_t ifp)1427 rtnl_handle_ifdetach(void *arg, if_t ifp)
1428 {
1429 NL_LOG(LOG_DEBUG2, "ifnet %s", if_name(ifp));
1430 rtnl_handle_ifevent(ifp, NL_RTM_DELLINK, 0, NULL);
1431 }
1432
1433 static void
rtnl_handle_ifrename(void * arg,if_t ifp,const char * old_name)1434 rtnl_handle_ifrename(void *arg, if_t ifp, const char *old_name)
1435 {
1436 rtnl_handle_ifevent(ifp, NL_RTM_DELLINK, 0, old_name);
1437 rtnl_handle_ifevent(ifp, NL_RTM_NEWLINK, 0, NULL);
1438 }
1439
1440 static void
rtnl_handle_iflink(void * arg,if_t ifp,int link_state __unused)1441 rtnl_handle_iflink(void *arg, if_t ifp, int link_state __unused)
1442 {
1443 NL_LOG(LOG_DEBUG2, "ifnet %s", if_name(ifp));
1444 rtnl_handle_ifevent(ifp, NL_RTM_NEWLINK, 0, NULL);
1445 }
1446
1447 void
rtnl_handle_ifnet_event(if_t ifp,int if_flags_mask)1448 rtnl_handle_ifnet_event(if_t ifp, int if_flags_mask)
1449 {
1450 NL_LOG(LOG_DEBUG2, "ifnet %s", if_name(ifp));
1451 rtnl_handle_ifevent(ifp, NL_RTM_NEWLINK, if_flags_mask, NULL);
1452 }
1453
1454 static const struct rtnl_cmd_handler cmd_handlers[] = {
1455 {
1456 .cmd = NL_RTM_GETLINK,
1457 .name = "RTM_GETLINK",
1458 .cb = &rtnl_handle_getlink,
1459 .flags = RTNL_F_NOEPOCH | RTNL_F_ALLOW_NONVNET_JAIL,
1460 },
1461 {
1462 .cmd = NL_RTM_DELLINK,
1463 .name = "RTM_DELLINK",
1464 .cb = &rtnl_handle_dellink,
1465 .priv = PRIV_NET_IFDESTROY,
1466 .flags = RTNL_F_NOEPOCH,
1467 },
1468 {
1469 .cmd = NL_RTM_NEWLINK,
1470 .name = "RTM_NEWLINK",
1471 .cb = &rtnl_handle_newlink,
1472 .priv = PRIV_NET_IFCREATE,
1473 .flags = RTNL_F_NOEPOCH,
1474 },
1475 {
1476 .cmd = NL_RTM_GETADDR,
1477 .name = "RTM_GETADDR",
1478 .cb = &rtnl_handle_getaddr,
1479 .flags = RTNL_F_ALLOW_NONVNET_JAIL,
1480 },
1481 {
1482 .cmd = NL_RTM_NEWADDR,
1483 .name = "RTM_NEWADDR",
1484 .cb = &rtnl_handle_addr,
1485 .priv = PRIV_NET_ADDIFADDR,
1486 .flags = RTNL_F_NOEPOCH,
1487 },
1488 {
1489 .cmd = NL_RTM_DELADDR,
1490 .name = "RTM_DELADDR",
1491 .cb = &rtnl_handle_addr,
1492 .priv = PRIV_NET_DELIFADDR,
1493 .flags = RTNL_F_NOEPOCH,
1494 },
1495 };
1496
1497 static const struct nlhdr_parser *all_parsers[] = {
1498 &ifmsg_parser, &ifa_parser, &ifa_fbsd_parser,
1499 };
1500
1501 void
rtnl_iface_add_cloner(struct nl_cloner * cloner)1502 rtnl_iface_add_cloner(struct nl_cloner *cloner)
1503 {
1504 sx_xlock(&rtnl_cloner_lock);
1505 SLIST_INSERT_HEAD(&nl_cloners, cloner, next);
1506 sx_xunlock(&rtnl_cloner_lock);
1507 }
1508
1509 void
rtnl_iface_del_cloner(struct nl_cloner * cloner)1510 rtnl_iface_del_cloner(struct nl_cloner *cloner)
1511 {
1512 sx_xlock(&rtnl_cloner_lock);
1513 SLIST_REMOVE(&nl_cloners, cloner, nl_cloner, next);
1514 sx_xunlock(&rtnl_cloner_lock);
1515 }
1516
1517 void
rtnl_ifaces_init(void)1518 rtnl_ifaces_init(void)
1519 {
1520 ifattach_event = EVENTHANDLER_REGISTER(
1521 ifnet_attached_event, rtnl_handle_ifattach, NULL,
1522 EVENTHANDLER_PRI_ANY);
1523 ifdetach_event = EVENTHANDLER_REGISTER(
1524 ifnet_departure_event, rtnl_handle_ifdetach, NULL,
1525 EVENTHANDLER_PRI_ANY);
1526 ifrename_event = EVENTHANDLER_REGISTER(
1527 ifnet_rename_event, rtnl_handle_ifrename, NULL,
1528 EVENTHANDLER_PRI_ANY);
1529 ifaddr_event = EVENTHANDLER_REGISTER(
1530 rt_addrmsg, rtnl_handle_ifaddr, NULL,
1531 EVENTHANDLER_PRI_ANY);
1532 iflink_event = EVENTHANDLER_REGISTER(
1533 ifnet_link_event, rtnl_handle_iflink, NULL,
1534 EVENTHANDLER_PRI_ANY);
1535 NL_VERIFY_PARSERS(all_parsers);
1536 rtnl_register_messages(cmd_handlers, nitems(cmd_handlers));
1537 }
1538
1539 void
rtnl_ifaces_destroy(void)1540 rtnl_ifaces_destroy(void)
1541 {
1542 EVENTHANDLER_DEREGISTER(ifnet_arrival_event, ifattach_event);
1543 EVENTHANDLER_DEREGISTER(ifnet_departure_event, ifdetach_event);
1544 EVENTHANDLER_DEREGISTER(ifnet_rename_event, ifrename_event);
1545 EVENTHANDLER_DEREGISTER(rt_addrmsg, ifaddr_event);
1546 EVENTHANDLER_DEREGISTER(ifnet_link_event, iflink_event);
1547 }
1548