1 /*-
2 * SPDX-License-Identifier: BSD-2-Clause
3 *
4 * Copyright (c) 2022 Alexander V. Chernikov <melifaro@FreeBSD.org>
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25 * SUCH DAMAGE.
26 */
27
28 #include <sys/cdefs.h>
29 #include "opt_inet.h"
30 #include "opt_inet6.h"
31 #include <sys/types.h>
32 #include <sys/eventhandler.h>
33 #include <sys/kernel.h>
34 #include <sys/jail.h>
35 #include <sys/malloc.h>
36 #include <sys/socket.h>
37 #include <sys/sockio.h>
38 #include <sys/syslog.h>
39
40 #include <net/if.h>
41 #include <net/if_dl.h>
42 #include <net/if_media.h>
43 #include <net/if_var.h>
44 #include <net/if_clone.h>
45 #include <net/route.h>
46 #include <net/route/nhop.h>
47 #include <net/route/route_ctl.h>
48 #include <netinet/in_var.h>
49 #include <netinet6/in6_var.h>
50 #include <netinet6/scope6_var.h> /* scope deembedding */
51 #include <netlink/netlink.h>
52 #include <netlink/netlink_ctl.h>
53 #include <netlink/netlink_route.h>
54 #include <netlink/route/route_var.h>
55
56 #define DEBUG_MOD_NAME nl_iface
57 #define DEBUG_MAX_LEVEL LOG_DEBUG3
58 #include <netlink/netlink_debug.h>
59 _DECLARE_DEBUG(LOG_INFO);
60
61 struct netlink_walkargs {
62 struct nl_writer *nw;
63 struct nlmsghdr hdr;
64 struct nlpcb *so;
65 struct ucred *cred;
66 uint32_t fibnum;
67 int family;
68 int error;
69 int count;
70 int dumped;
71 };
72
73 static eventhandler_tag ifdetach_event, ifattach_event, iflink_event, ifaddr_event;
74
75 static SLIST_HEAD(, nl_cloner) nl_cloners = SLIST_HEAD_INITIALIZER(nl_cloners);
76
77 static struct sx rtnl_cloner_lock;
78 SX_SYSINIT(rtnl_cloner_lock, &rtnl_cloner_lock, "rtnl cloner lock");
79
80 /* These are external hooks for CARP. */
81 extern int (*carp_get_vhid_p)(struct ifaddr *);
82
83 /*
84 * RTM_GETLINK request
85 * sendto(3, {{len=32, type=RTM_GETLINK, flags=NLM_F_REQUEST|NLM_F_DUMP, seq=1641940952, pid=0},
86 * {ifi_family=AF_INET, ifi_type=ARPHRD_NETROM, ifi_index=0, ifi_flags=0, ifi_change=0}}, 32, 0, NULL, 0) = 32
87 *
88 * Reply:
89 * {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_ETHER, ifi_index=if_nametoindex("enp0s31f6"), ifi_flags=IFF_UP|IFF_BROADCAST|IFF_RUNNING|IFF_MULTICAST|IFF_LOWER_UP, ifi_change=0},
90 {{nla_len=10, nla_type=IFLA_ADDRESS}, "\xfe\x54\x00\x52\x3e\x90"}
91
92 [
93 {{nla_len=14, nla_type=IFLA_IFNAME}, "enp0s31f6"},
94 {{nla_len=8, nla_type=IFLA_TXQLEN}, 1000},
95 {{nla_len=5, nla_type=IFLA_OPERSTATE}, 6},
96 {{nla_len=5, nla_type=IFLA_LINKMODE}, 0},
97 {{nla_len=8, nla_type=IFLA_MTU}, 1500},
98 {{nla_len=8, nla_type=IFLA_MIN_MTU}, 68},
99 {{nla_len=8, nla_type=IFLA_MAX_MTU}, 9000},
100 {{nla_len=8, nla_type=IFLA_GROUP}, 0},
101 {{nla_len=8, nla_type=IFLA_PROMISCUITY}, 0},
102 {{nla_len=8, nla_type=IFLA_NUM_TX_QUEUES}, 1},
103 {{nla_len=8, nla_type=IFLA_GSO_MAX_SEGS}, 65535},
104 {{nla_len=8, nla_type=IFLA_GSO_MAX_SIZE}, 65536},
105 {{nla_len=8, nla_type=IFLA_NUM_RX_QUEUES}, 1},
106 {{nla_len=5, nla_type=IFLA_CARRIER}, 1},
107 {{nla_len=13, nla_type=IFLA_QDISC}, "fq_codel"},
108 {{nla_len=8, nla_type=IFLA_CARRIER_CHANGES}, 2},
109 {{nla_len=5, nla_type=IFLA_PROTO_DOWN}, 0},
110 {{nla_len=8, nla_type=IFLA_CARRIER_UP_COUNT}, 1},
111 {{nla_len=8, nla_type=IFLA_CARRIER_DOWN_COUNT}, 1},
112 */
113
114 struct if_state {
115 uint8_t ifla_operstate;
116 uint8_t ifla_carrier;
117 };
118
119 static void
get_operstate_ether(if_t ifp,struct if_state * pstate)120 get_operstate_ether(if_t ifp, struct if_state *pstate)
121 {
122 struct ifmediareq ifmr = {};
123 int error;
124 error = if_ioctl(ifp, SIOCGIFMEDIA, (void *)&ifmr);
125
126 if (error != 0) {
127 NL_LOG(LOG_DEBUG, "error calling SIOCGIFMEDIA on %s: %d",
128 if_name(ifp), error);
129 return;
130 }
131
132 switch (IFM_TYPE(ifmr.ifm_active)) {
133 case IFM_ETHER:
134 if (ifmr.ifm_status & IFM_ACTIVE) {
135 pstate->ifla_carrier = 1;
136 if (if_getflags(ifp) & IFF_MONITOR)
137 pstate->ifla_operstate = IF_OPER_DORMANT;
138 else
139 pstate->ifla_operstate = IF_OPER_UP;
140 } else
141 pstate->ifla_operstate = IF_OPER_DOWN;
142 }
143 }
144
145 static bool
get_stats(struct nl_writer * nw,if_t ifp)146 get_stats(struct nl_writer *nw, if_t ifp)
147 {
148 struct rtnl_link_stats64 *stats;
149
150 int nla_len = sizeof(struct nlattr) + sizeof(*stats);
151 struct nlattr *nla = nlmsg_reserve_data(nw, nla_len, struct nlattr);
152 if (nla == NULL)
153 return (false);
154 nla->nla_type = IFLA_STATS64;
155 nla->nla_len = nla_len;
156 stats = (struct rtnl_link_stats64 *)(nla + 1);
157
158 stats->rx_packets = if_getcounter(ifp, IFCOUNTER_IPACKETS);
159 stats->tx_packets = if_getcounter(ifp, IFCOUNTER_OPACKETS);
160 stats->rx_bytes = if_getcounter(ifp, IFCOUNTER_IBYTES);
161 stats->tx_bytes = if_getcounter(ifp, IFCOUNTER_OBYTES);
162 stats->rx_errors = if_getcounter(ifp, IFCOUNTER_IERRORS);
163 stats->tx_errors = if_getcounter(ifp, IFCOUNTER_OERRORS);
164 stats->rx_dropped = if_getcounter(ifp, IFCOUNTER_IQDROPS);
165 stats->tx_dropped = if_getcounter(ifp, IFCOUNTER_OQDROPS);
166 stats->multicast = if_getcounter(ifp, IFCOUNTER_IMCASTS);
167 stats->rx_nohandler = if_getcounter(ifp, IFCOUNTER_NOPROTO);
168
169 return (true);
170 }
171
172 static void
get_operstate(if_t ifp,struct if_state * pstate)173 get_operstate(if_t ifp, struct if_state *pstate)
174 {
175 pstate->ifla_operstate = IF_OPER_UNKNOWN;
176 pstate->ifla_carrier = 0; /* no carrier */
177
178 switch (if_gettype(ifp)) {
179 case IFT_ETHER:
180 case IFT_L2VLAN:
181 get_operstate_ether(ifp, pstate);
182 break;
183 default:
184 /* Map admin state to the operstate */
185 if (if_getflags(ifp) & IFF_UP) {
186 pstate->ifla_operstate = IF_OPER_UP;
187 pstate->ifla_carrier = 1;
188 } else
189 pstate->ifla_operstate = IF_OPER_DOWN;
190 break;
191 }
192 }
193
194 static void
get_hwaddr(struct nl_writer * nw,if_t ifp)195 get_hwaddr(struct nl_writer *nw, if_t ifp)
196 {
197 struct ifreq ifr = {};
198
199 if (if_gethwaddr(ifp, &ifr) == 0) {
200 nlattr_add(nw, IFLAF_ORIG_HWADDR, if_getaddrlen(ifp),
201 ifr.ifr_addr.sa_data);
202 }
203 }
204
205 static unsigned
ifp_flags_to_netlink(const if_t ifp)206 ifp_flags_to_netlink(const if_t ifp)
207 {
208 return (if_getflags(ifp) | if_getdrvflags(ifp));
209 }
210
211 #define LLADDR_CONST(s) ((const void *)((s)->sdl_data + (s)->sdl_nlen))
212 static bool
dump_sa(struct nl_writer * nw,int attr,const struct sockaddr * sa)213 dump_sa(struct nl_writer *nw, int attr, const struct sockaddr *sa)
214 {
215 uint32_t addr_len = 0;
216 const void *addr_data = NULL;
217 #ifdef INET6
218 struct in6_addr addr6;
219 #endif
220
221 if (sa == NULL)
222 return (true);
223
224 switch (sa->sa_family) {
225 #ifdef INET
226 case AF_INET:
227 addr_len = sizeof(struct in_addr);
228 addr_data = &((const struct sockaddr_in *)sa)->sin_addr;
229 break;
230 #endif
231 #ifdef INET6
232 case AF_INET6:
233 in6_splitscope(&((const struct sockaddr_in6 *)sa)->sin6_addr, &addr6, &addr_len);
234 addr_len = sizeof(struct in6_addr);
235 addr_data = &addr6;
236 break;
237 #endif
238 case AF_LINK:
239 addr_len = ((const struct sockaddr_dl *)sa)->sdl_alen;
240 addr_data = LLADDR_CONST((const struct sockaddr_dl *)sa);
241 break;
242 case AF_UNSPEC:
243 /* Ignore empty SAs without warning */
244 return (true);
245 default:
246 NL_LOG(LOG_DEBUG2, "unsupported family: %d, skipping", sa->sa_family);
247 return (true);
248 }
249
250 return (nlattr_add(nw, attr, addr_len, addr_data));
251 }
252
253 static bool
dump_iface_caps(struct nl_writer * nw,struct ifnet * ifp)254 dump_iface_caps(struct nl_writer *nw, struct ifnet *ifp)
255 {
256 int off = nlattr_add_nested(nw, IFLAF_CAPS);
257 uint32_t active_caps[roundup2(IFCAP_B_SIZE, 32) / 32] = {};
258 uint32_t all_caps[roundup2(IFCAP_B_SIZE, 32) / 32] = {};
259
260 MPASS(sizeof(active_caps) >= 8);
261 MPASS(sizeof(all_caps) >= 8);
262
263 if (off == 0)
264 return (false);
265
266 active_caps[0] = (uint32_t)if_getcapabilities(ifp);
267 all_caps[0] = (uint32_t)if_getcapenable(ifp);
268 active_caps[1] = (uint32_t)if_getcapabilities2(ifp);
269 all_caps[1] = (uint32_t)if_getcapenable2(ifp);
270
271 nlattr_add_u32(nw, NLA_BITSET_SIZE, IFCAP_B_SIZE);
272 nlattr_add(nw, NLA_BITSET_MASK, sizeof(all_caps), all_caps);
273 nlattr_add(nw, NLA_BITSET_VALUE, sizeof(active_caps), active_caps);
274
275 nlattr_set_len(nw, off);
276
277 return (true);
278 }
279
280 /*
281 * Dumps interface state, properties and metrics.
282 * @nw: message writer
283 * @ifp: target interface
284 * @hdr: template header
285 * @if_flags_mask: changed if_[drv]_flags bitmask
286 *
287 * This function is called without epoch and MAY sleep.
288 */
289 static bool
dump_iface(struct nl_writer * nw,if_t ifp,const struct nlmsghdr * hdr,int if_flags_mask)290 dump_iface(struct nl_writer *nw, if_t ifp, const struct nlmsghdr *hdr,
291 int if_flags_mask)
292 {
293 struct epoch_tracker et;
294 struct ifinfomsg *ifinfo;
295
296 NL_LOG(LOG_DEBUG3, "dumping interface %s data", if_name(ifp));
297
298 if (!nlmsg_reply(nw, hdr, sizeof(struct ifinfomsg)))
299 goto enomem;
300
301 ifinfo = nlmsg_reserve_object(nw, struct ifinfomsg);
302 ifinfo->ifi_family = AF_UNSPEC;
303 ifinfo->__ifi_pad = 0;
304 ifinfo->ifi_type = if_gettype(ifp);
305 ifinfo->ifi_index = if_getindex(ifp);
306 ifinfo->ifi_flags = ifp_flags_to_netlink(ifp);
307 ifinfo->ifi_change = if_flags_mask;
308
309 struct if_state ifs = {};
310 get_operstate(ifp, &ifs);
311
312 if (ifs.ifla_operstate == IF_OPER_UP)
313 ifinfo->ifi_flags |= IFF_LOWER_UP;
314
315 nlattr_add_string(nw, IFLA_IFNAME, if_name(ifp));
316 nlattr_add_u8(nw, IFLA_OPERSTATE, ifs.ifla_operstate);
317 nlattr_add_u8(nw, IFLA_CARRIER, ifs.ifla_carrier);
318
319 /*
320 nlattr_add_u8(nw, IFLA_PROTO_DOWN, val);
321 nlattr_add_u8(nw, IFLA_LINKMODE, val);
322 */
323 if (if_getaddrlen(ifp) != 0) {
324 struct ifaddr *ifa;
325 struct ifa_iter it;
326
327 NET_EPOCH_ENTER(et);
328 ifa = ifa_iter_start(ifp, &it);
329 if (ifa != NULL)
330 dump_sa(nw, IFLA_ADDRESS, ifa->ifa_addr);
331 ifa_iter_finish(&it);
332 NET_EPOCH_EXIT(et);
333 }
334
335 if ((if_getbroadcastaddr(ifp) != NULL)) {
336 nlattr_add(nw, IFLA_BROADCAST, if_getaddrlen(ifp),
337 if_getbroadcastaddr(ifp));
338 }
339
340 nlattr_add_u32(nw, IFLA_MTU, if_getmtu(ifp));
341 /*
342 nlattr_add_u32(nw, IFLA_MIN_MTU, 60);
343 nlattr_add_u32(nw, IFLA_MAX_MTU, 9000);
344 nlattr_add_u32(nw, IFLA_GROUP, 0);
345 */
346
347 if (if_getdescr(ifp) != NULL)
348 nlattr_add_string(nw, IFLA_IFALIAS, if_getdescr(ifp));
349
350 /* Store FreeBSD-specific attributes */
351 int off = nlattr_add_nested(nw, IFLA_FREEBSD);
352 if (off != 0) {
353 get_hwaddr(nw, ifp);
354 dump_iface_caps(nw, ifp);
355
356 nlattr_set_len(nw, off);
357 }
358
359 get_stats(nw, ifp);
360
361 uint32_t val = (if_getflags(ifp) & IFF_PROMISC) != 0;
362 nlattr_add_u32(nw, IFLA_PROMISCUITY, val);
363
364 ifc_dump_ifp_nl(ifp, nw);
365
366 if (nlmsg_end(nw))
367 return (true);
368
369 enomem:
370 NL_LOG(LOG_DEBUG, "unable to dump interface %s state (ENOMEM)", if_name(ifp));
371 nlmsg_abort(nw);
372 return (false);
373 }
374
375 static bool
check_ifmsg(void * hdr,struct nl_pstate * npt)376 check_ifmsg(void *hdr, struct nl_pstate *npt)
377 {
378 struct ifinfomsg *ifm = hdr;
379
380 if (ifm->__ifi_pad != 0 || ifm->ifi_type != 0 ||
381 ifm->ifi_flags != 0 || ifm->ifi_change != 0) {
382 nlmsg_report_err_msg(npt,
383 "strict checking: non-zero values in ifinfomsg header");
384 return (false);
385 }
386
387 return (true);
388 }
389
390 #define _IN(_field) offsetof(struct ifinfomsg, _field)
391 #define _OUT(_field) offsetof(struct nl_parsed_link, _field)
392 static const struct nlfield_parser nlf_p_if[] = {
393 { .off_in = _IN(ifi_type), .off_out = _OUT(ifi_type), .cb = nlf_get_u16 },
394 { .off_in = _IN(ifi_index), .off_out = _OUT(ifi_index), .cb = nlf_get_u32 },
395 { .off_in = _IN(ifi_flags), .off_out = _OUT(ifi_flags), .cb = nlf_get_u32 },
396 { .off_in = _IN(ifi_change), .off_out = _OUT(ifi_change), .cb = nlf_get_u32 },
397 };
398
399 static const struct nlattr_parser nla_p_linfo[] = {
400 { .type = IFLA_INFO_KIND, .off = _OUT(ifla_cloner), .cb = nlattr_get_stringn },
401 { .type = IFLA_INFO_DATA, .off = _OUT(ifla_idata), .cb = nlattr_get_nla },
402 };
403 NL_DECLARE_ATTR_PARSER(linfo_parser, nla_p_linfo);
404
405 static const struct nlattr_parser nla_p_if[] = {
406 { .type = IFLA_IFNAME, .off = _OUT(ifla_ifname), .cb = nlattr_get_string },
407 { .type = IFLA_MTU, .off = _OUT(ifla_mtu), .cb = nlattr_get_uint32 },
408 { .type = IFLA_LINK, .off = _OUT(ifla_link), .cb = nlattr_get_uint32 },
409 { .type = IFLA_LINKINFO, .arg = &linfo_parser, .cb = nlattr_get_nested },
410 { .type = IFLA_IFALIAS, .off = _OUT(ifla_ifalias), .cb = nlattr_get_string },
411 { .type = IFLA_GROUP, .off = _OUT(ifla_group), .cb = nlattr_get_string },
412 { .type = IFLA_ALT_IFNAME, .off = _OUT(ifla_ifname), .cb = nlattr_get_string },
413 };
414 #undef _IN
415 #undef _OUT
416 NL_DECLARE_STRICT_PARSER(ifmsg_parser, struct ifinfomsg, check_ifmsg, nlf_p_if, nla_p_if);
417
418 static bool
match_iface(if_t ifp,void * _arg)419 match_iface(if_t ifp, void *_arg)
420 {
421 struct nl_parsed_link *attrs = (struct nl_parsed_link *)_arg;
422
423 if (attrs->ifi_index != 0 && attrs->ifi_index != if_getindex(ifp))
424 return (false);
425 if (attrs->ifi_type != 0 && attrs->ifi_index != if_gettype(ifp))
426 return (false);
427 if (attrs->ifla_ifname != NULL && strcmp(attrs->ifla_ifname, if_name(ifp)))
428 return (false);
429 /* TODO: add group match */
430
431 return (true);
432 }
433
434 static int
dump_cb(if_t ifp,void * _arg)435 dump_cb(if_t ifp, void *_arg)
436 {
437 struct netlink_walkargs *wa = (struct netlink_walkargs *)_arg;
438 if (!dump_iface(wa->nw, ifp, &wa->hdr, 0))
439 return (ENOMEM);
440 return (0);
441 }
442
443 /*
444 * {nlmsg_len=52, nlmsg_type=RTM_GETLINK, nlmsg_flags=NLM_F_REQUEST, nlmsg_seq=1662842818, nlmsg_pid=0},
445 * {ifi_family=AF_PACKET, ifi_type=ARPHRD_NETROM, ifi_index=0, ifi_flags=0, ifi_change=0},
446 * [
447 * [{nla_len=10, nla_type=IFLA_IFNAME}, "vnet9"],
448 * [{nla_len=8, nla_type=IFLA_EXT_MASK}, RTEXT_FILTER_VF]
449 * ]
450 */
451 static int
rtnl_handle_getlink(struct nlmsghdr * hdr,struct nlpcb * nlp,struct nl_pstate * npt)452 rtnl_handle_getlink(struct nlmsghdr *hdr, struct nlpcb *nlp, struct nl_pstate *npt)
453 {
454 struct epoch_tracker et;
455 if_t ifp;
456 int error = 0;
457
458 struct nl_parsed_link attrs = {};
459 error = nl_parse_nlmsg(hdr, &ifmsg_parser, npt, &attrs);
460 if (error != 0)
461 return (error);
462
463 struct netlink_walkargs wa = {
464 .so = nlp,
465 .nw = npt->nw,
466 .hdr.nlmsg_pid = hdr->nlmsg_pid,
467 .hdr.nlmsg_seq = hdr->nlmsg_seq,
468 .hdr.nlmsg_flags = hdr->nlmsg_flags,
469 .hdr.nlmsg_type = NL_RTM_NEWLINK,
470 };
471
472 /* Fast track for an interface w/ explicit name or index match */
473 if ((attrs.ifi_index != 0) || (attrs.ifla_ifname != NULL)) {
474 if (attrs.ifi_index != 0) {
475 NLP_LOG(LOG_DEBUG3, nlp, "fast track -> searching index %u",
476 attrs.ifi_index);
477 NET_EPOCH_ENTER(et);
478 ifp = ifnet_byindex_ref(attrs.ifi_index);
479 NET_EPOCH_EXIT(et);
480 } else {
481 NLP_LOG(LOG_DEBUG3, nlp, "fast track -> searching name %s",
482 attrs.ifla_ifname);
483 ifp = ifunit_ref(attrs.ifla_ifname);
484 }
485
486 if (ifp != NULL) {
487 if (match_iface(ifp, &attrs)) {
488 if (!dump_iface(wa.nw, ifp, &wa.hdr, 0))
489 error = ENOMEM;
490 } else
491 error = ENODEV;
492 if_rele(ifp);
493 } else
494 error = ENODEV;
495 return (error);
496 }
497
498 /* Always treat non-direct-match as a multipart message */
499 wa.hdr.nlmsg_flags |= NLM_F_MULTI;
500
501 /*
502 * Fetching some link properties require performing ioctl's that may be blocking.
503 * Address it by saving referenced pointers of the matching links,
504 * exiting from epoch and going through the list one-by-one.
505 */
506
507 NL_LOG(LOG_DEBUG2, "Start dump");
508 if_foreach_sleep(match_iface, &attrs, dump_cb, &wa);
509 NL_LOG(LOG_DEBUG2, "End dump, iterated %d dumped %d", wa.count, wa.dumped);
510
511 if (!nlmsg_end_dump(wa.nw, error, &wa.hdr)) {
512 NL_LOG(LOG_DEBUG, "Unable to finalize the dump");
513 return (ENOMEM);
514 }
515
516 return (error);
517 }
518
519 /*
520 * sendmsg(3, {msg_name={sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, msg_namelen=12, msg_iov=[{iov_base=[
521 * {nlmsg_len=60, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=1662715618, nlmsg_pid=0},
522 * {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=0, ifi_flags=0, ifi_change=0},
523 * {nla_len=11, nla_type=IFLA_IFNAME}, "dummy0"],
524 * [
525 * {nla_len=16, nla_type=IFLA_LINKINFO},
526 * [
527 * {nla_len=9, nla_type=IFLA_INFO_KIND}, "dummy"...
528 * ]
529 * ]
530 */
531
532 static int
rtnl_handle_dellink(struct nlmsghdr * hdr,struct nlpcb * nlp,struct nl_pstate * npt)533 rtnl_handle_dellink(struct nlmsghdr *hdr, struct nlpcb *nlp, struct nl_pstate *npt)
534 {
535 struct epoch_tracker et;
536 if_t ifp;
537 int error;
538
539 struct nl_parsed_link attrs = {};
540 error = nl_parse_nlmsg(hdr, &ifmsg_parser, npt, &attrs);
541 if (error != 0)
542 return (error);
543
544 NET_EPOCH_ENTER(et);
545 ifp = ifnet_byindex_ref(attrs.ifi_index);
546 NET_EPOCH_EXIT(et);
547 if (ifp == NULL) {
548 NLP_LOG(LOG_DEBUG, nlp, "unable to find interface %u", attrs.ifi_index);
549 return (ENOENT);
550 }
551 NLP_LOG(LOG_DEBUG3, nlp, "mapped ifindex %u to %s", attrs.ifi_index, if_name(ifp));
552
553 sx_xlock(&ifnet_detach_sxlock);
554 error = if_clone_destroy(if_name(ifp));
555 sx_xunlock(&ifnet_detach_sxlock);
556
557 NLP_LOG(LOG_DEBUG2, nlp, "deleting interface %s returned %d", if_name(ifp), error);
558
559 if_rele(ifp);
560 return (error);
561 }
562
563 /*
564 * New link:
565 * type=RTM_NEWLINK, flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, seq=1668185590, pid=0},
566 * {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=0, ifi_flags=0, ifi_change=0}
567 * [
568 * {{nla_len=8, nla_type=IFLA_MTU}, 123},
569 * {{nla_len=10, nla_type=IFLA_IFNAME}, "vlan1"},
570 * {{nla_len=24, nla_type=IFLA_LINKINFO},
571 * [
572 * {{nla_len=8, nla_type=IFLA_INFO_KIND}, "vlan"...},
573 * {{nla_len=12, nla_type=IFLA_INFO_DATA}, "\x06\x00\x01\x00\x7b\x00\x00\x00"}]}]}
574 *
575 * Update link:
576 * type=RTM_NEWLINK, flags=NLM_F_REQUEST|NLM_F_ACK, seq=1668185923, pid=0},
577 * {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=if_nametoindex("lo"), ifi_flags=0, ifi_change=0},
578 * {{nla_len=8, nla_type=IFLA_MTU}, 123}}
579 *
580 *
581 * Check command availability:
582 * type=RTM_NEWLINK, flags=NLM_F_REQUEST|NLM_F_ACK, seq=0, pid=0},
583 * {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=0, ifi_flags=0, ifi_change=0}
584 */
585
586
587 static int
create_link(struct nlmsghdr * hdr,struct nl_parsed_link * lattrs,struct nlattr_bmask * bm,struct nlpcb * nlp,struct nl_pstate * npt)588 create_link(struct nlmsghdr *hdr, struct nl_parsed_link *lattrs,
589 struct nlattr_bmask *bm, struct nlpcb *nlp, struct nl_pstate *npt)
590 {
591 if (lattrs->ifla_ifname == NULL || strlen(lattrs->ifla_ifname) == 0) {
592 NLMSG_REPORT_ERR_MSG(npt, "empty IFLA_IFNAME attribute");
593 return (EINVAL);
594 }
595 if (lattrs->ifla_cloner == NULL || strlen(lattrs->ifla_cloner) == 0) {
596 NLMSG_REPORT_ERR_MSG(npt, "empty IFLA_INFO_KIND attribute");
597 return (EINVAL);
598 }
599
600 struct ifc_data_nl ifd = {
601 .flags = IFC_F_CREATE,
602 .lattrs = lattrs,
603 .bm = bm,
604 .npt = npt,
605 };
606 if (ifc_create_ifp_nl(lattrs->ifla_ifname, &ifd) && ifd.error == 0)
607 nl_store_ifp_cookie(npt, ifd.ifp);
608
609 return (ifd.error);
610 }
611
612 static int
modify_link(struct nlmsghdr * hdr,struct nl_parsed_link * lattrs,struct nlattr_bmask * bm,struct nlpcb * nlp,struct nl_pstate * npt)613 modify_link(struct nlmsghdr *hdr, struct nl_parsed_link *lattrs,
614 struct nlattr_bmask *bm, struct nlpcb *nlp, struct nl_pstate *npt)
615 {
616 if_t ifp = NULL;
617 struct epoch_tracker et;
618
619 if (lattrs->ifi_index == 0 && lattrs->ifla_ifname == NULL) {
620 /*
621 * Applications like ip(8) verify RTM_NEWLINK command
622 * existence by calling it with empty arguments. Always
623 * return "innocent" error in that case.
624 */
625 NLMSG_REPORT_ERR_MSG(npt, "empty ifi_index field");
626 return (EPERM);
627 }
628
629 if (lattrs->ifi_index != 0) {
630 NET_EPOCH_ENTER(et);
631 ifp = ifnet_byindex_ref(lattrs->ifi_index);
632 NET_EPOCH_EXIT(et);
633 if (ifp == NULL) {
634 NLMSG_REPORT_ERR_MSG(npt, "unable to find interface #%u",
635 lattrs->ifi_index);
636 return (ENOENT);
637 }
638 }
639
640 if (ifp == NULL && lattrs->ifla_ifname != NULL) {
641 ifp = ifunit_ref(lattrs->ifla_ifname);
642 if (ifp == NULL) {
643 NLMSG_REPORT_ERR_MSG(npt, "unable to find interface %s",
644 lattrs->ifla_ifname);
645 return (ENOENT);
646 }
647 }
648
649 MPASS(ifp != NULL);
650
651 /*
652 * Modification request can address either
653 * 1) cloned interface, in which case we call the cloner-specific
654 * modification routine
655 * or
656 * 2) non-cloned (e.g. "physical") interface, in which case we call
657 * generic modification routine
658 */
659 struct ifc_data_nl ifd = { .lattrs = lattrs, .bm = bm, .npt = npt };
660 if (!ifc_modify_ifp_nl(ifp, &ifd))
661 ifd.error = nl_modify_ifp_generic(ifp, lattrs, bm, npt);
662
663 if_rele(ifp);
664
665 return (ifd.error);
666 }
667
668
669 static int
rtnl_handle_newlink(struct nlmsghdr * hdr,struct nlpcb * nlp,struct nl_pstate * npt)670 rtnl_handle_newlink(struct nlmsghdr *hdr, struct nlpcb *nlp, struct nl_pstate *npt)
671 {
672 struct nlattr_bmask bm;
673 int error;
674
675 struct nl_parsed_link attrs = {};
676 error = nl_parse_nlmsg(hdr, &ifmsg_parser, npt, &attrs);
677 if (error != 0)
678 return (error);
679 nl_get_attrs_bmask_nlmsg(hdr, &ifmsg_parser, &bm);
680
681 if (hdr->nlmsg_flags & NLM_F_CREATE)
682 return (create_link(hdr, &attrs, &bm, nlp, npt));
683 else
684 return (modify_link(hdr, &attrs, &bm, nlp, npt));
685 }
686
687 static void
set_scope6(struct sockaddr * sa,uint32_t ifindex)688 set_scope6(struct sockaddr *sa, uint32_t ifindex)
689 {
690 #ifdef INET6
691 if (sa != NULL && sa->sa_family == AF_INET6) {
692 struct sockaddr_in6 *sa6 = (struct sockaddr_in6 *)sa;
693
694 if (IN6_IS_ADDR_LINKLOCAL(&sa6->sin6_addr))
695 in6_set_unicast_scopeid(&sa6->sin6_addr, ifindex);
696 }
697 #endif
698 }
699
700 static bool
check_sa_family(const struct sockaddr * sa,int family,const char * attr_name,struct nl_pstate * npt)701 check_sa_family(const struct sockaddr *sa, int family, const char *attr_name,
702 struct nl_pstate *npt)
703 {
704 if (sa == NULL || sa->sa_family == family)
705 return (true);
706
707 nlmsg_report_err_msg(npt, "wrong family for %s attribute: %d != %d",
708 attr_name, family, sa->sa_family);
709 return (false);
710 }
711
712 struct nl_parsed_ifa {
713 uint8_t ifa_family;
714 uint8_t ifa_prefixlen;
715 uint8_t ifa_scope;
716 uint32_t ifa_index;
717 uint32_t ifa_flags;
718 uint32_t ifaf_vhid;
719 uint32_t ifaf_flags;
720 struct sockaddr *ifa_address;
721 struct sockaddr *ifa_local;
722 struct sockaddr *ifa_broadcast;
723 struct ifa_cacheinfo *ifa_cacheinfo;
724 struct sockaddr *f_ifa_addr;
725 struct sockaddr *f_ifa_dst;
726 };
727
728 static int
nlattr_get_cinfo(struct nlattr * nla,struct nl_pstate * npt,const void * arg __unused,void * target)729 nlattr_get_cinfo(struct nlattr *nla, struct nl_pstate *npt,
730 const void *arg __unused, void *target)
731 {
732 if (__predict_false(NLA_DATA_LEN(nla) != sizeof(struct ifa_cacheinfo))) {
733 NLMSG_REPORT_ERR_MSG(npt, "nla type %d size(%u) is not ifa_cacheinfo",
734 nla->nla_type, NLA_DATA_LEN(nla));
735 return (EINVAL);
736 }
737 *((struct ifa_cacheinfo **)target) = (struct ifa_cacheinfo *)NL_RTA_DATA(nla);
738 return (0);
739 }
740
741 #define _IN(_field) offsetof(struct ifaddrmsg, _field)
742 #define _OUT(_field) offsetof(struct nl_parsed_ifa, _field)
743 static const struct nlfield_parser nlf_p_ifa[] = {
744 { .off_in = _IN(ifa_family), .off_out = _OUT(ifa_family), .cb = nlf_get_u8 },
745 { .off_in = _IN(ifa_prefixlen), .off_out = _OUT(ifa_prefixlen), .cb = nlf_get_u8 },
746 { .off_in = _IN(ifa_scope), .off_out = _OUT(ifa_scope), .cb = nlf_get_u8 },
747 { .off_in = _IN(ifa_flags), .off_out = _OUT(ifa_flags), .cb = nlf_get_u8_u32 },
748 { .off_in = _IN(ifa_index), .off_out = _OUT(ifa_index), .cb = nlf_get_u32 },
749 };
750
751 static const struct nlattr_parser nla_p_ifa_fbsd[] = {
752 { .type = IFAF_VHID, .off = _OUT(ifaf_vhid), .cb = nlattr_get_uint32 },
753 { .type = IFAF_FLAGS, .off = _OUT(ifaf_flags), .cb = nlattr_get_uint32 },
754 };
755 NL_DECLARE_ATTR_PARSER(ifa_fbsd_parser, nla_p_ifa_fbsd);
756
757 static const struct nlattr_parser nla_p_ifa[] = {
758 { .type = IFA_ADDRESS, .off = _OUT(ifa_address), .cb = nlattr_get_ip },
759 { .type = IFA_LOCAL, .off = _OUT(ifa_local), .cb = nlattr_get_ip },
760 { .type = IFA_BROADCAST, .off = _OUT(ifa_broadcast), .cb = nlattr_get_ip },
761 { .type = IFA_CACHEINFO, .off = _OUT(ifa_cacheinfo), .cb = nlattr_get_cinfo },
762 { .type = IFA_FLAGS, .off = _OUT(ifa_flags), .cb = nlattr_get_uint32 },
763 { .type = IFA_FREEBSD, .arg = &ifa_fbsd_parser, .cb = nlattr_get_nested },
764 };
765 #undef _IN
766 #undef _OUT
767
768 static bool
post_p_ifa(void * _attrs,struct nl_pstate * npt)769 post_p_ifa(void *_attrs, struct nl_pstate *npt)
770 {
771 struct nl_parsed_ifa *attrs = (struct nl_parsed_ifa *)_attrs;
772
773 if (!check_sa_family(attrs->ifa_address, attrs->ifa_family, "IFA_ADDRESS", npt))
774 return (false);
775 if (!check_sa_family(attrs->ifa_local, attrs->ifa_family, "IFA_LOCAL", npt))
776 return (false);
777 if (!check_sa_family(attrs->ifa_broadcast, attrs->ifa_family, "IFA_BROADADDR", npt))
778 return (false);
779
780 set_scope6(attrs->ifa_address, attrs->ifa_index);
781 set_scope6(attrs->ifa_local, attrs->ifa_index);
782
783 return (true);
784 }
785
786 NL_DECLARE_PARSER_EXT(ifa_parser, struct ifaddrmsg, NULL, nlf_p_ifa, nla_p_ifa, post_p_ifa);
787
788
789 /*
790
791 {ifa_family=AF_INET, ifa_prefixlen=8, ifa_flags=IFA_F_PERMANENT, ifa_scope=RT_SCOPE_HOST, ifa_index=if_nametoindex("lo")},
792 [
793 {{nla_len=8, nla_type=IFA_ADDRESS}, inet_addr("127.0.0.1")},
794 {{nla_len=8, nla_type=IFA_LOCAL}, inet_addr("127.0.0.1")},
795 {{nla_len=7, nla_type=IFA_LABEL}, "lo"},
796 {{nla_len=8, nla_type=IFA_FLAGS}, IFA_F_PERMANENT},
797 {{nla_len=20, nla_type=IFA_CACHEINFO}, {ifa_prefered=4294967295, ifa_valid=4294967295, cstamp=3619, tstamp=3619}}]},
798 ---
799
800 {{len=72, type=RTM_NEWADDR, flags=NLM_F_MULTI, seq=1642191126, pid=566735},
801 {ifa_family=AF_INET6, ifa_prefixlen=96, ifa_flags=IFA_F_PERMANENT, ifa_scope=RT_SCOPE_UNIVERSE, ifa_index=if_nametoindex("virbr0")},
802 [
803 {{nla_len=20, nla_type=IFA_ADDRESS}, inet_pton(AF_INET6, "2a01:4f8:13a:70c:ffff::1")},
804 {{nla_len=20, nla_type=IFA_CACHEINFO}, {ifa_prefered=4294967295, ifa_valid=4294967295, cstamp=4283, tstamp=4283}},
805 {{nla_len=8, nla_type=IFA_FLAGS}, IFA_F_PERMANENT}]},
806 */
807
808 static uint8_t
ifa_get_scope(const struct ifaddr * ifa)809 ifa_get_scope(const struct ifaddr *ifa)
810 {
811 const struct sockaddr *sa;
812 uint8_t addr_scope = RT_SCOPE_UNIVERSE;
813
814 sa = ifa->ifa_addr;
815 switch (sa->sa_family) {
816 #ifdef INET
817 case AF_INET:
818 {
819 struct in_addr addr;
820 addr = ((const struct sockaddr_in *)sa)->sin_addr;
821 if (IN_LOOPBACK(addr.s_addr))
822 addr_scope = RT_SCOPE_HOST;
823 else if (IN_LINKLOCAL(addr.s_addr))
824 addr_scope = RT_SCOPE_LINK;
825 break;
826 }
827 #endif
828 #ifdef INET6
829 case AF_INET6:
830 {
831 const struct in6_addr *addr;
832 addr = &((const struct sockaddr_in6 *)sa)->sin6_addr;
833 if (IN6_IS_ADDR_LOOPBACK(addr))
834 addr_scope = RT_SCOPE_HOST;
835 else if (IN6_IS_ADDR_LINKLOCAL(addr))
836 addr_scope = RT_SCOPE_LINK;
837 break;
838 }
839 #endif
840 }
841
842 return (addr_scope);
843 }
844
845 #ifdef INET6
846 static uint8_t
inet6_get_plen(const struct in6_addr * addr)847 inet6_get_plen(const struct in6_addr *addr)
848 {
849
850 return (bitcount32(addr->s6_addr32[0]) + bitcount32(addr->s6_addr32[1]) +
851 bitcount32(addr->s6_addr32[2]) + bitcount32(addr->s6_addr32[3]));
852 }
853 #endif
854
855 static uint8_t
get_sa_plen(const struct sockaddr * sa)856 get_sa_plen(const struct sockaddr *sa)
857 {
858 #ifdef INET
859 const struct in_addr *paddr;
860 #endif
861 #ifdef INET6
862 const struct in6_addr *paddr6;
863 #endif
864
865 switch (sa->sa_family) {
866 #ifdef INET
867 case AF_INET:
868 paddr = &(((const struct sockaddr_in *)sa)->sin_addr);
869 return bitcount32(paddr->s_addr);
870 #endif
871 #ifdef INET6
872 case AF_INET6:
873 paddr6 = &(((const struct sockaddr_in6 *)sa)->sin6_addr);
874 return inet6_get_plen(paddr6);
875 #endif
876 }
877
878 return (0);
879 }
880
881 #ifdef INET6
882 static uint32_t
in6_flags_to_nl(uint32_t flags)883 in6_flags_to_nl(uint32_t flags)
884 {
885 uint32_t nl_flags = 0;
886
887 if (flags & IN6_IFF_TEMPORARY)
888 nl_flags |= IFA_F_TEMPORARY;
889 if (flags & IN6_IFF_NODAD)
890 nl_flags |= IFA_F_NODAD;
891 if (flags & IN6_IFF_DEPRECATED)
892 nl_flags |= IFA_F_DEPRECATED;
893 if (flags & IN6_IFF_TENTATIVE)
894 nl_flags |= IFA_F_TENTATIVE;
895 if ((flags & (IN6_IFF_AUTOCONF|IN6_IFF_TEMPORARY)) == 0)
896 flags |= IFA_F_PERMANENT;
897 if (flags & IN6_IFF_DUPLICATED)
898 flags |= IFA_F_DADFAILED;
899 return (nl_flags);
900 }
901
902 static uint32_t
nl_flags_to_in6(uint32_t flags)903 nl_flags_to_in6(uint32_t flags)
904 {
905 uint32_t in6_flags = 0;
906
907 if (flags & IFA_F_TEMPORARY)
908 in6_flags |= IN6_IFF_TEMPORARY;
909 if (flags & IFA_F_NODAD)
910 in6_flags |= IN6_IFF_NODAD;
911 if (flags & IFA_F_DEPRECATED)
912 in6_flags |= IN6_IFF_DEPRECATED;
913 if (flags & IFA_F_TENTATIVE)
914 in6_flags |= IN6_IFF_TENTATIVE;
915 if (flags & IFA_F_DADFAILED)
916 in6_flags |= IN6_IFF_DUPLICATED;
917
918 return (in6_flags);
919 }
920
921 static void
export_cache_info6(struct nl_writer * nw,const struct in6_ifaddr * ia)922 export_cache_info6(struct nl_writer *nw, const struct in6_ifaddr *ia)
923 {
924 struct ifa_cacheinfo ci = {
925 .cstamp = ia->ia6_createtime * 1000,
926 .tstamp = ia->ia6_updatetime * 1000,
927 .ifa_prefered = ia->ia6_lifetime.ia6t_pltime,
928 .ifa_valid = ia->ia6_lifetime.ia6t_vltime,
929 };
930
931 nlattr_add(nw, IFA_CACHEINFO, sizeof(ci), &ci);
932 }
933 #endif
934
935 static void
export_cache_info(struct nl_writer * nw,struct ifaddr * ifa)936 export_cache_info(struct nl_writer *nw, struct ifaddr *ifa)
937 {
938 switch (ifa->ifa_addr->sa_family) {
939 #ifdef INET6
940 case AF_INET6:
941 export_cache_info6(nw, (struct in6_ifaddr *)ifa);
942 break;
943 #endif
944 }
945 }
946
947 /*
948 * {'attrs': [('IFA_ADDRESS', '12.0.0.1'),
949 ('IFA_LOCAL', '12.0.0.1'),
950 ('IFA_LABEL', 'eth10'),
951 ('IFA_FLAGS', 128),
952 ('IFA_CACHEINFO', {'ifa_preferred': 4294967295, 'ifa_valid': 4294967295, 'cstamp': 63745746, 'tstamp': 63745746})],
953 */
954 static bool
dump_iface_addr(struct nl_writer * nw,if_t ifp,struct ifaddr * ifa,const struct nlmsghdr * hdr)955 dump_iface_addr(struct nl_writer *nw, if_t ifp, struct ifaddr *ifa,
956 const struct nlmsghdr *hdr)
957 {
958 struct ifaddrmsg *ifamsg;
959 struct sockaddr *sa = ifa->ifa_addr;
960 struct sockaddr *sa_dst = ifa->ifa_dstaddr;
961
962 NL_LOG(LOG_DEBUG3, "dumping ifa %p type %s(%d) for interface %s",
963 ifa, rib_print_family(sa->sa_family), sa->sa_family, if_name(ifp));
964
965 if (!nlmsg_reply(nw, hdr, sizeof(struct ifaddrmsg)))
966 goto enomem;
967
968 ifamsg = nlmsg_reserve_object(nw, struct ifaddrmsg);
969 ifamsg->ifa_family = sa->sa_family;
970 ifamsg->ifa_prefixlen = get_sa_plen(ifa->ifa_netmask);
971 ifamsg->ifa_flags = 0; // ifa_flags is useless
972 ifamsg->ifa_scope = ifa_get_scope(ifa);
973 ifamsg->ifa_index = if_getindex(ifp);
974
975 if ((if_getflags(ifp) & IFF_POINTOPOINT) && sa_dst != NULL && sa_dst->sa_family != 0) {
976 /* P2P interface may have IPv6 LL with no dst address */
977 dump_sa(nw, IFA_ADDRESS, sa_dst);
978 dump_sa(nw, IFA_LOCAL, sa);
979 } else {
980 dump_sa(nw, IFA_ADDRESS, sa);
981 #ifdef INET
982 /*
983 * In most cases, IFA_ADDRESS == IFA_LOCAL
984 * Skip IFA_LOCAL for anything except INET
985 */
986 if (sa->sa_family == AF_INET)
987 dump_sa(nw, IFA_LOCAL, sa);
988 #endif
989 }
990 if (if_getflags(ifp) & IFF_BROADCAST)
991 dump_sa(nw, IFA_BROADCAST, ifa->ifa_broadaddr);
992
993 nlattr_add_string(nw, IFA_LABEL, if_name(ifp));
994
995 uint32_t nl_ifa_flags = 0;
996 #ifdef INET6
997 if (sa->sa_family == AF_INET6) {
998 struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa;
999 nl_ifa_flags = in6_flags_to_nl(ia->ia6_flags);
1000 }
1001 #endif
1002 nlattr_add_u32(nw, IFA_FLAGS, nl_ifa_flags);
1003
1004 export_cache_info(nw, ifa);
1005
1006 /* Store FreeBSD-specific attributes */
1007 int off = nlattr_add_nested(nw, IFA_FREEBSD);
1008 if (off != 0) {
1009 if (ifa->ifa_carp != NULL && carp_get_vhid_p != NULL) {
1010 uint32_t vhid = (uint32_t)(*carp_get_vhid_p)(ifa);
1011 nlattr_add_u32(nw, IFAF_VHID, vhid);
1012 }
1013 #ifdef INET6
1014 if (sa->sa_family == AF_INET6) {
1015 uint32_t ifa_flags = ((struct in6_ifaddr *)ifa)->ia6_flags;
1016
1017 nlattr_add_u32(nw, IFAF_FLAGS, ifa_flags);
1018 }
1019 #endif
1020
1021 nlattr_set_len(nw, off);
1022 }
1023
1024 if (nlmsg_end(nw))
1025 return (true);
1026 enomem:
1027 NL_LOG(LOG_DEBUG, "Failed to dump ifa type %s(%d) for interface %s",
1028 rib_print_family(sa->sa_family), sa->sa_family, if_name(ifp));
1029 nlmsg_abort(nw);
1030 return (false);
1031 }
1032
1033 static int
dump_iface_addrs(struct netlink_walkargs * wa,if_t ifp)1034 dump_iface_addrs(struct netlink_walkargs *wa, if_t ifp)
1035 {
1036 struct ifaddr *ifa;
1037 struct ifa_iter it;
1038 int error = 0;
1039
1040 for (ifa = ifa_iter_start(ifp, &it); ifa != NULL; ifa = ifa_iter_next(&it)) {
1041 if (wa->family != 0 && wa->family != ifa->ifa_addr->sa_family)
1042 continue;
1043 if (ifa->ifa_addr->sa_family == AF_LINK)
1044 continue;
1045 if (prison_if(wa->cred, ifa->ifa_addr) != 0)
1046 continue;
1047 wa->count++;
1048 if (!dump_iface_addr(wa->nw, ifp, ifa, &wa->hdr)) {
1049 error = ENOMEM;
1050 break;
1051 }
1052 wa->dumped++;
1053 }
1054 ifa_iter_finish(&it);
1055
1056 return (error);
1057 }
1058
1059 static int
rtnl_handle_getaddr(struct nlmsghdr * hdr,struct nlpcb * nlp,struct nl_pstate * npt)1060 rtnl_handle_getaddr(struct nlmsghdr *hdr, struct nlpcb *nlp, struct nl_pstate *npt)
1061 {
1062 if_t ifp;
1063 int error = 0;
1064
1065 struct nl_parsed_ifa attrs = {};
1066 error = nl_parse_nlmsg(hdr, &ifa_parser, npt, &attrs);
1067 if (error != 0)
1068 return (error);
1069
1070 struct netlink_walkargs wa = {
1071 .so = nlp,
1072 .nw = npt->nw,
1073 .cred = nlp_get_cred(nlp),
1074 .family = attrs.ifa_family,
1075 .hdr.nlmsg_pid = hdr->nlmsg_pid,
1076 .hdr.nlmsg_seq = hdr->nlmsg_seq,
1077 .hdr.nlmsg_flags = hdr->nlmsg_flags | NLM_F_MULTI,
1078 .hdr.nlmsg_type = NL_RTM_NEWADDR,
1079 };
1080
1081 NL_LOG(LOG_DEBUG2, "Start dump");
1082
1083 if (attrs.ifa_index != 0) {
1084 ifp = ifnet_byindex(attrs.ifa_index);
1085 if (ifp == NULL)
1086 error = ENOENT;
1087 else
1088 error = dump_iface_addrs(&wa, ifp);
1089 } else {
1090 struct if_iter it;
1091
1092 for (ifp = if_iter_start(&it); ifp != NULL; ifp = if_iter_next(&it)) {
1093 error = dump_iface_addrs(&wa, ifp);
1094 if (error != 0)
1095 break;
1096 }
1097 if_iter_finish(&it);
1098 }
1099
1100 NL_LOG(LOG_DEBUG2, "End dump, iterated %d dumped %d", wa.count, wa.dumped);
1101
1102 if (!nlmsg_end_dump(wa.nw, error, &wa.hdr)) {
1103 NL_LOG(LOG_DEBUG, "Unable to finalize the dump");
1104 return (ENOMEM);
1105 }
1106
1107 return (error);
1108 }
1109
1110 #ifdef INET
1111 static int
handle_newaddr_inet(struct nlmsghdr * hdr,struct nl_parsed_ifa * attrs,if_t ifp,struct nlpcb * nlp,struct nl_pstate * npt)1112 handle_newaddr_inet(struct nlmsghdr *hdr, struct nl_parsed_ifa *attrs,
1113 if_t ifp, struct nlpcb *nlp, struct nl_pstate *npt)
1114 {
1115 int plen = attrs->ifa_prefixlen;
1116 int if_flags = if_getflags(ifp);
1117 struct sockaddr_in *addr, *dst;
1118
1119 if (plen > 32) {
1120 nlmsg_report_err_msg(npt, "invalid ifa_prefixlen");
1121 return (EINVAL);
1122 };
1123
1124 if (if_flags & IFF_POINTOPOINT) {
1125 /*
1126 * Only P2P IFAs are allowed by the implementation.
1127 */
1128 if (attrs->ifa_address == NULL || attrs->ifa_local == NULL) {
1129 nlmsg_report_err_msg(npt, "Empty IFA_LOCAL/IFA_ADDRESS");
1130 return (EINVAL);
1131 }
1132 addr = (struct sockaddr_in *)attrs->ifa_local;
1133 dst = (struct sockaddr_in *)attrs->ifa_address;
1134 } else {
1135 /*
1136 * Map the Netlink attributes to FreeBSD ifa layout.
1137 * If only IFA_ADDRESS or IFA_LOCAL is set OR
1138 * both are set to the same value => ifa is not p2p
1139 * and the attribute value contains interface address.
1140 *
1141 * Otherwise (both IFA_ADDRESS and IFA_LOCAL are set and
1142 * different), IFA_LOCAL contains an interface address and
1143 * IFA_ADDRESS contains peer address.
1144 */
1145 addr = (struct sockaddr_in *)attrs->ifa_local;
1146 if (addr == NULL)
1147 addr = (struct sockaddr_in *)attrs->ifa_address;
1148
1149 if (addr == NULL) {
1150 nlmsg_report_err_msg(npt, "Empty IFA_LOCAL/IFA_ADDRESS");
1151 return (EINVAL);
1152 }
1153
1154 /* Generate broadcast address if not set */
1155 if ((if_flags & IFF_BROADCAST) && attrs->ifa_broadcast == NULL) {
1156 uint32_t s_baddr;
1157 struct sockaddr_in *sin_brd;
1158
1159 if (plen == 31)
1160 s_baddr = INADDR_BROADCAST; /* RFC 3021 */
1161 else {
1162 uint32_t s_mask;
1163
1164 s_mask = htonl(plen ? ~((1 << (32 - plen)) - 1) : 0);
1165 s_baddr = addr->sin_addr.s_addr | ~s_mask;
1166 }
1167
1168 sin_brd = (struct sockaddr_in *)npt_alloc(npt, sizeof(*sin_brd));
1169 if (sin_brd == NULL)
1170 return (ENOMEM);
1171 sin_brd->sin_family = AF_INET;
1172 sin_brd->sin_len = sizeof(*sin_brd);
1173 sin_brd->sin_addr.s_addr = s_baddr;
1174 attrs->ifa_broadcast = (struct sockaddr *)sin_brd;
1175 }
1176 dst = (struct sockaddr_in *)attrs->ifa_broadcast;
1177 }
1178
1179 struct sockaddr_in mask = {
1180 .sin_len = sizeof(struct sockaddr_in),
1181 .sin_family = AF_INET,
1182 .sin_addr.s_addr = htonl(plen ? ~((1 << (32 - plen)) - 1) : 0),
1183 };
1184 struct in_aliasreq req = {
1185 .ifra_addr = *addr,
1186 .ifra_mask = mask,
1187 .ifra_vhid = attrs->ifaf_vhid,
1188 };
1189 if (dst != NULL)
1190 req.ifra_dstaddr = *dst;
1191
1192 return (in_control_ioctl(SIOCAIFADDR, &req, ifp, nlp_get_cred(nlp)));
1193 }
1194
1195 static int
handle_deladdr_inet(struct nlmsghdr * hdr,struct nl_parsed_ifa * attrs,if_t ifp,struct nlpcb * nlp,struct nl_pstate * npt)1196 handle_deladdr_inet(struct nlmsghdr *hdr, struct nl_parsed_ifa *attrs,
1197 if_t ifp, struct nlpcb *nlp, struct nl_pstate *npt)
1198 {
1199 struct sockaddr *addr = attrs->ifa_local;
1200
1201 if (addr == NULL)
1202 addr = attrs->ifa_address;
1203
1204 if (addr == NULL) {
1205 nlmsg_report_err_msg(npt, "empty IFA_ADDRESS/IFA_LOCAL");
1206 return (EINVAL);
1207 }
1208
1209 struct ifreq req = { .ifr_addr = *addr };
1210
1211 return (in_control_ioctl(SIOCDIFADDR, &req, ifp, nlp_get_cred(nlp)));
1212 }
1213 #endif
1214
1215 #ifdef INET6
1216 static int
handle_newaddr_inet6(struct nlmsghdr * hdr,struct nl_parsed_ifa * attrs,if_t ifp,struct nlpcb * nlp,struct nl_pstate * npt)1217 handle_newaddr_inet6(struct nlmsghdr *hdr, struct nl_parsed_ifa *attrs,
1218 if_t ifp, struct nlpcb *nlp, struct nl_pstate *npt)
1219 {
1220 struct sockaddr_in6 *addr, *dst;
1221
1222 if (attrs->ifa_prefixlen > 128) {
1223 nlmsg_report_err_msg(npt, "invalid ifa_prefixlen");
1224 return (EINVAL);
1225 }
1226
1227 /*
1228 * In IPv6 implementation, adding non-P2P address to the P2P interface
1229 * is allowed.
1230 */
1231 addr = (struct sockaddr_in6 *)(attrs->ifa_local);
1232 dst = (struct sockaddr_in6 *)(attrs->ifa_address);
1233
1234 if (addr == NULL) {
1235 addr = dst;
1236 dst = NULL;
1237 } else if (dst != NULL) {
1238 if (IN6_ARE_ADDR_EQUAL(&addr->sin6_addr, &dst->sin6_addr)) {
1239 /*
1240 * Sometimes Netlink users fills in both attributes
1241 * with the same address. It still means "non-p2p".
1242 */
1243 dst = NULL;
1244 }
1245 }
1246
1247 if (addr == NULL) {
1248 nlmsg_report_err_msg(npt, "Empty IFA_LOCAL/IFA_ADDRESS");
1249 return (EINVAL);
1250 }
1251
1252 uint32_t flags = nl_flags_to_in6(attrs->ifa_flags) | attrs->ifaf_flags;
1253
1254 uint32_t pltime = 0, vltime = 0;
1255 if (attrs->ifa_cacheinfo != 0) {
1256 pltime = attrs->ifa_cacheinfo->ifa_prefered;
1257 vltime = attrs->ifa_cacheinfo->ifa_valid;
1258 }
1259
1260 struct sockaddr_in6 mask = {
1261 .sin6_len = sizeof(struct sockaddr_in6),
1262 .sin6_family = AF_INET6,
1263 };
1264 ip6_writemask(&mask.sin6_addr, attrs->ifa_prefixlen);
1265
1266 struct in6_aliasreq req = {
1267 .ifra_addr = *addr,
1268 .ifra_prefixmask = mask,
1269 .ifra_flags = flags,
1270 .ifra_lifetime = { .ia6t_vltime = vltime, .ia6t_pltime = pltime },
1271 .ifra_vhid = attrs->ifaf_vhid,
1272 };
1273 if (dst != NULL)
1274 req.ifra_dstaddr = *dst;
1275
1276 return (in6_control_ioctl(SIOCAIFADDR_IN6, &req, ifp, nlp_get_cred(nlp)));
1277 }
1278
1279 static int
handle_deladdr_inet6(struct nlmsghdr * hdr,struct nl_parsed_ifa * attrs,if_t ifp,struct nlpcb * nlp,struct nl_pstate * npt)1280 handle_deladdr_inet6(struct nlmsghdr *hdr, struct nl_parsed_ifa *attrs,
1281 if_t ifp, struct nlpcb *nlp, struct nl_pstate *npt)
1282 {
1283 struct sockaddr_in6 *addr = (struct sockaddr_in6 *)attrs->ifa_local;
1284
1285 if (addr == NULL)
1286 addr = (struct sockaddr_in6 *)(attrs->ifa_address);
1287
1288 if (addr == NULL) {
1289 nlmsg_report_err_msg(npt, "Empty IFA_LOCAL/IFA_ADDRESS");
1290 return (EINVAL);
1291 }
1292
1293 struct in6_ifreq req = { .ifr_addr = *addr };
1294
1295 return (in6_control_ioctl(SIOCDIFADDR_IN6, &req, ifp, nlp_get_cred(nlp)));
1296 }
1297 #endif
1298
1299
1300 static int
rtnl_handle_addr(struct nlmsghdr * hdr,struct nlpcb * nlp,struct nl_pstate * npt)1301 rtnl_handle_addr(struct nlmsghdr *hdr, struct nlpcb *nlp, struct nl_pstate *npt)
1302 {
1303 struct epoch_tracker et;
1304 int error;
1305
1306 struct nl_parsed_ifa attrs = {};
1307 error = nl_parse_nlmsg(hdr, &ifa_parser, npt, &attrs);
1308 if (error != 0)
1309 return (error);
1310
1311 NET_EPOCH_ENTER(et);
1312 if_t ifp = ifnet_byindex_ref(attrs.ifa_index);
1313 NET_EPOCH_EXIT(et);
1314
1315 if (ifp == NULL) {
1316 nlmsg_report_err_msg(npt, "Unable to find interface with index %u",
1317 attrs.ifa_index);
1318 return (ENOENT);
1319 }
1320 int if_flags = if_getflags(ifp);
1321
1322 #if defined(INET) || defined(INET6)
1323 bool new = hdr->nlmsg_type == NL_RTM_NEWADDR;
1324 #endif
1325
1326 /*
1327 * TODO: Properly handle NLM_F_CREATE / NLM_F_EXCL.
1328 * The current ioctl-based KPI always does an implicit create-or-replace.
1329 * It is not possible to specify fine-grained options.
1330 */
1331
1332 switch (attrs.ifa_family) {
1333 #ifdef INET
1334 case AF_INET:
1335 if (new)
1336 error = handle_newaddr_inet(hdr, &attrs, ifp, nlp, npt);
1337 else
1338 error = handle_deladdr_inet(hdr, &attrs, ifp, nlp, npt);
1339 break;
1340 #endif
1341 #ifdef INET6
1342 case AF_INET6:
1343 if (new)
1344 error = handle_newaddr_inet6(hdr, &attrs, ifp, nlp, npt);
1345 else
1346 error = handle_deladdr_inet6(hdr, &attrs, ifp, nlp, npt);
1347 break;
1348 #endif
1349 default:
1350 error = EAFNOSUPPORT;
1351 }
1352
1353 if (error == 0 && !(if_flags & IFF_UP) && (if_getflags(ifp) & IFF_UP))
1354 if_up(ifp);
1355
1356 if_rele(ifp);
1357
1358 return (error);
1359 }
1360
1361
1362 static void
rtnl_handle_ifaddr(void * arg __unused,struct ifaddr * ifa,int cmd)1363 rtnl_handle_ifaddr(void *arg __unused, struct ifaddr *ifa, int cmd)
1364 {
1365 struct nlmsghdr hdr = {};
1366 struct nl_writer nw;
1367 uint32_t group = 0;
1368
1369 switch (ifa->ifa_addr->sa_family) {
1370 #ifdef INET
1371 case AF_INET:
1372 group = RTNLGRP_IPV4_IFADDR;
1373 break;
1374 #endif
1375 #ifdef INET6
1376 case AF_INET6:
1377 group = RTNLGRP_IPV6_IFADDR;
1378 break;
1379 #endif
1380 default:
1381 NL_LOG(LOG_DEBUG2, "ifa notification for unknown AF: %d",
1382 ifa->ifa_addr->sa_family);
1383 return;
1384 }
1385
1386 if (!nl_has_listeners(NETLINK_ROUTE, group))
1387 return;
1388
1389 if (!nl_writer_group(&nw, NLMSG_LARGE, NETLINK_ROUTE, group, 0,
1390 false)) {
1391 NL_LOG(LOG_DEBUG, "error allocating group writer");
1392 return;
1393 }
1394
1395 hdr.nlmsg_type = (cmd == RTM_DELETE) ? NL_RTM_DELADDR : NL_RTM_NEWADDR;
1396
1397 dump_iface_addr(&nw, ifa->ifa_ifp, ifa, &hdr);
1398 nlmsg_flush(&nw);
1399 }
1400
1401 static void
rtnl_handle_ifevent(if_t ifp,int nlmsg_type,int if_flags_mask)1402 rtnl_handle_ifevent(if_t ifp, int nlmsg_type, int if_flags_mask)
1403 {
1404 struct nlmsghdr hdr = { .nlmsg_type = nlmsg_type };
1405 struct nl_writer nw;
1406
1407 if (!nl_has_listeners(NETLINK_ROUTE, RTNLGRP_LINK))
1408 return;
1409
1410 if (!nl_writer_group(&nw, NLMSG_LARGE, NETLINK_ROUTE, RTNLGRP_LINK, 0,
1411 false)) {
1412 NL_LOG(LOG_DEBUG, "error allocating group writer");
1413 return;
1414 }
1415 dump_iface(&nw, ifp, &hdr, if_flags_mask);
1416 nlmsg_flush(&nw);
1417 }
1418
1419 static void
rtnl_handle_ifattach(void * arg,if_t ifp)1420 rtnl_handle_ifattach(void *arg, if_t ifp)
1421 {
1422 NL_LOG(LOG_DEBUG2, "ifnet %s", if_name(ifp));
1423 rtnl_handle_ifevent(ifp, NL_RTM_NEWLINK, 0);
1424 }
1425
1426 static void
rtnl_handle_ifdetach(void * arg,if_t ifp)1427 rtnl_handle_ifdetach(void *arg, if_t ifp)
1428 {
1429 NL_LOG(LOG_DEBUG2, "ifnet %s", if_name(ifp));
1430 rtnl_handle_ifevent(ifp, NL_RTM_DELLINK, 0);
1431 }
1432
1433 static void
rtnl_handle_iflink(void * arg,if_t ifp,int link_state __unused)1434 rtnl_handle_iflink(void *arg, if_t ifp, int link_state __unused)
1435 {
1436 NL_LOG(LOG_DEBUG2, "ifnet %s", if_name(ifp));
1437 rtnl_handle_ifevent(ifp, NL_RTM_NEWLINK, 0);
1438 }
1439
1440 void
rtnl_handle_ifnet_event(if_t ifp,int if_flags_mask)1441 rtnl_handle_ifnet_event(if_t ifp, int if_flags_mask)
1442 {
1443 NL_LOG(LOG_DEBUG2, "ifnet %s", if_name(ifp));
1444 rtnl_handle_ifevent(ifp, NL_RTM_NEWLINK, if_flags_mask);
1445 }
1446
1447 static const struct rtnl_cmd_handler cmd_handlers[] = {
1448 {
1449 .cmd = NL_RTM_GETLINK,
1450 .name = "RTM_GETLINK",
1451 .cb = &rtnl_handle_getlink,
1452 .flags = RTNL_F_NOEPOCH | RTNL_F_ALLOW_NONVNET_JAIL,
1453 },
1454 {
1455 .cmd = NL_RTM_DELLINK,
1456 .name = "RTM_DELLINK",
1457 .cb = &rtnl_handle_dellink,
1458 .priv = PRIV_NET_IFDESTROY,
1459 .flags = RTNL_F_NOEPOCH,
1460 },
1461 {
1462 .cmd = NL_RTM_NEWLINK,
1463 .name = "RTM_NEWLINK",
1464 .cb = &rtnl_handle_newlink,
1465 .priv = PRIV_NET_IFCREATE,
1466 .flags = RTNL_F_NOEPOCH,
1467 },
1468 {
1469 .cmd = NL_RTM_GETADDR,
1470 .name = "RTM_GETADDR",
1471 .cb = &rtnl_handle_getaddr,
1472 .flags = RTNL_F_ALLOW_NONVNET_JAIL,
1473 },
1474 {
1475 .cmd = NL_RTM_NEWADDR,
1476 .name = "RTM_NEWADDR",
1477 .cb = &rtnl_handle_addr,
1478 .priv = PRIV_NET_ADDIFADDR,
1479 .flags = RTNL_F_NOEPOCH,
1480 },
1481 {
1482 .cmd = NL_RTM_DELADDR,
1483 .name = "RTM_DELADDR",
1484 .cb = &rtnl_handle_addr,
1485 .priv = PRIV_NET_DELIFADDR,
1486 .flags = RTNL_F_NOEPOCH,
1487 },
1488 };
1489
1490 static const struct nlhdr_parser *all_parsers[] = {
1491 &ifmsg_parser, &ifa_parser, &ifa_fbsd_parser,
1492 };
1493
1494 void
rtnl_iface_add_cloner(struct nl_cloner * cloner)1495 rtnl_iface_add_cloner(struct nl_cloner *cloner)
1496 {
1497 sx_xlock(&rtnl_cloner_lock);
1498 SLIST_INSERT_HEAD(&nl_cloners, cloner, next);
1499 sx_xunlock(&rtnl_cloner_lock);
1500 }
1501
1502 void
rtnl_iface_del_cloner(struct nl_cloner * cloner)1503 rtnl_iface_del_cloner(struct nl_cloner *cloner)
1504 {
1505 sx_xlock(&rtnl_cloner_lock);
1506 SLIST_REMOVE(&nl_cloners, cloner, nl_cloner, next);
1507 sx_xunlock(&rtnl_cloner_lock);
1508 }
1509
1510 void
rtnl_ifaces_init(void)1511 rtnl_ifaces_init(void)
1512 {
1513 ifattach_event = EVENTHANDLER_REGISTER(
1514 ifnet_arrival_event, rtnl_handle_ifattach, NULL,
1515 EVENTHANDLER_PRI_ANY);
1516 ifdetach_event = EVENTHANDLER_REGISTER(
1517 ifnet_departure_event, rtnl_handle_ifdetach, NULL,
1518 EVENTHANDLER_PRI_ANY);
1519 ifaddr_event = EVENTHANDLER_REGISTER(
1520 rt_addrmsg, rtnl_handle_ifaddr, NULL,
1521 EVENTHANDLER_PRI_ANY);
1522 iflink_event = EVENTHANDLER_REGISTER(
1523 ifnet_link_event, rtnl_handle_iflink, NULL,
1524 EVENTHANDLER_PRI_ANY);
1525 NL_VERIFY_PARSERS(all_parsers);
1526 rtnl_register_messages(cmd_handlers, nitems(cmd_handlers));
1527 }
1528
1529 void
rtnl_ifaces_destroy(void)1530 rtnl_ifaces_destroy(void)
1531 {
1532 EVENTHANDLER_DEREGISTER(ifnet_arrival_event, ifattach_event);
1533 EVENTHANDLER_DEREGISTER(ifnet_departure_event, ifdetach_event);
1534 EVENTHANDLER_DEREGISTER(rt_addrmsg, ifaddr_event);
1535 EVENTHANDLER_DEREGISTER(ifnet_link_event, iflink_event);
1536 }
1537