1 /*- 2 * SPDX-License-Identifier: BSD-2-Clause 3 * 4 * Copyright (c) 2022 Alexander V. Chernikov <melifaro@FreeBSD.org> 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25 * SUCH DAMAGE. 26 */ 27 28 #include "opt_netlink.h" 29 30 #include <sys/cdefs.h> 31 #include "opt_inet.h" 32 #include "opt_inet6.h" 33 #include <sys/types.h> 34 #include <sys/eventhandler.h> 35 #include <sys/kernel.h> 36 #include <sys/jail.h> 37 #include <sys/malloc.h> 38 #include <sys/socket.h> 39 #include <sys/sockio.h> 40 #include <sys/syslog.h> 41 42 #include <net/if.h> 43 #include <net/if_dl.h> 44 #include <net/if_media.h> 45 #include <net/if_var.h> 46 #include <net/if_clone.h> 47 #include <net/route.h> 48 #include <net/route/nhop.h> 49 #include <net/route/route_ctl.h> 50 #include <netinet/in_var.h> 51 #include <netinet6/in6_var.h> 52 #include <netinet6/scope6_var.h> /* scope deembedding */ 53 #include <netlink/netlink.h> 54 #include <netlink/netlink_ctl.h> 55 #include <netlink/netlink_route.h> 56 #include <netlink/route/route_var.h> 57 58 #define DEBUG_MOD_NAME nl_iface 59 #define DEBUG_MAX_LEVEL LOG_DEBUG3 60 #include <netlink/netlink_debug.h> 61 _DECLARE_DEBUG(LOG_INFO); 62 63 struct netlink_walkargs { 64 struct nl_writer *nw; 65 struct nlmsghdr hdr; 66 struct nlpcb *so; 67 struct ucred *cred; 68 uint32_t fibnum; 69 int family; 70 int error; 71 int count; 72 int dumped; 73 }; 74 75 static eventhandler_tag ifdetach_event, ifattach_event, iflink_event, ifaddr_event; 76 77 static SLIST_HEAD(, nl_cloner) nl_cloners = SLIST_HEAD_INITIALIZER(nl_cloners); 78 79 static struct sx rtnl_cloner_lock; 80 SX_SYSINIT(rtnl_cloner_lock, &rtnl_cloner_lock, "rtnl cloner lock"); 81 82 /* These are external hooks for CARP. */ 83 extern int (*carp_get_vhid_p)(struct ifaddr *); 84 85 /* 86 * RTM_GETLINK request 87 * sendto(3, {{len=32, type=RTM_GETLINK, flags=NLM_F_REQUEST|NLM_F_DUMP, seq=1641940952, pid=0}, 88 * {ifi_family=AF_INET, ifi_type=ARPHRD_NETROM, ifi_index=0, ifi_flags=0, ifi_change=0}}, 32, 0, NULL, 0) = 32 89 * 90 * Reply: 91 * {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_ETHER, ifi_index=if_nametoindex("enp0s31f6"), ifi_flags=IFF_UP|IFF_BROADCAST|IFF_RUNNING|IFF_MULTICAST|IFF_LOWER_UP, ifi_change=0}, 92 {{nla_len=10, nla_type=IFLA_ADDRESS}, "\xfe\x54\x00\x52\x3e\x90"} 93 94 [ 95 {{nla_len=14, nla_type=IFLA_IFNAME}, "enp0s31f6"}, 96 {{nla_len=8, nla_type=IFLA_TXQLEN}, 1000}, 97 {{nla_len=5, nla_type=IFLA_OPERSTATE}, 6}, 98 {{nla_len=5, nla_type=IFLA_LINKMODE}, 0}, 99 {{nla_len=8, nla_type=IFLA_MTU}, 1500}, 100 {{nla_len=8, nla_type=IFLA_MIN_MTU}, 68}, 101 {{nla_len=8, nla_type=IFLA_MAX_MTU}, 9000}, 102 {{nla_len=8, nla_type=IFLA_GROUP}, 0}, 103 {{nla_len=8, nla_type=IFLA_PROMISCUITY}, 0}, 104 {{nla_len=8, nla_type=IFLA_NUM_TX_QUEUES}, 1}, 105 {{nla_len=8, nla_type=IFLA_GSO_MAX_SEGS}, 65535}, 106 {{nla_len=8, nla_type=IFLA_GSO_MAX_SIZE}, 65536}, 107 {{nla_len=8, nla_type=IFLA_NUM_RX_QUEUES}, 1}, 108 {{nla_len=5, nla_type=IFLA_CARRIER}, 1}, 109 {{nla_len=13, nla_type=IFLA_QDISC}, "fq_codel"}, 110 {{nla_len=8, nla_type=IFLA_CARRIER_CHANGES}, 2}, 111 {{nla_len=5, nla_type=IFLA_PROTO_DOWN}, 0}, 112 {{nla_len=8, nla_type=IFLA_CARRIER_UP_COUNT}, 1}, 113 {{nla_len=8, nla_type=IFLA_CARRIER_DOWN_COUNT}, 1}, 114 */ 115 116 struct if_state { 117 uint8_t ifla_operstate; 118 uint8_t ifla_carrier; 119 }; 120 121 static void 122 get_operstate_ether(if_t ifp, struct if_state *pstate) 123 { 124 struct ifmediareq ifmr = {}; 125 int error; 126 error = if_ioctl(ifp, SIOCGIFMEDIA, (void *)&ifmr); 127 128 if (error != 0) { 129 NL_LOG(LOG_DEBUG, "error calling SIOCGIFMEDIA on %s: %d", 130 if_name(ifp), error); 131 return; 132 } 133 134 switch (IFM_TYPE(ifmr.ifm_active)) { 135 case IFM_ETHER: 136 if (ifmr.ifm_status & IFM_ACTIVE) { 137 pstate->ifla_carrier = 1; 138 if (if_getflags(ifp) & IFF_MONITOR) 139 pstate->ifla_operstate = IF_OPER_DORMANT; 140 else 141 pstate->ifla_operstate = IF_OPER_UP; 142 } else 143 pstate->ifla_operstate = IF_OPER_DOWN; 144 } 145 } 146 147 static bool 148 get_stats(struct nl_writer *nw, if_t ifp) 149 { 150 struct rtnl_link_stats64 *stats; 151 152 int nla_len = sizeof(struct nlattr) + sizeof(*stats); 153 struct nlattr *nla = nlmsg_reserve_data(nw, nla_len, struct nlattr); 154 if (nla == NULL) 155 return (false); 156 nla->nla_type = IFLA_STATS64; 157 nla->nla_len = nla_len; 158 stats = (struct rtnl_link_stats64 *)(nla + 1); 159 160 stats->rx_packets = if_getcounter(ifp, IFCOUNTER_IPACKETS); 161 stats->tx_packets = if_getcounter(ifp, IFCOUNTER_OPACKETS); 162 stats->rx_bytes = if_getcounter(ifp, IFCOUNTER_IBYTES); 163 stats->tx_bytes = if_getcounter(ifp, IFCOUNTER_OBYTES); 164 stats->rx_errors = if_getcounter(ifp, IFCOUNTER_IERRORS); 165 stats->tx_errors = if_getcounter(ifp, IFCOUNTER_OERRORS); 166 stats->rx_dropped = if_getcounter(ifp, IFCOUNTER_IQDROPS); 167 stats->tx_dropped = if_getcounter(ifp, IFCOUNTER_OQDROPS); 168 stats->multicast = if_getcounter(ifp, IFCOUNTER_IMCASTS); 169 stats->rx_nohandler = if_getcounter(ifp, IFCOUNTER_NOPROTO); 170 171 return (true); 172 } 173 174 static void 175 get_operstate(if_t ifp, struct if_state *pstate) 176 { 177 pstate->ifla_operstate = IF_OPER_UNKNOWN; 178 pstate->ifla_carrier = 0; /* no carrier */ 179 180 switch (if_gettype(ifp)) { 181 case IFT_ETHER: 182 case IFT_L2VLAN: 183 get_operstate_ether(ifp, pstate); 184 break; 185 default: 186 /* Map admin state to the operstate */ 187 if (if_getflags(ifp) & IFF_UP) { 188 pstate->ifla_operstate = IF_OPER_UP; 189 pstate->ifla_carrier = 1; 190 } else 191 pstate->ifla_operstate = IF_OPER_DOWN; 192 break; 193 } 194 } 195 196 static void 197 get_hwaddr(struct nl_writer *nw, if_t ifp) 198 { 199 struct ifreq ifr = {}; 200 201 if (if_gethwaddr(ifp, &ifr) == 0) { 202 nlattr_add(nw, IFLAF_ORIG_HWADDR, if_getaddrlen(ifp), 203 ifr.ifr_addr.sa_data); 204 } 205 } 206 207 static unsigned 208 ifp_flags_to_netlink(const if_t ifp) 209 { 210 return (if_getflags(ifp) | if_getdrvflags(ifp)); 211 } 212 213 #define LLADDR_CONST(s) ((const void *)((s)->sdl_data + (s)->sdl_nlen)) 214 static bool 215 dump_sa(struct nl_writer *nw, int attr, const struct sockaddr *sa) 216 { 217 uint32_t addr_len = 0; 218 const void *addr_data = NULL; 219 #ifdef INET6 220 struct in6_addr addr6; 221 #endif 222 223 if (sa == NULL) 224 return (true); 225 226 switch (sa->sa_family) { 227 #ifdef INET 228 case AF_INET: 229 addr_len = sizeof(struct in_addr); 230 addr_data = &((const struct sockaddr_in *)sa)->sin_addr; 231 break; 232 #endif 233 #ifdef INET6 234 case AF_INET6: 235 in6_splitscope(&((const struct sockaddr_in6 *)sa)->sin6_addr, &addr6, &addr_len); 236 addr_len = sizeof(struct in6_addr); 237 addr_data = &addr6; 238 break; 239 #endif 240 case AF_LINK: 241 addr_len = ((const struct sockaddr_dl *)sa)->sdl_alen; 242 addr_data = LLADDR_CONST((const struct sockaddr_dl *)sa); 243 break; 244 case AF_UNSPEC: 245 /* Ignore empty SAs without warning */ 246 return (true); 247 default: 248 NL_LOG(LOG_DEBUG2, "unsupported family: %d, skipping", sa->sa_family); 249 return (true); 250 } 251 252 return (nlattr_add(nw, attr, addr_len, addr_data)); 253 } 254 255 static bool 256 dump_iface_caps(struct nl_writer *nw, struct ifnet *ifp) 257 { 258 int off = nlattr_add_nested(nw, IFLAF_CAPS); 259 uint32_t active_caps[roundup2(IFCAP_B_SIZE, 32) / 32] = {}; 260 uint32_t all_caps[roundup2(IFCAP_B_SIZE, 32) / 32] = {}; 261 262 MPASS(sizeof(active_caps) >= 8); 263 MPASS(sizeof(all_caps) >= 8); 264 265 if (off == 0) 266 return (false); 267 268 active_caps[0] = (uint32_t)if_getcapabilities(ifp); 269 all_caps[0] = (uint32_t)if_getcapenable(ifp); 270 active_caps[1] = (uint32_t)if_getcapabilities2(ifp); 271 all_caps[1] = (uint32_t)if_getcapenable2(ifp); 272 273 nlattr_add_u32(nw, NLA_BITSET_SIZE, IFCAP_B_SIZE); 274 nlattr_add(nw, NLA_BITSET_MASK, sizeof(all_caps), all_caps); 275 nlattr_add(nw, NLA_BITSET_VALUE, sizeof(active_caps), active_caps); 276 277 nlattr_set_len(nw, off); 278 279 return (true); 280 } 281 282 /* 283 * Dumps interface state, properties and metrics. 284 * @nw: message writer 285 * @ifp: target interface 286 * @hdr: template header 287 * @if_flags_mask: changed if_[drv]_flags bitmask 288 * 289 * This function is called without epoch and MAY sleep. 290 */ 291 static bool 292 dump_iface(struct nl_writer *nw, if_t ifp, const struct nlmsghdr *hdr, 293 int if_flags_mask) 294 { 295 struct epoch_tracker et; 296 struct ifinfomsg *ifinfo; 297 298 NL_LOG(LOG_DEBUG3, "dumping interface %s data", if_name(ifp)); 299 300 if (!nlmsg_reply(nw, hdr, sizeof(struct ifinfomsg))) 301 goto enomem; 302 303 ifinfo = nlmsg_reserve_object(nw, struct ifinfomsg); 304 ifinfo->ifi_family = AF_UNSPEC; 305 ifinfo->__ifi_pad = 0; 306 ifinfo->ifi_type = if_gettype(ifp); 307 ifinfo->ifi_index = if_getindex(ifp); 308 ifinfo->ifi_flags = ifp_flags_to_netlink(ifp); 309 ifinfo->ifi_change = if_flags_mask; 310 311 struct if_state ifs = {}; 312 get_operstate(ifp, &ifs); 313 314 if (ifs.ifla_operstate == IF_OPER_UP) 315 ifinfo->ifi_flags |= IFF_LOWER_UP; 316 317 nlattr_add_string(nw, IFLA_IFNAME, if_name(ifp)); 318 nlattr_add_u8(nw, IFLA_OPERSTATE, ifs.ifla_operstate); 319 nlattr_add_u8(nw, IFLA_CARRIER, ifs.ifla_carrier); 320 321 /* 322 nlattr_add_u8(nw, IFLA_PROTO_DOWN, val); 323 nlattr_add_u8(nw, IFLA_LINKMODE, val); 324 */ 325 if (if_getaddrlen(ifp) != 0) { 326 struct ifaddr *ifa; 327 328 NET_EPOCH_ENTER(et); 329 ifa = CK_STAILQ_FIRST(&ifp->if_addrhead); 330 if (ifa != NULL) 331 dump_sa(nw, IFLA_ADDRESS, ifa->ifa_addr); 332 NET_EPOCH_EXIT(et); 333 } 334 335 if ((if_getbroadcastaddr(ifp) != NULL)) { 336 nlattr_add(nw, IFLA_BROADCAST, if_getaddrlen(ifp), 337 if_getbroadcastaddr(ifp)); 338 } 339 340 nlattr_add_u32(nw, IFLA_MTU, if_getmtu(ifp)); 341 /* 342 nlattr_add_u32(nw, IFLA_MIN_MTU, 60); 343 nlattr_add_u32(nw, IFLA_MAX_MTU, 9000); 344 nlattr_add_u32(nw, IFLA_GROUP, 0); 345 */ 346 347 if (if_getdescr(ifp) != NULL) 348 nlattr_add_string(nw, IFLA_IFALIAS, if_getdescr(ifp)); 349 350 /* Store FreeBSD-specific attributes */ 351 int off = nlattr_add_nested(nw, IFLA_FREEBSD); 352 if (off != 0) { 353 get_hwaddr(nw, ifp); 354 dump_iface_caps(nw, ifp); 355 356 nlattr_set_len(nw, off); 357 } 358 359 get_stats(nw, ifp); 360 361 uint32_t val = (if_getflags(ifp) & IFF_PROMISC) != 0; 362 nlattr_add_u32(nw, IFLA_PROMISCUITY, val); 363 364 ifc_dump_ifp_nl(ifp, nw); 365 366 if (nlmsg_end(nw)) 367 return (true); 368 369 enomem: 370 NL_LOG(LOG_DEBUG, "unable to dump interface %s state (ENOMEM)", if_name(ifp)); 371 nlmsg_abort(nw); 372 return (false); 373 } 374 375 static bool 376 check_ifmsg(void *hdr, struct nl_pstate *npt) 377 { 378 struct ifinfomsg *ifm = hdr; 379 380 if (ifm->__ifi_pad != 0 || ifm->ifi_type != 0 || 381 ifm->ifi_flags != 0 || ifm->ifi_change != 0) { 382 nlmsg_report_err_msg(npt, 383 "strict checking: non-zero values in ifinfomsg header"); 384 return (false); 385 } 386 387 return (true); 388 } 389 390 #define _IN(_field) offsetof(struct ifinfomsg, _field) 391 #define _OUT(_field) offsetof(struct nl_parsed_link, _field) 392 static const struct nlfield_parser nlf_p_if[] = { 393 { .off_in = _IN(ifi_type), .off_out = _OUT(ifi_type), .cb = nlf_get_u16 }, 394 { .off_in = _IN(ifi_index), .off_out = _OUT(ifi_index), .cb = nlf_get_u32 }, 395 { .off_in = _IN(ifi_flags), .off_out = _OUT(ifi_flags), .cb = nlf_get_u32 }, 396 { .off_in = _IN(ifi_change), .off_out = _OUT(ifi_change), .cb = nlf_get_u32 }, 397 }; 398 399 static const struct nlattr_parser nla_p_linfo[] = { 400 { .type = IFLA_INFO_KIND, .off = _OUT(ifla_cloner), .cb = nlattr_get_stringn }, 401 { .type = IFLA_INFO_DATA, .off = _OUT(ifla_idata), .cb = nlattr_get_nla }, 402 }; 403 NL_DECLARE_ATTR_PARSER(linfo_parser, nla_p_linfo); 404 405 static const struct nlattr_parser nla_p_if[] = { 406 { .type = IFLA_IFNAME, .off = _OUT(ifla_ifname), .cb = nlattr_get_string }, 407 { .type = IFLA_MTU, .off = _OUT(ifla_mtu), .cb = nlattr_get_uint32 }, 408 { .type = IFLA_LINK, .off = _OUT(ifla_link), .cb = nlattr_get_uint32 }, 409 { .type = IFLA_LINKINFO, .arg = &linfo_parser, .cb = nlattr_get_nested }, 410 { .type = IFLA_IFALIAS, .off = _OUT(ifla_ifalias), .cb = nlattr_get_string }, 411 { .type = IFLA_GROUP, .off = _OUT(ifla_group), .cb = nlattr_get_string }, 412 { .type = IFLA_ALT_IFNAME, .off = _OUT(ifla_ifname), .cb = nlattr_get_string }, 413 }; 414 #undef _IN 415 #undef _OUT 416 NL_DECLARE_STRICT_PARSER(ifmsg_parser, struct ifinfomsg, check_ifmsg, nlf_p_if, nla_p_if); 417 418 static bool 419 match_iface(if_t ifp, void *_arg) 420 { 421 struct nl_parsed_link *attrs = (struct nl_parsed_link *)_arg; 422 423 if (attrs->ifi_index != 0 && attrs->ifi_index != if_getindex(ifp)) 424 return (false); 425 if (attrs->ifi_type != 0 && attrs->ifi_index != if_gettype(ifp)) 426 return (false); 427 if (attrs->ifla_ifname != NULL && strcmp(attrs->ifla_ifname, if_name(ifp))) 428 return (false); 429 /* TODO: add group match */ 430 431 return (true); 432 } 433 434 static int 435 dump_cb(if_t ifp, void *_arg) 436 { 437 struct netlink_walkargs *wa = (struct netlink_walkargs *)_arg; 438 if (!dump_iface(wa->nw, ifp, &wa->hdr, 0)) 439 return (ENOMEM); 440 return (0); 441 } 442 443 /* 444 * {nlmsg_len=52, nlmsg_type=RTM_GETLINK, nlmsg_flags=NLM_F_REQUEST, nlmsg_seq=1662842818, nlmsg_pid=0}, 445 * {ifi_family=AF_PACKET, ifi_type=ARPHRD_NETROM, ifi_index=0, ifi_flags=0, ifi_change=0}, 446 * [ 447 * [{nla_len=10, nla_type=IFLA_IFNAME}, "vnet9"], 448 * [{nla_len=8, nla_type=IFLA_EXT_MASK}, RTEXT_FILTER_VF] 449 * ] 450 */ 451 static int 452 rtnl_handle_getlink(struct nlmsghdr *hdr, struct nlpcb *nlp, struct nl_pstate *npt) 453 { 454 struct epoch_tracker et; 455 if_t ifp; 456 int error = 0; 457 458 struct nl_parsed_link attrs = {}; 459 error = nl_parse_nlmsg(hdr, &ifmsg_parser, npt, &attrs); 460 if (error != 0) 461 return (error); 462 463 struct netlink_walkargs wa = { 464 .so = nlp, 465 .nw = npt->nw, 466 .hdr.nlmsg_pid = hdr->nlmsg_pid, 467 .hdr.nlmsg_seq = hdr->nlmsg_seq, 468 .hdr.nlmsg_flags = hdr->nlmsg_flags, 469 .hdr.nlmsg_type = NL_RTM_NEWLINK, 470 }; 471 472 /* Fast track for an interface w/ explicit name or index match */ 473 if ((attrs.ifi_index != 0) || (attrs.ifla_ifname != NULL)) { 474 if (attrs.ifi_index != 0) { 475 NLP_LOG(LOG_DEBUG3, nlp, "fast track -> searching index %u", 476 attrs.ifi_index); 477 NET_EPOCH_ENTER(et); 478 ifp = ifnet_byindex_ref(attrs.ifi_index); 479 NET_EPOCH_EXIT(et); 480 } else { 481 NLP_LOG(LOG_DEBUG3, nlp, "fast track -> searching name %s", 482 attrs.ifla_ifname); 483 ifp = ifunit_ref(attrs.ifla_ifname); 484 } 485 486 if (ifp != NULL) { 487 if (match_iface(ifp, &attrs)) { 488 if (!dump_iface(wa.nw, ifp, &wa.hdr, 0)) 489 error = ENOMEM; 490 } else 491 error = ENODEV; 492 if_rele(ifp); 493 } else 494 error = ENODEV; 495 return (error); 496 } 497 498 /* Always treat non-direct-match as a multipart message */ 499 wa.hdr.nlmsg_flags |= NLM_F_MULTI; 500 501 /* 502 * Fetching some link properties require performing ioctl's that may be blocking. 503 * Address it by saving referenced pointers of the matching links, 504 * exiting from epoch and going through the list one-by-one. 505 */ 506 507 NL_LOG(LOG_DEBUG2, "Start dump"); 508 if_foreach_sleep(match_iface, &attrs, dump_cb, &wa); 509 NL_LOG(LOG_DEBUG2, "End dump, iterated %d dumped %d", wa.count, wa.dumped); 510 511 if (!nlmsg_end_dump(wa.nw, error, &wa.hdr)) { 512 NL_LOG(LOG_DEBUG, "Unable to finalize the dump"); 513 return (ENOMEM); 514 } 515 516 return (error); 517 } 518 519 /* 520 * sendmsg(3, {msg_name={sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, msg_namelen=12, msg_iov=[{iov_base=[ 521 * {nlmsg_len=60, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=1662715618, nlmsg_pid=0}, 522 * {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=0, ifi_flags=0, ifi_change=0}, 523 * {nla_len=11, nla_type=IFLA_IFNAME}, "dummy0"], 524 * [ 525 * {nla_len=16, nla_type=IFLA_LINKINFO}, 526 * [ 527 * {nla_len=9, nla_type=IFLA_INFO_KIND}, "dummy"... 528 * ] 529 * ] 530 */ 531 532 static int 533 rtnl_handle_dellink(struct nlmsghdr *hdr, struct nlpcb *nlp, struct nl_pstate *npt) 534 { 535 struct epoch_tracker et; 536 if_t ifp; 537 int error; 538 539 struct nl_parsed_link attrs = {}; 540 error = nl_parse_nlmsg(hdr, &ifmsg_parser, npt, &attrs); 541 if (error != 0) 542 return (error); 543 544 NET_EPOCH_ENTER(et); 545 ifp = ifnet_byindex_ref(attrs.ifi_index); 546 NET_EPOCH_EXIT(et); 547 if (ifp == NULL) { 548 NLP_LOG(LOG_DEBUG, nlp, "unable to find interface %u", attrs.ifi_index); 549 return (ENOENT); 550 } 551 NLP_LOG(LOG_DEBUG3, nlp, "mapped ifindex %u to %s", attrs.ifi_index, if_name(ifp)); 552 553 sx_xlock(&ifnet_detach_sxlock); 554 error = if_clone_destroy(if_name(ifp)); 555 sx_xunlock(&ifnet_detach_sxlock); 556 557 NLP_LOG(LOG_DEBUG2, nlp, "deleting interface %s returned %d", if_name(ifp), error); 558 559 if_rele(ifp); 560 return (error); 561 } 562 563 /* 564 * New link: 565 * type=RTM_NEWLINK, flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, seq=1668185590, pid=0}, 566 * {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=0, ifi_flags=0, ifi_change=0} 567 * [ 568 * {{nla_len=8, nla_type=IFLA_MTU}, 123}, 569 * {{nla_len=10, nla_type=IFLA_IFNAME}, "vlan1"}, 570 * {{nla_len=24, nla_type=IFLA_LINKINFO}, 571 * [ 572 * {{nla_len=8, nla_type=IFLA_INFO_KIND}, "vlan"...}, 573 * {{nla_len=12, nla_type=IFLA_INFO_DATA}, "\x06\x00\x01\x00\x7b\x00\x00\x00"}]}]} 574 * 575 * Update link: 576 * type=RTM_NEWLINK, flags=NLM_F_REQUEST|NLM_F_ACK, seq=1668185923, pid=0}, 577 * {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=if_nametoindex("lo"), ifi_flags=0, ifi_change=0}, 578 * {{nla_len=8, nla_type=IFLA_MTU}, 123}} 579 * 580 * 581 * Check command availability: 582 * type=RTM_NEWLINK, flags=NLM_F_REQUEST|NLM_F_ACK, seq=0, pid=0}, 583 * {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=0, ifi_flags=0, ifi_change=0} 584 */ 585 586 587 static int 588 create_link(struct nlmsghdr *hdr, struct nl_parsed_link *lattrs, 589 struct nlattr_bmask *bm, struct nlpcb *nlp, struct nl_pstate *npt) 590 { 591 if (lattrs->ifla_ifname == NULL || strlen(lattrs->ifla_ifname) == 0) { 592 NLMSG_REPORT_ERR_MSG(npt, "empty IFLA_IFNAME attribute"); 593 return (EINVAL); 594 } 595 if (lattrs->ifla_cloner == NULL || strlen(lattrs->ifla_cloner) == 0) { 596 NLMSG_REPORT_ERR_MSG(npt, "empty IFLA_INFO_KIND attribute"); 597 return (EINVAL); 598 } 599 600 struct ifc_data_nl ifd = { 601 .flags = IFC_F_CREATE, 602 .lattrs = lattrs, 603 .bm = bm, 604 .npt = npt, 605 }; 606 if (ifc_create_ifp_nl(lattrs->ifla_ifname, &ifd) && ifd.error == 0) 607 nl_store_ifp_cookie(npt, ifd.ifp); 608 609 return (ifd.error); 610 } 611 612 static int 613 modify_link(struct nlmsghdr *hdr, struct nl_parsed_link *lattrs, 614 struct nlattr_bmask *bm, struct nlpcb *nlp, struct nl_pstate *npt) 615 { 616 if_t ifp = NULL; 617 struct epoch_tracker et; 618 619 if (lattrs->ifi_index == 0 && lattrs->ifla_ifname == NULL) { 620 /* 621 * Applications like ip(8) verify RTM_NEWLINK command 622 * existence by calling it with empty arguments. Always 623 * return "innocent" error in that case. 624 */ 625 NLMSG_REPORT_ERR_MSG(npt, "empty ifi_index field"); 626 return (EPERM); 627 } 628 629 if (lattrs->ifi_index != 0) { 630 NET_EPOCH_ENTER(et); 631 ifp = ifnet_byindex_ref(lattrs->ifi_index); 632 NET_EPOCH_EXIT(et); 633 if (ifp == NULL) { 634 NLMSG_REPORT_ERR_MSG(npt, "unable to find interface #%u", 635 lattrs->ifi_index); 636 return (ENOENT); 637 } 638 } 639 640 if (ifp == NULL && lattrs->ifla_ifname != NULL) { 641 ifp = ifunit_ref(lattrs->ifla_ifname); 642 if (ifp == NULL) { 643 NLMSG_REPORT_ERR_MSG(npt, "unable to find interface %s", 644 lattrs->ifla_ifname); 645 return (ENOENT); 646 } 647 } 648 649 MPASS(ifp != NULL); 650 651 /* 652 * Modification request can address either 653 * 1) cloned interface, in which case we call the cloner-specific 654 * modification routine 655 * or 656 * 2) non-cloned (e.g. "physical") interface, in which case we call 657 * generic modification routine 658 */ 659 struct ifc_data_nl ifd = { .lattrs = lattrs, .bm = bm, .npt = npt }; 660 if (!ifc_modify_ifp_nl(ifp, &ifd)) 661 ifd.error = nl_modify_ifp_generic(ifp, lattrs, bm, npt); 662 663 if_rele(ifp); 664 665 return (ifd.error); 666 } 667 668 669 static int 670 rtnl_handle_newlink(struct nlmsghdr *hdr, struct nlpcb *nlp, struct nl_pstate *npt) 671 { 672 struct nlattr_bmask bm; 673 int error; 674 675 struct nl_parsed_link attrs = {}; 676 error = nl_parse_nlmsg(hdr, &ifmsg_parser, npt, &attrs); 677 if (error != 0) 678 return (error); 679 nl_get_attrs_bmask_nlmsg(hdr, &ifmsg_parser, &bm); 680 681 if (hdr->nlmsg_flags & NLM_F_CREATE) 682 return (create_link(hdr, &attrs, &bm, nlp, npt)); 683 else 684 return (modify_link(hdr, &attrs, &bm, nlp, npt)); 685 } 686 687 static void 688 set_scope6(struct sockaddr *sa, uint32_t ifindex) 689 { 690 #ifdef INET6 691 if (sa != NULL && sa->sa_family == AF_INET6) { 692 struct sockaddr_in6 *sa6 = (struct sockaddr_in6 *)sa; 693 694 if (IN6_IS_ADDR_LINKLOCAL(&sa6->sin6_addr)) 695 in6_set_unicast_scopeid(&sa6->sin6_addr, ifindex); 696 } 697 #endif 698 } 699 700 static bool 701 check_sa_family(const struct sockaddr *sa, int family, const char *attr_name, 702 struct nl_pstate *npt) 703 { 704 if (sa == NULL || sa->sa_family == family) 705 return (true); 706 707 nlmsg_report_err_msg(npt, "wrong family for %s attribute: %d != %d", 708 attr_name, family, sa->sa_family); 709 return (false); 710 } 711 712 struct nl_parsed_ifa { 713 uint8_t ifa_family; 714 uint8_t ifa_prefixlen; 715 uint8_t ifa_scope; 716 uint32_t ifa_index; 717 uint32_t ifa_flags; 718 uint32_t ifaf_vhid; 719 uint32_t ifaf_flags; 720 struct sockaddr *ifa_address; 721 struct sockaddr *ifa_local; 722 struct sockaddr *ifa_broadcast; 723 struct ifa_cacheinfo *ifa_cacheinfo; 724 struct sockaddr *f_ifa_addr; 725 struct sockaddr *f_ifa_dst; 726 }; 727 728 static int 729 nlattr_get_cinfo(struct nlattr *nla, struct nl_pstate *npt, 730 const void *arg __unused, void *target) 731 { 732 if (__predict_false(NLA_DATA_LEN(nla) != sizeof(struct ifa_cacheinfo))) { 733 NLMSG_REPORT_ERR_MSG(npt, "nla type %d size(%u) is not ifa_cacheinfo", 734 nla->nla_type, NLA_DATA_LEN(nla)); 735 return (EINVAL); 736 } 737 *((struct ifa_cacheinfo **)target) = (struct ifa_cacheinfo *)NL_RTA_DATA(nla); 738 return (0); 739 } 740 741 #define _IN(_field) offsetof(struct ifaddrmsg, _field) 742 #define _OUT(_field) offsetof(struct nl_parsed_ifa, _field) 743 static const struct nlfield_parser nlf_p_ifa[] = { 744 { .off_in = _IN(ifa_family), .off_out = _OUT(ifa_family), .cb = nlf_get_u8 }, 745 { .off_in = _IN(ifa_prefixlen), .off_out = _OUT(ifa_prefixlen), .cb = nlf_get_u8 }, 746 { .off_in = _IN(ifa_scope), .off_out = _OUT(ifa_scope), .cb = nlf_get_u8 }, 747 { .off_in = _IN(ifa_flags), .off_out = _OUT(ifa_flags), .cb = nlf_get_u8_u32 }, 748 { .off_in = _IN(ifa_index), .off_out = _OUT(ifa_index), .cb = nlf_get_u32 }, 749 }; 750 751 static const struct nlattr_parser nla_p_ifa_fbsd[] = { 752 { .type = IFAF_VHID, .off = _OUT(ifaf_vhid), .cb = nlattr_get_uint32 }, 753 { .type = IFAF_FLAGS, .off = _OUT(ifaf_flags), .cb = nlattr_get_uint32 }, 754 }; 755 NL_DECLARE_ATTR_PARSER(ifa_fbsd_parser, nla_p_ifa_fbsd); 756 757 static const struct nlattr_parser nla_p_ifa[] = { 758 { .type = IFA_ADDRESS, .off = _OUT(ifa_address), .cb = nlattr_get_ip }, 759 { .type = IFA_LOCAL, .off = _OUT(ifa_local), .cb = nlattr_get_ip }, 760 { .type = IFA_BROADCAST, .off = _OUT(ifa_broadcast), .cb = nlattr_get_ip }, 761 { .type = IFA_CACHEINFO, .off = _OUT(ifa_cacheinfo), .cb = nlattr_get_cinfo }, 762 { .type = IFA_FLAGS, .off = _OUT(ifa_flags), .cb = nlattr_get_uint32 }, 763 { .type = IFA_FREEBSD, .arg = &ifa_fbsd_parser, .cb = nlattr_get_nested }, 764 }; 765 #undef _IN 766 #undef _OUT 767 768 static bool 769 post_p_ifa(void *_attrs, struct nl_pstate *npt) 770 { 771 struct nl_parsed_ifa *attrs = (struct nl_parsed_ifa *)_attrs; 772 773 if (!check_sa_family(attrs->ifa_address, attrs->ifa_family, "IFA_ADDRESS", npt)) 774 return (false); 775 if (!check_sa_family(attrs->ifa_local, attrs->ifa_family, "IFA_LOCAL", npt)) 776 return (false); 777 if (!check_sa_family(attrs->ifa_broadcast, attrs->ifa_family, "IFA_BROADADDR", npt)) 778 return (false); 779 780 set_scope6(attrs->ifa_address, attrs->ifa_index); 781 set_scope6(attrs->ifa_local, attrs->ifa_index); 782 783 return (true); 784 } 785 786 NL_DECLARE_PARSER_EXT(ifa_parser, struct ifaddrmsg, NULL, nlf_p_ifa, nla_p_ifa, post_p_ifa); 787 788 789 /* 790 791 {ifa_family=AF_INET, ifa_prefixlen=8, ifa_flags=IFA_F_PERMANENT, ifa_scope=RT_SCOPE_HOST, ifa_index=if_nametoindex("lo")}, 792 [ 793 {{nla_len=8, nla_type=IFA_ADDRESS}, inet_addr("127.0.0.1")}, 794 {{nla_len=8, nla_type=IFA_LOCAL}, inet_addr("127.0.0.1")}, 795 {{nla_len=7, nla_type=IFA_LABEL}, "lo"}, 796 {{nla_len=8, nla_type=IFA_FLAGS}, IFA_F_PERMANENT}, 797 {{nla_len=20, nla_type=IFA_CACHEINFO}, {ifa_prefered=4294967295, ifa_valid=4294967295, cstamp=3619, tstamp=3619}}]}, 798 --- 799 800 {{len=72, type=RTM_NEWADDR, flags=NLM_F_MULTI, seq=1642191126, pid=566735}, 801 {ifa_family=AF_INET6, ifa_prefixlen=96, ifa_flags=IFA_F_PERMANENT, ifa_scope=RT_SCOPE_UNIVERSE, ifa_index=if_nametoindex("virbr0")}, 802 [ 803 {{nla_len=20, nla_type=IFA_ADDRESS}, inet_pton(AF_INET6, "2a01:4f8:13a:70c:ffff::1")}, 804 {{nla_len=20, nla_type=IFA_CACHEINFO}, {ifa_prefered=4294967295, ifa_valid=4294967295, cstamp=4283, tstamp=4283}}, 805 {{nla_len=8, nla_type=IFA_FLAGS}, IFA_F_PERMANENT}]}, 806 */ 807 808 static uint8_t 809 ifa_get_scope(const struct ifaddr *ifa) 810 { 811 const struct sockaddr *sa; 812 uint8_t addr_scope = RT_SCOPE_UNIVERSE; 813 814 sa = ifa->ifa_addr; 815 switch (sa->sa_family) { 816 #ifdef INET 817 case AF_INET: 818 { 819 struct in_addr addr; 820 addr = ((const struct sockaddr_in *)sa)->sin_addr; 821 if (IN_LOOPBACK(addr.s_addr)) 822 addr_scope = RT_SCOPE_HOST; 823 else if (IN_LINKLOCAL(addr.s_addr)) 824 addr_scope = RT_SCOPE_LINK; 825 break; 826 } 827 #endif 828 #ifdef INET6 829 case AF_INET6: 830 { 831 const struct in6_addr *addr; 832 addr = &((const struct sockaddr_in6 *)sa)->sin6_addr; 833 if (IN6_IS_ADDR_LOOPBACK(addr)) 834 addr_scope = RT_SCOPE_HOST; 835 else if (IN6_IS_ADDR_LINKLOCAL(addr)) 836 addr_scope = RT_SCOPE_LINK; 837 break; 838 } 839 #endif 840 } 841 842 return (addr_scope); 843 } 844 845 #ifdef INET6 846 static uint8_t 847 inet6_get_plen(const struct in6_addr *addr) 848 { 849 850 return (bitcount32(addr->s6_addr32[0]) + bitcount32(addr->s6_addr32[1]) + 851 bitcount32(addr->s6_addr32[2]) + bitcount32(addr->s6_addr32[3])); 852 } 853 #endif 854 855 static uint8_t 856 get_sa_plen(const struct sockaddr *sa) 857 { 858 #ifdef INET 859 const struct in_addr *paddr; 860 #endif 861 #ifdef INET6 862 const struct in6_addr *paddr6; 863 #endif 864 865 switch (sa->sa_family) { 866 #ifdef INET 867 case AF_INET: 868 paddr = &(((const struct sockaddr_in *)sa)->sin_addr); 869 return bitcount32(paddr->s_addr);; 870 #endif 871 #ifdef INET6 872 case AF_INET6: 873 paddr6 = &(((const struct sockaddr_in6 *)sa)->sin6_addr); 874 return inet6_get_plen(paddr6); 875 #endif 876 } 877 878 return (0); 879 } 880 881 #ifdef INET6 882 static uint32_t 883 in6_flags_to_nl(uint32_t flags) 884 { 885 uint32_t nl_flags = 0; 886 887 if (flags & IN6_IFF_TEMPORARY) 888 nl_flags |= IFA_F_TEMPORARY; 889 if (flags & IN6_IFF_NODAD) 890 nl_flags |= IFA_F_NODAD; 891 if (flags & IN6_IFF_DEPRECATED) 892 nl_flags |= IFA_F_DEPRECATED; 893 if (flags & IN6_IFF_TENTATIVE) 894 nl_flags |= IFA_F_TENTATIVE; 895 if ((flags & (IN6_IFF_AUTOCONF|IN6_IFF_TEMPORARY)) == 0) 896 flags |= IFA_F_PERMANENT; 897 if (flags & IN6_IFF_DUPLICATED) 898 flags |= IFA_F_DADFAILED; 899 return (nl_flags); 900 } 901 902 static uint32_t 903 nl_flags_to_in6(uint32_t flags) 904 { 905 uint32_t in6_flags = 0; 906 907 if (flags & IFA_F_TEMPORARY) 908 in6_flags |= IN6_IFF_TEMPORARY; 909 if (flags & IFA_F_NODAD) 910 in6_flags |= IN6_IFF_NODAD; 911 if (flags & IFA_F_DEPRECATED) 912 in6_flags |= IN6_IFF_DEPRECATED; 913 if (flags & IFA_F_TENTATIVE) 914 in6_flags |= IN6_IFF_TENTATIVE; 915 if (flags & IFA_F_DADFAILED) 916 in6_flags |= IN6_IFF_DUPLICATED; 917 918 return (in6_flags); 919 } 920 921 static void 922 export_cache_info6(struct nl_writer *nw, const struct in6_ifaddr *ia) 923 { 924 struct ifa_cacheinfo ci = { 925 .cstamp = ia->ia6_createtime * 1000, 926 .tstamp = ia->ia6_updatetime * 1000, 927 .ifa_prefered = ia->ia6_lifetime.ia6t_pltime, 928 .ifa_valid = ia->ia6_lifetime.ia6t_vltime, 929 }; 930 931 nlattr_add(nw, IFA_CACHEINFO, sizeof(ci), &ci); 932 } 933 #endif 934 935 static void 936 export_cache_info(struct nl_writer *nw, struct ifaddr *ifa) 937 { 938 switch (ifa->ifa_addr->sa_family) { 939 #ifdef INET6 940 case AF_INET6: 941 export_cache_info6(nw, (struct in6_ifaddr *)ifa); 942 break; 943 #endif 944 } 945 } 946 947 /* 948 * {'attrs': [('IFA_ADDRESS', '12.0.0.1'), 949 ('IFA_LOCAL', '12.0.0.1'), 950 ('IFA_LABEL', 'eth10'), 951 ('IFA_FLAGS', 128), 952 ('IFA_CACHEINFO', {'ifa_preferred': 4294967295, 'ifa_valid': 4294967295, 'cstamp': 63745746, 'tstamp': 63745746})], 953 */ 954 static bool 955 dump_iface_addr(struct nl_writer *nw, if_t ifp, struct ifaddr *ifa, 956 const struct nlmsghdr *hdr) 957 { 958 struct ifaddrmsg *ifamsg; 959 struct sockaddr *sa = ifa->ifa_addr; 960 struct sockaddr *sa_dst = ifa->ifa_dstaddr; 961 962 NL_LOG(LOG_DEBUG3, "dumping ifa %p type %s(%d) for interface %s", 963 ifa, rib_print_family(sa->sa_family), sa->sa_family, if_name(ifp)); 964 965 if (!nlmsg_reply(nw, hdr, sizeof(struct ifaddrmsg))) 966 goto enomem; 967 968 ifamsg = nlmsg_reserve_object(nw, struct ifaddrmsg); 969 ifamsg->ifa_family = sa->sa_family; 970 ifamsg->ifa_prefixlen = get_sa_plen(ifa->ifa_netmask); 971 ifamsg->ifa_flags = 0; // ifa_flags is useless 972 ifamsg->ifa_scope = ifa_get_scope(ifa); 973 ifamsg->ifa_index = if_getindex(ifp); 974 975 if ((if_getflags(ifp) & IFF_POINTOPOINT) && sa_dst != NULL && sa_dst->sa_family != 0) { 976 /* P2P interface may have IPv6 LL with no dst address */ 977 dump_sa(nw, IFA_ADDRESS, sa_dst); 978 dump_sa(nw, IFA_LOCAL, sa); 979 } else { 980 dump_sa(nw, IFA_ADDRESS, sa); 981 #ifdef INET 982 /* 983 * In most cases, IFA_ADDRESS == IFA_LOCAL 984 * Skip IFA_LOCAL for anything except INET 985 */ 986 if (sa->sa_family == AF_INET) 987 dump_sa(nw, IFA_LOCAL, sa); 988 #endif 989 } 990 if (if_getflags(ifp) & IFF_BROADCAST) 991 dump_sa(nw, IFA_BROADCAST, ifa->ifa_broadaddr); 992 993 nlattr_add_string(nw, IFA_LABEL, if_name(ifp)); 994 995 uint32_t nl_ifa_flags = 0; 996 #ifdef INET6 997 if (sa->sa_family == AF_INET6) { 998 struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa; 999 nl_ifa_flags = in6_flags_to_nl(ia->ia6_flags); 1000 } 1001 #endif 1002 nlattr_add_u32(nw, IFA_FLAGS, nl_ifa_flags); 1003 1004 export_cache_info(nw, ifa); 1005 1006 /* Store FreeBSD-specific attributes */ 1007 int off = nlattr_add_nested(nw, IFA_FREEBSD); 1008 if (off != 0) { 1009 if (ifa->ifa_carp != NULL && carp_get_vhid_p != NULL) { 1010 uint32_t vhid = (uint32_t)(*carp_get_vhid_p)(ifa); 1011 nlattr_add_u32(nw, IFAF_VHID, vhid); 1012 } 1013 #ifdef INET6 1014 if (sa->sa_family == AF_INET6) { 1015 uint32_t ifa_flags = ((struct in6_ifaddr *)ifa)->ia6_flags; 1016 1017 nlattr_add_u32(nw, IFAF_FLAGS, ifa_flags); 1018 } 1019 #endif 1020 1021 nlattr_set_len(nw, off); 1022 } 1023 1024 if (nlmsg_end(nw)) 1025 return (true); 1026 enomem: 1027 NL_LOG(LOG_DEBUG, "Failed to dump ifa type %s(%d) for interface %s", 1028 rib_print_family(sa->sa_family), sa->sa_family, if_name(ifp)); 1029 nlmsg_abort(nw); 1030 return (false); 1031 } 1032 1033 static int 1034 dump_iface_addrs(struct netlink_walkargs *wa, if_t ifp) 1035 { 1036 struct ifaddr *ifa; 1037 struct ifa_iter it; 1038 int error = 0; 1039 1040 for (ifa = ifa_iter_start(ifp, &it); ifa != NULL; ifa = ifa_iter_next(&it)) { 1041 if (wa->family != 0 && wa->family != ifa->ifa_addr->sa_family) 1042 continue; 1043 if (ifa->ifa_addr->sa_family == AF_LINK) 1044 continue; 1045 if (prison_if(wa->cred, ifa->ifa_addr) != 0) 1046 continue; 1047 wa->count++; 1048 if (!dump_iface_addr(wa->nw, ifp, ifa, &wa->hdr)) { 1049 error = ENOMEM; 1050 break; 1051 } 1052 wa->dumped++; 1053 } 1054 ifa_iter_finish(&it); 1055 1056 return (error); 1057 } 1058 1059 static int 1060 rtnl_handle_getaddr(struct nlmsghdr *hdr, struct nlpcb *nlp, struct nl_pstate *npt) 1061 { 1062 if_t ifp; 1063 int error = 0; 1064 1065 struct nl_parsed_ifa attrs = {}; 1066 error = nl_parse_nlmsg(hdr, &ifa_parser, npt, &attrs); 1067 if (error != 0) 1068 return (error); 1069 1070 struct netlink_walkargs wa = { 1071 .so = nlp, 1072 .nw = npt->nw, 1073 .cred = nlp_get_cred(nlp), 1074 .family = attrs.ifa_family, 1075 .hdr.nlmsg_pid = hdr->nlmsg_pid, 1076 .hdr.nlmsg_seq = hdr->nlmsg_seq, 1077 .hdr.nlmsg_flags = hdr->nlmsg_flags | NLM_F_MULTI, 1078 .hdr.nlmsg_type = NL_RTM_NEWADDR, 1079 }; 1080 1081 NL_LOG(LOG_DEBUG2, "Start dump"); 1082 1083 if (attrs.ifa_index != 0) { 1084 ifp = ifnet_byindex(attrs.ifa_index); 1085 if (ifp == NULL) 1086 error = ENOENT; 1087 else 1088 error = dump_iface_addrs(&wa, ifp); 1089 } else { 1090 struct if_iter it; 1091 1092 for (ifp = if_iter_start(&it); ifp != NULL; ifp = if_iter_next(&it)) { 1093 error = dump_iface_addrs(&wa, ifp); 1094 if (error != 0) 1095 break; 1096 } 1097 if_iter_finish(&it); 1098 } 1099 1100 NL_LOG(LOG_DEBUG2, "End dump, iterated %d dumped %d", wa.count, wa.dumped); 1101 1102 if (!nlmsg_end_dump(wa.nw, error, &wa.hdr)) { 1103 NL_LOG(LOG_DEBUG, "Unable to finalize the dump"); 1104 return (ENOMEM); 1105 } 1106 1107 return (error); 1108 } 1109 1110 #ifdef INET 1111 static int 1112 handle_newaddr_inet(struct nlmsghdr *hdr, struct nl_parsed_ifa *attrs, 1113 if_t ifp, struct nlpcb *nlp, struct nl_pstate *npt) 1114 { 1115 int plen = attrs->ifa_prefixlen; 1116 int if_flags = if_getflags(ifp); 1117 struct sockaddr_in *addr, *dst; 1118 1119 if (plen > 32) { 1120 nlmsg_report_err_msg(npt, "invalid ifa_prefixlen"); 1121 return (EINVAL); 1122 }; 1123 1124 if (if_flags & IFF_POINTOPOINT) { 1125 /* 1126 * Only P2P IFAs are allowed by the implementation. 1127 */ 1128 if (attrs->ifa_address == NULL || attrs->ifa_local == NULL) { 1129 nlmsg_report_err_msg(npt, "Empty IFA_LOCAL/IFA_ADDRESS"); 1130 return (EINVAL); 1131 } 1132 addr = (struct sockaddr_in *)attrs->ifa_local; 1133 dst = (struct sockaddr_in *)attrs->ifa_address; 1134 } else { 1135 /* 1136 * Map the Netlink attributes to FreeBSD ifa layout. 1137 * If only IFA_ADDRESS or IFA_LOCAL is set OR 1138 * both are set to the same value => ifa is not p2p 1139 * and the attribute value contains interface address. 1140 * 1141 * Otherwise (both IFA_ADDRESS and IFA_LOCAL are set and 1142 * different), IFA_LOCAL contains an interface address and 1143 * IFA_ADDRESS contains peer address. 1144 */ 1145 addr = (struct sockaddr_in *)attrs->ifa_local; 1146 if (addr == NULL) 1147 addr = (struct sockaddr_in *)attrs->ifa_address; 1148 1149 if (addr == NULL) { 1150 nlmsg_report_err_msg(npt, "Empty IFA_LOCAL/IFA_ADDRESS"); 1151 return (EINVAL); 1152 } 1153 1154 /* Generate broadcast address if not set */ 1155 if ((if_flags & IFF_BROADCAST) && attrs->ifa_broadcast == NULL) { 1156 uint32_t s_baddr; 1157 struct sockaddr_in *sin_brd; 1158 1159 if (plen == 31) 1160 s_baddr = INADDR_BROADCAST; /* RFC 3021 */ 1161 else { 1162 uint32_t s_mask; 1163 1164 s_mask = htonl(plen ? ~((1 << (32 - plen)) - 1) : 0); 1165 s_baddr = addr->sin_addr.s_addr | ~s_mask; 1166 } 1167 1168 sin_brd = (struct sockaddr_in *)npt_alloc(npt, sizeof(*sin_brd)); 1169 if (sin_brd == NULL) 1170 return (ENOMEM); 1171 sin_brd->sin_family = AF_INET; 1172 sin_brd->sin_len = sizeof(*sin_brd); 1173 sin_brd->sin_addr.s_addr = s_baddr; 1174 attrs->ifa_broadcast = (struct sockaddr *)sin_brd; 1175 } 1176 dst = (struct sockaddr_in *)attrs->ifa_broadcast; 1177 } 1178 1179 struct sockaddr_in mask = { 1180 .sin_len = sizeof(struct sockaddr_in), 1181 .sin_family = AF_INET, 1182 .sin_addr.s_addr = htonl(plen ? ~((1 << (32 - plen)) - 1) : 0), 1183 }; 1184 struct in_aliasreq req = { 1185 .ifra_addr = *addr, 1186 .ifra_mask = mask, 1187 .ifra_vhid = attrs->ifaf_vhid, 1188 }; 1189 if (dst != NULL) 1190 req.ifra_dstaddr = *dst; 1191 1192 return (in_control_ioctl(SIOCAIFADDR, &req, ifp, nlp_get_cred(nlp))); 1193 } 1194 1195 static int 1196 handle_deladdr_inet(struct nlmsghdr *hdr, struct nl_parsed_ifa *attrs, 1197 if_t ifp, struct nlpcb *nlp, struct nl_pstate *npt) 1198 { 1199 struct sockaddr_in *addr = (struct sockaddr_in *)attrs->ifa_local; 1200 1201 if (addr == NULL) 1202 addr = (struct sockaddr_in *)attrs->ifa_address; 1203 1204 if (addr == NULL) { 1205 nlmsg_report_err_msg(npt, "empty IFA_ADDRESS/IFA_LOCAL"); 1206 return (EINVAL); 1207 } 1208 1209 struct in_aliasreq req = { .ifra_addr = *addr }; 1210 1211 return (in_control_ioctl(SIOCDIFADDR, &req, ifp, nlp_get_cred(nlp))); 1212 } 1213 #endif 1214 1215 #ifdef INET6 1216 static int 1217 handle_newaddr_inet6(struct nlmsghdr *hdr, struct nl_parsed_ifa *attrs, 1218 if_t ifp, struct nlpcb *nlp, struct nl_pstate *npt) 1219 { 1220 struct sockaddr_in6 *addr, *dst; 1221 1222 if (attrs->ifa_prefixlen > 128) { 1223 nlmsg_report_err_msg(npt, "invalid ifa_prefixlen"); 1224 return (EINVAL); 1225 } 1226 1227 /* 1228 * In IPv6 implementation, adding non-P2P address to the P2P interface 1229 * is allowed. 1230 */ 1231 addr = (struct sockaddr_in6 *)(attrs->ifa_local); 1232 dst = (struct sockaddr_in6 *)(attrs->ifa_address); 1233 1234 if (addr == NULL) { 1235 addr = dst; 1236 dst = NULL; 1237 } else if (dst != NULL) { 1238 if (IN6_ARE_ADDR_EQUAL(&addr->sin6_addr, &dst->sin6_addr)) { 1239 /* 1240 * Sometimes Netlink users fills in both attributes 1241 * with the same address. It still means "non-p2p". 1242 */ 1243 dst = NULL; 1244 } 1245 } 1246 1247 if (addr == NULL) { 1248 nlmsg_report_err_msg(npt, "Empty IFA_LOCAL/IFA_ADDRESS"); 1249 return (EINVAL); 1250 } 1251 1252 uint32_t flags = nl_flags_to_in6(attrs->ifa_flags) | attrs->ifaf_flags; 1253 1254 uint32_t pltime = 0, vltime = 0; 1255 if (attrs->ifa_cacheinfo != 0) { 1256 pltime = attrs->ifa_cacheinfo->ifa_prefered; 1257 vltime = attrs->ifa_cacheinfo->ifa_valid; 1258 } 1259 1260 struct sockaddr_in6 mask = { 1261 .sin6_len = sizeof(struct sockaddr_in6), 1262 .sin6_family = AF_INET6, 1263 }; 1264 ip6_writemask(&mask.sin6_addr, attrs->ifa_prefixlen); 1265 1266 struct in6_aliasreq req = { 1267 .ifra_addr = *addr, 1268 .ifra_prefixmask = mask, 1269 .ifra_flags = flags, 1270 .ifra_lifetime = { .ia6t_vltime = vltime, .ia6t_pltime = pltime }, 1271 .ifra_vhid = attrs->ifaf_vhid, 1272 }; 1273 if (dst != NULL) 1274 req.ifra_dstaddr = *dst; 1275 1276 return (in6_control_ioctl(SIOCAIFADDR_IN6, &req, ifp, nlp_get_cred(nlp))); 1277 } 1278 1279 static int 1280 handle_deladdr_inet6(struct nlmsghdr *hdr, struct nl_parsed_ifa *attrs, 1281 if_t ifp, struct nlpcb *nlp, struct nl_pstate *npt) 1282 { 1283 struct sockaddr_in6 *addr = (struct sockaddr_in6 *)attrs->ifa_local; 1284 1285 if (addr == NULL) 1286 addr = (struct sockaddr_in6 *)(attrs->ifa_address); 1287 1288 if (addr == NULL) { 1289 nlmsg_report_err_msg(npt, "Empty IFA_LOCAL/IFA_ADDRESS"); 1290 return (EINVAL); 1291 } 1292 1293 struct in6_aliasreq req = { .ifra_addr = *addr }; 1294 1295 return (in6_control_ioctl(SIOCDIFADDR_IN6, &req, ifp, nlp_get_cred(nlp))); 1296 } 1297 #endif 1298 1299 1300 static int 1301 rtnl_handle_addr(struct nlmsghdr *hdr, struct nlpcb *nlp, struct nl_pstate *npt) 1302 { 1303 struct epoch_tracker et; 1304 int error; 1305 1306 struct nl_parsed_ifa attrs = {}; 1307 error = nl_parse_nlmsg(hdr, &ifa_parser, npt, &attrs); 1308 if (error != 0) 1309 return (error); 1310 1311 NET_EPOCH_ENTER(et); 1312 if_t ifp = ifnet_byindex_ref(attrs.ifa_index); 1313 NET_EPOCH_EXIT(et); 1314 1315 if (ifp == NULL) { 1316 nlmsg_report_err_msg(npt, "Unable to find interface with index %u", 1317 attrs.ifa_index); 1318 return (ENOENT); 1319 } 1320 int if_flags = if_getflags(ifp); 1321 1322 #if defined(INET) || defined(INET6) 1323 bool new = hdr->nlmsg_type == NL_RTM_NEWADDR; 1324 #endif 1325 1326 /* 1327 * TODO: Properly handle NLM_F_CREATE / NLM_F_EXCL. 1328 * The current ioctl-based KPI always does an implicit create-or-replace. 1329 * It is not possible to specify fine-grained options. 1330 */ 1331 1332 switch (attrs.ifa_family) { 1333 #ifdef INET 1334 case AF_INET: 1335 if (new) 1336 error = handle_newaddr_inet(hdr, &attrs, ifp, nlp, npt); 1337 else 1338 error = handle_deladdr_inet(hdr, &attrs, ifp, nlp, npt); 1339 break; 1340 #endif 1341 #ifdef INET6 1342 case AF_INET6: 1343 if (new) 1344 error = handle_newaddr_inet6(hdr, &attrs, ifp, nlp, npt); 1345 else 1346 error = handle_deladdr_inet6(hdr, &attrs, ifp, nlp, npt); 1347 break; 1348 #endif 1349 default: 1350 error = EAFNOSUPPORT; 1351 } 1352 1353 if (error == 0 && !(if_flags & IFF_UP) && (if_getflags(ifp) & IFF_UP)) 1354 if_up(ifp); 1355 1356 if_rele(ifp); 1357 1358 return (error); 1359 } 1360 1361 1362 static void 1363 rtnl_handle_ifaddr(void *arg __unused, struct ifaddr *ifa, int cmd) 1364 { 1365 struct nlmsghdr hdr = {}; 1366 struct nl_writer nw = {}; 1367 uint32_t group = 0; 1368 1369 switch (ifa->ifa_addr->sa_family) { 1370 #ifdef INET 1371 case AF_INET: 1372 group = RTNLGRP_IPV4_IFADDR; 1373 break; 1374 #endif 1375 #ifdef INET6 1376 case AF_INET6: 1377 group = RTNLGRP_IPV6_IFADDR; 1378 break; 1379 #endif 1380 default: 1381 NL_LOG(LOG_DEBUG2, "ifa notification for unknown AF: %d", 1382 ifa->ifa_addr->sa_family); 1383 return; 1384 } 1385 1386 if (!nl_has_listeners(NETLINK_ROUTE, group)) 1387 return; 1388 1389 if (!nlmsg_get_group_writer(&nw, NLMSG_LARGE, NETLINK_ROUTE, group)) { 1390 NL_LOG(LOG_DEBUG, "error allocating group writer"); 1391 return; 1392 } 1393 1394 hdr.nlmsg_type = (cmd == RTM_DELETE) ? NL_RTM_DELADDR : NL_RTM_NEWADDR; 1395 1396 dump_iface_addr(&nw, ifa->ifa_ifp, ifa, &hdr); 1397 nlmsg_flush(&nw); 1398 } 1399 1400 static void 1401 rtnl_handle_ifevent(if_t ifp, int nlmsg_type, int if_flags_mask) 1402 { 1403 struct nlmsghdr hdr = { .nlmsg_type = nlmsg_type }; 1404 struct nl_writer nw = {}; 1405 1406 if (!nl_has_listeners(NETLINK_ROUTE, RTNLGRP_LINK)) 1407 return; 1408 1409 if (!nlmsg_get_group_writer(&nw, NLMSG_LARGE, NETLINK_ROUTE, RTNLGRP_LINK)) { 1410 NL_LOG(LOG_DEBUG, "error allocating mbuf"); 1411 return; 1412 } 1413 dump_iface(&nw, ifp, &hdr, if_flags_mask); 1414 nlmsg_flush(&nw); 1415 } 1416 1417 static void 1418 rtnl_handle_ifattach(void *arg, if_t ifp) 1419 { 1420 NL_LOG(LOG_DEBUG2, "ifnet %s", if_name(ifp)); 1421 rtnl_handle_ifevent(ifp, NL_RTM_NEWLINK, 0); 1422 } 1423 1424 static void 1425 rtnl_handle_ifdetach(void *arg, if_t ifp) 1426 { 1427 NL_LOG(LOG_DEBUG2, "ifnet %s", if_name(ifp)); 1428 rtnl_handle_ifevent(ifp, NL_RTM_DELLINK, 0); 1429 } 1430 1431 static void 1432 rtnl_handle_iflink(void *arg, if_t ifp) 1433 { 1434 NL_LOG(LOG_DEBUG2, "ifnet %s", if_name(ifp)); 1435 rtnl_handle_ifevent(ifp, NL_RTM_NEWLINK, 0); 1436 } 1437 1438 void 1439 rtnl_handle_ifnet_event(if_t ifp, int if_flags_mask) 1440 { 1441 NL_LOG(LOG_DEBUG2, "ifnet %s", if_name(ifp)); 1442 rtnl_handle_ifevent(ifp, NL_RTM_NEWLINK, if_flags_mask); 1443 } 1444 1445 static const struct rtnl_cmd_handler cmd_handlers[] = { 1446 { 1447 .cmd = NL_RTM_GETLINK, 1448 .name = "RTM_GETLINK", 1449 .cb = &rtnl_handle_getlink, 1450 .flags = RTNL_F_NOEPOCH | RTNL_F_ALLOW_NONVNET_JAIL, 1451 }, 1452 { 1453 .cmd = NL_RTM_DELLINK, 1454 .name = "RTM_DELLINK", 1455 .cb = &rtnl_handle_dellink, 1456 .priv = PRIV_NET_IFDESTROY, 1457 .flags = RTNL_F_NOEPOCH, 1458 }, 1459 { 1460 .cmd = NL_RTM_NEWLINK, 1461 .name = "RTM_NEWLINK", 1462 .cb = &rtnl_handle_newlink, 1463 .priv = PRIV_NET_IFCREATE, 1464 .flags = RTNL_F_NOEPOCH, 1465 }, 1466 { 1467 .cmd = NL_RTM_GETADDR, 1468 .name = "RTM_GETADDR", 1469 .cb = &rtnl_handle_getaddr, 1470 .flags = RTNL_F_ALLOW_NONVNET_JAIL, 1471 }, 1472 { 1473 .cmd = NL_RTM_NEWADDR, 1474 .name = "RTM_NEWADDR", 1475 .cb = &rtnl_handle_addr, 1476 .priv = PRIV_NET_ADDIFADDR, 1477 .flags = RTNL_F_NOEPOCH, 1478 }, 1479 { 1480 .cmd = NL_RTM_DELADDR, 1481 .name = "RTM_DELADDR", 1482 .cb = &rtnl_handle_addr, 1483 .priv = PRIV_NET_DELIFADDR, 1484 .flags = RTNL_F_NOEPOCH, 1485 }, 1486 }; 1487 1488 static const struct nlhdr_parser *all_parsers[] = { 1489 &ifmsg_parser, &ifa_parser, &ifa_fbsd_parser, 1490 }; 1491 1492 void 1493 rtnl_iface_add_cloner(struct nl_cloner *cloner) 1494 { 1495 sx_xlock(&rtnl_cloner_lock); 1496 SLIST_INSERT_HEAD(&nl_cloners, cloner, next); 1497 sx_xunlock(&rtnl_cloner_lock); 1498 } 1499 1500 void 1501 rtnl_iface_del_cloner(struct nl_cloner *cloner) 1502 { 1503 sx_xlock(&rtnl_cloner_lock); 1504 SLIST_REMOVE(&nl_cloners, cloner, nl_cloner, next); 1505 sx_xunlock(&rtnl_cloner_lock); 1506 } 1507 1508 void 1509 rtnl_ifaces_init(void) 1510 { 1511 ifattach_event = EVENTHANDLER_REGISTER( 1512 ifnet_arrival_event, rtnl_handle_ifattach, NULL, 1513 EVENTHANDLER_PRI_ANY); 1514 ifdetach_event = EVENTHANDLER_REGISTER( 1515 ifnet_departure_event, rtnl_handle_ifdetach, NULL, 1516 EVENTHANDLER_PRI_ANY); 1517 ifaddr_event = EVENTHANDLER_REGISTER( 1518 rt_addrmsg, rtnl_handle_ifaddr, NULL, 1519 EVENTHANDLER_PRI_ANY); 1520 iflink_event = EVENTHANDLER_REGISTER( 1521 ifnet_link_event, rtnl_handle_iflink, NULL, 1522 EVENTHANDLER_PRI_ANY); 1523 NL_VERIFY_PARSERS(all_parsers); 1524 rtnl_register_messages(cmd_handlers, NL_ARRAY_LEN(cmd_handlers)); 1525 } 1526 1527 void 1528 rtnl_ifaces_destroy(void) 1529 { 1530 EVENTHANDLER_DEREGISTER(ifnet_arrival_event, ifattach_event); 1531 EVENTHANDLER_DEREGISTER(ifnet_departure_event, ifdetach_event); 1532 EVENTHANDLER_DEREGISTER(rt_addrmsg, ifaddr_event); 1533 EVENTHANDLER_DEREGISTER(ifnet_link_event, iflink_event); 1534 } 1535