1 /*- 2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD 3 * 4 * Copyright (c) 2022 Alexander V. Chernikov <melifaro@FreeBSD.org> 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25 * SUCH DAMAGE. 26 */ 27 28 #include <sys/cdefs.h> 29 __FBSDID("$FreeBSD$"); 30 #include "opt_inet.h" 31 #include "opt_inet6.h" 32 #include <sys/types.h> 33 #include <sys/eventhandler.h> 34 #include <sys/kernel.h> 35 #include <sys/jail.h> 36 #include <sys/malloc.h> 37 #include <sys/socket.h> 38 #include <sys/sockio.h> 39 #include <sys/syslog.h> 40 41 #include <net/if.h> 42 #include <net/if_dl.h> 43 #include <net/if_media.h> 44 #include <net/if_var.h> 45 #include <net/if_clone.h> 46 #include <net/route.h> 47 #include <net/route/nhop.h> 48 #include <net/route/route_ctl.h> 49 #include <netlink/netlink.h> 50 #include <netlink/netlink_ctl.h> 51 #include <netlink/netlink_route.h> 52 #include <netlink/route/route_var.h> 53 54 #include <netinet6/scope6_var.h> /* scope deembedding */ 55 56 #define DEBUG_MOD_NAME nl_iface 57 #define DEBUG_MAX_LEVEL LOG_DEBUG3 58 #include <netlink/netlink_debug.h> 59 _DECLARE_DEBUG(LOG_DEBUG); 60 61 struct netlink_walkargs { 62 struct nl_writer *nw; 63 struct nlmsghdr hdr; 64 struct nlpcb *so; 65 struct ucred *cred; 66 uint32_t fibnum; 67 int family; 68 int error; 69 int count; 70 int dumped; 71 }; 72 73 static eventhandler_tag ifdetach_event, ifattach_event, iflink_event, ifaddr_event; 74 75 static SLIST_HEAD(, nl_cloner) nl_cloners = SLIST_HEAD_INITIALIZER(nl_cloners); 76 77 static struct sx rtnl_cloner_lock; 78 SX_SYSINIT(rtnl_cloner_lock, &rtnl_cloner_lock, "rtnl cloner lock"); 79 80 static struct nl_cloner *rtnl_iface_find_cloner_locked(const char *name); 81 82 /* 83 * RTM_GETLINK request 84 * sendto(3, {{len=32, type=RTM_GETLINK, flags=NLM_F_REQUEST|NLM_F_DUMP, seq=1641940952, pid=0}, 85 * {ifi_family=AF_INET, ifi_type=ARPHRD_NETROM, ifi_index=0, ifi_flags=0, ifi_change=0}}, 32, 0, NULL, 0) = 32 86 * 87 * Reply: 88 * {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_ETHER, ifi_index=if_nametoindex("enp0s31f6"), ifi_flags=IFF_UP|IFF_BROADCAST|IFF_RUNNING|IFF_MULTICAST|IFF_LOWER_UP, ifi_change=0}, 89 {{nla_len=10, nla_type=IFLA_ADDRESS}, "\xfe\x54\x00\x52\x3e\x90"} 90 91 [ 92 {{nla_len=14, nla_type=IFLA_IFNAME}, "enp0s31f6"}, 93 {{nla_len=8, nla_type=IFLA_TXQLEN}, 1000}, 94 {{nla_len=5, nla_type=IFLA_OPERSTATE}, 6}, 95 {{nla_len=5, nla_type=IFLA_LINKMODE}, 0}, 96 {{nla_len=8, nla_type=IFLA_MTU}, 1500}, 97 {{nla_len=8, nla_type=IFLA_MIN_MTU}, 68}, 98 {{nla_len=8, nla_type=IFLA_MAX_MTU}, 9000}, 99 {{nla_len=8, nla_type=IFLA_GROUP}, 0}, 100 {{nla_len=8, nla_type=IFLA_PROMISCUITY}, 0}, 101 {{nla_len=8, nla_type=IFLA_NUM_TX_QUEUES}, 1}, 102 {{nla_len=8, nla_type=IFLA_GSO_MAX_SEGS}, 65535}, 103 {{nla_len=8, nla_type=IFLA_GSO_MAX_SIZE}, 65536}, 104 {{nla_len=8, nla_type=IFLA_NUM_RX_QUEUES}, 1}, 105 {{nla_len=5, nla_type=IFLA_CARRIER}, 1}, 106 {{nla_len=13, nla_type=IFLA_QDISC}, "fq_codel"}, 107 {{nla_len=8, nla_type=IFLA_CARRIER_CHANGES}, 2}, 108 {{nla_len=5, nla_type=IFLA_PROTO_DOWN}, 0}, 109 {{nla_len=8, nla_type=IFLA_CARRIER_UP_COUNT}, 1}, 110 {{nla_len=8, nla_type=IFLA_CARRIER_DOWN_COUNT}, 1}, 111 */ 112 113 struct if_state { 114 uint8_t ifla_operstate; 115 uint8_t ifla_carrier; 116 }; 117 118 static void 119 get_operstate_ether(struct ifnet *ifp, struct if_state *pstate) 120 { 121 struct ifmediareq ifmr = {}; 122 int error; 123 error = (*ifp->if_ioctl)(ifp, SIOCGIFMEDIA, (void *)&ifmr); 124 125 if (error != 0) { 126 NL_LOG(LOG_DEBUG, "error calling SIOCGIFMEDIA on %s: %d", 127 if_name(ifp), error); 128 return; 129 } 130 131 switch (IFM_TYPE(ifmr.ifm_active)) { 132 case IFM_ETHER: 133 if (ifmr.ifm_status & IFM_ACTIVE) { 134 pstate->ifla_carrier = 1; 135 if (ifp->if_flags & IFF_MONITOR) 136 pstate->ifla_operstate = IF_OPER_DORMANT; 137 else 138 pstate->ifla_operstate = IF_OPER_UP; 139 } else 140 pstate->ifla_operstate = IF_OPER_DOWN; 141 } 142 } 143 144 static bool 145 get_stats(struct nl_writer *nw, struct ifnet *ifp) 146 { 147 struct rtnl_link_stats64 *stats; 148 149 int nla_len = sizeof(struct nlattr) + sizeof(*stats); 150 struct nlattr *nla = nlmsg_reserve_data(nw, nla_len, struct nlattr); 151 if (nla == NULL) 152 return (false); 153 nla->nla_type = IFLA_STATS64; 154 nla->nla_len = nla_len; 155 stats = (struct rtnl_link_stats64 *)(nla + 1); 156 157 stats->rx_packets = ifp->if_get_counter(ifp, IFCOUNTER_IPACKETS); 158 stats->tx_packets = ifp->if_get_counter(ifp, IFCOUNTER_OPACKETS); 159 stats->rx_bytes = ifp->if_get_counter(ifp, IFCOUNTER_IBYTES); 160 stats->tx_bytes = ifp->if_get_counter(ifp, IFCOUNTER_OBYTES); 161 stats->rx_errors = ifp->if_get_counter(ifp, IFCOUNTER_IERRORS); 162 stats->tx_errors = ifp->if_get_counter(ifp, IFCOUNTER_OERRORS); 163 stats->rx_dropped = ifp->if_get_counter(ifp, IFCOUNTER_IQDROPS); 164 stats->tx_dropped = ifp->if_get_counter(ifp, IFCOUNTER_OQDROPS); 165 stats->multicast = ifp->if_get_counter(ifp, IFCOUNTER_IMCASTS); 166 stats->rx_nohandler = ifp->if_get_counter(ifp, IFCOUNTER_NOPROTO); 167 168 return (true); 169 } 170 171 static void 172 get_operstate(struct ifnet *ifp, struct if_state *pstate) 173 { 174 pstate->ifla_operstate = IF_OPER_UNKNOWN; 175 pstate->ifla_carrier = 0; /* no carrier */ 176 177 switch (ifp->if_type) { 178 case IFT_ETHER: 179 case IFT_L2VLAN: 180 get_operstate_ether(ifp, pstate); 181 break; 182 default: 183 /* Map admin state to the operstate */ 184 if (ifp->if_flags & IFF_UP) { 185 pstate->ifla_operstate = IF_OPER_UP; 186 pstate->ifla_carrier = 1; 187 } else 188 pstate->ifla_operstate = IF_OPER_DOWN; 189 break; 190 } 191 } 192 193 static unsigned 194 ifp_flags_to_netlink(const struct ifnet *ifp) 195 { 196 return (ifp->if_flags | ifp->if_drv_flags); 197 } 198 199 #define LLADDR_CONST(s) ((const void *)((s)->sdl_data + (s)->sdl_nlen)) 200 static bool 201 dump_sa(struct nl_writer *nw, int attr, const struct sockaddr *sa) 202 { 203 uint32_t addr_len = 0; 204 const void *addr_data = NULL; 205 #ifdef INET6 206 struct in6_addr addr6; 207 #endif 208 209 if (sa == NULL) 210 return (true); 211 212 switch (sa->sa_family) { 213 #ifdef INET 214 case AF_INET: 215 addr_len = sizeof(struct in_addr); 216 addr_data = &((const struct sockaddr_in *)sa)->sin_addr; 217 break; 218 #endif 219 #ifdef INET6 220 case AF_INET6: 221 in6_splitscope(&((const struct sockaddr_in6 *)sa)->sin6_addr, &addr6, &addr_len); 222 addr_len = sizeof(struct in6_addr); 223 addr_data = &addr6; 224 break; 225 #endif 226 case AF_LINK: 227 addr_len = ((const struct sockaddr_dl *)sa)->sdl_alen; 228 addr_data = LLADDR_CONST((const struct sockaddr_dl *)sa); 229 break; 230 default: 231 NL_LOG(LOG_DEBUG, "unsupported family: %d, skipping", sa->sa_family); 232 return (true); 233 } 234 235 return (nlattr_add(nw, attr, addr_len, addr_data)); 236 } 237 238 /* 239 * Dumps interface state, properties and metrics. 240 * @nw: message writer 241 * @ifp: target interface 242 * @hdr: template header 243 * @if_flags_mask: changed if_[drv]_flags bitmask 244 * 245 * This function is called without epoch and MAY sleep. 246 */ 247 static bool 248 dump_iface(struct nl_writer *nw, struct ifnet *ifp, const struct nlmsghdr *hdr, 249 int if_flags_mask) 250 { 251 struct ifinfomsg *ifinfo; 252 253 NL_LOG(LOG_DEBUG3, "dumping interface %s data", if_name(ifp)); 254 255 if (!nlmsg_reply(nw, hdr, sizeof(struct ifinfomsg))) 256 goto enomem; 257 258 ifinfo = nlmsg_reserve_object(nw, struct ifinfomsg); 259 ifinfo->ifi_family = AF_UNSPEC; 260 ifinfo->__ifi_pad = 0; 261 ifinfo->ifi_type = ifp->if_type; 262 ifinfo->ifi_index = ifp->if_index; 263 ifinfo->ifi_flags = ifp_flags_to_netlink(ifp); 264 ifinfo->ifi_change = if_flags_mask; 265 266 struct if_state ifs = {}; 267 get_operstate(ifp, &ifs); 268 269 if (ifs.ifla_operstate == IF_OPER_UP) 270 ifinfo->ifi_flags |= IFF_LOWER_UP; 271 272 nlattr_add_string(nw, IFLA_IFNAME, if_name(ifp)); 273 nlattr_add_u8(nw, IFLA_OPERSTATE, ifs.ifla_operstate); 274 nlattr_add_u8(nw, IFLA_CARRIER, ifs.ifla_carrier); 275 276 /* 277 nlattr_add_u8(nw, IFLA_PROTO_DOWN, val); 278 nlattr_add_u8(nw, IFLA_LINKMODE, val); 279 */ 280 if ((ifp->if_addr != NULL)) { 281 dump_sa(nw, IFLA_ADDRESS, ifp->if_addr->ifa_addr); 282 } 283 284 if ((ifp->if_broadcastaddr != NULL)) { 285 nlattr_add(nw, IFLA_BROADCAST, ifp->if_addrlen, 286 ifp->if_broadcastaddr); 287 } 288 289 nlattr_add_u32(nw, IFLA_MTU, ifp->if_mtu); 290 /* 291 nlattr_add_u32(nw, IFLA_MIN_MTU, 60); 292 nlattr_add_u32(nw, IFLA_MAX_MTU, 9000); 293 nlattr_add_u32(nw, IFLA_GROUP, 0); 294 */ 295 296 if (ifp->if_description != NULL) 297 nlattr_add_string(nw, IFLA_IFALIAS, ifp->if_description); 298 299 get_stats(nw, ifp); 300 301 uint32_t val = (ifp->if_flags & IFF_PROMISC) != 0; 302 nlattr_add_u32(nw, IFLA_PROMISCUITY, val); 303 304 sx_slock(&rtnl_cloner_lock); 305 struct nl_cloner *cloner = rtnl_iface_find_cloner_locked(ifp->if_dname); 306 if (cloner != NULL && cloner->dump_f != NULL) { 307 /* Ignore any dump error */ 308 cloner->dump_f(ifp, nw); 309 } 310 sx_sunlock(&rtnl_cloner_lock); 311 312 if (nlmsg_end(nw)) 313 return (true); 314 315 enomem: 316 NL_LOG(LOG_DEBUG, "unable to dump interface %s state (ENOMEM)", if_name(ifp)); 317 nlmsg_abort(nw); 318 return (false); 319 } 320 321 static bool 322 check_ifmsg(void *hdr, struct nl_pstate *npt) 323 { 324 struct ifinfomsg *ifm = hdr; 325 326 if (ifm->__ifi_pad != 0 || ifm->ifi_type != 0 || 327 ifm->ifi_flags != 0 || ifm->ifi_change != 0) { 328 nlmsg_report_err_msg(npt, 329 "strict checking: non-zero values in ifinfomsg header"); 330 return (false); 331 } 332 333 return (true); 334 } 335 336 #define _IN(_field) offsetof(struct ifinfomsg, _field) 337 #define _OUT(_field) offsetof(struct nl_parsed_link, _field) 338 static const struct nlfield_parser nlf_p_if[] = { 339 { .off_in = _IN(ifi_type), .off_out = _OUT(ifi_type), .cb = nlf_get_u16 }, 340 { .off_in = _IN(ifi_index), .off_out = _OUT(ifi_index), .cb = nlf_get_u32 }, 341 { .off_in = _IN(ifi_flags), .off_out = _OUT(ifi_flags), .cb = nlf_get_u32 }, 342 { .off_in = _IN(ifi_change), .off_out = _OUT(ifi_change), .cb = nlf_get_u32 }, 343 }; 344 345 static const struct nlattr_parser nla_p_linfo[] = { 346 { .type = IFLA_INFO_KIND, .off = _OUT(ifla_cloner), .cb = nlattr_get_stringn }, 347 { .type = IFLA_INFO_DATA, .off = _OUT(ifla_idata), .cb = nlattr_get_nla }, 348 }; 349 NL_DECLARE_ATTR_PARSER(linfo_parser, nla_p_linfo); 350 351 static const struct nlattr_parser nla_p_if[] = { 352 { .type = IFLA_IFNAME, .off = _OUT(ifla_ifname), .cb = nlattr_get_string }, 353 { .type = IFLA_MTU, .off = _OUT(ifla_mtu), .cb = nlattr_get_uint32 }, 354 { .type = IFLA_LINK, .off = _OUT(ifi_index), .cb = nlattr_get_uint32 }, 355 { .type = IFLA_LINKINFO, .arg = &linfo_parser, .cb = nlattr_get_nested }, 356 { .type = IFLA_IFALIAS, .off = _OUT(ifla_ifalias), .cb = nlattr_get_string }, 357 { .type = IFLA_GROUP, .off = _OUT(ifla_group), .cb = nlattr_get_string }, 358 { .type = IFLA_ALT_IFNAME, .off = _OUT(ifla_ifname), .cb = nlattr_get_string }, 359 }; 360 #undef _IN 361 #undef _OUT 362 NL_DECLARE_STRICT_PARSER(ifmsg_parser, struct ifinfomsg, check_ifmsg, nlf_p_if, nla_p_if); 363 364 static bool 365 match_iface(struct ifnet *ifp, void *_arg) 366 { 367 struct nl_parsed_link *attrs = (struct nl_parsed_link *)_arg; 368 369 if (attrs->ifi_index != 0 && attrs->ifi_index != ifp->if_index) 370 return (false); 371 if (attrs->ifi_type != 0 && attrs->ifi_index != ifp->if_type) 372 return (false); 373 if (attrs->ifla_ifname != NULL && strcmp(attrs->ifla_ifname, if_name(ifp))) 374 return (false); 375 /* TODO: add group match */ 376 377 return (true); 378 } 379 380 static int 381 dump_cb(struct ifnet *ifp, void *_arg) 382 { 383 struct netlink_walkargs *wa = (struct netlink_walkargs *)_arg; 384 if (!dump_iface(wa->nw, ifp, &wa->hdr, 0)) 385 return (ENOMEM); 386 return (0); 387 } 388 389 /* 390 * {nlmsg_len=52, nlmsg_type=RTM_GETLINK, nlmsg_flags=NLM_F_REQUEST, nlmsg_seq=1662842818, nlmsg_pid=0}, 391 * {ifi_family=AF_PACKET, ifi_type=ARPHRD_NETROM, ifi_index=0, ifi_flags=0, ifi_change=0}, 392 * [ 393 * [{nla_len=10, nla_type=IFLA_IFNAME}, "vnet9"], 394 * [{nla_len=8, nla_type=IFLA_EXT_MASK}, RTEXT_FILTER_VF] 395 * ] 396 */ 397 static int 398 rtnl_handle_getlink(struct nlmsghdr *hdr, struct nlpcb *nlp, struct nl_pstate *npt) 399 { 400 struct epoch_tracker et; 401 struct ifnet *ifp; 402 int error = 0; 403 404 struct nl_parsed_link attrs = {}; 405 error = nl_parse_nlmsg(hdr, &ifmsg_parser, npt, &attrs); 406 if (error != 0) 407 return (error); 408 409 struct netlink_walkargs wa = { 410 .so = nlp, 411 .nw = npt->nw, 412 .hdr.nlmsg_pid = hdr->nlmsg_pid, 413 .hdr.nlmsg_seq = hdr->nlmsg_seq, 414 .hdr.nlmsg_flags = hdr->nlmsg_flags, 415 .hdr.nlmsg_type = NL_RTM_NEWLINK, 416 }; 417 418 /* Fast track for an interface w/ explicit name or index match */ 419 if ((attrs.ifi_index != 0) || (attrs.ifla_ifname != NULL)) { 420 if (attrs.ifi_index != 0) { 421 NLP_LOG(LOG_DEBUG3, nlp, "fast track -> searching index %u", 422 attrs.ifi_index); 423 NET_EPOCH_ENTER(et); 424 ifp = ifnet_byindex_ref(attrs.ifi_index); 425 NET_EPOCH_EXIT(et); 426 } else { 427 NLP_LOG(LOG_DEBUG3, nlp, "fast track -> searching name %s", 428 attrs.ifla_ifname); 429 ifp = ifunit_ref(attrs.ifla_ifname); 430 } 431 432 if (ifp != NULL) { 433 if (match_iface(ifp, &attrs)) { 434 if (!dump_iface(wa.nw, ifp, &wa.hdr, 0)) 435 error = ENOMEM; 436 } else 437 error = ENODEV; 438 if_rele(ifp); 439 } else 440 error = ENODEV; 441 return (error); 442 } 443 444 /* Always treat non-direct-match as a multipart message */ 445 wa.hdr.nlmsg_flags |= NLM_F_MULTI; 446 447 /* 448 * Fetching some link properties require performing ioctl's that may be blocking. 449 * Address it by saving referenced pointers of the matching links, 450 * exiting from epoch and going through the list one-by-one. 451 */ 452 453 NL_LOG(LOG_DEBUG2, "Start dump"); 454 if_foreach_sleep(match_iface, &attrs, dump_cb, &wa); 455 NL_LOG(LOG_DEBUG2, "End dump, iterated %d dumped %d", wa.count, wa.dumped); 456 457 if (!nlmsg_end_dump(wa.nw, error, &wa.hdr)) { 458 NL_LOG(LOG_DEBUG, "Unable to finalize the dump"); 459 return (ENOMEM); 460 } 461 462 return (error); 463 } 464 465 /* 466 * sendmsg(3, {msg_name={sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, msg_namelen=12, msg_iov=[{iov_base=[ 467 * {nlmsg_len=60, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=1662715618, nlmsg_pid=0}, 468 * {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=0, ifi_flags=0, ifi_change=0}, 469 * {nla_len=11, nla_type=IFLA_IFNAME}, "dummy0"], 470 * [ 471 * {nla_len=16, nla_type=IFLA_LINKINFO}, 472 * [ 473 * {nla_len=9, nla_type=IFLA_INFO_KIND}, "dummy"... 474 * ] 475 * ] 476 */ 477 478 static int 479 rtnl_handle_dellink(struct nlmsghdr *hdr, struct nlpcb *nlp, struct nl_pstate *npt) 480 { 481 struct epoch_tracker et; 482 struct ifnet *ifp; 483 int error; 484 485 struct nl_parsed_link attrs = {}; 486 error = nl_parse_nlmsg(hdr, &ifmsg_parser, npt, &attrs); 487 if (error != 0) 488 return (error); 489 490 NET_EPOCH_ENTER(et); 491 ifp = ifnet_byindex_ref(attrs.ifi_index); 492 NET_EPOCH_EXIT(et); 493 if (ifp == NULL) { 494 NLP_LOG(LOG_DEBUG, nlp, "unable to find interface %u", attrs.ifi_index); 495 return (ENOENT); 496 } 497 NLP_LOG(LOG_DEBUG3, nlp, "mapped ifindex %u to %s", attrs.ifi_index, if_name(ifp)); 498 499 sx_xlock(&ifnet_detach_sxlock); 500 error = if_clone_destroy(if_name(ifp)); 501 sx_xunlock(&ifnet_detach_sxlock); 502 503 NLP_LOG(LOG_DEBUG2, nlp, "deleting interface %s returned %d", if_name(ifp), error); 504 505 if_rele(ifp); 506 return (error); 507 } 508 509 /* 510 * New link: 511 * type=RTM_NEWLINK, flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, seq=1668185590, pid=0}, 512 * {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=0, ifi_flags=0, ifi_change=0} 513 * [ 514 * {{nla_len=8, nla_type=IFLA_MTU}, 123}, 515 * {{nla_len=10, nla_type=IFLA_IFNAME}, "vlan1"}, 516 * {{nla_len=24, nla_type=IFLA_LINKINFO}, 517 * [ 518 * {{nla_len=8, nla_type=IFLA_INFO_KIND}, "vlan"...}, 519 * {{nla_len=12, nla_type=IFLA_INFO_DATA}, "\x06\x00\x01\x00\x7b\x00\x00\x00"}]}]} 520 * 521 * Update link: 522 * type=RTM_NEWLINK, flags=NLM_F_REQUEST|NLM_F_ACK, seq=1668185923, pid=0}, 523 * {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=if_nametoindex("lo"), ifi_flags=0, ifi_change=0}, 524 * {{nla_len=8, nla_type=IFLA_MTU}, 123}} 525 * 526 * 527 * Check command availability: 528 * type=RTM_NEWLINK, flags=NLM_F_REQUEST|NLM_F_ACK, seq=0, pid=0}, 529 * {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=0, ifi_flags=0, ifi_change=0} 530 */ 531 532 533 static int 534 create_link(struct nlmsghdr *hdr, struct nl_parsed_link *lattrs, 535 struct nlattr_bmask *bm, struct nlpcb *nlp, struct nl_pstate *npt) 536 { 537 if (lattrs->ifla_ifname == NULL || strlen(lattrs->ifla_ifname) == 0) { 538 NLMSG_REPORT_ERR_MSG(npt, "empty IFLA_IFNAME attribute"); 539 return (EINVAL); 540 } 541 if (lattrs->ifla_cloner == NULL || strlen(lattrs->ifla_cloner) == 0) { 542 NLMSG_REPORT_ERR_MSG(npt, "empty IFLA_INFO_KIND attribute"); 543 return (EINVAL); 544 } 545 546 bool found = false; 547 int error = 0; 548 549 sx_slock(&rtnl_cloner_lock); 550 struct nl_cloner *cloner = rtnl_iface_find_cloner_locked(lattrs->ifla_cloner); 551 if (cloner != NULL) { 552 found = true; 553 error = cloner->create_f(lattrs, bm, nlp, npt); 554 } 555 sx_sunlock(&rtnl_cloner_lock); 556 557 if (!found) 558 error = generic_cloner.create_f(lattrs, bm, nlp, npt); 559 560 return (error); 561 } 562 563 static int 564 modify_link(struct nlmsghdr *hdr, struct nl_parsed_link *lattrs, 565 struct nlattr_bmask *bm, struct nlpcb *nlp, struct nl_pstate *npt) 566 { 567 struct ifnet *ifp = NULL; 568 struct epoch_tracker et; 569 570 if (lattrs->ifi_index == 0 && lattrs->ifla_ifname == NULL) { 571 /* 572 * Applications like ip(8) verify RTM_NEWLINK command 573 * existence by calling it with empty arguments. Always 574 * return "innocent" error in that case. 575 */ 576 NLMSG_REPORT_ERR_MSG(npt, "empty ifi_index field"); 577 return (EPERM); 578 } 579 580 if (lattrs->ifi_index != 0) { 581 NET_EPOCH_ENTER(et); 582 ifp = ifnet_byindex_ref(lattrs->ifi_index); 583 NET_EPOCH_EXIT(et); 584 if (ifp == NULL) { 585 NLMSG_REPORT_ERR_MSG(npt, "unable to find interface #%u", 586 lattrs->ifi_index); 587 return (ENOENT); 588 } 589 } 590 591 if (ifp == NULL && lattrs->ifla_ifname != NULL) { 592 ifp = ifunit_ref(lattrs->ifla_ifname); 593 if (ifp == NULL) { 594 NLMSG_REPORT_ERR_MSG(npt, "unable to find interface %s", 595 lattrs->ifla_ifname); 596 return (ENOENT); 597 } 598 } 599 600 MPASS(ifp != NULL); 601 602 /* 603 * There can be multiple kinds of interfaces: 604 * 1) cloned, with additional options 605 * 2) cloned, but w/o additional options 606 * 3) non-cloned (e.g. "physical). 607 * 608 * Thus, try to find cloner-specific callback and fallback to the 609 * "default" handler if not found. 610 */ 611 bool found = false; 612 int error = 0; 613 614 sx_slock(&rtnl_cloner_lock); 615 struct nl_cloner *cloner = rtnl_iface_find_cloner_locked(ifp->if_dname); 616 if (cloner != NULL) { 617 found = true; 618 error = cloner->modify_f(ifp, lattrs, bm, nlp, npt); 619 } 620 sx_sunlock(&rtnl_cloner_lock); 621 622 if (!found) 623 error = generic_cloner.modify_f(ifp, lattrs, bm, nlp, npt); 624 625 if_rele(ifp); 626 627 return (error); 628 } 629 630 631 static int 632 rtnl_handle_newlink(struct nlmsghdr *hdr, struct nlpcb *nlp, struct nl_pstate *npt) 633 { 634 struct nlattr_bmask bm; 635 int error; 636 637 struct nl_parsed_link attrs = {}; 638 error = nl_parse_nlmsg(hdr, &ifmsg_parser, npt, &attrs); 639 if (error != 0) 640 return (error); 641 nl_get_attrs_bmask_nlmsg(hdr, &ifmsg_parser, &bm); 642 643 if (hdr->nlmsg_flags & NLM_F_CREATE) 644 return (create_link(hdr, &attrs, &bm, nlp, npt)); 645 else 646 return (modify_link(hdr, &attrs, &bm, nlp, npt)); 647 } 648 649 struct nl_parsed_ifa { 650 uint8_t ifa_family; 651 uint8_t ifa_prefixlen; 652 uint8_t ifa_scope; 653 uint32_t ifa_index; 654 uint32_t ifa_flags; 655 struct sockaddr *ifa_address; 656 struct sockaddr *ifa_local; 657 }; 658 659 #define _IN(_field) offsetof(struct ifaddrmsg, _field) 660 #define _OUT(_field) offsetof(struct nl_parsed_ifa, _field) 661 static const struct nlfield_parser nlf_p_ifa[] = { 662 { .off_in = _IN(ifa_family), .off_out = _OUT(ifa_family), .cb = nlf_get_u8 }, 663 { .off_in = _IN(ifa_prefixlen), .off_out = _OUT(ifa_prefixlen), .cb = nlf_get_u8 }, 664 { .off_in = _IN(ifa_scope), .off_out = _OUT(ifa_scope), .cb = nlf_get_u8 }, 665 { .off_in = _IN(ifa_flags), .off_out = _OUT(ifa_flags), .cb = nlf_get_u8_u32 }, 666 { .off_in = _IN(ifa_index), .off_out = _OUT(ifa_index), .cb = nlf_get_u32 }, 667 }; 668 669 static const struct nlattr_parser nla_p_ifa[] = { 670 { .type = IFA_ADDRESS, .off = _OUT(ifa_address), .cb = nlattr_get_ip }, 671 { .type = IFA_LOCAL, .off = _OUT(ifa_local), .cb = nlattr_get_ip }, 672 { .type = IFA_FLAGS, .off = _OUT(ifa_flags), .cb = nlattr_get_uint32 }, 673 }; 674 #undef _IN 675 #undef _OUT 676 NL_DECLARE_PARSER(ifaddrmsg_parser, struct ifaddrmsg, nlf_p_ifa, nla_p_ifa); 677 678 679 /* 680 681 {ifa_family=AF_INET, ifa_prefixlen=8, ifa_flags=IFA_F_PERMANENT, ifa_scope=RT_SCOPE_HOST, ifa_index=if_nametoindex("lo")}, 682 [ 683 {{nla_len=8, nla_type=IFA_ADDRESS}, inet_addr("127.0.0.1")}, 684 {{nla_len=8, nla_type=IFA_LOCAL}, inet_addr("127.0.0.1")}, 685 {{nla_len=7, nla_type=IFA_LABEL}, "lo"}, 686 {{nla_len=8, nla_type=IFA_FLAGS}, IFA_F_PERMANENT}, 687 {{nla_len=20, nla_type=IFA_CACHEINFO}, {ifa_prefered=4294967295, ifa_valid=4294967295, cstamp=3619, tstamp=3619}}]}, 688 --- 689 690 {{len=72, type=RTM_NEWADDR, flags=NLM_F_MULTI, seq=1642191126, pid=566735}, 691 {ifa_family=AF_INET6, ifa_prefixlen=96, ifa_flags=IFA_F_PERMANENT, ifa_scope=RT_SCOPE_UNIVERSE, ifa_index=if_nametoindex("virbr0")}, 692 [ 693 {{nla_len=20, nla_type=IFA_ADDRESS}, inet_pton(AF_INET6, "2a01:4f8:13a:70c:ffff::1")}, 694 {{nla_len=20, nla_type=IFA_CACHEINFO}, {ifa_prefered=4294967295, ifa_valid=4294967295, cstamp=4283, tstamp=4283}}, 695 {{nla_len=8, nla_type=IFA_FLAGS}, IFA_F_PERMANENT}]}, 696 */ 697 698 static uint8_t 699 ifa_get_scope(const struct ifaddr *ifa) 700 { 701 const struct sockaddr *sa; 702 uint8_t addr_scope = RT_SCOPE_UNIVERSE; 703 704 sa = ifa->ifa_addr; 705 switch (sa->sa_family) { 706 #ifdef INET 707 case AF_INET: 708 { 709 struct in_addr addr; 710 addr = ((const struct sockaddr_in *)sa)->sin_addr; 711 if (IN_LOOPBACK(addr.s_addr)) 712 addr_scope = RT_SCOPE_HOST; 713 else if (IN_LINKLOCAL(addr.s_addr)) 714 addr_scope = RT_SCOPE_LINK; 715 break; 716 } 717 #endif 718 #ifdef INET6 719 case AF_INET6: 720 { 721 const struct in6_addr *addr; 722 addr = &((const struct sockaddr_in6 *)sa)->sin6_addr; 723 if (IN6_IS_ADDR_LOOPBACK(addr)) 724 addr_scope = RT_SCOPE_HOST; 725 else if (IN6_IS_ADDR_LINKLOCAL(addr)) 726 addr_scope = RT_SCOPE_LINK; 727 break; 728 } 729 #endif 730 } 731 732 return (addr_scope); 733 } 734 735 static uint8_t 736 inet6_get_plen(const struct in6_addr *addr) 737 { 738 739 return (bitcount32(addr->s6_addr32[0]) + bitcount32(addr->s6_addr32[1]) + 740 bitcount32(addr->s6_addr32[2]) + bitcount32(addr->s6_addr32[3])); 741 } 742 743 static uint8_t 744 get_sa_plen(const struct sockaddr *sa) 745 { 746 #ifdef INET 747 const struct in_addr *paddr; 748 #endif 749 #ifdef INET6 750 const struct in6_addr *paddr6; 751 #endif 752 753 switch (sa->sa_family) { 754 #ifdef INET 755 case AF_INET: 756 paddr = &(((const struct sockaddr_in *)sa)->sin_addr); 757 return bitcount32(paddr->s_addr);; 758 #endif 759 #ifdef INET6 760 case AF_INET6: 761 paddr6 = &(((const struct sockaddr_in6 *)sa)->sin6_addr); 762 return inet6_get_plen(paddr6); 763 #endif 764 } 765 766 return (0); 767 } 768 769 770 /* 771 * {'attrs': [('IFA_ADDRESS', '12.0.0.1'), 772 ('IFA_LOCAL', '12.0.0.1'), 773 ('IFA_LABEL', 'eth10'), 774 ('IFA_FLAGS', 128), 775 ('IFA_CACHEINFO', {'ifa_preferred': 4294967295, 'ifa_valid': 4294967295, 'cstamp': 63745746, 'tstamp': 63745746})], 776 */ 777 static bool 778 dump_iface_addr(struct nl_writer *nw, struct ifnet *ifp, struct ifaddr *ifa, 779 const struct nlmsghdr *hdr) 780 { 781 struct ifaddrmsg *ifamsg; 782 struct sockaddr *sa = ifa->ifa_addr; 783 784 NL_LOG(LOG_DEBUG3, "dumping ifa %p type %s(%d) for interface %s", 785 ifa, rib_print_family(sa->sa_family), sa->sa_family, if_name(ifp)); 786 787 if (!nlmsg_reply(nw, hdr, sizeof(struct ifaddrmsg))) 788 goto enomem; 789 790 ifamsg = nlmsg_reserve_object(nw, struct ifaddrmsg); 791 ifamsg->ifa_family = sa->sa_family; 792 ifamsg->ifa_prefixlen = get_sa_plen(ifa->ifa_netmask); 793 ifamsg->ifa_flags = 0; // ifa_flags is useless 794 ifamsg->ifa_scope = ifa_get_scope(ifa); 795 ifamsg->ifa_index = ifp->if_index; 796 797 if (ifp->if_flags & IFF_POINTOPOINT) { 798 dump_sa(nw, IFA_ADDRESS, ifa->ifa_dstaddr); 799 dump_sa(nw, IFA_LOCAL, sa); 800 } else { 801 dump_sa(nw, IFA_ADDRESS, sa); 802 #ifdef INET 803 /* 804 * In most cases, IFA_ADDRESS == IFA_LOCAL 805 * Skip IFA_LOCAL for anything except INET 806 */ 807 if (sa->sa_family == AF_INET) 808 dump_sa(nw, IFA_LOCAL, sa); 809 #endif 810 } 811 if (ifp->if_flags & IFF_BROADCAST) 812 dump_sa(nw, IFA_BROADCAST, ifa->ifa_broadaddr); 813 814 nlattr_add_string(nw, IFA_LABEL, if_name(ifp)); 815 816 uint32_t val = 0; // ifa->ifa_flags; 817 nlattr_add_u32(nw, IFA_FLAGS, val); 818 819 if (nlmsg_end(nw)) 820 return (true); 821 enomem: 822 NL_LOG(LOG_DEBUG, "Failed to dump ifa type %s(%d) for interface %s", 823 rib_print_family(sa->sa_family), sa->sa_family, if_name(ifp)); 824 nlmsg_abort(nw); 825 return (false); 826 } 827 828 static int 829 dump_iface_addrs(struct netlink_walkargs *wa, struct ifnet *ifp) 830 { 831 struct ifaddr *ifa; 832 833 CK_STAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { 834 if (wa->family != 0 && wa->family != ifa->ifa_addr->sa_family) 835 continue; 836 if (ifa->ifa_addr->sa_family == AF_LINK) 837 continue; 838 if (prison_if(wa->cred, ifa->ifa_addr) != 0) 839 continue; 840 wa->count++; 841 if (!dump_iface_addr(wa->nw, ifp, ifa, &wa->hdr)) 842 return (ENOMEM); 843 wa->dumped++; 844 } 845 846 return (0); 847 } 848 849 static int 850 rtnl_handle_getaddr(struct nlmsghdr *hdr, struct nlpcb *nlp, struct nl_pstate *npt) 851 { 852 struct ifnet *ifp; 853 int error = 0; 854 855 struct nl_parsed_ifa attrs = {}; 856 error = nl_parse_nlmsg(hdr, &ifaddrmsg_parser, npt, &attrs); 857 if (error != 0) 858 return (error); 859 860 struct netlink_walkargs wa = { 861 .so = nlp, 862 .nw = npt->nw, 863 .cred = nlp_get_cred(nlp), 864 .family = attrs.ifa_family, 865 .hdr.nlmsg_pid = hdr->nlmsg_pid, 866 .hdr.nlmsg_seq = hdr->nlmsg_seq, 867 .hdr.nlmsg_flags = hdr->nlmsg_flags | NLM_F_MULTI, 868 .hdr.nlmsg_type = NL_RTM_NEWADDR, 869 }; 870 871 NL_LOG(LOG_DEBUG2, "Start dump"); 872 873 if (attrs.ifa_index != 0) { 874 ifp = ifnet_byindex(attrs.ifa_index); 875 if (ifp == NULL) 876 error = ENOENT; 877 else 878 error = dump_iface_addrs(&wa, ifp); 879 } else { 880 CK_STAILQ_FOREACH(ifp, &V_ifnet, if_link) { 881 error = dump_iface_addrs(&wa, ifp); 882 if (error != 0) 883 break; 884 } 885 } 886 887 NL_LOG(LOG_DEBUG2, "End dump, iterated %d dumped %d", wa.count, wa.dumped); 888 889 if (!nlmsg_end_dump(wa.nw, error, &wa.hdr)) { 890 NL_LOG(LOG_DEBUG, "Unable to finalize the dump"); 891 return (ENOMEM); 892 } 893 894 return (error); 895 } 896 897 static void 898 rtnl_handle_ifaddr(void *arg __unused, struct ifaddr *ifa, int cmd) 899 { 900 struct nlmsghdr hdr = {}; 901 struct nl_writer nw = {}; 902 uint32_t group = 0; 903 904 switch (ifa->ifa_addr->sa_family) { 905 #ifdef INET 906 case AF_INET: 907 group = RTNLGRP_IPV4_IFADDR; 908 break; 909 #endif 910 #ifdef INET6 911 case AF_INET6: 912 group = RTNLGRP_IPV6_IFADDR; 913 break; 914 #endif 915 default: 916 NL_LOG(LOG_DEBUG2, "ifa notification for unknown AF: %d", 917 ifa->ifa_addr->sa_family); 918 return; 919 } 920 921 if (!nl_has_listeners(NETLINK_ROUTE, group)) 922 return; 923 924 if (!nlmsg_get_group_writer(&nw, NLMSG_LARGE, NETLINK_ROUTE, group)) { 925 NL_LOG(LOG_DEBUG, "error allocating group writer"); 926 return; 927 } 928 929 hdr.nlmsg_type = (cmd == RTM_DELETE) ? NL_RTM_DELADDR : NL_RTM_NEWADDR; 930 931 dump_iface_addr(&nw, ifa->ifa_ifp, ifa, &hdr); 932 nlmsg_flush(&nw); 933 } 934 935 static void 936 rtnl_handle_ifevent(struct ifnet *ifp, int nlmsg_type, int if_flags_mask) 937 { 938 struct nlmsghdr hdr = { .nlmsg_type = nlmsg_type }; 939 struct nl_writer nw = {}; 940 941 if (!nl_has_listeners(NETLINK_ROUTE, RTNLGRP_LINK)) 942 return; 943 944 if (!nlmsg_get_group_writer(&nw, NLMSG_LARGE, NETLINK_ROUTE, RTNLGRP_LINK)) { 945 NL_LOG(LOG_DEBUG, "error allocating mbuf"); 946 return; 947 } 948 dump_iface(&nw, ifp, &hdr, if_flags_mask); 949 nlmsg_flush(&nw); 950 } 951 952 static void 953 rtnl_handle_ifattach(void *arg, struct ifnet *ifp) 954 { 955 NL_LOG(LOG_DEBUG2, "ifnet %s", if_name(ifp)); 956 rtnl_handle_ifevent(ifp, NL_RTM_NEWLINK, 0); 957 } 958 959 static void 960 rtnl_handle_ifdetach(void *arg, struct ifnet *ifp) 961 { 962 NL_LOG(LOG_DEBUG2, "ifnet %s", if_name(ifp)); 963 rtnl_handle_ifevent(ifp, NL_RTM_DELLINK, 0); 964 } 965 966 static void 967 rtnl_handle_iflink(void *arg, struct ifnet *ifp) 968 { 969 NL_LOG(LOG_DEBUG2, "ifnet %s", if_name(ifp)); 970 rtnl_handle_ifevent(ifp, NL_RTM_NEWLINK, 0); 971 } 972 973 void 974 rtnl_handle_ifnet_event(struct ifnet *ifp, int if_flags_mask) 975 { 976 NL_LOG(LOG_DEBUG2, "ifnet %s", if_name(ifp)); 977 rtnl_handle_ifevent(ifp, NL_RTM_NEWLINK, if_flags_mask); 978 } 979 980 static const struct rtnl_cmd_handler cmd_handlers[] = { 981 { 982 .cmd = NL_RTM_GETLINK, 983 .name = "RTM_GETLINK", 984 .cb = &rtnl_handle_getlink, 985 .flags = RTNL_F_NOEPOCH | RTNL_F_ALLOW_NONVNET_JAIL, 986 }, 987 { 988 .cmd = NL_RTM_DELLINK, 989 .name = "RTM_DELLINK", 990 .cb = &rtnl_handle_dellink, 991 .priv = PRIV_NET_IFDESTROY, 992 .flags = RTNL_F_NOEPOCH, 993 }, 994 { 995 .cmd = NL_RTM_NEWLINK, 996 .name = "RTM_NEWLINK", 997 .cb = &rtnl_handle_newlink, 998 .priv = PRIV_NET_IFCREATE, 999 .flags = RTNL_F_NOEPOCH, 1000 }, 1001 { 1002 .cmd = NL_RTM_GETADDR, 1003 .name = "RTM_GETADDR", 1004 .cb = &rtnl_handle_getaddr, 1005 .flags = RTNL_F_ALLOW_NONVNET_JAIL, 1006 }, 1007 { 1008 .cmd = NL_RTM_NEWADDR, 1009 .name = "RTM_NEWADDR", 1010 .cb = &rtnl_handle_getaddr, 1011 }, 1012 { 1013 .cmd = NL_RTM_DELADDR, 1014 .name = "RTM_DELADDR", 1015 .cb = &rtnl_handle_getaddr, 1016 }, 1017 }; 1018 1019 static const struct nlhdr_parser *all_parsers[] = { &ifmsg_parser, &ifaddrmsg_parser }; 1020 1021 void 1022 rtnl_iface_add_cloner(struct nl_cloner *cloner) 1023 { 1024 sx_xlock(&rtnl_cloner_lock); 1025 SLIST_INSERT_HEAD(&nl_cloners, cloner, next); 1026 sx_xunlock(&rtnl_cloner_lock); 1027 } 1028 1029 void 1030 rtnl_iface_del_cloner(struct nl_cloner *cloner) 1031 { 1032 sx_xlock(&rtnl_cloner_lock); 1033 SLIST_REMOVE(&nl_cloners, cloner, nl_cloner, next); 1034 sx_xunlock(&rtnl_cloner_lock); 1035 } 1036 1037 static struct nl_cloner * 1038 rtnl_iface_find_cloner_locked(const char *name) 1039 { 1040 struct nl_cloner *cloner; 1041 1042 SLIST_FOREACH(cloner, &nl_cloners, next) { 1043 if (!strcmp(name, cloner->name)) 1044 return (cloner); 1045 } 1046 1047 return (NULL); 1048 } 1049 1050 void 1051 rtnl_ifaces_init(void) 1052 { 1053 ifattach_event = EVENTHANDLER_REGISTER( 1054 ifnet_arrival_event, rtnl_handle_ifattach, NULL, 1055 EVENTHANDLER_PRI_ANY); 1056 ifdetach_event = EVENTHANDLER_REGISTER( 1057 ifnet_departure_event, rtnl_handle_ifdetach, NULL, 1058 EVENTHANDLER_PRI_ANY); 1059 ifaddr_event = EVENTHANDLER_REGISTER( 1060 rt_addrmsg, rtnl_handle_ifaddr, NULL, 1061 EVENTHANDLER_PRI_ANY); 1062 iflink_event = EVENTHANDLER_REGISTER( 1063 ifnet_link_event, rtnl_handle_iflink, NULL, 1064 EVENTHANDLER_PRI_ANY); 1065 NL_VERIFY_PARSERS(all_parsers); 1066 rtnl_iface_drivers_register(); 1067 rtnl_register_messages(cmd_handlers, NL_ARRAY_LEN(cmd_handlers)); 1068 } 1069 1070 void 1071 rtnl_ifaces_destroy(void) 1072 { 1073 EVENTHANDLER_DEREGISTER(ifnet_arrival_event, ifattach_event); 1074 EVENTHANDLER_DEREGISTER(ifnet_departure_event, ifdetach_event); 1075 EVENTHANDLER_DEREGISTER(rt_addrmsg, ifaddr_event); 1076 EVENTHANDLER_DEREGISTER(ifnet_link_event, iflink_event); 1077 } 1078