xref: /freebsd/sys/netlink/route/iface.c (revision edf8578117e8844e02c0121147f45e4609b30680)
1 /*-
2  * SPDX-License-Identifier: BSD-2-Clause
3  *
4  * Copyright (c) 2022 Alexander V. Chernikov <melifaro@FreeBSD.org>
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  * 1. Redistributions of source code must retain the above copyright
10  *    notice, this list of conditions and the following disclaimer.
11  * 2. Redistributions in binary form must reproduce the above copyright
12  *    notice, this list of conditions and the following disclaimer in the
13  *    documentation and/or other materials provided with the distribution.
14  *
15  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18  * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25  * SUCH DAMAGE.
26  */
27 
28 #include "opt_netlink.h"
29 
30 #include <sys/cdefs.h>
31 #include "opt_inet.h"
32 #include "opt_inet6.h"
33 #include <sys/types.h>
34 #include <sys/eventhandler.h>
35 #include <sys/kernel.h>
36 #include <sys/jail.h>
37 #include <sys/malloc.h>
38 #include <sys/socket.h>
39 #include <sys/sockio.h>
40 #include <sys/syslog.h>
41 
42 #include <net/if.h>
43 #include <net/if_dl.h>
44 #include <net/if_media.h>
45 #include <net/if_var.h>
46 #include <net/if_clone.h>
47 #include <net/route.h>
48 #include <net/route/nhop.h>
49 #include <net/route/route_ctl.h>
50 #include <netinet/in_var.h>
51 #include <netinet6/in6_var.h>
52 #include <netinet6/scope6_var.h> /* scope deembedding */
53 #include <netlink/netlink.h>
54 #include <netlink/netlink_ctl.h>
55 #include <netlink/netlink_route.h>
56 #include <netlink/route/route_var.h>
57 
58 #define	DEBUG_MOD_NAME	nl_iface
59 #define	DEBUG_MAX_LEVEL	LOG_DEBUG3
60 #include <netlink/netlink_debug.h>
61 _DECLARE_DEBUG(LOG_INFO);
62 
63 struct netlink_walkargs {
64 	struct nl_writer *nw;
65 	struct nlmsghdr hdr;
66 	struct nlpcb *so;
67 	struct ucred *cred;
68 	uint32_t fibnum;
69 	int family;
70 	int error;
71 	int count;
72 	int dumped;
73 };
74 
75 static eventhandler_tag ifdetach_event, ifattach_event, iflink_event, ifaddr_event;
76 
77 static SLIST_HEAD(, nl_cloner) nl_cloners = SLIST_HEAD_INITIALIZER(nl_cloners);
78 
79 static struct sx rtnl_cloner_lock;
80 SX_SYSINIT(rtnl_cloner_lock, &rtnl_cloner_lock, "rtnl cloner lock");
81 
82 /* These are external hooks for CARP. */
83 extern int	(*carp_get_vhid_p)(struct ifaddr *);
84 
85 /*
86  * RTM_GETLINK request
87  * sendto(3, {{len=32, type=RTM_GETLINK, flags=NLM_F_REQUEST|NLM_F_DUMP, seq=1641940952, pid=0},
88  *  {ifi_family=AF_INET, ifi_type=ARPHRD_NETROM, ifi_index=0, ifi_flags=0, ifi_change=0}}, 32, 0, NULL, 0) = 32
89  *
90  * Reply:
91  * {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_ETHER, ifi_index=if_nametoindex("enp0s31f6"), ifi_flags=IFF_UP|IFF_BROADCAST|IFF_RUNNING|IFF_MULTICAST|IFF_LOWER_UP, ifi_change=0},
92 {{nla_len=10, nla_type=IFLA_ADDRESS}, "\xfe\x54\x00\x52\x3e\x90"}
93 
94 [
95 {{nla_len=14, nla_type=IFLA_IFNAME}, "enp0s31f6"},
96 {{nla_len=8, nla_type=IFLA_TXQLEN}, 1000},
97 {{nla_len=5, nla_type=IFLA_OPERSTATE}, 6},
98 {{nla_len=5, nla_type=IFLA_LINKMODE}, 0},
99 {{nla_len=8, nla_type=IFLA_MTU}, 1500},
100 {{nla_len=8, nla_type=IFLA_MIN_MTU}, 68},
101  {{nla_len=8, nla_type=IFLA_MAX_MTU}, 9000},
102 {{nla_len=8, nla_type=IFLA_GROUP}, 0},
103 {{nla_len=8, nla_type=IFLA_PROMISCUITY}, 0},
104 {{nla_len=8, nla_type=IFLA_NUM_TX_QUEUES}, 1},
105 {{nla_len=8, nla_type=IFLA_GSO_MAX_SEGS}, 65535},
106 {{nla_len=8, nla_type=IFLA_GSO_MAX_SIZE}, 65536},
107 {{nla_len=8, nla_type=IFLA_NUM_RX_QUEUES}, 1},
108 {{nla_len=5, nla_type=IFLA_CARRIER}, 1},
109 {{nla_len=13, nla_type=IFLA_QDISC}, "fq_codel"},
110 {{nla_len=8, nla_type=IFLA_CARRIER_CHANGES}, 2},
111 {{nla_len=5, nla_type=IFLA_PROTO_DOWN}, 0},
112 {{nla_len=8, nla_type=IFLA_CARRIER_UP_COUNT}, 1},
113 {{nla_len=8, nla_type=IFLA_CARRIER_DOWN_COUNT}, 1},
114  */
115 
116 struct if_state {
117 	uint8_t		ifla_operstate;
118 	uint8_t		ifla_carrier;
119 };
120 
121 static void
122 get_operstate_ether(if_t ifp, struct if_state *pstate)
123 {
124 	struct ifmediareq ifmr = {};
125 	int error;
126 	error = if_ioctl(ifp, SIOCGIFMEDIA, (void *)&ifmr);
127 
128 	if (error != 0) {
129 		NL_LOG(LOG_DEBUG, "error calling SIOCGIFMEDIA on %s: %d",
130 		    if_name(ifp), error);
131 		return;
132 	}
133 
134 	switch (IFM_TYPE(ifmr.ifm_active)) {
135 	case IFM_ETHER:
136 		if (ifmr.ifm_status & IFM_ACTIVE) {
137 			pstate->ifla_carrier = 1;
138 			if (if_getflags(ifp) & IFF_MONITOR)
139 				pstate->ifla_operstate = IF_OPER_DORMANT;
140 			else
141 				pstate->ifla_operstate = IF_OPER_UP;
142 		} else
143 			pstate->ifla_operstate = IF_OPER_DOWN;
144 	}
145 }
146 
147 static bool
148 get_stats(struct nl_writer *nw, if_t ifp)
149 {
150 	struct rtnl_link_stats64 *stats;
151 
152 	int nla_len = sizeof(struct nlattr) + sizeof(*stats);
153 	struct nlattr *nla = nlmsg_reserve_data(nw, nla_len, struct nlattr);
154 	if (nla == NULL)
155 		return (false);
156 	nla->nla_type = IFLA_STATS64;
157 	nla->nla_len = nla_len;
158 	stats = (struct rtnl_link_stats64 *)(nla + 1);
159 
160 	stats->rx_packets = if_getcounter(ifp, IFCOUNTER_IPACKETS);
161 	stats->tx_packets = if_getcounter(ifp, IFCOUNTER_OPACKETS);
162 	stats->rx_bytes = if_getcounter(ifp, IFCOUNTER_IBYTES);
163 	stats->tx_bytes = if_getcounter(ifp, IFCOUNTER_OBYTES);
164 	stats->rx_errors = if_getcounter(ifp, IFCOUNTER_IERRORS);
165 	stats->tx_errors = if_getcounter(ifp, IFCOUNTER_OERRORS);
166 	stats->rx_dropped = if_getcounter(ifp, IFCOUNTER_IQDROPS);
167 	stats->tx_dropped = if_getcounter(ifp, IFCOUNTER_OQDROPS);
168 	stats->multicast = if_getcounter(ifp, IFCOUNTER_IMCASTS);
169 	stats->rx_nohandler = if_getcounter(ifp, IFCOUNTER_NOPROTO);
170 
171 	return (true);
172 }
173 
174 static void
175 get_operstate(if_t ifp, struct if_state *pstate)
176 {
177 	pstate->ifla_operstate = IF_OPER_UNKNOWN;
178 	pstate->ifla_carrier = 0; /* no carrier */
179 
180 	switch (if_gettype(ifp)) {
181 	case IFT_ETHER:
182 	case IFT_L2VLAN:
183 		get_operstate_ether(ifp, pstate);
184 		break;
185 	default:
186 		/* Map admin state to the operstate */
187 		if (if_getflags(ifp) & IFF_UP) {
188 			pstate->ifla_operstate = IF_OPER_UP;
189 			pstate->ifla_carrier = 1;
190 		} else
191 			pstate->ifla_operstate = IF_OPER_DOWN;
192 		break;
193 	}
194 }
195 
196 static void
197 get_hwaddr(struct nl_writer *nw, if_t ifp)
198 {
199 	struct ifreq ifr = {};
200 
201 	if (if_gethwaddr(ifp, &ifr) == 0) {
202 		nlattr_add(nw, IFLAF_ORIG_HWADDR, if_getaddrlen(ifp),
203 		    ifr.ifr_addr.sa_data);
204 	}
205 }
206 
207 static unsigned
208 ifp_flags_to_netlink(const if_t ifp)
209 {
210         return (if_getflags(ifp) | if_getdrvflags(ifp));
211 }
212 
213 #define LLADDR_CONST(s) ((const void *)((s)->sdl_data + (s)->sdl_nlen))
214 static bool
215 dump_sa(struct nl_writer *nw, int attr, const struct sockaddr *sa)
216 {
217         uint32_t addr_len = 0;
218         const void *addr_data = NULL;
219 #ifdef INET6
220         struct in6_addr addr6;
221 #endif
222 
223         if (sa == NULL)
224                 return (true);
225 
226         switch (sa->sa_family) {
227 #ifdef INET
228         case AF_INET:
229                 addr_len = sizeof(struct in_addr);
230                 addr_data = &((const struct sockaddr_in *)sa)->sin_addr;
231                 break;
232 #endif
233 #ifdef INET6
234         case AF_INET6:
235                 in6_splitscope(&((const struct sockaddr_in6 *)sa)->sin6_addr, &addr6, &addr_len);
236                 addr_len = sizeof(struct in6_addr);
237                 addr_data = &addr6;
238                 break;
239 #endif
240         case AF_LINK:
241                 addr_len = ((const struct sockaddr_dl *)sa)->sdl_alen;
242                 addr_data = LLADDR_CONST((const struct sockaddr_dl *)sa);
243                 break;
244 	case AF_UNSPEC:
245 		/* Ignore empty SAs without warning */
246 		return (true);
247         default:
248                 NL_LOG(LOG_DEBUG2, "unsupported family: %d, skipping", sa->sa_family);
249                 return (true);
250         }
251 
252         return (nlattr_add(nw, attr, addr_len, addr_data));
253 }
254 
255 static bool
256 dump_iface_caps(struct nl_writer *nw, struct ifnet *ifp)
257 {
258 	int off = nlattr_add_nested(nw, IFLAF_CAPS);
259 	uint32_t active_caps[roundup2(IFCAP_B_SIZE, 32) / 32] = {};
260 	uint32_t all_caps[roundup2(IFCAP_B_SIZE, 32) / 32] = {};
261 
262 	MPASS(sizeof(active_caps) >= 8);
263 	MPASS(sizeof(all_caps) >= 8);
264 
265 	if (off == 0)
266 		return (false);
267 
268 	active_caps[0] = (uint32_t)if_getcapabilities(ifp);
269 	all_caps[0] = (uint32_t)if_getcapenable(ifp);
270 	active_caps[1] = (uint32_t)if_getcapabilities2(ifp);
271 	all_caps[1] = (uint32_t)if_getcapenable2(ifp);
272 
273 	nlattr_add_u32(nw, NLA_BITSET_SIZE, IFCAP_B_SIZE);
274 	nlattr_add(nw, NLA_BITSET_MASK, sizeof(all_caps), all_caps);
275 	nlattr_add(nw, NLA_BITSET_VALUE, sizeof(active_caps), active_caps);
276 
277 	nlattr_set_len(nw, off);
278 
279 	return (true);
280 }
281 
282 /*
283  * Dumps interface state, properties and metrics.
284  * @nw: message writer
285  * @ifp: target interface
286  * @hdr: template header
287  * @if_flags_mask: changed if_[drv]_flags bitmask
288  *
289  * This function is called without epoch and MAY sleep.
290  */
291 static bool
292 dump_iface(struct nl_writer *nw, if_t ifp, const struct nlmsghdr *hdr,
293     int if_flags_mask)
294 {
295 	struct epoch_tracker et;
296         struct ifinfomsg *ifinfo;
297 
298         NL_LOG(LOG_DEBUG3, "dumping interface %s data", if_name(ifp));
299 
300 	if (!nlmsg_reply(nw, hdr, sizeof(struct ifinfomsg)))
301 		goto enomem;
302 
303         ifinfo = nlmsg_reserve_object(nw, struct ifinfomsg);
304         ifinfo->ifi_family = AF_UNSPEC;
305         ifinfo->__ifi_pad = 0;
306         ifinfo->ifi_type = if_gettype(ifp);
307         ifinfo->ifi_index = if_getindex(ifp);
308         ifinfo->ifi_flags = ifp_flags_to_netlink(ifp);
309         ifinfo->ifi_change = if_flags_mask;
310 
311 	struct if_state ifs = {};
312 	get_operstate(ifp, &ifs);
313 
314 	if (ifs.ifla_operstate == IF_OPER_UP)
315 		ifinfo->ifi_flags |= IFF_LOWER_UP;
316 
317         nlattr_add_string(nw, IFLA_IFNAME, if_name(ifp));
318         nlattr_add_u8(nw, IFLA_OPERSTATE, ifs.ifla_operstate);
319         nlattr_add_u8(nw, IFLA_CARRIER, ifs.ifla_carrier);
320 
321 /*
322         nlattr_add_u8(nw, IFLA_PROTO_DOWN, val);
323         nlattr_add_u8(nw, IFLA_LINKMODE, val);
324 */
325 	if (if_getaddrlen(ifp) != 0) {
326 		struct ifaddr *ifa;
327 
328 		NET_EPOCH_ENTER(et);
329 		ifa = CK_STAILQ_FIRST(&ifp->if_addrhead);
330 		if (ifa != NULL)
331 			dump_sa(nw, IFLA_ADDRESS, ifa->ifa_addr);
332 		NET_EPOCH_EXIT(et);
333 	}
334 
335         if ((if_getbroadcastaddr(ifp) != NULL)) {
336 		nlattr_add(nw, IFLA_BROADCAST, if_getaddrlen(ifp),
337 		    if_getbroadcastaddr(ifp));
338         }
339 
340         nlattr_add_u32(nw, IFLA_MTU, if_getmtu(ifp));
341 /*
342         nlattr_add_u32(nw, IFLA_MIN_MTU, 60);
343         nlattr_add_u32(nw, IFLA_MAX_MTU, 9000);
344         nlattr_add_u32(nw, IFLA_GROUP, 0);
345 */
346 
347 	if (if_getdescr(ifp) != NULL)
348 		nlattr_add_string(nw, IFLA_IFALIAS, if_getdescr(ifp));
349 
350 	/* Store FreeBSD-specific attributes */
351 	int off = nlattr_add_nested(nw, IFLA_FREEBSD);
352 	if (off != 0) {
353 		get_hwaddr(nw, ifp);
354 		dump_iface_caps(nw, ifp);
355 
356 		nlattr_set_len(nw, off);
357 	}
358 
359 	get_stats(nw, ifp);
360 
361 	uint32_t val = (if_getflags(ifp) & IFF_PROMISC) != 0;
362         nlattr_add_u32(nw, IFLA_PROMISCUITY, val);
363 
364 	ifc_dump_ifp_nl(ifp, nw);
365 
366         if (nlmsg_end(nw))
367 		return (true);
368 
369 enomem:
370         NL_LOG(LOG_DEBUG, "unable to dump interface %s state (ENOMEM)", if_name(ifp));
371         nlmsg_abort(nw);
372         return (false);
373 }
374 
375 static bool
376 check_ifmsg(void *hdr, struct nl_pstate *npt)
377 {
378 	struct ifinfomsg *ifm = hdr;
379 
380 	if (ifm->__ifi_pad != 0 || ifm->ifi_type != 0 ||
381 	    ifm->ifi_flags != 0 || ifm->ifi_change != 0) {
382 		nlmsg_report_err_msg(npt,
383 		    "strict checking: non-zero values in ifinfomsg header");
384 		return (false);
385 	}
386 
387 	return (true);
388 }
389 
390 #define	_IN(_field)	offsetof(struct ifinfomsg, _field)
391 #define	_OUT(_field)	offsetof(struct nl_parsed_link, _field)
392 static const struct nlfield_parser nlf_p_if[] = {
393 	{ .off_in = _IN(ifi_type), .off_out = _OUT(ifi_type), .cb = nlf_get_u16 },
394 	{ .off_in = _IN(ifi_index), .off_out = _OUT(ifi_index), .cb = nlf_get_u32 },
395 	{ .off_in = _IN(ifi_flags), .off_out = _OUT(ifi_flags), .cb = nlf_get_u32 },
396 	{ .off_in = _IN(ifi_change), .off_out = _OUT(ifi_change), .cb = nlf_get_u32 },
397 };
398 
399 static const struct nlattr_parser nla_p_linfo[] = {
400 	{ .type = IFLA_INFO_KIND, .off = _OUT(ifla_cloner), .cb = nlattr_get_stringn },
401 	{ .type = IFLA_INFO_DATA, .off = _OUT(ifla_idata), .cb = nlattr_get_nla },
402 };
403 NL_DECLARE_ATTR_PARSER(linfo_parser, nla_p_linfo);
404 
405 static const struct nlattr_parser nla_p_if[] = {
406 	{ .type = IFLA_IFNAME, .off = _OUT(ifla_ifname), .cb = nlattr_get_string },
407 	{ .type = IFLA_MTU, .off = _OUT(ifla_mtu), .cb = nlattr_get_uint32 },
408 	{ .type = IFLA_LINK, .off = _OUT(ifla_link), .cb = nlattr_get_uint32 },
409 	{ .type = IFLA_LINKINFO, .arg = &linfo_parser, .cb = nlattr_get_nested },
410 	{ .type = IFLA_IFALIAS, .off = _OUT(ifla_ifalias), .cb = nlattr_get_string },
411 	{ .type = IFLA_GROUP, .off = _OUT(ifla_group), .cb = nlattr_get_string },
412 	{ .type = IFLA_ALT_IFNAME, .off = _OUT(ifla_ifname), .cb = nlattr_get_string },
413 };
414 #undef _IN
415 #undef _OUT
416 NL_DECLARE_STRICT_PARSER(ifmsg_parser, struct ifinfomsg, check_ifmsg, nlf_p_if, nla_p_if);
417 
418 static bool
419 match_iface(if_t ifp, void *_arg)
420 {
421 	struct nl_parsed_link *attrs = (struct nl_parsed_link *)_arg;
422 
423 	if (attrs->ifi_index != 0 && attrs->ifi_index != if_getindex(ifp))
424 		return (false);
425 	if (attrs->ifi_type != 0 && attrs->ifi_index != if_gettype(ifp))
426 		return (false);
427 	if (attrs->ifla_ifname != NULL && strcmp(attrs->ifla_ifname, if_name(ifp)))
428 		return (false);
429 	/* TODO: add group match */
430 
431 	return (true);
432 }
433 
434 static int
435 dump_cb(if_t ifp, void *_arg)
436 {
437 	struct netlink_walkargs *wa = (struct netlink_walkargs *)_arg;
438 	if (!dump_iface(wa->nw, ifp, &wa->hdr, 0))
439 		return (ENOMEM);
440 	return (0);
441 }
442 
443 /*
444  * {nlmsg_len=52, nlmsg_type=RTM_GETLINK, nlmsg_flags=NLM_F_REQUEST, nlmsg_seq=1662842818, nlmsg_pid=0},
445  *  {ifi_family=AF_PACKET, ifi_type=ARPHRD_NETROM, ifi_index=0, ifi_flags=0, ifi_change=0},
446  *   [
447  *    [{nla_len=10, nla_type=IFLA_IFNAME}, "vnet9"],
448  *    [{nla_len=8, nla_type=IFLA_EXT_MASK}, RTEXT_FILTER_VF]
449  *   ]
450  */
451 static int
452 rtnl_handle_getlink(struct nlmsghdr *hdr, struct nlpcb *nlp, struct nl_pstate *npt)
453 {
454 	struct epoch_tracker et;
455         if_t ifp;
456 	int error = 0;
457 
458 	struct nl_parsed_link attrs = {};
459 	error = nl_parse_nlmsg(hdr, &ifmsg_parser, npt, &attrs);
460 	if (error != 0)
461 		return (error);
462 
463 	struct netlink_walkargs wa = {
464 		.so = nlp,
465 		.nw = npt->nw,
466 		.hdr.nlmsg_pid = hdr->nlmsg_pid,
467 		.hdr.nlmsg_seq = hdr->nlmsg_seq,
468 		.hdr.nlmsg_flags = hdr->nlmsg_flags,
469 		.hdr.nlmsg_type = NL_RTM_NEWLINK,
470 	};
471 
472 	/* Fast track for an interface w/ explicit name or index match */
473 	if ((attrs.ifi_index != 0) || (attrs.ifla_ifname != NULL)) {
474 		if (attrs.ifi_index != 0) {
475 			NLP_LOG(LOG_DEBUG3, nlp, "fast track -> searching index %u",
476 			    attrs.ifi_index);
477 			NET_EPOCH_ENTER(et);
478 			ifp = ifnet_byindex_ref(attrs.ifi_index);
479 			NET_EPOCH_EXIT(et);
480 		} else {
481 			NLP_LOG(LOG_DEBUG3, nlp, "fast track -> searching name %s",
482 			    attrs.ifla_ifname);
483 			ifp = ifunit_ref(attrs.ifla_ifname);
484 		}
485 
486 		if (ifp != NULL) {
487 			if (match_iface(ifp, &attrs)) {
488 				if (!dump_iface(wa.nw, ifp, &wa.hdr, 0))
489 					error = ENOMEM;
490 			} else
491 				error = ENODEV;
492 			if_rele(ifp);
493 		} else
494 			error = ENODEV;
495 		return (error);
496 	}
497 
498 	/* Always treat non-direct-match as a multipart message */
499 	wa.hdr.nlmsg_flags |= NLM_F_MULTI;
500 
501 	/*
502 	 * Fetching some link properties require performing ioctl's that may be blocking.
503 	 * Address it by saving referenced pointers of the matching links,
504 	 * exiting from epoch and going through the list one-by-one.
505 	 */
506 
507 	NL_LOG(LOG_DEBUG2, "Start dump");
508 	if_foreach_sleep(match_iface, &attrs, dump_cb, &wa);
509 	NL_LOG(LOG_DEBUG2, "End dump, iterated %d dumped %d", wa.count, wa.dumped);
510 
511 	if (!nlmsg_end_dump(wa.nw, error, &wa.hdr)) {
512                 NL_LOG(LOG_DEBUG, "Unable to finalize the dump");
513                 return (ENOMEM);
514         }
515 
516 	return (error);
517 }
518 
519 /*
520  * sendmsg(3, {msg_name={sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, msg_namelen=12, msg_iov=[{iov_base=[
521  * {nlmsg_len=60, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=1662715618, nlmsg_pid=0},
522  *  {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=0, ifi_flags=0, ifi_change=0},
523  *   {nla_len=11, nla_type=IFLA_IFNAME}, "dummy0"],
524  *   [
525  *    {nla_len=16, nla_type=IFLA_LINKINFO},
526  *     [
527  *      {nla_len=9, nla_type=IFLA_INFO_KIND}, "dummy"...
528  *     ]
529  *    ]
530  */
531 
532 static int
533 rtnl_handle_dellink(struct nlmsghdr *hdr, struct nlpcb *nlp, struct nl_pstate *npt)
534 {
535 	struct epoch_tracker et;
536         if_t ifp;
537 	int error;
538 
539 	struct nl_parsed_link attrs = {};
540 	error = nl_parse_nlmsg(hdr, &ifmsg_parser, npt, &attrs);
541 	if (error != 0)
542 		return (error);
543 
544 	NET_EPOCH_ENTER(et);
545 	ifp = ifnet_byindex_ref(attrs.ifi_index);
546 	NET_EPOCH_EXIT(et);
547 	if (ifp == NULL) {
548 		NLP_LOG(LOG_DEBUG, nlp, "unable to find interface %u", attrs.ifi_index);
549 		return (ENOENT);
550 	}
551 	NLP_LOG(LOG_DEBUG3, nlp, "mapped ifindex %u to %s", attrs.ifi_index, if_name(ifp));
552 
553 	sx_xlock(&ifnet_detach_sxlock);
554 	error = if_clone_destroy(if_name(ifp));
555 	sx_xunlock(&ifnet_detach_sxlock);
556 
557 	NLP_LOG(LOG_DEBUG2, nlp, "deleting interface %s returned %d", if_name(ifp), error);
558 
559 	if_rele(ifp);
560 	return (error);
561 }
562 
563 /*
564  * New link:
565  * type=RTM_NEWLINK, flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, seq=1668185590, pid=0},
566  *   {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=0, ifi_flags=0, ifi_change=0}
567  *    [
568  *     {{nla_len=8, nla_type=IFLA_MTU}, 123},
569  *     {{nla_len=10, nla_type=IFLA_IFNAME}, "vlan1"},
570  *     {{nla_len=24, nla_type=IFLA_LINKINFO},
571  *      [
572  *       {{nla_len=8, nla_type=IFLA_INFO_KIND}, "vlan"...},
573  *       {{nla_len=12, nla_type=IFLA_INFO_DATA}, "\x06\x00\x01\x00\x7b\x00\x00\x00"}]}]}
574  *
575  * Update link:
576  * type=RTM_NEWLINK, flags=NLM_F_REQUEST|NLM_F_ACK, seq=1668185923, pid=0},
577  * {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=if_nametoindex("lo"), ifi_flags=0, ifi_change=0},
578  * {{nla_len=8, nla_type=IFLA_MTU}, 123}}
579  *
580  *
581  * Check command availability:
582  * type=RTM_NEWLINK, flags=NLM_F_REQUEST|NLM_F_ACK, seq=0, pid=0},
583  *  {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=0, ifi_flags=0, ifi_change=0}
584  */
585 
586 
587 static int
588 create_link(struct nlmsghdr *hdr, struct nl_parsed_link *lattrs,
589     struct nlattr_bmask *bm, struct nlpcb *nlp, struct nl_pstate *npt)
590 {
591 	if (lattrs->ifla_ifname == NULL || strlen(lattrs->ifla_ifname) == 0) {
592 		NLMSG_REPORT_ERR_MSG(npt, "empty IFLA_IFNAME attribute");
593 		return (EINVAL);
594 	}
595 	if (lattrs->ifla_cloner == NULL || strlen(lattrs->ifla_cloner) == 0) {
596 		NLMSG_REPORT_ERR_MSG(npt, "empty IFLA_INFO_KIND attribute");
597 		return (EINVAL);
598 	}
599 
600 	struct ifc_data_nl ifd = {
601 		.flags = IFC_F_CREATE,
602 		.lattrs = lattrs,
603 		.bm = bm,
604 		.npt = npt,
605 	};
606 	if (ifc_create_ifp_nl(lattrs->ifla_ifname, &ifd) && ifd.error == 0)
607 		nl_store_ifp_cookie(npt, ifd.ifp);
608 
609 	return (ifd.error);
610 }
611 
612 static int
613 modify_link(struct nlmsghdr *hdr, struct nl_parsed_link *lattrs,
614     struct nlattr_bmask *bm, struct nlpcb *nlp, struct nl_pstate *npt)
615 {
616 	if_t ifp = NULL;
617 	struct epoch_tracker et;
618 
619 	if (lattrs->ifi_index == 0 && lattrs->ifla_ifname == NULL) {
620 		/*
621 		 * Applications like ip(8) verify RTM_NEWLINK command
622 		 * existence by calling it with empty arguments. Always
623 		 * return "innocent" error in that case.
624 		 */
625 		NLMSG_REPORT_ERR_MSG(npt, "empty ifi_index field");
626 		return (EPERM);
627 	}
628 
629 	if (lattrs->ifi_index != 0) {
630 		NET_EPOCH_ENTER(et);
631 		ifp = ifnet_byindex_ref(lattrs->ifi_index);
632 		NET_EPOCH_EXIT(et);
633 		if (ifp == NULL) {
634 			NLMSG_REPORT_ERR_MSG(npt, "unable to find interface #%u",
635 			    lattrs->ifi_index);
636 			return (ENOENT);
637 		}
638 	}
639 
640 	if (ifp == NULL && lattrs->ifla_ifname != NULL) {
641 		ifp = ifunit_ref(lattrs->ifla_ifname);
642 		if (ifp == NULL) {
643 			NLMSG_REPORT_ERR_MSG(npt, "unable to find interface %s",
644 			    lattrs->ifla_ifname);
645 			return (ENOENT);
646 		}
647 	}
648 
649 	MPASS(ifp != NULL);
650 
651 	/*
652 	 * Modification request can address either
653 	 * 1) cloned interface, in which case we call the cloner-specific
654 	 *  modification routine
655 	 * or
656 	 * 2) non-cloned (e.g. "physical") interface, in which case we call
657 	 *  generic modification routine
658 	 */
659 	struct ifc_data_nl ifd = { .lattrs = lattrs, .bm = bm, .npt = npt };
660 	if (!ifc_modify_ifp_nl(ifp, &ifd))
661 		ifd.error = nl_modify_ifp_generic(ifp, lattrs, bm, npt);
662 
663 	if_rele(ifp);
664 
665 	return (ifd.error);
666 }
667 
668 
669 static int
670 rtnl_handle_newlink(struct nlmsghdr *hdr, struct nlpcb *nlp, struct nl_pstate *npt)
671 {
672 	struct nlattr_bmask bm;
673 	int error;
674 
675 	struct nl_parsed_link attrs = {};
676 	error = nl_parse_nlmsg(hdr, &ifmsg_parser, npt, &attrs);
677 	if (error != 0)
678 		return (error);
679 	nl_get_attrs_bmask_nlmsg(hdr, &ifmsg_parser, &bm);
680 
681 	if (hdr->nlmsg_flags & NLM_F_CREATE)
682 		return (create_link(hdr, &attrs, &bm, nlp, npt));
683 	else
684 		return (modify_link(hdr, &attrs, &bm, nlp, npt));
685 }
686 
687 static void
688 set_scope6(struct sockaddr *sa, uint32_t ifindex)
689 {
690 #ifdef INET6
691 	if (sa != NULL && sa->sa_family == AF_INET6) {
692 		struct sockaddr_in6 *sa6 = (struct sockaddr_in6 *)sa;
693 
694 		if (IN6_IS_ADDR_LINKLOCAL(&sa6->sin6_addr))
695 			in6_set_unicast_scopeid(&sa6->sin6_addr, ifindex);
696 	}
697 #endif
698 }
699 
700 static bool
701 check_sa_family(const struct sockaddr *sa, int family, const char *attr_name,
702     struct nl_pstate *npt)
703 {
704 	if (sa == NULL || sa->sa_family == family)
705 		return (true);
706 
707 	nlmsg_report_err_msg(npt, "wrong family for %s attribute: %d != %d",
708 	    attr_name, family, sa->sa_family);
709 	return (false);
710 }
711 
712 struct nl_parsed_ifa {
713 	uint8_t			ifa_family;
714 	uint8_t			ifa_prefixlen;
715 	uint8_t			ifa_scope;
716 	uint32_t		ifa_index;
717 	uint32_t		ifa_flags;
718 	uint32_t		ifaf_vhid;
719 	uint32_t		ifaf_flags;
720 	struct sockaddr		*ifa_address;
721 	struct sockaddr		*ifa_local;
722 	struct sockaddr		*ifa_broadcast;
723 	struct ifa_cacheinfo	*ifa_cacheinfo;
724 	struct sockaddr		*f_ifa_addr;
725 	struct sockaddr		*f_ifa_dst;
726 };
727 
728 static int
729 nlattr_get_cinfo(struct nlattr *nla, struct nl_pstate *npt,
730     const void *arg __unused, void *target)
731 {
732 	if (__predict_false(NLA_DATA_LEN(nla) != sizeof(struct ifa_cacheinfo))) {
733 		NLMSG_REPORT_ERR_MSG(npt, "nla type %d size(%u) is not ifa_cacheinfo",
734 		    nla->nla_type, NLA_DATA_LEN(nla));
735 		return (EINVAL);
736 	}
737 	*((struct ifa_cacheinfo **)target) = (struct ifa_cacheinfo *)NL_RTA_DATA(nla);
738 	return (0);
739 }
740 
741 #define	_IN(_field)	offsetof(struct ifaddrmsg, _field)
742 #define	_OUT(_field)	offsetof(struct nl_parsed_ifa, _field)
743 static const struct nlfield_parser nlf_p_ifa[] = {
744 	{ .off_in = _IN(ifa_family), .off_out = _OUT(ifa_family), .cb = nlf_get_u8 },
745 	{ .off_in = _IN(ifa_prefixlen), .off_out = _OUT(ifa_prefixlen), .cb = nlf_get_u8 },
746 	{ .off_in = _IN(ifa_scope), .off_out = _OUT(ifa_scope), .cb = nlf_get_u8 },
747 	{ .off_in = _IN(ifa_flags), .off_out = _OUT(ifa_flags), .cb = nlf_get_u8_u32 },
748 	{ .off_in = _IN(ifa_index), .off_out = _OUT(ifa_index), .cb = nlf_get_u32 },
749 };
750 
751 static const struct nlattr_parser nla_p_ifa_fbsd[] = {
752 	{ .type = IFAF_VHID, .off = _OUT(ifaf_vhid), .cb = nlattr_get_uint32 },
753 	{ .type = IFAF_FLAGS, .off = _OUT(ifaf_flags), .cb = nlattr_get_uint32 },
754 };
755 NL_DECLARE_ATTR_PARSER(ifa_fbsd_parser, nla_p_ifa_fbsd);
756 
757 static const struct nlattr_parser nla_p_ifa[] = {
758 	{ .type = IFA_ADDRESS, .off = _OUT(ifa_address), .cb = nlattr_get_ip },
759 	{ .type = IFA_LOCAL, .off = _OUT(ifa_local), .cb = nlattr_get_ip },
760 	{ .type = IFA_BROADCAST, .off = _OUT(ifa_broadcast), .cb = nlattr_get_ip },
761 	{ .type = IFA_CACHEINFO, .off = _OUT(ifa_cacheinfo), .cb = nlattr_get_cinfo },
762 	{ .type = IFA_FLAGS, .off = _OUT(ifa_flags), .cb = nlattr_get_uint32 },
763 	{ .type = IFA_FREEBSD, .arg = &ifa_fbsd_parser, .cb = nlattr_get_nested },
764 };
765 #undef _IN
766 #undef _OUT
767 
768 static bool
769 post_p_ifa(void *_attrs, struct nl_pstate *npt)
770 {
771 	struct nl_parsed_ifa *attrs = (struct nl_parsed_ifa *)_attrs;
772 
773 	if (!check_sa_family(attrs->ifa_address, attrs->ifa_family, "IFA_ADDRESS", npt))
774 		return (false);
775 	if (!check_sa_family(attrs->ifa_local, attrs->ifa_family, "IFA_LOCAL", npt))
776 		return (false);
777 	if (!check_sa_family(attrs->ifa_broadcast, attrs->ifa_family, "IFA_BROADADDR", npt))
778 		return (false);
779 
780 	set_scope6(attrs->ifa_address, attrs->ifa_index);
781 	set_scope6(attrs->ifa_local, attrs->ifa_index);
782 
783 	return (true);
784 }
785 
786 NL_DECLARE_PARSER_EXT(ifa_parser, struct ifaddrmsg, NULL, nlf_p_ifa, nla_p_ifa, post_p_ifa);
787 
788 
789 /*
790 
791 {ifa_family=AF_INET, ifa_prefixlen=8, ifa_flags=IFA_F_PERMANENT, ifa_scope=RT_SCOPE_HOST, ifa_index=if_nametoindex("lo")},
792  [
793         {{nla_len=8, nla_type=IFA_ADDRESS}, inet_addr("127.0.0.1")},
794         {{nla_len=8, nla_type=IFA_LOCAL}, inet_addr("127.0.0.1")},
795         {{nla_len=7, nla_type=IFA_LABEL}, "lo"},
796         {{nla_len=8, nla_type=IFA_FLAGS}, IFA_F_PERMANENT},
797         {{nla_len=20, nla_type=IFA_CACHEINFO}, {ifa_prefered=4294967295, ifa_valid=4294967295, cstamp=3619, tstamp=3619}}]},
798 ---
799 
800 {{len=72, type=RTM_NEWADDR, flags=NLM_F_MULTI, seq=1642191126, pid=566735},
801  {ifa_family=AF_INET6, ifa_prefixlen=96, ifa_flags=IFA_F_PERMANENT, ifa_scope=RT_SCOPE_UNIVERSE, ifa_index=if_nametoindex("virbr0")},
802    [
803     {{nla_len=20, nla_type=IFA_ADDRESS}, inet_pton(AF_INET6, "2a01:4f8:13a:70c:ffff::1")},
804    {{nla_len=20, nla_type=IFA_CACHEINFO}, {ifa_prefered=4294967295, ifa_valid=4294967295, cstamp=4283, tstamp=4283}},
805    {{nla_len=8, nla_type=IFA_FLAGS}, IFA_F_PERMANENT}]},
806 */
807 
808 static uint8_t
809 ifa_get_scope(const struct ifaddr *ifa)
810 {
811         const struct sockaddr *sa;
812         uint8_t addr_scope = RT_SCOPE_UNIVERSE;
813 
814         sa = ifa->ifa_addr;
815         switch (sa->sa_family) {
816 #ifdef INET
817         case AF_INET:
818                 {
819                         struct in_addr addr;
820                         addr = ((const struct sockaddr_in *)sa)->sin_addr;
821                         if (IN_LOOPBACK(addr.s_addr))
822                                 addr_scope = RT_SCOPE_HOST;
823                         else if (IN_LINKLOCAL(addr.s_addr))
824                                 addr_scope = RT_SCOPE_LINK;
825                         break;
826                 }
827 #endif
828 #ifdef INET6
829         case AF_INET6:
830                 {
831                         const struct in6_addr *addr;
832                         addr = &((const struct sockaddr_in6 *)sa)->sin6_addr;
833                         if (IN6_IS_ADDR_LOOPBACK(addr))
834                                 addr_scope = RT_SCOPE_HOST;
835                         else if (IN6_IS_ADDR_LINKLOCAL(addr))
836                                 addr_scope = RT_SCOPE_LINK;
837                         break;
838                 }
839 #endif
840         }
841 
842         return (addr_scope);
843 }
844 
845 #ifdef INET6
846 static uint8_t
847 inet6_get_plen(const struct in6_addr *addr)
848 {
849 
850 	return (bitcount32(addr->s6_addr32[0]) + bitcount32(addr->s6_addr32[1]) +
851 	    bitcount32(addr->s6_addr32[2]) + bitcount32(addr->s6_addr32[3]));
852 }
853 #endif
854 
855 static uint8_t
856 get_sa_plen(const struct sockaddr *sa)
857 {
858 #ifdef INET
859         const struct in_addr *paddr;
860 #endif
861 #ifdef INET6
862         const struct in6_addr *paddr6;
863 #endif
864 
865         switch (sa->sa_family) {
866 #ifdef INET
867         case AF_INET:
868                 paddr = &(((const struct sockaddr_in *)sa)->sin_addr);
869                 return bitcount32(paddr->s_addr);;
870 #endif
871 #ifdef INET6
872         case AF_INET6:
873                 paddr6 = &(((const struct sockaddr_in6 *)sa)->sin6_addr);
874                 return inet6_get_plen(paddr6);
875 #endif
876         }
877 
878         return (0);
879 }
880 
881 #ifdef INET6
882 static uint32_t
883 in6_flags_to_nl(uint32_t flags)
884 {
885 	uint32_t nl_flags = 0;
886 
887 	if (flags & IN6_IFF_TEMPORARY)
888 		nl_flags |= IFA_F_TEMPORARY;
889 	if (flags & IN6_IFF_NODAD)
890 		nl_flags |= IFA_F_NODAD;
891 	if (flags & IN6_IFF_DEPRECATED)
892 		nl_flags |= IFA_F_DEPRECATED;
893 	if (flags & IN6_IFF_TENTATIVE)
894 		nl_flags |= IFA_F_TENTATIVE;
895 	if ((flags & (IN6_IFF_AUTOCONF|IN6_IFF_TEMPORARY)) == 0)
896 		flags |= IFA_F_PERMANENT;
897 	if (flags & IN6_IFF_DUPLICATED)
898 		flags |= IFA_F_DADFAILED;
899 	return (nl_flags);
900 }
901 
902 static uint32_t
903 nl_flags_to_in6(uint32_t flags)
904 {
905 	uint32_t in6_flags = 0;
906 
907 	if (flags & IFA_F_TEMPORARY)
908 		in6_flags |= IN6_IFF_TEMPORARY;
909 	if (flags & IFA_F_NODAD)
910 		in6_flags |= IN6_IFF_NODAD;
911 	if (flags & IFA_F_DEPRECATED)
912 		in6_flags |= IN6_IFF_DEPRECATED;
913 	if (flags & IFA_F_TENTATIVE)
914 		in6_flags |= IN6_IFF_TENTATIVE;
915 	if (flags & IFA_F_DADFAILED)
916 		in6_flags |= IN6_IFF_DUPLICATED;
917 
918 	return (in6_flags);
919 }
920 
921 static void
922 export_cache_info6(struct nl_writer *nw, const struct in6_ifaddr *ia)
923 {
924 	struct ifa_cacheinfo ci = {
925 		.cstamp = ia->ia6_createtime * 1000,
926 		.tstamp = ia->ia6_updatetime * 1000,
927 		.ifa_prefered = ia->ia6_lifetime.ia6t_pltime,
928 		.ifa_valid = ia->ia6_lifetime.ia6t_vltime,
929 	};
930 
931 	nlattr_add(nw, IFA_CACHEINFO, sizeof(ci), &ci);
932 }
933 #endif
934 
935 static void
936 export_cache_info(struct nl_writer *nw, struct ifaddr *ifa)
937 {
938 	switch (ifa->ifa_addr->sa_family) {
939 #ifdef INET6
940 	case AF_INET6:
941 		export_cache_info6(nw, (struct in6_ifaddr *)ifa);
942 		break;
943 #endif
944 	}
945 }
946 
947 /*
948  * {'attrs': [('IFA_ADDRESS', '12.0.0.1'),
949            ('IFA_LOCAL', '12.0.0.1'),
950            ('IFA_LABEL', 'eth10'),
951            ('IFA_FLAGS', 128),
952            ('IFA_CACHEINFO', {'ifa_preferred': 4294967295, 'ifa_valid': 4294967295, 'cstamp': 63745746, 'tstamp': 63745746})],
953  */
954 static bool
955 dump_iface_addr(struct nl_writer *nw, if_t ifp, struct ifaddr *ifa,
956     const struct nlmsghdr *hdr)
957 {
958         struct ifaddrmsg *ifamsg;
959         struct sockaddr *sa = ifa->ifa_addr;
960         struct sockaddr *sa_dst = ifa->ifa_dstaddr;
961 
962         NL_LOG(LOG_DEBUG3, "dumping ifa %p type %s(%d) for interface %s",
963             ifa, rib_print_family(sa->sa_family), sa->sa_family, if_name(ifp));
964 
965 	if (!nlmsg_reply(nw, hdr, sizeof(struct ifaddrmsg)))
966 		goto enomem;
967 
968         ifamsg = nlmsg_reserve_object(nw, struct ifaddrmsg);
969         ifamsg->ifa_family = sa->sa_family;
970         ifamsg->ifa_prefixlen = get_sa_plen(ifa->ifa_netmask);
971         ifamsg->ifa_flags = 0; // ifa_flags is useless
972         ifamsg->ifa_scope = ifa_get_scope(ifa);
973         ifamsg->ifa_index = if_getindex(ifp);
974 
975 	if ((if_getflags(ifp) & IFF_POINTOPOINT) && sa_dst != NULL && sa_dst->sa_family != 0) {
976 		/* P2P interface may have IPv6 LL with no dst address */
977 		dump_sa(nw, IFA_ADDRESS, sa_dst);
978 		dump_sa(nw, IFA_LOCAL, sa);
979 	} else {
980 		dump_sa(nw, IFA_ADDRESS, sa);
981 #ifdef INET
982 		/*
983 		 * In most cases, IFA_ADDRESS == IFA_LOCAL
984 		 * Skip IFA_LOCAL for anything except INET
985 		 */
986 		if (sa->sa_family == AF_INET)
987 			dump_sa(nw, IFA_LOCAL, sa);
988 #endif
989 	}
990 	if (if_getflags(ifp) & IFF_BROADCAST)
991 		dump_sa(nw, IFA_BROADCAST, ifa->ifa_broadaddr);
992 
993         nlattr_add_string(nw, IFA_LABEL, if_name(ifp));
994 
995         uint32_t nl_ifa_flags = 0;
996 #ifdef INET6
997 	if (sa->sa_family == AF_INET6) {
998 		struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa;
999 		nl_ifa_flags = in6_flags_to_nl(ia->ia6_flags);
1000 	}
1001 #endif
1002         nlattr_add_u32(nw, IFA_FLAGS, nl_ifa_flags);
1003 
1004 	export_cache_info(nw, ifa);
1005 
1006 	/* Store FreeBSD-specific attributes */
1007 	int off = nlattr_add_nested(nw, IFA_FREEBSD);
1008 	if (off != 0) {
1009 		if (ifa->ifa_carp != NULL && carp_get_vhid_p != NULL) {
1010 			uint32_t vhid  = (uint32_t)(*carp_get_vhid_p)(ifa);
1011 			nlattr_add_u32(nw, IFAF_VHID, vhid);
1012 		}
1013 #ifdef INET6
1014 		if (sa->sa_family == AF_INET6) {
1015 			uint32_t ifa_flags = ((struct in6_ifaddr *)ifa)->ia6_flags;
1016 
1017 			nlattr_add_u32(nw, IFAF_FLAGS, ifa_flags);
1018 		}
1019 #endif
1020 
1021 		nlattr_set_len(nw, off);
1022 	}
1023 
1024 	if (nlmsg_end(nw))
1025 		return (true);
1026 enomem:
1027         NL_LOG(LOG_DEBUG, "Failed to dump ifa type %s(%d) for interface %s",
1028             rib_print_family(sa->sa_family), sa->sa_family, if_name(ifp));
1029         nlmsg_abort(nw);
1030         return (false);
1031 }
1032 
1033 static int
1034 dump_iface_addrs(struct netlink_walkargs *wa, if_t ifp)
1035 {
1036         struct ifaddr *ifa;
1037 	struct ifa_iter it;
1038 	int error = 0;
1039 
1040 	for (ifa = ifa_iter_start(ifp, &it); ifa != NULL; ifa = ifa_iter_next(&it)) {
1041 		if (wa->family != 0 && wa->family != ifa->ifa_addr->sa_family)
1042 			continue;
1043 		if (ifa->ifa_addr->sa_family == AF_LINK)
1044 			continue;
1045 		if (prison_if(wa->cred, ifa->ifa_addr) != 0)
1046 			continue;
1047 		wa->count++;
1048 		if (!dump_iface_addr(wa->nw, ifp, ifa, &wa->hdr)) {
1049 			error = ENOMEM;
1050 			break;
1051 		}
1052 		wa->dumped++;
1053 	}
1054 	ifa_iter_finish(&it);
1055 
1056 	return (error);
1057 }
1058 
1059 static int
1060 rtnl_handle_getaddr(struct nlmsghdr *hdr, struct nlpcb *nlp, struct nl_pstate *npt)
1061 {
1062         if_t ifp;
1063 	int error = 0;
1064 
1065 	struct nl_parsed_ifa attrs = {};
1066 	error = nl_parse_nlmsg(hdr, &ifa_parser, npt, &attrs);
1067 	if (error != 0)
1068 		return (error);
1069 
1070 	struct netlink_walkargs wa = {
1071 		.so = nlp,
1072 		.nw = npt->nw,
1073 		.cred = nlp_get_cred(nlp),
1074 		.family = attrs.ifa_family,
1075 		.hdr.nlmsg_pid = hdr->nlmsg_pid,
1076 		.hdr.nlmsg_seq = hdr->nlmsg_seq,
1077 		.hdr.nlmsg_flags = hdr->nlmsg_flags | NLM_F_MULTI,
1078 		.hdr.nlmsg_type = NL_RTM_NEWADDR,
1079 	};
1080 
1081 	NL_LOG(LOG_DEBUG2, "Start dump");
1082 
1083 	if (attrs.ifa_index != 0) {
1084 		ifp = ifnet_byindex(attrs.ifa_index);
1085 		if (ifp == NULL)
1086 			error = ENOENT;
1087 		else
1088 			error = dump_iface_addrs(&wa, ifp);
1089 	} else {
1090 		struct if_iter it;
1091 
1092 		for (ifp = if_iter_start(&it); ifp != NULL; ifp = if_iter_next(&it)) {
1093 			error = dump_iface_addrs(&wa, ifp);
1094 			if (error != 0)
1095 				break;
1096 		}
1097 		if_iter_finish(&it);
1098 	}
1099 
1100 	NL_LOG(LOG_DEBUG2, "End dump, iterated %d dumped %d", wa.count, wa.dumped);
1101 
1102 	if (!nlmsg_end_dump(wa.nw, error, &wa.hdr)) {
1103                 NL_LOG(LOG_DEBUG, "Unable to finalize the dump");
1104                 return (ENOMEM);
1105         }
1106 
1107 	return (error);
1108 }
1109 
1110 #ifdef INET
1111 static int
1112 handle_newaddr_inet(struct nlmsghdr *hdr, struct nl_parsed_ifa *attrs,
1113     if_t ifp, struct nlpcb *nlp, struct nl_pstate *npt)
1114 {
1115 	int plen = attrs->ifa_prefixlen;
1116 	int if_flags = if_getflags(ifp);
1117 	struct sockaddr_in *addr, *dst;
1118 
1119 	if (plen > 32) {
1120 		nlmsg_report_err_msg(npt, "invalid ifa_prefixlen");
1121 		return (EINVAL);
1122 	};
1123 
1124 	if (if_flags & IFF_POINTOPOINT) {
1125 		/*
1126 		 * Only P2P IFAs are allowed by the implementation.
1127 		 */
1128 		if (attrs->ifa_address == NULL || attrs->ifa_local == NULL) {
1129 			nlmsg_report_err_msg(npt, "Empty IFA_LOCAL/IFA_ADDRESS");
1130 			return (EINVAL);
1131 		}
1132 		addr = (struct sockaddr_in *)attrs->ifa_local;
1133 		dst = (struct sockaddr_in *)attrs->ifa_address;
1134 	} else {
1135 		/*
1136 		 * Map the Netlink attributes to FreeBSD ifa layout.
1137 		 * If only IFA_ADDRESS or IFA_LOCAL is set OR
1138 		 * both are set to the same value => ifa is not p2p
1139 		 * and the attribute value contains interface address.
1140 		 *
1141 		 * Otherwise (both IFA_ADDRESS and IFA_LOCAL are set and
1142 		 * different), IFA_LOCAL contains an interface address and
1143 		 * IFA_ADDRESS contains peer address.
1144 		 */
1145 		addr = (struct sockaddr_in *)attrs->ifa_local;
1146 		if (addr == NULL)
1147 			addr = (struct sockaddr_in *)attrs->ifa_address;
1148 
1149 		if (addr == NULL) {
1150 			nlmsg_report_err_msg(npt, "Empty IFA_LOCAL/IFA_ADDRESS");
1151 			return (EINVAL);
1152 		}
1153 
1154 		/* Generate broadcast address if not set */
1155 		if ((if_flags & IFF_BROADCAST) && attrs->ifa_broadcast == NULL) {
1156 			uint32_t s_baddr;
1157 			struct sockaddr_in *sin_brd;
1158 
1159 			if (plen == 31)
1160 				s_baddr = INADDR_BROADCAST; /* RFC 3021 */
1161 			else {
1162 				uint32_t s_mask;
1163 
1164 				s_mask = htonl(plen ? ~((1 << (32 - plen)) - 1) : 0);
1165 				s_baddr = addr->sin_addr.s_addr | ~s_mask;
1166 			}
1167 
1168 			sin_brd = (struct sockaddr_in *)npt_alloc(npt, sizeof(*sin_brd));
1169 			if (sin_brd == NULL)
1170 				return (ENOMEM);
1171 			sin_brd->sin_family = AF_INET;
1172 			sin_brd->sin_len = sizeof(*sin_brd);
1173 			sin_brd->sin_addr.s_addr = s_baddr;
1174 			attrs->ifa_broadcast = (struct sockaddr *)sin_brd;
1175 		}
1176 		dst = (struct sockaddr_in *)attrs->ifa_broadcast;
1177 	}
1178 
1179 	struct sockaddr_in mask = {
1180 		.sin_len = sizeof(struct sockaddr_in),
1181 		.sin_family = AF_INET,
1182 		.sin_addr.s_addr = htonl(plen ? ~((1 << (32 - plen)) - 1) : 0),
1183 	};
1184 	struct in_aliasreq req = {
1185 		.ifra_addr = *addr,
1186 		.ifra_mask = mask,
1187 		.ifra_vhid = attrs->ifaf_vhid,
1188 	};
1189 	if (dst != NULL)
1190 		req.ifra_dstaddr = *dst;
1191 
1192 	return (in_control_ioctl(SIOCAIFADDR, &req, ifp, nlp_get_cred(nlp)));
1193 }
1194 
1195 static int
1196 handle_deladdr_inet(struct nlmsghdr *hdr, struct nl_parsed_ifa *attrs,
1197     if_t ifp, struct nlpcb *nlp, struct nl_pstate *npt)
1198 {
1199 	struct sockaddr_in *addr = (struct sockaddr_in *)attrs->ifa_local;
1200 
1201 	if (addr == NULL)
1202 		addr = (struct sockaddr_in *)attrs->ifa_address;
1203 
1204 	if (addr == NULL) {
1205 		nlmsg_report_err_msg(npt, "empty IFA_ADDRESS/IFA_LOCAL");
1206 		return (EINVAL);
1207 	}
1208 
1209 	struct in_aliasreq req = { .ifra_addr = *addr };
1210 
1211 	return (in_control_ioctl(SIOCDIFADDR, &req, ifp, nlp_get_cred(nlp)));
1212 }
1213 #endif
1214 
1215 #ifdef INET6
1216 static int
1217 handle_newaddr_inet6(struct nlmsghdr *hdr, struct nl_parsed_ifa *attrs,
1218     if_t ifp, struct nlpcb *nlp, struct nl_pstate *npt)
1219 {
1220 	struct sockaddr_in6 *addr, *dst;
1221 
1222 	if (attrs->ifa_prefixlen > 128) {
1223 		nlmsg_report_err_msg(npt, "invalid ifa_prefixlen");
1224 		return (EINVAL);
1225 	}
1226 
1227 	/*
1228 	 * In IPv6 implementation, adding non-P2P address to the P2P interface
1229 	 * is allowed.
1230 	 */
1231 	addr = (struct sockaddr_in6 *)(attrs->ifa_local);
1232 	dst = (struct sockaddr_in6 *)(attrs->ifa_address);
1233 
1234 	if (addr == NULL) {
1235 		addr = dst;
1236 		dst = NULL;
1237 	} else if (dst != NULL) {
1238 		if (IN6_ARE_ADDR_EQUAL(&addr->sin6_addr, &dst->sin6_addr)) {
1239 			/*
1240 			 * Sometimes Netlink users fills in both attributes
1241 			 * with the same address. It still means "non-p2p".
1242 			 */
1243 			dst = NULL;
1244 		}
1245 	}
1246 
1247 	if (addr == NULL) {
1248 		nlmsg_report_err_msg(npt, "Empty IFA_LOCAL/IFA_ADDRESS");
1249 		return (EINVAL);
1250 	}
1251 
1252 	uint32_t flags = nl_flags_to_in6(attrs->ifa_flags) | attrs->ifaf_flags;
1253 
1254 	uint32_t pltime = 0, vltime = 0;
1255 	if (attrs->ifa_cacheinfo != 0) {
1256 		pltime = attrs->ifa_cacheinfo->ifa_prefered;
1257 		vltime = attrs->ifa_cacheinfo->ifa_valid;
1258 	}
1259 
1260 	struct sockaddr_in6 mask = {
1261 		.sin6_len = sizeof(struct sockaddr_in6),
1262 		.sin6_family = AF_INET6,
1263 	};
1264 	ip6_writemask(&mask.sin6_addr, attrs->ifa_prefixlen);
1265 
1266 	struct in6_aliasreq req = {
1267 		.ifra_addr = *addr,
1268 		.ifra_prefixmask = mask,
1269 		.ifra_flags = flags,
1270 		.ifra_lifetime = { .ia6t_vltime = vltime, .ia6t_pltime = pltime },
1271 		.ifra_vhid = attrs->ifaf_vhid,
1272 	};
1273 	if (dst != NULL)
1274 		req.ifra_dstaddr = *dst;
1275 
1276 	return (in6_control_ioctl(SIOCAIFADDR_IN6, &req, ifp, nlp_get_cred(nlp)));
1277 }
1278 
1279 static int
1280 handle_deladdr_inet6(struct nlmsghdr *hdr, struct nl_parsed_ifa *attrs,
1281     if_t ifp, struct nlpcb *nlp, struct nl_pstate *npt)
1282 {
1283 	struct sockaddr_in6 *addr = (struct sockaddr_in6 *)attrs->ifa_local;
1284 
1285 	if (addr == NULL)
1286 		addr = (struct sockaddr_in6 *)(attrs->ifa_address);
1287 
1288 	if (addr == NULL) {
1289 		nlmsg_report_err_msg(npt, "Empty IFA_LOCAL/IFA_ADDRESS");
1290 		return (EINVAL);
1291 	}
1292 
1293 	struct in6_aliasreq req = { .ifra_addr = *addr };
1294 
1295 	return (in6_control_ioctl(SIOCDIFADDR_IN6, &req, ifp, nlp_get_cred(nlp)));
1296 }
1297 #endif
1298 
1299 
1300 static int
1301 rtnl_handle_addr(struct nlmsghdr *hdr, struct nlpcb *nlp, struct nl_pstate *npt)
1302 {
1303 	struct epoch_tracker et;
1304 	int error;
1305 
1306 	struct nl_parsed_ifa attrs = {};
1307 	error = nl_parse_nlmsg(hdr, &ifa_parser, npt, &attrs);
1308 	if (error != 0)
1309 		return (error);
1310 
1311 	NET_EPOCH_ENTER(et);
1312 	if_t ifp = ifnet_byindex_ref(attrs.ifa_index);
1313 	NET_EPOCH_EXIT(et);
1314 
1315 	if (ifp == NULL) {
1316 		nlmsg_report_err_msg(npt, "Unable to find interface with index %u",
1317 		    attrs.ifa_index);
1318 		return (ENOENT);
1319 	}
1320 	int if_flags = if_getflags(ifp);
1321 
1322 #if defined(INET) || defined(INET6)
1323 	bool new = hdr->nlmsg_type == NL_RTM_NEWADDR;
1324 #endif
1325 
1326 	/*
1327 	 * TODO: Properly handle NLM_F_CREATE / NLM_F_EXCL.
1328 	 * The current ioctl-based KPI always does an implicit create-or-replace.
1329 	 * It is not possible to specify fine-grained options.
1330 	 */
1331 
1332 	switch (attrs.ifa_family) {
1333 #ifdef INET
1334 	case AF_INET:
1335 		if (new)
1336 			error = handle_newaddr_inet(hdr, &attrs, ifp, nlp, npt);
1337 		else
1338 			error = handle_deladdr_inet(hdr, &attrs, ifp, nlp, npt);
1339 		break;
1340 #endif
1341 #ifdef INET6
1342 	case AF_INET6:
1343 		if (new)
1344 			error = handle_newaddr_inet6(hdr, &attrs, ifp, nlp, npt);
1345 		else
1346 			error = handle_deladdr_inet6(hdr, &attrs, ifp, nlp, npt);
1347 		break;
1348 #endif
1349 	default:
1350 		error = EAFNOSUPPORT;
1351 	}
1352 
1353 	if (error == 0 && !(if_flags & IFF_UP) && (if_getflags(ifp) & IFF_UP))
1354 		if_up(ifp);
1355 
1356 	if_rele(ifp);
1357 
1358 	return (error);
1359 }
1360 
1361 
1362 static void
1363 rtnl_handle_ifaddr(void *arg __unused, struct ifaddr *ifa, int cmd)
1364 {
1365 	struct nlmsghdr hdr = {};
1366 	struct nl_writer nw = {};
1367 	uint32_t group = 0;
1368 
1369 	switch (ifa->ifa_addr->sa_family) {
1370 #ifdef INET
1371 	case AF_INET:
1372 		group = RTNLGRP_IPV4_IFADDR;
1373 		break;
1374 #endif
1375 #ifdef INET6
1376 	case AF_INET6:
1377 		group = RTNLGRP_IPV6_IFADDR;
1378 		break;
1379 #endif
1380 	default:
1381 		NL_LOG(LOG_DEBUG2, "ifa notification for unknown AF: %d",
1382 		    ifa->ifa_addr->sa_family);
1383 		return;
1384 	}
1385 
1386 	if (!nl_has_listeners(NETLINK_ROUTE, group))
1387 		return;
1388 
1389 	if (!nlmsg_get_group_writer(&nw, NLMSG_LARGE, NETLINK_ROUTE, group)) {
1390 		NL_LOG(LOG_DEBUG, "error allocating group writer");
1391 		return;
1392 	}
1393 
1394 	hdr.nlmsg_type = (cmd == RTM_DELETE) ? NL_RTM_DELADDR : NL_RTM_NEWADDR;
1395 
1396 	dump_iface_addr(&nw, ifa->ifa_ifp, ifa, &hdr);
1397 	nlmsg_flush(&nw);
1398 }
1399 
1400 static void
1401 rtnl_handle_ifevent(if_t ifp, int nlmsg_type, int if_flags_mask)
1402 {
1403 	struct nlmsghdr hdr = { .nlmsg_type = nlmsg_type };
1404 	struct nl_writer nw = {};
1405 
1406 	if (!nl_has_listeners(NETLINK_ROUTE, RTNLGRP_LINK))
1407 		return;
1408 
1409 	if (!nlmsg_get_group_writer(&nw, NLMSG_LARGE, NETLINK_ROUTE, RTNLGRP_LINK)) {
1410 		NL_LOG(LOG_DEBUG, "error allocating mbuf");
1411 		return;
1412 	}
1413 	dump_iface(&nw, ifp, &hdr, if_flags_mask);
1414         nlmsg_flush(&nw);
1415 }
1416 
1417 static void
1418 rtnl_handle_ifattach(void *arg, if_t ifp)
1419 {
1420 	NL_LOG(LOG_DEBUG2, "ifnet %s", if_name(ifp));
1421 	rtnl_handle_ifevent(ifp, NL_RTM_NEWLINK, 0);
1422 }
1423 
1424 static void
1425 rtnl_handle_ifdetach(void *arg, if_t ifp)
1426 {
1427 	NL_LOG(LOG_DEBUG2, "ifnet %s", if_name(ifp));
1428 	rtnl_handle_ifevent(ifp, NL_RTM_DELLINK, 0);
1429 }
1430 
1431 static void
1432 rtnl_handle_iflink(void *arg, if_t ifp)
1433 {
1434 	NL_LOG(LOG_DEBUG2, "ifnet %s", if_name(ifp));
1435 	rtnl_handle_ifevent(ifp, NL_RTM_NEWLINK, 0);
1436 }
1437 
1438 void
1439 rtnl_handle_ifnet_event(if_t ifp, int if_flags_mask)
1440 {
1441 	NL_LOG(LOG_DEBUG2, "ifnet %s", if_name(ifp));
1442 	rtnl_handle_ifevent(ifp, NL_RTM_NEWLINK, if_flags_mask);
1443 }
1444 
1445 static const struct rtnl_cmd_handler cmd_handlers[] = {
1446 	{
1447 		.cmd = NL_RTM_GETLINK,
1448 		.name = "RTM_GETLINK",
1449 		.cb = &rtnl_handle_getlink,
1450 		.flags = RTNL_F_NOEPOCH | RTNL_F_ALLOW_NONVNET_JAIL,
1451 	},
1452 	{
1453 		.cmd = NL_RTM_DELLINK,
1454 		.name = "RTM_DELLINK",
1455 		.cb = &rtnl_handle_dellink,
1456 		.priv = PRIV_NET_IFDESTROY,
1457 		.flags = RTNL_F_NOEPOCH,
1458 	},
1459 	{
1460 		.cmd = NL_RTM_NEWLINK,
1461 		.name = "RTM_NEWLINK",
1462 		.cb = &rtnl_handle_newlink,
1463 		.priv = PRIV_NET_IFCREATE,
1464 		.flags = RTNL_F_NOEPOCH,
1465 	},
1466 	{
1467 		.cmd = NL_RTM_GETADDR,
1468 		.name = "RTM_GETADDR",
1469 		.cb = &rtnl_handle_getaddr,
1470 		.flags = RTNL_F_ALLOW_NONVNET_JAIL,
1471 	},
1472 	{
1473 		.cmd = NL_RTM_NEWADDR,
1474 		.name = "RTM_NEWADDR",
1475 		.cb = &rtnl_handle_addr,
1476 		.priv = PRIV_NET_ADDIFADDR,
1477 		.flags = RTNL_F_NOEPOCH,
1478 	},
1479 	{
1480 		.cmd = NL_RTM_DELADDR,
1481 		.name = "RTM_DELADDR",
1482 		.cb = &rtnl_handle_addr,
1483 		.priv = PRIV_NET_DELIFADDR,
1484 		.flags = RTNL_F_NOEPOCH,
1485 	},
1486 };
1487 
1488 static const struct nlhdr_parser *all_parsers[] = {
1489 	&ifmsg_parser, &ifa_parser, &ifa_fbsd_parser,
1490 };
1491 
1492 void
1493 rtnl_iface_add_cloner(struct nl_cloner *cloner)
1494 {
1495 	sx_xlock(&rtnl_cloner_lock);
1496 	SLIST_INSERT_HEAD(&nl_cloners, cloner, next);
1497 	sx_xunlock(&rtnl_cloner_lock);
1498 }
1499 
1500 void
1501 rtnl_iface_del_cloner(struct nl_cloner *cloner)
1502 {
1503 	sx_xlock(&rtnl_cloner_lock);
1504 	SLIST_REMOVE(&nl_cloners, cloner, nl_cloner, next);
1505 	sx_xunlock(&rtnl_cloner_lock);
1506 }
1507 
1508 void
1509 rtnl_ifaces_init(void)
1510 {
1511 	ifattach_event = EVENTHANDLER_REGISTER(
1512 	    ifnet_arrival_event, rtnl_handle_ifattach, NULL,
1513 	    EVENTHANDLER_PRI_ANY);
1514 	ifdetach_event = EVENTHANDLER_REGISTER(
1515 	    ifnet_departure_event, rtnl_handle_ifdetach, NULL,
1516 	    EVENTHANDLER_PRI_ANY);
1517 	ifaddr_event = EVENTHANDLER_REGISTER(
1518 	    rt_addrmsg, rtnl_handle_ifaddr, NULL,
1519 	    EVENTHANDLER_PRI_ANY);
1520 	iflink_event = EVENTHANDLER_REGISTER(
1521 	    ifnet_link_event, rtnl_handle_iflink, NULL,
1522 	    EVENTHANDLER_PRI_ANY);
1523 	NL_VERIFY_PARSERS(all_parsers);
1524 	rtnl_register_messages(cmd_handlers, NL_ARRAY_LEN(cmd_handlers));
1525 }
1526 
1527 void
1528 rtnl_ifaces_destroy(void)
1529 {
1530 	EVENTHANDLER_DEREGISTER(ifnet_arrival_event, ifattach_event);
1531 	EVENTHANDLER_DEREGISTER(ifnet_departure_event, ifdetach_event);
1532 	EVENTHANDLER_DEREGISTER(rt_addrmsg, ifaddr_event);
1533 	EVENTHANDLER_DEREGISTER(ifnet_link_event, iflink_event);
1534 }
1535