1 /*-
2 * SPDX-License-Identifier: BSD-2-Clause
3 *
4 * Copyright (c) 2022 Alexander V. Chernikov <melifaro@FreeBSD.org>
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25 * SUCH DAMAGE.
26 */
27
28 #include <sys/cdefs.h>
29 #include "opt_inet.h"
30 #include "opt_inet6.h"
31 #include <sys/types.h>
32 #include <sys/eventhandler.h>
33 #include <sys/kernel.h>
34 #include <sys/jail.h>
35 #include <sys/malloc.h>
36 #include <sys/socket.h>
37 #include <sys/sockio.h>
38 #include <sys/syslog.h>
39 #include <sys/proc.h>
40
41 #include <net/if.h>
42 #include <net/if_dl.h>
43 #include <net/if_media.h>
44 #include <net/if_var.h>
45 #include <net/if_clone.h>
46 #include <net/route.h>
47 #include <net/route/nhop.h>
48 #include <net/route/route_ctl.h>
49 #include <netinet/in_var.h>
50 #include <netinet6/in6_var.h>
51 #include <netinet6/scope6_var.h> /* scope deembedding */
52 #include <netlink/netlink.h>
53 #include <netlink/netlink_ctl.h>
54 #include <netlink/netlink_route.h>
55 #include <netlink/route/route_var.h>
56
57 #define DEBUG_MOD_NAME nl_iface
58 #define DEBUG_MAX_LEVEL LOG_DEBUG3
59 #include <netlink/netlink_debug.h>
60 _DECLARE_DEBUG(LOG_INFO);
61
62 struct netlink_walkargs {
63 struct nl_writer *nw;
64 struct nlmsghdr hdr;
65 struct nlpcb *so;
66 struct ucred *cred;
67 uint32_t fibnum;
68 int family;
69 int error;
70 int count;
71 int dumped;
72 };
73
74 static eventhandler_tag ifdetach_event, ifattach_event, ifrename_event,
75 iflink_event, ifaddr_event;
76
77 static SLIST_HEAD(, nl_cloner) nl_cloners = SLIST_HEAD_INITIALIZER(nl_cloners);
78
79 static struct sx rtnl_cloner_lock;
80 SX_SYSINIT(rtnl_cloner_lock, &rtnl_cloner_lock, "rtnl cloner lock");
81
82 /* These are external hooks for CARP. */
83 extern int (*carp_get_vhid_p)(struct ifaddr *);
84
85 /*
86 * RTM_GETLINK request
87 * sendto(3, {{len=32, type=RTM_GETLINK, flags=NLM_F_REQUEST|NLM_F_DUMP, seq=1641940952, pid=0},
88 * {ifi_family=AF_INET, ifi_type=ARPHRD_NETROM, ifi_index=0, ifi_flags=0, ifi_change=0}}, 32, 0, NULL, 0) = 32
89 *
90 * Reply:
91 * {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_ETHER, ifi_index=if_nametoindex("enp0s31f6"), ifi_flags=IFF_UP|IFF_BROADCAST|IFF_RUNNING|IFF_MULTICAST|IFF_LOWER_UP, ifi_change=0},
92 {{nla_len=10, nla_type=IFLA_ADDRESS}, "\xfe\x54\x00\x52\x3e\x90"}
93
94 [
95 {{nla_len=14, nla_type=IFLA_IFNAME}, "enp0s31f6"},
96 {{nla_len=8, nla_type=IFLA_TXQLEN}, 1000},
97 {{nla_len=5, nla_type=IFLA_OPERSTATE}, 6},
98 {{nla_len=5, nla_type=IFLA_LINKMODE}, 0},
99 {{nla_len=8, nla_type=IFLA_MTU}, 1500},
100 {{nla_len=8, nla_type=IFLA_MIN_MTU}, 68},
101 {{nla_len=8, nla_type=IFLA_MAX_MTU}, 9000},
102 {{nla_len=8, nla_type=IFLA_GROUP}, 0},
103 {{nla_len=8, nla_type=IFLA_PROMISCUITY}, 0},
104 {{nla_len=8, nla_type=IFLA_NUM_TX_QUEUES}, 1},
105 {{nla_len=8, nla_type=IFLA_GSO_MAX_SEGS}, 65535},
106 {{nla_len=8, nla_type=IFLA_GSO_MAX_SIZE}, 65536},
107 {{nla_len=8, nla_type=IFLA_NUM_RX_QUEUES}, 1},
108 {{nla_len=5, nla_type=IFLA_CARRIER}, 1},
109 {{nla_len=13, nla_type=IFLA_QDISC}, "fq_codel"},
110 {{nla_len=8, nla_type=IFLA_CARRIER_CHANGES}, 2},
111 {{nla_len=5, nla_type=IFLA_PROTO_DOWN}, 0},
112 {{nla_len=8, nla_type=IFLA_CARRIER_UP_COUNT}, 1},
113 {{nla_len=8, nla_type=IFLA_CARRIER_DOWN_COUNT}, 1},
114 */
115
116 struct if_state {
117 uint8_t ifla_operstate;
118 uint8_t ifla_carrier;
119 };
120
121 static void
get_operstate_ether(if_t ifp,struct if_state * pstate)122 get_operstate_ether(if_t ifp, struct if_state *pstate)
123 {
124 struct ifmediareq ifmr = {};
125 int error;
126 error = if_ioctl(ifp, SIOCGIFMEDIA, (void *)&ifmr);
127
128 if (error != 0) {
129 NL_LOG(LOG_DEBUG, "error calling SIOCGIFMEDIA on %s: %d",
130 if_name(ifp), error);
131 return;
132 }
133
134 switch (IFM_TYPE(ifmr.ifm_active)) {
135 case IFM_ETHER:
136 if (ifmr.ifm_status & IFM_ACTIVE) {
137 pstate->ifla_carrier = 1;
138 if (if_getflags(ifp) & IFF_MONITOR)
139 pstate->ifla_operstate = IF_OPER_DORMANT;
140 else
141 pstate->ifla_operstate = IF_OPER_UP;
142 } else
143 pstate->ifla_operstate = IF_OPER_DOWN;
144 }
145 }
146
147 static bool
get_stats(struct nl_writer * nw,if_t ifp)148 get_stats(struct nl_writer *nw, if_t ifp)
149 {
150 struct rtnl_link_stats64 *stats;
151
152 int nla_len = sizeof(struct nlattr) + sizeof(*stats);
153 struct nlattr *nla = nlmsg_reserve_data(nw, nla_len, struct nlattr);
154 if (nla == NULL)
155 return (false);
156 nla->nla_type = IFLA_STATS64;
157 nla->nla_len = nla_len;
158 stats = (struct rtnl_link_stats64 *)(nla + 1);
159
160 stats->rx_packets = if_getcounter(ifp, IFCOUNTER_IPACKETS);
161 stats->tx_packets = if_getcounter(ifp, IFCOUNTER_OPACKETS);
162 stats->rx_bytes = if_getcounter(ifp, IFCOUNTER_IBYTES);
163 stats->tx_bytes = if_getcounter(ifp, IFCOUNTER_OBYTES);
164 stats->rx_errors = if_getcounter(ifp, IFCOUNTER_IERRORS);
165 stats->tx_errors = if_getcounter(ifp, IFCOUNTER_OERRORS);
166 stats->rx_dropped = if_getcounter(ifp, IFCOUNTER_IQDROPS);
167 stats->tx_dropped = if_getcounter(ifp, IFCOUNTER_OQDROPS);
168 stats->multicast = if_getcounter(ifp, IFCOUNTER_IMCASTS);
169 stats->rx_nohandler = if_getcounter(ifp, IFCOUNTER_NOPROTO);
170
171 return (true);
172 }
173
174 static void
get_operstate(if_t ifp,struct if_state * pstate)175 get_operstate(if_t ifp, struct if_state *pstate)
176 {
177 pstate->ifla_operstate = IF_OPER_UNKNOWN;
178 pstate->ifla_carrier = 0; /* no carrier */
179
180 switch (if_gettype(ifp)) {
181 case IFT_ETHER:
182 case IFT_L2VLAN:
183 get_operstate_ether(ifp, pstate);
184 break;
185 default:
186 /* Map admin state to the operstate */
187 if (if_getflags(ifp) & IFF_UP) {
188 pstate->ifla_operstate = IF_OPER_UP;
189 pstate->ifla_carrier = 1;
190 } else
191 pstate->ifla_operstate = IF_OPER_DOWN;
192 break;
193 }
194 }
195
196 static void
get_hwaddr(struct nl_writer * nw,if_t ifp)197 get_hwaddr(struct nl_writer *nw, if_t ifp)
198 {
199 struct ifreq ifr = {};
200
201 if (if_gethwaddr(ifp, &ifr) == 0) {
202 nlattr_add(nw, IFLAF_ORIG_HWADDR, if_getaddrlen(ifp),
203 ifr.ifr_addr.sa_data);
204 }
205 }
206
207 static unsigned
ifp_flags_to_netlink(const if_t ifp)208 ifp_flags_to_netlink(const if_t ifp)
209 {
210 return (if_getflags(ifp) | if_getdrvflags(ifp));
211 }
212
213 #define LLADDR_CONST(s) ((const void *)((s)->sdl_data + (s)->sdl_nlen))
214 static bool
dump_sa(struct nl_writer * nw,int attr,const struct sockaddr * sa)215 dump_sa(struct nl_writer *nw, int attr, const struct sockaddr *sa)
216 {
217 uint32_t addr_len = 0;
218 const void *addr_data = NULL;
219 #ifdef INET6
220 struct in6_addr addr6;
221 #endif
222
223 if (sa == NULL)
224 return (true);
225
226 switch (sa->sa_family) {
227 #ifdef INET
228 case AF_INET:
229 addr_len = sizeof(struct in_addr);
230 addr_data = &((const struct sockaddr_in *)sa)->sin_addr;
231 break;
232 #endif
233 #ifdef INET6
234 case AF_INET6:
235 in6_splitscope(&((const struct sockaddr_in6 *)sa)->sin6_addr, &addr6, &addr_len);
236 addr_len = sizeof(struct in6_addr);
237 addr_data = &addr6;
238 break;
239 #endif
240 case AF_LINK:
241 addr_len = ((const struct sockaddr_dl *)sa)->sdl_alen;
242 addr_data = LLADDR_CONST((const struct sockaddr_dl *)sa);
243 break;
244 case AF_UNSPEC:
245 /* Ignore empty SAs without warning */
246 return (true);
247 default:
248 NL_LOG(LOG_DEBUG2, "unsupported family: %d, skipping", sa->sa_family);
249 return (true);
250 }
251
252 return (nlattr_add(nw, attr, addr_len, addr_data));
253 }
254
255 static bool
dump_iface_caps(struct nl_writer * nw,struct ifnet * ifp)256 dump_iface_caps(struct nl_writer *nw, struct ifnet *ifp)
257 {
258 int off = nlattr_add_nested(nw, IFLAF_CAPS);
259 uint32_t active_caps[roundup2(IFCAP_B_SIZE, 32) / 32] = {};
260 uint32_t all_caps[roundup2(IFCAP_B_SIZE, 32) / 32] = {};
261
262 MPASS(sizeof(active_caps) >= 8);
263 MPASS(sizeof(all_caps) >= 8);
264
265 if (off == 0)
266 return (false);
267
268 active_caps[0] = (uint32_t)if_getcapabilities(ifp);
269 all_caps[0] = (uint32_t)if_getcapenable(ifp);
270 active_caps[1] = (uint32_t)if_getcapabilities2(ifp);
271 all_caps[1] = (uint32_t)if_getcapenable2(ifp);
272
273 nlattr_add_u32(nw, NLA_BITSET_SIZE, IFCAP_B_SIZE);
274 nlattr_add(nw, NLA_BITSET_MASK, sizeof(all_caps), all_caps);
275 nlattr_add(nw, NLA_BITSET_VALUE, sizeof(active_caps), active_caps);
276
277 nlattr_set_len(nw, off);
278
279 return (true);
280 }
281
282 /*
283 * Dumps interface state, properties and metrics.
284 * @nw: message writer
285 * @ifp: target interface
286 * @hdr: template header
287 * @if_flags_mask: changed if_[drv]_flags bitmask
288 *
289 * This function is called without epoch and MAY sleep.
290 */
291 static bool
dump_iface(struct nl_writer * nw,if_t ifp,const struct nlmsghdr * hdr,int if_flags_mask,const char * ifname)292 dump_iface(struct nl_writer *nw, if_t ifp, const struct nlmsghdr *hdr,
293 int if_flags_mask, const char *ifname)
294 {
295 struct epoch_tracker et;
296 struct ifinfomsg *ifinfo;
297
298 NL_LOG(LOG_DEBUG3, "dumping interface %s data", if_name(ifp));
299
300 if (!nlmsg_reply(nw, hdr, sizeof(struct ifinfomsg)))
301 goto enomem;
302
303 ifinfo = nlmsg_reserve_object(nw, struct ifinfomsg);
304 ifinfo->ifi_family = AF_UNSPEC;
305 ifinfo->__ifi_pad = 0;
306 ifinfo->ifi_type = if_gettype(ifp);
307 ifinfo->ifi_index = if_getindex(ifp);
308 ifinfo->ifi_flags = ifp_flags_to_netlink(ifp);
309 ifinfo->ifi_change = if_flags_mask;
310
311 struct if_state ifs = {};
312 get_operstate(ifp, &ifs);
313
314 if (ifs.ifla_operstate == IF_OPER_UP)
315 ifinfo->ifi_flags |= IFF_LOWER_UP;
316
317 nlattr_add_string(nw, IFLA_IFNAME,
318 ifname != NULL ? ifname : if_name(ifp));
319 nlattr_add_u8(nw, IFLA_OPERSTATE, ifs.ifla_operstate);
320 nlattr_add_u8(nw, IFLA_CARRIER, ifs.ifla_carrier);
321
322 /*
323 nlattr_add_u8(nw, IFLA_PROTO_DOWN, val);
324 nlattr_add_u8(nw, IFLA_LINKMODE, val);
325 */
326 if (if_getaddrlen(ifp) != 0) {
327 struct ifaddr *ifa;
328 struct ifa_iter it;
329
330 NET_EPOCH_ENTER(et);
331 ifa = ifa_iter_start(ifp, &it);
332 if (ifa != NULL)
333 dump_sa(nw, IFLA_ADDRESS, ifa->ifa_addr);
334 ifa_iter_finish(&it);
335 NET_EPOCH_EXIT(et);
336 }
337
338 if ((if_getbroadcastaddr(ifp) != NULL)) {
339 nlattr_add(nw, IFLA_BROADCAST, if_getaddrlen(ifp),
340 if_getbroadcastaddr(ifp));
341 }
342
343 nlattr_add_u32(nw, IFLA_MTU, if_getmtu(ifp));
344 /*
345 nlattr_add_u32(nw, IFLA_MIN_MTU, 60);
346 nlattr_add_u32(nw, IFLA_MAX_MTU, 9000);
347 nlattr_add_u32(nw, IFLA_GROUP, 0);
348 */
349
350 if (if_getdescr(ifp) != NULL)
351 nlattr_add_string(nw, IFLA_IFALIAS, if_getdescr(ifp));
352
353 /* Store FreeBSD-specific attributes */
354 int off = nlattr_add_nested(nw, IFLA_FREEBSD);
355 if (off != 0) {
356 get_hwaddr(nw, ifp);
357 dump_iface_caps(nw, ifp);
358
359 nlattr_set_len(nw, off);
360 }
361
362 get_stats(nw, ifp);
363
364 uint32_t val = (if_getflags(ifp) & IFF_PROMISC) != 0;
365 nlattr_add_u32(nw, IFLA_PROMISCUITY, val);
366
367 ifc_dump_ifp_nl(ifp, nw);
368
369 nw->ifp = ifp;
370
371 if (nlmsg_end(nw))
372 return (true);
373
374 enomem:
375 NL_LOG(LOG_DEBUG, "unable to dump interface %s state (ENOMEM)", if_name(ifp));
376 nlmsg_abort(nw);
377 return (false);
378 }
379
380 static bool
check_ifmsg(void * hdr,struct nl_pstate * npt)381 check_ifmsg(void *hdr, struct nl_pstate *npt)
382 {
383 struct ifinfomsg *ifm = hdr;
384
385 if (ifm->__ifi_pad != 0 || ifm->ifi_type != 0 ||
386 ifm->ifi_flags != 0 || ifm->ifi_change != 0) {
387 nlmsg_report_err_msg(npt,
388 "strict checking: non-zero values in ifinfomsg header");
389 return (false);
390 }
391
392 return (true);
393 }
394
395 #define _IN(_field) offsetof(struct ifinfomsg, _field)
396 #define _OUT(_field) offsetof(struct nl_parsed_link, _field)
397 static const struct nlfield_parser nlf_p_if[] = {
398 { .off_in = _IN(ifi_type), .off_out = _OUT(ifi_type), .cb = nlf_get_u16 },
399 { .off_in = _IN(ifi_index), .off_out = _OUT(ifi_index), .cb = nlf_get_u32 },
400 { .off_in = _IN(ifi_flags), .off_out = _OUT(ifi_flags), .cb = nlf_get_u32 },
401 { .off_in = _IN(ifi_change), .off_out = _OUT(ifi_change), .cb = nlf_get_u32 },
402 };
403
404 static const struct nlattr_parser nla_p_linfo[] = {
405 { .type = IFLA_INFO_KIND, .off = _OUT(ifla_cloner), .cb = nlattr_get_stringn },
406 { .type = IFLA_INFO_DATA, .off = _OUT(ifla_idata), .cb = nlattr_get_nla },
407 };
408 NL_DECLARE_ATTR_PARSER(linfo_parser, nla_p_linfo);
409
410 static const struct nlattr_parser nla_p_if[] = {
411 { .type = IFLA_ADDRESS, .off = _OUT(ifla_address), .cb = nlattr_get_nla },
412 { .type = IFLA_IFNAME, .off = _OUT(ifla_ifname), .cb = nlattr_get_string },
413 { .type = IFLA_MTU, .off = _OUT(ifla_mtu), .cb = nlattr_get_uint32 },
414 { .type = IFLA_LINK, .off = _OUT(ifla_link), .cb = nlattr_get_uint32 },
415 { .type = IFLA_LINKINFO, .arg = &linfo_parser, .cb = nlattr_get_nested },
416 { .type = IFLA_IFALIAS, .off = _OUT(ifla_ifalias), .cb = nlattr_get_string },
417 { .type = IFLA_GROUP, .off = _OUT(ifla_group), .cb = nlattr_get_string },
418 { .type = IFLA_ALT_IFNAME, .off = _OUT(ifla_ifname), .cb = nlattr_get_string },
419 };
420 #undef _IN
421 #undef _OUT
422 NL_DECLARE_STRICT_PARSER(ifmsg_parser, struct ifinfomsg, check_ifmsg, nlf_p_if, nla_p_if);
423
424 static bool
match_iface(if_t ifp,void * _arg)425 match_iface(if_t ifp, void *_arg)
426 {
427 struct nl_parsed_link *attrs = (struct nl_parsed_link *)_arg;
428
429 if (attrs->ifi_index != 0 && attrs->ifi_index != if_getindex(ifp))
430 return (false);
431 if (attrs->ifi_type != 0 && attrs->ifi_index != if_gettype(ifp))
432 return (false);
433 if (attrs->ifla_ifname != NULL && strcmp(attrs->ifla_ifname, if_name(ifp)))
434 return (false);
435 /* TODO: add group match */
436
437 return (true);
438 }
439
440 static int
dump_cb(if_t ifp,void * _arg)441 dump_cb(if_t ifp, void *_arg)
442 {
443 struct netlink_walkargs *wa = (struct netlink_walkargs *)_arg;
444 if (!dump_iface(wa->nw, ifp, &wa->hdr, 0, NULL))
445 return (ENOMEM);
446 return (0);
447 }
448
449 /*
450 * {nlmsg_len=52, nlmsg_type=RTM_GETLINK, nlmsg_flags=NLM_F_REQUEST, nlmsg_seq=1662842818, nlmsg_pid=0},
451 * {ifi_family=AF_PACKET, ifi_type=ARPHRD_NETROM, ifi_index=0, ifi_flags=0, ifi_change=0},
452 * [
453 * [{nla_len=10, nla_type=IFLA_IFNAME}, "vnet9"],
454 * [{nla_len=8, nla_type=IFLA_EXT_MASK}, RTEXT_FILTER_VF]
455 * ]
456 */
457 static int
rtnl_handle_getlink(struct nlmsghdr * hdr,struct nlpcb * nlp,struct nl_pstate * npt)458 rtnl_handle_getlink(struct nlmsghdr *hdr, struct nlpcb *nlp, struct nl_pstate *npt)
459 {
460 struct epoch_tracker et;
461 if_t ifp;
462 int error = 0;
463
464 struct nl_parsed_link attrs = {};
465 error = nl_parse_nlmsg(hdr, &ifmsg_parser, npt, &attrs);
466 if (error != 0)
467 return (error);
468
469 struct netlink_walkargs wa = {
470 .so = nlp,
471 .nw = npt->nw,
472 .hdr.nlmsg_pid = hdr->nlmsg_pid,
473 .hdr.nlmsg_seq = hdr->nlmsg_seq,
474 .hdr.nlmsg_flags = hdr->nlmsg_flags,
475 .hdr.nlmsg_type = NL_RTM_NEWLINK,
476 };
477
478 /* Fast track for an interface w/ explicit name or index match */
479 if ((attrs.ifi_index != 0) || (attrs.ifla_ifname != NULL)) {
480 if (attrs.ifi_index != 0) {
481 NLP_LOG(LOG_DEBUG3, nlp, "fast track -> searching index %u",
482 attrs.ifi_index);
483 NET_EPOCH_ENTER(et);
484 ifp = ifnet_byindex_ref(attrs.ifi_index);
485 NET_EPOCH_EXIT(et);
486 } else {
487 NLP_LOG(LOG_DEBUG3, nlp, "fast track -> searching name %s",
488 attrs.ifla_ifname);
489 ifp = ifunit_ref(attrs.ifla_ifname);
490 }
491
492 if (ifp != NULL) {
493 if (match_iface(ifp, &attrs)) {
494 if (!dump_iface(wa.nw, ifp, &wa.hdr, 0, NULL))
495 error = ENOMEM;
496 } else
497 error = ENODEV;
498 if_rele(ifp);
499 } else
500 error = ENODEV;
501 return (error);
502 }
503
504 /* Always treat non-direct-match as a multipart message */
505 wa.hdr.nlmsg_flags |= NLM_F_MULTI;
506
507 /*
508 * Fetching some link properties require performing ioctl's that may be blocking.
509 * Address it by saving referenced pointers of the matching links,
510 * exiting from epoch and going through the list one-by-one.
511 */
512
513 NL_LOG(LOG_DEBUG2, "Start dump");
514 if_foreach_sleep(match_iface, &attrs, dump_cb, &wa);
515 NL_LOG(LOG_DEBUG2, "End dump, iterated %d dumped %d", wa.count, wa.dumped);
516
517 if (!nlmsg_end_dump(wa.nw, error, &wa.hdr)) {
518 NL_LOG(LOG_DEBUG, "Unable to finalize the dump");
519 return (ENOMEM);
520 }
521
522 return (error);
523 }
524
525 /*
526 * sendmsg(3, {msg_name={sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, msg_namelen=12, msg_iov=[{iov_base=[
527 * {nlmsg_len=60, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=1662715618, nlmsg_pid=0},
528 * {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=0, ifi_flags=0, ifi_change=0},
529 * {nla_len=11, nla_type=IFLA_IFNAME}, "dummy0"],
530 * [
531 * {nla_len=16, nla_type=IFLA_LINKINFO},
532 * [
533 * {nla_len=9, nla_type=IFLA_INFO_KIND}, "dummy"...
534 * ]
535 * ]
536 */
537
538 static int
rtnl_handle_dellink(struct nlmsghdr * hdr,struct nlpcb * nlp,struct nl_pstate * npt)539 rtnl_handle_dellink(struct nlmsghdr *hdr, struct nlpcb *nlp, struct nl_pstate *npt)
540 {
541 struct epoch_tracker et;
542 if_t ifp;
543 int error;
544
545 struct nl_parsed_link attrs = {};
546 error = nl_parse_nlmsg(hdr, &ifmsg_parser, npt, &attrs);
547 if (error != 0)
548 return (error);
549
550 NET_EPOCH_ENTER(et);
551 ifp = ifnet_byindex_ref(attrs.ifi_index);
552 NET_EPOCH_EXIT(et);
553 if (ifp == NULL) {
554 NLP_LOG(LOG_DEBUG, nlp, "unable to find interface %u", attrs.ifi_index);
555 return (ENOENT);
556 }
557 NLP_LOG(LOG_DEBUG3, nlp, "mapped ifindex %u to %s", attrs.ifi_index, if_name(ifp));
558
559 sx_xlock(&ifnet_detach_sxlock);
560 error = if_clone_destroy(if_name(ifp));
561 sx_xunlock(&ifnet_detach_sxlock);
562
563 NLP_LOG(LOG_DEBUG2, nlp, "deleting interface %s returned %d", if_name(ifp), error);
564
565 if_rele(ifp);
566 return (error);
567 }
568
569 /*
570 * New link:
571 * type=RTM_NEWLINK, flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, seq=1668185590, pid=0},
572 * {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=0, ifi_flags=0, ifi_change=0}
573 * [
574 * {{nla_len=8, nla_type=IFLA_MTU}, 123},
575 * {{nla_len=10, nla_type=IFLA_IFNAME}, "vlan1"},
576 * {{nla_len=24, nla_type=IFLA_LINKINFO},
577 * [
578 * {{nla_len=8, nla_type=IFLA_INFO_KIND}, "vlan"...},
579 * {{nla_len=12, nla_type=IFLA_INFO_DATA}, "\x06\x00\x01\x00\x7b\x00\x00\x00"}]}]}
580 *
581 * Update link:
582 * type=RTM_NEWLINK, flags=NLM_F_REQUEST|NLM_F_ACK, seq=1668185923, pid=0},
583 * {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=if_nametoindex("lo"), ifi_flags=0, ifi_change=0},
584 * {{nla_len=8, nla_type=IFLA_MTU}, 123}}
585 *
586 *
587 * Check command availability:
588 * type=RTM_NEWLINK, flags=NLM_F_REQUEST|NLM_F_ACK, seq=0, pid=0},
589 * {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=0, ifi_flags=0, ifi_change=0}
590 */
591
592
593 static int
create_link(struct nlmsghdr * hdr,struct nl_parsed_link * lattrs,struct nlattr_bmask * bm,struct nlpcb * nlp,struct nl_pstate * npt)594 create_link(struct nlmsghdr *hdr, struct nl_parsed_link *lattrs,
595 struct nlattr_bmask *bm, struct nlpcb *nlp, struct nl_pstate *npt)
596 {
597 if (lattrs->ifla_ifname == NULL || strlen(lattrs->ifla_ifname) == 0) {
598 NLMSG_REPORT_ERR_MSG(npt, "empty IFLA_IFNAME attribute");
599 return (EINVAL);
600 }
601 if (lattrs->ifla_cloner == NULL || strlen(lattrs->ifla_cloner) == 0) {
602 NLMSG_REPORT_ERR_MSG(npt, "empty IFLA_INFO_KIND attribute");
603 return (EINVAL);
604 }
605
606 struct ifc_data_nl ifd = {
607 .flags = IFC_F_CREATE,
608 .lattrs = lattrs,
609 .bm = bm,
610 .npt = npt,
611 };
612 if (ifc_create_ifp_nl(lattrs->ifla_ifname, &ifd) && ifd.error == 0)
613 nl_store_ifp_cookie(npt, ifd.ifp);
614
615 return (ifd.error);
616 }
617
618 static int
modify_link(struct nlmsghdr * hdr,struct nl_parsed_link * lattrs,struct nlattr_bmask * bm,struct nlpcb * nlp,struct nl_pstate * npt)619 modify_link(struct nlmsghdr *hdr, struct nl_parsed_link *lattrs,
620 struct nlattr_bmask *bm, struct nlpcb *nlp, struct nl_pstate *npt)
621 {
622 if_t ifp = NULL;
623 struct epoch_tracker et;
624
625 if (lattrs->ifi_index == 0 && lattrs->ifla_ifname == NULL) {
626 /*
627 * Applications like ip(8) verify RTM_NEWLINK command
628 * existence by calling it with empty arguments. Always
629 * return "innocent" error in that case.
630 */
631 NLMSG_REPORT_ERR_MSG(npt, "empty ifi_index field");
632 return (EPERM);
633 }
634
635 if (lattrs->ifi_index != 0) {
636 NET_EPOCH_ENTER(et);
637 ifp = ifnet_byindex_ref(lattrs->ifi_index);
638 NET_EPOCH_EXIT(et);
639 if (ifp == NULL) {
640 NLMSG_REPORT_ERR_MSG(npt, "unable to find interface #%u",
641 lattrs->ifi_index);
642 return (ENOENT);
643 }
644 }
645
646 if (ifp == NULL && lattrs->ifla_ifname != NULL) {
647 ifp = ifunit_ref(lattrs->ifla_ifname);
648 if (ifp == NULL) {
649 NLMSG_REPORT_ERR_MSG(npt, "unable to find interface %s",
650 lattrs->ifla_ifname);
651 return (ENOENT);
652 }
653 }
654
655 MPASS(ifp != NULL);
656
657 /*
658 * Modification request can address either
659 * 1) cloned interface, in which case we call the cloner-specific
660 * modification routine
661 * or
662 * 2) non-cloned (e.g. "physical") interface, in which case we call
663 * generic modification routine
664 */
665 struct ifc_data_nl ifd = { .lattrs = lattrs, .bm = bm, .npt = npt };
666 if (!ifc_modify_ifp_nl(ifp, &ifd))
667 ifd.error = nl_modify_ifp_generic(ifp, lattrs, bm, npt);
668
669 if_rele(ifp);
670
671 return (ifd.error);
672 }
673
674
675 static int
rtnl_handle_newlink(struct nlmsghdr * hdr,struct nlpcb * nlp,struct nl_pstate * npt)676 rtnl_handle_newlink(struct nlmsghdr *hdr, struct nlpcb *nlp, struct nl_pstate *npt)
677 {
678 struct nlattr_bmask bm;
679 struct thread *td = curthread;
680 struct ucred *cred;
681 int error;
682
683 struct nl_parsed_link attrs = {};
684 error = nl_parse_nlmsg(hdr, &ifmsg_parser, npt, &attrs);
685 if (error != 0)
686 return (error);
687 nl_get_attrs_bmask_nlmsg(hdr, &ifmsg_parser, &bm);
688
689 /* XXX: temporary patch until the D39180 review lands */
690 cred = td->td_ucred;
691 td->td_ucred = nlp_get_cred(nlp);
692 if (hdr->nlmsg_flags & NLM_F_CREATE)
693 error = create_link(hdr, &attrs, &bm, nlp, npt);
694 else
695 error = modify_link(hdr, &attrs, &bm, nlp, npt);
696 td->td_ucred = cred;
697
698 return (error);
699 }
700
701 static void
set_scope6(struct sockaddr * sa,uint32_t ifindex)702 set_scope6(struct sockaddr *sa, uint32_t ifindex)
703 {
704 #ifdef INET6
705 if (sa != NULL && sa->sa_family == AF_INET6) {
706 struct sockaddr_in6 *sa6 = (struct sockaddr_in6 *)sa;
707
708 if (IN6_IS_ADDR_LINKLOCAL(&sa6->sin6_addr))
709 in6_set_unicast_scopeid(&sa6->sin6_addr, ifindex);
710 }
711 #endif
712 }
713
714 static bool
check_sa_family(const struct sockaddr * sa,int family,const char * attr_name,struct nl_pstate * npt)715 check_sa_family(const struct sockaddr *sa, int family, const char *attr_name,
716 struct nl_pstate *npt)
717 {
718 if (sa == NULL || sa->sa_family == family)
719 return (true);
720
721 nlmsg_report_err_msg(npt, "wrong family for %s attribute: %d != %d",
722 attr_name, family, sa->sa_family);
723 return (false);
724 }
725
726 struct nl_parsed_ifa {
727 uint8_t ifa_family;
728 uint8_t ifa_prefixlen;
729 uint8_t ifa_scope;
730 uint32_t ifa_index;
731 uint32_t ifa_flags;
732 uint32_t ifaf_vhid;
733 uint32_t ifaf_flags;
734 struct sockaddr *ifa_address;
735 struct sockaddr *ifa_local;
736 struct sockaddr *ifa_broadcast;
737 struct ifa_cacheinfo *ifa_cacheinfo;
738 struct sockaddr *f_ifa_addr;
739 struct sockaddr *f_ifa_dst;
740 };
741
742 static int
nlattr_get_cinfo(struct nlattr * nla,struct nl_pstate * npt,const void * arg __unused,void * target)743 nlattr_get_cinfo(struct nlattr *nla, struct nl_pstate *npt,
744 const void *arg __unused, void *target)
745 {
746 if (__predict_false(NLA_DATA_LEN(nla) != sizeof(struct ifa_cacheinfo))) {
747 NLMSG_REPORT_ERR_MSG(npt, "nla type %d size(%u) is not ifa_cacheinfo",
748 nla->nla_type, NLA_DATA_LEN(nla));
749 return (EINVAL);
750 }
751 *((struct ifa_cacheinfo **)target) = (struct ifa_cacheinfo *)NL_RTA_DATA(nla);
752 return (0);
753 }
754
755 #define _IN(_field) offsetof(struct ifaddrmsg, _field)
756 #define _OUT(_field) offsetof(struct nl_parsed_ifa, _field)
757 static const struct nlfield_parser nlf_p_ifa[] = {
758 { .off_in = _IN(ifa_family), .off_out = _OUT(ifa_family), .cb = nlf_get_u8 },
759 { .off_in = _IN(ifa_prefixlen), .off_out = _OUT(ifa_prefixlen), .cb = nlf_get_u8 },
760 { .off_in = _IN(ifa_scope), .off_out = _OUT(ifa_scope), .cb = nlf_get_u8 },
761 { .off_in = _IN(ifa_flags), .off_out = _OUT(ifa_flags), .cb = nlf_get_u8_u32 },
762 { .off_in = _IN(ifa_index), .off_out = _OUT(ifa_index), .cb = nlf_get_u32 },
763 };
764
765 static const struct nlattr_parser nla_p_ifa_fbsd[] = {
766 { .type = IFAF_VHID, .off = _OUT(ifaf_vhid), .cb = nlattr_get_uint32 },
767 { .type = IFAF_FLAGS, .off = _OUT(ifaf_flags), .cb = nlattr_get_uint32 },
768 };
769 NL_DECLARE_ATTR_PARSER(ifa_fbsd_parser, nla_p_ifa_fbsd);
770
771 static const struct nlattr_parser nla_p_ifa[] = {
772 { .type = IFA_ADDRESS, .off = _OUT(ifa_address), .cb = nlattr_get_ip },
773 { .type = IFA_LOCAL, .off = _OUT(ifa_local), .cb = nlattr_get_ip },
774 { .type = IFA_BROADCAST, .off = _OUT(ifa_broadcast), .cb = nlattr_get_ip },
775 { .type = IFA_CACHEINFO, .off = _OUT(ifa_cacheinfo), .cb = nlattr_get_cinfo },
776 { .type = IFA_FLAGS, .off = _OUT(ifa_flags), .cb = nlattr_get_uint32 },
777 { .type = IFA_FREEBSD, .arg = &ifa_fbsd_parser, .cb = nlattr_get_nested },
778 };
779 #undef _IN
780 #undef _OUT
781
782 static bool
post_p_ifa(void * _attrs,struct nl_pstate * npt)783 post_p_ifa(void *_attrs, struct nl_pstate *npt)
784 {
785 struct nl_parsed_ifa *attrs = (struct nl_parsed_ifa *)_attrs;
786
787 if (!check_sa_family(attrs->ifa_address, attrs->ifa_family, "IFA_ADDRESS", npt))
788 return (false);
789 if (!check_sa_family(attrs->ifa_local, attrs->ifa_family, "IFA_LOCAL", npt))
790 return (false);
791 if (!check_sa_family(attrs->ifa_broadcast, attrs->ifa_family, "IFA_BROADADDR", npt))
792 return (false);
793
794 set_scope6(attrs->ifa_address, attrs->ifa_index);
795 set_scope6(attrs->ifa_local, attrs->ifa_index);
796
797 return (true);
798 }
799
800 NL_DECLARE_PARSER_EXT(ifa_parser, struct ifaddrmsg, NULL, nlf_p_ifa, nla_p_ifa, post_p_ifa);
801
802
803 /*
804
805 {ifa_family=AF_INET, ifa_prefixlen=8, ifa_flags=IFA_F_PERMANENT, ifa_scope=RT_SCOPE_HOST, ifa_index=if_nametoindex("lo")},
806 [
807 {{nla_len=8, nla_type=IFA_ADDRESS}, inet_addr("127.0.0.1")},
808 {{nla_len=8, nla_type=IFA_LOCAL}, inet_addr("127.0.0.1")},
809 {{nla_len=7, nla_type=IFA_LABEL}, "lo"},
810 {{nla_len=8, nla_type=IFA_FLAGS}, IFA_F_PERMANENT},
811 {{nla_len=20, nla_type=IFA_CACHEINFO}, {ifa_prefered=4294967295, ifa_valid=4294967295, cstamp=3619, tstamp=3619}}]},
812 ---
813
814 {{len=72, type=RTM_NEWADDR, flags=NLM_F_MULTI, seq=1642191126, pid=566735},
815 {ifa_family=AF_INET6, ifa_prefixlen=96, ifa_flags=IFA_F_PERMANENT, ifa_scope=RT_SCOPE_UNIVERSE, ifa_index=if_nametoindex("virbr0")},
816 [
817 {{nla_len=20, nla_type=IFA_ADDRESS}, inet_pton(AF_INET6, "2a01:4f8:13a:70c:ffff::1")},
818 {{nla_len=20, nla_type=IFA_CACHEINFO}, {ifa_prefered=4294967295, ifa_valid=4294967295, cstamp=4283, tstamp=4283}},
819 {{nla_len=8, nla_type=IFA_FLAGS}, IFA_F_PERMANENT}]},
820 */
821
822 static uint8_t
ifa_get_scope(const struct ifaddr * ifa)823 ifa_get_scope(const struct ifaddr *ifa)
824 {
825 const struct sockaddr *sa;
826 uint8_t addr_scope = RT_SCOPE_UNIVERSE;
827
828 sa = ifa->ifa_addr;
829 switch (sa->sa_family) {
830 #ifdef INET
831 case AF_INET:
832 {
833 struct in_addr addr;
834 addr = ((const struct sockaddr_in *)sa)->sin_addr;
835 if (IN_LOOPBACK(ntohl(addr.s_addr)))
836 addr_scope = RT_SCOPE_HOST;
837 else if (IN_LINKLOCAL(ntohl(addr.s_addr)))
838 addr_scope = RT_SCOPE_LINK;
839 break;
840 }
841 #endif
842 #ifdef INET6
843 case AF_INET6:
844 {
845 const struct in6_addr *addr;
846 addr = &((const struct sockaddr_in6 *)sa)->sin6_addr;
847 if (IN6_IS_ADDR_LOOPBACK(addr))
848 addr_scope = RT_SCOPE_HOST;
849 else if (IN6_IS_ADDR_LINKLOCAL(addr))
850 addr_scope = RT_SCOPE_LINK;
851 break;
852 }
853 #endif
854 }
855
856 return (addr_scope);
857 }
858
859 #ifdef INET6
860 static uint8_t
inet6_get_plen(const struct in6_addr * addr)861 inet6_get_plen(const struct in6_addr *addr)
862 {
863
864 return (bitcount32(addr->s6_addr32[0]) + bitcount32(addr->s6_addr32[1]) +
865 bitcount32(addr->s6_addr32[2]) + bitcount32(addr->s6_addr32[3]));
866 }
867 #endif
868
869 static uint8_t
get_sa_plen(const struct sockaddr * sa)870 get_sa_plen(const struct sockaddr *sa)
871 {
872 #ifdef INET
873 const struct in_addr *paddr;
874 #endif
875 #ifdef INET6
876 const struct in6_addr *paddr6;
877 #endif
878
879 switch (sa->sa_family) {
880 #ifdef INET
881 case AF_INET:
882 paddr = &(((const struct sockaddr_in *)sa)->sin_addr);
883 return bitcount32(paddr->s_addr);
884 #endif
885 #ifdef INET6
886 case AF_INET6:
887 paddr6 = &(((const struct sockaddr_in6 *)sa)->sin6_addr);
888 return inet6_get_plen(paddr6);
889 #endif
890 }
891
892 return (0);
893 }
894
895 #ifdef INET6
896 static uint32_t
in6_flags_to_nl(uint32_t flags)897 in6_flags_to_nl(uint32_t flags)
898 {
899 uint32_t nl_flags = 0;
900
901 if (flags & IN6_IFF_TEMPORARY)
902 nl_flags |= IFA_F_TEMPORARY;
903 if (flags & IN6_IFF_NODAD)
904 nl_flags |= IFA_F_NODAD;
905 if (flags & IN6_IFF_DEPRECATED)
906 nl_flags |= IFA_F_DEPRECATED;
907 if (flags & IN6_IFF_TENTATIVE)
908 nl_flags |= IFA_F_TENTATIVE;
909 if ((flags & (IN6_IFF_AUTOCONF|IN6_IFF_TEMPORARY)) == 0)
910 flags |= IFA_F_PERMANENT;
911 if (flags & IN6_IFF_DUPLICATED)
912 flags |= IFA_F_DADFAILED;
913 return (nl_flags);
914 }
915
916 static uint32_t
nl_flags_to_in6(uint32_t flags)917 nl_flags_to_in6(uint32_t flags)
918 {
919 uint32_t in6_flags = 0;
920
921 if (flags & IFA_F_TEMPORARY)
922 in6_flags |= IN6_IFF_TEMPORARY;
923 if (flags & IFA_F_NODAD)
924 in6_flags |= IN6_IFF_NODAD;
925 if (flags & IFA_F_DEPRECATED)
926 in6_flags |= IN6_IFF_DEPRECATED;
927 if (flags & IFA_F_TENTATIVE)
928 in6_flags |= IN6_IFF_TENTATIVE;
929 if (flags & IFA_F_DADFAILED)
930 in6_flags |= IN6_IFF_DUPLICATED;
931
932 return (in6_flags);
933 }
934
935 static void
export_cache_info6(struct nl_writer * nw,const struct in6_ifaddr * ia)936 export_cache_info6(struct nl_writer *nw, const struct in6_ifaddr *ia)
937 {
938 struct ifa_cacheinfo ci = {
939 .cstamp = ia->ia6_createtime * 1000,
940 .tstamp = ia->ia6_updatetime * 1000,
941 .ifa_prefered = ia->ia6_lifetime.ia6t_pltime,
942 .ifa_valid = ia->ia6_lifetime.ia6t_vltime,
943 };
944
945 nlattr_add(nw, IFA_CACHEINFO, sizeof(ci), &ci);
946 }
947 #endif
948
949 static void
export_cache_info(struct nl_writer * nw,struct ifaddr * ifa)950 export_cache_info(struct nl_writer *nw, struct ifaddr *ifa)
951 {
952 switch (ifa->ifa_addr->sa_family) {
953 #ifdef INET6
954 case AF_INET6:
955 export_cache_info6(nw, (struct in6_ifaddr *)ifa);
956 break;
957 #endif
958 }
959 }
960
961 /*
962 * {'attrs': [('IFA_ADDRESS', '12.0.0.1'),
963 ('IFA_LOCAL', '12.0.0.1'),
964 ('IFA_LABEL', 'eth10'),
965 ('IFA_FLAGS', 128),
966 ('IFA_CACHEINFO', {'ifa_preferred': 4294967295, 'ifa_valid': 4294967295, 'cstamp': 63745746, 'tstamp': 63745746})],
967 */
968 static bool
dump_iface_addr(struct nl_writer * nw,if_t ifp,struct ifaddr * ifa,const struct nlmsghdr * hdr)969 dump_iface_addr(struct nl_writer *nw, if_t ifp, struct ifaddr *ifa,
970 const struct nlmsghdr *hdr)
971 {
972 struct ifaddrmsg *ifamsg;
973 struct sockaddr *sa = ifa->ifa_addr;
974 struct sockaddr *sa_dst = ifa->ifa_dstaddr;
975
976 NL_LOG(LOG_DEBUG3, "dumping ifa %p type %s(%d) for interface %s",
977 ifa, rib_print_family(sa->sa_family), sa->sa_family, if_name(ifp));
978
979 if (!nlmsg_reply(nw, hdr, sizeof(struct ifaddrmsg)))
980 goto enomem;
981
982 ifamsg = nlmsg_reserve_object(nw, struct ifaddrmsg);
983 ifamsg->ifa_family = sa->sa_family;
984 ifamsg->ifa_prefixlen = get_sa_plen(ifa->ifa_netmask);
985 ifamsg->ifa_flags = 0; // ifa_flags is useless
986 ifamsg->ifa_scope = ifa_get_scope(ifa);
987 ifamsg->ifa_index = if_getindex(ifp);
988
989 if ((if_getflags(ifp) & IFF_POINTOPOINT) && sa_dst != NULL && sa_dst->sa_family != 0) {
990 /* P2P interface may have IPv6 LL with no dst address */
991 dump_sa(nw, IFA_ADDRESS, sa_dst);
992 dump_sa(nw, IFA_LOCAL, sa);
993 } else {
994 dump_sa(nw, IFA_ADDRESS, sa);
995 #ifdef INET
996 /*
997 * In most cases, IFA_ADDRESS == IFA_LOCAL
998 * Skip IFA_LOCAL for anything except INET
999 */
1000 if (sa->sa_family == AF_INET)
1001 dump_sa(nw, IFA_LOCAL, sa);
1002 #endif
1003 }
1004 if (if_getflags(ifp) & IFF_BROADCAST)
1005 dump_sa(nw, IFA_BROADCAST, ifa->ifa_broadaddr);
1006
1007 nlattr_add_string(nw, IFA_LABEL, if_name(ifp));
1008
1009 uint32_t nl_ifa_flags = 0;
1010 #ifdef INET6
1011 if (sa->sa_family == AF_INET6) {
1012 struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa;
1013 nl_ifa_flags = in6_flags_to_nl(ia->ia6_flags);
1014 }
1015 #endif
1016 nlattr_add_u32(nw, IFA_FLAGS, nl_ifa_flags);
1017
1018 export_cache_info(nw, ifa);
1019
1020 /* Store FreeBSD-specific attributes */
1021 int off = nlattr_add_nested(nw, IFA_FREEBSD);
1022 if (off != 0) {
1023 if (ifa->ifa_carp != NULL && carp_get_vhid_p != NULL) {
1024 uint32_t vhid = (uint32_t)(*carp_get_vhid_p)(ifa);
1025 nlattr_add_u32(nw, IFAF_VHID, vhid);
1026 }
1027 #ifdef INET6
1028 if (sa->sa_family == AF_INET6) {
1029 uint32_t ifa_flags = ((struct in6_ifaddr *)ifa)->ia6_flags;
1030
1031 nlattr_add_u32(nw, IFAF_FLAGS, ifa_flags);
1032 }
1033 #endif
1034
1035 nlattr_set_len(nw, off);
1036 }
1037
1038 if (nlmsg_end(nw))
1039 return (true);
1040 enomem:
1041 NL_LOG(LOG_DEBUG, "Failed to dump ifa type %s(%d) for interface %s",
1042 rib_print_family(sa->sa_family), sa->sa_family, if_name(ifp));
1043 nlmsg_abort(nw);
1044 return (false);
1045 }
1046
1047 static int
dump_iface_addrs(struct netlink_walkargs * wa,if_t ifp)1048 dump_iface_addrs(struct netlink_walkargs *wa, if_t ifp)
1049 {
1050 struct ifaddr *ifa;
1051 struct ifa_iter it;
1052 int error = 0;
1053
1054 for (ifa = ifa_iter_start(ifp, &it); ifa != NULL; ifa = ifa_iter_next(&it)) {
1055 if (wa->family != 0 && wa->family != ifa->ifa_addr->sa_family)
1056 continue;
1057 if (ifa->ifa_addr->sa_family == AF_LINK)
1058 continue;
1059 if (prison_if(wa->cred, ifa->ifa_addr) != 0)
1060 continue;
1061 wa->count++;
1062 if (!dump_iface_addr(wa->nw, ifp, ifa, &wa->hdr)) {
1063 error = ENOMEM;
1064 break;
1065 }
1066 wa->dumped++;
1067 }
1068 ifa_iter_finish(&it);
1069
1070 return (error);
1071 }
1072
1073 static int
rtnl_handle_getaddr(struct nlmsghdr * hdr,struct nlpcb * nlp,struct nl_pstate * npt)1074 rtnl_handle_getaddr(struct nlmsghdr *hdr, struct nlpcb *nlp, struct nl_pstate *npt)
1075 {
1076 if_t ifp;
1077 int error = 0;
1078
1079 struct nl_parsed_ifa attrs = {};
1080 error = nl_parse_nlmsg(hdr, &ifa_parser, npt, &attrs);
1081 if (error != 0)
1082 return (error);
1083
1084 struct netlink_walkargs wa = {
1085 .so = nlp,
1086 .nw = npt->nw,
1087 .cred = nlp_get_cred(nlp),
1088 .family = attrs.ifa_family,
1089 .hdr.nlmsg_pid = hdr->nlmsg_pid,
1090 .hdr.nlmsg_seq = hdr->nlmsg_seq,
1091 .hdr.nlmsg_flags = hdr->nlmsg_flags | NLM_F_MULTI,
1092 .hdr.nlmsg_type = NL_RTM_NEWADDR,
1093 };
1094
1095 NL_LOG(LOG_DEBUG2, "Start dump");
1096
1097 if (attrs.ifa_index != 0) {
1098 ifp = ifnet_byindex(attrs.ifa_index);
1099 if (ifp == NULL)
1100 error = ENOENT;
1101 else
1102 error = dump_iface_addrs(&wa, ifp);
1103 } else {
1104 struct if_iter it;
1105
1106 for (ifp = if_iter_start(&it); ifp != NULL; ifp = if_iter_next(&it)) {
1107 error = dump_iface_addrs(&wa, ifp);
1108 if (error != 0)
1109 break;
1110 }
1111 if_iter_finish(&it);
1112 }
1113
1114 NL_LOG(LOG_DEBUG2, "End dump, iterated %d dumped %d", wa.count, wa.dumped);
1115
1116 if (!nlmsg_end_dump(wa.nw, error, &wa.hdr)) {
1117 NL_LOG(LOG_DEBUG, "Unable to finalize the dump");
1118 return (ENOMEM);
1119 }
1120
1121 return (error);
1122 }
1123
1124 #ifdef INET
1125 static int
handle_newaddr_inet(struct nlmsghdr * hdr,struct nl_parsed_ifa * attrs,if_t ifp,struct nlpcb * nlp,struct nl_pstate * npt)1126 handle_newaddr_inet(struct nlmsghdr *hdr, struct nl_parsed_ifa *attrs,
1127 if_t ifp, struct nlpcb *nlp, struct nl_pstate *npt)
1128 {
1129 int plen = attrs->ifa_prefixlen;
1130 int if_flags = if_getflags(ifp);
1131 struct sockaddr_in *addr, *dst;
1132
1133 if (plen > 32) {
1134 nlmsg_report_err_msg(npt, "invalid ifa_prefixlen");
1135 return (EINVAL);
1136 };
1137
1138 if (if_flags & IFF_POINTOPOINT) {
1139 /*
1140 * Only P2P IFAs are allowed by the implementation.
1141 */
1142 if (attrs->ifa_address == NULL || attrs->ifa_local == NULL) {
1143 nlmsg_report_err_msg(npt, "Empty IFA_LOCAL/IFA_ADDRESS");
1144 return (EINVAL);
1145 }
1146 addr = (struct sockaddr_in *)attrs->ifa_local;
1147 dst = (struct sockaddr_in *)attrs->ifa_address;
1148 } else {
1149 /*
1150 * Map the Netlink attributes to FreeBSD ifa layout.
1151 * If only IFA_ADDRESS or IFA_LOCAL is set OR
1152 * both are set to the same value => ifa is not p2p
1153 * and the attribute value contains interface address.
1154 *
1155 * Otherwise (both IFA_ADDRESS and IFA_LOCAL are set and
1156 * different), IFA_LOCAL contains an interface address and
1157 * IFA_ADDRESS contains peer address.
1158 */
1159 addr = (struct sockaddr_in *)attrs->ifa_local;
1160 if (addr == NULL)
1161 addr = (struct sockaddr_in *)attrs->ifa_address;
1162
1163 if (addr == NULL) {
1164 nlmsg_report_err_msg(npt, "Empty IFA_LOCAL/IFA_ADDRESS");
1165 return (EINVAL);
1166 }
1167
1168 /* Generate broadcast address if not set */
1169 if ((if_flags & IFF_BROADCAST) && attrs->ifa_broadcast == NULL) {
1170 uint32_t s_baddr;
1171 struct sockaddr_in *sin_brd;
1172
1173 if (plen == 31)
1174 s_baddr = INADDR_BROADCAST; /* RFC 3021 */
1175 else {
1176 uint32_t s_mask;
1177
1178 s_mask = htonl(plen ? ~((1 << (32 - plen)) - 1) : 0);
1179 s_baddr = addr->sin_addr.s_addr | ~s_mask;
1180 }
1181
1182 sin_brd = (struct sockaddr_in *)npt_alloc(npt, sizeof(*sin_brd));
1183 if (sin_brd == NULL)
1184 return (ENOMEM);
1185 sin_brd->sin_family = AF_INET;
1186 sin_brd->sin_len = sizeof(*sin_brd);
1187 sin_brd->sin_addr.s_addr = s_baddr;
1188 attrs->ifa_broadcast = (struct sockaddr *)sin_brd;
1189 }
1190 dst = (struct sockaddr_in *)attrs->ifa_broadcast;
1191 }
1192
1193 struct sockaddr_in mask = {
1194 .sin_len = sizeof(struct sockaddr_in),
1195 .sin_family = AF_INET,
1196 .sin_addr.s_addr = htonl(plen ? ~((1 << (32 - plen)) - 1) : 0),
1197 };
1198 struct in_aliasreq req = {
1199 .ifra_addr = *addr,
1200 .ifra_mask = mask,
1201 .ifra_vhid = attrs->ifaf_vhid,
1202 };
1203 if (dst != NULL)
1204 req.ifra_dstaddr = *dst;
1205
1206 return (in_control_ioctl(SIOCAIFADDR, &req, ifp, nlp_get_cred(nlp)));
1207 }
1208
1209 static int
handle_deladdr_inet(struct nlmsghdr * hdr,struct nl_parsed_ifa * attrs,if_t ifp,struct nlpcb * nlp,struct nl_pstate * npt)1210 handle_deladdr_inet(struct nlmsghdr *hdr, struct nl_parsed_ifa *attrs,
1211 if_t ifp, struct nlpcb *nlp, struct nl_pstate *npt)
1212 {
1213 struct sockaddr *addr = attrs->ifa_local;
1214
1215 if (addr == NULL)
1216 addr = attrs->ifa_address;
1217
1218 if (addr == NULL) {
1219 nlmsg_report_err_msg(npt, "empty IFA_ADDRESS/IFA_LOCAL");
1220 return (EINVAL);
1221 }
1222
1223 struct ifreq req = { .ifr_addr = *addr };
1224
1225 return (in_control_ioctl(SIOCDIFADDR, &req, ifp, nlp_get_cred(nlp)));
1226 }
1227 #endif
1228
1229 #ifdef INET6
1230 static int
handle_newaddr_inet6(struct nlmsghdr * hdr,struct nl_parsed_ifa * attrs,if_t ifp,struct nlpcb * nlp,struct nl_pstate * npt)1231 handle_newaddr_inet6(struct nlmsghdr *hdr, struct nl_parsed_ifa *attrs,
1232 if_t ifp, struct nlpcb *nlp, struct nl_pstate *npt)
1233 {
1234 struct sockaddr_in6 *addr, *dst;
1235
1236 if (attrs->ifa_prefixlen > 128) {
1237 nlmsg_report_err_msg(npt, "invalid ifa_prefixlen");
1238 return (EINVAL);
1239 }
1240
1241 /*
1242 * In IPv6 implementation, adding non-P2P address to the P2P interface
1243 * is allowed.
1244 */
1245 addr = (struct sockaddr_in6 *)(attrs->ifa_local);
1246 dst = (struct sockaddr_in6 *)(attrs->ifa_address);
1247
1248 if (addr == NULL) {
1249 addr = dst;
1250 dst = NULL;
1251 } else if (dst != NULL) {
1252 if (IN6_ARE_ADDR_EQUAL(&addr->sin6_addr, &dst->sin6_addr)) {
1253 /*
1254 * Sometimes Netlink users fills in both attributes
1255 * with the same address. It still means "non-p2p".
1256 */
1257 dst = NULL;
1258 }
1259 }
1260
1261 if (addr == NULL) {
1262 nlmsg_report_err_msg(npt, "Empty IFA_LOCAL/IFA_ADDRESS");
1263 return (EINVAL);
1264 }
1265
1266 uint32_t flags = nl_flags_to_in6(attrs->ifa_flags) | attrs->ifaf_flags;
1267
1268 uint32_t pltime = 0, vltime = 0;
1269 if (attrs->ifa_cacheinfo != 0) {
1270 pltime = attrs->ifa_cacheinfo->ifa_prefered;
1271 vltime = attrs->ifa_cacheinfo->ifa_valid;
1272 }
1273
1274 struct sockaddr_in6 mask = {
1275 .sin6_len = sizeof(struct sockaddr_in6),
1276 .sin6_family = AF_INET6,
1277 };
1278 ip6_writemask(&mask.sin6_addr, attrs->ifa_prefixlen);
1279
1280 struct in6_aliasreq req = {
1281 .ifra_addr = *addr,
1282 .ifra_prefixmask = mask,
1283 .ifra_flags = flags,
1284 .ifra_lifetime = { .ia6t_vltime = vltime, .ia6t_pltime = pltime },
1285 .ifra_vhid = attrs->ifaf_vhid,
1286 };
1287 if (dst != NULL)
1288 req.ifra_dstaddr = *dst;
1289
1290 return (in6_control_ioctl(SIOCAIFADDR_IN6, &req, ifp, nlp_get_cred(nlp)));
1291 }
1292
1293 static int
handle_deladdr_inet6(struct nlmsghdr * hdr,struct nl_parsed_ifa * attrs,if_t ifp,struct nlpcb * nlp,struct nl_pstate * npt)1294 handle_deladdr_inet6(struct nlmsghdr *hdr, struct nl_parsed_ifa *attrs,
1295 if_t ifp, struct nlpcb *nlp, struct nl_pstate *npt)
1296 {
1297 struct sockaddr_in6 *addr = (struct sockaddr_in6 *)attrs->ifa_local;
1298
1299 if (addr == NULL)
1300 addr = (struct sockaddr_in6 *)(attrs->ifa_address);
1301
1302 if (addr == NULL) {
1303 nlmsg_report_err_msg(npt, "Empty IFA_LOCAL/IFA_ADDRESS");
1304 return (EINVAL);
1305 }
1306
1307 struct in6_ifreq req = { .ifr_addr = *addr };
1308
1309 return (in6_control_ioctl(SIOCDIFADDR_IN6, &req, ifp, nlp_get_cred(nlp)));
1310 }
1311 #endif
1312
1313
1314 static int
rtnl_handle_addr(struct nlmsghdr * hdr,struct nlpcb * nlp,struct nl_pstate * npt)1315 rtnl_handle_addr(struct nlmsghdr *hdr, struct nlpcb *nlp, struct nl_pstate *npt)
1316 {
1317 struct epoch_tracker et;
1318 int error;
1319
1320 struct nl_parsed_ifa attrs = {};
1321 error = nl_parse_nlmsg(hdr, &ifa_parser, npt, &attrs);
1322 if (error != 0)
1323 return (error);
1324
1325 NET_EPOCH_ENTER(et);
1326 if_t ifp = ifnet_byindex_ref(attrs.ifa_index);
1327 NET_EPOCH_EXIT(et);
1328
1329 if (ifp == NULL) {
1330 nlmsg_report_err_msg(npt, "Unable to find interface with index %u",
1331 attrs.ifa_index);
1332 return (ENOENT);
1333 }
1334 int if_flags = if_getflags(ifp);
1335
1336 #if defined(INET) || defined(INET6)
1337 bool new = hdr->nlmsg_type == NL_RTM_NEWADDR;
1338 #endif
1339
1340 /*
1341 * TODO: Properly handle NLM_F_CREATE / NLM_F_EXCL.
1342 * The current ioctl-based KPI always does an implicit create-or-replace.
1343 * It is not possible to specify fine-grained options.
1344 */
1345
1346 switch (attrs.ifa_family) {
1347 #ifdef INET
1348 case AF_INET:
1349 if (new)
1350 error = handle_newaddr_inet(hdr, &attrs, ifp, nlp, npt);
1351 else
1352 error = handle_deladdr_inet(hdr, &attrs, ifp, nlp, npt);
1353 break;
1354 #endif
1355 #ifdef INET6
1356 case AF_INET6:
1357 if (new)
1358 error = handle_newaddr_inet6(hdr, &attrs, ifp, nlp, npt);
1359 else
1360 error = handle_deladdr_inet6(hdr, &attrs, ifp, nlp, npt);
1361 break;
1362 #endif
1363 default:
1364 error = EAFNOSUPPORT;
1365 }
1366
1367 if (error == 0 && !(if_flags & IFF_UP) && (if_getflags(ifp) & IFF_UP))
1368 if_up(ifp);
1369
1370 if_rele(ifp);
1371
1372 return (error);
1373 }
1374
1375
1376 static void
rtnl_handle_ifaddr(void * arg __unused,struct ifaddr * ifa,int cmd)1377 rtnl_handle_ifaddr(void *arg __unused, struct ifaddr *ifa, int cmd)
1378 {
1379 struct nlmsghdr hdr = {};
1380 struct nl_writer nw;
1381 uint32_t group = 0;
1382
1383 switch (ifa->ifa_addr->sa_family) {
1384 #ifdef INET
1385 case AF_INET:
1386 group = RTNLGRP_IPV4_IFADDR;
1387 break;
1388 #endif
1389 #ifdef INET6
1390 case AF_INET6:
1391 group = RTNLGRP_IPV6_IFADDR;
1392 break;
1393 #endif
1394 default:
1395 NL_LOG(LOG_DEBUG2, "ifa notification for unknown AF: %d",
1396 ifa->ifa_addr->sa_family);
1397 return;
1398 }
1399
1400 if (!nl_writer_group(&nw, NLMSG_LARGE, NETLINK_ROUTE, group, 0,
1401 false)) {
1402 NL_LOG(LOG_DEBUG, "error allocating group writer");
1403 return;
1404 }
1405
1406 hdr.nlmsg_type = (cmd == RTM_DELETE) ? NL_RTM_DELADDR : NL_RTM_NEWADDR;
1407
1408 dump_iface_addr(&nw, ifa->ifa_ifp, ifa, &hdr);
1409 nlmsg_flush(&nw);
1410 }
1411
1412 static void
rtnl_handle_ifevent(if_t ifp,int nlmsg_type,int if_flags_mask,const char * ifname)1413 rtnl_handle_ifevent(if_t ifp, int nlmsg_type, int if_flags_mask,
1414 const char *ifname)
1415 {
1416 struct nlmsghdr hdr = { .nlmsg_type = nlmsg_type };
1417 struct nl_writer nw;
1418
1419 if (!nl_writer_group(&nw, NLMSG_LARGE, NETLINK_ROUTE, RTNLGRP_LINK, 0,
1420 false)) {
1421 NL_LOG(LOG_DEBUG, "error allocating group writer");
1422 return;
1423 }
1424 dump_iface(&nw, ifp, &hdr, if_flags_mask, ifname);
1425 nlmsg_flush(&nw);
1426 }
1427
1428 static void
rtnl_handle_ifattach(void * arg,if_t ifp)1429 rtnl_handle_ifattach(void *arg, if_t ifp)
1430 {
1431 NL_LOG(LOG_DEBUG2, "ifnet %s", if_name(ifp));
1432 rtnl_handle_ifevent(ifp, NL_RTM_NEWLINK, 0, NULL);
1433 }
1434
1435 static void
rtnl_handle_ifdetach(void * arg,if_t ifp)1436 rtnl_handle_ifdetach(void *arg, if_t ifp)
1437 {
1438 NL_LOG(LOG_DEBUG2, "ifnet %s", if_name(ifp));
1439 rtnl_handle_ifevent(ifp, NL_RTM_DELLINK, 0, NULL);
1440 }
1441
1442 static void
rtnl_handle_ifrename(void * arg,if_t ifp,const char * old_name)1443 rtnl_handle_ifrename(void *arg, if_t ifp, const char *old_name)
1444 {
1445 rtnl_handle_ifevent(ifp, NL_RTM_DELLINK, 0, old_name);
1446 rtnl_handle_ifevent(ifp, NL_RTM_NEWLINK, 0, NULL);
1447 }
1448
1449 static void
rtnl_handle_iflink(void * arg,if_t ifp,int link_state __unused)1450 rtnl_handle_iflink(void *arg, if_t ifp, int link_state __unused)
1451 {
1452 NL_LOG(LOG_DEBUG2, "ifnet %s", if_name(ifp));
1453 rtnl_handle_ifevent(ifp, NL_RTM_NEWLINK, 0, NULL);
1454 }
1455
1456 void
rtnl_handle_ifnet_event(if_t ifp,int if_flags_mask)1457 rtnl_handle_ifnet_event(if_t ifp, int if_flags_mask)
1458 {
1459 NL_LOG(LOG_DEBUG2, "ifnet %s", if_name(ifp));
1460 rtnl_handle_ifevent(ifp, NL_RTM_NEWLINK, if_flags_mask, NULL);
1461 }
1462
1463 static const struct rtnl_cmd_handler cmd_handlers[] = {
1464 {
1465 .cmd = NL_RTM_GETLINK,
1466 .name = "RTM_GETLINK",
1467 .cb = &rtnl_handle_getlink,
1468 .flags = RTNL_F_NOEPOCH | RTNL_F_ALLOW_NONVNET_JAIL,
1469 },
1470 {
1471 .cmd = NL_RTM_DELLINK,
1472 .name = "RTM_DELLINK",
1473 .cb = &rtnl_handle_dellink,
1474 .priv = PRIV_NET_IFDESTROY,
1475 .flags = RTNL_F_NOEPOCH,
1476 },
1477 {
1478 .cmd = NL_RTM_NEWLINK,
1479 .name = "RTM_NEWLINK",
1480 .cb = &rtnl_handle_newlink,
1481 .priv = PRIV_NET_IFCREATE,
1482 .flags = RTNL_F_NOEPOCH,
1483 },
1484 {
1485 .cmd = NL_RTM_GETADDR,
1486 .name = "RTM_GETADDR",
1487 .cb = &rtnl_handle_getaddr,
1488 .flags = RTNL_F_ALLOW_NONVNET_JAIL,
1489 },
1490 {
1491 .cmd = NL_RTM_NEWADDR,
1492 .name = "RTM_NEWADDR",
1493 .cb = &rtnl_handle_addr,
1494 .priv = PRIV_NET_ADDIFADDR,
1495 .flags = RTNL_F_NOEPOCH,
1496 },
1497 {
1498 .cmd = NL_RTM_DELADDR,
1499 .name = "RTM_DELADDR",
1500 .cb = &rtnl_handle_addr,
1501 .priv = PRIV_NET_DELIFADDR,
1502 .flags = RTNL_F_NOEPOCH,
1503 },
1504 };
1505
1506 static const struct nlhdr_parser *all_parsers[] = {
1507 &ifmsg_parser, &ifa_parser, &ifa_fbsd_parser,
1508 };
1509
1510 void
rtnl_iface_add_cloner(struct nl_cloner * cloner)1511 rtnl_iface_add_cloner(struct nl_cloner *cloner)
1512 {
1513 sx_xlock(&rtnl_cloner_lock);
1514 SLIST_INSERT_HEAD(&nl_cloners, cloner, next);
1515 sx_xunlock(&rtnl_cloner_lock);
1516 }
1517
1518 void
rtnl_iface_del_cloner(struct nl_cloner * cloner)1519 rtnl_iface_del_cloner(struct nl_cloner *cloner)
1520 {
1521 sx_xlock(&rtnl_cloner_lock);
1522 SLIST_REMOVE(&nl_cloners, cloner, nl_cloner, next);
1523 sx_xunlock(&rtnl_cloner_lock);
1524 }
1525
1526 void
rtnl_ifaces_init(void)1527 rtnl_ifaces_init(void)
1528 {
1529 ifattach_event = EVENTHANDLER_REGISTER(
1530 ifnet_attached_event, rtnl_handle_ifattach, NULL,
1531 EVENTHANDLER_PRI_ANY);
1532 ifdetach_event = EVENTHANDLER_REGISTER(
1533 ifnet_departure_event, rtnl_handle_ifdetach, NULL,
1534 EVENTHANDLER_PRI_ANY);
1535 ifrename_event = EVENTHANDLER_REGISTER(
1536 ifnet_rename_event, rtnl_handle_ifrename, NULL,
1537 EVENTHANDLER_PRI_ANY);
1538 ifaddr_event = EVENTHANDLER_REGISTER(
1539 rt_addrmsg, rtnl_handle_ifaddr, NULL,
1540 EVENTHANDLER_PRI_ANY);
1541 iflink_event = EVENTHANDLER_REGISTER(
1542 ifnet_link_event, rtnl_handle_iflink, NULL,
1543 EVENTHANDLER_PRI_ANY);
1544 NL_VERIFY_PARSERS(all_parsers);
1545 rtnl_register_messages(cmd_handlers, nitems(cmd_handlers));
1546 }
1547
1548 void
rtnl_ifaces_destroy(void)1549 rtnl_ifaces_destroy(void)
1550 {
1551 EVENTHANDLER_DEREGISTER(ifnet_arrival_event, ifattach_event);
1552 EVENTHANDLER_DEREGISTER(ifnet_departure_event, ifdetach_event);
1553 EVENTHANDLER_DEREGISTER(ifnet_rename_event, ifrename_event);
1554 EVENTHANDLER_DEREGISTER(rt_addrmsg, ifaddr_event);
1555 EVENTHANDLER_DEREGISTER(ifnet_link_event, iflink_event);
1556 }
1557