These take struct ifreq and struct in6_ifreq respectively. Passing struct
in_aliasreq or struct in6_aliasreq means we're supplying a shorter object than
expected. While this doesn't actively break things on most architectures other
than CHERI it is still wrong.
Reported by: CheriBSD
Event: Kitchener-Waterloo Hackathon 202406
Allow these files to be included in C++ programs with careful casting to
the proper type, like C++ wants (and in a way that also works for C).
MFC After: 1 week
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1245
Introduce pfctl_get_status_h() because we need the pfctl_handle. In this variant
use netlink to obtain the information.
Sponsored by: Rubicon Communications, LLC ("Netgate")
The KPI for this function was misleading. From the NetLink perspective it
looked like a function that: a) allocates new hdr, b) can fail. Neither
was true. Let the function return a error code instead of returning the
same hdr it was passed to. In case if future Linux NetLink compatibility
support calls for reallocating header, pass hdr as pointer to pointer.
With KPI that returns a error, propagate domain conversion errors all the
way up to NetLink module. This fixes panic when unknown domain is
converted to 0xff and this invalid value is passed into NetLink
processing.
PR: 274536
Reviewed by: melifaro
Differential Revision: https://reviews.freebsd.org/D44392
Although these particular constants aren't supported, the incorrect
values break bird 2.15 operation.
PR: 277618
Reported by: Ondrej Zajicek <santiago@crfreenet.org>
Define SNL_DECLARE_FIELD_PARSER* macros to create a parser that has
no output attributes only input fields and use this to define the
snl_donemsg_parser.
This removes the need for the zero-length nla_p_donemsg[] variable.
Zero length arrays are not valid in ISO C.
Reviewed by: jrtc27, melifaro
Differential Revision: https://reviews.freebsd.org/D43918
typeof() does not exist in -std=c99 mode and the relevant #define is
only for _KERNEL, so use __typeof here instead.
Reviewed by: jhb
MFC after: 2 weeks
Pull Request: https://github.com/freebsd/freebsd-src/pull/1070
pflow is a pseudo device to export flow accounting data over UDP.
It's compatible with netflow version 5 and IPFIX (10).
The data is extracted from the pf state table. States are exported once
they are removed.
Reviewed by: melifaro
Obtained from: OpenBSD
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D43106
Cover case when an nb that we are now reading in full had been partially
read by previous read(2) and now has positive offset. Throw couple
assertions that helped to catch that earlier.
When processing incoming Netlink messages in nl_process_nbuf() kernel
always allocates a writer with a buffer to put generated reply to.
However, certain messages aren't replied. That makes nlmsg_flush()
to put an empty buffer to the socket. Avoid doing that because avoiding
is much easier than dealing with empty buffers on the receiver side.
When there is not enough space for one full message we return it truncated.
This enters special block of code that previously may leave empty buffer
with offset == datalen in the queue. Avoid that, as dealing later with
empty buffers causes more pain than just avoiding them. While here add
missing msgrcv increment.
Refactoring of argument list to nl_send_one() led to derefercing
wrong union member. Rename nl_send_one() to a more generic name,
isolate anew nl_send_one() as the callback only for the normal
writer and provide correct argument to nl_send() from nl_send_group().
Fixes: ff5ad900d2
Netlink should return a very simple control data on every recvmsg(2)
syscall. This data is associated with a syscall, not with an nlmsg,
neither with internal our internal representation (nl_bufs). There is
no need to pre-allocate it in non-sleepable context and attach to
nl_buf. Allocate right in the syscall with M_WAITOK. This also
shaves lots of code and simplifies things.
Reviewed by: melifaro
Differential Revision: https://reviews.freebsd.org/D42989
The previous commit conservatively mimiced operation of soreceive_generic().
The new code does two things:
- parses Netlink message headers and always returns at least one full nlmsg
- hides nl_buf boundaries from the userland, copying out several at once
More details can be found in the large comment block added.
Reviewed by: melifaro
Differential Revision: https://reviews.freebsd.org/D42785
Implement Netlink socket receive buffer as a simple TAILQ of nl_buf's,
same part of struct sockbuf that is used for send buffer already.
This shaves a lot of code and a lot of extra processing. The pcb rids
of the I/O queues as the socket buffer is exactly the queue. The
message writer is simplified a lot, as we now always deal with linear
buf. Notion of different buffer types goes away as way as different
kinds of writers. The only things remaining are: a socket writer and
a group writer.
The impact on the network stack is that we no longer use mbufs, so
a workaround from d187154750 disappears.
Note on message throttling. Now the taskqueue throttling mechanism
needs to look at both socket buffers protected by their respective
locks and on flags in the pcb that are protected by the pcb lock.
There is definitely some room for optimization, but this changes tries
to preserve as much as possible.
Note on new nl_soreceive(). It emulates soreceive_generic(). It
must undergo further optimization, see large comment put in there.
Note on tests/sys/netlink/test_netlink_message_writer.py. This test
boiled down almost to nothing with mbufs removed. However, I left
it with minimal functionality (it basically checks that allocating N
bytes we get N bytes) as it is one of not so many examples of ktest
framework that allows to test KPIs with python.
Note on Linux support. It got much simplier: Netlink message writer
loses notion of Linux support lifetime, it is same regardless of
process ABI. On socket write from Linux process we perform
conversion immediately in nl_receive_message() and on an output
conversion to Linux happens in in nl_send_one(). XXX: both
conversions use M_NOWAIT allocation, which used to be the case
before this change, too.
Reviewed by: melifaro
Differential Revision: https://reviews.freebsd.org/D42524
These functions work with a buffer embedded into nl_writer, which
is going to go opaque with upcoming changes. Make them private to
the netlink module. No functional change intended.
Reviewed by: melifaro
Differential Revision: https://reviews.freebsd.org/D42523
Instead of using generic socket code, create Netlink specific socket
buffer. It is a simple TAILQ of writes that came from userland. This
saves us one memory allocation that could fail and one memory copy.
Reviewed by: melifaro
Differential Revision: https://reviews.freebsd.org/D42522
Destroy the socket at the file descriptor close(2). There is no
reason to linger for any longer, there are no external references.
Remove pr_detach method as nothing left to do after pr_close.
Remove pr_abort method as it shall never be executed for this type
of socket.
Reviewed by: melifaro
Differential Revision: https://reviews.freebsd.org/D42521
- Use the correct base pointer after re-allocation to avoid buffer
overflows.
- Maintain correct snl_writer.size, which avoids redundant memory
allocation, e.g. a need for ~1k bytes may end up with ~32k
linear_buffer actually allocated.
This fixes a pfctl regression at least for armv7 after the addrule logic
migration to netlink:
ffbf25951e ("pf: convert rule addition to netlink")
The add rule command creates a bigger than default size netlink requests
which triggers the re-allocation logic.
Reviewed by: kp
MFC after: 2 weeks
Differnetial Revision: https://reviews.freebsd.org/D43003
Just like it was done for accept(2) in cfb1e92912, use same approach
for two simplier syscalls that return socket addresses. Although,
these two syscalls aren't performance critical, this change generalizes
some code between 3 syscalls trimming code size.
Following example of accept(2), provide VNET-aware and INVARIANT-checking
wrappers sopeeraddr() and sosockaddr() around protosw methods.
Reviewed by: tuexen
Differential Revision: https://reviews.freebsd.org/D42694
route add <host> -iface <netif>" for a netif without an IPv4/IPv6
address fails with EINVAL. Need to use a link-level ifaddr for gw if
an ifaddr for dst is not found as the rtsock-based implementation does.
PR: 275341
Reported by: Sean Cody <sean@tinfoilhat.ca>
Reviewed by: rcm
Tested by: rcm
Approved by: kp (mentor)
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D41330
Apply the following automated changes to try to eliminate
no-longer-needed sys/cdefs.h includes as well as now-empty
blank lines in a row.
Remove /^#if.*\n#endif.*\n#include\s+<sys/cdefs.h>.*\n/
Remove /\n+#include\s+<sys/cdefs.h>.*\n+#if.*\n#endif.*\n+/
Remove /\n+#if.*\n#endif.*\n+/
Remove /^#if.*\n#endif.*\n/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/types.h>/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/param.h>/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/capsicum.h>/
Sponsored by: Netflix
The netlink newneigh handler has the potential to leak the lock on
llentry objects in the kernel. This patch reconciles several paths
through the newneigh handler that could result in a lock leak.
MFC after: 1 week
Reviewed by: markj, kp
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D42307
If a request ends up growing beyong the initially allocated space the
netlink functions (such as snl_add_msg_attr_u32()) will allocate a
new buffer. This invalidates the header pointer we can have received
from snl_create_msg_request(). Always use the hdr returned by
snl_finalize_msg().
Reviewed by: melifaro
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D42223
When we verify that the attributes are correctly sorted we should also
try to verify the nested attribute parsers.
Reviewed by: melifaro
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D42222
- nlattr_get_chara() to read a string into a char array, rather than to a char *
- nlattr_get_bytes() to read an arbitrary (fixed length) byte sequence
- nlattr_get_nested_ptr() to read a nested type to a struct foo *, rather than struct foo
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D42221
Move the NETLINK define into opt_global.h so we can rely on it being
set correctly, without having to remember to include opt_netlink.h.
This ensures that the NETLINK define is correctly set. If not we
may end up with unloadable modules, due to missing symbols (such as
nlmsg_get_group_writer).
PR: 274306
Reviewed by: imp, markj
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D42179
The check for if_addrlen in dump_iface() is not sufficient to determine
if we still have a valid if_addr. Rather than directly accessing if_addr
check the STAILQ (for the first entry).
This avoids panics when destroying cloned interfaces as experienced with
net80211 wlan ones.
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
Reviewed by: jhibbits (earlier version), kp
Differential Revision: https://reviews.freebsd.org/D42027
For protocols that use netlink (generic and route for now), the unint
handler seems to have forgotten to call unregister, which will cause
the assertion the next time the module is loaded.
This patch adds unregister call to netlink_unregister_proto() for those
handlers to avoid bad things happen.
Reviewed-by: melifaro
Fixes: 7e5bf68495 ("netlink: add netlink support")
Pull-request: https://github.com/freebsd/freebsd-src/pull/781
Signed-off-by: Lin Ma <linma@zju.edu.cn>
uint64_t is not sufficient alignment for allocators on all platforms.
On a CHERI platform pointers require 16 byte alignment, but also if a
type contained a uint128_t or long double it would not be aligned
correctly either. C11 added max_align_t precisely to provide a
portable type for allocators to use.
Reviewed by: melifaro
Obtained from: CheriBSD
Sponsored by: DARPA
Differential Revision: https://reviews.freebsd.org/D41301
This change exports interface capabilities using the standard
Netlink attribute type, bitset, and switches `ifconfig(8)` to use
it when displaying interface data.
Bitset comes in two representations. The first one is "compact",
where the bits are exported via two arrays - "mask" listing the
"valid" bits and "values, providing the values for those bits.
The second one is more verbose, listing each bit as a separate item,
with its name, id and value. The latter option is handy when submitting
update requests.
The support for setting capabilities will be added in the upcoming diffs.
Differential Revision: https://reviews.freebsd.org/D40331
The amd64-gcc12 build was failing with `error: 'devctl_systems' defined
but not used`. Just move it to the C file where it's used.
PR: 271903
Sponsored by: The FreeBSD Foundation
Continue D40356 and switch the remaining parts of mbuf-related
code to the Netlink mbufs.
Reviewed By: gallatin
Differential Revision: https://reviews.freebsd.org/D40368
MFC after: 2 weeks