diff --git a/share/man/man4/netlink.4 b/share/man/man4/netlink.4 index 2aa4903a4594..1894de5841fe 100644 --- a/share/man/man4/netlink.4 +++ b/share/man/man4/netlink.4 @@ -1,349 +1,349 @@ .\" .\" Copyright (C) 2022 Alexander Chernikov . .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $FreeBSD$ .\" .Dd November 30, 2022 .Dt NETLINK 4 .Os .Sh NAME .Nm Netlink .Nd Kernel network configuration protocol .Sh SYNOPSIS .In netlink/netlink.h .In netlink/netlink_route.h .Ft int -.Fn socket AF_NETLINK SOCK_DGRAM int family +.Fn socket AF_NETLINK SOCK_RAW "int family" .Sh DESCRIPTION Netlink is a user-kernel message-based communication protocol primarily used for network stack configuration. Netlink is easily extendable and supports large dumps and event notifications, all via a single socket. The protocol is fully asynchronous, allowing one to issue and track multiple requests at once. Netlink consists of multiple families, which commonly group the commands belonging to the particular kernel subsystem. Currently, the supported families are: .Pp .Bd -literal -offset indent -compact NETLINK_ROUTE network configuration, NETLINK_GENERIC "container" family .Ed .Pp The .Dv NETLINK_ROUTE family handles all interfaces, addresses, neighbors, routes, and VNETs configuration. More details can be found in .Xr rtnetlink 4 . The .Dv NETLINK_GENERIC family serves as a .Do container Dc , allowing registering other families under the .Dv NETLINK_GENERIC umbrella. This approach allows using a single netlink socket to interact with multiple netlink families at once. More details can be found in .Xr genetlink 4 . .Pp Netlink has its own sockaddr structure: .Bd -literal struct sockaddr_nl { uint8_t nl_len; /* sizeof(sockaddr_nl) */ sa_family_t nl_family; /* netlink family */ uint16_t nl_pad; /* reserved, set to 0 */ uint32_t nl_pid; /* automatically selected, set to 0 */ uint32_t nl_groups; /* multicast groups mask to bind to */ }; .Ed .Pp Typically, filling this structure is not required for socket operations. It is presented here for completeness. .Sh PROTOCOL DESCRIPTION The protocol is message-based. Each message starts with the mandatory .Va nlmsghdr header, followed by the family-specific header and the list of type-length-value pairs (TLVs). TLVs can be nested. All headers and TLVS are padded to 4-byte boundaries. Each .Xr send 2 or .Xr recv 2 system call may contain multiple messages. .Ss BASE HEADER .Bd -literal struct nlmsghdr { uint32_t nlmsg_len; /* Length of message including header */ uint16_t nlmsg_type; /* Message type identifier */ uint16_t nlmsg_flags; /* Flags (NLM_F_) */ uint32_t nlmsg_seq; /* Sequence number */ uint32_t nlmsg_pid; /* Sending process port ID */ }; .Ed .Pp The .Va nlmsg_len field stores the whole message length, in bytes, including the header. This length has to be rounded up to the nearest 4-byte boundary when iterating over messages. The .Va nlmsg_type field represents the command/request type. This value is family-specific. The list of supported commands can be found in the relevant family header file. .Va nlmsg_seq is a user-provided request identifier. An application can track the operation result using the .Dv NLMSG_ERROR messages and matching the .Va nlmsg_seq . The .Va nlmsg_pid field is the message sender id. This field is optional for userland. The kernel sender id is zero. The .Va nlmsg_flags field contains the message-specific flags. The following generic flags are defined: .Pp .Bd -literal -offset indent -compact NLM_F_REQUEST Indicates that the message is an actual request to the kernel NLM_F_ACK Request an explicit ACK message with an operation result .Ed .Pp The following generic flags are defined for the "GET" request types: .Pp .Bd -literal -offset indent -compact NLM_F_ROOT Return the whole dataset NLM_F_MATCH Return all entries matching the criteria .Ed These two flags are typically used together, aliased to .Dv NLM_F_DUMP .Pp The following generic flags are defined for the "NEW" request types: .Pp .Bd -literal -offset indent -compact NLM_F_CREATE Create an object if none exists NLM_F_EXCL Don't replace an object if it exists NLM_F_REPLACE Replace an existing matching object NLM_F_APPEND Append to an existing object .Ed .Pp The following generic flags are defined for the replies: .Pp .Bd -literal -offset indent -compact NLM_F_MULTI Indicates that the message is part of the message group NLM_F_DUMP_INTR Indicates that the state dump was not completed NLM_F_DUMP_FILTERED Indicates that the dump was filtered per request NLM_F_CAPPED Indicates the original message was capped to its header NLM_F_ACK_TLVS Indicates that extended ACK TLVs were included .Ed .Ss TLVs Most messages encode their attributes as type-length-value pairs (TLVs). The base TLV header: .Bd -literal struct nlattr { uint16_t nla_len; /* Total attribute length */ uint16_t nla_type; /* Attribute type */ }; .Ed The TLV type .Pq Va nla_type scope is typically the message type or group within a family. For example, the .Dv RTN_MULTICAST type value is only valid for .Dv RTM_NEWROUTE , .Dv RTM_DELROUTE and .Dv RTM_GETROUTE messages. TLVs can be nested; in that case internal TLVs may have their own sub-types. All TLVs are packed with 4-byte padding. .Ss CONTROL MESSAGES A number of generic control messages are reserved in each family. .Pp .Dv NLMSG_ERROR reports the operation result if requested, optionally followed by the metadata TLVs. The value of .Va nlmsg_seq is set to its value in the original messages, while .Va nlmsg_pid is set to the socket pid of the original socket. The operation result is reported via .Vt "struct nlmsgerr": .Bd -literal struct nlmsgerr { int error; /* Standard errno */ struct nlmsghdr msg; /* Original message header */ }; .Ed If the .Dv NETLINK_CAP_ACK socket option is not set, the remainder of the original message will follow. If the .Dv NETLINK_EXT_ACK socket option is set, the kernel may add a .Dv NLMSGERR_ATTR_MSG string TLV with the textual error description, optionally followed by the .Dv NLMSGERR_ATTR_OFFS TLV, indicating the offset from the message start that triggered an error. If the operation reply is a multipart message, then no .Dv NLMSG_ERROR reply is generated, only a .Dv NLMSG_DONE message, closing multipart sequence. .Pp .Dv NLMSG_DONE indicates the end of the message group: typically, the end of the dump. It contains a single .Vt int field, describing the dump result as a standard errno value. .Sh SOCKET OPTIONS Netlink supports a number of custom socket options, which can be set with .Xr setsockopt 2 with the .Dv SOL_NETLINK .Fa level : .Bl -tag -width indent .It Dv NETLINK_ADD_MEMBERSHIP Subscribes to the notifications for the specific group (int). .It Dv NETLINK_DROP_MEMBERSHIP Unsubscribes from the notifications for the specific group (int). .It Dv NETLINK_LIST_MEMBERSHIPS Lists the memberships as a bitmask. .It Dv NETLINK_CAP_ACK Instructs the kernel to send the original message header in the reply without the message body. .It Dv NETLINK_EXT_ACK Acknowledges ability to receive additional TLVs in the ACK message. .El .Pp Additionally, netlink overrides the following socket options from the .Dv SOL_SOCKET .Fa level : .Bl -tag -width indent .It Dv SO_RCVBUF Sets the maximum size of the socket receive buffer. If the caller has .Dv PRIV_NET_ROUTE permission, the value can exceed the currently-set .Va kern.ipc.maxsockbuf value. .El .Sh SYSCTL VARIABLES A set of .Xr sysctl 8 variables is available to tweak run-time parameters: .Bl -tag -width indent .It Va net.netlink.sendspace Default send buffer for the netlink socket. Note that the socket sendspace has to be at least as long as the longest message that can be transmitted via this socket. .El .Bl -tag -width indent .It Va net.netlink.recvspace Default receive buffer for the netlink socket. Note that the socket recvspace has to be least as long as the longest message that can be received from this socket. .El .Sh DEBUGGING Netlink implements per-functional-unit debugging, with different severities controllable via the .Va net.netlink.debug branch. These messages are logged in the kernel message buffer and can be seen in .Xr dmesg 8 . The following severity levels are defined: .Bl -tag -width indent .It Dv LOG_DEBUG(7) Rare events or per-socket errors are reported here. This is the default level, not impacting production performance. .It Dv LOG_DEBUG2(8) Socket events such as groups memberships, privilege checks, commands and dumps are logged. This level does not incur significant performance overhead. -.It Dv LOG_DEBUG9(9) +.It Dv LOG_DEBUG3(9) All socket events, each dumped or modified entities are logged. Turning it on may result in significant performance overhead. .El .Sh ERRORS Netlink reports operation results, including errors and error metadata, by sending a .Dv NLMSG_ERROR message for each request message. The following errors can be returned: .Bl -tag -width Er .It Bq Er EPERM when the current privileges are insufficient to perform the required operation; .It Bo Er ENOBUFS Bc or Bo Er ENOMEM Bc when the system runs out of memory for an internal data structure; .It Bq Er ENOTSUP when the requested command is not supported by the family or the family is not supported; .It Bq Er EINVAL when some necessary TLVs are missing or invalid, detailed info may be provided in NLMSGERR_ATTR_MSG and NLMSGERR_ATTR_OFFS TLVs; .It Bq Er ENOENT when trying to delete a non-existent object. .Pp Additionally, a socket operation itself may fail with one of the errors specified in .Xr socket 2 , .Xr recv 2 or .Xr send 2 . .El .Sh SEE ALSO .Xr genetlink 4 , .Xr rtnetlink 4 .Rs .%A "J. Salim" .%A "H. Khosravi" .%A "A. Kleen" .%A "A. Kuznetsov" .%T "Linux Netlink as an IP Services Protocol" .%O "RFC 3549" .Re .Sh HISTORY The netlink protocol appeared in .Fx 14.0 . .Sh AUTHORS The netlink was implemented by .An -nosplit .An Alexander Chernikov Aq Mt melifaro@FreeBSD.org . It was derived from the Google Summer of Code 2021 project by .An Ng Peng Nam Sean . diff --git a/share/man/man4/rtnetlink.4 b/share/man/man4/rtnetlink.4 index dc40b277d934..5849508b74c2 100644 --- a/share/man/man4/rtnetlink.4 +++ b/share/man/man4/rtnetlink.4 @@ -1,534 +1,534 @@ .\" .\" Copyright (C) 2022 Alexander Chernikov . .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $FreeBSD$ .\" .Dd November 1, 2022 .Dt RTNETLINK 4 .Os .Sh NAME .Nm RTNetlink .Nd Network configuration-specific Netlink family .Sh SYNOPSIS .In netlink/netlink.h .In netlink/netlink_route.h .Ft int -.Fn socket AF_NETLINK SOCK_DGRAM NETLINK_ROUTE +.Fn socket AF_NETLINK SOCK_RAW NETLINK_ROUTE .Sh DESCRIPTION The .Dv NETLINK_ROUTE family aims to be the primary configuration mechanism for all network-related tasks. Currently it supports configuring interfaces, interface addresses, routes, nexthops and arp/ndp neighbors. .Sh ROUTES All route configuration messages share the common header: .Bd -literal struct rtmsg { unsigned char rtm_family; /* address family */ unsigned char rtm_dst_len; /* Prefix length */ unsigned char rtm_src_len; /* Deprecated, set to 0 */ unsigned char rtm_tos; /* Type of service (not used) */ unsigned char rtm_table; /* deprecated, set to 0 */ unsigned char rtm_protocol; /* Routing protocol id (RTPROT_) */ unsigned char rtm_scope; /* Route distance (RT_SCOPE_) */ unsigned char rtm_type; /* Route type (RTN_) */ unsigned rtm_flags; /* Route flags (not supported) */ }; .Ed .Pp The .Va rtm_family specifies the route family to be operated on. Currently, .Dv AF_INET6 and .Dv AF_INET are the only supported families. The route prefix length is stored in .Va rtm_dst_len . The caller should set the originator identity (one of the .Dv RTPROT_ values) in .Va rtm_protocol . It is useful for users and for the application itself, allowing for easy identification of self-originated routes. The route scope has to be set via .Va rtm_scope field. The supported values are: .Bd -literal -offset indent -compact RT_SCOPE_UNIVERSE Global scope RT_SCOPE_LINK Link scope .Ed .Pp Route type needs to be set. The defined values are: .Bd -literal -offset indent -compact RTN_UNICAST Unicast route RTN_MULTICAST Multicast route RTN_BLACKHOLE Drops traffic towards destination RTN_PROHIBIT Drops traffic and sends reject .Ed .Pp The following messages are supported: .Ss RTM_NEWROUTE Adds a new route. All NL flags are supported. Extending a multipath route requires NLM_F_APPEND flag. .Ss RTM_DELROUTE Tries to delete a route. The route is specified using a combination of .Dv RTA_DST TLV and .Va rtm_dst_len . .Ss RTM_GETROUTE Fetches a single route or all routes in the current VNET, depending on the .Dv NLM_F_DUMP flag. Each route is reported as .Dv RTM_NEWROUTE message. The following filters are recognised by the kernel: .Pp .Bd -literal -offset indent -compact rtm_family required family or AF_UNSPEC RTA_TABLE fib number or RT_TABLE_UNSPEC to return all fibs .Ed .Ss TLVs .Bl -tag -width indent .It Dv RTA_DST (binary) IPv4/IPv6 address, depending on the .Va rtm_family . .It Dv RTA_OIF (uint32_t) transmit interface index. .It Dv RTA_GATEWAY (binary) IPv4/IPv6 gateway address, depending on the .Va rtm_family . .It Dv RTA_METRICS (nested) Container attribute, listing route properties. The only supported sub-attribute is .Dv RTAX_MTU , which stores path MTU as uint32_t. .It Dv RTA_MULTIPATH This attribute contains multipath route nexthops with their weights. These nexthops are represented as a sequence of .Va rtnexthop structures, each followed by .Dv RTA_GATEWAY or .Dv RTA_VIA attributes. .Bd -literal struct rtnexthop { unsigned short rtnh_len; unsigned char rtnh_flags; unsigned char rtnh_hops; /* nexthop weight */ int rtnh_ifindex; }; .Ed .Pp The .Va rtnh_len field specifies the total nexthop info length, including both .Va struct rtnexthop and the following TLVs. The .Va rtnh_hops field stores relative nexthop weight, used for load balancing between group members. The .Va rtnh_ifindex field contains the index of the transmit interface. .Pp The following TLVs can follow the structure: .Bd -literal -offset indent -compact RTA_GATEWAY IPv4/IPv6 nexthop address of the gateway RTA_VIA IPv6 nexthop address for IPv4 route RTA_KNH_ID Kernel-specific index of the nexthop .Ed .It Dv RTA_KNH_ID (uint32_t) (FreeBSD-specific) Auto-allocated kernel index of the nexthop. .It Dv RTA_RTFLAGS (uint32_t) (FreeBSD-specific) rtsock route flags. .It Dv RTA_TABLE (uint32_t) Fib number of the route. Default route table is .Dv RT_TABLE_MAIN . To explicitely specify "all tables" one needs to set the value to .Dv RT_TABLE_UNSPEC . .It Dv RTA_EXPIRES (uint32_t) seconds till path expiration. .It Dv RTA_NH_ID (uint32_t) useland nexthop or nexthop group index. .El .Ss Groups The following groups are defined: .Bd -literal -offset indent -compact RTNLGRP_IPV4_ROUTE Notifies on IPv4 route arrival/removal/change RTNLGRP_IPV6_ROUTE Notifies on IPv6 route arrival/removal/change .Ed .Sh NEXTHOPS All nexthop/nexthop group configuration messages share the common header: .Bd -literal struct nhmsg { unsigned char nh_family; /* transport family */ unsigned char nh_scope; /* ignored on RX, filled by kernel */ unsigned char nh_protocol; /* Routing protocol that installed nh */ unsigned char resvd; unsigned int nh_flags; /* RTNH_F_* flags from route.h */ }; .Ed The .Va nh_family specificies the gateway address family. It can be different from route address family for IPv4 routes with IPv6 nexthops. The .Va nh_protocol is similar to .Va rtm_protocol field, which designates originator application identity. .Pp The following messages are supported: .Ss RTM_NEWNEXTHOP Creates a new nexthop or nexthop group. .Ss RTM_DELNEXTHOP Deletes nexthop or nexthhop group. The required object is specified by the .Dv RTA_NH_ID attribute. .Ss RTM_GETNEXTHOP Fetches a single nexthop or all nexthops/nexthop groups, depending on the .Dv NLM_F_DUMP flag. The following filters are recognised by the kernel: .Pp .Bd -literal -offset indent -compact RTA_NH_ID nexthop or nexthtop group id NHA_GROUPS match only nexthtop groups .Ed .Ss TLVs .Bl -tag -width indent .It Dv RTA_NH_ID (uint32_t) Nexthhop index used to identify particular nexthop or nexthop group. Should be provided by userland at the nexthtop creation time. .It Dv NHA_GROUP This attribute designates the nexthtop group and contains all of its nexthtops and their relative weights. The attribute constists of a list of .Va nexthop_grp structures: .Bd -literal struct nexthop_grp { uint32_t id; /* nexhop userland index */ uint8_t weight; /* weight of this nexthop */ uint8_t resvd1; uint16_t resvd2; }; .Ed .It Dv NHA_GROUP_TYPE (uint16_t) Nexthtop group type, set to one of the following types: .Bd -literal -offset indent -compact NEXTHOP_GRP_TYPE_MPATH default multipath group .Ed .It Dv NHA_BLACKHOLE (flag) Marks the nexthtop as blackhole. .It Dv NHA_OIF (uint32_t) Transmit interface index of the nexthtop. .It Dv NHA_GATEWAY (binary) IPv4/IPv6 gateway address .It Dv NHA_GROUPS (flag) Matches nexthtop groups during dump. .El .Ss Groups The following groups are defined: .Bd -literal -offset indent -compact RTNLGRP_NEXTHOP Notifies on nexthop/groups arrival/removal/change .Ed .Sh INTERFACES All interface configuration messages share the common header: .Bd -literal struct ifinfomsg { unsigned char ifi_family; /* not used, set to 0 */ unsigned char __ifi_pad; unsigned short ifi_type; /* ARPHRD_* */ int ifi_index; /* Inteface index */ unsigned ifi_flags; /* IFF_* flags */ unsigned ifi_change; /* IFF_* change mask */ }; .Ed .Ss RTM_NEWLINK Creates a new interface. The only mandatory TLV is .Dv IFLA_IFNAME . .Ss RTM_DELLINK Deletes the interface specified by .Dv IFLA_IFNAME . .Ss RTM_GETLINK Fetches a single interface or all interfaces in the current VNET, depending on the .Dv NLM_F_DUMP flag. Each interface is reported as a .Dv RTM_NEWLINK message. The following filters are recognised by the kernel: .Pp .Bd -literal -offset indent -compact ifi_index interface index IFLA_IFNAME interface name IFLA_ALT_IFNAME interface name .Ed .Ss TLVs .Bl -tag -width indent .It Dv IFLA_ADDRESS (binary) Llink-level interface address (MAC). .It Dv IFLA_BROADCAST (binary) (readonly) Link-level broadcast address. .It Dv IFLA_IFNAME (string) New interface name. .It Dv IFLA_IFALIAS (string) Interface description. .It Dv IFLA_LINK (uint32_t) (readonly) Interface index. .It Dv IFLA_MASTER (uint32_t) Parent interface index. .It Dv IFLA_LINKINFO (nested) Interface type-specific attributes: .Bd -literal -offset indent -compact IFLA_INFO_KIND (string) interface type ("vlan") IFLA_INFO_DATA (nested) custom attributes .Ed The following types and attributes are supported: .Bl -tag -width indent .It Dv vlan .Bd -literal -offset indent -compact IFLA_VLAN_ID (uint16_t) 802.1Q vlan id IFLA_VLAN_PROTOCOL (uint16_t) Protocol: ETHERTYPE_VLAN or ETHERTYPE_QINQ .Ed .El .It Dv IFLA_OPERSTATE (uint8_t) Interface operational state per RFC 2863. Can be one of the following: .Bd -literal -offset indent -compact IF_OPER_UNKNOWN status can not be determined IF_OPER_NOTPRESENT some (hardware) component not present IF_OPER_DOWN down IF_OPER_LOWERLAYERDOWN some lower-level interface is down IF_OPER_TESTING in some test mode IF_OPER_DORMANT "up" but waiting for some condition (802.1X) IF_OPER_UP ready to pass packets .Ed .It Dv IFLA_STATS64 (readonly) Consists of the following 64-bit counters structure: .Bd -literal struct rtnl_link_stats64 { uint64_t rx_packets; /* total RX packets (IFCOUNTER_IPACKETS) */ uint64_t tx_packets; /* total TX packets (IFCOUNTER_OPACKETS) */ uint64_t rx_bytes; /* total RX bytes (IFCOUNTER_IBYTES) */ uint64_t tx_bytes; /* total TX bytes (IFCOUNTER_OBYTES) */ uint64_t rx_errors; /* RX errors (IFCOUNTER_IERRORS) */ uint64_t tx_errors; /* RX errors (IFCOUNTER_OERRORS) */ uint64_t rx_dropped; /* RX drop (no space in ring/no bufs) (IFCOUNTER_IQDROPS) */ uint64_t tx_dropped; /* TX drop (IFCOUNTER_OQDROPS) */ uint64_t multicast; /* RX multicast packets (IFCOUNTER_IMCASTS) */ uint64_t collisions; /* not supported */ uint64_t rx_length_errors; /* not supported */ uint64_t rx_over_errors; /* not supported */ uint64_t rx_crc_errors; /* not supported */ uint64_t rx_frame_errors; /* not supported */ uint64_t rx_fifo_errors; /* not supported */ uint64_t rx_missed_errors; /* not supported */ uint64_t tx_aborted_errors; /* not supported */ uint64_t tx_carrier_errors; /* not supported */ uint64_t tx_fifo_errors; /* not supported */ uint64_t tx_heartbeat_errors; /* not supported */ uint64_t tx_window_errors; /* not supported */ uint64_t rx_compressed; /* not supported */ uint64_t tx_compressed; /* not supported */ uint64_t rx_nohandler; /* dropped due to no proto handler (IFCOUNTER_NOPROTO) */ }; .Ed .El .Ss Groups The following groups are defined: .Bd -literal -offset indent -compact RTNLGRP_LINK Notifies on interface arrival/removal/change .Ed .Sh INTERFACE ADDRESSES All interface address configuration messages share the common header: .Bd -literal struct ifaddrmsg { uint8_t ifa_family; /* Address family */ uint8_t ifa_prefixlen; /* Prefix length */ uint8_t ifa_flags; /* Address-specific flags */ uint8_t ifa_scope; /* Address scope */ uint32_t ifa_index; /* Link ifindex */ }; .Ed .Pp The .Va ifa_family specifies the address family of the interface address. The .Va ifa_prefixlen specifies the prefix length if applicable for the address family. The .Va ifa_index specifies the interface index of the target interface. .Ss RTM_NEWADDR Not supported .Ss RTM_DELADDR Not supported .Ss RTM_GETADDR Fetches interface addresses in the current VNET matching conditions. Each address is reported as a .Dv RTM_NEWADDR message. The following filters are recognised by the kernel: .Pp .Bd -literal -offset indent -compact ifa_family required family or AF_UNSPEC ifa_index matching interface index or 0 .Ed .Ss TLVs .Bl -tag -width indent .It Dv IFA_ADDRESS (binary) masked interface address or destination address for p2p interfaces. .It Dv IFA_LOCAL (binary) local interface address. Set for IPv4 and p2p addresses. .It Dv IFA_LABEL (string) interface name. .It Dv IFA_BROADCAST (binary) broacast interface address. .El .Ss Groups The following groups are defined: .Bd -literal -offset indent -compact RTNLGRP_IPV4_IFADDR Notifies on IPv4 ifaddr arrival/removal/change RTNLGRP_IPV6_IFADDR Notifies on IPv6 ifaddr arrival/removal/change .Ed .Sh NEIGHBORS All neighbor configuration messages share the common header: .Bd -literal struct ndmsg { uint8_t ndm_family; uint8_t ndm_pad1; uint16_t ndm_pad2; int32_t ndm_ifindex; uint16_t ndm_state; uint8_t ndm_flags; uint8_t ndm_type; }; .Ed .Pp The .Va ndm_family field specifies the address family (IPv4 or IPv6) of the neighbor. The .Va ndm_ifindex specifies the interface to operate on. The .Va ndm_state represents the entry state according to the neighbor model. The state can be one of the following: .Bd -literal -offset indent -compact NUD_INCOMPLETE No lladdr, address resolution in progress NUD_REACHABLE reachable & recently resolved NUD_STALE has lladdr but it's stale NUD_DELAY has lladdr, is stale, probes delayed NUD_PROBE has lladdr, is stale, probes sent NUD_FAILED unused .Ed .Pp The .Va ndm_flags field stores the options specific to this entry. Available flags: .Bd -literal -offset indent -compact NTF_SELF local station (LLE_IFADDR) NTF_PROXY proxy entry (LLE_PUB) NTF_STICKY permament entry (LLE_STATIC) NTF_ROUTER dst indicated itself as a router .Ed .Ss RTM_NEWNEIGH Creates new neighbor entry. The mandatory options are .Dv NDA_DST , .Dv NDA_LLADDR and .Dv NDA_IFINDEX . .Ss RTM_DELNEIGH Deletes the neighbor entry. The entry is specified by the combination of .Dv NDA_DST and .Dv NDA_IFINDEX . .Ss RTM_GETNEIGH Fetches a single neighbor or all neighbors in the current VNET, depending on the .Dv NLM_F_DUMP flag. Each entry is reported as .Dv RTM_NEWNEIGH message. The following filters are recognised by the kernel: .Pp .Bd -literal -offset indent -compact ndm_family required family or AF_UNSPEC ndm_ifindex target ifindex NDA_IFINDEX target ifindex .Ed .Ss TLVs .Bl -tag -width indent .It Dv NDA_DST (binary) neighbor IPv4/IPv6 address. .It Dv NDA_LLADDR (binary) neighbor link-level address. .It Dv NDA_IFINDEX (uint32_t) interface index. .It Dv NDA_FLAGS_EXT (uint32_t) extended version of .Va ndm_flags . .El .Ss Groups The following groups are defined: .Bd -literal -offset indent -compact RTNLGRP_NEIGH Notifies on ARP/NDP neighbor arrival/removal/change .Ed .Sh SEE ALSO .Xr netlink 4 , .Xr route 4 .Sh HISTORY The .Dv NETLINK_ROUTE protocol family appeared in .Fx 14.0 . .Sh AUTHORS The netlink was implementated by .An -nosplit .An Alexander Chernikov Aq Mt melifaro@FreeBSD.org . It was derived from the Google Summer of Code 2021 project by .An Ng Peng Nam Sean . diff --git a/sys/netlink/netlink_domain.c b/sys/netlink/netlink_domain.c index 3b5e897164f8..de96818d5e35 100644 --- a/sys/netlink/netlink_domain.c +++ b/sys/netlink/netlink_domain.c @@ -1,743 +1,753 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2021 Ng Peng Nam Sean * Copyright (c) 2022 Alexander V. Chernikov * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * This file contains socket and protocol bindings for netlink. */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include /* priv_check */ #include #include #include #define DEBUG_MOD_NAME nl_domain #define DEBUG_MAX_LEVEL LOG_DEBUG3 #include _DECLARE_DEBUG(LOG_DEBUG); _Static_assert((NLP_MAX_GROUPS % 64) == 0, "NLP_MAX_GROUPS has to be multiple of 64"); _Static_assert(NLP_MAX_GROUPS >= 64, "NLP_MAX_GROUPS has to be at least 64"); #define NLCTL_TRACKER struct rm_priotracker nl_tracker #define NLCTL_RLOCK(_ctl) rm_rlock(&((_ctl)->ctl_lock), &nl_tracker) #define NLCTL_RUNLOCK(_ctl) rm_runlock(&((_ctl)->ctl_lock), &nl_tracker) #define NLCTL_WLOCK(_ctl) rm_wlock(&((_ctl)->ctl_lock)) #define NLCTL_WUNLOCK(_ctl) rm_wunlock(&((_ctl)->ctl_lock)) static u_long nl_sendspace = NLSNDQ; SYSCTL_ULONG(_net_netlink, OID_AUTO, sendspace, CTLFLAG_RW, &nl_sendspace, 0, "Default netlink socket send space"); static u_long nl_recvspace = NLSNDQ; SYSCTL_ULONG(_net_netlink, OID_AUTO, recvspace, CTLFLAG_RW, &nl_recvspace, 0, "Default netlink socket receive space"); extern u_long sb_max_adj; #if 0 static u_long nl_maxsockbuf = 512 * 1024 * 1024; /* 512M, XXX: init based on physmem */ #endif uint32_t nlp_get_pid(const struct nlpcb *nlp) { return (nlp->nl_process_id); } /* * Looks up a nlpcb struct based on the @portid. Need to claim nlsock_mtx. * Returns nlpcb pointer if present else NULL */ static struct nlpcb * nl_port_lookup(uint32_t port_id) { struct nlpcb *nlp; CK_LIST_FOREACH(nlp, &V_nl_ctl->ctl_port_head, nl_port_next) { if (nlp->nl_port == port_id) return (nlp); } return (NULL); } static void nl_add_group_locked(struct nlpcb *nlp, unsigned int group_id) { MPASS(group_id <= NLP_MAX_GROUPS); --group_id; nlp->nl_groups[group_id / 64] |= (uint64_t)1 << (group_id % 64); } static void nl_del_group_locked(struct nlpcb *nlp, unsigned int group_id) { MPASS(group_id <= NLP_MAX_GROUPS); --group_id; nlp->nl_groups[group_id / 64] &= ~((uint64_t)1 << (group_id % 64)); } static bool nl_isset_group_locked(struct nlpcb *nlp, unsigned int group_id) { MPASS(group_id <= NLP_MAX_GROUPS); --group_id; return (nlp->nl_groups[group_id / 64] & ((uint64_t)1 << (group_id % 64))); } static uint32_t nl_get_groups_compat(struct nlpcb *nlp) { uint32_t groups_mask = 0; for (int i = 0; i < 32; i++) { if (nl_isset_group_locked(nlp, i + 1)) groups_mask |= (1 << i); } return (groups_mask); } /* * Broadcasts message @m to the protocol @proto group specified by @group_id */ void nl_send_group(struct mbuf *m, int num_messages, int proto, int group_id) { struct nlpcb *nlp_last = NULL; struct nlpcb *nlp; NLCTL_TRACKER; IF_DEBUG_LEVEL(LOG_DEBUG2) { struct nlmsghdr *hdr = mtod(m, struct nlmsghdr *); NL_LOG(LOG_DEBUG2, "MCAST mbuf len %u msg type %d len %u to group %d/%d", m->m_len, hdr->nlmsg_type, hdr->nlmsg_len, proto, group_id); } struct nl_control *ctl = atomic_load_ptr(&V_nl_ctl); if (__predict_false(ctl == NULL)) { /* * Can be the case when notification is sent within VNET * which doesn't have any netlink sockets. */ m_freem(m); return; } NLCTL_RLOCK(ctl); int io_flags = NL_IOF_UNTRANSLATED; CK_LIST_FOREACH(nlp, &ctl->ctl_pcb_head, nl_next) { if (nl_isset_group_locked(nlp, group_id) && nlp->nl_proto == proto) { if (nlp_last != NULL) { struct mbuf *m_copy; m_copy = m_copym(m, 0, M_COPYALL, M_NOWAIT); if (m_copy != NULL) nl_send_one(m_copy, nlp_last, num_messages, io_flags); else { NLP_LOCK(nlp_last); if (nlp_last->nl_socket != NULL) sorwakeup(nlp_last->nl_socket); NLP_UNLOCK(nlp_last); } } nlp_last = nlp; } } if (nlp_last != NULL) nl_send_one(m, nlp_last, num_messages, io_flags); else m_freem(m); NLCTL_RUNLOCK(ctl); } bool nl_has_listeners(int netlink_family, uint32_t groups_mask) { return (V_nl_ctl != NULL); } bool nlp_has_priv(struct nlpcb *nlp, int priv) { return (priv_check_cred(nlp->nl_cred, priv) == 0); } static uint32_t nl_find_port(void) { /* * app can open multiple netlink sockets. * Start with current pid, if already taken, * try random numbers in 65k..256k+65k space, * avoiding clash with pids. */ if (nl_port_lookup(curproc->p_pid) == NULL) return (curproc->p_pid); for (int i = 0; i < 16; i++) { uint32_t nl_port = (arc4random() % 65536) + 65536 * 4; if (nl_port_lookup(nl_port) == 0) return (nl_port); NL_LOG(LOG_DEBUG3, "tried %u\n", nl_port); } return (curproc->p_pid); } static int nl_bind_locked(struct nlpcb *nlp, struct sockaddr_nl *snl) { if (nlp->nl_bound) { if (nlp->nl_port != snl->nl_pid) { NL_LOG(LOG_DEBUG, "bind() failed: program pid %d " "is different from provided pid %d", nlp->nl_port, snl->nl_pid); return (EINVAL); // XXX: better error } } else { if (snl->nl_pid == 0) snl->nl_pid = nl_find_port(); if (nl_port_lookup(snl->nl_pid) != NULL) return (EADDRINUSE); nlp->nl_port = snl->nl_pid; nlp->nl_bound = true; CK_LIST_INSERT_HEAD(&V_nl_ctl->ctl_port_head, nlp, nl_port_next); } for (int i = 0; i < 32; i++) { if (snl->nl_groups & ((uint32_t)1 << i)) nl_add_group_locked(nlp, i + 1); else nl_del_group_locked(nlp, i + 1); } return (0); } static int nl_pru_attach(struct socket *so, int proto, struct thread *td) { struct nlpcb *nlp; int error; if (__predict_false(netlink_unloading != 0)) return (EAFNOSUPPORT); error = nl_verify_proto(proto); if (error != 0) return (error); bool is_linux = SV_PROC_ABI(td->td_proc) == SV_ABI_LINUX; NL_LOG(LOG_DEBUG2, "socket %p, %sPID %d: attaching socket to %s", so, is_linux ? "(linux) " : "", curproc->p_pid, nl_get_proto_name(proto)); /* Create per-VNET state on first socket init */ struct nl_control *ctl = atomic_load_ptr(&V_nl_ctl); if (ctl == NULL) ctl = vnet_nl_ctl_init(); KASSERT(V_nl_ctl != NULL, ("nl_attach: vnet_sock_init() failed")); MPASS(sotonlpcb(so) == NULL); nlp = malloc(sizeof(struct nlpcb), M_PCB, M_WAITOK | M_ZERO); error = soreserve(so, nl_sendspace, nl_recvspace); if (error != 0) { free(nlp, M_PCB); return (error); } so->so_pcb = nlp; nlp->nl_socket = so; /* Copy so_cred to avoid having socket_var.h in every header */ nlp->nl_cred = so->so_cred; nlp->nl_proto = proto; nlp->nl_process_id = curproc->p_pid; nlp->nl_linux = is_linux; nlp->nl_active = true; NLP_LOCK_INIT(nlp); refcount_init(&nlp->nl_refcount, 1); nl_init_io(nlp); nlp->nl_taskqueue = taskqueue_create("netlink_socket", M_WAITOK, taskqueue_thread_enqueue, &nlp->nl_taskqueue); TASK_INIT(&nlp->nl_task, 0, nl_taskqueue_handler, nlp); taskqueue_start_threads(&nlp->nl_taskqueue, 1, PWAIT, "netlink_socket (PID %u)", nlp->nl_process_id); NLCTL_WLOCK(ctl); /* XXX: check ctl is still alive */ CK_LIST_INSERT_HEAD(&ctl->ctl_pcb_head, nlp, nl_next); NLCTL_WUNLOCK(ctl); soisconnected(so); return (0); } static void nl_pru_abort(struct socket *so) { NL_LOG(LOG_DEBUG3, "socket %p, PID %d", so, curproc->p_pid); MPASS(sotonlpcb(so) != NULL); soisdisconnected(so); } static int nl_pru_bind(struct socket *so, struct sockaddr *sa, struct thread *td) { struct nl_control *ctl = atomic_load_ptr(&V_nl_ctl); struct nlpcb *nlp = sotonlpcb(so); struct sockaddr_nl *snl = (struct sockaddr_nl *)sa; int error; NL_LOG(LOG_DEBUG3, "socket %p, PID %d", so, curproc->p_pid); if (snl->nl_len != sizeof(*snl)) { NL_LOG(LOG_DEBUG, "socket %p, wrong sizeof(), ignoring bind()", so); return (EINVAL); } NLCTL_WLOCK(ctl); NLP_LOCK(nlp); error = nl_bind_locked(nlp, snl); NLP_UNLOCK(nlp); NLCTL_WUNLOCK(ctl); NL_LOG(LOG_DEBUG2, "socket %p, bind() to %u, groups %u, error %d", so, snl->nl_pid, snl->nl_groups, error); return (error); } static int nl_assign_port(struct nlpcb *nlp, uint32_t port_id) { struct nl_control *ctl = atomic_load_ptr(&V_nl_ctl); struct sockaddr_nl snl = { .nl_pid = port_id, }; int error; NLCTL_WLOCK(ctl); NLP_LOCK(nlp); snl.nl_groups = nl_get_groups_compat(nlp); error = nl_bind_locked(nlp, &snl); NLP_UNLOCK(nlp); NLCTL_WUNLOCK(ctl); NL_LOG(LOG_DEBUG3, "socket %p, port assign: %d, error: %d", nlp->nl_socket, port_id, error); return (error); } /* * nl_autobind_port binds a unused portid to @nlp * @nlp: pcb data for the netlink socket * @candidate_id: first id to consider */ static int nl_autobind_port(struct nlpcb *nlp, uint32_t candidate_id) { struct nl_control *ctl = atomic_load_ptr(&V_nl_ctl); uint32_t port_id = candidate_id; NLCTL_TRACKER; bool exist; int error; for (int i = 0; i < 10; i++) { NL_LOG(LOG_DEBUG3, "socket %p, trying to assign port %d", nlp->nl_socket, port_id); NLCTL_RLOCK(ctl); exist = nl_port_lookup(port_id) != 0; NLCTL_RUNLOCK(ctl); if (!exist) { error = nl_assign_port(nlp, port_id); if (error != EADDRINUSE) break; } port_id++; } NL_LOG(LOG_DEBUG3, "socket %p, autobind to %d, error: %d", nlp->nl_socket, port_id, error); return (error); } static int nl_pru_connect(struct socket *so, struct sockaddr *sa, struct thread *td) { struct sockaddr_nl *snl = (struct sockaddr_nl *)sa; struct nlpcb *nlp; NL_LOG(LOG_DEBUG3, "socket %p, PID %d", so, curproc->p_pid); if (snl->nl_len != sizeof(*snl)) { NL_LOG(LOG_DEBUG, "socket %p, wrong sizeof(), ignoring bind()", so); return (EINVAL); } nlp = sotonlpcb(so); if (!nlp->nl_bound) { int error = nl_autobind_port(nlp, td->td_proc->p_pid); if (error != 0) { NL_LOG(LOG_DEBUG, "socket %p, nl_autobind() failed: %d", so, error); return (error); } } /* XXX: Handle socket flags & multicast */ soisconnected(so); NL_LOG(LOG_DEBUG2, "socket %p, connect to %u", so, snl->nl_pid); return (0); } static void destroy_nlpcb(struct nlpcb *nlp) { NLP_LOCK(nlp); nl_free_io(nlp); NLP_LOCK_DESTROY(nlp); free(nlp, M_PCB); } static void destroy_nlpcb_epoch(epoch_context_t ctx) { struct nlpcb *nlp; nlp = __containerof(ctx, struct nlpcb, nl_epoch_ctx); destroy_nlpcb(nlp); } static void nl_pru_detach(struct socket *so) { struct nl_control *ctl = atomic_load_ptr(&V_nl_ctl); MPASS(sotonlpcb(so) != NULL); struct nlpcb *nlp; NL_LOG(LOG_DEBUG2, "detaching socket %p, PID %d", so, curproc->p_pid); nlp = sotonlpcb(so); /* Mark as inactive so no new work can be enqueued */ NLP_LOCK(nlp); bool was_bound = nlp->nl_bound; nlp->nl_active = false; NLP_UNLOCK(nlp); /* Wait till all scheduled work has been completed */ taskqueue_drain_all(nlp->nl_taskqueue); taskqueue_free(nlp->nl_taskqueue); NLCTL_WLOCK(ctl); NLP_LOCK(nlp); if (was_bound) { CK_LIST_REMOVE(nlp, nl_port_next); NL_LOG(LOG_DEBUG3, "socket %p, unlinking bound pid %u", so, nlp->nl_port); } CK_LIST_REMOVE(nlp, nl_next); nlp->nl_socket = NULL; NLP_UNLOCK(nlp); NLCTL_WUNLOCK(ctl); so->so_pcb = NULL; NL_LOG(LOG_DEBUG3, "socket %p, detached", so); /* XXX: is delayed free needed? */ NET_EPOCH_CALL(destroy_nlpcb_epoch, &nlp->nl_epoch_ctx); } static int nl_pru_disconnect(struct socket *so) { NL_LOG(LOG_DEBUG3, "socket %p, PID %d", so, curproc->p_pid); MPASS(sotonlpcb(so) != NULL); return (ENOTCONN); } static int nl_pru_peeraddr(struct socket *so, struct sockaddr **sa) { NL_LOG(LOG_DEBUG3, "socket %p, PID %d", so, curproc->p_pid); MPASS(sotonlpcb(so) != NULL); return (ENOTCONN); } static int nl_pru_shutdown(struct socket *so) { NL_LOG(LOG_DEBUG3, "socket %p, PID %d", so, curproc->p_pid); MPASS(sotonlpcb(so) != NULL); socantsendmore(so); return (0); } static int nl_pru_sockaddr(struct socket *so, struct sockaddr **sa) { struct sockaddr_nl *snl; snl = malloc(sizeof(struct sockaddr_nl), M_SONAME, M_WAITOK | M_ZERO); /* TODO: set other fields */ snl->nl_len = sizeof(struct sockaddr_nl); snl->nl_family = AF_NETLINK; snl->nl_pid = sotonlpcb(so)->nl_port; *sa = (struct sockaddr *)snl; return (0); } static void nl_pru_close(struct socket *so) { NL_LOG(LOG_DEBUG3, "socket %p, PID %d", so, curproc->p_pid); MPASS(sotonlpcb(so) != NULL); soisdisconnected(so); } static int nl_pru_output(struct mbuf *m, struct socket *so, ...) { if (__predict_false(m == NULL || ((m->m_len < sizeof(struct nlmsghdr)) && (m = m_pullup(m, sizeof(struct nlmsghdr))) == NULL))) return (ENOBUFS); MPASS((m->m_flags & M_PKTHDR) != 0); NL_LOG(LOG_DEBUG3, "sending message to kernel async processing"); nl_receive_async(m, so); return (0); } static int nl_pru_send(struct socket *so, int flags, struct mbuf *m, struct sockaddr *sa, struct mbuf *control, struct thread *td) { NL_LOG(LOG_DEBUG2, "sending message to kernel"); if (__predict_false(control != NULL)) { if (control->m_len) { m_freem(control); return (EINVAL); } m_freem(control); } return (nl_pru_output(m, so)); } static int nl_pru_rcvd(struct socket *so, int flags) { NL_LOG(LOG_DEBUG3, "socket %p, PID %d", so, curproc->p_pid); MPASS(sotonlpcb(so) != NULL); nl_on_transmit(sotonlpcb(so)); return (0); } static int nl_getoptflag(int sopt_name) { switch (sopt_name) { case NETLINK_CAP_ACK: return (NLF_CAP_ACK); case NETLINK_EXT_ACK: return (NLF_EXT_ACK); case NETLINK_GET_STRICT_CHK: return (NLF_STRICT); } return (0); } static int nl_ctloutput(struct socket *so, struct sockopt *sopt) { struct nl_control *ctl = atomic_load_ptr(&V_nl_ctl); struct nlpcb *nlp = sotonlpcb(so); uint32_t flag; int optval, error = 0; NLCTL_TRACKER; NL_LOG(LOG_DEBUG2, "%ssockopt(%p, %d)", (sopt->sopt_dir) ? "set" : "get", so, sopt->sopt_name); switch (sopt->sopt_dir) { case SOPT_SET: switch (sopt->sopt_name) { case NETLINK_ADD_MEMBERSHIP: case NETLINK_DROP_MEMBERSHIP: sooptcopyin(sopt, &optval, sizeof(optval), sizeof(optval)); if (optval <= 0 || optval >= NLP_MAX_GROUPS) { error = ERANGE; break; } NL_LOG(LOG_DEBUG2, "ADD/DEL group %d", (uint32_t)optval); NLCTL_WLOCK(ctl); if (sopt->sopt_name == NETLINK_ADD_MEMBERSHIP) nl_add_group_locked(nlp, optval); else nl_del_group_locked(nlp, optval); NLCTL_WUNLOCK(ctl); break; case NETLINK_CAP_ACK: case NETLINK_EXT_ACK: case NETLINK_GET_STRICT_CHK: sooptcopyin(sopt, &optval, sizeof(optval), sizeof(optval)); flag = nl_getoptflag(sopt->sopt_name); NLCTL_WLOCK(ctl); if (optval != 0) nlp->nl_flags |= flag; else nlp->nl_flags &= ~flag; NLCTL_WUNLOCK(ctl); break; default: error = ENOPROTOOPT; } break; case SOPT_GET: switch (sopt->sopt_name) { case NETLINK_LIST_MEMBERSHIPS: NLCTL_RLOCK(ctl); optval = nl_get_groups_compat(nlp); NLCTL_RUNLOCK(ctl); error = sooptcopyout(sopt, &optval, sizeof(optval)); break; case NETLINK_CAP_ACK: case NETLINK_EXT_ACK: case NETLINK_GET_STRICT_CHK: NLCTL_RLOCK(ctl); optval = (nlp->nl_flags & nl_getoptflag(sopt->sopt_name)) != 0; NLCTL_RUNLOCK(ctl); error = sooptcopyout(sopt, &optval, sizeof(optval)); break; default: error = ENOPROTOOPT; } break; default: error = ENOPROTOOPT; } return (error); } #if 0 static int nl_setsbopt(struct socket *so, struct sockopt *sopt) { int error, optval; bool result; if (sopt->sopt_name != SO_RCVBUF) return (sbsetopt(so, sopt)); /* Allow to override max buffer size in certain conditions */ error = sooptcopyin(sopt, &optval, sizeof optval, sizeof optval); if (error != 0) return (error); NL_LOG(LOG_DEBUG2, "socket %p, PID %d, SO_RCVBUF=%d", so, curproc->p_pid, optval); if (optval > sb_max_adj) { if (priv_check(curthread, PRIV_NET_ROUTE) != 0) return (EPERM); } SOCK_RECVBUF_LOCK(so); result = sbreserve_locked_limit(so, SO_RCV, optval, nl_maxsockbuf, curthread); SOCK_RECVBUF_UNLOCK(so); return (result ? 0 : ENOBUFS); } #endif struct pr_usrreqs nl_usrreqs = { .pru_abort = nl_pru_abort, .pru_attach = nl_pru_attach, .pru_bind = nl_pru_bind, .pru_connect = nl_pru_connect, .pru_detach = nl_pru_detach, .pru_disconnect = nl_pru_disconnect, .pru_peeraddr = nl_pru_peeraddr, .pru_send = nl_pru_send, //.pru_soreceive = soreceive_dgram, //.pru_sosend = sosend_dgram, .pru_shutdown = nl_pru_shutdown, .pru_sockaddr = nl_pru_sockaddr, //.pru_sosetlabel = in_pcbsosetlabel, .pru_close = nl_pru_close, }; static struct domain netlinkdomain; -static struct protosw netlinksw = { +static struct protosw netlinksw[] = { +{ .pr_type = SOCK_RAW, .pr_domain = &netlinkdomain, .pr_protocol = 0, // IPPROTO_UDP .pr_flags = PR_ATOMIC | PR_ADDR | PR_WANTRCVD, .pr_ctloutput = nl_ctloutput, .pr_usrreqs = &nl_usrreqs, +}, +{ + .pr_type = SOCK_DGRAM, + .pr_domain = &netlinkdomain, + .pr_protocol = 0, // IPPROTO_UDP + .pr_flags = PR_ATOMIC | PR_ADDR | PR_WANTRCVD, + .pr_ctloutput = nl_ctloutput, + .pr_usrreqs = &nl_usrreqs, +} }; static struct domain netlinkdomain = { .dom_family = AF_NETLINK, .dom_name = "netlink", #ifdef DOMF_UNLOADABLE .dom_flags = DOMF_UNLOADABLE, #endif - .dom_protosw = &netlinksw, - .dom_protoswNPROTOSW = (&netlinksw + 1), + .dom_protosw = &netlinksw[0], + .dom_protoswNPROTOSW = (&netlinksw[0] + 2), }; DOMAIN_SET(netlink); diff --git a/tests/sys/netlink/test_nl_core.py b/tests/sys/netlink/test_nl_core.py new file mode 100644 index 000000000000..7af421a929dc --- /dev/null +++ b/tests/sys/netlink/test_nl_core.py @@ -0,0 +1,33 @@ +import errno +import socket + +import pytest +from atf_python.sys.net.netlink import NetlinkTestTemplate +from atf_python.sys.net.netlink import NlConst +from atf_python.sys.net.vnet import SingleVnetTestTemplate + + +class TestNlCore(NetlinkTestTemplate, SingleVnetTestTemplate): + @pytest.mark.parametrize( + "params", + [ + pytest.param({"type": socket.SOCK_RAW}, id="SOCK_RAW"), + pytest.param({"type": socket.SOCK_DGRAM}, id="SOCK_DGRAM"), + ], + ) + def test_socket_type(self, params): + s = socket.socket(NlConst.AF_NETLINK, params["type"], NlConst.NETLINK_ROUTE) + s.close() + + @pytest.mark.parametrize( + "params", + [ + pytest.param({"type": socket.SOCK_STREAM}, id="SOCK_STREAM"), + pytest.param({"type": socket.SOCK_RDM}, id="SOCK_RDM"), + pytest.param({"type": socket.SOCK_SEQPACKET}, id="SOCK_SEQPACKET"), + ], + ) + def test_socket_type_unsup(self, params): + with pytest.raises(OSError) as exc_info: + socket.socket(NlConst.AF_NETLINK, params["type"], NlConst.NETLINK_ROUTE) + assert exc_info.value.errno == errno.EPROTOTYPE