This change exports interface capabilities using the standard
Netlink attribute type, bitset, and switches `ifconfig(8)` to use
it when displaying interface data.
Bitset comes in two representations. The first one is "compact",
where the bits are exported via two arrays - "mask" listing the
"valid" bits and "values, providing the values for those bits.
The second one is more verbose, listing each bit as a separate item,
with its name, id and value. The latter option is handy when submitting
update requests.
The support for setting capabilities will be added in the upcoming diffs.
Differential Revision: https://reviews.freebsd.org/D40331
The amd64-gcc12 build was failing with `error: 'devctl_systems' defined
but not used`. Just move it to the C file where it's used.
PR: 271903
Sponsored by: The FreeBSD Foundation
Continue D40356 and switch the remaining parts of mbuf-related
code to the Netlink mbufs.
Reviewed By: gallatin
Differential Revision: https://reviews.freebsd.org/D40368
MFC after: 2 weeks
Hooked to devctl_notify, this allows consumers to received events
by subscribing to a system over a generic netlink protocol
Reviewed by: imp, melifaro
Differential Revision: https://reviews.freebsd.org/D37574
Some context on the current IPv6 interface setup & address management:
There are two data path for IPv6 initialisation in context of assigning
LL addresses:
1) Userland explicitly requests IFF_UP for the interface w/o any addresses.
if_up() then calls in6_if_up(), which calls in6_ifattach().
The latter sets up some initial ND/IN6 state and disables IPv6 for the
interface if it’s not loopback. If the interface is loopback, then it
adds ::1/128 and LL addresses via in6_ifattach_loopback().
Then, devd notification is generated (if the VNET is the default one),
which triggers rc.network ifconfig_up(), causing ifdisabled to be removed
via SIOCSIFINFO_IN6 from ifconfig. The kernel SIOCSIFINFO_IN6 handler
calls in6_if_up() once again and it assigns the interface link-local address.
2) Userland adds IPv4 or IPv6 address to the interface. SIOCAIFADDR[_IN6]
kernel handler calls IPv4/IPv6 protocol handler to add the address.
Both then call if_ioctl() with SIOCSIFADDR. Ethernet/loopback ioctl handlers
silently sets IFF_UP for the interface. Finally, if.c:ifioctl() wrapper code
compares old and new interface flags and, if IFF_UP is added, it explicitly
calls in6_if_up(), which adds link-local address if either the original
address is IPv6 or the interface is loopback.
In the latter case, “formal” interface-up notifications are missing.
The kernel does not trigger event handler event, does not call carp hook
and does not provide any userland notification.
This diff unifies the event handling in both scenarios, providing the
necessary notifications to the kernel and userland.
Reviewed By: kp
Differential Revision: https://reviews.freebsd.org/D40332
MFC after: 2 weeks
Netlink communicates with userland via sockets, utilising
MCLBYTES-sized mbufs to append data to the socket buffers.
These mbufs are never transmitted via logical or physical network.
It may be possible that the 2k mbuf zone is temporary exhausted
due to the DDoS-style traffic, leading to Netlink failure to
respond to the requests.
To address it, this change introduces a custom Netlink-specific
zone for the mbuf storage. It has the following benefits:
* no precious memory from UMA_ZONE_CONTIG zones is utilized for Netlink
* Netlink becomes (more) independent from the traffic spikes and
other related network "corner" conditions.
* Netlink allocations are now isolated within a specific zone, making it
easier to track Netlink mbuf usage and attribute mbufs.
Reviewed by: gallatin, adrian
Differential Revision: https://reviews.freebsd.org/D40356
MFC after: 2 weeks
Adding P2P addresses is complex in both ioctl and Netlink.
In the ioctl interface, "broadcast" field is the same field as the
"peer". In is possible to specify non-p2p address for the p2p
interface in IPv6, but not in IPv4.
In the Netlink interface, "address" field means "peer" address.
As a result, a common notion for the Netlink users is to submit
same address/peer for non-P2P interfaces.
This change customises mapping the attribute on per-family basis.
Specifically,
for IPv4 - if the interface is P2P, assume "address" is p2p and
"local" is the address. If the interfase is non-p2p, use "local"
attribute as the address. If it's not set, use "address" attribute.
for IPv6 - start with "local" attribute as the address. If it's not set,
use use "address" attribute. If both are set and both are the same,
assume non p2p, otherwise add as p2p.
MFC after: 2 weeks
Reported by: jkim
up.
This change fixes the case when the first address added to the interface
is IPv6 GU address. Before the change, IPv6 LL addition was not
triggered.
PR: 271661
MFC after: 2 weeks
This provides compatibility with ifioctl() version of SIOCAIFADDR.
This change is temporary until the IPv4/IPv6 address handling code
is moved to netinet[6].
It is primarily used for adding scopeid to the IPv6 link-local
sockaddrs. Having proper sockaddrs after parsing minimises the
possibility of human mistake when using the parsing.
MFC after: 2 weeks
The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch
up to that fact and revert to their recommended match of BSD-2-Clause.
Discussed with: pfg
MFC After: 3 days
Sponsored by: Netflix
Reduce the default log level for netlink to LOG_INFO. This removes a
number of messages such as
> [nl_iface] dump_sa: unsupported family: 0, skipping
or
> [nl_iface] get_operstate_ether: error calling SIOCGIFMEDIA on vlan0: 22
that are useful for debugging, but not for most users.
Reviewed by: melifaro
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D40062
* Fill in IFA_CACHEINFO with prefix lifetime data
* Map IPv6 IN6_IFF_ flags to Netlink IFA_F_ flags
* Store original ia6_flags in the FreeBSD-specific IFAF_FLAGS field
MFC after: 2 weeks
Add the optional post-parse hook to the snl(3) parser declaration.
Use this hook to automatically add the interface indexes to the
link-local sockaddrs.
MFC after: 2 weeks
Currently, parsers use original strings/nla pointers instead of
duplicating them. These pointers refer to the temporary packet buffer,
which can be silently rewritten when the next message is read.
Instead, duplicate all string/nla attributes using snl_allocz(3) to
give control over variable lifetime to the user.
MFC after: 2 weeks
There were two issues with the carp key configuration in the new netlink
code.
The first is that userspace failed to actually pass the CARP_NL_KEY
attribute to the kernel, so a key was never set.
The second issue is that snl_attr_get_string() returns a pointer to the
string inside the netlink message. It does not copy the string to the
target buffer. That's somewhat inconvenient to work with in libifconfig
where we have a static buffer for the key.
Introduce snl_attr_copy_string() which can copy a string to a target
buffer and uses the 'arg' parameter to pass the buffer size, so it
doesn't accidentally exceed the available space.
Reviewed by: melifaro
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D39874
Replacing rtsock with netlink also means providing similar tracing facilities,
rtsock provides `route -n monitor` interface, where each message can be traced
to the originating PID.
This diff closes the feature gap between rtsock and netlink in that regard.
Netlink works slightly differently from rtsock, as it is a generic message
"broker". It calls some kernel KPIs and returns the result to the caller.
Other Netlink consumers gets notified on the changed kernel state using the
relevant subsystem callbacks. Typically, it is close to impossible to pass
some data through these KPIs to enhance the notification.
This diff approaches the problem by using osd(9) to assign the relevant
socket pointer (`'nlp`) to the per-socket taskqueue execution thread.
This change allows to recover the pointer in the aforementioned notification
callbacks and extract some additional data.
Using `osd(9)` (and adding additional metadata) to the notification receiver
comes with some additional cost attached, so this interface needs to be
enabled explicitly by using a newly-created `NETLINK_MSG_INFO` `SOL_NETLINK`
socket option.
The actual medatadata (which includes the originator PID) is provided via
control messages. To enable extensibility, the control message data is
encoded in the standard netlink(TLV-based) fashion. The list of the
currently-provided properties can be found in `nlmsginfo_attrs`.
snl(3) is extended to enable decoding of netlink messages with metadata
(`snl_read_message_dbg()` stores the parsed structure in the provided buffer).
Differential Revision: https://reviews.freebsd.org/D39391
* Move LLT_ADDEDPROXY handling into lltable_link_entry() to
reduct duplication
* Use standard lltable_delete_addr() for entry deletion
* Add (forgotten) call to llt_post_resolved handler after
adding the entry via netlink.
MFC after: 2 weeks
This change adds netlink create/modify/dump interfaces to the `if_clone.c`.
The previous attempt with storing the logic inside `netlink/route/iface_drivers.c`
did not quite work, as, for example, dumping interface-specific state
(like vlan id or vlan parent) required some peeking into the private interfaces.
The new interfaces are added in a compatible way - callers don't have to do anything
unless they are extended with Netlink.
Reviewed by: kp
Differential Revision: https://reviews.freebsd.org/D39032
MFC after: 1 month
