1 /* 2 * netifd - network interface daemon 3 * Copyright (C) 2012 Felix Fietkau <nbd@openwrt.org> 4 * Copyright (C) 2013 Jo-Philipp Wich <jow@openwrt.org> 5 * Copyright (C) 2013 Steven Barth <steven@midlink.org> 6 * Copyright (C) 2014 Gioacchino Mazzurco <gio@eigenlab.org> 7 * Copyright (C) 2017 Matthias Schiffer <mschiffer@universe-factory.net> 8 * Copyright (C) 2018 Hans Dedecker <dedeckeh@gmail.com> 9 * 10 * This program is free software; you can redistribute it and/or modify 11 * it under the terms of the GNU General Public License version 2 12 * as published by the Free Software Foundation 13 * 14 * This program is distributed in the hope that it will be useful, 15 * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 * GNU General Public License for more details. 18 */ 19 #define _GNU_SOURCE 20 21 #include <sys/socket.h> 22 #include <sys/ioctl.h> 23 #include <sys/stat.h> 24 #include <sys/syscall.h> 25 26 #include <net/if.h> 27 #include <net/if_arp.h> 28 29 #include <limits.h> 30 #include <arpa/inet.h> 31 #include <netinet/in.h> 32 #include <netinet/ether.h> 33 34 #include <linux/rtnetlink.h> 35 #include <linux/neighbour.h> 36 #include <linux/sockios.h> 37 #include <linux/ip.h> 38 #include <linux/if_addr.h> 39 #include <linux/if_link.h> 40 #include <linux/if_vlan.h> 41 #include <linux/if_bridge.h> 42 #include <linux/if_tunnel.h> 43 #include <linux/ip6_tunnel.h> 44 #include <linux/ethtool.h> 45 #include <linux/fib_rules.h> 46 #include <linux/veth.h> 47 #include <linux/version.h> 48 49 #include <sched.h> 50 51 #ifndef RTN_FAILED_POLICY 52 #define RTN_FAILED_POLICY 12 53 #endif 54 55 #ifndef IFA_F_NOPREFIXROUTE 56 #define IFA_F_NOPREFIXROUTE 0x200 57 #endif 58 59 #ifndef IFA_FLAGS 60 #define IFA_FLAGS (IFA_MULTICAST + 1) 61 #endif 62 63 #include <string.h> 64 #include <fcntl.h> 65 #include <glob.h> 66 #include <time.h> 67 #include <unistd.h> 68 69 #include <netlink/msg.h> 70 #include <netlink/attr.h> 71 #include <netlink/socket.h> 72 #include <libubox/uloop.h> 73 74 #include "netifd.h" 75 #include "device.h" 76 #include "system.h" 77 #include "utils.h" 78 79 struct event_socket { 80 struct uloop_fd uloop; 81 struct nl_sock *sock; 82 int bufsize; 83 }; 84 85 static int sock_ioctl = -1; 86 static struct nl_sock *sock_rtnl = NULL; 87 88 static int cb_rtnl_event(struct nl_msg *msg, void *arg); 89 static void handle_hotplug_event(struct uloop_fd *u, unsigned int events); 90 static int system_add_proto_tunnel(const char *name, const uint8_t proto, 91 const unsigned int link, struct blob_attr **tb); 92 static int __system_del_ip_tunnel(const char *name, struct blob_attr **tb); 93 94 static char dev_buf[256]; 95 96 static void 97 handler_nl_event(struct uloop_fd *u, unsigned int events) 98 { 99 struct event_socket *ev = container_of(u, struct event_socket, uloop); 100 int err; 101 socklen_t errlen = sizeof(err); 102 103 if (!u->error) { 104 nl_recvmsgs_default(ev->sock); 105 return; 106 } 107 108 if (getsockopt(u->fd, SOL_SOCKET, SO_ERROR, (void *)&err, &errlen)) 109 goto abort; 110 111 switch(err) { 112 case ENOBUFS: 113 /* Increase rx buffer size on netlink socket */ 114 ev->bufsize *= 2; 115 if (nl_socket_set_buffer_size(ev->sock, ev->bufsize, 0)) 116 goto abort; 117 118 /* Request full dump since some info got dropped */ 119 struct rtgenmsg msg = { .rtgen_family = AF_UNSPEC }; 120 nl_send_simple(ev->sock, RTM_GETLINK, NLM_F_DUMP, &msg, sizeof(msg)); 121 break; 122 123 default: 124 goto abort; 125 } 126 u->error = false; 127 return; 128 129 abort: 130 uloop_fd_delete(&ev->uloop); 131 return; 132 } 133 134 static struct nl_sock * 135 create_socket(int protocol, int groups) 136 { 137 struct nl_sock *sock; 138 139 sock = nl_socket_alloc(); 140 if (!sock) 141 return NULL; 142 143 if (groups) 144 nl_join_groups(sock, groups); 145 146 if (nl_connect(sock, protocol)) { 147 nl_socket_free(sock); 148 return NULL; 149 } 150 151 return sock; 152 } 153 154 static bool 155 create_raw_event_socket(struct event_socket *ev, int protocol, int groups, 156 uloop_fd_handler cb, int flags) 157 { 158 ev->sock = create_socket(protocol, groups); 159 if (!ev->sock) 160 return false; 161 162 ev->uloop.fd = nl_socket_get_fd(ev->sock); 163 ev->uloop.cb = cb; 164 if (uloop_fd_add(&ev->uloop, ULOOP_READ|flags)) 165 return false; 166 167 return true; 168 } 169 170 static bool 171 create_event_socket(struct event_socket *ev, int protocol, 172 int (*cb)(struct nl_msg *msg, void *arg)) 173 { 174 if (!create_raw_event_socket(ev, protocol, 0, handler_nl_event, ULOOP_ERROR_CB)) 175 return false; 176 177 /* Install the valid custom callback handler */ 178 nl_socket_modify_cb(ev->sock, NL_CB_VALID, NL_CB_CUSTOM, cb, NULL); 179 180 /* Disable sequence number checking on event sockets */ 181 nl_socket_disable_seq_check(ev->sock); 182 183 /* Increase rx buffer size to 65K on event sockets */ 184 ev->bufsize = 65535; 185 if (nl_socket_set_buffer_size(ev->sock, ev->bufsize, 0)) 186 return false; 187 188 return true; 189 } 190 191 static bool 192 create_hotplug_event_socket(struct event_socket *ev, int protocol, 193 void (*cb)(struct uloop_fd *u, unsigned int events)) 194 { 195 if (!create_raw_event_socket(ev, protocol, 1, cb, ULOOP_ERROR_CB)) 196 return false; 197 198 /* Increase rx buffer size to 65K on event sockets */ 199 ev->bufsize = 65535; 200 if (nl_socket_set_buffer_size(ev->sock, ev->bufsize, 0)) 201 return false; 202 203 return true; 204 } 205 206 static bool 207 system_rtn_aton(const char *src, unsigned int *dst) 208 { 209 char *e; 210 unsigned int n; 211 212 if (!strcmp(src, "local")) 213 n = RTN_LOCAL; 214 else if (!strcmp(src, "nat")) 215 n = RTN_NAT; 216 else if (!strcmp(src, "broadcast")) 217 n = RTN_BROADCAST; 218 else if (!strcmp(src, "anycast")) 219 n = RTN_ANYCAST; 220 else if (!strcmp(src, "multicast")) 221 n = RTN_MULTICAST; 222 else if (!strcmp(src, "prohibit")) 223 n = RTN_PROHIBIT; 224 else if (!strcmp(src, "unreachable")) 225 n = RTN_UNREACHABLE; 226 else if (!strcmp(src, "blackhole")) 227 n = RTN_BLACKHOLE; 228 else if (!strcmp(src, "xresolve")) 229 n = RTN_XRESOLVE; 230 else if (!strcmp(src, "unicast")) 231 n = RTN_UNICAST; 232 else if (!strcmp(src, "throw")) 233 n = RTN_THROW; 234 else if (!strcmp(src, "failed_policy")) 235 n = RTN_FAILED_POLICY; 236 else { 237 n = strtoul(src, &e, 0); 238 if (!e || *e || e == src || n > 255) 239 return false; 240 } 241 242 *dst = n; 243 return true; 244 } 245 246 static bool 247 system_tos_aton(const char *src, unsigned *dst) 248 { 249 char *e; 250 251 *dst = strtoul(src, &e, 16); 252 if (e == src || *e || *dst > 255) 253 return false; 254 255 return true; 256 } 257 258 int system_init(void) 259 { 260 static struct event_socket rtnl_event; 261 static struct event_socket hotplug_event; 262 263 sock_ioctl = socket(AF_LOCAL, SOCK_DGRAM, 0); 264 system_fd_set_cloexec(sock_ioctl); 265 266 /* Prepare socket for routing / address control */ 267 sock_rtnl = create_socket(NETLINK_ROUTE, 0); 268 if (!sock_rtnl) 269 return -1; 270 271 if (!create_event_socket(&rtnl_event, NETLINK_ROUTE, cb_rtnl_event)) 272 return -1; 273 274 if (!create_hotplug_event_socket(&hotplug_event, NETLINK_KOBJECT_UEVENT, 275 handle_hotplug_event)) 276 return -1; 277 278 /* Receive network link events form kernel */ 279 nl_socket_add_membership(rtnl_event.sock, RTNLGRP_LINK); 280 281 return 0; 282 } 283 284 static void system_set_sysctl(const char *path, const char *val) 285 { 286 int fd; 287 288 fd = open(path, O_WRONLY); 289 if (fd < 0) 290 return; 291 292 if (write(fd, val, strlen(val))) {} 293 close(fd); 294 } 295 296 static void system_set_dev_sysctl(const char *path, const char *device, const char *val) 297 { 298 snprintf(dev_buf, sizeof(dev_buf), path, device); 299 system_set_sysctl(dev_buf, val); 300 } 301 302 static void system_set_disable_ipv6(struct device *dev, const char *val) 303 { 304 system_set_dev_sysctl("/proc/sys/net/ipv6/conf/%s/disable_ipv6", dev->ifname, val); 305 } 306 307 static void system_set_ip6segmentrouting(struct device *dev, const char *val) 308 { 309 system_set_dev_sysctl("/proc/sys/net/ipv6/conf/%s/seg6_enabled", dev->ifname, val); 310 } 311 312 static void system_set_rpfilter(struct device *dev, const char *val) 313 { 314 system_set_dev_sysctl("/proc/sys/net/ipv4/conf/%s/rp_filter", dev->ifname, val); 315 } 316 317 static void system_set_acceptlocal(struct device *dev, const char *val) 318 { 319 system_set_dev_sysctl("/proc/sys/net/ipv4/conf/%s/accept_local", dev->ifname, val); 320 } 321 322 static void system_set_igmpversion(struct device *dev, const char *val) 323 { 324 system_set_dev_sysctl("/proc/sys/net/ipv4/conf/%s/force_igmp_version", dev->ifname, val); 325 } 326 327 static void system_set_mldversion(struct device *dev, const char *val) 328 { 329 system_set_dev_sysctl("/proc/sys/net/ipv6/conf/%s/force_mld_version", dev->ifname, val); 330 } 331 332 static void system_set_neigh4reachabletime(struct device *dev, const char *val) 333 { 334 system_set_dev_sysctl("/proc/sys/net/ipv4/neigh/%s/base_reachable_time_ms", dev->ifname, val); 335 } 336 337 static void system_set_neigh6reachabletime(struct device *dev, const char *val) 338 { 339 system_set_dev_sysctl("/proc/sys/net/ipv6/neigh/%s/base_reachable_time_ms", dev->ifname, val); 340 } 341 342 static void system_set_neigh4gcstaletime(struct device *dev, const char *val) 343 { 344 system_set_dev_sysctl("/proc/sys/net/ipv4/neigh/%s/gc_stale_time", dev->ifname, val); 345 } 346 347 static void system_set_neigh6gcstaletime(struct device *dev, const char *val) 348 { 349 system_set_dev_sysctl("/proc/sys/net/ipv6/neigh/%s/gc_stale_time", dev->ifname, val); 350 } 351 352 static void system_set_neigh4locktime(struct device *dev, const char *val) 353 { 354 system_set_dev_sysctl("/proc/sys/net/ipv4/neigh/%s/locktime", dev->ifname, val); 355 } 356 357 static void system_set_dadtransmits(struct device *dev, const char *val) 358 { 359 system_set_dev_sysctl("/proc/sys/net/ipv6/conf/%s/dad_transmits", dev->ifname, val); 360 } 361 362 static void system_set_sendredirects(struct device *dev, const char *val) 363 { 364 system_set_dev_sysctl("/proc/sys/net/ipv4/conf/%s/send_redirects", dev->ifname, val); 365 } 366 367 static void system_set_drop_v4_unicast_in_l2_multicast(struct device *dev, const char *val) 368 { 369 system_set_dev_sysctl("/proc/sys/net/ipv4/conf/%s/drop_unicast_in_l2_multicast", dev->ifname, val); 370 } 371 372 static void system_set_drop_v6_unicast_in_l2_multicast(struct device *dev, const char *val) 373 { 374 system_set_dev_sysctl("/proc/sys/net/ipv6/conf/%s/drop_unicast_in_l2_multicast", dev->ifname, val); 375 } 376 377 static void system_set_drop_gratuitous_arp(struct device *dev, const char *val) 378 { 379 system_set_dev_sysctl("/proc/sys/net/ipv4/conf/%s/drop_gratuitous_arp", dev->ifname, val); 380 } 381 382 static void system_set_drop_unsolicited_na(struct device *dev, const char *val) 383 { 384 system_set_dev_sysctl("/proc/sys/net/ipv6/conf/%s/drop_unsolicited_na", dev->ifname, val); 385 } 386 387 static void system_set_arp_accept(struct device *dev, const char *val) 388 { 389 system_set_dev_sysctl("/proc/sys/net/ipv4/conf/%s/arp_accept", dev->ifname, val); 390 } 391 392 static void system_bridge_set_multicast_to_unicast(struct device *dev, const char *val) 393 { 394 system_set_dev_sysctl("/sys/class/net/%s/brport/multicast_to_unicast", dev->ifname, val); 395 } 396 397 static void system_bridge_set_multicast_fast_leave(struct device *dev, const char *val) 398 { 399 system_set_dev_sysctl("/sys/class/net/%s/brport/multicast_fast_leave", dev->ifname, val); 400 } 401 402 static void system_bridge_set_hairpin_mode(struct device *dev, const char *val) 403 { 404 system_set_dev_sysctl("/sys/class/net/%s/brport/hairpin_mode", dev->ifname, val); 405 } 406 407 static void system_bridge_set_isolated(struct device *dev, const char *val) 408 { 409 system_set_dev_sysctl("/sys/class/net/%s/brport/isolated", dev->ifname, val); 410 } 411 412 static void system_bridge_set_multicast_router(struct device *dev, const char *val, bool bridge) 413 { 414 system_set_dev_sysctl(bridge ? "/sys/class/net/%s/bridge/multicast_router" : 415 "/sys/class/net/%s/brport/multicast_router", 416 dev->ifname, val); 417 } 418 419 static void system_bridge_set_robustness(struct device *dev, const char *val) 420 { 421 system_set_dev_sysctl("/sys/devices/virtual/net/%s/bridge/multicast_startup_query_count", 422 dev->ifname, val); 423 system_set_dev_sysctl("/sys/devices/virtual/net/%s/bridge/multicast_last_member_count", 424 dev->ifname, val); 425 } 426 427 static void system_bridge_set_query_interval(struct device *dev, const char *val) 428 { 429 system_set_dev_sysctl("/sys/devices/virtual/net/%s/bridge/multicast_query_interval", 430 dev->ifname, val); 431 } 432 433 static void system_bridge_set_query_response_interval(struct device *dev, const char *val) 434 { 435 system_set_dev_sysctl("/sys/devices/virtual/net/%s/bridge/multicast_query_response_interval", 436 dev->ifname, val); 437 } 438 439 static void system_bridge_set_last_member_interval(struct device *dev, const char *val) 440 { 441 system_set_dev_sysctl("/sys/devices/virtual/net/%s/bridge/multicast_last_member_interval", 442 dev->ifname, val); 443 } 444 445 static void system_bridge_set_membership_interval(struct device *dev, const char *val) 446 { 447 system_set_dev_sysctl("/sys/devices/virtual/net/%s/bridge/multicast_membership_interval", 448 dev->ifname, val); 449 } 450 451 static void system_bridge_set_other_querier_timeout(struct device *dev, const char *val) 452 { 453 system_set_dev_sysctl("/sys/devices/virtual/net/%s/bridge/multicast_querier_interval", 454 dev->ifname, val); 455 } 456 457 static void system_bridge_set_startup_query_interval(struct device *dev, const char *val) 458 { 459 system_set_dev_sysctl("/sys/devices/virtual/net/%s/bridge/multicast_startup_query_interval", 460 dev->ifname, val); 461 } 462 463 static void system_bridge_set_stp_state(struct device *dev, const char *val) 464 { 465 system_set_dev_sysctl("/sys/devices/virtual/net/%s/bridge/stp_state", dev->ifname, val); 466 } 467 468 static void system_bridge_set_forward_delay(struct device *dev, const char *val) 469 { 470 system_set_dev_sysctl("/sys/devices/virtual/net/%s/bridge/forward_delay", dev->ifname, val); 471 } 472 473 static void system_bridge_set_priority(struct device *dev, const char *val) 474 { 475 system_set_dev_sysctl("/sys/devices/virtual/net/%s/bridge/priority", dev->ifname, val); 476 } 477 478 static void system_bridge_set_ageing_time(struct device *dev, const char *val) 479 { 480 system_set_dev_sysctl("/sys/devices/virtual/net/%s/bridge/ageing_time", dev->ifname, val); 481 } 482 483 static void system_bridge_set_hello_time(struct device *dev, const char *val) 484 { 485 system_set_dev_sysctl("/sys/devices/virtual/net/%s/bridge/hello_time", dev->ifname, val); 486 } 487 488 static void system_bridge_set_max_age(struct device *dev, const char *val) 489 { 490 system_set_dev_sysctl("/sys/devices/virtual/net/%s/bridge/max_age", dev->ifname, val); 491 } 492 493 static void system_bridge_set_learning(struct device *dev, const char *val) 494 { 495 system_set_dev_sysctl("/sys/class/net/%s/brport/learning", dev->ifname, val); 496 } 497 498 static void system_bridge_set_unicast_flood(struct device *dev, const char *val) 499 { 500 system_set_dev_sysctl("/sys/class/net/%s/brport/unicast_flood", dev->ifname, val); 501 } 502 503 static void system_bridge_set_vlan_filtering(struct device *dev, const char *val) 504 { 505 system_set_dev_sysctl("/sys/devices/virtual/net/%s/bridge/vlan_filtering", dev->ifname, val); 506 } 507 508 static int system_get_sysctl(const char *path, char *buf, const size_t buf_sz) 509 { 510 int fd = -1, ret = -1; 511 512 fd = open(path, O_RDONLY); 513 if (fd < 0) 514 goto out; 515 516 ssize_t len = read(fd, buf, buf_sz - 1); 517 if (len < 0) 518 goto out; 519 520 ret = buf[len] = 0; 521 522 out: 523 if (fd >= 0) 524 close(fd); 525 526 return ret; 527 } 528 529 static int 530 system_get_dev_sysctl(const char *path, const char *device, char *buf, const size_t buf_sz) 531 { 532 snprintf(dev_buf, sizeof(dev_buf), path, device); 533 return system_get_sysctl(dev_buf, buf, buf_sz); 534 } 535 536 static int system_get_disable_ipv6(struct device *dev, char *buf, const size_t buf_sz) 537 { 538 return system_get_dev_sysctl("/proc/sys/net/ipv6/conf/%s/disable_ipv6", 539 dev->ifname, buf, buf_sz); 540 } 541 542 static int system_get_ip6segmentrouting(struct device *dev, char *buf, const size_t buf_sz) 543 { 544 return system_get_dev_sysctl("/proc/sys/net/ipv6/conf/%s/seg6_enabled", 545 dev->ifname, buf, buf_sz); 546 } 547 548 static int system_get_rpfilter(struct device *dev, char *buf, const size_t buf_sz) 549 { 550 return system_get_dev_sysctl("/proc/sys/net/ipv4/conf/%s/rp_filter", 551 dev->ifname, buf, buf_sz); 552 } 553 554 static int system_get_acceptlocal(struct device *dev, char *buf, const size_t buf_sz) 555 { 556 return system_get_dev_sysctl("/proc/sys/net/ipv4/conf/%s/accept_local", 557 dev->ifname, buf, buf_sz); 558 } 559 560 static int system_get_igmpversion(struct device *dev, char *buf, const size_t buf_sz) 561 { 562 return system_get_dev_sysctl("/proc/sys/net/ipv4/conf/%s/force_igmp_version", 563 dev->ifname, buf, buf_sz); 564 } 565 566 static int system_get_mldversion(struct device *dev, char *buf, const size_t buf_sz) 567 { 568 return system_get_dev_sysctl("/proc/sys/net/ipv6/conf/%s/force_mld_version", 569 dev->ifname, buf, buf_sz); 570 } 571 572 static int system_get_neigh4reachabletime(struct device *dev, char *buf, const size_t buf_sz) 573 { 574 return system_get_dev_sysctl("/proc/sys/net/ipv4/neigh/%s/base_reachable_time_ms", 575 dev->ifname, buf, buf_sz); 576 } 577 578 static int system_get_neigh6reachabletime(struct device *dev, char *buf, const size_t buf_sz) 579 { 580 return system_get_dev_sysctl("/proc/sys/net/ipv6/neigh/%s/base_reachable_time_ms", 581 dev->ifname, buf, buf_sz); 582 } 583 584 static int system_get_neigh4gcstaletime(struct device *dev, char *buf, const size_t buf_sz) 585 { 586 return system_get_dev_sysctl("/proc/sys/net/ipv4/neigh/%s/gc_stale_time", 587 dev->ifname, buf, buf_sz); 588 } 589 590 static int system_get_neigh6gcstaletime(struct device *dev, char *buf, const size_t buf_sz) 591 { 592 return system_get_dev_sysctl("/proc/sys/net/ipv6/neigh/%s/gc_stale_time", 593 dev->ifname, buf, buf_sz); 594 } 595 596 static int system_get_neigh4locktime(struct device *dev, char *buf, const size_t buf_sz) 597 { 598 return system_get_dev_sysctl("/proc/sys/net/ipv4/neigh/%s/locktime", 599 dev->ifname, buf, buf_sz); 600 } 601 602 static int system_get_dadtransmits(struct device *dev, char *buf, const size_t buf_sz) 603 { 604 return system_get_dev_sysctl("/proc/sys/net/ipv6/conf/%s/dad_transmits", 605 dev->ifname, buf, buf_sz); 606 } 607 608 static int system_get_sendredirects(struct device *dev, char *buf, const size_t buf_sz) 609 { 610 return system_get_dev_sysctl("/proc/sys/net/ipv4/conf/%s/send_redirects", 611 dev->ifname, buf, buf_sz); 612 } 613 614 615 static int system_get_drop_v4_unicast_in_l2_multicast(struct device *dev, char *buf, const size_t buf_sz) 616 { 617 return system_get_dev_sysctl("/proc/sys/net/ipv4/conf/%s/drop_unicast_in_l2_multicast", 618 dev->ifname, buf, buf_sz); 619 } 620 621 static int system_get_drop_v6_unicast_in_l2_multicast(struct device *dev, char *buf, const size_t buf_sz) 622 { 623 return system_get_dev_sysctl("/proc/sys/net/ipv6/conf/%s/drop_unicast_in_l2_multicast", 624 dev->ifname, buf, buf_sz); 625 } 626 627 static int system_get_drop_gratuitous_arp(struct device *dev, char *buf, const size_t buf_sz) 628 { 629 return system_get_dev_sysctl("/proc/sys/net/ipv4/conf/%s/drop_gratuitous_arp", 630 dev->ifname, buf, buf_sz); 631 } 632 633 static int system_get_drop_unsolicited_na(struct device *dev, char *buf, const size_t buf_sz) 634 { 635 return system_get_dev_sysctl("/proc/sys/net/ipv6/conf/%s/drop_unsolicited_na", 636 dev->ifname, buf, buf_sz); 637 } 638 639 static int system_get_arp_accept(struct device *dev, char *buf, const size_t buf_sz) 640 { 641 return system_get_dev_sysctl("/proc/sys/net/ipv4/conf/%s/arp_accept", 642 dev->ifname, buf, buf_sz); 643 } 644 645 /* Evaluate netlink messages */ 646 static int cb_rtnl_event(struct nl_msg *msg, void *arg) 647 { 648 struct nlmsghdr *nh = nlmsg_hdr(msg); 649 struct nlattr *nla[__IFLA_MAX]; 650 int link_state = 0; 651 char buf[10]; 652 653 if (nh->nlmsg_type != RTM_NEWLINK) 654 goto out; 655 656 nlmsg_parse(nh, sizeof(struct ifinfomsg), nla, __IFLA_MAX - 1, NULL); 657 if (!nla[IFLA_IFNAME]) 658 goto out; 659 660 struct device *dev = device_find(nla_data(nla[IFLA_IFNAME])); 661 if (!dev) 662 goto out; 663 664 if (!system_get_dev_sysctl("/sys/class/net/%s/carrier", dev->ifname, buf, sizeof(buf))) 665 link_state = strtoul(buf, NULL, 0); 666 667 if (dev->type == &simple_device_type) 668 device_set_present(dev, true); 669 670 device_set_link(dev, link_state ? true : false); 671 672 out: 673 return 0; 674 } 675 676 static void 677 handle_hotplug_msg(char *data, int size) 678 { 679 const char *subsystem = NULL, *interface = NULL, *interface_old = NULL; 680 char *cur, *end, *sep; 681 struct device *dev; 682 int skip; 683 bool add, move = false; 684 685 if (!strncmp(data, "add@", 4)) 686 add = true; 687 else if (!strncmp(data, "remove@", 7)) 688 add = false; 689 else if (!strncmp(data, "move@", 5)) { 690 add = true; 691 move = true; 692 } 693 else 694 return; 695 696 skip = strlen(data) + 1; 697 end = data + size; 698 699 for (cur = data + skip; cur < end; cur += skip) { 700 skip = strlen(cur) + 1; 701 702 sep = strchr(cur, '='); 703 if (!sep) 704 continue; 705 706 *sep = 0; 707 if (!strcmp(cur, "INTERFACE")) 708 interface = sep + 1; 709 else if (!strcmp(cur, "SUBSYSTEM")) { 710 subsystem = sep + 1; 711 if (strcmp(subsystem, "net") != 0) 712 return; 713 } else if (!strcmp(cur, "DEVPATH_OLD")) { 714 interface_old = strrchr(sep + 1, '/'); 715 if (interface_old) 716 interface_old++; 717 } 718 } 719 720 if (subsystem && interface) { 721 if (move && interface_old) 722 goto move; 723 else 724 goto found; 725 } 726 727 return; 728 729 move: 730 dev = device_find(interface_old); 731 if (!dev) 732 return; 733 734 if (dev->type != &simple_device_type) 735 goto found; 736 737 device_set_present(dev, false); 738 739 return; 740 741 found: 742 dev = device_find(interface); 743 if (!dev) 744 return; 745 746 if (dev->type != &simple_device_type) 747 return; 748 749 device_set_present(dev, add); 750 } 751 752 static void 753 handle_hotplug_event(struct uloop_fd *u, unsigned int events) 754 { 755 struct event_socket *ev = container_of(u, struct event_socket, uloop); 756 struct sockaddr_nl nla; 757 unsigned char *buf = NULL; 758 int size; 759 int err; 760 socklen_t errlen = sizeof(err); 761 762 if (!u->error) { 763 while ((size = nl_recv(ev->sock, &nla, &buf, NULL)) > 0) { 764 if (nla.nl_pid == 0) 765 handle_hotplug_msg((char *) buf, size); 766 767 free(buf); 768 } 769 return; 770 } 771 772 if (getsockopt(u->fd, SOL_SOCKET, SO_ERROR, (void *)&err, &errlen)) 773 goto abort; 774 775 switch(err) { 776 case ENOBUFS: 777 /* Increase rx buffer size on netlink socket */ 778 ev->bufsize *= 2; 779 if (nl_socket_set_buffer_size(ev->sock, ev->bufsize, 0)) 780 goto abort; 781 break; 782 783 default: 784 goto abort; 785 } 786 u->error = false; 787 return; 788 789 abort: 790 uloop_fd_delete(&ev->uloop); 791 return; 792 } 793 794 static int system_rtnl_call(struct nl_msg *msg) 795 { 796 int ret; 797 798 ret = nl_send_auto_complete(sock_rtnl, msg); 799 nlmsg_free(msg); 800 801 if (ret < 0) 802 return ret; 803 804 return nl_wait_for_ack(sock_rtnl); 805 } 806 807 int system_bridge_delbr(struct device *bridge) 808 { 809 return ioctl(sock_ioctl, SIOCBRDELBR, bridge->ifname); 810 } 811 812 static int system_bridge_if(const char *bridge, struct device *dev, int cmd, void *data) 813 { 814 struct ifreq ifr; 815 816 memset(&ifr, 0, sizeof(ifr)); 817 if (dev) 818 ifr.ifr_ifindex = dev->ifindex; 819 else 820 ifr.ifr_data = data; 821 strncpy(ifr.ifr_name, bridge, sizeof(ifr.ifr_name) - 1); 822 return ioctl(sock_ioctl, cmd, &ifr); 823 } 824 825 static bool system_is_bridge(const char *name, char *buf, int buflen) 826 { 827 struct stat st; 828 829 snprintf(buf, buflen, "/sys/devices/virtual/net/%s/bridge", name); 830 if (stat(buf, &st) < 0) 831 return false; 832 833 return true; 834 } 835 836 static char *system_get_bridge(const char *name, char *buf, int buflen) 837 { 838 char *path; 839 ssize_t len = -1; 840 glob_t gl; 841 842 snprintf(buf, buflen, "/sys/devices/virtual/net/*/brif/%s/bridge", name); 843 if (glob(buf, GLOB_NOSORT, NULL, &gl) < 0) 844 return NULL; 845 846 if (gl.gl_pathc > 0) 847 len = readlink(gl.gl_pathv[0], buf, buflen); 848 849 globfree(&gl); 850 851 if (len < 0) 852 return NULL; 853 854 buf[len] = 0; 855 path = strrchr(buf, '/'); 856 if (!path) 857 return NULL; 858 859 return path + 1; 860 } 861 862 static void 863 system_bridge_set_wireless(struct device *bridge, struct device *dev) 864 { 865 bool mcast_to_ucast = dev->wireless_ap; 866 bool hairpin = true; 867 868 if (bridge->settings.flags & DEV_OPT_MULTICAST_TO_UNICAST && 869 !bridge->settings.multicast_to_unicast) 870 mcast_to_ucast = false; 871 872 if (!mcast_to_ucast || dev->wireless_isolate) 873 hairpin = false; 874 875 system_bridge_set_multicast_to_unicast(dev, mcast_to_ucast ? "1" : ""); 876 system_bridge_set_hairpin_mode(dev, hairpin ? "1" : ""); 877 } 878 879 int system_bridge_addif(struct device *bridge, struct device *dev) 880 { 881 char buf[64]; 882 char *oldbr; 883 int tries = 0; 884 int ret; 885 886 retry: 887 ret = 0; 888 oldbr = system_get_bridge(dev->ifname, dev_buf, sizeof(dev_buf)); 889 if (!oldbr || strcmp(oldbr, bridge->ifname) != 0) { 890 ret = system_bridge_if(bridge->ifname, dev, SIOCBRADDIF, NULL); 891 tries++; 892 D(SYSTEM, "Failed to add device '%s' to bridge '%s' (tries=%d): %s\n", 893 dev->ifname, bridge->ifname, tries, strerror(errno)); 894 if (tries <= 3) 895 goto retry; 896 } 897 898 if (dev->wireless) 899 system_bridge_set_wireless(bridge, dev); 900 901 if (dev->settings.flags & DEV_OPT_MULTICAST_ROUTER) { 902 snprintf(buf, sizeof(buf), "%u", dev->settings.multicast_router); 903 system_bridge_set_multicast_router(dev, buf, false); 904 } 905 906 if (dev->settings.flags & DEV_OPT_MULTICAST_FAST_LEAVE && 907 dev->settings.multicast_fast_leave) 908 system_bridge_set_multicast_fast_leave(dev, "1"); 909 910 if (dev->settings.flags & DEV_OPT_LEARNING && 911 !dev->settings.learning) 912 system_bridge_set_learning(dev, ""); 913 914 if (dev->settings.flags & DEV_OPT_UNICAST_FLOOD && 915 !dev->settings.unicast_flood) 916 system_bridge_set_unicast_flood(dev, ""); 917 918 if (dev->settings.flags & DEV_OPT_ISOLATE && 919 dev->settings.isolate) 920 system_bridge_set_isolated(dev, "1"); 921 922 return ret; 923 } 924 925 int system_bridge_delif(struct device *bridge, struct device *dev) 926 { 927 return system_bridge_if(bridge->ifname, dev, SIOCBRDELIF, NULL); 928 } 929 930 int system_bridge_vlan(const char *iface, uint16_t vid, bool add, unsigned int vflags) 931 { 932 struct ifinfomsg ifi = { .ifi_family = PF_BRIDGE, }; 933 struct bridge_vlan_info vinfo = { .vid = vid, }; 934 unsigned short flags = 0; 935 struct nlattr *afspec; 936 struct nl_msg *nlm; 937 int ret = 0; 938 939 ifi.ifi_index = if_nametoindex(iface); 940 if (!ifi.ifi_index) 941 return -1; 942 943 nlm = nlmsg_alloc_simple(add ? RTM_SETLINK : RTM_DELLINK, NLM_F_REQUEST); 944 if (!nlm) 945 return -1; 946 947 nlmsg_append(nlm, &ifi, sizeof(ifi), 0); 948 949 if (vflags & BRVLAN_F_SELF) 950 flags |= BRIDGE_FLAGS_SELF; 951 952 if (vflags & BRVLAN_F_PVID) 953 vinfo.flags |= BRIDGE_VLAN_INFO_PVID; 954 955 if (vflags & BRVLAN_F_UNTAGGED) 956 vinfo.flags |= BRIDGE_VLAN_INFO_UNTAGGED; 957 958 afspec = nla_nest_start(nlm, IFLA_AF_SPEC); 959 if (!afspec) { 960 ret = -ENOMEM; 961 goto failure; 962 } 963 964 if (flags) 965 nla_put_u16(nlm, IFLA_BRIDGE_FLAGS, flags); 966 967 nla_put(nlm, IFLA_BRIDGE_VLAN_INFO, sizeof(vinfo), &vinfo); 968 nla_nest_end(nlm, afspec); 969 970 return system_rtnl_call(nlm); 971 972 failure: 973 nlmsg_free(nlm); 974 return ret; 975 } 976 977 int system_if_resolve(struct device *dev) 978 { 979 struct ifreq ifr; 980 981 memset(&ifr, 0, sizeof(ifr)); 982 strncpy(ifr.ifr_name, dev->ifname, sizeof(ifr.ifr_name) - 1); 983 if (!ioctl(sock_ioctl, SIOCGIFINDEX, &ifr)) 984 return ifr.ifr_ifindex; 985 else 986 return 0; 987 } 988 989 static int system_if_flags(const char *ifname, unsigned add, unsigned rem) 990 { 991 struct ifreq ifr; 992 993 memset(&ifr, 0, sizeof(ifr)); 994 strncpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name) - 1); 995 if (ioctl(sock_ioctl, SIOCGIFFLAGS, &ifr) < 0) 996 return -1; 997 998 ifr.ifr_flags |= add; 999 ifr.ifr_flags &= ~rem; 1000 return ioctl(sock_ioctl, SIOCSIFFLAGS, &ifr); 1001 } 1002 1003 struct clear_data { 1004 struct nl_msg *msg; 1005 struct device *dev; 1006 int type; 1007 int size; 1008 int af; 1009 }; 1010 1011 1012 static bool check_ifaddr(struct nlmsghdr *hdr, int ifindex) 1013 { 1014 struct ifaddrmsg *ifa = NLMSG_DATA(hdr); 1015 1016 return ifa->ifa_index == ifindex; 1017 } 1018 1019 static bool check_route(struct nlmsghdr *hdr, int ifindex) 1020 { 1021 struct rtmsg *r = NLMSG_DATA(hdr); 1022 struct nlattr *tb[__RTA_MAX]; 1023 1024 if (r->rtm_protocol == RTPROT_KERNEL && 1025 r->rtm_family == AF_INET6) 1026 return false; 1027 1028 nlmsg_parse(hdr, sizeof(struct rtmsg), tb, __RTA_MAX - 1, NULL); 1029 if (!tb[RTA_OIF]) 1030 return false; 1031 1032 return *(int *)RTA_DATA(tb[RTA_OIF]) == ifindex; 1033 } 1034 1035 static bool check_rule(struct nlmsghdr *hdr, int ifindex) 1036 { 1037 return true; 1038 } 1039 1040 static int cb_clear_event(struct nl_msg *msg, void *arg) 1041 { 1042 struct clear_data *clr = arg; 1043 struct nlmsghdr *hdr = nlmsg_hdr(msg); 1044 bool (*cb)(struct nlmsghdr *, int ifindex); 1045 int type, ret; 1046 1047 switch(clr->type) { 1048 case RTM_GETADDR: 1049 type = RTM_DELADDR; 1050 if (hdr->nlmsg_type != RTM_NEWADDR) 1051 return NL_SKIP; 1052 1053 cb = check_ifaddr; 1054 break; 1055 case RTM_GETROUTE: 1056 type = RTM_DELROUTE; 1057 if (hdr->nlmsg_type != RTM_NEWROUTE) 1058 return NL_SKIP; 1059 1060 cb = check_route; 1061 break; 1062 case RTM_GETRULE: 1063 type = RTM_DELRULE; 1064 if (hdr->nlmsg_type != RTM_NEWRULE) 1065 return NL_SKIP; 1066 1067 cb = check_rule; 1068 break; 1069 default: 1070 return NL_SKIP; 1071 } 1072 1073 if (!cb(hdr, clr->dev ? clr->dev->ifindex : 0)) 1074 return NL_SKIP; 1075 1076 if (type == RTM_DELRULE) 1077 D(SYSTEM, "Remove a rule\n"); 1078 else 1079 D(SYSTEM, "Remove %s from device %s\n", 1080 type == RTM_DELADDR ? "an address" : "a route", 1081 clr->dev->ifname); 1082 1083 memcpy(nlmsg_hdr(clr->msg), hdr, hdr->nlmsg_len); 1084 hdr = nlmsg_hdr(clr->msg); 1085 hdr->nlmsg_type = type; 1086 hdr->nlmsg_flags = NLM_F_REQUEST; 1087 1088 nl_socket_disable_auto_ack(sock_rtnl); 1089 ret = nl_send_auto_complete(sock_rtnl, clr->msg); 1090 if (ret < 0) { 1091 if (type == RTM_DELRULE) 1092 D(SYSTEM, "Error deleting a rule: %d\n", ret); 1093 else 1094 D(SYSTEM, "Error deleting %s from device '%s': %d\n", 1095 type == RTM_DELADDR ? "an address" : "a route", 1096 clr->dev->ifname, ret); 1097 } 1098 1099 nl_socket_enable_auto_ack(sock_rtnl); 1100 1101 return NL_SKIP; 1102 } 1103 1104 static int 1105 cb_finish_event(struct nl_msg *msg, void *arg) 1106 { 1107 int *pending = arg; 1108 *pending = 0; 1109 return NL_STOP; 1110 } 1111 1112 static int 1113 error_handler(struct sockaddr_nl *nla, struct nlmsgerr *err, void *arg) 1114 { 1115 int *pending = arg; 1116 *pending = err->error; 1117 return NL_STOP; 1118 } 1119 1120 static void 1121 system_if_clear_entries(struct device *dev, int type, int af) 1122 { 1123 struct clear_data clr; 1124 struct nl_cb *cb; 1125 struct rtmsg rtm = { 1126 .rtm_family = af, 1127 .rtm_flags = RTM_F_CLONED, 1128 }; 1129 int flags = NLM_F_DUMP; 1130 int pending = 1; 1131 1132 clr.af = af; 1133 clr.dev = dev; 1134 clr.type = type; 1135 switch (type) { 1136 case RTM_GETADDR: 1137 case RTM_GETRULE: 1138 clr.size = sizeof(struct rtgenmsg); 1139 break; 1140 case RTM_GETROUTE: 1141 clr.size = sizeof(struct rtmsg); 1142 break; 1143 default: 1144 return; 1145 } 1146 1147 cb = nl_cb_alloc(NL_CB_DEFAULT); 1148 if (!cb) 1149 return; 1150 1151 clr.msg = nlmsg_alloc_simple(type, flags); 1152 if (!clr.msg) 1153 goto out; 1154 1155 nlmsg_append(clr.msg, &rtm, clr.size, 0); 1156 nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM, cb_clear_event, &clr); 1157 nl_cb_set(cb, NL_CB_FINISH, NL_CB_CUSTOM, cb_finish_event, &pending); 1158 nl_cb_err(cb, NL_CB_CUSTOM, error_handler, &pending); 1159 1160 if (nl_send_auto_complete(sock_rtnl, clr.msg) < 0) 1161 goto free; 1162 1163 while (pending > 0) 1164 nl_recvmsgs(sock_rtnl, cb); 1165 1166 free: 1167 nlmsg_free(clr.msg); 1168 out: 1169 nl_cb_put(cb); 1170 } 1171 1172 /* 1173 * Clear bridge (membership) state and bring down device 1174 */ 1175 void system_if_clear_state(struct device *dev) 1176 { 1177 static char buf[256]; 1178 char *bridge; 1179 device_set_ifindex(dev, system_if_resolve(dev)); 1180 1181 if (dev->external || !dev->ifindex) 1182 return; 1183 1184 system_if_flags(dev->ifname, 0, IFF_UP); 1185 1186 if (system_is_bridge(dev->ifname, buf, sizeof(buf))) { 1187 D(SYSTEM, "Delete existing bridge named '%s'\n", dev->ifname); 1188 system_bridge_delbr(dev); 1189 return; 1190 } 1191 1192 bridge = system_get_bridge(dev->ifname, buf, sizeof(buf)); 1193 if (bridge) { 1194 D(SYSTEM, "Remove device '%s' from bridge '%s'\n", dev->ifname, bridge); 1195 system_bridge_if(bridge, dev, SIOCBRDELIF, NULL); 1196 } 1197 1198 system_if_clear_entries(dev, RTM_GETROUTE, AF_INET); 1199 system_if_clear_entries(dev, RTM_GETADDR, AF_INET); 1200 system_if_clear_entries(dev, RTM_GETROUTE, AF_INET6); 1201 system_if_clear_entries(dev, RTM_GETADDR, AF_INET6); 1202 system_if_clear_entries(dev, RTM_GETNEIGH, AF_INET); 1203 system_if_clear_entries(dev, RTM_GETNEIGH, AF_INET6); 1204 system_set_disable_ipv6(dev, ""); 1205 } 1206 1207 static inline unsigned long 1208 sec_to_jiffies(int val) 1209 { 1210 return (unsigned long) val * 100; 1211 } 1212 1213 static void system_bridge_conf_multicast_deps(struct device *bridge, 1214 struct bridge_config *cfg, 1215 char *buf, 1216 int buf_len) 1217 { 1218 int val; 1219 1220 if (cfg->flags & BRIDGE_OPT_ROBUSTNESS || 1221 cfg->flags & BRIDGE_OPT_QUERY_INTERVAL || 1222 cfg->flags & BRIDGE_OPT_QUERY_RESPONSE_INTERVAL) { 1223 val = cfg->robustness * cfg->query_interval + 1224 cfg->query_response_interval; 1225 1226 snprintf(buf, buf_len, "%i", val); 1227 system_bridge_set_membership_interval(bridge, buf); 1228 1229 val = cfg->robustness * cfg->query_interval + 1230 cfg->query_response_interval / 2; 1231 1232 snprintf(buf, buf_len, "%i", val); 1233 system_bridge_set_other_querier_timeout(bridge, buf); 1234 } 1235 1236 if (cfg->flags & BRIDGE_OPT_QUERY_INTERVAL) { 1237 val = cfg->query_interval / 4; 1238 1239 snprintf(buf, buf_len, "%i", val); 1240 system_bridge_set_startup_query_interval(bridge, buf); 1241 } 1242 } 1243 1244 static void system_bridge_conf_multicast(struct device *bridge, 1245 struct bridge_config *cfg, 1246 char *buf, 1247 int buf_len) 1248 { 1249 system_set_dev_sysctl("/sys/devices/virtual/net/%s/bridge/multicast_snooping", 1250 bridge->ifname, cfg->igmp_snoop ? "1" : ""); 1251 1252 system_set_dev_sysctl("/sys/devices/virtual/net/%s/bridge/multicast_querier", 1253 bridge->ifname, cfg->multicast_querier ? "1" : ""); 1254 1255 snprintf(buf, buf_len, "%i", cfg->hash_max); 1256 system_set_dev_sysctl("/sys/devices/virtual/net/%s/bridge/hash_max", 1257 bridge->ifname, buf); 1258 1259 if (bridge->settings.flags & DEV_OPT_MULTICAST_ROUTER) { 1260 snprintf(buf, buf_len, "%u", bridge->settings.multicast_router); 1261 system_bridge_set_multicast_router(bridge, buf, true); 1262 } 1263 1264 if (cfg->flags & BRIDGE_OPT_ROBUSTNESS) { 1265 snprintf(buf, buf_len, "%i", cfg->robustness); 1266 system_bridge_set_robustness(bridge, buf); 1267 } 1268 1269 if (cfg->flags & BRIDGE_OPT_QUERY_INTERVAL) { 1270 snprintf(buf, buf_len, "%i", cfg->query_interval); 1271 system_bridge_set_query_interval(bridge, buf); 1272 } 1273 1274 if (cfg->flags & BRIDGE_OPT_QUERY_RESPONSE_INTERVAL) { 1275 snprintf(buf, buf_len, "%i", cfg->query_response_interval); 1276 system_bridge_set_query_response_interval(bridge, buf); 1277 } 1278 1279 if (cfg->flags & BRIDGE_OPT_LAST_MEMBER_INTERVAL) { 1280 snprintf(buf, buf_len, "%i", cfg->last_member_interval); 1281 system_bridge_set_last_member_interval(bridge, buf); 1282 } 1283 1284 system_bridge_conf_multicast_deps(bridge, cfg, buf, buf_len); 1285 } 1286 1287 int system_bridge_addbr(struct device *bridge, struct bridge_config *cfg) 1288 { 1289 char buf[64]; 1290 1291 if (ioctl(sock_ioctl, SIOCBRADDBR, bridge->ifname) < 0) 1292 return -1; 1293 1294 system_bridge_set_stp_state(bridge, cfg->stp ? "1" : ""); 1295 1296 snprintf(buf, sizeof(buf), "%lu", sec_to_jiffies(cfg->forward_delay)); 1297 system_bridge_set_forward_delay(bridge, buf); 1298 1299 system_bridge_conf_multicast(bridge, cfg, buf, sizeof(buf)); 1300 system_bridge_set_vlan_filtering(bridge, cfg->vlan_filtering ? "1" : ""); 1301 1302 snprintf(buf, sizeof(buf), "%d", cfg->priority); 1303 system_bridge_set_priority(bridge, buf); 1304 1305 if (cfg->flags & BRIDGE_OPT_AGEING_TIME) { 1306 snprintf(buf, sizeof(buf), "%lu", sec_to_jiffies(cfg->ageing_time)); 1307 system_bridge_set_ageing_time(bridge, buf); 1308 } 1309 1310 if (cfg->flags & BRIDGE_OPT_HELLO_TIME) { 1311 snprintf(buf, sizeof(buf), "%lu", sec_to_jiffies(cfg->hello_time)); 1312 system_bridge_set_hello_time(bridge, buf); 1313 } 1314 1315 if (cfg->flags & BRIDGE_OPT_MAX_AGE) { 1316 snprintf(buf, sizeof(buf), "%lu", sec_to_jiffies(cfg->max_age)); 1317 system_bridge_set_max_age(bridge, buf); 1318 } 1319 1320 return 0; 1321 } 1322 1323 int system_macvlan_add(struct device *macvlan, struct device *dev, struct macvlan_config *cfg) 1324 { 1325 struct nl_msg *msg; 1326 struct nlattr *linkinfo, *data; 1327 struct ifinfomsg iim = { .ifi_family = AF_UNSPEC, }; 1328 int i, rv; 1329 static const struct { 1330 const char *name; 1331 enum macvlan_mode val; 1332 } modes[] = { 1333 { "private", MACVLAN_MODE_PRIVATE }, 1334 { "vepa", MACVLAN_MODE_VEPA }, 1335 { "bridge", MACVLAN_MODE_BRIDGE }, 1336 { "passthru", MACVLAN_MODE_PASSTHRU }, 1337 }; 1338 1339 msg = nlmsg_alloc_simple(RTM_NEWLINK, NLM_F_REQUEST | NLM_F_CREATE | NLM_F_EXCL); 1340 1341 if (!msg) 1342 return -1; 1343 1344 nlmsg_append(msg, &iim, sizeof(iim), 0); 1345 1346 if (cfg->flags & MACVLAN_OPT_MACADDR) 1347 nla_put(msg, IFLA_ADDRESS, sizeof(cfg->macaddr), cfg->macaddr); 1348 nla_put_string(msg, IFLA_IFNAME, macvlan->ifname); 1349 nla_put_u32(msg, IFLA_LINK, dev->ifindex); 1350 1351 if (!(linkinfo = nla_nest_start(msg, IFLA_LINKINFO))) 1352 goto nla_put_failure; 1353 1354 nla_put_string(msg, IFLA_INFO_KIND, "macvlan"); 1355 1356 if (!(data = nla_nest_start(msg, IFLA_INFO_DATA))) 1357 goto nla_put_failure; 1358 1359 if (cfg->mode) { 1360 for (i = 0; i < ARRAY_SIZE(modes); i++) { 1361 if (strcmp(cfg->mode, modes[i].name) != 0) 1362 continue; 1363 1364 nla_put_u32(msg, IFLA_MACVLAN_MODE, modes[i].val); 1365 break; 1366 } 1367 } 1368 1369 nla_nest_end(msg, data); 1370 nla_nest_end(msg, linkinfo); 1371 1372 rv = system_rtnl_call(msg); 1373 if (rv) 1374 D(SYSTEM, "Error adding macvlan '%s' over '%s': %d\n", macvlan->ifname, dev->ifname, rv); 1375 1376 return rv; 1377 1378 nla_put_failure: 1379 nlmsg_free(msg); 1380 return -ENOMEM; 1381 } 1382 1383 int system_link_netns_move(struct device *dev, int netns_fd, const char *target_ifname) 1384 { 1385 struct nl_msg *msg; 1386 struct ifinfomsg iim = { 1387 .ifi_family = AF_UNSPEC, 1388 }; 1389 1390 if (!dev) 1391 return -1; 1392 1393 iim.ifi_index = system_if_resolve(dev); 1394 msg = nlmsg_alloc_simple(RTM_NEWLINK, NLM_F_REQUEST); 1395 1396 if (!msg) 1397 return -1; 1398 1399 nlmsg_append(msg, &iim, sizeof(iim), 0); 1400 if (target_ifname) 1401 nla_put_string(msg, IFLA_IFNAME, target_ifname); 1402 1403 nla_put_u32(msg, IFLA_NET_NS_FD, netns_fd); 1404 return system_rtnl_call(msg); 1405 } 1406 1407 static int system_link_del(const char *ifname) 1408 { 1409 struct nl_msg *msg; 1410 struct ifinfomsg iim = { 1411 .ifi_family = AF_UNSPEC, 1412 .ifi_index = 0, 1413 }; 1414 1415 msg = nlmsg_alloc_simple(RTM_DELLINK, NLM_F_REQUEST); 1416 1417 if (!msg) 1418 return -1; 1419 1420 nlmsg_append(msg, &iim, sizeof(iim), 0); 1421 nla_put_string(msg, IFLA_IFNAME, ifname); 1422 return system_rtnl_call(msg); 1423 } 1424 1425 int system_macvlan_del(struct device *macvlan) 1426 { 1427 return system_link_del(macvlan->ifname); 1428 } 1429 1430 int system_netns_open(const pid_t target_ns) 1431 { 1432 char pid_net_path[PATH_MAX]; 1433 1434 snprintf(pid_net_path, sizeof(pid_net_path), "/proc/%u/ns/net", target_ns); 1435 1436 return open(pid_net_path, O_RDONLY); 1437 } 1438 1439 int system_netns_set(int netns_fd) 1440 { 1441 return setns(netns_fd, CLONE_NEWNET); 1442 } 1443 1444 int system_veth_add(struct device *veth, struct veth_config *cfg) 1445 { 1446 struct nl_msg *msg; 1447 struct ifinfomsg empty_iim = {}; 1448 struct nlattr *linkinfo, *data, *veth_info; 1449 int rv; 1450 1451 msg = nlmsg_alloc_simple(RTM_NEWLINK, NLM_F_REQUEST | NLM_F_CREATE | NLM_F_EXCL); 1452 1453 if (!msg) 1454 return -1; 1455 1456 nlmsg_append(msg, &empty_iim, sizeof(empty_iim), 0); 1457 1458 if (cfg->flags & VETH_OPT_MACADDR) 1459 nla_put(msg, IFLA_ADDRESS, sizeof(cfg->macaddr), cfg->macaddr); 1460 nla_put_string(msg, IFLA_IFNAME, veth->ifname); 1461 1462 if (!(linkinfo = nla_nest_start(msg, IFLA_LINKINFO))) 1463 goto nla_put_failure; 1464 1465 nla_put_string(msg, IFLA_INFO_KIND, "veth"); 1466 1467 if (!(data = nla_nest_start(msg, IFLA_INFO_DATA))) 1468 goto nla_put_failure; 1469 1470 if (!(veth_info = nla_nest_start(msg, VETH_INFO_PEER))) 1471 goto nla_put_failure; 1472 1473 nlmsg_append(msg, &empty_iim, sizeof(empty_iim), 0); 1474 1475 if (cfg->flags & VETH_OPT_PEER_NAME) 1476 nla_put_string(msg, IFLA_IFNAME, cfg->peer_name); 1477 if (cfg->flags & VETH_OPT_PEER_MACADDR) 1478 nla_put(msg, IFLA_ADDRESS, sizeof(cfg->peer_macaddr), cfg->peer_macaddr); 1479 1480 nla_nest_end(msg, veth_info); 1481 nla_nest_end(msg, data); 1482 nla_nest_end(msg, linkinfo); 1483 1484 rv = system_rtnl_call(msg); 1485 if (rv) { 1486 if (cfg->flags & VETH_OPT_PEER_NAME) 1487 D(SYSTEM, "Error adding veth '%s' with peer '%s': %d\n", veth->ifname, cfg->peer_name, rv); 1488 else 1489 D(SYSTEM, "Error adding veth '%s': %d\n", veth->ifname, rv); 1490 } 1491 1492 return rv; 1493 1494 nla_put_failure: 1495 nlmsg_free(msg); 1496 return -ENOMEM; 1497 } 1498 1499 int system_veth_del(struct device *veth) 1500 { 1501 return system_link_del(veth->ifname); 1502 } 1503 1504 static int system_vlan(struct device *dev, int id) 1505 { 1506 struct vlan_ioctl_args ifr = { 1507 .cmd = SET_VLAN_NAME_TYPE_CMD, 1508 .u.name_type = VLAN_NAME_TYPE_RAW_PLUS_VID_NO_PAD, 1509 }; 1510 1511 if (ioctl(sock_ioctl, SIOCSIFVLAN, &ifr) < 0) 1512 return -1; 1513 1514 if (id < 0) { 1515 ifr.cmd = DEL_VLAN_CMD; 1516 ifr.u.VID = 0; 1517 } else { 1518 ifr.cmd = ADD_VLAN_CMD; 1519 ifr.u.VID = id; 1520 } 1521 strncpy(ifr.device1, dev->ifname, sizeof(ifr.device1)); 1522 return ioctl(sock_ioctl, SIOCSIFVLAN, &ifr); 1523 } 1524 1525 int system_vlan_add(struct device *dev, int id) 1526 { 1527 return system_vlan(dev, id); 1528 } 1529 1530 int system_vlan_del(struct device *dev) 1531 { 1532 return system_vlan(dev, -1); 1533 } 1534 1535 int system_vlandev_add(struct device *vlandev, struct device *dev, struct vlandev_config *cfg) 1536 { 1537 struct nl_msg *msg; 1538 struct nlattr *linkinfo, *data, *qos; 1539 struct ifinfomsg iim = { .ifi_family = AF_UNSPEC }; 1540 struct vlan_qos_mapping *elem; 1541 struct ifla_vlan_qos_mapping nl_qos_map; 1542 int rv; 1543 1544 msg = nlmsg_alloc_simple(RTM_NEWLINK, NLM_F_REQUEST | NLM_F_CREATE | NLM_F_EXCL); 1545 1546 if (!msg) 1547 return -1; 1548 1549 nlmsg_append(msg, &iim, sizeof(iim), 0); 1550 nla_put_string(msg, IFLA_IFNAME, vlandev->ifname); 1551 nla_put_u32(msg, IFLA_LINK, dev->ifindex); 1552 1553 if (!(linkinfo = nla_nest_start(msg, IFLA_LINKINFO))) 1554 goto nla_put_failure; 1555 1556 nla_put_string(msg, IFLA_INFO_KIND, "vlan"); 1557 1558 if (!(data = nla_nest_start(msg, IFLA_INFO_DATA))) 1559 goto nla_put_failure; 1560 1561 nla_put_u16(msg, IFLA_VLAN_ID, cfg->vid); 1562 1563 #if LINUX_VERSION_CODE >= KERNEL_VERSION(3,10,0) 1564 nla_put_u16(msg, IFLA_VLAN_PROTOCOL, htons(cfg->proto)); 1565 #else 1566 if(cfg->proto == VLAN_PROTO_8021AD) 1567 netifd_log_message(L_WARNING, "%s Your kernel is older than linux 3.10.0, 802.1ad is not supported defaulting to 802.1q", vlandev->type->name); 1568 #endif 1569 1570 if (!(qos = nla_nest_start(msg, IFLA_VLAN_INGRESS_QOS))) 1571 goto nla_put_failure; 1572 1573 vlist_simple_for_each_element(&cfg->ingress_qos_mapping_list, elem, node) { 1574 nl_qos_map.from = elem->from; 1575 nl_qos_map.to = elem->to; 1576 nla_put(msg, IFLA_VLAN_QOS_MAPPING, sizeof(nl_qos_map), &nl_qos_map); 1577 } 1578 nla_nest_end(msg, qos); 1579 1580 if (!(qos = nla_nest_start(msg, IFLA_VLAN_EGRESS_QOS))) 1581 goto nla_put_failure; 1582 1583 vlist_simple_for_each_element(&cfg->egress_qos_mapping_list, elem, node) { 1584 nl_qos_map.from = elem->from; 1585 nl_qos_map.to = elem->to; 1586 nla_put(msg, IFLA_VLAN_QOS_MAPPING, sizeof(nl_qos_map), &nl_qos_map); 1587 } 1588 nla_nest_end(msg, qos); 1589 1590 nla_nest_end(msg, data); 1591 nla_nest_end(msg, linkinfo); 1592 1593 rv = system_rtnl_call(msg); 1594 if (rv) 1595 D(SYSTEM, "Error adding vlandev '%s' over '%s': %d\n", vlandev->ifname, dev->ifname, rv); 1596 1597 return rv; 1598 1599 nla_put_failure: 1600 nlmsg_free(msg); 1601 return -ENOMEM; 1602 } 1603 1604 int system_vlandev_del(struct device *vlandev) 1605 { 1606 return system_link_del(vlandev->ifname); 1607 } 1608 1609 void 1610 system_if_get_settings(struct device *dev, struct device_settings *s) 1611 { 1612 struct ifreq ifr; 1613 char buf[10]; 1614 1615 memset(&ifr, 0, sizeof(ifr)); 1616 strncpy(ifr.ifr_name, dev->ifname, sizeof(ifr.ifr_name) - 1); 1617 1618 if (ioctl(sock_ioctl, SIOCGIFMTU, &ifr) == 0) { 1619 s->mtu = ifr.ifr_mtu; 1620 s->flags |= DEV_OPT_MTU; 1621 } 1622 1623 s->mtu6 = system_update_ipv6_mtu(dev, 0); 1624 if (s->mtu6 > 0) 1625 s->flags |= DEV_OPT_MTU6; 1626 1627 if (ioctl(sock_ioctl, SIOCGIFTXQLEN, &ifr) == 0) { 1628 s->txqueuelen = ifr.ifr_qlen; 1629 s->flags |= DEV_OPT_TXQUEUELEN; 1630 } 1631 1632 if (ioctl(sock_ioctl, SIOCGIFHWADDR, &ifr) == 0) { 1633 memcpy(s->macaddr, &ifr.ifr_hwaddr.sa_data, sizeof(s->macaddr)); 1634 s->flags |= DEV_OPT_MACADDR; 1635 } 1636 1637 if (!system_get_disable_ipv6(dev, buf, sizeof(buf))) { 1638 s->ipv6 = !strtoul(buf, NULL, 0); 1639 s->flags |= DEV_OPT_IPV6; 1640 } 1641 1642 if (!system_get_ip6segmentrouting(dev, buf, sizeof(buf))) { 1643 s->ip6segmentrouting = strtoul(buf, NULL, 0); 1644 s->flags |= DEV_OPT_IP6SEGMENTROUTING; 1645 } 1646 1647 if (ioctl(sock_ioctl, SIOCGIFFLAGS, &ifr) == 0) { 1648 s->promisc = ifr.ifr_flags & IFF_PROMISC; 1649 s->flags |= DEV_OPT_PROMISC; 1650 1651 s->multicast = ifr.ifr_flags & IFF_MULTICAST; 1652 s->flags |= DEV_OPT_MULTICAST; 1653 } 1654 1655 if (!system_get_rpfilter(dev, buf, sizeof(buf))) { 1656 s->rpfilter = strtoul(buf, NULL, 0); 1657 s->flags |= DEV_OPT_RPFILTER; 1658 } 1659 1660 if (!system_get_acceptlocal(dev, buf, sizeof(buf))) { 1661 s->acceptlocal = strtoul(buf, NULL, 0); 1662 s->flags |= DEV_OPT_ACCEPTLOCAL; 1663 } 1664 1665 if (!system_get_igmpversion(dev, buf, sizeof(buf))) { 1666 s->igmpversion = strtoul(buf, NULL, 0); 1667 s->flags |= DEV_OPT_IGMPVERSION; 1668 } 1669 1670 if (!system_get_mldversion(dev, buf, sizeof(buf))) { 1671 s->mldversion = strtoul(buf, NULL, 0); 1672 s->flags |= DEV_OPT_MLDVERSION; 1673 } 1674 1675 if (!system_get_neigh4reachabletime(dev, buf, sizeof(buf))) { 1676 s->neigh4reachabletime = strtoul(buf, NULL, 0); 1677 s->flags |= DEV_OPT_NEIGHREACHABLETIME; 1678 } 1679 1680 if (!system_get_neigh6reachabletime(dev, buf, sizeof(buf))) { 1681 s->neigh6reachabletime = strtoul(buf, NULL, 0); 1682 s->flags |= DEV_OPT_NEIGHREACHABLETIME; 1683 } 1684 1685 if (!system_get_neigh4locktime(dev, buf, sizeof(buf))) { 1686 s->neigh4locktime = strtol(buf, NULL, 0); 1687 s->flags |= DEV_OPT_NEIGHLOCKTIME; 1688 } 1689 1690 if (!system_get_neigh4gcstaletime(dev, buf, sizeof(buf))) { 1691 s->neigh4gcstaletime = strtoul(buf, NULL, 0); 1692 s->flags |= DEV_OPT_NEIGHGCSTALETIME; 1693 } 1694 1695 if (!system_get_neigh6gcstaletime(dev, buf, sizeof(buf))) { 1696 s->neigh6gcstaletime = strtoul(buf, NULL, 0); 1697 s->flags |= DEV_OPT_NEIGHGCSTALETIME; 1698 } 1699 1700 if (!system_get_dadtransmits(dev, buf, sizeof(buf))) { 1701 s->dadtransmits = strtoul(buf, NULL, 0); 1702 s->flags |= DEV_OPT_DADTRANSMITS; 1703 } 1704 1705 if (!system_get_sendredirects(dev, buf, sizeof(buf))) { 1706 s->sendredirects = strtoul(buf, NULL, 0); 1707 s->flags |= DEV_OPT_SENDREDIRECTS; 1708 } 1709 1710 if (!system_get_drop_v4_unicast_in_l2_multicast(dev, buf, sizeof(buf))) { 1711 s->drop_v4_unicast_in_l2_multicast = strtoul(buf, NULL, 0); 1712 s->flags |= DEV_OPT_DROP_V4_UNICAST_IN_L2_MULTICAST; 1713 } 1714 1715 if (!system_get_drop_v6_unicast_in_l2_multicast(dev, buf, sizeof(buf))) { 1716 s->drop_v6_unicast_in_l2_multicast = strtoul(buf, NULL, 0); 1717 s->flags |= DEV_OPT_DROP_V6_UNICAST_IN_L2_MULTICAST; 1718 } 1719 1720 if (!system_get_drop_gratuitous_arp(dev, buf, sizeof(buf))) { 1721 s->drop_gratuitous_arp = strtoul(buf, NULL, 0); 1722 s->flags |= DEV_OPT_DROP_GRATUITOUS_ARP; 1723 } 1724 1725 if (!system_get_drop_unsolicited_na(dev, buf, sizeof(buf))) { 1726 s->drop_unsolicited_na = strtoul(buf, NULL, 0); 1727 s->flags |= DEV_OPT_DROP_UNSOLICITED_NA; 1728 } 1729 1730 if (!system_get_arp_accept(dev, buf, sizeof(buf))) { 1731 s->arp_accept = strtoul(buf, NULL, 0); 1732 s->flags |= DEV_OPT_ARP_ACCEPT; 1733 } 1734 } 1735 1736 void 1737 system_if_apply_settings(struct device *dev, struct device_settings *s, unsigned int apply_mask) 1738 { 1739 struct ifreq ifr; 1740 char buf[12]; 1741 1742 apply_mask &= s->flags; 1743 1744 memset(&ifr, 0, sizeof(ifr)); 1745 strncpy(ifr.ifr_name, dev->ifname, sizeof(ifr.ifr_name) - 1); 1746 if (apply_mask & DEV_OPT_MTU) { 1747 ifr.ifr_mtu = s->mtu; 1748 if (ioctl(sock_ioctl, SIOCSIFMTU, &ifr) < 0) 1749 s->flags &= ~DEV_OPT_MTU; 1750 } 1751 if (apply_mask & DEV_OPT_MTU6) { 1752 system_update_ipv6_mtu(dev, s->mtu6); 1753 } 1754 if (apply_mask & DEV_OPT_TXQUEUELEN) { 1755 ifr.ifr_qlen = s->txqueuelen; 1756 if (ioctl(sock_ioctl, SIOCSIFTXQLEN, &ifr) < 0) 1757 s->flags &= ~DEV_OPT_TXQUEUELEN; 1758 } 1759 if ((apply_mask & (DEV_OPT_MACADDR | DEV_OPT_DEFAULT_MACADDR)) && !dev->external) { 1760 ifr.ifr_hwaddr.sa_family = ARPHRD_ETHER; 1761 memcpy(&ifr.ifr_hwaddr.sa_data, s->macaddr, sizeof(s->macaddr)); 1762 if (ioctl(sock_ioctl, SIOCSIFHWADDR, &ifr) < 0) 1763 s->flags &= ~DEV_OPT_MACADDR; 1764 } 1765 if (apply_mask & DEV_OPT_IPV6) 1766 system_set_disable_ipv6(dev, s->ipv6 ? "" : "1"); 1767 if (s->flags & DEV_OPT_IP6SEGMENTROUTING & apply_mask) { 1768 struct device dummy = { 1769 .ifname = "all", 1770 }; 1771 bool ip6segmentrouting = device_check_ip6segmentrouting(); 1772 1773 system_set_ip6segmentrouting(dev, s->ip6segmentrouting ? "1" : ""); 1774 system_set_ip6segmentrouting(&dummy, ip6segmentrouting ? "1" : ""); 1775 } 1776 if (apply_mask & DEV_OPT_PROMISC) { 1777 if (system_if_flags(dev->ifname, s->promisc ? IFF_PROMISC : 0, 1778 !s->promisc ? IFF_PROMISC : 0) < 0) 1779 s->flags &= ~DEV_OPT_PROMISC; 1780 } 1781 if (apply_mask & DEV_OPT_RPFILTER) { 1782 snprintf(buf, sizeof(buf), "%u", s->rpfilter); 1783 system_set_rpfilter(dev, buf); 1784 } 1785 if (apply_mask & DEV_OPT_ACCEPTLOCAL) 1786 system_set_acceptlocal(dev, s->acceptlocal ? "1" : ""); 1787 if (apply_mask & DEV_OPT_IGMPVERSION) { 1788 snprintf(buf, sizeof(buf), "%u", s->igmpversion); 1789 system_set_igmpversion(dev, buf); 1790 } 1791 if (apply_mask & DEV_OPT_MLDVERSION) { 1792 snprintf(buf, sizeof(buf), "%u", s->mldversion); 1793 system_set_mldversion(dev, buf); 1794 } 1795 if (apply_mask & DEV_OPT_NEIGHREACHABLETIME) { 1796 snprintf(buf, sizeof(buf), "%u", s->neigh4reachabletime); 1797 system_set_neigh4reachabletime(dev, buf); 1798 snprintf(buf, sizeof(buf), "%u", s->neigh6reachabletime); 1799 system_set_neigh6reachabletime(dev, buf); 1800 } 1801 if (apply_mask & DEV_OPT_NEIGHLOCKTIME) { 1802 snprintf(buf, sizeof(buf), "%d", s->neigh4locktime); 1803 system_set_neigh4locktime(dev, buf); 1804 } 1805 if (apply_mask & DEV_OPT_NEIGHGCSTALETIME) { 1806 snprintf(buf, sizeof(buf), "%u", s->neigh4gcstaletime); 1807 system_set_neigh4gcstaletime(dev, buf); 1808 snprintf(buf, sizeof(buf), "%u", s->neigh6gcstaletime); 1809 system_set_neigh6gcstaletime(dev, buf); 1810 } 1811 if (apply_mask & DEV_OPT_DADTRANSMITS) { 1812 snprintf(buf, sizeof(buf), "%u", s->dadtransmits); 1813 system_set_dadtransmits(dev, buf); 1814 } 1815 if (apply_mask & DEV_OPT_MULTICAST) { 1816 if (system_if_flags(dev->ifname, s->multicast ? IFF_MULTICAST : 0, 1817 !s->multicast ? IFF_MULTICAST : 0) < 0) 1818 s->flags &= ~DEV_OPT_MULTICAST; 1819 } 1820 if (apply_mask & DEV_OPT_SENDREDIRECTS) 1821 system_set_sendredirects(dev, s->sendredirects ? "1" : ""); 1822 if (apply_mask & DEV_OPT_DROP_V4_UNICAST_IN_L2_MULTICAST) 1823 system_set_drop_v4_unicast_in_l2_multicast(dev, s->drop_v4_unicast_in_l2_multicast ? "1" : ""); 1824 if (apply_mask & DEV_OPT_DROP_V6_UNICAST_IN_L2_MULTICAST) 1825 system_set_drop_v6_unicast_in_l2_multicast(dev, s->drop_v6_unicast_in_l2_multicast ? "1" : ""); 1826 if (apply_mask & DEV_OPT_DROP_GRATUITOUS_ARP) 1827 system_set_drop_gratuitous_arp(dev, s->drop_gratuitous_arp ? "1" : ""); 1828 if (apply_mask & DEV_OPT_DROP_UNSOLICITED_NA) 1829 system_set_drop_unsolicited_na(dev, s->drop_unsolicited_na ? "1" : ""); 1830 if (apply_mask & DEV_OPT_ARP_ACCEPT) 1831 system_set_arp_accept(dev, s->arp_accept ? "1" : ""); 1832 } 1833 1834 int system_if_up(struct device *dev) 1835 { 1836 return system_if_flags(dev->ifname, IFF_UP, 0); 1837 } 1838 1839 int system_if_down(struct device *dev) 1840 { 1841 return system_if_flags(dev->ifname, 0, IFF_UP); 1842 } 1843 1844 struct if_check_data { 1845 struct device *dev; 1846 int pending; 1847 int ret; 1848 }; 1849 1850 #ifndef IFF_LOWER_UP 1851 #define IFF_LOWER_UP 0x10000 1852 #endif 1853 1854 static int cb_if_check_valid(struct nl_msg *msg, void *arg) 1855 { 1856 struct nlmsghdr *nh = nlmsg_hdr(msg); 1857 struct ifinfomsg *ifi = NLMSG_DATA(nh); 1858 struct if_check_data *chk = (struct if_check_data *)arg; 1859 1860 if (nh->nlmsg_type != RTM_NEWLINK) 1861 return NL_SKIP; 1862 1863 if (chk->dev->type == &simple_device_type) 1864 device_set_present(chk->dev, ifi->ifi_index > 0 ? true : false); 1865 device_set_link(chk->dev, ifi->ifi_flags & IFF_LOWER_UP ? true : false); 1866 1867 return NL_OK; 1868 } 1869 1870 static int cb_if_check_ack(struct nl_msg *msg, void *arg) 1871 { 1872 struct if_check_data *chk = (struct if_check_data *)arg; 1873 chk->pending = 0; 1874 return NL_STOP; 1875 } 1876 1877 static int cb_if_check_error(struct sockaddr_nl *nla, struct nlmsgerr *err, void *arg) 1878 { 1879 struct if_check_data *chk = (struct if_check_data *)arg; 1880 1881 if (chk->dev->type == &simple_device_type) 1882 device_set_present(chk->dev, false); 1883 device_set_link(chk->dev, false); 1884 chk->pending = err->error; 1885 1886 return NL_STOP; 1887 } 1888 1889 int system_if_check(struct device *dev) 1890 { 1891 struct nl_cb *cb = nl_cb_alloc(NL_CB_DEFAULT); 1892 struct nl_msg *msg; 1893 struct ifinfomsg ifi = { 1894 .ifi_family = AF_UNSPEC, 1895 .ifi_index = 0, 1896 }; 1897 struct if_check_data chk = { 1898 .dev = dev, 1899 .pending = 1, 1900 }; 1901 int ret = 1; 1902 1903 if (!cb) 1904 return ret; 1905 1906 msg = nlmsg_alloc_simple(RTM_GETLINK, 0); 1907 if (!msg) 1908 goto out; 1909 1910 if (nlmsg_append(msg, &ifi, sizeof(ifi), 0) || 1911 nla_put_string(msg, IFLA_IFNAME, dev->ifname)) 1912 goto free; 1913 1914 nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM, cb_if_check_valid, &chk); 1915 nl_cb_set(cb, NL_CB_ACK, NL_CB_CUSTOM, cb_if_check_ack, &chk); 1916 nl_cb_err(cb, NL_CB_CUSTOM, cb_if_check_error, &chk); 1917 1918 ret = nl_send_auto_complete(sock_rtnl, msg); 1919 if (ret < 0) 1920 goto free; 1921 1922 while (chk.pending > 0) 1923 nl_recvmsgs(sock_rtnl, cb); 1924 1925 ret = chk.pending; 1926 1927 free: 1928 nlmsg_free(msg); 1929 out: 1930 nl_cb_put(cb); 1931 return ret; 1932 } 1933 1934 struct device * 1935 system_if_get_parent(struct device *dev) 1936 { 1937 char buf[64], *devname; 1938 int ifindex, iflink, len; 1939 FILE *f; 1940 1941 snprintf(buf, sizeof(buf), "/sys/class/net/%s/iflink", dev->ifname); 1942 f = fopen(buf, "r"); 1943 if (!f) 1944 return NULL; 1945 1946 len = fread(buf, 1, sizeof(buf) - 1, f); 1947 fclose(f); 1948 1949 if (len <= 0) 1950 return NULL; 1951 1952 buf[len] = 0; 1953 iflink = strtoul(buf, NULL, 0); 1954 ifindex = system_if_resolve(dev); 1955 if (!iflink || iflink == ifindex) 1956 return NULL; 1957 1958 devname = if_indextoname(iflink, buf); 1959 if (!devname) 1960 return NULL; 1961 1962 return device_get(devname, true); 1963 } 1964 1965 static bool 1966 read_string_file(int dir_fd, const char *file, char *buf, int len) 1967 { 1968 bool ret = false; 1969 char *c; 1970 int fd; 1971 1972 fd = openat(dir_fd, file, O_RDONLY); 1973 if (fd < 0) 1974 return false; 1975 1976 retry: 1977 len = read(fd, buf, len - 1); 1978 if (len < 0) { 1979 if (errno == EINTR) 1980 goto retry; 1981 } else if (len > 0) { 1982 buf[len] = 0; 1983 1984 c = strchr(buf, '\n'); 1985 if (c) 1986 *c = 0; 1987 1988 ret = true; 1989 } 1990 1991 close(fd); 1992 1993 return ret; 1994 } 1995 1996 static bool 1997 read_uint64_file(int dir_fd, const char *file, uint64_t *val) 1998 { 1999 char buf[64]; 2000 bool ret = false; 2001 2002 ret = read_string_file(dir_fd, file, buf, sizeof(buf)); 2003 if (ret) 2004 *val = strtoull(buf, NULL, 0); 2005 2006 return ret; 2007 } 2008 2009 /* Assume advertised flags == supported flags */ 2010 static const struct { 2011 uint32_t mask; 2012 const char *name; 2013 } ethtool_link_modes[] = { 2014 { ADVERTISED_10baseT_Half, "10baseT-H" }, 2015 { ADVERTISED_10baseT_Full, "10baseT-F" }, 2016 { ADVERTISED_100baseT_Half, "100baseT-H" }, 2017 { ADVERTISED_100baseT_Full, "100baseT-F" }, 2018 { ADVERTISED_1000baseT_Half, "1000baseT-H" }, 2019 { ADVERTISED_1000baseT_Full, "1000baseT-F" }, 2020 { ADVERTISED_1000baseKX_Full, "1000baseKX-F" }, 2021 { ADVERTISED_2500baseX_Full, "2500baseX-F" }, 2022 { ADVERTISED_10000baseT_Full, "10000baseT-F" }, 2023 { ADVERTISED_10000baseKX4_Full, "10000baseKX4-F" }, 2024 { ADVERTISED_10000baseKR_Full, "10000baseKR-F" }, 2025 { ADVERTISED_20000baseMLD2_Full, "20000baseMLD2-F" }, 2026 { ADVERTISED_20000baseKR2_Full, "20000baseKR2-F" }, 2027 { ADVERTISED_40000baseKR4_Full, "40000baseKR4-F" }, 2028 { ADVERTISED_40000baseCR4_Full, "40000baseCR4-F" }, 2029 { ADVERTISED_40000baseSR4_Full, "40000baseSR4-F" }, 2030 { ADVERTISED_40000baseLR4_Full, "40000baseLR4-F" }, 2031 #ifdef ADVERTISED_56000baseKR4_Full 2032 { ADVERTISED_56000baseKR4_Full, "56000baseKR4-F" }, 2033 { ADVERTISED_56000baseCR4_Full, "56000baseCR4-F" }, 2034 { ADVERTISED_56000baseSR4_Full, "56000baseSR4-F" }, 2035 { ADVERTISED_56000baseLR4_Full, "56000baseLR4-F" }, 2036 #endif 2037 }; 2038 2039 static void system_add_link_modes(struct blob_buf *b, __u32 mask) 2040 { 2041 int i; 2042 for (i = 0; i < ARRAY_SIZE(ethtool_link_modes); i++) { 2043 if (mask & ethtool_link_modes[i].mask) 2044 blobmsg_add_string(b, NULL, ethtool_link_modes[i].name); 2045 } 2046 } 2047 2048 bool 2049 system_if_force_external(const char *ifname) 2050 { 2051 char buf[64]; 2052 struct stat s; 2053 2054 snprintf(buf, sizeof(buf), "/sys/class/net/%s/phy80211", ifname); 2055 return stat(buf, &s) == 0; 2056 } 2057 2058 int 2059 system_if_dump_info(struct device *dev, struct blob_buf *b) 2060 { 2061 struct ethtool_cmd ecmd; 2062 struct ifreq ifr; 2063 char *s; 2064 void *c; 2065 2066 memset(&ecmd, 0, sizeof(ecmd)); 2067 memset(&ifr, 0, sizeof(ifr)); 2068 strncpy(ifr.ifr_name, dev->ifname, sizeof(ifr.ifr_name) - 1); 2069 ifr.ifr_data = (caddr_t) &ecmd; 2070 ecmd.cmd = ETHTOOL_GSET; 2071 2072 if (ioctl(sock_ioctl, SIOCETHTOOL, &ifr) == 0) { 2073 c = blobmsg_open_array(b, "link-advertising"); 2074 system_add_link_modes(b, ecmd.advertising); 2075 blobmsg_close_array(b, c); 2076 2077 c = blobmsg_open_array(b, "link-partner-advertising"); 2078 system_add_link_modes(b, ecmd.lp_advertising); 2079 blobmsg_close_array(b, c); 2080 2081 c = blobmsg_open_array(b, "link-supported"); 2082 system_add_link_modes(b, ecmd.supported); 2083 blobmsg_close_array(b, c); 2084 2085 s = blobmsg_alloc_string_buffer(b, "speed", 8); 2086 snprintf(s, 8, "%d%c", ethtool_cmd_speed(&ecmd), 2087 ecmd.duplex == DUPLEX_HALF ? 'H' : 'F'); 2088 blobmsg_add_string_buffer(b); 2089 2090 blobmsg_add_u8(b, "autoneg", !!ecmd.autoneg); 2091 } 2092 2093 return 0; 2094 } 2095 2096 int 2097 system_if_dump_stats(struct device *dev, struct blob_buf *b) 2098 { 2099 const char *const counters[] = { 2100 "collisions", "rx_frame_errors", "tx_compressed", 2101 "multicast", "rx_length_errors", "tx_dropped", 2102 "rx_bytes", "rx_missed_errors", "tx_errors", 2103 "rx_compressed", "rx_over_errors", "tx_fifo_errors", 2104 "rx_crc_errors", "rx_packets", "tx_heartbeat_errors", 2105 "rx_dropped", "tx_aborted_errors", "tx_packets", 2106 "rx_errors", "tx_bytes", "tx_window_errors", 2107 "rx_fifo_errors", "tx_carrier_errors", 2108 }; 2109 char buf[64]; 2110 int stats_dir; 2111 int i; 2112 uint64_t val = 0; 2113 2114 snprintf(buf, sizeof(buf), "/sys/class/net/%s/statistics", dev->ifname); 2115 stats_dir = open(buf, O_DIRECTORY); 2116 if (stats_dir < 0) 2117 return -1; 2118 2119 for (i = 0; i < ARRAY_SIZE(counters); i++) 2120 if (read_uint64_file(stats_dir, counters[i], &val)) 2121 blobmsg_add_u64(b, counters[i], val); 2122 2123 close(stats_dir); 2124 return 0; 2125 } 2126 2127 static int system_addr(struct device *dev, struct device_addr *addr, int cmd) 2128 { 2129 bool v4 = ((addr->flags & DEVADDR_FAMILY) == DEVADDR_INET4); 2130 int alen = v4 ? 4 : 16; 2131 unsigned int flags = 0; 2132 struct ifaddrmsg ifa = { 2133 .ifa_family = (alen == 4) ? AF_INET : AF_INET6, 2134 .ifa_prefixlen = addr->mask, 2135 .ifa_index = dev->ifindex, 2136 }; 2137 2138 struct nl_msg *msg; 2139 if (cmd == RTM_NEWADDR) 2140 flags |= NLM_F_CREATE | NLM_F_REPLACE; 2141 2142 msg = nlmsg_alloc_simple(cmd, flags); 2143 if (!msg) 2144 return -1; 2145 2146 nlmsg_append(msg, &ifa, sizeof(ifa), 0); 2147 nla_put(msg, IFA_LOCAL, alen, &addr->addr); 2148 if (v4) { 2149 if (addr->broadcast) 2150 nla_put_u32(msg, IFA_BROADCAST, addr->broadcast); 2151 if (addr->point_to_point) 2152 nla_put_u32(msg, IFA_ADDRESS, addr->point_to_point); 2153 } else { 2154 time_t now = system_get_rtime(); 2155 struct ifa_cacheinfo cinfo = {0xffffffffU, 0xffffffffU, 0, 0}; 2156 2157 if (addr->preferred_until) { 2158 int64_t preferred = addr->preferred_until - now; 2159 if (preferred < 0) 2160 preferred = 0; 2161 else if (preferred > UINT32_MAX) 2162 preferred = UINT32_MAX; 2163 2164 cinfo.ifa_prefered = preferred; 2165 } 2166 2167 if (addr->valid_until) { 2168 int64_t valid = addr->valid_until - now; 2169 if (valid <= 0) { 2170 nlmsg_free(msg); 2171 return -1; 2172 } 2173 else if (valid > UINT32_MAX) 2174 valid = UINT32_MAX; 2175 2176 cinfo.ifa_valid = valid; 2177 } 2178 2179 nla_put(msg, IFA_CACHEINFO, sizeof(cinfo), &cinfo); 2180 2181 if (cmd == RTM_NEWADDR && (addr->flags & DEVADDR_OFFLINK)) 2182 nla_put_u32(msg, IFA_FLAGS, IFA_F_NOPREFIXROUTE); 2183 } 2184 2185 return system_rtnl_call(msg); 2186 } 2187 2188 int system_add_address(struct device *dev, struct device_addr *addr) 2189 { 2190 return system_addr(dev, addr, RTM_NEWADDR); 2191 } 2192 2193 int system_del_address(struct device *dev, struct device_addr *addr) 2194 { 2195 return system_addr(dev, addr, RTM_DELADDR); 2196 } 2197 2198 static int system_neigh(struct device *dev, struct device_neighbor *neighbor, int cmd) 2199 { 2200 int alen = ((neighbor->flags & DEVADDR_FAMILY) == DEVADDR_INET4) ? 4 : 16; 2201 unsigned int flags = 0; 2202 struct ndmsg ndm = { 2203 .ndm_family = (alen == 4) ? AF_INET : AF_INET6, 2204 .ndm_ifindex = dev->ifindex, 2205 .ndm_state = NUD_PERMANENT, 2206 .ndm_flags = (neighbor->proxy ? NTF_PROXY : 0) | (neighbor->router ? NTF_ROUTER : 0), 2207 }; 2208 struct nl_msg *msg; 2209 2210 if (cmd == RTM_NEWNEIGH) 2211 flags |= NLM_F_CREATE | NLM_F_REPLACE; 2212 2213 msg = nlmsg_alloc_simple(cmd, flags); 2214 2215 if (!msg) 2216 return -1; 2217 2218 nlmsg_append(msg, &ndm, sizeof(ndm), 0); 2219 2220 nla_put(msg, NDA_DST, alen, &neighbor->addr); 2221 if (neighbor->flags & DEVNEIGH_MAC) 2222 nla_put(msg, NDA_LLADDR, sizeof(neighbor->macaddr), &neighbor->macaddr); 2223 2224 2225 return system_rtnl_call(msg); 2226 } 2227 2228 int system_add_neighbor(struct device *dev, struct device_neighbor *neighbor) 2229 { 2230 return system_neigh(dev, neighbor, RTM_NEWNEIGH); 2231 } 2232 2233 int system_del_neighbor(struct device *dev, struct device_neighbor *neighbor) 2234 { 2235 return system_neigh(dev, neighbor, RTM_DELNEIGH); 2236 } 2237 2238 static int system_rt(struct device *dev, struct device_route *route, int cmd) 2239 { 2240 int alen = ((route->flags & DEVADDR_FAMILY) == DEVADDR_INET4) ? 4 : 16; 2241 bool have_gw; 2242 unsigned int flags = 0; 2243 2244 if (alen == 4) 2245 have_gw = !!route->nexthop.in.s_addr; 2246 else 2247 have_gw = route->nexthop.in6.s6_addr32[0] || 2248 route->nexthop.in6.s6_addr32[1] || 2249 route->nexthop.in6.s6_addr32[2] || 2250 route->nexthop.in6.s6_addr32[3]; 2251 2252 unsigned int table = (route->flags & (DEVROUTE_TABLE | DEVROUTE_SRCTABLE)) 2253 ? route->table : RT_TABLE_MAIN; 2254 2255 struct rtmsg rtm = { 2256 .rtm_family = (alen == 4) ? AF_INET : AF_INET6, 2257 .rtm_dst_len = route->mask, 2258 .rtm_src_len = route->sourcemask, 2259 .rtm_table = (table < 256) ? table : RT_TABLE_UNSPEC, 2260 .rtm_protocol = (route->flags & DEVROUTE_PROTO) ? route->proto : RTPROT_STATIC, 2261 .rtm_scope = RT_SCOPE_NOWHERE, 2262 .rtm_type = (cmd == RTM_DELROUTE) ? 0: RTN_UNICAST, 2263 .rtm_flags = (route->flags & DEVROUTE_ONLINK) ? RTNH_F_ONLINK : 0, 2264 }; 2265 struct nl_msg *msg; 2266 2267 if (cmd == RTM_NEWROUTE) { 2268 flags |= NLM_F_CREATE | NLM_F_REPLACE; 2269 2270 if (!dev) { /* Add null-route */ 2271 rtm.rtm_scope = RT_SCOPE_UNIVERSE; 2272 rtm.rtm_type = RTN_UNREACHABLE; 2273 } 2274 else 2275 rtm.rtm_scope = (have_gw) ? RT_SCOPE_UNIVERSE : RT_SCOPE_LINK; 2276 } 2277 2278 if (route->flags & DEVROUTE_TYPE) { 2279 rtm.rtm_type = route->type; 2280 if (!(route->flags & (DEVROUTE_TABLE | DEVROUTE_SRCTABLE))) { 2281 if (rtm.rtm_type == RTN_LOCAL || rtm.rtm_type == RTN_BROADCAST || 2282 rtm.rtm_type == RTN_NAT || rtm.rtm_type == RTN_ANYCAST) 2283 rtm.rtm_table = RT_TABLE_LOCAL; 2284 } 2285 2286 if (rtm.rtm_type == RTN_LOCAL || rtm.rtm_type == RTN_NAT) { 2287 rtm.rtm_scope = RT_SCOPE_HOST; 2288 } else if (rtm.rtm_type == RTN_BROADCAST || rtm.rtm_type == RTN_MULTICAST || 2289 rtm.rtm_type == RTN_ANYCAST) { 2290 rtm.rtm_scope = RT_SCOPE_LINK; 2291 } else if (rtm.rtm_type == RTN_BLACKHOLE || rtm.rtm_type == RTN_UNREACHABLE || 2292 rtm.rtm_type == RTN_PROHIBIT || rtm.rtm_type == RTN_FAILED_POLICY || 2293 rtm.rtm_type == RTN_THROW) { 2294 rtm.rtm_scope = RT_SCOPE_UNIVERSE; 2295 dev = NULL; 2296 } 2297 } 2298 2299 msg = nlmsg_alloc_simple(cmd, flags); 2300 if (!msg) 2301 return -1; 2302 2303 nlmsg_append(msg, &rtm, sizeof(rtm), 0); 2304 2305 if (route->mask) 2306 nla_put(msg, RTA_DST, alen, &route->addr); 2307 2308 if (route->sourcemask) { 2309 if (rtm.rtm_family == AF_INET) 2310 nla_put(msg, RTA_PREFSRC, alen, &route->source); 2311 else 2312 nla_put(msg, RTA_SRC, alen, &route->source); 2313 } 2314 2315 if (route->metric > 0) 2316 nla_put_u32(msg, RTA_PRIORITY, route->metric); 2317 2318 if (have_gw) 2319 nla_put(msg, RTA_GATEWAY, alen, &route->nexthop); 2320 2321 if (dev) 2322 nla_put_u32(msg, RTA_OIF, dev->ifindex); 2323 2324 if (table >= 256) 2325 nla_put_u32(msg, RTA_TABLE, table); 2326 2327 if (route->flags & DEVROUTE_MTU) { 2328 struct nlattr *metrics; 2329 2330 if (!(metrics = nla_nest_start(msg, RTA_METRICS))) 2331 goto nla_put_failure; 2332 2333 nla_put_u32(msg, RTAX_MTU, route->mtu); 2334 2335 nla_nest_end(msg, metrics); 2336 } 2337 2338 return system_rtnl_call(msg); 2339 2340 nla_put_failure: 2341 nlmsg_free(msg); 2342 return -ENOMEM; 2343 } 2344 2345 int system_add_route(struct device *dev, struct device_route *route) 2346 { 2347 return system_rt(dev, route, RTM_NEWROUTE); 2348 } 2349 2350 int system_del_route(struct device *dev, struct device_route *route) 2351 { 2352 return system_rt(dev, route, RTM_DELROUTE); 2353 } 2354 2355 int system_flush_routes(void) 2356 { 2357 const char *names[] = { 2358 "/proc/sys/net/ipv4/route/flush", 2359 "/proc/sys/net/ipv6/route/flush" 2360 }; 2361 int fd, i; 2362 2363 for (i = 0; i < ARRAY_SIZE(names); i++) { 2364 fd = open(names[i], O_WRONLY); 2365 if (fd < 0) 2366 continue; 2367 2368 if (write(fd, "-1", 2)) {} 2369 close(fd); 2370 } 2371 return 0; 2372 } 2373 2374 bool system_resolve_rt_type(const char *type, unsigned int *id) 2375 { 2376 return system_rtn_aton(type, id); 2377 } 2378 2379 bool system_resolve_rt_proto(const char *type, unsigned int *id) 2380 { 2381 FILE *f; 2382 char *e, buf[128]; 2383 unsigned int n, proto = 256; 2384 n = strtoul(type, &e, 0); 2385 if (!*e && e != type) 2386 proto = n; 2387 else if (!strcmp(type, "unspec")) 2388 proto = RTPROT_UNSPEC; 2389 else if (!strcmp(type, "kernel")) 2390 proto = RTPROT_KERNEL; 2391 else if (!strcmp(type, "boot")) 2392 proto = RTPROT_BOOT; 2393 else if (!strcmp(type, "static")) 2394 proto = RTPROT_STATIC; 2395 else if ((f = fopen("/etc/iproute2/rt_protos", "r")) != NULL) { 2396 while (fgets(buf, sizeof(buf) - 1, f) != NULL) { 2397 if ((e = strtok(buf, " \t\n")) == NULL || *e == '#') 2398 continue; 2399 2400 n = strtoul(e, NULL, 10); 2401 e = strtok(NULL, " \t\n"); 2402 2403 if (e && !strcmp(e, type)) { 2404 proto = n; 2405 break; 2406 } 2407 } 2408 fclose(f); 2409 } 2410 2411 if (proto > 255) 2412 return false; 2413 2414 *id = proto; 2415 return true; 2416 } 2417 2418 bool system_resolve_rt_table(const char *name, unsigned int *id) 2419 { 2420 FILE *f; 2421 char *e, buf[128]; 2422 unsigned int n, table = RT_TABLE_UNSPEC; 2423 2424 /* first try to parse table as number */ 2425 if ((n = strtoul(name, &e, 0)) > 0 && !*e) 2426 table = n; 2427 2428 /* handle well known aliases */ 2429 else if (!strcmp(name, "default")) 2430 table = RT_TABLE_DEFAULT; 2431 else if (!strcmp(name, "main")) 2432 table = RT_TABLE_MAIN; 2433 else if (!strcmp(name, "local")) 2434 table = RT_TABLE_LOCAL; 2435 2436 /* try to look up name in /etc/iproute2/rt_tables */ 2437 else if ((f = fopen("/etc/iproute2/rt_tables", "r")) != NULL) 2438 { 2439 while (fgets(buf, sizeof(buf) - 1, f) != NULL) 2440 { 2441 if ((e = strtok(buf, " \t\n")) == NULL || *e == '#') 2442 continue; 2443 2444 n = strtoul(e, NULL, 10); 2445 e = strtok(NULL, " \t\n"); 2446 2447 if (e && !strcmp(e, name)) 2448 { 2449 table = n; 2450 break; 2451 } 2452 } 2453 2454 fclose(f); 2455 } 2456 2457 if (table == RT_TABLE_UNSPEC) 2458 return false; 2459 2460 *id = table; 2461 return true; 2462 } 2463 2464 bool system_is_default_rt_table(unsigned int id) 2465 { 2466 return (id == RT_TABLE_MAIN); 2467 } 2468 2469 bool system_resolve_rpfilter(const char *filter, unsigned int *id) 2470 { 2471 char *e; 2472 unsigned int n; 2473 2474 if (!strcmp(filter, "strict")) 2475 n = 1; 2476 else if (!strcmp(filter, "loose")) 2477 n = 2; 2478 else { 2479 n = strtoul(filter, &e, 0); 2480 if (*e || e == filter || n > 2) 2481 return false; 2482 } 2483 2484 *id = n; 2485 return true; 2486 } 2487 2488 static int system_iprule(struct iprule *rule, int cmd) 2489 { 2490 int alen = ((rule->flags & IPRULE_FAMILY) == IPRULE_INET4) ? 4 : 16; 2491 2492 struct nl_msg *msg; 2493 struct rtmsg rtm = { 2494 .rtm_family = (alen == 4) ? AF_INET : AF_INET6, 2495 .rtm_protocol = RTPROT_STATIC, 2496 .rtm_scope = RT_SCOPE_UNIVERSE, 2497 .rtm_table = RT_TABLE_UNSPEC, 2498 .rtm_type = RTN_UNSPEC, 2499 .rtm_flags = 0, 2500 }; 2501 2502 if (cmd == RTM_NEWRULE) 2503 rtm.rtm_type = RTN_UNICAST; 2504 2505 if (rule->invert) 2506 rtm.rtm_flags |= FIB_RULE_INVERT; 2507 2508 if (rule->flags & IPRULE_SRC) 2509 rtm.rtm_src_len = rule->src_mask; 2510 2511 if (rule->flags & IPRULE_DEST) 2512 rtm.rtm_dst_len = rule->dest_mask; 2513 2514 if (rule->flags & IPRULE_TOS) 2515 rtm.rtm_tos = rule->tos; 2516 2517 if (rule->flags & IPRULE_LOOKUP) { 2518 if (rule->lookup < 256) 2519 rtm.rtm_table = rule->lookup; 2520 } 2521 2522 if (rule->flags & IPRULE_ACTION) 2523 rtm.rtm_type = rule->action; 2524 else if (rule->flags & IPRULE_GOTO) 2525 rtm.rtm_type = FR_ACT_GOTO; 2526 else if (!(rule->flags & (IPRULE_LOOKUP | IPRULE_ACTION | IPRULE_GOTO))) 2527 rtm.rtm_type = FR_ACT_NOP; 2528 2529 msg = nlmsg_alloc_simple(cmd, NLM_F_REQUEST); 2530 2531 if (!msg) 2532 return -1; 2533 2534 nlmsg_append(msg, &rtm, sizeof(rtm), 0); 2535 2536 if (rule->flags & IPRULE_IN) 2537 nla_put(msg, FRA_IFNAME, strlen(rule->in_dev) + 1, rule->in_dev); 2538 2539 if (rule->flags & IPRULE_OUT) 2540 nla_put(msg, FRA_OIFNAME, strlen(rule->out_dev) + 1, rule->out_dev); 2541 2542 if (rule->flags & IPRULE_SRC) 2543 nla_put(msg, FRA_SRC, alen, &rule->src_addr); 2544 2545 if (rule->flags & IPRULE_DEST) 2546 nla_put(msg, FRA_DST, alen, &rule->dest_addr); 2547 2548 if (rule->flags & IPRULE_PRIORITY) 2549 nla_put_u32(msg, FRA_PRIORITY, rule->priority); 2550 else if (cmd == RTM_NEWRULE) 2551 nla_put_u32(msg, FRA_PRIORITY, rule->order); 2552 2553 if (rule->flags & IPRULE_FWMARK) 2554 nla_put_u32(msg, FRA_FWMARK, rule->fwmark); 2555 2556 if (rule->flags & IPRULE_FWMASK) 2557 nla_put_u32(msg, FRA_FWMASK, rule->fwmask); 2558 2559 if (rule->flags & IPRULE_LOOKUP) { 2560 if (rule->lookup >= 256) 2561 nla_put_u32(msg, FRA_TABLE, rule->lookup); 2562 } 2563 2564 if (rule->flags & IPRULE_SUP_PREFIXLEN) 2565 nla_put_u32(msg, FRA_SUPPRESS_PREFIXLEN, rule->sup_prefixlen); 2566 2567 if (rule->flags & IPRULE_GOTO) 2568 nla_put_u32(msg, FRA_GOTO, rule->gotoid); 2569 2570 return system_rtnl_call(msg); 2571 } 2572 2573 int system_add_iprule(struct iprule *rule) 2574 { 2575 return system_iprule(rule, RTM_NEWRULE); 2576 } 2577 2578 int system_del_iprule(struct iprule *rule) 2579 { 2580 return system_iprule(rule, RTM_DELRULE); 2581 } 2582 2583 int system_flush_iprules(void) 2584 { 2585 int rv = 0; 2586 struct iprule rule; 2587 2588 system_if_clear_entries(NULL, RTM_GETRULE, AF_INET); 2589 system_if_clear_entries(NULL, RTM_GETRULE, AF_INET6); 2590 2591 memset(&rule, 0, sizeof(rule)); 2592 2593 2594 rule.flags = IPRULE_INET4 | IPRULE_PRIORITY | IPRULE_LOOKUP; 2595 2596 rule.priority = 0; 2597 rule.lookup = RT_TABLE_LOCAL; 2598 rv |= system_iprule(&rule, RTM_NEWRULE); 2599 2600 rule.priority = 32766; 2601 rule.lookup = RT_TABLE_MAIN; 2602 rv |= system_iprule(&rule, RTM_NEWRULE); 2603 2604 rule.priority = 32767; 2605 rule.lookup = RT_TABLE_DEFAULT; 2606 rv |= system_iprule(&rule, RTM_NEWRULE); 2607 2608 2609 rule.flags = IPRULE_INET6 | IPRULE_PRIORITY | IPRULE_LOOKUP; 2610 2611 rule.priority = 0; 2612 rule.lookup = RT_TABLE_LOCAL; 2613 rv |= system_iprule(&rule, RTM_NEWRULE); 2614 2615 rule.priority = 32766; 2616 rule.lookup = RT_TABLE_MAIN; 2617 rv |= system_iprule(&rule, RTM_NEWRULE); 2618 2619 return rv; 2620 } 2621 2622 bool system_resolve_iprule_action(const char *action, unsigned int *id) 2623 { 2624 return system_rtn_aton(action, id); 2625 } 2626 2627 time_t system_get_rtime(void) 2628 { 2629 struct timespec ts; 2630 struct timeval tv; 2631 2632 if (clock_gettime(CLOCK_MONOTONIC, &ts) == 0) 2633 return ts.tv_sec; 2634 2635 if (gettimeofday(&tv, NULL) == 0) 2636 return tv.tv_sec; 2637 2638 return 0; 2639 } 2640 2641 #ifndef IP_DF 2642 #define IP_DF 0x4000 2643 #endif 2644 2645 static int tunnel_ioctl(const char *name, int cmd, void *p) 2646 { 2647 struct ifreq ifr; 2648 2649 memset(&ifr, 0, sizeof(ifr)); 2650 strncpy(ifr.ifr_name, name, sizeof(ifr.ifr_name) - 1); 2651 ifr.ifr_ifru.ifru_data = p; 2652 return ioctl(sock_ioctl, cmd, &ifr); 2653 } 2654 2655 #ifdef IFLA_IPTUN_MAX 2656 static int system_add_ip6_tunnel(const char *name, const unsigned int link, 2657 struct blob_attr **tb) 2658 { 2659 struct nl_msg *nlm = nlmsg_alloc_simple(RTM_NEWLINK, 2660 NLM_F_REQUEST | NLM_F_REPLACE | NLM_F_CREATE); 2661 struct ifinfomsg ifi = { .ifi_family = AF_UNSPEC }; 2662 struct blob_attr *cur; 2663 int ret = 0, ttl = 0; 2664 2665 if (!nlm) 2666 return -1; 2667 2668 nlmsg_append(nlm, &ifi, sizeof(ifi), 0); 2669 nla_put_string(nlm, IFLA_IFNAME, name); 2670 2671 if (link) 2672 nla_put_u32(nlm, IFLA_LINK, link); 2673 2674 struct nlattr *linkinfo = nla_nest_start(nlm, IFLA_LINKINFO); 2675 if (!linkinfo) { 2676 ret = -ENOMEM; 2677 goto failure; 2678 } 2679 2680 nla_put_string(nlm, IFLA_INFO_KIND, "ip6tnl"); 2681 struct nlattr *infodata = nla_nest_start(nlm, IFLA_INFO_DATA); 2682 if (!infodata) { 2683 ret = -ENOMEM; 2684 goto failure; 2685 } 2686 2687 if (link) 2688 nla_put_u32(nlm, IFLA_IPTUN_LINK, link); 2689 2690 if ((cur = tb[TUNNEL_ATTR_TTL])) 2691 ttl = blobmsg_get_u32(cur); 2692 2693 nla_put_u8(nlm, IFLA_IPTUN_PROTO, IPPROTO_IPIP); 2694 nla_put_u8(nlm, IFLA_IPTUN_TTL, (ttl) ? ttl : 64); 2695 2696 struct in6_addr in6buf; 2697 if ((cur = tb[TUNNEL_ATTR_LOCAL])) { 2698 if (inet_pton(AF_INET6, blobmsg_data(cur), &in6buf) < 1) { 2699 ret = -EINVAL; 2700 goto failure; 2701 } 2702 nla_put(nlm, IFLA_IPTUN_LOCAL, sizeof(in6buf), &in6buf); 2703 } 2704 2705 if ((cur = tb[TUNNEL_ATTR_REMOTE])) { 2706 if (inet_pton(AF_INET6, blobmsg_data(cur), &in6buf) < 1) { 2707 ret = -EINVAL; 2708 goto failure; 2709 } 2710 nla_put(nlm, IFLA_IPTUN_REMOTE, sizeof(in6buf), &in6buf); 2711 } 2712 2713 if ((cur = tb[TUNNEL_ATTR_DATA])) { 2714 struct blob_attr *tb_data[__IPIP6_DATA_ATTR_MAX]; 2715 uint32_t tun_flags = IP6_TNL_F_IGN_ENCAP_LIMIT; 2716 2717 blobmsg_parse(ipip6_data_attr_list.params, __IPIP6_DATA_ATTR_MAX, tb_data, 2718 blobmsg_data(cur), blobmsg_len(cur)); 2719 2720 if ((cur = tb_data[IPIP6_DATA_ENCAPLIMIT])) { 2721 char *str = blobmsg_get_string(cur); 2722 2723 if (strcmp(str, "ignore")) { 2724 char *e; 2725 unsigned encap_limit = strtoul(str, &e, 0); 2726 2727 if (e == str || *e || encap_limit > 255) { 2728 ret = -EINVAL; 2729 goto failure; 2730 } 2731 2732 nla_put_u8(nlm, IFLA_IPTUN_ENCAP_LIMIT, encap_limit); 2733 tun_flags &= ~IP6_TNL_F_IGN_ENCAP_LIMIT; 2734 } 2735 } 2736 2737 #ifdef IFLA_IPTUN_FMR_MAX 2738 if ((cur = tb_data[IPIP6_DATA_FMRS])) { 2739 struct blob_attr *rcur; 2740 unsigned rrem, fmrcnt = 0; 2741 struct nlattr *fmrs = nla_nest_start(nlm, IFLA_IPTUN_FMRS); 2742 2743 if (!fmrs) { 2744 ret = -ENOMEM; 2745 goto failure; 2746 } 2747 2748 blobmsg_for_each_attr(rcur, cur, rrem) { 2749 struct blob_attr *tb_fmr[__FMR_DATA_ATTR_MAX], *tb_cur; 2750 struct in6_addr ip6prefix; 2751 struct in_addr ip4prefix; 2752 unsigned ip4len, ip6len, ealen, offset; 2753 2754 blobmsg_parse(fmr_data_attr_list.params, __FMR_DATA_ATTR_MAX, tb_fmr, 2755 blobmsg_data(rcur), blobmsg_len(rcur)); 2756 2757 if (!(tb_cur = tb_fmr[FMR_DATA_PREFIX6]) || 2758 !parse_ip_and_netmask(AF_INET6, 2759 blobmsg_data(tb_cur), &ip6prefix, 2760 &ip6len)) { 2761 ret = -EINVAL; 2762 goto failure; 2763 } 2764 2765 if (!(tb_cur = tb_fmr[FMR_DATA_PREFIX4]) || 2766 !parse_ip_and_netmask(AF_INET, 2767 blobmsg_data(tb_cur), &ip4prefix, 2768 &ip4len)) { 2769 ret = -EINVAL; 2770 goto failure; 2771 } 2772 2773 if (!(tb_cur = tb_fmr[FMR_DATA_EALEN])) { 2774 ret = -EINVAL; 2775 goto failure; 2776 } 2777 ealen = blobmsg_get_u32(tb_cur); 2778 2779 if (!(tb_cur = tb_fmr[FMR_DATA_OFFSET])) { 2780 ret = -EINVAL; 2781 goto failure; 2782 } 2783 offset = blobmsg_get_u32(tb_cur); 2784 2785 struct nlattr *rule = nla_nest_start(nlm, ++fmrcnt); 2786 if (!rule) { 2787 ret = -ENOMEM; 2788 goto failure; 2789 } 2790 2791 nla_put(nlm, IFLA_IPTUN_FMR_IP6_PREFIX, sizeof(ip6prefix), &ip6prefix); 2792 nla_put(nlm, IFLA_IPTUN_FMR_IP4_PREFIX, sizeof(ip4prefix), &ip4prefix); 2793 nla_put_u8(nlm, IFLA_IPTUN_FMR_IP6_PREFIX_LEN, ip6len); 2794 nla_put_u8(nlm, IFLA_IPTUN_FMR_IP4_PREFIX_LEN, ip4len); 2795 nla_put_u8(nlm, IFLA_IPTUN_FMR_EA_LEN, ealen); 2796 nla_put_u8(nlm, IFLA_IPTUN_FMR_OFFSET, offset); 2797 2798 nla_nest_end(nlm, rule); 2799 } 2800 2801 nla_nest_end(nlm, fmrs); 2802 } 2803 #endif 2804 if (tun_flags) 2805 nla_put_u32(nlm, IFLA_IPTUN_FLAGS, tun_flags); 2806 } 2807 2808 nla_nest_end(nlm, infodata); 2809 nla_nest_end(nlm, linkinfo); 2810 2811 return system_rtnl_call(nlm); 2812 2813 failure: 2814 nlmsg_free(nlm); 2815 return ret; 2816 } 2817 #endif 2818 2819 #ifdef IFLA_IPTUN_MAX 2820 #define IP6_FLOWINFO_TCLASS htonl(0x0FF00000) 2821 static int system_add_gre_tunnel(const char *name, const char *kind, 2822 const unsigned int link, struct blob_attr **tb, bool v6) 2823 { 2824 struct nl_msg *nlm; 2825 struct ifinfomsg ifi = { .ifi_family = AF_UNSPEC, }; 2826 struct blob_attr *cur; 2827 uint32_t ikey = 0, okey = 0, flowinfo = 0, flags6 = IP6_TNL_F_IGN_ENCAP_LIMIT; 2828 uint16_t iflags = 0, oflags = 0; 2829 uint8_t tos = 0; 2830 int ret = 0, ttl = 0; 2831 unsigned encap_limit = 0; 2832 2833 nlm = nlmsg_alloc_simple(RTM_NEWLINK, NLM_F_REQUEST | NLM_F_REPLACE | NLM_F_CREATE); 2834 if (!nlm) 2835 return -1; 2836 2837 nlmsg_append(nlm, &ifi, sizeof(ifi), 0); 2838 nla_put_string(nlm, IFLA_IFNAME, name); 2839 2840 struct nlattr *linkinfo = nla_nest_start(nlm, IFLA_LINKINFO); 2841 if (!linkinfo) { 2842 ret = -ENOMEM; 2843 goto failure; 2844 } 2845 2846 nla_put_string(nlm, IFLA_INFO_KIND, kind); 2847 struct nlattr *infodata = nla_nest_start(nlm, IFLA_INFO_DATA); 2848 if (!infodata) { 2849 ret = -ENOMEM; 2850 goto failure; 2851 } 2852 2853 if (link) 2854 nla_put_u32(nlm, IFLA_GRE_LINK, link); 2855 2856 if ((cur = tb[TUNNEL_ATTR_TTL])) 2857 ttl = blobmsg_get_u32(cur); 2858 2859 if ((cur = tb[TUNNEL_ATTR_TOS])) { 2860 char *str = blobmsg_get_string(cur); 2861 if (strcmp(str, "inherit")) { 2862 unsigned uval; 2863 2864 if (!system_tos_aton(str, &uval)) { 2865 ret = -EINVAL; 2866 goto failure; 2867 } 2868 2869 if (v6) 2870 flowinfo |= htonl(uval << 20) & IP6_FLOWINFO_TCLASS; 2871 else 2872 tos = uval; 2873 } else { 2874 if (v6) 2875 flags6 |= IP6_TNL_F_USE_ORIG_TCLASS; 2876 else 2877 tos = 1; 2878 } 2879 } 2880 2881 if ((cur = tb[TUNNEL_ATTR_DATA])) { 2882 struct blob_attr *tb_data[__GRE_DATA_ATTR_MAX]; 2883 2884 blobmsg_parse(gre_data_attr_list.params, __GRE_DATA_ATTR_MAX, tb_data, 2885 blobmsg_data(cur), blobmsg_len(cur)); 2886 2887 if ((cur = tb_data[GRE_DATA_IKEY])) { 2888 if ((ikey = blobmsg_get_u32(cur))) 2889 iflags |= GRE_KEY; 2890 } 2891 2892 if ((cur = tb_data[GRE_DATA_OKEY])) { 2893 if ((okey = blobmsg_get_u32(cur))) 2894 oflags |= GRE_KEY; 2895 } 2896 2897 if ((cur = tb_data[GRE_DATA_ICSUM])) { 2898 if (blobmsg_get_bool(cur)) 2899 iflags |= GRE_CSUM; 2900 } 2901 2902 if ((cur = tb_data[GRE_DATA_OCSUM])) { 2903 if (blobmsg_get_bool(cur)) 2904 oflags |= GRE_CSUM; 2905 } 2906 2907 if ((cur = tb_data[GRE_DATA_ISEQNO])) { 2908 if (blobmsg_get_bool(cur)) 2909 iflags |= GRE_SEQ; 2910 } 2911 2912 if ((cur = tb_data[GRE_DATA_OSEQNO])) { 2913 if (blobmsg_get_bool(cur)) 2914 oflags |= GRE_SEQ; 2915 } 2916 2917 if ((cur = tb_data[GRE_DATA_ENCAPLIMIT])) { 2918 char *str = blobmsg_get_string(cur); 2919 2920 if (strcmp(str, "ignore")) { 2921 char *e; 2922 2923 encap_limit = strtoul(str, &e, 0); 2924 2925 if (e == str || *e || encap_limit > 255) { 2926 ret = -EINVAL; 2927 goto failure; 2928 } 2929 2930 flags6 &= ~IP6_TNL_F_IGN_ENCAP_LIMIT; 2931 } 2932 } 2933 } 2934 2935 if (v6) { 2936 struct in6_addr in6buf; 2937 if ((cur = tb[TUNNEL_ATTR_LOCAL])) { 2938 if (inet_pton(AF_INET6, blobmsg_data(cur), &in6buf) < 1) { 2939 ret = -EINVAL; 2940 goto failure; 2941 } 2942 nla_put(nlm, IFLA_GRE_LOCAL, sizeof(in6buf), &in6buf); 2943 } 2944 2945 if ((cur = tb[TUNNEL_ATTR_REMOTE])) { 2946 if (inet_pton(AF_INET6, blobmsg_data(cur), &in6buf) < 1) { 2947 ret = -EINVAL; 2948 goto failure; 2949 } 2950 nla_put(nlm, IFLA_GRE_REMOTE, sizeof(in6buf), &in6buf); 2951 } 2952 2953 if (!(flags6 & IP6_TNL_F_IGN_ENCAP_LIMIT)) 2954 nla_put_u8(nlm, IFLA_GRE_ENCAP_LIMIT, encap_limit); 2955 2956 if (flowinfo) 2957 nla_put_u32(nlm, IFLA_GRE_FLOWINFO, flowinfo); 2958 2959 if (flags6) 2960 nla_put_u32(nlm, IFLA_GRE_FLAGS, flags6); 2961 2962 if (!ttl) 2963 ttl = 64; 2964 } else { 2965 struct in_addr inbuf; 2966 bool set_df = true; 2967 2968 if ((cur = tb[TUNNEL_ATTR_LOCAL])) { 2969 if (inet_pton(AF_INET, blobmsg_data(cur), &inbuf) < 1) { 2970 ret = -EINVAL; 2971 goto failure; 2972 } 2973 nla_put(nlm, IFLA_GRE_LOCAL, sizeof(inbuf), &inbuf); 2974 } 2975 2976 if ((cur = tb[TUNNEL_ATTR_REMOTE])) { 2977 if (inet_pton(AF_INET, blobmsg_data(cur), &inbuf) < 1) { 2978 ret = -EINVAL; 2979 goto failure; 2980 } 2981 nla_put(nlm, IFLA_GRE_REMOTE, sizeof(inbuf), &inbuf); 2982 2983 if (IN_MULTICAST(ntohl(inbuf.s_addr))) { 2984 if (!okey) { 2985 okey = inbuf.s_addr; 2986 oflags |= GRE_KEY; 2987 } 2988 2989 if (!ikey) { 2990 ikey = inbuf.s_addr; 2991 iflags |= GRE_KEY; 2992 } 2993 } 2994 } 2995 2996 if ((cur = tb[TUNNEL_ATTR_DF])) 2997 set_df = blobmsg_get_bool(cur); 2998 2999 if (!set_df) { 3000 /* ttl != 0 and nopmtudisc are incompatible */ 3001 if (ttl) { 3002 ret = -EINVAL; 3003 goto failure; 3004 } 3005 } else if (!ttl) 3006 ttl = 64; 3007 3008 nla_put_u8(nlm, IFLA_GRE_PMTUDISC, set_df ? 1 : 0); 3009 3010 nla_put_u8(nlm, IFLA_GRE_TOS, tos); 3011 } 3012 3013 if (ttl) 3014 nla_put_u8(nlm, IFLA_GRE_TTL, ttl); 3015 3016 if (oflags) 3017 nla_put_u16(nlm, IFLA_GRE_OFLAGS, oflags); 3018 3019 if (iflags) 3020 nla_put_u16(nlm, IFLA_GRE_IFLAGS, iflags); 3021 3022 if (okey) 3023 nla_put_u32(nlm, IFLA_GRE_OKEY, htonl(okey)); 3024 3025 if (ikey) 3026 nla_put_u32(nlm, IFLA_GRE_IKEY, htonl(ikey)); 3027 3028 nla_nest_end(nlm, infodata); 3029 nla_nest_end(nlm, linkinfo); 3030 3031 return system_rtnl_call(nlm); 3032 3033 failure: 3034 nlmsg_free(nlm); 3035 return ret; 3036 } 3037 #endif 3038 3039 #ifdef IFLA_VTI_MAX 3040 static int system_add_vti_tunnel(const char *name, const char *kind, 3041 const unsigned int link, struct blob_attr **tb, bool v6) 3042 { 3043 struct nl_msg *nlm; 3044 struct ifinfomsg ifi = { .ifi_family = AF_UNSPEC, }; 3045 struct blob_attr *cur; 3046 int ret = 0; 3047 3048 nlm = nlmsg_alloc_simple(RTM_NEWLINK, NLM_F_REQUEST | NLM_F_REPLACE | NLM_F_CREATE); 3049 if (!nlm) 3050 return -1; 3051 3052 nlmsg_append(nlm, &ifi, sizeof(ifi), 0); 3053 nla_put_string(nlm, IFLA_IFNAME, name); 3054 3055 struct nlattr *linkinfo = nla_nest_start(nlm, IFLA_LINKINFO); 3056 if (!linkinfo) { 3057 ret = -ENOMEM; 3058 goto failure; 3059 } 3060 3061 nla_put_string(nlm, IFLA_INFO_KIND, kind); 3062 struct nlattr *infodata = nla_nest_start(nlm, IFLA_INFO_DATA); 3063 if (!infodata) { 3064 ret = -ENOMEM; 3065 goto failure; 3066 } 3067 3068 if (link) 3069 nla_put_u32(nlm, IFLA_VTI_LINK, link); 3070 3071 if (v6) { 3072 struct in6_addr in6buf; 3073 if ((cur = tb[TUNNEL_ATTR_LOCAL])) { 3074 if (inet_pton(AF_INET6, blobmsg_data(cur), &in6buf) < 1) { 3075 ret = -EINVAL; 3076 goto failure; 3077 } 3078 nla_put(nlm, IFLA_VTI_LOCAL, sizeof(in6buf), &in6buf); 3079 } 3080 3081 if ((cur = tb[TUNNEL_ATTR_REMOTE])) { 3082 if (inet_pton(AF_INET6, blobmsg_data(cur), &in6buf) < 1) { 3083 ret = -EINVAL; 3084 goto failure; 3085 } 3086 nla_put(nlm, IFLA_VTI_REMOTE, sizeof(in6buf), &in6buf); 3087 } 3088 3089 } else { 3090 struct in_addr inbuf; 3091 3092 if ((cur = tb[TUNNEL_ATTR_LOCAL])) { 3093 if (inet_pton(AF_INET, blobmsg_data(cur), &inbuf) < 1) { 3094 ret = -EINVAL; 3095 goto failure; 3096 } 3097 nla_put(nlm, IFLA_VTI_LOCAL, sizeof(inbuf), &inbuf); 3098 } 3099 3100 if ((cur = tb[TUNNEL_ATTR_REMOTE])) { 3101 if (inet_pton(AF_INET, blobmsg_data(cur), &inbuf) < 1) { 3102 ret = -EINVAL; 3103 goto failure; 3104 } 3105 nla_put(nlm, IFLA_VTI_REMOTE, sizeof(inbuf), &inbuf); 3106 } 3107 3108 } 3109 3110 if ((cur = tb[TUNNEL_ATTR_DATA])) { 3111 struct blob_attr *tb_data[__VTI_DATA_ATTR_MAX]; 3112 uint32_t ikey = 0, okey = 0; 3113 3114 blobmsg_parse(vti_data_attr_list.params, __VTI_DATA_ATTR_MAX, tb_data, 3115 blobmsg_data(cur), blobmsg_len(cur)); 3116 3117 if ((cur = tb_data[VTI_DATA_IKEY])) { 3118 if ((ikey = blobmsg_get_u32(cur))) 3119 nla_put_u32(nlm, IFLA_VTI_IKEY, htonl(ikey)); 3120 } 3121 3122 if ((cur = tb_data[VTI_DATA_OKEY])) { 3123 if ((okey = blobmsg_get_u32(cur))) 3124 nla_put_u32(nlm, IFLA_VTI_OKEY, htonl(okey)); 3125 } 3126 } 3127 3128 nla_nest_end(nlm, infodata); 3129 nla_nest_end(nlm, linkinfo); 3130 3131 return system_rtnl_call(nlm); 3132 3133 failure: 3134 nlmsg_free(nlm); 3135 return ret; 3136 } 3137 #endif 3138 3139 #ifdef IFLA_XFRM_MAX 3140 static int system_add_xfrm_tunnel(const char *name, const char *kind, 3141 const unsigned int link, struct blob_attr **tb) 3142 { 3143 struct nl_msg *nlm; 3144 struct ifinfomsg ifi = { .ifi_family = AF_UNSPEC, }; 3145 struct blob_attr *cur; 3146 int ret = 0; 3147 3148 nlm = nlmsg_alloc_simple(RTM_NEWLINK, NLM_F_REQUEST | NLM_F_REPLACE | NLM_F_CREATE); 3149 if (!nlm) 3150 return -1; 3151 3152 nlmsg_append(nlm, &ifi, sizeof(ifi), 0); 3153 nla_put_string(nlm, IFLA_IFNAME, name); 3154 3155 struct nlattr *linkinfo = nla_nest_start(nlm, IFLA_LINKINFO); 3156 if (!linkinfo) { 3157 ret = -ENOMEM; 3158 goto failure; 3159 } 3160 3161 nla_put_string(nlm, IFLA_INFO_KIND, kind); 3162 struct nlattr *infodata = nla_nest_start(nlm, IFLA_INFO_DATA); 3163 if (!infodata) { 3164 ret = -ENOMEM; 3165 goto failure; 3166 } 3167 3168 if (link) 3169 nla_put_u32(nlm, IFLA_XFRM_LINK, link); 3170 3171 if ((cur = tb[TUNNEL_ATTR_DATA])) { 3172 struct blob_attr *tb_data[__XFRM_DATA_ATTR_MAX]; 3173 uint32_t if_id = 0; 3174 3175 blobmsg_parse(xfrm_data_attr_list.params, __XFRM_DATA_ATTR_MAX, tb_data, 3176 blobmsg_data(cur), blobmsg_len(cur)); 3177 3178 if ((cur = tb_data[XFRM_DATA_IF_ID])) { 3179 if ((if_id = blobmsg_get_u32(cur))) 3180 nla_put_u32(nlm, IFLA_XFRM_IF_ID, if_id); 3181 } 3182 3183 } 3184 3185 nla_nest_end(nlm, infodata); 3186 nla_nest_end(nlm, linkinfo); 3187 3188 return system_rtnl_call(nlm); 3189 3190 failure: 3191 nlmsg_free(nlm); 3192 return ret; 3193 } 3194 #endif 3195 3196 #ifdef IFLA_VXLAN_MAX 3197 static void system_vxlan_map_bool_attr(struct nl_msg *msg, struct blob_attr **tb_data, int attrtype, int vxlandatatype, bool invert) { 3198 struct blob_attr *cur; 3199 if ((cur = tb_data[vxlandatatype])) { 3200 bool val = blobmsg_get_bool(cur); 3201 if (invert) 3202 val = !val; 3203 3204 if ((attrtype == IFLA_VXLAN_GBP) && val) 3205 nla_put_flag(msg, attrtype); 3206 else 3207 nla_put_u8(msg, attrtype, val); 3208 3209 } 3210 } 3211 3212 static int system_add_vxlan(const char *name, const unsigned int link, struct blob_attr **tb, bool v6) 3213 { 3214 struct blob_attr *tb_data[__VXLAN_DATA_ATTR_MAX]; 3215 struct nl_msg *msg; 3216 struct nlattr *linkinfo, *data; 3217 struct ifinfomsg iim = { .ifi_family = AF_UNSPEC, }; 3218 struct blob_attr *cur; 3219 int ret = 0; 3220 3221 if ((cur = tb[TUNNEL_ATTR_DATA])) 3222 blobmsg_parse(vxlan_data_attr_list.params, __VXLAN_DATA_ATTR_MAX, tb_data, 3223 blobmsg_data(cur), blobmsg_len(cur)); 3224 else 3225 return -EINVAL; 3226 3227 msg = nlmsg_alloc_simple(RTM_NEWLINK, NLM_F_REQUEST | NLM_F_CREATE | NLM_F_EXCL); 3228 3229 if (!msg) 3230 return -1; 3231 3232 nlmsg_append(msg, &iim, sizeof(iim), 0); 3233 3234 nla_put_string(msg, IFLA_IFNAME, name); 3235 3236 if ((cur = tb_data[VXLAN_DATA_ATTR_MACADDR])) { 3237 struct ether_addr *ea = ether_aton(blobmsg_get_string(cur)); 3238 if (!ea) { 3239 ret = -EINVAL; 3240 goto failure; 3241 } 3242 3243 nla_put(msg, IFLA_ADDRESS, ETH_ALEN, ea); 3244 } 3245 3246 if ((cur = tb[TUNNEL_ATTR_MTU])) { 3247 uint32_t mtu = blobmsg_get_u32(cur); 3248 nla_put_u32(msg, IFLA_MTU, mtu); 3249 } 3250 3251 if (!(linkinfo = nla_nest_start(msg, IFLA_LINKINFO))) { 3252 ret = -ENOMEM; 3253 goto failure; 3254 } 3255 3256 nla_put_string(msg, IFLA_INFO_KIND, "vxlan"); 3257 3258 if (!(data = nla_nest_start(msg, IFLA_INFO_DATA))) { 3259 ret = -ENOMEM; 3260 goto failure; 3261 } 3262 3263 if (link) 3264 nla_put_u32(msg, IFLA_VXLAN_LINK, link); 3265 3266 if ((cur = tb_data[VXLAN_DATA_ATTR_ID])) { 3267 uint32_t id = blobmsg_get_u32(cur); 3268 if (id >= (1u << 24) - 1) { 3269 ret = -EINVAL; 3270 goto failure; 3271 } 3272 3273 nla_put_u32(msg, IFLA_VXLAN_ID, id); 3274 } 3275 3276 if (v6) { 3277 struct in6_addr in6buf; 3278 if ((cur = tb[TUNNEL_ATTR_LOCAL])) { 3279 if (inet_pton(AF_INET6, blobmsg_data(cur), &in6buf) < 1) { 3280 ret = -EINVAL; 3281 goto failure; 3282 } 3283 nla_put(msg, IFLA_VXLAN_LOCAL6, sizeof(in6buf), &in6buf); 3284 } 3285 3286 if ((cur = tb[TUNNEL_ATTR_REMOTE])) { 3287 if (inet_pton(AF_INET6, blobmsg_data(cur), &in6buf) < 1) { 3288 ret = -EINVAL; 3289 goto failure; 3290 } 3291 nla_put(msg, IFLA_VXLAN_GROUP6, sizeof(in6buf), &in6buf); 3292 } 3293 } else { 3294 struct in_addr inbuf; 3295 3296 if ((cur = tb[TUNNEL_ATTR_LOCAL])) { 3297 if (inet_pton(AF_INET, blobmsg_data(cur), &inbuf) < 1) { 3298 ret = -EINVAL; 3299 goto failure; 3300 } 3301 nla_put(msg, IFLA_VXLAN_LOCAL, sizeof(inbuf), &inbuf); 3302 } 3303 3304 if ((cur = tb[TUNNEL_ATTR_REMOTE])) { 3305 if (inet_pton(AF_INET, blobmsg_data(cur), &inbuf) < 1) { 3306 ret = -EINVAL; 3307 goto failure; 3308 } 3309 nla_put(msg, IFLA_VXLAN_GROUP, sizeof(inbuf), &inbuf); 3310 } 3311 } 3312 3313 uint32_t port = 4789; 3314 if ((cur = tb_data[VXLAN_DATA_ATTR_PORT])) { 3315 port = blobmsg_get_u32(cur); 3316 if (port < 1 || port > 65535) { 3317 ret = -EINVAL; 3318 goto failure; 3319 } 3320 } 3321 nla_put_u16(msg, IFLA_VXLAN_PORT, htons(port)); 3322 3323 if ((cur = tb_data[VXLAN_DATA_ATTR_SRCPORTMIN])) { 3324 struct ifla_vxlan_port_range srcports = {0,0}; 3325 3326 uint32_t low = blobmsg_get_u32(cur); 3327 if (low < 1 || low > 65535 - 1) { 3328 ret = -EINVAL; 3329 goto failure; 3330 } 3331 3332 srcports.low = htons((uint16_t) low); 3333 srcports.high = htons((uint16_t) (low+1)); 3334 3335 if ((cur = tb_data[VXLAN_DATA_ATTR_SRCPORTMAX])) { 3336 uint32_t high = blobmsg_get_u32(cur); 3337 if (high < 1 || high > 65535) { 3338 ret = -EINVAL; 3339 goto failure; 3340 } 3341 3342 if (high > low) 3343 srcports.high = htons((uint16_t) high); 3344 } 3345 3346 nla_put(msg, IFLA_VXLAN_PORT_RANGE, sizeof(srcports), &srcports); 3347 } 3348 3349 system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_UDP_CSUM, VXLAN_DATA_ATTR_TXCSUM, false); 3350 system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_UDP_ZERO_CSUM6_RX, VXLAN_DATA_ATTR_RXCSUM, true); 3351 system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_UDP_ZERO_CSUM6_TX, VXLAN_DATA_ATTR_TXCSUM, true); 3352 system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_LEARNING, VXLAN_DATA_ATTR_LEARNING, false); 3353 system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_RSC , VXLAN_DATA_ATTR_RSC, false); 3354 system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_PROXY , VXLAN_DATA_ATTR_PROXY, false); 3355 system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_L2MISS , VXLAN_DATA_ATTR_L2MISS, false); 3356 system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_L3MISS , VXLAN_DATA_ATTR_L3MISS, false); 3357 system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_GBP , VXLAN_DATA_ATTR_GBP, false); 3358 3359 if ((cur = tb_data[VXLAN_DATA_ATTR_AGEING])) { 3360 uint32_t ageing = blobmsg_get_u32(cur); 3361 nla_put_u32(msg, IFLA_VXLAN_AGEING, ageing); 3362 } 3363 3364 if ((cur = tb_data[VXLAN_DATA_ATTR_LIMIT])) { 3365 uint32_t maxaddress = blobmsg_get_u32(cur); 3366 nla_put_u32(msg, IFLA_VXLAN_LIMIT, maxaddress); 3367 } 3368 3369 if ((cur = tb[TUNNEL_ATTR_TOS])) { 3370 char *str = blobmsg_get_string(cur); 3371 unsigned tos = 1; 3372 3373 if (strcmp(str, "inherit")) { 3374 if (!system_tos_aton(str, &tos)) { 3375 ret = -EINVAL; 3376 goto failure; 3377 } 3378 } 3379 3380 nla_put_u8(msg, IFLA_VXLAN_TOS, tos); 3381 } 3382 3383 if ((cur = tb[TUNNEL_ATTR_TTL])) { 3384 uint32_t ttl = blobmsg_get_u32(cur); 3385 if (ttl < 1 || ttl > 255) { 3386 ret = -EINVAL; 3387 goto failure; 3388 } 3389 3390 nla_put_u8(msg, IFLA_VXLAN_TTL, ttl); 3391 } 3392 3393 nla_nest_end(msg, data); 3394 nla_nest_end(msg, linkinfo); 3395 3396 ret = system_rtnl_call(msg); 3397 if (ret) 3398 D(SYSTEM, "Error adding vxlan '%s': %d\n", name, ret); 3399 3400 return ret; 3401 3402 failure: 3403 nlmsg_free(msg); 3404 return ret; 3405 } 3406 #endif 3407 3408 static int system_add_sit_tunnel(const char *name, const unsigned int link, struct blob_attr **tb) 3409 { 3410 struct blob_attr *cur; 3411 int ret = 0; 3412 3413 if (system_add_proto_tunnel(name, IPPROTO_IPV6, link, tb) < 0) 3414 return -1; 3415 3416 #ifdef SIOCADD6RD 3417 if ((cur = tb[TUNNEL_ATTR_DATA])) { 3418 struct blob_attr *tb_data[__SIXRD_DATA_ATTR_MAX]; 3419 unsigned int mask; 3420 struct ip_tunnel_6rd p6; 3421 3422 blobmsg_parse(sixrd_data_attr_list.params, __SIXRD_DATA_ATTR_MAX, tb_data, 3423 blobmsg_data(cur), blobmsg_len(cur)); 3424 3425 memset(&p6, 0, sizeof(p6)); 3426 3427 if ((cur = tb_data[SIXRD_DATA_PREFIX])) { 3428 if (!parse_ip_and_netmask(AF_INET6, blobmsg_data(cur), 3429 &p6.prefix, &mask) || mask > 128) { 3430 ret = -EINVAL; 3431 goto failure; 3432 } 3433 3434 p6.prefixlen = mask; 3435 } 3436 3437 if ((cur = tb_data[SIXRD_DATA_RELAY_PREFIX])) { 3438 if (!parse_ip_and_netmask(AF_INET, blobmsg_data(cur), 3439 &p6.relay_prefix, &mask) || mask > 32) { 3440 ret = -EINVAL; 3441 goto failure; 3442 } 3443 3444 p6.relay_prefixlen = mask; 3445 } 3446 3447 if (tunnel_ioctl(name, SIOCADD6RD, &p6) < 0) { 3448 ret = -1; 3449 goto failure; 3450 } 3451 } 3452 #endif 3453 3454 return ret; 3455 3456 failure: 3457 __system_del_ip_tunnel(name, tb); 3458 return ret; 3459 } 3460 3461 static int system_add_proto_tunnel(const char *name, const uint8_t proto, const unsigned int link, struct blob_attr **tb) 3462 { 3463 struct blob_attr *cur; 3464 bool set_df = true; 3465 struct ip_tunnel_parm p = { 3466 .link = link, 3467 .iph = { 3468 .version = 4, 3469 .ihl = 5, 3470 .protocol = proto, 3471 } 3472 }; 3473 3474 if ((cur = tb[TUNNEL_ATTR_LOCAL]) && 3475 inet_pton(AF_INET, blobmsg_data(cur), &p.iph.saddr) < 1) 3476 return -EINVAL; 3477 3478 if ((cur = tb[TUNNEL_ATTR_REMOTE]) && 3479 inet_pton(AF_INET, blobmsg_data(cur), &p.iph.daddr) < 1) 3480 return -EINVAL; 3481 3482 if ((cur = tb[TUNNEL_ATTR_DF])) 3483 set_df = blobmsg_get_bool(cur); 3484 3485 if ((cur = tb[TUNNEL_ATTR_TTL])) 3486 p.iph.ttl = blobmsg_get_u32(cur); 3487 3488 if ((cur = tb[TUNNEL_ATTR_TOS])) { 3489 char *str = blobmsg_get_string(cur); 3490 if (strcmp(str, "inherit")) { 3491 unsigned uval; 3492 3493 if (!system_tos_aton(str, &uval)) 3494 return -EINVAL; 3495 3496 p.iph.tos = uval; 3497 } else 3498 p.iph.tos = 1; 3499 } 3500 3501 p.iph.frag_off = set_df ? htons(IP_DF) : 0; 3502 /* ttl !=0 and nopmtudisc are incompatible */ 3503 if (p.iph.ttl && p.iph.frag_off == 0) 3504 return -EINVAL; 3505 3506 strncpy(p.name, name, sizeof(p.name) - 1); 3507 3508 switch (p.iph.protocol) { 3509 case IPPROTO_IPIP: 3510 return tunnel_ioctl("tunl0", SIOCADDTUNNEL, &p); 3511 case IPPROTO_IPV6: 3512 return tunnel_ioctl("sit0", SIOCADDTUNNEL, &p); 3513 default: 3514 break; 3515 } 3516 return -1; 3517 } 3518 3519 static int __system_del_ip_tunnel(const char *name, struct blob_attr **tb) 3520 { 3521 struct blob_attr *cur; 3522 const char *str; 3523 3524 if (!(cur = tb[TUNNEL_ATTR_TYPE])) 3525 return -EINVAL; 3526 str = blobmsg_data(cur); 3527 3528 if (!strcmp(str, "greip") || !strcmp(str, "gretapip") || 3529 !strcmp(str, "greip6") || !strcmp(str, "gretapip6") || 3530 !strcmp(str, "vtiip") || !strcmp(str, "vtiip6") || 3531 !strcmp(str, "vxlan") || !strcmp(str, "vxlan6") || 3532 !strcmp(str, "xfrm")) 3533 return system_link_del(name); 3534 else 3535 return tunnel_ioctl(name, SIOCDELTUNNEL, NULL); 3536 } 3537 3538 int system_del_ip_tunnel(const char *name, struct blob_attr *attr) 3539 { 3540 struct blob_attr *tb[__TUNNEL_ATTR_MAX]; 3541 3542 blobmsg_parse(tunnel_attr_list.params, __TUNNEL_ATTR_MAX, tb, 3543 blob_data(attr), blob_len(attr)); 3544 3545 return __system_del_ip_tunnel(name, tb); 3546 } 3547 3548 int system_update_ipv6_mtu(struct device *dev, int mtu) 3549 { 3550 int ret = -1; 3551 char buf[64]; 3552 int fd; 3553 3554 snprintf(buf, sizeof(buf), "/proc/sys/net/ipv6/conf/%s/mtu", 3555 dev->ifname); 3556 3557 fd = open(buf, O_RDWR); 3558 if (fd < 0) 3559 return ret; 3560 3561 if (!mtu) { 3562 ssize_t len = read(fd, buf, sizeof(buf) - 1); 3563 if (len < 0) 3564 goto out; 3565 3566 buf[len] = 0; 3567 ret = atoi(buf); 3568 } else { 3569 if (write(fd, buf, snprintf(buf, sizeof(buf), "%i", mtu)) > 0) 3570 ret = mtu; 3571 } 3572 3573 out: 3574 close(fd); 3575 return ret; 3576 } 3577 3578 int system_add_ip_tunnel(const char *name, struct blob_attr *attr) 3579 { 3580 struct blob_attr *tb[__TUNNEL_ATTR_MAX]; 3581 struct blob_attr *cur; 3582 const char *str; 3583 3584 blobmsg_parse(tunnel_attr_list.params, __TUNNEL_ATTR_MAX, tb, 3585 blob_data(attr), blob_len(attr)); 3586 3587 __system_del_ip_tunnel(name, tb); 3588 3589 if (!(cur = tb[TUNNEL_ATTR_TYPE])) 3590 return -EINVAL; 3591 str = blobmsg_data(cur); 3592 3593 unsigned int ttl = 0; 3594 if ((cur = tb[TUNNEL_ATTR_TTL])) { 3595 ttl = blobmsg_get_u32(cur); 3596 if (ttl > 255) 3597 return -EINVAL; 3598 } 3599 3600 unsigned int link = 0; 3601 if ((cur = tb[TUNNEL_ATTR_LINK])) { 3602 struct interface *iface = vlist_find(&interfaces, blobmsg_data(cur), iface, node); 3603 if (!iface) 3604 return -EINVAL; 3605 3606 if (iface->l3_dev.dev) 3607 link = iface->l3_dev.dev->ifindex; 3608 } 3609 3610 if (!strcmp(str, "sit")) 3611 return system_add_sit_tunnel(name, link, tb); 3612 #ifdef IFLA_IPTUN_MAX 3613 else if (!strcmp(str, "ipip6")) { 3614 return system_add_ip6_tunnel(name, link, tb); 3615 } else if (!strcmp(str, "greip")) { 3616 return system_add_gre_tunnel(name, "gre", link, tb, false); 3617 } else if (!strcmp(str, "gretapip")) { 3618 return system_add_gre_tunnel(name, "gretap", link, tb, false); 3619 } else if (!strcmp(str, "greip6")) { 3620 return system_add_gre_tunnel(name, "ip6gre", link, tb, true); 3621 } else if (!strcmp(str, "gretapip6")) { 3622 return system_add_gre_tunnel(name, "ip6gretap", link, tb, true); 3623 #ifdef IFLA_VTI_MAX 3624 } else if (!strcmp(str, "vtiip")) { 3625 return system_add_vti_tunnel(name, "vti", link, tb, false); 3626 } else if (!strcmp(str, "vtiip6")) { 3627 return system_add_vti_tunnel(name, "vti6", link, tb, true); 3628 #endif 3629 #ifdef IFLA_XFRM_MAX 3630 } else if (!strcmp(str, "xfrm")) { 3631 return system_add_xfrm_tunnel(name, "xfrm", link, tb); 3632 #endif 3633 #ifdef IFLA_VXLAN_MAX 3634 } else if(!strcmp(str, "vxlan")) { 3635 return system_add_vxlan(name, link, tb, false); 3636 } else if(!strcmp(str, "vxlan6")) { 3637 return system_add_vxlan(name, link, tb, true); 3638 #endif 3639 #endif 3640 } else if (!strcmp(str, "ipip")) { 3641 return system_add_proto_tunnel(name, IPPROTO_IPIP, link, tb); 3642 } 3643 else 3644 return -EINVAL; 3645 3646 return 0; 3647 } 3648
This page was automatically generated by LXR 0.3.1. • OpenWrt