1 /* 2 * netifd - network interface daemon 3 * Copyright (C) 2012 Felix Fietkau <nbd@openwrt.org> 4 * Copyright (C) 2013 Jo-Philipp Wich <jow@openwrt.org> 5 * Copyright (C) 2013 Steven Barth <steven@midlink.org> 6 * Copyright (C) 2014 Gioacchino Mazzurco <gio@eigenlab.org> 7 * Copyright (C) 2017 Matthias Schiffer <mschiffer@universe-factory.net> 8 * Copyright (C) 2018 Hans Dedecker <dedeckeh@gmail.com> 9 * 10 * This program is free software; you can redistribute it and/or modify 11 * it under the terms of the GNU General Public License version 2 12 * as published by the Free Software Foundation 13 * 14 * This program is distributed in the hope that it will be useful, 15 * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 * GNU General Public License for more details. 18 */ 19 #define _GNU_SOURCE 20 21 #include <sys/socket.h> 22 #include <sys/ioctl.h> 23 #include <sys/stat.h> 24 #include <sys/syscall.h> 25 26 #include <net/if.h> 27 #include <net/if_arp.h> 28 29 #include <limits.h> 30 #include <arpa/inet.h> 31 #include <netinet/ether.h> 32 #include <netinet/in.h> 33 34 #include <linux/rtnetlink.h> 35 #include <linux/neighbour.h> 36 #include <linux/sockios.h> 37 #include <linux/ip.h> 38 #include <linux/if_addr.h> 39 #include <linux/if_link.h> 40 #include <linux/if_vlan.h> 41 #include <linux/if_bridge.h> 42 #include <linux/if_tunnel.h> 43 #include <linux/ip6_tunnel.h> 44 #include <linux/ethtool.h> 45 #include <linux/fib_rules.h> 46 #include <linux/veth.h> 47 #include <linux/version.h> 48 49 #include <sched.h> 50 51 #ifndef RTN_FAILED_POLICY 52 #define RTN_FAILED_POLICY 12 53 #endif 54 55 #ifndef IFA_F_NOPREFIXROUTE 56 #define IFA_F_NOPREFIXROUTE 0x200 57 #endif 58 59 #ifndef IFA_FLAGS 60 #define IFA_FLAGS (IFA_MULTICAST + 1) 61 #endif 62 63 #include <string.h> 64 #include <fcntl.h> 65 #include <glob.h> 66 #include <time.h> 67 #include <unistd.h> 68 69 #include <netlink/msg.h> 70 #include <netlink/attr.h> 71 #include <netlink/socket.h> 72 #include <libubox/uloop.h> 73 74 #include "netifd.h" 75 #include "device.h" 76 #include "system.h" 77 #include "utils.h" 78 79 struct event_socket { 80 struct uloop_fd uloop; 81 struct nl_sock *sock; 82 int bufsize; 83 }; 84 85 static int sock_ioctl = -1; 86 static struct nl_sock *sock_rtnl = NULL; 87 88 static int cb_rtnl_event(struct nl_msg *msg, void *arg); 89 static void handle_hotplug_event(struct uloop_fd *u, unsigned int events); 90 static int system_add_proto_tunnel(const char *name, const uint8_t proto, 91 const unsigned int link, struct blob_attr **tb); 92 static int __system_del_ip_tunnel(const char *name, struct blob_attr **tb); 93 94 static char dev_buf[256]; 95 96 static void 97 handler_nl_event(struct uloop_fd *u, unsigned int events) 98 { 99 struct event_socket *ev = container_of(u, struct event_socket, uloop); 100 int err; 101 socklen_t errlen = sizeof(err); 102 103 if (!u->error) { 104 nl_recvmsgs_default(ev->sock); 105 return; 106 } 107 108 if (getsockopt(u->fd, SOL_SOCKET, SO_ERROR, (void *)&err, &errlen)) 109 goto abort; 110 111 switch(err) { 112 case ENOBUFS: 113 /* Increase rx buffer size on netlink socket */ 114 ev->bufsize *= 2; 115 if (nl_socket_set_buffer_size(ev->sock, ev->bufsize, 0)) 116 goto abort; 117 118 /* Request full dump since some info got dropped */ 119 struct rtgenmsg msg = { .rtgen_family = AF_UNSPEC }; 120 nl_send_simple(ev->sock, RTM_GETLINK, NLM_F_DUMP, &msg, sizeof(msg)); 121 break; 122 123 default: 124 goto abort; 125 } 126 u->error = false; 127 return; 128 129 abort: 130 uloop_fd_delete(&ev->uloop); 131 return; 132 } 133 134 static struct nl_sock * 135 create_socket(int protocol, int groups) 136 { 137 struct nl_sock *sock; 138 139 sock = nl_socket_alloc(); 140 if (!sock) 141 return NULL; 142 143 if (groups) 144 nl_join_groups(sock, groups); 145 146 if (nl_connect(sock, protocol)) { 147 nl_socket_free(sock); 148 return NULL; 149 } 150 151 return sock; 152 } 153 154 static bool 155 create_raw_event_socket(struct event_socket *ev, int protocol, int groups, 156 uloop_fd_handler cb, int flags) 157 { 158 ev->sock = create_socket(protocol, groups); 159 if (!ev->sock) 160 return false; 161 162 ev->uloop.fd = nl_socket_get_fd(ev->sock); 163 ev->uloop.cb = cb; 164 if (uloop_fd_add(&ev->uloop, ULOOP_READ|flags)) 165 return false; 166 167 return true; 168 } 169 170 static bool 171 create_event_socket(struct event_socket *ev, int protocol, 172 int (*cb)(struct nl_msg *msg, void *arg)) 173 { 174 if (!create_raw_event_socket(ev, protocol, 0, handler_nl_event, ULOOP_ERROR_CB)) 175 return false; 176 177 /* Install the valid custom callback handler */ 178 nl_socket_modify_cb(ev->sock, NL_CB_VALID, NL_CB_CUSTOM, cb, NULL); 179 180 /* Disable sequence number checking on event sockets */ 181 nl_socket_disable_seq_check(ev->sock); 182 183 /* Increase rx buffer size to 65K on event sockets */ 184 ev->bufsize = 65535; 185 if (nl_socket_set_buffer_size(ev->sock, ev->bufsize, 0)) 186 return false; 187 188 return true; 189 } 190 191 static bool 192 create_hotplug_event_socket(struct event_socket *ev, int protocol, 193 void (*cb)(struct uloop_fd *u, unsigned int events)) 194 { 195 if (!create_raw_event_socket(ev, protocol, 1, cb, ULOOP_ERROR_CB)) 196 return false; 197 198 /* Increase rx buffer size to 65K on event sockets */ 199 ev->bufsize = 65535; 200 if (nl_socket_set_buffer_size(ev->sock, ev->bufsize, 0)) 201 return false; 202 203 return true; 204 } 205 206 static bool 207 system_rtn_aton(const char *src, unsigned int *dst) 208 { 209 char *e; 210 unsigned int n; 211 212 if (!strcmp(src, "local")) 213 n = RTN_LOCAL; 214 else if (!strcmp(src, "nat")) 215 n = RTN_NAT; 216 else if (!strcmp(src, "broadcast")) 217 n = RTN_BROADCAST; 218 else if (!strcmp(src, "anycast")) 219 n = RTN_ANYCAST; 220 else if (!strcmp(src, "multicast")) 221 n = RTN_MULTICAST; 222 else if (!strcmp(src, "prohibit")) 223 n = RTN_PROHIBIT; 224 else if (!strcmp(src, "unreachable")) 225 n = RTN_UNREACHABLE; 226 else if (!strcmp(src, "blackhole")) 227 n = RTN_BLACKHOLE; 228 else if (!strcmp(src, "xresolve")) 229 n = RTN_XRESOLVE; 230 else if (!strcmp(src, "unicast")) 231 n = RTN_UNICAST; 232 else if (!strcmp(src, "throw")) 233 n = RTN_THROW; 234 else if (!strcmp(src, "failed_policy")) 235 n = RTN_FAILED_POLICY; 236 else { 237 n = strtoul(src, &e, 0); 238 if (!e || *e || e == src || n > 255) 239 return false; 240 } 241 242 *dst = n; 243 return true; 244 } 245 246 static bool 247 system_tos_aton(const char *src, unsigned *dst) 248 { 249 char *e; 250 251 *dst = strtoul(src, &e, 16); 252 if (e == src || *e || *dst > 255) 253 return false; 254 255 return true; 256 } 257 258 int system_init(void) 259 { 260 static struct event_socket rtnl_event; 261 static struct event_socket hotplug_event; 262 263 sock_ioctl = socket(AF_LOCAL, SOCK_DGRAM, 0); 264 system_fd_set_cloexec(sock_ioctl); 265 266 /* Prepare socket for routing / address control */ 267 sock_rtnl = create_socket(NETLINK_ROUTE, 0); 268 if (!sock_rtnl) 269 return -1; 270 271 if (!create_event_socket(&rtnl_event, NETLINK_ROUTE, cb_rtnl_event)) 272 return -1; 273 274 if (!create_hotplug_event_socket(&hotplug_event, NETLINK_KOBJECT_UEVENT, 275 handle_hotplug_event)) 276 return -1; 277 278 /* Receive network link events form kernel */ 279 nl_socket_add_membership(rtnl_event.sock, RTNLGRP_LINK); 280 281 return 0; 282 } 283 284 static void system_set_sysctl(const char *path, const char *val) 285 { 286 int fd; 287 288 fd = open(path, O_WRONLY); 289 if (fd < 0) 290 return; 291 292 if (write(fd, val, strlen(val))) {} 293 close(fd); 294 } 295 296 static void system_set_dev_sysctl(const char *path, const char *device, const char *val) 297 { 298 snprintf(dev_buf, sizeof(dev_buf), path, device); 299 system_set_sysctl(dev_buf, val); 300 } 301 302 static void system_set_disable_ipv6(struct device *dev, const char *val) 303 { 304 system_set_dev_sysctl("/proc/sys/net/ipv6/conf/%s/disable_ipv6", dev->ifname, val); 305 } 306 307 static void system_set_rpfilter(struct device *dev, const char *val) 308 { 309 system_set_dev_sysctl("/proc/sys/net/ipv4/conf/%s/rp_filter", dev->ifname, val); 310 } 311 312 static void system_set_acceptlocal(struct device *dev, const char *val) 313 { 314 system_set_dev_sysctl("/proc/sys/net/ipv4/conf/%s/accept_local", dev->ifname, val); 315 } 316 317 static void system_set_igmpversion(struct device *dev, const char *val) 318 { 319 system_set_dev_sysctl("/proc/sys/net/ipv4/conf/%s/force_igmp_version", dev->ifname, val); 320 } 321 322 static void system_set_mldversion(struct device *dev, const char *val) 323 { 324 system_set_dev_sysctl("/proc/sys/net/ipv6/conf/%s/force_mld_version", dev->ifname, val); 325 } 326 327 static void system_set_neigh4reachabletime(struct device *dev, const char *val) 328 { 329 system_set_dev_sysctl("/proc/sys/net/ipv4/neigh/%s/base_reachable_time_ms", dev->ifname, val); 330 } 331 332 static void system_set_neigh6reachabletime(struct device *dev, const char *val) 333 { 334 system_set_dev_sysctl("/proc/sys/net/ipv6/neigh/%s/base_reachable_time_ms", dev->ifname, val); 335 } 336 337 static void system_set_neigh4gcstaletime(struct device *dev, const char *val) 338 { 339 system_set_dev_sysctl("/proc/sys/net/ipv4/neigh/%s/gc_stale_time", dev->ifname, val); 340 } 341 342 static void system_set_neigh6gcstaletime(struct device *dev, const char *val) 343 { 344 system_set_dev_sysctl("/proc/sys/net/ipv6/neigh/%s/gc_stale_time", dev->ifname, val); 345 } 346 347 static void system_set_neigh4locktime(struct device *dev, const char *val) 348 { 349 system_set_dev_sysctl("/proc/sys/net/ipv4/neigh/%s/locktime", dev->ifname, val); 350 } 351 352 static void system_set_dadtransmits(struct device *dev, const char *val) 353 { 354 system_set_dev_sysctl("/proc/sys/net/ipv6/conf/%s/dad_transmits", dev->ifname, val); 355 } 356 357 static void system_bridge_set_multicast_to_unicast(struct device *dev, const char *val) 358 { 359 system_set_dev_sysctl("/sys/class/net/%s/brport/multicast_to_unicast", dev->ifname, val); 360 } 361 362 static void system_bridge_set_multicast_fast_leave(struct device *dev, const char *val) 363 { 364 system_set_dev_sysctl("/sys/class/net/%s/brport/multicast_fast_leave", dev->ifname, val); 365 } 366 367 static void system_bridge_set_hairpin_mode(struct device *dev, const char *val) 368 { 369 system_set_dev_sysctl("/sys/class/net/%s/brport/hairpin_mode", dev->ifname, val); 370 } 371 372 static void system_bridge_set_isolated(struct device *dev, const char *val) 373 { 374 system_set_dev_sysctl("/sys/class/net/%s/brport/isolated", dev->ifname, val); 375 } 376 377 static void system_bridge_set_multicast_router(struct device *dev, const char *val, bool bridge) 378 { 379 system_set_dev_sysctl(bridge ? "/sys/class/net/%s/bridge/multicast_router" : 380 "/sys/class/net/%s/brport/multicast_router", 381 dev->ifname, val); 382 } 383 384 static void system_bridge_set_robustness(struct device *dev, const char *val) 385 { 386 system_set_dev_sysctl("/sys/devices/virtual/net/%s/bridge/multicast_startup_query_count", 387 dev->ifname, val); 388 system_set_dev_sysctl("/sys/devices/virtual/net/%s/bridge/multicast_last_member_count", 389 dev->ifname, val); 390 } 391 392 static void system_bridge_set_query_interval(struct device *dev, const char *val) 393 { 394 system_set_dev_sysctl("/sys/devices/virtual/net/%s/bridge/multicast_query_interval", 395 dev->ifname, val); 396 } 397 398 static void system_bridge_set_query_response_interval(struct device *dev, const char *val) 399 { 400 system_set_dev_sysctl("/sys/devices/virtual/net/%s/bridge/multicast_query_response_interval", 401 dev->ifname, val); 402 } 403 404 static void system_bridge_set_last_member_interval(struct device *dev, const char *val) 405 { 406 system_set_dev_sysctl("/sys/devices/virtual/net/%s/bridge/multicast_last_member_interval", 407 dev->ifname, val); 408 } 409 410 static void system_bridge_set_membership_interval(struct device *dev, const char *val) 411 { 412 system_set_dev_sysctl("/sys/devices/virtual/net/%s/bridge/multicast_membership_interval", 413 dev->ifname, val); 414 } 415 416 static void system_bridge_set_other_querier_timeout(struct device *dev, const char *val) 417 { 418 system_set_dev_sysctl("/sys/devices/virtual/net/%s/bridge/multicast_querier_interval", 419 dev->ifname, val); 420 } 421 422 static void system_bridge_set_startup_query_interval(struct device *dev, const char *val) 423 { 424 system_set_dev_sysctl("/sys/devices/virtual/net/%s/bridge/multicast_startup_query_interval", 425 dev->ifname, val); 426 } 427 428 static void system_bridge_set_stp_state(struct device *dev, const char *val) 429 { 430 system_set_dev_sysctl("/sys/devices/virtual/net/%s/bridge/stp_state", dev->ifname, val); 431 } 432 433 static void system_bridge_set_forward_delay(struct device *dev, const char *val) 434 { 435 system_set_dev_sysctl("/sys/devices/virtual/net/%s/bridge/forward_delay", dev->ifname, val); 436 } 437 438 static void system_bridge_set_priority(struct device *dev, const char *val) 439 { 440 system_set_dev_sysctl("/sys/devices/virtual/net/%s/bridge/priority", dev->ifname, val); 441 } 442 443 static void system_bridge_set_ageing_time(struct device *dev, const char *val) 444 { 445 system_set_dev_sysctl("/sys/devices/virtual/net/%s/bridge/ageing_time", dev->ifname, val); 446 } 447 448 static void system_bridge_set_hello_time(struct device *dev, const char *val) 449 { 450 system_set_dev_sysctl("/sys/devices/virtual/net/%s/bridge/hello_time", dev->ifname, val); 451 } 452 453 static void system_bridge_set_max_age(struct device *dev, const char *val) 454 { 455 system_set_dev_sysctl("/sys/devices/virtual/net/%s/bridge/max_age", dev->ifname, val); 456 } 457 458 static void system_bridge_set_learning(struct device *dev, const char *val) 459 { 460 system_set_dev_sysctl("/sys/class/net/%s/brport/learning", dev->ifname, val); 461 } 462 463 static void system_bridge_set_unicast_flood(struct device *dev, const char *val) 464 { 465 system_set_dev_sysctl("/sys/class/net/%s/brport/unicast_flood", dev->ifname, val); 466 } 467 468 static void system_set_sendredirects(struct device *dev, const char *val) 469 { 470 system_set_dev_sysctl("/proc/sys/net/ipv4/conf/%s/send_redirects", dev->ifname, val); 471 } 472 473 static void system_bridge_set_vlan_filtering(struct device *dev, const char *val) 474 { 475 system_set_dev_sysctl("/sys/devices/virtual/net/%s/bridge/vlan_filtering", dev->ifname, val); 476 } 477 478 static int system_get_sysctl(const char *path, char *buf, const size_t buf_sz) 479 { 480 int fd = -1, ret = -1; 481 482 fd = open(path, O_RDONLY); 483 if (fd < 0) 484 goto out; 485 486 ssize_t len = read(fd, buf, buf_sz - 1); 487 if (len < 0) 488 goto out; 489 490 ret = buf[len] = 0; 491 492 out: 493 if (fd >= 0) 494 close(fd); 495 496 return ret; 497 } 498 499 static int 500 system_get_dev_sysctl(const char *path, const char *device, char *buf, const size_t buf_sz) 501 { 502 snprintf(dev_buf, sizeof(dev_buf), path, device); 503 return system_get_sysctl(dev_buf, buf, buf_sz); 504 } 505 506 static int system_get_disable_ipv6(struct device *dev, char *buf, const size_t buf_sz) 507 { 508 return system_get_dev_sysctl("/proc/sys/net/ipv6/conf/%s/disable_ipv6", 509 dev->ifname, buf, buf_sz); 510 } 511 512 static int system_get_rpfilter(struct device *dev, char *buf, const size_t buf_sz) 513 { 514 return system_get_dev_sysctl("/proc/sys/net/ipv4/conf/%s/rp_filter", 515 dev->ifname, buf, buf_sz); 516 } 517 518 static int system_get_acceptlocal(struct device *dev, char *buf, const size_t buf_sz) 519 { 520 return system_get_dev_sysctl("/proc/sys/net/ipv4/conf/%s/accept_local", 521 dev->ifname, buf, buf_sz); 522 } 523 524 static int system_get_igmpversion(struct device *dev, char *buf, const size_t buf_sz) 525 { 526 return system_get_dev_sysctl("/proc/sys/net/ipv4/conf/%s/force_igmp_version", 527 dev->ifname, buf, buf_sz); 528 } 529 530 static int system_get_mldversion(struct device *dev, char *buf, const size_t buf_sz) 531 { 532 return system_get_dev_sysctl("/proc/sys/net/ipv6/conf/%s/force_mld_version", 533 dev->ifname, buf, buf_sz); 534 } 535 536 static int system_get_neigh4reachabletime(struct device *dev, char *buf, const size_t buf_sz) 537 { 538 return system_get_dev_sysctl("/proc/sys/net/ipv4/neigh/%s/base_reachable_time_ms", 539 dev->ifname, buf, buf_sz); 540 } 541 542 static int system_get_neigh6reachabletime(struct device *dev, char *buf, const size_t buf_sz) 543 { 544 return system_get_dev_sysctl("/proc/sys/net/ipv6/neigh/%s/base_reachable_time_ms", 545 dev->ifname, buf, buf_sz); 546 } 547 548 static int system_get_neigh4gcstaletime(struct device *dev, char *buf, const size_t buf_sz) 549 { 550 return system_get_dev_sysctl("/proc/sys/net/ipv4/neigh/%s/gc_stale_time", 551 dev->ifname, buf, buf_sz); 552 } 553 554 static int system_get_neigh6gcstaletime(struct device *dev, char *buf, const size_t buf_sz) 555 { 556 return system_get_dev_sysctl("/proc/sys/net/ipv6/neigh/%s/gc_stale_time", 557 dev->ifname, buf, buf_sz); 558 } 559 560 static int system_get_neigh4locktime(struct device *dev, char *buf, const size_t buf_sz) 561 { 562 return system_get_dev_sysctl("/proc/sys/net/ipv4/neigh/%s/locktime", 563 dev->ifname, buf, buf_sz); 564 } 565 566 static int system_get_dadtransmits(struct device *dev, char *buf, const size_t buf_sz) 567 { 568 return system_get_dev_sysctl("/proc/sys/net/ipv6/conf/%s/dad_transmits", 569 dev->ifname, buf, buf_sz); 570 } 571 572 static int system_get_sendredirects(struct device *dev, char *buf, const size_t buf_sz) 573 { 574 return system_get_dev_sysctl("/proc/sys/net/ipv4/conf/%s/send_redirects", 575 dev->ifname, buf, buf_sz); 576 } 577 578 /* Evaluate netlink messages */ 579 static int cb_rtnl_event(struct nl_msg *msg, void *arg) 580 { 581 struct nlmsghdr *nh = nlmsg_hdr(msg); 582 struct nlattr *nla[__IFLA_MAX]; 583 int link_state = 0; 584 char buf[10]; 585 586 if (nh->nlmsg_type != RTM_NEWLINK) 587 goto out; 588 589 nlmsg_parse(nh, sizeof(struct ifinfomsg), nla, __IFLA_MAX - 1, NULL); 590 if (!nla[IFLA_IFNAME]) 591 goto out; 592 593 struct device *dev = device_find(nla_data(nla[IFLA_IFNAME])); 594 if (!dev) 595 goto out; 596 597 if (!system_get_dev_sysctl("/sys/class/net/%s/carrier", dev->ifname, buf, sizeof(buf))) 598 link_state = strtoul(buf, NULL, 0); 599 600 if (dev->type == &simple_device_type) 601 device_set_present(dev, true); 602 603 device_set_link(dev, link_state ? true : false); 604 605 out: 606 return 0; 607 } 608 609 static void 610 handle_hotplug_msg(char *data, int size) 611 { 612 const char *subsystem = NULL, *interface = NULL, *interface_old = NULL; 613 char *cur, *end, *sep; 614 struct device *dev; 615 int skip; 616 bool add, move = false; 617 618 if (!strncmp(data, "add@", 4)) 619 add = true; 620 else if (!strncmp(data, "remove@", 7)) 621 add = false; 622 else if (!strncmp(data, "move@", 5)) { 623 add = true; 624 move = true; 625 } 626 else 627 return; 628 629 skip = strlen(data) + 1; 630 end = data + size; 631 632 for (cur = data + skip; cur < end; cur += skip) { 633 skip = strlen(cur) + 1; 634 635 sep = strchr(cur, '='); 636 if (!sep) 637 continue; 638 639 *sep = 0; 640 if (!strcmp(cur, "INTERFACE")) 641 interface = sep + 1; 642 else if (!strcmp(cur, "SUBSYSTEM")) { 643 subsystem = sep + 1; 644 if (strcmp(subsystem, "net") != 0) 645 return; 646 } else if (!strcmp(cur, "DEVPATH_OLD")) { 647 interface_old = strrchr(sep + 1, '/'); 648 if (interface_old) 649 interface_old++; 650 } 651 } 652 653 if (subsystem && interface) { 654 if (move && interface_old) 655 goto move; 656 else 657 goto found; 658 } 659 660 return; 661 662 move: 663 dev = device_find(interface_old); 664 if (!dev) 665 return; 666 667 if (dev->type != &simple_device_type) 668 goto found; 669 670 device_set_present(dev, false); 671 672 return; 673 674 found: 675 dev = device_find(interface); 676 if (!dev) 677 return; 678 679 if (dev->type != &simple_device_type) 680 return; 681 682 device_set_present(dev, add); 683 } 684 685 static void 686 handle_hotplug_event(struct uloop_fd *u, unsigned int events) 687 { 688 struct event_socket *ev = container_of(u, struct event_socket, uloop); 689 struct sockaddr_nl nla; 690 unsigned char *buf = NULL; 691 int size; 692 int err; 693 socklen_t errlen = sizeof(err); 694 695 if (!u->error) { 696 while ((size = nl_recv(ev->sock, &nla, &buf, NULL)) > 0) { 697 if (nla.nl_pid == 0) 698 handle_hotplug_msg((char *) buf, size); 699 700 free(buf); 701 } 702 return; 703 } 704 705 if (getsockopt(u->fd, SOL_SOCKET, SO_ERROR, (void *)&err, &errlen)) 706 goto abort; 707 708 switch(err) { 709 case ENOBUFS: 710 /* Increase rx buffer size on netlink socket */ 711 ev->bufsize *= 2; 712 if (nl_socket_set_buffer_size(ev->sock, ev->bufsize, 0)) 713 goto abort; 714 break; 715 716 default: 717 goto abort; 718 } 719 u->error = false; 720 return; 721 722 abort: 723 uloop_fd_delete(&ev->uloop); 724 return; 725 } 726 727 static int system_rtnl_call(struct nl_msg *msg) 728 { 729 int ret; 730 731 ret = nl_send_auto_complete(sock_rtnl, msg); 732 nlmsg_free(msg); 733 734 if (ret < 0) 735 return ret; 736 737 return nl_wait_for_ack(sock_rtnl); 738 } 739 740 int system_bridge_delbr(struct device *bridge) 741 { 742 return ioctl(sock_ioctl, SIOCBRDELBR, bridge->ifname); 743 } 744 745 static int system_bridge_if(const char *bridge, struct device *dev, int cmd, void *data) 746 { 747 struct ifreq ifr; 748 749 memset(&ifr, 0, sizeof(ifr)); 750 if (dev) 751 ifr.ifr_ifindex = dev->ifindex; 752 else 753 ifr.ifr_data = data; 754 strncpy(ifr.ifr_name, bridge, sizeof(ifr.ifr_name) - 1); 755 return ioctl(sock_ioctl, cmd, &ifr); 756 } 757 758 static bool system_is_bridge(const char *name, char *buf, int buflen) 759 { 760 struct stat st; 761 762 snprintf(buf, buflen, "/sys/devices/virtual/net/%s/bridge", name); 763 if (stat(buf, &st) < 0) 764 return false; 765 766 return true; 767 } 768 769 static char *system_get_bridge(const char *name, char *buf, int buflen) 770 { 771 char *path; 772 ssize_t len = -1; 773 glob_t gl; 774 775 snprintf(buf, buflen, "/sys/devices/virtual/net/*/brif/%s/bridge", name); 776 if (glob(buf, GLOB_NOSORT, NULL, &gl) < 0) 777 return NULL; 778 779 if (gl.gl_pathc > 0) 780 len = readlink(gl.gl_pathv[0], buf, buflen); 781 782 globfree(&gl); 783 784 if (len < 0) 785 return NULL; 786 787 buf[len] = 0; 788 path = strrchr(buf, '/'); 789 if (!path) 790 return NULL; 791 792 return path + 1; 793 } 794 795 static void 796 system_bridge_set_wireless(struct device *bridge, struct device *dev) 797 { 798 bool mcast_to_ucast = dev->wireless_ap; 799 bool hairpin = true; 800 801 if (bridge->settings.flags & DEV_OPT_MULTICAST_TO_UNICAST && 802 !bridge->settings.multicast_to_unicast) 803 mcast_to_ucast = false; 804 805 if (!mcast_to_ucast || dev->wireless_isolate) 806 hairpin = false; 807 808 system_bridge_set_multicast_to_unicast(dev, mcast_to_ucast ? "1" : ""); 809 system_bridge_set_hairpin_mode(dev, hairpin ? "1" : ""); 810 } 811 812 int system_bridge_addif(struct device *bridge, struct device *dev) 813 { 814 char buf[64]; 815 char *oldbr; 816 int tries = 0; 817 int ret; 818 819 retry: 820 ret = 0; 821 oldbr = system_get_bridge(dev->ifname, dev_buf, sizeof(dev_buf)); 822 if (!oldbr || strcmp(oldbr, bridge->ifname) != 0) { 823 ret = system_bridge_if(bridge->ifname, dev, SIOCBRADDIF, NULL); 824 tries++; 825 D(SYSTEM, "Failed to add device '%s' to bridge '%s' (tries=%d): %s\n", 826 dev->ifname, bridge->ifname, tries, strerror(errno)); 827 if (tries <= 3) 828 goto retry; 829 } 830 831 if (dev->wireless) 832 system_bridge_set_wireless(bridge, dev); 833 834 if (dev->settings.flags & DEV_OPT_MULTICAST_ROUTER) { 835 snprintf(buf, sizeof(buf), "%u", dev->settings.multicast_router); 836 system_bridge_set_multicast_router(dev, buf, false); 837 } 838 839 if (dev->settings.flags & DEV_OPT_MULTICAST_FAST_LEAVE && 840 dev->settings.multicast_fast_leave) 841 system_bridge_set_multicast_fast_leave(dev, "1"); 842 843 if (dev->settings.flags & DEV_OPT_LEARNING && 844 !dev->settings.learning) 845 system_bridge_set_learning(dev, ""); 846 847 if (dev->settings.flags & DEV_OPT_UNICAST_FLOOD && 848 !dev->settings.unicast_flood) 849 system_bridge_set_unicast_flood(dev, ""); 850 851 if (dev->settings.flags & DEV_OPT_ISOLATE && 852 dev->settings.isolate) 853 system_bridge_set_isolated(dev, "1"); 854 855 return ret; 856 } 857 858 int system_bridge_delif(struct device *bridge, struct device *dev) 859 { 860 return system_bridge_if(bridge->ifname, dev, SIOCBRDELIF, NULL); 861 } 862 863 int system_bridge_vlan(const char *iface, uint16_t vid, bool add, unsigned int vflags) 864 { 865 struct ifinfomsg ifi = { .ifi_family = PF_BRIDGE, }; 866 struct bridge_vlan_info vinfo = { .vid = vid, }; 867 unsigned short flags = 0; 868 struct nlattr *afspec; 869 struct nl_msg *nlm; 870 int ret = 0; 871 872 ifi.ifi_index = if_nametoindex(iface); 873 if (!ifi.ifi_index) 874 return -1; 875 876 nlm = nlmsg_alloc_simple(add ? RTM_SETLINK : RTM_DELLINK, NLM_F_REQUEST); 877 if (!nlm) 878 return -1; 879 880 nlmsg_append(nlm, &ifi, sizeof(ifi), 0); 881 882 if (vflags & BRVLAN_F_SELF) 883 flags |= BRIDGE_FLAGS_SELF; 884 885 if (vflags & BRVLAN_F_PVID) 886 vinfo.flags |= BRIDGE_VLAN_INFO_PVID; 887 888 if (vflags & BRVLAN_F_UNTAGGED) 889 vinfo.flags |= BRIDGE_VLAN_INFO_UNTAGGED; 890 891 afspec = nla_nest_start(nlm, IFLA_AF_SPEC); 892 if (!afspec) { 893 ret = -ENOMEM; 894 goto failure; 895 } 896 897 if (flags) 898 nla_put_u16(nlm, IFLA_BRIDGE_FLAGS, flags); 899 900 nla_put(nlm, IFLA_BRIDGE_VLAN_INFO, sizeof(vinfo), &vinfo); 901 nla_nest_end(nlm, afspec); 902 903 return system_rtnl_call(nlm); 904 905 failure: 906 nlmsg_free(nlm); 907 return ret; 908 } 909 910 int system_if_resolve(struct device *dev) 911 { 912 struct ifreq ifr; 913 914 memset(&ifr, 0, sizeof(ifr)); 915 strncpy(ifr.ifr_name, dev->ifname, sizeof(ifr.ifr_name) - 1); 916 if (!ioctl(sock_ioctl, SIOCGIFINDEX, &ifr)) 917 return ifr.ifr_ifindex; 918 else 919 return 0; 920 } 921 922 static int system_if_flags(const char *ifname, unsigned add, unsigned rem) 923 { 924 struct ifreq ifr; 925 926 memset(&ifr, 0, sizeof(ifr)); 927 strncpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name) - 1); 928 if (ioctl(sock_ioctl, SIOCGIFFLAGS, &ifr) < 0) 929 return -1; 930 931 ifr.ifr_flags |= add; 932 ifr.ifr_flags &= ~rem; 933 return ioctl(sock_ioctl, SIOCSIFFLAGS, &ifr); 934 } 935 936 struct clear_data { 937 struct nl_msg *msg; 938 struct device *dev; 939 int type; 940 int size; 941 int af; 942 }; 943 944 945 static bool check_ifaddr(struct nlmsghdr *hdr, int ifindex) 946 { 947 struct ifaddrmsg *ifa = NLMSG_DATA(hdr); 948 949 return ifa->ifa_index == ifindex; 950 } 951 952 static bool check_route(struct nlmsghdr *hdr, int ifindex) 953 { 954 struct rtmsg *r = NLMSG_DATA(hdr); 955 struct nlattr *tb[__RTA_MAX]; 956 957 if (r->rtm_protocol == RTPROT_KERNEL && 958 r->rtm_family == AF_INET6) 959 return false; 960 961 nlmsg_parse(hdr, sizeof(struct rtmsg), tb, __RTA_MAX - 1, NULL); 962 if (!tb[RTA_OIF]) 963 return false; 964 965 return *(int *)RTA_DATA(tb[RTA_OIF]) == ifindex; 966 } 967 968 static bool check_rule(struct nlmsghdr *hdr, int ifindex) 969 { 970 return true; 971 } 972 973 static int cb_clear_event(struct nl_msg *msg, void *arg) 974 { 975 struct clear_data *clr = arg; 976 struct nlmsghdr *hdr = nlmsg_hdr(msg); 977 bool (*cb)(struct nlmsghdr *, int ifindex); 978 int type, ret; 979 980 switch(clr->type) { 981 case RTM_GETADDR: 982 type = RTM_DELADDR; 983 if (hdr->nlmsg_type != RTM_NEWADDR) 984 return NL_SKIP; 985 986 cb = check_ifaddr; 987 break; 988 case RTM_GETROUTE: 989 type = RTM_DELROUTE; 990 if (hdr->nlmsg_type != RTM_NEWROUTE) 991 return NL_SKIP; 992 993 cb = check_route; 994 break; 995 case RTM_GETRULE: 996 type = RTM_DELRULE; 997 if (hdr->nlmsg_type != RTM_NEWRULE) 998 return NL_SKIP; 999 1000 cb = check_rule; 1001 break; 1002 default: 1003 return NL_SKIP; 1004 } 1005 1006 if (!cb(hdr, clr->dev ? clr->dev->ifindex : 0)) 1007 return NL_SKIP; 1008 1009 if (type == RTM_DELRULE) 1010 D(SYSTEM, "Remove a rule\n"); 1011 else 1012 D(SYSTEM, "Remove %s from device %s\n", 1013 type == RTM_DELADDR ? "an address" : "a route", 1014 clr->dev->ifname); 1015 1016 memcpy(nlmsg_hdr(clr->msg), hdr, hdr->nlmsg_len); 1017 hdr = nlmsg_hdr(clr->msg); 1018 hdr->nlmsg_type = type; 1019 hdr->nlmsg_flags = NLM_F_REQUEST; 1020 1021 nl_socket_disable_auto_ack(sock_rtnl); 1022 ret = nl_send_auto_complete(sock_rtnl, clr->msg); 1023 if (ret < 0) { 1024 if (type == RTM_DELRULE) 1025 D(SYSTEM, "Error deleting a rule: %d\n", ret); 1026 else 1027 D(SYSTEM, "Error deleting %s from device '%s': %d\n", 1028 type == RTM_DELADDR ? "an address" : "a route", 1029 clr->dev->ifname, ret); 1030 } 1031 1032 nl_socket_enable_auto_ack(sock_rtnl); 1033 1034 return NL_SKIP; 1035 } 1036 1037 static int 1038 cb_finish_event(struct nl_msg *msg, void *arg) 1039 { 1040 int *pending = arg; 1041 *pending = 0; 1042 return NL_STOP; 1043 } 1044 1045 static int 1046 error_handler(struct sockaddr_nl *nla, struct nlmsgerr *err, void *arg) 1047 { 1048 int *pending = arg; 1049 *pending = err->error; 1050 return NL_STOP; 1051 } 1052 1053 static void 1054 system_if_clear_entries(struct device *dev, int type, int af) 1055 { 1056 struct clear_data clr; 1057 struct nl_cb *cb; 1058 struct rtmsg rtm = { 1059 .rtm_family = af, 1060 .rtm_flags = RTM_F_CLONED, 1061 }; 1062 int flags = NLM_F_DUMP; 1063 int pending = 1; 1064 1065 clr.af = af; 1066 clr.dev = dev; 1067 clr.type = type; 1068 switch (type) { 1069 case RTM_GETADDR: 1070 case RTM_GETRULE: 1071 clr.size = sizeof(struct rtgenmsg); 1072 break; 1073 case RTM_GETROUTE: 1074 clr.size = sizeof(struct rtmsg); 1075 break; 1076 default: 1077 return; 1078 } 1079 1080 cb = nl_cb_alloc(NL_CB_DEFAULT); 1081 if (!cb) 1082 return; 1083 1084 clr.msg = nlmsg_alloc_simple(type, flags); 1085 if (!clr.msg) 1086 goto out; 1087 1088 nlmsg_append(clr.msg, &rtm, clr.size, 0); 1089 nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM, cb_clear_event, &clr); 1090 nl_cb_set(cb, NL_CB_FINISH, NL_CB_CUSTOM, cb_finish_event, &pending); 1091 nl_cb_err(cb, NL_CB_CUSTOM, error_handler, &pending); 1092 1093 if (nl_send_auto_complete(sock_rtnl, clr.msg) < 0) 1094 goto free; 1095 1096 while (pending > 0) 1097 nl_recvmsgs(sock_rtnl, cb); 1098 1099 free: 1100 nlmsg_free(clr.msg); 1101 out: 1102 nl_cb_put(cb); 1103 } 1104 1105 /* 1106 * Clear bridge (membership) state and bring down device 1107 */ 1108 void system_if_clear_state(struct device *dev) 1109 { 1110 static char buf[256]; 1111 char *bridge; 1112 device_set_ifindex(dev, system_if_resolve(dev)); 1113 1114 if (dev->external || !dev->ifindex) 1115 return; 1116 1117 system_if_flags(dev->ifname, 0, IFF_UP); 1118 1119 if (system_is_bridge(dev->ifname, buf, sizeof(buf))) { 1120 D(SYSTEM, "Delete existing bridge named '%s'\n", dev->ifname); 1121 system_bridge_delbr(dev); 1122 return; 1123 } 1124 1125 bridge = system_get_bridge(dev->ifname, buf, sizeof(buf)); 1126 if (bridge) { 1127 D(SYSTEM, "Remove device '%s' from bridge '%s'\n", dev->ifname, bridge); 1128 system_bridge_if(bridge, dev, SIOCBRDELIF, NULL); 1129 } 1130 1131 system_if_clear_entries(dev, RTM_GETROUTE, AF_INET); 1132 system_if_clear_entries(dev, RTM_GETADDR, AF_INET); 1133 system_if_clear_entries(dev, RTM_GETROUTE, AF_INET6); 1134 system_if_clear_entries(dev, RTM_GETADDR, AF_INET6); 1135 system_if_clear_entries(dev, RTM_GETNEIGH, AF_INET); 1136 system_if_clear_entries(dev, RTM_GETNEIGH, AF_INET6); 1137 system_set_disable_ipv6(dev, ""); 1138 } 1139 1140 static inline unsigned long 1141 sec_to_jiffies(int val) 1142 { 1143 return (unsigned long) val * 100; 1144 } 1145 1146 static void system_bridge_conf_multicast_deps(struct device *bridge, 1147 struct bridge_config *cfg, 1148 char *buf, 1149 int buf_len) 1150 { 1151 int val; 1152 1153 if (cfg->flags & BRIDGE_OPT_ROBUSTNESS || 1154 cfg->flags & BRIDGE_OPT_QUERY_INTERVAL || 1155 cfg->flags & BRIDGE_OPT_QUERY_RESPONSE_INTERVAL) { 1156 val = cfg->robustness * cfg->query_interval + 1157 cfg->query_response_interval; 1158 1159 snprintf(buf, buf_len, "%i", val); 1160 system_bridge_set_membership_interval(bridge, buf); 1161 1162 val = cfg->robustness * cfg->query_interval + 1163 cfg->query_response_interval / 2; 1164 1165 snprintf(buf, buf_len, "%i", val); 1166 system_bridge_set_other_querier_timeout(bridge, buf); 1167 } 1168 1169 if (cfg->flags & BRIDGE_OPT_QUERY_INTERVAL) { 1170 val = cfg->query_interval / 4; 1171 1172 snprintf(buf, buf_len, "%i", val); 1173 system_bridge_set_startup_query_interval(bridge, buf); 1174 } 1175 } 1176 1177 static void system_bridge_conf_multicast(struct device *bridge, 1178 struct bridge_config *cfg, 1179 char *buf, 1180 int buf_len) 1181 { 1182 system_set_dev_sysctl("/sys/devices/virtual/net/%s/bridge/multicast_snooping", 1183 bridge->ifname, cfg->igmp_snoop ? "1" : ""); 1184 1185 system_set_dev_sysctl("/sys/devices/virtual/net/%s/bridge/multicast_querier", 1186 bridge->ifname, cfg->multicast_querier ? "1" : ""); 1187 1188 snprintf(buf, buf_len, "%i", cfg->hash_max); 1189 system_set_dev_sysctl("/sys/devices/virtual/net/%s/bridge/hash_max", 1190 bridge->ifname, buf); 1191 1192 if (bridge->settings.flags & DEV_OPT_MULTICAST_ROUTER) { 1193 snprintf(buf, buf_len, "%u", bridge->settings.multicast_router); 1194 system_bridge_set_multicast_router(bridge, buf, true); 1195 } 1196 1197 if (cfg->flags & BRIDGE_OPT_ROBUSTNESS) { 1198 snprintf(buf, buf_len, "%i", cfg->robustness); 1199 system_bridge_set_robustness(bridge, buf); 1200 } 1201 1202 if (cfg->flags & BRIDGE_OPT_QUERY_INTERVAL) { 1203 snprintf(buf, buf_len, "%i", cfg->query_interval); 1204 system_bridge_set_query_interval(bridge, buf); 1205 } 1206 1207 if (cfg->flags & BRIDGE_OPT_QUERY_RESPONSE_INTERVAL) { 1208 snprintf(buf, buf_len, "%i", cfg->query_response_interval); 1209 system_bridge_set_query_response_interval(bridge, buf); 1210 } 1211 1212 if (cfg->flags & BRIDGE_OPT_LAST_MEMBER_INTERVAL) { 1213 snprintf(buf, buf_len, "%i", cfg->last_member_interval); 1214 system_bridge_set_last_member_interval(bridge, buf); 1215 } 1216 1217 system_bridge_conf_multicast_deps(bridge, cfg, buf, buf_len); 1218 } 1219 1220 int system_bridge_addbr(struct device *bridge, struct bridge_config *cfg) 1221 { 1222 char buf[64]; 1223 1224 if (ioctl(sock_ioctl, SIOCBRADDBR, bridge->ifname) < 0) 1225 return -1; 1226 1227 system_bridge_set_stp_state(bridge, cfg->stp ? "1" : ""); 1228 1229 snprintf(buf, sizeof(buf), "%lu", sec_to_jiffies(cfg->forward_delay)); 1230 system_bridge_set_forward_delay(bridge, buf); 1231 1232 system_bridge_conf_multicast(bridge, cfg, buf, sizeof(buf)); 1233 system_bridge_set_vlan_filtering(bridge, cfg->vlan_filtering ? "1" : ""); 1234 1235 snprintf(buf, sizeof(buf), "%d", cfg->priority); 1236 system_bridge_set_priority(bridge, buf); 1237 1238 if (cfg->flags & BRIDGE_OPT_AGEING_TIME) { 1239 snprintf(buf, sizeof(buf), "%lu", sec_to_jiffies(cfg->ageing_time)); 1240 system_bridge_set_ageing_time(bridge, buf); 1241 } 1242 1243 if (cfg->flags & BRIDGE_OPT_HELLO_TIME) { 1244 snprintf(buf, sizeof(buf), "%lu", sec_to_jiffies(cfg->hello_time)); 1245 system_bridge_set_hello_time(bridge, buf); 1246 } 1247 1248 if (cfg->flags & BRIDGE_OPT_MAX_AGE) { 1249 snprintf(buf, sizeof(buf), "%lu", sec_to_jiffies(cfg->max_age)); 1250 system_bridge_set_max_age(bridge, buf); 1251 } 1252 1253 return 0; 1254 } 1255 1256 int system_macvlan_add(struct device *macvlan, struct device *dev, struct macvlan_config *cfg) 1257 { 1258 struct nl_msg *msg; 1259 struct nlattr *linkinfo, *data; 1260 struct ifinfomsg iim = { .ifi_family = AF_UNSPEC, }; 1261 int i, rv; 1262 static const struct { 1263 const char *name; 1264 enum macvlan_mode val; 1265 } modes[] = { 1266 { "private", MACVLAN_MODE_PRIVATE }, 1267 { "vepa", MACVLAN_MODE_VEPA }, 1268 { "bridge", MACVLAN_MODE_BRIDGE }, 1269 { "passthru", MACVLAN_MODE_PASSTHRU }, 1270 }; 1271 1272 msg = nlmsg_alloc_simple(RTM_NEWLINK, NLM_F_REQUEST | NLM_F_CREATE | NLM_F_EXCL); 1273 1274 if (!msg) 1275 return -1; 1276 1277 nlmsg_append(msg, &iim, sizeof(iim), 0); 1278 1279 if (cfg->flags & MACVLAN_OPT_MACADDR) 1280 nla_put(msg, IFLA_ADDRESS, sizeof(cfg->macaddr), cfg->macaddr); 1281 nla_put_string(msg, IFLA_IFNAME, macvlan->ifname); 1282 nla_put_u32(msg, IFLA_LINK, dev->ifindex); 1283 1284 if (!(linkinfo = nla_nest_start(msg, IFLA_LINKINFO))) 1285 goto nla_put_failure; 1286 1287 nla_put_string(msg, IFLA_INFO_KIND, "macvlan"); 1288 1289 if (!(data = nla_nest_start(msg, IFLA_INFO_DATA))) 1290 goto nla_put_failure; 1291 1292 if (cfg->mode) { 1293 for (i = 0; i < ARRAY_SIZE(modes); i++) { 1294 if (strcmp(cfg->mode, modes[i].name) != 0) 1295 continue; 1296 1297 nla_put_u32(msg, IFLA_MACVLAN_MODE, modes[i].val); 1298 break; 1299 } 1300 } 1301 1302 nla_nest_end(msg, data); 1303 nla_nest_end(msg, linkinfo); 1304 1305 rv = system_rtnl_call(msg); 1306 if (rv) 1307 D(SYSTEM, "Error adding macvlan '%s' over '%s': %d\n", macvlan->ifname, dev->ifname, rv); 1308 1309 return rv; 1310 1311 nla_put_failure: 1312 nlmsg_free(msg); 1313 return -ENOMEM; 1314 } 1315 1316 int system_link_netns_move(struct device *dev, int netns_fd, const char *target_ifname) 1317 { 1318 struct nl_msg *msg; 1319 struct ifinfomsg iim = { 1320 .ifi_family = AF_UNSPEC, 1321 }; 1322 1323 if (!dev) 1324 return -1; 1325 1326 iim.ifi_index = system_if_resolve(dev); 1327 msg = nlmsg_alloc_simple(RTM_NEWLINK, NLM_F_REQUEST); 1328 1329 if (!msg) 1330 return -1; 1331 1332 nlmsg_append(msg, &iim, sizeof(iim), 0); 1333 if (target_ifname) 1334 nla_put_string(msg, IFLA_IFNAME, target_ifname); 1335 1336 nla_put_u32(msg, IFLA_NET_NS_FD, netns_fd); 1337 return system_rtnl_call(msg); 1338 } 1339 1340 static int system_link_del(const char *ifname) 1341 { 1342 struct nl_msg *msg; 1343 struct ifinfomsg iim = { 1344 .ifi_family = AF_UNSPEC, 1345 .ifi_index = 0, 1346 }; 1347 1348 msg = nlmsg_alloc_simple(RTM_DELLINK, NLM_F_REQUEST); 1349 1350 if (!msg) 1351 return -1; 1352 1353 nlmsg_append(msg, &iim, sizeof(iim), 0); 1354 nla_put_string(msg, IFLA_IFNAME, ifname); 1355 return system_rtnl_call(msg); 1356 } 1357 1358 int system_macvlan_del(struct device *macvlan) 1359 { 1360 return system_link_del(macvlan->ifname); 1361 } 1362 1363 int system_netns_open(const pid_t target_ns) 1364 { 1365 char pid_net_path[PATH_MAX]; 1366 1367 snprintf(pid_net_path, sizeof(pid_net_path), "/proc/%u/ns/net", target_ns); 1368 1369 return open(pid_net_path, O_RDONLY); 1370 } 1371 1372 int system_netns_set(int netns_fd) 1373 { 1374 return setns(netns_fd, CLONE_NEWNET); 1375 } 1376 1377 int system_veth_add(struct device *veth, struct veth_config *cfg) 1378 { 1379 struct nl_msg *msg; 1380 struct ifinfomsg empty_iim = {}; 1381 struct nlattr *linkinfo, *data, *veth_info; 1382 int rv; 1383 1384 msg = nlmsg_alloc_simple(RTM_NEWLINK, NLM_F_REQUEST | NLM_F_CREATE | NLM_F_EXCL); 1385 1386 if (!msg) 1387 return -1; 1388 1389 nlmsg_append(msg, &empty_iim, sizeof(empty_iim), 0); 1390 1391 if (cfg->flags & VETH_OPT_MACADDR) 1392 nla_put(msg, IFLA_ADDRESS, sizeof(cfg->macaddr), cfg->macaddr); 1393 nla_put_string(msg, IFLA_IFNAME, veth->ifname); 1394 1395 if (!(linkinfo = nla_nest_start(msg, IFLA_LINKINFO))) 1396 goto nla_put_failure; 1397 1398 nla_put_string(msg, IFLA_INFO_KIND, "veth"); 1399 1400 if (!(data = nla_nest_start(msg, IFLA_INFO_DATA))) 1401 goto nla_put_failure; 1402 1403 if (!(veth_info = nla_nest_start(msg, VETH_INFO_PEER))) 1404 goto nla_put_failure; 1405 1406 nlmsg_append(msg, &empty_iim, sizeof(empty_iim), 0); 1407 1408 if (cfg->flags & VETH_OPT_PEER_NAME) 1409 nla_put_string(msg, IFLA_IFNAME, cfg->peer_name); 1410 if (cfg->flags & VETH_OPT_PEER_MACADDR) 1411 nla_put(msg, IFLA_ADDRESS, sizeof(cfg->peer_macaddr), cfg->peer_macaddr); 1412 1413 nla_nest_end(msg, veth_info); 1414 nla_nest_end(msg, data); 1415 nla_nest_end(msg, linkinfo); 1416 1417 rv = system_rtnl_call(msg); 1418 if (rv) { 1419 if (cfg->flags & VETH_OPT_PEER_NAME) 1420 D(SYSTEM, "Error adding veth '%s' with peer '%s': %d\n", veth->ifname, cfg->peer_name, rv); 1421 else 1422 D(SYSTEM, "Error adding veth '%s': %d\n", veth->ifname, rv); 1423 } 1424 1425 return rv; 1426 1427 nla_put_failure: 1428 nlmsg_free(msg); 1429 return -ENOMEM; 1430 } 1431 1432 int system_veth_del(struct device *veth) 1433 { 1434 return system_link_del(veth->ifname); 1435 } 1436 1437 static int system_vlan(struct device *dev, int id) 1438 { 1439 struct vlan_ioctl_args ifr = { 1440 .cmd = SET_VLAN_NAME_TYPE_CMD, 1441 .u.name_type = VLAN_NAME_TYPE_RAW_PLUS_VID_NO_PAD, 1442 }; 1443 1444 if (ioctl(sock_ioctl, SIOCSIFVLAN, &ifr) < 0) 1445 return -1; 1446 1447 if (id < 0) { 1448 ifr.cmd = DEL_VLAN_CMD; 1449 ifr.u.VID = 0; 1450 } else { 1451 ifr.cmd = ADD_VLAN_CMD; 1452 ifr.u.VID = id; 1453 } 1454 strncpy(ifr.device1, dev->ifname, sizeof(ifr.device1)); 1455 return ioctl(sock_ioctl, SIOCSIFVLAN, &ifr); 1456 } 1457 1458 int system_vlan_add(struct device *dev, int id) 1459 { 1460 return system_vlan(dev, id); 1461 } 1462 1463 int system_vlan_del(struct device *dev) 1464 { 1465 return system_vlan(dev, -1); 1466 } 1467 1468 int system_vlandev_add(struct device *vlandev, struct device *dev, struct vlandev_config *cfg) 1469 { 1470 struct nl_msg *msg; 1471 struct nlattr *linkinfo, *data, *qos; 1472 struct ifinfomsg iim = { .ifi_family = AF_UNSPEC }; 1473 struct vlan_qos_mapping *elem; 1474 struct ifla_vlan_qos_mapping nl_qos_map; 1475 int rv; 1476 1477 msg = nlmsg_alloc_simple(RTM_NEWLINK, NLM_F_REQUEST | NLM_F_CREATE | NLM_F_EXCL); 1478 1479 if (!msg) 1480 return -1; 1481 1482 nlmsg_append(msg, &iim, sizeof(iim), 0); 1483 nla_put_string(msg, IFLA_IFNAME, vlandev->ifname); 1484 nla_put_u32(msg, IFLA_LINK, dev->ifindex); 1485 1486 if (!(linkinfo = nla_nest_start(msg, IFLA_LINKINFO))) 1487 goto nla_put_failure; 1488 1489 nla_put_string(msg, IFLA_INFO_KIND, "vlan"); 1490 1491 if (!(data = nla_nest_start(msg, IFLA_INFO_DATA))) 1492 goto nla_put_failure; 1493 1494 nla_put_u16(msg, IFLA_VLAN_ID, cfg->vid); 1495 1496 #if LINUX_VERSION_CODE >= KERNEL_VERSION(3,10,0) 1497 nla_put_u16(msg, IFLA_VLAN_PROTOCOL, htons(cfg->proto)); 1498 #else 1499 if(cfg->proto == VLAN_PROTO_8021AD) 1500 netifd_log_message(L_WARNING, "%s Your kernel is older than linux 3.10.0, 802.1ad is not supported defaulting to 802.1q", vlandev->type->name); 1501 #endif 1502 1503 if (!(qos = nla_nest_start(msg, IFLA_VLAN_INGRESS_QOS))) 1504 goto nla_put_failure; 1505 1506 vlist_simple_for_each_element(&cfg->ingress_qos_mapping_list, elem, node) { 1507 nl_qos_map.from = elem->from; 1508 nl_qos_map.to = elem->to; 1509 nla_put(msg, IFLA_VLAN_QOS_MAPPING, sizeof(nl_qos_map), &nl_qos_map); 1510 } 1511 nla_nest_end(msg, qos); 1512 1513 if (!(qos = nla_nest_start(msg, IFLA_VLAN_EGRESS_QOS))) 1514 goto nla_put_failure; 1515 1516 vlist_simple_for_each_element(&cfg->egress_qos_mapping_list, elem, node) { 1517 nl_qos_map.from = elem->from; 1518 nl_qos_map.to = elem->to; 1519 nla_put(msg, IFLA_VLAN_QOS_MAPPING, sizeof(nl_qos_map), &nl_qos_map); 1520 } 1521 nla_nest_end(msg, qos); 1522 1523 nla_nest_end(msg, data); 1524 nla_nest_end(msg, linkinfo); 1525 1526 rv = system_rtnl_call(msg); 1527 if (rv) 1528 D(SYSTEM, "Error adding vlandev '%s' over '%s': %d\n", vlandev->ifname, dev->ifname, rv); 1529 1530 return rv; 1531 1532 nla_put_failure: 1533 nlmsg_free(msg); 1534 return -ENOMEM; 1535 } 1536 1537 int system_vlandev_del(struct device *vlandev) 1538 { 1539 return system_link_del(vlandev->ifname); 1540 } 1541 1542 void 1543 system_if_get_settings(struct device *dev, struct device_settings *s) 1544 { 1545 struct ifreq ifr; 1546 char buf[10]; 1547 1548 memset(&ifr, 0, sizeof(ifr)); 1549 strncpy(ifr.ifr_name, dev->ifname, sizeof(ifr.ifr_name) - 1); 1550 1551 if (ioctl(sock_ioctl, SIOCGIFMTU, &ifr) == 0) { 1552 s->mtu = ifr.ifr_mtu; 1553 s->flags |= DEV_OPT_MTU; 1554 } 1555 1556 s->mtu6 = system_update_ipv6_mtu(dev, 0); 1557 if (s->mtu6 > 0) 1558 s->flags |= DEV_OPT_MTU6; 1559 1560 if (ioctl(sock_ioctl, SIOCGIFTXQLEN, &ifr) == 0) { 1561 s->txqueuelen = ifr.ifr_qlen; 1562 s->flags |= DEV_OPT_TXQUEUELEN; 1563 } 1564 1565 if (ioctl(sock_ioctl, SIOCGIFHWADDR, &ifr) == 0) { 1566 memcpy(s->macaddr, &ifr.ifr_hwaddr.sa_data, sizeof(s->macaddr)); 1567 s->flags |= DEV_OPT_MACADDR; 1568 } 1569 1570 if (!system_get_disable_ipv6(dev, buf, sizeof(buf))) { 1571 s->ipv6 = !strtoul(buf, NULL, 0); 1572 s->flags |= DEV_OPT_IPV6; 1573 } 1574 1575 if (ioctl(sock_ioctl, SIOCGIFFLAGS, &ifr) == 0) { 1576 s->promisc = ifr.ifr_flags & IFF_PROMISC; 1577 s->flags |= DEV_OPT_PROMISC; 1578 1579 s->multicast = ifr.ifr_flags & IFF_MULTICAST; 1580 s->flags |= DEV_OPT_MULTICAST; 1581 } 1582 1583 if (!system_get_rpfilter(dev, buf, sizeof(buf))) { 1584 s->rpfilter = strtoul(buf, NULL, 0); 1585 s->flags |= DEV_OPT_RPFILTER; 1586 } 1587 1588 if (!system_get_acceptlocal(dev, buf, sizeof(buf))) { 1589 s->acceptlocal = strtoul(buf, NULL, 0); 1590 s->flags |= DEV_OPT_ACCEPTLOCAL; 1591 } 1592 1593 if (!system_get_igmpversion(dev, buf, sizeof(buf))) { 1594 s->igmpversion = strtoul(buf, NULL, 0); 1595 s->flags |= DEV_OPT_IGMPVERSION; 1596 } 1597 1598 if (!system_get_mldversion(dev, buf, sizeof(buf))) { 1599 s->mldversion = strtoul(buf, NULL, 0); 1600 s->flags |= DEV_OPT_MLDVERSION; 1601 } 1602 1603 if (!system_get_neigh4reachabletime(dev, buf, sizeof(buf))) { 1604 s->neigh4reachabletime = strtoul(buf, NULL, 0); 1605 s->flags |= DEV_OPT_NEIGHREACHABLETIME; 1606 } 1607 1608 if (!system_get_neigh6reachabletime(dev, buf, sizeof(buf))) { 1609 s->neigh6reachabletime = strtoul(buf, NULL, 0); 1610 s->flags |= DEV_OPT_NEIGHREACHABLETIME; 1611 } 1612 1613 if (!system_get_neigh4locktime(dev, buf, sizeof(buf))) { 1614 s->neigh4locktime = strtol(buf, NULL, 0); 1615 s->flags |= DEV_OPT_NEIGHLOCKTIME; 1616 } 1617 1618 if (!system_get_neigh4gcstaletime(dev, buf, sizeof(buf))) { 1619 s->neigh4gcstaletime = strtoul(buf, NULL, 0); 1620 s->flags |= DEV_OPT_NEIGHGCSTALETIME; 1621 } 1622 1623 if (!system_get_neigh6gcstaletime(dev, buf, sizeof(buf))) { 1624 s->neigh6gcstaletime = strtoul(buf, NULL, 0); 1625 s->flags |= DEV_OPT_NEIGHGCSTALETIME; 1626 } 1627 1628 if (!system_get_dadtransmits(dev, buf, sizeof(buf))) { 1629 s->dadtransmits = strtoul(buf, NULL, 0); 1630 s->flags |= DEV_OPT_DADTRANSMITS; 1631 } 1632 1633 if (!system_get_sendredirects(dev, buf, sizeof(buf))) { 1634 s->sendredirects = strtoul(buf, NULL, 0); 1635 s->flags |= DEV_OPT_SENDREDIRECTS; 1636 } 1637 } 1638 1639 void 1640 system_if_apply_settings(struct device *dev, struct device_settings *s, unsigned int apply_mask) 1641 { 1642 struct ifreq ifr; 1643 char buf[12]; 1644 1645 memset(&ifr, 0, sizeof(ifr)); 1646 strncpy(ifr.ifr_name, dev->ifname, sizeof(ifr.ifr_name) - 1); 1647 if (s->flags & DEV_OPT_MTU & apply_mask) { 1648 ifr.ifr_mtu = s->mtu; 1649 if (ioctl(sock_ioctl, SIOCSIFMTU, &ifr) < 0) 1650 s->flags &= ~DEV_OPT_MTU; 1651 } 1652 if (s->flags & DEV_OPT_MTU6 & apply_mask) { 1653 system_update_ipv6_mtu(dev, s->mtu6); 1654 } 1655 if (s->flags & DEV_OPT_TXQUEUELEN & apply_mask) { 1656 ifr.ifr_qlen = s->txqueuelen; 1657 if (ioctl(sock_ioctl, SIOCSIFTXQLEN, &ifr) < 0) 1658 s->flags &= ~DEV_OPT_TXQUEUELEN; 1659 } 1660 if ((s->flags & DEV_OPT_MACADDR & apply_mask) && !dev->external) { 1661 ifr.ifr_hwaddr.sa_family = ARPHRD_ETHER; 1662 memcpy(&ifr.ifr_hwaddr.sa_data, s->macaddr, sizeof(s->macaddr)); 1663 if (ioctl(sock_ioctl, SIOCSIFHWADDR, &ifr) < 0) 1664 s->flags &= ~DEV_OPT_MACADDR; 1665 } 1666 if (s->flags & DEV_OPT_IPV6 & apply_mask) 1667 system_set_disable_ipv6(dev, s->ipv6 ? "" : "1"); 1668 if (s->flags & DEV_OPT_PROMISC & apply_mask) { 1669 if (system_if_flags(dev->ifname, s->promisc ? IFF_PROMISC : 0, 1670 !s->promisc ? IFF_PROMISC : 0) < 0) 1671 s->flags &= ~DEV_OPT_PROMISC; 1672 } 1673 if (s->flags & DEV_OPT_RPFILTER & apply_mask) { 1674 snprintf(buf, sizeof(buf), "%u", s->rpfilter); 1675 system_set_rpfilter(dev, buf); 1676 } 1677 if (s->flags & DEV_OPT_ACCEPTLOCAL & apply_mask) 1678 system_set_acceptlocal(dev, s->acceptlocal ? "1" : ""); 1679 if (s->flags & DEV_OPT_IGMPVERSION & apply_mask) { 1680 snprintf(buf, sizeof(buf), "%u", s->igmpversion); 1681 system_set_igmpversion(dev, buf); 1682 } 1683 if (s->flags & DEV_OPT_MLDVERSION & apply_mask) { 1684 snprintf(buf, sizeof(buf), "%u", s->mldversion); 1685 system_set_mldversion(dev, buf); 1686 } 1687 if (s->flags & DEV_OPT_NEIGHREACHABLETIME & apply_mask) { 1688 snprintf(buf, sizeof(buf), "%u", s->neigh4reachabletime); 1689 system_set_neigh4reachabletime(dev, buf); 1690 snprintf(buf, sizeof(buf), "%u", s->neigh6reachabletime); 1691 system_set_neigh6reachabletime(dev, buf); 1692 } 1693 if (s->flags & DEV_OPT_NEIGHLOCKTIME & apply_mask) { 1694 snprintf(buf, sizeof(buf), "%d", s->neigh4locktime); 1695 system_set_neigh4locktime(dev, buf); 1696 } 1697 if (s->flags & DEV_OPT_NEIGHGCSTALETIME & apply_mask) { 1698 snprintf(buf, sizeof(buf), "%u", s->neigh4gcstaletime); 1699 system_set_neigh4gcstaletime(dev, buf); 1700 snprintf(buf, sizeof(buf), "%u", s->neigh6gcstaletime); 1701 system_set_neigh6gcstaletime(dev, buf); 1702 } 1703 if (s->flags & DEV_OPT_DADTRANSMITS & apply_mask) { 1704 snprintf(buf, sizeof(buf), "%u", s->dadtransmits); 1705 system_set_dadtransmits(dev, buf); 1706 } 1707 if (s->flags & DEV_OPT_MULTICAST & apply_mask) { 1708 if (system_if_flags(dev->ifname, s->multicast ? IFF_MULTICAST : 0, 1709 !s->multicast ? IFF_MULTICAST : 0) < 0) 1710 s->flags &= ~DEV_OPT_MULTICAST; 1711 } 1712 if (s->flags & DEV_OPT_SENDREDIRECTS & apply_mask) 1713 system_set_sendredirects(dev, s->sendredirects ? "1" : ""); 1714 } 1715 1716 int system_if_up(struct device *dev) 1717 { 1718 system_if_get_settings(dev, &dev->orig_settings); 1719 /* Only keep orig settings based on what needs to be set */ 1720 dev->orig_settings.valid_flags = dev->orig_settings.flags; 1721 dev->orig_settings.flags &= dev->settings.flags; 1722 system_if_apply_settings(dev, &dev->settings, dev->settings.flags); 1723 return system_if_flags(dev->ifname, IFF_UP, 0); 1724 } 1725 1726 int system_if_down(struct device *dev) 1727 { 1728 int ret = system_if_flags(dev->ifname, 0, IFF_UP); 1729 system_if_apply_settings(dev, &dev->orig_settings, dev->orig_settings.flags); 1730 return ret; 1731 } 1732 1733 struct if_check_data { 1734 struct device *dev; 1735 int pending; 1736 int ret; 1737 }; 1738 1739 #ifndef IFF_LOWER_UP 1740 #define IFF_LOWER_UP 0x10000 1741 #endif 1742 1743 static int cb_if_check_valid(struct nl_msg *msg, void *arg) 1744 { 1745 struct nlmsghdr *nh = nlmsg_hdr(msg); 1746 struct ifinfomsg *ifi = NLMSG_DATA(nh); 1747 struct if_check_data *chk = (struct if_check_data *)arg; 1748 1749 if (nh->nlmsg_type != RTM_NEWLINK) 1750 return NL_SKIP; 1751 1752 if (chk->dev->type == &simple_device_type) 1753 device_set_present(chk->dev, ifi->ifi_index > 0 ? true : false); 1754 device_set_link(chk->dev, ifi->ifi_flags & IFF_LOWER_UP ? true : false); 1755 1756 return NL_OK; 1757 } 1758 1759 static int cb_if_check_ack(struct nl_msg *msg, void *arg) 1760 { 1761 struct if_check_data *chk = (struct if_check_data *)arg; 1762 chk->pending = 0; 1763 return NL_STOP; 1764 } 1765 1766 static int cb_if_check_error(struct sockaddr_nl *nla, struct nlmsgerr *err, void *arg) 1767 { 1768 struct if_check_data *chk = (struct if_check_data *)arg; 1769 1770 if (chk->dev->type == &simple_device_type) 1771 device_set_present(chk->dev, false); 1772 device_set_link(chk->dev, false); 1773 chk->pending = err->error; 1774 1775 return NL_STOP; 1776 } 1777 1778 int system_if_check(struct device *dev) 1779 { 1780 struct nl_cb *cb = nl_cb_alloc(NL_CB_DEFAULT); 1781 struct nl_msg *msg; 1782 struct ifinfomsg ifi = { 1783 .ifi_family = AF_UNSPEC, 1784 .ifi_index = 0, 1785 }; 1786 struct if_check_data chk = { 1787 .dev = dev, 1788 .pending = 1, 1789 }; 1790 int ret = 1; 1791 1792 if (!cb) 1793 return ret; 1794 1795 msg = nlmsg_alloc_simple(RTM_GETLINK, 0); 1796 if (!msg) 1797 goto out; 1798 1799 if (nlmsg_append(msg, &ifi, sizeof(ifi), 0) || 1800 nla_put_string(msg, IFLA_IFNAME, dev->ifname)) 1801 goto free; 1802 1803 nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM, cb_if_check_valid, &chk); 1804 nl_cb_set(cb, NL_CB_ACK, NL_CB_CUSTOM, cb_if_check_ack, &chk); 1805 nl_cb_err(cb, NL_CB_CUSTOM, cb_if_check_error, &chk); 1806 1807 ret = nl_send_auto_complete(sock_rtnl, msg); 1808 if (ret < 0) 1809 goto free; 1810 1811 while (chk.pending > 0) 1812 nl_recvmsgs(sock_rtnl, cb); 1813 1814 ret = chk.pending; 1815 1816 free: 1817 nlmsg_free(msg); 1818 out: 1819 nl_cb_put(cb); 1820 return ret; 1821 } 1822 1823 struct device * 1824 system_if_get_parent(struct device *dev) 1825 { 1826 char buf[64], *devname; 1827 int ifindex, iflink, len; 1828 FILE *f; 1829 1830 snprintf(buf, sizeof(buf), "/sys/class/net/%s/iflink", dev->ifname); 1831 f = fopen(buf, "r"); 1832 if (!f) 1833 return NULL; 1834 1835 len = fread(buf, 1, sizeof(buf) - 1, f); 1836 fclose(f); 1837 1838 if (len <= 0) 1839 return NULL; 1840 1841 buf[len] = 0; 1842 iflink = strtoul(buf, NULL, 0); 1843 ifindex = system_if_resolve(dev); 1844 if (!iflink || iflink == ifindex) 1845 return NULL; 1846 1847 devname = if_indextoname(iflink, buf); 1848 if (!devname) 1849 return NULL; 1850 1851 return device_get(devname, true); 1852 } 1853 1854 static bool 1855 read_string_file(int dir_fd, const char *file, char *buf, int len) 1856 { 1857 bool ret = false; 1858 char *c; 1859 int fd; 1860 1861 fd = openat(dir_fd, file, O_RDONLY); 1862 if (fd < 0) 1863 return false; 1864 1865 retry: 1866 len = read(fd, buf, len - 1); 1867 if (len < 0) { 1868 if (errno == EINTR) 1869 goto retry; 1870 } else if (len > 0) { 1871 buf[len] = 0; 1872 1873 c = strchr(buf, '\n'); 1874 if (c) 1875 *c = 0; 1876 1877 ret = true; 1878 } 1879 1880 close(fd); 1881 1882 return ret; 1883 } 1884 1885 static bool 1886 read_uint64_file(int dir_fd, const char *file, uint64_t *val) 1887 { 1888 char buf[64]; 1889 bool ret = false; 1890 1891 ret = read_string_file(dir_fd, file, buf, sizeof(buf)); 1892 if (ret) 1893 *val = strtoull(buf, NULL, 0); 1894 1895 return ret; 1896 } 1897 1898 /* Assume advertised flags == supported flags */ 1899 static const struct { 1900 uint32_t mask; 1901 const char *name; 1902 } ethtool_link_modes[] = { 1903 { ADVERTISED_10baseT_Half, "10baseT-H" }, 1904 { ADVERTISED_10baseT_Full, "10baseT-F" }, 1905 { ADVERTISED_100baseT_Half, "100baseT-H" }, 1906 { ADVERTISED_100baseT_Full, "100baseT-F" }, 1907 { ADVERTISED_1000baseT_Half, "1000baseT-H" }, 1908 { ADVERTISED_1000baseT_Full, "1000baseT-F" }, 1909 { ADVERTISED_1000baseKX_Full, "1000baseKX-F" }, 1910 { ADVERTISED_2500baseX_Full, "2500baseX-F" }, 1911 { ADVERTISED_10000baseT_Full, "10000baseT-F" }, 1912 { ADVERTISED_10000baseKX4_Full, "10000baseKX4-F" }, 1913 { ADVERTISED_10000baseKR_Full, "10000baseKR-F" }, 1914 { ADVERTISED_20000baseMLD2_Full, "20000baseMLD2-F" }, 1915 { ADVERTISED_20000baseKR2_Full, "20000baseKR2-F" }, 1916 { ADVERTISED_40000baseKR4_Full, "40000baseKR4-F" }, 1917 { ADVERTISED_40000baseCR4_Full, "40000baseCR4-F" }, 1918 { ADVERTISED_40000baseSR4_Full, "40000baseSR4-F" }, 1919 { ADVERTISED_40000baseLR4_Full, "40000baseLR4-F" }, 1920 #ifdef ADVERTISED_56000baseKR4_Full 1921 { ADVERTISED_56000baseKR4_Full, "56000baseKR4-F" }, 1922 { ADVERTISED_56000baseCR4_Full, "56000baseCR4-F" }, 1923 { ADVERTISED_56000baseSR4_Full, "56000baseSR4-F" }, 1924 { ADVERTISED_56000baseLR4_Full, "56000baseLR4-F" }, 1925 #endif 1926 }; 1927 1928 static void system_add_link_modes(struct blob_buf *b, __u32 mask) 1929 { 1930 int i; 1931 for (i = 0; i < ARRAY_SIZE(ethtool_link_modes); i++) { 1932 if (mask & ethtool_link_modes[i].mask) 1933 blobmsg_add_string(b, NULL, ethtool_link_modes[i].name); 1934 } 1935 } 1936 1937 bool 1938 system_if_force_external(const char *ifname) 1939 { 1940 char buf[64]; 1941 struct stat s; 1942 1943 snprintf(buf, sizeof(buf), "/sys/class/net/%s/phy80211", ifname); 1944 return stat(buf, &s) == 0; 1945 } 1946 1947 int 1948 system_if_dump_info(struct device *dev, struct blob_buf *b) 1949 { 1950 struct ethtool_cmd ecmd; 1951 struct ifreq ifr; 1952 char *s; 1953 void *c; 1954 1955 memset(&ecmd, 0, sizeof(ecmd)); 1956 memset(&ifr, 0, sizeof(ifr)); 1957 strncpy(ifr.ifr_name, dev->ifname, sizeof(ifr.ifr_name) - 1); 1958 ifr.ifr_data = (caddr_t) &ecmd; 1959 ecmd.cmd = ETHTOOL_GSET; 1960 1961 if (ioctl(sock_ioctl, SIOCETHTOOL, &ifr) == 0) { 1962 c = blobmsg_open_array(b, "link-advertising"); 1963 system_add_link_modes(b, ecmd.advertising); 1964 blobmsg_close_array(b, c); 1965 1966 c = blobmsg_open_array(b, "link-partner-advertising"); 1967 system_add_link_modes(b, ecmd.lp_advertising); 1968 blobmsg_close_array(b, c); 1969 1970 c = blobmsg_open_array(b, "link-supported"); 1971 system_add_link_modes(b, ecmd.supported); 1972 blobmsg_close_array(b, c); 1973 1974 s = blobmsg_alloc_string_buffer(b, "speed", 8); 1975 snprintf(s, 8, "%d%c", ethtool_cmd_speed(&ecmd), 1976 ecmd.duplex == DUPLEX_HALF ? 'H' : 'F'); 1977 blobmsg_add_string_buffer(b); 1978 1979 blobmsg_add_u8(b, "autoneg", !!ecmd.autoneg); 1980 } 1981 1982 return 0; 1983 } 1984 1985 int 1986 system_if_dump_stats(struct device *dev, struct blob_buf *b) 1987 { 1988 const char *const counters[] = { 1989 "collisions", "rx_frame_errors", "tx_compressed", 1990 "multicast", "rx_length_errors", "tx_dropped", 1991 "rx_bytes", "rx_missed_errors", "tx_errors", 1992 "rx_compressed", "rx_over_errors", "tx_fifo_errors", 1993 "rx_crc_errors", "rx_packets", "tx_heartbeat_errors", 1994 "rx_dropped", "tx_aborted_errors", "tx_packets", 1995 "rx_errors", "tx_bytes", "tx_window_errors", 1996 "rx_fifo_errors", "tx_carrier_errors", 1997 }; 1998 char buf[64]; 1999 int stats_dir; 2000 int i; 2001 uint64_t val = 0; 2002 2003 snprintf(buf, sizeof(buf), "/sys/class/net/%s/statistics", dev->ifname); 2004 stats_dir = open(buf, O_DIRECTORY); 2005 if (stats_dir < 0) 2006 return -1; 2007 2008 for (i = 0; i < ARRAY_SIZE(counters); i++) 2009 if (read_uint64_file(stats_dir, counters[i], &val)) 2010 blobmsg_add_u64(b, counters[i], val); 2011 2012 close(stats_dir); 2013 return 0; 2014 } 2015 2016 static int system_addr(struct device *dev, struct device_addr *addr, int cmd) 2017 { 2018 bool v4 = ((addr->flags & DEVADDR_FAMILY) == DEVADDR_INET4); 2019 int alen = v4 ? 4 : 16; 2020 unsigned int flags = 0; 2021 struct ifaddrmsg ifa = { 2022 .ifa_family = (alen == 4) ? AF_INET : AF_INET6, 2023 .ifa_prefixlen = addr->mask, 2024 .ifa_index = dev->ifindex, 2025 }; 2026 2027 struct nl_msg *msg; 2028 if (cmd == RTM_NEWADDR) 2029 flags |= NLM_F_CREATE | NLM_F_REPLACE; 2030 2031 msg = nlmsg_alloc_simple(cmd, flags); 2032 if (!msg) 2033 return -1; 2034 2035 nlmsg_append(msg, &ifa, sizeof(ifa), 0); 2036 nla_put(msg, IFA_LOCAL, alen, &addr->addr); 2037 if (v4) { 2038 if (addr->broadcast) 2039 nla_put_u32(msg, IFA_BROADCAST, addr->broadcast); 2040 if (addr->point_to_point) 2041 nla_put_u32(msg, IFA_ADDRESS, addr->point_to_point); 2042 } else { 2043 time_t now = system_get_rtime(); 2044 struct ifa_cacheinfo cinfo = {0xffffffffU, 0xffffffffU, 0, 0}; 2045 2046 if (addr->preferred_until) { 2047 int64_t preferred = addr->preferred_until - now; 2048 if (preferred < 0) 2049 preferred = 0; 2050 else if (preferred > UINT32_MAX) 2051 preferred = UINT32_MAX; 2052 2053 cinfo.ifa_prefered = preferred; 2054 } 2055 2056 if (addr->valid_until) { 2057 int64_t valid = addr->valid_until - now; 2058 if (valid <= 0) { 2059 nlmsg_free(msg); 2060 return -1; 2061 } 2062 else if (valid > UINT32_MAX) 2063 valid = UINT32_MAX; 2064 2065 cinfo.ifa_valid = valid; 2066 } 2067 2068 nla_put(msg, IFA_CACHEINFO, sizeof(cinfo), &cinfo); 2069 2070 if (cmd == RTM_NEWADDR && (addr->flags & DEVADDR_OFFLINK)) 2071 nla_put_u32(msg, IFA_FLAGS, IFA_F_NOPREFIXROUTE); 2072 } 2073 2074 return system_rtnl_call(msg); 2075 } 2076 2077 int system_add_address(struct device *dev, struct device_addr *addr) 2078 { 2079 return system_addr(dev, addr, RTM_NEWADDR); 2080 } 2081 2082 int system_del_address(struct device *dev, struct device_addr *addr) 2083 { 2084 return system_addr(dev, addr, RTM_DELADDR); 2085 } 2086 2087 static int system_neigh(struct device *dev, struct device_neighbor *neighbor, int cmd) 2088 { 2089 int alen = ((neighbor->flags & DEVADDR_FAMILY) == DEVADDR_INET4) ? 4 : 16; 2090 unsigned int flags = 0; 2091 struct ndmsg ndm = { 2092 .ndm_family = (alen == 4) ? AF_INET : AF_INET6, 2093 .ndm_ifindex = dev->ifindex, 2094 .ndm_state = NUD_PERMANENT, 2095 .ndm_flags = (neighbor->proxy ? NTF_PROXY : 0) | (neighbor->router ? NTF_ROUTER : 0), 2096 }; 2097 struct nl_msg *msg; 2098 2099 if (cmd == RTM_NEWNEIGH) 2100 flags |= NLM_F_CREATE | NLM_F_REPLACE; 2101 2102 msg = nlmsg_alloc_simple(cmd, flags); 2103 2104 if (!msg) 2105 return -1; 2106 2107 nlmsg_append(msg, &ndm, sizeof(ndm), 0); 2108 2109 nla_put(msg, NDA_DST, alen, &neighbor->addr); 2110 if (neighbor->flags & DEVNEIGH_MAC) 2111 nla_put(msg, NDA_LLADDR, sizeof(neighbor->macaddr), &neighbor->macaddr); 2112 2113 2114 return system_rtnl_call(msg); 2115 } 2116 2117 int system_add_neighbor(struct device *dev, struct device_neighbor *neighbor) 2118 { 2119 return system_neigh(dev, neighbor, RTM_NEWNEIGH); 2120 } 2121 2122 int system_del_neighbor(struct device *dev, struct device_neighbor *neighbor) 2123 { 2124 return system_neigh(dev, neighbor, RTM_DELNEIGH); 2125 } 2126 2127 static int system_rt(struct device *dev, struct device_route *route, int cmd) 2128 { 2129 int alen = ((route->flags & DEVADDR_FAMILY) == DEVADDR_INET4) ? 4 : 16; 2130 bool have_gw; 2131 unsigned int flags = 0; 2132 2133 if (alen == 4) 2134 have_gw = !!route->nexthop.in.s_addr; 2135 else 2136 have_gw = route->nexthop.in6.s6_addr32[0] || 2137 route->nexthop.in6.s6_addr32[1] || 2138 route->nexthop.in6.s6_addr32[2] || 2139 route->nexthop.in6.s6_addr32[3]; 2140 2141 unsigned int table = (route->flags & (DEVROUTE_TABLE | DEVROUTE_SRCTABLE)) 2142 ? route->table : RT_TABLE_MAIN; 2143 2144 struct rtmsg rtm = { 2145 .rtm_family = (alen == 4) ? AF_INET : AF_INET6, 2146 .rtm_dst_len = route->mask, 2147 .rtm_src_len = route->sourcemask, 2148 .rtm_table = (table < 256) ? table : RT_TABLE_UNSPEC, 2149 .rtm_protocol = (route->flags & DEVROUTE_PROTO) ? route->proto : RTPROT_STATIC, 2150 .rtm_scope = RT_SCOPE_NOWHERE, 2151 .rtm_type = (cmd == RTM_DELROUTE) ? 0: RTN_UNICAST, 2152 .rtm_flags = (route->flags & DEVROUTE_ONLINK) ? RTNH_F_ONLINK : 0, 2153 }; 2154 struct nl_msg *msg; 2155 2156 if (cmd == RTM_NEWROUTE) { 2157 flags |= NLM_F_CREATE | NLM_F_REPLACE; 2158 2159 if (!dev) { /* Add null-route */ 2160 rtm.rtm_scope = RT_SCOPE_UNIVERSE; 2161 rtm.rtm_type = RTN_UNREACHABLE; 2162 } 2163 else 2164 rtm.rtm_scope = (have_gw) ? RT_SCOPE_UNIVERSE : RT_SCOPE_LINK; 2165 } 2166 2167 if (route->flags & DEVROUTE_TYPE) { 2168 rtm.rtm_type = route->type; 2169 if (!(route->flags & (DEVROUTE_TABLE | DEVROUTE_SRCTABLE))) { 2170 if (rtm.rtm_type == RTN_LOCAL || rtm.rtm_type == RTN_BROADCAST || 2171 rtm.rtm_type == RTN_NAT || rtm.rtm_type == RTN_ANYCAST) 2172 rtm.rtm_table = RT_TABLE_LOCAL; 2173 } 2174 2175 if (rtm.rtm_type == RTN_LOCAL || rtm.rtm_type == RTN_NAT) { 2176 rtm.rtm_scope = RT_SCOPE_HOST; 2177 } else if (rtm.rtm_type == RTN_BROADCAST || rtm.rtm_type == RTN_MULTICAST || 2178 rtm.rtm_type == RTN_ANYCAST) { 2179 rtm.rtm_scope = RT_SCOPE_LINK; 2180 } else if (rtm.rtm_type == RTN_BLACKHOLE || rtm.rtm_type == RTN_UNREACHABLE || 2181 rtm.rtm_type == RTN_PROHIBIT || rtm.rtm_type == RTN_FAILED_POLICY || 2182 rtm.rtm_type == RTN_THROW) { 2183 rtm.rtm_scope = RT_SCOPE_UNIVERSE; 2184 dev = NULL; 2185 } 2186 } 2187 2188 msg = nlmsg_alloc_simple(cmd, flags); 2189 if (!msg) 2190 return -1; 2191 2192 nlmsg_append(msg, &rtm, sizeof(rtm), 0); 2193 2194 if (route->mask) 2195 nla_put(msg, RTA_DST, alen, &route->addr); 2196 2197 if (route->sourcemask) { 2198 if (rtm.rtm_family == AF_INET) 2199 nla_put(msg, RTA_PREFSRC, alen, &route->source); 2200 else 2201 nla_put(msg, RTA_SRC, alen, &route->source); 2202 } 2203 2204 if (route->metric > 0) 2205 nla_put_u32(msg, RTA_PRIORITY, route->metric); 2206 2207 if (have_gw) 2208 nla_put(msg, RTA_GATEWAY, alen, &route->nexthop); 2209 2210 if (dev) 2211 nla_put_u32(msg, RTA_OIF, dev->ifindex); 2212 2213 if (table >= 256) 2214 nla_put_u32(msg, RTA_TABLE, table); 2215 2216 if (route->flags & DEVROUTE_MTU) { 2217 struct nlattr *metrics; 2218 2219 if (!(metrics = nla_nest_start(msg, RTA_METRICS))) 2220 goto nla_put_failure; 2221 2222 nla_put_u32(msg, RTAX_MTU, route->mtu); 2223 2224 nla_nest_end(msg, metrics); 2225 } 2226 2227 return system_rtnl_call(msg); 2228 2229 nla_put_failure: 2230 nlmsg_free(msg); 2231 return -ENOMEM; 2232 } 2233 2234 int system_add_route(struct device *dev, struct device_route *route) 2235 { 2236 return system_rt(dev, route, RTM_NEWROUTE); 2237 } 2238 2239 int system_del_route(struct device *dev, struct device_route *route) 2240 { 2241 return system_rt(dev, route, RTM_DELROUTE); 2242 } 2243 2244 int system_flush_routes(void) 2245 { 2246 const char *names[] = { 2247 "/proc/sys/net/ipv4/route/flush", 2248 "/proc/sys/net/ipv6/route/flush" 2249 }; 2250 int fd, i; 2251 2252 for (i = 0; i < ARRAY_SIZE(names); i++) { 2253 fd = open(names[i], O_WRONLY); 2254 if (fd < 0) 2255 continue; 2256 2257 if (write(fd, "-1", 2)) {} 2258 close(fd); 2259 } 2260 return 0; 2261 } 2262 2263 bool system_resolve_rt_type(const char *type, unsigned int *id) 2264 { 2265 return system_rtn_aton(type, id); 2266 } 2267 2268 bool system_resolve_rt_proto(const char *type, unsigned int *id) 2269 { 2270 FILE *f; 2271 char *e, buf[128]; 2272 unsigned int n, proto = 256; 2273 n = strtoul(type, &e, 0); 2274 if (!*e && e != type) 2275 proto = n; 2276 else if (!strcmp(type, "unspec")) 2277 proto = RTPROT_UNSPEC; 2278 else if (!strcmp(type, "kernel")) 2279 proto = RTPROT_KERNEL; 2280 else if (!strcmp(type, "boot")) 2281 proto = RTPROT_BOOT; 2282 else if (!strcmp(type, "static")) 2283 proto = RTPROT_STATIC; 2284 else if ((f = fopen("/etc/iproute2/rt_protos", "r")) != NULL) { 2285 while (fgets(buf, sizeof(buf) - 1, f) != NULL) { 2286 if ((e = strtok(buf, " \t\n")) == NULL || *e == '#') 2287 continue; 2288 2289 n = strtoul(e, NULL, 10); 2290 e = strtok(NULL, " \t\n"); 2291 2292 if (e && !strcmp(e, type)) { 2293 proto = n; 2294 break; 2295 } 2296 } 2297 fclose(f); 2298 } 2299 2300 if (proto > 255) 2301 return false; 2302 2303 *id = proto; 2304 return true; 2305 } 2306 2307 bool system_resolve_rt_table(const char *name, unsigned int *id) 2308 { 2309 FILE *f; 2310 char *e, buf[128]; 2311 unsigned int n, table = RT_TABLE_UNSPEC; 2312 2313 /* first try to parse table as number */ 2314 if ((n = strtoul(name, &e, 0)) > 0 && !*e) 2315 table = n; 2316 2317 /* handle well known aliases */ 2318 else if (!strcmp(name, "default")) 2319 table = RT_TABLE_DEFAULT; 2320 else if (!strcmp(name, "main")) 2321 table = RT_TABLE_MAIN; 2322 else if (!strcmp(name, "local")) 2323 table = RT_TABLE_LOCAL; 2324 2325 /* try to look up name in /etc/iproute2/rt_tables */ 2326 else if ((f = fopen("/etc/iproute2/rt_tables", "r")) != NULL) 2327 { 2328 while (fgets(buf, sizeof(buf) - 1, f) != NULL) 2329 { 2330 if ((e = strtok(buf, " \t\n")) == NULL || *e == '#') 2331 continue; 2332 2333 n = strtoul(e, NULL, 10); 2334 e = strtok(NULL, " \t\n"); 2335 2336 if (e && !strcmp(e, name)) 2337 { 2338 table = n; 2339 break; 2340 } 2341 } 2342 2343 fclose(f); 2344 } 2345 2346 if (table == RT_TABLE_UNSPEC) 2347 return false; 2348 2349 *id = table; 2350 return true; 2351 } 2352 2353 bool system_is_default_rt_table(unsigned int id) 2354 { 2355 return (id == RT_TABLE_MAIN); 2356 } 2357 2358 bool system_resolve_rpfilter(const char *filter, unsigned int *id) 2359 { 2360 char *e; 2361 unsigned int n; 2362 2363 if (!strcmp(filter, "strict")) 2364 n = 1; 2365 else if (!strcmp(filter, "loose")) 2366 n = 2; 2367 else { 2368 n = strtoul(filter, &e, 0); 2369 if (*e || e == filter || n > 2) 2370 return false; 2371 } 2372 2373 *id = n; 2374 return true; 2375 } 2376 2377 static int system_iprule(struct iprule *rule, int cmd) 2378 { 2379 int alen = ((rule->flags & IPRULE_FAMILY) == IPRULE_INET4) ? 4 : 16; 2380 2381 struct nl_msg *msg; 2382 struct rtmsg rtm = { 2383 .rtm_family = (alen == 4) ? AF_INET : AF_INET6, 2384 .rtm_protocol = RTPROT_STATIC, 2385 .rtm_scope = RT_SCOPE_UNIVERSE, 2386 .rtm_table = RT_TABLE_UNSPEC, 2387 .rtm_type = RTN_UNSPEC, 2388 .rtm_flags = 0, 2389 }; 2390 2391 if (cmd == RTM_NEWRULE) 2392 rtm.rtm_type = RTN_UNICAST; 2393 2394 if (rule->invert) 2395 rtm.rtm_flags |= FIB_RULE_INVERT; 2396 2397 if (rule->flags & IPRULE_SRC) 2398 rtm.rtm_src_len = rule->src_mask; 2399 2400 if (rule->flags & IPRULE_DEST) 2401 rtm.rtm_dst_len = rule->dest_mask; 2402 2403 if (rule->flags & IPRULE_TOS) 2404 rtm.rtm_tos = rule->tos; 2405 2406 if (rule->flags & IPRULE_LOOKUP) { 2407 if (rule->lookup < 256) 2408 rtm.rtm_table = rule->lookup; 2409 } 2410 2411 if (rule->flags & IPRULE_ACTION) 2412 rtm.rtm_type = rule->action; 2413 else if (rule->flags & IPRULE_GOTO) 2414 rtm.rtm_type = FR_ACT_GOTO; 2415 else if (!(rule->flags & (IPRULE_LOOKUP | IPRULE_ACTION | IPRULE_GOTO))) 2416 rtm.rtm_type = FR_ACT_NOP; 2417 2418 msg = nlmsg_alloc_simple(cmd, NLM_F_REQUEST); 2419 2420 if (!msg) 2421 return -1; 2422 2423 nlmsg_append(msg, &rtm, sizeof(rtm), 0); 2424 2425 if (rule->flags & IPRULE_IN) 2426 nla_put(msg, FRA_IFNAME, strlen(rule->in_dev) + 1, rule->in_dev); 2427 2428 if (rule->flags & IPRULE_OUT) 2429 nla_put(msg, FRA_OIFNAME, strlen(rule->out_dev) + 1, rule->out_dev); 2430 2431 if (rule->flags & IPRULE_SRC) 2432 nla_put(msg, FRA_SRC, alen, &rule->src_addr); 2433 2434 if (rule->flags & IPRULE_DEST) 2435 nla_put(msg, FRA_DST, alen, &rule->dest_addr); 2436 2437 if (rule->flags & IPRULE_PRIORITY) 2438 nla_put_u32(msg, FRA_PRIORITY, rule->priority); 2439 else if (cmd == RTM_NEWRULE) 2440 nla_put_u32(msg, FRA_PRIORITY, rule->order); 2441 2442 if (rule->flags & IPRULE_FWMARK) 2443 nla_put_u32(msg, FRA_FWMARK, rule->fwmark); 2444 2445 if (rule->flags & IPRULE_FWMASK) 2446 nla_put_u32(msg, FRA_FWMASK, rule->fwmask); 2447 2448 if (rule->flags & IPRULE_LOOKUP) { 2449 if (rule->lookup >= 256) 2450 nla_put_u32(msg, FRA_TABLE, rule->lookup); 2451 } 2452 2453 if (rule->flags & IPRULE_SUP_PREFIXLEN) 2454 nla_put_u32(msg, FRA_SUPPRESS_PREFIXLEN, rule->sup_prefixlen); 2455 2456 if (rule->flags & IPRULE_GOTO) 2457 nla_put_u32(msg, FRA_GOTO, rule->gotoid); 2458 2459 return system_rtnl_call(msg); 2460 } 2461 2462 int system_add_iprule(struct iprule *rule) 2463 { 2464 return system_iprule(rule, RTM_NEWRULE); 2465 } 2466 2467 int system_del_iprule(struct iprule *rule) 2468 { 2469 return system_iprule(rule, RTM_DELRULE); 2470 } 2471 2472 int system_flush_iprules(void) 2473 { 2474 int rv = 0; 2475 struct iprule rule; 2476 2477 system_if_clear_entries(NULL, RTM_GETRULE, AF_INET); 2478 system_if_clear_entries(NULL, RTM_GETRULE, AF_INET6); 2479 2480 memset(&rule, 0, sizeof(rule)); 2481 2482 2483 rule.flags = IPRULE_INET4 | IPRULE_PRIORITY | IPRULE_LOOKUP; 2484 2485 rule.priority = 0; 2486 rule.lookup = RT_TABLE_LOCAL; 2487 rv |= system_iprule(&rule, RTM_NEWRULE); 2488 2489 rule.priority = 32766; 2490 rule.lookup = RT_TABLE_MAIN; 2491 rv |= system_iprule(&rule, RTM_NEWRULE); 2492 2493 rule.priority = 32767; 2494 rule.lookup = RT_TABLE_DEFAULT; 2495 rv |= system_iprule(&rule, RTM_NEWRULE); 2496 2497 2498 rule.flags = IPRULE_INET6 | IPRULE_PRIORITY | IPRULE_LOOKUP; 2499 2500 rule.priority = 0; 2501 rule.lookup = RT_TABLE_LOCAL; 2502 rv |= system_iprule(&rule, RTM_NEWRULE); 2503 2504 rule.priority = 32766; 2505 rule.lookup = RT_TABLE_MAIN; 2506 rv |= system_iprule(&rule, RTM_NEWRULE); 2507 2508 return rv; 2509 } 2510 2511 bool system_resolve_iprule_action(const char *action, unsigned int *id) 2512 { 2513 return system_rtn_aton(action, id); 2514 } 2515 2516 time_t system_get_rtime(void) 2517 { 2518 struct timespec ts; 2519 struct timeval tv; 2520 2521 if (clock_gettime(CLOCK_MONOTONIC, &ts) == 0) 2522 return ts.tv_sec; 2523 2524 if (gettimeofday(&tv, NULL) == 0) 2525 return tv.tv_sec; 2526 2527 return 0; 2528 } 2529 2530 #ifndef IP_DF 2531 #define IP_DF 0x4000 2532 #endif 2533 2534 static int tunnel_ioctl(const char *name, int cmd, void *p) 2535 { 2536 struct ifreq ifr; 2537 2538 memset(&ifr, 0, sizeof(ifr)); 2539 strncpy(ifr.ifr_name, name, sizeof(ifr.ifr_name) - 1); 2540 ifr.ifr_ifru.ifru_data = p; 2541 return ioctl(sock_ioctl, cmd, &ifr); 2542 } 2543 2544 #ifdef IFLA_IPTUN_MAX 2545 static int system_add_ip6_tunnel(const char *name, const unsigned int link, 2546 struct blob_attr **tb) 2547 { 2548 struct nl_msg *nlm = nlmsg_alloc_simple(RTM_NEWLINK, 2549 NLM_F_REQUEST | NLM_F_REPLACE | NLM_F_CREATE); 2550 struct ifinfomsg ifi = { .ifi_family = AF_UNSPEC }; 2551 struct blob_attr *cur; 2552 int ret = 0, ttl = 0; 2553 2554 if (!nlm) 2555 return -1; 2556 2557 nlmsg_append(nlm, &ifi, sizeof(ifi), 0); 2558 nla_put_string(nlm, IFLA_IFNAME, name); 2559 2560 if (link) 2561 nla_put_u32(nlm, IFLA_LINK, link); 2562 2563 struct nlattr *linkinfo = nla_nest_start(nlm, IFLA_LINKINFO); 2564 if (!linkinfo) { 2565 ret = -ENOMEM; 2566 goto failure; 2567 } 2568 2569 nla_put_string(nlm, IFLA_INFO_KIND, "ip6tnl"); 2570 struct nlattr *infodata = nla_nest_start(nlm, IFLA_INFO_DATA); 2571 if (!infodata) { 2572 ret = -ENOMEM; 2573 goto failure; 2574 } 2575 2576 if (link) 2577 nla_put_u32(nlm, IFLA_IPTUN_LINK, link); 2578 2579 if ((cur = tb[TUNNEL_ATTR_TTL])) 2580 ttl = blobmsg_get_u32(cur); 2581 2582 nla_put_u8(nlm, IFLA_IPTUN_PROTO, IPPROTO_IPIP); 2583 nla_put_u8(nlm, IFLA_IPTUN_TTL, (ttl) ? ttl : 64); 2584 2585 struct in6_addr in6buf; 2586 if ((cur = tb[TUNNEL_ATTR_LOCAL])) { 2587 if (inet_pton(AF_INET6, blobmsg_data(cur), &in6buf) < 1) { 2588 ret = -EINVAL; 2589 goto failure; 2590 } 2591 nla_put(nlm, IFLA_IPTUN_LOCAL, sizeof(in6buf), &in6buf); 2592 } 2593 2594 if ((cur = tb[TUNNEL_ATTR_REMOTE])) { 2595 if (inet_pton(AF_INET6, blobmsg_data(cur), &in6buf) < 1) { 2596 ret = -EINVAL; 2597 goto failure; 2598 } 2599 nla_put(nlm, IFLA_IPTUN_REMOTE, sizeof(in6buf), &in6buf); 2600 } 2601 2602 if ((cur = tb[TUNNEL_ATTR_DATA])) { 2603 struct blob_attr *tb_data[__IPIP6_DATA_ATTR_MAX]; 2604 uint32_t tun_flags = IP6_TNL_F_IGN_ENCAP_LIMIT; 2605 2606 blobmsg_parse(ipip6_data_attr_list.params, __IPIP6_DATA_ATTR_MAX, tb_data, 2607 blobmsg_data(cur), blobmsg_len(cur)); 2608 2609 if ((cur = tb_data[IPIP6_DATA_ENCAPLIMIT])) { 2610 char *str = blobmsg_get_string(cur); 2611 2612 if (strcmp(str, "ignore")) { 2613 char *e; 2614 unsigned encap_limit = strtoul(str, &e, 0); 2615 2616 if (e == str || *e || encap_limit > 255) { 2617 ret = -EINVAL; 2618 goto failure; 2619 } 2620 2621 nla_put_u8(nlm, IFLA_IPTUN_ENCAP_LIMIT, encap_limit); 2622 tun_flags &= ~IP6_TNL_F_IGN_ENCAP_LIMIT; 2623 } 2624 } 2625 2626 #ifdef IFLA_IPTUN_FMR_MAX 2627 if ((cur = tb_data[IPIP6_DATA_FMRS])) { 2628 struct blob_attr *rcur; 2629 unsigned rrem, fmrcnt = 0; 2630 struct nlattr *fmrs = nla_nest_start(nlm, IFLA_IPTUN_FMRS); 2631 2632 if (!fmrs) { 2633 ret = -ENOMEM; 2634 goto failure; 2635 } 2636 2637 blobmsg_for_each_attr(rcur, cur, rrem) { 2638 struct blob_attr *tb_fmr[__FMR_DATA_ATTR_MAX], *tb_cur; 2639 struct in6_addr ip6prefix; 2640 struct in_addr ip4prefix; 2641 unsigned ip4len, ip6len, ealen, offset; 2642 2643 blobmsg_parse(fmr_data_attr_list.params, __FMR_DATA_ATTR_MAX, tb_fmr, 2644 blobmsg_data(rcur), blobmsg_len(rcur)); 2645 2646 if (!(tb_cur = tb_fmr[FMR_DATA_PREFIX6]) || 2647 !parse_ip_and_netmask(AF_INET6, 2648 blobmsg_data(tb_cur), &ip6prefix, 2649 &ip6len)) { 2650 ret = -EINVAL; 2651 goto failure; 2652 } 2653 2654 if (!(tb_cur = tb_fmr[FMR_DATA_PREFIX4]) || 2655 !parse_ip_and_netmask(AF_INET, 2656 blobmsg_data(tb_cur), &ip4prefix, 2657 &ip4len)) { 2658 ret = -EINVAL; 2659 goto failure; 2660 } 2661 2662 if (!(tb_cur = tb_fmr[FMR_DATA_EALEN])) { 2663 ret = -EINVAL; 2664 goto failure; 2665 } 2666 ealen = blobmsg_get_u32(tb_cur); 2667 2668 if (!(tb_cur = tb_fmr[FMR_DATA_OFFSET])) { 2669 ret = -EINVAL; 2670 goto failure; 2671 } 2672 offset = blobmsg_get_u32(tb_cur); 2673 2674 struct nlattr *rule = nla_nest_start(nlm, ++fmrcnt); 2675 if (!rule) { 2676 ret = -ENOMEM; 2677 goto failure; 2678 } 2679 2680 nla_put(nlm, IFLA_IPTUN_FMR_IP6_PREFIX, sizeof(ip6prefix), &ip6prefix); 2681 nla_put(nlm, IFLA_IPTUN_FMR_IP4_PREFIX, sizeof(ip4prefix), &ip4prefix); 2682 nla_put_u8(nlm, IFLA_IPTUN_FMR_IP6_PREFIX_LEN, ip6len); 2683 nla_put_u8(nlm, IFLA_IPTUN_FMR_IP4_PREFIX_LEN, ip4len); 2684 nla_put_u8(nlm, IFLA_IPTUN_FMR_EA_LEN, ealen); 2685 nla_put_u8(nlm, IFLA_IPTUN_FMR_OFFSET, offset); 2686 2687 nla_nest_end(nlm, rule); 2688 } 2689 2690 nla_nest_end(nlm, fmrs); 2691 } 2692 #endif 2693 if (tun_flags) 2694 nla_put_u32(nlm, IFLA_IPTUN_FLAGS, tun_flags); 2695 } 2696 2697 nla_nest_end(nlm, infodata); 2698 nla_nest_end(nlm, linkinfo); 2699 2700 return system_rtnl_call(nlm); 2701 2702 failure: 2703 nlmsg_free(nlm); 2704 return ret; 2705 } 2706 #endif 2707 2708 #ifdef IFLA_IPTUN_MAX 2709 #define IP6_FLOWINFO_TCLASS htonl(0x0FF00000) 2710 static int system_add_gre_tunnel(const char *name, const char *kind, 2711 const unsigned int link, struct blob_attr **tb, bool v6) 2712 { 2713 struct nl_msg *nlm; 2714 struct ifinfomsg ifi = { .ifi_family = AF_UNSPEC, }; 2715 struct blob_attr *cur; 2716 uint32_t ikey = 0, okey = 0, flowinfo = 0, flags6 = IP6_TNL_F_IGN_ENCAP_LIMIT; 2717 uint16_t iflags = 0, oflags = 0; 2718 uint8_t tos = 0; 2719 int ret = 0, ttl = 0; 2720 unsigned encap_limit = 0; 2721 2722 nlm = nlmsg_alloc_simple(RTM_NEWLINK, NLM_F_REQUEST | NLM_F_REPLACE | NLM_F_CREATE); 2723 if (!nlm) 2724 return -1; 2725 2726 nlmsg_append(nlm, &ifi, sizeof(ifi), 0); 2727 nla_put_string(nlm, IFLA_IFNAME, name); 2728 2729 struct nlattr *linkinfo = nla_nest_start(nlm, IFLA_LINKINFO); 2730 if (!linkinfo) { 2731 ret = -ENOMEM; 2732 goto failure; 2733 } 2734 2735 nla_put_string(nlm, IFLA_INFO_KIND, kind); 2736 struct nlattr *infodata = nla_nest_start(nlm, IFLA_INFO_DATA); 2737 if (!infodata) { 2738 ret = -ENOMEM; 2739 goto failure; 2740 } 2741 2742 if (link) 2743 nla_put_u32(nlm, IFLA_GRE_LINK, link); 2744 2745 if ((cur = tb[TUNNEL_ATTR_TTL])) 2746 ttl = blobmsg_get_u32(cur); 2747 2748 if ((cur = tb[TUNNEL_ATTR_TOS])) { 2749 char *str = blobmsg_get_string(cur); 2750 if (strcmp(str, "inherit")) { 2751 unsigned uval; 2752 2753 if (!system_tos_aton(str, &uval)) { 2754 ret = -EINVAL; 2755 goto failure; 2756 } 2757 2758 if (v6) 2759 flowinfo |= htonl(uval << 20) & IP6_FLOWINFO_TCLASS; 2760 else 2761 tos = uval; 2762 } else { 2763 if (v6) 2764 flags6 |= IP6_TNL_F_USE_ORIG_TCLASS; 2765 else 2766 tos = 1; 2767 } 2768 } 2769 2770 if ((cur = tb[TUNNEL_ATTR_DATA])) { 2771 struct blob_attr *tb_data[__GRE_DATA_ATTR_MAX]; 2772 2773 blobmsg_parse(gre_data_attr_list.params, __GRE_DATA_ATTR_MAX, tb_data, 2774 blobmsg_data(cur), blobmsg_len(cur)); 2775 2776 if ((cur = tb_data[GRE_DATA_IKEY])) { 2777 if ((ikey = blobmsg_get_u32(cur))) 2778 iflags |= GRE_KEY; 2779 } 2780 2781 if ((cur = tb_data[GRE_DATA_OKEY])) { 2782 if ((okey = blobmsg_get_u32(cur))) 2783 oflags |= GRE_KEY; 2784 } 2785 2786 if ((cur = tb_data[GRE_DATA_ICSUM])) { 2787 if (blobmsg_get_bool(cur)) 2788 iflags |= GRE_CSUM; 2789 } 2790 2791 if ((cur = tb_data[GRE_DATA_OCSUM])) { 2792 if (blobmsg_get_bool(cur)) 2793 oflags |= GRE_CSUM; 2794 } 2795 2796 if ((cur = tb_data[GRE_DATA_ISEQNO])) { 2797 if (blobmsg_get_bool(cur)) 2798 iflags |= GRE_SEQ; 2799 } 2800 2801 if ((cur = tb_data[GRE_DATA_OSEQNO])) { 2802 if (blobmsg_get_bool(cur)) 2803 oflags |= GRE_SEQ; 2804 } 2805 2806 if ((cur = tb_data[GRE_DATA_ENCAPLIMIT])) { 2807 char *str = blobmsg_get_string(cur); 2808 2809 if (strcmp(str, "ignore")) { 2810 char *e; 2811 2812 encap_limit = strtoul(str, &e, 0); 2813 2814 if (e == str || *e || encap_limit > 255) { 2815 ret = -EINVAL; 2816 goto failure; 2817 } 2818 2819 flags6 &= ~IP6_TNL_F_IGN_ENCAP_LIMIT; 2820 } 2821 } 2822 } 2823 2824 if (v6) { 2825 struct in6_addr in6buf; 2826 if ((cur = tb[TUNNEL_ATTR_LOCAL])) { 2827 if (inet_pton(AF_INET6, blobmsg_data(cur), &in6buf) < 1) { 2828 ret = -EINVAL; 2829 goto failure; 2830 } 2831 nla_put(nlm, IFLA_GRE_LOCAL, sizeof(in6buf), &in6buf); 2832 } 2833 2834 if ((cur = tb[TUNNEL_ATTR_REMOTE])) { 2835 if (inet_pton(AF_INET6, blobmsg_data(cur), &in6buf) < 1) { 2836 ret = -EINVAL; 2837 goto failure; 2838 } 2839 nla_put(nlm, IFLA_GRE_REMOTE, sizeof(in6buf), &in6buf); 2840 } 2841 2842 if (!(flags6 & IP6_TNL_F_IGN_ENCAP_LIMIT)) 2843 nla_put_u8(nlm, IFLA_GRE_ENCAP_LIMIT, encap_limit); 2844 2845 if (flowinfo) 2846 nla_put_u32(nlm, IFLA_GRE_FLOWINFO, flowinfo); 2847 2848 if (flags6) 2849 nla_put_u32(nlm, IFLA_GRE_FLAGS, flags6); 2850 2851 if (!ttl) 2852 ttl = 64; 2853 } else { 2854 struct in_addr inbuf; 2855 bool set_df = true; 2856 2857 if ((cur = tb[TUNNEL_ATTR_LOCAL])) { 2858 if (inet_pton(AF_INET, blobmsg_data(cur), &inbuf) < 1) { 2859 ret = -EINVAL; 2860 goto failure; 2861 } 2862 nla_put(nlm, IFLA_GRE_LOCAL, sizeof(inbuf), &inbuf); 2863 } 2864 2865 if ((cur = tb[TUNNEL_ATTR_REMOTE])) { 2866 if (inet_pton(AF_INET, blobmsg_data(cur), &inbuf) < 1) { 2867 ret = -EINVAL; 2868 goto failure; 2869 } 2870 nla_put(nlm, IFLA_GRE_REMOTE, sizeof(inbuf), &inbuf); 2871 2872 if (IN_MULTICAST(ntohl(inbuf.s_addr))) { 2873 if (!okey) { 2874 okey = inbuf.s_addr; 2875 oflags |= GRE_KEY; 2876 } 2877 2878 if (!ikey) { 2879 ikey = inbuf.s_addr; 2880 iflags |= GRE_KEY; 2881 } 2882 } 2883 } 2884 2885 if ((cur = tb[TUNNEL_ATTR_DF])) 2886 set_df = blobmsg_get_bool(cur); 2887 2888 if (!set_df) { 2889 /* ttl != 0 and nopmtudisc are incompatible */ 2890 if (ttl) { 2891 ret = -EINVAL; 2892 goto failure; 2893 } 2894 } else if (!ttl) 2895 ttl = 64; 2896 2897 nla_put_u8(nlm, IFLA_GRE_PMTUDISC, set_df ? 1 : 0); 2898 2899 nla_put_u8(nlm, IFLA_GRE_TOS, tos); 2900 } 2901 2902 if (ttl) 2903 nla_put_u8(nlm, IFLA_GRE_TTL, ttl); 2904 2905 if (oflags) 2906 nla_put_u16(nlm, IFLA_GRE_OFLAGS, oflags); 2907 2908 if (iflags) 2909 nla_put_u16(nlm, IFLA_GRE_IFLAGS, iflags); 2910 2911 if (okey) 2912 nla_put_u32(nlm, IFLA_GRE_OKEY, htonl(okey)); 2913 2914 if (ikey) 2915 nla_put_u32(nlm, IFLA_GRE_IKEY, htonl(ikey)); 2916 2917 nla_nest_end(nlm, infodata); 2918 nla_nest_end(nlm, linkinfo); 2919 2920 return system_rtnl_call(nlm); 2921 2922 failure: 2923 nlmsg_free(nlm); 2924 return ret; 2925 } 2926 #endif 2927 2928 #ifdef IFLA_VTI_MAX 2929 static int system_add_vti_tunnel(const char *name, const char *kind, 2930 const unsigned int link, struct blob_attr **tb, bool v6) 2931 { 2932 struct nl_msg *nlm; 2933 struct ifinfomsg ifi = { .ifi_family = AF_UNSPEC, }; 2934 struct blob_attr *cur; 2935 int ret = 0; 2936 2937 nlm = nlmsg_alloc_simple(RTM_NEWLINK, NLM_F_REQUEST | NLM_F_REPLACE | NLM_F_CREATE); 2938 if (!nlm) 2939 return -1; 2940 2941 nlmsg_append(nlm, &ifi, sizeof(ifi), 0); 2942 nla_put_string(nlm, IFLA_IFNAME, name); 2943 2944 struct nlattr *linkinfo = nla_nest_start(nlm, IFLA_LINKINFO); 2945 if (!linkinfo) { 2946 ret = -ENOMEM; 2947 goto failure; 2948 } 2949 2950 nla_put_string(nlm, IFLA_INFO_KIND, kind); 2951 struct nlattr *infodata = nla_nest_start(nlm, IFLA_INFO_DATA); 2952 if (!infodata) { 2953 ret = -ENOMEM; 2954 goto failure; 2955 } 2956 2957 if (link) 2958 nla_put_u32(nlm, IFLA_VTI_LINK, link); 2959 2960 if (v6) { 2961 struct in6_addr in6buf; 2962 if ((cur = tb[TUNNEL_ATTR_LOCAL])) { 2963 if (inet_pton(AF_INET6, blobmsg_data(cur), &in6buf) < 1) { 2964 ret = -EINVAL; 2965 goto failure; 2966 } 2967 nla_put(nlm, IFLA_VTI_LOCAL, sizeof(in6buf), &in6buf); 2968 } 2969 2970 if ((cur = tb[TUNNEL_ATTR_REMOTE])) { 2971 if (inet_pton(AF_INET6, blobmsg_data(cur), &in6buf) < 1) { 2972 ret = -EINVAL; 2973 goto failure; 2974 } 2975 nla_put(nlm, IFLA_VTI_REMOTE, sizeof(in6buf), &in6buf); 2976 } 2977 2978 } else { 2979 struct in_addr inbuf; 2980 2981 if ((cur = tb[TUNNEL_ATTR_LOCAL])) { 2982 if (inet_pton(AF_INET, blobmsg_data(cur), &inbuf) < 1) { 2983 ret = -EINVAL; 2984 goto failure; 2985 } 2986 nla_put(nlm, IFLA_VTI_LOCAL, sizeof(inbuf), &inbuf); 2987 } 2988 2989 if ((cur = tb[TUNNEL_ATTR_REMOTE])) { 2990 if (inet_pton(AF_INET, blobmsg_data(cur), &inbuf) < 1) { 2991 ret = -EINVAL; 2992 goto failure; 2993 } 2994 nla_put(nlm, IFLA_VTI_REMOTE, sizeof(inbuf), &inbuf); 2995 } 2996 2997 } 2998 2999 if ((cur = tb[TUNNEL_ATTR_DATA])) { 3000 struct blob_attr *tb_data[__VTI_DATA_ATTR_MAX]; 3001 uint32_t ikey = 0, okey = 0; 3002 3003 blobmsg_parse(vti_data_attr_list.params, __VTI_DATA_ATTR_MAX, tb_data, 3004 blobmsg_data(cur), blobmsg_len(cur)); 3005 3006 if ((cur = tb_data[VTI_DATA_IKEY])) { 3007 if ((ikey = blobmsg_get_u32(cur))) 3008 nla_put_u32(nlm, IFLA_VTI_IKEY, htonl(ikey)); 3009 } 3010 3011 if ((cur = tb_data[VTI_DATA_OKEY])) { 3012 if ((okey = blobmsg_get_u32(cur))) 3013 nla_put_u32(nlm, IFLA_VTI_OKEY, htonl(okey)); 3014 } 3015 } 3016 3017 nla_nest_end(nlm, infodata); 3018 nla_nest_end(nlm, linkinfo); 3019 3020 return system_rtnl_call(nlm); 3021 3022 failure: 3023 nlmsg_free(nlm); 3024 return ret; 3025 } 3026 #endif 3027 3028 #ifdef IFLA_XFRM_MAX 3029 static int system_add_xfrm_tunnel(const char *name, const char *kind, 3030 const unsigned int link, struct blob_attr **tb) 3031 { 3032 struct nl_msg *nlm; 3033 struct ifinfomsg ifi = { .ifi_family = AF_UNSPEC, }; 3034 struct blob_attr *cur; 3035 int ret = 0; 3036 3037 nlm = nlmsg_alloc_simple(RTM_NEWLINK, NLM_F_REQUEST | NLM_F_REPLACE | NLM_F_CREATE); 3038 if (!nlm) 3039 return -1; 3040 3041 nlmsg_append(nlm, &ifi, sizeof(ifi), 0); 3042 nla_put_string(nlm, IFLA_IFNAME, name); 3043 3044 struct nlattr *linkinfo = nla_nest_start(nlm, IFLA_LINKINFO); 3045 if (!linkinfo) { 3046 ret = -ENOMEM; 3047 goto failure; 3048 } 3049 3050 nla_put_string(nlm, IFLA_INFO_KIND, kind); 3051 struct nlattr *infodata = nla_nest_start(nlm, IFLA_INFO_DATA); 3052 if (!infodata) { 3053 ret = -ENOMEM; 3054 goto failure; 3055 } 3056 3057 if (link) 3058 nla_put_u32(nlm, IFLA_XFRM_LINK, link); 3059 3060 if ((cur = tb[TUNNEL_ATTR_DATA])) { 3061 struct blob_attr *tb_data[__XFRM_DATA_ATTR_MAX]; 3062 uint32_t if_id = 0; 3063 3064 blobmsg_parse(xfrm_data_attr_list.params, __XFRM_DATA_ATTR_MAX, tb_data, 3065 blobmsg_data(cur), blobmsg_len(cur)); 3066 3067 if ((cur = tb_data[XFRM_DATA_IF_ID])) { 3068 if ((if_id = blobmsg_get_u32(cur))) 3069 nla_put_u32(nlm, IFLA_XFRM_IF_ID, if_id); 3070 } 3071 3072 } 3073 3074 nla_nest_end(nlm, infodata); 3075 nla_nest_end(nlm, linkinfo); 3076 3077 return system_rtnl_call(nlm); 3078 3079 failure: 3080 nlmsg_free(nlm); 3081 return ret; 3082 } 3083 #endif 3084 3085 #ifdef IFLA_VXLAN_MAX 3086 static void system_vxlan_map_bool_attr(struct nl_msg *msg, struct blob_attr **tb_data, int attrtype, int vxlandatatype, bool invert) { 3087 struct blob_attr *cur; 3088 if ((cur = tb_data[vxlandatatype])) { 3089 bool val = blobmsg_get_bool(cur); 3090 if (invert) 3091 val = !val; 3092 3093 if ((attrtype == IFLA_VXLAN_GBP) && val) 3094 nla_put_flag(msg, attrtype); 3095 else 3096 nla_put_u8(msg, attrtype, val); 3097 3098 } 3099 } 3100 3101 static int system_add_vxlan(const char *name, const unsigned int link, struct blob_attr **tb, bool v6) 3102 { 3103 struct blob_attr *tb_data[__VXLAN_DATA_ATTR_MAX]; 3104 struct nl_msg *msg; 3105 struct nlattr *linkinfo, *data; 3106 struct ifinfomsg iim = { .ifi_family = AF_UNSPEC, }; 3107 struct blob_attr *cur; 3108 int ret = 0; 3109 3110 if ((cur = tb[TUNNEL_ATTR_DATA])) 3111 blobmsg_parse(vxlan_data_attr_list.params, __VXLAN_DATA_ATTR_MAX, tb_data, 3112 blobmsg_data(cur), blobmsg_len(cur)); 3113 else 3114 return -EINVAL; 3115 3116 msg = nlmsg_alloc_simple(RTM_NEWLINK, NLM_F_REQUEST | NLM_F_CREATE | NLM_F_EXCL); 3117 3118 if (!msg) 3119 return -1; 3120 3121 nlmsg_append(msg, &iim, sizeof(iim), 0); 3122 3123 nla_put_string(msg, IFLA_IFNAME, name); 3124 3125 if ((cur = tb_data[VXLAN_DATA_ATTR_MACADDR])) { 3126 struct ether_addr *ea = ether_aton(blobmsg_get_string(cur)); 3127 if (!ea) { 3128 ret = -EINVAL; 3129 goto failure; 3130 } 3131 3132 nla_put(msg, IFLA_ADDRESS, ETH_ALEN, ea); 3133 } 3134 3135 if ((cur = tb[TUNNEL_ATTR_MTU])) { 3136 uint32_t mtu = blobmsg_get_u32(cur); 3137 nla_put_u32(msg, IFLA_MTU, mtu); 3138 } 3139 3140 if (!(linkinfo = nla_nest_start(msg, IFLA_LINKINFO))) { 3141 ret = -ENOMEM; 3142 goto failure; 3143 } 3144 3145 nla_put_string(msg, IFLA_INFO_KIND, "vxlan"); 3146 3147 if (!(data = nla_nest_start(msg, IFLA_INFO_DATA))) { 3148 ret = -ENOMEM; 3149 goto failure; 3150 } 3151 3152 if (link) 3153 nla_put_u32(msg, IFLA_VXLAN_LINK, link); 3154 3155 if ((cur = tb_data[VXLAN_DATA_ATTR_ID])) { 3156 uint32_t id = blobmsg_get_u32(cur); 3157 if (id >= (1u << 24) - 1) { 3158 ret = -EINVAL; 3159 goto failure; 3160 } 3161 3162 nla_put_u32(msg, IFLA_VXLAN_ID, id); 3163 } 3164 3165 if (v6) { 3166 struct in6_addr in6buf; 3167 if ((cur = tb[TUNNEL_ATTR_LOCAL])) { 3168 if (inet_pton(AF_INET6, blobmsg_data(cur), &in6buf) < 1) { 3169 ret = -EINVAL; 3170 goto failure; 3171 } 3172 nla_put(msg, IFLA_VXLAN_LOCAL6, sizeof(in6buf), &in6buf); 3173 } 3174 3175 if ((cur = tb[TUNNEL_ATTR_REMOTE])) { 3176 if (inet_pton(AF_INET6, blobmsg_data(cur), &in6buf) < 1) { 3177 ret = -EINVAL; 3178 goto failure; 3179 } 3180 nla_put(msg, IFLA_VXLAN_GROUP6, sizeof(in6buf), &in6buf); 3181 } 3182 } else { 3183 struct in_addr inbuf; 3184 3185 if ((cur = tb[TUNNEL_ATTR_LOCAL])) { 3186 if (inet_pton(AF_INET, blobmsg_data(cur), &inbuf) < 1) { 3187 ret = -EINVAL; 3188 goto failure; 3189 } 3190 nla_put(msg, IFLA_VXLAN_LOCAL, sizeof(inbuf), &inbuf); 3191 } 3192 3193 if ((cur = tb[TUNNEL_ATTR_REMOTE])) { 3194 if (inet_pton(AF_INET, blobmsg_data(cur), &inbuf) < 1) { 3195 ret = -EINVAL; 3196 goto failure; 3197 } 3198 nla_put(msg, IFLA_VXLAN_GROUP, sizeof(inbuf), &inbuf); 3199 } 3200 } 3201 3202 uint32_t port = 4789; 3203 if ((cur = tb_data[VXLAN_DATA_ATTR_PORT])) { 3204 port = blobmsg_get_u32(cur); 3205 if (port < 1 || port > 65535) { 3206 ret = -EINVAL; 3207 goto failure; 3208 } 3209 } 3210 nla_put_u16(msg, IFLA_VXLAN_PORT, htons(port)); 3211 3212 if ((cur = tb_data[VXLAN_DATA_ATTR_SRCPORTMIN])) { 3213 struct ifla_vxlan_port_range srcports = {0,0}; 3214 3215 uint32_t low = blobmsg_get_u32(cur); 3216 if (low < 1 || low > 65535 - 1) { 3217 ret = -EINVAL; 3218 goto failure; 3219 } 3220 3221 srcports.low = htons((uint16_t) low); 3222 srcports.high = htons((uint16_t) (low+1)); 3223 3224 if ((cur = tb_data[VXLAN_DATA_ATTR_SRCPORTMAX])) { 3225 uint32_t high = blobmsg_get_u32(cur); 3226 if (high < 1 || high > 65535) { 3227 ret = -EINVAL; 3228 goto failure; 3229 } 3230 3231 if (high > low) 3232 srcports.high = htons((uint16_t) high); 3233 } 3234 3235 nla_put(msg, IFLA_VXLAN_PORT_RANGE, sizeof(srcports), &srcports); 3236 } 3237 3238 system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_UDP_CSUM, VXLAN_DATA_ATTR_TXCSUM, false); 3239 system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_UDP_ZERO_CSUM6_RX, VXLAN_DATA_ATTR_RXCSUM, true); 3240 system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_UDP_ZERO_CSUM6_TX, VXLAN_DATA_ATTR_TXCSUM, true); 3241 system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_LEARNING, VXLAN_DATA_ATTR_LEARNING, false); 3242 system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_RSC , VXLAN_DATA_ATTR_RSC, false); 3243 system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_PROXY , VXLAN_DATA_ATTR_PROXY, false); 3244 system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_L2MISS , VXLAN_DATA_ATTR_L2MISS, false); 3245 system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_L3MISS , VXLAN_DATA_ATTR_L3MISS, false); 3246 system_vxlan_map_bool_attr(msg, tb_data, IFLA_VXLAN_GBP , VXLAN_DATA_ATTR_GBP, false); 3247 3248 if ((cur = tb_data[VXLAN_DATA_ATTR_AGEING])) { 3249 uint32_t ageing = blobmsg_get_u32(cur); 3250 nla_put_u32(msg, IFLA_VXLAN_AGEING, ageing); 3251 } 3252 3253 if ((cur = tb_data[VXLAN_DATA_ATTR_LIMIT])) { 3254 uint32_t maxaddress = blobmsg_get_u32(cur); 3255 nla_put_u32(msg, IFLA_VXLAN_LIMIT, maxaddress); 3256 } 3257 3258 if ((cur = tb[TUNNEL_ATTR_TOS])) { 3259 char *str = blobmsg_get_string(cur); 3260 unsigned tos = 1; 3261 3262 if (strcmp(str, "inherit")) { 3263 if (!system_tos_aton(str, &tos)) { 3264 ret = -EINVAL; 3265 goto failure; 3266 } 3267 } 3268 3269 nla_put_u8(msg, IFLA_VXLAN_TOS, tos); 3270 } 3271 3272 if ((cur = tb[TUNNEL_ATTR_TTL])) { 3273 uint32_t ttl = blobmsg_get_u32(cur); 3274 if (ttl < 1 || ttl > 255) { 3275 ret = -EINVAL; 3276 goto failure; 3277 } 3278 3279 nla_put_u8(msg, IFLA_VXLAN_TTL, ttl); 3280 } 3281 3282 nla_nest_end(msg, data); 3283 nla_nest_end(msg, linkinfo); 3284 3285 ret = system_rtnl_call(msg); 3286 if (ret) 3287 D(SYSTEM, "Error adding vxlan '%s': %d\n", name, ret); 3288 3289 return ret; 3290 3291 failure: 3292 nlmsg_free(msg); 3293 return ret; 3294 } 3295 #endif 3296 3297 static int system_add_sit_tunnel(const char *name, const unsigned int link, struct blob_attr **tb) 3298 { 3299 struct blob_attr *cur; 3300 int ret = 0; 3301 3302 if (system_add_proto_tunnel(name, IPPROTO_IPV6, link, tb) < 0) 3303 return -1; 3304 3305 #ifdef SIOCADD6RD 3306 if ((cur = tb[TUNNEL_ATTR_DATA])) { 3307 struct blob_attr *tb_data[__SIXRD_DATA_ATTR_MAX]; 3308 unsigned int mask; 3309 struct ip_tunnel_6rd p6; 3310 3311 blobmsg_parse(sixrd_data_attr_list.params, __SIXRD_DATA_ATTR_MAX, tb_data, 3312 blobmsg_data(cur), blobmsg_len(cur)); 3313 3314 memset(&p6, 0, sizeof(p6)); 3315 3316 if ((cur = tb_data[SIXRD_DATA_PREFIX])) { 3317 if (!parse_ip_and_netmask(AF_INET6, blobmsg_data(cur), 3318 &p6.prefix, &mask) || mask > 128) { 3319 ret = -EINVAL; 3320 goto failure; 3321 } 3322 3323 p6.prefixlen = mask; 3324 } 3325 3326 if ((cur = tb_data[SIXRD_DATA_RELAY_PREFIX])) { 3327 if (!parse_ip_and_netmask(AF_INET, blobmsg_data(cur), 3328 &p6.relay_prefix, &mask) || mask > 32) { 3329 ret = -EINVAL; 3330 goto failure; 3331 } 3332 3333 p6.relay_prefixlen = mask; 3334 } 3335 3336 if (tunnel_ioctl(name, SIOCADD6RD, &p6) < 0) { 3337 ret = -1; 3338 goto failure; 3339 } 3340 } 3341 #endif 3342 3343 return ret; 3344 3345 failure: 3346 __system_del_ip_tunnel(name, tb); 3347 return ret; 3348 } 3349 3350 static int system_add_proto_tunnel(const char *name, const uint8_t proto, const unsigned int link, struct blob_attr **tb) 3351 { 3352 struct blob_attr *cur; 3353 bool set_df = true; 3354 struct ip_tunnel_parm p = { 3355 .link = link, 3356 .iph = { 3357 .version = 4, 3358 .ihl = 5, 3359 .protocol = proto, 3360 } 3361 }; 3362 3363 if ((cur = tb[TUNNEL_ATTR_LOCAL]) && 3364 inet_pton(AF_INET, blobmsg_data(cur), &p.iph.saddr) < 1) 3365 return -EINVAL; 3366 3367 if ((cur = tb[TUNNEL_ATTR_REMOTE]) && 3368 inet_pton(AF_INET, blobmsg_data(cur), &p.iph.daddr) < 1) 3369 return -EINVAL; 3370 3371 if ((cur = tb[TUNNEL_ATTR_DF])) 3372 set_df = blobmsg_get_bool(cur); 3373 3374 if ((cur = tb[TUNNEL_ATTR_TTL])) 3375 p.iph.ttl = blobmsg_get_u32(cur); 3376 3377 if ((cur = tb[TUNNEL_ATTR_TOS])) { 3378 char *str = blobmsg_get_string(cur); 3379 if (strcmp(str, "inherit")) { 3380 unsigned uval; 3381 3382 if (!system_tos_aton(str, &uval)) 3383 return -EINVAL; 3384 3385 p.iph.tos = uval; 3386 } else 3387 p.iph.tos = 1; 3388 } 3389 3390 p.iph.frag_off = set_df ? htons(IP_DF) : 0; 3391 /* ttl !=0 and nopmtudisc are incompatible */ 3392 if (p.iph.ttl && p.iph.frag_off == 0) 3393 return -EINVAL; 3394 3395 strncpy(p.name, name, sizeof(p.name) - 1); 3396 3397 switch (p.iph.protocol) { 3398 case IPPROTO_IPIP: 3399 return tunnel_ioctl("tunl0", SIOCADDTUNNEL, &p); 3400 case IPPROTO_IPV6: 3401 return tunnel_ioctl("sit0", SIOCADDTUNNEL, &p); 3402 default: 3403 break; 3404 } 3405 return -1; 3406 } 3407 3408 static int __system_del_ip_tunnel(const char *name, struct blob_attr **tb) 3409 { 3410 struct blob_attr *cur; 3411 const char *str; 3412 3413 if (!(cur = tb[TUNNEL_ATTR_TYPE])) 3414 return -EINVAL; 3415 str = blobmsg_data(cur); 3416 3417 if (!strcmp(str, "greip") || !strcmp(str, "gretapip") || 3418 !strcmp(str, "greip6") || !strcmp(str, "gretapip6") || 3419 !strcmp(str, "vtiip") || !strcmp(str, "vtiip6") || 3420 !strcmp(str, "vxlan") || !strcmp(str, "vxlan6") || 3421 !strcmp(str, "xfrm")) 3422 return system_link_del(name); 3423 else 3424 return tunnel_ioctl(name, SIOCDELTUNNEL, NULL); 3425 } 3426 3427 int system_del_ip_tunnel(const char *name, struct blob_attr *attr) 3428 { 3429 struct blob_attr *tb[__TUNNEL_ATTR_MAX]; 3430 3431 blobmsg_parse(tunnel_attr_list.params, __TUNNEL_ATTR_MAX, tb, 3432 blob_data(attr), blob_len(attr)); 3433 3434 return __system_del_ip_tunnel(name, tb); 3435 } 3436 3437 int system_update_ipv6_mtu(struct device *dev, int mtu) 3438 { 3439 int ret = -1; 3440 char buf[64]; 3441 int fd; 3442 3443 snprintf(buf, sizeof(buf), "/proc/sys/net/ipv6/conf/%s/mtu", 3444 dev->ifname); 3445 3446 fd = open(buf, O_RDWR); 3447 if (fd < 0) 3448 return ret; 3449 3450 if (!mtu) { 3451 ssize_t len = read(fd, buf, sizeof(buf) - 1); 3452 if (len < 0) 3453 goto out; 3454 3455 buf[len] = 0; 3456 ret = atoi(buf); 3457 } else { 3458 if (write(fd, buf, snprintf(buf, sizeof(buf), "%i", mtu)) > 0) 3459 ret = mtu; 3460 } 3461 3462 out: 3463 close(fd); 3464 return ret; 3465 } 3466 3467 int system_add_ip_tunnel(const char *name, struct blob_attr *attr) 3468 { 3469 struct blob_attr *tb[__TUNNEL_ATTR_MAX]; 3470 struct blob_attr *cur; 3471 const char *str; 3472 3473 blobmsg_parse(tunnel_attr_list.params, __TUNNEL_ATTR_MAX, tb, 3474 blob_data(attr), blob_len(attr)); 3475 3476 __system_del_ip_tunnel(name, tb); 3477 3478 if (!(cur = tb[TUNNEL_ATTR_TYPE])) 3479 return -EINVAL; 3480 str = blobmsg_data(cur); 3481 3482 unsigned int ttl = 0; 3483 if ((cur = tb[TUNNEL_ATTR_TTL])) { 3484 ttl = blobmsg_get_u32(cur); 3485 if (ttl > 255) 3486 return -EINVAL; 3487 } 3488 3489 unsigned int link = 0; 3490 if ((cur = tb[TUNNEL_ATTR_LINK])) { 3491 struct interface *iface = vlist_find(&interfaces, blobmsg_data(cur), iface, node); 3492 if (!iface) 3493 return -EINVAL; 3494 3495 if (iface->l3_dev.dev) 3496 link = iface->l3_dev.dev->ifindex; 3497 } 3498 3499 if (!strcmp(str, "sit")) 3500 return system_add_sit_tunnel(name, link, tb); 3501 #ifdef IFLA_IPTUN_MAX 3502 else if (!strcmp(str, "ipip6")) { 3503 return system_add_ip6_tunnel(name, link, tb); 3504 } else if (!strcmp(str, "greip")) { 3505 return system_add_gre_tunnel(name, "gre", link, tb, false); 3506 } else if (!strcmp(str, "gretapip")) { 3507 return system_add_gre_tunnel(name, "gretap", link, tb, false); 3508 } else if (!strcmp(str, "greip6")) { 3509 return system_add_gre_tunnel(name, "ip6gre", link, tb, true); 3510 } else if (!strcmp(str, "gretapip6")) { 3511 return system_add_gre_tunnel(name, "ip6gretap", link, tb, true); 3512 #ifdef IFLA_VTI_MAX 3513 } else if (!strcmp(str, "vtiip")) { 3514 return system_add_vti_tunnel(name, "vti", link, tb, false); 3515 } else if (!strcmp(str, "vtiip6")) { 3516 return system_add_vti_tunnel(name, "vti6", link, tb, true); 3517 #endif 3518 #ifdef IFLA_XFRM_MAX 3519 } else if (!strcmp(str, "xfrm")) { 3520 return system_add_xfrm_tunnel(name, "xfrm", link, tb); 3521 #endif 3522 #ifdef IFLA_VXLAN_MAX 3523 } else if(!strcmp(str, "vxlan")) { 3524 return system_add_vxlan(name, link, tb, false); 3525 } else if(!strcmp(str, "vxlan6")) { 3526 return system_add_vxlan(name, link, tb, true); 3527 #endif 3528 #endif 3529 } else if (!strcmp(str, "ipip")) { 3530 return system_add_proto_tunnel(name, IPPROTO_IPIP, link, tb); 3531 } 3532 else 3533 return -EINVAL; 3534 3535 return 0; 3536 } 3537
This page was automatically generated by LXR 0.3.1. • OpenWrt