2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
4 * Copyright (c) 2021 Ng Peng Nam Sean
5 * Copyright (c) 2022 Alexander V. Chernikov <melifaro@FreeBSD.org>
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 * This file contains socket and protocol bindings for netlink.
33 #include <sys/param.h>
34 #include <sys/kernel.h>
35 #include <sys/malloc.h>
37 #include <sys/rmlock.h>
38 #include <sys/domain.h>
40 #include <sys/protosw.h>
43 #include <sys/socket.h>
44 #include <sys/socketvar.h>
45 #include <sys/sysent.h>
46 #include <sys/syslog.h>
47 #include <sys/priv.h> /* priv_check */
49 #include <netlink/netlink.h>
50 #include <netlink/netlink_ctl.h>
51 #include <netlink/netlink_var.h>
53 #define DEBUG_MOD_NAME nl_domain
54 #define DEBUG_MAX_LEVEL LOG_DEBUG3
55 #include <netlink/netlink_debug.h>
56 _DECLARE_DEBUG(LOG_DEBUG);
58 _Static_assert((NLP_MAX_GROUPS % 64) == 0,
59 "NLP_MAX_GROUPS has to be multiple of 64");
60 _Static_assert(NLP_MAX_GROUPS >= 64,
61 "NLP_MAX_GROUPS has to be at least 64");
63 #define NLCTL_TRACKER struct rm_priotracker nl_tracker
64 #define NLCTL_RLOCK(_ctl) rm_rlock(&((_ctl)->ctl_lock), &nl_tracker)
65 #define NLCTL_RUNLOCK(_ctl) rm_runlock(&((_ctl)->ctl_lock), &nl_tracker)
67 #define NLCTL_WLOCK(_ctl) rm_wlock(&((_ctl)->ctl_lock))
68 #define NLCTL_WUNLOCK(_ctl) rm_wunlock(&((_ctl)->ctl_lock))
70 static u_long nl_sendspace = NLSNDQ;
71 SYSCTL_ULONG(_net_netlink, OID_AUTO, sendspace, CTLFLAG_RW, &nl_sendspace, 0,
72 "Default netlink socket send space");
74 static u_long nl_recvspace = NLSNDQ;
75 SYSCTL_ULONG(_net_netlink, OID_AUTO, recvspace, CTLFLAG_RW, &nl_recvspace, 0,
76 "Default netlink socket receive space");
78 extern u_long sb_max_adj;
79 extern u_long nl_maxsockbuf;
80 static int sysctl_handle_nl_maxsockbuf(SYSCTL_HANDLER_ARGS);
81 SYSCTL_OID(_net_netlink, OID_AUTO, nl_maxsockbuf,
82 CTLTYPE_ULONG | CTLFLAG_RW | CTLFLAG_MPSAFE, &nl_maxsockbuf, 0,
83 sysctl_handle_nl_maxsockbuf, "LU",
84 "Maximum Netlink socket buffer size");
87 nlp_get_pid(const struct nlpcb *nlp)
89 return (nlp->nl_process_id);
93 * Looks up a nlpcb struct based on the @portid. Need to claim nlsock_mtx.
94 * Returns nlpcb pointer if present else NULL
97 nl_port_lookup(uint32_t port_id)
101 CK_LIST_FOREACH(nlp, &V_nl_ctl->ctl_port_head, nl_port_next) {
102 if (nlp->nl_port == port_id)
109 nl_add_group_locked(struct nlpcb *nlp, unsigned int group_id)
111 MPASS(group_id <= NLP_MAX_GROUPS);
114 nlp->nl_groups[group_id / 64] |= (uint64_t)1 << (group_id % 64);
118 nl_del_group_locked(struct nlpcb *nlp, unsigned int group_id)
120 MPASS(group_id <= NLP_MAX_GROUPS);
123 nlp->nl_groups[group_id / 64] &= ~((uint64_t)1 << (group_id % 64));
127 nl_isset_group_locked(struct nlpcb *nlp, unsigned int group_id)
129 MPASS(group_id <= NLP_MAX_GROUPS);
132 return (nlp->nl_groups[group_id / 64] & ((uint64_t)1 << (group_id % 64)));
136 nl_get_groups_compat(struct nlpcb *nlp)
138 uint32_t groups_mask = 0;
140 for (int i = 0; i < 32; i++) {
141 if (nl_isset_group_locked(nlp, i + 1))
142 groups_mask |= (1 << i);
145 return (groups_mask);
149 * Broadcasts message @m to the protocol @proto group specified by @group_id
152 nl_send_group(struct mbuf *m, int num_messages, int proto, int group_id)
154 struct nlpcb *nlp_last = NULL;
158 IF_DEBUG_LEVEL(LOG_DEBUG2) {
159 struct nlmsghdr *hdr = mtod(m, struct nlmsghdr *);
160 NL_LOG(LOG_DEBUG2, "MCAST mbuf len %u msg type %d len %u to group %d/%d",
161 m->m_len, hdr->nlmsg_type, hdr->nlmsg_len, proto, group_id);
164 struct nl_control *ctl = atomic_load_ptr(&V_nl_ctl);
165 if (__predict_false(ctl == NULL)) {
167 * Can be the case when notification is sent within VNET
168 * which doesn't have any netlink sockets.
176 int io_flags = NL_IOF_UNTRANSLATED;
178 CK_LIST_FOREACH(nlp, &ctl->ctl_pcb_head, nl_next) {
179 if (nl_isset_group_locked(nlp, group_id) && nlp->nl_proto == proto) {
180 if (nlp_last != NULL) {
182 m_copy = m_copym(m, 0, M_COPYALL, M_NOWAIT);
184 nl_send_one(m_copy, nlp_last, num_messages, io_flags);
187 if (nlp_last->nl_socket != NULL)
188 sorwakeup(nlp_last->nl_socket);
189 NLP_UNLOCK(nlp_last);
195 if (nlp_last != NULL)
196 nl_send_one(m, nlp_last, num_messages, io_flags);
204 nl_has_listeners(int netlink_family, uint32_t groups_mask)
206 return (V_nl_ctl != NULL);
210 nlp_has_priv(struct nlpcb *nlp, int priv)
212 return (priv_check_cred(nlp->nl_cred, priv) == 0);
219 * app can open multiple netlink sockets.
220 * Start with current pid, if already taken,
221 * try random numbers in 65k..256k+65k space,
222 * avoiding clash with pids.
224 if (nl_port_lookup(curproc->p_pid) == NULL)
225 return (curproc->p_pid);
226 for (int i = 0; i < 16; i++) {
227 uint32_t nl_port = (arc4random() % 65536) + 65536 * 4;
228 if (nl_port_lookup(nl_port) == 0)
230 NL_LOG(LOG_DEBUG3, "tried %u\n", nl_port);
232 return (curproc->p_pid);
236 nl_bind_locked(struct nlpcb *nlp, struct sockaddr_nl *snl)
239 if (nlp->nl_port != snl->nl_pid) {
241 "bind() failed: program pid %d "
242 "is different from provided pid %d",
243 nlp->nl_port, snl->nl_pid);
244 return (EINVAL); // XXX: better error
247 if (snl->nl_pid == 0)
248 snl->nl_pid = nl_find_port();
249 if (nl_port_lookup(snl->nl_pid) != NULL)
251 nlp->nl_port = snl->nl_pid;
252 nlp->nl_bound = true;
253 CK_LIST_INSERT_HEAD(&V_nl_ctl->ctl_port_head, nlp, nl_port_next);
255 for (int i = 0; i < 32; i++) {
256 if (snl->nl_groups & ((uint32_t)1 << i))
257 nl_add_group_locked(nlp, i + 1);
259 nl_del_group_locked(nlp, i + 1);
266 nl_pru_attach(struct socket *so, int proto, struct thread *td)
271 if (__predict_false(netlink_unloading != 0))
272 return (EAFNOSUPPORT);
274 error = nl_verify_proto(proto);
278 bool is_linux = SV_PROC_ABI(td->td_proc) == SV_ABI_LINUX;
279 NL_LOG(LOG_DEBUG2, "socket %p, %sPID %d: attaching socket to %s",
280 so, is_linux ? "(linux) " : "", curproc->p_pid,
281 nl_get_proto_name(proto));
283 /* Create per-VNET state on first socket init */
284 struct nl_control *ctl = atomic_load_ptr(&V_nl_ctl);
286 ctl = vnet_nl_ctl_init();
287 KASSERT(V_nl_ctl != NULL, ("nl_attach: vnet_sock_init() failed"));
289 MPASS(sotonlpcb(so) == NULL);
291 nlp = malloc(sizeof(struct nlpcb), M_PCB, M_WAITOK | M_ZERO);
292 error = soreserve(so, nl_sendspace, nl_recvspace);
299 /* Copy so_cred to avoid having socket_var.h in every header */
300 nlp->nl_cred = so->so_cred;
301 nlp->nl_proto = proto;
302 nlp->nl_process_id = curproc->p_pid;
303 nlp->nl_linux = is_linux;
304 nlp->nl_active = true;
306 refcount_init(&nlp->nl_refcount, 1);
309 nlp->nl_taskqueue = taskqueue_create("netlink_socket", M_WAITOK,
310 taskqueue_thread_enqueue, &nlp->nl_taskqueue);
311 TASK_INIT(&nlp->nl_task, 0, nl_taskqueue_handler, nlp);
312 taskqueue_start_threads(&nlp->nl_taskqueue, 1, PWAIT,
313 "netlink_socket (PID %u)", nlp->nl_process_id);
316 /* XXX: check ctl is still alive */
317 CK_LIST_INSERT_HEAD(&ctl->ctl_pcb_head, nlp, nl_next);
326 nl_pru_abort(struct socket *so)
328 NL_LOG(LOG_DEBUG3, "socket %p, PID %d", so, curproc->p_pid);
329 MPASS(sotonlpcb(so) != NULL);
330 soisdisconnected(so);
334 nl_pru_bind(struct socket *so, struct sockaddr *sa, struct thread *td)
336 struct nl_control *ctl = atomic_load_ptr(&V_nl_ctl);
337 struct nlpcb *nlp = sotonlpcb(so);
338 struct sockaddr_nl *snl = (struct sockaddr_nl *)sa;
341 NL_LOG(LOG_DEBUG3, "socket %p, PID %d", so, curproc->p_pid);
342 if (snl->nl_len != sizeof(*snl)) {
343 NL_LOG(LOG_DEBUG, "socket %p, wrong sizeof(), ignoring bind()", so);
350 error = nl_bind_locked(nlp, snl);
353 NL_LOG(LOG_DEBUG2, "socket %p, bind() to %u, groups %u, error %d", so,
354 snl->nl_pid, snl->nl_groups, error);
361 nl_assign_port(struct nlpcb *nlp, uint32_t port_id)
363 struct nl_control *ctl = atomic_load_ptr(&V_nl_ctl);
364 struct sockaddr_nl snl = {
371 snl.nl_groups = nl_get_groups_compat(nlp);
372 error = nl_bind_locked(nlp, &snl);
376 NL_LOG(LOG_DEBUG3, "socket %p, port assign: %d, error: %d", nlp->nl_socket, port_id, error);
381 * nl_autobind_port binds a unused portid to @nlp
382 * @nlp: pcb data for the netlink socket
383 * @candidate_id: first id to consider
386 nl_autobind_port(struct nlpcb *nlp, uint32_t candidate_id)
388 struct nl_control *ctl = atomic_load_ptr(&V_nl_ctl);
389 uint32_t port_id = candidate_id;
394 for (int i = 0; i < 10; i++) {
395 NL_LOG(LOG_DEBUG3, "socket %p, trying to assign port %d", nlp->nl_socket, port_id);
397 exist = nl_port_lookup(port_id) != 0;
400 error = nl_assign_port(nlp, port_id);
401 if (error != EADDRINUSE)
406 NL_LOG(LOG_DEBUG3, "socket %p, autobind to %d, error: %d", nlp->nl_socket, port_id, error);
411 nl_pru_connect(struct socket *so, struct sockaddr *sa, struct thread *td)
413 struct sockaddr_nl *snl = (struct sockaddr_nl *)sa;
416 NL_LOG(LOG_DEBUG3, "socket %p, PID %d", so, curproc->p_pid);
417 if (snl->nl_len != sizeof(*snl)) {
418 NL_LOG(LOG_DEBUG, "socket %p, wrong sizeof(), ignoring bind()", so);
423 if (!nlp->nl_bound) {
424 int error = nl_autobind_port(nlp, td->td_proc->p_pid);
426 NL_LOG(LOG_DEBUG, "socket %p, nl_autobind() failed: %d", so, error);
430 /* XXX: Handle socket flags & multicast */
433 NL_LOG(LOG_DEBUG2, "socket %p, connect to %u", so, snl->nl_pid);
439 destroy_nlpcb(struct nlpcb *nlp)
443 NLP_LOCK_DESTROY(nlp);
448 destroy_nlpcb_epoch(epoch_context_t ctx)
452 nlp = __containerof(ctx, struct nlpcb, nl_epoch_ctx);
459 nl_pru_detach(struct socket *so)
461 struct nl_control *ctl = atomic_load_ptr(&V_nl_ctl);
462 MPASS(sotonlpcb(so) != NULL);
465 NL_LOG(LOG_DEBUG2, "detaching socket %p, PID %d", so, curproc->p_pid);
468 /* Mark as inactive so no new work can be enqueued */
470 bool was_bound = nlp->nl_bound;
471 nlp->nl_active = false;
474 /* Wait till all scheduled work has been completed */
475 taskqueue_drain_all(nlp->nl_taskqueue);
476 taskqueue_free(nlp->nl_taskqueue);
481 CK_LIST_REMOVE(nlp, nl_port_next);
482 NL_LOG(LOG_DEBUG3, "socket %p, unlinking bound pid %u", so, nlp->nl_port);
484 CK_LIST_REMOVE(nlp, nl_next);
485 nlp->nl_socket = NULL;
491 NL_LOG(LOG_DEBUG3, "socket %p, detached", so);
493 /* XXX: is delayed free needed? */
494 NET_EPOCH_CALL(destroy_nlpcb_epoch, &nlp->nl_epoch_ctx);
498 nl_pru_disconnect(struct socket *so)
500 NL_LOG(LOG_DEBUG3, "socket %p, PID %d", so, curproc->p_pid);
501 MPASS(sotonlpcb(so) != NULL);
506 nl_pru_peeraddr(struct socket *so, struct sockaddr **sa)
508 NL_LOG(LOG_DEBUG3, "socket %p, PID %d", so, curproc->p_pid);
509 MPASS(sotonlpcb(so) != NULL);
514 nl_pru_shutdown(struct socket *so)
516 NL_LOG(LOG_DEBUG3, "socket %p, PID %d", so, curproc->p_pid);
517 MPASS(sotonlpcb(so) != NULL);
523 nl_pru_sockaddr(struct socket *so, struct sockaddr **sa)
525 struct sockaddr_nl *snl;
527 snl = malloc(sizeof(struct sockaddr_nl), M_SONAME, M_WAITOK | M_ZERO);
528 /* TODO: set other fields */
529 snl->nl_len = sizeof(struct sockaddr_nl);
530 snl->nl_family = AF_NETLINK;
531 snl->nl_pid = sotonlpcb(so)->nl_port;
532 *sa = (struct sockaddr *)snl;
537 nl_pru_close(struct socket *so)
539 NL_LOG(LOG_DEBUG3, "socket %p, PID %d", so, curproc->p_pid);
540 MPASS(sotonlpcb(so) != NULL);
541 soisdisconnected(so);
545 nl_pru_output(struct mbuf *m, struct socket *so, ...)
548 if (__predict_false(m == NULL ||
549 ((m->m_len < sizeof(struct nlmsghdr)) &&
550 (m = m_pullup(m, sizeof(struct nlmsghdr))) == NULL)))
552 MPASS((m->m_flags & M_PKTHDR) != 0);
554 NL_LOG(LOG_DEBUG3, "sending message to kernel async processing");
555 nl_receive_async(m, so);
561 nl_pru_send(struct socket *so, int flags, struct mbuf *m, struct sockaddr *sa,
562 struct mbuf *control, struct thread *td)
564 NL_LOG(LOG_DEBUG2, "sending message to kernel");
566 if (__predict_false(control != NULL)) {
567 if (control->m_len) {
574 return (nl_pru_output(m, so));
578 nl_pru_rcvd(struct socket *so, int flags)
580 NL_LOG(LOG_DEBUG3, "socket %p, PID %d", so, curproc->p_pid);
581 MPASS(sotonlpcb(so) != NULL);
583 nl_on_transmit(sotonlpcb(so));
589 nl_getoptflag(int sopt_name)
592 case NETLINK_CAP_ACK:
593 return (NLF_CAP_ACK);
594 case NETLINK_EXT_ACK:
595 return (NLF_EXT_ACK);
596 case NETLINK_GET_STRICT_CHK:
604 nl_ctloutput(struct socket *so, struct sockopt *sopt)
606 struct nl_control *ctl = atomic_load_ptr(&V_nl_ctl);
607 struct nlpcb *nlp = sotonlpcb(so);
609 int optval, error = 0;
612 NL_LOG(LOG_DEBUG2, "%ssockopt(%p, %d)", (sopt->sopt_dir) ? "set" : "get",
613 so, sopt->sopt_name);
615 switch (sopt->sopt_dir) {
617 switch (sopt->sopt_name) {
618 case NETLINK_ADD_MEMBERSHIP:
619 case NETLINK_DROP_MEMBERSHIP:
620 sooptcopyin(sopt, &optval, sizeof(optval), sizeof(optval));
621 if (optval <= 0 || optval >= NLP_MAX_GROUPS) {
625 NL_LOG(LOG_DEBUG2, "ADD/DEL group %d", (uint32_t)optval);
628 if (sopt->sopt_name == NETLINK_ADD_MEMBERSHIP)
629 nl_add_group_locked(nlp, optval);
631 nl_del_group_locked(nlp, optval);
634 case NETLINK_CAP_ACK:
635 case NETLINK_EXT_ACK:
636 case NETLINK_GET_STRICT_CHK:
637 sooptcopyin(sopt, &optval, sizeof(optval), sizeof(optval));
639 flag = nl_getoptflag(sopt->sopt_name);
643 nlp->nl_flags |= flag;
645 nlp->nl_flags &= ~flag;
653 switch (sopt->sopt_name) {
654 case NETLINK_LIST_MEMBERSHIPS:
656 optval = nl_get_groups_compat(nlp);
658 error = sooptcopyout(sopt, &optval, sizeof(optval));
660 case NETLINK_CAP_ACK:
661 case NETLINK_EXT_ACK:
662 case NETLINK_GET_STRICT_CHK:
664 optval = (nlp->nl_flags & nl_getoptflag(sopt->sopt_name)) != 0;
666 error = sooptcopyout(sopt, &optval, sizeof(optval));
680 sysctl_handle_nl_maxsockbuf(SYSCTL_HANDLER_ARGS)
683 u_long tmp_maxsockbuf = nl_maxsockbuf;
685 error = sysctl_handle_long(oidp, &tmp_maxsockbuf, arg2, req);
686 if (error || !req->newptr)
688 if (tmp_maxsockbuf < MSIZE + MCLBYTES)
690 nl_maxsockbuf = tmp_maxsockbuf;
697 nl_setsbopt(struct socket *so, struct sockopt *sopt)
702 if (sopt->sopt_name != SO_RCVBUF)
703 return (sbsetopt(so, sopt));
705 /* Allow to override max buffer size in certain conditions */
707 error = sooptcopyin(sopt, &optval, sizeof optval, sizeof optval);
710 NL_LOG(LOG_DEBUG2, "socket %p, PID %d, SO_RCVBUF=%d", so, curproc->p_pid, optval);
711 if (optval > sb_max_adj) {
712 if (priv_check(curthread, PRIV_NET_ROUTE) != 0)
716 SOCK_RECVBUF_LOCK(so);
717 result = sbreserve_locked_limit(so, SO_RCV, optval, nl_maxsockbuf, curthread);
718 SOCK_RECVBUF_UNLOCK(so);
720 return (result ? 0 : ENOBUFS);
724 struct pr_usrreqs nl_usrreqs = {
725 .pru_abort = nl_pru_abort,
726 .pru_attach = nl_pru_attach,
727 .pru_bind = nl_pru_bind,
728 .pru_connect = nl_pru_connect,
729 .pru_detach = nl_pru_detach,
730 .pru_disconnect = nl_pru_disconnect,
731 .pru_peeraddr = nl_pru_peeraddr,
732 .pru_rcvd = nl_pru_rcvd,
733 .pru_send = nl_pru_send,
734 //.pru_soreceive = soreceive_dgram,
735 //.pru_sosend = sosend_dgram,
736 .pru_shutdown = nl_pru_shutdown,
737 .pru_sockaddr = nl_pru_sockaddr,
738 //.pru_sosetlabel = in_pcbsosetlabel,
739 .pru_close = nl_pru_close,
742 static struct domain netlinkdomain;
744 static struct protosw netlinksw[] = {
747 .pr_domain = &netlinkdomain,
748 .pr_protocol = 0, // IPPROTO_UDP
749 .pr_flags = PR_ATOMIC | PR_ADDR | PR_WANTRCVD,
750 .pr_ctloutput = nl_ctloutput,
751 .pr_usrreqs = &nl_usrreqs,
754 .pr_type = SOCK_DGRAM,
755 .pr_domain = &netlinkdomain,
756 .pr_protocol = 0, // IPPROTO_UDP
757 .pr_flags = PR_ATOMIC | PR_ADDR | PR_WANTRCVD,
758 .pr_ctloutput = nl_ctloutput,
759 .pr_usrreqs = &nl_usrreqs,
763 static struct domain netlinkdomain = {
764 .dom_family = AF_NETLINK,
765 .dom_name = "netlink",
766 #ifdef DOMF_UNLOADABLE
767 .dom_flags = DOMF_UNLOADABLE,
769 .dom_protosw = &netlinksw[0],
770 .dom_protoswNPROTOSW = (&netlinksw[0] + 2),