1 /*-
2 * SPDX-License-Identifier: BSD-2-Clause
3 *
4 * Copyright (c) 2021-2022 Alexander V. Chernikov
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25 * SUCH DAMAGE.
26 */
27
28 #include <sys/cdefs.h>
29 #include "opt_inet.h"
30 #include "opt_inet6.h"
31 #include "opt_route.h"
32
33 #include <sys/param.h>
34 #include <sys/systm.h>
35 #include <sys/malloc.h>
36 #include <sys/socket.h>
37 #include <sys/jail.h>
38 #include <sys/kernel.h>
39 #include <sys/lock.h>
40 #include <sys/rmlock.h>
41
42 #include <net/if.h>
43 #include <net/if_var.h>
44 #include <net/vnet.h>
45 #include <net/route.h>
46 #include <net/route/route_ctl.h>
47 #include <net/route/route_var.h>
48 #include <net/route/nhop.h>
49 #include <netinet/in.h>
50 #include <netinet6/scope6_var.h>
51 #include <netinet6/in6_var.h>
52
53 #include <vm/uma.h>
54
55 /* Routing table UMA zone */
56 VNET_DEFINE_STATIC(uma_zone_t, rtzone);
57 #define V_rtzone VNET(rtzone)
58
59 void
vnet_rtzone_init(void)60 vnet_rtzone_init(void)
61 {
62
63 V_rtzone = uma_zcreate("rtentry", sizeof(struct rtentry),
64 NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0);
65 }
66
67 #ifdef VIMAGE
68 void
vnet_rtzone_destroy(void)69 vnet_rtzone_destroy(void)
70 {
71
72 uma_zdestroy(V_rtzone);
73 }
74 #endif
75
76 /*
77 * Creates rtentry and based on @dst/@netmask data.
78 * Return 0 and fills in rtentry into @prt on success,
79 * Note: rtentry mask ptr will be set to @netmask , thus its pointer is required
80 * to be stable till the end of the operation (radix rt insertion/change/removal).
81 */
82 struct rtentry *
rt_alloc(struct rib_head * rnh,const struct sockaddr * dst,struct sockaddr * netmask)83 rt_alloc(struct rib_head *rnh, const struct sockaddr *dst,
84 struct sockaddr *netmask)
85 {
86 MPASS(dst->sa_len <= sizeof(((struct rtentry *)NULL)->rt_dstb));
87
88 struct rtentry *rt = uma_zalloc(V_rtzone, M_NOWAIT | M_ZERO);
89 if (rt == NULL)
90 return (NULL);
91 rt->rte_flags = RTF_UP | (netmask == NULL ? RTF_HOST : 0);
92
93 /* Fill in dst, ensuring it's masked if needed. */
94 if (netmask != NULL) {
95 rt_maskedcopy(dst, &rt->rt_dst, netmask);
96 } else
97 bcopy(dst, &rt->rt_dst, dst->sa_len);
98 rt_key(rt) = &rt->rt_dst;
99 /* Set netmask to the storage from info. It will be updated upon insertion */
100 rt_mask(rt) = netmask;
101
102 return (rt);
103 }
104
105 static void
destroy_rtentry(struct rtentry * rt)106 destroy_rtentry(struct rtentry *rt)
107 {
108 #ifdef VIMAGE
109 struct nhop_object *nh = rt->rt_nhop;
110
111 /*
112 * At this moment rnh, nh_control may be already freed.
113 * nhop interface may have been migrated to a different vnet.
114 * Use vnet stored in the nexthop to delete the entry.
115 */
116 #ifdef ROUTE_MPATH
117 if (NH_IS_NHGRP(nh)) {
118 const struct weightened_nhop *wn;
119 uint32_t num_nhops;
120 wn = nhgrp_get_nhops((struct nhgrp_object *)nh, &num_nhops);
121 nh = wn[0].nh;
122 }
123 #endif
124 CURVNET_SET(nhop_get_vnet(nh));
125 #endif
126
127 /* Unreference nexthop */
128 nhop_free_any(rt->rt_nhop);
129
130 rt_free_immediate(rt);
131
132 CURVNET_RESTORE();
133 }
134
135 /*
136 * Epoch callback indicating rtentry is safe to destroy
137 */
138 static void
destroy_rtentry_epoch(epoch_context_t ctx)139 destroy_rtentry_epoch(epoch_context_t ctx)
140 {
141 struct rtentry *rt;
142
143 rt = __containerof(ctx, struct rtentry, rt_epoch_ctx);
144
145 destroy_rtentry(rt);
146 }
147
148 /*
149 * Schedule rtentry deletion
150 */
151 void
rt_free(struct rtentry * rt)152 rt_free(struct rtentry *rt)
153 {
154
155 KASSERT(rt != NULL, ("%s: NULL rt", __func__));
156
157 NET_EPOCH_CALL(destroy_rtentry_epoch, &rt->rt_epoch_ctx);
158 }
159
160 void
rt_free_immediate(struct rtentry * rt)161 rt_free_immediate(struct rtentry *rt)
162 {
163 uma_zfree(V_rtzone, rt);
164 }
165
166 bool
rt_is_host(const struct rtentry * rt)167 rt_is_host(const struct rtentry *rt)
168 {
169
170 return (rt->rte_flags & RTF_HOST);
171 }
172
173 sa_family_t
rt_get_family(const struct rtentry * rt)174 rt_get_family(const struct rtentry *rt)
175 {
176 const struct sockaddr *dst;
177
178 dst = (const struct sockaddr *)rt_key_const(rt);
179
180 return (dst->sa_family);
181 }
182
183 /*
184 * Returns pointer to nexthop or nexthop group
185 * associated with @rt
186 */
187 struct nhop_object *
rt_get_raw_nhop(const struct rtentry * rt)188 rt_get_raw_nhop(const struct rtentry *rt)
189 {
190
191 return (rt->rt_nhop);
192 }
193
194 void
rt_get_rnd(const struct rtentry * rt,struct route_nhop_data * rnd)195 rt_get_rnd(const struct rtentry *rt, struct route_nhop_data *rnd)
196 {
197 rnd->rnd_nhop = rt->rt_nhop;
198 rnd->rnd_weight = rt->rt_weight;
199 }
200
201 /*
202 * If the process in in jail w/o VNET, export only host routes for the
203 * addresses assigned to the jail.
204 * Otherwise, allow exporting the entire table.
205 */
206 bool
rt_is_exportable(const struct rtentry * rt,struct ucred * cred)207 rt_is_exportable(const struct rtentry *rt, struct ucred *cred)
208 {
209 if (!rt_is_host(rt)) {
210 /*
211 * Performance optimisation: only host routes are allowed
212 * in the jail w/o vnet.
213 */
214 if (jailed_without_vnet(cred))
215 return (false);
216 } else {
217 if (prison_if(cred, rt_key_const(rt)) != 0)
218 return (false);
219 }
220
221 return (true);
222 }
223
224 #ifdef INET
225 /*
226 * Stores IPv4 address and prefix length of @rt inside
227 * @paddr and @plen.
228 * @pscopeid is currently always set to 0.
229 */
230 void
rt_get_inet_prefix_plen(const struct rtentry * rt,struct in_addr * paddr,int * plen,uint32_t * pscopeid)231 rt_get_inet_prefix_plen(const struct rtentry *rt, struct in_addr *paddr,
232 int *plen, uint32_t *pscopeid)
233 {
234 const struct sockaddr_in *dst;
235
236 dst = (const struct sockaddr_in *)rt_key_const(rt);
237 KASSERT((dst->sin_family == AF_INET),
238 ("rt family is %d, not inet", dst->sin_family));
239 *paddr = dst->sin_addr;
240 dst = (const struct sockaddr_in *)rt_mask_const(rt);
241 if (dst == NULL)
242 *plen = 32;
243 else
244 *plen = bitcount32(dst->sin_addr.s_addr);
245 *pscopeid = 0;
246 }
247
248 /*
249 * Stores IPv4 address and prefix mask of @rt inside
250 * @paddr and @pmask. Sets mask to INADDR_ANY for host routes.
251 * @pscopeid is currently always set to 0.
252 */
253 void
rt_get_inet_prefix_pmask(const struct rtentry * rt,struct in_addr * paddr,struct in_addr * pmask,uint32_t * pscopeid)254 rt_get_inet_prefix_pmask(const struct rtentry *rt, struct in_addr *paddr,
255 struct in_addr *pmask, uint32_t *pscopeid)
256 {
257 const struct sockaddr_in *dst;
258
259 dst = (const struct sockaddr_in *)rt_key_const(rt);
260 KASSERT((dst->sin_family == AF_INET),
261 ("rt family is %d, not inet", dst->sin_family));
262 *paddr = dst->sin_addr;
263 dst = (const struct sockaddr_in *)rt_mask_const(rt);
264 if (dst == NULL)
265 pmask->s_addr = INADDR_BROADCAST;
266 else
267 *pmask = dst->sin_addr;
268 *pscopeid = 0;
269 }
270 #endif
271
272 #ifdef INET6
273 static int
inet6_get_plen(const struct in6_addr * addr)274 inet6_get_plen(const struct in6_addr *addr)
275 {
276
277 return (bitcount32(addr->s6_addr32[0]) + bitcount32(addr->s6_addr32[1]) +
278 bitcount32(addr->s6_addr32[2]) + bitcount32(addr->s6_addr32[3]));
279 }
280
281 /*
282 * Stores IPv6 address and prefix length of @rt inside
283 * @paddr and @plen. Addresses are returned in de-embedded form.
284 * Scopeid is set to 0 for non-LL addresses.
285 */
286 void
rt_get_inet6_prefix_plen(const struct rtentry * rt,struct in6_addr * paddr,int * plen,uint32_t * pscopeid)287 rt_get_inet6_prefix_plen(const struct rtentry *rt, struct in6_addr *paddr,
288 int *plen, uint32_t *pscopeid)
289 {
290 const struct sockaddr_in6 *dst;
291
292 dst = (const struct sockaddr_in6 *)rt_key_const(rt);
293 KASSERT((dst->sin6_family == AF_INET6),
294 ("rt family is %d, not inet6", dst->sin6_family));
295 if (IN6_IS_SCOPE_LINKLOCAL(&dst->sin6_addr))
296 in6_splitscope(&dst->sin6_addr, paddr, pscopeid);
297 else
298 *paddr = dst->sin6_addr;
299 dst = (const struct sockaddr_in6 *)rt_mask_const(rt);
300 if (dst == NULL)
301 *plen = 128;
302 else
303 *plen = inet6_get_plen(&dst->sin6_addr);
304 }
305
306 /*
307 * Stores IPv6 address and prefix mask of @rt inside
308 * @paddr and @pmask. Addresses are returned in de-embedded form.
309 * Scopeid is set to 0 for non-LL addresses.
310 */
311 void
rt_get_inet6_prefix_pmask(const struct rtentry * rt,struct in6_addr * paddr,struct in6_addr * pmask,uint32_t * pscopeid)312 rt_get_inet6_prefix_pmask(const struct rtentry *rt, struct in6_addr *paddr,
313 struct in6_addr *pmask, uint32_t *pscopeid)
314 {
315 const struct sockaddr_in6 *dst;
316
317 dst = (const struct sockaddr_in6 *)rt_key_const(rt);
318 KASSERT((dst->sin6_family == AF_INET6),
319 ("rt family is %d, not inet", dst->sin6_family));
320 if (IN6_IS_SCOPE_LINKLOCAL(&dst->sin6_addr))
321 in6_splitscope(&dst->sin6_addr, paddr, pscopeid);
322 else
323 *paddr = dst->sin6_addr;
324 dst = (const struct sockaddr_in6 *)rt_mask_const(rt);
325 if (dst == NULL)
326 memset(pmask, 0xFF, sizeof(struct in6_addr));
327 else
328 *pmask = dst->sin6_addr;
329 }
330 #endif
331
332
333