Make struct pfsync_state contents configurable by sending out new
versions of the structure in separate subheader actions. Both old and
new version of struct pfsync_state can be understood, so replication of
states from a system running an older kernel is possible. The version
being sent out is configured using ifconfig pfsync0 … version XXXX. The
version is an user-friendly string - 1301 stands for FreeBSD 13.1 (I
have checked synchronization against a host running 13.1), 1400 stands
for 14.0.
A host running an older kernel will just ignore the messages and count
them as "packets discarded for bad action".
Reviewed by: kp
Sponsored by: InnoGames GmbH
Differential Revision: https://reviews.freebsd.org/D39392
Internally, inet and inet6 family handlers store state for
address addition and deletion separately, as, for example,
"ifconfig lo0 inet 127.0.0.2/32" triggers a) deletion of the
first interface address and b) addition of a new one.
The current logic behind handling "-alias" being the last argument
is to copy the address from "addition" state to the "deletion"
state. It is done by the generic ifconfig code, which explicitly
typecasts opaque handler state pointers to "struct ifreq", which
doesn't work in the Netlink case.
Fix this by introducing family-specific "af_copyaddr" handler,
which removes the peeking & typecasting logic from the generic code.
Reported by: otis
Tested by: otis
The structure consists of all current context - arguments,
open sockets, current family and so on.
Pass this structure as a first argument to most of the af_ menthods.
This allows to propagate and update shared data without using
global variables.
The diff is pretty large, but de-facto mechanical. All changes
except the structure setup in ifconfig[_netlink].c are one-line
mechanical changes.
Reviewed by: kp
Differential Revision: https://reviews.freebsd.org/D40239
MFC after: 2 weeks
Cleanup compiler warnings in preparation to set Wextra and remove WARNS?=2
Differential Revision: https://reviews.freebsd.org/D40238
MFC after: 2 weeks
Add -j <jail> flag to ifconfig to allow ifconfig to attach and run inside a
jail. This allow parent to configure network interfaces of its children
even if ifconfig is not available in child's tree (e.g. Linux Jails)
Reviewed by: emaste, khng, melifaro
Event: Kitchener-Waterloo Hackathon 202305
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D40213
Currently carp implementation peeks into the opaque 'afp->af_addreq'
buffer, assumes it knows the af-specific layout and assigns vhid
directly.
Simplify the code and remove abstraction leak by introducing per-afp
callback for setting vhid.
This change is a pre-requisite to set addresses via Netlink,
as Netlink implementiation uses different structure layout.
Reviewed by: kp
Differential Revision: https://reviews.freebsd.org/D40160
MFC after: 2 weeks
getaddrinfo() returns 0 if it succeeded, but it's not guaranteed to
return 1 on error. Check for success rather than for one specific error.
Without this fix commands such as `ifconfig bnxt1 inet6 add vhid 1 peer6
2001:db8::1/64` would segfault ifconfig.
Sponsored by: Rubicon Communications, LLC ("Netgate")
When trying to auto-load a module, we trim the interface number off
the end. Currently we stop at the first digit. For interfaces which
have numbers in the driver name this does not work well.
In the current example ifconfig ath10k0 would load ath(4) instead of
ath10k(4). For module/interface names like rtw88[0] we never guess
correctly.
To improve for the case we can, start trimming off digits from the
end rather than the front.
Sponsored by: The FreeBSD Foundation
Reported by: thierry
MFC after: 20 days
Reviewed by: melifaro, thierry
Differential Revision: https://reviews.freebsd.org/D40137
This change is a prerequisite for netlink conversion.
No functional changes intended.
Reviewed by: kp
Differential Revision: https://reviews.freebsd.org/D40033
MFC after: 2 weeks
The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch
up to that fact and revert to their recommended match of BSD-2-Clause.
Discussed with: pfg
MFC After: 3 days
Sponsored by: Netflix
Reduce the amount of global variables by creating the dedicated
ifconfig_args structure and use it as a context-passing variable.
Simplify the code by moving all argument preparation code a
separate function.
Reviewed by: kp (previous version)
Differential Revision: https://reviews.freebsd.org/D39932
MFC after: 2 weeks
For clone create and rename operations, the interface name get back can be
different from the one passed to ioctl(). Use the interface name we get back
so that ifconfig will not return unexpected ENXIO.
PR: 270618
Reviewed by: kp
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D39396
VLAN identifier 0xFFF is reserved. It must not be configured or
transmitted.
Also validate during parsing to prevent potential integer overflow.
Reviewed by: #network, melifaro
Fixes: c7cffd65c5 Add support for stacked VLANs (IEEE 802.1ad, AKA Q-in-Q)
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D39282
In certain setups (e.g., autonomous APs) it is extremly helpful to have
a way to map the BSSIDs to names for both normal status output as well
as the scan list. This often allows a quicker overview than remembering
(or manually looking up) BSSIDs.
Call ether_ntohost() on the bssid and consult /etc/ethers
and print "(name)" after the bssid for the status output and "(name)"
at the end of the line after the IE list.
MFC after: 10 days
Reviewed by: adrian, cy
Differential Revision: https://reviews.freebsd.org/D39192
Allow users to configure the address to send carp messages to. This
allows carp to be used in unicast mode, which is useful in certain
virtual configurations (e.g. AWS, VMWare ESXi, ...)
Reviewed by: melifaro
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D38940
Allow carp configuration information to be supplied and retrieved via
netlink.
Reviewed by: melifaro
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D39048
This reverts commit 2c24ad3377.
This change causes some commands to fail, for example when working with
renamed interfaces or when trying to list a nonexistent interface by
name.
PR: 269042
Reported by: dbaio, Michael Paepcke <bugs.fbsd@paepcke.de>
MFC with: 2c24ad3377
If "ifconfig create" tries to load a kernel module, and the module
exists but can't be loaded, fail the command with a useful error
message. This is helpful, for example, when trying to create a cloned
interface in a vnet jail. But ignore ENOENT, because sometimes ifconfig
can't correctly guess the name of the required kernel module.
MFC after: 2 weeks
Reviewed by: jhb
Differential Revision: https://reviews.freebsd.org/D37873
Work is ongoing to add support for pfsync over IPv6. This required some
changes to allow for differentiating between the two families in a more
generic way.
This patch converts the relevant ioctls to using nvlists, making future
extensions (such as supporting IPv6 addresses) easier.
Sponsored by: InnoGames GmbH
Differential Revision: https://reviews.freebsd.org/D36277
We have repeatedly gotten reports of unclassified SIOCIFCREATE2 errors
(usually "Device not configured"). This can happen if there is
configuration for interfaces in rc.conf which do not (yet) exist and
we try to configure. I can, e.g., provoke this by configuring wlan
interfaces with their physical interface not installed.
In order to cut support (guesswork) down print the name of the
interface to be configured with the error message.
Hopefully this will help us in the future to improve other configuration
or driver problems.
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
The setvlantag() and setvlanproto() functions are used in two scenarios:
when we create a new vlan interface and when we update an existing
interface.
These are distinguished by the getvlan() at the end of the functions. If
this fails we assume that is because the interface doesn't exist (so
we're creating a new one). We only update the 'params' struct, and
expect the settings to be applied when we vlan_create().
However, if we're updating an existing interface we do not retrieve the
current settings, and can end up invalidating settings.
Fix this by using the settings we retrieved while checking which
scenario we're in.
Note that we do not address this for setvlandev(), because if_vlan does
not allow the vlan parent device to be changed without disassociating it
first (with ifconfig vlanX -vlandev).
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D35848
Replace ppp(4) removed since FreeBSD 8.0-RELEASE with vlan(4).
While here, remove commented out reference to non-existing "egress"
interface group hiding since initial import of interface groups
from OpenBSD in 2006.
Provide sticky ARP flag for network interface which marks it as the
"sticky" one similarly to what we have for bridges. Once interface is
marked sticky, any address resolved using the ARP will be saved as a
static one in the ARP table. Such functionality may be used to prevent
ARP spoofing or to decrease latencies in Ethernet networks.
The drawbacks include potential limitations in usage of ARP-based
load-balancers and high-availability solutions such as carp(4).
The implemented option is disabled by default, therefore should not
impact the default behaviour of the networking stack.
Sponsored by: Conclusive Engineering sp. z o.o.
Reviewed By: melifaro, pauamma_gundo.com
Differential Revision: https://reviews.freebsd.org/D35314
MFC after: 2 weeks