projects / project / netifd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
proto: Fix possible buffer overflow due to non null terminated string
[project/netifd.git] / bridge.c
1 /*
2  * netifd - network interface daemon
3  * Copyright (C) 2012 Felix Fietkau <nbd@openwrt.org>
4  *
5  * This program is free software; you can redistribute it and/or modify
6  * it under the terms of the GNU General Public License version 2
7  * as published by the Free Software Foundation
8  *
9  * This program is distributed in the hope that it will be useful,
10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12  * GNU General Public License for more details.
13  */
14 #include <string.h>
15 #include <stdlib.h>
16 #include <stdio.h>
17 #include <assert.h>
18 #include <errno.h>
19
20 #include "netifd.h"
21 #include "device.h"
22 #include "interface.h"
23 #include "system.h"
24
25 enum {
26         BRIDGE_ATTR_IFNAME,
27         BRIDGE_ATTR_STP,
28         BRIDGE_ATTR_FORWARD_DELAY,
29         BRIDGE_ATTR_PRIORITY,
30         BRIDGE_ATTR_IGMP_SNOOP,
31         BRIDGE_ATTR_AGEING_TIME,
32         BRIDGE_ATTR_HELLO_TIME,
33         BRIDGE_ATTR_MAX_AGE,
34         BRIDGE_ATTR_BRIDGE_EMPTY,
35         BRIDGE_ATTR_MULTICAST_QUERIER,
36         BRIDGE_ATTR_HASH_MAX,
37         __BRIDGE_ATTR_MAX
38 };
39
40 static const struct blobmsg_policy bridge_attrs[__BRIDGE_ATTR_MAX] = {
41         [BRIDGE_ATTR_IFNAME] = { "ifname", BLOBMSG_TYPE_ARRAY },
42         [BRIDGE_ATTR_STP] = { "stp", BLOBMSG_TYPE_BOOL },
43         [BRIDGE_ATTR_FORWARD_DELAY] = { "forward_delay", BLOBMSG_TYPE_INT32 },
44         [BRIDGE_ATTR_PRIORITY] = { "priority", BLOBMSG_TYPE_INT32 },
45         [BRIDGE_ATTR_AGEING_TIME] = { "ageing_time", BLOBMSG_TYPE_INT32 },
46         [BRIDGE_ATTR_HELLO_TIME] = { "hello_time", BLOBMSG_TYPE_INT32 },
47         [BRIDGE_ATTR_MAX_AGE] = { "max_age", BLOBMSG_TYPE_INT32 },
48         [BRIDGE_ATTR_IGMP_SNOOP] = { "igmp_snooping", BLOBMSG_TYPE_BOOL },
49         [BRIDGE_ATTR_BRIDGE_EMPTY] = { "bridge_empty", BLOBMSG_TYPE_BOOL },
50         [BRIDGE_ATTR_MULTICAST_QUERIER] = { "multicast_querier", BLOBMSG_TYPE_BOOL },
51         [BRIDGE_ATTR_HASH_MAX] = { "hash_max", BLOBMSG_TYPE_INT32 },
52 };
53
54 static const struct uci_blob_param_info bridge_attr_info[__BRIDGE_ATTR_MAX] = {
55         [BRIDGE_ATTR_IFNAME] = { .type = BLOBMSG_TYPE_STRING },
56 };
57
58 static const struct uci_blob_param_list bridge_attr_list = {
59         .n_params = __BRIDGE_ATTR_MAX,
60         .params = bridge_attrs,
61         .info = bridge_attr_info,
62
63         .n_next = 1,
64         .next = { &device_attr_list },
65 };
66
67 static struct device *bridge_create(const char *name, struct blob_attr *attr);
68 static void bridge_config_init(struct device *dev);
69 static void bridge_free(struct device *dev);
70 static void bridge_dump_info(struct device *dev, struct blob_buf *b);
71 enum dev_change_type
72 bridge_reload(struct device *dev, struct blob_attr *attr);
73
74 const struct device_type bridge_device_type = {
75         .name = "Bridge",
76         .config_params = &bridge_attr_list,
77
78         .create = bridge_create,
79         .config_init = bridge_config_init,
80         .reload = bridge_reload,
81         .free = bridge_free,
82         .dump_info = bridge_dump_info,
83 };
84
85 struct bridge_state {
86         struct device dev;
87         device_state_cb set_state;
88
89         struct blob_attr *config_data;
90         struct bridge_config config;
91         struct blob_attr *ifnames;
92         bool active;
93         bool force_active;
94
95         struct uloop_timeout retry;
96         struct bridge_member *primary_port;
97         struct vlist_tree members;
98         int n_present;
99         int n_failed;
100 };
101
102 struct bridge_member {
103         struct vlist_node node;
104         struct bridge_state *bst;
105         struct device_user dev;
106         bool present;
107         char name[];
108 };
109
110 static void
111 bridge_reset_primary(struct bridge_state *bst)
112 {
113         struct bridge_member *bm;
114
115         if (!bst->primary_port &&
116             (bst->dev.settings.flags & DEV_OPT_MACADDR))
117                 return;
118
119         bst->primary_port = NULL;
120         bst->dev.settings.flags &= ~DEV_OPT_MACADDR;
121         vlist_for_each_element(&bst->members, bm, node) {
122                 uint8_t *macaddr;
123
124                 if (!bm->present)
125                         continue;
126
127                 bst->primary_port = bm;
128                 if (bm->dev.dev->settings.flags & DEV_OPT_MACADDR)
129                         macaddr = bm->dev.dev->settings.macaddr;
130                 else
131                         macaddr = bm->dev.dev->orig_settings.macaddr;
132                 memcpy(bst->dev.settings.macaddr, macaddr, 6);
133                 bst->dev.settings.flags |= DEV_OPT_MACADDR;
134                 return;
135         }
136 }
137
138 static int
139 bridge_disable_member(struct bridge_member *bm)
140 {
141         struct bridge_state *bst = bm->bst;
142
143         if (!bm->present)
144                 return 0;
145
146         system_bridge_delif(&bst->dev, bm->dev.dev);
147         device_release(&bm->dev);
148
149         device_broadcast_event(&bst->dev, DEV_EVENT_TOPO_CHANGE);
150
151         return 0;
152 }
153
154 static int
155 bridge_enable_interface(struct bridge_state *bst)
156 {
157         int ret;
158
159         if (bst->active)
160                 return 0;
161
162         ret = system_bridge_addbr(&bst->dev, &bst->config);
163         if (ret < 0)
164                 return ret;
165
166         bst->active = true;
167         return 0;
168 }
169
170 static void
171 bridge_disable_interface(struct bridge_state *bst)
172 {
173         if (!bst->active)
174                 return;
175
176         system_bridge_delbr(&bst->dev);
177         bst->active = false;
178 }
179
180 static int
181 bridge_enable_member(struct bridge_member *bm)
182 {
183         struct bridge_state *bst = bm->bst;
184         int ret;
185
186         if (!bm->present)
187                 return 0;
188
189         ret = bridge_enable_interface(bst);
190         if (ret)
191                 goto error;
192
193         /* Disable IPv6 for bridge members */
194         if (!(bm->dev.dev->settings.flags & DEV_OPT_IPV6)) {
195                 bm->dev.dev->settings.ipv6 = 0;
196                 bm->dev.dev->settings.flags |= DEV_OPT_IPV6;
197         }
198
199         ret = device_claim(&bm->dev);
200         if (ret < 0)
201                 goto error;
202
203         ret = system_bridge_addif(&bst->dev, bm->dev.dev);
204         if (ret < 0) {
205                 D(DEVICE, "Bridge device %s could not be added\n", bm->dev.dev->ifname);
206                 goto error;
207         }
208
209         device_set_present(&bst->dev, true);
210         device_broadcast_event(&bst->dev, DEV_EVENT_TOPO_CHANGE);
211
212         return 0;
213
214 error:
215         bst->n_failed++;
216         bm->present = false;
217         bst->n_present--;
218         device_release(&bm->dev);
219
220         return ret;
221 }
222
223 static void
224 bridge_remove_member(struct bridge_member *bm)
225 {
226         struct bridge_state *bst = bm->bst;
227
228         if (!bm->present)
229                 return;
230
231         if (bm == bst->primary_port)
232                 bridge_reset_primary(bst);
233
234         if (bst->dev.active)
235                 bridge_disable_member(bm);
236
237         bm->present = false;
238         bm->bst->n_present--;
239
240         if (bst->config.bridge_empty)
241                 return;
242
243         bst->force_active = false;
244         if (bst->n_present == 0)
245                 device_set_present(&bst->dev, false);
246 }
247
248 static void
249 bridge_free_member(struct bridge_member *bm)
250 {
251         struct device *dev = bm->dev.dev;
252
253         bridge_remove_member(bm);
254         device_remove_user(&bm->dev);
255
256         /*
257          * When reloading the config and moving a device from one bridge to
258          * another, the other bridge may have tried to claim this device
259          * before it was removed here.
260          * Ensure that claiming the device is retried by toggling its present
261          * state
262          */
263         if (dev->present) {
264                 device_set_present(dev, false);
265                 device_set_present(dev, true);
266         }
267
268         free(bm);
269 }
270
271 static void
272 bridge_check_retry(struct bridge_state *bst)
273 {
274         if (!bst->n_failed)
275                 return;
276
277         uloop_timeout_set(&bst->retry, 100);
278 }
279
280 static void
281 bridge_member_cb(struct device_user *dev, enum device_event ev)
282 {
283         struct bridge_member *bm = container_of(dev, struct bridge_member, dev);
284         struct bridge_state *bst = bm->bst;
285
286         switch (ev) {
287         case DEV_EVENT_ADD:
288                 assert(!bm->present);
289
290                 bm->present = true;
291                 bst->n_present++;
292
293                 if (bst->n_present == 1)
294                         device_set_present(&bst->dev, true);
295                 if (bst->dev.active && !bridge_enable_member(bm)) {
296                         /*
297                          * Adding a bridge member can overwrite the bridge mtu
298                          * in the kernel, apply the bridge settings in case the
299                          * bridge mtu is set
300                          */
301                         system_if_apply_settings(&bst->dev, &bst->dev.settings,
302                                                  DEV_OPT_MTU | DEV_OPT_MTU6);
303                 }
304
305                 break;
306         case DEV_EVENT_REMOVE:
307                 if (dev->hotplug) {
308                         vlist_delete(&bst->members, &bm->node);
309                         return;
310                 }
311
312                 if (bm->present)
313                         bridge_remove_member(bm);
314
315                 break;
316         default:
317                 return;
318         }
319 }
320
321 static int
322 bridge_set_down(struct bridge_state *bst)
323 {
324         struct bridge_member *bm;
325
326         bst->set_state(&bst->dev, false);
327
328         vlist_for_each_element(&bst->members, bm, node)
329                 bridge_disable_member(bm);
330
331         bridge_disable_interface(bst);
332
333         return 0;
334 }
335
336 static int
337 bridge_set_up(struct bridge_state *bst)
338 {
339         struct bridge_member *bm;
340         int ret;
341
342         if (!bst->n_present) {
343                 if (!bst->force_active)
344                         return -ENOENT;
345
346                 ret = bridge_enable_interface(bst);
347                 if (ret)
348                         return ret;
349         }
350
351         bst->n_failed = 0;
352         vlist_for_each_element(&bst->members, bm, node)
353                 bridge_enable_member(bm);
354         bridge_check_retry(bst);
355
356         if (!bst->force_active && !bst->n_present) {
357                 /* initialization of all member interfaces failed */
358                 bridge_disable_interface(bst);
359                 device_set_present(&bst->dev, false);
360                 return -ENOENT;
361         }
362
363         bridge_reset_primary(bst);
364         ret = bst->set_state(&bst->dev, true);
365         if (ret < 0)
366                 bridge_set_down(bst);
367
368         return ret;
369 }
370
371 static int
372 bridge_set_state(struct device *dev, bool up)
373 {
374         struct bridge_state *bst;
375
376         bst = container_of(dev, struct bridge_state, dev);
377
378         if (up)
379                 return bridge_set_up(bst);
380         else
381                 return bridge_set_down(bst);
382 }
383
384 static struct bridge_member *
385 bridge_create_member(struct bridge_state *bst, struct device *dev, bool hotplug)
386 {
387         struct bridge_member *bm;
388
389         bm = calloc(1, sizeof(*bm) + strlen(dev->ifname) + 1);
390         if (!bm)
391                 return NULL;
392
393         bm->bst = bst;
394         bm->dev.cb = bridge_member_cb;
395         bm->dev.hotplug = hotplug;
396         strcpy(bm->name, dev->ifname);
397         bm->dev.dev = dev;
398         vlist_add(&bst->members, &bm->node, bm->name);
399         // Need to look up the bridge member again as the above
400         // created pointer will be freed in case the bridge member
401         // already existed
402         bm = vlist_find(&bst->members, dev->ifname, bm, node);
403         if (hotplug && bm)
404                 bm->node.version = -1;
405
406         return bm;
407 }
408
409 static void
410 bridge_member_update(struct vlist_tree *tree, struct vlist_node *node_new,
411                      struct vlist_node *node_old)
412 {
413         struct bridge_member *bm;
414         struct device *dev;
415
416         if (node_new) {
417                 bm = container_of(node_new, struct bridge_member, node);
418
419                 if (node_old) {
420                         free(bm);
421                         return;
422                 }
423
424                 dev = bm->dev.dev;
425                 bm->dev.dev = NULL;
426                 device_add_user(&bm->dev, dev);
427         }
428
429
430         if (node_old) {
431                 bm = container_of(node_old, struct bridge_member, node);
432                 bridge_free_member(bm);
433         }
434 }
435
436
437 static void
438 bridge_add_member(struct bridge_state *bst, const char *name)
439 {
440         struct device *dev;
441
442         dev = device_get(name, true);
443         if (!dev)
444                 return;
445
446         bridge_create_member(bst, dev, false);
447 }
448
449 static int
450 bridge_hotplug_add(struct device *dev, struct device *member)
451 {
452         struct bridge_state *bst = container_of(dev, struct bridge_state, dev);
453
454         bridge_create_member(bst, member, true);
455
456         return 0;
457 }
458
459 static int
460 bridge_hotplug_del(struct device *dev, struct device *member)
461 {
462         struct bridge_state *bst = container_of(dev, struct bridge_state, dev);
463         struct bridge_member *bm;
464
465         bm = vlist_find(&bst->members, member->ifname, bm, node);
466         if (!bm)
467                 return UBUS_STATUS_NOT_FOUND;
468
469         vlist_delete(&bst->members, &bm->node);
470         return 0;
471 }
472
473 static int
474 bridge_hotplug_prepare(struct device *dev)
475 {
476         struct bridge_state *bst;
477
478         bst = container_of(dev, struct bridge_state, dev);
479         bst->force_active = true;
480         device_set_present(&bst->dev, true);
481
482         return 0;
483 }
484
485 static const struct device_hotplug_ops bridge_ops = {
486         .prepare = bridge_hotplug_prepare,
487         .add = bridge_hotplug_add,
488         .del = bridge_hotplug_del
489 };
490
491 static void
492 bridge_free(struct device *dev)
493 {
494         struct bridge_state *bst;
495
496         bst = container_of(dev, struct bridge_state, dev);
497         vlist_flush_all(&bst->members);
498         free(bst->config_data);
499         free(bst);
500 }
501
502 static void
503 bridge_dump_info(struct device *dev, struct blob_buf *b)
504 {
505         struct bridge_state *bst;
506         struct bridge_member *bm;
507         void *list;
508
509         bst = container_of(dev, struct bridge_state, dev);
510
511         system_if_dump_info(dev, b);
512         list = blobmsg_open_array(b, "bridge-members");
513
514         vlist_for_each_element(&bst->members, bm, node)
515                 blobmsg_add_string(b, NULL, bm->dev.dev->ifname);
516
517         blobmsg_close_array(b, list);
518 }
519
520 static void
521 bridge_config_init(struct device *dev)
522 {
523         struct bridge_state *bst;
524         struct blob_attr *cur;
525         int rem;
526
527         bst = container_of(dev, struct bridge_state, dev);
528
529         if (bst->config.bridge_empty) {
530                 bst->force_active = true;
531                 device_set_present(&bst->dev, true);
532         }
533
534         bst->n_failed = 0;
535         vlist_update(&bst->members);
536         if (bst->ifnames) {
537                 blobmsg_for_each_attr(cur, bst->ifnames, rem) {
538                         bridge_add_member(bst, blobmsg_data(cur));
539                 }
540         }
541         vlist_flush(&bst->members);
542         bridge_check_retry(bst);
543 }
544
545 static void
546 bridge_apply_settings(struct bridge_state *bst, struct blob_attr **tb)
547 {
548         struct bridge_config *cfg = &bst->config;
549         struct blob_attr *cur;
550
551         /* defaults */
552         cfg->stp = false;
553         cfg->forward_delay = 2;
554         cfg->igmp_snoop = true;
555         cfg->multicast_querier = true;
556         cfg->hash_max = 512;
557         cfg->bridge_empty = false;
558         cfg->priority = 0x7FFF;
559
560         if ((cur = tb[BRIDGE_ATTR_STP]))
561                 cfg->stp = blobmsg_get_bool(cur);
562
563         if ((cur = tb[BRIDGE_ATTR_FORWARD_DELAY]))
564                 cfg->forward_delay = blobmsg_get_u32(cur);
565
566         if ((cur = tb[BRIDGE_ATTR_PRIORITY]))
567                 cfg->priority = blobmsg_get_u32(cur);
568
569         if ((cur = tb[BRIDGE_ATTR_IGMP_SNOOP]))
570                 cfg->multicast_querier = cfg->igmp_snoop = blobmsg_get_bool(cur);
571
572         if ((cur = tb[BRIDGE_ATTR_MULTICAST_QUERIER]))
573                 cfg->multicast_querier = blobmsg_get_bool(cur);
574
575         if ((cur = tb[BRIDGE_ATTR_HASH_MAX]))
576                 cfg->hash_max = blobmsg_get_u32(cur);
577
578         if ((cur = tb[BRIDGE_ATTR_AGEING_TIME])) {
579                 cfg->ageing_time = blobmsg_get_u32(cur);
580                 cfg->flags |= BRIDGE_OPT_AGEING_TIME;
581         }
582
583         if ((cur = tb[BRIDGE_ATTR_HELLO_TIME])) {
584                 cfg->hello_time = blobmsg_get_u32(cur);
585                 cfg->flags |= BRIDGE_OPT_HELLO_TIME;
586         }
587
588         if ((cur = tb[BRIDGE_ATTR_MAX_AGE])) {
589                 cfg->max_age = blobmsg_get_u32(cur);
590                 cfg->flags |= BRIDGE_OPT_MAX_AGE;
591         }
592
593         if ((cur = tb[BRIDGE_ATTR_BRIDGE_EMPTY]))
594                 cfg->bridge_empty = blobmsg_get_bool(cur);
595 }
596
597 enum dev_change_type
598 bridge_reload(struct device *dev, struct blob_attr *attr)
599 {
600         struct blob_attr *tb_dev[__DEV_ATTR_MAX];
601         struct blob_attr *tb_br[__BRIDGE_ATTR_MAX];
602         enum dev_change_type ret = DEV_CONFIG_APPLIED;
603         unsigned long diff;
604         struct bridge_state *bst;
605
606         BUILD_BUG_ON(sizeof(diff) < __BRIDGE_ATTR_MAX / 8);
607         BUILD_BUG_ON(sizeof(diff) < __DEV_ATTR_MAX / 8);
608
609         bst = container_of(dev, struct bridge_state, dev);
610         attr = blob_memdup(attr);
611
612         blobmsg_parse(device_attr_list.params, __DEV_ATTR_MAX, tb_dev,
613                 blob_data(attr), blob_len(attr));
614         blobmsg_parse(bridge_attrs, __BRIDGE_ATTR_MAX, tb_br,
615                 blob_data(attr), blob_len(attr));
616
617         bst->ifnames = tb_br[BRIDGE_ATTR_IFNAME];
618         device_init_settings(dev, tb_dev);
619         bridge_apply_settings(bst, tb_br);
620
621         if (bst->config_data) {
622                 struct blob_attr *otb_dev[__DEV_ATTR_MAX];
623                 struct blob_attr *otb_br[__BRIDGE_ATTR_MAX];
624
625                 blobmsg_parse(device_attr_list.params, __DEV_ATTR_MAX, otb_dev,
626                         blob_data(bst->config_data), blob_len(bst->config_data));
627
628                 diff = 0;
629                 uci_blob_diff(tb_dev, otb_dev, &device_attr_list, &diff);
630                 if (diff)
631                     ret = DEV_CONFIG_RESTART;
632
633                 blobmsg_parse(bridge_attrs, __BRIDGE_ATTR_MAX, otb_br,
634                         blob_data(bst->config_data), blob_len(bst->config_data));
635
636                 diff = 0;
637                 uci_blob_diff(tb_br, otb_br, &bridge_attr_list, &diff);
638                 if (diff & ~(1 << BRIDGE_ATTR_IFNAME))
639                     ret = DEV_CONFIG_RESTART;
640
641                 bridge_config_init(dev);
642         }
643
644         free(bst->config_data);
645         bst->config_data = attr;
646         return ret;
647 }
648
649 static void
650 bridge_retry_members(struct uloop_timeout *timeout)
651 {
652         struct bridge_state *bst = container_of(timeout, struct bridge_state, retry);
653         struct bridge_member *bm;
654
655         bst->n_failed = 0;
656         vlist_for_each_element(&bst->members, bm, node) {
657                 if (bm->present)
658                         continue;
659
660                 if (!bm->dev.dev->present)
661                         continue;
662
663                 bm->present = true;
664                 bst->n_present++;
665                 bridge_enable_member(bm);
666         }
667 }
668
669 static struct device *
670 bridge_create(const char *name, struct blob_attr *attr)
671 {
672         struct bridge_state *bst;
673         struct device *dev = NULL;
674
675         bst = calloc(1, sizeof(*bst));
676         if (!bst)
677                 return NULL;
678
679         dev = &bst->dev;
680         device_init(dev, &bridge_device_type, name);
681         dev->config_pending = true;
682         bst->retry.cb = bridge_retry_members;
683
684         bst->set_state = dev->set_state;
685         dev->set_state = bridge_set_state;
686
687         dev->hotplug_ops = &bridge_ops;
688
689         vlist_init(&bst->members, avl_strcmp, bridge_member_update);
690         bst->members.keep_old = true;
691         bridge_reload(dev, attr);
692
693         return dev;
694 }
OpenWrt Network interface configuration daemon