git: bc6372602a00 - stable/13 - bhyve: Use VMIO_SIOCSIFFLAGS instead of SIOCGIFFLAGS

From: Mark Johnston <markj_at_FreeBSD.org>
Date: Tue, 24 Oct 2023 13:38:08 UTC
The branch stable/13 has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=bc6372602a0042e5496d9ab6637558f98af0deef

commit bc6372602a0042e5496d9ab6637558f98af0deef
Author:     Jan Bramkamp <crest+freebsd@rlwinm.de>
AuthorDate: 2023-09-04 08:38:25 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2023-10-24 13:21:26 +0000

    bhyve: Use VMIO_SIOCSIFFLAGS instead of SIOCGIFFLAGS
    
    Creating an IP socket to invoke the SIOCGIFFLAGS ioctl on is the only
    thing preventing bhyve from working inside a bhyve jail with IPv4 and
    IPv6 disabled restricting the jailed bhyve process to only access the
    host network via a tap/vmnet device node.
    
    PR:             273557
    Fixes:          56be282bc999 ("bhyve: net_backends, automatically IFF_UP tap devices")
    Reviewed by:    markj
    MFC after:      1 week
    
    (cherry picked from commit fd8b9c73a5a63a7aa438a73951d7a535b4f25d9a)
---
 usr.sbin/bhyve/net_backends.c | 52 ++++---------------------------------------
 1 file changed, 4 insertions(+), 48 deletions(-)

diff --git a/usr.sbin/bhyve/net_backends.c b/usr.sbin/bhyve/net_backends.c
index fa7cd9c81f46..99781cfdcbb6 100644
--- a/usr.sbin/bhyve/net_backends.c
+++ b/usr.sbin/bhyve/net_backends.c
@@ -42,9 +42,7 @@
 #include <sys/uio.h>
 
 #include <net/if.h>
-#if defined(INET6) || defined(INET)
 #include <net/if_tap.h>
-#endif
 #include <net/netmap.h>
 #include <net/netmap_virt.h>
 #define NETMAP_WITH_LIBS
@@ -180,17 +178,6 @@ SET_DECLARE(net_backend_set, struct net_backend);
  * The tap backend
  */
 
-#if defined(INET6) || defined(INET)
-static const int pf_list[] = {
-#if defined(INET6)
-	PF_INET6,
-#endif
-#if defined(INET)
-	PF_INET,
-#endif
-};
-#endif
-
 struct tap_priv {
 	struct mevent *mevp;
 	/*
@@ -222,11 +209,8 @@ tap_init(struct net_backend *be, const char *devname,
 {
 	struct tap_priv *priv = NET_BE_PRIV(be);
 	char tbuf[80];
-	int opt = 1;
-#if defined(INET6) || defined(INET)
-	struct ifreq ifrq;
-	int s;
-#endif
+	int opt = 1, up = IFF_UP;
+
 #ifndef WITHOUT_CAPSICUM
 	cap_rights_t rights;
 #endif
@@ -254,39 +238,11 @@ tap_init(struct net_backend *be, const char *devname,
 		goto error;
 	}
 
-#if defined(INET6) || defined(INET)
-	/*
-	 * Try to UP the interface rather than relying on
-	 * net.link.tap.up_on_open.
-	  */
-	bzero(&ifrq, sizeof(ifrq));
-	if (ioctl(be->fd, TAPGIFNAME, &ifrq) < 0) {
-		WPRINTF(("Could not get interface name"));
-		goto error;
-	}
-
-	s = -1;
-	for (size_t i = 0; s == -1 && i < nitems(pf_list); i++)
-		s = socket(pf_list[i], SOCK_DGRAM, 0);
-	if (s == -1) {
-		WPRINTF(("Could open socket"));
+	if (ioctl(be->fd, VMIO_SIOCSIFFLAGS, &up)) {
+		WPRINTF(("tap device link up failed"));
 		goto error;
 	}
 
-	if (ioctl(s, SIOCGIFFLAGS, &ifrq) < 0) {
-		(void)close(s);
-		WPRINTF(("Could not get interface flags"));
-		goto error;
-	}
-	ifrq.ifr_flags |= IFF_UP;
-	if (ioctl(s, SIOCSIFFLAGS, &ifrq) < 0) {
-		(void)close(s);
-		WPRINTF(("Could not set interface flags"));
-		goto error;
-	}
-	(void)close(s);
-#endif
-
 #ifndef WITHOUT_CAPSICUM
 	cap_rights_init(&rights, CAP_EVENT, CAP_READ, CAP_WRITE);
 	if (caph_rights_limit(be->fd, &rights) == -1)