Loading...
1/*
2 * Linux IPv6 multicast routing support for BSD pim6sd
3 * Based on net/ipv4/ipmr.c.
4 *
5 * (c) 2004 Mickael Hoerdt, <hoerdt@clarinet.u-strasbg.fr>
6 * LSIIT Laboratory, Strasbourg, France
7 * (c) 2004 Jean-Philippe Andriot, <jean-philippe.andriot@6WIND.com>
8 * 6WIND, Paris, France
9 * Copyright (C)2007,2008 USAGI/WIDE Project
10 * YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
11 *
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version
15 * 2 of the License, or (at your option) any later version.
16 *
17 */
18
19#include <asm/system.h>
20#include <asm/uaccess.h>
21#include <linux/types.h>
22#include <linux/sched.h>
23#include <linux/errno.h>
24#include <linux/timer.h>
25#include <linux/mm.h>
26#include <linux/kernel.h>
27#include <linux/fcntl.h>
28#include <linux/stat.h>
29#include <linux/socket.h>
30#include <linux/inet.h>
31#include <linux/netdevice.h>
32#include <linux/inetdevice.h>
33#include <linux/proc_fs.h>
34#include <linux/seq_file.h>
35#include <linux/init.h>
36#include <linux/slab.h>
37#include <linux/compat.h>
38#include <net/protocol.h>
39#include <linux/skbuff.h>
40#include <net/sock.h>
41#include <net/raw.h>
42#include <linux/notifier.h>
43#include <linux/if_arp.h>
44#include <net/checksum.h>
45#include <net/netlink.h>
46#include <net/fib_rules.h>
47
48#include <net/ipv6.h>
49#include <net/ip6_route.h>
50#include <linux/mroute6.h>
51#include <linux/pim.h>
52#include <net/addrconf.h>
53#include <linux/netfilter_ipv6.h>
54#include <net/ip6_checksum.h>
55
56struct mr6_table {
57 struct list_head list;
58#ifdef CONFIG_NET_NS
59 struct net *net;
60#endif
61 u32 id;
62 struct sock *mroute6_sk;
63 struct timer_list ipmr_expire_timer;
64 struct list_head mfc6_unres_queue;
65 struct list_head mfc6_cache_array[MFC6_LINES];
66 struct mif_device vif6_table[MAXMIFS];
67 int maxvif;
68 atomic_t cache_resolve_queue_len;
69 int mroute_do_assert;
70 int mroute_do_pim;
71#ifdef CONFIG_IPV6_PIMSM_V2
72 int mroute_reg_vif_num;
73#endif
74};
75
76struct ip6mr_rule {
77 struct fib_rule common;
78};
79
80struct ip6mr_result {
81 struct mr6_table *mrt;
82};
83
84/* Big lock, protecting vif table, mrt cache and mroute socket state.
85 Note that the changes are semaphored via rtnl_lock.
86 */
87
88static DEFINE_RWLOCK(mrt_lock);
89
90/*
91 * Multicast router control variables
92 */
93
94#define MIF_EXISTS(_mrt, _idx) ((_mrt)->vif6_table[_idx].dev != NULL)
95
96/* Special spinlock for queue of unresolved entries */
97static DEFINE_SPINLOCK(mfc_unres_lock);
98
99/* We return to original Alan's scheme. Hash table of resolved
100 entries is changed only in process context and protected
101 with weak lock mrt_lock. Queue of unresolved entries is protected
102 with strong spinlock mfc_unres_lock.
103
104 In this case data path is free of exclusive locks at all.
105 */
106
107static struct kmem_cache *mrt_cachep __read_mostly;
108
109static struct mr6_table *ip6mr_new_table(struct net *net, u32 id);
110static void ip6mr_free_table(struct mr6_table *mrt);
111
112static int ip6_mr_forward(struct net *net, struct mr6_table *mrt,
113 struct sk_buff *skb, struct mfc6_cache *cache);
114static int ip6mr_cache_report(struct mr6_table *mrt, struct sk_buff *pkt,
115 mifi_t mifi, int assert);
116static int __ip6mr_fill_mroute(struct mr6_table *mrt, struct sk_buff *skb,
117 struct mfc6_cache *c, struct rtmsg *rtm);
118static int ip6mr_rtm_dumproute(struct sk_buff *skb,
119 struct netlink_callback *cb);
120static void mroute_clean_tables(struct mr6_table *mrt);
121static void ipmr_expire_process(unsigned long arg);
122
123#ifdef CONFIG_IPV6_MROUTE_MULTIPLE_TABLES
124#define ip6mr_for_each_table(mrt, net) \
125 list_for_each_entry_rcu(mrt, &net->ipv6.mr6_tables, list)
126
127static struct mr6_table *ip6mr_get_table(struct net *net, u32 id)
128{
129 struct mr6_table *mrt;
130
131 ip6mr_for_each_table(mrt, net) {
132 if (mrt->id == id)
133 return mrt;
134 }
135 return NULL;
136}
137
138static int ip6mr_fib_lookup(struct net *net, struct flowi6 *flp6,
139 struct mr6_table **mrt)
140{
141 struct ip6mr_result res;
142 struct fib_lookup_arg arg = { .result = &res, };
143 int err;
144
145 err = fib_rules_lookup(net->ipv6.mr6_rules_ops,
146 flowi6_to_flowi(flp6), 0, &arg);
147 if (err < 0)
148 return err;
149 *mrt = res.mrt;
150 return 0;
151}
152
153static int ip6mr_rule_action(struct fib_rule *rule, struct flowi *flp,
154 int flags, struct fib_lookup_arg *arg)
155{
156 struct ip6mr_result *res = arg->result;
157 struct mr6_table *mrt;
158
159 switch (rule->action) {
160 case FR_ACT_TO_TBL:
161 break;
162 case FR_ACT_UNREACHABLE:
163 return -ENETUNREACH;
164 case FR_ACT_PROHIBIT:
165 return -EACCES;
166 case FR_ACT_BLACKHOLE:
167 default:
168 return -EINVAL;
169 }
170
171 mrt = ip6mr_get_table(rule->fr_net, rule->table);
172 if (mrt == NULL)
173 return -EAGAIN;
174 res->mrt = mrt;
175 return 0;
176}
177
178static int ip6mr_rule_match(struct fib_rule *rule, struct flowi *flp, int flags)
179{
180 return 1;
181}
182
183static const struct nla_policy ip6mr_rule_policy[FRA_MAX + 1] = {
184 FRA_GENERIC_POLICY,
185};
186
187static int ip6mr_rule_configure(struct fib_rule *rule, struct sk_buff *skb,
188 struct fib_rule_hdr *frh, struct nlattr **tb)
189{
190 return 0;
191}
192
193static int ip6mr_rule_compare(struct fib_rule *rule, struct fib_rule_hdr *frh,
194 struct nlattr **tb)
195{
196 return 1;
197}
198
199static int ip6mr_rule_fill(struct fib_rule *rule, struct sk_buff *skb,
200 struct fib_rule_hdr *frh)
201{
202 frh->dst_len = 0;
203 frh->src_len = 0;
204 frh->tos = 0;
205 return 0;
206}
207
208static const struct fib_rules_ops __net_initdata ip6mr_rules_ops_template = {
209 .family = RTNL_FAMILY_IP6MR,
210 .rule_size = sizeof(struct ip6mr_rule),
211 .addr_size = sizeof(struct in6_addr),
212 .action = ip6mr_rule_action,
213 .match = ip6mr_rule_match,
214 .configure = ip6mr_rule_configure,
215 .compare = ip6mr_rule_compare,
216 .default_pref = fib_default_rule_pref,
217 .fill = ip6mr_rule_fill,
218 .nlgroup = RTNLGRP_IPV6_RULE,
219 .policy = ip6mr_rule_policy,
220 .owner = THIS_MODULE,
221};
222
223static int __net_init ip6mr_rules_init(struct net *net)
224{
225 struct fib_rules_ops *ops;
226 struct mr6_table *mrt;
227 int err;
228
229 ops = fib_rules_register(&ip6mr_rules_ops_template, net);
230 if (IS_ERR(ops))
231 return PTR_ERR(ops);
232
233 INIT_LIST_HEAD(&net->ipv6.mr6_tables);
234
235 mrt = ip6mr_new_table(net, RT6_TABLE_DFLT);
236 if (mrt == NULL) {
237 err = -ENOMEM;
238 goto err1;
239 }
240
241 err = fib_default_rule_add(ops, 0x7fff, RT6_TABLE_DFLT, 0);
242 if (err < 0)
243 goto err2;
244
245 net->ipv6.mr6_rules_ops = ops;
246 return 0;
247
248err2:
249 kfree(mrt);
250err1:
251 fib_rules_unregister(ops);
252 return err;
253}
254
255static void __net_exit ip6mr_rules_exit(struct net *net)
256{
257 struct mr6_table *mrt, *next;
258
259 list_for_each_entry_safe(mrt, next, &net->ipv6.mr6_tables, list) {
260 list_del(&mrt->list);
261 ip6mr_free_table(mrt);
262 }
263 fib_rules_unregister(net->ipv6.mr6_rules_ops);
264}
265#else
266#define ip6mr_for_each_table(mrt, net) \
267 for (mrt = net->ipv6.mrt6; mrt; mrt = NULL)
268
269static struct mr6_table *ip6mr_get_table(struct net *net, u32 id)
270{
271 return net->ipv6.mrt6;
272}
273
274static int ip6mr_fib_lookup(struct net *net, struct flowi6 *flp6,
275 struct mr6_table **mrt)
276{
277 *mrt = net->ipv6.mrt6;
278 return 0;
279}
280
281static int __net_init ip6mr_rules_init(struct net *net)
282{
283 net->ipv6.mrt6 = ip6mr_new_table(net, RT6_TABLE_DFLT);
284 return net->ipv6.mrt6 ? 0 : -ENOMEM;
285}
286
287static void __net_exit ip6mr_rules_exit(struct net *net)
288{
289 ip6mr_free_table(net->ipv6.mrt6);
290}
291#endif
292
293static struct mr6_table *ip6mr_new_table(struct net *net, u32 id)
294{
295 struct mr6_table *mrt;
296 unsigned int i;
297
298 mrt = ip6mr_get_table(net, id);
299 if (mrt != NULL)
300 return mrt;
301
302 mrt = kzalloc(sizeof(*mrt), GFP_KERNEL);
303 if (mrt == NULL)
304 return NULL;
305 mrt->id = id;
306 write_pnet(&mrt->net, net);
307
308 /* Forwarding cache */
309 for (i = 0; i < MFC6_LINES; i++)
310 INIT_LIST_HEAD(&mrt->mfc6_cache_array[i]);
311
312 INIT_LIST_HEAD(&mrt->mfc6_unres_queue);
313
314 setup_timer(&mrt->ipmr_expire_timer, ipmr_expire_process,
315 (unsigned long)mrt);
316
317#ifdef CONFIG_IPV6_PIMSM_V2
318 mrt->mroute_reg_vif_num = -1;
319#endif
320#ifdef CONFIG_IPV6_MROUTE_MULTIPLE_TABLES
321 list_add_tail_rcu(&mrt->list, &net->ipv6.mr6_tables);
322#endif
323 return mrt;
324}
325
326static void ip6mr_free_table(struct mr6_table *mrt)
327{
328 del_timer(&mrt->ipmr_expire_timer);
329 mroute_clean_tables(mrt);
330 kfree(mrt);
331}
332
333#ifdef CONFIG_PROC_FS
334
335struct ipmr_mfc_iter {
336 struct seq_net_private p;
337 struct mr6_table *mrt;
338 struct list_head *cache;
339 int ct;
340};
341
342
343static struct mfc6_cache *ipmr_mfc_seq_idx(struct net *net,
344 struct ipmr_mfc_iter *it, loff_t pos)
345{
346 struct mr6_table *mrt = it->mrt;
347 struct mfc6_cache *mfc;
348
349 read_lock(&mrt_lock);
350 for (it->ct = 0; it->ct < MFC6_LINES; it->ct++) {
351 it->cache = &mrt->mfc6_cache_array[it->ct];
352 list_for_each_entry(mfc, it->cache, list)
353 if (pos-- == 0)
354 return mfc;
355 }
356 read_unlock(&mrt_lock);
357
358 spin_lock_bh(&mfc_unres_lock);
359 it->cache = &mrt->mfc6_unres_queue;
360 list_for_each_entry(mfc, it->cache, list)
361 if (pos-- == 0)
362 return mfc;
363 spin_unlock_bh(&mfc_unres_lock);
364
365 it->cache = NULL;
366 return NULL;
367}
368
369/*
370 * The /proc interfaces to multicast routing /proc/ip6_mr_cache /proc/ip6_mr_vif
371 */
372
373struct ipmr_vif_iter {
374 struct seq_net_private p;
375 struct mr6_table *mrt;
376 int ct;
377};
378
379static struct mif_device *ip6mr_vif_seq_idx(struct net *net,
380 struct ipmr_vif_iter *iter,
381 loff_t pos)
382{
383 struct mr6_table *mrt = iter->mrt;
384
385 for (iter->ct = 0; iter->ct < mrt->maxvif; ++iter->ct) {
386 if (!MIF_EXISTS(mrt, iter->ct))
387 continue;
388 if (pos-- == 0)
389 return &mrt->vif6_table[iter->ct];
390 }
391 return NULL;
392}
393
394static void *ip6mr_vif_seq_start(struct seq_file *seq, loff_t *pos)
395 __acquires(mrt_lock)
396{
397 struct ipmr_vif_iter *iter = seq->private;
398 struct net *net = seq_file_net(seq);
399 struct mr6_table *mrt;
400
401 mrt = ip6mr_get_table(net, RT6_TABLE_DFLT);
402 if (mrt == NULL)
403 return ERR_PTR(-ENOENT);
404
405 iter->mrt = mrt;
406
407 read_lock(&mrt_lock);
408 return *pos ? ip6mr_vif_seq_idx(net, seq->private, *pos - 1)
409 : SEQ_START_TOKEN;
410}
411
412static void *ip6mr_vif_seq_next(struct seq_file *seq, void *v, loff_t *pos)
413{
414 struct ipmr_vif_iter *iter = seq->private;
415 struct net *net = seq_file_net(seq);
416 struct mr6_table *mrt = iter->mrt;
417
418 ++*pos;
419 if (v == SEQ_START_TOKEN)
420 return ip6mr_vif_seq_idx(net, iter, 0);
421
422 while (++iter->ct < mrt->maxvif) {
423 if (!MIF_EXISTS(mrt, iter->ct))
424 continue;
425 return &mrt->vif6_table[iter->ct];
426 }
427 return NULL;
428}
429
430static void ip6mr_vif_seq_stop(struct seq_file *seq, void *v)
431 __releases(mrt_lock)
432{
433 read_unlock(&mrt_lock);
434}
435
436static int ip6mr_vif_seq_show(struct seq_file *seq, void *v)
437{
438 struct ipmr_vif_iter *iter = seq->private;
439 struct mr6_table *mrt = iter->mrt;
440
441 if (v == SEQ_START_TOKEN) {
442 seq_puts(seq,
443 "Interface BytesIn PktsIn BytesOut PktsOut Flags\n");
444 } else {
445 const struct mif_device *vif = v;
446 const char *name = vif->dev ? vif->dev->name : "none";
447
448 seq_printf(seq,
449 "%2td %-10s %8ld %7ld %8ld %7ld %05X\n",
450 vif - mrt->vif6_table,
451 name, vif->bytes_in, vif->pkt_in,
452 vif->bytes_out, vif->pkt_out,
453 vif->flags);
454 }
455 return 0;
456}
457
458static const struct seq_operations ip6mr_vif_seq_ops = {
459 .start = ip6mr_vif_seq_start,
460 .next = ip6mr_vif_seq_next,
461 .stop = ip6mr_vif_seq_stop,
462 .show = ip6mr_vif_seq_show,
463};
464
465static int ip6mr_vif_open(struct inode *inode, struct file *file)
466{
467 return seq_open_net(inode, file, &ip6mr_vif_seq_ops,
468 sizeof(struct ipmr_vif_iter));
469}
470
471static const struct file_operations ip6mr_vif_fops = {
472 .owner = THIS_MODULE,
473 .open = ip6mr_vif_open,
474 .read = seq_read,
475 .llseek = seq_lseek,
476 .release = seq_release_net,
477};
478
479static void *ipmr_mfc_seq_start(struct seq_file *seq, loff_t *pos)
480{
481 struct ipmr_mfc_iter *it = seq->private;
482 struct net *net = seq_file_net(seq);
483 struct mr6_table *mrt;
484
485 mrt = ip6mr_get_table(net, RT6_TABLE_DFLT);
486 if (mrt == NULL)
487 return ERR_PTR(-ENOENT);
488
489 it->mrt = mrt;
490 return *pos ? ipmr_mfc_seq_idx(net, seq->private, *pos - 1)
491 : SEQ_START_TOKEN;
492}
493
494static void *ipmr_mfc_seq_next(struct seq_file *seq, void *v, loff_t *pos)
495{
496 struct mfc6_cache *mfc = v;
497 struct ipmr_mfc_iter *it = seq->private;
498 struct net *net = seq_file_net(seq);
499 struct mr6_table *mrt = it->mrt;
500
501 ++*pos;
502
503 if (v == SEQ_START_TOKEN)
504 return ipmr_mfc_seq_idx(net, seq->private, 0);
505
506 if (mfc->list.next != it->cache)
507 return list_entry(mfc->list.next, struct mfc6_cache, list);
508
509 if (it->cache == &mrt->mfc6_unres_queue)
510 goto end_of_list;
511
512 BUG_ON(it->cache != &mrt->mfc6_cache_array[it->ct]);
513
514 while (++it->ct < MFC6_LINES) {
515 it->cache = &mrt->mfc6_cache_array[it->ct];
516 if (list_empty(it->cache))
517 continue;
518 return list_first_entry(it->cache, struct mfc6_cache, list);
519 }
520
521 /* exhausted cache_array, show unresolved */
522 read_unlock(&mrt_lock);
523 it->cache = &mrt->mfc6_unres_queue;
524 it->ct = 0;
525
526 spin_lock_bh(&mfc_unres_lock);
527 if (!list_empty(it->cache))
528 return list_first_entry(it->cache, struct mfc6_cache, list);
529
530 end_of_list:
531 spin_unlock_bh(&mfc_unres_lock);
532 it->cache = NULL;
533
534 return NULL;
535}
536
537static void ipmr_mfc_seq_stop(struct seq_file *seq, void *v)
538{
539 struct ipmr_mfc_iter *it = seq->private;
540 struct mr6_table *mrt = it->mrt;
541
542 if (it->cache == &mrt->mfc6_unres_queue)
543 spin_unlock_bh(&mfc_unres_lock);
544 else if (it->cache == mrt->mfc6_cache_array)
545 read_unlock(&mrt_lock);
546}
547
548static int ipmr_mfc_seq_show(struct seq_file *seq, void *v)
549{
550 int n;
551
552 if (v == SEQ_START_TOKEN) {
553 seq_puts(seq,
554 "Group "
555 "Origin "
556 "Iif Pkts Bytes Wrong Oifs\n");
557 } else {
558 const struct mfc6_cache *mfc = v;
559 const struct ipmr_mfc_iter *it = seq->private;
560 struct mr6_table *mrt = it->mrt;
561
562 seq_printf(seq, "%pI6 %pI6 %-3hd",
563 &mfc->mf6c_mcastgrp, &mfc->mf6c_origin,
564 mfc->mf6c_parent);
565
566 if (it->cache != &mrt->mfc6_unres_queue) {
567 seq_printf(seq, " %8lu %8lu %8lu",
568 mfc->mfc_un.res.pkt,
569 mfc->mfc_un.res.bytes,
570 mfc->mfc_un.res.wrong_if);
571 for (n = mfc->mfc_un.res.minvif;
572 n < mfc->mfc_un.res.maxvif; n++) {
573 if (MIF_EXISTS(mrt, n) &&
574 mfc->mfc_un.res.ttls[n] < 255)
575 seq_printf(seq,
576 " %2d:%-3d",
577 n, mfc->mfc_un.res.ttls[n]);
578 }
579 } else {
580 /* unresolved mfc_caches don't contain
581 * pkt, bytes and wrong_if values
582 */
583 seq_printf(seq, " %8lu %8lu %8lu", 0ul, 0ul, 0ul);
584 }
585 seq_putc(seq, '\n');
586 }
587 return 0;
588}
589
590static const struct seq_operations ipmr_mfc_seq_ops = {
591 .start = ipmr_mfc_seq_start,
592 .next = ipmr_mfc_seq_next,
593 .stop = ipmr_mfc_seq_stop,
594 .show = ipmr_mfc_seq_show,
595};
596
597static int ipmr_mfc_open(struct inode *inode, struct file *file)
598{
599 return seq_open_net(inode, file, &ipmr_mfc_seq_ops,
600 sizeof(struct ipmr_mfc_iter));
601}
602
603static const struct file_operations ip6mr_mfc_fops = {
604 .owner = THIS_MODULE,
605 .open = ipmr_mfc_open,
606 .read = seq_read,
607 .llseek = seq_lseek,
608 .release = seq_release_net,
609};
610#endif
611
612#ifdef CONFIG_IPV6_PIMSM_V2
613
614static int pim6_rcv(struct sk_buff *skb)
615{
616 struct pimreghdr *pim;
617 struct ipv6hdr *encap;
618 struct net_device *reg_dev = NULL;
619 struct net *net = dev_net(skb->dev);
620 struct mr6_table *mrt;
621 struct flowi6 fl6 = {
622 .flowi6_iif = skb->dev->ifindex,
623 .flowi6_mark = skb->mark,
624 };
625 int reg_vif_num;
626
627 if (!pskb_may_pull(skb, sizeof(*pim) + sizeof(*encap)))
628 goto drop;
629
630 pim = (struct pimreghdr *)skb_transport_header(skb);
631 if (pim->type != ((PIM_VERSION << 4) | PIM_REGISTER) ||
632 (pim->flags & PIM_NULL_REGISTER) ||
633 (csum_ipv6_magic(&ipv6_hdr(skb)->saddr, &ipv6_hdr(skb)->daddr,
634 sizeof(*pim), IPPROTO_PIM,
635 csum_partial((void *)pim, sizeof(*pim), 0)) &&
636 csum_fold(skb_checksum(skb, 0, skb->len, 0))))
637 goto drop;
638
639 /* check if the inner packet is destined to mcast group */
640 encap = (struct ipv6hdr *)(skb_transport_header(skb) +
641 sizeof(*pim));
642
643 if (!ipv6_addr_is_multicast(&encap->daddr) ||
644 encap->payload_len == 0 ||
645 ntohs(encap->payload_len) + sizeof(*pim) > skb->len)
646 goto drop;
647
648 if (ip6mr_fib_lookup(net, &fl6, &mrt) < 0)
649 goto drop;
650 reg_vif_num = mrt->mroute_reg_vif_num;
651
652 read_lock(&mrt_lock);
653 if (reg_vif_num >= 0)
654 reg_dev = mrt->vif6_table[reg_vif_num].dev;
655 if (reg_dev)
656 dev_hold(reg_dev);
657 read_unlock(&mrt_lock);
658
659 if (reg_dev == NULL)
660 goto drop;
661
662 skb->mac_header = skb->network_header;
663 skb_pull(skb, (u8 *)encap - skb->data);
664 skb_reset_network_header(skb);
665 skb->protocol = htons(ETH_P_IPV6);
666 skb->ip_summed = CHECKSUM_NONE;
667 skb->pkt_type = PACKET_HOST;
668
669 skb_tunnel_rx(skb, reg_dev);
670
671 netif_rx(skb);
672
673 dev_put(reg_dev);
674 return 0;
675 drop:
676 kfree_skb(skb);
677 return 0;
678}
679
680static const struct inet6_protocol pim6_protocol = {
681 .handler = pim6_rcv,
682};
683
684/* Service routines creating virtual interfaces: PIMREG */
685
686static netdev_tx_t reg_vif_xmit(struct sk_buff *skb,
687 struct net_device *dev)
688{
689 struct net *net = dev_net(dev);
690 struct mr6_table *mrt;
691 struct flowi6 fl6 = {
692 .flowi6_oif = dev->ifindex,
693 .flowi6_iif = skb->skb_iif,
694 .flowi6_mark = skb->mark,
695 };
696 int err;
697
698 err = ip6mr_fib_lookup(net, &fl6, &mrt);
699 if (err < 0) {
700 kfree_skb(skb);
701 return err;
702 }
703
704 read_lock(&mrt_lock);
705 dev->stats.tx_bytes += skb->len;
706 dev->stats.tx_packets++;
707 ip6mr_cache_report(mrt, skb, mrt->mroute_reg_vif_num, MRT6MSG_WHOLEPKT);
708 read_unlock(&mrt_lock);
709 kfree_skb(skb);
710 return NETDEV_TX_OK;
711}
712
713static const struct net_device_ops reg_vif_netdev_ops = {
714 .ndo_start_xmit = reg_vif_xmit,
715};
716
717static void reg_vif_setup(struct net_device *dev)
718{
719 dev->type = ARPHRD_PIMREG;
720 dev->mtu = 1500 - sizeof(struct ipv6hdr) - 8;
721 dev->flags = IFF_NOARP;
722 dev->netdev_ops = ®_vif_netdev_ops;
723 dev->destructor = free_netdev;
724 dev->features |= NETIF_F_NETNS_LOCAL;
725}
726
727static struct net_device *ip6mr_reg_vif(struct net *net, struct mr6_table *mrt)
728{
729 struct net_device *dev;
730 char name[IFNAMSIZ];
731
732 if (mrt->id == RT6_TABLE_DFLT)
733 sprintf(name, "pim6reg");
734 else
735 sprintf(name, "pim6reg%u", mrt->id);
736
737 dev = alloc_netdev(0, name, reg_vif_setup);
738 if (dev == NULL)
739 return NULL;
740
741 dev_net_set(dev, net);
742
743 if (register_netdevice(dev)) {
744 free_netdev(dev);
745 return NULL;
746 }
747 dev->iflink = 0;
748
749 if (dev_open(dev))
750 goto failure;
751
752 dev_hold(dev);
753 return dev;
754
755failure:
756 /* allow the register to be completed before unregistering. */
757 rtnl_unlock();
758 rtnl_lock();
759
760 unregister_netdevice(dev);
761 return NULL;
762}
763#endif
764
765/*
766 * Delete a VIF entry
767 */
768
769static int mif6_delete(struct mr6_table *mrt, int vifi, struct list_head *head)
770{
771 struct mif_device *v;
772 struct net_device *dev;
773 struct inet6_dev *in6_dev;
774
775 if (vifi < 0 || vifi >= mrt->maxvif)
776 return -EADDRNOTAVAIL;
777
778 v = &mrt->vif6_table[vifi];
779
780 write_lock_bh(&mrt_lock);
781 dev = v->dev;
782 v->dev = NULL;
783
784 if (!dev) {
785 write_unlock_bh(&mrt_lock);
786 return -EADDRNOTAVAIL;
787 }
788
789#ifdef CONFIG_IPV6_PIMSM_V2
790 if (vifi == mrt->mroute_reg_vif_num)
791 mrt->mroute_reg_vif_num = -1;
792#endif
793
794 if (vifi + 1 == mrt->maxvif) {
795 int tmp;
796 for (tmp = vifi - 1; tmp >= 0; tmp--) {
797 if (MIF_EXISTS(mrt, tmp))
798 break;
799 }
800 mrt->maxvif = tmp + 1;
801 }
802
803 write_unlock_bh(&mrt_lock);
804
805 dev_set_allmulti(dev, -1);
806
807 in6_dev = __in6_dev_get(dev);
808 if (in6_dev)
809 in6_dev->cnf.mc_forwarding--;
810
811 if (v->flags & MIFF_REGISTER)
812 unregister_netdevice_queue(dev, head);
813
814 dev_put(dev);
815 return 0;
816}
817
818static inline void ip6mr_cache_free(struct mfc6_cache *c)
819{
820 kmem_cache_free(mrt_cachep, c);
821}
822
823/* Destroy an unresolved cache entry, killing queued skbs
824 and reporting error to netlink readers.
825 */
826
827static void ip6mr_destroy_unres(struct mr6_table *mrt, struct mfc6_cache *c)
828{
829 struct net *net = read_pnet(&mrt->net);
830 struct sk_buff *skb;
831
832 atomic_dec(&mrt->cache_resolve_queue_len);
833
834 while((skb = skb_dequeue(&c->mfc_un.unres.unresolved)) != NULL) {
835 if (ipv6_hdr(skb)->version == 0) {
836 struct nlmsghdr *nlh = (struct nlmsghdr *)skb_pull(skb, sizeof(struct ipv6hdr));
837 nlh->nlmsg_type = NLMSG_ERROR;
838 nlh->nlmsg_len = NLMSG_LENGTH(sizeof(struct nlmsgerr));
839 skb_trim(skb, nlh->nlmsg_len);
840 ((struct nlmsgerr *)NLMSG_DATA(nlh))->error = -ETIMEDOUT;
841 rtnl_unicast(skb, net, NETLINK_CB(skb).pid);
842 } else
843 kfree_skb(skb);
844 }
845
846 ip6mr_cache_free(c);
847}
848
849
850/* Timer process for all the unresolved queue. */
851
852static void ipmr_do_expire_process(struct mr6_table *mrt)
853{
854 unsigned long now = jiffies;
855 unsigned long expires = 10 * HZ;
856 struct mfc6_cache *c, *next;
857
858 list_for_each_entry_safe(c, next, &mrt->mfc6_unres_queue, list) {
859 if (time_after(c->mfc_un.unres.expires, now)) {
860 /* not yet... */
861 unsigned long interval = c->mfc_un.unres.expires - now;
862 if (interval < expires)
863 expires = interval;
864 continue;
865 }
866
867 list_del(&c->list);
868 ip6mr_destroy_unres(mrt, c);
869 }
870
871 if (!list_empty(&mrt->mfc6_unres_queue))
872 mod_timer(&mrt->ipmr_expire_timer, jiffies + expires);
873}
874
875static void ipmr_expire_process(unsigned long arg)
876{
877 struct mr6_table *mrt = (struct mr6_table *)arg;
878
879 if (!spin_trylock(&mfc_unres_lock)) {
880 mod_timer(&mrt->ipmr_expire_timer, jiffies + 1);
881 return;
882 }
883
884 if (!list_empty(&mrt->mfc6_unres_queue))
885 ipmr_do_expire_process(mrt);
886
887 spin_unlock(&mfc_unres_lock);
888}
889
890/* Fill oifs list. It is called under write locked mrt_lock. */
891
892static void ip6mr_update_thresholds(struct mr6_table *mrt, struct mfc6_cache *cache,
893 unsigned char *ttls)
894{
895 int vifi;
896
897 cache->mfc_un.res.minvif = MAXMIFS;
898 cache->mfc_un.res.maxvif = 0;
899 memset(cache->mfc_un.res.ttls, 255, MAXMIFS);
900
901 for (vifi = 0; vifi < mrt->maxvif; vifi++) {
902 if (MIF_EXISTS(mrt, vifi) &&
903 ttls[vifi] && ttls[vifi] < 255) {
904 cache->mfc_un.res.ttls[vifi] = ttls[vifi];
905 if (cache->mfc_un.res.minvif > vifi)
906 cache->mfc_un.res.minvif = vifi;
907 if (cache->mfc_un.res.maxvif <= vifi)
908 cache->mfc_un.res.maxvif = vifi + 1;
909 }
910 }
911}
912
913static int mif6_add(struct net *net, struct mr6_table *mrt,
914 struct mif6ctl *vifc, int mrtsock)
915{
916 int vifi = vifc->mif6c_mifi;
917 struct mif_device *v = &mrt->vif6_table[vifi];
918 struct net_device *dev;
919 struct inet6_dev *in6_dev;
920 int err;
921
922 /* Is vif busy ? */
923 if (MIF_EXISTS(mrt, vifi))
924 return -EADDRINUSE;
925
926 switch (vifc->mif6c_flags) {
927#ifdef CONFIG_IPV6_PIMSM_V2
928 case MIFF_REGISTER:
929 /*
930 * Special Purpose VIF in PIM
931 * All the packets will be sent to the daemon
932 */
933 if (mrt->mroute_reg_vif_num >= 0)
934 return -EADDRINUSE;
935 dev = ip6mr_reg_vif(net, mrt);
936 if (!dev)
937 return -ENOBUFS;
938 err = dev_set_allmulti(dev, 1);
939 if (err) {
940 unregister_netdevice(dev);
941 dev_put(dev);
942 return err;
943 }
944 break;
945#endif
946 case 0:
947 dev = dev_get_by_index(net, vifc->mif6c_pifi);
948 if (!dev)
949 return -EADDRNOTAVAIL;
950 err = dev_set_allmulti(dev, 1);
951 if (err) {
952 dev_put(dev);
953 return err;
954 }
955 break;
956 default:
957 return -EINVAL;
958 }
959
960 in6_dev = __in6_dev_get(dev);
961 if (in6_dev)
962 in6_dev->cnf.mc_forwarding++;
963
964 /*
965 * Fill in the VIF structures
966 */
967 v->rate_limit = vifc->vifc_rate_limit;
968 v->flags = vifc->mif6c_flags;
969 if (!mrtsock)
970 v->flags |= VIFF_STATIC;
971 v->threshold = vifc->vifc_threshold;
972 v->bytes_in = 0;
973 v->bytes_out = 0;
974 v->pkt_in = 0;
975 v->pkt_out = 0;
976 v->link = dev->ifindex;
977 if (v->flags & MIFF_REGISTER)
978 v->link = dev->iflink;
979
980 /* And finish update writing critical data */
981 write_lock_bh(&mrt_lock);
982 v->dev = dev;
983#ifdef CONFIG_IPV6_PIMSM_V2
984 if (v->flags & MIFF_REGISTER)
985 mrt->mroute_reg_vif_num = vifi;
986#endif
987 if (vifi + 1 > mrt->maxvif)
988 mrt->maxvif = vifi + 1;
989 write_unlock_bh(&mrt_lock);
990 return 0;
991}
992
993static struct mfc6_cache *ip6mr_cache_find(struct mr6_table *mrt,
994 const struct in6_addr *origin,
995 const struct in6_addr *mcastgrp)
996{
997 int line = MFC6_HASH(mcastgrp, origin);
998 struct mfc6_cache *c;
999
1000 list_for_each_entry(c, &mrt->mfc6_cache_array[line], list) {
1001 if (ipv6_addr_equal(&c->mf6c_origin, origin) &&
1002 ipv6_addr_equal(&c->mf6c_mcastgrp, mcastgrp))
1003 return c;
1004 }
1005 return NULL;
1006}
1007
1008/*
1009 * Allocate a multicast cache entry
1010 */
1011static struct mfc6_cache *ip6mr_cache_alloc(void)
1012{
1013 struct mfc6_cache *c = kmem_cache_zalloc(mrt_cachep, GFP_KERNEL);
1014 if (c == NULL)
1015 return NULL;
1016 c->mfc_un.res.minvif = MAXMIFS;
1017 return c;
1018}
1019
1020static struct mfc6_cache *ip6mr_cache_alloc_unres(void)
1021{
1022 struct mfc6_cache *c = kmem_cache_zalloc(mrt_cachep, GFP_ATOMIC);
1023 if (c == NULL)
1024 return NULL;
1025 skb_queue_head_init(&c->mfc_un.unres.unresolved);
1026 c->mfc_un.unres.expires = jiffies + 10 * HZ;
1027 return c;
1028}
1029
1030/*
1031 * A cache entry has gone into a resolved state from queued
1032 */
1033
1034static void ip6mr_cache_resolve(struct net *net, struct mr6_table *mrt,
1035 struct mfc6_cache *uc, struct mfc6_cache *c)
1036{
1037 struct sk_buff *skb;
1038
1039 /*
1040 * Play the pending entries through our router
1041 */
1042
1043 while((skb = __skb_dequeue(&uc->mfc_un.unres.unresolved))) {
1044 if (ipv6_hdr(skb)->version == 0) {
1045 struct nlmsghdr *nlh = (struct nlmsghdr *)skb_pull(skb, sizeof(struct ipv6hdr));
1046
1047 if (__ip6mr_fill_mroute(mrt, skb, c, NLMSG_DATA(nlh)) > 0) {
1048 nlh->nlmsg_len = skb_tail_pointer(skb) - (u8 *)nlh;
1049 } else {
1050 nlh->nlmsg_type = NLMSG_ERROR;
1051 nlh->nlmsg_len = NLMSG_LENGTH(sizeof(struct nlmsgerr));
1052 skb_trim(skb, nlh->nlmsg_len);
1053 ((struct nlmsgerr *)NLMSG_DATA(nlh))->error = -EMSGSIZE;
1054 }
1055 rtnl_unicast(skb, net, NETLINK_CB(skb).pid);
1056 } else
1057 ip6_mr_forward(net, mrt, skb, c);
1058 }
1059}
1060
1061/*
1062 * Bounce a cache query up to pim6sd. We could use netlink for this but pim6sd
1063 * expects the following bizarre scheme.
1064 *
1065 * Called under mrt_lock.
1066 */
1067
1068static int ip6mr_cache_report(struct mr6_table *mrt, struct sk_buff *pkt,
1069 mifi_t mifi, int assert)
1070{
1071 struct sk_buff *skb;
1072 struct mrt6msg *msg;
1073 int ret;
1074
1075#ifdef CONFIG_IPV6_PIMSM_V2
1076 if (assert == MRT6MSG_WHOLEPKT)
1077 skb = skb_realloc_headroom(pkt, -skb_network_offset(pkt)
1078 +sizeof(*msg));
1079 else
1080#endif
1081 skb = alloc_skb(sizeof(struct ipv6hdr) + sizeof(*msg), GFP_ATOMIC);
1082
1083 if (!skb)
1084 return -ENOBUFS;
1085
1086 /* I suppose that internal messages
1087 * do not require checksums */
1088
1089 skb->ip_summed = CHECKSUM_UNNECESSARY;
1090
1091#ifdef CONFIG_IPV6_PIMSM_V2
1092 if (assert == MRT6MSG_WHOLEPKT) {
1093 /* Ugly, but we have no choice with this interface.
1094 Duplicate old header, fix length etc.
1095 And all this only to mangle msg->im6_msgtype and
1096 to set msg->im6_mbz to "mbz" :-)
1097 */
1098 skb_push(skb, -skb_network_offset(pkt));
1099
1100 skb_push(skb, sizeof(*msg));
1101 skb_reset_transport_header(skb);
1102 msg = (struct mrt6msg *)skb_transport_header(skb);
1103 msg->im6_mbz = 0;
1104 msg->im6_msgtype = MRT6MSG_WHOLEPKT;
1105 msg->im6_mif = mrt->mroute_reg_vif_num;
1106 msg->im6_pad = 0;
1107 ipv6_addr_copy(&msg->im6_src, &ipv6_hdr(pkt)->saddr);
1108 ipv6_addr_copy(&msg->im6_dst, &ipv6_hdr(pkt)->daddr);
1109
1110 skb->ip_summed = CHECKSUM_UNNECESSARY;
1111 } else
1112#endif
1113 {
1114 /*
1115 * Copy the IP header
1116 */
1117
1118 skb_put(skb, sizeof(struct ipv6hdr));
1119 skb_reset_network_header(skb);
1120 skb_copy_to_linear_data(skb, ipv6_hdr(pkt), sizeof(struct ipv6hdr));
1121
1122 /*
1123 * Add our header
1124 */
1125 skb_put(skb, sizeof(*msg));
1126 skb_reset_transport_header(skb);
1127 msg = (struct mrt6msg *)skb_transport_header(skb);
1128
1129 msg->im6_mbz = 0;
1130 msg->im6_msgtype = assert;
1131 msg->im6_mif = mifi;
1132 msg->im6_pad = 0;
1133 ipv6_addr_copy(&msg->im6_src, &ipv6_hdr(pkt)->saddr);
1134 ipv6_addr_copy(&msg->im6_dst, &ipv6_hdr(pkt)->daddr);
1135
1136 skb_dst_set(skb, dst_clone(skb_dst(pkt)));
1137 skb->ip_summed = CHECKSUM_UNNECESSARY;
1138 }
1139
1140 if (mrt->mroute6_sk == NULL) {
1141 kfree_skb(skb);
1142 return -EINVAL;
1143 }
1144
1145 /*
1146 * Deliver to user space multicast routing algorithms
1147 */
1148 ret = sock_queue_rcv_skb(mrt->mroute6_sk, skb);
1149 if (ret < 0) {
1150 if (net_ratelimit())
1151 printk(KERN_WARNING "mroute6: pending queue full, dropping entries.\n");
1152 kfree_skb(skb);
1153 }
1154
1155 return ret;
1156}
1157
1158/*
1159 * Queue a packet for resolution. It gets locked cache entry!
1160 */
1161
1162static int
1163ip6mr_cache_unresolved(struct mr6_table *mrt, mifi_t mifi, struct sk_buff *skb)
1164{
1165 bool found = false;
1166 int err;
1167 struct mfc6_cache *c;
1168
1169 spin_lock_bh(&mfc_unres_lock);
1170 list_for_each_entry(c, &mrt->mfc6_unres_queue, list) {
1171 if (ipv6_addr_equal(&c->mf6c_mcastgrp, &ipv6_hdr(skb)->daddr) &&
1172 ipv6_addr_equal(&c->mf6c_origin, &ipv6_hdr(skb)->saddr)) {
1173 found = true;
1174 break;
1175 }
1176 }
1177
1178 if (!found) {
1179 /*
1180 * Create a new entry if allowable
1181 */
1182
1183 if (atomic_read(&mrt->cache_resolve_queue_len) >= 10 ||
1184 (c = ip6mr_cache_alloc_unres()) == NULL) {
1185 spin_unlock_bh(&mfc_unres_lock);
1186
1187 kfree_skb(skb);
1188 return -ENOBUFS;
1189 }
1190
1191 /*
1192 * Fill in the new cache entry
1193 */
1194 c->mf6c_parent = -1;
1195 c->mf6c_origin = ipv6_hdr(skb)->saddr;
1196 c->mf6c_mcastgrp = ipv6_hdr(skb)->daddr;
1197
1198 /*
1199 * Reflect first query at pim6sd
1200 */
1201 err = ip6mr_cache_report(mrt, skb, mifi, MRT6MSG_NOCACHE);
1202 if (err < 0) {
1203 /* If the report failed throw the cache entry
1204 out - Brad Parker
1205 */
1206 spin_unlock_bh(&mfc_unres_lock);
1207
1208 ip6mr_cache_free(c);
1209 kfree_skb(skb);
1210 return err;
1211 }
1212
1213 atomic_inc(&mrt->cache_resolve_queue_len);
1214 list_add(&c->list, &mrt->mfc6_unres_queue);
1215
1216 ipmr_do_expire_process(mrt);
1217 }
1218
1219 /*
1220 * See if we can append the packet
1221 */
1222 if (c->mfc_un.unres.unresolved.qlen > 3) {
1223 kfree_skb(skb);
1224 err = -ENOBUFS;
1225 } else {
1226 skb_queue_tail(&c->mfc_un.unres.unresolved, skb);
1227 err = 0;
1228 }
1229
1230 spin_unlock_bh(&mfc_unres_lock);
1231 return err;
1232}
1233
1234/*
1235 * MFC6 cache manipulation by user space
1236 */
1237
1238static int ip6mr_mfc_delete(struct mr6_table *mrt, struct mf6cctl *mfc)
1239{
1240 int line;
1241 struct mfc6_cache *c, *next;
1242
1243 line = MFC6_HASH(&mfc->mf6cc_mcastgrp.sin6_addr, &mfc->mf6cc_origin.sin6_addr);
1244
1245 list_for_each_entry_safe(c, next, &mrt->mfc6_cache_array[line], list) {
1246 if (ipv6_addr_equal(&c->mf6c_origin, &mfc->mf6cc_origin.sin6_addr) &&
1247 ipv6_addr_equal(&c->mf6c_mcastgrp, &mfc->mf6cc_mcastgrp.sin6_addr)) {
1248 write_lock_bh(&mrt_lock);
1249 list_del(&c->list);
1250 write_unlock_bh(&mrt_lock);
1251
1252 ip6mr_cache_free(c);
1253 return 0;
1254 }
1255 }
1256 return -ENOENT;
1257}
1258
1259static int ip6mr_device_event(struct notifier_block *this,
1260 unsigned long event, void *ptr)
1261{
1262 struct net_device *dev = ptr;
1263 struct net *net = dev_net(dev);
1264 struct mr6_table *mrt;
1265 struct mif_device *v;
1266 int ct;
1267 LIST_HEAD(list);
1268
1269 if (event != NETDEV_UNREGISTER)
1270 return NOTIFY_DONE;
1271
1272 ip6mr_for_each_table(mrt, net) {
1273 v = &mrt->vif6_table[0];
1274 for (ct = 0; ct < mrt->maxvif; ct++, v++) {
1275 if (v->dev == dev)
1276 mif6_delete(mrt, ct, &list);
1277 }
1278 }
1279 unregister_netdevice_many(&list);
1280
1281 return NOTIFY_DONE;
1282}
1283
1284static struct notifier_block ip6_mr_notifier = {
1285 .notifier_call = ip6mr_device_event
1286};
1287
1288/*
1289 * Setup for IP multicast routing
1290 */
1291
1292static int __net_init ip6mr_net_init(struct net *net)
1293{
1294 int err;
1295
1296 err = ip6mr_rules_init(net);
1297 if (err < 0)
1298 goto fail;
1299
1300#ifdef CONFIG_PROC_FS
1301 err = -ENOMEM;
1302 if (!proc_net_fops_create(net, "ip6_mr_vif", 0, &ip6mr_vif_fops))
1303 goto proc_vif_fail;
1304 if (!proc_net_fops_create(net, "ip6_mr_cache", 0, &ip6mr_mfc_fops))
1305 goto proc_cache_fail;
1306#endif
1307
1308 return 0;
1309
1310#ifdef CONFIG_PROC_FS
1311proc_cache_fail:
1312 proc_net_remove(net, "ip6_mr_vif");
1313proc_vif_fail:
1314 ip6mr_rules_exit(net);
1315#endif
1316fail:
1317 return err;
1318}
1319
1320static void __net_exit ip6mr_net_exit(struct net *net)
1321{
1322#ifdef CONFIG_PROC_FS
1323 proc_net_remove(net, "ip6_mr_cache");
1324 proc_net_remove(net, "ip6_mr_vif");
1325#endif
1326 ip6mr_rules_exit(net);
1327}
1328
1329static struct pernet_operations ip6mr_net_ops = {
1330 .init = ip6mr_net_init,
1331 .exit = ip6mr_net_exit,
1332};
1333
1334int __init ip6_mr_init(void)
1335{
1336 int err;
1337
1338 mrt_cachep = kmem_cache_create("ip6_mrt_cache",
1339 sizeof(struct mfc6_cache),
1340 0, SLAB_HWCACHE_ALIGN,
1341 NULL);
1342 if (!mrt_cachep)
1343 return -ENOMEM;
1344
1345 err = register_pernet_subsys(&ip6mr_net_ops);
1346 if (err)
1347 goto reg_pernet_fail;
1348
1349 err = register_netdevice_notifier(&ip6_mr_notifier);
1350 if (err)
1351 goto reg_notif_fail;
1352#ifdef CONFIG_IPV6_PIMSM_V2
1353 if (inet6_add_protocol(&pim6_protocol, IPPROTO_PIM) < 0) {
1354 printk(KERN_ERR "ip6_mr_init: can't add PIM protocol\n");
1355 err = -EAGAIN;
1356 goto add_proto_fail;
1357 }
1358#endif
1359 rtnl_register(RTNL_FAMILY_IP6MR, RTM_GETROUTE, NULL,
1360 ip6mr_rtm_dumproute, NULL);
1361 return 0;
1362#ifdef CONFIG_IPV6_PIMSM_V2
1363add_proto_fail:
1364 unregister_netdevice_notifier(&ip6_mr_notifier);
1365#endif
1366reg_notif_fail:
1367 unregister_pernet_subsys(&ip6mr_net_ops);
1368reg_pernet_fail:
1369 kmem_cache_destroy(mrt_cachep);
1370 return err;
1371}
1372
1373void ip6_mr_cleanup(void)
1374{
1375 unregister_netdevice_notifier(&ip6_mr_notifier);
1376 unregister_pernet_subsys(&ip6mr_net_ops);
1377 kmem_cache_destroy(mrt_cachep);
1378}
1379
1380static int ip6mr_mfc_add(struct net *net, struct mr6_table *mrt,
1381 struct mf6cctl *mfc, int mrtsock)
1382{
1383 bool found = false;
1384 int line;
1385 struct mfc6_cache *uc, *c;
1386 unsigned char ttls[MAXMIFS];
1387 int i;
1388
1389 if (mfc->mf6cc_parent >= MAXMIFS)
1390 return -ENFILE;
1391
1392 memset(ttls, 255, MAXMIFS);
1393 for (i = 0; i < MAXMIFS; i++) {
1394 if (IF_ISSET(i, &mfc->mf6cc_ifset))
1395 ttls[i] = 1;
1396
1397 }
1398
1399 line = MFC6_HASH(&mfc->mf6cc_mcastgrp.sin6_addr, &mfc->mf6cc_origin.sin6_addr);
1400
1401 list_for_each_entry(c, &mrt->mfc6_cache_array[line], list) {
1402 if (ipv6_addr_equal(&c->mf6c_origin, &mfc->mf6cc_origin.sin6_addr) &&
1403 ipv6_addr_equal(&c->mf6c_mcastgrp, &mfc->mf6cc_mcastgrp.sin6_addr)) {
1404 found = true;
1405 break;
1406 }
1407 }
1408
1409 if (found) {
1410 write_lock_bh(&mrt_lock);
1411 c->mf6c_parent = mfc->mf6cc_parent;
1412 ip6mr_update_thresholds(mrt, c, ttls);
1413 if (!mrtsock)
1414 c->mfc_flags |= MFC_STATIC;
1415 write_unlock_bh(&mrt_lock);
1416 return 0;
1417 }
1418
1419 if (!ipv6_addr_is_multicast(&mfc->mf6cc_mcastgrp.sin6_addr))
1420 return -EINVAL;
1421
1422 c = ip6mr_cache_alloc();
1423 if (c == NULL)
1424 return -ENOMEM;
1425
1426 c->mf6c_origin = mfc->mf6cc_origin.sin6_addr;
1427 c->mf6c_mcastgrp = mfc->mf6cc_mcastgrp.sin6_addr;
1428 c->mf6c_parent = mfc->mf6cc_parent;
1429 ip6mr_update_thresholds(mrt, c, ttls);
1430 if (!mrtsock)
1431 c->mfc_flags |= MFC_STATIC;
1432
1433 write_lock_bh(&mrt_lock);
1434 list_add(&c->list, &mrt->mfc6_cache_array[line]);
1435 write_unlock_bh(&mrt_lock);
1436
1437 /*
1438 * Check to see if we resolved a queued list. If so we
1439 * need to send on the frames and tidy up.
1440 */
1441 found = false;
1442 spin_lock_bh(&mfc_unres_lock);
1443 list_for_each_entry(uc, &mrt->mfc6_unres_queue, list) {
1444 if (ipv6_addr_equal(&uc->mf6c_origin, &c->mf6c_origin) &&
1445 ipv6_addr_equal(&uc->mf6c_mcastgrp, &c->mf6c_mcastgrp)) {
1446 list_del(&uc->list);
1447 atomic_dec(&mrt->cache_resolve_queue_len);
1448 found = true;
1449 break;
1450 }
1451 }
1452 if (list_empty(&mrt->mfc6_unres_queue))
1453 del_timer(&mrt->ipmr_expire_timer);
1454 spin_unlock_bh(&mfc_unres_lock);
1455
1456 if (found) {
1457 ip6mr_cache_resolve(net, mrt, uc, c);
1458 ip6mr_cache_free(uc);
1459 }
1460 return 0;
1461}
1462
1463/*
1464 * Close the multicast socket, and clear the vif tables etc
1465 */
1466
1467static void mroute_clean_tables(struct mr6_table *mrt)
1468{
1469 int i;
1470 LIST_HEAD(list);
1471 struct mfc6_cache *c, *next;
1472
1473 /*
1474 * Shut down all active vif entries
1475 */
1476 for (i = 0; i < mrt->maxvif; i++) {
1477 if (!(mrt->vif6_table[i].flags & VIFF_STATIC))
1478 mif6_delete(mrt, i, &list);
1479 }
1480 unregister_netdevice_many(&list);
1481
1482 /*
1483 * Wipe the cache
1484 */
1485 for (i = 0; i < MFC6_LINES; i++) {
1486 list_for_each_entry_safe(c, next, &mrt->mfc6_cache_array[i], list) {
1487 if (c->mfc_flags & MFC_STATIC)
1488 continue;
1489 write_lock_bh(&mrt_lock);
1490 list_del(&c->list);
1491 write_unlock_bh(&mrt_lock);
1492
1493 ip6mr_cache_free(c);
1494 }
1495 }
1496
1497 if (atomic_read(&mrt->cache_resolve_queue_len) != 0) {
1498 spin_lock_bh(&mfc_unres_lock);
1499 list_for_each_entry_safe(c, next, &mrt->mfc6_unres_queue, list) {
1500 list_del(&c->list);
1501 ip6mr_destroy_unres(mrt, c);
1502 }
1503 spin_unlock_bh(&mfc_unres_lock);
1504 }
1505}
1506
1507static int ip6mr_sk_init(struct mr6_table *mrt, struct sock *sk)
1508{
1509 int err = 0;
1510 struct net *net = sock_net(sk);
1511
1512 rtnl_lock();
1513 write_lock_bh(&mrt_lock);
1514 if (likely(mrt->mroute6_sk == NULL)) {
1515 mrt->mroute6_sk = sk;
1516 net->ipv6.devconf_all->mc_forwarding++;
1517 }
1518 else
1519 err = -EADDRINUSE;
1520 write_unlock_bh(&mrt_lock);
1521
1522 rtnl_unlock();
1523
1524 return err;
1525}
1526
1527int ip6mr_sk_done(struct sock *sk)
1528{
1529 int err = -EACCES;
1530 struct net *net = sock_net(sk);
1531 struct mr6_table *mrt;
1532
1533 rtnl_lock();
1534 ip6mr_for_each_table(mrt, net) {
1535 if (sk == mrt->mroute6_sk) {
1536 write_lock_bh(&mrt_lock);
1537 mrt->mroute6_sk = NULL;
1538 net->ipv6.devconf_all->mc_forwarding--;
1539 write_unlock_bh(&mrt_lock);
1540
1541 mroute_clean_tables(mrt);
1542 err = 0;
1543 break;
1544 }
1545 }
1546 rtnl_unlock();
1547
1548 return err;
1549}
1550
1551struct sock *mroute6_socket(struct net *net, struct sk_buff *skb)
1552{
1553 struct mr6_table *mrt;
1554 struct flowi6 fl6 = {
1555 .flowi6_iif = skb->skb_iif,
1556 .flowi6_oif = skb->dev->ifindex,
1557 .flowi6_mark = skb->mark,
1558 };
1559
1560 if (ip6mr_fib_lookup(net, &fl6, &mrt) < 0)
1561 return NULL;
1562
1563 return mrt->mroute6_sk;
1564}
1565
1566/*
1567 * Socket options and virtual interface manipulation. The whole
1568 * virtual interface system is a complete heap, but unfortunately
1569 * that's how BSD mrouted happens to think. Maybe one day with a proper
1570 * MOSPF/PIM router set up we can clean this up.
1571 */
1572
1573int ip6_mroute_setsockopt(struct sock *sk, int optname, char __user *optval, unsigned int optlen)
1574{
1575 int ret;
1576 struct mif6ctl vif;
1577 struct mf6cctl mfc;
1578 mifi_t mifi;
1579 struct net *net = sock_net(sk);
1580 struct mr6_table *mrt;
1581
1582 mrt = ip6mr_get_table(net, raw6_sk(sk)->ip6mr_table ? : RT6_TABLE_DFLT);
1583 if (mrt == NULL)
1584 return -ENOENT;
1585
1586 if (optname != MRT6_INIT) {
1587 if (sk != mrt->mroute6_sk && !capable(CAP_NET_ADMIN))
1588 return -EACCES;
1589 }
1590
1591 switch (optname) {
1592 case MRT6_INIT:
1593 if (sk->sk_type != SOCK_RAW ||
1594 inet_sk(sk)->inet_num != IPPROTO_ICMPV6)
1595 return -EOPNOTSUPP;
1596 if (optlen < sizeof(int))
1597 return -EINVAL;
1598
1599 return ip6mr_sk_init(mrt, sk);
1600
1601 case MRT6_DONE:
1602 return ip6mr_sk_done(sk);
1603
1604 case MRT6_ADD_MIF:
1605 if (optlen < sizeof(vif))
1606 return -EINVAL;
1607 if (copy_from_user(&vif, optval, sizeof(vif)))
1608 return -EFAULT;
1609 if (vif.mif6c_mifi >= MAXMIFS)
1610 return -ENFILE;
1611 rtnl_lock();
1612 ret = mif6_add(net, mrt, &vif, sk == mrt->mroute6_sk);
1613 rtnl_unlock();
1614 return ret;
1615
1616 case MRT6_DEL_MIF:
1617 if (optlen < sizeof(mifi_t))
1618 return -EINVAL;
1619 if (copy_from_user(&mifi, optval, sizeof(mifi_t)))
1620 return -EFAULT;
1621 rtnl_lock();
1622 ret = mif6_delete(mrt, mifi, NULL);
1623 rtnl_unlock();
1624 return ret;
1625
1626 /*
1627 * Manipulate the forwarding caches. These live
1628 * in a sort of kernel/user symbiosis.
1629 */
1630 case MRT6_ADD_MFC:
1631 case MRT6_DEL_MFC:
1632 if (optlen < sizeof(mfc))
1633 return -EINVAL;
1634 if (copy_from_user(&mfc, optval, sizeof(mfc)))
1635 return -EFAULT;
1636 rtnl_lock();
1637 if (optname == MRT6_DEL_MFC)
1638 ret = ip6mr_mfc_delete(mrt, &mfc);
1639 else
1640 ret = ip6mr_mfc_add(net, mrt, &mfc, sk == mrt->mroute6_sk);
1641 rtnl_unlock();
1642 return ret;
1643
1644 /*
1645 * Control PIM assert (to activate pim will activate assert)
1646 */
1647 case MRT6_ASSERT:
1648 {
1649 int v;
1650 if (get_user(v, (int __user *)optval))
1651 return -EFAULT;
1652 mrt->mroute_do_assert = !!v;
1653 return 0;
1654 }
1655
1656#ifdef CONFIG_IPV6_PIMSM_V2
1657 case MRT6_PIM:
1658 {
1659 int v;
1660 if (get_user(v, (int __user *)optval))
1661 return -EFAULT;
1662 v = !!v;
1663 rtnl_lock();
1664 ret = 0;
1665 if (v != mrt->mroute_do_pim) {
1666 mrt->mroute_do_pim = v;
1667 mrt->mroute_do_assert = v;
1668 }
1669 rtnl_unlock();
1670 return ret;
1671 }
1672
1673#endif
1674#ifdef CONFIG_IPV6_MROUTE_MULTIPLE_TABLES
1675 case MRT6_TABLE:
1676 {
1677 u32 v;
1678
1679 if (optlen != sizeof(u32))
1680 return -EINVAL;
1681 if (get_user(v, (u32 __user *)optval))
1682 return -EFAULT;
1683 if (sk == mrt->mroute6_sk)
1684 return -EBUSY;
1685
1686 rtnl_lock();
1687 ret = 0;
1688 if (!ip6mr_new_table(net, v))
1689 ret = -ENOMEM;
1690 raw6_sk(sk)->ip6mr_table = v;
1691 rtnl_unlock();
1692 return ret;
1693 }
1694#endif
1695 /*
1696 * Spurious command, or MRT6_VERSION which you cannot
1697 * set.
1698 */
1699 default:
1700 return -ENOPROTOOPT;
1701 }
1702}
1703
1704/*
1705 * Getsock opt support for the multicast routing system.
1706 */
1707
1708int ip6_mroute_getsockopt(struct sock *sk, int optname, char __user *optval,
1709 int __user *optlen)
1710{
1711 int olr;
1712 int val;
1713 struct net *net = sock_net(sk);
1714 struct mr6_table *mrt;
1715
1716 mrt = ip6mr_get_table(net, raw6_sk(sk)->ip6mr_table ? : RT6_TABLE_DFLT);
1717 if (mrt == NULL)
1718 return -ENOENT;
1719
1720 switch (optname) {
1721 case MRT6_VERSION:
1722 val = 0x0305;
1723 break;
1724#ifdef CONFIG_IPV6_PIMSM_V2
1725 case MRT6_PIM:
1726 val = mrt->mroute_do_pim;
1727 break;
1728#endif
1729 case MRT6_ASSERT:
1730 val = mrt->mroute_do_assert;
1731 break;
1732 default:
1733 return -ENOPROTOOPT;
1734 }
1735
1736 if (get_user(olr, optlen))
1737 return -EFAULT;
1738
1739 olr = min_t(int, olr, sizeof(int));
1740 if (olr < 0)
1741 return -EINVAL;
1742
1743 if (put_user(olr, optlen))
1744 return -EFAULT;
1745 if (copy_to_user(optval, &val, olr))
1746 return -EFAULT;
1747 return 0;
1748}
1749
1750/*
1751 * The IP multicast ioctl support routines.
1752 */
1753
1754int ip6mr_ioctl(struct sock *sk, int cmd, void __user *arg)
1755{
1756 struct sioc_sg_req6 sr;
1757 struct sioc_mif_req6 vr;
1758 struct mif_device *vif;
1759 struct mfc6_cache *c;
1760 struct net *net = sock_net(sk);
1761 struct mr6_table *mrt;
1762
1763 mrt = ip6mr_get_table(net, raw6_sk(sk)->ip6mr_table ? : RT6_TABLE_DFLT);
1764 if (mrt == NULL)
1765 return -ENOENT;
1766
1767 switch (cmd) {
1768 case SIOCGETMIFCNT_IN6:
1769 if (copy_from_user(&vr, arg, sizeof(vr)))
1770 return -EFAULT;
1771 if (vr.mifi >= mrt->maxvif)
1772 return -EINVAL;
1773 read_lock(&mrt_lock);
1774 vif = &mrt->vif6_table[vr.mifi];
1775 if (MIF_EXISTS(mrt, vr.mifi)) {
1776 vr.icount = vif->pkt_in;
1777 vr.ocount = vif->pkt_out;
1778 vr.ibytes = vif->bytes_in;
1779 vr.obytes = vif->bytes_out;
1780 read_unlock(&mrt_lock);
1781
1782 if (copy_to_user(arg, &vr, sizeof(vr)))
1783 return -EFAULT;
1784 return 0;
1785 }
1786 read_unlock(&mrt_lock);
1787 return -EADDRNOTAVAIL;
1788 case SIOCGETSGCNT_IN6:
1789 if (copy_from_user(&sr, arg, sizeof(sr)))
1790 return -EFAULT;
1791
1792 read_lock(&mrt_lock);
1793 c = ip6mr_cache_find(mrt, &sr.src.sin6_addr, &sr.grp.sin6_addr);
1794 if (c) {
1795 sr.pktcnt = c->mfc_un.res.pkt;
1796 sr.bytecnt = c->mfc_un.res.bytes;
1797 sr.wrong_if = c->mfc_un.res.wrong_if;
1798 read_unlock(&mrt_lock);
1799
1800 if (copy_to_user(arg, &sr, sizeof(sr)))
1801 return -EFAULT;
1802 return 0;
1803 }
1804 read_unlock(&mrt_lock);
1805 return -EADDRNOTAVAIL;
1806 default:
1807 return -ENOIOCTLCMD;
1808 }
1809}
1810
1811#ifdef CONFIG_COMPAT
1812struct compat_sioc_sg_req6 {
1813 struct sockaddr_in6 src;
1814 struct sockaddr_in6 grp;
1815 compat_ulong_t pktcnt;
1816 compat_ulong_t bytecnt;
1817 compat_ulong_t wrong_if;
1818};
1819
1820struct compat_sioc_mif_req6 {
1821 mifi_t mifi;
1822 compat_ulong_t icount;
1823 compat_ulong_t ocount;
1824 compat_ulong_t ibytes;
1825 compat_ulong_t obytes;
1826};
1827
1828int ip6mr_compat_ioctl(struct sock *sk, unsigned int cmd, void __user *arg)
1829{
1830 struct compat_sioc_sg_req6 sr;
1831 struct compat_sioc_mif_req6 vr;
1832 struct mif_device *vif;
1833 struct mfc6_cache *c;
1834 struct net *net = sock_net(sk);
1835 struct mr6_table *mrt;
1836
1837 mrt = ip6mr_get_table(net, raw6_sk(sk)->ip6mr_table ? : RT6_TABLE_DFLT);
1838 if (mrt == NULL)
1839 return -ENOENT;
1840
1841 switch (cmd) {
1842 case SIOCGETMIFCNT_IN6:
1843 if (copy_from_user(&vr, arg, sizeof(vr)))
1844 return -EFAULT;
1845 if (vr.mifi >= mrt->maxvif)
1846 return -EINVAL;
1847 read_lock(&mrt_lock);
1848 vif = &mrt->vif6_table[vr.mifi];
1849 if (MIF_EXISTS(mrt, vr.mifi)) {
1850 vr.icount = vif->pkt_in;
1851 vr.ocount = vif->pkt_out;
1852 vr.ibytes = vif->bytes_in;
1853 vr.obytes = vif->bytes_out;
1854 read_unlock(&mrt_lock);
1855
1856 if (copy_to_user(arg, &vr, sizeof(vr)))
1857 return -EFAULT;
1858 return 0;
1859 }
1860 read_unlock(&mrt_lock);
1861 return -EADDRNOTAVAIL;
1862 case SIOCGETSGCNT_IN6:
1863 if (copy_from_user(&sr, arg, sizeof(sr)))
1864 return -EFAULT;
1865
1866 read_lock(&mrt_lock);
1867 c = ip6mr_cache_find(mrt, &sr.src.sin6_addr, &sr.grp.sin6_addr);
1868 if (c) {
1869 sr.pktcnt = c->mfc_un.res.pkt;
1870 sr.bytecnt = c->mfc_un.res.bytes;
1871 sr.wrong_if = c->mfc_un.res.wrong_if;
1872 read_unlock(&mrt_lock);
1873
1874 if (copy_to_user(arg, &sr, sizeof(sr)))
1875 return -EFAULT;
1876 return 0;
1877 }
1878 read_unlock(&mrt_lock);
1879 return -EADDRNOTAVAIL;
1880 default:
1881 return -ENOIOCTLCMD;
1882 }
1883}
1884#endif
1885
1886static inline int ip6mr_forward2_finish(struct sk_buff *skb)
1887{
1888 IP6_INC_STATS_BH(dev_net(skb_dst(skb)->dev), ip6_dst_idev(skb_dst(skb)),
1889 IPSTATS_MIB_OUTFORWDATAGRAMS);
1890 return dst_output(skb);
1891}
1892
1893/*
1894 * Processing handlers for ip6mr_forward
1895 */
1896
1897static int ip6mr_forward2(struct net *net, struct mr6_table *mrt,
1898 struct sk_buff *skb, struct mfc6_cache *c, int vifi)
1899{
1900 struct ipv6hdr *ipv6h;
1901 struct mif_device *vif = &mrt->vif6_table[vifi];
1902 struct net_device *dev;
1903 struct dst_entry *dst;
1904 struct flowi6 fl6;
1905
1906 if (vif->dev == NULL)
1907 goto out_free;
1908
1909#ifdef CONFIG_IPV6_PIMSM_V2
1910 if (vif->flags & MIFF_REGISTER) {
1911 vif->pkt_out++;
1912 vif->bytes_out += skb->len;
1913 vif->dev->stats.tx_bytes += skb->len;
1914 vif->dev->stats.tx_packets++;
1915 ip6mr_cache_report(mrt, skb, vifi, MRT6MSG_WHOLEPKT);
1916 goto out_free;
1917 }
1918#endif
1919
1920 ipv6h = ipv6_hdr(skb);
1921
1922 fl6 = (struct flowi6) {
1923 .flowi6_oif = vif->link,
1924 .daddr = ipv6h->daddr,
1925 };
1926
1927 dst = ip6_route_output(net, NULL, &fl6);
1928 if (!dst)
1929 goto out_free;
1930
1931 skb_dst_drop(skb);
1932 skb_dst_set(skb, dst);
1933
1934 /*
1935 * RFC1584 teaches, that DVMRP/PIM router must deliver packets locally
1936 * not only before forwarding, but after forwarding on all output
1937 * interfaces. It is clear, if mrouter runs a multicasting
1938 * program, it should receive packets not depending to what interface
1939 * program is joined.
1940 * If we will not make it, the program will have to join on all
1941 * interfaces. On the other hand, multihoming host (or router, but
1942 * not mrouter) cannot join to more than one interface - it will
1943 * result in receiving multiple packets.
1944 */
1945 dev = vif->dev;
1946 skb->dev = dev;
1947 vif->pkt_out++;
1948 vif->bytes_out += skb->len;
1949
1950 /* We are about to write */
1951 /* XXX: extension headers? */
1952 if (skb_cow(skb, sizeof(*ipv6h) + LL_RESERVED_SPACE(dev)))
1953 goto out_free;
1954
1955 ipv6h = ipv6_hdr(skb);
1956 ipv6h->hop_limit--;
1957
1958 IP6CB(skb)->flags |= IP6SKB_FORWARDED;
1959
1960 return NF_HOOK(NFPROTO_IPV6, NF_INET_FORWARD, skb, skb->dev, dev,
1961 ip6mr_forward2_finish);
1962
1963out_free:
1964 kfree_skb(skb);
1965 return 0;
1966}
1967
1968static int ip6mr_find_vif(struct mr6_table *mrt, struct net_device *dev)
1969{
1970 int ct;
1971
1972 for (ct = mrt->maxvif - 1; ct >= 0; ct--) {
1973 if (mrt->vif6_table[ct].dev == dev)
1974 break;
1975 }
1976 return ct;
1977}
1978
1979static int ip6_mr_forward(struct net *net, struct mr6_table *mrt,
1980 struct sk_buff *skb, struct mfc6_cache *cache)
1981{
1982 int psend = -1;
1983 int vif, ct;
1984
1985 vif = cache->mf6c_parent;
1986 cache->mfc_un.res.pkt++;
1987 cache->mfc_un.res.bytes += skb->len;
1988
1989 /*
1990 * Wrong interface: drop packet and (maybe) send PIM assert.
1991 */
1992 if (mrt->vif6_table[vif].dev != skb->dev) {
1993 int true_vifi;
1994
1995 cache->mfc_un.res.wrong_if++;
1996 true_vifi = ip6mr_find_vif(mrt, skb->dev);
1997
1998 if (true_vifi >= 0 && mrt->mroute_do_assert &&
1999 /* pimsm uses asserts, when switching from RPT to SPT,
2000 so that we cannot check that packet arrived on an oif.
2001 It is bad, but otherwise we would need to move pretty
2002 large chunk of pimd to kernel. Ough... --ANK
2003 */
2004 (mrt->mroute_do_pim ||
2005 cache->mfc_un.res.ttls[true_vifi] < 255) &&
2006 time_after(jiffies,
2007 cache->mfc_un.res.last_assert + MFC_ASSERT_THRESH)) {
2008 cache->mfc_un.res.last_assert = jiffies;
2009 ip6mr_cache_report(mrt, skb, true_vifi, MRT6MSG_WRONGMIF);
2010 }
2011 goto dont_forward;
2012 }
2013
2014 mrt->vif6_table[vif].pkt_in++;
2015 mrt->vif6_table[vif].bytes_in += skb->len;
2016
2017 /*
2018 * Forward the frame
2019 */
2020 for (ct = cache->mfc_un.res.maxvif - 1; ct >= cache->mfc_un.res.minvif; ct--) {
2021 if (ipv6_hdr(skb)->hop_limit > cache->mfc_un.res.ttls[ct]) {
2022 if (psend != -1) {
2023 struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC);
2024 if (skb2)
2025 ip6mr_forward2(net, mrt, skb2, cache, psend);
2026 }
2027 psend = ct;
2028 }
2029 }
2030 if (psend != -1) {
2031 ip6mr_forward2(net, mrt, skb, cache, psend);
2032 return 0;
2033 }
2034
2035dont_forward:
2036 kfree_skb(skb);
2037 return 0;
2038}
2039
2040
2041/*
2042 * Multicast packets for forwarding arrive here
2043 */
2044
2045int ip6_mr_input(struct sk_buff *skb)
2046{
2047 struct mfc6_cache *cache;
2048 struct net *net = dev_net(skb->dev);
2049 struct mr6_table *mrt;
2050 struct flowi6 fl6 = {
2051 .flowi6_iif = skb->dev->ifindex,
2052 .flowi6_mark = skb->mark,
2053 };
2054 int err;
2055
2056 err = ip6mr_fib_lookup(net, &fl6, &mrt);
2057 if (err < 0) {
2058 kfree_skb(skb);
2059 return err;
2060 }
2061
2062 read_lock(&mrt_lock);
2063 cache = ip6mr_cache_find(mrt,
2064 &ipv6_hdr(skb)->saddr, &ipv6_hdr(skb)->daddr);
2065
2066 /*
2067 * No usable cache entry
2068 */
2069 if (cache == NULL) {
2070 int vif;
2071
2072 vif = ip6mr_find_vif(mrt, skb->dev);
2073 if (vif >= 0) {
2074 int err = ip6mr_cache_unresolved(mrt, vif, skb);
2075 read_unlock(&mrt_lock);
2076
2077 return err;
2078 }
2079 read_unlock(&mrt_lock);
2080 kfree_skb(skb);
2081 return -ENODEV;
2082 }
2083
2084 ip6_mr_forward(net, mrt, skb, cache);
2085
2086 read_unlock(&mrt_lock);
2087
2088 return 0;
2089}
2090
2091
2092static int __ip6mr_fill_mroute(struct mr6_table *mrt, struct sk_buff *skb,
2093 struct mfc6_cache *c, struct rtmsg *rtm)
2094{
2095 int ct;
2096 struct rtnexthop *nhp;
2097 u8 *b = skb_tail_pointer(skb);
2098 struct rtattr *mp_head;
2099
2100 /* If cache is unresolved, don't try to parse IIF and OIF */
2101 if (c->mf6c_parent >= MAXMIFS)
2102 return -ENOENT;
2103
2104 if (MIF_EXISTS(mrt, c->mf6c_parent))
2105 RTA_PUT(skb, RTA_IIF, 4, &mrt->vif6_table[c->mf6c_parent].dev->ifindex);
2106
2107 mp_head = (struct rtattr *)skb_put(skb, RTA_LENGTH(0));
2108
2109 for (ct = c->mfc_un.res.minvif; ct < c->mfc_un.res.maxvif; ct++) {
2110 if (MIF_EXISTS(mrt, ct) && c->mfc_un.res.ttls[ct] < 255) {
2111 if (skb_tailroom(skb) < RTA_ALIGN(RTA_ALIGN(sizeof(*nhp)) + 4))
2112 goto rtattr_failure;
2113 nhp = (struct rtnexthop *)skb_put(skb, RTA_ALIGN(sizeof(*nhp)));
2114 nhp->rtnh_flags = 0;
2115 nhp->rtnh_hops = c->mfc_un.res.ttls[ct];
2116 nhp->rtnh_ifindex = mrt->vif6_table[ct].dev->ifindex;
2117 nhp->rtnh_len = sizeof(*nhp);
2118 }
2119 }
2120 mp_head->rta_type = RTA_MULTIPATH;
2121 mp_head->rta_len = skb_tail_pointer(skb) - (u8 *)mp_head;
2122 rtm->rtm_type = RTN_MULTICAST;
2123 return 1;
2124
2125rtattr_failure:
2126 nlmsg_trim(skb, b);
2127 return -EMSGSIZE;
2128}
2129
2130int ip6mr_get_route(struct net *net,
2131 struct sk_buff *skb, struct rtmsg *rtm, int nowait)
2132{
2133 int err;
2134 struct mr6_table *mrt;
2135 struct mfc6_cache *cache;
2136 struct rt6_info *rt = (struct rt6_info *)skb_dst(skb);
2137
2138 mrt = ip6mr_get_table(net, RT6_TABLE_DFLT);
2139 if (mrt == NULL)
2140 return -ENOENT;
2141
2142 read_lock(&mrt_lock);
2143 cache = ip6mr_cache_find(mrt, &rt->rt6i_src.addr, &rt->rt6i_dst.addr);
2144
2145 if (!cache) {
2146 struct sk_buff *skb2;
2147 struct ipv6hdr *iph;
2148 struct net_device *dev;
2149 int vif;
2150
2151 if (nowait) {
2152 read_unlock(&mrt_lock);
2153 return -EAGAIN;
2154 }
2155
2156 dev = skb->dev;
2157 if (dev == NULL || (vif = ip6mr_find_vif(mrt, dev)) < 0) {
2158 read_unlock(&mrt_lock);
2159 return -ENODEV;
2160 }
2161
2162 /* really correct? */
2163 skb2 = alloc_skb(sizeof(struct ipv6hdr), GFP_ATOMIC);
2164 if (!skb2) {
2165 read_unlock(&mrt_lock);
2166 return -ENOMEM;
2167 }
2168
2169 skb_reset_transport_header(skb2);
2170
2171 skb_put(skb2, sizeof(struct ipv6hdr));
2172 skb_reset_network_header(skb2);
2173
2174 iph = ipv6_hdr(skb2);
2175 iph->version = 0;
2176 iph->priority = 0;
2177 iph->flow_lbl[0] = 0;
2178 iph->flow_lbl[1] = 0;
2179 iph->flow_lbl[2] = 0;
2180 iph->payload_len = 0;
2181 iph->nexthdr = IPPROTO_NONE;
2182 iph->hop_limit = 0;
2183 ipv6_addr_copy(&iph->saddr, &rt->rt6i_src.addr);
2184 ipv6_addr_copy(&iph->daddr, &rt->rt6i_dst.addr);
2185
2186 err = ip6mr_cache_unresolved(mrt, vif, skb2);
2187 read_unlock(&mrt_lock);
2188
2189 return err;
2190 }
2191
2192 if (!nowait && (rtm->rtm_flags&RTM_F_NOTIFY))
2193 cache->mfc_flags |= MFC_NOTIFY;
2194
2195 err = __ip6mr_fill_mroute(mrt, skb, cache, rtm);
2196 read_unlock(&mrt_lock);
2197 return err;
2198}
2199
2200static int ip6mr_fill_mroute(struct mr6_table *mrt, struct sk_buff *skb,
2201 u32 pid, u32 seq, struct mfc6_cache *c)
2202{
2203 struct nlmsghdr *nlh;
2204 struct rtmsg *rtm;
2205
2206 nlh = nlmsg_put(skb, pid, seq, RTM_NEWROUTE, sizeof(*rtm), NLM_F_MULTI);
2207 if (nlh == NULL)
2208 return -EMSGSIZE;
2209
2210 rtm = nlmsg_data(nlh);
2211 rtm->rtm_family = RTNL_FAMILY_IPMR;
2212 rtm->rtm_dst_len = 128;
2213 rtm->rtm_src_len = 128;
2214 rtm->rtm_tos = 0;
2215 rtm->rtm_table = mrt->id;
2216 NLA_PUT_U32(skb, RTA_TABLE, mrt->id);
2217 rtm->rtm_scope = RT_SCOPE_UNIVERSE;
2218 rtm->rtm_protocol = RTPROT_UNSPEC;
2219 rtm->rtm_flags = 0;
2220
2221 NLA_PUT(skb, RTA_SRC, 16, &c->mf6c_origin);
2222 NLA_PUT(skb, RTA_DST, 16, &c->mf6c_mcastgrp);
2223
2224 if (__ip6mr_fill_mroute(mrt, skb, c, rtm) < 0)
2225 goto nla_put_failure;
2226
2227 return nlmsg_end(skb, nlh);
2228
2229nla_put_failure:
2230 nlmsg_cancel(skb, nlh);
2231 return -EMSGSIZE;
2232}
2233
2234static int ip6mr_rtm_dumproute(struct sk_buff *skb, struct netlink_callback *cb)
2235{
2236 struct net *net = sock_net(skb->sk);
2237 struct mr6_table *mrt;
2238 struct mfc6_cache *mfc;
2239 unsigned int t = 0, s_t;
2240 unsigned int h = 0, s_h;
2241 unsigned int e = 0, s_e;
2242
2243 s_t = cb->args[0];
2244 s_h = cb->args[1];
2245 s_e = cb->args[2];
2246
2247 read_lock(&mrt_lock);
2248 ip6mr_for_each_table(mrt, net) {
2249 if (t < s_t)
2250 goto next_table;
2251 if (t > s_t)
2252 s_h = 0;
2253 for (h = s_h; h < MFC6_LINES; h++) {
2254 list_for_each_entry(mfc, &mrt->mfc6_cache_array[h], list) {
2255 if (e < s_e)
2256 goto next_entry;
2257 if (ip6mr_fill_mroute(mrt, skb,
2258 NETLINK_CB(cb->skb).pid,
2259 cb->nlh->nlmsg_seq,
2260 mfc) < 0)
2261 goto done;
2262next_entry:
2263 e++;
2264 }
2265 e = s_e = 0;
2266 }
2267 s_h = 0;
2268next_table:
2269 t++;
2270 }
2271done:
2272 read_unlock(&mrt_lock);
2273
2274 cb->args[2] = e;
2275 cb->args[1] = h;
2276 cb->args[0] = t;
2277
2278 return skb->len;
2279}
1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * Linux IPv6 multicast routing support for BSD pim6sd
4 * Based on net/ipv4/ipmr.c.
5 *
6 * (c) 2004 Mickael Hoerdt, <hoerdt@clarinet.u-strasbg.fr>
7 * LSIIT Laboratory, Strasbourg, France
8 * (c) 2004 Jean-Philippe Andriot, <jean-philippe.andriot@6WIND.com>
9 * 6WIND, Paris, France
10 * Copyright (C)2007,2008 USAGI/WIDE Project
11 * YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
12 */
13
14#include <linux/uaccess.h>
15#include <linux/types.h>
16#include <linux/sched.h>
17#include <linux/errno.h>
18#include <linux/mm.h>
19#include <linux/kernel.h>
20#include <linux/fcntl.h>
21#include <linux/stat.h>
22#include <linux/socket.h>
23#include <linux/inet.h>
24#include <linux/netdevice.h>
25#include <linux/inetdevice.h>
26#include <linux/proc_fs.h>
27#include <linux/seq_file.h>
28#include <linux/init.h>
29#include <linux/compat.h>
30#include <linux/rhashtable.h>
31#include <net/protocol.h>
32#include <linux/skbuff.h>
33#include <net/raw.h>
34#include <linux/notifier.h>
35#include <linux/if_arp.h>
36#include <net/checksum.h>
37#include <net/netlink.h>
38#include <net/fib_rules.h>
39
40#include <net/ipv6.h>
41#include <net/ip6_route.h>
42#include <linux/mroute6.h>
43#include <linux/pim.h>
44#include <net/addrconf.h>
45#include <linux/netfilter_ipv6.h>
46#include <linux/export.h>
47#include <net/ip6_checksum.h>
48#include <linux/netconf.h>
49#include <net/ip_tunnels.h>
50
51#include <linux/nospec.h>
52
53struct ip6mr_rule {
54 struct fib_rule common;
55};
56
57struct ip6mr_result {
58 struct mr_table *mrt;
59};
60
61/* Big lock, protecting vif table, mrt cache and mroute socket state.
62 Note that the changes are semaphored via rtnl_lock.
63 */
64
65static DEFINE_SPINLOCK(mrt_lock);
66
67static struct net_device *vif_dev_read(const struct vif_device *vif)
68{
69 return rcu_dereference(vif->dev);
70}
71
72/* Multicast router control variables */
73
74/* Special spinlock for queue of unresolved entries */
75static DEFINE_SPINLOCK(mfc_unres_lock);
76
77/* We return to original Alan's scheme. Hash table of resolved
78 entries is changed only in process context and protected
79 with weak lock mrt_lock. Queue of unresolved entries is protected
80 with strong spinlock mfc_unres_lock.
81
82 In this case data path is free of exclusive locks at all.
83 */
84
85static struct kmem_cache *mrt_cachep __read_mostly;
86
87static struct mr_table *ip6mr_new_table(struct net *net, u32 id);
88static void ip6mr_free_table(struct mr_table *mrt);
89
90static void ip6_mr_forward(struct net *net, struct mr_table *mrt,
91 struct net_device *dev, struct sk_buff *skb,
92 struct mfc6_cache *cache);
93static int ip6mr_cache_report(const struct mr_table *mrt, struct sk_buff *pkt,
94 mifi_t mifi, int assert);
95static void mr6_netlink_event(struct mr_table *mrt, struct mfc6_cache *mfc,
96 int cmd);
97static void mrt6msg_netlink_event(const struct mr_table *mrt, struct sk_buff *pkt);
98static int ip6mr_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr *nlh,
99 struct netlink_ext_ack *extack);
100static int ip6mr_rtm_dumproute(struct sk_buff *skb,
101 struct netlink_callback *cb);
102static void mroute_clean_tables(struct mr_table *mrt, int flags);
103static void ipmr_expire_process(struct timer_list *t);
104
105#ifdef CONFIG_IPV6_MROUTE_MULTIPLE_TABLES
106#define ip6mr_for_each_table(mrt, net) \
107 list_for_each_entry_rcu(mrt, &net->ipv6.mr6_tables, list, \
108 lockdep_rtnl_is_held() || \
109 list_empty(&net->ipv6.mr6_tables))
110
111static struct mr_table *ip6mr_mr_table_iter(struct net *net,
112 struct mr_table *mrt)
113{
114 struct mr_table *ret;
115
116 if (!mrt)
117 ret = list_entry_rcu(net->ipv6.mr6_tables.next,
118 struct mr_table, list);
119 else
120 ret = list_entry_rcu(mrt->list.next,
121 struct mr_table, list);
122
123 if (&ret->list == &net->ipv6.mr6_tables)
124 return NULL;
125 return ret;
126}
127
128static struct mr_table *ip6mr_get_table(struct net *net, u32 id)
129{
130 struct mr_table *mrt;
131
132 ip6mr_for_each_table(mrt, net) {
133 if (mrt->id == id)
134 return mrt;
135 }
136 return NULL;
137}
138
139static int ip6mr_fib_lookup(struct net *net, struct flowi6 *flp6,
140 struct mr_table **mrt)
141{
142 int err;
143 struct ip6mr_result res;
144 struct fib_lookup_arg arg = {
145 .result = &res,
146 .flags = FIB_LOOKUP_NOREF,
147 };
148
149 /* update flow if oif or iif point to device enslaved to l3mdev */
150 l3mdev_update_flow(net, flowi6_to_flowi(flp6));
151
152 err = fib_rules_lookup(net->ipv6.mr6_rules_ops,
153 flowi6_to_flowi(flp6), 0, &arg);
154 if (err < 0)
155 return err;
156 *mrt = res.mrt;
157 return 0;
158}
159
160static int ip6mr_rule_action(struct fib_rule *rule, struct flowi *flp,
161 int flags, struct fib_lookup_arg *arg)
162{
163 struct ip6mr_result *res = arg->result;
164 struct mr_table *mrt;
165
166 switch (rule->action) {
167 case FR_ACT_TO_TBL:
168 break;
169 case FR_ACT_UNREACHABLE:
170 return -ENETUNREACH;
171 case FR_ACT_PROHIBIT:
172 return -EACCES;
173 case FR_ACT_BLACKHOLE:
174 default:
175 return -EINVAL;
176 }
177
178 arg->table = fib_rule_get_table(rule, arg);
179
180 mrt = ip6mr_get_table(rule->fr_net, arg->table);
181 if (!mrt)
182 return -EAGAIN;
183 res->mrt = mrt;
184 return 0;
185}
186
187static int ip6mr_rule_match(struct fib_rule *rule, struct flowi *flp, int flags)
188{
189 return 1;
190}
191
192static int ip6mr_rule_configure(struct fib_rule *rule, struct sk_buff *skb,
193 struct fib_rule_hdr *frh, struct nlattr **tb,
194 struct netlink_ext_ack *extack)
195{
196 return 0;
197}
198
199static int ip6mr_rule_compare(struct fib_rule *rule, struct fib_rule_hdr *frh,
200 struct nlattr **tb)
201{
202 return 1;
203}
204
205static int ip6mr_rule_fill(struct fib_rule *rule, struct sk_buff *skb,
206 struct fib_rule_hdr *frh)
207{
208 frh->dst_len = 0;
209 frh->src_len = 0;
210 frh->tos = 0;
211 return 0;
212}
213
214static const struct fib_rules_ops __net_initconst ip6mr_rules_ops_template = {
215 .family = RTNL_FAMILY_IP6MR,
216 .rule_size = sizeof(struct ip6mr_rule),
217 .addr_size = sizeof(struct in6_addr),
218 .action = ip6mr_rule_action,
219 .match = ip6mr_rule_match,
220 .configure = ip6mr_rule_configure,
221 .compare = ip6mr_rule_compare,
222 .fill = ip6mr_rule_fill,
223 .nlgroup = RTNLGRP_IPV6_RULE,
224 .owner = THIS_MODULE,
225};
226
227static int __net_init ip6mr_rules_init(struct net *net)
228{
229 struct fib_rules_ops *ops;
230 struct mr_table *mrt;
231 int err;
232
233 ops = fib_rules_register(&ip6mr_rules_ops_template, net);
234 if (IS_ERR(ops))
235 return PTR_ERR(ops);
236
237 INIT_LIST_HEAD(&net->ipv6.mr6_tables);
238
239 mrt = ip6mr_new_table(net, RT6_TABLE_DFLT);
240 if (IS_ERR(mrt)) {
241 err = PTR_ERR(mrt);
242 goto err1;
243 }
244
245 err = fib_default_rule_add(ops, 0x7fff, RT6_TABLE_DFLT, 0);
246 if (err < 0)
247 goto err2;
248
249 net->ipv6.mr6_rules_ops = ops;
250 return 0;
251
252err2:
253 rtnl_lock();
254 ip6mr_free_table(mrt);
255 rtnl_unlock();
256err1:
257 fib_rules_unregister(ops);
258 return err;
259}
260
261static void __net_exit ip6mr_rules_exit(struct net *net)
262{
263 struct mr_table *mrt, *next;
264
265 ASSERT_RTNL();
266 list_for_each_entry_safe(mrt, next, &net->ipv6.mr6_tables, list) {
267 list_del(&mrt->list);
268 ip6mr_free_table(mrt);
269 }
270 fib_rules_unregister(net->ipv6.mr6_rules_ops);
271}
272
273static int ip6mr_rules_dump(struct net *net, struct notifier_block *nb,
274 struct netlink_ext_ack *extack)
275{
276 return fib_rules_dump(net, nb, RTNL_FAMILY_IP6MR, extack);
277}
278
279static unsigned int ip6mr_rules_seq_read(struct net *net)
280{
281 return fib_rules_seq_read(net, RTNL_FAMILY_IP6MR);
282}
283
284bool ip6mr_rule_default(const struct fib_rule *rule)
285{
286 return fib_rule_matchall(rule) && rule->action == FR_ACT_TO_TBL &&
287 rule->table == RT6_TABLE_DFLT && !rule->l3mdev;
288}
289EXPORT_SYMBOL(ip6mr_rule_default);
290#else
291#define ip6mr_for_each_table(mrt, net) \
292 for (mrt = net->ipv6.mrt6; mrt; mrt = NULL)
293
294static struct mr_table *ip6mr_mr_table_iter(struct net *net,
295 struct mr_table *mrt)
296{
297 if (!mrt)
298 return net->ipv6.mrt6;
299 return NULL;
300}
301
302static struct mr_table *ip6mr_get_table(struct net *net, u32 id)
303{
304 return net->ipv6.mrt6;
305}
306
307static int ip6mr_fib_lookup(struct net *net, struct flowi6 *flp6,
308 struct mr_table **mrt)
309{
310 *mrt = net->ipv6.mrt6;
311 return 0;
312}
313
314static int __net_init ip6mr_rules_init(struct net *net)
315{
316 struct mr_table *mrt;
317
318 mrt = ip6mr_new_table(net, RT6_TABLE_DFLT);
319 if (IS_ERR(mrt))
320 return PTR_ERR(mrt);
321 net->ipv6.mrt6 = mrt;
322 return 0;
323}
324
325static void __net_exit ip6mr_rules_exit(struct net *net)
326{
327 ASSERT_RTNL();
328 ip6mr_free_table(net->ipv6.mrt6);
329 net->ipv6.mrt6 = NULL;
330}
331
332static int ip6mr_rules_dump(struct net *net, struct notifier_block *nb,
333 struct netlink_ext_ack *extack)
334{
335 return 0;
336}
337
338static unsigned int ip6mr_rules_seq_read(struct net *net)
339{
340 return 0;
341}
342#endif
343
344static int ip6mr_hash_cmp(struct rhashtable_compare_arg *arg,
345 const void *ptr)
346{
347 const struct mfc6_cache_cmp_arg *cmparg = arg->key;
348 struct mfc6_cache *c = (struct mfc6_cache *)ptr;
349
350 return !ipv6_addr_equal(&c->mf6c_mcastgrp, &cmparg->mf6c_mcastgrp) ||
351 !ipv6_addr_equal(&c->mf6c_origin, &cmparg->mf6c_origin);
352}
353
354static const struct rhashtable_params ip6mr_rht_params = {
355 .head_offset = offsetof(struct mr_mfc, mnode),
356 .key_offset = offsetof(struct mfc6_cache, cmparg),
357 .key_len = sizeof(struct mfc6_cache_cmp_arg),
358 .nelem_hint = 3,
359 .obj_cmpfn = ip6mr_hash_cmp,
360 .automatic_shrinking = true,
361};
362
363static void ip6mr_new_table_set(struct mr_table *mrt,
364 struct net *net)
365{
366#ifdef CONFIG_IPV6_MROUTE_MULTIPLE_TABLES
367 list_add_tail_rcu(&mrt->list, &net->ipv6.mr6_tables);
368#endif
369}
370
371static struct mfc6_cache_cmp_arg ip6mr_mr_table_ops_cmparg_any = {
372 .mf6c_origin = IN6ADDR_ANY_INIT,
373 .mf6c_mcastgrp = IN6ADDR_ANY_INIT,
374};
375
376static struct mr_table_ops ip6mr_mr_table_ops = {
377 .rht_params = &ip6mr_rht_params,
378 .cmparg_any = &ip6mr_mr_table_ops_cmparg_any,
379};
380
381static struct mr_table *ip6mr_new_table(struct net *net, u32 id)
382{
383 struct mr_table *mrt;
384
385 mrt = ip6mr_get_table(net, id);
386 if (mrt)
387 return mrt;
388
389 return mr_table_alloc(net, id, &ip6mr_mr_table_ops,
390 ipmr_expire_process, ip6mr_new_table_set);
391}
392
393static void ip6mr_free_table(struct mr_table *mrt)
394{
395 timer_shutdown_sync(&mrt->ipmr_expire_timer);
396 mroute_clean_tables(mrt, MRT6_FLUSH_MIFS | MRT6_FLUSH_MIFS_STATIC |
397 MRT6_FLUSH_MFC | MRT6_FLUSH_MFC_STATIC);
398 rhltable_destroy(&mrt->mfc_hash);
399 kfree(mrt);
400}
401
402#ifdef CONFIG_PROC_FS
403/* The /proc interfaces to multicast routing
404 * /proc/ip6_mr_cache /proc/ip6_mr_vif
405 */
406
407static void *ip6mr_vif_seq_start(struct seq_file *seq, loff_t *pos)
408 __acquires(RCU)
409{
410 struct mr_vif_iter *iter = seq->private;
411 struct net *net = seq_file_net(seq);
412 struct mr_table *mrt;
413
414 mrt = ip6mr_get_table(net, RT6_TABLE_DFLT);
415 if (!mrt)
416 return ERR_PTR(-ENOENT);
417
418 iter->mrt = mrt;
419
420 rcu_read_lock();
421 return mr_vif_seq_start(seq, pos);
422}
423
424static void ip6mr_vif_seq_stop(struct seq_file *seq, void *v)
425 __releases(RCU)
426{
427 rcu_read_unlock();
428}
429
430static int ip6mr_vif_seq_show(struct seq_file *seq, void *v)
431{
432 struct mr_vif_iter *iter = seq->private;
433 struct mr_table *mrt = iter->mrt;
434
435 if (v == SEQ_START_TOKEN) {
436 seq_puts(seq,
437 "Interface BytesIn PktsIn BytesOut PktsOut Flags\n");
438 } else {
439 const struct vif_device *vif = v;
440 const struct net_device *vif_dev;
441 const char *name;
442
443 vif_dev = vif_dev_read(vif);
444 name = vif_dev ? vif_dev->name : "none";
445
446 seq_printf(seq,
447 "%2td %-10s %8ld %7ld %8ld %7ld %05X\n",
448 vif - mrt->vif_table,
449 name, vif->bytes_in, vif->pkt_in,
450 vif->bytes_out, vif->pkt_out,
451 vif->flags);
452 }
453 return 0;
454}
455
456static const struct seq_operations ip6mr_vif_seq_ops = {
457 .start = ip6mr_vif_seq_start,
458 .next = mr_vif_seq_next,
459 .stop = ip6mr_vif_seq_stop,
460 .show = ip6mr_vif_seq_show,
461};
462
463static void *ipmr_mfc_seq_start(struct seq_file *seq, loff_t *pos)
464{
465 struct net *net = seq_file_net(seq);
466 struct mr_table *mrt;
467
468 mrt = ip6mr_get_table(net, RT6_TABLE_DFLT);
469 if (!mrt)
470 return ERR_PTR(-ENOENT);
471
472 return mr_mfc_seq_start(seq, pos, mrt, &mfc_unres_lock);
473}
474
475static int ipmr_mfc_seq_show(struct seq_file *seq, void *v)
476{
477 int n;
478
479 if (v == SEQ_START_TOKEN) {
480 seq_puts(seq,
481 "Group "
482 "Origin "
483 "Iif Pkts Bytes Wrong Oifs\n");
484 } else {
485 const struct mfc6_cache *mfc = v;
486 const struct mr_mfc_iter *it = seq->private;
487 struct mr_table *mrt = it->mrt;
488
489 seq_printf(seq, "%pI6 %pI6 %-3hd",
490 &mfc->mf6c_mcastgrp, &mfc->mf6c_origin,
491 mfc->_c.mfc_parent);
492
493 if (it->cache != &mrt->mfc_unres_queue) {
494 seq_printf(seq, " %8lu %8lu %8lu",
495 mfc->_c.mfc_un.res.pkt,
496 mfc->_c.mfc_un.res.bytes,
497 mfc->_c.mfc_un.res.wrong_if);
498 for (n = mfc->_c.mfc_un.res.minvif;
499 n < mfc->_c.mfc_un.res.maxvif; n++) {
500 if (VIF_EXISTS(mrt, n) &&
501 mfc->_c.mfc_un.res.ttls[n] < 255)
502 seq_printf(seq,
503 " %2d:%-3d", n,
504 mfc->_c.mfc_un.res.ttls[n]);
505 }
506 } else {
507 /* unresolved mfc_caches don't contain
508 * pkt, bytes and wrong_if values
509 */
510 seq_printf(seq, " %8lu %8lu %8lu", 0ul, 0ul, 0ul);
511 }
512 seq_putc(seq, '\n');
513 }
514 return 0;
515}
516
517static const struct seq_operations ipmr_mfc_seq_ops = {
518 .start = ipmr_mfc_seq_start,
519 .next = mr_mfc_seq_next,
520 .stop = mr_mfc_seq_stop,
521 .show = ipmr_mfc_seq_show,
522};
523#endif
524
525#ifdef CONFIG_IPV6_PIMSM_V2
526
527static int pim6_rcv(struct sk_buff *skb)
528{
529 struct pimreghdr *pim;
530 struct ipv6hdr *encap;
531 struct net_device *reg_dev = NULL;
532 struct net *net = dev_net(skb->dev);
533 struct mr_table *mrt;
534 struct flowi6 fl6 = {
535 .flowi6_iif = skb->dev->ifindex,
536 .flowi6_mark = skb->mark,
537 };
538 int reg_vif_num;
539
540 if (!pskb_may_pull(skb, sizeof(*pim) + sizeof(*encap)))
541 goto drop;
542
543 pim = (struct pimreghdr *)skb_transport_header(skb);
544 if (pim->type != ((PIM_VERSION << 4) | PIM_TYPE_REGISTER) ||
545 (pim->flags & PIM_NULL_REGISTER) ||
546 (csum_ipv6_magic(&ipv6_hdr(skb)->saddr, &ipv6_hdr(skb)->daddr,
547 sizeof(*pim), IPPROTO_PIM,
548 csum_partial((void *)pim, sizeof(*pim), 0)) &&
549 csum_fold(skb_checksum(skb, 0, skb->len, 0))))
550 goto drop;
551
552 /* check if the inner packet is destined to mcast group */
553 encap = (struct ipv6hdr *)(skb_transport_header(skb) +
554 sizeof(*pim));
555
556 if (!ipv6_addr_is_multicast(&encap->daddr) ||
557 encap->payload_len == 0 ||
558 ntohs(encap->payload_len) + sizeof(*pim) > skb->len)
559 goto drop;
560
561 if (ip6mr_fib_lookup(net, &fl6, &mrt) < 0)
562 goto drop;
563
564 /* Pairs with WRITE_ONCE() in mif6_add()/mif6_delete() */
565 reg_vif_num = READ_ONCE(mrt->mroute_reg_vif_num);
566 if (reg_vif_num >= 0)
567 reg_dev = vif_dev_read(&mrt->vif_table[reg_vif_num]);
568
569 if (!reg_dev)
570 goto drop;
571
572 skb->mac_header = skb->network_header;
573 skb_pull(skb, (u8 *)encap - skb->data);
574 skb_reset_network_header(skb);
575 skb->protocol = htons(ETH_P_IPV6);
576 skb->ip_summed = CHECKSUM_NONE;
577
578 skb_tunnel_rx(skb, reg_dev, dev_net(reg_dev));
579
580 netif_rx(skb);
581
582 return 0;
583 drop:
584 kfree_skb(skb);
585 return 0;
586}
587
588static const struct inet6_protocol pim6_protocol = {
589 .handler = pim6_rcv,
590};
591
592/* Service routines creating virtual interfaces: PIMREG */
593
594static netdev_tx_t reg_vif_xmit(struct sk_buff *skb,
595 struct net_device *dev)
596{
597 struct net *net = dev_net(dev);
598 struct mr_table *mrt;
599 struct flowi6 fl6 = {
600 .flowi6_oif = dev->ifindex,
601 .flowi6_iif = skb->skb_iif ? : LOOPBACK_IFINDEX,
602 .flowi6_mark = skb->mark,
603 };
604
605 if (!pskb_inet_may_pull(skb))
606 goto tx_err;
607
608 if (ip6mr_fib_lookup(net, &fl6, &mrt) < 0)
609 goto tx_err;
610
611 DEV_STATS_ADD(dev, tx_bytes, skb->len);
612 DEV_STATS_INC(dev, tx_packets);
613 rcu_read_lock();
614 ip6mr_cache_report(mrt, skb, READ_ONCE(mrt->mroute_reg_vif_num),
615 MRT6MSG_WHOLEPKT);
616 rcu_read_unlock();
617 kfree_skb(skb);
618 return NETDEV_TX_OK;
619
620tx_err:
621 DEV_STATS_INC(dev, tx_errors);
622 kfree_skb(skb);
623 return NETDEV_TX_OK;
624}
625
626static int reg_vif_get_iflink(const struct net_device *dev)
627{
628 return 0;
629}
630
631static const struct net_device_ops reg_vif_netdev_ops = {
632 .ndo_start_xmit = reg_vif_xmit,
633 .ndo_get_iflink = reg_vif_get_iflink,
634};
635
636static void reg_vif_setup(struct net_device *dev)
637{
638 dev->type = ARPHRD_PIMREG;
639 dev->mtu = 1500 - sizeof(struct ipv6hdr) - 8;
640 dev->flags = IFF_NOARP;
641 dev->netdev_ops = ®_vif_netdev_ops;
642 dev->needs_free_netdev = true;
643 dev->features |= NETIF_F_NETNS_LOCAL;
644}
645
646static struct net_device *ip6mr_reg_vif(struct net *net, struct mr_table *mrt)
647{
648 struct net_device *dev;
649 char name[IFNAMSIZ];
650
651 if (mrt->id == RT6_TABLE_DFLT)
652 sprintf(name, "pim6reg");
653 else
654 sprintf(name, "pim6reg%u", mrt->id);
655
656 dev = alloc_netdev(0, name, NET_NAME_UNKNOWN, reg_vif_setup);
657 if (!dev)
658 return NULL;
659
660 dev_net_set(dev, net);
661
662 if (register_netdevice(dev)) {
663 free_netdev(dev);
664 return NULL;
665 }
666
667 if (dev_open(dev, NULL))
668 goto failure;
669
670 dev_hold(dev);
671 return dev;
672
673failure:
674 unregister_netdevice(dev);
675 return NULL;
676}
677#endif
678
679static int call_ip6mr_vif_entry_notifiers(struct net *net,
680 enum fib_event_type event_type,
681 struct vif_device *vif,
682 struct net_device *vif_dev,
683 mifi_t vif_index, u32 tb_id)
684{
685 return mr_call_vif_notifiers(net, RTNL_FAMILY_IP6MR, event_type,
686 vif, vif_dev, vif_index, tb_id,
687 &net->ipv6.ipmr_seq);
688}
689
690static int call_ip6mr_mfc_entry_notifiers(struct net *net,
691 enum fib_event_type event_type,
692 struct mfc6_cache *mfc, u32 tb_id)
693{
694 return mr_call_mfc_notifiers(net, RTNL_FAMILY_IP6MR, event_type,
695 &mfc->_c, tb_id, &net->ipv6.ipmr_seq);
696}
697
698/* Delete a VIF entry */
699static int mif6_delete(struct mr_table *mrt, int vifi, int notify,
700 struct list_head *head)
701{
702 struct vif_device *v;
703 struct net_device *dev;
704 struct inet6_dev *in6_dev;
705
706 if (vifi < 0 || vifi >= mrt->maxvif)
707 return -EADDRNOTAVAIL;
708
709 v = &mrt->vif_table[vifi];
710
711 dev = rtnl_dereference(v->dev);
712 if (!dev)
713 return -EADDRNOTAVAIL;
714
715 call_ip6mr_vif_entry_notifiers(read_pnet(&mrt->net),
716 FIB_EVENT_VIF_DEL, v, dev,
717 vifi, mrt->id);
718 spin_lock(&mrt_lock);
719 RCU_INIT_POINTER(v->dev, NULL);
720
721#ifdef CONFIG_IPV6_PIMSM_V2
722 if (vifi == mrt->mroute_reg_vif_num) {
723 /* Pairs with READ_ONCE() in ip6mr_cache_report() and reg_vif_xmit() */
724 WRITE_ONCE(mrt->mroute_reg_vif_num, -1);
725 }
726#endif
727
728 if (vifi + 1 == mrt->maxvif) {
729 int tmp;
730 for (tmp = vifi - 1; tmp >= 0; tmp--) {
731 if (VIF_EXISTS(mrt, tmp))
732 break;
733 }
734 WRITE_ONCE(mrt->maxvif, tmp + 1);
735 }
736
737 spin_unlock(&mrt_lock);
738
739 dev_set_allmulti(dev, -1);
740
741 in6_dev = __in6_dev_get(dev);
742 if (in6_dev) {
743 atomic_dec(&in6_dev->cnf.mc_forwarding);
744 inet6_netconf_notify_devconf(dev_net(dev), RTM_NEWNETCONF,
745 NETCONFA_MC_FORWARDING,
746 dev->ifindex, &in6_dev->cnf);
747 }
748
749 if ((v->flags & MIFF_REGISTER) && !notify)
750 unregister_netdevice_queue(dev, head);
751
752 netdev_put(dev, &v->dev_tracker);
753 return 0;
754}
755
756static inline void ip6mr_cache_free_rcu(struct rcu_head *head)
757{
758 struct mr_mfc *c = container_of(head, struct mr_mfc, rcu);
759
760 kmem_cache_free(mrt_cachep, (struct mfc6_cache *)c);
761}
762
763static inline void ip6mr_cache_free(struct mfc6_cache *c)
764{
765 call_rcu(&c->_c.rcu, ip6mr_cache_free_rcu);
766}
767
768/* Destroy an unresolved cache entry, killing queued skbs
769 and reporting error to netlink readers.
770 */
771
772static void ip6mr_destroy_unres(struct mr_table *mrt, struct mfc6_cache *c)
773{
774 struct net *net = read_pnet(&mrt->net);
775 struct sk_buff *skb;
776
777 atomic_dec(&mrt->cache_resolve_queue_len);
778
779 while ((skb = skb_dequeue(&c->_c.mfc_un.unres.unresolved)) != NULL) {
780 if (ipv6_hdr(skb)->version == 0) {
781 struct nlmsghdr *nlh = skb_pull(skb,
782 sizeof(struct ipv6hdr));
783 nlh->nlmsg_type = NLMSG_ERROR;
784 nlh->nlmsg_len = nlmsg_msg_size(sizeof(struct nlmsgerr));
785 skb_trim(skb, nlh->nlmsg_len);
786 ((struct nlmsgerr *)nlmsg_data(nlh))->error = -ETIMEDOUT;
787 rtnl_unicast(skb, net, NETLINK_CB(skb).portid);
788 } else
789 kfree_skb(skb);
790 }
791
792 ip6mr_cache_free(c);
793}
794
795
796/* Timer process for all the unresolved queue. */
797
798static void ipmr_do_expire_process(struct mr_table *mrt)
799{
800 unsigned long now = jiffies;
801 unsigned long expires = 10 * HZ;
802 struct mr_mfc *c, *next;
803
804 list_for_each_entry_safe(c, next, &mrt->mfc_unres_queue, list) {
805 if (time_after(c->mfc_un.unres.expires, now)) {
806 /* not yet... */
807 unsigned long interval = c->mfc_un.unres.expires - now;
808 if (interval < expires)
809 expires = interval;
810 continue;
811 }
812
813 list_del(&c->list);
814 mr6_netlink_event(mrt, (struct mfc6_cache *)c, RTM_DELROUTE);
815 ip6mr_destroy_unres(mrt, (struct mfc6_cache *)c);
816 }
817
818 if (!list_empty(&mrt->mfc_unres_queue))
819 mod_timer(&mrt->ipmr_expire_timer, jiffies + expires);
820}
821
822static void ipmr_expire_process(struct timer_list *t)
823{
824 struct mr_table *mrt = from_timer(mrt, t, ipmr_expire_timer);
825
826 if (!spin_trylock(&mfc_unres_lock)) {
827 mod_timer(&mrt->ipmr_expire_timer, jiffies + 1);
828 return;
829 }
830
831 if (!list_empty(&mrt->mfc_unres_queue))
832 ipmr_do_expire_process(mrt);
833
834 spin_unlock(&mfc_unres_lock);
835}
836
837/* Fill oifs list. It is called under locked mrt_lock. */
838
839static void ip6mr_update_thresholds(struct mr_table *mrt,
840 struct mr_mfc *cache,
841 unsigned char *ttls)
842{
843 int vifi;
844
845 cache->mfc_un.res.minvif = MAXMIFS;
846 cache->mfc_un.res.maxvif = 0;
847 memset(cache->mfc_un.res.ttls, 255, MAXMIFS);
848
849 for (vifi = 0; vifi < mrt->maxvif; vifi++) {
850 if (VIF_EXISTS(mrt, vifi) &&
851 ttls[vifi] && ttls[vifi] < 255) {
852 cache->mfc_un.res.ttls[vifi] = ttls[vifi];
853 if (cache->mfc_un.res.minvif > vifi)
854 cache->mfc_un.res.minvif = vifi;
855 if (cache->mfc_un.res.maxvif <= vifi)
856 cache->mfc_un.res.maxvif = vifi + 1;
857 }
858 }
859 cache->mfc_un.res.lastuse = jiffies;
860}
861
862static int mif6_add(struct net *net, struct mr_table *mrt,
863 struct mif6ctl *vifc, int mrtsock)
864{
865 int vifi = vifc->mif6c_mifi;
866 struct vif_device *v = &mrt->vif_table[vifi];
867 struct net_device *dev;
868 struct inet6_dev *in6_dev;
869 int err;
870
871 /* Is vif busy ? */
872 if (VIF_EXISTS(mrt, vifi))
873 return -EADDRINUSE;
874
875 switch (vifc->mif6c_flags) {
876#ifdef CONFIG_IPV6_PIMSM_V2
877 case MIFF_REGISTER:
878 /*
879 * Special Purpose VIF in PIM
880 * All the packets will be sent to the daemon
881 */
882 if (mrt->mroute_reg_vif_num >= 0)
883 return -EADDRINUSE;
884 dev = ip6mr_reg_vif(net, mrt);
885 if (!dev)
886 return -ENOBUFS;
887 err = dev_set_allmulti(dev, 1);
888 if (err) {
889 unregister_netdevice(dev);
890 dev_put(dev);
891 return err;
892 }
893 break;
894#endif
895 case 0:
896 dev = dev_get_by_index(net, vifc->mif6c_pifi);
897 if (!dev)
898 return -EADDRNOTAVAIL;
899 err = dev_set_allmulti(dev, 1);
900 if (err) {
901 dev_put(dev);
902 return err;
903 }
904 break;
905 default:
906 return -EINVAL;
907 }
908
909 in6_dev = __in6_dev_get(dev);
910 if (in6_dev) {
911 atomic_inc(&in6_dev->cnf.mc_forwarding);
912 inet6_netconf_notify_devconf(dev_net(dev), RTM_NEWNETCONF,
913 NETCONFA_MC_FORWARDING,
914 dev->ifindex, &in6_dev->cnf);
915 }
916
917 /* Fill in the VIF structures */
918 vif_device_init(v, dev, vifc->vifc_rate_limit, vifc->vifc_threshold,
919 vifc->mif6c_flags | (!mrtsock ? VIFF_STATIC : 0),
920 MIFF_REGISTER);
921
922 /* And finish update writing critical data */
923 spin_lock(&mrt_lock);
924 rcu_assign_pointer(v->dev, dev);
925 netdev_tracker_alloc(dev, &v->dev_tracker, GFP_ATOMIC);
926#ifdef CONFIG_IPV6_PIMSM_V2
927 if (v->flags & MIFF_REGISTER)
928 WRITE_ONCE(mrt->mroute_reg_vif_num, vifi);
929#endif
930 if (vifi + 1 > mrt->maxvif)
931 WRITE_ONCE(mrt->maxvif, vifi + 1);
932 spin_unlock(&mrt_lock);
933 call_ip6mr_vif_entry_notifiers(net, FIB_EVENT_VIF_ADD,
934 v, dev, vifi, mrt->id);
935 return 0;
936}
937
938static struct mfc6_cache *ip6mr_cache_find(struct mr_table *mrt,
939 const struct in6_addr *origin,
940 const struct in6_addr *mcastgrp)
941{
942 struct mfc6_cache_cmp_arg arg = {
943 .mf6c_origin = *origin,
944 .mf6c_mcastgrp = *mcastgrp,
945 };
946
947 return mr_mfc_find(mrt, &arg);
948}
949
950/* Look for a (*,G) entry */
951static struct mfc6_cache *ip6mr_cache_find_any(struct mr_table *mrt,
952 struct in6_addr *mcastgrp,
953 mifi_t mifi)
954{
955 struct mfc6_cache_cmp_arg arg = {
956 .mf6c_origin = in6addr_any,
957 .mf6c_mcastgrp = *mcastgrp,
958 };
959
960 if (ipv6_addr_any(mcastgrp))
961 return mr_mfc_find_any_parent(mrt, mifi);
962 return mr_mfc_find_any(mrt, mifi, &arg);
963}
964
965/* Look for a (S,G,iif) entry if parent != -1 */
966static struct mfc6_cache *
967ip6mr_cache_find_parent(struct mr_table *mrt,
968 const struct in6_addr *origin,
969 const struct in6_addr *mcastgrp,
970 int parent)
971{
972 struct mfc6_cache_cmp_arg arg = {
973 .mf6c_origin = *origin,
974 .mf6c_mcastgrp = *mcastgrp,
975 };
976
977 return mr_mfc_find_parent(mrt, &arg, parent);
978}
979
980/* Allocate a multicast cache entry */
981static struct mfc6_cache *ip6mr_cache_alloc(void)
982{
983 struct mfc6_cache *c = kmem_cache_zalloc(mrt_cachep, GFP_KERNEL);
984 if (!c)
985 return NULL;
986 c->_c.mfc_un.res.last_assert = jiffies - MFC_ASSERT_THRESH - 1;
987 c->_c.mfc_un.res.minvif = MAXMIFS;
988 c->_c.free = ip6mr_cache_free_rcu;
989 refcount_set(&c->_c.mfc_un.res.refcount, 1);
990 return c;
991}
992
993static struct mfc6_cache *ip6mr_cache_alloc_unres(void)
994{
995 struct mfc6_cache *c = kmem_cache_zalloc(mrt_cachep, GFP_ATOMIC);
996 if (!c)
997 return NULL;
998 skb_queue_head_init(&c->_c.mfc_un.unres.unresolved);
999 c->_c.mfc_un.unres.expires = jiffies + 10 * HZ;
1000 return c;
1001}
1002
1003/*
1004 * A cache entry has gone into a resolved state from queued
1005 */
1006
1007static void ip6mr_cache_resolve(struct net *net, struct mr_table *mrt,
1008 struct mfc6_cache *uc, struct mfc6_cache *c)
1009{
1010 struct sk_buff *skb;
1011
1012 /*
1013 * Play the pending entries through our router
1014 */
1015
1016 while ((skb = __skb_dequeue(&uc->_c.mfc_un.unres.unresolved))) {
1017 if (ipv6_hdr(skb)->version == 0) {
1018 struct nlmsghdr *nlh = skb_pull(skb,
1019 sizeof(struct ipv6hdr));
1020
1021 if (mr_fill_mroute(mrt, skb, &c->_c,
1022 nlmsg_data(nlh)) > 0) {
1023 nlh->nlmsg_len = skb_tail_pointer(skb) - (u8 *)nlh;
1024 } else {
1025 nlh->nlmsg_type = NLMSG_ERROR;
1026 nlh->nlmsg_len = nlmsg_msg_size(sizeof(struct nlmsgerr));
1027 skb_trim(skb, nlh->nlmsg_len);
1028 ((struct nlmsgerr *)nlmsg_data(nlh))->error = -EMSGSIZE;
1029 }
1030 rtnl_unicast(skb, net, NETLINK_CB(skb).portid);
1031 } else {
1032 rcu_read_lock();
1033 ip6_mr_forward(net, mrt, skb->dev, skb, c);
1034 rcu_read_unlock();
1035 }
1036 }
1037}
1038
1039/*
1040 * Bounce a cache query up to pim6sd and netlink.
1041 *
1042 * Called under rcu_read_lock()
1043 */
1044
1045static int ip6mr_cache_report(const struct mr_table *mrt, struct sk_buff *pkt,
1046 mifi_t mifi, int assert)
1047{
1048 struct sock *mroute6_sk;
1049 struct sk_buff *skb;
1050 struct mrt6msg *msg;
1051 int ret;
1052
1053#ifdef CONFIG_IPV6_PIMSM_V2
1054 if (assert == MRT6MSG_WHOLEPKT || assert == MRT6MSG_WRMIFWHOLE)
1055 skb = skb_realloc_headroom(pkt, -skb_network_offset(pkt)
1056 +sizeof(*msg));
1057 else
1058#endif
1059 skb = alloc_skb(sizeof(struct ipv6hdr) + sizeof(*msg), GFP_ATOMIC);
1060
1061 if (!skb)
1062 return -ENOBUFS;
1063
1064 /* I suppose that internal messages
1065 * do not require checksums */
1066
1067 skb->ip_summed = CHECKSUM_UNNECESSARY;
1068
1069#ifdef CONFIG_IPV6_PIMSM_V2
1070 if (assert == MRT6MSG_WHOLEPKT || assert == MRT6MSG_WRMIFWHOLE) {
1071 /* Ugly, but we have no choice with this interface.
1072 Duplicate old header, fix length etc.
1073 And all this only to mangle msg->im6_msgtype and
1074 to set msg->im6_mbz to "mbz" :-)
1075 */
1076 skb_push(skb, -skb_network_offset(pkt));
1077
1078 skb_push(skb, sizeof(*msg));
1079 skb_reset_transport_header(skb);
1080 msg = (struct mrt6msg *)skb_transport_header(skb);
1081 msg->im6_mbz = 0;
1082 msg->im6_msgtype = assert;
1083 if (assert == MRT6MSG_WRMIFWHOLE)
1084 msg->im6_mif = mifi;
1085 else
1086 msg->im6_mif = READ_ONCE(mrt->mroute_reg_vif_num);
1087 msg->im6_pad = 0;
1088 msg->im6_src = ipv6_hdr(pkt)->saddr;
1089 msg->im6_dst = ipv6_hdr(pkt)->daddr;
1090
1091 skb->ip_summed = CHECKSUM_UNNECESSARY;
1092 } else
1093#endif
1094 {
1095 /*
1096 * Copy the IP header
1097 */
1098
1099 skb_put(skb, sizeof(struct ipv6hdr));
1100 skb_reset_network_header(skb);
1101 skb_copy_to_linear_data(skb, ipv6_hdr(pkt), sizeof(struct ipv6hdr));
1102
1103 /*
1104 * Add our header
1105 */
1106 skb_put(skb, sizeof(*msg));
1107 skb_reset_transport_header(skb);
1108 msg = (struct mrt6msg *)skb_transport_header(skb);
1109
1110 msg->im6_mbz = 0;
1111 msg->im6_msgtype = assert;
1112 msg->im6_mif = mifi;
1113 msg->im6_pad = 0;
1114 msg->im6_src = ipv6_hdr(pkt)->saddr;
1115 msg->im6_dst = ipv6_hdr(pkt)->daddr;
1116
1117 skb_dst_set(skb, dst_clone(skb_dst(pkt)));
1118 skb->ip_summed = CHECKSUM_UNNECESSARY;
1119 }
1120
1121 mroute6_sk = rcu_dereference(mrt->mroute_sk);
1122 if (!mroute6_sk) {
1123 kfree_skb(skb);
1124 return -EINVAL;
1125 }
1126
1127 mrt6msg_netlink_event(mrt, skb);
1128
1129 /* Deliver to user space multicast routing algorithms */
1130 ret = sock_queue_rcv_skb(mroute6_sk, skb);
1131
1132 if (ret < 0) {
1133 net_warn_ratelimited("mroute6: pending queue full, dropping entries\n");
1134 kfree_skb(skb);
1135 }
1136
1137 return ret;
1138}
1139
1140/* Queue a packet for resolution. It gets locked cache entry! */
1141static int ip6mr_cache_unresolved(struct mr_table *mrt, mifi_t mifi,
1142 struct sk_buff *skb, struct net_device *dev)
1143{
1144 struct mfc6_cache *c;
1145 bool found = false;
1146 int err;
1147
1148 spin_lock_bh(&mfc_unres_lock);
1149 list_for_each_entry(c, &mrt->mfc_unres_queue, _c.list) {
1150 if (ipv6_addr_equal(&c->mf6c_mcastgrp, &ipv6_hdr(skb)->daddr) &&
1151 ipv6_addr_equal(&c->mf6c_origin, &ipv6_hdr(skb)->saddr)) {
1152 found = true;
1153 break;
1154 }
1155 }
1156
1157 if (!found) {
1158 /*
1159 * Create a new entry if allowable
1160 */
1161
1162 c = ip6mr_cache_alloc_unres();
1163 if (!c) {
1164 spin_unlock_bh(&mfc_unres_lock);
1165
1166 kfree_skb(skb);
1167 return -ENOBUFS;
1168 }
1169
1170 /* Fill in the new cache entry */
1171 c->_c.mfc_parent = -1;
1172 c->mf6c_origin = ipv6_hdr(skb)->saddr;
1173 c->mf6c_mcastgrp = ipv6_hdr(skb)->daddr;
1174
1175 /*
1176 * Reflect first query at pim6sd
1177 */
1178 err = ip6mr_cache_report(mrt, skb, mifi, MRT6MSG_NOCACHE);
1179 if (err < 0) {
1180 /* If the report failed throw the cache entry
1181 out - Brad Parker
1182 */
1183 spin_unlock_bh(&mfc_unres_lock);
1184
1185 ip6mr_cache_free(c);
1186 kfree_skb(skb);
1187 return err;
1188 }
1189
1190 atomic_inc(&mrt->cache_resolve_queue_len);
1191 list_add(&c->_c.list, &mrt->mfc_unres_queue);
1192 mr6_netlink_event(mrt, c, RTM_NEWROUTE);
1193
1194 ipmr_do_expire_process(mrt);
1195 }
1196
1197 /* See if we can append the packet */
1198 if (c->_c.mfc_un.unres.unresolved.qlen > 3) {
1199 kfree_skb(skb);
1200 err = -ENOBUFS;
1201 } else {
1202 if (dev) {
1203 skb->dev = dev;
1204 skb->skb_iif = dev->ifindex;
1205 }
1206 skb_queue_tail(&c->_c.mfc_un.unres.unresolved, skb);
1207 err = 0;
1208 }
1209
1210 spin_unlock_bh(&mfc_unres_lock);
1211 return err;
1212}
1213
1214/*
1215 * MFC6 cache manipulation by user space
1216 */
1217
1218static int ip6mr_mfc_delete(struct mr_table *mrt, struct mf6cctl *mfc,
1219 int parent)
1220{
1221 struct mfc6_cache *c;
1222
1223 /* The entries are added/deleted only under RTNL */
1224 rcu_read_lock();
1225 c = ip6mr_cache_find_parent(mrt, &mfc->mf6cc_origin.sin6_addr,
1226 &mfc->mf6cc_mcastgrp.sin6_addr, parent);
1227 rcu_read_unlock();
1228 if (!c)
1229 return -ENOENT;
1230 rhltable_remove(&mrt->mfc_hash, &c->_c.mnode, ip6mr_rht_params);
1231 list_del_rcu(&c->_c.list);
1232
1233 call_ip6mr_mfc_entry_notifiers(read_pnet(&mrt->net),
1234 FIB_EVENT_ENTRY_DEL, c, mrt->id);
1235 mr6_netlink_event(mrt, c, RTM_DELROUTE);
1236 mr_cache_put(&c->_c);
1237 return 0;
1238}
1239
1240static int ip6mr_device_event(struct notifier_block *this,
1241 unsigned long event, void *ptr)
1242{
1243 struct net_device *dev = netdev_notifier_info_to_dev(ptr);
1244 struct net *net = dev_net(dev);
1245 struct mr_table *mrt;
1246 struct vif_device *v;
1247 int ct;
1248
1249 if (event != NETDEV_UNREGISTER)
1250 return NOTIFY_DONE;
1251
1252 ip6mr_for_each_table(mrt, net) {
1253 v = &mrt->vif_table[0];
1254 for (ct = 0; ct < mrt->maxvif; ct++, v++) {
1255 if (rcu_access_pointer(v->dev) == dev)
1256 mif6_delete(mrt, ct, 1, NULL);
1257 }
1258 }
1259
1260 return NOTIFY_DONE;
1261}
1262
1263static unsigned int ip6mr_seq_read(struct net *net)
1264{
1265 ASSERT_RTNL();
1266
1267 return net->ipv6.ipmr_seq + ip6mr_rules_seq_read(net);
1268}
1269
1270static int ip6mr_dump(struct net *net, struct notifier_block *nb,
1271 struct netlink_ext_ack *extack)
1272{
1273 return mr_dump(net, nb, RTNL_FAMILY_IP6MR, ip6mr_rules_dump,
1274 ip6mr_mr_table_iter, extack);
1275}
1276
1277static struct notifier_block ip6_mr_notifier = {
1278 .notifier_call = ip6mr_device_event
1279};
1280
1281static const struct fib_notifier_ops ip6mr_notifier_ops_template = {
1282 .family = RTNL_FAMILY_IP6MR,
1283 .fib_seq_read = ip6mr_seq_read,
1284 .fib_dump = ip6mr_dump,
1285 .owner = THIS_MODULE,
1286};
1287
1288static int __net_init ip6mr_notifier_init(struct net *net)
1289{
1290 struct fib_notifier_ops *ops;
1291
1292 net->ipv6.ipmr_seq = 0;
1293
1294 ops = fib_notifier_ops_register(&ip6mr_notifier_ops_template, net);
1295 if (IS_ERR(ops))
1296 return PTR_ERR(ops);
1297
1298 net->ipv6.ip6mr_notifier_ops = ops;
1299
1300 return 0;
1301}
1302
1303static void __net_exit ip6mr_notifier_exit(struct net *net)
1304{
1305 fib_notifier_ops_unregister(net->ipv6.ip6mr_notifier_ops);
1306 net->ipv6.ip6mr_notifier_ops = NULL;
1307}
1308
1309/* Setup for IP multicast routing */
1310static int __net_init ip6mr_net_init(struct net *net)
1311{
1312 int err;
1313
1314 err = ip6mr_notifier_init(net);
1315 if (err)
1316 return err;
1317
1318 err = ip6mr_rules_init(net);
1319 if (err < 0)
1320 goto ip6mr_rules_fail;
1321
1322#ifdef CONFIG_PROC_FS
1323 err = -ENOMEM;
1324 if (!proc_create_net("ip6_mr_vif", 0, net->proc_net, &ip6mr_vif_seq_ops,
1325 sizeof(struct mr_vif_iter)))
1326 goto proc_vif_fail;
1327 if (!proc_create_net("ip6_mr_cache", 0, net->proc_net, &ipmr_mfc_seq_ops,
1328 sizeof(struct mr_mfc_iter)))
1329 goto proc_cache_fail;
1330#endif
1331
1332 return 0;
1333
1334#ifdef CONFIG_PROC_FS
1335proc_cache_fail:
1336 remove_proc_entry("ip6_mr_vif", net->proc_net);
1337proc_vif_fail:
1338 rtnl_lock();
1339 ip6mr_rules_exit(net);
1340 rtnl_unlock();
1341#endif
1342ip6mr_rules_fail:
1343 ip6mr_notifier_exit(net);
1344 return err;
1345}
1346
1347static void __net_exit ip6mr_net_exit(struct net *net)
1348{
1349#ifdef CONFIG_PROC_FS
1350 remove_proc_entry("ip6_mr_cache", net->proc_net);
1351 remove_proc_entry("ip6_mr_vif", net->proc_net);
1352#endif
1353 ip6mr_notifier_exit(net);
1354}
1355
1356static void __net_exit ip6mr_net_exit_batch(struct list_head *net_list)
1357{
1358 struct net *net;
1359
1360 rtnl_lock();
1361 list_for_each_entry(net, net_list, exit_list)
1362 ip6mr_rules_exit(net);
1363 rtnl_unlock();
1364}
1365
1366static struct pernet_operations ip6mr_net_ops = {
1367 .init = ip6mr_net_init,
1368 .exit = ip6mr_net_exit,
1369 .exit_batch = ip6mr_net_exit_batch,
1370};
1371
1372int __init ip6_mr_init(void)
1373{
1374 int err;
1375
1376 mrt_cachep = kmem_cache_create("ip6_mrt_cache",
1377 sizeof(struct mfc6_cache),
1378 0, SLAB_HWCACHE_ALIGN,
1379 NULL);
1380 if (!mrt_cachep)
1381 return -ENOMEM;
1382
1383 err = register_pernet_subsys(&ip6mr_net_ops);
1384 if (err)
1385 goto reg_pernet_fail;
1386
1387 err = register_netdevice_notifier(&ip6_mr_notifier);
1388 if (err)
1389 goto reg_notif_fail;
1390#ifdef CONFIG_IPV6_PIMSM_V2
1391 if (inet6_add_protocol(&pim6_protocol, IPPROTO_PIM) < 0) {
1392 pr_err("%s: can't add PIM protocol\n", __func__);
1393 err = -EAGAIN;
1394 goto add_proto_fail;
1395 }
1396#endif
1397 err = rtnl_register_module(THIS_MODULE, RTNL_FAMILY_IP6MR, RTM_GETROUTE,
1398 ip6mr_rtm_getroute, ip6mr_rtm_dumproute, 0);
1399 if (err == 0)
1400 return 0;
1401
1402#ifdef CONFIG_IPV6_PIMSM_V2
1403 inet6_del_protocol(&pim6_protocol, IPPROTO_PIM);
1404add_proto_fail:
1405 unregister_netdevice_notifier(&ip6_mr_notifier);
1406#endif
1407reg_notif_fail:
1408 unregister_pernet_subsys(&ip6mr_net_ops);
1409reg_pernet_fail:
1410 kmem_cache_destroy(mrt_cachep);
1411 return err;
1412}
1413
1414void ip6_mr_cleanup(void)
1415{
1416 rtnl_unregister(RTNL_FAMILY_IP6MR, RTM_GETROUTE);
1417#ifdef CONFIG_IPV6_PIMSM_V2
1418 inet6_del_protocol(&pim6_protocol, IPPROTO_PIM);
1419#endif
1420 unregister_netdevice_notifier(&ip6_mr_notifier);
1421 unregister_pernet_subsys(&ip6mr_net_ops);
1422 kmem_cache_destroy(mrt_cachep);
1423}
1424
1425static int ip6mr_mfc_add(struct net *net, struct mr_table *mrt,
1426 struct mf6cctl *mfc, int mrtsock, int parent)
1427{
1428 unsigned char ttls[MAXMIFS];
1429 struct mfc6_cache *uc, *c;
1430 struct mr_mfc *_uc;
1431 bool found;
1432 int i, err;
1433
1434 if (mfc->mf6cc_parent >= MAXMIFS)
1435 return -ENFILE;
1436
1437 memset(ttls, 255, MAXMIFS);
1438 for (i = 0; i < MAXMIFS; i++) {
1439 if (IF_ISSET(i, &mfc->mf6cc_ifset))
1440 ttls[i] = 1;
1441 }
1442
1443 /* The entries are added/deleted only under RTNL */
1444 rcu_read_lock();
1445 c = ip6mr_cache_find_parent(mrt, &mfc->mf6cc_origin.sin6_addr,
1446 &mfc->mf6cc_mcastgrp.sin6_addr, parent);
1447 rcu_read_unlock();
1448 if (c) {
1449 spin_lock(&mrt_lock);
1450 c->_c.mfc_parent = mfc->mf6cc_parent;
1451 ip6mr_update_thresholds(mrt, &c->_c, ttls);
1452 if (!mrtsock)
1453 c->_c.mfc_flags |= MFC_STATIC;
1454 spin_unlock(&mrt_lock);
1455 call_ip6mr_mfc_entry_notifiers(net, FIB_EVENT_ENTRY_REPLACE,
1456 c, mrt->id);
1457 mr6_netlink_event(mrt, c, RTM_NEWROUTE);
1458 return 0;
1459 }
1460
1461 if (!ipv6_addr_any(&mfc->mf6cc_mcastgrp.sin6_addr) &&
1462 !ipv6_addr_is_multicast(&mfc->mf6cc_mcastgrp.sin6_addr))
1463 return -EINVAL;
1464
1465 c = ip6mr_cache_alloc();
1466 if (!c)
1467 return -ENOMEM;
1468
1469 c->mf6c_origin = mfc->mf6cc_origin.sin6_addr;
1470 c->mf6c_mcastgrp = mfc->mf6cc_mcastgrp.sin6_addr;
1471 c->_c.mfc_parent = mfc->mf6cc_parent;
1472 ip6mr_update_thresholds(mrt, &c->_c, ttls);
1473 if (!mrtsock)
1474 c->_c.mfc_flags |= MFC_STATIC;
1475
1476 err = rhltable_insert_key(&mrt->mfc_hash, &c->cmparg, &c->_c.mnode,
1477 ip6mr_rht_params);
1478 if (err) {
1479 pr_err("ip6mr: rhtable insert error %d\n", err);
1480 ip6mr_cache_free(c);
1481 return err;
1482 }
1483 list_add_tail_rcu(&c->_c.list, &mrt->mfc_cache_list);
1484
1485 /* Check to see if we resolved a queued list. If so we
1486 * need to send on the frames and tidy up.
1487 */
1488 found = false;
1489 spin_lock_bh(&mfc_unres_lock);
1490 list_for_each_entry(_uc, &mrt->mfc_unres_queue, list) {
1491 uc = (struct mfc6_cache *)_uc;
1492 if (ipv6_addr_equal(&uc->mf6c_origin, &c->mf6c_origin) &&
1493 ipv6_addr_equal(&uc->mf6c_mcastgrp, &c->mf6c_mcastgrp)) {
1494 list_del(&_uc->list);
1495 atomic_dec(&mrt->cache_resolve_queue_len);
1496 found = true;
1497 break;
1498 }
1499 }
1500 if (list_empty(&mrt->mfc_unres_queue))
1501 del_timer(&mrt->ipmr_expire_timer);
1502 spin_unlock_bh(&mfc_unres_lock);
1503
1504 if (found) {
1505 ip6mr_cache_resolve(net, mrt, uc, c);
1506 ip6mr_cache_free(uc);
1507 }
1508 call_ip6mr_mfc_entry_notifiers(net, FIB_EVENT_ENTRY_ADD,
1509 c, mrt->id);
1510 mr6_netlink_event(mrt, c, RTM_NEWROUTE);
1511 return 0;
1512}
1513
1514/*
1515 * Close the multicast socket, and clear the vif tables etc
1516 */
1517
1518static void mroute_clean_tables(struct mr_table *mrt, int flags)
1519{
1520 struct mr_mfc *c, *tmp;
1521 LIST_HEAD(list);
1522 int i;
1523
1524 /* Shut down all active vif entries */
1525 if (flags & (MRT6_FLUSH_MIFS | MRT6_FLUSH_MIFS_STATIC)) {
1526 for (i = 0; i < mrt->maxvif; i++) {
1527 if (((mrt->vif_table[i].flags & VIFF_STATIC) &&
1528 !(flags & MRT6_FLUSH_MIFS_STATIC)) ||
1529 (!(mrt->vif_table[i].flags & VIFF_STATIC) && !(flags & MRT6_FLUSH_MIFS)))
1530 continue;
1531 mif6_delete(mrt, i, 0, &list);
1532 }
1533 unregister_netdevice_many(&list);
1534 }
1535
1536 /* Wipe the cache */
1537 if (flags & (MRT6_FLUSH_MFC | MRT6_FLUSH_MFC_STATIC)) {
1538 list_for_each_entry_safe(c, tmp, &mrt->mfc_cache_list, list) {
1539 if (((c->mfc_flags & MFC_STATIC) && !(flags & MRT6_FLUSH_MFC_STATIC)) ||
1540 (!(c->mfc_flags & MFC_STATIC) && !(flags & MRT6_FLUSH_MFC)))
1541 continue;
1542 rhltable_remove(&mrt->mfc_hash, &c->mnode, ip6mr_rht_params);
1543 list_del_rcu(&c->list);
1544 call_ip6mr_mfc_entry_notifiers(read_pnet(&mrt->net),
1545 FIB_EVENT_ENTRY_DEL,
1546 (struct mfc6_cache *)c, mrt->id);
1547 mr6_netlink_event(mrt, (struct mfc6_cache *)c, RTM_DELROUTE);
1548 mr_cache_put(c);
1549 }
1550 }
1551
1552 if (flags & MRT6_FLUSH_MFC) {
1553 if (atomic_read(&mrt->cache_resolve_queue_len) != 0) {
1554 spin_lock_bh(&mfc_unres_lock);
1555 list_for_each_entry_safe(c, tmp, &mrt->mfc_unres_queue, list) {
1556 list_del(&c->list);
1557 mr6_netlink_event(mrt, (struct mfc6_cache *)c,
1558 RTM_DELROUTE);
1559 ip6mr_destroy_unres(mrt, (struct mfc6_cache *)c);
1560 }
1561 spin_unlock_bh(&mfc_unres_lock);
1562 }
1563 }
1564}
1565
1566static int ip6mr_sk_init(struct mr_table *mrt, struct sock *sk)
1567{
1568 int err = 0;
1569 struct net *net = sock_net(sk);
1570
1571 rtnl_lock();
1572 spin_lock(&mrt_lock);
1573 if (rtnl_dereference(mrt->mroute_sk)) {
1574 err = -EADDRINUSE;
1575 } else {
1576 rcu_assign_pointer(mrt->mroute_sk, sk);
1577 sock_set_flag(sk, SOCK_RCU_FREE);
1578 atomic_inc(&net->ipv6.devconf_all->mc_forwarding);
1579 }
1580 spin_unlock(&mrt_lock);
1581
1582 if (!err)
1583 inet6_netconf_notify_devconf(net, RTM_NEWNETCONF,
1584 NETCONFA_MC_FORWARDING,
1585 NETCONFA_IFINDEX_ALL,
1586 net->ipv6.devconf_all);
1587 rtnl_unlock();
1588
1589 return err;
1590}
1591
1592int ip6mr_sk_done(struct sock *sk)
1593{
1594 struct net *net = sock_net(sk);
1595 struct ipv6_devconf *devconf;
1596 struct mr_table *mrt;
1597 int err = -EACCES;
1598
1599 if (sk->sk_type != SOCK_RAW ||
1600 inet_sk(sk)->inet_num != IPPROTO_ICMPV6)
1601 return err;
1602
1603 devconf = net->ipv6.devconf_all;
1604 if (!devconf || !atomic_read(&devconf->mc_forwarding))
1605 return err;
1606
1607 rtnl_lock();
1608 ip6mr_for_each_table(mrt, net) {
1609 if (sk == rtnl_dereference(mrt->mroute_sk)) {
1610 spin_lock(&mrt_lock);
1611 RCU_INIT_POINTER(mrt->mroute_sk, NULL);
1612 /* Note that mroute_sk had SOCK_RCU_FREE set,
1613 * so the RCU grace period before sk freeing
1614 * is guaranteed by sk_destruct()
1615 */
1616 atomic_dec(&devconf->mc_forwarding);
1617 spin_unlock(&mrt_lock);
1618 inet6_netconf_notify_devconf(net, RTM_NEWNETCONF,
1619 NETCONFA_MC_FORWARDING,
1620 NETCONFA_IFINDEX_ALL,
1621 net->ipv6.devconf_all);
1622
1623 mroute_clean_tables(mrt, MRT6_FLUSH_MIFS | MRT6_FLUSH_MFC);
1624 err = 0;
1625 break;
1626 }
1627 }
1628 rtnl_unlock();
1629
1630 return err;
1631}
1632
1633bool mroute6_is_socket(struct net *net, struct sk_buff *skb)
1634{
1635 struct mr_table *mrt;
1636 struct flowi6 fl6 = {
1637 .flowi6_iif = skb->skb_iif ? : LOOPBACK_IFINDEX,
1638 .flowi6_oif = skb->dev->ifindex,
1639 .flowi6_mark = skb->mark,
1640 };
1641
1642 if (ip6mr_fib_lookup(net, &fl6, &mrt) < 0)
1643 return NULL;
1644
1645 return rcu_access_pointer(mrt->mroute_sk);
1646}
1647EXPORT_SYMBOL(mroute6_is_socket);
1648
1649/*
1650 * Socket options and virtual interface manipulation. The whole
1651 * virtual interface system is a complete heap, but unfortunately
1652 * that's how BSD mrouted happens to think. Maybe one day with a proper
1653 * MOSPF/PIM router set up we can clean this up.
1654 */
1655
1656int ip6_mroute_setsockopt(struct sock *sk, int optname, sockptr_t optval,
1657 unsigned int optlen)
1658{
1659 int ret, parent = 0;
1660 struct mif6ctl vif;
1661 struct mf6cctl mfc;
1662 mifi_t mifi;
1663 struct net *net = sock_net(sk);
1664 struct mr_table *mrt;
1665
1666 if (sk->sk_type != SOCK_RAW ||
1667 inet_sk(sk)->inet_num != IPPROTO_ICMPV6)
1668 return -EOPNOTSUPP;
1669
1670 mrt = ip6mr_get_table(net, raw6_sk(sk)->ip6mr_table ? : RT6_TABLE_DFLT);
1671 if (!mrt)
1672 return -ENOENT;
1673
1674 if (optname != MRT6_INIT) {
1675 if (sk != rcu_access_pointer(mrt->mroute_sk) &&
1676 !ns_capable(net->user_ns, CAP_NET_ADMIN))
1677 return -EACCES;
1678 }
1679
1680 switch (optname) {
1681 case MRT6_INIT:
1682 if (optlen < sizeof(int))
1683 return -EINVAL;
1684
1685 return ip6mr_sk_init(mrt, sk);
1686
1687 case MRT6_DONE:
1688 return ip6mr_sk_done(sk);
1689
1690 case MRT6_ADD_MIF:
1691 if (optlen < sizeof(vif))
1692 return -EINVAL;
1693 if (copy_from_sockptr(&vif, optval, sizeof(vif)))
1694 return -EFAULT;
1695 if (vif.mif6c_mifi >= MAXMIFS)
1696 return -ENFILE;
1697 rtnl_lock();
1698 ret = mif6_add(net, mrt, &vif,
1699 sk == rtnl_dereference(mrt->mroute_sk));
1700 rtnl_unlock();
1701 return ret;
1702
1703 case MRT6_DEL_MIF:
1704 if (optlen < sizeof(mifi_t))
1705 return -EINVAL;
1706 if (copy_from_sockptr(&mifi, optval, sizeof(mifi_t)))
1707 return -EFAULT;
1708 rtnl_lock();
1709 ret = mif6_delete(mrt, mifi, 0, NULL);
1710 rtnl_unlock();
1711 return ret;
1712
1713 /*
1714 * Manipulate the forwarding caches. These live
1715 * in a sort of kernel/user symbiosis.
1716 */
1717 case MRT6_ADD_MFC:
1718 case MRT6_DEL_MFC:
1719 parent = -1;
1720 fallthrough;
1721 case MRT6_ADD_MFC_PROXY:
1722 case MRT6_DEL_MFC_PROXY:
1723 if (optlen < sizeof(mfc))
1724 return -EINVAL;
1725 if (copy_from_sockptr(&mfc, optval, sizeof(mfc)))
1726 return -EFAULT;
1727 if (parent == 0)
1728 parent = mfc.mf6cc_parent;
1729 rtnl_lock();
1730 if (optname == MRT6_DEL_MFC || optname == MRT6_DEL_MFC_PROXY)
1731 ret = ip6mr_mfc_delete(mrt, &mfc, parent);
1732 else
1733 ret = ip6mr_mfc_add(net, mrt, &mfc,
1734 sk ==
1735 rtnl_dereference(mrt->mroute_sk),
1736 parent);
1737 rtnl_unlock();
1738 return ret;
1739
1740 case MRT6_FLUSH:
1741 {
1742 int flags;
1743
1744 if (optlen != sizeof(flags))
1745 return -EINVAL;
1746 if (copy_from_sockptr(&flags, optval, sizeof(flags)))
1747 return -EFAULT;
1748 rtnl_lock();
1749 mroute_clean_tables(mrt, flags);
1750 rtnl_unlock();
1751 return 0;
1752 }
1753
1754 /*
1755 * Control PIM assert (to activate pim will activate assert)
1756 */
1757 case MRT6_ASSERT:
1758 {
1759 int v;
1760
1761 if (optlen != sizeof(v))
1762 return -EINVAL;
1763 if (copy_from_sockptr(&v, optval, sizeof(v)))
1764 return -EFAULT;
1765 mrt->mroute_do_assert = v;
1766 return 0;
1767 }
1768
1769#ifdef CONFIG_IPV6_PIMSM_V2
1770 case MRT6_PIM:
1771 {
1772 bool do_wrmifwhole;
1773 int v;
1774
1775 if (optlen != sizeof(v))
1776 return -EINVAL;
1777 if (copy_from_sockptr(&v, optval, sizeof(v)))
1778 return -EFAULT;
1779
1780 do_wrmifwhole = (v == MRT6MSG_WRMIFWHOLE);
1781 v = !!v;
1782 rtnl_lock();
1783 ret = 0;
1784 if (v != mrt->mroute_do_pim) {
1785 mrt->mroute_do_pim = v;
1786 mrt->mroute_do_assert = v;
1787 mrt->mroute_do_wrvifwhole = do_wrmifwhole;
1788 }
1789 rtnl_unlock();
1790 return ret;
1791 }
1792
1793#endif
1794#ifdef CONFIG_IPV6_MROUTE_MULTIPLE_TABLES
1795 case MRT6_TABLE:
1796 {
1797 u32 v;
1798
1799 if (optlen != sizeof(u32))
1800 return -EINVAL;
1801 if (copy_from_sockptr(&v, optval, sizeof(v)))
1802 return -EFAULT;
1803 /* "pim6reg%u" should not exceed 16 bytes (IFNAMSIZ) */
1804 if (v != RT_TABLE_DEFAULT && v >= 100000000)
1805 return -EINVAL;
1806 if (sk == rcu_access_pointer(mrt->mroute_sk))
1807 return -EBUSY;
1808
1809 rtnl_lock();
1810 ret = 0;
1811 mrt = ip6mr_new_table(net, v);
1812 if (IS_ERR(mrt))
1813 ret = PTR_ERR(mrt);
1814 else
1815 raw6_sk(sk)->ip6mr_table = v;
1816 rtnl_unlock();
1817 return ret;
1818 }
1819#endif
1820 /*
1821 * Spurious command, or MRT6_VERSION which you cannot
1822 * set.
1823 */
1824 default:
1825 return -ENOPROTOOPT;
1826 }
1827}
1828
1829/*
1830 * Getsock opt support for the multicast routing system.
1831 */
1832
1833int ip6_mroute_getsockopt(struct sock *sk, int optname, sockptr_t optval,
1834 sockptr_t optlen)
1835{
1836 int olr;
1837 int val;
1838 struct net *net = sock_net(sk);
1839 struct mr_table *mrt;
1840
1841 if (sk->sk_type != SOCK_RAW ||
1842 inet_sk(sk)->inet_num != IPPROTO_ICMPV6)
1843 return -EOPNOTSUPP;
1844
1845 mrt = ip6mr_get_table(net, raw6_sk(sk)->ip6mr_table ? : RT6_TABLE_DFLT);
1846 if (!mrt)
1847 return -ENOENT;
1848
1849 switch (optname) {
1850 case MRT6_VERSION:
1851 val = 0x0305;
1852 break;
1853#ifdef CONFIG_IPV6_PIMSM_V2
1854 case MRT6_PIM:
1855 val = mrt->mroute_do_pim;
1856 break;
1857#endif
1858 case MRT6_ASSERT:
1859 val = mrt->mroute_do_assert;
1860 break;
1861 default:
1862 return -ENOPROTOOPT;
1863 }
1864
1865 if (copy_from_sockptr(&olr, optlen, sizeof(int)))
1866 return -EFAULT;
1867
1868 olr = min_t(int, olr, sizeof(int));
1869 if (olr < 0)
1870 return -EINVAL;
1871
1872 if (copy_to_sockptr(optlen, &olr, sizeof(int)))
1873 return -EFAULT;
1874 if (copy_to_sockptr(optval, &val, olr))
1875 return -EFAULT;
1876 return 0;
1877}
1878
1879/*
1880 * The IP multicast ioctl support routines.
1881 */
1882
1883int ip6mr_ioctl(struct sock *sk, int cmd, void __user *arg)
1884{
1885 struct sioc_sg_req6 sr;
1886 struct sioc_mif_req6 vr;
1887 struct vif_device *vif;
1888 struct mfc6_cache *c;
1889 struct net *net = sock_net(sk);
1890 struct mr_table *mrt;
1891
1892 mrt = ip6mr_get_table(net, raw6_sk(sk)->ip6mr_table ? : RT6_TABLE_DFLT);
1893 if (!mrt)
1894 return -ENOENT;
1895
1896 switch (cmd) {
1897 case SIOCGETMIFCNT_IN6:
1898 if (copy_from_user(&vr, arg, sizeof(vr)))
1899 return -EFAULT;
1900 if (vr.mifi >= mrt->maxvif)
1901 return -EINVAL;
1902 vr.mifi = array_index_nospec(vr.mifi, mrt->maxvif);
1903 rcu_read_lock();
1904 vif = &mrt->vif_table[vr.mifi];
1905 if (VIF_EXISTS(mrt, vr.mifi)) {
1906 vr.icount = READ_ONCE(vif->pkt_in);
1907 vr.ocount = READ_ONCE(vif->pkt_out);
1908 vr.ibytes = READ_ONCE(vif->bytes_in);
1909 vr.obytes = READ_ONCE(vif->bytes_out);
1910 rcu_read_unlock();
1911
1912 if (copy_to_user(arg, &vr, sizeof(vr)))
1913 return -EFAULT;
1914 return 0;
1915 }
1916 rcu_read_unlock();
1917 return -EADDRNOTAVAIL;
1918 case SIOCGETSGCNT_IN6:
1919 if (copy_from_user(&sr, arg, sizeof(sr)))
1920 return -EFAULT;
1921
1922 rcu_read_lock();
1923 c = ip6mr_cache_find(mrt, &sr.src.sin6_addr, &sr.grp.sin6_addr);
1924 if (c) {
1925 sr.pktcnt = c->_c.mfc_un.res.pkt;
1926 sr.bytecnt = c->_c.mfc_un.res.bytes;
1927 sr.wrong_if = c->_c.mfc_un.res.wrong_if;
1928 rcu_read_unlock();
1929
1930 if (copy_to_user(arg, &sr, sizeof(sr)))
1931 return -EFAULT;
1932 return 0;
1933 }
1934 rcu_read_unlock();
1935 return -EADDRNOTAVAIL;
1936 default:
1937 return -ENOIOCTLCMD;
1938 }
1939}
1940
1941#ifdef CONFIG_COMPAT
1942struct compat_sioc_sg_req6 {
1943 struct sockaddr_in6 src;
1944 struct sockaddr_in6 grp;
1945 compat_ulong_t pktcnt;
1946 compat_ulong_t bytecnt;
1947 compat_ulong_t wrong_if;
1948};
1949
1950struct compat_sioc_mif_req6 {
1951 mifi_t mifi;
1952 compat_ulong_t icount;
1953 compat_ulong_t ocount;
1954 compat_ulong_t ibytes;
1955 compat_ulong_t obytes;
1956};
1957
1958int ip6mr_compat_ioctl(struct sock *sk, unsigned int cmd, void __user *arg)
1959{
1960 struct compat_sioc_sg_req6 sr;
1961 struct compat_sioc_mif_req6 vr;
1962 struct vif_device *vif;
1963 struct mfc6_cache *c;
1964 struct net *net = sock_net(sk);
1965 struct mr_table *mrt;
1966
1967 mrt = ip6mr_get_table(net, raw6_sk(sk)->ip6mr_table ? : RT6_TABLE_DFLT);
1968 if (!mrt)
1969 return -ENOENT;
1970
1971 switch (cmd) {
1972 case SIOCGETMIFCNT_IN6:
1973 if (copy_from_user(&vr, arg, sizeof(vr)))
1974 return -EFAULT;
1975 if (vr.mifi >= mrt->maxvif)
1976 return -EINVAL;
1977 vr.mifi = array_index_nospec(vr.mifi, mrt->maxvif);
1978 rcu_read_lock();
1979 vif = &mrt->vif_table[vr.mifi];
1980 if (VIF_EXISTS(mrt, vr.mifi)) {
1981 vr.icount = READ_ONCE(vif->pkt_in);
1982 vr.ocount = READ_ONCE(vif->pkt_out);
1983 vr.ibytes = READ_ONCE(vif->bytes_in);
1984 vr.obytes = READ_ONCE(vif->bytes_out);
1985 rcu_read_unlock();
1986
1987 if (copy_to_user(arg, &vr, sizeof(vr)))
1988 return -EFAULT;
1989 return 0;
1990 }
1991 rcu_read_unlock();
1992 return -EADDRNOTAVAIL;
1993 case SIOCGETSGCNT_IN6:
1994 if (copy_from_user(&sr, arg, sizeof(sr)))
1995 return -EFAULT;
1996
1997 rcu_read_lock();
1998 c = ip6mr_cache_find(mrt, &sr.src.sin6_addr, &sr.grp.sin6_addr);
1999 if (c) {
2000 sr.pktcnt = c->_c.mfc_un.res.pkt;
2001 sr.bytecnt = c->_c.mfc_un.res.bytes;
2002 sr.wrong_if = c->_c.mfc_un.res.wrong_if;
2003 rcu_read_unlock();
2004
2005 if (copy_to_user(arg, &sr, sizeof(sr)))
2006 return -EFAULT;
2007 return 0;
2008 }
2009 rcu_read_unlock();
2010 return -EADDRNOTAVAIL;
2011 default:
2012 return -ENOIOCTLCMD;
2013 }
2014}
2015#endif
2016
2017static inline int ip6mr_forward2_finish(struct net *net, struct sock *sk, struct sk_buff *skb)
2018{
2019 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
2020 IPSTATS_MIB_OUTFORWDATAGRAMS);
2021 IP6_ADD_STATS(net, ip6_dst_idev(skb_dst(skb)),
2022 IPSTATS_MIB_OUTOCTETS, skb->len);
2023 return dst_output(net, sk, skb);
2024}
2025
2026/*
2027 * Processing handlers for ip6mr_forward
2028 */
2029
2030static int ip6mr_forward2(struct net *net, struct mr_table *mrt,
2031 struct sk_buff *skb, int vifi)
2032{
2033 struct vif_device *vif = &mrt->vif_table[vifi];
2034 struct net_device *vif_dev;
2035 struct ipv6hdr *ipv6h;
2036 struct dst_entry *dst;
2037 struct flowi6 fl6;
2038
2039 vif_dev = vif_dev_read(vif);
2040 if (!vif_dev)
2041 goto out_free;
2042
2043#ifdef CONFIG_IPV6_PIMSM_V2
2044 if (vif->flags & MIFF_REGISTER) {
2045 WRITE_ONCE(vif->pkt_out, vif->pkt_out + 1);
2046 WRITE_ONCE(vif->bytes_out, vif->bytes_out + skb->len);
2047 DEV_STATS_ADD(vif_dev, tx_bytes, skb->len);
2048 DEV_STATS_INC(vif_dev, tx_packets);
2049 ip6mr_cache_report(mrt, skb, vifi, MRT6MSG_WHOLEPKT);
2050 goto out_free;
2051 }
2052#endif
2053
2054 ipv6h = ipv6_hdr(skb);
2055
2056 fl6 = (struct flowi6) {
2057 .flowi6_oif = vif->link,
2058 .daddr = ipv6h->daddr,
2059 };
2060
2061 dst = ip6_route_output(net, NULL, &fl6);
2062 if (dst->error) {
2063 dst_release(dst);
2064 goto out_free;
2065 }
2066
2067 skb_dst_drop(skb);
2068 skb_dst_set(skb, dst);
2069
2070 /*
2071 * RFC1584 teaches, that DVMRP/PIM router must deliver packets locally
2072 * not only before forwarding, but after forwarding on all output
2073 * interfaces. It is clear, if mrouter runs a multicasting
2074 * program, it should receive packets not depending to what interface
2075 * program is joined.
2076 * If we will not make it, the program will have to join on all
2077 * interfaces. On the other hand, multihoming host (or router, but
2078 * not mrouter) cannot join to more than one interface - it will
2079 * result in receiving multiple packets.
2080 */
2081 skb->dev = vif_dev;
2082 WRITE_ONCE(vif->pkt_out, vif->pkt_out + 1);
2083 WRITE_ONCE(vif->bytes_out, vif->bytes_out + skb->len);
2084
2085 /* We are about to write */
2086 /* XXX: extension headers? */
2087 if (skb_cow(skb, sizeof(*ipv6h) + LL_RESERVED_SPACE(vif_dev)))
2088 goto out_free;
2089
2090 ipv6h = ipv6_hdr(skb);
2091 ipv6h->hop_limit--;
2092
2093 IP6CB(skb)->flags |= IP6SKB_FORWARDED;
2094
2095 return NF_HOOK(NFPROTO_IPV6, NF_INET_FORWARD,
2096 net, NULL, skb, skb->dev, vif_dev,
2097 ip6mr_forward2_finish);
2098
2099out_free:
2100 kfree_skb(skb);
2101 return 0;
2102}
2103
2104/* Called with rcu_read_lock() */
2105static int ip6mr_find_vif(struct mr_table *mrt, struct net_device *dev)
2106{
2107 int ct;
2108
2109 /* Pairs with WRITE_ONCE() in mif6_delete()/mif6_add() */
2110 for (ct = READ_ONCE(mrt->maxvif) - 1; ct >= 0; ct--) {
2111 if (rcu_access_pointer(mrt->vif_table[ct].dev) == dev)
2112 break;
2113 }
2114 return ct;
2115}
2116
2117/* Called under rcu_read_lock() */
2118static void ip6_mr_forward(struct net *net, struct mr_table *mrt,
2119 struct net_device *dev, struct sk_buff *skb,
2120 struct mfc6_cache *c)
2121{
2122 int psend = -1;
2123 int vif, ct;
2124 int true_vifi = ip6mr_find_vif(mrt, dev);
2125
2126 vif = c->_c.mfc_parent;
2127 c->_c.mfc_un.res.pkt++;
2128 c->_c.mfc_un.res.bytes += skb->len;
2129 c->_c.mfc_un.res.lastuse = jiffies;
2130
2131 if (ipv6_addr_any(&c->mf6c_origin) && true_vifi >= 0) {
2132 struct mfc6_cache *cache_proxy;
2133
2134 /* For an (*,G) entry, we only check that the incoming
2135 * interface is part of the static tree.
2136 */
2137 cache_proxy = mr_mfc_find_any_parent(mrt, vif);
2138 if (cache_proxy &&
2139 cache_proxy->_c.mfc_un.res.ttls[true_vifi] < 255)
2140 goto forward;
2141 }
2142
2143 /*
2144 * Wrong interface: drop packet and (maybe) send PIM assert.
2145 */
2146 if (rcu_access_pointer(mrt->vif_table[vif].dev) != dev) {
2147 c->_c.mfc_un.res.wrong_if++;
2148
2149 if (true_vifi >= 0 && mrt->mroute_do_assert &&
2150 /* pimsm uses asserts, when switching from RPT to SPT,
2151 so that we cannot check that packet arrived on an oif.
2152 It is bad, but otherwise we would need to move pretty
2153 large chunk of pimd to kernel. Ough... --ANK
2154 */
2155 (mrt->mroute_do_pim ||
2156 c->_c.mfc_un.res.ttls[true_vifi] < 255) &&
2157 time_after(jiffies,
2158 c->_c.mfc_un.res.last_assert +
2159 MFC_ASSERT_THRESH)) {
2160 c->_c.mfc_un.res.last_assert = jiffies;
2161 ip6mr_cache_report(mrt, skb, true_vifi, MRT6MSG_WRONGMIF);
2162 if (mrt->mroute_do_wrvifwhole)
2163 ip6mr_cache_report(mrt, skb, true_vifi,
2164 MRT6MSG_WRMIFWHOLE);
2165 }
2166 goto dont_forward;
2167 }
2168
2169forward:
2170 WRITE_ONCE(mrt->vif_table[vif].pkt_in,
2171 mrt->vif_table[vif].pkt_in + 1);
2172 WRITE_ONCE(mrt->vif_table[vif].bytes_in,
2173 mrt->vif_table[vif].bytes_in + skb->len);
2174
2175 /*
2176 * Forward the frame
2177 */
2178 if (ipv6_addr_any(&c->mf6c_origin) &&
2179 ipv6_addr_any(&c->mf6c_mcastgrp)) {
2180 if (true_vifi >= 0 &&
2181 true_vifi != c->_c.mfc_parent &&
2182 ipv6_hdr(skb)->hop_limit >
2183 c->_c.mfc_un.res.ttls[c->_c.mfc_parent]) {
2184 /* It's an (*,*) entry and the packet is not coming from
2185 * the upstream: forward the packet to the upstream
2186 * only.
2187 */
2188 psend = c->_c.mfc_parent;
2189 goto last_forward;
2190 }
2191 goto dont_forward;
2192 }
2193 for (ct = c->_c.mfc_un.res.maxvif - 1;
2194 ct >= c->_c.mfc_un.res.minvif; ct--) {
2195 /* For (*,G) entry, don't forward to the incoming interface */
2196 if ((!ipv6_addr_any(&c->mf6c_origin) || ct != true_vifi) &&
2197 ipv6_hdr(skb)->hop_limit > c->_c.mfc_un.res.ttls[ct]) {
2198 if (psend != -1) {
2199 struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC);
2200 if (skb2)
2201 ip6mr_forward2(net, mrt, skb2, psend);
2202 }
2203 psend = ct;
2204 }
2205 }
2206last_forward:
2207 if (psend != -1) {
2208 ip6mr_forward2(net, mrt, skb, psend);
2209 return;
2210 }
2211
2212dont_forward:
2213 kfree_skb(skb);
2214}
2215
2216
2217/*
2218 * Multicast packets for forwarding arrive here
2219 */
2220
2221int ip6_mr_input(struct sk_buff *skb)
2222{
2223 struct mfc6_cache *cache;
2224 struct net *net = dev_net(skb->dev);
2225 struct mr_table *mrt;
2226 struct flowi6 fl6 = {
2227 .flowi6_iif = skb->dev->ifindex,
2228 .flowi6_mark = skb->mark,
2229 };
2230 int err;
2231 struct net_device *dev;
2232
2233 /* skb->dev passed in is the master dev for vrfs.
2234 * Get the proper interface that does have a vif associated with it.
2235 */
2236 dev = skb->dev;
2237 if (netif_is_l3_master(skb->dev)) {
2238 dev = dev_get_by_index_rcu(net, IPCB(skb)->iif);
2239 if (!dev) {
2240 kfree_skb(skb);
2241 return -ENODEV;
2242 }
2243 }
2244
2245 err = ip6mr_fib_lookup(net, &fl6, &mrt);
2246 if (err < 0) {
2247 kfree_skb(skb);
2248 return err;
2249 }
2250
2251 cache = ip6mr_cache_find(mrt,
2252 &ipv6_hdr(skb)->saddr, &ipv6_hdr(skb)->daddr);
2253 if (!cache) {
2254 int vif = ip6mr_find_vif(mrt, dev);
2255
2256 if (vif >= 0)
2257 cache = ip6mr_cache_find_any(mrt,
2258 &ipv6_hdr(skb)->daddr,
2259 vif);
2260 }
2261
2262 /*
2263 * No usable cache entry
2264 */
2265 if (!cache) {
2266 int vif;
2267
2268 vif = ip6mr_find_vif(mrt, dev);
2269 if (vif >= 0) {
2270 int err = ip6mr_cache_unresolved(mrt, vif, skb, dev);
2271
2272 return err;
2273 }
2274 kfree_skb(skb);
2275 return -ENODEV;
2276 }
2277
2278 ip6_mr_forward(net, mrt, dev, skb, cache);
2279
2280 return 0;
2281}
2282
2283int ip6mr_get_route(struct net *net, struct sk_buff *skb, struct rtmsg *rtm,
2284 u32 portid)
2285{
2286 int err;
2287 struct mr_table *mrt;
2288 struct mfc6_cache *cache;
2289 struct rt6_info *rt = (struct rt6_info *)skb_dst(skb);
2290
2291 mrt = ip6mr_get_table(net, RT6_TABLE_DFLT);
2292 if (!mrt)
2293 return -ENOENT;
2294
2295 rcu_read_lock();
2296 cache = ip6mr_cache_find(mrt, &rt->rt6i_src.addr, &rt->rt6i_dst.addr);
2297 if (!cache && skb->dev) {
2298 int vif = ip6mr_find_vif(mrt, skb->dev);
2299
2300 if (vif >= 0)
2301 cache = ip6mr_cache_find_any(mrt, &rt->rt6i_dst.addr,
2302 vif);
2303 }
2304
2305 if (!cache) {
2306 struct sk_buff *skb2;
2307 struct ipv6hdr *iph;
2308 struct net_device *dev;
2309 int vif;
2310
2311 dev = skb->dev;
2312 if (!dev || (vif = ip6mr_find_vif(mrt, dev)) < 0) {
2313 rcu_read_unlock();
2314 return -ENODEV;
2315 }
2316
2317 /* really correct? */
2318 skb2 = alloc_skb(sizeof(struct ipv6hdr), GFP_ATOMIC);
2319 if (!skb2) {
2320 rcu_read_unlock();
2321 return -ENOMEM;
2322 }
2323
2324 NETLINK_CB(skb2).portid = portid;
2325 skb_reset_transport_header(skb2);
2326
2327 skb_put(skb2, sizeof(struct ipv6hdr));
2328 skb_reset_network_header(skb2);
2329
2330 iph = ipv6_hdr(skb2);
2331 iph->version = 0;
2332 iph->priority = 0;
2333 iph->flow_lbl[0] = 0;
2334 iph->flow_lbl[1] = 0;
2335 iph->flow_lbl[2] = 0;
2336 iph->payload_len = 0;
2337 iph->nexthdr = IPPROTO_NONE;
2338 iph->hop_limit = 0;
2339 iph->saddr = rt->rt6i_src.addr;
2340 iph->daddr = rt->rt6i_dst.addr;
2341
2342 err = ip6mr_cache_unresolved(mrt, vif, skb2, dev);
2343 rcu_read_unlock();
2344
2345 return err;
2346 }
2347
2348 err = mr_fill_mroute(mrt, skb, &cache->_c, rtm);
2349 rcu_read_unlock();
2350 return err;
2351}
2352
2353static int ip6mr_fill_mroute(struct mr_table *mrt, struct sk_buff *skb,
2354 u32 portid, u32 seq, struct mfc6_cache *c, int cmd,
2355 int flags)
2356{
2357 struct nlmsghdr *nlh;
2358 struct rtmsg *rtm;
2359 int err;
2360
2361 nlh = nlmsg_put(skb, portid, seq, cmd, sizeof(*rtm), flags);
2362 if (!nlh)
2363 return -EMSGSIZE;
2364
2365 rtm = nlmsg_data(nlh);
2366 rtm->rtm_family = RTNL_FAMILY_IP6MR;
2367 rtm->rtm_dst_len = 128;
2368 rtm->rtm_src_len = 128;
2369 rtm->rtm_tos = 0;
2370 rtm->rtm_table = mrt->id;
2371 if (nla_put_u32(skb, RTA_TABLE, mrt->id))
2372 goto nla_put_failure;
2373 rtm->rtm_type = RTN_MULTICAST;
2374 rtm->rtm_scope = RT_SCOPE_UNIVERSE;
2375 if (c->_c.mfc_flags & MFC_STATIC)
2376 rtm->rtm_protocol = RTPROT_STATIC;
2377 else
2378 rtm->rtm_protocol = RTPROT_MROUTED;
2379 rtm->rtm_flags = 0;
2380
2381 if (nla_put_in6_addr(skb, RTA_SRC, &c->mf6c_origin) ||
2382 nla_put_in6_addr(skb, RTA_DST, &c->mf6c_mcastgrp))
2383 goto nla_put_failure;
2384 err = mr_fill_mroute(mrt, skb, &c->_c, rtm);
2385 /* do not break the dump if cache is unresolved */
2386 if (err < 0 && err != -ENOENT)
2387 goto nla_put_failure;
2388
2389 nlmsg_end(skb, nlh);
2390 return 0;
2391
2392nla_put_failure:
2393 nlmsg_cancel(skb, nlh);
2394 return -EMSGSIZE;
2395}
2396
2397static int _ip6mr_fill_mroute(struct mr_table *mrt, struct sk_buff *skb,
2398 u32 portid, u32 seq, struct mr_mfc *c,
2399 int cmd, int flags)
2400{
2401 return ip6mr_fill_mroute(mrt, skb, portid, seq, (struct mfc6_cache *)c,
2402 cmd, flags);
2403}
2404
2405static int mr6_msgsize(bool unresolved, int maxvif)
2406{
2407 size_t len =
2408 NLMSG_ALIGN(sizeof(struct rtmsg))
2409 + nla_total_size(4) /* RTA_TABLE */
2410 + nla_total_size(sizeof(struct in6_addr)) /* RTA_SRC */
2411 + nla_total_size(sizeof(struct in6_addr)) /* RTA_DST */
2412 ;
2413
2414 if (!unresolved)
2415 len = len
2416 + nla_total_size(4) /* RTA_IIF */
2417 + nla_total_size(0) /* RTA_MULTIPATH */
2418 + maxvif * NLA_ALIGN(sizeof(struct rtnexthop))
2419 /* RTA_MFC_STATS */
2420 + nla_total_size_64bit(sizeof(struct rta_mfc_stats))
2421 ;
2422
2423 return len;
2424}
2425
2426static void mr6_netlink_event(struct mr_table *mrt, struct mfc6_cache *mfc,
2427 int cmd)
2428{
2429 struct net *net = read_pnet(&mrt->net);
2430 struct sk_buff *skb;
2431 int err = -ENOBUFS;
2432
2433 skb = nlmsg_new(mr6_msgsize(mfc->_c.mfc_parent >= MAXMIFS, mrt->maxvif),
2434 GFP_ATOMIC);
2435 if (!skb)
2436 goto errout;
2437
2438 err = ip6mr_fill_mroute(mrt, skb, 0, 0, mfc, cmd, 0);
2439 if (err < 0)
2440 goto errout;
2441
2442 rtnl_notify(skb, net, 0, RTNLGRP_IPV6_MROUTE, NULL, GFP_ATOMIC);
2443 return;
2444
2445errout:
2446 kfree_skb(skb);
2447 if (err < 0)
2448 rtnl_set_sk_err(net, RTNLGRP_IPV6_MROUTE, err);
2449}
2450
2451static size_t mrt6msg_netlink_msgsize(size_t payloadlen)
2452{
2453 size_t len =
2454 NLMSG_ALIGN(sizeof(struct rtgenmsg))
2455 + nla_total_size(1) /* IP6MRA_CREPORT_MSGTYPE */
2456 + nla_total_size(4) /* IP6MRA_CREPORT_MIF_ID */
2457 /* IP6MRA_CREPORT_SRC_ADDR */
2458 + nla_total_size(sizeof(struct in6_addr))
2459 /* IP6MRA_CREPORT_DST_ADDR */
2460 + nla_total_size(sizeof(struct in6_addr))
2461 /* IP6MRA_CREPORT_PKT */
2462 + nla_total_size(payloadlen)
2463 ;
2464
2465 return len;
2466}
2467
2468static void mrt6msg_netlink_event(const struct mr_table *mrt, struct sk_buff *pkt)
2469{
2470 struct net *net = read_pnet(&mrt->net);
2471 struct nlmsghdr *nlh;
2472 struct rtgenmsg *rtgenm;
2473 struct mrt6msg *msg;
2474 struct sk_buff *skb;
2475 struct nlattr *nla;
2476 int payloadlen;
2477
2478 payloadlen = pkt->len - sizeof(struct mrt6msg);
2479 msg = (struct mrt6msg *)skb_transport_header(pkt);
2480
2481 skb = nlmsg_new(mrt6msg_netlink_msgsize(payloadlen), GFP_ATOMIC);
2482 if (!skb)
2483 goto errout;
2484
2485 nlh = nlmsg_put(skb, 0, 0, RTM_NEWCACHEREPORT,
2486 sizeof(struct rtgenmsg), 0);
2487 if (!nlh)
2488 goto errout;
2489 rtgenm = nlmsg_data(nlh);
2490 rtgenm->rtgen_family = RTNL_FAMILY_IP6MR;
2491 if (nla_put_u8(skb, IP6MRA_CREPORT_MSGTYPE, msg->im6_msgtype) ||
2492 nla_put_u32(skb, IP6MRA_CREPORT_MIF_ID, msg->im6_mif) ||
2493 nla_put_in6_addr(skb, IP6MRA_CREPORT_SRC_ADDR,
2494 &msg->im6_src) ||
2495 nla_put_in6_addr(skb, IP6MRA_CREPORT_DST_ADDR,
2496 &msg->im6_dst))
2497 goto nla_put_failure;
2498
2499 nla = nla_reserve(skb, IP6MRA_CREPORT_PKT, payloadlen);
2500 if (!nla || skb_copy_bits(pkt, sizeof(struct mrt6msg),
2501 nla_data(nla), payloadlen))
2502 goto nla_put_failure;
2503
2504 nlmsg_end(skb, nlh);
2505
2506 rtnl_notify(skb, net, 0, RTNLGRP_IPV6_MROUTE_R, NULL, GFP_ATOMIC);
2507 return;
2508
2509nla_put_failure:
2510 nlmsg_cancel(skb, nlh);
2511errout:
2512 kfree_skb(skb);
2513 rtnl_set_sk_err(net, RTNLGRP_IPV6_MROUTE_R, -ENOBUFS);
2514}
2515
2516static const struct nla_policy ip6mr_getroute_policy[RTA_MAX + 1] = {
2517 [RTA_SRC] = NLA_POLICY_EXACT_LEN(sizeof(struct in6_addr)),
2518 [RTA_DST] = NLA_POLICY_EXACT_LEN(sizeof(struct in6_addr)),
2519 [RTA_TABLE] = { .type = NLA_U32 },
2520};
2521
2522static int ip6mr_rtm_valid_getroute_req(struct sk_buff *skb,
2523 const struct nlmsghdr *nlh,
2524 struct nlattr **tb,
2525 struct netlink_ext_ack *extack)
2526{
2527 struct rtmsg *rtm;
2528 int err;
2529
2530 err = nlmsg_parse(nlh, sizeof(*rtm), tb, RTA_MAX, ip6mr_getroute_policy,
2531 extack);
2532 if (err)
2533 return err;
2534
2535 rtm = nlmsg_data(nlh);
2536 if ((rtm->rtm_src_len && rtm->rtm_src_len != 128) ||
2537 (rtm->rtm_dst_len && rtm->rtm_dst_len != 128) ||
2538 rtm->rtm_tos || rtm->rtm_table || rtm->rtm_protocol ||
2539 rtm->rtm_scope || rtm->rtm_type || rtm->rtm_flags) {
2540 NL_SET_ERR_MSG_MOD(extack,
2541 "Invalid values in header for multicast route get request");
2542 return -EINVAL;
2543 }
2544
2545 if ((tb[RTA_SRC] && !rtm->rtm_src_len) ||
2546 (tb[RTA_DST] && !rtm->rtm_dst_len)) {
2547 NL_SET_ERR_MSG_MOD(extack, "rtm_src_len and rtm_dst_len must be 128 for IPv6");
2548 return -EINVAL;
2549 }
2550
2551 return 0;
2552}
2553
2554static int ip6mr_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr *nlh,
2555 struct netlink_ext_ack *extack)
2556{
2557 struct net *net = sock_net(in_skb->sk);
2558 struct in6_addr src = {}, grp = {};
2559 struct nlattr *tb[RTA_MAX + 1];
2560 struct mfc6_cache *cache;
2561 struct mr_table *mrt;
2562 struct sk_buff *skb;
2563 u32 tableid;
2564 int err;
2565
2566 err = ip6mr_rtm_valid_getroute_req(in_skb, nlh, tb, extack);
2567 if (err < 0)
2568 return err;
2569
2570 if (tb[RTA_SRC])
2571 src = nla_get_in6_addr(tb[RTA_SRC]);
2572 if (tb[RTA_DST])
2573 grp = nla_get_in6_addr(tb[RTA_DST]);
2574 tableid = tb[RTA_TABLE] ? nla_get_u32(tb[RTA_TABLE]) : 0;
2575
2576 mrt = ip6mr_get_table(net, tableid ?: RT_TABLE_DEFAULT);
2577 if (!mrt) {
2578 NL_SET_ERR_MSG_MOD(extack, "MR table does not exist");
2579 return -ENOENT;
2580 }
2581
2582 /* entries are added/deleted only under RTNL */
2583 rcu_read_lock();
2584 cache = ip6mr_cache_find(mrt, &src, &grp);
2585 rcu_read_unlock();
2586 if (!cache) {
2587 NL_SET_ERR_MSG_MOD(extack, "MR cache entry not found");
2588 return -ENOENT;
2589 }
2590
2591 skb = nlmsg_new(mr6_msgsize(false, mrt->maxvif), GFP_KERNEL);
2592 if (!skb)
2593 return -ENOBUFS;
2594
2595 err = ip6mr_fill_mroute(mrt, skb, NETLINK_CB(in_skb).portid,
2596 nlh->nlmsg_seq, cache, RTM_NEWROUTE, 0);
2597 if (err < 0) {
2598 kfree_skb(skb);
2599 return err;
2600 }
2601
2602 return rtnl_unicast(skb, net, NETLINK_CB(in_skb).portid);
2603}
2604
2605static int ip6mr_rtm_dumproute(struct sk_buff *skb, struct netlink_callback *cb)
2606{
2607 const struct nlmsghdr *nlh = cb->nlh;
2608 struct fib_dump_filter filter = {};
2609 int err;
2610
2611 if (cb->strict_check) {
2612 err = ip_valid_fib_dump_req(sock_net(skb->sk), nlh,
2613 &filter, cb);
2614 if (err < 0)
2615 return err;
2616 }
2617
2618 if (filter.table_id) {
2619 struct mr_table *mrt;
2620
2621 mrt = ip6mr_get_table(sock_net(skb->sk), filter.table_id);
2622 if (!mrt) {
2623 if (rtnl_msg_family(cb->nlh) != RTNL_FAMILY_IP6MR)
2624 return skb->len;
2625
2626 NL_SET_ERR_MSG_MOD(cb->extack, "MR table does not exist");
2627 return -ENOENT;
2628 }
2629 err = mr_table_dump(mrt, skb, cb, _ip6mr_fill_mroute,
2630 &mfc_unres_lock, &filter);
2631 return skb->len ? : err;
2632 }
2633
2634 return mr_rtm_dumproute(skb, cb, ip6mr_mr_table_iter,
2635 _ip6mr_fill_mroute, &mfc_unres_lock, &filter);
2636}