Loading...
1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * Linux IPv6 multicast routing support for BSD pim6sd
4 * Based on net/ipv4/ipmr.c.
5 *
6 * (c) 2004 Mickael Hoerdt, <hoerdt@clarinet.u-strasbg.fr>
7 * LSIIT Laboratory, Strasbourg, France
8 * (c) 2004 Jean-Philippe Andriot, <jean-philippe.andriot@6WIND.com>
9 * 6WIND, Paris, France
10 * Copyright (C)2007,2008 USAGI/WIDE Project
11 * YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
12 */
13
14#include <linux/uaccess.h>
15#include <linux/types.h>
16#include <linux/sched.h>
17#include <linux/errno.h>
18#include <linux/mm.h>
19#include <linux/kernel.h>
20#include <linux/fcntl.h>
21#include <linux/stat.h>
22#include <linux/socket.h>
23#include <linux/inet.h>
24#include <linux/netdevice.h>
25#include <linux/inetdevice.h>
26#include <linux/proc_fs.h>
27#include <linux/seq_file.h>
28#include <linux/init.h>
29#include <linux/compat.h>
30#include <linux/rhashtable.h>
31#include <net/protocol.h>
32#include <linux/skbuff.h>
33#include <net/raw.h>
34#include <linux/notifier.h>
35#include <linux/if_arp.h>
36#include <net/checksum.h>
37#include <net/netlink.h>
38#include <net/fib_rules.h>
39
40#include <net/ipv6.h>
41#include <net/ip6_route.h>
42#include <linux/mroute6.h>
43#include <linux/pim.h>
44#include <net/addrconf.h>
45#include <linux/netfilter_ipv6.h>
46#include <linux/export.h>
47#include <net/ip6_checksum.h>
48#include <linux/netconf.h>
49#include <net/ip_tunnels.h>
50
51#include <linux/nospec.h>
52
53struct ip6mr_rule {
54 struct fib_rule common;
55};
56
57struct ip6mr_result {
58 struct mr_table *mrt;
59};
60
61/* Big lock, protecting vif table, mrt cache and mroute socket state.
62 Note that the changes are semaphored via rtnl_lock.
63 */
64
65static DEFINE_RWLOCK(mrt_lock);
66
67/* Multicast router control variables */
68
69/* Special spinlock for queue of unresolved entries */
70static DEFINE_SPINLOCK(mfc_unres_lock);
71
72/* We return to original Alan's scheme. Hash table of resolved
73 entries is changed only in process context and protected
74 with weak lock mrt_lock. Queue of unresolved entries is protected
75 with strong spinlock mfc_unres_lock.
76
77 In this case data path is free of exclusive locks at all.
78 */
79
80static struct kmem_cache *mrt_cachep __read_mostly;
81
82static struct mr_table *ip6mr_new_table(struct net *net, u32 id);
83static void ip6mr_free_table(struct mr_table *mrt);
84
85static void ip6_mr_forward(struct net *net, struct mr_table *mrt,
86 struct net_device *dev, struct sk_buff *skb,
87 struct mfc6_cache *cache);
88static int ip6mr_cache_report(struct mr_table *mrt, struct sk_buff *pkt,
89 mifi_t mifi, int assert);
90static void mr6_netlink_event(struct mr_table *mrt, struct mfc6_cache *mfc,
91 int cmd);
92static void mrt6msg_netlink_event(struct mr_table *mrt, struct sk_buff *pkt);
93static int ip6mr_rtm_dumproute(struct sk_buff *skb,
94 struct netlink_callback *cb);
95static void mroute_clean_tables(struct mr_table *mrt, int flags);
96static void ipmr_expire_process(struct timer_list *t);
97
98#ifdef CONFIG_IPV6_MROUTE_MULTIPLE_TABLES
99#define ip6mr_for_each_table(mrt, net) \
100 list_for_each_entry_rcu(mrt, &net->ipv6.mr6_tables, list, \
101 lockdep_rtnl_is_held() || \
102 list_empty(&net->ipv6.mr6_tables))
103
104static struct mr_table *ip6mr_mr_table_iter(struct net *net,
105 struct mr_table *mrt)
106{
107 struct mr_table *ret;
108
109 if (!mrt)
110 ret = list_entry_rcu(net->ipv6.mr6_tables.next,
111 struct mr_table, list);
112 else
113 ret = list_entry_rcu(mrt->list.next,
114 struct mr_table, list);
115
116 if (&ret->list == &net->ipv6.mr6_tables)
117 return NULL;
118 return ret;
119}
120
121static struct mr_table *ip6mr_get_table(struct net *net, u32 id)
122{
123 struct mr_table *mrt;
124
125 ip6mr_for_each_table(mrt, net) {
126 if (mrt->id == id)
127 return mrt;
128 }
129 return NULL;
130}
131
132static int ip6mr_fib_lookup(struct net *net, struct flowi6 *flp6,
133 struct mr_table **mrt)
134{
135 int err;
136 struct ip6mr_result res;
137 struct fib_lookup_arg arg = {
138 .result = &res,
139 .flags = FIB_LOOKUP_NOREF,
140 };
141
142 /* update flow if oif or iif point to device enslaved to l3mdev */
143 l3mdev_update_flow(net, flowi6_to_flowi(flp6));
144
145 err = fib_rules_lookup(net->ipv6.mr6_rules_ops,
146 flowi6_to_flowi(flp6), 0, &arg);
147 if (err < 0)
148 return err;
149 *mrt = res.mrt;
150 return 0;
151}
152
153static int ip6mr_rule_action(struct fib_rule *rule, struct flowi *flp,
154 int flags, struct fib_lookup_arg *arg)
155{
156 struct ip6mr_result *res = arg->result;
157 struct mr_table *mrt;
158
159 switch (rule->action) {
160 case FR_ACT_TO_TBL:
161 break;
162 case FR_ACT_UNREACHABLE:
163 return -ENETUNREACH;
164 case FR_ACT_PROHIBIT:
165 return -EACCES;
166 case FR_ACT_BLACKHOLE:
167 default:
168 return -EINVAL;
169 }
170
171 arg->table = fib_rule_get_table(rule, arg);
172
173 mrt = ip6mr_get_table(rule->fr_net, arg->table);
174 if (!mrt)
175 return -EAGAIN;
176 res->mrt = mrt;
177 return 0;
178}
179
180static int ip6mr_rule_match(struct fib_rule *rule, struct flowi *flp, int flags)
181{
182 return 1;
183}
184
185static const struct nla_policy ip6mr_rule_policy[FRA_MAX + 1] = {
186 FRA_GENERIC_POLICY,
187};
188
189static int ip6mr_rule_configure(struct fib_rule *rule, struct sk_buff *skb,
190 struct fib_rule_hdr *frh, struct nlattr **tb,
191 struct netlink_ext_ack *extack)
192{
193 return 0;
194}
195
196static int ip6mr_rule_compare(struct fib_rule *rule, struct fib_rule_hdr *frh,
197 struct nlattr **tb)
198{
199 return 1;
200}
201
202static int ip6mr_rule_fill(struct fib_rule *rule, struct sk_buff *skb,
203 struct fib_rule_hdr *frh)
204{
205 frh->dst_len = 0;
206 frh->src_len = 0;
207 frh->tos = 0;
208 return 0;
209}
210
211static const struct fib_rules_ops __net_initconst ip6mr_rules_ops_template = {
212 .family = RTNL_FAMILY_IP6MR,
213 .rule_size = sizeof(struct ip6mr_rule),
214 .addr_size = sizeof(struct in6_addr),
215 .action = ip6mr_rule_action,
216 .match = ip6mr_rule_match,
217 .configure = ip6mr_rule_configure,
218 .compare = ip6mr_rule_compare,
219 .fill = ip6mr_rule_fill,
220 .nlgroup = RTNLGRP_IPV6_RULE,
221 .policy = ip6mr_rule_policy,
222 .owner = THIS_MODULE,
223};
224
225static int __net_init ip6mr_rules_init(struct net *net)
226{
227 struct fib_rules_ops *ops;
228 struct mr_table *mrt;
229 int err;
230
231 ops = fib_rules_register(&ip6mr_rules_ops_template, net);
232 if (IS_ERR(ops))
233 return PTR_ERR(ops);
234
235 INIT_LIST_HEAD(&net->ipv6.mr6_tables);
236
237 mrt = ip6mr_new_table(net, RT6_TABLE_DFLT);
238 if (IS_ERR(mrt)) {
239 err = PTR_ERR(mrt);
240 goto err1;
241 }
242
243 err = fib_default_rule_add(ops, 0x7fff, RT6_TABLE_DFLT, 0);
244 if (err < 0)
245 goto err2;
246
247 net->ipv6.mr6_rules_ops = ops;
248 return 0;
249
250err2:
251 ip6mr_free_table(mrt);
252err1:
253 fib_rules_unregister(ops);
254 return err;
255}
256
257static void __net_exit ip6mr_rules_exit(struct net *net)
258{
259 struct mr_table *mrt, *next;
260
261 rtnl_lock();
262 list_for_each_entry_safe(mrt, next, &net->ipv6.mr6_tables, list) {
263 list_del(&mrt->list);
264 ip6mr_free_table(mrt);
265 }
266 fib_rules_unregister(net->ipv6.mr6_rules_ops);
267 rtnl_unlock();
268}
269
270static int ip6mr_rules_dump(struct net *net, struct notifier_block *nb,
271 struct netlink_ext_ack *extack)
272{
273 return fib_rules_dump(net, nb, RTNL_FAMILY_IP6MR, extack);
274}
275
276static unsigned int ip6mr_rules_seq_read(struct net *net)
277{
278 return fib_rules_seq_read(net, RTNL_FAMILY_IP6MR);
279}
280
281bool ip6mr_rule_default(const struct fib_rule *rule)
282{
283 return fib_rule_matchall(rule) && rule->action == FR_ACT_TO_TBL &&
284 rule->table == RT6_TABLE_DFLT && !rule->l3mdev;
285}
286EXPORT_SYMBOL(ip6mr_rule_default);
287#else
288#define ip6mr_for_each_table(mrt, net) \
289 for (mrt = net->ipv6.mrt6; mrt; mrt = NULL)
290
291static struct mr_table *ip6mr_mr_table_iter(struct net *net,
292 struct mr_table *mrt)
293{
294 if (!mrt)
295 return net->ipv6.mrt6;
296 return NULL;
297}
298
299static struct mr_table *ip6mr_get_table(struct net *net, u32 id)
300{
301 return net->ipv6.mrt6;
302}
303
304static int ip6mr_fib_lookup(struct net *net, struct flowi6 *flp6,
305 struct mr_table **mrt)
306{
307 *mrt = net->ipv6.mrt6;
308 return 0;
309}
310
311static int __net_init ip6mr_rules_init(struct net *net)
312{
313 struct mr_table *mrt;
314
315 mrt = ip6mr_new_table(net, RT6_TABLE_DFLT);
316 if (IS_ERR(mrt))
317 return PTR_ERR(mrt);
318 net->ipv6.mrt6 = mrt;
319 return 0;
320}
321
322static void __net_exit ip6mr_rules_exit(struct net *net)
323{
324 rtnl_lock();
325 ip6mr_free_table(net->ipv6.mrt6);
326 net->ipv6.mrt6 = NULL;
327 rtnl_unlock();
328}
329
330static int ip6mr_rules_dump(struct net *net, struct notifier_block *nb,
331 struct netlink_ext_ack *extack)
332{
333 return 0;
334}
335
336static unsigned int ip6mr_rules_seq_read(struct net *net)
337{
338 return 0;
339}
340#endif
341
342static int ip6mr_hash_cmp(struct rhashtable_compare_arg *arg,
343 const void *ptr)
344{
345 const struct mfc6_cache_cmp_arg *cmparg = arg->key;
346 struct mfc6_cache *c = (struct mfc6_cache *)ptr;
347
348 return !ipv6_addr_equal(&c->mf6c_mcastgrp, &cmparg->mf6c_mcastgrp) ||
349 !ipv6_addr_equal(&c->mf6c_origin, &cmparg->mf6c_origin);
350}
351
352static const struct rhashtable_params ip6mr_rht_params = {
353 .head_offset = offsetof(struct mr_mfc, mnode),
354 .key_offset = offsetof(struct mfc6_cache, cmparg),
355 .key_len = sizeof(struct mfc6_cache_cmp_arg),
356 .nelem_hint = 3,
357 .obj_cmpfn = ip6mr_hash_cmp,
358 .automatic_shrinking = true,
359};
360
361static void ip6mr_new_table_set(struct mr_table *mrt,
362 struct net *net)
363{
364#ifdef CONFIG_IPV6_MROUTE_MULTIPLE_TABLES
365 list_add_tail_rcu(&mrt->list, &net->ipv6.mr6_tables);
366#endif
367}
368
369static struct mfc6_cache_cmp_arg ip6mr_mr_table_ops_cmparg_any = {
370 .mf6c_origin = IN6ADDR_ANY_INIT,
371 .mf6c_mcastgrp = IN6ADDR_ANY_INIT,
372};
373
374static struct mr_table_ops ip6mr_mr_table_ops = {
375 .rht_params = &ip6mr_rht_params,
376 .cmparg_any = &ip6mr_mr_table_ops_cmparg_any,
377};
378
379static struct mr_table *ip6mr_new_table(struct net *net, u32 id)
380{
381 struct mr_table *mrt;
382
383 mrt = ip6mr_get_table(net, id);
384 if (mrt)
385 return mrt;
386
387 return mr_table_alloc(net, id, &ip6mr_mr_table_ops,
388 ipmr_expire_process, ip6mr_new_table_set);
389}
390
391static void ip6mr_free_table(struct mr_table *mrt)
392{
393 del_timer_sync(&mrt->ipmr_expire_timer);
394 mroute_clean_tables(mrt, MRT6_FLUSH_MIFS | MRT6_FLUSH_MIFS_STATIC |
395 MRT6_FLUSH_MFC | MRT6_FLUSH_MFC_STATIC);
396 rhltable_destroy(&mrt->mfc_hash);
397 kfree(mrt);
398}
399
400#ifdef CONFIG_PROC_FS
401/* The /proc interfaces to multicast routing
402 * /proc/ip6_mr_cache /proc/ip6_mr_vif
403 */
404
405static void *ip6mr_vif_seq_start(struct seq_file *seq, loff_t *pos)
406 __acquires(mrt_lock)
407{
408 struct mr_vif_iter *iter = seq->private;
409 struct net *net = seq_file_net(seq);
410 struct mr_table *mrt;
411
412 mrt = ip6mr_get_table(net, RT6_TABLE_DFLT);
413 if (!mrt)
414 return ERR_PTR(-ENOENT);
415
416 iter->mrt = mrt;
417
418 read_lock(&mrt_lock);
419 return mr_vif_seq_start(seq, pos);
420}
421
422static void ip6mr_vif_seq_stop(struct seq_file *seq, void *v)
423 __releases(mrt_lock)
424{
425 read_unlock(&mrt_lock);
426}
427
428static int ip6mr_vif_seq_show(struct seq_file *seq, void *v)
429{
430 struct mr_vif_iter *iter = seq->private;
431 struct mr_table *mrt = iter->mrt;
432
433 if (v == SEQ_START_TOKEN) {
434 seq_puts(seq,
435 "Interface BytesIn PktsIn BytesOut PktsOut Flags\n");
436 } else {
437 const struct vif_device *vif = v;
438 const char *name = vif->dev ? vif->dev->name : "none";
439
440 seq_printf(seq,
441 "%2td %-10s %8ld %7ld %8ld %7ld %05X\n",
442 vif - mrt->vif_table,
443 name, vif->bytes_in, vif->pkt_in,
444 vif->bytes_out, vif->pkt_out,
445 vif->flags);
446 }
447 return 0;
448}
449
450static const struct seq_operations ip6mr_vif_seq_ops = {
451 .start = ip6mr_vif_seq_start,
452 .next = mr_vif_seq_next,
453 .stop = ip6mr_vif_seq_stop,
454 .show = ip6mr_vif_seq_show,
455};
456
457static void *ipmr_mfc_seq_start(struct seq_file *seq, loff_t *pos)
458{
459 struct net *net = seq_file_net(seq);
460 struct mr_table *mrt;
461
462 mrt = ip6mr_get_table(net, RT6_TABLE_DFLT);
463 if (!mrt)
464 return ERR_PTR(-ENOENT);
465
466 return mr_mfc_seq_start(seq, pos, mrt, &mfc_unres_lock);
467}
468
469static int ipmr_mfc_seq_show(struct seq_file *seq, void *v)
470{
471 int n;
472
473 if (v == SEQ_START_TOKEN) {
474 seq_puts(seq,
475 "Group "
476 "Origin "
477 "Iif Pkts Bytes Wrong Oifs\n");
478 } else {
479 const struct mfc6_cache *mfc = v;
480 const struct mr_mfc_iter *it = seq->private;
481 struct mr_table *mrt = it->mrt;
482
483 seq_printf(seq, "%pI6 %pI6 %-3hd",
484 &mfc->mf6c_mcastgrp, &mfc->mf6c_origin,
485 mfc->_c.mfc_parent);
486
487 if (it->cache != &mrt->mfc_unres_queue) {
488 seq_printf(seq, " %8lu %8lu %8lu",
489 mfc->_c.mfc_un.res.pkt,
490 mfc->_c.mfc_un.res.bytes,
491 mfc->_c.mfc_un.res.wrong_if);
492 for (n = mfc->_c.mfc_un.res.minvif;
493 n < mfc->_c.mfc_un.res.maxvif; n++) {
494 if (VIF_EXISTS(mrt, n) &&
495 mfc->_c.mfc_un.res.ttls[n] < 255)
496 seq_printf(seq,
497 " %2d:%-3d", n,
498 mfc->_c.mfc_un.res.ttls[n]);
499 }
500 } else {
501 /* unresolved mfc_caches don't contain
502 * pkt, bytes and wrong_if values
503 */
504 seq_printf(seq, " %8lu %8lu %8lu", 0ul, 0ul, 0ul);
505 }
506 seq_putc(seq, '\n');
507 }
508 return 0;
509}
510
511static const struct seq_operations ipmr_mfc_seq_ops = {
512 .start = ipmr_mfc_seq_start,
513 .next = mr_mfc_seq_next,
514 .stop = mr_mfc_seq_stop,
515 .show = ipmr_mfc_seq_show,
516};
517#endif
518
519#ifdef CONFIG_IPV6_PIMSM_V2
520
521static int pim6_rcv(struct sk_buff *skb)
522{
523 struct pimreghdr *pim;
524 struct ipv6hdr *encap;
525 struct net_device *reg_dev = NULL;
526 struct net *net = dev_net(skb->dev);
527 struct mr_table *mrt;
528 struct flowi6 fl6 = {
529 .flowi6_iif = skb->dev->ifindex,
530 .flowi6_mark = skb->mark,
531 };
532 int reg_vif_num;
533
534 if (!pskb_may_pull(skb, sizeof(*pim) + sizeof(*encap)))
535 goto drop;
536
537 pim = (struct pimreghdr *)skb_transport_header(skb);
538 if (pim->type != ((PIM_VERSION << 4) | PIM_TYPE_REGISTER) ||
539 (pim->flags & PIM_NULL_REGISTER) ||
540 (csum_ipv6_magic(&ipv6_hdr(skb)->saddr, &ipv6_hdr(skb)->daddr,
541 sizeof(*pim), IPPROTO_PIM,
542 csum_partial((void *)pim, sizeof(*pim), 0)) &&
543 csum_fold(skb_checksum(skb, 0, skb->len, 0))))
544 goto drop;
545
546 /* check if the inner packet is destined to mcast group */
547 encap = (struct ipv6hdr *)(skb_transport_header(skb) +
548 sizeof(*pim));
549
550 if (!ipv6_addr_is_multicast(&encap->daddr) ||
551 encap->payload_len == 0 ||
552 ntohs(encap->payload_len) + sizeof(*pim) > skb->len)
553 goto drop;
554
555 if (ip6mr_fib_lookup(net, &fl6, &mrt) < 0)
556 goto drop;
557 reg_vif_num = mrt->mroute_reg_vif_num;
558
559 read_lock(&mrt_lock);
560 if (reg_vif_num >= 0)
561 reg_dev = mrt->vif_table[reg_vif_num].dev;
562 if (reg_dev)
563 dev_hold(reg_dev);
564 read_unlock(&mrt_lock);
565
566 if (!reg_dev)
567 goto drop;
568
569 skb->mac_header = skb->network_header;
570 skb_pull(skb, (u8 *)encap - skb->data);
571 skb_reset_network_header(skb);
572 skb->protocol = htons(ETH_P_IPV6);
573 skb->ip_summed = CHECKSUM_NONE;
574
575 skb_tunnel_rx(skb, reg_dev, dev_net(reg_dev));
576
577 netif_rx(skb);
578
579 dev_put(reg_dev);
580 return 0;
581 drop:
582 kfree_skb(skb);
583 return 0;
584}
585
586static const struct inet6_protocol pim6_protocol = {
587 .handler = pim6_rcv,
588};
589
590/* Service routines creating virtual interfaces: PIMREG */
591
592static netdev_tx_t reg_vif_xmit(struct sk_buff *skb,
593 struct net_device *dev)
594{
595 struct net *net = dev_net(dev);
596 struct mr_table *mrt;
597 struct flowi6 fl6 = {
598 .flowi6_oif = dev->ifindex,
599 .flowi6_iif = skb->skb_iif ? : LOOPBACK_IFINDEX,
600 .flowi6_mark = skb->mark,
601 };
602
603 if (!pskb_inet_may_pull(skb))
604 goto tx_err;
605
606 if (ip6mr_fib_lookup(net, &fl6, &mrt) < 0)
607 goto tx_err;
608
609 read_lock(&mrt_lock);
610 dev->stats.tx_bytes += skb->len;
611 dev->stats.tx_packets++;
612 ip6mr_cache_report(mrt, skb, mrt->mroute_reg_vif_num, MRT6MSG_WHOLEPKT);
613 read_unlock(&mrt_lock);
614 kfree_skb(skb);
615 return NETDEV_TX_OK;
616
617tx_err:
618 dev->stats.tx_errors++;
619 kfree_skb(skb);
620 return NETDEV_TX_OK;
621}
622
623static int reg_vif_get_iflink(const struct net_device *dev)
624{
625 return 0;
626}
627
628static const struct net_device_ops reg_vif_netdev_ops = {
629 .ndo_start_xmit = reg_vif_xmit,
630 .ndo_get_iflink = reg_vif_get_iflink,
631};
632
633static void reg_vif_setup(struct net_device *dev)
634{
635 dev->type = ARPHRD_PIMREG;
636 dev->mtu = 1500 - sizeof(struct ipv6hdr) - 8;
637 dev->flags = IFF_NOARP;
638 dev->netdev_ops = ®_vif_netdev_ops;
639 dev->needs_free_netdev = true;
640 dev->features |= NETIF_F_NETNS_LOCAL;
641}
642
643static struct net_device *ip6mr_reg_vif(struct net *net, struct mr_table *mrt)
644{
645 struct net_device *dev;
646 char name[IFNAMSIZ];
647
648 if (mrt->id == RT6_TABLE_DFLT)
649 sprintf(name, "pim6reg");
650 else
651 sprintf(name, "pim6reg%u", mrt->id);
652
653 dev = alloc_netdev(0, name, NET_NAME_UNKNOWN, reg_vif_setup);
654 if (!dev)
655 return NULL;
656
657 dev_net_set(dev, net);
658
659 if (register_netdevice(dev)) {
660 free_netdev(dev);
661 return NULL;
662 }
663
664 if (dev_open(dev, NULL))
665 goto failure;
666
667 dev_hold(dev);
668 return dev;
669
670failure:
671 unregister_netdevice(dev);
672 return NULL;
673}
674#endif
675
676static int call_ip6mr_vif_entry_notifiers(struct net *net,
677 enum fib_event_type event_type,
678 struct vif_device *vif,
679 mifi_t vif_index, u32 tb_id)
680{
681 return mr_call_vif_notifiers(net, RTNL_FAMILY_IP6MR, event_type,
682 vif, vif_index, tb_id,
683 &net->ipv6.ipmr_seq);
684}
685
686static int call_ip6mr_mfc_entry_notifiers(struct net *net,
687 enum fib_event_type event_type,
688 struct mfc6_cache *mfc, u32 tb_id)
689{
690 return mr_call_mfc_notifiers(net, RTNL_FAMILY_IP6MR, event_type,
691 &mfc->_c, tb_id, &net->ipv6.ipmr_seq);
692}
693
694/* Delete a VIF entry */
695static int mif6_delete(struct mr_table *mrt, int vifi, int notify,
696 struct list_head *head)
697{
698 struct vif_device *v;
699 struct net_device *dev;
700 struct inet6_dev *in6_dev;
701
702 if (vifi < 0 || vifi >= mrt->maxvif)
703 return -EADDRNOTAVAIL;
704
705 v = &mrt->vif_table[vifi];
706
707 if (VIF_EXISTS(mrt, vifi))
708 call_ip6mr_vif_entry_notifiers(read_pnet(&mrt->net),
709 FIB_EVENT_VIF_DEL, v, vifi,
710 mrt->id);
711
712 write_lock_bh(&mrt_lock);
713 dev = v->dev;
714 v->dev = NULL;
715
716 if (!dev) {
717 write_unlock_bh(&mrt_lock);
718 return -EADDRNOTAVAIL;
719 }
720
721#ifdef CONFIG_IPV6_PIMSM_V2
722 if (vifi == mrt->mroute_reg_vif_num)
723 mrt->mroute_reg_vif_num = -1;
724#endif
725
726 if (vifi + 1 == mrt->maxvif) {
727 int tmp;
728 for (tmp = vifi - 1; tmp >= 0; tmp--) {
729 if (VIF_EXISTS(mrt, tmp))
730 break;
731 }
732 mrt->maxvif = tmp + 1;
733 }
734
735 write_unlock_bh(&mrt_lock);
736
737 dev_set_allmulti(dev, -1);
738
739 in6_dev = __in6_dev_get(dev);
740 if (in6_dev) {
741 in6_dev->cnf.mc_forwarding--;
742 inet6_netconf_notify_devconf(dev_net(dev), RTM_NEWNETCONF,
743 NETCONFA_MC_FORWARDING,
744 dev->ifindex, &in6_dev->cnf);
745 }
746
747 if ((v->flags & MIFF_REGISTER) && !notify)
748 unregister_netdevice_queue(dev, head);
749
750 dev_put(dev);
751 return 0;
752}
753
754static inline void ip6mr_cache_free_rcu(struct rcu_head *head)
755{
756 struct mr_mfc *c = container_of(head, struct mr_mfc, rcu);
757
758 kmem_cache_free(mrt_cachep, (struct mfc6_cache *)c);
759}
760
761static inline void ip6mr_cache_free(struct mfc6_cache *c)
762{
763 call_rcu(&c->_c.rcu, ip6mr_cache_free_rcu);
764}
765
766/* Destroy an unresolved cache entry, killing queued skbs
767 and reporting error to netlink readers.
768 */
769
770static void ip6mr_destroy_unres(struct mr_table *mrt, struct mfc6_cache *c)
771{
772 struct net *net = read_pnet(&mrt->net);
773 struct sk_buff *skb;
774
775 atomic_dec(&mrt->cache_resolve_queue_len);
776
777 while ((skb = skb_dequeue(&c->_c.mfc_un.unres.unresolved)) != NULL) {
778 if (ipv6_hdr(skb)->version == 0) {
779 struct nlmsghdr *nlh = skb_pull(skb,
780 sizeof(struct ipv6hdr));
781 nlh->nlmsg_type = NLMSG_ERROR;
782 nlh->nlmsg_len = nlmsg_msg_size(sizeof(struct nlmsgerr));
783 skb_trim(skb, nlh->nlmsg_len);
784 ((struct nlmsgerr *)nlmsg_data(nlh))->error = -ETIMEDOUT;
785 rtnl_unicast(skb, net, NETLINK_CB(skb).portid);
786 } else
787 kfree_skb(skb);
788 }
789
790 ip6mr_cache_free(c);
791}
792
793
794/* Timer process for all the unresolved queue. */
795
796static void ipmr_do_expire_process(struct mr_table *mrt)
797{
798 unsigned long now = jiffies;
799 unsigned long expires = 10 * HZ;
800 struct mr_mfc *c, *next;
801
802 list_for_each_entry_safe(c, next, &mrt->mfc_unres_queue, list) {
803 if (time_after(c->mfc_un.unres.expires, now)) {
804 /* not yet... */
805 unsigned long interval = c->mfc_un.unres.expires - now;
806 if (interval < expires)
807 expires = interval;
808 continue;
809 }
810
811 list_del(&c->list);
812 mr6_netlink_event(mrt, (struct mfc6_cache *)c, RTM_DELROUTE);
813 ip6mr_destroy_unres(mrt, (struct mfc6_cache *)c);
814 }
815
816 if (!list_empty(&mrt->mfc_unres_queue))
817 mod_timer(&mrt->ipmr_expire_timer, jiffies + expires);
818}
819
820static void ipmr_expire_process(struct timer_list *t)
821{
822 struct mr_table *mrt = from_timer(mrt, t, ipmr_expire_timer);
823
824 if (!spin_trylock(&mfc_unres_lock)) {
825 mod_timer(&mrt->ipmr_expire_timer, jiffies + 1);
826 return;
827 }
828
829 if (!list_empty(&mrt->mfc_unres_queue))
830 ipmr_do_expire_process(mrt);
831
832 spin_unlock(&mfc_unres_lock);
833}
834
835/* Fill oifs list. It is called under write locked mrt_lock. */
836
837static void ip6mr_update_thresholds(struct mr_table *mrt,
838 struct mr_mfc *cache,
839 unsigned char *ttls)
840{
841 int vifi;
842
843 cache->mfc_un.res.minvif = MAXMIFS;
844 cache->mfc_un.res.maxvif = 0;
845 memset(cache->mfc_un.res.ttls, 255, MAXMIFS);
846
847 for (vifi = 0; vifi < mrt->maxvif; vifi++) {
848 if (VIF_EXISTS(mrt, vifi) &&
849 ttls[vifi] && ttls[vifi] < 255) {
850 cache->mfc_un.res.ttls[vifi] = ttls[vifi];
851 if (cache->mfc_un.res.minvif > vifi)
852 cache->mfc_un.res.minvif = vifi;
853 if (cache->mfc_un.res.maxvif <= vifi)
854 cache->mfc_un.res.maxvif = vifi + 1;
855 }
856 }
857 cache->mfc_un.res.lastuse = jiffies;
858}
859
860static int mif6_add(struct net *net, struct mr_table *mrt,
861 struct mif6ctl *vifc, int mrtsock)
862{
863 int vifi = vifc->mif6c_mifi;
864 struct vif_device *v = &mrt->vif_table[vifi];
865 struct net_device *dev;
866 struct inet6_dev *in6_dev;
867 int err;
868
869 /* Is vif busy ? */
870 if (VIF_EXISTS(mrt, vifi))
871 return -EADDRINUSE;
872
873 switch (vifc->mif6c_flags) {
874#ifdef CONFIG_IPV6_PIMSM_V2
875 case MIFF_REGISTER:
876 /*
877 * Special Purpose VIF in PIM
878 * All the packets will be sent to the daemon
879 */
880 if (mrt->mroute_reg_vif_num >= 0)
881 return -EADDRINUSE;
882 dev = ip6mr_reg_vif(net, mrt);
883 if (!dev)
884 return -ENOBUFS;
885 err = dev_set_allmulti(dev, 1);
886 if (err) {
887 unregister_netdevice(dev);
888 dev_put(dev);
889 return err;
890 }
891 break;
892#endif
893 case 0:
894 dev = dev_get_by_index(net, vifc->mif6c_pifi);
895 if (!dev)
896 return -EADDRNOTAVAIL;
897 err = dev_set_allmulti(dev, 1);
898 if (err) {
899 dev_put(dev);
900 return err;
901 }
902 break;
903 default:
904 return -EINVAL;
905 }
906
907 in6_dev = __in6_dev_get(dev);
908 if (in6_dev) {
909 in6_dev->cnf.mc_forwarding++;
910 inet6_netconf_notify_devconf(dev_net(dev), RTM_NEWNETCONF,
911 NETCONFA_MC_FORWARDING,
912 dev->ifindex, &in6_dev->cnf);
913 }
914
915 /* Fill in the VIF structures */
916 vif_device_init(v, dev, vifc->vifc_rate_limit, vifc->vifc_threshold,
917 vifc->mif6c_flags | (!mrtsock ? VIFF_STATIC : 0),
918 MIFF_REGISTER);
919
920 /* And finish update writing critical data */
921 write_lock_bh(&mrt_lock);
922 v->dev = dev;
923#ifdef CONFIG_IPV6_PIMSM_V2
924 if (v->flags & MIFF_REGISTER)
925 mrt->mroute_reg_vif_num = vifi;
926#endif
927 if (vifi + 1 > mrt->maxvif)
928 mrt->maxvif = vifi + 1;
929 write_unlock_bh(&mrt_lock);
930 call_ip6mr_vif_entry_notifiers(net, FIB_EVENT_VIF_ADD,
931 v, vifi, mrt->id);
932 return 0;
933}
934
935static struct mfc6_cache *ip6mr_cache_find(struct mr_table *mrt,
936 const struct in6_addr *origin,
937 const struct in6_addr *mcastgrp)
938{
939 struct mfc6_cache_cmp_arg arg = {
940 .mf6c_origin = *origin,
941 .mf6c_mcastgrp = *mcastgrp,
942 };
943
944 return mr_mfc_find(mrt, &arg);
945}
946
947/* Look for a (*,G) entry */
948static struct mfc6_cache *ip6mr_cache_find_any(struct mr_table *mrt,
949 struct in6_addr *mcastgrp,
950 mifi_t mifi)
951{
952 struct mfc6_cache_cmp_arg arg = {
953 .mf6c_origin = in6addr_any,
954 .mf6c_mcastgrp = *mcastgrp,
955 };
956
957 if (ipv6_addr_any(mcastgrp))
958 return mr_mfc_find_any_parent(mrt, mifi);
959 return mr_mfc_find_any(mrt, mifi, &arg);
960}
961
962/* Look for a (S,G,iif) entry if parent != -1 */
963static struct mfc6_cache *
964ip6mr_cache_find_parent(struct mr_table *mrt,
965 const struct in6_addr *origin,
966 const struct in6_addr *mcastgrp,
967 int parent)
968{
969 struct mfc6_cache_cmp_arg arg = {
970 .mf6c_origin = *origin,
971 .mf6c_mcastgrp = *mcastgrp,
972 };
973
974 return mr_mfc_find_parent(mrt, &arg, parent);
975}
976
977/* Allocate a multicast cache entry */
978static struct mfc6_cache *ip6mr_cache_alloc(void)
979{
980 struct mfc6_cache *c = kmem_cache_zalloc(mrt_cachep, GFP_KERNEL);
981 if (!c)
982 return NULL;
983 c->_c.mfc_un.res.last_assert = jiffies - MFC_ASSERT_THRESH - 1;
984 c->_c.mfc_un.res.minvif = MAXMIFS;
985 c->_c.free = ip6mr_cache_free_rcu;
986 refcount_set(&c->_c.mfc_un.res.refcount, 1);
987 return c;
988}
989
990static struct mfc6_cache *ip6mr_cache_alloc_unres(void)
991{
992 struct mfc6_cache *c = kmem_cache_zalloc(mrt_cachep, GFP_ATOMIC);
993 if (!c)
994 return NULL;
995 skb_queue_head_init(&c->_c.mfc_un.unres.unresolved);
996 c->_c.mfc_un.unres.expires = jiffies + 10 * HZ;
997 return c;
998}
999
1000/*
1001 * A cache entry has gone into a resolved state from queued
1002 */
1003
1004static void ip6mr_cache_resolve(struct net *net, struct mr_table *mrt,
1005 struct mfc6_cache *uc, struct mfc6_cache *c)
1006{
1007 struct sk_buff *skb;
1008
1009 /*
1010 * Play the pending entries through our router
1011 */
1012
1013 while ((skb = __skb_dequeue(&uc->_c.mfc_un.unres.unresolved))) {
1014 if (ipv6_hdr(skb)->version == 0) {
1015 struct nlmsghdr *nlh = skb_pull(skb,
1016 sizeof(struct ipv6hdr));
1017
1018 if (mr_fill_mroute(mrt, skb, &c->_c,
1019 nlmsg_data(nlh)) > 0) {
1020 nlh->nlmsg_len = skb_tail_pointer(skb) - (u8 *)nlh;
1021 } else {
1022 nlh->nlmsg_type = NLMSG_ERROR;
1023 nlh->nlmsg_len = nlmsg_msg_size(sizeof(struct nlmsgerr));
1024 skb_trim(skb, nlh->nlmsg_len);
1025 ((struct nlmsgerr *)nlmsg_data(nlh))->error = -EMSGSIZE;
1026 }
1027 rtnl_unicast(skb, net, NETLINK_CB(skb).portid);
1028 } else
1029 ip6_mr_forward(net, mrt, skb->dev, skb, c);
1030 }
1031}
1032
1033/*
1034 * Bounce a cache query up to pim6sd and netlink.
1035 *
1036 * Called under mrt_lock.
1037 */
1038
1039static int ip6mr_cache_report(struct mr_table *mrt, struct sk_buff *pkt,
1040 mifi_t mifi, int assert)
1041{
1042 struct sock *mroute6_sk;
1043 struct sk_buff *skb;
1044 struct mrt6msg *msg;
1045 int ret;
1046
1047#ifdef CONFIG_IPV6_PIMSM_V2
1048 if (assert == MRT6MSG_WHOLEPKT)
1049 skb = skb_realloc_headroom(pkt, -skb_network_offset(pkt)
1050 +sizeof(*msg));
1051 else
1052#endif
1053 skb = alloc_skb(sizeof(struct ipv6hdr) + sizeof(*msg), GFP_ATOMIC);
1054
1055 if (!skb)
1056 return -ENOBUFS;
1057
1058 /* I suppose that internal messages
1059 * do not require checksums */
1060
1061 skb->ip_summed = CHECKSUM_UNNECESSARY;
1062
1063#ifdef CONFIG_IPV6_PIMSM_V2
1064 if (assert == MRT6MSG_WHOLEPKT) {
1065 /* Ugly, but we have no choice with this interface.
1066 Duplicate old header, fix length etc.
1067 And all this only to mangle msg->im6_msgtype and
1068 to set msg->im6_mbz to "mbz" :-)
1069 */
1070 skb_push(skb, -skb_network_offset(pkt));
1071
1072 skb_push(skb, sizeof(*msg));
1073 skb_reset_transport_header(skb);
1074 msg = (struct mrt6msg *)skb_transport_header(skb);
1075 msg->im6_mbz = 0;
1076 msg->im6_msgtype = MRT6MSG_WHOLEPKT;
1077 msg->im6_mif = mrt->mroute_reg_vif_num;
1078 msg->im6_pad = 0;
1079 msg->im6_src = ipv6_hdr(pkt)->saddr;
1080 msg->im6_dst = ipv6_hdr(pkt)->daddr;
1081
1082 skb->ip_summed = CHECKSUM_UNNECESSARY;
1083 } else
1084#endif
1085 {
1086 /*
1087 * Copy the IP header
1088 */
1089
1090 skb_put(skb, sizeof(struct ipv6hdr));
1091 skb_reset_network_header(skb);
1092 skb_copy_to_linear_data(skb, ipv6_hdr(pkt), sizeof(struct ipv6hdr));
1093
1094 /*
1095 * Add our header
1096 */
1097 skb_put(skb, sizeof(*msg));
1098 skb_reset_transport_header(skb);
1099 msg = (struct mrt6msg *)skb_transport_header(skb);
1100
1101 msg->im6_mbz = 0;
1102 msg->im6_msgtype = assert;
1103 msg->im6_mif = mifi;
1104 msg->im6_pad = 0;
1105 msg->im6_src = ipv6_hdr(pkt)->saddr;
1106 msg->im6_dst = ipv6_hdr(pkt)->daddr;
1107
1108 skb_dst_set(skb, dst_clone(skb_dst(pkt)));
1109 skb->ip_summed = CHECKSUM_UNNECESSARY;
1110 }
1111
1112 rcu_read_lock();
1113 mroute6_sk = rcu_dereference(mrt->mroute_sk);
1114 if (!mroute6_sk) {
1115 rcu_read_unlock();
1116 kfree_skb(skb);
1117 return -EINVAL;
1118 }
1119
1120 mrt6msg_netlink_event(mrt, skb);
1121
1122 /* Deliver to user space multicast routing algorithms */
1123 ret = sock_queue_rcv_skb(mroute6_sk, skb);
1124 rcu_read_unlock();
1125 if (ret < 0) {
1126 net_warn_ratelimited("mroute6: pending queue full, dropping entries\n");
1127 kfree_skb(skb);
1128 }
1129
1130 return ret;
1131}
1132
1133/* Queue a packet for resolution. It gets locked cache entry! */
1134static int ip6mr_cache_unresolved(struct mr_table *mrt, mifi_t mifi,
1135 struct sk_buff *skb, struct net_device *dev)
1136{
1137 struct mfc6_cache *c;
1138 bool found = false;
1139 int err;
1140
1141 spin_lock_bh(&mfc_unres_lock);
1142 list_for_each_entry(c, &mrt->mfc_unres_queue, _c.list) {
1143 if (ipv6_addr_equal(&c->mf6c_mcastgrp, &ipv6_hdr(skb)->daddr) &&
1144 ipv6_addr_equal(&c->mf6c_origin, &ipv6_hdr(skb)->saddr)) {
1145 found = true;
1146 break;
1147 }
1148 }
1149
1150 if (!found) {
1151 /*
1152 * Create a new entry if allowable
1153 */
1154
1155 c = ip6mr_cache_alloc_unres();
1156 if (!c) {
1157 spin_unlock_bh(&mfc_unres_lock);
1158
1159 kfree_skb(skb);
1160 return -ENOBUFS;
1161 }
1162
1163 /* Fill in the new cache entry */
1164 c->_c.mfc_parent = -1;
1165 c->mf6c_origin = ipv6_hdr(skb)->saddr;
1166 c->mf6c_mcastgrp = ipv6_hdr(skb)->daddr;
1167
1168 /*
1169 * Reflect first query at pim6sd
1170 */
1171 err = ip6mr_cache_report(mrt, skb, mifi, MRT6MSG_NOCACHE);
1172 if (err < 0) {
1173 /* If the report failed throw the cache entry
1174 out - Brad Parker
1175 */
1176 spin_unlock_bh(&mfc_unres_lock);
1177
1178 ip6mr_cache_free(c);
1179 kfree_skb(skb);
1180 return err;
1181 }
1182
1183 atomic_inc(&mrt->cache_resolve_queue_len);
1184 list_add(&c->_c.list, &mrt->mfc_unres_queue);
1185 mr6_netlink_event(mrt, c, RTM_NEWROUTE);
1186
1187 ipmr_do_expire_process(mrt);
1188 }
1189
1190 /* See if we can append the packet */
1191 if (c->_c.mfc_un.unres.unresolved.qlen > 3) {
1192 kfree_skb(skb);
1193 err = -ENOBUFS;
1194 } else {
1195 if (dev) {
1196 skb->dev = dev;
1197 skb->skb_iif = dev->ifindex;
1198 }
1199 skb_queue_tail(&c->_c.mfc_un.unres.unresolved, skb);
1200 err = 0;
1201 }
1202
1203 spin_unlock_bh(&mfc_unres_lock);
1204 return err;
1205}
1206
1207/*
1208 * MFC6 cache manipulation by user space
1209 */
1210
1211static int ip6mr_mfc_delete(struct mr_table *mrt, struct mf6cctl *mfc,
1212 int parent)
1213{
1214 struct mfc6_cache *c;
1215
1216 /* The entries are added/deleted only under RTNL */
1217 rcu_read_lock();
1218 c = ip6mr_cache_find_parent(mrt, &mfc->mf6cc_origin.sin6_addr,
1219 &mfc->mf6cc_mcastgrp.sin6_addr, parent);
1220 rcu_read_unlock();
1221 if (!c)
1222 return -ENOENT;
1223 rhltable_remove(&mrt->mfc_hash, &c->_c.mnode, ip6mr_rht_params);
1224 list_del_rcu(&c->_c.list);
1225
1226 call_ip6mr_mfc_entry_notifiers(read_pnet(&mrt->net),
1227 FIB_EVENT_ENTRY_DEL, c, mrt->id);
1228 mr6_netlink_event(mrt, c, RTM_DELROUTE);
1229 mr_cache_put(&c->_c);
1230 return 0;
1231}
1232
1233static int ip6mr_device_event(struct notifier_block *this,
1234 unsigned long event, void *ptr)
1235{
1236 struct net_device *dev = netdev_notifier_info_to_dev(ptr);
1237 struct net *net = dev_net(dev);
1238 struct mr_table *mrt;
1239 struct vif_device *v;
1240 int ct;
1241
1242 if (event != NETDEV_UNREGISTER)
1243 return NOTIFY_DONE;
1244
1245 ip6mr_for_each_table(mrt, net) {
1246 v = &mrt->vif_table[0];
1247 for (ct = 0; ct < mrt->maxvif; ct++, v++) {
1248 if (v->dev == dev)
1249 mif6_delete(mrt, ct, 1, NULL);
1250 }
1251 }
1252
1253 return NOTIFY_DONE;
1254}
1255
1256static unsigned int ip6mr_seq_read(struct net *net)
1257{
1258 ASSERT_RTNL();
1259
1260 return net->ipv6.ipmr_seq + ip6mr_rules_seq_read(net);
1261}
1262
1263static int ip6mr_dump(struct net *net, struct notifier_block *nb,
1264 struct netlink_ext_ack *extack)
1265{
1266 return mr_dump(net, nb, RTNL_FAMILY_IP6MR, ip6mr_rules_dump,
1267 ip6mr_mr_table_iter, &mrt_lock, extack);
1268}
1269
1270static struct notifier_block ip6_mr_notifier = {
1271 .notifier_call = ip6mr_device_event
1272};
1273
1274static const struct fib_notifier_ops ip6mr_notifier_ops_template = {
1275 .family = RTNL_FAMILY_IP6MR,
1276 .fib_seq_read = ip6mr_seq_read,
1277 .fib_dump = ip6mr_dump,
1278 .owner = THIS_MODULE,
1279};
1280
1281static int __net_init ip6mr_notifier_init(struct net *net)
1282{
1283 struct fib_notifier_ops *ops;
1284
1285 net->ipv6.ipmr_seq = 0;
1286
1287 ops = fib_notifier_ops_register(&ip6mr_notifier_ops_template, net);
1288 if (IS_ERR(ops))
1289 return PTR_ERR(ops);
1290
1291 net->ipv6.ip6mr_notifier_ops = ops;
1292
1293 return 0;
1294}
1295
1296static void __net_exit ip6mr_notifier_exit(struct net *net)
1297{
1298 fib_notifier_ops_unregister(net->ipv6.ip6mr_notifier_ops);
1299 net->ipv6.ip6mr_notifier_ops = NULL;
1300}
1301
1302/* Setup for IP multicast routing */
1303static int __net_init ip6mr_net_init(struct net *net)
1304{
1305 int err;
1306
1307 err = ip6mr_notifier_init(net);
1308 if (err)
1309 return err;
1310
1311 err = ip6mr_rules_init(net);
1312 if (err < 0)
1313 goto ip6mr_rules_fail;
1314
1315#ifdef CONFIG_PROC_FS
1316 err = -ENOMEM;
1317 if (!proc_create_net("ip6_mr_vif", 0, net->proc_net, &ip6mr_vif_seq_ops,
1318 sizeof(struct mr_vif_iter)))
1319 goto proc_vif_fail;
1320 if (!proc_create_net("ip6_mr_cache", 0, net->proc_net, &ipmr_mfc_seq_ops,
1321 sizeof(struct mr_mfc_iter)))
1322 goto proc_cache_fail;
1323#endif
1324
1325 return 0;
1326
1327#ifdef CONFIG_PROC_FS
1328proc_cache_fail:
1329 remove_proc_entry("ip6_mr_vif", net->proc_net);
1330proc_vif_fail:
1331 ip6mr_rules_exit(net);
1332#endif
1333ip6mr_rules_fail:
1334 ip6mr_notifier_exit(net);
1335 return err;
1336}
1337
1338static void __net_exit ip6mr_net_exit(struct net *net)
1339{
1340#ifdef CONFIG_PROC_FS
1341 remove_proc_entry("ip6_mr_cache", net->proc_net);
1342 remove_proc_entry("ip6_mr_vif", net->proc_net);
1343#endif
1344 ip6mr_rules_exit(net);
1345 ip6mr_notifier_exit(net);
1346}
1347
1348static struct pernet_operations ip6mr_net_ops = {
1349 .init = ip6mr_net_init,
1350 .exit = ip6mr_net_exit,
1351};
1352
1353int __init ip6_mr_init(void)
1354{
1355 int err;
1356
1357 mrt_cachep = kmem_cache_create("ip6_mrt_cache",
1358 sizeof(struct mfc6_cache),
1359 0, SLAB_HWCACHE_ALIGN,
1360 NULL);
1361 if (!mrt_cachep)
1362 return -ENOMEM;
1363
1364 err = register_pernet_subsys(&ip6mr_net_ops);
1365 if (err)
1366 goto reg_pernet_fail;
1367
1368 err = register_netdevice_notifier(&ip6_mr_notifier);
1369 if (err)
1370 goto reg_notif_fail;
1371#ifdef CONFIG_IPV6_PIMSM_V2
1372 if (inet6_add_protocol(&pim6_protocol, IPPROTO_PIM) < 0) {
1373 pr_err("%s: can't add PIM protocol\n", __func__);
1374 err = -EAGAIN;
1375 goto add_proto_fail;
1376 }
1377#endif
1378 err = rtnl_register_module(THIS_MODULE, RTNL_FAMILY_IP6MR, RTM_GETROUTE,
1379 NULL, ip6mr_rtm_dumproute, 0);
1380 if (err == 0)
1381 return 0;
1382
1383#ifdef CONFIG_IPV6_PIMSM_V2
1384 inet6_del_protocol(&pim6_protocol, IPPROTO_PIM);
1385add_proto_fail:
1386 unregister_netdevice_notifier(&ip6_mr_notifier);
1387#endif
1388reg_notif_fail:
1389 unregister_pernet_subsys(&ip6mr_net_ops);
1390reg_pernet_fail:
1391 kmem_cache_destroy(mrt_cachep);
1392 return err;
1393}
1394
1395void ip6_mr_cleanup(void)
1396{
1397 rtnl_unregister(RTNL_FAMILY_IP6MR, RTM_GETROUTE);
1398#ifdef CONFIG_IPV6_PIMSM_V2
1399 inet6_del_protocol(&pim6_protocol, IPPROTO_PIM);
1400#endif
1401 unregister_netdevice_notifier(&ip6_mr_notifier);
1402 unregister_pernet_subsys(&ip6mr_net_ops);
1403 kmem_cache_destroy(mrt_cachep);
1404}
1405
1406static int ip6mr_mfc_add(struct net *net, struct mr_table *mrt,
1407 struct mf6cctl *mfc, int mrtsock, int parent)
1408{
1409 unsigned char ttls[MAXMIFS];
1410 struct mfc6_cache *uc, *c;
1411 struct mr_mfc *_uc;
1412 bool found;
1413 int i, err;
1414
1415 if (mfc->mf6cc_parent >= MAXMIFS)
1416 return -ENFILE;
1417
1418 memset(ttls, 255, MAXMIFS);
1419 for (i = 0; i < MAXMIFS; i++) {
1420 if (IF_ISSET(i, &mfc->mf6cc_ifset))
1421 ttls[i] = 1;
1422 }
1423
1424 /* The entries are added/deleted only under RTNL */
1425 rcu_read_lock();
1426 c = ip6mr_cache_find_parent(mrt, &mfc->mf6cc_origin.sin6_addr,
1427 &mfc->mf6cc_mcastgrp.sin6_addr, parent);
1428 rcu_read_unlock();
1429 if (c) {
1430 write_lock_bh(&mrt_lock);
1431 c->_c.mfc_parent = mfc->mf6cc_parent;
1432 ip6mr_update_thresholds(mrt, &c->_c, ttls);
1433 if (!mrtsock)
1434 c->_c.mfc_flags |= MFC_STATIC;
1435 write_unlock_bh(&mrt_lock);
1436 call_ip6mr_mfc_entry_notifiers(net, FIB_EVENT_ENTRY_REPLACE,
1437 c, mrt->id);
1438 mr6_netlink_event(mrt, c, RTM_NEWROUTE);
1439 return 0;
1440 }
1441
1442 if (!ipv6_addr_any(&mfc->mf6cc_mcastgrp.sin6_addr) &&
1443 !ipv6_addr_is_multicast(&mfc->mf6cc_mcastgrp.sin6_addr))
1444 return -EINVAL;
1445
1446 c = ip6mr_cache_alloc();
1447 if (!c)
1448 return -ENOMEM;
1449
1450 c->mf6c_origin = mfc->mf6cc_origin.sin6_addr;
1451 c->mf6c_mcastgrp = mfc->mf6cc_mcastgrp.sin6_addr;
1452 c->_c.mfc_parent = mfc->mf6cc_parent;
1453 ip6mr_update_thresholds(mrt, &c->_c, ttls);
1454 if (!mrtsock)
1455 c->_c.mfc_flags |= MFC_STATIC;
1456
1457 err = rhltable_insert_key(&mrt->mfc_hash, &c->cmparg, &c->_c.mnode,
1458 ip6mr_rht_params);
1459 if (err) {
1460 pr_err("ip6mr: rhtable insert error %d\n", err);
1461 ip6mr_cache_free(c);
1462 return err;
1463 }
1464 list_add_tail_rcu(&c->_c.list, &mrt->mfc_cache_list);
1465
1466 /* Check to see if we resolved a queued list. If so we
1467 * need to send on the frames and tidy up.
1468 */
1469 found = false;
1470 spin_lock_bh(&mfc_unres_lock);
1471 list_for_each_entry(_uc, &mrt->mfc_unres_queue, list) {
1472 uc = (struct mfc6_cache *)_uc;
1473 if (ipv6_addr_equal(&uc->mf6c_origin, &c->mf6c_origin) &&
1474 ipv6_addr_equal(&uc->mf6c_mcastgrp, &c->mf6c_mcastgrp)) {
1475 list_del(&_uc->list);
1476 atomic_dec(&mrt->cache_resolve_queue_len);
1477 found = true;
1478 break;
1479 }
1480 }
1481 if (list_empty(&mrt->mfc_unres_queue))
1482 del_timer(&mrt->ipmr_expire_timer);
1483 spin_unlock_bh(&mfc_unres_lock);
1484
1485 if (found) {
1486 ip6mr_cache_resolve(net, mrt, uc, c);
1487 ip6mr_cache_free(uc);
1488 }
1489 call_ip6mr_mfc_entry_notifiers(net, FIB_EVENT_ENTRY_ADD,
1490 c, mrt->id);
1491 mr6_netlink_event(mrt, c, RTM_NEWROUTE);
1492 return 0;
1493}
1494
1495/*
1496 * Close the multicast socket, and clear the vif tables etc
1497 */
1498
1499static void mroute_clean_tables(struct mr_table *mrt, int flags)
1500{
1501 struct mr_mfc *c, *tmp;
1502 LIST_HEAD(list);
1503 int i;
1504
1505 /* Shut down all active vif entries */
1506 if (flags & (MRT6_FLUSH_MIFS | MRT6_FLUSH_MIFS_STATIC)) {
1507 for (i = 0; i < mrt->maxvif; i++) {
1508 if (((mrt->vif_table[i].flags & VIFF_STATIC) &&
1509 !(flags & MRT6_FLUSH_MIFS_STATIC)) ||
1510 (!(mrt->vif_table[i].flags & VIFF_STATIC) && !(flags & MRT6_FLUSH_MIFS)))
1511 continue;
1512 mif6_delete(mrt, i, 0, &list);
1513 }
1514 unregister_netdevice_many(&list);
1515 }
1516
1517 /* Wipe the cache */
1518 if (flags & (MRT6_FLUSH_MFC | MRT6_FLUSH_MFC_STATIC)) {
1519 list_for_each_entry_safe(c, tmp, &mrt->mfc_cache_list, list) {
1520 if (((c->mfc_flags & MFC_STATIC) && !(flags & MRT6_FLUSH_MFC_STATIC)) ||
1521 (!(c->mfc_flags & MFC_STATIC) && !(flags & MRT6_FLUSH_MFC)))
1522 continue;
1523 rhltable_remove(&mrt->mfc_hash, &c->mnode, ip6mr_rht_params);
1524 list_del_rcu(&c->list);
1525 call_ip6mr_mfc_entry_notifiers(read_pnet(&mrt->net),
1526 FIB_EVENT_ENTRY_DEL,
1527 (struct mfc6_cache *)c, mrt->id);
1528 mr6_netlink_event(mrt, (struct mfc6_cache *)c, RTM_DELROUTE);
1529 mr_cache_put(c);
1530 }
1531 }
1532
1533 if (flags & MRT6_FLUSH_MFC) {
1534 if (atomic_read(&mrt->cache_resolve_queue_len) != 0) {
1535 spin_lock_bh(&mfc_unres_lock);
1536 list_for_each_entry_safe(c, tmp, &mrt->mfc_unres_queue, list) {
1537 list_del(&c->list);
1538 mr6_netlink_event(mrt, (struct mfc6_cache *)c,
1539 RTM_DELROUTE);
1540 ip6mr_destroy_unres(mrt, (struct mfc6_cache *)c);
1541 }
1542 spin_unlock_bh(&mfc_unres_lock);
1543 }
1544 }
1545}
1546
1547static int ip6mr_sk_init(struct mr_table *mrt, struct sock *sk)
1548{
1549 int err = 0;
1550 struct net *net = sock_net(sk);
1551
1552 rtnl_lock();
1553 write_lock_bh(&mrt_lock);
1554 if (rtnl_dereference(mrt->mroute_sk)) {
1555 err = -EADDRINUSE;
1556 } else {
1557 rcu_assign_pointer(mrt->mroute_sk, sk);
1558 sock_set_flag(sk, SOCK_RCU_FREE);
1559 net->ipv6.devconf_all->mc_forwarding++;
1560 }
1561 write_unlock_bh(&mrt_lock);
1562
1563 if (!err)
1564 inet6_netconf_notify_devconf(net, RTM_NEWNETCONF,
1565 NETCONFA_MC_FORWARDING,
1566 NETCONFA_IFINDEX_ALL,
1567 net->ipv6.devconf_all);
1568 rtnl_unlock();
1569
1570 return err;
1571}
1572
1573int ip6mr_sk_done(struct sock *sk)
1574{
1575 int err = -EACCES;
1576 struct net *net = sock_net(sk);
1577 struct mr_table *mrt;
1578
1579 if (sk->sk_type != SOCK_RAW ||
1580 inet_sk(sk)->inet_num != IPPROTO_ICMPV6)
1581 return err;
1582
1583 rtnl_lock();
1584 ip6mr_for_each_table(mrt, net) {
1585 if (sk == rtnl_dereference(mrt->mroute_sk)) {
1586 write_lock_bh(&mrt_lock);
1587 RCU_INIT_POINTER(mrt->mroute_sk, NULL);
1588 /* Note that mroute_sk had SOCK_RCU_FREE set,
1589 * so the RCU grace period before sk freeing
1590 * is guaranteed by sk_destruct()
1591 */
1592 net->ipv6.devconf_all->mc_forwarding--;
1593 write_unlock_bh(&mrt_lock);
1594 inet6_netconf_notify_devconf(net, RTM_NEWNETCONF,
1595 NETCONFA_MC_FORWARDING,
1596 NETCONFA_IFINDEX_ALL,
1597 net->ipv6.devconf_all);
1598
1599 mroute_clean_tables(mrt, MRT6_FLUSH_MIFS | MRT6_FLUSH_MFC);
1600 err = 0;
1601 break;
1602 }
1603 }
1604 rtnl_unlock();
1605
1606 return err;
1607}
1608
1609bool mroute6_is_socket(struct net *net, struct sk_buff *skb)
1610{
1611 struct mr_table *mrt;
1612 struct flowi6 fl6 = {
1613 .flowi6_iif = skb->skb_iif ? : LOOPBACK_IFINDEX,
1614 .flowi6_oif = skb->dev->ifindex,
1615 .flowi6_mark = skb->mark,
1616 };
1617
1618 if (ip6mr_fib_lookup(net, &fl6, &mrt) < 0)
1619 return NULL;
1620
1621 return rcu_access_pointer(mrt->mroute_sk);
1622}
1623EXPORT_SYMBOL(mroute6_is_socket);
1624
1625/*
1626 * Socket options and virtual interface manipulation. The whole
1627 * virtual interface system is a complete heap, but unfortunately
1628 * that's how BSD mrouted happens to think. Maybe one day with a proper
1629 * MOSPF/PIM router set up we can clean this up.
1630 */
1631
1632int ip6_mroute_setsockopt(struct sock *sk, int optname, sockptr_t optval,
1633 unsigned int optlen)
1634{
1635 int ret, parent = 0;
1636 struct mif6ctl vif;
1637 struct mf6cctl mfc;
1638 mifi_t mifi;
1639 struct net *net = sock_net(sk);
1640 struct mr_table *mrt;
1641
1642 if (sk->sk_type != SOCK_RAW ||
1643 inet_sk(sk)->inet_num != IPPROTO_ICMPV6)
1644 return -EOPNOTSUPP;
1645
1646 mrt = ip6mr_get_table(net, raw6_sk(sk)->ip6mr_table ? : RT6_TABLE_DFLT);
1647 if (!mrt)
1648 return -ENOENT;
1649
1650 if (optname != MRT6_INIT) {
1651 if (sk != rcu_access_pointer(mrt->mroute_sk) &&
1652 !ns_capable(net->user_ns, CAP_NET_ADMIN))
1653 return -EACCES;
1654 }
1655
1656 switch (optname) {
1657 case MRT6_INIT:
1658 if (optlen < sizeof(int))
1659 return -EINVAL;
1660
1661 return ip6mr_sk_init(mrt, sk);
1662
1663 case MRT6_DONE:
1664 return ip6mr_sk_done(sk);
1665
1666 case MRT6_ADD_MIF:
1667 if (optlen < sizeof(vif))
1668 return -EINVAL;
1669 if (copy_from_sockptr(&vif, optval, sizeof(vif)))
1670 return -EFAULT;
1671 if (vif.mif6c_mifi >= MAXMIFS)
1672 return -ENFILE;
1673 rtnl_lock();
1674 ret = mif6_add(net, mrt, &vif,
1675 sk == rtnl_dereference(mrt->mroute_sk));
1676 rtnl_unlock();
1677 return ret;
1678
1679 case MRT6_DEL_MIF:
1680 if (optlen < sizeof(mifi_t))
1681 return -EINVAL;
1682 if (copy_from_sockptr(&mifi, optval, sizeof(mifi_t)))
1683 return -EFAULT;
1684 rtnl_lock();
1685 ret = mif6_delete(mrt, mifi, 0, NULL);
1686 rtnl_unlock();
1687 return ret;
1688
1689 /*
1690 * Manipulate the forwarding caches. These live
1691 * in a sort of kernel/user symbiosis.
1692 */
1693 case MRT6_ADD_MFC:
1694 case MRT6_DEL_MFC:
1695 parent = -1;
1696 fallthrough;
1697 case MRT6_ADD_MFC_PROXY:
1698 case MRT6_DEL_MFC_PROXY:
1699 if (optlen < sizeof(mfc))
1700 return -EINVAL;
1701 if (copy_from_sockptr(&mfc, optval, sizeof(mfc)))
1702 return -EFAULT;
1703 if (parent == 0)
1704 parent = mfc.mf6cc_parent;
1705 rtnl_lock();
1706 if (optname == MRT6_DEL_MFC || optname == MRT6_DEL_MFC_PROXY)
1707 ret = ip6mr_mfc_delete(mrt, &mfc, parent);
1708 else
1709 ret = ip6mr_mfc_add(net, mrt, &mfc,
1710 sk ==
1711 rtnl_dereference(mrt->mroute_sk),
1712 parent);
1713 rtnl_unlock();
1714 return ret;
1715
1716 case MRT6_FLUSH:
1717 {
1718 int flags;
1719
1720 if (optlen != sizeof(flags))
1721 return -EINVAL;
1722 if (copy_from_sockptr(&flags, optval, sizeof(flags)))
1723 return -EFAULT;
1724 rtnl_lock();
1725 mroute_clean_tables(mrt, flags);
1726 rtnl_unlock();
1727 return 0;
1728 }
1729
1730 /*
1731 * Control PIM assert (to activate pim will activate assert)
1732 */
1733 case MRT6_ASSERT:
1734 {
1735 int v;
1736
1737 if (optlen != sizeof(v))
1738 return -EINVAL;
1739 if (copy_from_sockptr(&v, optval, sizeof(v)))
1740 return -EFAULT;
1741 mrt->mroute_do_assert = v;
1742 return 0;
1743 }
1744
1745#ifdef CONFIG_IPV6_PIMSM_V2
1746 case MRT6_PIM:
1747 {
1748 int v;
1749
1750 if (optlen != sizeof(v))
1751 return -EINVAL;
1752 if (copy_from_sockptr(&v, optval, sizeof(v)))
1753 return -EFAULT;
1754 v = !!v;
1755 rtnl_lock();
1756 ret = 0;
1757 if (v != mrt->mroute_do_pim) {
1758 mrt->mroute_do_pim = v;
1759 mrt->mroute_do_assert = v;
1760 }
1761 rtnl_unlock();
1762 return ret;
1763 }
1764
1765#endif
1766#ifdef CONFIG_IPV6_MROUTE_MULTIPLE_TABLES
1767 case MRT6_TABLE:
1768 {
1769 u32 v;
1770
1771 if (optlen != sizeof(u32))
1772 return -EINVAL;
1773 if (copy_from_sockptr(&v, optval, sizeof(v)))
1774 return -EFAULT;
1775 /* "pim6reg%u" should not exceed 16 bytes (IFNAMSIZ) */
1776 if (v != RT_TABLE_DEFAULT && v >= 100000000)
1777 return -EINVAL;
1778 if (sk == rcu_access_pointer(mrt->mroute_sk))
1779 return -EBUSY;
1780
1781 rtnl_lock();
1782 ret = 0;
1783 mrt = ip6mr_new_table(net, v);
1784 if (IS_ERR(mrt))
1785 ret = PTR_ERR(mrt);
1786 else
1787 raw6_sk(sk)->ip6mr_table = v;
1788 rtnl_unlock();
1789 return ret;
1790 }
1791#endif
1792 /*
1793 * Spurious command, or MRT6_VERSION which you cannot
1794 * set.
1795 */
1796 default:
1797 return -ENOPROTOOPT;
1798 }
1799}
1800
1801/*
1802 * Getsock opt support for the multicast routing system.
1803 */
1804
1805int ip6_mroute_getsockopt(struct sock *sk, int optname, char __user *optval,
1806 int __user *optlen)
1807{
1808 int olr;
1809 int val;
1810 struct net *net = sock_net(sk);
1811 struct mr_table *mrt;
1812
1813 if (sk->sk_type != SOCK_RAW ||
1814 inet_sk(sk)->inet_num != IPPROTO_ICMPV6)
1815 return -EOPNOTSUPP;
1816
1817 mrt = ip6mr_get_table(net, raw6_sk(sk)->ip6mr_table ? : RT6_TABLE_DFLT);
1818 if (!mrt)
1819 return -ENOENT;
1820
1821 switch (optname) {
1822 case MRT6_VERSION:
1823 val = 0x0305;
1824 break;
1825#ifdef CONFIG_IPV6_PIMSM_V2
1826 case MRT6_PIM:
1827 val = mrt->mroute_do_pim;
1828 break;
1829#endif
1830 case MRT6_ASSERT:
1831 val = mrt->mroute_do_assert;
1832 break;
1833 default:
1834 return -ENOPROTOOPT;
1835 }
1836
1837 if (get_user(olr, optlen))
1838 return -EFAULT;
1839
1840 olr = min_t(int, olr, sizeof(int));
1841 if (olr < 0)
1842 return -EINVAL;
1843
1844 if (put_user(olr, optlen))
1845 return -EFAULT;
1846 if (copy_to_user(optval, &val, olr))
1847 return -EFAULT;
1848 return 0;
1849}
1850
1851/*
1852 * The IP multicast ioctl support routines.
1853 */
1854
1855int ip6mr_ioctl(struct sock *sk, int cmd, void __user *arg)
1856{
1857 struct sioc_sg_req6 sr;
1858 struct sioc_mif_req6 vr;
1859 struct vif_device *vif;
1860 struct mfc6_cache *c;
1861 struct net *net = sock_net(sk);
1862 struct mr_table *mrt;
1863
1864 mrt = ip6mr_get_table(net, raw6_sk(sk)->ip6mr_table ? : RT6_TABLE_DFLT);
1865 if (!mrt)
1866 return -ENOENT;
1867
1868 switch (cmd) {
1869 case SIOCGETMIFCNT_IN6:
1870 if (copy_from_user(&vr, arg, sizeof(vr)))
1871 return -EFAULT;
1872 if (vr.mifi >= mrt->maxvif)
1873 return -EINVAL;
1874 vr.mifi = array_index_nospec(vr.mifi, mrt->maxvif);
1875 read_lock(&mrt_lock);
1876 vif = &mrt->vif_table[vr.mifi];
1877 if (VIF_EXISTS(mrt, vr.mifi)) {
1878 vr.icount = vif->pkt_in;
1879 vr.ocount = vif->pkt_out;
1880 vr.ibytes = vif->bytes_in;
1881 vr.obytes = vif->bytes_out;
1882 read_unlock(&mrt_lock);
1883
1884 if (copy_to_user(arg, &vr, sizeof(vr)))
1885 return -EFAULT;
1886 return 0;
1887 }
1888 read_unlock(&mrt_lock);
1889 return -EADDRNOTAVAIL;
1890 case SIOCGETSGCNT_IN6:
1891 if (copy_from_user(&sr, arg, sizeof(sr)))
1892 return -EFAULT;
1893
1894 rcu_read_lock();
1895 c = ip6mr_cache_find(mrt, &sr.src.sin6_addr, &sr.grp.sin6_addr);
1896 if (c) {
1897 sr.pktcnt = c->_c.mfc_un.res.pkt;
1898 sr.bytecnt = c->_c.mfc_un.res.bytes;
1899 sr.wrong_if = c->_c.mfc_un.res.wrong_if;
1900 rcu_read_unlock();
1901
1902 if (copy_to_user(arg, &sr, sizeof(sr)))
1903 return -EFAULT;
1904 return 0;
1905 }
1906 rcu_read_unlock();
1907 return -EADDRNOTAVAIL;
1908 default:
1909 return -ENOIOCTLCMD;
1910 }
1911}
1912
1913#ifdef CONFIG_COMPAT
1914struct compat_sioc_sg_req6 {
1915 struct sockaddr_in6 src;
1916 struct sockaddr_in6 grp;
1917 compat_ulong_t pktcnt;
1918 compat_ulong_t bytecnt;
1919 compat_ulong_t wrong_if;
1920};
1921
1922struct compat_sioc_mif_req6 {
1923 mifi_t mifi;
1924 compat_ulong_t icount;
1925 compat_ulong_t ocount;
1926 compat_ulong_t ibytes;
1927 compat_ulong_t obytes;
1928};
1929
1930int ip6mr_compat_ioctl(struct sock *sk, unsigned int cmd, void __user *arg)
1931{
1932 struct compat_sioc_sg_req6 sr;
1933 struct compat_sioc_mif_req6 vr;
1934 struct vif_device *vif;
1935 struct mfc6_cache *c;
1936 struct net *net = sock_net(sk);
1937 struct mr_table *mrt;
1938
1939 mrt = ip6mr_get_table(net, raw6_sk(sk)->ip6mr_table ? : RT6_TABLE_DFLT);
1940 if (!mrt)
1941 return -ENOENT;
1942
1943 switch (cmd) {
1944 case SIOCGETMIFCNT_IN6:
1945 if (copy_from_user(&vr, arg, sizeof(vr)))
1946 return -EFAULT;
1947 if (vr.mifi >= mrt->maxvif)
1948 return -EINVAL;
1949 vr.mifi = array_index_nospec(vr.mifi, mrt->maxvif);
1950 read_lock(&mrt_lock);
1951 vif = &mrt->vif_table[vr.mifi];
1952 if (VIF_EXISTS(mrt, vr.mifi)) {
1953 vr.icount = vif->pkt_in;
1954 vr.ocount = vif->pkt_out;
1955 vr.ibytes = vif->bytes_in;
1956 vr.obytes = vif->bytes_out;
1957 read_unlock(&mrt_lock);
1958
1959 if (copy_to_user(arg, &vr, sizeof(vr)))
1960 return -EFAULT;
1961 return 0;
1962 }
1963 read_unlock(&mrt_lock);
1964 return -EADDRNOTAVAIL;
1965 case SIOCGETSGCNT_IN6:
1966 if (copy_from_user(&sr, arg, sizeof(sr)))
1967 return -EFAULT;
1968
1969 rcu_read_lock();
1970 c = ip6mr_cache_find(mrt, &sr.src.sin6_addr, &sr.grp.sin6_addr);
1971 if (c) {
1972 sr.pktcnt = c->_c.mfc_un.res.pkt;
1973 sr.bytecnt = c->_c.mfc_un.res.bytes;
1974 sr.wrong_if = c->_c.mfc_un.res.wrong_if;
1975 rcu_read_unlock();
1976
1977 if (copy_to_user(arg, &sr, sizeof(sr)))
1978 return -EFAULT;
1979 return 0;
1980 }
1981 rcu_read_unlock();
1982 return -EADDRNOTAVAIL;
1983 default:
1984 return -ENOIOCTLCMD;
1985 }
1986}
1987#endif
1988
1989static inline int ip6mr_forward2_finish(struct net *net, struct sock *sk, struct sk_buff *skb)
1990{
1991 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
1992 IPSTATS_MIB_OUTFORWDATAGRAMS);
1993 IP6_ADD_STATS(net, ip6_dst_idev(skb_dst(skb)),
1994 IPSTATS_MIB_OUTOCTETS, skb->len);
1995 return dst_output(net, sk, skb);
1996}
1997
1998/*
1999 * Processing handlers for ip6mr_forward
2000 */
2001
2002static int ip6mr_forward2(struct net *net, struct mr_table *mrt,
2003 struct sk_buff *skb, int vifi)
2004{
2005 struct ipv6hdr *ipv6h;
2006 struct vif_device *vif = &mrt->vif_table[vifi];
2007 struct net_device *dev;
2008 struct dst_entry *dst;
2009 struct flowi6 fl6;
2010
2011 if (!vif->dev)
2012 goto out_free;
2013
2014#ifdef CONFIG_IPV6_PIMSM_V2
2015 if (vif->flags & MIFF_REGISTER) {
2016 vif->pkt_out++;
2017 vif->bytes_out += skb->len;
2018 vif->dev->stats.tx_bytes += skb->len;
2019 vif->dev->stats.tx_packets++;
2020 ip6mr_cache_report(mrt, skb, vifi, MRT6MSG_WHOLEPKT);
2021 goto out_free;
2022 }
2023#endif
2024
2025 ipv6h = ipv6_hdr(skb);
2026
2027 fl6 = (struct flowi6) {
2028 .flowi6_oif = vif->link,
2029 .daddr = ipv6h->daddr,
2030 };
2031
2032 dst = ip6_route_output(net, NULL, &fl6);
2033 if (dst->error) {
2034 dst_release(dst);
2035 goto out_free;
2036 }
2037
2038 skb_dst_drop(skb);
2039 skb_dst_set(skb, dst);
2040
2041 /*
2042 * RFC1584 teaches, that DVMRP/PIM router must deliver packets locally
2043 * not only before forwarding, but after forwarding on all output
2044 * interfaces. It is clear, if mrouter runs a multicasting
2045 * program, it should receive packets not depending to what interface
2046 * program is joined.
2047 * If we will not make it, the program will have to join on all
2048 * interfaces. On the other hand, multihoming host (or router, but
2049 * not mrouter) cannot join to more than one interface - it will
2050 * result in receiving multiple packets.
2051 */
2052 dev = vif->dev;
2053 skb->dev = dev;
2054 vif->pkt_out++;
2055 vif->bytes_out += skb->len;
2056
2057 /* We are about to write */
2058 /* XXX: extension headers? */
2059 if (skb_cow(skb, sizeof(*ipv6h) + LL_RESERVED_SPACE(dev)))
2060 goto out_free;
2061
2062 ipv6h = ipv6_hdr(skb);
2063 ipv6h->hop_limit--;
2064
2065 IP6CB(skb)->flags |= IP6SKB_FORWARDED;
2066
2067 return NF_HOOK(NFPROTO_IPV6, NF_INET_FORWARD,
2068 net, NULL, skb, skb->dev, dev,
2069 ip6mr_forward2_finish);
2070
2071out_free:
2072 kfree_skb(skb);
2073 return 0;
2074}
2075
2076static int ip6mr_find_vif(struct mr_table *mrt, struct net_device *dev)
2077{
2078 int ct;
2079
2080 for (ct = mrt->maxvif - 1; ct >= 0; ct--) {
2081 if (mrt->vif_table[ct].dev == dev)
2082 break;
2083 }
2084 return ct;
2085}
2086
2087static void ip6_mr_forward(struct net *net, struct mr_table *mrt,
2088 struct net_device *dev, struct sk_buff *skb,
2089 struct mfc6_cache *c)
2090{
2091 int psend = -1;
2092 int vif, ct;
2093 int true_vifi = ip6mr_find_vif(mrt, dev);
2094
2095 vif = c->_c.mfc_parent;
2096 c->_c.mfc_un.res.pkt++;
2097 c->_c.mfc_un.res.bytes += skb->len;
2098 c->_c.mfc_un.res.lastuse = jiffies;
2099
2100 if (ipv6_addr_any(&c->mf6c_origin) && true_vifi >= 0) {
2101 struct mfc6_cache *cache_proxy;
2102
2103 /* For an (*,G) entry, we only check that the incoming
2104 * interface is part of the static tree.
2105 */
2106 rcu_read_lock();
2107 cache_proxy = mr_mfc_find_any_parent(mrt, vif);
2108 if (cache_proxy &&
2109 cache_proxy->_c.mfc_un.res.ttls[true_vifi] < 255) {
2110 rcu_read_unlock();
2111 goto forward;
2112 }
2113 rcu_read_unlock();
2114 }
2115
2116 /*
2117 * Wrong interface: drop packet and (maybe) send PIM assert.
2118 */
2119 if (mrt->vif_table[vif].dev != dev) {
2120 c->_c.mfc_un.res.wrong_if++;
2121
2122 if (true_vifi >= 0 && mrt->mroute_do_assert &&
2123 /* pimsm uses asserts, when switching from RPT to SPT,
2124 so that we cannot check that packet arrived on an oif.
2125 It is bad, but otherwise we would need to move pretty
2126 large chunk of pimd to kernel. Ough... --ANK
2127 */
2128 (mrt->mroute_do_pim ||
2129 c->_c.mfc_un.res.ttls[true_vifi] < 255) &&
2130 time_after(jiffies,
2131 c->_c.mfc_un.res.last_assert +
2132 MFC_ASSERT_THRESH)) {
2133 c->_c.mfc_un.res.last_assert = jiffies;
2134 ip6mr_cache_report(mrt, skb, true_vifi, MRT6MSG_WRONGMIF);
2135 }
2136 goto dont_forward;
2137 }
2138
2139forward:
2140 mrt->vif_table[vif].pkt_in++;
2141 mrt->vif_table[vif].bytes_in += skb->len;
2142
2143 /*
2144 * Forward the frame
2145 */
2146 if (ipv6_addr_any(&c->mf6c_origin) &&
2147 ipv6_addr_any(&c->mf6c_mcastgrp)) {
2148 if (true_vifi >= 0 &&
2149 true_vifi != c->_c.mfc_parent &&
2150 ipv6_hdr(skb)->hop_limit >
2151 c->_c.mfc_un.res.ttls[c->_c.mfc_parent]) {
2152 /* It's an (*,*) entry and the packet is not coming from
2153 * the upstream: forward the packet to the upstream
2154 * only.
2155 */
2156 psend = c->_c.mfc_parent;
2157 goto last_forward;
2158 }
2159 goto dont_forward;
2160 }
2161 for (ct = c->_c.mfc_un.res.maxvif - 1;
2162 ct >= c->_c.mfc_un.res.minvif; ct--) {
2163 /* For (*,G) entry, don't forward to the incoming interface */
2164 if ((!ipv6_addr_any(&c->mf6c_origin) || ct != true_vifi) &&
2165 ipv6_hdr(skb)->hop_limit > c->_c.mfc_un.res.ttls[ct]) {
2166 if (psend != -1) {
2167 struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC);
2168 if (skb2)
2169 ip6mr_forward2(net, mrt, skb2, psend);
2170 }
2171 psend = ct;
2172 }
2173 }
2174last_forward:
2175 if (psend != -1) {
2176 ip6mr_forward2(net, mrt, skb, psend);
2177 return;
2178 }
2179
2180dont_forward:
2181 kfree_skb(skb);
2182}
2183
2184
2185/*
2186 * Multicast packets for forwarding arrive here
2187 */
2188
2189int ip6_mr_input(struct sk_buff *skb)
2190{
2191 struct mfc6_cache *cache;
2192 struct net *net = dev_net(skb->dev);
2193 struct mr_table *mrt;
2194 struct flowi6 fl6 = {
2195 .flowi6_iif = skb->dev->ifindex,
2196 .flowi6_mark = skb->mark,
2197 };
2198 int err;
2199 struct net_device *dev;
2200
2201 /* skb->dev passed in is the master dev for vrfs.
2202 * Get the proper interface that does have a vif associated with it.
2203 */
2204 dev = skb->dev;
2205 if (netif_is_l3_master(skb->dev)) {
2206 dev = dev_get_by_index_rcu(net, IPCB(skb)->iif);
2207 if (!dev) {
2208 kfree_skb(skb);
2209 return -ENODEV;
2210 }
2211 }
2212
2213 err = ip6mr_fib_lookup(net, &fl6, &mrt);
2214 if (err < 0) {
2215 kfree_skb(skb);
2216 return err;
2217 }
2218
2219 read_lock(&mrt_lock);
2220 cache = ip6mr_cache_find(mrt,
2221 &ipv6_hdr(skb)->saddr, &ipv6_hdr(skb)->daddr);
2222 if (!cache) {
2223 int vif = ip6mr_find_vif(mrt, dev);
2224
2225 if (vif >= 0)
2226 cache = ip6mr_cache_find_any(mrt,
2227 &ipv6_hdr(skb)->daddr,
2228 vif);
2229 }
2230
2231 /*
2232 * No usable cache entry
2233 */
2234 if (!cache) {
2235 int vif;
2236
2237 vif = ip6mr_find_vif(mrt, dev);
2238 if (vif >= 0) {
2239 int err = ip6mr_cache_unresolved(mrt, vif, skb, dev);
2240 read_unlock(&mrt_lock);
2241
2242 return err;
2243 }
2244 read_unlock(&mrt_lock);
2245 kfree_skb(skb);
2246 return -ENODEV;
2247 }
2248
2249 ip6_mr_forward(net, mrt, dev, skb, cache);
2250
2251 read_unlock(&mrt_lock);
2252
2253 return 0;
2254}
2255
2256int ip6mr_get_route(struct net *net, struct sk_buff *skb, struct rtmsg *rtm,
2257 u32 portid)
2258{
2259 int err;
2260 struct mr_table *mrt;
2261 struct mfc6_cache *cache;
2262 struct rt6_info *rt = (struct rt6_info *)skb_dst(skb);
2263
2264 mrt = ip6mr_get_table(net, RT6_TABLE_DFLT);
2265 if (!mrt)
2266 return -ENOENT;
2267
2268 read_lock(&mrt_lock);
2269 cache = ip6mr_cache_find(mrt, &rt->rt6i_src.addr, &rt->rt6i_dst.addr);
2270 if (!cache && skb->dev) {
2271 int vif = ip6mr_find_vif(mrt, skb->dev);
2272
2273 if (vif >= 0)
2274 cache = ip6mr_cache_find_any(mrt, &rt->rt6i_dst.addr,
2275 vif);
2276 }
2277
2278 if (!cache) {
2279 struct sk_buff *skb2;
2280 struct ipv6hdr *iph;
2281 struct net_device *dev;
2282 int vif;
2283
2284 dev = skb->dev;
2285 if (!dev || (vif = ip6mr_find_vif(mrt, dev)) < 0) {
2286 read_unlock(&mrt_lock);
2287 return -ENODEV;
2288 }
2289
2290 /* really correct? */
2291 skb2 = alloc_skb(sizeof(struct ipv6hdr), GFP_ATOMIC);
2292 if (!skb2) {
2293 read_unlock(&mrt_lock);
2294 return -ENOMEM;
2295 }
2296
2297 NETLINK_CB(skb2).portid = portid;
2298 skb_reset_transport_header(skb2);
2299
2300 skb_put(skb2, sizeof(struct ipv6hdr));
2301 skb_reset_network_header(skb2);
2302
2303 iph = ipv6_hdr(skb2);
2304 iph->version = 0;
2305 iph->priority = 0;
2306 iph->flow_lbl[0] = 0;
2307 iph->flow_lbl[1] = 0;
2308 iph->flow_lbl[2] = 0;
2309 iph->payload_len = 0;
2310 iph->nexthdr = IPPROTO_NONE;
2311 iph->hop_limit = 0;
2312 iph->saddr = rt->rt6i_src.addr;
2313 iph->daddr = rt->rt6i_dst.addr;
2314
2315 err = ip6mr_cache_unresolved(mrt, vif, skb2, dev);
2316 read_unlock(&mrt_lock);
2317
2318 return err;
2319 }
2320
2321 err = mr_fill_mroute(mrt, skb, &cache->_c, rtm);
2322 read_unlock(&mrt_lock);
2323 return err;
2324}
2325
2326static int ip6mr_fill_mroute(struct mr_table *mrt, struct sk_buff *skb,
2327 u32 portid, u32 seq, struct mfc6_cache *c, int cmd,
2328 int flags)
2329{
2330 struct nlmsghdr *nlh;
2331 struct rtmsg *rtm;
2332 int err;
2333
2334 nlh = nlmsg_put(skb, portid, seq, cmd, sizeof(*rtm), flags);
2335 if (!nlh)
2336 return -EMSGSIZE;
2337
2338 rtm = nlmsg_data(nlh);
2339 rtm->rtm_family = RTNL_FAMILY_IP6MR;
2340 rtm->rtm_dst_len = 128;
2341 rtm->rtm_src_len = 128;
2342 rtm->rtm_tos = 0;
2343 rtm->rtm_table = mrt->id;
2344 if (nla_put_u32(skb, RTA_TABLE, mrt->id))
2345 goto nla_put_failure;
2346 rtm->rtm_type = RTN_MULTICAST;
2347 rtm->rtm_scope = RT_SCOPE_UNIVERSE;
2348 if (c->_c.mfc_flags & MFC_STATIC)
2349 rtm->rtm_protocol = RTPROT_STATIC;
2350 else
2351 rtm->rtm_protocol = RTPROT_MROUTED;
2352 rtm->rtm_flags = 0;
2353
2354 if (nla_put_in6_addr(skb, RTA_SRC, &c->mf6c_origin) ||
2355 nla_put_in6_addr(skb, RTA_DST, &c->mf6c_mcastgrp))
2356 goto nla_put_failure;
2357 err = mr_fill_mroute(mrt, skb, &c->_c, rtm);
2358 /* do not break the dump if cache is unresolved */
2359 if (err < 0 && err != -ENOENT)
2360 goto nla_put_failure;
2361
2362 nlmsg_end(skb, nlh);
2363 return 0;
2364
2365nla_put_failure:
2366 nlmsg_cancel(skb, nlh);
2367 return -EMSGSIZE;
2368}
2369
2370static int _ip6mr_fill_mroute(struct mr_table *mrt, struct sk_buff *skb,
2371 u32 portid, u32 seq, struct mr_mfc *c,
2372 int cmd, int flags)
2373{
2374 return ip6mr_fill_mroute(mrt, skb, portid, seq, (struct mfc6_cache *)c,
2375 cmd, flags);
2376}
2377
2378static int mr6_msgsize(bool unresolved, int maxvif)
2379{
2380 size_t len =
2381 NLMSG_ALIGN(sizeof(struct rtmsg))
2382 + nla_total_size(4) /* RTA_TABLE */
2383 + nla_total_size(sizeof(struct in6_addr)) /* RTA_SRC */
2384 + nla_total_size(sizeof(struct in6_addr)) /* RTA_DST */
2385 ;
2386
2387 if (!unresolved)
2388 len = len
2389 + nla_total_size(4) /* RTA_IIF */
2390 + nla_total_size(0) /* RTA_MULTIPATH */
2391 + maxvif * NLA_ALIGN(sizeof(struct rtnexthop))
2392 /* RTA_MFC_STATS */
2393 + nla_total_size_64bit(sizeof(struct rta_mfc_stats))
2394 ;
2395
2396 return len;
2397}
2398
2399static void mr6_netlink_event(struct mr_table *mrt, struct mfc6_cache *mfc,
2400 int cmd)
2401{
2402 struct net *net = read_pnet(&mrt->net);
2403 struct sk_buff *skb;
2404 int err = -ENOBUFS;
2405
2406 skb = nlmsg_new(mr6_msgsize(mfc->_c.mfc_parent >= MAXMIFS, mrt->maxvif),
2407 GFP_ATOMIC);
2408 if (!skb)
2409 goto errout;
2410
2411 err = ip6mr_fill_mroute(mrt, skb, 0, 0, mfc, cmd, 0);
2412 if (err < 0)
2413 goto errout;
2414
2415 rtnl_notify(skb, net, 0, RTNLGRP_IPV6_MROUTE, NULL, GFP_ATOMIC);
2416 return;
2417
2418errout:
2419 kfree_skb(skb);
2420 if (err < 0)
2421 rtnl_set_sk_err(net, RTNLGRP_IPV6_MROUTE, err);
2422}
2423
2424static size_t mrt6msg_netlink_msgsize(size_t payloadlen)
2425{
2426 size_t len =
2427 NLMSG_ALIGN(sizeof(struct rtgenmsg))
2428 + nla_total_size(1) /* IP6MRA_CREPORT_MSGTYPE */
2429 + nla_total_size(4) /* IP6MRA_CREPORT_MIF_ID */
2430 /* IP6MRA_CREPORT_SRC_ADDR */
2431 + nla_total_size(sizeof(struct in6_addr))
2432 /* IP6MRA_CREPORT_DST_ADDR */
2433 + nla_total_size(sizeof(struct in6_addr))
2434 /* IP6MRA_CREPORT_PKT */
2435 + nla_total_size(payloadlen)
2436 ;
2437
2438 return len;
2439}
2440
2441static void mrt6msg_netlink_event(struct mr_table *mrt, struct sk_buff *pkt)
2442{
2443 struct net *net = read_pnet(&mrt->net);
2444 struct nlmsghdr *nlh;
2445 struct rtgenmsg *rtgenm;
2446 struct mrt6msg *msg;
2447 struct sk_buff *skb;
2448 struct nlattr *nla;
2449 int payloadlen;
2450
2451 payloadlen = pkt->len - sizeof(struct mrt6msg);
2452 msg = (struct mrt6msg *)skb_transport_header(pkt);
2453
2454 skb = nlmsg_new(mrt6msg_netlink_msgsize(payloadlen), GFP_ATOMIC);
2455 if (!skb)
2456 goto errout;
2457
2458 nlh = nlmsg_put(skb, 0, 0, RTM_NEWCACHEREPORT,
2459 sizeof(struct rtgenmsg), 0);
2460 if (!nlh)
2461 goto errout;
2462 rtgenm = nlmsg_data(nlh);
2463 rtgenm->rtgen_family = RTNL_FAMILY_IP6MR;
2464 if (nla_put_u8(skb, IP6MRA_CREPORT_MSGTYPE, msg->im6_msgtype) ||
2465 nla_put_u32(skb, IP6MRA_CREPORT_MIF_ID, msg->im6_mif) ||
2466 nla_put_in6_addr(skb, IP6MRA_CREPORT_SRC_ADDR,
2467 &msg->im6_src) ||
2468 nla_put_in6_addr(skb, IP6MRA_CREPORT_DST_ADDR,
2469 &msg->im6_dst))
2470 goto nla_put_failure;
2471
2472 nla = nla_reserve(skb, IP6MRA_CREPORT_PKT, payloadlen);
2473 if (!nla || skb_copy_bits(pkt, sizeof(struct mrt6msg),
2474 nla_data(nla), payloadlen))
2475 goto nla_put_failure;
2476
2477 nlmsg_end(skb, nlh);
2478
2479 rtnl_notify(skb, net, 0, RTNLGRP_IPV6_MROUTE_R, NULL, GFP_ATOMIC);
2480 return;
2481
2482nla_put_failure:
2483 nlmsg_cancel(skb, nlh);
2484errout:
2485 kfree_skb(skb);
2486 rtnl_set_sk_err(net, RTNLGRP_IPV6_MROUTE_R, -ENOBUFS);
2487}
2488
2489static int ip6mr_rtm_dumproute(struct sk_buff *skb, struct netlink_callback *cb)
2490{
2491 const struct nlmsghdr *nlh = cb->nlh;
2492 struct fib_dump_filter filter = {};
2493 int err;
2494
2495 if (cb->strict_check) {
2496 err = ip_valid_fib_dump_req(sock_net(skb->sk), nlh,
2497 &filter, cb);
2498 if (err < 0)
2499 return err;
2500 }
2501
2502 if (filter.table_id) {
2503 struct mr_table *mrt;
2504
2505 mrt = ip6mr_get_table(sock_net(skb->sk), filter.table_id);
2506 if (!mrt) {
2507 if (rtnl_msg_family(cb->nlh) != RTNL_FAMILY_IP6MR)
2508 return skb->len;
2509
2510 NL_SET_ERR_MSG_MOD(cb->extack, "MR table does not exist");
2511 return -ENOENT;
2512 }
2513 err = mr_table_dump(mrt, skb, cb, _ip6mr_fill_mroute,
2514 &mfc_unres_lock, &filter);
2515 return skb->len ? : err;
2516 }
2517
2518 return mr_rtm_dumproute(skb, cb, ip6mr_mr_table_iter,
2519 _ip6mr_fill_mroute, &mfc_unres_lock, &filter);
2520}
1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * Linux IPv6 multicast routing support for BSD pim6sd
4 * Based on net/ipv4/ipmr.c.
5 *
6 * (c) 2004 Mickael Hoerdt, <hoerdt@clarinet.u-strasbg.fr>
7 * LSIIT Laboratory, Strasbourg, France
8 * (c) 2004 Jean-Philippe Andriot, <jean-philippe.andriot@6WIND.com>
9 * 6WIND, Paris, France
10 * Copyright (C)2007,2008 USAGI/WIDE Project
11 * YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
12 */
13
14#include <linux/uaccess.h>
15#include <linux/types.h>
16#include <linux/sched.h>
17#include <linux/errno.h>
18#include <linux/mm.h>
19#include <linux/kernel.h>
20#include <linux/fcntl.h>
21#include <linux/stat.h>
22#include <linux/socket.h>
23#include <linux/inet.h>
24#include <linux/netdevice.h>
25#include <linux/inetdevice.h>
26#include <linux/proc_fs.h>
27#include <linux/seq_file.h>
28#include <linux/init.h>
29#include <linux/compat.h>
30#include <linux/rhashtable.h>
31#include <net/protocol.h>
32#include <linux/skbuff.h>
33#include <net/raw.h>
34#include <linux/notifier.h>
35#include <linux/if_arp.h>
36#include <net/checksum.h>
37#include <net/netlink.h>
38#include <net/fib_rules.h>
39
40#include <net/ipv6.h>
41#include <net/ip6_route.h>
42#include <linux/mroute6.h>
43#include <linux/pim.h>
44#include <net/addrconf.h>
45#include <linux/netfilter_ipv6.h>
46#include <linux/export.h>
47#include <net/ip6_checksum.h>
48#include <linux/netconf.h>
49#include <net/ip_tunnels.h>
50
51#include <linux/nospec.h>
52
53struct ip6mr_rule {
54 struct fib_rule common;
55};
56
57struct ip6mr_result {
58 struct mr_table *mrt;
59};
60
61/* Big lock, protecting vif table, mrt cache and mroute socket state.
62 Note that the changes are semaphored via rtnl_lock.
63 */
64
65static DEFINE_SPINLOCK(mrt_lock);
66
67static struct net_device *vif_dev_read(const struct vif_device *vif)
68{
69 return rcu_dereference(vif->dev);
70}
71
72/* Multicast router control variables */
73
74/* Special spinlock for queue of unresolved entries */
75static DEFINE_SPINLOCK(mfc_unres_lock);
76
77/* We return to original Alan's scheme. Hash table of resolved
78 entries is changed only in process context and protected
79 with weak lock mrt_lock. Queue of unresolved entries is protected
80 with strong spinlock mfc_unres_lock.
81
82 In this case data path is free of exclusive locks at all.
83 */
84
85static struct kmem_cache *mrt_cachep __read_mostly;
86
87static struct mr_table *ip6mr_new_table(struct net *net, u32 id);
88static void ip6mr_free_table(struct mr_table *mrt);
89
90static void ip6_mr_forward(struct net *net, struct mr_table *mrt,
91 struct net_device *dev, struct sk_buff *skb,
92 struct mfc6_cache *cache);
93static int ip6mr_cache_report(const struct mr_table *mrt, struct sk_buff *pkt,
94 mifi_t mifi, int assert);
95static void mr6_netlink_event(struct mr_table *mrt, struct mfc6_cache *mfc,
96 int cmd);
97static void mrt6msg_netlink_event(const struct mr_table *mrt, struct sk_buff *pkt);
98static int ip6mr_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr *nlh,
99 struct netlink_ext_ack *extack);
100static int ip6mr_rtm_dumproute(struct sk_buff *skb,
101 struct netlink_callback *cb);
102static void mroute_clean_tables(struct mr_table *mrt, int flags);
103static void ipmr_expire_process(struct timer_list *t);
104
105#ifdef CONFIG_IPV6_MROUTE_MULTIPLE_TABLES
106#define ip6mr_for_each_table(mrt, net) \
107 list_for_each_entry_rcu(mrt, &net->ipv6.mr6_tables, list, \
108 lockdep_rtnl_is_held() || \
109 list_empty(&net->ipv6.mr6_tables))
110
111static struct mr_table *ip6mr_mr_table_iter(struct net *net,
112 struct mr_table *mrt)
113{
114 struct mr_table *ret;
115
116 if (!mrt)
117 ret = list_entry_rcu(net->ipv6.mr6_tables.next,
118 struct mr_table, list);
119 else
120 ret = list_entry_rcu(mrt->list.next,
121 struct mr_table, list);
122
123 if (&ret->list == &net->ipv6.mr6_tables)
124 return NULL;
125 return ret;
126}
127
128static struct mr_table *ip6mr_get_table(struct net *net, u32 id)
129{
130 struct mr_table *mrt;
131
132 ip6mr_for_each_table(mrt, net) {
133 if (mrt->id == id)
134 return mrt;
135 }
136 return NULL;
137}
138
139static int ip6mr_fib_lookup(struct net *net, struct flowi6 *flp6,
140 struct mr_table **mrt)
141{
142 int err;
143 struct ip6mr_result res;
144 struct fib_lookup_arg arg = {
145 .result = &res,
146 .flags = FIB_LOOKUP_NOREF,
147 };
148
149 /* update flow if oif or iif point to device enslaved to l3mdev */
150 l3mdev_update_flow(net, flowi6_to_flowi(flp6));
151
152 err = fib_rules_lookup(net->ipv6.mr6_rules_ops,
153 flowi6_to_flowi(flp6), 0, &arg);
154 if (err < 0)
155 return err;
156 *mrt = res.mrt;
157 return 0;
158}
159
160static int ip6mr_rule_action(struct fib_rule *rule, struct flowi *flp,
161 int flags, struct fib_lookup_arg *arg)
162{
163 struct ip6mr_result *res = arg->result;
164 struct mr_table *mrt;
165
166 switch (rule->action) {
167 case FR_ACT_TO_TBL:
168 break;
169 case FR_ACT_UNREACHABLE:
170 return -ENETUNREACH;
171 case FR_ACT_PROHIBIT:
172 return -EACCES;
173 case FR_ACT_BLACKHOLE:
174 default:
175 return -EINVAL;
176 }
177
178 arg->table = fib_rule_get_table(rule, arg);
179
180 mrt = ip6mr_get_table(rule->fr_net, arg->table);
181 if (!mrt)
182 return -EAGAIN;
183 res->mrt = mrt;
184 return 0;
185}
186
187static int ip6mr_rule_match(struct fib_rule *rule, struct flowi *flp, int flags)
188{
189 return 1;
190}
191
192static int ip6mr_rule_configure(struct fib_rule *rule, struct sk_buff *skb,
193 struct fib_rule_hdr *frh, struct nlattr **tb,
194 struct netlink_ext_ack *extack)
195{
196 return 0;
197}
198
199static int ip6mr_rule_compare(struct fib_rule *rule, struct fib_rule_hdr *frh,
200 struct nlattr **tb)
201{
202 return 1;
203}
204
205static int ip6mr_rule_fill(struct fib_rule *rule, struct sk_buff *skb,
206 struct fib_rule_hdr *frh)
207{
208 frh->dst_len = 0;
209 frh->src_len = 0;
210 frh->tos = 0;
211 return 0;
212}
213
214static const struct fib_rules_ops __net_initconst ip6mr_rules_ops_template = {
215 .family = RTNL_FAMILY_IP6MR,
216 .rule_size = sizeof(struct ip6mr_rule),
217 .addr_size = sizeof(struct in6_addr),
218 .action = ip6mr_rule_action,
219 .match = ip6mr_rule_match,
220 .configure = ip6mr_rule_configure,
221 .compare = ip6mr_rule_compare,
222 .fill = ip6mr_rule_fill,
223 .nlgroup = RTNLGRP_IPV6_RULE,
224 .owner = THIS_MODULE,
225};
226
227static int __net_init ip6mr_rules_init(struct net *net)
228{
229 struct fib_rules_ops *ops;
230 struct mr_table *mrt;
231 int err;
232
233 ops = fib_rules_register(&ip6mr_rules_ops_template, net);
234 if (IS_ERR(ops))
235 return PTR_ERR(ops);
236
237 INIT_LIST_HEAD(&net->ipv6.mr6_tables);
238
239 mrt = ip6mr_new_table(net, RT6_TABLE_DFLT);
240 if (IS_ERR(mrt)) {
241 err = PTR_ERR(mrt);
242 goto err1;
243 }
244
245 err = fib_default_rule_add(ops, 0x7fff, RT6_TABLE_DFLT);
246 if (err < 0)
247 goto err2;
248
249 net->ipv6.mr6_rules_ops = ops;
250 return 0;
251
252err2:
253 rtnl_lock();
254 ip6mr_free_table(mrt);
255 rtnl_unlock();
256err1:
257 fib_rules_unregister(ops);
258 return err;
259}
260
261static void __net_exit ip6mr_rules_exit(struct net *net)
262{
263 struct mr_table *mrt, *next;
264
265 ASSERT_RTNL();
266 list_for_each_entry_safe(mrt, next, &net->ipv6.mr6_tables, list) {
267 list_del(&mrt->list);
268 ip6mr_free_table(mrt);
269 }
270 fib_rules_unregister(net->ipv6.mr6_rules_ops);
271}
272
273static int ip6mr_rules_dump(struct net *net, struct notifier_block *nb,
274 struct netlink_ext_ack *extack)
275{
276 return fib_rules_dump(net, nb, RTNL_FAMILY_IP6MR, extack);
277}
278
279static unsigned int ip6mr_rules_seq_read(struct net *net)
280{
281 return fib_rules_seq_read(net, RTNL_FAMILY_IP6MR);
282}
283
284bool ip6mr_rule_default(const struct fib_rule *rule)
285{
286 return fib_rule_matchall(rule) && rule->action == FR_ACT_TO_TBL &&
287 rule->table == RT6_TABLE_DFLT && !rule->l3mdev;
288}
289EXPORT_SYMBOL(ip6mr_rule_default);
290#else
291#define ip6mr_for_each_table(mrt, net) \
292 for (mrt = net->ipv6.mrt6; mrt; mrt = NULL)
293
294static struct mr_table *ip6mr_mr_table_iter(struct net *net,
295 struct mr_table *mrt)
296{
297 if (!mrt)
298 return net->ipv6.mrt6;
299 return NULL;
300}
301
302static struct mr_table *ip6mr_get_table(struct net *net, u32 id)
303{
304 return net->ipv6.mrt6;
305}
306
307static int ip6mr_fib_lookup(struct net *net, struct flowi6 *flp6,
308 struct mr_table **mrt)
309{
310 *mrt = net->ipv6.mrt6;
311 return 0;
312}
313
314static int __net_init ip6mr_rules_init(struct net *net)
315{
316 struct mr_table *mrt;
317
318 mrt = ip6mr_new_table(net, RT6_TABLE_DFLT);
319 if (IS_ERR(mrt))
320 return PTR_ERR(mrt);
321 net->ipv6.mrt6 = mrt;
322 return 0;
323}
324
325static void __net_exit ip6mr_rules_exit(struct net *net)
326{
327 ASSERT_RTNL();
328 ip6mr_free_table(net->ipv6.mrt6);
329 net->ipv6.mrt6 = NULL;
330}
331
332static int ip6mr_rules_dump(struct net *net, struct notifier_block *nb,
333 struct netlink_ext_ack *extack)
334{
335 return 0;
336}
337
338static unsigned int ip6mr_rules_seq_read(struct net *net)
339{
340 return 0;
341}
342#endif
343
344static int ip6mr_hash_cmp(struct rhashtable_compare_arg *arg,
345 const void *ptr)
346{
347 const struct mfc6_cache_cmp_arg *cmparg = arg->key;
348 struct mfc6_cache *c = (struct mfc6_cache *)ptr;
349
350 return !ipv6_addr_equal(&c->mf6c_mcastgrp, &cmparg->mf6c_mcastgrp) ||
351 !ipv6_addr_equal(&c->mf6c_origin, &cmparg->mf6c_origin);
352}
353
354static const struct rhashtable_params ip6mr_rht_params = {
355 .head_offset = offsetof(struct mr_mfc, mnode),
356 .key_offset = offsetof(struct mfc6_cache, cmparg),
357 .key_len = sizeof(struct mfc6_cache_cmp_arg),
358 .nelem_hint = 3,
359 .obj_cmpfn = ip6mr_hash_cmp,
360 .automatic_shrinking = true,
361};
362
363static void ip6mr_new_table_set(struct mr_table *mrt,
364 struct net *net)
365{
366#ifdef CONFIG_IPV6_MROUTE_MULTIPLE_TABLES
367 list_add_tail_rcu(&mrt->list, &net->ipv6.mr6_tables);
368#endif
369}
370
371static struct mfc6_cache_cmp_arg ip6mr_mr_table_ops_cmparg_any = {
372 .mf6c_origin = IN6ADDR_ANY_INIT,
373 .mf6c_mcastgrp = IN6ADDR_ANY_INIT,
374};
375
376static struct mr_table_ops ip6mr_mr_table_ops = {
377 .rht_params = &ip6mr_rht_params,
378 .cmparg_any = &ip6mr_mr_table_ops_cmparg_any,
379};
380
381static struct mr_table *ip6mr_new_table(struct net *net, u32 id)
382{
383 struct mr_table *mrt;
384
385 mrt = ip6mr_get_table(net, id);
386 if (mrt)
387 return mrt;
388
389 return mr_table_alloc(net, id, &ip6mr_mr_table_ops,
390 ipmr_expire_process, ip6mr_new_table_set);
391}
392
393static void ip6mr_free_table(struct mr_table *mrt)
394{
395 timer_shutdown_sync(&mrt->ipmr_expire_timer);
396 mroute_clean_tables(mrt, MRT6_FLUSH_MIFS | MRT6_FLUSH_MIFS_STATIC |
397 MRT6_FLUSH_MFC | MRT6_FLUSH_MFC_STATIC);
398 rhltable_destroy(&mrt->mfc_hash);
399 kfree(mrt);
400}
401
402#ifdef CONFIG_PROC_FS
403/* The /proc interfaces to multicast routing
404 * /proc/ip6_mr_cache /proc/ip6_mr_vif
405 */
406
407static void *ip6mr_vif_seq_start(struct seq_file *seq, loff_t *pos)
408 __acquires(RCU)
409{
410 struct mr_vif_iter *iter = seq->private;
411 struct net *net = seq_file_net(seq);
412 struct mr_table *mrt;
413
414 mrt = ip6mr_get_table(net, RT6_TABLE_DFLT);
415 if (!mrt)
416 return ERR_PTR(-ENOENT);
417
418 iter->mrt = mrt;
419
420 rcu_read_lock();
421 return mr_vif_seq_start(seq, pos);
422}
423
424static void ip6mr_vif_seq_stop(struct seq_file *seq, void *v)
425 __releases(RCU)
426{
427 rcu_read_unlock();
428}
429
430static int ip6mr_vif_seq_show(struct seq_file *seq, void *v)
431{
432 struct mr_vif_iter *iter = seq->private;
433 struct mr_table *mrt = iter->mrt;
434
435 if (v == SEQ_START_TOKEN) {
436 seq_puts(seq,
437 "Interface BytesIn PktsIn BytesOut PktsOut Flags\n");
438 } else {
439 const struct vif_device *vif = v;
440 const struct net_device *vif_dev;
441 const char *name;
442
443 vif_dev = vif_dev_read(vif);
444 name = vif_dev ? vif_dev->name : "none";
445
446 seq_printf(seq,
447 "%2td %-10s %8ld %7ld %8ld %7ld %05X\n",
448 vif - mrt->vif_table,
449 name, vif->bytes_in, vif->pkt_in,
450 vif->bytes_out, vif->pkt_out,
451 vif->flags);
452 }
453 return 0;
454}
455
456static const struct seq_operations ip6mr_vif_seq_ops = {
457 .start = ip6mr_vif_seq_start,
458 .next = mr_vif_seq_next,
459 .stop = ip6mr_vif_seq_stop,
460 .show = ip6mr_vif_seq_show,
461};
462
463static void *ipmr_mfc_seq_start(struct seq_file *seq, loff_t *pos)
464{
465 struct net *net = seq_file_net(seq);
466 struct mr_table *mrt;
467
468 mrt = ip6mr_get_table(net, RT6_TABLE_DFLT);
469 if (!mrt)
470 return ERR_PTR(-ENOENT);
471
472 return mr_mfc_seq_start(seq, pos, mrt, &mfc_unres_lock);
473}
474
475static int ipmr_mfc_seq_show(struct seq_file *seq, void *v)
476{
477 int n;
478
479 if (v == SEQ_START_TOKEN) {
480 seq_puts(seq,
481 "Group "
482 "Origin "
483 "Iif Pkts Bytes Wrong Oifs\n");
484 } else {
485 const struct mfc6_cache *mfc = v;
486 const struct mr_mfc_iter *it = seq->private;
487 struct mr_table *mrt = it->mrt;
488
489 seq_printf(seq, "%pI6 %pI6 %-3hd",
490 &mfc->mf6c_mcastgrp, &mfc->mf6c_origin,
491 mfc->_c.mfc_parent);
492
493 if (it->cache != &mrt->mfc_unres_queue) {
494 seq_printf(seq, " %8lu %8lu %8lu",
495 mfc->_c.mfc_un.res.pkt,
496 mfc->_c.mfc_un.res.bytes,
497 mfc->_c.mfc_un.res.wrong_if);
498 for (n = mfc->_c.mfc_un.res.minvif;
499 n < mfc->_c.mfc_un.res.maxvif; n++) {
500 if (VIF_EXISTS(mrt, n) &&
501 mfc->_c.mfc_un.res.ttls[n] < 255)
502 seq_printf(seq,
503 " %2d:%-3d", n,
504 mfc->_c.mfc_un.res.ttls[n]);
505 }
506 } else {
507 /* unresolved mfc_caches don't contain
508 * pkt, bytes and wrong_if values
509 */
510 seq_printf(seq, " %8lu %8lu %8lu", 0ul, 0ul, 0ul);
511 }
512 seq_putc(seq, '\n');
513 }
514 return 0;
515}
516
517static const struct seq_operations ipmr_mfc_seq_ops = {
518 .start = ipmr_mfc_seq_start,
519 .next = mr_mfc_seq_next,
520 .stop = mr_mfc_seq_stop,
521 .show = ipmr_mfc_seq_show,
522};
523#endif
524
525#ifdef CONFIG_IPV6_PIMSM_V2
526
527static int pim6_rcv(struct sk_buff *skb)
528{
529 struct pimreghdr *pim;
530 struct ipv6hdr *encap;
531 struct net_device *reg_dev = NULL;
532 struct net *net = dev_net(skb->dev);
533 struct mr_table *mrt;
534 struct flowi6 fl6 = {
535 .flowi6_iif = skb->dev->ifindex,
536 .flowi6_mark = skb->mark,
537 };
538 int reg_vif_num;
539
540 if (!pskb_may_pull(skb, sizeof(*pim) + sizeof(*encap)))
541 goto drop;
542
543 pim = (struct pimreghdr *)skb_transport_header(skb);
544 if (pim->type != ((PIM_VERSION << 4) | PIM_TYPE_REGISTER) ||
545 (pim->flags & PIM_NULL_REGISTER) ||
546 (csum_ipv6_magic(&ipv6_hdr(skb)->saddr, &ipv6_hdr(skb)->daddr,
547 sizeof(*pim), IPPROTO_PIM,
548 csum_partial((void *)pim, sizeof(*pim), 0)) &&
549 csum_fold(skb_checksum(skb, 0, skb->len, 0))))
550 goto drop;
551
552 /* check if the inner packet is destined to mcast group */
553 encap = (struct ipv6hdr *)(skb_transport_header(skb) +
554 sizeof(*pim));
555
556 if (!ipv6_addr_is_multicast(&encap->daddr) ||
557 encap->payload_len == 0 ||
558 ntohs(encap->payload_len) + sizeof(*pim) > skb->len)
559 goto drop;
560
561 if (ip6mr_fib_lookup(net, &fl6, &mrt) < 0)
562 goto drop;
563
564 /* Pairs with WRITE_ONCE() in mif6_add()/mif6_delete() */
565 reg_vif_num = READ_ONCE(mrt->mroute_reg_vif_num);
566 if (reg_vif_num >= 0)
567 reg_dev = vif_dev_read(&mrt->vif_table[reg_vif_num]);
568
569 if (!reg_dev)
570 goto drop;
571
572 skb->mac_header = skb->network_header;
573 skb_pull(skb, (u8 *)encap - skb->data);
574 skb_reset_network_header(skb);
575 skb->protocol = htons(ETH_P_IPV6);
576 skb->ip_summed = CHECKSUM_NONE;
577
578 skb_tunnel_rx(skb, reg_dev, dev_net(reg_dev));
579
580 netif_rx(skb);
581
582 return 0;
583 drop:
584 kfree_skb(skb);
585 return 0;
586}
587
588static const struct inet6_protocol pim6_protocol = {
589 .handler = pim6_rcv,
590};
591
592/* Service routines creating virtual interfaces: PIMREG */
593
594static netdev_tx_t reg_vif_xmit(struct sk_buff *skb,
595 struct net_device *dev)
596{
597 struct net *net = dev_net(dev);
598 struct mr_table *mrt;
599 struct flowi6 fl6 = {
600 .flowi6_oif = dev->ifindex,
601 .flowi6_iif = skb->skb_iif ? : LOOPBACK_IFINDEX,
602 .flowi6_mark = skb->mark,
603 };
604
605 if (!pskb_inet_may_pull(skb))
606 goto tx_err;
607
608 if (ip6mr_fib_lookup(net, &fl6, &mrt) < 0)
609 goto tx_err;
610
611 DEV_STATS_ADD(dev, tx_bytes, skb->len);
612 DEV_STATS_INC(dev, tx_packets);
613 rcu_read_lock();
614 ip6mr_cache_report(mrt, skb, READ_ONCE(mrt->mroute_reg_vif_num),
615 MRT6MSG_WHOLEPKT);
616 rcu_read_unlock();
617 kfree_skb(skb);
618 return NETDEV_TX_OK;
619
620tx_err:
621 DEV_STATS_INC(dev, tx_errors);
622 kfree_skb(skb);
623 return NETDEV_TX_OK;
624}
625
626static int reg_vif_get_iflink(const struct net_device *dev)
627{
628 return 0;
629}
630
631static const struct net_device_ops reg_vif_netdev_ops = {
632 .ndo_start_xmit = reg_vif_xmit,
633 .ndo_get_iflink = reg_vif_get_iflink,
634};
635
636static void reg_vif_setup(struct net_device *dev)
637{
638 dev->type = ARPHRD_PIMREG;
639 dev->mtu = 1500 - sizeof(struct ipv6hdr) - 8;
640 dev->flags = IFF_NOARP;
641 dev->netdev_ops = ®_vif_netdev_ops;
642 dev->needs_free_netdev = true;
643 dev->features |= NETIF_F_NETNS_LOCAL;
644}
645
646static struct net_device *ip6mr_reg_vif(struct net *net, struct mr_table *mrt)
647{
648 struct net_device *dev;
649 char name[IFNAMSIZ];
650
651 if (mrt->id == RT6_TABLE_DFLT)
652 sprintf(name, "pim6reg");
653 else
654 sprintf(name, "pim6reg%u", mrt->id);
655
656 dev = alloc_netdev(0, name, NET_NAME_UNKNOWN, reg_vif_setup);
657 if (!dev)
658 return NULL;
659
660 dev_net_set(dev, net);
661
662 if (register_netdevice(dev)) {
663 free_netdev(dev);
664 return NULL;
665 }
666
667 if (dev_open(dev, NULL))
668 goto failure;
669
670 dev_hold(dev);
671 return dev;
672
673failure:
674 unregister_netdevice(dev);
675 return NULL;
676}
677#endif
678
679static int call_ip6mr_vif_entry_notifiers(struct net *net,
680 enum fib_event_type event_type,
681 struct vif_device *vif,
682 struct net_device *vif_dev,
683 mifi_t vif_index, u32 tb_id)
684{
685 return mr_call_vif_notifiers(net, RTNL_FAMILY_IP6MR, event_type,
686 vif, vif_dev, vif_index, tb_id,
687 &net->ipv6.ipmr_seq);
688}
689
690static int call_ip6mr_mfc_entry_notifiers(struct net *net,
691 enum fib_event_type event_type,
692 struct mfc6_cache *mfc, u32 tb_id)
693{
694 return mr_call_mfc_notifiers(net, RTNL_FAMILY_IP6MR, event_type,
695 &mfc->_c, tb_id, &net->ipv6.ipmr_seq);
696}
697
698/* Delete a VIF entry */
699static int mif6_delete(struct mr_table *mrt, int vifi, int notify,
700 struct list_head *head)
701{
702 struct vif_device *v;
703 struct net_device *dev;
704 struct inet6_dev *in6_dev;
705
706 if (vifi < 0 || vifi >= mrt->maxvif)
707 return -EADDRNOTAVAIL;
708
709 v = &mrt->vif_table[vifi];
710
711 dev = rtnl_dereference(v->dev);
712 if (!dev)
713 return -EADDRNOTAVAIL;
714
715 call_ip6mr_vif_entry_notifiers(read_pnet(&mrt->net),
716 FIB_EVENT_VIF_DEL, v, dev,
717 vifi, mrt->id);
718 spin_lock(&mrt_lock);
719 RCU_INIT_POINTER(v->dev, NULL);
720
721#ifdef CONFIG_IPV6_PIMSM_V2
722 if (vifi == mrt->mroute_reg_vif_num) {
723 /* Pairs with READ_ONCE() in ip6mr_cache_report() and reg_vif_xmit() */
724 WRITE_ONCE(mrt->mroute_reg_vif_num, -1);
725 }
726#endif
727
728 if (vifi + 1 == mrt->maxvif) {
729 int tmp;
730 for (tmp = vifi - 1; tmp >= 0; tmp--) {
731 if (VIF_EXISTS(mrt, tmp))
732 break;
733 }
734 WRITE_ONCE(mrt->maxvif, tmp + 1);
735 }
736
737 spin_unlock(&mrt_lock);
738
739 dev_set_allmulti(dev, -1);
740
741 in6_dev = __in6_dev_get(dev);
742 if (in6_dev) {
743 atomic_dec(&in6_dev->cnf.mc_forwarding);
744 inet6_netconf_notify_devconf(dev_net(dev), RTM_NEWNETCONF,
745 NETCONFA_MC_FORWARDING,
746 dev->ifindex, &in6_dev->cnf);
747 }
748
749 if ((v->flags & MIFF_REGISTER) && !notify)
750 unregister_netdevice_queue(dev, head);
751
752 netdev_put(dev, &v->dev_tracker);
753 return 0;
754}
755
756static inline void ip6mr_cache_free_rcu(struct rcu_head *head)
757{
758 struct mr_mfc *c = container_of(head, struct mr_mfc, rcu);
759
760 kmem_cache_free(mrt_cachep, (struct mfc6_cache *)c);
761}
762
763static inline void ip6mr_cache_free(struct mfc6_cache *c)
764{
765 call_rcu(&c->_c.rcu, ip6mr_cache_free_rcu);
766}
767
768/* Destroy an unresolved cache entry, killing queued skbs
769 and reporting error to netlink readers.
770 */
771
772static void ip6mr_destroy_unres(struct mr_table *mrt, struct mfc6_cache *c)
773{
774 struct net *net = read_pnet(&mrt->net);
775 struct sk_buff *skb;
776
777 atomic_dec(&mrt->cache_resolve_queue_len);
778
779 while ((skb = skb_dequeue(&c->_c.mfc_un.unres.unresolved)) != NULL) {
780 if (ipv6_hdr(skb)->version == 0) {
781 struct nlmsghdr *nlh = skb_pull(skb,
782 sizeof(struct ipv6hdr));
783 nlh->nlmsg_type = NLMSG_ERROR;
784 nlh->nlmsg_len = nlmsg_msg_size(sizeof(struct nlmsgerr));
785 skb_trim(skb, nlh->nlmsg_len);
786 ((struct nlmsgerr *)nlmsg_data(nlh))->error = -ETIMEDOUT;
787 rtnl_unicast(skb, net, NETLINK_CB(skb).portid);
788 } else
789 kfree_skb(skb);
790 }
791
792 ip6mr_cache_free(c);
793}
794
795
796/* Timer process for all the unresolved queue. */
797
798static void ipmr_do_expire_process(struct mr_table *mrt)
799{
800 unsigned long now = jiffies;
801 unsigned long expires = 10 * HZ;
802 struct mr_mfc *c, *next;
803
804 list_for_each_entry_safe(c, next, &mrt->mfc_unres_queue, list) {
805 if (time_after(c->mfc_un.unres.expires, now)) {
806 /* not yet... */
807 unsigned long interval = c->mfc_un.unres.expires - now;
808 if (interval < expires)
809 expires = interval;
810 continue;
811 }
812
813 list_del(&c->list);
814 mr6_netlink_event(mrt, (struct mfc6_cache *)c, RTM_DELROUTE);
815 ip6mr_destroy_unres(mrt, (struct mfc6_cache *)c);
816 }
817
818 if (!list_empty(&mrt->mfc_unres_queue))
819 mod_timer(&mrt->ipmr_expire_timer, jiffies + expires);
820}
821
822static void ipmr_expire_process(struct timer_list *t)
823{
824 struct mr_table *mrt = from_timer(mrt, t, ipmr_expire_timer);
825
826 if (!spin_trylock(&mfc_unres_lock)) {
827 mod_timer(&mrt->ipmr_expire_timer, jiffies + 1);
828 return;
829 }
830
831 if (!list_empty(&mrt->mfc_unres_queue))
832 ipmr_do_expire_process(mrt);
833
834 spin_unlock(&mfc_unres_lock);
835}
836
837/* Fill oifs list. It is called under locked mrt_lock. */
838
839static void ip6mr_update_thresholds(struct mr_table *mrt,
840 struct mr_mfc *cache,
841 unsigned char *ttls)
842{
843 int vifi;
844
845 cache->mfc_un.res.minvif = MAXMIFS;
846 cache->mfc_un.res.maxvif = 0;
847 memset(cache->mfc_un.res.ttls, 255, MAXMIFS);
848
849 for (vifi = 0; vifi < mrt->maxvif; vifi++) {
850 if (VIF_EXISTS(mrt, vifi) &&
851 ttls[vifi] && ttls[vifi] < 255) {
852 cache->mfc_un.res.ttls[vifi] = ttls[vifi];
853 if (cache->mfc_un.res.minvif > vifi)
854 cache->mfc_un.res.minvif = vifi;
855 if (cache->mfc_un.res.maxvif <= vifi)
856 cache->mfc_un.res.maxvif = vifi + 1;
857 }
858 }
859 cache->mfc_un.res.lastuse = jiffies;
860}
861
862static int mif6_add(struct net *net, struct mr_table *mrt,
863 struct mif6ctl *vifc, int mrtsock)
864{
865 int vifi = vifc->mif6c_mifi;
866 struct vif_device *v = &mrt->vif_table[vifi];
867 struct net_device *dev;
868 struct inet6_dev *in6_dev;
869 int err;
870
871 /* Is vif busy ? */
872 if (VIF_EXISTS(mrt, vifi))
873 return -EADDRINUSE;
874
875 switch (vifc->mif6c_flags) {
876#ifdef CONFIG_IPV6_PIMSM_V2
877 case MIFF_REGISTER:
878 /*
879 * Special Purpose VIF in PIM
880 * All the packets will be sent to the daemon
881 */
882 if (mrt->mroute_reg_vif_num >= 0)
883 return -EADDRINUSE;
884 dev = ip6mr_reg_vif(net, mrt);
885 if (!dev)
886 return -ENOBUFS;
887 err = dev_set_allmulti(dev, 1);
888 if (err) {
889 unregister_netdevice(dev);
890 dev_put(dev);
891 return err;
892 }
893 break;
894#endif
895 case 0:
896 dev = dev_get_by_index(net, vifc->mif6c_pifi);
897 if (!dev)
898 return -EADDRNOTAVAIL;
899 err = dev_set_allmulti(dev, 1);
900 if (err) {
901 dev_put(dev);
902 return err;
903 }
904 break;
905 default:
906 return -EINVAL;
907 }
908
909 in6_dev = __in6_dev_get(dev);
910 if (in6_dev) {
911 atomic_inc(&in6_dev->cnf.mc_forwarding);
912 inet6_netconf_notify_devconf(dev_net(dev), RTM_NEWNETCONF,
913 NETCONFA_MC_FORWARDING,
914 dev->ifindex, &in6_dev->cnf);
915 }
916
917 /* Fill in the VIF structures */
918 vif_device_init(v, dev, vifc->vifc_rate_limit, vifc->vifc_threshold,
919 vifc->mif6c_flags | (!mrtsock ? VIFF_STATIC : 0),
920 MIFF_REGISTER);
921
922 /* And finish update writing critical data */
923 spin_lock(&mrt_lock);
924 rcu_assign_pointer(v->dev, dev);
925 netdev_tracker_alloc(dev, &v->dev_tracker, GFP_ATOMIC);
926#ifdef CONFIG_IPV6_PIMSM_V2
927 if (v->flags & MIFF_REGISTER)
928 WRITE_ONCE(mrt->mroute_reg_vif_num, vifi);
929#endif
930 if (vifi + 1 > mrt->maxvif)
931 WRITE_ONCE(mrt->maxvif, vifi + 1);
932 spin_unlock(&mrt_lock);
933 call_ip6mr_vif_entry_notifiers(net, FIB_EVENT_VIF_ADD,
934 v, dev, vifi, mrt->id);
935 return 0;
936}
937
938static struct mfc6_cache *ip6mr_cache_find(struct mr_table *mrt,
939 const struct in6_addr *origin,
940 const struct in6_addr *mcastgrp)
941{
942 struct mfc6_cache_cmp_arg arg = {
943 .mf6c_origin = *origin,
944 .mf6c_mcastgrp = *mcastgrp,
945 };
946
947 return mr_mfc_find(mrt, &arg);
948}
949
950/* Look for a (*,G) entry */
951static struct mfc6_cache *ip6mr_cache_find_any(struct mr_table *mrt,
952 struct in6_addr *mcastgrp,
953 mifi_t mifi)
954{
955 struct mfc6_cache_cmp_arg arg = {
956 .mf6c_origin = in6addr_any,
957 .mf6c_mcastgrp = *mcastgrp,
958 };
959
960 if (ipv6_addr_any(mcastgrp))
961 return mr_mfc_find_any_parent(mrt, mifi);
962 return mr_mfc_find_any(mrt, mifi, &arg);
963}
964
965/* Look for a (S,G,iif) entry if parent != -1 */
966static struct mfc6_cache *
967ip6mr_cache_find_parent(struct mr_table *mrt,
968 const struct in6_addr *origin,
969 const struct in6_addr *mcastgrp,
970 int parent)
971{
972 struct mfc6_cache_cmp_arg arg = {
973 .mf6c_origin = *origin,
974 .mf6c_mcastgrp = *mcastgrp,
975 };
976
977 return mr_mfc_find_parent(mrt, &arg, parent);
978}
979
980/* Allocate a multicast cache entry */
981static struct mfc6_cache *ip6mr_cache_alloc(void)
982{
983 struct mfc6_cache *c = kmem_cache_zalloc(mrt_cachep, GFP_KERNEL);
984 if (!c)
985 return NULL;
986 c->_c.mfc_un.res.last_assert = jiffies - MFC_ASSERT_THRESH - 1;
987 c->_c.mfc_un.res.minvif = MAXMIFS;
988 c->_c.free = ip6mr_cache_free_rcu;
989 refcount_set(&c->_c.mfc_un.res.refcount, 1);
990 return c;
991}
992
993static struct mfc6_cache *ip6mr_cache_alloc_unres(void)
994{
995 struct mfc6_cache *c = kmem_cache_zalloc(mrt_cachep, GFP_ATOMIC);
996 if (!c)
997 return NULL;
998 skb_queue_head_init(&c->_c.mfc_un.unres.unresolved);
999 c->_c.mfc_un.unres.expires = jiffies + 10 * HZ;
1000 return c;
1001}
1002
1003/*
1004 * A cache entry has gone into a resolved state from queued
1005 */
1006
1007static void ip6mr_cache_resolve(struct net *net, struct mr_table *mrt,
1008 struct mfc6_cache *uc, struct mfc6_cache *c)
1009{
1010 struct sk_buff *skb;
1011
1012 /*
1013 * Play the pending entries through our router
1014 */
1015
1016 while ((skb = __skb_dequeue(&uc->_c.mfc_un.unres.unresolved))) {
1017 if (ipv6_hdr(skb)->version == 0) {
1018 struct nlmsghdr *nlh = skb_pull(skb,
1019 sizeof(struct ipv6hdr));
1020
1021 if (mr_fill_mroute(mrt, skb, &c->_c,
1022 nlmsg_data(nlh)) > 0) {
1023 nlh->nlmsg_len = skb_tail_pointer(skb) - (u8 *)nlh;
1024 } else {
1025 nlh->nlmsg_type = NLMSG_ERROR;
1026 nlh->nlmsg_len = nlmsg_msg_size(sizeof(struct nlmsgerr));
1027 skb_trim(skb, nlh->nlmsg_len);
1028 ((struct nlmsgerr *)nlmsg_data(nlh))->error = -EMSGSIZE;
1029 }
1030 rtnl_unicast(skb, net, NETLINK_CB(skb).portid);
1031 } else {
1032 rcu_read_lock();
1033 ip6_mr_forward(net, mrt, skb->dev, skb, c);
1034 rcu_read_unlock();
1035 }
1036 }
1037}
1038
1039/*
1040 * Bounce a cache query up to pim6sd and netlink.
1041 *
1042 * Called under rcu_read_lock()
1043 */
1044
1045static int ip6mr_cache_report(const struct mr_table *mrt, struct sk_buff *pkt,
1046 mifi_t mifi, int assert)
1047{
1048 struct sock *mroute6_sk;
1049 struct sk_buff *skb;
1050 struct mrt6msg *msg;
1051 int ret;
1052
1053#ifdef CONFIG_IPV6_PIMSM_V2
1054 if (assert == MRT6MSG_WHOLEPKT || assert == MRT6MSG_WRMIFWHOLE)
1055 skb = skb_realloc_headroom(pkt, -skb_network_offset(pkt)
1056 +sizeof(*msg));
1057 else
1058#endif
1059 skb = alloc_skb(sizeof(struct ipv6hdr) + sizeof(*msg), GFP_ATOMIC);
1060
1061 if (!skb)
1062 return -ENOBUFS;
1063
1064 /* I suppose that internal messages
1065 * do not require checksums */
1066
1067 skb->ip_summed = CHECKSUM_UNNECESSARY;
1068
1069#ifdef CONFIG_IPV6_PIMSM_V2
1070 if (assert == MRT6MSG_WHOLEPKT || assert == MRT6MSG_WRMIFWHOLE) {
1071 /* Ugly, but we have no choice with this interface.
1072 Duplicate old header, fix length etc.
1073 And all this only to mangle msg->im6_msgtype and
1074 to set msg->im6_mbz to "mbz" :-)
1075 */
1076 __skb_pull(skb, skb_network_offset(pkt));
1077
1078 skb_push(skb, sizeof(*msg));
1079 skb_reset_transport_header(skb);
1080 msg = (struct mrt6msg *)skb_transport_header(skb);
1081 msg->im6_mbz = 0;
1082 msg->im6_msgtype = assert;
1083 if (assert == MRT6MSG_WRMIFWHOLE)
1084 msg->im6_mif = mifi;
1085 else
1086 msg->im6_mif = READ_ONCE(mrt->mroute_reg_vif_num);
1087 msg->im6_pad = 0;
1088 msg->im6_src = ipv6_hdr(pkt)->saddr;
1089 msg->im6_dst = ipv6_hdr(pkt)->daddr;
1090
1091 skb->ip_summed = CHECKSUM_UNNECESSARY;
1092 } else
1093#endif
1094 {
1095 /*
1096 * Copy the IP header
1097 */
1098
1099 skb_put(skb, sizeof(struct ipv6hdr));
1100 skb_reset_network_header(skb);
1101 skb_copy_to_linear_data(skb, ipv6_hdr(pkt), sizeof(struct ipv6hdr));
1102
1103 /*
1104 * Add our header
1105 */
1106 skb_put(skb, sizeof(*msg));
1107 skb_reset_transport_header(skb);
1108 msg = (struct mrt6msg *)skb_transport_header(skb);
1109
1110 msg->im6_mbz = 0;
1111 msg->im6_msgtype = assert;
1112 msg->im6_mif = mifi;
1113 msg->im6_pad = 0;
1114 msg->im6_src = ipv6_hdr(pkt)->saddr;
1115 msg->im6_dst = ipv6_hdr(pkt)->daddr;
1116
1117 skb_dst_set(skb, dst_clone(skb_dst(pkt)));
1118 skb->ip_summed = CHECKSUM_UNNECESSARY;
1119 }
1120
1121 mroute6_sk = rcu_dereference(mrt->mroute_sk);
1122 if (!mroute6_sk) {
1123 kfree_skb(skb);
1124 return -EINVAL;
1125 }
1126
1127 mrt6msg_netlink_event(mrt, skb);
1128
1129 /* Deliver to user space multicast routing algorithms */
1130 ret = sock_queue_rcv_skb(mroute6_sk, skb);
1131
1132 if (ret < 0) {
1133 net_warn_ratelimited("mroute6: pending queue full, dropping entries\n");
1134 kfree_skb(skb);
1135 }
1136
1137 return ret;
1138}
1139
1140/* Queue a packet for resolution. It gets locked cache entry! */
1141static int ip6mr_cache_unresolved(struct mr_table *mrt, mifi_t mifi,
1142 struct sk_buff *skb, struct net_device *dev)
1143{
1144 struct mfc6_cache *c;
1145 bool found = false;
1146 int err;
1147
1148 spin_lock_bh(&mfc_unres_lock);
1149 list_for_each_entry(c, &mrt->mfc_unres_queue, _c.list) {
1150 if (ipv6_addr_equal(&c->mf6c_mcastgrp, &ipv6_hdr(skb)->daddr) &&
1151 ipv6_addr_equal(&c->mf6c_origin, &ipv6_hdr(skb)->saddr)) {
1152 found = true;
1153 break;
1154 }
1155 }
1156
1157 if (!found) {
1158 /*
1159 * Create a new entry if allowable
1160 */
1161
1162 c = ip6mr_cache_alloc_unres();
1163 if (!c) {
1164 spin_unlock_bh(&mfc_unres_lock);
1165
1166 kfree_skb(skb);
1167 return -ENOBUFS;
1168 }
1169
1170 /* Fill in the new cache entry */
1171 c->_c.mfc_parent = -1;
1172 c->mf6c_origin = ipv6_hdr(skb)->saddr;
1173 c->mf6c_mcastgrp = ipv6_hdr(skb)->daddr;
1174
1175 /*
1176 * Reflect first query at pim6sd
1177 */
1178 err = ip6mr_cache_report(mrt, skb, mifi, MRT6MSG_NOCACHE);
1179 if (err < 0) {
1180 /* If the report failed throw the cache entry
1181 out - Brad Parker
1182 */
1183 spin_unlock_bh(&mfc_unres_lock);
1184
1185 ip6mr_cache_free(c);
1186 kfree_skb(skb);
1187 return err;
1188 }
1189
1190 atomic_inc(&mrt->cache_resolve_queue_len);
1191 list_add(&c->_c.list, &mrt->mfc_unres_queue);
1192 mr6_netlink_event(mrt, c, RTM_NEWROUTE);
1193
1194 ipmr_do_expire_process(mrt);
1195 }
1196
1197 /* See if we can append the packet */
1198 if (c->_c.mfc_un.unres.unresolved.qlen > 3) {
1199 kfree_skb(skb);
1200 err = -ENOBUFS;
1201 } else {
1202 if (dev) {
1203 skb->dev = dev;
1204 skb->skb_iif = dev->ifindex;
1205 }
1206 skb_queue_tail(&c->_c.mfc_un.unres.unresolved, skb);
1207 err = 0;
1208 }
1209
1210 spin_unlock_bh(&mfc_unres_lock);
1211 return err;
1212}
1213
1214/*
1215 * MFC6 cache manipulation by user space
1216 */
1217
1218static int ip6mr_mfc_delete(struct mr_table *mrt, struct mf6cctl *mfc,
1219 int parent)
1220{
1221 struct mfc6_cache *c;
1222
1223 /* The entries are added/deleted only under RTNL */
1224 rcu_read_lock();
1225 c = ip6mr_cache_find_parent(mrt, &mfc->mf6cc_origin.sin6_addr,
1226 &mfc->mf6cc_mcastgrp.sin6_addr, parent);
1227 rcu_read_unlock();
1228 if (!c)
1229 return -ENOENT;
1230 rhltable_remove(&mrt->mfc_hash, &c->_c.mnode, ip6mr_rht_params);
1231 list_del_rcu(&c->_c.list);
1232
1233 call_ip6mr_mfc_entry_notifiers(read_pnet(&mrt->net),
1234 FIB_EVENT_ENTRY_DEL, c, mrt->id);
1235 mr6_netlink_event(mrt, c, RTM_DELROUTE);
1236 mr_cache_put(&c->_c);
1237 return 0;
1238}
1239
1240static int ip6mr_device_event(struct notifier_block *this,
1241 unsigned long event, void *ptr)
1242{
1243 struct net_device *dev = netdev_notifier_info_to_dev(ptr);
1244 struct net *net = dev_net(dev);
1245 struct mr_table *mrt;
1246 struct vif_device *v;
1247 int ct;
1248
1249 if (event != NETDEV_UNREGISTER)
1250 return NOTIFY_DONE;
1251
1252 ip6mr_for_each_table(mrt, net) {
1253 v = &mrt->vif_table[0];
1254 for (ct = 0; ct < mrt->maxvif; ct++, v++) {
1255 if (rcu_access_pointer(v->dev) == dev)
1256 mif6_delete(mrt, ct, 1, NULL);
1257 }
1258 }
1259
1260 return NOTIFY_DONE;
1261}
1262
1263static unsigned int ip6mr_seq_read(struct net *net)
1264{
1265 ASSERT_RTNL();
1266
1267 return net->ipv6.ipmr_seq + ip6mr_rules_seq_read(net);
1268}
1269
1270static int ip6mr_dump(struct net *net, struct notifier_block *nb,
1271 struct netlink_ext_ack *extack)
1272{
1273 return mr_dump(net, nb, RTNL_FAMILY_IP6MR, ip6mr_rules_dump,
1274 ip6mr_mr_table_iter, extack);
1275}
1276
1277static struct notifier_block ip6_mr_notifier = {
1278 .notifier_call = ip6mr_device_event
1279};
1280
1281static const struct fib_notifier_ops ip6mr_notifier_ops_template = {
1282 .family = RTNL_FAMILY_IP6MR,
1283 .fib_seq_read = ip6mr_seq_read,
1284 .fib_dump = ip6mr_dump,
1285 .owner = THIS_MODULE,
1286};
1287
1288static int __net_init ip6mr_notifier_init(struct net *net)
1289{
1290 struct fib_notifier_ops *ops;
1291
1292 net->ipv6.ipmr_seq = 0;
1293
1294 ops = fib_notifier_ops_register(&ip6mr_notifier_ops_template, net);
1295 if (IS_ERR(ops))
1296 return PTR_ERR(ops);
1297
1298 net->ipv6.ip6mr_notifier_ops = ops;
1299
1300 return 0;
1301}
1302
1303static void __net_exit ip6mr_notifier_exit(struct net *net)
1304{
1305 fib_notifier_ops_unregister(net->ipv6.ip6mr_notifier_ops);
1306 net->ipv6.ip6mr_notifier_ops = NULL;
1307}
1308
1309/* Setup for IP multicast routing */
1310static int __net_init ip6mr_net_init(struct net *net)
1311{
1312 int err;
1313
1314 err = ip6mr_notifier_init(net);
1315 if (err)
1316 return err;
1317
1318 err = ip6mr_rules_init(net);
1319 if (err < 0)
1320 goto ip6mr_rules_fail;
1321
1322#ifdef CONFIG_PROC_FS
1323 err = -ENOMEM;
1324 if (!proc_create_net("ip6_mr_vif", 0, net->proc_net, &ip6mr_vif_seq_ops,
1325 sizeof(struct mr_vif_iter)))
1326 goto proc_vif_fail;
1327 if (!proc_create_net("ip6_mr_cache", 0, net->proc_net, &ipmr_mfc_seq_ops,
1328 sizeof(struct mr_mfc_iter)))
1329 goto proc_cache_fail;
1330#endif
1331
1332 return 0;
1333
1334#ifdef CONFIG_PROC_FS
1335proc_cache_fail:
1336 remove_proc_entry("ip6_mr_vif", net->proc_net);
1337proc_vif_fail:
1338 rtnl_lock();
1339 ip6mr_rules_exit(net);
1340 rtnl_unlock();
1341#endif
1342ip6mr_rules_fail:
1343 ip6mr_notifier_exit(net);
1344 return err;
1345}
1346
1347static void __net_exit ip6mr_net_exit(struct net *net)
1348{
1349#ifdef CONFIG_PROC_FS
1350 remove_proc_entry("ip6_mr_cache", net->proc_net);
1351 remove_proc_entry("ip6_mr_vif", net->proc_net);
1352#endif
1353 ip6mr_notifier_exit(net);
1354}
1355
1356static void __net_exit ip6mr_net_exit_batch(struct list_head *net_list)
1357{
1358 struct net *net;
1359
1360 rtnl_lock();
1361 list_for_each_entry(net, net_list, exit_list)
1362 ip6mr_rules_exit(net);
1363 rtnl_unlock();
1364}
1365
1366static struct pernet_operations ip6mr_net_ops = {
1367 .init = ip6mr_net_init,
1368 .exit = ip6mr_net_exit,
1369 .exit_batch = ip6mr_net_exit_batch,
1370};
1371
1372int __init ip6_mr_init(void)
1373{
1374 int err;
1375
1376 mrt_cachep = kmem_cache_create("ip6_mrt_cache",
1377 sizeof(struct mfc6_cache),
1378 0, SLAB_HWCACHE_ALIGN,
1379 NULL);
1380 if (!mrt_cachep)
1381 return -ENOMEM;
1382
1383 err = register_pernet_subsys(&ip6mr_net_ops);
1384 if (err)
1385 goto reg_pernet_fail;
1386
1387 err = register_netdevice_notifier(&ip6_mr_notifier);
1388 if (err)
1389 goto reg_notif_fail;
1390#ifdef CONFIG_IPV6_PIMSM_V2
1391 if (inet6_add_protocol(&pim6_protocol, IPPROTO_PIM) < 0) {
1392 pr_err("%s: can't add PIM protocol\n", __func__);
1393 err = -EAGAIN;
1394 goto add_proto_fail;
1395 }
1396#endif
1397 err = rtnl_register_module(THIS_MODULE, RTNL_FAMILY_IP6MR, RTM_GETROUTE,
1398 ip6mr_rtm_getroute, ip6mr_rtm_dumproute, 0);
1399 if (err == 0)
1400 return 0;
1401
1402#ifdef CONFIG_IPV6_PIMSM_V2
1403 inet6_del_protocol(&pim6_protocol, IPPROTO_PIM);
1404add_proto_fail:
1405 unregister_netdevice_notifier(&ip6_mr_notifier);
1406#endif
1407reg_notif_fail:
1408 unregister_pernet_subsys(&ip6mr_net_ops);
1409reg_pernet_fail:
1410 kmem_cache_destroy(mrt_cachep);
1411 return err;
1412}
1413
1414void ip6_mr_cleanup(void)
1415{
1416 rtnl_unregister(RTNL_FAMILY_IP6MR, RTM_GETROUTE);
1417#ifdef CONFIG_IPV6_PIMSM_V2
1418 inet6_del_protocol(&pim6_protocol, IPPROTO_PIM);
1419#endif
1420 unregister_netdevice_notifier(&ip6_mr_notifier);
1421 unregister_pernet_subsys(&ip6mr_net_ops);
1422 kmem_cache_destroy(mrt_cachep);
1423}
1424
1425static int ip6mr_mfc_add(struct net *net, struct mr_table *mrt,
1426 struct mf6cctl *mfc, int mrtsock, int parent)
1427{
1428 unsigned char ttls[MAXMIFS];
1429 struct mfc6_cache *uc, *c;
1430 struct mr_mfc *_uc;
1431 bool found;
1432 int i, err;
1433
1434 if (mfc->mf6cc_parent >= MAXMIFS)
1435 return -ENFILE;
1436
1437 memset(ttls, 255, MAXMIFS);
1438 for (i = 0; i < MAXMIFS; i++) {
1439 if (IF_ISSET(i, &mfc->mf6cc_ifset))
1440 ttls[i] = 1;
1441 }
1442
1443 /* The entries are added/deleted only under RTNL */
1444 rcu_read_lock();
1445 c = ip6mr_cache_find_parent(mrt, &mfc->mf6cc_origin.sin6_addr,
1446 &mfc->mf6cc_mcastgrp.sin6_addr, parent);
1447 rcu_read_unlock();
1448 if (c) {
1449 spin_lock(&mrt_lock);
1450 c->_c.mfc_parent = mfc->mf6cc_parent;
1451 ip6mr_update_thresholds(mrt, &c->_c, ttls);
1452 if (!mrtsock)
1453 c->_c.mfc_flags |= MFC_STATIC;
1454 spin_unlock(&mrt_lock);
1455 call_ip6mr_mfc_entry_notifiers(net, FIB_EVENT_ENTRY_REPLACE,
1456 c, mrt->id);
1457 mr6_netlink_event(mrt, c, RTM_NEWROUTE);
1458 return 0;
1459 }
1460
1461 if (!ipv6_addr_any(&mfc->mf6cc_mcastgrp.sin6_addr) &&
1462 !ipv6_addr_is_multicast(&mfc->mf6cc_mcastgrp.sin6_addr))
1463 return -EINVAL;
1464
1465 c = ip6mr_cache_alloc();
1466 if (!c)
1467 return -ENOMEM;
1468
1469 c->mf6c_origin = mfc->mf6cc_origin.sin6_addr;
1470 c->mf6c_mcastgrp = mfc->mf6cc_mcastgrp.sin6_addr;
1471 c->_c.mfc_parent = mfc->mf6cc_parent;
1472 ip6mr_update_thresholds(mrt, &c->_c, ttls);
1473 if (!mrtsock)
1474 c->_c.mfc_flags |= MFC_STATIC;
1475
1476 err = rhltable_insert_key(&mrt->mfc_hash, &c->cmparg, &c->_c.mnode,
1477 ip6mr_rht_params);
1478 if (err) {
1479 pr_err("ip6mr: rhtable insert error %d\n", err);
1480 ip6mr_cache_free(c);
1481 return err;
1482 }
1483 list_add_tail_rcu(&c->_c.list, &mrt->mfc_cache_list);
1484
1485 /* Check to see if we resolved a queued list. If so we
1486 * need to send on the frames and tidy up.
1487 */
1488 found = false;
1489 spin_lock_bh(&mfc_unres_lock);
1490 list_for_each_entry(_uc, &mrt->mfc_unres_queue, list) {
1491 uc = (struct mfc6_cache *)_uc;
1492 if (ipv6_addr_equal(&uc->mf6c_origin, &c->mf6c_origin) &&
1493 ipv6_addr_equal(&uc->mf6c_mcastgrp, &c->mf6c_mcastgrp)) {
1494 list_del(&_uc->list);
1495 atomic_dec(&mrt->cache_resolve_queue_len);
1496 found = true;
1497 break;
1498 }
1499 }
1500 if (list_empty(&mrt->mfc_unres_queue))
1501 del_timer(&mrt->ipmr_expire_timer);
1502 spin_unlock_bh(&mfc_unres_lock);
1503
1504 if (found) {
1505 ip6mr_cache_resolve(net, mrt, uc, c);
1506 ip6mr_cache_free(uc);
1507 }
1508 call_ip6mr_mfc_entry_notifiers(net, FIB_EVENT_ENTRY_ADD,
1509 c, mrt->id);
1510 mr6_netlink_event(mrt, c, RTM_NEWROUTE);
1511 return 0;
1512}
1513
1514/*
1515 * Close the multicast socket, and clear the vif tables etc
1516 */
1517
1518static void mroute_clean_tables(struct mr_table *mrt, int flags)
1519{
1520 struct mr_mfc *c, *tmp;
1521 LIST_HEAD(list);
1522 int i;
1523
1524 /* Shut down all active vif entries */
1525 if (flags & (MRT6_FLUSH_MIFS | MRT6_FLUSH_MIFS_STATIC)) {
1526 for (i = 0; i < mrt->maxvif; i++) {
1527 if (((mrt->vif_table[i].flags & VIFF_STATIC) &&
1528 !(flags & MRT6_FLUSH_MIFS_STATIC)) ||
1529 (!(mrt->vif_table[i].flags & VIFF_STATIC) && !(flags & MRT6_FLUSH_MIFS)))
1530 continue;
1531 mif6_delete(mrt, i, 0, &list);
1532 }
1533 unregister_netdevice_many(&list);
1534 }
1535
1536 /* Wipe the cache */
1537 if (flags & (MRT6_FLUSH_MFC | MRT6_FLUSH_MFC_STATIC)) {
1538 list_for_each_entry_safe(c, tmp, &mrt->mfc_cache_list, list) {
1539 if (((c->mfc_flags & MFC_STATIC) && !(flags & MRT6_FLUSH_MFC_STATIC)) ||
1540 (!(c->mfc_flags & MFC_STATIC) && !(flags & MRT6_FLUSH_MFC)))
1541 continue;
1542 rhltable_remove(&mrt->mfc_hash, &c->mnode, ip6mr_rht_params);
1543 list_del_rcu(&c->list);
1544 call_ip6mr_mfc_entry_notifiers(read_pnet(&mrt->net),
1545 FIB_EVENT_ENTRY_DEL,
1546 (struct mfc6_cache *)c, mrt->id);
1547 mr6_netlink_event(mrt, (struct mfc6_cache *)c, RTM_DELROUTE);
1548 mr_cache_put(c);
1549 }
1550 }
1551
1552 if (flags & MRT6_FLUSH_MFC) {
1553 if (atomic_read(&mrt->cache_resolve_queue_len) != 0) {
1554 spin_lock_bh(&mfc_unres_lock);
1555 list_for_each_entry_safe(c, tmp, &mrt->mfc_unres_queue, list) {
1556 list_del(&c->list);
1557 mr6_netlink_event(mrt, (struct mfc6_cache *)c,
1558 RTM_DELROUTE);
1559 ip6mr_destroy_unres(mrt, (struct mfc6_cache *)c);
1560 }
1561 spin_unlock_bh(&mfc_unres_lock);
1562 }
1563 }
1564}
1565
1566static int ip6mr_sk_init(struct mr_table *mrt, struct sock *sk)
1567{
1568 int err = 0;
1569 struct net *net = sock_net(sk);
1570
1571 rtnl_lock();
1572 spin_lock(&mrt_lock);
1573 if (rtnl_dereference(mrt->mroute_sk)) {
1574 err = -EADDRINUSE;
1575 } else {
1576 rcu_assign_pointer(mrt->mroute_sk, sk);
1577 sock_set_flag(sk, SOCK_RCU_FREE);
1578 atomic_inc(&net->ipv6.devconf_all->mc_forwarding);
1579 }
1580 spin_unlock(&mrt_lock);
1581
1582 if (!err)
1583 inet6_netconf_notify_devconf(net, RTM_NEWNETCONF,
1584 NETCONFA_MC_FORWARDING,
1585 NETCONFA_IFINDEX_ALL,
1586 net->ipv6.devconf_all);
1587 rtnl_unlock();
1588
1589 return err;
1590}
1591
1592int ip6mr_sk_done(struct sock *sk)
1593{
1594 struct net *net = sock_net(sk);
1595 struct ipv6_devconf *devconf;
1596 struct mr_table *mrt;
1597 int err = -EACCES;
1598
1599 if (sk->sk_type != SOCK_RAW ||
1600 inet_sk(sk)->inet_num != IPPROTO_ICMPV6)
1601 return err;
1602
1603 devconf = net->ipv6.devconf_all;
1604 if (!devconf || !atomic_read(&devconf->mc_forwarding))
1605 return err;
1606
1607 rtnl_lock();
1608 ip6mr_for_each_table(mrt, net) {
1609 if (sk == rtnl_dereference(mrt->mroute_sk)) {
1610 spin_lock(&mrt_lock);
1611 RCU_INIT_POINTER(mrt->mroute_sk, NULL);
1612 /* Note that mroute_sk had SOCK_RCU_FREE set,
1613 * so the RCU grace period before sk freeing
1614 * is guaranteed by sk_destruct()
1615 */
1616 atomic_dec(&devconf->mc_forwarding);
1617 spin_unlock(&mrt_lock);
1618 inet6_netconf_notify_devconf(net, RTM_NEWNETCONF,
1619 NETCONFA_MC_FORWARDING,
1620 NETCONFA_IFINDEX_ALL,
1621 net->ipv6.devconf_all);
1622
1623 mroute_clean_tables(mrt, MRT6_FLUSH_MIFS | MRT6_FLUSH_MFC);
1624 err = 0;
1625 break;
1626 }
1627 }
1628 rtnl_unlock();
1629
1630 return err;
1631}
1632
1633bool mroute6_is_socket(struct net *net, struct sk_buff *skb)
1634{
1635 struct mr_table *mrt;
1636 struct flowi6 fl6 = {
1637 .flowi6_iif = skb->skb_iif ? : LOOPBACK_IFINDEX,
1638 .flowi6_oif = skb->dev->ifindex,
1639 .flowi6_mark = skb->mark,
1640 };
1641
1642 if (ip6mr_fib_lookup(net, &fl6, &mrt) < 0)
1643 return NULL;
1644
1645 return rcu_access_pointer(mrt->mroute_sk);
1646}
1647EXPORT_SYMBOL(mroute6_is_socket);
1648
1649/*
1650 * Socket options and virtual interface manipulation. The whole
1651 * virtual interface system is a complete heap, but unfortunately
1652 * that's how BSD mrouted happens to think. Maybe one day with a proper
1653 * MOSPF/PIM router set up we can clean this up.
1654 */
1655
1656int ip6_mroute_setsockopt(struct sock *sk, int optname, sockptr_t optval,
1657 unsigned int optlen)
1658{
1659 int ret, parent = 0;
1660 struct mif6ctl vif;
1661 struct mf6cctl mfc;
1662 mifi_t mifi;
1663 struct net *net = sock_net(sk);
1664 struct mr_table *mrt;
1665
1666 if (sk->sk_type != SOCK_RAW ||
1667 inet_sk(sk)->inet_num != IPPROTO_ICMPV6)
1668 return -EOPNOTSUPP;
1669
1670 mrt = ip6mr_get_table(net, raw6_sk(sk)->ip6mr_table ? : RT6_TABLE_DFLT);
1671 if (!mrt)
1672 return -ENOENT;
1673
1674 if (optname != MRT6_INIT) {
1675 if (sk != rcu_access_pointer(mrt->mroute_sk) &&
1676 !ns_capable(net->user_ns, CAP_NET_ADMIN))
1677 return -EACCES;
1678 }
1679
1680 switch (optname) {
1681 case MRT6_INIT:
1682 if (optlen < sizeof(int))
1683 return -EINVAL;
1684
1685 return ip6mr_sk_init(mrt, sk);
1686
1687 case MRT6_DONE:
1688 return ip6mr_sk_done(sk);
1689
1690 case MRT6_ADD_MIF:
1691 if (optlen < sizeof(vif))
1692 return -EINVAL;
1693 if (copy_from_sockptr(&vif, optval, sizeof(vif)))
1694 return -EFAULT;
1695 if (vif.mif6c_mifi >= MAXMIFS)
1696 return -ENFILE;
1697 rtnl_lock();
1698 ret = mif6_add(net, mrt, &vif,
1699 sk == rtnl_dereference(mrt->mroute_sk));
1700 rtnl_unlock();
1701 return ret;
1702
1703 case MRT6_DEL_MIF:
1704 if (optlen < sizeof(mifi_t))
1705 return -EINVAL;
1706 if (copy_from_sockptr(&mifi, optval, sizeof(mifi_t)))
1707 return -EFAULT;
1708 rtnl_lock();
1709 ret = mif6_delete(mrt, mifi, 0, NULL);
1710 rtnl_unlock();
1711 return ret;
1712
1713 /*
1714 * Manipulate the forwarding caches. These live
1715 * in a sort of kernel/user symbiosis.
1716 */
1717 case MRT6_ADD_MFC:
1718 case MRT6_DEL_MFC:
1719 parent = -1;
1720 fallthrough;
1721 case MRT6_ADD_MFC_PROXY:
1722 case MRT6_DEL_MFC_PROXY:
1723 if (optlen < sizeof(mfc))
1724 return -EINVAL;
1725 if (copy_from_sockptr(&mfc, optval, sizeof(mfc)))
1726 return -EFAULT;
1727 if (parent == 0)
1728 parent = mfc.mf6cc_parent;
1729 rtnl_lock();
1730 if (optname == MRT6_DEL_MFC || optname == MRT6_DEL_MFC_PROXY)
1731 ret = ip6mr_mfc_delete(mrt, &mfc, parent);
1732 else
1733 ret = ip6mr_mfc_add(net, mrt, &mfc,
1734 sk ==
1735 rtnl_dereference(mrt->mroute_sk),
1736 parent);
1737 rtnl_unlock();
1738 return ret;
1739
1740 case MRT6_FLUSH:
1741 {
1742 int flags;
1743
1744 if (optlen != sizeof(flags))
1745 return -EINVAL;
1746 if (copy_from_sockptr(&flags, optval, sizeof(flags)))
1747 return -EFAULT;
1748 rtnl_lock();
1749 mroute_clean_tables(mrt, flags);
1750 rtnl_unlock();
1751 return 0;
1752 }
1753
1754 /*
1755 * Control PIM assert (to activate pim will activate assert)
1756 */
1757 case MRT6_ASSERT:
1758 {
1759 int v;
1760
1761 if (optlen != sizeof(v))
1762 return -EINVAL;
1763 if (copy_from_sockptr(&v, optval, sizeof(v)))
1764 return -EFAULT;
1765 mrt->mroute_do_assert = v;
1766 return 0;
1767 }
1768
1769#ifdef CONFIG_IPV6_PIMSM_V2
1770 case MRT6_PIM:
1771 {
1772 bool do_wrmifwhole;
1773 int v;
1774
1775 if (optlen != sizeof(v))
1776 return -EINVAL;
1777 if (copy_from_sockptr(&v, optval, sizeof(v)))
1778 return -EFAULT;
1779
1780 do_wrmifwhole = (v == MRT6MSG_WRMIFWHOLE);
1781 v = !!v;
1782 rtnl_lock();
1783 ret = 0;
1784 if (v != mrt->mroute_do_pim) {
1785 mrt->mroute_do_pim = v;
1786 mrt->mroute_do_assert = v;
1787 mrt->mroute_do_wrvifwhole = do_wrmifwhole;
1788 }
1789 rtnl_unlock();
1790 return ret;
1791 }
1792
1793#endif
1794#ifdef CONFIG_IPV6_MROUTE_MULTIPLE_TABLES
1795 case MRT6_TABLE:
1796 {
1797 u32 v;
1798
1799 if (optlen != sizeof(u32))
1800 return -EINVAL;
1801 if (copy_from_sockptr(&v, optval, sizeof(v)))
1802 return -EFAULT;
1803 /* "pim6reg%u" should not exceed 16 bytes (IFNAMSIZ) */
1804 if (v != RT_TABLE_DEFAULT && v >= 100000000)
1805 return -EINVAL;
1806 if (sk == rcu_access_pointer(mrt->mroute_sk))
1807 return -EBUSY;
1808
1809 rtnl_lock();
1810 ret = 0;
1811 mrt = ip6mr_new_table(net, v);
1812 if (IS_ERR(mrt))
1813 ret = PTR_ERR(mrt);
1814 else
1815 raw6_sk(sk)->ip6mr_table = v;
1816 rtnl_unlock();
1817 return ret;
1818 }
1819#endif
1820 /*
1821 * Spurious command, or MRT6_VERSION which you cannot
1822 * set.
1823 */
1824 default:
1825 return -ENOPROTOOPT;
1826 }
1827}
1828
1829/*
1830 * Getsock opt support for the multicast routing system.
1831 */
1832
1833int ip6_mroute_getsockopt(struct sock *sk, int optname, sockptr_t optval,
1834 sockptr_t optlen)
1835{
1836 int olr;
1837 int val;
1838 struct net *net = sock_net(sk);
1839 struct mr_table *mrt;
1840
1841 if (sk->sk_type != SOCK_RAW ||
1842 inet_sk(sk)->inet_num != IPPROTO_ICMPV6)
1843 return -EOPNOTSUPP;
1844
1845 mrt = ip6mr_get_table(net, raw6_sk(sk)->ip6mr_table ? : RT6_TABLE_DFLT);
1846 if (!mrt)
1847 return -ENOENT;
1848
1849 switch (optname) {
1850 case MRT6_VERSION:
1851 val = 0x0305;
1852 break;
1853#ifdef CONFIG_IPV6_PIMSM_V2
1854 case MRT6_PIM:
1855 val = mrt->mroute_do_pim;
1856 break;
1857#endif
1858 case MRT6_ASSERT:
1859 val = mrt->mroute_do_assert;
1860 break;
1861 default:
1862 return -ENOPROTOOPT;
1863 }
1864
1865 if (copy_from_sockptr(&olr, optlen, sizeof(int)))
1866 return -EFAULT;
1867
1868 olr = min_t(int, olr, sizeof(int));
1869 if (olr < 0)
1870 return -EINVAL;
1871
1872 if (copy_to_sockptr(optlen, &olr, sizeof(int)))
1873 return -EFAULT;
1874 if (copy_to_sockptr(optval, &val, olr))
1875 return -EFAULT;
1876 return 0;
1877}
1878
1879/*
1880 * The IP multicast ioctl support routines.
1881 */
1882int ip6mr_ioctl(struct sock *sk, int cmd, void *arg)
1883{
1884 struct sioc_sg_req6 *sr;
1885 struct sioc_mif_req6 *vr;
1886 struct vif_device *vif;
1887 struct mfc6_cache *c;
1888 struct net *net = sock_net(sk);
1889 struct mr_table *mrt;
1890
1891 mrt = ip6mr_get_table(net, raw6_sk(sk)->ip6mr_table ? : RT6_TABLE_DFLT);
1892 if (!mrt)
1893 return -ENOENT;
1894
1895 switch (cmd) {
1896 case SIOCGETMIFCNT_IN6:
1897 vr = (struct sioc_mif_req6 *)arg;
1898 if (vr->mifi >= mrt->maxvif)
1899 return -EINVAL;
1900 vr->mifi = array_index_nospec(vr->mifi, mrt->maxvif);
1901 rcu_read_lock();
1902 vif = &mrt->vif_table[vr->mifi];
1903 if (VIF_EXISTS(mrt, vr->mifi)) {
1904 vr->icount = READ_ONCE(vif->pkt_in);
1905 vr->ocount = READ_ONCE(vif->pkt_out);
1906 vr->ibytes = READ_ONCE(vif->bytes_in);
1907 vr->obytes = READ_ONCE(vif->bytes_out);
1908 rcu_read_unlock();
1909 return 0;
1910 }
1911 rcu_read_unlock();
1912 return -EADDRNOTAVAIL;
1913 case SIOCGETSGCNT_IN6:
1914 sr = (struct sioc_sg_req6 *)arg;
1915
1916 rcu_read_lock();
1917 c = ip6mr_cache_find(mrt, &sr->src.sin6_addr,
1918 &sr->grp.sin6_addr);
1919 if (c) {
1920 sr->pktcnt = c->_c.mfc_un.res.pkt;
1921 sr->bytecnt = c->_c.mfc_un.res.bytes;
1922 sr->wrong_if = c->_c.mfc_un.res.wrong_if;
1923 rcu_read_unlock();
1924 return 0;
1925 }
1926 rcu_read_unlock();
1927 return -EADDRNOTAVAIL;
1928 default:
1929 return -ENOIOCTLCMD;
1930 }
1931}
1932
1933#ifdef CONFIG_COMPAT
1934struct compat_sioc_sg_req6 {
1935 struct sockaddr_in6 src;
1936 struct sockaddr_in6 grp;
1937 compat_ulong_t pktcnt;
1938 compat_ulong_t bytecnt;
1939 compat_ulong_t wrong_if;
1940};
1941
1942struct compat_sioc_mif_req6 {
1943 mifi_t mifi;
1944 compat_ulong_t icount;
1945 compat_ulong_t ocount;
1946 compat_ulong_t ibytes;
1947 compat_ulong_t obytes;
1948};
1949
1950int ip6mr_compat_ioctl(struct sock *sk, unsigned int cmd, void __user *arg)
1951{
1952 struct compat_sioc_sg_req6 sr;
1953 struct compat_sioc_mif_req6 vr;
1954 struct vif_device *vif;
1955 struct mfc6_cache *c;
1956 struct net *net = sock_net(sk);
1957 struct mr_table *mrt;
1958
1959 mrt = ip6mr_get_table(net, raw6_sk(sk)->ip6mr_table ? : RT6_TABLE_DFLT);
1960 if (!mrt)
1961 return -ENOENT;
1962
1963 switch (cmd) {
1964 case SIOCGETMIFCNT_IN6:
1965 if (copy_from_user(&vr, arg, sizeof(vr)))
1966 return -EFAULT;
1967 if (vr.mifi >= mrt->maxvif)
1968 return -EINVAL;
1969 vr.mifi = array_index_nospec(vr.mifi, mrt->maxvif);
1970 rcu_read_lock();
1971 vif = &mrt->vif_table[vr.mifi];
1972 if (VIF_EXISTS(mrt, vr.mifi)) {
1973 vr.icount = READ_ONCE(vif->pkt_in);
1974 vr.ocount = READ_ONCE(vif->pkt_out);
1975 vr.ibytes = READ_ONCE(vif->bytes_in);
1976 vr.obytes = READ_ONCE(vif->bytes_out);
1977 rcu_read_unlock();
1978
1979 if (copy_to_user(arg, &vr, sizeof(vr)))
1980 return -EFAULT;
1981 return 0;
1982 }
1983 rcu_read_unlock();
1984 return -EADDRNOTAVAIL;
1985 case SIOCGETSGCNT_IN6:
1986 if (copy_from_user(&sr, arg, sizeof(sr)))
1987 return -EFAULT;
1988
1989 rcu_read_lock();
1990 c = ip6mr_cache_find(mrt, &sr.src.sin6_addr, &sr.grp.sin6_addr);
1991 if (c) {
1992 sr.pktcnt = c->_c.mfc_un.res.pkt;
1993 sr.bytecnt = c->_c.mfc_un.res.bytes;
1994 sr.wrong_if = c->_c.mfc_un.res.wrong_if;
1995 rcu_read_unlock();
1996
1997 if (copy_to_user(arg, &sr, sizeof(sr)))
1998 return -EFAULT;
1999 return 0;
2000 }
2001 rcu_read_unlock();
2002 return -EADDRNOTAVAIL;
2003 default:
2004 return -ENOIOCTLCMD;
2005 }
2006}
2007#endif
2008
2009static inline int ip6mr_forward2_finish(struct net *net, struct sock *sk, struct sk_buff *skb)
2010{
2011 IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
2012 IPSTATS_MIB_OUTFORWDATAGRAMS);
2013 return dst_output(net, sk, skb);
2014}
2015
2016/*
2017 * Processing handlers for ip6mr_forward
2018 */
2019
2020static int ip6mr_forward2(struct net *net, struct mr_table *mrt,
2021 struct sk_buff *skb, int vifi)
2022{
2023 struct vif_device *vif = &mrt->vif_table[vifi];
2024 struct net_device *vif_dev;
2025 struct ipv6hdr *ipv6h;
2026 struct dst_entry *dst;
2027 struct flowi6 fl6;
2028
2029 vif_dev = vif_dev_read(vif);
2030 if (!vif_dev)
2031 goto out_free;
2032
2033#ifdef CONFIG_IPV6_PIMSM_V2
2034 if (vif->flags & MIFF_REGISTER) {
2035 WRITE_ONCE(vif->pkt_out, vif->pkt_out + 1);
2036 WRITE_ONCE(vif->bytes_out, vif->bytes_out + skb->len);
2037 DEV_STATS_ADD(vif_dev, tx_bytes, skb->len);
2038 DEV_STATS_INC(vif_dev, tx_packets);
2039 ip6mr_cache_report(mrt, skb, vifi, MRT6MSG_WHOLEPKT);
2040 goto out_free;
2041 }
2042#endif
2043
2044 ipv6h = ipv6_hdr(skb);
2045
2046 fl6 = (struct flowi6) {
2047 .flowi6_oif = vif->link,
2048 .daddr = ipv6h->daddr,
2049 };
2050
2051 dst = ip6_route_output(net, NULL, &fl6);
2052 if (dst->error) {
2053 dst_release(dst);
2054 goto out_free;
2055 }
2056
2057 skb_dst_drop(skb);
2058 skb_dst_set(skb, dst);
2059
2060 /*
2061 * RFC1584 teaches, that DVMRP/PIM router must deliver packets locally
2062 * not only before forwarding, but after forwarding on all output
2063 * interfaces. It is clear, if mrouter runs a multicasting
2064 * program, it should receive packets not depending to what interface
2065 * program is joined.
2066 * If we will not make it, the program will have to join on all
2067 * interfaces. On the other hand, multihoming host (or router, but
2068 * not mrouter) cannot join to more than one interface - it will
2069 * result in receiving multiple packets.
2070 */
2071 skb->dev = vif_dev;
2072 WRITE_ONCE(vif->pkt_out, vif->pkt_out + 1);
2073 WRITE_ONCE(vif->bytes_out, vif->bytes_out + skb->len);
2074
2075 /* We are about to write */
2076 /* XXX: extension headers? */
2077 if (skb_cow(skb, sizeof(*ipv6h) + LL_RESERVED_SPACE(vif_dev)))
2078 goto out_free;
2079
2080 ipv6h = ipv6_hdr(skb);
2081 ipv6h->hop_limit--;
2082
2083 IP6CB(skb)->flags |= IP6SKB_FORWARDED;
2084
2085 return NF_HOOK(NFPROTO_IPV6, NF_INET_FORWARD,
2086 net, NULL, skb, skb->dev, vif_dev,
2087 ip6mr_forward2_finish);
2088
2089out_free:
2090 kfree_skb(skb);
2091 return 0;
2092}
2093
2094/* Called with rcu_read_lock() */
2095static int ip6mr_find_vif(struct mr_table *mrt, struct net_device *dev)
2096{
2097 int ct;
2098
2099 /* Pairs with WRITE_ONCE() in mif6_delete()/mif6_add() */
2100 for (ct = READ_ONCE(mrt->maxvif) - 1; ct >= 0; ct--) {
2101 if (rcu_access_pointer(mrt->vif_table[ct].dev) == dev)
2102 break;
2103 }
2104 return ct;
2105}
2106
2107/* Called under rcu_read_lock() */
2108static void ip6_mr_forward(struct net *net, struct mr_table *mrt,
2109 struct net_device *dev, struct sk_buff *skb,
2110 struct mfc6_cache *c)
2111{
2112 int psend = -1;
2113 int vif, ct;
2114 int true_vifi = ip6mr_find_vif(mrt, dev);
2115
2116 vif = c->_c.mfc_parent;
2117 c->_c.mfc_un.res.pkt++;
2118 c->_c.mfc_un.res.bytes += skb->len;
2119 c->_c.mfc_un.res.lastuse = jiffies;
2120
2121 if (ipv6_addr_any(&c->mf6c_origin) && true_vifi >= 0) {
2122 struct mfc6_cache *cache_proxy;
2123
2124 /* For an (*,G) entry, we only check that the incoming
2125 * interface is part of the static tree.
2126 */
2127 cache_proxy = mr_mfc_find_any_parent(mrt, vif);
2128 if (cache_proxy &&
2129 cache_proxy->_c.mfc_un.res.ttls[true_vifi] < 255)
2130 goto forward;
2131 }
2132
2133 /*
2134 * Wrong interface: drop packet and (maybe) send PIM assert.
2135 */
2136 if (rcu_access_pointer(mrt->vif_table[vif].dev) != dev) {
2137 c->_c.mfc_un.res.wrong_if++;
2138
2139 if (true_vifi >= 0 && mrt->mroute_do_assert &&
2140 /* pimsm uses asserts, when switching from RPT to SPT,
2141 so that we cannot check that packet arrived on an oif.
2142 It is bad, but otherwise we would need to move pretty
2143 large chunk of pimd to kernel. Ough... --ANK
2144 */
2145 (mrt->mroute_do_pim ||
2146 c->_c.mfc_un.res.ttls[true_vifi] < 255) &&
2147 time_after(jiffies,
2148 c->_c.mfc_un.res.last_assert +
2149 MFC_ASSERT_THRESH)) {
2150 c->_c.mfc_un.res.last_assert = jiffies;
2151 ip6mr_cache_report(mrt, skb, true_vifi, MRT6MSG_WRONGMIF);
2152 if (mrt->mroute_do_wrvifwhole)
2153 ip6mr_cache_report(mrt, skb, true_vifi,
2154 MRT6MSG_WRMIFWHOLE);
2155 }
2156 goto dont_forward;
2157 }
2158
2159forward:
2160 WRITE_ONCE(mrt->vif_table[vif].pkt_in,
2161 mrt->vif_table[vif].pkt_in + 1);
2162 WRITE_ONCE(mrt->vif_table[vif].bytes_in,
2163 mrt->vif_table[vif].bytes_in + skb->len);
2164
2165 /*
2166 * Forward the frame
2167 */
2168 if (ipv6_addr_any(&c->mf6c_origin) &&
2169 ipv6_addr_any(&c->mf6c_mcastgrp)) {
2170 if (true_vifi >= 0 &&
2171 true_vifi != c->_c.mfc_parent &&
2172 ipv6_hdr(skb)->hop_limit >
2173 c->_c.mfc_un.res.ttls[c->_c.mfc_parent]) {
2174 /* It's an (*,*) entry and the packet is not coming from
2175 * the upstream: forward the packet to the upstream
2176 * only.
2177 */
2178 psend = c->_c.mfc_parent;
2179 goto last_forward;
2180 }
2181 goto dont_forward;
2182 }
2183 for (ct = c->_c.mfc_un.res.maxvif - 1;
2184 ct >= c->_c.mfc_un.res.minvif; ct--) {
2185 /* For (*,G) entry, don't forward to the incoming interface */
2186 if ((!ipv6_addr_any(&c->mf6c_origin) || ct != true_vifi) &&
2187 ipv6_hdr(skb)->hop_limit > c->_c.mfc_un.res.ttls[ct]) {
2188 if (psend != -1) {
2189 struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC);
2190 if (skb2)
2191 ip6mr_forward2(net, mrt, skb2, psend);
2192 }
2193 psend = ct;
2194 }
2195 }
2196last_forward:
2197 if (psend != -1) {
2198 ip6mr_forward2(net, mrt, skb, psend);
2199 return;
2200 }
2201
2202dont_forward:
2203 kfree_skb(skb);
2204}
2205
2206
2207/*
2208 * Multicast packets for forwarding arrive here
2209 */
2210
2211int ip6_mr_input(struct sk_buff *skb)
2212{
2213 struct mfc6_cache *cache;
2214 struct net *net = dev_net(skb->dev);
2215 struct mr_table *mrt;
2216 struct flowi6 fl6 = {
2217 .flowi6_iif = skb->dev->ifindex,
2218 .flowi6_mark = skb->mark,
2219 };
2220 int err;
2221 struct net_device *dev;
2222
2223 /* skb->dev passed in is the master dev for vrfs.
2224 * Get the proper interface that does have a vif associated with it.
2225 */
2226 dev = skb->dev;
2227 if (netif_is_l3_master(skb->dev)) {
2228 dev = dev_get_by_index_rcu(net, IPCB(skb)->iif);
2229 if (!dev) {
2230 kfree_skb(skb);
2231 return -ENODEV;
2232 }
2233 }
2234
2235 err = ip6mr_fib_lookup(net, &fl6, &mrt);
2236 if (err < 0) {
2237 kfree_skb(skb);
2238 return err;
2239 }
2240
2241 cache = ip6mr_cache_find(mrt,
2242 &ipv6_hdr(skb)->saddr, &ipv6_hdr(skb)->daddr);
2243 if (!cache) {
2244 int vif = ip6mr_find_vif(mrt, dev);
2245
2246 if (vif >= 0)
2247 cache = ip6mr_cache_find_any(mrt,
2248 &ipv6_hdr(skb)->daddr,
2249 vif);
2250 }
2251
2252 /*
2253 * No usable cache entry
2254 */
2255 if (!cache) {
2256 int vif;
2257
2258 vif = ip6mr_find_vif(mrt, dev);
2259 if (vif >= 0) {
2260 int err = ip6mr_cache_unresolved(mrt, vif, skb, dev);
2261
2262 return err;
2263 }
2264 kfree_skb(skb);
2265 return -ENODEV;
2266 }
2267
2268 ip6_mr_forward(net, mrt, dev, skb, cache);
2269
2270 return 0;
2271}
2272
2273int ip6mr_get_route(struct net *net, struct sk_buff *skb, struct rtmsg *rtm,
2274 u32 portid)
2275{
2276 int err;
2277 struct mr_table *mrt;
2278 struct mfc6_cache *cache;
2279 struct rt6_info *rt = (struct rt6_info *)skb_dst(skb);
2280
2281 mrt = ip6mr_get_table(net, RT6_TABLE_DFLT);
2282 if (!mrt)
2283 return -ENOENT;
2284
2285 rcu_read_lock();
2286 cache = ip6mr_cache_find(mrt, &rt->rt6i_src.addr, &rt->rt6i_dst.addr);
2287 if (!cache && skb->dev) {
2288 int vif = ip6mr_find_vif(mrt, skb->dev);
2289
2290 if (vif >= 0)
2291 cache = ip6mr_cache_find_any(mrt, &rt->rt6i_dst.addr,
2292 vif);
2293 }
2294
2295 if (!cache) {
2296 struct sk_buff *skb2;
2297 struct ipv6hdr *iph;
2298 struct net_device *dev;
2299 int vif;
2300
2301 dev = skb->dev;
2302 if (!dev || (vif = ip6mr_find_vif(mrt, dev)) < 0) {
2303 rcu_read_unlock();
2304 return -ENODEV;
2305 }
2306
2307 /* really correct? */
2308 skb2 = alloc_skb(sizeof(struct ipv6hdr), GFP_ATOMIC);
2309 if (!skb2) {
2310 rcu_read_unlock();
2311 return -ENOMEM;
2312 }
2313
2314 NETLINK_CB(skb2).portid = portid;
2315 skb_reset_transport_header(skb2);
2316
2317 skb_put(skb2, sizeof(struct ipv6hdr));
2318 skb_reset_network_header(skb2);
2319
2320 iph = ipv6_hdr(skb2);
2321 iph->version = 0;
2322 iph->priority = 0;
2323 iph->flow_lbl[0] = 0;
2324 iph->flow_lbl[1] = 0;
2325 iph->flow_lbl[2] = 0;
2326 iph->payload_len = 0;
2327 iph->nexthdr = IPPROTO_NONE;
2328 iph->hop_limit = 0;
2329 iph->saddr = rt->rt6i_src.addr;
2330 iph->daddr = rt->rt6i_dst.addr;
2331
2332 err = ip6mr_cache_unresolved(mrt, vif, skb2, dev);
2333 rcu_read_unlock();
2334
2335 return err;
2336 }
2337
2338 err = mr_fill_mroute(mrt, skb, &cache->_c, rtm);
2339 rcu_read_unlock();
2340 return err;
2341}
2342
2343static int ip6mr_fill_mroute(struct mr_table *mrt, struct sk_buff *skb,
2344 u32 portid, u32 seq, struct mfc6_cache *c, int cmd,
2345 int flags)
2346{
2347 struct nlmsghdr *nlh;
2348 struct rtmsg *rtm;
2349 int err;
2350
2351 nlh = nlmsg_put(skb, portid, seq, cmd, sizeof(*rtm), flags);
2352 if (!nlh)
2353 return -EMSGSIZE;
2354
2355 rtm = nlmsg_data(nlh);
2356 rtm->rtm_family = RTNL_FAMILY_IP6MR;
2357 rtm->rtm_dst_len = 128;
2358 rtm->rtm_src_len = 128;
2359 rtm->rtm_tos = 0;
2360 rtm->rtm_table = mrt->id;
2361 if (nla_put_u32(skb, RTA_TABLE, mrt->id))
2362 goto nla_put_failure;
2363 rtm->rtm_type = RTN_MULTICAST;
2364 rtm->rtm_scope = RT_SCOPE_UNIVERSE;
2365 if (c->_c.mfc_flags & MFC_STATIC)
2366 rtm->rtm_protocol = RTPROT_STATIC;
2367 else
2368 rtm->rtm_protocol = RTPROT_MROUTED;
2369 rtm->rtm_flags = 0;
2370
2371 if (nla_put_in6_addr(skb, RTA_SRC, &c->mf6c_origin) ||
2372 nla_put_in6_addr(skb, RTA_DST, &c->mf6c_mcastgrp))
2373 goto nla_put_failure;
2374 err = mr_fill_mroute(mrt, skb, &c->_c, rtm);
2375 /* do not break the dump if cache is unresolved */
2376 if (err < 0 && err != -ENOENT)
2377 goto nla_put_failure;
2378
2379 nlmsg_end(skb, nlh);
2380 return 0;
2381
2382nla_put_failure:
2383 nlmsg_cancel(skb, nlh);
2384 return -EMSGSIZE;
2385}
2386
2387static int _ip6mr_fill_mroute(struct mr_table *mrt, struct sk_buff *skb,
2388 u32 portid, u32 seq, struct mr_mfc *c,
2389 int cmd, int flags)
2390{
2391 return ip6mr_fill_mroute(mrt, skb, portid, seq, (struct mfc6_cache *)c,
2392 cmd, flags);
2393}
2394
2395static int mr6_msgsize(bool unresolved, int maxvif)
2396{
2397 size_t len =
2398 NLMSG_ALIGN(sizeof(struct rtmsg))
2399 + nla_total_size(4) /* RTA_TABLE */
2400 + nla_total_size(sizeof(struct in6_addr)) /* RTA_SRC */
2401 + nla_total_size(sizeof(struct in6_addr)) /* RTA_DST */
2402 ;
2403
2404 if (!unresolved)
2405 len = len
2406 + nla_total_size(4) /* RTA_IIF */
2407 + nla_total_size(0) /* RTA_MULTIPATH */
2408 + maxvif * NLA_ALIGN(sizeof(struct rtnexthop))
2409 /* RTA_MFC_STATS */
2410 + nla_total_size_64bit(sizeof(struct rta_mfc_stats))
2411 ;
2412
2413 return len;
2414}
2415
2416static void mr6_netlink_event(struct mr_table *mrt, struct mfc6_cache *mfc,
2417 int cmd)
2418{
2419 struct net *net = read_pnet(&mrt->net);
2420 struct sk_buff *skb;
2421 int err = -ENOBUFS;
2422
2423 skb = nlmsg_new(mr6_msgsize(mfc->_c.mfc_parent >= MAXMIFS, mrt->maxvif),
2424 GFP_ATOMIC);
2425 if (!skb)
2426 goto errout;
2427
2428 err = ip6mr_fill_mroute(mrt, skb, 0, 0, mfc, cmd, 0);
2429 if (err < 0)
2430 goto errout;
2431
2432 rtnl_notify(skb, net, 0, RTNLGRP_IPV6_MROUTE, NULL, GFP_ATOMIC);
2433 return;
2434
2435errout:
2436 kfree_skb(skb);
2437 if (err < 0)
2438 rtnl_set_sk_err(net, RTNLGRP_IPV6_MROUTE, err);
2439}
2440
2441static size_t mrt6msg_netlink_msgsize(size_t payloadlen)
2442{
2443 size_t len =
2444 NLMSG_ALIGN(sizeof(struct rtgenmsg))
2445 + nla_total_size(1) /* IP6MRA_CREPORT_MSGTYPE */
2446 + nla_total_size(4) /* IP6MRA_CREPORT_MIF_ID */
2447 /* IP6MRA_CREPORT_SRC_ADDR */
2448 + nla_total_size(sizeof(struct in6_addr))
2449 /* IP6MRA_CREPORT_DST_ADDR */
2450 + nla_total_size(sizeof(struct in6_addr))
2451 /* IP6MRA_CREPORT_PKT */
2452 + nla_total_size(payloadlen)
2453 ;
2454
2455 return len;
2456}
2457
2458static void mrt6msg_netlink_event(const struct mr_table *mrt, struct sk_buff *pkt)
2459{
2460 struct net *net = read_pnet(&mrt->net);
2461 struct nlmsghdr *nlh;
2462 struct rtgenmsg *rtgenm;
2463 struct mrt6msg *msg;
2464 struct sk_buff *skb;
2465 struct nlattr *nla;
2466 int payloadlen;
2467
2468 payloadlen = pkt->len - sizeof(struct mrt6msg);
2469 msg = (struct mrt6msg *)skb_transport_header(pkt);
2470
2471 skb = nlmsg_new(mrt6msg_netlink_msgsize(payloadlen), GFP_ATOMIC);
2472 if (!skb)
2473 goto errout;
2474
2475 nlh = nlmsg_put(skb, 0, 0, RTM_NEWCACHEREPORT,
2476 sizeof(struct rtgenmsg), 0);
2477 if (!nlh)
2478 goto errout;
2479 rtgenm = nlmsg_data(nlh);
2480 rtgenm->rtgen_family = RTNL_FAMILY_IP6MR;
2481 if (nla_put_u8(skb, IP6MRA_CREPORT_MSGTYPE, msg->im6_msgtype) ||
2482 nla_put_u32(skb, IP6MRA_CREPORT_MIF_ID, msg->im6_mif) ||
2483 nla_put_in6_addr(skb, IP6MRA_CREPORT_SRC_ADDR,
2484 &msg->im6_src) ||
2485 nla_put_in6_addr(skb, IP6MRA_CREPORT_DST_ADDR,
2486 &msg->im6_dst))
2487 goto nla_put_failure;
2488
2489 nla = nla_reserve(skb, IP6MRA_CREPORT_PKT, payloadlen);
2490 if (!nla || skb_copy_bits(pkt, sizeof(struct mrt6msg),
2491 nla_data(nla), payloadlen))
2492 goto nla_put_failure;
2493
2494 nlmsg_end(skb, nlh);
2495
2496 rtnl_notify(skb, net, 0, RTNLGRP_IPV6_MROUTE_R, NULL, GFP_ATOMIC);
2497 return;
2498
2499nla_put_failure:
2500 nlmsg_cancel(skb, nlh);
2501errout:
2502 kfree_skb(skb);
2503 rtnl_set_sk_err(net, RTNLGRP_IPV6_MROUTE_R, -ENOBUFS);
2504}
2505
2506static const struct nla_policy ip6mr_getroute_policy[RTA_MAX + 1] = {
2507 [RTA_SRC] = NLA_POLICY_EXACT_LEN(sizeof(struct in6_addr)),
2508 [RTA_DST] = NLA_POLICY_EXACT_LEN(sizeof(struct in6_addr)),
2509 [RTA_TABLE] = { .type = NLA_U32 },
2510};
2511
2512static int ip6mr_rtm_valid_getroute_req(struct sk_buff *skb,
2513 const struct nlmsghdr *nlh,
2514 struct nlattr **tb,
2515 struct netlink_ext_ack *extack)
2516{
2517 struct rtmsg *rtm;
2518 int err;
2519
2520 err = nlmsg_parse(nlh, sizeof(*rtm), tb, RTA_MAX, ip6mr_getroute_policy,
2521 extack);
2522 if (err)
2523 return err;
2524
2525 rtm = nlmsg_data(nlh);
2526 if ((rtm->rtm_src_len && rtm->rtm_src_len != 128) ||
2527 (rtm->rtm_dst_len && rtm->rtm_dst_len != 128) ||
2528 rtm->rtm_tos || rtm->rtm_table || rtm->rtm_protocol ||
2529 rtm->rtm_scope || rtm->rtm_type || rtm->rtm_flags) {
2530 NL_SET_ERR_MSG_MOD(extack,
2531 "Invalid values in header for multicast route get request");
2532 return -EINVAL;
2533 }
2534
2535 if ((tb[RTA_SRC] && !rtm->rtm_src_len) ||
2536 (tb[RTA_DST] && !rtm->rtm_dst_len)) {
2537 NL_SET_ERR_MSG_MOD(extack, "rtm_src_len and rtm_dst_len must be 128 for IPv6");
2538 return -EINVAL;
2539 }
2540
2541 return 0;
2542}
2543
2544static int ip6mr_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr *nlh,
2545 struct netlink_ext_ack *extack)
2546{
2547 struct net *net = sock_net(in_skb->sk);
2548 struct in6_addr src = {}, grp = {};
2549 struct nlattr *tb[RTA_MAX + 1];
2550 struct mfc6_cache *cache;
2551 struct mr_table *mrt;
2552 struct sk_buff *skb;
2553 u32 tableid;
2554 int err;
2555
2556 err = ip6mr_rtm_valid_getroute_req(in_skb, nlh, tb, extack);
2557 if (err < 0)
2558 return err;
2559
2560 if (tb[RTA_SRC])
2561 src = nla_get_in6_addr(tb[RTA_SRC]);
2562 if (tb[RTA_DST])
2563 grp = nla_get_in6_addr(tb[RTA_DST]);
2564 tableid = tb[RTA_TABLE] ? nla_get_u32(tb[RTA_TABLE]) : 0;
2565
2566 mrt = ip6mr_get_table(net, tableid ?: RT_TABLE_DEFAULT);
2567 if (!mrt) {
2568 NL_SET_ERR_MSG_MOD(extack, "MR table does not exist");
2569 return -ENOENT;
2570 }
2571
2572 /* entries are added/deleted only under RTNL */
2573 rcu_read_lock();
2574 cache = ip6mr_cache_find(mrt, &src, &grp);
2575 rcu_read_unlock();
2576 if (!cache) {
2577 NL_SET_ERR_MSG_MOD(extack, "MR cache entry not found");
2578 return -ENOENT;
2579 }
2580
2581 skb = nlmsg_new(mr6_msgsize(false, mrt->maxvif), GFP_KERNEL);
2582 if (!skb)
2583 return -ENOBUFS;
2584
2585 err = ip6mr_fill_mroute(mrt, skb, NETLINK_CB(in_skb).portid,
2586 nlh->nlmsg_seq, cache, RTM_NEWROUTE, 0);
2587 if (err < 0) {
2588 kfree_skb(skb);
2589 return err;
2590 }
2591
2592 return rtnl_unicast(skb, net, NETLINK_CB(in_skb).portid);
2593}
2594
2595static int ip6mr_rtm_dumproute(struct sk_buff *skb, struct netlink_callback *cb)
2596{
2597 const struct nlmsghdr *nlh = cb->nlh;
2598 struct fib_dump_filter filter = {};
2599 int err;
2600
2601 if (cb->strict_check) {
2602 err = ip_valid_fib_dump_req(sock_net(skb->sk), nlh,
2603 &filter, cb);
2604 if (err < 0)
2605 return err;
2606 }
2607
2608 if (filter.table_id) {
2609 struct mr_table *mrt;
2610
2611 mrt = ip6mr_get_table(sock_net(skb->sk), filter.table_id);
2612 if (!mrt) {
2613 if (rtnl_msg_family(cb->nlh) != RTNL_FAMILY_IP6MR)
2614 return skb->len;
2615
2616 NL_SET_ERR_MSG_MOD(cb->extack, "MR table does not exist");
2617 return -ENOENT;
2618 }
2619 err = mr_table_dump(mrt, skb, cb, _ip6mr_fill_mroute,
2620 &mfc_unres_lock, &filter);
2621 return skb->len ? : err;
2622 }
2623
2624 return mr_rtm_dumproute(skb, cb, ip6mr_mr_table_iter,
2625 _ip6mr_fill_mroute, &mfc_unres_lock, &filter);
2626}