1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * NET3 IP device support routines.
4 *
5 * Derived from the IP parts of dev.c 1.0.19
6 * Authors: Ross Biro
7 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
8 * Mark Evans, <evansmp@uhura.aston.ac.uk>
9 *
10 * Additional Authors:
11 * Alan Cox, <gw4pts@gw4pts.ampr.org>
12 * Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>
13 *
14 * Changes:
15 * Alexey Kuznetsov: pa_* fields are replaced with ifaddr
16 * lists.
17 * Cyrus Durgin: updated for kmod
18 * Matthias Andree: in devinet_ioctl, compare label and
19 * address (4.4BSD alias style support),
20 * fall back to comparing just the label
21 * if no match found.
22 */
23
24
25 #include <linux/uaccess.h>
26 #include <linux/bitops.h>
27 #include <linux/capability.h>
28 #include <linux/module.h>
29 #include <linux/types.h>
30 #include <linux/kernel.h>
31 #include <linux/sched/signal.h>
32 #include <linux/string.h>
33 #include <linux/mm.h>
34 #include <linux/socket.h>
35 #include <linux/sockios.h>
36 #include <linux/in.h>
37 #include <linux/errno.h>
38 #include <linux/interrupt.h>
39 #include <linux/if_addr.h>
40 #include <linux/if_ether.h>
41 #include <linux/inet.h>
42 #include <linux/netdevice.h>
43 #include <linux/etherdevice.h>
44 #include <linux/skbuff.h>
45 #include <linux/init.h>
46 #include <linux/notifier.h>
47 #include <linux/inetdevice.h>
48 #include <linux/igmp.h>
49 #include <linux/slab.h>
50 #include <linux/hash.h>
51 #ifdef CONFIG_SYSCTL
52 #include <linux/sysctl.h>
53 #endif
54 #include <linux/kmod.h>
55 #include <linux/netconf.h>
56
57 #include <net/arp.h>
58 #include <net/ip.h>
59 #include <net/route.h>
60 #include <net/ip_fib.h>
61 #include <net/rtnetlink.h>
62 #include <net/net_namespace.h>
63 #include <net/addrconf.h>
64
65 #define IPV6ONLY_FLAGS \
66 (IFA_F_NODAD | IFA_F_OPTIMISTIC | IFA_F_DADFAILED | \
67 IFA_F_HOMEADDRESS | IFA_F_TENTATIVE | \
68 IFA_F_MANAGETEMPADDR | IFA_F_STABLE_PRIVACY)
69
70 static struct ipv4_devconf ipv4_devconf = {
71 .data = {
72 [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 1,
73 [IPV4_DEVCONF_SEND_REDIRECTS - 1] = 1,
74 [IPV4_DEVCONF_SECURE_REDIRECTS - 1] = 1,
75 [IPV4_DEVCONF_SHARED_MEDIA - 1] = 1,
76 [IPV4_DEVCONF_IGMPV2_UNSOLICITED_REPORT_INTERVAL - 1] = 10000 /*ms*/,
77 [IPV4_DEVCONF_IGMPV3_UNSOLICITED_REPORT_INTERVAL - 1] = 1000 /*ms*/,
78 [IPV4_DEVCONF_ARP_EVICT_NOCARRIER - 1] = 1,
79 },
80 };
81
82 static struct ipv4_devconf ipv4_devconf_dflt = {
83 .data = {
84 [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 1,
85 [IPV4_DEVCONF_SEND_REDIRECTS - 1] = 1,
86 [IPV4_DEVCONF_SECURE_REDIRECTS - 1] = 1,
87 [IPV4_DEVCONF_SHARED_MEDIA - 1] = 1,
88 [IPV4_DEVCONF_ACCEPT_SOURCE_ROUTE - 1] = 1,
89 [IPV4_DEVCONF_IGMPV2_UNSOLICITED_REPORT_INTERVAL - 1] = 10000 /*ms*/,
90 [IPV4_DEVCONF_IGMPV3_UNSOLICITED_REPORT_INTERVAL - 1] = 1000 /*ms*/,
91 [IPV4_DEVCONF_ARP_EVICT_NOCARRIER - 1] = 1,
92 },
93 };
94
95 #define IPV4_DEVCONF_DFLT(net, attr) \
96 IPV4_DEVCONF((*net->ipv4.devconf_dflt), attr)
97
98 static const struct nla_policy ifa_ipv4_policy[IFA_MAX+1] = {
99 [IFA_LOCAL] = { .type = NLA_U32 },
100 [IFA_ADDRESS] = { .type = NLA_U32 },
101 [IFA_BROADCAST] = { .type = NLA_U32 },
102 [IFA_LABEL] = { .type = NLA_STRING, .len = IFNAMSIZ - 1 },
103 [IFA_CACHEINFO] = { .len = sizeof(struct ifa_cacheinfo) },
104 [IFA_FLAGS] = { .type = NLA_U32 },
105 [IFA_RT_PRIORITY] = { .type = NLA_U32 },
106 [IFA_TARGET_NETNSID] = { .type = NLA_S32 },
107 [IFA_PROTO] = { .type = NLA_U8 },
108 };
109
110 struct inet_fill_args {
111 u32 portid;
112 u32 seq;
113 int event;
114 unsigned int flags;
115 int netnsid;
116 int ifindex;
117 };
118
119 #define IN4_ADDR_HSIZE_SHIFT 8
120 #define IN4_ADDR_HSIZE (1U << IN4_ADDR_HSIZE_SHIFT)
121
122 static struct hlist_head inet_addr_lst[IN4_ADDR_HSIZE];
123
inet_addr_hash(const struct net * net,__be32 addr)124 static u32 inet_addr_hash(const struct net *net, __be32 addr)
125 {
126 u32 val = (__force u32) addr ^ net_hash_mix(net);
127
128 return hash_32(val, IN4_ADDR_HSIZE_SHIFT);
129 }
130
inet_hash_insert(struct net * net,struct in_ifaddr * ifa)131 static void inet_hash_insert(struct net *net, struct in_ifaddr *ifa)
132 {
133 u32 hash = inet_addr_hash(net, ifa->ifa_local);
134
135 ASSERT_RTNL();
136 hlist_add_head_rcu(&ifa->hash, &inet_addr_lst[hash]);
137 }
138
inet_hash_remove(struct in_ifaddr * ifa)139 static void inet_hash_remove(struct in_ifaddr *ifa)
140 {
141 ASSERT_RTNL();
142 hlist_del_init_rcu(&ifa->hash);
143 }
144
145 /**
146 * __ip_dev_find - find the first device with a given source address.
147 * @net: the net namespace
148 * @addr: the source address
149 * @devref: if true, take a reference on the found device
150 *
151 * If a caller uses devref=false, it should be protected by RCU, or RTNL
152 */
__ip_dev_find(struct net * net,__be32 addr,bool devref)153 struct net_device *__ip_dev_find(struct net *net, __be32 addr, bool devref)
154 {
155 struct net_device *result = NULL;
156 struct in_ifaddr *ifa;
157
158 rcu_read_lock();
159 ifa = inet_lookup_ifaddr_rcu(net, addr);
160 if (!ifa) {
161 struct flowi4 fl4 = { .daddr = addr };
162 struct fib_result res = { 0 };
163 struct fib_table *local;
164
165 /* Fallback to FIB local table so that communication
166 * over loopback subnets work.
167 */
168 local = fib_get_table(net, RT_TABLE_LOCAL);
169 if (local &&
170 !fib_table_lookup(local, &fl4, &res, FIB_LOOKUP_NOREF) &&
171 res.type == RTN_LOCAL)
172 result = FIB_RES_DEV(res);
173 } else {
174 result = ifa->ifa_dev->dev;
175 }
176 if (result && devref)
177 dev_hold(result);
178 rcu_read_unlock();
179 return result;
180 }
181 EXPORT_SYMBOL(__ip_dev_find);
182
183 /* called under RCU lock */
inet_lookup_ifaddr_rcu(struct net * net,__be32 addr)184 struct in_ifaddr *inet_lookup_ifaddr_rcu(struct net *net, __be32 addr)
185 {
186 u32 hash = inet_addr_hash(net, addr);
187 struct in_ifaddr *ifa;
188
189 hlist_for_each_entry_rcu(ifa, &inet_addr_lst[hash], hash)
190 if (ifa->ifa_local == addr &&
191 net_eq(dev_net(ifa->ifa_dev->dev), net))
192 return ifa;
193
194 return NULL;
195 }
196
197 static void rtmsg_ifa(int event, struct in_ifaddr *, struct nlmsghdr *, u32);
198
199 static BLOCKING_NOTIFIER_HEAD(inetaddr_chain);
200 static BLOCKING_NOTIFIER_HEAD(inetaddr_validator_chain);
201 static void inet_del_ifa(struct in_device *in_dev,
202 struct in_ifaddr __rcu **ifap,
203 int destroy);
204 #ifdef CONFIG_SYSCTL
205 static int devinet_sysctl_register(struct in_device *idev);
206 static void devinet_sysctl_unregister(struct in_device *idev);
207 #else
devinet_sysctl_register(struct in_device * idev)208 static int devinet_sysctl_register(struct in_device *idev)
209 {
210 return 0;
211 }
devinet_sysctl_unregister(struct in_device * idev)212 static void devinet_sysctl_unregister(struct in_device *idev)
213 {
214 }
215 #endif
216
217 /* Locks all the inet devices. */
218
inet_alloc_ifa(struct in_device * in_dev)219 static struct in_ifaddr *inet_alloc_ifa(struct in_device *in_dev)
220 {
221 struct in_ifaddr *ifa;
222
223 ifa = kzalloc(sizeof(*ifa), GFP_KERNEL_ACCOUNT);
224 if (!ifa)
225 return NULL;
226
227 in_dev_hold(in_dev);
228 ifa->ifa_dev = in_dev;
229
230 INIT_HLIST_NODE(&ifa->hash);
231
232 return ifa;
233 }
234
inet_rcu_free_ifa(struct rcu_head * head)235 static void inet_rcu_free_ifa(struct rcu_head *head)
236 {
237 struct in_ifaddr *ifa = container_of(head, struct in_ifaddr, rcu_head);
238
239 in_dev_put(ifa->ifa_dev);
240 kfree(ifa);
241 }
242
inet_free_ifa(struct in_ifaddr * ifa)243 static void inet_free_ifa(struct in_ifaddr *ifa)
244 {
245 /* Our reference to ifa->ifa_dev must be freed ASAP
246 * to release the reference to the netdev the same way.
247 * in_dev_put() -> in_dev_finish_destroy() -> netdev_put()
248 */
249 call_rcu_hurry(&ifa->rcu_head, inet_rcu_free_ifa);
250 }
251
in_dev_free_rcu(struct rcu_head * head)252 static void in_dev_free_rcu(struct rcu_head *head)
253 {
254 struct in_device *idev = container_of(head, struct in_device, rcu_head);
255
256 kfree(rcu_dereference_protected(idev->mc_hash, 1));
257 kfree(idev);
258 }
259
in_dev_finish_destroy(struct in_device * idev)260 void in_dev_finish_destroy(struct in_device *idev)
261 {
262 struct net_device *dev = idev->dev;
263
264 WARN_ON(idev->ifa_list);
265 WARN_ON(idev->mc_list);
266 #ifdef NET_REFCNT_DEBUG
267 pr_debug("%s: %p=%s\n", __func__, idev, dev ? dev->name : "NIL");
268 #endif
269 netdev_put(dev, &idev->dev_tracker);
270 if (!idev->dead)
271 pr_err("Freeing alive in_device %p\n", idev);
272 else
273 call_rcu(&idev->rcu_head, in_dev_free_rcu);
274 }
275 EXPORT_SYMBOL(in_dev_finish_destroy);
276
inetdev_init(struct net_device * dev)277 static struct in_device *inetdev_init(struct net_device *dev)
278 {
279 struct in_device *in_dev;
280 int err = -ENOMEM;
281
282 ASSERT_RTNL();
283
284 in_dev = kzalloc(sizeof(*in_dev), GFP_KERNEL);
285 if (!in_dev)
286 goto out;
287 memcpy(&in_dev->cnf, dev_net(dev)->ipv4.devconf_dflt,
288 sizeof(in_dev->cnf));
289 in_dev->cnf.sysctl = NULL;
290 in_dev->dev = dev;
291 in_dev->arp_parms = neigh_parms_alloc(dev, &arp_tbl);
292 if (!in_dev->arp_parms)
293 goto out_kfree;
294 if (IPV4_DEVCONF(in_dev->cnf, FORWARDING))
295 dev_disable_lro(dev);
296 /* Reference in_dev->dev */
297 netdev_hold(dev, &in_dev->dev_tracker, GFP_KERNEL);
298 /* Account for reference dev->ip_ptr (below) */
299 refcount_set(&in_dev->refcnt, 1);
300
301 if (dev != blackhole_netdev) {
302 err = devinet_sysctl_register(in_dev);
303 if (err) {
304 in_dev->dead = 1;
305 neigh_parms_release(&arp_tbl, in_dev->arp_parms);
306 in_dev_put(in_dev);
307 in_dev = NULL;
308 goto out;
309 }
310 ip_mc_init_dev(in_dev);
311 if (dev->flags & IFF_UP)
312 ip_mc_up(in_dev);
313 }
314
315 /* we can receive as soon as ip_ptr is set -- do this last */
316 rcu_assign_pointer(dev->ip_ptr, in_dev);
317 out:
318 return in_dev ?: ERR_PTR(err);
319 out_kfree:
320 kfree(in_dev);
321 in_dev = NULL;
322 goto out;
323 }
324
inetdev_destroy(struct in_device * in_dev)325 static void inetdev_destroy(struct in_device *in_dev)
326 {
327 struct net_device *dev;
328 struct in_ifaddr *ifa;
329
330 ASSERT_RTNL();
331
332 dev = in_dev->dev;
333
334 in_dev->dead = 1;
335
336 ip_mc_destroy_dev(in_dev);
337
338 while ((ifa = rtnl_dereference(in_dev->ifa_list)) != NULL) {
339 inet_del_ifa(in_dev, &in_dev->ifa_list, 0);
340 inet_free_ifa(ifa);
341 }
342
343 RCU_INIT_POINTER(dev->ip_ptr, NULL);
344
345 devinet_sysctl_unregister(in_dev);
346 neigh_parms_release(&arp_tbl, in_dev->arp_parms);
347 arp_ifdown(dev);
348
349 in_dev_put(in_dev);
350 }
351
inet_blackhole_dev_init(void)352 static int __init inet_blackhole_dev_init(void)
353 {
354 int err = 0;
355
356 rtnl_lock();
357 if (!inetdev_init(blackhole_netdev))
358 err = -ENOMEM;
359 rtnl_unlock();
360
361 return err;
362 }
363 late_initcall(inet_blackhole_dev_init);
364
inet_addr_onlink(struct in_device * in_dev,__be32 a,__be32 b)365 int inet_addr_onlink(struct in_device *in_dev, __be32 a, __be32 b)
366 {
367 const struct in_ifaddr *ifa;
368
369 rcu_read_lock();
370 in_dev_for_each_ifa_rcu(ifa, in_dev) {
371 if (inet_ifa_match(a, ifa)) {
372 if (!b || inet_ifa_match(b, ifa)) {
373 rcu_read_unlock();
374 return 1;
375 }
376 }
377 }
378 rcu_read_unlock();
379 return 0;
380 }
381
__inet_del_ifa(struct in_device * in_dev,struct in_ifaddr __rcu ** ifap,int destroy,struct nlmsghdr * nlh,u32 portid)382 static void __inet_del_ifa(struct in_device *in_dev,
383 struct in_ifaddr __rcu **ifap,
384 int destroy, struct nlmsghdr *nlh, u32 portid)
385 {
386 struct in_ifaddr *promote = NULL;
387 struct in_ifaddr *ifa, *ifa1;
388 struct in_ifaddr __rcu **last_prim;
389 struct in_ifaddr *prev_prom = NULL;
390 int do_promote = IN_DEV_PROMOTE_SECONDARIES(in_dev);
391
392 ASSERT_RTNL();
393
394 ifa1 = rtnl_dereference(*ifap);
395 last_prim = ifap;
396 if (in_dev->dead)
397 goto no_promotions;
398
399 /* 1. Deleting primary ifaddr forces deletion all secondaries
400 * unless alias promotion is set
401 **/
402
403 if (!(ifa1->ifa_flags & IFA_F_SECONDARY)) {
404 struct in_ifaddr __rcu **ifap1 = &ifa1->ifa_next;
405
406 while ((ifa = rtnl_dereference(*ifap1)) != NULL) {
407 if (!(ifa->ifa_flags & IFA_F_SECONDARY) &&
408 ifa1->ifa_scope <= ifa->ifa_scope)
409 last_prim = &ifa->ifa_next;
410
411 if (!(ifa->ifa_flags & IFA_F_SECONDARY) ||
412 ifa1->ifa_mask != ifa->ifa_mask ||
413 !inet_ifa_match(ifa1->ifa_address, ifa)) {
414 ifap1 = &ifa->ifa_next;
415 prev_prom = ifa;
416 continue;
417 }
418
419 if (!do_promote) {
420 inet_hash_remove(ifa);
421 *ifap1 = ifa->ifa_next;
422
423 rtmsg_ifa(RTM_DELADDR, ifa, nlh, portid);
424 blocking_notifier_call_chain(&inetaddr_chain,
425 NETDEV_DOWN, ifa);
426 inet_free_ifa(ifa);
427 } else {
428 promote = ifa;
429 break;
430 }
431 }
432 }
433
434 /* On promotion all secondaries from subnet are changing
435 * the primary IP, we must remove all their routes silently
436 * and later to add them back with new prefsrc. Do this
437 * while all addresses are on the device list.
438 */
439 for (ifa = promote; ifa; ifa = rtnl_dereference(ifa->ifa_next)) {
440 if (ifa1->ifa_mask == ifa->ifa_mask &&
441 inet_ifa_match(ifa1->ifa_address, ifa))
442 fib_del_ifaddr(ifa, ifa1);
443 }
444
445 no_promotions:
446 /* 2. Unlink it */
447
448 *ifap = ifa1->ifa_next;
449 inet_hash_remove(ifa1);
450
451 /* 3. Announce address deletion */
452
453 /* Send message first, then call notifier.
454 At first sight, FIB update triggered by notifier
455 will refer to already deleted ifaddr, that could confuse
456 netlink listeners. It is not true: look, gated sees
457 that route deleted and if it still thinks that ifaddr
458 is valid, it will try to restore deleted routes... Grr.
459 So that, this order is correct.
460 */
461 rtmsg_ifa(RTM_DELADDR, ifa1, nlh, portid);
462 blocking_notifier_call_chain(&inetaddr_chain, NETDEV_DOWN, ifa1);
463
464 if (promote) {
465 struct in_ifaddr *next_sec;
466
467 next_sec = rtnl_dereference(promote->ifa_next);
468 if (prev_prom) {
469 struct in_ifaddr *last_sec;
470
471 rcu_assign_pointer(prev_prom->ifa_next, next_sec);
472
473 last_sec = rtnl_dereference(*last_prim);
474 rcu_assign_pointer(promote->ifa_next, last_sec);
475 rcu_assign_pointer(*last_prim, promote);
476 }
477
478 promote->ifa_flags &= ~IFA_F_SECONDARY;
479 rtmsg_ifa(RTM_NEWADDR, promote, nlh, portid);
480 blocking_notifier_call_chain(&inetaddr_chain,
481 NETDEV_UP, promote);
482 for (ifa = next_sec; ifa;
483 ifa = rtnl_dereference(ifa->ifa_next)) {
484 if (ifa1->ifa_mask != ifa->ifa_mask ||
485 !inet_ifa_match(ifa1->ifa_address, ifa))
486 continue;
487 fib_add_ifaddr(ifa);
488 }
489
490 }
491 if (destroy)
492 inet_free_ifa(ifa1);
493 }
494
inet_del_ifa(struct in_device * in_dev,struct in_ifaddr __rcu ** ifap,int destroy)495 static void inet_del_ifa(struct in_device *in_dev,
496 struct in_ifaddr __rcu **ifap,
497 int destroy)
498 {
499 __inet_del_ifa(in_dev, ifap, destroy, NULL, 0);
500 }
501
502 static void check_lifetime(struct work_struct *work);
503
504 static DECLARE_DELAYED_WORK(check_lifetime_work, check_lifetime);
505
__inet_insert_ifa(struct in_ifaddr * ifa,struct nlmsghdr * nlh,u32 portid,struct netlink_ext_ack * extack)506 static int __inet_insert_ifa(struct in_ifaddr *ifa, struct nlmsghdr *nlh,
507 u32 portid, struct netlink_ext_ack *extack)
508 {
509 struct in_ifaddr __rcu **last_primary, **ifap;
510 struct in_device *in_dev = ifa->ifa_dev;
511 struct in_validator_info ivi;
512 struct in_ifaddr *ifa1;
513 int ret;
514
515 ASSERT_RTNL();
516
517 if (!ifa->ifa_local) {
518 inet_free_ifa(ifa);
519 return 0;
520 }
521
522 ifa->ifa_flags &= ~IFA_F_SECONDARY;
523 last_primary = &in_dev->ifa_list;
524
525 /* Don't set IPv6 only flags to IPv4 addresses */
526 ifa->ifa_flags &= ~IPV6ONLY_FLAGS;
527
528 ifap = &in_dev->ifa_list;
529 ifa1 = rtnl_dereference(*ifap);
530
531 while (ifa1) {
532 if (!(ifa1->ifa_flags & IFA_F_SECONDARY) &&
533 ifa->ifa_scope <= ifa1->ifa_scope)
534 last_primary = &ifa1->ifa_next;
535 if (ifa1->ifa_mask == ifa->ifa_mask &&
536 inet_ifa_match(ifa1->ifa_address, ifa)) {
537 if (ifa1->ifa_local == ifa->ifa_local) {
538 inet_free_ifa(ifa);
539 return -EEXIST;
540 }
541 if (ifa1->ifa_scope != ifa->ifa_scope) {
542 NL_SET_ERR_MSG(extack, "ipv4: Invalid scope value");
543 inet_free_ifa(ifa);
544 return -EINVAL;
545 }
546 ifa->ifa_flags |= IFA_F_SECONDARY;
547 }
548
549 ifap = &ifa1->ifa_next;
550 ifa1 = rtnl_dereference(*ifap);
551 }
552
553 /* Allow any devices that wish to register ifaddr validtors to weigh
554 * in now, before changes are committed. The rntl lock is serializing
555 * access here, so the state should not change between a validator call
556 * and a final notify on commit. This isn't invoked on promotion under
557 * the assumption that validators are checking the address itself, and
558 * not the flags.
559 */
560 ivi.ivi_addr = ifa->ifa_address;
561 ivi.ivi_dev = ifa->ifa_dev;
562 ivi.extack = extack;
563 ret = blocking_notifier_call_chain(&inetaddr_validator_chain,
564 NETDEV_UP, &ivi);
565 ret = notifier_to_errno(ret);
566 if (ret) {
567 inet_free_ifa(ifa);
568 return ret;
569 }
570
571 if (!(ifa->ifa_flags & IFA_F_SECONDARY))
572 ifap = last_primary;
573
574 rcu_assign_pointer(ifa->ifa_next, *ifap);
575 rcu_assign_pointer(*ifap, ifa);
576
577 inet_hash_insert(dev_net(in_dev->dev), ifa);
578
579 cancel_delayed_work(&check_lifetime_work);
580 queue_delayed_work(system_power_efficient_wq, &check_lifetime_work, 0);
581
582 /* Send message first, then call notifier.
583 Notifier will trigger FIB update, so that
584 listeners of netlink will know about new ifaddr */
585 rtmsg_ifa(RTM_NEWADDR, ifa, nlh, portid);
586 blocking_notifier_call_chain(&inetaddr_chain, NETDEV_UP, ifa);
587
588 return 0;
589 }
590
inet_insert_ifa(struct in_ifaddr * ifa)591 static int inet_insert_ifa(struct in_ifaddr *ifa)
592 {
593 return __inet_insert_ifa(ifa, NULL, 0, NULL);
594 }
595
inet_set_ifa(struct net_device * dev,struct in_ifaddr * ifa)596 static int inet_set_ifa(struct net_device *dev, struct in_ifaddr *ifa)
597 {
598 struct in_device *in_dev = __in_dev_get_rtnl(dev);
599
600 ASSERT_RTNL();
601
602 ipv4_devconf_setall(in_dev);
603 neigh_parms_data_state_setall(in_dev->arp_parms);
604
605 if (ipv4_is_loopback(ifa->ifa_local))
606 ifa->ifa_scope = RT_SCOPE_HOST;
607 return inet_insert_ifa(ifa);
608 }
609
610 /* Caller must hold RCU or RTNL :
611 * We dont take a reference on found in_device
612 */
inetdev_by_index(struct net * net,int ifindex)613 struct in_device *inetdev_by_index(struct net *net, int ifindex)
614 {
615 struct net_device *dev;
616 struct in_device *in_dev = NULL;
617
618 rcu_read_lock();
619 dev = dev_get_by_index_rcu(net, ifindex);
620 if (dev)
621 in_dev = rcu_dereference_rtnl(dev->ip_ptr);
622 rcu_read_unlock();
623 return in_dev;
624 }
625 EXPORT_SYMBOL(inetdev_by_index);
626
627 /* Called only from RTNL semaphored context. No locks. */
628
inet_ifa_byprefix(struct in_device * in_dev,__be32 prefix,__be32 mask)629 struct in_ifaddr *inet_ifa_byprefix(struct in_device *in_dev, __be32 prefix,
630 __be32 mask)
631 {
632 struct in_ifaddr *ifa;
633
634 ASSERT_RTNL();
635
636 in_dev_for_each_ifa_rtnl(ifa, in_dev) {
637 if (ifa->ifa_mask == mask && inet_ifa_match(prefix, ifa))
638 return ifa;
639 }
640 return NULL;
641 }
642
ip_mc_autojoin_config(struct net * net,bool join,const struct in_ifaddr * ifa)643 static int ip_mc_autojoin_config(struct net *net, bool join,
644 const struct in_ifaddr *ifa)
645 {
646 #if defined(CONFIG_IP_MULTICAST)
647 struct ip_mreqn mreq = {
648 .imr_multiaddr.s_addr = ifa->ifa_address,
649 .imr_ifindex = ifa->ifa_dev->dev->ifindex,
650 };
651 struct sock *sk = net->ipv4.mc_autojoin_sk;
652 int ret;
653
654 ASSERT_RTNL();
655
656 lock_sock(sk);
657 if (join)
658 ret = ip_mc_join_group(sk, &mreq);
659 else
660 ret = ip_mc_leave_group(sk, &mreq);
661 release_sock(sk);
662
663 return ret;
664 #else
665 return -EOPNOTSUPP;
666 #endif
667 }
668
inet_rtm_deladdr(struct sk_buff * skb,struct nlmsghdr * nlh,struct netlink_ext_ack * extack)669 static int inet_rtm_deladdr(struct sk_buff *skb, struct nlmsghdr *nlh,
670 struct netlink_ext_ack *extack)
671 {
672 struct net *net = sock_net(skb->sk);
673 struct in_ifaddr __rcu **ifap;
674 struct nlattr *tb[IFA_MAX+1];
675 struct in_device *in_dev;
676 struct ifaddrmsg *ifm;
677 struct in_ifaddr *ifa;
678 int err;
679
680 ASSERT_RTNL();
681
682 err = nlmsg_parse_deprecated(nlh, sizeof(*ifm), tb, IFA_MAX,
683 ifa_ipv4_policy, extack);
684 if (err < 0)
685 goto errout;
686
687 ifm = nlmsg_data(nlh);
688 in_dev = inetdev_by_index(net, ifm->ifa_index);
689 if (!in_dev) {
690 NL_SET_ERR_MSG(extack, "ipv4: Device not found");
691 err = -ENODEV;
692 goto errout;
693 }
694
695 for (ifap = &in_dev->ifa_list; (ifa = rtnl_dereference(*ifap)) != NULL;
696 ifap = &ifa->ifa_next) {
697 if (tb[IFA_LOCAL] &&
698 ifa->ifa_local != nla_get_in_addr(tb[IFA_LOCAL]))
699 continue;
700
701 if (tb[IFA_LABEL] && nla_strcmp(tb[IFA_LABEL], ifa->ifa_label))
702 continue;
703
704 if (tb[IFA_ADDRESS] &&
705 (ifm->ifa_prefixlen != ifa->ifa_prefixlen ||
706 !inet_ifa_match(nla_get_in_addr(tb[IFA_ADDRESS]), ifa)))
707 continue;
708
709 if (ipv4_is_multicast(ifa->ifa_address))
710 ip_mc_autojoin_config(net, false, ifa);
711 __inet_del_ifa(in_dev, ifap, 1, nlh, NETLINK_CB(skb).portid);
712 return 0;
713 }
714
715 NL_SET_ERR_MSG(extack, "ipv4: Address not found");
716 err = -EADDRNOTAVAIL;
717 errout:
718 return err;
719 }
720
check_lifetime(struct work_struct * work)721 static void check_lifetime(struct work_struct *work)
722 {
723 unsigned long now, next, next_sec, next_sched;
724 struct in_ifaddr *ifa;
725 struct hlist_node *n;
726 int i;
727
728 now = jiffies;
729 next = round_jiffies_up(now + ADDR_CHECK_FREQUENCY);
730
731 for (i = 0; i < IN4_ADDR_HSIZE; i++) {
732 bool change_needed = false;
733
734 rcu_read_lock();
735 hlist_for_each_entry_rcu(ifa, &inet_addr_lst[i], hash) {
736 unsigned long age, tstamp;
737 u32 preferred_lft;
738 u32 valid_lft;
739 u32 flags;
740
741 flags = READ_ONCE(ifa->ifa_flags);
742 if (flags & IFA_F_PERMANENT)
743 continue;
744
745 preferred_lft = READ_ONCE(ifa->ifa_preferred_lft);
746 valid_lft = READ_ONCE(ifa->ifa_valid_lft);
747 tstamp = READ_ONCE(ifa->ifa_tstamp);
748 /* We try to batch several events at once. */
749 age = (now - tstamp +
750 ADDRCONF_TIMER_FUZZ_MINUS) / HZ;
751
752 if (valid_lft != INFINITY_LIFE_TIME &&
753 age >= valid_lft) {
754 change_needed = true;
755 } else if (preferred_lft ==
756 INFINITY_LIFE_TIME) {
757 continue;
758 } else if (age >= preferred_lft) {
759 if (time_before(tstamp + valid_lft * HZ, next))
760 next = tstamp + valid_lft * HZ;
761
762 if (!(flags & IFA_F_DEPRECATED))
763 change_needed = true;
764 } else if (time_before(tstamp + preferred_lft * HZ,
765 next)) {
766 next = tstamp + preferred_lft * HZ;
767 }
768 }
769 rcu_read_unlock();
770 if (!change_needed)
771 continue;
772 rtnl_lock();
773 hlist_for_each_entry_safe(ifa, n, &inet_addr_lst[i], hash) {
774 unsigned long age;
775
776 if (ifa->ifa_flags & IFA_F_PERMANENT)
777 continue;
778
779 /* We try to batch several events at once. */
780 age = (now - ifa->ifa_tstamp +
781 ADDRCONF_TIMER_FUZZ_MINUS) / HZ;
782
783 if (ifa->ifa_valid_lft != INFINITY_LIFE_TIME &&
784 age >= ifa->ifa_valid_lft) {
785 struct in_ifaddr __rcu **ifap;
786 struct in_ifaddr *tmp;
787
788 ifap = &ifa->ifa_dev->ifa_list;
789 tmp = rtnl_dereference(*ifap);
790 while (tmp) {
791 if (tmp == ifa) {
792 inet_del_ifa(ifa->ifa_dev,
793 ifap, 1);
794 break;
795 }
796 ifap = &tmp->ifa_next;
797 tmp = rtnl_dereference(*ifap);
798 }
799 } else if (ifa->ifa_preferred_lft !=
800 INFINITY_LIFE_TIME &&
801 age >= ifa->ifa_preferred_lft &&
802 !(ifa->ifa_flags & IFA_F_DEPRECATED)) {
803 ifa->ifa_flags |= IFA_F_DEPRECATED;
804 rtmsg_ifa(RTM_NEWADDR, ifa, NULL, 0);
805 }
806 }
807 rtnl_unlock();
808 }
809
810 next_sec = round_jiffies_up(next);
811 next_sched = next;
812
813 /* If rounded timeout is accurate enough, accept it. */
814 if (time_before(next_sec, next + ADDRCONF_TIMER_FUZZ))
815 next_sched = next_sec;
816
817 now = jiffies;
818 /* And minimum interval is ADDRCONF_TIMER_FUZZ_MAX. */
819 if (time_before(next_sched, now + ADDRCONF_TIMER_FUZZ_MAX))
820 next_sched = now + ADDRCONF_TIMER_FUZZ_MAX;
821
822 queue_delayed_work(system_power_efficient_wq, &check_lifetime_work,
823 next_sched - now);
824 }
825
set_ifa_lifetime(struct in_ifaddr * ifa,__u32 valid_lft,__u32 prefered_lft)826 static void set_ifa_lifetime(struct in_ifaddr *ifa, __u32 valid_lft,
827 __u32 prefered_lft)
828 {
829 unsigned long timeout;
830 u32 flags;
831
832 flags = ifa->ifa_flags & ~(IFA_F_PERMANENT | IFA_F_DEPRECATED);
833
834 timeout = addrconf_timeout_fixup(valid_lft, HZ);
835 if (addrconf_finite_timeout(timeout))
836 WRITE_ONCE(ifa->ifa_valid_lft, timeout);
837 else
838 flags |= IFA_F_PERMANENT;
839
840 timeout = addrconf_timeout_fixup(prefered_lft, HZ);
841 if (addrconf_finite_timeout(timeout)) {
842 if (timeout == 0)
843 flags |= IFA_F_DEPRECATED;
844 WRITE_ONCE(ifa->ifa_preferred_lft, timeout);
845 }
846 WRITE_ONCE(ifa->ifa_flags, flags);
847 WRITE_ONCE(ifa->ifa_tstamp, jiffies);
848 if (!ifa->ifa_cstamp)
849 WRITE_ONCE(ifa->ifa_cstamp, ifa->ifa_tstamp);
850 }
851
rtm_to_ifaddr(struct net * net,struct nlmsghdr * nlh,__u32 * pvalid_lft,__u32 * pprefered_lft,struct netlink_ext_ack * extack)852 static struct in_ifaddr *rtm_to_ifaddr(struct net *net, struct nlmsghdr *nlh,
853 __u32 *pvalid_lft, __u32 *pprefered_lft,
854 struct netlink_ext_ack *extack)
855 {
856 struct nlattr *tb[IFA_MAX+1];
857 struct in_ifaddr *ifa;
858 struct ifaddrmsg *ifm;
859 struct net_device *dev;
860 struct in_device *in_dev;
861 int err;
862
863 err = nlmsg_parse_deprecated(nlh, sizeof(*ifm), tb, IFA_MAX,
864 ifa_ipv4_policy, extack);
865 if (err < 0)
866 goto errout;
867
868 ifm = nlmsg_data(nlh);
869 err = -EINVAL;
870
871 if (ifm->ifa_prefixlen > 32) {
872 NL_SET_ERR_MSG(extack, "ipv4: Invalid prefix length");
873 goto errout;
874 }
875
876 if (!tb[IFA_LOCAL]) {
877 NL_SET_ERR_MSG(extack, "ipv4: Local address is not supplied");
878 goto errout;
879 }
880
881 dev = __dev_get_by_index(net, ifm->ifa_index);
882 err = -ENODEV;
883 if (!dev) {
884 NL_SET_ERR_MSG(extack, "ipv4: Device not found");
885 goto errout;
886 }
887
888 in_dev = __in_dev_get_rtnl(dev);
889 err = -ENOBUFS;
890 if (!in_dev)
891 goto errout;
892
893 ifa = inet_alloc_ifa(in_dev);
894 if (!ifa)
895 /*
896 * A potential indev allocation can be left alive, it stays
897 * assigned to its device and is destroy with it.
898 */
899 goto errout;
900
901 ipv4_devconf_setall(in_dev);
902 neigh_parms_data_state_setall(in_dev->arp_parms);
903
904 if (!tb[IFA_ADDRESS])
905 tb[IFA_ADDRESS] = tb[IFA_LOCAL];
906
907 ifa->ifa_prefixlen = ifm->ifa_prefixlen;
908 ifa->ifa_mask = inet_make_mask(ifm->ifa_prefixlen);
909 ifa->ifa_flags = tb[IFA_FLAGS] ? nla_get_u32(tb[IFA_FLAGS]) :
910 ifm->ifa_flags;
911 ifa->ifa_scope = ifm->ifa_scope;
912 ifa->ifa_local = nla_get_in_addr(tb[IFA_LOCAL]);
913 ifa->ifa_address = nla_get_in_addr(tb[IFA_ADDRESS]);
914
915 if (tb[IFA_BROADCAST])
916 ifa->ifa_broadcast = nla_get_in_addr(tb[IFA_BROADCAST]);
917
918 if (tb[IFA_LABEL])
919 nla_strscpy(ifa->ifa_label, tb[IFA_LABEL], IFNAMSIZ);
920 else
921 memcpy(ifa->ifa_label, dev->name, IFNAMSIZ);
922
923 if (tb[IFA_RT_PRIORITY])
924 ifa->ifa_rt_priority = nla_get_u32(tb[IFA_RT_PRIORITY]);
925
926 if (tb[IFA_PROTO])
927 ifa->ifa_proto = nla_get_u8(tb[IFA_PROTO]);
928
929 if (tb[IFA_CACHEINFO]) {
930 struct ifa_cacheinfo *ci;
931
932 ci = nla_data(tb[IFA_CACHEINFO]);
933 if (!ci->ifa_valid || ci->ifa_prefered > ci->ifa_valid) {
934 NL_SET_ERR_MSG(extack, "ipv4: address lifetime invalid");
935 err = -EINVAL;
936 goto errout_free;
937 }
938 *pvalid_lft = ci->ifa_valid;
939 *pprefered_lft = ci->ifa_prefered;
940 }
941
942 return ifa;
943
944 errout_free:
945 inet_free_ifa(ifa);
946 errout:
947 return ERR_PTR(err);
948 }
949
find_matching_ifa(struct in_ifaddr * ifa)950 static struct in_ifaddr *find_matching_ifa(struct in_ifaddr *ifa)
951 {
952 struct in_device *in_dev = ifa->ifa_dev;
953 struct in_ifaddr *ifa1;
954
955 if (!ifa->ifa_local)
956 return NULL;
957
958 in_dev_for_each_ifa_rtnl(ifa1, in_dev) {
959 if (ifa1->ifa_mask == ifa->ifa_mask &&
960 inet_ifa_match(ifa1->ifa_address, ifa) &&
961 ifa1->ifa_local == ifa->ifa_local)
962 return ifa1;
963 }
964 return NULL;
965 }
966
inet_rtm_newaddr(struct sk_buff * skb,struct nlmsghdr * nlh,struct netlink_ext_ack * extack)967 static int inet_rtm_newaddr(struct sk_buff *skb, struct nlmsghdr *nlh,
968 struct netlink_ext_ack *extack)
969 {
970 struct net *net = sock_net(skb->sk);
971 struct in_ifaddr *ifa;
972 struct in_ifaddr *ifa_existing;
973 __u32 valid_lft = INFINITY_LIFE_TIME;
974 __u32 prefered_lft = INFINITY_LIFE_TIME;
975
976 ASSERT_RTNL();
977
978 ifa = rtm_to_ifaddr(net, nlh, &valid_lft, &prefered_lft, extack);
979 if (IS_ERR(ifa))
980 return PTR_ERR(ifa);
981
982 ifa_existing = find_matching_ifa(ifa);
983 if (!ifa_existing) {
984 /* It would be best to check for !NLM_F_CREATE here but
985 * userspace already relies on not having to provide this.
986 */
987 set_ifa_lifetime(ifa, valid_lft, prefered_lft);
988 if (ifa->ifa_flags & IFA_F_MCAUTOJOIN) {
989 int ret = ip_mc_autojoin_config(net, true, ifa);
990
991 if (ret < 0) {
992 NL_SET_ERR_MSG(extack, "ipv4: Multicast auto join failed");
993 inet_free_ifa(ifa);
994 return ret;
995 }
996 }
997 return __inet_insert_ifa(ifa, nlh, NETLINK_CB(skb).portid,
998 extack);
999 } else {
1000 u32 new_metric = ifa->ifa_rt_priority;
1001 u8 new_proto = ifa->ifa_proto;
1002
1003 inet_free_ifa(ifa);
1004
1005 if (nlh->nlmsg_flags & NLM_F_EXCL ||
1006 !(nlh->nlmsg_flags & NLM_F_REPLACE)) {
1007 NL_SET_ERR_MSG(extack, "ipv4: Address already assigned");
1008 return -EEXIST;
1009 }
1010 ifa = ifa_existing;
1011
1012 if (ifa->ifa_rt_priority != new_metric) {
1013 fib_modify_prefix_metric(ifa, new_metric);
1014 ifa->ifa_rt_priority = new_metric;
1015 }
1016
1017 ifa->ifa_proto = new_proto;
1018
1019 set_ifa_lifetime(ifa, valid_lft, prefered_lft);
1020 cancel_delayed_work(&check_lifetime_work);
1021 queue_delayed_work(system_power_efficient_wq,
1022 &check_lifetime_work, 0);
1023 rtmsg_ifa(RTM_NEWADDR, ifa, nlh, NETLINK_CB(skb).portid);
1024 }
1025 return 0;
1026 }
1027
1028 /*
1029 * Determine a default network mask, based on the IP address.
1030 */
1031
inet_abc_len(__be32 addr)1032 static int inet_abc_len(__be32 addr)
1033 {
1034 int rc = -1; /* Something else, probably a multicast. */
1035
1036 if (ipv4_is_zeronet(addr) || ipv4_is_lbcast(addr))
1037 rc = 0;
1038 else {
1039 __u32 haddr = ntohl(addr);
1040 if (IN_CLASSA(haddr))
1041 rc = 8;
1042 else if (IN_CLASSB(haddr))
1043 rc = 16;
1044 else if (IN_CLASSC(haddr))
1045 rc = 24;
1046 else if (IN_CLASSE(haddr))
1047 rc = 32;
1048 }
1049
1050 return rc;
1051 }
1052
1053
devinet_ioctl(struct net * net,unsigned int cmd,struct ifreq * ifr)1054 int devinet_ioctl(struct net *net, unsigned int cmd, struct ifreq *ifr)
1055 {
1056 struct sockaddr_in sin_orig;
1057 struct sockaddr_in *sin = (struct sockaddr_in *)&ifr->ifr_addr;
1058 struct in_ifaddr __rcu **ifap = NULL;
1059 struct in_device *in_dev;
1060 struct in_ifaddr *ifa = NULL;
1061 struct net_device *dev;
1062 char *colon;
1063 int ret = -EFAULT;
1064 int tryaddrmatch = 0;
1065
1066 ifr->ifr_name[IFNAMSIZ - 1] = 0;
1067
1068 /* save original address for comparison */
1069 memcpy(&sin_orig, sin, sizeof(*sin));
1070
1071 colon = strchr(ifr->ifr_name, ':');
1072 if (colon)
1073 *colon = 0;
1074
1075 dev_load(net, ifr->ifr_name);
1076
1077 switch (cmd) {
1078 case SIOCGIFADDR: /* Get interface address */
1079 case SIOCGIFBRDADDR: /* Get the broadcast address */
1080 case SIOCGIFDSTADDR: /* Get the destination address */
1081 case SIOCGIFNETMASK: /* Get the netmask for the interface */
1082 /* Note that these ioctls will not sleep,
1083 so that we do not impose a lock.
1084 One day we will be forced to put shlock here (I mean SMP)
1085 */
1086 tryaddrmatch = (sin_orig.sin_family == AF_INET);
1087 memset(sin, 0, sizeof(*sin));
1088 sin->sin_family = AF_INET;
1089 break;
1090
1091 case SIOCSIFFLAGS:
1092 ret = -EPERM;
1093 if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
1094 goto out;
1095 break;
1096 case SIOCSIFADDR: /* Set interface address (and family) */
1097 case SIOCSIFBRDADDR: /* Set the broadcast address */
1098 case SIOCSIFDSTADDR: /* Set the destination address */
1099 case SIOCSIFNETMASK: /* Set the netmask for the interface */
1100 ret = -EPERM;
1101 if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
1102 goto out;
1103 ret = -EINVAL;
1104 if (sin->sin_family != AF_INET)
1105 goto out;
1106 break;
1107 default:
1108 ret = -EINVAL;
1109 goto out;
1110 }
1111
1112 rtnl_lock();
1113
1114 ret = -ENODEV;
1115 dev = __dev_get_by_name(net, ifr->ifr_name);
1116 if (!dev)
1117 goto done;
1118
1119 if (colon)
1120 *colon = ':';
1121
1122 in_dev = __in_dev_get_rtnl(dev);
1123 if (in_dev) {
1124 if (tryaddrmatch) {
1125 /* Matthias Andree */
1126 /* compare label and address (4.4BSD style) */
1127 /* note: we only do this for a limited set of ioctls
1128 and only if the original address family was AF_INET.
1129 This is checked above. */
1130
1131 for (ifap = &in_dev->ifa_list;
1132 (ifa = rtnl_dereference(*ifap)) != NULL;
1133 ifap = &ifa->ifa_next) {
1134 if (!strcmp(ifr->ifr_name, ifa->ifa_label) &&
1135 sin_orig.sin_addr.s_addr ==
1136 ifa->ifa_local) {
1137 break; /* found */
1138 }
1139 }
1140 }
1141 /* we didn't get a match, maybe the application is
1142 4.3BSD-style and passed in junk so we fall back to
1143 comparing just the label */
1144 if (!ifa) {
1145 for (ifap = &in_dev->ifa_list;
1146 (ifa = rtnl_dereference(*ifap)) != NULL;
1147 ifap = &ifa->ifa_next)
1148 if (!strcmp(ifr->ifr_name, ifa->ifa_label))
1149 break;
1150 }
1151 }
1152
1153 ret = -EADDRNOTAVAIL;
1154 if (!ifa && cmd != SIOCSIFADDR && cmd != SIOCSIFFLAGS)
1155 goto done;
1156
1157 switch (cmd) {
1158 case SIOCGIFADDR: /* Get interface address */
1159 ret = 0;
1160 sin->sin_addr.s_addr = ifa->ifa_local;
1161 break;
1162
1163 case SIOCGIFBRDADDR: /* Get the broadcast address */
1164 ret = 0;
1165 sin->sin_addr.s_addr = ifa->ifa_broadcast;
1166 break;
1167
1168 case SIOCGIFDSTADDR: /* Get the destination address */
1169 ret = 0;
1170 sin->sin_addr.s_addr = ifa->ifa_address;
1171 break;
1172
1173 case SIOCGIFNETMASK: /* Get the netmask for the interface */
1174 ret = 0;
1175 sin->sin_addr.s_addr = ifa->ifa_mask;
1176 break;
1177
1178 case SIOCSIFFLAGS:
1179 if (colon) {
1180 ret = -EADDRNOTAVAIL;
1181 if (!ifa)
1182 break;
1183 ret = 0;
1184 if (!(ifr->ifr_flags & IFF_UP))
1185 inet_del_ifa(in_dev, ifap, 1);
1186 break;
1187 }
1188 ret = dev_change_flags(dev, ifr->ifr_flags, NULL);
1189 break;
1190
1191 case SIOCSIFADDR: /* Set interface address (and family) */
1192 ret = -EINVAL;
1193 if (inet_abc_len(sin->sin_addr.s_addr) < 0)
1194 break;
1195
1196 if (!ifa) {
1197 ret = -ENOBUFS;
1198 if (!in_dev)
1199 break;
1200 ifa = inet_alloc_ifa(in_dev);
1201 if (!ifa)
1202 break;
1203
1204 if (colon)
1205 memcpy(ifa->ifa_label, ifr->ifr_name, IFNAMSIZ);
1206 else
1207 memcpy(ifa->ifa_label, dev->name, IFNAMSIZ);
1208 } else {
1209 ret = 0;
1210 if (ifa->ifa_local == sin->sin_addr.s_addr)
1211 break;
1212 inet_del_ifa(in_dev, ifap, 0);
1213 ifa->ifa_broadcast = 0;
1214 ifa->ifa_scope = 0;
1215 }
1216
1217 ifa->ifa_address = ifa->ifa_local = sin->sin_addr.s_addr;
1218
1219 if (!(dev->flags & IFF_POINTOPOINT)) {
1220 ifa->ifa_prefixlen = inet_abc_len(ifa->ifa_address);
1221 ifa->ifa_mask = inet_make_mask(ifa->ifa_prefixlen);
1222 if ((dev->flags & IFF_BROADCAST) &&
1223 ifa->ifa_prefixlen < 31)
1224 ifa->ifa_broadcast = ifa->ifa_address |
1225 ~ifa->ifa_mask;
1226 } else {
1227 ifa->ifa_prefixlen = 32;
1228 ifa->ifa_mask = inet_make_mask(32);
1229 }
1230 set_ifa_lifetime(ifa, INFINITY_LIFE_TIME, INFINITY_LIFE_TIME);
1231 ret = inet_set_ifa(dev, ifa);
1232 break;
1233
1234 case SIOCSIFBRDADDR: /* Set the broadcast address */
1235 ret = 0;
1236 if (ifa->ifa_broadcast != sin->sin_addr.s_addr) {
1237 inet_del_ifa(in_dev, ifap, 0);
1238 ifa->ifa_broadcast = sin->sin_addr.s_addr;
1239 inet_insert_ifa(ifa);
1240 }
1241 break;
1242
1243 case SIOCSIFDSTADDR: /* Set the destination address */
1244 ret = 0;
1245 if (ifa->ifa_address == sin->sin_addr.s_addr)
1246 break;
1247 ret = -EINVAL;
1248 if (inet_abc_len(sin->sin_addr.s_addr) < 0)
1249 break;
1250 ret = 0;
1251 inet_del_ifa(in_dev, ifap, 0);
1252 ifa->ifa_address = sin->sin_addr.s_addr;
1253 inet_insert_ifa(ifa);
1254 break;
1255
1256 case SIOCSIFNETMASK: /* Set the netmask for the interface */
1257
1258 /*
1259 * The mask we set must be legal.
1260 */
1261 ret = -EINVAL;
1262 if (bad_mask(sin->sin_addr.s_addr, 0))
1263 break;
1264 ret = 0;
1265 if (ifa->ifa_mask != sin->sin_addr.s_addr) {
1266 __be32 old_mask = ifa->ifa_mask;
1267 inet_del_ifa(in_dev, ifap, 0);
1268 ifa->ifa_mask = sin->sin_addr.s_addr;
1269 ifa->ifa_prefixlen = inet_mask_len(ifa->ifa_mask);
1270
1271 /* See if current broadcast address matches
1272 * with current netmask, then recalculate
1273 * the broadcast address. Otherwise it's a
1274 * funny address, so don't touch it since
1275 * the user seems to know what (s)he's doing...
1276 */
1277 if ((dev->flags & IFF_BROADCAST) &&
1278 (ifa->ifa_prefixlen < 31) &&
1279 (ifa->ifa_broadcast ==
1280 (ifa->ifa_local|~old_mask))) {
1281 ifa->ifa_broadcast = (ifa->ifa_local |
1282 ~sin->sin_addr.s_addr);
1283 }
1284 inet_insert_ifa(ifa);
1285 }
1286 break;
1287 }
1288 done:
1289 rtnl_unlock();
1290 out:
1291 return ret;
1292 }
1293
inet_gifconf(struct net_device * dev,char __user * buf,int len,int size)1294 int inet_gifconf(struct net_device *dev, char __user *buf, int len, int size)
1295 {
1296 struct in_device *in_dev = __in_dev_get_rtnl(dev);
1297 const struct in_ifaddr *ifa;
1298 struct ifreq ifr;
1299 int done = 0;
1300
1301 if (WARN_ON(size > sizeof(struct ifreq)))
1302 goto out;
1303
1304 if (!in_dev)
1305 goto out;
1306
1307 in_dev_for_each_ifa_rtnl(ifa, in_dev) {
1308 if (!buf) {
1309 done += size;
1310 continue;
1311 }
1312 if (len < size)
1313 break;
1314 memset(&ifr, 0, sizeof(struct ifreq));
1315 strcpy(ifr.ifr_name, ifa->ifa_label);
1316
1317 (*(struct sockaddr_in *)&ifr.ifr_addr).sin_family = AF_INET;
1318 (*(struct sockaddr_in *)&ifr.ifr_addr).sin_addr.s_addr =
1319 ifa->ifa_local;
1320
1321 if (copy_to_user(buf + done, &ifr, size)) {
1322 done = -EFAULT;
1323 break;
1324 }
1325 len -= size;
1326 done += size;
1327 }
1328 out:
1329 return done;
1330 }
1331
in_dev_select_addr(const struct in_device * in_dev,int scope)1332 static __be32 in_dev_select_addr(const struct in_device *in_dev,
1333 int scope)
1334 {
1335 const struct in_ifaddr *ifa;
1336
1337 in_dev_for_each_ifa_rcu(ifa, in_dev) {
1338 if (READ_ONCE(ifa->ifa_flags) & IFA_F_SECONDARY)
1339 continue;
1340 if (ifa->ifa_scope != RT_SCOPE_LINK &&
1341 ifa->ifa_scope <= scope)
1342 return ifa->ifa_local;
1343 }
1344
1345 return 0;
1346 }
1347
inet_select_addr(const struct net_device * dev,__be32 dst,int scope)1348 __be32 inet_select_addr(const struct net_device *dev, __be32 dst, int scope)
1349 {
1350 const struct in_ifaddr *ifa;
1351 __be32 addr = 0;
1352 unsigned char localnet_scope = RT_SCOPE_HOST;
1353 struct in_device *in_dev;
1354 struct net *net = dev_net(dev);
1355 int master_idx;
1356
1357 rcu_read_lock();
1358 in_dev = __in_dev_get_rcu(dev);
1359 if (!in_dev)
1360 goto no_in_dev;
1361
1362 if (unlikely(IN_DEV_ROUTE_LOCALNET(in_dev)))
1363 localnet_scope = RT_SCOPE_LINK;
1364
1365 in_dev_for_each_ifa_rcu(ifa, in_dev) {
1366 if (READ_ONCE(ifa->ifa_flags) & IFA_F_SECONDARY)
1367 continue;
1368 if (min(ifa->ifa_scope, localnet_scope) > scope)
1369 continue;
1370 if (!dst || inet_ifa_match(dst, ifa)) {
1371 addr = ifa->ifa_local;
1372 break;
1373 }
1374 if (!addr)
1375 addr = ifa->ifa_local;
1376 }
1377
1378 if (addr)
1379 goto out_unlock;
1380 no_in_dev:
1381 master_idx = l3mdev_master_ifindex_rcu(dev);
1382
1383 /* For VRFs, the VRF device takes the place of the loopback device,
1384 * with addresses on it being preferred. Note in such cases the
1385 * loopback device will be among the devices that fail the master_idx
1386 * equality check in the loop below.
1387 */
1388 if (master_idx &&
1389 (dev = dev_get_by_index_rcu(net, master_idx)) &&
1390 (in_dev = __in_dev_get_rcu(dev))) {
1391 addr = in_dev_select_addr(in_dev, scope);
1392 if (addr)
1393 goto out_unlock;
1394 }
1395
1396 /* Not loopback addresses on loopback should be preferred
1397 in this case. It is important that lo is the first interface
1398 in dev_base list.
1399 */
1400 for_each_netdev_rcu(net, dev) {
1401 if (l3mdev_master_ifindex_rcu(dev) != master_idx)
1402 continue;
1403
1404 in_dev = __in_dev_get_rcu(dev);
1405 if (!in_dev)
1406 continue;
1407
1408 addr = in_dev_select_addr(in_dev, scope);
1409 if (addr)
1410 goto out_unlock;
1411 }
1412 out_unlock:
1413 rcu_read_unlock();
1414 return addr;
1415 }
1416 EXPORT_SYMBOL(inet_select_addr);
1417
confirm_addr_indev(struct in_device * in_dev,__be32 dst,__be32 local,int scope)1418 static __be32 confirm_addr_indev(struct in_device *in_dev, __be32 dst,
1419 __be32 local, int scope)
1420 {
1421 unsigned char localnet_scope = RT_SCOPE_HOST;
1422 const struct in_ifaddr *ifa;
1423 __be32 addr = 0;
1424 int same = 0;
1425
1426 if (unlikely(IN_DEV_ROUTE_LOCALNET(in_dev)))
1427 localnet_scope = RT_SCOPE_LINK;
1428
1429 in_dev_for_each_ifa_rcu(ifa, in_dev) {
1430 unsigned char min_scope = min(ifa->ifa_scope, localnet_scope);
1431
1432 if (!addr &&
1433 (local == ifa->ifa_local || !local) &&
1434 min_scope <= scope) {
1435 addr = ifa->ifa_local;
1436 if (same)
1437 break;
1438 }
1439 if (!same) {
1440 same = (!local || inet_ifa_match(local, ifa)) &&
1441 (!dst || inet_ifa_match(dst, ifa));
1442 if (same && addr) {
1443 if (local || !dst)
1444 break;
1445 /* Is the selected addr into dst subnet? */
1446 if (inet_ifa_match(addr, ifa))
1447 break;
1448 /* No, then can we use new local src? */
1449 if (min_scope <= scope) {
1450 addr = ifa->ifa_local;
1451 break;
1452 }
1453 /* search for large dst subnet for addr */
1454 same = 0;
1455 }
1456 }
1457 }
1458
1459 return same ? addr : 0;
1460 }
1461
1462 /*
1463 * Confirm that local IP address exists using wildcards:
1464 * - net: netns to check, cannot be NULL
1465 * - in_dev: only on this interface, NULL=any interface
1466 * - dst: only in the same subnet as dst, 0=any dst
1467 * - local: address, 0=autoselect the local address
1468 * - scope: maximum allowed scope value for the local address
1469 */
inet_confirm_addr(struct net * net,struct in_device * in_dev,__be32 dst,__be32 local,int scope)1470 __be32 inet_confirm_addr(struct net *net, struct in_device *in_dev,
1471 __be32 dst, __be32 local, int scope)
1472 {
1473 __be32 addr = 0;
1474 struct net_device *dev;
1475
1476 if (in_dev)
1477 return confirm_addr_indev(in_dev, dst, local, scope);
1478
1479 rcu_read_lock();
1480 for_each_netdev_rcu(net, dev) {
1481 in_dev = __in_dev_get_rcu(dev);
1482 if (in_dev) {
1483 addr = confirm_addr_indev(in_dev, dst, local, scope);
1484 if (addr)
1485 break;
1486 }
1487 }
1488 rcu_read_unlock();
1489
1490 return addr;
1491 }
1492 EXPORT_SYMBOL(inet_confirm_addr);
1493
1494 /*
1495 * Device notifier
1496 */
1497
register_inetaddr_notifier(struct notifier_block * nb)1498 int register_inetaddr_notifier(struct notifier_block *nb)
1499 {
1500 return blocking_notifier_chain_register(&inetaddr_chain, nb);
1501 }
1502 EXPORT_SYMBOL(register_inetaddr_notifier);
1503
unregister_inetaddr_notifier(struct notifier_block * nb)1504 int unregister_inetaddr_notifier(struct notifier_block *nb)
1505 {
1506 return blocking_notifier_chain_unregister(&inetaddr_chain, nb);
1507 }
1508 EXPORT_SYMBOL(unregister_inetaddr_notifier);
1509
register_inetaddr_validator_notifier(struct notifier_block * nb)1510 int register_inetaddr_validator_notifier(struct notifier_block *nb)
1511 {
1512 return blocking_notifier_chain_register(&inetaddr_validator_chain, nb);
1513 }
1514 EXPORT_SYMBOL(register_inetaddr_validator_notifier);
1515
unregister_inetaddr_validator_notifier(struct notifier_block * nb)1516 int unregister_inetaddr_validator_notifier(struct notifier_block *nb)
1517 {
1518 return blocking_notifier_chain_unregister(&inetaddr_validator_chain,
1519 nb);
1520 }
1521 EXPORT_SYMBOL(unregister_inetaddr_validator_notifier);
1522
1523 /* Rename ifa_labels for a device name change. Make some effort to preserve
1524 * existing alias numbering and to create unique labels if possible.
1525 */
inetdev_changename(struct net_device * dev,struct in_device * in_dev)1526 static void inetdev_changename(struct net_device *dev, struct in_device *in_dev)
1527 {
1528 struct in_ifaddr *ifa;
1529 int named = 0;
1530
1531 in_dev_for_each_ifa_rtnl(ifa, in_dev) {
1532 char old[IFNAMSIZ], *dot;
1533
1534 memcpy(old, ifa->ifa_label, IFNAMSIZ);
1535 memcpy(ifa->ifa_label, dev->name, IFNAMSIZ);
1536 if (named++ == 0)
1537 goto skip;
1538 dot = strchr(old, ':');
1539 if (!dot) {
1540 sprintf(old, ":%d", named);
1541 dot = old;
1542 }
1543 if (strlen(dot) + strlen(dev->name) < IFNAMSIZ)
1544 strcat(ifa->ifa_label, dot);
1545 else
1546 strcpy(ifa->ifa_label + (IFNAMSIZ - strlen(dot) - 1), dot);
1547 skip:
1548 rtmsg_ifa(RTM_NEWADDR, ifa, NULL, 0);
1549 }
1550 }
1551
inetdev_send_gratuitous_arp(struct net_device * dev,struct in_device * in_dev)1552 static void inetdev_send_gratuitous_arp(struct net_device *dev,
1553 struct in_device *in_dev)
1554
1555 {
1556 const struct in_ifaddr *ifa;
1557
1558 in_dev_for_each_ifa_rtnl(ifa, in_dev) {
1559 arp_send(ARPOP_REQUEST, ETH_P_ARP,
1560 ifa->ifa_local, dev,
1561 ifa->ifa_local, NULL,
1562 dev->dev_addr, NULL);
1563 }
1564 }
1565
1566 /* Called only under RTNL semaphore */
1567
inetdev_event(struct notifier_block * this,unsigned long event,void * ptr)1568 static int inetdev_event(struct notifier_block *this, unsigned long event,
1569 void *ptr)
1570 {
1571 struct net_device *dev = netdev_notifier_info_to_dev(ptr);
1572 struct in_device *in_dev = __in_dev_get_rtnl(dev);
1573
1574 ASSERT_RTNL();
1575
1576 if (!in_dev) {
1577 if (event == NETDEV_REGISTER) {
1578 in_dev = inetdev_init(dev);
1579 if (IS_ERR(in_dev))
1580 return notifier_from_errno(PTR_ERR(in_dev));
1581 if (dev->flags & IFF_LOOPBACK) {
1582 IN_DEV_CONF_SET(in_dev, NOXFRM, 1);
1583 IN_DEV_CONF_SET(in_dev, NOPOLICY, 1);
1584 }
1585 } else if (event == NETDEV_CHANGEMTU) {
1586 /* Re-enabling IP */
1587 if (inetdev_valid_mtu(dev->mtu))
1588 in_dev = inetdev_init(dev);
1589 }
1590 goto out;
1591 }
1592
1593 switch (event) {
1594 case NETDEV_REGISTER:
1595 pr_debug("%s: bug\n", __func__);
1596 RCU_INIT_POINTER(dev->ip_ptr, NULL);
1597 break;
1598 case NETDEV_UP:
1599 if (!inetdev_valid_mtu(dev->mtu))
1600 break;
1601 if (dev->flags & IFF_LOOPBACK) {
1602 struct in_ifaddr *ifa = inet_alloc_ifa(in_dev);
1603
1604 if (ifa) {
1605 ifa->ifa_local =
1606 ifa->ifa_address = htonl(INADDR_LOOPBACK);
1607 ifa->ifa_prefixlen = 8;
1608 ifa->ifa_mask = inet_make_mask(8);
1609 ifa->ifa_scope = RT_SCOPE_HOST;
1610 memcpy(ifa->ifa_label, dev->name, IFNAMSIZ);
1611 set_ifa_lifetime(ifa, INFINITY_LIFE_TIME,
1612 INFINITY_LIFE_TIME);
1613 ipv4_devconf_setall(in_dev);
1614 neigh_parms_data_state_setall(in_dev->arp_parms);
1615 inet_insert_ifa(ifa);
1616 }
1617 }
1618 ip_mc_up(in_dev);
1619 fallthrough;
1620 case NETDEV_CHANGEADDR:
1621 if (!IN_DEV_ARP_NOTIFY(in_dev))
1622 break;
1623 fallthrough;
1624 case NETDEV_NOTIFY_PEERS:
1625 /* Send gratuitous ARP to notify of link change */
1626 inetdev_send_gratuitous_arp(dev, in_dev);
1627 break;
1628 case NETDEV_DOWN:
1629 ip_mc_down(in_dev);
1630 break;
1631 case NETDEV_PRE_TYPE_CHANGE:
1632 ip_mc_unmap(in_dev);
1633 break;
1634 case NETDEV_POST_TYPE_CHANGE:
1635 ip_mc_remap(in_dev);
1636 break;
1637 case NETDEV_CHANGEMTU:
1638 if (inetdev_valid_mtu(dev->mtu))
1639 break;
1640 /* disable IP when MTU is not enough */
1641 fallthrough;
1642 case NETDEV_UNREGISTER:
1643 inetdev_destroy(in_dev);
1644 break;
1645 case NETDEV_CHANGENAME:
1646 /* Do not notify about label change, this event is
1647 * not interesting to applications using netlink.
1648 */
1649 inetdev_changename(dev, in_dev);
1650
1651 devinet_sysctl_unregister(in_dev);
1652 devinet_sysctl_register(in_dev);
1653 break;
1654 }
1655 out:
1656 return NOTIFY_DONE;
1657 }
1658
1659 static struct notifier_block ip_netdev_notifier = {
1660 .notifier_call = inetdev_event,
1661 };
1662
inet_nlmsg_size(void)1663 static size_t inet_nlmsg_size(void)
1664 {
1665 return NLMSG_ALIGN(sizeof(struct ifaddrmsg))
1666 + nla_total_size(4) /* IFA_ADDRESS */
1667 + nla_total_size(4) /* IFA_LOCAL */
1668 + nla_total_size(4) /* IFA_BROADCAST */
1669 + nla_total_size(IFNAMSIZ) /* IFA_LABEL */
1670 + nla_total_size(4) /* IFA_FLAGS */
1671 + nla_total_size(1) /* IFA_PROTO */
1672 + nla_total_size(4) /* IFA_RT_PRIORITY */
1673 + nla_total_size(sizeof(struct ifa_cacheinfo)); /* IFA_CACHEINFO */
1674 }
1675
cstamp_delta(unsigned long cstamp)1676 static inline u32 cstamp_delta(unsigned long cstamp)
1677 {
1678 return (cstamp - INITIAL_JIFFIES) * 100UL / HZ;
1679 }
1680
put_cacheinfo(struct sk_buff * skb,unsigned long cstamp,unsigned long tstamp,u32 preferred,u32 valid)1681 static int put_cacheinfo(struct sk_buff *skb, unsigned long cstamp,
1682 unsigned long tstamp, u32 preferred, u32 valid)
1683 {
1684 struct ifa_cacheinfo ci;
1685
1686 ci.cstamp = cstamp_delta(cstamp);
1687 ci.tstamp = cstamp_delta(tstamp);
1688 ci.ifa_prefered = preferred;
1689 ci.ifa_valid = valid;
1690
1691 return nla_put(skb, IFA_CACHEINFO, sizeof(ci), &ci);
1692 }
1693
inet_fill_ifaddr(struct sk_buff * skb,const struct in_ifaddr * ifa,struct inet_fill_args * args)1694 static int inet_fill_ifaddr(struct sk_buff *skb, const struct in_ifaddr *ifa,
1695 struct inet_fill_args *args)
1696 {
1697 struct ifaddrmsg *ifm;
1698 struct nlmsghdr *nlh;
1699 unsigned long tstamp;
1700 u32 preferred, valid;
1701 u32 flags;
1702
1703 nlh = nlmsg_put(skb, args->portid, args->seq, args->event, sizeof(*ifm),
1704 args->flags);
1705 if (!nlh)
1706 return -EMSGSIZE;
1707
1708 ifm = nlmsg_data(nlh);
1709 ifm->ifa_family = AF_INET;
1710 ifm->ifa_prefixlen = ifa->ifa_prefixlen;
1711
1712 flags = READ_ONCE(ifa->ifa_flags);
1713 /* Warning : ifm->ifa_flags is an __u8, it holds only 8 bits.
1714 * The 32bit value is given in IFA_FLAGS attribute.
1715 */
1716 ifm->ifa_flags = (__u8)flags;
1717
1718 ifm->ifa_scope = ifa->ifa_scope;
1719 ifm->ifa_index = ifa->ifa_dev->dev->ifindex;
1720
1721 if (args->netnsid >= 0 &&
1722 nla_put_s32(skb, IFA_TARGET_NETNSID, args->netnsid))
1723 goto nla_put_failure;
1724
1725 tstamp = READ_ONCE(ifa->ifa_tstamp);
1726 if (!(flags & IFA_F_PERMANENT)) {
1727 preferred = READ_ONCE(ifa->ifa_preferred_lft);
1728 valid = READ_ONCE(ifa->ifa_valid_lft);
1729 if (preferred != INFINITY_LIFE_TIME) {
1730 long tval = (jiffies - tstamp) / HZ;
1731
1732 if (preferred > tval)
1733 preferred -= tval;
1734 else
1735 preferred = 0;
1736 if (valid != INFINITY_LIFE_TIME) {
1737 if (valid > tval)
1738 valid -= tval;
1739 else
1740 valid = 0;
1741 }
1742 }
1743 } else {
1744 preferred = INFINITY_LIFE_TIME;
1745 valid = INFINITY_LIFE_TIME;
1746 }
1747 if ((ifa->ifa_address &&
1748 nla_put_in_addr(skb, IFA_ADDRESS, ifa->ifa_address)) ||
1749 (ifa->ifa_local &&
1750 nla_put_in_addr(skb, IFA_LOCAL, ifa->ifa_local)) ||
1751 (ifa->ifa_broadcast &&
1752 nla_put_in_addr(skb, IFA_BROADCAST, ifa->ifa_broadcast)) ||
1753 (ifa->ifa_label[0] &&
1754 nla_put_string(skb, IFA_LABEL, ifa->ifa_label)) ||
1755 (ifa->ifa_proto &&
1756 nla_put_u8(skb, IFA_PROTO, ifa->ifa_proto)) ||
1757 nla_put_u32(skb, IFA_FLAGS, flags) ||
1758 (ifa->ifa_rt_priority &&
1759 nla_put_u32(skb, IFA_RT_PRIORITY, ifa->ifa_rt_priority)) ||
1760 put_cacheinfo(skb, READ_ONCE(ifa->ifa_cstamp), tstamp,
1761 preferred, valid))
1762 goto nla_put_failure;
1763
1764 nlmsg_end(skb, nlh);
1765 return 0;
1766
1767 nla_put_failure:
1768 nlmsg_cancel(skb, nlh);
1769 return -EMSGSIZE;
1770 }
1771
inet_valid_dump_ifaddr_req(const struct nlmsghdr * nlh,struct inet_fill_args * fillargs,struct net ** tgt_net,struct sock * sk,struct netlink_callback * cb)1772 static int inet_valid_dump_ifaddr_req(const struct nlmsghdr *nlh,
1773 struct inet_fill_args *fillargs,
1774 struct net **tgt_net, struct sock *sk,
1775 struct netlink_callback *cb)
1776 {
1777 struct netlink_ext_ack *extack = cb->extack;
1778 struct nlattr *tb[IFA_MAX+1];
1779 struct ifaddrmsg *ifm;
1780 int err, i;
1781
1782 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ifm))) {
1783 NL_SET_ERR_MSG(extack, "ipv4: Invalid header for address dump request");
1784 return -EINVAL;
1785 }
1786
1787 ifm = nlmsg_data(nlh);
1788 if (ifm->ifa_prefixlen || ifm->ifa_flags || ifm->ifa_scope) {
1789 NL_SET_ERR_MSG(extack, "ipv4: Invalid values in header for address dump request");
1790 return -EINVAL;
1791 }
1792
1793 fillargs->ifindex = ifm->ifa_index;
1794 if (fillargs->ifindex) {
1795 cb->answer_flags |= NLM_F_DUMP_FILTERED;
1796 fillargs->flags |= NLM_F_DUMP_FILTERED;
1797 }
1798
1799 err = nlmsg_parse_deprecated_strict(nlh, sizeof(*ifm), tb, IFA_MAX,
1800 ifa_ipv4_policy, extack);
1801 if (err < 0)
1802 return err;
1803
1804 for (i = 0; i <= IFA_MAX; ++i) {
1805 if (!tb[i])
1806 continue;
1807
1808 if (i == IFA_TARGET_NETNSID) {
1809 struct net *net;
1810
1811 fillargs->netnsid = nla_get_s32(tb[i]);
1812
1813 net = rtnl_get_net_ns_capable(sk, fillargs->netnsid);
1814 if (IS_ERR(net)) {
1815 fillargs->netnsid = -1;
1816 NL_SET_ERR_MSG(extack, "ipv4: Invalid target network namespace id");
1817 return PTR_ERR(net);
1818 }
1819 *tgt_net = net;
1820 } else {
1821 NL_SET_ERR_MSG(extack, "ipv4: Unsupported attribute in dump request");
1822 return -EINVAL;
1823 }
1824 }
1825
1826 return 0;
1827 }
1828
in_dev_dump_addr(struct in_device * in_dev,struct sk_buff * skb,struct netlink_callback * cb,int * s_ip_idx,struct inet_fill_args * fillargs)1829 static int in_dev_dump_addr(struct in_device *in_dev, struct sk_buff *skb,
1830 struct netlink_callback *cb, int *s_ip_idx,
1831 struct inet_fill_args *fillargs)
1832 {
1833 struct in_ifaddr *ifa;
1834 int ip_idx = 0;
1835 int err;
1836
1837 in_dev_for_each_ifa_rcu(ifa, in_dev) {
1838 if (ip_idx < *s_ip_idx) {
1839 ip_idx++;
1840 continue;
1841 }
1842 err = inet_fill_ifaddr(skb, ifa, fillargs);
1843 if (err < 0)
1844 goto done;
1845
1846 nl_dump_check_consistent(cb, nlmsg_hdr(skb));
1847 ip_idx++;
1848 }
1849 err = 0;
1850 ip_idx = 0;
1851 done:
1852 *s_ip_idx = ip_idx;
1853
1854 return err;
1855 }
1856
1857 /* Combine dev_addr_genid and dev_base_seq to detect changes.
1858 */
inet_base_seq(const struct net * net)1859 static u32 inet_base_seq(const struct net *net)
1860 {
1861 u32 res = atomic_read(&net->ipv4.dev_addr_genid) +
1862 READ_ONCE(net->dev_base_seq);
1863
1864 /* Must not return 0 (see nl_dump_check_consistent()).
1865 * Chose a value far away from 0.
1866 */
1867 if (!res)
1868 res = 0x80000000;
1869 return res;
1870 }
1871
inet_dump_ifaddr(struct sk_buff * skb,struct netlink_callback * cb)1872 static int inet_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb)
1873 {
1874 const struct nlmsghdr *nlh = cb->nlh;
1875 struct inet_fill_args fillargs = {
1876 .portid = NETLINK_CB(cb->skb).portid,
1877 .seq = nlh->nlmsg_seq,
1878 .event = RTM_NEWADDR,
1879 .flags = NLM_F_MULTI,
1880 .netnsid = -1,
1881 };
1882 struct net *net = sock_net(skb->sk);
1883 struct net *tgt_net = net;
1884 struct {
1885 unsigned long ifindex;
1886 int ip_idx;
1887 } *ctx = (void *)cb->ctx;
1888 struct in_device *in_dev;
1889 struct net_device *dev;
1890 int err = 0;
1891
1892 rcu_read_lock();
1893 if (cb->strict_check) {
1894 err = inet_valid_dump_ifaddr_req(nlh, &fillargs, &tgt_net,
1895 skb->sk, cb);
1896 if (err < 0)
1897 goto done;
1898
1899 if (fillargs.ifindex) {
1900 dev = dev_get_by_index_rcu(tgt_net, fillargs.ifindex);
1901 if (!dev) {
1902 err = -ENODEV;
1903 goto done;
1904 }
1905 in_dev = __in_dev_get_rcu(dev);
1906 if (!in_dev)
1907 goto done;
1908 err = in_dev_dump_addr(in_dev, skb, cb, &ctx->ip_idx,
1909 &fillargs);
1910 goto done;
1911 }
1912 }
1913
1914 cb->seq = inet_base_seq(tgt_net);
1915
1916 for_each_netdev_dump(tgt_net, dev, ctx->ifindex) {
1917 in_dev = __in_dev_get_rcu(dev);
1918 if (!in_dev)
1919 continue;
1920 err = in_dev_dump_addr(in_dev, skb, cb, &ctx->ip_idx,
1921 &fillargs);
1922 if (err < 0)
1923 goto done;
1924 }
1925 done:
1926 if (fillargs.netnsid >= 0)
1927 put_net(tgt_net);
1928 rcu_read_unlock();
1929 return err;
1930 }
1931
rtmsg_ifa(int event,struct in_ifaddr * ifa,struct nlmsghdr * nlh,u32 portid)1932 static void rtmsg_ifa(int event, struct in_ifaddr *ifa, struct nlmsghdr *nlh,
1933 u32 portid)
1934 {
1935 struct inet_fill_args fillargs = {
1936 .portid = portid,
1937 .seq = nlh ? nlh->nlmsg_seq : 0,
1938 .event = event,
1939 .flags = 0,
1940 .netnsid = -1,
1941 };
1942 struct sk_buff *skb;
1943 int err = -ENOBUFS;
1944 struct net *net;
1945
1946 net = dev_net(ifa->ifa_dev->dev);
1947 skb = nlmsg_new(inet_nlmsg_size(), GFP_KERNEL);
1948 if (!skb)
1949 goto errout;
1950
1951 err = inet_fill_ifaddr(skb, ifa, &fillargs);
1952 if (err < 0) {
1953 /* -EMSGSIZE implies BUG in inet_nlmsg_size() */
1954 WARN_ON(err == -EMSGSIZE);
1955 kfree_skb(skb);
1956 goto errout;
1957 }
1958 rtnl_notify(skb, net, portid, RTNLGRP_IPV4_IFADDR, nlh, GFP_KERNEL);
1959 return;
1960 errout:
1961 rtnl_set_sk_err(net, RTNLGRP_IPV4_IFADDR, err);
1962 }
1963
inet_get_link_af_size(const struct net_device * dev,u32 ext_filter_mask)1964 static size_t inet_get_link_af_size(const struct net_device *dev,
1965 u32 ext_filter_mask)
1966 {
1967 struct in_device *in_dev = rcu_dereference_rtnl(dev->ip_ptr);
1968
1969 if (!in_dev)
1970 return 0;
1971
1972 return nla_total_size(IPV4_DEVCONF_MAX * 4); /* IFLA_INET_CONF */
1973 }
1974
inet_fill_link_af(struct sk_buff * skb,const struct net_device * dev,u32 ext_filter_mask)1975 static int inet_fill_link_af(struct sk_buff *skb, const struct net_device *dev,
1976 u32 ext_filter_mask)
1977 {
1978 struct in_device *in_dev = rcu_dereference_rtnl(dev->ip_ptr);
1979 struct nlattr *nla;
1980 int i;
1981
1982 if (!in_dev)
1983 return -ENODATA;
1984
1985 nla = nla_reserve(skb, IFLA_INET_CONF, IPV4_DEVCONF_MAX * 4);
1986 if (!nla)
1987 return -EMSGSIZE;
1988
1989 for (i = 0; i < IPV4_DEVCONF_MAX; i++)
1990 ((u32 *) nla_data(nla))[i] = READ_ONCE(in_dev->cnf.data[i]);
1991
1992 return 0;
1993 }
1994
1995 static const struct nla_policy inet_af_policy[IFLA_INET_MAX+1] = {
1996 [IFLA_INET_CONF] = { .type = NLA_NESTED },
1997 };
1998
inet_validate_link_af(const struct net_device * dev,const struct nlattr * nla,struct netlink_ext_ack * extack)1999 static int inet_validate_link_af(const struct net_device *dev,
2000 const struct nlattr *nla,
2001 struct netlink_ext_ack *extack)
2002 {
2003 struct nlattr *a, *tb[IFLA_INET_MAX+1];
2004 int err, rem;
2005
2006 if (dev && !__in_dev_get_rtnl(dev))
2007 return -EAFNOSUPPORT;
2008
2009 err = nla_parse_nested_deprecated(tb, IFLA_INET_MAX, nla,
2010 inet_af_policy, extack);
2011 if (err < 0)
2012 return err;
2013
2014 if (tb[IFLA_INET_CONF]) {
2015 nla_for_each_nested(a, tb[IFLA_INET_CONF], rem) {
2016 int cfgid = nla_type(a);
2017
2018 if (nla_len(a) < 4)
2019 return -EINVAL;
2020
2021 if (cfgid <= 0 || cfgid > IPV4_DEVCONF_MAX)
2022 return -EINVAL;
2023 }
2024 }
2025
2026 return 0;
2027 }
2028
inet_set_link_af(struct net_device * dev,const struct nlattr * nla,struct netlink_ext_ack * extack)2029 static int inet_set_link_af(struct net_device *dev, const struct nlattr *nla,
2030 struct netlink_ext_ack *extack)
2031 {
2032 struct in_device *in_dev = __in_dev_get_rtnl(dev);
2033 struct nlattr *a, *tb[IFLA_INET_MAX+1];
2034 int rem;
2035
2036 if (!in_dev)
2037 return -EAFNOSUPPORT;
2038
2039 if (nla_parse_nested_deprecated(tb, IFLA_INET_MAX, nla, NULL, NULL) < 0)
2040 return -EINVAL;
2041
2042 if (tb[IFLA_INET_CONF]) {
2043 nla_for_each_nested(a, tb[IFLA_INET_CONF], rem)
2044 ipv4_devconf_set(in_dev, nla_type(a), nla_get_u32(a));
2045 }
2046
2047 return 0;
2048 }
2049
inet_netconf_msgsize_devconf(int type)2050 static int inet_netconf_msgsize_devconf(int type)
2051 {
2052 int size = NLMSG_ALIGN(sizeof(struct netconfmsg))
2053 + nla_total_size(4); /* NETCONFA_IFINDEX */
2054 bool all = false;
2055
2056 if (type == NETCONFA_ALL)
2057 all = true;
2058
2059 if (all || type == NETCONFA_FORWARDING)
2060 size += nla_total_size(4);
2061 if (all || type == NETCONFA_RP_FILTER)
2062 size += nla_total_size(4);
2063 if (all || type == NETCONFA_MC_FORWARDING)
2064 size += nla_total_size(4);
2065 if (all || type == NETCONFA_BC_FORWARDING)
2066 size += nla_total_size(4);
2067 if (all || type == NETCONFA_PROXY_NEIGH)
2068 size += nla_total_size(4);
2069 if (all || type == NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN)
2070 size += nla_total_size(4);
2071
2072 return size;
2073 }
2074
inet_netconf_fill_devconf(struct sk_buff * skb,int ifindex,const struct ipv4_devconf * devconf,u32 portid,u32 seq,int event,unsigned int flags,int type)2075 static int inet_netconf_fill_devconf(struct sk_buff *skb, int ifindex,
2076 const struct ipv4_devconf *devconf,
2077 u32 portid, u32 seq, int event,
2078 unsigned int flags, int type)
2079 {
2080 struct nlmsghdr *nlh;
2081 struct netconfmsg *ncm;
2082 bool all = false;
2083
2084 nlh = nlmsg_put(skb, portid, seq, event, sizeof(struct netconfmsg),
2085 flags);
2086 if (!nlh)
2087 return -EMSGSIZE;
2088
2089 if (type == NETCONFA_ALL)
2090 all = true;
2091
2092 ncm = nlmsg_data(nlh);
2093 ncm->ncm_family = AF_INET;
2094
2095 if (nla_put_s32(skb, NETCONFA_IFINDEX, ifindex) < 0)
2096 goto nla_put_failure;
2097
2098 if (!devconf)
2099 goto out;
2100
2101 if ((all || type == NETCONFA_FORWARDING) &&
2102 nla_put_s32(skb, NETCONFA_FORWARDING,
2103 IPV4_DEVCONF_RO(*devconf, FORWARDING)) < 0)
2104 goto nla_put_failure;
2105 if ((all || type == NETCONFA_RP_FILTER) &&
2106 nla_put_s32(skb, NETCONFA_RP_FILTER,
2107 IPV4_DEVCONF_RO(*devconf, RP_FILTER)) < 0)
2108 goto nla_put_failure;
2109 if ((all || type == NETCONFA_MC_FORWARDING) &&
2110 nla_put_s32(skb, NETCONFA_MC_FORWARDING,
2111 IPV4_DEVCONF_RO(*devconf, MC_FORWARDING)) < 0)
2112 goto nla_put_failure;
2113 if ((all || type == NETCONFA_BC_FORWARDING) &&
2114 nla_put_s32(skb, NETCONFA_BC_FORWARDING,
2115 IPV4_DEVCONF_RO(*devconf, BC_FORWARDING)) < 0)
2116 goto nla_put_failure;
2117 if ((all || type == NETCONFA_PROXY_NEIGH) &&
2118 nla_put_s32(skb, NETCONFA_PROXY_NEIGH,
2119 IPV4_DEVCONF_RO(*devconf, PROXY_ARP)) < 0)
2120 goto nla_put_failure;
2121 if ((all || type == NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN) &&
2122 nla_put_s32(skb, NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN,
2123 IPV4_DEVCONF_RO(*devconf,
2124 IGNORE_ROUTES_WITH_LINKDOWN)) < 0)
2125 goto nla_put_failure;
2126
2127 out:
2128 nlmsg_end(skb, nlh);
2129 return 0;
2130
2131 nla_put_failure:
2132 nlmsg_cancel(skb, nlh);
2133 return -EMSGSIZE;
2134 }
2135
inet_netconf_notify_devconf(struct net * net,int event,int type,int ifindex,struct ipv4_devconf * devconf)2136 void inet_netconf_notify_devconf(struct net *net, int event, int type,
2137 int ifindex, struct ipv4_devconf *devconf)
2138 {
2139 struct sk_buff *skb;
2140 int err = -ENOBUFS;
2141
2142 skb = nlmsg_new(inet_netconf_msgsize_devconf(type), GFP_KERNEL);
2143 if (!skb)
2144 goto errout;
2145
2146 err = inet_netconf_fill_devconf(skb, ifindex, devconf, 0, 0,
2147 event, 0, type);
2148 if (err < 0) {
2149 /* -EMSGSIZE implies BUG in inet_netconf_msgsize_devconf() */
2150 WARN_ON(err == -EMSGSIZE);
2151 kfree_skb(skb);
2152 goto errout;
2153 }
2154 rtnl_notify(skb, net, 0, RTNLGRP_IPV4_NETCONF, NULL, GFP_KERNEL);
2155 return;
2156 errout:
2157 rtnl_set_sk_err(net, RTNLGRP_IPV4_NETCONF, err);
2158 }
2159
2160 static const struct nla_policy devconf_ipv4_policy[NETCONFA_MAX+1] = {
2161 [NETCONFA_IFINDEX] = { .len = sizeof(int) },
2162 [NETCONFA_FORWARDING] = { .len = sizeof(int) },
2163 [NETCONFA_RP_FILTER] = { .len = sizeof(int) },
2164 [NETCONFA_PROXY_NEIGH] = { .len = sizeof(int) },
2165 [NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN] = { .len = sizeof(int) },
2166 };
2167
inet_netconf_valid_get_req(struct sk_buff * skb,const struct nlmsghdr * nlh,struct nlattr ** tb,struct netlink_ext_ack * extack)2168 static int inet_netconf_valid_get_req(struct sk_buff *skb,
2169 const struct nlmsghdr *nlh,
2170 struct nlattr **tb,
2171 struct netlink_ext_ack *extack)
2172 {
2173 int i, err;
2174
2175 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(struct netconfmsg))) {
2176 NL_SET_ERR_MSG(extack, "ipv4: Invalid header for netconf get request");
2177 return -EINVAL;
2178 }
2179
2180 if (!netlink_strict_get_check(skb))
2181 return nlmsg_parse_deprecated(nlh, sizeof(struct netconfmsg),
2182 tb, NETCONFA_MAX,
2183 devconf_ipv4_policy, extack);
2184
2185 err = nlmsg_parse_deprecated_strict(nlh, sizeof(struct netconfmsg),
2186 tb, NETCONFA_MAX,
2187 devconf_ipv4_policy, extack);
2188 if (err)
2189 return err;
2190
2191 for (i = 0; i <= NETCONFA_MAX; i++) {
2192 if (!tb[i])
2193 continue;
2194
2195 switch (i) {
2196 case NETCONFA_IFINDEX:
2197 break;
2198 default:
2199 NL_SET_ERR_MSG(extack, "ipv4: Unsupported attribute in netconf get request");
2200 return -EINVAL;
2201 }
2202 }
2203
2204 return 0;
2205 }
2206
inet_netconf_get_devconf(struct sk_buff * in_skb,struct nlmsghdr * nlh,struct netlink_ext_ack * extack)2207 static int inet_netconf_get_devconf(struct sk_buff *in_skb,
2208 struct nlmsghdr *nlh,
2209 struct netlink_ext_ack *extack)
2210 {
2211 struct net *net = sock_net(in_skb->sk);
2212 struct nlattr *tb[NETCONFA_MAX + 1];
2213 const struct ipv4_devconf *devconf;
2214 struct in_device *in_dev = NULL;
2215 struct net_device *dev = NULL;
2216 struct sk_buff *skb;
2217 int ifindex;
2218 int err;
2219
2220 err = inet_netconf_valid_get_req(in_skb, nlh, tb, extack);
2221 if (err)
2222 return err;
2223
2224 if (!tb[NETCONFA_IFINDEX])
2225 return -EINVAL;
2226
2227 ifindex = nla_get_s32(tb[NETCONFA_IFINDEX]);
2228 switch (ifindex) {
2229 case NETCONFA_IFINDEX_ALL:
2230 devconf = net->ipv4.devconf_all;
2231 break;
2232 case NETCONFA_IFINDEX_DEFAULT:
2233 devconf = net->ipv4.devconf_dflt;
2234 break;
2235 default:
2236 err = -ENODEV;
2237 dev = dev_get_by_index(net, ifindex);
2238 if (dev)
2239 in_dev = in_dev_get(dev);
2240 if (!in_dev)
2241 goto errout;
2242 devconf = &in_dev->cnf;
2243 break;
2244 }
2245
2246 err = -ENOBUFS;
2247 skb = nlmsg_new(inet_netconf_msgsize_devconf(NETCONFA_ALL), GFP_KERNEL);
2248 if (!skb)
2249 goto errout;
2250
2251 err = inet_netconf_fill_devconf(skb, ifindex, devconf,
2252 NETLINK_CB(in_skb).portid,
2253 nlh->nlmsg_seq, RTM_NEWNETCONF, 0,
2254 NETCONFA_ALL);
2255 if (err < 0) {
2256 /* -EMSGSIZE implies BUG in inet_netconf_msgsize_devconf() */
2257 WARN_ON(err == -EMSGSIZE);
2258 kfree_skb(skb);
2259 goto errout;
2260 }
2261 err = rtnl_unicast(skb, net, NETLINK_CB(in_skb).portid);
2262 errout:
2263 if (in_dev)
2264 in_dev_put(in_dev);
2265 dev_put(dev);
2266 return err;
2267 }
2268
inet_netconf_dump_devconf(struct sk_buff * skb,struct netlink_callback * cb)2269 static int inet_netconf_dump_devconf(struct sk_buff *skb,
2270 struct netlink_callback *cb)
2271 {
2272 const struct nlmsghdr *nlh = cb->nlh;
2273 struct net *net = sock_net(skb->sk);
2274 struct {
2275 unsigned long ifindex;
2276 unsigned int all_default;
2277 } *ctx = (void *)cb->ctx;
2278 const struct in_device *in_dev;
2279 struct net_device *dev;
2280 int err = 0;
2281
2282 if (cb->strict_check) {
2283 struct netlink_ext_ack *extack = cb->extack;
2284 struct netconfmsg *ncm;
2285
2286 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ncm))) {
2287 NL_SET_ERR_MSG(extack, "ipv4: Invalid header for netconf dump request");
2288 return -EINVAL;
2289 }
2290
2291 if (nlmsg_attrlen(nlh, sizeof(*ncm))) {
2292 NL_SET_ERR_MSG(extack, "ipv4: Invalid data after header in netconf dump request");
2293 return -EINVAL;
2294 }
2295 }
2296
2297 rcu_read_lock();
2298 for_each_netdev_dump(net, dev, ctx->ifindex) {
2299 in_dev = __in_dev_get_rcu(dev);
2300 if (!in_dev)
2301 continue;
2302 err = inet_netconf_fill_devconf(skb, dev->ifindex,
2303 &in_dev->cnf,
2304 NETLINK_CB(cb->skb).portid,
2305 nlh->nlmsg_seq,
2306 RTM_NEWNETCONF, NLM_F_MULTI,
2307 NETCONFA_ALL);
2308 if (err < 0)
2309 goto done;
2310 }
2311 if (ctx->all_default == 0) {
2312 err = inet_netconf_fill_devconf(skb, NETCONFA_IFINDEX_ALL,
2313 net->ipv4.devconf_all,
2314 NETLINK_CB(cb->skb).portid,
2315 nlh->nlmsg_seq,
2316 RTM_NEWNETCONF, NLM_F_MULTI,
2317 NETCONFA_ALL);
2318 if (err < 0)
2319 goto done;
2320 ctx->all_default++;
2321 }
2322 if (ctx->all_default == 1) {
2323 err = inet_netconf_fill_devconf(skb, NETCONFA_IFINDEX_DEFAULT,
2324 net->ipv4.devconf_dflt,
2325 NETLINK_CB(cb->skb).portid,
2326 nlh->nlmsg_seq,
2327 RTM_NEWNETCONF, NLM_F_MULTI,
2328 NETCONFA_ALL);
2329 if (err < 0)
2330 goto done;
2331 ctx->all_default++;
2332 }
2333 done:
2334 rcu_read_unlock();
2335 return err;
2336 }
2337
2338 #ifdef CONFIG_SYSCTL
2339
devinet_copy_dflt_conf(struct net * net,int i)2340 static void devinet_copy_dflt_conf(struct net *net, int i)
2341 {
2342 struct net_device *dev;
2343
2344 rcu_read_lock();
2345 for_each_netdev_rcu(net, dev) {
2346 struct in_device *in_dev;
2347
2348 in_dev = __in_dev_get_rcu(dev);
2349 if (in_dev && !test_bit(i, in_dev->cnf.state))
2350 in_dev->cnf.data[i] = net->ipv4.devconf_dflt->data[i];
2351 }
2352 rcu_read_unlock();
2353 }
2354
2355 /* called with RTNL locked */
inet_forward_change(struct net * net)2356 static void inet_forward_change(struct net *net)
2357 {
2358 struct net_device *dev;
2359 int on = IPV4_DEVCONF_ALL(net, FORWARDING);
2360
2361 IPV4_DEVCONF_ALL(net, ACCEPT_REDIRECTS) = !on;
2362 IPV4_DEVCONF_DFLT(net, FORWARDING) = on;
2363 inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
2364 NETCONFA_FORWARDING,
2365 NETCONFA_IFINDEX_ALL,
2366 net->ipv4.devconf_all);
2367 inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
2368 NETCONFA_FORWARDING,
2369 NETCONFA_IFINDEX_DEFAULT,
2370 net->ipv4.devconf_dflt);
2371
2372 for_each_netdev(net, dev) {
2373 struct in_device *in_dev;
2374
2375 if (on)
2376 dev_disable_lro(dev);
2377
2378 in_dev = __in_dev_get_rtnl(dev);
2379 if (in_dev) {
2380 IN_DEV_CONF_SET(in_dev, FORWARDING, on);
2381 inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
2382 NETCONFA_FORWARDING,
2383 dev->ifindex, &in_dev->cnf);
2384 }
2385 }
2386 }
2387
devinet_conf_ifindex(struct net * net,struct ipv4_devconf * cnf)2388 static int devinet_conf_ifindex(struct net *net, struct ipv4_devconf *cnf)
2389 {
2390 if (cnf == net->ipv4.devconf_dflt)
2391 return NETCONFA_IFINDEX_DEFAULT;
2392 else if (cnf == net->ipv4.devconf_all)
2393 return NETCONFA_IFINDEX_ALL;
2394 else {
2395 struct in_device *idev
2396 = container_of(cnf, struct in_device, cnf);
2397 return idev->dev->ifindex;
2398 }
2399 }
2400
devinet_conf_proc(const struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)2401 static int devinet_conf_proc(const struct ctl_table *ctl, int write,
2402 void *buffer, size_t *lenp, loff_t *ppos)
2403 {
2404 int old_value = *(int *)ctl->data;
2405 int ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
2406 int new_value = *(int *)ctl->data;
2407
2408 if (write) {
2409 struct ipv4_devconf *cnf = ctl->extra1;
2410 struct net *net = ctl->extra2;
2411 int i = (int *)ctl->data - cnf->data;
2412 int ifindex;
2413
2414 set_bit(i, cnf->state);
2415
2416 if (cnf == net->ipv4.devconf_dflt)
2417 devinet_copy_dflt_conf(net, i);
2418 if (i == IPV4_DEVCONF_ACCEPT_LOCAL - 1 ||
2419 i == IPV4_DEVCONF_ROUTE_LOCALNET - 1)
2420 if ((new_value == 0) && (old_value != 0))
2421 rt_cache_flush(net);
2422
2423 if (i == IPV4_DEVCONF_BC_FORWARDING - 1 &&
2424 new_value != old_value)
2425 rt_cache_flush(net);
2426
2427 if (i == IPV4_DEVCONF_RP_FILTER - 1 &&
2428 new_value != old_value) {
2429 ifindex = devinet_conf_ifindex(net, cnf);
2430 inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
2431 NETCONFA_RP_FILTER,
2432 ifindex, cnf);
2433 }
2434 if (i == IPV4_DEVCONF_PROXY_ARP - 1 &&
2435 new_value != old_value) {
2436 ifindex = devinet_conf_ifindex(net, cnf);
2437 inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
2438 NETCONFA_PROXY_NEIGH,
2439 ifindex, cnf);
2440 }
2441 if (i == IPV4_DEVCONF_IGNORE_ROUTES_WITH_LINKDOWN - 1 &&
2442 new_value != old_value) {
2443 ifindex = devinet_conf_ifindex(net, cnf);
2444 inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
2445 NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN,
2446 ifindex, cnf);
2447 }
2448 }
2449
2450 return ret;
2451 }
2452
devinet_sysctl_forward(const struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)2453 static int devinet_sysctl_forward(const struct ctl_table *ctl, int write,
2454 void *buffer, size_t *lenp, loff_t *ppos)
2455 {
2456 int *valp = ctl->data;
2457 int val = *valp;
2458 loff_t pos = *ppos;
2459 struct net *net = ctl->extra2;
2460 int ret;
2461
2462 if (write && !ns_capable(net->user_ns, CAP_NET_ADMIN))
2463 return -EPERM;
2464
2465 ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
2466
2467 if (write && *valp != val) {
2468 if (valp != &IPV4_DEVCONF_DFLT(net, FORWARDING)) {
2469 if (!rtnl_trylock()) {
2470 /* Restore the original values before restarting */
2471 *valp = val;
2472 *ppos = pos;
2473 return restart_syscall();
2474 }
2475 if (valp == &IPV4_DEVCONF_ALL(net, FORWARDING)) {
2476 inet_forward_change(net);
2477 } else {
2478 struct ipv4_devconf *cnf = ctl->extra1;
2479 struct in_device *idev =
2480 container_of(cnf, struct in_device, cnf);
2481 if (*valp)
2482 dev_disable_lro(idev->dev);
2483 inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
2484 NETCONFA_FORWARDING,
2485 idev->dev->ifindex,
2486 cnf);
2487 }
2488 rtnl_unlock();
2489 rt_cache_flush(net);
2490 } else
2491 inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
2492 NETCONFA_FORWARDING,
2493 NETCONFA_IFINDEX_DEFAULT,
2494 net->ipv4.devconf_dflt);
2495 }
2496
2497 return ret;
2498 }
2499
ipv4_doint_and_flush(const struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)2500 static int ipv4_doint_and_flush(const struct ctl_table *ctl, int write,
2501 void *buffer, size_t *lenp, loff_t *ppos)
2502 {
2503 int *valp = ctl->data;
2504 int val = *valp;
2505 int ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
2506 struct net *net = ctl->extra2;
2507
2508 if (write && *valp != val)
2509 rt_cache_flush(net);
2510
2511 return ret;
2512 }
2513
2514 #define DEVINET_SYSCTL_ENTRY(attr, name, mval, proc) \
2515 { \
2516 .procname = name, \
2517 .data = ipv4_devconf.data + \
2518 IPV4_DEVCONF_ ## attr - 1, \
2519 .maxlen = sizeof(int), \
2520 .mode = mval, \
2521 .proc_handler = proc, \
2522 .extra1 = &ipv4_devconf, \
2523 }
2524
2525 #define DEVINET_SYSCTL_RW_ENTRY(attr, name) \
2526 DEVINET_SYSCTL_ENTRY(attr, name, 0644, devinet_conf_proc)
2527
2528 #define DEVINET_SYSCTL_RO_ENTRY(attr, name) \
2529 DEVINET_SYSCTL_ENTRY(attr, name, 0444, devinet_conf_proc)
2530
2531 #define DEVINET_SYSCTL_COMPLEX_ENTRY(attr, name, proc) \
2532 DEVINET_SYSCTL_ENTRY(attr, name, 0644, proc)
2533
2534 #define DEVINET_SYSCTL_FLUSHING_ENTRY(attr, name) \
2535 DEVINET_SYSCTL_COMPLEX_ENTRY(attr, name, ipv4_doint_and_flush)
2536
2537 static struct devinet_sysctl_table {
2538 struct ctl_table_header *sysctl_header;
2539 struct ctl_table devinet_vars[IPV4_DEVCONF_MAX];
2540 } devinet_sysctl = {
2541 .devinet_vars = {
2542 DEVINET_SYSCTL_COMPLEX_ENTRY(FORWARDING, "forwarding",
2543 devinet_sysctl_forward),
2544 DEVINET_SYSCTL_RO_ENTRY(MC_FORWARDING, "mc_forwarding"),
2545 DEVINET_SYSCTL_RW_ENTRY(BC_FORWARDING, "bc_forwarding"),
2546
2547 DEVINET_SYSCTL_RW_ENTRY(ACCEPT_REDIRECTS, "accept_redirects"),
2548 DEVINET_SYSCTL_RW_ENTRY(SECURE_REDIRECTS, "secure_redirects"),
2549 DEVINET_SYSCTL_RW_ENTRY(SHARED_MEDIA, "shared_media"),
2550 DEVINET_SYSCTL_RW_ENTRY(RP_FILTER, "rp_filter"),
2551 DEVINET_SYSCTL_RW_ENTRY(SEND_REDIRECTS, "send_redirects"),
2552 DEVINET_SYSCTL_RW_ENTRY(ACCEPT_SOURCE_ROUTE,
2553 "accept_source_route"),
2554 DEVINET_SYSCTL_RW_ENTRY(ACCEPT_LOCAL, "accept_local"),
2555 DEVINET_SYSCTL_RW_ENTRY(SRC_VMARK, "src_valid_mark"),
2556 DEVINET_SYSCTL_RW_ENTRY(PROXY_ARP, "proxy_arp"),
2557 DEVINET_SYSCTL_RW_ENTRY(MEDIUM_ID, "medium_id"),
2558 DEVINET_SYSCTL_RW_ENTRY(BOOTP_RELAY, "bootp_relay"),
2559 DEVINET_SYSCTL_RW_ENTRY(LOG_MARTIANS, "log_martians"),
2560 DEVINET_SYSCTL_RW_ENTRY(TAG, "tag"),
2561 DEVINET_SYSCTL_RW_ENTRY(ARPFILTER, "arp_filter"),
2562 DEVINET_SYSCTL_RW_ENTRY(ARP_ANNOUNCE, "arp_announce"),
2563 DEVINET_SYSCTL_RW_ENTRY(ARP_IGNORE, "arp_ignore"),
2564 DEVINET_SYSCTL_RW_ENTRY(ARP_ACCEPT, "arp_accept"),
2565 DEVINET_SYSCTL_RW_ENTRY(ARP_NOTIFY, "arp_notify"),
2566 DEVINET_SYSCTL_RW_ENTRY(ARP_EVICT_NOCARRIER,
2567 "arp_evict_nocarrier"),
2568 DEVINET_SYSCTL_RW_ENTRY(PROXY_ARP_PVLAN, "proxy_arp_pvlan"),
2569 DEVINET_SYSCTL_RW_ENTRY(FORCE_IGMP_VERSION,
2570 "force_igmp_version"),
2571 DEVINET_SYSCTL_RW_ENTRY(IGMPV2_UNSOLICITED_REPORT_INTERVAL,
2572 "igmpv2_unsolicited_report_interval"),
2573 DEVINET_SYSCTL_RW_ENTRY(IGMPV3_UNSOLICITED_REPORT_INTERVAL,
2574 "igmpv3_unsolicited_report_interval"),
2575 DEVINET_SYSCTL_RW_ENTRY(IGNORE_ROUTES_WITH_LINKDOWN,
2576 "ignore_routes_with_linkdown"),
2577 DEVINET_SYSCTL_RW_ENTRY(DROP_GRATUITOUS_ARP,
2578 "drop_gratuitous_arp"),
2579
2580 DEVINET_SYSCTL_FLUSHING_ENTRY(NOXFRM, "disable_xfrm"),
2581 DEVINET_SYSCTL_FLUSHING_ENTRY(NOPOLICY, "disable_policy"),
2582 DEVINET_SYSCTL_FLUSHING_ENTRY(PROMOTE_SECONDARIES,
2583 "promote_secondaries"),
2584 DEVINET_SYSCTL_FLUSHING_ENTRY(ROUTE_LOCALNET,
2585 "route_localnet"),
2586 DEVINET_SYSCTL_FLUSHING_ENTRY(DROP_UNICAST_IN_L2_MULTICAST,
2587 "drop_unicast_in_l2_multicast"),
2588 },
2589 };
2590
__devinet_sysctl_register(struct net * net,char * dev_name,int ifindex,struct ipv4_devconf * p)2591 static int __devinet_sysctl_register(struct net *net, char *dev_name,
2592 int ifindex, struct ipv4_devconf *p)
2593 {
2594 int i;
2595 struct devinet_sysctl_table *t;
2596 char path[sizeof("net/ipv4/conf/") + IFNAMSIZ];
2597
2598 t = kmemdup(&devinet_sysctl, sizeof(*t), GFP_KERNEL_ACCOUNT);
2599 if (!t)
2600 goto out;
2601
2602 for (i = 0; i < ARRAY_SIZE(t->devinet_vars); i++) {
2603 t->devinet_vars[i].data += (char *)p - (char *)&ipv4_devconf;
2604 t->devinet_vars[i].extra1 = p;
2605 t->devinet_vars[i].extra2 = net;
2606 }
2607
2608 snprintf(path, sizeof(path), "net/ipv4/conf/%s", dev_name);
2609
2610 t->sysctl_header = register_net_sysctl(net, path, t->devinet_vars);
2611 if (!t->sysctl_header)
2612 goto free;
2613
2614 p->sysctl = t;
2615
2616 inet_netconf_notify_devconf(net, RTM_NEWNETCONF, NETCONFA_ALL,
2617 ifindex, p);
2618 return 0;
2619
2620 free:
2621 kfree(t);
2622 out:
2623 return -ENOMEM;
2624 }
2625
__devinet_sysctl_unregister(struct net * net,struct ipv4_devconf * cnf,int ifindex)2626 static void __devinet_sysctl_unregister(struct net *net,
2627 struct ipv4_devconf *cnf, int ifindex)
2628 {
2629 struct devinet_sysctl_table *t = cnf->sysctl;
2630
2631 if (t) {
2632 cnf->sysctl = NULL;
2633 unregister_net_sysctl_table(t->sysctl_header);
2634 kfree(t);
2635 }
2636
2637 inet_netconf_notify_devconf(net, RTM_DELNETCONF, 0, ifindex, NULL);
2638 }
2639
devinet_sysctl_register(struct in_device * idev)2640 static int devinet_sysctl_register(struct in_device *idev)
2641 {
2642 int err;
2643
2644 if (!sysctl_dev_name_is_allowed(idev->dev->name))
2645 return -EINVAL;
2646
2647 err = neigh_sysctl_register(idev->dev, idev->arp_parms, NULL);
2648 if (err)
2649 return err;
2650 err = __devinet_sysctl_register(dev_net(idev->dev), idev->dev->name,
2651 idev->dev->ifindex, &idev->cnf);
2652 if (err)
2653 neigh_sysctl_unregister(idev->arp_parms);
2654 return err;
2655 }
2656
devinet_sysctl_unregister(struct in_device * idev)2657 static void devinet_sysctl_unregister(struct in_device *idev)
2658 {
2659 struct net *net = dev_net(idev->dev);
2660
2661 __devinet_sysctl_unregister(net, &idev->cnf, idev->dev->ifindex);
2662 neigh_sysctl_unregister(idev->arp_parms);
2663 }
2664
2665 static struct ctl_table ctl_forward_entry[] = {
2666 {
2667 .procname = "ip_forward",
2668 .data = &ipv4_devconf.data[
2669 IPV4_DEVCONF_FORWARDING - 1],
2670 .maxlen = sizeof(int),
2671 .mode = 0644,
2672 .proc_handler = devinet_sysctl_forward,
2673 .extra1 = &ipv4_devconf,
2674 .extra2 = &init_net,
2675 },
2676 };
2677 #endif
2678
devinet_init_net(struct net * net)2679 static __net_init int devinet_init_net(struct net *net)
2680 {
2681 int err;
2682 struct ipv4_devconf *all, *dflt;
2683 #ifdef CONFIG_SYSCTL
2684 struct ctl_table *tbl;
2685 struct ctl_table_header *forw_hdr;
2686 #endif
2687
2688 err = -ENOMEM;
2689 all = kmemdup(&ipv4_devconf, sizeof(ipv4_devconf), GFP_KERNEL);
2690 if (!all)
2691 goto err_alloc_all;
2692
2693 dflt = kmemdup(&ipv4_devconf_dflt, sizeof(ipv4_devconf_dflt), GFP_KERNEL);
2694 if (!dflt)
2695 goto err_alloc_dflt;
2696
2697 #ifdef CONFIG_SYSCTL
2698 tbl = kmemdup(ctl_forward_entry, sizeof(ctl_forward_entry), GFP_KERNEL);
2699 if (!tbl)
2700 goto err_alloc_ctl;
2701
2702 tbl[0].data = &all->data[IPV4_DEVCONF_FORWARDING - 1];
2703 tbl[0].extra1 = all;
2704 tbl[0].extra2 = net;
2705 #endif
2706
2707 if (!net_eq(net, &init_net)) {
2708 switch (net_inherit_devconf()) {
2709 case 3:
2710 /* copy from the current netns */
2711 memcpy(all, current->nsproxy->net_ns->ipv4.devconf_all,
2712 sizeof(ipv4_devconf));
2713 memcpy(dflt,
2714 current->nsproxy->net_ns->ipv4.devconf_dflt,
2715 sizeof(ipv4_devconf_dflt));
2716 break;
2717 case 0:
2718 case 1:
2719 /* copy from init_net */
2720 memcpy(all, init_net.ipv4.devconf_all,
2721 sizeof(ipv4_devconf));
2722 memcpy(dflt, init_net.ipv4.devconf_dflt,
2723 sizeof(ipv4_devconf_dflt));
2724 break;
2725 case 2:
2726 /* use compiled values */
2727 break;
2728 }
2729 }
2730
2731 #ifdef CONFIG_SYSCTL
2732 err = __devinet_sysctl_register(net, "all", NETCONFA_IFINDEX_ALL, all);
2733 if (err < 0)
2734 goto err_reg_all;
2735
2736 err = __devinet_sysctl_register(net, "default",
2737 NETCONFA_IFINDEX_DEFAULT, dflt);
2738 if (err < 0)
2739 goto err_reg_dflt;
2740
2741 err = -ENOMEM;
2742 forw_hdr = register_net_sysctl_sz(net, "net/ipv4", tbl,
2743 ARRAY_SIZE(ctl_forward_entry));
2744 if (!forw_hdr)
2745 goto err_reg_ctl;
2746 net->ipv4.forw_hdr = forw_hdr;
2747 #endif
2748
2749 net->ipv4.devconf_all = all;
2750 net->ipv4.devconf_dflt = dflt;
2751 return 0;
2752
2753 #ifdef CONFIG_SYSCTL
2754 err_reg_ctl:
2755 __devinet_sysctl_unregister(net, dflt, NETCONFA_IFINDEX_DEFAULT);
2756 err_reg_dflt:
2757 __devinet_sysctl_unregister(net, all, NETCONFA_IFINDEX_ALL);
2758 err_reg_all:
2759 kfree(tbl);
2760 err_alloc_ctl:
2761 #endif
2762 kfree(dflt);
2763 err_alloc_dflt:
2764 kfree(all);
2765 err_alloc_all:
2766 return err;
2767 }
2768
devinet_exit_net(struct net * net)2769 static __net_exit void devinet_exit_net(struct net *net)
2770 {
2771 #ifdef CONFIG_SYSCTL
2772 const struct ctl_table *tbl;
2773
2774 tbl = net->ipv4.forw_hdr->ctl_table_arg;
2775 unregister_net_sysctl_table(net->ipv4.forw_hdr);
2776 __devinet_sysctl_unregister(net, net->ipv4.devconf_dflt,
2777 NETCONFA_IFINDEX_DEFAULT);
2778 __devinet_sysctl_unregister(net, net->ipv4.devconf_all,
2779 NETCONFA_IFINDEX_ALL);
2780 kfree(tbl);
2781 #endif
2782 kfree(net->ipv4.devconf_dflt);
2783 kfree(net->ipv4.devconf_all);
2784 }
2785
2786 static __net_initdata struct pernet_operations devinet_ops = {
2787 .init = devinet_init_net,
2788 .exit = devinet_exit_net,
2789 };
2790
2791 static struct rtnl_af_ops inet_af_ops __read_mostly = {
2792 .family = AF_INET,
2793 .fill_link_af = inet_fill_link_af,
2794 .get_link_af_size = inet_get_link_af_size,
2795 .validate_link_af = inet_validate_link_af,
2796 .set_link_af = inet_set_link_af,
2797 };
2798
devinet_init(void)2799 void __init devinet_init(void)
2800 {
2801 int i;
2802
2803 for (i = 0; i < IN4_ADDR_HSIZE; i++)
2804 INIT_HLIST_HEAD(&inet_addr_lst[i]);
2805
2806 register_pernet_subsys(&devinet_ops);
2807 register_netdevice_notifier(&ip_netdev_notifier);
2808
2809 queue_delayed_work(system_power_efficient_wq, &check_lifetime_work, 0);
2810
2811 rtnl_af_register(&inet_af_ops);
2812
2813 rtnl_register(PF_INET, RTM_NEWADDR, inet_rtm_newaddr, NULL, 0);
2814 rtnl_register(PF_INET, RTM_DELADDR, inet_rtm_deladdr, NULL, 0);
2815 rtnl_register(PF_INET, RTM_GETADDR, NULL, inet_dump_ifaddr,
2816 RTNL_FLAG_DUMP_UNLOCKED | RTNL_FLAG_DUMP_SPLIT_NLM_DONE);
2817 rtnl_register(PF_INET, RTM_GETNETCONF, inet_netconf_get_devconf,
2818 inet_netconf_dump_devconf,
2819 RTNL_FLAG_DOIT_UNLOCKED | RTNL_FLAG_DUMP_UNLOCKED);
2820 }
2821