1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * NET3 IP device support routines. 4 * 5 * Derived from the IP parts of dev.c 1.0.19 6 * Authors: Ross Biro 7 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG> 8 * Mark Evans, <evansmp@uhura.aston.ac.uk> 9 * 10 * Additional Authors: 11 * Alan Cox, <gw4pts@gw4pts.ampr.org> 12 * Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru> 13 * 14 * Changes: 15 * Alexey Kuznetsov: pa_* fields are replaced with ifaddr 16 * lists. 17 * Cyrus Durgin: updated for kmod 18 * Matthias Andree: in devinet_ioctl, compare label and 19 * address (4.4BSD alias style support), 20 * fall back to comparing just the label 21 * if no match found. 22 */ 23 24 25 #include <linux/uaccess.h> 26 #include <linux/bitops.h> 27 #include <linux/capability.h> 28 #include <linux/module.h> 29 #include <linux/types.h> 30 #include <linux/kernel.h> 31 #include <linux/sched/signal.h> 32 #include <linux/string.h> 33 #include <linux/mm.h> 34 #include <linux/socket.h> 35 #include <linux/sockios.h> 36 #include <linux/in.h> 37 #include <linux/errno.h> 38 #include <linux/interrupt.h> 39 #include <linux/if_addr.h> 40 #include <linux/if_ether.h> 41 #include <linux/inet.h> 42 #include <linux/netdevice.h> 43 #include <linux/etherdevice.h> 44 #include <linux/skbuff.h> 45 #include <linux/init.h> 46 #include <linux/notifier.h> 47 #include <linux/inetdevice.h> 48 #include <linux/igmp.h> 49 #include <linux/slab.h> 50 #include <linux/hash.h> 51 #ifdef CONFIG_SYSCTL 52 #include <linux/sysctl.h> 53 #endif 54 #include <linux/kmod.h> 55 #include <linux/netconf.h> 56 57 #include <net/arp.h> 58 #include <net/ip.h> 59 #include <net/route.h> 60 #include <net/ip_fib.h> 61 #include <net/rtnetlink.h> 62 #include <net/net_namespace.h> 63 #include <net/addrconf.h> 64 65 static struct ipv4_devconf ipv4_devconf = { 66 .data = { 67 [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 1, 68 [IPV4_DEVCONF_SEND_REDIRECTS - 1] = 1, 69 [IPV4_DEVCONF_SECURE_REDIRECTS - 1] = 1, 70 [IPV4_DEVCONF_SHARED_MEDIA - 1] = 1, 71 [IPV4_DEVCONF_IGMPV2_UNSOLICITED_REPORT_INTERVAL - 1] = 10000 /*ms*/, 72 [IPV4_DEVCONF_IGMPV3_UNSOLICITED_REPORT_INTERVAL - 1] = 1000 /*ms*/, 73 }, 74 }; 75 76 static struct ipv4_devconf ipv4_devconf_dflt = { 77 .data = { 78 [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 1, 79 [IPV4_DEVCONF_SEND_REDIRECTS - 1] = 1, 80 [IPV4_DEVCONF_SECURE_REDIRECTS - 1] = 1, 81 [IPV4_DEVCONF_SHARED_MEDIA - 1] = 1, 82 [IPV4_DEVCONF_ACCEPT_SOURCE_ROUTE - 1] = 1, 83 [IPV4_DEVCONF_IGMPV2_UNSOLICITED_REPORT_INTERVAL - 1] = 10000 /*ms*/, 84 [IPV4_DEVCONF_IGMPV3_UNSOLICITED_REPORT_INTERVAL - 1] = 1000 /*ms*/, 85 }, 86 }; 87 88 #define IPV4_DEVCONF_DFLT(net, attr) \ 89 IPV4_DEVCONF((*net->ipv4.devconf_dflt), attr) 90 91 static const struct nla_policy ifa_ipv4_policy[IFA_MAX+1] = { 92 [IFA_LOCAL] = { .type = NLA_U32 }, 93 [IFA_ADDRESS] = { .type = NLA_U32 }, 94 [IFA_BROADCAST] = { .type = NLA_U32 }, 95 [IFA_LABEL] = { .type = NLA_STRING, .len = IFNAMSIZ - 1 }, 96 [IFA_CACHEINFO] = { .len = sizeof(struct ifa_cacheinfo) }, 97 [IFA_FLAGS] = { .type = NLA_U32 }, 98 [IFA_RT_PRIORITY] = { .type = NLA_U32 }, 99 [IFA_TARGET_NETNSID] = { .type = NLA_S32 }, 100 }; 101 102 struct inet_fill_args { 103 u32 portid; 104 u32 seq; 105 int event; 106 unsigned int flags; 107 int netnsid; 108 int ifindex; 109 }; 110 111 #define IN4_ADDR_HSIZE_SHIFT 8 112 #define IN4_ADDR_HSIZE (1U << IN4_ADDR_HSIZE_SHIFT) 113 114 static struct hlist_head inet_addr_lst[IN4_ADDR_HSIZE]; 115 116 static u32 inet_addr_hash(const struct net *net, __be32 addr) 117 { 118 u32 val = (__force u32) addr ^ net_hash_mix(net); 119 120 return hash_32(val, IN4_ADDR_HSIZE_SHIFT); 121 } 122 123 static void inet_hash_insert(struct net *net, struct in_ifaddr *ifa) 124 { 125 u32 hash = inet_addr_hash(net, ifa->ifa_local); 126 127 ASSERT_RTNL(); 128 hlist_add_head_rcu(&ifa->hash, &inet_addr_lst[hash]); 129 } 130 131 static void inet_hash_remove(struct in_ifaddr *ifa) 132 { 133 ASSERT_RTNL(); 134 hlist_del_init_rcu(&ifa->hash); 135 } 136 137 /** 138 * __ip_dev_find - find the first device with a given source address. 139 * @net: the net namespace 140 * @addr: the source address 141 * @devref: if true, take a reference on the found device 142 * 143 * If a caller uses devref=false, it should be protected by RCU, or RTNL 144 */ 145 struct net_device *__ip_dev_find(struct net *net, __be32 addr, bool devref) 146 { 147 struct net_device *result = NULL; 148 struct in_ifaddr *ifa; 149 150 rcu_read_lock(); 151 ifa = inet_lookup_ifaddr_rcu(net, addr); 152 if (!ifa) { 153 struct flowi4 fl4 = { .daddr = addr }; 154 struct fib_result res = { 0 }; 155 struct fib_table *local; 156 157 /* Fallback to FIB local table so that communication 158 * over loopback subnets work. 159 */ 160 local = fib_get_table(net, RT_TABLE_LOCAL); 161 if (local && 162 !fib_table_lookup(local, &fl4, &res, FIB_LOOKUP_NOREF) && 163 res.type == RTN_LOCAL) 164 result = FIB_RES_DEV(res); 165 } else { 166 result = ifa->ifa_dev->dev; 167 } 168 if (result && devref) 169 dev_hold(result); 170 rcu_read_unlock(); 171 return result; 172 } 173 EXPORT_SYMBOL(__ip_dev_find); 174 175 /* called under RCU lock */ 176 struct in_ifaddr *inet_lookup_ifaddr_rcu(struct net *net, __be32 addr) 177 { 178 u32 hash = inet_addr_hash(net, addr); 179 struct in_ifaddr *ifa; 180 181 hlist_for_each_entry_rcu(ifa, &inet_addr_lst[hash], hash) 182 if (ifa->ifa_local == addr && 183 net_eq(dev_net(ifa->ifa_dev->dev), net)) 184 return ifa; 185 186 return NULL; 187 } 188 189 static void rtmsg_ifa(int event, struct in_ifaddr *, struct nlmsghdr *, u32); 190 191 static BLOCKING_NOTIFIER_HEAD(inetaddr_chain); 192 static BLOCKING_NOTIFIER_HEAD(inetaddr_validator_chain); 193 static void inet_del_ifa(struct in_device *in_dev, 194 struct in_ifaddr __rcu **ifap, 195 int destroy); 196 #ifdef CONFIG_SYSCTL 197 static int devinet_sysctl_register(struct in_device *idev); 198 static void devinet_sysctl_unregister(struct in_device *idev); 199 #else 200 static int devinet_sysctl_register(struct in_device *idev) 201 { 202 return 0; 203 } 204 static void devinet_sysctl_unregister(struct in_device *idev) 205 { 206 } 207 #endif 208 209 /* Locks all the inet devices. */ 210 211 static struct in_ifaddr *inet_alloc_ifa(void) 212 { 213 return kzalloc(sizeof(struct in_ifaddr), GFP_KERNEL); 214 } 215 216 static void inet_rcu_free_ifa(struct rcu_head *head) 217 { 218 struct in_ifaddr *ifa = container_of(head, struct in_ifaddr, rcu_head); 219 if (ifa->ifa_dev) 220 in_dev_put(ifa->ifa_dev); 221 kfree(ifa); 222 } 223 224 static void inet_free_ifa(struct in_ifaddr *ifa) 225 { 226 call_rcu(&ifa->rcu_head, inet_rcu_free_ifa); 227 } 228 229 void in_dev_finish_destroy(struct in_device *idev) 230 { 231 struct net_device *dev = idev->dev; 232 233 WARN_ON(idev->ifa_list); 234 WARN_ON(idev->mc_list); 235 kfree(rcu_dereference_protected(idev->mc_hash, 1)); 236 #ifdef NET_REFCNT_DEBUG 237 pr_debug("%s: %p=%s\n", __func__, idev, dev ? dev->name : "NIL"); 238 #endif 239 dev_put(dev); 240 if (!idev->dead) 241 pr_err("Freeing alive in_device %p\n", idev); 242 else 243 kfree(idev); 244 } 245 EXPORT_SYMBOL(in_dev_finish_destroy); 246 247 static struct in_device *inetdev_init(struct net_device *dev) 248 { 249 struct in_device *in_dev; 250 int err = -ENOMEM; 251 252 ASSERT_RTNL(); 253 254 in_dev = kzalloc(sizeof(*in_dev), GFP_KERNEL); 255 if (!in_dev) 256 goto out; 257 memcpy(&in_dev->cnf, dev_net(dev)->ipv4.devconf_dflt, 258 sizeof(in_dev->cnf)); 259 in_dev->cnf.sysctl = NULL; 260 in_dev->dev = dev; 261 in_dev->arp_parms = neigh_parms_alloc(dev, &arp_tbl); 262 if (!in_dev->arp_parms) 263 goto out_kfree; 264 if (IPV4_DEVCONF(in_dev->cnf, FORWARDING)) 265 dev_disable_lro(dev); 266 /* Reference in_dev->dev */ 267 dev_hold(dev); 268 /* Account for reference dev->ip_ptr (below) */ 269 refcount_set(&in_dev->refcnt, 1); 270 271 err = devinet_sysctl_register(in_dev); 272 if (err) { 273 in_dev->dead = 1; 274 in_dev_put(in_dev); 275 in_dev = NULL; 276 goto out; 277 } 278 ip_mc_init_dev(in_dev); 279 if (dev->flags & IFF_UP) 280 ip_mc_up(in_dev); 281 282 /* we can receive as soon as ip_ptr is set -- do this last */ 283 rcu_assign_pointer(dev->ip_ptr, in_dev); 284 out: 285 return in_dev ?: ERR_PTR(err); 286 out_kfree: 287 kfree(in_dev); 288 in_dev = NULL; 289 goto out; 290 } 291 292 static void in_dev_rcu_put(struct rcu_head *head) 293 { 294 struct in_device *idev = container_of(head, struct in_device, rcu_head); 295 in_dev_put(idev); 296 } 297 298 static void inetdev_destroy(struct in_device *in_dev) 299 { 300 struct net_device *dev; 301 struct in_ifaddr *ifa; 302 303 ASSERT_RTNL(); 304 305 dev = in_dev->dev; 306 307 in_dev->dead = 1; 308 309 ip_mc_destroy_dev(in_dev); 310 311 while ((ifa = rtnl_dereference(in_dev->ifa_list)) != NULL) { 312 inet_del_ifa(in_dev, &in_dev->ifa_list, 0); 313 inet_free_ifa(ifa); 314 } 315 316 RCU_INIT_POINTER(dev->ip_ptr, NULL); 317 318 devinet_sysctl_unregister(in_dev); 319 neigh_parms_release(&arp_tbl, in_dev->arp_parms); 320 arp_ifdown(dev); 321 322 call_rcu(&in_dev->rcu_head, in_dev_rcu_put); 323 } 324 325 int inet_addr_onlink(struct in_device *in_dev, __be32 a, __be32 b) 326 { 327 const struct in_ifaddr *ifa; 328 329 rcu_read_lock(); 330 in_dev_for_each_ifa_rcu(ifa, in_dev) { 331 if (inet_ifa_match(a, ifa)) { 332 if (!b || inet_ifa_match(b, ifa)) { 333 rcu_read_unlock(); 334 return 1; 335 } 336 } 337 } 338 rcu_read_unlock(); 339 return 0; 340 } 341 342 static void __inet_del_ifa(struct in_device *in_dev, 343 struct in_ifaddr __rcu **ifap, 344 int destroy, struct nlmsghdr *nlh, u32 portid) 345 { 346 struct in_ifaddr *promote = NULL; 347 struct in_ifaddr *ifa, *ifa1; 348 struct in_ifaddr *last_prim; 349 struct in_ifaddr *prev_prom = NULL; 350 int do_promote = IN_DEV_PROMOTE_SECONDARIES(in_dev); 351 352 ASSERT_RTNL(); 353 354 ifa1 = rtnl_dereference(*ifap); 355 last_prim = rtnl_dereference(in_dev->ifa_list); 356 if (in_dev->dead) 357 goto no_promotions; 358 359 /* 1. Deleting primary ifaddr forces deletion all secondaries 360 * unless alias promotion is set 361 **/ 362 363 if (!(ifa1->ifa_flags & IFA_F_SECONDARY)) { 364 struct in_ifaddr __rcu **ifap1 = &ifa1->ifa_next; 365 366 while ((ifa = rtnl_dereference(*ifap1)) != NULL) { 367 if (!(ifa->ifa_flags & IFA_F_SECONDARY) && 368 ifa1->ifa_scope <= ifa->ifa_scope) 369 last_prim = ifa; 370 371 if (!(ifa->ifa_flags & IFA_F_SECONDARY) || 372 ifa1->ifa_mask != ifa->ifa_mask || 373 !inet_ifa_match(ifa1->ifa_address, ifa)) { 374 ifap1 = &ifa->ifa_next; 375 prev_prom = ifa; 376 continue; 377 } 378 379 if (!do_promote) { 380 inet_hash_remove(ifa); 381 *ifap1 = ifa->ifa_next; 382 383 rtmsg_ifa(RTM_DELADDR, ifa, nlh, portid); 384 blocking_notifier_call_chain(&inetaddr_chain, 385 NETDEV_DOWN, ifa); 386 inet_free_ifa(ifa); 387 } else { 388 promote = ifa; 389 break; 390 } 391 } 392 } 393 394 /* On promotion all secondaries from subnet are changing 395 * the primary IP, we must remove all their routes silently 396 * and later to add them back with new prefsrc. Do this 397 * while all addresses are on the device list. 398 */ 399 for (ifa = promote; ifa; ifa = rtnl_dereference(ifa->ifa_next)) { 400 if (ifa1->ifa_mask == ifa->ifa_mask && 401 inet_ifa_match(ifa1->ifa_address, ifa)) 402 fib_del_ifaddr(ifa, ifa1); 403 } 404 405 no_promotions: 406 /* 2. Unlink it */ 407 408 *ifap = ifa1->ifa_next; 409 inet_hash_remove(ifa1); 410 411 /* 3. Announce address deletion */ 412 413 /* Send message first, then call notifier. 414 At first sight, FIB update triggered by notifier 415 will refer to already deleted ifaddr, that could confuse 416 netlink listeners. It is not true: look, gated sees 417 that route deleted and if it still thinks that ifaddr 418 is valid, it will try to restore deleted routes... Grr. 419 So that, this order is correct. 420 */ 421 rtmsg_ifa(RTM_DELADDR, ifa1, nlh, portid); 422 blocking_notifier_call_chain(&inetaddr_chain, NETDEV_DOWN, ifa1); 423 424 if (promote) { 425 struct in_ifaddr *next_sec; 426 427 next_sec = rtnl_dereference(promote->ifa_next); 428 if (prev_prom) { 429 struct in_ifaddr *last_sec; 430 431 last_sec = rtnl_dereference(last_prim->ifa_next); 432 rcu_assign_pointer(prev_prom->ifa_next, next_sec); 433 rcu_assign_pointer(promote->ifa_next, last_sec); 434 rcu_assign_pointer(last_prim->ifa_next, promote); 435 } 436 437 promote->ifa_flags &= ~IFA_F_SECONDARY; 438 rtmsg_ifa(RTM_NEWADDR, promote, nlh, portid); 439 blocking_notifier_call_chain(&inetaddr_chain, 440 NETDEV_UP, promote); 441 for (ifa = next_sec; ifa; 442 ifa = rtnl_dereference(ifa->ifa_next)) { 443 if (ifa1->ifa_mask != ifa->ifa_mask || 444 !inet_ifa_match(ifa1->ifa_address, ifa)) 445 continue; 446 fib_add_ifaddr(ifa); 447 } 448 449 } 450 if (destroy) 451 inet_free_ifa(ifa1); 452 } 453 454 static void inet_del_ifa(struct in_device *in_dev, 455 struct in_ifaddr __rcu **ifap, 456 int destroy) 457 { 458 __inet_del_ifa(in_dev, ifap, destroy, NULL, 0); 459 } 460 461 static void check_lifetime(struct work_struct *work); 462 463 static DECLARE_DELAYED_WORK(check_lifetime_work, check_lifetime); 464 465 static int __inet_insert_ifa(struct in_ifaddr *ifa, struct nlmsghdr *nlh, 466 u32 portid, struct netlink_ext_ack *extack) 467 { 468 struct in_ifaddr __rcu **last_primary, **ifap; 469 struct in_device *in_dev = ifa->ifa_dev; 470 struct in_validator_info ivi; 471 struct in_ifaddr *ifa1; 472 int ret; 473 474 ASSERT_RTNL(); 475 476 if (!ifa->ifa_local) { 477 inet_free_ifa(ifa); 478 return 0; 479 } 480 481 ifa->ifa_flags &= ~IFA_F_SECONDARY; 482 last_primary = &in_dev->ifa_list; 483 484 ifap = &in_dev->ifa_list; 485 ifa1 = rtnl_dereference(*ifap); 486 487 while (ifa1) { 488 if (!(ifa1->ifa_flags & IFA_F_SECONDARY) && 489 ifa->ifa_scope <= ifa1->ifa_scope) 490 last_primary = &ifa1->ifa_next; 491 if (ifa1->ifa_mask == ifa->ifa_mask && 492 inet_ifa_match(ifa1->ifa_address, ifa)) { 493 if (ifa1->ifa_local == ifa->ifa_local) { 494 inet_free_ifa(ifa); 495 return -EEXIST; 496 } 497 if (ifa1->ifa_scope != ifa->ifa_scope) { 498 inet_free_ifa(ifa); 499 return -EINVAL; 500 } 501 ifa->ifa_flags |= IFA_F_SECONDARY; 502 } 503 504 ifap = &ifa1->ifa_next; 505 ifa1 = rtnl_dereference(*ifap); 506 } 507 508 /* Allow any devices that wish to register ifaddr validtors to weigh 509 * in now, before changes are committed. The rntl lock is serializing 510 * access here, so the state should not change between a validator call 511 * and a final notify on commit. This isn't invoked on promotion under 512 * the assumption that validators are checking the address itself, and 513 * not the flags. 514 */ 515 ivi.ivi_addr = ifa->ifa_address; 516 ivi.ivi_dev = ifa->ifa_dev; 517 ivi.extack = extack; 518 ret = blocking_notifier_call_chain(&inetaddr_validator_chain, 519 NETDEV_UP, &ivi); 520 ret = notifier_to_errno(ret); 521 if (ret) { 522 inet_free_ifa(ifa); 523 return ret; 524 } 525 526 if (!(ifa->ifa_flags & IFA_F_SECONDARY)) { 527 prandom_seed((__force u32) ifa->ifa_local); 528 ifap = last_primary; 529 } 530 531 rcu_assign_pointer(ifa->ifa_next, *ifap); 532 rcu_assign_pointer(*ifap, ifa); 533 534 inet_hash_insert(dev_net(in_dev->dev), ifa); 535 536 cancel_delayed_work(&check_lifetime_work); 537 queue_delayed_work(system_power_efficient_wq, &check_lifetime_work, 0); 538 539 /* Send message first, then call notifier. 540 Notifier will trigger FIB update, so that 541 listeners of netlink will know about new ifaddr */ 542 rtmsg_ifa(RTM_NEWADDR, ifa, nlh, portid); 543 blocking_notifier_call_chain(&inetaddr_chain, NETDEV_UP, ifa); 544 545 return 0; 546 } 547 548 static int inet_insert_ifa(struct in_ifaddr *ifa) 549 { 550 return __inet_insert_ifa(ifa, NULL, 0, NULL); 551 } 552 553 static int inet_set_ifa(struct net_device *dev, struct in_ifaddr *ifa) 554 { 555 struct in_device *in_dev = __in_dev_get_rtnl(dev); 556 557 ASSERT_RTNL(); 558 559 if (!in_dev) { 560 inet_free_ifa(ifa); 561 return -ENOBUFS; 562 } 563 ipv4_devconf_setall(in_dev); 564 neigh_parms_data_state_setall(in_dev->arp_parms); 565 if (ifa->ifa_dev != in_dev) { 566 WARN_ON(ifa->ifa_dev); 567 in_dev_hold(in_dev); 568 ifa->ifa_dev = in_dev; 569 } 570 if (ipv4_is_loopback(ifa->ifa_local)) 571 ifa->ifa_scope = RT_SCOPE_HOST; 572 return inet_insert_ifa(ifa); 573 } 574 575 /* Caller must hold RCU or RTNL : 576 * We dont take a reference on found in_device 577 */ 578 struct in_device *inetdev_by_index(struct net *net, int ifindex) 579 { 580 struct net_device *dev; 581 struct in_device *in_dev = NULL; 582 583 rcu_read_lock(); 584 dev = dev_get_by_index_rcu(net, ifindex); 585 if (dev) 586 in_dev = rcu_dereference_rtnl(dev->ip_ptr); 587 rcu_read_unlock(); 588 return in_dev; 589 } 590 EXPORT_SYMBOL(inetdev_by_index); 591 592 /* Called only from RTNL semaphored context. No locks. */ 593 594 struct in_ifaddr *inet_ifa_byprefix(struct in_device *in_dev, __be32 prefix, 595 __be32 mask) 596 { 597 struct in_ifaddr *ifa; 598 599 ASSERT_RTNL(); 600 601 in_dev_for_each_ifa_rtnl(ifa, in_dev) { 602 if (ifa->ifa_mask == mask && inet_ifa_match(prefix, ifa)) 603 return ifa; 604 } 605 return NULL; 606 } 607 608 static int ip_mc_config(struct sock *sk, bool join, const struct in_ifaddr *ifa) 609 { 610 struct ip_mreqn mreq = { 611 .imr_multiaddr.s_addr = ifa->ifa_address, 612 .imr_ifindex = ifa->ifa_dev->dev->ifindex, 613 }; 614 int ret; 615 616 ASSERT_RTNL(); 617 618 lock_sock(sk); 619 if (join) 620 ret = ip_mc_join_group(sk, &mreq); 621 else 622 ret = ip_mc_leave_group(sk, &mreq); 623 release_sock(sk); 624 625 return ret; 626 } 627 628 static int inet_rtm_deladdr(struct sk_buff *skb, struct nlmsghdr *nlh, 629 struct netlink_ext_ack *extack) 630 { 631 struct net *net = sock_net(skb->sk); 632 struct in_ifaddr __rcu **ifap; 633 struct nlattr *tb[IFA_MAX+1]; 634 struct in_device *in_dev; 635 struct ifaddrmsg *ifm; 636 struct in_ifaddr *ifa; 637 638 int err = -EINVAL; 639 640 ASSERT_RTNL(); 641 642 err = nlmsg_parse_deprecated(nlh, sizeof(*ifm), tb, IFA_MAX, 643 ifa_ipv4_policy, extack); 644 if (err < 0) 645 goto errout; 646 647 ifm = nlmsg_data(nlh); 648 in_dev = inetdev_by_index(net, ifm->ifa_index); 649 if (!in_dev) { 650 err = -ENODEV; 651 goto errout; 652 } 653 654 for (ifap = &in_dev->ifa_list; (ifa = rtnl_dereference(*ifap)) != NULL; 655 ifap = &ifa->ifa_next) { 656 if (tb[IFA_LOCAL] && 657 ifa->ifa_local != nla_get_in_addr(tb[IFA_LOCAL])) 658 continue; 659 660 if (tb[IFA_LABEL] && nla_strcmp(tb[IFA_LABEL], ifa->ifa_label)) 661 continue; 662 663 if (tb[IFA_ADDRESS] && 664 (ifm->ifa_prefixlen != ifa->ifa_prefixlen || 665 !inet_ifa_match(nla_get_in_addr(tb[IFA_ADDRESS]), ifa))) 666 continue; 667 668 if (ipv4_is_multicast(ifa->ifa_address)) 669 ip_mc_config(net->ipv4.mc_autojoin_sk, false, ifa); 670 __inet_del_ifa(in_dev, ifap, 1, nlh, NETLINK_CB(skb).portid); 671 return 0; 672 } 673 674 err = -EADDRNOTAVAIL; 675 errout: 676 return err; 677 } 678 679 #define INFINITY_LIFE_TIME 0xFFFFFFFF 680 681 static void check_lifetime(struct work_struct *work) 682 { 683 unsigned long now, next, next_sec, next_sched; 684 struct in_ifaddr *ifa; 685 struct hlist_node *n; 686 int i; 687 688 now = jiffies; 689 next = round_jiffies_up(now + ADDR_CHECK_FREQUENCY); 690 691 for (i = 0; i < IN4_ADDR_HSIZE; i++) { 692 bool change_needed = false; 693 694 rcu_read_lock(); 695 hlist_for_each_entry_rcu(ifa, &inet_addr_lst[i], hash) { 696 unsigned long age; 697 698 if (ifa->ifa_flags & IFA_F_PERMANENT) 699 continue; 700 701 /* We try to batch several events at once. */ 702 age = (now - ifa->ifa_tstamp + 703 ADDRCONF_TIMER_FUZZ_MINUS) / HZ; 704 705 if (ifa->ifa_valid_lft != INFINITY_LIFE_TIME && 706 age >= ifa->ifa_valid_lft) { 707 change_needed = true; 708 } else if (ifa->ifa_preferred_lft == 709 INFINITY_LIFE_TIME) { 710 continue; 711 } else if (age >= ifa->ifa_preferred_lft) { 712 if (time_before(ifa->ifa_tstamp + 713 ifa->ifa_valid_lft * HZ, next)) 714 next = ifa->ifa_tstamp + 715 ifa->ifa_valid_lft * HZ; 716 717 if (!(ifa->ifa_flags & IFA_F_DEPRECATED)) 718 change_needed = true; 719 } else if (time_before(ifa->ifa_tstamp + 720 ifa->ifa_preferred_lft * HZ, 721 next)) { 722 next = ifa->ifa_tstamp + 723 ifa->ifa_preferred_lft * HZ; 724 } 725 } 726 rcu_read_unlock(); 727 if (!change_needed) 728 continue; 729 rtnl_lock(); 730 hlist_for_each_entry_safe(ifa, n, &inet_addr_lst[i], hash) { 731 unsigned long age; 732 733 if (ifa->ifa_flags & IFA_F_PERMANENT) 734 continue; 735 736 /* We try to batch several events at once. */ 737 age = (now - ifa->ifa_tstamp + 738 ADDRCONF_TIMER_FUZZ_MINUS) / HZ; 739 740 if (ifa->ifa_valid_lft != INFINITY_LIFE_TIME && 741 age >= ifa->ifa_valid_lft) { 742 struct in_ifaddr __rcu **ifap; 743 struct in_ifaddr *tmp; 744 745 ifap = &ifa->ifa_dev->ifa_list; 746 tmp = rtnl_dereference(*ifap); 747 while (tmp) { 748 if (tmp == ifa) { 749 inet_del_ifa(ifa->ifa_dev, 750 ifap, 1); 751 break; 752 } 753 ifap = &tmp->ifa_next; 754 tmp = rtnl_dereference(*ifap); 755 } 756 } else if (ifa->ifa_preferred_lft != 757 INFINITY_LIFE_TIME && 758 age >= ifa->ifa_preferred_lft && 759 !(ifa->ifa_flags & IFA_F_DEPRECATED)) { 760 ifa->ifa_flags |= IFA_F_DEPRECATED; 761 rtmsg_ifa(RTM_NEWADDR, ifa, NULL, 0); 762 } 763 } 764 rtnl_unlock(); 765 } 766 767 next_sec = round_jiffies_up(next); 768 next_sched = next; 769 770 /* If rounded timeout is accurate enough, accept it. */ 771 if (time_before(next_sec, next + ADDRCONF_TIMER_FUZZ)) 772 next_sched = next_sec; 773 774 now = jiffies; 775 /* And minimum interval is ADDRCONF_TIMER_FUZZ_MAX. */ 776 if (time_before(next_sched, now + ADDRCONF_TIMER_FUZZ_MAX)) 777 next_sched = now + ADDRCONF_TIMER_FUZZ_MAX; 778 779 queue_delayed_work(system_power_efficient_wq, &check_lifetime_work, 780 next_sched - now); 781 } 782 783 static void set_ifa_lifetime(struct in_ifaddr *ifa, __u32 valid_lft, 784 __u32 prefered_lft) 785 { 786 unsigned long timeout; 787 788 ifa->ifa_flags &= ~(IFA_F_PERMANENT | IFA_F_DEPRECATED); 789 790 timeout = addrconf_timeout_fixup(valid_lft, HZ); 791 if (addrconf_finite_timeout(timeout)) 792 ifa->ifa_valid_lft = timeout; 793 else 794 ifa->ifa_flags |= IFA_F_PERMANENT; 795 796 timeout = addrconf_timeout_fixup(prefered_lft, HZ); 797 if (addrconf_finite_timeout(timeout)) { 798 if (timeout == 0) 799 ifa->ifa_flags |= IFA_F_DEPRECATED; 800 ifa->ifa_preferred_lft = timeout; 801 } 802 ifa->ifa_tstamp = jiffies; 803 if (!ifa->ifa_cstamp) 804 ifa->ifa_cstamp = ifa->ifa_tstamp; 805 } 806 807 static struct in_ifaddr *rtm_to_ifaddr(struct net *net, struct nlmsghdr *nlh, 808 __u32 *pvalid_lft, __u32 *pprefered_lft, 809 struct netlink_ext_ack *extack) 810 { 811 struct nlattr *tb[IFA_MAX+1]; 812 struct in_ifaddr *ifa; 813 struct ifaddrmsg *ifm; 814 struct net_device *dev; 815 struct in_device *in_dev; 816 int err; 817 818 err = nlmsg_parse_deprecated(nlh, sizeof(*ifm), tb, IFA_MAX, 819 ifa_ipv4_policy, extack); 820 if (err < 0) 821 goto errout; 822 823 ifm = nlmsg_data(nlh); 824 err = -EINVAL; 825 if (ifm->ifa_prefixlen > 32 || !tb[IFA_LOCAL]) 826 goto errout; 827 828 dev = __dev_get_by_index(net, ifm->ifa_index); 829 err = -ENODEV; 830 if (!dev) 831 goto errout; 832 833 in_dev = __in_dev_get_rtnl(dev); 834 err = -ENOBUFS; 835 if (!in_dev) 836 goto errout; 837 838 ifa = inet_alloc_ifa(); 839 if (!ifa) 840 /* 841 * A potential indev allocation can be left alive, it stays 842 * assigned to its device and is destroy with it. 843 */ 844 goto errout; 845 846 ipv4_devconf_setall(in_dev); 847 neigh_parms_data_state_setall(in_dev->arp_parms); 848 in_dev_hold(in_dev); 849 850 if (!tb[IFA_ADDRESS]) 851 tb[IFA_ADDRESS] = tb[IFA_LOCAL]; 852 853 INIT_HLIST_NODE(&ifa->hash); 854 ifa->ifa_prefixlen = ifm->ifa_prefixlen; 855 ifa->ifa_mask = inet_make_mask(ifm->ifa_prefixlen); 856 ifa->ifa_flags = tb[IFA_FLAGS] ? nla_get_u32(tb[IFA_FLAGS]) : 857 ifm->ifa_flags; 858 ifa->ifa_scope = ifm->ifa_scope; 859 ifa->ifa_dev = in_dev; 860 861 ifa->ifa_local = nla_get_in_addr(tb[IFA_LOCAL]); 862 ifa->ifa_address = nla_get_in_addr(tb[IFA_ADDRESS]); 863 864 if (tb[IFA_BROADCAST]) 865 ifa->ifa_broadcast = nla_get_in_addr(tb[IFA_BROADCAST]); 866 867 if (tb[IFA_LABEL]) 868 nla_strlcpy(ifa->ifa_label, tb[IFA_LABEL], IFNAMSIZ); 869 else 870 memcpy(ifa->ifa_label, dev->name, IFNAMSIZ); 871 872 if (tb[IFA_RT_PRIORITY]) 873 ifa->ifa_rt_priority = nla_get_u32(tb[IFA_RT_PRIORITY]); 874 875 if (tb[IFA_CACHEINFO]) { 876 struct ifa_cacheinfo *ci; 877 878 ci = nla_data(tb[IFA_CACHEINFO]); 879 if (!ci->ifa_valid || ci->ifa_prefered > ci->ifa_valid) { 880 err = -EINVAL; 881 goto errout_free; 882 } 883 *pvalid_lft = ci->ifa_valid; 884 *pprefered_lft = ci->ifa_prefered; 885 } 886 887 return ifa; 888 889 errout_free: 890 inet_free_ifa(ifa); 891 errout: 892 return ERR_PTR(err); 893 } 894 895 static struct in_ifaddr *find_matching_ifa(struct in_ifaddr *ifa) 896 { 897 struct in_device *in_dev = ifa->ifa_dev; 898 struct in_ifaddr *ifa1; 899 900 if (!ifa->ifa_local) 901 return NULL; 902 903 in_dev_for_each_ifa_rtnl(ifa1, in_dev) { 904 if (ifa1->ifa_mask == ifa->ifa_mask && 905 inet_ifa_match(ifa1->ifa_address, ifa) && 906 ifa1->ifa_local == ifa->ifa_local) 907 return ifa1; 908 } 909 return NULL; 910 } 911 912 static int inet_rtm_newaddr(struct sk_buff *skb, struct nlmsghdr *nlh, 913 struct netlink_ext_ack *extack) 914 { 915 struct net *net = sock_net(skb->sk); 916 struct in_ifaddr *ifa; 917 struct in_ifaddr *ifa_existing; 918 __u32 valid_lft = INFINITY_LIFE_TIME; 919 __u32 prefered_lft = INFINITY_LIFE_TIME; 920 921 ASSERT_RTNL(); 922 923 ifa = rtm_to_ifaddr(net, nlh, &valid_lft, &prefered_lft, extack); 924 if (IS_ERR(ifa)) 925 return PTR_ERR(ifa); 926 927 ifa_existing = find_matching_ifa(ifa); 928 if (!ifa_existing) { 929 /* It would be best to check for !NLM_F_CREATE here but 930 * userspace already relies on not having to provide this. 931 */ 932 set_ifa_lifetime(ifa, valid_lft, prefered_lft); 933 if (ifa->ifa_flags & IFA_F_MCAUTOJOIN) { 934 int ret = ip_mc_config(net->ipv4.mc_autojoin_sk, 935 true, ifa); 936 937 if (ret < 0) { 938 inet_free_ifa(ifa); 939 return ret; 940 } 941 } 942 return __inet_insert_ifa(ifa, nlh, NETLINK_CB(skb).portid, 943 extack); 944 } else { 945 u32 new_metric = ifa->ifa_rt_priority; 946 947 inet_free_ifa(ifa); 948 949 if (nlh->nlmsg_flags & NLM_F_EXCL || 950 !(nlh->nlmsg_flags & NLM_F_REPLACE)) 951 return -EEXIST; 952 ifa = ifa_existing; 953 954 if (ifa->ifa_rt_priority != new_metric) { 955 fib_modify_prefix_metric(ifa, new_metric); 956 ifa->ifa_rt_priority = new_metric; 957 } 958 959 set_ifa_lifetime(ifa, valid_lft, prefered_lft); 960 cancel_delayed_work(&check_lifetime_work); 961 queue_delayed_work(system_power_efficient_wq, 962 &check_lifetime_work, 0); 963 rtmsg_ifa(RTM_NEWADDR, ifa, nlh, NETLINK_CB(skb).portid); 964 } 965 return 0; 966 } 967 968 /* 969 * Determine a default network mask, based on the IP address. 970 */ 971 972 static int inet_abc_len(__be32 addr) 973 { 974 int rc = -1; /* Something else, probably a multicast. */ 975 976 if (ipv4_is_zeronet(addr) || ipv4_is_lbcast(addr)) 977 rc = 0; 978 else { 979 __u32 haddr = ntohl(addr); 980 if (IN_CLASSA(haddr)) 981 rc = 8; 982 else if (IN_CLASSB(haddr)) 983 rc = 16; 984 else if (IN_CLASSC(haddr)) 985 rc = 24; 986 else if (IN_CLASSE(haddr)) 987 rc = 32; 988 } 989 990 return rc; 991 } 992 993 994 int devinet_ioctl(struct net *net, unsigned int cmd, struct ifreq *ifr) 995 { 996 struct sockaddr_in sin_orig; 997 struct sockaddr_in *sin = (struct sockaddr_in *)&ifr->ifr_addr; 998 struct in_ifaddr __rcu **ifap = NULL; 999 struct in_device *in_dev; 1000 struct in_ifaddr *ifa = NULL; 1001 struct net_device *dev; 1002 char *colon; 1003 int ret = -EFAULT; 1004 int tryaddrmatch = 0; 1005 1006 ifr->ifr_name[IFNAMSIZ - 1] = 0; 1007 1008 /* save original address for comparison */ 1009 memcpy(&sin_orig, sin, sizeof(*sin)); 1010 1011 colon = strchr(ifr->ifr_name, ':'); 1012 if (colon) 1013 *colon = 0; 1014 1015 dev_load(net, ifr->ifr_name); 1016 1017 switch (cmd) { 1018 case SIOCGIFADDR: /* Get interface address */ 1019 case SIOCGIFBRDADDR: /* Get the broadcast address */ 1020 case SIOCGIFDSTADDR: /* Get the destination address */ 1021 case SIOCGIFNETMASK: /* Get the netmask for the interface */ 1022 /* Note that these ioctls will not sleep, 1023 so that we do not impose a lock. 1024 One day we will be forced to put shlock here (I mean SMP) 1025 */ 1026 tryaddrmatch = (sin_orig.sin_family == AF_INET); 1027 memset(sin, 0, sizeof(*sin)); 1028 sin->sin_family = AF_INET; 1029 break; 1030 1031 case SIOCSIFFLAGS: 1032 ret = -EPERM; 1033 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) 1034 goto out; 1035 break; 1036 case SIOCSIFADDR: /* Set interface address (and family) */ 1037 case SIOCSIFBRDADDR: /* Set the broadcast address */ 1038 case SIOCSIFDSTADDR: /* Set the destination address */ 1039 case SIOCSIFNETMASK: /* Set the netmask for the interface */ 1040 ret = -EPERM; 1041 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) 1042 goto out; 1043 ret = -EINVAL; 1044 if (sin->sin_family != AF_INET) 1045 goto out; 1046 break; 1047 default: 1048 ret = -EINVAL; 1049 goto out; 1050 } 1051 1052 rtnl_lock(); 1053 1054 ret = -ENODEV; 1055 dev = __dev_get_by_name(net, ifr->ifr_name); 1056 if (!dev) 1057 goto done; 1058 1059 if (colon) 1060 *colon = ':'; 1061 1062 in_dev = __in_dev_get_rtnl(dev); 1063 if (in_dev) { 1064 if (tryaddrmatch) { 1065 /* Matthias Andree */ 1066 /* compare label and address (4.4BSD style) */ 1067 /* note: we only do this for a limited set of ioctls 1068 and only if the original address family was AF_INET. 1069 This is checked above. */ 1070 1071 for (ifap = &in_dev->ifa_list; 1072 (ifa = rtnl_dereference(*ifap)) != NULL; 1073 ifap = &ifa->ifa_next) { 1074 if (!strcmp(ifr->ifr_name, ifa->ifa_label) && 1075 sin_orig.sin_addr.s_addr == 1076 ifa->ifa_local) { 1077 break; /* found */ 1078 } 1079 } 1080 } 1081 /* we didn't get a match, maybe the application is 1082 4.3BSD-style and passed in junk so we fall back to 1083 comparing just the label */ 1084 if (!ifa) { 1085 for (ifap = &in_dev->ifa_list; 1086 (ifa = rtnl_dereference(*ifap)) != NULL; 1087 ifap = &ifa->ifa_next) 1088 if (!strcmp(ifr->ifr_name, ifa->ifa_label)) 1089 break; 1090 } 1091 } 1092 1093 ret = -EADDRNOTAVAIL; 1094 if (!ifa && cmd != SIOCSIFADDR && cmd != SIOCSIFFLAGS) 1095 goto done; 1096 1097 switch (cmd) { 1098 case SIOCGIFADDR: /* Get interface address */ 1099 ret = 0; 1100 sin->sin_addr.s_addr = ifa->ifa_local; 1101 break; 1102 1103 case SIOCGIFBRDADDR: /* Get the broadcast address */ 1104 ret = 0; 1105 sin->sin_addr.s_addr = ifa->ifa_broadcast; 1106 break; 1107 1108 case SIOCGIFDSTADDR: /* Get the destination address */ 1109 ret = 0; 1110 sin->sin_addr.s_addr = ifa->ifa_address; 1111 break; 1112 1113 case SIOCGIFNETMASK: /* Get the netmask for the interface */ 1114 ret = 0; 1115 sin->sin_addr.s_addr = ifa->ifa_mask; 1116 break; 1117 1118 case SIOCSIFFLAGS: 1119 if (colon) { 1120 ret = -EADDRNOTAVAIL; 1121 if (!ifa) 1122 break; 1123 ret = 0; 1124 if (!(ifr->ifr_flags & IFF_UP)) 1125 inet_del_ifa(in_dev, ifap, 1); 1126 break; 1127 } 1128 ret = dev_change_flags(dev, ifr->ifr_flags, NULL); 1129 break; 1130 1131 case SIOCSIFADDR: /* Set interface address (and family) */ 1132 ret = -EINVAL; 1133 if (inet_abc_len(sin->sin_addr.s_addr) < 0) 1134 break; 1135 1136 if (!ifa) { 1137 ret = -ENOBUFS; 1138 ifa = inet_alloc_ifa(); 1139 if (!ifa) 1140 break; 1141 INIT_HLIST_NODE(&ifa->hash); 1142 if (colon) 1143 memcpy(ifa->ifa_label, ifr->ifr_name, IFNAMSIZ); 1144 else 1145 memcpy(ifa->ifa_label, dev->name, IFNAMSIZ); 1146 } else { 1147 ret = 0; 1148 if (ifa->ifa_local == sin->sin_addr.s_addr) 1149 break; 1150 inet_del_ifa(in_dev, ifap, 0); 1151 ifa->ifa_broadcast = 0; 1152 ifa->ifa_scope = 0; 1153 } 1154 1155 ifa->ifa_address = ifa->ifa_local = sin->sin_addr.s_addr; 1156 1157 if (!(dev->flags & IFF_POINTOPOINT)) { 1158 ifa->ifa_prefixlen = inet_abc_len(ifa->ifa_address); 1159 ifa->ifa_mask = inet_make_mask(ifa->ifa_prefixlen); 1160 if ((dev->flags & IFF_BROADCAST) && 1161 ifa->ifa_prefixlen < 31) 1162 ifa->ifa_broadcast = ifa->ifa_address | 1163 ~ifa->ifa_mask; 1164 } else { 1165 ifa->ifa_prefixlen = 32; 1166 ifa->ifa_mask = inet_make_mask(32); 1167 } 1168 set_ifa_lifetime(ifa, INFINITY_LIFE_TIME, INFINITY_LIFE_TIME); 1169 ret = inet_set_ifa(dev, ifa); 1170 break; 1171 1172 case SIOCSIFBRDADDR: /* Set the broadcast address */ 1173 ret = 0; 1174 if (ifa->ifa_broadcast != sin->sin_addr.s_addr) { 1175 inet_del_ifa(in_dev, ifap, 0); 1176 ifa->ifa_broadcast = sin->sin_addr.s_addr; 1177 inet_insert_ifa(ifa); 1178 } 1179 break; 1180 1181 case SIOCSIFDSTADDR: /* Set the destination address */ 1182 ret = 0; 1183 if (ifa->ifa_address == sin->sin_addr.s_addr) 1184 break; 1185 ret = -EINVAL; 1186 if (inet_abc_len(sin->sin_addr.s_addr) < 0) 1187 break; 1188 ret = 0; 1189 inet_del_ifa(in_dev, ifap, 0); 1190 ifa->ifa_address = sin->sin_addr.s_addr; 1191 inet_insert_ifa(ifa); 1192 break; 1193 1194 case SIOCSIFNETMASK: /* Set the netmask for the interface */ 1195 1196 /* 1197 * The mask we set must be legal. 1198 */ 1199 ret = -EINVAL; 1200 if (bad_mask(sin->sin_addr.s_addr, 0)) 1201 break; 1202 ret = 0; 1203 if (ifa->ifa_mask != sin->sin_addr.s_addr) { 1204 __be32 old_mask = ifa->ifa_mask; 1205 inet_del_ifa(in_dev, ifap, 0); 1206 ifa->ifa_mask = sin->sin_addr.s_addr; 1207 ifa->ifa_prefixlen = inet_mask_len(ifa->ifa_mask); 1208 1209 /* See if current broadcast address matches 1210 * with current netmask, then recalculate 1211 * the broadcast address. Otherwise it's a 1212 * funny address, so don't touch it since 1213 * the user seems to know what (s)he's doing... 1214 */ 1215 if ((dev->flags & IFF_BROADCAST) && 1216 (ifa->ifa_prefixlen < 31) && 1217 (ifa->ifa_broadcast == 1218 (ifa->ifa_local|~old_mask))) { 1219 ifa->ifa_broadcast = (ifa->ifa_local | 1220 ~sin->sin_addr.s_addr); 1221 } 1222 inet_insert_ifa(ifa); 1223 } 1224 break; 1225 } 1226 done: 1227 rtnl_unlock(); 1228 out: 1229 return ret; 1230 } 1231 1232 static int inet_gifconf(struct net_device *dev, char __user *buf, int len, int size) 1233 { 1234 struct in_device *in_dev = __in_dev_get_rtnl(dev); 1235 const struct in_ifaddr *ifa; 1236 struct ifreq ifr; 1237 int done = 0; 1238 1239 if (WARN_ON(size > sizeof(struct ifreq))) 1240 goto out; 1241 1242 if (!in_dev) 1243 goto out; 1244 1245 in_dev_for_each_ifa_rtnl(ifa, in_dev) { 1246 if (!buf) { 1247 done += size; 1248 continue; 1249 } 1250 if (len < size) 1251 break; 1252 memset(&ifr, 0, sizeof(struct ifreq)); 1253 strcpy(ifr.ifr_name, ifa->ifa_label); 1254 1255 (*(struct sockaddr_in *)&ifr.ifr_addr).sin_family = AF_INET; 1256 (*(struct sockaddr_in *)&ifr.ifr_addr).sin_addr.s_addr = 1257 ifa->ifa_local; 1258 1259 if (copy_to_user(buf + done, &ifr, size)) { 1260 done = -EFAULT; 1261 break; 1262 } 1263 len -= size; 1264 done += size; 1265 } 1266 out: 1267 return done; 1268 } 1269 1270 static __be32 in_dev_select_addr(const struct in_device *in_dev, 1271 int scope) 1272 { 1273 const struct in_ifaddr *ifa; 1274 1275 in_dev_for_each_ifa_rcu(ifa, in_dev) { 1276 if (ifa->ifa_flags & IFA_F_SECONDARY) 1277 continue; 1278 if (ifa->ifa_scope != RT_SCOPE_LINK && 1279 ifa->ifa_scope <= scope) 1280 return ifa->ifa_local; 1281 } 1282 1283 return 0; 1284 } 1285 1286 __be32 inet_select_addr(const struct net_device *dev, __be32 dst, int scope) 1287 { 1288 const struct in_ifaddr *ifa; 1289 __be32 addr = 0; 1290 struct in_device *in_dev; 1291 struct net *net = dev_net(dev); 1292 int master_idx; 1293 1294 rcu_read_lock(); 1295 in_dev = __in_dev_get_rcu(dev); 1296 if (!in_dev) 1297 goto no_in_dev; 1298 1299 in_dev_for_each_ifa_rcu(ifa, in_dev) { 1300 if (ifa->ifa_flags & IFA_F_SECONDARY) 1301 continue; 1302 if (ifa->ifa_scope > scope) 1303 continue; 1304 if (!dst || inet_ifa_match(dst, ifa)) { 1305 addr = ifa->ifa_local; 1306 break; 1307 } 1308 if (!addr) 1309 addr = ifa->ifa_local; 1310 } 1311 1312 if (addr) 1313 goto out_unlock; 1314 no_in_dev: 1315 master_idx = l3mdev_master_ifindex_rcu(dev); 1316 1317 /* For VRFs, the VRF device takes the place of the loopback device, 1318 * with addresses on it being preferred. Note in such cases the 1319 * loopback device will be among the devices that fail the master_idx 1320 * equality check in the loop below. 1321 */ 1322 if (master_idx && 1323 (dev = dev_get_by_index_rcu(net, master_idx)) && 1324 (in_dev = __in_dev_get_rcu(dev))) { 1325 addr = in_dev_select_addr(in_dev, scope); 1326 if (addr) 1327 goto out_unlock; 1328 } 1329 1330 /* Not loopback addresses on loopback should be preferred 1331 in this case. It is important that lo is the first interface 1332 in dev_base list. 1333 */ 1334 for_each_netdev_rcu(net, dev) { 1335 if (l3mdev_master_ifindex_rcu(dev) != master_idx) 1336 continue; 1337 1338 in_dev = __in_dev_get_rcu(dev); 1339 if (!in_dev) 1340 continue; 1341 1342 addr = in_dev_select_addr(in_dev, scope); 1343 if (addr) 1344 goto out_unlock; 1345 } 1346 out_unlock: 1347 rcu_read_unlock(); 1348 return addr; 1349 } 1350 EXPORT_SYMBOL(inet_select_addr); 1351 1352 static __be32 confirm_addr_indev(struct in_device *in_dev, __be32 dst, 1353 __be32 local, int scope) 1354 { 1355 const struct in_ifaddr *ifa; 1356 __be32 addr = 0; 1357 int same = 0; 1358 1359 in_dev_for_each_ifa_rcu(ifa, in_dev) { 1360 if (!addr && 1361 (local == ifa->ifa_local || !local) && 1362 ifa->ifa_scope <= scope) { 1363 addr = ifa->ifa_local; 1364 if (same) 1365 break; 1366 } 1367 if (!same) { 1368 same = (!local || inet_ifa_match(local, ifa)) && 1369 (!dst || inet_ifa_match(dst, ifa)); 1370 if (same && addr) { 1371 if (local || !dst) 1372 break; 1373 /* Is the selected addr into dst subnet? */ 1374 if (inet_ifa_match(addr, ifa)) 1375 break; 1376 /* No, then can we use new local src? */ 1377 if (ifa->ifa_scope <= scope) { 1378 addr = ifa->ifa_local; 1379 break; 1380 } 1381 /* search for large dst subnet for addr */ 1382 same = 0; 1383 } 1384 } 1385 } 1386 1387 return same ? addr : 0; 1388 } 1389 1390 /* 1391 * Confirm that local IP address exists using wildcards: 1392 * - net: netns to check, cannot be NULL 1393 * - in_dev: only on this interface, NULL=any interface 1394 * - dst: only in the same subnet as dst, 0=any dst 1395 * - local: address, 0=autoselect the local address 1396 * - scope: maximum allowed scope value for the local address 1397 */ 1398 __be32 inet_confirm_addr(struct net *net, struct in_device *in_dev, 1399 __be32 dst, __be32 local, int scope) 1400 { 1401 __be32 addr = 0; 1402 struct net_device *dev; 1403 1404 if (in_dev) 1405 return confirm_addr_indev(in_dev, dst, local, scope); 1406 1407 rcu_read_lock(); 1408 for_each_netdev_rcu(net, dev) { 1409 in_dev = __in_dev_get_rcu(dev); 1410 if (in_dev) { 1411 addr = confirm_addr_indev(in_dev, dst, local, scope); 1412 if (addr) 1413 break; 1414 } 1415 } 1416 rcu_read_unlock(); 1417 1418 return addr; 1419 } 1420 EXPORT_SYMBOL(inet_confirm_addr); 1421 1422 /* 1423 * Device notifier 1424 */ 1425 1426 int register_inetaddr_notifier(struct notifier_block *nb) 1427 { 1428 return blocking_notifier_chain_register(&inetaddr_chain, nb); 1429 } 1430 EXPORT_SYMBOL(register_inetaddr_notifier); 1431 1432 int unregister_inetaddr_notifier(struct notifier_block *nb) 1433 { 1434 return blocking_notifier_chain_unregister(&inetaddr_chain, nb); 1435 } 1436 EXPORT_SYMBOL(unregister_inetaddr_notifier); 1437 1438 int register_inetaddr_validator_notifier(struct notifier_block *nb) 1439 { 1440 return blocking_notifier_chain_register(&inetaddr_validator_chain, nb); 1441 } 1442 EXPORT_SYMBOL(register_inetaddr_validator_notifier); 1443 1444 int unregister_inetaddr_validator_notifier(struct notifier_block *nb) 1445 { 1446 return blocking_notifier_chain_unregister(&inetaddr_validator_chain, 1447 nb); 1448 } 1449 EXPORT_SYMBOL(unregister_inetaddr_validator_notifier); 1450 1451 /* Rename ifa_labels for a device name change. Make some effort to preserve 1452 * existing alias numbering and to create unique labels if possible. 1453 */ 1454 static void inetdev_changename(struct net_device *dev, struct in_device *in_dev) 1455 { 1456 struct in_ifaddr *ifa; 1457 int named = 0; 1458 1459 in_dev_for_each_ifa_rtnl(ifa, in_dev) { 1460 char old[IFNAMSIZ], *dot; 1461 1462 memcpy(old, ifa->ifa_label, IFNAMSIZ); 1463 memcpy(ifa->ifa_label, dev->name, IFNAMSIZ); 1464 if (named++ == 0) 1465 goto skip; 1466 dot = strchr(old, ':'); 1467 if (!dot) { 1468 sprintf(old, ":%d", named); 1469 dot = old; 1470 } 1471 if (strlen(dot) + strlen(dev->name) < IFNAMSIZ) 1472 strcat(ifa->ifa_label, dot); 1473 else 1474 strcpy(ifa->ifa_label + (IFNAMSIZ - strlen(dot) - 1), dot); 1475 skip: 1476 rtmsg_ifa(RTM_NEWADDR, ifa, NULL, 0); 1477 } 1478 } 1479 1480 static bool inetdev_valid_mtu(unsigned int mtu) 1481 { 1482 return mtu >= IPV4_MIN_MTU; 1483 } 1484 1485 static void inetdev_send_gratuitous_arp(struct net_device *dev, 1486 struct in_device *in_dev) 1487 1488 { 1489 const struct in_ifaddr *ifa; 1490 1491 in_dev_for_each_ifa_rtnl(ifa, in_dev) { 1492 arp_send(ARPOP_REQUEST, ETH_P_ARP, 1493 ifa->ifa_local, dev, 1494 ifa->ifa_local, NULL, 1495 dev->dev_addr, NULL); 1496 } 1497 } 1498 1499 /* Called only under RTNL semaphore */ 1500 1501 static int inetdev_event(struct notifier_block *this, unsigned long event, 1502 void *ptr) 1503 { 1504 struct net_device *dev = netdev_notifier_info_to_dev(ptr); 1505 struct in_device *in_dev = __in_dev_get_rtnl(dev); 1506 1507 ASSERT_RTNL(); 1508 1509 if (!in_dev) { 1510 if (event == NETDEV_REGISTER) { 1511 in_dev = inetdev_init(dev); 1512 if (IS_ERR(in_dev)) 1513 return notifier_from_errno(PTR_ERR(in_dev)); 1514 if (dev->flags & IFF_LOOPBACK) { 1515 IN_DEV_CONF_SET(in_dev, NOXFRM, 1); 1516 IN_DEV_CONF_SET(in_dev, NOPOLICY, 1); 1517 } 1518 } else if (event == NETDEV_CHANGEMTU) { 1519 /* Re-enabling IP */ 1520 if (inetdev_valid_mtu(dev->mtu)) 1521 in_dev = inetdev_init(dev); 1522 } 1523 goto out; 1524 } 1525 1526 switch (event) { 1527 case NETDEV_REGISTER: 1528 pr_debug("%s: bug\n", __func__); 1529 RCU_INIT_POINTER(dev->ip_ptr, NULL); 1530 break; 1531 case NETDEV_UP: 1532 if (!inetdev_valid_mtu(dev->mtu)) 1533 break; 1534 if (dev->flags & IFF_LOOPBACK) { 1535 struct in_ifaddr *ifa = inet_alloc_ifa(); 1536 1537 if (ifa) { 1538 INIT_HLIST_NODE(&ifa->hash); 1539 ifa->ifa_local = 1540 ifa->ifa_address = htonl(INADDR_LOOPBACK); 1541 ifa->ifa_prefixlen = 8; 1542 ifa->ifa_mask = inet_make_mask(8); 1543 in_dev_hold(in_dev); 1544 ifa->ifa_dev = in_dev; 1545 ifa->ifa_scope = RT_SCOPE_HOST; 1546 memcpy(ifa->ifa_label, dev->name, IFNAMSIZ); 1547 set_ifa_lifetime(ifa, INFINITY_LIFE_TIME, 1548 INFINITY_LIFE_TIME); 1549 ipv4_devconf_setall(in_dev); 1550 neigh_parms_data_state_setall(in_dev->arp_parms); 1551 inet_insert_ifa(ifa); 1552 } 1553 } 1554 ip_mc_up(in_dev); 1555 /* fall through */ 1556 case NETDEV_CHANGEADDR: 1557 if (!IN_DEV_ARP_NOTIFY(in_dev)) 1558 break; 1559 /* fall through */ 1560 case NETDEV_NOTIFY_PEERS: 1561 /* Send gratuitous ARP to notify of link change */ 1562 inetdev_send_gratuitous_arp(dev, in_dev); 1563 break; 1564 case NETDEV_DOWN: 1565 ip_mc_down(in_dev); 1566 break; 1567 case NETDEV_PRE_TYPE_CHANGE: 1568 ip_mc_unmap(in_dev); 1569 break; 1570 case NETDEV_POST_TYPE_CHANGE: 1571 ip_mc_remap(in_dev); 1572 break; 1573 case NETDEV_CHANGEMTU: 1574 if (inetdev_valid_mtu(dev->mtu)) 1575 break; 1576 /* disable IP when MTU is not enough */ 1577 /* fall through */ 1578 case NETDEV_UNREGISTER: 1579 inetdev_destroy(in_dev); 1580 break; 1581 case NETDEV_CHANGENAME: 1582 /* Do not notify about label change, this event is 1583 * not interesting to applications using netlink. 1584 */ 1585 inetdev_changename(dev, in_dev); 1586 1587 devinet_sysctl_unregister(in_dev); 1588 devinet_sysctl_register(in_dev); 1589 break; 1590 } 1591 out: 1592 return NOTIFY_DONE; 1593 } 1594 1595 static struct notifier_block ip_netdev_notifier = { 1596 .notifier_call = inetdev_event, 1597 }; 1598 1599 static size_t inet_nlmsg_size(void) 1600 { 1601 return NLMSG_ALIGN(sizeof(struct ifaddrmsg)) 1602 + nla_total_size(4) /* IFA_ADDRESS */ 1603 + nla_total_size(4) /* IFA_LOCAL */ 1604 + nla_total_size(4) /* IFA_BROADCAST */ 1605 + nla_total_size(IFNAMSIZ) /* IFA_LABEL */ 1606 + nla_total_size(4) /* IFA_FLAGS */ 1607 + nla_total_size(4) /* IFA_RT_PRIORITY */ 1608 + nla_total_size(sizeof(struct ifa_cacheinfo)); /* IFA_CACHEINFO */ 1609 } 1610 1611 static inline u32 cstamp_delta(unsigned long cstamp) 1612 { 1613 return (cstamp - INITIAL_JIFFIES) * 100UL / HZ; 1614 } 1615 1616 static int put_cacheinfo(struct sk_buff *skb, unsigned long cstamp, 1617 unsigned long tstamp, u32 preferred, u32 valid) 1618 { 1619 struct ifa_cacheinfo ci; 1620 1621 ci.cstamp = cstamp_delta(cstamp); 1622 ci.tstamp = cstamp_delta(tstamp); 1623 ci.ifa_prefered = preferred; 1624 ci.ifa_valid = valid; 1625 1626 return nla_put(skb, IFA_CACHEINFO, sizeof(ci), &ci); 1627 } 1628 1629 static int inet_fill_ifaddr(struct sk_buff *skb, struct in_ifaddr *ifa, 1630 struct inet_fill_args *args) 1631 { 1632 struct ifaddrmsg *ifm; 1633 struct nlmsghdr *nlh; 1634 u32 preferred, valid; 1635 1636 nlh = nlmsg_put(skb, args->portid, args->seq, args->event, sizeof(*ifm), 1637 args->flags); 1638 if (!nlh) 1639 return -EMSGSIZE; 1640 1641 ifm = nlmsg_data(nlh); 1642 ifm->ifa_family = AF_INET; 1643 ifm->ifa_prefixlen = ifa->ifa_prefixlen; 1644 ifm->ifa_flags = ifa->ifa_flags; 1645 ifm->ifa_scope = ifa->ifa_scope; 1646 ifm->ifa_index = ifa->ifa_dev->dev->ifindex; 1647 1648 if (args->netnsid >= 0 && 1649 nla_put_s32(skb, IFA_TARGET_NETNSID, args->netnsid)) 1650 goto nla_put_failure; 1651 1652 if (!(ifm->ifa_flags & IFA_F_PERMANENT)) { 1653 preferred = ifa->ifa_preferred_lft; 1654 valid = ifa->ifa_valid_lft; 1655 if (preferred != INFINITY_LIFE_TIME) { 1656 long tval = (jiffies - ifa->ifa_tstamp) / HZ; 1657 1658 if (preferred > tval) 1659 preferred -= tval; 1660 else 1661 preferred = 0; 1662 if (valid != INFINITY_LIFE_TIME) { 1663 if (valid > tval) 1664 valid -= tval; 1665 else 1666 valid = 0; 1667 } 1668 } 1669 } else { 1670 preferred = INFINITY_LIFE_TIME; 1671 valid = INFINITY_LIFE_TIME; 1672 } 1673 if ((ifa->ifa_address && 1674 nla_put_in_addr(skb, IFA_ADDRESS, ifa->ifa_address)) || 1675 (ifa->ifa_local && 1676 nla_put_in_addr(skb, IFA_LOCAL, ifa->ifa_local)) || 1677 (ifa->ifa_broadcast && 1678 nla_put_in_addr(skb, IFA_BROADCAST, ifa->ifa_broadcast)) || 1679 (ifa->ifa_label[0] && 1680 nla_put_string(skb, IFA_LABEL, ifa->ifa_label)) || 1681 nla_put_u32(skb, IFA_FLAGS, ifa->ifa_flags) || 1682 (ifa->ifa_rt_priority && 1683 nla_put_u32(skb, IFA_RT_PRIORITY, ifa->ifa_rt_priority)) || 1684 put_cacheinfo(skb, ifa->ifa_cstamp, ifa->ifa_tstamp, 1685 preferred, valid)) 1686 goto nla_put_failure; 1687 1688 nlmsg_end(skb, nlh); 1689 return 0; 1690 1691 nla_put_failure: 1692 nlmsg_cancel(skb, nlh); 1693 return -EMSGSIZE; 1694 } 1695 1696 static int inet_valid_dump_ifaddr_req(const struct nlmsghdr *nlh, 1697 struct inet_fill_args *fillargs, 1698 struct net **tgt_net, struct sock *sk, 1699 struct netlink_callback *cb) 1700 { 1701 struct netlink_ext_ack *extack = cb->extack; 1702 struct nlattr *tb[IFA_MAX+1]; 1703 struct ifaddrmsg *ifm; 1704 int err, i; 1705 1706 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ifm))) { 1707 NL_SET_ERR_MSG(extack, "ipv4: Invalid header for address dump request"); 1708 return -EINVAL; 1709 } 1710 1711 ifm = nlmsg_data(nlh); 1712 if (ifm->ifa_prefixlen || ifm->ifa_flags || ifm->ifa_scope) { 1713 NL_SET_ERR_MSG(extack, "ipv4: Invalid values in header for address dump request"); 1714 return -EINVAL; 1715 } 1716 1717 fillargs->ifindex = ifm->ifa_index; 1718 if (fillargs->ifindex) { 1719 cb->answer_flags |= NLM_F_DUMP_FILTERED; 1720 fillargs->flags |= NLM_F_DUMP_FILTERED; 1721 } 1722 1723 err = nlmsg_parse_deprecated_strict(nlh, sizeof(*ifm), tb, IFA_MAX, 1724 ifa_ipv4_policy, extack); 1725 if (err < 0) 1726 return err; 1727 1728 for (i = 0; i <= IFA_MAX; ++i) { 1729 if (!tb[i]) 1730 continue; 1731 1732 if (i == IFA_TARGET_NETNSID) { 1733 struct net *net; 1734 1735 fillargs->netnsid = nla_get_s32(tb[i]); 1736 1737 net = rtnl_get_net_ns_capable(sk, fillargs->netnsid); 1738 if (IS_ERR(net)) { 1739 fillargs->netnsid = -1; 1740 NL_SET_ERR_MSG(extack, "ipv4: Invalid target network namespace id"); 1741 return PTR_ERR(net); 1742 } 1743 *tgt_net = net; 1744 } else { 1745 NL_SET_ERR_MSG(extack, "ipv4: Unsupported attribute in dump request"); 1746 return -EINVAL; 1747 } 1748 } 1749 1750 return 0; 1751 } 1752 1753 static int in_dev_dump_addr(struct in_device *in_dev, struct sk_buff *skb, 1754 struct netlink_callback *cb, int s_ip_idx, 1755 struct inet_fill_args *fillargs) 1756 { 1757 struct in_ifaddr *ifa; 1758 int ip_idx = 0; 1759 int err; 1760 1761 in_dev_for_each_ifa_rtnl(ifa, in_dev) { 1762 if (ip_idx < s_ip_idx) { 1763 ip_idx++; 1764 continue; 1765 } 1766 err = inet_fill_ifaddr(skb, ifa, fillargs); 1767 if (err < 0) 1768 goto done; 1769 1770 nl_dump_check_consistent(cb, nlmsg_hdr(skb)); 1771 ip_idx++; 1772 } 1773 err = 0; 1774 1775 done: 1776 cb->args[2] = ip_idx; 1777 1778 return err; 1779 } 1780 1781 static int inet_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb) 1782 { 1783 const struct nlmsghdr *nlh = cb->nlh; 1784 struct inet_fill_args fillargs = { 1785 .portid = NETLINK_CB(cb->skb).portid, 1786 .seq = nlh->nlmsg_seq, 1787 .event = RTM_NEWADDR, 1788 .flags = NLM_F_MULTI, 1789 .netnsid = -1, 1790 }; 1791 struct net *net = sock_net(skb->sk); 1792 struct net *tgt_net = net; 1793 int h, s_h; 1794 int idx, s_idx; 1795 int s_ip_idx; 1796 struct net_device *dev; 1797 struct in_device *in_dev; 1798 struct hlist_head *head; 1799 int err = 0; 1800 1801 s_h = cb->args[0]; 1802 s_idx = idx = cb->args[1]; 1803 s_ip_idx = cb->args[2]; 1804 1805 if (cb->strict_check) { 1806 err = inet_valid_dump_ifaddr_req(nlh, &fillargs, &tgt_net, 1807 skb->sk, cb); 1808 if (err < 0) 1809 goto put_tgt_net; 1810 1811 err = 0; 1812 if (fillargs.ifindex) { 1813 dev = __dev_get_by_index(tgt_net, fillargs.ifindex); 1814 if (!dev) { 1815 err = -ENODEV; 1816 goto put_tgt_net; 1817 } 1818 1819 in_dev = __in_dev_get_rtnl(dev); 1820 if (in_dev) { 1821 err = in_dev_dump_addr(in_dev, skb, cb, s_ip_idx, 1822 &fillargs); 1823 } 1824 goto put_tgt_net; 1825 } 1826 } 1827 1828 for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) { 1829 idx = 0; 1830 head = &tgt_net->dev_index_head[h]; 1831 rcu_read_lock(); 1832 cb->seq = atomic_read(&tgt_net->ipv4.dev_addr_genid) ^ 1833 tgt_net->dev_base_seq; 1834 hlist_for_each_entry_rcu(dev, head, index_hlist) { 1835 if (idx < s_idx) 1836 goto cont; 1837 if (h > s_h || idx > s_idx) 1838 s_ip_idx = 0; 1839 in_dev = __in_dev_get_rcu(dev); 1840 if (!in_dev) 1841 goto cont; 1842 1843 err = in_dev_dump_addr(in_dev, skb, cb, s_ip_idx, 1844 &fillargs); 1845 if (err < 0) { 1846 rcu_read_unlock(); 1847 goto done; 1848 } 1849 cont: 1850 idx++; 1851 } 1852 rcu_read_unlock(); 1853 } 1854 1855 done: 1856 cb->args[0] = h; 1857 cb->args[1] = idx; 1858 put_tgt_net: 1859 if (fillargs.netnsid >= 0) 1860 put_net(tgt_net); 1861 1862 return skb->len ? : err; 1863 } 1864 1865 static void rtmsg_ifa(int event, struct in_ifaddr *ifa, struct nlmsghdr *nlh, 1866 u32 portid) 1867 { 1868 struct inet_fill_args fillargs = { 1869 .portid = portid, 1870 .seq = nlh ? nlh->nlmsg_seq : 0, 1871 .event = event, 1872 .flags = 0, 1873 .netnsid = -1, 1874 }; 1875 struct sk_buff *skb; 1876 int err = -ENOBUFS; 1877 struct net *net; 1878 1879 net = dev_net(ifa->ifa_dev->dev); 1880 skb = nlmsg_new(inet_nlmsg_size(), GFP_KERNEL); 1881 if (!skb) 1882 goto errout; 1883 1884 err = inet_fill_ifaddr(skb, ifa, &fillargs); 1885 if (err < 0) { 1886 /* -EMSGSIZE implies BUG in inet_nlmsg_size() */ 1887 WARN_ON(err == -EMSGSIZE); 1888 kfree_skb(skb); 1889 goto errout; 1890 } 1891 rtnl_notify(skb, net, portid, RTNLGRP_IPV4_IFADDR, nlh, GFP_KERNEL); 1892 return; 1893 errout: 1894 if (err < 0) 1895 rtnl_set_sk_err(net, RTNLGRP_IPV4_IFADDR, err); 1896 } 1897 1898 static size_t inet_get_link_af_size(const struct net_device *dev, 1899 u32 ext_filter_mask) 1900 { 1901 struct in_device *in_dev = rcu_dereference_rtnl(dev->ip_ptr); 1902 1903 if (!in_dev) 1904 return 0; 1905 1906 return nla_total_size(IPV4_DEVCONF_MAX * 4); /* IFLA_INET_CONF */ 1907 } 1908 1909 static int inet_fill_link_af(struct sk_buff *skb, const struct net_device *dev, 1910 u32 ext_filter_mask) 1911 { 1912 struct in_device *in_dev = rcu_dereference_rtnl(dev->ip_ptr); 1913 struct nlattr *nla; 1914 int i; 1915 1916 if (!in_dev) 1917 return -ENODATA; 1918 1919 nla = nla_reserve(skb, IFLA_INET_CONF, IPV4_DEVCONF_MAX * 4); 1920 if (!nla) 1921 return -EMSGSIZE; 1922 1923 for (i = 0; i < IPV4_DEVCONF_MAX; i++) 1924 ((u32 *) nla_data(nla))[i] = in_dev->cnf.data[i]; 1925 1926 return 0; 1927 } 1928 1929 static const struct nla_policy inet_af_policy[IFLA_INET_MAX+1] = { 1930 [IFLA_INET_CONF] = { .type = NLA_NESTED }, 1931 }; 1932 1933 static int inet_validate_link_af(const struct net_device *dev, 1934 const struct nlattr *nla) 1935 { 1936 struct nlattr *a, *tb[IFLA_INET_MAX+1]; 1937 int err, rem; 1938 1939 if (dev && !__in_dev_get_rcu(dev)) 1940 return -EAFNOSUPPORT; 1941 1942 err = nla_parse_nested_deprecated(tb, IFLA_INET_MAX, nla, 1943 inet_af_policy, NULL); 1944 if (err < 0) 1945 return err; 1946 1947 if (tb[IFLA_INET_CONF]) { 1948 nla_for_each_nested(a, tb[IFLA_INET_CONF], rem) { 1949 int cfgid = nla_type(a); 1950 1951 if (nla_len(a) < 4) 1952 return -EINVAL; 1953 1954 if (cfgid <= 0 || cfgid > IPV4_DEVCONF_MAX) 1955 return -EINVAL; 1956 } 1957 } 1958 1959 return 0; 1960 } 1961 1962 static int inet_set_link_af(struct net_device *dev, const struct nlattr *nla) 1963 { 1964 struct in_device *in_dev = __in_dev_get_rcu(dev); 1965 struct nlattr *a, *tb[IFLA_INET_MAX+1]; 1966 int rem; 1967 1968 if (!in_dev) 1969 return -EAFNOSUPPORT; 1970 1971 if (nla_parse_nested_deprecated(tb, IFLA_INET_MAX, nla, NULL, NULL) < 0) 1972 BUG(); 1973 1974 if (tb[IFLA_INET_CONF]) { 1975 nla_for_each_nested(a, tb[IFLA_INET_CONF], rem) 1976 ipv4_devconf_set(in_dev, nla_type(a), nla_get_u32(a)); 1977 } 1978 1979 return 0; 1980 } 1981 1982 static int inet_netconf_msgsize_devconf(int type) 1983 { 1984 int size = NLMSG_ALIGN(sizeof(struct netconfmsg)) 1985 + nla_total_size(4); /* NETCONFA_IFINDEX */ 1986 bool all = false; 1987 1988 if (type == NETCONFA_ALL) 1989 all = true; 1990 1991 if (all || type == NETCONFA_FORWARDING) 1992 size += nla_total_size(4); 1993 if (all || type == NETCONFA_RP_FILTER) 1994 size += nla_total_size(4); 1995 if (all || type == NETCONFA_MC_FORWARDING) 1996 size += nla_total_size(4); 1997 if (all || type == NETCONFA_BC_FORWARDING) 1998 size += nla_total_size(4); 1999 if (all || type == NETCONFA_PROXY_NEIGH) 2000 size += nla_total_size(4); 2001 if (all || type == NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN) 2002 size += nla_total_size(4); 2003 2004 return size; 2005 } 2006 2007 static int inet_netconf_fill_devconf(struct sk_buff *skb, int ifindex, 2008 struct ipv4_devconf *devconf, u32 portid, 2009 u32 seq, int event, unsigned int flags, 2010 int type) 2011 { 2012 struct nlmsghdr *nlh; 2013 struct netconfmsg *ncm; 2014 bool all = false; 2015 2016 nlh = nlmsg_put(skb, portid, seq, event, sizeof(struct netconfmsg), 2017 flags); 2018 if (!nlh) 2019 return -EMSGSIZE; 2020 2021 if (type == NETCONFA_ALL) 2022 all = true; 2023 2024 ncm = nlmsg_data(nlh); 2025 ncm->ncm_family = AF_INET; 2026 2027 if (nla_put_s32(skb, NETCONFA_IFINDEX, ifindex) < 0) 2028 goto nla_put_failure; 2029 2030 if (!devconf) 2031 goto out; 2032 2033 if ((all || type == NETCONFA_FORWARDING) && 2034 nla_put_s32(skb, NETCONFA_FORWARDING, 2035 IPV4_DEVCONF(*devconf, FORWARDING)) < 0) 2036 goto nla_put_failure; 2037 if ((all || type == NETCONFA_RP_FILTER) && 2038 nla_put_s32(skb, NETCONFA_RP_FILTER, 2039 IPV4_DEVCONF(*devconf, RP_FILTER)) < 0) 2040 goto nla_put_failure; 2041 if ((all || type == NETCONFA_MC_FORWARDING) && 2042 nla_put_s32(skb, NETCONFA_MC_FORWARDING, 2043 IPV4_DEVCONF(*devconf, MC_FORWARDING)) < 0) 2044 goto nla_put_failure; 2045 if ((all || type == NETCONFA_BC_FORWARDING) && 2046 nla_put_s32(skb, NETCONFA_BC_FORWARDING, 2047 IPV4_DEVCONF(*devconf, BC_FORWARDING)) < 0) 2048 goto nla_put_failure; 2049 if ((all || type == NETCONFA_PROXY_NEIGH) && 2050 nla_put_s32(skb, NETCONFA_PROXY_NEIGH, 2051 IPV4_DEVCONF(*devconf, PROXY_ARP)) < 0) 2052 goto nla_put_failure; 2053 if ((all || type == NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN) && 2054 nla_put_s32(skb, NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN, 2055 IPV4_DEVCONF(*devconf, IGNORE_ROUTES_WITH_LINKDOWN)) < 0) 2056 goto nla_put_failure; 2057 2058 out: 2059 nlmsg_end(skb, nlh); 2060 return 0; 2061 2062 nla_put_failure: 2063 nlmsg_cancel(skb, nlh); 2064 return -EMSGSIZE; 2065 } 2066 2067 void inet_netconf_notify_devconf(struct net *net, int event, int type, 2068 int ifindex, struct ipv4_devconf *devconf) 2069 { 2070 struct sk_buff *skb; 2071 int err = -ENOBUFS; 2072 2073 skb = nlmsg_new(inet_netconf_msgsize_devconf(type), GFP_KERNEL); 2074 if (!skb) 2075 goto errout; 2076 2077 err = inet_netconf_fill_devconf(skb, ifindex, devconf, 0, 0, 2078 event, 0, type); 2079 if (err < 0) { 2080 /* -EMSGSIZE implies BUG in inet_netconf_msgsize_devconf() */ 2081 WARN_ON(err == -EMSGSIZE); 2082 kfree_skb(skb); 2083 goto errout; 2084 } 2085 rtnl_notify(skb, net, 0, RTNLGRP_IPV4_NETCONF, NULL, GFP_KERNEL); 2086 return; 2087 errout: 2088 if (err < 0) 2089 rtnl_set_sk_err(net, RTNLGRP_IPV4_NETCONF, err); 2090 } 2091 2092 static const struct nla_policy devconf_ipv4_policy[NETCONFA_MAX+1] = { 2093 [NETCONFA_IFINDEX] = { .len = sizeof(int) }, 2094 [NETCONFA_FORWARDING] = { .len = sizeof(int) }, 2095 [NETCONFA_RP_FILTER] = { .len = sizeof(int) }, 2096 [NETCONFA_PROXY_NEIGH] = { .len = sizeof(int) }, 2097 [NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN] = { .len = sizeof(int) }, 2098 }; 2099 2100 static int inet_netconf_valid_get_req(struct sk_buff *skb, 2101 const struct nlmsghdr *nlh, 2102 struct nlattr **tb, 2103 struct netlink_ext_ack *extack) 2104 { 2105 int i, err; 2106 2107 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(struct netconfmsg))) { 2108 NL_SET_ERR_MSG(extack, "ipv4: Invalid header for netconf get request"); 2109 return -EINVAL; 2110 } 2111 2112 if (!netlink_strict_get_check(skb)) 2113 return nlmsg_parse_deprecated(nlh, sizeof(struct netconfmsg), 2114 tb, NETCONFA_MAX, 2115 devconf_ipv4_policy, extack); 2116 2117 err = nlmsg_parse_deprecated_strict(nlh, sizeof(struct netconfmsg), 2118 tb, NETCONFA_MAX, 2119 devconf_ipv4_policy, extack); 2120 if (err) 2121 return err; 2122 2123 for (i = 0; i <= NETCONFA_MAX; i++) { 2124 if (!tb[i]) 2125 continue; 2126 2127 switch (i) { 2128 case NETCONFA_IFINDEX: 2129 break; 2130 default: 2131 NL_SET_ERR_MSG(extack, "ipv4: Unsupported attribute in netconf get request"); 2132 return -EINVAL; 2133 } 2134 } 2135 2136 return 0; 2137 } 2138 2139 static int inet_netconf_get_devconf(struct sk_buff *in_skb, 2140 struct nlmsghdr *nlh, 2141 struct netlink_ext_ack *extack) 2142 { 2143 struct net *net = sock_net(in_skb->sk); 2144 struct nlattr *tb[NETCONFA_MAX+1]; 2145 struct sk_buff *skb; 2146 struct ipv4_devconf *devconf; 2147 struct in_device *in_dev; 2148 struct net_device *dev; 2149 int ifindex; 2150 int err; 2151 2152 err = inet_netconf_valid_get_req(in_skb, nlh, tb, extack); 2153 if (err) 2154 goto errout; 2155 2156 err = -EINVAL; 2157 if (!tb[NETCONFA_IFINDEX]) 2158 goto errout; 2159 2160 ifindex = nla_get_s32(tb[NETCONFA_IFINDEX]); 2161 switch (ifindex) { 2162 case NETCONFA_IFINDEX_ALL: 2163 devconf = net->ipv4.devconf_all; 2164 break; 2165 case NETCONFA_IFINDEX_DEFAULT: 2166 devconf = net->ipv4.devconf_dflt; 2167 break; 2168 default: 2169 dev = __dev_get_by_index(net, ifindex); 2170 if (!dev) 2171 goto errout; 2172 in_dev = __in_dev_get_rtnl(dev); 2173 if (!in_dev) 2174 goto errout; 2175 devconf = &in_dev->cnf; 2176 break; 2177 } 2178 2179 err = -ENOBUFS; 2180 skb = nlmsg_new(inet_netconf_msgsize_devconf(NETCONFA_ALL), GFP_KERNEL); 2181 if (!skb) 2182 goto errout; 2183 2184 err = inet_netconf_fill_devconf(skb, ifindex, devconf, 2185 NETLINK_CB(in_skb).portid, 2186 nlh->nlmsg_seq, RTM_NEWNETCONF, 0, 2187 NETCONFA_ALL); 2188 if (err < 0) { 2189 /* -EMSGSIZE implies BUG in inet_netconf_msgsize_devconf() */ 2190 WARN_ON(err == -EMSGSIZE); 2191 kfree_skb(skb); 2192 goto errout; 2193 } 2194 err = rtnl_unicast(skb, net, NETLINK_CB(in_skb).portid); 2195 errout: 2196 return err; 2197 } 2198 2199 static int inet_netconf_dump_devconf(struct sk_buff *skb, 2200 struct netlink_callback *cb) 2201 { 2202 const struct nlmsghdr *nlh = cb->nlh; 2203 struct net *net = sock_net(skb->sk); 2204 int h, s_h; 2205 int idx, s_idx; 2206 struct net_device *dev; 2207 struct in_device *in_dev; 2208 struct hlist_head *head; 2209 2210 if (cb->strict_check) { 2211 struct netlink_ext_ack *extack = cb->extack; 2212 struct netconfmsg *ncm; 2213 2214 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ncm))) { 2215 NL_SET_ERR_MSG(extack, "ipv4: Invalid header for netconf dump request"); 2216 return -EINVAL; 2217 } 2218 2219 if (nlmsg_attrlen(nlh, sizeof(*ncm))) { 2220 NL_SET_ERR_MSG(extack, "ipv4: Invalid data after header in netconf dump request"); 2221 return -EINVAL; 2222 } 2223 } 2224 2225 s_h = cb->args[0]; 2226 s_idx = idx = cb->args[1]; 2227 2228 for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) { 2229 idx = 0; 2230 head = &net->dev_index_head[h]; 2231 rcu_read_lock(); 2232 cb->seq = atomic_read(&net->ipv4.dev_addr_genid) ^ 2233 net->dev_base_seq; 2234 hlist_for_each_entry_rcu(dev, head, index_hlist) { 2235 if (idx < s_idx) 2236 goto cont; 2237 in_dev = __in_dev_get_rcu(dev); 2238 if (!in_dev) 2239 goto cont; 2240 2241 if (inet_netconf_fill_devconf(skb, dev->ifindex, 2242 &in_dev->cnf, 2243 NETLINK_CB(cb->skb).portid, 2244 nlh->nlmsg_seq, 2245 RTM_NEWNETCONF, 2246 NLM_F_MULTI, 2247 NETCONFA_ALL) < 0) { 2248 rcu_read_unlock(); 2249 goto done; 2250 } 2251 nl_dump_check_consistent(cb, nlmsg_hdr(skb)); 2252 cont: 2253 idx++; 2254 } 2255 rcu_read_unlock(); 2256 } 2257 if (h == NETDEV_HASHENTRIES) { 2258 if (inet_netconf_fill_devconf(skb, NETCONFA_IFINDEX_ALL, 2259 net->ipv4.devconf_all, 2260 NETLINK_CB(cb->skb).portid, 2261 nlh->nlmsg_seq, 2262 RTM_NEWNETCONF, NLM_F_MULTI, 2263 NETCONFA_ALL) < 0) 2264 goto done; 2265 else 2266 h++; 2267 } 2268 if (h == NETDEV_HASHENTRIES + 1) { 2269 if (inet_netconf_fill_devconf(skb, NETCONFA_IFINDEX_DEFAULT, 2270 net->ipv4.devconf_dflt, 2271 NETLINK_CB(cb->skb).portid, 2272 nlh->nlmsg_seq, 2273 RTM_NEWNETCONF, NLM_F_MULTI, 2274 NETCONFA_ALL) < 0) 2275 goto done; 2276 else 2277 h++; 2278 } 2279 done: 2280 cb->args[0] = h; 2281 cb->args[1] = idx; 2282 2283 return skb->len; 2284 } 2285 2286 #ifdef CONFIG_SYSCTL 2287 2288 static void devinet_copy_dflt_conf(struct net *net, int i) 2289 { 2290 struct net_device *dev; 2291 2292 rcu_read_lock(); 2293 for_each_netdev_rcu(net, dev) { 2294 struct in_device *in_dev; 2295 2296 in_dev = __in_dev_get_rcu(dev); 2297 if (in_dev && !test_bit(i, in_dev->cnf.state)) 2298 in_dev->cnf.data[i] = net->ipv4.devconf_dflt->data[i]; 2299 } 2300 rcu_read_unlock(); 2301 } 2302 2303 /* called with RTNL locked */ 2304 static void inet_forward_change(struct net *net) 2305 { 2306 struct net_device *dev; 2307 int on = IPV4_DEVCONF_ALL(net, FORWARDING); 2308 2309 IPV4_DEVCONF_ALL(net, ACCEPT_REDIRECTS) = !on; 2310 IPV4_DEVCONF_DFLT(net, FORWARDING) = on; 2311 inet_netconf_notify_devconf(net, RTM_NEWNETCONF, 2312 NETCONFA_FORWARDING, 2313 NETCONFA_IFINDEX_ALL, 2314 net->ipv4.devconf_all); 2315 inet_netconf_notify_devconf(net, RTM_NEWNETCONF, 2316 NETCONFA_FORWARDING, 2317 NETCONFA_IFINDEX_DEFAULT, 2318 net->ipv4.devconf_dflt); 2319 2320 for_each_netdev(net, dev) { 2321 struct in_device *in_dev; 2322 2323 if (on) 2324 dev_disable_lro(dev); 2325 2326 in_dev = __in_dev_get_rtnl(dev); 2327 if (in_dev) { 2328 IN_DEV_CONF_SET(in_dev, FORWARDING, on); 2329 inet_netconf_notify_devconf(net, RTM_NEWNETCONF, 2330 NETCONFA_FORWARDING, 2331 dev->ifindex, &in_dev->cnf); 2332 } 2333 } 2334 } 2335 2336 static int devinet_conf_ifindex(struct net *net, struct ipv4_devconf *cnf) 2337 { 2338 if (cnf == net->ipv4.devconf_dflt) 2339 return NETCONFA_IFINDEX_DEFAULT; 2340 else if (cnf == net->ipv4.devconf_all) 2341 return NETCONFA_IFINDEX_ALL; 2342 else { 2343 struct in_device *idev 2344 = container_of(cnf, struct in_device, cnf); 2345 return idev->dev->ifindex; 2346 } 2347 } 2348 2349 static int devinet_conf_proc(struct ctl_table *ctl, int write, 2350 void __user *buffer, 2351 size_t *lenp, loff_t *ppos) 2352 { 2353 int old_value = *(int *)ctl->data; 2354 int ret = proc_dointvec(ctl, write, buffer, lenp, ppos); 2355 int new_value = *(int *)ctl->data; 2356 2357 if (write) { 2358 struct ipv4_devconf *cnf = ctl->extra1; 2359 struct net *net = ctl->extra2; 2360 int i = (int *)ctl->data - cnf->data; 2361 int ifindex; 2362 2363 set_bit(i, cnf->state); 2364 2365 if (cnf == net->ipv4.devconf_dflt) 2366 devinet_copy_dflt_conf(net, i); 2367 if (i == IPV4_DEVCONF_ACCEPT_LOCAL - 1 || 2368 i == IPV4_DEVCONF_ROUTE_LOCALNET - 1) 2369 if ((new_value == 0) && (old_value != 0)) 2370 rt_cache_flush(net); 2371 2372 if (i == IPV4_DEVCONF_BC_FORWARDING - 1 && 2373 new_value != old_value) 2374 rt_cache_flush(net); 2375 2376 if (i == IPV4_DEVCONF_RP_FILTER - 1 && 2377 new_value != old_value) { 2378 ifindex = devinet_conf_ifindex(net, cnf); 2379 inet_netconf_notify_devconf(net, RTM_NEWNETCONF, 2380 NETCONFA_RP_FILTER, 2381 ifindex, cnf); 2382 } 2383 if (i == IPV4_DEVCONF_PROXY_ARP - 1 && 2384 new_value != old_value) { 2385 ifindex = devinet_conf_ifindex(net, cnf); 2386 inet_netconf_notify_devconf(net, RTM_NEWNETCONF, 2387 NETCONFA_PROXY_NEIGH, 2388 ifindex, cnf); 2389 } 2390 if (i == IPV4_DEVCONF_IGNORE_ROUTES_WITH_LINKDOWN - 1 && 2391 new_value != old_value) { 2392 ifindex = devinet_conf_ifindex(net, cnf); 2393 inet_netconf_notify_devconf(net, RTM_NEWNETCONF, 2394 NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN, 2395 ifindex, cnf); 2396 } 2397 } 2398 2399 return ret; 2400 } 2401 2402 static int devinet_sysctl_forward(struct ctl_table *ctl, int write, 2403 void __user *buffer, 2404 size_t *lenp, loff_t *ppos) 2405 { 2406 int *valp = ctl->data; 2407 int val = *valp; 2408 loff_t pos = *ppos; 2409 int ret = proc_dointvec(ctl, write, buffer, lenp, ppos); 2410 2411 if (write && *valp != val) { 2412 struct net *net = ctl->extra2; 2413 2414 if (valp != &IPV4_DEVCONF_DFLT(net, FORWARDING)) { 2415 if (!rtnl_trylock()) { 2416 /* Restore the original values before restarting */ 2417 *valp = val; 2418 *ppos = pos; 2419 return restart_syscall(); 2420 } 2421 if (valp == &IPV4_DEVCONF_ALL(net, FORWARDING)) { 2422 inet_forward_change(net); 2423 } else { 2424 struct ipv4_devconf *cnf = ctl->extra1; 2425 struct in_device *idev = 2426 container_of(cnf, struct in_device, cnf); 2427 if (*valp) 2428 dev_disable_lro(idev->dev); 2429 inet_netconf_notify_devconf(net, RTM_NEWNETCONF, 2430 NETCONFA_FORWARDING, 2431 idev->dev->ifindex, 2432 cnf); 2433 } 2434 rtnl_unlock(); 2435 rt_cache_flush(net); 2436 } else 2437 inet_netconf_notify_devconf(net, RTM_NEWNETCONF, 2438 NETCONFA_FORWARDING, 2439 NETCONFA_IFINDEX_DEFAULT, 2440 net->ipv4.devconf_dflt); 2441 } 2442 2443 return ret; 2444 } 2445 2446 static int ipv4_doint_and_flush(struct ctl_table *ctl, int write, 2447 void __user *buffer, 2448 size_t *lenp, loff_t *ppos) 2449 { 2450 int *valp = ctl->data; 2451 int val = *valp; 2452 int ret = proc_dointvec(ctl, write, buffer, lenp, ppos); 2453 struct net *net = ctl->extra2; 2454 2455 if (write && *valp != val) 2456 rt_cache_flush(net); 2457 2458 return ret; 2459 } 2460 2461 #define DEVINET_SYSCTL_ENTRY(attr, name, mval, proc) \ 2462 { \ 2463 .procname = name, \ 2464 .data = ipv4_devconf.data + \ 2465 IPV4_DEVCONF_ ## attr - 1, \ 2466 .maxlen = sizeof(int), \ 2467 .mode = mval, \ 2468 .proc_handler = proc, \ 2469 .extra1 = &ipv4_devconf, \ 2470 } 2471 2472 #define DEVINET_SYSCTL_RW_ENTRY(attr, name) \ 2473 DEVINET_SYSCTL_ENTRY(attr, name, 0644, devinet_conf_proc) 2474 2475 #define DEVINET_SYSCTL_RO_ENTRY(attr, name) \ 2476 DEVINET_SYSCTL_ENTRY(attr, name, 0444, devinet_conf_proc) 2477 2478 #define DEVINET_SYSCTL_COMPLEX_ENTRY(attr, name, proc) \ 2479 DEVINET_SYSCTL_ENTRY(attr, name, 0644, proc) 2480 2481 #define DEVINET_SYSCTL_FLUSHING_ENTRY(attr, name) \ 2482 DEVINET_SYSCTL_COMPLEX_ENTRY(attr, name, ipv4_doint_and_flush) 2483 2484 static struct devinet_sysctl_table { 2485 struct ctl_table_header *sysctl_header; 2486 struct ctl_table devinet_vars[__IPV4_DEVCONF_MAX]; 2487 } devinet_sysctl = { 2488 .devinet_vars = { 2489 DEVINET_SYSCTL_COMPLEX_ENTRY(FORWARDING, "forwarding", 2490 devinet_sysctl_forward), 2491 DEVINET_SYSCTL_RO_ENTRY(MC_FORWARDING, "mc_forwarding"), 2492 DEVINET_SYSCTL_RW_ENTRY(BC_FORWARDING, "bc_forwarding"), 2493 2494 DEVINET_SYSCTL_RW_ENTRY(ACCEPT_REDIRECTS, "accept_redirects"), 2495 DEVINET_SYSCTL_RW_ENTRY(SECURE_REDIRECTS, "secure_redirects"), 2496 DEVINET_SYSCTL_RW_ENTRY(SHARED_MEDIA, "shared_media"), 2497 DEVINET_SYSCTL_RW_ENTRY(RP_FILTER, "rp_filter"), 2498 DEVINET_SYSCTL_RW_ENTRY(SEND_REDIRECTS, "send_redirects"), 2499 DEVINET_SYSCTL_RW_ENTRY(ACCEPT_SOURCE_ROUTE, 2500 "accept_source_route"), 2501 DEVINET_SYSCTL_RW_ENTRY(ACCEPT_LOCAL, "accept_local"), 2502 DEVINET_SYSCTL_RW_ENTRY(SRC_VMARK, "src_valid_mark"), 2503 DEVINET_SYSCTL_RW_ENTRY(PROXY_ARP, "proxy_arp"), 2504 DEVINET_SYSCTL_RW_ENTRY(MEDIUM_ID, "medium_id"), 2505 DEVINET_SYSCTL_RW_ENTRY(BOOTP_RELAY, "bootp_relay"), 2506 DEVINET_SYSCTL_RW_ENTRY(LOG_MARTIANS, "log_martians"), 2507 DEVINET_SYSCTL_RW_ENTRY(TAG, "tag"), 2508 DEVINET_SYSCTL_RW_ENTRY(ARPFILTER, "arp_filter"), 2509 DEVINET_SYSCTL_RW_ENTRY(ARP_ANNOUNCE, "arp_announce"), 2510 DEVINET_SYSCTL_RW_ENTRY(ARP_IGNORE, "arp_ignore"), 2511 DEVINET_SYSCTL_RW_ENTRY(ARP_ACCEPT, "arp_accept"), 2512 DEVINET_SYSCTL_RW_ENTRY(ARP_NOTIFY, "arp_notify"), 2513 DEVINET_SYSCTL_RW_ENTRY(PROXY_ARP_PVLAN, "proxy_arp_pvlan"), 2514 DEVINET_SYSCTL_RW_ENTRY(FORCE_IGMP_VERSION, 2515 "force_igmp_version"), 2516 DEVINET_SYSCTL_RW_ENTRY(IGMPV2_UNSOLICITED_REPORT_INTERVAL, 2517 "igmpv2_unsolicited_report_interval"), 2518 DEVINET_SYSCTL_RW_ENTRY(IGMPV3_UNSOLICITED_REPORT_INTERVAL, 2519 "igmpv3_unsolicited_report_interval"), 2520 DEVINET_SYSCTL_RW_ENTRY(IGNORE_ROUTES_WITH_LINKDOWN, 2521 "ignore_routes_with_linkdown"), 2522 DEVINET_SYSCTL_RW_ENTRY(DROP_GRATUITOUS_ARP, 2523 "drop_gratuitous_arp"), 2524 2525 DEVINET_SYSCTL_FLUSHING_ENTRY(NOXFRM, "disable_xfrm"), 2526 DEVINET_SYSCTL_FLUSHING_ENTRY(NOPOLICY, "disable_policy"), 2527 DEVINET_SYSCTL_FLUSHING_ENTRY(PROMOTE_SECONDARIES, 2528 "promote_secondaries"), 2529 DEVINET_SYSCTL_FLUSHING_ENTRY(ROUTE_LOCALNET, 2530 "route_localnet"), 2531 DEVINET_SYSCTL_FLUSHING_ENTRY(DROP_UNICAST_IN_L2_MULTICAST, 2532 "drop_unicast_in_l2_multicast"), 2533 }, 2534 }; 2535 2536 static int __devinet_sysctl_register(struct net *net, char *dev_name, 2537 int ifindex, struct ipv4_devconf *p) 2538 { 2539 int i; 2540 struct devinet_sysctl_table *t; 2541 char path[sizeof("net/ipv4/conf/") + IFNAMSIZ]; 2542 2543 t = kmemdup(&devinet_sysctl, sizeof(*t), GFP_KERNEL); 2544 if (!t) 2545 goto out; 2546 2547 for (i = 0; i < ARRAY_SIZE(t->devinet_vars) - 1; i++) { 2548 t->devinet_vars[i].data += (char *)p - (char *)&ipv4_devconf; 2549 t->devinet_vars[i].extra1 = p; 2550 t->devinet_vars[i].extra2 = net; 2551 } 2552 2553 snprintf(path, sizeof(path), "net/ipv4/conf/%s", dev_name); 2554 2555 t->sysctl_header = register_net_sysctl(net, path, t->devinet_vars); 2556 if (!t->sysctl_header) 2557 goto free; 2558 2559 p->sysctl = t; 2560 2561 inet_netconf_notify_devconf(net, RTM_NEWNETCONF, NETCONFA_ALL, 2562 ifindex, p); 2563 return 0; 2564 2565 free: 2566 kfree(t); 2567 out: 2568 return -ENOBUFS; 2569 } 2570 2571 static void __devinet_sysctl_unregister(struct net *net, 2572 struct ipv4_devconf *cnf, int ifindex) 2573 { 2574 struct devinet_sysctl_table *t = cnf->sysctl; 2575 2576 if (t) { 2577 cnf->sysctl = NULL; 2578 unregister_net_sysctl_table(t->sysctl_header); 2579 kfree(t); 2580 } 2581 2582 inet_netconf_notify_devconf(net, RTM_DELNETCONF, 0, ifindex, NULL); 2583 } 2584 2585 static int devinet_sysctl_register(struct in_device *idev) 2586 { 2587 int err; 2588 2589 if (!sysctl_dev_name_is_allowed(idev->dev->name)) 2590 return -EINVAL; 2591 2592 err = neigh_sysctl_register(idev->dev, idev->arp_parms, NULL); 2593 if (err) 2594 return err; 2595 err = __devinet_sysctl_register(dev_net(idev->dev), idev->dev->name, 2596 idev->dev->ifindex, &idev->cnf); 2597 if (err) 2598 neigh_sysctl_unregister(idev->arp_parms); 2599 return err; 2600 } 2601 2602 static void devinet_sysctl_unregister(struct in_device *idev) 2603 { 2604 struct net *net = dev_net(idev->dev); 2605 2606 __devinet_sysctl_unregister(net, &idev->cnf, idev->dev->ifindex); 2607 neigh_sysctl_unregister(idev->arp_parms); 2608 } 2609 2610 static struct ctl_table ctl_forward_entry[] = { 2611 { 2612 .procname = "ip_forward", 2613 .data = &ipv4_devconf.data[ 2614 IPV4_DEVCONF_FORWARDING - 1], 2615 .maxlen = sizeof(int), 2616 .mode = 0644, 2617 .proc_handler = devinet_sysctl_forward, 2618 .extra1 = &ipv4_devconf, 2619 .extra2 = &init_net, 2620 }, 2621 { }, 2622 }; 2623 #endif 2624 2625 static __net_init int devinet_init_net(struct net *net) 2626 { 2627 int err; 2628 struct ipv4_devconf *all, *dflt; 2629 #ifdef CONFIG_SYSCTL 2630 struct ctl_table *tbl; 2631 struct ctl_table_header *forw_hdr; 2632 #endif 2633 2634 err = -ENOMEM; 2635 all = kmemdup(&ipv4_devconf, sizeof(ipv4_devconf), GFP_KERNEL); 2636 if (!all) 2637 goto err_alloc_all; 2638 2639 dflt = kmemdup(&ipv4_devconf_dflt, sizeof(ipv4_devconf_dflt), GFP_KERNEL); 2640 if (!dflt) 2641 goto err_alloc_dflt; 2642 2643 #ifdef CONFIG_SYSCTL 2644 tbl = kmemdup(ctl_forward_entry, sizeof(ctl_forward_entry), GFP_KERNEL); 2645 if (!tbl) 2646 goto err_alloc_ctl; 2647 2648 tbl[0].data = &all->data[IPV4_DEVCONF_FORWARDING - 1]; 2649 tbl[0].extra1 = all; 2650 tbl[0].extra2 = net; 2651 #endif 2652 2653 if ((!IS_ENABLED(CONFIG_SYSCTL) || 2654 sysctl_devconf_inherit_init_net != 2) && 2655 !net_eq(net, &init_net)) { 2656 memcpy(all, init_net.ipv4.devconf_all, sizeof(ipv4_devconf)); 2657 memcpy(dflt, init_net.ipv4.devconf_dflt, sizeof(ipv4_devconf_dflt)); 2658 } 2659 2660 #ifdef CONFIG_SYSCTL 2661 err = __devinet_sysctl_register(net, "all", NETCONFA_IFINDEX_ALL, all); 2662 if (err < 0) 2663 goto err_reg_all; 2664 2665 err = __devinet_sysctl_register(net, "default", 2666 NETCONFA_IFINDEX_DEFAULT, dflt); 2667 if (err < 0) 2668 goto err_reg_dflt; 2669 2670 err = -ENOMEM; 2671 forw_hdr = register_net_sysctl(net, "net/ipv4", tbl); 2672 if (!forw_hdr) 2673 goto err_reg_ctl; 2674 net->ipv4.forw_hdr = forw_hdr; 2675 #endif 2676 2677 net->ipv4.devconf_all = all; 2678 net->ipv4.devconf_dflt = dflt; 2679 return 0; 2680 2681 #ifdef CONFIG_SYSCTL 2682 err_reg_ctl: 2683 __devinet_sysctl_unregister(net, dflt, NETCONFA_IFINDEX_DEFAULT); 2684 err_reg_dflt: 2685 __devinet_sysctl_unregister(net, all, NETCONFA_IFINDEX_ALL); 2686 err_reg_all: 2687 kfree(tbl); 2688 err_alloc_ctl: 2689 #endif 2690 kfree(dflt); 2691 err_alloc_dflt: 2692 kfree(all); 2693 err_alloc_all: 2694 return err; 2695 } 2696 2697 static __net_exit void devinet_exit_net(struct net *net) 2698 { 2699 #ifdef CONFIG_SYSCTL 2700 struct ctl_table *tbl; 2701 2702 tbl = net->ipv4.forw_hdr->ctl_table_arg; 2703 unregister_net_sysctl_table(net->ipv4.forw_hdr); 2704 __devinet_sysctl_unregister(net, net->ipv4.devconf_dflt, 2705 NETCONFA_IFINDEX_DEFAULT); 2706 __devinet_sysctl_unregister(net, net->ipv4.devconf_all, 2707 NETCONFA_IFINDEX_ALL); 2708 kfree(tbl); 2709 #endif 2710 kfree(net->ipv4.devconf_dflt); 2711 kfree(net->ipv4.devconf_all); 2712 } 2713 2714 static __net_initdata struct pernet_operations devinet_ops = { 2715 .init = devinet_init_net, 2716 .exit = devinet_exit_net, 2717 }; 2718 2719 static struct rtnl_af_ops inet_af_ops __read_mostly = { 2720 .family = AF_INET, 2721 .fill_link_af = inet_fill_link_af, 2722 .get_link_af_size = inet_get_link_af_size, 2723 .validate_link_af = inet_validate_link_af, 2724 .set_link_af = inet_set_link_af, 2725 }; 2726 2727 void __init devinet_init(void) 2728 { 2729 int i; 2730 2731 for (i = 0; i < IN4_ADDR_HSIZE; i++) 2732 INIT_HLIST_HEAD(&inet_addr_lst[i]); 2733 2734 register_pernet_subsys(&devinet_ops); 2735 2736 register_gifconf(PF_INET, inet_gifconf); 2737 register_netdevice_notifier(&ip_netdev_notifier); 2738 2739 queue_delayed_work(system_power_efficient_wq, &check_lifetime_work, 0); 2740 2741 rtnl_af_register(&inet_af_ops); 2742 2743 rtnl_register(PF_INET, RTM_NEWADDR, inet_rtm_newaddr, NULL, 0); 2744 rtnl_register(PF_INET, RTM_DELADDR, inet_rtm_deladdr, NULL, 0); 2745 rtnl_register(PF_INET, RTM_GETADDR, NULL, inet_dump_ifaddr, 0); 2746 rtnl_register(PF_INET, RTM_GETNETCONF, inet_netconf_get_devconf, 2747 inet_netconf_dump_devconf, 0); 2748 } 2749