1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * NET3 IP device support routines. 4 * 5 * Derived from the IP parts of dev.c 1.0.19 6 * Authors: Ross Biro 7 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG> 8 * Mark Evans, <evansmp@uhura.aston.ac.uk> 9 * 10 * Additional Authors: 11 * Alan Cox, <gw4pts@gw4pts.ampr.org> 12 * Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru> 13 * 14 * Changes: 15 * Alexey Kuznetsov: pa_* fields are replaced with ifaddr 16 * lists. 17 * Cyrus Durgin: updated for kmod 18 * Matthias Andree: in devinet_ioctl, compare label and 19 * address (4.4BSD alias style support), 20 * fall back to comparing just the label 21 * if no match found. 22 */ 23 24 25 #include <linux/uaccess.h> 26 #include <linux/bitops.h> 27 #include <linux/capability.h> 28 #include <linux/module.h> 29 #include <linux/types.h> 30 #include <linux/kernel.h> 31 #include <linux/sched/signal.h> 32 #include <linux/string.h> 33 #include <linux/mm.h> 34 #include <linux/socket.h> 35 #include <linux/sockios.h> 36 #include <linux/in.h> 37 #include <linux/errno.h> 38 #include <linux/interrupt.h> 39 #include <linux/if_addr.h> 40 #include <linux/if_ether.h> 41 #include <linux/inet.h> 42 #include <linux/netdevice.h> 43 #include <linux/etherdevice.h> 44 #include <linux/skbuff.h> 45 #include <linux/init.h> 46 #include <linux/notifier.h> 47 #include <linux/inetdevice.h> 48 #include <linux/igmp.h> 49 #include <linux/slab.h> 50 #include <linux/hash.h> 51 #ifdef CONFIG_SYSCTL 52 #include <linux/sysctl.h> 53 #endif 54 #include <linux/kmod.h> 55 #include <linux/netconf.h> 56 57 #include <net/arp.h> 58 #include <net/ip.h> 59 #include <net/route.h> 60 #include <net/ip_fib.h> 61 #include <net/rtnetlink.h> 62 #include <net/net_namespace.h> 63 #include <net/addrconf.h> 64 65 #define IPV6ONLY_FLAGS \ 66 (IFA_F_NODAD | IFA_F_OPTIMISTIC | IFA_F_DADFAILED | \ 67 IFA_F_HOMEADDRESS | IFA_F_TENTATIVE | \ 68 IFA_F_MANAGETEMPADDR | IFA_F_STABLE_PRIVACY) 69 70 static struct ipv4_devconf ipv4_devconf = { 71 .data = { 72 [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 1, 73 [IPV4_DEVCONF_SEND_REDIRECTS - 1] = 1, 74 [IPV4_DEVCONF_SECURE_REDIRECTS - 1] = 1, 75 [IPV4_DEVCONF_SHARED_MEDIA - 1] = 1, 76 [IPV4_DEVCONF_IGMPV2_UNSOLICITED_REPORT_INTERVAL - 1] = 10000 /*ms*/, 77 [IPV4_DEVCONF_IGMPV3_UNSOLICITED_REPORT_INTERVAL - 1] = 1000 /*ms*/, 78 [IPV4_DEVCONF_ARP_EVICT_NOCARRIER - 1] = 1, 79 }, 80 }; 81 82 static struct ipv4_devconf ipv4_devconf_dflt = { 83 .data = { 84 [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 1, 85 [IPV4_DEVCONF_SEND_REDIRECTS - 1] = 1, 86 [IPV4_DEVCONF_SECURE_REDIRECTS - 1] = 1, 87 [IPV4_DEVCONF_SHARED_MEDIA - 1] = 1, 88 [IPV4_DEVCONF_ACCEPT_SOURCE_ROUTE - 1] = 1, 89 [IPV4_DEVCONF_IGMPV2_UNSOLICITED_REPORT_INTERVAL - 1] = 10000 /*ms*/, 90 [IPV4_DEVCONF_IGMPV3_UNSOLICITED_REPORT_INTERVAL - 1] = 1000 /*ms*/, 91 [IPV4_DEVCONF_ARP_EVICT_NOCARRIER - 1] = 1, 92 }, 93 }; 94 95 #define IPV4_DEVCONF_DFLT(net, attr) \ 96 IPV4_DEVCONF((*net->ipv4.devconf_dflt), attr) 97 98 static const struct nla_policy ifa_ipv4_policy[IFA_MAX+1] = { 99 [IFA_LOCAL] = { .type = NLA_U32 }, 100 [IFA_ADDRESS] = { .type = NLA_U32 }, 101 [IFA_BROADCAST] = { .type = NLA_U32 }, 102 [IFA_LABEL] = { .type = NLA_STRING, .len = IFNAMSIZ - 1 }, 103 [IFA_CACHEINFO] = { .len = sizeof(struct ifa_cacheinfo) }, 104 [IFA_FLAGS] = { .type = NLA_U32 }, 105 [IFA_RT_PRIORITY] = { .type = NLA_U32 }, 106 [IFA_TARGET_NETNSID] = { .type = NLA_S32 }, 107 [IFA_PROTO] = { .type = NLA_U8 }, 108 }; 109 110 struct inet_fill_args { 111 u32 portid; 112 u32 seq; 113 int event; 114 unsigned int flags; 115 int netnsid; 116 int ifindex; 117 }; 118 119 #define IN4_ADDR_HSIZE_SHIFT 8 120 #define IN4_ADDR_HSIZE (1U << IN4_ADDR_HSIZE_SHIFT) 121 122 static struct hlist_head inet_addr_lst[IN4_ADDR_HSIZE]; 123 124 static u32 inet_addr_hash(const struct net *net, __be32 addr) 125 { 126 u32 val = (__force u32) addr ^ net_hash_mix(net); 127 128 return hash_32(val, IN4_ADDR_HSIZE_SHIFT); 129 } 130 131 static void inet_hash_insert(struct net *net, struct in_ifaddr *ifa) 132 { 133 u32 hash = inet_addr_hash(net, ifa->ifa_local); 134 135 ASSERT_RTNL(); 136 hlist_add_head_rcu(&ifa->hash, &inet_addr_lst[hash]); 137 } 138 139 static void inet_hash_remove(struct in_ifaddr *ifa) 140 { 141 ASSERT_RTNL(); 142 hlist_del_init_rcu(&ifa->hash); 143 } 144 145 /** 146 * __ip_dev_find - find the first device with a given source address. 147 * @net: the net namespace 148 * @addr: the source address 149 * @devref: if true, take a reference on the found device 150 * 151 * If a caller uses devref=false, it should be protected by RCU, or RTNL 152 */ 153 struct net_device *__ip_dev_find(struct net *net, __be32 addr, bool devref) 154 { 155 struct net_device *result = NULL; 156 struct in_ifaddr *ifa; 157 158 rcu_read_lock(); 159 ifa = inet_lookup_ifaddr_rcu(net, addr); 160 if (!ifa) { 161 struct flowi4 fl4 = { .daddr = addr }; 162 struct fib_result res = { 0 }; 163 struct fib_table *local; 164 165 /* Fallback to FIB local table so that communication 166 * over loopback subnets work. 167 */ 168 local = fib_get_table(net, RT_TABLE_LOCAL); 169 if (local && 170 !fib_table_lookup(local, &fl4, &res, FIB_LOOKUP_NOREF) && 171 res.type == RTN_LOCAL) 172 result = FIB_RES_DEV(res); 173 } else { 174 result = ifa->ifa_dev->dev; 175 } 176 if (result && devref) 177 dev_hold(result); 178 rcu_read_unlock(); 179 return result; 180 } 181 EXPORT_SYMBOL(__ip_dev_find); 182 183 /* called under RCU lock */ 184 struct in_ifaddr *inet_lookup_ifaddr_rcu(struct net *net, __be32 addr) 185 { 186 u32 hash = inet_addr_hash(net, addr); 187 struct in_ifaddr *ifa; 188 189 hlist_for_each_entry_rcu(ifa, &inet_addr_lst[hash], hash) 190 if (ifa->ifa_local == addr && 191 net_eq(dev_net(ifa->ifa_dev->dev), net)) 192 return ifa; 193 194 return NULL; 195 } 196 197 static void rtmsg_ifa(int event, struct in_ifaddr *, struct nlmsghdr *, u32); 198 199 static BLOCKING_NOTIFIER_HEAD(inetaddr_chain); 200 static BLOCKING_NOTIFIER_HEAD(inetaddr_validator_chain); 201 static void inet_del_ifa(struct in_device *in_dev, 202 struct in_ifaddr __rcu **ifap, 203 int destroy); 204 #ifdef CONFIG_SYSCTL 205 static int devinet_sysctl_register(struct in_device *idev); 206 static void devinet_sysctl_unregister(struct in_device *idev); 207 #else 208 static int devinet_sysctl_register(struct in_device *idev) 209 { 210 return 0; 211 } 212 static void devinet_sysctl_unregister(struct in_device *idev) 213 { 214 } 215 #endif 216 217 /* Locks all the inet devices. */ 218 219 static struct in_ifaddr *inet_alloc_ifa(struct in_device *in_dev) 220 { 221 struct in_ifaddr *ifa; 222 223 ifa = kzalloc(sizeof(*ifa), GFP_KERNEL_ACCOUNT); 224 if (!ifa) 225 return NULL; 226 227 in_dev_hold(in_dev); 228 ifa->ifa_dev = in_dev; 229 230 INIT_HLIST_NODE(&ifa->hash); 231 232 return ifa; 233 } 234 235 static void inet_rcu_free_ifa(struct rcu_head *head) 236 { 237 struct in_ifaddr *ifa = container_of(head, struct in_ifaddr, rcu_head); 238 239 in_dev_put(ifa->ifa_dev); 240 kfree(ifa); 241 } 242 243 static void inet_free_ifa(struct in_ifaddr *ifa) 244 { 245 /* Our reference to ifa->ifa_dev must be freed ASAP 246 * to release the reference to the netdev the same way. 247 * in_dev_put() -> in_dev_finish_destroy() -> netdev_put() 248 */ 249 call_rcu_hurry(&ifa->rcu_head, inet_rcu_free_ifa); 250 } 251 252 static void in_dev_free_rcu(struct rcu_head *head) 253 { 254 struct in_device *idev = container_of(head, struct in_device, rcu_head); 255 256 kfree(rcu_dereference_protected(idev->mc_hash, 1)); 257 kfree(idev); 258 } 259 260 void in_dev_finish_destroy(struct in_device *idev) 261 { 262 struct net_device *dev = idev->dev; 263 264 WARN_ON(idev->ifa_list); 265 WARN_ON(idev->mc_list); 266 #ifdef NET_REFCNT_DEBUG 267 pr_debug("%s: %p=%s\n", __func__, idev, dev ? dev->name : "NIL"); 268 #endif 269 netdev_put(dev, &idev->dev_tracker); 270 if (!idev->dead) 271 pr_err("Freeing alive in_device %p\n", idev); 272 else 273 call_rcu(&idev->rcu_head, in_dev_free_rcu); 274 } 275 EXPORT_SYMBOL(in_dev_finish_destroy); 276 277 static struct in_device *inetdev_init(struct net_device *dev) 278 { 279 struct in_device *in_dev; 280 int err = -ENOMEM; 281 282 ASSERT_RTNL(); 283 284 in_dev = kzalloc(sizeof(*in_dev), GFP_KERNEL); 285 if (!in_dev) 286 goto out; 287 memcpy(&in_dev->cnf, dev_net(dev)->ipv4.devconf_dflt, 288 sizeof(in_dev->cnf)); 289 in_dev->cnf.sysctl = NULL; 290 in_dev->dev = dev; 291 in_dev->arp_parms = neigh_parms_alloc(dev, &arp_tbl); 292 if (!in_dev->arp_parms) 293 goto out_kfree; 294 if (IPV4_DEVCONF(in_dev->cnf, FORWARDING)) 295 dev_disable_lro(dev); 296 /* Reference in_dev->dev */ 297 netdev_hold(dev, &in_dev->dev_tracker, GFP_KERNEL); 298 /* Account for reference dev->ip_ptr (below) */ 299 refcount_set(&in_dev->refcnt, 1); 300 301 err = devinet_sysctl_register(in_dev); 302 if (err) { 303 in_dev->dead = 1; 304 neigh_parms_release(&arp_tbl, in_dev->arp_parms); 305 in_dev_put(in_dev); 306 in_dev = NULL; 307 goto out; 308 } 309 ip_mc_init_dev(in_dev); 310 if (dev->flags & IFF_UP) 311 ip_mc_up(in_dev); 312 313 /* we can receive as soon as ip_ptr is set -- do this last */ 314 rcu_assign_pointer(dev->ip_ptr, in_dev); 315 out: 316 return in_dev ?: ERR_PTR(err); 317 out_kfree: 318 kfree(in_dev); 319 in_dev = NULL; 320 goto out; 321 } 322 323 static void inetdev_destroy(struct in_device *in_dev) 324 { 325 struct net_device *dev; 326 struct in_ifaddr *ifa; 327 328 ASSERT_RTNL(); 329 330 dev = in_dev->dev; 331 332 in_dev->dead = 1; 333 334 ip_mc_destroy_dev(in_dev); 335 336 while ((ifa = rtnl_dereference(in_dev->ifa_list)) != NULL) { 337 inet_del_ifa(in_dev, &in_dev->ifa_list, 0); 338 inet_free_ifa(ifa); 339 } 340 341 RCU_INIT_POINTER(dev->ip_ptr, NULL); 342 343 devinet_sysctl_unregister(in_dev); 344 neigh_parms_release(&arp_tbl, in_dev->arp_parms); 345 arp_ifdown(dev); 346 347 in_dev_put(in_dev); 348 } 349 350 int inet_addr_onlink(struct in_device *in_dev, __be32 a, __be32 b) 351 { 352 const struct in_ifaddr *ifa; 353 354 rcu_read_lock(); 355 in_dev_for_each_ifa_rcu(ifa, in_dev) { 356 if (inet_ifa_match(a, ifa)) { 357 if (!b || inet_ifa_match(b, ifa)) { 358 rcu_read_unlock(); 359 return 1; 360 } 361 } 362 } 363 rcu_read_unlock(); 364 return 0; 365 } 366 367 static void __inet_del_ifa(struct in_device *in_dev, 368 struct in_ifaddr __rcu **ifap, 369 int destroy, struct nlmsghdr *nlh, u32 portid) 370 { 371 struct in_ifaddr *promote = NULL; 372 struct in_ifaddr *ifa, *ifa1; 373 struct in_ifaddr __rcu **last_prim; 374 struct in_ifaddr *prev_prom = NULL; 375 int do_promote = IN_DEV_PROMOTE_SECONDARIES(in_dev); 376 377 ASSERT_RTNL(); 378 379 ifa1 = rtnl_dereference(*ifap); 380 last_prim = ifap; 381 if (in_dev->dead) 382 goto no_promotions; 383 384 /* 1. Deleting primary ifaddr forces deletion all secondaries 385 * unless alias promotion is set 386 **/ 387 388 if (!(ifa1->ifa_flags & IFA_F_SECONDARY)) { 389 struct in_ifaddr __rcu **ifap1 = &ifa1->ifa_next; 390 391 while ((ifa = rtnl_dereference(*ifap1)) != NULL) { 392 if (!(ifa->ifa_flags & IFA_F_SECONDARY) && 393 ifa1->ifa_scope <= ifa->ifa_scope) 394 last_prim = &ifa->ifa_next; 395 396 if (!(ifa->ifa_flags & IFA_F_SECONDARY) || 397 ifa1->ifa_mask != ifa->ifa_mask || 398 !inet_ifa_match(ifa1->ifa_address, ifa)) { 399 ifap1 = &ifa->ifa_next; 400 prev_prom = ifa; 401 continue; 402 } 403 404 if (!do_promote) { 405 inet_hash_remove(ifa); 406 *ifap1 = ifa->ifa_next; 407 408 rtmsg_ifa(RTM_DELADDR, ifa, nlh, portid); 409 blocking_notifier_call_chain(&inetaddr_chain, 410 NETDEV_DOWN, ifa); 411 inet_free_ifa(ifa); 412 } else { 413 promote = ifa; 414 break; 415 } 416 } 417 } 418 419 /* On promotion all secondaries from subnet are changing 420 * the primary IP, we must remove all their routes silently 421 * and later to add them back with new prefsrc. Do this 422 * while all addresses are on the device list. 423 */ 424 for (ifa = promote; ifa; ifa = rtnl_dereference(ifa->ifa_next)) { 425 if (ifa1->ifa_mask == ifa->ifa_mask && 426 inet_ifa_match(ifa1->ifa_address, ifa)) 427 fib_del_ifaddr(ifa, ifa1); 428 } 429 430 no_promotions: 431 /* 2. Unlink it */ 432 433 *ifap = ifa1->ifa_next; 434 inet_hash_remove(ifa1); 435 436 /* 3. Announce address deletion */ 437 438 /* Send message first, then call notifier. 439 At first sight, FIB update triggered by notifier 440 will refer to already deleted ifaddr, that could confuse 441 netlink listeners. It is not true: look, gated sees 442 that route deleted and if it still thinks that ifaddr 443 is valid, it will try to restore deleted routes... Grr. 444 So that, this order is correct. 445 */ 446 rtmsg_ifa(RTM_DELADDR, ifa1, nlh, portid); 447 blocking_notifier_call_chain(&inetaddr_chain, NETDEV_DOWN, ifa1); 448 449 if (promote) { 450 struct in_ifaddr *next_sec; 451 452 next_sec = rtnl_dereference(promote->ifa_next); 453 if (prev_prom) { 454 struct in_ifaddr *last_sec; 455 456 rcu_assign_pointer(prev_prom->ifa_next, next_sec); 457 458 last_sec = rtnl_dereference(*last_prim); 459 rcu_assign_pointer(promote->ifa_next, last_sec); 460 rcu_assign_pointer(*last_prim, promote); 461 } 462 463 promote->ifa_flags &= ~IFA_F_SECONDARY; 464 rtmsg_ifa(RTM_NEWADDR, promote, nlh, portid); 465 blocking_notifier_call_chain(&inetaddr_chain, 466 NETDEV_UP, promote); 467 for (ifa = next_sec; ifa; 468 ifa = rtnl_dereference(ifa->ifa_next)) { 469 if (ifa1->ifa_mask != ifa->ifa_mask || 470 !inet_ifa_match(ifa1->ifa_address, ifa)) 471 continue; 472 fib_add_ifaddr(ifa); 473 } 474 475 } 476 if (destroy) 477 inet_free_ifa(ifa1); 478 } 479 480 static void inet_del_ifa(struct in_device *in_dev, 481 struct in_ifaddr __rcu **ifap, 482 int destroy) 483 { 484 __inet_del_ifa(in_dev, ifap, destroy, NULL, 0); 485 } 486 487 static void check_lifetime(struct work_struct *work); 488 489 static DECLARE_DELAYED_WORK(check_lifetime_work, check_lifetime); 490 491 static int __inet_insert_ifa(struct in_ifaddr *ifa, struct nlmsghdr *nlh, 492 u32 portid, struct netlink_ext_ack *extack) 493 { 494 struct in_ifaddr __rcu **last_primary, **ifap; 495 struct in_device *in_dev = ifa->ifa_dev; 496 struct in_validator_info ivi; 497 struct in_ifaddr *ifa1; 498 int ret; 499 500 ASSERT_RTNL(); 501 502 if (!ifa->ifa_local) { 503 inet_free_ifa(ifa); 504 return 0; 505 } 506 507 ifa->ifa_flags &= ~IFA_F_SECONDARY; 508 last_primary = &in_dev->ifa_list; 509 510 /* Don't set IPv6 only flags to IPv4 addresses */ 511 ifa->ifa_flags &= ~IPV6ONLY_FLAGS; 512 513 ifap = &in_dev->ifa_list; 514 ifa1 = rtnl_dereference(*ifap); 515 516 while (ifa1) { 517 if (!(ifa1->ifa_flags & IFA_F_SECONDARY) && 518 ifa->ifa_scope <= ifa1->ifa_scope) 519 last_primary = &ifa1->ifa_next; 520 if (ifa1->ifa_mask == ifa->ifa_mask && 521 inet_ifa_match(ifa1->ifa_address, ifa)) { 522 if (ifa1->ifa_local == ifa->ifa_local) { 523 inet_free_ifa(ifa); 524 return -EEXIST; 525 } 526 if (ifa1->ifa_scope != ifa->ifa_scope) { 527 NL_SET_ERR_MSG(extack, "ipv4: Invalid scope value"); 528 inet_free_ifa(ifa); 529 return -EINVAL; 530 } 531 ifa->ifa_flags |= IFA_F_SECONDARY; 532 } 533 534 ifap = &ifa1->ifa_next; 535 ifa1 = rtnl_dereference(*ifap); 536 } 537 538 /* Allow any devices that wish to register ifaddr validtors to weigh 539 * in now, before changes are committed. The rntl lock is serializing 540 * access here, so the state should not change between a validator call 541 * and a final notify on commit. This isn't invoked on promotion under 542 * the assumption that validators are checking the address itself, and 543 * not the flags. 544 */ 545 ivi.ivi_addr = ifa->ifa_address; 546 ivi.ivi_dev = ifa->ifa_dev; 547 ivi.extack = extack; 548 ret = blocking_notifier_call_chain(&inetaddr_validator_chain, 549 NETDEV_UP, &ivi); 550 ret = notifier_to_errno(ret); 551 if (ret) { 552 inet_free_ifa(ifa); 553 return ret; 554 } 555 556 if (!(ifa->ifa_flags & IFA_F_SECONDARY)) 557 ifap = last_primary; 558 559 rcu_assign_pointer(ifa->ifa_next, *ifap); 560 rcu_assign_pointer(*ifap, ifa); 561 562 inet_hash_insert(dev_net(in_dev->dev), ifa); 563 564 cancel_delayed_work(&check_lifetime_work); 565 queue_delayed_work(system_power_efficient_wq, &check_lifetime_work, 0); 566 567 /* Send message first, then call notifier. 568 Notifier will trigger FIB update, so that 569 listeners of netlink will know about new ifaddr */ 570 rtmsg_ifa(RTM_NEWADDR, ifa, nlh, portid); 571 blocking_notifier_call_chain(&inetaddr_chain, NETDEV_UP, ifa); 572 573 return 0; 574 } 575 576 static int inet_insert_ifa(struct in_ifaddr *ifa) 577 { 578 return __inet_insert_ifa(ifa, NULL, 0, NULL); 579 } 580 581 static int inet_set_ifa(struct net_device *dev, struct in_ifaddr *ifa) 582 { 583 struct in_device *in_dev = __in_dev_get_rtnl(dev); 584 585 ASSERT_RTNL(); 586 587 ipv4_devconf_setall(in_dev); 588 neigh_parms_data_state_setall(in_dev->arp_parms); 589 590 if (ipv4_is_loopback(ifa->ifa_local)) 591 ifa->ifa_scope = RT_SCOPE_HOST; 592 return inet_insert_ifa(ifa); 593 } 594 595 /* Caller must hold RCU or RTNL : 596 * We dont take a reference on found in_device 597 */ 598 struct in_device *inetdev_by_index(struct net *net, int ifindex) 599 { 600 struct net_device *dev; 601 struct in_device *in_dev = NULL; 602 603 rcu_read_lock(); 604 dev = dev_get_by_index_rcu(net, ifindex); 605 if (dev) 606 in_dev = rcu_dereference_rtnl(dev->ip_ptr); 607 rcu_read_unlock(); 608 return in_dev; 609 } 610 EXPORT_SYMBOL(inetdev_by_index); 611 612 /* Called only from RTNL semaphored context. No locks. */ 613 614 struct in_ifaddr *inet_ifa_byprefix(struct in_device *in_dev, __be32 prefix, 615 __be32 mask) 616 { 617 struct in_ifaddr *ifa; 618 619 ASSERT_RTNL(); 620 621 in_dev_for_each_ifa_rtnl(ifa, in_dev) { 622 if (ifa->ifa_mask == mask && inet_ifa_match(prefix, ifa)) 623 return ifa; 624 } 625 return NULL; 626 } 627 628 static int ip_mc_autojoin_config(struct net *net, bool join, 629 const struct in_ifaddr *ifa) 630 { 631 #if defined(CONFIG_IP_MULTICAST) 632 struct ip_mreqn mreq = { 633 .imr_multiaddr.s_addr = ifa->ifa_address, 634 .imr_ifindex = ifa->ifa_dev->dev->ifindex, 635 }; 636 struct sock *sk = net->ipv4.mc_autojoin_sk; 637 int ret; 638 639 ASSERT_RTNL(); 640 641 lock_sock(sk); 642 if (join) 643 ret = ip_mc_join_group(sk, &mreq); 644 else 645 ret = ip_mc_leave_group(sk, &mreq); 646 release_sock(sk); 647 648 return ret; 649 #else 650 return -EOPNOTSUPP; 651 #endif 652 } 653 654 static int inet_rtm_deladdr(struct sk_buff *skb, struct nlmsghdr *nlh, 655 struct netlink_ext_ack *extack) 656 { 657 struct net *net = sock_net(skb->sk); 658 struct in_ifaddr __rcu **ifap; 659 struct nlattr *tb[IFA_MAX+1]; 660 struct in_device *in_dev; 661 struct ifaddrmsg *ifm; 662 struct in_ifaddr *ifa; 663 int err; 664 665 ASSERT_RTNL(); 666 667 err = nlmsg_parse_deprecated(nlh, sizeof(*ifm), tb, IFA_MAX, 668 ifa_ipv4_policy, extack); 669 if (err < 0) 670 goto errout; 671 672 ifm = nlmsg_data(nlh); 673 in_dev = inetdev_by_index(net, ifm->ifa_index); 674 if (!in_dev) { 675 NL_SET_ERR_MSG(extack, "ipv4: Device not found"); 676 err = -ENODEV; 677 goto errout; 678 } 679 680 for (ifap = &in_dev->ifa_list; (ifa = rtnl_dereference(*ifap)) != NULL; 681 ifap = &ifa->ifa_next) { 682 if (tb[IFA_LOCAL] && 683 ifa->ifa_local != nla_get_in_addr(tb[IFA_LOCAL])) 684 continue; 685 686 if (tb[IFA_LABEL] && nla_strcmp(tb[IFA_LABEL], ifa->ifa_label)) 687 continue; 688 689 if (tb[IFA_ADDRESS] && 690 (ifm->ifa_prefixlen != ifa->ifa_prefixlen || 691 !inet_ifa_match(nla_get_in_addr(tb[IFA_ADDRESS]), ifa))) 692 continue; 693 694 if (ipv4_is_multicast(ifa->ifa_address)) 695 ip_mc_autojoin_config(net, false, ifa); 696 __inet_del_ifa(in_dev, ifap, 1, nlh, NETLINK_CB(skb).portid); 697 return 0; 698 } 699 700 NL_SET_ERR_MSG(extack, "ipv4: Address not found"); 701 err = -EADDRNOTAVAIL; 702 errout: 703 return err; 704 } 705 706 static void check_lifetime(struct work_struct *work) 707 { 708 unsigned long now, next, next_sec, next_sched; 709 struct in_ifaddr *ifa; 710 struct hlist_node *n; 711 int i; 712 713 now = jiffies; 714 next = round_jiffies_up(now + ADDR_CHECK_FREQUENCY); 715 716 for (i = 0; i < IN4_ADDR_HSIZE; i++) { 717 bool change_needed = false; 718 719 rcu_read_lock(); 720 hlist_for_each_entry_rcu(ifa, &inet_addr_lst[i], hash) { 721 unsigned long age, tstamp; 722 u32 preferred_lft; 723 u32 valid_lft; 724 u32 flags; 725 726 flags = READ_ONCE(ifa->ifa_flags); 727 if (flags & IFA_F_PERMANENT) 728 continue; 729 730 preferred_lft = READ_ONCE(ifa->ifa_preferred_lft); 731 valid_lft = READ_ONCE(ifa->ifa_valid_lft); 732 tstamp = READ_ONCE(ifa->ifa_tstamp); 733 /* We try to batch several events at once. */ 734 age = (now - tstamp + 735 ADDRCONF_TIMER_FUZZ_MINUS) / HZ; 736 737 if (valid_lft != INFINITY_LIFE_TIME && 738 age >= valid_lft) { 739 change_needed = true; 740 } else if (preferred_lft == 741 INFINITY_LIFE_TIME) { 742 continue; 743 } else if (age >= preferred_lft) { 744 if (time_before(tstamp + valid_lft * HZ, next)) 745 next = tstamp + valid_lft * HZ; 746 747 if (!(flags & IFA_F_DEPRECATED)) 748 change_needed = true; 749 } else if (time_before(tstamp + preferred_lft * HZ, 750 next)) { 751 next = tstamp + preferred_lft * HZ; 752 } 753 } 754 rcu_read_unlock(); 755 if (!change_needed) 756 continue; 757 rtnl_lock(); 758 hlist_for_each_entry_safe(ifa, n, &inet_addr_lst[i], hash) { 759 unsigned long age; 760 761 if (ifa->ifa_flags & IFA_F_PERMANENT) 762 continue; 763 764 /* We try to batch several events at once. */ 765 age = (now - ifa->ifa_tstamp + 766 ADDRCONF_TIMER_FUZZ_MINUS) / HZ; 767 768 if (ifa->ifa_valid_lft != INFINITY_LIFE_TIME && 769 age >= ifa->ifa_valid_lft) { 770 struct in_ifaddr __rcu **ifap; 771 struct in_ifaddr *tmp; 772 773 ifap = &ifa->ifa_dev->ifa_list; 774 tmp = rtnl_dereference(*ifap); 775 while (tmp) { 776 if (tmp == ifa) { 777 inet_del_ifa(ifa->ifa_dev, 778 ifap, 1); 779 break; 780 } 781 ifap = &tmp->ifa_next; 782 tmp = rtnl_dereference(*ifap); 783 } 784 } else if (ifa->ifa_preferred_lft != 785 INFINITY_LIFE_TIME && 786 age >= ifa->ifa_preferred_lft && 787 !(ifa->ifa_flags & IFA_F_DEPRECATED)) { 788 ifa->ifa_flags |= IFA_F_DEPRECATED; 789 rtmsg_ifa(RTM_NEWADDR, ifa, NULL, 0); 790 } 791 } 792 rtnl_unlock(); 793 } 794 795 next_sec = round_jiffies_up(next); 796 next_sched = next; 797 798 /* If rounded timeout is accurate enough, accept it. */ 799 if (time_before(next_sec, next + ADDRCONF_TIMER_FUZZ)) 800 next_sched = next_sec; 801 802 now = jiffies; 803 /* And minimum interval is ADDRCONF_TIMER_FUZZ_MAX. */ 804 if (time_before(next_sched, now + ADDRCONF_TIMER_FUZZ_MAX)) 805 next_sched = now + ADDRCONF_TIMER_FUZZ_MAX; 806 807 queue_delayed_work(system_power_efficient_wq, &check_lifetime_work, 808 next_sched - now); 809 } 810 811 static void set_ifa_lifetime(struct in_ifaddr *ifa, __u32 valid_lft, 812 __u32 prefered_lft) 813 { 814 unsigned long timeout; 815 u32 flags; 816 817 flags = ifa->ifa_flags & ~(IFA_F_PERMANENT | IFA_F_DEPRECATED); 818 819 timeout = addrconf_timeout_fixup(valid_lft, HZ); 820 if (addrconf_finite_timeout(timeout)) 821 WRITE_ONCE(ifa->ifa_valid_lft, timeout); 822 else 823 flags |= IFA_F_PERMANENT; 824 825 timeout = addrconf_timeout_fixup(prefered_lft, HZ); 826 if (addrconf_finite_timeout(timeout)) { 827 if (timeout == 0) 828 flags |= IFA_F_DEPRECATED; 829 WRITE_ONCE(ifa->ifa_preferred_lft, timeout); 830 } 831 WRITE_ONCE(ifa->ifa_flags, flags); 832 WRITE_ONCE(ifa->ifa_tstamp, jiffies); 833 if (!ifa->ifa_cstamp) 834 WRITE_ONCE(ifa->ifa_cstamp, ifa->ifa_tstamp); 835 } 836 837 static struct in_ifaddr *rtm_to_ifaddr(struct net *net, struct nlmsghdr *nlh, 838 __u32 *pvalid_lft, __u32 *pprefered_lft, 839 struct netlink_ext_ack *extack) 840 { 841 struct nlattr *tb[IFA_MAX+1]; 842 struct in_ifaddr *ifa; 843 struct ifaddrmsg *ifm; 844 struct net_device *dev; 845 struct in_device *in_dev; 846 int err; 847 848 err = nlmsg_parse_deprecated(nlh, sizeof(*ifm), tb, IFA_MAX, 849 ifa_ipv4_policy, extack); 850 if (err < 0) 851 goto errout; 852 853 ifm = nlmsg_data(nlh); 854 err = -EINVAL; 855 856 if (ifm->ifa_prefixlen > 32) { 857 NL_SET_ERR_MSG(extack, "ipv4: Invalid prefix length"); 858 goto errout; 859 } 860 861 if (!tb[IFA_LOCAL]) { 862 NL_SET_ERR_MSG(extack, "ipv4: Local address is not supplied"); 863 goto errout; 864 } 865 866 dev = __dev_get_by_index(net, ifm->ifa_index); 867 err = -ENODEV; 868 if (!dev) { 869 NL_SET_ERR_MSG(extack, "ipv4: Device not found"); 870 goto errout; 871 } 872 873 in_dev = __in_dev_get_rtnl(dev); 874 err = -ENOBUFS; 875 if (!in_dev) 876 goto errout; 877 878 ifa = inet_alloc_ifa(in_dev); 879 if (!ifa) 880 /* 881 * A potential indev allocation can be left alive, it stays 882 * assigned to its device and is destroy with it. 883 */ 884 goto errout; 885 886 ipv4_devconf_setall(in_dev); 887 neigh_parms_data_state_setall(in_dev->arp_parms); 888 889 if (!tb[IFA_ADDRESS]) 890 tb[IFA_ADDRESS] = tb[IFA_LOCAL]; 891 892 ifa->ifa_prefixlen = ifm->ifa_prefixlen; 893 ifa->ifa_mask = inet_make_mask(ifm->ifa_prefixlen); 894 ifa->ifa_flags = tb[IFA_FLAGS] ? nla_get_u32(tb[IFA_FLAGS]) : 895 ifm->ifa_flags; 896 ifa->ifa_scope = ifm->ifa_scope; 897 ifa->ifa_local = nla_get_in_addr(tb[IFA_LOCAL]); 898 ifa->ifa_address = nla_get_in_addr(tb[IFA_ADDRESS]); 899 900 if (tb[IFA_BROADCAST]) 901 ifa->ifa_broadcast = nla_get_in_addr(tb[IFA_BROADCAST]); 902 903 if (tb[IFA_LABEL]) 904 nla_strscpy(ifa->ifa_label, tb[IFA_LABEL], IFNAMSIZ); 905 else 906 memcpy(ifa->ifa_label, dev->name, IFNAMSIZ); 907 908 if (tb[IFA_RT_PRIORITY]) 909 ifa->ifa_rt_priority = nla_get_u32(tb[IFA_RT_PRIORITY]); 910 911 if (tb[IFA_PROTO]) 912 ifa->ifa_proto = nla_get_u8(tb[IFA_PROTO]); 913 914 if (tb[IFA_CACHEINFO]) { 915 struct ifa_cacheinfo *ci; 916 917 ci = nla_data(tb[IFA_CACHEINFO]); 918 if (!ci->ifa_valid || ci->ifa_prefered > ci->ifa_valid) { 919 NL_SET_ERR_MSG(extack, "ipv4: address lifetime invalid"); 920 err = -EINVAL; 921 goto errout_free; 922 } 923 *pvalid_lft = ci->ifa_valid; 924 *pprefered_lft = ci->ifa_prefered; 925 } 926 927 return ifa; 928 929 errout_free: 930 inet_free_ifa(ifa); 931 errout: 932 return ERR_PTR(err); 933 } 934 935 static struct in_ifaddr *find_matching_ifa(struct in_ifaddr *ifa) 936 { 937 struct in_device *in_dev = ifa->ifa_dev; 938 struct in_ifaddr *ifa1; 939 940 if (!ifa->ifa_local) 941 return NULL; 942 943 in_dev_for_each_ifa_rtnl(ifa1, in_dev) { 944 if (ifa1->ifa_mask == ifa->ifa_mask && 945 inet_ifa_match(ifa1->ifa_address, ifa) && 946 ifa1->ifa_local == ifa->ifa_local) 947 return ifa1; 948 } 949 return NULL; 950 } 951 952 static int inet_rtm_newaddr(struct sk_buff *skb, struct nlmsghdr *nlh, 953 struct netlink_ext_ack *extack) 954 { 955 struct net *net = sock_net(skb->sk); 956 struct in_ifaddr *ifa; 957 struct in_ifaddr *ifa_existing; 958 __u32 valid_lft = INFINITY_LIFE_TIME; 959 __u32 prefered_lft = INFINITY_LIFE_TIME; 960 961 ASSERT_RTNL(); 962 963 ifa = rtm_to_ifaddr(net, nlh, &valid_lft, &prefered_lft, extack); 964 if (IS_ERR(ifa)) 965 return PTR_ERR(ifa); 966 967 ifa_existing = find_matching_ifa(ifa); 968 if (!ifa_existing) { 969 /* It would be best to check for !NLM_F_CREATE here but 970 * userspace already relies on not having to provide this. 971 */ 972 set_ifa_lifetime(ifa, valid_lft, prefered_lft); 973 if (ifa->ifa_flags & IFA_F_MCAUTOJOIN) { 974 int ret = ip_mc_autojoin_config(net, true, ifa); 975 976 if (ret < 0) { 977 NL_SET_ERR_MSG(extack, "ipv4: Multicast auto join failed"); 978 inet_free_ifa(ifa); 979 return ret; 980 } 981 } 982 return __inet_insert_ifa(ifa, nlh, NETLINK_CB(skb).portid, 983 extack); 984 } else { 985 u32 new_metric = ifa->ifa_rt_priority; 986 u8 new_proto = ifa->ifa_proto; 987 988 inet_free_ifa(ifa); 989 990 if (nlh->nlmsg_flags & NLM_F_EXCL || 991 !(nlh->nlmsg_flags & NLM_F_REPLACE)) { 992 NL_SET_ERR_MSG(extack, "ipv4: Address already assigned"); 993 return -EEXIST; 994 } 995 ifa = ifa_existing; 996 997 if (ifa->ifa_rt_priority != new_metric) { 998 fib_modify_prefix_metric(ifa, new_metric); 999 ifa->ifa_rt_priority = new_metric; 1000 } 1001 1002 ifa->ifa_proto = new_proto; 1003 1004 set_ifa_lifetime(ifa, valid_lft, prefered_lft); 1005 cancel_delayed_work(&check_lifetime_work); 1006 queue_delayed_work(system_power_efficient_wq, 1007 &check_lifetime_work, 0); 1008 rtmsg_ifa(RTM_NEWADDR, ifa, nlh, NETLINK_CB(skb).portid); 1009 } 1010 return 0; 1011 } 1012 1013 /* 1014 * Determine a default network mask, based on the IP address. 1015 */ 1016 1017 static int inet_abc_len(__be32 addr) 1018 { 1019 int rc = -1; /* Something else, probably a multicast. */ 1020 1021 if (ipv4_is_zeronet(addr) || ipv4_is_lbcast(addr)) 1022 rc = 0; 1023 else { 1024 __u32 haddr = ntohl(addr); 1025 if (IN_CLASSA(haddr)) 1026 rc = 8; 1027 else if (IN_CLASSB(haddr)) 1028 rc = 16; 1029 else if (IN_CLASSC(haddr)) 1030 rc = 24; 1031 else if (IN_CLASSE(haddr)) 1032 rc = 32; 1033 } 1034 1035 return rc; 1036 } 1037 1038 1039 int devinet_ioctl(struct net *net, unsigned int cmd, struct ifreq *ifr) 1040 { 1041 struct sockaddr_in sin_orig; 1042 struct sockaddr_in *sin = (struct sockaddr_in *)&ifr->ifr_addr; 1043 struct in_ifaddr __rcu **ifap = NULL; 1044 struct in_device *in_dev; 1045 struct in_ifaddr *ifa = NULL; 1046 struct net_device *dev; 1047 char *colon; 1048 int ret = -EFAULT; 1049 int tryaddrmatch = 0; 1050 1051 ifr->ifr_name[IFNAMSIZ - 1] = 0; 1052 1053 /* save original address for comparison */ 1054 memcpy(&sin_orig, sin, sizeof(*sin)); 1055 1056 colon = strchr(ifr->ifr_name, ':'); 1057 if (colon) 1058 *colon = 0; 1059 1060 dev_load(net, ifr->ifr_name); 1061 1062 switch (cmd) { 1063 case SIOCGIFADDR: /* Get interface address */ 1064 case SIOCGIFBRDADDR: /* Get the broadcast address */ 1065 case SIOCGIFDSTADDR: /* Get the destination address */ 1066 case SIOCGIFNETMASK: /* Get the netmask for the interface */ 1067 /* Note that these ioctls will not sleep, 1068 so that we do not impose a lock. 1069 One day we will be forced to put shlock here (I mean SMP) 1070 */ 1071 tryaddrmatch = (sin_orig.sin_family == AF_INET); 1072 memset(sin, 0, sizeof(*sin)); 1073 sin->sin_family = AF_INET; 1074 break; 1075 1076 case SIOCSIFFLAGS: 1077 ret = -EPERM; 1078 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) 1079 goto out; 1080 break; 1081 case SIOCSIFADDR: /* Set interface address (and family) */ 1082 case SIOCSIFBRDADDR: /* Set the broadcast address */ 1083 case SIOCSIFDSTADDR: /* Set the destination address */ 1084 case SIOCSIFNETMASK: /* Set the netmask for the interface */ 1085 ret = -EPERM; 1086 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) 1087 goto out; 1088 ret = -EINVAL; 1089 if (sin->sin_family != AF_INET) 1090 goto out; 1091 break; 1092 default: 1093 ret = -EINVAL; 1094 goto out; 1095 } 1096 1097 rtnl_lock(); 1098 1099 ret = -ENODEV; 1100 dev = __dev_get_by_name(net, ifr->ifr_name); 1101 if (!dev) 1102 goto done; 1103 1104 if (colon) 1105 *colon = ':'; 1106 1107 in_dev = __in_dev_get_rtnl(dev); 1108 if (in_dev) { 1109 if (tryaddrmatch) { 1110 /* Matthias Andree */ 1111 /* compare label and address (4.4BSD style) */ 1112 /* note: we only do this for a limited set of ioctls 1113 and only if the original address family was AF_INET. 1114 This is checked above. */ 1115 1116 for (ifap = &in_dev->ifa_list; 1117 (ifa = rtnl_dereference(*ifap)) != NULL; 1118 ifap = &ifa->ifa_next) { 1119 if (!strcmp(ifr->ifr_name, ifa->ifa_label) && 1120 sin_orig.sin_addr.s_addr == 1121 ifa->ifa_local) { 1122 break; /* found */ 1123 } 1124 } 1125 } 1126 /* we didn't get a match, maybe the application is 1127 4.3BSD-style and passed in junk so we fall back to 1128 comparing just the label */ 1129 if (!ifa) { 1130 for (ifap = &in_dev->ifa_list; 1131 (ifa = rtnl_dereference(*ifap)) != NULL; 1132 ifap = &ifa->ifa_next) 1133 if (!strcmp(ifr->ifr_name, ifa->ifa_label)) 1134 break; 1135 } 1136 } 1137 1138 ret = -EADDRNOTAVAIL; 1139 if (!ifa && cmd != SIOCSIFADDR && cmd != SIOCSIFFLAGS) 1140 goto done; 1141 1142 switch (cmd) { 1143 case SIOCGIFADDR: /* Get interface address */ 1144 ret = 0; 1145 sin->sin_addr.s_addr = ifa->ifa_local; 1146 break; 1147 1148 case SIOCGIFBRDADDR: /* Get the broadcast address */ 1149 ret = 0; 1150 sin->sin_addr.s_addr = ifa->ifa_broadcast; 1151 break; 1152 1153 case SIOCGIFDSTADDR: /* Get the destination address */ 1154 ret = 0; 1155 sin->sin_addr.s_addr = ifa->ifa_address; 1156 break; 1157 1158 case SIOCGIFNETMASK: /* Get the netmask for the interface */ 1159 ret = 0; 1160 sin->sin_addr.s_addr = ifa->ifa_mask; 1161 break; 1162 1163 case SIOCSIFFLAGS: 1164 if (colon) { 1165 ret = -EADDRNOTAVAIL; 1166 if (!ifa) 1167 break; 1168 ret = 0; 1169 if (!(ifr->ifr_flags & IFF_UP)) 1170 inet_del_ifa(in_dev, ifap, 1); 1171 break; 1172 } 1173 ret = dev_change_flags(dev, ifr->ifr_flags, NULL); 1174 break; 1175 1176 case SIOCSIFADDR: /* Set interface address (and family) */ 1177 ret = -EINVAL; 1178 if (inet_abc_len(sin->sin_addr.s_addr) < 0) 1179 break; 1180 1181 if (!ifa) { 1182 ret = -ENOBUFS; 1183 if (!in_dev) 1184 break; 1185 ifa = inet_alloc_ifa(in_dev); 1186 if (!ifa) 1187 break; 1188 1189 if (colon) 1190 memcpy(ifa->ifa_label, ifr->ifr_name, IFNAMSIZ); 1191 else 1192 memcpy(ifa->ifa_label, dev->name, IFNAMSIZ); 1193 } else { 1194 ret = 0; 1195 if (ifa->ifa_local == sin->sin_addr.s_addr) 1196 break; 1197 inet_del_ifa(in_dev, ifap, 0); 1198 ifa->ifa_broadcast = 0; 1199 ifa->ifa_scope = 0; 1200 } 1201 1202 ifa->ifa_address = ifa->ifa_local = sin->sin_addr.s_addr; 1203 1204 if (!(dev->flags & IFF_POINTOPOINT)) { 1205 ifa->ifa_prefixlen = inet_abc_len(ifa->ifa_address); 1206 ifa->ifa_mask = inet_make_mask(ifa->ifa_prefixlen); 1207 if ((dev->flags & IFF_BROADCAST) && 1208 ifa->ifa_prefixlen < 31) 1209 ifa->ifa_broadcast = ifa->ifa_address | 1210 ~ifa->ifa_mask; 1211 } else { 1212 ifa->ifa_prefixlen = 32; 1213 ifa->ifa_mask = inet_make_mask(32); 1214 } 1215 set_ifa_lifetime(ifa, INFINITY_LIFE_TIME, INFINITY_LIFE_TIME); 1216 ret = inet_set_ifa(dev, ifa); 1217 break; 1218 1219 case SIOCSIFBRDADDR: /* Set the broadcast address */ 1220 ret = 0; 1221 if (ifa->ifa_broadcast != sin->sin_addr.s_addr) { 1222 inet_del_ifa(in_dev, ifap, 0); 1223 ifa->ifa_broadcast = sin->sin_addr.s_addr; 1224 inet_insert_ifa(ifa); 1225 } 1226 break; 1227 1228 case SIOCSIFDSTADDR: /* Set the destination address */ 1229 ret = 0; 1230 if (ifa->ifa_address == sin->sin_addr.s_addr) 1231 break; 1232 ret = -EINVAL; 1233 if (inet_abc_len(sin->sin_addr.s_addr) < 0) 1234 break; 1235 ret = 0; 1236 inet_del_ifa(in_dev, ifap, 0); 1237 ifa->ifa_address = sin->sin_addr.s_addr; 1238 inet_insert_ifa(ifa); 1239 break; 1240 1241 case SIOCSIFNETMASK: /* Set the netmask for the interface */ 1242 1243 /* 1244 * The mask we set must be legal. 1245 */ 1246 ret = -EINVAL; 1247 if (bad_mask(sin->sin_addr.s_addr, 0)) 1248 break; 1249 ret = 0; 1250 if (ifa->ifa_mask != sin->sin_addr.s_addr) { 1251 __be32 old_mask = ifa->ifa_mask; 1252 inet_del_ifa(in_dev, ifap, 0); 1253 ifa->ifa_mask = sin->sin_addr.s_addr; 1254 ifa->ifa_prefixlen = inet_mask_len(ifa->ifa_mask); 1255 1256 /* See if current broadcast address matches 1257 * with current netmask, then recalculate 1258 * the broadcast address. Otherwise it's a 1259 * funny address, so don't touch it since 1260 * the user seems to know what (s)he's doing... 1261 */ 1262 if ((dev->flags & IFF_BROADCAST) && 1263 (ifa->ifa_prefixlen < 31) && 1264 (ifa->ifa_broadcast == 1265 (ifa->ifa_local|~old_mask))) { 1266 ifa->ifa_broadcast = (ifa->ifa_local | 1267 ~sin->sin_addr.s_addr); 1268 } 1269 inet_insert_ifa(ifa); 1270 } 1271 break; 1272 } 1273 done: 1274 rtnl_unlock(); 1275 out: 1276 return ret; 1277 } 1278 1279 int inet_gifconf(struct net_device *dev, char __user *buf, int len, int size) 1280 { 1281 struct in_device *in_dev = __in_dev_get_rtnl(dev); 1282 const struct in_ifaddr *ifa; 1283 struct ifreq ifr; 1284 int done = 0; 1285 1286 if (WARN_ON(size > sizeof(struct ifreq))) 1287 goto out; 1288 1289 if (!in_dev) 1290 goto out; 1291 1292 in_dev_for_each_ifa_rtnl(ifa, in_dev) { 1293 if (!buf) { 1294 done += size; 1295 continue; 1296 } 1297 if (len < size) 1298 break; 1299 memset(&ifr, 0, sizeof(struct ifreq)); 1300 strcpy(ifr.ifr_name, ifa->ifa_label); 1301 1302 (*(struct sockaddr_in *)&ifr.ifr_addr).sin_family = AF_INET; 1303 (*(struct sockaddr_in *)&ifr.ifr_addr).sin_addr.s_addr = 1304 ifa->ifa_local; 1305 1306 if (copy_to_user(buf + done, &ifr, size)) { 1307 done = -EFAULT; 1308 break; 1309 } 1310 len -= size; 1311 done += size; 1312 } 1313 out: 1314 return done; 1315 } 1316 1317 static __be32 in_dev_select_addr(const struct in_device *in_dev, 1318 int scope) 1319 { 1320 const struct in_ifaddr *ifa; 1321 1322 in_dev_for_each_ifa_rcu(ifa, in_dev) { 1323 if (READ_ONCE(ifa->ifa_flags) & IFA_F_SECONDARY) 1324 continue; 1325 if (ifa->ifa_scope != RT_SCOPE_LINK && 1326 ifa->ifa_scope <= scope) 1327 return ifa->ifa_local; 1328 } 1329 1330 return 0; 1331 } 1332 1333 __be32 inet_select_addr(const struct net_device *dev, __be32 dst, int scope) 1334 { 1335 const struct in_ifaddr *ifa; 1336 __be32 addr = 0; 1337 unsigned char localnet_scope = RT_SCOPE_HOST; 1338 struct in_device *in_dev; 1339 struct net *net = dev_net(dev); 1340 int master_idx; 1341 1342 rcu_read_lock(); 1343 in_dev = __in_dev_get_rcu(dev); 1344 if (!in_dev) 1345 goto no_in_dev; 1346 1347 if (unlikely(IN_DEV_ROUTE_LOCALNET(in_dev))) 1348 localnet_scope = RT_SCOPE_LINK; 1349 1350 in_dev_for_each_ifa_rcu(ifa, in_dev) { 1351 if (READ_ONCE(ifa->ifa_flags) & IFA_F_SECONDARY) 1352 continue; 1353 if (min(ifa->ifa_scope, localnet_scope) > scope) 1354 continue; 1355 if (!dst || inet_ifa_match(dst, ifa)) { 1356 addr = ifa->ifa_local; 1357 break; 1358 } 1359 if (!addr) 1360 addr = ifa->ifa_local; 1361 } 1362 1363 if (addr) 1364 goto out_unlock; 1365 no_in_dev: 1366 master_idx = l3mdev_master_ifindex_rcu(dev); 1367 1368 /* For VRFs, the VRF device takes the place of the loopback device, 1369 * with addresses on it being preferred. Note in such cases the 1370 * loopback device will be among the devices that fail the master_idx 1371 * equality check in the loop below. 1372 */ 1373 if (master_idx && 1374 (dev = dev_get_by_index_rcu(net, master_idx)) && 1375 (in_dev = __in_dev_get_rcu(dev))) { 1376 addr = in_dev_select_addr(in_dev, scope); 1377 if (addr) 1378 goto out_unlock; 1379 } 1380 1381 /* Not loopback addresses on loopback should be preferred 1382 in this case. It is important that lo is the first interface 1383 in dev_base list. 1384 */ 1385 for_each_netdev_rcu(net, dev) { 1386 if (l3mdev_master_ifindex_rcu(dev) != master_idx) 1387 continue; 1388 1389 in_dev = __in_dev_get_rcu(dev); 1390 if (!in_dev) 1391 continue; 1392 1393 addr = in_dev_select_addr(in_dev, scope); 1394 if (addr) 1395 goto out_unlock; 1396 } 1397 out_unlock: 1398 rcu_read_unlock(); 1399 return addr; 1400 } 1401 EXPORT_SYMBOL(inet_select_addr); 1402 1403 static __be32 confirm_addr_indev(struct in_device *in_dev, __be32 dst, 1404 __be32 local, int scope) 1405 { 1406 unsigned char localnet_scope = RT_SCOPE_HOST; 1407 const struct in_ifaddr *ifa; 1408 __be32 addr = 0; 1409 int same = 0; 1410 1411 if (unlikely(IN_DEV_ROUTE_LOCALNET(in_dev))) 1412 localnet_scope = RT_SCOPE_LINK; 1413 1414 in_dev_for_each_ifa_rcu(ifa, in_dev) { 1415 unsigned char min_scope = min(ifa->ifa_scope, localnet_scope); 1416 1417 if (!addr && 1418 (local == ifa->ifa_local || !local) && 1419 min_scope <= scope) { 1420 addr = ifa->ifa_local; 1421 if (same) 1422 break; 1423 } 1424 if (!same) { 1425 same = (!local || inet_ifa_match(local, ifa)) && 1426 (!dst || inet_ifa_match(dst, ifa)); 1427 if (same && addr) { 1428 if (local || !dst) 1429 break; 1430 /* Is the selected addr into dst subnet? */ 1431 if (inet_ifa_match(addr, ifa)) 1432 break; 1433 /* No, then can we use new local src? */ 1434 if (min_scope <= scope) { 1435 addr = ifa->ifa_local; 1436 break; 1437 } 1438 /* search for large dst subnet for addr */ 1439 same = 0; 1440 } 1441 } 1442 } 1443 1444 return same ? addr : 0; 1445 } 1446 1447 /* 1448 * Confirm that local IP address exists using wildcards: 1449 * - net: netns to check, cannot be NULL 1450 * - in_dev: only on this interface, NULL=any interface 1451 * - dst: only in the same subnet as dst, 0=any dst 1452 * - local: address, 0=autoselect the local address 1453 * - scope: maximum allowed scope value for the local address 1454 */ 1455 __be32 inet_confirm_addr(struct net *net, struct in_device *in_dev, 1456 __be32 dst, __be32 local, int scope) 1457 { 1458 __be32 addr = 0; 1459 struct net_device *dev; 1460 1461 if (in_dev) 1462 return confirm_addr_indev(in_dev, dst, local, scope); 1463 1464 rcu_read_lock(); 1465 for_each_netdev_rcu(net, dev) { 1466 in_dev = __in_dev_get_rcu(dev); 1467 if (in_dev) { 1468 addr = confirm_addr_indev(in_dev, dst, local, scope); 1469 if (addr) 1470 break; 1471 } 1472 } 1473 rcu_read_unlock(); 1474 1475 return addr; 1476 } 1477 EXPORT_SYMBOL(inet_confirm_addr); 1478 1479 /* 1480 * Device notifier 1481 */ 1482 1483 int register_inetaddr_notifier(struct notifier_block *nb) 1484 { 1485 return blocking_notifier_chain_register(&inetaddr_chain, nb); 1486 } 1487 EXPORT_SYMBOL(register_inetaddr_notifier); 1488 1489 int unregister_inetaddr_notifier(struct notifier_block *nb) 1490 { 1491 return blocking_notifier_chain_unregister(&inetaddr_chain, nb); 1492 } 1493 EXPORT_SYMBOL(unregister_inetaddr_notifier); 1494 1495 int register_inetaddr_validator_notifier(struct notifier_block *nb) 1496 { 1497 return blocking_notifier_chain_register(&inetaddr_validator_chain, nb); 1498 } 1499 EXPORT_SYMBOL(register_inetaddr_validator_notifier); 1500 1501 int unregister_inetaddr_validator_notifier(struct notifier_block *nb) 1502 { 1503 return blocking_notifier_chain_unregister(&inetaddr_validator_chain, 1504 nb); 1505 } 1506 EXPORT_SYMBOL(unregister_inetaddr_validator_notifier); 1507 1508 /* Rename ifa_labels for a device name change. Make some effort to preserve 1509 * existing alias numbering and to create unique labels if possible. 1510 */ 1511 static void inetdev_changename(struct net_device *dev, struct in_device *in_dev) 1512 { 1513 struct in_ifaddr *ifa; 1514 int named = 0; 1515 1516 in_dev_for_each_ifa_rtnl(ifa, in_dev) { 1517 char old[IFNAMSIZ], *dot; 1518 1519 memcpy(old, ifa->ifa_label, IFNAMSIZ); 1520 memcpy(ifa->ifa_label, dev->name, IFNAMSIZ); 1521 if (named++ == 0) 1522 goto skip; 1523 dot = strchr(old, ':'); 1524 if (!dot) { 1525 sprintf(old, ":%d", named); 1526 dot = old; 1527 } 1528 if (strlen(dot) + strlen(dev->name) < IFNAMSIZ) 1529 strcat(ifa->ifa_label, dot); 1530 else 1531 strcpy(ifa->ifa_label + (IFNAMSIZ - strlen(dot) - 1), dot); 1532 skip: 1533 rtmsg_ifa(RTM_NEWADDR, ifa, NULL, 0); 1534 } 1535 } 1536 1537 static void inetdev_send_gratuitous_arp(struct net_device *dev, 1538 struct in_device *in_dev) 1539 1540 { 1541 const struct in_ifaddr *ifa; 1542 1543 in_dev_for_each_ifa_rtnl(ifa, in_dev) { 1544 arp_send(ARPOP_REQUEST, ETH_P_ARP, 1545 ifa->ifa_local, dev, 1546 ifa->ifa_local, NULL, 1547 dev->dev_addr, NULL); 1548 } 1549 } 1550 1551 /* Called only under RTNL semaphore */ 1552 1553 static int inetdev_event(struct notifier_block *this, unsigned long event, 1554 void *ptr) 1555 { 1556 struct net_device *dev = netdev_notifier_info_to_dev(ptr); 1557 struct in_device *in_dev = __in_dev_get_rtnl(dev); 1558 1559 ASSERT_RTNL(); 1560 1561 if (!in_dev) { 1562 if (event == NETDEV_REGISTER) { 1563 in_dev = inetdev_init(dev); 1564 if (IS_ERR(in_dev)) 1565 return notifier_from_errno(PTR_ERR(in_dev)); 1566 if (dev->flags & IFF_LOOPBACK) { 1567 IN_DEV_CONF_SET(in_dev, NOXFRM, 1); 1568 IN_DEV_CONF_SET(in_dev, NOPOLICY, 1); 1569 } 1570 } else if (event == NETDEV_CHANGEMTU) { 1571 /* Re-enabling IP */ 1572 if (inetdev_valid_mtu(dev->mtu)) 1573 in_dev = inetdev_init(dev); 1574 } 1575 goto out; 1576 } 1577 1578 switch (event) { 1579 case NETDEV_REGISTER: 1580 pr_debug("%s: bug\n", __func__); 1581 RCU_INIT_POINTER(dev->ip_ptr, NULL); 1582 break; 1583 case NETDEV_UP: 1584 if (!inetdev_valid_mtu(dev->mtu)) 1585 break; 1586 if (dev->flags & IFF_LOOPBACK) { 1587 struct in_ifaddr *ifa = inet_alloc_ifa(in_dev); 1588 1589 if (ifa) { 1590 ifa->ifa_local = 1591 ifa->ifa_address = htonl(INADDR_LOOPBACK); 1592 ifa->ifa_prefixlen = 8; 1593 ifa->ifa_mask = inet_make_mask(8); 1594 ifa->ifa_scope = RT_SCOPE_HOST; 1595 memcpy(ifa->ifa_label, dev->name, IFNAMSIZ); 1596 set_ifa_lifetime(ifa, INFINITY_LIFE_TIME, 1597 INFINITY_LIFE_TIME); 1598 ipv4_devconf_setall(in_dev); 1599 neigh_parms_data_state_setall(in_dev->arp_parms); 1600 inet_insert_ifa(ifa); 1601 } 1602 } 1603 ip_mc_up(in_dev); 1604 fallthrough; 1605 case NETDEV_CHANGEADDR: 1606 if (!IN_DEV_ARP_NOTIFY(in_dev)) 1607 break; 1608 fallthrough; 1609 case NETDEV_NOTIFY_PEERS: 1610 /* Send gratuitous ARP to notify of link change */ 1611 inetdev_send_gratuitous_arp(dev, in_dev); 1612 break; 1613 case NETDEV_DOWN: 1614 ip_mc_down(in_dev); 1615 break; 1616 case NETDEV_PRE_TYPE_CHANGE: 1617 ip_mc_unmap(in_dev); 1618 break; 1619 case NETDEV_POST_TYPE_CHANGE: 1620 ip_mc_remap(in_dev); 1621 break; 1622 case NETDEV_CHANGEMTU: 1623 if (inetdev_valid_mtu(dev->mtu)) 1624 break; 1625 /* disable IP when MTU is not enough */ 1626 fallthrough; 1627 case NETDEV_UNREGISTER: 1628 inetdev_destroy(in_dev); 1629 break; 1630 case NETDEV_CHANGENAME: 1631 /* Do not notify about label change, this event is 1632 * not interesting to applications using netlink. 1633 */ 1634 inetdev_changename(dev, in_dev); 1635 1636 devinet_sysctl_unregister(in_dev); 1637 devinet_sysctl_register(in_dev); 1638 break; 1639 } 1640 out: 1641 return NOTIFY_DONE; 1642 } 1643 1644 static struct notifier_block ip_netdev_notifier = { 1645 .notifier_call = inetdev_event, 1646 }; 1647 1648 static size_t inet_nlmsg_size(void) 1649 { 1650 return NLMSG_ALIGN(sizeof(struct ifaddrmsg)) 1651 + nla_total_size(4) /* IFA_ADDRESS */ 1652 + nla_total_size(4) /* IFA_LOCAL */ 1653 + nla_total_size(4) /* IFA_BROADCAST */ 1654 + nla_total_size(IFNAMSIZ) /* IFA_LABEL */ 1655 + nla_total_size(4) /* IFA_FLAGS */ 1656 + nla_total_size(1) /* IFA_PROTO */ 1657 + nla_total_size(4) /* IFA_RT_PRIORITY */ 1658 + nla_total_size(sizeof(struct ifa_cacheinfo)); /* IFA_CACHEINFO */ 1659 } 1660 1661 static inline u32 cstamp_delta(unsigned long cstamp) 1662 { 1663 return (cstamp - INITIAL_JIFFIES) * 100UL / HZ; 1664 } 1665 1666 static int put_cacheinfo(struct sk_buff *skb, unsigned long cstamp, 1667 unsigned long tstamp, u32 preferred, u32 valid) 1668 { 1669 struct ifa_cacheinfo ci; 1670 1671 ci.cstamp = cstamp_delta(cstamp); 1672 ci.tstamp = cstamp_delta(tstamp); 1673 ci.ifa_prefered = preferred; 1674 ci.ifa_valid = valid; 1675 1676 return nla_put(skb, IFA_CACHEINFO, sizeof(ci), &ci); 1677 } 1678 1679 static int inet_fill_ifaddr(struct sk_buff *skb, const struct in_ifaddr *ifa, 1680 struct inet_fill_args *args) 1681 { 1682 struct ifaddrmsg *ifm; 1683 struct nlmsghdr *nlh; 1684 unsigned long tstamp; 1685 u32 preferred, valid; 1686 u32 flags; 1687 1688 nlh = nlmsg_put(skb, args->portid, args->seq, args->event, sizeof(*ifm), 1689 args->flags); 1690 if (!nlh) 1691 return -EMSGSIZE; 1692 1693 ifm = nlmsg_data(nlh); 1694 ifm->ifa_family = AF_INET; 1695 ifm->ifa_prefixlen = ifa->ifa_prefixlen; 1696 1697 flags = READ_ONCE(ifa->ifa_flags); 1698 /* Warning : ifm->ifa_flags is an __u8, it holds only 8 bits. 1699 * The 32bit value is given in IFA_FLAGS attribute. 1700 */ 1701 ifm->ifa_flags = (__u8)flags; 1702 1703 ifm->ifa_scope = ifa->ifa_scope; 1704 ifm->ifa_index = ifa->ifa_dev->dev->ifindex; 1705 1706 if (args->netnsid >= 0 && 1707 nla_put_s32(skb, IFA_TARGET_NETNSID, args->netnsid)) 1708 goto nla_put_failure; 1709 1710 tstamp = READ_ONCE(ifa->ifa_tstamp); 1711 if (!(flags & IFA_F_PERMANENT)) { 1712 preferred = READ_ONCE(ifa->ifa_preferred_lft); 1713 valid = READ_ONCE(ifa->ifa_valid_lft); 1714 if (preferred != INFINITY_LIFE_TIME) { 1715 long tval = (jiffies - tstamp) / HZ; 1716 1717 if (preferred > tval) 1718 preferred -= tval; 1719 else 1720 preferred = 0; 1721 if (valid != INFINITY_LIFE_TIME) { 1722 if (valid > tval) 1723 valid -= tval; 1724 else 1725 valid = 0; 1726 } 1727 } 1728 } else { 1729 preferred = INFINITY_LIFE_TIME; 1730 valid = INFINITY_LIFE_TIME; 1731 } 1732 if ((ifa->ifa_address && 1733 nla_put_in_addr(skb, IFA_ADDRESS, ifa->ifa_address)) || 1734 (ifa->ifa_local && 1735 nla_put_in_addr(skb, IFA_LOCAL, ifa->ifa_local)) || 1736 (ifa->ifa_broadcast && 1737 nla_put_in_addr(skb, IFA_BROADCAST, ifa->ifa_broadcast)) || 1738 (ifa->ifa_label[0] && 1739 nla_put_string(skb, IFA_LABEL, ifa->ifa_label)) || 1740 (ifa->ifa_proto && 1741 nla_put_u8(skb, IFA_PROTO, ifa->ifa_proto)) || 1742 nla_put_u32(skb, IFA_FLAGS, flags) || 1743 (ifa->ifa_rt_priority && 1744 nla_put_u32(skb, IFA_RT_PRIORITY, ifa->ifa_rt_priority)) || 1745 put_cacheinfo(skb, READ_ONCE(ifa->ifa_cstamp), tstamp, 1746 preferred, valid)) 1747 goto nla_put_failure; 1748 1749 nlmsg_end(skb, nlh); 1750 return 0; 1751 1752 nla_put_failure: 1753 nlmsg_cancel(skb, nlh); 1754 return -EMSGSIZE; 1755 } 1756 1757 static int inet_valid_dump_ifaddr_req(const struct nlmsghdr *nlh, 1758 struct inet_fill_args *fillargs, 1759 struct net **tgt_net, struct sock *sk, 1760 struct netlink_callback *cb) 1761 { 1762 struct netlink_ext_ack *extack = cb->extack; 1763 struct nlattr *tb[IFA_MAX+1]; 1764 struct ifaddrmsg *ifm; 1765 int err, i; 1766 1767 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ifm))) { 1768 NL_SET_ERR_MSG(extack, "ipv4: Invalid header for address dump request"); 1769 return -EINVAL; 1770 } 1771 1772 ifm = nlmsg_data(nlh); 1773 if (ifm->ifa_prefixlen || ifm->ifa_flags || ifm->ifa_scope) { 1774 NL_SET_ERR_MSG(extack, "ipv4: Invalid values in header for address dump request"); 1775 return -EINVAL; 1776 } 1777 1778 fillargs->ifindex = ifm->ifa_index; 1779 if (fillargs->ifindex) { 1780 cb->answer_flags |= NLM_F_DUMP_FILTERED; 1781 fillargs->flags |= NLM_F_DUMP_FILTERED; 1782 } 1783 1784 err = nlmsg_parse_deprecated_strict(nlh, sizeof(*ifm), tb, IFA_MAX, 1785 ifa_ipv4_policy, extack); 1786 if (err < 0) 1787 return err; 1788 1789 for (i = 0; i <= IFA_MAX; ++i) { 1790 if (!tb[i]) 1791 continue; 1792 1793 if (i == IFA_TARGET_NETNSID) { 1794 struct net *net; 1795 1796 fillargs->netnsid = nla_get_s32(tb[i]); 1797 1798 net = rtnl_get_net_ns_capable(sk, fillargs->netnsid); 1799 if (IS_ERR(net)) { 1800 fillargs->netnsid = -1; 1801 NL_SET_ERR_MSG(extack, "ipv4: Invalid target network namespace id"); 1802 return PTR_ERR(net); 1803 } 1804 *tgt_net = net; 1805 } else { 1806 NL_SET_ERR_MSG(extack, "ipv4: Unsupported attribute in dump request"); 1807 return -EINVAL; 1808 } 1809 } 1810 1811 return 0; 1812 } 1813 1814 static int in_dev_dump_addr(struct in_device *in_dev, struct sk_buff *skb, 1815 struct netlink_callback *cb, int *s_ip_idx, 1816 struct inet_fill_args *fillargs) 1817 { 1818 struct in_ifaddr *ifa; 1819 int ip_idx = 0; 1820 int err; 1821 1822 in_dev_for_each_ifa_rcu(ifa, in_dev) { 1823 if (ip_idx < *s_ip_idx) { 1824 ip_idx++; 1825 continue; 1826 } 1827 err = inet_fill_ifaddr(skb, ifa, fillargs); 1828 if (err < 0) 1829 goto done; 1830 1831 nl_dump_check_consistent(cb, nlmsg_hdr(skb)); 1832 ip_idx++; 1833 } 1834 err = 0; 1835 ip_idx = 0; 1836 done: 1837 *s_ip_idx = ip_idx; 1838 1839 return err; 1840 } 1841 1842 /* Combine dev_addr_genid and dev_base_seq to detect changes. 1843 */ 1844 static u32 inet_base_seq(const struct net *net) 1845 { 1846 u32 res = atomic_read(&net->ipv4.dev_addr_genid) + 1847 READ_ONCE(net->dev_base_seq); 1848 1849 /* Must not return 0 (see nl_dump_check_consistent()). 1850 * Chose a value far away from 0. 1851 */ 1852 if (!res) 1853 res = 0x80000000; 1854 return res; 1855 } 1856 1857 static int inet_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb) 1858 { 1859 const struct nlmsghdr *nlh = cb->nlh; 1860 struct inet_fill_args fillargs = { 1861 .portid = NETLINK_CB(cb->skb).portid, 1862 .seq = nlh->nlmsg_seq, 1863 .event = RTM_NEWADDR, 1864 .flags = NLM_F_MULTI, 1865 .netnsid = -1, 1866 }; 1867 struct net *net = sock_net(skb->sk); 1868 struct net *tgt_net = net; 1869 struct { 1870 unsigned long ifindex; 1871 int ip_idx; 1872 } *ctx = (void *)cb->ctx; 1873 struct in_device *in_dev; 1874 struct net_device *dev; 1875 int err = 0; 1876 1877 rcu_read_lock(); 1878 if (cb->strict_check) { 1879 err = inet_valid_dump_ifaddr_req(nlh, &fillargs, &tgt_net, 1880 skb->sk, cb); 1881 if (err < 0) 1882 goto done; 1883 1884 if (fillargs.ifindex) { 1885 dev = dev_get_by_index_rcu(tgt_net, fillargs.ifindex); 1886 if (!dev) { 1887 err = -ENODEV; 1888 goto done; 1889 } 1890 in_dev = __in_dev_get_rcu(dev); 1891 if (!in_dev) 1892 goto done; 1893 err = in_dev_dump_addr(in_dev, skb, cb, &ctx->ip_idx, 1894 &fillargs); 1895 goto done; 1896 } 1897 } 1898 1899 cb->seq = inet_base_seq(tgt_net); 1900 1901 for_each_netdev_dump(tgt_net, dev, ctx->ifindex) { 1902 in_dev = __in_dev_get_rcu(dev); 1903 if (!in_dev) 1904 continue; 1905 err = in_dev_dump_addr(in_dev, skb, cb, &ctx->ip_idx, 1906 &fillargs); 1907 if (err < 0) 1908 goto done; 1909 } 1910 done: 1911 if (fillargs.netnsid >= 0) 1912 put_net(tgt_net); 1913 rcu_read_unlock(); 1914 return err; 1915 } 1916 1917 static void rtmsg_ifa(int event, struct in_ifaddr *ifa, struct nlmsghdr *nlh, 1918 u32 portid) 1919 { 1920 struct inet_fill_args fillargs = { 1921 .portid = portid, 1922 .seq = nlh ? nlh->nlmsg_seq : 0, 1923 .event = event, 1924 .flags = 0, 1925 .netnsid = -1, 1926 }; 1927 struct sk_buff *skb; 1928 int err = -ENOBUFS; 1929 struct net *net; 1930 1931 net = dev_net(ifa->ifa_dev->dev); 1932 skb = nlmsg_new(inet_nlmsg_size(), GFP_KERNEL); 1933 if (!skb) 1934 goto errout; 1935 1936 err = inet_fill_ifaddr(skb, ifa, &fillargs); 1937 if (err < 0) { 1938 /* -EMSGSIZE implies BUG in inet_nlmsg_size() */ 1939 WARN_ON(err == -EMSGSIZE); 1940 kfree_skb(skb); 1941 goto errout; 1942 } 1943 rtnl_notify(skb, net, portid, RTNLGRP_IPV4_IFADDR, nlh, GFP_KERNEL); 1944 return; 1945 errout: 1946 if (err < 0) 1947 rtnl_set_sk_err(net, RTNLGRP_IPV4_IFADDR, err); 1948 } 1949 1950 static size_t inet_get_link_af_size(const struct net_device *dev, 1951 u32 ext_filter_mask) 1952 { 1953 struct in_device *in_dev = rcu_dereference_rtnl(dev->ip_ptr); 1954 1955 if (!in_dev) 1956 return 0; 1957 1958 return nla_total_size(IPV4_DEVCONF_MAX * 4); /* IFLA_INET_CONF */ 1959 } 1960 1961 static int inet_fill_link_af(struct sk_buff *skb, const struct net_device *dev, 1962 u32 ext_filter_mask) 1963 { 1964 struct in_device *in_dev = rcu_dereference_rtnl(dev->ip_ptr); 1965 struct nlattr *nla; 1966 int i; 1967 1968 if (!in_dev) 1969 return -ENODATA; 1970 1971 nla = nla_reserve(skb, IFLA_INET_CONF, IPV4_DEVCONF_MAX * 4); 1972 if (!nla) 1973 return -EMSGSIZE; 1974 1975 for (i = 0; i < IPV4_DEVCONF_MAX; i++) 1976 ((u32 *) nla_data(nla))[i] = READ_ONCE(in_dev->cnf.data[i]); 1977 1978 return 0; 1979 } 1980 1981 static const struct nla_policy inet_af_policy[IFLA_INET_MAX+1] = { 1982 [IFLA_INET_CONF] = { .type = NLA_NESTED }, 1983 }; 1984 1985 static int inet_validate_link_af(const struct net_device *dev, 1986 const struct nlattr *nla, 1987 struct netlink_ext_ack *extack) 1988 { 1989 struct nlattr *a, *tb[IFLA_INET_MAX+1]; 1990 int err, rem; 1991 1992 if (dev && !__in_dev_get_rtnl(dev)) 1993 return -EAFNOSUPPORT; 1994 1995 err = nla_parse_nested_deprecated(tb, IFLA_INET_MAX, nla, 1996 inet_af_policy, extack); 1997 if (err < 0) 1998 return err; 1999 2000 if (tb[IFLA_INET_CONF]) { 2001 nla_for_each_nested(a, tb[IFLA_INET_CONF], rem) { 2002 int cfgid = nla_type(a); 2003 2004 if (nla_len(a) < 4) 2005 return -EINVAL; 2006 2007 if (cfgid <= 0 || cfgid > IPV4_DEVCONF_MAX) 2008 return -EINVAL; 2009 } 2010 } 2011 2012 return 0; 2013 } 2014 2015 static int inet_set_link_af(struct net_device *dev, const struct nlattr *nla, 2016 struct netlink_ext_ack *extack) 2017 { 2018 struct in_device *in_dev = __in_dev_get_rtnl(dev); 2019 struct nlattr *a, *tb[IFLA_INET_MAX+1]; 2020 int rem; 2021 2022 if (!in_dev) 2023 return -EAFNOSUPPORT; 2024 2025 if (nla_parse_nested_deprecated(tb, IFLA_INET_MAX, nla, NULL, NULL) < 0) 2026 return -EINVAL; 2027 2028 if (tb[IFLA_INET_CONF]) { 2029 nla_for_each_nested(a, tb[IFLA_INET_CONF], rem) 2030 ipv4_devconf_set(in_dev, nla_type(a), nla_get_u32(a)); 2031 } 2032 2033 return 0; 2034 } 2035 2036 static int inet_netconf_msgsize_devconf(int type) 2037 { 2038 int size = NLMSG_ALIGN(sizeof(struct netconfmsg)) 2039 + nla_total_size(4); /* NETCONFA_IFINDEX */ 2040 bool all = false; 2041 2042 if (type == NETCONFA_ALL) 2043 all = true; 2044 2045 if (all || type == NETCONFA_FORWARDING) 2046 size += nla_total_size(4); 2047 if (all || type == NETCONFA_RP_FILTER) 2048 size += nla_total_size(4); 2049 if (all || type == NETCONFA_MC_FORWARDING) 2050 size += nla_total_size(4); 2051 if (all || type == NETCONFA_BC_FORWARDING) 2052 size += nla_total_size(4); 2053 if (all || type == NETCONFA_PROXY_NEIGH) 2054 size += nla_total_size(4); 2055 if (all || type == NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN) 2056 size += nla_total_size(4); 2057 2058 return size; 2059 } 2060 2061 static int inet_netconf_fill_devconf(struct sk_buff *skb, int ifindex, 2062 const struct ipv4_devconf *devconf, 2063 u32 portid, u32 seq, int event, 2064 unsigned int flags, int type) 2065 { 2066 struct nlmsghdr *nlh; 2067 struct netconfmsg *ncm; 2068 bool all = false; 2069 2070 nlh = nlmsg_put(skb, portid, seq, event, sizeof(struct netconfmsg), 2071 flags); 2072 if (!nlh) 2073 return -EMSGSIZE; 2074 2075 if (type == NETCONFA_ALL) 2076 all = true; 2077 2078 ncm = nlmsg_data(nlh); 2079 ncm->ncm_family = AF_INET; 2080 2081 if (nla_put_s32(skb, NETCONFA_IFINDEX, ifindex) < 0) 2082 goto nla_put_failure; 2083 2084 if (!devconf) 2085 goto out; 2086 2087 if ((all || type == NETCONFA_FORWARDING) && 2088 nla_put_s32(skb, NETCONFA_FORWARDING, 2089 IPV4_DEVCONF_RO(*devconf, FORWARDING)) < 0) 2090 goto nla_put_failure; 2091 if ((all || type == NETCONFA_RP_FILTER) && 2092 nla_put_s32(skb, NETCONFA_RP_FILTER, 2093 IPV4_DEVCONF_RO(*devconf, RP_FILTER)) < 0) 2094 goto nla_put_failure; 2095 if ((all || type == NETCONFA_MC_FORWARDING) && 2096 nla_put_s32(skb, NETCONFA_MC_FORWARDING, 2097 IPV4_DEVCONF_RO(*devconf, MC_FORWARDING)) < 0) 2098 goto nla_put_failure; 2099 if ((all || type == NETCONFA_BC_FORWARDING) && 2100 nla_put_s32(skb, NETCONFA_BC_FORWARDING, 2101 IPV4_DEVCONF_RO(*devconf, BC_FORWARDING)) < 0) 2102 goto nla_put_failure; 2103 if ((all || type == NETCONFA_PROXY_NEIGH) && 2104 nla_put_s32(skb, NETCONFA_PROXY_NEIGH, 2105 IPV4_DEVCONF_RO(*devconf, PROXY_ARP)) < 0) 2106 goto nla_put_failure; 2107 if ((all || type == NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN) && 2108 nla_put_s32(skb, NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN, 2109 IPV4_DEVCONF_RO(*devconf, 2110 IGNORE_ROUTES_WITH_LINKDOWN)) < 0) 2111 goto nla_put_failure; 2112 2113 out: 2114 nlmsg_end(skb, nlh); 2115 return 0; 2116 2117 nla_put_failure: 2118 nlmsg_cancel(skb, nlh); 2119 return -EMSGSIZE; 2120 } 2121 2122 void inet_netconf_notify_devconf(struct net *net, int event, int type, 2123 int ifindex, struct ipv4_devconf *devconf) 2124 { 2125 struct sk_buff *skb; 2126 int err = -ENOBUFS; 2127 2128 skb = nlmsg_new(inet_netconf_msgsize_devconf(type), GFP_KERNEL); 2129 if (!skb) 2130 goto errout; 2131 2132 err = inet_netconf_fill_devconf(skb, ifindex, devconf, 0, 0, 2133 event, 0, type); 2134 if (err < 0) { 2135 /* -EMSGSIZE implies BUG in inet_netconf_msgsize_devconf() */ 2136 WARN_ON(err == -EMSGSIZE); 2137 kfree_skb(skb); 2138 goto errout; 2139 } 2140 rtnl_notify(skb, net, 0, RTNLGRP_IPV4_NETCONF, NULL, GFP_KERNEL); 2141 return; 2142 errout: 2143 if (err < 0) 2144 rtnl_set_sk_err(net, RTNLGRP_IPV4_NETCONF, err); 2145 } 2146 2147 static const struct nla_policy devconf_ipv4_policy[NETCONFA_MAX+1] = { 2148 [NETCONFA_IFINDEX] = { .len = sizeof(int) }, 2149 [NETCONFA_FORWARDING] = { .len = sizeof(int) }, 2150 [NETCONFA_RP_FILTER] = { .len = sizeof(int) }, 2151 [NETCONFA_PROXY_NEIGH] = { .len = sizeof(int) }, 2152 [NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN] = { .len = sizeof(int) }, 2153 }; 2154 2155 static int inet_netconf_valid_get_req(struct sk_buff *skb, 2156 const struct nlmsghdr *nlh, 2157 struct nlattr **tb, 2158 struct netlink_ext_ack *extack) 2159 { 2160 int i, err; 2161 2162 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(struct netconfmsg))) { 2163 NL_SET_ERR_MSG(extack, "ipv4: Invalid header for netconf get request"); 2164 return -EINVAL; 2165 } 2166 2167 if (!netlink_strict_get_check(skb)) 2168 return nlmsg_parse_deprecated(nlh, sizeof(struct netconfmsg), 2169 tb, NETCONFA_MAX, 2170 devconf_ipv4_policy, extack); 2171 2172 err = nlmsg_parse_deprecated_strict(nlh, sizeof(struct netconfmsg), 2173 tb, NETCONFA_MAX, 2174 devconf_ipv4_policy, extack); 2175 if (err) 2176 return err; 2177 2178 for (i = 0; i <= NETCONFA_MAX; i++) { 2179 if (!tb[i]) 2180 continue; 2181 2182 switch (i) { 2183 case NETCONFA_IFINDEX: 2184 break; 2185 default: 2186 NL_SET_ERR_MSG(extack, "ipv4: Unsupported attribute in netconf get request"); 2187 return -EINVAL; 2188 } 2189 } 2190 2191 return 0; 2192 } 2193 2194 static int inet_netconf_get_devconf(struct sk_buff *in_skb, 2195 struct nlmsghdr *nlh, 2196 struct netlink_ext_ack *extack) 2197 { 2198 struct net *net = sock_net(in_skb->sk); 2199 struct nlattr *tb[NETCONFA_MAX + 1]; 2200 const struct ipv4_devconf *devconf; 2201 struct in_device *in_dev = NULL; 2202 struct net_device *dev = NULL; 2203 struct sk_buff *skb; 2204 int ifindex; 2205 int err; 2206 2207 err = inet_netconf_valid_get_req(in_skb, nlh, tb, extack); 2208 if (err) 2209 return err; 2210 2211 if (!tb[NETCONFA_IFINDEX]) 2212 return -EINVAL; 2213 2214 ifindex = nla_get_s32(tb[NETCONFA_IFINDEX]); 2215 switch (ifindex) { 2216 case NETCONFA_IFINDEX_ALL: 2217 devconf = net->ipv4.devconf_all; 2218 break; 2219 case NETCONFA_IFINDEX_DEFAULT: 2220 devconf = net->ipv4.devconf_dflt; 2221 break; 2222 default: 2223 err = -ENODEV; 2224 dev = dev_get_by_index(net, ifindex); 2225 if (dev) 2226 in_dev = in_dev_get(dev); 2227 if (!in_dev) 2228 goto errout; 2229 devconf = &in_dev->cnf; 2230 break; 2231 } 2232 2233 err = -ENOBUFS; 2234 skb = nlmsg_new(inet_netconf_msgsize_devconf(NETCONFA_ALL), GFP_KERNEL); 2235 if (!skb) 2236 goto errout; 2237 2238 err = inet_netconf_fill_devconf(skb, ifindex, devconf, 2239 NETLINK_CB(in_skb).portid, 2240 nlh->nlmsg_seq, RTM_NEWNETCONF, 0, 2241 NETCONFA_ALL); 2242 if (err < 0) { 2243 /* -EMSGSIZE implies BUG in inet_netconf_msgsize_devconf() */ 2244 WARN_ON(err == -EMSGSIZE); 2245 kfree_skb(skb); 2246 goto errout; 2247 } 2248 err = rtnl_unicast(skb, net, NETLINK_CB(in_skb).portid); 2249 errout: 2250 if (in_dev) 2251 in_dev_put(in_dev); 2252 dev_put(dev); 2253 return err; 2254 } 2255 2256 static int inet_netconf_dump_devconf(struct sk_buff *skb, 2257 struct netlink_callback *cb) 2258 { 2259 const struct nlmsghdr *nlh = cb->nlh; 2260 struct net *net = sock_net(skb->sk); 2261 struct { 2262 unsigned long ifindex; 2263 unsigned int all_default; 2264 } *ctx = (void *)cb->ctx; 2265 const struct in_device *in_dev; 2266 struct net_device *dev; 2267 int err = 0; 2268 2269 if (cb->strict_check) { 2270 struct netlink_ext_ack *extack = cb->extack; 2271 struct netconfmsg *ncm; 2272 2273 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ncm))) { 2274 NL_SET_ERR_MSG(extack, "ipv4: Invalid header for netconf dump request"); 2275 return -EINVAL; 2276 } 2277 2278 if (nlmsg_attrlen(nlh, sizeof(*ncm))) { 2279 NL_SET_ERR_MSG(extack, "ipv4: Invalid data after header in netconf dump request"); 2280 return -EINVAL; 2281 } 2282 } 2283 2284 rcu_read_lock(); 2285 for_each_netdev_dump(net, dev, ctx->ifindex) { 2286 in_dev = __in_dev_get_rcu(dev); 2287 if (!in_dev) 2288 continue; 2289 err = inet_netconf_fill_devconf(skb, dev->ifindex, 2290 &in_dev->cnf, 2291 NETLINK_CB(cb->skb).portid, 2292 nlh->nlmsg_seq, 2293 RTM_NEWNETCONF, NLM_F_MULTI, 2294 NETCONFA_ALL); 2295 if (err < 0) 2296 goto done; 2297 } 2298 if (ctx->all_default == 0) { 2299 err = inet_netconf_fill_devconf(skb, NETCONFA_IFINDEX_ALL, 2300 net->ipv4.devconf_all, 2301 NETLINK_CB(cb->skb).portid, 2302 nlh->nlmsg_seq, 2303 RTM_NEWNETCONF, NLM_F_MULTI, 2304 NETCONFA_ALL); 2305 if (err < 0) 2306 goto done; 2307 ctx->all_default++; 2308 } 2309 if (ctx->all_default == 1) { 2310 err = inet_netconf_fill_devconf(skb, NETCONFA_IFINDEX_DEFAULT, 2311 net->ipv4.devconf_dflt, 2312 NETLINK_CB(cb->skb).portid, 2313 nlh->nlmsg_seq, 2314 RTM_NEWNETCONF, NLM_F_MULTI, 2315 NETCONFA_ALL); 2316 if (err < 0) 2317 goto done; 2318 ctx->all_default++; 2319 } 2320 done: 2321 rcu_read_unlock(); 2322 return err; 2323 } 2324 2325 #ifdef CONFIG_SYSCTL 2326 2327 static void devinet_copy_dflt_conf(struct net *net, int i) 2328 { 2329 struct net_device *dev; 2330 2331 rcu_read_lock(); 2332 for_each_netdev_rcu(net, dev) { 2333 struct in_device *in_dev; 2334 2335 in_dev = __in_dev_get_rcu(dev); 2336 if (in_dev && !test_bit(i, in_dev->cnf.state)) 2337 in_dev->cnf.data[i] = net->ipv4.devconf_dflt->data[i]; 2338 } 2339 rcu_read_unlock(); 2340 } 2341 2342 /* called with RTNL locked */ 2343 static void inet_forward_change(struct net *net) 2344 { 2345 struct net_device *dev; 2346 int on = IPV4_DEVCONF_ALL(net, FORWARDING); 2347 2348 IPV4_DEVCONF_ALL(net, ACCEPT_REDIRECTS) = !on; 2349 IPV4_DEVCONF_DFLT(net, FORWARDING) = on; 2350 inet_netconf_notify_devconf(net, RTM_NEWNETCONF, 2351 NETCONFA_FORWARDING, 2352 NETCONFA_IFINDEX_ALL, 2353 net->ipv4.devconf_all); 2354 inet_netconf_notify_devconf(net, RTM_NEWNETCONF, 2355 NETCONFA_FORWARDING, 2356 NETCONFA_IFINDEX_DEFAULT, 2357 net->ipv4.devconf_dflt); 2358 2359 for_each_netdev(net, dev) { 2360 struct in_device *in_dev; 2361 2362 if (on) 2363 dev_disable_lro(dev); 2364 2365 in_dev = __in_dev_get_rtnl(dev); 2366 if (in_dev) { 2367 IN_DEV_CONF_SET(in_dev, FORWARDING, on); 2368 inet_netconf_notify_devconf(net, RTM_NEWNETCONF, 2369 NETCONFA_FORWARDING, 2370 dev->ifindex, &in_dev->cnf); 2371 } 2372 } 2373 } 2374 2375 static int devinet_conf_ifindex(struct net *net, struct ipv4_devconf *cnf) 2376 { 2377 if (cnf == net->ipv4.devconf_dflt) 2378 return NETCONFA_IFINDEX_DEFAULT; 2379 else if (cnf == net->ipv4.devconf_all) 2380 return NETCONFA_IFINDEX_ALL; 2381 else { 2382 struct in_device *idev 2383 = container_of(cnf, struct in_device, cnf); 2384 return idev->dev->ifindex; 2385 } 2386 } 2387 2388 static int devinet_conf_proc(const struct ctl_table *ctl, int write, 2389 void *buffer, size_t *lenp, loff_t *ppos) 2390 { 2391 int old_value = *(int *)ctl->data; 2392 int ret = proc_dointvec(ctl, write, buffer, lenp, ppos); 2393 int new_value = *(int *)ctl->data; 2394 2395 if (write) { 2396 struct ipv4_devconf *cnf = ctl->extra1; 2397 struct net *net = ctl->extra2; 2398 int i = (int *)ctl->data - cnf->data; 2399 int ifindex; 2400 2401 set_bit(i, cnf->state); 2402 2403 if (cnf == net->ipv4.devconf_dflt) 2404 devinet_copy_dflt_conf(net, i); 2405 if (i == IPV4_DEVCONF_ACCEPT_LOCAL - 1 || 2406 i == IPV4_DEVCONF_ROUTE_LOCALNET - 1) 2407 if ((new_value == 0) && (old_value != 0)) 2408 rt_cache_flush(net); 2409 2410 if (i == IPV4_DEVCONF_BC_FORWARDING - 1 && 2411 new_value != old_value) 2412 rt_cache_flush(net); 2413 2414 if (i == IPV4_DEVCONF_RP_FILTER - 1 && 2415 new_value != old_value) { 2416 ifindex = devinet_conf_ifindex(net, cnf); 2417 inet_netconf_notify_devconf(net, RTM_NEWNETCONF, 2418 NETCONFA_RP_FILTER, 2419 ifindex, cnf); 2420 } 2421 if (i == IPV4_DEVCONF_PROXY_ARP - 1 && 2422 new_value != old_value) { 2423 ifindex = devinet_conf_ifindex(net, cnf); 2424 inet_netconf_notify_devconf(net, RTM_NEWNETCONF, 2425 NETCONFA_PROXY_NEIGH, 2426 ifindex, cnf); 2427 } 2428 if (i == IPV4_DEVCONF_IGNORE_ROUTES_WITH_LINKDOWN - 1 && 2429 new_value != old_value) { 2430 ifindex = devinet_conf_ifindex(net, cnf); 2431 inet_netconf_notify_devconf(net, RTM_NEWNETCONF, 2432 NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN, 2433 ifindex, cnf); 2434 } 2435 } 2436 2437 return ret; 2438 } 2439 2440 static int devinet_sysctl_forward(const struct ctl_table *ctl, int write, 2441 void *buffer, size_t *lenp, loff_t *ppos) 2442 { 2443 int *valp = ctl->data; 2444 int val = *valp; 2445 loff_t pos = *ppos; 2446 struct net *net = ctl->extra2; 2447 int ret; 2448 2449 if (write && !ns_capable(net->user_ns, CAP_NET_ADMIN)) 2450 return -EPERM; 2451 2452 ret = proc_dointvec(ctl, write, buffer, lenp, ppos); 2453 2454 if (write && *valp != val) { 2455 if (valp != &IPV4_DEVCONF_DFLT(net, FORWARDING)) { 2456 if (!rtnl_trylock()) { 2457 /* Restore the original values before restarting */ 2458 *valp = val; 2459 *ppos = pos; 2460 return restart_syscall(); 2461 } 2462 if (valp == &IPV4_DEVCONF_ALL(net, FORWARDING)) { 2463 inet_forward_change(net); 2464 } else { 2465 struct ipv4_devconf *cnf = ctl->extra1; 2466 struct in_device *idev = 2467 container_of(cnf, struct in_device, cnf); 2468 if (*valp) 2469 dev_disable_lro(idev->dev); 2470 inet_netconf_notify_devconf(net, RTM_NEWNETCONF, 2471 NETCONFA_FORWARDING, 2472 idev->dev->ifindex, 2473 cnf); 2474 } 2475 rtnl_unlock(); 2476 rt_cache_flush(net); 2477 } else 2478 inet_netconf_notify_devconf(net, RTM_NEWNETCONF, 2479 NETCONFA_FORWARDING, 2480 NETCONFA_IFINDEX_DEFAULT, 2481 net->ipv4.devconf_dflt); 2482 } 2483 2484 return ret; 2485 } 2486 2487 static int ipv4_doint_and_flush(const struct ctl_table *ctl, int write, 2488 void *buffer, size_t *lenp, loff_t *ppos) 2489 { 2490 int *valp = ctl->data; 2491 int val = *valp; 2492 int ret = proc_dointvec(ctl, write, buffer, lenp, ppos); 2493 struct net *net = ctl->extra2; 2494 2495 if (write && *valp != val) 2496 rt_cache_flush(net); 2497 2498 return ret; 2499 } 2500 2501 #define DEVINET_SYSCTL_ENTRY(attr, name, mval, proc) \ 2502 { \ 2503 .procname = name, \ 2504 .data = ipv4_devconf.data + \ 2505 IPV4_DEVCONF_ ## attr - 1, \ 2506 .maxlen = sizeof(int), \ 2507 .mode = mval, \ 2508 .proc_handler = proc, \ 2509 .extra1 = &ipv4_devconf, \ 2510 } 2511 2512 #define DEVINET_SYSCTL_RW_ENTRY(attr, name) \ 2513 DEVINET_SYSCTL_ENTRY(attr, name, 0644, devinet_conf_proc) 2514 2515 #define DEVINET_SYSCTL_RO_ENTRY(attr, name) \ 2516 DEVINET_SYSCTL_ENTRY(attr, name, 0444, devinet_conf_proc) 2517 2518 #define DEVINET_SYSCTL_COMPLEX_ENTRY(attr, name, proc) \ 2519 DEVINET_SYSCTL_ENTRY(attr, name, 0644, proc) 2520 2521 #define DEVINET_SYSCTL_FLUSHING_ENTRY(attr, name) \ 2522 DEVINET_SYSCTL_COMPLEX_ENTRY(attr, name, ipv4_doint_and_flush) 2523 2524 static struct devinet_sysctl_table { 2525 struct ctl_table_header *sysctl_header; 2526 struct ctl_table devinet_vars[IPV4_DEVCONF_MAX]; 2527 } devinet_sysctl = { 2528 .devinet_vars = { 2529 DEVINET_SYSCTL_COMPLEX_ENTRY(FORWARDING, "forwarding", 2530 devinet_sysctl_forward), 2531 DEVINET_SYSCTL_RO_ENTRY(MC_FORWARDING, "mc_forwarding"), 2532 DEVINET_SYSCTL_RW_ENTRY(BC_FORWARDING, "bc_forwarding"), 2533 2534 DEVINET_SYSCTL_RW_ENTRY(ACCEPT_REDIRECTS, "accept_redirects"), 2535 DEVINET_SYSCTL_RW_ENTRY(SECURE_REDIRECTS, "secure_redirects"), 2536 DEVINET_SYSCTL_RW_ENTRY(SHARED_MEDIA, "shared_media"), 2537 DEVINET_SYSCTL_RW_ENTRY(RP_FILTER, "rp_filter"), 2538 DEVINET_SYSCTL_RW_ENTRY(SEND_REDIRECTS, "send_redirects"), 2539 DEVINET_SYSCTL_RW_ENTRY(ACCEPT_SOURCE_ROUTE, 2540 "accept_source_route"), 2541 DEVINET_SYSCTL_RW_ENTRY(ACCEPT_LOCAL, "accept_local"), 2542 DEVINET_SYSCTL_RW_ENTRY(SRC_VMARK, "src_valid_mark"), 2543 DEVINET_SYSCTL_RW_ENTRY(PROXY_ARP, "proxy_arp"), 2544 DEVINET_SYSCTL_RW_ENTRY(MEDIUM_ID, "medium_id"), 2545 DEVINET_SYSCTL_RW_ENTRY(BOOTP_RELAY, "bootp_relay"), 2546 DEVINET_SYSCTL_RW_ENTRY(LOG_MARTIANS, "log_martians"), 2547 DEVINET_SYSCTL_RW_ENTRY(TAG, "tag"), 2548 DEVINET_SYSCTL_RW_ENTRY(ARPFILTER, "arp_filter"), 2549 DEVINET_SYSCTL_RW_ENTRY(ARP_ANNOUNCE, "arp_announce"), 2550 DEVINET_SYSCTL_RW_ENTRY(ARP_IGNORE, "arp_ignore"), 2551 DEVINET_SYSCTL_RW_ENTRY(ARP_ACCEPT, "arp_accept"), 2552 DEVINET_SYSCTL_RW_ENTRY(ARP_NOTIFY, "arp_notify"), 2553 DEVINET_SYSCTL_RW_ENTRY(ARP_EVICT_NOCARRIER, 2554 "arp_evict_nocarrier"), 2555 DEVINET_SYSCTL_RW_ENTRY(PROXY_ARP_PVLAN, "proxy_arp_pvlan"), 2556 DEVINET_SYSCTL_RW_ENTRY(FORCE_IGMP_VERSION, 2557 "force_igmp_version"), 2558 DEVINET_SYSCTL_RW_ENTRY(IGMPV2_UNSOLICITED_REPORT_INTERVAL, 2559 "igmpv2_unsolicited_report_interval"), 2560 DEVINET_SYSCTL_RW_ENTRY(IGMPV3_UNSOLICITED_REPORT_INTERVAL, 2561 "igmpv3_unsolicited_report_interval"), 2562 DEVINET_SYSCTL_RW_ENTRY(IGNORE_ROUTES_WITH_LINKDOWN, 2563 "ignore_routes_with_linkdown"), 2564 DEVINET_SYSCTL_RW_ENTRY(DROP_GRATUITOUS_ARP, 2565 "drop_gratuitous_arp"), 2566 2567 DEVINET_SYSCTL_FLUSHING_ENTRY(NOXFRM, "disable_xfrm"), 2568 DEVINET_SYSCTL_FLUSHING_ENTRY(NOPOLICY, "disable_policy"), 2569 DEVINET_SYSCTL_FLUSHING_ENTRY(PROMOTE_SECONDARIES, 2570 "promote_secondaries"), 2571 DEVINET_SYSCTL_FLUSHING_ENTRY(ROUTE_LOCALNET, 2572 "route_localnet"), 2573 DEVINET_SYSCTL_FLUSHING_ENTRY(DROP_UNICAST_IN_L2_MULTICAST, 2574 "drop_unicast_in_l2_multicast"), 2575 }, 2576 }; 2577 2578 static int __devinet_sysctl_register(struct net *net, char *dev_name, 2579 int ifindex, struct ipv4_devconf *p) 2580 { 2581 int i; 2582 struct devinet_sysctl_table *t; 2583 char path[sizeof("net/ipv4/conf/") + IFNAMSIZ]; 2584 2585 t = kmemdup(&devinet_sysctl, sizeof(*t), GFP_KERNEL_ACCOUNT); 2586 if (!t) 2587 goto out; 2588 2589 for (i = 0; i < ARRAY_SIZE(t->devinet_vars); i++) { 2590 t->devinet_vars[i].data += (char *)p - (char *)&ipv4_devconf; 2591 t->devinet_vars[i].extra1 = p; 2592 t->devinet_vars[i].extra2 = net; 2593 } 2594 2595 snprintf(path, sizeof(path), "net/ipv4/conf/%s", dev_name); 2596 2597 t->sysctl_header = register_net_sysctl(net, path, t->devinet_vars); 2598 if (!t->sysctl_header) 2599 goto free; 2600 2601 p->sysctl = t; 2602 2603 inet_netconf_notify_devconf(net, RTM_NEWNETCONF, NETCONFA_ALL, 2604 ifindex, p); 2605 return 0; 2606 2607 free: 2608 kfree(t); 2609 out: 2610 return -ENOMEM; 2611 } 2612 2613 static void __devinet_sysctl_unregister(struct net *net, 2614 struct ipv4_devconf *cnf, int ifindex) 2615 { 2616 struct devinet_sysctl_table *t = cnf->sysctl; 2617 2618 if (t) { 2619 cnf->sysctl = NULL; 2620 unregister_net_sysctl_table(t->sysctl_header); 2621 kfree(t); 2622 } 2623 2624 inet_netconf_notify_devconf(net, RTM_DELNETCONF, 0, ifindex, NULL); 2625 } 2626 2627 static int devinet_sysctl_register(struct in_device *idev) 2628 { 2629 int err; 2630 2631 if (!sysctl_dev_name_is_allowed(idev->dev->name)) 2632 return -EINVAL; 2633 2634 err = neigh_sysctl_register(idev->dev, idev->arp_parms, NULL); 2635 if (err) 2636 return err; 2637 err = __devinet_sysctl_register(dev_net(idev->dev), idev->dev->name, 2638 idev->dev->ifindex, &idev->cnf); 2639 if (err) 2640 neigh_sysctl_unregister(idev->arp_parms); 2641 return err; 2642 } 2643 2644 static void devinet_sysctl_unregister(struct in_device *idev) 2645 { 2646 struct net *net = dev_net(idev->dev); 2647 2648 __devinet_sysctl_unregister(net, &idev->cnf, idev->dev->ifindex); 2649 neigh_sysctl_unregister(idev->arp_parms); 2650 } 2651 2652 static struct ctl_table ctl_forward_entry[] = { 2653 { 2654 .procname = "ip_forward", 2655 .data = &ipv4_devconf.data[ 2656 IPV4_DEVCONF_FORWARDING - 1], 2657 .maxlen = sizeof(int), 2658 .mode = 0644, 2659 .proc_handler = devinet_sysctl_forward, 2660 .extra1 = &ipv4_devconf, 2661 .extra2 = &init_net, 2662 }, 2663 }; 2664 #endif 2665 2666 static __net_init int devinet_init_net(struct net *net) 2667 { 2668 int err; 2669 struct ipv4_devconf *all, *dflt; 2670 #ifdef CONFIG_SYSCTL 2671 struct ctl_table *tbl; 2672 struct ctl_table_header *forw_hdr; 2673 #endif 2674 2675 err = -ENOMEM; 2676 all = kmemdup(&ipv4_devconf, sizeof(ipv4_devconf), GFP_KERNEL); 2677 if (!all) 2678 goto err_alloc_all; 2679 2680 dflt = kmemdup(&ipv4_devconf_dflt, sizeof(ipv4_devconf_dflt), GFP_KERNEL); 2681 if (!dflt) 2682 goto err_alloc_dflt; 2683 2684 #ifdef CONFIG_SYSCTL 2685 tbl = kmemdup(ctl_forward_entry, sizeof(ctl_forward_entry), GFP_KERNEL); 2686 if (!tbl) 2687 goto err_alloc_ctl; 2688 2689 tbl[0].data = &all->data[IPV4_DEVCONF_FORWARDING - 1]; 2690 tbl[0].extra1 = all; 2691 tbl[0].extra2 = net; 2692 #endif 2693 2694 if (!net_eq(net, &init_net)) { 2695 switch (net_inherit_devconf()) { 2696 case 3: 2697 /* copy from the current netns */ 2698 memcpy(all, current->nsproxy->net_ns->ipv4.devconf_all, 2699 sizeof(ipv4_devconf)); 2700 memcpy(dflt, 2701 current->nsproxy->net_ns->ipv4.devconf_dflt, 2702 sizeof(ipv4_devconf_dflt)); 2703 break; 2704 case 0: 2705 case 1: 2706 /* copy from init_net */ 2707 memcpy(all, init_net.ipv4.devconf_all, 2708 sizeof(ipv4_devconf)); 2709 memcpy(dflt, init_net.ipv4.devconf_dflt, 2710 sizeof(ipv4_devconf_dflt)); 2711 break; 2712 case 2: 2713 /* use compiled values */ 2714 break; 2715 } 2716 } 2717 2718 #ifdef CONFIG_SYSCTL 2719 err = __devinet_sysctl_register(net, "all", NETCONFA_IFINDEX_ALL, all); 2720 if (err < 0) 2721 goto err_reg_all; 2722 2723 err = __devinet_sysctl_register(net, "default", 2724 NETCONFA_IFINDEX_DEFAULT, dflt); 2725 if (err < 0) 2726 goto err_reg_dflt; 2727 2728 err = -ENOMEM; 2729 forw_hdr = register_net_sysctl_sz(net, "net/ipv4", tbl, 2730 ARRAY_SIZE(ctl_forward_entry)); 2731 if (!forw_hdr) 2732 goto err_reg_ctl; 2733 net->ipv4.forw_hdr = forw_hdr; 2734 #endif 2735 2736 net->ipv4.devconf_all = all; 2737 net->ipv4.devconf_dflt = dflt; 2738 return 0; 2739 2740 #ifdef CONFIG_SYSCTL 2741 err_reg_ctl: 2742 __devinet_sysctl_unregister(net, dflt, NETCONFA_IFINDEX_DEFAULT); 2743 err_reg_dflt: 2744 __devinet_sysctl_unregister(net, all, NETCONFA_IFINDEX_ALL); 2745 err_reg_all: 2746 kfree(tbl); 2747 err_alloc_ctl: 2748 #endif 2749 kfree(dflt); 2750 err_alloc_dflt: 2751 kfree(all); 2752 err_alloc_all: 2753 return err; 2754 } 2755 2756 static __net_exit void devinet_exit_net(struct net *net) 2757 { 2758 #ifdef CONFIG_SYSCTL 2759 const struct ctl_table *tbl; 2760 2761 tbl = net->ipv4.forw_hdr->ctl_table_arg; 2762 unregister_net_sysctl_table(net->ipv4.forw_hdr); 2763 __devinet_sysctl_unregister(net, net->ipv4.devconf_dflt, 2764 NETCONFA_IFINDEX_DEFAULT); 2765 __devinet_sysctl_unregister(net, net->ipv4.devconf_all, 2766 NETCONFA_IFINDEX_ALL); 2767 kfree(tbl); 2768 #endif 2769 kfree(net->ipv4.devconf_dflt); 2770 kfree(net->ipv4.devconf_all); 2771 } 2772 2773 static __net_initdata struct pernet_operations devinet_ops = { 2774 .init = devinet_init_net, 2775 .exit = devinet_exit_net, 2776 }; 2777 2778 static struct rtnl_af_ops inet_af_ops __read_mostly = { 2779 .family = AF_INET, 2780 .fill_link_af = inet_fill_link_af, 2781 .get_link_af_size = inet_get_link_af_size, 2782 .validate_link_af = inet_validate_link_af, 2783 .set_link_af = inet_set_link_af, 2784 }; 2785 2786 void __init devinet_init(void) 2787 { 2788 int i; 2789 2790 for (i = 0; i < IN4_ADDR_HSIZE; i++) 2791 INIT_HLIST_HEAD(&inet_addr_lst[i]); 2792 2793 register_pernet_subsys(&devinet_ops); 2794 register_netdevice_notifier(&ip_netdev_notifier); 2795 2796 queue_delayed_work(system_power_efficient_wq, &check_lifetime_work, 0); 2797 2798 rtnl_af_register(&inet_af_ops); 2799 2800 rtnl_register(PF_INET, RTM_NEWADDR, inet_rtm_newaddr, NULL, 0); 2801 rtnl_register(PF_INET, RTM_DELADDR, inet_rtm_deladdr, NULL, 0); 2802 rtnl_register(PF_INET, RTM_GETADDR, NULL, inet_dump_ifaddr, 2803 RTNL_FLAG_DUMP_UNLOCKED | RTNL_FLAG_DUMP_SPLIT_NLM_DONE); 2804 rtnl_register(PF_INET, RTM_GETNETCONF, inet_netconf_get_devconf, 2805 inet_netconf_dump_devconf, 2806 RTNL_FLAG_DOIT_UNLOCKED | RTNL_FLAG_DUMP_UNLOCKED); 2807 } 2808