xref: /linux/net/ipv4/devinet.c (revision 90d32e92011eaae8e70a9169b4e7acf4ca8f9d3a)
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  *	NET3	IP device support routines.
4  *
5  *	Derived from the IP parts of dev.c 1.0.19
6  * 		Authors:	Ross Biro
7  *				Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
8  *				Mark Evans, <evansmp@uhura.aston.ac.uk>
9  *
10  *	Additional Authors:
11  *		Alan Cox, <gw4pts@gw4pts.ampr.org>
12  *		Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>
13  *
14  *	Changes:
15  *		Alexey Kuznetsov:	pa_* fields are replaced with ifaddr
16  *					lists.
17  *		Cyrus Durgin:		updated for kmod
18  *		Matthias Andree:	in devinet_ioctl, compare label and
19  *					address (4.4BSD alias style support),
20  *					fall back to comparing just the label
21  *					if no match found.
22  */
23 
24 
25 #include <linux/uaccess.h>
26 #include <linux/bitops.h>
27 #include <linux/capability.h>
28 #include <linux/module.h>
29 #include <linux/types.h>
30 #include <linux/kernel.h>
31 #include <linux/sched/signal.h>
32 #include <linux/string.h>
33 #include <linux/mm.h>
34 #include <linux/socket.h>
35 #include <linux/sockios.h>
36 #include <linux/in.h>
37 #include <linux/errno.h>
38 #include <linux/interrupt.h>
39 #include <linux/if_addr.h>
40 #include <linux/if_ether.h>
41 #include <linux/inet.h>
42 #include <linux/netdevice.h>
43 #include <linux/etherdevice.h>
44 #include <linux/skbuff.h>
45 #include <linux/init.h>
46 #include <linux/notifier.h>
47 #include <linux/inetdevice.h>
48 #include <linux/igmp.h>
49 #include <linux/slab.h>
50 #include <linux/hash.h>
51 #ifdef CONFIG_SYSCTL
52 #include <linux/sysctl.h>
53 #endif
54 #include <linux/kmod.h>
55 #include <linux/netconf.h>
56 
57 #include <net/arp.h>
58 #include <net/ip.h>
59 #include <net/route.h>
60 #include <net/ip_fib.h>
61 #include <net/rtnetlink.h>
62 #include <net/net_namespace.h>
63 #include <net/addrconf.h>
64 
65 #define IPV6ONLY_FLAGS	\
66 		(IFA_F_NODAD | IFA_F_OPTIMISTIC | IFA_F_DADFAILED | \
67 		 IFA_F_HOMEADDRESS | IFA_F_TENTATIVE | \
68 		 IFA_F_MANAGETEMPADDR | IFA_F_STABLE_PRIVACY)
69 
70 static struct ipv4_devconf ipv4_devconf = {
71 	.data = {
72 		[IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 1,
73 		[IPV4_DEVCONF_SEND_REDIRECTS - 1] = 1,
74 		[IPV4_DEVCONF_SECURE_REDIRECTS - 1] = 1,
75 		[IPV4_DEVCONF_SHARED_MEDIA - 1] = 1,
76 		[IPV4_DEVCONF_IGMPV2_UNSOLICITED_REPORT_INTERVAL - 1] = 10000 /*ms*/,
77 		[IPV4_DEVCONF_IGMPV3_UNSOLICITED_REPORT_INTERVAL - 1] =  1000 /*ms*/,
78 		[IPV4_DEVCONF_ARP_EVICT_NOCARRIER - 1] = 1,
79 	},
80 };
81 
82 static struct ipv4_devconf ipv4_devconf_dflt = {
83 	.data = {
84 		[IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 1,
85 		[IPV4_DEVCONF_SEND_REDIRECTS - 1] = 1,
86 		[IPV4_DEVCONF_SECURE_REDIRECTS - 1] = 1,
87 		[IPV4_DEVCONF_SHARED_MEDIA - 1] = 1,
88 		[IPV4_DEVCONF_ACCEPT_SOURCE_ROUTE - 1] = 1,
89 		[IPV4_DEVCONF_IGMPV2_UNSOLICITED_REPORT_INTERVAL - 1] = 10000 /*ms*/,
90 		[IPV4_DEVCONF_IGMPV3_UNSOLICITED_REPORT_INTERVAL - 1] =  1000 /*ms*/,
91 		[IPV4_DEVCONF_ARP_EVICT_NOCARRIER - 1] = 1,
92 	},
93 };
94 
95 #define IPV4_DEVCONF_DFLT(net, attr) \
96 	IPV4_DEVCONF((*net->ipv4.devconf_dflt), attr)
97 
98 static const struct nla_policy ifa_ipv4_policy[IFA_MAX+1] = {
99 	[IFA_LOCAL]     	= { .type = NLA_U32 },
100 	[IFA_ADDRESS]   	= { .type = NLA_U32 },
101 	[IFA_BROADCAST] 	= { .type = NLA_U32 },
102 	[IFA_LABEL]     	= { .type = NLA_STRING, .len = IFNAMSIZ - 1 },
103 	[IFA_CACHEINFO]		= { .len = sizeof(struct ifa_cacheinfo) },
104 	[IFA_FLAGS]		= { .type = NLA_U32 },
105 	[IFA_RT_PRIORITY]	= { .type = NLA_U32 },
106 	[IFA_TARGET_NETNSID]	= { .type = NLA_S32 },
107 	[IFA_PROTO]		= { .type = NLA_U8 },
108 };
109 
110 struct inet_fill_args {
111 	u32 portid;
112 	u32 seq;
113 	int event;
114 	unsigned int flags;
115 	int netnsid;
116 	int ifindex;
117 };
118 
119 #define IN4_ADDR_HSIZE_SHIFT	8
120 #define IN4_ADDR_HSIZE		(1U << IN4_ADDR_HSIZE_SHIFT)
121 
122 static struct hlist_head inet_addr_lst[IN4_ADDR_HSIZE];
123 
124 static u32 inet_addr_hash(const struct net *net, __be32 addr)
125 {
126 	u32 val = (__force u32) addr ^ net_hash_mix(net);
127 
128 	return hash_32(val, IN4_ADDR_HSIZE_SHIFT);
129 }
130 
131 static void inet_hash_insert(struct net *net, struct in_ifaddr *ifa)
132 {
133 	u32 hash = inet_addr_hash(net, ifa->ifa_local);
134 
135 	ASSERT_RTNL();
136 	hlist_add_head_rcu(&ifa->hash, &inet_addr_lst[hash]);
137 }
138 
139 static void inet_hash_remove(struct in_ifaddr *ifa)
140 {
141 	ASSERT_RTNL();
142 	hlist_del_init_rcu(&ifa->hash);
143 }
144 
145 /**
146  * __ip_dev_find - find the first device with a given source address.
147  * @net: the net namespace
148  * @addr: the source address
149  * @devref: if true, take a reference on the found device
150  *
151  * If a caller uses devref=false, it should be protected by RCU, or RTNL
152  */
153 struct net_device *__ip_dev_find(struct net *net, __be32 addr, bool devref)
154 {
155 	struct net_device *result = NULL;
156 	struct in_ifaddr *ifa;
157 
158 	rcu_read_lock();
159 	ifa = inet_lookup_ifaddr_rcu(net, addr);
160 	if (!ifa) {
161 		struct flowi4 fl4 = { .daddr = addr };
162 		struct fib_result res = { 0 };
163 		struct fib_table *local;
164 
165 		/* Fallback to FIB local table so that communication
166 		 * over loopback subnets work.
167 		 */
168 		local = fib_get_table(net, RT_TABLE_LOCAL);
169 		if (local &&
170 		    !fib_table_lookup(local, &fl4, &res, FIB_LOOKUP_NOREF) &&
171 		    res.type == RTN_LOCAL)
172 			result = FIB_RES_DEV(res);
173 	} else {
174 		result = ifa->ifa_dev->dev;
175 	}
176 	if (result && devref)
177 		dev_hold(result);
178 	rcu_read_unlock();
179 	return result;
180 }
181 EXPORT_SYMBOL(__ip_dev_find);
182 
183 /* called under RCU lock */
184 struct in_ifaddr *inet_lookup_ifaddr_rcu(struct net *net, __be32 addr)
185 {
186 	u32 hash = inet_addr_hash(net, addr);
187 	struct in_ifaddr *ifa;
188 
189 	hlist_for_each_entry_rcu(ifa, &inet_addr_lst[hash], hash)
190 		if (ifa->ifa_local == addr &&
191 		    net_eq(dev_net(ifa->ifa_dev->dev), net))
192 			return ifa;
193 
194 	return NULL;
195 }
196 
197 static void rtmsg_ifa(int event, struct in_ifaddr *, struct nlmsghdr *, u32);
198 
199 static BLOCKING_NOTIFIER_HEAD(inetaddr_chain);
200 static BLOCKING_NOTIFIER_HEAD(inetaddr_validator_chain);
201 static void inet_del_ifa(struct in_device *in_dev,
202 			 struct in_ifaddr __rcu **ifap,
203 			 int destroy);
204 #ifdef CONFIG_SYSCTL
205 static int devinet_sysctl_register(struct in_device *idev);
206 static void devinet_sysctl_unregister(struct in_device *idev);
207 #else
208 static int devinet_sysctl_register(struct in_device *idev)
209 {
210 	return 0;
211 }
212 static void devinet_sysctl_unregister(struct in_device *idev)
213 {
214 }
215 #endif
216 
217 /* Locks all the inet devices. */
218 
219 static struct in_ifaddr *inet_alloc_ifa(void)
220 {
221 	return kzalloc(sizeof(struct in_ifaddr), GFP_KERNEL_ACCOUNT);
222 }
223 
224 static void inet_rcu_free_ifa(struct rcu_head *head)
225 {
226 	struct in_ifaddr *ifa = container_of(head, struct in_ifaddr, rcu_head);
227 
228 	if (ifa->ifa_dev)
229 		in_dev_put(ifa->ifa_dev);
230 	kfree(ifa);
231 }
232 
233 static void inet_free_ifa(struct in_ifaddr *ifa)
234 {
235 	/* Our reference to ifa->ifa_dev must be freed ASAP
236 	 * to release the reference to the netdev the same way.
237 	 * in_dev_put() -> in_dev_finish_destroy() -> netdev_put()
238 	 */
239 	call_rcu_hurry(&ifa->rcu_head, inet_rcu_free_ifa);
240 }
241 
242 static void in_dev_free_rcu(struct rcu_head *head)
243 {
244 	struct in_device *idev = container_of(head, struct in_device, rcu_head);
245 
246 	kfree(rcu_dereference_protected(idev->mc_hash, 1));
247 	kfree(idev);
248 }
249 
250 void in_dev_finish_destroy(struct in_device *idev)
251 {
252 	struct net_device *dev = idev->dev;
253 
254 	WARN_ON(idev->ifa_list);
255 	WARN_ON(idev->mc_list);
256 #ifdef NET_REFCNT_DEBUG
257 	pr_debug("%s: %p=%s\n", __func__, idev, dev ? dev->name : "NIL");
258 #endif
259 	netdev_put(dev, &idev->dev_tracker);
260 	if (!idev->dead)
261 		pr_err("Freeing alive in_device %p\n", idev);
262 	else
263 		call_rcu(&idev->rcu_head, in_dev_free_rcu);
264 }
265 EXPORT_SYMBOL(in_dev_finish_destroy);
266 
267 static struct in_device *inetdev_init(struct net_device *dev)
268 {
269 	struct in_device *in_dev;
270 	int err = -ENOMEM;
271 
272 	ASSERT_RTNL();
273 
274 	in_dev = kzalloc(sizeof(*in_dev), GFP_KERNEL);
275 	if (!in_dev)
276 		goto out;
277 	memcpy(&in_dev->cnf, dev_net(dev)->ipv4.devconf_dflt,
278 			sizeof(in_dev->cnf));
279 	in_dev->cnf.sysctl = NULL;
280 	in_dev->dev = dev;
281 	in_dev->arp_parms = neigh_parms_alloc(dev, &arp_tbl);
282 	if (!in_dev->arp_parms)
283 		goto out_kfree;
284 	if (IPV4_DEVCONF(in_dev->cnf, FORWARDING))
285 		dev_disable_lro(dev);
286 	/* Reference in_dev->dev */
287 	netdev_hold(dev, &in_dev->dev_tracker, GFP_KERNEL);
288 	/* Account for reference dev->ip_ptr (below) */
289 	refcount_set(&in_dev->refcnt, 1);
290 
291 	err = devinet_sysctl_register(in_dev);
292 	if (err) {
293 		in_dev->dead = 1;
294 		neigh_parms_release(&arp_tbl, in_dev->arp_parms);
295 		in_dev_put(in_dev);
296 		in_dev = NULL;
297 		goto out;
298 	}
299 	ip_mc_init_dev(in_dev);
300 	if (dev->flags & IFF_UP)
301 		ip_mc_up(in_dev);
302 
303 	/* we can receive as soon as ip_ptr is set -- do this last */
304 	rcu_assign_pointer(dev->ip_ptr, in_dev);
305 out:
306 	return in_dev ?: ERR_PTR(err);
307 out_kfree:
308 	kfree(in_dev);
309 	in_dev = NULL;
310 	goto out;
311 }
312 
313 static void inetdev_destroy(struct in_device *in_dev)
314 {
315 	struct net_device *dev;
316 	struct in_ifaddr *ifa;
317 
318 	ASSERT_RTNL();
319 
320 	dev = in_dev->dev;
321 
322 	in_dev->dead = 1;
323 
324 	ip_mc_destroy_dev(in_dev);
325 
326 	while ((ifa = rtnl_dereference(in_dev->ifa_list)) != NULL) {
327 		inet_del_ifa(in_dev, &in_dev->ifa_list, 0);
328 		inet_free_ifa(ifa);
329 	}
330 
331 	RCU_INIT_POINTER(dev->ip_ptr, NULL);
332 
333 	devinet_sysctl_unregister(in_dev);
334 	neigh_parms_release(&arp_tbl, in_dev->arp_parms);
335 	arp_ifdown(dev);
336 
337 	in_dev_put(in_dev);
338 }
339 
340 int inet_addr_onlink(struct in_device *in_dev, __be32 a, __be32 b)
341 {
342 	const struct in_ifaddr *ifa;
343 
344 	rcu_read_lock();
345 	in_dev_for_each_ifa_rcu(ifa, in_dev) {
346 		if (inet_ifa_match(a, ifa)) {
347 			if (!b || inet_ifa_match(b, ifa)) {
348 				rcu_read_unlock();
349 				return 1;
350 			}
351 		}
352 	}
353 	rcu_read_unlock();
354 	return 0;
355 }
356 
357 static void __inet_del_ifa(struct in_device *in_dev,
358 			   struct in_ifaddr __rcu **ifap,
359 			   int destroy, struct nlmsghdr *nlh, u32 portid)
360 {
361 	struct in_ifaddr *promote = NULL;
362 	struct in_ifaddr *ifa, *ifa1;
363 	struct in_ifaddr __rcu **last_prim;
364 	struct in_ifaddr *prev_prom = NULL;
365 	int do_promote = IN_DEV_PROMOTE_SECONDARIES(in_dev);
366 
367 	ASSERT_RTNL();
368 
369 	ifa1 = rtnl_dereference(*ifap);
370 	last_prim = ifap;
371 	if (in_dev->dead)
372 		goto no_promotions;
373 
374 	/* 1. Deleting primary ifaddr forces deletion all secondaries
375 	 * unless alias promotion is set
376 	 **/
377 
378 	if (!(ifa1->ifa_flags & IFA_F_SECONDARY)) {
379 		struct in_ifaddr __rcu **ifap1 = &ifa1->ifa_next;
380 
381 		while ((ifa = rtnl_dereference(*ifap1)) != NULL) {
382 			if (!(ifa->ifa_flags & IFA_F_SECONDARY) &&
383 			    ifa1->ifa_scope <= ifa->ifa_scope)
384 				last_prim = &ifa->ifa_next;
385 
386 			if (!(ifa->ifa_flags & IFA_F_SECONDARY) ||
387 			    ifa1->ifa_mask != ifa->ifa_mask ||
388 			    !inet_ifa_match(ifa1->ifa_address, ifa)) {
389 				ifap1 = &ifa->ifa_next;
390 				prev_prom = ifa;
391 				continue;
392 			}
393 
394 			if (!do_promote) {
395 				inet_hash_remove(ifa);
396 				*ifap1 = ifa->ifa_next;
397 
398 				rtmsg_ifa(RTM_DELADDR, ifa, nlh, portid);
399 				blocking_notifier_call_chain(&inetaddr_chain,
400 						NETDEV_DOWN, ifa);
401 				inet_free_ifa(ifa);
402 			} else {
403 				promote = ifa;
404 				break;
405 			}
406 		}
407 	}
408 
409 	/* On promotion all secondaries from subnet are changing
410 	 * the primary IP, we must remove all their routes silently
411 	 * and later to add them back with new prefsrc. Do this
412 	 * while all addresses are on the device list.
413 	 */
414 	for (ifa = promote; ifa; ifa = rtnl_dereference(ifa->ifa_next)) {
415 		if (ifa1->ifa_mask == ifa->ifa_mask &&
416 		    inet_ifa_match(ifa1->ifa_address, ifa))
417 			fib_del_ifaddr(ifa, ifa1);
418 	}
419 
420 no_promotions:
421 	/* 2. Unlink it */
422 
423 	*ifap = ifa1->ifa_next;
424 	inet_hash_remove(ifa1);
425 
426 	/* 3. Announce address deletion */
427 
428 	/* Send message first, then call notifier.
429 	   At first sight, FIB update triggered by notifier
430 	   will refer to already deleted ifaddr, that could confuse
431 	   netlink listeners. It is not true: look, gated sees
432 	   that route deleted and if it still thinks that ifaddr
433 	   is valid, it will try to restore deleted routes... Grr.
434 	   So that, this order is correct.
435 	 */
436 	rtmsg_ifa(RTM_DELADDR, ifa1, nlh, portid);
437 	blocking_notifier_call_chain(&inetaddr_chain, NETDEV_DOWN, ifa1);
438 
439 	if (promote) {
440 		struct in_ifaddr *next_sec;
441 
442 		next_sec = rtnl_dereference(promote->ifa_next);
443 		if (prev_prom) {
444 			struct in_ifaddr *last_sec;
445 
446 			rcu_assign_pointer(prev_prom->ifa_next, next_sec);
447 
448 			last_sec = rtnl_dereference(*last_prim);
449 			rcu_assign_pointer(promote->ifa_next, last_sec);
450 			rcu_assign_pointer(*last_prim, promote);
451 		}
452 
453 		promote->ifa_flags &= ~IFA_F_SECONDARY;
454 		rtmsg_ifa(RTM_NEWADDR, promote, nlh, portid);
455 		blocking_notifier_call_chain(&inetaddr_chain,
456 				NETDEV_UP, promote);
457 		for (ifa = next_sec; ifa;
458 		     ifa = rtnl_dereference(ifa->ifa_next)) {
459 			if (ifa1->ifa_mask != ifa->ifa_mask ||
460 			    !inet_ifa_match(ifa1->ifa_address, ifa))
461 					continue;
462 			fib_add_ifaddr(ifa);
463 		}
464 
465 	}
466 	if (destroy)
467 		inet_free_ifa(ifa1);
468 }
469 
470 static void inet_del_ifa(struct in_device *in_dev,
471 			 struct in_ifaddr __rcu **ifap,
472 			 int destroy)
473 {
474 	__inet_del_ifa(in_dev, ifap, destroy, NULL, 0);
475 }
476 
477 static void check_lifetime(struct work_struct *work);
478 
479 static DECLARE_DELAYED_WORK(check_lifetime_work, check_lifetime);
480 
481 static int __inet_insert_ifa(struct in_ifaddr *ifa, struct nlmsghdr *nlh,
482 			     u32 portid, struct netlink_ext_ack *extack)
483 {
484 	struct in_ifaddr __rcu **last_primary, **ifap;
485 	struct in_device *in_dev = ifa->ifa_dev;
486 	struct in_validator_info ivi;
487 	struct in_ifaddr *ifa1;
488 	int ret;
489 
490 	ASSERT_RTNL();
491 
492 	if (!ifa->ifa_local) {
493 		inet_free_ifa(ifa);
494 		return 0;
495 	}
496 
497 	ifa->ifa_flags &= ~IFA_F_SECONDARY;
498 	last_primary = &in_dev->ifa_list;
499 
500 	/* Don't set IPv6 only flags to IPv4 addresses */
501 	ifa->ifa_flags &= ~IPV6ONLY_FLAGS;
502 
503 	ifap = &in_dev->ifa_list;
504 	ifa1 = rtnl_dereference(*ifap);
505 
506 	while (ifa1) {
507 		if (!(ifa1->ifa_flags & IFA_F_SECONDARY) &&
508 		    ifa->ifa_scope <= ifa1->ifa_scope)
509 			last_primary = &ifa1->ifa_next;
510 		if (ifa1->ifa_mask == ifa->ifa_mask &&
511 		    inet_ifa_match(ifa1->ifa_address, ifa)) {
512 			if (ifa1->ifa_local == ifa->ifa_local) {
513 				inet_free_ifa(ifa);
514 				return -EEXIST;
515 			}
516 			if (ifa1->ifa_scope != ifa->ifa_scope) {
517 				NL_SET_ERR_MSG(extack, "ipv4: Invalid scope value");
518 				inet_free_ifa(ifa);
519 				return -EINVAL;
520 			}
521 			ifa->ifa_flags |= IFA_F_SECONDARY;
522 		}
523 
524 		ifap = &ifa1->ifa_next;
525 		ifa1 = rtnl_dereference(*ifap);
526 	}
527 
528 	/* Allow any devices that wish to register ifaddr validtors to weigh
529 	 * in now, before changes are committed.  The rntl lock is serializing
530 	 * access here, so the state should not change between a validator call
531 	 * and a final notify on commit.  This isn't invoked on promotion under
532 	 * the assumption that validators are checking the address itself, and
533 	 * not the flags.
534 	 */
535 	ivi.ivi_addr = ifa->ifa_address;
536 	ivi.ivi_dev = ifa->ifa_dev;
537 	ivi.extack = extack;
538 	ret = blocking_notifier_call_chain(&inetaddr_validator_chain,
539 					   NETDEV_UP, &ivi);
540 	ret = notifier_to_errno(ret);
541 	if (ret) {
542 		inet_free_ifa(ifa);
543 		return ret;
544 	}
545 
546 	if (!(ifa->ifa_flags & IFA_F_SECONDARY))
547 		ifap = last_primary;
548 
549 	rcu_assign_pointer(ifa->ifa_next, *ifap);
550 	rcu_assign_pointer(*ifap, ifa);
551 
552 	inet_hash_insert(dev_net(in_dev->dev), ifa);
553 
554 	cancel_delayed_work(&check_lifetime_work);
555 	queue_delayed_work(system_power_efficient_wq, &check_lifetime_work, 0);
556 
557 	/* Send message first, then call notifier.
558 	   Notifier will trigger FIB update, so that
559 	   listeners of netlink will know about new ifaddr */
560 	rtmsg_ifa(RTM_NEWADDR, ifa, nlh, portid);
561 	blocking_notifier_call_chain(&inetaddr_chain, NETDEV_UP, ifa);
562 
563 	return 0;
564 }
565 
566 static int inet_insert_ifa(struct in_ifaddr *ifa)
567 {
568 	return __inet_insert_ifa(ifa, NULL, 0, NULL);
569 }
570 
571 static int inet_set_ifa(struct net_device *dev, struct in_ifaddr *ifa)
572 {
573 	struct in_device *in_dev = __in_dev_get_rtnl(dev);
574 
575 	ASSERT_RTNL();
576 
577 	if (!in_dev) {
578 		inet_free_ifa(ifa);
579 		return -ENOBUFS;
580 	}
581 	ipv4_devconf_setall(in_dev);
582 	neigh_parms_data_state_setall(in_dev->arp_parms);
583 	if (ifa->ifa_dev != in_dev) {
584 		WARN_ON(ifa->ifa_dev);
585 		in_dev_hold(in_dev);
586 		ifa->ifa_dev = in_dev;
587 	}
588 	if (ipv4_is_loopback(ifa->ifa_local))
589 		ifa->ifa_scope = RT_SCOPE_HOST;
590 	return inet_insert_ifa(ifa);
591 }
592 
593 /* Caller must hold RCU or RTNL :
594  * We dont take a reference on found in_device
595  */
596 struct in_device *inetdev_by_index(struct net *net, int ifindex)
597 {
598 	struct net_device *dev;
599 	struct in_device *in_dev = NULL;
600 
601 	rcu_read_lock();
602 	dev = dev_get_by_index_rcu(net, ifindex);
603 	if (dev)
604 		in_dev = rcu_dereference_rtnl(dev->ip_ptr);
605 	rcu_read_unlock();
606 	return in_dev;
607 }
608 EXPORT_SYMBOL(inetdev_by_index);
609 
610 /* Called only from RTNL semaphored context. No locks. */
611 
612 struct in_ifaddr *inet_ifa_byprefix(struct in_device *in_dev, __be32 prefix,
613 				    __be32 mask)
614 {
615 	struct in_ifaddr *ifa;
616 
617 	ASSERT_RTNL();
618 
619 	in_dev_for_each_ifa_rtnl(ifa, in_dev) {
620 		if (ifa->ifa_mask == mask && inet_ifa_match(prefix, ifa))
621 			return ifa;
622 	}
623 	return NULL;
624 }
625 
626 static int ip_mc_autojoin_config(struct net *net, bool join,
627 				 const struct in_ifaddr *ifa)
628 {
629 #if defined(CONFIG_IP_MULTICAST)
630 	struct ip_mreqn mreq = {
631 		.imr_multiaddr.s_addr = ifa->ifa_address,
632 		.imr_ifindex = ifa->ifa_dev->dev->ifindex,
633 	};
634 	struct sock *sk = net->ipv4.mc_autojoin_sk;
635 	int ret;
636 
637 	ASSERT_RTNL();
638 
639 	lock_sock(sk);
640 	if (join)
641 		ret = ip_mc_join_group(sk, &mreq);
642 	else
643 		ret = ip_mc_leave_group(sk, &mreq);
644 	release_sock(sk);
645 
646 	return ret;
647 #else
648 	return -EOPNOTSUPP;
649 #endif
650 }
651 
652 static int inet_rtm_deladdr(struct sk_buff *skb, struct nlmsghdr *nlh,
653 			    struct netlink_ext_ack *extack)
654 {
655 	struct net *net = sock_net(skb->sk);
656 	struct in_ifaddr __rcu **ifap;
657 	struct nlattr *tb[IFA_MAX+1];
658 	struct in_device *in_dev;
659 	struct ifaddrmsg *ifm;
660 	struct in_ifaddr *ifa;
661 	int err;
662 
663 	ASSERT_RTNL();
664 
665 	err = nlmsg_parse_deprecated(nlh, sizeof(*ifm), tb, IFA_MAX,
666 				     ifa_ipv4_policy, extack);
667 	if (err < 0)
668 		goto errout;
669 
670 	ifm = nlmsg_data(nlh);
671 	in_dev = inetdev_by_index(net, ifm->ifa_index);
672 	if (!in_dev) {
673 		NL_SET_ERR_MSG(extack, "ipv4: Device not found");
674 		err = -ENODEV;
675 		goto errout;
676 	}
677 
678 	for (ifap = &in_dev->ifa_list; (ifa = rtnl_dereference(*ifap)) != NULL;
679 	     ifap = &ifa->ifa_next) {
680 		if (tb[IFA_LOCAL] &&
681 		    ifa->ifa_local != nla_get_in_addr(tb[IFA_LOCAL]))
682 			continue;
683 
684 		if (tb[IFA_LABEL] && nla_strcmp(tb[IFA_LABEL], ifa->ifa_label))
685 			continue;
686 
687 		if (tb[IFA_ADDRESS] &&
688 		    (ifm->ifa_prefixlen != ifa->ifa_prefixlen ||
689 		    !inet_ifa_match(nla_get_in_addr(tb[IFA_ADDRESS]), ifa)))
690 			continue;
691 
692 		if (ipv4_is_multicast(ifa->ifa_address))
693 			ip_mc_autojoin_config(net, false, ifa);
694 		__inet_del_ifa(in_dev, ifap, 1, nlh, NETLINK_CB(skb).portid);
695 		return 0;
696 	}
697 
698 	NL_SET_ERR_MSG(extack, "ipv4: Address not found");
699 	err = -EADDRNOTAVAIL;
700 errout:
701 	return err;
702 }
703 
704 #define INFINITY_LIFE_TIME	0xFFFFFFFF
705 
706 static void check_lifetime(struct work_struct *work)
707 {
708 	unsigned long now, next, next_sec, next_sched;
709 	struct in_ifaddr *ifa;
710 	struct hlist_node *n;
711 	int i;
712 
713 	now = jiffies;
714 	next = round_jiffies_up(now + ADDR_CHECK_FREQUENCY);
715 
716 	for (i = 0; i < IN4_ADDR_HSIZE; i++) {
717 		bool change_needed = false;
718 
719 		rcu_read_lock();
720 		hlist_for_each_entry_rcu(ifa, &inet_addr_lst[i], hash) {
721 			unsigned long age, tstamp;
722 			u32 preferred_lft;
723 			u32 valid_lft;
724 			u32 flags;
725 
726 			flags = READ_ONCE(ifa->ifa_flags);
727 			if (flags & IFA_F_PERMANENT)
728 				continue;
729 
730 			preferred_lft = READ_ONCE(ifa->ifa_preferred_lft);
731 			valid_lft = READ_ONCE(ifa->ifa_valid_lft);
732 			tstamp = READ_ONCE(ifa->ifa_tstamp);
733 			/* We try to batch several events at once. */
734 			age = (now - tstamp +
735 			       ADDRCONF_TIMER_FUZZ_MINUS) / HZ;
736 
737 			if (valid_lft != INFINITY_LIFE_TIME &&
738 			    age >= valid_lft) {
739 				change_needed = true;
740 			} else if (preferred_lft ==
741 				   INFINITY_LIFE_TIME) {
742 				continue;
743 			} else if (age >= preferred_lft) {
744 				if (time_before(tstamp + valid_lft * HZ, next))
745 					next = tstamp + valid_lft * HZ;
746 
747 				if (!(flags & IFA_F_DEPRECATED))
748 					change_needed = true;
749 			} else if (time_before(tstamp + preferred_lft * HZ,
750 					       next)) {
751 				next = tstamp + preferred_lft * HZ;
752 			}
753 		}
754 		rcu_read_unlock();
755 		if (!change_needed)
756 			continue;
757 		rtnl_lock();
758 		hlist_for_each_entry_safe(ifa, n, &inet_addr_lst[i], hash) {
759 			unsigned long age;
760 
761 			if (ifa->ifa_flags & IFA_F_PERMANENT)
762 				continue;
763 
764 			/* We try to batch several events at once. */
765 			age = (now - ifa->ifa_tstamp +
766 			       ADDRCONF_TIMER_FUZZ_MINUS) / HZ;
767 
768 			if (ifa->ifa_valid_lft != INFINITY_LIFE_TIME &&
769 			    age >= ifa->ifa_valid_lft) {
770 				struct in_ifaddr __rcu **ifap;
771 				struct in_ifaddr *tmp;
772 
773 				ifap = &ifa->ifa_dev->ifa_list;
774 				tmp = rtnl_dereference(*ifap);
775 				while (tmp) {
776 					if (tmp == ifa) {
777 						inet_del_ifa(ifa->ifa_dev,
778 							     ifap, 1);
779 						break;
780 					}
781 					ifap = &tmp->ifa_next;
782 					tmp = rtnl_dereference(*ifap);
783 				}
784 			} else if (ifa->ifa_preferred_lft !=
785 				   INFINITY_LIFE_TIME &&
786 				   age >= ifa->ifa_preferred_lft &&
787 				   !(ifa->ifa_flags & IFA_F_DEPRECATED)) {
788 				ifa->ifa_flags |= IFA_F_DEPRECATED;
789 				rtmsg_ifa(RTM_NEWADDR, ifa, NULL, 0);
790 			}
791 		}
792 		rtnl_unlock();
793 	}
794 
795 	next_sec = round_jiffies_up(next);
796 	next_sched = next;
797 
798 	/* If rounded timeout is accurate enough, accept it. */
799 	if (time_before(next_sec, next + ADDRCONF_TIMER_FUZZ))
800 		next_sched = next_sec;
801 
802 	now = jiffies;
803 	/* And minimum interval is ADDRCONF_TIMER_FUZZ_MAX. */
804 	if (time_before(next_sched, now + ADDRCONF_TIMER_FUZZ_MAX))
805 		next_sched = now + ADDRCONF_TIMER_FUZZ_MAX;
806 
807 	queue_delayed_work(system_power_efficient_wq, &check_lifetime_work,
808 			next_sched - now);
809 }
810 
811 static void set_ifa_lifetime(struct in_ifaddr *ifa, __u32 valid_lft,
812 			     __u32 prefered_lft)
813 {
814 	unsigned long timeout;
815 	u32 flags;
816 
817 	flags = ifa->ifa_flags & ~(IFA_F_PERMANENT | IFA_F_DEPRECATED);
818 
819 	timeout = addrconf_timeout_fixup(valid_lft, HZ);
820 	if (addrconf_finite_timeout(timeout))
821 		WRITE_ONCE(ifa->ifa_valid_lft, timeout);
822 	else
823 		flags |= IFA_F_PERMANENT;
824 
825 	timeout = addrconf_timeout_fixup(prefered_lft, HZ);
826 	if (addrconf_finite_timeout(timeout)) {
827 		if (timeout == 0)
828 			flags |= IFA_F_DEPRECATED;
829 		WRITE_ONCE(ifa->ifa_preferred_lft, timeout);
830 	}
831 	WRITE_ONCE(ifa->ifa_flags, flags);
832 	WRITE_ONCE(ifa->ifa_tstamp, jiffies);
833 	if (!ifa->ifa_cstamp)
834 		WRITE_ONCE(ifa->ifa_cstamp, ifa->ifa_tstamp);
835 }
836 
837 static struct in_ifaddr *rtm_to_ifaddr(struct net *net, struct nlmsghdr *nlh,
838 				       __u32 *pvalid_lft, __u32 *pprefered_lft,
839 				       struct netlink_ext_ack *extack)
840 {
841 	struct nlattr *tb[IFA_MAX+1];
842 	struct in_ifaddr *ifa;
843 	struct ifaddrmsg *ifm;
844 	struct net_device *dev;
845 	struct in_device *in_dev;
846 	int err;
847 
848 	err = nlmsg_parse_deprecated(nlh, sizeof(*ifm), tb, IFA_MAX,
849 				     ifa_ipv4_policy, extack);
850 	if (err < 0)
851 		goto errout;
852 
853 	ifm = nlmsg_data(nlh);
854 	err = -EINVAL;
855 
856 	if (ifm->ifa_prefixlen > 32) {
857 		NL_SET_ERR_MSG(extack, "ipv4: Invalid prefix length");
858 		goto errout;
859 	}
860 
861 	if (!tb[IFA_LOCAL]) {
862 		NL_SET_ERR_MSG(extack, "ipv4: Local address is not supplied");
863 		goto errout;
864 	}
865 
866 	dev = __dev_get_by_index(net, ifm->ifa_index);
867 	err = -ENODEV;
868 	if (!dev) {
869 		NL_SET_ERR_MSG(extack, "ipv4: Device not found");
870 		goto errout;
871 	}
872 
873 	in_dev = __in_dev_get_rtnl(dev);
874 	err = -ENOBUFS;
875 	if (!in_dev)
876 		goto errout;
877 
878 	ifa = inet_alloc_ifa();
879 	if (!ifa)
880 		/*
881 		 * A potential indev allocation can be left alive, it stays
882 		 * assigned to its device and is destroy with it.
883 		 */
884 		goto errout;
885 
886 	ipv4_devconf_setall(in_dev);
887 	neigh_parms_data_state_setall(in_dev->arp_parms);
888 	in_dev_hold(in_dev);
889 
890 	if (!tb[IFA_ADDRESS])
891 		tb[IFA_ADDRESS] = tb[IFA_LOCAL];
892 
893 	INIT_HLIST_NODE(&ifa->hash);
894 	ifa->ifa_prefixlen = ifm->ifa_prefixlen;
895 	ifa->ifa_mask = inet_make_mask(ifm->ifa_prefixlen);
896 	ifa->ifa_flags = tb[IFA_FLAGS] ? nla_get_u32(tb[IFA_FLAGS]) :
897 					 ifm->ifa_flags;
898 	ifa->ifa_scope = ifm->ifa_scope;
899 	ifa->ifa_dev = in_dev;
900 
901 	ifa->ifa_local = nla_get_in_addr(tb[IFA_LOCAL]);
902 	ifa->ifa_address = nla_get_in_addr(tb[IFA_ADDRESS]);
903 
904 	if (tb[IFA_BROADCAST])
905 		ifa->ifa_broadcast = nla_get_in_addr(tb[IFA_BROADCAST]);
906 
907 	if (tb[IFA_LABEL])
908 		nla_strscpy(ifa->ifa_label, tb[IFA_LABEL], IFNAMSIZ);
909 	else
910 		memcpy(ifa->ifa_label, dev->name, IFNAMSIZ);
911 
912 	if (tb[IFA_RT_PRIORITY])
913 		ifa->ifa_rt_priority = nla_get_u32(tb[IFA_RT_PRIORITY]);
914 
915 	if (tb[IFA_PROTO])
916 		ifa->ifa_proto = nla_get_u8(tb[IFA_PROTO]);
917 
918 	if (tb[IFA_CACHEINFO]) {
919 		struct ifa_cacheinfo *ci;
920 
921 		ci = nla_data(tb[IFA_CACHEINFO]);
922 		if (!ci->ifa_valid || ci->ifa_prefered > ci->ifa_valid) {
923 			NL_SET_ERR_MSG(extack, "ipv4: address lifetime invalid");
924 			err = -EINVAL;
925 			goto errout_free;
926 		}
927 		*pvalid_lft = ci->ifa_valid;
928 		*pprefered_lft = ci->ifa_prefered;
929 	}
930 
931 	return ifa;
932 
933 errout_free:
934 	inet_free_ifa(ifa);
935 errout:
936 	return ERR_PTR(err);
937 }
938 
939 static struct in_ifaddr *find_matching_ifa(struct in_ifaddr *ifa)
940 {
941 	struct in_device *in_dev = ifa->ifa_dev;
942 	struct in_ifaddr *ifa1;
943 
944 	if (!ifa->ifa_local)
945 		return NULL;
946 
947 	in_dev_for_each_ifa_rtnl(ifa1, in_dev) {
948 		if (ifa1->ifa_mask == ifa->ifa_mask &&
949 		    inet_ifa_match(ifa1->ifa_address, ifa) &&
950 		    ifa1->ifa_local == ifa->ifa_local)
951 			return ifa1;
952 	}
953 	return NULL;
954 }
955 
956 static int inet_rtm_newaddr(struct sk_buff *skb, struct nlmsghdr *nlh,
957 			    struct netlink_ext_ack *extack)
958 {
959 	struct net *net = sock_net(skb->sk);
960 	struct in_ifaddr *ifa;
961 	struct in_ifaddr *ifa_existing;
962 	__u32 valid_lft = INFINITY_LIFE_TIME;
963 	__u32 prefered_lft = INFINITY_LIFE_TIME;
964 
965 	ASSERT_RTNL();
966 
967 	ifa = rtm_to_ifaddr(net, nlh, &valid_lft, &prefered_lft, extack);
968 	if (IS_ERR(ifa))
969 		return PTR_ERR(ifa);
970 
971 	ifa_existing = find_matching_ifa(ifa);
972 	if (!ifa_existing) {
973 		/* It would be best to check for !NLM_F_CREATE here but
974 		 * userspace already relies on not having to provide this.
975 		 */
976 		set_ifa_lifetime(ifa, valid_lft, prefered_lft);
977 		if (ifa->ifa_flags & IFA_F_MCAUTOJOIN) {
978 			int ret = ip_mc_autojoin_config(net, true, ifa);
979 
980 			if (ret < 0) {
981 				NL_SET_ERR_MSG(extack, "ipv4: Multicast auto join failed");
982 				inet_free_ifa(ifa);
983 				return ret;
984 			}
985 		}
986 		return __inet_insert_ifa(ifa, nlh, NETLINK_CB(skb).portid,
987 					 extack);
988 	} else {
989 		u32 new_metric = ifa->ifa_rt_priority;
990 		u8 new_proto = ifa->ifa_proto;
991 
992 		inet_free_ifa(ifa);
993 
994 		if (nlh->nlmsg_flags & NLM_F_EXCL ||
995 		    !(nlh->nlmsg_flags & NLM_F_REPLACE)) {
996 			NL_SET_ERR_MSG(extack, "ipv4: Address already assigned");
997 			return -EEXIST;
998 		}
999 		ifa = ifa_existing;
1000 
1001 		if (ifa->ifa_rt_priority != new_metric) {
1002 			fib_modify_prefix_metric(ifa, new_metric);
1003 			ifa->ifa_rt_priority = new_metric;
1004 		}
1005 
1006 		ifa->ifa_proto = new_proto;
1007 
1008 		set_ifa_lifetime(ifa, valid_lft, prefered_lft);
1009 		cancel_delayed_work(&check_lifetime_work);
1010 		queue_delayed_work(system_power_efficient_wq,
1011 				&check_lifetime_work, 0);
1012 		rtmsg_ifa(RTM_NEWADDR, ifa, nlh, NETLINK_CB(skb).portid);
1013 	}
1014 	return 0;
1015 }
1016 
1017 /*
1018  *	Determine a default network mask, based on the IP address.
1019  */
1020 
1021 static int inet_abc_len(__be32 addr)
1022 {
1023 	int rc = -1;	/* Something else, probably a multicast. */
1024 
1025 	if (ipv4_is_zeronet(addr) || ipv4_is_lbcast(addr))
1026 		rc = 0;
1027 	else {
1028 		__u32 haddr = ntohl(addr);
1029 		if (IN_CLASSA(haddr))
1030 			rc = 8;
1031 		else if (IN_CLASSB(haddr))
1032 			rc = 16;
1033 		else if (IN_CLASSC(haddr))
1034 			rc = 24;
1035 		else if (IN_CLASSE(haddr))
1036 			rc = 32;
1037 	}
1038 
1039 	return rc;
1040 }
1041 
1042 
1043 int devinet_ioctl(struct net *net, unsigned int cmd, struct ifreq *ifr)
1044 {
1045 	struct sockaddr_in sin_orig;
1046 	struct sockaddr_in *sin = (struct sockaddr_in *)&ifr->ifr_addr;
1047 	struct in_ifaddr __rcu **ifap = NULL;
1048 	struct in_device *in_dev;
1049 	struct in_ifaddr *ifa = NULL;
1050 	struct net_device *dev;
1051 	char *colon;
1052 	int ret = -EFAULT;
1053 	int tryaddrmatch = 0;
1054 
1055 	ifr->ifr_name[IFNAMSIZ - 1] = 0;
1056 
1057 	/* save original address for comparison */
1058 	memcpy(&sin_orig, sin, sizeof(*sin));
1059 
1060 	colon = strchr(ifr->ifr_name, ':');
1061 	if (colon)
1062 		*colon = 0;
1063 
1064 	dev_load(net, ifr->ifr_name);
1065 
1066 	switch (cmd) {
1067 	case SIOCGIFADDR:	/* Get interface address */
1068 	case SIOCGIFBRDADDR:	/* Get the broadcast address */
1069 	case SIOCGIFDSTADDR:	/* Get the destination address */
1070 	case SIOCGIFNETMASK:	/* Get the netmask for the interface */
1071 		/* Note that these ioctls will not sleep,
1072 		   so that we do not impose a lock.
1073 		   One day we will be forced to put shlock here (I mean SMP)
1074 		 */
1075 		tryaddrmatch = (sin_orig.sin_family == AF_INET);
1076 		memset(sin, 0, sizeof(*sin));
1077 		sin->sin_family = AF_INET;
1078 		break;
1079 
1080 	case SIOCSIFFLAGS:
1081 		ret = -EPERM;
1082 		if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
1083 			goto out;
1084 		break;
1085 	case SIOCSIFADDR:	/* Set interface address (and family) */
1086 	case SIOCSIFBRDADDR:	/* Set the broadcast address */
1087 	case SIOCSIFDSTADDR:	/* Set the destination address */
1088 	case SIOCSIFNETMASK: 	/* Set the netmask for the interface */
1089 		ret = -EPERM;
1090 		if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
1091 			goto out;
1092 		ret = -EINVAL;
1093 		if (sin->sin_family != AF_INET)
1094 			goto out;
1095 		break;
1096 	default:
1097 		ret = -EINVAL;
1098 		goto out;
1099 	}
1100 
1101 	rtnl_lock();
1102 
1103 	ret = -ENODEV;
1104 	dev = __dev_get_by_name(net, ifr->ifr_name);
1105 	if (!dev)
1106 		goto done;
1107 
1108 	if (colon)
1109 		*colon = ':';
1110 
1111 	in_dev = __in_dev_get_rtnl(dev);
1112 	if (in_dev) {
1113 		if (tryaddrmatch) {
1114 			/* Matthias Andree */
1115 			/* compare label and address (4.4BSD style) */
1116 			/* note: we only do this for a limited set of ioctls
1117 			   and only if the original address family was AF_INET.
1118 			   This is checked above. */
1119 
1120 			for (ifap = &in_dev->ifa_list;
1121 			     (ifa = rtnl_dereference(*ifap)) != NULL;
1122 			     ifap = &ifa->ifa_next) {
1123 				if (!strcmp(ifr->ifr_name, ifa->ifa_label) &&
1124 				    sin_orig.sin_addr.s_addr ==
1125 							ifa->ifa_local) {
1126 					break; /* found */
1127 				}
1128 			}
1129 		}
1130 		/* we didn't get a match, maybe the application is
1131 		   4.3BSD-style and passed in junk so we fall back to
1132 		   comparing just the label */
1133 		if (!ifa) {
1134 			for (ifap = &in_dev->ifa_list;
1135 			     (ifa = rtnl_dereference(*ifap)) != NULL;
1136 			     ifap = &ifa->ifa_next)
1137 				if (!strcmp(ifr->ifr_name, ifa->ifa_label))
1138 					break;
1139 		}
1140 	}
1141 
1142 	ret = -EADDRNOTAVAIL;
1143 	if (!ifa && cmd != SIOCSIFADDR && cmd != SIOCSIFFLAGS)
1144 		goto done;
1145 
1146 	switch (cmd) {
1147 	case SIOCGIFADDR:	/* Get interface address */
1148 		ret = 0;
1149 		sin->sin_addr.s_addr = ifa->ifa_local;
1150 		break;
1151 
1152 	case SIOCGIFBRDADDR:	/* Get the broadcast address */
1153 		ret = 0;
1154 		sin->sin_addr.s_addr = ifa->ifa_broadcast;
1155 		break;
1156 
1157 	case SIOCGIFDSTADDR:	/* Get the destination address */
1158 		ret = 0;
1159 		sin->sin_addr.s_addr = ifa->ifa_address;
1160 		break;
1161 
1162 	case SIOCGIFNETMASK:	/* Get the netmask for the interface */
1163 		ret = 0;
1164 		sin->sin_addr.s_addr = ifa->ifa_mask;
1165 		break;
1166 
1167 	case SIOCSIFFLAGS:
1168 		if (colon) {
1169 			ret = -EADDRNOTAVAIL;
1170 			if (!ifa)
1171 				break;
1172 			ret = 0;
1173 			if (!(ifr->ifr_flags & IFF_UP))
1174 				inet_del_ifa(in_dev, ifap, 1);
1175 			break;
1176 		}
1177 		ret = dev_change_flags(dev, ifr->ifr_flags, NULL);
1178 		break;
1179 
1180 	case SIOCSIFADDR:	/* Set interface address (and family) */
1181 		ret = -EINVAL;
1182 		if (inet_abc_len(sin->sin_addr.s_addr) < 0)
1183 			break;
1184 
1185 		if (!ifa) {
1186 			ret = -ENOBUFS;
1187 			ifa = inet_alloc_ifa();
1188 			if (!ifa)
1189 				break;
1190 			INIT_HLIST_NODE(&ifa->hash);
1191 			if (colon)
1192 				memcpy(ifa->ifa_label, ifr->ifr_name, IFNAMSIZ);
1193 			else
1194 				memcpy(ifa->ifa_label, dev->name, IFNAMSIZ);
1195 		} else {
1196 			ret = 0;
1197 			if (ifa->ifa_local == sin->sin_addr.s_addr)
1198 				break;
1199 			inet_del_ifa(in_dev, ifap, 0);
1200 			ifa->ifa_broadcast = 0;
1201 			ifa->ifa_scope = 0;
1202 		}
1203 
1204 		ifa->ifa_address = ifa->ifa_local = sin->sin_addr.s_addr;
1205 
1206 		if (!(dev->flags & IFF_POINTOPOINT)) {
1207 			ifa->ifa_prefixlen = inet_abc_len(ifa->ifa_address);
1208 			ifa->ifa_mask = inet_make_mask(ifa->ifa_prefixlen);
1209 			if ((dev->flags & IFF_BROADCAST) &&
1210 			    ifa->ifa_prefixlen < 31)
1211 				ifa->ifa_broadcast = ifa->ifa_address |
1212 						     ~ifa->ifa_mask;
1213 		} else {
1214 			ifa->ifa_prefixlen = 32;
1215 			ifa->ifa_mask = inet_make_mask(32);
1216 		}
1217 		set_ifa_lifetime(ifa, INFINITY_LIFE_TIME, INFINITY_LIFE_TIME);
1218 		ret = inet_set_ifa(dev, ifa);
1219 		break;
1220 
1221 	case SIOCSIFBRDADDR:	/* Set the broadcast address */
1222 		ret = 0;
1223 		if (ifa->ifa_broadcast != sin->sin_addr.s_addr) {
1224 			inet_del_ifa(in_dev, ifap, 0);
1225 			ifa->ifa_broadcast = sin->sin_addr.s_addr;
1226 			inet_insert_ifa(ifa);
1227 		}
1228 		break;
1229 
1230 	case SIOCSIFDSTADDR:	/* Set the destination address */
1231 		ret = 0;
1232 		if (ifa->ifa_address == sin->sin_addr.s_addr)
1233 			break;
1234 		ret = -EINVAL;
1235 		if (inet_abc_len(sin->sin_addr.s_addr) < 0)
1236 			break;
1237 		ret = 0;
1238 		inet_del_ifa(in_dev, ifap, 0);
1239 		ifa->ifa_address = sin->sin_addr.s_addr;
1240 		inet_insert_ifa(ifa);
1241 		break;
1242 
1243 	case SIOCSIFNETMASK: 	/* Set the netmask for the interface */
1244 
1245 		/*
1246 		 *	The mask we set must be legal.
1247 		 */
1248 		ret = -EINVAL;
1249 		if (bad_mask(sin->sin_addr.s_addr, 0))
1250 			break;
1251 		ret = 0;
1252 		if (ifa->ifa_mask != sin->sin_addr.s_addr) {
1253 			__be32 old_mask = ifa->ifa_mask;
1254 			inet_del_ifa(in_dev, ifap, 0);
1255 			ifa->ifa_mask = sin->sin_addr.s_addr;
1256 			ifa->ifa_prefixlen = inet_mask_len(ifa->ifa_mask);
1257 
1258 			/* See if current broadcast address matches
1259 			 * with current netmask, then recalculate
1260 			 * the broadcast address. Otherwise it's a
1261 			 * funny address, so don't touch it since
1262 			 * the user seems to know what (s)he's doing...
1263 			 */
1264 			if ((dev->flags & IFF_BROADCAST) &&
1265 			    (ifa->ifa_prefixlen < 31) &&
1266 			    (ifa->ifa_broadcast ==
1267 			     (ifa->ifa_local|~old_mask))) {
1268 				ifa->ifa_broadcast = (ifa->ifa_local |
1269 						      ~sin->sin_addr.s_addr);
1270 			}
1271 			inet_insert_ifa(ifa);
1272 		}
1273 		break;
1274 	}
1275 done:
1276 	rtnl_unlock();
1277 out:
1278 	return ret;
1279 }
1280 
1281 int inet_gifconf(struct net_device *dev, char __user *buf, int len, int size)
1282 {
1283 	struct in_device *in_dev = __in_dev_get_rtnl(dev);
1284 	const struct in_ifaddr *ifa;
1285 	struct ifreq ifr;
1286 	int done = 0;
1287 
1288 	if (WARN_ON(size > sizeof(struct ifreq)))
1289 		goto out;
1290 
1291 	if (!in_dev)
1292 		goto out;
1293 
1294 	in_dev_for_each_ifa_rtnl(ifa, in_dev) {
1295 		if (!buf) {
1296 			done += size;
1297 			continue;
1298 		}
1299 		if (len < size)
1300 			break;
1301 		memset(&ifr, 0, sizeof(struct ifreq));
1302 		strcpy(ifr.ifr_name, ifa->ifa_label);
1303 
1304 		(*(struct sockaddr_in *)&ifr.ifr_addr).sin_family = AF_INET;
1305 		(*(struct sockaddr_in *)&ifr.ifr_addr).sin_addr.s_addr =
1306 								ifa->ifa_local;
1307 
1308 		if (copy_to_user(buf + done, &ifr, size)) {
1309 			done = -EFAULT;
1310 			break;
1311 		}
1312 		len  -= size;
1313 		done += size;
1314 	}
1315 out:
1316 	return done;
1317 }
1318 
1319 static __be32 in_dev_select_addr(const struct in_device *in_dev,
1320 				 int scope)
1321 {
1322 	const struct in_ifaddr *ifa;
1323 
1324 	in_dev_for_each_ifa_rcu(ifa, in_dev) {
1325 		if (READ_ONCE(ifa->ifa_flags) & IFA_F_SECONDARY)
1326 			continue;
1327 		if (ifa->ifa_scope != RT_SCOPE_LINK &&
1328 		    ifa->ifa_scope <= scope)
1329 			return ifa->ifa_local;
1330 	}
1331 
1332 	return 0;
1333 }
1334 
1335 __be32 inet_select_addr(const struct net_device *dev, __be32 dst, int scope)
1336 {
1337 	const struct in_ifaddr *ifa;
1338 	__be32 addr = 0;
1339 	unsigned char localnet_scope = RT_SCOPE_HOST;
1340 	struct in_device *in_dev;
1341 	struct net *net = dev_net(dev);
1342 	int master_idx;
1343 
1344 	rcu_read_lock();
1345 	in_dev = __in_dev_get_rcu(dev);
1346 	if (!in_dev)
1347 		goto no_in_dev;
1348 
1349 	if (unlikely(IN_DEV_ROUTE_LOCALNET(in_dev)))
1350 		localnet_scope = RT_SCOPE_LINK;
1351 
1352 	in_dev_for_each_ifa_rcu(ifa, in_dev) {
1353 		if (READ_ONCE(ifa->ifa_flags) & IFA_F_SECONDARY)
1354 			continue;
1355 		if (min(ifa->ifa_scope, localnet_scope) > scope)
1356 			continue;
1357 		if (!dst || inet_ifa_match(dst, ifa)) {
1358 			addr = ifa->ifa_local;
1359 			break;
1360 		}
1361 		if (!addr)
1362 			addr = ifa->ifa_local;
1363 	}
1364 
1365 	if (addr)
1366 		goto out_unlock;
1367 no_in_dev:
1368 	master_idx = l3mdev_master_ifindex_rcu(dev);
1369 
1370 	/* For VRFs, the VRF device takes the place of the loopback device,
1371 	 * with addresses on it being preferred.  Note in such cases the
1372 	 * loopback device will be among the devices that fail the master_idx
1373 	 * equality check in the loop below.
1374 	 */
1375 	if (master_idx &&
1376 	    (dev = dev_get_by_index_rcu(net, master_idx)) &&
1377 	    (in_dev = __in_dev_get_rcu(dev))) {
1378 		addr = in_dev_select_addr(in_dev, scope);
1379 		if (addr)
1380 			goto out_unlock;
1381 	}
1382 
1383 	/* Not loopback addresses on loopback should be preferred
1384 	   in this case. It is important that lo is the first interface
1385 	   in dev_base list.
1386 	 */
1387 	for_each_netdev_rcu(net, dev) {
1388 		if (l3mdev_master_ifindex_rcu(dev) != master_idx)
1389 			continue;
1390 
1391 		in_dev = __in_dev_get_rcu(dev);
1392 		if (!in_dev)
1393 			continue;
1394 
1395 		addr = in_dev_select_addr(in_dev, scope);
1396 		if (addr)
1397 			goto out_unlock;
1398 	}
1399 out_unlock:
1400 	rcu_read_unlock();
1401 	return addr;
1402 }
1403 EXPORT_SYMBOL(inet_select_addr);
1404 
1405 static __be32 confirm_addr_indev(struct in_device *in_dev, __be32 dst,
1406 			      __be32 local, int scope)
1407 {
1408 	unsigned char localnet_scope = RT_SCOPE_HOST;
1409 	const struct in_ifaddr *ifa;
1410 	__be32 addr = 0;
1411 	int same = 0;
1412 
1413 	if (unlikely(IN_DEV_ROUTE_LOCALNET(in_dev)))
1414 		localnet_scope = RT_SCOPE_LINK;
1415 
1416 	in_dev_for_each_ifa_rcu(ifa, in_dev) {
1417 		unsigned char min_scope = min(ifa->ifa_scope, localnet_scope);
1418 
1419 		if (!addr &&
1420 		    (local == ifa->ifa_local || !local) &&
1421 		    min_scope <= scope) {
1422 			addr = ifa->ifa_local;
1423 			if (same)
1424 				break;
1425 		}
1426 		if (!same) {
1427 			same = (!local || inet_ifa_match(local, ifa)) &&
1428 				(!dst || inet_ifa_match(dst, ifa));
1429 			if (same && addr) {
1430 				if (local || !dst)
1431 					break;
1432 				/* Is the selected addr into dst subnet? */
1433 				if (inet_ifa_match(addr, ifa))
1434 					break;
1435 				/* No, then can we use new local src? */
1436 				if (min_scope <= scope) {
1437 					addr = ifa->ifa_local;
1438 					break;
1439 				}
1440 				/* search for large dst subnet for addr */
1441 				same = 0;
1442 			}
1443 		}
1444 	}
1445 
1446 	return same ? addr : 0;
1447 }
1448 
1449 /*
1450  * Confirm that local IP address exists using wildcards:
1451  * - net: netns to check, cannot be NULL
1452  * - in_dev: only on this interface, NULL=any interface
1453  * - dst: only in the same subnet as dst, 0=any dst
1454  * - local: address, 0=autoselect the local address
1455  * - scope: maximum allowed scope value for the local address
1456  */
1457 __be32 inet_confirm_addr(struct net *net, struct in_device *in_dev,
1458 			 __be32 dst, __be32 local, int scope)
1459 {
1460 	__be32 addr = 0;
1461 	struct net_device *dev;
1462 
1463 	if (in_dev)
1464 		return confirm_addr_indev(in_dev, dst, local, scope);
1465 
1466 	rcu_read_lock();
1467 	for_each_netdev_rcu(net, dev) {
1468 		in_dev = __in_dev_get_rcu(dev);
1469 		if (in_dev) {
1470 			addr = confirm_addr_indev(in_dev, dst, local, scope);
1471 			if (addr)
1472 				break;
1473 		}
1474 	}
1475 	rcu_read_unlock();
1476 
1477 	return addr;
1478 }
1479 EXPORT_SYMBOL(inet_confirm_addr);
1480 
1481 /*
1482  *	Device notifier
1483  */
1484 
1485 int register_inetaddr_notifier(struct notifier_block *nb)
1486 {
1487 	return blocking_notifier_chain_register(&inetaddr_chain, nb);
1488 }
1489 EXPORT_SYMBOL(register_inetaddr_notifier);
1490 
1491 int unregister_inetaddr_notifier(struct notifier_block *nb)
1492 {
1493 	return blocking_notifier_chain_unregister(&inetaddr_chain, nb);
1494 }
1495 EXPORT_SYMBOL(unregister_inetaddr_notifier);
1496 
1497 int register_inetaddr_validator_notifier(struct notifier_block *nb)
1498 {
1499 	return blocking_notifier_chain_register(&inetaddr_validator_chain, nb);
1500 }
1501 EXPORT_SYMBOL(register_inetaddr_validator_notifier);
1502 
1503 int unregister_inetaddr_validator_notifier(struct notifier_block *nb)
1504 {
1505 	return blocking_notifier_chain_unregister(&inetaddr_validator_chain,
1506 	    nb);
1507 }
1508 EXPORT_SYMBOL(unregister_inetaddr_validator_notifier);
1509 
1510 /* Rename ifa_labels for a device name change. Make some effort to preserve
1511  * existing alias numbering and to create unique labels if possible.
1512 */
1513 static void inetdev_changename(struct net_device *dev, struct in_device *in_dev)
1514 {
1515 	struct in_ifaddr *ifa;
1516 	int named = 0;
1517 
1518 	in_dev_for_each_ifa_rtnl(ifa, in_dev) {
1519 		char old[IFNAMSIZ], *dot;
1520 
1521 		memcpy(old, ifa->ifa_label, IFNAMSIZ);
1522 		memcpy(ifa->ifa_label, dev->name, IFNAMSIZ);
1523 		if (named++ == 0)
1524 			goto skip;
1525 		dot = strchr(old, ':');
1526 		if (!dot) {
1527 			sprintf(old, ":%d", named);
1528 			dot = old;
1529 		}
1530 		if (strlen(dot) + strlen(dev->name) < IFNAMSIZ)
1531 			strcat(ifa->ifa_label, dot);
1532 		else
1533 			strcpy(ifa->ifa_label + (IFNAMSIZ - strlen(dot) - 1), dot);
1534 skip:
1535 		rtmsg_ifa(RTM_NEWADDR, ifa, NULL, 0);
1536 	}
1537 }
1538 
1539 static void inetdev_send_gratuitous_arp(struct net_device *dev,
1540 					struct in_device *in_dev)
1541 
1542 {
1543 	const struct in_ifaddr *ifa;
1544 
1545 	in_dev_for_each_ifa_rtnl(ifa, in_dev) {
1546 		arp_send(ARPOP_REQUEST, ETH_P_ARP,
1547 			 ifa->ifa_local, dev,
1548 			 ifa->ifa_local, NULL,
1549 			 dev->dev_addr, NULL);
1550 	}
1551 }
1552 
1553 /* Called only under RTNL semaphore */
1554 
1555 static int inetdev_event(struct notifier_block *this, unsigned long event,
1556 			 void *ptr)
1557 {
1558 	struct net_device *dev = netdev_notifier_info_to_dev(ptr);
1559 	struct in_device *in_dev = __in_dev_get_rtnl(dev);
1560 
1561 	ASSERT_RTNL();
1562 
1563 	if (!in_dev) {
1564 		if (event == NETDEV_REGISTER) {
1565 			in_dev = inetdev_init(dev);
1566 			if (IS_ERR(in_dev))
1567 				return notifier_from_errno(PTR_ERR(in_dev));
1568 			if (dev->flags & IFF_LOOPBACK) {
1569 				IN_DEV_CONF_SET(in_dev, NOXFRM, 1);
1570 				IN_DEV_CONF_SET(in_dev, NOPOLICY, 1);
1571 			}
1572 		} else if (event == NETDEV_CHANGEMTU) {
1573 			/* Re-enabling IP */
1574 			if (inetdev_valid_mtu(dev->mtu))
1575 				in_dev = inetdev_init(dev);
1576 		}
1577 		goto out;
1578 	}
1579 
1580 	switch (event) {
1581 	case NETDEV_REGISTER:
1582 		pr_debug("%s: bug\n", __func__);
1583 		RCU_INIT_POINTER(dev->ip_ptr, NULL);
1584 		break;
1585 	case NETDEV_UP:
1586 		if (!inetdev_valid_mtu(dev->mtu))
1587 			break;
1588 		if (dev->flags & IFF_LOOPBACK) {
1589 			struct in_ifaddr *ifa = inet_alloc_ifa();
1590 
1591 			if (ifa) {
1592 				INIT_HLIST_NODE(&ifa->hash);
1593 				ifa->ifa_local =
1594 				  ifa->ifa_address = htonl(INADDR_LOOPBACK);
1595 				ifa->ifa_prefixlen = 8;
1596 				ifa->ifa_mask = inet_make_mask(8);
1597 				in_dev_hold(in_dev);
1598 				ifa->ifa_dev = in_dev;
1599 				ifa->ifa_scope = RT_SCOPE_HOST;
1600 				memcpy(ifa->ifa_label, dev->name, IFNAMSIZ);
1601 				set_ifa_lifetime(ifa, INFINITY_LIFE_TIME,
1602 						 INFINITY_LIFE_TIME);
1603 				ipv4_devconf_setall(in_dev);
1604 				neigh_parms_data_state_setall(in_dev->arp_parms);
1605 				inet_insert_ifa(ifa);
1606 			}
1607 		}
1608 		ip_mc_up(in_dev);
1609 		fallthrough;
1610 	case NETDEV_CHANGEADDR:
1611 		if (!IN_DEV_ARP_NOTIFY(in_dev))
1612 			break;
1613 		fallthrough;
1614 	case NETDEV_NOTIFY_PEERS:
1615 		/* Send gratuitous ARP to notify of link change */
1616 		inetdev_send_gratuitous_arp(dev, in_dev);
1617 		break;
1618 	case NETDEV_DOWN:
1619 		ip_mc_down(in_dev);
1620 		break;
1621 	case NETDEV_PRE_TYPE_CHANGE:
1622 		ip_mc_unmap(in_dev);
1623 		break;
1624 	case NETDEV_POST_TYPE_CHANGE:
1625 		ip_mc_remap(in_dev);
1626 		break;
1627 	case NETDEV_CHANGEMTU:
1628 		if (inetdev_valid_mtu(dev->mtu))
1629 			break;
1630 		/* disable IP when MTU is not enough */
1631 		fallthrough;
1632 	case NETDEV_UNREGISTER:
1633 		inetdev_destroy(in_dev);
1634 		break;
1635 	case NETDEV_CHANGENAME:
1636 		/* Do not notify about label change, this event is
1637 		 * not interesting to applications using netlink.
1638 		 */
1639 		inetdev_changename(dev, in_dev);
1640 
1641 		devinet_sysctl_unregister(in_dev);
1642 		devinet_sysctl_register(in_dev);
1643 		break;
1644 	}
1645 out:
1646 	return NOTIFY_DONE;
1647 }
1648 
1649 static struct notifier_block ip_netdev_notifier = {
1650 	.notifier_call = inetdev_event,
1651 };
1652 
1653 static size_t inet_nlmsg_size(void)
1654 {
1655 	return NLMSG_ALIGN(sizeof(struct ifaddrmsg))
1656 	       + nla_total_size(4) /* IFA_ADDRESS */
1657 	       + nla_total_size(4) /* IFA_LOCAL */
1658 	       + nla_total_size(4) /* IFA_BROADCAST */
1659 	       + nla_total_size(IFNAMSIZ) /* IFA_LABEL */
1660 	       + nla_total_size(4)  /* IFA_FLAGS */
1661 	       + nla_total_size(1)  /* IFA_PROTO */
1662 	       + nla_total_size(4)  /* IFA_RT_PRIORITY */
1663 	       + nla_total_size(sizeof(struct ifa_cacheinfo)); /* IFA_CACHEINFO */
1664 }
1665 
1666 static inline u32 cstamp_delta(unsigned long cstamp)
1667 {
1668 	return (cstamp - INITIAL_JIFFIES) * 100UL / HZ;
1669 }
1670 
1671 static int put_cacheinfo(struct sk_buff *skb, unsigned long cstamp,
1672 			 unsigned long tstamp, u32 preferred, u32 valid)
1673 {
1674 	struct ifa_cacheinfo ci;
1675 
1676 	ci.cstamp = cstamp_delta(cstamp);
1677 	ci.tstamp = cstamp_delta(tstamp);
1678 	ci.ifa_prefered = preferred;
1679 	ci.ifa_valid = valid;
1680 
1681 	return nla_put(skb, IFA_CACHEINFO, sizeof(ci), &ci);
1682 }
1683 
1684 static int inet_fill_ifaddr(struct sk_buff *skb, const struct in_ifaddr *ifa,
1685 			    struct inet_fill_args *args)
1686 {
1687 	struct ifaddrmsg *ifm;
1688 	struct nlmsghdr  *nlh;
1689 	unsigned long tstamp;
1690 	u32 preferred, valid;
1691 	u32 flags;
1692 
1693 	nlh = nlmsg_put(skb, args->portid, args->seq, args->event, sizeof(*ifm),
1694 			args->flags);
1695 	if (!nlh)
1696 		return -EMSGSIZE;
1697 
1698 	ifm = nlmsg_data(nlh);
1699 	ifm->ifa_family = AF_INET;
1700 	ifm->ifa_prefixlen = ifa->ifa_prefixlen;
1701 
1702 	flags = READ_ONCE(ifa->ifa_flags);
1703 	/* Warning : ifm->ifa_flags is an __u8, it holds only 8 bits.
1704 	 * The 32bit value is given in IFA_FLAGS attribute.
1705 	 */
1706 	ifm->ifa_flags = (__u8)flags;
1707 
1708 	ifm->ifa_scope = ifa->ifa_scope;
1709 	ifm->ifa_index = ifa->ifa_dev->dev->ifindex;
1710 
1711 	if (args->netnsid >= 0 &&
1712 	    nla_put_s32(skb, IFA_TARGET_NETNSID, args->netnsid))
1713 		goto nla_put_failure;
1714 
1715 	tstamp = READ_ONCE(ifa->ifa_tstamp);
1716 	if (!(flags & IFA_F_PERMANENT)) {
1717 		preferred = READ_ONCE(ifa->ifa_preferred_lft);
1718 		valid = READ_ONCE(ifa->ifa_valid_lft);
1719 		if (preferred != INFINITY_LIFE_TIME) {
1720 			long tval = (jiffies - tstamp) / HZ;
1721 
1722 			if (preferred > tval)
1723 				preferred -= tval;
1724 			else
1725 				preferred = 0;
1726 			if (valid != INFINITY_LIFE_TIME) {
1727 				if (valid > tval)
1728 					valid -= tval;
1729 				else
1730 					valid = 0;
1731 			}
1732 		}
1733 	} else {
1734 		preferred = INFINITY_LIFE_TIME;
1735 		valid = INFINITY_LIFE_TIME;
1736 	}
1737 	if ((ifa->ifa_address &&
1738 	     nla_put_in_addr(skb, IFA_ADDRESS, ifa->ifa_address)) ||
1739 	    (ifa->ifa_local &&
1740 	     nla_put_in_addr(skb, IFA_LOCAL, ifa->ifa_local)) ||
1741 	    (ifa->ifa_broadcast &&
1742 	     nla_put_in_addr(skb, IFA_BROADCAST, ifa->ifa_broadcast)) ||
1743 	    (ifa->ifa_label[0] &&
1744 	     nla_put_string(skb, IFA_LABEL, ifa->ifa_label)) ||
1745 	    (ifa->ifa_proto &&
1746 	     nla_put_u8(skb, IFA_PROTO, ifa->ifa_proto)) ||
1747 	    nla_put_u32(skb, IFA_FLAGS, flags) ||
1748 	    (ifa->ifa_rt_priority &&
1749 	     nla_put_u32(skb, IFA_RT_PRIORITY, ifa->ifa_rt_priority)) ||
1750 	    put_cacheinfo(skb, READ_ONCE(ifa->ifa_cstamp), tstamp,
1751 			  preferred, valid))
1752 		goto nla_put_failure;
1753 
1754 	nlmsg_end(skb, nlh);
1755 	return 0;
1756 
1757 nla_put_failure:
1758 	nlmsg_cancel(skb, nlh);
1759 	return -EMSGSIZE;
1760 }
1761 
1762 static int inet_valid_dump_ifaddr_req(const struct nlmsghdr *nlh,
1763 				      struct inet_fill_args *fillargs,
1764 				      struct net **tgt_net, struct sock *sk,
1765 				      struct netlink_callback *cb)
1766 {
1767 	struct netlink_ext_ack *extack = cb->extack;
1768 	struct nlattr *tb[IFA_MAX+1];
1769 	struct ifaddrmsg *ifm;
1770 	int err, i;
1771 
1772 	if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ifm))) {
1773 		NL_SET_ERR_MSG(extack, "ipv4: Invalid header for address dump request");
1774 		return -EINVAL;
1775 	}
1776 
1777 	ifm = nlmsg_data(nlh);
1778 	if (ifm->ifa_prefixlen || ifm->ifa_flags || ifm->ifa_scope) {
1779 		NL_SET_ERR_MSG(extack, "ipv4: Invalid values in header for address dump request");
1780 		return -EINVAL;
1781 	}
1782 
1783 	fillargs->ifindex = ifm->ifa_index;
1784 	if (fillargs->ifindex) {
1785 		cb->answer_flags |= NLM_F_DUMP_FILTERED;
1786 		fillargs->flags |= NLM_F_DUMP_FILTERED;
1787 	}
1788 
1789 	err = nlmsg_parse_deprecated_strict(nlh, sizeof(*ifm), tb, IFA_MAX,
1790 					    ifa_ipv4_policy, extack);
1791 	if (err < 0)
1792 		return err;
1793 
1794 	for (i = 0; i <= IFA_MAX; ++i) {
1795 		if (!tb[i])
1796 			continue;
1797 
1798 		if (i == IFA_TARGET_NETNSID) {
1799 			struct net *net;
1800 
1801 			fillargs->netnsid = nla_get_s32(tb[i]);
1802 
1803 			net = rtnl_get_net_ns_capable(sk, fillargs->netnsid);
1804 			if (IS_ERR(net)) {
1805 				fillargs->netnsid = -1;
1806 				NL_SET_ERR_MSG(extack, "ipv4: Invalid target network namespace id");
1807 				return PTR_ERR(net);
1808 			}
1809 			*tgt_net = net;
1810 		} else {
1811 			NL_SET_ERR_MSG(extack, "ipv4: Unsupported attribute in dump request");
1812 			return -EINVAL;
1813 		}
1814 	}
1815 
1816 	return 0;
1817 }
1818 
1819 static int in_dev_dump_addr(struct in_device *in_dev, struct sk_buff *skb,
1820 			    struct netlink_callback *cb, int *s_ip_idx,
1821 			    struct inet_fill_args *fillargs)
1822 {
1823 	struct in_ifaddr *ifa;
1824 	int ip_idx = 0;
1825 	int err;
1826 
1827 	in_dev_for_each_ifa_rcu(ifa, in_dev) {
1828 		if (ip_idx < *s_ip_idx) {
1829 			ip_idx++;
1830 			continue;
1831 		}
1832 		err = inet_fill_ifaddr(skb, ifa, fillargs);
1833 		if (err < 0)
1834 			goto done;
1835 
1836 		nl_dump_check_consistent(cb, nlmsg_hdr(skb));
1837 		ip_idx++;
1838 	}
1839 	err = 0;
1840 	ip_idx = 0;
1841 done:
1842 	*s_ip_idx = ip_idx;
1843 
1844 	return err;
1845 }
1846 
1847 /* Combine dev_addr_genid and dev_base_seq to detect changes.
1848  */
1849 static u32 inet_base_seq(const struct net *net)
1850 {
1851 	u32 res = atomic_read(&net->ipv4.dev_addr_genid) +
1852 		  READ_ONCE(net->dev_base_seq);
1853 
1854 	/* Must not return 0 (see nl_dump_check_consistent()).
1855 	 * Chose a value far away from 0.
1856 	 */
1857 	if (!res)
1858 		res = 0x80000000;
1859 	return res;
1860 }
1861 
1862 static int inet_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb)
1863 {
1864 	const struct nlmsghdr *nlh = cb->nlh;
1865 	struct inet_fill_args fillargs = {
1866 		.portid = NETLINK_CB(cb->skb).portid,
1867 		.seq = nlh->nlmsg_seq,
1868 		.event = RTM_NEWADDR,
1869 		.flags = NLM_F_MULTI,
1870 		.netnsid = -1,
1871 	};
1872 	struct net *net = sock_net(skb->sk);
1873 	struct net *tgt_net = net;
1874 	struct {
1875 		unsigned long ifindex;
1876 		int ip_idx;
1877 	} *ctx = (void *)cb->ctx;
1878 	struct in_device *in_dev;
1879 	struct net_device *dev;
1880 	int err = 0;
1881 
1882 	rcu_read_lock();
1883 	if (cb->strict_check) {
1884 		err = inet_valid_dump_ifaddr_req(nlh, &fillargs, &tgt_net,
1885 						 skb->sk, cb);
1886 		if (err < 0)
1887 			goto done;
1888 
1889 		if (fillargs.ifindex) {
1890 			err = -ENODEV;
1891 			dev = dev_get_by_index_rcu(tgt_net, fillargs.ifindex);
1892 			if (!dev)
1893 				goto done;
1894 			in_dev = __in_dev_get_rcu(dev);
1895 			if (!in_dev)
1896 				goto done;
1897 			err = in_dev_dump_addr(in_dev, skb, cb, &ctx->ip_idx,
1898 					       &fillargs);
1899 			goto done;
1900 		}
1901 	}
1902 
1903 	cb->seq = inet_base_seq(tgt_net);
1904 
1905 	for_each_netdev_dump(net, dev, ctx->ifindex) {
1906 		in_dev = __in_dev_get_rcu(dev);
1907 		if (!in_dev)
1908 			continue;
1909 		err = in_dev_dump_addr(in_dev, skb, cb, &ctx->ip_idx,
1910 				       &fillargs);
1911 		if (err < 0)
1912 			goto done;
1913 	}
1914 done:
1915 	if (fillargs.netnsid >= 0)
1916 		put_net(tgt_net);
1917 	rcu_read_unlock();
1918 	return err;
1919 }
1920 
1921 static void rtmsg_ifa(int event, struct in_ifaddr *ifa, struct nlmsghdr *nlh,
1922 		      u32 portid)
1923 {
1924 	struct inet_fill_args fillargs = {
1925 		.portid = portid,
1926 		.seq = nlh ? nlh->nlmsg_seq : 0,
1927 		.event = event,
1928 		.flags = 0,
1929 		.netnsid = -1,
1930 	};
1931 	struct sk_buff *skb;
1932 	int err = -ENOBUFS;
1933 	struct net *net;
1934 
1935 	net = dev_net(ifa->ifa_dev->dev);
1936 	skb = nlmsg_new(inet_nlmsg_size(), GFP_KERNEL);
1937 	if (!skb)
1938 		goto errout;
1939 
1940 	err = inet_fill_ifaddr(skb, ifa, &fillargs);
1941 	if (err < 0) {
1942 		/* -EMSGSIZE implies BUG in inet_nlmsg_size() */
1943 		WARN_ON(err == -EMSGSIZE);
1944 		kfree_skb(skb);
1945 		goto errout;
1946 	}
1947 	rtnl_notify(skb, net, portid, RTNLGRP_IPV4_IFADDR, nlh, GFP_KERNEL);
1948 	return;
1949 errout:
1950 	if (err < 0)
1951 		rtnl_set_sk_err(net, RTNLGRP_IPV4_IFADDR, err);
1952 }
1953 
1954 static size_t inet_get_link_af_size(const struct net_device *dev,
1955 				    u32 ext_filter_mask)
1956 {
1957 	struct in_device *in_dev = rcu_dereference_rtnl(dev->ip_ptr);
1958 
1959 	if (!in_dev)
1960 		return 0;
1961 
1962 	return nla_total_size(IPV4_DEVCONF_MAX * 4); /* IFLA_INET_CONF */
1963 }
1964 
1965 static int inet_fill_link_af(struct sk_buff *skb, const struct net_device *dev,
1966 			     u32 ext_filter_mask)
1967 {
1968 	struct in_device *in_dev = rcu_dereference_rtnl(dev->ip_ptr);
1969 	struct nlattr *nla;
1970 	int i;
1971 
1972 	if (!in_dev)
1973 		return -ENODATA;
1974 
1975 	nla = nla_reserve(skb, IFLA_INET_CONF, IPV4_DEVCONF_MAX * 4);
1976 	if (!nla)
1977 		return -EMSGSIZE;
1978 
1979 	for (i = 0; i < IPV4_DEVCONF_MAX; i++)
1980 		((u32 *) nla_data(nla))[i] = READ_ONCE(in_dev->cnf.data[i]);
1981 
1982 	return 0;
1983 }
1984 
1985 static const struct nla_policy inet_af_policy[IFLA_INET_MAX+1] = {
1986 	[IFLA_INET_CONF]	= { .type = NLA_NESTED },
1987 };
1988 
1989 static int inet_validate_link_af(const struct net_device *dev,
1990 				 const struct nlattr *nla,
1991 				 struct netlink_ext_ack *extack)
1992 {
1993 	struct nlattr *a, *tb[IFLA_INET_MAX+1];
1994 	int err, rem;
1995 
1996 	if (dev && !__in_dev_get_rtnl(dev))
1997 		return -EAFNOSUPPORT;
1998 
1999 	err = nla_parse_nested_deprecated(tb, IFLA_INET_MAX, nla,
2000 					  inet_af_policy, extack);
2001 	if (err < 0)
2002 		return err;
2003 
2004 	if (tb[IFLA_INET_CONF]) {
2005 		nla_for_each_nested(a, tb[IFLA_INET_CONF], rem) {
2006 			int cfgid = nla_type(a);
2007 
2008 			if (nla_len(a) < 4)
2009 				return -EINVAL;
2010 
2011 			if (cfgid <= 0 || cfgid > IPV4_DEVCONF_MAX)
2012 				return -EINVAL;
2013 		}
2014 	}
2015 
2016 	return 0;
2017 }
2018 
2019 static int inet_set_link_af(struct net_device *dev, const struct nlattr *nla,
2020 			    struct netlink_ext_ack *extack)
2021 {
2022 	struct in_device *in_dev = __in_dev_get_rtnl(dev);
2023 	struct nlattr *a, *tb[IFLA_INET_MAX+1];
2024 	int rem;
2025 
2026 	if (!in_dev)
2027 		return -EAFNOSUPPORT;
2028 
2029 	if (nla_parse_nested_deprecated(tb, IFLA_INET_MAX, nla, NULL, NULL) < 0)
2030 		return -EINVAL;
2031 
2032 	if (tb[IFLA_INET_CONF]) {
2033 		nla_for_each_nested(a, tb[IFLA_INET_CONF], rem)
2034 			ipv4_devconf_set(in_dev, nla_type(a), nla_get_u32(a));
2035 	}
2036 
2037 	return 0;
2038 }
2039 
2040 static int inet_netconf_msgsize_devconf(int type)
2041 {
2042 	int size = NLMSG_ALIGN(sizeof(struct netconfmsg))
2043 		   + nla_total_size(4);	/* NETCONFA_IFINDEX */
2044 	bool all = false;
2045 
2046 	if (type == NETCONFA_ALL)
2047 		all = true;
2048 
2049 	if (all || type == NETCONFA_FORWARDING)
2050 		size += nla_total_size(4);
2051 	if (all || type == NETCONFA_RP_FILTER)
2052 		size += nla_total_size(4);
2053 	if (all || type == NETCONFA_MC_FORWARDING)
2054 		size += nla_total_size(4);
2055 	if (all || type == NETCONFA_BC_FORWARDING)
2056 		size += nla_total_size(4);
2057 	if (all || type == NETCONFA_PROXY_NEIGH)
2058 		size += nla_total_size(4);
2059 	if (all || type == NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN)
2060 		size += nla_total_size(4);
2061 
2062 	return size;
2063 }
2064 
2065 static int inet_netconf_fill_devconf(struct sk_buff *skb, int ifindex,
2066 				     const struct ipv4_devconf *devconf,
2067 				     u32 portid, u32 seq, int event,
2068 				     unsigned int flags, int type)
2069 {
2070 	struct nlmsghdr  *nlh;
2071 	struct netconfmsg *ncm;
2072 	bool all = false;
2073 
2074 	nlh = nlmsg_put(skb, portid, seq, event, sizeof(struct netconfmsg),
2075 			flags);
2076 	if (!nlh)
2077 		return -EMSGSIZE;
2078 
2079 	if (type == NETCONFA_ALL)
2080 		all = true;
2081 
2082 	ncm = nlmsg_data(nlh);
2083 	ncm->ncm_family = AF_INET;
2084 
2085 	if (nla_put_s32(skb, NETCONFA_IFINDEX, ifindex) < 0)
2086 		goto nla_put_failure;
2087 
2088 	if (!devconf)
2089 		goto out;
2090 
2091 	if ((all || type == NETCONFA_FORWARDING) &&
2092 	    nla_put_s32(skb, NETCONFA_FORWARDING,
2093 			IPV4_DEVCONF_RO(*devconf, FORWARDING)) < 0)
2094 		goto nla_put_failure;
2095 	if ((all || type == NETCONFA_RP_FILTER) &&
2096 	    nla_put_s32(skb, NETCONFA_RP_FILTER,
2097 			IPV4_DEVCONF_RO(*devconf, RP_FILTER)) < 0)
2098 		goto nla_put_failure;
2099 	if ((all || type == NETCONFA_MC_FORWARDING) &&
2100 	    nla_put_s32(skb, NETCONFA_MC_FORWARDING,
2101 			IPV4_DEVCONF_RO(*devconf, MC_FORWARDING)) < 0)
2102 		goto nla_put_failure;
2103 	if ((all || type == NETCONFA_BC_FORWARDING) &&
2104 	    nla_put_s32(skb, NETCONFA_BC_FORWARDING,
2105 			IPV4_DEVCONF_RO(*devconf, BC_FORWARDING)) < 0)
2106 		goto nla_put_failure;
2107 	if ((all || type == NETCONFA_PROXY_NEIGH) &&
2108 	    nla_put_s32(skb, NETCONFA_PROXY_NEIGH,
2109 			IPV4_DEVCONF_RO(*devconf, PROXY_ARP)) < 0)
2110 		goto nla_put_failure;
2111 	if ((all || type == NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN) &&
2112 	    nla_put_s32(skb, NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN,
2113 			IPV4_DEVCONF_RO(*devconf,
2114 					IGNORE_ROUTES_WITH_LINKDOWN)) < 0)
2115 		goto nla_put_failure;
2116 
2117 out:
2118 	nlmsg_end(skb, nlh);
2119 	return 0;
2120 
2121 nla_put_failure:
2122 	nlmsg_cancel(skb, nlh);
2123 	return -EMSGSIZE;
2124 }
2125 
2126 void inet_netconf_notify_devconf(struct net *net, int event, int type,
2127 				 int ifindex, struct ipv4_devconf *devconf)
2128 {
2129 	struct sk_buff *skb;
2130 	int err = -ENOBUFS;
2131 
2132 	skb = nlmsg_new(inet_netconf_msgsize_devconf(type), GFP_KERNEL);
2133 	if (!skb)
2134 		goto errout;
2135 
2136 	err = inet_netconf_fill_devconf(skb, ifindex, devconf, 0, 0,
2137 					event, 0, type);
2138 	if (err < 0) {
2139 		/* -EMSGSIZE implies BUG in inet_netconf_msgsize_devconf() */
2140 		WARN_ON(err == -EMSGSIZE);
2141 		kfree_skb(skb);
2142 		goto errout;
2143 	}
2144 	rtnl_notify(skb, net, 0, RTNLGRP_IPV4_NETCONF, NULL, GFP_KERNEL);
2145 	return;
2146 errout:
2147 	if (err < 0)
2148 		rtnl_set_sk_err(net, RTNLGRP_IPV4_NETCONF, err);
2149 }
2150 
2151 static const struct nla_policy devconf_ipv4_policy[NETCONFA_MAX+1] = {
2152 	[NETCONFA_IFINDEX]	= { .len = sizeof(int) },
2153 	[NETCONFA_FORWARDING]	= { .len = sizeof(int) },
2154 	[NETCONFA_RP_FILTER]	= { .len = sizeof(int) },
2155 	[NETCONFA_PROXY_NEIGH]	= { .len = sizeof(int) },
2156 	[NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN]	= { .len = sizeof(int) },
2157 };
2158 
2159 static int inet_netconf_valid_get_req(struct sk_buff *skb,
2160 				      const struct nlmsghdr *nlh,
2161 				      struct nlattr **tb,
2162 				      struct netlink_ext_ack *extack)
2163 {
2164 	int i, err;
2165 
2166 	if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(struct netconfmsg))) {
2167 		NL_SET_ERR_MSG(extack, "ipv4: Invalid header for netconf get request");
2168 		return -EINVAL;
2169 	}
2170 
2171 	if (!netlink_strict_get_check(skb))
2172 		return nlmsg_parse_deprecated(nlh, sizeof(struct netconfmsg),
2173 					      tb, NETCONFA_MAX,
2174 					      devconf_ipv4_policy, extack);
2175 
2176 	err = nlmsg_parse_deprecated_strict(nlh, sizeof(struct netconfmsg),
2177 					    tb, NETCONFA_MAX,
2178 					    devconf_ipv4_policy, extack);
2179 	if (err)
2180 		return err;
2181 
2182 	for (i = 0; i <= NETCONFA_MAX; i++) {
2183 		if (!tb[i])
2184 			continue;
2185 
2186 		switch (i) {
2187 		case NETCONFA_IFINDEX:
2188 			break;
2189 		default:
2190 			NL_SET_ERR_MSG(extack, "ipv4: Unsupported attribute in netconf get request");
2191 			return -EINVAL;
2192 		}
2193 	}
2194 
2195 	return 0;
2196 }
2197 
2198 static int inet_netconf_get_devconf(struct sk_buff *in_skb,
2199 				    struct nlmsghdr *nlh,
2200 				    struct netlink_ext_ack *extack)
2201 {
2202 	struct net *net = sock_net(in_skb->sk);
2203 	struct nlattr *tb[NETCONFA_MAX + 1];
2204 	const struct ipv4_devconf *devconf;
2205 	struct in_device *in_dev = NULL;
2206 	struct net_device *dev = NULL;
2207 	struct sk_buff *skb;
2208 	int ifindex;
2209 	int err;
2210 
2211 	err = inet_netconf_valid_get_req(in_skb, nlh, tb, extack);
2212 	if (err)
2213 		return err;
2214 
2215 	if (!tb[NETCONFA_IFINDEX])
2216 		return -EINVAL;
2217 
2218 	ifindex = nla_get_s32(tb[NETCONFA_IFINDEX]);
2219 	switch (ifindex) {
2220 	case NETCONFA_IFINDEX_ALL:
2221 		devconf = net->ipv4.devconf_all;
2222 		break;
2223 	case NETCONFA_IFINDEX_DEFAULT:
2224 		devconf = net->ipv4.devconf_dflt;
2225 		break;
2226 	default:
2227 		err = -ENODEV;
2228 		dev = dev_get_by_index(net, ifindex);
2229 		if (dev)
2230 			in_dev = in_dev_get(dev);
2231 		if (!in_dev)
2232 			goto errout;
2233 		devconf = &in_dev->cnf;
2234 		break;
2235 	}
2236 
2237 	err = -ENOBUFS;
2238 	skb = nlmsg_new(inet_netconf_msgsize_devconf(NETCONFA_ALL), GFP_KERNEL);
2239 	if (!skb)
2240 		goto errout;
2241 
2242 	err = inet_netconf_fill_devconf(skb, ifindex, devconf,
2243 					NETLINK_CB(in_skb).portid,
2244 					nlh->nlmsg_seq, RTM_NEWNETCONF, 0,
2245 					NETCONFA_ALL);
2246 	if (err < 0) {
2247 		/* -EMSGSIZE implies BUG in inet_netconf_msgsize_devconf() */
2248 		WARN_ON(err == -EMSGSIZE);
2249 		kfree_skb(skb);
2250 		goto errout;
2251 	}
2252 	err = rtnl_unicast(skb, net, NETLINK_CB(in_skb).portid);
2253 errout:
2254 	if (in_dev)
2255 		in_dev_put(in_dev);
2256 	dev_put(dev);
2257 	return err;
2258 }
2259 
2260 static int inet_netconf_dump_devconf(struct sk_buff *skb,
2261 				     struct netlink_callback *cb)
2262 {
2263 	const struct nlmsghdr *nlh = cb->nlh;
2264 	struct net *net = sock_net(skb->sk);
2265 	struct {
2266 		unsigned long ifindex;
2267 		unsigned int all_default;
2268 	} *ctx = (void *)cb->ctx;
2269 	const struct in_device *in_dev;
2270 	struct net_device *dev;
2271 	int err = 0;
2272 
2273 	if (cb->strict_check) {
2274 		struct netlink_ext_ack *extack = cb->extack;
2275 		struct netconfmsg *ncm;
2276 
2277 		if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ncm))) {
2278 			NL_SET_ERR_MSG(extack, "ipv4: Invalid header for netconf dump request");
2279 			return -EINVAL;
2280 		}
2281 
2282 		if (nlmsg_attrlen(nlh, sizeof(*ncm))) {
2283 			NL_SET_ERR_MSG(extack, "ipv4: Invalid data after header in netconf dump request");
2284 			return -EINVAL;
2285 		}
2286 	}
2287 
2288 	rcu_read_lock();
2289 	for_each_netdev_dump(net, dev, ctx->ifindex) {
2290 		in_dev = __in_dev_get_rcu(dev);
2291 		if (!in_dev)
2292 			continue;
2293 		err = inet_netconf_fill_devconf(skb, dev->ifindex,
2294 						&in_dev->cnf,
2295 						NETLINK_CB(cb->skb).portid,
2296 						nlh->nlmsg_seq,
2297 						RTM_NEWNETCONF, NLM_F_MULTI,
2298 						NETCONFA_ALL);
2299 		if (err < 0)
2300 			goto done;
2301 	}
2302 	if (ctx->all_default == 0) {
2303 		err = inet_netconf_fill_devconf(skb, NETCONFA_IFINDEX_ALL,
2304 						net->ipv4.devconf_all,
2305 						NETLINK_CB(cb->skb).portid,
2306 						nlh->nlmsg_seq,
2307 						RTM_NEWNETCONF, NLM_F_MULTI,
2308 						NETCONFA_ALL);
2309 		if (err < 0)
2310 			goto done;
2311 		ctx->all_default++;
2312 	}
2313 	if (ctx->all_default == 1) {
2314 		err = inet_netconf_fill_devconf(skb, NETCONFA_IFINDEX_DEFAULT,
2315 						net->ipv4.devconf_dflt,
2316 						NETLINK_CB(cb->skb).portid,
2317 						nlh->nlmsg_seq,
2318 						RTM_NEWNETCONF, NLM_F_MULTI,
2319 						NETCONFA_ALL);
2320 		if (err < 0)
2321 			goto done;
2322 		ctx->all_default++;
2323 	}
2324 done:
2325 	rcu_read_unlock();
2326 	return err;
2327 }
2328 
2329 #ifdef CONFIG_SYSCTL
2330 
2331 static void devinet_copy_dflt_conf(struct net *net, int i)
2332 {
2333 	struct net_device *dev;
2334 
2335 	rcu_read_lock();
2336 	for_each_netdev_rcu(net, dev) {
2337 		struct in_device *in_dev;
2338 
2339 		in_dev = __in_dev_get_rcu(dev);
2340 		if (in_dev && !test_bit(i, in_dev->cnf.state))
2341 			in_dev->cnf.data[i] = net->ipv4.devconf_dflt->data[i];
2342 	}
2343 	rcu_read_unlock();
2344 }
2345 
2346 /* called with RTNL locked */
2347 static void inet_forward_change(struct net *net)
2348 {
2349 	struct net_device *dev;
2350 	int on = IPV4_DEVCONF_ALL(net, FORWARDING);
2351 
2352 	IPV4_DEVCONF_ALL(net, ACCEPT_REDIRECTS) = !on;
2353 	IPV4_DEVCONF_DFLT(net, FORWARDING) = on;
2354 	inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
2355 				    NETCONFA_FORWARDING,
2356 				    NETCONFA_IFINDEX_ALL,
2357 				    net->ipv4.devconf_all);
2358 	inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
2359 				    NETCONFA_FORWARDING,
2360 				    NETCONFA_IFINDEX_DEFAULT,
2361 				    net->ipv4.devconf_dflt);
2362 
2363 	for_each_netdev(net, dev) {
2364 		struct in_device *in_dev;
2365 
2366 		if (on)
2367 			dev_disable_lro(dev);
2368 
2369 		in_dev = __in_dev_get_rtnl(dev);
2370 		if (in_dev) {
2371 			IN_DEV_CONF_SET(in_dev, FORWARDING, on);
2372 			inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
2373 						    NETCONFA_FORWARDING,
2374 						    dev->ifindex, &in_dev->cnf);
2375 		}
2376 	}
2377 }
2378 
2379 static int devinet_conf_ifindex(struct net *net, struct ipv4_devconf *cnf)
2380 {
2381 	if (cnf == net->ipv4.devconf_dflt)
2382 		return NETCONFA_IFINDEX_DEFAULT;
2383 	else if (cnf == net->ipv4.devconf_all)
2384 		return NETCONFA_IFINDEX_ALL;
2385 	else {
2386 		struct in_device *idev
2387 			= container_of(cnf, struct in_device, cnf);
2388 		return idev->dev->ifindex;
2389 	}
2390 }
2391 
2392 static int devinet_conf_proc(struct ctl_table *ctl, int write,
2393 			     void *buffer, size_t *lenp, loff_t *ppos)
2394 {
2395 	int old_value = *(int *)ctl->data;
2396 	int ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
2397 	int new_value = *(int *)ctl->data;
2398 
2399 	if (write) {
2400 		struct ipv4_devconf *cnf = ctl->extra1;
2401 		struct net *net = ctl->extra2;
2402 		int i = (int *)ctl->data - cnf->data;
2403 		int ifindex;
2404 
2405 		set_bit(i, cnf->state);
2406 
2407 		if (cnf == net->ipv4.devconf_dflt)
2408 			devinet_copy_dflt_conf(net, i);
2409 		if (i == IPV4_DEVCONF_ACCEPT_LOCAL - 1 ||
2410 		    i == IPV4_DEVCONF_ROUTE_LOCALNET - 1)
2411 			if ((new_value == 0) && (old_value != 0))
2412 				rt_cache_flush(net);
2413 
2414 		if (i == IPV4_DEVCONF_BC_FORWARDING - 1 &&
2415 		    new_value != old_value)
2416 			rt_cache_flush(net);
2417 
2418 		if (i == IPV4_DEVCONF_RP_FILTER - 1 &&
2419 		    new_value != old_value) {
2420 			ifindex = devinet_conf_ifindex(net, cnf);
2421 			inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
2422 						    NETCONFA_RP_FILTER,
2423 						    ifindex, cnf);
2424 		}
2425 		if (i == IPV4_DEVCONF_PROXY_ARP - 1 &&
2426 		    new_value != old_value) {
2427 			ifindex = devinet_conf_ifindex(net, cnf);
2428 			inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
2429 						    NETCONFA_PROXY_NEIGH,
2430 						    ifindex, cnf);
2431 		}
2432 		if (i == IPV4_DEVCONF_IGNORE_ROUTES_WITH_LINKDOWN - 1 &&
2433 		    new_value != old_value) {
2434 			ifindex = devinet_conf_ifindex(net, cnf);
2435 			inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
2436 						    NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN,
2437 						    ifindex, cnf);
2438 		}
2439 	}
2440 
2441 	return ret;
2442 }
2443 
2444 static int devinet_sysctl_forward(struct ctl_table *ctl, int write,
2445 				  void *buffer, size_t *lenp, loff_t *ppos)
2446 {
2447 	int *valp = ctl->data;
2448 	int val = *valp;
2449 	loff_t pos = *ppos;
2450 	struct net *net = ctl->extra2;
2451 	int ret;
2452 
2453 	if (write && !ns_capable(net->user_ns, CAP_NET_ADMIN))
2454 		return -EPERM;
2455 
2456 	ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
2457 
2458 	if (write && *valp != val) {
2459 		if (valp != &IPV4_DEVCONF_DFLT(net, FORWARDING)) {
2460 			if (!rtnl_trylock()) {
2461 				/* Restore the original values before restarting */
2462 				*valp = val;
2463 				*ppos = pos;
2464 				return restart_syscall();
2465 			}
2466 			if (valp == &IPV4_DEVCONF_ALL(net, FORWARDING)) {
2467 				inet_forward_change(net);
2468 			} else {
2469 				struct ipv4_devconf *cnf = ctl->extra1;
2470 				struct in_device *idev =
2471 					container_of(cnf, struct in_device, cnf);
2472 				if (*valp)
2473 					dev_disable_lro(idev->dev);
2474 				inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
2475 							    NETCONFA_FORWARDING,
2476 							    idev->dev->ifindex,
2477 							    cnf);
2478 			}
2479 			rtnl_unlock();
2480 			rt_cache_flush(net);
2481 		} else
2482 			inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
2483 						    NETCONFA_FORWARDING,
2484 						    NETCONFA_IFINDEX_DEFAULT,
2485 						    net->ipv4.devconf_dflt);
2486 	}
2487 
2488 	return ret;
2489 }
2490 
2491 static int ipv4_doint_and_flush(struct ctl_table *ctl, int write,
2492 				void *buffer, size_t *lenp, loff_t *ppos)
2493 {
2494 	int *valp = ctl->data;
2495 	int val = *valp;
2496 	int ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
2497 	struct net *net = ctl->extra2;
2498 
2499 	if (write && *valp != val)
2500 		rt_cache_flush(net);
2501 
2502 	return ret;
2503 }
2504 
2505 #define DEVINET_SYSCTL_ENTRY(attr, name, mval, proc) \
2506 	{ \
2507 		.procname	= name, \
2508 		.data		= ipv4_devconf.data + \
2509 				  IPV4_DEVCONF_ ## attr - 1, \
2510 		.maxlen		= sizeof(int), \
2511 		.mode		= mval, \
2512 		.proc_handler	= proc, \
2513 		.extra1		= &ipv4_devconf, \
2514 	}
2515 
2516 #define DEVINET_SYSCTL_RW_ENTRY(attr, name) \
2517 	DEVINET_SYSCTL_ENTRY(attr, name, 0644, devinet_conf_proc)
2518 
2519 #define DEVINET_SYSCTL_RO_ENTRY(attr, name) \
2520 	DEVINET_SYSCTL_ENTRY(attr, name, 0444, devinet_conf_proc)
2521 
2522 #define DEVINET_SYSCTL_COMPLEX_ENTRY(attr, name, proc) \
2523 	DEVINET_SYSCTL_ENTRY(attr, name, 0644, proc)
2524 
2525 #define DEVINET_SYSCTL_FLUSHING_ENTRY(attr, name) \
2526 	DEVINET_SYSCTL_COMPLEX_ENTRY(attr, name, ipv4_doint_and_flush)
2527 
2528 static struct devinet_sysctl_table {
2529 	struct ctl_table_header *sysctl_header;
2530 	struct ctl_table devinet_vars[IPV4_DEVCONF_MAX];
2531 } devinet_sysctl = {
2532 	.devinet_vars = {
2533 		DEVINET_SYSCTL_COMPLEX_ENTRY(FORWARDING, "forwarding",
2534 					     devinet_sysctl_forward),
2535 		DEVINET_SYSCTL_RO_ENTRY(MC_FORWARDING, "mc_forwarding"),
2536 		DEVINET_SYSCTL_RW_ENTRY(BC_FORWARDING, "bc_forwarding"),
2537 
2538 		DEVINET_SYSCTL_RW_ENTRY(ACCEPT_REDIRECTS, "accept_redirects"),
2539 		DEVINET_SYSCTL_RW_ENTRY(SECURE_REDIRECTS, "secure_redirects"),
2540 		DEVINET_SYSCTL_RW_ENTRY(SHARED_MEDIA, "shared_media"),
2541 		DEVINET_SYSCTL_RW_ENTRY(RP_FILTER, "rp_filter"),
2542 		DEVINET_SYSCTL_RW_ENTRY(SEND_REDIRECTS, "send_redirects"),
2543 		DEVINET_SYSCTL_RW_ENTRY(ACCEPT_SOURCE_ROUTE,
2544 					"accept_source_route"),
2545 		DEVINET_SYSCTL_RW_ENTRY(ACCEPT_LOCAL, "accept_local"),
2546 		DEVINET_SYSCTL_RW_ENTRY(SRC_VMARK, "src_valid_mark"),
2547 		DEVINET_SYSCTL_RW_ENTRY(PROXY_ARP, "proxy_arp"),
2548 		DEVINET_SYSCTL_RW_ENTRY(MEDIUM_ID, "medium_id"),
2549 		DEVINET_SYSCTL_RW_ENTRY(BOOTP_RELAY, "bootp_relay"),
2550 		DEVINET_SYSCTL_RW_ENTRY(LOG_MARTIANS, "log_martians"),
2551 		DEVINET_SYSCTL_RW_ENTRY(TAG, "tag"),
2552 		DEVINET_SYSCTL_RW_ENTRY(ARPFILTER, "arp_filter"),
2553 		DEVINET_SYSCTL_RW_ENTRY(ARP_ANNOUNCE, "arp_announce"),
2554 		DEVINET_SYSCTL_RW_ENTRY(ARP_IGNORE, "arp_ignore"),
2555 		DEVINET_SYSCTL_RW_ENTRY(ARP_ACCEPT, "arp_accept"),
2556 		DEVINET_SYSCTL_RW_ENTRY(ARP_NOTIFY, "arp_notify"),
2557 		DEVINET_SYSCTL_RW_ENTRY(ARP_EVICT_NOCARRIER,
2558 					"arp_evict_nocarrier"),
2559 		DEVINET_SYSCTL_RW_ENTRY(PROXY_ARP_PVLAN, "proxy_arp_pvlan"),
2560 		DEVINET_SYSCTL_RW_ENTRY(FORCE_IGMP_VERSION,
2561 					"force_igmp_version"),
2562 		DEVINET_SYSCTL_RW_ENTRY(IGMPV2_UNSOLICITED_REPORT_INTERVAL,
2563 					"igmpv2_unsolicited_report_interval"),
2564 		DEVINET_SYSCTL_RW_ENTRY(IGMPV3_UNSOLICITED_REPORT_INTERVAL,
2565 					"igmpv3_unsolicited_report_interval"),
2566 		DEVINET_SYSCTL_RW_ENTRY(IGNORE_ROUTES_WITH_LINKDOWN,
2567 					"ignore_routes_with_linkdown"),
2568 		DEVINET_SYSCTL_RW_ENTRY(DROP_GRATUITOUS_ARP,
2569 					"drop_gratuitous_arp"),
2570 
2571 		DEVINET_SYSCTL_FLUSHING_ENTRY(NOXFRM, "disable_xfrm"),
2572 		DEVINET_SYSCTL_FLUSHING_ENTRY(NOPOLICY, "disable_policy"),
2573 		DEVINET_SYSCTL_FLUSHING_ENTRY(PROMOTE_SECONDARIES,
2574 					      "promote_secondaries"),
2575 		DEVINET_SYSCTL_FLUSHING_ENTRY(ROUTE_LOCALNET,
2576 					      "route_localnet"),
2577 		DEVINET_SYSCTL_FLUSHING_ENTRY(DROP_UNICAST_IN_L2_MULTICAST,
2578 					      "drop_unicast_in_l2_multicast"),
2579 	},
2580 };
2581 
2582 static int __devinet_sysctl_register(struct net *net, char *dev_name,
2583 				     int ifindex, struct ipv4_devconf *p)
2584 {
2585 	int i;
2586 	struct devinet_sysctl_table *t;
2587 	char path[sizeof("net/ipv4/conf/") + IFNAMSIZ];
2588 
2589 	t = kmemdup(&devinet_sysctl, sizeof(*t), GFP_KERNEL_ACCOUNT);
2590 	if (!t)
2591 		goto out;
2592 
2593 	for (i = 0; i < ARRAY_SIZE(t->devinet_vars); i++) {
2594 		t->devinet_vars[i].data += (char *)p - (char *)&ipv4_devconf;
2595 		t->devinet_vars[i].extra1 = p;
2596 		t->devinet_vars[i].extra2 = net;
2597 	}
2598 
2599 	snprintf(path, sizeof(path), "net/ipv4/conf/%s", dev_name);
2600 
2601 	t->sysctl_header = register_net_sysctl(net, path, t->devinet_vars);
2602 	if (!t->sysctl_header)
2603 		goto free;
2604 
2605 	p->sysctl = t;
2606 
2607 	inet_netconf_notify_devconf(net, RTM_NEWNETCONF, NETCONFA_ALL,
2608 				    ifindex, p);
2609 	return 0;
2610 
2611 free:
2612 	kfree(t);
2613 out:
2614 	return -ENOMEM;
2615 }
2616 
2617 static void __devinet_sysctl_unregister(struct net *net,
2618 					struct ipv4_devconf *cnf, int ifindex)
2619 {
2620 	struct devinet_sysctl_table *t = cnf->sysctl;
2621 
2622 	if (t) {
2623 		cnf->sysctl = NULL;
2624 		unregister_net_sysctl_table(t->sysctl_header);
2625 		kfree(t);
2626 	}
2627 
2628 	inet_netconf_notify_devconf(net, RTM_DELNETCONF, 0, ifindex, NULL);
2629 }
2630 
2631 static int devinet_sysctl_register(struct in_device *idev)
2632 {
2633 	int err;
2634 
2635 	if (!sysctl_dev_name_is_allowed(idev->dev->name))
2636 		return -EINVAL;
2637 
2638 	err = neigh_sysctl_register(idev->dev, idev->arp_parms, NULL);
2639 	if (err)
2640 		return err;
2641 	err = __devinet_sysctl_register(dev_net(idev->dev), idev->dev->name,
2642 					idev->dev->ifindex, &idev->cnf);
2643 	if (err)
2644 		neigh_sysctl_unregister(idev->arp_parms);
2645 	return err;
2646 }
2647 
2648 static void devinet_sysctl_unregister(struct in_device *idev)
2649 {
2650 	struct net *net = dev_net(idev->dev);
2651 
2652 	__devinet_sysctl_unregister(net, &idev->cnf, idev->dev->ifindex);
2653 	neigh_sysctl_unregister(idev->arp_parms);
2654 }
2655 
2656 static struct ctl_table ctl_forward_entry[] = {
2657 	{
2658 		.procname	= "ip_forward",
2659 		.data		= &ipv4_devconf.data[
2660 					IPV4_DEVCONF_FORWARDING - 1],
2661 		.maxlen		= sizeof(int),
2662 		.mode		= 0644,
2663 		.proc_handler	= devinet_sysctl_forward,
2664 		.extra1		= &ipv4_devconf,
2665 		.extra2		= &init_net,
2666 	},
2667 };
2668 #endif
2669 
2670 static __net_init int devinet_init_net(struct net *net)
2671 {
2672 	int err;
2673 	struct ipv4_devconf *all, *dflt;
2674 #ifdef CONFIG_SYSCTL
2675 	struct ctl_table *tbl;
2676 	struct ctl_table_header *forw_hdr;
2677 #endif
2678 
2679 	err = -ENOMEM;
2680 	all = kmemdup(&ipv4_devconf, sizeof(ipv4_devconf), GFP_KERNEL);
2681 	if (!all)
2682 		goto err_alloc_all;
2683 
2684 	dflt = kmemdup(&ipv4_devconf_dflt, sizeof(ipv4_devconf_dflt), GFP_KERNEL);
2685 	if (!dflt)
2686 		goto err_alloc_dflt;
2687 
2688 #ifdef CONFIG_SYSCTL
2689 	tbl = kmemdup(ctl_forward_entry, sizeof(ctl_forward_entry), GFP_KERNEL);
2690 	if (!tbl)
2691 		goto err_alloc_ctl;
2692 
2693 	tbl[0].data = &all->data[IPV4_DEVCONF_FORWARDING - 1];
2694 	tbl[0].extra1 = all;
2695 	tbl[0].extra2 = net;
2696 #endif
2697 
2698 	if (!net_eq(net, &init_net)) {
2699 		switch (net_inherit_devconf()) {
2700 		case 3:
2701 			/* copy from the current netns */
2702 			memcpy(all, current->nsproxy->net_ns->ipv4.devconf_all,
2703 			       sizeof(ipv4_devconf));
2704 			memcpy(dflt,
2705 			       current->nsproxy->net_ns->ipv4.devconf_dflt,
2706 			       sizeof(ipv4_devconf_dflt));
2707 			break;
2708 		case 0:
2709 		case 1:
2710 			/* copy from init_net */
2711 			memcpy(all, init_net.ipv4.devconf_all,
2712 			       sizeof(ipv4_devconf));
2713 			memcpy(dflt, init_net.ipv4.devconf_dflt,
2714 			       sizeof(ipv4_devconf_dflt));
2715 			break;
2716 		case 2:
2717 			/* use compiled values */
2718 			break;
2719 		}
2720 	}
2721 
2722 #ifdef CONFIG_SYSCTL
2723 	err = __devinet_sysctl_register(net, "all", NETCONFA_IFINDEX_ALL, all);
2724 	if (err < 0)
2725 		goto err_reg_all;
2726 
2727 	err = __devinet_sysctl_register(net, "default",
2728 					NETCONFA_IFINDEX_DEFAULT, dflt);
2729 	if (err < 0)
2730 		goto err_reg_dflt;
2731 
2732 	err = -ENOMEM;
2733 	forw_hdr = register_net_sysctl_sz(net, "net/ipv4", tbl,
2734 					  ARRAY_SIZE(ctl_forward_entry));
2735 	if (!forw_hdr)
2736 		goto err_reg_ctl;
2737 	net->ipv4.forw_hdr = forw_hdr;
2738 #endif
2739 
2740 	net->ipv4.devconf_all = all;
2741 	net->ipv4.devconf_dflt = dflt;
2742 	return 0;
2743 
2744 #ifdef CONFIG_SYSCTL
2745 err_reg_ctl:
2746 	__devinet_sysctl_unregister(net, dflt, NETCONFA_IFINDEX_DEFAULT);
2747 err_reg_dflt:
2748 	__devinet_sysctl_unregister(net, all, NETCONFA_IFINDEX_ALL);
2749 err_reg_all:
2750 	kfree(tbl);
2751 err_alloc_ctl:
2752 #endif
2753 	kfree(dflt);
2754 err_alloc_dflt:
2755 	kfree(all);
2756 err_alloc_all:
2757 	return err;
2758 }
2759 
2760 static __net_exit void devinet_exit_net(struct net *net)
2761 {
2762 #ifdef CONFIG_SYSCTL
2763 	const struct ctl_table *tbl;
2764 
2765 	tbl = net->ipv4.forw_hdr->ctl_table_arg;
2766 	unregister_net_sysctl_table(net->ipv4.forw_hdr);
2767 	__devinet_sysctl_unregister(net, net->ipv4.devconf_dflt,
2768 				    NETCONFA_IFINDEX_DEFAULT);
2769 	__devinet_sysctl_unregister(net, net->ipv4.devconf_all,
2770 				    NETCONFA_IFINDEX_ALL);
2771 	kfree(tbl);
2772 #endif
2773 	kfree(net->ipv4.devconf_dflt);
2774 	kfree(net->ipv4.devconf_all);
2775 }
2776 
2777 static __net_initdata struct pernet_operations devinet_ops = {
2778 	.init = devinet_init_net,
2779 	.exit = devinet_exit_net,
2780 };
2781 
2782 static struct rtnl_af_ops inet_af_ops __read_mostly = {
2783 	.family		  = AF_INET,
2784 	.fill_link_af	  = inet_fill_link_af,
2785 	.get_link_af_size = inet_get_link_af_size,
2786 	.validate_link_af = inet_validate_link_af,
2787 	.set_link_af	  = inet_set_link_af,
2788 };
2789 
2790 void __init devinet_init(void)
2791 {
2792 	int i;
2793 
2794 	for (i = 0; i < IN4_ADDR_HSIZE; i++)
2795 		INIT_HLIST_HEAD(&inet_addr_lst[i]);
2796 
2797 	register_pernet_subsys(&devinet_ops);
2798 	register_netdevice_notifier(&ip_netdev_notifier);
2799 
2800 	queue_delayed_work(system_power_efficient_wq, &check_lifetime_work, 0);
2801 
2802 	rtnl_af_register(&inet_af_ops);
2803 
2804 	rtnl_register(PF_INET, RTM_NEWADDR, inet_rtm_newaddr, NULL, 0);
2805 	rtnl_register(PF_INET, RTM_DELADDR, inet_rtm_deladdr, NULL, 0);
2806 	rtnl_register(PF_INET, RTM_GETADDR, NULL, inet_dump_ifaddr,
2807 		      RTNL_FLAG_DUMP_UNLOCKED);
2808 	rtnl_register(PF_INET, RTM_GETNETCONF, inet_netconf_get_devconf,
2809 		      inet_netconf_dump_devconf,
2810 		      RTNL_FLAG_DOIT_UNLOCKED | RTNL_FLAG_DUMP_UNLOCKED);
2811 }
2812