1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * NET3 IP device support routines. 4 * 5 * Derived from the IP parts of dev.c 1.0.19 6 * Authors: Ross Biro 7 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG> 8 * Mark Evans, <evansmp@uhura.aston.ac.uk> 9 * 10 * Additional Authors: 11 * Alan Cox, <gw4pts@gw4pts.ampr.org> 12 * Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru> 13 * 14 * Changes: 15 * Alexey Kuznetsov: pa_* fields are replaced with ifaddr 16 * lists. 17 * Cyrus Durgin: updated for kmod 18 * Matthias Andree: in devinet_ioctl, compare label and 19 * address (4.4BSD alias style support), 20 * fall back to comparing just the label 21 * if no match found. 22 */ 23 24 25 #include <linux/uaccess.h> 26 #include <linux/bitops.h> 27 #include <linux/capability.h> 28 #include <linux/module.h> 29 #include <linux/types.h> 30 #include <linux/kernel.h> 31 #include <linux/sched/signal.h> 32 #include <linux/string.h> 33 #include <linux/mm.h> 34 #include <linux/socket.h> 35 #include <linux/sockios.h> 36 #include <linux/in.h> 37 #include <linux/errno.h> 38 #include <linux/interrupt.h> 39 #include <linux/if_addr.h> 40 #include <linux/if_ether.h> 41 #include <linux/inet.h> 42 #include <linux/netdevice.h> 43 #include <linux/etherdevice.h> 44 #include <linux/skbuff.h> 45 #include <linux/init.h> 46 #include <linux/notifier.h> 47 #include <linux/inetdevice.h> 48 #include <linux/igmp.h> 49 #include <linux/slab.h> 50 #include <linux/hash.h> 51 #ifdef CONFIG_SYSCTL 52 #include <linux/sysctl.h> 53 #endif 54 #include <linux/kmod.h> 55 #include <linux/netconf.h> 56 57 #include <net/arp.h> 58 #include <net/ip.h> 59 #include <net/route.h> 60 #include <net/ip_fib.h> 61 #include <net/rtnetlink.h> 62 #include <net/net_namespace.h> 63 #include <net/addrconf.h> 64 65 #define IPV6ONLY_FLAGS \ 66 (IFA_F_NODAD | IFA_F_OPTIMISTIC | IFA_F_DADFAILED | \ 67 IFA_F_HOMEADDRESS | IFA_F_TENTATIVE | \ 68 IFA_F_MANAGETEMPADDR | IFA_F_STABLE_PRIVACY) 69 70 static struct ipv4_devconf ipv4_devconf = { 71 .data = { 72 [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 1, 73 [IPV4_DEVCONF_SEND_REDIRECTS - 1] = 1, 74 [IPV4_DEVCONF_SECURE_REDIRECTS - 1] = 1, 75 [IPV4_DEVCONF_SHARED_MEDIA - 1] = 1, 76 [IPV4_DEVCONF_IGMPV2_UNSOLICITED_REPORT_INTERVAL - 1] = 10000 /*ms*/, 77 [IPV4_DEVCONF_IGMPV3_UNSOLICITED_REPORT_INTERVAL - 1] = 1000 /*ms*/, 78 [IPV4_DEVCONF_ARP_EVICT_NOCARRIER - 1] = 1, 79 }, 80 }; 81 82 static struct ipv4_devconf ipv4_devconf_dflt = { 83 .data = { 84 [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 1, 85 [IPV4_DEVCONF_SEND_REDIRECTS - 1] = 1, 86 [IPV4_DEVCONF_SECURE_REDIRECTS - 1] = 1, 87 [IPV4_DEVCONF_SHARED_MEDIA - 1] = 1, 88 [IPV4_DEVCONF_ACCEPT_SOURCE_ROUTE - 1] = 1, 89 [IPV4_DEVCONF_IGMPV2_UNSOLICITED_REPORT_INTERVAL - 1] = 10000 /*ms*/, 90 [IPV4_DEVCONF_IGMPV3_UNSOLICITED_REPORT_INTERVAL - 1] = 1000 /*ms*/, 91 [IPV4_DEVCONF_ARP_EVICT_NOCARRIER - 1] = 1, 92 }, 93 }; 94 95 #define IPV4_DEVCONF_DFLT(net, attr) \ 96 IPV4_DEVCONF((*net->ipv4.devconf_dflt), attr) 97 98 static const struct nla_policy ifa_ipv4_policy[IFA_MAX+1] = { 99 [IFA_LOCAL] = { .type = NLA_U32 }, 100 [IFA_ADDRESS] = { .type = NLA_U32 }, 101 [IFA_BROADCAST] = { .type = NLA_U32 }, 102 [IFA_LABEL] = { .type = NLA_STRING, .len = IFNAMSIZ - 1 }, 103 [IFA_CACHEINFO] = { .len = sizeof(struct ifa_cacheinfo) }, 104 [IFA_FLAGS] = { .type = NLA_U32 }, 105 [IFA_RT_PRIORITY] = { .type = NLA_U32 }, 106 [IFA_TARGET_NETNSID] = { .type = NLA_S32 }, 107 [IFA_PROTO] = { .type = NLA_U8 }, 108 }; 109 110 struct inet_fill_args { 111 u32 portid; 112 u32 seq; 113 int event; 114 unsigned int flags; 115 int netnsid; 116 int ifindex; 117 }; 118 119 #define IN4_ADDR_HSIZE_SHIFT 8 120 #define IN4_ADDR_HSIZE (1U << IN4_ADDR_HSIZE_SHIFT) 121 122 static u32 inet_addr_hash(const struct net *net, __be32 addr) 123 { 124 u32 val = (__force u32) addr ^ net_hash_mix(net); 125 126 return hash_32(val, IN4_ADDR_HSIZE_SHIFT); 127 } 128 129 static void inet_hash_insert(struct net *net, struct in_ifaddr *ifa) 130 { 131 u32 hash = inet_addr_hash(net, ifa->ifa_local); 132 133 ASSERT_RTNL(); 134 hlist_add_head_rcu(&ifa->addr_lst, &net->ipv4.inet_addr_lst[hash]); 135 } 136 137 static void inet_hash_remove(struct in_ifaddr *ifa) 138 { 139 ASSERT_RTNL(); 140 hlist_del_init_rcu(&ifa->addr_lst); 141 } 142 143 /** 144 * __ip_dev_find - find the first device with a given source address. 145 * @net: the net namespace 146 * @addr: the source address 147 * @devref: if true, take a reference on the found device 148 * 149 * If a caller uses devref=false, it should be protected by RCU, or RTNL 150 */ 151 struct net_device *__ip_dev_find(struct net *net, __be32 addr, bool devref) 152 { 153 struct net_device *result = NULL; 154 struct in_ifaddr *ifa; 155 156 rcu_read_lock(); 157 ifa = inet_lookup_ifaddr_rcu(net, addr); 158 if (!ifa) { 159 struct flowi4 fl4 = { .daddr = addr }; 160 struct fib_result res = { 0 }; 161 struct fib_table *local; 162 163 /* Fallback to FIB local table so that communication 164 * over loopback subnets work. 165 */ 166 local = fib_get_table(net, RT_TABLE_LOCAL); 167 if (local && 168 !fib_table_lookup(local, &fl4, &res, FIB_LOOKUP_NOREF) && 169 res.type == RTN_LOCAL) 170 result = FIB_RES_DEV(res); 171 } else { 172 result = ifa->ifa_dev->dev; 173 } 174 if (result && devref) 175 dev_hold(result); 176 rcu_read_unlock(); 177 return result; 178 } 179 EXPORT_SYMBOL(__ip_dev_find); 180 181 /* called under RCU lock */ 182 struct in_ifaddr *inet_lookup_ifaddr_rcu(struct net *net, __be32 addr) 183 { 184 u32 hash = inet_addr_hash(net, addr); 185 struct in_ifaddr *ifa; 186 187 hlist_for_each_entry_rcu(ifa, &net->ipv4.inet_addr_lst[hash], addr_lst) 188 if (ifa->ifa_local == addr) 189 return ifa; 190 191 return NULL; 192 } 193 194 static void rtmsg_ifa(int event, struct in_ifaddr *, struct nlmsghdr *, u32); 195 196 static BLOCKING_NOTIFIER_HEAD(inetaddr_chain); 197 static BLOCKING_NOTIFIER_HEAD(inetaddr_validator_chain); 198 static void inet_del_ifa(struct in_device *in_dev, 199 struct in_ifaddr __rcu **ifap, 200 int destroy); 201 #ifdef CONFIG_SYSCTL 202 static int devinet_sysctl_register(struct in_device *idev); 203 static void devinet_sysctl_unregister(struct in_device *idev); 204 #else 205 static int devinet_sysctl_register(struct in_device *idev) 206 { 207 return 0; 208 } 209 static void devinet_sysctl_unregister(struct in_device *idev) 210 { 211 } 212 #endif 213 214 /* Locks all the inet devices. */ 215 216 static struct in_ifaddr *inet_alloc_ifa(struct in_device *in_dev) 217 { 218 struct in_ifaddr *ifa; 219 220 ifa = kzalloc(sizeof(*ifa), GFP_KERNEL_ACCOUNT); 221 if (!ifa) 222 return NULL; 223 224 in_dev_hold(in_dev); 225 ifa->ifa_dev = in_dev; 226 227 INIT_HLIST_NODE(&ifa->addr_lst); 228 229 return ifa; 230 } 231 232 static void inet_rcu_free_ifa(struct rcu_head *head) 233 { 234 struct in_ifaddr *ifa = container_of(head, struct in_ifaddr, rcu_head); 235 236 in_dev_put(ifa->ifa_dev); 237 kfree(ifa); 238 } 239 240 static void inet_free_ifa(struct in_ifaddr *ifa) 241 { 242 /* Our reference to ifa->ifa_dev must be freed ASAP 243 * to release the reference to the netdev the same way. 244 * in_dev_put() -> in_dev_finish_destroy() -> netdev_put() 245 */ 246 call_rcu_hurry(&ifa->rcu_head, inet_rcu_free_ifa); 247 } 248 249 static void in_dev_free_rcu(struct rcu_head *head) 250 { 251 struct in_device *idev = container_of(head, struct in_device, rcu_head); 252 253 kfree(rcu_dereference_protected(idev->mc_hash, 1)); 254 kfree(idev); 255 } 256 257 void in_dev_finish_destroy(struct in_device *idev) 258 { 259 struct net_device *dev = idev->dev; 260 261 WARN_ON(idev->ifa_list); 262 WARN_ON(idev->mc_list); 263 #ifdef NET_REFCNT_DEBUG 264 pr_debug("%s: %p=%s\n", __func__, idev, dev ? dev->name : "NIL"); 265 #endif 266 netdev_put(dev, &idev->dev_tracker); 267 if (!idev->dead) 268 pr_err("Freeing alive in_device %p\n", idev); 269 else 270 call_rcu(&idev->rcu_head, in_dev_free_rcu); 271 } 272 EXPORT_SYMBOL(in_dev_finish_destroy); 273 274 static struct in_device *inetdev_init(struct net_device *dev) 275 { 276 struct in_device *in_dev; 277 int err = -ENOMEM; 278 279 ASSERT_RTNL(); 280 281 in_dev = kzalloc(sizeof(*in_dev), GFP_KERNEL); 282 if (!in_dev) 283 goto out; 284 memcpy(&in_dev->cnf, dev_net(dev)->ipv4.devconf_dflt, 285 sizeof(in_dev->cnf)); 286 in_dev->cnf.sysctl = NULL; 287 in_dev->dev = dev; 288 in_dev->arp_parms = neigh_parms_alloc(dev, &arp_tbl); 289 if (!in_dev->arp_parms) 290 goto out_kfree; 291 if (IPV4_DEVCONF(in_dev->cnf, FORWARDING)) 292 dev_disable_lro(dev); 293 /* Reference in_dev->dev */ 294 netdev_hold(dev, &in_dev->dev_tracker, GFP_KERNEL); 295 /* Account for reference dev->ip_ptr (below) */ 296 refcount_set(&in_dev->refcnt, 1); 297 298 if (dev != blackhole_netdev) { 299 err = devinet_sysctl_register(in_dev); 300 if (err) { 301 in_dev->dead = 1; 302 neigh_parms_release(&arp_tbl, in_dev->arp_parms); 303 in_dev_put(in_dev); 304 in_dev = NULL; 305 goto out; 306 } 307 ip_mc_init_dev(in_dev); 308 if (dev->flags & IFF_UP) 309 ip_mc_up(in_dev); 310 } 311 312 /* we can receive as soon as ip_ptr is set -- do this last */ 313 rcu_assign_pointer(dev->ip_ptr, in_dev); 314 out: 315 return in_dev ?: ERR_PTR(err); 316 out_kfree: 317 kfree(in_dev); 318 in_dev = NULL; 319 goto out; 320 } 321 322 static void inetdev_destroy(struct in_device *in_dev) 323 { 324 struct net_device *dev; 325 struct in_ifaddr *ifa; 326 327 ASSERT_RTNL(); 328 329 dev = in_dev->dev; 330 331 in_dev->dead = 1; 332 333 ip_mc_destroy_dev(in_dev); 334 335 while ((ifa = rtnl_dereference(in_dev->ifa_list)) != NULL) { 336 inet_del_ifa(in_dev, &in_dev->ifa_list, 0); 337 inet_free_ifa(ifa); 338 } 339 340 RCU_INIT_POINTER(dev->ip_ptr, NULL); 341 342 devinet_sysctl_unregister(in_dev); 343 neigh_parms_release(&arp_tbl, in_dev->arp_parms); 344 arp_ifdown(dev); 345 346 in_dev_put(in_dev); 347 } 348 349 static int __init inet_blackhole_dev_init(void) 350 { 351 int err = 0; 352 353 rtnl_lock(); 354 if (!inetdev_init(blackhole_netdev)) 355 err = -ENOMEM; 356 rtnl_unlock(); 357 358 return err; 359 } 360 late_initcall(inet_blackhole_dev_init); 361 362 int inet_addr_onlink(struct in_device *in_dev, __be32 a, __be32 b) 363 { 364 const struct in_ifaddr *ifa; 365 366 rcu_read_lock(); 367 in_dev_for_each_ifa_rcu(ifa, in_dev) { 368 if (inet_ifa_match(a, ifa)) { 369 if (!b || inet_ifa_match(b, ifa)) { 370 rcu_read_unlock(); 371 return 1; 372 } 373 } 374 } 375 rcu_read_unlock(); 376 return 0; 377 } 378 379 static void __inet_del_ifa(struct in_device *in_dev, 380 struct in_ifaddr __rcu **ifap, 381 int destroy, struct nlmsghdr *nlh, u32 portid) 382 { 383 struct in_ifaddr *promote = NULL; 384 struct in_ifaddr *ifa, *ifa1; 385 struct in_ifaddr __rcu **last_prim; 386 struct in_ifaddr *prev_prom = NULL; 387 int do_promote = IN_DEV_PROMOTE_SECONDARIES(in_dev); 388 389 ASSERT_RTNL(); 390 391 ifa1 = rtnl_dereference(*ifap); 392 last_prim = ifap; 393 if (in_dev->dead) 394 goto no_promotions; 395 396 /* 1. Deleting primary ifaddr forces deletion all secondaries 397 * unless alias promotion is set 398 **/ 399 400 if (!(ifa1->ifa_flags & IFA_F_SECONDARY)) { 401 struct in_ifaddr __rcu **ifap1 = &ifa1->ifa_next; 402 403 while ((ifa = rtnl_dereference(*ifap1)) != NULL) { 404 if (!(ifa->ifa_flags & IFA_F_SECONDARY) && 405 ifa1->ifa_scope <= ifa->ifa_scope) 406 last_prim = &ifa->ifa_next; 407 408 if (!(ifa->ifa_flags & IFA_F_SECONDARY) || 409 ifa1->ifa_mask != ifa->ifa_mask || 410 !inet_ifa_match(ifa1->ifa_address, ifa)) { 411 ifap1 = &ifa->ifa_next; 412 prev_prom = ifa; 413 continue; 414 } 415 416 if (!do_promote) { 417 inet_hash_remove(ifa); 418 *ifap1 = ifa->ifa_next; 419 420 rtmsg_ifa(RTM_DELADDR, ifa, nlh, portid); 421 blocking_notifier_call_chain(&inetaddr_chain, 422 NETDEV_DOWN, ifa); 423 inet_free_ifa(ifa); 424 } else { 425 promote = ifa; 426 break; 427 } 428 } 429 } 430 431 /* On promotion all secondaries from subnet are changing 432 * the primary IP, we must remove all their routes silently 433 * and later to add them back with new prefsrc. Do this 434 * while all addresses are on the device list. 435 */ 436 for (ifa = promote; ifa; ifa = rtnl_dereference(ifa->ifa_next)) { 437 if (ifa1->ifa_mask == ifa->ifa_mask && 438 inet_ifa_match(ifa1->ifa_address, ifa)) 439 fib_del_ifaddr(ifa, ifa1); 440 } 441 442 no_promotions: 443 /* 2. Unlink it */ 444 445 *ifap = ifa1->ifa_next; 446 inet_hash_remove(ifa1); 447 448 /* 3. Announce address deletion */ 449 450 /* Send message first, then call notifier. 451 At first sight, FIB update triggered by notifier 452 will refer to already deleted ifaddr, that could confuse 453 netlink listeners. It is not true: look, gated sees 454 that route deleted and if it still thinks that ifaddr 455 is valid, it will try to restore deleted routes... Grr. 456 So that, this order is correct. 457 */ 458 rtmsg_ifa(RTM_DELADDR, ifa1, nlh, portid); 459 blocking_notifier_call_chain(&inetaddr_chain, NETDEV_DOWN, ifa1); 460 461 if (promote) { 462 struct in_ifaddr *next_sec; 463 464 next_sec = rtnl_dereference(promote->ifa_next); 465 if (prev_prom) { 466 struct in_ifaddr *last_sec; 467 468 rcu_assign_pointer(prev_prom->ifa_next, next_sec); 469 470 last_sec = rtnl_dereference(*last_prim); 471 rcu_assign_pointer(promote->ifa_next, last_sec); 472 rcu_assign_pointer(*last_prim, promote); 473 } 474 475 promote->ifa_flags &= ~IFA_F_SECONDARY; 476 rtmsg_ifa(RTM_NEWADDR, promote, nlh, portid); 477 blocking_notifier_call_chain(&inetaddr_chain, 478 NETDEV_UP, promote); 479 for (ifa = next_sec; ifa; 480 ifa = rtnl_dereference(ifa->ifa_next)) { 481 if (ifa1->ifa_mask != ifa->ifa_mask || 482 !inet_ifa_match(ifa1->ifa_address, ifa)) 483 continue; 484 fib_add_ifaddr(ifa); 485 } 486 487 } 488 if (destroy) 489 inet_free_ifa(ifa1); 490 } 491 492 static void inet_del_ifa(struct in_device *in_dev, 493 struct in_ifaddr __rcu **ifap, 494 int destroy) 495 { 496 __inet_del_ifa(in_dev, ifap, destroy, NULL, 0); 497 } 498 499 static int __inet_insert_ifa(struct in_ifaddr *ifa, struct nlmsghdr *nlh, 500 u32 portid, struct netlink_ext_ack *extack) 501 { 502 struct in_ifaddr __rcu **last_primary, **ifap; 503 struct in_device *in_dev = ifa->ifa_dev; 504 struct net *net = dev_net(in_dev->dev); 505 struct in_validator_info ivi; 506 struct in_ifaddr *ifa1; 507 int ret; 508 509 ASSERT_RTNL(); 510 511 if (!ifa->ifa_local) { 512 inet_free_ifa(ifa); 513 return 0; 514 } 515 516 ifa->ifa_flags &= ~IFA_F_SECONDARY; 517 last_primary = &in_dev->ifa_list; 518 519 /* Don't set IPv6 only flags to IPv4 addresses */ 520 ifa->ifa_flags &= ~IPV6ONLY_FLAGS; 521 522 ifap = &in_dev->ifa_list; 523 ifa1 = rtnl_dereference(*ifap); 524 525 while (ifa1) { 526 if (!(ifa1->ifa_flags & IFA_F_SECONDARY) && 527 ifa->ifa_scope <= ifa1->ifa_scope) 528 last_primary = &ifa1->ifa_next; 529 if (ifa1->ifa_mask == ifa->ifa_mask && 530 inet_ifa_match(ifa1->ifa_address, ifa)) { 531 if (ifa1->ifa_local == ifa->ifa_local) { 532 inet_free_ifa(ifa); 533 return -EEXIST; 534 } 535 if (ifa1->ifa_scope != ifa->ifa_scope) { 536 NL_SET_ERR_MSG(extack, "ipv4: Invalid scope value"); 537 inet_free_ifa(ifa); 538 return -EINVAL; 539 } 540 ifa->ifa_flags |= IFA_F_SECONDARY; 541 } 542 543 ifap = &ifa1->ifa_next; 544 ifa1 = rtnl_dereference(*ifap); 545 } 546 547 /* Allow any devices that wish to register ifaddr validtors to weigh 548 * in now, before changes are committed. The rntl lock is serializing 549 * access here, so the state should not change between a validator call 550 * and a final notify on commit. This isn't invoked on promotion under 551 * the assumption that validators are checking the address itself, and 552 * not the flags. 553 */ 554 ivi.ivi_addr = ifa->ifa_address; 555 ivi.ivi_dev = ifa->ifa_dev; 556 ivi.extack = extack; 557 ret = blocking_notifier_call_chain(&inetaddr_validator_chain, 558 NETDEV_UP, &ivi); 559 ret = notifier_to_errno(ret); 560 if (ret) { 561 inet_free_ifa(ifa); 562 return ret; 563 } 564 565 if (!(ifa->ifa_flags & IFA_F_SECONDARY)) 566 ifap = last_primary; 567 568 rcu_assign_pointer(ifa->ifa_next, *ifap); 569 rcu_assign_pointer(*ifap, ifa); 570 571 inet_hash_insert(dev_net(in_dev->dev), ifa); 572 573 cancel_delayed_work(&net->ipv4.addr_chk_work); 574 queue_delayed_work(system_power_efficient_wq, &net->ipv4.addr_chk_work, 0); 575 576 /* Send message first, then call notifier. 577 Notifier will trigger FIB update, so that 578 listeners of netlink will know about new ifaddr */ 579 rtmsg_ifa(RTM_NEWADDR, ifa, nlh, portid); 580 blocking_notifier_call_chain(&inetaddr_chain, NETDEV_UP, ifa); 581 582 return 0; 583 } 584 585 static int inet_insert_ifa(struct in_ifaddr *ifa) 586 { 587 return __inet_insert_ifa(ifa, NULL, 0, NULL); 588 } 589 590 static int inet_set_ifa(struct net_device *dev, struct in_ifaddr *ifa) 591 { 592 struct in_device *in_dev = __in_dev_get_rtnl(dev); 593 594 ASSERT_RTNL(); 595 596 ipv4_devconf_setall(in_dev); 597 neigh_parms_data_state_setall(in_dev->arp_parms); 598 599 if (ipv4_is_loopback(ifa->ifa_local)) 600 ifa->ifa_scope = RT_SCOPE_HOST; 601 return inet_insert_ifa(ifa); 602 } 603 604 /* Caller must hold RCU or RTNL : 605 * We dont take a reference on found in_device 606 */ 607 struct in_device *inetdev_by_index(struct net *net, int ifindex) 608 { 609 struct net_device *dev; 610 struct in_device *in_dev = NULL; 611 612 rcu_read_lock(); 613 dev = dev_get_by_index_rcu(net, ifindex); 614 if (dev) 615 in_dev = rcu_dereference_rtnl(dev->ip_ptr); 616 rcu_read_unlock(); 617 return in_dev; 618 } 619 EXPORT_SYMBOL(inetdev_by_index); 620 621 /* Called only from RTNL semaphored context. No locks. */ 622 623 struct in_ifaddr *inet_ifa_byprefix(struct in_device *in_dev, __be32 prefix, 624 __be32 mask) 625 { 626 struct in_ifaddr *ifa; 627 628 ASSERT_RTNL(); 629 630 in_dev_for_each_ifa_rtnl(ifa, in_dev) { 631 if (ifa->ifa_mask == mask && inet_ifa_match(prefix, ifa)) 632 return ifa; 633 } 634 return NULL; 635 } 636 637 static int ip_mc_autojoin_config(struct net *net, bool join, 638 const struct in_ifaddr *ifa) 639 { 640 #if defined(CONFIG_IP_MULTICAST) 641 struct ip_mreqn mreq = { 642 .imr_multiaddr.s_addr = ifa->ifa_address, 643 .imr_ifindex = ifa->ifa_dev->dev->ifindex, 644 }; 645 struct sock *sk = net->ipv4.mc_autojoin_sk; 646 int ret; 647 648 ASSERT_RTNL(); 649 650 lock_sock(sk); 651 if (join) 652 ret = ip_mc_join_group(sk, &mreq); 653 else 654 ret = ip_mc_leave_group(sk, &mreq); 655 release_sock(sk); 656 657 return ret; 658 #else 659 return -EOPNOTSUPP; 660 #endif 661 } 662 663 static int inet_rtm_deladdr(struct sk_buff *skb, struct nlmsghdr *nlh, 664 struct netlink_ext_ack *extack) 665 { 666 struct net *net = sock_net(skb->sk); 667 struct in_ifaddr __rcu **ifap; 668 struct nlattr *tb[IFA_MAX+1]; 669 struct in_device *in_dev; 670 struct ifaddrmsg *ifm; 671 struct in_ifaddr *ifa; 672 int err; 673 674 ASSERT_RTNL(); 675 676 err = nlmsg_parse_deprecated(nlh, sizeof(*ifm), tb, IFA_MAX, 677 ifa_ipv4_policy, extack); 678 if (err < 0) 679 goto errout; 680 681 ifm = nlmsg_data(nlh); 682 in_dev = inetdev_by_index(net, ifm->ifa_index); 683 if (!in_dev) { 684 NL_SET_ERR_MSG(extack, "ipv4: Device not found"); 685 err = -ENODEV; 686 goto errout; 687 } 688 689 for (ifap = &in_dev->ifa_list; (ifa = rtnl_dereference(*ifap)) != NULL; 690 ifap = &ifa->ifa_next) { 691 if (tb[IFA_LOCAL] && 692 ifa->ifa_local != nla_get_in_addr(tb[IFA_LOCAL])) 693 continue; 694 695 if (tb[IFA_LABEL] && nla_strcmp(tb[IFA_LABEL], ifa->ifa_label)) 696 continue; 697 698 if (tb[IFA_ADDRESS] && 699 (ifm->ifa_prefixlen != ifa->ifa_prefixlen || 700 !inet_ifa_match(nla_get_in_addr(tb[IFA_ADDRESS]), ifa))) 701 continue; 702 703 if (ipv4_is_multicast(ifa->ifa_address)) 704 ip_mc_autojoin_config(net, false, ifa); 705 __inet_del_ifa(in_dev, ifap, 1, nlh, NETLINK_CB(skb).portid); 706 return 0; 707 } 708 709 NL_SET_ERR_MSG(extack, "ipv4: Address not found"); 710 err = -EADDRNOTAVAIL; 711 errout: 712 return err; 713 } 714 715 static void check_lifetime(struct work_struct *work) 716 { 717 unsigned long now, next, next_sec, next_sched; 718 struct in_ifaddr *ifa; 719 struct hlist_node *n; 720 struct net *net; 721 int i; 722 723 net = container_of(to_delayed_work(work), struct net, ipv4.addr_chk_work); 724 now = jiffies; 725 next = round_jiffies_up(now + ADDR_CHECK_FREQUENCY); 726 727 for (i = 0; i < IN4_ADDR_HSIZE; i++) { 728 struct hlist_head *head = &net->ipv4.inet_addr_lst[i]; 729 bool change_needed = false; 730 731 rcu_read_lock(); 732 hlist_for_each_entry_rcu(ifa, head, addr_lst) { 733 unsigned long age, tstamp; 734 u32 preferred_lft; 735 u32 valid_lft; 736 u32 flags; 737 738 flags = READ_ONCE(ifa->ifa_flags); 739 if (flags & IFA_F_PERMANENT) 740 continue; 741 742 preferred_lft = READ_ONCE(ifa->ifa_preferred_lft); 743 valid_lft = READ_ONCE(ifa->ifa_valid_lft); 744 tstamp = READ_ONCE(ifa->ifa_tstamp); 745 /* We try to batch several events at once. */ 746 age = (now - tstamp + 747 ADDRCONF_TIMER_FUZZ_MINUS) / HZ; 748 749 if (valid_lft != INFINITY_LIFE_TIME && 750 age >= valid_lft) { 751 change_needed = true; 752 } else if (preferred_lft == 753 INFINITY_LIFE_TIME) { 754 continue; 755 } else if (age >= preferred_lft) { 756 if (time_before(tstamp + valid_lft * HZ, next)) 757 next = tstamp + valid_lft * HZ; 758 759 if (!(flags & IFA_F_DEPRECATED)) 760 change_needed = true; 761 } else if (time_before(tstamp + preferred_lft * HZ, 762 next)) { 763 next = tstamp + preferred_lft * HZ; 764 } 765 } 766 rcu_read_unlock(); 767 if (!change_needed) 768 continue; 769 rtnl_lock(); 770 hlist_for_each_entry_safe(ifa, n, head, addr_lst) { 771 unsigned long age; 772 773 if (ifa->ifa_flags & IFA_F_PERMANENT) 774 continue; 775 776 /* We try to batch several events at once. */ 777 age = (now - ifa->ifa_tstamp + 778 ADDRCONF_TIMER_FUZZ_MINUS) / HZ; 779 780 if (ifa->ifa_valid_lft != INFINITY_LIFE_TIME && 781 age >= ifa->ifa_valid_lft) { 782 struct in_ifaddr __rcu **ifap; 783 struct in_ifaddr *tmp; 784 785 ifap = &ifa->ifa_dev->ifa_list; 786 tmp = rtnl_dereference(*ifap); 787 while (tmp) { 788 if (tmp == ifa) { 789 inet_del_ifa(ifa->ifa_dev, 790 ifap, 1); 791 break; 792 } 793 ifap = &tmp->ifa_next; 794 tmp = rtnl_dereference(*ifap); 795 } 796 } else if (ifa->ifa_preferred_lft != 797 INFINITY_LIFE_TIME && 798 age >= ifa->ifa_preferred_lft && 799 !(ifa->ifa_flags & IFA_F_DEPRECATED)) { 800 ifa->ifa_flags |= IFA_F_DEPRECATED; 801 rtmsg_ifa(RTM_NEWADDR, ifa, NULL, 0); 802 } 803 } 804 rtnl_unlock(); 805 } 806 807 next_sec = round_jiffies_up(next); 808 next_sched = next; 809 810 /* If rounded timeout is accurate enough, accept it. */ 811 if (time_before(next_sec, next + ADDRCONF_TIMER_FUZZ)) 812 next_sched = next_sec; 813 814 now = jiffies; 815 /* And minimum interval is ADDRCONF_TIMER_FUZZ_MAX. */ 816 if (time_before(next_sched, now + ADDRCONF_TIMER_FUZZ_MAX)) 817 next_sched = now + ADDRCONF_TIMER_FUZZ_MAX; 818 819 queue_delayed_work(system_power_efficient_wq, &net->ipv4.addr_chk_work, 820 next_sched - now); 821 } 822 823 static void set_ifa_lifetime(struct in_ifaddr *ifa, __u32 valid_lft, 824 __u32 prefered_lft) 825 { 826 unsigned long timeout; 827 u32 flags; 828 829 flags = ifa->ifa_flags & ~(IFA_F_PERMANENT | IFA_F_DEPRECATED); 830 831 timeout = addrconf_timeout_fixup(valid_lft, HZ); 832 if (addrconf_finite_timeout(timeout)) 833 WRITE_ONCE(ifa->ifa_valid_lft, timeout); 834 else 835 flags |= IFA_F_PERMANENT; 836 837 timeout = addrconf_timeout_fixup(prefered_lft, HZ); 838 if (addrconf_finite_timeout(timeout)) { 839 if (timeout == 0) 840 flags |= IFA_F_DEPRECATED; 841 WRITE_ONCE(ifa->ifa_preferred_lft, timeout); 842 } 843 WRITE_ONCE(ifa->ifa_flags, flags); 844 WRITE_ONCE(ifa->ifa_tstamp, jiffies); 845 if (!ifa->ifa_cstamp) 846 WRITE_ONCE(ifa->ifa_cstamp, ifa->ifa_tstamp); 847 } 848 849 static struct in_ifaddr *rtm_to_ifaddr(struct net *net, struct nlmsghdr *nlh, 850 __u32 *pvalid_lft, __u32 *pprefered_lft, 851 struct netlink_ext_ack *extack) 852 { 853 struct nlattr *tb[IFA_MAX+1]; 854 struct in_ifaddr *ifa; 855 struct ifaddrmsg *ifm; 856 struct net_device *dev; 857 struct in_device *in_dev; 858 int err; 859 860 err = nlmsg_parse_deprecated(nlh, sizeof(*ifm), tb, IFA_MAX, 861 ifa_ipv4_policy, extack); 862 if (err < 0) 863 goto errout; 864 865 ifm = nlmsg_data(nlh); 866 err = -EINVAL; 867 868 if (ifm->ifa_prefixlen > 32) { 869 NL_SET_ERR_MSG(extack, "ipv4: Invalid prefix length"); 870 goto errout; 871 } 872 873 if (!tb[IFA_LOCAL]) { 874 NL_SET_ERR_MSG(extack, "ipv4: Local address is not supplied"); 875 goto errout; 876 } 877 878 dev = __dev_get_by_index(net, ifm->ifa_index); 879 err = -ENODEV; 880 if (!dev) { 881 NL_SET_ERR_MSG(extack, "ipv4: Device not found"); 882 goto errout; 883 } 884 885 in_dev = __in_dev_get_rtnl(dev); 886 err = -ENOBUFS; 887 if (!in_dev) 888 goto errout; 889 890 ifa = inet_alloc_ifa(in_dev); 891 if (!ifa) 892 /* 893 * A potential indev allocation can be left alive, it stays 894 * assigned to its device and is destroy with it. 895 */ 896 goto errout; 897 898 ipv4_devconf_setall(in_dev); 899 neigh_parms_data_state_setall(in_dev->arp_parms); 900 901 if (!tb[IFA_ADDRESS]) 902 tb[IFA_ADDRESS] = tb[IFA_LOCAL]; 903 904 ifa->ifa_prefixlen = ifm->ifa_prefixlen; 905 ifa->ifa_mask = inet_make_mask(ifm->ifa_prefixlen); 906 ifa->ifa_flags = tb[IFA_FLAGS] ? nla_get_u32(tb[IFA_FLAGS]) : 907 ifm->ifa_flags; 908 ifa->ifa_scope = ifm->ifa_scope; 909 ifa->ifa_local = nla_get_in_addr(tb[IFA_LOCAL]); 910 ifa->ifa_address = nla_get_in_addr(tb[IFA_ADDRESS]); 911 912 if (tb[IFA_BROADCAST]) 913 ifa->ifa_broadcast = nla_get_in_addr(tb[IFA_BROADCAST]); 914 915 if (tb[IFA_LABEL]) 916 nla_strscpy(ifa->ifa_label, tb[IFA_LABEL], IFNAMSIZ); 917 else 918 memcpy(ifa->ifa_label, dev->name, IFNAMSIZ); 919 920 if (tb[IFA_RT_PRIORITY]) 921 ifa->ifa_rt_priority = nla_get_u32(tb[IFA_RT_PRIORITY]); 922 923 if (tb[IFA_PROTO]) 924 ifa->ifa_proto = nla_get_u8(tb[IFA_PROTO]); 925 926 if (tb[IFA_CACHEINFO]) { 927 struct ifa_cacheinfo *ci; 928 929 ci = nla_data(tb[IFA_CACHEINFO]); 930 if (!ci->ifa_valid || ci->ifa_prefered > ci->ifa_valid) { 931 NL_SET_ERR_MSG(extack, "ipv4: address lifetime invalid"); 932 err = -EINVAL; 933 goto errout_free; 934 } 935 *pvalid_lft = ci->ifa_valid; 936 *pprefered_lft = ci->ifa_prefered; 937 } 938 939 return ifa; 940 941 errout_free: 942 inet_free_ifa(ifa); 943 errout: 944 return ERR_PTR(err); 945 } 946 947 static struct in_ifaddr *find_matching_ifa(struct in_ifaddr *ifa) 948 { 949 struct in_device *in_dev = ifa->ifa_dev; 950 struct in_ifaddr *ifa1; 951 952 if (!ifa->ifa_local) 953 return NULL; 954 955 in_dev_for_each_ifa_rtnl(ifa1, in_dev) { 956 if (ifa1->ifa_mask == ifa->ifa_mask && 957 inet_ifa_match(ifa1->ifa_address, ifa) && 958 ifa1->ifa_local == ifa->ifa_local) 959 return ifa1; 960 } 961 return NULL; 962 } 963 964 static int inet_rtm_newaddr(struct sk_buff *skb, struct nlmsghdr *nlh, 965 struct netlink_ext_ack *extack) 966 { 967 struct net *net = sock_net(skb->sk); 968 struct in_ifaddr *ifa; 969 struct in_ifaddr *ifa_existing; 970 __u32 valid_lft = INFINITY_LIFE_TIME; 971 __u32 prefered_lft = INFINITY_LIFE_TIME; 972 973 ASSERT_RTNL(); 974 975 ifa = rtm_to_ifaddr(net, nlh, &valid_lft, &prefered_lft, extack); 976 if (IS_ERR(ifa)) 977 return PTR_ERR(ifa); 978 979 ifa_existing = find_matching_ifa(ifa); 980 if (!ifa_existing) { 981 /* It would be best to check for !NLM_F_CREATE here but 982 * userspace already relies on not having to provide this. 983 */ 984 set_ifa_lifetime(ifa, valid_lft, prefered_lft); 985 if (ifa->ifa_flags & IFA_F_MCAUTOJOIN) { 986 int ret = ip_mc_autojoin_config(net, true, ifa); 987 988 if (ret < 0) { 989 NL_SET_ERR_MSG(extack, "ipv4: Multicast auto join failed"); 990 inet_free_ifa(ifa); 991 return ret; 992 } 993 } 994 return __inet_insert_ifa(ifa, nlh, NETLINK_CB(skb).portid, 995 extack); 996 } else { 997 u32 new_metric = ifa->ifa_rt_priority; 998 u8 new_proto = ifa->ifa_proto; 999 1000 inet_free_ifa(ifa); 1001 1002 if (nlh->nlmsg_flags & NLM_F_EXCL || 1003 !(nlh->nlmsg_flags & NLM_F_REPLACE)) { 1004 NL_SET_ERR_MSG(extack, "ipv4: Address already assigned"); 1005 return -EEXIST; 1006 } 1007 ifa = ifa_existing; 1008 1009 if (ifa->ifa_rt_priority != new_metric) { 1010 fib_modify_prefix_metric(ifa, new_metric); 1011 ifa->ifa_rt_priority = new_metric; 1012 } 1013 1014 ifa->ifa_proto = new_proto; 1015 1016 set_ifa_lifetime(ifa, valid_lft, prefered_lft); 1017 cancel_delayed_work(&net->ipv4.addr_chk_work); 1018 queue_delayed_work(system_power_efficient_wq, 1019 &net->ipv4.addr_chk_work, 0); 1020 rtmsg_ifa(RTM_NEWADDR, ifa, nlh, NETLINK_CB(skb).portid); 1021 } 1022 return 0; 1023 } 1024 1025 /* 1026 * Determine a default network mask, based on the IP address. 1027 */ 1028 1029 static int inet_abc_len(__be32 addr) 1030 { 1031 int rc = -1; /* Something else, probably a multicast. */ 1032 1033 if (ipv4_is_zeronet(addr) || ipv4_is_lbcast(addr)) 1034 rc = 0; 1035 else { 1036 __u32 haddr = ntohl(addr); 1037 if (IN_CLASSA(haddr)) 1038 rc = 8; 1039 else if (IN_CLASSB(haddr)) 1040 rc = 16; 1041 else if (IN_CLASSC(haddr)) 1042 rc = 24; 1043 else if (IN_CLASSE(haddr)) 1044 rc = 32; 1045 } 1046 1047 return rc; 1048 } 1049 1050 1051 int devinet_ioctl(struct net *net, unsigned int cmd, struct ifreq *ifr) 1052 { 1053 struct sockaddr_in sin_orig; 1054 struct sockaddr_in *sin = (struct sockaddr_in *)&ifr->ifr_addr; 1055 struct in_ifaddr __rcu **ifap = NULL; 1056 struct in_device *in_dev; 1057 struct in_ifaddr *ifa = NULL; 1058 struct net_device *dev; 1059 char *colon; 1060 int ret = -EFAULT; 1061 int tryaddrmatch = 0; 1062 1063 ifr->ifr_name[IFNAMSIZ - 1] = 0; 1064 1065 /* save original address for comparison */ 1066 memcpy(&sin_orig, sin, sizeof(*sin)); 1067 1068 colon = strchr(ifr->ifr_name, ':'); 1069 if (colon) 1070 *colon = 0; 1071 1072 dev_load(net, ifr->ifr_name); 1073 1074 switch (cmd) { 1075 case SIOCGIFADDR: /* Get interface address */ 1076 case SIOCGIFBRDADDR: /* Get the broadcast address */ 1077 case SIOCGIFDSTADDR: /* Get the destination address */ 1078 case SIOCGIFNETMASK: /* Get the netmask for the interface */ 1079 /* Note that these ioctls will not sleep, 1080 so that we do not impose a lock. 1081 One day we will be forced to put shlock here (I mean SMP) 1082 */ 1083 tryaddrmatch = (sin_orig.sin_family == AF_INET); 1084 memset(sin, 0, sizeof(*sin)); 1085 sin->sin_family = AF_INET; 1086 break; 1087 1088 case SIOCSIFFLAGS: 1089 ret = -EPERM; 1090 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) 1091 goto out; 1092 break; 1093 case SIOCSIFADDR: /* Set interface address (and family) */ 1094 case SIOCSIFBRDADDR: /* Set the broadcast address */ 1095 case SIOCSIFDSTADDR: /* Set the destination address */ 1096 case SIOCSIFNETMASK: /* Set the netmask for the interface */ 1097 ret = -EPERM; 1098 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) 1099 goto out; 1100 ret = -EINVAL; 1101 if (sin->sin_family != AF_INET) 1102 goto out; 1103 break; 1104 default: 1105 ret = -EINVAL; 1106 goto out; 1107 } 1108 1109 rtnl_lock(); 1110 1111 ret = -ENODEV; 1112 dev = __dev_get_by_name(net, ifr->ifr_name); 1113 if (!dev) 1114 goto done; 1115 1116 if (colon) 1117 *colon = ':'; 1118 1119 in_dev = __in_dev_get_rtnl(dev); 1120 if (in_dev) { 1121 if (tryaddrmatch) { 1122 /* Matthias Andree */ 1123 /* compare label and address (4.4BSD style) */ 1124 /* note: we only do this for a limited set of ioctls 1125 and only if the original address family was AF_INET. 1126 This is checked above. */ 1127 1128 for (ifap = &in_dev->ifa_list; 1129 (ifa = rtnl_dereference(*ifap)) != NULL; 1130 ifap = &ifa->ifa_next) { 1131 if (!strcmp(ifr->ifr_name, ifa->ifa_label) && 1132 sin_orig.sin_addr.s_addr == 1133 ifa->ifa_local) { 1134 break; /* found */ 1135 } 1136 } 1137 } 1138 /* we didn't get a match, maybe the application is 1139 4.3BSD-style and passed in junk so we fall back to 1140 comparing just the label */ 1141 if (!ifa) { 1142 for (ifap = &in_dev->ifa_list; 1143 (ifa = rtnl_dereference(*ifap)) != NULL; 1144 ifap = &ifa->ifa_next) 1145 if (!strcmp(ifr->ifr_name, ifa->ifa_label)) 1146 break; 1147 } 1148 } 1149 1150 ret = -EADDRNOTAVAIL; 1151 if (!ifa && cmd != SIOCSIFADDR && cmd != SIOCSIFFLAGS) 1152 goto done; 1153 1154 switch (cmd) { 1155 case SIOCGIFADDR: /* Get interface address */ 1156 ret = 0; 1157 sin->sin_addr.s_addr = ifa->ifa_local; 1158 break; 1159 1160 case SIOCGIFBRDADDR: /* Get the broadcast address */ 1161 ret = 0; 1162 sin->sin_addr.s_addr = ifa->ifa_broadcast; 1163 break; 1164 1165 case SIOCGIFDSTADDR: /* Get the destination address */ 1166 ret = 0; 1167 sin->sin_addr.s_addr = ifa->ifa_address; 1168 break; 1169 1170 case SIOCGIFNETMASK: /* Get the netmask for the interface */ 1171 ret = 0; 1172 sin->sin_addr.s_addr = ifa->ifa_mask; 1173 break; 1174 1175 case SIOCSIFFLAGS: 1176 if (colon) { 1177 ret = -EADDRNOTAVAIL; 1178 if (!ifa) 1179 break; 1180 ret = 0; 1181 if (!(ifr->ifr_flags & IFF_UP)) 1182 inet_del_ifa(in_dev, ifap, 1); 1183 break; 1184 } 1185 ret = dev_change_flags(dev, ifr->ifr_flags, NULL); 1186 break; 1187 1188 case SIOCSIFADDR: /* Set interface address (and family) */ 1189 ret = -EINVAL; 1190 if (inet_abc_len(sin->sin_addr.s_addr) < 0) 1191 break; 1192 1193 if (!ifa) { 1194 ret = -ENOBUFS; 1195 if (!in_dev) 1196 break; 1197 ifa = inet_alloc_ifa(in_dev); 1198 if (!ifa) 1199 break; 1200 1201 if (colon) 1202 memcpy(ifa->ifa_label, ifr->ifr_name, IFNAMSIZ); 1203 else 1204 memcpy(ifa->ifa_label, dev->name, IFNAMSIZ); 1205 } else { 1206 ret = 0; 1207 if (ifa->ifa_local == sin->sin_addr.s_addr) 1208 break; 1209 inet_del_ifa(in_dev, ifap, 0); 1210 ifa->ifa_broadcast = 0; 1211 ifa->ifa_scope = 0; 1212 } 1213 1214 ifa->ifa_address = ifa->ifa_local = sin->sin_addr.s_addr; 1215 1216 if (!(dev->flags & IFF_POINTOPOINT)) { 1217 ifa->ifa_prefixlen = inet_abc_len(ifa->ifa_address); 1218 ifa->ifa_mask = inet_make_mask(ifa->ifa_prefixlen); 1219 if ((dev->flags & IFF_BROADCAST) && 1220 ifa->ifa_prefixlen < 31) 1221 ifa->ifa_broadcast = ifa->ifa_address | 1222 ~ifa->ifa_mask; 1223 } else { 1224 ifa->ifa_prefixlen = 32; 1225 ifa->ifa_mask = inet_make_mask(32); 1226 } 1227 set_ifa_lifetime(ifa, INFINITY_LIFE_TIME, INFINITY_LIFE_TIME); 1228 ret = inet_set_ifa(dev, ifa); 1229 break; 1230 1231 case SIOCSIFBRDADDR: /* Set the broadcast address */ 1232 ret = 0; 1233 if (ifa->ifa_broadcast != sin->sin_addr.s_addr) { 1234 inet_del_ifa(in_dev, ifap, 0); 1235 ifa->ifa_broadcast = sin->sin_addr.s_addr; 1236 inet_insert_ifa(ifa); 1237 } 1238 break; 1239 1240 case SIOCSIFDSTADDR: /* Set the destination address */ 1241 ret = 0; 1242 if (ifa->ifa_address == sin->sin_addr.s_addr) 1243 break; 1244 ret = -EINVAL; 1245 if (inet_abc_len(sin->sin_addr.s_addr) < 0) 1246 break; 1247 ret = 0; 1248 inet_del_ifa(in_dev, ifap, 0); 1249 ifa->ifa_address = sin->sin_addr.s_addr; 1250 inet_insert_ifa(ifa); 1251 break; 1252 1253 case SIOCSIFNETMASK: /* Set the netmask for the interface */ 1254 1255 /* 1256 * The mask we set must be legal. 1257 */ 1258 ret = -EINVAL; 1259 if (bad_mask(sin->sin_addr.s_addr, 0)) 1260 break; 1261 ret = 0; 1262 if (ifa->ifa_mask != sin->sin_addr.s_addr) { 1263 __be32 old_mask = ifa->ifa_mask; 1264 inet_del_ifa(in_dev, ifap, 0); 1265 ifa->ifa_mask = sin->sin_addr.s_addr; 1266 ifa->ifa_prefixlen = inet_mask_len(ifa->ifa_mask); 1267 1268 /* See if current broadcast address matches 1269 * with current netmask, then recalculate 1270 * the broadcast address. Otherwise it's a 1271 * funny address, so don't touch it since 1272 * the user seems to know what (s)he's doing... 1273 */ 1274 if ((dev->flags & IFF_BROADCAST) && 1275 (ifa->ifa_prefixlen < 31) && 1276 (ifa->ifa_broadcast == 1277 (ifa->ifa_local|~old_mask))) { 1278 ifa->ifa_broadcast = (ifa->ifa_local | 1279 ~sin->sin_addr.s_addr); 1280 } 1281 inet_insert_ifa(ifa); 1282 } 1283 break; 1284 } 1285 done: 1286 rtnl_unlock(); 1287 out: 1288 return ret; 1289 } 1290 1291 int inet_gifconf(struct net_device *dev, char __user *buf, int len, int size) 1292 { 1293 struct in_device *in_dev = __in_dev_get_rtnl(dev); 1294 const struct in_ifaddr *ifa; 1295 struct ifreq ifr; 1296 int done = 0; 1297 1298 if (WARN_ON(size > sizeof(struct ifreq))) 1299 goto out; 1300 1301 if (!in_dev) 1302 goto out; 1303 1304 in_dev_for_each_ifa_rtnl(ifa, in_dev) { 1305 if (!buf) { 1306 done += size; 1307 continue; 1308 } 1309 if (len < size) 1310 break; 1311 memset(&ifr, 0, sizeof(struct ifreq)); 1312 strcpy(ifr.ifr_name, ifa->ifa_label); 1313 1314 (*(struct sockaddr_in *)&ifr.ifr_addr).sin_family = AF_INET; 1315 (*(struct sockaddr_in *)&ifr.ifr_addr).sin_addr.s_addr = 1316 ifa->ifa_local; 1317 1318 if (copy_to_user(buf + done, &ifr, size)) { 1319 done = -EFAULT; 1320 break; 1321 } 1322 len -= size; 1323 done += size; 1324 } 1325 out: 1326 return done; 1327 } 1328 1329 static __be32 in_dev_select_addr(const struct in_device *in_dev, 1330 int scope) 1331 { 1332 const struct in_ifaddr *ifa; 1333 1334 in_dev_for_each_ifa_rcu(ifa, in_dev) { 1335 if (READ_ONCE(ifa->ifa_flags) & IFA_F_SECONDARY) 1336 continue; 1337 if (ifa->ifa_scope != RT_SCOPE_LINK && 1338 ifa->ifa_scope <= scope) 1339 return ifa->ifa_local; 1340 } 1341 1342 return 0; 1343 } 1344 1345 __be32 inet_select_addr(const struct net_device *dev, __be32 dst, int scope) 1346 { 1347 const struct in_ifaddr *ifa; 1348 __be32 addr = 0; 1349 unsigned char localnet_scope = RT_SCOPE_HOST; 1350 struct in_device *in_dev; 1351 struct net *net = dev_net(dev); 1352 int master_idx; 1353 1354 rcu_read_lock(); 1355 in_dev = __in_dev_get_rcu(dev); 1356 if (!in_dev) 1357 goto no_in_dev; 1358 1359 if (unlikely(IN_DEV_ROUTE_LOCALNET(in_dev))) 1360 localnet_scope = RT_SCOPE_LINK; 1361 1362 in_dev_for_each_ifa_rcu(ifa, in_dev) { 1363 if (READ_ONCE(ifa->ifa_flags) & IFA_F_SECONDARY) 1364 continue; 1365 if (min(ifa->ifa_scope, localnet_scope) > scope) 1366 continue; 1367 if (!dst || inet_ifa_match(dst, ifa)) { 1368 addr = ifa->ifa_local; 1369 break; 1370 } 1371 if (!addr) 1372 addr = ifa->ifa_local; 1373 } 1374 1375 if (addr) 1376 goto out_unlock; 1377 no_in_dev: 1378 master_idx = l3mdev_master_ifindex_rcu(dev); 1379 1380 /* For VRFs, the VRF device takes the place of the loopback device, 1381 * with addresses on it being preferred. Note in such cases the 1382 * loopback device will be among the devices that fail the master_idx 1383 * equality check in the loop below. 1384 */ 1385 if (master_idx && 1386 (dev = dev_get_by_index_rcu(net, master_idx)) && 1387 (in_dev = __in_dev_get_rcu(dev))) { 1388 addr = in_dev_select_addr(in_dev, scope); 1389 if (addr) 1390 goto out_unlock; 1391 } 1392 1393 /* Not loopback addresses on loopback should be preferred 1394 in this case. It is important that lo is the first interface 1395 in dev_base list. 1396 */ 1397 for_each_netdev_rcu(net, dev) { 1398 if (l3mdev_master_ifindex_rcu(dev) != master_idx) 1399 continue; 1400 1401 in_dev = __in_dev_get_rcu(dev); 1402 if (!in_dev) 1403 continue; 1404 1405 addr = in_dev_select_addr(in_dev, scope); 1406 if (addr) 1407 goto out_unlock; 1408 } 1409 out_unlock: 1410 rcu_read_unlock(); 1411 return addr; 1412 } 1413 EXPORT_SYMBOL(inet_select_addr); 1414 1415 static __be32 confirm_addr_indev(struct in_device *in_dev, __be32 dst, 1416 __be32 local, int scope) 1417 { 1418 unsigned char localnet_scope = RT_SCOPE_HOST; 1419 const struct in_ifaddr *ifa; 1420 __be32 addr = 0; 1421 int same = 0; 1422 1423 if (unlikely(IN_DEV_ROUTE_LOCALNET(in_dev))) 1424 localnet_scope = RT_SCOPE_LINK; 1425 1426 in_dev_for_each_ifa_rcu(ifa, in_dev) { 1427 unsigned char min_scope = min(ifa->ifa_scope, localnet_scope); 1428 1429 if (!addr && 1430 (local == ifa->ifa_local || !local) && 1431 min_scope <= scope) { 1432 addr = ifa->ifa_local; 1433 if (same) 1434 break; 1435 } 1436 if (!same) { 1437 same = (!local || inet_ifa_match(local, ifa)) && 1438 (!dst || inet_ifa_match(dst, ifa)); 1439 if (same && addr) { 1440 if (local || !dst) 1441 break; 1442 /* Is the selected addr into dst subnet? */ 1443 if (inet_ifa_match(addr, ifa)) 1444 break; 1445 /* No, then can we use new local src? */ 1446 if (min_scope <= scope) { 1447 addr = ifa->ifa_local; 1448 break; 1449 } 1450 /* search for large dst subnet for addr */ 1451 same = 0; 1452 } 1453 } 1454 } 1455 1456 return same ? addr : 0; 1457 } 1458 1459 /* 1460 * Confirm that local IP address exists using wildcards: 1461 * - net: netns to check, cannot be NULL 1462 * - in_dev: only on this interface, NULL=any interface 1463 * - dst: only in the same subnet as dst, 0=any dst 1464 * - local: address, 0=autoselect the local address 1465 * - scope: maximum allowed scope value for the local address 1466 */ 1467 __be32 inet_confirm_addr(struct net *net, struct in_device *in_dev, 1468 __be32 dst, __be32 local, int scope) 1469 { 1470 __be32 addr = 0; 1471 struct net_device *dev; 1472 1473 if (in_dev) 1474 return confirm_addr_indev(in_dev, dst, local, scope); 1475 1476 rcu_read_lock(); 1477 for_each_netdev_rcu(net, dev) { 1478 in_dev = __in_dev_get_rcu(dev); 1479 if (in_dev) { 1480 addr = confirm_addr_indev(in_dev, dst, local, scope); 1481 if (addr) 1482 break; 1483 } 1484 } 1485 rcu_read_unlock(); 1486 1487 return addr; 1488 } 1489 EXPORT_SYMBOL(inet_confirm_addr); 1490 1491 /* 1492 * Device notifier 1493 */ 1494 1495 int register_inetaddr_notifier(struct notifier_block *nb) 1496 { 1497 return blocking_notifier_chain_register(&inetaddr_chain, nb); 1498 } 1499 EXPORT_SYMBOL(register_inetaddr_notifier); 1500 1501 int unregister_inetaddr_notifier(struct notifier_block *nb) 1502 { 1503 return blocking_notifier_chain_unregister(&inetaddr_chain, nb); 1504 } 1505 EXPORT_SYMBOL(unregister_inetaddr_notifier); 1506 1507 int register_inetaddr_validator_notifier(struct notifier_block *nb) 1508 { 1509 return blocking_notifier_chain_register(&inetaddr_validator_chain, nb); 1510 } 1511 EXPORT_SYMBOL(register_inetaddr_validator_notifier); 1512 1513 int unregister_inetaddr_validator_notifier(struct notifier_block *nb) 1514 { 1515 return blocking_notifier_chain_unregister(&inetaddr_validator_chain, 1516 nb); 1517 } 1518 EXPORT_SYMBOL(unregister_inetaddr_validator_notifier); 1519 1520 /* Rename ifa_labels for a device name change. Make some effort to preserve 1521 * existing alias numbering and to create unique labels if possible. 1522 */ 1523 static void inetdev_changename(struct net_device *dev, struct in_device *in_dev) 1524 { 1525 struct in_ifaddr *ifa; 1526 int named = 0; 1527 1528 in_dev_for_each_ifa_rtnl(ifa, in_dev) { 1529 char old[IFNAMSIZ], *dot; 1530 1531 memcpy(old, ifa->ifa_label, IFNAMSIZ); 1532 memcpy(ifa->ifa_label, dev->name, IFNAMSIZ); 1533 if (named++ == 0) 1534 goto skip; 1535 dot = strchr(old, ':'); 1536 if (!dot) { 1537 sprintf(old, ":%d", named); 1538 dot = old; 1539 } 1540 if (strlen(dot) + strlen(dev->name) < IFNAMSIZ) 1541 strcat(ifa->ifa_label, dot); 1542 else 1543 strcpy(ifa->ifa_label + (IFNAMSIZ - strlen(dot) - 1), dot); 1544 skip: 1545 rtmsg_ifa(RTM_NEWADDR, ifa, NULL, 0); 1546 } 1547 } 1548 1549 static void inetdev_send_gratuitous_arp(struct net_device *dev, 1550 struct in_device *in_dev) 1551 1552 { 1553 const struct in_ifaddr *ifa; 1554 1555 in_dev_for_each_ifa_rtnl(ifa, in_dev) { 1556 arp_send(ARPOP_REQUEST, ETH_P_ARP, 1557 ifa->ifa_local, dev, 1558 ifa->ifa_local, NULL, 1559 dev->dev_addr, NULL); 1560 } 1561 } 1562 1563 /* Called only under RTNL semaphore */ 1564 1565 static int inetdev_event(struct notifier_block *this, unsigned long event, 1566 void *ptr) 1567 { 1568 struct net_device *dev = netdev_notifier_info_to_dev(ptr); 1569 struct in_device *in_dev = __in_dev_get_rtnl(dev); 1570 1571 ASSERT_RTNL(); 1572 1573 if (!in_dev) { 1574 if (event == NETDEV_REGISTER) { 1575 in_dev = inetdev_init(dev); 1576 if (IS_ERR(in_dev)) 1577 return notifier_from_errno(PTR_ERR(in_dev)); 1578 if (dev->flags & IFF_LOOPBACK) { 1579 IN_DEV_CONF_SET(in_dev, NOXFRM, 1); 1580 IN_DEV_CONF_SET(in_dev, NOPOLICY, 1); 1581 } 1582 } else if (event == NETDEV_CHANGEMTU) { 1583 /* Re-enabling IP */ 1584 if (inetdev_valid_mtu(dev->mtu)) 1585 in_dev = inetdev_init(dev); 1586 } 1587 goto out; 1588 } 1589 1590 switch (event) { 1591 case NETDEV_REGISTER: 1592 pr_debug("%s: bug\n", __func__); 1593 RCU_INIT_POINTER(dev->ip_ptr, NULL); 1594 break; 1595 case NETDEV_UP: 1596 if (!inetdev_valid_mtu(dev->mtu)) 1597 break; 1598 if (dev->flags & IFF_LOOPBACK) { 1599 struct in_ifaddr *ifa = inet_alloc_ifa(in_dev); 1600 1601 if (ifa) { 1602 ifa->ifa_local = 1603 ifa->ifa_address = htonl(INADDR_LOOPBACK); 1604 ifa->ifa_prefixlen = 8; 1605 ifa->ifa_mask = inet_make_mask(8); 1606 ifa->ifa_scope = RT_SCOPE_HOST; 1607 memcpy(ifa->ifa_label, dev->name, IFNAMSIZ); 1608 set_ifa_lifetime(ifa, INFINITY_LIFE_TIME, 1609 INFINITY_LIFE_TIME); 1610 ipv4_devconf_setall(in_dev); 1611 neigh_parms_data_state_setall(in_dev->arp_parms); 1612 inet_insert_ifa(ifa); 1613 } 1614 } 1615 ip_mc_up(in_dev); 1616 fallthrough; 1617 case NETDEV_CHANGEADDR: 1618 if (!IN_DEV_ARP_NOTIFY(in_dev)) 1619 break; 1620 fallthrough; 1621 case NETDEV_NOTIFY_PEERS: 1622 /* Send gratuitous ARP to notify of link change */ 1623 inetdev_send_gratuitous_arp(dev, in_dev); 1624 break; 1625 case NETDEV_DOWN: 1626 ip_mc_down(in_dev); 1627 break; 1628 case NETDEV_PRE_TYPE_CHANGE: 1629 ip_mc_unmap(in_dev); 1630 break; 1631 case NETDEV_POST_TYPE_CHANGE: 1632 ip_mc_remap(in_dev); 1633 break; 1634 case NETDEV_CHANGEMTU: 1635 if (inetdev_valid_mtu(dev->mtu)) 1636 break; 1637 /* disable IP when MTU is not enough */ 1638 fallthrough; 1639 case NETDEV_UNREGISTER: 1640 inetdev_destroy(in_dev); 1641 break; 1642 case NETDEV_CHANGENAME: 1643 /* Do not notify about label change, this event is 1644 * not interesting to applications using netlink. 1645 */ 1646 inetdev_changename(dev, in_dev); 1647 1648 devinet_sysctl_unregister(in_dev); 1649 devinet_sysctl_register(in_dev); 1650 break; 1651 } 1652 out: 1653 return NOTIFY_DONE; 1654 } 1655 1656 static struct notifier_block ip_netdev_notifier = { 1657 .notifier_call = inetdev_event, 1658 }; 1659 1660 static size_t inet_nlmsg_size(void) 1661 { 1662 return NLMSG_ALIGN(sizeof(struct ifaddrmsg)) 1663 + nla_total_size(4) /* IFA_ADDRESS */ 1664 + nla_total_size(4) /* IFA_LOCAL */ 1665 + nla_total_size(4) /* IFA_BROADCAST */ 1666 + nla_total_size(IFNAMSIZ) /* IFA_LABEL */ 1667 + nla_total_size(4) /* IFA_FLAGS */ 1668 + nla_total_size(1) /* IFA_PROTO */ 1669 + nla_total_size(4) /* IFA_RT_PRIORITY */ 1670 + nla_total_size(sizeof(struct ifa_cacheinfo)); /* IFA_CACHEINFO */ 1671 } 1672 1673 static inline u32 cstamp_delta(unsigned long cstamp) 1674 { 1675 return (cstamp - INITIAL_JIFFIES) * 100UL / HZ; 1676 } 1677 1678 static int put_cacheinfo(struct sk_buff *skb, unsigned long cstamp, 1679 unsigned long tstamp, u32 preferred, u32 valid) 1680 { 1681 struct ifa_cacheinfo ci; 1682 1683 ci.cstamp = cstamp_delta(cstamp); 1684 ci.tstamp = cstamp_delta(tstamp); 1685 ci.ifa_prefered = preferred; 1686 ci.ifa_valid = valid; 1687 1688 return nla_put(skb, IFA_CACHEINFO, sizeof(ci), &ci); 1689 } 1690 1691 static int inet_fill_ifaddr(struct sk_buff *skb, const struct in_ifaddr *ifa, 1692 struct inet_fill_args *args) 1693 { 1694 struct ifaddrmsg *ifm; 1695 struct nlmsghdr *nlh; 1696 unsigned long tstamp; 1697 u32 preferred, valid; 1698 u32 flags; 1699 1700 nlh = nlmsg_put(skb, args->portid, args->seq, args->event, sizeof(*ifm), 1701 args->flags); 1702 if (!nlh) 1703 return -EMSGSIZE; 1704 1705 ifm = nlmsg_data(nlh); 1706 ifm->ifa_family = AF_INET; 1707 ifm->ifa_prefixlen = ifa->ifa_prefixlen; 1708 1709 flags = READ_ONCE(ifa->ifa_flags); 1710 /* Warning : ifm->ifa_flags is an __u8, it holds only 8 bits. 1711 * The 32bit value is given in IFA_FLAGS attribute. 1712 */ 1713 ifm->ifa_flags = (__u8)flags; 1714 1715 ifm->ifa_scope = ifa->ifa_scope; 1716 ifm->ifa_index = ifa->ifa_dev->dev->ifindex; 1717 1718 if (args->netnsid >= 0 && 1719 nla_put_s32(skb, IFA_TARGET_NETNSID, args->netnsid)) 1720 goto nla_put_failure; 1721 1722 tstamp = READ_ONCE(ifa->ifa_tstamp); 1723 if (!(flags & IFA_F_PERMANENT)) { 1724 preferred = READ_ONCE(ifa->ifa_preferred_lft); 1725 valid = READ_ONCE(ifa->ifa_valid_lft); 1726 if (preferred != INFINITY_LIFE_TIME) { 1727 long tval = (jiffies - tstamp) / HZ; 1728 1729 if (preferred > tval) 1730 preferred -= tval; 1731 else 1732 preferred = 0; 1733 if (valid != INFINITY_LIFE_TIME) { 1734 if (valid > tval) 1735 valid -= tval; 1736 else 1737 valid = 0; 1738 } 1739 } 1740 } else { 1741 preferred = INFINITY_LIFE_TIME; 1742 valid = INFINITY_LIFE_TIME; 1743 } 1744 if ((ifa->ifa_address && 1745 nla_put_in_addr(skb, IFA_ADDRESS, ifa->ifa_address)) || 1746 (ifa->ifa_local && 1747 nla_put_in_addr(skb, IFA_LOCAL, ifa->ifa_local)) || 1748 (ifa->ifa_broadcast && 1749 nla_put_in_addr(skb, IFA_BROADCAST, ifa->ifa_broadcast)) || 1750 (ifa->ifa_label[0] && 1751 nla_put_string(skb, IFA_LABEL, ifa->ifa_label)) || 1752 (ifa->ifa_proto && 1753 nla_put_u8(skb, IFA_PROTO, ifa->ifa_proto)) || 1754 nla_put_u32(skb, IFA_FLAGS, flags) || 1755 (ifa->ifa_rt_priority && 1756 nla_put_u32(skb, IFA_RT_PRIORITY, ifa->ifa_rt_priority)) || 1757 put_cacheinfo(skb, READ_ONCE(ifa->ifa_cstamp), tstamp, 1758 preferred, valid)) 1759 goto nla_put_failure; 1760 1761 nlmsg_end(skb, nlh); 1762 return 0; 1763 1764 nla_put_failure: 1765 nlmsg_cancel(skb, nlh); 1766 return -EMSGSIZE; 1767 } 1768 1769 static int inet_valid_dump_ifaddr_req(const struct nlmsghdr *nlh, 1770 struct inet_fill_args *fillargs, 1771 struct net **tgt_net, struct sock *sk, 1772 struct netlink_callback *cb) 1773 { 1774 struct netlink_ext_ack *extack = cb->extack; 1775 struct nlattr *tb[IFA_MAX+1]; 1776 struct ifaddrmsg *ifm; 1777 int err, i; 1778 1779 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ifm))) { 1780 NL_SET_ERR_MSG(extack, "ipv4: Invalid header for address dump request"); 1781 return -EINVAL; 1782 } 1783 1784 ifm = nlmsg_data(nlh); 1785 if (ifm->ifa_prefixlen || ifm->ifa_flags || ifm->ifa_scope) { 1786 NL_SET_ERR_MSG(extack, "ipv4: Invalid values in header for address dump request"); 1787 return -EINVAL; 1788 } 1789 1790 fillargs->ifindex = ifm->ifa_index; 1791 if (fillargs->ifindex) { 1792 cb->answer_flags |= NLM_F_DUMP_FILTERED; 1793 fillargs->flags |= NLM_F_DUMP_FILTERED; 1794 } 1795 1796 err = nlmsg_parse_deprecated_strict(nlh, sizeof(*ifm), tb, IFA_MAX, 1797 ifa_ipv4_policy, extack); 1798 if (err < 0) 1799 return err; 1800 1801 for (i = 0; i <= IFA_MAX; ++i) { 1802 if (!tb[i]) 1803 continue; 1804 1805 if (i == IFA_TARGET_NETNSID) { 1806 struct net *net; 1807 1808 fillargs->netnsid = nla_get_s32(tb[i]); 1809 1810 net = rtnl_get_net_ns_capable(sk, fillargs->netnsid); 1811 if (IS_ERR(net)) { 1812 fillargs->netnsid = -1; 1813 NL_SET_ERR_MSG(extack, "ipv4: Invalid target network namespace id"); 1814 return PTR_ERR(net); 1815 } 1816 *tgt_net = net; 1817 } else { 1818 NL_SET_ERR_MSG(extack, "ipv4: Unsupported attribute in dump request"); 1819 return -EINVAL; 1820 } 1821 } 1822 1823 return 0; 1824 } 1825 1826 static int in_dev_dump_addr(struct in_device *in_dev, struct sk_buff *skb, 1827 struct netlink_callback *cb, int *s_ip_idx, 1828 struct inet_fill_args *fillargs) 1829 { 1830 struct in_ifaddr *ifa; 1831 int ip_idx = 0; 1832 int err; 1833 1834 in_dev_for_each_ifa_rcu(ifa, in_dev) { 1835 if (ip_idx < *s_ip_idx) { 1836 ip_idx++; 1837 continue; 1838 } 1839 err = inet_fill_ifaddr(skb, ifa, fillargs); 1840 if (err < 0) 1841 goto done; 1842 1843 nl_dump_check_consistent(cb, nlmsg_hdr(skb)); 1844 ip_idx++; 1845 } 1846 err = 0; 1847 ip_idx = 0; 1848 done: 1849 *s_ip_idx = ip_idx; 1850 1851 return err; 1852 } 1853 1854 /* Combine dev_addr_genid and dev_base_seq to detect changes. 1855 */ 1856 static u32 inet_base_seq(const struct net *net) 1857 { 1858 u32 res = atomic_read(&net->ipv4.dev_addr_genid) + 1859 READ_ONCE(net->dev_base_seq); 1860 1861 /* Must not return 0 (see nl_dump_check_consistent()). 1862 * Chose a value far away from 0. 1863 */ 1864 if (!res) 1865 res = 0x80000000; 1866 return res; 1867 } 1868 1869 static int inet_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb) 1870 { 1871 const struct nlmsghdr *nlh = cb->nlh; 1872 struct inet_fill_args fillargs = { 1873 .portid = NETLINK_CB(cb->skb).portid, 1874 .seq = nlh->nlmsg_seq, 1875 .event = RTM_NEWADDR, 1876 .flags = NLM_F_MULTI, 1877 .netnsid = -1, 1878 }; 1879 struct net *net = sock_net(skb->sk); 1880 struct net *tgt_net = net; 1881 struct { 1882 unsigned long ifindex; 1883 int ip_idx; 1884 } *ctx = (void *)cb->ctx; 1885 struct in_device *in_dev; 1886 struct net_device *dev; 1887 int err = 0; 1888 1889 rcu_read_lock(); 1890 if (cb->strict_check) { 1891 err = inet_valid_dump_ifaddr_req(nlh, &fillargs, &tgt_net, 1892 skb->sk, cb); 1893 if (err < 0) 1894 goto done; 1895 1896 if (fillargs.ifindex) { 1897 dev = dev_get_by_index_rcu(tgt_net, fillargs.ifindex); 1898 if (!dev) { 1899 err = -ENODEV; 1900 goto done; 1901 } 1902 in_dev = __in_dev_get_rcu(dev); 1903 if (!in_dev) 1904 goto done; 1905 err = in_dev_dump_addr(in_dev, skb, cb, &ctx->ip_idx, 1906 &fillargs); 1907 goto done; 1908 } 1909 } 1910 1911 cb->seq = inet_base_seq(tgt_net); 1912 1913 for_each_netdev_dump(tgt_net, dev, ctx->ifindex) { 1914 in_dev = __in_dev_get_rcu(dev); 1915 if (!in_dev) 1916 continue; 1917 err = in_dev_dump_addr(in_dev, skb, cb, &ctx->ip_idx, 1918 &fillargs); 1919 if (err < 0) 1920 goto done; 1921 } 1922 done: 1923 if (fillargs.netnsid >= 0) 1924 put_net(tgt_net); 1925 rcu_read_unlock(); 1926 return err; 1927 } 1928 1929 static void rtmsg_ifa(int event, struct in_ifaddr *ifa, struct nlmsghdr *nlh, 1930 u32 portid) 1931 { 1932 struct inet_fill_args fillargs = { 1933 .portid = portid, 1934 .seq = nlh ? nlh->nlmsg_seq : 0, 1935 .event = event, 1936 .flags = 0, 1937 .netnsid = -1, 1938 }; 1939 struct sk_buff *skb; 1940 int err = -ENOBUFS; 1941 struct net *net; 1942 1943 net = dev_net(ifa->ifa_dev->dev); 1944 skb = nlmsg_new(inet_nlmsg_size(), GFP_KERNEL); 1945 if (!skb) 1946 goto errout; 1947 1948 err = inet_fill_ifaddr(skb, ifa, &fillargs); 1949 if (err < 0) { 1950 /* -EMSGSIZE implies BUG in inet_nlmsg_size() */ 1951 WARN_ON(err == -EMSGSIZE); 1952 kfree_skb(skb); 1953 goto errout; 1954 } 1955 rtnl_notify(skb, net, portid, RTNLGRP_IPV4_IFADDR, nlh, GFP_KERNEL); 1956 return; 1957 errout: 1958 rtnl_set_sk_err(net, RTNLGRP_IPV4_IFADDR, err); 1959 } 1960 1961 static size_t inet_get_link_af_size(const struct net_device *dev, 1962 u32 ext_filter_mask) 1963 { 1964 struct in_device *in_dev = rcu_dereference_rtnl(dev->ip_ptr); 1965 1966 if (!in_dev) 1967 return 0; 1968 1969 return nla_total_size(IPV4_DEVCONF_MAX * 4); /* IFLA_INET_CONF */ 1970 } 1971 1972 static int inet_fill_link_af(struct sk_buff *skb, const struct net_device *dev, 1973 u32 ext_filter_mask) 1974 { 1975 struct in_device *in_dev = rcu_dereference_rtnl(dev->ip_ptr); 1976 struct nlattr *nla; 1977 int i; 1978 1979 if (!in_dev) 1980 return -ENODATA; 1981 1982 nla = nla_reserve(skb, IFLA_INET_CONF, IPV4_DEVCONF_MAX * 4); 1983 if (!nla) 1984 return -EMSGSIZE; 1985 1986 for (i = 0; i < IPV4_DEVCONF_MAX; i++) 1987 ((u32 *) nla_data(nla))[i] = READ_ONCE(in_dev->cnf.data[i]); 1988 1989 return 0; 1990 } 1991 1992 static const struct nla_policy inet_af_policy[IFLA_INET_MAX+1] = { 1993 [IFLA_INET_CONF] = { .type = NLA_NESTED }, 1994 }; 1995 1996 static int inet_validate_link_af(const struct net_device *dev, 1997 const struct nlattr *nla, 1998 struct netlink_ext_ack *extack) 1999 { 2000 struct nlattr *a, *tb[IFLA_INET_MAX+1]; 2001 int err, rem; 2002 2003 if (dev && !__in_dev_get_rtnl(dev)) 2004 return -EAFNOSUPPORT; 2005 2006 err = nla_parse_nested_deprecated(tb, IFLA_INET_MAX, nla, 2007 inet_af_policy, extack); 2008 if (err < 0) 2009 return err; 2010 2011 if (tb[IFLA_INET_CONF]) { 2012 nla_for_each_nested(a, tb[IFLA_INET_CONF], rem) { 2013 int cfgid = nla_type(a); 2014 2015 if (nla_len(a) < 4) 2016 return -EINVAL; 2017 2018 if (cfgid <= 0 || cfgid > IPV4_DEVCONF_MAX) 2019 return -EINVAL; 2020 } 2021 } 2022 2023 return 0; 2024 } 2025 2026 static int inet_set_link_af(struct net_device *dev, const struct nlattr *nla, 2027 struct netlink_ext_ack *extack) 2028 { 2029 struct in_device *in_dev = __in_dev_get_rtnl(dev); 2030 struct nlattr *a, *tb[IFLA_INET_MAX+1]; 2031 int rem; 2032 2033 if (!in_dev) 2034 return -EAFNOSUPPORT; 2035 2036 if (nla_parse_nested_deprecated(tb, IFLA_INET_MAX, nla, NULL, NULL) < 0) 2037 return -EINVAL; 2038 2039 if (tb[IFLA_INET_CONF]) { 2040 nla_for_each_nested(a, tb[IFLA_INET_CONF], rem) 2041 ipv4_devconf_set(in_dev, nla_type(a), nla_get_u32(a)); 2042 } 2043 2044 return 0; 2045 } 2046 2047 static int inet_netconf_msgsize_devconf(int type) 2048 { 2049 int size = NLMSG_ALIGN(sizeof(struct netconfmsg)) 2050 + nla_total_size(4); /* NETCONFA_IFINDEX */ 2051 bool all = false; 2052 2053 if (type == NETCONFA_ALL) 2054 all = true; 2055 2056 if (all || type == NETCONFA_FORWARDING) 2057 size += nla_total_size(4); 2058 if (all || type == NETCONFA_RP_FILTER) 2059 size += nla_total_size(4); 2060 if (all || type == NETCONFA_MC_FORWARDING) 2061 size += nla_total_size(4); 2062 if (all || type == NETCONFA_BC_FORWARDING) 2063 size += nla_total_size(4); 2064 if (all || type == NETCONFA_PROXY_NEIGH) 2065 size += nla_total_size(4); 2066 if (all || type == NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN) 2067 size += nla_total_size(4); 2068 2069 return size; 2070 } 2071 2072 static int inet_netconf_fill_devconf(struct sk_buff *skb, int ifindex, 2073 const struct ipv4_devconf *devconf, 2074 u32 portid, u32 seq, int event, 2075 unsigned int flags, int type) 2076 { 2077 struct nlmsghdr *nlh; 2078 struct netconfmsg *ncm; 2079 bool all = false; 2080 2081 nlh = nlmsg_put(skb, portid, seq, event, sizeof(struct netconfmsg), 2082 flags); 2083 if (!nlh) 2084 return -EMSGSIZE; 2085 2086 if (type == NETCONFA_ALL) 2087 all = true; 2088 2089 ncm = nlmsg_data(nlh); 2090 ncm->ncm_family = AF_INET; 2091 2092 if (nla_put_s32(skb, NETCONFA_IFINDEX, ifindex) < 0) 2093 goto nla_put_failure; 2094 2095 if (!devconf) 2096 goto out; 2097 2098 if ((all || type == NETCONFA_FORWARDING) && 2099 nla_put_s32(skb, NETCONFA_FORWARDING, 2100 IPV4_DEVCONF_RO(*devconf, FORWARDING)) < 0) 2101 goto nla_put_failure; 2102 if ((all || type == NETCONFA_RP_FILTER) && 2103 nla_put_s32(skb, NETCONFA_RP_FILTER, 2104 IPV4_DEVCONF_RO(*devconf, RP_FILTER)) < 0) 2105 goto nla_put_failure; 2106 if ((all || type == NETCONFA_MC_FORWARDING) && 2107 nla_put_s32(skb, NETCONFA_MC_FORWARDING, 2108 IPV4_DEVCONF_RO(*devconf, MC_FORWARDING)) < 0) 2109 goto nla_put_failure; 2110 if ((all || type == NETCONFA_BC_FORWARDING) && 2111 nla_put_s32(skb, NETCONFA_BC_FORWARDING, 2112 IPV4_DEVCONF_RO(*devconf, BC_FORWARDING)) < 0) 2113 goto nla_put_failure; 2114 if ((all || type == NETCONFA_PROXY_NEIGH) && 2115 nla_put_s32(skb, NETCONFA_PROXY_NEIGH, 2116 IPV4_DEVCONF_RO(*devconf, PROXY_ARP)) < 0) 2117 goto nla_put_failure; 2118 if ((all || type == NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN) && 2119 nla_put_s32(skb, NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN, 2120 IPV4_DEVCONF_RO(*devconf, 2121 IGNORE_ROUTES_WITH_LINKDOWN)) < 0) 2122 goto nla_put_failure; 2123 2124 out: 2125 nlmsg_end(skb, nlh); 2126 return 0; 2127 2128 nla_put_failure: 2129 nlmsg_cancel(skb, nlh); 2130 return -EMSGSIZE; 2131 } 2132 2133 void inet_netconf_notify_devconf(struct net *net, int event, int type, 2134 int ifindex, struct ipv4_devconf *devconf) 2135 { 2136 struct sk_buff *skb; 2137 int err = -ENOBUFS; 2138 2139 skb = nlmsg_new(inet_netconf_msgsize_devconf(type), GFP_KERNEL); 2140 if (!skb) 2141 goto errout; 2142 2143 err = inet_netconf_fill_devconf(skb, ifindex, devconf, 0, 0, 2144 event, 0, type); 2145 if (err < 0) { 2146 /* -EMSGSIZE implies BUG in inet_netconf_msgsize_devconf() */ 2147 WARN_ON(err == -EMSGSIZE); 2148 kfree_skb(skb); 2149 goto errout; 2150 } 2151 rtnl_notify(skb, net, 0, RTNLGRP_IPV4_NETCONF, NULL, GFP_KERNEL); 2152 return; 2153 errout: 2154 rtnl_set_sk_err(net, RTNLGRP_IPV4_NETCONF, err); 2155 } 2156 2157 static const struct nla_policy devconf_ipv4_policy[NETCONFA_MAX+1] = { 2158 [NETCONFA_IFINDEX] = { .len = sizeof(int) }, 2159 [NETCONFA_FORWARDING] = { .len = sizeof(int) }, 2160 [NETCONFA_RP_FILTER] = { .len = sizeof(int) }, 2161 [NETCONFA_PROXY_NEIGH] = { .len = sizeof(int) }, 2162 [NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN] = { .len = sizeof(int) }, 2163 }; 2164 2165 static int inet_netconf_valid_get_req(struct sk_buff *skb, 2166 const struct nlmsghdr *nlh, 2167 struct nlattr **tb, 2168 struct netlink_ext_ack *extack) 2169 { 2170 int i, err; 2171 2172 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(struct netconfmsg))) { 2173 NL_SET_ERR_MSG(extack, "ipv4: Invalid header for netconf get request"); 2174 return -EINVAL; 2175 } 2176 2177 if (!netlink_strict_get_check(skb)) 2178 return nlmsg_parse_deprecated(nlh, sizeof(struct netconfmsg), 2179 tb, NETCONFA_MAX, 2180 devconf_ipv4_policy, extack); 2181 2182 err = nlmsg_parse_deprecated_strict(nlh, sizeof(struct netconfmsg), 2183 tb, NETCONFA_MAX, 2184 devconf_ipv4_policy, extack); 2185 if (err) 2186 return err; 2187 2188 for (i = 0; i <= NETCONFA_MAX; i++) { 2189 if (!tb[i]) 2190 continue; 2191 2192 switch (i) { 2193 case NETCONFA_IFINDEX: 2194 break; 2195 default: 2196 NL_SET_ERR_MSG(extack, "ipv4: Unsupported attribute in netconf get request"); 2197 return -EINVAL; 2198 } 2199 } 2200 2201 return 0; 2202 } 2203 2204 static int inet_netconf_get_devconf(struct sk_buff *in_skb, 2205 struct nlmsghdr *nlh, 2206 struct netlink_ext_ack *extack) 2207 { 2208 struct net *net = sock_net(in_skb->sk); 2209 struct nlattr *tb[NETCONFA_MAX + 1]; 2210 const struct ipv4_devconf *devconf; 2211 struct in_device *in_dev = NULL; 2212 struct net_device *dev = NULL; 2213 struct sk_buff *skb; 2214 int ifindex; 2215 int err; 2216 2217 err = inet_netconf_valid_get_req(in_skb, nlh, tb, extack); 2218 if (err) 2219 return err; 2220 2221 if (!tb[NETCONFA_IFINDEX]) 2222 return -EINVAL; 2223 2224 ifindex = nla_get_s32(tb[NETCONFA_IFINDEX]); 2225 switch (ifindex) { 2226 case NETCONFA_IFINDEX_ALL: 2227 devconf = net->ipv4.devconf_all; 2228 break; 2229 case NETCONFA_IFINDEX_DEFAULT: 2230 devconf = net->ipv4.devconf_dflt; 2231 break; 2232 default: 2233 err = -ENODEV; 2234 dev = dev_get_by_index(net, ifindex); 2235 if (dev) 2236 in_dev = in_dev_get(dev); 2237 if (!in_dev) 2238 goto errout; 2239 devconf = &in_dev->cnf; 2240 break; 2241 } 2242 2243 err = -ENOBUFS; 2244 skb = nlmsg_new(inet_netconf_msgsize_devconf(NETCONFA_ALL), GFP_KERNEL); 2245 if (!skb) 2246 goto errout; 2247 2248 err = inet_netconf_fill_devconf(skb, ifindex, devconf, 2249 NETLINK_CB(in_skb).portid, 2250 nlh->nlmsg_seq, RTM_NEWNETCONF, 0, 2251 NETCONFA_ALL); 2252 if (err < 0) { 2253 /* -EMSGSIZE implies BUG in inet_netconf_msgsize_devconf() */ 2254 WARN_ON(err == -EMSGSIZE); 2255 kfree_skb(skb); 2256 goto errout; 2257 } 2258 err = rtnl_unicast(skb, net, NETLINK_CB(in_skb).portid); 2259 errout: 2260 if (in_dev) 2261 in_dev_put(in_dev); 2262 dev_put(dev); 2263 return err; 2264 } 2265 2266 static int inet_netconf_dump_devconf(struct sk_buff *skb, 2267 struct netlink_callback *cb) 2268 { 2269 const struct nlmsghdr *nlh = cb->nlh; 2270 struct net *net = sock_net(skb->sk); 2271 struct { 2272 unsigned long ifindex; 2273 unsigned int all_default; 2274 } *ctx = (void *)cb->ctx; 2275 const struct in_device *in_dev; 2276 struct net_device *dev; 2277 int err = 0; 2278 2279 if (cb->strict_check) { 2280 struct netlink_ext_ack *extack = cb->extack; 2281 struct netconfmsg *ncm; 2282 2283 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ncm))) { 2284 NL_SET_ERR_MSG(extack, "ipv4: Invalid header for netconf dump request"); 2285 return -EINVAL; 2286 } 2287 2288 if (nlmsg_attrlen(nlh, sizeof(*ncm))) { 2289 NL_SET_ERR_MSG(extack, "ipv4: Invalid data after header in netconf dump request"); 2290 return -EINVAL; 2291 } 2292 } 2293 2294 rcu_read_lock(); 2295 for_each_netdev_dump(net, dev, ctx->ifindex) { 2296 in_dev = __in_dev_get_rcu(dev); 2297 if (!in_dev) 2298 continue; 2299 err = inet_netconf_fill_devconf(skb, dev->ifindex, 2300 &in_dev->cnf, 2301 NETLINK_CB(cb->skb).portid, 2302 nlh->nlmsg_seq, 2303 RTM_NEWNETCONF, NLM_F_MULTI, 2304 NETCONFA_ALL); 2305 if (err < 0) 2306 goto done; 2307 } 2308 if (ctx->all_default == 0) { 2309 err = inet_netconf_fill_devconf(skb, NETCONFA_IFINDEX_ALL, 2310 net->ipv4.devconf_all, 2311 NETLINK_CB(cb->skb).portid, 2312 nlh->nlmsg_seq, 2313 RTM_NEWNETCONF, NLM_F_MULTI, 2314 NETCONFA_ALL); 2315 if (err < 0) 2316 goto done; 2317 ctx->all_default++; 2318 } 2319 if (ctx->all_default == 1) { 2320 err = inet_netconf_fill_devconf(skb, NETCONFA_IFINDEX_DEFAULT, 2321 net->ipv4.devconf_dflt, 2322 NETLINK_CB(cb->skb).portid, 2323 nlh->nlmsg_seq, 2324 RTM_NEWNETCONF, NLM_F_MULTI, 2325 NETCONFA_ALL); 2326 if (err < 0) 2327 goto done; 2328 ctx->all_default++; 2329 } 2330 done: 2331 rcu_read_unlock(); 2332 return err; 2333 } 2334 2335 #ifdef CONFIG_SYSCTL 2336 2337 static void devinet_copy_dflt_conf(struct net *net, int i) 2338 { 2339 struct net_device *dev; 2340 2341 rcu_read_lock(); 2342 for_each_netdev_rcu(net, dev) { 2343 struct in_device *in_dev; 2344 2345 in_dev = __in_dev_get_rcu(dev); 2346 if (in_dev && !test_bit(i, in_dev->cnf.state)) 2347 in_dev->cnf.data[i] = net->ipv4.devconf_dflt->data[i]; 2348 } 2349 rcu_read_unlock(); 2350 } 2351 2352 /* called with RTNL locked */ 2353 static void inet_forward_change(struct net *net) 2354 { 2355 struct net_device *dev; 2356 int on = IPV4_DEVCONF_ALL(net, FORWARDING); 2357 2358 IPV4_DEVCONF_ALL(net, ACCEPT_REDIRECTS) = !on; 2359 IPV4_DEVCONF_DFLT(net, FORWARDING) = on; 2360 inet_netconf_notify_devconf(net, RTM_NEWNETCONF, 2361 NETCONFA_FORWARDING, 2362 NETCONFA_IFINDEX_ALL, 2363 net->ipv4.devconf_all); 2364 inet_netconf_notify_devconf(net, RTM_NEWNETCONF, 2365 NETCONFA_FORWARDING, 2366 NETCONFA_IFINDEX_DEFAULT, 2367 net->ipv4.devconf_dflt); 2368 2369 for_each_netdev(net, dev) { 2370 struct in_device *in_dev; 2371 2372 if (on) 2373 dev_disable_lro(dev); 2374 2375 in_dev = __in_dev_get_rtnl(dev); 2376 if (in_dev) { 2377 IN_DEV_CONF_SET(in_dev, FORWARDING, on); 2378 inet_netconf_notify_devconf(net, RTM_NEWNETCONF, 2379 NETCONFA_FORWARDING, 2380 dev->ifindex, &in_dev->cnf); 2381 } 2382 } 2383 } 2384 2385 static int devinet_conf_ifindex(struct net *net, struct ipv4_devconf *cnf) 2386 { 2387 if (cnf == net->ipv4.devconf_dflt) 2388 return NETCONFA_IFINDEX_DEFAULT; 2389 else if (cnf == net->ipv4.devconf_all) 2390 return NETCONFA_IFINDEX_ALL; 2391 else { 2392 struct in_device *idev 2393 = container_of(cnf, struct in_device, cnf); 2394 return idev->dev->ifindex; 2395 } 2396 } 2397 2398 static int devinet_conf_proc(const struct ctl_table *ctl, int write, 2399 void *buffer, size_t *lenp, loff_t *ppos) 2400 { 2401 int old_value = *(int *)ctl->data; 2402 int ret = proc_dointvec(ctl, write, buffer, lenp, ppos); 2403 int new_value = *(int *)ctl->data; 2404 2405 if (write) { 2406 struct ipv4_devconf *cnf = ctl->extra1; 2407 struct net *net = ctl->extra2; 2408 int i = (int *)ctl->data - cnf->data; 2409 int ifindex; 2410 2411 set_bit(i, cnf->state); 2412 2413 if (cnf == net->ipv4.devconf_dflt) 2414 devinet_copy_dflt_conf(net, i); 2415 if (i == IPV4_DEVCONF_ACCEPT_LOCAL - 1 || 2416 i == IPV4_DEVCONF_ROUTE_LOCALNET - 1) 2417 if ((new_value == 0) && (old_value != 0)) 2418 rt_cache_flush(net); 2419 2420 if (i == IPV4_DEVCONF_BC_FORWARDING - 1 && 2421 new_value != old_value) 2422 rt_cache_flush(net); 2423 2424 if (i == IPV4_DEVCONF_RP_FILTER - 1 && 2425 new_value != old_value) { 2426 ifindex = devinet_conf_ifindex(net, cnf); 2427 inet_netconf_notify_devconf(net, RTM_NEWNETCONF, 2428 NETCONFA_RP_FILTER, 2429 ifindex, cnf); 2430 } 2431 if (i == IPV4_DEVCONF_PROXY_ARP - 1 && 2432 new_value != old_value) { 2433 ifindex = devinet_conf_ifindex(net, cnf); 2434 inet_netconf_notify_devconf(net, RTM_NEWNETCONF, 2435 NETCONFA_PROXY_NEIGH, 2436 ifindex, cnf); 2437 } 2438 if (i == IPV4_DEVCONF_IGNORE_ROUTES_WITH_LINKDOWN - 1 && 2439 new_value != old_value) { 2440 ifindex = devinet_conf_ifindex(net, cnf); 2441 inet_netconf_notify_devconf(net, RTM_NEWNETCONF, 2442 NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN, 2443 ifindex, cnf); 2444 } 2445 } 2446 2447 return ret; 2448 } 2449 2450 static int devinet_sysctl_forward(const struct ctl_table *ctl, int write, 2451 void *buffer, size_t *lenp, loff_t *ppos) 2452 { 2453 int *valp = ctl->data; 2454 int val = *valp; 2455 loff_t pos = *ppos; 2456 struct net *net = ctl->extra2; 2457 int ret; 2458 2459 if (write && !ns_capable(net->user_ns, CAP_NET_ADMIN)) 2460 return -EPERM; 2461 2462 ret = proc_dointvec(ctl, write, buffer, lenp, ppos); 2463 2464 if (write && *valp != val) { 2465 if (valp != &IPV4_DEVCONF_DFLT(net, FORWARDING)) { 2466 if (!rtnl_trylock()) { 2467 /* Restore the original values before restarting */ 2468 *valp = val; 2469 *ppos = pos; 2470 return restart_syscall(); 2471 } 2472 if (valp == &IPV4_DEVCONF_ALL(net, FORWARDING)) { 2473 inet_forward_change(net); 2474 } else { 2475 struct ipv4_devconf *cnf = ctl->extra1; 2476 struct in_device *idev = 2477 container_of(cnf, struct in_device, cnf); 2478 if (*valp) 2479 dev_disable_lro(idev->dev); 2480 inet_netconf_notify_devconf(net, RTM_NEWNETCONF, 2481 NETCONFA_FORWARDING, 2482 idev->dev->ifindex, 2483 cnf); 2484 } 2485 rtnl_unlock(); 2486 rt_cache_flush(net); 2487 } else 2488 inet_netconf_notify_devconf(net, RTM_NEWNETCONF, 2489 NETCONFA_FORWARDING, 2490 NETCONFA_IFINDEX_DEFAULT, 2491 net->ipv4.devconf_dflt); 2492 } 2493 2494 return ret; 2495 } 2496 2497 static int ipv4_doint_and_flush(const struct ctl_table *ctl, int write, 2498 void *buffer, size_t *lenp, loff_t *ppos) 2499 { 2500 int *valp = ctl->data; 2501 int val = *valp; 2502 int ret = proc_dointvec(ctl, write, buffer, lenp, ppos); 2503 struct net *net = ctl->extra2; 2504 2505 if (write && *valp != val) 2506 rt_cache_flush(net); 2507 2508 return ret; 2509 } 2510 2511 #define DEVINET_SYSCTL_ENTRY(attr, name, mval, proc) \ 2512 { \ 2513 .procname = name, \ 2514 .data = ipv4_devconf.data + \ 2515 IPV4_DEVCONF_ ## attr - 1, \ 2516 .maxlen = sizeof(int), \ 2517 .mode = mval, \ 2518 .proc_handler = proc, \ 2519 .extra1 = &ipv4_devconf, \ 2520 } 2521 2522 #define DEVINET_SYSCTL_RW_ENTRY(attr, name) \ 2523 DEVINET_SYSCTL_ENTRY(attr, name, 0644, devinet_conf_proc) 2524 2525 #define DEVINET_SYSCTL_RO_ENTRY(attr, name) \ 2526 DEVINET_SYSCTL_ENTRY(attr, name, 0444, devinet_conf_proc) 2527 2528 #define DEVINET_SYSCTL_COMPLEX_ENTRY(attr, name, proc) \ 2529 DEVINET_SYSCTL_ENTRY(attr, name, 0644, proc) 2530 2531 #define DEVINET_SYSCTL_FLUSHING_ENTRY(attr, name) \ 2532 DEVINET_SYSCTL_COMPLEX_ENTRY(attr, name, ipv4_doint_and_flush) 2533 2534 static struct devinet_sysctl_table { 2535 struct ctl_table_header *sysctl_header; 2536 struct ctl_table devinet_vars[IPV4_DEVCONF_MAX]; 2537 } devinet_sysctl = { 2538 .devinet_vars = { 2539 DEVINET_SYSCTL_COMPLEX_ENTRY(FORWARDING, "forwarding", 2540 devinet_sysctl_forward), 2541 DEVINET_SYSCTL_RO_ENTRY(MC_FORWARDING, "mc_forwarding"), 2542 DEVINET_SYSCTL_RW_ENTRY(BC_FORWARDING, "bc_forwarding"), 2543 2544 DEVINET_SYSCTL_RW_ENTRY(ACCEPT_REDIRECTS, "accept_redirects"), 2545 DEVINET_SYSCTL_RW_ENTRY(SECURE_REDIRECTS, "secure_redirects"), 2546 DEVINET_SYSCTL_RW_ENTRY(SHARED_MEDIA, "shared_media"), 2547 DEVINET_SYSCTL_RW_ENTRY(RP_FILTER, "rp_filter"), 2548 DEVINET_SYSCTL_RW_ENTRY(SEND_REDIRECTS, "send_redirects"), 2549 DEVINET_SYSCTL_RW_ENTRY(ACCEPT_SOURCE_ROUTE, 2550 "accept_source_route"), 2551 DEVINET_SYSCTL_RW_ENTRY(ACCEPT_LOCAL, "accept_local"), 2552 DEVINET_SYSCTL_RW_ENTRY(SRC_VMARK, "src_valid_mark"), 2553 DEVINET_SYSCTL_RW_ENTRY(PROXY_ARP, "proxy_arp"), 2554 DEVINET_SYSCTL_RW_ENTRY(MEDIUM_ID, "medium_id"), 2555 DEVINET_SYSCTL_RW_ENTRY(BOOTP_RELAY, "bootp_relay"), 2556 DEVINET_SYSCTL_RW_ENTRY(LOG_MARTIANS, "log_martians"), 2557 DEVINET_SYSCTL_RW_ENTRY(TAG, "tag"), 2558 DEVINET_SYSCTL_RW_ENTRY(ARPFILTER, "arp_filter"), 2559 DEVINET_SYSCTL_RW_ENTRY(ARP_ANNOUNCE, "arp_announce"), 2560 DEVINET_SYSCTL_RW_ENTRY(ARP_IGNORE, "arp_ignore"), 2561 DEVINET_SYSCTL_RW_ENTRY(ARP_ACCEPT, "arp_accept"), 2562 DEVINET_SYSCTL_RW_ENTRY(ARP_NOTIFY, "arp_notify"), 2563 DEVINET_SYSCTL_RW_ENTRY(ARP_EVICT_NOCARRIER, 2564 "arp_evict_nocarrier"), 2565 DEVINET_SYSCTL_RW_ENTRY(PROXY_ARP_PVLAN, "proxy_arp_pvlan"), 2566 DEVINET_SYSCTL_RW_ENTRY(FORCE_IGMP_VERSION, 2567 "force_igmp_version"), 2568 DEVINET_SYSCTL_RW_ENTRY(IGMPV2_UNSOLICITED_REPORT_INTERVAL, 2569 "igmpv2_unsolicited_report_interval"), 2570 DEVINET_SYSCTL_RW_ENTRY(IGMPV3_UNSOLICITED_REPORT_INTERVAL, 2571 "igmpv3_unsolicited_report_interval"), 2572 DEVINET_SYSCTL_RW_ENTRY(IGNORE_ROUTES_WITH_LINKDOWN, 2573 "ignore_routes_with_linkdown"), 2574 DEVINET_SYSCTL_RW_ENTRY(DROP_GRATUITOUS_ARP, 2575 "drop_gratuitous_arp"), 2576 2577 DEVINET_SYSCTL_FLUSHING_ENTRY(NOXFRM, "disable_xfrm"), 2578 DEVINET_SYSCTL_FLUSHING_ENTRY(NOPOLICY, "disable_policy"), 2579 DEVINET_SYSCTL_FLUSHING_ENTRY(PROMOTE_SECONDARIES, 2580 "promote_secondaries"), 2581 DEVINET_SYSCTL_FLUSHING_ENTRY(ROUTE_LOCALNET, 2582 "route_localnet"), 2583 DEVINET_SYSCTL_FLUSHING_ENTRY(DROP_UNICAST_IN_L2_MULTICAST, 2584 "drop_unicast_in_l2_multicast"), 2585 }, 2586 }; 2587 2588 static int __devinet_sysctl_register(struct net *net, char *dev_name, 2589 int ifindex, struct ipv4_devconf *p) 2590 { 2591 int i; 2592 struct devinet_sysctl_table *t; 2593 char path[sizeof("net/ipv4/conf/") + IFNAMSIZ]; 2594 2595 t = kmemdup(&devinet_sysctl, sizeof(*t), GFP_KERNEL_ACCOUNT); 2596 if (!t) 2597 goto out; 2598 2599 for (i = 0; i < ARRAY_SIZE(t->devinet_vars); i++) { 2600 t->devinet_vars[i].data += (char *)p - (char *)&ipv4_devconf; 2601 t->devinet_vars[i].extra1 = p; 2602 t->devinet_vars[i].extra2 = net; 2603 } 2604 2605 snprintf(path, sizeof(path), "net/ipv4/conf/%s", dev_name); 2606 2607 t->sysctl_header = register_net_sysctl(net, path, t->devinet_vars); 2608 if (!t->sysctl_header) 2609 goto free; 2610 2611 p->sysctl = t; 2612 2613 inet_netconf_notify_devconf(net, RTM_NEWNETCONF, NETCONFA_ALL, 2614 ifindex, p); 2615 return 0; 2616 2617 free: 2618 kfree(t); 2619 out: 2620 return -ENOMEM; 2621 } 2622 2623 static void __devinet_sysctl_unregister(struct net *net, 2624 struct ipv4_devconf *cnf, int ifindex) 2625 { 2626 struct devinet_sysctl_table *t = cnf->sysctl; 2627 2628 if (t) { 2629 cnf->sysctl = NULL; 2630 unregister_net_sysctl_table(t->sysctl_header); 2631 kfree(t); 2632 } 2633 2634 inet_netconf_notify_devconf(net, RTM_DELNETCONF, 0, ifindex, NULL); 2635 } 2636 2637 static int devinet_sysctl_register(struct in_device *idev) 2638 { 2639 int err; 2640 2641 if (!sysctl_dev_name_is_allowed(idev->dev->name)) 2642 return -EINVAL; 2643 2644 err = neigh_sysctl_register(idev->dev, idev->arp_parms, NULL); 2645 if (err) 2646 return err; 2647 err = __devinet_sysctl_register(dev_net(idev->dev), idev->dev->name, 2648 idev->dev->ifindex, &idev->cnf); 2649 if (err) 2650 neigh_sysctl_unregister(idev->arp_parms); 2651 return err; 2652 } 2653 2654 static void devinet_sysctl_unregister(struct in_device *idev) 2655 { 2656 struct net *net = dev_net(idev->dev); 2657 2658 __devinet_sysctl_unregister(net, &idev->cnf, idev->dev->ifindex); 2659 neigh_sysctl_unregister(idev->arp_parms); 2660 } 2661 2662 static struct ctl_table ctl_forward_entry[] = { 2663 { 2664 .procname = "ip_forward", 2665 .data = &ipv4_devconf.data[ 2666 IPV4_DEVCONF_FORWARDING - 1], 2667 .maxlen = sizeof(int), 2668 .mode = 0644, 2669 .proc_handler = devinet_sysctl_forward, 2670 .extra1 = &ipv4_devconf, 2671 .extra2 = &init_net, 2672 }, 2673 }; 2674 #endif 2675 2676 static __net_init int devinet_init_net(struct net *net) 2677 { 2678 #ifdef CONFIG_SYSCTL 2679 struct ctl_table_header *forw_hdr; 2680 struct ctl_table *tbl; 2681 #endif 2682 struct ipv4_devconf *all, *dflt; 2683 int err; 2684 int i; 2685 2686 err = -ENOMEM; 2687 net->ipv4.inet_addr_lst = kmalloc_array(IN4_ADDR_HSIZE, 2688 sizeof(struct hlist_head), 2689 GFP_KERNEL); 2690 if (!net->ipv4.inet_addr_lst) 2691 goto err_alloc_hash; 2692 2693 all = kmemdup(&ipv4_devconf, sizeof(ipv4_devconf), GFP_KERNEL); 2694 if (!all) 2695 goto err_alloc_all; 2696 2697 dflt = kmemdup(&ipv4_devconf_dflt, sizeof(ipv4_devconf_dflt), GFP_KERNEL); 2698 if (!dflt) 2699 goto err_alloc_dflt; 2700 2701 #ifdef CONFIG_SYSCTL 2702 tbl = kmemdup(ctl_forward_entry, sizeof(ctl_forward_entry), GFP_KERNEL); 2703 if (!tbl) 2704 goto err_alloc_ctl; 2705 2706 tbl[0].data = &all->data[IPV4_DEVCONF_FORWARDING - 1]; 2707 tbl[0].extra1 = all; 2708 tbl[0].extra2 = net; 2709 #endif 2710 2711 if (!net_eq(net, &init_net)) { 2712 switch (net_inherit_devconf()) { 2713 case 3: 2714 /* copy from the current netns */ 2715 memcpy(all, current->nsproxy->net_ns->ipv4.devconf_all, 2716 sizeof(ipv4_devconf)); 2717 memcpy(dflt, 2718 current->nsproxy->net_ns->ipv4.devconf_dflt, 2719 sizeof(ipv4_devconf_dflt)); 2720 break; 2721 case 0: 2722 case 1: 2723 /* copy from init_net */ 2724 memcpy(all, init_net.ipv4.devconf_all, 2725 sizeof(ipv4_devconf)); 2726 memcpy(dflt, init_net.ipv4.devconf_dflt, 2727 sizeof(ipv4_devconf_dflt)); 2728 break; 2729 case 2: 2730 /* use compiled values */ 2731 break; 2732 } 2733 } 2734 2735 #ifdef CONFIG_SYSCTL 2736 err = __devinet_sysctl_register(net, "all", NETCONFA_IFINDEX_ALL, all); 2737 if (err < 0) 2738 goto err_reg_all; 2739 2740 err = __devinet_sysctl_register(net, "default", 2741 NETCONFA_IFINDEX_DEFAULT, dflt); 2742 if (err < 0) 2743 goto err_reg_dflt; 2744 2745 err = -ENOMEM; 2746 forw_hdr = register_net_sysctl_sz(net, "net/ipv4", tbl, 2747 ARRAY_SIZE(ctl_forward_entry)); 2748 if (!forw_hdr) 2749 goto err_reg_ctl; 2750 net->ipv4.forw_hdr = forw_hdr; 2751 #endif 2752 2753 for (i = 0; i < IN4_ADDR_HSIZE; i++) 2754 INIT_HLIST_HEAD(&net->ipv4.inet_addr_lst[i]); 2755 2756 INIT_DEFERRABLE_WORK(&net->ipv4.addr_chk_work, check_lifetime); 2757 2758 net->ipv4.devconf_all = all; 2759 net->ipv4.devconf_dflt = dflt; 2760 return 0; 2761 2762 #ifdef CONFIG_SYSCTL 2763 err_reg_ctl: 2764 __devinet_sysctl_unregister(net, dflt, NETCONFA_IFINDEX_DEFAULT); 2765 err_reg_dflt: 2766 __devinet_sysctl_unregister(net, all, NETCONFA_IFINDEX_ALL); 2767 err_reg_all: 2768 kfree(tbl); 2769 err_alloc_ctl: 2770 #endif 2771 kfree(dflt); 2772 err_alloc_dflt: 2773 kfree(all); 2774 err_alloc_all: 2775 kfree(net->ipv4.inet_addr_lst); 2776 err_alloc_hash: 2777 return err; 2778 } 2779 2780 static __net_exit void devinet_exit_net(struct net *net) 2781 { 2782 #ifdef CONFIG_SYSCTL 2783 const struct ctl_table *tbl; 2784 #endif 2785 2786 cancel_delayed_work_sync(&net->ipv4.addr_chk_work); 2787 2788 #ifdef CONFIG_SYSCTL 2789 tbl = net->ipv4.forw_hdr->ctl_table_arg; 2790 unregister_net_sysctl_table(net->ipv4.forw_hdr); 2791 __devinet_sysctl_unregister(net, net->ipv4.devconf_dflt, 2792 NETCONFA_IFINDEX_DEFAULT); 2793 __devinet_sysctl_unregister(net, net->ipv4.devconf_all, 2794 NETCONFA_IFINDEX_ALL); 2795 kfree(tbl); 2796 #endif 2797 kfree(net->ipv4.devconf_dflt); 2798 kfree(net->ipv4.devconf_all); 2799 kfree(net->ipv4.inet_addr_lst); 2800 } 2801 2802 static __net_initdata struct pernet_operations devinet_ops = { 2803 .init = devinet_init_net, 2804 .exit = devinet_exit_net, 2805 }; 2806 2807 static struct rtnl_af_ops inet_af_ops __read_mostly = { 2808 .family = AF_INET, 2809 .fill_link_af = inet_fill_link_af, 2810 .get_link_af_size = inet_get_link_af_size, 2811 .validate_link_af = inet_validate_link_af, 2812 .set_link_af = inet_set_link_af, 2813 }; 2814 2815 static const struct rtnl_msg_handler devinet_rtnl_msg_handlers[] __initconst = { 2816 {.protocol = PF_INET, .msgtype = RTM_NEWADDR, .doit = inet_rtm_newaddr}, 2817 {.protocol = PF_INET, .msgtype = RTM_DELADDR, .doit = inet_rtm_deladdr}, 2818 {.protocol = PF_INET, .msgtype = RTM_GETADDR, .dumpit = inet_dump_ifaddr, 2819 .flags = RTNL_FLAG_DUMP_UNLOCKED | RTNL_FLAG_DUMP_SPLIT_NLM_DONE}, 2820 {.protocol = PF_INET, .msgtype = RTM_GETNETCONF, 2821 .doit = inet_netconf_get_devconf, .dumpit = inet_netconf_dump_devconf, 2822 .flags = RTNL_FLAG_DOIT_UNLOCKED | RTNL_FLAG_DUMP_UNLOCKED}, 2823 }; 2824 2825 void __init devinet_init(void) 2826 { 2827 register_pernet_subsys(&devinet_ops); 2828 register_netdevice_notifier(&ip_netdev_notifier); 2829 2830 rtnl_af_register(&inet_af_ops); 2831 2832 rtnl_register_many(devinet_rtnl_msg_handlers); 2833 } 2834