1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * NET3 IP device support routines. 4 * 5 * Derived from the IP parts of dev.c 1.0.19 6 * Authors: Ross Biro 7 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG> 8 * Mark Evans, <evansmp@uhura.aston.ac.uk> 9 * 10 * Additional Authors: 11 * Alan Cox, <gw4pts@gw4pts.ampr.org> 12 * Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru> 13 * 14 * Changes: 15 * Alexey Kuznetsov: pa_* fields are replaced with ifaddr 16 * lists. 17 * Cyrus Durgin: updated for kmod 18 * Matthias Andree: in devinet_ioctl, compare label and 19 * address (4.4BSD alias style support), 20 * fall back to comparing just the label 21 * if no match found. 22 */ 23 24 25 #include <linux/uaccess.h> 26 #include <linux/bitops.h> 27 #include <linux/capability.h> 28 #include <linux/module.h> 29 #include <linux/types.h> 30 #include <linux/kernel.h> 31 #include <linux/sched/signal.h> 32 #include <linux/string.h> 33 #include <linux/mm.h> 34 #include <linux/socket.h> 35 #include <linux/sockios.h> 36 #include <linux/in.h> 37 #include <linux/errno.h> 38 #include <linux/interrupt.h> 39 #include <linux/if_addr.h> 40 #include <linux/if_ether.h> 41 #include <linux/inet.h> 42 #include <linux/netdevice.h> 43 #include <linux/etherdevice.h> 44 #include <linux/skbuff.h> 45 #include <linux/init.h> 46 #include <linux/notifier.h> 47 #include <linux/inetdevice.h> 48 #include <linux/igmp.h> 49 #include <linux/slab.h> 50 #include <linux/hash.h> 51 #ifdef CONFIG_SYSCTL 52 #include <linux/sysctl.h> 53 #endif 54 #include <linux/kmod.h> 55 #include <linux/netconf.h> 56 57 #include <net/arp.h> 58 #include <net/ip.h> 59 #include <net/route.h> 60 #include <net/ip_fib.h> 61 #include <net/rtnetlink.h> 62 #include <net/net_namespace.h> 63 #include <net/addrconf.h> 64 65 #define IPV6ONLY_FLAGS \ 66 (IFA_F_NODAD | IFA_F_OPTIMISTIC | IFA_F_DADFAILED | \ 67 IFA_F_HOMEADDRESS | IFA_F_TENTATIVE | \ 68 IFA_F_MANAGETEMPADDR | IFA_F_STABLE_PRIVACY) 69 70 static struct ipv4_devconf ipv4_devconf = { 71 .data = { 72 [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 1, 73 [IPV4_DEVCONF_SEND_REDIRECTS - 1] = 1, 74 [IPV4_DEVCONF_SECURE_REDIRECTS - 1] = 1, 75 [IPV4_DEVCONF_SHARED_MEDIA - 1] = 1, 76 [IPV4_DEVCONF_IGMPV2_UNSOLICITED_REPORT_INTERVAL - 1] = 10000 /*ms*/, 77 [IPV4_DEVCONF_IGMPV3_UNSOLICITED_REPORT_INTERVAL - 1] = 1000 /*ms*/, 78 [IPV4_DEVCONF_ARP_EVICT_NOCARRIER - 1] = 1, 79 }, 80 }; 81 82 static struct ipv4_devconf ipv4_devconf_dflt = { 83 .data = { 84 [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 1, 85 [IPV4_DEVCONF_SEND_REDIRECTS - 1] = 1, 86 [IPV4_DEVCONF_SECURE_REDIRECTS - 1] = 1, 87 [IPV4_DEVCONF_SHARED_MEDIA - 1] = 1, 88 [IPV4_DEVCONF_ACCEPT_SOURCE_ROUTE - 1] = 1, 89 [IPV4_DEVCONF_IGMPV2_UNSOLICITED_REPORT_INTERVAL - 1] = 10000 /*ms*/, 90 [IPV4_DEVCONF_IGMPV3_UNSOLICITED_REPORT_INTERVAL - 1] = 1000 /*ms*/, 91 [IPV4_DEVCONF_ARP_EVICT_NOCARRIER - 1] = 1, 92 }, 93 }; 94 95 #define IPV4_DEVCONF_DFLT(net, attr) \ 96 IPV4_DEVCONF((*net->ipv4.devconf_dflt), attr) 97 98 static const struct nla_policy ifa_ipv4_policy[IFA_MAX+1] = { 99 [IFA_LOCAL] = { .type = NLA_U32 }, 100 [IFA_ADDRESS] = { .type = NLA_U32 }, 101 [IFA_BROADCAST] = { .type = NLA_U32 }, 102 [IFA_LABEL] = { .type = NLA_STRING, .len = IFNAMSIZ - 1 }, 103 [IFA_CACHEINFO] = { .len = sizeof(struct ifa_cacheinfo) }, 104 [IFA_FLAGS] = { .type = NLA_U32 }, 105 [IFA_RT_PRIORITY] = { .type = NLA_U32 }, 106 [IFA_TARGET_NETNSID] = { .type = NLA_S32 }, 107 [IFA_PROTO] = { .type = NLA_U8 }, 108 }; 109 110 struct inet_fill_args { 111 u32 portid; 112 u32 seq; 113 int event; 114 unsigned int flags; 115 int netnsid; 116 int ifindex; 117 }; 118 119 #define IN4_ADDR_HSIZE_SHIFT 8 120 #define IN4_ADDR_HSIZE (1U << IN4_ADDR_HSIZE_SHIFT) 121 122 static struct hlist_head inet_addr_lst[IN4_ADDR_HSIZE]; 123 124 static u32 inet_addr_hash(const struct net *net, __be32 addr) 125 { 126 u32 val = (__force u32) addr ^ net_hash_mix(net); 127 128 return hash_32(val, IN4_ADDR_HSIZE_SHIFT); 129 } 130 131 static void inet_hash_insert(struct net *net, struct in_ifaddr *ifa) 132 { 133 u32 hash = inet_addr_hash(net, ifa->ifa_local); 134 135 ASSERT_RTNL(); 136 hlist_add_head_rcu(&ifa->hash, &inet_addr_lst[hash]); 137 } 138 139 static void inet_hash_remove(struct in_ifaddr *ifa) 140 { 141 ASSERT_RTNL(); 142 hlist_del_init_rcu(&ifa->hash); 143 } 144 145 /** 146 * __ip_dev_find - find the first device with a given source address. 147 * @net: the net namespace 148 * @addr: the source address 149 * @devref: if true, take a reference on the found device 150 * 151 * If a caller uses devref=false, it should be protected by RCU, or RTNL 152 */ 153 struct net_device *__ip_dev_find(struct net *net, __be32 addr, bool devref) 154 { 155 struct net_device *result = NULL; 156 struct in_ifaddr *ifa; 157 158 rcu_read_lock(); 159 ifa = inet_lookup_ifaddr_rcu(net, addr); 160 if (!ifa) { 161 struct flowi4 fl4 = { .daddr = addr }; 162 struct fib_result res = { 0 }; 163 struct fib_table *local; 164 165 /* Fallback to FIB local table so that communication 166 * over loopback subnets work. 167 */ 168 local = fib_get_table(net, RT_TABLE_LOCAL); 169 if (local && 170 !fib_table_lookup(local, &fl4, &res, FIB_LOOKUP_NOREF) && 171 res.type == RTN_LOCAL) 172 result = FIB_RES_DEV(res); 173 } else { 174 result = ifa->ifa_dev->dev; 175 } 176 if (result && devref) 177 dev_hold(result); 178 rcu_read_unlock(); 179 return result; 180 } 181 EXPORT_SYMBOL(__ip_dev_find); 182 183 /* called under RCU lock */ 184 struct in_ifaddr *inet_lookup_ifaddr_rcu(struct net *net, __be32 addr) 185 { 186 u32 hash = inet_addr_hash(net, addr); 187 struct in_ifaddr *ifa; 188 189 hlist_for_each_entry_rcu(ifa, &inet_addr_lst[hash], hash) 190 if (ifa->ifa_local == addr && 191 net_eq(dev_net(ifa->ifa_dev->dev), net)) 192 return ifa; 193 194 return NULL; 195 } 196 197 static void rtmsg_ifa(int event, struct in_ifaddr *, struct nlmsghdr *, u32); 198 199 static BLOCKING_NOTIFIER_HEAD(inetaddr_chain); 200 static BLOCKING_NOTIFIER_HEAD(inetaddr_validator_chain); 201 static void inet_del_ifa(struct in_device *in_dev, 202 struct in_ifaddr __rcu **ifap, 203 int destroy); 204 #ifdef CONFIG_SYSCTL 205 static int devinet_sysctl_register(struct in_device *idev); 206 static void devinet_sysctl_unregister(struct in_device *idev); 207 #else 208 static int devinet_sysctl_register(struct in_device *idev) 209 { 210 return 0; 211 } 212 static void devinet_sysctl_unregister(struct in_device *idev) 213 { 214 } 215 #endif 216 217 /* Locks all the inet devices. */ 218 219 static struct in_ifaddr *inet_alloc_ifa(void) 220 { 221 return kzalloc(sizeof(struct in_ifaddr), GFP_KERNEL_ACCOUNT); 222 } 223 224 static void inet_rcu_free_ifa(struct rcu_head *head) 225 { 226 struct in_ifaddr *ifa = container_of(head, struct in_ifaddr, rcu_head); 227 228 if (ifa->ifa_dev) 229 in_dev_put(ifa->ifa_dev); 230 kfree(ifa); 231 } 232 233 static void inet_free_ifa(struct in_ifaddr *ifa) 234 { 235 /* Our reference to ifa->ifa_dev must be freed ASAP 236 * to release the reference to the netdev the same way. 237 * in_dev_put() -> in_dev_finish_destroy() -> netdev_put() 238 */ 239 call_rcu_hurry(&ifa->rcu_head, inet_rcu_free_ifa); 240 } 241 242 static void in_dev_free_rcu(struct rcu_head *head) 243 { 244 struct in_device *idev = container_of(head, struct in_device, rcu_head); 245 246 kfree(rcu_dereference_protected(idev->mc_hash, 1)); 247 kfree(idev); 248 } 249 250 void in_dev_finish_destroy(struct in_device *idev) 251 { 252 struct net_device *dev = idev->dev; 253 254 WARN_ON(idev->ifa_list); 255 WARN_ON(idev->mc_list); 256 #ifdef NET_REFCNT_DEBUG 257 pr_debug("%s: %p=%s\n", __func__, idev, dev ? dev->name : "NIL"); 258 #endif 259 netdev_put(dev, &idev->dev_tracker); 260 if (!idev->dead) 261 pr_err("Freeing alive in_device %p\n", idev); 262 else 263 call_rcu(&idev->rcu_head, in_dev_free_rcu); 264 } 265 EXPORT_SYMBOL(in_dev_finish_destroy); 266 267 static struct in_device *inetdev_init(struct net_device *dev) 268 { 269 struct in_device *in_dev; 270 int err = -ENOMEM; 271 272 ASSERT_RTNL(); 273 274 in_dev = kzalloc(sizeof(*in_dev), GFP_KERNEL); 275 if (!in_dev) 276 goto out; 277 memcpy(&in_dev->cnf, dev_net(dev)->ipv4.devconf_dflt, 278 sizeof(in_dev->cnf)); 279 in_dev->cnf.sysctl = NULL; 280 in_dev->dev = dev; 281 in_dev->arp_parms = neigh_parms_alloc(dev, &arp_tbl); 282 if (!in_dev->arp_parms) 283 goto out_kfree; 284 if (IPV4_DEVCONF(in_dev->cnf, FORWARDING)) 285 dev_disable_lro(dev); 286 /* Reference in_dev->dev */ 287 netdev_hold(dev, &in_dev->dev_tracker, GFP_KERNEL); 288 /* Account for reference dev->ip_ptr (below) */ 289 refcount_set(&in_dev->refcnt, 1); 290 291 err = devinet_sysctl_register(in_dev); 292 if (err) { 293 in_dev->dead = 1; 294 neigh_parms_release(&arp_tbl, in_dev->arp_parms); 295 in_dev_put(in_dev); 296 in_dev = NULL; 297 goto out; 298 } 299 ip_mc_init_dev(in_dev); 300 if (dev->flags & IFF_UP) 301 ip_mc_up(in_dev); 302 303 /* we can receive as soon as ip_ptr is set -- do this last */ 304 rcu_assign_pointer(dev->ip_ptr, in_dev); 305 out: 306 return in_dev ?: ERR_PTR(err); 307 out_kfree: 308 kfree(in_dev); 309 in_dev = NULL; 310 goto out; 311 } 312 313 static void inetdev_destroy(struct in_device *in_dev) 314 { 315 struct net_device *dev; 316 struct in_ifaddr *ifa; 317 318 ASSERT_RTNL(); 319 320 dev = in_dev->dev; 321 322 in_dev->dead = 1; 323 324 ip_mc_destroy_dev(in_dev); 325 326 while ((ifa = rtnl_dereference(in_dev->ifa_list)) != NULL) { 327 inet_del_ifa(in_dev, &in_dev->ifa_list, 0); 328 inet_free_ifa(ifa); 329 } 330 331 RCU_INIT_POINTER(dev->ip_ptr, NULL); 332 333 devinet_sysctl_unregister(in_dev); 334 neigh_parms_release(&arp_tbl, in_dev->arp_parms); 335 arp_ifdown(dev); 336 337 in_dev_put(in_dev); 338 } 339 340 int inet_addr_onlink(struct in_device *in_dev, __be32 a, __be32 b) 341 { 342 const struct in_ifaddr *ifa; 343 344 rcu_read_lock(); 345 in_dev_for_each_ifa_rcu(ifa, in_dev) { 346 if (inet_ifa_match(a, ifa)) { 347 if (!b || inet_ifa_match(b, ifa)) { 348 rcu_read_unlock(); 349 return 1; 350 } 351 } 352 } 353 rcu_read_unlock(); 354 return 0; 355 } 356 357 static void __inet_del_ifa(struct in_device *in_dev, 358 struct in_ifaddr __rcu **ifap, 359 int destroy, struct nlmsghdr *nlh, u32 portid) 360 { 361 struct in_ifaddr *promote = NULL; 362 struct in_ifaddr *ifa, *ifa1; 363 struct in_ifaddr __rcu **last_prim; 364 struct in_ifaddr *prev_prom = NULL; 365 int do_promote = IN_DEV_PROMOTE_SECONDARIES(in_dev); 366 367 ASSERT_RTNL(); 368 369 ifa1 = rtnl_dereference(*ifap); 370 last_prim = ifap; 371 if (in_dev->dead) 372 goto no_promotions; 373 374 /* 1. Deleting primary ifaddr forces deletion all secondaries 375 * unless alias promotion is set 376 **/ 377 378 if (!(ifa1->ifa_flags & IFA_F_SECONDARY)) { 379 struct in_ifaddr __rcu **ifap1 = &ifa1->ifa_next; 380 381 while ((ifa = rtnl_dereference(*ifap1)) != NULL) { 382 if (!(ifa->ifa_flags & IFA_F_SECONDARY) && 383 ifa1->ifa_scope <= ifa->ifa_scope) 384 last_prim = &ifa->ifa_next; 385 386 if (!(ifa->ifa_flags & IFA_F_SECONDARY) || 387 ifa1->ifa_mask != ifa->ifa_mask || 388 !inet_ifa_match(ifa1->ifa_address, ifa)) { 389 ifap1 = &ifa->ifa_next; 390 prev_prom = ifa; 391 continue; 392 } 393 394 if (!do_promote) { 395 inet_hash_remove(ifa); 396 *ifap1 = ifa->ifa_next; 397 398 rtmsg_ifa(RTM_DELADDR, ifa, nlh, portid); 399 blocking_notifier_call_chain(&inetaddr_chain, 400 NETDEV_DOWN, ifa); 401 inet_free_ifa(ifa); 402 } else { 403 promote = ifa; 404 break; 405 } 406 } 407 } 408 409 /* On promotion all secondaries from subnet are changing 410 * the primary IP, we must remove all their routes silently 411 * and later to add them back with new prefsrc. Do this 412 * while all addresses are on the device list. 413 */ 414 for (ifa = promote; ifa; ifa = rtnl_dereference(ifa->ifa_next)) { 415 if (ifa1->ifa_mask == ifa->ifa_mask && 416 inet_ifa_match(ifa1->ifa_address, ifa)) 417 fib_del_ifaddr(ifa, ifa1); 418 } 419 420 no_promotions: 421 /* 2. Unlink it */ 422 423 *ifap = ifa1->ifa_next; 424 inet_hash_remove(ifa1); 425 426 /* 3. Announce address deletion */ 427 428 /* Send message first, then call notifier. 429 At first sight, FIB update triggered by notifier 430 will refer to already deleted ifaddr, that could confuse 431 netlink listeners. It is not true: look, gated sees 432 that route deleted and if it still thinks that ifaddr 433 is valid, it will try to restore deleted routes... Grr. 434 So that, this order is correct. 435 */ 436 rtmsg_ifa(RTM_DELADDR, ifa1, nlh, portid); 437 blocking_notifier_call_chain(&inetaddr_chain, NETDEV_DOWN, ifa1); 438 439 if (promote) { 440 struct in_ifaddr *next_sec; 441 442 next_sec = rtnl_dereference(promote->ifa_next); 443 if (prev_prom) { 444 struct in_ifaddr *last_sec; 445 446 rcu_assign_pointer(prev_prom->ifa_next, next_sec); 447 448 last_sec = rtnl_dereference(*last_prim); 449 rcu_assign_pointer(promote->ifa_next, last_sec); 450 rcu_assign_pointer(*last_prim, promote); 451 } 452 453 promote->ifa_flags &= ~IFA_F_SECONDARY; 454 rtmsg_ifa(RTM_NEWADDR, promote, nlh, portid); 455 blocking_notifier_call_chain(&inetaddr_chain, 456 NETDEV_UP, promote); 457 for (ifa = next_sec; ifa; 458 ifa = rtnl_dereference(ifa->ifa_next)) { 459 if (ifa1->ifa_mask != ifa->ifa_mask || 460 !inet_ifa_match(ifa1->ifa_address, ifa)) 461 continue; 462 fib_add_ifaddr(ifa); 463 } 464 465 } 466 if (destroy) 467 inet_free_ifa(ifa1); 468 } 469 470 static void inet_del_ifa(struct in_device *in_dev, 471 struct in_ifaddr __rcu **ifap, 472 int destroy) 473 { 474 __inet_del_ifa(in_dev, ifap, destroy, NULL, 0); 475 } 476 477 static void check_lifetime(struct work_struct *work); 478 479 static DECLARE_DELAYED_WORK(check_lifetime_work, check_lifetime); 480 481 static int __inet_insert_ifa(struct in_ifaddr *ifa, struct nlmsghdr *nlh, 482 u32 portid, struct netlink_ext_ack *extack) 483 { 484 struct in_ifaddr __rcu **last_primary, **ifap; 485 struct in_device *in_dev = ifa->ifa_dev; 486 struct in_validator_info ivi; 487 struct in_ifaddr *ifa1; 488 int ret; 489 490 ASSERT_RTNL(); 491 492 if (!ifa->ifa_local) { 493 inet_free_ifa(ifa); 494 return 0; 495 } 496 497 ifa->ifa_flags &= ~IFA_F_SECONDARY; 498 last_primary = &in_dev->ifa_list; 499 500 /* Don't set IPv6 only flags to IPv4 addresses */ 501 ifa->ifa_flags &= ~IPV6ONLY_FLAGS; 502 503 ifap = &in_dev->ifa_list; 504 ifa1 = rtnl_dereference(*ifap); 505 506 while (ifa1) { 507 if (!(ifa1->ifa_flags & IFA_F_SECONDARY) && 508 ifa->ifa_scope <= ifa1->ifa_scope) 509 last_primary = &ifa1->ifa_next; 510 if (ifa1->ifa_mask == ifa->ifa_mask && 511 inet_ifa_match(ifa1->ifa_address, ifa)) { 512 if (ifa1->ifa_local == ifa->ifa_local) { 513 inet_free_ifa(ifa); 514 return -EEXIST; 515 } 516 if (ifa1->ifa_scope != ifa->ifa_scope) { 517 NL_SET_ERR_MSG(extack, "ipv4: Invalid scope value"); 518 inet_free_ifa(ifa); 519 return -EINVAL; 520 } 521 ifa->ifa_flags |= IFA_F_SECONDARY; 522 } 523 524 ifap = &ifa1->ifa_next; 525 ifa1 = rtnl_dereference(*ifap); 526 } 527 528 /* Allow any devices that wish to register ifaddr validtors to weigh 529 * in now, before changes are committed. The rntl lock is serializing 530 * access here, so the state should not change between a validator call 531 * and a final notify on commit. This isn't invoked on promotion under 532 * the assumption that validators are checking the address itself, and 533 * not the flags. 534 */ 535 ivi.ivi_addr = ifa->ifa_address; 536 ivi.ivi_dev = ifa->ifa_dev; 537 ivi.extack = extack; 538 ret = blocking_notifier_call_chain(&inetaddr_validator_chain, 539 NETDEV_UP, &ivi); 540 ret = notifier_to_errno(ret); 541 if (ret) { 542 inet_free_ifa(ifa); 543 return ret; 544 } 545 546 if (!(ifa->ifa_flags & IFA_F_SECONDARY)) 547 ifap = last_primary; 548 549 rcu_assign_pointer(ifa->ifa_next, *ifap); 550 rcu_assign_pointer(*ifap, ifa); 551 552 inet_hash_insert(dev_net(in_dev->dev), ifa); 553 554 cancel_delayed_work(&check_lifetime_work); 555 queue_delayed_work(system_power_efficient_wq, &check_lifetime_work, 0); 556 557 /* Send message first, then call notifier. 558 Notifier will trigger FIB update, so that 559 listeners of netlink will know about new ifaddr */ 560 rtmsg_ifa(RTM_NEWADDR, ifa, nlh, portid); 561 blocking_notifier_call_chain(&inetaddr_chain, NETDEV_UP, ifa); 562 563 return 0; 564 } 565 566 static int inet_insert_ifa(struct in_ifaddr *ifa) 567 { 568 return __inet_insert_ifa(ifa, NULL, 0, NULL); 569 } 570 571 static int inet_set_ifa(struct net_device *dev, struct in_ifaddr *ifa) 572 { 573 struct in_device *in_dev = __in_dev_get_rtnl(dev); 574 575 ASSERT_RTNL(); 576 577 if (!in_dev) { 578 inet_free_ifa(ifa); 579 return -ENOBUFS; 580 } 581 ipv4_devconf_setall(in_dev); 582 neigh_parms_data_state_setall(in_dev->arp_parms); 583 if (ifa->ifa_dev != in_dev) { 584 WARN_ON(ifa->ifa_dev); 585 in_dev_hold(in_dev); 586 ifa->ifa_dev = in_dev; 587 } 588 if (ipv4_is_loopback(ifa->ifa_local)) 589 ifa->ifa_scope = RT_SCOPE_HOST; 590 return inet_insert_ifa(ifa); 591 } 592 593 /* Caller must hold RCU or RTNL : 594 * We dont take a reference on found in_device 595 */ 596 struct in_device *inetdev_by_index(struct net *net, int ifindex) 597 { 598 struct net_device *dev; 599 struct in_device *in_dev = NULL; 600 601 rcu_read_lock(); 602 dev = dev_get_by_index_rcu(net, ifindex); 603 if (dev) 604 in_dev = rcu_dereference_rtnl(dev->ip_ptr); 605 rcu_read_unlock(); 606 return in_dev; 607 } 608 EXPORT_SYMBOL(inetdev_by_index); 609 610 /* Called only from RTNL semaphored context. No locks. */ 611 612 struct in_ifaddr *inet_ifa_byprefix(struct in_device *in_dev, __be32 prefix, 613 __be32 mask) 614 { 615 struct in_ifaddr *ifa; 616 617 ASSERT_RTNL(); 618 619 in_dev_for_each_ifa_rtnl(ifa, in_dev) { 620 if (ifa->ifa_mask == mask && inet_ifa_match(prefix, ifa)) 621 return ifa; 622 } 623 return NULL; 624 } 625 626 static int ip_mc_autojoin_config(struct net *net, bool join, 627 const struct in_ifaddr *ifa) 628 { 629 #if defined(CONFIG_IP_MULTICAST) 630 struct ip_mreqn mreq = { 631 .imr_multiaddr.s_addr = ifa->ifa_address, 632 .imr_ifindex = ifa->ifa_dev->dev->ifindex, 633 }; 634 struct sock *sk = net->ipv4.mc_autojoin_sk; 635 int ret; 636 637 ASSERT_RTNL(); 638 639 lock_sock(sk); 640 if (join) 641 ret = ip_mc_join_group(sk, &mreq); 642 else 643 ret = ip_mc_leave_group(sk, &mreq); 644 release_sock(sk); 645 646 return ret; 647 #else 648 return -EOPNOTSUPP; 649 #endif 650 } 651 652 static int inet_rtm_deladdr(struct sk_buff *skb, struct nlmsghdr *nlh, 653 struct netlink_ext_ack *extack) 654 { 655 struct net *net = sock_net(skb->sk); 656 struct in_ifaddr __rcu **ifap; 657 struct nlattr *tb[IFA_MAX+1]; 658 struct in_device *in_dev; 659 struct ifaddrmsg *ifm; 660 struct in_ifaddr *ifa; 661 int err; 662 663 ASSERT_RTNL(); 664 665 err = nlmsg_parse_deprecated(nlh, sizeof(*ifm), tb, IFA_MAX, 666 ifa_ipv4_policy, extack); 667 if (err < 0) 668 goto errout; 669 670 ifm = nlmsg_data(nlh); 671 in_dev = inetdev_by_index(net, ifm->ifa_index); 672 if (!in_dev) { 673 NL_SET_ERR_MSG(extack, "ipv4: Device not found"); 674 err = -ENODEV; 675 goto errout; 676 } 677 678 for (ifap = &in_dev->ifa_list; (ifa = rtnl_dereference(*ifap)) != NULL; 679 ifap = &ifa->ifa_next) { 680 if (tb[IFA_LOCAL] && 681 ifa->ifa_local != nla_get_in_addr(tb[IFA_LOCAL])) 682 continue; 683 684 if (tb[IFA_LABEL] && nla_strcmp(tb[IFA_LABEL], ifa->ifa_label)) 685 continue; 686 687 if (tb[IFA_ADDRESS] && 688 (ifm->ifa_prefixlen != ifa->ifa_prefixlen || 689 !inet_ifa_match(nla_get_in_addr(tb[IFA_ADDRESS]), ifa))) 690 continue; 691 692 if (ipv4_is_multicast(ifa->ifa_address)) 693 ip_mc_autojoin_config(net, false, ifa); 694 __inet_del_ifa(in_dev, ifap, 1, nlh, NETLINK_CB(skb).portid); 695 return 0; 696 } 697 698 NL_SET_ERR_MSG(extack, "ipv4: Address not found"); 699 err = -EADDRNOTAVAIL; 700 errout: 701 return err; 702 } 703 704 #define INFINITY_LIFE_TIME 0xFFFFFFFF 705 706 static void check_lifetime(struct work_struct *work) 707 { 708 unsigned long now, next, next_sec, next_sched; 709 struct in_ifaddr *ifa; 710 struct hlist_node *n; 711 int i; 712 713 now = jiffies; 714 next = round_jiffies_up(now + ADDR_CHECK_FREQUENCY); 715 716 for (i = 0; i < IN4_ADDR_HSIZE; i++) { 717 bool change_needed = false; 718 719 rcu_read_lock(); 720 hlist_for_each_entry_rcu(ifa, &inet_addr_lst[i], hash) { 721 unsigned long age, tstamp; 722 u32 preferred_lft; 723 u32 valid_lft; 724 u32 flags; 725 726 flags = READ_ONCE(ifa->ifa_flags); 727 if (flags & IFA_F_PERMANENT) 728 continue; 729 730 preferred_lft = READ_ONCE(ifa->ifa_preferred_lft); 731 valid_lft = READ_ONCE(ifa->ifa_valid_lft); 732 tstamp = READ_ONCE(ifa->ifa_tstamp); 733 /* We try to batch several events at once. */ 734 age = (now - tstamp + 735 ADDRCONF_TIMER_FUZZ_MINUS) / HZ; 736 737 if (valid_lft != INFINITY_LIFE_TIME && 738 age >= valid_lft) { 739 change_needed = true; 740 } else if (preferred_lft == 741 INFINITY_LIFE_TIME) { 742 continue; 743 } else if (age >= preferred_lft) { 744 if (time_before(tstamp + valid_lft * HZ, next)) 745 next = tstamp + valid_lft * HZ; 746 747 if (!(flags & IFA_F_DEPRECATED)) 748 change_needed = true; 749 } else if (time_before(tstamp + preferred_lft * HZ, 750 next)) { 751 next = tstamp + preferred_lft * HZ; 752 } 753 } 754 rcu_read_unlock(); 755 if (!change_needed) 756 continue; 757 rtnl_lock(); 758 hlist_for_each_entry_safe(ifa, n, &inet_addr_lst[i], hash) { 759 unsigned long age; 760 761 if (ifa->ifa_flags & IFA_F_PERMANENT) 762 continue; 763 764 /* We try to batch several events at once. */ 765 age = (now - ifa->ifa_tstamp + 766 ADDRCONF_TIMER_FUZZ_MINUS) / HZ; 767 768 if (ifa->ifa_valid_lft != INFINITY_LIFE_TIME && 769 age >= ifa->ifa_valid_lft) { 770 struct in_ifaddr __rcu **ifap; 771 struct in_ifaddr *tmp; 772 773 ifap = &ifa->ifa_dev->ifa_list; 774 tmp = rtnl_dereference(*ifap); 775 while (tmp) { 776 if (tmp == ifa) { 777 inet_del_ifa(ifa->ifa_dev, 778 ifap, 1); 779 break; 780 } 781 ifap = &tmp->ifa_next; 782 tmp = rtnl_dereference(*ifap); 783 } 784 } else if (ifa->ifa_preferred_lft != 785 INFINITY_LIFE_TIME && 786 age >= ifa->ifa_preferred_lft && 787 !(ifa->ifa_flags & IFA_F_DEPRECATED)) { 788 ifa->ifa_flags |= IFA_F_DEPRECATED; 789 rtmsg_ifa(RTM_NEWADDR, ifa, NULL, 0); 790 } 791 } 792 rtnl_unlock(); 793 } 794 795 next_sec = round_jiffies_up(next); 796 next_sched = next; 797 798 /* If rounded timeout is accurate enough, accept it. */ 799 if (time_before(next_sec, next + ADDRCONF_TIMER_FUZZ)) 800 next_sched = next_sec; 801 802 now = jiffies; 803 /* And minimum interval is ADDRCONF_TIMER_FUZZ_MAX. */ 804 if (time_before(next_sched, now + ADDRCONF_TIMER_FUZZ_MAX)) 805 next_sched = now + ADDRCONF_TIMER_FUZZ_MAX; 806 807 queue_delayed_work(system_power_efficient_wq, &check_lifetime_work, 808 next_sched - now); 809 } 810 811 static void set_ifa_lifetime(struct in_ifaddr *ifa, __u32 valid_lft, 812 __u32 prefered_lft) 813 { 814 unsigned long timeout; 815 u32 flags; 816 817 flags = ifa->ifa_flags & ~(IFA_F_PERMANENT | IFA_F_DEPRECATED); 818 819 timeout = addrconf_timeout_fixup(valid_lft, HZ); 820 if (addrconf_finite_timeout(timeout)) 821 WRITE_ONCE(ifa->ifa_valid_lft, timeout); 822 else 823 flags |= IFA_F_PERMANENT; 824 825 timeout = addrconf_timeout_fixup(prefered_lft, HZ); 826 if (addrconf_finite_timeout(timeout)) { 827 if (timeout == 0) 828 flags |= IFA_F_DEPRECATED; 829 WRITE_ONCE(ifa->ifa_preferred_lft, timeout); 830 } 831 WRITE_ONCE(ifa->ifa_flags, flags); 832 WRITE_ONCE(ifa->ifa_tstamp, jiffies); 833 if (!ifa->ifa_cstamp) 834 WRITE_ONCE(ifa->ifa_cstamp, ifa->ifa_tstamp); 835 } 836 837 static struct in_ifaddr *rtm_to_ifaddr(struct net *net, struct nlmsghdr *nlh, 838 __u32 *pvalid_lft, __u32 *pprefered_lft, 839 struct netlink_ext_ack *extack) 840 { 841 struct nlattr *tb[IFA_MAX+1]; 842 struct in_ifaddr *ifa; 843 struct ifaddrmsg *ifm; 844 struct net_device *dev; 845 struct in_device *in_dev; 846 int err; 847 848 err = nlmsg_parse_deprecated(nlh, sizeof(*ifm), tb, IFA_MAX, 849 ifa_ipv4_policy, extack); 850 if (err < 0) 851 goto errout; 852 853 ifm = nlmsg_data(nlh); 854 err = -EINVAL; 855 856 if (ifm->ifa_prefixlen > 32) { 857 NL_SET_ERR_MSG(extack, "ipv4: Invalid prefix length"); 858 goto errout; 859 } 860 861 if (!tb[IFA_LOCAL]) { 862 NL_SET_ERR_MSG(extack, "ipv4: Local address is not supplied"); 863 goto errout; 864 } 865 866 dev = __dev_get_by_index(net, ifm->ifa_index); 867 err = -ENODEV; 868 if (!dev) { 869 NL_SET_ERR_MSG(extack, "ipv4: Device not found"); 870 goto errout; 871 } 872 873 in_dev = __in_dev_get_rtnl(dev); 874 err = -ENOBUFS; 875 if (!in_dev) 876 goto errout; 877 878 ifa = inet_alloc_ifa(); 879 if (!ifa) 880 /* 881 * A potential indev allocation can be left alive, it stays 882 * assigned to its device and is destroy with it. 883 */ 884 goto errout; 885 886 ipv4_devconf_setall(in_dev); 887 neigh_parms_data_state_setall(in_dev->arp_parms); 888 in_dev_hold(in_dev); 889 890 if (!tb[IFA_ADDRESS]) 891 tb[IFA_ADDRESS] = tb[IFA_LOCAL]; 892 893 INIT_HLIST_NODE(&ifa->hash); 894 ifa->ifa_prefixlen = ifm->ifa_prefixlen; 895 ifa->ifa_mask = inet_make_mask(ifm->ifa_prefixlen); 896 ifa->ifa_flags = tb[IFA_FLAGS] ? nla_get_u32(tb[IFA_FLAGS]) : 897 ifm->ifa_flags; 898 ifa->ifa_scope = ifm->ifa_scope; 899 ifa->ifa_dev = in_dev; 900 901 ifa->ifa_local = nla_get_in_addr(tb[IFA_LOCAL]); 902 ifa->ifa_address = nla_get_in_addr(tb[IFA_ADDRESS]); 903 904 if (tb[IFA_BROADCAST]) 905 ifa->ifa_broadcast = nla_get_in_addr(tb[IFA_BROADCAST]); 906 907 if (tb[IFA_LABEL]) 908 nla_strscpy(ifa->ifa_label, tb[IFA_LABEL], IFNAMSIZ); 909 else 910 memcpy(ifa->ifa_label, dev->name, IFNAMSIZ); 911 912 if (tb[IFA_RT_PRIORITY]) 913 ifa->ifa_rt_priority = nla_get_u32(tb[IFA_RT_PRIORITY]); 914 915 if (tb[IFA_PROTO]) 916 ifa->ifa_proto = nla_get_u8(tb[IFA_PROTO]); 917 918 if (tb[IFA_CACHEINFO]) { 919 struct ifa_cacheinfo *ci; 920 921 ci = nla_data(tb[IFA_CACHEINFO]); 922 if (!ci->ifa_valid || ci->ifa_prefered > ci->ifa_valid) { 923 NL_SET_ERR_MSG(extack, "ipv4: address lifetime invalid"); 924 err = -EINVAL; 925 goto errout_free; 926 } 927 *pvalid_lft = ci->ifa_valid; 928 *pprefered_lft = ci->ifa_prefered; 929 } 930 931 return ifa; 932 933 errout_free: 934 inet_free_ifa(ifa); 935 errout: 936 return ERR_PTR(err); 937 } 938 939 static struct in_ifaddr *find_matching_ifa(struct in_ifaddr *ifa) 940 { 941 struct in_device *in_dev = ifa->ifa_dev; 942 struct in_ifaddr *ifa1; 943 944 if (!ifa->ifa_local) 945 return NULL; 946 947 in_dev_for_each_ifa_rtnl(ifa1, in_dev) { 948 if (ifa1->ifa_mask == ifa->ifa_mask && 949 inet_ifa_match(ifa1->ifa_address, ifa) && 950 ifa1->ifa_local == ifa->ifa_local) 951 return ifa1; 952 } 953 return NULL; 954 } 955 956 static int inet_rtm_newaddr(struct sk_buff *skb, struct nlmsghdr *nlh, 957 struct netlink_ext_ack *extack) 958 { 959 struct net *net = sock_net(skb->sk); 960 struct in_ifaddr *ifa; 961 struct in_ifaddr *ifa_existing; 962 __u32 valid_lft = INFINITY_LIFE_TIME; 963 __u32 prefered_lft = INFINITY_LIFE_TIME; 964 965 ASSERT_RTNL(); 966 967 ifa = rtm_to_ifaddr(net, nlh, &valid_lft, &prefered_lft, extack); 968 if (IS_ERR(ifa)) 969 return PTR_ERR(ifa); 970 971 ifa_existing = find_matching_ifa(ifa); 972 if (!ifa_existing) { 973 /* It would be best to check for !NLM_F_CREATE here but 974 * userspace already relies on not having to provide this. 975 */ 976 set_ifa_lifetime(ifa, valid_lft, prefered_lft); 977 if (ifa->ifa_flags & IFA_F_MCAUTOJOIN) { 978 int ret = ip_mc_autojoin_config(net, true, ifa); 979 980 if (ret < 0) { 981 NL_SET_ERR_MSG(extack, "ipv4: Multicast auto join failed"); 982 inet_free_ifa(ifa); 983 return ret; 984 } 985 } 986 return __inet_insert_ifa(ifa, nlh, NETLINK_CB(skb).portid, 987 extack); 988 } else { 989 u32 new_metric = ifa->ifa_rt_priority; 990 u8 new_proto = ifa->ifa_proto; 991 992 inet_free_ifa(ifa); 993 994 if (nlh->nlmsg_flags & NLM_F_EXCL || 995 !(nlh->nlmsg_flags & NLM_F_REPLACE)) { 996 NL_SET_ERR_MSG(extack, "ipv4: Address already assigned"); 997 return -EEXIST; 998 } 999 ifa = ifa_existing; 1000 1001 if (ifa->ifa_rt_priority != new_metric) { 1002 fib_modify_prefix_metric(ifa, new_metric); 1003 ifa->ifa_rt_priority = new_metric; 1004 } 1005 1006 ifa->ifa_proto = new_proto; 1007 1008 set_ifa_lifetime(ifa, valid_lft, prefered_lft); 1009 cancel_delayed_work(&check_lifetime_work); 1010 queue_delayed_work(system_power_efficient_wq, 1011 &check_lifetime_work, 0); 1012 rtmsg_ifa(RTM_NEWADDR, ifa, nlh, NETLINK_CB(skb).portid); 1013 } 1014 return 0; 1015 } 1016 1017 /* 1018 * Determine a default network mask, based on the IP address. 1019 */ 1020 1021 static int inet_abc_len(__be32 addr) 1022 { 1023 int rc = -1; /* Something else, probably a multicast. */ 1024 1025 if (ipv4_is_zeronet(addr) || ipv4_is_lbcast(addr)) 1026 rc = 0; 1027 else { 1028 __u32 haddr = ntohl(addr); 1029 if (IN_CLASSA(haddr)) 1030 rc = 8; 1031 else if (IN_CLASSB(haddr)) 1032 rc = 16; 1033 else if (IN_CLASSC(haddr)) 1034 rc = 24; 1035 else if (IN_CLASSE(haddr)) 1036 rc = 32; 1037 } 1038 1039 return rc; 1040 } 1041 1042 1043 int devinet_ioctl(struct net *net, unsigned int cmd, struct ifreq *ifr) 1044 { 1045 struct sockaddr_in sin_orig; 1046 struct sockaddr_in *sin = (struct sockaddr_in *)&ifr->ifr_addr; 1047 struct in_ifaddr __rcu **ifap = NULL; 1048 struct in_device *in_dev; 1049 struct in_ifaddr *ifa = NULL; 1050 struct net_device *dev; 1051 char *colon; 1052 int ret = -EFAULT; 1053 int tryaddrmatch = 0; 1054 1055 ifr->ifr_name[IFNAMSIZ - 1] = 0; 1056 1057 /* save original address for comparison */ 1058 memcpy(&sin_orig, sin, sizeof(*sin)); 1059 1060 colon = strchr(ifr->ifr_name, ':'); 1061 if (colon) 1062 *colon = 0; 1063 1064 dev_load(net, ifr->ifr_name); 1065 1066 switch (cmd) { 1067 case SIOCGIFADDR: /* Get interface address */ 1068 case SIOCGIFBRDADDR: /* Get the broadcast address */ 1069 case SIOCGIFDSTADDR: /* Get the destination address */ 1070 case SIOCGIFNETMASK: /* Get the netmask for the interface */ 1071 /* Note that these ioctls will not sleep, 1072 so that we do not impose a lock. 1073 One day we will be forced to put shlock here (I mean SMP) 1074 */ 1075 tryaddrmatch = (sin_orig.sin_family == AF_INET); 1076 memset(sin, 0, sizeof(*sin)); 1077 sin->sin_family = AF_INET; 1078 break; 1079 1080 case SIOCSIFFLAGS: 1081 ret = -EPERM; 1082 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) 1083 goto out; 1084 break; 1085 case SIOCSIFADDR: /* Set interface address (and family) */ 1086 case SIOCSIFBRDADDR: /* Set the broadcast address */ 1087 case SIOCSIFDSTADDR: /* Set the destination address */ 1088 case SIOCSIFNETMASK: /* Set the netmask for the interface */ 1089 ret = -EPERM; 1090 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) 1091 goto out; 1092 ret = -EINVAL; 1093 if (sin->sin_family != AF_INET) 1094 goto out; 1095 break; 1096 default: 1097 ret = -EINVAL; 1098 goto out; 1099 } 1100 1101 rtnl_lock(); 1102 1103 ret = -ENODEV; 1104 dev = __dev_get_by_name(net, ifr->ifr_name); 1105 if (!dev) 1106 goto done; 1107 1108 if (colon) 1109 *colon = ':'; 1110 1111 in_dev = __in_dev_get_rtnl(dev); 1112 if (in_dev) { 1113 if (tryaddrmatch) { 1114 /* Matthias Andree */ 1115 /* compare label and address (4.4BSD style) */ 1116 /* note: we only do this for a limited set of ioctls 1117 and only if the original address family was AF_INET. 1118 This is checked above. */ 1119 1120 for (ifap = &in_dev->ifa_list; 1121 (ifa = rtnl_dereference(*ifap)) != NULL; 1122 ifap = &ifa->ifa_next) { 1123 if (!strcmp(ifr->ifr_name, ifa->ifa_label) && 1124 sin_orig.sin_addr.s_addr == 1125 ifa->ifa_local) { 1126 break; /* found */ 1127 } 1128 } 1129 } 1130 /* we didn't get a match, maybe the application is 1131 4.3BSD-style and passed in junk so we fall back to 1132 comparing just the label */ 1133 if (!ifa) { 1134 for (ifap = &in_dev->ifa_list; 1135 (ifa = rtnl_dereference(*ifap)) != NULL; 1136 ifap = &ifa->ifa_next) 1137 if (!strcmp(ifr->ifr_name, ifa->ifa_label)) 1138 break; 1139 } 1140 } 1141 1142 ret = -EADDRNOTAVAIL; 1143 if (!ifa && cmd != SIOCSIFADDR && cmd != SIOCSIFFLAGS) 1144 goto done; 1145 1146 switch (cmd) { 1147 case SIOCGIFADDR: /* Get interface address */ 1148 ret = 0; 1149 sin->sin_addr.s_addr = ifa->ifa_local; 1150 break; 1151 1152 case SIOCGIFBRDADDR: /* Get the broadcast address */ 1153 ret = 0; 1154 sin->sin_addr.s_addr = ifa->ifa_broadcast; 1155 break; 1156 1157 case SIOCGIFDSTADDR: /* Get the destination address */ 1158 ret = 0; 1159 sin->sin_addr.s_addr = ifa->ifa_address; 1160 break; 1161 1162 case SIOCGIFNETMASK: /* Get the netmask for the interface */ 1163 ret = 0; 1164 sin->sin_addr.s_addr = ifa->ifa_mask; 1165 break; 1166 1167 case SIOCSIFFLAGS: 1168 if (colon) { 1169 ret = -EADDRNOTAVAIL; 1170 if (!ifa) 1171 break; 1172 ret = 0; 1173 if (!(ifr->ifr_flags & IFF_UP)) 1174 inet_del_ifa(in_dev, ifap, 1); 1175 break; 1176 } 1177 ret = dev_change_flags(dev, ifr->ifr_flags, NULL); 1178 break; 1179 1180 case SIOCSIFADDR: /* Set interface address (and family) */ 1181 ret = -EINVAL; 1182 if (inet_abc_len(sin->sin_addr.s_addr) < 0) 1183 break; 1184 1185 if (!ifa) { 1186 ret = -ENOBUFS; 1187 ifa = inet_alloc_ifa(); 1188 if (!ifa) 1189 break; 1190 INIT_HLIST_NODE(&ifa->hash); 1191 if (colon) 1192 memcpy(ifa->ifa_label, ifr->ifr_name, IFNAMSIZ); 1193 else 1194 memcpy(ifa->ifa_label, dev->name, IFNAMSIZ); 1195 } else { 1196 ret = 0; 1197 if (ifa->ifa_local == sin->sin_addr.s_addr) 1198 break; 1199 inet_del_ifa(in_dev, ifap, 0); 1200 ifa->ifa_broadcast = 0; 1201 ifa->ifa_scope = 0; 1202 } 1203 1204 ifa->ifa_address = ifa->ifa_local = sin->sin_addr.s_addr; 1205 1206 if (!(dev->flags & IFF_POINTOPOINT)) { 1207 ifa->ifa_prefixlen = inet_abc_len(ifa->ifa_address); 1208 ifa->ifa_mask = inet_make_mask(ifa->ifa_prefixlen); 1209 if ((dev->flags & IFF_BROADCAST) && 1210 ifa->ifa_prefixlen < 31) 1211 ifa->ifa_broadcast = ifa->ifa_address | 1212 ~ifa->ifa_mask; 1213 } else { 1214 ifa->ifa_prefixlen = 32; 1215 ifa->ifa_mask = inet_make_mask(32); 1216 } 1217 set_ifa_lifetime(ifa, INFINITY_LIFE_TIME, INFINITY_LIFE_TIME); 1218 ret = inet_set_ifa(dev, ifa); 1219 break; 1220 1221 case SIOCSIFBRDADDR: /* Set the broadcast address */ 1222 ret = 0; 1223 if (ifa->ifa_broadcast != sin->sin_addr.s_addr) { 1224 inet_del_ifa(in_dev, ifap, 0); 1225 ifa->ifa_broadcast = sin->sin_addr.s_addr; 1226 inet_insert_ifa(ifa); 1227 } 1228 break; 1229 1230 case SIOCSIFDSTADDR: /* Set the destination address */ 1231 ret = 0; 1232 if (ifa->ifa_address == sin->sin_addr.s_addr) 1233 break; 1234 ret = -EINVAL; 1235 if (inet_abc_len(sin->sin_addr.s_addr) < 0) 1236 break; 1237 ret = 0; 1238 inet_del_ifa(in_dev, ifap, 0); 1239 ifa->ifa_address = sin->sin_addr.s_addr; 1240 inet_insert_ifa(ifa); 1241 break; 1242 1243 case SIOCSIFNETMASK: /* Set the netmask for the interface */ 1244 1245 /* 1246 * The mask we set must be legal. 1247 */ 1248 ret = -EINVAL; 1249 if (bad_mask(sin->sin_addr.s_addr, 0)) 1250 break; 1251 ret = 0; 1252 if (ifa->ifa_mask != sin->sin_addr.s_addr) { 1253 __be32 old_mask = ifa->ifa_mask; 1254 inet_del_ifa(in_dev, ifap, 0); 1255 ifa->ifa_mask = sin->sin_addr.s_addr; 1256 ifa->ifa_prefixlen = inet_mask_len(ifa->ifa_mask); 1257 1258 /* See if current broadcast address matches 1259 * with current netmask, then recalculate 1260 * the broadcast address. Otherwise it's a 1261 * funny address, so don't touch it since 1262 * the user seems to know what (s)he's doing... 1263 */ 1264 if ((dev->flags & IFF_BROADCAST) && 1265 (ifa->ifa_prefixlen < 31) && 1266 (ifa->ifa_broadcast == 1267 (ifa->ifa_local|~old_mask))) { 1268 ifa->ifa_broadcast = (ifa->ifa_local | 1269 ~sin->sin_addr.s_addr); 1270 } 1271 inet_insert_ifa(ifa); 1272 } 1273 break; 1274 } 1275 done: 1276 rtnl_unlock(); 1277 out: 1278 return ret; 1279 } 1280 1281 int inet_gifconf(struct net_device *dev, char __user *buf, int len, int size) 1282 { 1283 struct in_device *in_dev = __in_dev_get_rtnl(dev); 1284 const struct in_ifaddr *ifa; 1285 struct ifreq ifr; 1286 int done = 0; 1287 1288 if (WARN_ON(size > sizeof(struct ifreq))) 1289 goto out; 1290 1291 if (!in_dev) 1292 goto out; 1293 1294 in_dev_for_each_ifa_rtnl(ifa, in_dev) { 1295 if (!buf) { 1296 done += size; 1297 continue; 1298 } 1299 if (len < size) 1300 break; 1301 memset(&ifr, 0, sizeof(struct ifreq)); 1302 strcpy(ifr.ifr_name, ifa->ifa_label); 1303 1304 (*(struct sockaddr_in *)&ifr.ifr_addr).sin_family = AF_INET; 1305 (*(struct sockaddr_in *)&ifr.ifr_addr).sin_addr.s_addr = 1306 ifa->ifa_local; 1307 1308 if (copy_to_user(buf + done, &ifr, size)) { 1309 done = -EFAULT; 1310 break; 1311 } 1312 len -= size; 1313 done += size; 1314 } 1315 out: 1316 return done; 1317 } 1318 1319 static __be32 in_dev_select_addr(const struct in_device *in_dev, 1320 int scope) 1321 { 1322 const struct in_ifaddr *ifa; 1323 1324 in_dev_for_each_ifa_rcu(ifa, in_dev) { 1325 if (READ_ONCE(ifa->ifa_flags) & IFA_F_SECONDARY) 1326 continue; 1327 if (ifa->ifa_scope != RT_SCOPE_LINK && 1328 ifa->ifa_scope <= scope) 1329 return ifa->ifa_local; 1330 } 1331 1332 return 0; 1333 } 1334 1335 __be32 inet_select_addr(const struct net_device *dev, __be32 dst, int scope) 1336 { 1337 const struct in_ifaddr *ifa; 1338 __be32 addr = 0; 1339 unsigned char localnet_scope = RT_SCOPE_HOST; 1340 struct in_device *in_dev; 1341 struct net *net = dev_net(dev); 1342 int master_idx; 1343 1344 rcu_read_lock(); 1345 in_dev = __in_dev_get_rcu(dev); 1346 if (!in_dev) 1347 goto no_in_dev; 1348 1349 if (unlikely(IN_DEV_ROUTE_LOCALNET(in_dev))) 1350 localnet_scope = RT_SCOPE_LINK; 1351 1352 in_dev_for_each_ifa_rcu(ifa, in_dev) { 1353 if (READ_ONCE(ifa->ifa_flags) & IFA_F_SECONDARY) 1354 continue; 1355 if (min(ifa->ifa_scope, localnet_scope) > scope) 1356 continue; 1357 if (!dst || inet_ifa_match(dst, ifa)) { 1358 addr = ifa->ifa_local; 1359 break; 1360 } 1361 if (!addr) 1362 addr = ifa->ifa_local; 1363 } 1364 1365 if (addr) 1366 goto out_unlock; 1367 no_in_dev: 1368 master_idx = l3mdev_master_ifindex_rcu(dev); 1369 1370 /* For VRFs, the VRF device takes the place of the loopback device, 1371 * with addresses on it being preferred. Note in such cases the 1372 * loopback device will be among the devices that fail the master_idx 1373 * equality check in the loop below. 1374 */ 1375 if (master_idx && 1376 (dev = dev_get_by_index_rcu(net, master_idx)) && 1377 (in_dev = __in_dev_get_rcu(dev))) { 1378 addr = in_dev_select_addr(in_dev, scope); 1379 if (addr) 1380 goto out_unlock; 1381 } 1382 1383 /* Not loopback addresses on loopback should be preferred 1384 in this case. It is important that lo is the first interface 1385 in dev_base list. 1386 */ 1387 for_each_netdev_rcu(net, dev) { 1388 if (l3mdev_master_ifindex_rcu(dev) != master_idx) 1389 continue; 1390 1391 in_dev = __in_dev_get_rcu(dev); 1392 if (!in_dev) 1393 continue; 1394 1395 addr = in_dev_select_addr(in_dev, scope); 1396 if (addr) 1397 goto out_unlock; 1398 } 1399 out_unlock: 1400 rcu_read_unlock(); 1401 return addr; 1402 } 1403 EXPORT_SYMBOL(inet_select_addr); 1404 1405 static __be32 confirm_addr_indev(struct in_device *in_dev, __be32 dst, 1406 __be32 local, int scope) 1407 { 1408 unsigned char localnet_scope = RT_SCOPE_HOST; 1409 const struct in_ifaddr *ifa; 1410 __be32 addr = 0; 1411 int same = 0; 1412 1413 if (unlikely(IN_DEV_ROUTE_LOCALNET(in_dev))) 1414 localnet_scope = RT_SCOPE_LINK; 1415 1416 in_dev_for_each_ifa_rcu(ifa, in_dev) { 1417 unsigned char min_scope = min(ifa->ifa_scope, localnet_scope); 1418 1419 if (!addr && 1420 (local == ifa->ifa_local || !local) && 1421 min_scope <= scope) { 1422 addr = ifa->ifa_local; 1423 if (same) 1424 break; 1425 } 1426 if (!same) { 1427 same = (!local || inet_ifa_match(local, ifa)) && 1428 (!dst || inet_ifa_match(dst, ifa)); 1429 if (same && addr) { 1430 if (local || !dst) 1431 break; 1432 /* Is the selected addr into dst subnet? */ 1433 if (inet_ifa_match(addr, ifa)) 1434 break; 1435 /* No, then can we use new local src? */ 1436 if (min_scope <= scope) { 1437 addr = ifa->ifa_local; 1438 break; 1439 } 1440 /* search for large dst subnet for addr */ 1441 same = 0; 1442 } 1443 } 1444 } 1445 1446 return same ? addr : 0; 1447 } 1448 1449 /* 1450 * Confirm that local IP address exists using wildcards: 1451 * - net: netns to check, cannot be NULL 1452 * - in_dev: only on this interface, NULL=any interface 1453 * - dst: only in the same subnet as dst, 0=any dst 1454 * - local: address, 0=autoselect the local address 1455 * - scope: maximum allowed scope value for the local address 1456 */ 1457 __be32 inet_confirm_addr(struct net *net, struct in_device *in_dev, 1458 __be32 dst, __be32 local, int scope) 1459 { 1460 __be32 addr = 0; 1461 struct net_device *dev; 1462 1463 if (in_dev) 1464 return confirm_addr_indev(in_dev, dst, local, scope); 1465 1466 rcu_read_lock(); 1467 for_each_netdev_rcu(net, dev) { 1468 in_dev = __in_dev_get_rcu(dev); 1469 if (in_dev) { 1470 addr = confirm_addr_indev(in_dev, dst, local, scope); 1471 if (addr) 1472 break; 1473 } 1474 } 1475 rcu_read_unlock(); 1476 1477 return addr; 1478 } 1479 EXPORT_SYMBOL(inet_confirm_addr); 1480 1481 /* 1482 * Device notifier 1483 */ 1484 1485 int register_inetaddr_notifier(struct notifier_block *nb) 1486 { 1487 return blocking_notifier_chain_register(&inetaddr_chain, nb); 1488 } 1489 EXPORT_SYMBOL(register_inetaddr_notifier); 1490 1491 int unregister_inetaddr_notifier(struct notifier_block *nb) 1492 { 1493 return blocking_notifier_chain_unregister(&inetaddr_chain, nb); 1494 } 1495 EXPORT_SYMBOL(unregister_inetaddr_notifier); 1496 1497 int register_inetaddr_validator_notifier(struct notifier_block *nb) 1498 { 1499 return blocking_notifier_chain_register(&inetaddr_validator_chain, nb); 1500 } 1501 EXPORT_SYMBOL(register_inetaddr_validator_notifier); 1502 1503 int unregister_inetaddr_validator_notifier(struct notifier_block *nb) 1504 { 1505 return blocking_notifier_chain_unregister(&inetaddr_validator_chain, 1506 nb); 1507 } 1508 EXPORT_SYMBOL(unregister_inetaddr_validator_notifier); 1509 1510 /* Rename ifa_labels for a device name change. Make some effort to preserve 1511 * existing alias numbering and to create unique labels if possible. 1512 */ 1513 static void inetdev_changename(struct net_device *dev, struct in_device *in_dev) 1514 { 1515 struct in_ifaddr *ifa; 1516 int named = 0; 1517 1518 in_dev_for_each_ifa_rtnl(ifa, in_dev) { 1519 char old[IFNAMSIZ], *dot; 1520 1521 memcpy(old, ifa->ifa_label, IFNAMSIZ); 1522 memcpy(ifa->ifa_label, dev->name, IFNAMSIZ); 1523 if (named++ == 0) 1524 goto skip; 1525 dot = strchr(old, ':'); 1526 if (!dot) { 1527 sprintf(old, ":%d", named); 1528 dot = old; 1529 } 1530 if (strlen(dot) + strlen(dev->name) < IFNAMSIZ) 1531 strcat(ifa->ifa_label, dot); 1532 else 1533 strcpy(ifa->ifa_label + (IFNAMSIZ - strlen(dot) - 1), dot); 1534 skip: 1535 rtmsg_ifa(RTM_NEWADDR, ifa, NULL, 0); 1536 } 1537 } 1538 1539 static void inetdev_send_gratuitous_arp(struct net_device *dev, 1540 struct in_device *in_dev) 1541 1542 { 1543 const struct in_ifaddr *ifa; 1544 1545 in_dev_for_each_ifa_rtnl(ifa, in_dev) { 1546 arp_send(ARPOP_REQUEST, ETH_P_ARP, 1547 ifa->ifa_local, dev, 1548 ifa->ifa_local, NULL, 1549 dev->dev_addr, NULL); 1550 } 1551 } 1552 1553 /* Called only under RTNL semaphore */ 1554 1555 static int inetdev_event(struct notifier_block *this, unsigned long event, 1556 void *ptr) 1557 { 1558 struct net_device *dev = netdev_notifier_info_to_dev(ptr); 1559 struct in_device *in_dev = __in_dev_get_rtnl(dev); 1560 1561 ASSERT_RTNL(); 1562 1563 if (!in_dev) { 1564 if (event == NETDEV_REGISTER) { 1565 in_dev = inetdev_init(dev); 1566 if (IS_ERR(in_dev)) 1567 return notifier_from_errno(PTR_ERR(in_dev)); 1568 if (dev->flags & IFF_LOOPBACK) { 1569 IN_DEV_CONF_SET(in_dev, NOXFRM, 1); 1570 IN_DEV_CONF_SET(in_dev, NOPOLICY, 1); 1571 } 1572 } else if (event == NETDEV_CHANGEMTU) { 1573 /* Re-enabling IP */ 1574 if (inetdev_valid_mtu(dev->mtu)) 1575 in_dev = inetdev_init(dev); 1576 } 1577 goto out; 1578 } 1579 1580 switch (event) { 1581 case NETDEV_REGISTER: 1582 pr_debug("%s: bug\n", __func__); 1583 RCU_INIT_POINTER(dev->ip_ptr, NULL); 1584 break; 1585 case NETDEV_UP: 1586 if (!inetdev_valid_mtu(dev->mtu)) 1587 break; 1588 if (dev->flags & IFF_LOOPBACK) { 1589 struct in_ifaddr *ifa = inet_alloc_ifa(); 1590 1591 if (ifa) { 1592 INIT_HLIST_NODE(&ifa->hash); 1593 ifa->ifa_local = 1594 ifa->ifa_address = htonl(INADDR_LOOPBACK); 1595 ifa->ifa_prefixlen = 8; 1596 ifa->ifa_mask = inet_make_mask(8); 1597 in_dev_hold(in_dev); 1598 ifa->ifa_dev = in_dev; 1599 ifa->ifa_scope = RT_SCOPE_HOST; 1600 memcpy(ifa->ifa_label, dev->name, IFNAMSIZ); 1601 set_ifa_lifetime(ifa, INFINITY_LIFE_TIME, 1602 INFINITY_LIFE_TIME); 1603 ipv4_devconf_setall(in_dev); 1604 neigh_parms_data_state_setall(in_dev->arp_parms); 1605 inet_insert_ifa(ifa); 1606 } 1607 } 1608 ip_mc_up(in_dev); 1609 fallthrough; 1610 case NETDEV_CHANGEADDR: 1611 if (!IN_DEV_ARP_NOTIFY(in_dev)) 1612 break; 1613 fallthrough; 1614 case NETDEV_NOTIFY_PEERS: 1615 /* Send gratuitous ARP to notify of link change */ 1616 inetdev_send_gratuitous_arp(dev, in_dev); 1617 break; 1618 case NETDEV_DOWN: 1619 ip_mc_down(in_dev); 1620 break; 1621 case NETDEV_PRE_TYPE_CHANGE: 1622 ip_mc_unmap(in_dev); 1623 break; 1624 case NETDEV_POST_TYPE_CHANGE: 1625 ip_mc_remap(in_dev); 1626 break; 1627 case NETDEV_CHANGEMTU: 1628 if (inetdev_valid_mtu(dev->mtu)) 1629 break; 1630 /* disable IP when MTU is not enough */ 1631 fallthrough; 1632 case NETDEV_UNREGISTER: 1633 inetdev_destroy(in_dev); 1634 break; 1635 case NETDEV_CHANGENAME: 1636 /* Do not notify about label change, this event is 1637 * not interesting to applications using netlink. 1638 */ 1639 inetdev_changename(dev, in_dev); 1640 1641 devinet_sysctl_unregister(in_dev); 1642 devinet_sysctl_register(in_dev); 1643 break; 1644 } 1645 out: 1646 return NOTIFY_DONE; 1647 } 1648 1649 static struct notifier_block ip_netdev_notifier = { 1650 .notifier_call = inetdev_event, 1651 }; 1652 1653 static size_t inet_nlmsg_size(void) 1654 { 1655 return NLMSG_ALIGN(sizeof(struct ifaddrmsg)) 1656 + nla_total_size(4) /* IFA_ADDRESS */ 1657 + nla_total_size(4) /* IFA_LOCAL */ 1658 + nla_total_size(4) /* IFA_BROADCAST */ 1659 + nla_total_size(IFNAMSIZ) /* IFA_LABEL */ 1660 + nla_total_size(4) /* IFA_FLAGS */ 1661 + nla_total_size(1) /* IFA_PROTO */ 1662 + nla_total_size(4) /* IFA_RT_PRIORITY */ 1663 + nla_total_size(sizeof(struct ifa_cacheinfo)); /* IFA_CACHEINFO */ 1664 } 1665 1666 static inline u32 cstamp_delta(unsigned long cstamp) 1667 { 1668 return (cstamp - INITIAL_JIFFIES) * 100UL / HZ; 1669 } 1670 1671 static int put_cacheinfo(struct sk_buff *skb, unsigned long cstamp, 1672 unsigned long tstamp, u32 preferred, u32 valid) 1673 { 1674 struct ifa_cacheinfo ci; 1675 1676 ci.cstamp = cstamp_delta(cstamp); 1677 ci.tstamp = cstamp_delta(tstamp); 1678 ci.ifa_prefered = preferred; 1679 ci.ifa_valid = valid; 1680 1681 return nla_put(skb, IFA_CACHEINFO, sizeof(ci), &ci); 1682 } 1683 1684 static int inet_fill_ifaddr(struct sk_buff *skb, const struct in_ifaddr *ifa, 1685 struct inet_fill_args *args) 1686 { 1687 struct ifaddrmsg *ifm; 1688 struct nlmsghdr *nlh; 1689 unsigned long tstamp; 1690 u32 preferred, valid; 1691 1692 nlh = nlmsg_put(skb, args->portid, args->seq, args->event, sizeof(*ifm), 1693 args->flags); 1694 if (!nlh) 1695 return -EMSGSIZE; 1696 1697 ifm = nlmsg_data(nlh); 1698 ifm->ifa_family = AF_INET; 1699 ifm->ifa_prefixlen = ifa->ifa_prefixlen; 1700 ifm->ifa_flags = READ_ONCE(ifa->ifa_flags); 1701 ifm->ifa_scope = ifa->ifa_scope; 1702 ifm->ifa_index = ifa->ifa_dev->dev->ifindex; 1703 1704 if (args->netnsid >= 0 && 1705 nla_put_s32(skb, IFA_TARGET_NETNSID, args->netnsid)) 1706 goto nla_put_failure; 1707 1708 tstamp = READ_ONCE(ifa->ifa_tstamp); 1709 if (!(ifm->ifa_flags & IFA_F_PERMANENT)) { 1710 preferred = READ_ONCE(ifa->ifa_preferred_lft); 1711 valid = READ_ONCE(ifa->ifa_valid_lft); 1712 if (preferred != INFINITY_LIFE_TIME) { 1713 long tval = (jiffies - tstamp) / HZ; 1714 1715 if (preferred > tval) 1716 preferred -= tval; 1717 else 1718 preferred = 0; 1719 if (valid != INFINITY_LIFE_TIME) { 1720 if (valid > tval) 1721 valid -= tval; 1722 else 1723 valid = 0; 1724 } 1725 } 1726 } else { 1727 preferred = INFINITY_LIFE_TIME; 1728 valid = INFINITY_LIFE_TIME; 1729 } 1730 if ((ifa->ifa_address && 1731 nla_put_in_addr(skb, IFA_ADDRESS, ifa->ifa_address)) || 1732 (ifa->ifa_local && 1733 nla_put_in_addr(skb, IFA_LOCAL, ifa->ifa_local)) || 1734 (ifa->ifa_broadcast && 1735 nla_put_in_addr(skb, IFA_BROADCAST, ifa->ifa_broadcast)) || 1736 (ifa->ifa_label[0] && 1737 nla_put_string(skb, IFA_LABEL, ifa->ifa_label)) || 1738 (ifa->ifa_proto && 1739 nla_put_u8(skb, IFA_PROTO, ifa->ifa_proto)) || 1740 nla_put_u32(skb, IFA_FLAGS, ifm->ifa_flags) || 1741 (ifa->ifa_rt_priority && 1742 nla_put_u32(skb, IFA_RT_PRIORITY, ifa->ifa_rt_priority)) || 1743 put_cacheinfo(skb, READ_ONCE(ifa->ifa_cstamp), tstamp, 1744 preferred, valid)) 1745 goto nla_put_failure; 1746 1747 nlmsg_end(skb, nlh); 1748 return 0; 1749 1750 nla_put_failure: 1751 nlmsg_cancel(skb, nlh); 1752 return -EMSGSIZE; 1753 } 1754 1755 static int inet_valid_dump_ifaddr_req(const struct nlmsghdr *nlh, 1756 struct inet_fill_args *fillargs, 1757 struct net **tgt_net, struct sock *sk, 1758 struct netlink_callback *cb) 1759 { 1760 struct netlink_ext_ack *extack = cb->extack; 1761 struct nlattr *tb[IFA_MAX+1]; 1762 struct ifaddrmsg *ifm; 1763 int err, i; 1764 1765 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ifm))) { 1766 NL_SET_ERR_MSG(extack, "ipv4: Invalid header for address dump request"); 1767 return -EINVAL; 1768 } 1769 1770 ifm = nlmsg_data(nlh); 1771 if (ifm->ifa_prefixlen || ifm->ifa_flags || ifm->ifa_scope) { 1772 NL_SET_ERR_MSG(extack, "ipv4: Invalid values in header for address dump request"); 1773 return -EINVAL; 1774 } 1775 1776 fillargs->ifindex = ifm->ifa_index; 1777 if (fillargs->ifindex) { 1778 cb->answer_flags |= NLM_F_DUMP_FILTERED; 1779 fillargs->flags |= NLM_F_DUMP_FILTERED; 1780 } 1781 1782 err = nlmsg_parse_deprecated_strict(nlh, sizeof(*ifm), tb, IFA_MAX, 1783 ifa_ipv4_policy, extack); 1784 if (err < 0) 1785 return err; 1786 1787 for (i = 0; i <= IFA_MAX; ++i) { 1788 if (!tb[i]) 1789 continue; 1790 1791 if (i == IFA_TARGET_NETNSID) { 1792 struct net *net; 1793 1794 fillargs->netnsid = nla_get_s32(tb[i]); 1795 1796 net = rtnl_get_net_ns_capable(sk, fillargs->netnsid); 1797 if (IS_ERR(net)) { 1798 fillargs->netnsid = -1; 1799 NL_SET_ERR_MSG(extack, "ipv4: Invalid target network namespace id"); 1800 return PTR_ERR(net); 1801 } 1802 *tgt_net = net; 1803 } else { 1804 NL_SET_ERR_MSG(extack, "ipv4: Unsupported attribute in dump request"); 1805 return -EINVAL; 1806 } 1807 } 1808 1809 return 0; 1810 } 1811 1812 static int in_dev_dump_addr(struct in_device *in_dev, struct sk_buff *skb, 1813 struct netlink_callback *cb, int *s_ip_idx, 1814 struct inet_fill_args *fillargs) 1815 { 1816 struct in_ifaddr *ifa; 1817 int ip_idx = 0; 1818 int err; 1819 1820 in_dev_for_each_ifa_rcu(ifa, in_dev) { 1821 if (ip_idx < *s_ip_idx) { 1822 ip_idx++; 1823 continue; 1824 } 1825 err = inet_fill_ifaddr(skb, ifa, fillargs); 1826 if (err < 0) 1827 goto done; 1828 1829 nl_dump_check_consistent(cb, nlmsg_hdr(skb)); 1830 ip_idx++; 1831 } 1832 err = 0; 1833 ip_idx = 0; 1834 done: 1835 *s_ip_idx = ip_idx; 1836 1837 return err; 1838 } 1839 1840 /* Combine dev_addr_genid and dev_base_seq to detect changes. 1841 */ 1842 static u32 inet_base_seq(const struct net *net) 1843 { 1844 u32 res = atomic_read(&net->ipv4.dev_addr_genid) + 1845 READ_ONCE(net->dev_base_seq); 1846 1847 /* Must not return 0 (see nl_dump_check_consistent()). 1848 * Chose a value far away from 0. 1849 */ 1850 if (!res) 1851 res = 0x80000000; 1852 return res; 1853 } 1854 1855 static int inet_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb) 1856 { 1857 const struct nlmsghdr *nlh = cb->nlh; 1858 struct inet_fill_args fillargs = { 1859 .portid = NETLINK_CB(cb->skb).portid, 1860 .seq = nlh->nlmsg_seq, 1861 .event = RTM_NEWADDR, 1862 .flags = NLM_F_MULTI, 1863 .netnsid = -1, 1864 }; 1865 struct net *net = sock_net(skb->sk); 1866 struct net *tgt_net = net; 1867 struct { 1868 unsigned long ifindex; 1869 int ip_idx; 1870 } *ctx = (void *)cb->ctx; 1871 struct in_device *in_dev; 1872 struct net_device *dev; 1873 int err = 0; 1874 1875 rcu_read_lock(); 1876 if (cb->strict_check) { 1877 err = inet_valid_dump_ifaddr_req(nlh, &fillargs, &tgt_net, 1878 skb->sk, cb); 1879 if (err < 0) 1880 goto done; 1881 1882 if (fillargs.ifindex) { 1883 err = -ENODEV; 1884 dev = dev_get_by_index_rcu(tgt_net, fillargs.ifindex); 1885 if (!dev) 1886 goto done; 1887 in_dev = __in_dev_get_rcu(dev); 1888 if (!in_dev) 1889 goto done; 1890 err = in_dev_dump_addr(in_dev, skb, cb, &ctx->ip_idx, 1891 &fillargs); 1892 goto done; 1893 } 1894 } 1895 1896 cb->seq = inet_base_seq(tgt_net); 1897 1898 for_each_netdev_dump(net, dev, ctx->ifindex) { 1899 in_dev = __in_dev_get_rcu(dev); 1900 if (!in_dev) 1901 continue; 1902 err = in_dev_dump_addr(in_dev, skb, cb, &ctx->ip_idx, 1903 &fillargs); 1904 if (err < 0) 1905 goto done; 1906 } 1907 done: 1908 if (fillargs.netnsid >= 0) 1909 put_net(tgt_net); 1910 rcu_read_unlock(); 1911 return err; 1912 } 1913 1914 static void rtmsg_ifa(int event, struct in_ifaddr *ifa, struct nlmsghdr *nlh, 1915 u32 portid) 1916 { 1917 struct inet_fill_args fillargs = { 1918 .portid = portid, 1919 .seq = nlh ? nlh->nlmsg_seq : 0, 1920 .event = event, 1921 .flags = 0, 1922 .netnsid = -1, 1923 }; 1924 struct sk_buff *skb; 1925 int err = -ENOBUFS; 1926 struct net *net; 1927 1928 net = dev_net(ifa->ifa_dev->dev); 1929 skb = nlmsg_new(inet_nlmsg_size(), GFP_KERNEL); 1930 if (!skb) 1931 goto errout; 1932 1933 err = inet_fill_ifaddr(skb, ifa, &fillargs); 1934 if (err < 0) { 1935 /* -EMSGSIZE implies BUG in inet_nlmsg_size() */ 1936 WARN_ON(err == -EMSGSIZE); 1937 kfree_skb(skb); 1938 goto errout; 1939 } 1940 rtnl_notify(skb, net, portid, RTNLGRP_IPV4_IFADDR, nlh, GFP_KERNEL); 1941 return; 1942 errout: 1943 if (err < 0) 1944 rtnl_set_sk_err(net, RTNLGRP_IPV4_IFADDR, err); 1945 } 1946 1947 static size_t inet_get_link_af_size(const struct net_device *dev, 1948 u32 ext_filter_mask) 1949 { 1950 struct in_device *in_dev = rcu_dereference_rtnl(dev->ip_ptr); 1951 1952 if (!in_dev) 1953 return 0; 1954 1955 return nla_total_size(IPV4_DEVCONF_MAX * 4); /* IFLA_INET_CONF */ 1956 } 1957 1958 static int inet_fill_link_af(struct sk_buff *skb, const struct net_device *dev, 1959 u32 ext_filter_mask) 1960 { 1961 struct in_device *in_dev = rcu_dereference_rtnl(dev->ip_ptr); 1962 struct nlattr *nla; 1963 int i; 1964 1965 if (!in_dev) 1966 return -ENODATA; 1967 1968 nla = nla_reserve(skb, IFLA_INET_CONF, IPV4_DEVCONF_MAX * 4); 1969 if (!nla) 1970 return -EMSGSIZE; 1971 1972 for (i = 0; i < IPV4_DEVCONF_MAX; i++) 1973 ((u32 *) nla_data(nla))[i] = READ_ONCE(in_dev->cnf.data[i]); 1974 1975 return 0; 1976 } 1977 1978 static const struct nla_policy inet_af_policy[IFLA_INET_MAX+1] = { 1979 [IFLA_INET_CONF] = { .type = NLA_NESTED }, 1980 }; 1981 1982 static int inet_validate_link_af(const struct net_device *dev, 1983 const struct nlattr *nla, 1984 struct netlink_ext_ack *extack) 1985 { 1986 struct nlattr *a, *tb[IFLA_INET_MAX+1]; 1987 int err, rem; 1988 1989 if (dev && !__in_dev_get_rtnl(dev)) 1990 return -EAFNOSUPPORT; 1991 1992 err = nla_parse_nested_deprecated(tb, IFLA_INET_MAX, nla, 1993 inet_af_policy, extack); 1994 if (err < 0) 1995 return err; 1996 1997 if (tb[IFLA_INET_CONF]) { 1998 nla_for_each_nested(a, tb[IFLA_INET_CONF], rem) { 1999 int cfgid = nla_type(a); 2000 2001 if (nla_len(a) < 4) 2002 return -EINVAL; 2003 2004 if (cfgid <= 0 || cfgid > IPV4_DEVCONF_MAX) 2005 return -EINVAL; 2006 } 2007 } 2008 2009 return 0; 2010 } 2011 2012 static int inet_set_link_af(struct net_device *dev, const struct nlattr *nla, 2013 struct netlink_ext_ack *extack) 2014 { 2015 struct in_device *in_dev = __in_dev_get_rtnl(dev); 2016 struct nlattr *a, *tb[IFLA_INET_MAX+1]; 2017 int rem; 2018 2019 if (!in_dev) 2020 return -EAFNOSUPPORT; 2021 2022 if (nla_parse_nested_deprecated(tb, IFLA_INET_MAX, nla, NULL, NULL) < 0) 2023 return -EINVAL; 2024 2025 if (tb[IFLA_INET_CONF]) { 2026 nla_for_each_nested(a, tb[IFLA_INET_CONF], rem) 2027 ipv4_devconf_set(in_dev, nla_type(a), nla_get_u32(a)); 2028 } 2029 2030 return 0; 2031 } 2032 2033 static int inet_netconf_msgsize_devconf(int type) 2034 { 2035 int size = NLMSG_ALIGN(sizeof(struct netconfmsg)) 2036 + nla_total_size(4); /* NETCONFA_IFINDEX */ 2037 bool all = false; 2038 2039 if (type == NETCONFA_ALL) 2040 all = true; 2041 2042 if (all || type == NETCONFA_FORWARDING) 2043 size += nla_total_size(4); 2044 if (all || type == NETCONFA_RP_FILTER) 2045 size += nla_total_size(4); 2046 if (all || type == NETCONFA_MC_FORWARDING) 2047 size += nla_total_size(4); 2048 if (all || type == NETCONFA_BC_FORWARDING) 2049 size += nla_total_size(4); 2050 if (all || type == NETCONFA_PROXY_NEIGH) 2051 size += nla_total_size(4); 2052 if (all || type == NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN) 2053 size += nla_total_size(4); 2054 2055 return size; 2056 } 2057 2058 static int inet_netconf_fill_devconf(struct sk_buff *skb, int ifindex, 2059 const struct ipv4_devconf *devconf, 2060 u32 portid, u32 seq, int event, 2061 unsigned int flags, int type) 2062 { 2063 struct nlmsghdr *nlh; 2064 struct netconfmsg *ncm; 2065 bool all = false; 2066 2067 nlh = nlmsg_put(skb, portid, seq, event, sizeof(struct netconfmsg), 2068 flags); 2069 if (!nlh) 2070 return -EMSGSIZE; 2071 2072 if (type == NETCONFA_ALL) 2073 all = true; 2074 2075 ncm = nlmsg_data(nlh); 2076 ncm->ncm_family = AF_INET; 2077 2078 if (nla_put_s32(skb, NETCONFA_IFINDEX, ifindex) < 0) 2079 goto nla_put_failure; 2080 2081 if (!devconf) 2082 goto out; 2083 2084 if ((all || type == NETCONFA_FORWARDING) && 2085 nla_put_s32(skb, NETCONFA_FORWARDING, 2086 IPV4_DEVCONF_RO(*devconf, FORWARDING)) < 0) 2087 goto nla_put_failure; 2088 if ((all || type == NETCONFA_RP_FILTER) && 2089 nla_put_s32(skb, NETCONFA_RP_FILTER, 2090 IPV4_DEVCONF_RO(*devconf, RP_FILTER)) < 0) 2091 goto nla_put_failure; 2092 if ((all || type == NETCONFA_MC_FORWARDING) && 2093 nla_put_s32(skb, NETCONFA_MC_FORWARDING, 2094 IPV4_DEVCONF_RO(*devconf, MC_FORWARDING)) < 0) 2095 goto nla_put_failure; 2096 if ((all || type == NETCONFA_BC_FORWARDING) && 2097 nla_put_s32(skb, NETCONFA_BC_FORWARDING, 2098 IPV4_DEVCONF_RO(*devconf, BC_FORWARDING)) < 0) 2099 goto nla_put_failure; 2100 if ((all || type == NETCONFA_PROXY_NEIGH) && 2101 nla_put_s32(skb, NETCONFA_PROXY_NEIGH, 2102 IPV4_DEVCONF_RO(*devconf, PROXY_ARP)) < 0) 2103 goto nla_put_failure; 2104 if ((all || type == NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN) && 2105 nla_put_s32(skb, NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN, 2106 IPV4_DEVCONF_RO(*devconf, 2107 IGNORE_ROUTES_WITH_LINKDOWN)) < 0) 2108 goto nla_put_failure; 2109 2110 out: 2111 nlmsg_end(skb, nlh); 2112 return 0; 2113 2114 nla_put_failure: 2115 nlmsg_cancel(skb, nlh); 2116 return -EMSGSIZE; 2117 } 2118 2119 void inet_netconf_notify_devconf(struct net *net, int event, int type, 2120 int ifindex, struct ipv4_devconf *devconf) 2121 { 2122 struct sk_buff *skb; 2123 int err = -ENOBUFS; 2124 2125 skb = nlmsg_new(inet_netconf_msgsize_devconf(type), GFP_KERNEL); 2126 if (!skb) 2127 goto errout; 2128 2129 err = inet_netconf_fill_devconf(skb, ifindex, devconf, 0, 0, 2130 event, 0, type); 2131 if (err < 0) { 2132 /* -EMSGSIZE implies BUG in inet_netconf_msgsize_devconf() */ 2133 WARN_ON(err == -EMSGSIZE); 2134 kfree_skb(skb); 2135 goto errout; 2136 } 2137 rtnl_notify(skb, net, 0, RTNLGRP_IPV4_NETCONF, NULL, GFP_KERNEL); 2138 return; 2139 errout: 2140 if (err < 0) 2141 rtnl_set_sk_err(net, RTNLGRP_IPV4_NETCONF, err); 2142 } 2143 2144 static const struct nla_policy devconf_ipv4_policy[NETCONFA_MAX+1] = { 2145 [NETCONFA_IFINDEX] = { .len = sizeof(int) }, 2146 [NETCONFA_FORWARDING] = { .len = sizeof(int) }, 2147 [NETCONFA_RP_FILTER] = { .len = sizeof(int) }, 2148 [NETCONFA_PROXY_NEIGH] = { .len = sizeof(int) }, 2149 [NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN] = { .len = sizeof(int) }, 2150 }; 2151 2152 static int inet_netconf_valid_get_req(struct sk_buff *skb, 2153 const struct nlmsghdr *nlh, 2154 struct nlattr **tb, 2155 struct netlink_ext_ack *extack) 2156 { 2157 int i, err; 2158 2159 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(struct netconfmsg))) { 2160 NL_SET_ERR_MSG(extack, "ipv4: Invalid header for netconf get request"); 2161 return -EINVAL; 2162 } 2163 2164 if (!netlink_strict_get_check(skb)) 2165 return nlmsg_parse_deprecated(nlh, sizeof(struct netconfmsg), 2166 tb, NETCONFA_MAX, 2167 devconf_ipv4_policy, extack); 2168 2169 err = nlmsg_parse_deprecated_strict(nlh, sizeof(struct netconfmsg), 2170 tb, NETCONFA_MAX, 2171 devconf_ipv4_policy, extack); 2172 if (err) 2173 return err; 2174 2175 for (i = 0; i <= NETCONFA_MAX; i++) { 2176 if (!tb[i]) 2177 continue; 2178 2179 switch (i) { 2180 case NETCONFA_IFINDEX: 2181 break; 2182 default: 2183 NL_SET_ERR_MSG(extack, "ipv4: Unsupported attribute in netconf get request"); 2184 return -EINVAL; 2185 } 2186 } 2187 2188 return 0; 2189 } 2190 2191 static int inet_netconf_get_devconf(struct sk_buff *in_skb, 2192 struct nlmsghdr *nlh, 2193 struct netlink_ext_ack *extack) 2194 { 2195 struct net *net = sock_net(in_skb->sk); 2196 struct nlattr *tb[NETCONFA_MAX + 1]; 2197 const struct ipv4_devconf *devconf; 2198 struct in_device *in_dev = NULL; 2199 struct net_device *dev = NULL; 2200 struct sk_buff *skb; 2201 int ifindex; 2202 int err; 2203 2204 err = inet_netconf_valid_get_req(in_skb, nlh, tb, extack); 2205 if (err) 2206 return err; 2207 2208 if (!tb[NETCONFA_IFINDEX]) 2209 return -EINVAL; 2210 2211 ifindex = nla_get_s32(tb[NETCONFA_IFINDEX]); 2212 switch (ifindex) { 2213 case NETCONFA_IFINDEX_ALL: 2214 devconf = net->ipv4.devconf_all; 2215 break; 2216 case NETCONFA_IFINDEX_DEFAULT: 2217 devconf = net->ipv4.devconf_dflt; 2218 break; 2219 default: 2220 err = -ENODEV; 2221 dev = dev_get_by_index(net, ifindex); 2222 if (dev) 2223 in_dev = in_dev_get(dev); 2224 if (!in_dev) 2225 goto errout; 2226 devconf = &in_dev->cnf; 2227 break; 2228 } 2229 2230 err = -ENOBUFS; 2231 skb = nlmsg_new(inet_netconf_msgsize_devconf(NETCONFA_ALL), GFP_KERNEL); 2232 if (!skb) 2233 goto errout; 2234 2235 err = inet_netconf_fill_devconf(skb, ifindex, devconf, 2236 NETLINK_CB(in_skb).portid, 2237 nlh->nlmsg_seq, RTM_NEWNETCONF, 0, 2238 NETCONFA_ALL); 2239 if (err < 0) { 2240 /* -EMSGSIZE implies BUG in inet_netconf_msgsize_devconf() */ 2241 WARN_ON(err == -EMSGSIZE); 2242 kfree_skb(skb); 2243 goto errout; 2244 } 2245 err = rtnl_unicast(skb, net, NETLINK_CB(in_skb).portid); 2246 errout: 2247 if (in_dev) 2248 in_dev_put(in_dev); 2249 dev_put(dev); 2250 return err; 2251 } 2252 2253 static int inet_netconf_dump_devconf(struct sk_buff *skb, 2254 struct netlink_callback *cb) 2255 { 2256 const struct nlmsghdr *nlh = cb->nlh; 2257 struct net *net = sock_net(skb->sk); 2258 struct { 2259 unsigned long ifindex; 2260 unsigned int all_default; 2261 } *ctx = (void *)cb->ctx; 2262 const struct in_device *in_dev; 2263 struct net_device *dev; 2264 int err = 0; 2265 2266 if (cb->strict_check) { 2267 struct netlink_ext_ack *extack = cb->extack; 2268 struct netconfmsg *ncm; 2269 2270 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ncm))) { 2271 NL_SET_ERR_MSG(extack, "ipv4: Invalid header for netconf dump request"); 2272 return -EINVAL; 2273 } 2274 2275 if (nlmsg_attrlen(nlh, sizeof(*ncm))) { 2276 NL_SET_ERR_MSG(extack, "ipv4: Invalid data after header in netconf dump request"); 2277 return -EINVAL; 2278 } 2279 } 2280 2281 rcu_read_lock(); 2282 for_each_netdev_dump(net, dev, ctx->ifindex) { 2283 in_dev = __in_dev_get_rcu(dev); 2284 if (!in_dev) 2285 continue; 2286 err = inet_netconf_fill_devconf(skb, dev->ifindex, 2287 &in_dev->cnf, 2288 NETLINK_CB(cb->skb).portid, 2289 nlh->nlmsg_seq, 2290 RTM_NEWNETCONF, NLM_F_MULTI, 2291 NETCONFA_ALL); 2292 if (err < 0) 2293 goto done; 2294 } 2295 if (ctx->all_default == 0) { 2296 err = inet_netconf_fill_devconf(skb, NETCONFA_IFINDEX_ALL, 2297 net->ipv4.devconf_all, 2298 NETLINK_CB(cb->skb).portid, 2299 nlh->nlmsg_seq, 2300 RTM_NEWNETCONF, NLM_F_MULTI, 2301 NETCONFA_ALL); 2302 if (err < 0) 2303 goto done; 2304 ctx->all_default++; 2305 } 2306 if (ctx->all_default == 1) { 2307 err = inet_netconf_fill_devconf(skb, NETCONFA_IFINDEX_DEFAULT, 2308 net->ipv4.devconf_dflt, 2309 NETLINK_CB(cb->skb).portid, 2310 nlh->nlmsg_seq, 2311 RTM_NEWNETCONF, NLM_F_MULTI, 2312 NETCONFA_ALL); 2313 if (err < 0) 2314 goto done; 2315 ctx->all_default++; 2316 } 2317 done: 2318 rcu_read_unlock(); 2319 return err; 2320 } 2321 2322 #ifdef CONFIG_SYSCTL 2323 2324 static void devinet_copy_dflt_conf(struct net *net, int i) 2325 { 2326 struct net_device *dev; 2327 2328 rcu_read_lock(); 2329 for_each_netdev_rcu(net, dev) { 2330 struct in_device *in_dev; 2331 2332 in_dev = __in_dev_get_rcu(dev); 2333 if (in_dev && !test_bit(i, in_dev->cnf.state)) 2334 in_dev->cnf.data[i] = net->ipv4.devconf_dflt->data[i]; 2335 } 2336 rcu_read_unlock(); 2337 } 2338 2339 /* called with RTNL locked */ 2340 static void inet_forward_change(struct net *net) 2341 { 2342 struct net_device *dev; 2343 int on = IPV4_DEVCONF_ALL(net, FORWARDING); 2344 2345 IPV4_DEVCONF_ALL(net, ACCEPT_REDIRECTS) = !on; 2346 IPV4_DEVCONF_DFLT(net, FORWARDING) = on; 2347 inet_netconf_notify_devconf(net, RTM_NEWNETCONF, 2348 NETCONFA_FORWARDING, 2349 NETCONFA_IFINDEX_ALL, 2350 net->ipv4.devconf_all); 2351 inet_netconf_notify_devconf(net, RTM_NEWNETCONF, 2352 NETCONFA_FORWARDING, 2353 NETCONFA_IFINDEX_DEFAULT, 2354 net->ipv4.devconf_dflt); 2355 2356 for_each_netdev(net, dev) { 2357 struct in_device *in_dev; 2358 2359 if (on) 2360 dev_disable_lro(dev); 2361 2362 in_dev = __in_dev_get_rtnl(dev); 2363 if (in_dev) { 2364 IN_DEV_CONF_SET(in_dev, FORWARDING, on); 2365 inet_netconf_notify_devconf(net, RTM_NEWNETCONF, 2366 NETCONFA_FORWARDING, 2367 dev->ifindex, &in_dev->cnf); 2368 } 2369 } 2370 } 2371 2372 static int devinet_conf_ifindex(struct net *net, struct ipv4_devconf *cnf) 2373 { 2374 if (cnf == net->ipv4.devconf_dflt) 2375 return NETCONFA_IFINDEX_DEFAULT; 2376 else if (cnf == net->ipv4.devconf_all) 2377 return NETCONFA_IFINDEX_ALL; 2378 else { 2379 struct in_device *idev 2380 = container_of(cnf, struct in_device, cnf); 2381 return idev->dev->ifindex; 2382 } 2383 } 2384 2385 static int devinet_conf_proc(struct ctl_table *ctl, int write, 2386 void *buffer, size_t *lenp, loff_t *ppos) 2387 { 2388 int old_value = *(int *)ctl->data; 2389 int ret = proc_dointvec(ctl, write, buffer, lenp, ppos); 2390 int new_value = *(int *)ctl->data; 2391 2392 if (write) { 2393 struct ipv4_devconf *cnf = ctl->extra1; 2394 struct net *net = ctl->extra2; 2395 int i = (int *)ctl->data - cnf->data; 2396 int ifindex; 2397 2398 set_bit(i, cnf->state); 2399 2400 if (cnf == net->ipv4.devconf_dflt) 2401 devinet_copy_dflt_conf(net, i); 2402 if (i == IPV4_DEVCONF_ACCEPT_LOCAL - 1 || 2403 i == IPV4_DEVCONF_ROUTE_LOCALNET - 1) 2404 if ((new_value == 0) && (old_value != 0)) 2405 rt_cache_flush(net); 2406 2407 if (i == IPV4_DEVCONF_BC_FORWARDING - 1 && 2408 new_value != old_value) 2409 rt_cache_flush(net); 2410 2411 if (i == IPV4_DEVCONF_RP_FILTER - 1 && 2412 new_value != old_value) { 2413 ifindex = devinet_conf_ifindex(net, cnf); 2414 inet_netconf_notify_devconf(net, RTM_NEWNETCONF, 2415 NETCONFA_RP_FILTER, 2416 ifindex, cnf); 2417 } 2418 if (i == IPV4_DEVCONF_PROXY_ARP - 1 && 2419 new_value != old_value) { 2420 ifindex = devinet_conf_ifindex(net, cnf); 2421 inet_netconf_notify_devconf(net, RTM_NEWNETCONF, 2422 NETCONFA_PROXY_NEIGH, 2423 ifindex, cnf); 2424 } 2425 if (i == IPV4_DEVCONF_IGNORE_ROUTES_WITH_LINKDOWN - 1 && 2426 new_value != old_value) { 2427 ifindex = devinet_conf_ifindex(net, cnf); 2428 inet_netconf_notify_devconf(net, RTM_NEWNETCONF, 2429 NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN, 2430 ifindex, cnf); 2431 } 2432 } 2433 2434 return ret; 2435 } 2436 2437 static int devinet_sysctl_forward(struct ctl_table *ctl, int write, 2438 void *buffer, size_t *lenp, loff_t *ppos) 2439 { 2440 int *valp = ctl->data; 2441 int val = *valp; 2442 loff_t pos = *ppos; 2443 struct net *net = ctl->extra2; 2444 int ret; 2445 2446 if (write && !ns_capable(net->user_ns, CAP_NET_ADMIN)) 2447 return -EPERM; 2448 2449 ret = proc_dointvec(ctl, write, buffer, lenp, ppos); 2450 2451 if (write && *valp != val) { 2452 if (valp != &IPV4_DEVCONF_DFLT(net, FORWARDING)) { 2453 if (!rtnl_trylock()) { 2454 /* Restore the original values before restarting */ 2455 *valp = val; 2456 *ppos = pos; 2457 return restart_syscall(); 2458 } 2459 if (valp == &IPV4_DEVCONF_ALL(net, FORWARDING)) { 2460 inet_forward_change(net); 2461 } else { 2462 struct ipv4_devconf *cnf = ctl->extra1; 2463 struct in_device *idev = 2464 container_of(cnf, struct in_device, cnf); 2465 if (*valp) 2466 dev_disable_lro(idev->dev); 2467 inet_netconf_notify_devconf(net, RTM_NEWNETCONF, 2468 NETCONFA_FORWARDING, 2469 idev->dev->ifindex, 2470 cnf); 2471 } 2472 rtnl_unlock(); 2473 rt_cache_flush(net); 2474 } else 2475 inet_netconf_notify_devconf(net, RTM_NEWNETCONF, 2476 NETCONFA_FORWARDING, 2477 NETCONFA_IFINDEX_DEFAULT, 2478 net->ipv4.devconf_dflt); 2479 } 2480 2481 return ret; 2482 } 2483 2484 static int ipv4_doint_and_flush(struct ctl_table *ctl, int write, 2485 void *buffer, size_t *lenp, loff_t *ppos) 2486 { 2487 int *valp = ctl->data; 2488 int val = *valp; 2489 int ret = proc_dointvec(ctl, write, buffer, lenp, ppos); 2490 struct net *net = ctl->extra2; 2491 2492 if (write && *valp != val) 2493 rt_cache_flush(net); 2494 2495 return ret; 2496 } 2497 2498 #define DEVINET_SYSCTL_ENTRY(attr, name, mval, proc) \ 2499 { \ 2500 .procname = name, \ 2501 .data = ipv4_devconf.data + \ 2502 IPV4_DEVCONF_ ## attr - 1, \ 2503 .maxlen = sizeof(int), \ 2504 .mode = mval, \ 2505 .proc_handler = proc, \ 2506 .extra1 = &ipv4_devconf, \ 2507 } 2508 2509 #define DEVINET_SYSCTL_RW_ENTRY(attr, name) \ 2510 DEVINET_SYSCTL_ENTRY(attr, name, 0644, devinet_conf_proc) 2511 2512 #define DEVINET_SYSCTL_RO_ENTRY(attr, name) \ 2513 DEVINET_SYSCTL_ENTRY(attr, name, 0444, devinet_conf_proc) 2514 2515 #define DEVINET_SYSCTL_COMPLEX_ENTRY(attr, name, proc) \ 2516 DEVINET_SYSCTL_ENTRY(attr, name, 0644, proc) 2517 2518 #define DEVINET_SYSCTL_FLUSHING_ENTRY(attr, name) \ 2519 DEVINET_SYSCTL_COMPLEX_ENTRY(attr, name, ipv4_doint_and_flush) 2520 2521 static struct devinet_sysctl_table { 2522 struct ctl_table_header *sysctl_header; 2523 struct ctl_table devinet_vars[IPV4_DEVCONF_MAX]; 2524 } devinet_sysctl = { 2525 .devinet_vars = { 2526 DEVINET_SYSCTL_COMPLEX_ENTRY(FORWARDING, "forwarding", 2527 devinet_sysctl_forward), 2528 DEVINET_SYSCTL_RO_ENTRY(MC_FORWARDING, "mc_forwarding"), 2529 DEVINET_SYSCTL_RW_ENTRY(BC_FORWARDING, "bc_forwarding"), 2530 2531 DEVINET_SYSCTL_RW_ENTRY(ACCEPT_REDIRECTS, "accept_redirects"), 2532 DEVINET_SYSCTL_RW_ENTRY(SECURE_REDIRECTS, "secure_redirects"), 2533 DEVINET_SYSCTL_RW_ENTRY(SHARED_MEDIA, "shared_media"), 2534 DEVINET_SYSCTL_RW_ENTRY(RP_FILTER, "rp_filter"), 2535 DEVINET_SYSCTL_RW_ENTRY(SEND_REDIRECTS, "send_redirects"), 2536 DEVINET_SYSCTL_RW_ENTRY(ACCEPT_SOURCE_ROUTE, 2537 "accept_source_route"), 2538 DEVINET_SYSCTL_RW_ENTRY(ACCEPT_LOCAL, "accept_local"), 2539 DEVINET_SYSCTL_RW_ENTRY(SRC_VMARK, "src_valid_mark"), 2540 DEVINET_SYSCTL_RW_ENTRY(PROXY_ARP, "proxy_arp"), 2541 DEVINET_SYSCTL_RW_ENTRY(MEDIUM_ID, "medium_id"), 2542 DEVINET_SYSCTL_RW_ENTRY(BOOTP_RELAY, "bootp_relay"), 2543 DEVINET_SYSCTL_RW_ENTRY(LOG_MARTIANS, "log_martians"), 2544 DEVINET_SYSCTL_RW_ENTRY(TAG, "tag"), 2545 DEVINET_SYSCTL_RW_ENTRY(ARPFILTER, "arp_filter"), 2546 DEVINET_SYSCTL_RW_ENTRY(ARP_ANNOUNCE, "arp_announce"), 2547 DEVINET_SYSCTL_RW_ENTRY(ARP_IGNORE, "arp_ignore"), 2548 DEVINET_SYSCTL_RW_ENTRY(ARP_ACCEPT, "arp_accept"), 2549 DEVINET_SYSCTL_RW_ENTRY(ARP_NOTIFY, "arp_notify"), 2550 DEVINET_SYSCTL_RW_ENTRY(ARP_EVICT_NOCARRIER, 2551 "arp_evict_nocarrier"), 2552 DEVINET_SYSCTL_RW_ENTRY(PROXY_ARP_PVLAN, "proxy_arp_pvlan"), 2553 DEVINET_SYSCTL_RW_ENTRY(FORCE_IGMP_VERSION, 2554 "force_igmp_version"), 2555 DEVINET_SYSCTL_RW_ENTRY(IGMPV2_UNSOLICITED_REPORT_INTERVAL, 2556 "igmpv2_unsolicited_report_interval"), 2557 DEVINET_SYSCTL_RW_ENTRY(IGMPV3_UNSOLICITED_REPORT_INTERVAL, 2558 "igmpv3_unsolicited_report_interval"), 2559 DEVINET_SYSCTL_RW_ENTRY(IGNORE_ROUTES_WITH_LINKDOWN, 2560 "ignore_routes_with_linkdown"), 2561 DEVINET_SYSCTL_RW_ENTRY(DROP_GRATUITOUS_ARP, 2562 "drop_gratuitous_arp"), 2563 2564 DEVINET_SYSCTL_FLUSHING_ENTRY(NOXFRM, "disable_xfrm"), 2565 DEVINET_SYSCTL_FLUSHING_ENTRY(NOPOLICY, "disable_policy"), 2566 DEVINET_SYSCTL_FLUSHING_ENTRY(PROMOTE_SECONDARIES, 2567 "promote_secondaries"), 2568 DEVINET_SYSCTL_FLUSHING_ENTRY(ROUTE_LOCALNET, 2569 "route_localnet"), 2570 DEVINET_SYSCTL_FLUSHING_ENTRY(DROP_UNICAST_IN_L2_MULTICAST, 2571 "drop_unicast_in_l2_multicast"), 2572 }, 2573 }; 2574 2575 static int __devinet_sysctl_register(struct net *net, char *dev_name, 2576 int ifindex, struct ipv4_devconf *p) 2577 { 2578 int i; 2579 struct devinet_sysctl_table *t; 2580 char path[sizeof("net/ipv4/conf/") + IFNAMSIZ]; 2581 2582 t = kmemdup(&devinet_sysctl, sizeof(*t), GFP_KERNEL_ACCOUNT); 2583 if (!t) 2584 goto out; 2585 2586 for (i = 0; i < ARRAY_SIZE(t->devinet_vars); i++) { 2587 t->devinet_vars[i].data += (char *)p - (char *)&ipv4_devconf; 2588 t->devinet_vars[i].extra1 = p; 2589 t->devinet_vars[i].extra2 = net; 2590 } 2591 2592 snprintf(path, sizeof(path), "net/ipv4/conf/%s", dev_name); 2593 2594 t->sysctl_header = register_net_sysctl(net, path, t->devinet_vars); 2595 if (!t->sysctl_header) 2596 goto free; 2597 2598 p->sysctl = t; 2599 2600 inet_netconf_notify_devconf(net, RTM_NEWNETCONF, NETCONFA_ALL, 2601 ifindex, p); 2602 return 0; 2603 2604 free: 2605 kfree(t); 2606 out: 2607 return -ENOMEM; 2608 } 2609 2610 static void __devinet_sysctl_unregister(struct net *net, 2611 struct ipv4_devconf *cnf, int ifindex) 2612 { 2613 struct devinet_sysctl_table *t = cnf->sysctl; 2614 2615 if (t) { 2616 cnf->sysctl = NULL; 2617 unregister_net_sysctl_table(t->sysctl_header); 2618 kfree(t); 2619 } 2620 2621 inet_netconf_notify_devconf(net, RTM_DELNETCONF, 0, ifindex, NULL); 2622 } 2623 2624 static int devinet_sysctl_register(struct in_device *idev) 2625 { 2626 int err; 2627 2628 if (!sysctl_dev_name_is_allowed(idev->dev->name)) 2629 return -EINVAL; 2630 2631 err = neigh_sysctl_register(idev->dev, idev->arp_parms, NULL); 2632 if (err) 2633 return err; 2634 err = __devinet_sysctl_register(dev_net(idev->dev), idev->dev->name, 2635 idev->dev->ifindex, &idev->cnf); 2636 if (err) 2637 neigh_sysctl_unregister(idev->arp_parms); 2638 return err; 2639 } 2640 2641 static void devinet_sysctl_unregister(struct in_device *idev) 2642 { 2643 struct net *net = dev_net(idev->dev); 2644 2645 __devinet_sysctl_unregister(net, &idev->cnf, idev->dev->ifindex); 2646 neigh_sysctl_unregister(idev->arp_parms); 2647 } 2648 2649 static struct ctl_table ctl_forward_entry[] = { 2650 { 2651 .procname = "ip_forward", 2652 .data = &ipv4_devconf.data[ 2653 IPV4_DEVCONF_FORWARDING - 1], 2654 .maxlen = sizeof(int), 2655 .mode = 0644, 2656 .proc_handler = devinet_sysctl_forward, 2657 .extra1 = &ipv4_devconf, 2658 .extra2 = &init_net, 2659 }, 2660 }; 2661 #endif 2662 2663 static __net_init int devinet_init_net(struct net *net) 2664 { 2665 int err; 2666 struct ipv4_devconf *all, *dflt; 2667 #ifdef CONFIG_SYSCTL 2668 struct ctl_table *tbl; 2669 struct ctl_table_header *forw_hdr; 2670 #endif 2671 2672 err = -ENOMEM; 2673 all = kmemdup(&ipv4_devconf, sizeof(ipv4_devconf), GFP_KERNEL); 2674 if (!all) 2675 goto err_alloc_all; 2676 2677 dflt = kmemdup(&ipv4_devconf_dflt, sizeof(ipv4_devconf_dflt), GFP_KERNEL); 2678 if (!dflt) 2679 goto err_alloc_dflt; 2680 2681 #ifdef CONFIG_SYSCTL 2682 tbl = kmemdup(ctl_forward_entry, sizeof(ctl_forward_entry), GFP_KERNEL); 2683 if (!tbl) 2684 goto err_alloc_ctl; 2685 2686 tbl[0].data = &all->data[IPV4_DEVCONF_FORWARDING - 1]; 2687 tbl[0].extra1 = all; 2688 tbl[0].extra2 = net; 2689 #endif 2690 2691 if (!net_eq(net, &init_net)) { 2692 switch (net_inherit_devconf()) { 2693 case 3: 2694 /* copy from the current netns */ 2695 memcpy(all, current->nsproxy->net_ns->ipv4.devconf_all, 2696 sizeof(ipv4_devconf)); 2697 memcpy(dflt, 2698 current->nsproxy->net_ns->ipv4.devconf_dflt, 2699 sizeof(ipv4_devconf_dflt)); 2700 break; 2701 case 0: 2702 case 1: 2703 /* copy from init_net */ 2704 memcpy(all, init_net.ipv4.devconf_all, 2705 sizeof(ipv4_devconf)); 2706 memcpy(dflt, init_net.ipv4.devconf_dflt, 2707 sizeof(ipv4_devconf_dflt)); 2708 break; 2709 case 2: 2710 /* use compiled values */ 2711 break; 2712 } 2713 } 2714 2715 #ifdef CONFIG_SYSCTL 2716 err = __devinet_sysctl_register(net, "all", NETCONFA_IFINDEX_ALL, all); 2717 if (err < 0) 2718 goto err_reg_all; 2719 2720 err = __devinet_sysctl_register(net, "default", 2721 NETCONFA_IFINDEX_DEFAULT, dflt); 2722 if (err < 0) 2723 goto err_reg_dflt; 2724 2725 err = -ENOMEM; 2726 forw_hdr = register_net_sysctl_sz(net, "net/ipv4", tbl, 2727 ARRAY_SIZE(ctl_forward_entry)); 2728 if (!forw_hdr) 2729 goto err_reg_ctl; 2730 net->ipv4.forw_hdr = forw_hdr; 2731 #endif 2732 2733 net->ipv4.devconf_all = all; 2734 net->ipv4.devconf_dflt = dflt; 2735 return 0; 2736 2737 #ifdef CONFIG_SYSCTL 2738 err_reg_ctl: 2739 __devinet_sysctl_unregister(net, dflt, NETCONFA_IFINDEX_DEFAULT); 2740 err_reg_dflt: 2741 __devinet_sysctl_unregister(net, all, NETCONFA_IFINDEX_ALL); 2742 err_reg_all: 2743 kfree(tbl); 2744 err_alloc_ctl: 2745 #endif 2746 kfree(dflt); 2747 err_alloc_dflt: 2748 kfree(all); 2749 err_alloc_all: 2750 return err; 2751 } 2752 2753 static __net_exit void devinet_exit_net(struct net *net) 2754 { 2755 #ifdef CONFIG_SYSCTL 2756 const struct ctl_table *tbl; 2757 2758 tbl = net->ipv4.forw_hdr->ctl_table_arg; 2759 unregister_net_sysctl_table(net->ipv4.forw_hdr); 2760 __devinet_sysctl_unregister(net, net->ipv4.devconf_dflt, 2761 NETCONFA_IFINDEX_DEFAULT); 2762 __devinet_sysctl_unregister(net, net->ipv4.devconf_all, 2763 NETCONFA_IFINDEX_ALL); 2764 kfree(tbl); 2765 #endif 2766 kfree(net->ipv4.devconf_dflt); 2767 kfree(net->ipv4.devconf_all); 2768 } 2769 2770 static __net_initdata struct pernet_operations devinet_ops = { 2771 .init = devinet_init_net, 2772 .exit = devinet_exit_net, 2773 }; 2774 2775 static struct rtnl_af_ops inet_af_ops __read_mostly = { 2776 .family = AF_INET, 2777 .fill_link_af = inet_fill_link_af, 2778 .get_link_af_size = inet_get_link_af_size, 2779 .validate_link_af = inet_validate_link_af, 2780 .set_link_af = inet_set_link_af, 2781 }; 2782 2783 void __init devinet_init(void) 2784 { 2785 int i; 2786 2787 for (i = 0; i < IN4_ADDR_HSIZE; i++) 2788 INIT_HLIST_HEAD(&inet_addr_lst[i]); 2789 2790 register_pernet_subsys(&devinet_ops); 2791 register_netdevice_notifier(&ip_netdev_notifier); 2792 2793 queue_delayed_work(system_power_efficient_wq, &check_lifetime_work, 0); 2794 2795 rtnl_af_register(&inet_af_ops); 2796 2797 rtnl_register(PF_INET, RTM_NEWADDR, inet_rtm_newaddr, NULL, 0); 2798 rtnl_register(PF_INET, RTM_DELADDR, inet_rtm_deladdr, NULL, 0); 2799 rtnl_register(PF_INET, RTM_GETADDR, NULL, inet_dump_ifaddr, 2800 RTNL_FLAG_DUMP_UNLOCKED); 2801 rtnl_register(PF_INET, RTM_GETNETCONF, inet_netconf_get_devconf, 2802 inet_netconf_dump_devconf, 2803 RTNL_FLAG_DOIT_UNLOCKED | RTNL_FLAG_DUMP_UNLOCKED); 2804 } 2805