1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * Linux NET3: Internet Group Management Protocol [IGMP] 4 * 5 * This code implements the IGMP protocol as defined in RFC1112. There has 6 * been a further revision of this protocol since which is now supported. 7 * 8 * If you have trouble with this module be careful what gcc you have used, 9 * the older version didn't come out right using gcc 2.5.8, the newer one 10 * seems to fall out with gcc 2.6.2. 11 * 12 * Authors: 13 * Alan Cox <alan@lxorguk.ukuu.org.uk> 14 * 15 * Fixes: 16 * 17 * Alan Cox : Added lots of __inline__ to optimise 18 * the memory usage of all the tiny little 19 * functions. 20 * Alan Cox : Dumped the header building experiment. 21 * Alan Cox : Minor tweaks ready for multicast routing 22 * and extended IGMP protocol. 23 * Alan Cox : Removed a load of inline directives. Gcc 2.5.8 24 * writes utterly bogus code otherwise (sigh) 25 * fixed IGMP loopback to behave in the manner 26 * desired by mrouted, fixed the fact it has been 27 * broken since 1.3.6 and cleaned up a few minor 28 * points. 29 * 30 * Chih-Jen Chang : Tried to revise IGMP to Version 2 31 * Tsu-Sheng Tsao E-mail: chihjenc@scf.usc.edu and tsusheng@scf.usc.edu 32 * The enhancements are mainly based on Steve Deering's 33 * ipmulti-3.5 source code. 34 * Chih-Jen Chang : Added the igmp_get_mrouter_info and 35 * Tsu-Sheng Tsao igmp_set_mrouter_info to keep track of 36 * the mrouted version on that device. 37 * Chih-Jen Chang : Added the max_resp_time parameter to 38 * Tsu-Sheng Tsao igmp_heard_query(). Using this parameter 39 * to identify the multicast router version 40 * and do what the IGMP version 2 specified. 41 * Chih-Jen Chang : Added a timer to revert to IGMP V2 router 42 * Tsu-Sheng Tsao if the specified time expired. 43 * Alan Cox : Stop IGMP from 0.0.0.0 being accepted. 44 * Alan Cox : Use GFP_ATOMIC in the right places. 45 * Christian Daudt : igmp timer wasn't set for local group 46 * memberships but was being deleted, 47 * which caused a "del_timer() called 48 * from %p with timer not initialized\n" 49 * message (960131). 50 * Christian Daudt : removed del_timer from 51 * igmp_timer_expire function (960205). 52 * Christian Daudt : igmp_heard_report now only calls 53 * igmp_timer_expire if tm->running is 54 * true (960216). 55 * Malcolm Beattie : ttl comparison wrong in igmp_rcv made 56 * igmp_heard_query never trigger. Expiry 57 * miscalculation fixed in igmp_heard_query 58 * and random() made to return unsigned to 59 * prevent negative expiry times. 60 * Alexey Kuznetsov: Wrong group leaving behaviour, backport 61 * fix from pending 2.1.x patches. 62 * Alan Cox: Forget to enable FDDI support earlier. 63 * Alexey Kuznetsov: Fixed leaving groups on device down. 64 * Alexey Kuznetsov: Accordance to igmp-v2-06 draft. 65 * David L Stevens: IGMPv3 support, with help from 66 * Vinay Kulkarni 67 */ 68 69 #include <linux/module.h> 70 #include <linux/slab.h> 71 #include <linux/uaccess.h> 72 #include <linux/types.h> 73 #include <linux/kernel.h> 74 #include <linux/jiffies.h> 75 #include <linux/string.h> 76 #include <linux/socket.h> 77 #include <linux/sockios.h> 78 #include <linux/in.h> 79 #include <linux/inet.h> 80 #include <linux/netdevice.h> 81 #include <linux/skbuff.h> 82 #include <linux/inetdevice.h> 83 #include <linux/igmp.h> 84 #include <linux/if_arp.h> 85 #include <linux/rtnetlink.h> 86 #include <linux/times.h> 87 #include <linux/pkt_sched.h> 88 #include <linux/byteorder/generic.h> 89 90 #include <net/net_namespace.h> 91 #include <net/arp.h> 92 #include <net/ip.h> 93 #include <net/protocol.h> 94 #include <net/route.h> 95 #include <net/sock.h> 96 #include <net/checksum.h> 97 #include <net/inet_common.h> 98 #include <linux/netfilter_ipv4.h> 99 #ifdef CONFIG_IP_MROUTE 100 #include <linux/mroute.h> 101 #endif 102 #ifdef CONFIG_PROC_FS 103 #include <linux/proc_fs.h> 104 #include <linux/seq_file.h> 105 #endif 106 107 #ifdef CONFIG_IP_MULTICAST 108 /* Parameter names and values are taken from igmp-v2-06 draft */ 109 110 #define IGMP_QUERY_INTERVAL (125*HZ) 111 #define IGMP_QUERY_RESPONSE_INTERVAL (10*HZ) 112 113 #define IGMP_INITIAL_REPORT_DELAY (1) 114 115 /* IGMP_INITIAL_REPORT_DELAY is not from IGMP specs! 116 * IGMP specs require to report membership immediately after 117 * joining a group, but we delay the first report by a 118 * small interval. It seems more natural and still does not 119 * contradict to specs provided this delay is small enough. 120 */ 121 122 #define IGMP_V1_SEEN(in_dev) \ 123 (IPV4_DEVCONF_ALL_RO(dev_net(in_dev->dev), FORCE_IGMP_VERSION) == 1 || \ 124 IN_DEV_CONF_GET((in_dev), FORCE_IGMP_VERSION) == 1 || \ 125 ((in_dev)->mr_v1_seen && \ 126 time_before(jiffies, (in_dev)->mr_v1_seen))) 127 #define IGMP_V2_SEEN(in_dev) \ 128 (IPV4_DEVCONF_ALL_RO(dev_net(in_dev->dev), FORCE_IGMP_VERSION) == 2 || \ 129 IN_DEV_CONF_GET((in_dev), FORCE_IGMP_VERSION) == 2 || \ 130 ((in_dev)->mr_v2_seen && \ 131 time_before(jiffies, (in_dev)->mr_v2_seen))) 132 133 static int unsolicited_report_interval(struct in_device *in_dev) 134 { 135 int interval_ms, interval_jiffies; 136 137 if (IGMP_V1_SEEN(in_dev) || IGMP_V2_SEEN(in_dev)) 138 interval_ms = IN_DEV_CONF_GET( 139 in_dev, 140 IGMPV2_UNSOLICITED_REPORT_INTERVAL); 141 else /* v3 */ 142 interval_ms = IN_DEV_CONF_GET( 143 in_dev, 144 IGMPV3_UNSOLICITED_REPORT_INTERVAL); 145 146 interval_jiffies = msecs_to_jiffies(interval_ms); 147 148 /* _timer functions can't handle a delay of 0 jiffies so ensure 149 * we always return a positive value. 150 */ 151 if (interval_jiffies <= 0) 152 interval_jiffies = 1; 153 return interval_jiffies; 154 } 155 156 static void igmpv3_add_delrec(struct in_device *in_dev, struct ip_mc_list *im, 157 gfp_t gfp); 158 static void igmpv3_del_delrec(struct in_device *in_dev, struct ip_mc_list *im); 159 static void igmpv3_clear_delrec(struct in_device *in_dev); 160 static int sf_setstate(struct ip_mc_list *pmc); 161 static void sf_markstate(struct ip_mc_list *pmc); 162 #endif 163 static void ip_mc_clear_src(struct ip_mc_list *pmc); 164 static int ip_mc_add_src(struct in_device *in_dev, __be32 *pmca, int sfmode, 165 int sfcount, __be32 *psfsrc, int delta); 166 167 static void ip_ma_put(struct ip_mc_list *im) 168 { 169 if (refcount_dec_and_test(&im->refcnt)) { 170 in_dev_put(im->interface); 171 kfree_rcu(im, rcu); 172 } 173 } 174 175 #define for_each_pmc_rcu(in_dev, pmc) \ 176 for (pmc = rcu_dereference(in_dev->mc_list); \ 177 pmc != NULL; \ 178 pmc = rcu_dereference(pmc->next_rcu)) 179 180 #define for_each_pmc_rtnl(in_dev, pmc) \ 181 for (pmc = rtnl_dereference(in_dev->mc_list); \ 182 pmc != NULL; \ 183 pmc = rtnl_dereference(pmc->next_rcu)) 184 185 static void ip_sf_list_clear_all(struct ip_sf_list *psf) 186 { 187 struct ip_sf_list *next; 188 189 while (psf) { 190 next = psf->sf_next; 191 kfree(psf); 192 psf = next; 193 } 194 } 195 196 #ifdef CONFIG_IP_MULTICAST 197 198 /* 199 * Timer management 200 */ 201 202 static void igmp_stop_timer(struct ip_mc_list *im) 203 { 204 spin_lock_bh(&im->lock); 205 if (del_timer(&im->timer)) 206 refcount_dec(&im->refcnt); 207 im->tm_running = 0; 208 im->reporter = 0; 209 im->unsolicit_count = 0; 210 spin_unlock_bh(&im->lock); 211 } 212 213 /* It must be called with locked im->lock */ 214 static void igmp_start_timer(struct ip_mc_list *im, int max_delay) 215 { 216 int tv = get_random_u32_below(max_delay); 217 218 im->tm_running = 1; 219 if (refcount_inc_not_zero(&im->refcnt)) { 220 if (mod_timer(&im->timer, jiffies + tv + 2)) 221 ip_ma_put(im); 222 } 223 } 224 225 static void igmp_gq_start_timer(struct in_device *in_dev) 226 { 227 int tv = get_random_u32_below(in_dev->mr_maxdelay); 228 unsigned long exp = jiffies + tv + 2; 229 230 if (in_dev->mr_gq_running && 231 time_after_eq(exp, (in_dev->mr_gq_timer).expires)) 232 return; 233 234 in_dev->mr_gq_running = 1; 235 if (!mod_timer(&in_dev->mr_gq_timer, exp)) 236 in_dev_hold(in_dev); 237 } 238 239 static void igmp_ifc_start_timer(struct in_device *in_dev, int delay) 240 { 241 int tv = get_random_u32_below(delay); 242 243 if (!mod_timer(&in_dev->mr_ifc_timer, jiffies+tv+2)) 244 in_dev_hold(in_dev); 245 } 246 247 static void igmp_mod_timer(struct ip_mc_list *im, int max_delay) 248 { 249 spin_lock_bh(&im->lock); 250 im->unsolicit_count = 0; 251 if (del_timer(&im->timer)) { 252 if ((long)(im->timer.expires-jiffies) < max_delay) { 253 add_timer(&im->timer); 254 im->tm_running = 1; 255 spin_unlock_bh(&im->lock); 256 return; 257 } 258 refcount_dec(&im->refcnt); 259 } 260 igmp_start_timer(im, max_delay); 261 spin_unlock_bh(&im->lock); 262 } 263 264 265 /* 266 * Send an IGMP report. 267 */ 268 269 #define IGMP_SIZE (sizeof(struct igmphdr)+sizeof(struct iphdr)+4) 270 271 272 static int is_in(struct ip_mc_list *pmc, struct ip_sf_list *psf, int type, 273 int gdeleted, int sdeleted) 274 { 275 switch (type) { 276 case IGMPV3_MODE_IS_INCLUDE: 277 case IGMPV3_MODE_IS_EXCLUDE: 278 if (gdeleted || sdeleted) 279 return 0; 280 if (!(pmc->gsquery && !psf->sf_gsresp)) { 281 if (pmc->sfmode == MCAST_INCLUDE) 282 return 1; 283 /* don't include if this source is excluded 284 * in all filters 285 */ 286 if (psf->sf_count[MCAST_INCLUDE]) 287 return type == IGMPV3_MODE_IS_INCLUDE; 288 return pmc->sfcount[MCAST_EXCLUDE] == 289 psf->sf_count[MCAST_EXCLUDE]; 290 } 291 return 0; 292 case IGMPV3_CHANGE_TO_INCLUDE: 293 if (gdeleted || sdeleted) 294 return 0; 295 return psf->sf_count[MCAST_INCLUDE] != 0; 296 case IGMPV3_CHANGE_TO_EXCLUDE: 297 if (gdeleted || sdeleted) 298 return 0; 299 if (pmc->sfcount[MCAST_EXCLUDE] == 0 || 300 psf->sf_count[MCAST_INCLUDE]) 301 return 0; 302 return pmc->sfcount[MCAST_EXCLUDE] == 303 psf->sf_count[MCAST_EXCLUDE]; 304 case IGMPV3_ALLOW_NEW_SOURCES: 305 if (gdeleted || !psf->sf_crcount) 306 return 0; 307 return (pmc->sfmode == MCAST_INCLUDE) ^ sdeleted; 308 case IGMPV3_BLOCK_OLD_SOURCES: 309 if (pmc->sfmode == MCAST_INCLUDE) 310 return gdeleted || (psf->sf_crcount && sdeleted); 311 return psf->sf_crcount && !gdeleted && !sdeleted; 312 } 313 return 0; 314 } 315 316 static int 317 igmp_scount(struct ip_mc_list *pmc, int type, int gdeleted, int sdeleted) 318 { 319 struct ip_sf_list *psf; 320 int scount = 0; 321 322 for (psf = pmc->sources; psf; psf = psf->sf_next) { 323 if (!is_in(pmc, psf, type, gdeleted, sdeleted)) 324 continue; 325 scount++; 326 } 327 return scount; 328 } 329 330 /* source address selection per RFC 3376 section 4.2.13 */ 331 static __be32 igmpv3_get_srcaddr(struct net_device *dev, 332 const struct flowi4 *fl4) 333 { 334 struct in_device *in_dev = __in_dev_get_rcu(dev); 335 const struct in_ifaddr *ifa; 336 337 if (!in_dev) 338 return htonl(INADDR_ANY); 339 340 in_dev_for_each_ifa_rcu(ifa, in_dev) { 341 if (fl4->saddr == ifa->ifa_local) 342 return fl4->saddr; 343 } 344 345 return htonl(INADDR_ANY); 346 } 347 348 static struct sk_buff *igmpv3_newpack(struct net_device *dev, unsigned int mtu) 349 { 350 struct sk_buff *skb; 351 struct rtable *rt; 352 struct iphdr *pip; 353 struct igmpv3_report *pig; 354 struct net *net = dev_net(dev); 355 struct flowi4 fl4; 356 int hlen = LL_RESERVED_SPACE(dev); 357 int tlen = dev->needed_tailroom; 358 unsigned int size; 359 360 size = min(mtu, IP_MAX_MTU); 361 while (1) { 362 skb = alloc_skb(size + hlen + tlen, 363 GFP_ATOMIC | __GFP_NOWARN); 364 if (skb) 365 break; 366 size >>= 1; 367 if (size < 256) 368 return NULL; 369 } 370 skb->priority = TC_PRIO_CONTROL; 371 372 rt = ip_route_output_ports(net, &fl4, NULL, IGMPV3_ALL_MCR, 0, 373 0, 0, 374 IPPROTO_IGMP, 0, dev->ifindex); 375 if (IS_ERR(rt)) { 376 kfree_skb(skb); 377 return NULL; 378 } 379 380 skb_dst_set(skb, &rt->dst); 381 skb->dev = dev; 382 383 skb_reserve(skb, hlen); 384 skb_tailroom_reserve(skb, mtu, tlen); 385 386 skb_reset_network_header(skb); 387 pip = ip_hdr(skb); 388 skb_put(skb, sizeof(struct iphdr) + 4); 389 390 pip->version = 4; 391 pip->ihl = (sizeof(struct iphdr)+4)>>2; 392 pip->tos = 0xc0; 393 pip->frag_off = htons(IP_DF); 394 pip->ttl = 1; 395 pip->daddr = fl4.daddr; 396 397 rcu_read_lock(); 398 pip->saddr = igmpv3_get_srcaddr(dev, &fl4); 399 rcu_read_unlock(); 400 401 pip->protocol = IPPROTO_IGMP; 402 pip->tot_len = 0; /* filled in later */ 403 ip_select_ident(net, skb, NULL); 404 ((u8 *)&pip[1])[0] = IPOPT_RA; 405 ((u8 *)&pip[1])[1] = 4; 406 ((u8 *)&pip[1])[2] = 0; 407 ((u8 *)&pip[1])[3] = 0; 408 409 skb->transport_header = skb->network_header + sizeof(struct iphdr) + 4; 410 skb_put(skb, sizeof(*pig)); 411 pig = igmpv3_report_hdr(skb); 412 pig->type = IGMPV3_HOST_MEMBERSHIP_REPORT; 413 pig->resv1 = 0; 414 pig->csum = 0; 415 pig->resv2 = 0; 416 pig->ngrec = 0; 417 return skb; 418 } 419 420 static int igmpv3_sendpack(struct sk_buff *skb) 421 { 422 struct igmphdr *pig = igmp_hdr(skb); 423 const int igmplen = skb_tail_pointer(skb) - skb_transport_header(skb); 424 425 pig->csum = ip_compute_csum(igmp_hdr(skb), igmplen); 426 427 return ip_local_out(dev_net(skb_dst(skb)->dev), skb->sk, skb); 428 } 429 430 static int grec_size(struct ip_mc_list *pmc, int type, int gdel, int sdel) 431 { 432 return sizeof(struct igmpv3_grec) + 4*igmp_scount(pmc, type, gdel, sdel); 433 } 434 435 static struct sk_buff *add_grhead(struct sk_buff *skb, struct ip_mc_list *pmc, 436 int type, struct igmpv3_grec **ppgr, unsigned int mtu) 437 { 438 struct net_device *dev = pmc->interface->dev; 439 struct igmpv3_report *pih; 440 struct igmpv3_grec *pgr; 441 442 if (!skb) { 443 skb = igmpv3_newpack(dev, mtu); 444 if (!skb) 445 return NULL; 446 } 447 pgr = skb_put(skb, sizeof(struct igmpv3_grec)); 448 pgr->grec_type = type; 449 pgr->grec_auxwords = 0; 450 pgr->grec_nsrcs = 0; 451 pgr->grec_mca = pmc->multiaddr; 452 pih = igmpv3_report_hdr(skb); 453 pih->ngrec = htons(ntohs(pih->ngrec)+1); 454 *ppgr = pgr; 455 return skb; 456 } 457 458 #define AVAILABLE(skb) ((skb) ? skb_availroom(skb) : 0) 459 460 static struct sk_buff *add_grec(struct sk_buff *skb, struct ip_mc_list *pmc, 461 int type, int gdeleted, int sdeleted) 462 { 463 struct net_device *dev = pmc->interface->dev; 464 struct net *net = dev_net(dev); 465 struct igmpv3_report *pih; 466 struct igmpv3_grec *pgr = NULL; 467 struct ip_sf_list *psf, *psf_next, *psf_prev, **psf_list; 468 int scount, stotal, first, isquery, truncate; 469 unsigned int mtu; 470 471 if (pmc->multiaddr == IGMP_ALL_HOSTS) 472 return skb; 473 if (ipv4_is_local_multicast(pmc->multiaddr) && 474 !READ_ONCE(net->ipv4.sysctl_igmp_llm_reports)) 475 return skb; 476 477 mtu = READ_ONCE(dev->mtu); 478 if (mtu < IPV4_MIN_MTU) 479 return skb; 480 481 isquery = type == IGMPV3_MODE_IS_INCLUDE || 482 type == IGMPV3_MODE_IS_EXCLUDE; 483 truncate = type == IGMPV3_MODE_IS_EXCLUDE || 484 type == IGMPV3_CHANGE_TO_EXCLUDE; 485 486 stotal = scount = 0; 487 488 psf_list = sdeleted ? &pmc->tomb : &pmc->sources; 489 490 if (!*psf_list) 491 goto empty_source; 492 493 pih = skb ? igmpv3_report_hdr(skb) : NULL; 494 495 /* EX and TO_EX get a fresh packet, if needed */ 496 if (truncate) { 497 if (pih && pih->ngrec && 498 AVAILABLE(skb) < grec_size(pmc, type, gdeleted, sdeleted)) { 499 if (skb) 500 igmpv3_sendpack(skb); 501 skb = igmpv3_newpack(dev, mtu); 502 } 503 } 504 first = 1; 505 psf_prev = NULL; 506 for (psf = *psf_list; psf; psf = psf_next) { 507 __be32 *psrc; 508 509 psf_next = psf->sf_next; 510 511 if (!is_in(pmc, psf, type, gdeleted, sdeleted)) { 512 psf_prev = psf; 513 continue; 514 } 515 516 /* Based on RFC3376 5.1. Should not send source-list change 517 * records when there is a filter mode change. 518 */ 519 if (((gdeleted && pmc->sfmode == MCAST_EXCLUDE) || 520 (!gdeleted && pmc->crcount)) && 521 (type == IGMPV3_ALLOW_NEW_SOURCES || 522 type == IGMPV3_BLOCK_OLD_SOURCES) && psf->sf_crcount) 523 goto decrease_sf_crcount; 524 525 /* clear marks on query responses */ 526 if (isquery) 527 psf->sf_gsresp = 0; 528 529 if (AVAILABLE(skb) < sizeof(__be32) + 530 first*sizeof(struct igmpv3_grec)) { 531 if (truncate && !first) 532 break; /* truncate these */ 533 if (pgr) 534 pgr->grec_nsrcs = htons(scount); 535 if (skb) 536 igmpv3_sendpack(skb); 537 skb = igmpv3_newpack(dev, mtu); 538 first = 1; 539 scount = 0; 540 } 541 if (first) { 542 skb = add_grhead(skb, pmc, type, &pgr, mtu); 543 first = 0; 544 } 545 if (!skb) 546 return NULL; 547 psrc = skb_put(skb, sizeof(__be32)); 548 *psrc = psf->sf_inaddr; 549 scount++; stotal++; 550 if ((type == IGMPV3_ALLOW_NEW_SOURCES || 551 type == IGMPV3_BLOCK_OLD_SOURCES) && psf->sf_crcount) { 552 decrease_sf_crcount: 553 psf->sf_crcount--; 554 if ((sdeleted || gdeleted) && psf->sf_crcount == 0) { 555 if (psf_prev) 556 psf_prev->sf_next = psf->sf_next; 557 else 558 *psf_list = psf->sf_next; 559 kfree(psf); 560 continue; 561 } 562 } 563 psf_prev = psf; 564 } 565 566 empty_source: 567 if (!stotal) { 568 if (type == IGMPV3_ALLOW_NEW_SOURCES || 569 type == IGMPV3_BLOCK_OLD_SOURCES) 570 return skb; 571 if (pmc->crcount || isquery) { 572 /* make sure we have room for group header */ 573 if (skb && AVAILABLE(skb) < sizeof(struct igmpv3_grec)) { 574 igmpv3_sendpack(skb); 575 skb = NULL; /* add_grhead will get a new one */ 576 } 577 skb = add_grhead(skb, pmc, type, &pgr, mtu); 578 } 579 } 580 if (pgr) 581 pgr->grec_nsrcs = htons(scount); 582 583 if (isquery) 584 pmc->gsquery = 0; /* clear query state on report */ 585 return skb; 586 } 587 588 static int igmpv3_send_report(struct in_device *in_dev, struct ip_mc_list *pmc) 589 { 590 struct sk_buff *skb = NULL; 591 struct net *net = dev_net(in_dev->dev); 592 int type; 593 594 if (!pmc) { 595 rcu_read_lock(); 596 for_each_pmc_rcu(in_dev, pmc) { 597 if (pmc->multiaddr == IGMP_ALL_HOSTS) 598 continue; 599 if (ipv4_is_local_multicast(pmc->multiaddr) && 600 !READ_ONCE(net->ipv4.sysctl_igmp_llm_reports)) 601 continue; 602 spin_lock_bh(&pmc->lock); 603 if (pmc->sfcount[MCAST_EXCLUDE]) 604 type = IGMPV3_MODE_IS_EXCLUDE; 605 else 606 type = IGMPV3_MODE_IS_INCLUDE; 607 skb = add_grec(skb, pmc, type, 0, 0); 608 spin_unlock_bh(&pmc->lock); 609 } 610 rcu_read_unlock(); 611 } else { 612 spin_lock_bh(&pmc->lock); 613 if (pmc->sfcount[MCAST_EXCLUDE]) 614 type = IGMPV3_MODE_IS_EXCLUDE; 615 else 616 type = IGMPV3_MODE_IS_INCLUDE; 617 skb = add_grec(skb, pmc, type, 0, 0); 618 spin_unlock_bh(&pmc->lock); 619 } 620 if (!skb) 621 return 0; 622 return igmpv3_sendpack(skb); 623 } 624 625 /* 626 * remove zero-count source records from a source filter list 627 */ 628 static void igmpv3_clear_zeros(struct ip_sf_list **ppsf) 629 { 630 struct ip_sf_list *psf_prev, *psf_next, *psf; 631 632 psf_prev = NULL; 633 for (psf = *ppsf; psf; psf = psf_next) { 634 psf_next = psf->sf_next; 635 if (psf->sf_crcount == 0) { 636 if (psf_prev) 637 psf_prev->sf_next = psf->sf_next; 638 else 639 *ppsf = psf->sf_next; 640 kfree(psf); 641 } else 642 psf_prev = psf; 643 } 644 } 645 646 static void kfree_pmc(struct ip_mc_list *pmc) 647 { 648 ip_sf_list_clear_all(pmc->sources); 649 ip_sf_list_clear_all(pmc->tomb); 650 kfree(pmc); 651 } 652 653 static void igmpv3_send_cr(struct in_device *in_dev) 654 { 655 struct ip_mc_list *pmc, *pmc_prev, *pmc_next; 656 struct sk_buff *skb = NULL; 657 int type, dtype; 658 659 rcu_read_lock(); 660 spin_lock_bh(&in_dev->mc_tomb_lock); 661 662 /* deleted MCA's */ 663 pmc_prev = NULL; 664 for (pmc = in_dev->mc_tomb; pmc; pmc = pmc_next) { 665 pmc_next = pmc->next; 666 if (pmc->sfmode == MCAST_INCLUDE) { 667 type = IGMPV3_BLOCK_OLD_SOURCES; 668 dtype = IGMPV3_BLOCK_OLD_SOURCES; 669 skb = add_grec(skb, pmc, type, 1, 0); 670 skb = add_grec(skb, pmc, dtype, 1, 1); 671 } 672 if (pmc->crcount) { 673 if (pmc->sfmode == MCAST_EXCLUDE) { 674 type = IGMPV3_CHANGE_TO_INCLUDE; 675 skb = add_grec(skb, pmc, type, 1, 0); 676 } 677 pmc->crcount--; 678 if (pmc->crcount == 0) { 679 igmpv3_clear_zeros(&pmc->tomb); 680 igmpv3_clear_zeros(&pmc->sources); 681 } 682 } 683 if (pmc->crcount == 0 && !pmc->tomb && !pmc->sources) { 684 if (pmc_prev) 685 pmc_prev->next = pmc_next; 686 else 687 in_dev->mc_tomb = pmc_next; 688 in_dev_put(pmc->interface); 689 kfree_pmc(pmc); 690 } else 691 pmc_prev = pmc; 692 } 693 spin_unlock_bh(&in_dev->mc_tomb_lock); 694 695 /* change recs */ 696 for_each_pmc_rcu(in_dev, pmc) { 697 spin_lock_bh(&pmc->lock); 698 if (pmc->sfcount[MCAST_EXCLUDE]) { 699 type = IGMPV3_BLOCK_OLD_SOURCES; 700 dtype = IGMPV3_ALLOW_NEW_SOURCES; 701 } else { 702 type = IGMPV3_ALLOW_NEW_SOURCES; 703 dtype = IGMPV3_BLOCK_OLD_SOURCES; 704 } 705 skb = add_grec(skb, pmc, type, 0, 0); 706 skb = add_grec(skb, pmc, dtype, 0, 1); /* deleted sources */ 707 708 /* filter mode changes */ 709 if (pmc->crcount) { 710 if (pmc->sfmode == MCAST_EXCLUDE) 711 type = IGMPV3_CHANGE_TO_EXCLUDE; 712 else 713 type = IGMPV3_CHANGE_TO_INCLUDE; 714 skb = add_grec(skb, pmc, type, 0, 0); 715 pmc->crcount--; 716 } 717 spin_unlock_bh(&pmc->lock); 718 } 719 rcu_read_unlock(); 720 721 if (!skb) 722 return; 723 (void) igmpv3_sendpack(skb); 724 } 725 726 static int igmp_send_report(struct in_device *in_dev, struct ip_mc_list *pmc, 727 int type) 728 { 729 struct sk_buff *skb; 730 struct iphdr *iph; 731 struct igmphdr *ih; 732 struct rtable *rt; 733 struct net_device *dev = in_dev->dev; 734 struct net *net = dev_net(dev); 735 __be32 group = pmc ? pmc->multiaddr : 0; 736 struct flowi4 fl4; 737 __be32 dst; 738 int hlen, tlen; 739 740 if (type == IGMPV3_HOST_MEMBERSHIP_REPORT) 741 return igmpv3_send_report(in_dev, pmc); 742 743 if (ipv4_is_local_multicast(group) && 744 !READ_ONCE(net->ipv4.sysctl_igmp_llm_reports)) 745 return 0; 746 747 if (type == IGMP_HOST_LEAVE_MESSAGE) 748 dst = IGMP_ALL_ROUTER; 749 else 750 dst = group; 751 752 rt = ip_route_output_ports(net, &fl4, NULL, dst, 0, 753 0, 0, 754 IPPROTO_IGMP, 0, dev->ifindex); 755 if (IS_ERR(rt)) 756 return -1; 757 758 hlen = LL_RESERVED_SPACE(dev); 759 tlen = dev->needed_tailroom; 760 skb = alloc_skb(IGMP_SIZE + hlen + tlen, GFP_ATOMIC); 761 if (!skb) { 762 ip_rt_put(rt); 763 return -1; 764 } 765 skb->priority = TC_PRIO_CONTROL; 766 767 skb_dst_set(skb, &rt->dst); 768 769 skb_reserve(skb, hlen); 770 771 skb_reset_network_header(skb); 772 iph = ip_hdr(skb); 773 skb_put(skb, sizeof(struct iphdr) + 4); 774 775 iph->version = 4; 776 iph->ihl = (sizeof(struct iphdr)+4)>>2; 777 iph->tos = 0xc0; 778 iph->frag_off = htons(IP_DF); 779 iph->ttl = 1; 780 iph->daddr = dst; 781 iph->saddr = fl4.saddr; 782 iph->protocol = IPPROTO_IGMP; 783 ip_select_ident(net, skb, NULL); 784 ((u8 *)&iph[1])[0] = IPOPT_RA; 785 ((u8 *)&iph[1])[1] = 4; 786 ((u8 *)&iph[1])[2] = 0; 787 ((u8 *)&iph[1])[3] = 0; 788 789 ih = skb_put(skb, sizeof(struct igmphdr)); 790 ih->type = type; 791 ih->code = 0; 792 ih->csum = 0; 793 ih->group = group; 794 ih->csum = ip_compute_csum((void *)ih, sizeof(struct igmphdr)); 795 796 return ip_local_out(net, skb->sk, skb); 797 } 798 799 static void igmp_gq_timer_expire(struct timer_list *t) 800 { 801 struct in_device *in_dev = from_timer(in_dev, t, mr_gq_timer); 802 803 in_dev->mr_gq_running = 0; 804 igmpv3_send_report(in_dev, NULL); 805 in_dev_put(in_dev); 806 } 807 808 static void igmp_ifc_timer_expire(struct timer_list *t) 809 { 810 struct in_device *in_dev = from_timer(in_dev, t, mr_ifc_timer); 811 u32 mr_ifc_count; 812 813 igmpv3_send_cr(in_dev); 814 restart: 815 mr_ifc_count = READ_ONCE(in_dev->mr_ifc_count); 816 817 if (mr_ifc_count) { 818 if (cmpxchg(&in_dev->mr_ifc_count, 819 mr_ifc_count, 820 mr_ifc_count - 1) != mr_ifc_count) 821 goto restart; 822 igmp_ifc_start_timer(in_dev, 823 unsolicited_report_interval(in_dev)); 824 } 825 in_dev_put(in_dev); 826 } 827 828 static void igmp_ifc_event(struct in_device *in_dev) 829 { 830 struct net *net = dev_net(in_dev->dev); 831 if (IGMP_V1_SEEN(in_dev) || IGMP_V2_SEEN(in_dev)) 832 return; 833 WRITE_ONCE(in_dev->mr_ifc_count, in_dev->mr_qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv)); 834 igmp_ifc_start_timer(in_dev, 1); 835 } 836 837 838 static void igmp_timer_expire(struct timer_list *t) 839 { 840 struct ip_mc_list *im = from_timer(im, t, timer); 841 struct in_device *in_dev = im->interface; 842 843 spin_lock(&im->lock); 844 im->tm_running = 0; 845 846 if (im->unsolicit_count && --im->unsolicit_count) 847 igmp_start_timer(im, unsolicited_report_interval(in_dev)); 848 849 im->reporter = 1; 850 spin_unlock(&im->lock); 851 852 if (IGMP_V1_SEEN(in_dev)) 853 igmp_send_report(in_dev, im, IGMP_HOST_MEMBERSHIP_REPORT); 854 else if (IGMP_V2_SEEN(in_dev)) 855 igmp_send_report(in_dev, im, IGMPV2_HOST_MEMBERSHIP_REPORT); 856 else 857 igmp_send_report(in_dev, im, IGMPV3_HOST_MEMBERSHIP_REPORT); 858 859 ip_ma_put(im); 860 } 861 862 /* mark EXCLUDE-mode sources */ 863 static int igmp_xmarksources(struct ip_mc_list *pmc, int nsrcs, __be32 *srcs) 864 { 865 struct ip_sf_list *psf; 866 int i, scount; 867 868 scount = 0; 869 for (psf = pmc->sources; psf; psf = psf->sf_next) { 870 if (scount == nsrcs) 871 break; 872 for (i = 0; i < nsrcs; i++) { 873 /* skip inactive filters */ 874 if (psf->sf_count[MCAST_INCLUDE] || 875 pmc->sfcount[MCAST_EXCLUDE] != 876 psf->sf_count[MCAST_EXCLUDE]) 877 break; 878 if (srcs[i] == psf->sf_inaddr) { 879 scount++; 880 break; 881 } 882 } 883 } 884 pmc->gsquery = 0; 885 if (scount == nsrcs) /* all sources excluded */ 886 return 0; 887 return 1; 888 } 889 890 static int igmp_marksources(struct ip_mc_list *pmc, int nsrcs, __be32 *srcs) 891 { 892 struct ip_sf_list *psf; 893 int i, scount; 894 895 if (pmc->sfmode == MCAST_EXCLUDE) 896 return igmp_xmarksources(pmc, nsrcs, srcs); 897 898 /* mark INCLUDE-mode sources */ 899 scount = 0; 900 for (psf = pmc->sources; psf; psf = psf->sf_next) { 901 if (scount == nsrcs) 902 break; 903 for (i = 0; i < nsrcs; i++) 904 if (srcs[i] == psf->sf_inaddr) { 905 psf->sf_gsresp = 1; 906 scount++; 907 break; 908 } 909 } 910 if (!scount) { 911 pmc->gsquery = 0; 912 return 0; 913 } 914 pmc->gsquery = 1; 915 return 1; 916 } 917 918 /* return true if packet was dropped */ 919 static bool igmp_heard_report(struct in_device *in_dev, __be32 group) 920 { 921 struct ip_mc_list *im; 922 struct net *net = dev_net(in_dev->dev); 923 924 /* Timers are only set for non-local groups */ 925 926 if (group == IGMP_ALL_HOSTS) 927 return false; 928 if (ipv4_is_local_multicast(group) && 929 !READ_ONCE(net->ipv4.sysctl_igmp_llm_reports)) 930 return false; 931 932 rcu_read_lock(); 933 for_each_pmc_rcu(in_dev, im) { 934 if (im->multiaddr == group) { 935 igmp_stop_timer(im); 936 break; 937 } 938 } 939 rcu_read_unlock(); 940 return false; 941 } 942 943 /* return true if packet was dropped */ 944 static bool igmp_heard_query(struct in_device *in_dev, struct sk_buff *skb, 945 int len) 946 { 947 struct igmphdr *ih = igmp_hdr(skb); 948 struct igmpv3_query *ih3 = igmpv3_query_hdr(skb); 949 struct ip_mc_list *im; 950 __be32 group = ih->group; 951 int max_delay; 952 int mark = 0; 953 struct net *net = dev_net(in_dev->dev); 954 955 956 if (len == 8) { 957 if (ih->code == 0) { 958 /* Alas, old v1 router presents here. */ 959 960 max_delay = IGMP_QUERY_RESPONSE_INTERVAL; 961 in_dev->mr_v1_seen = jiffies + 962 (in_dev->mr_qrv * in_dev->mr_qi) + 963 in_dev->mr_qri; 964 group = 0; 965 } else { 966 /* v2 router present */ 967 max_delay = ih->code*(HZ/IGMP_TIMER_SCALE); 968 in_dev->mr_v2_seen = jiffies + 969 (in_dev->mr_qrv * in_dev->mr_qi) + 970 in_dev->mr_qri; 971 } 972 /* cancel the interface change timer */ 973 WRITE_ONCE(in_dev->mr_ifc_count, 0); 974 if (del_timer(&in_dev->mr_ifc_timer)) 975 __in_dev_put(in_dev); 976 /* clear deleted report items */ 977 igmpv3_clear_delrec(in_dev); 978 } else if (len < 12) { 979 return true; /* ignore bogus packet; freed by caller */ 980 } else if (IGMP_V1_SEEN(in_dev)) { 981 /* This is a v3 query with v1 queriers present */ 982 max_delay = IGMP_QUERY_RESPONSE_INTERVAL; 983 group = 0; 984 } else if (IGMP_V2_SEEN(in_dev)) { 985 /* this is a v3 query with v2 queriers present; 986 * Interpretation of the max_delay code is problematic here. 987 * A real v2 host would use ih_code directly, while v3 has a 988 * different encoding. We use the v3 encoding as more likely 989 * to be intended in a v3 query. 990 */ 991 max_delay = IGMPV3_MRC(ih3->code)*(HZ/IGMP_TIMER_SCALE); 992 if (!max_delay) 993 max_delay = 1; /* can't mod w/ 0 */ 994 } else { /* v3 */ 995 if (!pskb_may_pull(skb, sizeof(struct igmpv3_query))) 996 return true; 997 998 ih3 = igmpv3_query_hdr(skb); 999 if (ih3->nsrcs) { 1000 if (!pskb_may_pull(skb, sizeof(struct igmpv3_query) 1001 + ntohs(ih3->nsrcs)*sizeof(__be32))) 1002 return true; 1003 ih3 = igmpv3_query_hdr(skb); 1004 } 1005 1006 max_delay = IGMPV3_MRC(ih3->code)*(HZ/IGMP_TIMER_SCALE); 1007 if (!max_delay) 1008 max_delay = 1; /* can't mod w/ 0 */ 1009 in_dev->mr_maxdelay = max_delay; 1010 1011 /* RFC3376, 4.1.6. QRV and 4.1.7. QQIC, when the most recently 1012 * received value was zero, use the default or statically 1013 * configured value. 1014 */ 1015 in_dev->mr_qrv = ih3->qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv); 1016 in_dev->mr_qi = IGMPV3_QQIC(ih3->qqic)*HZ ?: IGMP_QUERY_INTERVAL; 1017 1018 /* RFC3376, 8.3. Query Response Interval: 1019 * The number of seconds represented by the [Query Response 1020 * Interval] must be less than the [Query Interval]. 1021 */ 1022 if (in_dev->mr_qri >= in_dev->mr_qi) 1023 in_dev->mr_qri = (in_dev->mr_qi/HZ - 1)*HZ; 1024 1025 if (!group) { /* general query */ 1026 if (ih3->nsrcs) 1027 return true; /* no sources allowed */ 1028 igmp_gq_start_timer(in_dev); 1029 return false; 1030 } 1031 /* mark sources to include, if group & source-specific */ 1032 mark = ih3->nsrcs != 0; 1033 } 1034 1035 /* 1036 * - Start the timers in all of our membership records 1037 * that the query applies to for the interface on 1038 * which the query arrived excl. those that belong 1039 * to a "local" group (224.0.0.X) 1040 * - For timers already running check if they need to 1041 * be reset. 1042 * - Use the igmp->igmp_code field as the maximum 1043 * delay possible 1044 */ 1045 rcu_read_lock(); 1046 for_each_pmc_rcu(in_dev, im) { 1047 int changed; 1048 1049 if (group && group != im->multiaddr) 1050 continue; 1051 if (im->multiaddr == IGMP_ALL_HOSTS) 1052 continue; 1053 if (ipv4_is_local_multicast(im->multiaddr) && 1054 !READ_ONCE(net->ipv4.sysctl_igmp_llm_reports)) 1055 continue; 1056 spin_lock_bh(&im->lock); 1057 if (im->tm_running) 1058 im->gsquery = im->gsquery && mark; 1059 else 1060 im->gsquery = mark; 1061 changed = !im->gsquery || 1062 igmp_marksources(im, ntohs(ih3->nsrcs), ih3->srcs); 1063 spin_unlock_bh(&im->lock); 1064 if (changed) 1065 igmp_mod_timer(im, max_delay); 1066 } 1067 rcu_read_unlock(); 1068 return false; 1069 } 1070 1071 /* called in rcu_read_lock() section */ 1072 int igmp_rcv(struct sk_buff *skb) 1073 { 1074 /* This basically follows the spec line by line -- see RFC1112 */ 1075 struct igmphdr *ih; 1076 struct net_device *dev = skb->dev; 1077 struct in_device *in_dev; 1078 int len = skb->len; 1079 bool dropped = true; 1080 1081 if (netif_is_l3_master(dev)) { 1082 dev = dev_get_by_index_rcu(dev_net(dev), IPCB(skb)->iif); 1083 if (!dev) 1084 goto drop; 1085 } 1086 1087 in_dev = __in_dev_get_rcu(dev); 1088 if (!in_dev) 1089 goto drop; 1090 1091 if (!pskb_may_pull(skb, sizeof(struct igmphdr))) 1092 goto drop; 1093 1094 if (skb_checksum_simple_validate(skb)) 1095 goto drop; 1096 1097 ih = igmp_hdr(skb); 1098 switch (ih->type) { 1099 case IGMP_HOST_MEMBERSHIP_QUERY: 1100 dropped = igmp_heard_query(in_dev, skb, len); 1101 break; 1102 case IGMP_HOST_MEMBERSHIP_REPORT: 1103 case IGMPV2_HOST_MEMBERSHIP_REPORT: 1104 /* Is it our report looped back? */ 1105 if (rt_is_output_route(skb_rtable(skb))) 1106 break; 1107 /* don't rely on MC router hearing unicast reports */ 1108 if (skb->pkt_type == PACKET_MULTICAST || 1109 skb->pkt_type == PACKET_BROADCAST) 1110 dropped = igmp_heard_report(in_dev, ih->group); 1111 break; 1112 case IGMP_PIM: 1113 #ifdef CONFIG_IP_PIMSM_V1 1114 return pim_rcv_v1(skb); 1115 #endif 1116 case IGMPV3_HOST_MEMBERSHIP_REPORT: 1117 case IGMP_DVMRP: 1118 case IGMP_TRACE: 1119 case IGMP_HOST_LEAVE_MESSAGE: 1120 case IGMP_MTRACE: 1121 case IGMP_MTRACE_RESP: 1122 break; 1123 default: 1124 break; 1125 } 1126 1127 drop: 1128 if (dropped) 1129 kfree_skb(skb); 1130 else 1131 consume_skb(skb); 1132 return 0; 1133 } 1134 1135 #endif 1136 1137 1138 /* 1139 * Add a filter to a device 1140 */ 1141 1142 static void ip_mc_filter_add(struct in_device *in_dev, __be32 addr) 1143 { 1144 char buf[MAX_ADDR_LEN]; 1145 struct net_device *dev = in_dev->dev; 1146 1147 /* Checking for IFF_MULTICAST here is WRONG-WRONG-WRONG. 1148 We will get multicast token leakage, when IFF_MULTICAST 1149 is changed. This check should be done in ndo_set_rx_mode 1150 routine. Something sort of: 1151 if (dev->mc_list && dev->flags&IFF_MULTICAST) { do it; } 1152 --ANK 1153 */ 1154 if (arp_mc_map(addr, buf, dev, 0) == 0) 1155 dev_mc_add(dev, buf); 1156 } 1157 1158 /* 1159 * Remove a filter from a device 1160 */ 1161 1162 static void ip_mc_filter_del(struct in_device *in_dev, __be32 addr) 1163 { 1164 char buf[MAX_ADDR_LEN]; 1165 struct net_device *dev = in_dev->dev; 1166 1167 if (arp_mc_map(addr, buf, dev, 0) == 0) 1168 dev_mc_del(dev, buf); 1169 } 1170 1171 #ifdef CONFIG_IP_MULTICAST 1172 /* 1173 * deleted ip_mc_list manipulation 1174 */ 1175 static void igmpv3_add_delrec(struct in_device *in_dev, struct ip_mc_list *im, 1176 gfp_t gfp) 1177 { 1178 struct ip_mc_list *pmc; 1179 struct net *net = dev_net(in_dev->dev); 1180 1181 /* this is an "ip_mc_list" for convenience; only the fields below 1182 * are actually used. In particular, the refcnt and users are not 1183 * used for management of the delete list. Using the same structure 1184 * for deleted items allows change reports to use common code with 1185 * non-deleted or query-response MCA's. 1186 */ 1187 pmc = kzalloc(sizeof(*pmc), gfp); 1188 if (!pmc) 1189 return; 1190 spin_lock_init(&pmc->lock); 1191 spin_lock_bh(&im->lock); 1192 pmc->interface = im->interface; 1193 in_dev_hold(in_dev); 1194 pmc->multiaddr = im->multiaddr; 1195 pmc->crcount = in_dev->mr_qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv); 1196 pmc->sfmode = im->sfmode; 1197 if (pmc->sfmode == MCAST_INCLUDE) { 1198 struct ip_sf_list *psf; 1199 1200 pmc->tomb = im->tomb; 1201 pmc->sources = im->sources; 1202 im->tomb = im->sources = NULL; 1203 for (psf = pmc->sources; psf; psf = psf->sf_next) 1204 psf->sf_crcount = pmc->crcount; 1205 } 1206 spin_unlock_bh(&im->lock); 1207 1208 spin_lock_bh(&in_dev->mc_tomb_lock); 1209 pmc->next = in_dev->mc_tomb; 1210 in_dev->mc_tomb = pmc; 1211 spin_unlock_bh(&in_dev->mc_tomb_lock); 1212 } 1213 1214 /* 1215 * restore ip_mc_list deleted records 1216 */ 1217 static void igmpv3_del_delrec(struct in_device *in_dev, struct ip_mc_list *im) 1218 { 1219 struct ip_mc_list *pmc, *pmc_prev; 1220 struct ip_sf_list *psf; 1221 struct net *net = dev_net(in_dev->dev); 1222 __be32 multiaddr = im->multiaddr; 1223 1224 spin_lock_bh(&in_dev->mc_tomb_lock); 1225 pmc_prev = NULL; 1226 for (pmc = in_dev->mc_tomb; pmc; pmc = pmc->next) { 1227 if (pmc->multiaddr == multiaddr) 1228 break; 1229 pmc_prev = pmc; 1230 } 1231 if (pmc) { 1232 if (pmc_prev) 1233 pmc_prev->next = pmc->next; 1234 else 1235 in_dev->mc_tomb = pmc->next; 1236 } 1237 spin_unlock_bh(&in_dev->mc_tomb_lock); 1238 1239 spin_lock_bh(&im->lock); 1240 if (pmc) { 1241 im->interface = pmc->interface; 1242 if (im->sfmode == MCAST_INCLUDE) { 1243 swap(im->tomb, pmc->tomb); 1244 swap(im->sources, pmc->sources); 1245 for (psf = im->sources; psf; psf = psf->sf_next) 1246 psf->sf_crcount = in_dev->mr_qrv ?: 1247 READ_ONCE(net->ipv4.sysctl_igmp_qrv); 1248 } else { 1249 im->crcount = in_dev->mr_qrv ?: 1250 READ_ONCE(net->ipv4.sysctl_igmp_qrv); 1251 } 1252 in_dev_put(pmc->interface); 1253 kfree_pmc(pmc); 1254 } 1255 spin_unlock_bh(&im->lock); 1256 } 1257 1258 /* 1259 * flush ip_mc_list deleted records 1260 */ 1261 static void igmpv3_clear_delrec(struct in_device *in_dev) 1262 { 1263 struct ip_mc_list *pmc, *nextpmc; 1264 1265 spin_lock_bh(&in_dev->mc_tomb_lock); 1266 pmc = in_dev->mc_tomb; 1267 in_dev->mc_tomb = NULL; 1268 spin_unlock_bh(&in_dev->mc_tomb_lock); 1269 1270 for (; pmc; pmc = nextpmc) { 1271 nextpmc = pmc->next; 1272 ip_mc_clear_src(pmc); 1273 in_dev_put(pmc->interface); 1274 kfree_pmc(pmc); 1275 } 1276 /* clear dead sources, too */ 1277 rcu_read_lock(); 1278 for_each_pmc_rcu(in_dev, pmc) { 1279 struct ip_sf_list *psf; 1280 1281 spin_lock_bh(&pmc->lock); 1282 psf = pmc->tomb; 1283 pmc->tomb = NULL; 1284 spin_unlock_bh(&pmc->lock); 1285 ip_sf_list_clear_all(psf); 1286 } 1287 rcu_read_unlock(); 1288 } 1289 #endif 1290 1291 static void __igmp_group_dropped(struct ip_mc_list *im, gfp_t gfp) 1292 { 1293 struct in_device *in_dev = im->interface; 1294 #ifdef CONFIG_IP_MULTICAST 1295 struct net *net = dev_net(in_dev->dev); 1296 int reporter; 1297 #endif 1298 1299 if (im->loaded) { 1300 im->loaded = 0; 1301 ip_mc_filter_del(in_dev, im->multiaddr); 1302 } 1303 1304 #ifdef CONFIG_IP_MULTICAST 1305 if (im->multiaddr == IGMP_ALL_HOSTS) 1306 return; 1307 if (ipv4_is_local_multicast(im->multiaddr) && 1308 !READ_ONCE(net->ipv4.sysctl_igmp_llm_reports)) 1309 return; 1310 1311 reporter = im->reporter; 1312 igmp_stop_timer(im); 1313 1314 if (!in_dev->dead) { 1315 if (IGMP_V1_SEEN(in_dev)) 1316 return; 1317 if (IGMP_V2_SEEN(in_dev)) { 1318 if (reporter) 1319 igmp_send_report(in_dev, im, IGMP_HOST_LEAVE_MESSAGE); 1320 return; 1321 } 1322 /* IGMPv3 */ 1323 igmpv3_add_delrec(in_dev, im, gfp); 1324 1325 igmp_ifc_event(in_dev); 1326 } 1327 #endif 1328 } 1329 1330 static void igmp_group_dropped(struct ip_mc_list *im) 1331 { 1332 __igmp_group_dropped(im, GFP_KERNEL); 1333 } 1334 1335 static void igmp_group_added(struct ip_mc_list *im) 1336 { 1337 struct in_device *in_dev = im->interface; 1338 #ifdef CONFIG_IP_MULTICAST 1339 struct net *net = dev_net(in_dev->dev); 1340 #endif 1341 1342 if (im->loaded == 0) { 1343 im->loaded = 1; 1344 ip_mc_filter_add(in_dev, im->multiaddr); 1345 } 1346 1347 #ifdef CONFIG_IP_MULTICAST 1348 if (im->multiaddr == IGMP_ALL_HOSTS) 1349 return; 1350 if (ipv4_is_local_multicast(im->multiaddr) && 1351 !READ_ONCE(net->ipv4.sysctl_igmp_llm_reports)) 1352 return; 1353 1354 if (in_dev->dead) 1355 return; 1356 1357 im->unsolicit_count = READ_ONCE(net->ipv4.sysctl_igmp_qrv); 1358 if (IGMP_V1_SEEN(in_dev) || IGMP_V2_SEEN(in_dev)) { 1359 spin_lock_bh(&im->lock); 1360 igmp_start_timer(im, IGMP_INITIAL_REPORT_DELAY); 1361 spin_unlock_bh(&im->lock); 1362 return; 1363 } 1364 /* else, v3 */ 1365 1366 /* Based on RFC3376 5.1, for newly added INCLUDE SSM, we should 1367 * not send filter-mode change record as the mode should be from 1368 * IN() to IN(A). 1369 */ 1370 if (im->sfmode == MCAST_EXCLUDE) 1371 im->crcount = in_dev->mr_qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv); 1372 1373 igmp_ifc_event(in_dev); 1374 #endif 1375 } 1376 1377 1378 /* 1379 * Multicast list managers 1380 */ 1381 1382 static u32 ip_mc_hash(const struct ip_mc_list *im) 1383 { 1384 return hash_32((__force u32)im->multiaddr, MC_HASH_SZ_LOG); 1385 } 1386 1387 static void ip_mc_hash_add(struct in_device *in_dev, 1388 struct ip_mc_list *im) 1389 { 1390 struct ip_mc_list __rcu **mc_hash; 1391 u32 hash; 1392 1393 mc_hash = rtnl_dereference(in_dev->mc_hash); 1394 if (mc_hash) { 1395 hash = ip_mc_hash(im); 1396 im->next_hash = mc_hash[hash]; 1397 rcu_assign_pointer(mc_hash[hash], im); 1398 return; 1399 } 1400 1401 /* do not use a hash table for small number of items */ 1402 if (in_dev->mc_count < 4) 1403 return; 1404 1405 mc_hash = kzalloc(sizeof(struct ip_mc_list *) << MC_HASH_SZ_LOG, 1406 GFP_KERNEL); 1407 if (!mc_hash) 1408 return; 1409 1410 for_each_pmc_rtnl(in_dev, im) { 1411 hash = ip_mc_hash(im); 1412 im->next_hash = mc_hash[hash]; 1413 RCU_INIT_POINTER(mc_hash[hash], im); 1414 } 1415 1416 rcu_assign_pointer(in_dev->mc_hash, mc_hash); 1417 } 1418 1419 static void ip_mc_hash_remove(struct in_device *in_dev, 1420 struct ip_mc_list *im) 1421 { 1422 struct ip_mc_list __rcu **mc_hash = rtnl_dereference(in_dev->mc_hash); 1423 struct ip_mc_list *aux; 1424 1425 if (!mc_hash) 1426 return; 1427 mc_hash += ip_mc_hash(im); 1428 while ((aux = rtnl_dereference(*mc_hash)) != im) 1429 mc_hash = &aux->next_hash; 1430 *mc_hash = im->next_hash; 1431 } 1432 1433 1434 /* 1435 * A socket has joined a multicast group on device dev. 1436 */ 1437 static void ____ip_mc_inc_group(struct in_device *in_dev, __be32 addr, 1438 unsigned int mode, gfp_t gfp) 1439 { 1440 struct ip_mc_list *im; 1441 1442 ASSERT_RTNL(); 1443 1444 for_each_pmc_rtnl(in_dev, im) { 1445 if (im->multiaddr == addr) { 1446 im->users++; 1447 ip_mc_add_src(in_dev, &addr, mode, 0, NULL, 0); 1448 goto out; 1449 } 1450 } 1451 1452 im = kzalloc(sizeof(*im), gfp); 1453 if (!im) 1454 goto out; 1455 1456 im->users = 1; 1457 im->interface = in_dev; 1458 in_dev_hold(in_dev); 1459 im->multiaddr = addr; 1460 /* initial mode is (EX, empty) */ 1461 im->sfmode = mode; 1462 im->sfcount[mode] = 1; 1463 refcount_set(&im->refcnt, 1); 1464 spin_lock_init(&im->lock); 1465 #ifdef CONFIG_IP_MULTICAST 1466 timer_setup(&im->timer, igmp_timer_expire, 0); 1467 #endif 1468 1469 im->next_rcu = in_dev->mc_list; 1470 in_dev->mc_count++; 1471 rcu_assign_pointer(in_dev->mc_list, im); 1472 1473 ip_mc_hash_add(in_dev, im); 1474 1475 #ifdef CONFIG_IP_MULTICAST 1476 igmpv3_del_delrec(in_dev, im); 1477 #endif 1478 igmp_group_added(im); 1479 if (!in_dev->dead) 1480 ip_rt_multicast_event(in_dev); 1481 out: 1482 return; 1483 } 1484 1485 void __ip_mc_inc_group(struct in_device *in_dev, __be32 addr, gfp_t gfp) 1486 { 1487 ____ip_mc_inc_group(in_dev, addr, MCAST_EXCLUDE, gfp); 1488 } 1489 EXPORT_SYMBOL(__ip_mc_inc_group); 1490 1491 void ip_mc_inc_group(struct in_device *in_dev, __be32 addr) 1492 { 1493 __ip_mc_inc_group(in_dev, addr, GFP_KERNEL); 1494 } 1495 EXPORT_SYMBOL(ip_mc_inc_group); 1496 1497 static int ip_mc_check_iphdr(struct sk_buff *skb) 1498 { 1499 const struct iphdr *iph; 1500 unsigned int len; 1501 unsigned int offset = skb_network_offset(skb) + sizeof(*iph); 1502 1503 if (!pskb_may_pull(skb, offset)) 1504 return -EINVAL; 1505 1506 iph = ip_hdr(skb); 1507 1508 if (iph->version != 4 || ip_hdrlen(skb) < sizeof(*iph)) 1509 return -EINVAL; 1510 1511 offset += ip_hdrlen(skb) - sizeof(*iph); 1512 1513 if (!pskb_may_pull(skb, offset)) 1514 return -EINVAL; 1515 1516 iph = ip_hdr(skb); 1517 1518 if (unlikely(ip_fast_csum((u8 *)iph, iph->ihl))) 1519 return -EINVAL; 1520 1521 len = skb_network_offset(skb) + ntohs(iph->tot_len); 1522 if (skb->len < len || len < offset) 1523 return -EINVAL; 1524 1525 skb_set_transport_header(skb, offset); 1526 1527 return 0; 1528 } 1529 1530 static int ip_mc_check_igmp_reportv3(struct sk_buff *skb) 1531 { 1532 unsigned int len = skb_transport_offset(skb); 1533 1534 len += sizeof(struct igmpv3_report); 1535 1536 return ip_mc_may_pull(skb, len) ? 0 : -EINVAL; 1537 } 1538 1539 static int ip_mc_check_igmp_query(struct sk_buff *skb) 1540 { 1541 unsigned int transport_len = ip_transport_len(skb); 1542 unsigned int len; 1543 1544 /* IGMPv{1,2}? */ 1545 if (transport_len != sizeof(struct igmphdr)) { 1546 /* or IGMPv3? */ 1547 if (transport_len < sizeof(struct igmpv3_query)) 1548 return -EINVAL; 1549 1550 len = skb_transport_offset(skb) + sizeof(struct igmpv3_query); 1551 if (!ip_mc_may_pull(skb, len)) 1552 return -EINVAL; 1553 } 1554 1555 /* RFC2236+RFC3376 (IGMPv2+IGMPv3) require the multicast link layer 1556 * all-systems destination addresses (224.0.0.1) for general queries 1557 */ 1558 if (!igmp_hdr(skb)->group && 1559 ip_hdr(skb)->daddr != htonl(INADDR_ALLHOSTS_GROUP)) 1560 return -EINVAL; 1561 1562 return 0; 1563 } 1564 1565 static int ip_mc_check_igmp_msg(struct sk_buff *skb) 1566 { 1567 switch (igmp_hdr(skb)->type) { 1568 case IGMP_HOST_LEAVE_MESSAGE: 1569 case IGMP_HOST_MEMBERSHIP_REPORT: 1570 case IGMPV2_HOST_MEMBERSHIP_REPORT: 1571 return 0; 1572 case IGMPV3_HOST_MEMBERSHIP_REPORT: 1573 return ip_mc_check_igmp_reportv3(skb); 1574 case IGMP_HOST_MEMBERSHIP_QUERY: 1575 return ip_mc_check_igmp_query(skb); 1576 default: 1577 return -ENOMSG; 1578 } 1579 } 1580 1581 static __sum16 ip_mc_validate_checksum(struct sk_buff *skb) 1582 { 1583 return skb_checksum_simple_validate(skb); 1584 } 1585 1586 static int ip_mc_check_igmp_csum(struct sk_buff *skb) 1587 { 1588 unsigned int len = skb_transport_offset(skb) + sizeof(struct igmphdr); 1589 unsigned int transport_len = ip_transport_len(skb); 1590 struct sk_buff *skb_chk; 1591 1592 if (!ip_mc_may_pull(skb, len)) 1593 return -EINVAL; 1594 1595 skb_chk = skb_checksum_trimmed(skb, transport_len, 1596 ip_mc_validate_checksum); 1597 if (!skb_chk) 1598 return -EINVAL; 1599 1600 if (skb_chk != skb) 1601 kfree_skb(skb_chk); 1602 1603 return 0; 1604 } 1605 1606 /** 1607 * ip_mc_check_igmp - checks whether this is a sane IGMP packet 1608 * @skb: the skb to validate 1609 * 1610 * Checks whether an IPv4 packet is a valid IGMP packet. If so sets 1611 * skb transport header accordingly and returns zero. 1612 * 1613 * -EINVAL: A broken packet was detected, i.e. it violates some internet 1614 * standard 1615 * -ENOMSG: IP header validation succeeded but it is not an IGMP packet. 1616 * -ENOMEM: A memory allocation failure happened. 1617 * 1618 * Caller needs to set the skb network header and free any returned skb if it 1619 * differs from the provided skb. 1620 */ 1621 int ip_mc_check_igmp(struct sk_buff *skb) 1622 { 1623 int ret = ip_mc_check_iphdr(skb); 1624 1625 if (ret < 0) 1626 return ret; 1627 1628 if (ip_hdr(skb)->protocol != IPPROTO_IGMP) 1629 return -ENOMSG; 1630 1631 ret = ip_mc_check_igmp_csum(skb); 1632 if (ret < 0) 1633 return ret; 1634 1635 return ip_mc_check_igmp_msg(skb); 1636 } 1637 EXPORT_SYMBOL(ip_mc_check_igmp); 1638 1639 /* 1640 * Resend IGMP JOIN report; used by netdev notifier. 1641 */ 1642 static void ip_mc_rejoin_groups(struct in_device *in_dev) 1643 { 1644 #ifdef CONFIG_IP_MULTICAST 1645 struct ip_mc_list *im; 1646 int type; 1647 struct net *net = dev_net(in_dev->dev); 1648 1649 ASSERT_RTNL(); 1650 1651 for_each_pmc_rtnl(in_dev, im) { 1652 if (im->multiaddr == IGMP_ALL_HOSTS) 1653 continue; 1654 if (ipv4_is_local_multicast(im->multiaddr) && 1655 !READ_ONCE(net->ipv4.sysctl_igmp_llm_reports)) 1656 continue; 1657 1658 /* a failover is happening and switches 1659 * must be notified immediately 1660 */ 1661 if (IGMP_V1_SEEN(in_dev)) 1662 type = IGMP_HOST_MEMBERSHIP_REPORT; 1663 else if (IGMP_V2_SEEN(in_dev)) 1664 type = IGMPV2_HOST_MEMBERSHIP_REPORT; 1665 else 1666 type = IGMPV3_HOST_MEMBERSHIP_REPORT; 1667 igmp_send_report(in_dev, im, type); 1668 } 1669 #endif 1670 } 1671 1672 /* 1673 * A socket has left a multicast group on device dev 1674 */ 1675 1676 void __ip_mc_dec_group(struct in_device *in_dev, __be32 addr, gfp_t gfp) 1677 { 1678 struct ip_mc_list *i; 1679 struct ip_mc_list __rcu **ip; 1680 1681 ASSERT_RTNL(); 1682 1683 for (ip = &in_dev->mc_list; 1684 (i = rtnl_dereference(*ip)) != NULL; 1685 ip = &i->next_rcu) { 1686 if (i->multiaddr == addr) { 1687 if (--i->users == 0) { 1688 ip_mc_hash_remove(in_dev, i); 1689 *ip = i->next_rcu; 1690 in_dev->mc_count--; 1691 __igmp_group_dropped(i, gfp); 1692 ip_mc_clear_src(i); 1693 1694 if (!in_dev->dead) 1695 ip_rt_multicast_event(in_dev); 1696 1697 ip_ma_put(i); 1698 return; 1699 } 1700 break; 1701 } 1702 } 1703 } 1704 EXPORT_SYMBOL(__ip_mc_dec_group); 1705 1706 /* Device changing type */ 1707 1708 void ip_mc_unmap(struct in_device *in_dev) 1709 { 1710 struct ip_mc_list *pmc; 1711 1712 ASSERT_RTNL(); 1713 1714 for_each_pmc_rtnl(in_dev, pmc) 1715 igmp_group_dropped(pmc); 1716 } 1717 1718 void ip_mc_remap(struct in_device *in_dev) 1719 { 1720 struct ip_mc_list *pmc; 1721 1722 ASSERT_RTNL(); 1723 1724 for_each_pmc_rtnl(in_dev, pmc) { 1725 #ifdef CONFIG_IP_MULTICAST 1726 igmpv3_del_delrec(in_dev, pmc); 1727 #endif 1728 igmp_group_added(pmc); 1729 } 1730 } 1731 1732 /* Device going down */ 1733 1734 void ip_mc_down(struct in_device *in_dev) 1735 { 1736 struct ip_mc_list *pmc; 1737 1738 ASSERT_RTNL(); 1739 1740 for_each_pmc_rtnl(in_dev, pmc) 1741 igmp_group_dropped(pmc); 1742 1743 #ifdef CONFIG_IP_MULTICAST 1744 WRITE_ONCE(in_dev->mr_ifc_count, 0); 1745 if (del_timer(&in_dev->mr_ifc_timer)) 1746 __in_dev_put(in_dev); 1747 in_dev->mr_gq_running = 0; 1748 if (del_timer(&in_dev->mr_gq_timer)) 1749 __in_dev_put(in_dev); 1750 #endif 1751 1752 ip_mc_dec_group(in_dev, IGMP_ALL_HOSTS); 1753 } 1754 1755 #ifdef CONFIG_IP_MULTICAST 1756 static void ip_mc_reset(struct in_device *in_dev) 1757 { 1758 struct net *net = dev_net(in_dev->dev); 1759 1760 in_dev->mr_qi = IGMP_QUERY_INTERVAL; 1761 in_dev->mr_qri = IGMP_QUERY_RESPONSE_INTERVAL; 1762 in_dev->mr_qrv = READ_ONCE(net->ipv4.sysctl_igmp_qrv); 1763 } 1764 #else 1765 static void ip_mc_reset(struct in_device *in_dev) 1766 { 1767 } 1768 #endif 1769 1770 void ip_mc_init_dev(struct in_device *in_dev) 1771 { 1772 ASSERT_RTNL(); 1773 1774 #ifdef CONFIG_IP_MULTICAST 1775 timer_setup(&in_dev->mr_gq_timer, igmp_gq_timer_expire, 0); 1776 timer_setup(&in_dev->mr_ifc_timer, igmp_ifc_timer_expire, 0); 1777 #endif 1778 ip_mc_reset(in_dev); 1779 1780 spin_lock_init(&in_dev->mc_tomb_lock); 1781 } 1782 1783 /* Device going up */ 1784 1785 void ip_mc_up(struct in_device *in_dev) 1786 { 1787 struct ip_mc_list *pmc; 1788 1789 ASSERT_RTNL(); 1790 1791 ip_mc_reset(in_dev); 1792 ip_mc_inc_group(in_dev, IGMP_ALL_HOSTS); 1793 1794 for_each_pmc_rtnl(in_dev, pmc) { 1795 #ifdef CONFIG_IP_MULTICAST 1796 igmpv3_del_delrec(in_dev, pmc); 1797 #endif 1798 igmp_group_added(pmc); 1799 } 1800 } 1801 1802 /* 1803 * Device is about to be destroyed: clean up. 1804 */ 1805 1806 void ip_mc_destroy_dev(struct in_device *in_dev) 1807 { 1808 struct ip_mc_list *i; 1809 1810 ASSERT_RTNL(); 1811 1812 /* Deactivate timers */ 1813 ip_mc_down(in_dev); 1814 #ifdef CONFIG_IP_MULTICAST 1815 igmpv3_clear_delrec(in_dev); 1816 #endif 1817 1818 while ((i = rtnl_dereference(in_dev->mc_list)) != NULL) { 1819 in_dev->mc_list = i->next_rcu; 1820 in_dev->mc_count--; 1821 ip_mc_clear_src(i); 1822 ip_ma_put(i); 1823 } 1824 } 1825 1826 /* RTNL is locked */ 1827 static struct in_device *ip_mc_find_dev(struct net *net, struct ip_mreqn *imr) 1828 { 1829 struct net_device *dev = NULL; 1830 struct in_device *idev = NULL; 1831 1832 if (imr->imr_ifindex) { 1833 idev = inetdev_by_index(net, imr->imr_ifindex); 1834 return idev; 1835 } 1836 if (imr->imr_address.s_addr) { 1837 dev = __ip_dev_find(net, imr->imr_address.s_addr, false); 1838 if (!dev) 1839 return NULL; 1840 } 1841 1842 if (!dev) { 1843 struct rtable *rt = ip_route_output(net, 1844 imr->imr_multiaddr.s_addr, 1845 0, 0, 0, 1846 RT_SCOPE_UNIVERSE); 1847 if (!IS_ERR(rt)) { 1848 dev = rt->dst.dev; 1849 ip_rt_put(rt); 1850 } 1851 } 1852 if (dev) { 1853 imr->imr_ifindex = dev->ifindex; 1854 idev = __in_dev_get_rtnl(dev); 1855 } 1856 return idev; 1857 } 1858 1859 /* 1860 * Join a socket to a group 1861 */ 1862 1863 static int ip_mc_del1_src(struct ip_mc_list *pmc, int sfmode, 1864 __be32 *psfsrc) 1865 { 1866 struct ip_sf_list *psf, *psf_prev; 1867 int rv = 0; 1868 1869 psf_prev = NULL; 1870 for (psf = pmc->sources; psf; psf = psf->sf_next) { 1871 if (psf->sf_inaddr == *psfsrc) 1872 break; 1873 psf_prev = psf; 1874 } 1875 if (!psf || psf->sf_count[sfmode] == 0) { 1876 /* source filter not found, or count wrong => bug */ 1877 return -ESRCH; 1878 } 1879 psf->sf_count[sfmode]--; 1880 if (psf->sf_count[sfmode] == 0) { 1881 ip_rt_multicast_event(pmc->interface); 1882 } 1883 if (!psf->sf_count[MCAST_INCLUDE] && !psf->sf_count[MCAST_EXCLUDE]) { 1884 #ifdef CONFIG_IP_MULTICAST 1885 struct in_device *in_dev = pmc->interface; 1886 struct net *net = dev_net(in_dev->dev); 1887 #endif 1888 1889 /* no more filters for this source */ 1890 if (psf_prev) 1891 psf_prev->sf_next = psf->sf_next; 1892 else 1893 pmc->sources = psf->sf_next; 1894 #ifdef CONFIG_IP_MULTICAST 1895 if (psf->sf_oldin && 1896 !IGMP_V1_SEEN(in_dev) && !IGMP_V2_SEEN(in_dev)) { 1897 psf->sf_crcount = in_dev->mr_qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv); 1898 psf->sf_next = pmc->tomb; 1899 pmc->tomb = psf; 1900 rv = 1; 1901 } else 1902 #endif 1903 kfree(psf); 1904 } 1905 return rv; 1906 } 1907 1908 #ifndef CONFIG_IP_MULTICAST 1909 #define igmp_ifc_event(x) do { } while (0) 1910 #endif 1911 1912 static int ip_mc_del_src(struct in_device *in_dev, __be32 *pmca, int sfmode, 1913 int sfcount, __be32 *psfsrc, int delta) 1914 { 1915 struct ip_mc_list *pmc; 1916 int changerec = 0; 1917 int i, err; 1918 1919 if (!in_dev) 1920 return -ENODEV; 1921 rcu_read_lock(); 1922 for_each_pmc_rcu(in_dev, pmc) { 1923 if (*pmca == pmc->multiaddr) 1924 break; 1925 } 1926 if (!pmc) { 1927 /* MCA not found?? bug */ 1928 rcu_read_unlock(); 1929 return -ESRCH; 1930 } 1931 spin_lock_bh(&pmc->lock); 1932 rcu_read_unlock(); 1933 #ifdef CONFIG_IP_MULTICAST 1934 sf_markstate(pmc); 1935 #endif 1936 if (!delta) { 1937 err = -EINVAL; 1938 if (!pmc->sfcount[sfmode]) 1939 goto out_unlock; 1940 pmc->sfcount[sfmode]--; 1941 } 1942 err = 0; 1943 for (i = 0; i < sfcount; i++) { 1944 int rv = ip_mc_del1_src(pmc, sfmode, &psfsrc[i]); 1945 1946 changerec |= rv > 0; 1947 if (!err && rv < 0) 1948 err = rv; 1949 } 1950 if (pmc->sfmode == MCAST_EXCLUDE && 1951 pmc->sfcount[MCAST_EXCLUDE] == 0 && 1952 pmc->sfcount[MCAST_INCLUDE]) { 1953 #ifdef CONFIG_IP_MULTICAST 1954 struct ip_sf_list *psf; 1955 struct net *net = dev_net(in_dev->dev); 1956 #endif 1957 1958 /* filter mode change */ 1959 pmc->sfmode = MCAST_INCLUDE; 1960 #ifdef CONFIG_IP_MULTICAST 1961 pmc->crcount = in_dev->mr_qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv); 1962 WRITE_ONCE(in_dev->mr_ifc_count, pmc->crcount); 1963 for (psf = pmc->sources; psf; psf = psf->sf_next) 1964 psf->sf_crcount = 0; 1965 igmp_ifc_event(pmc->interface); 1966 } else if (sf_setstate(pmc) || changerec) { 1967 igmp_ifc_event(pmc->interface); 1968 #endif 1969 } 1970 out_unlock: 1971 spin_unlock_bh(&pmc->lock); 1972 return err; 1973 } 1974 1975 /* 1976 * Add multicast single-source filter to the interface list 1977 */ 1978 static int ip_mc_add1_src(struct ip_mc_list *pmc, int sfmode, 1979 __be32 *psfsrc) 1980 { 1981 struct ip_sf_list *psf, *psf_prev; 1982 1983 psf_prev = NULL; 1984 for (psf = pmc->sources; psf; psf = psf->sf_next) { 1985 if (psf->sf_inaddr == *psfsrc) 1986 break; 1987 psf_prev = psf; 1988 } 1989 if (!psf) { 1990 psf = kzalloc(sizeof(*psf), GFP_ATOMIC); 1991 if (!psf) 1992 return -ENOBUFS; 1993 psf->sf_inaddr = *psfsrc; 1994 if (psf_prev) { 1995 psf_prev->sf_next = psf; 1996 } else 1997 pmc->sources = psf; 1998 } 1999 psf->sf_count[sfmode]++; 2000 if (psf->sf_count[sfmode] == 1) { 2001 ip_rt_multicast_event(pmc->interface); 2002 } 2003 return 0; 2004 } 2005 2006 #ifdef CONFIG_IP_MULTICAST 2007 static void sf_markstate(struct ip_mc_list *pmc) 2008 { 2009 struct ip_sf_list *psf; 2010 int mca_xcount = pmc->sfcount[MCAST_EXCLUDE]; 2011 2012 for (psf = pmc->sources; psf; psf = psf->sf_next) 2013 if (pmc->sfcount[MCAST_EXCLUDE]) { 2014 psf->sf_oldin = mca_xcount == 2015 psf->sf_count[MCAST_EXCLUDE] && 2016 !psf->sf_count[MCAST_INCLUDE]; 2017 } else 2018 psf->sf_oldin = psf->sf_count[MCAST_INCLUDE] != 0; 2019 } 2020 2021 static int sf_setstate(struct ip_mc_list *pmc) 2022 { 2023 struct ip_sf_list *psf, *dpsf; 2024 int mca_xcount = pmc->sfcount[MCAST_EXCLUDE]; 2025 int qrv = pmc->interface->mr_qrv; 2026 int new_in, rv; 2027 2028 rv = 0; 2029 for (psf = pmc->sources; psf; psf = psf->sf_next) { 2030 if (pmc->sfcount[MCAST_EXCLUDE]) { 2031 new_in = mca_xcount == psf->sf_count[MCAST_EXCLUDE] && 2032 !psf->sf_count[MCAST_INCLUDE]; 2033 } else 2034 new_in = psf->sf_count[MCAST_INCLUDE] != 0; 2035 if (new_in) { 2036 if (!psf->sf_oldin) { 2037 struct ip_sf_list *prev = NULL; 2038 2039 for (dpsf = pmc->tomb; dpsf; dpsf = dpsf->sf_next) { 2040 if (dpsf->sf_inaddr == psf->sf_inaddr) 2041 break; 2042 prev = dpsf; 2043 } 2044 if (dpsf) { 2045 if (prev) 2046 prev->sf_next = dpsf->sf_next; 2047 else 2048 pmc->tomb = dpsf->sf_next; 2049 kfree(dpsf); 2050 } 2051 psf->sf_crcount = qrv; 2052 rv++; 2053 } 2054 } else if (psf->sf_oldin) { 2055 2056 psf->sf_crcount = 0; 2057 /* 2058 * add or update "delete" records if an active filter 2059 * is now inactive 2060 */ 2061 for (dpsf = pmc->tomb; dpsf; dpsf = dpsf->sf_next) 2062 if (dpsf->sf_inaddr == psf->sf_inaddr) 2063 break; 2064 if (!dpsf) { 2065 dpsf = kmalloc(sizeof(*dpsf), GFP_ATOMIC); 2066 if (!dpsf) 2067 continue; 2068 *dpsf = *psf; 2069 /* pmc->lock held by callers */ 2070 dpsf->sf_next = pmc->tomb; 2071 pmc->tomb = dpsf; 2072 } 2073 dpsf->sf_crcount = qrv; 2074 rv++; 2075 } 2076 } 2077 return rv; 2078 } 2079 #endif 2080 2081 /* 2082 * Add multicast source filter list to the interface list 2083 */ 2084 static int ip_mc_add_src(struct in_device *in_dev, __be32 *pmca, int sfmode, 2085 int sfcount, __be32 *psfsrc, int delta) 2086 { 2087 struct ip_mc_list *pmc; 2088 int isexclude; 2089 int i, err; 2090 2091 if (!in_dev) 2092 return -ENODEV; 2093 rcu_read_lock(); 2094 for_each_pmc_rcu(in_dev, pmc) { 2095 if (*pmca == pmc->multiaddr) 2096 break; 2097 } 2098 if (!pmc) { 2099 /* MCA not found?? bug */ 2100 rcu_read_unlock(); 2101 return -ESRCH; 2102 } 2103 spin_lock_bh(&pmc->lock); 2104 rcu_read_unlock(); 2105 2106 #ifdef CONFIG_IP_MULTICAST 2107 sf_markstate(pmc); 2108 #endif 2109 isexclude = pmc->sfmode == MCAST_EXCLUDE; 2110 if (!delta) 2111 pmc->sfcount[sfmode]++; 2112 err = 0; 2113 for (i = 0; i < sfcount; i++) { 2114 err = ip_mc_add1_src(pmc, sfmode, &psfsrc[i]); 2115 if (err) 2116 break; 2117 } 2118 if (err) { 2119 int j; 2120 2121 if (!delta) 2122 pmc->sfcount[sfmode]--; 2123 for (j = 0; j < i; j++) 2124 (void) ip_mc_del1_src(pmc, sfmode, &psfsrc[j]); 2125 } else if (isexclude != (pmc->sfcount[MCAST_EXCLUDE] != 0)) { 2126 #ifdef CONFIG_IP_MULTICAST 2127 struct ip_sf_list *psf; 2128 struct net *net = dev_net(pmc->interface->dev); 2129 in_dev = pmc->interface; 2130 #endif 2131 2132 /* filter mode change */ 2133 if (pmc->sfcount[MCAST_EXCLUDE]) 2134 pmc->sfmode = MCAST_EXCLUDE; 2135 else if (pmc->sfcount[MCAST_INCLUDE]) 2136 pmc->sfmode = MCAST_INCLUDE; 2137 #ifdef CONFIG_IP_MULTICAST 2138 /* else no filters; keep old mode for reports */ 2139 2140 pmc->crcount = in_dev->mr_qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv); 2141 WRITE_ONCE(in_dev->mr_ifc_count, pmc->crcount); 2142 for (psf = pmc->sources; psf; psf = psf->sf_next) 2143 psf->sf_crcount = 0; 2144 igmp_ifc_event(in_dev); 2145 } else if (sf_setstate(pmc)) { 2146 igmp_ifc_event(in_dev); 2147 #endif 2148 } 2149 spin_unlock_bh(&pmc->lock); 2150 return err; 2151 } 2152 2153 static void ip_mc_clear_src(struct ip_mc_list *pmc) 2154 { 2155 struct ip_sf_list *tomb, *sources; 2156 2157 spin_lock_bh(&pmc->lock); 2158 tomb = pmc->tomb; 2159 pmc->tomb = NULL; 2160 sources = pmc->sources; 2161 pmc->sources = NULL; 2162 pmc->sfmode = MCAST_EXCLUDE; 2163 pmc->sfcount[MCAST_INCLUDE] = 0; 2164 pmc->sfcount[MCAST_EXCLUDE] = 1; 2165 spin_unlock_bh(&pmc->lock); 2166 2167 ip_sf_list_clear_all(tomb); 2168 ip_sf_list_clear_all(sources); 2169 } 2170 2171 /* Join a multicast group 2172 */ 2173 static int __ip_mc_join_group(struct sock *sk, struct ip_mreqn *imr, 2174 unsigned int mode) 2175 { 2176 __be32 addr = imr->imr_multiaddr.s_addr; 2177 struct ip_mc_socklist *iml, *i; 2178 struct in_device *in_dev; 2179 struct inet_sock *inet = inet_sk(sk); 2180 struct net *net = sock_net(sk); 2181 int ifindex; 2182 int count = 0; 2183 int err; 2184 2185 ASSERT_RTNL(); 2186 2187 if (!ipv4_is_multicast(addr)) 2188 return -EINVAL; 2189 2190 in_dev = ip_mc_find_dev(net, imr); 2191 2192 if (!in_dev) { 2193 err = -ENODEV; 2194 goto done; 2195 } 2196 2197 err = -EADDRINUSE; 2198 ifindex = imr->imr_ifindex; 2199 for_each_pmc_rtnl(inet, i) { 2200 if (i->multi.imr_multiaddr.s_addr == addr && 2201 i->multi.imr_ifindex == ifindex) 2202 goto done; 2203 count++; 2204 } 2205 err = -ENOBUFS; 2206 if (count >= READ_ONCE(net->ipv4.sysctl_igmp_max_memberships)) 2207 goto done; 2208 iml = sock_kmalloc(sk, sizeof(*iml), GFP_KERNEL); 2209 if (!iml) 2210 goto done; 2211 2212 memcpy(&iml->multi, imr, sizeof(*imr)); 2213 iml->next_rcu = inet->mc_list; 2214 iml->sflist = NULL; 2215 iml->sfmode = mode; 2216 rcu_assign_pointer(inet->mc_list, iml); 2217 ____ip_mc_inc_group(in_dev, addr, mode, GFP_KERNEL); 2218 err = 0; 2219 done: 2220 return err; 2221 } 2222 2223 /* Join ASM (Any-Source Multicast) group 2224 */ 2225 int ip_mc_join_group(struct sock *sk, struct ip_mreqn *imr) 2226 { 2227 return __ip_mc_join_group(sk, imr, MCAST_EXCLUDE); 2228 } 2229 EXPORT_SYMBOL(ip_mc_join_group); 2230 2231 /* Join SSM (Source-Specific Multicast) group 2232 */ 2233 int ip_mc_join_group_ssm(struct sock *sk, struct ip_mreqn *imr, 2234 unsigned int mode) 2235 { 2236 return __ip_mc_join_group(sk, imr, mode); 2237 } 2238 2239 static int ip_mc_leave_src(struct sock *sk, struct ip_mc_socklist *iml, 2240 struct in_device *in_dev) 2241 { 2242 struct ip_sf_socklist *psf = rtnl_dereference(iml->sflist); 2243 int err; 2244 2245 if (!psf) { 2246 /* any-source empty exclude case */ 2247 return ip_mc_del_src(in_dev, &iml->multi.imr_multiaddr.s_addr, 2248 iml->sfmode, 0, NULL, 0); 2249 } 2250 err = ip_mc_del_src(in_dev, &iml->multi.imr_multiaddr.s_addr, 2251 iml->sfmode, psf->sl_count, psf->sl_addr, 0); 2252 RCU_INIT_POINTER(iml->sflist, NULL); 2253 /* decrease mem now to avoid the memleak warning */ 2254 atomic_sub(struct_size(psf, sl_addr, psf->sl_max), &sk->sk_omem_alloc); 2255 kfree_rcu(psf, rcu); 2256 return err; 2257 } 2258 2259 int ip_mc_leave_group(struct sock *sk, struct ip_mreqn *imr) 2260 { 2261 struct inet_sock *inet = inet_sk(sk); 2262 struct ip_mc_socklist *iml; 2263 struct ip_mc_socklist __rcu **imlp; 2264 struct in_device *in_dev; 2265 struct net *net = sock_net(sk); 2266 __be32 group = imr->imr_multiaddr.s_addr; 2267 u32 ifindex; 2268 int ret = -EADDRNOTAVAIL; 2269 2270 ASSERT_RTNL(); 2271 2272 in_dev = ip_mc_find_dev(net, imr); 2273 if (!imr->imr_ifindex && !imr->imr_address.s_addr && !in_dev) { 2274 ret = -ENODEV; 2275 goto out; 2276 } 2277 ifindex = imr->imr_ifindex; 2278 for (imlp = &inet->mc_list; 2279 (iml = rtnl_dereference(*imlp)) != NULL; 2280 imlp = &iml->next_rcu) { 2281 if (iml->multi.imr_multiaddr.s_addr != group) 2282 continue; 2283 if (ifindex) { 2284 if (iml->multi.imr_ifindex != ifindex) 2285 continue; 2286 } else if (imr->imr_address.s_addr && imr->imr_address.s_addr != 2287 iml->multi.imr_address.s_addr) 2288 continue; 2289 2290 (void) ip_mc_leave_src(sk, iml, in_dev); 2291 2292 *imlp = iml->next_rcu; 2293 2294 if (in_dev) 2295 ip_mc_dec_group(in_dev, group); 2296 2297 /* decrease mem now to avoid the memleak warning */ 2298 atomic_sub(sizeof(*iml), &sk->sk_omem_alloc); 2299 kfree_rcu(iml, rcu); 2300 return 0; 2301 } 2302 out: 2303 return ret; 2304 } 2305 EXPORT_SYMBOL(ip_mc_leave_group); 2306 2307 int ip_mc_source(int add, int omode, struct sock *sk, struct 2308 ip_mreq_source *mreqs, int ifindex) 2309 { 2310 int err; 2311 struct ip_mreqn imr; 2312 __be32 addr = mreqs->imr_multiaddr; 2313 struct ip_mc_socklist *pmc; 2314 struct in_device *in_dev = NULL; 2315 struct inet_sock *inet = inet_sk(sk); 2316 struct ip_sf_socklist *psl; 2317 struct net *net = sock_net(sk); 2318 int leavegroup = 0; 2319 int i, j, rv; 2320 2321 if (!ipv4_is_multicast(addr)) 2322 return -EINVAL; 2323 2324 ASSERT_RTNL(); 2325 2326 imr.imr_multiaddr.s_addr = mreqs->imr_multiaddr; 2327 imr.imr_address.s_addr = mreqs->imr_interface; 2328 imr.imr_ifindex = ifindex; 2329 in_dev = ip_mc_find_dev(net, &imr); 2330 2331 if (!in_dev) { 2332 err = -ENODEV; 2333 goto done; 2334 } 2335 err = -EADDRNOTAVAIL; 2336 2337 for_each_pmc_rtnl(inet, pmc) { 2338 if ((pmc->multi.imr_multiaddr.s_addr == 2339 imr.imr_multiaddr.s_addr) && 2340 (pmc->multi.imr_ifindex == imr.imr_ifindex)) 2341 break; 2342 } 2343 if (!pmc) { /* must have a prior join */ 2344 err = -EINVAL; 2345 goto done; 2346 } 2347 /* if a source filter was set, must be the same mode as before */ 2348 if (pmc->sflist) { 2349 if (pmc->sfmode != omode) { 2350 err = -EINVAL; 2351 goto done; 2352 } 2353 } else if (pmc->sfmode != omode) { 2354 /* allow mode switches for empty-set filters */ 2355 ip_mc_add_src(in_dev, &mreqs->imr_multiaddr, omode, 0, NULL, 0); 2356 ip_mc_del_src(in_dev, &mreqs->imr_multiaddr, pmc->sfmode, 0, 2357 NULL, 0); 2358 pmc->sfmode = omode; 2359 } 2360 2361 psl = rtnl_dereference(pmc->sflist); 2362 if (!add) { 2363 if (!psl) 2364 goto done; /* err = -EADDRNOTAVAIL */ 2365 rv = !0; 2366 for (i = 0; i < psl->sl_count; i++) { 2367 rv = memcmp(&psl->sl_addr[i], &mreqs->imr_sourceaddr, 2368 sizeof(__be32)); 2369 if (rv == 0) 2370 break; 2371 } 2372 if (rv) /* source not found */ 2373 goto done; /* err = -EADDRNOTAVAIL */ 2374 2375 /* special case - (INCLUDE, empty) == LEAVE_GROUP */ 2376 if (psl->sl_count == 1 && omode == MCAST_INCLUDE) { 2377 leavegroup = 1; 2378 goto done; 2379 } 2380 2381 /* update the interface filter */ 2382 ip_mc_del_src(in_dev, &mreqs->imr_multiaddr, omode, 1, 2383 &mreqs->imr_sourceaddr, 1); 2384 2385 for (j = i+1; j < psl->sl_count; j++) 2386 psl->sl_addr[j-1] = psl->sl_addr[j]; 2387 psl->sl_count--; 2388 err = 0; 2389 goto done; 2390 } 2391 /* else, add a new source to the filter */ 2392 2393 if (psl && psl->sl_count >= READ_ONCE(net->ipv4.sysctl_igmp_max_msf)) { 2394 err = -ENOBUFS; 2395 goto done; 2396 } 2397 if (!psl || psl->sl_count == psl->sl_max) { 2398 struct ip_sf_socklist *newpsl; 2399 int count = IP_SFBLOCK; 2400 2401 if (psl) 2402 count += psl->sl_max; 2403 newpsl = sock_kmalloc(sk, struct_size(newpsl, sl_addr, count), 2404 GFP_KERNEL); 2405 if (!newpsl) { 2406 err = -ENOBUFS; 2407 goto done; 2408 } 2409 newpsl->sl_max = count; 2410 newpsl->sl_count = count - IP_SFBLOCK; 2411 if (psl) { 2412 for (i = 0; i < psl->sl_count; i++) 2413 newpsl->sl_addr[i] = psl->sl_addr[i]; 2414 /* decrease mem now to avoid the memleak warning */ 2415 atomic_sub(struct_size(psl, sl_addr, psl->sl_max), 2416 &sk->sk_omem_alloc); 2417 } 2418 rcu_assign_pointer(pmc->sflist, newpsl); 2419 if (psl) 2420 kfree_rcu(psl, rcu); 2421 psl = newpsl; 2422 } 2423 rv = 1; /* > 0 for insert logic below if sl_count is 0 */ 2424 for (i = 0; i < psl->sl_count; i++) { 2425 rv = memcmp(&psl->sl_addr[i], &mreqs->imr_sourceaddr, 2426 sizeof(__be32)); 2427 if (rv == 0) 2428 break; 2429 } 2430 if (rv == 0) /* address already there is an error */ 2431 goto done; 2432 for (j = psl->sl_count-1; j >= i; j--) 2433 psl->sl_addr[j+1] = psl->sl_addr[j]; 2434 psl->sl_addr[i] = mreqs->imr_sourceaddr; 2435 psl->sl_count++; 2436 err = 0; 2437 /* update the interface list */ 2438 ip_mc_add_src(in_dev, &mreqs->imr_multiaddr, omode, 1, 2439 &mreqs->imr_sourceaddr, 1); 2440 done: 2441 if (leavegroup) 2442 err = ip_mc_leave_group(sk, &imr); 2443 return err; 2444 } 2445 2446 int ip_mc_msfilter(struct sock *sk, struct ip_msfilter *msf, int ifindex) 2447 { 2448 int err = 0; 2449 struct ip_mreqn imr; 2450 __be32 addr = msf->imsf_multiaddr; 2451 struct ip_mc_socklist *pmc; 2452 struct in_device *in_dev; 2453 struct inet_sock *inet = inet_sk(sk); 2454 struct ip_sf_socklist *newpsl, *psl; 2455 struct net *net = sock_net(sk); 2456 int leavegroup = 0; 2457 2458 if (!ipv4_is_multicast(addr)) 2459 return -EINVAL; 2460 if (msf->imsf_fmode != MCAST_INCLUDE && 2461 msf->imsf_fmode != MCAST_EXCLUDE) 2462 return -EINVAL; 2463 2464 ASSERT_RTNL(); 2465 2466 imr.imr_multiaddr.s_addr = msf->imsf_multiaddr; 2467 imr.imr_address.s_addr = msf->imsf_interface; 2468 imr.imr_ifindex = ifindex; 2469 in_dev = ip_mc_find_dev(net, &imr); 2470 2471 if (!in_dev) { 2472 err = -ENODEV; 2473 goto done; 2474 } 2475 2476 /* special case - (INCLUDE, empty) == LEAVE_GROUP */ 2477 if (msf->imsf_fmode == MCAST_INCLUDE && msf->imsf_numsrc == 0) { 2478 leavegroup = 1; 2479 goto done; 2480 } 2481 2482 for_each_pmc_rtnl(inet, pmc) { 2483 if (pmc->multi.imr_multiaddr.s_addr == msf->imsf_multiaddr && 2484 pmc->multi.imr_ifindex == imr.imr_ifindex) 2485 break; 2486 } 2487 if (!pmc) { /* must have a prior join */ 2488 err = -EINVAL; 2489 goto done; 2490 } 2491 if (msf->imsf_numsrc) { 2492 newpsl = sock_kmalloc(sk, struct_size(newpsl, sl_addr, 2493 msf->imsf_numsrc), 2494 GFP_KERNEL); 2495 if (!newpsl) { 2496 err = -ENOBUFS; 2497 goto done; 2498 } 2499 newpsl->sl_max = newpsl->sl_count = msf->imsf_numsrc; 2500 memcpy(newpsl->sl_addr, msf->imsf_slist_flex, 2501 flex_array_size(msf, imsf_slist_flex, msf->imsf_numsrc)); 2502 err = ip_mc_add_src(in_dev, &msf->imsf_multiaddr, 2503 msf->imsf_fmode, newpsl->sl_count, newpsl->sl_addr, 0); 2504 if (err) { 2505 sock_kfree_s(sk, newpsl, 2506 struct_size(newpsl, sl_addr, 2507 newpsl->sl_max)); 2508 goto done; 2509 } 2510 } else { 2511 newpsl = NULL; 2512 (void) ip_mc_add_src(in_dev, &msf->imsf_multiaddr, 2513 msf->imsf_fmode, 0, NULL, 0); 2514 } 2515 psl = rtnl_dereference(pmc->sflist); 2516 if (psl) { 2517 (void) ip_mc_del_src(in_dev, &msf->imsf_multiaddr, pmc->sfmode, 2518 psl->sl_count, psl->sl_addr, 0); 2519 /* decrease mem now to avoid the memleak warning */ 2520 atomic_sub(struct_size(psl, sl_addr, psl->sl_max), 2521 &sk->sk_omem_alloc); 2522 } else { 2523 (void) ip_mc_del_src(in_dev, &msf->imsf_multiaddr, pmc->sfmode, 2524 0, NULL, 0); 2525 } 2526 rcu_assign_pointer(pmc->sflist, newpsl); 2527 if (psl) 2528 kfree_rcu(psl, rcu); 2529 pmc->sfmode = msf->imsf_fmode; 2530 err = 0; 2531 done: 2532 if (leavegroup) 2533 err = ip_mc_leave_group(sk, &imr); 2534 return err; 2535 } 2536 int ip_mc_msfget(struct sock *sk, struct ip_msfilter *msf, 2537 sockptr_t optval, sockptr_t optlen) 2538 { 2539 int err, len, count, copycount, msf_size; 2540 struct ip_mreqn imr; 2541 __be32 addr = msf->imsf_multiaddr; 2542 struct ip_mc_socklist *pmc; 2543 struct in_device *in_dev; 2544 struct inet_sock *inet = inet_sk(sk); 2545 struct ip_sf_socklist *psl; 2546 struct net *net = sock_net(sk); 2547 2548 ASSERT_RTNL(); 2549 2550 if (!ipv4_is_multicast(addr)) 2551 return -EINVAL; 2552 2553 imr.imr_multiaddr.s_addr = msf->imsf_multiaddr; 2554 imr.imr_address.s_addr = msf->imsf_interface; 2555 imr.imr_ifindex = 0; 2556 in_dev = ip_mc_find_dev(net, &imr); 2557 2558 if (!in_dev) { 2559 err = -ENODEV; 2560 goto done; 2561 } 2562 err = -EADDRNOTAVAIL; 2563 2564 for_each_pmc_rtnl(inet, pmc) { 2565 if (pmc->multi.imr_multiaddr.s_addr == msf->imsf_multiaddr && 2566 pmc->multi.imr_ifindex == imr.imr_ifindex) 2567 break; 2568 } 2569 if (!pmc) /* must have a prior join */ 2570 goto done; 2571 msf->imsf_fmode = pmc->sfmode; 2572 psl = rtnl_dereference(pmc->sflist); 2573 if (!psl) { 2574 count = 0; 2575 } else { 2576 count = psl->sl_count; 2577 } 2578 copycount = count < msf->imsf_numsrc ? count : msf->imsf_numsrc; 2579 len = flex_array_size(psl, sl_addr, copycount); 2580 msf->imsf_numsrc = count; 2581 msf_size = IP_MSFILTER_SIZE(copycount); 2582 if (copy_to_sockptr(optlen, &msf_size, sizeof(int)) || 2583 copy_to_sockptr(optval, msf, IP_MSFILTER_SIZE(0))) { 2584 return -EFAULT; 2585 } 2586 if (len && 2587 copy_to_sockptr_offset(optval, 2588 offsetof(struct ip_msfilter, imsf_slist_flex), 2589 psl->sl_addr, len)) 2590 return -EFAULT; 2591 return 0; 2592 done: 2593 return err; 2594 } 2595 2596 int ip_mc_gsfget(struct sock *sk, struct group_filter *gsf, 2597 sockptr_t optval, size_t ss_offset) 2598 { 2599 int i, count, copycount; 2600 struct sockaddr_in *psin; 2601 __be32 addr; 2602 struct ip_mc_socklist *pmc; 2603 struct inet_sock *inet = inet_sk(sk); 2604 struct ip_sf_socklist *psl; 2605 2606 ASSERT_RTNL(); 2607 2608 psin = (struct sockaddr_in *)&gsf->gf_group; 2609 if (psin->sin_family != AF_INET) 2610 return -EINVAL; 2611 addr = psin->sin_addr.s_addr; 2612 if (!ipv4_is_multicast(addr)) 2613 return -EINVAL; 2614 2615 for_each_pmc_rtnl(inet, pmc) { 2616 if (pmc->multi.imr_multiaddr.s_addr == addr && 2617 pmc->multi.imr_ifindex == gsf->gf_interface) 2618 break; 2619 } 2620 if (!pmc) /* must have a prior join */ 2621 return -EADDRNOTAVAIL; 2622 gsf->gf_fmode = pmc->sfmode; 2623 psl = rtnl_dereference(pmc->sflist); 2624 count = psl ? psl->sl_count : 0; 2625 copycount = count < gsf->gf_numsrc ? count : gsf->gf_numsrc; 2626 gsf->gf_numsrc = count; 2627 for (i = 0; i < copycount; i++) { 2628 struct sockaddr_storage ss; 2629 2630 psin = (struct sockaddr_in *)&ss; 2631 memset(&ss, 0, sizeof(ss)); 2632 psin->sin_family = AF_INET; 2633 psin->sin_addr.s_addr = psl->sl_addr[i]; 2634 if (copy_to_sockptr_offset(optval, ss_offset, 2635 &ss, sizeof(ss))) 2636 return -EFAULT; 2637 ss_offset += sizeof(ss); 2638 } 2639 return 0; 2640 } 2641 2642 /* 2643 * check if a multicast source filter allows delivery for a given <src,dst,intf> 2644 */ 2645 int ip_mc_sf_allow(const struct sock *sk, __be32 loc_addr, __be32 rmt_addr, 2646 int dif, int sdif) 2647 { 2648 const struct inet_sock *inet = inet_sk(sk); 2649 struct ip_mc_socklist *pmc; 2650 struct ip_sf_socklist *psl; 2651 int i; 2652 int ret; 2653 2654 ret = 1; 2655 if (!ipv4_is_multicast(loc_addr)) 2656 goto out; 2657 2658 rcu_read_lock(); 2659 for_each_pmc_rcu(inet, pmc) { 2660 if (pmc->multi.imr_multiaddr.s_addr == loc_addr && 2661 (pmc->multi.imr_ifindex == dif || 2662 (sdif && pmc->multi.imr_ifindex == sdif))) 2663 break; 2664 } 2665 ret = inet_test_bit(MC_ALL, sk); 2666 if (!pmc) 2667 goto unlock; 2668 psl = rcu_dereference(pmc->sflist); 2669 ret = (pmc->sfmode == MCAST_EXCLUDE); 2670 if (!psl) 2671 goto unlock; 2672 2673 for (i = 0; i < psl->sl_count; i++) { 2674 if (psl->sl_addr[i] == rmt_addr) 2675 break; 2676 } 2677 ret = 0; 2678 if (pmc->sfmode == MCAST_INCLUDE && i >= psl->sl_count) 2679 goto unlock; 2680 if (pmc->sfmode == MCAST_EXCLUDE && i < psl->sl_count) 2681 goto unlock; 2682 ret = 1; 2683 unlock: 2684 rcu_read_unlock(); 2685 out: 2686 return ret; 2687 } 2688 2689 /* 2690 * A socket is closing. 2691 */ 2692 2693 void ip_mc_drop_socket(struct sock *sk) 2694 { 2695 struct inet_sock *inet = inet_sk(sk); 2696 struct ip_mc_socklist *iml; 2697 struct net *net = sock_net(sk); 2698 2699 if (!inet->mc_list) 2700 return; 2701 2702 rtnl_lock(); 2703 while ((iml = rtnl_dereference(inet->mc_list)) != NULL) { 2704 struct in_device *in_dev; 2705 2706 inet->mc_list = iml->next_rcu; 2707 in_dev = inetdev_by_index(net, iml->multi.imr_ifindex); 2708 (void) ip_mc_leave_src(sk, iml, in_dev); 2709 if (in_dev) 2710 ip_mc_dec_group(in_dev, iml->multi.imr_multiaddr.s_addr); 2711 /* decrease mem now to avoid the memleak warning */ 2712 atomic_sub(sizeof(*iml), &sk->sk_omem_alloc); 2713 kfree_rcu(iml, rcu); 2714 } 2715 rtnl_unlock(); 2716 } 2717 2718 /* called with rcu_read_lock() */ 2719 int ip_check_mc_rcu(struct in_device *in_dev, __be32 mc_addr, __be32 src_addr, u8 proto) 2720 { 2721 struct ip_mc_list *im; 2722 struct ip_mc_list __rcu **mc_hash; 2723 struct ip_sf_list *psf; 2724 int rv = 0; 2725 2726 mc_hash = rcu_dereference(in_dev->mc_hash); 2727 if (mc_hash) { 2728 u32 hash = hash_32((__force u32)mc_addr, MC_HASH_SZ_LOG); 2729 2730 for (im = rcu_dereference(mc_hash[hash]); 2731 im != NULL; 2732 im = rcu_dereference(im->next_hash)) { 2733 if (im->multiaddr == mc_addr) 2734 break; 2735 } 2736 } else { 2737 for_each_pmc_rcu(in_dev, im) { 2738 if (im->multiaddr == mc_addr) 2739 break; 2740 } 2741 } 2742 if (im && proto == IPPROTO_IGMP) { 2743 rv = 1; 2744 } else if (im) { 2745 if (src_addr) { 2746 spin_lock_bh(&im->lock); 2747 for (psf = im->sources; psf; psf = psf->sf_next) { 2748 if (psf->sf_inaddr == src_addr) 2749 break; 2750 } 2751 if (psf) 2752 rv = psf->sf_count[MCAST_INCLUDE] || 2753 psf->sf_count[MCAST_EXCLUDE] != 2754 im->sfcount[MCAST_EXCLUDE]; 2755 else 2756 rv = im->sfcount[MCAST_EXCLUDE] != 0; 2757 spin_unlock_bh(&im->lock); 2758 } else 2759 rv = 1; /* unspecified source; tentatively allow */ 2760 } 2761 return rv; 2762 } 2763 2764 #if defined(CONFIG_PROC_FS) 2765 struct igmp_mc_iter_state { 2766 struct seq_net_private p; 2767 struct net_device *dev; 2768 struct in_device *in_dev; 2769 }; 2770 2771 #define igmp_mc_seq_private(seq) ((struct igmp_mc_iter_state *)(seq)->private) 2772 2773 static inline struct ip_mc_list *igmp_mc_get_first(struct seq_file *seq) 2774 { 2775 struct net *net = seq_file_net(seq); 2776 struct ip_mc_list *im = NULL; 2777 struct igmp_mc_iter_state *state = igmp_mc_seq_private(seq); 2778 2779 state->in_dev = NULL; 2780 for_each_netdev_rcu(net, state->dev) { 2781 struct in_device *in_dev; 2782 2783 in_dev = __in_dev_get_rcu(state->dev); 2784 if (!in_dev) 2785 continue; 2786 im = rcu_dereference(in_dev->mc_list); 2787 if (im) { 2788 state->in_dev = in_dev; 2789 break; 2790 } 2791 } 2792 return im; 2793 } 2794 2795 static struct ip_mc_list *igmp_mc_get_next(struct seq_file *seq, struct ip_mc_list *im) 2796 { 2797 struct igmp_mc_iter_state *state = igmp_mc_seq_private(seq); 2798 2799 im = rcu_dereference(im->next_rcu); 2800 while (!im) { 2801 state->dev = next_net_device_rcu(state->dev); 2802 if (!state->dev) { 2803 state->in_dev = NULL; 2804 break; 2805 } 2806 state->in_dev = __in_dev_get_rcu(state->dev); 2807 if (!state->in_dev) 2808 continue; 2809 im = rcu_dereference(state->in_dev->mc_list); 2810 } 2811 return im; 2812 } 2813 2814 static struct ip_mc_list *igmp_mc_get_idx(struct seq_file *seq, loff_t pos) 2815 { 2816 struct ip_mc_list *im = igmp_mc_get_first(seq); 2817 if (im) 2818 while (pos && (im = igmp_mc_get_next(seq, im)) != NULL) 2819 --pos; 2820 return pos ? NULL : im; 2821 } 2822 2823 static void *igmp_mc_seq_start(struct seq_file *seq, loff_t *pos) 2824 __acquires(rcu) 2825 { 2826 rcu_read_lock(); 2827 return *pos ? igmp_mc_get_idx(seq, *pos - 1) : SEQ_START_TOKEN; 2828 } 2829 2830 static void *igmp_mc_seq_next(struct seq_file *seq, void *v, loff_t *pos) 2831 { 2832 struct ip_mc_list *im; 2833 if (v == SEQ_START_TOKEN) 2834 im = igmp_mc_get_first(seq); 2835 else 2836 im = igmp_mc_get_next(seq, v); 2837 ++*pos; 2838 return im; 2839 } 2840 2841 static void igmp_mc_seq_stop(struct seq_file *seq, void *v) 2842 __releases(rcu) 2843 { 2844 struct igmp_mc_iter_state *state = igmp_mc_seq_private(seq); 2845 2846 state->in_dev = NULL; 2847 state->dev = NULL; 2848 rcu_read_unlock(); 2849 } 2850 2851 static int igmp_mc_seq_show(struct seq_file *seq, void *v) 2852 { 2853 if (v == SEQ_START_TOKEN) 2854 seq_puts(seq, 2855 "Idx\tDevice : Count Querier\tGroup Users Timer\tReporter\n"); 2856 else { 2857 struct ip_mc_list *im = v; 2858 struct igmp_mc_iter_state *state = igmp_mc_seq_private(seq); 2859 char *querier; 2860 long delta; 2861 2862 #ifdef CONFIG_IP_MULTICAST 2863 querier = IGMP_V1_SEEN(state->in_dev) ? "V1" : 2864 IGMP_V2_SEEN(state->in_dev) ? "V2" : 2865 "V3"; 2866 #else 2867 querier = "NONE"; 2868 #endif 2869 2870 if (rcu_access_pointer(state->in_dev->mc_list) == im) { 2871 seq_printf(seq, "%d\t%-10s: %5d %7s\n", 2872 state->dev->ifindex, state->dev->name, state->in_dev->mc_count, querier); 2873 } 2874 2875 delta = im->timer.expires - jiffies; 2876 seq_printf(seq, 2877 "\t\t\t\t%08X %5d %d:%08lX\t\t%d\n", 2878 im->multiaddr, im->users, 2879 im->tm_running, 2880 im->tm_running ? jiffies_delta_to_clock_t(delta) : 0, 2881 im->reporter); 2882 } 2883 return 0; 2884 } 2885 2886 static const struct seq_operations igmp_mc_seq_ops = { 2887 .start = igmp_mc_seq_start, 2888 .next = igmp_mc_seq_next, 2889 .stop = igmp_mc_seq_stop, 2890 .show = igmp_mc_seq_show, 2891 }; 2892 2893 struct igmp_mcf_iter_state { 2894 struct seq_net_private p; 2895 struct net_device *dev; 2896 struct in_device *idev; 2897 struct ip_mc_list *im; 2898 }; 2899 2900 #define igmp_mcf_seq_private(seq) ((struct igmp_mcf_iter_state *)(seq)->private) 2901 2902 static inline struct ip_sf_list *igmp_mcf_get_first(struct seq_file *seq) 2903 { 2904 struct net *net = seq_file_net(seq); 2905 struct ip_sf_list *psf = NULL; 2906 struct ip_mc_list *im = NULL; 2907 struct igmp_mcf_iter_state *state = igmp_mcf_seq_private(seq); 2908 2909 state->idev = NULL; 2910 state->im = NULL; 2911 for_each_netdev_rcu(net, state->dev) { 2912 struct in_device *idev; 2913 idev = __in_dev_get_rcu(state->dev); 2914 if (unlikely(!idev)) 2915 continue; 2916 im = rcu_dereference(idev->mc_list); 2917 if (likely(im)) { 2918 spin_lock_bh(&im->lock); 2919 psf = im->sources; 2920 if (likely(psf)) { 2921 state->im = im; 2922 state->idev = idev; 2923 break; 2924 } 2925 spin_unlock_bh(&im->lock); 2926 } 2927 } 2928 return psf; 2929 } 2930 2931 static struct ip_sf_list *igmp_mcf_get_next(struct seq_file *seq, struct ip_sf_list *psf) 2932 { 2933 struct igmp_mcf_iter_state *state = igmp_mcf_seq_private(seq); 2934 2935 psf = psf->sf_next; 2936 while (!psf) { 2937 spin_unlock_bh(&state->im->lock); 2938 state->im = state->im->next; 2939 while (!state->im) { 2940 state->dev = next_net_device_rcu(state->dev); 2941 if (!state->dev) { 2942 state->idev = NULL; 2943 goto out; 2944 } 2945 state->idev = __in_dev_get_rcu(state->dev); 2946 if (!state->idev) 2947 continue; 2948 state->im = rcu_dereference(state->idev->mc_list); 2949 } 2950 spin_lock_bh(&state->im->lock); 2951 psf = state->im->sources; 2952 } 2953 out: 2954 return psf; 2955 } 2956 2957 static struct ip_sf_list *igmp_mcf_get_idx(struct seq_file *seq, loff_t pos) 2958 { 2959 struct ip_sf_list *psf = igmp_mcf_get_first(seq); 2960 if (psf) 2961 while (pos && (psf = igmp_mcf_get_next(seq, psf)) != NULL) 2962 --pos; 2963 return pos ? NULL : psf; 2964 } 2965 2966 static void *igmp_mcf_seq_start(struct seq_file *seq, loff_t *pos) 2967 __acquires(rcu) 2968 { 2969 rcu_read_lock(); 2970 return *pos ? igmp_mcf_get_idx(seq, *pos - 1) : SEQ_START_TOKEN; 2971 } 2972 2973 static void *igmp_mcf_seq_next(struct seq_file *seq, void *v, loff_t *pos) 2974 { 2975 struct ip_sf_list *psf; 2976 if (v == SEQ_START_TOKEN) 2977 psf = igmp_mcf_get_first(seq); 2978 else 2979 psf = igmp_mcf_get_next(seq, v); 2980 ++*pos; 2981 return psf; 2982 } 2983 2984 static void igmp_mcf_seq_stop(struct seq_file *seq, void *v) 2985 __releases(rcu) 2986 { 2987 struct igmp_mcf_iter_state *state = igmp_mcf_seq_private(seq); 2988 if (likely(state->im)) { 2989 spin_unlock_bh(&state->im->lock); 2990 state->im = NULL; 2991 } 2992 state->idev = NULL; 2993 state->dev = NULL; 2994 rcu_read_unlock(); 2995 } 2996 2997 static int igmp_mcf_seq_show(struct seq_file *seq, void *v) 2998 { 2999 struct ip_sf_list *psf = v; 3000 struct igmp_mcf_iter_state *state = igmp_mcf_seq_private(seq); 3001 3002 if (v == SEQ_START_TOKEN) { 3003 seq_puts(seq, "Idx Device MCA SRC INC EXC\n"); 3004 } else { 3005 seq_printf(seq, 3006 "%3d %6.6s 0x%08x " 3007 "0x%08x %6lu %6lu\n", 3008 state->dev->ifindex, state->dev->name, 3009 ntohl(state->im->multiaddr), 3010 ntohl(psf->sf_inaddr), 3011 psf->sf_count[MCAST_INCLUDE], 3012 psf->sf_count[MCAST_EXCLUDE]); 3013 } 3014 return 0; 3015 } 3016 3017 static const struct seq_operations igmp_mcf_seq_ops = { 3018 .start = igmp_mcf_seq_start, 3019 .next = igmp_mcf_seq_next, 3020 .stop = igmp_mcf_seq_stop, 3021 .show = igmp_mcf_seq_show, 3022 }; 3023 3024 static int __net_init igmp_net_init(struct net *net) 3025 { 3026 struct proc_dir_entry *pde; 3027 int err; 3028 3029 pde = proc_create_net("igmp", 0444, net->proc_net, &igmp_mc_seq_ops, 3030 sizeof(struct igmp_mc_iter_state)); 3031 if (!pde) 3032 goto out_igmp; 3033 pde = proc_create_net("mcfilter", 0444, net->proc_net, 3034 &igmp_mcf_seq_ops, sizeof(struct igmp_mcf_iter_state)); 3035 if (!pde) 3036 goto out_mcfilter; 3037 err = inet_ctl_sock_create(&net->ipv4.mc_autojoin_sk, AF_INET, 3038 SOCK_DGRAM, 0, net); 3039 if (err < 0) { 3040 pr_err("Failed to initialize the IGMP autojoin socket (err %d)\n", 3041 err); 3042 goto out_sock; 3043 } 3044 3045 return 0; 3046 3047 out_sock: 3048 remove_proc_entry("mcfilter", net->proc_net); 3049 out_mcfilter: 3050 remove_proc_entry("igmp", net->proc_net); 3051 out_igmp: 3052 return -ENOMEM; 3053 } 3054 3055 static void __net_exit igmp_net_exit(struct net *net) 3056 { 3057 remove_proc_entry("mcfilter", net->proc_net); 3058 remove_proc_entry("igmp", net->proc_net); 3059 inet_ctl_sock_destroy(net->ipv4.mc_autojoin_sk); 3060 } 3061 3062 static struct pernet_operations igmp_net_ops = { 3063 .init = igmp_net_init, 3064 .exit = igmp_net_exit, 3065 }; 3066 #endif 3067 3068 static int igmp_netdev_event(struct notifier_block *this, 3069 unsigned long event, void *ptr) 3070 { 3071 struct net_device *dev = netdev_notifier_info_to_dev(ptr); 3072 struct in_device *in_dev; 3073 3074 switch (event) { 3075 case NETDEV_RESEND_IGMP: 3076 in_dev = __in_dev_get_rtnl(dev); 3077 if (in_dev) 3078 ip_mc_rejoin_groups(in_dev); 3079 break; 3080 default: 3081 break; 3082 } 3083 return NOTIFY_DONE; 3084 } 3085 3086 static struct notifier_block igmp_notifier = { 3087 .notifier_call = igmp_netdev_event, 3088 }; 3089 3090 int __init igmp_mc_init(void) 3091 { 3092 #if defined(CONFIG_PROC_FS) 3093 int err; 3094 3095 err = register_pernet_subsys(&igmp_net_ops); 3096 if (err) 3097 return err; 3098 err = register_netdevice_notifier(&igmp_notifier); 3099 if (err) 3100 goto reg_notif_fail; 3101 return 0; 3102 3103 reg_notif_fail: 3104 unregister_pernet_subsys(&igmp_net_ops); 3105 return err; 3106 #else 3107 return register_netdevice_notifier(&igmp_notifier); 3108 #endif 3109 } 3110