1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * Linux NET3: Internet Group Management Protocol [IGMP] 4 * 5 * This code implements the IGMP protocol as defined in RFC1112. There has 6 * been a further revision of this protocol since which is now supported. 7 * 8 * If you have trouble with this module be careful what gcc you have used, 9 * the older version didn't come out right using gcc 2.5.8, the newer one 10 * seems to fall out with gcc 2.6.2. 11 * 12 * Authors: 13 * Alan Cox <alan@lxorguk.ukuu.org.uk> 14 * 15 * Fixes: 16 * 17 * Alan Cox : Added lots of __inline__ to optimise 18 * the memory usage of all the tiny little 19 * functions. 20 * Alan Cox : Dumped the header building experiment. 21 * Alan Cox : Minor tweaks ready for multicast routing 22 * and extended IGMP protocol. 23 * Alan Cox : Removed a load of inline directives. Gcc 2.5.8 24 * writes utterly bogus code otherwise (sigh) 25 * fixed IGMP loopback to behave in the manner 26 * desired by mrouted, fixed the fact it has been 27 * broken since 1.3.6 and cleaned up a few minor 28 * points. 29 * 30 * Chih-Jen Chang : Tried to revise IGMP to Version 2 31 * Tsu-Sheng Tsao E-mail: chihjenc@scf.usc.edu and tsusheng@scf.usc.edu 32 * The enhancements are mainly based on Steve Deering's 33 * ipmulti-3.5 source code. 34 * Chih-Jen Chang : Added the igmp_get_mrouter_info and 35 * Tsu-Sheng Tsao igmp_set_mrouter_info to keep track of 36 * the mrouted version on that device. 37 * Chih-Jen Chang : Added the max_resp_time parameter to 38 * Tsu-Sheng Tsao igmp_heard_query(). Using this parameter 39 * to identify the multicast router version 40 * and do what the IGMP version 2 specified. 41 * Chih-Jen Chang : Added a timer to revert to IGMP V2 router 42 * Tsu-Sheng Tsao if the specified time expired. 43 * Alan Cox : Stop IGMP from 0.0.0.0 being accepted. 44 * Alan Cox : Use GFP_ATOMIC in the right places. 45 * Christian Daudt : igmp timer wasn't set for local group 46 * memberships but was being deleted, 47 * which caused a "del_timer() called 48 * from %p with timer not initialized\n" 49 * message (960131). 50 * Christian Daudt : removed del_timer from 51 * igmp_timer_expire function (960205). 52 * Christian Daudt : igmp_heard_report now only calls 53 * igmp_timer_expire if tm->running is 54 * true (960216). 55 * Malcolm Beattie : ttl comparison wrong in igmp_rcv made 56 * igmp_heard_query never trigger. Expiry 57 * miscalculation fixed in igmp_heard_query 58 * and random() made to return unsigned to 59 * prevent negative expiry times. 60 * Alexey Kuznetsov: Wrong group leaving behaviour, backport 61 * fix from pending 2.1.x patches. 62 * Alan Cox: Forget to enable FDDI support earlier. 63 * Alexey Kuznetsov: Fixed leaving groups on device down. 64 * Alexey Kuznetsov: Accordance to igmp-v2-06 draft. 65 * David L Stevens: IGMPv3 support, with help from 66 * Vinay Kulkarni 67 */ 68 69 #include <linux/module.h> 70 #include <linux/slab.h> 71 #include <linux/uaccess.h> 72 #include <linux/types.h> 73 #include <linux/kernel.h> 74 #include <linux/jiffies.h> 75 #include <linux/string.h> 76 #include <linux/socket.h> 77 #include <linux/sockios.h> 78 #include <linux/in.h> 79 #include <linux/inet.h> 80 #include <linux/netdevice.h> 81 #include <linux/skbuff.h> 82 #include <linux/inetdevice.h> 83 #include <linux/igmp.h> 84 #include <linux/if_arp.h> 85 #include <linux/rtnetlink.h> 86 #include <linux/times.h> 87 #include <linux/pkt_sched.h> 88 #include <linux/byteorder/generic.h> 89 90 #include <net/net_namespace.h> 91 #include <net/arp.h> 92 #include <net/ip.h> 93 #include <net/protocol.h> 94 #include <net/route.h> 95 #include <net/sock.h> 96 #include <net/checksum.h> 97 #include <net/inet_common.h> 98 #include <linux/netfilter_ipv4.h> 99 #ifdef CONFIG_IP_MROUTE 100 #include <linux/mroute.h> 101 #endif 102 #ifdef CONFIG_PROC_FS 103 #include <linux/proc_fs.h> 104 #include <linux/seq_file.h> 105 #endif 106 107 #ifdef CONFIG_IP_MULTICAST 108 /* Parameter names and values are taken from igmp-v2-06 draft */ 109 110 #define IGMP_QUERY_INTERVAL (125*HZ) 111 #define IGMP_QUERY_RESPONSE_INTERVAL (10*HZ) 112 113 #define IGMP_INITIAL_REPORT_DELAY (1) 114 115 /* IGMP_INITIAL_REPORT_DELAY is not from IGMP specs! 116 * IGMP specs require to report membership immediately after 117 * joining a group, but we delay the first report by a 118 * small interval. It seems more natural and still does not 119 * contradict to specs provided this delay is small enough. 120 */ 121 122 #define IGMP_V1_SEEN(in_dev) \ 123 (IPV4_DEVCONF_ALL(dev_net(in_dev->dev), FORCE_IGMP_VERSION) == 1 || \ 124 IN_DEV_CONF_GET((in_dev), FORCE_IGMP_VERSION) == 1 || \ 125 ((in_dev)->mr_v1_seen && \ 126 time_before(jiffies, (in_dev)->mr_v1_seen))) 127 #define IGMP_V2_SEEN(in_dev) \ 128 (IPV4_DEVCONF_ALL(dev_net(in_dev->dev), FORCE_IGMP_VERSION) == 2 || \ 129 IN_DEV_CONF_GET((in_dev), FORCE_IGMP_VERSION) == 2 || \ 130 ((in_dev)->mr_v2_seen && \ 131 time_before(jiffies, (in_dev)->mr_v2_seen))) 132 133 static int unsolicited_report_interval(struct in_device *in_dev) 134 { 135 int interval_ms, interval_jiffies; 136 137 if (IGMP_V1_SEEN(in_dev) || IGMP_V2_SEEN(in_dev)) 138 interval_ms = IN_DEV_CONF_GET( 139 in_dev, 140 IGMPV2_UNSOLICITED_REPORT_INTERVAL); 141 else /* v3 */ 142 interval_ms = IN_DEV_CONF_GET( 143 in_dev, 144 IGMPV3_UNSOLICITED_REPORT_INTERVAL); 145 146 interval_jiffies = msecs_to_jiffies(interval_ms); 147 148 /* _timer functions can't handle a delay of 0 jiffies so ensure 149 * we always return a positive value. 150 */ 151 if (interval_jiffies <= 0) 152 interval_jiffies = 1; 153 return interval_jiffies; 154 } 155 156 static void igmpv3_add_delrec(struct in_device *in_dev, struct ip_mc_list *im, 157 gfp_t gfp); 158 static void igmpv3_del_delrec(struct in_device *in_dev, struct ip_mc_list *im); 159 static void igmpv3_clear_delrec(struct in_device *in_dev); 160 static int sf_setstate(struct ip_mc_list *pmc); 161 static void sf_markstate(struct ip_mc_list *pmc); 162 #endif 163 static void ip_mc_clear_src(struct ip_mc_list *pmc); 164 static int ip_mc_add_src(struct in_device *in_dev, __be32 *pmca, int sfmode, 165 int sfcount, __be32 *psfsrc, int delta); 166 167 static void ip_ma_put(struct ip_mc_list *im) 168 { 169 if (refcount_dec_and_test(&im->refcnt)) { 170 in_dev_put(im->interface); 171 kfree_rcu(im, rcu); 172 } 173 } 174 175 #define for_each_pmc_rcu(in_dev, pmc) \ 176 for (pmc = rcu_dereference(in_dev->mc_list); \ 177 pmc != NULL; \ 178 pmc = rcu_dereference(pmc->next_rcu)) 179 180 #define for_each_pmc_rtnl(in_dev, pmc) \ 181 for (pmc = rtnl_dereference(in_dev->mc_list); \ 182 pmc != NULL; \ 183 pmc = rtnl_dereference(pmc->next_rcu)) 184 185 static void ip_sf_list_clear_all(struct ip_sf_list *psf) 186 { 187 struct ip_sf_list *next; 188 189 while (psf) { 190 next = psf->sf_next; 191 kfree(psf); 192 psf = next; 193 } 194 } 195 196 #ifdef CONFIG_IP_MULTICAST 197 198 /* 199 * Timer management 200 */ 201 202 static void igmp_stop_timer(struct ip_mc_list *im) 203 { 204 spin_lock_bh(&im->lock); 205 if (del_timer(&im->timer)) 206 refcount_dec(&im->refcnt); 207 im->tm_running = 0; 208 im->reporter = 0; 209 im->unsolicit_count = 0; 210 spin_unlock_bh(&im->lock); 211 } 212 213 /* It must be called with locked im->lock */ 214 static void igmp_start_timer(struct ip_mc_list *im, int max_delay) 215 { 216 int tv = prandom_u32() % max_delay; 217 218 im->tm_running = 1; 219 if (!mod_timer(&im->timer, jiffies+tv+2)) 220 refcount_inc(&im->refcnt); 221 } 222 223 static void igmp_gq_start_timer(struct in_device *in_dev) 224 { 225 int tv = prandom_u32() % in_dev->mr_maxdelay; 226 unsigned long exp = jiffies + tv + 2; 227 228 if (in_dev->mr_gq_running && 229 time_after_eq(exp, (in_dev->mr_gq_timer).expires)) 230 return; 231 232 in_dev->mr_gq_running = 1; 233 if (!mod_timer(&in_dev->mr_gq_timer, exp)) 234 in_dev_hold(in_dev); 235 } 236 237 static void igmp_ifc_start_timer(struct in_device *in_dev, int delay) 238 { 239 int tv = prandom_u32() % delay; 240 241 if (!mod_timer(&in_dev->mr_ifc_timer, jiffies+tv+2)) 242 in_dev_hold(in_dev); 243 } 244 245 static void igmp_mod_timer(struct ip_mc_list *im, int max_delay) 246 { 247 spin_lock_bh(&im->lock); 248 im->unsolicit_count = 0; 249 if (del_timer(&im->timer)) { 250 if ((long)(im->timer.expires-jiffies) < max_delay) { 251 add_timer(&im->timer); 252 im->tm_running = 1; 253 spin_unlock_bh(&im->lock); 254 return; 255 } 256 refcount_dec(&im->refcnt); 257 } 258 igmp_start_timer(im, max_delay); 259 spin_unlock_bh(&im->lock); 260 } 261 262 263 /* 264 * Send an IGMP report. 265 */ 266 267 #define IGMP_SIZE (sizeof(struct igmphdr)+sizeof(struct iphdr)+4) 268 269 270 static int is_in(struct ip_mc_list *pmc, struct ip_sf_list *psf, int type, 271 int gdeleted, int sdeleted) 272 { 273 switch (type) { 274 case IGMPV3_MODE_IS_INCLUDE: 275 case IGMPV3_MODE_IS_EXCLUDE: 276 if (gdeleted || sdeleted) 277 return 0; 278 if (!(pmc->gsquery && !psf->sf_gsresp)) { 279 if (pmc->sfmode == MCAST_INCLUDE) 280 return 1; 281 /* don't include if this source is excluded 282 * in all filters 283 */ 284 if (psf->sf_count[MCAST_INCLUDE]) 285 return type == IGMPV3_MODE_IS_INCLUDE; 286 return pmc->sfcount[MCAST_EXCLUDE] == 287 psf->sf_count[MCAST_EXCLUDE]; 288 } 289 return 0; 290 case IGMPV3_CHANGE_TO_INCLUDE: 291 if (gdeleted || sdeleted) 292 return 0; 293 return psf->sf_count[MCAST_INCLUDE] != 0; 294 case IGMPV3_CHANGE_TO_EXCLUDE: 295 if (gdeleted || sdeleted) 296 return 0; 297 if (pmc->sfcount[MCAST_EXCLUDE] == 0 || 298 psf->sf_count[MCAST_INCLUDE]) 299 return 0; 300 return pmc->sfcount[MCAST_EXCLUDE] == 301 psf->sf_count[MCAST_EXCLUDE]; 302 case IGMPV3_ALLOW_NEW_SOURCES: 303 if (gdeleted || !psf->sf_crcount) 304 return 0; 305 return (pmc->sfmode == MCAST_INCLUDE) ^ sdeleted; 306 case IGMPV3_BLOCK_OLD_SOURCES: 307 if (pmc->sfmode == MCAST_INCLUDE) 308 return gdeleted || (psf->sf_crcount && sdeleted); 309 return psf->sf_crcount && !gdeleted && !sdeleted; 310 } 311 return 0; 312 } 313 314 static int 315 igmp_scount(struct ip_mc_list *pmc, int type, int gdeleted, int sdeleted) 316 { 317 struct ip_sf_list *psf; 318 int scount = 0; 319 320 for (psf = pmc->sources; psf; psf = psf->sf_next) { 321 if (!is_in(pmc, psf, type, gdeleted, sdeleted)) 322 continue; 323 scount++; 324 } 325 return scount; 326 } 327 328 /* source address selection per RFC 3376 section 4.2.13 */ 329 static __be32 igmpv3_get_srcaddr(struct net_device *dev, 330 const struct flowi4 *fl4) 331 { 332 struct in_device *in_dev = __in_dev_get_rcu(dev); 333 const struct in_ifaddr *ifa; 334 335 if (!in_dev) 336 return htonl(INADDR_ANY); 337 338 in_dev_for_each_ifa_rcu(ifa, in_dev) { 339 if (fl4->saddr == ifa->ifa_local) 340 return fl4->saddr; 341 } 342 343 return htonl(INADDR_ANY); 344 } 345 346 static struct sk_buff *igmpv3_newpack(struct net_device *dev, unsigned int mtu) 347 { 348 struct sk_buff *skb; 349 struct rtable *rt; 350 struct iphdr *pip; 351 struct igmpv3_report *pig; 352 struct net *net = dev_net(dev); 353 struct flowi4 fl4; 354 int hlen = LL_RESERVED_SPACE(dev); 355 int tlen = dev->needed_tailroom; 356 unsigned int size = mtu; 357 358 while (1) { 359 skb = alloc_skb(size + hlen + tlen, 360 GFP_ATOMIC | __GFP_NOWARN); 361 if (skb) 362 break; 363 size >>= 1; 364 if (size < 256) 365 return NULL; 366 } 367 skb->priority = TC_PRIO_CONTROL; 368 369 rt = ip_route_output_ports(net, &fl4, NULL, IGMPV3_ALL_MCR, 0, 370 0, 0, 371 IPPROTO_IGMP, 0, dev->ifindex); 372 if (IS_ERR(rt)) { 373 kfree_skb(skb); 374 return NULL; 375 } 376 377 skb_dst_set(skb, &rt->dst); 378 skb->dev = dev; 379 380 skb_reserve(skb, hlen); 381 skb_tailroom_reserve(skb, mtu, tlen); 382 383 skb_reset_network_header(skb); 384 pip = ip_hdr(skb); 385 skb_put(skb, sizeof(struct iphdr) + 4); 386 387 pip->version = 4; 388 pip->ihl = (sizeof(struct iphdr)+4)>>2; 389 pip->tos = 0xc0; 390 pip->frag_off = htons(IP_DF); 391 pip->ttl = 1; 392 pip->daddr = fl4.daddr; 393 394 rcu_read_lock(); 395 pip->saddr = igmpv3_get_srcaddr(dev, &fl4); 396 rcu_read_unlock(); 397 398 pip->protocol = IPPROTO_IGMP; 399 pip->tot_len = 0; /* filled in later */ 400 ip_select_ident(net, skb, NULL); 401 ((u8 *)&pip[1])[0] = IPOPT_RA; 402 ((u8 *)&pip[1])[1] = 4; 403 ((u8 *)&pip[1])[2] = 0; 404 ((u8 *)&pip[1])[3] = 0; 405 406 skb->transport_header = skb->network_header + sizeof(struct iphdr) + 4; 407 skb_put(skb, sizeof(*pig)); 408 pig = igmpv3_report_hdr(skb); 409 pig->type = IGMPV3_HOST_MEMBERSHIP_REPORT; 410 pig->resv1 = 0; 411 pig->csum = 0; 412 pig->resv2 = 0; 413 pig->ngrec = 0; 414 return skb; 415 } 416 417 static int igmpv3_sendpack(struct sk_buff *skb) 418 { 419 struct igmphdr *pig = igmp_hdr(skb); 420 const int igmplen = skb_tail_pointer(skb) - skb_transport_header(skb); 421 422 pig->csum = ip_compute_csum(igmp_hdr(skb), igmplen); 423 424 return ip_local_out(dev_net(skb_dst(skb)->dev), skb->sk, skb); 425 } 426 427 static int grec_size(struct ip_mc_list *pmc, int type, int gdel, int sdel) 428 { 429 return sizeof(struct igmpv3_grec) + 4*igmp_scount(pmc, type, gdel, sdel); 430 } 431 432 static struct sk_buff *add_grhead(struct sk_buff *skb, struct ip_mc_list *pmc, 433 int type, struct igmpv3_grec **ppgr, unsigned int mtu) 434 { 435 struct net_device *dev = pmc->interface->dev; 436 struct igmpv3_report *pih; 437 struct igmpv3_grec *pgr; 438 439 if (!skb) { 440 skb = igmpv3_newpack(dev, mtu); 441 if (!skb) 442 return NULL; 443 } 444 pgr = skb_put(skb, sizeof(struct igmpv3_grec)); 445 pgr->grec_type = type; 446 pgr->grec_auxwords = 0; 447 pgr->grec_nsrcs = 0; 448 pgr->grec_mca = pmc->multiaddr; 449 pih = igmpv3_report_hdr(skb); 450 pih->ngrec = htons(ntohs(pih->ngrec)+1); 451 *ppgr = pgr; 452 return skb; 453 } 454 455 #define AVAILABLE(skb) ((skb) ? skb_availroom(skb) : 0) 456 457 static struct sk_buff *add_grec(struct sk_buff *skb, struct ip_mc_list *pmc, 458 int type, int gdeleted, int sdeleted) 459 { 460 struct net_device *dev = pmc->interface->dev; 461 struct net *net = dev_net(dev); 462 struct igmpv3_report *pih; 463 struct igmpv3_grec *pgr = NULL; 464 struct ip_sf_list *psf, *psf_next, *psf_prev, **psf_list; 465 int scount, stotal, first, isquery, truncate; 466 unsigned int mtu; 467 468 if (pmc->multiaddr == IGMP_ALL_HOSTS) 469 return skb; 470 if (ipv4_is_local_multicast(pmc->multiaddr) && !net->ipv4.sysctl_igmp_llm_reports) 471 return skb; 472 473 mtu = READ_ONCE(dev->mtu); 474 if (mtu < IPV4_MIN_MTU) 475 return skb; 476 477 isquery = type == IGMPV3_MODE_IS_INCLUDE || 478 type == IGMPV3_MODE_IS_EXCLUDE; 479 truncate = type == IGMPV3_MODE_IS_EXCLUDE || 480 type == IGMPV3_CHANGE_TO_EXCLUDE; 481 482 stotal = scount = 0; 483 484 psf_list = sdeleted ? &pmc->tomb : &pmc->sources; 485 486 if (!*psf_list) 487 goto empty_source; 488 489 pih = skb ? igmpv3_report_hdr(skb) : NULL; 490 491 /* EX and TO_EX get a fresh packet, if needed */ 492 if (truncate) { 493 if (pih && pih->ngrec && 494 AVAILABLE(skb) < grec_size(pmc, type, gdeleted, sdeleted)) { 495 if (skb) 496 igmpv3_sendpack(skb); 497 skb = igmpv3_newpack(dev, mtu); 498 } 499 } 500 first = 1; 501 psf_prev = NULL; 502 for (psf = *psf_list; psf; psf = psf_next) { 503 __be32 *psrc; 504 505 psf_next = psf->sf_next; 506 507 if (!is_in(pmc, psf, type, gdeleted, sdeleted)) { 508 psf_prev = psf; 509 continue; 510 } 511 512 /* Based on RFC3376 5.1. Should not send source-list change 513 * records when there is a filter mode change. 514 */ 515 if (((gdeleted && pmc->sfmode == MCAST_EXCLUDE) || 516 (!gdeleted && pmc->crcount)) && 517 (type == IGMPV3_ALLOW_NEW_SOURCES || 518 type == IGMPV3_BLOCK_OLD_SOURCES) && psf->sf_crcount) 519 goto decrease_sf_crcount; 520 521 /* clear marks on query responses */ 522 if (isquery) 523 psf->sf_gsresp = 0; 524 525 if (AVAILABLE(skb) < sizeof(__be32) + 526 first*sizeof(struct igmpv3_grec)) { 527 if (truncate && !first) 528 break; /* truncate these */ 529 if (pgr) 530 pgr->grec_nsrcs = htons(scount); 531 if (skb) 532 igmpv3_sendpack(skb); 533 skb = igmpv3_newpack(dev, mtu); 534 first = 1; 535 scount = 0; 536 } 537 if (first) { 538 skb = add_grhead(skb, pmc, type, &pgr, mtu); 539 first = 0; 540 } 541 if (!skb) 542 return NULL; 543 psrc = skb_put(skb, sizeof(__be32)); 544 *psrc = psf->sf_inaddr; 545 scount++; stotal++; 546 if ((type == IGMPV3_ALLOW_NEW_SOURCES || 547 type == IGMPV3_BLOCK_OLD_SOURCES) && psf->sf_crcount) { 548 decrease_sf_crcount: 549 psf->sf_crcount--; 550 if ((sdeleted || gdeleted) && psf->sf_crcount == 0) { 551 if (psf_prev) 552 psf_prev->sf_next = psf->sf_next; 553 else 554 *psf_list = psf->sf_next; 555 kfree(psf); 556 continue; 557 } 558 } 559 psf_prev = psf; 560 } 561 562 empty_source: 563 if (!stotal) { 564 if (type == IGMPV3_ALLOW_NEW_SOURCES || 565 type == IGMPV3_BLOCK_OLD_SOURCES) 566 return skb; 567 if (pmc->crcount || isquery) { 568 /* make sure we have room for group header */ 569 if (skb && AVAILABLE(skb) < sizeof(struct igmpv3_grec)) { 570 igmpv3_sendpack(skb); 571 skb = NULL; /* add_grhead will get a new one */ 572 } 573 skb = add_grhead(skb, pmc, type, &pgr, mtu); 574 } 575 } 576 if (pgr) 577 pgr->grec_nsrcs = htons(scount); 578 579 if (isquery) 580 pmc->gsquery = 0; /* clear query state on report */ 581 return skb; 582 } 583 584 static int igmpv3_send_report(struct in_device *in_dev, struct ip_mc_list *pmc) 585 { 586 struct sk_buff *skb = NULL; 587 struct net *net = dev_net(in_dev->dev); 588 int type; 589 590 if (!pmc) { 591 rcu_read_lock(); 592 for_each_pmc_rcu(in_dev, pmc) { 593 if (pmc->multiaddr == IGMP_ALL_HOSTS) 594 continue; 595 if (ipv4_is_local_multicast(pmc->multiaddr) && 596 !net->ipv4.sysctl_igmp_llm_reports) 597 continue; 598 spin_lock_bh(&pmc->lock); 599 if (pmc->sfcount[MCAST_EXCLUDE]) 600 type = IGMPV3_MODE_IS_EXCLUDE; 601 else 602 type = IGMPV3_MODE_IS_INCLUDE; 603 skb = add_grec(skb, pmc, type, 0, 0); 604 spin_unlock_bh(&pmc->lock); 605 } 606 rcu_read_unlock(); 607 } else { 608 spin_lock_bh(&pmc->lock); 609 if (pmc->sfcount[MCAST_EXCLUDE]) 610 type = IGMPV3_MODE_IS_EXCLUDE; 611 else 612 type = IGMPV3_MODE_IS_INCLUDE; 613 skb = add_grec(skb, pmc, type, 0, 0); 614 spin_unlock_bh(&pmc->lock); 615 } 616 if (!skb) 617 return 0; 618 return igmpv3_sendpack(skb); 619 } 620 621 /* 622 * remove zero-count source records from a source filter list 623 */ 624 static void igmpv3_clear_zeros(struct ip_sf_list **ppsf) 625 { 626 struct ip_sf_list *psf_prev, *psf_next, *psf; 627 628 psf_prev = NULL; 629 for (psf = *ppsf; psf; psf = psf_next) { 630 psf_next = psf->sf_next; 631 if (psf->sf_crcount == 0) { 632 if (psf_prev) 633 psf_prev->sf_next = psf->sf_next; 634 else 635 *ppsf = psf->sf_next; 636 kfree(psf); 637 } else 638 psf_prev = psf; 639 } 640 } 641 642 static void kfree_pmc(struct ip_mc_list *pmc) 643 { 644 ip_sf_list_clear_all(pmc->sources); 645 ip_sf_list_clear_all(pmc->tomb); 646 kfree(pmc); 647 } 648 649 static void igmpv3_send_cr(struct in_device *in_dev) 650 { 651 struct ip_mc_list *pmc, *pmc_prev, *pmc_next; 652 struct sk_buff *skb = NULL; 653 int type, dtype; 654 655 rcu_read_lock(); 656 spin_lock_bh(&in_dev->mc_tomb_lock); 657 658 /* deleted MCA's */ 659 pmc_prev = NULL; 660 for (pmc = in_dev->mc_tomb; pmc; pmc = pmc_next) { 661 pmc_next = pmc->next; 662 if (pmc->sfmode == MCAST_INCLUDE) { 663 type = IGMPV3_BLOCK_OLD_SOURCES; 664 dtype = IGMPV3_BLOCK_OLD_SOURCES; 665 skb = add_grec(skb, pmc, type, 1, 0); 666 skb = add_grec(skb, pmc, dtype, 1, 1); 667 } 668 if (pmc->crcount) { 669 if (pmc->sfmode == MCAST_EXCLUDE) { 670 type = IGMPV3_CHANGE_TO_INCLUDE; 671 skb = add_grec(skb, pmc, type, 1, 0); 672 } 673 pmc->crcount--; 674 if (pmc->crcount == 0) { 675 igmpv3_clear_zeros(&pmc->tomb); 676 igmpv3_clear_zeros(&pmc->sources); 677 } 678 } 679 if (pmc->crcount == 0 && !pmc->tomb && !pmc->sources) { 680 if (pmc_prev) 681 pmc_prev->next = pmc_next; 682 else 683 in_dev->mc_tomb = pmc_next; 684 in_dev_put(pmc->interface); 685 kfree_pmc(pmc); 686 } else 687 pmc_prev = pmc; 688 } 689 spin_unlock_bh(&in_dev->mc_tomb_lock); 690 691 /* change recs */ 692 for_each_pmc_rcu(in_dev, pmc) { 693 spin_lock_bh(&pmc->lock); 694 if (pmc->sfcount[MCAST_EXCLUDE]) { 695 type = IGMPV3_BLOCK_OLD_SOURCES; 696 dtype = IGMPV3_ALLOW_NEW_SOURCES; 697 } else { 698 type = IGMPV3_ALLOW_NEW_SOURCES; 699 dtype = IGMPV3_BLOCK_OLD_SOURCES; 700 } 701 skb = add_grec(skb, pmc, type, 0, 0); 702 skb = add_grec(skb, pmc, dtype, 0, 1); /* deleted sources */ 703 704 /* filter mode changes */ 705 if (pmc->crcount) { 706 if (pmc->sfmode == MCAST_EXCLUDE) 707 type = IGMPV3_CHANGE_TO_EXCLUDE; 708 else 709 type = IGMPV3_CHANGE_TO_INCLUDE; 710 skb = add_grec(skb, pmc, type, 0, 0); 711 pmc->crcount--; 712 } 713 spin_unlock_bh(&pmc->lock); 714 } 715 rcu_read_unlock(); 716 717 if (!skb) 718 return; 719 (void) igmpv3_sendpack(skb); 720 } 721 722 static int igmp_send_report(struct in_device *in_dev, struct ip_mc_list *pmc, 723 int type) 724 { 725 struct sk_buff *skb; 726 struct iphdr *iph; 727 struct igmphdr *ih; 728 struct rtable *rt; 729 struct net_device *dev = in_dev->dev; 730 struct net *net = dev_net(dev); 731 __be32 group = pmc ? pmc->multiaddr : 0; 732 struct flowi4 fl4; 733 __be32 dst; 734 int hlen, tlen; 735 736 if (type == IGMPV3_HOST_MEMBERSHIP_REPORT) 737 return igmpv3_send_report(in_dev, pmc); 738 739 if (ipv4_is_local_multicast(group) && !net->ipv4.sysctl_igmp_llm_reports) 740 return 0; 741 742 if (type == IGMP_HOST_LEAVE_MESSAGE) 743 dst = IGMP_ALL_ROUTER; 744 else 745 dst = group; 746 747 rt = ip_route_output_ports(net, &fl4, NULL, dst, 0, 748 0, 0, 749 IPPROTO_IGMP, 0, dev->ifindex); 750 if (IS_ERR(rt)) 751 return -1; 752 753 hlen = LL_RESERVED_SPACE(dev); 754 tlen = dev->needed_tailroom; 755 skb = alloc_skb(IGMP_SIZE + hlen + tlen, GFP_ATOMIC); 756 if (!skb) { 757 ip_rt_put(rt); 758 return -1; 759 } 760 skb->priority = TC_PRIO_CONTROL; 761 762 skb_dst_set(skb, &rt->dst); 763 764 skb_reserve(skb, hlen); 765 766 skb_reset_network_header(skb); 767 iph = ip_hdr(skb); 768 skb_put(skb, sizeof(struct iphdr) + 4); 769 770 iph->version = 4; 771 iph->ihl = (sizeof(struct iphdr)+4)>>2; 772 iph->tos = 0xc0; 773 iph->frag_off = htons(IP_DF); 774 iph->ttl = 1; 775 iph->daddr = dst; 776 iph->saddr = fl4.saddr; 777 iph->protocol = IPPROTO_IGMP; 778 ip_select_ident(net, skb, NULL); 779 ((u8 *)&iph[1])[0] = IPOPT_RA; 780 ((u8 *)&iph[1])[1] = 4; 781 ((u8 *)&iph[1])[2] = 0; 782 ((u8 *)&iph[1])[3] = 0; 783 784 ih = skb_put(skb, sizeof(struct igmphdr)); 785 ih->type = type; 786 ih->code = 0; 787 ih->csum = 0; 788 ih->group = group; 789 ih->csum = ip_compute_csum((void *)ih, sizeof(struct igmphdr)); 790 791 return ip_local_out(net, skb->sk, skb); 792 } 793 794 static void igmp_gq_timer_expire(struct timer_list *t) 795 { 796 struct in_device *in_dev = from_timer(in_dev, t, mr_gq_timer); 797 798 in_dev->mr_gq_running = 0; 799 igmpv3_send_report(in_dev, NULL); 800 in_dev_put(in_dev); 801 } 802 803 static void igmp_ifc_timer_expire(struct timer_list *t) 804 { 805 struct in_device *in_dev = from_timer(in_dev, t, mr_ifc_timer); 806 u32 mr_ifc_count; 807 808 igmpv3_send_cr(in_dev); 809 restart: 810 mr_ifc_count = READ_ONCE(in_dev->mr_ifc_count); 811 812 if (mr_ifc_count) { 813 if (cmpxchg(&in_dev->mr_ifc_count, 814 mr_ifc_count, 815 mr_ifc_count - 1) != mr_ifc_count) 816 goto restart; 817 igmp_ifc_start_timer(in_dev, 818 unsolicited_report_interval(in_dev)); 819 } 820 in_dev_put(in_dev); 821 } 822 823 static void igmp_ifc_event(struct in_device *in_dev) 824 { 825 struct net *net = dev_net(in_dev->dev); 826 if (IGMP_V1_SEEN(in_dev) || IGMP_V2_SEEN(in_dev)) 827 return; 828 WRITE_ONCE(in_dev->mr_ifc_count, in_dev->mr_qrv ?: net->ipv4.sysctl_igmp_qrv); 829 igmp_ifc_start_timer(in_dev, 1); 830 } 831 832 833 static void igmp_timer_expire(struct timer_list *t) 834 { 835 struct ip_mc_list *im = from_timer(im, t, timer); 836 struct in_device *in_dev = im->interface; 837 838 spin_lock(&im->lock); 839 im->tm_running = 0; 840 841 if (im->unsolicit_count && --im->unsolicit_count) 842 igmp_start_timer(im, unsolicited_report_interval(in_dev)); 843 844 im->reporter = 1; 845 spin_unlock(&im->lock); 846 847 if (IGMP_V1_SEEN(in_dev)) 848 igmp_send_report(in_dev, im, IGMP_HOST_MEMBERSHIP_REPORT); 849 else if (IGMP_V2_SEEN(in_dev)) 850 igmp_send_report(in_dev, im, IGMPV2_HOST_MEMBERSHIP_REPORT); 851 else 852 igmp_send_report(in_dev, im, IGMPV3_HOST_MEMBERSHIP_REPORT); 853 854 ip_ma_put(im); 855 } 856 857 /* mark EXCLUDE-mode sources */ 858 static int igmp_xmarksources(struct ip_mc_list *pmc, int nsrcs, __be32 *srcs) 859 { 860 struct ip_sf_list *psf; 861 int i, scount; 862 863 scount = 0; 864 for (psf = pmc->sources; psf; psf = psf->sf_next) { 865 if (scount == nsrcs) 866 break; 867 for (i = 0; i < nsrcs; i++) { 868 /* skip inactive filters */ 869 if (psf->sf_count[MCAST_INCLUDE] || 870 pmc->sfcount[MCAST_EXCLUDE] != 871 psf->sf_count[MCAST_EXCLUDE]) 872 break; 873 if (srcs[i] == psf->sf_inaddr) { 874 scount++; 875 break; 876 } 877 } 878 } 879 pmc->gsquery = 0; 880 if (scount == nsrcs) /* all sources excluded */ 881 return 0; 882 return 1; 883 } 884 885 static int igmp_marksources(struct ip_mc_list *pmc, int nsrcs, __be32 *srcs) 886 { 887 struct ip_sf_list *psf; 888 int i, scount; 889 890 if (pmc->sfmode == MCAST_EXCLUDE) 891 return igmp_xmarksources(pmc, nsrcs, srcs); 892 893 /* mark INCLUDE-mode sources */ 894 scount = 0; 895 for (psf = pmc->sources; psf; psf = psf->sf_next) { 896 if (scount == nsrcs) 897 break; 898 for (i = 0; i < nsrcs; i++) 899 if (srcs[i] == psf->sf_inaddr) { 900 psf->sf_gsresp = 1; 901 scount++; 902 break; 903 } 904 } 905 if (!scount) { 906 pmc->gsquery = 0; 907 return 0; 908 } 909 pmc->gsquery = 1; 910 return 1; 911 } 912 913 /* return true if packet was dropped */ 914 static bool igmp_heard_report(struct in_device *in_dev, __be32 group) 915 { 916 struct ip_mc_list *im; 917 struct net *net = dev_net(in_dev->dev); 918 919 /* Timers are only set for non-local groups */ 920 921 if (group == IGMP_ALL_HOSTS) 922 return false; 923 if (ipv4_is_local_multicast(group) && !net->ipv4.sysctl_igmp_llm_reports) 924 return false; 925 926 rcu_read_lock(); 927 for_each_pmc_rcu(in_dev, im) { 928 if (im->multiaddr == group) { 929 igmp_stop_timer(im); 930 break; 931 } 932 } 933 rcu_read_unlock(); 934 return false; 935 } 936 937 /* return true if packet was dropped */ 938 static bool igmp_heard_query(struct in_device *in_dev, struct sk_buff *skb, 939 int len) 940 { 941 struct igmphdr *ih = igmp_hdr(skb); 942 struct igmpv3_query *ih3 = igmpv3_query_hdr(skb); 943 struct ip_mc_list *im; 944 __be32 group = ih->group; 945 int max_delay; 946 int mark = 0; 947 struct net *net = dev_net(in_dev->dev); 948 949 950 if (len == 8) { 951 if (ih->code == 0) { 952 /* Alas, old v1 router presents here. */ 953 954 max_delay = IGMP_QUERY_RESPONSE_INTERVAL; 955 in_dev->mr_v1_seen = jiffies + 956 (in_dev->mr_qrv * in_dev->mr_qi) + 957 in_dev->mr_qri; 958 group = 0; 959 } else { 960 /* v2 router present */ 961 max_delay = ih->code*(HZ/IGMP_TIMER_SCALE); 962 in_dev->mr_v2_seen = jiffies + 963 (in_dev->mr_qrv * in_dev->mr_qi) + 964 in_dev->mr_qri; 965 } 966 /* cancel the interface change timer */ 967 WRITE_ONCE(in_dev->mr_ifc_count, 0); 968 if (del_timer(&in_dev->mr_ifc_timer)) 969 __in_dev_put(in_dev); 970 /* clear deleted report items */ 971 igmpv3_clear_delrec(in_dev); 972 } else if (len < 12) { 973 return true; /* ignore bogus packet; freed by caller */ 974 } else if (IGMP_V1_SEEN(in_dev)) { 975 /* This is a v3 query with v1 queriers present */ 976 max_delay = IGMP_QUERY_RESPONSE_INTERVAL; 977 group = 0; 978 } else if (IGMP_V2_SEEN(in_dev)) { 979 /* this is a v3 query with v2 queriers present; 980 * Interpretation of the max_delay code is problematic here. 981 * A real v2 host would use ih_code directly, while v3 has a 982 * different encoding. We use the v3 encoding as more likely 983 * to be intended in a v3 query. 984 */ 985 max_delay = IGMPV3_MRC(ih3->code)*(HZ/IGMP_TIMER_SCALE); 986 if (!max_delay) 987 max_delay = 1; /* can't mod w/ 0 */ 988 } else { /* v3 */ 989 if (!pskb_may_pull(skb, sizeof(struct igmpv3_query))) 990 return true; 991 992 ih3 = igmpv3_query_hdr(skb); 993 if (ih3->nsrcs) { 994 if (!pskb_may_pull(skb, sizeof(struct igmpv3_query) 995 + ntohs(ih3->nsrcs)*sizeof(__be32))) 996 return true; 997 ih3 = igmpv3_query_hdr(skb); 998 } 999 1000 max_delay = IGMPV3_MRC(ih3->code)*(HZ/IGMP_TIMER_SCALE); 1001 if (!max_delay) 1002 max_delay = 1; /* can't mod w/ 0 */ 1003 in_dev->mr_maxdelay = max_delay; 1004 1005 /* RFC3376, 4.1.6. QRV and 4.1.7. QQIC, when the most recently 1006 * received value was zero, use the default or statically 1007 * configured value. 1008 */ 1009 in_dev->mr_qrv = ih3->qrv ?: net->ipv4.sysctl_igmp_qrv; 1010 in_dev->mr_qi = IGMPV3_QQIC(ih3->qqic)*HZ ?: IGMP_QUERY_INTERVAL; 1011 1012 /* RFC3376, 8.3. Query Response Interval: 1013 * The number of seconds represented by the [Query Response 1014 * Interval] must be less than the [Query Interval]. 1015 */ 1016 if (in_dev->mr_qri >= in_dev->mr_qi) 1017 in_dev->mr_qri = (in_dev->mr_qi/HZ - 1)*HZ; 1018 1019 if (!group) { /* general query */ 1020 if (ih3->nsrcs) 1021 return true; /* no sources allowed */ 1022 igmp_gq_start_timer(in_dev); 1023 return false; 1024 } 1025 /* mark sources to include, if group & source-specific */ 1026 mark = ih3->nsrcs != 0; 1027 } 1028 1029 /* 1030 * - Start the timers in all of our membership records 1031 * that the query applies to for the interface on 1032 * which the query arrived excl. those that belong 1033 * to a "local" group (224.0.0.X) 1034 * - For timers already running check if they need to 1035 * be reset. 1036 * - Use the igmp->igmp_code field as the maximum 1037 * delay possible 1038 */ 1039 rcu_read_lock(); 1040 for_each_pmc_rcu(in_dev, im) { 1041 int changed; 1042 1043 if (group && group != im->multiaddr) 1044 continue; 1045 if (im->multiaddr == IGMP_ALL_HOSTS) 1046 continue; 1047 if (ipv4_is_local_multicast(im->multiaddr) && 1048 !net->ipv4.sysctl_igmp_llm_reports) 1049 continue; 1050 spin_lock_bh(&im->lock); 1051 if (im->tm_running) 1052 im->gsquery = im->gsquery && mark; 1053 else 1054 im->gsquery = mark; 1055 changed = !im->gsquery || 1056 igmp_marksources(im, ntohs(ih3->nsrcs), ih3->srcs); 1057 spin_unlock_bh(&im->lock); 1058 if (changed) 1059 igmp_mod_timer(im, max_delay); 1060 } 1061 rcu_read_unlock(); 1062 return false; 1063 } 1064 1065 /* called in rcu_read_lock() section */ 1066 int igmp_rcv(struct sk_buff *skb) 1067 { 1068 /* This basically follows the spec line by line -- see RFC1112 */ 1069 struct igmphdr *ih; 1070 struct net_device *dev = skb->dev; 1071 struct in_device *in_dev; 1072 int len = skb->len; 1073 bool dropped = true; 1074 1075 if (netif_is_l3_master(dev)) { 1076 dev = dev_get_by_index_rcu(dev_net(dev), IPCB(skb)->iif); 1077 if (!dev) 1078 goto drop; 1079 } 1080 1081 in_dev = __in_dev_get_rcu(dev); 1082 if (!in_dev) 1083 goto drop; 1084 1085 if (!pskb_may_pull(skb, sizeof(struct igmphdr))) 1086 goto drop; 1087 1088 if (skb_checksum_simple_validate(skb)) 1089 goto drop; 1090 1091 ih = igmp_hdr(skb); 1092 switch (ih->type) { 1093 case IGMP_HOST_MEMBERSHIP_QUERY: 1094 dropped = igmp_heard_query(in_dev, skb, len); 1095 break; 1096 case IGMP_HOST_MEMBERSHIP_REPORT: 1097 case IGMPV2_HOST_MEMBERSHIP_REPORT: 1098 /* Is it our report looped back? */ 1099 if (rt_is_output_route(skb_rtable(skb))) 1100 break; 1101 /* don't rely on MC router hearing unicast reports */ 1102 if (skb->pkt_type == PACKET_MULTICAST || 1103 skb->pkt_type == PACKET_BROADCAST) 1104 dropped = igmp_heard_report(in_dev, ih->group); 1105 break; 1106 case IGMP_PIM: 1107 #ifdef CONFIG_IP_PIMSM_V1 1108 return pim_rcv_v1(skb); 1109 #endif 1110 case IGMPV3_HOST_MEMBERSHIP_REPORT: 1111 case IGMP_DVMRP: 1112 case IGMP_TRACE: 1113 case IGMP_HOST_LEAVE_MESSAGE: 1114 case IGMP_MTRACE: 1115 case IGMP_MTRACE_RESP: 1116 break; 1117 default: 1118 break; 1119 } 1120 1121 drop: 1122 if (dropped) 1123 kfree_skb(skb); 1124 else 1125 consume_skb(skb); 1126 return 0; 1127 } 1128 1129 #endif 1130 1131 1132 /* 1133 * Add a filter to a device 1134 */ 1135 1136 static void ip_mc_filter_add(struct in_device *in_dev, __be32 addr) 1137 { 1138 char buf[MAX_ADDR_LEN]; 1139 struct net_device *dev = in_dev->dev; 1140 1141 /* Checking for IFF_MULTICAST here is WRONG-WRONG-WRONG. 1142 We will get multicast token leakage, when IFF_MULTICAST 1143 is changed. This check should be done in ndo_set_rx_mode 1144 routine. Something sort of: 1145 if (dev->mc_list && dev->flags&IFF_MULTICAST) { do it; } 1146 --ANK 1147 */ 1148 if (arp_mc_map(addr, buf, dev, 0) == 0) 1149 dev_mc_add(dev, buf); 1150 } 1151 1152 /* 1153 * Remove a filter from a device 1154 */ 1155 1156 static void ip_mc_filter_del(struct in_device *in_dev, __be32 addr) 1157 { 1158 char buf[MAX_ADDR_LEN]; 1159 struct net_device *dev = in_dev->dev; 1160 1161 if (arp_mc_map(addr, buf, dev, 0) == 0) 1162 dev_mc_del(dev, buf); 1163 } 1164 1165 #ifdef CONFIG_IP_MULTICAST 1166 /* 1167 * deleted ip_mc_list manipulation 1168 */ 1169 static void igmpv3_add_delrec(struct in_device *in_dev, struct ip_mc_list *im, 1170 gfp_t gfp) 1171 { 1172 struct ip_mc_list *pmc; 1173 struct net *net = dev_net(in_dev->dev); 1174 1175 /* this is an "ip_mc_list" for convenience; only the fields below 1176 * are actually used. In particular, the refcnt and users are not 1177 * used for management of the delete list. Using the same structure 1178 * for deleted items allows change reports to use common code with 1179 * non-deleted or query-response MCA's. 1180 */ 1181 pmc = kzalloc(sizeof(*pmc), gfp); 1182 if (!pmc) 1183 return; 1184 spin_lock_init(&pmc->lock); 1185 spin_lock_bh(&im->lock); 1186 pmc->interface = im->interface; 1187 in_dev_hold(in_dev); 1188 pmc->multiaddr = im->multiaddr; 1189 pmc->crcount = in_dev->mr_qrv ?: net->ipv4.sysctl_igmp_qrv; 1190 pmc->sfmode = im->sfmode; 1191 if (pmc->sfmode == MCAST_INCLUDE) { 1192 struct ip_sf_list *psf; 1193 1194 pmc->tomb = im->tomb; 1195 pmc->sources = im->sources; 1196 im->tomb = im->sources = NULL; 1197 for (psf = pmc->sources; psf; psf = psf->sf_next) 1198 psf->sf_crcount = pmc->crcount; 1199 } 1200 spin_unlock_bh(&im->lock); 1201 1202 spin_lock_bh(&in_dev->mc_tomb_lock); 1203 pmc->next = in_dev->mc_tomb; 1204 in_dev->mc_tomb = pmc; 1205 spin_unlock_bh(&in_dev->mc_tomb_lock); 1206 } 1207 1208 /* 1209 * restore ip_mc_list deleted records 1210 */ 1211 static void igmpv3_del_delrec(struct in_device *in_dev, struct ip_mc_list *im) 1212 { 1213 struct ip_mc_list *pmc, *pmc_prev; 1214 struct ip_sf_list *psf; 1215 struct net *net = dev_net(in_dev->dev); 1216 __be32 multiaddr = im->multiaddr; 1217 1218 spin_lock_bh(&in_dev->mc_tomb_lock); 1219 pmc_prev = NULL; 1220 for (pmc = in_dev->mc_tomb; pmc; pmc = pmc->next) { 1221 if (pmc->multiaddr == multiaddr) 1222 break; 1223 pmc_prev = pmc; 1224 } 1225 if (pmc) { 1226 if (pmc_prev) 1227 pmc_prev->next = pmc->next; 1228 else 1229 in_dev->mc_tomb = pmc->next; 1230 } 1231 spin_unlock_bh(&in_dev->mc_tomb_lock); 1232 1233 spin_lock_bh(&im->lock); 1234 if (pmc) { 1235 im->interface = pmc->interface; 1236 if (im->sfmode == MCAST_INCLUDE) { 1237 swap(im->tomb, pmc->tomb); 1238 swap(im->sources, pmc->sources); 1239 for (psf = im->sources; psf; psf = psf->sf_next) 1240 psf->sf_crcount = in_dev->mr_qrv ?: net->ipv4.sysctl_igmp_qrv; 1241 } else { 1242 im->crcount = in_dev->mr_qrv ?: net->ipv4.sysctl_igmp_qrv; 1243 } 1244 in_dev_put(pmc->interface); 1245 kfree_pmc(pmc); 1246 } 1247 spin_unlock_bh(&im->lock); 1248 } 1249 1250 /* 1251 * flush ip_mc_list deleted records 1252 */ 1253 static void igmpv3_clear_delrec(struct in_device *in_dev) 1254 { 1255 struct ip_mc_list *pmc, *nextpmc; 1256 1257 spin_lock_bh(&in_dev->mc_tomb_lock); 1258 pmc = in_dev->mc_tomb; 1259 in_dev->mc_tomb = NULL; 1260 spin_unlock_bh(&in_dev->mc_tomb_lock); 1261 1262 for (; pmc; pmc = nextpmc) { 1263 nextpmc = pmc->next; 1264 ip_mc_clear_src(pmc); 1265 in_dev_put(pmc->interface); 1266 kfree_pmc(pmc); 1267 } 1268 /* clear dead sources, too */ 1269 rcu_read_lock(); 1270 for_each_pmc_rcu(in_dev, pmc) { 1271 struct ip_sf_list *psf; 1272 1273 spin_lock_bh(&pmc->lock); 1274 psf = pmc->tomb; 1275 pmc->tomb = NULL; 1276 spin_unlock_bh(&pmc->lock); 1277 ip_sf_list_clear_all(psf); 1278 } 1279 rcu_read_unlock(); 1280 } 1281 #endif 1282 1283 static void __igmp_group_dropped(struct ip_mc_list *im, gfp_t gfp) 1284 { 1285 struct in_device *in_dev = im->interface; 1286 #ifdef CONFIG_IP_MULTICAST 1287 struct net *net = dev_net(in_dev->dev); 1288 int reporter; 1289 #endif 1290 1291 if (im->loaded) { 1292 im->loaded = 0; 1293 ip_mc_filter_del(in_dev, im->multiaddr); 1294 } 1295 1296 #ifdef CONFIG_IP_MULTICAST 1297 if (im->multiaddr == IGMP_ALL_HOSTS) 1298 return; 1299 if (ipv4_is_local_multicast(im->multiaddr) && !net->ipv4.sysctl_igmp_llm_reports) 1300 return; 1301 1302 reporter = im->reporter; 1303 igmp_stop_timer(im); 1304 1305 if (!in_dev->dead) { 1306 if (IGMP_V1_SEEN(in_dev)) 1307 return; 1308 if (IGMP_V2_SEEN(in_dev)) { 1309 if (reporter) 1310 igmp_send_report(in_dev, im, IGMP_HOST_LEAVE_MESSAGE); 1311 return; 1312 } 1313 /* IGMPv3 */ 1314 igmpv3_add_delrec(in_dev, im, gfp); 1315 1316 igmp_ifc_event(in_dev); 1317 } 1318 #endif 1319 } 1320 1321 static void igmp_group_dropped(struct ip_mc_list *im) 1322 { 1323 __igmp_group_dropped(im, GFP_KERNEL); 1324 } 1325 1326 static void igmp_group_added(struct ip_mc_list *im) 1327 { 1328 struct in_device *in_dev = im->interface; 1329 #ifdef CONFIG_IP_MULTICAST 1330 struct net *net = dev_net(in_dev->dev); 1331 #endif 1332 1333 if (im->loaded == 0) { 1334 im->loaded = 1; 1335 ip_mc_filter_add(in_dev, im->multiaddr); 1336 } 1337 1338 #ifdef CONFIG_IP_MULTICAST 1339 if (im->multiaddr == IGMP_ALL_HOSTS) 1340 return; 1341 if (ipv4_is_local_multicast(im->multiaddr) && !net->ipv4.sysctl_igmp_llm_reports) 1342 return; 1343 1344 if (in_dev->dead) 1345 return; 1346 1347 im->unsolicit_count = net->ipv4.sysctl_igmp_qrv; 1348 if (IGMP_V1_SEEN(in_dev) || IGMP_V2_SEEN(in_dev)) { 1349 spin_lock_bh(&im->lock); 1350 igmp_start_timer(im, IGMP_INITIAL_REPORT_DELAY); 1351 spin_unlock_bh(&im->lock); 1352 return; 1353 } 1354 /* else, v3 */ 1355 1356 /* Based on RFC3376 5.1, for newly added INCLUDE SSM, we should 1357 * not send filter-mode change record as the mode should be from 1358 * IN() to IN(A). 1359 */ 1360 if (im->sfmode == MCAST_EXCLUDE) 1361 im->crcount = in_dev->mr_qrv ?: net->ipv4.sysctl_igmp_qrv; 1362 1363 igmp_ifc_event(in_dev); 1364 #endif 1365 } 1366 1367 1368 /* 1369 * Multicast list managers 1370 */ 1371 1372 static u32 ip_mc_hash(const struct ip_mc_list *im) 1373 { 1374 return hash_32((__force u32)im->multiaddr, MC_HASH_SZ_LOG); 1375 } 1376 1377 static void ip_mc_hash_add(struct in_device *in_dev, 1378 struct ip_mc_list *im) 1379 { 1380 struct ip_mc_list __rcu **mc_hash; 1381 u32 hash; 1382 1383 mc_hash = rtnl_dereference(in_dev->mc_hash); 1384 if (mc_hash) { 1385 hash = ip_mc_hash(im); 1386 im->next_hash = mc_hash[hash]; 1387 rcu_assign_pointer(mc_hash[hash], im); 1388 return; 1389 } 1390 1391 /* do not use a hash table for small number of items */ 1392 if (in_dev->mc_count < 4) 1393 return; 1394 1395 mc_hash = kzalloc(sizeof(struct ip_mc_list *) << MC_HASH_SZ_LOG, 1396 GFP_KERNEL); 1397 if (!mc_hash) 1398 return; 1399 1400 for_each_pmc_rtnl(in_dev, im) { 1401 hash = ip_mc_hash(im); 1402 im->next_hash = mc_hash[hash]; 1403 RCU_INIT_POINTER(mc_hash[hash], im); 1404 } 1405 1406 rcu_assign_pointer(in_dev->mc_hash, mc_hash); 1407 } 1408 1409 static void ip_mc_hash_remove(struct in_device *in_dev, 1410 struct ip_mc_list *im) 1411 { 1412 struct ip_mc_list __rcu **mc_hash = rtnl_dereference(in_dev->mc_hash); 1413 struct ip_mc_list *aux; 1414 1415 if (!mc_hash) 1416 return; 1417 mc_hash += ip_mc_hash(im); 1418 while ((aux = rtnl_dereference(*mc_hash)) != im) 1419 mc_hash = &aux->next_hash; 1420 *mc_hash = im->next_hash; 1421 } 1422 1423 1424 /* 1425 * A socket has joined a multicast group on device dev. 1426 */ 1427 static void ____ip_mc_inc_group(struct in_device *in_dev, __be32 addr, 1428 unsigned int mode, gfp_t gfp) 1429 { 1430 struct ip_mc_list *im; 1431 1432 ASSERT_RTNL(); 1433 1434 for_each_pmc_rtnl(in_dev, im) { 1435 if (im->multiaddr == addr) { 1436 im->users++; 1437 ip_mc_add_src(in_dev, &addr, mode, 0, NULL, 0); 1438 goto out; 1439 } 1440 } 1441 1442 im = kzalloc(sizeof(*im), gfp); 1443 if (!im) 1444 goto out; 1445 1446 im->users = 1; 1447 im->interface = in_dev; 1448 in_dev_hold(in_dev); 1449 im->multiaddr = addr; 1450 /* initial mode is (EX, empty) */ 1451 im->sfmode = mode; 1452 im->sfcount[mode] = 1; 1453 refcount_set(&im->refcnt, 1); 1454 spin_lock_init(&im->lock); 1455 #ifdef CONFIG_IP_MULTICAST 1456 timer_setup(&im->timer, igmp_timer_expire, 0); 1457 #endif 1458 1459 im->next_rcu = in_dev->mc_list; 1460 in_dev->mc_count++; 1461 rcu_assign_pointer(in_dev->mc_list, im); 1462 1463 ip_mc_hash_add(in_dev, im); 1464 1465 #ifdef CONFIG_IP_MULTICAST 1466 igmpv3_del_delrec(in_dev, im); 1467 #endif 1468 igmp_group_added(im); 1469 if (!in_dev->dead) 1470 ip_rt_multicast_event(in_dev); 1471 out: 1472 return; 1473 } 1474 1475 void __ip_mc_inc_group(struct in_device *in_dev, __be32 addr, gfp_t gfp) 1476 { 1477 ____ip_mc_inc_group(in_dev, addr, MCAST_EXCLUDE, gfp); 1478 } 1479 EXPORT_SYMBOL(__ip_mc_inc_group); 1480 1481 void ip_mc_inc_group(struct in_device *in_dev, __be32 addr) 1482 { 1483 __ip_mc_inc_group(in_dev, addr, GFP_KERNEL); 1484 } 1485 EXPORT_SYMBOL(ip_mc_inc_group); 1486 1487 static int ip_mc_check_iphdr(struct sk_buff *skb) 1488 { 1489 const struct iphdr *iph; 1490 unsigned int len; 1491 unsigned int offset = skb_network_offset(skb) + sizeof(*iph); 1492 1493 if (!pskb_may_pull(skb, offset)) 1494 return -EINVAL; 1495 1496 iph = ip_hdr(skb); 1497 1498 if (iph->version != 4 || ip_hdrlen(skb) < sizeof(*iph)) 1499 return -EINVAL; 1500 1501 offset += ip_hdrlen(skb) - sizeof(*iph); 1502 1503 if (!pskb_may_pull(skb, offset)) 1504 return -EINVAL; 1505 1506 iph = ip_hdr(skb); 1507 1508 if (unlikely(ip_fast_csum((u8 *)iph, iph->ihl))) 1509 return -EINVAL; 1510 1511 len = skb_network_offset(skb) + ntohs(iph->tot_len); 1512 if (skb->len < len || len < offset) 1513 return -EINVAL; 1514 1515 skb_set_transport_header(skb, offset); 1516 1517 return 0; 1518 } 1519 1520 static int ip_mc_check_igmp_reportv3(struct sk_buff *skb) 1521 { 1522 unsigned int len = skb_transport_offset(skb); 1523 1524 len += sizeof(struct igmpv3_report); 1525 1526 return ip_mc_may_pull(skb, len) ? 0 : -EINVAL; 1527 } 1528 1529 static int ip_mc_check_igmp_query(struct sk_buff *skb) 1530 { 1531 unsigned int transport_len = ip_transport_len(skb); 1532 unsigned int len; 1533 1534 /* IGMPv{1,2}? */ 1535 if (transport_len != sizeof(struct igmphdr)) { 1536 /* or IGMPv3? */ 1537 if (transport_len < sizeof(struct igmpv3_query)) 1538 return -EINVAL; 1539 1540 len = skb_transport_offset(skb) + sizeof(struct igmpv3_query); 1541 if (!ip_mc_may_pull(skb, len)) 1542 return -EINVAL; 1543 } 1544 1545 /* RFC2236+RFC3376 (IGMPv2+IGMPv3) require the multicast link layer 1546 * all-systems destination addresses (224.0.0.1) for general queries 1547 */ 1548 if (!igmp_hdr(skb)->group && 1549 ip_hdr(skb)->daddr != htonl(INADDR_ALLHOSTS_GROUP)) 1550 return -EINVAL; 1551 1552 return 0; 1553 } 1554 1555 static int ip_mc_check_igmp_msg(struct sk_buff *skb) 1556 { 1557 switch (igmp_hdr(skb)->type) { 1558 case IGMP_HOST_LEAVE_MESSAGE: 1559 case IGMP_HOST_MEMBERSHIP_REPORT: 1560 case IGMPV2_HOST_MEMBERSHIP_REPORT: 1561 return 0; 1562 case IGMPV3_HOST_MEMBERSHIP_REPORT: 1563 return ip_mc_check_igmp_reportv3(skb); 1564 case IGMP_HOST_MEMBERSHIP_QUERY: 1565 return ip_mc_check_igmp_query(skb); 1566 default: 1567 return -ENOMSG; 1568 } 1569 } 1570 1571 static __sum16 ip_mc_validate_checksum(struct sk_buff *skb) 1572 { 1573 return skb_checksum_simple_validate(skb); 1574 } 1575 1576 static int ip_mc_check_igmp_csum(struct sk_buff *skb) 1577 { 1578 unsigned int len = skb_transport_offset(skb) + sizeof(struct igmphdr); 1579 unsigned int transport_len = ip_transport_len(skb); 1580 struct sk_buff *skb_chk; 1581 1582 if (!ip_mc_may_pull(skb, len)) 1583 return -EINVAL; 1584 1585 skb_chk = skb_checksum_trimmed(skb, transport_len, 1586 ip_mc_validate_checksum); 1587 if (!skb_chk) 1588 return -EINVAL; 1589 1590 if (skb_chk != skb) 1591 kfree_skb(skb_chk); 1592 1593 return 0; 1594 } 1595 1596 /** 1597 * ip_mc_check_igmp - checks whether this is a sane IGMP packet 1598 * @skb: the skb to validate 1599 * 1600 * Checks whether an IPv4 packet is a valid IGMP packet. If so sets 1601 * skb transport header accordingly and returns zero. 1602 * 1603 * -EINVAL: A broken packet was detected, i.e. it violates some internet 1604 * standard 1605 * -ENOMSG: IP header validation succeeded but it is not an IGMP packet. 1606 * -ENOMEM: A memory allocation failure happened. 1607 * 1608 * Caller needs to set the skb network header and free any returned skb if it 1609 * differs from the provided skb. 1610 */ 1611 int ip_mc_check_igmp(struct sk_buff *skb) 1612 { 1613 int ret = ip_mc_check_iphdr(skb); 1614 1615 if (ret < 0) 1616 return ret; 1617 1618 if (ip_hdr(skb)->protocol != IPPROTO_IGMP) 1619 return -ENOMSG; 1620 1621 ret = ip_mc_check_igmp_csum(skb); 1622 if (ret < 0) 1623 return ret; 1624 1625 return ip_mc_check_igmp_msg(skb); 1626 } 1627 EXPORT_SYMBOL(ip_mc_check_igmp); 1628 1629 /* 1630 * Resend IGMP JOIN report; used by netdev notifier. 1631 */ 1632 static void ip_mc_rejoin_groups(struct in_device *in_dev) 1633 { 1634 #ifdef CONFIG_IP_MULTICAST 1635 struct ip_mc_list *im; 1636 int type; 1637 struct net *net = dev_net(in_dev->dev); 1638 1639 ASSERT_RTNL(); 1640 1641 for_each_pmc_rtnl(in_dev, im) { 1642 if (im->multiaddr == IGMP_ALL_HOSTS) 1643 continue; 1644 if (ipv4_is_local_multicast(im->multiaddr) && 1645 !net->ipv4.sysctl_igmp_llm_reports) 1646 continue; 1647 1648 /* a failover is happening and switches 1649 * must be notified immediately 1650 */ 1651 if (IGMP_V1_SEEN(in_dev)) 1652 type = IGMP_HOST_MEMBERSHIP_REPORT; 1653 else if (IGMP_V2_SEEN(in_dev)) 1654 type = IGMPV2_HOST_MEMBERSHIP_REPORT; 1655 else 1656 type = IGMPV3_HOST_MEMBERSHIP_REPORT; 1657 igmp_send_report(in_dev, im, type); 1658 } 1659 #endif 1660 } 1661 1662 /* 1663 * A socket has left a multicast group on device dev 1664 */ 1665 1666 void __ip_mc_dec_group(struct in_device *in_dev, __be32 addr, gfp_t gfp) 1667 { 1668 struct ip_mc_list *i; 1669 struct ip_mc_list __rcu **ip; 1670 1671 ASSERT_RTNL(); 1672 1673 for (ip = &in_dev->mc_list; 1674 (i = rtnl_dereference(*ip)) != NULL; 1675 ip = &i->next_rcu) { 1676 if (i->multiaddr == addr) { 1677 if (--i->users == 0) { 1678 ip_mc_hash_remove(in_dev, i); 1679 *ip = i->next_rcu; 1680 in_dev->mc_count--; 1681 __igmp_group_dropped(i, gfp); 1682 ip_mc_clear_src(i); 1683 1684 if (!in_dev->dead) 1685 ip_rt_multicast_event(in_dev); 1686 1687 ip_ma_put(i); 1688 return; 1689 } 1690 break; 1691 } 1692 } 1693 } 1694 EXPORT_SYMBOL(__ip_mc_dec_group); 1695 1696 /* Device changing type */ 1697 1698 void ip_mc_unmap(struct in_device *in_dev) 1699 { 1700 struct ip_mc_list *pmc; 1701 1702 ASSERT_RTNL(); 1703 1704 for_each_pmc_rtnl(in_dev, pmc) 1705 igmp_group_dropped(pmc); 1706 } 1707 1708 void ip_mc_remap(struct in_device *in_dev) 1709 { 1710 struct ip_mc_list *pmc; 1711 1712 ASSERT_RTNL(); 1713 1714 for_each_pmc_rtnl(in_dev, pmc) { 1715 #ifdef CONFIG_IP_MULTICAST 1716 igmpv3_del_delrec(in_dev, pmc); 1717 #endif 1718 igmp_group_added(pmc); 1719 } 1720 } 1721 1722 /* Device going down */ 1723 1724 void ip_mc_down(struct in_device *in_dev) 1725 { 1726 struct ip_mc_list *pmc; 1727 1728 ASSERT_RTNL(); 1729 1730 for_each_pmc_rtnl(in_dev, pmc) 1731 igmp_group_dropped(pmc); 1732 1733 #ifdef CONFIG_IP_MULTICAST 1734 WRITE_ONCE(in_dev->mr_ifc_count, 0); 1735 if (del_timer(&in_dev->mr_ifc_timer)) 1736 __in_dev_put(in_dev); 1737 in_dev->mr_gq_running = 0; 1738 if (del_timer(&in_dev->mr_gq_timer)) 1739 __in_dev_put(in_dev); 1740 #endif 1741 1742 ip_mc_dec_group(in_dev, IGMP_ALL_HOSTS); 1743 } 1744 1745 #ifdef CONFIG_IP_MULTICAST 1746 static void ip_mc_reset(struct in_device *in_dev) 1747 { 1748 struct net *net = dev_net(in_dev->dev); 1749 1750 in_dev->mr_qi = IGMP_QUERY_INTERVAL; 1751 in_dev->mr_qri = IGMP_QUERY_RESPONSE_INTERVAL; 1752 in_dev->mr_qrv = net->ipv4.sysctl_igmp_qrv; 1753 } 1754 #else 1755 static void ip_mc_reset(struct in_device *in_dev) 1756 { 1757 } 1758 #endif 1759 1760 void ip_mc_init_dev(struct in_device *in_dev) 1761 { 1762 ASSERT_RTNL(); 1763 1764 #ifdef CONFIG_IP_MULTICAST 1765 timer_setup(&in_dev->mr_gq_timer, igmp_gq_timer_expire, 0); 1766 timer_setup(&in_dev->mr_ifc_timer, igmp_ifc_timer_expire, 0); 1767 #endif 1768 ip_mc_reset(in_dev); 1769 1770 spin_lock_init(&in_dev->mc_tomb_lock); 1771 } 1772 1773 /* Device going up */ 1774 1775 void ip_mc_up(struct in_device *in_dev) 1776 { 1777 struct ip_mc_list *pmc; 1778 1779 ASSERT_RTNL(); 1780 1781 ip_mc_reset(in_dev); 1782 ip_mc_inc_group(in_dev, IGMP_ALL_HOSTS); 1783 1784 for_each_pmc_rtnl(in_dev, pmc) { 1785 #ifdef CONFIG_IP_MULTICAST 1786 igmpv3_del_delrec(in_dev, pmc); 1787 #endif 1788 igmp_group_added(pmc); 1789 } 1790 } 1791 1792 /* 1793 * Device is about to be destroyed: clean up. 1794 */ 1795 1796 void ip_mc_destroy_dev(struct in_device *in_dev) 1797 { 1798 struct ip_mc_list *i; 1799 1800 ASSERT_RTNL(); 1801 1802 /* Deactivate timers */ 1803 ip_mc_down(in_dev); 1804 #ifdef CONFIG_IP_MULTICAST 1805 igmpv3_clear_delrec(in_dev); 1806 #endif 1807 1808 while ((i = rtnl_dereference(in_dev->mc_list)) != NULL) { 1809 in_dev->mc_list = i->next_rcu; 1810 in_dev->mc_count--; 1811 ip_mc_clear_src(i); 1812 ip_ma_put(i); 1813 } 1814 } 1815 1816 /* RTNL is locked */ 1817 static struct in_device *ip_mc_find_dev(struct net *net, struct ip_mreqn *imr) 1818 { 1819 struct net_device *dev = NULL; 1820 struct in_device *idev = NULL; 1821 1822 if (imr->imr_ifindex) { 1823 idev = inetdev_by_index(net, imr->imr_ifindex); 1824 return idev; 1825 } 1826 if (imr->imr_address.s_addr) { 1827 dev = __ip_dev_find(net, imr->imr_address.s_addr, false); 1828 if (!dev) 1829 return NULL; 1830 } 1831 1832 if (!dev) { 1833 struct rtable *rt = ip_route_output(net, 1834 imr->imr_multiaddr.s_addr, 1835 0, 0, 0); 1836 if (!IS_ERR(rt)) { 1837 dev = rt->dst.dev; 1838 ip_rt_put(rt); 1839 } 1840 } 1841 if (dev) { 1842 imr->imr_ifindex = dev->ifindex; 1843 idev = __in_dev_get_rtnl(dev); 1844 } 1845 return idev; 1846 } 1847 1848 /* 1849 * Join a socket to a group 1850 */ 1851 1852 static int ip_mc_del1_src(struct ip_mc_list *pmc, int sfmode, 1853 __be32 *psfsrc) 1854 { 1855 struct ip_sf_list *psf, *psf_prev; 1856 int rv = 0; 1857 1858 psf_prev = NULL; 1859 for (psf = pmc->sources; psf; psf = psf->sf_next) { 1860 if (psf->sf_inaddr == *psfsrc) 1861 break; 1862 psf_prev = psf; 1863 } 1864 if (!psf || psf->sf_count[sfmode] == 0) { 1865 /* source filter not found, or count wrong => bug */ 1866 return -ESRCH; 1867 } 1868 psf->sf_count[sfmode]--; 1869 if (psf->sf_count[sfmode] == 0) { 1870 ip_rt_multicast_event(pmc->interface); 1871 } 1872 if (!psf->sf_count[MCAST_INCLUDE] && !psf->sf_count[MCAST_EXCLUDE]) { 1873 #ifdef CONFIG_IP_MULTICAST 1874 struct in_device *in_dev = pmc->interface; 1875 struct net *net = dev_net(in_dev->dev); 1876 #endif 1877 1878 /* no more filters for this source */ 1879 if (psf_prev) 1880 psf_prev->sf_next = psf->sf_next; 1881 else 1882 pmc->sources = psf->sf_next; 1883 #ifdef CONFIG_IP_MULTICAST 1884 if (psf->sf_oldin && 1885 !IGMP_V1_SEEN(in_dev) && !IGMP_V2_SEEN(in_dev)) { 1886 psf->sf_crcount = in_dev->mr_qrv ?: net->ipv4.sysctl_igmp_qrv; 1887 psf->sf_next = pmc->tomb; 1888 pmc->tomb = psf; 1889 rv = 1; 1890 } else 1891 #endif 1892 kfree(psf); 1893 } 1894 return rv; 1895 } 1896 1897 #ifndef CONFIG_IP_MULTICAST 1898 #define igmp_ifc_event(x) do { } while (0) 1899 #endif 1900 1901 static int ip_mc_del_src(struct in_device *in_dev, __be32 *pmca, int sfmode, 1902 int sfcount, __be32 *psfsrc, int delta) 1903 { 1904 struct ip_mc_list *pmc; 1905 int changerec = 0; 1906 int i, err; 1907 1908 if (!in_dev) 1909 return -ENODEV; 1910 rcu_read_lock(); 1911 for_each_pmc_rcu(in_dev, pmc) { 1912 if (*pmca == pmc->multiaddr) 1913 break; 1914 } 1915 if (!pmc) { 1916 /* MCA not found?? bug */ 1917 rcu_read_unlock(); 1918 return -ESRCH; 1919 } 1920 spin_lock_bh(&pmc->lock); 1921 rcu_read_unlock(); 1922 #ifdef CONFIG_IP_MULTICAST 1923 sf_markstate(pmc); 1924 #endif 1925 if (!delta) { 1926 err = -EINVAL; 1927 if (!pmc->sfcount[sfmode]) 1928 goto out_unlock; 1929 pmc->sfcount[sfmode]--; 1930 } 1931 err = 0; 1932 for (i = 0; i < sfcount; i++) { 1933 int rv = ip_mc_del1_src(pmc, sfmode, &psfsrc[i]); 1934 1935 changerec |= rv > 0; 1936 if (!err && rv < 0) 1937 err = rv; 1938 } 1939 if (pmc->sfmode == MCAST_EXCLUDE && 1940 pmc->sfcount[MCAST_EXCLUDE] == 0 && 1941 pmc->sfcount[MCAST_INCLUDE]) { 1942 #ifdef CONFIG_IP_MULTICAST 1943 struct ip_sf_list *psf; 1944 struct net *net = dev_net(in_dev->dev); 1945 #endif 1946 1947 /* filter mode change */ 1948 pmc->sfmode = MCAST_INCLUDE; 1949 #ifdef CONFIG_IP_MULTICAST 1950 pmc->crcount = in_dev->mr_qrv ?: net->ipv4.sysctl_igmp_qrv; 1951 WRITE_ONCE(in_dev->mr_ifc_count, pmc->crcount); 1952 for (psf = pmc->sources; psf; psf = psf->sf_next) 1953 psf->sf_crcount = 0; 1954 igmp_ifc_event(pmc->interface); 1955 } else if (sf_setstate(pmc) || changerec) { 1956 igmp_ifc_event(pmc->interface); 1957 #endif 1958 } 1959 out_unlock: 1960 spin_unlock_bh(&pmc->lock); 1961 return err; 1962 } 1963 1964 /* 1965 * Add multicast single-source filter to the interface list 1966 */ 1967 static int ip_mc_add1_src(struct ip_mc_list *pmc, int sfmode, 1968 __be32 *psfsrc) 1969 { 1970 struct ip_sf_list *psf, *psf_prev; 1971 1972 psf_prev = NULL; 1973 for (psf = pmc->sources; psf; psf = psf->sf_next) { 1974 if (psf->sf_inaddr == *psfsrc) 1975 break; 1976 psf_prev = psf; 1977 } 1978 if (!psf) { 1979 psf = kzalloc(sizeof(*psf), GFP_ATOMIC); 1980 if (!psf) 1981 return -ENOBUFS; 1982 psf->sf_inaddr = *psfsrc; 1983 if (psf_prev) { 1984 psf_prev->sf_next = psf; 1985 } else 1986 pmc->sources = psf; 1987 } 1988 psf->sf_count[sfmode]++; 1989 if (psf->sf_count[sfmode] == 1) { 1990 ip_rt_multicast_event(pmc->interface); 1991 } 1992 return 0; 1993 } 1994 1995 #ifdef CONFIG_IP_MULTICAST 1996 static void sf_markstate(struct ip_mc_list *pmc) 1997 { 1998 struct ip_sf_list *psf; 1999 int mca_xcount = pmc->sfcount[MCAST_EXCLUDE]; 2000 2001 for (psf = pmc->sources; psf; psf = psf->sf_next) 2002 if (pmc->sfcount[MCAST_EXCLUDE]) { 2003 psf->sf_oldin = mca_xcount == 2004 psf->sf_count[MCAST_EXCLUDE] && 2005 !psf->sf_count[MCAST_INCLUDE]; 2006 } else 2007 psf->sf_oldin = psf->sf_count[MCAST_INCLUDE] != 0; 2008 } 2009 2010 static int sf_setstate(struct ip_mc_list *pmc) 2011 { 2012 struct ip_sf_list *psf, *dpsf; 2013 int mca_xcount = pmc->sfcount[MCAST_EXCLUDE]; 2014 int qrv = pmc->interface->mr_qrv; 2015 int new_in, rv; 2016 2017 rv = 0; 2018 for (psf = pmc->sources; psf; psf = psf->sf_next) { 2019 if (pmc->sfcount[MCAST_EXCLUDE]) { 2020 new_in = mca_xcount == psf->sf_count[MCAST_EXCLUDE] && 2021 !psf->sf_count[MCAST_INCLUDE]; 2022 } else 2023 new_in = psf->sf_count[MCAST_INCLUDE] != 0; 2024 if (new_in) { 2025 if (!psf->sf_oldin) { 2026 struct ip_sf_list *prev = NULL; 2027 2028 for (dpsf = pmc->tomb; dpsf; dpsf = dpsf->sf_next) { 2029 if (dpsf->sf_inaddr == psf->sf_inaddr) 2030 break; 2031 prev = dpsf; 2032 } 2033 if (dpsf) { 2034 if (prev) 2035 prev->sf_next = dpsf->sf_next; 2036 else 2037 pmc->tomb = dpsf->sf_next; 2038 kfree(dpsf); 2039 } 2040 psf->sf_crcount = qrv; 2041 rv++; 2042 } 2043 } else if (psf->sf_oldin) { 2044 2045 psf->sf_crcount = 0; 2046 /* 2047 * add or update "delete" records if an active filter 2048 * is now inactive 2049 */ 2050 for (dpsf = pmc->tomb; dpsf; dpsf = dpsf->sf_next) 2051 if (dpsf->sf_inaddr == psf->sf_inaddr) 2052 break; 2053 if (!dpsf) { 2054 dpsf = kmalloc(sizeof(*dpsf), GFP_ATOMIC); 2055 if (!dpsf) 2056 continue; 2057 *dpsf = *psf; 2058 /* pmc->lock held by callers */ 2059 dpsf->sf_next = pmc->tomb; 2060 pmc->tomb = dpsf; 2061 } 2062 dpsf->sf_crcount = qrv; 2063 rv++; 2064 } 2065 } 2066 return rv; 2067 } 2068 #endif 2069 2070 /* 2071 * Add multicast source filter list to the interface list 2072 */ 2073 static int ip_mc_add_src(struct in_device *in_dev, __be32 *pmca, int sfmode, 2074 int sfcount, __be32 *psfsrc, int delta) 2075 { 2076 struct ip_mc_list *pmc; 2077 int isexclude; 2078 int i, err; 2079 2080 if (!in_dev) 2081 return -ENODEV; 2082 rcu_read_lock(); 2083 for_each_pmc_rcu(in_dev, pmc) { 2084 if (*pmca == pmc->multiaddr) 2085 break; 2086 } 2087 if (!pmc) { 2088 /* MCA not found?? bug */ 2089 rcu_read_unlock(); 2090 return -ESRCH; 2091 } 2092 spin_lock_bh(&pmc->lock); 2093 rcu_read_unlock(); 2094 2095 #ifdef CONFIG_IP_MULTICAST 2096 sf_markstate(pmc); 2097 #endif 2098 isexclude = pmc->sfmode == MCAST_EXCLUDE; 2099 if (!delta) 2100 pmc->sfcount[sfmode]++; 2101 err = 0; 2102 for (i = 0; i < sfcount; i++) { 2103 err = ip_mc_add1_src(pmc, sfmode, &psfsrc[i]); 2104 if (err) 2105 break; 2106 } 2107 if (err) { 2108 int j; 2109 2110 if (!delta) 2111 pmc->sfcount[sfmode]--; 2112 for (j = 0; j < i; j++) 2113 (void) ip_mc_del1_src(pmc, sfmode, &psfsrc[j]); 2114 } else if (isexclude != (pmc->sfcount[MCAST_EXCLUDE] != 0)) { 2115 #ifdef CONFIG_IP_MULTICAST 2116 struct ip_sf_list *psf; 2117 struct net *net = dev_net(pmc->interface->dev); 2118 in_dev = pmc->interface; 2119 #endif 2120 2121 /* filter mode change */ 2122 if (pmc->sfcount[MCAST_EXCLUDE]) 2123 pmc->sfmode = MCAST_EXCLUDE; 2124 else if (pmc->sfcount[MCAST_INCLUDE]) 2125 pmc->sfmode = MCAST_INCLUDE; 2126 #ifdef CONFIG_IP_MULTICAST 2127 /* else no filters; keep old mode for reports */ 2128 2129 pmc->crcount = in_dev->mr_qrv ?: net->ipv4.sysctl_igmp_qrv; 2130 WRITE_ONCE(in_dev->mr_ifc_count, pmc->crcount); 2131 for (psf = pmc->sources; psf; psf = psf->sf_next) 2132 psf->sf_crcount = 0; 2133 igmp_ifc_event(in_dev); 2134 } else if (sf_setstate(pmc)) { 2135 igmp_ifc_event(in_dev); 2136 #endif 2137 } 2138 spin_unlock_bh(&pmc->lock); 2139 return err; 2140 } 2141 2142 static void ip_mc_clear_src(struct ip_mc_list *pmc) 2143 { 2144 struct ip_sf_list *tomb, *sources; 2145 2146 spin_lock_bh(&pmc->lock); 2147 tomb = pmc->tomb; 2148 pmc->tomb = NULL; 2149 sources = pmc->sources; 2150 pmc->sources = NULL; 2151 pmc->sfmode = MCAST_EXCLUDE; 2152 pmc->sfcount[MCAST_INCLUDE] = 0; 2153 pmc->sfcount[MCAST_EXCLUDE] = 1; 2154 spin_unlock_bh(&pmc->lock); 2155 2156 ip_sf_list_clear_all(tomb); 2157 ip_sf_list_clear_all(sources); 2158 } 2159 2160 /* Join a multicast group 2161 */ 2162 static int __ip_mc_join_group(struct sock *sk, struct ip_mreqn *imr, 2163 unsigned int mode) 2164 { 2165 __be32 addr = imr->imr_multiaddr.s_addr; 2166 struct ip_mc_socklist *iml, *i; 2167 struct in_device *in_dev; 2168 struct inet_sock *inet = inet_sk(sk); 2169 struct net *net = sock_net(sk); 2170 int ifindex; 2171 int count = 0; 2172 int err; 2173 2174 ASSERT_RTNL(); 2175 2176 if (!ipv4_is_multicast(addr)) 2177 return -EINVAL; 2178 2179 in_dev = ip_mc_find_dev(net, imr); 2180 2181 if (!in_dev) { 2182 err = -ENODEV; 2183 goto done; 2184 } 2185 2186 err = -EADDRINUSE; 2187 ifindex = imr->imr_ifindex; 2188 for_each_pmc_rtnl(inet, i) { 2189 if (i->multi.imr_multiaddr.s_addr == addr && 2190 i->multi.imr_ifindex == ifindex) 2191 goto done; 2192 count++; 2193 } 2194 err = -ENOBUFS; 2195 if (count >= net->ipv4.sysctl_igmp_max_memberships) 2196 goto done; 2197 iml = sock_kmalloc(sk, sizeof(*iml), GFP_KERNEL); 2198 if (!iml) 2199 goto done; 2200 2201 memcpy(&iml->multi, imr, sizeof(*imr)); 2202 iml->next_rcu = inet->mc_list; 2203 iml->sflist = NULL; 2204 iml->sfmode = mode; 2205 rcu_assign_pointer(inet->mc_list, iml); 2206 ____ip_mc_inc_group(in_dev, addr, mode, GFP_KERNEL); 2207 err = 0; 2208 done: 2209 return err; 2210 } 2211 2212 /* Join ASM (Any-Source Multicast) group 2213 */ 2214 int ip_mc_join_group(struct sock *sk, struct ip_mreqn *imr) 2215 { 2216 return __ip_mc_join_group(sk, imr, MCAST_EXCLUDE); 2217 } 2218 EXPORT_SYMBOL(ip_mc_join_group); 2219 2220 /* Join SSM (Source-Specific Multicast) group 2221 */ 2222 int ip_mc_join_group_ssm(struct sock *sk, struct ip_mreqn *imr, 2223 unsigned int mode) 2224 { 2225 return __ip_mc_join_group(sk, imr, mode); 2226 } 2227 2228 static int ip_mc_leave_src(struct sock *sk, struct ip_mc_socklist *iml, 2229 struct in_device *in_dev) 2230 { 2231 struct ip_sf_socklist *psf = rtnl_dereference(iml->sflist); 2232 int err; 2233 2234 if (!psf) { 2235 /* any-source empty exclude case */ 2236 return ip_mc_del_src(in_dev, &iml->multi.imr_multiaddr.s_addr, 2237 iml->sfmode, 0, NULL, 0); 2238 } 2239 err = ip_mc_del_src(in_dev, &iml->multi.imr_multiaddr.s_addr, 2240 iml->sfmode, psf->sl_count, psf->sl_addr, 0); 2241 RCU_INIT_POINTER(iml->sflist, NULL); 2242 /* decrease mem now to avoid the memleak warning */ 2243 atomic_sub(struct_size(psf, sl_addr, psf->sl_max), &sk->sk_omem_alloc); 2244 kfree_rcu(psf, rcu); 2245 return err; 2246 } 2247 2248 int ip_mc_leave_group(struct sock *sk, struct ip_mreqn *imr) 2249 { 2250 struct inet_sock *inet = inet_sk(sk); 2251 struct ip_mc_socklist *iml; 2252 struct ip_mc_socklist __rcu **imlp; 2253 struct in_device *in_dev; 2254 struct net *net = sock_net(sk); 2255 __be32 group = imr->imr_multiaddr.s_addr; 2256 u32 ifindex; 2257 int ret = -EADDRNOTAVAIL; 2258 2259 ASSERT_RTNL(); 2260 2261 in_dev = ip_mc_find_dev(net, imr); 2262 if (!imr->imr_ifindex && !imr->imr_address.s_addr && !in_dev) { 2263 ret = -ENODEV; 2264 goto out; 2265 } 2266 ifindex = imr->imr_ifindex; 2267 for (imlp = &inet->mc_list; 2268 (iml = rtnl_dereference(*imlp)) != NULL; 2269 imlp = &iml->next_rcu) { 2270 if (iml->multi.imr_multiaddr.s_addr != group) 2271 continue; 2272 if (ifindex) { 2273 if (iml->multi.imr_ifindex != ifindex) 2274 continue; 2275 } else if (imr->imr_address.s_addr && imr->imr_address.s_addr != 2276 iml->multi.imr_address.s_addr) 2277 continue; 2278 2279 (void) ip_mc_leave_src(sk, iml, in_dev); 2280 2281 *imlp = iml->next_rcu; 2282 2283 if (in_dev) 2284 ip_mc_dec_group(in_dev, group); 2285 2286 /* decrease mem now to avoid the memleak warning */ 2287 atomic_sub(sizeof(*iml), &sk->sk_omem_alloc); 2288 kfree_rcu(iml, rcu); 2289 return 0; 2290 } 2291 out: 2292 return ret; 2293 } 2294 EXPORT_SYMBOL(ip_mc_leave_group); 2295 2296 int ip_mc_source(int add, int omode, struct sock *sk, struct 2297 ip_mreq_source *mreqs, int ifindex) 2298 { 2299 int err; 2300 struct ip_mreqn imr; 2301 __be32 addr = mreqs->imr_multiaddr; 2302 struct ip_mc_socklist *pmc; 2303 struct in_device *in_dev = NULL; 2304 struct inet_sock *inet = inet_sk(sk); 2305 struct ip_sf_socklist *psl; 2306 struct net *net = sock_net(sk); 2307 int leavegroup = 0; 2308 int i, j, rv; 2309 2310 if (!ipv4_is_multicast(addr)) 2311 return -EINVAL; 2312 2313 ASSERT_RTNL(); 2314 2315 imr.imr_multiaddr.s_addr = mreqs->imr_multiaddr; 2316 imr.imr_address.s_addr = mreqs->imr_interface; 2317 imr.imr_ifindex = ifindex; 2318 in_dev = ip_mc_find_dev(net, &imr); 2319 2320 if (!in_dev) { 2321 err = -ENODEV; 2322 goto done; 2323 } 2324 err = -EADDRNOTAVAIL; 2325 2326 for_each_pmc_rtnl(inet, pmc) { 2327 if ((pmc->multi.imr_multiaddr.s_addr == 2328 imr.imr_multiaddr.s_addr) && 2329 (pmc->multi.imr_ifindex == imr.imr_ifindex)) 2330 break; 2331 } 2332 if (!pmc) { /* must have a prior join */ 2333 err = -EINVAL; 2334 goto done; 2335 } 2336 /* if a source filter was set, must be the same mode as before */ 2337 if (pmc->sflist) { 2338 if (pmc->sfmode != omode) { 2339 err = -EINVAL; 2340 goto done; 2341 } 2342 } else if (pmc->sfmode != omode) { 2343 /* allow mode switches for empty-set filters */ 2344 ip_mc_add_src(in_dev, &mreqs->imr_multiaddr, omode, 0, NULL, 0); 2345 ip_mc_del_src(in_dev, &mreqs->imr_multiaddr, pmc->sfmode, 0, 2346 NULL, 0); 2347 pmc->sfmode = omode; 2348 } 2349 2350 psl = rtnl_dereference(pmc->sflist); 2351 if (!add) { 2352 if (!psl) 2353 goto done; /* err = -EADDRNOTAVAIL */ 2354 rv = !0; 2355 for (i = 0; i < psl->sl_count; i++) { 2356 rv = memcmp(&psl->sl_addr[i], &mreqs->imr_sourceaddr, 2357 sizeof(__be32)); 2358 if (rv == 0) 2359 break; 2360 } 2361 if (rv) /* source not found */ 2362 goto done; /* err = -EADDRNOTAVAIL */ 2363 2364 /* special case - (INCLUDE, empty) == LEAVE_GROUP */ 2365 if (psl->sl_count == 1 && omode == MCAST_INCLUDE) { 2366 leavegroup = 1; 2367 goto done; 2368 } 2369 2370 /* update the interface filter */ 2371 ip_mc_del_src(in_dev, &mreqs->imr_multiaddr, omode, 1, 2372 &mreqs->imr_sourceaddr, 1); 2373 2374 for (j = i+1; j < psl->sl_count; j++) 2375 psl->sl_addr[j-1] = psl->sl_addr[j]; 2376 psl->sl_count--; 2377 err = 0; 2378 goto done; 2379 } 2380 /* else, add a new source to the filter */ 2381 2382 if (psl && psl->sl_count >= net->ipv4.sysctl_igmp_max_msf) { 2383 err = -ENOBUFS; 2384 goto done; 2385 } 2386 if (!psl || psl->sl_count == psl->sl_max) { 2387 struct ip_sf_socklist *newpsl; 2388 int count = IP_SFBLOCK; 2389 2390 if (psl) 2391 count += psl->sl_max; 2392 newpsl = sock_kmalloc(sk, struct_size(newpsl, sl_addr, count), 2393 GFP_KERNEL); 2394 if (!newpsl) { 2395 err = -ENOBUFS; 2396 goto done; 2397 } 2398 newpsl->sl_max = count; 2399 newpsl->sl_count = count - IP_SFBLOCK; 2400 if (psl) { 2401 for (i = 0; i < psl->sl_count; i++) 2402 newpsl->sl_addr[i] = psl->sl_addr[i]; 2403 /* decrease mem now to avoid the memleak warning */ 2404 atomic_sub(struct_size(psl, sl_addr, psl->sl_max), 2405 &sk->sk_omem_alloc); 2406 kfree_rcu(psl, rcu); 2407 } 2408 rcu_assign_pointer(pmc->sflist, newpsl); 2409 psl = newpsl; 2410 } 2411 rv = 1; /* > 0 for insert logic below if sl_count is 0 */ 2412 for (i = 0; i < psl->sl_count; i++) { 2413 rv = memcmp(&psl->sl_addr[i], &mreqs->imr_sourceaddr, 2414 sizeof(__be32)); 2415 if (rv == 0) 2416 break; 2417 } 2418 if (rv == 0) /* address already there is an error */ 2419 goto done; 2420 for (j = psl->sl_count-1; j >= i; j--) 2421 psl->sl_addr[j+1] = psl->sl_addr[j]; 2422 psl->sl_addr[i] = mreqs->imr_sourceaddr; 2423 psl->sl_count++; 2424 err = 0; 2425 /* update the interface list */ 2426 ip_mc_add_src(in_dev, &mreqs->imr_multiaddr, omode, 1, 2427 &mreqs->imr_sourceaddr, 1); 2428 done: 2429 if (leavegroup) 2430 err = ip_mc_leave_group(sk, &imr); 2431 return err; 2432 } 2433 2434 int ip_mc_msfilter(struct sock *sk, struct ip_msfilter *msf, int ifindex) 2435 { 2436 int err = 0; 2437 struct ip_mreqn imr; 2438 __be32 addr = msf->imsf_multiaddr; 2439 struct ip_mc_socklist *pmc; 2440 struct in_device *in_dev; 2441 struct inet_sock *inet = inet_sk(sk); 2442 struct ip_sf_socklist *newpsl, *psl; 2443 struct net *net = sock_net(sk); 2444 int leavegroup = 0; 2445 2446 if (!ipv4_is_multicast(addr)) 2447 return -EINVAL; 2448 if (msf->imsf_fmode != MCAST_INCLUDE && 2449 msf->imsf_fmode != MCAST_EXCLUDE) 2450 return -EINVAL; 2451 2452 ASSERT_RTNL(); 2453 2454 imr.imr_multiaddr.s_addr = msf->imsf_multiaddr; 2455 imr.imr_address.s_addr = msf->imsf_interface; 2456 imr.imr_ifindex = ifindex; 2457 in_dev = ip_mc_find_dev(net, &imr); 2458 2459 if (!in_dev) { 2460 err = -ENODEV; 2461 goto done; 2462 } 2463 2464 /* special case - (INCLUDE, empty) == LEAVE_GROUP */ 2465 if (msf->imsf_fmode == MCAST_INCLUDE && msf->imsf_numsrc == 0) { 2466 leavegroup = 1; 2467 goto done; 2468 } 2469 2470 for_each_pmc_rtnl(inet, pmc) { 2471 if (pmc->multi.imr_multiaddr.s_addr == msf->imsf_multiaddr && 2472 pmc->multi.imr_ifindex == imr.imr_ifindex) 2473 break; 2474 } 2475 if (!pmc) { /* must have a prior join */ 2476 err = -EINVAL; 2477 goto done; 2478 } 2479 if (msf->imsf_numsrc) { 2480 newpsl = sock_kmalloc(sk, struct_size(newpsl, sl_addr, 2481 msf->imsf_numsrc), 2482 GFP_KERNEL); 2483 if (!newpsl) { 2484 err = -ENOBUFS; 2485 goto done; 2486 } 2487 newpsl->sl_max = newpsl->sl_count = msf->imsf_numsrc; 2488 memcpy(newpsl->sl_addr, msf->imsf_slist_flex, 2489 flex_array_size(msf, imsf_slist_flex, msf->imsf_numsrc)); 2490 err = ip_mc_add_src(in_dev, &msf->imsf_multiaddr, 2491 msf->imsf_fmode, newpsl->sl_count, newpsl->sl_addr, 0); 2492 if (err) { 2493 sock_kfree_s(sk, newpsl, 2494 struct_size(newpsl, sl_addr, 2495 newpsl->sl_max)); 2496 goto done; 2497 } 2498 } else { 2499 newpsl = NULL; 2500 (void) ip_mc_add_src(in_dev, &msf->imsf_multiaddr, 2501 msf->imsf_fmode, 0, NULL, 0); 2502 } 2503 psl = rtnl_dereference(pmc->sflist); 2504 if (psl) { 2505 (void) ip_mc_del_src(in_dev, &msf->imsf_multiaddr, pmc->sfmode, 2506 psl->sl_count, psl->sl_addr, 0); 2507 /* decrease mem now to avoid the memleak warning */ 2508 atomic_sub(struct_size(psl, sl_addr, psl->sl_max), 2509 &sk->sk_omem_alloc); 2510 kfree_rcu(psl, rcu); 2511 } else 2512 (void) ip_mc_del_src(in_dev, &msf->imsf_multiaddr, pmc->sfmode, 2513 0, NULL, 0); 2514 rcu_assign_pointer(pmc->sflist, newpsl); 2515 pmc->sfmode = msf->imsf_fmode; 2516 err = 0; 2517 done: 2518 if (leavegroup) 2519 err = ip_mc_leave_group(sk, &imr); 2520 return err; 2521 } 2522 2523 int ip_mc_msfget(struct sock *sk, struct ip_msfilter *msf, 2524 struct ip_msfilter __user *optval, int __user *optlen) 2525 { 2526 int err, len, count, copycount; 2527 struct ip_mreqn imr; 2528 __be32 addr = msf->imsf_multiaddr; 2529 struct ip_mc_socklist *pmc; 2530 struct in_device *in_dev; 2531 struct inet_sock *inet = inet_sk(sk); 2532 struct ip_sf_socklist *psl; 2533 struct net *net = sock_net(sk); 2534 2535 ASSERT_RTNL(); 2536 2537 if (!ipv4_is_multicast(addr)) 2538 return -EINVAL; 2539 2540 imr.imr_multiaddr.s_addr = msf->imsf_multiaddr; 2541 imr.imr_address.s_addr = msf->imsf_interface; 2542 imr.imr_ifindex = 0; 2543 in_dev = ip_mc_find_dev(net, &imr); 2544 2545 if (!in_dev) { 2546 err = -ENODEV; 2547 goto done; 2548 } 2549 err = -EADDRNOTAVAIL; 2550 2551 for_each_pmc_rtnl(inet, pmc) { 2552 if (pmc->multi.imr_multiaddr.s_addr == msf->imsf_multiaddr && 2553 pmc->multi.imr_ifindex == imr.imr_ifindex) 2554 break; 2555 } 2556 if (!pmc) /* must have a prior join */ 2557 goto done; 2558 msf->imsf_fmode = pmc->sfmode; 2559 psl = rtnl_dereference(pmc->sflist); 2560 if (!psl) { 2561 count = 0; 2562 } else { 2563 count = psl->sl_count; 2564 } 2565 copycount = count < msf->imsf_numsrc ? count : msf->imsf_numsrc; 2566 len = flex_array_size(psl, sl_addr, copycount); 2567 msf->imsf_numsrc = count; 2568 if (put_user(IP_MSFILTER_SIZE(copycount), optlen) || 2569 copy_to_user(optval, msf, IP_MSFILTER_SIZE(0))) { 2570 return -EFAULT; 2571 } 2572 if (len && 2573 copy_to_user(&optval->imsf_slist_flex[0], psl->sl_addr, len)) 2574 return -EFAULT; 2575 return 0; 2576 done: 2577 return err; 2578 } 2579 2580 int ip_mc_gsfget(struct sock *sk, struct group_filter *gsf, 2581 struct sockaddr_storage __user *p) 2582 { 2583 int i, count, copycount; 2584 struct sockaddr_in *psin; 2585 __be32 addr; 2586 struct ip_mc_socklist *pmc; 2587 struct inet_sock *inet = inet_sk(sk); 2588 struct ip_sf_socklist *psl; 2589 2590 ASSERT_RTNL(); 2591 2592 psin = (struct sockaddr_in *)&gsf->gf_group; 2593 if (psin->sin_family != AF_INET) 2594 return -EINVAL; 2595 addr = psin->sin_addr.s_addr; 2596 if (!ipv4_is_multicast(addr)) 2597 return -EINVAL; 2598 2599 for_each_pmc_rtnl(inet, pmc) { 2600 if (pmc->multi.imr_multiaddr.s_addr == addr && 2601 pmc->multi.imr_ifindex == gsf->gf_interface) 2602 break; 2603 } 2604 if (!pmc) /* must have a prior join */ 2605 return -EADDRNOTAVAIL; 2606 gsf->gf_fmode = pmc->sfmode; 2607 psl = rtnl_dereference(pmc->sflist); 2608 count = psl ? psl->sl_count : 0; 2609 copycount = count < gsf->gf_numsrc ? count : gsf->gf_numsrc; 2610 gsf->gf_numsrc = count; 2611 for (i = 0; i < copycount; i++, p++) { 2612 struct sockaddr_storage ss; 2613 2614 psin = (struct sockaddr_in *)&ss; 2615 memset(&ss, 0, sizeof(ss)); 2616 psin->sin_family = AF_INET; 2617 psin->sin_addr.s_addr = psl->sl_addr[i]; 2618 if (copy_to_user(p, &ss, sizeof(ss))) 2619 return -EFAULT; 2620 } 2621 return 0; 2622 } 2623 2624 /* 2625 * check if a multicast source filter allows delivery for a given <src,dst,intf> 2626 */ 2627 int ip_mc_sf_allow(struct sock *sk, __be32 loc_addr, __be32 rmt_addr, 2628 int dif, int sdif) 2629 { 2630 struct inet_sock *inet = inet_sk(sk); 2631 struct ip_mc_socklist *pmc; 2632 struct ip_sf_socklist *psl; 2633 int i; 2634 int ret; 2635 2636 ret = 1; 2637 if (!ipv4_is_multicast(loc_addr)) 2638 goto out; 2639 2640 rcu_read_lock(); 2641 for_each_pmc_rcu(inet, pmc) { 2642 if (pmc->multi.imr_multiaddr.s_addr == loc_addr && 2643 (pmc->multi.imr_ifindex == dif || 2644 (sdif && pmc->multi.imr_ifindex == sdif))) 2645 break; 2646 } 2647 ret = inet->mc_all; 2648 if (!pmc) 2649 goto unlock; 2650 psl = rcu_dereference(pmc->sflist); 2651 ret = (pmc->sfmode == MCAST_EXCLUDE); 2652 if (!psl) 2653 goto unlock; 2654 2655 for (i = 0; i < psl->sl_count; i++) { 2656 if (psl->sl_addr[i] == rmt_addr) 2657 break; 2658 } 2659 ret = 0; 2660 if (pmc->sfmode == MCAST_INCLUDE && i >= psl->sl_count) 2661 goto unlock; 2662 if (pmc->sfmode == MCAST_EXCLUDE && i < psl->sl_count) 2663 goto unlock; 2664 ret = 1; 2665 unlock: 2666 rcu_read_unlock(); 2667 out: 2668 return ret; 2669 } 2670 2671 /* 2672 * A socket is closing. 2673 */ 2674 2675 void ip_mc_drop_socket(struct sock *sk) 2676 { 2677 struct inet_sock *inet = inet_sk(sk); 2678 struct ip_mc_socklist *iml; 2679 struct net *net = sock_net(sk); 2680 2681 if (!inet->mc_list) 2682 return; 2683 2684 rtnl_lock(); 2685 while ((iml = rtnl_dereference(inet->mc_list)) != NULL) { 2686 struct in_device *in_dev; 2687 2688 inet->mc_list = iml->next_rcu; 2689 in_dev = inetdev_by_index(net, iml->multi.imr_ifindex); 2690 (void) ip_mc_leave_src(sk, iml, in_dev); 2691 if (in_dev) 2692 ip_mc_dec_group(in_dev, iml->multi.imr_multiaddr.s_addr); 2693 /* decrease mem now to avoid the memleak warning */ 2694 atomic_sub(sizeof(*iml), &sk->sk_omem_alloc); 2695 kfree_rcu(iml, rcu); 2696 } 2697 rtnl_unlock(); 2698 } 2699 2700 /* called with rcu_read_lock() */ 2701 int ip_check_mc_rcu(struct in_device *in_dev, __be32 mc_addr, __be32 src_addr, u8 proto) 2702 { 2703 struct ip_mc_list *im; 2704 struct ip_mc_list __rcu **mc_hash; 2705 struct ip_sf_list *psf; 2706 int rv = 0; 2707 2708 mc_hash = rcu_dereference(in_dev->mc_hash); 2709 if (mc_hash) { 2710 u32 hash = hash_32((__force u32)mc_addr, MC_HASH_SZ_LOG); 2711 2712 for (im = rcu_dereference(mc_hash[hash]); 2713 im != NULL; 2714 im = rcu_dereference(im->next_hash)) { 2715 if (im->multiaddr == mc_addr) 2716 break; 2717 } 2718 } else { 2719 for_each_pmc_rcu(in_dev, im) { 2720 if (im->multiaddr == mc_addr) 2721 break; 2722 } 2723 } 2724 if (im && proto == IPPROTO_IGMP) { 2725 rv = 1; 2726 } else if (im) { 2727 if (src_addr) { 2728 spin_lock_bh(&im->lock); 2729 for (psf = im->sources; psf; psf = psf->sf_next) { 2730 if (psf->sf_inaddr == src_addr) 2731 break; 2732 } 2733 if (psf) 2734 rv = psf->sf_count[MCAST_INCLUDE] || 2735 psf->sf_count[MCAST_EXCLUDE] != 2736 im->sfcount[MCAST_EXCLUDE]; 2737 else 2738 rv = im->sfcount[MCAST_EXCLUDE] != 0; 2739 spin_unlock_bh(&im->lock); 2740 } else 2741 rv = 1; /* unspecified source; tentatively allow */ 2742 } 2743 return rv; 2744 } 2745 2746 #if defined(CONFIG_PROC_FS) 2747 struct igmp_mc_iter_state { 2748 struct seq_net_private p; 2749 struct net_device *dev; 2750 struct in_device *in_dev; 2751 }; 2752 2753 #define igmp_mc_seq_private(seq) ((struct igmp_mc_iter_state *)(seq)->private) 2754 2755 static inline struct ip_mc_list *igmp_mc_get_first(struct seq_file *seq) 2756 { 2757 struct net *net = seq_file_net(seq); 2758 struct ip_mc_list *im = NULL; 2759 struct igmp_mc_iter_state *state = igmp_mc_seq_private(seq); 2760 2761 state->in_dev = NULL; 2762 for_each_netdev_rcu(net, state->dev) { 2763 struct in_device *in_dev; 2764 2765 in_dev = __in_dev_get_rcu(state->dev); 2766 if (!in_dev) 2767 continue; 2768 im = rcu_dereference(in_dev->mc_list); 2769 if (im) { 2770 state->in_dev = in_dev; 2771 break; 2772 } 2773 } 2774 return im; 2775 } 2776 2777 static struct ip_mc_list *igmp_mc_get_next(struct seq_file *seq, struct ip_mc_list *im) 2778 { 2779 struct igmp_mc_iter_state *state = igmp_mc_seq_private(seq); 2780 2781 im = rcu_dereference(im->next_rcu); 2782 while (!im) { 2783 state->dev = next_net_device_rcu(state->dev); 2784 if (!state->dev) { 2785 state->in_dev = NULL; 2786 break; 2787 } 2788 state->in_dev = __in_dev_get_rcu(state->dev); 2789 if (!state->in_dev) 2790 continue; 2791 im = rcu_dereference(state->in_dev->mc_list); 2792 } 2793 return im; 2794 } 2795 2796 static struct ip_mc_list *igmp_mc_get_idx(struct seq_file *seq, loff_t pos) 2797 { 2798 struct ip_mc_list *im = igmp_mc_get_first(seq); 2799 if (im) 2800 while (pos && (im = igmp_mc_get_next(seq, im)) != NULL) 2801 --pos; 2802 return pos ? NULL : im; 2803 } 2804 2805 static void *igmp_mc_seq_start(struct seq_file *seq, loff_t *pos) 2806 __acquires(rcu) 2807 { 2808 rcu_read_lock(); 2809 return *pos ? igmp_mc_get_idx(seq, *pos - 1) : SEQ_START_TOKEN; 2810 } 2811 2812 static void *igmp_mc_seq_next(struct seq_file *seq, void *v, loff_t *pos) 2813 { 2814 struct ip_mc_list *im; 2815 if (v == SEQ_START_TOKEN) 2816 im = igmp_mc_get_first(seq); 2817 else 2818 im = igmp_mc_get_next(seq, v); 2819 ++*pos; 2820 return im; 2821 } 2822 2823 static void igmp_mc_seq_stop(struct seq_file *seq, void *v) 2824 __releases(rcu) 2825 { 2826 struct igmp_mc_iter_state *state = igmp_mc_seq_private(seq); 2827 2828 state->in_dev = NULL; 2829 state->dev = NULL; 2830 rcu_read_unlock(); 2831 } 2832 2833 static int igmp_mc_seq_show(struct seq_file *seq, void *v) 2834 { 2835 if (v == SEQ_START_TOKEN) 2836 seq_puts(seq, 2837 "Idx\tDevice : Count Querier\tGroup Users Timer\tReporter\n"); 2838 else { 2839 struct ip_mc_list *im = (struct ip_mc_list *)v; 2840 struct igmp_mc_iter_state *state = igmp_mc_seq_private(seq); 2841 char *querier; 2842 long delta; 2843 2844 #ifdef CONFIG_IP_MULTICAST 2845 querier = IGMP_V1_SEEN(state->in_dev) ? "V1" : 2846 IGMP_V2_SEEN(state->in_dev) ? "V2" : 2847 "V3"; 2848 #else 2849 querier = "NONE"; 2850 #endif 2851 2852 if (rcu_access_pointer(state->in_dev->mc_list) == im) { 2853 seq_printf(seq, "%d\t%-10s: %5d %7s\n", 2854 state->dev->ifindex, state->dev->name, state->in_dev->mc_count, querier); 2855 } 2856 2857 delta = im->timer.expires - jiffies; 2858 seq_printf(seq, 2859 "\t\t\t\t%08X %5d %d:%08lX\t\t%d\n", 2860 im->multiaddr, im->users, 2861 im->tm_running, 2862 im->tm_running ? jiffies_delta_to_clock_t(delta) : 0, 2863 im->reporter); 2864 } 2865 return 0; 2866 } 2867 2868 static const struct seq_operations igmp_mc_seq_ops = { 2869 .start = igmp_mc_seq_start, 2870 .next = igmp_mc_seq_next, 2871 .stop = igmp_mc_seq_stop, 2872 .show = igmp_mc_seq_show, 2873 }; 2874 2875 struct igmp_mcf_iter_state { 2876 struct seq_net_private p; 2877 struct net_device *dev; 2878 struct in_device *idev; 2879 struct ip_mc_list *im; 2880 }; 2881 2882 #define igmp_mcf_seq_private(seq) ((struct igmp_mcf_iter_state *)(seq)->private) 2883 2884 static inline struct ip_sf_list *igmp_mcf_get_first(struct seq_file *seq) 2885 { 2886 struct net *net = seq_file_net(seq); 2887 struct ip_sf_list *psf = NULL; 2888 struct ip_mc_list *im = NULL; 2889 struct igmp_mcf_iter_state *state = igmp_mcf_seq_private(seq); 2890 2891 state->idev = NULL; 2892 state->im = NULL; 2893 for_each_netdev_rcu(net, state->dev) { 2894 struct in_device *idev; 2895 idev = __in_dev_get_rcu(state->dev); 2896 if (unlikely(!idev)) 2897 continue; 2898 im = rcu_dereference(idev->mc_list); 2899 if (likely(im)) { 2900 spin_lock_bh(&im->lock); 2901 psf = im->sources; 2902 if (likely(psf)) { 2903 state->im = im; 2904 state->idev = idev; 2905 break; 2906 } 2907 spin_unlock_bh(&im->lock); 2908 } 2909 } 2910 return psf; 2911 } 2912 2913 static struct ip_sf_list *igmp_mcf_get_next(struct seq_file *seq, struct ip_sf_list *psf) 2914 { 2915 struct igmp_mcf_iter_state *state = igmp_mcf_seq_private(seq); 2916 2917 psf = psf->sf_next; 2918 while (!psf) { 2919 spin_unlock_bh(&state->im->lock); 2920 state->im = state->im->next; 2921 while (!state->im) { 2922 state->dev = next_net_device_rcu(state->dev); 2923 if (!state->dev) { 2924 state->idev = NULL; 2925 goto out; 2926 } 2927 state->idev = __in_dev_get_rcu(state->dev); 2928 if (!state->idev) 2929 continue; 2930 state->im = rcu_dereference(state->idev->mc_list); 2931 } 2932 if (!state->im) 2933 break; 2934 spin_lock_bh(&state->im->lock); 2935 psf = state->im->sources; 2936 } 2937 out: 2938 return psf; 2939 } 2940 2941 static struct ip_sf_list *igmp_mcf_get_idx(struct seq_file *seq, loff_t pos) 2942 { 2943 struct ip_sf_list *psf = igmp_mcf_get_first(seq); 2944 if (psf) 2945 while (pos && (psf = igmp_mcf_get_next(seq, psf)) != NULL) 2946 --pos; 2947 return pos ? NULL : psf; 2948 } 2949 2950 static void *igmp_mcf_seq_start(struct seq_file *seq, loff_t *pos) 2951 __acquires(rcu) 2952 { 2953 rcu_read_lock(); 2954 return *pos ? igmp_mcf_get_idx(seq, *pos - 1) : SEQ_START_TOKEN; 2955 } 2956 2957 static void *igmp_mcf_seq_next(struct seq_file *seq, void *v, loff_t *pos) 2958 { 2959 struct ip_sf_list *psf; 2960 if (v == SEQ_START_TOKEN) 2961 psf = igmp_mcf_get_first(seq); 2962 else 2963 psf = igmp_mcf_get_next(seq, v); 2964 ++*pos; 2965 return psf; 2966 } 2967 2968 static void igmp_mcf_seq_stop(struct seq_file *seq, void *v) 2969 __releases(rcu) 2970 { 2971 struct igmp_mcf_iter_state *state = igmp_mcf_seq_private(seq); 2972 if (likely(state->im)) { 2973 spin_unlock_bh(&state->im->lock); 2974 state->im = NULL; 2975 } 2976 state->idev = NULL; 2977 state->dev = NULL; 2978 rcu_read_unlock(); 2979 } 2980 2981 static int igmp_mcf_seq_show(struct seq_file *seq, void *v) 2982 { 2983 struct ip_sf_list *psf = (struct ip_sf_list *)v; 2984 struct igmp_mcf_iter_state *state = igmp_mcf_seq_private(seq); 2985 2986 if (v == SEQ_START_TOKEN) { 2987 seq_puts(seq, "Idx Device MCA SRC INC EXC\n"); 2988 } else { 2989 seq_printf(seq, 2990 "%3d %6.6s 0x%08x " 2991 "0x%08x %6lu %6lu\n", 2992 state->dev->ifindex, state->dev->name, 2993 ntohl(state->im->multiaddr), 2994 ntohl(psf->sf_inaddr), 2995 psf->sf_count[MCAST_INCLUDE], 2996 psf->sf_count[MCAST_EXCLUDE]); 2997 } 2998 return 0; 2999 } 3000 3001 static const struct seq_operations igmp_mcf_seq_ops = { 3002 .start = igmp_mcf_seq_start, 3003 .next = igmp_mcf_seq_next, 3004 .stop = igmp_mcf_seq_stop, 3005 .show = igmp_mcf_seq_show, 3006 }; 3007 3008 static int __net_init igmp_net_init(struct net *net) 3009 { 3010 struct proc_dir_entry *pde; 3011 int err; 3012 3013 pde = proc_create_net("igmp", 0444, net->proc_net, &igmp_mc_seq_ops, 3014 sizeof(struct igmp_mc_iter_state)); 3015 if (!pde) 3016 goto out_igmp; 3017 pde = proc_create_net("mcfilter", 0444, net->proc_net, 3018 &igmp_mcf_seq_ops, sizeof(struct igmp_mcf_iter_state)); 3019 if (!pde) 3020 goto out_mcfilter; 3021 err = inet_ctl_sock_create(&net->ipv4.mc_autojoin_sk, AF_INET, 3022 SOCK_DGRAM, 0, net); 3023 if (err < 0) { 3024 pr_err("Failed to initialize the IGMP autojoin socket (err %d)\n", 3025 err); 3026 goto out_sock; 3027 } 3028 3029 return 0; 3030 3031 out_sock: 3032 remove_proc_entry("mcfilter", net->proc_net); 3033 out_mcfilter: 3034 remove_proc_entry("igmp", net->proc_net); 3035 out_igmp: 3036 return -ENOMEM; 3037 } 3038 3039 static void __net_exit igmp_net_exit(struct net *net) 3040 { 3041 remove_proc_entry("mcfilter", net->proc_net); 3042 remove_proc_entry("igmp", net->proc_net); 3043 inet_ctl_sock_destroy(net->ipv4.mc_autojoin_sk); 3044 } 3045 3046 static struct pernet_operations igmp_net_ops = { 3047 .init = igmp_net_init, 3048 .exit = igmp_net_exit, 3049 }; 3050 #endif 3051 3052 static int igmp_netdev_event(struct notifier_block *this, 3053 unsigned long event, void *ptr) 3054 { 3055 struct net_device *dev = netdev_notifier_info_to_dev(ptr); 3056 struct in_device *in_dev; 3057 3058 switch (event) { 3059 case NETDEV_RESEND_IGMP: 3060 in_dev = __in_dev_get_rtnl(dev); 3061 if (in_dev) 3062 ip_mc_rejoin_groups(in_dev); 3063 break; 3064 default: 3065 break; 3066 } 3067 return NOTIFY_DONE; 3068 } 3069 3070 static struct notifier_block igmp_notifier = { 3071 .notifier_call = igmp_netdev_event, 3072 }; 3073 3074 int __init igmp_mc_init(void) 3075 { 3076 #if defined(CONFIG_PROC_FS) 3077 int err; 3078 3079 err = register_pernet_subsys(&igmp_net_ops); 3080 if (err) 3081 return err; 3082 err = register_netdevice_notifier(&igmp_notifier); 3083 if (err) 3084 goto reg_notif_fail; 3085 return 0; 3086 3087 reg_notif_fail: 3088 unregister_pernet_subsys(&igmp_net_ops); 3089 return err; 3090 #else 3091 return register_netdevice_notifier(&igmp_notifier); 3092 #endif 3093 } 3094