1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * Linux NET3: Internet Group Management Protocol [IGMP] 4 * 5 * This code implements the IGMP protocol as defined in RFC1112. There has 6 * been a further revision of this protocol since which is now supported. 7 * 8 * If you have trouble with this module be careful what gcc you have used, 9 * the older version didn't come out right using gcc 2.5.8, the newer one 10 * seems to fall out with gcc 2.6.2. 11 * 12 * Authors: 13 * Alan Cox <alan@lxorguk.ukuu.org.uk> 14 * 15 * Fixes: 16 * 17 * Alan Cox : Added lots of __inline__ to optimise 18 * the memory usage of all the tiny little 19 * functions. 20 * Alan Cox : Dumped the header building experiment. 21 * Alan Cox : Minor tweaks ready for multicast routing 22 * and extended IGMP protocol. 23 * Alan Cox : Removed a load of inline directives. Gcc 2.5.8 24 * writes utterly bogus code otherwise (sigh) 25 * fixed IGMP loopback to behave in the manner 26 * desired by mrouted, fixed the fact it has been 27 * broken since 1.3.6 and cleaned up a few minor 28 * points. 29 * 30 * Chih-Jen Chang : Tried to revise IGMP to Version 2 31 * Tsu-Sheng Tsao E-mail: chihjenc@scf.usc.edu and tsusheng@scf.usc.edu 32 * The enhancements are mainly based on Steve Deering's 33 * ipmulti-3.5 source code. 34 * Chih-Jen Chang : Added the igmp_get_mrouter_info and 35 * Tsu-Sheng Tsao igmp_set_mrouter_info to keep track of 36 * the mrouted version on that device. 37 * Chih-Jen Chang : Added the max_resp_time parameter to 38 * Tsu-Sheng Tsao igmp_heard_query(). Using this parameter 39 * to identify the multicast router version 40 * and do what the IGMP version 2 specified. 41 * Chih-Jen Chang : Added a timer to revert to IGMP V2 router 42 * Tsu-Sheng Tsao if the specified time expired. 43 * Alan Cox : Stop IGMP from 0.0.0.0 being accepted. 44 * Alan Cox : Use GFP_ATOMIC in the right places. 45 * Christian Daudt : igmp timer wasn't set for local group 46 * memberships but was being deleted, 47 * which caused a "del_timer() called 48 * from %p with timer not initialized\n" 49 * message (960131). 50 * Christian Daudt : removed del_timer from 51 * igmp_timer_expire function (960205). 52 * Christian Daudt : igmp_heard_report now only calls 53 * igmp_timer_expire if tm->running is 54 * true (960216). 55 * Malcolm Beattie : ttl comparison wrong in igmp_rcv made 56 * igmp_heard_query never trigger. Expiry 57 * miscalculation fixed in igmp_heard_query 58 * and random() made to return unsigned to 59 * prevent negative expiry times. 60 * Alexey Kuznetsov: Wrong group leaving behaviour, backport 61 * fix from pending 2.1.x patches. 62 * Alan Cox: Forget to enable FDDI support earlier. 63 * Alexey Kuznetsov: Fixed leaving groups on device down. 64 * Alexey Kuznetsov: Accordance to igmp-v2-06 draft. 65 * David L Stevens: IGMPv3 support, with help from 66 * Vinay Kulkarni 67 */ 68 69 #include <linux/module.h> 70 #include <linux/slab.h> 71 #include <linux/uaccess.h> 72 #include <linux/types.h> 73 #include <linux/kernel.h> 74 #include <linux/jiffies.h> 75 #include <linux/string.h> 76 #include <linux/socket.h> 77 #include <linux/sockios.h> 78 #include <linux/in.h> 79 #include <linux/inet.h> 80 #include <linux/netdevice.h> 81 #include <linux/skbuff.h> 82 #include <linux/inetdevice.h> 83 #include <linux/igmp.h> 84 #include "igmp_internal.h" 85 #include <linux/if_arp.h> 86 #include <linux/rtnetlink.h> 87 #include <linux/times.h> 88 #include <linux/pkt_sched.h> 89 #include <linux/byteorder/generic.h> 90 91 #include <net/net_namespace.h> 92 #include <net/netlink.h> 93 #include <net/addrconf.h> 94 #include <net/arp.h> 95 #include <net/ip.h> 96 #include <net/protocol.h> 97 #include <net/route.h> 98 #include <net/sock.h> 99 #include <net/checksum.h> 100 #include <net/inet_common.h> 101 #include <linux/netfilter_ipv4.h> 102 #ifdef CONFIG_IP_MROUTE 103 #include <linux/mroute.h> 104 #endif 105 #ifdef CONFIG_PROC_FS 106 #include <linux/proc_fs.h> 107 #include <linux/seq_file.h> 108 #endif 109 110 #ifdef CONFIG_IP_MULTICAST 111 /* Parameter names and values are taken from igmp-v2-06 draft */ 112 113 #define IGMP_QUERY_INTERVAL (125*HZ) 114 #define IGMP_QUERY_RESPONSE_INTERVAL (10*HZ) 115 116 #define IGMP_INITIAL_REPORT_DELAY (1) 117 118 /* IGMP_INITIAL_REPORT_DELAY is not from IGMP specs! 119 * IGMP specs require to report membership immediately after 120 * joining a group, but we delay the first report by a 121 * small interval. It seems more natural and still does not 122 * contradict to specs provided this delay is small enough. 123 */ 124 125 #define IGMP_V1_SEEN(in_dev) \ 126 (IPV4_DEVCONF_ALL_RO(dev_net(in_dev->dev), FORCE_IGMP_VERSION) == 1 || \ 127 IN_DEV_CONF_GET((in_dev), FORCE_IGMP_VERSION) == 1 || \ 128 ((in_dev)->mr_v1_seen && \ 129 time_before(jiffies, (in_dev)->mr_v1_seen))) 130 #define IGMP_V2_SEEN(in_dev) \ 131 (IPV4_DEVCONF_ALL_RO(dev_net(in_dev->dev), FORCE_IGMP_VERSION) == 2 || \ 132 IN_DEV_CONF_GET((in_dev), FORCE_IGMP_VERSION) == 2 || \ 133 ((in_dev)->mr_v2_seen && \ 134 time_before(jiffies, (in_dev)->mr_v2_seen))) 135 136 static int unsolicited_report_interval(struct in_device *in_dev) 137 { 138 int interval_ms, interval_jiffies; 139 140 if (IGMP_V1_SEEN(in_dev) || IGMP_V2_SEEN(in_dev)) 141 interval_ms = IN_DEV_CONF_GET( 142 in_dev, 143 IGMPV2_UNSOLICITED_REPORT_INTERVAL); 144 else /* v3 */ 145 interval_ms = IN_DEV_CONF_GET( 146 in_dev, 147 IGMPV3_UNSOLICITED_REPORT_INTERVAL); 148 149 interval_jiffies = msecs_to_jiffies(interval_ms); 150 151 /* _timer functions can't handle a delay of 0 jiffies so ensure 152 * we always return a positive value. 153 */ 154 if (interval_jiffies <= 0) 155 interval_jiffies = 1; 156 return interval_jiffies; 157 } 158 159 static void igmpv3_add_delrec(struct in_device *in_dev, struct ip_mc_list *im, 160 gfp_t gfp); 161 static void igmpv3_del_delrec(struct in_device *in_dev, struct ip_mc_list *im); 162 static void igmpv3_clear_delrec(struct in_device *in_dev); 163 static int sf_setstate(struct ip_mc_list *pmc); 164 static void sf_markstate(struct ip_mc_list *pmc); 165 #endif 166 static void ip_mc_clear_src(struct ip_mc_list *pmc); 167 static int ip_mc_add_src(struct in_device *in_dev, __be32 *pmca, int sfmode, 168 int sfcount, __be32 *psfsrc, int delta); 169 170 static void ip_ma_put(struct ip_mc_list *im) 171 { 172 if (refcount_dec_and_test(&im->refcnt)) { 173 in_dev_put(im->interface); 174 kfree_rcu(im, rcu); 175 } 176 } 177 178 #define for_each_pmc_rcu(in_dev, pmc) \ 179 for (pmc = rcu_dereference(in_dev->mc_list); \ 180 pmc != NULL; \ 181 pmc = rcu_dereference(pmc->next_rcu)) 182 183 #define for_each_pmc_rtnl(in_dev, pmc) \ 184 for (pmc = rtnl_dereference(in_dev->mc_list); \ 185 pmc != NULL; \ 186 pmc = rtnl_dereference(pmc->next_rcu)) 187 188 static void ip_sf_list_clear_all(struct ip_sf_list *psf) 189 { 190 struct ip_sf_list *next; 191 192 while (psf) { 193 next = psf->sf_next; 194 kfree(psf); 195 psf = next; 196 } 197 } 198 199 #ifdef CONFIG_IP_MULTICAST 200 201 /* 202 * Timer management 203 */ 204 205 static void igmp_stop_timer(struct ip_mc_list *im) 206 { 207 spin_lock_bh(&im->lock); 208 if (timer_delete(&im->timer)) 209 refcount_dec(&im->refcnt); 210 im->tm_running = 0; 211 im->reporter = 0; 212 im->unsolicit_count = 0; 213 spin_unlock_bh(&im->lock); 214 } 215 216 /* It must be called with locked im->lock */ 217 static void igmp_start_timer(struct ip_mc_list *im, int max_delay) 218 { 219 int tv = get_random_u32_below(max_delay); 220 221 im->tm_running = 1; 222 if (refcount_inc_not_zero(&im->refcnt)) { 223 if (mod_timer(&im->timer, jiffies + tv + 2)) 224 ip_ma_put(im); 225 } 226 } 227 228 static void igmp_gq_start_timer(struct in_device *in_dev) 229 { 230 int tv = get_random_u32_below(in_dev->mr_maxdelay); 231 unsigned long exp = jiffies + tv + 2; 232 233 if (in_dev->mr_gq_running && 234 time_after_eq(exp, (in_dev->mr_gq_timer).expires)) 235 return; 236 237 in_dev->mr_gq_running = 1; 238 if (!mod_timer(&in_dev->mr_gq_timer, exp)) 239 in_dev_hold(in_dev); 240 } 241 242 static void igmp_ifc_start_timer(struct in_device *in_dev, int delay) 243 { 244 int tv = get_random_u32_below(delay); 245 246 if (!mod_timer(&in_dev->mr_ifc_timer, jiffies+tv+2)) 247 in_dev_hold(in_dev); 248 } 249 250 static void igmp_mod_timer(struct ip_mc_list *im, int max_delay) 251 { 252 spin_lock_bh(&im->lock); 253 im->unsolicit_count = 0; 254 if (timer_delete(&im->timer)) { 255 if ((long)(im->timer.expires-jiffies) < max_delay) { 256 add_timer(&im->timer); 257 im->tm_running = 1; 258 spin_unlock_bh(&im->lock); 259 return; 260 } 261 refcount_dec(&im->refcnt); 262 } 263 igmp_start_timer(im, max_delay); 264 spin_unlock_bh(&im->lock); 265 } 266 267 268 /* 269 * Send an IGMP report. 270 */ 271 272 #define IGMP_SIZE (sizeof(struct igmphdr)+sizeof(struct iphdr)+4) 273 274 275 static int is_in(struct ip_mc_list *pmc, struct ip_sf_list *psf, int type, 276 int gdeleted, int sdeleted) 277 { 278 switch (type) { 279 case IGMPV3_MODE_IS_INCLUDE: 280 case IGMPV3_MODE_IS_EXCLUDE: 281 if (gdeleted || sdeleted) 282 return 0; 283 if (!(pmc->gsquery && !psf->sf_gsresp)) { 284 if (pmc->sfmode == MCAST_INCLUDE) 285 return 1; 286 /* don't include if this source is excluded 287 * in all filters 288 */ 289 if (psf->sf_count[MCAST_INCLUDE]) 290 return type == IGMPV3_MODE_IS_INCLUDE; 291 return pmc->sfcount[MCAST_EXCLUDE] == 292 psf->sf_count[MCAST_EXCLUDE]; 293 } 294 return 0; 295 case IGMPV3_CHANGE_TO_INCLUDE: 296 if (gdeleted || sdeleted) 297 return 0; 298 return psf->sf_count[MCAST_INCLUDE] != 0; 299 case IGMPV3_CHANGE_TO_EXCLUDE: 300 if (gdeleted || sdeleted) 301 return 0; 302 if (pmc->sfcount[MCAST_EXCLUDE] == 0 || 303 psf->sf_count[MCAST_INCLUDE]) 304 return 0; 305 return pmc->sfcount[MCAST_EXCLUDE] == 306 psf->sf_count[MCAST_EXCLUDE]; 307 case IGMPV3_ALLOW_NEW_SOURCES: 308 if (gdeleted || !psf->sf_crcount) 309 return 0; 310 return (pmc->sfmode == MCAST_INCLUDE) ^ sdeleted; 311 case IGMPV3_BLOCK_OLD_SOURCES: 312 if (pmc->sfmode == MCAST_INCLUDE) 313 return gdeleted || (psf->sf_crcount && sdeleted); 314 return psf->sf_crcount && !gdeleted && !sdeleted; 315 } 316 return 0; 317 } 318 319 static int 320 igmp_scount(struct ip_mc_list *pmc, int type, int gdeleted, int sdeleted) 321 { 322 struct ip_sf_list *psf; 323 int scount = 0; 324 325 for (psf = pmc->sources; psf; psf = psf->sf_next) { 326 if (!is_in(pmc, psf, type, gdeleted, sdeleted)) 327 continue; 328 scount++; 329 } 330 return scount; 331 } 332 333 /* source address selection per RFC 3376 section 4.2.13 */ 334 static __be32 igmpv3_get_srcaddr(struct net_device *dev, 335 const struct flowi4 *fl4) 336 { 337 struct in_device *in_dev = __in_dev_get_rcu(dev); 338 const struct in_ifaddr *ifa; 339 340 if (!in_dev) 341 return htonl(INADDR_ANY); 342 343 in_dev_for_each_ifa_rcu(ifa, in_dev) { 344 if (fl4->saddr == ifa->ifa_local) 345 return fl4->saddr; 346 } 347 348 return htonl(INADDR_ANY); 349 } 350 351 static struct sk_buff *igmpv3_newpack(struct net_device *dev, unsigned int mtu) 352 { 353 struct sk_buff *skb; 354 struct rtable *rt; 355 struct iphdr *pip; 356 struct igmpv3_report *pig; 357 struct net *net = dev_net(dev); 358 struct flowi4 fl4; 359 int hlen = LL_RESERVED_SPACE(dev); 360 int tlen = dev->needed_tailroom; 361 unsigned int size; 362 363 size = min(mtu, IP_MAX_MTU); 364 while (1) { 365 skb = alloc_skb(size + hlen + tlen, 366 GFP_ATOMIC | __GFP_NOWARN); 367 if (skb) 368 break; 369 size >>= 1; 370 if (size < 256) 371 return NULL; 372 } 373 skb->priority = TC_PRIO_CONTROL; 374 375 rt = ip_route_output_ports(net, &fl4, NULL, IGMPV3_ALL_MCR, 0, 376 0, 0, 377 IPPROTO_IGMP, 0, dev->ifindex); 378 if (IS_ERR(rt)) { 379 kfree_skb(skb); 380 return NULL; 381 } 382 383 skb_dst_set(skb, &rt->dst); 384 skb->dev = dev; 385 386 skb_reserve(skb, hlen); 387 skb_tailroom_reserve(skb, mtu, tlen); 388 389 skb_reset_network_header(skb); 390 pip = ip_hdr(skb); 391 skb_put(skb, sizeof(struct iphdr) + 4); 392 393 pip->version = 4; 394 pip->ihl = (sizeof(struct iphdr)+4)>>2; 395 pip->tos = 0xc0; 396 pip->frag_off = htons(IP_DF); 397 pip->ttl = 1; 398 pip->daddr = fl4.daddr; 399 400 rcu_read_lock(); 401 pip->saddr = igmpv3_get_srcaddr(dev, &fl4); 402 rcu_read_unlock(); 403 404 pip->protocol = IPPROTO_IGMP; 405 pip->tot_len = 0; /* filled in later */ 406 ip_select_ident(net, skb, NULL); 407 ((u8 *)&pip[1])[0] = IPOPT_RA; 408 ((u8 *)&pip[1])[1] = 4; 409 ((u8 *)&pip[1])[2] = 0; 410 ((u8 *)&pip[1])[3] = 0; 411 412 skb->transport_header = skb->network_header + sizeof(struct iphdr) + 4; 413 skb_put(skb, sizeof(*pig)); 414 pig = igmpv3_report_hdr(skb); 415 pig->type = IGMPV3_HOST_MEMBERSHIP_REPORT; 416 pig->resv1 = 0; 417 pig->csum = 0; 418 pig->resv2 = 0; 419 pig->ngrec = 0; 420 return skb; 421 } 422 423 static int igmpv3_sendpack(struct sk_buff *skb) 424 { 425 struct igmphdr *pig = igmp_hdr(skb); 426 const int igmplen = skb_tail_pointer(skb) - skb_transport_header(skb); 427 428 pig->csum = ip_compute_csum(igmp_hdr(skb), igmplen); 429 430 return ip_local_out(dev_net(skb_dst(skb)->dev), skb->sk, skb); 431 } 432 433 static int grec_size(struct ip_mc_list *pmc, int type, int gdel, int sdel) 434 { 435 return sizeof(struct igmpv3_grec) + 4*igmp_scount(pmc, type, gdel, sdel); 436 } 437 438 static struct sk_buff *add_grhead(struct sk_buff *skb, struct ip_mc_list *pmc, 439 int type, struct igmpv3_grec **ppgr, unsigned int mtu) 440 { 441 struct net_device *dev = pmc->interface->dev; 442 struct igmpv3_report *pih; 443 struct igmpv3_grec *pgr; 444 445 if (!skb) { 446 skb = igmpv3_newpack(dev, mtu); 447 if (!skb) 448 return NULL; 449 } 450 pgr = skb_put(skb, sizeof(struct igmpv3_grec)); 451 pgr->grec_type = type; 452 pgr->grec_auxwords = 0; 453 pgr->grec_nsrcs = 0; 454 pgr->grec_mca = pmc->multiaddr; 455 pih = igmpv3_report_hdr(skb); 456 pih->ngrec = htons(ntohs(pih->ngrec)+1); 457 *ppgr = pgr; 458 return skb; 459 } 460 461 #define AVAILABLE(skb) ((skb) ? skb_availroom(skb) : 0) 462 463 static struct sk_buff *add_grec(struct sk_buff *skb, struct ip_mc_list *pmc, 464 int type, int gdeleted, int sdeleted) 465 { 466 struct net_device *dev = pmc->interface->dev; 467 struct net *net = dev_net(dev); 468 struct igmpv3_report *pih; 469 struct igmpv3_grec *pgr = NULL; 470 struct ip_sf_list *psf, *psf_next, *psf_prev, **psf_list; 471 int scount, stotal, first, isquery, truncate; 472 unsigned int mtu; 473 474 if (pmc->multiaddr == IGMP_ALL_HOSTS) 475 return skb; 476 if (ipv4_is_local_multicast(pmc->multiaddr) && 477 !READ_ONCE(net->ipv4.sysctl_igmp_llm_reports)) 478 return skb; 479 480 mtu = READ_ONCE(dev->mtu); 481 if (mtu < IPV4_MIN_MTU) 482 return skb; 483 484 isquery = type == IGMPV3_MODE_IS_INCLUDE || 485 type == IGMPV3_MODE_IS_EXCLUDE; 486 truncate = type == IGMPV3_MODE_IS_EXCLUDE || 487 type == IGMPV3_CHANGE_TO_EXCLUDE; 488 489 stotal = scount = 0; 490 491 psf_list = sdeleted ? &pmc->tomb : &pmc->sources; 492 493 if (!*psf_list) 494 goto empty_source; 495 496 pih = skb ? igmpv3_report_hdr(skb) : NULL; 497 498 /* EX and TO_EX get a fresh packet, if needed */ 499 if (truncate) { 500 if (pih && pih->ngrec && 501 AVAILABLE(skb) < grec_size(pmc, type, gdeleted, sdeleted)) { 502 if (skb) 503 igmpv3_sendpack(skb); 504 skb = igmpv3_newpack(dev, mtu); 505 } 506 } 507 first = 1; 508 psf_prev = NULL; 509 for (psf = *psf_list; psf; psf = psf_next) { 510 __be32 *psrc; 511 512 psf_next = psf->sf_next; 513 514 if (!is_in(pmc, psf, type, gdeleted, sdeleted)) { 515 psf_prev = psf; 516 continue; 517 } 518 519 /* Based on RFC3376 5.1. Should not send source-list change 520 * records when there is a filter mode change. 521 */ 522 if (((gdeleted && pmc->sfmode == MCAST_EXCLUDE) || 523 (!gdeleted && pmc->crcount)) && 524 (type == IGMPV3_ALLOW_NEW_SOURCES || 525 type == IGMPV3_BLOCK_OLD_SOURCES) && psf->sf_crcount) 526 goto decrease_sf_crcount; 527 528 /* clear marks on query responses */ 529 if (isquery) 530 psf->sf_gsresp = 0; 531 532 if (AVAILABLE(skb) < sizeof(__be32) + 533 first*sizeof(struct igmpv3_grec)) { 534 if (truncate && !first) 535 break; /* truncate these */ 536 if (pgr) 537 pgr->grec_nsrcs = htons(scount); 538 if (skb) 539 igmpv3_sendpack(skb); 540 skb = igmpv3_newpack(dev, mtu); 541 first = 1; 542 scount = 0; 543 } 544 if (first) { 545 skb = add_grhead(skb, pmc, type, &pgr, mtu); 546 first = 0; 547 } 548 if (!skb) 549 return NULL; 550 psrc = skb_put(skb, sizeof(__be32)); 551 *psrc = psf->sf_inaddr; 552 scount++; stotal++; 553 if ((type == IGMPV3_ALLOW_NEW_SOURCES || 554 type == IGMPV3_BLOCK_OLD_SOURCES) && psf->sf_crcount) { 555 decrease_sf_crcount: 556 psf->sf_crcount--; 557 if ((sdeleted || gdeleted) && psf->sf_crcount == 0) { 558 if (psf_prev) 559 psf_prev->sf_next = psf->sf_next; 560 else 561 *psf_list = psf->sf_next; 562 kfree(psf); 563 continue; 564 } 565 } 566 psf_prev = psf; 567 } 568 569 empty_source: 570 if (!stotal) { 571 if (type == IGMPV3_ALLOW_NEW_SOURCES || 572 type == IGMPV3_BLOCK_OLD_SOURCES) 573 return skb; 574 if (pmc->crcount || isquery) { 575 /* make sure we have room for group header */ 576 if (skb && AVAILABLE(skb) < sizeof(struct igmpv3_grec)) { 577 igmpv3_sendpack(skb); 578 skb = NULL; /* add_grhead will get a new one */ 579 } 580 skb = add_grhead(skb, pmc, type, &pgr, mtu); 581 } 582 } 583 if (pgr) 584 pgr->grec_nsrcs = htons(scount); 585 586 if (isquery) 587 pmc->gsquery = 0; /* clear query state on report */ 588 return skb; 589 } 590 591 static int igmpv3_send_report(struct in_device *in_dev, struct ip_mc_list *pmc) 592 { 593 struct sk_buff *skb = NULL; 594 struct net *net = dev_net(in_dev->dev); 595 int type; 596 597 if (!pmc) { 598 rcu_read_lock(); 599 for_each_pmc_rcu(in_dev, pmc) { 600 if (pmc->multiaddr == IGMP_ALL_HOSTS) 601 continue; 602 if (ipv4_is_local_multicast(pmc->multiaddr) && 603 !READ_ONCE(net->ipv4.sysctl_igmp_llm_reports)) 604 continue; 605 spin_lock_bh(&pmc->lock); 606 if (pmc->sfcount[MCAST_EXCLUDE]) 607 type = IGMPV3_MODE_IS_EXCLUDE; 608 else 609 type = IGMPV3_MODE_IS_INCLUDE; 610 skb = add_grec(skb, pmc, type, 0, 0); 611 spin_unlock_bh(&pmc->lock); 612 } 613 rcu_read_unlock(); 614 } else { 615 spin_lock_bh(&pmc->lock); 616 if (pmc->sfcount[MCAST_EXCLUDE]) 617 type = IGMPV3_MODE_IS_EXCLUDE; 618 else 619 type = IGMPV3_MODE_IS_INCLUDE; 620 skb = add_grec(skb, pmc, type, 0, 0); 621 spin_unlock_bh(&pmc->lock); 622 } 623 if (!skb) 624 return 0; 625 return igmpv3_sendpack(skb); 626 } 627 628 /* 629 * remove zero-count source records from a source filter list 630 */ 631 static void igmpv3_clear_zeros(struct ip_sf_list **ppsf) 632 { 633 struct ip_sf_list *psf_prev, *psf_next, *psf; 634 635 psf_prev = NULL; 636 for (psf = *ppsf; psf; psf = psf_next) { 637 psf_next = psf->sf_next; 638 if (psf->sf_crcount == 0) { 639 if (psf_prev) 640 psf_prev->sf_next = psf->sf_next; 641 else 642 *ppsf = psf->sf_next; 643 kfree(psf); 644 } else 645 psf_prev = psf; 646 } 647 } 648 649 static void kfree_pmc(struct ip_mc_list *pmc) 650 { 651 ip_sf_list_clear_all(pmc->sources); 652 ip_sf_list_clear_all(pmc->tomb); 653 kfree(pmc); 654 } 655 656 static void igmpv3_send_cr(struct in_device *in_dev) 657 { 658 struct ip_mc_list *pmc, *pmc_prev, *pmc_next; 659 struct sk_buff *skb = NULL; 660 int type, dtype; 661 662 rcu_read_lock(); 663 spin_lock_bh(&in_dev->mc_tomb_lock); 664 665 /* deleted MCA's */ 666 pmc_prev = NULL; 667 for (pmc = in_dev->mc_tomb; pmc; pmc = pmc_next) { 668 pmc_next = pmc->next; 669 if (pmc->sfmode == MCAST_INCLUDE) { 670 type = IGMPV3_BLOCK_OLD_SOURCES; 671 dtype = IGMPV3_BLOCK_OLD_SOURCES; 672 skb = add_grec(skb, pmc, type, 1, 0); 673 skb = add_grec(skb, pmc, dtype, 1, 1); 674 } 675 if (pmc->crcount) { 676 if (pmc->sfmode == MCAST_EXCLUDE) { 677 type = IGMPV3_CHANGE_TO_INCLUDE; 678 skb = add_grec(skb, pmc, type, 1, 0); 679 } 680 pmc->crcount--; 681 if (pmc->crcount == 0) { 682 igmpv3_clear_zeros(&pmc->tomb); 683 igmpv3_clear_zeros(&pmc->sources); 684 } 685 } 686 if (pmc->crcount == 0 && !pmc->tomb && !pmc->sources) { 687 if (pmc_prev) 688 pmc_prev->next = pmc_next; 689 else 690 in_dev->mc_tomb = pmc_next; 691 in_dev_put(pmc->interface); 692 kfree_pmc(pmc); 693 } else 694 pmc_prev = pmc; 695 } 696 spin_unlock_bh(&in_dev->mc_tomb_lock); 697 698 /* change recs */ 699 for_each_pmc_rcu(in_dev, pmc) { 700 spin_lock_bh(&pmc->lock); 701 if (pmc->sfcount[MCAST_EXCLUDE]) { 702 type = IGMPV3_BLOCK_OLD_SOURCES; 703 dtype = IGMPV3_ALLOW_NEW_SOURCES; 704 } else { 705 type = IGMPV3_ALLOW_NEW_SOURCES; 706 dtype = IGMPV3_BLOCK_OLD_SOURCES; 707 } 708 skb = add_grec(skb, pmc, type, 0, 0); 709 skb = add_grec(skb, pmc, dtype, 0, 1); /* deleted sources */ 710 711 /* filter mode changes */ 712 if (pmc->crcount) { 713 if (pmc->sfmode == MCAST_EXCLUDE) 714 type = IGMPV3_CHANGE_TO_EXCLUDE; 715 else 716 type = IGMPV3_CHANGE_TO_INCLUDE; 717 skb = add_grec(skb, pmc, type, 0, 0); 718 pmc->crcount--; 719 } 720 spin_unlock_bh(&pmc->lock); 721 } 722 rcu_read_unlock(); 723 724 if (!skb) 725 return; 726 (void) igmpv3_sendpack(skb); 727 } 728 729 static int igmp_send_report(struct in_device *in_dev, struct ip_mc_list *pmc, 730 int type) 731 { 732 struct sk_buff *skb; 733 struct iphdr *iph; 734 struct igmphdr *ih; 735 struct rtable *rt; 736 struct net_device *dev = in_dev->dev; 737 struct net *net = dev_net(dev); 738 __be32 group = pmc ? pmc->multiaddr : 0; 739 struct flowi4 fl4; 740 __be32 dst; 741 int hlen, tlen; 742 743 if (type == IGMPV3_HOST_MEMBERSHIP_REPORT) 744 return igmpv3_send_report(in_dev, pmc); 745 746 if (ipv4_is_local_multicast(group) && 747 !READ_ONCE(net->ipv4.sysctl_igmp_llm_reports)) 748 return 0; 749 750 if (type == IGMP_HOST_LEAVE_MESSAGE) 751 dst = IGMP_ALL_ROUTER; 752 else 753 dst = group; 754 755 rt = ip_route_output_ports(net, &fl4, NULL, dst, 0, 756 0, 0, 757 IPPROTO_IGMP, 0, dev->ifindex); 758 if (IS_ERR(rt)) 759 return -1; 760 761 hlen = LL_RESERVED_SPACE(dev); 762 tlen = dev->needed_tailroom; 763 skb = alloc_skb(IGMP_SIZE + hlen + tlen, GFP_ATOMIC); 764 if (!skb) { 765 ip_rt_put(rt); 766 return -1; 767 } 768 skb->priority = TC_PRIO_CONTROL; 769 770 skb_dst_set(skb, &rt->dst); 771 772 skb_reserve(skb, hlen); 773 774 skb_reset_network_header(skb); 775 iph = ip_hdr(skb); 776 skb_put(skb, sizeof(struct iphdr) + 4); 777 778 iph->version = 4; 779 iph->ihl = (sizeof(struct iphdr)+4)>>2; 780 iph->tos = 0xc0; 781 iph->frag_off = htons(IP_DF); 782 iph->ttl = 1; 783 iph->daddr = dst; 784 iph->saddr = fl4.saddr; 785 iph->protocol = IPPROTO_IGMP; 786 ip_select_ident(net, skb, NULL); 787 ((u8 *)&iph[1])[0] = IPOPT_RA; 788 ((u8 *)&iph[1])[1] = 4; 789 ((u8 *)&iph[1])[2] = 0; 790 ((u8 *)&iph[1])[3] = 0; 791 792 ih = skb_put(skb, sizeof(struct igmphdr)); 793 ih->type = type; 794 ih->code = 0; 795 ih->csum = 0; 796 ih->group = group; 797 ih->csum = ip_compute_csum((void *)ih, sizeof(struct igmphdr)); 798 799 return ip_local_out(net, skb->sk, skb); 800 } 801 802 static void igmp_gq_timer_expire(struct timer_list *t) 803 { 804 struct in_device *in_dev = from_timer(in_dev, t, mr_gq_timer); 805 806 in_dev->mr_gq_running = 0; 807 igmpv3_send_report(in_dev, NULL); 808 in_dev_put(in_dev); 809 } 810 811 static void igmp_ifc_timer_expire(struct timer_list *t) 812 { 813 struct in_device *in_dev = from_timer(in_dev, t, mr_ifc_timer); 814 u32 mr_ifc_count; 815 816 igmpv3_send_cr(in_dev); 817 restart: 818 mr_ifc_count = READ_ONCE(in_dev->mr_ifc_count); 819 820 if (mr_ifc_count) { 821 if (cmpxchg(&in_dev->mr_ifc_count, 822 mr_ifc_count, 823 mr_ifc_count - 1) != mr_ifc_count) 824 goto restart; 825 igmp_ifc_start_timer(in_dev, 826 unsolicited_report_interval(in_dev)); 827 } 828 in_dev_put(in_dev); 829 } 830 831 static void igmp_ifc_event(struct in_device *in_dev) 832 { 833 struct net *net = dev_net(in_dev->dev); 834 if (IGMP_V1_SEEN(in_dev) || IGMP_V2_SEEN(in_dev)) 835 return; 836 WRITE_ONCE(in_dev->mr_ifc_count, in_dev->mr_qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv)); 837 igmp_ifc_start_timer(in_dev, 1); 838 } 839 840 841 static void igmp_timer_expire(struct timer_list *t) 842 { 843 struct ip_mc_list *im = from_timer(im, t, timer); 844 struct in_device *in_dev = im->interface; 845 846 spin_lock(&im->lock); 847 im->tm_running = 0; 848 849 if (im->unsolicit_count && --im->unsolicit_count) 850 igmp_start_timer(im, unsolicited_report_interval(in_dev)); 851 852 im->reporter = 1; 853 spin_unlock(&im->lock); 854 855 if (IGMP_V1_SEEN(in_dev)) 856 igmp_send_report(in_dev, im, IGMP_HOST_MEMBERSHIP_REPORT); 857 else if (IGMP_V2_SEEN(in_dev)) 858 igmp_send_report(in_dev, im, IGMPV2_HOST_MEMBERSHIP_REPORT); 859 else 860 igmp_send_report(in_dev, im, IGMPV3_HOST_MEMBERSHIP_REPORT); 861 862 ip_ma_put(im); 863 } 864 865 /* mark EXCLUDE-mode sources */ 866 static int igmp_xmarksources(struct ip_mc_list *pmc, int nsrcs, __be32 *srcs) 867 { 868 struct ip_sf_list *psf; 869 int i, scount; 870 871 scount = 0; 872 for (psf = pmc->sources; psf; psf = psf->sf_next) { 873 if (scount == nsrcs) 874 break; 875 for (i = 0; i < nsrcs; i++) { 876 /* skip inactive filters */ 877 if (psf->sf_count[MCAST_INCLUDE] || 878 pmc->sfcount[MCAST_EXCLUDE] != 879 psf->sf_count[MCAST_EXCLUDE]) 880 break; 881 if (srcs[i] == psf->sf_inaddr) { 882 scount++; 883 break; 884 } 885 } 886 } 887 pmc->gsquery = 0; 888 if (scount == nsrcs) /* all sources excluded */ 889 return 0; 890 return 1; 891 } 892 893 static int igmp_marksources(struct ip_mc_list *pmc, int nsrcs, __be32 *srcs) 894 { 895 struct ip_sf_list *psf; 896 int i, scount; 897 898 if (pmc->sfmode == MCAST_EXCLUDE) 899 return igmp_xmarksources(pmc, nsrcs, srcs); 900 901 /* mark INCLUDE-mode sources */ 902 scount = 0; 903 for (psf = pmc->sources; psf; psf = psf->sf_next) { 904 if (scount == nsrcs) 905 break; 906 for (i = 0; i < nsrcs; i++) 907 if (srcs[i] == psf->sf_inaddr) { 908 psf->sf_gsresp = 1; 909 scount++; 910 break; 911 } 912 } 913 if (!scount) { 914 pmc->gsquery = 0; 915 return 0; 916 } 917 pmc->gsquery = 1; 918 return 1; 919 } 920 921 /* return true if packet was dropped */ 922 static bool igmp_heard_report(struct in_device *in_dev, __be32 group) 923 { 924 struct ip_mc_list *im; 925 struct net *net = dev_net(in_dev->dev); 926 927 /* Timers are only set for non-local groups */ 928 929 if (group == IGMP_ALL_HOSTS) 930 return false; 931 if (ipv4_is_local_multicast(group) && 932 !READ_ONCE(net->ipv4.sysctl_igmp_llm_reports)) 933 return false; 934 935 rcu_read_lock(); 936 for_each_pmc_rcu(in_dev, im) { 937 if (im->multiaddr == group) { 938 igmp_stop_timer(im); 939 break; 940 } 941 } 942 rcu_read_unlock(); 943 return false; 944 } 945 946 /* return true if packet was dropped */ 947 static bool igmp_heard_query(struct in_device *in_dev, struct sk_buff *skb, 948 int len) 949 { 950 struct igmphdr *ih = igmp_hdr(skb); 951 struct igmpv3_query *ih3 = igmpv3_query_hdr(skb); 952 struct ip_mc_list *im; 953 __be32 group = ih->group; 954 int max_delay; 955 int mark = 0; 956 struct net *net = dev_net(in_dev->dev); 957 958 959 if (len == 8) { 960 if (ih->code == 0) { 961 /* Alas, old v1 router presents here. */ 962 963 max_delay = IGMP_QUERY_RESPONSE_INTERVAL; 964 in_dev->mr_v1_seen = jiffies + 965 (in_dev->mr_qrv * in_dev->mr_qi) + 966 in_dev->mr_qri; 967 group = 0; 968 } else { 969 /* v2 router present */ 970 max_delay = ih->code*(HZ/IGMP_TIMER_SCALE); 971 in_dev->mr_v2_seen = jiffies + 972 (in_dev->mr_qrv * in_dev->mr_qi) + 973 in_dev->mr_qri; 974 } 975 /* cancel the interface change timer */ 976 WRITE_ONCE(in_dev->mr_ifc_count, 0); 977 if (timer_delete(&in_dev->mr_ifc_timer)) 978 __in_dev_put(in_dev); 979 /* clear deleted report items */ 980 igmpv3_clear_delrec(in_dev); 981 } else if (len < 12) { 982 return true; /* ignore bogus packet; freed by caller */ 983 } else if (IGMP_V1_SEEN(in_dev)) { 984 /* This is a v3 query with v1 queriers present */ 985 max_delay = IGMP_QUERY_RESPONSE_INTERVAL; 986 group = 0; 987 } else if (IGMP_V2_SEEN(in_dev)) { 988 /* this is a v3 query with v2 queriers present; 989 * Interpretation of the max_delay code is problematic here. 990 * A real v2 host would use ih_code directly, while v3 has a 991 * different encoding. We use the v3 encoding as more likely 992 * to be intended in a v3 query. 993 */ 994 max_delay = IGMPV3_MRC(ih3->code)*(HZ/IGMP_TIMER_SCALE); 995 if (!max_delay) 996 max_delay = 1; /* can't mod w/ 0 */ 997 } else { /* v3 */ 998 if (!pskb_may_pull(skb, sizeof(struct igmpv3_query))) 999 return true; 1000 1001 ih3 = igmpv3_query_hdr(skb); 1002 if (ih3->nsrcs) { 1003 if (!pskb_may_pull(skb, sizeof(struct igmpv3_query) 1004 + ntohs(ih3->nsrcs)*sizeof(__be32))) 1005 return true; 1006 ih3 = igmpv3_query_hdr(skb); 1007 } 1008 1009 max_delay = IGMPV3_MRC(ih3->code)*(HZ/IGMP_TIMER_SCALE); 1010 if (!max_delay) 1011 max_delay = 1; /* can't mod w/ 0 */ 1012 in_dev->mr_maxdelay = max_delay; 1013 1014 /* RFC3376, 4.1.6. QRV and 4.1.7. QQIC, when the most recently 1015 * received value was zero, use the default or statically 1016 * configured value. 1017 */ 1018 in_dev->mr_qrv = ih3->qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv); 1019 in_dev->mr_qi = IGMPV3_QQIC(ih3->qqic)*HZ ?: IGMP_QUERY_INTERVAL; 1020 1021 /* RFC3376, 8.3. Query Response Interval: 1022 * The number of seconds represented by the [Query Response 1023 * Interval] must be less than the [Query Interval]. 1024 */ 1025 if (in_dev->mr_qri >= in_dev->mr_qi) 1026 in_dev->mr_qri = (in_dev->mr_qi/HZ - 1)*HZ; 1027 1028 if (!group) { /* general query */ 1029 if (ih3->nsrcs) 1030 return true; /* no sources allowed */ 1031 igmp_gq_start_timer(in_dev); 1032 return false; 1033 } 1034 /* mark sources to include, if group & source-specific */ 1035 mark = ih3->nsrcs != 0; 1036 } 1037 1038 /* 1039 * - Start the timers in all of our membership records 1040 * that the query applies to for the interface on 1041 * which the query arrived excl. those that belong 1042 * to a "local" group (224.0.0.X) 1043 * - For timers already running check if they need to 1044 * be reset. 1045 * - Use the igmp->igmp_code field as the maximum 1046 * delay possible 1047 */ 1048 rcu_read_lock(); 1049 for_each_pmc_rcu(in_dev, im) { 1050 int changed; 1051 1052 if (group && group != im->multiaddr) 1053 continue; 1054 if (im->multiaddr == IGMP_ALL_HOSTS) 1055 continue; 1056 if (ipv4_is_local_multicast(im->multiaddr) && 1057 !READ_ONCE(net->ipv4.sysctl_igmp_llm_reports)) 1058 continue; 1059 spin_lock_bh(&im->lock); 1060 if (im->tm_running) 1061 im->gsquery = im->gsquery && mark; 1062 else 1063 im->gsquery = mark; 1064 changed = !im->gsquery || 1065 igmp_marksources(im, ntohs(ih3->nsrcs), ih3->srcs); 1066 spin_unlock_bh(&im->lock); 1067 if (changed) 1068 igmp_mod_timer(im, max_delay); 1069 } 1070 rcu_read_unlock(); 1071 return false; 1072 } 1073 1074 /* called in rcu_read_lock() section */ 1075 int igmp_rcv(struct sk_buff *skb) 1076 { 1077 /* This basically follows the spec line by line -- see RFC1112 */ 1078 struct igmphdr *ih; 1079 struct net_device *dev = skb->dev; 1080 struct in_device *in_dev; 1081 int len = skb->len; 1082 bool dropped = true; 1083 1084 if (netif_is_l3_master(dev)) { 1085 dev = dev_get_by_index_rcu(dev_net(dev), IPCB(skb)->iif); 1086 if (!dev) 1087 goto drop; 1088 } 1089 1090 in_dev = __in_dev_get_rcu(dev); 1091 if (!in_dev) 1092 goto drop; 1093 1094 if (!pskb_may_pull(skb, sizeof(struct igmphdr))) 1095 goto drop; 1096 1097 if (skb_checksum_simple_validate(skb)) 1098 goto drop; 1099 1100 ih = igmp_hdr(skb); 1101 switch (ih->type) { 1102 case IGMP_HOST_MEMBERSHIP_QUERY: 1103 dropped = igmp_heard_query(in_dev, skb, len); 1104 break; 1105 case IGMP_HOST_MEMBERSHIP_REPORT: 1106 case IGMPV2_HOST_MEMBERSHIP_REPORT: 1107 /* Is it our report looped back? */ 1108 if (rt_is_output_route(skb_rtable(skb))) 1109 break; 1110 /* don't rely on MC router hearing unicast reports */ 1111 if (skb->pkt_type == PACKET_MULTICAST || 1112 skb->pkt_type == PACKET_BROADCAST) 1113 dropped = igmp_heard_report(in_dev, ih->group); 1114 break; 1115 case IGMP_PIM: 1116 #ifdef CONFIG_IP_PIMSM_V1 1117 return pim_rcv_v1(skb); 1118 #endif 1119 case IGMPV3_HOST_MEMBERSHIP_REPORT: 1120 case IGMP_DVMRP: 1121 case IGMP_TRACE: 1122 case IGMP_HOST_LEAVE_MESSAGE: 1123 case IGMP_MTRACE: 1124 case IGMP_MTRACE_RESP: 1125 break; 1126 default: 1127 break; 1128 } 1129 1130 drop: 1131 if (dropped) 1132 kfree_skb(skb); 1133 else 1134 consume_skb(skb); 1135 return 0; 1136 } 1137 1138 #endif 1139 1140 1141 /* 1142 * Add a filter to a device 1143 */ 1144 1145 static void ip_mc_filter_add(struct in_device *in_dev, __be32 addr) 1146 { 1147 char buf[MAX_ADDR_LEN]; 1148 struct net_device *dev = in_dev->dev; 1149 1150 /* Checking for IFF_MULTICAST here is WRONG-WRONG-WRONG. 1151 We will get multicast token leakage, when IFF_MULTICAST 1152 is changed. This check should be done in ndo_set_rx_mode 1153 routine. Something sort of: 1154 if (dev->mc_list && dev->flags&IFF_MULTICAST) { do it; } 1155 --ANK 1156 */ 1157 if (arp_mc_map(addr, buf, dev, 0) == 0) 1158 dev_mc_add(dev, buf); 1159 } 1160 1161 /* 1162 * Remove a filter from a device 1163 */ 1164 1165 static void ip_mc_filter_del(struct in_device *in_dev, __be32 addr) 1166 { 1167 char buf[MAX_ADDR_LEN]; 1168 struct net_device *dev = in_dev->dev; 1169 1170 if (arp_mc_map(addr, buf, dev, 0) == 0) 1171 dev_mc_del(dev, buf); 1172 } 1173 1174 #ifdef CONFIG_IP_MULTICAST 1175 /* 1176 * deleted ip_mc_list manipulation 1177 */ 1178 static void igmpv3_add_delrec(struct in_device *in_dev, struct ip_mc_list *im, 1179 gfp_t gfp) 1180 { 1181 struct ip_mc_list *pmc; 1182 struct net *net = dev_net(in_dev->dev); 1183 1184 /* this is an "ip_mc_list" for convenience; only the fields below 1185 * are actually used. In particular, the refcnt and users are not 1186 * used for management of the delete list. Using the same structure 1187 * for deleted items allows change reports to use common code with 1188 * non-deleted or query-response MCA's. 1189 */ 1190 pmc = kzalloc(sizeof(*pmc), gfp); 1191 if (!pmc) 1192 return; 1193 spin_lock_init(&pmc->lock); 1194 spin_lock_bh(&im->lock); 1195 pmc->interface = im->interface; 1196 in_dev_hold(in_dev); 1197 pmc->multiaddr = im->multiaddr; 1198 pmc->crcount = in_dev->mr_qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv); 1199 pmc->sfmode = im->sfmode; 1200 if (pmc->sfmode == MCAST_INCLUDE) { 1201 struct ip_sf_list *psf; 1202 1203 pmc->tomb = im->tomb; 1204 pmc->sources = im->sources; 1205 im->tomb = im->sources = NULL; 1206 for (psf = pmc->sources; psf; psf = psf->sf_next) 1207 psf->sf_crcount = pmc->crcount; 1208 } 1209 spin_unlock_bh(&im->lock); 1210 1211 spin_lock_bh(&in_dev->mc_tomb_lock); 1212 pmc->next = in_dev->mc_tomb; 1213 in_dev->mc_tomb = pmc; 1214 spin_unlock_bh(&in_dev->mc_tomb_lock); 1215 } 1216 1217 /* 1218 * restore ip_mc_list deleted records 1219 */ 1220 static void igmpv3_del_delrec(struct in_device *in_dev, struct ip_mc_list *im) 1221 { 1222 struct ip_mc_list *pmc, *pmc_prev; 1223 struct ip_sf_list *psf; 1224 struct net *net = dev_net(in_dev->dev); 1225 __be32 multiaddr = im->multiaddr; 1226 1227 spin_lock_bh(&in_dev->mc_tomb_lock); 1228 pmc_prev = NULL; 1229 for (pmc = in_dev->mc_tomb; pmc; pmc = pmc->next) { 1230 if (pmc->multiaddr == multiaddr) 1231 break; 1232 pmc_prev = pmc; 1233 } 1234 if (pmc) { 1235 if (pmc_prev) 1236 pmc_prev->next = pmc->next; 1237 else 1238 in_dev->mc_tomb = pmc->next; 1239 } 1240 spin_unlock_bh(&in_dev->mc_tomb_lock); 1241 1242 spin_lock_bh(&im->lock); 1243 if (pmc) { 1244 im->interface = pmc->interface; 1245 if (im->sfmode == MCAST_INCLUDE) { 1246 swap(im->tomb, pmc->tomb); 1247 swap(im->sources, pmc->sources); 1248 for (psf = im->sources; psf; psf = psf->sf_next) 1249 psf->sf_crcount = in_dev->mr_qrv ?: 1250 READ_ONCE(net->ipv4.sysctl_igmp_qrv); 1251 } else { 1252 im->crcount = in_dev->mr_qrv ?: 1253 READ_ONCE(net->ipv4.sysctl_igmp_qrv); 1254 } 1255 in_dev_put(pmc->interface); 1256 kfree_pmc(pmc); 1257 } 1258 spin_unlock_bh(&im->lock); 1259 } 1260 1261 /* 1262 * flush ip_mc_list deleted records 1263 */ 1264 static void igmpv3_clear_delrec(struct in_device *in_dev) 1265 { 1266 struct ip_mc_list *pmc, *nextpmc; 1267 1268 spin_lock_bh(&in_dev->mc_tomb_lock); 1269 pmc = in_dev->mc_tomb; 1270 in_dev->mc_tomb = NULL; 1271 spin_unlock_bh(&in_dev->mc_tomb_lock); 1272 1273 for (; pmc; pmc = nextpmc) { 1274 nextpmc = pmc->next; 1275 ip_mc_clear_src(pmc); 1276 in_dev_put(pmc->interface); 1277 kfree_pmc(pmc); 1278 } 1279 /* clear dead sources, too */ 1280 rcu_read_lock(); 1281 for_each_pmc_rcu(in_dev, pmc) { 1282 struct ip_sf_list *psf; 1283 1284 spin_lock_bh(&pmc->lock); 1285 psf = pmc->tomb; 1286 pmc->tomb = NULL; 1287 spin_unlock_bh(&pmc->lock); 1288 ip_sf_list_clear_all(psf); 1289 } 1290 rcu_read_unlock(); 1291 } 1292 #endif 1293 1294 static void __igmp_group_dropped(struct ip_mc_list *im, gfp_t gfp) 1295 { 1296 struct in_device *in_dev = im->interface; 1297 #ifdef CONFIG_IP_MULTICAST 1298 struct net *net = dev_net(in_dev->dev); 1299 int reporter; 1300 #endif 1301 1302 if (im->loaded) { 1303 im->loaded = 0; 1304 ip_mc_filter_del(in_dev, im->multiaddr); 1305 } 1306 1307 #ifdef CONFIG_IP_MULTICAST 1308 if (im->multiaddr == IGMP_ALL_HOSTS) 1309 return; 1310 if (ipv4_is_local_multicast(im->multiaddr) && 1311 !READ_ONCE(net->ipv4.sysctl_igmp_llm_reports)) 1312 return; 1313 1314 reporter = im->reporter; 1315 igmp_stop_timer(im); 1316 1317 if (!in_dev->dead) { 1318 if (IGMP_V1_SEEN(in_dev)) 1319 return; 1320 if (IGMP_V2_SEEN(in_dev)) { 1321 if (reporter) 1322 igmp_send_report(in_dev, im, IGMP_HOST_LEAVE_MESSAGE); 1323 return; 1324 } 1325 /* IGMPv3 */ 1326 igmpv3_add_delrec(in_dev, im, gfp); 1327 1328 igmp_ifc_event(in_dev); 1329 } 1330 #endif 1331 } 1332 1333 static void igmp_group_dropped(struct ip_mc_list *im) 1334 { 1335 __igmp_group_dropped(im, GFP_KERNEL); 1336 } 1337 1338 static void igmp_group_added(struct ip_mc_list *im) 1339 { 1340 struct in_device *in_dev = im->interface; 1341 #ifdef CONFIG_IP_MULTICAST 1342 struct net *net = dev_net(in_dev->dev); 1343 #endif 1344 1345 if (im->loaded == 0) { 1346 im->loaded = 1; 1347 ip_mc_filter_add(in_dev, im->multiaddr); 1348 } 1349 1350 #ifdef CONFIG_IP_MULTICAST 1351 if (im->multiaddr == IGMP_ALL_HOSTS) 1352 return; 1353 if (ipv4_is_local_multicast(im->multiaddr) && 1354 !READ_ONCE(net->ipv4.sysctl_igmp_llm_reports)) 1355 return; 1356 1357 if (in_dev->dead) 1358 return; 1359 1360 im->unsolicit_count = READ_ONCE(net->ipv4.sysctl_igmp_qrv); 1361 if (IGMP_V1_SEEN(in_dev) || IGMP_V2_SEEN(in_dev)) { 1362 spin_lock_bh(&im->lock); 1363 igmp_start_timer(im, IGMP_INITIAL_REPORT_DELAY); 1364 spin_unlock_bh(&im->lock); 1365 return; 1366 } 1367 /* else, v3 */ 1368 1369 /* Based on RFC3376 5.1, for newly added INCLUDE SSM, we should 1370 * not send filter-mode change record as the mode should be from 1371 * IN() to IN(A). 1372 */ 1373 if (im->sfmode == MCAST_EXCLUDE) 1374 im->crcount = in_dev->mr_qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv); 1375 1376 igmp_ifc_event(in_dev); 1377 #endif 1378 } 1379 1380 1381 /* 1382 * Multicast list managers 1383 */ 1384 1385 static u32 ip_mc_hash(const struct ip_mc_list *im) 1386 { 1387 return hash_32((__force u32)im->multiaddr, MC_HASH_SZ_LOG); 1388 } 1389 1390 static void ip_mc_hash_add(struct in_device *in_dev, 1391 struct ip_mc_list *im) 1392 { 1393 struct ip_mc_list __rcu **mc_hash; 1394 u32 hash; 1395 1396 mc_hash = rtnl_dereference(in_dev->mc_hash); 1397 if (mc_hash) { 1398 hash = ip_mc_hash(im); 1399 im->next_hash = mc_hash[hash]; 1400 rcu_assign_pointer(mc_hash[hash], im); 1401 return; 1402 } 1403 1404 /* do not use a hash table for small number of items */ 1405 if (in_dev->mc_count < 4) 1406 return; 1407 1408 mc_hash = kzalloc(sizeof(struct ip_mc_list *) << MC_HASH_SZ_LOG, 1409 GFP_KERNEL); 1410 if (!mc_hash) 1411 return; 1412 1413 for_each_pmc_rtnl(in_dev, im) { 1414 hash = ip_mc_hash(im); 1415 im->next_hash = mc_hash[hash]; 1416 RCU_INIT_POINTER(mc_hash[hash], im); 1417 } 1418 1419 rcu_assign_pointer(in_dev->mc_hash, mc_hash); 1420 } 1421 1422 static void ip_mc_hash_remove(struct in_device *in_dev, 1423 struct ip_mc_list *im) 1424 { 1425 struct ip_mc_list __rcu **mc_hash = rtnl_dereference(in_dev->mc_hash); 1426 struct ip_mc_list *aux; 1427 1428 if (!mc_hash) 1429 return; 1430 mc_hash += ip_mc_hash(im); 1431 while ((aux = rtnl_dereference(*mc_hash)) != im) 1432 mc_hash = &aux->next_hash; 1433 *mc_hash = im->next_hash; 1434 } 1435 1436 int inet_fill_ifmcaddr(struct sk_buff *skb, struct net_device *dev, 1437 const struct ip_mc_list *im, 1438 struct inet_fill_args *args) 1439 { 1440 struct ifa_cacheinfo ci; 1441 struct ifaddrmsg *ifm; 1442 struct nlmsghdr *nlh; 1443 1444 nlh = nlmsg_put(skb, args->portid, args->seq, args->event, 1445 sizeof(struct ifaddrmsg), args->flags); 1446 if (!nlh) 1447 return -EMSGSIZE; 1448 1449 ifm = nlmsg_data(nlh); 1450 ifm->ifa_family = AF_INET; 1451 ifm->ifa_prefixlen = 32; 1452 ifm->ifa_flags = IFA_F_PERMANENT; 1453 ifm->ifa_scope = RT_SCOPE_UNIVERSE; 1454 ifm->ifa_index = dev->ifindex; 1455 1456 ci.cstamp = (READ_ONCE(im->mca_cstamp) - INITIAL_JIFFIES) * 100UL / HZ; 1457 ci.tstamp = ci.cstamp; 1458 ci.ifa_prefered = INFINITY_LIFE_TIME; 1459 ci.ifa_valid = INFINITY_LIFE_TIME; 1460 1461 if (nla_put_in_addr(skb, IFA_MULTICAST, im->multiaddr) < 0 || 1462 nla_put(skb, IFA_CACHEINFO, sizeof(ci), &ci) < 0) { 1463 nlmsg_cancel(skb, nlh); 1464 return -EMSGSIZE; 1465 } 1466 1467 nlmsg_end(skb, nlh); 1468 return 0; 1469 } 1470 1471 static void inet_ifmcaddr_notify(struct net_device *dev, 1472 const struct ip_mc_list *im, int event) 1473 { 1474 struct inet_fill_args fillargs = { 1475 .event = event, 1476 }; 1477 struct net *net = dev_net(dev); 1478 struct sk_buff *skb; 1479 int err = -ENOMEM; 1480 1481 skb = nlmsg_new(NLMSG_ALIGN(sizeof(struct ifaddrmsg)) + 1482 nla_total_size(sizeof(__be32)) + 1483 nla_total_size(sizeof(struct ifa_cacheinfo)), 1484 GFP_KERNEL); 1485 if (!skb) 1486 goto error; 1487 1488 err = inet_fill_ifmcaddr(skb, dev, im, &fillargs); 1489 if (err < 0) { 1490 WARN_ON_ONCE(err == -EMSGSIZE); 1491 nlmsg_free(skb); 1492 goto error; 1493 } 1494 1495 rtnl_notify(skb, net, 0, RTNLGRP_IPV4_MCADDR, NULL, GFP_KERNEL); 1496 return; 1497 error: 1498 rtnl_set_sk_err(net, RTNLGRP_IPV4_MCADDR, err); 1499 } 1500 1501 /* 1502 * A socket has joined a multicast group on device dev. 1503 */ 1504 static void ____ip_mc_inc_group(struct in_device *in_dev, __be32 addr, 1505 unsigned int mode, gfp_t gfp) 1506 { 1507 struct ip_mc_list __rcu **mc_hash; 1508 struct ip_mc_list *im; 1509 1510 ASSERT_RTNL(); 1511 1512 mc_hash = rtnl_dereference(in_dev->mc_hash); 1513 if (mc_hash) { 1514 u32 hash = hash_32((__force u32)addr, MC_HASH_SZ_LOG); 1515 1516 for (im = rtnl_dereference(mc_hash[hash]); 1517 im; 1518 im = rtnl_dereference(im->next_hash)) { 1519 if (im->multiaddr == addr) 1520 break; 1521 } 1522 } else { 1523 for_each_pmc_rtnl(in_dev, im) { 1524 if (im->multiaddr == addr) 1525 break; 1526 } 1527 } 1528 1529 if (im) { 1530 im->users++; 1531 ip_mc_add_src(in_dev, &addr, mode, 0, NULL, 0); 1532 goto out; 1533 } 1534 1535 im = kzalloc(sizeof(*im), gfp); 1536 if (!im) 1537 goto out; 1538 1539 im->users = 1; 1540 im->interface = in_dev; 1541 in_dev_hold(in_dev); 1542 im->multiaddr = addr; 1543 im->mca_cstamp = jiffies; 1544 im->mca_tstamp = im->mca_cstamp; 1545 /* initial mode is (EX, empty) */ 1546 im->sfmode = mode; 1547 im->sfcount[mode] = 1; 1548 refcount_set(&im->refcnt, 1); 1549 spin_lock_init(&im->lock); 1550 #ifdef CONFIG_IP_MULTICAST 1551 timer_setup(&im->timer, igmp_timer_expire, 0); 1552 #endif 1553 1554 im->next_rcu = in_dev->mc_list; 1555 in_dev->mc_count++; 1556 rcu_assign_pointer(in_dev->mc_list, im); 1557 1558 ip_mc_hash_add(in_dev, im); 1559 1560 #ifdef CONFIG_IP_MULTICAST 1561 igmpv3_del_delrec(in_dev, im); 1562 #endif 1563 igmp_group_added(im); 1564 inet_ifmcaddr_notify(in_dev->dev, im, RTM_NEWMULTICAST); 1565 if (!in_dev->dead) 1566 ip_rt_multicast_event(in_dev); 1567 out: 1568 return; 1569 } 1570 1571 void __ip_mc_inc_group(struct in_device *in_dev, __be32 addr, gfp_t gfp) 1572 { 1573 ____ip_mc_inc_group(in_dev, addr, MCAST_EXCLUDE, gfp); 1574 } 1575 EXPORT_SYMBOL(__ip_mc_inc_group); 1576 1577 void ip_mc_inc_group(struct in_device *in_dev, __be32 addr) 1578 { 1579 __ip_mc_inc_group(in_dev, addr, GFP_KERNEL); 1580 } 1581 EXPORT_SYMBOL(ip_mc_inc_group); 1582 1583 static int ip_mc_check_iphdr(struct sk_buff *skb) 1584 { 1585 const struct iphdr *iph; 1586 unsigned int len; 1587 unsigned int offset = skb_network_offset(skb) + sizeof(*iph); 1588 1589 if (!pskb_may_pull(skb, offset)) 1590 return -EINVAL; 1591 1592 iph = ip_hdr(skb); 1593 1594 if (iph->version != 4 || ip_hdrlen(skb) < sizeof(*iph)) 1595 return -EINVAL; 1596 1597 offset += ip_hdrlen(skb) - sizeof(*iph); 1598 1599 if (!pskb_may_pull(skb, offset)) 1600 return -EINVAL; 1601 1602 iph = ip_hdr(skb); 1603 1604 if (unlikely(ip_fast_csum((u8 *)iph, iph->ihl))) 1605 return -EINVAL; 1606 1607 len = skb_network_offset(skb) + ntohs(iph->tot_len); 1608 if (skb->len < len || len < offset) 1609 return -EINVAL; 1610 1611 skb_set_transport_header(skb, offset); 1612 1613 return 0; 1614 } 1615 1616 static int ip_mc_check_igmp_reportv3(struct sk_buff *skb) 1617 { 1618 unsigned int len = skb_transport_offset(skb); 1619 1620 len += sizeof(struct igmpv3_report); 1621 1622 return ip_mc_may_pull(skb, len) ? 0 : -EINVAL; 1623 } 1624 1625 static int ip_mc_check_igmp_query(struct sk_buff *skb) 1626 { 1627 unsigned int transport_len = ip_transport_len(skb); 1628 unsigned int len; 1629 1630 /* IGMPv{1,2}? */ 1631 if (transport_len != sizeof(struct igmphdr)) { 1632 /* or IGMPv3? */ 1633 if (transport_len < sizeof(struct igmpv3_query)) 1634 return -EINVAL; 1635 1636 len = skb_transport_offset(skb) + sizeof(struct igmpv3_query); 1637 if (!ip_mc_may_pull(skb, len)) 1638 return -EINVAL; 1639 } 1640 1641 /* RFC2236+RFC3376 (IGMPv2+IGMPv3) require the multicast link layer 1642 * all-systems destination addresses (224.0.0.1) for general queries 1643 */ 1644 if (!igmp_hdr(skb)->group && 1645 ip_hdr(skb)->daddr != htonl(INADDR_ALLHOSTS_GROUP)) 1646 return -EINVAL; 1647 1648 return 0; 1649 } 1650 1651 static int ip_mc_check_igmp_msg(struct sk_buff *skb) 1652 { 1653 switch (igmp_hdr(skb)->type) { 1654 case IGMP_HOST_LEAVE_MESSAGE: 1655 case IGMP_HOST_MEMBERSHIP_REPORT: 1656 case IGMPV2_HOST_MEMBERSHIP_REPORT: 1657 return 0; 1658 case IGMPV3_HOST_MEMBERSHIP_REPORT: 1659 return ip_mc_check_igmp_reportv3(skb); 1660 case IGMP_HOST_MEMBERSHIP_QUERY: 1661 return ip_mc_check_igmp_query(skb); 1662 default: 1663 return -ENOMSG; 1664 } 1665 } 1666 1667 static __sum16 ip_mc_validate_checksum(struct sk_buff *skb) 1668 { 1669 return skb_checksum_simple_validate(skb); 1670 } 1671 1672 static int ip_mc_check_igmp_csum(struct sk_buff *skb) 1673 { 1674 unsigned int len = skb_transport_offset(skb) + sizeof(struct igmphdr); 1675 unsigned int transport_len = ip_transport_len(skb); 1676 struct sk_buff *skb_chk; 1677 1678 if (!ip_mc_may_pull(skb, len)) 1679 return -EINVAL; 1680 1681 skb_chk = skb_checksum_trimmed(skb, transport_len, 1682 ip_mc_validate_checksum); 1683 if (!skb_chk) 1684 return -EINVAL; 1685 1686 if (skb_chk != skb) 1687 kfree_skb(skb_chk); 1688 1689 return 0; 1690 } 1691 1692 /** 1693 * ip_mc_check_igmp - checks whether this is a sane IGMP packet 1694 * @skb: the skb to validate 1695 * 1696 * Checks whether an IPv4 packet is a valid IGMP packet. If so sets 1697 * skb transport header accordingly and returns zero. 1698 * 1699 * -EINVAL: A broken packet was detected, i.e. it violates some internet 1700 * standard 1701 * -ENOMSG: IP header validation succeeded but it is not an IGMP packet. 1702 * -ENOMEM: A memory allocation failure happened. 1703 * 1704 * Caller needs to set the skb network header and free any returned skb if it 1705 * differs from the provided skb. 1706 */ 1707 int ip_mc_check_igmp(struct sk_buff *skb) 1708 { 1709 int ret = ip_mc_check_iphdr(skb); 1710 1711 if (ret < 0) 1712 return ret; 1713 1714 if (ip_hdr(skb)->protocol != IPPROTO_IGMP) 1715 return -ENOMSG; 1716 1717 ret = ip_mc_check_igmp_csum(skb); 1718 if (ret < 0) 1719 return ret; 1720 1721 return ip_mc_check_igmp_msg(skb); 1722 } 1723 EXPORT_SYMBOL(ip_mc_check_igmp); 1724 1725 /* 1726 * Resend IGMP JOIN report; used by netdev notifier. 1727 */ 1728 static void ip_mc_rejoin_groups(struct in_device *in_dev) 1729 { 1730 #ifdef CONFIG_IP_MULTICAST 1731 struct ip_mc_list *im; 1732 int type; 1733 struct net *net = dev_net(in_dev->dev); 1734 1735 ASSERT_RTNL(); 1736 1737 for_each_pmc_rtnl(in_dev, im) { 1738 if (im->multiaddr == IGMP_ALL_HOSTS) 1739 continue; 1740 if (ipv4_is_local_multicast(im->multiaddr) && 1741 !READ_ONCE(net->ipv4.sysctl_igmp_llm_reports)) 1742 continue; 1743 1744 /* a failover is happening and switches 1745 * must be notified immediately 1746 */ 1747 if (IGMP_V1_SEEN(in_dev)) 1748 type = IGMP_HOST_MEMBERSHIP_REPORT; 1749 else if (IGMP_V2_SEEN(in_dev)) 1750 type = IGMPV2_HOST_MEMBERSHIP_REPORT; 1751 else 1752 type = IGMPV3_HOST_MEMBERSHIP_REPORT; 1753 igmp_send_report(in_dev, im, type); 1754 } 1755 #endif 1756 } 1757 1758 /* 1759 * A socket has left a multicast group on device dev 1760 */ 1761 1762 void __ip_mc_dec_group(struct in_device *in_dev, __be32 addr, gfp_t gfp) 1763 { 1764 struct ip_mc_list *i; 1765 struct ip_mc_list __rcu **ip; 1766 1767 ASSERT_RTNL(); 1768 1769 for (ip = &in_dev->mc_list; 1770 (i = rtnl_dereference(*ip)) != NULL; 1771 ip = &i->next_rcu) { 1772 if (i->multiaddr == addr) { 1773 if (--i->users == 0) { 1774 ip_mc_hash_remove(in_dev, i); 1775 *ip = i->next_rcu; 1776 in_dev->mc_count--; 1777 __igmp_group_dropped(i, gfp); 1778 inet_ifmcaddr_notify(in_dev->dev, i, 1779 RTM_DELMULTICAST); 1780 ip_mc_clear_src(i); 1781 1782 if (!in_dev->dead) 1783 ip_rt_multicast_event(in_dev); 1784 1785 ip_ma_put(i); 1786 return; 1787 } 1788 break; 1789 } 1790 } 1791 } 1792 EXPORT_SYMBOL(__ip_mc_dec_group); 1793 1794 /* Device changing type */ 1795 1796 void ip_mc_unmap(struct in_device *in_dev) 1797 { 1798 struct ip_mc_list *pmc; 1799 1800 ASSERT_RTNL(); 1801 1802 for_each_pmc_rtnl(in_dev, pmc) 1803 igmp_group_dropped(pmc); 1804 } 1805 1806 void ip_mc_remap(struct in_device *in_dev) 1807 { 1808 struct ip_mc_list *pmc; 1809 1810 ASSERT_RTNL(); 1811 1812 for_each_pmc_rtnl(in_dev, pmc) { 1813 #ifdef CONFIG_IP_MULTICAST 1814 igmpv3_del_delrec(in_dev, pmc); 1815 #endif 1816 igmp_group_added(pmc); 1817 } 1818 } 1819 1820 /* Device going down */ 1821 1822 void ip_mc_down(struct in_device *in_dev) 1823 { 1824 struct ip_mc_list *pmc; 1825 1826 ASSERT_RTNL(); 1827 1828 for_each_pmc_rtnl(in_dev, pmc) 1829 igmp_group_dropped(pmc); 1830 1831 #ifdef CONFIG_IP_MULTICAST 1832 WRITE_ONCE(in_dev->mr_ifc_count, 0); 1833 if (timer_delete(&in_dev->mr_ifc_timer)) 1834 __in_dev_put(in_dev); 1835 in_dev->mr_gq_running = 0; 1836 if (timer_delete(&in_dev->mr_gq_timer)) 1837 __in_dev_put(in_dev); 1838 #endif 1839 1840 ip_mc_dec_group(in_dev, IGMP_ALL_HOSTS); 1841 } 1842 1843 #ifdef CONFIG_IP_MULTICAST 1844 static void ip_mc_reset(struct in_device *in_dev) 1845 { 1846 struct net *net = dev_net(in_dev->dev); 1847 1848 in_dev->mr_qi = IGMP_QUERY_INTERVAL; 1849 in_dev->mr_qri = IGMP_QUERY_RESPONSE_INTERVAL; 1850 in_dev->mr_qrv = READ_ONCE(net->ipv4.sysctl_igmp_qrv); 1851 } 1852 #else 1853 static void ip_mc_reset(struct in_device *in_dev) 1854 { 1855 } 1856 #endif 1857 1858 void ip_mc_init_dev(struct in_device *in_dev) 1859 { 1860 ASSERT_RTNL(); 1861 1862 #ifdef CONFIG_IP_MULTICAST 1863 timer_setup(&in_dev->mr_gq_timer, igmp_gq_timer_expire, 0); 1864 timer_setup(&in_dev->mr_ifc_timer, igmp_ifc_timer_expire, 0); 1865 #endif 1866 ip_mc_reset(in_dev); 1867 1868 spin_lock_init(&in_dev->mc_tomb_lock); 1869 } 1870 1871 /* Device going up */ 1872 1873 void ip_mc_up(struct in_device *in_dev) 1874 { 1875 struct ip_mc_list *pmc; 1876 1877 ASSERT_RTNL(); 1878 1879 ip_mc_reset(in_dev); 1880 ip_mc_inc_group(in_dev, IGMP_ALL_HOSTS); 1881 1882 for_each_pmc_rtnl(in_dev, pmc) { 1883 #ifdef CONFIG_IP_MULTICAST 1884 igmpv3_del_delrec(in_dev, pmc); 1885 #endif 1886 igmp_group_added(pmc); 1887 } 1888 } 1889 1890 /* 1891 * Device is about to be destroyed: clean up. 1892 */ 1893 1894 void ip_mc_destroy_dev(struct in_device *in_dev) 1895 { 1896 struct ip_mc_list *i; 1897 1898 ASSERT_RTNL(); 1899 1900 /* Deactivate timers */ 1901 ip_mc_down(in_dev); 1902 #ifdef CONFIG_IP_MULTICAST 1903 igmpv3_clear_delrec(in_dev); 1904 #endif 1905 1906 while ((i = rtnl_dereference(in_dev->mc_list)) != NULL) { 1907 in_dev->mc_list = i->next_rcu; 1908 in_dev->mc_count--; 1909 ip_mc_clear_src(i); 1910 ip_ma_put(i); 1911 } 1912 } 1913 1914 /* RTNL is locked */ 1915 static struct in_device *ip_mc_find_dev(struct net *net, struct ip_mreqn *imr) 1916 { 1917 struct net_device *dev = NULL; 1918 struct in_device *idev = NULL; 1919 1920 if (imr->imr_ifindex) { 1921 idev = inetdev_by_index(net, imr->imr_ifindex); 1922 return idev; 1923 } 1924 if (imr->imr_address.s_addr) { 1925 dev = __ip_dev_find(net, imr->imr_address.s_addr, false); 1926 if (!dev) 1927 return NULL; 1928 } 1929 1930 if (!dev) { 1931 struct rtable *rt = ip_route_output(net, 1932 imr->imr_multiaddr.s_addr, 1933 0, 0, 0, 1934 RT_SCOPE_UNIVERSE); 1935 if (!IS_ERR(rt)) { 1936 dev = rt->dst.dev; 1937 ip_rt_put(rt); 1938 } 1939 } 1940 if (dev) { 1941 imr->imr_ifindex = dev->ifindex; 1942 idev = __in_dev_get_rtnl(dev); 1943 } 1944 return idev; 1945 } 1946 1947 /* 1948 * Join a socket to a group 1949 */ 1950 1951 static int ip_mc_del1_src(struct ip_mc_list *pmc, int sfmode, 1952 __be32 *psfsrc) 1953 { 1954 struct ip_sf_list *psf, *psf_prev; 1955 int rv = 0; 1956 1957 psf_prev = NULL; 1958 for (psf = pmc->sources; psf; psf = psf->sf_next) { 1959 if (psf->sf_inaddr == *psfsrc) 1960 break; 1961 psf_prev = psf; 1962 } 1963 if (!psf || psf->sf_count[sfmode] == 0) { 1964 /* source filter not found, or count wrong => bug */ 1965 return -ESRCH; 1966 } 1967 psf->sf_count[sfmode]--; 1968 if (psf->sf_count[sfmode] == 0) { 1969 ip_rt_multicast_event(pmc->interface); 1970 } 1971 if (!psf->sf_count[MCAST_INCLUDE] && !psf->sf_count[MCAST_EXCLUDE]) { 1972 #ifdef CONFIG_IP_MULTICAST 1973 struct in_device *in_dev = pmc->interface; 1974 struct net *net = dev_net(in_dev->dev); 1975 #endif 1976 1977 /* no more filters for this source */ 1978 if (psf_prev) 1979 psf_prev->sf_next = psf->sf_next; 1980 else 1981 pmc->sources = psf->sf_next; 1982 #ifdef CONFIG_IP_MULTICAST 1983 if (psf->sf_oldin && 1984 !IGMP_V1_SEEN(in_dev) && !IGMP_V2_SEEN(in_dev)) { 1985 psf->sf_crcount = in_dev->mr_qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv); 1986 psf->sf_next = pmc->tomb; 1987 pmc->tomb = psf; 1988 rv = 1; 1989 } else 1990 #endif 1991 kfree(psf); 1992 } 1993 return rv; 1994 } 1995 1996 #ifndef CONFIG_IP_MULTICAST 1997 #define igmp_ifc_event(x) do { } while (0) 1998 #endif 1999 2000 static int ip_mc_del_src(struct in_device *in_dev, __be32 *pmca, int sfmode, 2001 int sfcount, __be32 *psfsrc, int delta) 2002 { 2003 struct ip_mc_list *pmc; 2004 int changerec = 0; 2005 int i, err; 2006 2007 if (!in_dev) 2008 return -ENODEV; 2009 rcu_read_lock(); 2010 for_each_pmc_rcu(in_dev, pmc) { 2011 if (*pmca == pmc->multiaddr) 2012 break; 2013 } 2014 if (!pmc) { 2015 /* MCA not found?? bug */ 2016 rcu_read_unlock(); 2017 return -ESRCH; 2018 } 2019 spin_lock_bh(&pmc->lock); 2020 rcu_read_unlock(); 2021 #ifdef CONFIG_IP_MULTICAST 2022 sf_markstate(pmc); 2023 #endif 2024 if (!delta) { 2025 err = -EINVAL; 2026 if (!pmc->sfcount[sfmode]) 2027 goto out_unlock; 2028 pmc->sfcount[sfmode]--; 2029 } 2030 err = 0; 2031 for (i = 0; i < sfcount; i++) { 2032 int rv = ip_mc_del1_src(pmc, sfmode, &psfsrc[i]); 2033 2034 changerec |= rv > 0; 2035 if (!err && rv < 0) 2036 err = rv; 2037 } 2038 if (pmc->sfmode == MCAST_EXCLUDE && 2039 pmc->sfcount[MCAST_EXCLUDE] == 0 && 2040 pmc->sfcount[MCAST_INCLUDE]) { 2041 #ifdef CONFIG_IP_MULTICAST 2042 struct ip_sf_list *psf; 2043 struct net *net = dev_net(in_dev->dev); 2044 #endif 2045 2046 /* filter mode change */ 2047 pmc->sfmode = MCAST_INCLUDE; 2048 #ifdef CONFIG_IP_MULTICAST 2049 pmc->crcount = in_dev->mr_qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv); 2050 WRITE_ONCE(in_dev->mr_ifc_count, pmc->crcount); 2051 for (psf = pmc->sources; psf; psf = psf->sf_next) 2052 psf->sf_crcount = 0; 2053 igmp_ifc_event(pmc->interface); 2054 } else if (sf_setstate(pmc) || changerec) { 2055 igmp_ifc_event(pmc->interface); 2056 #endif 2057 } 2058 out_unlock: 2059 spin_unlock_bh(&pmc->lock); 2060 return err; 2061 } 2062 2063 /* 2064 * Add multicast single-source filter to the interface list 2065 */ 2066 static int ip_mc_add1_src(struct ip_mc_list *pmc, int sfmode, 2067 __be32 *psfsrc) 2068 { 2069 struct ip_sf_list *psf, *psf_prev; 2070 2071 psf_prev = NULL; 2072 for (psf = pmc->sources; psf; psf = psf->sf_next) { 2073 if (psf->sf_inaddr == *psfsrc) 2074 break; 2075 psf_prev = psf; 2076 } 2077 if (!psf) { 2078 psf = kzalloc(sizeof(*psf), GFP_ATOMIC); 2079 if (!psf) 2080 return -ENOBUFS; 2081 psf->sf_inaddr = *psfsrc; 2082 if (psf_prev) { 2083 psf_prev->sf_next = psf; 2084 } else 2085 pmc->sources = psf; 2086 } 2087 psf->sf_count[sfmode]++; 2088 if (psf->sf_count[sfmode] == 1) { 2089 ip_rt_multicast_event(pmc->interface); 2090 } 2091 return 0; 2092 } 2093 2094 #ifdef CONFIG_IP_MULTICAST 2095 static void sf_markstate(struct ip_mc_list *pmc) 2096 { 2097 struct ip_sf_list *psf; 2098 int mca_xcount = pmc->sfcount[MCAST_EXCLUDE]; 2099 2100 for (psf = pmc->sources; psf; psf = psf->sf_next) 2101 if (pmc->sfcount[MCAST_EXCLUDE]) { 2102 psf->sf_oldin = mca_xcount == 2103 psf->sf_count[MCAST_EXCLUDE] && 2104 !psf->sf_count[MCAST_INCLUDE]; 2105 } else 2106 psf->sf_oldin = psf->sf_count[MCAST_INCLUDE] != 0; 2107 } 2108 2109 static int sf_setstate(struct ip_mc_list *pmc) 2110 { 2111 struct ip_sf_list *psf, *dpsf; 2112 int mca_xcount = pmc->sfcount[MCAST_EXCLUDE]; 2113 int qrv = pmc->interface->mr_qrv; 2114 int new_in, rv; 2115 2116 rv = 0; 2117 for (psf = pmc->sources; psf; psf = psf->sf_next) { 2118 if (pmc->sfcount[MCAST_EXCLUDE]) { 2119 new_in = mca_xcount == psf->sf_count[MCAST_EXCLUDE] && 2120 !psf->sf_count[MCAST_INCLUDE]; 2121 } else 2122 new_in = psf->sf_count[MCAST_INCLUDE] != 0; 2123 if (new_in) { 2124 if (!psf->sf_oldin) { 2125 struct ip_sf_list *prev = NULL; 2126 2127 for (dpsf = pmc->tomb; dpsf; dpsf = dpsf->sf_next) { 2128 if (dpsf->sf_inaddr == psf->sf_inaddr) 2129 break; 2130 prev = dpsf; 2131 } 2132 if (dpsf) { 2133 if (prev) 2134 prev->sf_next = dpsf->sf_next; 2135 else 2136 pmc->tomb = dpsf->sf_next; 2137 kfree(dpsf); 2138 } 2139 psf->sf_crcount = qrv; 2140 rv++; 2141 } 2142 } else if (psf->sf_oldin) { 2143 2144 psf->sf_crcount = 0; 2145 /* 2146 * add or update "delete" records if an active filter 2147 * is now inactive 2148 */ 2149 for (dpsf = pmc->tomb; dpsf; dpsf = dpsf->sf_next) 2150 if (dpsf->sf_inaddr == psf->sf_inaddr) 2151 break; 2152 if (!dpsf) { 2153 dpsf = kmalloc(sizeof(*dpsf), GFP_ATOMIC); 2154 if (!dpsf) 2155 continue; 2156 *dpsf = *psf; 2157 /* pmc->lock held by callers */ 2158 dpsf->sf_next = pmc->tomb; 2159 pmc->tomb = dpsf; 2160 } 2161 dpsf->sf_crcount = qrv; 2162 rv++; 2163 } 2164 } 2165 return rv; 2166 } 2167 #endif 2168 2169 /* 2170 * Add multicast source filter list to the interface list 2171 */ 2172 static int ip_mc_add_src(struct in_device *in_dev, __be32 *pmca, int sfmode, 2173 int sfcount, __be32 *psfsrc, int delta) 2174 { 2175 struct ip_mc_list *pmc; 2176 int isexclude; 2177 int i, err; 2178 2179 if (!in_dev) 2180 return -ENODEV; 2181 rcu_read_lock(); 2182 for_each_pmc_rcu(in_dev, pmc) { 2183 if (*pmca == pmc->multiaddr) 2184 break; 2185 } 2186 if (!pmc) { 2187 /* MCA not found?? bug */ 2188 rcu_read_unlock(); 2189 return -ESRCH; 2190 } 2191 spin_lock_bh(&pmc->lock); 2192 rcu_read_unlock(); 2193 2194 #ifdef CONFIG_IP_MULTICAST 2195 sf_markstate(pmc); 2196 #endif 2197 isexclude = pmc->sfmode == MCAST_EXCLUDE; 2198 if (!delta) 2199 pmc->sfcount[sfmode]++; 2200 err = 0; 2201 for (i = 0; i < sfcount; i++) { 2202 err = ip_mc_add1_src(pmc, sfmode, &psfsrc[i]); 2203 if (err) 2204 break; 2205 } 2206 if (err) { 2207 int j; 2208 2209 if (!delta) 2210 pmc->sfcount[sfmode]--; 2211 for (j = 0; j < i; j++) 2212 (void) ip_mc_del1_src(pmc, sfmode, &psfsrc[j]); 2213 } else if (isexclude != (pmc->sfcount[MCAST_EXCLUDE] != 0)) { 2214 #ifdef CONFIG_IP_MULTICAST 2215 struct ip_sf_list *psf; 2216 struct net *net = dev_net(pmc->interface->dev); 2217 in_dev = pmc->interface; 2218 #endif 2219 2220 /* filter mode change */ 2221 if (pmc->sfcount[MCAST_EXCLUDE]) 2222 pmc->sfmode = MCAST_EXCLUDE; 2223 else if (pmc->sfcount[MCAST_INCLUDE]) 2224 pmc->sfmode = MCAST_INCLUDE; 2225 #ifdef CONFIG_IP_MULTICAST 2226 /* else no filters; keep old mode for reports */ 2227 2228 pmc->crcount = in_dev->mr_qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv); 2229 WRITE_ONCE(in_dev->mr_ifc_count, pmc->crcount); 2230 for (psf = pmc->sources; psf; psf = psf->sf_next) 2231 psf->sf_crcount = 0; 2232 igmp_ifc_event(in_dev); 2233 } else if (sf_setstate(pmc)) { 2234 igmp_ifc_event(in_dev); 2235 #endif 2236 } 2237 spin_unlock_bh(&pmc->lock); 2238 return err; 2239 } 2240 2241 static void ip_mc_clear_src(struct ip_mc_list *pmc) 2242 { 2243 struct ip_sf_list *tomb, *sources; 2244 2245 spin_lock_bh(&pmc->lock); 2246 tomb = pmc->tomb; 2247 pmc->tomb = NULL; 2248 sources = pmc->sources; 2249 pmc->sources = NULL; 2250 pmc->sfmode = MCAST_EXCLUDE; 2251 pmc->sfcount[MCAST_INCLUDE] = 0; 2252 pmc->sfcount[MCAST_EXCLUDE] = 1; 2253 spin_unlock_bh(&pmc->lock); 2254 2255 ip_sf_list_clear_all(tomb); 2256 ip_sf_list_clear_all(sources); 2257 } 2258 2259 /* Join a multicast group 2260 */ 2261 static int __ip_mc_join_group(struct sock *sk, struct ip_mreqn *imr, 2262 unsigned int mode) 2263 { 2264 __be32 addr = imr->imr_multiaddr.s_addr; 2265 struct ip_mc_socklist *iml, *i; 2266 struct in_device *in_dev; 2267 struct inet_sock *inet = inet_sk(sk); 2268 struct net *net = sock_net(sk); 2269 int ifindex; 2270 int count = 0; 2271 int err; 2272 2273 ASSERT_RTNL(); 2274 2275 if (!ipv4_is_multicast(addr)) 2276 return -EINVAL; 2277 2278 in_dev = ip_mc_find_dev(net, imr); 2279 2280 if (!in_dev) { 2281 err = -ENODEV; 2282 goto done; 2283 } 2284 2285 err = -EADDRINUSE; 2286 ifindex = imr->imr_ifindex; 2287 for_each_pmc_rtnl(inet, i) { 2288 if (i->multi.imr_multiaddr.s_addr == addr && 2289 i->multi.imr_ifindex == ifindex) 2290 goto done; 2291 count++; 2292 } 2293 err = -ENOBUFS; 2294 if (count >= READ_ONCE(net->ipv4.sysctl_igmp_max_memberships)) 2295 goto done; 2296 iml = sock_kmalloc(sk, sizeof(*iml), GFP_KERNEL); 2297 if (!iml) 2298 goto done; 2299 2300 memcpy(&iml->multi, imr, sizeof(*imr)); 2301 iml->next_rcu = inet->mc_list; 2302 iml->sflist = NULL; 2303 iml->sfmode = mode; 2304 rcu_assign_pointer(inet->mc_list, iml); 2305 ____ip_mc_inc_group(in_dev, addr, mode, GFP_KERNEL); 2306 err = 0; 2307 done: 2308 return err; 2309 } 2310 2311 /* Join ASM (Any-Source Multicast) group 2312 */ 2313 int ip_mc_join_group(struct sock *sk, struct ip_mreqn *imr) 2314 { 2315 return __ip_mc_join_group(sk, imr, MCAST_EXCLUDE); 2316 } 2317 EXPORT_SYMBOL(ip_mc_join_group); 2318 2319 /* Join SSM (Source-Specific Multicast) group 2320 */ 2321 int ip_mc_join_group_ssm(struct sock *sk, struct ip_mreqn *imr, 2322 unsigned int mode) 2323 { 2324 return __ip_mc_join_group(sk, imr, mode); 2325 } 2326 2327 static int ip_mc_leave_src(struct sock *sk, struct ip_mc_socklist *iml, 2328 struct in_device *in_dev) 2329 { 2330 struct ip_sf_socklist *psf = rtnl_dereference(iml->sflist); 2331 int err; 2332 2333 if (!psf) { 2334 /* any-source empty exclude case */ 2335 return ip_mc_del_src(in_dev, &iml->multi.imr_multiaddr.s_addr, 2336 iml->sfmode, 0, NULL, 0); 2337 } 2338 err = ip_mc_del_src(in_dev, &iml->multi.imr_multiaddr.s_addr, 2339 iml->sfmode, psf->sl_count, psf->sl_addr, 0); 2340 RCU_INIT_POINTER(iml->sflist, NULL); 2341 /* decrease mem now to avoid the memleak warning */ 2342 atomic_sub(struct_size(psf, sl_addr, psf->sl_max), &sk->sk_omem_alloc); 2343 kfree_rcu(psf, rcu); 2344 return err; 2345 } 2346 2347 int ip_mc_leave_group(struct sock *sk, struct ip_mreqn *imr) 2348 { 2349 struct inet_sock *inet = inet_sk(sk); 2350 struct ip_mc_socklist *iml; 2351 struct ip_mc_socklist __rcu **imlp; 2352 struct in_device *in_dev; 2353 struct net *net = sock_net(sk); 2354 __be32 group = imr->imr_multiaddr.s_addr; 2355 u32 ifindex; 2356 int ret = -EADDRNOTAVAIL; 2357 2358 ASSERT_RTNL(); 2359 2360 in_dev = ip_mc_find_dev(net, imr); 2361 if (!imr->imr_ifindex && !imr->imr_address.s_addr && !in_dev) { 2362 ret = -ENODEV; 2363 goto out; 2364 } 2365 ifindex = imr->imr_ifindex; 2366 for (imlp = &inet->mc_list; 2367 (iml = rtnl_dereference(*imlp)) != NULL; 2368 imlp = &iml->next_rcu) { 2369 if (iml->multi.imr_multiaddr.s_addr != group) 2370 continue; 2371 if (ifindex) { 2372 if (iml->multi.imr_ifindex != ifindex) 2373 continue; 2374 } else if (imr->imr_address.s_addr && imr->imr_address.s_addr != 2375 iml->multi.imr_address.s_addr) 2376 continue; 2377 2378 (void) ip_mc_leave_src(sk, iml, in_dev); 2379 2380 *imlp = iml->next_rcu; 2381 2382 if (in_dev) 2383 ip_mc_dec_group(in_dev, group); 2384 2385 /* decrease mem now to avoid the memleak warning */ 2386 atomic_sub(sizeof(*iml), &sk->sk_omem_alloc); 2387 kfree_rcu(iml, rcu); 2388 return 0; 2389 } 2390 out: 2391 return ret; 2392 } 2393 EXPORT_SYMBOL(ip_mc_leave_group); 2394 2395 int ip_mc_source(int add, int omode, struct sock *sk, struct 2396 ip_mreq_source *mreqs, int ifindex) 2397 { 2398 int err; 2399 struct ip_mreqn imr; 2400 __be32 addr = mreqs->imr_multiaddr; 2401 struct ip_mc_socklist *pmc; 2402 struct in_device *in_dev = NULL; 2403 struct inet_sock *inet = inet_sk(sk); 2404 struct ip_sf_socklist *psl; 2405 struct net *net = sock_net(sk); 2406 int leavegroup = 0; 2407 int i, j, rv; 2408 2409 if (!ipv4_is_multicast(addr)) 2410 return -EINVAL; 2411 2412 ASSERT_RTNL(); 2413 2414 imr.imr_multiaddr.s_addr = mreqs->imr_multiaddr; 2415 imr.imr_address.s_addr = mreqs->imr_interface; 2416 imr.imr_ifindex = ifindex; 2417 in_dev = ip_mc_find_dev(net, &imr); 2418 2419 if (!in_dev) { 2420 err = -ENODEV; 2421 goto done; 2422 } 2423 err = -EADDRNOTAVAIL; 2424 2425 for_each_pmc_rtnl(inet, pmc) { 2426 if ((pmc->multi.imr_multiaddr.s_addr == 2427 imr.imr_multiaddr.s_addr) && 2428 (pmc->multi.imr_ifindex == imr.imr_ifindex)) 2429 break; 2430 } 2431 if (!pmc) { /* must have a prior join */ 2432 err = -EINVAL; 2433 goto done; 2434 } 2435 /* if a source filter was set, must be the same mode as before */ 2436 if (pmc->sflist) { 2437 if (pmc->sfmode != omode) { 2438 err = -EINVAL; 2439 goto done; 2440 } 2441 } else if (pmc->sfmode != omode) { 2442 /* allow mode switches for empty-set filters */ 2443 ip_mc_add_src(in_dev, &mreqs->imr_multiaddr, omode, 0, NULL, 0); 2444 ip_mc_del_src(in_dev, &mreqs->imr_multiaddr, pmc->sfmode, 0, 2445 NULL, 0); 2446 pmc->sfmode = omode; 2447 } 2448 2449 psl = rtnl_dereference(pmc->sflist); 2450 if (!add) { 2451 if (!psl) 2452 goto done; /* err = -EADDRNOTAVAIL */ 2453 rv = !0; 2454 for (i = 0; i < psl->sl_count; i++) { 2455 rv = memcmp(&psl->sl_addr[i], &mreqs->imr_sourceaddr, 2456 sizeof(__be32)); 2457 if (rv == 0) 2458 break; 2459 } 2460 if (rv) /* source not found */ 2461 goto done; /* err = -EADDRNOTAVAIL */ 2462 2463 /* special case - (INCLUDE, empty) == LEAVE_GROUP */ 2464 if (psl->sl_count == 1 && omode == MCAST_INCLUDE) { 2465 leavegroup = 1; 2466 goto done; 2467 } 2468 2469 /* update the interface filter */ 2470 ip_mc_del_src(in_dev, &mreqs->imr_multiaddr, omode, 1, 2471 &mreqs->imr_sourceaddr, 1); 2472 2473 for (j = i+1; j < psl->sl_count; j++) 2474 psl->sl_addr[j-1] = psl->sl_addr[j]; 2475 psl->sl_count--; 2476 err = 0; 2477 goto done; 2478 } 2479 /* else, add a new source to the filter */ 2480 2481 if (psl && psl->sl_count >= READ_ONCE(net->ipv4.sysctl_igmp_max_msf)) { 2482 err = -ENOBUFS; 2483 goto done; 2484 } 2485 if (!psl || psl->sl_count == psl->sl_max) { 2486 struct ip_sf_socklist *newpsl; 2487 int count = IP_SFBLOCK; 2488 2489 if (psl) 2490 count += psl->sl_max; 2491 newpsl = sock_kmalloc(sk, struct_size(newpsl, sl_addr, count), 2492 GFP_KERNEL); 2493 if (!newpsl) { 2494 err = -ENOBUFS; 2495 goto done; 2496 } 2497 newpsl->sl_max = count; 2498 newpsl->sl_count = count - IP_SFBLOCK; 2499 if (psl) { 2500 for (i = 0; i < psl->sl_count; i++) 2501 newpsl->sl_addr[i] = psl->sl_addr[i]; 2502 /* decrease mem now to avoid the memleak warning */ 2503 atomic_sub(struct_size(psl, sl_addr, psl->sl_max), 2504 &sk->sk_omem_alloc); 2505 } 2506 rcu_assign_pointer(pmc->sflist, newpsl); 2507 if (psl) 2508 kfree_rcu(psl, rcu); 2509 psl = newpsl; 2510 } 2511 rv = 1; /* > 0 for insert logic below if sl_count is 0 */ 2512 for (i = 0; i < psl->sl_count; i++) { 2513 rv = memcmp(&psl->sl_addr[i], &mreqs->imr_sourceaddr, 2514 sizeof(__be32)); 2515 if (rv == 0) 2516 break; 2517 } 2518 if (rv == 0) /* address already there is an error */ 2519 goto done; 2520 for (j = psl->sl_count-1; j >= i; j--) 2521 psl->sl_addr[j+1] = psl->sl_addr[j]; 2522 psl->sl_addr[i] = mreqs->imr_sourceaddr; 2523 psl->sl_count++; 2524 err = 0; 2525 /* update the interface list */ 2526 ip_mc_add_src(in_dev, &mreqs->imr_multiaddr, omode, 1, 2527 &mreqs->imr_sourceaddr, 1); 2528 done: 2529 if (leavegroup) 2530 err = ip_mc_leave_group(sk, &imr); 2531 return err; 2532 } 2533 2534 int ip_mc_msfilter(struct sock *sk, struct ip_msfilter *msf, int ifindex) 2535 { 2536 int err = 0; 2537 struct ip_mreqn imr; 2538 __be32 addr = msf->imsf_multiaddr; 2539 struct ip_mc_socklist *pmc; 2540 struct in_device *in_dev; 2541 struct inet_sock *inet = inet_sk(sk); 2542 struct ip_sf_socklist *newpsl, *psl; 2543 struct net *net = sock_net(sk); 2544 int leavegroup = 0; 2545 2546 if (!ipv4_is_multicast(addr)) 2547 return -EINVAL; 2548 if (msf->imsf_fmode != MCAST_INCLUDE && 2549 msf->imsf_fmode != MCAST_EXCLUDE) 2550 return -EINVAL; 2551 2552 ASSERT_RTNL(); 2553 2554 imr.imr_multiaddr.s_addr = msf->imsf_multiaddr; 2555 imr.imr_address.s_addr = msf->imsf_interface; 2556 imr.imr_ifindex = ifindex; 2557 in_dev = ip_mc_find_dev(net, &imr); 2558 2559 if (!in_dev) { 2560 err = -ENODEV; 2561 goto done; 2562 } 2563 2564 /* special case - (INCLUDE, empty) == LEAVE_GROUP */ 2565 if (msf->imsf_fmode == MCAST_INCLUDE && msf->imsf_numsrc == 0) { 2566 leavegroup = 1; 2567 goto done; 2568 } 2569 2570 for_each_pmc_rtnl(inet, pmc) { 2571 if (pmc->multi.imr_multiaddr.s_addr == msf->imsf_multiaddr && 2572 pmc->multi.imr_ifindex == imr.imr_ifindex) 2573 break; 2574 } 2575 if (!pmc) { /* must have a prior join */ 2576 err = -EINVAL; 2577 goto done; 2578 } 2579 if (msf->imsf_numsrc) { 2580 newpsl = sock_kmalloc(sk, struct_size(newpsl, sl_addr, 2581 msf->imsf_numsrc), 2582 GFP_KERNEL); 2583 if (!newpsl) { 2584 err = -ENOBUFS; 2585 goto done; 2586 } 2587 newpsl->sl_max = newpsl->sl_count = msf->imsf_numsrc; 2588 memcpy(newpsl->sl_addr, msf->imsf_slist_flex, 2589 flex_array_size(msf, imsf_slist_flex, msf->imsf_numsrc)); 2590 err = ip_mc_add_src(in_dev, &msf->imsf_multiaddr, 2591 msf->imsf_fmode, newpsl->sl_count, newpsl->sl_addr, 0); 2592 if (err) { 2593 sock_kfree_s(sk, newpsl, 2594 struct_size(newpsl, sl_addr, 2595 newpsl->sl_max)); 2596 goto done; 2597 } 2598 } else { 2599 newpsl = NULL; 2600 (void) ip_mc_add_src(in_dev, &msf->imsf_multiaddr, 2601 msf->imsf_fmode, 0, NULL, 0); 2602 } 2603 psl = rtnl_dereference(pmc->sflist); 2604 if (psl) { 2605 (void) ip_mc_del_src(in_dev, &msf->imsf_multiaddr, pmc->sfmode, 2606 psl->sl_count, psl->sl_addr, 0); 2607 /* decrease mem now to avoid the memleak warning */ 2608 atomic_sub(struct_size(psl, sl_addr, psl->sl_max), 2609 &sk->sk_omem_alloc); 2610 } else { 2611 (void) ip_mc_del_src(in_dev, &msf->imsf_multiaddr, pmc->sfmode, 2612 0, NULL, 0); 2613 } 2614 rcu_assign_pointer(pmc->sflist, newpsl); 2615 if (psl) 2616 kfree_rcu(psl, rcu); 2617 pmc->sfmode = msf->imsf_fmode; 2618 err = 0; 2619 done: 2620 if (leavegroup) 2621 err = ip_mc_leave_group(sk, &imr); 2622 return err; 2623 } 2624 int ip_mc_msfget(struct sock *sk, struct ip_msfilter *msf, 2625 sockptr_t optval, sockptr_t optlen) 2626 { 2627 int err, len, count, copycount, msf_size; 2628 struct ip_mreqn imr; 2629 __be32 addr = msf->imsf_multiaddr; 2630 struct ip_mc_socklist *pmc; 2631 struct in_device *in_dev; 2632 struct inet_sock *inet = inet_sk(sk); 2633 struct ip_sf_socklist *psl; 2634 struct net *net = sock_net(sk); 2635 2636 ASSERT_RTNL(); 2637 2638 if (!ipv4_is_multicast(addr)) 2639 return -EINVAL; 2640 2641 imr.imr_multiaddr.s_addr = msf->imsf_multiaddr; 2642 imr.imr_address.s_addr = msf->imsf_interface; 2643 imr.imr_ifindex = 0; 2644 in_dev = ip_mc_find_dev(net, &imr); 2645 2646 if (!in_dev) { 2647 err = -ENODEV; 2648 goto done; 2649 } 2650 err = -EADDRNOTAVAIL; 2651 2652 for_each_pmc_rtnl(inet, pmc) { 2653 if (pmc->multi.imr_multiaddr.s_addr == msf->imsf_multiaddr && 2654 pmc->multi.imr_ifindex == imr.imr_ifindex) 2655 break; 2656 } 2657 if (!pmc) /* must have a prior join */ 2658 goto done; 2659 msf->imsf_fmode = pmc->sfmode; 2660 psl = rtnl_dereference(pmc->sflist); 2661 if (!psl) { 2662 count = 0; 2663 } else { 2664 count = psl->sl_count; 2665 } 2666 copycount = count < msf->imsf_numsrc ? count : msf->imsf_numsrc; 2667 len = flex_array_size(psl, sl_addr, copycount); 2668 msf->imsf_numsrc = count; 2669 msf_size = IP_MSFILTER_SIZE(copycount); 2670 if (copy_to_sockptr(optlen, &msf_size, sizeof(int)) || 2671 copy_to_sockptr(optval, msf, IP_MSFILTER_SIZE(0))) { 2672 return -EFAULT; 2673 } 2674 if (len && 2675 copy_to_sockptr_offset(optval, 2676 offsetof(struct ip_msfilter, imsf_slist_flex), 2677 psl->sl_addr, len)) 2678 return -EFAULT; 2679 return 0; 2680 done: 2681 return err; 2682 } 2683 2684 int ip_mc_gsfget(struct sock *sk, struct group_filter *gsf, 2685 sockptr_t optval, size_t ss_offset) 2686 { 2687 int i, count, copycount; 2688 struct sockaddr_in *psin; 2689 __be32 addr; 2690 struct ip_mc_socklist *pmc; 2691 struct inet_sock *inet = inet_sk(sk); 2692 struct ip_sf_socklist *psl; 2693 2694 ASSERT_RTNL(); 2695 2696 psin = (struct sockaddr_in *)&gsf->gf_group; 2697 if (psin->sin_family != AF_INET) 2698 return -EINVAL; 2699 addr = psin->sin_addr.s_addr; 2700 if (!ipv4_is_multicast(addr)) 2701 return -EINVAL; 2702 2703 for_each_pmc_rtnl(inet, pmc) { 2704 if (pmc->multi.imr_multiaddr.s_addr == addr && 2705 pmc->multi.imr_ifindex == gsf->gf_interface) 2706 break; 2707 } 2708 if (!pmc) /* must have a prior join */ 2709 return -EADDRNOTAVAIL; 2710 gsf->gf_fmode = pmc->sfmode; 2711 psl = rtnl_dereference(pmc->sflist); 2712 count = psl ? psl->sl_count : 0; 2713 copycount = count < gsf->gf_numsrc ? count : gsf->gf_numsrc; 2714 gsf->gf_numsrc = count; 2715 for (i = 0; i < copycount; i++) { 2716 struct sockaddr_storage ss; 2717 2718 psin = (struct sockaddr_in *)&ss; 2719 memset(&ss, 0, sizeof(ss)); 2720 psin->sin_family = AF_INET; 2721 psin->sin_addr.s_addr = psl->sl_addr[i]; 2722 if (copy_to_sockptr_offset(optval, ss_offset, 2723 &ss, sizeof(ss))) 2724 return -EFAULT; 2725 ss_offset += sizeof(ss); 2726 } 2727 return 0; 2728 } 2729 2730 /* 2731 * check if a multicast source filter allows delivery for a given <src,dst,intf> 2732 */ 2733 int ip_mc_sf_allow(const struct sock *sk, __be32 loc_addr, __be32 rmt_addr, 2734 int dif, int sdif) 2735 { 2736 const struct inet_sock *inet = inet_sk(sk); 2737 struct ip_mc_socklist *pmc; 2738 struct ip_sf_socklist *psl; 2739 int i; 2740 int ret; 2741 2742 ret = 1; 2743 if (!ipv4_is_multicast(loc_addr)) 2744 goto out; 2745 2746 rcu_read_lock(); 2747 for_each_pmc_rcu(inet, pmc) { 2748 if (pmc->multi.imr_multiaddr.s_addr == loc_addr && 2749 (pmc->multi.imr_ifindex == dif || 2750 (sdif && pmc->multi.imr_ifindex == sdif))) 2751 break; 2752 } 2753 ret = inet_test_bit(MC_ALL, sk); 2754 if (!pmc) 2755 goto unlock; 2756 psl = rcu_dereference(pmc->sflist); 2757 ret = (pmc->sfmode == MCAST_EXCLUDE); 2758 if (!psl) 2759 goto unlock; 2760 2761 for (i = 0; i < psl->sl_count; i++) { 2762 if (psl->sl_addr[i] == rmt_addr) 2763 break; 2764 } 2765 ret = 0; 2766 if (pmc->sfmode == MCAST_INCLUDE && i >= psl->sl_count) 2767 goto unlock; 2768 if (pmc->sfmode == MCAST_EXCLUDE && i < psl->sl_count) 2769 goto unlock; 2770 ret = 1; 2771 unlock: 2772 rcu_read_unlock(); 2773 out: 2774 return ret; 2775 } 2776 2777 /* 2778 * A socket is closing. 2779 */ 2780 2781 void ip_mc_drop_socket(struct sock *sk) 2782 { 2783 struct inet_sock *inet = inet_sk(sk); 2784 struct ip_mc_socklist *iml; 2785 struct net *net = sock_net(sk); 2786 2787 if (!inet->mc_list) 2788 return; 2789 2790 rtnl_lock(); 2791 while ((iml = rtnl_dereference(inet->mc_list)) != NULL) { 2792 struct in_device *in_dev; 2793 2794 inet->mc_list = iml->next_rcu; 2795 in_dev = inetdev_by_index(net, iml->multi.imr_ifindex); 2796 (void) ip_mc_leave_src(sk, iml, in_dev); 2797 if (in_dev) 2798 ip_mc_dec_group(in_dev, iml->multi.imr_multiaddr.s_addr); 2799 /* decrease mem now to avoid the memleak warning */ 2800 atomic_sub(sizeof(*iml), &sk->sk_omem_alloc); 2801 kfree_rcu(iml, rcu); 2802 } 2803 rtnl_unlock(); 2804 } 2805 2806 /* called with rcu_read_lock() */ 2807 int ip_check_mc_rcu(struct in_device *in_dev, __be32 mc_addr, __be32 src_addr, u8 proto) 2808 { 2809 struct ip_mc_list *im; 2810 struct ip_mc_list __rcu **mc_hash; 2811 struct ip_sf_list *psf; 2812 int rv = 0; 2813 2814 mc_hash = rcu_dereference(in_dev->mc_hash); 2815 if (mc_hash) { 2816 u32 hash = hash_32((__force u32)mc_addr, MC_HASH_SZ_LOG); 2817 2818 for (im = rcu_dereference(mc_hash[hash]); 2819 im != NULL; 2820 im = rcu_dereference(im->next_hash)) { 2821 if (im->multiaddr == mc_addr) 2822 break; 2823 } 2824 } else { 2825 for_each_pmc_rcu(in_dev, im) { 2826 if (im->multiaddr == mc_addr) 2827 break; 2828 } 2829 } 2830 if (im && proto == IPPROTO_IGMP) { 2831 rv = 1; 2832 } else if (im) { 2833 if (src_addr) { 2834 spin_lock_bh(&im->lock); 2835 for (psf = im->sources; psf; psf = psf->sf_next) { 2836 if (psf->sf_inaddr == src_addr) 2837 break; 2838 } 2839 if (psf) 2840 rv = psf->sf_count[MCAST_INCLUDE] || 2841 psf->sf_count[MCAST_EXCLUDE] != 2842 im->sfcount[MCAST_EXCLUDE]; 2843 else 2844 rv = im->sfcount[MCAST_EXCLUDE] != 0; 2845 spin_unlock_bh(&im->lock); 2846 } else 2847 rv = 1; /* unspecified source; tentatively allow */ 2848 } 2849 return rv; 2850 } 2851 2852 #if defined(CONFIG_PROC_FS) 2853 struct igmp_mc_iter_state { 2854 struct seq_net_private p; 2855 struct net_device *dev; 2856 struct in_device *in_dev; 2857 }; 2858 2859 #define igmp_mc_seq_private(seq) ((struct igmp_mc_iter_state *)(seq)->private) 2860 2861 static inline struct ip_mc_list *igmp_mc_get_first(struct seq_file *seq) 2862 { 2863 struct net *net = seq_file_net(seq); 2864 struct ip_mc_list *im = NULL; 2865 struct igmp_mc_iter_state *state = igmp_mc_seq_private(seq); 2866 2867 state->in_dev = NULL; 2868 for_each_netdev_rcu(net, state->dev) { 2869 struct in_device *in_dev; 2870 2871 in_dev = __in_dev_get_rcu(state->dev); 2872 if (!in_dev) 2873 continue; 2874 im = rcu_dereference(in_dev->mc_list); 2875 if (im) { 2876 state->in_dev = in_dev; 2877 break; 2878 } 2879 } 2880 return im; 2881 } 2882 2883 static struct ip_mc_list *igmp_mc_get_next(struct seq_file *seq, struct ip_mc_list *im) 2884 { 2885 struct igmp_mc_iter_state *state = igmp_mc_seq_private(seq); 2886 2887 im = rcu_dereference(im->next_rcu); 2888 while (!im) { 2889 state->dev = next_net_device_rcu(state->dev); 2890 if (!state->dev) { 2891 state->in_dev = NULL; 2892 break; 2893 } 2894 state->in_dev = __in_dev_get_rcu(state->dev); 2895 if (!state->in_dev) 2896 continue; 2897 im = rcu_dereference(state->in_dev->mc_list); 2898 } 2899 return im; 2900 } 2901 2902 static struct ip_mc_list *igmp_mc_get_idx(struct seq_file *seq, loff_t pos) 2903 { 2904 struct ip_mc_list *im = igmp_mc_get_first(seq); 2905 if (im) 2906 while (pos && (im = igmp_mc_get_next(seq, im)) != NULL) 2907 --pos; 2908 return pos ? NULL : im; 2909 } 2910 2911 static void *igmp_mc_seq_start(struct seq_file *seq, loff_t *pos) 2912 __acquires(rcu) 2913 { 2914 rcu_read_lock(); 2915 return *pos ? igmp_mc_get_idx(seq, *pos - 1) : SEQ_START_TOKEN; 2916 } 2917 2918 static void *igmp_mc_seq_next(struct seq_file *seq, void *v, loff_t *pos) 2919 { 2920 struct ip_mc_list *im; 2921 if (v == SEQ_START_TOKEN) 2922 im = igmp_mc_get_first(seq); 2923 else 2924 im = igmp_mc_get_next(seq, v); 2925 ++*pos; 2926 return im; 2927 } 2928 2929 static void igmp_mc_seq_stop(struct seq_file *seq, void *v) 2930 __releases(rcu) 2931 { 2932 struct igmp_mc_iter_state *state = igmp_mc_seq_private(seq); 2933 2934 state->in_dev = NULL; 2935 state->dev = NULL; 2936 rcu_read_unlock(); 2937 } 2938 2939 static int igmp_mc_seq_show(struct seq_file *seq, void *v) 2940 { 2941 if (v == SEQ_START_TOKEN) 2942 seq_puts(seq, 2943 "Idx\tDevice : Count Querier\tGroup Users Timer\tReporter\n"); 2944 else { 2945 struct ip_mc_list *im = v; 2946 struct igmp_mc_iter_state *state = igmp_mc_seq_private(seq); 2947 char *querier; 2948 long delta; 2949 2950 #ifdef CONFIG_IP_MULTICAST 2951 querier = IGMP_V1_SEEN(state->in_dev) ? "V1" : 2952 IGMP_V2_SEEN(state->in_dev) ? "V2" : 2953 "V3"; 2954 #else 2955 querier = "NONE"; 2956 #endif 2957 2958 if (rcu_access_pointer(state->in_dev->mc_list) == im) { 2959 seq_printf(seq, "%d\t%-10s: %5d %7s\n", 2960 state->dev->ifindex, state->dev->name, state->in_dev->mc_count, querier); 2961 } 2962 2963 delta = im->timer.expires - jiffies; 2964 seq_printf(seq, 2965 "\t\t\t\t%08X %5d %d:%08lX\t\t%d\n", 2966 im->multiaddr, im->users, 2967 im->tm_running, 2968 im->tm_running ? jiffies_delta_to_clock_t(delta) : 0, 2969 im->reporter); 2970 } 2971 return 0; 2972 } 2973 2974 static const struct seq_operations igmp_mc_seq_ops = { 2975 .start = igmp_mc_seq_start, 2976 .next = igmp_mc_seq_next, 2977 .stop = igmp_mc_seq_stop, 2978 .show = igmp_mc_seq_show, 2979 }; 2980 2981 struct igmp_mcf_iter_state { 2982 struct seq_net_private p; 2983 struct net_device *dev; 2984 struct in_device *idev; 2985 struct ip_mc_list *im; 2986 }; 2987 2988 #define igmp_mcf_seq_private(seq) ((struct igmp_mcf_iter_state *)(seq)->private) 2989 2990 static inline struct ip_sf_list *igmp_mcf_get_first(struct seq_file *seq) 2991 { 2992 struct net *net = seq_file_net(seq); 2993 struct ip_sf_list *psf = NULL; 2994 struct ip_mc_list *im = NULL; 2995 struct igmp_mcf_iter_state *state = igmp_mcf_seq_private(seq); 2996 2997 state->idev = NULL; 2998 state->im = NULL; 2999 for_each_netdev_rcu(net, state->dev) { 3000 struct in_device *idev; 3001 idev = __in_dev_get_rcu(state->dev); 3002 if (unlikely(!idev)) 3003 continue; 3004 im = rcu_dereference(idev->mc_list); 3005 if (likely(im)) { 3006 spin_lock_bh(&im->lock); 3007 psf = im->sources; 3008 if (likely(psf)) { 3009 state->im = im; 3010 state->idev = idev; 3011 break; 3012 } 3013 spin_unlock_bh(&im->lock); 3014 } 3015 } 3016 return psf; 3017 } 3018 3019 static struct ip_sf_list *igmp_mcf_get_next(struct seq_file *seq, struct ip_sf_list *psf) 3020 { 3021 struct igmp_mcf_iter_state *state = igmp_mcf_seq_private(seq); 3022 3023 psf = psf->sf_next; 3024 while (!psf) { 3025 spin_unlock_bh(&state->im->lock); 3026 state->im = state->im->next; 3027 while (!state->im) { 3028 state->dev = next_net_device_rcu(state->dev); 3029 if (!state->dev) { 3030 state->idev = NULL; 3031 goto out; 3032 } 3033 state->idev = __in_dev_get_rcu(state->dev); 3034 if (!state->idev) 3035 continue; 3036 state->im = rcu_dereference(state->idev->mc_list); 3037 } 3038 spin_lock_bh(&state->im->lock); 3039 psf = state->im->sources; 3040 } 3041 out: 3042 return psf; 3043 } 3044 3045 static struct ip_sf_list *igmp_mcf_get_idx(struct seq_file *seq, loff_t pos) 3046 { 3047 struct ip_sf_list *psf = igmp_mcf_get_first(seq); 3048 if (psf) 3049 while (pos && (psf = igmp_mcf_get_next(seq, psf)) != NULL) 3050 --pos; 3051 return pos ? NULL : psf; 3052 } 3053 3054 static void *igmp_mcf_seq_start(struct seq_file *seq, loff_t *pos) 3055 __acquires(rcu) 3056 { 3057 rcu_read_lock(); 3058 return *pos ? igmp_mcf_get_idx(seq, *pos - 1) : SEQ_START_TOKEN; 3059 } 3060 3061 static void *igmp_mcf_seq_next(struct seq_file *seq, void *v, loff_t *pos) 3062 { 3063 struct ip_sf_list *psf; 3064 if (v == SEQ_START_TOKEN) 3065 psf = igmp_mcf_get_first(seq); 3066 else 3067 psf = igmp_mcf_get_next(seq, v); 3068 ++*pos; 3069 return psf; 3070 } 3071 3072 static void igmp_mcf_seq_stop(struct seq_file *seq, void *v) 3073 __releases(rcu) 3074 { 3075 struct igmp_mcf_iter_state *state = igmp_mcf_seq_private(seq); 3076 if (likely(state->im)) { 3077 spin_unlock_bh(&state->im->lock); 3078 state->im = NULL; 3079 } 3080 state->idev = NULL; 3081 state->dev = NULL; 3082 rcu_read_unlock(); 3083 } 3084 3085 static int igmp_mcf_seq_show(struct seq_file *seq, void *v) 3086 { 3087 struct ip_sf_list *psf = v; 3088 struct igmp_mcf_iter_state *state = igmp_mcf_seq_private(seq); 3089 3090 if (v == SEQ_START_TOKEN) { 3091 seq_puts(seq, "Idx Device MCA SRC INC EXC\n"); 3092 } else { 3093 seq_printf(seq, 3094 "%3d %6.6s 0x%08x " 3095 "0x%08x %6lu %6lu\n", 3096 state->dev->ifindex, state->dev->name, 3097 ntohl(state->im->multiaddr), 3098 ntohl(psf->sf_inaddr), 3099 psf->sf_count[MCAST_INCLUDE], 3100 psf->sf_count[MCAST_EXCLUDE]); 3101 } 3102 return 0; 3103 } 3104 3105 static const struct seq_operations igmp_mcf_seq_ops = { 3106 .start = igmp_mcf_seq_start, 3107 .next = igmp_mcf_seq_next, 3108 .stop = igmp_mcf_seq_stop, 3109 .show = igmp_mcf_seq_show, 3110 }; 3111 3112 static int __net_init igmp_net_init(struct net *net) 3113 { 3114 struct proc_dir_entry *pde; 3115 int err; 3116 3117 pde = proc_create_net("igmp", 0444, net->proc_net, &igmp_mc_seq_ops, 3118 sizeof(struct igmp_mc_iter_state)); 3119 if (!pde) 3120 goto out_igmp; 3121 pde = proc_create_net("mcfilter", 0444, net->proc_net, 3122 &igmp_mcf_seq_ops, sizeof(struct igmp_mcf_iter_state)); 3123 if (!pde) 3124 goto out_mcfilter; 3125 err = inet_ctl_sock_create(&net->ipv4.mc_autojoin_sk, AF_INET, 3126 SOCK_DGRAM, 0, net); 3127 if (err < 0) { 3128 pr_err("Failed to initialize the IGMP autojoin socket (err %d)\n", 3129 err); 3130 goto out_sock; 3131 } 3132 3133 return 0; 3134 3135 out_sock: 3136 remove_proc_entry("mcfilter", net->proc_net); 3137 out_mcfilter: 3138 remove_proc_entry("igmp", net->proc_net); 3139 out_igmp: 3140 return -ENOMEM; 3141 } 3142 3143 static void __net_exit igmp_net_exit(struct net *net) 3144 { 3145 remove_proc_entry("mcfilter", net->proc_net); 3146 remove_proc_entry("igmp", net->proc_net); 3147 inet_ctl_sock_destroy(net->ipv4.mc_autojoin_sk); 3148 } 3149 3150 static struct pernet_operations igmp_net_ops = { 3151 .init = igmp_net_init, 3152 .exit = igmp_net_exit, 3153 }; 3154 #endif 3155 3156 static int igmp_netdev_event(struct notifier_block *this, 3157 unsigned long event, void *ptr) 3158 { 3159 struct net_device *dev = netdev_notifier_info_to_dev(ptr); 3160 struct in_device *in_dev; 3161 3162 switch (event) { 3163 case NETDEV_RESEND_IGMP: 3164 in_dev = __in_dev_get_rtnl(dev); 3165 if (in_dev) 3166 ip_mc_rejoin_groups(in_dev); 3167 break; 3168 default: 3169 break; 3170 } 3171 return NOTIFY_DONE; 3172 } 3173 3174 static struct notifier_block igmp_notifier = { 3175 .notifier_call = igmp_netdev_event, 3176 }; 3177 3178 int __init igmp_mc_init(void) 3179 { 3180 #if defined(CONFIG_PROC_FS) 3181 int err; 3182 3183 err = register_pernet_subsys(&igmp_net_ops); 3184 if (err) 3185 return err; 3186 err = register_netdevice_notifier(&igmp_notifier); 3187 if (err) 3188 goto reg_notif_fail; 3189 return 0; 3190 3191 reg_notif_fail: 3192 unregister_pernet_subsys(&igmp_net_ops); 3193 return err; 3194 #else 3195 return register_netdevice_notifier(&igmp_notifier); 3196 #endif 3197 } 3198