1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * Linux NET3: Internet Group Management Protocol [IGMP] 4 * 5 * This code implements the IGMP protocol as defined in RFC1112. There has 6 * been a further revision of this protocol since which is now supported. 7 * 8 * If you have trouble with this module be careful what gcc you have used, 9 * the older version didn't come out right using gcc 2.5.8, the newer one 10 * seems to fall out with gcc 2.6.2. 11 * 12 * Authors: 13 * Alan Cox <alan@lxorguk.ukuu.org.uk> 14 * 15 * Fixes: 16 * 17 * Alan Cox : Added lots of __inline__ to optimise 18 * the memory usage of all the tiny little 19 * functions. 20 * Alan Cox : Dumped the header building experiment. 21 * Alan Cox : Minor tweaks ready for multicast routing 22 * and extended IGMP protocol. 23 * Alan Cox : Removed a load of inline directives. Gcc 2.5.8 24 * writes utterly bogus code otherwise (sigh) 25 * fixed IGMP loopback to behave in the manner 26 * desired by mrouted, fixed the fact it has been 27 * broken since 1.3.6 and cleaned up a few minor 28 * points. 29 * 30 * Chih-Jen Chang : Tried to revise IGMP to Version 2 31 * Tsu-Sheng Tsao E-mail: chihjenc@scf.usc.edu and tsusheng@scf.usc.edu 32 * The enhancements are mainly based on Steve Deering's 33 * ipmulti-3.5 source code. 34 * Chih-Jen Chang : Added the igmp_get_mrouter_info and 35 * Tsu-Sheng Tsao igmp_set_mrouter_info to keep track of 36 * the mrouted version on that device. 37 * Chih-Jen Chang : Added the max_resp_time parameter to 38 * Tsu-Sheng Tsao igmp_heard_query(). Using this parameter 39 * to identify the multicast router version 40 * and do what the IGMP version 2 specified. 41 * Chih-Jen Chang : Added a timer to revert to IGMP V2 router 42 * Tsu-Sheng Tsao if the specified time expired. 43 * Alan Cox : Stop IGMP from 0.0.0.0 being accepted. 44 * Alan Cox : Use GFP_ATOMIC in the right places. 45 * Christian Daudt : igmp timer wasn't set for local group 46 * memberships but was being deleted, 47 * which caused a "del_timer() called 48 * from %p with timer not initialized\n" 49 * message (960131). 50 * Christian Daudt : removed del_timer from 51 * igmp_timer_expire function (960205). 52 * Christian Daudt : igmp_heard_report now only calls 53 * igmp_timer_expire if tm->running is 54 * true (960216). 55 * Malcolm Beattie : ttl comparison wrong in igmp_rcv made 56 * igmp_heard_query never trigger. Expiry 57 * miscalculation fixed in igmp_heard_query 58 * and random() made to return unsigned to 59 * prevent negative expiry times. 60 * Alexey Kuznetsov: Wrong group leaving behaviour, backport 61 * fix from pending 2.1.x patches. 62 * Alan Cox: Forget to enable FDDI support earlier. 63 * Alexey Kuznetsov: Fixed leaving groups on device down. 64 * Alexey Kuznetsov: Accordance to igmp-v2-06 draft. 65 * David L Stevens: IGMPv3 support, with help from 66 * Vinay Kulkarni 67 */ 68 69 #include <linux/module.h> 70 #include <linux/slab.h> 71 #include <linux/uaccess.h> 72 #include <linux/types.h> 73 #include <linux/kernel.h> 74 #include <linux/jiffies.h> 75 #include <linux/string.h> 76 #include <linux/socket.h> 77 #include <linux/sockios.h> 78 #include <linux/in.h> 79 #include <linux/inet.h> 80 #include <linux/netdevice.h> 81 #include <linux/skbuff.h> 82 #include <linux/inetdevice.h> 83 #include <linux/igmp.h> 84 #include <linux/if_arp.h> 85 #include <linux/rtnetlink.h> 86 #include <linux/times.h> 87 #include <linux/pkt_sched.h> 88 #include <linux/byteorder/generic.h> 89 90 #include <net/net_namespace.h> 91 #include <net/arp.h> 92 #include <net/ip.h> 93 #include <net/protocol.h> 94 #include <net/route.h> 95 #include <net/sock.h> 96 #include <net/checksum.h> 97 #include <net/inet_common.h> 98 #include <linux/netfilter_ipv4.h> 99 #ifdef CONFIG_IP_MROUTE 100 #include <linux/mroute.h> 101 #endif 102 #ifdef CONFIG_PROC_FS 103 #include <linux/proc_fs.h> 104 #include <linux/seq_file.h> 105 #endif 106 107 #ifdef CONFIG_IP_MULTICAST 108 /* Parameter names and values are taken from igmp-v2-06 draft */ 109 110 #define IGMP_QUERY_INTERVAL (125*HZ) 111 #define IGMP_QUERY_RESPONSE_INTERVAL (10*HZ) 112 113 #define IGMP_INITIAL_REPORT_DELAY (1) 114 115 /* IGMP_INITIAL_REPORT_DELAY is not from IGMP specs! 116 * IGMP specs require to report membership immediately after 117 * joining a group, but we delay the first report by a 118 * small interval. It seems more natural and still does not 119 * contradict to specs provided this delay is small enough. 120 */ 121 122 #define IGMP_V1_SEEN(in_dev) \ 123 (IPV4_DEVCONF_ALL_RO(dev_net(in_dev->dev), FORCE_IGMP_VERSION) == 1 || \ 124 IN_DEV_CONF_GET((in_dev), FORCE_IGMP_VERSION) == 1 || \ 125 ((in_dev)->mr_v1_seen && \ 126 time_before(jiffies, (in_dev)->mr_v1_seen))) 127 #define IGMP_V2_SEEN(in_dev) \ 128 (IPV4_DEVCONF_ALL_RO(dev_net(in_dev->dev), FORCE_IGMP_VERSION) == 2 || \ 129 IN_DEV_CONF_GET((in_dev), FORCE_IGMP_VERSION) == 2 || \ 130 ((in_dev)->mr_v2_seen && \ 131 time_before(jiffies, (in_dev)->mr_v2_seen))) 132 133 static int unsolicited_report_interval(struct in_device *in_dev) 134 { 135 int interval_ms, interval_jiffies; 136 137 if (IGMP_V1_SEEN(in_dev) || IGMP_V2_SEEN(in_dev)) 138 interval_ms = IN_DEV_CONF_GET( 139 in_dev, 140 IGMPV2_UNSOLICITED_REPORT_INTERVAL); 141 else /* v3 */ 142 interval_ms = IN_DEV_CONF_GET( 143 in_dev, 144 IGMPV3_UNSOLICITED_REPORT_INTERVAL); 145 146 interval_jiffies = msecs_to_jiffies(interval_ms); 147 148 /* _timer functions can't handle a delay of 0 jiffies so ensure 149 * we always return a positive value. 150 */ 151 if (interval_jiffies <= 0) 152 interval_jiffies = 1; 153 return interval_jiffies; 154 } 155 156 static void igmpv3_add_delrec(struct in_device *in_dev, struct ip_mc_list *im, 157 gfp_t gfp); 158 static void igmpv3_del_delrec(struct in_device *in_dev, struct ip_mc_list *im); 159 static void igmpv3_clear_delrec(struct in_device *in_dev); 160 static int sf_setstate(struct ip_mc_list *pmc); 161 static void sf_markstate(struct ip_mc_list *pmc); 162 #endif 163 static void ip_mc_clear_src(struct ip_mc_list *pmc); 164 static int ip_mc_add_src(struct in_device *in_dev, __be32 *pmca, int sfmode, 165 int sfcount, __be32 *psfsrc, int delta); 166 167 static void ip_ma_put(struct ip_mc_list *im) 168 { 169 if (refcount_dec_and_test(&im->refcnt)) { 170 in_dev_put(im->interface); 171 kfree_rcu(im, rcu); 172 } 173 } 174 175 #define for_each_pmc_rcu(in_dev, pmc) \ 176 for (pmc = rcu_dereference(in_dev->mc_list); \ 177 pmc != NULL; \ 178 pmc = rcu_dereference(pmc->next_rcu)) 179 180 #define for_each_pmc_rtnl(in_dev, pmc) \ 181 for (pmc = rtnl_dereference(in_dev->mc_list); \ 182 pmc != NULL; \ 183 pmc = rtnl_dereference(pmc->next_rcu)) 184 185 static void ip_sf_list_clear_all(struct ip_sf_list *psf) 186 { 187 struct ip_sf_list *next; 188 189 while (psf) { 190 next = psf->sf_next; 191 kfree(psf); 192 psf = next; 193 } 194 } 195 196 #ifdef CONFIG_IP_MULTICAST 197 198 /* 199 * Timer management 200 */ 201 202 static void igmp_stop_timer(struct ip_mc_list *im) 203 { 204 spin_lock_bh(&im->lock); 205 if (del_timer(&im->timer)) 206 refcount_dec(&im->refcnt); 207 im->tm_running = 0; 208 im->reporter = 0; 209 im->unsolicit_count = 0; 210 spin_unlock_bh(&im->lock); 211 } 212 213 /* It must be called with locked im->lock */ 214 static void igmp_start_timer(struct ip_mc_list *im, int max_delay) 215 { 216 int tv = get_random_u32_below(max_delay); 217 218 im->tm_running = 1; 219 if (refcount_inc_not_zero(&im->refcnt)) { 220 if (mod_timer(&im->timer, jiffies + tv + 2)) 221 ip_ma_put(im); 222 } 223 } 224 225 static void igmp_gq_start_timer(struct in_device *in_dev) 226 { 227 int tv = get_random_u32_below(in_dev->mr_maxdelay); 228 unsigned long exp = jiffies + tv + 2; 229 230 if (in_dev->mr_gq_running && 231 time_after_eq(exp, (in_dev->mr_gq_timer).expires)) 232 return; 233 234 in_dev->mr_gq_running = 1; 235 if (!mod_timer(&in_dev->mr_gq_timer, exp)) 236 in_dev_hold(in_dev); 237 } 238 239 static void igmp_ifc_start_timer(struct in_device *in_dev, int delay) 240 { 241 int tv = get_random_u32_below(delay); 242 243 if (!mod_timer(&in_dev->mr_ifc_timer, jiffies+tv+2)) 244 in_dev_hold(in_dev); 245 } 246 247 static void igmp_mod_timer(struct ip_mc_list *im, int max_delay) 248 { 249 spin_lock_bh(&im->lock); 250 im->unsolicit_count = 0; 251 if (del_timer(&im->timer)) { 252 if ((long)(im->timer.expires-jiffies) < max_delay) { 253 add_timer(&im->timer); 254 im->tm_running = 1; 255 spin_unlock_bh(&im->lock); 256 return; 257 } 258 refcount_dec(&im->refcnt); 259 } 260 igmp_start_timer(im, max_delay); 261 spin_unlock_bh(&im->lock); 262 } 263 264 265 /* 266 * Send an IGMP report. 267 */ 268 269 #define IGMP_SIZE (sizeof(struct igmphdr)+sizeof(struct iphdr)+4) 270 271 272 static int is_in(struct ip_mc_list *pmc, struct ip_sf_list *psf, int type, 273 int gdeleted, int sdeleted) 274 { 275 switch (type) { 276 case IGMPV3_MODE_IS_INCLUDE: 277 case IGMPV3_MODE_IS_EXCLUDE: 278 if (gdeleted || sdeleted) 279 return 0; 280 if (!(pmc->gsquery && !psf->sf_gsresp)) { 281 if (pmc->sfmode == MCAST_INCLUDE) 282 return 1; 283 /* don't include if this source is excluded 284 * in all filters 285 */ 286 if (psf->sf_count[MCAST_INCLUDE]) 287 return type == IGMPV3_MODE_IS_INCLUDE; 288 return pmc->sfcount[MCAST_EXCLUDE] == 289 psf->sf_count[MCAST_EXCLUDE]; 290 } 291 return 0; 292 case IGMPV3_CHANGE_TO_INCLUDE: 293 if (gdeleted || sdeleted) 294 return 0; 295 return psf->sf_count[MCAST_INCLUDE] != 0; 296 case IGMPV3_CHANGE_TO_EXCLUDE: 297 if (gdeleted || sdeleted) 298 return 0; 299 if (pmc->sfcount[MCAST_EXCLUDE] == 0 || 300 psf->sf_count[MCAST_INCLUDE]) 301 return 0; 302 return pmc->sfcount[MCAST_EXCLUDE] == 303 psf->sf_count[MCAST_EXCLUDE]; 304 case IGMPV3_ALLOW_NEW_SOURCES: 305 if (gdeleted || !psf->sf_crcount) 306 return 0; 307 return (pmc->sfmode == MCAST_INCLUDE) ^ sdeleted; 308 case IGMPV3_BLOCK_OLD_SOURCES: 309 if (pmc->sfmode == MCAST_INCLUDE) 310 return gdeleted || (psf->sf_crcount && sdeleted); 311 return psf->sf_crcount && !gdeleted && !sdeleted; 312 } 313 return 0; 314 } 315 316 static int 317 igmp_scount(struct ip_mc_list *pmc, int type, int gdeleted, int sdeleted) 318 { 319 struct ip_sf_list *psf; 320 int scount = 0; 321 322 for (psf = pmc->sources; psf; psf = psf->sf_next) { 323 if (!is_in(pmc, psf, type, gdeleted, sdeleted)) 324 continue; 325 scount++; 326 } 327 return scount; 328 } 329 330 /* source address selection per RFC 3376 section 4.2.13 */ 331 static __be32 igmpv3_get_srcaddr(struct net_device *dev, 332 const struct flowi4 *fl4) 333 { 334 struct in_device *in_dev = __in_dev_get_rcu(dev); 335 const struct in_ifaddr *ifa; 336 337 if (!in_dev) 338 return htonl(INADDR_ANY); 339 340 in_dev_for_each_ifa_rcu(ifa, in_dev) { 341 if (fl4->saddr == ifa->ifa_local) 342 return fl4->saddr; 343 } 344 345 return htonl(INADDR_ANY); 346 } 347 348 static struct sk_buff *igmpv3_newpack(struct net_device *dev, unsigned int mtu) 349 { 350 struct sk_buff *skb; 351 struct rtable *rt; 352 struct iphdr *pip; 353 struct igmpv3_report *pig; 354 struct net *net = dev_net(dev); 355 struct flowi4 fl4; 356 int hlen = LL_RESERVED_SPACE(dev); 357 int tlen = dev->needed_tailroom; 358 unsigned int size; 359 360 size = min(mtu, IP_MAX_MTU); 361 while (1) { 362 skb = alloc_skb(size + hlen + tlen, 363 GFP_ATOMIC | __GFP_NOWARN); 364 if (skb) 365 break; 366 size >>= 1; 367 if (size < 256) 368 return NULL; 369 } 370 skb->priority = TC_PRIO_CONTROL; 371 372 rt = ip_route_output_ports(net, &fl4, NULL, IGMPV3_ALL_MCR, 0, 373 0, 0, 374 IPPROTO_IGMP, 0, dev->ifindex); 375 if (IS_ERR(rt)) { 376 kfree_skb(skb); 377 return NULL; 378 } 379 380 skb_dst_set(skb, &rt->dst); 381 skb->dev = dev; 382 383 skb_reserve(skb, hlen); 384 skb_tailroom_reserve(skb, mtu, tlen); 385 386 skb_reset_network_header(skb); 387 pip = ip_hdr(skb); 388 skb_put(skb, sizeof(struct iphdr) + 4); 389 390 pip->version = 4; 391 pip->ihl = (sizeof(struct iphdr)+4)>>2; 392 pip->tos = 0xc0; 393 pip->frag_off = htons(IP_DF); 394 pip->ttl = 1; 395 pip->daddr = fl4.daddr; 396 397 rcu_read_lock(); 398 pip->saddr = igmpv3_get_srcaddr(dev, &fl4); 399 rcu_read_unlock(); 400 401 pip->protocol = IPPROTO_IGMP; 402 pip->tot_len = 0; /* filled in later */ 403 ip_select_ident(net, skb, NULL); 404 ((u8 *)&pip[1])[0] = IPOPT_RA; 405 ((u8 *)&pip[1])[1] = 4; 406 ((u8 *)&pip[1])[2] = 0; 407 ((u8 *)&pip[1])[3] = 0; 408 409 skb->transport_header = skb->network_header + sizeof(struct iphdr) + 4; 410 skb_put(skb, sizeof(*pig)); 411 pig = igmpv3_report_hdr(skb); 412 pig->type = IGMPV3_HOST_MEMBERSHIP_REPORT; 413 pig->resv1 = 0; 414 pig->csum = 0; 415 pig->resv2 = 0; 416 pig->ngrec = 0; 417 return skb; 418 } 419 420 static int igmpv3_sendpack(struct sk_buff *skb) 421 { 422 struct igmphdr *pig = igmp_hdr(skb); 423 const int igmplen = skb_tail_pointer(skb) - skb_transport_header(skb); 424 425 pig->csum = ip_compute_csum(igmp_hdr(skb), igmplen); 426 427 return ip_local_out(dev_net(skb_dst(skb)->dev), skb->sk, skb); 428 } 429 430 static int grec_size(struct ip_mc_list *pmc, int type, int gdel, int sdel) 431 { 432 return sizeof(struct igmpv3_grec) + 4*igmp_scount(pmc, type, gdel, sdel); 433 } 434 435 static struct sk_buff *add_grhead(struct sk_buff *skb, struct ip_mc_list *pmc, 436 int type, struct igmpv3_grec **ppgr, unsigned int mtu) 437 { 438 struct net_device *dev = pmc->interface->dev; 439 struct igmpv3_report *pih; 440 struct igmpv3_grec *pgr; 441 442 if (!skb) { 443 skb = igmpv3_newpack(dev, mtu); 444 if (!skb) 445 return NULL; 446 } 447 pgr = skb_put(skb, sizeof(struct igmpv3_grec)); 448 pgr->grec_type = type; 449 pgr->grec_auxwords = 0; 450 pgr->grec_nsrcs = 0; 451 pgr->grec_mca = pmc->multiaddr; 452 pih = igmpv3_report_hdr(skb); 453 pih->ngrec = htons(ntohs(pih->ngrec)+1); 454 *ppgr = pgr; 455 return skb; 456 } 457 458 #define AVAILABLE(skb) ((skb) ? skb_availroom(skb) : 0) 459 460 static struct sk_buff *add_grec(struct sk_buff *skb, struct ip_mc_list *pmc, 461 int type, int gdeleted, int sdeleted) 462 { 463 struct net_device *dev = pmc->interface->dev; 464 struct net *net = dev_net(dev); 465 struct igmpv3_report *pih; 466 struct igmpv3_grec *pgr = NULL; 467 struct ip_sf_list *psf, *psf_next, *psf_prev, **psf_list; 468 int scount, stotal, first, isquery, truncate; 469 unsigned int mtu; 470 471 if (pmc->multiaddr == IGMP_ALL_HOSTS) 472 return skb; 473 if (ipv4_is_local_multicast(pmc->multiaddr) && 474 !READ_ONCE(net->ipv4.sysctl_igmp_llm_reports)) 475 return skb; 476 477 mtu = READ_ONCE(dev->mtu); 478 if (mtu < IPV4_MIN_MTU) 479 return skb; 480 481 isquery = type == IGMPV3_MODE_IS_INCLUDE || 482 type == IGMPV3_MODE_IS_EXCLUDE; 483 truncate = type == IGMPV3_MODE_IS_EXCLUDE || 484 type == IGMPV3_CHANGE_TO_EXCLUDE; 485 486 stotal = scount = 0; 487 488 psf_list = sdeleted ? &pmc->tomb : &pmc->sources; 489 490 if (!*psf_list) 491 goto empty_source; 492 493 pih = skb ? igmpv3_report_hdr(skb) : NULL; 494 495 /* EX and TO_EX get a fresh packet, if needed */ 496 if (truncate) { 497 if (pih && pih->ngrec && 498 AVAILABLE(skb) < grec_size(pmc, type, gdeleted, sdeleted)) { 499 if (skb) 500 igmpv3_sendpack(skb); 501 skb = igmpv3_newpack(dev, mtu); 502 } 503 } 504 first = 1; 505 psf_prev = NULL; 506 for (psf = *psf_list; psf; psf = psf_next) { 507 __be32 *psrc; 508 509 psf_next = psf->sf_next; 510 511 if (!is_in(pmc, psf, type, gdeleted, sdeleted)) { 512 psf_prev = psf; 513 continue; 514 } 515 516 /* Based on RFC3376 5.1. Should not send source-list change 517 * records when there is a filter mode change. 518 */ 519 if (((gdeleted && pmc->sfmode == MCAST_EXCLUDE) || 520 (!gdeleted && pmc->crcount)) && 521 (type == IGMPV3_ALLOW_NEW_SOURCES || 522 type == IGMPV3_BLOCK_OLD_SOURCES) && psf->sf_crcount) 523 goto decrease_sf_crcount; 524 525 /* clear marks on query responses */ 526 if (isquery) 527 psf->sf_gsresp = 0; 528 529 if (AVAILABLE(skb) < sizeof(__be32) + 530 first*sizeof(struct igmpv3_grec)) { 531 if (truncate && !first) 532 break; /* truncate these */ 533 if (pgr) 534 pgr->grec_nsrcs = htons(scount); 535 if (skb) 536 igmpv3_sendpack(skb); 537 skb = igmpv3_newpack(dev, mtu); 538 first = 1; 539 scount = 0; 540 } 541 if (first) { 542 skb = add_grhead(skb, pmc, type, &pgr, mtu); 543 first = 0; 544 } 545 if (!skb) 546 return NULL; 547 psrc = skb_put(skb, sizeof(__be32)); 548 *psrc = psf->sf_inaddr; 549 scount++; stotal++; 550 if ((type == IGMPV3_ALLOW_NEW_SOURCES || 551 type == IGMPV3_BLOCK_OLD_SOURCES) && psf->sf_crcount) { 552 decrease_sf_crcount: 553 psf->sf_crcount--; 554 if ((sdeleted || gdeleted) && psf->sf_crcount == 0) { 555 if (psf_prev) 556 psf_prev->sf_next = psf->sf_next; 557 else 558 *psf_list = psf->sf_next; 559 kfree(psf); 560 continue; 561 } 562 } 563 psf_prev = psf; 564 } 565 566 empty_source: 567 if (!stotal) { 568 if (type == IGMPV3_ALLOW_NEW_SOURCES || 569 type == IGMPV3_BLOCK_OLD_SOURCES) 570 return skb; 571 if (pmc->crcount || isquery) { 572 /* make sure we have room for group header */ 573 if (skb && AVAILABLE(skb) < sizeof(struct igmpv3_grec)) { 574 igmpv3_sendpack(skb); 575 skb = NULL; /* add_grhead will get a new one */ 576 } 577 skb = add_grhead(skb, pmc, type, &pgr, mtu); 578 } 579 } 580 if (pgr) 581 pgr->grec_nsrcs = htons(scount); 582 583 if (isquery) 584 pmc->gsquery = 0; /* clear query state on report */ 585 return skb; 586 } 587 588 static int igmpv3_send_report(struct in_device *in_dev, struct ip_mc_list *pmc) 589 { 590 struct sk_buff *skb = NULL; 591 struct net *net = dev_net(in_dev->dev); 592 int type; 593 594 if (!pmc) { 595 rcu_read_lock(); 596 for_each_pmc_rcu(in_dev, pmc) { 597 if (pmc->multiaddr == IGMP_ALL_HOSTS) 598 continue; 599 if (ipv4_is_local_multicast(pmc->multiaddr) && 600 !READ_ONCE(net->ipv4.sysctl_igmp_llm_reports)) 601 continue; 602 spin_lock_bh(&pmc->lock); 603 if (pmc->sfcount[MCAST_EXCLUDE]) 604 type = IGMPV3_MODE_IS_EXCLUDE; 605 else 606 type = IGMPV3_MODE_IS_INCLUDE; 607 skb = add_grec(skb, pmc, type, 0, 0); 608 spin_unlock_bh(&pmc->lock); 609 } 610 rcu_read_unlock(); 611 } else { 612 spin_lock_bh(&pmc->lock); 613 if (pmc->sfcount[MCAST_EXCLUDE]) 614 type = IGMPV3_MODE_IS_EXCLUDE; 615 else 616 type = IGMPV3_MODE_IS_INCLUDE; 617 skb = add_grec(skb, pmc, type, 0, 0); 618 spin_unlock_bh(&pmc->lock); 619 } 620 if (!skb) 621 return 0; 622 return igmpv3_sendpack(skb); 623 } 624 625 /* 626 * remove zero-count source records from a source filter list 627 */ 628 static void igmpv3_clear_zeros(struct ip_sf_list **ppsf) 629 { 630 struct ip_sf_list *psf_prev, *psf_next, *psf; 631 632 psf_prev = NULL; 633 for (psf = *ppsf; psf; psf = psf_next) { 634 psf_next = psf->sf_next; 635 if (psf->sf_crcount == 0) { 636 if (psf_prev) 637 psf_prev->sf_next = psf->sf_next; 638 else 639 *ppsf = psf->sf_next; 640 kfree(psf); 641 } else 642 psf_prev = psf; 643 } 644 } 645 646 static void kfree_pmc(struct ip_mc_list *pmc) 647 { 648 ip_sf_list_clear_all(pmc->sources); 649 ip_sf_list_clear_all(pmc->tomb); 650 kfree(pmc); 651 } 652 653 static void igmpv3_send_cr(struct in_device *in_dev) 654 { 655 struct ip_mc_list *pmc, *pmc_prev, *pmc_next; 656 struct sk_buff *skb = NULL; 657 int type, dtype; 658 659 rcu_read_lock(); 660 spin_lock_bh(&in_dev->mc_tomb_lock); 661 662 /* deleted MCA's */ 663 pmc_prev = NULL; 664 for (pmc = in_dev->mc_tomb; pmc; pmc = pmc_next) { 665 pmc_next = pmc->next; 666 if (pmc->sfmode == MCAST_INCLUDE) { 667 type = IGMPV3_BLOCK_OLD_SOURCES; 668 dtype = IGMPV3_BLOCK_OLD_SOURCES; 669 skb = add_grec(skb, pmc, type, 1, 0); 670 skb = add_grec(skb, pmc, dtype, 1, 1); 671 } 672 if (pmc->crcount) { 673 if (pmc->sfmode == MCAST_EXCLUDE) { 674 type = IGMPV3_CHANGE_TO_INCLUDE; 675 skb = add_grec(skb, pmc, type, 1, 0); 676 } 677 pmc->crcount--; 678 if (pmc->crcount == 0) { 679 igmpv3_clear_zeros(&pmc->tomb); 680 igmpv3_clear_zeros(&pmc->sources); 681 } 682 } 683 if (pmc->crcount == 0 && !pmc->tomb && !pmc->sources) { 684 if (pmc_prev) 685 pmc_prev->next = pmc_next; 686 else 687 in_dev->mc_tomb = pmc_next; 688 in_dev_put(pmc->interface); 689 kfree_pmc(pmc); 690 } else 691 pmc_prev = pmc; 692 } 693 spin_unlock_bh(&in_dev->mc_tomb_lock); 694 695 /* change recs */ 696 for_each_pmc_rcu(in_dev, pmc) { 697 spin_lock_bh(&pmc->lock); 698 if (pmc->sfcount[MCAST_EXCLUDE]) { 699 type = IGMPV3_BLOCK_OLD_SOURCES; 700 dtype = IGMPV3_ALLOW_NEW_SOURCES; 701 } else { 702 type = IGMPV3_ALLOW_NEW_SOURCES; 703 dtype = IGMPV3_BLOCK_OLD_SOURCES; 704 } 705 skb = add_grec(skb, pmc, type, 0, 0); 706 skb = add_grec(skb, pmc, dtype, 0, 1); /* deleted sources */ 707 708 /* filter mode changes */ 709 if (pmc->crcount) { 710 if (pmc->sfmode == MCAST_EXCLUDE) 711 type = IGMPV3_CHANGE_TO_EXCLUDE; 712 else 713 type = IGMPV3_CHANGE_TO_INCLUDE; 714 skb = add_grec(skb, pmc, type, 0, 0); 715 pmc->crcount--; 716 } 717 spin_unlock_bh(&pmc->lock); 718 } 719 rcu_read_unlock(); 720 721 if (!skb) 722 return; 723 (void) igmpv3_sendpack(skb); 724 } 725 726 static int igmp_send_report(struct in_device *in_dev, struct ip_mc_list *pmc, 727 int type) 728 { 729 struct sk_buff *skb; 730 struct iphdr *iph; 731 struct igmphdr *ih; 732 struct rtable *rt; 733 struct net_device *dev = in_dev->dev; 734 struct net *net = dev_net(dev); 735 __be32 group = pmc ? pmc->multiaddr : 0; 736 struct flowi4 fl4; 737 __be32 dst; 738 int hlen, tlen; 739 740 if (type == IGMPV3_HOST_MEMBERSHIP_REPORT) 741 return igmpv3_send_report(in_dev, pmc); 742 743 if (ipv4_is_local_multicast(group) && 744 !READ_ONCE(net->ipv4.sysctl_igmp_llm_reports)) 745 return 0; 746 747 if (type == IGMP_HOST_LEAVE_MESSAGE) 748 dst = IGMP_ALL_ROUTER; 749 else 750 dst = group; 751 752 rt = ip_route_output_ports(net, &fl4, NULL, dst, 0, 753 0, 0, 754 IPPROTO_IGMP, 0, dev->ifindex); 755 if (IS_ERR(rt)) 756 return -1; 757 758 hlen = LL_RESERVED_SPACE(dev); 759 tlen = dev->needed_tailroom; 760 skb = alloc_skb(IGMP_SIZE + hlen + tlen, GFP_ATOMIC); 761 if (!skb) { 762 ip_rt_put(rt); 763 return -1; 764 } 765 skb->priority = TC_PRIO_CONTROL; 766 767 skb_dst_set(skb, &rt->dst); 768 769 skb_reserve(skb, hlen); 770 771 skb_reset_network_header(skb); 772 iph = ip_hdr(skb); 773 skb_put(skb, sizeof(struct iphdr) + 4); 774 775 iph->version = 4; 776 iph->ihl = (sizeof(struct iphdr)+4)>>2; 777 iph->tos = 0xc0; 778 iph->frag_off = htons(IP_DF); 779 iph->ttl = 1; 780 iph->daddr = dst; 781 iph->saddr = fl4.saddr; 782 iph->protocol = IPPROTO_IGMP; 783 ip_select_ident(net, skb, NULL); 784 ((u8 *)&iph[1])[0] = IPOPT_RA; 785 ((u8 *)&iph[1])[1] = 4; 786 ((u8 *)&iph[1])[2] = 0; 787 ((u8 *)&iph[1])[3] = 0; 788 789 ih = skb_put(skb, sizeof(struct igmphdr)); 790 ih->type = type; 791 ih->code = 0; 792 ih->csum = 0; 793 ih->group = group; 794 ih->csum = ip_compute_csum((void *)ih, sizeof(struct igmphdr)); 795 796 return ip_local_out(net, skb->sk, skb); 797 } 798 799 static void igmp_gq_timer_expire(struct timer_list *t) 800 { 801 struct in_device *in_dev = from_timer(in_dev, t, mr_gq_timer); 802 803 in_dev->mr_gq_running = 0; 804 igmpv3_send_report(in_dev, NULL); 805 in_dev_put(in_dev); 806 } 807 808 static void igmp_ifc_timer_expire(struct timer_list *t) 809 { 810 struct in_device *in_dev = from_timer(in_dev, t, mr_ifc_timer); 811 u32 mr_ifc_count; 812 813 igmpv3_send_cr(in_dev); 814 restart: 815 mr_ifc_count = READ_ONCE(in_dev->mr_ifc_count); 816 817 if (mr_ifc_count) { 818 if (cmpxchg(&in_dev->mr_ifc_count, 819 mr_ifc_count, 820 mr_ifc_count - 1) != mr_ifc_count) 821 goto restart; 822 igmp_ifc_start_timer(in_dev, 823 unsolicited_report_interval(in_dev)); 824 } 825 in_dev_put(in_dev); 826 } 827 828 static void igmp_ifc_event(struct in_device *in_dev) 829 { 830 struct net *net = dev_net(in_dev->dev); 831 if (IGMP_V1_SEEN(in_dev) || IGMP_V2_SEEN(in_dev)) 832 return; 833 WRITE_ONCE(in_dev->mr_ifc_count, in_dev->mr_qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv)); 834 igmp_ifc_start_timer(in_dev, 1); 835 } 836 837 838 static void igmp_timer_expire(struct timer_list *t) 839 { 840 struct ip_mc_list *im = from_timer(im, t, timer); 841 struct in_device *in_dev = im->interface; 842 843 spin_lock(&im->lock); 844 im->tm_running = 0; 845 846 if (im->unsolicit_count && --im->unsolicit_count) 847 igmp_start_timer(im, unsolicited_report_interval(in_dev)); 848 849 im->reporter = 1; 850 spin_unlock(&im->lock); 851 852 if (IGMP_V1_SEEN(in_dev)) 853 igmp_send_report(in_dev, im, IGMP_HOST_MEMBERSHIP_REPORT); 854 else if (IGMP_V2_SEEN(in_dev)) 855 igmp_send_report(in_dev, im, IGMPV2_HOST_MEMBERSHIP_REPORT); 856 else 857 igmp_send_report(in_dev, im, IGMPV3_HOST_MEMBERSHIP_REPORT); 858 859 ip_ma_put(im); 860 } 861 862 /* mark EXCLUDE-mode sources */ 863 static int igmp_xmarksources(struct ip_mc_list *pmc, int nsrcs, __be32 *srcs) 864 { 865 struct ip_sf_list *psf; 866 int i, scount; 867 868 scount = 0; 869 for (psf = pmc->sources; psf; psf = psf->sf_next) { 870 if (scount == nsrcs) 871 break; 872 for (i = 0; i < nsrcs; i++) { 873 /* skip inactive filters */ 874 if (psf->sf_count[MCAST_INCLUDE] || 875 pmc->sfcount[MCAST_EXCLUDE] != 876 psf->sf_count[MCAST_EXCLUDE]) 877 break; 878 if (srcs[i] == psf->sf_inaddr) { 879 scount++; 880 break; 881 } 882 } 883 } 884 pmc->gsquery = 0; 885 if (scount == nsrcs) /* all sources excluded */ 886 return 0; 887 return 1; 888 } 889 890 static int igmp_marksources(struct ip_mc_list *pmc, int nsrcs, __be32 *srcs) 891 { 892 struct ip_sf_list *psf; 893 int i, scount; 894 895 if (pmc->sfmode == MCAST_EXCLUDE) 896 return igmp_xmarksources(pmc, nsrcs, srcs); 897 898 /* mark INCLUDE-mode sources */ 899 scount = 0; 900 for (psf = pmc->sources; psf; psf = psf->sf_next) { 901 if (scount == nsrcs) 902 break; 903 for (i = 0; i < nsrcs; i++) 904 if (srcs[i] == psf->sf_inaddr) { 905 psf->sf_gsresp = 1; 906 scount++; 907 break; 908 } 909 } 910 if (!scount) { 911 pmc->gsquery = 0; 912 return 0; 913 } 914 pmc->gsquery = 1; 915 return 1; 916 } 917 918 /* return true if packet was dropped */ 919 static bool igmp_heard_report(struct in_device *in_dev, __be32 group) 920 { 921 struct ip_mc_list *im; 922 struct net *net = dev_net(in_dev->dev); 923 924 /* Timers are only set for non-local groups */ 925 926 if (group == IGMP_ALL_HOSTS) 927 return false; 928 if (ipv4_is_local_multicast(group) && 929 !READ_ONCE(net->ipv4.sysctl_igmp_llm_reports)) 930 return false; 931 932 rcu_read_lock(); 933 for_each_pmc_rcu(in_dev, im) { 934 if (im->multiaddr == group) { 935 igmp_stop_timer(im); 936 break; 937 } 938 } 939 rcu_read_unlock(); 940 return false; 941 } 942 943 /* return true if packet was dropped */ 944 static bool igmp_heard_query(struct in_device *in_dev, struct sk_buff *skb, 945 int len) 946 { 947 struct igmphdr *ih = igmp_hdr(skb); 948 struct igmpv3_query *ih3 = igmpv3_query_hdr(skb); 949 struct ip_mc_list *im; 950 __be32 group = ih->group; 951 int max_delay; 952 int mark = 0; 953 struct net *net = dev_net(in_dev->dev); 954 955 956 if (len == 8) { 957 if (ih->code == 0) { 958 /* Alas, old v1 router presents here. */ 959 960 max_delay = IGMP_QUERY_RESPONSE_INTERVAL; 961 in_dev->mr_v1_seen = jiffies + 962 (in_dev->mr_qrv * in_dev->mr_qi) + 963 in_dev->mr_qri; 964 group = 0; 965 } else { 966 /* v2 router present */ 967 max_delay = ih->code*(HZ/IGMP_TIMER_SCALE); 968 in_dev->mr_v2_seen = jiffies + 969 (in_dev->mr_qrv * in_dev->mr_qi) + 970 in_dev->mr_qri; 971 } 972 /* cancel the interface change timer */ 973 WRITE_ONCE(in_dev->mr_ifc_count, 0); 974 if (del_timer(&in_dev->mr_ifc_timer)) 975 __in_dev_put(in_dev); 976 /* clear deleted report items */ 977 igmpv3_clear_delrec(in_dev); 978 } else if (len < 12) { 979 return true; /* ignore bogus packet; freed by caller */ 980 } else if (IGMP_V1_SEEN(in_dev)) { 981 /* This is a v3 query with v1 queriers present */ 982 max_delay = IGMP_QUERY_RESPONSE_INTERVAL; 983 group = 0; 984 } else if (IGMP_V2_SEEN(in_dev)) { 985 /* this is a v3 query with v2 queriers present; 986 * Interpretation of the max_delay code is problematic here. 987 * A real v2 host would use ih_code directly, while v3 has a 988 * different encoding. We use the v3 encoding as more likely 989 * to be intended in a v3 query. 990 */ 991 max_delay = IGMPV3_MRC(ih3->code)*(HZ/IGMP_TIMER_SCALE); 992 if (!max_delay) 993 max_delay = 1; /* can't mod w/ 0 */ 994 } else { /* v3 */ 995 if (!pskb_may_pull(skb, sizeof(struct igmpv3_query))) 996 return true; 997 998 ih3 = igmpv3_query_hdr(skb); 999 if (ih3->nsrcs) { 1000 if (!pskb_may_pull(skb, sizeof(struct igmpv3_query) 1001 + ntohs(ih3->nsrcs)*sizeof(__be32))) 1002 return true; 1003 ih3 = igmpv3_query_hdr(skb); 1004 } 1005 1006 max_delay = IGMPV3_MRC(ih3->code)*(HZ/IGMP_TIMER_SCALE); 1007 if (!max_delay) 1008 max_delay = 1; /* can't mod w/ 0 */ 1009 in_dev->mr_maxdelay = max_delay; 1010 1011 /* RFC3376, 4.1.6. QRV and 4.1.7. QQIC, when the most recently 1012 * received value was zero, use the default or statically 1013 * configured value. 1014 */ 1015 in_dev->mr_qrv = ih3->qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv); 1016 in_dev->mr_qi = IGMPV3_QQIC(ih3->qqic)*HZ ?: IGMP_QUERY_INTERVAL; 1017 1018 /* RFC3376, 8.3. Query Response Interval: 1019 * The number of seconds represented by the [Query Response 1020 * Interval] must be less than the [Query Interval]. 1021 */ 1022 if (in_dev->mr_qri >= in_dev->mr_qi) 1023 in_dev->mr_qri = (in_dev->mr_qi/HZ - 1)*HZ; 1024 1025 if (!group) { /* general query */ 1026 if (ih3->nsrcs) 1027 return true; /* no sources allowed */ 1028 igmp_gq_start_timer(in_dev); 1029 return false; 1030 } 1031 /* mark sources to include, if group & source-specific */ 1032 mark = ih3->nsrcs != 0; 1033 } 1034 1035 /* 1036 * - Start the timers in all of our membership records 1037 * that the query applies to for the interface on 1038 * which the query arrived excl. those that belong 1039 * to a "local" group (224.0.0.X) 1040 * - For timers already running check if they need to 1041 * be reset. 1042 * - Use the igmp->igmp_code field as the maximum 1043 * delay possible 1044 */ 1045 rcu_read_lock(); 1046 for_each_pmc_rcu(in_dev, im) { 1047 int changed; 1048 1049 if (group && group != im->multiaddr) 1050 continue; 1051 if (im->multiaddr == IGMP_ALL_HOSTS) 1052 continue; 1053 if (ipv4_is_local_multicast(im->multiaddr) && 1054 !READ_ONCE(net->ipv4.sysctl_igmp_llm_reports)) 1055 continue; 1056 spin_lock_bh(&im->lock); 1057 if (im->tm_running) 1058 im->gsquery = im->gsquery && mark; 1059 else 1060 im->gsquery = mark; 1061 changed = !im->gsquery || 1062 igmp_marksources(im, ntohs(ih3->nsrcs), ih3->srcs); 1063 spin_unlock_bh(&im->lock); 1064 if (changed) 1065 igmp_mod_timer(im, max_delay); 1066 } 1067 rcu_read_unlock(); 1068 return false; 1069 } 1070 1071 /* called in rcu_read_lock() section */ 1072 int igmp_rcv(struct sk_buff *skb) 1073 { 1074 /* This basically follows the spec line by line -- see RFC1112 */ 1075 struct igmphdr *ih; 1076 struct net_device *dev = skb->dev; 1077 struct in_device *in_dev; 1078 int len = skb->len; 1079 bool dropped = true; 1080 1081 if (netif_is_l3_master(dev)) { 1082 dev = dev_get_by_index_rcu(dev_net(dev), IPCB(skb)->iif); 1083 if (!dev) 1084 goto drop; 1085 } 1086 1087 in_dev = __in_dev_get_rcu(dev); 1088 if (!in_dev) 1089 goto drop; 1090 1091 if (!pskb_may_pull(skb, sizeof(struct igmphdr))) 1092 goto drop; 1093 1094 if (skb_checksum_simple_validate(skb)) 1095 goto drop; 1096 1097 ih = igmp_hdr(skb); 1098 switch (ih->type) { 1099 case IGMP_HOST_MEMBERSHIP_QUERY: 1100 dropped = igmp_heard_query(in_dev, skb, len); 1101 break; 1102 case IGMP_HOST_MEMBERSHIP_REPORT: 1103 case IGMPV2_HOST_MEMBERSHIP_REPORT: 1104 /* Is it our report looped back? */ 1105 if (rt_is_output_route(skb_rtable(skb))) 1106 break; 1107 /* don't rely on MC router hearing unicast reports */ 1108 if (skb->pkt_type == PACKET_MULTICAST || 1109 skb->pkt_type == PACKET_BROADCAST) 1110 dropped = igmp_heard_report(in_dev, ih->group); 1111 break; 1112 case IGMP_PIM: 1113 #ifdef CONFIG_IP_PIMSM_V1 1114 return pim_rcv_v1(skb); 1115 #endif 1116 case IGMPV3_HOST_MEMBERSHIP_REPORT: 1117 case IGMP_DVMRP: 1118 case IGMP_TRACE: 1119 case IGMP_HOST_LEAVE_MESSAGE: 1120 case IGMP_MTRACE: 1121 case IGMP_MTRACE_RESP: 1122 break; 1123 default: 1124 break; 1125 } 1126 1127 drop: 1128 if (dropped) 1129 kfree_skb(skb); 1130 else 1131 consume_skb(skb); 1132 return 0; 1133 } 1134 1135 #endif 1136 1137 1138 /* 1139 * Add a filter to a device 1140 */ 1141 1142 static void ip_mc_filter_add(struct in_device *in_dev, __be32 addr) 1143 { 1144 char buf[MAX_ADDR_LEN]; 1145 struct net_device *dev = in_dev->dev; 1146 1147 /* Checking for IFF_MULTICAST here is WRONG-WRONG-WRONG. 1148 We will get multicast token leakage, when IFF_MULTICAST 1149 is changed. This check should be done in ndo_set_rx_mode 1150 routine. Something sort of: 1151 if (dev->mc_list && dev->flags&IFF_MULTICAST) { do it; } 1152 --ANK 1153 */ 1154 if (arp_mc_map(addr, buf, dev, 0) == 0) 1155 dev_mc_add(dev, buf); 1156 } 1157 1158 /* 1159 * Remove a filter from a device 1160 */ 1161 1162 static void ip_mc_filter_del(struct in_device *in_dev, __be32 addr) 1163 { 1164 char buf[MAX_ADDR_LEN]; 1165 struct net_device *dev = in_dev->dev; 1166 1167 if (arp_mc_map(addr, buf, dev, 0) == 0) 1168 dev_mc_del(dev, buf); 1169 } 1170 1171 #ifdef CONFIG_IP_MULTICAST 1172 /* 1173 * deleted ip_mc_list manipulation 1174 */ 1175 static void igmpv3_add_delrec(struct in_device *in_dev, struct ip_mc_list *im, 1176 gfp_t gfp) 1177 { 1178 struct ip_mc_list *pmc; 1179 struct net *net = dev_net(in_dev->dev); 1180 1181 /* this is an "ip_mc_list" for convenience; only the fields below 1182 * are actually used. In particular, the refcnt and users are not 1183 * used for management of the delete list. Using the same structure 1184 * for deleted items allows change reports to use common code with 1185 * non-deleted or query-response MCA's. 1186 */ 1187 pmc = kzalloc(sizeof(*pmc), gfp); 1188 if (!pmc) 1189 return; 1190 spin_lock_init(&pmc->lock); 1191 spin_lock_bh(&im->lock); 1192 pmc->interface = im->interface; 1193 in_dev_hold(in_dev); 1194 pmc->multiaddr = im->multiaddr; 1195 pmc->crcount = in_dev->mr_qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv); 1196 pmc->sfmode = im->sfmode; 1197 if (pmc->sfmode == MCAST_INCLUDE) { 1198 struct ip_sf_list *psf; 1199 1200 pmc->tomb = im->tomb; 1201 pmc->sources = im->sources; 1202 im->tomb = im->sources = NULL; 1203 for (psf = pmc->sources; psf; psf = psf->sf_next) 1204 psf->sf_crcount = pmc->crcount; 1205 } 1206 spin_unlock_bh(&im->lock); 1207 1208 spin_lock_bh(&in_dev->mc_tomb_lock); 1209 pmc->next = in_dev->mc_tomb; 1210 in_dev->mc_tomb = pmc; 1211 spin_unlock_bh(&in_dev->mc_tomb_lock); 1212 } 1213 1214 /* 1215 * restore ip_mc_list deleted records 1216 */ 1217 static void igmpv3_del_delrec(struct in_device *in_dev, struct ip_mc_list *im) 1218 { 1219 struct ip_mc_list *pmc, *pmc_prev; 1220 struct ip_sf_list *psf; 1221 struct net *net = dev_net(in_dev->dev); 1222 __be32 multiaddr = im->multiaddr; 1223 1224 spin_lock_bh(&in_dev->mc_tomb_lock); 1225 pmc_prev = NULL; 1226 for (pmc = in_dev->mc_tomb; pmc; pmc = pmc->next) { 1227 if (pmc->multiaddr == multiaddr) 1228 break; 1229 pmc_prev = pmc; 1230 } 1231 if (pmc) { 1232 if (pmc_prev) 1233 pmc_prev->next = pmc->next; 1234 else 1235 in_dev->mc_tomb = pmc->next; 1236 } 1237 spin_unlock_bh(&in_dev->mc_tomb_lock); 1238 1239 spin_lock_bh(&im->lock); 1240 if (pmc) { 1241 im->interface = pmc->interface; 1242 if (im->sfmode == MCAST_INCLUDE) { 1243 swap(im->tomb, pmc->tomb); 1244 swap(im->sources, pmc->sources); 1245 for (psf = im->sources; psf; psf = psf->sf_next) 1246 psf->sf_crcount = in_dev->mr_qrv ?: 1247 READ_ONCE(net->ipv4.sysctl_igmp_qrv); 1248 } else { 1249 im->crcount = in_dev->mr_qrv ?: 1250 READ_ONCE(net->ipv4.sysctl_igmp_qrv); 1251 } 1252 in_dev_put(pmc->interface); 1253 kfree_pmc(pmc); 1254 } 1255 spin_unlock_bh(&im->lock); 1256 } 1257 1258 /* 1259 * flush ip_mc_list deleted records 1260 */ 1261 static void igmpv3_clear_delrec(struct in_device *in_dev) 1262 { 1263 struct ip_mc_list *pmc, *nextpmc; 1264 1265 spin_lock_bh(&in_dev->mc_tomb_lock); 1266 pmc = in_dev->mc_tomb; 1267 in_dev->mc_tomb = NULL; 1268 spin_unlock_bh(&in_dev->mc_tomb_lock); 1269 1270 for (; pmc; pmc = nextpmc) { 1271 nextpmc = pmc->next; 1272 ip_mc_clear_src(pmc); 1273 in_dev_put(pmc->interface); 1274 kfree_pmc(pmc); 1275 } 1276 /* clear dead sources, too */ 1277 rcu_read_lock(); 1278 for_each_pmc_rcu(in_dev, pmc) { 1279 struct ip_sf_list *psf; 1280 1281 spin_lock_bh(&pmc->lock); 1282 psf = pmc->tomb; 1283 pmc->tomb = NULL; 1284 spin_unlock_bh(&pmc->lock); 1285 ip_sf_list_clear_all(psf); 1286 } 1287 rcu_read_unlock(); 1288 } 1289 #endif 1290 1291 static void __igmp_group_dropped(struct ip_mc_list *im, gfp_t gfp) 1292 { 1293 struct in_device *in_dev = im->interface; 1294 #ifdef CONFIG_IP_MULTICAST 1295 struct net *net = dev_net(in_dev->dev); 1296 int reporter; 1297 #endif 1298 1299 if (im->loaded) { 1300 im->loaded = 0; 1301 ip_mc_filter_del(in_dev, im->multiaddr); 1302 } 1303 1304 #ifdef CONFIG_IP_MULTICAST 1305 if (im->multiaddr == IGMP_ALL_HOSTS) 1306 return; 1307 if (ipv4_is_local_multicast(im->multiaddr) && 1308 !READ_ONCE(net->ipv4.sysctl_igmp_llm_reports)) 1309 return; 1310 1311 reporter = im->reporter; 1312 igmp_stop_timer(im); 1313 1314 if (!in_dev->dead) { 1315 if (IGMP_V1_SEEN(in_dev)) 1316 return; 1317 if (IGMP_V2_SEEN(in_dev)) { 1318 if (reporter) 1319 igmp_send_report(in_dev, im, IGMP_HOST_LEAVE_MESSAGE); 1320 return; 1321 } 1322 /* IGMPv3 */ 1323 igmpv3_add_delrec(in_dev, im, gfp); 1324 1325 igmp_ifc_event(in_dev); 1326 } 1327 #endif 1328 } 1329 1330 static void igmp_group_dropped(struct ip_mc_list *im) 1331 { 1332 __igmp_group_dropped(im, GFP_KERNEL); 1333 } 1334 1335 static void igmp_group_added(struct ip_mc_list *im) 1336 { 1337 struct in_device *in_dev = im->interface; 1338 #ifdef CONFIG_IP_MULTICAST 1339 struct net *net = dev_net(in_dev->dev); 1340 #endif 1341 1342 if (im->loaded == 0) { 1343 im->loaded = 1; 1344 ip_mc_filter_add(in_dev, im->multiaddr); 1345 } 1346 1347 #ifdef CONFIG_IP_MULTICAST 1348 if (im->multiaddr == IGMP_ALL_HOSTS) 1349 return; 1350 if (ipv4_is_local_multicast(im->multiaddr) && 1351 !READ_ONCE(net->ipv4.sysctl_igmp_llm_reports)) 1352 return; 1353 1354 if (in_dev->dead) 1355 return; 1356 1357 im->unsolicit_count = READ_ONCE(net->ipv4.sysctl_igmp_qrv); 1358 if (IGMP_V1_SEEN(in_dev) || IGMP_V2_SEEN(in_dev)) { 1359 spin_lock_bh(&im->lock); 1360 igmp_start_timer(im, IGMP_INITIAL_REPORT_DELAY); 1361 spin_unlock_bh(&im->lock); 1362 return; 1363 } 1364 /* else, v3 */ 1365 1366 /* Based on RFC3376 5.1, for newly added INCLUDE SSM, we should 1367 * not send filter-mode change record as the mode should be from 1368 * IN() to IN(A). 1369 */ 1370 if (im->sfmode == MCAST_EXCLUDE) 1371 im->crcount = in_dev->mr_qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv); 1372 1373 igmp_ifc_event(in_dev); 1374 #endif 1375 } 1376 1377 1378 /* 1379 * Multicast list managers 1380 */ 1381 1382 static u32 ip_mc_hash(const struct ip_mc_list *im) 1383 { 1384 return hash_32((__force u32)im->multiaddr, MC_HASH_SZ_LOG); 1385 } 1386 1387 static void ip_mc_hash_add(struct in_device *in_dev, 1388 struct ip_mc_list *im) 1389 { 1390 struct ip_mc_list __rcu **mc_hash; 1391 u32 hash; 1392 1393 mc_hash = rtnl_dereference(in_dev->mc_hash); 1394 if (mc_hash) { 1395 hash = ip_mc_hash(im); 1396 im->next_hash = mc_hash[hash]; 1397 rcu_assign_pointer(mc_hash[hash], im); 1398 return; 1399 } 1400 1401 /* do not use a hash table for small number of items */ 1402 if (in_dev->mc_count < 4) 1403 return; 1404 1405 mc_hash = kzalloc(sizeof(struct ip_mc_list *) << MC_HASH_SZ_LOG, 1406 GFP_KERNEL); 1407 if (!mc_hash) 1408 return; 1409 1410 for_each_pmc_rtnl(in_dev, im) { 1411 hash = ip_mc_hash(im); 1412 im->next_hash = mc_hash[hash]; 1413 RCU_INIT_POINTER(mc_hash[hash], im); 1414 } 1415 1416 rcu_assign_pointer(in_dev->mc_hash, mc_hash); 1417 } 1418 1419 static void ip_mc_hash_remove(struct in_device *in_dev, 1420 struct ip_mc_list *im) 1421 { 1422 struct ip_mc_list __rcu **mc_hash = rtnl_dereference(in_dev->mc_hash); 1423 struct ip_mc_list *aux; 1424 1425 if (!mc_hash) 1426 return; 1427 mc_hash += ip_mc_hash(im); 1428 while ((aux = rtnl_dereference(*mc_hash)) != im) 1429 mc_hash = &aux->next_hash; 1430 *mc_hash = im->next_hash; 1431 } 1432 1433 1434 /* 1435 * A socket has joined a multicast group on device dev. 1436 */ 1437 static void ____ip_mc_inc_group(struct in_device *in_dev, __be32 addr, 1438 unsigned int mode, gfp_t gfp) 1439 { 1440 struct ip_mc_list *im; 1441 1442 ASSERT_RTNL(); 1443 1444 for_each_pmc_rtnl(in_dev, im) { 1445 if (im->multiaddr == addr) { 1446 im->users++; 1447 ip_mc_add_src(in_dev, &addr, mode, 0, NULL, 0); 1448 goto out; 1449 } 1450 } 1451 1452 im = kzalloc(sizeof(*im), gfp); 1453 if (!im) 1454 goto out; 1455 1456 im->users = 1; 1457 im->interface = in_dev; 1458 in_dev_hold(in_dev); 1459 im->multiaddr = addr; 1460 /* initial mode is (EX, empty) */ 1461 im->sfmode = mode; 1462 im->sfcount[mode] = 1; 1463 refcount_set(&im->refcnt, 1); 1464 spin_lock_init(&im->lock); 1465 #ifdef CONFIG_IP_MULTICAST 1466 timer_setup(&im->timer, igmp_timer_expire, 0); 1467 #endif 1468 1469 im->next_rcu = in_dev->mc_list; 1470 in_dev->mc_count++; 1471 rcu_assign_pointer(in_dev->mc_list, im); 1472 1473 ip_mc_hash_add(in_dev, im); 1474 1475 #ifdef CONFIG_IP_MULTICAST 1476 igmpv3_del_delrec(in_dev, im); 1477 #endif 1478 igmp_group_added(im); 1479 if (!in_dev->dead) 1480 ip_rt_multicast_event(in_dev); 1481 out: 1482 return; 1483 } 1484 1485 void __ip_mc_inc_group(struct in_device *in_dev, __be32 addr, gfp_t gfp) 1486 { 1487 ____ip_mc_inc_group(in_dev, addr, MCAST_EXCLUDE, gfp); 1488 } 1489 EXPORT_SYMBOL(__ip_mc_inc_group); 1490 1491 void ip_mc_inc_group(struct in_device *in_dev, __be32 addr) 1492 { 1493 __ip_mc_inc_group(in_dev, addr, GFP_KERNEL); 1494 } 1495 EXPORT_SYMBOL(ip_mc_inc_group); 1496 1497 static int ip_mc_check_iphdr(struct sk_buff *skb) 1498 { 1499 const struct iphdr *iph; 1500 unsigned int len; 1501 unsigned int offset = skb_network_offset(skb) + sizeof(*iph); 1502 1503 if (!pskb_may_pull(skb, offset)) 1504 return -EINVAL; 1505 1506 iph = ip_hdr(skb); 1507 1508 if (iph->version != 4 || ip_hdrlen(skb) < sizeof(*iph)) 1509 return -EINVAL; 1510 1511 offset += ip_hdrlen(skb) - sizeof(*iph); 1512 1513 if (!pskb_may_pull(skb, offset)) 1514 return -EINVAL; 1515 1516 iph = ip_hdr(skb); 1517 1518 if (unlikely(ip_fast_csum((u8 *)iph, iph->ihl))) 1519 return -EINVAL; 1520 1521 len = skb_network_offset(skb) + ntohs(iph->tot_len); 1522 if (skb->len < len || len < offset) 1523 return -EINVAL; 1524 1525 skb_set_transport_header(skb, offset); 1526 1527 return 0; 1528 } 1529 1530 static int ip_mc_check_igmp_reportv3(struct sk_buff *skb) 1531 { 1532 unsigned int len = skb_transport_offset(skb); 1533 1534 len += sizeof(struct igmpv3_report); 1535 1536 return ip_mc_may_pull(skb, len) ? 0 : -EINVAL; 1537 } 1538 1539 static int ip_mc_check_igmp_query(struct sk_buff *skb) 1540 { 1541 unsigned int transport_len = ip_transport_len(skb); 1542 unsigned int len; 1543 1544 /* IGMPv{1,2}? */ 1545 if (transport_len != sizeof(struct igmphdr)) { 1546 /* or IGMPv3? */ 1547 if (transport_len < sizeof(struct igmpv3_query)) 1548 return -EINVAL; 1549 1550 len = skb_transport_offset(skb) + sizeof(struct igmpv3_query); 1551 if (!ip_mc_may_pull(skb, len)) 1552 return -EINVAL; 1553 } 1554 1555 /* RFC2236+RFC3376 (IGMPv2+IGMPv3) require the multicast link layer 1556 * all-systems destination addresses (224.0.0.1) for general queries 1557 */ 1558 if (!igmp_hdr(skb)->group && 1559 ip_hdr(skb)->daddr != htonl(INADDR_ALLHOSTS_GROUP)) 1560 return -EINVAL; 1561 1562 return 0; 1563 } 1564 1565 static int ip_mc_check_igmp_msg(struct sk_buff *skb) 1566 { 1567 switch (igmp_hdr(skb)->type) { 1568 case IGMP_HOST_LEAVE_MESSAGE: 1569 case IGMP_HOST_MEMBERSHIP_REPORT: 1570 case IGMPV2_HOST_MEMBERSHIP_REPORT: 1571 return 0; 1572 case IGMPV3_HOST_MEMBERSHIP_REPORT: 1573 return ip_mc_check_igmp_reportv3(skb); 1574 case IGMP_HOST_MEMBERSHIP_QUERY: 1575 return ip_mc_check_igmp_query(skb); 1576 default: 1577 return -ENOMSG; 1578 } 1579 } 1580 1581 static __sum16 ip_mc_validate_checksum(struct sk_buff *skb) 1582 { 1583 return skb_checksum_simple_validate(skb); 1584 } 1585 1586 static int ip_mc_check_igmp_csum(struct sk_buff *skb) 1587 { 1588 unsigned int len = skb_transport_offset(skb) + sizeof(struct igmphdr); 1589 unsigned int transport_len = ip_transport_len(skb); 1590 struct sk_buff *skb_chk; 1591 1592 if (!ip_mc_may_pull(skb, len)) 1593 return -EINVAL; 1594 1595 skb_chk = skb_checksum_trimmed(skb, transport_len, 1596 ip_mc_validate_checksum); 1597 if (!skb_chk) 1598 return -EINVAL; 1599 1600 if (skb_chk != skb) 1601 kfree_skb(skb_chk); 1602 1603 return 0; 1604 } 1605 1606 /** 1607 * ip_mc_check_igmp - checks whether this is a sane IGMP packet 1608 * @skb: the skb to validate 1609 * 1610 * Checks whether an IPv4 packet is a valid IGMP packet. If so sets 1611 * skb transport header accordingly and returns zero. 1612 * 1613 * -EINVAL: A broken packet was detected, i.e. it violates some internet 1614 * standard 1615 * -ENOMSG: IP header validation succeeded but it is not an IGMP packet. 1616 * -ENOMEM: A memory allocation failure happened. 1617 * 1618 * Caller needs to set the skb network header and free any returned skb if it 1619 * differs from the provided skb. 1620 */ 1621 int ip_mc_check_igmp(struct sk_buff *skb) 1622 { 1623 int ret = ip_mc_check_iphdr(skb); 1624 1625 if (ret < 0) 1626 return ret; 1627 1628 if (ip_hdr(skb)->protocol != IPPROTO_IGMP) 1629 return -ENOMSG; 1630 1631 ret = ip_mc_check_igmp_csum(skb); 1632 if (ret < 0) 1633 return ret; 1634 1635 return ip_mc_check_igmp_msg(skb); 1636 } 1637 EXPORT_SYMBOL(ip_mc_check_igmp); 1638 1639 /* 1640 * Resend IGMP JOIN report; used by netdev notifier. 1641 */ 1642 static void ip_mc_rejoin_groups(struct in_device *in_dev) 1643 { 1644 #ifdef CONFIG_IP_MULTICAST 1645 struct ip_mc_list *im; 1646 int type; 1647 struct net *net = dev_net(in_dev->dev); 1648 1649 ASSERT_RTNL(); 1650 1651 for_each_pmc_rtnl(in_dev, im) { 1652 if (im->multiaddr == IGMP_ALL_HOSTS) 1653 continue; 1654 if (ipv4_is_local_multicast(im->multiaddr) && 1655 !READ_ONCE(net->ipv4.sysctl_igmp_llm_reports)) 1656 continue; 1657 1658 /* a failover is happening and switches 1659 * must be notified immediately 1660 */ 1661 if (IGMP_V1_SEEN(in_dev)) 1662 type = IGMP_HOST_MEMBERSHIP_REPORT; 1663 else if (IGMP_V2_SEEN(in_dev)) 1664 type = IGMPV2_HOST_MEMBERSHIP_REPORT; 1665 else 1666 type = IGMPV3_HOST_MEMBERSHIP_REPORT; 1667 igmp_send_report(in_dev, im, type); 1668 } 1669 #endif 1670 } 1671 1672 /* 1673 * A socket has left a multicast group on device dev 1674 */ 1675 1676 void __ip_mc_dec_group(struct in_device *in_dev, __be32 addr, gfp_t gfp) 1677 { 1678 struct ip_mc_list *i; 1679 struct ip_mc_list __rcu **ip; 1680 1681 ASSERT_RTNL(); 1682 1683 for (ip = &in_dev->mc_list; 1684 (i = rtnl_dereference(*ip)) != NULL; 1685 ip = &i->next_rcu) { 1686 if (i->multiaddr == addr) { 1687 if (--i->users == 0) { 1688 ip_mc_hash_remove(in_dev, i); 1689 *ip = i->next_rcu; 1690 in_dev->mc_count--; 1691 __igmp_group_dropped(i, gfp); 1692 ip_mc_clear_src(i); 1693 1694 if (!in_dev->dead) 1695 ip_rt_multicast_event(in_dev); 1696 1697 ip_ma_put(i); 1698 return; 1699 } 1700 break; 1701 } 1702 } 1703 } 1704 EXPORT_SYMBOL(__ip_mc_dec_group); 1705 1706 /* Device changing type */ 1707 1708 void ip_mc_unmap(struct in_device *in_dev) 1709 { 1710 struct ip_mc_list *pmc; 1711 1712 ASSERT_RTNL(); 1713 1714 for_each_pmc_rtnl(in_dev, pmc) 1715 igmp_group_dropped(pmc); 1716 } 1717 1718 void ip_mc_remap(struct in_device *in_dev) 1719 { 1720 struct ip_mc_list *pmc; 1721 1722 ASSERT_RTNL(); 1723 1724 for_each_pmc_rtnl(in_dev, pmc) { 1725 #ifdef CONFIG_IP_MULTICAST 1726 igmpv3_del_delrec(in_dev, pmc); 1727 #endif 1728 igmp_group_added(pmc); 1729 } 1730 } 1731 1732 /* Device going down */ 1733 1734 void ip_mc_down(struct in_device *in_dev) 1735 { 1736 struct ip_mc_list *pmc; 1737 1738 ASSERT_RTNL(); 1739 1740 for_each_pmc_rtnl(in_dev, pmc) 1741 igmp_group_dropped(pmc); 1742 1743 #ifdef CONFIG_IP_MULTICAST 1744 WRITE_ONCE(in_dev->mr_ifc_count, 0); 1745 if (del_timer(&in_dev->mr_ifc_timer)) 1746 __in_dev_put(in_dev); 1747 in_dev->mr_gq_running = 0; 1748 if (del_timer(&in_dev->mr_gq_timer)) 1749 __in_dev_put(in_dev); 1750 #endif 1751 1752 ip_mc_dec_group(in_dev, IGMP_ALL_HOSTS); 1753 } 1754 1755 #ifdef CONFIG_IP_MULTICAST 1756 static void ip_mc_reset(struct in_device *in_dev) 1757 { 1758 struct net *net = dev_net(in_dev->dev); 1759 1760 in_dev->mr_qi = IGMP_QUERY_INTERVAL; 1761 in_dev->mr_qri = IGMP_QUERY_RESPONSE_INTERVAL; 1762 in_dev->mr_qrv = READ_ONCE(net->ipv4.sysctl_igmp_qrv); 1763 } 1764 #else 1765 static void ip_mc_reset(struct in_device *in_dev) 1766 { 1767 } 1768 #endif 1769 1770 void ip_mc_init_dev(struct in_device *in_dev) 1771 { 1772 ASSERT_RTNL(); 1773 1774 #ifdef CONFIG_IP_MULTICAST 1775 timer_setup(&in_dev->mr_gq_timer, igmp_gq_timer_expire, 0); 1776 timer_setup(&in_dev->mr_ifc_timer, igmp_ifc_timer_expire, 0); 1777 #endif 1778 ip_mc_reset(in_dev); 1779 1780 spin_lock_init(&in_dev->mc_tomb_lock); 1781 } 1782 1783 /* Device going up */ 1784 1785 void ip_mc_up(struct in_device *in_dev) 1786 { 1787 struct ip_mc_list *pmc; 1788 1789 ASSERT_RTNL(); 1790 1791 ip_mc_reset(in_dev); 1792 ip_mc_inc_group(in_dev, IGMP_ALL_HOSTS); 1793 1794 for_each_pmc_rtnl(in_dev, pmc) { 1795 #ifdef CONFIG_IP_MULTICAST 1796 igmpv3_del_delrec(in_dev, pmc); 1797 #endif 1798 igmp_group_added(pmc); 1799 } 1800 } 1801 1802 /* 1803 * Device is about to be destroyed: clean up. 1804 */ 1805 1806 void ip_mc_destroy_dev(struct in_device *in_dev) 1807 { 1808 struct ip_mc_list *i; 1809 1810 ASSERT_RTNL(); 1811 1812 /* Deactivate timers */ 1813 ip_mc_down(in_dev); 1814 #ifdef CONFIG_IP_MULTICAST 1815 igmpv3_clear_delrec(in_dev); 1816 #endif 1817 1818 while ((i = rtnl_dereference(in_dev->mc_list)) != NULL) { 1819 in_dev->mc_list = i->next_rcu; 1820 in_dev->mc_count--; 1821 ip_mc_clear_src(i); 1822 ip_ma_put(i); 1823 } 1824 } 1825 1826 /* RTNL is locked */ 1827 static struct in_device *ip_mc_find_dev(struct net *net, struct ip_mreqn *imr) 1828 { 1829 struct net_device *dev = NULL; 1830 struct in_device *idev = NULL; 1831 1832 if (imr->imr_ifindex) { 1833 idev = inetdev_by_index(net, imr->imr_ifindex); 1834 return idev; 1835 } 1836 if (imr->imr_address.s_addr) { 1837 dev = __ip_dev_find(net, imr->imr_address.s_addr, false); 1838 if (!dev) 1839 return NULL; 1840 } 1841 1842 if (!dev) { 1843 struct rtable *rt = ip_route_output(net, 1844 imr->imr_multiaddr.s_addr, 1845 0, 0, 0); 1846 if (!IS_ERR(rt)) { 1847 dev = rt->dst.dev; 1848 ip_rt_put(rt); 1849 } 1850 } 1851 if (dev) { 1852 imr->imr_ifindex = dev->ifindex; 1853 idev = __in_dev_get_rtnl(dev); 1854 } 1855 return idev; 1856 } 1857 1858 /* 1859 * Join a socket to a group 1860 */ 1861 1862 static int ip_mc_del1_src(struct ip_mc_list *pmc, int sfmode, 1863 __be32 *psfsrc) 1864 { 1865 struct ip_sf_list *psf, *psf_prev; 1866 int rv = 0; 1867 1868 psf_prev = NULL; 1869 for (psf = pmc->sources; psf; psf = psf->sf_next) { 1870 if (psf->sf_inaddr == *psfsrc) 1871 break; 1872 psf_prev = psf; 1873 } 1874 if (!psf || psf->sf_count[sfmode] == 0) { 1875 /* source filter not found, or count wrong => bug */ 1876 return -ESRCH; 1877 } 1878 psf->sf_count[sfmode]--; 1879 if (psf->sf_count[sfmode] == 0) { 1880 ip_rt_multicast_event(pmc->interface); 1881 } 1882 if (!psf->sf_count[MCAST_INCLUDE] && !psf->sf_count[MCAST_EXCLUDE]) { 1883 #ifdef CONFIG_IP_MULTICAST 1884 struct in_device *in_dev = pmc->interface; 1885 struct net *net = dev_net(in_dev->dev); 1886 #endif 1887 1888 /* no more filters for this source */ 1889 if (psf_prev) 1890 psf_prev->sf_next = psf->sf_next; 1891 else 1892 pmc->sources = psf->sf_next; 1893 #ifdef CONFIG_IP_MULTICAST 1894 if (psf->sf_oldin && 1895 !IGMP_V1_SEEN(in_dev) && !IGMP_V2_SEEN(in_dev)) { 1896 psf->sf_crcount = in_dev->mr_qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv); 1897 psf->sf_next = pmc->tomb; 1898 pmc->tomb = psf; 1899 rv = 1; 1900 } else 1901 #endif 1902 kfree(psf); 1903 } 1904 return rv; 1905 } 1906 1907 #ifndef CONFIG_IP_MULTICAST 1908 #define igmp_ifc_event(x) do { } while (0) 1909 #endif 1910 1911 static int ip_mc_del_src(struct in_device *in_dev, __be32 *pmca, int sfmode, 1912 int sfcount, __be32 *psfsrc, int delta) 1913 { 1914 struct ip_mc_list *pmc; 1915 int changerec = 0; 1916 int i, err; 1917 1918 if (!in_dev) 1919 return -ENODEV; 1920 rcu_read_lock(); 1921 for_each_pmc_rcu(in_dev, pmc) { 1922 if (*pmca == pmc->multiaddr) 1923 break; 1924 } 1925 if (!pmc) { 1926 /* MCA not found?? bug */ 1927 rcu_read_unlock(); 1928 return -ESRCH; 1929 } 1930 spin_lock_bh(&pmc->lock); 1931 rcu_read_unlock(); 1932 #ifdef CONFIG_IP_MULTICAST 1933 sf_markstate(pmc); 1934 #endif 1935 if (!delta) { 1936 err = -EINVAL; 1937 if (!pmc->sfcount[sfmode]) 1938 goto out_unlock; 1939 pmc->sfcount[sfmode]--; 1940 } 1941 err = 0; 1942 for (i = 0; i < sfcount; i++) { 1943 int rv = ip_mc_del1_src(pmc, sfmode, &psfsrc[i]); 1944 1945 changerec |= rv > 0; 1946 if (!err && rv < 0) 1947 err = rv; 1948 } 1949 if (pmc->sfmode == MCAST_EXCLUDE && 1950 pmc->sfcount[MCAST_EXCLUDE] == 0 && 1951 pmc->sfcount[MCAST_INCLUDE]) { 1952 #ifdef CONFIG_IP_MULTICAST 1953 struct ip_sf_list *psf; 1954 struct net *net = dev_net(in_dev->dev); 1955 #endif 1956 1957 /* filter mode change */ 1958 pmc->sfmode = MCAST_INCLUDE; 1959 #ifdef CONFIG_IP_MULTICAST 1960 pmc->crcount = in_dev->mr_qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv); 1961 WRITE_ONCE(in_dev->mr_ifc_count, pmc->crcount); 1962 for (psf = pmc->sources; psf; psf = psf->sf_next) 1963 psf->sf_crcount = 0; 1964 igmp_ifc_event(pmc->interface); 1965 } else if (sf_setstate(pmc) || changerec) { 1966 igmp_ifc_event(pmc->interface); 1967 #endif 1968 } 1969 out_unlock: 1970 spin_unlock_bh(&pmc->lock); 1971 return err; 1972 } 1973 1974 /* 1975 * Add multicast single-source filter to the interface list 1976 */ 1977 static int ip_mc_add1_src(struct ip_mc_list *pmc, int sfmode, 1978 __be32 *psfsrc) 1979 { 1980 struct ip_sf_list *psf, *psf_prev; 1981 1982 psf_prev = NULL; 1983 for (psf = pmc->sources; psf; psf = psf->sf_next) { 1984 if (psf->sf_inaddr == *psfsrc) 1985 break; 1986 psf_prev = psf; 1987 } 1988 if (!psf) { 1989 psf = kzalloc(sizeof(*psf), GFP_ATOMIC); 1990 if (!psf) 1991 return -ENOBUFS; 1992 psf->sf_inaddr = *psfsrc; 1993 if (psf_prev) { 1994 psf_prev->sf_next = psf; 1995 } else 1996 pmc->sources = psf; 1997 } 1998 psf->sf_count[sfmode]++; 1999 if (psf->sf_count[sfmode] == 1) { 2000 ip_rt_multicast_event(pmc->interface); 2001 } 2002 return 0; 2003 } 2004 2005 #ifdef CONFIG_IP_MULTICAST 2006 static void sf_markstate(struct ip_mc_list *pmc) 2007 { 2008 struct ip_sf_list *psf; 2009 int mca_xcount = pmc->sfcount[MCAST_EXCLUDE]; 2010 2011 for (psf = pmc->sources; psf; psf = psf->sf_next) 2012 if (pmc->sfcount[MCAST_EXCLUDE]) { 2013 psf->sf_oldin = mca_xcount == 2014 psf->sf_count[MCAST_EXCLUDE] && 2015 !psf->sf_count[MCAST_INCLUDE]; 2016 } else 2017 psf->sf_oldin = psf->sf_count[MCAST_INCLUDE] != 0; 2018 } 2019 2020 static int sf_setstate(struct ip_mc_list *pmc) 2021 { 2022 struct ip_sf_list *psf, *dpsf; 2023 int mca_xcount = pmc->sfcount[MCAST_EXCLUDE]; 2024 int qrv = pmc->interface->mr_qrv; 2025 int new_in, rv; 2026 2027 rv = 0; 2028 for (psf = pmc->sources; psf; psf = psf->sf_next) { 2029 if (pmc->sfcount[MCAST_EXCLUDE]) { 2030 new_in = mca_xcount == psf->sf_count[MCAST_EXCLUDE] && 2031 !psf->sf_count[MCAST_INCLUDE]; 2032 } else 2033 new_in = psf->sf_count[MCAST_INCLUDE] != 0; 2034 if (new_in) { 2035 if (!psf->sf_oldin) { 2036 struct ip_sf_list *prev = NULL; 2037 2038 for (dpsf = pmc->tomb; dpsf; dpsf = dpsf->sf_next) { 2039 if (dpsf->sf_inaddr == psf->sf_inaddr) 2040 break; 2041 prev = dpsf; 2042 } 2043 if (dpsf) { 2044 if (prev) 2045 prev->sf_next = dpsf->sf_next; 2046 else 2047 pmc->tomb = dpsf->sf_next; 2048 kfree(dpsf); 2049 } 2050 psf->sf_crcount = qrv; 2051 rv++; 2052 } 2053 } else if (psf->sf_oldin) { 2054 2055 psf->sf_crcount = 0; 2056 /* 2057 * add or update "delete" records if an active filter 2058 * is now inactive 2059 */ 2060 for (dpsf = pmc->tomb; dpsf; dpsf = dpsf->sf_next) 2061 if (dpsf->sf_inaddr == psf->sf_inaddr) 2062 break; 2063 if (!dpsf) { 2064 dpsf = kmalloc(sizeof(*dpsf), GFP_ATOMIC); 2065 if (!dpsf) 2066 continue; 2067 *dpsf = *psf; 2068 /* pmc->lock held by callers */ 2069 dpsf->sf_next = pmc->tomb; 2070 pmc->tomb = dpsf; 2071 } 2072 dpsf->sf_crcount = qrv; 2073 rv++; 2074 } 2075 } 2076 return rv; 2077 } 2078 #endif 2079 2080 /* 2081 * Add multicast source filter list to the interface list 2082 */ 2083 static int ip_mc_add_src(struct in_device *in_dev, __be32 *pmca, int sfmode, 2084 int sfcount, __be32 *psfsrc, int delta) 2085 { 2086 struct ip_mc_list *pmc; 2087 int isexclude; 2088 int i, err; 2089 2090 if (!in_dev) 2091 return -ENODEV; 2092 rcu_read_lock(); 2093 for_each_pmc_rcu(in_dev, pmc) { 2094 if (*pmca == pmc->multiaddr) 2095 break; 2096 } 2097 if (!pmc) { 2098 /* MCA not found?? bug */ 2099 rcu_read_unlock(); 2100 return -ESRCH; 2101 } 2102 spin_lock_bh(&pmc->lock); 2103 rcu_read_unlock(); 2104 2105 #ifdef CONFIG_IP_MULTICAST 2106 sf_markstate(pmc); 2107 #endif 2108 isexclude = pmc->sfmode == MCAST_EXCLUDE; 2109 if (!delta) 2110 pmc->sfcount[sfmode]++; 2111 err = 0; 2112 for (i = 0; i < sfcount; i++) { 2113 err = ip_mc_add1_src(pmc, sfmode, &psfsrc[i]); 2114 if (err) 2115 break; 2116 } 2117 if (err) { 2118 int j; 2119 2120 if (!delta) 2121 pmc->sfcount[sfmode]--; 2122 for (j = 0; j < i; j++) 2123 (void) ip_mc_del1_src(pmc, sfmode, &psfsrc[j]); 2124 } else if (isexclude != (pmc->sfcount[MCAST_EXCLUDE] != 0)) { 2125 #ifdef CONFIG_IP_MULTICAST 2126 struct ip_sf_list *psf; 2127 struct net *net = dev_net(pmc->interface->dev); 2128 in_dev = pmc->interface; 2129 #endif 2130 2131 /* filter mode change */ 2132 if (pmc->sfcount[MCAST_EXCLUDE]) 2133 pmc->sfmode = MCAST_EXCLUDE; 2134 else if (pmc->sfcount[MCAST_INCLUDE]) 2135 pmc->sfmode = MCAST_INCLUDE; 2136 #ifdef CONFIG_IP_MULTICAST 2137 /* else no filters; keep old mode for reports */ 2138 2139 pmc->crcount = in_dev->mr_qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv); 2140 WRITE_ONCE(in_dev->mr_ifc_count, pmc->crcount); 2141 for (psf = pmc->sources; psf; psf = psf->sf_next) 2142 psf->sf_crcount = 0; 2143 igmp_ifc_event(in_dev); 2144 } else if (sf_setstate(pmc)) { 2145 igmp_ifc_event(in_dev); 2146 #endif 2147 } 2148 spin_unlock_bh(&pmc->lock); 2149 return err; 2150 } 2151 2152 static void ip_mc_clear_src(struct ip_mc_list *pmc) 2153 { 2154 struct ip_sf_list *tomb, *sources; 2155 2156 spin_lock_bh(&pmc->lock); 2157 tomb = pmc->tomb; 2158 pmc->tomb = NULL; 2159 sources = pmc->sources; 2160 pmc->sources = NULL; 2161 pmc->sfmode = MCAST_EXCLUDE; 2162 pmc->sfcount[MCAST_INCLUDE] = 0; 2163 pmc->sfcount[MCAST_EXCLUDE] = 1; 2164 spin_unlock_bh(&pmc->lock); 2165 2166 ip_sf_list_clear_all(tomb); 2167 ip_sf_list_clear_all(sources); 2168 } 2169 2170 /* Join a multicast group 2171 */ 2172 static int __ip_mc_join_group(struct sock *sk, struct ip_mreqn *imr, 2173 unsigned int mode) 2174 { 2175 __be32 addr = imr->imr_multiaddr.s_addr; 2176 struct ip_mc_socklist *iml, *i; 2177 struct in_device *in_dev; 2178 struct inet_sock *inet = inet_sk(sk); 2179 struct net *net = sock_net(sk); 2180 int ifindex; 2181 int count = 0; 2182 int err; 2183 2184 ASSERT_RTNL(); 2185 2186 if (!ipv4_is_multicast(addr)) 2187 return -EINVAL; 2188 2189 in_dev = ip_mc_find_dev(net, imr); 2190 2191 if (!in_dev) { 2192 err = -ENODEV; 2193 goto done; 2194 } 2195 2196 err = -EADDRINUSE; 2197 ifindex = imr->imr_ifindex; 2198 for_each_pmc_rtnl(inet, i) { 2199 if (i->multi.imr_multiaddr.s_addr == addr && 2200 i->multi.imr_ifindex == ifindex) 2201 goto done; 2202 count++; 2203 } 2204 err = -ENOBUFS; 2205 if (count >= READ_ONCE(net->ipv4.sysctl_igmp_max_memberships)) 2206 goto done; 2207 iml = sock_kmalloc(sk, sizeof(*iml), GFP_KERNEL); 2208 if (!iml) 2209 goto done; 2210 2211 memcpy(&iml->multi, imr, sizeof(*imr)); 2212 iml->next_rcu = inet->mc_list; 2213 iml->sflist = NULL; 2214 iml->sfmode = mode; 2215 rcu_assign_pointer(inet->mc_list, iml); 2216 ____ip_mc_inc_group(in_dev, addr, mode, GFP_KERNEL); 2217 err = 0; 2218 done: 2219 return err; 2220 } 2221 2222 /* Join ASM (Any-Source Multicast) group 2223 */ 2224 int ip_mc_join_group(struct sock *sk, struct ip_mreqn *imr) 2225 { 2226 return __ip_mc_join_group(sk, imr, MCAST_EXCLUDE); 2227 } 2228 EXPORT_SYMBOL(ip_mc_join_group); 2229 2230 /* Join SSM (Source-Specific Multicast) group 2231 */ 2232 int ip_mc_join_group_ssm(struct sock *sk, struct ip_mreqn *imr, 2233 unsigned int mode) 2234 { 2235 return __ip_mc_join_group(sk, imr, mode); 2236 } 2237 2238 static int ip_mc_leave_src(struct sock *sk, struct ip_mc_socklist *iml, 2239 struct in_device *in_dev) 2240 { 2241 struct ip_sf_socklist *psf = rtnl_dereference(iml->sflist); 2242 int err; 2243 2244 if (!psf) { 2245 /* any-source empty exclude case */ 2246 return ip_mc_del_src(in_dev, &iml->multi.imr_multiaddr.s_addr, 2247 iml->sfmode, 0, NULL, 0); 2248 } 2249 err = ip_mc_del_src(in_dev, &iml->multi.imr_multiaddr.s_addr, 2250 iml->sfmode, psf->sl_count, psf->sl_addr, 0); 2251 RCU_INIT_POINTER(iml->sflist, NULL); 2252 /* decrease mem now to avoid the memleak warning */ 2253 atomic_sub(struct_size(psf, sl_addr, psf->sl_max), &sk->sk_omem_alloc); 2254 kfree_rcu(psf, rcu); 2255 return err; 2256 } 2257 2258 int ip_mc_leave_group(struct sock *sk, struct ip_mreqn *imr) 2259 { 2260 struct inet_sock *inet = inet_sk(sk); 2261 struct ip_mc_socklist *iml; 2262 struct ip_mc_socklist __rcu **imlp; 2263 struct in_device *in_dev; 2264 struct net *net = sock_net(sk); 2265 __be32 group = imr->imr_multiaddr.s_addr; 2266 u32 ifindex; 2267 int ret = -EADDRNOTAVAIL; 2268 2269 ASSERT_RTNL(); 2270 2271 in_dev = ip_mc_find_dev(net, imr); 2272 if (!imr->imr_ifindex && !imr->imr_address.s_addr && !in_dev) { 2273 ret = -ENODEV; 2274 goto out; 2275 } 2276 ifindex = imr->imr_ifindex; 2277 for (imlp = &inet->mc_list; 2278 (iml = rtnl_dereference(*imlp)) != NULL; 2279 imlp = &iml->next_rcu) { 2280 if (iml->multi.imr_multiaddr.s_addr != group) 2281 continue; 2282 if (ifindex) { 2283 if (iml->multi.imr_ifindex != ifindex) 2284 continue; 2285 } else if (imr->imr_address.s_addr && imr->imr_address.s_addr != 2286 iml->multi.imr_address.s_addr) 2287 continue; 2288 2289 (void) ip_mc_leave_src(sk, iml, in_dev); 2290 2291 *imlp = iml->next_rcu; 2292 2293 if (in_dev) 2294 ip_mc_dec_group(in_dev, group); 2295 2296 /* decrease mem now to avoid the memleak warning */ 2297 atomic_sub(sizeof(*iml), &sk->sk_omem_alloc); 2298 kfree_rcu(iml, rcu); 2299 return 0; 2300 } 2301 out: 2302 return ret; 2303 } 2304 EXPORT_SYMBOL(ip_mc_leave_group); 2305 2306 int ip_mc_source(int add, int omode, struct sock *sk, struct 2307 ip_mreq_source *mreqs, int ifindex) 2308 { 2309 int err; 2310 struct ip_mreqn imr; 2311 __be32 addr = mreqs->imr_multiaddr; 2312 struct ip_mc_socklist *pmc; 2313 struct in_device *in_dev = NULL; 2314 struct inet_sock *inet = inet_sk(sk); 2315 struct ip_sf_socklist *psl; 2316 struct net *net = sock_net(sk); 2317 int leavegroup = 0; 2318 int i, j, rv; 2319 2320 if (!ipv4_is_multicast(addr)) 2321 return -EINVAL; 2322 2323 ASSERT_RTNL(); 2324 2325 imr.imr_multiaddr.s_addr = mreqs->imr_multiaddr; 2326 imr.imr_address.s_addr = mreqs->imr_interface; 2327 imr.imr_ifindex = ifindex; 2328 in_dev = ip_mc_find_dev(net, &imr); 2329 2330 if (!in_dev) { 2331 err = -ENODEV; 2332 goto done; 2333 } 2334 err = -EADDRNOTAVAIL; 2335 2336 for_each_pmc_rtnl(inet, pmc) { 2337 if ((pmc->multi.imr_multiaddr.s_addr == 2338 imr.imr_multiaddr.s_addr) && 2339 (pmc->multi.imr_ifindex == imr.imr_ifindex)) 2340 break; 2341 } 2342 if (!pmc) { /* must have a prior join */ 2343 err = -EINVAL; 2344 goto done; 2345 } 2346 /* if a source filter was set, must be the same mode as before */ 2347 if (pmc->sflist) { 2348 if (pmc->sfmode != omode) { 2349 err = -EINVAL; 2350 goto done; 2351 } 2352 } else if (pmc->sfmode != omode) { 2353 /* allow mode switches for empty-set filters */ 2354 ip_mc_add_src(in_dev, &mreqs->imr_multiaddr, omode, 0, NULL, 0); 2355 ip_mc_del_src(in_dev, &mreqs->imr_multiaddr, pmc->sfmode, 0, 2356 NULL, 0); 2357 pmc->sfmode = omode; 2358 } 2359 2360 psl = rtnl_dereference(pmc->sflist); 2361 if (!add) { 2362 if (!psl) 2363 goto done; /* err = -EADDRNOTAVAIL */ 2364 rv = !0; 2365 for (i = 0; i < psl->sl_count; i++) { 2366 rv = memcmp(&psl->sl_addr[i], &mreqs->imr_sourceaddr, 2367 sizeof(__be32)); 2368 if (rv == 0) 2369 break; 2370 } 2371 if (rv) /* source not found */ 2372 goto done; /* err = -EADDRNOTAVAIL */ 2373 2374 /* special case - (INCLUDE, empty) == LEAVE_GROUP */ 2375 if (psl->sl_count == 1 && omode == MCAST_INCLUDE) { 2376 leavegroup = 1; 2377 goto done; 2378 } 2379 2380 /* update the interface filter */ 2381 ip_mc_del_src(in_dev, &mreqs->imr_multiaddr, omode, 1, 2382 &mreqs->imr_sourceaddr, 1); 2383 2384 for (j = i+1; j < psl->sl_count; j++) 2385 psl->sl_addr[j-1] = psl->sl_addr[j]; 2386 psl->sl_count--; 2387 err = 0; 2388 goto done; 2389 } 2390 /* else, add a new source to the filter */ 2391 2392 if (psl && psl->sl_count >= READ_ONCE(net->ipv4.sysctl_igmp_max_msf)) { 2393 err = -ENOBUFS; 2394 goto done; 2395 } 2396 if (!psl || psl->sl_count == psl->sl_max) { 2397 struct ip_sf_socklist *newpsl; 2398 int count = IP_SFBLOCK; 2399 2400 if (psl) 2401 count += psl->sl_max; 2402 newpsl = sock_kmalloc(sk, struct_size(newpsl, sl_addr, count), 2403 GFP_KERNEL); 2404 if (!newpsl) { 2405 err = -ENOBUFS; 2406 goto done; 2407 } 2408 newpsl->sl_max = count; 2409 newpsl->sl_count = count - IP_SFBLOCK; 2410 if (psl) { 2411 for (i = 0; i < psl->sl_count; i++) 2412 newpsl->sl_addr[i] = psl->sl_addr[i]; 2413 /* decrease mem now to avoid the memleak warning */ 2414 atomic_sub(struct_size(psl, sl_addr, psl->sl_max), 2415 &sk->sk_omem_alloc); 2416 } 2417 rcu_assign_pointer(pmc->sflist, newpsl); 2418 if (psl) 2419 kfree_rcu(psl, rcu); 2420 psl = newpsl; 2421 } 2422 rv = 1; /* > 0 for insert logic below if sl_count is 0 */ 2423 for (i = 0; i < psl->sl_count; i++) { 2424 rv = memcmp(&psl->sl_addr[i], &mreqs->imr_sourceaddr, 2425 sizeof(__be32)); 2426 if (rv == 0) 2427 break; 2428 } 2429 if (rv == 0) /* address already there is an error */ 2430 goto done; 2431 for (j = psl->sl_count-1; j >= i; j--) 2432 psl->sl_addr[j+1] = psl->sl_addr[j]; 2433 psl->sl_addr[i] = mreqs->imr_sourceaddr; 2434 psl->sl_count++; 2435 err = 0; 2436 /* update the interface list */ 2437 ip_mc_add_src(in_dev, &mreqs->imr_multiaddr, omode, 1, 2438 &mreqs->imr_sourceaddr, 1); 2439 done: 2440 if (leavegroup) 2441 err = ip_mc_leave_group(sk, &imr); 2442 return err; 2443 } 2444 2445 int ip_mc_msfilter(struct sock *sk, struct ip_msfilter *msf, int ifindex) 2446 { 2447 int err = 0; 2448 struct ip_mreqn imr; 2449 __be32 addr = msf->imsf_multiaddr; 2450 struct ip_mc_socklist *pmc; 2451 struct in_device *in_dev; 2452 struct inet_sock *inet = inet_sk(sk); 2453 struct ip_sf_socklist *newpsl, *psl; 2454 struct net *net = sock_net(sk); 2455 int leavegroup = 0; 2456 2457 if (!ipv4_is_multicast(addr)) 2458 return -EINVAL; 2459 if (msf->imsf_fmode != MCAST_INCLUDE && 2460 msf->imsf_fmode != MCAST_EXCLUDE) 2461 return -EINVAL; 2462 2463 ASSERT_RTNL(); 2464 2465 imr.imr_multiaddr.s_addr = msf->imsf_multiaddr; 2466 imr.imr_address.s_addr = msf->imsf_interface; 2467 imr.imr_ifindex = ifindex; 2468 in_dev = ip_mc_find_dev(net, &imr); 2469 2470 if (!in_dev) { 2471 err = -ENODEV; 2472 goto done; 2473 } 2474 2475 /* special case - (INCLUDE, empty) == LEAVE_GROUP */ 2476 if (msf->imsf_fmode == MCAST_INCLUDE && msf->imsf_numsrc == 0) { 2477 leavegroup = 1; 2478 goto done; 2479 } 2480 2481 for_each_pmc_rtnl(inet, pmc) { 2482 if (pmc->multi.imr_multiaddr.s_addr == msf->imsf_multiaddr && 2483 pmc->multi.imr_ifindex == imr.imr_ifindex) 2484 break; 2485 } 2486 if (!pmc) { /* must have a prior join */ 2487 err = -EINVAL; 2488 goto done; 2489 } 2490 if (msf->imsf_numsrc) { 2491 newpsl = sock_kmalloc(sk, struct_size(newpsl, sl_addr, 2492 msf->imsf_numsrc), 2493 GFP_KERNEL); 2494 if (!newpsl) { 2495 err = -ENOBUFS; 2496 goto done; 2497 } 2498 newpsl->sl_max = newpsl->sl_count = msf->imsf_numsrc; 2499 memcpy(newpsl->sl_addr, msf->imsf_slist_flex, 2500 flex_array_size(msf, imsf_slist_flex, msf->imsf_numsrc)); 2501 err = ip_mc_add_src(in_dev, &msf->imsf_multiaddr, 2502 msf->imsf_fmode, newpsl->sl_count, newpsl->sl_addr, 0); 2503 if (err) { 2504 sock_kfree_s(sk, newpsl, 2505 struct_size(newpsl, sl_addr, 2506 newpsl->sl_max)); 2507 goto done; 2508 } 2509 } else { 2510 newpsl = NULL; 2511 (void) ip_mc_add_src(in_dev, &msf->imsf_multiaddr, 2512 msf->imsf_fmode, 0, NULL, 0); 2513 } 2514 psl = rtnl_dereference(pmc->sflist); 2515 if (psl) { 2516 (void) ip_mc_del_src(in_dev, &msf->imsf_multiaddr, pmc->sfmode, 2517 psl->sl_count, psl->sl_addr, 0); 2518 /* decrease mem now to avoid the memleak warning */ 2519 atomic_sub(struct_size(psl, sl_addr, psl->sl_max), 2520 &sk->sk_omem_alloc); 2521 } else { 2522 (void) ip_mc_del_src(in_dev, &msf->imsf_multiaddr, pmc->sfmode, 2523 0, NULL, 0); 2524 } 2525 rcu_assign_pointer(pmc->sflist, newpsl); 2526 if (psl) 2527 kfree_rcu(psl, rcu); 2528 pmc->sfmode = msf->imsf_fmode; 2529 err = 0; 2530 done: 2531 if (leavegroup) 2532 err = ip_mc_leave_group(sk, &imr); 2533 return err; 2534 } 2535 int ip_mc_msfget(struct sock *sk, struct ip_msfilter *msf, 2536 sockptr_t optval, sockptr_t optlen) 2537 { 2538 int err, len, count, copycount, msf_size; 2539 struct ip_mreqn imr; 2540 __be32 addr = msf->imsf_multiaddr; 2541 struct ip_mc_socklist *pmc; 2542 struct in_device *in_dev; 2543 struct inet_sock *inet = inet_sk(sk); 2544 struct ip_sf_socklist *psl; 2545 struct net *net = sock_net(sk); 2546 2547 ASSERT_RTNL(); 2548 2549 if (!ipv4_is_multicast(addr)) 2550 return -EINVAL; 2551 2552 imr.imr_multiaddr.s_addr = msf->imsf_multiaddr; 2553 imr.imr_address.s_addr = msf->imsf_interface; 2554 imr.imr_ifindex = 0; 2555 in_dev = ip_mc_find_dev(net, &imr); 2556 2557 if (!in_dev) { 2558 err = -ENODEV; 2559 goto done; 2560 } 2561 err = -EADDRNOTAVAIL; 2562 2563 for_each_pmc_rtnl(inet, pmc) { 2564 if (pmc->multi.imr_multiaddr.s_addr == msf->imsf_multiaddr && 2565 pmc->multi.imr_ifindex == imr.imr_ifindex) 2566 break; 2567 } 2568 if (!pmc) /* must have a prior join */ 2569 goto done; 2570 msf->imsf_fmode = pmc->sfmode; 2571 psl = rtnl_dereference(pmc->sflist); 2572 if (!psl) { 2573 count = 0; 2574 } else { 2575 count = psl->sl_count; 2576 } 2577 copycount = count < msf->imsf_numsrc ? count : msf->imsf_numsrc; 2578 len = flex_array_size(psl, sl_addr, copycount); 2579 msf->imsf_numsrc = count; 2580 msf_size = IP_MSFILTER_SIZE(copycount); 2581 if (copy_to_sockptr(optlen, &msf_size, sizeof(int)) || 2582 copy_to_sockptr(optval, msf, IP_MSFILTER_SIZE(0))) { 2583 return -EFAULT; 2584 } 2585 if (len && 2586 copy_to_sockptr_offset(optval, 2587 offsetof(struct ip_msfilter, imsf_slist_flex), 2588 psl->sl_addr, len)) 2589 return -EFAULT; 2590 return 0; 2591 done: 2592 return err; 2593 } 2594 2595 int ip_mc_gsfget(struct sock *sk, struct group_filter *gsf, 2596 sockptr_t optval, size_t ss_offset) 2597 { 2598 int i, count, copycount; 2599 struct sockaddr_in *psin; 2600 __be32 addr; 2601 struct ip_mc_socklist *pmc; 2602 struct inet_sock *inet = inet_sk(sk); 2603 struct ip_sf_socklist *psl; 2604 2605 ASSERT_RTNL(); 2606 2607 psin = (struct sockaddr_in *)&gsf->gf_group; 2608 if (psin->sin_family != AF_INET) 2609 return -EINVAL; 2610 addr = psin->sin_addr.s_addr; 2611 if (!ipv4_is_multicast(addr)) 2612 return -EINVAL; 2613 2614 for_each_pmc_rtnl(inet, pmc) { 2615 if (pmc->multi.imr_multiaddr.s_addr == addr && 2616 pmc->multi.imr_ifindex == gsf->gf_interface) 2617 break; 2618 } 2619 if (!pmc) /* must have a prior join */ 2620 return -EADDRNOTAVAIL; 2621 gsf->gf_fmode = pmc->sfmode; 2622 psl = rtnl_dereference(pmc->sflist); 2623 count = psl ? psl->sl_count : 0; 2624 copycount = count < gsf->gf_numsrc ? count : gsf->gf_numsrc; 2625 gsf->gf_numsrc = count; 2626 for (i = 0; i < copycount; i++) { 2627 struct sockaddr_storage ss; 2628 2629 psin = (struct sockaddr_in *)&ss; 2630 memset(&ss, 0, sizeof(ss)); 2631 psin->sin_family = AF_INET; 2632 psin->sin_addr.s_addr = psl->sl_addr[i]; 2633 if (copy_to_sockptr_offset(optval, ss_offset, 2634 &ss, sizeof(ss))) 2635 return -EFAULT; 2636 ss_offset += sizeof(ss); 2637 } 2638 return 0; 2639 } 2640 2641 /* 2642 * check if a multicast source filter allows delivery for a given <src,dst,intf> 2643 */ 2644 int ip_mc_sf_allow(const struct sock *sk, __be32 loc_addr, __be32 rmt_addr, 2645 int dif, int sdif) 2646 { 2647 const struct inet_sock *inet = inet_sk(sk); 2648 struct ip_mc_socklist *pmc; 2649 struct ip_sf_socklist *psl; 2650 int i; 2651 int ret; 2652 2653 ret = 1; 2654 if (!ipv4_is_multicast(loc_addr)) 2655 goto out; 2656 2657 rcu_read_lock(); 2658 for_each_pmc_rcu(inet, pmc) { 2659 if (pmc->multi.imr_multiaddr.s_addr == loc_addr && 2660 (pmc->multi.imr_ifindex == dif || 2661 (sdif && pmc->multi.imr_ifindex == sdif))) 2662 break; 2663 } 2664 ret = inet_test_bit(MC_ALL, sk); 2665 if (!pmc) 2666 goto unlock; 2667 psl = rcu_dereference(pmc->sflist); 2668 ret = (pmc->sfmode == MCAST_EXCLUDE); 2669 if (!psl) 2670 goto unlock; 2671 2672 for (i = 0; i < psl->sl_count; i++) { 2673 if (psl->sl_addr[i] == rmt_addr) 2674 break; 2675 } 2676 ret = 0; 2677 if (pmc->sfmode == MCAST_INCLUDE && i >= psl->sl_count) 2678 goto unlock; 2679 if (pmc->sfmode == MCAST_EXCLUDE && i < psl->sl_count) 2680 goto unlock; 2681 ret = 1; 2682 unlock: 2683 rcu_read_unlock(); 2684 out: 2685 return ret; 2686 } 2687 2688 /* 2689 * A socket is closing. 2690 */ 2691 2692 void ip_mc_drop_socket(struct sock *sk) 2693 { 2694 struct inet_sock *inet = inet_sk(sk); 2695 struct ip_mc_socklist *iml; 2696 struct net *net = sock_net(sk); 2697 2698 if (!inet->mc_list) 2699 return; 2700 2701 rtnl_lock(); 2702 while ((iml = rtnl_dereference(inet->mc_list)) != NULL) { 2703 struct in_device *in_dev; 2704 2705 inet->mc_list = iml->next_rcu; 2706 in_dev = inetdev_by_index(net, iml->multi.imr_ifindex); 2707 (void) ip_mc_leave_src(sk, iml, in_dev); 2708 if (in_dev) 2709 ip_mc_dec_group(in_dev, iml->multi.imr_multiaddr.s_addr); 2710 /* decrease mem now to avoid the memleak warning */ 2711 atomic_sub(sizeof(*iml), &sk->sk_omem_alloc); 2712 kfree_rcu(iml, rcu); 2713 } 2714 rtnl_unlock(); 2715 } 2716 2717 /* called with rcu_read_lock() */ 2718 int ip_check_mc_rcu(struct in_device *in_dev, __be32 mc_addr, __be32 src_addr, u8 proto) 2719 { 2720 struct ip_mc_list *im; 2721 struct ip_mc_list __rcu **mc_hash; 2722 struct ip_sf_list *psf; 2723 int rv = 0; 2724 2725 mc_hash = rcu_dereference(in_dev->mc_hash); 2726 if (mc_hash) { 2727 u32 hash = hash_32((__force u32)mc_addr, MC_HASH_SZ_LOG); 2728 2729 for (im = rcu_dereference(mc_hash[hash]); 2730 im != NULL; 2731 im = rcu_dereference(im->next_hash)) { 2732 if (im->multiaddr == mc_addr) 2733 break; 2734 } 2735 } else { 2736 for_each_pmc_rcu(in_dev, im) { 2737 if (im->multiaddr == mc_addr) 2738 break; 2739 } 2740 } 2741 if (im && proto == IPPROTO_IGMP) { 2742 rv = 1; 2743 } else if (im) { 2744 if (src_addr) { 2745 spin_lock_bh(&im->lock); 2746 for (psf = im->sources; psf; psf = psf->sf_next) { 2747 if (psf->sf_inaddr == src_addr) 2748 break; 2749 } 2750 if (psf) 2751 rv = psf->sf_count[MCAST_INCLUDE] || 2752 psf->sf_count[MCAST_EXCLUDE] != 2753 im->sfcount[MCAST_EXCLUDE]; 2754 else 2755 rv = im->sfcount[MCAST_EXCLUDE] != 0; 2756 spin_unlock_bh(&im->lock); 2757 } else 2758 rv = 1; /* unspecified source; tentatively allow */ 2759 } 2760 return rv; 2761 } 2762 2763 #if defined(CONFIG_PROC_FS) 2764 struct igmp_mc_iter_state { 2765 struct seq_net_private p; 2766 struct net_device *dev; 2767 struct in_device *in_dev; 2768 }; 2769 2770 #define igmp_mc_seq_private(seq) ((struct igmp_mc_iter_state *)(seq)->private) 2771 2772 static inline struct ip_mc_list *igmp_mc_get_first(struct seq_file *seq) 2773 { 2774 struct net *net = seq_file_net(seq); 2775 struct ip_mc_list *im = NULL; 2776 struct igmp_mc_iter_state *state = igmp_mc_seq_private(seq); 2777 2778 state->in_dev = NULL; 2779 for_each_netdev_rcu(net, state->dev) { 2780 struct in_device *in_dev; 2781 2782 in_dev = __in_dev_get_rcu(state->dev); 2783 if (!in_dev) 2784 continue; 2785 im = rcu_dereference(in_dev->mc_list); 2786 if (im) { 2787 state->in_dev = in_dev; 2788 break; 2789 } 2790 } 2791 return im; 2792 } 2793 2794 static struct ip_mc_list *igmp_mc_get_next(struct seq_file *seq, struct ip_mc_list *im) 2795 { 2796 struct igmp_mc_iter_state *state = igmp_mc_seq_private(seq); 2797 2798 im = rcu_dereference(im->next_rcu); 2799 while (!im) { 2800 state->dev = next_net_device_rcu(state->dev); 2801 if (!state->dev) { 2802 state->in_dev = NULL; 2803 break; 2804 } 2805 state->in_dev = __in_dev_get_rcu(state->dev); 2806 if (!state->in_dev) 2807 continue; 2808 im = rcu_dereference(state->in_dev->mc_list); 2809 } 2810 return im; 2811 } 2812 2813 static struct ip_mc_list *igmp_mc_get_idx(struct seq_file *seq, loff_t pos) 2814 { 2815 struct ip_mc_list *im = igmp_mc_get_first(seq); 2816 if (im) 2817 while (pos && (im = igmp_mc_get_next(seq, im)) != NULL) 2818 --pos; 2819 return pos ? NULL : im; 2820 } 2821 2822 static void *igmp_mc_seq_start(struct seq_file *seq, loff_t *pos) 2823 __acquires(rcu) 2824 { 2825 rcu_read_lock(); 2826 return *pos ? igmp_mc_get_idx(seq, *pos - 1) : SEQ_START_TOKEN; 2827 } 2828 2829 static void *igmp_mc_seq_next(struct seq_file *seq, void *v, loff_t *pos) 2830 { 2831 struct ip_mc_list *im; 2832 if (v == SEQ_START_TOKEN) 2833 im = igmp_mc_get_first(seq); 2834 else 2835 im = igmp_mc_get_next(seq, v); 2836 ++*pos; 2837 return im; 2838 } 2839 2840 static void igmp_mc_seq_stop(struct seq_file *seq, void *v) 2841 __releases(rcu) 2842 { 2843 struct igmp_mc_iter_state *state = igmp_mc_seq_private(seq); 2844 2845 state->in_dev = NULL; 2846 state->dev = NULL; 2847 rcu_read_unlock(); 2848 } 2849 2850 static int igmp_mc_seq_show(struct seq_file *seq, void *v) 2851 { 2852 if (v == SEQ_START_TOKEN) 2853 seq_puts(seq, 2854 "Idx\tDevice : Count Querier\tGroup Users Timer\tReporter\n"); 2855 else { 2856 struct ip_mc_list *im = v; 2857 struct igmp_mc_iter_state *state = igmp_mc_seq_private(seq); 2858 char *querier; 2859 long delta; 2860 2861 #ifdef CONFIG_IP_MULTICAST 2862 querier = IGMP_V1_SEEN(state->in_dev) ? "V1" : 2863 IGMP_V2_SEEN(state->in_dev) ? "V2" : 2864 "V3"; 2865 #else 2866 querier = "NONE"; 2867 #endif 2868 2869 if (rcu_access_pointer(state->in_dev->mc_list) == im) { 2870 seq_printf(seq, "%d\t%-10s: %5d %7s\n", 2871 state->dev->ifindex, state->dev->name, state->in_dev->mc_count, querier); 2872 } 2873 2874 delta = im->timer.expires - jiffies; 2875 seq_printf(seq, 2876 "\t\t\t\t%08X %5d %d:%08lX\t\t%d\n", 2877 im->multiaddr, im->users, 2878 im->tm_running, 2879 im->tm_running ? jiffies_delta_to_clock_t(delta) : 0, 2880 im->reporter); 2881 } 2882 return 0; 2883 } 2884 2885 static const struct seq_operations igmp_mc_seq_ops = { 2886 .start = igmp_mc_seq_start, 2887 .next = igmp_mc_seq_next, 2888 .stop = igmp_mc_seq_stop, 2889 .show = igmp_mc_seq_show, 2890 }; 2891 2892 struct igmp_mcf_iter_state { 2893 struct seq_net_private p; 2894 struct net_device *dev; 2895 struct in_device *idev; 2896 struct ip_mc_list *im; 2897 }; 2898 2899 #define igmp_mcf_seq_private(seq) ((struct igmp_mcf_iter_state *)(seq)->private) 2900 2901 static inline struct ip_sf_list *igmp_mcf_get_first(struct seq_file *seq) 2902 { 2903 struct net *net = seq_file_net(seq); 2904 struct ip_sf_list *psf = NULL; 2905 struct ip_mc_list *im = NULL; 2906 struct igmp_mcf_iter_state *state = igmp_mcf_seq_private(seq); 2907 2908 state->idev = NULL; 2909 state->im = NULL; 2910 for_each_netdev_rcu(net, state->dev) { 2911 struct in_device *idev; 2912 idev = __in_dev_get_rcu(state->dev); 2913 if (unlikely(!idev)) 2914 continue; 2915 im = rcu_dereference(idev->mc_list); 2916 if (likely(im)) { 2917 spin_lock_bh(&im->lock); 2918 psf = im->sources; 2919 if (likely(psf)) { 2920 state->im = im; 2921 state->idev = idev; 2922 break; 2923 } 2924 spin_unlock_bh(&im->lock); 2925 } 2926 } 2927 return psf; 2928 } 2929 2930 static struct ip_sf_list *igmp_mcf_get_next(struct seq_file *seq, struct ip_sf_list *psf) 2931 { 2932 struct igmp_mcf_iter_state *state = igmp_mcf_seq_private(seq); 2933 2934 psf = psf->sf_next; 2935 while (!psf) { 2936 spin_unlock_bh(&state->im->lock); 2937 state->im = state->im->next; 2938 while (!state->im) { 2939 state->dev = next_net_device_rcu(state->dev); 2940 if (!state->dev) { 2941 state->idev = NULL; 2942 goto out; 2943 } 2944 state->idev = __in_dev_get_rcu(state->dev); 2945 if (!state->idev) 2946 continue; 2947 state->im = rcu_dereference(state->idev->mc_list); 2948 } 2949 spin_lock_bh(&state->im->lock); 2950 psf = state->im->sources; 2951 } 2952 out: 2953 return psf; 2954 } 2955 2956 static struct ip_sf_list *igmp_mcf_get_idx(struct seq_file *seq, loff_t pos) 2957 { 2958 struct ip_sf_list *psf = igmp_mcf_get_first(seq); 2959 if (psf) 2960 while (pos && (psf = igmp_mcf_get_next(seq, psf)) != NULL) 2961 --pos; 2962 return pos ? NULL : psf; 2963 } 2964 2965 static void *igmp_mcf_seq_start(struct seq_file *seq, loff_t *pos) 2966 __acquires(rcu) 2967 { 2968 rcu_read_lock(); 2969 return *pos ? igmp_mcf_get_idx(seq, *pos - 1) : SEQ_START_TOKEN; 2970 } 2971 2972 static void *igmp_mcf_seq_next(struct seq_file *seq, void *v, loff_t *pos) 2973 { 2974 struct ip_sf_list *psf; 2975 if (v == SEQ_START_TOKEN) 2976 psf = igmp_mcf_get_first(seq); 2977 else 2978 psf = igmp_mcf_get_next(seq, v); 2979 ++*pos; 2980 return psf; 2981 } 2982 2983 static void igmp_mcf_seq_stop(struct seq_file *seq, void *v) 2984 __releases(rcu) 2985 { 2986 struct igmp_mcf_iter_state *state = igmp_mcf_seq_private(seq); 2987 if (likely(state->im)) { 2988 spin_unlock_bh(&state->im->lock); 2989 state->im = NULL; 2990 } 2991 state->idev = NULL; 2992 state->dev = NULL; 2993 rcu_read_unlock(); 2994 } 2995 2996 static int igmp_mcf_seq_show(struct seq_file *seq, void *v) 2997 { 2998 struct ip_sf_list *psf = v; 2999 struct igmp_mcf_iter_state *state = igmp_mcf_seq_private(seq); 3000 3001 if (v == SEQ_START_TOKEN) { 3002 seq_puts(seq, "Idx Device MCA SRC INC EXC\n"); 3003 } else { 3004 seq_printf(seq, 3005 "%3d %6.6s 0x%08x " 3006 "0x%08x %6lu %6lu\n", 3007 state->dev->ifindex, state->dev->name, 3008 ntohl(state->im->multiaddr), 3009 ntohl(psf->sf_inaddr), 3010 psf->sf_count[MCAST_INCLUDE], 3011 psf->sf_count[MCAST_EXCLUDE]); 3012 } 3013 return 0; 3014 } 3015 3016 static const struct seq_operations igmp_mcf_seq_ops = { 3017 .start = igmp_mcf_seq_start, 3018 .next = igmp_mcf_seq_next, 3019 .stop = igmp_mcf_seq_stop, 3020 .show = igmp_mcf_seq_show, 3021 }; 3022 3023 static int __net_init igmp_net_init(struct net *net) 3024 { 3025 struct proc_dir_entry *pde; 3026 int err; 3027 3028 pde = proc_create_net("igmp", 0444, net->proc_net, &igmp_mc_seq_ops, 3029 sizeof(struct igmp_mc_iter_state)); 3030 if (!pde) 3031 goto out_igmp; 3032 pde = proc_create_net("mcfilter", 0444, net->proc_net, 3033 &igmp_mcf_seq_ops, sizeof(struct igmp_mcf_iter_state)); 3034 if (!pde) 3035 goto out_mcfilter; 3036 err = inet_ctl_sock_create(&net->ipv4.mc_autojoin_sk, AF_INET, 3037 SOCK_DGRAM, 0, net); 3038 if (err < 0) { 3039 pr_err("Failed to initialize the IGMP autojoin socket (err %d)\n", 3040 err); 3041 goto out_sock; 3042 } 3043 3044 return 0; 3045 3046 out_sock: 3047 remove_proc_entry("mcfilter", net->proc_net); 3048 out_mcfilter: 3049 remove_proc_entry("igmp", net->proc_net); 3050 out_igmp: 3051 return -ENOMEM; 3052 } 3053 3054 static void __net_exit igmp_net_exit(struct net *net) 3055 { 3056 remove_proc_entry("mcfilter", net->proc_net); 3057 remove_proc_entry("igmp", net->proc_net); 3058 inet_ctl_sock_destroy(net->ipv4.mc_autojoin_sk); 3059 } 3060 3061 static struct pernet_operations igmp_net_ops = { 3062 .init = igmp_net_init, 3063 .exit = igmp_net_exit, 3064 }; 3065 #endif 3066 3067 static int igmp_netdev_event(struct notifier_block *this, 3068 unsigned long event, void *ptr) 3069 { 3070 struct net_device *dev = netdev_notifier_info_to_dev(ptr); 3071 struct in_device *in_dev; 3072 3073 switch (event) { 3074 case NETDEV_RESEND_IGMP: 3075 in_dev = __in_dev_get_rtnl(dev); 3076 if (in_dev) 3077 ip_mc_rejoin_groups(in_dev); 3078 break; 3079 default: 3080 break; 3081 } 3082 return NOTIFY_DONE; 3083 } 3084 3085 static struct notifier_block igmp_notifier = { 3086 .notifier_call = igmp_netdev_event, 3087 }; 3088 3089 int __init igmp_mc_init(void) 3090 { 3091 #if defined(CONFIG_PROC_FS) 3092 int err; 3093 3094 err = register_pernet_subsys(&igmp_net_ops); 3095 if (err) 3096 return err; 3097 err = register_netdevice_notifier(&igmp_notifier); 3098 if (err) 3099 goto reg_notif_fail; 3100 return 0; 3101 3102 reg_notif_fail: 3103 unregister_pernet_subsys(&igmp_net_ops); 3104 return err; 3105 #else 3106 return register_netdevice_notifier(&igmp_notifier); 3107 #endif 3108 } 3109