xref: /linux/net/ipv6/ip6mr.c (revision 15a1fbdcfb519c2bd291ed01c6c94e0b89537a77)
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  *	Linux IPv6 multicast routing support for BSD pim6sd
4  *	Based on net/ipv4/ipmr.c.
5  *
6  *	(c) 2004 Mickael Hoerdt, <hoerdt@clarinet.u-strasbg.fr>
7  *		LSIIT Laboratory, Strasbourg, France
8  *	(c) 2004 Jean-Philippe Andriot, <jean-philippe.andriot@6WIND.com>
9  *		6WIND, Paris, France
10  *	Copyright (C)2007,2008 USAGI/WIDE Project
11  *		YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
12  */
13 
14 #include <linux/uaccess.h>
15 #include <linux/types.h>
16 #include <linux/sched.h>
17 #include <linux/errno.h>
18 #include <linux/mm.h>
19 #include <linux/kernel.h>
20 #include <linux/fcntl.h>
21 #include <linux/stat.h>
22 #include <linux/socket.h>
23 #include <linux/inet.h>
24 #include <linux/netdevice.h>
25 #include <linux/inetdevice.h>
26 #include <linux/proc_fs.h>
27 #include <linux/seq_file.h>
28 #include <linux/init.h>
29 #include <linux/compat.h>
30 #include <linux/rhashtable.h>
31 #include <net/protocol.h>
32 #include <linux/skbuff.h>
33 #include <net/raw.h>
34 #include <linux/notifier.h>
35 #include <linux/if_arp.h>
36 #include <net/checksum.h>
37 #include <net/netlink.h>
38 #include <net/fib_rules.h>
39 
40 #include <net/ipv6.h>
41 #include <net/ip6_route.h>
42 #include <linux/mroute6.h>
43 #include <linux/pim.h>
44 #include <net/addrconf.h>
45 #include <linux/netfilter_ipv6.h>
46 #include <linux/export.h>
47 #include <net/ip6_checksum.h>
48 #include <linux/netconf.h>
49 #include <net/ip_tunnels.h>
50 
51 #include <linux/nospec.h>
52 
53 struct ip6mr_rule {
54 	struct fib_rule		common;
55 };
56 
57 struct ip6mr_result {
58 	struct mr_table	*mrt;
59 };
60 
61 /* Big lock, protecting vif table, mrt cache and mroute socket state.
62    Note that the changes are semaphored via rtnl_lock.
63  */
64 
65 static DEFINE_RWLOCK(mrt_lock);
66 
67 /* Multicast router control variables */
68 
69 /* Special spinlock for queue of unresolved entries */
70 static DEFINE_SPINLOCK(mfc_unres_lock);
71 
72 /* We return to original Alan's scheme. Hash table of resolved
73    entries is changed only in process context and protected
74    with weak lock mrt_lock. Queue of unresolved entries is protected
75    with strong spinlock mfc_unres_lock.
76 
77    In this case data path is free of exclusive locks at all.
78  */
79 
80 static struct kmem_cache *mrt_cachep __read_mostly;
81 
82 static struct mr_table *ip6mr_new_table(struct net *net, u32 id);
83 static void ip6mr_free_table(struct mr_table *mrt);
84 
85 static void ip6_mr_forward(struct net *net, struct mr_table *mrt,
86 			   struct net_device *dev, struct sk_buff *skb,
87 			   struct mfc6_cache *cache);
88 static int ip6mr_cache_report(struct mr_table *mrt, struct sk_buff *pkt,
89 			      mifi_t mifi, int assert);
90 static void mr6_netlink_event(struct mr_table *mrt, struct mfc6_cache *mfc,
91 			      int cmd);
92 static void mrt6msg_netlink_event(struct mr_table *mrt, struct sk_buff *pkt);
93 static int ip6mr_rtm_dumproute(struct sk_buff *skb,
94 			       struct netlink_callback *cb);
95 static void mroute_clean_tables(struct mr_table *mrt, int flags);
96 static void ipmr_expire_process(struct timer_list *t);
97 
98 #ifdef CONFIG_IPV6_MROUTE_MULTIPLE_TABLES
99 #define ip6mr_for_each_table(mrt, net) \
100 	list_for_each_entry_rcu(mrt, &net->ipv6.mr6_tables, list)
101 
102 static struct mr_table *ip6mr_mr_table_iter(struct net *net,
103 					    struct mr_table *mrt)
104 {
105 	struct mr_table *ret;
106 
107 	if (!mrt)
108 		ret = list_entry_rcu(net->ipv6.mr6_tables.next,
109 				     struct mr_table, list);
110 	else
111 		ret = list_entry_rcu(mrt->list.next,
112 				     struct mr_table, list);
113 
114 	if (&ret->list == &net->ipv6.mr6_tables)
115 		return NULL;
116 	return ret;
117 }
118 
119 static struct mr_table *ip6mr_get_table(struct net *net, u32 id)
120 {
121 	struct mr_table *mrt;
122 
123 	ip6mr_for_each_table(mrt, net) {
124 		if (mrt->id == id)
125 			return mrt;
126 	}
127 	return NULL;
128 }
129 
130 static int ip6mr_fib_lookup(struct net *net, struct flowi6 *flp6,
131 			    struct mr_table **mrt)
132 {
133 	int err;
134 	struct ip6mr_result res;
135 	struct fib_lookup_arg arg = {
136 		.result = &res,
137 		.flags = FIB_LOOKUP_NOREF,
138 	};
139 
140 	/* update flow if oif or iif point to device enslaved to l3mdev */
141 	l3mdev_update_flow(net, flowi6_to_flowi(flp6));
142 
143 	err = fib_rules_lookup(net->ipv6.mr6_rules_ops,
144 			       flowi6_to_flowi(flp6), 0, &arg);
145 	if (err < 0)
146 		return err;
147 	*mrt = res.mrt;
148 	return 0;
149 }
150 
151 static int ip6mr_rule_action(struct fib_rule *rule, struct flowi *flp,
152 			     int flags, struct fib_lookup_arg *arg)
153 {
154 	struct ip6mr_result *res = arg->result;
155 	struct mr_table *mrt;
156 
157 	switch (rule->action) {
158 	case FR_ACT_TO_TBL:
159 		break;
160 	case FR_ACT_UNREACHABLE:
161 		return -ENETUNREACH;
162 	case FR_ACT_PROHIBIT:
163 		return -EACCES;
164 	case FR_ACT_BLACKHOLE:
165 	default:
166 		return -EINVAL;
167 	}
168 
169 	arg->table = fib_rule_get_table(rule, arg);
170 
171 	mrt = ip6mr_get_table(rule->fr_net, arg->table);
172 	if (!mrt)
173 		return -EAGAIN;
174 	res->mrt = mrt;
175 	return 0;
176 }
177 
178 static int ip6mr_rule_match(struct fib_rule *rule, struct flowi *flp, int flags)
179 {
180 	return 1;
181 }
182 
183 static const struct nla_policy ip6mr_rule_policy[FRA_MAX + 1] = {
184 	FRA_GENERIC_POLICY,
185 };
186 
187 static int ip6mr_rule_configure(struct fib_rule *rule, struct sk_buff *skb,
188 				struct fib_rule_hdr *frh, struct nlattr **tb,
189 				struct netlink_ext_ack *extack)
190 {
191 	return 0;
192 }
193 
194 static int ip6mr_rule_compare(struct fib_rule *rule, struct fib_rule_hdr *frh,
195 			      struct nlattr **tb)
196 {
197 	return 1;
198 }
199 
200 static int ip6mr_rule_fill(struct fib_rule *rule, struct sk_buff *skb,
201 			   struct fib_rule_hdr *frh)
202 {
203 	frh->dst_len = 0;
204 	frh->src_len = 0;
205 	frh->tos     = 0;
206 	return 0;
207 }
208 
209 static const struct fib_rules_ops __net_initconst ip6mr_rules_ops_template = {
210 	.family		= RTNL_FAMILY_IP6MR,
211 	.rule_size	= sizeof(struct ip6mr_rule),
212 	.addr_size	= sizeof(struct in6_addr),
213 	.action		= ip6mr_rule_action,
214 	.match		= ip6mr_rule_match,
215 	.configure	= ip6mr_rule_configure,
216 	.compare	= ip6mr_rule_compare,
217 	.fill		= ip6mr_rule_fill,
218 	.nlgroup	= RTNLGRP_IPV6_RULE,
219 	.policy		= ip6mr_rule_policy,
220 	.owner		= THIS_MODULE,
221 };
222 
223 static int __net_init ip6mr_rules_init(struct net *net)
224 {
225 	struct fib_rules_ops *ops;
226 	struct mr_table *mrt;
227 	int err;
228 
229 	ops = fib_rules_register(&ip6mr_rules_ops_template, net);
230 	if (IS_ERR(ops))
231 		return PTR_ERR(ops);
232 
233 	INIT_LIST_HEAD(&net->ipv6.mr6_tables);
234 
235 	mrt = ip6mr_new_table(net, RT6_TABLE_DFLT);
236 	if (IS_ERR(mrt)) {
237 		err = PTR_ERR(mrt);
238 		goto err1;
239 	}
240 
241 	err = fib_default_rule_add(ops, 0x7fff, RT6_TABLE_DFLT, 0);
242 	if (err < 0)
243 		goto err2;
244 
245 	net->ipv6.mr6_rules_ops = ops;
246 	return 0;
247 
248 err2:
249 	ip6mr_free_table(mrt);
250 err1:
251 	fib_rules_unregister(ops);
252 	return err;
253 }
254 
255 static void __net_exit ip6mr_rules_exit(struct net *net)
256 {
257 	struct mr_table *mrt, *next;
258 
259 	rtnl_lock();
260 	list_for_each_entry_safe(mrt, next, &net->ipv6.mr6_tables, list) {
261 		list_del(&mrt->list);
262 		ip6mr_free_table(mrt);
263 	}
264 	fib_rules_unregister(net->ipv6.mr6_rules_ops);
265 	rtnl_unlock();
266 }
267 
268 static int ip6mr_rules_dump(struct net *net, struct notifier_block *nb,
269 			    struct netlink_ext_ack *extack)
270 {
271 	return fib_rules_dump(net, nb, RTNL_FAMILY_IP6MR, extack);
272 }
273 
274 static unsigned int ip6mr_rules_seq_read(struct net *net)
275 {
276 	return fib_rules_seq_read(net, RTNL_FAMILY_IP6MR);
277 }
278 
279 bool ip6mr_rule_default(const struct fib_rule *rule)
280 {
281 	return fib_rule_matchall(rule) && rule->action == FR_ACT_TO_TBL &&
282 	       rule->table == RT6_TABLE_DFLT && !rule->l3mdev;
283 }
284 EXPORT_SYMBOL(ip6mr_rule_default);
285 #else
286 #define ip6mr_for_each_table(mrt, net) \
287 	for (mrt = net->ipv6.mrt6; mrt; mrt = NULL)
288 
289 static struct mr_table *ip6mr_mr_table_iter(struct net *net,
290 					    struct mr_table *mrt)
291 {
292 	if (!mrt)
293 		return net->ipv6.mrt6;
294 	return NULL;
295 }
296 
297 static struct mr_table *ip6mr_get_table(struct net *net, u32 id)
298 {
299 	return net->ipv6.mrt6;
300 }
301 
302 static int ip6mr_fib_lookup(struct net *net, struct flowi6 *flp6,
303 			    struct mr_table **mrt)
304 {
305 	*mrt = net->ipv6.mrt6;
306 	return 0;
307 }
308 
309 static int __net_init ip6mr_rules_init(struct net *net)
310 {
311 	struct mr_table *mrt;
312 
313 	mrt = ip6mr_new_table(net, RT6_TABLE_DFLT);
314 	if (IS_ERR(mrt))
315 		return PTR_ERR(mrt);
316 	net->ipv6.mrt6 = mrt;
317 	return 0;
318 }
319 
320 static void __net_exit ip6mr_rules_exit(struct net *net)
321 {
322 	rtnl_lock();
323 	ip6mr_free_table(net->ipv6.mrt6);
324 	net->ipv6.mrt6 = NULL;
325 	rtnl_unlock();
326 }
327 
328 static int ip6mr_rules_dump(struct net *net, struct notifier_block *nb,
329 			    struct netlink_ext_ack *extack)
330 {
331 	return 0;
332 }
333 
334 static unsigned int ip6mr_rules_seq_read(struct net *net)
335 {
336 	return 0;
337 }
338 #endif
339 
340 static int ip6mr_hash_cmp(struct rhashtable_compare_arg *arg,
341 			  const void *ptr)
342 {
343 	const struct mfc6_cache_cmp_arg *cmparg = arg->key;
344 	struct mfc6_cache *c = (struct mfc6_cache *)ptr;
345 
346 	return !ipv6_addr_equal(&c->mf6c_mcastgrp, &cmparg->mf6c_mcastgrp) ||
347 	       !ipv6_addr_equal(&c->mf6c_origin, &cmparg->mf6c_origin);
348 }
349 
350 static const struct rhashtable_params ip6mr_rht_params = {
351 	.head_offset = offsetof(struct mr_mfc, mnode),
352 	.key_offset = offsetof(struct mfc6_cache, cmparg),
353 	.key_len = sizeof(struct mfc6_cache_cmp_arg),
354 	.nelem_hint = 3,
355 	.obj_cmpfn = ip6mr_hash_cmp,
356 	.automatic_shrinking = true,
357 };
358 
359 static void ip6mr_new_table_set(struct mr_table *mrt,
360 				struct net *net)
361 {
362 #ifdef CONFIG_IPV6_MROUTE_MULTIPLE_TABLES
363 	list_add_tail_rcu(&mrt->list, &net->ipv6.mr6_tables);
364 #endif
365 }
366 
367 static struct mfc6_cache_cmp_arg ip6mr_mr_table_ops_cmparg_any = {
368 	.mf6c_origin = IN6ADDR_ANY_INIT,
369 	.mf6c_mcastgrp = IN6ADDR_ANY_INIT,
370 };
371 
372 static struct mr_table_ops ip6mr_mr_table_ops = {
373 	.rht_params = &ip6mr_rht_params,
374 	.cmparg_any = &ip6mr_mr_table_ops_cmparg_any,
375 };
376 
377 static struct mr_table *ip6mr_new_table(struct net *net, u32 id)
378 {
379 	struct mr_table *mrt;
380 
381 	mrt = ip6mr_get_table(net, id);
382 	if (mrt)
383 		return mrt;
384 
385 	return mr_table_alloc(net, id, &ip6mr_mr_table_ops,
386 			      ipmr_expire_process, ip6mr_new_table_set);
387 }
388 
389 static void ip6mr_free_table(struct mr_table *mrt)
390 {
391 	del_timer_sync(&mrt->ipmr_expire_timer);
392 	mroute_clean_tables(mrt, MRT6_FLUSH_MIFS | MRT6_FLUSH_MIFS_STATIC |
393 				 MRT6_FLUSH_MFC | MRT6_FLUSH_MFC_STATIC);
394 	rhltable_destroy(&mrt->mfc_hash);
395 	kfree(mrt);
396 }
397 
398 #ifdef CONFIG_PROC_FS
399 /* The /proc interfaces to multicast routing
400  * /proc/ip6_mr_cache /proc/ip6_mr_vif
401  */
402 
403 static void *ip6mr_vif_seq_start(struct seq_file *seq, loff_t *pos)
404 	__acquires(mrt_lock)
405 {
406 	struct mr_vif_iter *iter = seq->private;
407 	struct net *net = seq_file_net(seq);
408 	struct mr_table *mrt;
409 
410 	mrt = ip6mr_get_table(net, RT6_TABLE_DFLT);
411 	if (!mrt)
412 		return ERR_PTR(-ENOENT);
413 
414 	iter->mrt = mrt;
415 
416 	read_lock(&mrt_lock);
417 	return mr_vif_seq_start(seq, pos);
418 }
419 
420 static void ip6mr_vif_seq_stop(struct seq_file *seq, void *v)
421 	__releases(mrt_lock)
422 {
423 	read_unlock(&mrt_lock);
424 }
425 
426 static int ip6mr_vif_seq_show(struct seq_file *seq, void *v)
427 {
428 	struct mr_vif_iter *iter = seq->private;
429 	struct mr_table *mrt = iter->mrt;
430 
431 	if (v == SEQ_START_TOKEN) {
432 		seq_puts(seq,
433 			 "Interface      BytesIn  PktsIn  BytesOut PktsOut Flags\n");
434 	} else {
435 		const struct vif_device *vif = v;
436 		const char *name = vif->dev ? vif->dev->name : "none";
437 
438 		seq_printf(seq,
439 			   "%2td %-10s %8ld %7ld  %8ld %7ld %05X\n",
440 			   vif - mrt->vif_table,
441 			   name, vif->bytes_in, vif->pkt_in,
442 			   vif->bytes_out, vif->pkt_out,
443 			   vif->flags);
444 	}
445 	return 0;
446 }
447 
448 static const struct seq_operations ip6mr_vif_seq_ops = {
449 	.start = ip6mr_vif_seq_start,
450 	.next  = mr_vif_seq_next,
451 	.stop  = ip6mr_vif_seq_stop,
452 	.show  = ip6mr_vif_seq_show,
453 };
454 
455 static void *ipmr_mfc_seq_start(struct seq_file *seq, loff_t *pos)
456 {
457 	struct net *net = seq_file_net(seq);
458 	struct mr_table *mrt;
459 
460 	mrt = ip6mr_get_table(net, RT6_TABLE_DFLT);
461 	if (!mrt)
462 		return ERR_PTR(-ENOENT);
463 
464 	return mr_mfc_seq_start(seq, pos, mrt, &mfc_unres_lock);
465 }
466 
467 static int ipmr_mfc_seq_show(struct seq_file *seq, void *v)
468 {
469 	int n;
470 
471 	if (v == SEQ_START_TOKEN) {
472 		seq_puts(seq,
473 			 "Group                            "
474 			 "Origin                           "
475 			 "Iif      Pkts  Bytes     Wrong  Oifs\n");
476 	} else {
477 		const struct mfc6_cache *mfc = v;
478 		const struct mr_mfc_iter *it = seq->private;
479 		struct mr_table *mrt = it->mrt;
480 
481 		seq_printf(seq, "%pI6 %pI6 %-3hd",
482 			   &mfc->mf6c_mcastgrp, &mfc->mf6c_origin,
483 			   mfc->_c.mfc_parent);
484 
485 		if (it->cache != &mrt->mfc_unres_queue) {
486 			seq_printf(seq, " %8lu %8lu %8lu",
487 				   mfc->_c.mfc_un.res.pkt,
488 				   mfc->_c.mfc_un.res.bytes,
489 				   mfc->_c.mfc_un.res.wrong_if);
490 			for (n = mfc->_c.mfc_un.res.minvif;
491 			     n < mfc->_c.mfc_un.res.maxvif; n++) {
492 				if (VIF_EXISTS(mrt, n) &&
493 				    mfc->_c.mfc_un.res.ttls[n] < 255)
494 					seq_printf(seq,
495 						   " %2d:%-3d", n,
496 						   mfc->_c.mfc_un.res.ttls[n]);
497 			}
498 		} else {
499 			/* unresolved mfc_caches don't contain
500 			 * pkt, bytes and wrong_if values
501 			 */
502 			seq_printf(seq, " %8lu %8lu %8lu", 0ul, 0ul, 0ul);
503 		}
504 		seq_putc(seq, '\n');
505 	}
506 	return 0;
507 }
508 
509 static const struct seq_operations ipmr_mfc_seq_ops = {
510 	.start = ipmr_mfc_seq_start,
511 	.next  = mr_mfc_seq_next,
512 	.stop  = mr_mfc_seq_stop,
513 	.show  = ipmr_mfc_seq_show,
514 };
515 #endif
516 
517 #ifdef CONFIG_IPV6_PIMSM_V2
518 
519 static int pim6_rcv(struct sk_buff *skb)
520 {
521 	struct pimreghdr *pim;
522 	struct ipv6hdr   *encap;
523 	struct net_device  *reg_dev = NULL;
524 	struct net *net = dev_net(skb->dev);
525 	struct mr_table *mrt;
526 	struct flowi6 fl6 = {
527 		.flowi6_iif	= skb->dev->ifindex,
528 		.flowi6_mark	= skb->mark,
529 	};
530 	int reg_vif_num;
531 
532 	if (!pskb_may_pull(skb, sizeof(*pim) + sizeof(*encap)))
533 		goto drop;
534 
535 	pim = (struct pimreghdr *)skb_transport_header(skb);
536 	if (pim->type != ((PIM_VERSION << 4) | PIM_TYPE_REGISTER) ||
537 	    (pim->flags & PIM_NULL_REGISTER) ||
538 	    (csum_ipv6_magic(&ipv6_hdr(skb)->saddr, &ipv6_hdr(skb)->daddr,
539 			     sizeof(*pim), IPPROTO_PIM,
540 			     csum_partial((void *)pim, sizeof(*pim), 0)) &&
541 	     csum_fold(skb_checksum(skb, 0, skb->len, 0))))
542 		goto drop;
543 
544 	/* check if the inner packet is destined to mcast group */
545 	encap = (struct ipv6hdr *)(skb_transport_header(skb) +
546 				   sizeof(*pim));
547 
548 	if (!ipv6_addr_is_multicast(&encap->daddr) ||
549 	    encap->payload_len == 0 ||
550 	    ntohs(encap->payload_len) + sizeof(*pim) > skb->len)
551 		goto drop;
552 
553 	if (ip6mr_fib_lookup(net, &fl6, &mrt) < 0)
554 		goto drop;
555 	reg_vif_num = mrt->mroute_reg_vif_num;
556 
557 	read_lock(&mrt_lock);
558 	if (reg_vif_num >= 0)
559 		reg_dev = mrt->vif_table[reg_vif_num].dev;
560 	if (reg_dev)
561 		dev_hold(reg_dev);
562 	read_unlock(&mrt_lock);
563 
564 	if (!reg_dev)
565 		goto drop;
566 
567 	skb->mac_header = skb->network_header;
568 	skb_pull(skb, (u8 *)encap - skb->data);
569 	skb_reset_network_header(skb);
570 	skb->protocol = htons(ETH_P_IPV6);
571 	skb->ip_summed = CHECKSUM_NONE;
572 
573 	skb_tunnel_rx(skb, reg_dev, dev_net(reg_dev));
574 
575 	netif_rx(skb);
576 
577 	dev_put(reg_dev);
578 	return 0;
579  drop:
580 	kfree_skb(skb);
581 	return 0;
582 }
583 
584 static const struct inet6_protocol pim6_protocol = {
585 	.handler	=	pim6_rcv,
586 };
587 
588 /* Service routines creating virtual interfaces: PIMREG */
589 
590 static netdev_tx_t reg_vif_xmit(struct sk_buff *skb,
591 				      struct net_device *dev)
592 {
593 	struct net *net = dev_net(dev);
594 	struct mr_table *mrt;
595 	struct flowi6 fl6 = {
596 		.flowi6_oif	= dev->ifindex,
597 		.flowi6_iif	= skb->skb_iif ? : LOOPBACK_IFINDEX,
598 		.flowi6_mark	= skb->mark,
599 	};
600 
601 	if (!pskb_inet_may_pull(skb))
602 		goto tx_err;
603 
604 	if (ip6mr_fib_lookup(net, &fl6, &mrt) < 0)
605 		goto tx_err;
606 
607 	read_lock(&mrt_lock);
608 	dev->stats.tx_bytes += skb->len;
609 	dev->stats.tx_packets++;
610 	ip6mr_cache_report(mrt, skb, mrt->mroute_reg_vif_num, MRT6MSG_WHOLEPKT);
611 	read_unlock(&mrt_lock);
612 	kfree_skb(skb);
613 	return NETDEV_TX_OK;
614 
615 tx_err:
616 	dev->stats.tx_errors++;
617 	kfree_skb(skb);
618 	return NETDEV_TX_OK;
619 }
620 
621 static int reg_vif_get_iflink(const struct net_device *dev)
622 {
623 	return 0;
624 }
625 
626 static const struct net_device_ops reg_vif_netdev_ops = {
627 	.ndo_start_xmit	= reg_vif_xmit,
628 	.ndo_get_iflink = reg_vif_get_iflink,
629 };
630 
631 static void reg_vif_setup(struct net_device *dev)
632 {
633 	dev->type		= ARPHRD_PIMREG;
634 	dev->mtu		= 1500 - sizeof(struct ipv6hdr) - 8;
635 	dev->flags		= IFF_NOARP;
636 	dev->netdev_ops		= &reg_vif_netdev_ops;
637 	dev->needs_free_netdev	= true;
638 	dev->features		|= NETIF_F_NETNS_LOCAL;
639 }
640 
641 static struct net_device *ip6mr_reg_vif(struct net *net, struct mr_table *mrt)
642 {
643 	struct net_device *dev;
644 	char name[IFNAMSIZ];
645 
646 	if (mrt->id == RT6_TABLE_DFLT)
647 		sprintf(name, "pim6reg");
648 	else
649 		sprintf(name, "pim6reg%u", mrt->id);
650 
651 	dev = alloc_netdev(0, name, NET_NAME_UNKNOWN, reg_vif_setup);
652 	if (!dev)
653 		return NULL;
654 
655 	dev_net_set(dev, net);
656 
657 	if (register_netdevice(dev)) {
658 		free_netdev(dev);
659 		return NULL;
660 	}
661 
662 	if (dev_open(dev, NULL))
663 		goto failure;
664 
665 	dev_hold(dev);
666 	return dev;
667 
668 failure:
669 	unregister_netdevice(dev);
670 	return NULL;
671 }
672 #endif
673 
674 static int call_ip6mr_vif_entry_notifiers(struct net *net,
675 					  enum fib_event_type event_type,
676 					  struct vif_device *vif,
677 					  mifi_t vif_index, u32 tb_id)
678 {
679 	return mr_call_vif_notifiers(net, RTNL_FAMILY_IP6MR, event_type,
680 				     vif, vif_index, tb_id,
681 				     &net->ipv6.ipmr_seq);
682 }
683 
684 static int call_ip6mr_mfc_entry_notifiers(struct net *net,
685 					  enum fib_event_type event_type,
686 					  struct mfc6_cache *mfc, u32 tb_id)
687 {
688 	return mr_call_mfc_notifiers(net, RTNL_FAMILY_IP6MR, event_type,
689 				     &mfc->_c, tb_id, &net->ipv6.ipmr_seq);
690 }
691 
692 /* Delete a VIF entry */
693 static int mif6_delete(struct mr_table *mrt, int vifi, int notify,
694 		       struct list_head *head)
695 {
696 	struct vif_device *v;
697 	struct net_device *dev;
698 	struct inet6_dev *in6_dev;
699 
700 	if (vifi < 0 || vifi >= mrt->maxvif)
701 		return -EADDRNOTAVAIL;
702 
703 	v = &mrt->vif_table[vifi];
704 
705 	if (VIF_EXISTS(mrt, vifi))
706 		call_ip6mr_vif_entry_notifiers(read_pnet(&mrt->net),
707 					       FIB_EVENT_VIF_DEL, v, vifi,
708 					       mrt->id);
709 
710 	write_lock_bh(&mrt_lock);
711 	dev = v->dev;
712 	v->dev = NULL;
713 
714 	if (!dev) {
715 		write_unlock_bh(&mrt_lock);
716 		return -EADDRNOTAVAIL;
717 	}
718 
719 #ifdef CONFIG_IPV6_PIMSM_V2
720 	if (vifi == mrt->mroute_reg_vif_num)
721 		mrt->mroute_reg_vif_num = -1;
722 #endif
723 
724 	if (vifi + 1 == mrt->maxvif) {
725 		int tmp;
726 		for (tmp = vifi - 1; tmp >= 0; tmp--) {
727 			if (VIF_EXISTS(mrt, tmp))
728 				break;
729 		}
730 		mrt->maxvif = tmp + 1;
731 	}
732 
733 	write_unlock_bh(&mrt_lock);
734 
735 	dev_set_allmulti(dev, -1);
736 
737 	in6_dev = __in6_dev_get(dev);
738 	if (in6_dev) {
739 		in6_dev->cnf.mc_forwarding--;
740 		inet6_netconf_notify_devconf(dev_net(dev), RTM_NEWNETCONF,
741 					     NETCONFA_MC_FORWARDING,
742 					     dev->ifindex, &in6_dev->cnf);
743 	}
744 
745 	if ((v->flags & MIFF_REGISTER) && !notify)
746 		unregister_netdevice_queue(dev, head);
747 
748 	dev_put(dev);
749 	return 0;
750 }
751 
752 static inline void ip6mr_cache_free_rcu(struct rcu_head *head)
753 {
754 	struct mr_mfc *c = container_of(head, struct mr_mfc, rcu);
755 
756 	kmem_cache_free(mrt_cachep, (struct mfc6_cache *)c);
757 }
758 
759 static inline void ip6mr_cache_free(struct mfc6_cache *c)
760 {
761 	call_rcu(&c->_c.rcu, ip6mr_cache_free_rcu);
762 }
763 
764 /* Destroy an unresolved cache entry, killing queued skbs
765    and reporting error to netlink readers.
766  */
767 
768 static void ip6mr_destroy_unres(struct mr_table *mrt, struct mfc6_cache *c)
769 {
770 	struct net *net = read_pnet(&mrt->net);
771 	struct sk_buff *skb;
772 
773 	atomic_dec(&mrt->cache_resolve_queue_len);
774 
775 	while ((skb = skb_dequeue(&c->_c.mfc_un.unres.unresolved)) != NULL) {
776 		if (ipv6_hdr(skb)->version == 0) {
777 			struct nlmsghdr *nlh = skb_pull(skb,
778 							sizeof(struct ipv6hdr));
779 			nlh->nlmsg_type = NLMSG_ERROR;
780 			nlh->nlmsg_len = nlmsg_msg_size(sizeof(struct nlmsgerr));
781 			skb_trim(skb, nlh->nlmsg_len);
782 			((struct nlmsgerr *)nlmsg_data(nlh))->error = -ETIMEDOUT;
783 			rtnl_unicast(skb, net, NETLINK_CB(skb).portid);
784 		} else
785 			kfree_skb(skb);
786 	}
787 
788 	ip6mr_cache_free(c);
789 }
790 
791 
792 /* Timer process for all the unresolved queue. */
793 
794 static void ipmr_do_expire_process(struct mr_table *mrt)
795 {
796 	unsigned long now = jiffies;
797 	unsigned long expires = 10 * HZ;
798 	struct mr_mfc *c, *next;
799 
800 	list_for_each_entry_safe(c, next, &mrt->mfc_unres_queue, list) {
801 		if (time_after(c->mfc_un.unres.expires, now)) {
802 			/* not yet... */
803 			unsigned long interval = c->mfc_un.unres.expires - now;
804 			if (interval < expires)
805 				expires = interval;
806 			continue;
807 		}
808 
809 		list_del(&c->list);
810 		mr6_netlink_event(mrt, (struct mfc6_cache *)c, RTM_DELROUTE);
811 		ip6mr_destroy_unres(mrt, (struct mfc6_cache *)c);
812 	}
813 
814 	if (!list_empty(&mrt->mfc_unres_queue))
815 		mod_timer(&mrt->ipmr_expire_timer, jiffies + expires);
816 }
817 
818 static void ipmr_expire_process(struct timer_list *t)
819 {
820 	struct mr_table *mrt = from_timer(mrt, t, ipmr_expire_timer);
821 
822 	if (!spin_trylock(&mfc_unres_lock)) {
823 		mod_timer(&mrt->ipmr_expire_timer, jiffies + 1);
824 		return;
825 	}
826 
827 	if (!list_empty(&mrt->mfc_unres_queue))
828 		ipmr_do_expire_process(mrt);
829 
830 	spin_unlock(&mfc_unres_lock);
831 }
832 
833 /* Fill oifs list. It is called under write locked mrt_lock. */
834 
835 static void ip6mr_update_thresholds(struct mr_table *mrt,
836 				    struct mr_mfc *cache,
837 				    unsigned char *ttls)
838 {
839 	int vifi;
840 
841 	cache->mfc_un.res.minvif = MAXMIFS;
842 	cache->mfc_un.res.maxvif = 0;
843 	memset(cache->mfc_un.res.ttls, 255, MAXMIFS);
844 
845 	for (vifi = 0; vifi < mrt->maxvif; vifi++) {
846 		if (VIF_EXISTS(mrt, vifi) &&
847 		    ttls[vifi] && ttls[vifi] < 255) {
848 			cache->mfc_un.res.ttls[vifi] = ttls[vifi];
849 			if (cache->mfc_un.res.minvif > vifi)
850 				cache->mfc_un.res.minvif = vifi;
851 			if (cache->mfc_un.res.maxvif <= vifi)
852 				cache->mfc_un.res.maxvif = vifi + 1;
853 		}
854 	}
855 	cache->mfc_un.res.lastuse = jiffies;
856 }
857 
858 static int mif6_add(struct net *net, struct mr_table *mrt,
859 		    struct mif6ctl *vifc, int mrtsock)
860 {
861 	int vifi = vifc->mif6c_mifi;
862 	struct vif_device *v = &mrt->vif_table[vifi];
863 	struct net_device *dev;
864 	struct inet6_dev *in6_dev;
865 	int err;
866 
867 	/* Is vif busy ? */
868 	if (VIF_EXISTS(mrt, vifi))
869 		return -EADDRINUSE;
870 
871 	switch (vifc->mif6c_flags) {
872 #ifdef CONFIG_IPV6_PIMSM_V2
873 	case MIFF_REGISTER:
874 		/*
875 		 * Special Purpose VIF in PIM
876 		 * All the packets will be sent to the daemon
877 		 */
878 		if (mrt->mroute_reg_vif_num >= 0)
879 			return -EADDRINUSE;
880 		dev = ip6mr_reg_vif(net, mrt);
881 		if (!dev)
882 			return -ENOBUFS;
883 		err = dev_set_allmulti(dev, 1);
884 		if (err) {
885 			unregister_netdevice(dev);
886 			dev_put(dev);
887 			return err;
888 		}
889 		break;
890 #endif
891 	case 0:
892 		dev = dev_get_by_index(net, vifc->mif6c_pifi);
893 		if (!dev)
894 			return -EADDRNOTAVAIL;
895 		err = dev_set_allmulti(dev, 1);
896 		if (err) {
897 			dev_put(dev);
898 			return err;
899 		}
900 		break;
901 	default:
902 		return -EINVAL;
903 	}
904 
905 	in6_dev = __in6_dev_get(dev);
906 	if (in6_dev) {
907 		in6_dev->cnf.mc_forwarding++;
908 		inet6_netconf_notify_devconf(dev_net(dev), RTM_NEWNETCONF,
909 					     NETCONFA_MC_FORWARDING,
910 					     dev->ifindex, &in6_dev->cnf);
911 	}
912 
913 	/* Fill in the VIF structures */
914 	vif_device_init(v, dev, vifc->vifc_rate_limit, vifc->vifc_threshold,
915 			vifc->mif6c_flags | (!mrtsock ? VIFF_STATIC : 0),
916 			MIFF_REGISTER);
917 
918 	/* And finish update writing critical data */
919 	write_lock_bh(&mrt_lock);
920 	v->dev = dev;
921 #ifdef CONFIG_IPV6_PIMSM_V2
922 	if (v->flags & MIFF_REGISTER)
923 		mrt->mroute_reg_vif_num = vifi;
924 #endif
925 	if (vifi + 1 > mrt->maxvif)
926 		mrt->maxvif = vifi + 1;
927 	write_unlock_bh(&mrt_lock);
928 	call_ip6mr_vif_entry_notifiers(net, FIB_EVENT_VIF_ADD,
929 				       v, vifi, mrt->id);
930 	return 0;
931 }
932 
933 static struct mfc6_cache *ip6mr_cache_find(struct mr_table *mrt,
934 					   const struct in6_addr *origin,
935 					   const struct in6_addr *mcastgrp)
936 {
937 	struct mfc6_cache_cmp_arg arg = {
938 		.mf6c_origin = *origin,
939 		.mf6c_mcastgrp = *mcastgrp,
940 	};
941 
942 	return mr_mfc_find(mrt, &arg);
943 }
944 
945 /* Look for a (*,G) entry */
946 static struct mfc6_cache *ip6mr_cache_find_any(struct mr_table *mrt,
947 					       struct in6_addr *mcastgrp,
948 					       mifi_t mifi)
949 {
950 	struct mfc6_cache_cmp_arg arg = {
951 		.mf6c_origin = in6addr_any,
952 		.mf6c_mcastgrp = *mcastgrp,
953 	};
954 
955 	if (ipv6_addr_any(mcastgrp))
956 		return mr_mfc_find_any_parent(mrt, mifi);
957 	return mr_mfc_find_any(mrt, mifi, &arg);
958 }
959 
960 /* Look for a (S,G,iif) entry if parent != -1 */
961 static struct mfc6_cache *
962 ip6mr_cache_find_parent(struct mr_table *mrt,
963 			const struct in6_addr *origin,
964 			const struct in6_addr *mcastgrp,
965 			int parent)
966 {
967 	struct mfc6_cache_cmp_arg arg = {
968 		.mf6c_origin = *origin,
969 		.mf6c_mcastgrp = *mcastgrp,
970 	};
971 
972 	return mr_mfc_find_parent(mrt, &arg, parent);
973 }
974 
975 /* Allocate a multicast cache entry */
976 static struct mfc6_cache *ip6mr_cache_alloc(void)
977 {
978 	struct mfc6_cache *c = kmem_cache_zalloc(mrt_cachep, GFP_KERNEL);
979 	if (!c)
980 		return NULL;
981 	c->_c.mfc_un.res.last_assert = jiffies - MFC_ASSERT_THRESH - 1;
982 	c->_c.mfc_un.res.minvif = MAXMIFS;
983 	c->_c.free = ip6mr_cache_free_rcu;
984 	refcount_set(&c->_c.mfc_un.res.refcount, 1);
985 	return c;
986 }
987 
988 static struct mfc6_cache *ip6mr_cache_alloc_unres(void)
989 {
990 	struct mfc6_cache *c = kmem_cache_zalloc(mrt_cachep, GFP_ATOMIC);
991 	if (!c)
992 		return NULL;
993 	skb_queue_head_init(&c->_c.mfc_un.unres.unresolved);
994 	c->_c.mfc_un.unres.expires = jiffies + 10 * HZ;
995 	return c;
996 }
997 
998 /*
999  *	A cache entry has gone into a resolved state from queued
1000  */
1001 
1002 static void ip6mr_cache_resolve(struct net *net, struct mr_table *mrt,
1003 				struct mfc6_cache *uc, struct mfc6_cache *c)
1004 {
1005 	struct sk_buff *skb;
1006 
1007 	/*
1008 	 *	Play the pending entries through our router
1009 	 */
1010 
1011 	while ((skb = __skb_dequeue(&uc->_c.mfc_un.unres.unresolved))) {
1012 		if (ipv6_hdr(skb)->version == 0) {
1013 			struct nlmsghdr *nlh = skb_pull(skb,
1014 							sizeof(struct ipv6hdr));
1015 
1016 			if (mr_fill_mroute(mrt, skb, &c->_c,
1017 					   nlmsg_data(nlh)) > 0) {
1018 				nlh->nlmsg_len = skb_tail_pointer(skb) - (u8 *)nlh;
1019 			} else {
1020 				nlh->nlmsg_type = NLMSG_ERROR;
1021 				nlh->nlmsg_len = nlmsg_msg_size(sizeof(struct nlmsgerr));
1022 				skb_trim(skb, nlh->nlmsg_len);
1023 				((struct nlmsgerr *)nlmsg_data(nlh))->error = -EMSGSIZE;
1024 			}
1025 			rtnl_unicast(skb, net, NETLINK_CB(skb).portid);
1026 		} else
1027 			ip6_mr_forward(net, mrt, skb->dev, skb, c);
1028 	}
1029 }
1030 
1031 /*
1032  *	Bounce a cache query up to pim6sd and netlink.
1033  *
1034  *	Called under mrt_lock.
1035  */
1036 
1037 static int ip6mr_cache_report(struct mr_table *mrt, struct sk_buff *pkt,
1038 			      mifi_t mifi, int assert)
1039 {
1040 	struct sock *mroute6_sk;
1041 	struct sk_buff *skb;
1042 	struct mrt6msg *msg;
1043 	int ret;
1044 
1045 #ifdef CONFIG_IPV6_PIMSM_V2
1046 	if (assert == MRT6MSG_WHOLEPKT)
1047 		skb = skb_realloc_headroom(pkt, -skb_network_offset(pkt)
1048 						+sizeof(*msg));
1049 	else
1050 #endif
1051 		skb = alloc_skb(sizeof(struct ipv6hdr) + sizeof(*msg), GFP_ATOMIC);
1052 
1053 	if (!skb)
1054 		return -ENOBUFS;
1055 
1056 	/* I suppose that internal messages
1057 	 * do not require checksums */
1058 
1059 	skb->ip_summed = CHECKSUM_UNNECESSARY;
1060 
1061 #ifdef CONFIG_IPV6_PIMSM_V2
1062 	if (assert == MRT6MSG_WHOLEPKT) {
1063 		/* Ugly, but we have no choice with this interface.
1064 		   Duplicate old header, fix length etc.
1065 		   And all this only to mangle msg->im6_msgtype and
1066 		   to set msg->im6_mbz to "mbz" :-)
1067 		 */
1068 		skb_push(skb, -skb_network_offset(pkt));
1069 
1070 		skb_push(skb, sizeof(*msg));
1071 		skb_reset_transport_header(skb);
1072 		msg = (struct mrt6msg *)skb_transport_header(skb);
1073 		msg->im6_mbz = 0;
1074 		msg->im6_msgtype = MRT6MSG_WHOLEPKT;
1075 		msg->im6_mif = mrt->mroute_reg_vif_num;
1076 		msg->im6_pad = 0;
1077 		msg->im6_src = ipv6_hdr(pkt)->saddr;
1078 		msg->im6_dst = ipv6_hdr(pkt)->daddr;
1079 
1080 		skb->ip_summed = CHECKSUM_UNNECESSARY;
1081 	} else
1082 #endif
1083 	{
1084 	/*
1085 	 *	Copy the IP header
1086 	 */
1087 
1088 	skb_put(skb, sizeof(struct ipv6hdr));
1089 	skb_reset_network_header(skb);
1090 	skb_copy_to_linear_data(skb, ipv6_hdr(pkt), sizeof(struct ipv6hdr));
1091 
1092 	/*
1093 	 *	Add our header
1094 	 */
1095 	skb_put(skb, sizeof(*msg));
1096 	skb_reset_transport_header(skb);
1097 	msg = (struct mrt6msg *)skb_transport_header(skb);
1098 
1099 	msg->im6_mbz = 0;
1100 	msg->im6_msgtype = assert;
1101 	msg->im6_mif = mifi;
1102 	msg->im6_pad = 0;
1103 	msg->im6_src = ipv6_hdr(pkt)->saddr;
1104 	msg->im6_dst = ipv6_hdr(pkt)->daddr;
1105 
1106 	skb_dst_set(skb, dst_clone(skb_dst(pkt)));
1107 	skb->ip_summed = CHECKSUM_UNNECESSARY;
1108 	}
1109 
1110 	rcu_read_lock();
1111 	mroute6_sk = rcu_dereference(mrt->mroute_sk);
1112 	if (!mroute6_sk) {
1113 		rcu_read_unlock();
1114 		kfree_skb(skb);
1115 		return -EINVAL;
1116 	}
1117 
1118 	mrt6msg_netlink_event(mrt, skb);
1119 
1120 	/* Deliver to user space multicast routing algorithms */
1121 	ret = sock_queue_rcv_skb(mroute6_sk, skb);
1122 	rcu_read_unlock();
1123 	if (ret < 0) {
1124 		net_warn_ratelimited("mroute6: pending queue full, dropping entries\n");
1125 		kfree_skb(skb);
1126 	}
1127 
1128 	return ret;
1129 }
1130 
1131 /* Queue a packet for resolution. It gets locked cache entry! */
1132 static int ip6mr_cache_unresolved(struct mr_table *mrt, mifi_t mifi,
1133 				  struct sk_buff *skb, struct net_device *dev)
1134 {
1135 	struct mfc6_cache *c;
1136 	bool found = false;
1137 	int err;
1138 
1139 	spin_lock_bh(&mfc_unres_lock);
1140 	list_for_each_entry(c, &mrt->mfc_unres_queue, _c.list) {
1141 		if (ipv6_addr_equal(&c->mf6c_mcastgrp, &ipv6_hdr(skb)->daddr) &&
1142 		    ipv6_addr_equal(&c->mf6c_origin, &ipv6_hdr(skb)->saddr)) {
1143 			found = true;
1144 			break;
1145 		}
1146 	}
1147 
1148 	if (!found) {
1149 		/*
1150 		 *	Create a new entry if allowable
1151 		 */
1152 
1153 		c = ip6mr_cache_alloc_unres();
1154 		if (!c) {
1155 			spin_unlock_bh(&mfc_unres_lock);
1156 
1157 			kfree_skb(skb);
1158 			return -ENOBUFS;
1159 		}
1160 
1161 		/* Fill in the new cache entry */
1162 		c->_c.mfc_parent = -1;
1163 		c->mf6c_origin = ipv6_hdr(skb)->saddr;
1164 		c->mf6c_mcastgrp = ipv6_hdr(skb)->daddr;
1165 
1166 		/*
1167 		 *	Reflect first query at pim6sd
1168 		 */
1169 		err = ip6mr_cache_report(mrt, skb, mifi, MRT6MSG_NOCACHE);
1170 		if (err < 0) {
1171 			/* If the report failed throw the cache entry
1172 			   out - Brad Parker
1173 			 */
1174 			spin_unlock_bh(&mfc_unres_lock);
1175 
1176 			ip6mr_cache_free(c);
1177 			kfree_skb(skb);
1178 			return err;
1179 		}
1180 
1181 		atomic_inc(&mrt->cache_resolve_queue_len);
1182 		list_add(&c->_c.list, &mrt->mfc_unres_queue);
1183 		mr6_netlink_event(mrt, c, RTM_NEWROUTE);
1184 
1185 		ipmr_do_expire_process(mrt);
1186 	}
1187 
1188 	/* See if we can append the packet */
1189 	if (c->_c.mfc_un.unres.unresolved.qlen > 3) {
1190 		kfree_skb(skb);
1191 		err = -ENOBUFS;
1192 	} else {
1193 		if (dev) {
1194 			skb->dev = dev;
1195 			skb->skb_iif = dev->ifindex;
1196 		}
1197 		skb_queue_tail(&c->_c.mfc_un.unres.unresolved, skb);
1198 		err = 0;
1199 	}
1200 
1201 	spin_unlock_bh(&mfc_unres_lock);
1202 	return err;
1203 }
1204 
1205 /*
1206  *	MFC6 cache manipulation by user space
1207  */
1208 
1209 static int ip6mr_mfc_delete(struct mr_table *mrt, struct mf6cctl *mfc,
1210 			    int parent)
1211 {
1212 	struct mfc6_cache *c;
1213 
1214 	/* The entries are added/deleted only under RTNL */
1215 	rcu_read_lock();
1216 	c = ip6mr_cache_find_parent(mrt, &mfc->mf6cc_origin.sin6_addr,
1217 				    &mfc->mf6cc_mcastgrp.sin6_addr, parent);
1218 	rcu_read_unlock();
1219 	if (!c)
1220 		return -ENOENT;
1221 	rhltable_remove(&mrt->mfc_hash, &c->_c.mnode, ip6mr_rht_params);
1222 	list_del_rcu(&c->_c.list);
1223 
1224 	call_ip6mr_mfc_entry_notifiers(read_pnet(&mrt->net),
1225 				       FIB_EVENT_ENTRY_DEL, c, mrt->id);
1226 	mr6_netlink_event(mrt, c, RTM_DELROUTE);
1227 	mr_cache_put(&c->_c);
1228 	return 0;
1229 }
1230 
1231 static int ip6mr_device_event(struct notifier_block *this,
1232 			      unsigned long event, void *ptr)
1233 {
1234 	struct net_device *dev = netdev_notifier_info_to_dev(ptr);
1235 	struct net *net = dev_net(dev);
1236 	struct mr_table *mrt;
1237 	struct vif_device *v;
1238 	int ct;
1239 
1240 	if (event != NETDEV_UNREGISTER)
1241 		return NOTIFY_DONE;
1242 
1243 	ip6mr_for_each_table(mrt, net) {
1244 		v = &mrt->vif_table[0];
1245 		for (ct = 0; ct < mrt->maxvif; ct++, v++) {
1246 			if (v->dev == dev)
1247 				mif6_delete(mrt, ct, 1, NULL);
1248 		}
1249 	}
1250 
1251 	return NOTIFY_DONE;
1252 }
1253 
1254 static unsigned int ip6mr_seq_read(struct net *net)
1255 {
1256 	ASSERT_RTNL();
1257 
1258 	return net->ipv6.ipmr_seq + ip6mr_rules_seq_read(net);
1259 }
1260 
1261 static int ip6mr_dump(struct net *net, struct notifier_block *nb,
1262 		      struct netlink_ext_ack *extack)
1263 {
1264 	return mr_dump(net, nb, RTNL_FAMILY_IP6MR, ip6mr_rules_dump,
1265 		       ip6mr_mr_table_iter, &mrt_lock, extack);
1266 }
1267 
1268 static struct notifier_block ip6_mr_notifier = {
1269 	.notifier_call = ip6mr_device_event
1270 };
1271 
1272 static const struct fib_notifier_ops ip6mr_notifier_ops_template = {
1273 	.family		= RTNL_FAMILY_IP6MR,
1274 	.fib_seq_read	= ip6mr_seq_read,
1275 	.fib_dump	= ip6mr_dump,
1276 	.owner		= THIS_MODULE,
1277 };
1278 
1279 static int __net_init ip6mr_notifier_init(struct net *net)
1280 {
1281 	struct fib_notifier_ops *ops;
1282 
1283 	net->ipv6.ipmr_seq = 0;
1284 
1285 	ops = fib_notifier_ops_register(&ip6mr_notifier_ops_template, net);
1286 	if (IS_ERR(ops))
1287 		return PTR_ERR(ops);
1288 
1289 	net->ipv6.ip6mr_notifier_ops = ops;
1290 
1291 	return 0;
1292 }
1293 
1294 static void __net_exit ip6mr_notifier_exit(struct net *net)
1295 {
1296 	fib_notifier_ops_unregister(net->ipv6.ip6mr_notifier_ops);
1297 	net->ipv6.ip6mr_notifier_ops = NULL;
1298 }
1299 
1300 /* Setup for IP multicast routing */
1301 static int __net_init ip6mr_net_init(struct net *net)
1302 {
1303 	int err;
1304 
1305 	err = ip6mr_notifier_init(net);
1306 	if (err)
1307 		return err;
1308 
1309 	err = ip6mr_rules_init(net);
1310 	if (err < 0)
1311 		goto ip6mr_rules_fail;
1312 
1313 #ifdef CONFIG_PROC_FS
1314 	err = -ENOMEM;
1315 	if (!proc_create_net("ip6_mr_vif", 0, net->proc_net, &ip6mr_vif_seq_ops,
1316 			sizeof(struct mr_vif_iter)))
1317 		goto proc_vif_fail;
1318 	if (!proc_create_net("ip6_mr_cache", 0, net->proc_net, &ipmr_mfc_seq_ops,
1319 			sizeof(struct mr_mfc_iter)))
1320 		goto proc_cache_fail;
1321 #endif
1322 
1323 	return 0;
1324 
1325 #ifdef CONFIG_PROC_FS
1326 proc_cache_fail:
1327 	remove_proc_entry("ip6_mr_vif", net->proc_net);
1328 proc_vif_fail:
1329 	ip6mr_rules_exit(net);
1330 #endif
1331 ip6mr_rules_fail:
1332 	ip6mr_notifier_exit(net);
1333 	return err;
1334 }
1335 
1336 static void __net_exit ip6mr_net_exit(struct net *net)
1337 {
1338 #ifdef CONFIG_PROC_FS
1339 	remove_proc_entry("ip6_mr_cache", net->proc_net);
1340 	remove_proc_entry("ip6_mr_vif", net->proc_net);
1341 #endif
1342 	ip6mr_rules_exit(net);
1343 	ip6mr_notifier_exit(net);
1344 }
1345 
1346 static struct pernet_operations ip6mr_net_ops = {
1347 	.init = ip6mr_net_init,
1348 	.exit = ip6mr_net_exit,
1349 };
1350 
1351 int __init ip6_mr_init(void)
1352 {
1353 	int err;
1354 
1355 	mrt_cachep = kmem_cache_create("ip6_mrt_cache",
1356 				       sizeof(struct mfc6_cache),
1357 				       0, SLAB_HWCACHE_ALIGN,
1358 				       NULL);
1359 	if (!mrt_cachep)
1360 		return -ENOMEM;
1361 
1362 	err = register_pernet_subsys(&ip6mr_net_ops);
1363 	if (err)
1364 		goto reg_pernet_fail;
1365 
1366 	err = register_netdevice_notifier(&ip6_mr_notifier);
1367 	if (err)
1368 		goto reg_notif_fail;
1369 #ifdef CONFIG_IPV6_PIMSM_V2
1370 	if (inet6_add_protocol(&pim6_protocol, IPPROTO_PIM) < 0) {
1371 		pr_err("%s: can't add PIM protocol\n", __func__);
1372 		err = -EAGAIN;
1373 		goto add_proto_fail;
1374 	}
1375 #endif
1376 	err = rtnl_register_module(THIS_MODULE, RTNL_FAMILY_IP6MR, RTM_GETROUTE,
1377 				   NULL, ip6mr_rtm_dumproute, 0);
1378 	if (err == 0)
1379 		return 0;
1380 
1381 #ifdef CONFIG_IPV6_PIMSM_V2
1382 	inet6_del_protocol(&pim6_protocol, IPPROTO_PIM);
1383 add_proto_fail:
1384 	unregister_netdevice_notifier(&ip6_mr_notifier);
1385 #endif
1386 reg_notif_fail:
1387 	unregister_pernet_subsys(&ip6mr_net_ops);
1388 reg_pernet_fail:
1389 	kmem_cache_destroy(mrt_cachep);
1390 	return err;
1391 }
1392 
1393 void ip6_mr_cleanup(void)
1394 {
1395 	rtnl_unregister(RTNL_FAMILY_IP6MR, RTM_GETROUTE);
1396 #ifdef CONFIG_IPV6_PIMSM_V2
1397 	inet6_del_protocol(&pim6_protocol, IPPROTO_PIM);
1398 #endif
1399 	unregister_netdevice_notifier(&ip6_mr_notifier);
1400 	unregister_pernet_subsys(&ip6mr_net_ops);
1401 	kmem_cache_destroy(mrt_cachep);
1402 }
1403 
1404 static int ip6mr_mfc_add(struct net *net, struct mr_table *mrt,
1405 			 struct mf6cctl *mfc, int mrtsock, int parent)
1406 {
1407 	unsigned char ttls[MAXMIFS];
1408 	struct mfc6_cache *uc, *c;
1409 	struct mr_mfc *_uc;
1410 	bool found;
1411 	int i, err;
1412 
1413 	if (mfc->mf6cc_parent >= MAXMIFS)
1414 		return -ENFILE;
1415 
1416 	memset(ttls, 255, MAXMIFS);
1417 	for (i = 0; i < MAXMIFS; i++) {
1418 		if (IF_ISSET(i, &mfc->mf6cc_ifset))
1419 			ttls[i] = 1;
1420 	}
1421 
1422 	/* The entries are added/deleted only under RTNL */
1423 	rcu_read_lock();
1424 	c = ip6mr_cache_find_parent(mrt, &mfc->mf6cc_origin.sin6_addr,
1425 				    &mfc->mf6cc_mcastgrp.sin6_addr, parent);
1426 	rcu_read_unlock();
1427 	if (c) {
1428 		write_lock_bh(&mrt_lock);
1429 		c->_c.mfc_parent = mfc->mf6cc_parent;
1430 		ip6mr_update_thresholds(mrt, &c->_c, ttls);
1431 		if (!mrtsock)
1432 			c->_c.mfc_flags |= MFC_STATIC;
1433 		write_unlock_bh(&mrt_lock);
1434 		call_ip6mr_mfc_entry_notifiers(net, FIB_EVENT_ENTRY_REPLACE,
1435 					       c, mrt->id);
1436 		mr6_netlink_event(mrt, c, RTM_NEWROUTE);
1437 		return 0;
1438 	}
1439 
1440 	if (!ipv6_addr_any(&mfc->mf6cc_mcastgrp.sin6_addr) &&
1441 	    !ipv6_addr_is_multicast(&mfc->mf6cc_mcastgrp.sin6_addr))
1442 		return -EINVAL;
1443 
1444 	c = ip6mr_cache_alloc();
1445 	if (!c)
1446 		return -ENOMEM;
1447 
1448 	c->mf6c_origin = mfc->mf6cc_origin.sin6_addr;
1449 	c->mf6c_mcastgrp = mfc->mf6cc_mcastgrp.sin6_addr;
1450 	c->_c.mfc_parent = mfc->mf6cc_parent;
1451 	ip6mr_update_thresholds(mrt, &c->_c, ttls);
1452 	if (!mrtsock)
1453 		c->_c.mfc_flags |= MFC_STATIC;
1454 
1455 	err = rhltable_insert_key(&mrt->mfc_hash, &c->cmparg, &c->_c.mnode,
1456 				  ip6mr_rht_params);
1457 	if (err) {
1458 		pr_err("ip6mr: rhtable insert error %d\n", err);
1459 		ip6mr_cache_free(c);
1460 		return err;
1461 	}
1462 	list_add_tail_rcu(&c->_c.list, &mrt->mfc_cache_list);
1463 
1464 	/* Check to see if we resolved a queued list. If so we
1465 	 * need to send on the frames and tidy up.
1466 	 */
1467 	found = false;
1468 	spin_lock_bh(&mfc_unres_lock);
1469 	list_for_each_entry(_uc, &mrt->mfc_unres_queue, list) {
1470 		uc = (struct mfc6_cache *)_uc;
1471 		if (ipv6_addr_equal(&uc->mf6c_origin, &c->mf6c_origin) &&
1472 		    ipv6_addr_equal(&uc->mf6c_mcastgrp, &c->mf6c_mcastgrp)) {
1473 			list_del(&_uc->list);
1474 			atomic_dec(&mrt->cache_resolve_queue_len);
1475 			found = true;
1476 			break;
1477 		}
1478 	}
1479 	if (list_empty(&mrt->mfc_unres_queue))
1480 		del_timer(&mrt->ipmr_expire_timer);
1481 	spin_unlock_bh(&mfc_unres_lock);
1482 
1483 	if (found) {
1484 		ip6mr_cache_resolve(net, mrt, uc, c);
1485 		ip6mr_cache_free(uc);
1486 	}
1487 	call_ip6mr_mfc_entry_notifiers(net, FIB_EVENT_ENTRY_ADD,
1488 				       c, mrt->id);
1489 	mr6_netlink_event(mrt, c, RTM_NEWROUTE);
1490 	return 0;
1491 }
1492 
1493 /*
1494  *	Close the multicast socket, and clear the vif tables etc
1495  */
1496 
1497 static void mroute_clean_tables(struct mr_table *mrt, int flags)
1498 {
1499 	struct mr_mfc *c, *tmp;
1500 	LIST_HEAD(list);
1501 	int i;
1502 
1503 	/* Shut down all active vif entries */
1504 	if (flags & (MRT6_FLUSH_MIFS | MRT6_FLUSH_MIFS_STATIC)) {
1505 		for (i = 0; i < mrt->maxvif; i++) {
1506 			if (((mrt->vif_table[i].flags & VIFF_STATIC) &&
1507 			     !(flags & MRT6_FLUSH_MIFS_STATIC)) ||
1508 			    (!(mrt->vif_table[i].flags & VIFF_STATIC) && !(flags & MRT6_FLUSH_MIFS)))
1509 				continue;
1510 			mif6_delete(mrt, i, 0, &list);
1511 		}
1512 		unregister_netdevice_many(&list);
1513 	}
1514 
1515 	/* Wipe the cache */
1516 	if (flags & (MRT6_FLUSH_MFC | MRT6_FLUSH_MFC_STATIC)) {
1517 		list_for_each_entry_safe(c, tmp, &mrt->mfc_cache_list, list) {
1518 			if (((c->mfc_flags & MFC_STATIC) && !(flags & MRT6_FLUSH_MFC_STATIC)) ||
1519 			    (!(c->mfc_flags & MFC_STATIC) && !(flags & MRT6_FLUSH_MFC)))
1520 				continue;
1521 			rhltable_remove(&mrt->mfc_hash, &c->mnode, ip6mr_rht_params);
1522 			list_del_rcu(&c->list);
1523 			call_ip6mr_mfc_entry_notifiers(read_pnet(&mrt->net),
1524 						       FIB_EVENT_ENTRY_DEL,
1525 						       (struct mfc6_cache *)c, mrt->id);
1526 			mr6_netlink_event(mrt, (struct mfc6_cache *)c, RTM_DELROUTE);
1527 			mr_cache_put(c);
1528 		}
1529 	}
1530 
1531 	if (flags & MRT6_FLUSH_MFC) {
1532 		if (atomic_read(&mrt->cache_resolve_queue_len) != 0) {
1533 			spin_lock_bh(&mfc_unres_lock);
1534 			list_for_each_entry_safe(c, tmp, &mrt->mfc_unres_queue, list) {
1535 				list_del(&c->list);
1536 				mr6_netlink_event(mrt, (struct mfc6_cache *)c,
1537 						  RTM_DELROUTE);
1538 				ip6mr_destroy_unres(mrt, (struct mfc6_cache *)c);
1539 			}
1540 			spin_unlock_bh(&mfc_unres_lock);
1541 		}
1542 	}
1543 }
1544 
1545 static int ip6mr_sk_init(struct mr_table *mrt, struct sock *sk)
1546 {
1547 	int err = 0;
1548 	struct net *net = sock_net(sk);
1549 
1550 	rtnl_lock();
1551 	write_lock_bh(&mrt_lock);
1552 	if (rtnl_dereference(mrt->mroute_sk)) {
1553 		err = -EADDRINUSE;
1554 	} else {
1555 		rcu_assign_pointer(mrt->mroute_sk, sk);
1556 		sock_set_flag(sk, SOCK_RCU_FREE);
1557 		net->ipv6.devconf_all->mc_forwarding++;
1558 	}
1559 	write_unlock_bh(&mrt_lock);
1560 
1561 	if (!err)
1562 		inet6_netconf_notify_devconf(net, RTM_NEWNETCONF,
1563 					     NETCONFA_MC_FORWARDING,
1564 					     NETCONFA_IFINDEX_ALL,
1565 					     net->ipv6.devconf_all);
1566 	rtnl_unlock();
1567 
1568 	return err;
1569 }
1570 
1571 int ip6mr_sk_done(struct sock *sk)
1572 {
1573 	int err = -EACCES;
1574 	struct net *net = sock_net(sk);
1575 	struct mr_table *mrt;
1576 
1577 	if (sk->sk_type != SOCK_RAW ||
1578 	    inet_sk(sk)->inet_num != IPPROTO_ICMPV6)
1579 		return err;
1580 
1581 	rtnl_lock();
1582 	ip6mr_for_each_table(mrt, net) {
1583 		if (sk == rtnl_dereference(mrt->mroute_sk)) {
1584 			write_lock_bh(&mrt_lock);
1585 			RCU_INIT_POINTER(mrt->mroute_sk, NULL);
1586 			/* Note that mroute_sk had SOCK_RCU_FREE set,
1587 			 * so the RCU grace period before sk freeing
1588 			 * is guaranteed by sk_destruct()
1589 			 */
1590 			net->ipv6.devconf_all->mc_forwarding--;
1591 			write_unlock_bh(&mrt_lock);
1592 			inet6_netconf_notify_devconf(net, RTM_NEWNETCONF,
1593 						     NETCONFA_MC_FORWARDING,
1594 						     NETCONFA_IFINDEX_ALL,
1595 						     net->ipv6.devconf_all);
1596 
1597 			mroute_clean_tables(mrt, MRT6_FLUSH_MIFS | MRT6_FLUSH_MFC);
1598 			err = 0;
1599 			break;
1600 		}
1601 	}
1602 	rtnl_unlock();
1603 
1604 	return err;
1605 }
1606 
1607 bool mroute6_is_socket(struct net *net, struct sk_buff *skb)
1608 {
1609 	struct mr_table *mrt;
1610 	struct flowi6 fl6 = {
1611 		.flowi6_iif	= skb->skb_iif ? : LOOPBACK_IFINDEX,
1612 		.flowi6_oif	= skb->dev->ifindex,
1613 		.flowi6_mark	= skb->mark,
1614 	};
1615 
1616 	if (ip6mr_fib_lookup(net, &fl6, &mrt) < 0)
1617 		return NULL;
1618 
1619 	return rcu_access_pointer(mrt->mroute_sk);
1620 }
1621 EXPORT_SYMBOL(mroute6_is_socket);
1622 
1623 /*
1624  *	Socket options and virtual interface manipulation. The whole
1625  *	virtual interface system is a complete heap, but unfortunately
1626  *	that's how BSD mrouted happens to think. Maybe one day with a proper
1627  *	MOSPF/PIM router set up we can clean this up.
1628  */
1629 
1630 int ip6_mroute_setsockopt(struct sock *sk, int optname, char __user *optval, unsigned int optlen)
1631 {
1632 	int ret, parent = 0;
1633 	struct mif6ctl vif;
1634 	struct mf6cctl mfc;
1635 	mifi_t mifi;
1636 	struct net *net = sock_net(sk);
1637 	struct mr_table *mrt;
1638 
1639 	if (sk->sk_type != SOCK_RAW ||
1640 	    inet_sk(sk)->inet_num != IPPROTO_ICMPV6)
1641 		return -EOPNOTSUPP;
1642 
1643 	mrt = ip6mr_get_table(net, raw6_sk(sk)->ip6mr_table ? : RT6_TABLE_DFLT);
1644 	if (!mrt)
1645 		return -ENOENT;
1646 
1647 	if (optname != MRT6_INIT) {
1648 		if (sk != rcu_access_pointer(mrt->mroute_sk) &&
1649 		    !ns_capable(net->user_ns, CAP_NET_ADMIN))
1650 			return -EACCES;
1651 	}
1652 
1653 	switch (optname) {
1654 	case MRT6_INIT:
1655 		if (optlen < sizeof(int))
1656 			return -EINVAL;
1657 
1658 		return ip6mr_sk_init(mrt, sk);
1659 
1660 	case MRT6_DONE:
1661 		return ip6mr_sk_done(sk);
1662 
1663 	case MRT6_ADD_MIF:
1664 		if (optlen < sizeof(vif))
1665 			return -EINVAL;
1666 		if (copy_from_user(&vif, optval, sizeof(vif)))
1667 			return -EFAULT;
1668 		if (vif.mif6c_mifi >= MAXMIFS)
1669 			return -ENFILE;
1670 		rtnl_lock();
1671 		ret = mif6_add(net, mrt, &vif,
1672 			       sk == rtnl_dereference(mrt->mroute_sk));
1673 		rtnl_unlock();
1674 		return ret;
1675 
1676 	case MRT6_DEL_MIF:
1677 		if (optlen < sizeof(mifi_t))
1678 			return -EINVAL;
1679 		if (copy_from_user(&mifi, optval, sizeof(mifi_t)))
1680 			return -EFAULT;
1681 		rtnl_lock();
1682 		ret = mif6_delete(mrt, mifi, 0, NULL);
1683 		rtnl_unlock();
1684 		return ret;
1685 
1686 	/*
1687 	 *	Manipulate the forwarding caches. These live
1688 	 *	in a sort of kernel/user symbiosis.
1689 	 */
1690 	case MRT6_ADD_MFC:
1691 	case MRT6_DEL_MFC:
1692 		parent = -1;
1693 		/* fall through */
1694 	case MRT6_ADD_MFC_PROXY:
1695 	case MRT6_DEL_MFC_PROXY:
1696 		if (optlen < sizeof(mfc))
1697 			return -EINVAL;
1698 		if (copy_from_user(&mfc, optval, sizeof(mfc)))
1699 			return -EFAULT;
1700 		if (parent == 0)
1701 			parent = mfc.mf6cc_parent;
1702 		rtnl_lock();
1703 		if (optname == MRT6_DEL_MFC || optname == MRT6_DEL_MFC_PROXY)
1704 			ret = ip6mr_mfc_delete(mrt, &mfc, parent);
1705 		else
1706 			ret = ip6mr_mfc_add(net, mrt, &mfc,
1707 					    sk ==
1708 					    rtnl_dereference(mrt->mroute_sk),
1709 					    parent);
1710 		rtnl_unlock();
1711 		return ret;
1712 
1713 	case MRT6_FLUSH:
1714 	{
1715 		int flags;
1716 
1717 		if (optlen != sizeof(flags))
1718 			return -EINVAL;
1719 		if (get_user(flags, (int __user *)optval))
1720 			return -EFAULT;
1721 		rtnl_lock();
1722 		mroute_clean_tables(mrt, flags);
1723 		rtnl_unlock();
1724 		return 0;
1725 	}
1726 
1727 	/*
1728 	 *	Control PIM assert (to activate pim will activate assert)
1729 	 */
1730 	case MRT6_ASSERT:
1731 	{
1732 		int v;
1733 
1734 		if (optlen != sizeof(v))
1735 			return -EINVAL;
1736 		if (get_user(v, (int __user *)optval))
1737 			return -EFAULT;
1738 		mrt->mroute_do_assert = v;
1739 		return 0;
1740 	}
1741 
1742 #ifdef CONFIG_IPV6_PIMSM_V2
1743 	case MRT6_PIM:
1744 	{
1745 		int v;
1746 
1747 		if (optlen != sizeof(v))
1748 			return -EINVAL;
1749 		if (get_user(v, (int __user *)optval))
1750 			return -EFAULT;
1751 		v = !!v;
1752 		rtnl_lock();
1753 		ret = 0;
1754 		if (v != mrt->mroute_do_pim) {
1755 			mrt->mroute_do_pim = v;
1756 			mrt->mroute_do_assert = v;
1757 		}
1758 		rtnl_unlock();
1759 		return ret;
1760 	}
1761 
1762 #endif
1763 #ifdef CONFIG_IPV6_MROUTE_MULTIPLE_TABLES
1764 	case MRT6_TABLE:
1765 	{
1766 		u32 v;
1767 
1768 		if (optlen != sizeof(u32))
1769 			return -EINVAL;
1770 		if (get_user(v, (u32 __user *)optval))
1771 			return -EFAULT;
1772 		/* "pim6reg%u" should not exceed 16 bytes (IFNAMSIZ) */
1773 		if (v != RT_TABLE_DEFAULT && v >= 100000000)
1774 			return -EINVAL;
1775 		if (sk == rcu_access_pointer(mrt->mroute_sk))
1776 			return -EBUSY;
1777 
1778 		rtnl_lock();
1779 		ret = 0;
1780 		mrt = ip6mr_new_table(net, v);
1781 		if (IS_ERR(mrt))
1782 			ret = PTR_ERR(mrt);
1783 		else
1784 			raw6_sk(sk)->ip6mr_table = v;
1785 		rtnl_unlock();
1786 		return ret;
1787 	}
1788 #endif
1789 	/*
1790 	 *	Spurious command, or MRT6_VERSION which you cannot
1791 	 *	set.
1792 	 */
1793 	default:
1794 		return -ENOPROTOOPT;
1795 	}
1796 }
1797 
1798 /*
1799  *	Getsock opt support for the multicast routing system.
1800  */
1801 
1802 int ip6_mroute_getsockopt(struct sock *sk, int optname, char __user *optval,
1803 			  int __user *optlen)
1804 {
1805 	int olr;
1806 	int val;
1807 	struct net *net = sock_net(sk);
1808 	struct mr_table *mrt;
1809 
1810 	if (sk->sk_type != SOCK_RAW ||
1811 	    inet_sk(sk)->inet_num != IPPROTO_ICMPV6)
1812 		return -EOPNOTSUPP;
1813 
1814 	mrt = ip6mr_get_table(net, raw6_sk(sk)->ip6mr_table ? : RT6_TABLE_DFLT);
1815 	if (!mrt)
1816 		return -ENOENT;
1817 
1818 	switch (optname) {
1819 	case MRT6_VERSION:
1820 		val = 0x0305;
1821 		break;
1822 #ifdef CONFIG_IPV6_PIMSM_V2
1823 	case MRT6_PIM:
1824 		val = mrt->mroute_do_pim;
1825 		break;
1826 #endif
1827 	case MRT6_ASSERT:
1828 		val = mrt->mroute_do_assert;
1829 		break;
1830 	default:
1831 		return -ENOPROTOOPT;
1832 	}
1833 
1834 	if (get_user(olr, optlen))
1835 		return -EFAULT;
1836 
1837 	olr = min_t(int, olr, sizeof(int));
1838 	if (olr < 0)
1839 		return -EINVAL;
1840 
1841 	if (put_user(olr, optlen))
1842 		return -EFAULT;
1843 	if (copy_to_user(optval, &val, olr))
1844 		return -EFAULT;
1845 	return 0;
1846 }
1847 
1848 /*
1849  *	The IP multicast ioctl support routines.
1850  */
1851 
1852 int ip6mr_ioctl(struct sock *sk, int cmd, void __user *arg)
1853 {
1854 	struct sioc_sg_req6 sr;
1855 	struct sioc_mif_req6 vr;
1856 	struct vif_device *vif;
1857 	struct mfc6_cache *c;
1858 	struct net *net = sock_net(sk);
1859 	struct mr_table *mrt;
1860 
1861 	mrt = ip6mr_get_table(net, raw6_sk(sk)->ip6mr_table ? : RT6_TABLE_DFLT);
1862 	if (!mrt)
1863 		return -ENOENT;
1864 
1865 	switch (cmd) {
1866 	case SIOCGETMIFCNT_IN6:
1867 		if (copy_from_user(&vr, arg, sizeof(vr)))
1868 			return -EFAULT;
1869 		if (vr.mifi >= mrt->maxvif)
1870 			return -EINVAL;
1871 		vr.mifi = array_index_nospec(vr.mifi, mrt->maxvif);
1872 		read_lock(&mrt_lock);
1873 		vif = &mrt->vif_table[vr.mifi];
1874 		if (VIF_EXISTS(mrt, vr.mifi)) {
1875 			vr.icount = vif->pkt_in;
1876 			vr.ocount = vif->pkt_out;
1877 			vr.ibytes = vif->bytes_in;
1878 			vr.obytes = vif->bytes_out;
1879 			read_unlock(&mrt_lock);
1880 
1881 			if (copy_to_user(arg, &vr, sizeof(vr)))
1882 				return -EFAULT;
1883 			return 0;
1884 		}
1885 		read_unlock(&mrt_lock);
1886 		return -EADDRNOTAVAIL;
1887 	case SIOCGETSGCNT_IN6:
1888 		if (copy_from_user(&sr, arg, sizeof(sr)))
1889 			return -EFAULT;
1890 
1891 		rcu_read_lock();
1892 		c = ip6mr_cache_find(mrt, &sr.src.sin6_addr, &sr.grp.sin6_addr);
1893 		if (c) {
1894 			sr.pktcnt = c->_c.mfc_un.res.pkt;
1895 			sr.bytecnt = c->_c.mfc_un.res.bytes;
1896 			sr.wrong_if = c->_c.mfc_un.res.wrong_if;
1897 			rcu_read_unlock();
1898 
1899 			if (copy_to_user(arg, &sr, sizeof(sr)))
1900 				return -EFAULT;
1901 			return 0;
1902 		}
1903 		rcu_read_unlock();
1904 		return -EADDRNOTAVAIL;
1905 	default:
1906 		return -ENOIOCTLCMD;
1907 	}
1908 }
1909 
1910 #ifdef CONFIG_COMPAT
1911 struct compat_sioc_sg_req6 {
1912 	struct sockaddr_in6 src;
1913 	struct sockaddr_in6 grp;
1914 	compat_ulong_t pktcnt;
1915 	compat_ulong_t bytecnt;
1916 	compat_ulong_t wrong_if;
1917 };
1918 
1919 struct compat_sioc_mif_req6 {
1920 	mifi_t	mifi;
1921 	compat_ulong_t icount;
1922 	compat_ulong_t ocount;
1923 	compat_ulong_t ibytes;
1924 	compat_ulong_t obytes;
1925 };
1926 
1927 int ip6mr_compat_ioctl(struct sock *sk, unsigned int cmd, void __user *arg)
1928 {
1929 	struct compat_sioc_sg_req6 sr;
1930 	struct compat_sioc_mif_req6 vr;
1931 	struct vif_device *vif;
1932 	struct mfc6_cache *c;
1933 	struct net *net = sock_net(sk);
1934 	struct mr_table *mrt;
1935 
1936 	mrt = ip6mr_get_table(net, raw6_sk(sk)->ip6mr_table ? : RT6_TABLE_DFLT);
1937 	if (!mrt)
1938 		return -ENOENT;
1939 
1940 	switch (cmd) {
1941 	case SIOCGETMIFCNT_IN6:
1942 		if (copy_from_user(&vr, arg, sizeof(vr)))
1943 			return -EFAULT;
1944 		if (vr.mifi >= mrt->maxvif)
1945 			return -EINVAL;
1946 		vr.mifi = array_index_nospec(vr.mifi, mrt->maxvif);
1947 		read_lock(&mrt_lock);
1948 		vif = &mrt->vif_table[vr.mifi];
1949 		if (VIF_EXISTS(mrt, vr.mifi)) {
1950 			vr.icount = vif->pkt_in;
1951 			vr.ocount = vif->pkt_out;
1952 			vr.ibytes = vif->bytes_in;
1953 			vr.obytes = vif->bytes_out;
1954 			read_unlock(&mrt_lock);
1955 
1956 			if (copy_to_user(arg, &vr, sizeof(vr)))
1957 				return -EFAULT;
1958 			return 0;
1959 		}
1960 		read_unlock(&mrt_lock);
1961 		return -EADDRNOTAVAIL;
1962 	case SIOCGETSGCNT_IN6:
1963 		if (copy_from_user(&sr, arg, sizeof(sr)))
1964 			return -EFAULT;
1965 
1966 		rcu_read_lock();
1967 		c = ip6mr_cache_find(mrt, &sr.src.sin6_addr, &sr.grp.sin6_addr);
1968 		if (c) {
1969 			sr.pktcnt = c->_c.mfc_un.res.pkt;
1970 			sr.bytecnt = c->_c.mfc_un.res.bytes;
1971 			sr.wrong_if = c->_c.mfc_un.res.wrong_if;
1972 			rcu_read_unlock();
1973 
1974 			if (copy_to_user(arg, &sr, sizeof(sr)))
1975 				return -EFAULT;
1976 			return 0;
1977 		}
1978 		rcu_read_unlock();
1979 		return -EADDRNOTAVAIL;
1980 	default:
1981 		return -ENOIOCTLCMD;
1982 	}
1983 }
1984 #endif
1985 
1986 static inline int ip6mr_forward2_finish(struct net *net, struct sock *sk, struct sk_buff *skb)
1987 {
1988 	IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
1989 		      IPSTATS_MIB_OUTFORWDATAGRAMS);
1990 	IP6_ADD_STATS(net, ip6_dst_idev(skb_dst(skb)),
1991 		      IPSTATS_MIB_OUTOCTETS, skb->len);
1992 	return dst_output(net, sk, skb);
1993 }
1994 
1995 /*
1996  *	Processing handlers for ip6mr_forward
1997  */
1998 
1999 static int ip6mr_forward2(struct net *net, struct mr_table *mrt,
2000 			  struct sk_buff *skb, int vifi)
2001 {
2002 	struct ipv6hdr *ipv6h;
2003 	struct vif_device *vif = &mrt->vif_table[vifi];
2004 	struct net_device *dev;
2005 	struct dst_entry *dst;
2006 	struct flowi6 fl6;
2007 
2008 	if (!vif->dev)
2009 		goto out_free;
2010 
2011 #ifdef CONFIG_IPV6_PIMSM_V2
2012 	if (vif->flags & MIFF_REGISTER) {
2013 		vif->pkt_out++;
2014 		vif->bytes_out += skb->len;
2015 		vif->dev->stats.tx_bytes += skb->len;
2016 		vif->dev->stats.tx_packets++;
2017 		ip6mr_cache_report(mrt, skb, vifi, MRT6MSG_WHOLEPKT);
2018 		goto out_free;
2019 	}
2020 #endif
2021 
2022 	ipv6h = ipv6_hdr(skb);
2023 
2024 	fl6 = (struct flowi6) {
2025 		.flowi6_oif = vif->link,
2026 		.daddr = ipv6h->daddr,
2027 	};
2028 
2029 	dst = ip6_route_output(net, NULL, &fl6);
2030 	if (dst->error) {
2031 		dst_release(dst);
2032 		goto out_free;
2033 	}
2034 
2035 	skb_dst_drop(skb);
2036 	skb_dst_set(skb, dst);
2037 
2038 	/*
2039 	 * RFC1584 teaches, that DVMRP/PIM router must deliver packets locally
2040 	 * not only before forwarding, but after forwarding on all output
2041 	 * interfaces. It is clear, if mrouter runs a multicasting
2042 	 * program, it should receive packets not depending to what interface
2043 	 * program is joined.
2044 	 * If we will not make it, the program will have to join on all
2045 	 * interfaces. On the other hand, multihoming host (or router, but
2046 	 * not mrouter) cannot join to more than one interface - it will
2047 	 * result in receiving multiple packets.
2048 	 */
2049 	dev = vif->dev;
2050 	skb->dev = dev;
2051 	vif->pkt_out++;
2052 	vif->bytes_out += skb->len;
2053 
2054 	/* We are about to write */
2055 	/* XXX: extension headers? */
2056 	if (skb_cow(skb, sizeof(*ipv6h) + LL_RESERVED_SPACE(dev)))
2057 		goto out_free;
2058 
2059 	ipv6h = ipv6_hdr(skb);
2060 	ipv6h->hop_limit--;
2061 
2062 	IP6CB(skb)->flags |= IP6SKB_FORWARDED;
2063 
2064 	return NF_HOOK(NFPROTO_IPV6, NF_INET_FORWARD,
2065 		       net, NULL, skb, skb->dev, dev,
2066 		       ip6mr_forward2_finish);
2067 
2068 out_free:
2069 	kfree_skb(skb);
2070 	return 0;
2071 }
2072 
2073 static int ip6mr_find_vif(struct mr_table *mrt, struct net_device *dev)
2074 {
2075 	int ct;
2076 
2077 	for (ct = mrt->maxvif - 1; ct >= 0; ct--) {
2078 		if (mrt->vif_table[ct].dev == dev)
2079 			break;
2080 	}
2081 	return ct;
2082 }
2083 
2084 static void ip6_mr_forward(struct net *net, struct mr_table *mrt,
2085 			   struct net_device *dev, struct sk_buff *skb,
2086 			   struct mfc6_cache *c)
2087 {
2088 	int psend = -1;
2089 	int vif, ct;
2090 	int true_vifi = ip6mr_find_vif(mrt, dev);
2091 
2092 	vif = c->_c.mfc_parent;
2093 	c->_c.mfc_un.res.pkt++;
2094 	c->_c.mfc_un.res.bytes += skb->len;
2095 	c->_c.mfc_un.res.lastuse = jiffies;
2096 
2097 	if (ipv6_addr_any(&c->mf6c_origin) && true_vifi >= 0) {
2098 		struct mfc6_cache *cache_proxy;
2099 
2100 		/* For an (*,G) entry, we only check that the incoming
2101 		 * interface is part of the static tree.
2102 		 */
2103 		rcu_read_lock();
2104 		cache_proxy = mr_mfc_find_any_parent(mrt, vif);
2105 		if (cache_proxy &&
2106 		    cache_proxy->_c.mfc_un.res.ttls[true_vifi] < 255) {
2107 			rcu_read_unlock();
2108 			goto forward;
2109 		}
2110 		rcu_read_unlock();
2111 	}
2112 
2113 	/*
2114 	 * Wrong interface: drop packet and (maybe) send PIM assert.
2115 	 */
2116 	if (mrt->vif_table[vif].dev != dev) {
2117 		c->_c.mfc_un.res.wrong_if++;
2118 
2119 		if (true_vifi >= 0 && mrt->mroute_do_assert &&
2120 		    /* pimsm uses asserts, when switching from RPT to SPT,
2121 		       so that we cannot check that packet arrived on an oif.
2122 		       It is bad, but otherwise we would need to move pretty
2123 		       large chunk of pimd to kernel. Ough... --ANK
2124 		     */
2125 		    (mrt->mroute_do_pim ||
2126 		     c->_c.mfc_un.res.ttls[true_vifi] < 255) &&
2127 		    time_after(jiffies,
2128 			       c->_c.mfc_un.res.last_assert +
2129 			       MFC_ASSERT_THRESH)) {
2130 			c->_c.mfc_un.res.last_assert = jiffies;
2131 			ip6mr_cache_report(mrt, skb, true_vifi, MRT6MSG_WRONGMIF);
2132 		}
2133 		goto dont_forward;
2134 	}
2135 
2136 forward:
2137 	mrt->vif_table[vif].pkt_in++;
2138 	mrt->vif_table[vif].bytes_in += skb->len;
2139 
2140 	/*
2141 	 *	Forward the frame
2142 	 */
2143 	if (ipv6_addr_any(&c->mf6c_origin) &&
2144 	    ipv6_addr_any(&c->mf6c_mcastgrp)) {
2145 		if (true_vifi >= 0 &&
2146 		    true_vifi != c->_c.mfc_parent &&
2147 		    ipv6_hdr(skb)->hop_limit >
2148 				c->_c.mfc_un.res.ttls[c->_c.mfc_parent]) {
2149 			/* It's an (*,*) entry and the packet is not coming from
2150 			 * the upstream: forward the packet to the upstream
2151 			 * only.
2152 			 */
2153 			psend = c->_c.mfc_parent;
2154 			goto last_forward;
2155 		}
2156 		goto dont_forward;
2157 	}
2158 	for (ct = c->_c.mfc_un.res.maxvif - 1;
2159 	     ct >= c->_c.mfc_un.res.minvif; ct--) {
2160 		/* For (*,G) entry, don't forward to the incoming interface */
2161 		if ((!ipv6_addr_any(&c->mf6c_origin) || ct != true_vifi) &&
2162 		    ipv6_hdr(skb)->hop_limit > c->_c.mfc_un.res.ttls[ct]) {
2163 			if (psend != -1) {
2164 				struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC);
2165 				if (skb2)
2166 					ip6mr_forward2(net, mrt, skb2, psend);
2167 			}
2168 			psend = ct;
2169 		}
2170 	}
2171 last_forward:
2172 	if (psend != -1) {
2173 		ip6mr_forward2(net, mrt, skb, psend);
2174 		return;
2175 	}
2176 
2177 dont_forward:
2178 	kfree_skb(skb);
2179 }
2180 
2181 
2182 /*
2183  *	Multicast packets for forwarding arrive here
2184  */
2185 
2186 int ip6_mr_input(struct sk_buff *skb)
2187 {
2188 	struct mfc6_cache *cache;
2189 	struct net *net = dev_net(skb->dev);
2190 	struct mr_table *mrt;
2191 	struct flowi6 fl6 = {
2192 		.flowi6_iif	= skb->dev->ifindex,
2193 		.flowi6_mark	= skb->mark,
2194 	};
2195 	int err;
2196 	struct net_device *dev;
2197 
2198 	/* skb->dev passed in is the master dev for vrfs.
2199 	 * Get the proper interface that does have a vif associated with it.
2200 	 */
2201 	dev = skb->dev;
2202 	if (netif_is_l3_master(skb->dev)) {
2203 		dev = dev_get_by_index_rcu(net, IPCB(skb)->iif);
2204 		if (!dev) {
2205 			kfree_skb(skb);
2206 			return -ENODEV;
2207 		}
2208 	}
2209 
2210 	err = ip6mr_fib_lookup(net, &fl6, &mrt);
2211 	if (err < 0) {
2212 		kfree_skb(skb);
2213 		return err;
2214 	}
2215 
2216 	read_lock(&mrt_lock);
2217 	cache = ip6mr_cache_find(mrt,
2218 				 &ipv6_hdr(skb)->saddr, &ipv6_hdr(skb)->daddr);
2219 	if (!cache) {
2220 		int vif = ip6mr_find_vif(mrt, dev);
2221 
2222 		if (vif >= 0)
2223 			cache = ip6mr_cache_find_any(mrt,
2224 						     &ipv6_hdr(skb)->daddr,
2225 						     vif);
2226 	}
2227 
2228 	/*
2229 	 *	No usable cache entry
2230 	 */
2231 	if (!cache) {
2232 		int vif;
2233 
2234 		vif = ip6mr_find_vif(mrt, dev);
2235 		if (vif >= 0) {
2236 			int err = ip6mr_cache_unresolved(mrt, vif, skb, dev);
2237 			read_unlock(&mrt_lock);
2238 
2239 			return err;
2240 		}
2241 		read_unlock(&mrt_lock);
2242 		kfree_skb(skb);
2243 		return -ENODEV;
2244 	}
2245 
2246 	ip6_mr_forward(net, mrt, dev, skb, cache);
2247 
2248 	read_unlock(&mrt_lock);
2249 
2250 	return 0;
2251 }
2252 
2253 int ip6mr_get_route(struct net *net, struct sk_buff *skb, struct rtmsg *rtm,
2254 		    u32 portid)
2255 {
2256 	int err;
2257 	struct mr_table *mrt;
2258 	struct mfc6_cache *cache;
2259 	struct rt6_info *rt = (struct rt6_info *)skb_dst(skb);
2260 
2261 	mrt = ip6mr_get_table(net, RT6_TABLE_DFLT);
2262 	if (!mrt)
2263 		return -ENOENT;
2264 
2265 	read_lock(&mrt_lock);
2266 	cache = ip6mr_cache_find(mrt, &rt->rt6i_src.addr, &rt->rt6i_dst.addr);
2267 	if (!cache && skb->dev) {
2268 		int vif = ip6mr_find_vif(mrt, skb->dev);
2269 
2270 		if (vif >= 0)
2271 			cache = ip6mr_cache_find_any(mrt, &rt->rt6i_dst.addr,
2272 						     vif);
2273 	}
2274 
2275 	if (!cache) {
2276 		struct sk_buff *skb2;
2277 		struct ipv6hdr *iph;
2278 		struct net_device *dev;
2279 		int vif;
2280 
2281 		dev = skb->dev;
2282 		if (!dev || (vif = ip6mr_find_vif(mrt, dev)) < 0) {
2283 			read_unlock(&mrt_lock);
2284 			return -ENODEV;
2285 		}
2286 
2287 		/* really correct? */
2288 		skb2 = alloc_skb(sizeof(struct ipv6hdr), GFP_ATOMIC);
2289 		if (!skb2) {
2290 			read_unlock(&mrt_lock);
2291 			return -ENOMEM;
2292 		}
2293 
2294 		NETLINK_CB(skb2).portid = portid;
2295 		skb_reset_transport_header(skb2);
2296 
2297 		skb_put(skb2, sizeof(struct ipv6hdr));
2298 		skb_reset_network_header(skb2);
2299 
2300 		iph = ipv6_hdr(skb2);
2301 		iph->version = 0;
2302 		iph->priority = 0;
2303 		iph->flow_lbl[0] = 0;
2304 		iph->flow_lbl[1] = 0;
2305 		iph->flow_lbl[2] = 0;
2306 		iph->payload_len = 0;
2307 		iph->nexthdr = IPPROTO_NONE;
2308 		iph->hop_limit = 0;
2309 		iph->saddr = rt->rt6i_src.addr;
2310 		iph->daddr = rt->rt6i_dst.addr;
2311 
2312 		err = ip6mr_cache_unresolved(mrt, vif, skb2, dev);
2313 		read_unlock(&mrt_lock);
2314 
2315 		return err;
2316 	}
2317 
2318 	err = mr_fill_mroute(mrt, skb, &cache->_c, rtm);
2319 	read_unlock(&mrt_lock);
2320 	return err;
2321 }
2322 
2323 static int ip6mr_fill_mroute(struct mr_table *mrt, struct sk_buff *skb,
2324 			     u32 portid, u32 seq, struct mfc6_cache *c, int cmd,
2325 			     int flags)
2326 {
2327 	struct nlmsghdr *nlh;
2328 	struct rtmsg *rtm;
2329 	int err;
2330 
2331 	nlh = nlmsg_put(skb, portid, seq, cmd, sizeof(*rtm), flags);
2332 	if (!nlh)
2333 		return -EMSGSIZE;
2334 
2335 	rtm = nlmsg_data(nlh);
2336 	rtm->rtm_family   = RTNL_FAMILY_IP6MR;
2337 	rtm->rtm_dst_len  = 128;
2338 	rtm->rtm_src_len  = 128;
2339 	rtm->rtm_tos      = 0;
2340 	rtm->rtm_table    = mrt->id;
2341 	if (nla_put_u32(skb, RTA_TABLE, mrt->id))
2342 		goto nla_put_failure;
2343 	rtm->rtm_type = RTN_MULTICAST;
2344 	rtm->rtm_scope    = RT_SCOPE_UNIVERSE;
2345 	if (c->_c.mfc_flags & MFC_STATIC)
2346 		rtm->rtm_protocol = RTPROT_STATIC;
2347 	else
2348 		rtm->rtm_protocol = RTPROT_MROUTED;
2349 	rtm->rtm_flags    = 0;
2350 
2351 	if (nla_put_in6_addr(skb, RTA_SRC, &c->mf6c_origin) ||
2352 	    nla_put_in6_addr(skb, RTA_DST, &c->mf6c_mcastgrp))
2353 		goto nla_put_failure;
2354 	err = mr_fill_mroute(mrt, skb, &c->_c, rtm);
2355 	/* do not break the dump if cache is unresolved */
2356 	if (err < 0 && err != -ENOENT)
2357 		goto nla_put_failure;
2358 
2359 	nlmsg_end(skb, nlh);
2360 	return 0;
2361 
2362 nla_put_failure:
2363 	nlmsg_cancel(skb, nlh);
2364 	return -EMSGSIZE;
2365 }
2366 
2367 static int _ip6mr_fill_mroute(struct mr_table *mrt, struct sk_buff *skb,
2368 			      u32 portid, u32 seq, struct mr_mfc *c,
2369 			      int cmd, int flags)
2370 {
2371 	return ip6mr_fill_mroute(mrt, skb, portid, seq, (struct mfc6_cache *)c,
2372 				 cmd, flags);
2373 }
2374 
2375 static int mr6_msgsize(bool unresolved, int maxvif)
2376 {
2377 	size_t len =
2378 		NLMSG_ALIGN(sizeof(struct rtmsg))
2379 		+ nla_total_size(4)	/* RTA_TABLE */
2380 		+ nla_total_size(sizeof(struct in6_addr))	/* RTA_SRC */
2381 		+ nla_total_size(sizeof(struct in6_addr))	/* RTA_DST */
2382 		;
2383 
2384 	if (!unresolved)
2385 		len = len
2386 		      + nla_total_size(4)	/* RTA_IIF */
2387 		      + nla_total_size(0)	/* RTA_MULTIPATH */
2388 		      + maxvif * NLA_ALIGN(sizeof(struct rtnexthop))
2389 						/* RTA_MFC_STATS */
2390 		      + nla_total_size_64bit(sizeof(struct rta_mfc_stats))
2391 		;
2392 
2393 	return len;
2394 }
2395 
2396 static void mr6_netlink_event(struct mr_table *mrt, struct mfc6_cache *mfc,
2397 			      int cmd)
2398 {
2399 	struct net *net = read_pnet(&mrt->net);
2400 	struct sk_buff *skb;
2401 	int err = -ENOBUFS;
2402 
2403 	skb = nlmsg_new(mr6_msgsize(mfc->_c.mfc_parent >= MAXMIFS, mrt->maxvif),
2404 			GFP_ATOMIC);
2405 	if (!skb)
2406 		goto errout;
2407 
2408 	err = ip6mr_fill_mroute(mrt, skb, 0, 0, mfc, cmd, 0);
2409 	if (err < 0)
2410 		goto errout;
2411 
2412 	rtnl_notify(skb, net, 0, RTNLGRP_IPV6_MROUTE, NULL, GFP_ATOMIC);
2413 	return;
2414 
2415 errout:
2416 	kfree_skb(skb);
2417 	if (err < 0)
2418 		rtnl_set_sk_err(net, RTNLGRP_IPV6_MROUTE, err);
2419 }
2420 
2421 static size_t mrt6msg_netlink_msgsize(size_t payloadlen)
2422 {
2423 	size_t len =
2424 		NLMSG_ALIGN(sizeof(struct rtgenmsg))
2425 		+ nla_total_size(1)	/* IP6MRA_CREPORT_MSGTYPE */
2426 		+ nla_total_size(4)	/* IP6MRA_CREPORT_MIF_ID */
2427 					/* IP6MRA_CREPORT_SRC_ADDR */
2428 		+ nla_total_size(sizeof(struct in6_addr))
2429 					/* IP6MRA_CREPORT_DST_ADDR */
2430 		+ nla_total_size(sizeof(struct in6_addr))
2431 					/* IP6MRA_CREPORT_PKT */
2432 		+ nla_total_size(payloadlen)
2433 		;
2434 
2435 	return len;
2436 }
2437 
2438 static void mrt6msg_netlink_event(struct mr_table *mrt, struct sk_buff *pkt)
2439 {
2440 	struct net *net = read_pnet(&mrt->net);
2441 	struct nlmsghdr *nlh;
2442 	struct rtgenmsg *rtgenm;
2443 	struct mrt6msg *msg;
2444 	struct sk_buff *skb;
2445 	struct nlattr *nla;
2446 	int payloadlen;
2447 
2448 	payloadlen = pkt->len - sizeof(struct mrt6msg);
2449 	msg = (struct mrt6msg *)skb_transport_header(pkt);
2450 
2451 	skb = nlmsg_new(mrt6msg_netlink_msgsize(payloadlen), GFP_ATOMIC);
2452 	if (!skb)
2453 		goto errout;
2454 
2455 	nlh = nlmsg_put(skb, 0, 0, RTM_NEWCACHEREPORT,
2456 			sizeof(struct rtgenmsg), 0);
2457 	if (!nlh)
2458 		goto errout;
2459 	rtgenm = nlmsg_data(nlh);
2460 	rtgenm->rtgen_family = RTNL_FAMILY_IP6MR;
2461 	if (nla_put_u8(skb, IP6MRA_CREPORT_MSGTYPE, msg->im6_msgtype) ||
2462 	    nla_put_u32(skb, IP6MRA_CREPORT_MIF_ID, msg->im6_mif) ||
2463 	    nla_put_in6_addr(skb, IP6MRA_CREPORT_SRC_ADDR,
2464 			     &msg->im6_src) ||
2465 	    nla_put_in6_addr(skb, IP6MRA_CREPORT_DST_ADDR,
2466 			     &msg->im6_dst))
2467 		goto nla_put_failure;
2468 
2469 	nla = nla_reserve(skb, IP6MRA_CREPORT_PKT, payloadlen);
2470 	if (!nla || skb_copy_bits(pkt, sizeof(struct mrt6msg),
2471 				  nla_data(nla), payloadlen))
2472 		goto nla_put_failure;
2473 
2474 	nlmsg_end(skb, nlh);
2475 
2476 	rtnl_notify(skb, net, 0, RTNLGRP_IPV6_MROUTE_R, NULL, GFP_ATOMIC);
2477 	return;
2478 
2479 nla_put_failure:
2480 	nlmsg_cancel(skb, nlh);
2481 errout:
2482 	kfree_skb(skb);
2483 	rtnl_set_sk_err(net, RTNLGRP_IPV6_MROUTE_R, -ENOBUFS);
2484 }
2485 
2486 static int ip6mr_rtm_dumproute(struct sk_buff *skb, struct netlink_callback *cb)
2487 {
2488 	const struct nlmsghdr *nlh = cb->nlh;
2489 	struct fib_dump_filter filter = {};
2490 	int err;
2491 
2492 	if (cb->strict_check) {
2493 		err = ip_valid_fib_dump_req(sock_net(skb->sk), nlh,
2494 					    &filter, cb);
2495 		if (err < 0)
2496 			return err;
2497 	}
2498 
2499 	if (filter.table_id) {
2500 		struct mr_table *mrt;
2501 
2502 		mrt = ip6mr_get_table(sock_net(skb->sk), filter.table_id);
2503 		if (!mrt) {
2504 			if (filter.dump_all_families)
2505 				return skb->len;
2506 
2507 			NL_SET_ERR_MSG_MOD(cb->extack, "MR table does not exist");
2508 			return -ENOENT;
2509 		}
2510 		err = mr_table_dump(mrt, skb, cb, _ip6mr_fill_mroute,
2511 				    &mfc_unres_lock, &filter);
2512 		return skb->len ? : err;
2513 	}
2514 
2515 	return mr_rtm_dumproute(skb, cb, ip6mr_mr_table_iter,
2516 				_ip6mr_fill_mroute, &mfc_unres_lock, &filter);
2517 }
2518