1 /* 2 * Multicast support for IPv6 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * 8 * Based on linux/ipv4/igmp.c and linux/ipv4/ip_sockglue.c 9 * 10 * This program is free software; you can redistribute it and/or 11 * modify it under the terms of the GNU General Public License 12 * as published by the Free Software Foundation; either version 13 * 2 of the License, or (at your option) any later version. 14 */ 15 16 /* Changes: 17 * 18 * yoshfuji : fix format of router-alert option 19 * YOSHIFUJI Hideaki @USAGI: 20 * Fixed source address for MLD message based on 21 * <draft-ietf-magma-mld-source-05.txt>. 22 * YOSHIFUJI Hideaki @USAGI: 23 * - Ignore Queries for invalid addresses. 24 * - MLD for link-local addresses. 25 * David L Stevens <dlstevens@us.ibm.com>: 26 * - MLDv2 support 27 */ 28 29 #include <linux/module.h> 30 #include <linux/errno.h> 31 #include <linux/types.h> 32 #include <linux/string.h> 33 #include <linux/socket.h> 34 #include <linux/sockios.h> 35 #include <linux/jiffies.h> 36 #include <linux/times.h> 37 #include <linux/net.h> 38 #include <linux/in.h> 39 #include <linux/in6.h> 40 #include <linux/netdevice.h> 41 #include <linux/if_arp.h> 42 #include <linux/route.h> 43 #include <linux/init.h> 44 #include <linux/proc_fs.h> 45 #include <linux/seq_file.h> 46 #include <linux/slab.h> 47 #include <linux/pkt_sched.h> 48 #include <net/mld.h> 49 50 #include <linux/netfilter.h> 51 #include <linux/netfilter_ipv6.h> 52 53 #include <net/net_namespace.h> 54 #include <net/sock.h> 55 #include <net/snmp.h> 56 57 #include <net/ipv6.h> 58 #include <net/protocol.h> 59 #include <net/if_inet6.h> 60 #include <net/ndisc.h> 61 #include <net/addrconf.h> 62 #include <net/ip6_route.h> 63 #include <net/inet_common.h> 64 65 #include <net/ip6_checksum.h> 66 67 /* Ensure that we have struct in6_addr aligned on 32bit word. */ 68 static void *__mld2_query_bugs[] __attribute__((__unused__)) = { 69 BUILD_BUG_ON_NULL(offsetof(struct mld2_query, mld2q_srcs) % 4), 70 BUILD_BUG_ON_NULL(offsetof(struct mld2_report, mld2r_grec) % 4), 71 BUILD_BUG_ON_NULL(offsetof(struct mld2_grec, grec_mca) % 4) 72 }; 73 74 static struct in6_addr mld2_all_mcr = MLD2_ALL_MCR_INIT; 75 76 static void igmp6_join_group(struct ifmcaddr6 *ma); 77 static void igmp6_leave_group(struct ifmcaddr6 *ma); 78 static void igmp6_timer_handler(unsigned long data); 79 80 static void mld_gq_timer_expire(unsigned long data); 81 static void mld_ifc_timer_expire(unsigned long data); 82 static void mld_ifc_event(struct inet6_dev *idev); 83 static void mld_add_delrec(struct inet6_dev *idev, struct ifmcaddr6 *pmc); 84 static void mld_del_delrec(struct inet6_dev *idev, const struct in6_addr *addr); 85 static void mld_clear_delrec(struct inet6_dev *idev); 86 static bool mld_in_v1_mode(const struct inet6_dev *idev); 87 static int sf_setstate(struct ifmcaddr6 *pmc); 88 static void sf_markstate(struct ifmcaddr6 *pmc); 89 static void ip6_mc_clear_src(struct ifmcaddr6 *pmc); 90 static int ip6_mc_del_src(struct inet6_dev *idev, const struct in6_addr *pmca, 91 int sfmode, int sfcount, const struct in6_addr *psfsrc, 92 int delta); 93 static int ip6_mc_add_src(struct inet6_dev *idev, const struct in6_addr *pmca, 94 int sfmode, int sfcount, const struct in6_addr *psfsrc, 95 int delta); 96 static int ip6_mc_leave_src(struct sock *sk, struct ipv6_mc_socklist *iml, 97 struct inet6_dev *idev); 98 99 #define MLD_QRV_DEFAULT 2 100 /* RFC3810, 9.2. Query Interval */ 101 #define MLD_QI_DEFAULT (125 * HZ) 102 /* RFC3810, 9.3. Query Response Interval */ 103 #define MLD_QRI_DEFAULT (10 * HZ) 104 105 /* RFC3810, 8.1 Query Version Distinctions */ 106 #define MLD_V1_QUERY_LEN 24 107 #define MLD_V2_QUERY_LEN_MIN 28 108 109 #define IPV6_MLD_MAX_MSF 64 110 111 int sysctl_mld_max_msf __read_mostly = IPV6_MLD_MAX_MSF; 112 int sysctl_mld_qrv __read_mostly = MLD_QRV_DEFAULT; 113 114 /* 115 * socket join on multicast group 116 */ 117 118 #define for_each_pmc_rcu(np, pmc) \ 119 for (pmc = rcu_dereference(np->ipv6_mc_list); \ 120 pmc != NULL; \ 121 pmc = rcu_dereference(pmc->next)) 122 123 static int unsolicited_report_interval(struct inet6_dev *idev) 124 { 125 int iv; 126 127 if (mld_in_v1_mode(idev)) 128 iv = idev->cnf.mldv1_unsolicited_report_interval; 129 else 130 iv = idev->cnf.mldv2_unsolicited_report_interval; 131 132 return iv > 0 ? iv : 1; 133 } 134 135 int ipv6_sock_mc_join(struct sock *sk, int ifindex, const struct in6_addr *addr) 136 { 137 struct net_device *dev = NULL; 138 struct ipv6_mc_socklist *mc_lst; 139 struct ipv6_pinfo *np = inet6_sk(sk); 140 struct net *net = sock_net(sk); 141 int err; 142 143 ASSERT_RTNL(); 144 145 if (!ipv6_addr_is_multicast(addr)) 146 return -EINVAL; 147 148 rcu_read_lock(); 149 for_each_pmc_rcu(np, mc_lst) { 150 if ((ifindex == 0 || mc_lst->ifindex == ifindex) && 151 ipv6_addr_equal(&mc_lst->addr, addr)) { 152 rcu_read_unlock(); 153 return -EADDRINUSE; 154 } 155 } 156 rcu_read_unlock(); 157 158 mc_lst = sock_kmalloc(sk, sizeof(struct ipv6_mc_socklist), GFP_KERNEL); 159 160 if (!mc_lst) 161 return -ENOMEM; 162 163 mc_lst->next = NULL; 164 mc_lst->addr = *addr; 165 166 if (ifindex == 0) { 167 struct rt6_info *rt; 168 rt = rt6_lookup(net, addr, NULL, 0, 0); 169 if (rt) { 170 dev = rt->dst.dev; 171 ip6_rt_put(rt); 172 } 173 } else 174 dev = __dev_get_by_index(net, ifindex); 175 176 if (!dev) { 177 sock_kfree_s(sk, mc_lst, sizeof(*mc_lst)); 178 return -ENODEV; 179 } 180 181 mc_lst->ifindex = dev->ifindex; 182 mc_lst->sfmode = MCAST_EXCLUDE; 183 rwlock_init(&mc_lst->sflock); 184 mc_lst->sflist = NULL; 185 186 /* 187 * now add/increase the group membership on the device 188 */ 189 190 err = ipv6_dev_mc_inc(dev, addr); 191 192 if (err) { 193 sock_kfree_s(sk, mc_lst, sizeof(*mc_lst)); 194 return err; 195 } 196 197 mc_lst->next = np->ipv6_mc_list; 198 rcu_assign_pointer(np->ipv6_mc_list, mc_lst); 199 200 return 0; 201 } 202 EXPORT_SYMBOL(ipv6_sock_mc_join); 203 204 /* 205 * socket leave on multicast group 206 */ 207 int ipv6_sock_mc_drop(struct sock *sk, int ifindex, const struct in6_addr *addr) 208 { 209 struct ipv6_pinfo *np = inet6_sk(sk); 210 struct ipv6_mc_socklist *mc_lst; 211 struct ipv6_mc_socklist __rcu **lnk; 212 struct net *net = sock_net(sk); 213 214 ASSERT_RTNL(); 215 216 if (!ipv6_addr_is_multicast(addr)) 217 return -EINVAL; 218 219 for (lnk = &np->ipv6_mc_list; 220 (mc_lst = rtnl_dereference(*lnk)) != NULL; 221 lnk = &mc_lst->next) { 222 if ((ifindex == 0 || mc_lst->ifindex == ifindex) && 223 ipv6_addr_equal(&mc_lst->addr, addr)) { 224 struct net_device *dev; 225 226 *lnk = mc_lst->next; 227 228 dev = __dev_get_by_index(net, mc_lst->ifindex); 229 if (dev) { 230 struct inet6_dev *idev = __in6_dev_get(dev); 231 232 (void) ip6_mc_leave_src(sk, mc_lst, idev); 233 if (idev) 234 __ipv6_dev_mc_dec(idev, &mc_lst->addr); 235 } else 236 (void) ip6_mc_leave_src(sk, mc_lst, NULL); 237 238 atomic_sub(sizeof(*mc_lst), &sk->sk_omem_alloc); 239 kfree_rcu(mc_lst, rcu); 240 return 0; 241 } 242 } 243 244 return -EADDRNOTAVAIL; 245 } 246 EXPORT_SYMBOL(ipv6_sock_mc_drop); 247 248 /* called with rcu_read_lock() */ 249 static struct inet6_dev *ip6_mc_find_dev_rcu(struct net *net, 250 const struct in6_addr *group, 251 int ifindex) 252 { 253 struct net_device *dev = NULL; 254 struct inet6_dev *idev = NULL; 255 256 if (ifindex == 0) { 257 struct rt6_info *rt = rt6_lookup(net, group, NULL, 0, 0); 258 259 if (rt) { 260 dev = rt->dst.dev; 261 ip6_rt_put(rt); 262 } 263 } else 264 dev = dev_get_by_index_rcu(net, ifindex); 265 266 if (!dev) 267 return NULL; 268 idev = __in6_dev_get(dev); 269 if (!idev) 270 return NULL; 271 read_lock_bh(&idev->lock); 272 if (idev->dead) { 273 read_unlock_bh(&idev->lock); 274 return NULL; 275 } 276 return idev; 277 } 278 279 void ipv6_sock_mc_close(struct sock *sk) 280 { 281 struct ipv6_pinfo *np = inet6_sk(sk); 282 struct ipv6_mc_socklist *mc_lst; 283 struct net *net = sock_net(sk); 284 285 if (!rcu_access_pointer(np->ipv6_mc_list)) 286 return; 287 288 rtnl_lock(); 289 while ((mc_lst = rtnl_dereference(np->ipv6_mc_list)) != NULL) { 290 struct net_device *dev; 291 292 np->ipv6_mc_list = mc_lst->next; 293 294 dev = __dev_get_by_index(net, mc_lst->ifindex); 295 if (dev) { 296 struct inet6_dev *idev = __in6_dev_get(dev); 297 298 (void) ip6_mc_leave_src(sk, mc_lst, idev); 299 if (idev) 300 __ipv6_dev_mc_dec(idev, &mc_lst->addr); 301 } else 302 (void) ip6_mc_leave_src(sk, mc_lst, NULL); 303 304 atomic_sub(sizeof(*mc_lst), &sk->sk_omem_alloc); 305 kfree_rcu(mc_lst, rcu); 306 307 } 308 rtnl_unlock(); 309 } 310 311 int ip6_mc_source(int add, int omode, struct sock *sk, 312 struct group_source_req *pgsr) 313 { 314 struct in6_addr *source, *group; 315 struct ipv6_mc_socklist *pmc; 316 struct inet6_dev *idev; 317 struct ipv6_pinfo *inet6 = inet6_sk(sk); 318 struct ip6_sf_socklist *psl; 319 struct net *net = sock_net(sk); 320 int i, j, rv; 321 int leavegroup = 0; 322 int pmclocked = 0; 323 int err; 324 325 source = &((struct sockaddr_in6 *)&pgsr->gsr_source)->sin6_addr; 326 group = &((struct sockaddr_in6 *)&pgsr->gsr_group)->sin6_addr; 327 328 if (!ipv6_addr_is_multicast(group)) 329 return -EINVAL; 330 331 rcu_read_lock(); 332 idev = ip6_mc_find_dev_rcu(net, group, pgsr->gsr_interface); 333 if (!idev) { 334 rcu_read_unlock(); 335 return -ENODEV; 336 } 337 338 err = -EADDRNOTAVAIL; 339 340 for_each_pmc_rcu(inet6, pmc) { 341 if (pgsr->gsr_interface && pmc->ifindex != pgsr->gsr_interface) 342 continue; 343 if (ipv6_addr_equal(&pmc->addr, group)) 344 break; 345 } 346 if (!pmc) { /* must have a prior join */ 347 err = -EINVAL; 348 goto done; 349 } 350 /* if a source filter was set, must be the same mode as before */ 351 if (pmc->sflist) { 352 if (pmc->sfmode != omode) { 353 err = -EINVAL; 354 goto done; 355 } 356 } else if (pmc->sfmode != omode) { 357 /* allow mode switches for empty-set filters */ 358 ip6_mc_add_src(idev, group, omode, 0, NULL, 0); 359 ip6_mc_del_src(idev, group, pmc->sfmode, 0, NULL, 0); 360 pmc->sfmode = omode; 361 } 362 363 write_lock(&pmc->sflock); 364 pmclocked = 1; 365 366 psl = pmc->sflist; 367 if (!add) { 368 if (!psl) 369 goto done; /* err = -EADDRNOTAVAIL */ 370 rv = !0; 371 for (i = 0; i < psl->sl_count; i++) { 372 rv = !ipv6_addr_equal(&psl->sl_addr[i], source); 373 if (rv == 0) 374 break; 375 } 376 if (rv) /* source not found */ 377 goto done; /* err = -EADDRNOTAVAIL */ 378 379 /* special case - (INCLUDE, empty) == LEAVE_GROUP */ 380 if (psl->sl_count == 1 && omode == MCAST_INCLUDE) { 381 leavegroup = 1; 382 goto done; 383 } 384 385 /* update the interface filter */ 386 ip6_mc_del_src(idev, group, omode, 1, source, 1); 387 388 for (j = i+1; j < psl->sl_count; j++) 389 psl->sl_addr[j-1] = psl->sl_addr[j]; 390 psl->sl_count--; 391 err = 0; 392 goto done; 393 } 394 /* else, add a new source to the filter */ 395 396 if (psl && psl->sl_count >= sysctl_mld_max_msf) { 397 err = -ENOBUFS; 398 goto done; 399 } 400 if (!psl || psl->sl_count == psl->sl_max) { 401 struct ip6_sf_socklist *newpsl; 402 int count = IP6_SFBLOCK; 403 404 if (psl) 405 count += psl->sl_max; 406 newpsl = sock_kmalloc(sk, IP6_SFLSIZE(count), GFP_ATOMIC); 407 if (!newpsl) { 408 err = -ENOBUFS; 409 goto done; 410 } 411 newpsl->sl_max = count; 412 newpsl->sl_count = count - IP6_SFBLOCK; 413 if (psl) { 414 for (i = 0; i < psl->sl_count; i++) 415 newpsl->sl_addr[i] = psl->sl_addr[i]; 416 sock_kfree_s(sk, psl, IP6_SFLSIZE(psl->sl_max)); 417 } 418 pmc->sflist = psl = newpsl; 419 } 420 rv = 1; /* > 0 for insert logic below if sl_count is 0 */ 421 for (i = 0; i < psl->sl_count; i++) { 422 rv = !ipv6_addr_equal(&psl->sl_addr[i], source); 423 if (rv == 0) /* There is an error in the address. */ 424 goto done; 425 } 426 for (j = psl->sl_count-1; j >= i; j--) 427 psl->sl_addr[j+1] = psl->sl_addr[j]; 428 psl->sl_addr[i] = *source; 429 psl->sl_count++; 430 err = 0; 431 /* update the interface list */ 432 ip6_mc_add_src(idev, group, omode, 1, source, 1); 433 done: 434 if (pmclocked) 435 write_unlock(&pmc->sflock); 436 read_unlock_bh(&idev->lock); 437 rcu_read_unlock(); 438 if (leavegroup) 439 err = ipv6_sock_mc_drop(sk, pgsr->gsr_interface, group); 440 return err; 441 } 442 443 int ip6_mc_msfilter(struct sock *sk, struct group_filter *gsf) 444 { 445 const struct in6_addr *group; 446 struct ipv6_mc_socklist *pmc; 447 struct inet6_dev *idev; 448 struct ipv6_pinfo *inet6 = inet6_sk(sk); 449 struct ip6_sf_socklist *newpsl, *psl; 450 struct net *net = sock_net(sk); 451 int leavegroup = 0; 452 int i, err; 453 454 group = &((struct sockaddr_in6 *)&gsf->gf_group)->sin6_addr; 455 456 if (!ipv6_addr_is_multicast(group)) 457 return -EINVAL; 458 if (gsf->gf_fmode != MCAST_INCLUDE && 459 gsf->gf_fmode != MCAST_EXCLUDE) 460 return -EINVAL; 461 462 rcu_read_lock(); 463 idev = ip6_mc_find_dev_rcu(net, group, gsf->gf_interface); 464 465 if (!idev) { 466 rcu_read_unlock(); 467 return -ENODEV; 468 } 469 470 err = 0; 471 472 if (gsf->gf_fmode == MCAST_INCLUDE && gsf->gf_numsrc == 0) { 473 leavegroup = 1; 474 goto done; 475 } 476 477 for_each_pmc_rcu(inet6, pmc) { 478 if (pmc->ifindex != gsf->gf_interface) 479 continue; 480 if (ipv6_addr_equal(&pmc->addr, group)) 481 break; 482 } 483 if (!pmc) { /* must have a prior join */ 484 err = -EINVAL; 485 goto done; 486 } 487 if (gsf->gf_numsrc) { 488 newpsl = sock_kmalloc(sk, IP6_SFLSIZE(gsf->gf_numsrc), 489 GFP_ATOMIC); 490 if (!newpsl) { 491 err = -ENOBUFS; 492 goto done; 493 } 494 newpsl->sl_max = newpsl->sl_count = gsf->gf_numsrc; 495 for (i = 0; i < newpsl->sl_count; ++i) { 496 struct sockaddr_in6 *psin6; 497 498 psin6 = (struct sockaddr_in6 *)&gsf->gf_slist[i]; 499 newpsl->sl_addr[i] = psin6->sin6_addr; 500 } 501 err = ip6_mc_add_src(idev, group, gsf->gf_fmode, 502 newpsl->sl_count, newpsl->sl_addr, 0); 503 if (err) { 504 sock_kfree_s(sk, newpsl, IP6_SFLSIZE(newpsl->sl_max)); 505 goto done; 506 } 507 } else { 508 newpsl = NULL; 509 (void) ip6_mc_add_src(idev, group, gsf->gf_fmode, 0, NULL, 0); 510 } 511 512 write_lock(&pmc->sflock); 513 psl = pmc->sflist; 514 if (psl) { 515 (void) ip6_mc_del_src(idev, group, pmc->sfmode, 516 psl->sl_count, psl->sl_addr, 0); 517 sock_kfree_s(sk, psl, IP6_SFLSIZE(psl->sl_max)); 518 } else 519 (void) ip6_mc_del_src(idev, group, pmc->sfmode, 0, NULL, 0); 520 pmc->sflist = newpsl; 521 pmc->sfmode = gsf->gf_fmode; 522 write_unlock(&pmc->sflock); 523 err = 0; 524 done: 525 read_unlock_bh(&idev->lock); 526 rcu_read_unlock(); 527 if (leavegroup) 528 err = ipv6_sock_mc_drop(sk, gsf->gf_interface, group); 529 return err; 530 } 531 532 int ip6_mc_msfget(struct sock *sk, struct group_filter *gsf, 533 struct group_filter __user *optval, int __user *optlen) 534 { 535 int err, i, count, copycount; 536 const struct in6_addr *group; 537 struct ipv6_mc_socklist *pmc; 538 struct inet6_dev *idev; 539 struct ipv6_pinfo *inet6 = inet6_sk(sk); 540 struct ip6_sf_socklist *psl; 541 struct net *net = sock_net(sk); 542 543 group = &((struct sockaddr_in6 *)&gsf->gf_group)->sin6_addr; 544 545 if (!ipv6_addr_is_multicast(group)) 546 return -EINVAL; 547 548 rcu_read_lock(); 549 idev = ip6_mc_find_dev_rcu(net, group, gsf->gf_interface); 550 551 if (!idev) { 552 rcu_read_unlock(); 553 return -ENODEV; 554 } 555 556 err = -EADDRNOTAVAIL; 557 /* changes to the ipv6_mc_list require the socket lock and 558 * rtnl lock. We have the socket lock and rcu read lock, 559 * so reading the list is safe. 560 */ 561 562 for_each_pmc_rcu(inet6, pmc) { 563 if (pmc->ifindex != gsf->gf_interface) 564 continue; 565 if (ipv6_addr_equal(group, &pmc->addr)) 566 break; 567 } 568 if (!pmc) /* must have a prior join */ 569 goto done; 570 gsf->gf_fmode = pmc->sfmode; 571 psl = pmc->sflist; 572 count = psl ? psl->sl_count : 0; 573 read_unlock_bh(&idev->lock); 574 rcu_read_unlock(); 575 576 copycount = count < gsf->gf_numsrc ? count : gsf->gf_numsrc; 577 gsf->gf_numsrc = count; 578 if (put_user(GROUP_FILTER_SIZE(copycount), optlen) || 579 copy_to_user(optval, gsf, GROUP_FILTER_SIZE(0))) { 580 return -EFAULT; 581 } 582 /* changes to psl require the socket lock, and a write lock 583 * on pmc->sflock. We have the socket lock so reading here is safe. 584 */ 585 for (i = 0; i < copycount; i++) { 586 struct sockaddr_in6 *psin6; 587 struct sockaddr_storage ss; 588 589 psin6 = (struct sockaddr_in6 *)&ss; 590 memset(&ss, 0, sizeof(ss)); 591 psin6->sin6_family = AF_INET6; 592 psin6->sin6_addr = psl->sl_addr[i]; 593 if (copy_to_user(&optval->gf_slist[i], &ss, sizeof(ss))) 594 return -EFAULT; 595 } 596 return 0; 597 done: 598 read_unlock_bh(&idev->lock); 599 rcu_read_unlock(); 600 return err; 601 } 602 603 bool inet6_mc_check(struct sock *sk, const struct in6_addr *mc_addr, 604 const struct in6_addr *src_addr) 605 { 606 struct ipv6_pinfo *np = inet6_sk(sk); 607 struct ipv6_mc_socklist *mc; 608 struct ip6_sf_socklist *psl; 609 bool rv = true; 610 611 rcu_read_lock(); 612 for_each_pmc_rcu(np, mc) { 613 if (ipv6_addr_equal(&mc->addr, mc_addr)) 614 break; 615 } 616 if (!mc) { 617 rcu_read_unlock(); 618 return true; 619 } 620 read_lock(&mc->sflock); 621 psl = mc->sflist; 622 if (!psl) { 623 rv = mc->sfmode == MCAST_EXCLUDE; 624 } else { 625 int i; 626 627 for (i = 0; i < psl->sl_count; i++) { 628 if (ipv6_addr_equal(&psl->sl_addr[i], src_addr)) 629 break; 630 } 631 if (mc->sfmode == MCAST_INCLUDE && i >= psl->sl_count) 632 rv = false; 633 if (mc->sfmode == MCAST_EXCLUDE && i < psl->sl_count) 634 rv = false; 635 } 636 read_unlock(&mc->sflock); 637 rcu_read_unlock(); 638 639 return rv; 640 } 641 642 static void igmp6_group_added(struct ifmcaddr6 *mc) 643 { 644 struct net_device *dev = mc->idev->dev; 645 char buf[MAX_ADDR_LEN]; 646 647 if (IPV6_ADDR_MC_SCOPE(&mc->mca_addr) < 648 IPV6_ADDR_SCOPE_LINKLOCAL) 649 return; 650 651 spin_lock_bh(&mc->mca_lock); 652 if (!(mc->mca_flags&MAF_LOADED)) { 653 mc->mca_flags |= MAF_LOADED; 654 if (ndisc_mc_map(&mc->mca_addr, buf, dev, 0) == 0) 655 dev_mc_add(dev, buf); 656 } 657 spin_unlock_bh(&mc->mca_lock); 658 659 if (!(dev->flags & IFF_UP) || (mc->mca_flags & MAF_NOREPORT)) 660 return; 661 662 if (mld_in_v1_mode(mc->idev)) { 663 igmp6_join_group(mc); 664 return; 665 } 666 /* else v2 */ 667 668 mc->mca_crcount = mc->idev->mc_qrv; 669 mld_ifc_event(mc->idev); 670 } 671 672 static void igmp6_group_dropped(struct ifmcaddr6 *mc) 673 { 674 struct net_device *dev = mc->idev->dev; 675 char buf[MAX_ADDR_LEN]; 676 677 if (IPV6_ADDR_MC_SCOPE(&mc->mca_addr) < 678 IPV6_ADDR_SCOPE_LINKLOCAL) 679 return; 680 681 spin_lock_bh(&mc->mca_lock); 682 if (mc->mca_flags&MAF_LOADED) { 683 mc->mca_flags &= ~MAF_LOADED; 684 if (ndisc_mc_map(&mc->mca_addr, buf, dev, 0) == 0) 685 dev_mc_del(dev, buf); 686 } 687 688 if (mc->mca_flags & MAF_NOREPORT) 689 goto done; 690 spin_unlock_bh(&mc->mca_lock); 691 692 if (!mc->idev->dead) 693 igmp6_leave_group(mc); 694 695 spin_lock_bh(&mc->mca_lock); 696 if (del_timer(&mc->mca_timer)) 697 atomic_dec(&mc->mca_refcnt); 698 done: 699 ip6_mc_clear_src(mc); 700 spin_unlock_bh(&mc->mca_lock); 701 } 702 703 /* 704 * deleted ifmcaddr6 manipulation 705 */ 706 static void mld_add_delrec(struct inet6_dev *idev, struct ifmcaddr6 *im) 707 { 708 struct ifmcaddr6 *pmc; 709 710 /* this is an "ifmcaddr6" for convenience; only the fields below 711 * are actually used. In particular, the refcnt and users are not 712 * used for management of the delete list. Using the same structure 713 * for deleted items allows change reports to use common code with 714 * non-deleted or query-response MCA's. 715 */ 716 pmc = kzalloc(sizeof(*pmc), GFP_ATOMIC); 717 if (!pmc) 718 return; 719 720 spin_lock_bh(&im->mca_lock); 721 spin_lock_init(&pmc->mca_lock); 722 pmc->idev = im->idev; 723 in6_dev_hold(idev); 724 pmc->mca_addr = im->mca_addr; 725 pmc->mca_crcount = idev->mc_qrv; 726 pmc->mca_sfmode = im->mca_sfmode; 727 if (pmc->mca_sfmode == MCAST_INCLUDE) { 728 struct ip6_sf_list *psf; 729 730 pmc->mca_tomb = im->mca_tomb; 731 pmc->mca_sources = im->mca_sources; 732 im->mca_tomb = im->mca_sources = NULL; 733 for (psf = pmc->mca_sources; psf; psf = psf->sf_next) 734 psf->sf_crcount = pmc->mca_crcount; 735 } 736 spin_unlock_bh(&im->mca_lock); 737 738 spin_lock_bh(&idev->mc_lock); 739 pmc->next = idev->mc_tomb; 740 idev->mc_tomb = pmc; 741 spin_unlock_bh(&idev->mc_lock); 742 } 743 744 static void mld_del_delrec(struct inet6_dev *idev, const struct in6_addr *pmca) 745 { 746 struct ifmcaddr6 *pmc, *pmc_prev; 747 struct ip6_sf_list *psf, *psf_next; 748 749 spin_lock_bh(&idev->mc_lock); 750 pmc_prev = NULL; 751 for (pmc = idev->mc_tomb; pmc; pmc = pmc->next) { 752 if (ipv6_addr_equal(&pmc->mca_addr, pmca)) 753 break; 754 pmc_prev = pmc; 755 } 756 if (pmc) { 757 if (pmc_prev) 758 pmc_prev->next = pmc->next; 759 else 760 idev->mc_tomb = pmc->next; 761 } 762 spin_unlock_bh(&idev->mc_lock); 763 764 if (pmc) { 765 for (psf = pmc->mca_tomb; psf; psf = psf_next) { 766 psf_next = psf->sf_next; 767 kfree(psf); 768 } 769 in6_dev_put(pmc->idev); 770 kfree(pmc); 771 } 772 } 773 774 static void mld_clear_delrec(struct inet6_dev *idev) 775 { 776 struct ifmcaddr6 *pmc, *nextpmc; 777 778 spin_lock_bh(&idev->mc_lock); 779 pmc = idev->mc_tomb; 780 idev->mc_tomb = NULL; 781 spin_unlock_bh(&idev->mc_lock); 782 783 for (; pmc; pmc = nextpmc) { 784 nextpmc = pmc->next; 785 ip6_mc_clear_src(pmc); 786 in6_dev_put(pmc->idev); 787 kfree(pmc); 788 } 789 790 /* clear dead sources, too */ 791 read_lock_bh(&idev->lock); 792 for (pmc = idev->mc_list; pmc; pmc = pmc->next) { 793 struct ip6_sf_list *psf, *psf_next; 794 795 spin_lock_bh(&pmc->mca_lock); 796 psf = pmc->mca_tomb; 797 pmc->mca_tomb = NULL; 798 spin_unlock_bh(&pmc->mca_lock); 799 for (; psf; psf = psf_next) { 800 psf_next = psf->sf_next; 801 kfree(psf); 802 } 803 } 804 read_unlock_bh(&idev->lock); 805 } 806 807 static void mca_get(struct ifmcaddr6 *mc) 808 { 809 atomic_inc(&mc->mca_refcnt); 810 } 811 812 static void ma_put(struct ifmcaddr6 *mc) 813 { 814 if (atomic_dec_and_test(&mc->mca_refcnt)) { 815 in6_dev_put(mc->idev); 816 kfree(mc); 817 } 818 } 819 820 static struct ifmcaddr6 *mca_alloc(struct inet6_dev *idev, 821 const struct in6_addr *addr) 822 { 823 struct ifmcaddr6 *mc; 824 825 mc = kzalloc(sizeof(*mc), GFP_ATOMIC); 826 if (!mc) 827 return NULL; 828 829 setup_timer(&mc->mca_timer, igmp6_timer_handler, (unsigned long)mc); 830 831 mc->mca_addr = *addr; 832 mc->idev = idev; /* reference taken by caller */ 833 mc->mca_users = 1; 834 /* mca_stamp should be updated upon changes */ 835 mc->mca_cstamp = mc->mca_tstamp = jiffies; 836 atomic_set(&mc->mca_refcnt, 1); 837 spin_lock_init(&mc->mca_lock); 838 839 /* initial mode is (EX, empty) */ 840 mc->mca_sfmode = MCAST_EXCLUDE; 841 mc->mca_sfcount[MCAST_EXCLUDE] = 1; 842 843 if (ipv6_addr_is_ll_all_nodes(&mc->mca_addr) || 844 IPV6_ADDR_MC_SCOPE(&mc->mca_addr) < IPV6_ADDR_SCOPE_LINKLOCAL) 845 mc->mca_flags |= MAF_NOREPORT; 846 847 return mc; 848 } 849 850 /* 851 * device multicast group inc (add if not found) 852 */ 853 int ipv6_dev_mc_inc(struct net_device *dev, const struct in6_addr *addr) 854 { 855 struct ifmcaddr6 *mc; 856 struct inet6_dev *idev; 857 858 ASSERT_RTNL(); 859 860 /* we need to take a reference on idev */ 861 idev = in6_dev_get(dev); 862 863 if (!idev) 864 return -EINVAL; 865 866 write_lock_bh(&idev->lock); 867 if (idev->dead) { 868 write_unlock_bh(&idev->lock); 869 in6_dev_put(idev); 870 return -ENODEV; 871 } 872 873 for (mc = idev->mc_list; mc; mc = mc->next) { 874 if (ipv6_addr_equal(&mc->mca_addr, addr)) { 875 mc->mca_users++; 876 write_unlock_bh(&idev->lock); 877 ip6_mc_add_src(idev, &mc->mca_addr, MCAST_EXCLUDE, 0, 878 NULL, 0); 879 in6_dev_put(idev); 880 return 0; 881 } 882 } 883 884 mc = mca_alloc(idev, addr); 885 if (!mc) { 886 write_unlock_bh(&idev->lock); 887 in6_dev_put(idev); 888 return -ENOMEM; 889 } 890 891 mc->next = idev->mc_list; 892 idev->mc_list = mc; 893 894 /* Hold this for the code below before we unlock, 895 * it is already exposed via idev->mc_list. 896 */ 897 mca_get(mc); 898 write_unlock_bh(&idev->lock); 899 900 mld_del_delrec(idev, &mc->mca_addr); 901 igmp6_group_added(mc); 902 ma_put(mc); 903 return 0; 904 } 905 906 /* 907 * device multicast group del 908 */ 909 int __ipv6_dev_mc_dec(struct inet6_dev *idev, const struct in6_addr *addr) 910 { 911 struct ifmcaddr6 *ma, **map; 912 913 ASSERT_RTNL(); 914 915 write_lock_bh(&idev->lock); 916 for (map = &idev->mc_list; (ma = *map) != NULL; map = &ma->next) { 917 if (ipv6_addr_equal(&ma->mca_addr, addr)) { 918 if (--ma->mca_users == 0) { 919 *map = ma->next; 920 write_unlock_bh(&idev->lock); 921 922 igmp6_group_dropped(ma); 923 924 ma_put(ma); 925 return 0; 926 } 927 write_unlock_bh(&idev->lock); 928 return 0; 929 } 930 } 931 write_unlock_bh(&idev->lock); 932 933 return -ENOENT; 934 } 935 936 int ipv6_dev_mc_dec(struct net_device *dev, const struct in6_addr *addr) 937 { 938 struct inet6_dev *idev; 939 int err; 940 941 ASSERT_RTNL(); 942 943 idev = __in6_dev_get(dev); 944 if (!idev) 945 err = -ENODEV; 946 else 947 err = __ipv6_dev_mc_dec(idev, addr); 948 949 return err; 950 } 951 952 /* 953 * check if the interface/address pair is valid 954 */ 955 bool ipv6_chk_mcast_addr(struct net_device *dev, const struct in6_addr *group, 956 const struct in6_addr *src_addr) 957 { 958 struct inet6_dev *idev; 959 struct ifmcaddr6 *mc; 960 bool rv = false; 961 962 rcu_read_lock(); 963 idev = __in6_dev_get(dev); 964 if (idev) { 965 read_lock_bh(&idev->lock); 966 for (mc = idev->mc_list; mc; mc = mc->next) { 967 if (ipv6_addr_equal(&mc->mca_addr, group)) 968 break; 969 } 970 if (mc) { 971 if (src_addr && !ipv6_addr_any(src_addr)) { 972 struct ip6_sf_list *psf; 973 974 spin_lock_bh(&mc->mca_lock); 975 for (psf = mc->mca_sources; psf; psf = psf->sf_next) { 976 if (ipv6_addr_equal(&psf->sf_addr, src_addr)) 977 break; 978 } 979 if (psf) 980 rv = psf->sf_count[MCAST_INCLUDE] || 981 psf->sf_count[MCAST_EXCLUDE] != 982 mc->mca_sfcount[MCAST_EXCLUDE]; 983 else 984 rv = mc->mca_sfcount[MCAST_EXCLUDE] != 0; 985 spin_unlock_bh(&mc->mca_lock); 986 } else 987 rv = true; /* don't filter unspecified source */ 988 } 989 read_unlock_bh(&idev->lock); 990 } 991 rcu_read_unlock(); 992 return rv; 993 } 994 995 static void mld_gq_start_timer(struct inet6_dev *idev) 996 { 997 unsigned long tv = prandom_u32() % idev->mc_maxdelay; 998 999 idev->mc_gq_running = 1; 1000 if (!mod_timer(&idev->mc_gq_timer, jiffies+tv+2)) 1001 in6_dev_hold(idev); 1002 } 1003 1004 static void mld_gq_stop_timer(struct inet6_dev *idev) 1005 { 1006 idev->mc_gq_running = 0; 1007 if (del_timer(&idev->mc_gq_timer)) 1008 __in6_dev_put(idev); 1009 } 1010 1011 static void mld_ifc_start_timer(struct inet6_dev *idev, unsigned long delay) 1012 { 1013 unsigned long tv = prandom_u32() % delay; 1014 1015 if (!mod_timer(&idev->mc_ifc_timer, jiffies+tv+2)) 1016 in6_dev_hold(idev); 1017 } 1018 1019 static void mld_ifc_stop_timer(struct inet6_dev *idev) 1020 { 1021 idev->mc_ifc_count = 0; 1022 if (del_timer(&idev->mc_ifc_timer)) 1023 __in6_dev_put(idev); 1024 } 1025 1026 static void mld_dad_start_timer(struct inet6_dev *idev, unsigned long delay) 1027 { 1028 unsigned long tv = prandom_u32() % delay; 1029 1030 if (!mod_timer(&idev->mc_dad_timer, jiffies+tv+2)) 1031 in6_dev_hold(idev); 1032 } 1033 1034 static void mld_dad_stop_timer(struct inet6_dev *idev) 1035 { 1036 if (del_timer(&idev->mc_dad_timer)) 1037 __in6_dev_put(idev); 1038 } 1039 1040 /* 1041 * IGMP handling (alias multicast ICMPv6 messages) 1042 */ 1043 1044 static void igmp6_group_queried(struct ifmcaddr6 *ma, unsigned long resptime) 1045 { 1046 unsigned long delay = resptime; 1047 1048 /* Do not start timer for these addresses */ 1049 if (ipv6_addr_is_ll_all_nodes(&ma->mca_addr) || 1050 IPV6_ADDR_MC_SCOPE(&ma->mca_addr) < IPV6_ADDR_SCOPE_LINKLOCAL) 1051 return; 1052 1053 if (del_timer(&ma->mca_timer)) { 1054 atomic_dec(&ma->mca_refcnt); 1055 delay = ma->mca_timer.expires - jiffies; 1056 } 1057 1058 if (delay >= resptime) 1059 delay = prandom_u32() % resptime; 1060 1061 ma->mca_timer.expires = jiffies + delay; 1062 if (!mod_timer(&ma->mca_timer, jiffies + delay)) 1063 atomic_inc(&ma->mca_refcnt); 1064 ma->mca_flags |= MAF_TIMER_RUNNING; 1065 } 1066 1067 /* mark EXCLUDE-mode sources */ 1068 static bool mld_xmarksources(struct ifmcaddr6 *pmc, int nsrcs, 1069 const struct in6_addr *srcs) 1070 { 1071 struct ip6_sf_list *psf; 1072 int i, scount; 1073 1074 scount = 0; 1075 for (psf = pmc->mca_sources; psf; psf = psf->sf_next) { 1076 if (scount == nsrcs) 1077 break; 1078 for (i = 0; i < nsrcs; i++) { 1079 /* skip inactive filters */ 1080 if (psf->sf_count[MCAST_INCLUDE] || 1081 pmc->mca_sfcount[MCAST_EXCLUDE] != 1082 psf->sf_count[MCAST_EXCLUDE]) 1083 break; 1084 if (ipv6_addr_equal(&srcs[i], &psf->sf_addr)) { 1085 scount++; 1086 break; 1087 } 1088 } 1089 } 1090 pmc->mca_flags &= ~MAF_GSQUERY; 1091 if (scount == nsrcs) /* all sources excluded */ 1092 return false; 1093 return true; 1094 } 1095 1096 static bool mld_marksources(struct ifmcaddr6 *pmc, int nsrcs, 1097 const struct in6_addr *srcs) 1098 { 1099 struct ip6_sf_list *psf; 1100 int i, scount; 1101 1102 if (pmc->mca_sfmode == MCAST_EXCLUDE) 1103 return mld_xmarksources(pmc, nsrcs, srcs); 1104 1105 /* mark INCLUDE-mode sources */ 1106 1107 scount = 0; 1108 for (psf = pmc->mca_sources; psf; psf = psf->sf_next) { 1109 if (scount == nsrcs) 1110 break; 1111 for (i = 0; i < nsrcs; i++) { 1112 if (ipv6_addr_equal(&srcs[i], &psf->sf_addr)) { 1113 psf->sf_gsresp = 1; 1114 scount++; 1115 break; 1116 } 1117 } 1118 } 1119 if (!scount) { 1120 pmc->mca_flags &= ~MAF_GSQUERY; 1121 return false; 1122 } 1123 pmc->mca_flags |= MAF_GSQUERY; 1124 return true; 1125 } 1126 1127 static int mld_force_mld_version(const struct inet6_dev *idev) 1128 { 1129 /* Normally, both are 0 here. If enforcement to a particular is 1130 * being used, individual device enforcement will have a lower 1131 * precedence over 'all' device (.../conf/all/force_mld_version). 1132 */ 1133 1134 if (dev_net(idev->dev)->ipv6.devconf_all->force_mld_version != 0) 1135 return dev_net(idev->dev)->ipv6.devconf_all->force_mld_version; 1136 else 1137 return idev->cnf.force_mld_version; 1138 } 1139 1140 static bool mld_in_v2_mode_only(const struct inet6_dev *idev) 1141 { 1142 return mld_force_mld_version(idev) == 2; 1143 } 1144 1145 static bool mld_in_v1_mode_only(const struct inet6_dev *idev) 1146 { 1147 return mld_force_mld_version(idev) == 1; 1148 } 1149 1150 static bool mld_in_v1_mode(const struct inet6_dev *idev) 1151 { 1152 if (mld_in_v2_mode_only(idev)) 1153 return false; 1154 if (mld_in_v1_mode_only(idev)) 1155 return true; 1156 if (idev->mc_v1_seen && time_before(jiffies, idev->mc_v1_seen)) 1157 return true; 1158 1159 return false; 1160 } 1161 1162 static void mld_set_v1_mode(struct inet6_dev *idev) 1163 { 1164 /* RFC3810, relevant sections: 1165 * - 9.1. Robustness Variable 1166 * - 9.2. Query Interval 1167 * - 9.3. Query Response Interval 1168 * - 9.12. Older Version Querier Present Timeout 1169 */ 1170 unsigned long switchback; 1171 1172 switchback = (idev->mc_qrv * idev->mc_qi) + idev->mc_qri; 1173 1174 idev->mc_v1_seen = jiffies + switchback; 1175 } 1176 1177 static void mld_update_qrv(struct inet6_dev *idev, 1178 const struct mld2_query *mlh2) 1179 { 1180 /* RFC3810, relevant sections: 1181 * - 5.1.8. QRV (Querier's Robustness Variable) 1182 * - 9.1. Robustness Variable 1183 */ 1184 1185 /* The value of the Robustness Variable MUST NOT be zero, 1186 * and SHOULD NOT be one. Catch this here if we ever run 1187 * into such a case in future. 1188 */ 1189 const int min_qrv = min(MLD_QRV_DEFAULT, sysctl_mld_qrv); 1190 WARN_ON(idev->mc_qrv == 0); 1191 1192 if (mlh2->mld2q_qrv > 0) 1193 idev->mc_qrv = mlh2->mld2q_qrv; 1194 1195 if (unlikely(idev->mc_qrv < min_qrv)) { 1196 net_warn_ratelimited("IPv6: MLD: clamping QRV from %u to %u!\n", 1197 idev->mc_qrv, min_qrv); 1198 idev->mc_qrv = min_qrv; 1199 } 1200 } 1201 1202 static void mld_update_qi(struct inet6_dev *idev, 1203 const struct mld2_query *mlh2) 1204 { 1205 /* RFC3810, relevant sections: 1206 * - 5.1.9. QQIC (Querier's Query Interval Code) 1207 * - 9.2. Query Interval 1208 * - 9.12. Older Version Querier Present Timeout 1209 * (the [Query Interval] in the last Query received) 1210 */ 1211 unsigned long mc_qqi; 1212 1213 if (mlh2->mld2q_qqic < 128) { 1214 mc_qqi = mlh2->mld2q_qqic; 1215 } else { 1216 unsigned long mc_man, mc_exp; 1217 1218 mc_exp = MLDV2_QQIC_EXP(mlh2->mld2q_qqic); 1219 mc_man = MLDV2_QQIC_MAN(mlh2->mld2q_qqic); 1220 1221 mc_qqi = (mc_man | 0x10) << (mc_exp + 3); 1222 } 1223 1224 idev->mc_qi = mc_qqi * HZ; 1225 } 1226 1227 static void mld_update_qri(struct inet6_dev *idev, 1228 const struct mld2_query *mlh2) 1229 { 1230 /* RFC3810, relevant sections: 1231 * - 5.1.3. Maximum Response Code 1232 * - 9.3. Query Response Interval 1233 */ 1234 idev->mc_qri = msecs_to_jiffies(mldv2_mrc(mlh2)); 1235 } 1236 1237 static int mld_process_v1(struct inet6_dev *idev, struct mld_msg *mld, 1238 unsigned long *max_delay, bool v1_query) 1239 { 1240 unsigned long mldv1_md; 1241 1242 /* Ignore v1 queries */ 1243 if (mld_in_v2_mode_only(idev)) 1244 return -EINVAL; 1245 1246 mldv1_md = ntohs(mld->mld_maxdelay); 1247 1248 /* When in MLDv1 fallback and a MLDv2 router start-up being 1249 * unaware of current MLDv1 operation, the MRC == MRD mapping 1250 * only works when the exponential algorithm is not being 1251 * used (as MLDv1 is unaware of such things). 1252 * 1253 * According to the RFC author, the MLDv2 implementations 1254 * he's aware of all use a MRC < 32768 on start up queries. 1255 * 1256 * Thus, should we *ever* encounter something else larger 1257 * than that, just assume the maximum possible within our 1258 * reach. 1259 */ 1260 if (!v1_query) 1261 mldv1_md = min(mldv1_md, MLDV1_MRD_MAX_COMPAT); 1262 1263 *max_delay = max(msecs_to_jiffies(mldv1_md), 1UL); 1264 1265 /* MLDv1 router present: we need to go into v1 mode *only* 1266 * when an MLDv1 query is received as per section 9.12. of 1267 * RFC3810! And we know from RFC2710 section 3.7 that MLDv1 1268 * queries MUST be of exactly 24 octets. 1269 */ 1270 if (v1_query) 1271 mld_set_v1_mode(idev); 1272 1273 /* cancel MLDv2 report timer */ 1274 mld_gq_stop_timer(idev); 1275 /* cancel the interface change timer */ 1276 mld_ifc_stop_timer(idev); 1277 /* clear deleted report items */ 1278 mld_clear_delrec(idev); 1279 1280 return 0; 1281 } 1282 1283 static int mld_process_v2(struct inet6_dev *idev, struct mld2_query *mld, 1284 unsigned long *max_delay) 1285 { 1286 *max_delay = max(msecs_to_jiffies(mldv2_mrc(mld)), 1UL); 1287 1288 mld_update_qrv(idev, mld); 1289 mld_update_qi(idev, mld); 1290 mld_update_qri(idev, mld); 1291 1292 idev->mc_maxdelay = *max_delay; 1293 1294 return 0; 1295 } 1296 1297 /* called with rcu_read_lock() */ 1298 int igmp6_event_query(struct sk_buff *skb) 1299 { 1300 struct mld2_query *mlh2 = NULL; 1301 struct ifmcaddr6 *ma; 1302 const struct in6_addr *group; 1303 unsigned long max_delay; 1304 struct inet6_dev *idev; 1305 struct mld_msg *mld; 1306 int group_type; 1307 int mark = 0; 1308 int len, err; 1309 1310 if (!pskb_may_pull(skb, sizeof(struct in6_addr))) 1311 return -EINVAL; 1312 1313 /* compute payload length excluding extension headers */ 1314 len = ntohs(ipv6_hdr(skb)->payload_len) + sizeof(struct ipv6hdr); 1315 len -= skb_network_header_len(skb); 1316 1317 /* RFC3810 6.2 1318 * Upon reception of an MLD message that contains a Query, the node 1319 * checks if the source address of the message is a valid link-local 1320 * address, if the Hop Limit is set to 1, and if the Router Alert 1321 * option is present in the Hop-By-Hop Options header of the IPv6 1322 * packet. If any of these checks fails, the packet is dropped. 1323 */ 1324 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL) || 1325 ipv6_hdr(skb)->hop_limit != 1 || 1326 !(IP6CB(skb)->flags & IP6SKB_ROUTERALERT) || 1327 IP6CB(skb)->ra != htons(IPV6_OPT_ROUTERALERT_MLD)) 1328 return -EINVAL; 1329 1330 idev = __in6_dev_get(skb->dev); 1331 if (!idev) 1332 return 0; 1333 1334 mld = (struct mld_msg *)icmp6_hdr(skb); 1335 group = &mld->mld_mca; 1336 group_type = ipv6_addr_type(group); 1337 1338 if (group_type != IPV6_ADDR_ANY && 1339 !(group_type&IPV6_ADDR_MULTICAST)) 1340 return -EINVAL; 1341 1342 if (len < MLD_V1_QUERY_LEN) { 1343 return -EINVAL; 1344 } else if (len == MLD_V1_QUERY_LEN || mld_in_v1_mode(idev)) { 1345 err = mld_process_v1(idev, mld, &max_delay, 1346 len == MLD_V1_QUERY_LEN); 1347 if (err < 0) 1348 return err; 1349 } else if (len >= MLD_V2_QUERY_LEN_MIN) { 1350 int srcs_offset = sizeof(struct mld2_query) - 1351 sizeof(struct icmp6hdr); 1352 1353 if (!pskb_may_pull(skb, srcs_offset)) 1354 return -EINVAL; 1355 1356 mlh2 = (struct mld2_query *)skb_transport_header(skb); 1357 1358 err = mld_process_v2(idev, mlh2, &max_delay); 1359 if (err < 0) 1360 return err; 1361 1362 if (group_type == IPV6_ADDR_ANY) { /* general query */ 1363 if (mlh2->mld2q_nsrcs) 1364 return -EINVAL; /* no sources allowed */ 1365 1366 mld_gq_start_timer(idev); 1367 return 0; 1368 } 1369 /* mark sources to include, if group & source-specific */ 1370 if (mlh2->mld2q_nsrcs != 0) { 1371 if (!pskb_may_pull(skb, srcs_offset + 1372 ntohs(mlh2->mld2q_nsrcs) * sizeof(struct in6_addr))) 1373 return -EINVAL; 1374 1375 mlh2 = (struct mld2_query *)skb_transport_header(skb); 1376 mark = 1; 1377 } 1378 } else { 1379 return -EINVAL; 1380 } 1381 1382 read_lock_bh(&idev->lock); 1383 if (group_type == IPV6_ADDR_ANY) { 1384 for (ma = idev->mc_list; ma; ma = ma->next) { 1385 spin_lock_bh(&ma->mca_lock); 1386 igmp6_group_queried(ma, max_delay); 1387 spin_unlock_bh(&ma->mca_lock); 1388 } 1389 } else { 1390 for (ma = idev->mc_list; ma; ma = ma->next) { 1391 if (!ipv6_addr_equal(group, &ma->mca_addr)) 1392 continue; 1393 spin_lock_bh(&ma->mca_lock); 1394 if (ma->mca_flags & MAF_TIMER_RUNNING) { 1395 /* gsquery <- gsquery && mark */ 1396 if (!mark) 1397 ma->mca_flags &= ~MAF_GSQUERY; 1398 } else { 1399 /* gsquery <- mark */ 1400 if (mark) 1401 ma->mca_flags |= MAF_GSQUERY; 1402 else 1403 ma->mca_flags &= ~MAF_GSQUERY; 1404 } 1405 if (!(ma->mca_flags & MAF_GSQUERY) || 1406 mld_marksources(ma, ntohs(mlh2->mld2q_nsrcs), mlh2->mld2q_srcs)) 1407 igmp6_group_queried(ma, max_delay); 1408 spin_unlock_bh(&ma->mca_lock); 1409 break; 1410 } 1411 } 1412 read_unlock_bh(&idev->lock); 1413 1414 return 0; 1415 } 1416 1417 /* called with rcu_read_lock() */ 1418 int igmp6_event_report(struct sk_buff *skb) 1419 { 1420 struct ifmcaddr6 *ma; 1421 struct inet6_dev *idev; 1422 struct mld_msg *mld; 1423 int addr_type; 1424 1425 /* Our own report looped back. Ignore it. */ 1426 if (skb->pkt_type == PACKET_LOOPBACK) 1427 return 0; 1428 1429 /* send our report if the MC router may not have heard this report */ 1430 if (skb->pkt_type != PACKET_MULTICAST && 1431 skb->pkt_type != PACKET_BROADCAST) 1432 return 0; 1433 1434 if (!pskb_may_pull(skb, sizeof(*mld) - sizeof(struct icmp6hdr))) 1435 return -EINVAL; 1436 1437 mld = (struct mld_msg *)icmp6_hdr(skb); 1438 1439 /* Drop reports with not link local source */ 1440 addr_type = ipv6_addr_type(&ipv6_hdr(skb)->saddr); 1441 if (addr_type != IPV6_ADDR_ANY && 1442 !(addr_type&IPV6_ADDR_LINKLOCAL)) 1443 return -EINVAL; 1444 1445 idev = __in6_dev_get(skb->dev); 1446 if (!idev) 1447 return -ENODEV; 1448 1449 /* 1450 * Cancel the timer for this group 1451 */ 1452 1453 read_lock_bh(&idev->lock); 1454 for (ma = idev->mc_list; ma; ma = ma->next) { 1455 if (ipv6_addr_equal(&ma->mca_addr, &mld->mld_mca)) { 1456 spin_lock(&ma->mca_lock); 1457 if (del_timer(&ma->mca_timer)) 1458 atomic_dec(&ma->mca_refcnt); 1459 ma->mca_flags &= ~(MAF_LAST_REPORTER|MAF_TIMER_RUNNING); 1460 spin_unlock(&ma->mca_lock); 1461 break; 1462 } 1463 } 1464 read_unlock_bh(&idev->lock); 1465 return 0; 1466 } 1467 1468 static bool is_in(struct ifmcaddr6 *pmc, struct ip6_sf_list *psf, int type, 1469 int gdeleted, int sdeleted) 1470 { 1471 switch (type) { 1472 case MLD2_MODE_IS_INCLUDE: 1473 case MLD2_MODE_IS_EXCLUDE: 1474 if (gdeleted || sdeleted) 1475 return false; 1476 if (!((pmc->mca_flags & MAF_GSQUERY) && !psf->sf_gsresp)) { 1477 if (pmc->mca_sfmode == MCAST_INCLUDE) 1478 return true; 1479 /* don't include if this source is excluded 1480 * in all filters 1481 */ 1482 if (psf->sf_count[MCAST_INCLUDE]) 1483 return type == MLD2_MODE_IS_INCLUDE; 1484 return pmc->mca_sfcount[MCAST_EXCLUDE] == 1485 psf->sf_count[MCAST_EXCLUDE]; 1486 } 1487 return false; 1488 case MLD2_CHANGE_TO_INCLUDE: 1489 if (gdeleted || sdeleted) 1490 return false; 1491 return psf->sf_count[MCAST_INCLUDE] != 0; 1492 case MLD2_CHANGE_TO_EXCLUDE: 1493 if (gdeleted || sdeleted) 1494 return false; 1495 if (pmc->mca_sfcount[MCAST_EXCLUDE] == 0 || 1496 psf->sf_count[MCAST_INCLUDE]) 1497 return false; 1498 return pmc->mca_sfcount[MCAST_EXCLUDE] == 1499 psf->sf_count[MCAST_EXCLUDE]; 1500 case MLD2_ALLOW_NEW_SOURCES: 1501 if (gdeleted || !psf->sf_crcount) 1502 return false; 1503 return (pmc->mca_sfmode == MCAST_INCLUDE) ^ sdeleted; 1504 case MLD2_BLOCK_OLD_SOURCES: 1505 if (pmc->mca_sfmode == MCAST_INCLUDE) 1506 return gdeleted || (psf->sf_crcount && sdeleted); 1507 return psf->sf_crcount && !gdeleted && !sdeleted; 1508 } 1509 return false; 1510 } 1511 1512 static int 1513 mld_scount(struct ifmcaddr6 *pmc, int type, int gdeleted, int sdeleted) 1514 { 1515 struct ip6_sf_list *psf; 1516 int scount = 0; 1517 1518 for (psf = pmc->mca_sources; psf; psf = psf->sf_next) { 1519 if (!is_in(pmc, psf, type, gdeleted, sdeleted)) 1520 continue; 1521 scount++; 1522 } 1523 return scount; 1524 } 1525 1526 static void ip6_mc_hdr(struct sock *sk, struct sk_buff *skb, 1527 struct net_device *dev, 1528 const struct in6_addr *saddr, 1529 const struct in6_addr *daddr, 1530 int proto, int len) 1531 { 1532 struct ipv6hdr *hdr; 1533 1534 skb->protocol = htons(ETH_P_IPV6); 1535 skb->dev = dev; 1536 1537 skb_reset_network_header(skb); 1538 skb_put(skb, sizeof(struct ipv6hdr)); 1539 hdr = ipv6_hdr(skb); 1540 1541 ip6_flow_hdr(hdr, 0, 0); 1542 1543 hdr->payload_len = htons(len); 1544 hdr->nexthdr = proto; 1545 hdr->hop_limit = inet6_sk(sk)->hop_limit; 1546 1547 hdr->saddr = *saddr; 1548 hdr->daddr = *daddr; 1549 } 1550 1551 static struct sk_buff *mld_newpack(struct inet6_dev *idev, unsigned int mtu) 1552 { 1553 struct net_device *dev = idev->dev; 1554 struct net *net = dev_net(dev); 1555 struct sock *sk = net->ipv6.igmp_sk; 1556 struct sk_buff *skb; 1557 struct mld2_report *pmr; 1558 struct in6_addr addr_buf; 1559 const struct in6_addr *saddr; 1560 int hlen = LL_RESERVED_SPACE(dev); 1561 int tlen = dev->needed_tailroom; 1562 unsigned int size = mtu + hlen + tlen; 1563 int err; 1564 u8 ra[8] = { IPPROTO_ICMPV6, 0, 1565 IPV6_TLV_ROUTERALERT, 2, 0, 0, 1566 IPV6_TLV_PADN, 0 }; 1567 1568 /* we assume size > sizeof(ra) here */ 1569 /* limit our allocations to order-0 page */ 1570 size = min_t(int, size, SKB_MAX_ORDER(0, 0)); 1571 skb = sock_alloc_send_skb(sk, size, 1, &err); 1572 1573 if (!skb) 1574 return NULL; 1575 1576 skb->priority = TC_PRIO_CONTROL; 1577 skb->reserved_tailroom = skb_end_offset(skb) - 1578 min(mtu, skb_end_offset(skb)); 1579 skb_reserve(skb, hlen); 1580 1581 if (__ipv6_get_lladdr(idev, &addr_buf, IFA_F_TENTATIVE)) { 1582 /* <draft-ietf-magma-mld-source-05.txt>: 1583 * use unspecified address as the source address 1584 * when a valid link-local address is not available. 1585 */ 1586 saddr = &in6addr_any; 1587 } else 1588 saddr = &addr_buf; 1589 1590 ip6_mc_hdr(sk, skb, dev, saddr, &mld2_all_mcr, NEXTHDR_HOP, 0); 1591 1592 memcpy(skb_put(skb, sizeof(ra)), ra, sizeof(ra)); 1593 1594 skb_set_transport_header(skb, skb_tail_pointer(skb) - skb->data); 1595 skb_put(skb, sizeof(*pmr)); 1596 pmr = (struct mld2_report *)skb_transport_header(skb); 1597 pmr->mld2r_type = ICMPV6_MLD2_REPORT; 1598 pmr->mld2r_resv1 = 0; 1599 pmr->mld2r_cksum = 0; 1600 pmr->mld2r_resv2 = 0; 1601 pmr->mld2r_ngrec = 0; 1602 return skb; 1603 } 1604 1605 static void mld_sendpack(struct sk_buff *skb) 1606 { 1607 struct ipv6hdr *pip6 = ipv6_hdr(skb); 1608 struct mld2_report *pmr = 1609 (struct mld2_report *)skb_transport_header(skb); 1610 int payload_len, mldlen; 1611 struct inet6_dev *idev; 1612 struct net *net = dev_net(skb->dev); 1613 int err; 1614 struct flowi6 fl6; 1615 struct dst_entry *dst; 1616 1617 rcu_read_lock(); 1618 idev = __in6_dev_get(skb->dev); 1619 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len); 1620 1621 payload_len = (skb_tail_pointer(skb) - skb_network_header(skb)) - 1622 sizeof(*pip6); 1623 mldlen = skb_tail_pointer(skb) - skb_transport_header(skb); 1624 pip6->payload_len = htons(payload_len); 1625 1626 pmr->mld2r_cksum = csum_ipv6_magic(&pip6->saddr, &pip6->daddr, mldlen, 1627 IPPROTO_ICMPV6, 1628 csum_partial(skb_transport_header(skb), 1629 mldlen, 0)); 1630 1631 icmpv6_flow_init(net->ipv6.igmp_sk, &fl6, ICMPV6_MLD2_REPORT, 1632 &ipv6_hdr(skb)->saddr, &ipv6_hdr(skb)->daddr, 1633 skb->dev->ifindex); 1634 dst = icmp6_dst_alloc(skb->dev, &fl6); 1635 1636 err = 0; 1637 if (IS_ERR(dst)) { 1638 err = PTR_ERR(dst); 1639 dst = NULL; 1640 } 1641 skb_dst_set(skb, dst); 1642 if (err) 1643 goto err_out; 1644 1645 payload_len = skb->len; 1646 1647 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, 1648 net->ipv6.igmp_sk, skb, NULL, skb->dev, 1649 dst_output_sk); 1650 out: 1651 if (!err) { 1652 ICMP6MSGOUT_INC_STATS(net, idev, ICMPV6_MLD2_REPORT); 1653 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS); 1654 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUTMCAST, payload_len); 1655 } else { 1656 IP6_INC_STATS(net, idev, IPSTATS_MIB_OUTDISCARDS); 1657 } 1658 1659 rcu_read_unlock(); 1660 return; 1661 1662 err_out: 1663 kfree_skb(skb); 1664 goto out; 1665 } 1666 1667 static int grec_size(struct ifmcaddr6 *pmc, int type, int gdel, int sdel) 1668 { 1669 return sizeof(struct mld2_grec) + 16 * mld_scount(pmc,type,gdel,sdel); 1670 } 1671 1672 static struct sk_buff *add_grhead(struct sk_buff *skb, struct ifmcaddr6 *pmc, 1673 int type, struct mld2_grec **ppgr) 1674 { 1675 struct net_device *dev = pmc->idev->dev; 1676 struct mld2_report *pmr; 1677 struct mld2_grec *pgr; 1678 1679 if (!skb) 1680 skb = mld_newpack(pmc->idev, dev->mtu); 1681 if (!skb) 1682 return NULL; 1683 pgr = (struct mld2_grec *)skb_put(skb, sizeof(struct mld2_grec)); 1684 pgr->grec_type = type; 1685 pgr->grec_auxwords = 0; 1686 pgr->grec_nsrcs = 0; 1687 pgr->grec_mca = pmc->mca_addr; /* structure copy */ 1688 pmr = (struct mld2_report *)skb_transport_header(skb); 1689 pmr->mld2r_ngrec = htons(ntohs(pmr->mld2r_ngrec)+1); 1690 *ppgr = pgr; 1691 return skb; 1692 } 1693 1694 #define AVAILABLE(skb) ((skb) ? skb_availroom(skb) : 0) 1695 1696 static struct sk_buff *add_grec(struct sk_buff *skb, struct ifmcaddr6 *pmc, 1697 int type, int gdeleted, int sdeleted, int crsend) 1698 { 1699 struct inet6_dev *idev = pmc->idev; 1700 struct net_device *dev = idev->dev; 1701 struct mld2_report *pmr; 1702 struct mld2_grec *pgr = NULL; 1703 struct ip6_sf_list *psf, *psf_next, *psf_prev, **psf_list; 1704 int scount, stotal, first, isquery, truncate; 1705 1706 if (pmc->mca_flags & MAF_NOREPORT) 1707 return skb; 1708 1709 isquery = type == MLD2_MODE_IS_INCLUDE || 1710 type == MLD2_MODE_IS_EXCLUDE; 1711 truncate = type == MLD2_MODE_IS_EXCLUDE || 1712 type == MLD2_CHANGE_TO_EXCLUDE; 1713 1714 stotal = scount = 0; 1715 1716 psf_list = sdeleted ? &pmc->mca_tomb : &pmc->mca_sources; 1717 1718 if (!*psf_list) 1719 goto empty_source; 1720 1721 pmr = skb ? (struct mld2_report *)skb_transport_header(skb) : NULL; 1722 1723 /* EX and TO_EX get a fresh packet, if needed */ 1724 if (truncate) { 1725 if (pmr && pmr->mld2r_ngrec && 1726 AVAILABLE(skb) < grec_size(pmc, type, gdeleted, sdeleted)) { 1727 if (skb) 1728 mld_sendpack(skb); 1729 skb = mld_newpack(idev, dev->mtu); 1730 } 1731 } 1732 first = 1; 1733 psf_prev = NULL; 1734 for (psf = *psf_list; psf; psf = psf_next) { 1735 struct in6_addr *psrc; 1736 1737 psf_next = psf->sf_next; 1738 1739 if (!is_in(pmc, psf, type, gdeleted, sdeleted)) { 1740 psf_prev = psf; 1741 continue; 1742 } 1743 1744 /* clear marks on query responses */ 1745 if (isquery) 1746 psf->sf_gsresp = 0; 1747 1748 if (AVAILABLE(skb) < sizeof(*psrc) + 1749 first*sizeof(struct mld2_grec)) { 1750 if (truncate && !first) 1751 break; /* truncate these */ 1752 if (pgr) 1753 pgr->grec_nsrcs = htons(scount); 1754 if (skb) 1755 mld_sendpack(skb); 1756 skb = mld_newpack(idev, dev->mtu); 1757 first = 1; 1758 scount = 0; 1759 } 1760 if (first) { 1761 skb = add_grhead(skb, pmc, type, &pgr); 1762 first = 0; 1763 } 1764 if (!skb) 1765 return NULL; 1766 psrc = (struct in6_addr *)skb_put(skb, sizeof(*psrc)); 1767 *psrc = psf->sf_addr; 1768 scount++; stotal++; 1769 if ((type == MLD2_ALLOW_NEW_SOURCES || 1770 type == MLD2_BLOCK_OLD_SOURCES) && psf->sf_crcount) { 1771 psf->sf_crcount--; 1772 if ((sdeleted || gdeleted) && psf->sf_crcount == 0) { 1773 if (psf_prev) 1774 psf_prev->sf_next = psf->sf_next; 1775 else 1776 *psf_list = psf->sf_next; 1777 kfree(psf); 1778 continue; 1779 } 1780 } 1781 psf_prev = psf; 1782 } 1783 1784 empty_source: 1785 if (!stotal) { 1786 if (type == MLD2_ALLOW_NEW_SOURCES || 1787 type == MLD2_BLOCK_OLD_SOURCES) 1788 return skb; 1789 if (pmc->mca_crcount || isquery || crsend) { 1790 /* make sure we have room for group header */ 1791 if (skb && AVAILABLE(skb) < sizeof(struct mld2_grec)) { 1792 mld_sendpack(skb); 1793 skb = NULL; /* add_grhead will get a new one */ 1794 } 1795 skb = add_grhead(skb, pmc, type, &pgr); 1796 } 1797 } 1798 if (pgr) 1799 pgr->grec_nsrcs = htons(scount); 1800 1801 if (isquery) 1802 pmc->mca_flags &= ~MAF_GSQUERY; /* clear query state */ 1803 return skb; 1804 } 1805 1806 static void mld_send_report(struct inet6_dev *idev, struct ifmcaddr6 *pmc) 1807 { 1808 struct sk_buff *skb = NULL; 1809 int type; 1810 1811 read_lock_bh(&idev->lock); 1812 if (!pmc) { 1813 for (pmc = idev->mc_list; pmc; pmc = pmc->next) { 1814 if (pmc->mca_flags & MAF_NOREPORT) 1815 continue; 1816 spin_lock_bh(&pmc->mca_lock); 1817 if (pmc->mca_sfcount[MCAST_EXCLUDE]) 1818 type = MLD2_MODE_IS_EXCLUDE; 1819 else 1820 type = MLD2_MODE_IS_INCLUDE; 1821 skb = add_grec(skb, pmc, type, 0, 0, 0); 1822 spin_unlock_bh(&pmc->mca_lock); 1823 } 1824 } else { 1825 spin_lock_bh(&pmc->mca_lock); 1826 if (pmc->mca_sfcount[MCAST_EXCLUDE]) 1827 type = MLD2_MODE_IS_EXCLUDE; 1828 else 1829 type = MLD2_MODE_IS_INCLUDE; 1830 skb = add_grec(skb, pmc, type, 0, 0, 0); 1831 spin_unlock_bh(&pmc->mca_lock); 1832 } 1833 read_unlock_bh(&idev->lock); 1834 if (skb) 1835 mld_sendpack(skb); 1836 } 1837 1838 /* 1839 * remove zero-count source records from a source filter list 1840 */ 1841 static void mld_clear_zeros(struct ip6_sf_list **ppsf) 1842 { 1843 struct ip6_sf_list *psf_prev, *psf_next, *psf; 1844 1845 psf_prev = NULL; 1846 for (psf = *ppsf; psf; psf = psf_next) { 1847 psf_next = psf->sf_next; 1848 if (psf->sf_crcount == 0) { 1849 if (psf_prev) 1850 psf_prev->sf_next = psf->sf_next; 1851 else 1852 *ppsf = psf->sf_next; 1853 kfree(psf); 1854 } else 1855 psf_prev = psf; 1856 } 1857 } 1858 1859 static void mld_send_cr(struct inet6_dev *idev) 1860 { 1861 struct ifmcaddr6 *pmc, *pmc_prev, *pmc_next; 1862 struct sk_buff *skb = NULL; 1863 int type, dtype; 1864 1865 read_lock_bh(&idev->lock); 1866 spin_lock(&idev->mc_lock); 1867 1868 /* deleted MCA's */ 1869 pmc_prev = NULL; 1870 for (pmc = idev->mc_tomb; pmc; pmc = pmc_next) { 1871 pmc_next = pmc->next; 1872 if (pmc->mca_sfmode == MCAST_INCLUDE) { 1873 type = MLD2_BLOCK_OLD_SOURCES; 1874 dtype = MLD2_BLOCK_OLD_SOURCES; 1875 skb = add_grec(skb, pmc, type, 1, 0, 0); 1876 skb = add_grec(skb, pmc, dtype, 1, 1, 0); 1877 } 1878 if (pmc->mca_crcount) { 1879 if (pmc->mca_sfmode == MCAST_EXCLUDE) { 1880 type = MLD2_CHANGE_TO_INCLUDE; 1881 skb = add_grec(skb, pmc, type, 1, 0, 0); 1882 } 1883 pmc->mca_crcount--; 1884 if (pmc->mca_crcount == 0) { 1885 mld_clear_zeros(&pmc->mca_tomb); 1886 mld_clear_zeros(&pmc->mca_sources); 1887 } 1888 } 1889 if (pmc->mca_crcount == 0 && !pmc->mca_tomb && 1890 !pmc->mca_sources) { 1891 if (pmc_prev) 1892 pmc_prev->next = pmc_next; 1893 else 1894 idev->mc_tomb = pmc_next; 1895 in6_dev_put(pmc->idev); 1896 kfree(pmc); 1897 } else 1898 pmc_prev = pmc; 1899 } 1900 spin_unlock(&idev->mc_lock); 1901 1902 /* change recs */ 1903 for (pmc = idev->mc_list; pmc; pmc = pmc->next) { 1904 spin_lock_bh(&pmc->mca_lock); 1905 if (pmc->mca_sfcount[MCAST_EXCLUDE]) { 1906 type = MLD2_BLOCK_OLD_SOURCES; 1907 dtype = MLD2_ALLOW_NEW_SOURCES; 1908 } else { 1909 type = MLD2_ALLOW_NEW_SOURCES; 1910 dtype = MLD2_BLOCK_OLD_SOURCES; 1911 } 1912 skb = add_grec(skb, pmc, type, 0, 0, 0); 1913 skb = add_grec(skb, pmc, dtype, 0, 1, 0); /* deleted sources */ 1914 1915 /* filter mode changes */ 1916 if (pmc->mca_crcount) { 1917 if (pmc->mca_sfmode == MCAST_EXCLUDE) 1918 type = MLD2_CHANGE_TO_EXCLUDE; 1919 else 1920 type = MLD2_CHANGE_TO_INCLUDE; 1921 skb = add_grec(skb, pmc, type, 0, 0, 0); 1922 pmc->mca_crcount--; 1923 } 1924 spin_unlock_bh(&pmc->mca_lock); 1925 } 1926 read_unlock_bh(&idev->lock); 1927 if (!skb) 1928 return; 1929 (void) mld_sendpack(skb); 1930 } 1931 1932 static void igmp6_send(struct in6_addr *addr, struct net_device *dev, int type) 1933 { 1934 struct net *net = dev_net(dev); 1935 struct sock *sk = net->ipv6.igmp_sk; 1936 struct inet6_dev *idev; 1937 struct sk_buff *skb; 1938 struct mld_msg *hdr; 1939 const struct in6_addr *snd_addr, *saddr; 1940 struct in6_addr addr_buf; 1941 int hlen = LL_RESERVED_SPACE(dev); 1942 int tlen = dev->needed_tailroom; 1943 int err, len, payload_len, full_len; 1944 u8 ra[8] = { IPPROTO_ICMPV6, 0, 1945 IPV6_TLV_ROUTERALERT, 2, 0, 0, 1946 IPV6_TLV_PADN, 0 }; 1947 struct flowi6 fl6; 1948 struct dst_entry *dst; 1949 1950 if (type == ICMPV6_MGM_REDUCTION) 1951 snd_addr = &in6addr_linklocal_allrouters; 1952 else 1953 snd_addr = addr; 1954 1955 len = sizeof(struct icmp6hdr) + sizeof(struct in6_addr); 1956 payload_len = len + sizeof(ra); 1957 full_len = sizeof(struct ipv6hdr) + payload_len; 1958 1959 rcu_read_lock(); 1960 IP6_UPD_PO_STATS(net, __in6_dev_get(dev), 1961 IPSTATS_MIB_OUT, full_len); 1962 rcu_read_unlock(); 1963 1964 skb = sock_alloc_send_skb(sk, hlen + tlen + full_len, 1, &err); 1965 1966 if (!skb) { 1967 rcu_read_lock(); 1968 IP6_INC_STATS(net, __in6_dev_get(dev), 1969 IPSTATS_MIB_OUTDISCARDS); 1970 rcu_read_unlock(); 1971 return; 1972 } 1973 skb->priority = TC_PRIO_CONTROL; 1974 skb_reserve(skb, hlen); 1975 1976 if (ipv6_get_lladdr(dev, &addr_buf, IFA_F_TENTATIVE)) { 1977 /* <draft-ietf-magma-mld-source-05.txt>: 1978 * use unspecified address as the source address 1979 * when a valid link-local address is not available. 1980 */ 1981 saddr = &in6addr_any; 1982 } else 1983 saddr = &addr_buf; 1984 1985 ip6_mc_hdr(sk, skb, dev, saddr, snd_addr, NEXTHDR_HOP, payload_len); 1986 1987 memcpy(skb_put(skb, sizeof(ra)), ra, sizeof(ra)); 1988 1989 hdr = (struct mld_msg *) skb_put(skb, sizeof(struct mld_msg)); 1990 memset(hdr, 0, sizeof(struct mld_msg)); 1991 hdr->mld_type = type; 1992 hdr->mld_mca = *addr; 1993 1994 hdr->mld_cksum = csum_ipv6_magic(saddr, snd_addr, len, 1995 IPPROTO_ICMPV6, 1996 csum_partial(hdr, len, 0)); 1997 1998 rcu_read_lock(); 1999 idev = __in6_dev_get(skb->dev); 2000 2001 icmpv6_flow_init(sk, &fl6, type, 2002 &ipv6_hdr(skb)->saddr, &ipv6_hdr(skb)->daddr, 2003 skb->dev->ifindex); 2004 dst = icmp6_dst_alloc(skb->dev, &fl6); 2005 if (IS_ERR(dst)) { 2006 err = PTR_ERR(dst); 2007 goto err_out; 2008 } 2009 2010 skb_dst_set(skb, dst); 2011 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, sk, skb, 2012 NULL, skb->dev, dst_output_sk); 2013 out: 2014 if (!err) { 2015 ICMP6MSGOUT_INC_STATS(net, idev, type); 2016 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS); 2017 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUTMCAST, full_len); 2018 } else 2019 IP6_INC_STATS(net, idev, IPSTATS_MIB_OUTDISCARDS); 2020 2021 rcu_read_unlock(); 2022 return; 2023 2024 err_out: 2025 kfree_skb(skb); 2026 goto out; 2027 } 2028 2029 static void mld_send_initial_cr(struct inet6_dev *idev) 2030 { 2031 struct sk_buff *skb; 2032 struct ifmcaddr6 *pmc; 2033 int type; 2034 2035 if (mld_in_v1_mode(idev)) 2036 return; 2037 2038 skb = NULL; 2039 read_lock_bh(&idev->lock); 2040 for (pmc = idev->mc_list; pmc; pmc = pmc->next) { 2041 spin_lock_bh(&pmc->mca_lock); 2042 if (pmc->mca_sfcount[MCAST_EXCLUDE]) 2043 type = MLD2_CHANGE_TO_EXCLUDE; 2044 else 2045 type = MLD2_CHANGE_TO_INCLUDE; 2046 skb = add_grec(skb, pmc, type, 0, 0, 1); 2047 spin_unlock_bh(&pmc->mca_lock); 2048 } 2049 read_unlock_bh(&idev->lock); 2050 if (skb) 2051 mld_sendpack(skb); 2052 } 2053 2054 void ipv6_mc_dad_complete(struct inet6_dev *idev) 2055 { 2056 idev->mc_dad_count = idev->mc_qrv; 2057 if (idev->mc_dad_count) { 2058 mld_send_initial_cr(idev); 2059 idev->mc_dad_count--; 2060 if (idev->mc_dad_count) 2061 mld_dad_start_timer(idev, idev->mc_maxdelay); 2062 } 2063 } 2064 2065 static void mld_dad_timer_expire(unsigned long data) 2066 { 2067 struct inet6_dev *idev = (struct inet6_dev *)data; 2068 2069 mld_send_initial_cr(idev); 2070 if (idev->mc_dad_count) { 2071 idev->mc_dad_count--; 2072 if (idev->mc_dad_count) 2073 mld_dad_start_timer(idev, idev->mc_maxdelay); 2074 } 2075 in6_dev_put(idev); 2076 } 2077 2078 static int ip6_mc_del1_src(struct ifmcaddr6 *pmc, int sfmode, 2079 const struct in6_addr *psfsrc) 2080 { 2081 struct ip6_sf_list *psf, *psf_prev; 2082 int rv = 0; 2083 2084 psf_prev = NULL; 2085 for (psf = pmc->mca_sources; psf; psf = psf->sf_next) { 2086 if (ipv6_addr_equal(&psf->sf_addr, psfsrc)) 2087 break; 2088 psf_prev = psf; 2089 } 2090 if (!psf || psf->sf_count[sfmode] == 0) { 2091 /* source filter not found, or count wrong => bug */ 2092 return -ESRCH; 2093 } 2094 psf->sf_count[sfmode]--; 2095 if (!psf->sf_count[MCAST_INCLUDE] && !psf->sf_count[MCAST_EXCLUDE]) { 2096 struct inet6_dev *idev = pmc->idev; 2097 2098 /* no more filters for this source */ 2099 if (psf_prev) 2100 psf_prev->sf_next = psf->sf_next; 2101 else 2102 pmc->mca_sources = psf->sf_next; 2103 if (psf->sf_oldin && !(pmc->mca_flags & MAF_NOREPORT) && 2104 !mld_in_v1_mode(idev)) { 2105 psf->sf_crcount = idev->mc_qrv; 2106 psf->sf_next = pmc->mca_tomb; 2107 pmc->mca_tomb = psf; 2108 rv = 1; 2109 } else 2110 kfree(psf); 2111 } 2112 return rv; 2113 } 2114 2115 static int ip6_mc_del_src(struct inet6_dev *idev, const struct in6_addr *pmca, 2116 int sfmode, int sfcount, const struct in6_addr *psfsrc, 2117 int delta) 2118 { 2119 struct ifmcaddr6 *pmc; 2120 int changerec = 0; 2121 int i, err; 2122 2123 if (!idev) 2124 return -ENODEV; 2125 read_lock_bh(&idev->lock); 2126 for (pmc = idev->mc_list; pmc; pmc = pmc->next) { 2127 if (ipv6_addr_equal(pmca, &pmc->mca_addr)) 2128 break; 2129 } 2130 if (!pmc) { 2131 /* MCA not found?? bug */ 2132 read_unlock_bh(&idev->lock); 2133 return -ESRCH; 2134 } 2135 spin_lock_bh(&pmc->mca_lock); 2136 sf_markstate(pmc); 2137 if (!delta) { 2138 if (!pmc->mca_sfcount[sfmode]) { 2139 spin_unlock_bh(&pmc->mca_lock); 2140 read_unlock_bh(&idev->lock); 2141 return -EINVAL; 2142 } 2143 pmc->mca_sfcount[sfmode]--; 2144 } 2145 err = 0; 2146 for (i = 0; i < sfcount; i++) { 2147 int rv = ip6_mc_del1_src(pmc, sfmode, &psfsrc[i]); 2148 2149 changerec |= rv > 0; 2150 if (!err && rv < 0) 2151 err = rv; 2152 } 2153 if (pmc->mca_sfmode == MCAST_EXCLUDE && 2154 pmc->mca_sfcount[MCAST_EXCLUDE] == 0 && 2155 pmc->mca_sfcount[MCAST_INCLUDE]) { 2156 struct ip6_sf_list *psf; 2157 2158 /* filter mode change */ 2159 pmc->mca_sfmode = MCAST_INCLUDE; 2160 pmc->mca_crcount = idev->mc_qrv; 2161 idev->mc_ifc_count = pmc->mca_crcount; 2162 for (psf = pmc->mca_sources; psf; psf = psf->sf_next) 2163 psf->sf_crcount = 0; 2164 mld_ifc_event(pmc->idev); 2165 } else if (sf_setstate(pmc) || changerec) 2166 mld_ifc_event(pmc->idev); 2167 spin_unlock_bh(&pmc->mca_lock); 2168 read_unlock_bh(&idev->lock); 2169 return err; 2170 } 2171 2172 /* 2173 * Add multicast single-source filter to the interface list 2174 */ 2175 static int ip6_mc_add1_src(struct ifmcaddr6 *pmc, int sfmode, 2176 const struct in6_addr *psfsrc) 2177 { 2178 struct ip6_sf_list *psf, *psf_prev; 2179 2180 psf_prev = NULL; 2181 for (psf = pmc->mca_sources; psf; psf = psf->sf_next) { 2182 if (ipv6_addr_equal(&psf->sf_addr, psfsrc)) 2183 break; 2184 psf_prev = psf; 2185 } 2186 if (!psf) { 2187 psf = kzalloc(sizeof(*psf), GFP_ATOMIC); 2188 if (!psf) 2189 return -ENOBUFS; 2190 2191 psf->sf_addr = *psfsrc; 2192 if (psf_prev) { 2193 psf_prev->sf_next = psf; 2194 } else 2195 pmc->mca_sources = psf; 2196 } 2197 psf->sf_count[sfmode]++; 2198 return 0; 2199 } 2200 2201 static void sf_markstate(struct ifmcaddr6 *pmc) 2202 { 2203 struct ip6_sf_list *psf; 2204 int mca_xcount = pmc->mca_sfcount[MCAST_EXCLUDE]; 2205 2206 for (psf = pmc->mca_sources; psf; psf = psf->sf_next) 2207 if (pmc->mca_sfcount[MCAST_EXCLUDE]) { 2208 psf->sf_oldin = mca_xcount == 2209 psf->sf_count[MCAST_EXCLUDE] && 2210 !psf->sf_count[MCAST_INCLUDE]; 2211 } else 2212 psf->sf_oldin = psf->sf_count[MCAST_INCLUDE] != 0; 2213 } 2214 2215 static int sf_setstate(struct ifmcaddr6 *pmc) 2216 { 2217 struct ip6_sf_list *psf, *dpsf; 2218 int mca_xcount = pmc->mca_sfcount[MCAST_EXCLUDE]; 2219 int qrv = pmc->idev->mc_qrv; 2220 int new_in, rv; 2221 2222 rv = 0; 2223 for (psf = pmc->mca_sources; psf; psf = psf->sf_next) { 2224 if (pmc->mca_sfcount[MCAST_EXCLUDE]) { 2225 new_in = mca_xcount == psf->sf_count[MCAST_EXCLUDE] && 2226 !psf->sf_count[MCAST_INCLUDE]; 2227 } else 2228 new_in = psf->sf_count[MCAST_INCLUDE] != 0; 2229 if (new_in) { 2230 if (!psf->sf_oldin) { 2231 struct ip6_sf_list *prev = NULL; 2232 2233 for (dpsf = pmc->mca_tomb; dpsf; 2234 dpsf = dpsf->sf_next) { 2235 if (ipv6_addr_equal(&dpsf->sf_addr, 2236 &psf->sf_addr)) 2237 break; 2238 prev = dpsf; 2239 } 2240 if (dpsf) { 2241 if (prev) 2242 prev->sf_next = dpsf->sf_next; 2243 else 2244 pmc->mca_tomb = dpsf->sf_next; 2245 kfree(dpsf); 2246 } 2247 psf->sf_crcount = qrv; 2248 rv++; 2249 } 2250 } else if (psf->sf_oldin) { 2251 psf->sf_crcount = 0; 2252 /* 2253 * add or update "delete" records if an active filter 2254 * is now inactive 2255 */ 2256 for (dpsf = pmc->mca_tomb; dpsf; dpsf = dpsf->sf_next) 2257 if (ipv6_addr_equal(&dpsf->sf_addr, 2258 &psf->sf_addr)) 2259 break; 2260 if (!dpsf) { 2261 dpsf = kmalloc(sizeof(*dpsf), GFP_ATOMIC); 2262 if (!dpsf) 2263 continue; 2264 *dpsf = *psf; 2265 /* pmc->mca_lock held by callers */ 2266 dpsf->sf_next = pmc->mca_tomb; 2267 pmc->mca_tomb = dpsf; 2268 } 2269 dpsf->sf_crcount = qrv; 2270 rv++; 2271 } 2272 } 2273 return rv; 2274 } 2275 2276 /* 2277 * Add multicast source filter list to the interface list 2278 */ 2279 static int ip6_mc_add_src(struct inet6_dev *idev, const struct in6_addr *pmca, 2280 int sfmode, int sfcount, const struct in6_addr *psfsrc, 2281 int delta) 2282 { 2283 struct ifmcaddr6 *pmc; 2284 int isexclude; 2285 int i, err; 2286 2287 if (!idev) 2288 return -ENODEV; 2289 read_lock_bh(&idev->lock); 2290 for (pmc = idev->mc_list; pmc; pmc = pmc->next) { 2291 if (ipv6_addr_equal(pmca, &pmc->mca_addr)) 2292 break; 2293 } 2294 if (!pmc) { 2295 /* MCA not found?? bug */ 2296 read_unlock_bh(&idev->lock); 2297 return -ESRCH; 2298 } 2299 spin_lock_bh(&pmc->mca_lock); 2300 2301 sf_markstate(pmc); 2302 isexclude = pmc->mca_sfmode == MCAST_EXCLUDE; 2303 if (!delta) 2304 pmc->mca_sfcount[sfmode]++; 2305 err = 0; 2306 for (i = 0; i < sfcount; i++) { 2307 err = ip6_mc_add1_src(pmc, sfmode, &psfsrc[i]); 2308 if (err) 2309 break; 2310 } 2311 if (err) { 2312 int j; 2313 2314 if (!delta) 2315 pmc->mca_sfcount[sfmode]--; 2316 for (j = 0; j < i; j++) 2317 ip6_mc_del1_src(pmc, sfmode, &psfsrc[j]); 2318 } else if (isexclude != (pmc->mca_sfcount[MCAST_EXCLUDE] != 0)) { 2319 struct ip6_sf_list *psf; 2320 2321 /* filter mode change */ 2322 if (pmc->mca_sfcount[MCAST_EXCLUDE]) 2323 pmc->mca_sfmode = MCAST_EXCLUDE; 2324 else if (pmc->mca_sfcount[MCAST_INCLUDE]) 2325 pmc->mca_sfmode = MCAST_INCLUDE; 2326 /* else no filters; keep old mode for reports */ 2327 2328 pmc->mca_crcount = idev->mc_qrv; 2329 idev->mc_ifc_count = pmc->mca_crcount; 2330 for (psf = pmc->mca_sources; psf; psf = psf->sf_next) 2331 psf->sf_crcount = 0; 2332 mld_ifc_event(idev); 2333 } else if (sf_setstate(pmc)) 2334 mld_ifc_event(idev); 2335 spin_unlock_bh(&pmc->mca_lock); 2336 read_unlock_bh(&idev->lock); 2337 return err; 2338 } 2339 2340 static void ip6_mc_clear_src(struct ifmcaddr6 *pmc) 2341 { 2342 struct ip6_sf_list *psf, *nextpsf; 2343 2344 for (psf = pmc->mca_tomb; psf; psf = nextpsf) { 2345 nextpsf = psf->sf_next; 2346 kfree(psf); 2347 } 2348 pmc->mca_tomb = NULL; 2349 for (psf = pmc->mca_sources; psf; psf = nextpsf) { 2350 nextpsf = psf->sf_next; 2351 kfree(psf); 2352 } 2353 pmc->mca_sources = NULL; 2354 pmc->mca_sfmode = MCAST_EXCLUDE; 2355 pmc->mca_sfcount[MCAST_INCLUDE] = 0; 2356 pmc->mca_sfcount[MCAST_EXCLUDE] = 1; 2357 } 2358 2359 2360 static void igmp6_join_group(struct ifmcaddr6 *ma) 2361 { 2362 unsigned long delay; 2363 2364 if (ma->mca_flags & MAF_NOREPORT) 2365 return; 2366 2367 igmp6_send(&ma->mca_addr, ma->idev->dev, ICMPV6_MGM_REPORT); 2368 2369 delay = prandom_u32() % unsolicited_report_interval(ma->idev); 2370 2371 spin_lock_bh(&ma->mca_lock); 2372 if (del_timer(&ma->mca_timer)) { 2373 atomic_dec(&ma->mca_refcnt); 2374 delay = ma->mca_timer.expires - jiffies; 2375 } 2376 2377 if (!mod_timer(&ma->mca_timer, jiffies + delay)) 2378 atomic_inc(&ma->mca_refcnt); 2379 ma->mca_flags |= MAF_TIMER_RUNNING | MAF_LAST_REPORTER; 2380 spin_unlock_bh(&ma->mca_lock); 2381 } 2382 2383 static int ip6_mc_leave_src(struct sock *sk, struct ipv6_mc_socklist *iml, 2384 struct inet6_dev *idev) 2385 { 2386 int err; 2387 2388 /* callers have the socket lock and rtnl lock 2389 * so no other readers or writers of iml or its sflist 2390 */ 2391 if (!iml->sflist) { 2392 /* any-source empty exclude case */ 2393 return ip6_mc_del_src(idev, &iml->addr, iml->sfmode, 0, NULL, 0); 2394 } 2395 err = ip6_mc_del_src(idev, &iml->addr, iml->sfmode, 2396 iml->sflist->sl_count, iml->sflist->sl_addr, 0); 2397 sock_kfree_s(sk, iml->sflist, IP6_SFLSIZE(iml->sflist->sl_max)); 2398 iml->sflist = NULL; 2399 return err; 2400 } 2401 2402 static void igmp6_leave_group(struct ifmcaddr6 *ma) 2403 { 2404 if (mld_in_v1_mode(ma->idev)) { 2405 if (ma->mca_flags & MAF_LAST_REPORTER) 2406 igmp6_send(&ma->mca_addr, ma->idev->dev, 2407 ICMPV6_MGM_REDUCTION); 2408 } else { 2409 mld_add_delrec(ma->idev, ma); 2410 mld_ifc_event(ma->idev); 2411 } 2412 } 2413 2414 static void mld_gq_timer_expire(unsigned long data) 2415 { 2416 struct inet6_dev *idev = (struct inet6_dev *)data; 2417 2418 idev->mc_gq_running = 0; 2419 mld_send_report(idev, NULL); 2420 in6_dev_put(idev); 2421 } 2422 2423 static void mld_ifc_timer_expire(unsigned long data) 2424 { 2425 struct inet6_dev *idev = (struct inet6_dev *)data; 2426 2427 mld_send_cr(idev); 2428 if (idev->mc_ifc_count) { 2429 idev->mc_ifc_count--; 2430 if (idev->mc_ifc_count) 2431 mld_ifc_start_timer(idev, idev->mc_maxdelay); 2432 } 2433 in6_dev_put(idev); 2434 } 2435 2436 static void mld_ifc_event(struct inet6_dev *idev) 2437 { 2438 if (mld_in_v1_mode(idev)) 2439 return; 2440 idev->mc_ifc_count = idev->mc_qrv; 2441 mld_ifc_start_timer(idev, 1); 2442 } 2443 2444 2445 static void igmp6_timer_handler(unsigned long data) 2446 { 2447 struct ifmcaddr6 *ma = (struct ifmcaddr6 *) data; 2448 2449 if (mld_in_v1_mode(ma->idev)) 2450 igmp6_send(&ma->mca_addr, ma->idev->dev, ICMPV6_MGM_REPORT); 2451 else 2452 mld_send_report(ma->idev, ma); 2453 2454 spin_lock(&ma->mca_lock); 2455 ma->mca_flags |= MAF_LAST_REPORTER; 2456 ma->mca_flags &= ~MAF_TIMER_RUNNING; 2457 spin_unlock(&ma->mca_lock); 2458 ma_put(ma); 2459 } 2460 2461 /* Device changing type */ 2462 2463 void ipv6_mc_unmap(struct inet6_dev *idev) 2464 { 2465 struct ifmcaddr6 *i; 2466 2467 /* Install multicast list, except for all-nodes (already installed) */ 2468 2469 read_lock_bh(&idev->lock); 2470 for (i = idev->mc_list; i; i = i->next) 2471 igmp6_group_dropped(i); 2472 read_unlock_bh(&idev->lock); 2473 } 2474 2475 void ipv6_mc_remap(struct inet6_dev *idev) 2476 { 2477 ipv6_mc_up(idev); 2478 } 2479 2480 /* Device going down */ 2481 2482 void ipv6_mc_down(struct inet6_dev *idev) 2483 { 2484 struct ifmcaddr6 *i; 2485 2486 /* Withdraw multicast list */ 2487 2488 read_lock_bh(&idev->lock); 2489 mld_ifc_stop_timer(idev); 2490 mld_gq_stop_timer(idev); 2491 mld_dad_stop_timer(idev); 2492 2493 for (i = idev->mc_list; i; i = i->next) 2494 igmp6_group_dropped(i); 2495 read_unlock_bh(&idev->lock); 2496 2497 mld_clear_delrec(idev); 2498 } 2499 2500 static void ipv6_mc_reset(struct inet6_dev *idev) 2501 { 2502 idev->mc_qrv = sysctl_mld_qrv; 2503 idev->mc_qi = MLD_QI_DEFAULT; 2504 idev->mc_qri = MLD_QRI_DEFAULT; 2505 idev->mc_v1_seen = 0; 2506 idev->mc_maxdelay = unsolicited_report_interval(idev); 2507 } 2508 2509 /* Device going up */ 2510 2511 void ipv6_mc_up(struct inet6_dev *idev) 2512 { 2513 struct ifmcaddr6 *i; 2514 2515 /* Install multicast list, except for all-nodes (already installed) */ 2516 2517 read_lock_bh(&idev->lock); 2518 ipv6_mc_reset(idev); 2519 for (i = idev->mc_list; i; i = i->next) 2520 igmp6_group_added(i); 2521 read_unlock_bh(&idev->lock); 2522 } 2523 2524 /* IPv6 device initialization. */ 2525 2526 void ipv6_mc_init_dev(struct inet6_dev *idev) 2527 { 2528 write_lock_bh(&idev->lock); 2529 spin_lock_init(&idev->mc_lock); 2530 idev->mc_gq_running = 0; 2531 setup_timer(&idev->mc_gq_timer, mld_gq_timer_expire, 2532 (unsigned long)idev); 2533 idev->mc_tomb = NULL; 2534 idev->mc_ifc_count = 0; 2535 setup_timer(&idev->mc_ifc_timer, mld_ifc_timer_expire, 2536 (unsigned long)idev); 2537 setup_timer(&idev->mc_dad_timer, mld_dad_timer_expire, 2538 (unsigned long)idev); 2539 ipv6_mc_reset(idev); 2540 write_unlock_bh(&idev->lock); 2541 } 2542 2543 /* 2544 * Device is about to be destroyed: clean up. 2545 */ 2546 2547 void ipv6_mc_destroy_dev(struct inet6_dev *idev) 2548 { 2549 struct ifmcaddr6 *i; 2550 2551 /* Deactivate timers */ 2552 ipv6_mc_down(idev); 2553 2554 /* Delete all-nodes address. */ 2555 /* We cannot call ipv6_dev_mc_dec() directly, our caller in 2556 * addrconf.c has NULL'd out dev->ip6_ptr so in6_dev_get() will 2557 * fail. 2558 */ 2559 __ipv6_dev_mc_dec(idev, &in6addr_linklocal_allnodes); 2560 2561 if (idev->cnf.forwarding) 2562 __ipv6_dev_mc_dec(idev, &in6addr_linklocal_allrouters); 2563 2564 write_lock_bh(&idev->lock); 2565 while ((i = idev->mc_list) != NULL) { 2566 idev->mc_list = i->next; 2567 write_unlock_bh(&idev->lock); 2568 2569 igmp6_group_dropped(i); 2570 ma_put(i); 2571 2572 write_lock_bh(&idev->lock); 2573 } 2574 write_unlock_bh(&idev->lock); 2575 } 2576 2577 #ifdef CONFIG_PROC_FS 2578 struct igmp6_mc_iter_state { 2579 struct seq_net_private p; 2580 struct net_device *dev; 2581 struct inet6_dev *idev; 2582 }; 2583 2584 #define igmp6_mc_seq_private(seq) ((struct igmp6_mc_iter_state *)(seq)->private) 2585 2586 static inline struct ifmcaddr6 *igmp6_mc_get_first(struct seq_file *seq) 2587 { 2588 struct ifmcaddr6 *im = NULL; 2589 struct igmp6_mc_iter_state *state = igmp6_mc_seq_private(seq); 2590 struct net *net = seq_file_net(seq); 2591 2592 state->idev = NULL; 2593 for_each_netdev_rcu(net, state->dev) { 2594 struct inet6_dev *idev; 2595 idev = __in6_dev_get(state->dev); 2596 if (!idev) 2597 continue; 2598 read_lock_bh(&idev->lock); 2599 im = idev->mc_list; 2600 if (im) { 2601 state->idev = idev; 2602 break; 2603 } 2604 read_unlock_bh(&idev->lock); 2605 } 2606 return im; 2607 } 2608 2609 static struct ifmcaddr6 *igmp6_mc_get_next(struct seq_file *seq, struct ifmcaddr6 *im) 2610 { 2611 struct igmp6_mc_iter_state *state = igmp6_mc_seq_private(seq); 2612 2613 im = im->next; 2614 while (!im) { 2615 if (likely(state->idev)) 2616 read_unlock_bh(&state->idev->lock); 2617 2618 state->dev = next_net_device_rcu(state->dev); 2619 if (!state->dev) { 2620 state->idev = NULL; 2621 break; 2622 } 2623 state->idev = __in6_dev_get(state->dev); 2624 if (!state->idev) 2625 continue; 2626 read_lock_bh(&state->idev->lock); 2627 im = state->idev->mc_list; 2628 } 2629 return im; 2630 } 2631 2632 static struct ifmcaddr6 *igmp6_mc_get_idx(struct seq_file *seq, loff_t pos) 2633 { 2634 struct ifmcaddr6 *im = igmp6_mc_get_first(seq); 2635 if (im) 2636 while (pos && (im = igmp6_mc_get_next(seq, im)) != NULL) 2637 --pos; 2638 return pos ? NULL : im; 2639 } 2640 2641 static void *igmp6_mc_seq_start(struct seq_file *seq, loff_t *pos) 2642 __acquires(RCU) 2643 { 2644 rcu_read_lock(); 2645 return igmp6_mc_get_idx(seq, *pos); 2646 } 2647 2648 static void *igmp6_mc_seq_next(struct seq_file *seq, void *v, loff_t *pos) 2649 { 2650 struct ifmcaddr6 *im = igmp6_mc_get_next(seq, v); 2651 2652 ++*pos; 2653 return im; 2654 } 2655 2656 static void igmp6_mc_seq_stop(struct seq_file *seq, void *v) 2657 __releases(RCU) 2658 { 2659 struct igmp6_mc_iter_state *state = igmp6_mc_seq_private(seq); 2660 2661 if (likely(state->idev)) { 2662 read_unlock_bh(&state->idev->lock); 2663 state->idev = NULL; 2664 } 2665 state->dev = NULL; 2666 rcu_read_unlock(); 2667 } 2668 2669 static int igmp6_mc_seq_show(struct seq_file *seq, void *v) 2670 { 2671 struct ifmcaddr6 *im = (struct ifmcaddr6 *)v; 2672 struct igmp6_mc_iter_state *state = igmp6_mc_seq_private(seq); 2673 2674 seq_printf(seq, 2675 "%-4d %-15s %pi6 %5d %08X %ld\n", 2676 state->dev->ifindex, state->dev->name, 2677 &im->mca_addr, 2678 im->mca_users, im->mca_flags, 2679 (im->mca_flags&MAF_TIMER_RUNNING) ? 2680 jiffies_to_clock_t(im->mca_timer.expires-jiffies) : 0); 2681 return 0; 2682 } 2683 2684 static const struct seq_operations igmp6_mc_seq_ops = { 2685 .start = igmp6_mc_seq_start, 2686 .next = igmp6_mc_seq_next, 2687 .stop = igmp6_mc_seq_stop, 2688 .show = igmp6_mc_seq_show, 2689 }; 2690 2691 static int igmp6_mc_seq_open(struct inode *inode, struct file *file) 2692 { 2693 return seq_open_net(inode, file, &igmp6_mc_seq_ops, 2694 sizeof(struct igmp6_mc_iter_state)); 2695 } 2696 2697 static const struct file_operations igmp6_mc_seq_fops = { 2698 .owner = THIS_MODULE, 2699 .open = igmp6_mc_seq_open, 2700 .read = seq_read, 2701 .llseek = seq_lseek, 2702 .release = seq_release_net, 2703 }; 2704 2705 struct igmp6_mcf_iter_state { 2706 struct seq_net_private p; 2707 struct net_device *dev; 2708 struct inet6_dev *idev; 2709 struct ifmcaddr6 *im; 2710 }; 2711 2712 #define igmp6_mcf_seq_private(seq) ((struct igmp6_mcf_iter_state *)(seq)->private) 2713 2714 static inline struct ip6_sf_list *igmp6_mcf_get_first(struct seq_file *seq) 2715 { 2716 struct ip6_sf_list *psf = NULL; 2717 struct ifmcaddr6 *im = NULL; 2718 struct igmp6_mcf_iter_state *state = igmp6_mcf_seq_private(seq); 2719 struct net *net = seq_file_net(seq); 2720 2721 state->idev = NULL; 2722 state->im = NULL; 2723 for_each_netdev_rcu(net, state->dev) { 2724 struct inet6_dev *idev; 2725 idev = __in6_dev_get(state->dev); 2726 if (unlikely(idev == NULL)) 2727 continue; 2728 read_lock_bh(&idev->lock); 2729 im = idev->mc_list; 2730 if (likely(im)) { 2731 spin_lock_bh(&im->mca_lock); 2732 psf = im->mca_sources; 2733 if (likely(psf)) { 2734 state->im = im; 2735 state->idev = idev; 2736 break; 2737 } 2738 spin_unlock_bh(&im->mca_lock); 2739 } 2740 read_unlock_bh(&idev->lock); 2741 } 2742 return psf; 2743 } 2744 2745 static struct ip6_sf_list *igmp6_mcf_get_next(struct seq_file *seq, struct ip6_sf_list *psf) 2746 { 2747 struct igmp6_mcf_iter_state *state = igmp6_mcf_seq_private(seq); 2748 2749 psf = psf->sf_next; 2750 while (!psf) { 2751 spin_unlock_bh(&state->im->mca_lock); 2752 state->im = state->im->next; 2753 while (!state->im) { 2754 if (likely(state->idev)) 2755 read_unlock_bh(&state->idev->lock); 2756 2757 state->dev = next_net_device_rcu(state->dev); 2758 if (!state->dev) { 2759 state->idev = NULL; 2760 goto out; 2761 } 2762 state->idev = __in6_dev_get(state->dev); 2763 if (!state->idev) 2764 continue; 2765 read_lock_bh(&state->idev->lock); 2766 state->im = state->idev->mc_list; 2767 } 2768 if (!state->im) 2769 break; 2770 spin_lock_bh(&state->im->mca_lock); 2771 psf = state->im->mca_sources; 2772 } 2773 out: 2774 return psf; 2775 } 2776 2777 static struct ip6_sf_list *igmp6_mcf_get_idx(struct seq_file *seq, loff_t pos) 2778 { 2779 struct ip6_sf_list *psf = igmp6_mcf_get_first(seq); 2780 if (psf) 2781 while (pos && (psf = igmp6_mcf_get_next(seq, psf)) != NULL) 2782 --pos; 2783 return pos ? NULL : psf; 2784 } 2785 2786 static void *igmp6_mcf_seq_start(struct seq_file *seq, loff_t *pos) 2787 __acquires(RCU) 2788 { 2789 rcu_read_lock(); 2790 return *pos ? igmp6_mcf_get_idx(seq, *pos - 1) : SEQ_START_TOKEN; 2791 } 2792 2793 static void *igmp6_mcf_seq_next(struct seq_file *seq, void *v, loff_t *pos) 2794 { 2795 struct ip6_sf_list *psf; 2796 if (v == SEQ_START_TOKEN) 2797 psf = igmp6_mcf_get_first(seq); 2798 else 2799 psf = igmp6_mcf_get_next(seq, v); 2800 ++*pos; 2801 return psf; 2802 } 2803 2804 static void igmp6_mcf_seq_stop(struct seq_file *seq, void *v) 2805 __releases(RCU) 2806 { 2807 struct igmp6_mcf_iter_state *state = igmp6_mcf_seq_private(seq); 2808 if (likely(state->im)) { 2809 spin_unlock_bh(&state->im->mca_lock); 2810 state->im = NULL; 2811 } 2812 if (likely(state->idev)) { 2813 read_unlock_bh(&state->idev->lock); 2814 state->idev = NULL; 2815 } 2816 state->dev = NULL; 2817 rcu_read_unlock(); 2818 } 2819 2820 static int igmp6_mcf_seq_show(struct seq_file *seq, void *v) 2821 { 2822 struct ip6_sf_list *psf = (struct ip6_sf_list *)v; 2823 struct igmp6_mcf_iter_state *state = igmp6_mcf_seq_private(seq); 2824 2825 if (v == SEQ_START_TOKEN) { 2826 seq_puts(seq, "Idx Device Multicast Address Source Address INC EXC\n"); 2827 } else { 2828 seq_printf(seq, 2829 "%3d %6.6s %pi6 %pi6 %6lu %6lu\n", 2830 state->dev->ifindex, state->dev->name, 2831 &state->im->mca_addr, 2832 &psf->sf_addr, 2833 psf->sf_count[MCAST_INCLUDE], 2834 psf->sf_count[MCAST_EXCLUDE]); 2835 } 2836 return 0; 2837 } 2838 2839 static const struct seq_operations igmp6_mcf_seq_ops = { 2840 .start = igmp6_mcf_seq_start, 2841 .next = igmp6_mcf_seq_next, 2842 .stop = igmp6_mcf_seq_stop, 2843 .show = igmp6_mcf_seq_show, 2844 }; 2845 2846 static int igmp6_mcf_seq_open(struct inode *inode, struct file *file) 2847 { 2848 return seq_open_net(inode, file, &igmp6_mcf_seq_ops, 2849 sizeof(struct igmp6_mcf_iter_state)); 2850 } 2851 2852 static const struct file_operations igmp6_mcf_seq_fops = { 2853 .owner = THIS_MODULE, 2854 .open = igmp6_mcf_seq_open, 2855 .read = seq_read, 2856 .llseek = seq_lseek, 2857 .release = seq_release_net, 2858 }; 2859 2860 static int __net_init igmp6_proc_init(struct net *net) 2861 { 2862 int err; 2863 2864 err = -ENOMEM; 2865 if (!proc_create("igmp6", S_IRUGO, net->proc_net, &igmp6_mc_seq_fops)) 2866 goto out; 2867 if (!proc_create("mcfilter6", S_IRUGO, net->proc_net, 2868 &igmp6_mcf_seq_fops)) 2869 goto out_proc_net_igmp6; 2870 2871 err = 0; 2872 out: 2873 return err; 2874 2875 out_proc_net_igmp6: 2876 remove_proc_entry("igmp6", net->proc_net); 2877 goto out; 2878 } 2879 2880 static void __net_exit igmp6_proc_exit(struct net *net) 2881 { 2882 remove_proc_entry("mcfilter6", net->proc_net); 2883 remove_proc_entry("igmp6", net->proc_net); 2884 } 2885 #else 2886 static inline int igmp6_proc_init(struct net *net) 2887 { 2888 return 0; 2889 } 2890 static inline void igmp6_proc_exit(struct net *net) 2891 { 2892 } 2893 #endif 2894 2895 static int __net_init igmp6_net_init(struct net *net) 2896 { 2897 int err; 2898 2899 err = inet_ctl_sock_create(&net->ipv6.igmp_sk, PF_INET6, 2900 SOCK_RAW, IPPROTO_ICMPV6, net); 2901 if (err < 0) { 2902 pr_err("Failed to initialize the IGMP6 control socket (err %d)\n", 2903 err); 2904 goto out; 2905 } 2906 2907 inet6_sk(net->ipv6.igmp_sk)->hop_limit = 1; 2908 2909 err = inet_ctl_sock_create(&net->ipv6.mc_autojoin_sk, PF_INET6, 2910 SOCK_RAW, IPPROTO_ICMPV6, net); 2911 if (err < 0) { 2912 pr_err("Failed to initialize the IGMP6 autojoin socket (err %d)\n", 2913 err); 2914 goto out_sock_create; 2915 } 2916 2917 err = igmp6_proc_init(net); 2918 if (err) 2919 goto out_sock_create_autojoin; 2920 2921 return 0; 2922 2923 out_sock_create_autojoin: 2924 inet_ctl_sock_destroy(net->ipv6.mc_autojoin_sk); 2925 out_sock_create: 2926 inet_ctl_sock_destroy(net->ipv6.igmp_sk); 2927 out: 2928 return err; 2929 } 2930 2931 static void __net_exit igmp6_net_exit(struct net *net) 2932 { 2933 inet_ctl_sock_destroy(net->ipv6.igmp_sk); 2934 inet_ctl_sock_destroy(net->ipv6.mc_autojoin_sk); 2935 igmp6_proc_exit(net); 2936 } 2937 2938 static struct pernet_operations igmp6_net_ops = { 2939 .init = igmp6_net_init, 2940 .exit = igmp6_net_exit, 2941 }; 2942 2943 int __init igmp6_init(void) 2944 { 2945 return register_pernet_subsys(&igmp6_net_ops); 2946 } 2947 2948 void igmp6_cleanup(void) 2949 { 2950 unregister_pernet_subsys(&igmp6_net_ops); 2951 } 2952