1 /* 2 * Multicast support for IPv6 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * 8 * Based on linux/ipv4/igmp.c and linux/ipv4/ip_sockglue.c 9 * 10 * This program is free software; you can redistribute it and/or 11 * modify it under the terms of the GNU General Public License 12 * as published by the Free Software Foundation; either version 13 * 2 of the License, or (at your option) any later version. 14 */ 15 16 /* Changes: 17 * 18 * yoshfuji : fix format of router-alert option 19 * YOSHIFUJI Hideaki @USAGI: 20 * Fixed source address for MLD message based on 21 * <draft-ietf-magma-mld-source-05.txt>. 22 * YOSHIFUJI Hideaki @USAGI: 23 * - Ignore Queries for invalid addresses. 24 * - MLD for link-local addresses. 25 * David L Stevens <dlstevens@us.ibm.com>: 26 * - MLDv2 support 27 */ 28 29 #include <linux/module.h> 30 #include <linux/errno.h> 31 #include <linux/types.h> 32 #include <linux/string.h> 33 #include <linux/socket.h> 34 #include <linux/sockios.h> 35 #include <linux/jiffies.h> 36 #include <linux/times.h> 37 #include <linux/net.h> 38 #include <linux/in.h> 39 #include <linux/in6.h> 40 #include <linux/netdevice.h> 41 #include <linux/if_arp.h> 42 #include <linux/route.h> 43 #include <linux/init.h> 44 #include <linux/proc_fs.h> 45 #include <linux/seq_file.h> 46 #include <linux/slab.h> 47 #include <linux/pkt_sched.h> 48 #include <net/mld.h> 49 50 #include <linux/netfilter.h> 51 #include <linux/netfilter_ipv6.h> 52 53 #include <net/net_namespace.h> 54 #include <net/sock.h> 55 #include <net/snmp.h> 56 57 #include <net/ipv6.h> 58 #include <net/protocol.h> 59 #include <net/if_inet6.h> 60 #include <net/ndisc.h> 61 #include <net/addrconf.h> 62 #include <net/ip6_route.h> 63 #include <net/inet_common.h> 64 65 #include <net/ip6_checksum.h> 66 67 /* Ensure that we have struct in6_addr aligned on 32bit word. */ 68 static void *__mld2_query_bugs[] __attribute__((__unused__)) = { 69 BUILD_BUG_ON_NULL(offsetof(struct mld2_query, mld2q_srcs) % 4), 70 BUILD_BUG_ON_NULL(offsetof(struct mld2_report, mld2r_grec) % 4), 71 BUILD_BUG_ON_NULL(offsetof(struct mld2_grec, grec_mca) % 4) 72 }; 73 74 static struct in6_addr mld2_all_mcr = MLD2_ALL_MCR_INIT; 75 76 static void igmp6_join_group(struct ifmcaddr6 *ma); 77 static void igmp6_leave_group(struct ifmcaddr6 *ma); 78 static void igmp6_timer_handler(unsigned long data); 79 80 static void mld_gq_timer_expire(unsigned long data); 81 static void mld_ifc_timer_expire(unsigned long data); 82 static void mld_ifc_event(struct inet6_dev *idev); 83 static void mld_add_delrec(struct inet6_dev *idev, struct ifmcaddr6 *pmc); 84 static void mld_del_delrec(struct inet6_dev *idev, const struct in6_addr *addr); 85 static void mld_clear_delrec(struct inet6_dev *idev); 86 static bool mld_in_v1_mode(const struct inet6_dev *idev); 87 static int sf_setstate(struct ifmcaddr6 *pmc); 88 static void sf_markstate(struct ifmcaddr6 *pmc); 89 static void ip6_mc_clear_src(struct ifmcaddr6 *pmc); 90 static int ip6_mc_del_src(struct inet6_dev *idev, const struct in6_addr *pmca, 91 int sfmode, int sfcount, const struct in6_addr *psfsrc, 92 int delta); 93 static int ip6_mc_add_src(struct inet6_dev *idev, const struct in6_addr *pmca, 94 int sfmode, int sfcount, const struct in6_addr *psfsrc, 95 int delta); 96 static int ip6_mc_leave_src(struct sock *sk, struct ipv6_mc_socklist *iml, 97 struct inet6_dev *idev); 98 99 #define MLD_QRV_DEFAULT 2 100 /* RFC3810, 9.2. Query Interval */ 101 #define MLD_QI_DEFAULT (125 * HZ) 102 /* RFC3810, 9.3. Query Response Interval */ 103 #define MLD_QRI_DEFAULT (10 * HZ) 104 105 /* RFC3810, 8.1 Query Version Distinctions */ 106 #define MLD_V1_QUERY_LEN 24 107 #define MLD_V2_QUERY_LEN_MIN 28 108 109 #define IPV6_MLD_MAX_MSF 64 110 111 int sysctl_mld_max_msf __read_mostly = IPV6_MLD_MAX_MSF; 112 int sysctl_mld_qrv __read_mostly = MLD_QRV_DEFAULT; 113 114 /* 115 * socket join on multicast group 116 */ 117 118 #define for_each_pmc_rcu(np, pmc) \ 119 for (pmc = rcu_dereference(np->ipv6_mc_list); \ 120 pmc != NULL; \ 121 pmc = rcu_dereference(pmc->next)) 122 123 static int unsolicited_report_interval(struct inet6_dev *idev) 124 { 125 int iv; 126 127 if (mld_in_v1_mode(idev)) 128 iv = idev->cnf.mldv1_unsolicited_report_interval; 129 else 130 iv = idev->cnf.mldv2_unsolicited_report_interval; 131 132 return iv > 0 ? iv : 1; 133 } 134 135 int ipv6_sock_mc_join(struct sock *sk, int ifindex, const struct in6_addr *addr) 136 { 137 struct net_device *dev = NULL; 138 struct ipv6_mc_socklist *mc_lst; 139 struct ipv6_pinfo *np = inet6_sk(sk); 140 struct net *net = sock_net(sk); 141 int err; 142 143 if (!ipv6_addr_is_multicast(addr)) 144 return -EINVAL; 145 146 rcu_read_lock(); 147 for_each_pmc_rcu(np, mc_lst) { 148 if ((ifindex == 0 || mc_lst->ifindex == ifindex) && 149 ipv6_addr_equal(&mc_lst->addr, addr)) { 150 rcu_read_unlock(); 151 return -EADDRINUSE; 152 } 153 } 154 rcu_read_unlock(); 155 156 mc_lst = sock_kmalloc(sk, sizeof(struct ipv6_mc_socklist), GFP_KERNEL); 157 158 if (mc_lst == NULL) 159 return -ENOMEM; 160 161 mc_lst->next = NULL; 162 mc_lst->addr = *addr; 163 164 rtnl_lock(); 165 if (ifindex == 0) { 166 struct rt6_info *rt; 167 rt = rt6_lookup(net, addr, NULL, 0, 0); 168 if (rt) { 169 dev = rt->dst.dev; 170 ip6_rt_put(rt); 171 } 172 } else 173 dev = __dev_get_by_index(net, ifindex); 174 175 if (dev == NULL) { 176 rtnl_unlock(); 177 sock_kfree_s(sk, mc_lst, sizeof(*mc_lst)); 178 return -ENODEV; 179 } 180 181 mc_lst->ifindex = dev->ifindex; 182 mc_lst->sfmode = MCAST_EXCLUDE; 183 rwlock_init(&mc_lst->sflock); 184 mc_lst->sflist = NULL; 185 186 /* 187 * now add/increase the group membership on the device 188 */ 189 190 err = ipv6_dev_mc_inc(dev, addr); 191 192 if (err) { 193 rtnl_unlock(); 194 sock_kfree_s(sk, mc_lst, sizeof(*mc_lst)); 195 return err; 196 } 197 198 mc_lst->next = np->ipv6_mc_list; 199 rcu_assign_pointer(np->ipv6_mc_list, mc_lst); 200 201 rtnl_unlock(); 202 203 return 0; 204 } 205 206 /* 207 * socket leave on multicast group 208 */ 209 int ipv6_sock_mc_drop(struct sock *sk, int ifindex, const struct in6_addr *addr) 210 { 211 struct ipv6_pinfo *np = inet6_sk(sk); 212 struct ipv6_mc_socklist *mc_lst; 213 struct ipv6_mc_socklist __rcu **lnk; 214 struct net *net = sock_net(sk); 215 216 if (!ipv6_addr_is_multicast(addr)) 217 return -EINVAL; 218 219 rtnl_lock(); 220 for (lnk = &np->ipv6_mc_list; 221 (mc_lst = rtnl_dereference(*lnk)) != NULL; 222 lnk = &mc_lst->next) { 223 if ((ifindex == 0 || mc_lst->ifindex == ifindex) && 224 ipv6_addr_equal(&mc_lst->addr, addr)) { 225 struct net_device *dev; 226 227 *lnk = mc_lst->next; 228 229 dev = __dev_get_by_index(net, mc_lst->ifindex); 230 if (dev != NULL) { 231 struct inet6_dev *idev = __in6_dev_get(dev); 232 233 (void) ip6_mc_leave_src(sk, mc_lst, idev); 234 if (idev) 235 __ipv6_dev_mc_dec(idev, &mc_lst->addr); 236 } else 237 (void) ip6_mc_leave_src(sk, mc_lst, NULL); 238 rtnl_unlock(); 239 240 atomic_sub(sizeof(*mc_lst), &sk->sk_omem_alloc); 241 kfree_rcu(mc_lst, rcu); 242 return 0; 243 } 244 } 245 rtnl_unlock(); 246 247 return -EADDRNOTAVAIL; 248 } 249 250 /* called with rcu_read_lock() */ 251 static struct inet6_dev *ip6_mc_find_dev_rcu(struct net *net, 252 const struct in6_addr *group, 253 int ifindex) 254 { 255 struct net_device *dev = NULL; 256 struct inet6_dev *idev = NULL; 257 258 if (ifindex == 0) { 259 struct rt6_info *rt = rt6_lookup(net, group, NULL, 0, 0); 260 261 if (rt) { 262 dev = rt->dst.dev; 263 ip6_rt_put(rt); 264 } 265 } else 266 dev = dev_get_by_index_rcu(net, ifindex); 267 268 if (!dev) 269 return NULL; 270 idev = __in6_dev_get(dev); 271 if (!idev) 272 return NULL; 273 read_lock_bh(&idev->lock); 274 if (idev->dead) { 275 read_unlock_bh(&idev->lock); 276 return NULL; 277 } 278 return idev; 279 } 280 281 void ipv6_sock_mc_close(struct sock *sk) 282 { 283 struct ipv6_pinfo *np = inet6_sk(sk); 284 struct ipv6_mc_socklist *mc_lst; 285 struct net *net = sock_net(sk); 286 287 if (!rcu_access_pointer(np->ipv6_mc_list)) 288 return; 289 290 rtnl_lock(); 291 while ((mc_lst = rtnl_dereference(np->ipv6_mc_list)) != NULL) { 292 struct net_device *dev; 293 294 np->ipv6_mc_list = mc_lst->next; 295 296 dev = __dev_get_by_index(net, mc_lst->ifindex); 297 if (dev) { 298 struct inet6_dev *idev = __in6_dev_get(dev); 299 300 (void) ip6_mc_leave_src(sk, mc_lst, idev); 301 if (idev) 302 __ipv6_dev_mc_dec(idev, &mc_lst->addr); 303 } else 304 (void) ip6_mc_leave_src(sk, mc_lst, NULL); 305 306 atomic_sub(sizeof(*mc_lst), &sk->sk_omem_alloc); 307 kfree_rcu(mc_lst, rcu); 308 309 } 310 rtnl_unlock(); 311 } 312 313 int ip6_mc_source(int add, int omode, struct sock *sk, 314 struct group_source_req *pgsr) 315 { 316 struct in6_addr *source, *group; 317 struct ipv6_mc_socklist *pmc; 318 struct inet6_dev *idev; 319 struct ipv6_pinfo *inet6 = inet6_sk(sk); 320 struct ip6_sf_socklist *psl; 321 struct net *net = sock_net(sk); 322 int i, j, rv; 323 int leavegroup = 0; 324 int pmclocked = 0; 325 int err; 326 327 source = &((struct sockaddr_in6 *)&pgsr->gsr_source)->sin6_addr; 328 group = &((struct sockaddr_in6 *)&pgsr->gsr_group)->sin6_addr; 329 330 if (!ipv6_addr_is_multicast(group)) 331 return -EINVAL; 332 333 rcu_read_lock(); 334 idev = ip6_mc_find_dev_rcu(net, group, pgsr->gsr_interface); 335 if (!idev) { 336 rcu_read_unlock(); 337 return -ENODEV; 338 } 339 340 err = -EADDRNOTAVAIL; 341 342 for_each_pmc_rcu(inet6, pmc) { 343 if (pgsr->gsr_interface && pmc->ifindex != pgsr->gsr_interface) 344 continue; 345 if (ipv6_addr_equal(&pmc->addr, group)) 346 break; 347 } 348 if (!pmc) { /* must have a prior join */ 349 err = -EINVAL; 350 goto done; 351 } 352 /* if a source filter was set, must be the same mode as before */ 353 if (pmc->sflist) { 354 if (pmc->sfmode != omode) { 355 err = -EINVAL; 356 goto done; 357 } 358 } else if (pmc->sfmode != omode) { 359 /* allow mode switches for empty-set filters */ 360 ip6_mc_add_src(idev, group, omode, 0, NULL, 0); 361 ip6_mc_del_src(idev, group, pmc->sfmode, 0, NULL, 0); 362 pmc->sfmode = omode; 363 } 364 365 write_lock(&pmc->sflock); 366 pmclocked = 1; 367 368 psl = pmc->sflist; 369 if (!add) { 370 if (!psl) 371 goto done; /* err = -EADDRNOTAVAIL */ 372 rv = !0; 373 for (i = 0; i < psl->sl_count; i++) { 374 rv = !ipv6_addr_equal(&psl->sl_addr[i], source); 375 if (rv == 0) 376 break; 377 } 378 if (rv) /* source not found */ 379 goto done; /* err = -EADDRNOTAVAIL */ 380 381 /* special case - (INCLUDE, empty) == LEAVE_GROUP */ 382 if (psl->sl_count == 1 && omode == MCAST_INCLUDE) { 383 leavegroup = 1; 384 goto done; 385 } 386 387 /* update the interface filter */ 388 ip6_mc_del_src(idev, group, omode, 1, source, 1); 389 390 for (j = i+1; j < psl->sl_count; j++) 391 psl->sl_addr[j-1] = psl->sl_addr[j]; 392 psl->sl_count--; 393 err = 0; 394 goto done; 395 } 396 /* else, add a new source to the filter */ 397 398 if (psl && psl->sl_count >= sysctl_mld_max_msf) { 399 err = -ENOBUFS; 400 goto done; 401 } 402 if (!psl || psl->sl_count == psl->sl_max) { 403 struct ip6_sf_socklist *newpsl; 404 int count = IP6_SFBLOCK; 405 406 if (psl) 407 count += psl->sl_max; 408 newpsl = sock_kmalloc(sk, IP6_SFLSIZE(count), GFP_ATOMIC); 409 if (!newpsl) { 410 err = -ENOBUFS; 411 goto done; 412 } 413 newpsl->sl_max = count; 414 newpsl->sl_count = count - IP6_SFBLOCK; 415 if (psl) { 416 for (i = 0; i < psl->sl_count; i++) 417 newpsl->sl_addr[i] = psl->sl_addr[i]; 418 sock_kfree_s(sk, psl, IP6_SFLSIZE(psl->sl_max)); 419 } 420 pmc->sflist = psl = newpsl; 421 } 422 rv = 1; /* > 0 for insert logic below if sl_count is 0 */ 423 for (i = 0; i < psl->sl_count; i++) { 424 rv = !ipv6_addr_equal(&psl->sl_addr[i], source); 425 if (rv == 0) /* There is an error in the address. */ 426 goto done; 427 } 428 for (j = psl->sl_count-1; j >= i; j--) 429 psl->sl_addr[j+1] = psl->sl_addr[j]; 430 psl->sl_addr[i] = *source; 431 psl->sl_count++; 432 err = 0; 433 /* update the interface list */ 434 ip6_mc_add_src(idev, group, omode, 1, source, 1); 435 done: 436 if (pmclocked) 437 write_unlock(&pmc->sflock); 438 read_unlock_bh(&idev->lock); 439 rcu_read_unlock(); 440 if (leavegroup) 441 return ipv6_sock_mc_drop(sk, pgsr->gsr_interface, group); 442 return err; 443 } 444 445 int ip6_mc_msfilter(struct sock *sk, struct group_filter *gsf) 446 { 447 const struct in6_addr *group; 448 struct ipv6_mc_socklist *pmc; 449 struct inet6_dev *idev; 450 struct ipv6_pinfo *inet6 = inet6_sk(sk); 451 struct ip6_sf_socklist *newpsl, *psl; 452 struct net *net = sock_net(sk); 453 int leavegroup = 0; 454 int i, err; 455 456 group = &((struct sockaddr_in6 *)&gsf->gf_group)->sin6_addr; 457 458 if (!ipv6_addr_is_multicast(group)) 459 return -EINVAL; 460 if (gsf->gf_fmode != MCAST_INCLUDE && 461 gsf->gf_fmode != MCAST_EXCLUDE) 462 return -EINVAL; 463 464 rcu_read_lock(); 465 idev = ip6_mc_find_dev_rcu(net, group, gsf->gf_interface); 466 467 if (!idev) { 468 rcu_read_unlock(); 469 return -ENODEV; 470 } 471 472 err = 0; 473 474 if (gsf->gf_fmode == MCAST_INCLUDE && gsf->gf_numsrc == 0) { 475 leavegroup = 1; 476 goto done; 477 } 478 479 for_each_pmc_rcu(inet6, pmc) { 480 if (pmc->ifindex != gsf->gf_interface) 481 continue; 482 if (ipv6_addr_equal(&pmc->addr, group)) 483 break; 484 } 485 if (!pmc) { /* must have a prior join */ 486 err = -EINVAL; 487 goto done; 488 } 489 if (gsf->gf_numsrc) { 490 newpsl = sock_kmalloc(sk, IP6_SFLSIZE(gsf->gf_numsrc), 491 GFP_ATOMIC); 492 if (!newpsl) { 493 err = -ENOBUFS; 494 goto done; 495 } 496 newpsl->sl_max = newpsl->sl_count = gsf->gf_numsrc; 497 for (i = 0; i < newpsl->sl_count; ++i) { 498 struct sockaddr_in6 *psin6; 499 500 psin6 = (struct sockaddr_in6 *)&gsf->gf_slist[i]; 501 newpsl->sl_addr[i] = psin6->sin6_addr; 502 } 503 err = ip6_mc_add_src(idev, group, gsf->gf_fmode, 504 newpsl->sl_count, newpsl->sl_addr, 0); 505 if (err) { 506 sock_kfree_s(sk, newpsl, IP6_SFLSIZE(newpsl->sl_max)); 507 goto done; 508 } 509 } else { 510 newpsl = NULL; 511 (void) ip6_mc_add_src(idev, group, gsf->gf_fmode, 0, NULL, 0); 512 } 513 514 write_lock(&pmc->sflock); 515 psl = pmc->sflist; 516 if (psl) { 517 (void) ip6_mc_del_src(idev, group, pmc->sfmode, 518 psl->sl_count, psl->sl_addr, 0); 519 sock_kfree_s(sk, psl, IP6_SFLSIZE(psl->sl_max)); 520 } else 521 (void) ip6_mc_del_src(idev, group, pmc->sfmode, 0, NULL, 0); 522 pmc->sflist = newpsl; 523 pmc->sfmode = gsf->gf_fmode; 524 write_unlock(&pmc->sflock); 525 err = 0; 526 done: 527 read_unlock_bh(&idev->lock); 528 rcu_read_unlock(); 529 if (leavegroup) 530 err = ipv6_sock_mc_drop(sk, gsf->gf_interface, group); 531 return err; 532 } 533 534 int ip6_mc_msfget(struct sock *sk, struct group_filter *gsf, 535 struct group_filter __user *optval, int __user *optlen) 536 { 537 int err, i, count, copycount; 538 const struct in6_addr *group; 539 struct ipv6_mc_socklist *pmc; 540 struct inet6_dev *idev; 541 struct ipv6_pinfo *inet6 = inet6_sk(sk); 542 struct ip6_sf_socklist *psl; 543 struct net *net = sock_net(sk); 544 545 group = &((struct sockaddr_in6 *)&gsf->gf_group)->sin6_addr; 546 547 if (!ipv6_addr_is_multicast(group)) 548 return -EINVAL; 549 550 rcu_read_lock(); 551 idev = ip6_mc_find_dev_rcu(net, group, gsf->gf_interface); 552 553 if (!idev) { 554 rcu_read_unlock(); 555 return -ENODEV; 556 } 557 558 err = -EADDRNOTAVAIL; 559 /* changes to the ipv6_mc_list require the socket lock and 560 * rtnl lock. We have the socket lock and rcu read lock, 561 * so reading the list is safe. 562 */ 563 564 for_each_pmc_rcu(inet6, pmc) { 565 if (pmc->ifindex != gsf->gf_interface) 566 continue; 567 if (ipv6_addr_equal(group, &pmc->addr)) 568 break; 569 } 570 if (!pmc) /* must have a prior join */ 571 goto done; 572 gsf->gf_fmode = pmc->sfmode; 573 psl = pmc->sflist; 574 count = psl ? psl->sl_count : 0; 575 read_unlock_bh(&idev->lock); 576 rcu_read_unlock(); 577 578 copycount = count < gsf->gf_numsrc ? count : gsf->gf_numsrc; 579 gsf->gf_numsrc = count; 580 if (put_user(GROUP_FILTER_SIZE(copycount), optlen) || 581 copy_to_user(optval, gsf, GROUP_FILTER_SIZE(0))) { 582 return -EFAULT; 583 } 584 /* changes to psl require the socket lock, and a write lock 585 * on pmc->sflock. We have the socket lock so reading here is safe. 586 */ 587 for (i = 0; i < copycount; i++) { 588 struct sockaddr_in6 *psin6; 589 struct sockaddr_storage ss; 590 591 psin6 = (struct sockaddr_in6 *)&ss; 592 memset(&ss, 0, sizeof(ss)); 593 psin6->sin6_family = AF_INET6; 594 psin6->sin6_addr = psl->sl_addr[i]; 595 if (copy_to_user(&optval->gf_slist[i], &ss, sizeof(ss))) 596 return -EFAULT; 597 } 598 return 0; 599 done: 600 read_unlock_bh(&idev->lock); 601 rcu_read_unlock(); 602 return err; 603 } 604 605 bool inet6_mc_check(struct sock *sk, const struct in6_addr *mc_addr, 606 const struct in6_addr *src_addr) 607 { 608 struct ipv6_pinfo *np = inet6_sk(sk); 609 struct ipv6_mc_socklist *mc; 610 struct ip6_sf_socklist *psl; 611 bool rv = true; 612 613 rcu_read_lock(); 614 for_each_pmc_rcu(np, mc) { 615 if (ipv6_addr_equal(&mc->addr, mc_addr)) 616 break; 617 } 618 if (!mc) { 619 rcu_read_unlock(); 620 return true; 621 } 622 read_lock(&mc->sflock); 623 psl = mc->sflist; 624 if (!psl) { 625 rv = mc->sfmode == MCAST_EXCLUDE; 626 } else { 627 int i; 628 629 for (i = 0; i < psl->sl_count; i++) { 630 if (ipv6_addr_equal(&psl->sl_addr[i], src_addr)) 631 break; 632 } 633 if (mc->sfmode == MCAST_INCLUDE && i >= psl->sl_count) 634 rv = false; 635 if (mc->sfmode == MCAST_EXCLUDE && i < psl->sl_count) 636 rv = false; 637 } 638 read_unlock(&mc->sflock); 639 rcu_read_unlock(); 640 641 return rv; 642 } 643 644 static void igmp6_group_added(struct ifmcaddr6 *mc) 645 { 646 struct net_device *dev = mc->idev->dev; 647 char buf[MAX_ADDR_LEN]; 648 649 if (IPV6_ADDR_MC_SCOPE(&mc->mca_addr) < 650 IPV6_ADDR_SCOPE_LINKLOCAL) 651 return; 652 653 spin_lock_bh(&mc->mca_lock); 654 if (!(mc->mca_flags&MAF_LOADED)) { 655 mc->mca_flags |= MAF_LOADED; 656 if (ndisc_mc_map(&mc->mca_addr, buf, dev, 0) == 0) 657 dev_mc_add(dev, buf); 658 } 659 spin_unlock_bh(&mc->mca_lock); 660 661 if (!(dev->flags & IFF_UP) || (mc->mca_flags & MAF_NOREPORT)) 662 return; 663 664 if (mld_in_v1_mode(mc->idev)) { 665 igmp6_join_group(mc); 666 return; 667 } 668 /* else v2 */ 669 670 mc->mca_crcount = mc->idev->mc_qrv; 671 mld_ifc_event(mc->idev); 672 } 673 674 static void igmp6_group_dropped(struct ifmcaddr6 *mc) 675 { 676 struct net_device *dev = mc->idev->dev; 677 char buf[MAX_ADDR_LEN]; 678 679 if (IPV6_ADDR_MC_SCOPE(&mc->mca_addr) < 680 IPV6_ADDR_SCOPE_LINKLOCAL) 681 return; 682 683 spin_lock_bh(&mc->mca_lock); 684 if (mc->mca_flags&MAF_LOADED) { 685 mc->mca_flags &= ~MAF_LOADED; 686 if (ndisc_mc_map(&mc->mca_addr, buf, dev, 0) == 0) 687 dev_mc_del(dev, buf); 688 } 689 690 if (mc->mca_flags & MAF_NOREPORT) 691 goto done; 692 spin_unlock_bh(&mc->mca_lock); 693 694 if (!mc->idev->dead) 695 igmp6_leave_group(mc); 696 697 spin_lock_bh(&mc->mca_lock); 698 if (del_timer(&mc->mca_timer)) 699 atomic_dec(&mc->mca_refcnt); 700 done: 701 ip6_mc_clear_src(mc); 702 spin_unlock_bh(&mc->mca_lock); 703 } 704 705 /* 706 * deleted ifmcaddr6 manipulation 707 */ 708 static void mld_add_delrec(struct inet6_dev *idev, struct ifmcaddr6 *im) 709 { 710 struct ifmcaddr6 *pmc; 711 712 /* this is an "ifmcaddr6" for convenience; only the fields below 713 * are actually used. In particular, the refcnt and users are not 714 * used for management of the delete list. Using the same structure 715 * for deleted items allows change reports to use common code with 716 * non-deleted or query-response MCA's. 717 */ 718 pmc = kzalloc(sizeof(*pmc), GFP_ATOMIC); 719 if (!pmc) 720 return; 721 722 spin_lock_bh(&im->mca_lock); 723 spin_lock_init(&pmc->mca_lock); 724 pmc->idev = im->idev; 725 in6_dev_hold(idev); 726 pmc->mca_addr = im->mca_addr; 727 pmc->mca_crcount = idev->mc_qrv; 728 pmc->mca_sfmode = im->mca_sfmode; 729 if (pmc->mca_sfmode == MCAST_INCLUDE) { 730 struct ip6_sf_list *psf; 731 732 pmc->mca_tomb = im->mca_tomb; 733 pmc->mca_sources = im->mca_sources; 734 im->mca_tomb = im->mca_sources = NULL; 735 for (psf = pmc->mca_sources; psf; psf = psf->sf_next) 736 psf->sf_crcount = pmc->mca_crcount; 737 } 738 spin_unlock_bh(&im->mca_lock); 739 740 spin_lock_bh(&idev->mc_lock); 741 pmc->next = idev->mc_tomb; 742 idev->mc_tomb = pmc; 743 spin_unlock_bh(&idev->mc_lock); 744 } 745 746 static void mld_del_delrec(struct inet6_dev *idev, const struct in6_addr *pmca) 747 { 748 struct ifmcaddr6 *pmc, *pmc_prev; 749 struct ip6_sf_list *psf, *psf_next; 750 751 spin_lock_bh(&idev->mc_lock); 752 pmc_prev = NULL; 753 for (pmc = idev->mc_tomb; pmc; pmc = pmc->next) { 754 if (ipv6_addr_equal(&pmc->mca_addr, pmca)) 755 break; 756 pmc_prev = pmc; 757 } 758 if (pmc) { 759 if (pmc_prev) 760 pmc_prev->next = pmc->next; 761 else 762 idev->mc_tomb = pmc->next; 763 } 764 spin_unlock_bh(&idev->mc_lock); 765 766 if (pmc) { 767 for (psf = pmc->mca_tomb; psf; psf = psf_next) { 768 psf_next = psf->sf_next; 769 kfree(psf); 770 } 771 in6_dev_put(pmc->idev); 772 kfree(pmc); 773 } 774 } 775 776 static void mld_clear_delrec(struct inet6_dev *idev) 777 { 778 struct ifmcaddr6 *pmc, *nextpmc; 779 780 spin_lock_bh(&idev->mc_lock); 781 pmc = idev->mc_tomb; 782 idev->mc_tomb = NULL; 783 spin_unlock_bh(&idev->mc_lock); 784 785 for (; pmc; pmc = nextpmc) { 786 nextpmc = pmc->next; 787 ip6_mc_clear_src(pmc); 788 in6_dev_put(pmc->idev); 789 kfree(pmc); 790 } 791 792 /* clear dead sources, too */ 793 read_lock_bh(&idev->lock); 794 for (pmc = idev->mc_list; pmc; pmc = pmc->next) { 795 struct ip6_sf_list *psf, *psf_next; 796 797 spin_lock_bh(&pmc->mca_lock); 798 psf = pmc->mca_tomb; 799 pmc->mca_tomb = NULL; 800 spin_unlock_bh(&pmc->mca_lock); 801 for (; psf; psf = psf_next) { 802 psf_next = psf->sf_next; 803 kfree(psf); 804 } 805 } 806 read_unlock_bh(&idev->lock); 807 } 808 809 static void mca_get(struct ifmcaddr6 *mc) 810 { 811 atomic_inc(&mc->mca_refcnt); 812 } 813 814 static void ma_put(struct ifmcaddr6 *mc) 815 { 816 if (atomic_dec_and_test(&mc->mca_refcnt)) { 817 in6_dev_put(mc->idev); 818 kfree(mc); 819 } 820 } 821 822 static struct ifmcaddr6 *mca_alloc(struct inet6_dev *idev, 823 const struct in6_addr *addr) 824 { 825 struct ifmcaddr6 *mc; 826 827 mc = kzalloc(sizeof(*mc), GFP_ATOMIC); 828 if (mc == NULL) 829 return NULL; 830 831 setup_timer(&mc->mca_timer, igmp6_timer_handler, (unsigned long)mc); 832 833 mc->mca_addr = *addr; 834 mc->idev = idev; /* reference taken by caller */ 835 mc->mca_users = 1; 836 /* mca_stamp should be updated upon changes */ 837 mc->mca_cstamp = mc->mca_tstamp = jiffies; 838 atomic_set(&mc->mca_refcnt, 1); 839 spin_lock_init(&mc->mca_lock); 840 841 /* initial mode is (EX, empty) */ 842 mc->mca_sfmode = MCAST_EXCLUDE; 843 mc->mca_sfcount[MCAST_EXCLUDE] = 1; 844 845 if (ipv6_addr_is_ll_all_nodes(&mc->mca_addr) || 846 IPV6_ADDR_MC_SCOPE(&mc->mca_addr) < IPV6_ADDR_SCOPE_LINKLOCAL) 847 mc->mca_flags |= MAF_NOREPORT; 848 849 return mc; 850 } 851 852 /* 853 * device multicast group inc (add if not found) 854 */ 855 int ipv6_dev_mc_inc(struct net_device *dev, const struct in6_addr *addr) 856 { 857 struct ifmcaddr6 *mc; 858 struct inet6_dev *idev; 859 860 ASSERT_RTNL(); 861 862 /* we need to take a reference on idev */ 863 idev = in6_dev_get(dev); 864 865 if (idev == NULL) 866 return -EINVAL; 867 868 write_lock_bh(&idev->lock); 869 if (idev->dead) { 870 write_unlock_bh(&idev->lock); 871 in6_dev_put(idev); 872 return -ENODEV; 873 } 874 875 for (mc = idev->mc_list; mc; mc = mc->next) { 876 if (ipv6_addr_equal(&mc->mca_addr, addr)) { 877 mc->mca_users++; 878 write_unlock_bh(&idev->lock); 879 ip6_mc_add_src(idev, &mc->mca_addr, MCAST_EXCLUDE, 0, 880 NULL, 0); 881 in6_dev_put(idev); 882 return 0; 883 } 884 } 885 886 mc = mca_alloc(idev, addr); 887 if (!mc) { 888 write_unlock_bh(&idev->lock); 889 in6_dev_put(idev); 890 return -ENOMEM; 891 } 892 893 mc->next = idev->mc_list; 894 idev->mc_list = mc; 895 896 /* Hold this for the code below before we unlock, 897 * it is already exposed via idev->mc_list. 898 */ 899 mca_get(mc); 900 write_unlock_bh(&idev->lock); 901 902 mld_del_delrec(idev, &mc->mca_addr); 903 igmp6_group_added(mc); 904 ma_put(mc); 905 return 0; 906 } 907 908 /* 909 * device multicast group del 910 */ 911 int __ipv6_dev_mc_dec(struct inet6_dev *idev, const struct in6_addr *addr) 912 { 913 struct ifmcaddr6 *ma, **map; 914 915 ASSERT_RTNL(); 916 917 write_lock_bh(&idev->lock); 918 for (map = &idev->mc_list; (ma = *map) != NULL; map = &ma->next) { 919 if (ipv6_addr_equal(&ma->mca_addr, addr)) { 920 if (--ma->mca_users == 0) { 921 *map = ma->next; 922 write_unlock_bh(&idev->lock); 923 924 igmp6_group_dropped(ma); 925 926 ma_put(ma); 927 return 0; 928 } 929 write_unlock_bh(&idev->lock); 930 return 0; 931 } 932 } 933 write_unlock_bh(&idev->lock); 934 935 return -ENOENT; 936 } 937 938 int ipv6_dev_mc_dec(struct net_device *dev, const struct in6_addr *addr) 939 { 940 struct inet6_dev *idev; 941 int err; 942 943 ASSERT_RTNL(); 944 945 idev = __in6_dev_get(dev); 946 if (!idev) 947 err = -ENODEV; 948 else 949 err = __ipv6_dev_mc_dec(idev, addr); 950 951 return err; 952 } 953 954 /* 955 * check if the interface/address pair is valid 956 */ 957 bool ipv6_chk_mcast_addr(struct net_device *dev, const struct in6_addr *group, 958 const struct in6_addr *src_addr) 959 { 960 struct inet6_dev *idev; 961 struct ifmcaddr6 *mc; 962 bool rv = false; 963 964 rcu_read_lock(); 965 idev = __in6_dev_get(dev); 966 if (idev) { 967 read_lock_bh(&idev->lock); 968 for (mc = idev->mc_list; mc; mc = mc->next) { 969 if (ipv6_addr_equal(&mc->mca_addr, group)) 970 break; 971 } 972 if (mc) { 973 if (src_addr && !ipv6_addr_any(src_addr)) { 974 struct ip6_sf_list *psf; 975 976 spin_lock_bh(&mc->mca_lock); 977 for (psf = mc->mca_sources; psf; psf = psf->sf_next) { 978 if (ipv6_addr_equal(&psf->sf_addr, src_addr)) 979 break; 980 } 981 if (psf) 982 rv = psf->sf_count[MCAST_INCLUDE] || 983 psf->sf_count[MCAST_EXCLUDE] != 984 mc->mca_sfcount[MCAST_EXCLUDE]; 985 else 986 rv = mc->mca_sfcount[MCAST_EXCLUDE] != 0; 987 spin_unlock_bh(&mc->mca_lock); 988 } else 989 rv = true; /* don't filter unspecified source */ 990 } 991 read_unlock_bh(&idev->lock); 992 } 993 rcu_read_unlock(); 994 return rv; 995 } 996 997 static void mld_gq_start_timer(struct inet6_dev *idev) 998 { 999 unsigned long tv = prandom_u32() % idev->mc_maxdelay; 1000 1001 idev->mc_gq_running = 1; 1002 if (!mod_timer(&idev->mc_gq_timer, jiffies+tv+2)) 1003 in6_dev_hold(idev); 1004 } 1005 1006 static void mld_gq_stop_timer(struct inet6_dev *idev) 1007 { 1008 idev->mc_gq_running = 0; 1009 if (del_timer(&idev->mc_gq_timer)) 1010 __in6_dev_put(idev); 1011 } 1012 1013 static void mld_ifc_start_timer(struct inet6_dev *idev, unsigned long delay) 1014 { 1015 unsigned long tv = prandom_u32() % delay; 1016 1017 if (!mod_timer(&idev->mc_ifc_timer, jiffies+tv+2)) 1018 in6_dev_hold(idev); 1019 } 1020 1021 static void mld_ifc_stop_timer(struct inet6_dev *idev) 1022 { 1023 idev->mc_ifc_count = 0; 1024 if (del_timer(&idev->mc_ifc_timer)) 1025 __in6_dev_put(idev); 1026 } 1027 1028 static void mld_dad_start_timer(struct inet6_dev *idev, unsigned long delay) 1029 { 1030 unsigned long tv = prandom_u32() % delay; 1031 1032 if (!mod_timer(&idev->mc_dad_timer, jiffies+tv+2)) 1033 in6_dev_hold(idev); 1034 } 1035 1036 static void mld_dad_stop_timer(struct inet6_dev *idev) 1037 { 1038 if (del_timer(&idev->mc_dad_timer)) 1039 __in6_dev_put(idev); 1040 } 1041 1042 /* 1043 * IGMP handling (alias multicast ICMPv6 messages) 1044 */ 1045 1046 static void igmp6_group_queried(struct ifmcaddr6 *ma, unsigned long resptime) 1047 { 1048 unsigned long delay = resptime; 1049 1050 /* Do not start timer for these addresses */ 1051 if (ipv6_addr_is_ll_all_nodes(&ma->mca_addr) || 1052 IPV6_ADDR_MC_SCOPE(&ma->mca_addr) < IPV6_ADDR_SCOPE_LINKLOCAL) 1053 return; 1054 1055 if (del_timer(&ma->mca_timer)) { 1056 atomic_dec(&ma->mca_refcnt); 1057 delay = ma->mca_timer.expires - jiffies; 1058 } 1059 1060 if (delay >= resptime) 1061 delay = prandom_u32() % resptime; 1062 1063 ma->mca_timer.expires = jiffies + delay; 1064 if (!mod_timer(&ma->mca_timer, jiffies + delay)) 1065 atomic_inc(&ma->mca_refcnt); 1066 ma->mca_flags |= MAF_TIMER_RUNNING; 1067 } 1068 1069 /* mark EXCLUDE-mode sources */ 1070 static bool mld_xmarksources(struct ifmcaddr6 *pmc, int nsrcs, 1071 const struct in6_addr *srcs) 1072 { 1073 struct ip6_sf_list *psf; 1074 int i, scount; 1075 1076 scount = 0; 1077 for (psf = pmc->mca_sources; psf; psf = psf->sf_next) { 1078 if (scount == nsrcs) 1079 break; 1080 for (i = 0; i < nsrcs; i++) { 1081 /* skip inactive filters */ 1082 if (psf->sf_count[MCAST_INCLUDE] || 1083 pmc->mca_sfcount[MCAST_EXCLUDE] != 1084 psf->sf_count[MCAST_EXCLUDE]) 1085 break; 1086 if (ipv6_addr_equal(&srcs[i], &psf->sf_addr)) { 1087 scount++; 1088 break; 1089 } 1090 } 1091 } 1092 pmc->mca_flags &= ~MAF_GSQUERY; 1093 if (scount == nsrcs) /* all sources excluded */ 1094 return false; 1095 return true; 1096 } 1097 1098 static bool mld_marksources(struct ifmcaddr6 *pmc, int nsrcs, 1099 const struct in6_addr *srcs) 1100 { 1101 struct ip6_sf_list *psf; 1102 int i, scount; 1103 1104 if (pmc->mca_sfmode == MCAST_EXCLUDE) 1105 return mld_xmarksources(pmc, nsrcs, srcs); 1106 1107 /* mark INCLUDE-mode sources */ 1108 1109 scount = 0; 1110 for (psf = pmc->mca_sources; psf; psf = psf->sf_next) { 1111 if (scount == nsrcs) 1112 break; 1113 for (i = 0; i < nsrcs; i++) { 1114 if (ipv6_addr_equal(&srcs[i], &psf->sf_addr)) { 1115 psf->sf_gsresp = 1; 1116 scount++; 1117 break; 1118 } 1119 } 1120 } 1121 if (!scount) { 1122 pmc->mca_flags &= ~MAF_GSQUERY; 1123 return false; 1124 } 1125 pmc->mca_flags |= MAF_GSQUERY; 1126 return true; 1127 } 1128 1129 static int mld_force_mld_version(const struct inet6_dev *idev) 1130 { 1131 /* Normally, both are 0 here. If enforcement to a particular is 1132 * being used, individual device enforcement will have a lower 1133 * precedence over 'all' device (.../conf/all/force_mld_version). 1134 */ 1135 1136 if (dev_net(idev->dev)->ipv6.devconf_all->force_mld_version != 0) 1137 return dev_net(idev->dev)->ipv6.devconf_all->force_mld_version; 1138 else 1139 return idev->cnf.force_mld_version; 1140 } 1141 1142 static bool mld_in_v2_mode_only(const struct inet6_dev *idev) 1143 { 1144 return mld_force_mld_version(idev) == 2; 1145 } 1146 1147 static bool mld_in_v1_mode_only(const struct inet6_dev *idev) 1148 { 1149 return mld_force_mld_version(idev) == 1; 1150 } 1151 1152 static bool mld_in_v1_mode(const struct inet6_dev *idev) 1153 { 1154 if (mld_in_v2_mode_only(idev)) 1155 return false; 1156 if (mld_in_v1_mode_only(idev)) 1157 return true; 1158 if (idev->mc_v1_seen && time_before(jiffies, idev->mc_v1_seen)) 1159 return true; 1160 1161 return false; 1162 } 1163 1164 static void mld_set_v1_mode(struct inet6_dev *idev) 1165 { 1166 /* RFC3810, relevant sections: 1167 * - 9.1. Robustness Variable 1168 * - 9.2. Query Interval 1169 * - 9.3. Query Response Interval 1170 * - 9.12. Older Version Querier Present Timeout 1171 */ 1172 unsigned long switchback; 1173 1174 switchback = (idev->mc_qrv * idev->mc_qi) + idev->mc_qri; 1175 1176 idev->mc_v1_seen = jiffies + switchback; 1177 } 1178 1179 static void mld_update_qrv(struct inet6_dev *idev, 1180 const struct mld2_query *mlh2) 1181 { 1182 /* RFC3810, relevant sections: 1183 * - 5.1.8. QRV (Querier's Robustness Variable) 1184 * - 9.1. Robustness Variable 1185 */ 1186 1187 /* The value of the Robustness Variable MUST NOT be zero, 1188 * and SHOULD NOT be one. Catch this here if we ever run 1189 * into such a case in future. 1190 */ 1191 const int min_qrv = min(MLD_QRV_DEFAULT, sysctl_mld_qrv); 1192 WARN_ON(idev->mc_qrv == 0); 1193 1194 if (mlh2->mld2q_qrv > 0) 1195 idev->mc_qrv = mlh2->mld2q_qrv; 1196 1197 if (unlikely(idev->mc_qrv < min_qrv)) { 1198 net_warn_ratelimited("IPv6: MLD: clamping QRV from %u to %u!\n", 1199 idev->mc_qrv, min_qrv); 1200 idev->mc_qrv = min_qrv; 1201 } 1202 } 1203 1204 static void mld_update_qi(struct inet6_dev *idev, 1205 const struct mld2_query *mlh2) 1206 { 1207 /* RFC3810, relevant sections: 1208 * - 5.1.9. QQIC (Querier's Query Interval Code) 1209 * - 9.2. Query Interval 1210 * - 9.12. Older Version Querier Present Timeout 1211 * (the [Query Interval] in the last Query received) 1212 */ 1213 unsigned long mc_qqi; 1214 1215 if (mlh2->mld2q_qqic < 128) { 1216 mc_qqi = mlh2->mld2q_qqic; 1217 } else { 1218 unsigned long mc_man, mc_exp; 1219 1220 mc_exp = MLDV2_QQIC_EXP(mlh2->mld2q_qqic); 1221 mc_man = MLDV2_QQIC_MAN(mlh2->mld2q_qqic); 1222 1223 mc_qqi = (mc_man | 0x10) << (mc_exp + 3); 1224 } 1225 1226 idev->mc_qi = mc_qqi * HZ; 1227 } 1228 1229 static void mld_update_qri(struct inet6_dev *idev, 1230 const struct mld2_query *mlh2) 1231 { 1232 /* RFC3810, relevant sections: 1233 * - 5.1.3. Maximum Response Code 1234 * - 9.3. Query Response Interval 1235 */ 1236 idev->mc_qri = msecs_to_jiffies(mldv2_mrc(mlh2)); 1237 } 1238 1239 static int mld_process_v1(struct inet6_dev *idev, struct mld_msg *mld, 1240 unsigned long *max_delay, bool v1_query) 1241 { 1242 unsigned long mldv1_md; 1243 1244 /* Ignore v1 queries */ 1245 if (mld_in_v2_mode_only(idev)) 1246 return -EINVAL; 1247 1248 mldv1_md = ntohs(mld->mld_maxdelay); 1249 1250 /* When in MLDv1 fallback and a MLDv2 router start-up being 1251 * unaware of current MLDv1 operation, the MRC == MRD mapping 1252 * only works when the exponential algorithm is not being 1253 * used (as MLDv1 is unaware of such things). 1254 * 1255 * According to the RFC author, the MLDv2 implementations 1256 * he's aware of all use a MRC < 32768 on start up queries. 1257 * 1258 * Thus, should we *ever* encounter something else larger 1259 * than that, just assume the maximum possible within our 1260 * reach. 1261 */ 1262 if (!v1_query) 1263 mldv1_md = min(mldv1_md, MLDV1_MRD_MAX_COMPAT); 1264 1265 *max_delay = max(msecs_to_jiffies(mldv1_md), 1UL); 1266 1267 /* MLDv1 router present: we need to go into v1 mode *only* 1268 * when an MLDv1 query is received as per section 9.12. of 1269 * RFC3810! And we know from RFC2710 section 3.7 that MLDv1 1270 * queries MUST be of exactly 24 octets. 1271 */ 1272 if (v1_query) 1273 mld_set_v1_mode(idev); 1274 1275 /* cancel MLDv2 report timer */ 1276 mld_gq_stop_timer(idev); 1277 /* cancel the interface change timer */ 1278 mld_ifc_stop_timer(idev); 1279 /* clear deleted report items */ 1280 mld_clear_delrec(idev); 1281 1282 return 0; 1283 } 1284 1285 static int mld_process_v2(struct inet6_dev *idev, struct mld2_query *mld, 1286 unsigned long *max_delay) 1287 { 1288 *max_delay = max(msecs_to_jiffies(mldv2_mrc(mld)), 1UL); 1289 1290 mld_update_qrv(idev, mld); 1291 mld_update_qi(idev, mld); 1292 mld_update_qri(idev, mld); 1293 1294 idev->mc_maxdelay = *max_delay; 1295 1296 return 0; 1297 } 1298 1299 /* called with rcu_read_lock() */ 1300 int igmp6_event_query(struct sk_buff *skb) 1301 { 1302 struct mld2_query *mlh2 = NULL; 1303 struct ifmcaddr6 *ma; 1304 const struct in6_addr *group; 1305 unsigned long max_delay; 1306 struct inet6_dev *idev; 1307 struct mld_msg *mld; 1308 int group_type; 1309 int mark = 0; 1310 int len, err; 1311 1312 if (!pskb_may_pull(skb, sizeof(struct in6_addr))) 1313 return -EINVAL; 1314 1315 /* compute payload length excluding extension headers */ 1316 len = ntohs(ipv6_hdr(skb)->payload_len) + sizeof(struct ipv6hdr); 1317 len -= skb_network_header_len(skb); 1318 1319 /* RFC3810 6.2 1320 * Upon reception of an MLD message that contains a Query, the node 1321 * checks if the source address of the message is a valid link-local 1322 * address, if the Hop Limit is set to 1, and if the Router Alert 1323 * option is present in the Hop-By-Hop Options header of the IPv6 1324 * packet. If any of these checks fails, the packet is dropped. 1325 */ 1326 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL) || 1327 ipv6_hdr(skb)->hop_limit != 1 || 1328 !(IP6CB(skb)->flags & IP6SKB_ROUTERALERT) || 1329 IP6CB(skb)->ra != htons(IPV6_OPT_ROUTERALERT_MLD)) 1330 return -EINVAL; 1331 1332 idev = __in6_dev_get(skb->dev); 1333 if (idev == NULL) 1334 return 0; 1335 1336 mld = (struct mld_msg *)icmp6_hdr(skb); 1337 group = &mld->mld_mca; 1338 group_type = ipv6_addr_type(group); 1339 1340 if (group_type != IPV6_ADDR_ANY && 1341 !(group_type&IPV6_ADDR_MULTICAST)) 1342 return -EINVAL; 1343 1344 if (len < MLD_V1_QUERY_LEN) { 1345 return -EINVAL; 1346 } else if (len == MLD_V1_QUERY_LEN || mld_in_v1_mode(idev)) { 1347 err = mld_process_v1(idev, mld, &max_delay, 1348 len == MLD_V1_QUERY_LEN); 1349 if (err < 0) 1350 return err; 1351 } else if (len >= MLD_V2_QUERY_LEN_MIN) { 1352 int srcs_offset = sizeof(struct mld2_query) - 1353 sizeof(struct icmp6hdr); 1354 1355 if (!pskb_may_pull(skb, srcs_offset)) 1356 return -EINVAL; 1357 1358 mlh2 = (struct mld2_query *)skb_transport_header(skb); 1359 1360 err = mld_process_v2(idev, mlh2, &max_delay); 1361 if (err < 0) 1362 return err; 1363 1364 if (group_type == IPV6_ADDR_ANY) { /* general query */ 1365 if (mlh2->mld2q_nsrcs) 1366 return -EINVAL; /* no sources allowed */ 1367 1368 mld_gq_start_timer(idev); 1369 return 0; 1370 } 1371 /* mark sources to include, if group & source-specific */ 1372 if (mlh2->mld2q_nsrcs != 0) { 1373 if (!pskb_may_pull(skb, srcs_offset + 1374 ntohs(mlh2->mld2q_nsrcs) * sizeof(struct in6_addr))) 1375 return -EINVAL; 1376 1377 mlh2 = (struct mld2_query *)skb_transport_header(skb); 1378 mark = 1; 1379 } 1380 } else { 1381 return -EINVAL; 1382 } 1383 1384 read_lock_bh(&idev->lock); 1385 if (group_type == IPV6_ADDR_ANY) { 1386 for (ma = idev->mc_list; ma; ma = ma->next) { 1387 spin_lock_bh(&ma->mca_lock); 1388 igmp6_group_queried(ma, max_delay); 1389 spin_unlock_bh(&ma->mca_lock); 1390 } 1391 } else { 1392 for (ma = idev->mc_list; ma; ma = ma->next) { 1393 if (!ipv6_addr_equal(group, &ma->mca_addr)) 1394 continue; 1395 spin_lock_bh(&ma->mca_lock); 1396 if (ma->mca_flags & MAF_TIMER_RUNNING) { 1397 /* gsquery <- gsquery && mark */ 1398 if (!mark) 1399 ma->mca_flags &= ~MAF_GSQUERY; 1400 } else { 1401 /* gsquery <- mark */ 1402 if (mark) 1403 ma->mca_flags |= MAF_GSQUERY; 1404 else 1405 ma->mca_flags &= ~MAF_GSQUERY; 1406 } 1407 if (!(ma->mca_flags & MAF_GSQUERY) || 1408 mld_marksources(ma, ntohs(mlh2->mld2q_nsrcs), mlh2->mld2q_srcs)) 1409 igmp6_group_queried(ma, max_delay); 1410 spin_unlock_bh(&ma->mca_lock); 1411 break; 1412 } 1413 } 1414 read_unlock_bh(&idev->lock); 1415 1416 return 0; 1417 } 1418 1419 /* called with rcu_read_lock() */ 1420 int igmp6_event_report(struct sk_buff *skb) 1421 { 1422 struct ifmcaddr6 *ma; 1423 struct inet6_dev *idev; 1424 struct mld_msg *mld; 1425 int addr_type; 1426 1427 /* Our own report looped back. Ignore it. */ 1428 if (skb->pkt_type == PACKET_LOOPBACK) 1429 return 0; 1430 1431 /* send our report if the MC router may not have heard this report */ 1432 if (skb->pkt_type != PACKET_MULTICAST && 1433 skb->pkt_type != PACKET_BROADCAST) 1434 return 0; 1435 1436 if (!pskb_may_pull(skb, sizeof(*mld) - sizeof(struct icmp6hdr))) 1437 return -EINVAL; 1438 1439 mld = (struct mld_msg *)icmp6_hdr(skb); 1440 1441 /* Drop reports with not link local source */ 1442 addr_type = ipv6_addr_type(&ipv6_hdr(skb)->saddr); 1443 if (addr_type != IPV6_ADDR_ANY && 1444 !(addr_type&IPV6_ADDR_LINKLOCAL)) 1445 return -EINVAL; 1446 1447 idev = __in6_dev_get(skb->dev); 1448 if (idev == NULL) 1449 return -ENODEV; 1450 1451 /* 1452 * Cancel the timer for this group 1453 */ 1454 1455 read_lock_bh(&idev->lock); 1456 for (ma = idev->mc_list; ma; ma = ma->next) { 1457 if (ipv6_addr_equal(&ma->mca_addr, &mld->mld_mca)) { 1458 spin_lock(&ma->mca_lock); 1459 if (del_timer(&ma->mca_timer)) 1460 atomic_dec(&ma->mca_refcnt); 1461 ma->mca_flags &= ~(MAF_LAST_REPORTER|MAF_TIMER_RUNNING); 1462 spin_unlock(&ma->mca_lock); 1463 break; 1464 } 1465 } 1466 read_unlock_bh(&idev->lock); 1467 return 0; 1468 } 1469 1470 static bool is_in(struct ifmcaddr6 *pmc, struct ip6_sf_list *psf, int type, 1471 int gdeleted, int sdeleted) 1472 { 1473 switch (type) { 1474 case MLD2_MODE_IS_INCLUDE: 1475 case MLD2_MODE_IS_EXCLUDE: 1476 if (gdeleted || sdeleted) 1477 return false; 1478 if (!((pmc->mca_flags & MAF_GSQUERY) && !psf->sf_gsresp)) { 1479 if (pmc->mca_sfmode == MCAST_INCLUDE) 1480 return true; 1481 /* don't include if this source is excluded 1482 * in all filters 1483 */ 1484 if (psf->sf_count[MCAST_INCLUDE]) 1485 return type == MLD2_MODE_IS_INCLUDE; 1486 return pmc->mca_sfcount[MCAST_EXCLUDE] == 1487 psf->sf_count[MCAST_EXCLUDE]; 1488 } 1489 return false; 1490 case MLD2_CHANGE_TO_INCLUDE: 1491 if (gdeleted || sdeleted) 1492 return false; 1493 return psf->sf_count[MCAST_INCLUDE] != 0; 1494 case MLD2_CHANGE_TO_EXCLUDE: 1495 if (gdeleted || sdeleted) 1496 return false; 1497 if (pmc->mca_sfcount[MCAST_EXCLUDE] == 0 || 1498 psf->sf_count[MCAST_INCLUDE]) 1499 return false; 1500 return pmc->mca_sfcount[MCAST_EXCLUDE] == 1501 psf->sf_count[MCAST_EXCLUDE]; 1502 case MLD2_ALLOW_NEW_SOURCES: 1503 if (gdeleted || !psf->sf_crcount) 1504 return false; 1505 return (pmc->mca_sfmode == MCAST_INCLUDE) ^ sdeleted; 1506 case MLD2_BLOCK_OLD_SOURCES: 1507 if (pmc->mca_sfmode == MCAST_INCLUDE) 1508 return gdeleted || (psf->sf_crcount && sdeleted); 1509 return psf->sf_crcount && !gdeleted && !sdeleted; 1510 } 1511 return false; 1512 } 1513 1514 static int 1515 mld_scount(struct ifmcaddr6 *pmc, int type, int gdeleted, int sdeleted) 1516 { 1517 struct ip6_sf_list *psf; 1518 int scount = 0; 1519 1520 for (psf = pmc->mca_sources; psf; psf = psf->sf_next) { 1521 if (!is_in(pmc, psf, type, gdeleted, sdeleted)) 1522 continue; 1523 scount++; 1524 } 1525 return scount; 1526 } 1527 1528 static void ip6_mc_hdr(struct sock *sk, struct sk_buff *skb, 1529 struct net_device *dev, 1530 const struct in6_addr *saddr, 1531 const struct in6_addr *daddr, 1532 int proto, int len) 1533 { 1534 struct ipv6hdr *hdr; 1535 1536 skb->protocol = htons(ETH_P_IPV6); 1537 skb->dev = dev; 1538 1539 skb_reset_network_header(skb); 1540 skb_put(skb, sizeof(struct ipv6hdr)); 1541 hdr = ipv6_hdr(skb); 1542 1543 ip6_flow_hdr(hdr, 0, 0); 1544 1545 hdr->payload_len = htons(len); 1546 hdr->nexthdr = proto; 1547 hdr->hop_limit = inet6_sk(sk)->hop_limit; 1548 1549 hdr->saddr = *saddr; 1550 hdr->daddr = *daddr; 1551 } 1552 1553 static struct sk_buff *mld_newpack(struct inet6_dev *idev, unsigned int mtu) 1554 { 1555 struct net_device *dev = idev->dev; 1556 struct net *net = dev_net(dev); 1557 struct sock *sk = net->ipv6.igmp_sk; 1558 struct sk_buff *skb; 1559 struct mld2_report *pmr; 1560 struct in6_addr addr_buf; 1561 const struct in6_addr *saddr; 1562 int hlen = LL_RESERVED_SPACE(dev); 1563 int tlen = dev->needed_tailroom; 1564 unsigned int size = mtu + hlen + tlen; 1565 int err; 1566 u8 ra[8] = { IPPROTO_ICMPV6, 0, 1567 IPV6_TLV_ROUTERALERT, 2, 0, 0, 1568 IPV6_TLV_PADN, 0 }; 1569 1570 /* we assume size > sizeof(ra) here */ 1571 /* limit our allocations to order-0 page */ 1572 size = min_t(int, size, SKB_MAX_ORDER(0, 0)); 1573 skb = sock_alloc_send_skb(sk, size, 1, &err); 1574 1575 if (!skb) 1576 return NULL; 1577 1578 skb->priority = TC_PRIO_CONTROL; 1579 skb->reserved_tailroom = skb_end_offset(skb) - 1580 min(mtu, skb_end_offset(skb)); 1581 skb_reserve(skb, hlen); 1582 1583 if (__ipv6_get_lladdr(idev, &addr_buf, IFA_F_TENTATIVE)) { 1584 /* <draft-ietf-magma-mld-source-05.txt>: 1585 * use unspecified address as the source address 1586 * when a valid link-local address is not available. 1587 */ 1588 saddr = &in6addr_any; 1589 } else 1590 saddr = &addr_buf; 1591 1592 ip6_mc_hdr(sk, skb, dev, saddr, &mld2_all_mcr, NEXTHDR_HOP, 0); 1593 1594 memcpy(skb_put(skb, sizeof(ra)), ra, sizeof(ra)); 1595 1596 skb_set_transport_header(skb, skb_tail_pointer(skb) - skb->data); 1597 skb_put(skb, sizeof(*pmr)); 1598 pmr = (struct mld2_report *)skb_transport_header(skb); 1599 pmr->mld2r_type = ICMPV6_MLD2_REPORT; 1600 pmr->mld2r_resv1 = 0; 1601 pmr->mld2r_cksum = 0; 1602 pmr->mld2r_resv2 = 0; 1603 pmr->mld2r_ngrec = 0; 1604 return skb; 1605 } 1606 1607 static void mld_sendpack(struct sk_buff *skb) 1608 { 1609 struct ipv6hdr *pip6 = ipv6_hdr(skb); 1610 struct mld2_report *pmr = 1611 (struct mld2_report *)skb_transport_header(skb); 1612 int payload_len, mldlen; 1613 struct inet6_dev *idev; 1614 struct net *net = dev_net(skb->dev); 1615 int err; 1616 struct flowi6 fl6; 1617 struct dst_entry *dst; 1618 1619 rcu_read_lock(); 1620 idev = __in6_dev_get(skb->dev); 1621 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len); 1622 1623 payload_len = (skb_tail_pointer(skb) - skb_network_header(skb)) - 1624 sizeof(*pip6); 1625 mldlen = skb_tail_pointer(skb) - skb_transport_header(skb); 1626 pip6->payload_len = htons(payload_len); 1627 1628 pmr->mld2r_cksum = csum_ipv6_magic(&pip6->saddr, &pip6->daddr, mldlen, 1629 IPPROTO_ICMPV6, 1630 csum_partial(skb_transport_header(skb), 1631 mldlen, 0)); 1632 1633 icmpv6_flow_init(net->ipv6.igmp_sk, &fl6, ICMPV6_MLD2_REPORT, 1634 &ipv6_hdr(skb)->saddr, &ipv6_hdr(skb)->daddr, 1635 skb->dev->ifindex); 1636 dst = icmp6_dst_alloc(skb->dev, &fl6); 1637 1638 err = 0; 1639 if (IS_ERR(dst)) { 1640 err = PTR_ERR(dst); 1641 dst = NULL; 1642 } 1643 skb_dst_set(skb, dst); 1644 if (err) 1645 goto err_out; 1646 1647 payload_len = skb->len; 1648 1649 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL, skb->dev, 1650 dst_output); 1651 out: 1652 if (!err) { 1653 ICMP6MSGOUT_INC_STATS(net, idev, ICMPV6_MLD2_REPORT); 1654 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS); 1655 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUTMCAST, payload_len); 1656 } else { 1657 IP6_INC_STATS(net, idev, IPSTATS_MIB_OUTDISCARDS); 1658 } 1659 1660 rcu_read_unlock(); 1661 return; 1662 1663 err_out: 1664 kfree_skb(skb); 1665 goto out; 1666 } 1667 1668 static int grec_size(struct ifmcaddr6 *pmc, int type, int gdel, int sdel) 1669 { 1670 return sizeof(struct mld2_grec) + 16 * mld_scount(pmc,type,gdel,sdel); 1671 } 1672 1673 static struct sk_buff *add_grhead(struct sk_buff *skb, struct ifmcaddr6 *pmc, 1674 int type, struct mld2_grec **ppgr) 1675 { 1676 struct net_device *dev = pmc->idev->dev; 1677 struct mld2_report *pmr; 1678 struct mld2_grec *pgr; 1679 1680 if (!skb) 1681 skb = mld_newpack(pmc->idev, dev->mtu); 1682 if (!skb) 1683 return NULL; 1684 pgr = (struct mld2_grec *)skb_put(skb, sizeof(struct mld2_grec)); 1685 pgr->grec_type = type; 1686 pgr->grec_auxwords = 0; 1687 pgr->grec_nsrcs = 0; 1688 pgr->grec_mca = pmc->mca_addr; /* structure copy */ 1689 pmr = (struct mld2_report *)skb_transport_header(skb); 1690 pmr->mld2r_ngrec = htons(ntohs(pmr->mld2r_ngrec)+1); 1691 *ppgr = pgr; 1692 return skb; 1693 } 1694 1695 #define AVAILABLE(skb) ((skb) ? skb_availroom(skb) : 0) 1696 1697 static struct sk_buff *add_grec(struct sk_buff *skb, struct ifmcaddr6 *pmc, 1698 int type, int gdeleted, int sdeleted, int crsend) 1699 { 1700 struct inet6_dev *idev = pmc->idev; 1701 struct net_device *dev = idev->dev; 1702 struct mld2_report *pmr; 1703 struct mld2_grec *pgr = NULL; 1704 struct ip6_sf_list *psf, *psf_next, *psf_prev, **psf_list; 1705 int scount, stotal, first, isquery, truncate; 1706 1707 if (pmc->mca_flags & MAF_NOREPORT) 1708 return skb; 1709 1710 isquery = type == MLD2_MODE_IS_INCLUDE || 1711 type == MLD2_MODE_IS_EXCLUDE; 1712 truncate = type == MLD2_MODE_IS_EXCLUDE || 1713 type == MLD2_CHANGE_TO_EXCLUDE; 1714 1715 stotal = scount = 0; 1716 1717 psf_list = sdeleted ? &pmc->mca_tomb : &pmc->mca_sources; 1718 1719 if (!*psf_list) 1720 goto empty_source; 1721 1722 pmr = skb ? (struct mld2_report *)skb_transport_header(skb) : NULL; 1723 1724 /* EX and TO_EX get a fresh packet, if needed */ 1725 if (truncate) { 1726 if (pmr && pmr->mld2r_ngrec && 1727 AVAILABLE(skb) < grec_size(pmc, type, gdeleted, sdeleted)) { 1728 if (skb) 1729 mld_sendpack(skb); 1730 skb = mld_newpack(idev, dev->mtu); 1731 } 1732 } 1733 first = 1; 1734 psf_prev = NULL; 1735 for (psf = *psf_list; psf; psf = psf_next) { 1736 struct in6_addr *psrc; 1737 1738 psf_next = psf->sf_next; 1739 1740 if (!is_in(pmc, psf, type, gdeleted, sdeleted)) { 1741 psf_prev = psf; 1742 continue; 1743 } 1744 1745 /* clear marks on query responses */ 1746 if (isquery) 1747 psf->sf_gsresp = 0; 1748 1749 if (AVAILABLE(skb) < sizeof(*psrc) + 1750 first*sizeof(struct mld2_grec)) { 1751 if (truncate && !first) 1752 break; /* truncate these */ 1753 if (pgr) 1754 pgr->grec_nsrcs = htons(scount); 1755 if (skb) 1756 mld_sendpack(skb); 1757 skb = mld_newpack(idev, dev->mtu); 1758 first = 1; 1759 scount = 0; 1760 } 1761 if (first) { 1762 skb = add_grhead(skb, pmc, type, &pgr); 1763 first = 0; 1764 } 1765 if (!skb) 1766 return NULL; 1767 psrc = (struct in6_addr *)skb_put(skb, sizeof(*psrc)); 1768 *psrc = psf->sf_addr; 1769 scount++; stotal++; 1770 if ((type == MLD2_ALLOW_NEW_SOURCES || 1771 type == MLD2_BLOCK_OLD_SOURCES) && psf->sf_crcount) { 1772 psf->sf_crcount--; 1773 if ((sdeleted || gdeleted) && psf->sf_crcount == 0) { 1774 if (psf_prev) 1775 psf_prev->sf_next = psf->sf_next; 1776 else 1777 *psf_list = psf->sf_next; 1778 kfree(psf); 1779 continue; 1780 } 1781 } 1782 psf_prev = psf; 1783 } 1784 1785 empty_source: 1786 if (!stotal) { 1787 if (type == MLD2_ALLOW_NEW_SOURCES || 1788 type == MLD2_BLOCK_OLD_SOURCES) 1789 return skb; 1790 if (pmc->mca_crcount || isquery || crsend) { 1791 /* make sure we have room for group header */ 1792 if (skb && AVAILABLE(skb) < sizeof(struct mld2_grec)) { 1793 mld_sendpack(skb); 1794 skb = NULL; /* add_grhead will get a new one */ 1795 } 1796 skb = add_grhead(skb, pmc, type, &pgr); 1797 } 1798 } 1799 if (pgr) 1800 pgr->grec_nsrcs = htons(scount); 1801 1802 if (isquery) 1803 pmc->mca_flags &= ~MAF_GSQUERY; /* clear query state */ 1804 return skb; 1805 } 1806 1807 static void mld_send_report(struct inet6_dev *idev, struct ifmcaddr6 *pmc) 1808 { 1809 struct sk_buff *skb = NULL; 1810 int type; 1811 1812 read_lock_bh(&idev->lock); 1813 if (!pmc) { 1814 for (pmc = idev->mc_list; pmc; pmc = pmc->next) { 1815 if (pmc->mca_flags & MAF_NOREPORT) 1816 continue; 1817 spin_lock_bh(&pmc->mca_lock); 1818 if (pmc->mca_sfcount[MCAST_EXCLUDE]) 1819 type = MLD2_MODE_IS_EXCLUDE; 1820 else 1821 type = MLD2_MODE_IS_INCLUDE; 1822 skb = add_grec(skb, pmc, type, 0, 0, 0); 1823 spin_unlock_bh(&pmc->mca_lock); 1824 } 1825 } else { 1826 spin_lock_bh(&pmc->mca_lock); 1827 if (pmc->mca_sfcount[MCAST_EXCLUDE]) 1828 type = MLD2_MODE_IS_EXCLUDE; 1829 else 1830 type = MLD2_MODE_IS_INCLUDE; 1831 skb = add_grec(skb, pmc, type, 0, 0, 0); 1832 spin_unlock_bh(&pmc->mca_lock); 1833 } 1834 read_unlock_bh(&idev->lock); 1835 if (skb) 1836 mld_sendpack(skb); 1837 } 1838 1839 /* 1840 * remove zero-count source records from a source filter list 1841 */ 1842 static void mld_clear_zeros(struct ip6_sf_list **ppsf) 1843 { 1844 struct ip6_sf_list *psf_prev, *psf_next, *psf; 1845 1846 psf_prev = NULL; 1847 for (psf = *ppsf; psf; psf = psf_next) { 1848 psf_next = psf->sf_next; 1849 if (psf->sf_crcount == 0) { 1850 if (psf_prev) 1851 psf_prev->sf_next = psf->sf_next; 1852 else 1853 *ppsf = psf->sf_next; 1854 kfree(psf); 1855 } else 1856 psf_prev = psf; 1857 } 1858 } 1859 1860 static void mld_send_cr(struct inet6_dev *idev) 1861 { 1862 struct ifmcaddr6 *pmc, *pmc_prev, *pmc_next; 1863 struct sk_buff *skb = NULL; 1864 int type, dtype; 1865 1866 read_lock_bh(&idev->lock); 1867 spin_lock(&idev->mc_lock); 1868 1869 /* deleted MCA's */ 1870 pmc_prev = NULL; 1871 for (pmc = idev->mc_tomb; pmc; pmc = pmc_next) { 1872 pmc_next = pmc->next; 1873 if (pmc->mca_sfmode == MCAST_INCLUDE) { 1874 type = MLD2_BLOCK_OLD_SOURCES; 1875 dtype = MLD2_BLOCK_OLD_SOURCES; 1876 skb = add_grec(skb, pmc, type, 1, 0, 0); 1877 skb = add_grec(skb, pmc, dtype, 1, 1, 0); 1878 } 1879 if (pmc->mca_crcount) { 1880 if (pmc->mca_sfmode == MCAST_EXCLUDE) { 1881 type = MLD2_CHANGE_TO_INCLUDE; 1882 skb = add_grec(skb, pmc, type, 1, 0, 0); 1883 } 1884 pmc->mca_crcount--; 1885 if (pmc->mca_crcount == 0) { 1886 mld_clear_zeros(&pmc->mca_tomb); 1887 mld_clear_zeros(&pmc->mca_sources); 1888 } 1889 } 1890 if (pmc->mca_crcount == 0 && !pmc->mca_tomb && 1891 !pmc->mca_sources) { 1892 if (pmc_prev) 1893 pmc_prev->next = pmc_next; 1894 else 1895 idev->mc_tomb = pmc_next; 1896 in6_dev_put(pmc->idev); 1897 kfree(pmc); 1898 } else 1899 pmc_prev = pmc; 1900 } 1901 spin_unlock(&idev->mc_lock); 1902 1903 /* change recs */ 1904 for (pmc = idev->mc_list; pmc; pmc = pmc->next) { 1905 spin_lock_bh(&pmc->mca_lock); 1906 if (pmc->mca_sfcount[MCAST_EXCLUDE]) { 1907 type = MLD2_BLOCK_OLD_SOURCES; 1908 dtype = MLD2_ALLOW_NEW_SOURCES; 1909 } else { 1910 type = MLD2_ALLOW_NEW_SOURCES; 1911 dtype = MLD2_BLOCK_OLD_SOURCES; 1912 } 1913 skb = add_grec(skb, pmc, type, 0, 0, 0); 1914 skb = add_grec(skb, pmc, dtype, 0, 1, 0); /* deleted sources */ 1915 1916 /* filter mode changes */ 1917 if (pmc->mca_crcount) { 1918 if (pmc->mca_sfmode == MCAST_EXCLUDE) 1919 type = MLD2_CHANGE_TO_EXCLUDE; 1920 else 1921 type = MLD2_CHANGE_TO_INCLUDE; 1922 skb = add_grec(skb, pmc, type, 0, 0, 0); 1923 pmc->mca_crcount--; 1924 } 1925 spin_unlock_bh(&pmc->mca_lock); 1926 } 1927 read_unlock_bh(&idev->lock); 1928 if (!skb) 1929 return; 1930 (void) mld_sendpack(skb); 1931 } 1932 1933 static void igmp6_send(struct in6_addr *addr, struct net_device *dev, int type) 1934 { 1935 struct net *net = dev_net(dev); 1936 struct sock *sk = net->ipv6.igmp_sk; 1937 struct inet6_dev *idev; 1938 struct sk_buff *skb; 1939 struct mld_msg *hdr; 1940 const struct in6_addr *snd_addr, *saddr; 1941 struct in6_addr addr_buf; 1942 int hlen = LL_RESERVED_SPACE(dev); 1943 int tlen = dev->needed_tailroom; 1944 int err, len, payload_len, full_len; 1945 u8 ra[8] = { IPPROTO_ICMPV6, 0, 1946 IPV6_TLV_ROUTERALERT, 2, 0, 0, 1947 IPV6_TLV_PADN, 0 }; 1948 struct flowi6 fl6; 1949 struct dst_entry *dst; 1950 1951 if (type == ICMPV6_MGM_REDUCTION) 1952 snd_addr = &in6addr_linklocal_allrouters; 1953 else 1954 snd_addr = addr; 1955 1956 len = sizeof(struct icmp6hdr) + sizeof(struct in6_addr); 1957 payload_len = len + sizeof(ra); 1958 full_len = sizeof(struct ipv6hdr) + payload_len; 1959 1960 rcu_read_lock(); 1961 IP6_UPD_PO_STATS(net, __in6_dev_get(dev), 1962 IPSTATS_MIB_OUT, full_len); 1963 rcu_read_unlock(); 1964 1965 skb = sock_alloc_send_skb(sk, hlen + tlen + full_len, 1, &err); 1966 1967 if (skb == NULL) { 1968 rcu_read_lock(); 1969 IP6_INC_STATS(net, __in6_dev_get(dev), 1970 IPSTATS_MIB_OUTDISCARDS); 1971 rcu_read_unlock(); 1972 return; 1973 } 1974 skb->priority = TC_PRIO_CONTROL; 1975 skb_reserve(skb, hlen); 1976 1977 if (ipv6_get_lladdr(dev, &addr_buf, IFA_F_TENTATIVE)) { 1978 /* <draft-ietf-magma-mld-source-05.txt>: 1979 * use unspecified address as the source address 1980 * when a valid link-local address is not available. 1981 */ 1982 saddr = &in6addr_any; 1983 } else 1984 saddr = &addr_buf; 1985 1986 ip6_mc_hdr(sk, skb, dev, saddr, snd_addr, NEXTHDR_HOP, payload_len); 1987 1988 memcpy(skb_put(skb, sizeof(ra)), ra, sizeof(ra)); 1989 1990 hdr = (struct mld_msg *) skb_put(skb, sizeof(struct mld_msg)); 1991 memset(hdr, 0, sizeof(struct mld_msg)); 1992 hdr->mld_type = type; 1993 hdr->mld_mca = *addr; 1994 1995 hdr->mld_cksum = csum_ipv6_magic(saddr, snd_addr, len, 1996 IPPROTO_ICMPV6, 1997 csum_partial(hdr, len, 0)); 1998 1999 rcu_read_lock(); 2000 idev = __in6_dev_get(skb->dev); 2001 2002 icmpv6_flow_init(sk, &fl6, type, 2003 &ipv6_hdr(skb)->saddr, &ipv6_hdr(skb)->daddr, 2004 skb->dev->ifindex); 2005 dst = icmp6_dst_alloc(skb->dev, &fl6); 2006 if (IS_ERR(dst)) { 2007 err = PTR_ERR(dst); 2008 goto err_out; 2009 } 2010 2011 skb_dst_set(skb, dst); 2012 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL, skb->dev, 2013 dst_output); 2014 out: 2015 if (!err) { 2016 ICMP6MSGOUT_INC_STATS(net, idev, type); 2017 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS); 2018 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUTMCAST, full_len); 2019 } else 2020 IP6_INC_STATS(net, idev, IPSTATS_MIB_OUTDISCARDS); 2021 2022 rcu_read_unlock(); 2023 return; 2024 2025 err_out: 2026 kfree_skb(skb); 2027 goto out; 2028 } 2029 2030 static void mld_send_initial_cr(struct inet6_dev *idev) 2031 { 2032 struct sk_buff *skb; 2033 struct ifmcaddr6 *pmc; 2034 int type; 2035 2036 if (mld_in_v1_mode(idev)) 2037 return; 2038 2039 skb = NULL; 2040 read_lock_bh(&idev->lock); 2041 for (pmc = idev->mc_list; pmc; pmc = pmc->next) { 2042 spin_lock_bh(&pmc->mca_lock); 2043 if (pmc->mca_sfcount[MCAST_EXCLUDE]) 2044 type = MLD2_CHANGE_TO_EXCLUDE; 2045 else 2046 type = MLD2_CHANGE_TO_INCLUDE; 2047 skb = add_grec(skb, pmc, type, 0, 0, 1); 2048 spin_unlock_bh(&pmc->mca_lock); 2049 } 2050 read_unlock_bh(&idev->lock); 2051 if (skb) 2052 mld_sendpack(skb); 2053 } 2054 2055 void ipv6_mc_dad_complete(struct inet6_dev *idev) 2056 { 2057 idev->mc_dad_count = idev->mc_qrv; 2058 if (idev->mc_dad_count) { 2059 mld_send_initial_cr(idev); 2060 idev->mc_dad_count--; 2061 if (idev->mc_dad_count) 2062 mld_dad_start_timer(idev, idev->mc_maxdelay); 2063 } 2064 } 2065 2066 static void mld_dad_timer_expire(unsigned long data) 2067 { 2068 struct inet6_dev *idev = (struct inet6_dev *)data; 2069 2070 mld_send_initial_cr(idev); 2071 if (idev->mc_dad_count) { 2072 idev->mc_dad_count--; 2073 if (idev->mc_dad_count) 2074 mld_dad_start_timer(idev, idev->mc_maxdelay); 2075 } 2076 in6_dev_put(idev); 2077 } 2078 2079 static int ip6_mc_del1_src(struct ifmcaddr6 *pmc, int sfmode, 2080 const struct in6_addr *psfsrc) 2081 { 2082 struct ip6_sf_list *psf, *psf_prev; 2083 int rv = 0; 2084 2085 psf_prev = NULL; 2086 for (psf = pmc->mca_sources; psf; psf = psf->sf_next) { 2087 if (ipv6_addr_equal(&psf->sf_addr, psfsrc)) 2088 break; 2089 psf_prev = psf; 2090 } 2091 if (!psf || psf->sf_count[sfmode] == 0) { 2092 /* source filter not found, or count wrong => bug */ 2093 return -ESRCH; 2094 } 2095 psf->sf_count[sfmode]--; 2096 if (!psf->sf_count[MCAST_INCLUDE] && !psf->sf_count[MCAST_EXCLUDE]) { 2097 struct inet6_dev *idev = pmc->idev; 2098 2099 /* no more filters for this source */ 2100 if (psf_prev) 2101 psf_prev->sf_next = psf->sf_next; 2102 else 2103 pmc->mca_sources = psf->sf_next; 2104 if (psf->sf_oldin && !(pmc->mca_flags & MAF_NOREPORT) && 2105 !mld_in_v1_mode(idev)) { 2106 psf->sf_crcount = idev->mc_qrv; 2107 psf->sf_next = pmc->mca_tomb; 2108 pmc->mca_tomb = psf; 2109 rv = 1; 2110 } else 2111 kfree(psf); 2112 } 2113 return rv; 2114 } 2115 2116 static int ip6_mc_del_src(struct inet6_dev *idev, const struct in6_addr *pmca, 2117 int sfmode, int sfcount, const struct in6_addr *psfsrc, 2118 int delta) 2119 { 2120 struct ifmcaddr6 *pmc; 2121 int changerec = 0; 2122 int i, err; 2123 2124 if (!idev) 2125 return -ENODEV; 2126 read_lock_bh(&idev->lock); 2127 for (pmc = idev->mc_list; pmc; pmc = pmc->next) { 2128 if (ipv6_addr_equal(pmca, &pmc->mca_addr)) 2129 break; 2130 } 2131 if (!pmc) { 2132 /* MCA not found?? bug */ 2133 read_unlock_bh(&idev->lock); 2134 return -ESRCH; 2135 } 2136 spin_lock_bh(&pmc->mca_lock); 2137 sf_markstate(pmc); 2138 if (!delta) { 2139 if (!pmc->mca_sfcount[sfmode]) { 2140 spin_unlock_bh(&pmc->mca_lock); 2141 read_unlock_bh(&idev->lock); 2142 return -EINVAL; 2143 } 2144 pmc->mca_sfcount[sfmode]--; 2145 } 2146 err = 0; 2147 for (i = 0; i < sfcount; i++) { 2148 int rv = ip6_mc_del1_src(pmc, sfmode, &psfsrc[i]); 2149 2150 changerec |= rv > 0; 2151 if (!err && rv < 0) 2152 err = rv; 2153 } 2154 if (pmc->mca_sfmode == MCAST_EXCLUDE && 2155 pmc->mca_sfcount[MCAST_EXCLUDE] == 0 && 2156 pmc->mca_sfcount[MCAST_INCLUDE]) { 2157 struct ip6_sf_list *psf; 2158 2159 /* filter mode change */ 2160 pmc->mca_sfmode = MCAST_INCLUDE; 2161 pmc->mca_crcount = idev->mc_qrv; 2162 idev->mc_ifc_count = pmc->mca_crcount; 2163 for (psf = pmc->mca_sources; psf; psf = psf->sf_next) 2164 psf->sf_crcount = 0; 2165 mld_ifc_event(pmc->idev); 2166 } else if (sf_setstate(pmc) || changerec) 2167 mld_ifc_event(pmc->idev); 2168 spin_unlock_bh(&pmc->mca_lock); 2169 read_unlock_bh(&idev->lock); 2170 return err; 2171 } 2172 2173 /* 2174 * Add multicast single-source filter to the interface list 2175 */ 2176 static int ip6_mc_add1_src(struct ifmcaddr6 *pmc, int sfmode, 2177 const struct in6_addr *psfsrc) 2178 { 2179 struct ip6_sf_list *psf, *psf_prev; 2180 2181 psf_prev = NULL; 2182 for (psf = pmc->mca_sources; psf; psf = psf->sf_next) { 2183 if (ipv6_addr_equal(&psf->sf_addr, psfsrc)) 2184 break; 2185 psf_prev = psf; 2186 } 2187 if (!psf) { 2188 psf = kzalloc(sizeof(*psf), GFP_ATOMIC); 2189 if (!psf) 2190 return -ENOBUFS; 2191 2192 psf->sf_addr = *psfsrc; 2193 if (psf_prev) { 2194 psf_prev->sf_next = psf; 2195 } else 2196 pmc->mca_sources = psf; 2197 } 2198 psf->sf_count[sfmode]++; 2199 return 0; 2200 } 2201 2202 static void sf_markstate(struct ifmcaddr6 *pmc) 2203 { 2204 struct ip6_sf_list *psf; 2205 int mca_xcount = pmc->mca_sfcount[MCAST_EXCLUDE]; 2206 2207 for (psf = pmc->mca_sources; psf; psf = psf->sf_next) 2208 if (pmc->mca_sfcount[MCAST_EXCLUDE]) { 2209 psf->sf_oldin = mca_xcount == 2210 psf->sf_count[MCAST_EXCLUDE] && 2211 !psf->sf_count[MCAST_INCLUDE]; 2212 } else 2213 psf->sf_oldin = psf->sf_count[MCAST_INCLUDE] != 0; 2214 } 2215 2216 static int sf_setstate(struct ifmcaddr6 *pmc) 2217 { 2218 struct ip6_sf_list *psf, *dpsf; 2219 int mca_xcount = pmc->mca_sfcount[MCAST_EXCLUDE]; 2220 int qrv = pmc->idev->mc_qrv; 2221 int new_in, rv; 2222 2223 rv = 0; 2224 for (psf = pmc->mca_sources; psf; psf = psf->sf_next) { 2225 if (pmc->mca_sfcount[MCAST_EXCLUDE]) { 2226 new_in = mca_xcount == psf->sf_count[MCAST_EXCLUDE] && 2227 !psf->sf_count[MCAST_INCLUDE]; 2228 } else 2229 new_in = psf->sf_count[MCAST_INCLUDE] != 0; 2230 if (new_in) { 2231 if (!psf->sf_oldin) { 2232 struct ip6_sf_list *prev = NULL; 2233 2234 for (dpsf = pmc->mca_tomb; dpsf; 2235 dpsf = dpsf->sf_next) { 2236 if (ipv6_addr_equal(&dpsf->sf_addr, 2237 &psf->sf_addr)) 2238 break; 2239 prev = dpsf; 2240 } 2241 if (dpsf) { 2242 if (prev) 2243 prev->sf_next = dpsf->sf_next; 2244 else 2245 pmc->mca_tomb = dpsf->sf_next; 2246 kfree(dpsf); 2247 } 2248 psf->sf_crcount = qrv; 2249 rv++; 2250 } 2251 } else if (psf->sf_oldin) { 2252 psf->sf_crcount = 0; 2253 /* 2254 * add or update "delete" records if an active filter 2255 * is now inactive 2256 */ 2257 for (dpsf = pmc->mca_tomb; dpsf; dpsf = dpsf->sf_next) 2258 if (ipv6_addr_equal(&dpsf->sf_addr, 2259 &psf->sf_addr)) 2260 break; 2261 if (!dpsf) { 2262 dpsf = kmalloc(sizeof(*dpsf), GFP_ATOMIC); 2263 if (!dpsf) 2264 continue; 2265 *dpsf = *psf; 2266 /* pmc->mca_lock held by callers */ 2267 dpsf->sf_next = pmc->mca_tomb; 2268 pmc->mca_tomb = dpsf; 2269 } 2270 dpsf->sf_crcount = qrv; 2271 rv++; 2272 } 2273 } 2274 return rv; 2275 } 2276 2277 /* 2278 * Add multicast source filter list to the interface list 2279 */ 2280 static int ip6_mc_add_src(struct inet6_dev *idev, const struct in6_addr *pmca, 2281 int sfmode, int sfcount, const struct in6_addr *psfsrc, 2282 int delta) 2283 { 2284 struct ifmcaddr6 *pmc; 2285 int isexclude; 2286 int i, err; 2287 2288 if (!idev) 2289 return -ENODEV; 2290 read_lock_bh(&idev->lock); 2291 for (pmc = idev->mc_list; pmc; pmc = pmc->next) { 2292 if (ipv6_addr_equal(pmca, &pmc->mca_addr)) 2293 break; 2294 } 2295 if (!pmc) { 2296 /* MCA not found?? bug */ 2297 read_unlock_bh(&idev->lock); 2298 return -ESRCH; 2299 } 2300 spin_lock_bh(&pmc->mca_lock); 2301 2302 sf_markstate(pmc); 2303 isexclude = pmc->mca_sfmode == MCAST_EXCLUDE; 2304 if (!delta) 2305 pmc->mca_sfcount[sfmode]++; 2306 err = 0; 2307 for (i = 0; i < sfcount; i++) { 2308 err = ip6_mc_add1_src(pmc, sfmode, &psfsrc[i]); 2309 if (err) 2310 break; 2311 } 2312 if (err) { 2313 int j; 2314 2315 if (!delta) 2316 pmc->mca_sfcount[sfmode]--; 2317 for (j = 0; j < i; j++) 2318 ip6_mc_del1_src(pmc, sfmode, &psfsrc[j]); 2319 } else if (isexclude != (pmc->mca_sfcount[MCAST_EXCLUDE] != 0)) { 2320 struct ip6_sf_list *psf; 2321 2322 /* filter mode change */ 2323 if (pmc->mca_sfcount[MCAST_EXCLUDE]) 2324 pmc->mca_sfmode = MCAST_EXCLUDE; 2325 else if (pmc->mca_sfcount[MCAST_INCLUDE]) 2326 pmc->mca_sfmode = MCAST_INCLUDE; 2327 /* else no filters; keep old mode for reports */ 2328 2329 pmc->mca_crcount = idev->mc_qrv; 2330 idev->mc_ifc_count = pmc->mca_crcount; 2331 for (psf = pmc->mca_sources; psf; psf = psf->sf_next) 2332 psf->sf_crcount = 0; 2333 mld_ifc_event(idev); 2334 } else if (sf_setstate(pmc)) 2335 mld_ifc_event(idev); 2336 spin_unlock_bh(&pmc->mca_lock); 2337 read_unlock_bh(&idev->lock); 2338 return err; 2339 } 2340 2341 static void ip6_mc_clear_src(struct ifmcaddr6 *pmc) 2342 { 2343 struct ip6_sf_list *psf, *nextpsf; 2344 2345 for (psf = pmc->mca_tomb; psf; psf = nextpsf) { 2346 nextpsf = psf->sf_next; 2347 kfree(psf); 2348 } 2349 pmc->mca_tomb = NULL; 2350 for (psf = pmc->mca_sources; psf; psf = nextpsf) { 2351 nextpsf = psf->sf_next; 2352 kfree(psf); 2353 } 2354 pmc->mca_sources = NULL; 2355 pmc->mca_sfmode = MCAST_EXCLUDE; 2356 pmc->mca_sfcount[MCAST_INCLUDE] = 0; 2357 pmc->mca_sfcount[MCAST_EXCLUDE] = 1; 2358 } 2359 2360 2361 static void igmp6_join_group(struct ifmcaddr6 *ma) 2362 { 2363 unsigned long delay; 2364 2365 if (ma->mca_flags & MAF_NOREPORT) 2366 return; 2367 2368 igmp6_send(&ma->mca_addr, ma->idev->dev, ICMPV6_MGM_REPORT); 2369 2370 delay = prandom_u32() % unsolicited_report_interval(ma->idev); 2371 2372 spin_lock_bh(&ma->mca_lock); 2373 if (del_timer(&ma->mca_timer)) { 2374 atomic_dec(&ma->mca_refcnt); 2375 delay = ma->mca_timer.expires - jiffies; 2376 } 2377 2378 if (!mod_timer(&ma->mca_timer, jiffies + delay)) 2379 atomic_inc(&ma->mca_refcnt); 2380 ma->mca_flags |= MAF_TIMER_RUNNING | MAF_LAST_REPORTER; 2381 spin_unlock_bh(&ma->mca_lock); 2382 } 2383 2384 static int ip6_mc_leave_src(struct sock *sk, struct ipv6_mc_socklist *iml, 2385 struct inet6_dev *idev) 2386 { 2387 int err; 2388 2389 /* callers have the socket lock and rtnl lock 2390 * so no other readers or writers of iml or its sflist 2391 */ 2392 if (!iml->sflist) { 2393 /* any-source empty exclude case */ 2394 return ip6_mc_del_src(idev, &iml->addr, iml->sfmode, 0, NULL, 0); 2395 } 2396 err = ip6_mc_del_src(idev, &iml->addr, iml->sfmode, 2397 iml->sflist->sl_count, iml->sflist->sl_addr, 0); 2398 sock_kfree_s(sk, iml->sflist, IP6_SFLSIZE(iml->sflist->sl_max)); 2399 iml->sflist = NULL; 2400 return err; 2401 } 2402 2403 static void igmp6_leave_group(struct ifmcaddr6 *ma) 2404 { 2405 if (mld_in_v1_mode(ma->idev)) { 2406 if (ma->mca_flags & MAF_LAST_REPORTER) 2407 igmp6_send(&ma->mca_addr, ma->idev->dev, 2408 ICMPV6_MGM_REDUCTION); 2409 } else { 2410 mld_add_delrec(ma->idev, ma); 2411 mld_ifc_event(ma->idev); 2412 } 2413 } 2414 2415 static void mld_gq_timer_expire(unsigned long data) 2416 { 2417 struct inet6_dev *idev = (struct inet6_dev *)data; 2418 2419 idev->mc_gq_running = 0; 2420 mld_send_report(idev, NULL); 2421 in6_dev_put(idev); 2422 } 2423 2424 static void mld_ifc_timer_expire(unsigned long data) 2425 { 2426 struct inet6_dev *idev = (struct inet6_dev *)data; 2427 2428 mld_send_cr(idev); 2429 if (idev->mc_ifc_count) { 2430 idev->mc_ifc_count--; 2431 if (idev->mc_ifc_count) 2432 mld_ifc_start_timer(idev, idev->mc_maxdelay); 2433 } 2434 in6_dev_put(idev); 2435 } 2436 2437 static void mld_ifc_event(struct inet6_dev *idev) 2438 { 2439 if (mld_in_v1_mode(idev)) 2440 return; 2441 idev->mc_ifc_count = idev->mc_qrv; 2442 mld_ifc_start_timer(idev, 1); 2443 } 2444 2445 2446 static void igmp6_timer_handler(unsigned long data) 2447 { 2448 struct ifmcaddr6 *ma = (struct ifmcaddr6 *) data; 2449 2450 if (mld_in_v1_mode(ma->idev)) 2451 igmp6_send(&ma->mca_addr, ma->idev->dev, ICMPV6_MGM_REPORT); 2452 else 2453 mld_send_report(ma->idev, ma); 2454 2455 spin_lock(&ma->mca_lock); 2456 ma->mca_flags |= MAF_LAST_REPORTER; 2457 ma->mca_flags &= ~MAF_TIMER_RUNNING; 2458 spin_unlock(&ma->mca_lock); 2459 ma_put(ma); 2460 } 2461 2462 /* Device changing type */ 2463 2464 void ipv6_mc_unmap(struct inet6_dev *idev) 2465 { 2466 struct ifmcaddr6 *i; 2467 2468 /* Install multicast list, except for all-nodes (already installed) */ 2469 2470 read_lock_bh(&idev->lock); 2471 for (i = idev->mc_list; i; i = i->next) 2472 igmp6_group_dropped(i); 2473 read_unlock_bh(&idev->lock); 2474 } 2475 2476 void ipv6_mc_remap(struct inet6_dev *idev) 2477 { 2478 ipv6_mc_up(idev); 2479 } 2480 2481 /* Device going down */ 2482 2483 void ipv6_mc_down(struct inet6_dev *idev) 2484 { 2485 struct ifmcaddr6 *i; 2486 2487 /* Withdraw multicast list */ 2488 2489 read_lock_bh(&idev->lock); 2490 mld_ifc_stop_timer(idev); 2491 mld_gq_stop_timer(idev); 2492 mld_dad_stop_timer(idev); 2493 2494 for (i = idev->mc_list; i; i = i->next) 2495 igmp6_group_dropped(i); 2496 read_unlock_bh(&idev->lock); 2497 2498 mld_clear_delrec(idev); 2499 } 2500 2501 static void ipv6_mc_reset(struct inet6_dev *idev) 2502 { 2503 idev->mc_qrv = sysctl_mld_qrv; 2504 idev->mc_qi = MLD_QI_DEFAULT; 2505 idev->mc_qri = MLD_QRI_DEFAULT; 2506 idev->mc_v1_seen = 0; 2507 idev->mc_maxdelay = unsolicited_report_interval(idev); 2508 } 2509 2510 /* Device going up */ 2511 2512 void ipv6_mc_up(struct inet6_dev *idev) 2513 { 2514 struct ifmcaddr6 *i; 2515 2516 /* Install multicast list, except for all-nodes (already installed) */ 2517 2518 read_lock_bh(&idev->lock); 2519 ipv6_mc_reset(idev); 2520 for (i = idev->mc_list; i; i = i->next) 2521 igmp6_group_added(i); 2522 read_unlock_bh(&idev->lock); 2523 } 2524 2525 /* IPv6 device initialization. */ 2526 2527 void ipv6_mc_init_dev(struct inet6_dev *idev) 2528 { 2529 write_lock_bh(&idev->lock); 2530 spin_lock_init(&idev->mc_lock); 2531 idev->mc_gq_running = 0; 2532 setup_timer(&idev->mc_gq_timer, mld_gq_timer_expire, 2533 (unsigned long)idev); 2534 idev->mc_tomb = NULL; 2535 idev->mc_ifc_count = 0; 2536 setup_timer(&idev->mc_ifc_timer, mld_ifc_timer_expire, 2537 (unsigned long)idev); 2538 setup_timer(&idev->mc_dad_timer, mld_dad_timer_expire, 2539 (unsigned long)idev); 2540 ipv6_mc_reset(idev); 2541 write_unlock_bh(&idev->lock); 2542 } 2543 2544 /* 2545 * Device is about to be destroyed: clean up. 2546 */ 2547 2548 void ipv6_mc_destroy_dev(struct inet6_dev *idev) 2549 { 2550 struct ifmcaddr6 *i; 2551 2552 /* Deactivate timers */ 2553 ipv6_mc_down(idev); 2554 2555 /* Delete all-nodes address. */ 2556 /* We cannot call ipv6_dev_mc_dec() directly, our caller in 2557 * addrconf.c has NULL'd out dev->ip6_ptr so in6_dev_get() will 2558 * fail. 2559 */ 2560 __ipv6_dev_mc_dec(idev, &in6addr_linklocal_allnodes); 2561 2562 if (idev->cnf.forwarding) 2563 __ipv6_dev_mc_dec(idev, &in6addr_linklocal_allrouters); 2564 2565 write_lock_bh(&idev->lock); 2566 while ((i = idev->mc_list) != NULL) { 2567 idev->mc_list = i->next; 2568 write_unlock_bh(&idev->lock); 2569 2570 igmp6_group_dropped(i); 2571 ma_put(i); 2572 2573 write_lock_bh(&idev->lock); 2574 } 2575 write_unlock_bh(&idev->lock); 2576 } 2577 2578 #ifdef CONFIG_PROC_FS 2579 struct igmp6_mc_iter_state { 2580 struct seq_net_private p; 2581 struct net_device *dev; 2582 struct inet6_dev *idev; 2583 }; 2584 2585 #define igmp6_mc_seq_private(seq) ((struct igmp6_mc_iter_state *)(seq)->private) 2586 2587 static inline struct ifmcaddr6 *igmp6_mc_get_first(struct seq_file *seq) 2588 { 2589 struct ifmcaddr6 *im = NULL; 2590 struct igmp6_mc_iter_state *state = igmp6_mc_seq_private(seq); 2591 struct net *net = seq_file_net(seq); 2592 2593 state->idev = NULL; 2594 for_each_netdev_rcu(net, state->dev) { 2595 struct inet6_dev *idev; 2596 idev = __in6_dev_get(state->dev); 2597 if (!idev) 2598 continue; 2599 read_lock_bh(&idev->lock); 2600 im = idev->mc_list; 2601 if (im) { 2602 state->idev = idev; 2603 break; 2604 } 2605 read_unlock_bh(&idev->lock); 2606 } 2607 return im; 2608 } 2609 2610 static struct ifmcaddr6 *igmp6_mc_get_next(struct seq_file *seq, struct ifmcaddr6 *im) 2611 { 2612 struct igmp6_mc_iter_state *state = igmp6_mc_seq_private(seq); 2613 2614 im = im->next; 2615 while (!im) { 2616 if (likely(state->idev != NULL)) 2617 read_unlock_bh(&state->idev->lock); 2618 2619 state->dev = next_net_device_rcu(state->dev); 2620 if (!state->dev) { 2621 state->idev = NULL; 2622 break; 2623 } 2624 state->idev = __in6_dev_get(state->dev); 2625 if (!state->idev) 2626 continue; 2627 read_lock_bh(&state->idev->lock); 2628 im = state->idev->mc_list; 2629 } 2630 return im; 2631 } 2632 2633 static struct ifmcaddr6 *igmp6_mc_get_idx(struct seq_file *seq, loff_t pos) 2634 { 2635 struct ifmcaddr6 *im = igmp6_mc_get_first(seq); 2636 if (im) 2637 while (pos && (im = igmp6_mc_get_next(seq, im)) != NULL) 2638 --pos; 2639 return pos ? NULL : im; 2640 } 2641 2642 static void *igmp6_mc_seq_start(struct seq_file *seq, loff_t *pos) 2643 __acquires(RCU) 2644 { 2645 rcu_read_lock(); 2646 return igmp6_mc_get_idx(seq, *pos); 2647 } 2648 2649 static void *igmp6_mc_seq_next(struct seq_file *seq, void *v, loff_t *pos) 2650 { 2651 struct ifmcaddr6 *im = igmp6_mc_get_next(seq, v); 2652 2653 ++*pos; 2654 return im; 2655 } 2656 2657 static void igmp6_mc_seq_stop(struct seq_file *seq, void *v) 2658 __releases(RCU) 2659 { 2660 struct igmp6_mc_iter_state *state = igmp6_mc_seq_private(seq); 2661 2662 if (likely(state->idev != NULL)) { 2663 read_unlock_bh(&state->idev->lock); 2664 state->idev = NULL; 2665 } 2666 state->dev = NULL; 2667 rcu_read_unlock(); 2668 } 2669 2670 static int igmp6_mc_seq_show(struct seq_file *seq, void *v) 2671 { 2672 struct ifmcaddr6 *im = (struct ifmcaddr6 *)v; 2673 struct igmp6_mc_iter_state *state = igmp6_mc_seq_private(seq); 2674 2675 seq_printf(seq, 2676 "%-4d %-15s %pi6 %5d %08X %ld\n", 2677 state->dev->ifindex, state->dev->name, 2678 &im->mca_addr, 2679 im->mca_users, im->mca_flags, 2680 (im->mca_flags&MAF_TIMER_RUNNING) ? 2681 jiffies_to_clock_t(im->mca_timer.expires-jiffies) : 0); 2682 return 0; 2683 } 2684 2685 static const struct seq_operations igmp6_mc_seq_ops = { 2686 .start = igmp6_mc_seq_start, 2687 .next = igmp6_mc_seq_next, 2688 .stop = igmp6_mc_seq_stop, 2689 .show = igmp6_mc_seq_show, 2690 }; 2691 2692 static int igmp6_mc_seq_open(struct inode *inode, struct file *file) 2693 { 2694 return seq_open_net(inode, file, &igmp6_mc_seq_ops, 2695 sizeof(struct igmp6_mc_iter_state)); 2696 } 2697 2698 static const struct file_operations igmp6_mc_seq_fops = { 2699 .owner = THIS_MODULE, 2700 .open = igmp6_mc_seq_open, 2701 .read = seq_read, 2702 .llseek = seq_lseek, 2703 .release = seq_release_net, 2704 }; 2705 2706 struct igmp6_mcf_iter_state { 2707 struct seq_net_private p; 2708 struct net_device *dev; 2709 struct inet6_dev *idev; 2710 struct ifmcaddr6 *im; 2711 }; 2712 2713 #define igmp6_mcf_seq_private(seq) ((struct igmp6_mcf_iter_state *)(seq)->private) 2714 2715 static inline struct ip6_sf_list *igmp6_mcf_get_first(struct seq_file *seq) 2716 { 2717 struct ip6_sf_list *psf = NULL; 2718 struct ifmcaddr6 *im = NULL; 2719 struct igmp6_mcf_iter_state *state = igmp6_mcf_seq_private(seq); 2720 struct net *net = seq_file_net(seq); 2721 2722 state->idev = NULL; 2723 state->im = NULL; 2724 for_each_netdev_rcu(net, state->dev) { 2725 struct inet6_dev *idev; 2726 idev = __in6_dev_get(state->dev); 2727 if (unlikely(idev == NULL)) 2728 continue; 2729 read_lock_bh(&idev->lock); 2730 im = idev->mc_list; 2731 if (likely(im != NULL)) { 2732 spin_lock_bh(&im->mca_lock); 2733 psf = im->mca_sources; 2734 if (likely(psf != NULL)) { 2735 state->im = im; 2736 state->idev = idev; 2737 break; 2738 } 2739 spin_unlock_bh(&im->mca_lock); 2740 } 2741 read_unlock_bh(&idev->lock); 2742 } 2743 return psf; 2744 } 2745 2746 static struct ip6_sf_list *igmp6_mcf_get_next(struct seq_file *seq, struct ip6_sf_list *psf) 2747 { 2748 struct igmp6_mcf_iter_state *state = igmp6_mcf_seq_private(seq); 2749 2750 psf = psf->sf_next; 2751 while (!psf) { 2752 spin_unlock_bh(&state->im->mca_lock); 2753 state->im = state->im->next; 2754 while (!state->im) { 2755 if (likely(state->idev != NULL)) 2756 read_unlock_bh(&state->idev->lock); 2757 2758 state->dev = next_net_device_rcu(state->dev); 2759 if (!state->dev) { 2760 state->idev = NULL; 2761 goto out; 2762 } 2763 state->idev = __in6_dev_get(state->dev); 2764 if (!state->idev) 2765 continue; 2766 read_lock_bh(&state->idev->lock); 2767 state->im = state->idev->mc_list; 2768 } 2769 if (!state->im) 2770 break; 2771 spin_lock_bh(&state->im->mca_lock); 2772 psf = state->im->mca_sources; 2773 } 2774 out: 2775 return psf; 2776 } 2777 2778 static struct ip6_sf_list *igmp6_mcf_get_idx(struct seq_file *seq, loff_t pos) 2779 { 2780 struct ip6_sf_list *psf = igmp6_mcf_get_first(seq); 2781 if (psf) 2782 while (pos && (psf = igmp6_mcf_get_next(seq, psf)) != NULL) 2783 --pos; 2784 return pos ? NULL : psf; 2785 } 2786 2787 static void *igmp6_mcf_seq_start(struct seq_file *seq, loff_t *pos) 2788 __acquires(RCU) 2789 { 2790 rcu_read_lock(); 2791 return *pos ? igmp6_mcf_get_idx(seq, *pos - 1) : SEQ_START_TOKEN; 2792 } 2793 2794 static void *igmp6_mcf_seq_next(struct seq_file *seq, void *v, loff_t *pos) 2795 { 2796 struct ip6_sf_list *psf; 2797 if (v == SEQ_START_TOKEN) 2798 psf = igmp6_mcf_get_first(seq); 2799 else 2800 psf = igmp6_mcf_get_next(seq, v); 2801 ++*pos; 2802 return psf; 2803 } 2804 2805 static void igmp6_mcf_seq_stop(struct seq_file *seq, void *v) 2806 __releases(RCU) 2807 { 2808 struct igmp6_mcf_iter_state *state = igmp6_mcf_seq_private(seq); 2809 if (likely(state->im != NULL)) { 2810 spin_unlock_bh(&state->im->mca_lock); 2811 state->im = NULL; 2812 } 2813 if (likely(state->idev != NULL)) { 2814 read_unlock_bh(&state->idev->lock); 2815 state->idev = NULL; 2816 } 2817 state->dev = NULL; 2818 rcu_read_unlock(); 2819 } 2820 2821 static int igmp6_mcf_seq_show(struct seq_file *seq, void *v) 2822 { 2823 struct ip6_sf_list *psf = (struct ip6_sf_list *)v; 2824 struct igmp6_mcf_iter_state *state = igmp6_mcf_seq_private(seq); 2825 2826 if (v == SEQ_START_TOKEN) { 2827 seq_puts(seq, "Idx Device Multicast Address Source Address INC EXC\n"); 2828 } else { 2829 seq_printf(seq, 2830 "%3d %6.6s %pi6 %pi6 %6lu %6lu\n", 2831 state->dev->ifindex, state->dev->name, 2832 &state->im->mca_addr, 2833 &psf->sf_addr, 2834 psf->sf_count[MCAST_INCLUDE], 2835 psf->sf_count[MCAST_EXCLUDE]); 2836 } 2837 return 0; 2838 } 2839 2840 static const struct seq_operations igmp6_mcf_seq_ops = { 2841 .start = igmp6_mcf_seq_start, 2842 .next = igmp6_mcf_seq_next, 2843 .stop = igmp6_mcf_seq_stop, 2844 .show = igmp6_mcf_seq_show, 2845 }; 2846 2847 static int igmp6_mcf_seq_open(struct inode *inode, struct file *file) 2848 { 2849 return seq_open_net(inode, file, &igmp6_mcf_seq_ops, 2850 sizeof(struct igmp6_mcf_iter_state)); 2851 } 2852 2853 static const struct file_operations igmp6_mcf_seq_fops = { 2854 .owner = THIS_MODULE, 2855 .open = igmp6_mcf_seq_open, 2856 .read = seq_read, 2857 .llseek = seq_lseek, 2858 .release = seq_release_net, 2859 }; 2860 2861 static int __net_init igmp6_proc_init(struct net *net) 2862 { 2863 int err; 2864 2865 err = -ENOMEM; 2866 if (!proc_create("igmp6", S_IRUGO, net->proc_net, &igmp6_mc_seq_fops)) 2867 goto out; 2868 if (!proc_create("mcfilter6", S_IRUGO, net->proc_net, 2869 &igmp6_mcf_seq_fops)) 2870 goto out_proc_net_igmp6; 2871 2872 err = 0; 2873 out: 2874 return err; 2875 2876 out_proc_net_igmp6: 2877 remove_proc_entry("igmp6", net->proc_net); 2878 goto out; 2879 } 2880 2881 static void __net_exit igmp6_proc_exit(struct net *net) 2882 { 2883 remove_proc_entry("mcfilter6", net->proc_net); 2884 remove_proc_entry("igmp6", net->proc_net); 2885 } 2886 #else 2887 static inline int igmp6_proc_init(struct net *net) 2888 { 2889 return 0; 2890 } 2891 static inline void igmp6_proc_exit(struct net *net) 2892 { 2893 } 2894 #endif 2895 2896 static int __net_init igmp6_net_init(struct net *net) 2897 { 2898 int err; 2899 2900 err = inet_ctl_sock_create(&net->ipv6.igmp_sk, PF_INET6, 2901 SOCK_RAW, IPPROTO_ICMPV6, net); 2902 if (err < 0) { 2903 pr_err("Failed to initialize the IGMP6 control socket (err %d)\n", 2904 err); 2905 goto out; 2906 } 2907 2908 inet6_sk(net->ipv6.igmp_sk)->hop_limit = 1; 2909 2910 err = igmp6_proc_init(net); 2911 if (err) 2912 goto out_sock_create; 2913 out: 2914 return err; 2915 2916 out_sock_create: 2917 inet_ctl_sock_destroy(net->ipv6.igmp_sk); 2918 goto out; 2919 } 2920 2921 static void __net_exit igmp6_net_exit(struct net *net) 2922 { 2923 inet_ctl_sock_destroy(net->ipv6.igmp_sk); 2924 igmp6_proc_exit(net); 2925 } 2926 2927 static struct pernet_operations igmp6_net_ops = { 2928 .init = igmp6_net_init, 2929 .exit = igmp6_net_exit, 2930 }; 2931 2932 int __init igmp6_init(void) 2933 { 2934 return register_pernet_subsys(&igmp6_net_ops); 2935 } 2936 2937 void igmp6_cleanup(void) 2938 { 2939 unregister_pernet_subsys(&igmp6_net_ops); 2940 } 2941