1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * NET3 IP device support routines.
4 *
5 * Derived from the IP parts of dev.c 1.0.19
6 * Authors: Ross Biro
7 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
8 * Mark Evans, <evansmp@uhura.aston.ac.uk>
9 *
10 * Additional Authors:
11 * Alan Cox, <gw4pts@gw4pts.ampr.org>
12 * Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>
13 *
14 * Changes:
15 * Alexey Kuznetsov: pa_* fields are replaced with ifaddr
16 * lists.
17 * Cyrus Durgin: updated for kmod
18 * Matthias Andree: in devinet_ioctl, compare label and
19 * address (4.4BSD alias style support),
20 * fall back to comparing just the label
21 * if no match found.
22 */
23
24
25 #include <linux/uaccess.h>
26 #include <linux/bitops.h>
27 #include <linux/capability.h>
28 #include <linux/module.h>
29 #include <linux/types.h>
30 #include <linux/kernel.h>
31 #include <linux/sched/signal.h>
32 #include <linux/string.h>
33 #include <linux/mm.h>
34 #include <linux/socket.h>
35 #include <linux/sockios.h>
36 #include <linux/in.h>
37 #include <linux/errno.h>
38 #include <linux/interrupt.h>
39 #include <linux/if_addr.h>
40 #include <linux/if_ether.h>
41 #include <linux/inet.h>
42 #include <linux/netdevice.h>
43 #include <linux/etherdevice.h>
44 #include <linux/skbuff.h>
45 #include <linux/init.h>
46 #include <linux/notifier.h>
47 #include <linux/inetdevice.h>
48 #include <linux/igmp.h>
49 #include <linux/slab.h>
50 #include <linux/hash.h>
51 #ifdef CONFIG_SYSCTL
52 #include <linux/sysctl.h>
53 #endif
54 #include <linux/kmod.h>
55 #include <linux/netconf.h>
56
57 #include <net/arp.h>
58 #include <net/ip.h>
59 #include <net/route.h>
60 #include <net/ip_fib.h>
61 #include <net/rtnetlink.h>
62 #include <net/net_namespace.h>
63 #include <net/addrconf.h>
64
65 #define IPV6ONLY_FLAGS \
66 (IFA_F_NODAD | IFA_F_OPTIMISTIC | IFA_F_DADFAILED | \
67 IFA_F_HOMEADDRESS | IFA_F_TENTATIVE | \
68 IFA_F_MANAGETEMPADDR | IFA_F_STABLE_PRIVACY)
69
70 static struct ipv4_devconf ipv4_devconf = {
71 .data = {
72 [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 1,
73 [IPV4_DEVCONF_SEND_REDIRECTS - 1] = 1,
74 [IPV4_DEVCONF_SECURE_REDIRECTS - 1] = 1,
75 [IPV4_DEVCONF_SHARED_MEDIA - 1] = 1,
76 [IPV4_DEVCONF_IGMPV2_UNSOLICITED_REPORT_INTERVAL - 1] = 10000 /*ms*/,
77 [IPV4_DEVCONF_IGMPV3_UNSOLICITED_REPORT_INTERVAL - 1] = 1000 /*ms*/,
78 },
79 };
80
81 static struct ipv4_devconf ipv4_devconf_dflt = {
82 .data = {
83 [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 1,
84 [IPV4_DEVCONF_SEND_REDIRECTS - 1] = 1,
85 [IPV4_DEVCONF_SECURE_REDIRECTS - 1] = 1,
86 [IPV4_DEVCONF_SHARED_MEDIA - 1] = 1,
87 [IPV4_DEVCONF_ACCEPT_SOURCE_ROUTE - 1] = 1,
88 [IPV4_DEVCONF_IGMPV2_UNSOLICITED_REPORT_INTERVAL - 1] = 10000 /*ms*/,
89 [IPV4_DEVCONF_IGMPV3_UNSOLICITED_REPORT_INTERVAL - 1] = 1000 /*ms*/,
90 },
91 };
92
93 #define IPV4_DEVCONF_DFLT(net, attr) \
94 IPV4_DEVCONF((*net->ipv4.devconf_dflt), attr)
95
96 static const struct nla_policy ifa_ipv4_policy[IFA_MAX+1] = {
97 [IFA_LOCAL] = { .type = NLA_U32 },
98 [IFA_ADDRESS] = { .type = NLA_U32 },
99 [IFA_BROADCAST] = { .type = NLA_U32 },
100 [IFA_LABEL] = { .type = NLA_STRING, .len = IFNAMSIZ - 1 },
101 [IFA_CACHEINFO] = { .len = sizeof(struct ifa_cacheinfo) },
102 [IFA_FLAGS] = { .type = NLA_U32 },
103 [IFA_RT_PRIORITY] = { .type = NLA_U32 },
104 [IFA_TARGET_NETNSID] = { .type = NLA_S32 },
105 };
106
107 struct inet_fill_args {
108 u32 portid;
109 u32 seq;
110 int event;
111 unsigned int flags;
112 int netnsid;
113 int ifindex;
114 };
115
116 #define IN4_ADDR_HSIZE_SHIFT 8
117 #define IN4_ADDR_HSIZE (1U << IN4_ADDR_HSIZE_SHIFT)
118
119 static struct hlist_head inet_addr_lst[IN4_ADDR_HSIZE];
120
inet_addr_hash(const struct net * net,__be32 addr)121 static u32 inet_addr_hash(const struct net *net, __be32 addr)
122 {
123 u32 val = (__force u32) addr ^ net_hash_mix(net);
124
125 return hash_32(val, IN4_ADDR_HSIZE_SHIFT);
126 }
127
inet_hash_insert(struct net * net,struct in_ifaddr * ifa)128 static void inet_hash_insert(struct net *net, struct in_ifaddr *ifa)
129 {
130 u32 hash = inet_addr_hash(net, ifa->ifa_local);
131
132 ASSERT_RTNL();
133 hlist_add_head_rcu(&ifa->hash, &inet_addr_lst[hash]);
134 }
135
inet_hash_remove(struct in_ifaddr * ifa)136 static void inet_hash_remove(struct in_ifaddr *ifa)
137 {
138 ASSERT_RTNL();
139 hlist_del_init_rcu(&ifa->hash);
140 }
141
142 /**
143 * __ip_dev_find - find the first device with a given source address.
144 * @net: the net namespace
145 * @addr: the source address
146 * @devref: if true, take a reference on the found device
147 *
148 * If a caller uses devref=false, it should be protected by RCU, or RTNL
149 */
__ip_dev_find(struct net * net,__be32 addr,bool devref)150 struct net_device *__ip_dev_find(struct net *net, __be32 addr, bool devref)
151 {
152 struct net_device *result = NULL;
153 struct in_ifaddr *ifa;
154
155 rcu_read_lock();
156 ifa = inet_lookup_ifaddr_rcu(net, addr);
157 if (!ifa) {
158 struct flowi4 fl4 = { .daddr = addr };
159 struct fib_result res = { 0 };
160 struct fib_table *local;
161
162 /* Fallback to FIB local table so that communication
163 * over loopback subnets work.
164 */
165 local = fib_get_table(net, RT_TABLE_LOCAL);
166 if (local &&
167 !fib_table_lookup(local, &fl4, &res, FIB_LOOKUP_NOREF) &&
168 res.type == RTN_LOCAL)
169 result = FIB_RES_DEV(res);
170 } else {
171 result = ifa->ifa_dev->dev;
172 }
173 if (result && devref)
174 dev_hold(result);
175 rcu_read_unlock();
176 return result;
177 }
178 EXPORT_SYMBOL(__ip_dev_find);
179
180 /* called under RCU lock */
inet_lookup_ifaddr_rcu(struct net * net,__be32 addr)181 struct in_ifaddr *inet_lookup_ifaddr_rcu(struct net *net, __be32 addr)
182 {
183 u32 hash = inet_addr_hash(net, addr);
184 struct in_ifaddr *ifa;
185
186 hlist_for_each_entry_rcu(ifa, &inet_addr_lst[hash], hash)
187 if (ifa->ifa_local == addr &&
188 net_eq(dev_net(ifa->ifa_dev->dev), net))
189 return ifa;
190
191 return NULL;
192 }
193
194 static void rtmsg_ifa(int event, struct in_ifaddr *, struct nlmsghdr *, u32);
195
196 static BLOCKING_NOTIFIER_HEAD(inetaddr_chain);
197 static BLOCKING_NOTIFIER_HEAD(inetaddr_validator_chain);
198 static void inet_del_ifa(struct in_device *in_dev,
199 struct in_ifaddr __rcu **ifap,
200 int destroy);
201 #ifdef CONFIG_SYSCTL
202 static int devinet_sysctl_register(struct in_device *idev);
203 static void devinet_sysctl_unregister(struct in_device *idev);
204 #else
devinet_sysctl_register(struct in_device * idev)205 static int devinet_sysctl_register(struct in_device *idev)
206 {
207 return 0;
208 }
devinet_sysctl_unregister(struct in_device * idev)209 static void devinet_sysctl_unregister(struct in_device *idev)
210 {
211 }
212 #endif
213
214 /* Locks all the inet devices. */
215
inet_alloc_ifa(void)216 static struct in_ifaddr *inet_alloc_ifa(void)
217 {
218 return kzalloc(sizeof(struct in_ifaddr), GFP_KERNEL_ACCOUNT);
219 }
220
inet_rcu_free_ifa(struct rcu_head * head)221 static void inet_rcu_free_ifa(struct rcu_head *head)
222 {
223 struct in_ifaddr *ifa = container_of(head, struct in_ifaddr, rcu_head);
224 if (ifa->ifa_dev)
225 in_dev_put(ifa->ifa_dev);
226 kfree(ifa);
227 }
228
inet_free_ifa(struct in_ifaddr * ifa)229 static void inet_free_ifa(struct in_ifaddr *ifa)
230 {
231 call_rcu(&ifa->rcu_head, inet_rcu_free_ifa);
232 }
233
in_dev_free_rcu(struct rcu_head * head)234 static void in_dev_free_rcu(struct rcu_head *head)
235 {
236 struct in_device *idev = container_of(head, struct in_device, rcu_head);
237
238 kfree(rcu_dereference_protected(idev->mc_hash, 1));
239 kfree(idev);
240 }
241
in_dev_finish_destroy(struct in_device * idev)242 void in_dev_finish_destroy(struct in_device *idev)
243 {
244 struct net_device *dev = idev->dev;
245
246 WARN_ON(idev->ifa_list);
247 WARN_ON(idev->mc_list);
248 #ifdef NET_REFCNT_DEBUG
249 pr_debug("%s: %p=%s\n", __func__, idev, dev ? dev->name : "NIL");
250 #endif
251 dev_put(dev);
252 if (!idev->dead)
253 pr_err("Freeing alive in_device %p\n", idev);
254 else
255 call_rcu(&idev->rcu_head, in_dev_free_rcu);
256 }
257 EXPORT_SYMBOL(in_dev_finish_destroy);
258
inetdev_init(struct net_device * dev)259 static struct in_device *inetdev_init(struct net_device *dev)
260 {
261 struct in_device *in_dev;
262 int err = -ENOMEM;
263
264 ASSERT_RTNL();
265
266 in_dev = kzalloc(sizeof(*in_dev), GFP_KERNEL);
267 if (!in_dev)
268 goto out;
269 memcpy(&in_dev->cnf, dev_net(dev)->ipv4.devconf_dflt,
270 sizeof(in_dev->cnf));
271 in_dev->cnf.sysctl = NULL;
272 in_dev->dev = dev;
273 in_dev->arp_parms = neigh_parms_alloc(dev, &arp_tbl);
274 if (!in_dev->arp_parms)
275 goto out_kfree;
276 if (IPV4_DEVCONF(in_dev->cnf, FORWARDING))
277 dev_disable_lro(dev);
278 /* Reference in_dev->dev */
279 dev_hold(dev);
280 /* Account for reference dev->ip_ptr (below) */
281 refcount_set(&in_dev->refcnt, 1);
282
283 err = devinet_sysctl_register(in_dev);
284 if (err) {
285 in_dev->dead = 1;
286 neigh_parms_release(&arp_tbl, in_dev->arp_parms);
287 in_dev_put(in_dev);
288 in_dev = NULL;
289 goto out;
290 }
291 ip_mc_init_dev(in_dev);
292 if (dev->flags & IFF_UP)
293 ip_mc_up(in_dev);
294
295 /* we can receive as soon as ip_ptr is set -- do this last */
296 rcu_assign_pointer(dev->ip_ptr, in_dev);
297 out:
298 return in_dev ?: ERR_PTR(err);
299 out_kfree:
300 kfree(in_dev);
301 in_dev = NULL;
302 goto out;
303 }
304
inetdev_destroy(struct in_device * in_dev)305 static void inetdev_destroy(struct in_device *in_dev)
306 {
307 struct net_device *dev;
308 struct in_ifaddr *ifa;
309
310 ASSERT_RTNL();
311
312 dev = in_dev->dev;
313
314 in_dev->dead = 1;
315
316 ip_mc_destroy_dev(in_dev);
317
318 while ((ifa = rtnl_dereference(in_dev->ifa_list)) != NULL) {
319 inet_del_ifa(in_dev, &in_dev->ifa_list, 0);
320 inet_free_ifa(ifa);
321 }
322
323 RCU_INIT_POINTER(dev->ip_ptr, NULL);
324
325 devinet_sysctl_unregister(in_dev);
326 neigh_parms_release(&arp_tbl, in_dev->arp_parms);
327 arp_ifdown(dev);
328
329 in_dev_put(in_dev);
330 }
331
inet_addr_onlink(struct in_device * in_dev,__be32 a,__be32 b)332 int inet_addr_onlink(struct in_device *in_dev, __be32 a, __be32 b)
333 {
334 const struct in_ifaddr *ifa;
335
336 rcu_read_lock();
337 in_dev_for_each_ifa_rcu(ifa, in_dev) {
338 if (inet_ifa_match(a, ifa)) {
339 if (!b || inet_ifa_match(b, ifa)) {
340 rcu_read_unlock();
341 return 1;
342 }
343 }
344 }
345 rcu_read_unlock();
346 return 0;
347 }
348
__inet_del_ifa(struct in_device * in_dev,struct in_ifaddr __rcu ** ifap,int destroy,struct nlmsghdr * nlh,u32 portid)349 static void __inet_del_ifa(struct in_device *in_dev,
350 struct in_ifaddr __rcu **ifap,
351 int destroy, struct nlmsghdr *nlh, u32 portid)
352 {
353 struct in_ifaddr *promote = NULL;
354 struct in_ifaddr *ifa, *ifa1;
355 struct in_ifaddr __rcu **last_prim;
356 struct in_ifaddr *prev_prom = NULL;
357 int do_promote = IN_DEV_PROMOTE_SECONDARIES(in_dev);
358
359 ASSERT_RTNL();
360
361 ifa1 = rtnl_dereference(*ifap);
362 last_prim = ifap;
363 if (in_dev->dead)
364 goto no_promotions;
365
366 /* 1. Deleting primary ifaddr forces deletion all secondaries
367 * unless alias promotion is set
368 **/
369
370 if (!(ifa1->ifa_flags & IFA_F_SECONDARY)) {
371 struct in_ifaddr __rcu **ifap1 = &ifa1->ifa_next;
372
373 while ((ifa = rtnl_dereference(*ifap1)) != NULL) {
374 if (!(ifa->ifa_flags & IFA_F_SECONDARY) &&
375 ifa1->ifa_scope <= ifa->ifa_scope)
376 last_prim = &ifa->ifa_next;
377
378 if (!(ifa->ifa_flags & IFA_F_SECONDARY) ||
379 ifa1->ifa_mask != ifa->ifa_mask ||
380 !inet_ifa_match(ifa1->ifa_address, ifa)) {
381 ifap1 = &ifa->ifa_next;
382 prev_prom = ifa;
383 continue;
384 }
385
386 if (!do_promote) {
387 inet_hash_remove(ifa);
388 *ifap1 = ifa->ifa_next;
389
390 rtmsg_ifa(RTM_DELADDR, ifa, nlh, portid);
391 blocking_notifier_call_chain(&inetaddr_chain,
392 NETDEV_DOWN, ifa);
393 inet_free_ifa(ifa);
394 } else {
395 promote = ifa;
396 break;
397 }
398 }
399 }
400
401 /* On promotion all secondaries from subnet are changing
402 * the primary IP, we must remove all their routes silently
403 * and later to add them back with new prefsrc. Do this
404 * while all addresses are on the device list.
405 */
406 for (ifa = promote; ifa; ifa = rtnl_dereference(ifa->ifa_next)) {
407 if (ifa1->ifa_mask == ifa->ifa_mask &&
408 inet_ifa_match(ifa1->ifa_address, ifa))
409 fib_del_ifaddr(ifa, ifa1);
410 }
411
412 no_promotions:
413 /* 2. Unlink it */
414
415 *ifap = ifa1->ifa_next;
416 inet_hash_remove(ifa1);
417
418 /* 3. Announce address deletion */
419
420 /* Send message first, then call notifier.
421 At first sight, FIB update triggered by notifier
422 will refer to already deleted ifaddr, that could confuse
423 netlink listeners. It is not true: look, gated sees
424 that route deleted and if it still thinks that ifaddr
425 is valid, it will try to restore deleted routes... Grr.
426 So that, this order is correct.
427 */
428 rtmsg_ifa(RTM_DELADDR, ifa1, nlh, portid);
429 blocking_notifier_call_chain(&inetaddr_chain, NETDEV_DOWN, ifa1);
430
431 if (promote) {
432 struct in_ifaddr *next_sec;
433
434 next_sec = rtnl_dereference(promote->ifa_next);
435 if (prev_prom) {
436 struct in_ifaddr *last_sec;
437
438 rcu_assign_pointer(prev_prom->ifa_next, next_sec);
439
440 last_sec = rtnl_dereference(*last_prim);
441 rcu_assign_pointer(promote->ifa_next, last_sec);
442 rcu_assign_pointer(*last_prim, promote);
443 }
444
445 promote->ifa_flags &= ~IFA_F_SECONDARY;
446 rtmsg_ifa(RTM_NEWADDR, promote, nlh, portid);
447 blocking_notifier_call_chain(&inetaddr_chain,
448 NETDEV_UP, promote);
449 for (ifa = next_sec; ifa;
450 ifa = rtnl_dereference(ifa->ifa_next)) {
451 if (ifa1->ifa_mask != ifa->ifa_mask ||
452 !inet_ifa_match(ifa1->ifa_address, ifa))
453 continue;
454 fib_add_ifaddr(ifa);
455 }
456
457 }
458 if (destroy)
459 inet_free_ifa(ifa1);
460 }
461
inet_del_ifa(struct in_device * in_dev,struct in_ifaddr __rcu ** ifap,int destroy)462 static void inet_del_ifa(struct in_device *in_dev,
463 struct in_ifaddr __rcu **ifap,
464 int destroy)
465 {
466 __inet_del_ifa(in_dev, ifap, destroy, NULL, 0);
467 }
468
469 static void check_lifetime(struct work_struct *work);
470
471 static DECLARE_DELAYED_WORK(check_lifetime_work, check_lifetime);
472
__inet_insert_ifa(struct in_ifaddr * ifa,struct nlmsghdr * nlh,u32 portid,struct netlink_ext_ack * extack)473 static int __inet_insert_ifa(struct in_ifaddr *ifa, struct nlmsghdr *nlh,
474 u32 portid, struct netlink_ext_ack *extack)
475 {
476 struct in_ifaddr __rcu **last_primary, **ifap;
477 struct in_device *in_dev = ifa->ifa_dev;
478 struct in_validator_info ivi;
479 struct in_ifaddr *ifa1;
480 int ret;
481
482 ASSERT_RTNL();
483
484 if (!ifa->ifa_local) {
485 inet_free_ifa(ifa);
486 return 0;
487 }
488
489 ifa->ifa_flags &= ~IFA_F_SECONDARY;
490 last_primary = &in_dev->ifa_list;
491
492 /* Don't set IPv6 only flags to IPv4 addresses */
493 ifa->ifa_flags &= ~IPV6ONLY_FLAGS;
494
495 ifap = &in_dev->ifa_list;
496 ifa1 = rtnl_dereference(*ifap);
497
498 while (ifa1) {
499 if (!(ifa1->ifa_flags & IFA_F_SECONDARY) &&
500 ifa->ifa_scope <= ifa1->ifa_scope)
501 last_primary = &ifa1->ifa_next;
502 if (ifa1->ifa_mask == ifa->ifa_mask &&
503 inet_ifa_match(ifa1->ifa_address, ifa)) {
504 if (ifa1->ifa_local == ifa->ifa_local) {
505 inet_free_ifa(ifa);
506 return -EEXIST;
507 }
508 if (ifa1->ifa_scope != ifa->ifa_scope) {
509 inet_free_ifa(ifa);
510 return -EINVAL;
511 }
512 ifa->ifa_flags |= IFA_F_SECONDARY;
513 }
514
515 ifap = &ifa1->ifa_next;
516 ifa1 = rtnl_dereference(*ifap);
517 }
518
519 /* Allow any devices that wish to register ifaddr validtors to weigh
520 * in now, before changes are committed. The rntl lock is serializing
521 * access here, so the state should not change between a validator call
522 * and a final notify on commit. This isn't invoked on promotion under
523 * the assumption that validators are checking the address itself, and
524 * not the flags.
525 */
526 ivi.ivi_addr = ifa->ifa_address;
527 ivi.ivi_dev = ifa->ifa_dev;
528 ivi.extack = extack;
529 ret = blocking_notifier_call_chain(&inetaddr_validator_chain,
530 NETDEV_UP, &ivi);
531 ret = notifier_to_errno(ret);
532 if (ret) {
533 inet_free_ifa(ifa);
534 return ret;
535 }
536
537 if (!(ifa->ifa_flags & IFA_F_SECONDARY)) {
538 prandom_seed((__force u32) ifa->ifa_local);
539 ifap = last_primary;
540 }
541
542 rcu_assign_pointer(ifa->ifa_next, *ifap);
543 rcu_assign_pointer(*ifap, ifa);
544
545 inet_hash_insert(dev_net(in_dev->dev), ifa);
546
547 cancel_delayed_work(&check_lifetime_work);
548 queue_delayed_work(system_power_efficient_wq, &check_lifetime_work, 0);
549
550 /* Send message first, then call notifier.
551 Notifier will trigger FIB update, so that
552 listeners of netlink will know about new ifaddr */
553 rtmsg_ifa(RTM_NEWADDR, ifa, nlh, portid);
554 blocking_notifier_call_chain(&inetaddr_chain, NETDEV_UP, ifa);
555
556 return 0;
557 }
558
inet_insert_ifa(struct in_ifaddr * ifa)559 static int inet_insert_ifa(struct in_ifaddr *ifa)
560 {
561 return __inet_insert_ifa(ifa, NULL, 0, NULL);
562 }
563
inet_set_ifa(struct net_device * dev,struct in_ifaddr * ifa)564 static int inet_set_ifa(struct net_device *dev, struct in_ifaddr *ifa)
565 {
566 struct in_device *in_dev = __in_dev_get_rtnl(dev);
567
568 ASSERT_RTNL();
569
570 if (!in_dev) {
571 inet_free_ifa(ifa);
572 return -ENOBUFS;
573 }
574 ipv4_devconf_setall(in_dev);
575 neigh_parms_data_state_setall(in_dev->arp_parms);
576 if (ifa->ifa_dev != in_dev) {
577 WARN_ON(ifa->ifa_dev);
578 in_dev_hold(in_dev);
579 ifa->ifa_dev = in_dev;
580 }
581 if (ipv4_is_loopback(ifa->ifa_local))
582 ifa->ifa_scope = RT_SCOPE_HOST;
583 return inet_insert_ifa(ifa);
584 }
585
586 /* Caller must hold RCU or RTNL :
587 * We dont take a reference on found in_device
588 */
inetdev_by_index(struct net * net,int ifindex)589 struct in_device *inetdev_by_index(struct net *net, int ifindex)
590 {
591 struct net_device *dev;
592 struct in_device *in_dev = NULL;
593
594 rcu_read_lock();
595 dev = dev_get_by_index_rcu(net, ifindex);
596 if (dev)
597 in_dev = rcu_dereference_rtnl(dev->ip_ptr);
598 rcu_read_unlock();
599 return in_dev;
600 }
601 EXPORT_SYMBOL(inetdev_by_index);
602
603 /* Called only from RTNL semaphored context. No locks. */
604
inet_ifa_byprefix(struct in_device * in_dev,__be32 prefix,__be32 mask)605 struct in_ifaddr *inet_ifa_byprefix(struct in_device *in_dev, __be32 prefix,
606 __be32 mask)
607 {
608 struct in_ifaddr *ifa;
609
610 ASSERT_RTNL();
611
612 in_dev_for_each_ifa_rtnl(ifa, in_dev) {
613 if (ifa->ifa_mask == mask && inet_ifa_match(prefix, ifa))
614 return ifa;
615 }
616 return NULL;
617 }
618
ip_mc_autojoin_config(struct net * net,bool join,const struct in_ifaddr * ifa)619 static int ip_mc_autojoin_config(struct net *net, bool join,
620 const struct in_ifaddr *ifa)
621 {
622 #if defined(CONFIG_IP_MULTICAST)
623 struct ip_mreqn mreq = {
624 .imr_multiaddr.s_addr = ifa->ifa_address,
625 .imr_ifindex = ifa->ifa_dev->dev->ifindex,
626 };
627 struct sock *sk = net->ipv4.mc_autojoin_sk;
628 int ret;
629
630 ASSERT_RTNL();
631
632 lock_sock(sk);
633 if (join)
634 ret = ip_mc_join_group(sk, &mreq);
635 else
636 ret = ip_mc_leave_group(sk, &mreq);
637 release_sock(sk);
638
639 return ret;
640 #else
641 return -EOPNOTSUPP;
642 #endif
643 }
644
inet_rtm_deladdr(struct sk_buff * skb,struct nlmsghdr * nlh,struct netlink_ext_ack * extack)645 static int inet_rtm_deladdr(struct sk_buff *skb, struct nlmsghdr *nlh,
646 struct netlink_ext_ack *extack)
647 {
648 struct net *net = sock_net(skb->sk);
649 struct in_ifaddr __rcu **ifap;
650 struct nlattr *tb[IFA_MAX+1];
651 struct in_device *in_dev;
652 struct ifaddrmsg *ifm;
653 struct in_ifaddr *ifa;
654 int err;
655
656 ASSERT_RTNL();
657
658 err = nlmsg_parse_deprecated(nlh, sizeof(*ifm), tb, IFA_MAX,
659 ifa_ipv4_policy, extack);
660 if (err < 0)
661 goto errout;
662
663 ifm = nlmsg_data(nlh);
664 in_dev = inetdev_by_index(net, ifm->ifa_index);
665 if (!in_dev) {
666 err = -ENODEV;
667 goto errout;
668 }
669
670 for (ifap = &in_dev->ifa_list; (ifa = rtnl_dereference(*ifap)) != NULL;
671 ifap = &ifa->ifa_next) {
672 if (tb[IFA_LOCAL] &&
673 ifa->ifa_local != nla_get_in_addr(tb[IFA_LOCAL]))
674 continue;
675
676 if (tb[IFA_LABEL] && nla_strcmp(tb[IFA_LABEL], ifa->ifa_label))
677 continue;
678
679 if (tb[IFA_ADDRESS] &&
680 (ifm->ifa_prefixlen != ifa->ifa_prefixlen ||
681 !inet_ifa_match(nla_get_in_addr(tb[IFA_ADDRESS]), ifa)))
682 continue;
683
684 if (ipv4_is_multicast(ifa->ifa_address))
685 ip_mc_autojoin_config(net, false, ifa);
686 __inet_del_ifa(in_dev, ifap, 1, nlh, NETLINK_CB(skb).portid);
687 return 0;
688 }
689
690 err = -EADDRNOTAVAIL;
691 errout:
692 return err;
693 }
694
695 #define INFINITY_LIFE_TIME 0xFFFFFFFF
696
check_lifetime(struct work_struct * work)697 static void check_lifetime(struct work_struct *work)
698 {
699 unsigned long now, next, next_sec, next_sched;
700 struct in_ifaddr *ifa;
701 struct hlist_node *n;
702 int i;
703
704 now = jiffies;
705 next = round_jiffies_up(now + ADDR_CHECK_FREQUENCY);
706
707 for (i = 0; i < IN4_ADDR_HSIZE; i++) {
708 bool change_needed = false;
709
710 rcu_read_lock();
711 hlist_for_each_entry_rcu(ifa, &inet_addr_lst[i], hash) {
712 unsigned long age;
713
714 if (ifa->ifa_flags & IFA_F_PERMANENT)
715 continue;
716
717 /* We try to batch several events at once. */
718 age = (now - ifa->ifa_tstamp +
719 ADDRCONF_TIMER_FUZZ_MINUS) / HZ;
720
721 if (ifa->ifa_valid_lft != INFINITY_LIFE_TIME &&
722 age >= ifa->ifa_valid_lft) {
723 change_needed = true;
724 } else if (ifa->ifa_preferred_lft ==
725 INFINITY_LIFE_TIME) {
726 continue;
727 } else if (age >= ifa->ifa_preferred_lft) {
728 if (time_before(ifa->ifa_tstamp +
729 ifa->ifa_valid_lft * HZ, next))
730 next = ifa->ifa_tstamp +
731 ifa->ifa_valid_lft * HZ;
732
733 if (!(ifa->ifa_flags & IFA_F_DEPRECATED))
734 change_needed = true;
735 } else if (time_before(ifa->ifa_tstamp +
736 ifa->ifa_preferred_lft * HZ,
737 next)) {
738 next = ifa->ifa_tstamp +
739 ifa->ifa_preferred_lft * HZ;
740 }
741 }
742 rcu_read_unlock();
743 if (!change_needed)
744 continue;
745 rtnl_lock();
746 hlist_for_each_entry_safe(ifa, n, &inet_addr_lst[i], hash) {
747 unsigned long age;
748
749 if (ifa->ifa_flags & IFA_F_PERMANENT)
750 continue;
751
752 /* We try to batch several events at once. */
753 age = (now - ifa->ifa_tstamp +
754 ADDRCONF_TIMER_FUZZ_MINUS) / HZ;
755
756 if (ifa->ifa_valid_lft != INFINITY_LIFE_TIME &&
757 age >= ifa->ifa_valid_lft) {
758 struct in_ifaddr __rcu **ifap;
759 struct in_ifaddr *tmp;
760
761 ifap = &ifa->ifa_dev->ifa_list;
762 tmp = rtnl_dereference(*ifap);
763 while (tmp) {
764 if (tmp == ifa) {
765 inet_del_ifa(ifa->ifa_dev,
766 ifap, 1);
767 break;
768 }
769 ifap = &tmp->ifa_next;
770 tmp = rtnl_dereference(*ifap);
771 }
772 } else if (ifa->ifa_preferred_lft !=
773 INFINITY_LIFE_TIME &&
774 age >= ifa->ifa_preferred_lft &&
775 !(ifa->ifa_flags & IFA_F_DEPRECATED)) {
776 ifa->ifa_flags |= IFA_F_DEPRECATED;
777 rtmsg_ifa(RTM_NEWADDR, ifa, NULL, 0);
778 }
779 }
780 rtnl_unlock();
781 }
782
783 next_sec = round_jiffies_up(next);
784 next_sched = next;
785
786 /* If rounded timeout is accurate enough, accept it. */
787 if (time_before(next_sec, next + ADDRCONF_TIMER_FUZZ))
788 next_sched = next_sec;
789
790 now = jiffies;
791 /* And minimum interval is ADDRCONF_TIMER_FUZZ_MAX. */
792 if (time_before(next_sched, now + ADDRCONF_TIMER_FUZZ_MAX))
793 next_sched = now + ADDRCONF_TIMER_FUZZ_MAX;
794
795 queue_delayed_work(system_power_efficient_wq, &check_lifetime_work,
796 next_sched - now);
797 }
798
set_ifa_lifetime(struct in_ifaddr * ifa,__u32 valid_lft,__u32 prefered_lft)799 static void set_ifa_lifetime(struct in_ifaddr *ifa, __u32 valid_lft,
800 __u32 prefered_lft)
801 {
802 unsigned long timeout;
803
804 ifa->ifa_flags &= ~(IFA_F_PERMANENT | IFA_F_DEPRECATED);
805
806 timeout = addrconf_timeout_fixup(valid_lft, HZ);
807 if (addrconf_finite_timeout(timeout))
808 ifa->ifa_valid_lft = timeout;
809 else
810 ifa->ifa_flags |= IFA_F_PERMANENT;
811
812 timeout = addrconf_timeout_fixup(prefered_lft, HZ);
813 if (addrconf_finite_timeout(timeout)) {
814 if (timeout == 0)
815 ifa->ifa_flags |= IFA_F_DEPRECATED;
816 ifa->ifa_preferred_lft = timeout;
817 }
818 ifa->ifa_tstamp = jiffies;
819 if (!ifa->ifa_cstamp)
820 ifa->ifa_cstamp = ifa->ifa_tstamp;
821 }
822
rtm_to_ifaddr(struct net * net,struct nlmsghdr * nlh,__u32 * pvalid_lft,__u32 * pprefered_lft,struct netlink_ext_ack * extack)823 static struct in_ifaddr *rtm_to_ifaddr(struct net *net, struct nlmsghdr *nlh,
824 __u32 *pvalid_lft, __u32 *pprefered_lft,
825 struct netlink_ext_ack *extack)
826 {
827 struct nlattr *tb[IFA_MAX+1];
828 struct in_ifaddr *ifa;
829 struct ifaddrmsg *ifm;
830 struct net_device *dev;
831 struct in_device *in_dev;
832 int err;
833
834 err = nlmsg_parse_deprecated(nlh, sizeof(*ifm), tb, IFA_MAX,
835 ifa_ipv4_policy, extack);
836 if (err < 0)
837 goto errout;
838
839 ifm = nlmsg_data(nlh);
840 err = -EINVAL;
841 if (ifm->ifa_prefixlen > 32 || !tb[IFA_LOCAL])
842 goto errout;
843
844 dev = __dev_get_by_index(net, ifm->ifa_index);
845 err = -ENODEV;
846 if (!dev)
847 goto errout;
848
849 in_dev = __in_dev_get_rtnl(dev);
850 err = -ENOBUFS;
851 if (!in_dev)
852 goto errout;
853
854 ifa = inet_alloc_ifa();
855 if (!ifa)
856 /*
857 * A potential indev allocation can be left alive, it stays
858 * assigned to its device and is destroy with it.
859 */
860 goto errout;
861
862 ipv4_devconf_setall(in_dev);
863 neigh_parms_data_state_setall(in_dev->arp_parms);
864 in_dev_hold(in_dev);
865
866 if (!tb[IFA_ADDRESS])
867 tb[IFA_ADDRESS] = tb[IFA_LOCAL];
868
869 INIT_HLIST_NODE(&ifa->hash);
870 ifa->ifa_prefixlen = ifm->ifa_prefixlen;
871 ifa->ifa_mask = inet_make_mask(ifm->ifa_prefixlen);
872 ifa->ifa_flags = tb[IFA_FLAGS] ? nla_get_u32(tb[IFA_FLAGS]) :
873 ifm->ifa_flags;
874 ifa->ifa_scope = ifm->ifa_scope;
875 ifa->ifa_dev = in_dev;
876
877 ifa->ifa_local = nla_get_in_addr(tb[IFA_LOCAL]);
878 ifa->ifa_address = nla_get_in_addr(tb[IFA_ADDRESS]);
879
880 if (tb[IFA_BROADCAST])
881 ifa->ifa_broadcast = nla_get_in_addr(tb[IFA_BROADCAST]);
882
883 if (tb[IFA_LABEL])
884 nla_strscpy(ifa->ifa_label, tb[IFA_LABEL], IFNAMSIZ);
885 else
886 memcpy(ifa->ifa_label, dev->name, IFNAMSIZ);
887
888 if (tb[IFA_RT_PRIORITY])
889 ifa->ifa_rt_priority = nla_get_u32(tb[IFA_RT_PRIORITY]);
890
891 if (tb[IFA_CACHEINFO]) {
892 struct ifa_cacheinfo *ci;
893
894 ci = nla_data(tb[IFA_CACHEINFO]);
895 if (!ci->ifa_valid || ci->ifa_prefered > ci->ifa_valid) {
896 err = -EINVAL;
897 goto errout_free;
898 }
899 *pvalid_lft = ci->ifa_valid;
900 *pprefered_lft = ci->ifa_prefered;
901 }
902
903 return ifa;
904
905 errout_free:
906 inet_free_ifa(ifa);
907 errout:
908 return ERR_PTR(err);
909 }
910
find_matching_ifa(struct in_ifaddr * ifa)911 static struct in_ifaddr *find_matching_ifa(struct in_ifaddr *ifa)
912 {
913 struct in_device *in_dev = ifa->ifa_dev;
914 struct in_ifaddr *ifa1;
915
916 if (!ifa->ifa_local)
917 return NULL;
918
919 in_dev_for_each_ifa_rtnl(ifa1, in_dev) {
920 if (ifa1->ifa_mask == ifa->ifa_mask &&
921 inet_ifa_match(ifa1->ifa_address, ifa) &&
922 ifa1->ifa_local == ifa->ifa_local)
923 return ifa1;
924 }
925 return NULL;
926 }
927
inet_rtm_newaddr(struct sk_buff * skb,struct nlmsghdr * nlh,struct netlink_ext_ack * extack)928 static int inet_rtm_newaddr(struct sk_buff *skb, struct nlmsghdr *nlh,
929 struct netlink_ext_ack *extack)
930 {
931 struct net *net = sock_net(skb->sk);
932 struct in_ifaddr *ifa;
933 struct in_ifaddr *ifa_existing;
934 __u32 valid_lft = INFINITY_LIFE_TIME;
935 __u32 prefered_lft = INFINITY_LIFE_TIME;
936
937 ASSERT_RTNL();
938
939 ifa = rtm_to_ifaddr(net, nlh, &valid_lft, &prefered_lft, extack);
940 if (IS_ERR(ifa))
941 return PTR_ERR(ifa);
942
943 ifa_existing = find_matching_ifa(ifa);
944 if (!ifa_existing) {
945 /* It would be best to check for !NLM_F_CREATE here but
946 * userspace already relies on not having to provide this.
947 */
948 set_ifa_lifetime(ifa, valid_lft, prefered_lft);
949 if (ifa->ifa_flags & IFA_F_MCAUTOJOIN) {
950 int ret = ip_mc_autojoin_config(net, true, ifa);
951
952 if (ret < 0) {
953 inet_free_ifa(ifa);
954 return ret;
955 }
956 }
957 return __inet_insert_ifa(ifa, nlh, NETLINK_CB(skb).portid,
958 extack);
959 } else {
960 u32 new_metric = ifa->ifa_rt_priority;
961
962 inet_free_ifa(ifa);
963
964 if (nlh->nlmsg_flags & NLM_F_EXCL ||
965 !(nlh->nlmsg_flags & NLM_F_REPLACE))
966 return -EEXIST;
967 ifa = ifa_existing;
968
969 if (ifa->ifa_rt_priority != new_metric) {
970 fib_modify_prefix_metric(ifa, new_metric);
971 ifa->ifa_rt_priority = new_metric;
972 }
973
974 set_ifa_lifetime(ifa, valid_lft, prefered_lft);
975 cancel_delayed_work(&check_lifetime_work);
976 queue_delayed_work(system_power_efficient_wq,
977 &check_lifetime_work, 0);
978 rtmsg_ifa(RTM_NEWADDR, ifa, nlh, NETLINK_CB(skb).portid);
979 }
980 return 0;
981 }
982
983 /*
984 * Determine a default network mask, based on the IP address.
985 */
986
inet_abc_len(__be32 addr)987 static int inet_abc_len(__be32 addr)
988 {
989 int rc = -1; /* Something else, probably a multicast. */
990
991 if (ipv4_is_zeronet(addr) || ipv4_is_lbcast(addr))
992 rc = 0;
993 else {
994 __u32 haddr = ntohl(addr);
995 if (IN_CLASSA(haddr))
996 rc = 8;
997 else if (IN_CLASSB(haddr))
998 rc = 16;
999 else if (IN_CLASSC(haddr))
1000 rc = 24;
1001 else if (IN_CLASSE(haddr))
1002 rc = 32;
1003 }
1004
1005 return rc;
1006 }
1007
1008
devinet_ioctl(struct net * net,unsigned int cmd,struct ifreq * ifr)1009 int devinet_ioctl(struct net *net, unsigned int cmd, struct ifreq *ifr)
1010 {
1011 struct sockaddr_in sin_orig;
1012 struct sockaddr_in *sin = (struct sockaddr_in *)&ifr->ifr_addr;
1013 struct in_ifaddr __rcu **ifap = NULL;
1014 struct in_device *in_dev;
1015 struct in_ifaddr *ifa = NULL;
1016 struct net_device *dev;
1017 char *colon;
1018 int ret = -EFAULT;
1019 int tryaddrmatch = 0;
1020
1021 ifr->ifr_name[IFNAMSIZ - 1] = 0;
1022
1023 /* save original address for comparison */
1024 memcpy(&sin_orig, sin, sizeof(*sin));
1025
1026 colon = strchr(ifr->ifr_name, ':');
1027 if (colon)
1028 *colon = 0;
1029
1030 dev_load(net, ifr->ifr_name);
1031
1032 switch (cmd) {
1033 case SIOCGIFADDR: /* Get interface address */
1034 case SIOCGIFBRDADDR: /* Get the broadcast address */
1035 case SIOCGIFDSTADDR: /* Get the destination address */
1036 case SIOCGIFNETMASK: /* Get the netmask for the interface */
1037 /* Note that these ioctls will not sleep,
1038 so that we do not impose a lock.
1039 One day we will be forced to put shlock here (I mean SMP)
1040 */
1041 tryaddrmatch = (sin_orig.sin_family == AF_INET);
1042 memset(sin, 0, sizeof(*sin));
1043 sin->sin_family = AF_INET;
1044 break;
1045
1046 case SIOCSIFFLAGS:
1047 ret = -EPERM;
1048 if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
1049 goto out;
1050 break;
1051 case SIOCSIFADDR: /* Set interface address (and family) */
1052 case SIOCSIFBRDADDR: /* Set the broadcast address */
1053 case SIOCSIFDSTADDR: /* Set the destination address */
1054 case SIOCSIFNETMASK: /* Set the netmask for the interface */
1055 ret = -EPERM;
1056 if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
1057 goto out;
1058 ret = -EINVAL;
1059 if (sin->sin_family != AF_INET)
1060 goto out;
1061 break;
1062 default:
1063 ret = -EINVAL;
1064 goto out;
1065 }
1066
1067 rtnl_lock();
1068
1069 ret = -ENODEV;
1070 dev = __dev_get_by_name(net, ifr->ifr_name);
1071 if (!dev)
1072 goto done;
1073
1074 if (colon)
1075 *colon = ':';
1076
1077 in_dev = __in_dev_get_rtnl(dev);
1078 if (in_dev) {
1079 if (tryaddrmatch) {
1080 /* Matthias Andree */
1081 /* compare label and address (4.4BSD style) */
1082 /* note: we only do this for a limited set of ioctls
1083 and only if the original address family was AF_INET.
1084 This is checked above. */
1085
1086 for (ifap = &in_dev->ifa_list;
1087 (ifa = rtnl_dereference(*ifap)) != NULL;
1088 ifap = &ifa->ifa_next) {
1089 if (!strcmp(ifr->ifr_name, ifa->ifa_label) &&
1090 sin_orig.sin_addr.s_addr ==
1091 ifa->ifa_local) {
1092 break; /* found */
1093 }
1094 }
1095 }
1096 /* we didn't get a match, maybe the application is
1097 4.3BSD-style and passed in junk so we fall back to
1098 comparing just the label */
1099 if (!ifa) {
1100 for (ifap = &in_dev->ifa_list;
1101 (ifa = rtnl_dereference(*ifap)) != NULL;
1102 ifap = &ifa->ifa_next)
1103 if (!strcmp(ifr->ifr_name, ifa->ifa_label))
1104 break;
1105 }
1106 }
1107
1108 ret = -EADDRNOTAVAIL;
1109 if (!ifa && cmd != SIOCSIFADDR && cmd != SIOCSIFFLAGS)
1110 goto done;
1111
1112 switch (cmd) {
1113 case SIOCGIFADDR: /* Get interface address */
1114 ret = 0;
1115 sin->sin_addr.s_addr = ifa->ifa_local;
1116 break;
1117
1118 case SIOCGIFBRDADDR: /* Get the broadcast address */
1119 ret = 0;
1120 sin->sin_addr.s_addr = ifa->ifa_broadcast;
1121 break;
1122
1123 case SIOCGIFDSTADDR: /* Get the destination address */
1124 ret = 0;
1125 sin->sin_addr.s_addr = ifa->ifa_address;
1126 break;
1127
1128 case SIOCGIFNETMASK: /* Get the netmask for the interface */
1129 ret = 0;
1130 sin->sin_addr.s_addr = ifa->ifa_mask;
1131 break;
1132
1133 case SIOCSIFFLAGS:
1134 if (colon) {
1135 ret = -EADDRNOTAVAIL;
1136 if (!ifa)
1137 break;
1138 ret = 0;
1139 if (!(ifr->ifr_flags & IFF_UP))
1140 inet_del_ifa(in_dev, ifap, 1);
1141 break;
1142 }
1143 ret = dev_change_flags(dev, ifr->ifr_flags, NULL);
1144 break;
1145
1146 case SIOCSIFADDR: /* Set interface address (and family) */
1147 ret = -EINVAL;
1148 if (inet_abc_len(sin->sin_addr.s_addr) < 0)
1149 break;
1150
1151 if (!ifa) {
1152 ret = -ENOBUFS;
1153 ifa = inet_alloc_ifa();
1154 if (!ifa)
1155 break;
1156 INIT_HLIST_NODE(&ifa->hash);
1157 if (colon)
1158 memcpy(ifa->ifa_label, ifr->ifr_name, IFNAMSIZ);
1159 else
1160 memcpy(ifa->ifa_label, dev->name, IFNAMSIZ);
1161 } else {
1162 ret = 0;
1163 if (ifa->ifa_local == sin->sin_addr.s_addr)
1164 break;
1165 inet_del_ifa(in_dev, ifap, 0);
1166 ifa->ifa_broadcast = 0;
1167 ifa->ifa_scope = 0;
1168 }
1169
1170 ifa->ifa_address = ifa->ifa_local = sin->sin_addr.s_addr;
1171
1172 if (!(dev->flags & IFF_POINTOPOINT)) {
1173 ifa->ifa_prefixlen = inet_abc_len(ifa->ifa_address);
1174 ifa->ifa_mask = inet_make_mask(ifa->ifa_prefixlen);
1175 if ((dev->flags & IFF_BROADCAST) &&
1176 ifa->ifa_prefixlen < 31)
1177 ifa->ifa_broadcast = ifa->ifa_address |
1178 ~ifa->ifa_mask;
1179 } else {
1180 ifa->ifa_prefixlen = 32;
1181 ifa->ifa_mask = inet_make_mask(32);
1182 }
1183 set_ifa_lifetime(ifa, INFINITY_LIFE_TIME, INFINITY_LIFE_TIME);
1184 ret = inet_set_ifa(dev, ifa);
1185 break;
1186
1187 case SIOCSIFBRDADDR: /* Set the broadcast address */
1188 ret = 0;
1189 if (ifa->ifa_broadcast != sin->sin_addr.s_addr) {
1190 inet_del_ifa(in_dev, ifap, 0);
1191 ifa->ifa_broadcast = sin->sin_addr.s_addr;
1192 inet_insert_ifa(ifa);
1193 }
1194 break;
1195
1196 case SIOCSIFDSTADDR: /* Set the destination address */
1197 ret = 0;
1198 if (ifa->ifa_address == sin->sin_addr.s_addr)
1199 break;
1200 ret = -EINVAL;
1201 if (inet_abc_len(sin->sin_addr.s_addr) < 0)
1202 break;
1203 ret = 0;
1204 inet_del_ifa(in_dev, ifap, 0);
1205 ifa->ifa_address = sin->sin_addr.s_addr;
1206 inet_insert_ifa(ifa);
1207 break;
1208
1209 case SIOCSIFNETMASK: /* Set the netmask for the interface */
1210
1211 /*
1212 * The mask we set must be legal.
1213 */
1214 ret = -EINVAL;
1215 if (bad_mask(sin->sin_addr.s_addr, 0))
1216 break;
1217 ret = 0;
1218 if (ifa->ifa_mask != sin->sin_addr.s_addr) {
1219 __be32 old_mask = ifa->ifa_mask;
1220 inet_del_ifa(in_dev, ifap, 0);
1221 ifa->ifa_mask = sin->sin_addr.s_addr;
1222 ifa->ifa_prefixlen = inet_mask_len(ifa->ifa_mask);
1223
1224 /* See if current broadcast address matches
1225 * with current netmask, then recalculate
1226 * the broadcast address. Otherwise it's a
1227 * funny address, so don't touch it since
1228 * the user seems to know what (s)he's doing...
1229 */
1230 if ((dev->flags & IFF_BROADCAST) &&
1231 (ifa->ifa_prefixlen < 31) &&
1232 (ifa->ifa_broadcast ==
1233 (ifa->ifa_local|~old_mask))) {
1234 ifa->ifa_broadcast = (ifa->ifa_local |
1235 ~sin->sin_addr.s_addr);
1236 }
1237 inet_insert_ifa(ifa);
1238 }
1239 break;
1240 }
1241 done:
1242 rtnl_unlock();
1243 out:
1244 return ret;
1245 }
1246
inet_gifconf(struct net_device * dev,char __user * buf,int len,int size)1247 int inet_gifconf(struct net_device *dev, char __user *buf, int len, int size)
1248 {
1249 struct in_device *in_dev = __in_dev_get_rtnl(dev);
1250 const struct in_ifaddr *ifa;
1251 struct ifreq ifr;
1252 int done = 0;
1253
1254 if (WARN_ON(size > sizeof(struct ifreq)))
1255 goto out;
1256
1257 if (!in_dev)
1258 goto out;
1259
1260 in_dev_for_each_ifa_rtnl(ifa, in_dev) {
1261 if (!buf) {
1262 done += size;
1263 continue;
1264 }
1265 if (len < size)
1266 break;
1267 memset(&ifr, 0, sizeof(struct ifreq));
1268 strcpy(ifr.ifr_name, ifa->ifa_label);
1269
1270 (*(struct sockaddr_in *)&ifr.ifr_addr).sin_family = AF_INET;
1271 (*(struct sockaddr_in *)&ifr.ifr_addr).sin_addr.s_addr =
1272 ifa->ifa_local;
1273
1274 if (copy_to_user(buf + done, &ifr, size)) {
1275 done = -EFAULT;
1276 break;
1277 }
1278 len -= size;
1279 done += size;
1280 }
1281 out:
1282 return done;
1283 }
1284
in_dev_select_addr(const struct in_device * in_dev,int scope)1285 static __be32 in_dev_select_addr(const struct in_device *in_dev,
1286 int scope)
1287 {
1288 const struct in_ifaddr *ifa;
1289
1290 in_dev_for_each_ifa_rcu(ifa, in_dev) {
1291 if (ifa->ifa_flags & IFA_F_SECONDARY)
1292 continue;
1293 if (ifa->ifa_scope != RT_SCOPE_LINK &&
1294 ifa->ifa_scope <= scope)
1295 return ifa->ifa_local;
1296 }
1297
1298 return 0;
1299 }
1300
inet_select_addr(const struct net_device * dev,__be32 dst,int scope)1301 __be32 inet_select_addr(const struct net_device *dev, __be32 dst, int scope)
1302 {
1303 const struct in_ifaddr *ifa;
1304 __be32 addr = 0;
1305 unsigned char localnet_scope = RT_SCOPE_HOST;
1306 struct in_device *in_dev;
1307 struct net *net = dev_net(dev);
1308 int master_idx;
1309
1310 rcu_read_lock();
1311 in_dev = __in_dev_get_rcu(dev);
1312 if (!in_dev)
1313 goto no_in_dev;
1314
1315 if (unlikely(IN_DEV_ROUTE_LOCALNET(in_dev)))
1316 localnet_scope = RT_SCOPE_LINK;
1317
1318 in_dev_for_each_ifa_rcu(ifa, in_dev) {
1319 if (ifa->ifa_flags & IFA_F_SECONDARY)
1320 continue;
1321 if (min(ifa->ifa_scope, localnet_scope) > scope)
1322 continue;
1323 if (!dst || inet_ifa_match(dst, ifa)) {
1324 addr = ifa->ifa_local;
1325 break;
1326 }
1327 if (!addr)
1328 addr = ifa->ifa_local;
1329 }
1330
1331 if (addr)
1332 goto out_unlock;
1333 no_in_dev:
1334 master_idx = l3mdev_master_ifindex_rcu(dev);
1335
1336 /* For VRFs, the VRF device takes the place of the loopback device,
1337 * with addresses on it being preferred. Note in such cases the
1338 * loopback device will be among the devices that fail the master_idx
1339 * equality check in the loop below.
1340 */
1341 if (master_idx &&
1342 (dev = dev_get_by_index_rcu(net, master_idx)) &&
1343 (in_dev = __in_dev_get_rcu(dev))) {
1344 addr = in_dev_select_addr(in_dev, scope);
1345 if (addr)
1346 goto out_unlock;
1347 }
1348
1349 /* Not loopback addresses on loopback should be preferred
1350 in this case. It is important that lo is the first interface
1351 in dev_base list.
1352 */
1353 for_each_netdev_rcu(net, dev) {
1354 if (l3mdev_master_ifindex_rcu(dev) != master_idx)
1355 continue;
1356
1357 in_dev = __in_dev_get_rcu(dev);
1358 if (!in_dev)
1359 continue;
1360
1361 addr = in_dev_select_addr(in_dev, scope);
1362 if (addr)
1363 goto out_unlock;
1364 }
1365 out_unlock:
1366 rcu_read_unlock();
1367 return addr;
1368 }
1369 EXPORT_SYMBOL(inet_select_addr);
1370
confirm_addr_indev(struct in_device * in_dev,__be32 dst,__be32 local,int scope)1371 static __be32 confirm_addr_indev(struct in_device *in_dev, __be32 dst,
1372 __be32 local, int scope)
1373 {
1374 unsigned char localnet_scope = RT_SCOPE_HOST;
1375 const struct in_ifaddr *ifa;
1376 __be32 addr = 0;
1377 int same = 0;
1378
1379 if (unlikely(IN_DEV_ROUTE_LOCALNET(in_dev)))
1380 localnet_scope = RT_SCOPE_LINK;
1381
1382 in_dev_for_each_ifa_rcu(ifa, in_dev) {
1383 unsigned char min_scope = min(ifa->ifa_scope, localnet_scope);
1384
1385 if (!addr &&
1386 (local == ifa->ifa_local || !local) &&
1387 min_scope <= scope) {
1388 addr = ifa->ifa_local;
1389 if (same)
1390 break;
1391 }
1392 if (!same) {
1393 same = (!local || inet_ifa_match(local, ifa)) &&
1394 (!dst || inet_ifa_match(dst, ifa));
1395 if (same && addr) {
1396 if (local || !dst)
1397 break;
1398 /* Is the selected addr into dst subnet? */
1399 if (inet_ifa_match(addr, ifa))
1400 break;
1401 /* No, then can we use new local src? */
1402 if (min_scope <= scope) {
1403 addr = ifa->ifa_local;
1404 break;
1405 }
1406 /* search for large dst subnet for addr */
1407 same = 0;
1408 }
1409 }
1410 }
1411
1412 return same ? addr : 0;
1413 }
1414
1415 /*
1416 * Confirm that local IP address exists using wildcards:
1417 * - net: netns to check, cannot be NULL
1418 * - in_dev: only on this interface, NULL=any interface
1419 * - dst: only in the same subnet as dst, 0=any dst
1420 * - local: address, 0=autoselect the local address
1421 * - scope: maximum allowed scope value for the local address
1422 */
inet_confirm_addr(struct net * net,struct in_device * in_dev,__be32 dst,__be32 local,int scope)1423 __be32 inet_confirm_addr(struct net *net, struct in_device *in_dev,
1424 __be32 dst, __be32 local, int scope)
1425 {
1426 __be32 addr = 0;
1427 struct net_device *dev;
1428
1429 if (in_dev)
1430 return confirm_addr_indev(in_dev, dst, local, scope);
1431
1432 rcu_read_lock();
1433 for_each_netdev_rcu(net, dev) {
1434 in_dev = __in_dev_get_rcu(dev);
1435 if (in_dev) {
1436 addr = confirm_addr_indev(in_dev, dst, local, scope);
1437 if (addr)
1438 break;
1439 }
1440 }
1441 rcu_read_unlock();
1442
1443 return addr;
1444 }
1445 EXPORT_SYMBOL(inet_confirm_addr);
1446
1447 /*
1448 * Device notifier
1449 */
1450
register_inetaddr_notifier(struct notifier_block * nb)1451 int register_inetaddr_notifier(struct notifier_block *nb)
1452 {
1453 return blocking_notifier_chain_register(&inetaddr_chain, nb);
1454 }
1455 EXPORT_SYMBOL(register_inetaddr_notifier);
1456
unregister_inetaddr_notifier(struct notifier_block * nb)1457 int unregister_inetaddr_notifier(struct notifier_block *nb)
1458 {
1459 return blocking_notifier_chain_unregister(&inetaddr_chain, nb);
1460 }
1461 EXPORT_SYMBOL(unregister_inetaddr_notifier);
1462
register_inetaddr_validator_notifier(struct notifier_block * nb)1463 int register_inetaddr_validator_notifier(struct notifier_block *nb)
1464 {
1465 return blocking_notifier_chain_register(&inetaddr_validator_chain, nb);
1466 }
1467 EXPORT_SYMBOL(register_inetaddr_validator_notifier);
1468
unregister_inetaddr_validator_notifier(struct notifier_block * nb)1469 int unregister_inetaddr_validator_notifier(struct notifier_block *nb)
1470 {
1471 return blocking_notifier_chain_unregister(&inetaddr_validator_chain,
1472 nb);
1473 }
1474 EXPORT_SYMBOL(unregister_inetaddr_validator_notifier);
1475
1476 /* Rename ifa_labels for a device name change. Make some effort to preserve
1477 * existing alias numbering and to create unique labels if possible.
1478 */
inetdev_changename(struct net_device * dev,struct in_device * in_dev)1479 static void inetdev_changename(struct net_device *dev, struct in_device *in_dev)
1480 {
1481 struct in_ifaddr *ifa;
1482 int named = 0;
1483
1484 in_dev_for_each_ifa_rtnl(ifa, in_dev) {
1485 char old[IFNAMSIZ], *dot;
1486
1487 memcpy(old, ifa->ifa_label, IFNAMSIZ);
1488 memcpy(ifa->ifa_label, dev->name, IFNAMSIZ);
1489 if (named++ == 0)
1490 goto skip;
1491 dot = strchr(old, ':');
1492 if (!dot) {
1493 sprintf(old, ":%d", named);
1494 dot = old;
1495 }
1496 if (strlen(dot) + strlen(dev->name) < IFNAMSIZ)
1497 strcat(ifa->ifa_label, dot);
1498 else
1499 strcpy(ifa->ifa_label + (IFNAMSIZ - strlen(dot) - 1), dot);
1500 skip:
1501 rtmsg_ifa(RTM_NEWADDR, ifa, NULL, 0);
1502 }
1503 }
1504
inetdev_send_gratuitous_arp(struct net_device * dev,struct in_device * in_dev)1505 static void inetdev_send_gratuitous_arp(struct net_device *dev,
1506 struct in_device *in_dev)
1507
1508 {
1509 const struct in_ifaddr *ifa;
1510
1511 in_dev_for_each_ifa_rtnl(ifa, in_dev) {
1512 arp_send(ARPOP_REQUEST, ETH_P_ARP,
1513 ifa->ifa_local, dev,
1514 ifa->ifa_local, NULL,
1515 dev->dev_addr, NULL);
1516 }
1517 }
1518
1519 /* Called only under RTNL semaphore */
1520
inetdev_event(struct notifier_block * this,unsigned long event,void * ptr)1521 static int inetdev_event(struct notifier_block *this, unsigned long event,
1522 void *ptr)
1523 {
1524 struct net_device *dev = netdev_notifier_info_to_dev(ptr);
1525 struct in_device *in_dev = __in_dev_get_rtnl(dev);
1526
1527 ASSERT_RTNL();
1528
1529 if (!in_dev) {
1530 if (event == NETDEV_REGISTER) {
1531 in_dev = inetdev_init(dev);
1532 if (IS_ERR(in_dev))
1533 return notifier_from_errno(PTR_ERR(in_dev));
1534 if (dev->flags & IFF_LOOPBACK) {
1535 IN_DEV_CONF_SET(in_dev, NOXFRM, 1);
1536 IN_DEV_CONF_SET(in_dev, NOPOLICY, 1);
1537 }
1538 } else if (event == NETDEV_CHANGEMTU) {
1539 /* Re-enabling IP */
1540 if (inetdev_valid_mtu(dev->mtu))
1541 in_dev = inetdev_init(dev);
1542 }
1543 goto out;
1544 }
1545
1546 switch (event) {
1547 case NETDEV_REGISTER:
1548 pr_debug("%s: bug\n", __func__);
1549 RCU_INIT_POINTER(dev->ip_ptr, NULL);
1550 break;
1551 case NETDEV_UP:
1552 if (!inetdev_valid_mtu(dev->mtu))
1553 break;
1554 if (dev->flags & IFF_LOOPBACK) {
1555 struct in_ifaddr *ifa = inet_alloc_ifa();
1556
1557 if (ifa) {
1558 INIT_HLIST_NODE(&ifa->hash);
1559 ifa->ifa_local =
1560 ifa->ifa_address = htonl(INADDR_LOOPBACK);
1561 ifa->ifa_prefixlen = 8;
1562 ifa->ifa_mask = inet_make_mask(8);
1563 in_dev_hold(in_dev);
1564 ifa->ifa_dev = in_dev;
1565 ifa->ifa_scope = RT_SCOPE_HOST;
1566 memcpy(ifa->ifa_label, dev->name, IFNAMSIZ);
1567 set_ifa_lifetime(ifa, INFINITY_LIFE_TIME,
1568 INFINITY_LIFE_TIME);
1569 ipv4_devconf_setall(in_dev);
1570 neigh_parms_data_state_setall(in_dev->arp_parms);
1571 inet_insert_ifa(ifa);
1572 }
1573 }
1574 ip_mc_up(in_dev);
1575 fallthrough;
1576 case NETDEV_CHANGEADDR:
1577 if (!IN_DEV_ARP_NOTIFY(in_dev))
1578 break;
1579 fallthrough;
1580 case NETDEV_NOTIFY_PEERS:
1581 /* Send gratuitous ARP to notify of link change */
1582 inetdev_send_gratuitous_arp(dev, in_dev);
1583 break;
1584 case NETDEV_DOWN:
1585 ip_mc_down(in_dev);
1586 break;
1587 case NETDEV_PRE_TYPE_CHANGE:
1588 ip_mc_unmap(in_dev);
1589 break;
1590 case NETDEV_POST_TYPE_CHANGE:
1591 ip_mc_remap(in_dev);
1592 break;
1593 case NETDEV_CHANGEMTU:
1594 if (inetdev_valid_mtu(dev->mtu))
1595 break;
1596 /* disable IP when MTU is not enough */
1597 fallthrough;
1598 case NETDEV_UNREGISTER:
1599 inetdev_destroy(in_dev);
1600 break;
1601 case NETDEV_CHANGENAME:
1602 /* Do not notify about label change, this event is
1603 * not interesting to applications using netlink.
1604 */
1605 inetdev_changename(dev, in_dev);
1606
1607 devinet_sysctl_unregister(in_dev);
1608 devinet_sysctl_register(in_dev);
1609 break;
1610 }
1611 out:
1612 return NOTIFY_DONE;
1613 }
1614
1615 static struct notifier_block ip_netdev_notifier = {
1616 .notifier_call = inetdev_event,
1617 };
1618
inet_nlmsg_size(void)1619 static size_t inet_nlmsg_size(void)
1620 {
1621 return NLMSG_ALIGN(sizeof(struct ifaddrmsg))
1622 + nla_total_size(4) /* IFA_ADDRESS */
1623 + nla_total_size(4) /* IFA_LOCAL */
1624 + nla_total_size(4) /* IFA_BROADCAST */
1625 + nla_total_size(IFNAMSIZ) /* IFA_LABEL */
1626 + nla_total_size(4) /* IFA_FLAGS */
1627 + nla_total_size(4) /* IFA_RT_PRIORITY */
1628 + nla_total_size(sizeof(struct ifa_cacheinfo)); /* IFA_CACHEINFO */
1629 }
1630
cstamp_delta(unsigned long cstamp)1631 static inline u32 cstamp_delta(unsigned long cstamp)
1632 {
1633 return (cstamp - INITIAL_JIFFIES) * 100UL / HZ;
1634 }
1635
put_cacheinfo(struct sk_buff * skb,unsigned long cstamp,unsigned long tstamp,u32 preferred,u32 valid)1636 static int put_cacheinfo(struct sk_buff *skb, unsigned long cstamp,
1637 unsigned long tstamp, u32 preferred, u32 valid)
1638 {
1639 struct ifa_cacheinfo ci;
1640
1641 ci.cstamp = cstamp_delta(cstamp);
1642 ci.tstamp = cstamp_delta(tstamp);
1643 ci.ifa_prefered = preferred;
1644 ci.ifa_valid = valid;
1645
1646 return nla_put(skb, IFA_CACHEINFO, sizeof(ci), &ci);
1647 }
1648
inet_fill_ifaddr(struct sk_buff * skb,struct in_ifaddr * ifa,struct inet_fill_args * args)1649 static int inet_fill_ifaddr(struct sk_buff *skb, struct in_ifaddr *ifa,
1650 struct inet_fill_args *args)
1651 {
1652 struct ifaddrmsg *ifm;
1653 struct nlmsghdr *nlh;
1654 u32 preferred, valid;
1655
1656 nlh = nlmsg_put(skb, args->portid, args->seq, args->event, sizeof(*ifm),
1657 args->flags);
1658 if (!nlh)
1659 return -EMSGSIZE;
1660
1661 ifm = nlmsg_data(nlh);
1662 ifm->ifa_family = AF_INET;
1663 ifm->ifa_prefixlen = ifa->ifa_prefixlen;
1664 ifm->ifa_flags = ifa->ifa_flags;
1665 ifm->ifa_scope = ifa->ifa_scope;
1666 ifm->ifa_index = ifa->ifa_dev->dev->ifindex;
1667
1668 if (args->netnsid >= 0 &&
1669 nla_put_s32(skb, IFA_TARGET_NETNSID, args->netnsid))
1670 goto nla_put_failure;
1671
1672 if (!(ifm->ifa_flags & IFA_F_PERMANENT)) {
1673 preferred = ifa->ifa_preferred_lft;
1674 valid = ifa->ifa_valid_lft;
1675 if (preferred != INFINITY_LIFE_TIME) {
1676 long tval = (jiffies - ifa->ifa_tstamp) / HZ;
1677
1678 if (preferred > tval)
1679 preferred -= tval;
1680 else
1681 preferred = 0;
1682 if (valid != INFINITY_LIFE_TIME) {
1683 if (valid > tval)
1684 valid -= tval;
1685 else
1686 valid = 0;
1687 }
1688 }
1689 } else {
1690 preferred = INFINITY_LIFE_TIME;
1691 valid = INFINITY_LIFE_TIME;
1692 }
1693 if ((ifa->ifa_address &&
1694 nla_put_in_addr(skb, IFA_ADDRESS, ifa->ifa_address)) ||
1695 (ifa->ifa_local &&
1696 nla_put_in_addr(skb, IFA_LOCAL, ifa->ifa_local)) ||
1697 (ifa->ifa_broadcast &&
1698 nla_put_in_addr(skb, IFA_BROADCAST, ifa->ifa_broadcast)) ||
1699 (ifa->ifa_label[0] &&
1700 nla_put_string(skb, IFA_LABEL, ifa->ifa_label)) ||
1701 nla_put_u32(skb, IFA_FLAGS, ifa->ifa_flags) ||
1702 (ifa->ifa_rt_priority &&
1703 nla_put_u32(skb, IFA_RT_PRIORITY, ifa->ifa_rt_priority)) ||
1704 put_cacheinfo(skb, ifa->ifa_cstamp, ifa->ifa_tstamp,
1705 preferred, valid))
1706 goto nla_put_failure;
1707
1708 nlmsg_end(skb, nlh);
1709 return 0;
1710
1711 nla_put_failure:
1712 nlmsg_cancel(skb, nlh);
1713 return -EMSGSIZE;
1714 }
1715
inet_valid_dump_ifaddr_req(const struct nlmsghdr * nlh,struct inet_fill_args * fillargs,struct net ** tgt_net,struct sock * sk,struct netlink_callback * cb)1716 static int inet_valid_dump_ifaddr_req(const struct nlmsghdr *nlh,
1717 struct inet_fill_args *fillargs,
1718 struct net **tgt_net, struct sock *sk,
1719 struct netlink_callback *cb)
1720 {
1721 struct netlink_ext_ack *extack = cb->extack;
1722 struct nlattr *tb[IFA_MAX+1];
1723 struct ifaddrmsg *ifm;
1724 int err, i;
1725
1726 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ifm))) {
1727 NL_SET_ERR_MSG(extack, "ipv4: Invalid header for address dump request");
1728 return -EINVAL;
1729 }
1730
1731 ifm = nlmsg_data(nlh);
1732 if (ifm->ifa_prefixlen || ifm->ifa_flags || ifm->ifa_scope) {
1733 NL_SET_ERR_MSG(extack, "ipv4: Invalid values in header for address dump request");
1734 return -EINVAL;
1735 }
1736
1737 fillargs->ifindex = ifm->ifa_index;
1738 if (fillargs->ifindex) {
1739 cb->answer_flags |= NLM_F_DUMP_FILTERED;
1740 fillargs->flags |= NLM_F_DUMP_FILTERED;
1741 }
1742
1743 err = nlmsg_parse_deprecated_strict(nlh, sizeof(*ifm), tb, IFA_MAX,
1744 ifa_ipv4_policy, extack);
1745 if (err < 0)
1746 return err;
1747
1748 for (i = 0; i <= IFA_MAX; ++i) {
1749 if (!tb[i])
1750 continue;
1751
1752 if (i == IFA_TARGET_NETNSID) {
1753 struct net *net;
1754
1755 fillargs->netnsid = nla_get_s32(tb[i]);
1756
1757 net = rtnl_get_net_ns_capable(sk, fillargs->netnsid);
1758 if (IS_ERR(net)) {
1759 fillargs->netnsid = -1;
1760 NL_SET_ERR_MSG(extack, "ipv4: Invalid target network namespace id");
1761 return PTR_ERR(net);
1762 }
1763 *tgt_net = net;
1764 } else {
1765 NL_SET_ERR_MSG(extack, "ipv4: Unsupported attribute in dump request");
1766 return -EINVAL;
1767 }
1768 }
1769
1770 return 0;
1771 }
1772
in_dev_dump_addr(struct in_device * in_dev,struct sk_buff * skb,struct netlink_callback * cb,int s_ip_idx,struct inet_fill_args * fillargs)1773 static int in_dev_dump_addr(struct in_device *in_dev, struct sk_buff *skb,
1774 struct netlink_callback *cb, int s_ip_idx,
1775 struct inet_fill_args *fillargs)
1776 {
1777 struct in_ifaddr *ifa;
1778 int ip_idx = 0;
1779 int err;
1780
1781 in_dev_for_each_ifa_rtnl(ifa, in_dev) {
1782 if (ip_idx < s_ip_idx) {
1783 ip_idx++;
1784 continue;
1785 }
1786 err = inet_fill_ifaddr(skb, ifa, fillargs);
1787 if (err < 0)
1788 goto done;
1789
1790 nl_dump_check_consistent(cb, nlmsg_hdr(skb));
1791 ip_idx++;
1792 }
1793 err = 0;
1794
1795 done:
1796 cb->args[2] = ip_idx;
1797
1798 return err;
1799 }
1800
1801 /* Combine dev_addr_genid and dev_base_seq to detect changes.
1802 */
inet_base_seq(const struct net * net)1803 static u32 inet_base_seq(const struct net *net)
1804 {
1805 u32 res = atomic_read(&net->ipv4.dev_addr_genid) +
1806 net->dev_base_seq;
1807
1808 /* Must not return 0 (see nl_dump_check_consistent()).
1809 * Chose a value far away from 0.
1810 */
1811 if (!res)
1812 res = 0x80000000;
1813 return res;
1814 }
1815
inet_dump_ifaddr(struct sk_buff * skb,struct netlink_callback * cb)1816 static int inet_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb)
1817 {
1818 const struct nlmsghdr *nlh = cb->nlh;
1819 struct inet_fill_args fillargs = {
1820 .portid = NETLINK_CB(cb->skb).portid,
1821 .seq = nlh->nlmsg_seq,
1822 .event = RTM_NEWADDR,
1823 .flags = NLM_F_MULTI,
1824 .netnsid = -1,
1825 };
1826 struct net *net = sock_net(skb->sk);
1827 struct net *tgt_net = net;
1828 int h, s_h;
1829 int idx, s_idx;
1830 int s_ip_idx;
1831 struct net_device *dev;
1832 struct in_device *in_dev;
1833 struct hlist_head *head;
1834 int err = 0;
1835
1836 s_h = cb->args[0];
1837 s_idx = idx = cb->args[1];
1838 s_ip_idx = cb->args[2];
1839
1840 if (cb->strict_check) {
1841 err = inet_valid_dump_ifaddr_req(nlh, &fillargs, &tgt_net,
1842 skb->sk, cb);
1843 if (err < 0)
1844 goto put_tgt_net;
1845
1846 err = 0;
1847 if (fillargs.ifindex) {
1848 dev = __dev_get_by_index(tgt_net, fillargs.ifindex);
1849 if (!dev) {
1850 err = -ENODEV;
1851 goto put_tgt_net;
1852 }
1853
1854 in_dev = __in_dev_get_rtnl(dev);
1855 if (in_dev) {
1856 err = in_dev_dump_addr(in_dev, skb, cb, s_ip_idx,
1857 &fillargs);
1858 }
1859 goto put_tgt_net;
1860 }
1861 }
1862
1863 for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) {
1864 idx = 0;
1865 head = &tgt_net->dev_index_head[h];
1866 rcu_read_lock();
1867 cb->seq = inet_base_seq(tgt_net);
1868 hlist_for_each_entry_rcu(dev, head, index_hlist) {
1869 if (idx < s_idx)
1870 goto cont;
1871 if (h > s_h || idx > s_idx)
1872 s_ip_idx = 0;
1873 in_dev = __in_dev_get_rcu(dev);
1874 if (!in_dev)
1875 goto cont;
1876
1877 err = in_dev_dump_addr(in_dev, skb, cb, s_ip_idx,
1878 &fillargs);
1879 if (err < 0) {
1880 rcu_read_unlock();
1881 goto done;
1882 }
1883 cont:
1884 idx++;
1885 }
1886 rcu_read_unlock();
1887 }
1888
1889 done:
1890 cb->args[0] = h;
1891 cb->args[1] = idx;
1892 put_tgt_net:
1893 if (fillargs.netnsid >= 0)
1894 put_net(tgt_net);
1895
1896 return skb->len ? : err;
1897 }
1898
rtmsg_ifa(int event,struct in_ifaddr * ifa,struct nlmsghdr * nlh,u32 portid)1899 static void rtmsg_ifa(int event, struct in_ifaddr *ifa, struct nlmsghdr *nlh,
1900 u32 portid)
1901 {
1902 struct inet_fill_args fillargs = {
1903 .portid = portid,
1904 .seq = nlh ? nlh->nlmsg_seq : 0,
1905 .event = event,
1906 .flags = 0,
1907 .netnsid = -1,
1908 };
1909 struct sk_buff *skb;
1910 int err = -ENOBUFS;
1911 struct net *net;
1912
1913 net = dev_net(ifa->ifa_dev->dev);
1914 skb = nlmsg_new(inet_nlmsg_size(), GFP_KERNEL);
1915 if (!skb)
1916 goto errout;
1917
1918 err = inet_fill_ifaddr(skb, ifa, &fillargs);
1919 if (err < 0) {
1920 /* -EMSGSIZE implies BUG in inet_nlmsg_size() */
1921 WARN_ON(err == -EMSGSIZE);
1922 kfree_skb(skb);
1923 goto errout;
1924 }
1925 rtnl_notify(skb, net, portid, RTNLGRP_IPV4_IFADDR, nlh, GFP_KERNEL);
1926 return;
1927 errout:
1928 if (err < 0)
1929 rtnl_set_sk_err(net, RTNLGRP_IPV4_IFADDR, err);
1930 }
1931
inet_get_link_af_size(const struct net_device * dev,u32 ext_filter_mask)1932 static size_t inet_get_link_af_size(const struct net_device *dev,
1933 u32 ext_filter_mask)
1934 {
1935 struct in_device *in_dev = rcu_dereference_rtnl(dev->ip_ptr);
1936
1937 if (!in_dev)
1938 return 0;
1939
1940 return nla_total_size(IPV4_DEVCONF_MAX * 4); /* IFLA_INET_CONF */
1941 }
1942
inet_fill_link_af(struct sk_buff * skb,const struct net_device * dev,u32 ext_filter_mask)1943 static int inet_fill_link_af(struct sk_buff *skb, const struct net_device *dev,
1944 u32 ext_filter_mask)
1945 {
1946 struct in_device *in_dev = rcu_dereference_rtnl(dev->ip_ptr);
1947 struct nlattr *nla;
1948 int i;
1949
1950 if (!in_dev)
1951 return -ENODATA;
1952
1953 nla = nla_reserve(skb, IFLA_INET_CONF, IPV4_DEVCONF_MAX * 4);
1954 if (!nla)
1955 return -EMSGSIZE;
1956
1957 for (i = 0; i < IPV4_DEVCONF_MAX; i++)
1958 ((u32 *) nla_data(nla))[i] = in_dev->cnf.data[i];
1959
1960 return 0;
1961 }
1962
1963 static const struct nla_policy inet_af_policy[IFLA_INET_MAX+1] = {
1964 [IFLA_INET_CONF] = { .type = NLA_NESTED },
1965 };
1966
inet_validate_link_af(const struct net_device * dev,const struct nlattr * nla,struct netlink_ext_ack * extack)1967 static int inet_validate_link_af(const struct net_device *dev,
1968 const struct nlattr *nla,
1969 struct netlink_ext_ack *extack)
1970 {
1971 struct nlattr *a, *tb[IFLA_INET_MAX+1];
1972 int err, rem;
1973
1974 if (dev && !__in_dev_get_rtnl(dev))
1975 return -EAFNOSUPPORT;
1976
1977 err = nla_parse_nested_deprecated(tb, IFLA_INET_MAX, nla,
1978 inet_af_policy, extack);
1979 if (err < 0)
1980 return err;
1981
1982 if (tb[IFLA_INET_CONF]) {
1983 nla_for_each_nested(a, tb[IFLA_INET_CONF], rem) {
1984 int cfgid = nla_type(a);
1985
1986 if (nla_len(a) < 4)
1987 return -EINVAL;
1988
1989 if (cfgid <= 0 || cfgid > IPV4_DEVCONF_MAX)
1990 return -EINVAL;
1991 }
1992 }
1993
1994 return 0;
1995 }
1996
inet_set_link_af(struct net_device * dev,const struct nlattr * nla,struct netlink_ext_ack * extack)1997 static int inet_set_link_af(struct net_device *dev, const struct nlattr *nla,
1998 struct netlink_ext_ack *extack)
1999 {
2000 struct in_device *in_dev = __in_dev_get_rtnl(dev);
2001 struct nlattr *a, *tb[IFLA_INET_MAX+1];
2002 int rem;
2003
2004 if (!in_dev)
2005 return -EAFNOSUPPORT;
2006
2007 if (nla_parse_nested_deprecated(tb, IFLA_INET_MAX, nla, NULL, NULL) < 0)
2008 return -EINVAL;
2009
2010 if (tb[IFLA_INET_CONF]) {
2011 nla_for_each_nested(a, tb[IFLA_INET_CONF], rem)
2012 ipv4_devconf_set(in_dev, nla_type(a), nla_get_u32(a));
2013 }
2014
2015 return 0;
2016 }
2017
inet_netconf_msgsize_devconf(int type)2018 static int inet_netconf_msgsize_devconf(int type)
2019 {
2020 int size = NLMSG_ALIGN(sizeof(struct netconfmsg))
2021 + nla_total_size(4); /* NETCONFA_IFINDEX */
2022 bool all = false;
2023
2024 if (type == NETCONFA_ALL)
2025 all = true;
2026
2027 if (all || type == NETCONFA_FORWARDING)
2028 size += nla_total_size(4);
2029 if (all || type == NETCONFA_RP_FILTER)
2030 size += nla_total_size(4);
2031 if (all || type == NETCONFA_MC_FORWARDING)
2032 size += nla_total_size(4);
2033 if (all || type == NETCONFA_BC_FORWARDING)
2034 size += nla_total_size(4);
2035 if (all || type == NETCONFA_PROXY_NEIGH)
2036 size += nla_total_size(4);
2037 if (all || type == NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN)
2038 size += nla_total_size(4);
2039
2040 return size;
2041 }
2042
inet_netconf_fill_devconf(struct sk_buff * skb,int ifindex,struct ipv4_devconf * devconf,u32 portid,u32 seq,int event,unsigned int flags,int type)2043 static int inet_netconf_fill_devconf(struct sk_buff *skb, int ifindex,
2044 struct ipv4_devconf *devconf, u32 portid,
2045 u32 seq, int event, unsigned int flags,
2046 int type)
2047 {
2048 struct nlmsghdr *nlh;
2049 struct netconfmsg *ncm;
2050 bool all = false;
2051
2052 nlh = nlmsg_put(skb, portid, seq, event, sizeof(struct netconfmsg),
2053 flags);
2054 if (!nlh)
2055 return -EMSGSIZE;
2056
2057 if (type == NETCONFA_ALL)
2058 all = true;
2059
2060 ncm = nlmsg_data(nlh);
2061 ncm->ncm_family = AF_INET;
2062
2063 if (nla_put_s32(skb, NETCONFA_IFINDEX, ifindex) < 0)
2064 goto nla_put_failure;
2065
2066 if (!devconf)
2067 goto out;
2068
2069 if ((all || type == NETCONFA_FORWARDING) &&
2070 nla_put_s32(skb, NETCONFA_FORWARDING,
2071 IPV4_DEVCONF(*devconf, FORWARDING)) < 0)
2072 goto nla_put_failure;
2073 if ((all || type == NETCONFA_RP_FILTER) &&
2074 nla_put_s32(skb, NETCONFA_RP_FILTER,
2075 IPV4_DEVCONF(*devconf, RP_FILTER)) < 0)
2076 goto nla_put_failure;
2077 if ((all || type == NETCONFA_MC_FORWARDING) &&
2078 nla_put_s32(skb, NETCONFA_MC_FORWARDING,
2079 IPV4_DEVCONF(*devconf, MC_FORWARDING)) < 0)
2080 goto nla_put_failure;
2081 if ((all || type == NETCONFA_BC_FORWARDING) &&
2082 nla_put_s32(skb, NETCONFA_BC_FORWARDING,
2083 IPV4_DEVCONF(*devconf, BC_FORWARDING)) < 0)
2084 goto nla_put_failure;
2085 if ((all || type == NETCONFA_PROXY_NEIGH) &&
2086 nla_put_s32(skb, NETCONFA_PROXY_NEIGH,
2087 IPV4_DEVCONF(*devconf, PROXY_ARP)) < 0)
2088 goto nla_put_failure;
2089 if ((all || type == NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN) &&
2090 nla_put_s32(skb, NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN,
2091 IPV4_DEVCONF(*devconf, IGNORE_ROUTES_WITH_LINKDOWN)) < 0)
2092 goto nla_put_failure;
2093
2094 out:
2095 nlmsg_end(skb, nlh);
2096 return 0;
2097
2098 nla_put_failure:
2099 nlmsg_cancel(skb, nlh);
2100 return -EMSGSIZE;
2101 }
2102
inet_netconf_notify_devconf(struct net * net,int event,int type,int ifindex,struct ipv4_devconf * devconf)2103 void inet_netconf_notify_devconf(struct net *net, int event, int type,
2104 int ifindex, struct ipv4_devconf *devconf)
2105 {
2106 struct sk_buff *skb;
2107 int err = -ENOBUFS;
2108
2109 skb = nlmsg_new(inet_netconf_msgsize_devconf(type), GFP_KERNEL);
2110 if (!skb)
2111 goto errout;
2112
2113 err = inet_netconf_fill_devconf(skb, ifindex, devconf, 0, 0,
2114 event, 0, type);
2115 if (err < 0) {
2116 /* -EMSGSIZE implies BUG in inet_netconf_msgsize_devconf() */
2117 WARN_ON(err == -EMSGSIZE);
2118 kfree_skb(skb);
2119 goto errout;
2120 }
2121 rtnl_notify(skb, net, 0, RTNLGRP_IPV4_NETCONF, NULL, GFP_KERNEL);
2122 return;
2123 errout:
2124 if (err < 0)
2125 rtnl_set_sk_err(net, RTNLGRP_IPV4_NETCONF, err);
2126 }
2127
2128 static const struct nla_policy devconf_ipv4_policy[NETCONFA_MAX+1] = {
2129 [NETCONFA_IFINDEX] = { .len = sizeof(int) },
2130 [NETCONFA_FORWARDING] = { .len = sizeof(int) },
2131 [NETCONFA_RP_FILTER] = { .len = sizeof(int) },
2132 [NETCONFA_PROXY_NEIGH] = { .len = sizeof(int) },
2133 [NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN] = { .len = sizeof(int) },
2134 };
2135
inet_netconf_valid_get_req(struct sk_buff * skb,const struct nlmsghdr * nlh,struct nlattr ** tb,struct netlink_ext_ack * extack)2136 static int inet_netconf_valid_get_req(struct sk_buff *skb,
2137 const struct nlmsghdr *nlh,
2138 struct nlattr **tb,
2139 struct netlink_ext_ack *extack)
2140 {
2141 int i, err;
2142
2143 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(struct netconfmsg))) {
2144 NL_SET_ERR_MSG(extack, "ipv4: Invalid header for netconf get request");
2145 return -EINVAL;
2146 }
2147
2148 if (!netlink_strict_get_check(skb))
2149 return nlmsg_parse_deprecated(nlh, sizeof(struct netconfmsg),
2150 tb, NETCONFA_MAX,
2151 devconf_ipv4_policy, extack);
2152
2153 err = nlmsg_parse_deprecated_strict(nlh, sizeof(struct netconfmsg),
2154 tb, NETCONFA_MAX,
2155 devconf_ipv4_policy, extack);
2156 if (err)
2157 return err;
2158
2159 for (i = 0; i <= NETCONFA_MAX; i++) {
2160 if (!tb[i])
2161 continue;
2162
2163 switch (i) {
2164 case NETCONFA_IFINDEX:
2165 break;
2166 default:
2167 NL_SET_ERR_MSG(extack, "ipv4: Unsupported attribute in netconf get request");
2168 return -EINVAL;
2169 }
2170 }
2171
2172 return 0;
2173 }
2174
inet_netconf_get_devconf(struct sk_buff * in_skb,struct nlmsghdr * nlh,struct netlink_ext_ack * extack)2175 static int inet_netconf_get_devconf(struct sk_buff *in_skb,
2176 struct nlmsghdr *nlh,
2177 struct netlink_ext_ack *extack)
2178 {
2179 struct net *net = sock_net(in_skb->sk);
2180 struct nlattr *tb[NETCONFA_MAX+1];
2181 struct sk_buff *skb;
2182 struct ipv4_devconf *devconf;
2183 struct in_device *in_dev;
2184 struct net_device *dev;
2185 int ifindex;
2186 int err;
2187
2188 err = inet_netconf_valid_get_req(in_skb, nlh, tb, extack);
2189 if (err)
2190 goto errout;
2191
2192 err = -EINVAL;
2193 if (!tb[NETCONFA_IFINDEX])
2194 goto errout;
2195
2196 ifindex = nla_get_s32(tb[NETCONFA_IFINDEX]);
2197 switch (ifindex) {
2198 case NETCONFA_IFINDEX_ALL:
2199 devconf = net->ipv4.devconf_all;
2200 break;
2201 case NETCONFA_IFINDEX_DEFAULT:
2202 devconf = net->ipv4.devconf_dflt;
2203 break;
2204 default:
2205 dev = __dev_get_by_index(net, ifindex);
2206 if (!dev)
2207 goto errout;
2208 in_dev = __in_dev_get_rtnl(dev);
2209 if (!in_dev)
2210 goto errout;
2211 devconf = &in_dev->cnf;
2212 break;
2213 }
2214
2215 err = -ENOBUFS;
2216 skb = nlmsg_new(inet_netconf_msgsize_devconf(NETCONFA_ALL), GFP_KERNEL);
2217 if (!skb)
2218 goto errout;
2219
2220 err = inet_netconf_fill_devconf(skb, ifindex, devconf,
2221 NETLINK_CB(in_skb).portid,
2222 nlh->nlmsg_seq, RTM_NEWNETCONF, 0,
2223 NETCONFA_ALL);
2224 if (err < 0) {
2225 /* -EMSGSIZE implies BUG in inet_netconf_msgsize_devconf() */
2226 WARN_ON(err == -EMSGSIZE);
2227 kfree_skb(skb);
2228 goto errout;
2229 }
2230 err = rtnl_unicast(skb, net, NETLINK_CB(in_skb).portid);
2231 errout:
2232 return err;
2233 }
2234
inet_netconf_dump_devconf(struct sk_buff * skb,struct netlink_callback * cb)2235 static int inet_netconf_dump_devconf(struct sk_buff *skb,
2236 struct netlink_callback *cb)
2237 {
2238 const struct nlmsghdr *nlh = cb->nlh;
2239 struct net *net = sock_net(skb->sk);
2240 int h, s_h;
2241 int idx, s_idx;
2242 struct net_device *dev;
2243 struct in_device *in_dev;
2244 struct hlist_head *head;
2245
2246 if (cb->strict_check) {
2247 struct netlink_ext_ack *extack = cb->extack;
2248 struct netconfmsg *ncm;
2249
2250 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ncm))) {
2251 NL_SET_ERR_MSG(extack, "ipv4: Invalid header for netconf dump request");
2252 return -EINVAL;
2253 }
2254
2255 if (nlmsg_attrlen(nlh, sizeof(*ncm))) {
2256 NL_SET_ERR_MSG(extack, "ipv4: Invalid data after header in netconf dump request");
2257 return -EINVAL;
2258 }
2259 }
2260
2261 s_h = cb->args[0];
2262 s_idx = idx = cb->args[1];
2263
2264 for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) {
2265 idx = 0;
2266 head = &net->dev_index_head[h];
2267 rcu_read_lock();
2268 cb->seq = inet_base_seq(net);
2269 hlist_for_each_entry_rcu(dev, head, index_hlist) {
2270 if (idx < s_idx)
2271 goto cont;
2272 in_dev = __in_dev_get_rcu(dev);
2273 if (!in_dev)
2274 goto cont;
2275
2276 if (inet_netconf_fill_devconf(skb, dev->ifindex,
2277 &in_dev->cnf,
2278 NETLINK_CB(cb->skb).portid,
2279 nlh->nlmsg_seq,
2280 RTM_NEWNETCONF,
2281 NLM_F_MULTI,
2282 NETCONFA_ALL) < 0) {
2283 rcu_read_unlock();
2284 goto done;
2285 }
2286 nl_dump_check_consistent(cb, nlmsg_hdr(skb));
2287 cont:
2288 idx++;
2289 }
2290 rcu_read_unlock();
2291 }
2292 if (h == NETDEV_HASHENTRIES) {
2293 if (inet_netconf_fill_devconf(skb, NETCONFA_IFINDEX_ALL,
2294 net->ipv4.devconf_all,
2295 NETLINK_CB(cb->skb).portid,
2296 nlh->nlmsg_seq,
2297 RTM_NEWNETCONF, NLM_F_MULTI,
2298 NETCONFA_ALL) < 0)
2299 goto done;
2300 else
2301 h++;
2302 }
2303 if (h == NETDEV_HASHENTRIES + 1) {
2304 if (inet_netconf_fill_devconf(skb, NETCONFA_IFINDEX_DEFAULT,
2305 net->ipv4.devconf_dflt,
2306 NETLINK_CB(cb->skb).portid,
2307 nlh->nlmsg_seq,
2308 RTM_NEWNETCONF, NLM_F_MULTI,
2309 NETCONFA_ALL) < 0)
2310 goto done;
2311 else
2312 h++;
2313 }
2314 done:
2315 cb->args[0] = h;
2316 cb->args[1] = idx;
2317
2318 return skb->len;
2319 }
2320
2321 #ifdef CONFIG_SYSCTL
2322
devinet_copy_dflt_conf(struct net * net,int i)2323 static void devinet_copy_dflt_conf(struct net *net, int i)
2324 {
2325 struct net_device *dev;
2326
2327 rcu_read_lock();
2328 for_each_netdev_rcu(net, dev) {
2329 struct in_device *in_dev;
2330
2331 in_dev = __in_dev_get_rcu(dev);
2332 if (in_dev && !test_bit(i, in_dev->cnf.state))
2333 in_dev->cnf.data[i] = net->ipv4.devconf_dflt->data[i];
2334 }
2335 rcu_read_unlock();
2336 }
2337
2338 /* called with RTNL locked */
inet_forward_change(struct net * net)2339 static void inet_forward_change(struct net *net)
2340 {
2341 struct net_device *dev;
2342 int on = IPV4_DEVCONF_ALL(net, FORWARDING);
2343
2344 IPV4_DEVCONF_ALL(net, ACCEPT_REDIRECTS) = !on;
2345 IPV4_DEVCONF_DFLT(net, FORWARDING) = on;
2346 inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
2347 NETCONFA_FORWARDING,
2348 NETCONFA_IFINDEX_ALL,
2349 net->ipv4.devconf_all);
2350 inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
2351 NETCONFA_FORWARDING,
2352 NETCONFA_IFINDEX_DEFAULT,
2353 net->ipv4.devconf_dflt);
2354
2355 for_each_netdev(net, dev) {
2356 struct in_device *in_dev;
2357
2358 if (on)
2359 dev_disable_lro(dev);
2360
2361 in_dev = __in_dev_get_rtnl(dev);
2362 if (in_dev) {
2363 IN_DEV_CONF_SET(in_dev, FORWARDING, on);
2364 inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
2365 NETCONFA_FORWARDING,
2366 dev->ifindex, &in_dev->cnf);
2367 }
2368 }
2369 }
2370
devinet_conf_ifindex(struct net * net,struct ipv4_devconf * cnf)2371 static int devinet_conf_ifindex(struct net *net, struct ipv4_devconf *cnf)
2372 {
2373 if (cnf == net->ipv4.devconf_dflt)
2374 return NETCONFA_IFINDEX_DEFAULT;
2375 else if (cnf == net->ipv4.devconf_all)
2376 return NETCONFA_IFINDEX_ALL;
2377 else {
2378 struct in_device *idev
2379 = container_of(cnf, struct in_device, cnf);
2380 return idev->dev->ifindex;
2381 }
2382 }
2383
devinet_conf_proc(struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)2384 static int devinet_conf_proc(struct ctl_table *ctl, int write,
2385 void *buffer, size_t *lenp, loff_t *ppos)
2386 {
2387 int old_value = *(int *)ctl->data;
2388 int ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
2389 int new_value = *(int *)ctl->data;
2390
2391 if (write) {
2392 struct ipv4_devconf *cnf = ctl->extra1;
2393 struct net *net = ctl->extra2;
2394 int i = (int *)ctl->data - cnf->data;
2395 int ifindex;
2396
2397 set_bit(i, cnf->state);
2398
2399 if (cnf == net->ipv4.devconf_dflt)
2400 devinet_copy_dflt_conf(net, i);
2401 if (i == IPV4_DEVCONF_ACCEPT_LOCAL - 1 ||
2402 i == IPV4_DEVCONF_ROUTE_LOCALNET - 1)
2403 if ((new_value == 0) && (old_value != 0))
2404 rt_cache_flush(net);
2405
2406 if (i == IPV4_DEVCONF_BC_FORWARDING - 1 &&
2407 new_value != old_value)
2408 rt_cache_flush(net);
2409
2410 if (i == IPV4_DEVCONF_RP_FILTER - 1 &&
2411 new_value != old_value) {
2412 ifindex = devinet_conf_ifindex(net, cnf);
2413 inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
2414 NETCONFA_RP_FILTER,
2415 ifindex, cnf);
2416 }
2417 if (i == IPV4_DEVCONF_PROXY_ARP - 1 &&
2418 new_value != old_value) {
2419 ifindex = devinet_conf_ifindex(net, cnf);
2420 inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
2421 NETCONFA_PROXY_NEIGH,
2422 ifindex, cnf);
2423 }
2424 if (i == IPV4_DEVCONF_IGNORE_ROUTES_WITH_LINKDOWN - 1 &&
2425 new_value != old_value) {
2426 ifindex = devinet_conf_ifindex(net, cnf);
2427 inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
2428 NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN,
2429 ifindex, cnf);
2430 }
2431 }
2432
2433 return ret;
2434 }
2435
devinet_sysctl_forward(struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)2436 static int devinet_sysctl_forward(struct ctl_table *ctl, int write,
2437 void *buffer, size_t *lenp, loff_t *ppos)
2438 {
2439 int *valp = ctl->data;
2440 int val = *valp;
2441 loff_t pos = *ppos;
2442 struct net *net = ctl->extra2;
2443 int ret;
2444
2445 if (write && !ns_capable(net->user_ns, CAP_NET_ADMIN))
2446 return -EPERM;
2447
2448 ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
2449
2450 if (write && *valp != val) {
2451 if (valp != &IPV4_DEVCONF_DFLT(net, FORWARDING)) {
2452 if (!rtnl_trylock()) {
2453 /* Restore the original values before restarting */
2454 *valp = val;
2455 *ppos = pos;
2456 return restart_syscall();
2457 }
2458 if (valp == &IPV4_DEVCONF_ALL(net, FORWARDING)) {
2459 inet_forward_change(net);
2460 } else {
2461 struct ipv4_devconf *cnf = ctl->extra1;
2462 struct in_device *idev =
2463 container_of(cnf, struct in_device, cnf);
2464 if (*valp)
2465 dev_disable_lro(idev->dev);
2466 inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
2467 NETCONFA_FORWARDING,
2468 idev->dev->ifindex,
2469 cnf);
2470 }
2471 rtnl_unlock();
2472 rt_cache_flush(net);
2473 } else
2474 inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
2475 NETCONFA_FORWARDING,
2476 NETCONFA_IFINDEX_DEFAULT,
2477 net->ipv4.devconf_dflt);
2478 }
2479
2480 return ret;
2481 }
2482
ipv4_doint_and_flush(struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)2483 static int ipv4_doint_and_flush(struct ctl_table *ctl, int write,
2484 void *buffer, size_t *lenp, loff_t *ppos)
2485 {
2486 int *valp = ctl->data;
2487 int val = *valp;
2488 int ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
2489 struct net *net = ctl->extra2;
2490
2491 if (write && *valp != val)
2492 rt_cache_flush(net);
2493
2494 return ret;
2495 }
2496
2497 #define DEVINET_SYSCTL_ENTRY(attr, name, mval, proc) \
2498 { \
2499 .procname = name, \
2500 .data = ipv4_devconf.data + \
2501 IPV4_DEVCONF_ ## attr - 1, \
2502 .maxlen = sizeof(int), \
2503 .mode = mval, \
2504 .proc_handler = proc, \
2505 .extra1 = &ipv4_devconf, \
2506 }
2507
2508 #define DEVINET_SYSCTL_RW_ENTRY(attr, name) \
2509 DEVINET_SYSCTL_ENTRY(attr, name, 0644, devinet_conf_proc)
2510
2511 #define DEVINET_SYSCTL_RO_ENTRY(attr, name) \
2512 DEVINET_SYSCTL_ENTRY(attr, name, 0444, devinet_conf_proc)
2513
2514 #define DEVINET_SYSCTL_COMPLEX_ENTRY(attr, name, proc) \
2515 DEVINET_SYSCTL_ENTRY(attr, name, 0644, proc)
2516
2517 #define DEVINET_SYSCTL_FLUSHING_ENTRY(attr, name) \
2518 DEVINET_SYSCTL_COMPLEX_ENTRY(attr, name, ipv4_doint_and_flush)
2519
2520 static struct devinet_sysctl_table {
2521 struct ctl_table_header *sysctl_header;
2522 struct ctl_table devinet_vars[__IPV4_DEVCONF_MAX];
2523 } devinet_sysctl = {
2524 .devinet_vars = {
2525 DEVINET_SYSCTL_COMPLEX_ENTRY(FORWARDING, "forwarding",
2526 devinet_sysctl_forward),
2527 DEVINET_SYSCTL_RO_ENTRY(MC_FORWARDING, "mc_forwarding"),
2528 DEVINET_SYSCTL_RW_ENTRY(BC_FORWARDING, "bc_forwarding"),
2529
2530 DEVINET_SYSCTL_RW_ENTRY(ACCEPT_REDIRECTS, "accept_redirects"),
2531 DEVINET_SYSCTL_RW_ENTRY(SECURE_REDIRECTS, "secure_redirects"),
2532 DEVINET_SYSCTL_RW_ENTRY(SHARED_MEDIA, "shared_media"),
2533 DEVINET_SYSCTL_RW_ENTRY(RP_FILTER, "rp_filter"),
2534 DEVINET_SYSCTL_RW_ENTRY(SEND_REDIRECTS, "send_redirects"),
2535 DEVINET_SYSCTL_RW_ENTRY(ACCEPT_SOURCE_ROUTE,
2536 "accept_source_route"),
2537 DEVINET_SYSCTL_RW_ENTRY(ACCEPT_LOCAL, "accept_local"),
2538 DEVINET_SYSCTL_RW_ENTRY(SRC_VMARK, "src_valid_mark"),
2539 DEVINET_SYSCTL_RW_ENTRY(PROXY_ARP, "proxy_arp"),
2540 DEVINET_SYSCTL_RW_ENTRY(MEDIUM_ID, "medium_id"),
2541 DEVINET_SYSCTL_RW_ENTRY(BOOTP_RELAY, "bootp_relay"),
2542 DEVINET_SYSCTL_RW_ENTRY(LOG_MARTIANS, "log_martians"),
2543 DEVINET_SYSCTL_RW_ENTRY(TAG, "tag"),
2544 DEVINET_SYSCTL_RW_ENTRY(ARPFILTER, "arp_filter"),
2545 DEVINET_SYSCTL_RW_ENTRY(ARP_ANNOUNCE, "arp_announce"),
2546 DEVINET_SYSCTL_RW_ENTRY(ARP_IGNORE, "arp_ignore"),
2547 DEVINET_SYSCTL_RW_ENTRY(ARP_ACCEPT, "arp_accept"),
2548 DEVINET_SYSCTL_RW_ENTRY(ARP_NOTIFY, "arp_notify"),
2549 DEVINET_SYSCTL_RW_ENTRY(PROXY_ARP_PVLAN, "proxy_arp_pvlan"),
2550 DEVINET_SYSCTL_RW_ENTRY(FORCE_IGMP_VERSION,
2551 "force_igmp_version"),
2552 DEVINET_SYSCTL_RW_ENTRY(IGMPV2_UNSOLICITED_REPORT_INTERVAL,
2553 "igmpv2_unsolicited_report_interval"),
2554 DEVINET_SYSCTL_RW_ENTRY(IGMPV3_UNSOLICITED_REPORT_INTERVAL,
2555 "igmpv3_unsolicited_report_interval"),
2556 DEVINET_SYSCTL_RW_ENTRY(IGNORE_ROUTES_WITH_LINKDOWN,
2557 "ignore_routes_with_linkdown"),
2558 DEVINET_SYSCTL_RW_ENTRY(DROP_GRATUITOUS_ARP,
2559 "drop_gratuitous_arp"),
2560
2561 DEVINET_SYSCTL_FLUSHING_ENTRY(NOXFRM, "disable_xfrm"),
2562 DEVINET_SYSCTL_FLUSHING_ENTRY(NOPOLICY, "disable_policy"),
2563 DEVINET_SYSCTL_FLUSHING_ENTRY(PROMOTE_SECONDARIES,
2564 "promote_secondaries"),
2565 DEVINET_SYSCTL_FLUSHING_ENTRY(ROUTE_LOCALNET,
2566 "route_localnet"),
2567 DEVINET_SYSCTL_FLUSHING_ENTRY(DROP_UNICAST_IN_L2_MULTICAST,
2568 "drop_unicast_in_l2_multicast"),
2569 },
2570 };
2571
__devinet_sysctl_register(struct net * net,char * dev_name,int ifindex,struct ipv4_devconf * p)2572 static int __devinet_sysctl_register(struct net *net, char *dev_name,
2573 int ifindex, struct ipv4_devconf *p)
2574 {
2575 int i;
2576 struct devinet_sysctl_table *t;
2577 char path[sizeof("net/ipv4/conf/") + IFNAMSIZ];
2578
2579 t = kmemdup(&devinet_sysctl, sizeof(*t), GFP_KERNEL);
2580 if (!t)
2581 goto out;
2582
2583 for (i = 0; i < ARRAY_SIZE(t->devinet_vars) - 1; i++) {
2584 t->devinet_vars[i].data += (char *)p - (char *)&ipv4_devconf;
2585 t->devinet_vars[i].extra1 = p;
2586 t->devinet_vars[i].extra2 = net;
2587 }
2588
2589 snprintf(path, sizeof(path), "net/ipv4/conf/%s", dev_name);
2590
2591 t->sysctl_header = register_net_sysctl(net, path, t->devinet_vars);
2592 if (!t->sysctl_header)
2593 goto free;
2594
2595 p->sysctl = t;
2596
2597 inet_netconf_notify_devconf(net, RTM_NEWNETCONF, NETCONFA_ALL,
2598 ifindex, p);
2599 return 0;
2600
2601 free:
2602 kfree(t);
2603 out:
2604 return -ENOMEM;
2605 }
2606
__devinet_sysctl_unregister(struct net * net,struct ipv4_devconf * cnf,int ifindex)2607 static void __devinet_sysctl_unregister(struct net *net,
2608 struct ipv4_devconf *cnf, int ifindex)
2609 {
2610 struct devinet_sysctl_table *t = cnf->sysctl;
2611
2612 if (t) {
2613 cnf->sysctl = NULL;
2614 unregister_net_sysctl_table(t->sysctl_header);
2615 kfree(t);
2616 }
2617
2618 inet_netconf_notify_devconf(net, RTM_DELNETCONF, 0, ifindex, NULL);
2619 }
2620
devinet_sysctl_register(struct in_device * idev)2621 static int devinet_sysctl_register(struct in_device *idev)
2622 {
2623 int err;
2624
2625 if (!sysctl_dev_name_is_allowed(idev->dev->name))
2626 return -EINVAL;
2627
2628 err = neigh_sysctl_register(idev->dev, idev->arp_parms, NULL);
2629 if (err)
2630 return err;
2631 err = __devinet_sysctl_register(dev_net(idev->dev), idev->dev->name,
2632 idev->dev->ifindex, &idev->cnf);
2633 if (err)
2634 neigh_sysctl_unregister(idev->arp_parms);
2635 return err;
2636 }
2637
devinet_sysctl_unregister(struct in_device * idev)2638 static void devinet_sysctl_unregister(struct in_device *idev)
2639 {
2640 struct net *net = dev_net(idev->dev);
2641
2642 __devinet_sysctl_unregister(net, &idev->cnf, idev->dev->ifindex);
2643 neigh_sysctl_unregister(idev->arp_parms);
2644 }
2645
2646 static struct ctl_table ctl_forward_entry[] = {
2647 {
2648 .procname = "ip_forward",
2649 .data = &ipv4_devconf.data[
2650 IPV4_DEVCONF_FORWARDING - 1],
2651 .maxlen = sizeof(int),
2652 .mode = 0644,
2653 .proc_handler = devinet_sysctl_forward,
2654 .extra1 = &ipv4_devconf,
2655 .extra2 = &init_net,
2656 },
2657 { },
2658 };
2659 #endif
2660
devinet_init_net(struct net * net)2661 static __net_init int devinet_init_net(struct net *net)
2662 {
2663 int err;
2664 struct ipv4_devconf *all, *dflt;
2665 #ifdef CONFIG_SYSCTL
2666 struct ctl_table *tbl;
2667 struct ctl_table_header *forw_hdr;
2668 #endif
2669
2670 err = -ENOMEM;
2671 all = kmemdup(&ipv4_devconf, sizeof(ipv4_devconf), GFP_KERNEL);
2672 if (!all)
2673 goto err_alloc_all;
2674
2675 dflt = kmemdup(&ipv4_devconf_dflt, sizeof(ipv4_devconf_dflt), GFP_KERNEL);
2676 if (!dflt)
2677 goto err_alloc_dflt;
2678
2679 #ifdef CONFIG_SYSCTL
2680 tbl = kmemdup(ctl_forward_entry, sizeof(ctl_forward_entry), GFP_KERNEL);
2681 if (!tbl)
2682 goto err_alloc_ctl;
2683
2684 tbl[0].data = &all->data[IPV4_DEVCONF_FORWARDING - 1];
2685 tbl[0].extra1 = all;
2686 tbl[0].extra2 = net;
2687 #endif
2688
2689 if (!net_eq(net, &init_net)) {
2690 switch (net_inherit_devconf()) {
2691 case 3:
2692 /* copy from the current netns */
2693 memcpy(all, current->nsproxy->net_ns->ipv4.devconf_all,
2694 sizeof(ipv4_devconf));
2695 memcpy(dflt,
2696 current->nsproxy->net_ns->ipv4.devconf_dflt,
2697 sizeof(ipv4_devconf_dflt));
2698 break;
2699 case 0:
2700 case 1:
2701 /* copy from init_net */
2702 memcpy(all, init_net.ipv4.devconf_all,
2703 sizeof(ipv4_devconf));
2704 memcpy(dflt, init_net.ipv4.devconf_dflt,
2705 sizeof(ipv4_devconf_dflt));
2706 break;
2707 case 2:
2708 /* use compiled values */
2709 break;
2710 }
2711 }
2712
2713 #ifdef CONFIG_SYSCTL
2714 err = __devinet_sysctl_register(net, "all", NETCONFA_IFINDEX_ALL, all);
2715 if (err < 0)
2716 goto err_reg_all;
2717
2718 err = __devinet_sysctl_register(net, "default",
2719 NETCONFA_IFINDEX_DEFAULT, dflt);
2720 if (err < 0)
2721 goto err_reg_dflt;
2722
2723 err = -ENOMEM;
2724 forw_hdr = register_net_sysctl(net, "net/ipv4", tbl);
2725 if (!forw_hdr)
2726 goto err_reg_ctl;
2727 net->ipv4.forw_hdr = forw_hdr;
2728 #endif
2729
2730 net->ipv4.devconf_all = all;
2731 net->ipv4.devconf_dflt = dflt;
2732 return 0;
2733
2734 #ifdef CONFIG_SYSCTL
2735 err_reg_ctl:
2736 __devinet_sysctl_unregister(net, dflt, NETCONFA_IFINDEX_DEFAULT);
2737 err_reg_dflt:
2738 __devinet_sysctl_unregister(net, all, NETCONFA_IFINDEX_ALL);
2739 err_reg_all:
2740 kfree(tbl);
2741 err_alloc_ctl:
2742 #endif
2743 kfree(dflt);
2744 err_alloc_dflt:
2745 kfree(all);
2746 err_alloc_all:
2747 return err;
2748 }
2749
devinet_exit_net(struct net * net)2750 static __net_exit void devinet_exit_net(struct net *net)
2751 {
2752 #ifdef CONFIG_SYSCTL
2753 struct ctl_table *tbl;
2754
2755 tbl = net->ipv4.forw_hdr->ctl_table_arg;
2756 unregister_net_sysctl_table(net->ipv4.forw_hdr);
2757 __devinet_sysctl_unregister(net, net->ipv4.devconf_dflt,
2758 NETCONFA_IFINDEX_DEFAULT);
2759 __devinet_sysctl_unregister(net, net->ipv4.devconf_all,
2760 NETCONFA_IFINDEX_ALL);
2761 kfree(tbl);
2762 #endif
2763 kfree(net->ipv4.devconf_dflt);
2764 kfree(net->ipv4.devconf_all);
2765 }
2766
2767 static __net_initdata struct pernet_operations devinet_ops = {
2768 .init = devinet_init_net,
2769 .exit = devinet_exit_net,
2770 };
2771
2772 static struct rtnl_af_ops inet_af_ops __read_mostly = {
2773 .family = AF_INET,
2774 .fill_link_af = inet_fill_link_af,
2775 .get_link_af_size = inet_get_link_af_size,
2776 .validate_link_af = inet_validate_link_af,
2777 .set_link_af = inet_set_link_af,
2778 };
2779
devinet_init(void)2780 void __init devinet_init(void)
2781 {
2782 int i;
2783
2784 for (i = 0; i < IN4_ADDR_HSIZE; i++)
2785 INIT_HLIST_HEAD(&inet_addr_lst[i]);
2786
2787 register_pernet_subsys(&devinet_ops);
2788 register_netdevice_notifier(&ip_netdev_notifier);
2789
2790 queue_delayed_work(system_power_efficient_wq, &check_lifetime_work, 0);
2791
2792 rtnl_af_register(&inet_af_ops);
2793
2794 rtnl_register(PF_INET, RTM_NEWADDR, inet_rtm_newaddr, NULL, 0);
2795 rtnl_register(PF_INET, RTM_DELADDR, inet_rtm_deladdr, NULL, 0);
2796 rtnl_register(PF_INET, RTM_GETADDR, NULL, inet_dump_ifaddr, 0);
2797 rtnl_register(PF_INET, RTM_GETNETCONF, inet_netconf_get_devconf,
2798 inet_netconf_dump_devconf, 0);
2799 }
2800