1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * NET3 IP device support routines.
4 *
5 * Derived from the IP parts of dev.c 1.0.19
6 * Authors: Ross Biro
7 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
8 * Mark Evans, <evansmp@uhura.aston.ac.uk>
9 *
10 * Additional Authors:
11 * Alan Cox, <gw4pts@gw4pts.ampr.org>
12 * Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>
13 *
14 * Changes:
15 * Alexey Kuznetsov: pa_* fields are replaced with ifaddr
16 * lists.
17 * Cyrus Durgin: updated for kmod
18 * Matthias Andree: in devinet_ioctl, compare label and
19 * address (4.4BSD alias style support),
20 * fall back to comparing just the label
21 * if no match found.
22 */
23
24
25 #include <linux/uaccess.h>
26 #include <linux/bitops.h>
27 #include <linux/capability.h>
28 #include <linux/module.h>
29 #include <linux/types.h>
30 #include <linux/kernel.h>
31 #include <linux/sched/signal.h>
32 #include <linux/string.h>
33 #include <linux/mm.h>
34 #include <linux/socket.h>
35 #include <linux/sockios.h>
36 #include <linux/in.h>
37 #include <linux/errno.h>
38 #include <linux/interrupt.h>
39 #include <linux/if_addr.h>
40 #include <linux/if_ether.h>
41 #include <linux/inet.h>
42 #include <linux/netdevice.h>
43 #include <linux/etherdevice.h>
44 #include <linux/skbuff.h>
45 #include <linux/init.h>
46 #include <linux/notifier.h>
47 #include <linux/inetdevice.h>
48 #include <linux/igmp.h>
49 #include <linux/slab.h>
50 #include <linux/hash.h>
51 #ifdef CONFIG_SYSCTL
52 #include <linux/sysctl.h>
53 #endif
54 #include <linux/kmod.h>
55 #include <linux/netconf.h>
56
57 #include <net/arp.h>
58 #include <net/ip.h>
59 #include <net/route.h>
60 #include <net/ip_fib.h>
61 #include <net/rtnetlink.h>
62 #include <net/net_namespace.h>
63 #include <net/addrconf.h>
64
65 #define IPV6ONLY_FLAGS \
66 (IFA_F_NODAD | IFA_F_OPTIMISTIC | IFA_F_DADFAILED | \
67 IFA_F_HOMEADDRESS | IFA_F_TENTATIVE | \
68 IFA_F_MANAGETEMPADDR | IFA_F_STABLE_PRIVACY)
69
70 static struct ipv4_devconf ipv4_devconf = {
71 .data = {
72 [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 1,
73 [IPV4_DEVCONF_SEND_REDIRECTS - 1] = 1,
74 [IPV4_DEVCONF_SECURE_REDIRECTS - 1] = 1,
75 [IPV4_DEVCONF_SHARED_MEDIA - 1] = 1,
76 [IPV4_DEVCONF_IGMPV2_UNSOLICITED_REPORT_INTERVAL - 1] = 10000 /*ms*/,
77 [IPV4_DEVCONF_IGMPV3_UNSOLICITED_REPORT_INTERVAL - 1] = 1000 /*ms*/,
78 [IPV4_DEVCONF_ARP_EVICT_NOCARRIER - 1] = 1,
79 },
80 };
81
82 static struct ipv4_devconf ipv4_devconf_dflt = {
83 .data = {
84 [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 1,
85 [IPV4_DEVCONF_SEND_REDIRECTS - 1] = 1,
86 [IPV4_DEVCONF_SECURE_REDIRECTS - 1] = 1,
87 [IPV4_DEVCONF_SHARED_MEDIA - 1] = 1,
88 [IPV4_DEVCONF_ACCEPT_SOURCE_ROUTE - 1] = 1,
89 [IPV4_DEVCONF_IGMPV2_UNSOLICITED_REPORT_INTERVAL - 1] = 10000 /*ms*/,
90 [IPV4_DEVCONF_IGMPV3_UNSOLICITED_REPORT_INTERVAL - 1] = 1000 /*ms*/,
91 [IPV4_DEVCONF_ARP_EVICT_NOCARRIER - 1] = 1,
92 },
93 };
94
95 #define IPV4_DEVCONF_DFLT(net, attr) \
96 IPV4_DEVCONF((*net->ipv4.devconf_dflt), attr)
97
98 static const struct nla_policy ifa_ipv4_policy[IFA_MAX+1] = {
99 [IFA_LOCAL] = { .type = NLA_U32 },
100 [IFA_ADDRESS] = { .type = NLA_U32 },
101 [IFA_BROADCAST] = { .type = NLA_U32 },
102 [IFA_LABEL] = { .type = NLA_STRING, .len = IFNAMSIZ - 1 },
103 [IFA_CACHEINFO] = { .len = sizeof(struct ifa_cacheinfo) },
104 [IFA_FLAGS] = { .type = NLA_U32 },
105 [IFA_RT_PRIORITY] = { .type = NLA_U32 },
106 [IFA_TARGET_NETNSID] = { .type = NLA_S32 },
107 [IFA_PROTO] = { .type = NLA_U8 },
108 };
109
110 struct inet_fill_args {
111 u32 portid;
112 u32 seq;
113 int event;
114 unsigned int flags;
115 int netnsid;
116 int ifindex;
117 };
118
119 #define IN4_ADDR_HSIZE_SHIFT 8
120 #define IN4_ADDR_HSIZE (1U << IN4_ADDR_HSIZE_SHIFT)
121
122 static struct hlist_head inet_addr_lst[IN4_ADDR_HSIZE];
123
inet_addr_hash(const struct net * net,__be32 addr)124 static u32 inet_addr_hash(const struct net *net, __be32 addr)
125 {
126 u32 val = (__force u32) addr ^ net_hash_mix(net);
127
128 return hash_32(val, IN4_ADDR_HSIZE_SHIFT);
129 }
130
inet_hash_insert(struct net * net,struct in_ifaddr * ifa)131 static void inet_hash_insert(struct net *net, struct in_ifaddr *ifa)
132 {
133 u32 hash = inet_addr_hash(net, ifa->ifa_local);
134
135 ASSERT_RTNL();
136 hlist_add_head_rcu(&ifa->hash, &inet_addr_lst[hash]);
137 }
138
inet_hash_remove(struct in_ifaddr * ifa)139 static void inet_hash_remove(struct in_ifaddr *ifa)
140 {
141 ASSERT_RTNL();
142 hlist_del_init_rcu(&ifa->hash);
143 }
144
145 /**
146 * __ip_dev_find - find the first device with a given source address.
147 * @net: the net namespace
148 * @addr: the source address
149 * @devref: if true, take a reference on the found device
150 *
151 * If a caller uses devref=false, it should be protected by RCU, or RTNL
152 */
__ip_dev_find(struct net * net,__be32 addr,bool devref)153 struct net_device *__ip_dev_find(struct net *net, __be32 addr, bool devref)
154 {
155 struct net_device *result = NULL;
156 struct in_ifaddr *ifa;
157
158 rcu_read_lock();
159 ifa = inet_lookup_ifaddr_rcu(net, addr);
160 if (!ifa) {
161 struct flowi4 fl4 = { .daddr = addr };
162 struct fib_result res = { 0 };
163 struct fib_table *local;
164
165 /* Fallback to FIB local table so that communication
166 * over loopback subnets work.
167 */
168 local = fib_get_table(net, RT_TABLE_LOCAL);
169 if (local &&
170 !fib_table_lookup(local, &fl4, &res, FIB_LOOKUP_NOREF) &&
171 res.type == RTN_LOCAL)
172 result = FIB_RES_DEV(res);
173 } else {
174 result = ifa->ifa_dev->dev;
175 }
176 if (result && devref)
177 dev_hold(result);
178 rcu_read_unlock();
179 return result;
180 }
181 EXPORT_SYMBOL(__ip_dev_find);
182
183 /* called under RCU lock */
inet_lookup_ifaddr_rcu(struct net * net,__be32 addr)184 struct in_ifaddr *inet_lookup_ifaddr_rcu(struct net *net, __be32 addr)
185 {
186 u32 hash = inet_addr_hash(net, addr);
187 struct in_ifaddr *ifa;
188
189 hlist_for_each_entry_rcu(ifa, &inet_addr_lst[hash], hash)
190 if (ifa->ifa_local == addr &&
191 net_eq(dev_net(ifa->ifa_dev->dev), net))
192 return ifa;
193
194 return NULL;
195 }
196
197 static void rtmsg_ifa(int event, struct in_ifaddr *, struct nlmsghdr *, u32);
198
199 static BLOCKING_NOTIFIER_HEAD(inetaddr_chain);
200 static BLOCKING_NOTIFIER_HEAD(inetaddr_validator_chain);
201 static void inet_del_ifa(struct in_device *in_dev,
202 struct in_ifaddr __rcu **ifap,
203 int destroy);
204 #ifdef CONFIG_SYSCTL
205 static int devinet_sysctl_register(struct in_device *idev);
206 static void devinet_sysctl_unregister(struct in_device *idev);
207 #else
devinet_sysctl_register(struct in_device * idev)208 static int devinet_sysctl_register(struct in_device *idev)
209 {
210 return 0;
211 }
devinet_sysctl_unregister(struct in_device * idev)212 static void devinet_sysctl_unregister(struct in_device *idev)
213 {
214 }
215 #endif
216
217 /* Locks all the inet devices. */
218
inet_alloc_ifa(struct in_device * in_dev)219 static struct in_ifaddr *inet_alloc_ifa(struct in_device *in_dev)
220 {
221 struct in_ifaddr *ifa;
222
223 ifa = kzalloc(sizeof(*ifa), GFP_KERNEL_ACCOUNT);
224 if (!ifa)
225 return NULL;
226
227 in_dev_hold(in_dev);
228 ifa->ifa_dev = in_dev;
229
230 INIT_HLIST_NODE(&ifa->hash);
231
232 return ifa;
233 }
234
inet_rcu_free_ifa(struct rcu_head * head)235 static void inet_rcu_free_ifa(struct rcu_head *head)
236 {
237 struct in_ifaddr *ifa = container_of(head, struct in_ifaddr, rcu_head);
238
239 in_dev_put(ifa->ifa_dev);
240 kfree(ifa);
241 }
242
inet_free_ifa(struct in_ifaddr * ifa)243 static void inet_free_ifa(struct in_ifaddr *ifa)
244 {
245 /* Our reference to ifa->ifa_dev must be freed ASAP
246 * to release the reference to the netdev the same way.
247 * in_dev_put() -> in_dev_finish_destroy() -> netdev_put()
248 */
249 call_rcu_hurry(&ifa->rcu_head, inet_rcu_free_ifa);
250 }
251
in_dev_free_rcu(struct rcu_head * head)252 static void in_dev_free_rcu(struct rcu_head *head)
253 {
254 struct in_device *idev = container_of(head, struct in_device, rcu_head);
255
256 kfree(rcu_dereference_protected(idev->mc_hash, 1));
257 kfree(idev);
258 }
259
in_dev_finish_destroy(struct in_device * idev)260 void in_dev_finish_destroy(struct in_device *idev)
261 {
262 struct net_device *dev = idev->dev;
263
264 WARN_ON(idev->ifa_list);
265 WARN_ON(idev->mc_list);
266 #ifdef NET_REFCNT_DEBUG
267 pr_debug("%s: %p=%s\n", __func__, idev, dev ? dev->name : "NIL");
268 #endif
269 netdev_put(dev, &idev->dev_tracker);
270 if (!idev->dead)
271 pr_err("Freeing alive in_device %p\n", idev);
272 else
273 call_rcu(&idev->rcu_head, in_dev_free_rcu);
274 }
275 EXPORT_SYMBOL(in_dev_finish_destroy);
276
inetdev_init(struct net_device * dev)277 static struct in_device *inetdev_init(struct net_device *dev)
278 {
279 struct in_device *in_dev;
280 int err = -ENOMEM;
281
282 ASSERT_RTNL();
283
284 in_dev = kzalloc(sizeof(*in_dev), GFP_KERNEL);
285 if (!in_dev)
286 goto out;
287 memcpy(&in_dev->cnf, dev_net(dev)->ipv4.devconf_dflt,
288 sizeof(in_dev->cnf));
289 in_dev->cnf.sysctl = NULL;
290 in_dev->dev = dev;
291 in_dev->arp_parms = neigh_parms_alloc(dev, &arp_tbl);
292 if (!in_dev->arp_parms)
293 goto out_kfree;
294 if (IPV4_DEVCONF(in_dev->cnf, FORWARDING))
295 dev_disable_lro(dev);
296 /* Reference in_dev->dev */
297 netdev_hold(dev, &in_dev->dev_tracker, GFP_KERNEL);
298 /* Account for reference dev->ip_ptr (below) */
299 refcount_set(&in_dev->refcnt, 1);
300
301 if (dev != blackhole_netdev) {
302 err = devinet_sysctl_register(in_dev);
303 if (err) {
304 in_dev->dead = 1;
305 neigh_parms_release(&arp_tbl, in_dev->arp_parms);
306 in_dev_put(in_dev);
307 in_dev = NULL;
308 goto out;
309 }
310 ip_mc_init_dev(in_dev);
311 if (dev->flags & IFF_UP)
312 ip_mc_up(in_dev);
313 }
314
315 /* we can receive as soon as ip_ptr is set -- do this last */
316 rcu_assign_pointer(dev->ip_ptr, in_dev);
317 out:
318 return in_dev ?: ERR_PTR(err);
319 out_kfree:
320 kfree(in_dev);
321 in_dev = NULL;
322 goto out;
323 }
324
inetdev_destroy(struct in_device * in_dev)325 static void inetdev_destroy(struct in_device *in_dev)
326 {
327 struct net_device *dev;
328 struct in_ifaddr *ifa;
329
330 ASSERT_RTNL();
331
332 dev = in_dev->dev;
333
334 in_dev->dead = 1;
335
336 ip_mc_destroy_dev(in_dev);
337
338 while ((ifa = rtnl_dereference(in_dev->ifa_list)) != NULL) {
339 inet_del_ifa(in_dev, &in_dev->ifa_list, 0);
340 inet_free_ifa(ifa);
341 }
342
343 RCU_INIT_POINTER(dev->ip_ptr, NULL);
344
345 devinet_sysctl_unregister(in_dev);
346 neigh_parms_release(&arp_tbl, in_dev->arp_parms);
347 arp_ifdown(dev);
348
349 in_dev_put(in_dev);
350 }
351
inet_blackhole_dev_init(void)352 static int __init inet_blackhole_dev_init(void)
353 {
354 struct in_device *in_dev;
355
356 rtnl_lock();
357 in_dev = inetdev_init(blackhole_netdev);
358 rtnl_unlock();
359
360 return PTR_ERR_OR_ZERO(in_dev);
361 }
362 late_initcall(inet_blackhole_dev_init);
363
inet_addr_onlink(struct in_device * in_dev,__be32 a,__be32 b)364 int inet_addr_onlink(struct in_device *in_dev, __be32 a, __be32 b)
365 {
366 const struct in_ifaddr *ifa;
367
368 rcu_read_lock();
369 in_dev_for_each_ifa_rcu(ifa, in_dev) {
370 if (inet_ifa_match(a, ifa)) {
371 if (!b || inet_ifa_match(b, ifa)) {
372 rcu_read_unlock();
373 return 1;
374 }
375 }
376 }
377 rcu_read_unlock();
378 return 0;
379 }
380
__inet_del_ifa(struct in_device * in_dev,struct in_ifaddr __rcu ** ifap,int destroy,struct nlmsghdr * nlh,u32 portid)381 static void __inet_del_ifa(struct in_device *in_dev,
382 struct in_ifaddr __rcu **ifap,
383 int destroy, struct nlmsghdr *nlh, u32 portid)
384 {
385 struct in_ifaddr *promote = NULL;
386 struct in_ifaddr *ifa, *ifa1;
387 struct in_ifaddr __rcu **last_prim;
388 struct in_ifaddr *prev_prom = NULL;
389 int do_promote = IN_DEV_PROMOTE_SECONDARIES(in_dev);
390
391 ASSERT_RTNL();
392
393 ifa1 = rtnl_dereference(*ifap);
394 last_prim = ifap;
395 if (in_dev->dead)
396 goto no_promotions;
397
398 /* 1. Deleting primary ifaddr forces deletion all secondaries
399 * unless alias promotion is set
400 **/
401
402 if (!(ifa1->ifa_flags & IFA_F_SECONDARY)) {
403 struct in_ifaddr __rcu **ifap1 = &ifa1->ifa_next;
404
405 while ((ifa = rtnl_dereference(*ifap1)) != NULL) {
406 if (!(ifa->ifa_flags & IFA_F_SECONDARY) &&
407 ifa1->ifa_scope <= ifa->ifa_scope)
408 last_prim = &ifa->ifa_next;
409
410 if (!(ifa->ifa_flags & IFA_F_SECONDARY) ||
411 ifa1->ifa_mask != ifa->ifa_mask ||
412 !inet_ifa_match(ifa1->ifa_address, ifa)) {
413 ifap1 = &ifa->ifa_next;
414 prev_prom = ifa;
415 continue;
416 }
417
418 if (!do_promote) {
419 inet_hash_remove(ifa);
420 *ifap1 = ifa->ifa_next;
421
422 rtmsg_ifa(RTM_DELADDR, ifa, nlh, portid);
423 blocking_notifier_call_chain(&inetaddr_chain,
424 NETDEV_DOWN, ifa);
425 inet_free_ifa(ifa);
426 } else {
427 promote = ifa;
428 break;
429 }
430 }
431 }
432
433 /* On promotion all secondaries from subnet are changing
434 * the primary IP, we must remove all their routes silently
435 * and later to add them back with new prefsrc. Do this
436 * while all addresses are on the device list.
437 */
438 for (ifa = promote; ifa; ifa = rtnl_dereference(ifa->ifa_next)) {
439 if (ifa1->ifa_mask == ifa->ifa_mask &&
440 inet_ifa_match(ifa1->ifa_address, ifa))
441 fib_del_ifaddr(ifa, ifa1);
442 }
443
444 no_promotions:
445 /* 2. Unlink it */
446
447 *ifap = ifa1->ifa_next;
448 inet_hash_remove(ifa1);
449
450 /* 3. Announce address deletion */
451
452 /* Send message first, then call notifier.
453 At first sight, FIB update triggered by notifier
454 will refer to already deleted ifaddr, that could confuse
455 netlink listeners. It is not true: look, gated sees
456 that route deleted and if it still thinks that ifaddr
457 is valid, it will try to restore deleted routes... Grr.
458 So that, this order is correct.
459 */
460 rtmsg_ifa(RTM_DELADDR, ifa1, nlh, portid);
461 blocking_notifier_call_chain(&inetaddr_chain, NETDEV_DOWN, ifa1);
462
463 if (promote) {
464 struct in_ifaddr *next_sec;
465
466 next_sec = rtnl_dereference(promote->ifa_next);
467 if (prev_prom) {
468 struct in_ifaddr *last_sec;
469
470 rcu_assign_pointer(prev_prom->ifa_next, next_sec);
471
472 last_sec = rtnl_dereference(*last_prim);
473 rcu_assign_pointer(promote->ifa_next, last_sec);
474 rcu_assign_pointer(*last_prim, promote);
475 }
476
477 promote->ifa_flags &= ~IFA_F_SECONDARY;
478 rtmsg_ifa(RTM_NEWADDR, promote, nlh, portid);
479 blocking_notifier_call_chain(&inetaddr_chain,
480 NETDEV_UP, promote);
481 for (ifa = next_sec; ifa;
482 ifa = rtnl_dereference(ifa->ifa_next)) {
483 if (ifa1->ifa_mask != ifa->ifa_mask ||
484 !inet_ifa_match(ifa1->ifa_address, ifa))
485 continue;
486 fib_add_ifaddr(ifa);
487 }
488
489 }
490 if (destroy)
491 inet_free_ifa(ifa1);
492 }
493
inet_del_ifa(struct in_device * in_dev,struct in_ifaddr __rcu ** ifap,int destroy)494 static void inet_del_ifa(struct in_device *in_dev,
495 struct in_ifaddr __rcu **ifap,
496 int destroy)
497 {
498 __inet_del_ifa(in_dev, ifap, destroy, NULL, 0);
499 }
500
501 static void check_lifetime(struct work_struct *work);
502
503 static DECLARE_DELAYED_WORK(check_lifetime_work, check_lifetime);
504
__inet_insert_ifa(struct in_ifaddr * ifa,struct nlmsghdr * nlh,u32 portid,struct netlink_ext_ack * extack)505 static int __inet_insert_ifa(struct in_ifaddr *ifa, struct nlmsghdr *nlh,
506 u32 portid, struct netlink_ext_ack *extack)
507 {
508 struct in_ifaddr __rcu **last_primary, **ifap;
509 struct in_device *in_dev = ifa->ifa_dev;
510 struct in_validator_info ivi;
511 struct in_ifaddr *ifa1;
512 int ret;
513
514 ASSERT_RTNL();
515
516 if (!ifa->ifa_local) {
517 inet_free_ifa(ifa);
518 return 0;
519 }
520
521 ifa->ifa_flags &= ~IFA_F_SECONDARY;
522 last_primary = &in_dev->ifa_list;
523
524 /* Don't set IPv6 only flags to IPv4 addresses */
525 ifa->ifa_flags &= ~IPV6ONLY_FLAGS;
526
527 ifap = &in_dev->ifa_list;
528 ifa1 = rtnl_dereference(*ifap);
529
530 while (ifa1) {
531 if (!(ifa1->ifa_flags & IFA_F_SECONDARY) &&
532 ifa->ifa_scope <= ifa1->ifa_scope)
533 last_primary = &ifa1->ifa_next;
534 if (ifa1->ifa_mask == ifa->ifa_mask &&
535 inet_ifa_match(ifa1->ifa_address, ifa)) {
536 if (ifa1->ifa_local == ifa->ifa_local) {
537 inet_free_ifa(ifa);
538 return -EEXIST;
539 }
540 if (ifa1->ifa_scope != ifa->ifa_scope) {
541 NL_SET_ERR_MSG(extack, "ipv4: Invalid scope value");
542 inet_free_ifa(ifa);
543 return -EINVAL;
544 }
545 ifa->ifa_flags |= IFA_F_SECONDARY;
546 }
547
548 ifap = &ifa1->ifa_next;
549 ifa1 = rtnl_dereference(*ifap);
550 }
551
552 /* Allow any devices that wish to register ifaddr validtors to weigh
553 * in now, before changes are committed. The rntl lock is serializing
554 * access here, so the state should not change between a validator call
555 * and a final notify on commit. This isn't invoked on promotion under
556 * the assumption that validators are checking the address itself, and
557 * not the flags.
558 */
559 ivi.ivi_addr = ifa->ifa_address;
560 ivi.ivi_dev = ifa->ifa_dev;
561 ivi.extack = extack;
562 ret = blocking_notifier_call_chain(&inetaddr_validator_chain,
563 NETDEV_UP, &ivi);
564 ret = notifier_to_errno(ret);
565 if (ret) {
566 inet_free_ifa(ifa);
567 return ret;
568 }
569
570 if (!(ifa->ifa_flags & IFA_F_SECONDARY))
571 ifap = last_primary;
572
573 rcu_assign_pointer(ifa->ifa_next, *ifap);
574 rcu_assign_pointer(*ifap, ifa);
575
576 inet_hash_insert(dev_net(in_dev->dev), ifa);
577
578 cancel_delayed_work(&check_lifetime_work);
579 queue_delayed_work(system_power_efficient_wq, &check_lifetime_work, 0);
580
581 /* Send message first, then call notifier.
582 Notifier will trigger FIB update, so that
583 listeners of netlink will know about new ifaddr */
584 rtmsg_ifa(RTM_NEWADDR, ifa, nlh, portid);
585 blocking_notifier_call_chain(&inetaddr_chain, NETDEV_UP, ifa);
586
587 return 0;
588 }
589
inet_insert_ifa(struct in_ifaddr * ifa)590 static int inet_insert_ifa(struct in_ifaddr *ifa)
591 {
592 return __inet_insert_ifa(ifa, NULL, 0, NULL);
593 }
594
inet_set_ifa(struct net_device * dev,struct in_ifaddr * ifa)595 static int inet_set_ifa(struct net_device *dev, struct in_ifaddr *ifa)
596 {
597 struct in_device *in_dev = __in_dev_get_rtnl(dev);
598
599 ASSERT_RTNL();
600
601 ipv4_devconf_setall(in_dev);
602 neigh_parms_data_state_setall(in_dev->arp_parms);
603
604 if (ipv4_is_loopback(ifa->ifa_local))
605 ifa->ifa_scope = RT_SCOPE_HOST;
606 return inet_insert_ifa(ifa);
607 }
608
609 /* Caller must hold RCU or RTNL :
610 * We dont take a reference on found in_device
611 */
inetdev_by_index(struct net * net,int ifindex)612 struct in_device *inetdev_by_index(struct net *net, int ifindex)
613 {
614 struct net_device *dev;
615 struct in_device *in_dev = NULL;
616
617 rcu_read_lock();
618 dev = dev_get_by_index_rcu(net, ifindex);
619 if (dev)
620 in_dev = rcu_dereference_rtnl(dev->ip_ptr);
621 rcu_read_unlock();
622 return in_dev;
623 }
624 EXPORT_SYMBOL(inetdev_by_index);
625
626 /* Called only from RTNL semaphored context. No locks. */
627
inet_ifa_byprefix(struct in_device * in_dev,__be32 prefix,__be32 mask)628 struct in_ifaddr *inet_ifa_byprefix(struct in_device *in_dev, __be32 prefix,
629 __be32 mask)
630 {
631 struct in_ifaddr *ifa;
632
633 ASSERT_RTNL();
634
635 in_dev_for_each_ifa_rtnl(ifa, in_dev) {
636 if (ifa->ifa_mask == mask && inet_ifa_match(prefix, ifa))
637 return ifa;
638 }
639 return NULL;
640 }
641
ip_mc_autojoin_config(struct net * net,bool join,const struct in_ifaddr * ifa)642 static int ip_mc_autojoin_config(struct net *net, bool join,
643 const struct in_ifaddr *ifa)
644 {
645 #if defined(CONFIG_IP_MULTICAST)
646 struct ip_mreqn mreq = {
647 .imr_multiaddr.s_addr = ifa->ifa_address,
648 .imr_ifindex = ifa->ifa_dev->dev->ifindex,
649 };
650 struct sock *sk = net->ipv4.mc_autojoin_sk;
651 int ret;
652
653 ASSERT_RTNL();
654
655 lock_sock(sk);
656 if (join)
657 ret = ip_mc_join_group(sk, &mreq);
658 else
659 ret = ip_mc_leave_group(sk, &mreq);
660 release_sock(sk);
661
662 return ret;
663 #else
664 return -EOPNOTSUPP;
665 #endif
666 }
667
inet_rtm_deladdr(struct sk_buff * skb,struct nlmsghdr * nlh,struct netlink_ext_ack * extack)668 static int inet_rtm_deladdr(struct sk_buff *skb, struct nlmsghdr *nlh,
669 struct netlink_ext_ack *extack)
670 {
671 struct net *net = sock_net(skb->sk);
672 struct in_ifaddr __rcu **ifap;
673 struct nlattr *tb[IFA_MAX+1];
674 struct in_device *in_dev;
675 struct ifaddrmsg *ifm;
676 struct in_ifaddr *ifa;
677 int err;
678
679 ASSERT_RTNL();
680
681 err = nlmsg_parse_deprecated(nlh, sizeof(*ifm), tb, IFA_MAX,
682 ifa_ipv4_policy, extack);
683 if (err < 0)
684 goto errout;
685
686 ifm = nlmsg_data(nlh);
687 in_dev = inetdev_by_index(net, ifm->ifa_index);
688 if (!in_dev) {
689 NL_SET_ERR_MSG(extack, "ipv4: Device not found");
690 err = -ENODEV;
691 goto errout;
692 }
693
694 for (ifap = &in_dev->ifa_list; (ifa = rtnl_dereference(*ifap)) != NULL;
695 ifap = &ifa->ifa_next) {
696 if (tb[IFA_LOCAL] &&
697 ifa->ifa_local != nla_get_in_addr(tb[IFA_LOCAL]))
698 continue;
699
700 if (tb[IFA_LABEL] && nla_strcmp(tb[IFA_LABEL], ifa->ifa_label))
701 continue;
702
703 if (tb[IFA_ADDRESS] &&
704 (ifm->ifa_prefixlen != ifa->ifa_prefixlen ||
705 !inet_ifa_match(nla_get_in_addr(tb[IFA_ADDRESS]), ifa)))
706 continue;
707
708 if (ipv4_is_multicast(ifa->ifa_address))
709 ip_mc_autojoin_config(net, false, ifa);
710 __inet_del_ifa(in_dev, ifap, 1, nlh, NETLINK_CB(skb).portid);
711 return 0;
712 }
713
714 NL_SET_ERR_MSG(extack, "ipv4: Address not found");
715 err = -EADDRNOTAVAIL;
716 errout:
717 return err;
718 }
719
check_lifetime(struct work_struct * work)720 static void check_lifetime(struct work_struct *work)
721 {
722 unsigned long now, next, next_sec, next_sched;
723 struct in_ifaddr *ifa;
724 struct hlist_node *n;
725 int i;
726
727 now = jiffies;
728 next = round_jiffies_up(now + ADDR_CHECK_FREQUENCY);
729
730 for (i = 0; i < IN4_ADDR_HSIZE; i++) {
731 bool change_needed = false;
732
733 rcu_read_lock();
734 hlist_for_each_entry_rcu(ifa, &inet_addr_lst[i], hash) {
735 unsigned long age, tstamp;
736 u32 preferred_lft;
737 u32 valid_lft;
738 u32 flags;
739
740 flags = READ_ONCE(ifa->ifa_flags);
741 if (flags & IFA_F_PERMANENT)
742 continue;
743
744 preferred_lft = READ_ONCE(ifa->ifa_preferred_lft);
745 valid_lft = READ_ONCE(ifa->ifa_valid_lft);
746 tstamp = READ_ONCE(ifa->ifa_tstamp);
747 /* We try to batch several events at once. */
748 age = (now - tstamp +
749 ADDRCONF_TIMER_FUZZ_MINUS) / HZ;
750
751 if (valid_lft != INFINITY_LIFE_TIME &&
752 age >= valid_lft) {
753 change_needed = true;
754 } else if (preferred_lft ==
755 INFINITY_LIFE_TIME) {
756 continue;
757 } else if (age >= preferred_lft) {
758 if (time_before(tstamp + valid_lft * HZ, next))
759 next = tstamp + valid_lft * HZ;
760
761 if (!(flags & IFA_F_DEPRECATED))
762 change_needed = true;
763 } else if (time_before(tstamp + preferred_lft * HZ,
764 next)) {
765 next = tstamp + preferred_lft * HZ;
766 }
767 }
768 rcu_read_unlock();
769 if (!change_needed)
770 continue;
771 rtnl_lock();
772 hlist_for_each_entry_safe(ifa, n, &inet_addr_lst[i], hash) {
773 unsigned long age;
774
775 if (ifa->ifa_flags & IFA_F_PERMANENT)
776 continue;
777
778 /* We try to batch several events at once. */
779 age = (now - ifa->ifa_tstamp +
780 ADDRCONF_TIMER_FUZZ_MINUS) / HZ;
781
782 if (ifa->ifa_valid_lft != INFINITY_LIFE_TIME &&
783 age >= ifa->ifa_valid_lft) {
784 struct in_ifaddr __rcu **ifap;
785 struct in_ifaddr *tmp;
786
787 ifap = &ifa->ifa_dev->ifa_list;
788 tmp = rtnl_dereference(*ifap);
789 while (tmp) {
790 if (tmp == ifa) {
791 inet_del_ifa(ifa->ifa_dev,
792 ifap, 1);
793 break;
794 }
795 ifap = &tmp->ifa_next;
796 tmp = rtnl_dereference(*ifap);
797 }
798 } else if (ifa->ifa_preferred_lft !=
799 INFINITY_LIFE_TIME &&
800 age >= ifa->ifa_preferred_lft &&
801 !(ifa->ifa_flags & IFA_F_DEPRECATED)) {
802 ifa->ifa_flags |= IFA_F_DEPRECATED;
803 rtmsg_ifa(RTM_NEWADDR, ifa, NULL, 0);
804 }
805 }
806 rtnl_unlock();
807 }
808
809 next_sec = round_jiffies_up(next);
810 next_sched = next;
811
812 /* If rounded timeout is accurate enough, accept it. */
813 if (time_before(next_sec, next + ADDRCONF_TIMER_FUZZ))
814 next_sched = next_sec;
815
816 now = jiffies;
817 /* And minimum interval is ADDRCONF_TIMER_FUZZ_MAX. */
818 if (time_before(next_sched, now + ADDRCONF_TIMER_FUZZ_MAX))
819 next_sched = now + ADDRCONF_TIMER_FUZZ_MAX;
820
821 queue_delayed_work(system_power_efficient_wq, &check_lifetime_work,
822 next_sched - now);
823 }
824
set_ifa_lifetime(struct in_ifaddr * ifa,__u32 valid_lft,__u32 prefered_lft)825 static void set_ifa_lifetime(struct in_ifaddr *ifa, __u32 valid_lft,
826 __u32 prefered_lft)
827 {
828 unsigned long timeout;
829 u32 flags;
830
831 flags = ifa->ifa_flags & ~(IFA_F_PERMANENT | IFA_F_DEPRECATED);
832
833 timeout = addrconf_timeout_fixup(valid_lft, HZ);
834 if (addrconf_finite_timeout(timeout))
835 WRITE_ONCE(ifa->ifa_valid_lft, timeout);
836 else
837 flags |= IFA_F_PERMANENT;
838
839 timeout = addrconf_timeout_fixup(prefered_lft, HZ);
840 if (addrconf_finite_timeout(timeout)) {
841 if (timeout == 0)
842 flags |= IFA_F_DEPRECATED;
843 WRITE_ONCE(ifa->ifa_preferred_lft, timeout);
844 }
845 WRITE_ONCE(ifa->ifa_flags, flags);
846 WRITE_ONCE(ifa->ifa_tstamp, jiffies);
847 if (!ifa->ifa_cstamp)
848 WRITE_ONCE(ifa->ifa_cstamp, ifa->ifa_tstamp);
849 }
850
rtm_to_ifaddr(struct net * net,struct nlmsghdr * nlh,__u32 * pvalid_lft,__u32 * pprefered_lft,struct netlink_ext_ack * extack)851 static struct in_ifaddr *rtm_to_ifaddr(struct net *net, struct nlmsghdr *nlh,
852 __u32 *pvalid_lft, __u32 *pprefered_lft,
853 struct netlink_ext_ack *extack)
854 {
855 struct nlattr *tb[IFA_MAX+1];
856 struct in_ifaddr *ifa;
857 struct ifaddrmsg *ifm;
858 struct net_device *dev;
859 struct in_device *in_dev;
860 int err;
861
862 err = nlmsg_parse_deprecated(nlh, sizeof(*ifm), tb, IFA_MAX,
863 ifa_ipv4_policy, extack);
864 if (err < 0)
865 goto errout;
866
867 ifm = nlmsg_data(nlh);
868 err = -EINVAL;
869
870 if (ifm->ifa_prefixlen > 32) {
871 NL_SET_ERR_MSG(extack, "ipv4: Invalid prefix length");
872 goto errout;
873 }
874
875 if (!tb[IFA_LOCAL]) {
876 NL_SET_ERR_MSG(extack, "ipv4: Local address is not supplied");
877 goto errout;
878 }
879
880 dev = __dev_get_by_index(net, ifm->ifa_index);
881 err = -ENODEV;
882 if (!dev) {
883 NL_SET_ERR_MSG(extack, "ipv4: Device not found");
884 goto errout;
885 }
886
887 in_dev = __in_dev_get_rtnl(dev);
888 err = -ENOBUFS;
889 if (!in_dev)
890 goto errout;
891
892 ifa = inet_alloc_ifa(in_dev);
893 if (!ifa)
894 /*
895 * A potential indev allocation can be left alive, it stays
896 * assigned to its device and is destroy with it.
897 */
898 goto errout;
899
900 ipv4_devconf_setall(in_dev);
901 neigh_parms_data_state_setall(in_dev->arp_parms);
902
903 if (!tb[IFA_ADDRESS])
904 tb[IFA_ADDRESS] = tb[IFA_LOCAL];
905
906 ifa->ifa_prefixlen = ifm->ifa_prefixlen;
907 ifa->ifa_mask = inet_make_mask(ifm->ifa_prefixlen);
908 ifa->ifa_flags = tb[IFA_FLAGS] ? nla_get_u32(tb[IFA_FLAGS]) :
909 ifm->ifa_flags;
910 ifa->ifa_scope = ifm->ifa_scope;
911 ifa->ifa_local = nla_get_in_addr(tb[IFA_LOCAL]);
912 ifa->ifa_address = nla_get_in_addr(tb[IFA_ADDRESS]);
913
914 if (tb[IFA_BROADCAST])
915 ifa->ifa_broadcast = nla_get_in_addr(tb[IFA_BROADCAST]);
916
917 if (tb[IFA_LABEL])
918 nla_strscpy(ifa->ifa_label, tb[IFA_LABEL], IFNAMSIZ);
919 else
920 memcpy(ifa->ifa_label, dev->name, IFNAMSIZ);
921
922 if (tb[IFA_RT_PRIORITY])
923 ifa->ifa_rt_priority = nla_get_u32(tb[IFA_RT_PRIORITY]);
924
925 if (tb[IFA_PROTO])
926 ifa->ifa_proto = nla_get_u8(tb[IFA_PROTO]);
927
928 if (tb[IFA_CACHEINFO]) {
929 struct ifa_cacheinfo *ci;
930
931 ci = nla_data(tb[IFA_CACHEINFO]);
932 if (!ci->ifa_valid || ci->ifa_prefered > ci->ifa_valid) {
933 NL_SET_ERR_MSG(extack, "ipv4: address lifetime invalid");
934 err = -EINVAL;
935 goto errout_free;
936 }
937 *pvalid_lft = ci->ifa_valid;
938 *pprefered_lft = ci->ifa_prefered;
939 }
940
941 return ifa;
942
943 errout_free:
944 inet_free_ifa(ifa);
945 errout:
946 return ERR_PTR(err);
947 }
948
find_matching_ifa(struct in_ifaddr * ifa)949 static struct in_ifaddr *find_matching_ifa(struct in_ifaddr *ifa)
950 {
951 struct in_device *in_dev = ifa->ifa_dev;
952 struct in_ifaddr *ifa1;
953
954 if (!ifa->ifa_local)
955 return NULL;
956
957 in_dev_for_each_ifa_rtnl(ifa1, in_dev) {
958 if (ifa1->ifa_mask == ifa->ifa_mask &&
959 inet_ifa_match(ifa1->ifa_address, ifa) &&
960 ifa1->ifa_local == ifa->ifa_local)
961 return ifa1;
962 }
963 return NULL;
964 }
965
inet_rtm_newaddr(struct sk_buff * skb,struct nlmsghdr * nlh,struct netlink_ext_ack * extack)966 static int inet_rtm_newaddr(struct sk_buff *skb, struct nlmsghdr *nlh,
967 struct netlink_ext_ack *extack)
968 {
969 struct net *net = sock_net(skb->sk);
970 struct in_ifaddr *ifa;
971 struct in_ifaddr *ifa_existing;
972 __u32 valid_lft = INFINITY_LIFE_TIME;
973 __u32 prefered_lft = INFINITY_LIFE_TIME;
974
975 ASSERT_RTNL();
976
977 ifa = rtm_to_ifaddr(net, nlh, &valid_lft, &prefered_lft, extack);
978 if (IS_ERR(ifa))
979 return PTR_ERR(ifa);
980
981 ifa_existing = find_matching_ifa(ifa);
982 if (!ifa_existing) {
983 /* It would be best to check for !NLM_F_CREATE here but
984 * userspace already relies on not having to provide this.
985 */
986 set_ifa_lifetime(ifa, valid_lft, prefered_lft);
987 if (ifa->ifa_flags & IFA_F_MCAUTOJOIN) {
988 int ret = ip_mc_autojoin_config(net, true, ifa);
989
990 if (ret < 0) {
991 NL_SET_ERR_MSG(extack, "ipv4: Multicast auto join failed");
992 inet_free_ifa(ifa);
993 return ret;
994 }
995 }
996 return __inet_insert_ifa(ifa, nlh, NETLINK_CB(skb).portid,
997 extack);
998 } else {
999 u32 new_metric = ifa->ifa_rt_priority;
1000 u8 new_proto = ifa->ifa_proto;
1001
1002 inet_free_ifa(ifa);
1003
1004 if (nlh->nlmsg_flags & NLM_F_EXCL ||
1005 !(nlh->nlmsg_flags & NLM_F_REPLACE)) {
1006 NL_SET_ERR_MSG(extack, "ipv4: Address already assigned");
1007 return -EEXIST;
1008 }
1009 ifa = ifa_existing;
1010
1011 if (ifa->ifa_rt_priority != new_metric) {
1012 fib_modify_prefix_metric(ifa, new_metric);
1013 ifa->ifa_rt_priority = new_metric;
1014 }
1015
1016 ifa->ifa_proto = new_proto;
1017
1018 set_ifa_lifetime(ifa, valid_lft, prefered_lft);
1019 cancel_delayed_work(&check_lifetime_work);
1020 queue_delayed_work(system_power_efficient_wq,
1021 &check_lifetime_work, 0);
1022 rtmsg_ifa(RTM_NEWADDR, ifa, nlh, NETLINK_CB(skb).portid);
1023 }
1024 return 0;
1025 }
1026
1027 /*
1028 * Determine a default network mask, based on the IP address.
1029 */
1030
inet_abc_len(__be32 addr)1031 static int inet_abc_len(__be32 addr)
1032 {
1033 int rc = -1; /* Something else, probably a multicast. */
1034
1035 if (ipv4_is_zeronet(addr) || ipv4_is_lbcast(addr))
1036 rc = 0;
1037 else {
1038 __u32 haddr = ntohl(addr);
1039 if (IN_CLASSA(haddr))
1040 rc = 8;
1041 else if (IN_CLASSB(haddr))
1042 rc = 16;
1043 else if (IN_CLASSC(haddr))
1044 rc = 24;
1045 else if (IN_CLASSE(haddr))
1046 rc = 32;
1047 }
1048
1049 return rc;
1050 }
1051
1052
devinet_ioctl(struct net * net,unsigned int cmd,struct ifreq * ifr)1053 int devinet_ioctl(struct net *net, unsigned int cmd, struct ifreq *ifr)
1054 {
1055 struct sockaddr_in sin_orig;
1056 struct sockaddr_in *sin = (struct sockaddr_in *)&ifr->ifr_addr;
1057 struct in_ifaddr __rcu **ifap = NULL;
1058 struct in_device *in_dev;
1059 struct in_ifaddr *ifa = NULL;
1060 struct net_device *dev;
1061 char *colon;
1062 int ret = -EFAULT;
1063 int tryaddrmatch = 0;
1064
1065 ifr->ifr_name[IFNAMSIZ - 1] = 0;
1066
1067 /* save original address for comparison */
1068 memcpy(&sin_orig, sin, sizeof(*sin));
1069
1070 colon = strchr(ifr->ifr_name, ':');
1071 if (colon)
1072 *colon = 0;
1073
1074 dev_load(net, ifr->ifr_name);
1075
1076 switch (cmd) {
1077 case SIOCGIFADDR: /* Get interface address */
1078 case SIOCGIFBRDADDR: /* Get the broadcast address */
1079 case SIOCGIFDSTADDR: /* Get the destination address */
1080 case SIOCGIFNETMASK: /* Get the netmask for the interface */
1081 /* Note that these ioctls will not sleep,
1082 so that we do not impose a lock.
1083 One day we will be forced to put shlock here (I mean SMP)
1084 */
1085 tryaddrmatch = (sin_orig.sin_family == AF_INET);
1086 memset(sin, 0, sizeof(*sin));
1087 sin->sin_family = AF_INET;
1088 break;
1089
1090 case SIOCSIFFLAGS:
1091 ret = -EPERM;
1092 if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
1093 goto out;
1094 break;
1095 case SIOCSIFADDR: /* Set interface address (and family) */
1096 case SIOCSIFBRDADDR: /* Set the broadcast address */
1097 case SIOCSIFDSTADDR: /* Set the destination address */
1098 case SIOCSIFNETMASK: /* Set the netmask for the interface */
1099 ret = -EPERM;
1100 if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
1101 goto out;
1102 ret = -EINVAL;
1103 if (sin->sin_family != AF_INET)
1104 goto out;
1105 break;
1106 default:
1107 ret = -EINVAL;
1108 goto out;
1109 }
1110
1111 rtnl_lock();
1112
1113 ret = -ENODEV;
1114 dev = __dev_get_by_name(net, ifr->ifr_name);
1115 if (!dev)
1116 goto done;
1117
1118 if (colon)
1119 *colon = ':';
1120
1121 in_dev = __in_dev_get_rtnl(dev);
1122 if (in_dev) {
1123 if (tryaddrmatch) {
1124 /* Matthias Andree */
1125 /* compare label and address (4.4BSD style) */
1126 /* note: we only do this for a limited set of ioctls
1127 and only if the original address family was AF_INET.
1128 This is checked above. */
1129
1130 for (ifap = &in_dev->ifa_list;
1131 (ifa = rtnl_dereference(*ifap)) != NULL;
1132 ifap = &ifa->ifa_next) {
1133 if (!strcmp(ifr->ifr_name, ifa->ifa_label) &&
1134 sin_orig.sin_addr.s_addr ==
1135 ifa->ifa_local) {
1136 break; /* found */
1137 }
1138 }
1139 }
1140 /* we didn't get a match, maybe the application is
1141 4.3BSD-style and passed in junk so we fall back to
1142 comparing just the label */
1143 if (!ifa) {
1144 for (ifap = &in_dev->ifa_list;
1145 (ifa = rtnl_dereference(*ifap)) != NULL;
1146 ifap = &ifa->ifa_next)
1147 if (!strcmp(ifr->ifr_name, ifa->ifa_label))
1148 break;
1149 }
1150 }
1151
1152 ret = -EADDRNOTAVAIL;
1153 if (!ifa && cmd != SIOCSIFADDR && cmd != SIOCSIFFLAGS)
1154 goto done;
1155
1156 switch (cmd) {
1157 case SIOCGIFADDR: /* Get interface address */
1158 ret = 0;
1159 sin->sin_addr.s_addr = ifa->ifa_local;
1160 break;
1161
1162 case SIOCGIFBRDADDR: /* Get the broadcast address */
1163 ret = 0;
1164 sin->sin_addr.s_addr = ifa->ifa_broadcast;
1165 break;
1166
1167 case SIOCGIFDSTADDR: /* Get the destination address */
1168 ret = 0;
1169 sin->sin_addr.s_addr = ifa->ifa_address;
1170 break;
1171
1172 case SIOCGIFNETMASK: /* Get the netmask for the interface */
1173 ret = 0;
1174 sin->sin_addr.s_addr = ifa->ifa_mask;
1175 break;
1176
1177 case SIOCSIFFLAGS:
1178 if (colon) {
1179 ret = -EADDRNOTAVAIL;
1180 if (!ifa)
1181 break;
1182 ret = 0;
1183 if (!(ifr->ifr_flags & IFF_UP))
1184 inet_del_ifa(in_dev, ifap, 1);
1185 break;
1186 }
1187 ret = dev_change_flags(dev, ifr->ifr_flags, NULL);
1188 break;
1189
1190 case SIOCSIFADDR: /* Set interface address (and family) */
1191 ret = -EINVAL;
1192 if (inet_abc_len(sin->sin_addr.s_addr) < 0)
1193 break;
1194
1195 if (!ifa) {
1196 ret = -ENOBUFS;
1197 if (!in_dev)
1198 break;
1199 ifa = inet_alloc_ifa(in_dev);
1200 if (!ifa)
1201 break;
1202
1203 if (colon)
1204 memcpy(ifa->ifa_label, ifr->ifr_name, IFNAMSIZ);
1205 else
1206 memcpy(ifa->ifa_label, dev->name, IFNAMSIZ);
1207 } else {
1208 ret = 0;
1209 if (ifa->ifa_local == sin->sin_addr.s_addr)
1210 break;
1211 inet_del_ifa(in_dev, ifap, 0);
1212 ifa->ifa_broadcast = 0;
1213 ifa->ifa_scope = 0;
1214 }
1215
1216 ifa->ifa_address = ifa->ifa_local = sin->sin_addr.s_addr;
1217
1218 if (!(dev->flags & IFF_POINTOPOINT)) {
1219 ifa->ifa_prefixlen = inet_abc_len(ifa->ifa_address);
1220 ifa->ifa_mask = inet_make_mask(ifa->ifa_prefixlen);
1221 if ((dev->flags & IFF_BROADCAST) &&
1222 ifa->ifa_prefixlen < 31)
1223 ifa->ifa_broadcast = ifa->ifa_address |
1224 ~ifa->ifa_mask;
1225 } else {
1226 ifa->ifa_prefixlen = 32;
1227 ifa->ifa_mask = inet_make_mask(32);
1228 }
1229 set_ifa_lifetime(ifa, INFINITY_LIFE_TIME, INFINITY_LIFE_TIME);
1230 ret = inet_set_ifa(dev, ifa);
1231 break;
1232
1233 case SIOCSIFBRDADDR: /* Set the broadcast address */
1234 ret = 0;
1235 if (ifa->ifa_broadcast != sin->sin_addr.s_addr) {
1236 inet_del_ifa(in_dev, ifap, 0);
1237 ifa->ifa_broadcast = sin->sin_addr.s_addr;
1238 inet_insert_ifa(ifa);
1239 }
1240 break;
1241
1242 case SIOCSIFDSTADDR: /* Set the destination address */
1243 ret = 0;
1244 if (ifa->ifa_address == sin->sin_addr.s_addr)
1245 break;
1246 ret = -EINVAL;
1247 if (inet_abc_len(sin->sin_addr.s_addr) < 0)
1248 break;
1249 ret = 0;
1250 inet_del_ifa(in_dev, ifap, 0);
1251 ifa->ifa_address = sin->sin_addr.s_addr;
1252 inet_insert_ifa(ifa);
1253 break;
1254
1255 case SIOCSIFNETMASK: /* Set the netmask for the interface */
1256
1257 /*
1258 * The mask we set must be legal.
1259 */
1260 ret = -EINVAL;
1261 if (bad_mask(sin->sin_addr.s_addr, 0))
1262 break;
1263 ret = 0;
1264 if (ifa->ifa_mask != sin->sin_addr.s_addr) {
1265 __be32 old_mask = ifa->ifa_mask;
1266 inet_del_ifa(in_dev, ifap, 0);
1267 ifa->ifa_mask = sin->sin_addr.s_addr;
1268 ifa->ifa_prefixlen = inet_mask_len(ifa->ifa_mask);
1269
1270 /* See if current broadcast address matches
1271 * with current netmask, then recalculate
1272 * the broadcast address. Otherwise it's a
1273 * funny address, so don't touch it since
1274 * the user seems to know what (s)he's doing...
1275 */
1276 if ((dev->flags & IFF_BROADCAST) &&
1277 (ifa->ifa_prefixlen < 31) &&
1278 (ifa->ifa_broadcast ==
1279 (ifa->ifa_local|~old_mask))) {
1280 ifa->ifa_broadcast = (ifa->ifa_local |
1281 ~sin->sin_addr.s_addr);
1282 }
1283 inet_insert_ifa(ifa);
1284 }
1285 break;
1286 }
1287 done:
1288 rtnl_unlock();
1289 out:
1290 return ret;
1291 }
1292
inet_gifconf(struct net_device * dev,char __user * buf,int len,int size)1293 int inet_gifconf(struct net_device *dev, char __user *buf, int len, int size)
1294 {
1295 struct in_device *in_dev = __in_dev_get_rtnl(dev);
1296 const struct in_ifaddr *ifa;
1297 struct ifreq ifr;
1298 int done = 0;
1299
1300 if (WARN_ON(size > sizeof(struct ifreq)))
1301 goto out;
1302
1303 if (!in_dev)
1304 goto out;
1305
1306 in_dev_for_each_ifa_rtnl(ifa, in_dev) {
1307 if (!buf) {
1308 done += size;
1309 continue;
1310 }
1311 if (len < size)
1312 break;
1313 memset(&ifr, 0, sizeof(struct ifreq));
1314 strcpy(ifr.ifr_name, ifa->ifa_label);
1315
1316 (*(struct sockaddr_in *)&ifr.ifr_addr).sin_family = AF_INET;
1317 (*(struct sockaddr_in *)&ifr.ifr_addr).sin_addr.s_addr =
1318 ifa->ifa_local;
1319
1320 if (copy_to_user(buf + done, &ifr, size)) {
1321 done = -EFAULT;
1322 break;
1323 }
1324 len -= size;
1325 done += size;
1326 }
1327 out:
1328 return done;
1329 }
1330
in_dev_select_addr(const struct in_device * in_dev,int scope)1331 static __be32 in_dev_select_addr(const struct in_device *in_dev,
1332 int scope)
1333 {
1334 const struct in_ifaddr *ifa;
1335
1336 in_dev_for_each_ifa_rcu(ifa, in_dev) {
1337 if (READ_ONCE(ifa->ifa_flags) & IFA_F_SECONDARY)
1338 continue;
1339 if (ifa->ifa_scope != RT_SCOPE_LINK &&
1340 ifa->ifa_scope <= scope)
1341 return ifa->ifa_local;
1342 }
1343
1344 return 0;
1345 }
1346
inet_select_addr(const struct net_device * dev,__be32 dst,int scope)1347 __be32 inet_select_addr(const struct net_device *dev, __be32 dst, int scope)
1348 {
1349 const struct in_ifaddr *ifa;
1350 __be32 addr = 0;
1351 unsigned char localnet_scope = RT_SCOPE_HOST;
1352 struct in_device *in_dev;
1353 struct net *net;
1354 int master_idx;
1355
1356 rcu_read_lock();
1357 net = dev_net_rcu(dev);
1358 in_dev = __in_dev_get_rcu(dev);
1359 if (!in_dev)
1360 goto no_in_dev;
1361
1362 if (unlikely(IN_DEV_ROUTE_LOCALNET(in_dev)))
1363 localnet_scope = RT_SCOPE_LINK;
1364
1365 in_dev_for_each_ifa_rcu(ifa, in_dev) {
1366 if (READ_ONCE(ifa->ifa_flags) & IFA_F_SECONDARY)
1367 continue;
1368 if (min(ifa->ifa_scope, localnet_scope) > scope)
1369 continue;
1370 if (!dst || inet_ifa_match(dst, ifa)) {
1371 addr = ifa->ifa_local;
1372 break;
1373 }
1374 if (!addr)
1375 addr = ifa->ifa_local;
1376 }
1377
1378 if (addr)
1379 goto out_unlock;
1380 no_in_dev:
1381 master_idx = l3mdev_master_ifindex_rcu(dev);
1382
1383 /* For VRFs, the VRF device takes the place of the loopback device,
1384 * with addresses on it being preferred. Note in such cases the
1385 * loopback device will be among the devices that fail the master_idx
1386 * equality check in the loop below.
1387 */
1388 if (master_idx &&
1389 (dev = dev_get_by_index_rcu(net, master_idx)) &&
1390 (in_dev = __in_dev_get_rcu(dev))) {
1391 addr = in_dev_select_addr(in_dev, scope);
1392 if (addr)
1393 goto out_unlock;
1394 }
1395
1396 /* Not loopback addresses on loopback should be preferred
1397 in this case. It is important that lo is the first interface
1398 in dev_base list.
1399 */
1400 for_each_netdev_rcu(net, dev) {
1401 if (l3mdev_master_ifindex_rcu(dev) != master_idx)
1402 continue;
1403
1404 in_dev = __in_dev_get_rcu(dev);
1405 if (!in_dev)
1406 continue;
1407
1408 addr = in_dev_select_addr(in_dev, scope);
1409 if (addr)
1410 goto out_unlock;
1411 }
1412 out_unlock:
1413 rcu_read_unlock();
1414 return addr;
1415 }
1416 EXPORT_SYMBOL(inet_select_addr);
1417
confirm_addr_indev(struct in_device * in_dev,__be32 dst,__be32 local,int scope)1418 static __be32 confirm_addr_indev(struct in_device *in_dev, __be32 dst,
1419 __be32 local, int scope)
1420 {
1421 unsigned char localnet_scope = RT_SCOPE_HOST;
1422 const struct in_ifaddr *ifa;
1423 __be32 addr = 0;
1424 int same = 0;
1425
1426 if (unlikely(IN_DEV_ROUTE_LOCALNET(in_dev)))
1427 localnet_scope = RT_SCOPE_LINK;
1428
1429 in_dev_for_each_ifa_rcu(ifa, in_dev) {
1430 unsigned char min_scope = min(ifa->ifa_scope, localnet_scope);
1431
1432 if (!addr &&
1433 (local == ifa->ifa_local || !local) &&
1434 min_scope <= scope) {
1435 addr = ifa->ifa_local;
1436 if (same)
1437 break;
1438 }
1439 if (!same) {
1440 same = (!local || inet_ifa_match(local, ifa)) &&
1441 (!dst || inet_ifa_match(dst, ifa));
1442 if (same && addr) {
1443 if (local || !dst)
1444 break;
1445 /* Is the selected addr into dst subnet? */
1446 if (inet_ifa_match(addr, ifa))
1447 break;
1448 /* No, then can we use new local src? */
1449 if (min_scope <= scope) {
1450 addr = ifa->ifa_local;
1451 break;
1452 }
1453 /* search for large dst subnet for addr */
1454 same = 0;
1455 }
1456 }
1457 }
1458
1459 return same ? addr : 0;
1460 }
1461
1462 /*
1463 * Confirm that local IP address exists using wildcards:
1464 * - net: netns to check, cannot be NULL
1465 * - in_dev: only on this interface, NULL=any interface
1466 * - dst: only in the same subnet as dst, 0=any dst
1467 * - local: address, 0=autoselect the local address
1468 * - scope: maximum allowed scope value for the local address
1469 */
inet_confirm_addr(struct net * net,struct in_device * in_dev,__be32 dst,__be32 local,int scope)1470 __be32 inet_confirm_addr(struct net *net, struct in_device *in_dev,
1471 __be32 dst, __be32 local, int scope)
1472 {
1473 __be32 addr = 0;
1474 struct net_device *dev;
1475
1476 if (in_dev)
1477 return confirm_addr_indev(in_dev, dst, local, scope);
1478
1479 rcu_read_lock();
1480 for_each_netdev_rcu(net, dev) {
1481 in_dev = __in_dev_get_rcu(dev);
1482 if (in_dev) {
1483 addr = confirm_addr_indev(in_dev, dst, local, scope);
1484 if (addr)
1485 break;
1486 }
1487 }
1488 rcu_read_unlock();
1489
1490 return addr;
1491 }
1492 EXPORT_SYMBOL(inet_confirm_addr);
1493
1494 /*
1495 * Device notifier
1496 */
1497
register_inetaddr_notifier(struct notifier_block * nb)1498 int register_inetaddr_notifier(struct notifier_block *nb)
1499 {
1500 return blocking_notifier_chain_register(&inetaddr_chain, nb);
1501 }
1502 EXPORT_SYMBOL(register_inetaddr_notifier);
1503
unregister_inetaddr_notifier(struct notifier_block * nb)1504 int unregister_inetaddr_notifier(struct notifier_block *nb)
1505 {
1506 return blocking_notifier_chain_unregister(&inetaddr_chain, nb);
1507 }
1508 EXPORT_SYMBOL(unregister_inetaddr_notifier);
1509
register_inetaddr_validator_notifier(struct notifier_block * nb)1510 int register_inetaddr_validator_notifier(struct notifier_block *nb)
1511 {
1512 return blocking_notifier_chain_register(&inetaddr_validator_chain, nb);
1513 }
1514 EXPORT_SYMBOL(register_inetaddr_validator_notifier);
1515
unregister_inetaddr_validator_notifier(struct notifier_block * nb)1516 int unregister_inetaddr_validator_notifier(struct notifier_block *nb)
1517 {
1518 return blocking_notifier_chain_unregister(&inetaddr_validator_chain,
1519 nb);
1520 }
1521 EXPORT_SYMBOL(unregister_inetaddr_validator_notifier);
1522
1523 /* Rename ifa_labels for a device name change. Make some effort to preserve
1524 * existing alias numbering and to create unique labels if possible.
1525 */
inetdev_changename(struct net_device * dev,struct in_device * in_dev)1526 static void inetdev_changename(struct net_device *dev, struct in_device *in_dev)
1527 {
1528 struct in_ifaddr *ifa;
1529 int named = 0;
1530
1531 in_dev_for_each_ifa_rtnl(ifa, in_dev) {
1532 char old[IFNAMSIZ], *dot;
1533
1534 memcpy(old, ifa->ifa_label, IFNAMSIZ);
1535 memcpy(ifa->ifa_label, dev->name, IFNAMSIZ);
1536 if (named++ == 0)
1537 goto skip;
1538 dot = strchr(old, ':');
1539 if (!dot) {
1540 sprintf(old, ":%d", named);
1541 dot = old;
1542 }
1543 if (strlen(dot) + strlen(dev->name) < IFNAMSIZ)
1544 strcat(ifa->ifa_label, dot);
1545 else
1546 strcpy(ifa->ifa_label + (IFNAMSIZ - strlen(dot) - 1), dot);
1547 skip:
1548 rtmsg_ifa(RTM_NEWADDR, ifa, NULL, 0);
1549 }
1550 }
1551
inetdev_send_gratuitous_arp(struct net_device * dev,struct in_device * in_dev)1552 static void inetdev_send_gratuitous_arp(struct net_device *dev,
1553 struct in_device *in_dev)
1554
1555 {
1556 const struct in_ifaddr *ifa;
1557
1558 in_dev_for_each_ifa_rtnl(ifa, in_dev) {
1559 arp_send(ARPOP_REQUEST, ETH_P_ARP,
1560 ifa->ifa_local, dev,
1561 ifa->ifa_local, NULL,
1562 dev->dev_addr, NULL);
1563 }
1564 }
1565
1566 /* Called only under RTNL semaphore */
1567
inetdev_event(struct notifier_block * this,unsigned long event,void * ptr)1568 static int inetdev_event(struct notifier_block *this, unsigned long event,
1569 void *ptr)
1570 {
1571 struct net_device *dev = netdev_notifier_info_to_dev(ptr);
1572 struct in_device *in_dev = __in_dev_get_rtnl(dev);
1573
1574 ASSERT_RTNL();
1575
1576 if (!in_dev) {
1577 if (event == NETDEV_REGISTER) {
1578 in_dev = inetdev_init(dev);
1579 if (IS_ERR(in_dev))
1580 return notifier_from_errno(PTR_ERR(in_dev));
1581 if (dev->flags & IFF_LOOPBACK) {
1582 IN_DEV_CONF_SET(in_dev, NOXFRM, 1);
1583 IN_DEV_CONF_SET(in_dev, NOPOLICY, 1);
1584 }
1585 } else if (event == NETDEV_CHANGEMTU) {
1586 /* Re-enabling IP */
1587 if (inetdev_valid_mtu(dev->mtu))
1588 in_dev = inetdev_init(dev);
1589 }
1590 goto out;
1591 }
1592
1593 switch (event) {
1594 case NETDEV_REGISTER:
1595 pr_debug("%s: bug\n", __func__);
1596 RCU_INIT_POINTER(dev->ip_ptr, NULL);
1597 break;
1598 case NETDEV_UP:
1599 if (!inetdev_valid_mtu(dev->mtu))
1600 break;
1601 if (dev->flags & IFF_LOOPBACK) {
1602 struct in_ifaddr *ifa = inet_alloc_ifa(in_dev);
1603
1604 if (ifa) {
1605 ifa->ifa_local =
1606 ifa->ifa_address = htonl(INADDR_LOOPBACK);
1607 ifa->ifa_prefixlen = 8;
1608 ifa->ifa_mask = inet_make_mask(8);
1609 ifa->ifa_scope = RT_SCOPE_HOST;
1610 memcpy(ifa->ifa_label, dev->name, IFNAMSIZ);
1611 set_ifa_lifetime(ifa, INFINITY_LIFE_TIME,
1612 INFINITY_LIFE_TIME);
1613 ipv4_devconf_setall(in_dev);
1614 neigh_parms_data_state_setall(in_dev->arp_parms);
1615 inet_insert_ifa(ifa);
1616 }
1617 }
1618 ip_mc_up(in_dev);
1619 fallthrough;
1620 case NETDEV_CHANGEADDR:
1621 if (!IN_DEV_ARP_NOTIFY(in_dev))
1622 break;
1623 fallthrough;
1624 case NETDEV_NOTIFY_PEERS:
1625 /* Send gratuitous ARP to notify of link change */
1626 inetdev_send_gratuitous_arp(dev, in_dev);
1627 break;
1628 case NETDEV_DOWN:
1629 ip_mc_down(in_dev);
1630 break;
1631 case NETDEV_PRE_TYPE_CHANGE:
1632 ip_mc_unmap(in_dev);
1633 break;
1634 case NETDEV_POST_TYPE_CHANGE:
1635 ip_mc_remap(in_dev);
1636 break;
1637 case NETDEV_CHANGEMTU:
1638 if (inetdev_valid_mtu(dev->mtu))
1639 break;
1640 /* disable IP when MTU is not enough */
1641 fallthrough;
1642 case NETDEV_UNREGISTER:
1643 inetdev_destroy(in_dev);
1644 break;
1645 case NETDEV_CHANGENAME:
1646 /* Do not notify about label change, this event is
1647 * not interesting to applications using netlink.
1648 */
1649 inetdev_changename(dev, in_dev);
1650
1651 devinet_sysctl_unregister(in_dev);
1652 devinet_sysctl_register(in_dev);
1653 break;
1654 }
1655 out:
1656 return NOTIFY_DONE;
1657 }
1658
1659 static struct notifier_block ip_netdev_notifier = {
1660 .notifier_call = inetdev_event,
1661 };
1662
inet_nlmsg_size(void)1663 static size_t inet_nlmsg_size(void)
1664 {
1665 return NLMSG_ALIGN(sizeof(struct ifaddrmsg))
1666 + nla_total_size(4) /* IFA_ADDRESS */
1667 + nla_total_size(4) /* IFA_LOCAL */
1668 + nla_total_size(4) /* IFA_BROADCAST */
1669 + nla_total_size(IFNAMSIZ) /* IFA_LABEL */
1670 + nla_total_size(4) /* IFA_FLAGS */
1671 + nla_total_size(1) /* IFA_PROTO */
1672 + nla_total_size(4) /* IFA_RT_PRIORITY */
1673 + nla_total_size(sizeof(struct ifa_cacheinfo)); /* IFA_CACHEINFO */
1674 }
1675
cstamp_delta(unsigned long cstamp)1676 static inline u32 cstamp_delta(unsigned long cstamp)
1677 {
1678 return (cstamp - INITIAL_JIFFIES) * 100UL / HZ;
1679 }
1680
put_cacheinfo(struct sk_buff * skb,unsigned long cstamp,unsigned long tstamp,u32 preferred,u32 valid)1681 static int put_cacheinfo(struct sk_buff *skb, unsigned long cstamp,
1682 unsigned long tstamp, u32 preferred, u32 valid)
1683 {
1684 struct ifa_cacheinfo ci;
1685
1686 ci.cstamp = cstamp_delta(cstamp);
1687 ci.tstamp = cstamp_delta(tstamp);
1688 ci.ifa_prefered = preferred;
1689 ci.ifa_valid = valid;
1690
1691 return nla_put(skb, IFA_CACHEINFO, sizeof(ci), &ci);
1692 }
1693
inet_fill_ifaddr(struct sk_buff * skb,const struct in_ifaddr * ifa,struct inet_fill_args * args)1694 static int inet_fill_ifaddr(struct sk_buff *skb, const struct in_ifaddr *ifa,
1695 struct inet_fill_args *args)
1696 {
1697 struct ifaddrmsg *ifm;
1698 struct nlmsghdr *nlh;
1699 unsigned long tstamp;
1700 u32 preferred, valid;
1701 u32 flags;
1702
1703 nlh = nlmsg_put(skb, args->portid, args->seq, args->event, sizeof(*ifm),
1704 args->flags);
1705 if (!nlh)
1706 return -EMSGSIZE;
1707
1708 ifm = nlmsg_data(nlh);
1709 ifm->ifa_family = AF_INET;
1710 ifm->ifa_prefixlen = ifa->ifa_prefixlen;
1711
1712 flags = READ_ONCE(ifa->ifa_flags);
1713 /* Warning : ifm->ifa_flags is an __u8, it holds only 8 bits.
1714 * The 32bit value is given in IFA_FLAGS attribute.
1715 */
1716 ifm->ifa_flags = (__u8)flags;
1717
1718 ifm->ifa_scope = ifa->ifa_scope;
1719 ifm->ifa_index = ifa->ifa_dev->dev->ifindex;
1720
1721 if (args->netnsid >= 0 &&
1722 nla_put_s32(skb, IFA_TARGET_NETNSID, args->netnsid))
1723 goto nla_put_failure;
1724
1725 tstamp = READ_ONCE(ifa->ifa_tstamp);
1726 if (!(flags & IFA_F_PERMANENT)) {
1727 preferred = READ_ONCE(ifa->ifa_preferred_lft);
1728 valid = READ_ONCE(ifa->ifa_valid_lft);
1729 if (preferred != INFINITY_LIFE_TIME) {
1730 long tval = (jiffies - tstamp) / HZ;
1731
1732 if (preferred > tval)
1733 preferred -= tval;
1734 else
1735 preferred = 0;
1736 if (valid != INFINITY_LIFE_TIME) {
1737 if (valid > tval)
1738 valid -= tval;
1739 else
1740 valid = 0;
1741 }
1742 }
1743 } else {
1744 preferred = INFINITY_LIFE_TIME;
1745 valid = INFINITY_LIFE_TIME;
1746 }
1747 if ((ifa->ifa_address &&
1748 nla_put_in_addr(skb, IFA_ADDRESS, ifa->ifa_address)) ||
1749 (ifa->ifa_local &&
1750 nla_put_in_addr(skb, IFA_LOCAL, ifa->ifa_local)) ||
1751 (ifa->ifa_broadcast &&
1752 nla_put_in_addr(skb, IFA_BROADCAST, ifa->ifa_broadcast)) ||
1753 (ifa->ifa_label[0] &&
1754 nla_put_string(skb, IFA_LABEL, ifa->ifa_label)) ||
1755 (ifa->ifa_proto &&
1756 nla_put_u8(skb, IFA_PROTO, ifa->ifa_proto)) ||
1757 nla_put_u32(skb, IFA_FLAGS, flags) ||
1758 (ifa->ifa_rt_priority &&
1759 nla_put_u32(skb, IFA_RT_PRIORITY, ifa->ifa_rt_priority)) ||
1760 put_cacheinfo(skb, READ_ONCE(ifa->ifa_cstamp), tstamp,
1761 preferred, valid))
1762 goto nla_put_failure;
1763
1764 nlmsg_end(skb, nlh);
1765 return 0;
1766
1767 nla_put_failure:
1768 nlmsg_cancel(skb, nlh);
1769 return -EMSGSIZE;
1770 }
1771
inet_valid_dump_ifaddr_req(const struct nlmsghdr * nlh,struct inet_fill_args * fillargs,struct net ** tgt_net,struct sock * sk,struct netlink_callback * cb)1772 static int inet_valid_dump_ifaddr_req(const struct nlmsghdr *nlh,
1773 struct inet_fill_args *fillargs,
1774 struct net **tgt_net, struct sock *sk,
1775 struct netlink_callback *cb)
1776 {
1777 struct netlink_ext_ack *extack = cb->extack;
1778 struct nlattr *tb[IFA_MAX+1];
1779 struct ifaddrmsg *ifm;
1780 int err, i;
1781
1782 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ifm))) {
1783 NL_SET_ERR_MSG(extack, "ipv4: Invalid header for address dump request");
1784 return -EINVAL;
1785 }
1786
1787 ifm = nlmsg_data(nlh);
1788 if (ifm->ifa_prefixlen || ifm->ifa_flags || ifm->ifa_scope) {
1789 NL_SET_ERR_MSG(extack, "ipv4: Invalid values in header for address dump request");
1790 return -EINVAL;
1791 }
1792
1793 fillargs->ifindex = ifm->ifa_index;
1794 if (fillargs->ifindex) {
1795 cb->answer_flags |= NLM_F_DUMP_FILTERED;
1796 fillargs->flags |= NLM_F_DUMP_FILTERED;
1797 }
1798
1799 err = nlmsg_parse_deprecated_strict(nlh, sizeof(*ifm), tb, IFA_MAX,
1800 ifa_ipv4_policy, extack);
1801 if (err < 0)
1802 return err;
1803
1804 for (i = 0; i <= IFA_MAX; ++i) {
1805 if (!tb[i])
1806 continue;
1807
1808 if (i == IFA_TARGET_NETNSID) {
1809 struct net *net;
1810
1811 fillargs->netnsid = nla_get_s32(tb[i]);
1812
1813 net = rtnl_get_net_ns_capable(sk, fillargs->netnsid);
1814 if (IS_ERR(net)) {
1815 fillargs->netnsid = -1;
1816 NL_SET_ERR_MSG(extack, "ipv4: Invalid target network namespace id");
1817 return PTR_ERR(net);
1818 }
1819 *tgt_net = net;
1820 } else {
1821 NL_SET_ERR_MSG(extack, "ipv4: Unsupported attribute in dump request");
1822 return -EINVAL;
1823 }
1824 }
1825
1826 return 0;
1827 }
1828
in_dev_dump_addr(struct in_device * in_dev,struct sk_buff * skb,struct netlink_callback * cb,int * s_ip_idx,struct inet_fill_args * fillargs)1829 static int in_dev_dump_addr(struct in_device *in_dev, struct sk_buff *skb,
1830 struct netlink_callback *cb, int *s_ip_idx,
1831 struct inet_fill_args *fillargs)
1832 {
1833 struct in_ifaddr *ifa;
1834 int ip_idx = 0;
1835 int err;
1836
1837 in_dev_for_each_ifa_rcu(ifa, in_dev) {
1838 if (ip_idx < *s_ip_idx) {
1839 ip_idx++;
1840 continue;
1841 }
1842 err = inet_fill_ifaddr(skb, ifa, fillargs);
1843 if (err < 0)
1844 goto done;
1845
1846 nl_dump_check_consistent(cb, nlmsg_hdr(skb));
1847 ip_idx++;
1848 }
1849 err = 0;
1850 ip_idx = 0;
1851 done:
1852 *s_ip_idx = ip_idx;
1853
1854 return err;
1855 }
1856
1857 /* Combine dev_addr_genid and dev_base_seq to detect changes.
1858 */
inet_base_seq(const struct net * net)1859 static u32 inet_base_seq(const struct net *net)
1860 {
1861 u32 res = atomic_read(&net->ipv4.dev_addr_genid) +
1862 READ_ONCE(net->dev_base_seq);
1863
1864 /* Must not return 0 (see nl_dump_check_consistent()).
1865 * Chose a value far away from 0.
1866 */
1867 if (!res)
1868 res = 0x80000000;
1869 return res;
1870 }
1871
inet_dump_ifaddr(struct sk_buff * skb,struct netlink_callback * cb)1872 static int inet_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb)
1873 {
1874 const struct nlmsghdr *nlh = cb->nlh;
1875 struct inet_fill_args fillargs = {
1876 .portid = NETLINK_CB(cb->skb).portid,
1877 .seq = nlh->nlmsg_seq,
1878 .event = RTM_NEWADDR,
1879 .flags = NLM_F_MULTI,
1880 .netnsid = -1,
1881 };
1882 struct net *net = sock_net(skb->sk);
1883 struct net *tgt_net = net;
1884 struct {
1885 unsigned long ifindex;
1886 int ip_idx;
1887 } *ctx = (void *)cb->ctx;
1888 struct in_device *in_dev;
1889 struct net_device *dev;
1890 int err = 0;
1891
1892 rcu_read_lock();
1893 if (cb->strict_check) {
1894 err = inet_valid_dump_ifaddr_req(nlh, &fillargs, &tgt_net,
1895 skb->sk, cb);
1896 if (err < 0)
1897 goto done;
1898
1899 if (fillargs.ifindex) {
1900 dev = dev_get_by_index_rcu(tgt_net, fillargs.ifindex);
1901 if (!dev) {
1902 err = -ENODEV;
1903 goto done;
1904 }
1905 in_dev = __in_dev_get_rcu(dev);
1906 if (!in_dev)
1907 goto done;
1908 err = in_dev_dump_addr(in_dev, skb, cb, &ctx->ip_idx,
1909 &fillargs);
1910 goto done;
1911 }
1912 }
1913
1914 cb->seq = inet_base_seq(tgt_net);
1915
1916 for_each_netdev_dump(tgt_net, dev, ctx->ifindex) {
1917 in_dev = __in_dev_get_rcu(dev);
1918 if (!in_dev)
1919 continue;
1920 err = in_dev_dump_addr(in_dev, skb, cb, &ctx->ip_idx,
1921 &fillargs);
1922 if (err < 0)
1923 goto done;
1924 }
1925 done:
1926 if (fillargs.netnsid >= 0)
1927 put_net(tgt_net);
1928 rcu_read_unlock();
1929 return err;
1930 }
1931
rtmsg_ifa(int event,struct in_ifaddr * ifa,struct nlmsghdr * nlh,u32 portid)1932 static void rtmsg_ifa(int event, struct in_ifaddr *ifa, struct nlmsghdr *nlh,
1933 u32 portid)
1934 {
1935 struct inet_fill_args fillargs = {
1936 .portid = portid,
1937 .seq = nlh ? nlh->nlmsg_seq : 0,
1938 .event = event,
1939 .flags = 0,
1940 .netnsid = -1,
1941 };
1942 struct sk_buff *skb;
1943 int err = -ENOBUFS;
1944 struct net *net;
1945
1946 net = dev_net(ifa->ifa_dev->dev);
1947 skb = nlmsg_new(inet_nlmsg_size(), GFP_KERNEL);
1948 if (!skb)
1949 goto errout;
1950
1951 err = inet_fill_ifaddr(skb, ifa, &fillargs);
1952 if (err < 0) {
1953 /* -EMSGSIZE implies BUG in inet_nlmsg_size() */
1954 WARN_ON(err == -EMSGSIZE);
1955 kfree_skb(skb);
1956 goto errout;
1957 }
1958 rtnl_notify(skb, net, portid, RTNLGRP_IPV4_IFADDR, nlh, GFP_KERNEL);
1959 return;
1960 errout:
1961 rtnl_set_sk_err(net, RTNLGRP_IPV4_IFADDR, err);
1962 }
1963
inet_get_link_af_size(const struct net_device * dev,u32 ext_filter_mask)1964 static size_t inet_get_link_af_size(const struct net_device *dev,
1965 u32 ext_filter_mask)
1966 {
1967 struct in_device *in_dev = rcu_dereference_rtnl(dev->ip_ptr);
1968
1969 if (!in_dev)
1970 return 0;
1971
1972 return nla_total_size(IPV4_DEVCONF_MAX * 4); /* IFLA_INET_CONF */
1973 }
1974
inet_fill_link_af(struct sk_buff * skb,const struct net_device * dev,u32 ext_filter_mask)1975 static int inet_fill_link_af(struct sk_buff *skb, const struct net_device *dev,
1976 u32 ext_filter_mask)
1977 {
1978 struct in_device *in_dev = rcu_dereference_rtnl(dev->ip_ptr);
1979 struct nlattr *nla;
1980 int i;
1981
1982 if (!in_dev)
1983 return -ENODATA;
1984
1985 nla = nla_reserve(skb, IFLA_INET_CONF, IPV4_DEVCONF_MAX * 4);
1986 if (!nla)
1987 return -EMSGSIZE;
1988
1989 for (i = 0; i < IPV4_DEVCONF_MAX; i++)
1990 ((u32 *) nla_data(nla))[i] = READ_ONCE(in_dev->cnf.data[i]);
1991
1992 return 0;
1993 }
1994
1995 static const struct nla_policy inet_af_policy[IFLA_INET_MAX+1] = {
1996 [IFLA_INET_CONF] = { .type = NLA_NESTED },
1997 };
1998
inet_validate_link_af(const struct net_device * dev,const struct nlattr * nla,struct netlink_ext_ack * extack)1999 static int inet_validate_link_af(const struct net_device *dev,
2000 const struct nlattr *nla,
2001 struct netlink_ext_ack *extack)
2002 {
2003 struct nlattr *a, *tb[IFLA_INET_MAX+1];
2004 int err, rem;
2005
2006 if (dev && !__in_dev_get_rtnl(dev))
2007 return -EAFNOSUPPORT;
2008
2009 err = nla_parse_nested_deprecated(tb, IFLA_INET_MAX, nla,
2010 inet_af_policy, extack);
2011 if (err < 0)
2012 return err;
2013
2014 if (tb[IFLA_INET_CONF]) {
2015 nla_for_each_nested(a, tb[IFLA_INET_CONF], rem) {
2016 int cfgid = nla_type(a);
2017
2018 if (nla_len(a) < 4)
2019 return -EINVAL;
2020
2021 if (cfgid <= 0 || cfgid > IPV4_DEVCONF_MAX)
2022 return -EINVAL;
2023 }
2024 }
2025
2026 return 0;
2027 }
2028
inet_set_link_af(struct net_device * dev,const struct nlattr * nla,struct netlink_ext_ack * extack)2029 static int inet_set_link_af(struct net_device *dev, const struct nlattr *nla,
2030 struct netlink_ext_ack *extack)
2031 {
2032 struct in_device *in_dev = __in_dev_get_rtnl(dev);
2033 struct nlattr *a, *tb[IFLA_INET_MAX+1];
2034 int rem;
2035
2036 if (!in_dev)
2037 return -EAFNOSUPPORT;
2038
2039 if (nla_parse_nested_deprecated(tb, IFLA_INET_MAX, nla, NULL, NULL) < 0)
2040 return -EINVAL;
2041
2042 if (tb[IFLA_INET_CONF]) {
2043 nla_for_each_nested(a, tb[IFLA_INET_CONF], rem)
2044 ipv4_devconf_set(in_dev, nla_type(a), nla_get_u32(a));
2045 }
2046
2047 return 0;
2048 }
2049
inet_netconf_msgsize_devconf(int type)2050 static int inet_netconf_msgsize_devconf(int type)
2051 {
2052 int size = NLMSG_ALIGN(sizeof(struct netconfmsg))
2053 + nla_total_size(4); /* NETCONFA_IFINDEX */
2054 bool all = false;
2055
2056 if (type == NETCONFA_ALL)
2057 all = true;
2058
2059 if (all || type == NETCONFA_FORWARDING)
2060 size += nla_total_size(4);
2061 if (all || type == NETCONFA_RP_FILTER)
2062 size += nla_total_size(4);
2063 if (all || type == NETCONFA_MC_FORWARDING)
2064 size += nla_total_size(4);
2065 if (all || type == NETCONFA_BC_FORWARDING)
2066 size += nla_total_size(4);
2067 if (all || type == NETCONFA_PROXY_NEIGH)
2068 size += nla_total_size(4);
2069 if (all || type == NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN)
2070 size += nla_total_size(4);
2071
2072 return size;
2073 }
2074
inet_netconf_fill_devconf(struct sk_buff * skb,int ifindex,const struct ipv4_devconf * devconf,u32 portid,u32 seq,int event,unsigned int flags,int type)2075 static int inet_netconf_fill_devconf(struct sk_buff *skb, int ifindex,
2076 const struct ipv4_devconf *devconf,
2077 u32 portid, u32 seq, int event,
2078 unsigned int flags, int type)
2079 {
2080 struct nlmsghdr *nlh;
2081 struct netconfmsg *ncm;
2082 bool all = false;
2083
2084 nlh = nlmsg_put(skb, portid, seq, event, sizeof(struct netconfmsg),
2085 flags);
2086 if (!nlh)
2087 return -EMSGSIZE;
2088
2089 if (type == NETCONFA_ALL)
2090 all = true;
2091
2092 ncm = nlmsg_data(nlh);
2093 ncm->ncm_family = AF_INET;
2094
2095 if (nla_put_s32(skb, NETCONFA_IFINDEX, ifindex) < 0)
2096 goto nla_put_failure;
2097
2098 if (!devconf)
2099 goto out;
2100
2101 if ((all || type == NETCONFA_FORWARDING) &&
2102 nla_put_s32(skb, NETCONFA_FORWARDING,
2103 IPV4_DEVCONF_RO(*devconf, FORWARDING)) < 0)
2104 goto nla_put_failure;
2105 if ((all || type == NETCONFA_RP_FILTER) &&
2106 nla_put_s32(skb, NETCONFA_RP_FILTER,
2107 IPV4_DEVCONF_RO(*devconf, RP_FILTER)) < 0)
2108 goto nla_put_failure;
2109 if ((all || type == NETCONFA_MC_FORWARDING) &&
2110 nla_put_s32(skb, NETCONFA_MC_FORWARDING,
2111 IPV4_DEVCONF_RO(*devconf, MC_FORWARDING)) < 0)
2112 goto nla_put_failure;
2113 if ((all || type == NETCONFA_BC_FORWARDING) &&
2114 nla_put_s32(skb, NETCONFA_BC_FORWARDING,
2115 IPV4_DEVCONF_RO(*devconf, BC_FORWARDING)) < 0)
2116 goto nla_put_failure;
2117 if ((all || type == NETCONFA_PROXY_NEIGH) &&
2118 nla_put_s32(skb, NETCONFA_PROXY_NEIGH,
2119 IPV4_DEVCONF_RO(*devconf, PROXY_ARP)) < 0)
2120 goto nla_put_failure;
2121 if ((all || type == NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN) &&
2122 nla_put_s32(skb, NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN,
2123 IPV4_DEVCONF_RO(*devconf,
2124 IGNORE_ROUTES_WITH_LINKDOWN)) < 0)
2125 goto nla_put_failure;
2126
2127 out:
2128 nlmsg_end(skb, nlh);
2129 return 0;
2130
2131 nla_put_failure:
2132 nlmsg_cancel(skb, nlh);
2133 return -EMSGSIZE;
2134 }
2135
inet_netconf_notify_devconf(struct net * net,int event,int type,int ifindex,struct ipv4_devconf * devconf)2136 void inet_netconf_notify_devconf(struct net *net, int event, int type,
2137 int ifindex, struct ipv4_devconf *devconf)
2138 {
2139 struct sk_buff *skb;
2140 int err = -ENOBUFS;
2141
2142 skb = nlmsg_new(inet_netconf_msgsize_devconf(type), GFP_KERNEL);
2143 if (!skb)
2144 goto errout;
2145
2146 err = inet_netconf_fill_devconf(skb, ifindex, devconf, 0, 0,
2147 event, 0, type);
2148 if (err < 0) {
2149 /* -EMSGSIZE implies BUG in inet_netconf_msgsize_devconf() */
2150 WARN_ON(err == -EMSGSIZE);
2151 kfree_skb(skb);
2152 goto errout;
2153 }
2154 rtnl_notify(skb, net, 0, RTNLGRP_IPV4_NETCONF, NULL, GFP_KERNEL);
2155 return;
2156 errout:
2157 rtnl_set_sk_err(net, RTNLGRP_IPV4_NETCONF, err);
2158 }
2159
2160 static const struct nla_policy devconf_ipv4_policy[NETCONFA_MAX+1] = {
2161 [NETCONFA_IFINDEX] = { .len = sizeof(int) },
2162 [NETCONFA_FORWARDING] = { .len = sizeof(int) },
2163 [NETCONFA_RP_FILTER] = { .len = sizeof(int) },
2164 [NETCONFA_PROXY_NEIGH] = { .len = sizeof(int) },
2165 [NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN] = { .len = sizeof(int) },
2166 };
2167
inet_netconf_valid_get_req(struct sk_buff * skb,const struct nlmsghdr * nlh,struct nlattr ** tb,struct netlink_ext_ack * extack)2168 static int inet_netconf_valid_get_req(struct sk_buff *skb,
2169 const struct nlmsghdr *nlh,
2170 struct nlattr **tb,
2171 struct netlink_ext_ack *extack)
2172 {
2173 int i, err;
2174
2175 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(struct netconfmsg))) {
2176 NL_SET_ERR_MSG(extack, "ipv4: Invalid header for netconf get request");
2177 return -EINVAL;
2178 }
2179
2180 if (!netlink_strict_get_check(skb))
2181 return nlmsg_parse_deprecated(nlh, sizeof(struct netconfmsg),
2182 tb, NETCONFA_MAX,
2183 devconf_ipv4_policy, extack);
2184
2185 err = nlmsg_parse_deprecated_strict(nlh, sizeof(struct netconfmsg),
2186 tb, NETCONFA_MAX,
2187 devconf_ipv4_policy, extack);
2188 if (err)
2189 return err;
2190
2191 for (i = 0; i <= NETCONFA_MAX; i++) {
2192 if (!tb[i])
2193 continue;
2194
2195 switch (i) {
2196 case NETCONFA_IFINDEX:
2197 break;
2198 default:
2199 NL_SET_ERR_MSG(extack, "ipv4: Unsupported attribute in netconf get request");
2200 return -EINVAL;
2201 }
2202 }
2203
2204 return 0;
2205 }
2206
inet_netconf_get_devconf(struct sk_buff * in_skb,struct nlmsghdr * nlh,struct netlink_ext_ack * extack)2207 static int inet_netconf_get_devconf(struct sk_buff *in_skb,
2208 struct nlmsghdr *nlh,
2209 struct netlink_ext_ack *extack)
2210 {
2211 struct net *net = sock_net(in_skb->sk);
2212 struct nlattr *tb[NETCONFA_MAX + 1];
2213 const struct ipv4_devconf *devconf;
2214 struct in_device *in_dev = NULL;
2215 struct net_device *dev = NULL;
2216 struct sk_buff *skb;
2217 int ifindex;
2218 int err;
2219
2220 err = inet_netconf_valid_get_req(in_skb, nlh, tb, extack);
2221 if (err)
2222 return err;
2223
2224 if (!tb[NETCONFA_IFINDEX])
2225 return -EINVAL;
2226
2227 ifindex = nla_get_s32(tb[NETCONFA_IFINDEX]);
2228 switch (ifindex) {
2229 case NETCONFA_IFINDEX_ALL:
2230 devconf = net->ipv4.devconf_all;
2231 break;
2232 case NETCONFA_IFINDEX_DEFAULT:
2233 devconf = net->ipv4.devconf_dflt;
2234 break;
2235 default:
2236 err = -ENODEV;
2237 dev = dev_get_by_index(net, ifindex);
2238 if (dev)
2239 in_dev = in_dev_get(dev);
2240 if (!in_dev)
2241 goto errout;
2242 devconf = &in_dev->cnf;
2243 break;
2244 }
2245
2246 err = -ENOBUFS;
2247 skb = nlmsg_new(inet_netconf_msgsize_devconf(NETCONFA_ALL), GFP_KERNEL);
2248 if (!skb)
2249 goto errout;
2250
2251 err = inet_netconf_fill_devconf(skb, ifindex, devconf,
2252 NETLINK_CB(in_skb).portid,
2253 nlh->nlmsg_seq, RTM_NEWNETCONF, 0,
2254 NETCONFA_ALL);
2255 if (err < 0) {
2256 /* -EMSGSIZE implies BUG in inet_netconf_msgsize_devconf() */
2257 WARN_ON(err == -EMSGSIZE);
2258 kfree_skb(skb);
2259 goto errout;
2260 }
2261 err = rtnl_unicast(skb, net, NETLINK_CB(in_skb).portid);
2262 errout:
2263 if (in_dev)
2264 in_dev_put(in_dev);
2265 dev_put(dev);
2266 return err;
2267 }
2268
inet_netconf_dump_devconf(struct sk_buff * skb,struct netlink_callback * cb)2269 static int inet_netconf_dump_devconf(struct sk_buff *skb,
2270 struct netlink_callback *cb)
2271 {
2272 const struct nlmsghdr *nlh = cb->nlh;
2273 struct net *net = sock_net(skb->sk);
2274 struct {
2275 unsigned long ifindex;
2276 unsigned int all_default;
2277 } *ctx = (void *)cb->ctx;
2278 const struct in_device *in_dev;
2279 struct net_device *dev;
2280 int err = 0;
2281
2282 if (cb->strict_check) {
2283 struct netlink_ext_ack *extack = cb->extack;
2284 struct netconfmsg *ncm;
2285
2286 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ncm))) {
2287 NL_SET_ERR_MSG(extack, "ipv4: Invalid header for netconf dump request");
2288 return -EINVAL;
2289 }
2290
2291 if (nlmsg_attrlen(nlh, sizeof(*ncm))) {
2292 NL_SET_ERR_MSG(extack, "ipv4: Invalid data after header in netconf dump request");
2293 return -EINVAL;
2294 }
2295 }
2296
2297 rcu_read_lock();
2298 for_each_netdev_dump(net, dev, ctx->ifindex) {
2299 in_dev = __in_dev_get_rcu(dev);
2300 if (!in_dev)
2301 continue;
2302 err = inet_netconf_fill_devconf(skb, dev->ifindex,
2303 &in_dev->cnf,
2304 NETLINK_CB(cb->skb).portid,
2305 nlh->nlmsg_seq,
2306 RTM_NEWNETCONF, NLM_F_MULTI,
2307 NETCONFA_ALL);
2308 if (err < 0)
2309 goto done;
2310 }
2311 if (ctx->all_default == 0) {
2312 err = inet_netconf_fill_devconf(skb, NETCONFA_IFINDEX_ALL,
2313 net->ipv4.devconf_all,
2314 NETLINK_CB(cb->skb).portid,
2315 nlh->nlmsg_seq,
2316 RTM_NEWNETCONF, NLM_F_MULTI,
2317 NETCONFA_ALL);
2318 if (err < 0)
2319 goto done;
2320 ctx->all_default++;
2321 }
2322 if (ctx->all_default == 1) {
2323 err = inet_netconf_fill_devconf(skb, NETCONFA_IFINDEX_DEFAULT,
2324 net->ipv4.devconf_dflt,
2325 NETLINK_CB(cb->skb).portid,
2326 nlh->nlmsg_seq,
2327 RTM_NEWNETCONF, NLM_F_MULTI,
2328 NETCONFA_ALL);
2329 if (err < 0)
2330 goto done;
2331 ctx->all_default++;
2332 }
2333 done:
2334 rcu_read_unlock();
2335 return err;
2336 }
2337
2338 #ifdef CONFIG_SYSCTL
2339
devinet_copy_dflt_conf(struct net * net,int i)2340 static void devinet_copy_dflt_conf(struct net *net, int i)
2341 {
2342 struct net_device *dev;
2343
2344 rcu_read_lock();
2345 for_each_netdev_rcu(net, dev) {
2346 struct in_device *in_dev;
2347
2348 in_dev = __in_dev_get_rcu(dev);
2349 if (in_dev && !test_bit(i, in_dev->cnf.state))
2350 in_dev->cnf.data[i] = net->ipv4.devconf_dflt->data[i];
2351 }
2352 rcu_read_unlock();
2353 }
2354
2355 /* called with RTNL locked */
inet_forward_change(struct net * net)2356 static void inet_forward_change(struct net *net)
2357 {
2358 struct net_device *dev;
2359 int on = IPV4_DEVCONF_ALL(net, FORWARDING);
2360
2361 IPV4_DEVCONF_ALL(net, ACCEPT_REDIRECTS) = !on;
2362 IPV4_DEVCONF_DFLT(net, FORWARDING) = on;
2363 inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
2364 NETCONFA_FORWARDING,
2365 NETCONFA_IFINDEX_ALL,
2366 net->ipv4.devconf_all);
2367 inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
2368 NETCONFA_FORWARDING,
2369 NETCONFA_IFINDEX_DEFAULT,
2370 net->ipv4.devconf_dflt);
2371
2372 for_each_netdev(net, dev) {
2373 struct in_device *in_dev;
2374
2375 if (on)
2376 dev_disable_lro(dev);
2377
2378 in_dev = __in_dev_get_rtnl(dev);
2379 if (in_dev) {
2380 IN_DEV_CONF_SET(in_dev, FORWARDING, on);
2381 inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
2382 NETCONFA_FORWARDING,
2383 dev->ifindex, &in_dev->cnf);
2384 }
2385 }
2386 }
2387
devinet_conf_ifindex(struct net * net,struct ipv4_devconf * cnf)2388 static int devinet_conf_ifindex(struct net *net, struct ipv4_devconf *cnf)
2389 {
2390 if (cnf == net->ipv4.devconf_dflt)
2391 return NETCONFA_IFINDEX_DEFAULT;
2392 else if (cnf == net->ipv4.devconf_all)
2393 return NETCONFA_IFINDEX_ALL;
2394 else {
2395 struct in_device *idev
2396 = container_of(cnf, struct in_device, cnf);
2397 return idev->dev->ifindex;
2398 }
2399 }
2400
devinet_conf_proc(const struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)2401 static int devinet_conf_proc(const struct ctl_table *ctl, int write,
2402 void *buffer, size_t *lenp, loff_t *ppos)
2403 {
2404 int old_value = *(int *)ctl->data;
2405 int ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
2406 int new_value = *(int *)ctl->data;
2407
2408 if (write) {
2409 struct ipv4_devconf *cnf = ctl->extra1;
2410 struct net *net = ctl->extra2;
2411 int i = (int *)ctl->data - cnf->data;
2412 int ifindex;
2413
2414 set_bit(i, cnf->state);
2415
2416 if (cnf == net->ipv4.devconf_dflt)
2417 devinet_copy_dflt_conf(net, i);
2418 if (i == IPV4_DEVCONF_ACCEPT_LOCAL - 1 ||
2419 i == IPV4_DEVCONF_ROUTE_LOCALNET - 1)
2420 if ((new_value == 0) && (old_value != 0))
2421 rt_cache_flush(net);
2422
2423 if (i == IPV4_DEVCONF_BC_FORWARDING - 1 &&
2424 new_value != old_value)
2425 rt_cache_flush(net);
2426
2427 if (i == IPV4_DEVCONF_RP_FILTER - 1 &&
2428 new_value != old_value) {
2429 ifindex = devinet_conf_ifindex(net, cnf);
2430 inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
2431 NETCONFA_RP_FILTER,
2432 ifindex, cnf);
2433 }
2434 if (i == IPV4_DEVCONF_PROXY_ARP - 1 &&
2435 new_value != old_value) {
2436 ifindex = devinet_conf_ifindex(net, cnf);
2437 inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
2438 NETCONFA_PROXY_NEIGH,
2439 ifindex, cnf);
2440 }
2441 if (i == IPV4_DEVCONF_IGNORE_ROUTES_WITH_LINKDOWN - 1 &&
2442 new_value != old_value) {
2443 ifindex = devinet_conf_ifindex(net, cnf);
2444 inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
2445 NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN,
2446 ifindex, cnf);
2447 }
2448 }
2449
2450 return ret;
2451 }
2452
devinet_sysctl_forward(const struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)2453 static int devinet_sysctl_forward(const struct ctl_table *ctl, int write,
2454 void *buffer, size_t *lenp, loff_t *ppos)
2455 {
2456 int *valp = ctl->data;
2457 int val = *valp;
2458 loff_t pos = *ppos;
2459 struct net *net = ctl->extra2;
2460 int ret;
2461
2462 if (write && !ns_capable(net->user_ns, CAP_NET_ADMIN))
2463 return -EPERM;
2464
2465 ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
2466
2467 if (write && *valp != val) {
2468 if (valp != &IPV4_DEVCONF_DFLT(net, FORWARDING)) {
2469 if (!rtnl_trylock()) {
2470 /* Restore the original values before restarting */
2471 *valp = val;
2472 *ppos = pos;
2473 return restart_syscall();
2474 }
2475 if (valp == &IPV4_DEVCONF_ALL(net, FORWARDING)) {
2476 inet_forward_change(net);
2477 } else {
2478 struct ipv4_devconf *cnf = ctl->extra1;
2479 struct in_device *idev =
2480 container_of(cnf, struct in_device, cnf);
2481 if (*valp)
2482 dev_disable_lro(idev->dev);
2483 inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
2484 NETCONFA_FORWARDING,
2485 idev->dev->ifindex,
2486 cnf);
2487 }
2488 rtnl_unlock();
2489 rt_cache_flush(net);
2490 } else
2491 inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
2492 NETCONFA_FORWARDING,
2493 NETCONFA_IFINDEX_DEFAULT,
2494 net->ipv4.devconf_dflt);
2495 }
2496
2497 return ret;
2498 }
2499
ipv4_doint_and_flush(const struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)2500 static int ipv4_doint_and_flush(const struct ctl_table *ctl, int write,
2501 void *buffer, size_t *lenp, loff_t *ppos)
2502 {
2503 int *valp = ctl->data;
2504 int val = *valp;
2505 int ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
2506 struct net *net = ctl->extra2;
2507
2508 if (write && *valp != val)
2509 rt_cache_flush(net);
2510
2511 return ret;
2512 }
2513
2514 #define DEVINET_SYSCTL_ENTRY(attr, name, mval, proc) \
2515 { \
2516 .procname = name, \
2517 .data = ipv4_devconf.data + \
2518 IPV4_DEVCONF_ ## attr - 1, \
2519 .maxlen = sizeof(int), \
2520 .mode = mval, \
2521 .proc_handler = proc, \
2522 .extra1 = &ipv4_devconf, \
2523 }
2524
2525 #define DEVINET_SYSCTL_RW_ENTRY(attr, name) \
2526 DEVINET_SYSCTL_ENTRY(attr, name, 0644, devinet_conf_proc)
2527
2528 #define DEVINET_SYSCTL_RO_ENTRY(attr, name) \
2529 DEVINET_SYSCTL_ENTRY(attr, name, 0444, devinet_conf_proc)
2530
2531 #define DEVINET_SYSCTL_COMPLEX_ENTRY(attr, name, proc) \
2532 DEVINET_SYSCTL_ENTRY(attr, name, 0644, proc)
2533
2534 #define DEVINET_SYSCTL_FLUSHING_ENTRY(attr, name) \
2535 DEVINET_SYSCTL_COMPLEX_ENTRY(attr, name, ipv4_doint_and_flush)
2536
2537 static struct devinet_sysctl_table {
2538 struct ctl_table_header *sysctl_header;
2539 struct ctl_table devinet_vars[IPV4_DEVCONF_MAX];
2540 } devinet_sysctl = {
2541 .devinet_vars = {
2542 DEVINET_SYSCTL_COMPLEX_ENTRY(FORWARDING, "forwarding",
2543 devinet_sysctl_forward),
2544 DEVINET_SYSCTL_RO_ENTRY(MC_FORWARDING, "mc_forwarding"),
2545 DEVINET_SYSCTL_RW_ENTRY(BC_FORWARDING, "bc_forwarding"),
2546
2547 DEVINET_SYSCTL_RW_ENTRY(ACCEPT_REDIRECTS, "accept_redirects"),
2548 DEVINET_SYSCTL_RW_ENTRY(SECURE_REDIRECTS, "secure_redirects"),
2549 DEVINET_SYSCTL_RW_ENTRY(SHARED_MEDIA, "shared_media"),
2550 DEVINET_SYSCTL_RW_ENTRY(RP_FILTER, "rp_filter"),
2551 DEVINET_SYSCTL_RW_ENTRY(SEND_REDIRECTS, "send_redirects"),
2552 DEVINET_SYSCTL_RW_ENTRY(ACCEPT_SOURCE_ROUTE,
2553 "accept_source_route"),
2554 DEVINET_SYSCTL_RW_ENTRY(ACCEPT_LOCAL, "accept_local"),
2555 DEVINET_SYSCTL_RW_ENTRY(SRC_VMARK, "src_valid_mark"),
2556 DEVINET_SYSCTL_RW_ENTRY(PROXY_ARP, "proxy_arp"),
2557 DEVINET_SYSCTL_RW_ENTRY(MEDIUM_ID, "medium_id"),
2558 DEVINET_SYSCTL_RW_ENTRY(BOOTP_RELAY, "bootp_relay"),
2559 DEVINET_SYSCTL_RW_ENTRY(LOG_MARTIANS, "log_martians"),
2560 DEVINET_SYSCTL_RW_ENTRY(TAG, "tag"),
2561 DEVINET_SYSCTL_RW_ENTRY(ARPFILTER, "arp_filter"),
2562 DEVINET_SYSCTL_RW_ENTRY(ARP_ANNOUNCE, "arp_announce"),
2563 DEVINET_SYSCTL_RW_ENTRY(ARP_IGNORE, "arp_ignore"),
2564 DEVINET_SYSCTL_RW_ENTRY(ARP_ACCEPT, "arp_accept"),
2565 DEVINET_SYSCTL_RW_ENTRY(ARP_NOTIFY, "arp_notify"),
2566 DEVINET_SYSCTL_RW_ENTRY(ARP_EVICT_NOCARRIER,
2567 "arp_evict_nocarrier"),
2568 DEVINET_SYSCTL_RW_ENTRY(PROXY_ARP_PVLAN, "proxy_arp_pvlan"),
2569 DEVINET_SYSCTL_RW_ENTRY(FORCE_IGMP_VERSION,
2570 "force_igmp_version"),
2571 DEVINET_SYSCTL_RW_ENTRY(IGMPV2_UNSOLICITED_REPORT_INTERVAL,
2572 "igmpv2_unsolicited_report_interval"),
2573 DEVINET_SYSCTL_RW_ENTRY(IGMPV3_UNSOLICITED_REPORT_INTERVAL,
2574 "igmpv3_unsolicited_report_interval"),
2575 DEVINET_SYSCTL_RW_ENTRY(IGNORE_ROUTES_WITH_LINKDOWN,
2576 "ignore_routes_with_linkdown"),
2577 DEVINET_SYSCTL_RW_ENTRY(DROP_GRATUITOUS_ARP,
2578 "drop_gratuitous_arp"),
2579
2580 DEVINET_SYSCTL_FLUSHING_ENTRY(NOXFRM, "disable_xfrm"),
2581 DEVINET_SYSCTL_FLUSHING_ENTRY(NOPOLICY, "disable_policy"),
2582 DEVINET_SYSCTL_FLUSHING_ENTRY(PROMOTE_SECONDARIES,
2583 "promote_secondaries"),
2584 DEVINET_SYSCTL_FLUSHING_ENTRY(ROUTE_LOCALNET,
2585 "route_localnet"),
2586 DEVINET_SYSCTL_FLUSHING_ENTRY(DROP_UNICAST_IN_L2_MULTICAST,
2587 "drop_unicast_in_l2_multicast"),
2588 },
2589 };
2590
__devinet_sysctl_register(struct net * net,char * dev_name,int ifindex,struct ipv4_devconf * p)2591 static int __devinet_sysctl_register(struct net *net, char *dev_name,
2592 int ifindex, struct ipv4_devconf *p)
2593 {
2594 int i;
2595 struct devinet_sysctl_table *t;
2596 char path[sizeof("net/ipv4/conf/") + IFNAMSIZ];
2597
2598 t = kmemdup(&devinet_sysctl, sizeof(*t), GFP_KERNEL_ACCOUNT);
2599 if (!t)
2600 goto out;
2601
2602 for (i = 0; i < ARRAY_SIZE(t->devinet_vars); i++) {
2603 t->devinet_vars[i].data += (char *)p - (char *)&ipv4_devconf;
2604 t->devinet_vars[i].extra1 = p;
2605 t->devinet_vars[i].extra2 = net;
2606 }
2607
2608 snprintf(path, sizeof(path), "net/ipv4/conf/%s", dev_name);
2609
2610 t->sysctl_header = register_net_sysctl(net, path, t->devinet_vars);
2611 if (!t->sysctl_header)
2612 goto free;
2613
2614 p->sysctl = t;
2615
2616 inet_netconf_notify_devconf(net, RTM_NEWNETCONF, NETCONFA_ALL,
2617 ifindex, p);
2618 return 0;
2619
2620 free:
2621 kfree(t);
2622 out:
2623 return -ENOMEM;
2624 }
2625
__devinet_sysctl_unregister(struct net * net,struct ipv4_devconf * cnf,int ifindex)2626 static void __devinet_sysctl_unregister(struct net *net,
2627 struct ipv4_devconf *cnf, int ifindex)
2628 {
2629 struct devinet_sysctl_table *t = cnf->sysctl;
2630
2631 if (t) {
2632 cnf->sysctl = NULL;
2633 unregister_net_sysctl_table(t->sysctl_header);
2634 kfree(t);
2635 }
2636
2637 inet_netconf_notify_devconf(net, RTM_DELNETCONF, 0, ifindex, NULL);
2638 }
2639
devinet_sysctl_register(struct in_device * idev)2640 static int devinet_sysctl_register(struct in_device *idev)
2641 {
2642 int err;
2643
2644 if (!sysctl_dev_name_is_allowed(idev->dev->name))
2645 return -EINVAL;
2646
2647 err = neigh_sysctl_register(idev->dev, idev->arp_parms, NULL);
2648 if (err)
2649 return err;
2650 err = __devinet_sysctl_register(dev_net(idev->dev), idev->dev->name,
2651 idev->dev->ifindex, &idev->cnf);
2652 if (err)
2653 neigh_sysctl_unregister(idev->arp_parms);
2654 return err;
2655 }
2656
devinet_sysctl_unregister(struct in_device * idev)2657 static void devinet_sysctl_unregister(struct in_device *idev)
2658 {
2659 struct net *net = dev_net(idev->dev);
2660
2661 __devinet_sysctl_unregister(net, &idev->cnf, idev->dev->ifindex);
2662 neigh_sysctl_unregister(idev->arp_parms);
2663 }
2664
2665 static struct ctl_table ctl_forward_entry[] = {
2666 {
2667 .procname = "ip_forward",
2668 .data = &ipv4_devconf.data[
2669 IPV4_DEVCONF_FORWARDING - 1],
2670 .maxlen = sizeof(int),
2671 .mode = 0644,
2672 .proc_handler = devinet_sysctl_forward,
2673 .extra1 = &ipv4_devconf,
2674 .extra2 = &init_net,
2675 },
2676 };
2677 #endif
2678
devinet_init_net(struct net * net)2679 static __net_init int devinet_init_net(struct net *net)
2680 {
2681 int err;
2682 struct ipv4_devconf *all, *dflt;
2683 #ifdef CONFIG_SYSCTL
2684 struct ctl_table *tbl;
2685 struct ctl_table_header *forw_hdr;
2686 #endif
2687
2688 err = -ENOMEM;
2689 all = kmemdup(&ipv4_devconf, sizeof(ipv4_devconf), GFP_KERNEL);
2690 if (!all)
2691 goto err_alloc_all;
2692
2693 dflt = kmemdup(&ipv4_devconf_dflt, sizeof(ipv4_devconf_dflt), GFP_KERNEL);
2694 if (!dflt)
2695 goto err_alloc_dflt;
2696
2697 #ifdef CONFIG_SYSCTL
2698 tbl = kmemdup(ctl_forward_entry, sizeof(ctl_forward_entry), GFP_KERNEL);
2699 if (!tbl)
2700 goto err_alloc_ctl;
2701
2702 tbl[0].data = &all->data[IPV4_DEVCONF_FORWARDING - 1];
2703 tbl[0].extra1 = all;
2704 tbl[0].extra2 = net;
2705 #endif
2706
2707 if (!net_eq(net, &init_net)) {
2708 switch (net_inherit_devconf()) {
2709 case 3:
2710 /* copy from the current netns */
2711 memcpy(all, current->nsproxy->net_ns->ipv4.devconf_all,
2712 sizeof(ipv4_devconf));
2713 memcpy(dflt,
2714 current->nsproxy->net_ns->ipv4.devconf_dflt,
2715 sizeof(ipv4_devconf_dflt));
2716 break;
2717 case 0:
2718 case 1:
2719 /* copy from init_net */
2720 memcpy(all, init_net.ipv4.devconf_all,
2721 sizeof(ipv4_devconf));
2722 memcpy(dflt, init_net.ipv4.devconf_dflt,
2723 sizeof(ipv4_devconf_dflt));
2724 break;
2725 case 2:
2726 /* use compiled values */
2727 break;
2728 }
2729 }
2730
2731 #ifdef CONFIG_SYSCTL
2732 err = __devinet_sysctl_register(net, "all", NETCONFA_IFINDEX_ALL, all);
2733 if (err < 0)
2734 goto err_reg_all;
2735
2736 err = __devinet_sysctl_register(net, "default",
2737 NETCONFA_IFINDEX_DEFAULT, dflt);
2738 if (err < 0)
2739 goto err_reg_dflt;
2740
2741 err = -ENOMEM;
2742 forw_hdr = register_net_sysctl_sz(net, "net/ipv4", tbl,
2743 ARRAY_SIZE(ctl_forward_entry));
2744 if (!forw_hdr)
2745 goto err_reg_ctl;
2746 net->ipv4.forw_hdr = forw_hdr;
2747 #endif
2748
2749 net->ipv4.devconf_all = all;
2750 net->ipv4.devconf_dflt = dflt;
2751 return 0;
2752
2753 #ifdef CONFIG_SYSCTL
2754 err_reg_ctl:
2755 __devinet_sysctl_unregister(net, dflt, NETCONFA_IFINDEX_DEFAULT);
2756 err_reg_dflt:
2757 __devinet_sysctl_unregister(net, all, NETCONFA_IFINDEX_ALL);
2758 err_reg_all:
2759 kfree(tbl);
2760 err_alloc_ctl:
2761 #endif
2762 kfree(dflt);
2763 err_alloc_dflt:
2764 kfree(all);
2765 err_alloc_all:
2766 return err;
2767 }
2768
devinet_exit_net(struct net * net)2769 static __net_exit void devinet_exit_net(struct net *net)
2770 {
2771 #ifdef CONFIG_SYSCTL
2772 const struct ctl_table *tbl;
2773
2774 tbl = net->ipv4.forw_hdr->ctl_table_arg;
2775 unregister_net_sysctl_table(net->ipv4.forw_hdr);
2776 __devinet_sysctl_unregister(net, net->ipv4.devconf_dflt,
2777 NETCONFA_IFINDEX_DEFAULT);
2778 __devinet_sysctl_unregister(net, net->ipv4.devconf_all,
2779 NETCONFA_IFINDEX_ALL);
2780 kfree(tbl);
2781 #endif
2782 kfree(net->ipv4.devconf_dflt);
2783 kfree(net->ipv4.devconf_all);
2784 }
2785
2786 static __net_initdata struct pernet_operations devinet_ops = {
2787 .init = devinet_init_net,
2788 .exit = devinet_exit_net,
2789 };
2790
2791 static struct rtnl_af_ops inet_af_ops __read_mostly = {
2792 .family = AF_INET,
2793 .fill_link_af = inet_fill_link_af,
2794 .get_link_af_size = inet_get_link_af_size,
2795 .validate_link_af = inet_validate_link_af,
2796 .set_link_af = inet_set_link_af,
2797 };
2798
devinet_init(void)2799 void __init devinet_init(void)
2800 {
2801 int i;
2802
2803 for (i = 0; i < IN4_ADDR_HSIZE; i++)
2804 INIT_HLIST_HEAD(&inet_addr_lst[i]);
2805
2806 register_pernet_subsys(&devinet_ops);
2807 register_netdevice_notifier(&ip_netdev_notifier);
2808
2809 queue_delayed_work(system_power_efficient_wq, &check_lifetime_work, 0);
2810
2811 rtnl_af_register(&inet_af_ops);
2812
2813 rtnl_register(PF_INET, RTM_NEWADDR, inet_rtm_newaddr, NULL, 0);
2814 rtnl_register(PF_INET, RTM_DELADDR, inet_rtm_deladdr, NULL, 0);
2815 rtnl_register(PF_INET, RTM_GETADDR, NULL, inet_dump_ifaddr,
2816 RTNL_FLAG_DUMP_UNLOCKED | RTNL_FLAG_DUMP_SPLIT_NLM_DONE);
2817 rtnl_register(PF_INET, RTM_GETNETCONF, inet_netconf_get_devconf,
2818 inet_netconf_dump_devconf,
2819 RTNL_FLAG_DOIT_UNLOCKED | RTNL_FLAG_DUMP_UNLOCKED);
2820 }
2821