1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * NET3 IP device support routines.
4 *
5 * Derived from the IP parts of dev.c 1.0.19
6 * Authors: Ross Biro
7 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
8 * Mark Evans, <evansmp@uhura.aston.ac.uk>
9 *
10 * Additional Authors:
11 * Alan Cox, <gw4pts@gw4pts.ampr.org>
12 * Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>
13 *
14 * Changes:
15 * Alexey Kuznetsov: pa_* fields are replaced with ifaddr
16 * lists.
17 * Cyrus Durgin: updated for kmod
18 * Matthias Andree: in devinet_ioctl, compare label and
19 * address (4.4BSD alias style support),
20 * fall back to comparing just the label
21 * if no match found.
22 */
23
24
25 #include <linux/uaccess.h>
26 #include <linux/bitops.h>
27 #include <linux/capability.h>
28 #include <linux/module.h>
29 #include <linux/types.h>
30 #include <linux/kernel.h>
31 #include <linux/sched/signal.h>
32 #include <linux/string.h>
33 #include <linux/mm.h>
34 #include <linux/socket.h>
35 #include <linux/sockios.h>
36 #include <linux/in.h>
37 #include <linux/errno.h>
38 #include <linux/interrupt.h>
39 #include <linux/if_addr.h>
40 #include <linux/if_ether.h>
41 #include <linux/inet.h>
42 #include <linux/netdevice.h>
43 #include <linux/etherdevice.h>
44 #include <linux/skbuff.h>
45 #include <linux/init.h>
46 #include <linux/notifier.h>
47 #include <linux/inetdevice.h>
48 #include <linux/igmp.h>
49 #include <linux/slab.h>
50 #include <linux/hash.h>
51 #ifdef CONFIG_SYSCTL
52 #include <linux/sysctl.h>
53 #endif
54 #include <linux/kmod.h>
55 #include <linux/netconf.h>
56
57 #include <net/arp.h>
58 #include <net/ip.h>
59 #include <net/route.h>
60 #include <net/ip_fib.h>
61 #include <net/rtnetlink.h>
62 #include <net/net_namespace.h>
63 #include <net/addrconf.h>
64
65 #define IPV6ONLY_FLAGS \
66 (IFA_F_NODAD | IFA_F_OPTIMISTIC | IFA_F_DADFAILED | \
67 IFA_F_HOMEADDRESS | IFA_F_TENTATIVE | \
68 IFA_F_MANAGETEMPADDR | IFA_F_STABLE_PRIVACY)
69
70 static struct ipv4_devconf ipv4_devconf = {
71 .data = {
72 [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 1,
73 [IPV4_DEVCONF_SEND_REDIRECTS - 1] = 1,
74 [IPV4_DEVCONF_SECURE_REDIRECTS - 1] = 1,
75 [IPV4_DEVCONF_SHARED_MEDIA - 1] = 1,
76 [IPV4_DEVCONF_IGMPV2_UNSOLICITED_REPORT_INTERVAL - 1] = 10000 /*ms*/,
77 [IPV4_DEVCONF_IGMPV3_UNSOLICITED_REPORT_INTERVAL - 1] = 1000 /*ms*/,
78 [IPV4_DEVCONF_ARP_EVICT_NOCARRIER - 1] = 1,
79 },
80 };
81
82 static struct ipv4_devconf ipv4_devconf_dflt = {
83 .data = {
84 [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 1,
85 [IPV4_DEVCONF_SEND_REDIRECTS - 1] = 1,
86 [IPV4_DEVCONF_SECURE_REDIRECTS - 1] = 1,
87 [IPV4_DEVCONF_SHARED_MEDIA - 1] = 1,
88 [IPV4_DEVCONF_ACCEPT_SOURCE_ROUTE - 1] = 1,
89 [IPV4_DEVCONF_IGMPV2_UNSOLICITED_REPORT_INTERVAL - 1] = 10000 /*ms*/,
90 [IPV4_DEVCONF_IGMPV3_UNSOLICITED_REPORT_INTERVAL - 1] = 1000 /*ms*/,
91 [IPV4_DEVCONF_ARP_EVICT_NOCARRIER - 1] = 1,
92 },
93 };
94
95 #define IPV4_DEVCONF_DFLT(net, attr) \
96 IPV4_DEVCONF((*net->ipv4.devconf_dflt), attr)
97
98 static const struct nla_policy ifa_ipv4_policy[IFA_MAX+1] = {
99 [IFA_LOCAL] = { .type = NLA_U32 },
100 [IFA_ADDRESS] = { .type = NLA_U32 },
101 [IFA_BROADCAST] = { .type = NLA_U32 },
102 [IFA_LABEL] = { .type = NLA_STRING, .len = IFNAMSIZ - 1 },
103 [IFA_CACHEINFO] = { .len = sizeof(struct ifa_cacheinfo) },
104 [IFA_FLAGS] = { .type = NLA_U32 },
105 [IFA_RT_PRIORITY] = { .type = NLA_U32 },
106 [IFA_TARGET_NETNSID] = { .type = NLA_S32 },
107 };
108
109 struct inet_fill_args {
110 u32 portid;
111 u32 seq;
112 int event;
113 unsigned int flags;
114 int netnsid;
115 int ifindex;
116 };
117
118 #define IN4_ADDR_HSIZE_SHIFT 8
119 #define IN4_ADDR_HSIZE (1U << IN4_ADDR_HSIZE_SHIFT)
120
121 static struct hlist_head inet_addr_lst[IN4_ADDR_HSIZE];
122
inet_addr_hash(const struct net * net,__be32 addr)123 static u32 inet_addr_hash(const struct net *net, __be32 addr)
124 {
125 u32 val = (__force u32) addr ^ net_hash_mix(net);
126
127 return hash_32(val, IN4_ADDR_HSIZE_SHIFT);
128 }
129
inet_hash_insert(struct net * net,struct in_ifaddr * ifa)130 static void inet_hash_insert(struct net *net, struct in_ifaddr *ifa)
131 {
132 u32 hash = inet_addr_hash(net, ifa->ifa_local);
133
134 ASSERT_RTNL();
135 hlist_add_head_rcu(&ifa->hash, &inet_addr_lst[hash]);
136 }
137
inet_hash_remove(struct in_ifaddr * ifa)138 static void inet_hash_remove(struct in_ifaddr *ifa)
139 {
140 ASSERT_RTNL();
141 hlist_del_init_rcu(&ifa->hash);
142 }
143
144 /**
145 * __ip_dev_find - find the first device with a given source address.
146 * @net: the net namespace
147 * @addr: the source address
148 * @devref: if true, take a reference on the found device
149 *
150 * If a caller uses devref=false, it should be protected by RCU, or RTNL
151 */
__ip_dev_find(struct net * net,__be32 addr,bool devref)152 struct net_device *__ip_dev_find(struct net *net, __be32 addr, bool devref)
153 {
154 struct net_device *result = NULL;
155 struct in_ifaddr *ifa;
156
157 rcu_read_lock();
158 ifa = inet_lookup_ifaddr_rcu(net, addr);
159 if (!ifa) {
160 struct flowi4 fl4 = { .daddr = addr };
161 struct fib_result res = { 0 };
162 struct fib_table *local;
163
164 /* Fallback to FIB local table so that communication
165 * over loopback subnets work.
166 */
167 local = fib_get_table(net, RT_TABLE_LOCAL);
168 if (local &&
169 !fib_table_lookup(local, &fl4, &res, FIB_LOOKUP_NOREF) &&
170 res.type == RTN_LOCAL)
171 result = FIB_RES_DEV(res);
172 } else {
173 result = ifa->ifa_dev->dev;
174 }
175 if (result && devref)
176 dev_hold(result);
177 rcu_read_unlock();
178 return result;
179 }
180 EXPORT_SYMBOL(__ip_dev_find);
181
182 /* called under RCU lock */
inet_lookup_ifaddr_rcu(struct net * net,__be32 addr)183 struct in_ifaddr *inet_lookup_ifaddr_rcu(struct net *net, __be32 addr)
184 {
185 u32 hash = inet_addr_hash(net, addr);
186 struct in_ifaddr *ifa;
187
188 hlist_for_each_entry_rcu(ifa, &inet_addr_lst[hash], hash)
189 if (ifa->ifa_local == addr &&
190 net_eq(dev_net(ifa->ifa_dev->dev), net))
191 return ifa;
192
193 return NULL;
194 }
195
196 static void rtmsg_ifa(int event, struct in_ifaddr *, struct nlmsghdr *, u32);
197
198 static BLOCKING_NOTIFIER_HEAD(inetaddr_chain);
199 static BLOCKING_NOTIFIER_HEAD(inetaddr_validator_chain);
200 static void inet_del_ifa(struct in_device *in_dev,
201 struct in_ifaddr __rcu **ifap,
202 int destroy);
203 #ifdef CONFIG_SYSCTL
204 static int devinet_sysctl_register(struct in_device *idev);
205 static void devinet_sysctl_unregister(struct in_device *idev);
206 #else
devinet_sysctl_register(struct in_device * idev)207 static int devinet_sysctl_register(struct in_device *idev)
208 {
209 return 0;
210 }
devinet_sysctl_unregister(struct in_device * idev)211 static void devinet_sysctl_unregister(struct in_device *idev)
212 {
213 }
214 #endif
215
216 /* Locks all the inet devices. */
217
inet_alloc_ifa(void)218 static struct in_ifaddr *inet_alloc_ifa(void)
219 {
220 return kzalloc(sizeof(struct in_ifaddr), GFP_KERNEL_ACCOUNT);
221 }
222
inet_rcu_free_ifa(struct rcu_head * head)223 static void inet_rcu_free_ifa(struct rcu_head *head)
224 {
225 struct in_ifaddr *ifa = container_of(head, struct in_ifaddr, rcu_head);
226 if (ifa->ifa_dev)
227 in_dev_put(ifa->ifa_dev);
228 kfree(ifa);
229 }
230
inet_free_ifa(struct in_ifaddr * ifa)231 static void inet_free_ifa(struct in_ifaddr *ifa)
232 {
233 call_rcu(&ifa->rcu_head, inet_rcu_free_ifa);
234 }
235
in_dev_finish_destroy(struct in_device * idev)236 void in_dev_finish_destroy(struct in_device *idev)
237 {
238 struct net_device *dev = idev->dev;
239
240 WARN_ON(idev->ifa_list);
241 WARN_ON(idev->mc_list);
242 kfree(rcu_dereference_protected(idev->mc_hash, 1));
243 #ifdef NET_REFCNT_DEBUG
244 pr_debug("%s: %p=%s\n", __func__, idev, dev ? dev->name : "NIL");
245 #endif
246 dev_put(dev);
247 if (!idev->dead)
248 pr_err("Freeing alive in_device %p\n", idev);
249 else
250 kfree(idev);
251 }
252 EXPORT_SYMBOL(in_dev_finish_destroy);
253
inetdev_init(struct net_device * dev)254 static struct in_device *inetdev_init(struct net_device *dev)
255 {
256 struct in_device *in_dev;
257 int err = -ENOMEM;
258
259 ASSERT_RTNL();
260
261 in_dev = kzalloc(sizeof(*in_dev), GFP_KERNEL);
262 if (!in_dev)
263 goto out;
264 memcpy(&in_dev->cnf, dev_net(dev)->ipv4.devconf_dflt,
265 sizeof(in_dev->cnf));
266 in_dev->cnf.sysctl = NULL;
267 in_dev->dev = dev;
268 in_dev->arp_parms = neigh_parms_alloc(dev, &arp_tbl);
269 if (!in_dev->arp_parms)
270 goto out_kfree;
271 if (IPV4_DEVCONF(in_dev->cnf, FORWARDING))
272 dev_disable_lro(dev);
273 /* Reference in_dev->dev */
274 dev_hold(dev);
275 /* Account for reference dev->ip_ptr (below) */
276 refcount_set(&in_dev->refcnt, 1);
277
278 err = devinet_sysctl_register(in_dev);
279 if (err) {
280 in_dev->dead = 1;
281 neigh_parms_release(&arp_tbl, in_dev->arp_parms);
282 in_dev_put(in_dev);
283 in_dev = NULL;
284 goto out;
285 }
286 ip_mc_init_dev(in_dev);
287 if (dev->flags & IFF_UP)
288 ip_mc_up(in_dev);
289
290 /* we can receive as soon as ip_ptr is set -- do this last */
291 rcu_assign_pointer(dev->ip_ptr, in_dev);
292 out:
293 return in_dev ?: ERR_PTR(err);
294 out_kfree:
295 kfree(in_dev);
296 in_dev = NULL;
297 goto out;
298 }
299
in_dev_rcu_put(struct rcu_head * head)300 static void in_dev_rcu_put(struct rcu_head *head)
301 {
302 struct in_device *idev = container_of(head, struct in_device, rcu_head);
303 in_dev_put(idev);
304 }
305
inetdev_destroy(struct in_device * in_dev)306 static void inetdev_destroy(struct in_device *in_dev)
307 {
308 struct net_device *dev;
309 struct in_ifaddr *ifa;
310
311 ASSERT_RTNL();
312
313 dev = in_dev->dev;
314
315 in_dev->dead = 1;
316
317 ip_mc_destroy_dev(in_dev);
318
319 while ((ifa = rtnl_dereference(in_dev->ifa_list)) != NULL) {
320 inet_del_ifa(in_dev, &in_dev->ifa_list, 0);
321 inet_free_ifa(ifa);
322 }
323
324 RCU_INIT_POINTER(dev->ip_ptr, NULL);
325
326 devinet_sysctl_unregister(in_dev);
327 neigh_parms_release(&arp_tbl, in_dev->arp_parms);
328 arp_ifdown(dev);
329
330 call_rcu(&in_dev->rcu_head, in_dev_rcu_put);
331 }
332
inet_addr_onlink(struct in_device * in_dev,__be32 a,__be32 b)333 int inet_addr_onlink(struct in_device *in_dev, __be32 a, __be32 b)
334 {
335 const struct in_ifaddr *ifa;
336
337 rcu_read_lock();
338 in_dev_for_each_ifa_rcu(ifa, in_dev) {
339 if (inet_ifa_match(a, ifa)) {
340 if (!b || inet_ifa_match(b, ifa)) {
341 rcu_read_unlock();
342 return 1;
343 }
344 }
345 }
346 rcu_read_unlock();
347 return 0;
348 }
349
__inet_del_ifa(struct in_device * in_dev,struct in_ifaddr __rcu ** ifap,int destroy,struct nlmsghdr * nlh,u32 portid)350 static void __inet_del_ifa(struct in_device *in_dev,
351 struct in_ifaddr __rcu **ifap,
352 int destroy, struct nlmsghdr *nlh, u32 portid)
353 {
354 struct in_ifaddr *promote = NULL;
355 struct in_ifaddr *ifa, *ifa1;
356 struct in_ifaddr *last_prim;
357 struct in_ifaddr *prev_prom = NULL;
358 int do_promote = IN_DEV_PROMOTE_SECONDARIES(in_dev);
359
360 ASSERT_RTNL();
361
362 ifa1 = rtnl_dereference(*ifap);
363 last_prim = rtnl_dereference(in_dev->ifa_list);
364 if (in_dev->dead)
365 goto no_promotions;
366
367 /* 1. Deleting primary ifaddr forces deletion all secondaries
368 * unless alias promotion is set
369 **/
370
371 if (!(ifa1->ifa_flags & IFA_F_SECONDARY)) {
372 struct in_ifaddr __rcu **ifap1 = &ifa1->ifa_next;
373
374 while ((ifa = rtnl_dereference(*ifap1)) != NULL) {
375 if (!(ifa->ifa_flags & IFA_F_SECONDARY) &&
376 ifa1->ifa_scope <= ifa->ifa_scope)
377 last_prim = ifa;
378
379 if (!(ifa->ifa_flags & IFA_F_SECONDARY) ||
380 ifa1->ifa_mask != ifa->ifa_mask ||
381 !inet_ifa_match(ifa1->ifa_address, ifa)) {
382 ifap1 = &ifa->ifa_next;
383 prev_prom = ifa;
384 continue;
385 }
386
387 if (!do_promote) {
388 inet_hash_remove(ifa);
389 *ifap1 = ifa->ifa_next;
390
391 rtmsg_ifa(RTM_DELADDR, ifa, nlh, portid);
392 blocking_notifier_call_chain(&inetaddr_chain,
393 NETDEV_DOWN, ifa);
394 inet_free_ifa(ifa);
395 } else {
396 promote = ifa;
397 break;
398 }
399 }
400 }
401
402 /* On promotion all secondaries from subnet are changing
403 * the primary IP, we must remove all their routes silently
404 * and later to add them back with new prefsrc. Do this
405 * while all addresses are on the device list.
406 */
407 for (ifa = promote; ifa; ifa = rtnl_dereference(ifa->ifa_next)) {
408 if (ifa1->ifa_mask == ifa->ifa_mask &&
409 inet_ifa_match(ifa1->ifa_address, ifa))
410 fib_del_ifaddr(ifa, ifa1);
411 }
412
413 no_promotions:
414 /* 2. Unlink it */
415
416 *ifap = ifa1->ifa_next;
417 inet_hash_remove(ifa1);
418
419 /* 3. Announce address deletion */
420
421 /* Send message first, then call notifier.
422 At first sight, FIB update triggered by notifier
423 will refer to already deleted ifaddr, that could confuse
424 netlink listeners. It is not true: look, gated sees
425 that route deleted and if it still thinks that ifaddr
426 is valid, it will try to restore deleted routes... Grr.
427 So that, this order is correct.
428 */
429 rtmsg_ifa(RTM_DELADDR, ifa1, nlh, portid);
430 blocking_notifier_call_chain(&inetaddr_chain, NETDEV_DOWN, ifa1);
431
432 if (promote) {
433 struct in_ifaddr *next_sec;
434
435 next_sec = rtnl_dereference(promote->ifa_next);
436 if (prev_prom) {
437 struct in_ifaddr *last_sec;
438
439 rcu_assign_pointer(prev_prom->ifa_next, next_sec);
440
441 last_sec = rtnl_dereference(last_prim->ifa_next);
442 rcu_assign_pointer(promote->ifa_next, last_sec);
443 rcu_assign_pointer(last_prim->ifa_next, promote);
444 }
445
446 promote->ifa_flags &= ~IFA_F_SECONDARY;
447 rtmsg_ifa(RTM_NEWADDR, promote, nlh, portid);
448 blocking_notifier_call_chain(&inetaddr_chain,
449 NETDEV_UP, promote);
450 for (ifa = next_sec; ifa;
451 ifa = rtnl_dereference(ifa->ifa_next)) {
452 if (ifa1->ifa_mask != ifa->ifa_mask ||
453 !inet_ifa_match(ifa1->ifa_address, ifa))
454 continue;
455 fib_add_ifaddr(ifa);
456 }
457
458 }
459 if (destroy)
460 inet_free_ifa(ifa1);
461 }
462
inet_del_ifa(struct in_device * in_dev,struct in_ifaddr __rcu ** ifap,int destroy)463 static void inet_del_ifa(struct in_device *in_dev,
464 struct in_ifaddr __rcu **ifap,
465 int destroy)
466 {
467 __inet_del_ifa(in_dev, ifap, destroy, NULL, 0);
468 }
469
470 static void check_lifetime(struct work_struct *work);
471
472 static DECLARE_DELAYED_WORK(check_lifetime_work, check_lifetime);
473
__inet_insert_ifa(struct in_ifaddr * ifa,struct nlmsghdr * nlh,u32 portid,struct netlink_ext_ack * extack)474 static int __inet_insert_ifa(struct in_ifaddr *ifa, struct nlmsghdr *nlh,
475 u32 portid, struct netlink_ext_ack *extack)
476 {
477 struct in_ifaddr __rcu **last_primary, **ifap;
478 struct in_device *in_dev = ifa->ifa_dev;
479 struct in_validator_info ivi;
480 struct in_ifaddr *ifa1;
481 int ret;
482
483 ASSERT_RTNL();
484
485 if (!ifa->ifa_local) {
486 inet_free_ifa(ifa);
487 return 0;
488 }
489
490 ifa->ifa_flags &= ~IFA_F_SECONDARY;
491 last_primary = &in_dev->ifa_list;
492
493 /* Don't set IPv6 only flags to IPv4 addresses */
494 ifa->ifa_flags &= ~IPV6ONLY_FLAGS;
495
496 ifap = &in_dev->ifa_list;
497 ifa1 = rtnl_dereference(*ifap);
498
499 while (ifa1) {
500 if (!(ifa1->ifa_flags & IFA_F_SECONDARY) &&
501 ifa->ifa_scope <= ifa1->ifa_scope)
502 last_primary = &ifa1->ifa_next;
503 if (ifa1->ifa_mask == ifa->ifa_mask &&
504 inet_ifa_match(ifa1->ifa_address, ifa)) {
505 if (ifa1->ifa_local == ifa->ifa_local) {
506 inet_free_ifa(ifa);
507 return -EEXIST;
508 }
509 if (ifa1->ifa_scope != ifa->ifa_scope) {
510 inet_free_ifa(ifa);
511 return -EINVAL;
512 }
513 ifa->ifa_flags |= IFA_F_SECONDARY;
514 }
515
516 ifap = &ifa1->ifa_next;
517 ifa1 = rtnl_dereference(*ifap);
518 }
519
520 /* Allow any devices that wish to register ifaddr validtors to weigh
521 * in now, before changes are committed. The rntl lock is serializing
522 * access here, so the state should not change between a validator call
523 * and a final notify on commit. This isn't invoked on promotion under
524 * the assumption that validators are checking the address itself, and
525 * not the flags.
526 */
527 ivi.ivi_addr = ifa->ifa_address;
528 ivi.ivi_dev = ifa->ifa_dev;
529 ivi.extack = extack;
530 ret = blocking_notifier_call_chain(&inetaddr_validator_chain,
531 NETDEV_UP, &ivi);
532 ret = notifier_to_errno(ret);
533 if (ret) {
534 inet_free_ifa(ifa);
535 return ret;
536 }
537
538 if (!(ifa->ifa_flags & IFA_F_SECONDARY)) {
539 prandom_seed((__force u32) ifa->ifa_local);
540 ifap = last_primary;
541 }
542
543 rcu_assign_pointer(ifa->ifa_next, *ifap);
544 rcu_assign_pointer(*ifap, ifa);
545
546 inet_hash_insert(dev_net(in_dev->dev), ifa);
547
548 cancel_delayed_work(&check_lifetime_work);
549 queue_delayed_work(system_power_efficient_wq, &check_lifetime_work, 0);
550
551 /* Send message first, then call notifier.
552 Notifier will trigger FIB update, so that
553 listeners of netlink will know about new ifaddr */
554 rtmsg_ifa(RTM_NEWADDR, ifa, nlh, portid);
555 blocking_notifier_call_chain(&inetaddr_chain, NETDEV_UP, ifa);
556
557 return 0;
558 }
559
inet_insert_ifa(struct in_ifaddr * ifa)560 static int inet_insert_ifa(struct in_ifaddr *ifa)
561 {
562 return __inet_insert_ifa(ifa, NULL, 0, NULL);
563 }
564
inet_set_ifa(struct net_device * dev,struct in_ifaddr * ifa)565 static int inet_set_ifa(struct net_device *dev, struct in_ifaddr *ifa)
566 {
567 struct in_device *in_dev = __in_dev_get_rtnl(dev);
568
569 ASSERT_RTNL();
570
571 if (!in_dev) {
572 inet_free_ifa(ifa);
573 return -ENOBUFS;
574 }
575 ipv4_devconf_setall(in_dev);
576 neigh_parms_data_state_setall(in_dev->arp_parms);
577 if (ifa->ifa_dev != in_dev) {
578 WARN_ON(ifa->ifa_dev);
579 in_dev_hold(in_dev);
580 ifa->ifa_dev = in_dev;
581 }
582 if (ipv4_is_loopback(ifa->ifa_local))
583 ifa->ifa_scope = RT_SCOPE_HOST;
584 return inet_insert_ifa(ifa);
585 }
586
587 /* Caller must hold RCU or RTNL :
588 * We dont take a reference on found in_device
589 */
inetdev_by_index(struct net * net,int ifindex)590 struct in_device *inetdev_by_index(struct net *net, int ifindex)
591 {
592 struct net_device *dev;
593 struct in_device *in_dev = NULL;
594
595 rcu_read_lock();
596 dev = dev_get_by_index_rcu(net, ifindex);
597 if (dev)
598 in_dev = rcu_dereference_rtnl(dev->ip_ptr);
599 rcu_read_unlock();
600 return in_dev;
601 }
602 EXPORT_SYMBOL(inetdev_by_index);
603
604 /* Called only from RTNL semaphored context. No locks. */
605
inet_ifa_byprefix(struct in_device * in_dev,__be32 prefix,__be32 mask)606 struct in_ifaddr *inet_ifa_byprefix(struct in_device *in_dev, __be32 prefix,
607 __be32 mask)
608 {
609 struct in_ifaddr *ifa;
610
611 ASSERT_RTNL();
612
613 in_dev_for_each_ifa_rtnl(ifa, in_dev) {
614 if (ifa->ifa_mask == mask && inet_ifa_match(prefix, ifa))
615 return ifa;
616 }
617 return NULL;
618 }
619
ip_mc_autojoin_config(struct net * net,bool join,const struct in_ifaddr * ifa)620 static int ip_mc_autojoin_config(struct net *net, bool join,
621 const struct in_ifaddr *ifa)
622 {
623 #if defined(CONFIG_IP_MULTICAST)
624 struct ip_mreqn mreq = {
625 .imr_multiaddr.s_addr = ifa->ifa_address,
626 .imr_ifindex = ifa->ifa_dev->dev->ifindex,
627 };
628 struct sock *sk = net->ipv4.mc_autojoin_sk;
629 int ret;
630
631 ASSERT_RTNL();
632
633 lock_sock(sk);
634 if (join)
635 ret = ip_mc_join_group(sk, &mreq);
636 else
637 ret = ip_mc_leave_group(sk, &mreq);
638 release_sock(sk);
639
640 return ret;
641 #else
642 return -EOPNOTSUPP;
643 #endif
644 }
645
inet_rtm_deladdr(struct sk_buff * skb,struct nlmsghdr * nlh,struct netlink_ext_ack * extack)646 static int inet_rtm_deladdr(struct sk_buff *skb, struct nlmsghdr *nlh,
647 struct netlink_ext_ack *extack)
648 {
649 struct net *net = sock_net(skb->sk);
650 struct in_ifaddr __rcu **ifap;
651 struct nlattr *tb[IFA_MAX+1];
652 struct in_device *in_dev;
653 struct ifaddrmsg *ifm;
654 struct in_ifaddr *ifa;
655 int err;
656
657 ASSERT_RTNL();
658
659 err = nlmsg_parse_deprecated(nlh, sizeof(*ifm), tb, IFA_MAX,
660 ifa_ipv4_policy, extack);
661 if (err < 0)
662 goto errout;
663
664 ifm = nlmsg_data(nlh);
665 in_dev = inetdev_by_index(net, ifm->ifa_index);
666 if (!in_dev) {
667 err = -ENODEV;
668 goto errout;
669 }
670
671 for (ifap = &in_dev->ifa_list; (ifa = rtnl_dereference(*ifap)) != NULL;
672 ifap = &ifa->ifa_next) {
673 if (tb[IFA_LOCAL] &&
674 ifa->ifa_local != nla_get_in_addr(tb[IFA_LOCAL]))
675 continue;
676
677 if (tb[IFA_LABEL] && nla_strcmp(tb[IFA_LABEL], ifa->ifa_label))
678 continue;
679
680 if (tb[IFA_ADDRESS] &&
681 (ifm->ifa_prefixlen != ifa->ifa_prefixlen ||
682 !inet_ifa_match(nla_get_in_addr(tb[IFA_ADDRESS]), ifa)))
683 continue;
684
685 if (ipv4_is_multicast(ifa->ifa_address))
686 ip_mc_autojoin_config(net, false, ifa);
687 __inet_del_ifa(in_dev, ifap, 1, nlh, NETLINK_CB(skb).portid);
688 return 0;
689 }
690
691 err = -EADDRNOTAVAIL;
692 errout:
693 return err;
694 }
695
696 #define INFINITY_LIFE_TIME 0xFFFFFFFF
697
check_lifetime(struct work_struct * work)698 static void check_lifetime(struct work_struct *work)
699 {
700 unsigned long now, next, next_sec, next_sched;
701 struct in_ifaddr *ifa;
702 struct hlist_node *n;
703 int i;
704
705 now = jiffies;
706 next = round_jiffies_up(now + ADDR_CHECK_FREQUENCY);
707
708 for (i = 0; i < IN4_ADDR_HSIZE; i++) {
709 bool change_needed = false;
710
711 rcu_read_lock();
712 hlist_for_each_entry_rcu(ifa, &inet_addr_lst[i], hash) {
713 unsigned long age;
714
715 if (ifa->ifa_flags & IFA_F_PERMANENT)
716 continue;
717
718 /* We try to batch several events at once. */
719 age = (now - ifa->ifa_tstamp +
720 ADDRCONF_TIMER_FUZZ_MINUS) / HZ;
721
722 if (ifa->ifa_valid_lft != INFINITY_LIFE_TIME &&
723 age >= ifa->ifa_valid_lft) {
724 change_needed = true;
725 } else if (ifa->ifa_preferred_lft ==
726 INFINITY_LIFE_TIME) {
727 continue;
728 } else if (age >= ifa->ifa_preferred_lft) {
729 if (time_before(ifa->ifa_tstamp +
730 ifa->ifa_valid_lft * HZ, next))
731 next = ifa->ifa_tstamp +
732 ifa->ifa_valid_lft * HZ;
733
734 if (!(ifa->ifa_flags & IFA_F_DEPRECATED))
735 change_needed = true;
736 } else if (time_before(ifa->ifa_tstamp +
737 ifa->ifa_preferred_lft * HZ,
738 next)) {
739 next = ifa->ifa_tstamp +
740 ifa->ifa_preferred_lft * HZ;
741 }
742 }
743 rcu_read_unlock();
744 if (!change_needed)
745 continue;
746 rtnl_lock();
747 hlist_for_each_entry_safe(ifa, n, &inet_addr_lst[i], hash) {
748 unsigned long age;
749
750 if (ifa->ifa_flags & IFA_F_PERMANENT)
751 continue;
752
753 /* We try to batch several events at once. */
754 age = (now - ifa->ifa_tstamp +
755 ADDRCONF_TIMER_FUZZ_MINUS) / HZ;
756
757 if (ifa->ifa_valid_lft != INFINITY_LIFE_TIME &&
758 age >= ifa->ifa_valid_lft) {
759 struct in_ifaddr __rcu **ifap;
760 struct in_ifaddr *tmp;
761
762 ifap = &ifa->ifa_dev->ifa_list;
763 tmp = rtnl_dereference(*ifap);
764 while (tmp) {
765 if (tmp == ifa) {
766 inet_del_ifa(ifa->ifa_dev,
767 ifap, 1);
768 break;
769 }
770 ifap = &tmp->ifa_next;
771 tmp = rtnl_dereference(*ifap);
772 }
773 } else if (ifa->ifa_preferred_lft !=
774 INFINITY_LIFE_TIME &&
775 age >= ifa->ifa_preferred_lft &&
776 !(ifa->ifa_flags & IFA_F_DEPRECATED)) {
777 ifa->ifa_flags |= IFA_F_DEPRECATED;
778 rtmsg_ifa(RTM_NEWADDR, ifa, NULL, 0);
779 }
780 }
781 rtnl_unlock();
782 }
783
784 next_sec = round_jiffies_up(next);
785 next_sched = next;
786
787 /* If rounded timeout is accurate enough, accept it. */
788 if (time_before(next_sec, next + ADDRCONF_TIMER_FUZZ))
789 next_sched = next_sec;
790
791 now = jiffies;
792 /* And minimum interval is ADDRCONF_TIMER_FUZZ_MAX. */
793 if (time_before(next_sched, now + ADDRCONF_TIMER_FUZZ_MAX))
794 next_sched = now + ADDRCONF_TIMER_FUZZ_MAX;
795
796 queue_delayed_work(system_power_efficient_wq, &check_lifetime_work,
797 next_sched - now);
798 }
799
set_ifa_lifetime(struct in_ifaddr * ifa,__u32 valid_lft,__u32 prefered_lft)800 static void set_ifa_lifetime(struct in_ifaddr *ifa, __u32 valid_lft,
801 __u32 prefered_lft)
802 {
803 unsigned long timeout;
804
805 ifa->ifa_flags &= ~(IFA_F_PERMANENT | IFA_F_DEPRECATED);
806
807 timeout = addrconf_timeout_fixup(valid_lft, HZ);
808 if (addrconf_finite_timeout(timeout))
809 ifa->ifa_valid_lft = timeout;
810 else
811 ifa->ifa_flags |= IFA_F_PERMANENT;
812
813 timeout = addrconf_timeout_fixup(prefered_lft, HZ);
814 if (addrconf_finite_timeout(timeout)) {
815 if (timeout == 0)
816 ifa->ifa_flags |= IFA_F_DEPRECATED;
817 ifa->ifa_preferred_lft = timeout;
818 }
819 ifa->ifa_tstamp = jiffies;
820 if (!ifa->ifa_cstamp)
821 ifa->ifa_cstamp = ifa->ifa_tstamp;
822 }
823
rtm_to_ifaddr(struct net * net,struct nlmsghdr * nlh,__u32 * pvalid_lft,__u32 * pprefered_lft,struct netlink_ext_ack * extack)824 static struct in_ifaddr *rtm_to_ifaddr(struct net *net, struct nlmsghdr *nlh,
825 __u32 *pvalid_lft, __u32 *pprefered_lft,
826 struct netlink_ext_ack *extack)
827 {
828 struct nlattr *tb[IFA_MAX+1];
829 struct in_ifaddr *ifa;
830 struct ifaddrmsg *ifm;
831 struct net_device *dev;
832 struct in_device *in_dev;
833 int err;
834
835 err = nlmsg_parse_deprecated(nlh, sizeof(*ifm), tb, IFA_MAX,
836 ifa_ipv4_policy, extack);
837 if (err < 0)
838 goto errout;
839
840 ifm = nlmsg_data(nlh);
841 err = -EINVAL;
842 if (ifm->ifa_prefixlen > 32 || !tb[IFA_LOCAL])
843 goto errout;
844
845 dev = __dev_get_by_index(net, ifm->ifa_index);
846 err = -ENODEV;
847 if (!dev)
848 goto errout;
849
850 in_dev = __in_dev_get_rtnl(dev);
851 err = -ENOBUFS;
852 if (!in_dev)
853 goto errout;
854
855 ifa = inet_alloc_ifa();
856 if (!ifa)
857 /*
858 * A potential indev allocation can be left alive, it stays
859 * assigned to its device and is destroy with it.
860 */
861 goto errout;
862
863 ipv4_devconf_setall(in_dev);
864 neigh_parms_data_state_setall(in_dev->arp_parms);
865 in_dev_hold(in_dev);
866
867 if (!tb[IFA_ADDRESS])
868 tb[IFA_ADDRESS] = tb[IFA_LOCAL];
869
870 INIT_HLIST_NODE(&ifa->hash);
871 ifa->ifa_prefixlen = ifm->ifa_prefixlen;
872 ifa->ifa_mask = inet_make_mask(ifm->ifa_prefixlen);
873 ifa->ifa_flags = tb[IFA_FLAGS] ? nla_get_u32(tb[IFA_FLAGS]) :
874 ifm->ifa_flags;
875 ifa->ifa_scope = ifm->ifa_scope;
876 ifa->ifa_dev = in_dev;
877
878 ifa->ifa_local = nla_get_in_addr(tb[IFA_LOCAL]);
879 ifa->ifa_address = nla_get_in_addr(tb[IFA_ADDRESS]);
880
881 if (tb[IFA_BROADCAST])
882 ifa->ifa_broadcast = nla_get_in_addr(tb[IFA_BROADCAST]);
883
884 if (tb[IFA_LABEL])
885 nla_strscpy(ifa->ifa_label, tb[IFA_LABEL], IFNAMSIZ);
886 else
887 memcpy(ifa->ifa_label, dev->name, IFNAMSIZ);
888
889 if (tb[IFA_RT_PRIORITY])
890 ifa->ifa_rt_priority = nla_get_u32(tb[IFA_RT_PRIORITY]);
891
892 if (tb[IFA_CACHEINFO]) {
893 struct ifa_cacheinfo *ci;
894
895 ci = nla_data(tb[IFA_CACHEINFO]);
896 if (!ci->ifa_valid || ci->ifa_prefered > ci->ifa_valid) {
897 err = -EINVAL;
898 goto errout_free;
899 }
900 *pvalid_lft = ci->ifa_valid;
901 *pprefered_lft = ci->ifa_prefered;
902 }
903
904 return ifa;
905
906 errout_free:
907 inet_free_ifa(ifa);
908 errout:
909 return ERR_PTR(err);
910 }
911
find_matching_ifa(struct in_ifaddr * ifa)912 static struct in_ifaddr *find_matching_ifa(struct in_ifaddr *ifa)
913 {
914 struct in_device *in_dev = ifa->ifa_dev;
915 struct in_ifaddr *ifa1;
916
917 if (!ifa->ifa_local)
918 return NULL;
919
920 in_dev_for_each_ifa_rtnl(ifa1, in_dev) {
921 if (ifa1->ifa_mask == ifa->ifa_mask &&
922 inet_ifa_match(ifa1->ifa_address, ifa) &&
923 ifa1->ifa_local == ifa->ifa_local)
924 return ifa1;
925 }
926 return NULL;
927 }
928
inet_rtm_newaddr(struct sk_buff * skb,struct nlmsghdr * nlh,struct netlink_ext_ack * extack)929 static int inet_rtm_newaddr(struct sk_buff *skb, struct nlmsghdr *nlh,
930 struct netlink_ext_ack *extack)
931 {
932 struct net *net = sock_net(skb->sk);
933 struct in_ifaddr *ifa;
934 struct in_ifaddr *ifa_existing;
935 __u32 valid_lft = INFINITY_LIFE_TIME;
936 __u32 prefered_lft = INFINITY_LIFE_TIME;
937
938 ASSERT_RTNL();
939
940 ifa = rtm_to_ifaddr(net, nlh, &valid_lft, &prefered_lft, extack);
941 if (IS_ERR(ifa))
942 return PTR_ERR(ifa);
943
944 ifa_existing = find_matching_ifa(ifa);
945 if (!ifa_existing) {
946 /* It would be best to check for !NLM_F_CREATE here but
947 * userspace already relies on not having to provide this.
948 */
949 set_ifa_lifetime(ifa, valid_lft, prefered_lft);
950 if (ifa->ifa_flags & IFA_F_MCAUTOJOIN) {
951 int ret = ip_mc_autojoin_config(net, true, ifa);
952
953 if (ret < 0) {
954 inet_free_ifa(ifa);
955 return ret;
956 }
957 }
958 return __inet_insert_ifa(ifa, nlh, NETLINK_CB(skb).portid,
959 extack);
960 } else {
961 u32 new_metric = ifa->ifa_rt_priority;
962
963 inet_free_ifa(ifa);
964
965 if (nlh->nlmsg_flags & NLM_F_EXCL ||
966 !(nlh->nlmsg_flags & NLM_F_REPLACE))
967 return -EEXIST;
968 ifa = ifa_existing;
969
970 if (ifa->ifa_rt_priority != new_metric) {
971 fib_modify_prefix_metric(ifa, new_metric);
972 ifa->ifa_rt_priority = new_metric;
973 }
974
975 set_ifa_lifetime(ifa, valid_lft, prefered_lft);
976 cancel_delayed_work(&check_lifetime_work);
977 queue_delayed_work(system_power_efficient_wq,
978 &check_lifetime_work, 0);
979 rtmsg_ifa(RTM_NEWADDR, ifa, nlh, NETLINK_CB(skb).portid);
980 }
981 return 0;
982 }
983
984 /*
985 * Determine a default network mask, based on the IP address.
986 */
987
inet_abc_len(__be32 addr)988 static int inet_abc_len(__be32 addr)
989 {
990 int rc = -1; /* Something else, probably a multicast. */
991
992 if (ipv4_is_zeronet(addr) || ipv4_is_lbcast(addr))
993 rc = 0;
994 else {
995 __u32 haddr = ntohl(addr);
996 if (IN_CLASSA(haddr))
997 rc = 8;
998 else if (IN_CLASSB(haddr))
999 rc = 16;
1000 else if (IN_CLASSC(haddr))
1001 rc = 24;
1002 else if (IN_CLASSE(haddr))
1003 rc = 32;
1004 }
1005
1006 return rc;
1007 }
1008
1009
devinet_ioctl(struct net * net,unsigned int cmd,struct ifreq * ifr)1010 int devinet_ioctl(struct net *net, unsigned int cmd, struct ifreq *ifr)
1011 {
1012 struct sockaddr_in sin_orig;
1013 struct sockaddr_in *sin = (struct sockaddr_in *)&ifr->ifr_addr;
1014 struct in_ifaddr __rcu **ifap = NULL;
1015 struct in_device *in_dev;
1016 struct in_ifaddr *ifa = NULL;
1017 struct net_device *dev;
1018 char *colon;
1019 int ret = -EFAULT;
1020 int tryaddrmatch = 0;
1021
1022 ifr->ifr_name[IFNAMSIZ - 1] = 0;
1023
1024 /* save original address for comparison */
1025 memcpy(&sin_orig, sin, sizeof(*sin));
1026
1027 colon = strchr(ifr->ifr_name, ':');
1028 if (colon)
1029 *colon = 0;
1030
1031 dev_load(net, ifr->ifr_name);
1032
1033 switch (cmd) {
1034 case SIOCGIFADDR: /* Get interface address */
1035 case SIOCGIFBRDADDR: /* Get the broadcast address */
1036 case SIOCGIFDSTADDR: /* Get the destination address */
1037 case SIOCGIFNETMASK: /* Get the netmask for the interface */
1038 /* Note that these ioctls will not sleep,
1039 so that we do not impose a lock.
1040 One day we will be forced to put shlock here (I mean SMP)
1041 */
1042 tryaddrmatch = (sin_orig.sin_family == AF_INET);
1043 memset(sin, 0, sizeof(*sin));
1044 sin->sin_family = AF_INET;
1045 break;
1046
1047 case SIOCSIFFLAGS:
1048 ret = -EPERM;
1049 if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
1050 goto out;
1051 break;
1052 case SIOCSIFADDR: /* Set interface address (and family) */
1053 case SIOCSIFBRDADDR: /* Set the broadcast address */
1054 case SIOCSIFDSTADDR: /* Set the destination address */
1055 case SIOCSIFNETMASK: /* Set the netmask for the interface */
1056 ret = -EPERM;
1057 if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
1058 goto out;
1059 ret = -EINVAL;
1060 if (sin->sin_family != AF_INET)
1061 goto out;
1062 break;
1063 default:
1064 ret = -EINVAL;
1065 goto out;
1066 }
1067
1068 rtnl_lock();
1069
1070 ret = -ENODEV;
1071 dev = __dev_get_by_name(net, ifr->ifr_name);
1072 if (!dev)
1073 goto done;
1074
1075 if (colon)
1076 *colon = ':';
1077
1078 in_dev = __in_dev_get_rtnl(dev);
1079 if (in_dev) {
1080 if (tryaddrmatch) {
1081 /* Matthias Andree */
1082 /* compare label and address (4.4BSD style) */
1083 /* note: we only do this for a limited set of ioctls
1084 and only if the original address family was AF_INET.
1085 This is checked above. */
1086
1087 for (ifap = &in_dev->ifa_list;
1088 (ifa = rtnl_dereference(*ifap)) != NULL;
1089 ifap = &ifa->ifa_next) {
1090 if (!strcmp(ifr->ifr_name, ifa->ifa_label) &&
1091 sin_orig.sin_addr.s_addr ==
1092 ifa->ifa_local) {
1093 break; /* found */
1094 }
1095 }
1096 }
1097 /* we didn't get a match, maybe the application is
1098 4.3BSD-style and passed in junk so we fall back to
1099 comparing just the label */
1100 if (!ifa) {
1101 for (ifap = &in_dev->ifa_list;
1102 (ifa = rtnl_dereference(*ifap)) != NULL;
1103 ifap = &ifa->ifa_next)
1104 if (!strcmp(ifr->ifr_name, ifa->ifa_label))
1105 break;
1106 }
1107 }
1108
1109 ret = -EADDRNOTAVAIL;
1110 if (!ifa && cmd != SIOCSIFADDR && cmd != SIOCSIFFLAGS)
1111 goto done;
1112
1113 switch (cmd) {
1114 case SIOCGIFADDR: /* Get interface address */
1115 ret = 0;
1116 sin->sin_addr.s_addr = ifa->ifa_local;
1117 break;
1118
1119 case SIOCGIFBRDADDR: /* Get the broadcast address */
1120 ret = 0;
1121 sin->sin_addr.s_addr = ifa->ifa_broadcast;
1122 break;
1123
1124 case SIOCGIFDSTADDR: /* Get the destination address */
1125 ret = 0;
1126 sin->sin_addr.s_addr = ifa->ifa_address;
1127 break;
1128
1129 case SIOCGIFNETMASK: /* Get the netmask for the interface */
1130 ret = 0;
1131 sin->sin_addr.s_addr = ifa->ifa_mask;
1132 break;
1133
1134 case SIOCSIFFLAGS:
1135 if (colon) {
1136 ret = -EADDRNOTAVAIL;
1137 if (!ifa)
1138 break;
1139 ret = 0;
1140 if (!(ifr->ifr_flags & IFF_UP))
1141 inet_del_ifa(in_dev, ifap, 1);
1142 break;
1143 }
1144 ret = dev_change_flags(dev, ifr->ifr_flags, NULL);
1145 break;
1146
1147 case SIOCSIFADDR: /* Set interface address (and family) */
1148 ret = -EINVAL;
1149 if (inet_abc_len(sin->sin_addr.s_addr) < 0)
1150 break;
1151
1152 if (!ifa) {
1153 ret = -ENOBUFS;
1154 ifa = inet_alloc_ifa();
1155 if (!ifa)
1156 break;
1157 INIT_HLIST_NODE(&ifa->hash);
1158 if (colon)
1159 memcpy(ifa->ifa_label, ifr->ifr_name, IFNAMSIZ);
1160 else
1161 memcpy(ifa->ifa_label, dev->name, IFNAMSIZ);
1162 } else {
1163 ret = 0;
1164 if (ifa->ifa_local == sin->sin_addr.s_addr)
1165 break;
1166 inet_del_ifa(in_dev, ifap, 0);
1167 ifa->ifa_broadcast = 0;
1168 ifa->ifa_scope = 0;
1169 }
1170
1171 ifa->ifa_address = ifa->ifa_local = sin->sin_addr.s_addr;
1172
1173 if (!(dev->flags & IFF_POINTOPOINT)) {
1174 ifa->ifa_prefixlen = inet_abc_len(ifa->ifa_address);
1175 ifa->ifa_mask = inet_make_mask(ifa->ifa_prefixlen);
1176 if ((dev->flags & IFF_BROADCAST) &&
1177 ifa->ifa_prefixlen < 31)
1178 ifa->ifa_broadcast = ifa->ifa_address |
1179 ~ifa->ifa_mask;
1180 } else {
1181 ifa->ifa_prefixlen = 32;
1182 ifa->ifa_mask = inet_make_mask(32);
1183 }
1184 set_ifa_lifetime(ifa, INFINITY_LIFE_TIME, INFINITY_LIFE_TIME);
1185 ret = inet_set_ifa(dev, ifa);
1186 break;
1187
1188 case SIOCSIFBRDADDR: /* Set the broadcast address */
1189 ret = 0;
1190 if (ifa->ifa_broadcast != sin->sin_addr.s_addr) {
1191 inet_del_ifa(in_dev, ifap, 0);
1192 ifa->ifa_broadcast = sin->sin_addr.s_addr;
1193 inet_insert_ifa(ifa);
1194 }
1195 break;
1196
1197 case SIOCSIFDSTADDR: /* Set the destination address */
1198 ret = 0;
1199 if (ifa->ifa_address == sin->sin_addr.s_addr)
1200 break;
1201 ret = -EINVAL;
1202 if (inet_abc_len(sin->sin_addr.s_addr) < 0)
1203 break;
1204 ret = 0;
1205 inet_del_ifa(in_dev, ifap, 0);
1206 ifa->ifa_address = sin->sin_addr.s_addr;
1207 inet_insert_ifa(ifa);
1208 break;
1209
1210 case SIOCSIFNETMASK: /* Set the netmask for the interface */
1211
1212 /*
1213 * The mask we set must be legal.
1214 */
1215 ret = -EINVAL;
1216 if (bad_mask(sin->sin_addr.s_addr, 0))
1217 break;
1218 ret = 0;
1219 if (ifa->ifa_mask != sin->sin_addr.s_addr) {
1220 __be32 old_mask = ifa->ifa_mask;
1221 inet_del_ifa(in_dev, ifap, 0);
1222 ifa->ifa_mask = sin->sin_addr.s_addr;
1223 ifa->ifa_prefixlen = inet_mask_len(ifa->ifa_mask);
1224
1225 /* See if current broadcast address matches
1226 * with current netmask, then recalculate
1227 * the broadcast address. Otherwise it's a
1228 * funny address, so don't touch it since
1229 * the user seems to know what (s)he's doing...
1230 */
1231 if ((dev->flags & IFF_BROADCAST) &&
1232 (ifa->ifa_prefixlen < 31) &&
1233 (ifa->ifa_broadcast ==
1234 (ifa->ifa_local|~old_mask))) {
1235 ifa->ifa_broadcast = (ifa->ifa_local |
1236 ~sin->sin_addr.s_addr);
1237 }
1238 inet_insert_ifa(ifa);
1239 }
1240 break;
1241 }
1242 done:
1243 rtnl_unlock();
1244 out:
1245 return ret;
1246 }
1247
inet_gifconf(struct net_device * dev,char __user * buf,int len,int size)1248 int inet_gifconf(struct net_device *dev, char __user *buf, int len, int size)
1249 {
1250 struct in_device *in_dev = __in_dev_get_rtnl(dev);
1251 const struct in_ifaddr *ifa;
1252 struct ifreq ifr;
1253 int done = 0;
1254
1255 if (WARN_ON(size > sizeof(struct ifreq)))
1256 goto out;
1257
1258 if (!in_dev)
1259 goto out;
1260
1261 in_dev_for_each_ifa_rtnl(ifa, in_dev) {
1262 if (!buf) {
1263 done += size;
1264 continue;
1265 }
1266 if (len < size)
1267 break;
1268 memset(&ifr, 0, sizeof(struct ifreq));
1269 strcpy(ifr.ifr_name, ifa->ifa_label);
1270
1271 (*(struct sockaddr_in *)&ifr.ifr_addr).sin_family = AF_INET;
1272 (*(struct sockaddr_in *)&ifr.ifr_addr).sin_addr.s_addr =
1273 ifa->ifa_local;
1274
1275 if (copy_to_user(buf + done, &ifr, size)) {
1276 done = -EFAULT;
1277 break;
1278 }
1279 len -= size;
1280 done += size;
1281 }
1282 out:
1283 return done;
1284 }
1285
in_dev_select_addr(const struct in_device * in_dev,int scope)1286 static __be32 in_dev_select_addr(const struct in_device *in_dev,
1287 int scope)
1288 {
1289 const struct in_ifaddr *ifa;
1290
1291 in_dev_for_each_ifa_rcu(ifa, in_dev) {
1292 if (ifa->ifa_flags & IFA_F_SECONDARY)
1293 continue;
1294 if (ifa->ifa_scope != RT_SCOPE_LINK &&
1295 ifa->ifa_scope <= scope)
1296 return ifa->ifa_local;
1297 }
1298
1299 return 0;
1300 }
1301
inet_select_addr(const struct net_device * dev,__be32 dst,int scope)1302 __be32 inet_select_addr(const struct net_device *dev, __be32 dst, int scope)
1303 {
1304 const struct in_ifaddr *ifa;
1305 __be32 addr = 0;
1306 unsigned char localnet_scope = RT_SCOPE_HOST;
1307 struct in_device *in_dev;
1308 struct net *net = dev_net(dev);
1309 int master_idx;
1310
1311 rcu_read_lock();
1312 in_dev = __in_dev_get_rcu(dev);
1313 if (!in_dev)
1314 goto no_in_dev;
1315
1316 if (unlikely(IN_DEV_ROUTE_LOCALNET(in_dev)))
1317 localnet_scope = RT_SCOPE_LINK;
1318
1319 in_dev_for_each_ifa_rcu(ifa, in_dev) {
1320 if (ifa->ifa_flags & IFA_F_SECONDARY)
1321 continue;
1322 if (min(ifa->ifa_scope, localnet_scope) > scope)
1323 continue;
1324 if (!dst || inet_ifa_match(dst, ifa)) {
1325 addr = ifa->ifa_local;
1326 break;
1327 }
1328 if (!addr)
1329 addr = ifa->ifa_local;
1330 }
1331
1332 if (addr)
1333 goto out_unlock;
1334 no_in_dev:
1335 master_idx = l3mdev_master_ifindex_rcu(dev);
1336
1337 /* For VRFs, the VRF device takes the place of the loopback device,
1338 * with addresses on it being preferred. Note in such cases the
1339 * loopback device will be among the devices that fail the master_idx
1340 * equality check in the loop below.
1341 */
1342 if (master_idx &&
1343 (dev = dev_get_by_index_rcu(net, master_idx)) &&
1344 (in_dev = __in_dev_get_rcu(dev))) {
1345 addr = in_dev_select_addr(in_dev, scope);
1346 if (addr)
1347 goto out_unlock;
1348 }
1349
1350 /* Not loopback addresses on loopback should be preferred
1351 in this case. It is important that lo is the first interface
1352 in dev_base list.
1353 */
1354 for_each_netdev_rcu(net, dev) {
1355 if (l3mdev_master_ifindex_rcu(dev) != master_idx)
1356 continue;
1357
1358 in_dev = __in_dev_get_rcu(dev);
1359 if (!in_dev)
1360 continue;
1361
1362 addr = in_dev_select_addr(in_dev, scope);
1363 if (addr)
1364 goto out_unlock;
1365 }
1366 out_unlock:
1367 rcu_read_unlock();
1368 return addr;
1369 }
1370 EXPORT_SYMBOL(inet_select_addr);
1371
confirm_addr_indev(struct in_device * in_dev,__be32 dst,__be32 local,int scope)1372 static __be32 confirm_addr_indev(struct in_device *in_dev, __be32 dst,
1373 __be32 local, int scope)
1374 {
1375 unsigned char localnet_scope = RT_SCOPE_HOST;
1376 const struct in_ifaddr *ifa;
1377 __be32 addr = 0;
1378 int same = 0;
1379
1380 if (unlikely(IN_DEV_ROUTE_LOCALNET(in_dev)))
1381 localnet_scope = RT_SCOPE_LINK;
1382
1383 in_dev_for_each_ifa_rcu(ifa, in_dev) {
1384 unsigned char min_scope = min(ifa->ifa_scope, localnet_scope);
1385
1386 if (!addr &&
1387 (local == ifa->ifa_local || !local) &&
1388 min_scope <= scope) {
1389 addr = ifa->ifa_local;
1390 if (same)
1391 break;
1392 }
1393 if (!same) {
1394 same = (!local || inet_ifa_match(local, ifa)) &&
1395 (!dst || inet_ifa_match(dst, ifa));
1396 if (same && addr) {
1397 if (local || !dst)
1398 break;
1399 /* Is the selected addr into dst subnet? */
1400 if (inet_ifa_match(addr, ifa))
1401 break;
1402 /* No, then can we use new local src? */
1403 if (min_scope <= scope) {
1404 addr = ifa->ifa_local;
1405 break;
1406 }
1407 /* search for large dst subnet for addr */
1408 same = 0;
1409 }
1410 }
1411 }
1412
1413 return same ? addr : 0;
1414 }
1415
1416 /*
1417 * Confirm that local IP address exists using wildcards:
1418 * - net: netns to check, cannot be NULL
1419 * - in_dev: only on this interface, NULL=any interface
1420 * - dst: only in the same subnet as dst, 0=any dst
1421 * - local: address, 0=autoselect the local address
1422 * - scope: maximum allowed scope value for the local address
1423 */
inet_confirm_addr(struct net * net,struct in_device * in_dev,__be32 dst,__be32 local,int scope)1424 __be32 inet_confirm_addr(struct net *net, struct in_device *in_dev,
1425 __be32 dst, __be32 local, int scope)
1426 {
1427 __be32 addr = 0;
1428 struct net_device *dev;
1429
1430 if (in_dev)
1431 return confirm_addr_indev(in_dev, dst, local, scope);
1432
1433 rcu_read_lock();
1434 for_each_netdev_rcu(net, dev) {
1435 in_dev = __in_dev_get_rcu(dev);
1436 if (in_dev) {
1437 addr = confirm_addr_indev(in_dev, dst, local, scope);
1438 if (addr)
1439 break;
1440 }
1441 }
1442 rcu_read_unlock();
1443
1444 return addr;
1445 }
1446 EXPORT_SYMBOL(inet_confirm_addr);
1447
1448 /*
1449 * Device notifier
1450 */
1451
register_inetaddr_notifier(struct notifier_block * nb)1452 int register_inetaddr_notifier(struct notifier_block *nb)
1453 {
1454 return blocking_notifier_chain_register(&inetaddr_chain, nb);
1455 }
1456 EXPORT_SYMBOL(register_inetaddr_notifier);
1457
unregister_inetaddr_notifier(struct notifier_block * nb)1458 int unregister_inetaddr_notifier(struct notifier_block *nb)
1459 {
1460 return blocking_notifier_chain_unregister(&inetaddr_chain, nb);
1461 }
1462 EXPORT_SYMBOL(unregister_inetaddr_notifier);
1463
register_inetaddr_validator_notifier(struct notifier_block * nb)1464 int register_inetaddr_validator_notifier(struct notifier_block *nb)
1465 {
1466 return blocking_notifier_chain_register(&inetaddr_validator_chain, nb);
1467 }
1468 EXPORT_SYMBOL(register_inetaddr_validator_notifier);
1469
unregister_inetaddr_validator_notifier(struct notifier_block * nb)1470 int unregister_inetaddr_validator_notifier(struct notifier_block *nb)
1471 {
1472 return blocking_notifier_chain_unregister(&inetaddr_validator_chain,
1473 nb);
1474 }
1475 EXPORT_SYMBOL(unregister_inetaddr_validator_notifier);
1476
1477 /* Rename ifa_labels for a device name change. Make some effort to preserve
1478 * existing alias numbering and to create unique labels if possible.
1479 */
inetdev_changename(struct net_device * dev,struct in_device * in_dev)1480 static void inetdev_changename(struct net_device *dev, struct in_device *in_dev)
1481 {
1482 struct in_ifaddr *ifa;
1483 int named = 0;
1484
1485 in_dev_for_each_ifa_rtnl(ifa, in_dev) {
1486 char old[IFNAMSIZ], *dot;
1487
1488 memcpy(old, ifa->ifa_label, IFNAMSIZ);
1489 memcpy(ifa->ifa_label, dev->name, IFNAMSIZ);
1490 if (named++ == 0)
1491 goto skip;
1492 dot = strchr(old, ':');
1493 if (!dot) {
1494 sprintf(old, ":%d", named);
1495 dot = old;
1496 }
1497 if (strlen(dot) + strlen(dev->name) < IFNAMSIZ)
1498 strcat(ifa->ifa_label, dot);
1499 else
1500 strcpy(ifa->ifa_label + (IFNAMSIZ - strlen(dot) - 1), dot);
1501 skip:
1502 rtmsg_ifa(RTM_NEWADDR, ifa, NULL, 0);
1503 }
1504 }
1505
inetdev_send_gratuitous_arp(struct net_device * dev,struct in_device * in_dev)1506 static void inetdev_send_gratuitous_arp(struct net_device *dev,
1507 struct in_device *in_dev)
1508
1509 {
1510 const struct in_ifaddr *ifa;
1511
1512 in_dev_for_each_ifa_rtnl(ifa, in_dev) {
1513 arp_send(ARPOP_REQUEST, ETH_P_ARP,
1514 ifa->ifa_local, dev,
1515 ifa->ifa_local, NULL,
1516 dev->dev_addr, NULL);
1517 }
1518 }
1519
1520 /* Called only under RTNL semaphore */
1521
inetdev_event(struct notifier_block * this,unsigned long event,void * ptr)1522 static int inetdev_event(struct notifier_block *this, unsigned long event,
1523 void *ptr)
1524 {
1525 struct net_device *dev = netdev_notifier_info_to_dev(ptr);
1526 struct in_device *in_dev = __in_dev_get_rtnl(dev);
1527
1528 ASSERT_RTNL();
1529
1530 if (!in_dev) {
1531 if (event == NETDEV_REGISTER) {
1532 in_dev = inetdev_init(dev);
1533 if (IS_ERR(in_dev))
1534 return notifier_from_errno(PTR_ERR(in_dev));
1535 if (dev->flags & IFF_LOOPBACK) {
1536 IN_DEV_CONF_SET(in_dev, NOXFRM, 1);
1537 IN_DEV_CONF_SET(in_dev, NOPOLICY, 1);
1538 }
1539 } else if (event == NETDEV_CHANGEMTU) {
1540 /* Re-enabling IP */
1541 if (inetdev_valid_mtu(dev->mtu))
1542 in_dev = inetdev_init(dev);
1543 }
1544 goto out;
1545 }
1546
1547 switch (event) {
1548 case NETDEV_REGISTER:
1549 pr_debug("%s: bug\n", __func__);
1550 RCU_INIT_POINTER(dev->ip_ptr, NULL);
1551 break;
1552 case NETDEV_UP:
1553 if (!inetdev_valid_mtu(dev->mtu))
1554 break;
1555 if (dev->flags & IFF_LOOPBACK) {
1556 struct in_ifaddr *ifa = inet_alloc_ifa();
1557
1558 if (ifa) {
1559 INIT_HLIST_NODE(&ifa->hash);
1560 ifa->ifa_local =
1561 ifa->ifa_address = htonl(INADDR_LOOPBACK);
1562 ifa->ifa_prefixlen = 8;
1563 ifa->ifa_mask = inet_make_mask(8);
1564 in_dev_hold(in_dev);
1565 ifa->ifa_dev = in_dev;
1566 ifa->ifa_scope = RT_SCOPE_HOST;
1567 memcpy(ifa->ifa_label, dev->name, IFNAMSIZ);
1568 set_ifa_lifetime(ifa, INFINITY_LIFE_TIME,
1569 INFINITY_LIFE_TIME);
1570 ipv4_devconf_setall(in_dev);
1571 neigh_parms_data_state_setall(in_dev->arp_parms);
1572 inet_insert_ifa(ifa);
1573 }
1574 }
1575 ip_mc_up(in_dev);
1576 fallthrough;
1577 case NETDEV_CHANGEADDR:
1578 if (!IN_DEV_ARP_NOTIFY(in_dev))
1579 break;
1580 fallthrough;
1581 case NETDEV_NOTIFY_PEERS:
1582 /* Send gratuitous ARP to notify of link change */
1583 inetdev_send_gratuitous_arp(dev, in_dev);
1584 break;
1585 case NETDEV_DOWN:
1586 ip_mc_down(in_dev);
1587 break;
1588 case NETDEV_PRE_TYPE_CHANGE:
1589 ip_mc_unmap(in_dev);
1590 break;
1591 case NETDEV_POST_TYPE_CHANGE:
1592 ip_mc_remap(in_dev);
1593 break;
1594 case NETDEV_CHANGEMTU:
1595 if (inetdev_valid_mtu(dev->mtu))
1596 break;
1597 /* disable IP when MTU is not enough */
1598 fallthrough;
1599 case NETDEV_UNREGISTER:
1600 inetdev_destroy(in_dev);
1601 break;
1602 case NETDEV_CHANGENAME:
1603 /* Do not notify about label change, this event is
1604 * not interesting to applications using netlink.
1605 */
1606 inetdev_changename(dev, in_dev);
1607
1608 devinet_sysctl_unregister(in_dev);
1609 devinet_sysctl_register(in_dev);
1610 break;
1611 }
1612 out:
1613 return NOTIFY_DONE;
1614 }
1615
1616 static struct notifier_block ip_netdev_notifier = {
1617 .notifier_call = inetdev_event,
1618 };
1619
inet_nlmsg_size(void)1620 static size_t inet_nlmsg_size(void)
1621 {
1622 return NLMSG_ALIGN(sizeof(struct ifaddrmsg))
1623 + nla_total_size(4) /* IFA_ADDRESS */
1624 + nla_total_size(4) /* IFA_LOCAL */
1625 + nla_total_size(4) /* IFA_BROADCAST */
1626 + nla_total_size(IFNAMSIZ) /* IFA_LABEL */
1627 + nla_total_size(4) /* IFA_FLAGS */
1628 + nla_total_size(4) /* IFA_RT_PRIORITY */
1629 + nla_total_size(sizeof(struct ifa_cacheinfo)); /* IFA_CACHEINFO */
1630 }
1631
cstamp_delta(unsigned long cstamp)1632 static inline u32 cstamp_delta(unsigned long cstamp)
1633 {
1634 return (cstamp - INITIAL_JIFFIES) * 100UL / HZ;
1635 }
1636
put_cacheinfo(struct sk_buff * skb,unsigned long cstamp,unsigned long tstamp,u32 preferred,u32 valid)1637 static int put_cacheinfo(struct sk_buff *skb, unsigned long cstamp,
1638 unsigned long tstamp, u32 preferred, u32 valid)
1639 {
1640 struct ifa_cacheinfo ci;
1641
1642 ci.cstamp = cstamp_delta(cstamp);
1643 ci.tstamp = cstamp_delta(tstamp);
1644 ci.ifa_prefered = preferred;
1645 ci.ifa_valid = valid;
1646
1647 return nla_put(skb, IFA_CACHEINFO, sizeof(ci), &ci);
1648 }
1649
inet_fill_ifaddr(struct sk_buff * skb,struct in_ifaddr * ifa,struct inet_fill_args * args)1650 static int inet_fill_ifaddr(struct sk_buff *skb, struct in_ifaddr *ifa,
1651 struct inet_fill_args *args)
1652 {
1653 struct ifaddrmsg *ifm;
1654 struct nlmsghdr *nlh;
1655 u32 preferred, valid;
1656
1657 nlh = nlmsg_put(skb, args->portid, args->seq, args->event, sizeof(*ifm),
1658 args->flags);
1659 if (!nlh)
1660 return -EMSGSIZE;
1661
1662 ifm = nlmsg_data(nlh);
1663 ifm->ifa_family = AF_INET;
1664 ifm->ifa_prefixlen = ifa->ifa_prefixlen;
1665 ifm->ifa_flags = ifa->ifa_flags;
1666 ifm->ifa_scope = ifa->ifa_scope;
1667 ifm->ifa_index = ifa->ifa_dev->dev->ifindex;
1668
1669 if (args->netnsid >= 0 &&
1670 nla_put_s32(skb, IFA_TARGET_NETNSID, args->netnsid))
1671 goto nla_put_failure;
1672
1673 if (!(ifm->ifa_flags & IFA_F_PERMANENT)) {
1674 preferred = ifa->ifa_preferred_lft;
1675 valid = ifa->ifa_valid_lft;
1676 if (preferred != INFINITY_LIFE_TIME) {
1677 long tval = (jiffies - ifa->ifa_tstamp) / HZ;
1678
1679 if (preferred > tval)
1680 preferred -= tval;
1681 else
1682 preferred = 0;
1683 if (valid != INFINITY_LIFE_TIME) {
1684 if (valid > tval)
1685 valid -= tval;
1686 else
1687 valid = 0;
1688 }
1689 }
1690 } else {
1691 preferred = INFINITY_LIFE_TIME;
1692 valid = INFINITY_LIFE_TIME;
1693 }
1694 if ((ifa->ifa_address &&
1695 nla_put_in_addr(skb, IFA_ADDRESS, ifa->ifa_address)) ||
1696 (ifa->ifa_local &&
1697 nla_put_in_addr(skb, IFA_LOCAL, ifa->ifa_local)) ||
1698 (ifa->ifa_broadcast &&
1699 nla_put_in_addr(skb, IFA_BROADCAST, ifa->ifa_broadcast)) ||
1700 (ifa->ifa_label[0] &&
1701 nla_put_string(skb, IFA_LABEL, ifa->ifa_label)) ||
1702 nla_put_u32(skb, IFA_FLAGS, ifa->ifa_flags) ||
1703 (ifa->ifa_rt_priority &&
1704 nla_put_u32(skb, IFA_RT_PRIORITY, ifa->ifa_rt_priority)) ||
1705 put_cacheinfo(skb, ifa->ifa_cstamp, ifa->ifa_tstamp,
1706 preferred, valid))
1707 goto nla_put_failure;
1708
1709 nlmsg_end(skb, nlh);
1710 return 0;
1711
1712 nla_put_failure:
1713 nlmsg_cancel(skb, nlh);
1714 return -EMSGSIZE;
1715 }
1716
inet_valid_dump_ifaddr_req(const struct nlmsghdr * nlh,struct inet_fill_args * fillargs,struct net ** tgt_net,struct sock * sk,struct netlink_callback * cb)1717 static int inet_valid_dump_ifaddr_req(const struct nlmsghdr *nlh,
1718 struct inet_fill_args *fillargs,
1719 struct net **tgt_net, struct sock *sk,
1720 struct netlink_callback *cb)
1721 {
1722 struct netlink_ext_ack *extack = cb->extack;
1723 struct nlattr *tb[IFA_MAX+1];
1724 struct ifaddrmsg *ifm;
1725 int err, i;
1726
1727 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ifm))) {
1728 NL_SET_ERR_MSG(extack, "ipv4: Invalid header for address dump request");
1729 return -EINVAL;
1730 }
1731
1732 ifm = nlmsg_data(nlh);
1733 if (ifm->ifa_prefixlen || ifm->ifa_flags || ifm->ifa_scope) {
1734 NL_SET_ERR_MSG(extack, "ipv4: Invalid values in header for address dump request");
1735 return -EINVAL;
1736 }
1737
1738 fillargs->ifindex = ifm->ifa_index;
1739 if (fillargs->ifindex) {
1740 cb->answer_flags |= NLM_F_DUMP_FILTERED;
1741 fillargs->flags |= NLM_F_DUMP_FILTERED;
1742 }
1743
1744 err = nlmsg_parse_deprecated_strict(nlh, sizeof(*ifm), tb, IFA_MAX,
1745 ifa_ipv4_policy, extack);
1746 if (err < 0)
1747 return err;
1748
1749 for (i = 0; i <= IFA_MAX; ++i) {
1750 if (!tb[i])
1751 continue;
1752
1753 if (i == IFA_TARGET_NETNSID) {
1754 struct net *net;
1755
1756 fillargs->netnsid = nla_get_s32(tb[i]);
1757
1758 net = rtnl_get_net_ns_capable(sk, fillargs->netnsid);
1759 if (IS_ERR(net)) {
1760 fillargs->netnsid = -1;
1761 NL_SET_ERR_MSG(extack, "ipv4: Invalid target network namespace id");
1762 return PTR_ERR(net);
1763 }
1764 *tgt_net = net;
1765 } else {
1766 NL_SET_ERR_MSG(extack, "ipv4: Unsupported attribute in dump request");
1767 return -EINVAL;
1768 }
1769 }
1770
1771 return 0;
1772 }
1773
in_dev_dump_addr(struct in_device * in_dev,struct sk_buff * skb,struct netlink_callback * cb,int s_ip_idx,struct inet_fill_args * fillargs)1774 static int in_dev_dump_addr(struct in_device *in_dev, struct sk_buff *skb,
1775 struct netlink_callback *cb, int s_ip_idx,
1776 struct inet_fill_args *fillargs)
1777 {
1778 struct in_ifaddr *ifa;
1779 int ip_idx = 0;
1780 int err;
1781
1782 in_dev_for_each_ifa_rtnl(ifa, in_dev) {
1783 if (ip_idx < s_ip_idx) {
1784 ip_idx++;
1785 continue;
1786 }
1787 err = inet_fill_ifaddr(skb, ifa, fillargs);
1788 if (err < 0)
1789 goto done;
1790
1791 nl_dump_check_consistent(cb, nlmsg_hdr(skb));
1792 ip_idx++;
1793 }
1794 err = 0;
1795
1796 done:
1797 cb->args[2] = ip_idx;
1798
1799 return err;
1800 }
1801
inet_dump_ifaddr(struct sk_buff * skb,struct netlink_callback * cb)1802 static int inet_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb)
1803 {
1804 const struct nlmsghdr *nlh = cb->nlh;
1805 struct inet_fill_args fillargs = {
1806 .portid = NETLINK_CB(cb->skb).portid,
1807 .seq = nlh->nlmsg_seq,
1808 .event = RTM_NEWADDR,
1809 .flags = NLM_F_MULTI,
1810 .netnsid = -1,
1811 };
1812 struct net *net = sock_net(skb->sk);
1813 struct net *tgt_net = net;
1814 int h, s_h;
1815 int idx, s_idx;
1816 int s_ip_idx;
1817 struct net_device *dev;
1818 struct in_device *in_dev;
1819 struct hlist_head *head;
1820 int err = 0;
1821
1822 s_h = cb->args[0];
1823 s_idx = idx = cb->args[1];
1824 s_ip_idx = cb->args[2];
1825
1826 if (cb->strict_check) {
1827 err = inet_valid_dump_ifaddr_req(nlh, &fillargs, &tgt_net,
1828 skb->sk, cb);
1829 if (err < 0)
1830 goto put_tgt_net;
1831
1832 err = 0;
1833 if (fillargs.ifindex) {
1834 dev = __dev_get_by_index(tgt_net, fillargs.ifindex);
1835 if (!dev) {
1836 err = -ENODEV;
1837 goto put_tgt_net;
1838 }
1839
1840 in_dev = __in_dev_get_rtnl(dev);
1841 if (in_dev) {
1842 err = in_dev_dump_addr(in_dev, skb, cb, s_ip_idx,
1843 &fillargs);
1844 }
1845 goto put_tgt_net;
1846 }
1847 }
1848
1849 for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) {
1850 idx = 0;
1851 head = &tgt_net->dev_index_head[h];
1852 rcu_read_lock();
1853 cb->seq = atomic_read(&tgt_net->ipv4.dev_addr_genid) ^
1854 tgt_net->dev_base_seq;
1855 hlist_for_each_entry_rcu(dev, head, index_hlist) {
1856 if (idx < s_idx)
1857 goto cont;
1858 if (h > s_h || idx > s_idx)
1859 s_ip_idx = 0;
1860 in_dev = __in_dev_get_rcu(dev);
1861 if (!in_dev)
1862 goto cont;
1863
1864 err = in_dev_dump_addr(in_dev, skb, cb, s_ip_idx,
1865 &fillargs);
1866 if (err < 0) {
1867 rcu_read_unlock();
1868 goto done;
1869 }
1870 cont:
1871 idx++;
1872 }
1873 rcu_read_unlock();
1874 }
1875
1876 done:
1877 cb->args[0] = h;
1878 cb->args[1] = idx;
1879 put_tgt_net:
1880 if (fillargs.netnsid >= 0)
1881 put_net(tgt_net);
1882
1883 return skb->len ? : err;
1884 }
1885
rtmsg_ifa(int event,struct in_ifaddr * ifa,struct nlmsghdr * nlh,u32 portid)1886 static void rtmsg_ifa(int event, struct in_ifaddr *ifa, struct nlmsghdr *nlh,
1887 u32 portid)
1888 {
1889 struct inet_fill_args fillargs = {
1890 .portid = portid,
1891 .seq = nlh ? nlh->nlmsg_seq : 0,
1892 .event = event,
1893 .flags = 0,
1894 .netnsid = -1,
1895 };
1896 struct sk_buff *skb;
1897 int err = -ENOBUFS;
1898 struct net *net;
1899
1900 net = dev_net(ifa->ifa_dev->dev);
1901 skb = nlmsg_new(inet_nlmsg_size(), GFP_KERNEL);
1902 if (!skb)
1903 goto errout;
1904
1905 err = inet_fill_ifaddr(skb, ifa, &fillargs);
1906 if (err < 0) {
1907 /* -EMSGSIZE implies BUG in inet_nlmsg_size() */
1908 WARN_ON(err == -EMSGSIZE);
1909 kfree_skb(skb);
1910 goto errout;
1911 }
1912 rtnl_notify(skb, net, portid, RTNLGRP_IPV4_IFADDR, nlh, GFP_KERNEL);
1913 return;
1914 errout:
1915 if (err < 0)
1916 rtnl_set_sk_err(net, RTNLGRP_IPV4_IFADDR, err);
1917 }
1918
inet_get_link_af_size(const struct net_device * dev,u32 ext_filter_mask)1919 static size_t inet_get_link_af_size(const struct net_device *dev,
1920 u32 ext_filter_mask)
1921 {
1922 struct in_device *in_dev = rcu_dereference_rtnl(dev->ip_ptr);
1923
1924 if (!in_dev)
1925 return 0;
1926
1927 return nla_total_size(IPV4_DEVCONF_MAX * 4); /* IFLA_INET_CONF */
1928 }
1929
inet_fill_link_af(struct sk_buff * skb,const struct net_device * dev,u32 ext_filter_mask)1930 static int inet_fill_link_af(struct sk_buff *skb, const struct net_device *dev,
1931 u32 ext_filter_mask)
1932 {
1933 struct in_device *in_dev = rcu_dereference_rtnl(dev->ip_ptr);
1934 struct nlattr *nla;
1935 int i;
1936
1937 if (!in_dev)
1938 return -ENODATA;
1939
1940 nla = nla_reserve(skb, IFLA_INET_CONF, IPV4_DEVCONF_MAX * 4);
1941 if (!nla)
1942 return -EMSGSIZE;
1943
1944 for (i = 0; i < IPV4_DEVCONF_MAX; i++)
1945 ((u32 *) nla_data(nla))[i] = in_dev->cnf.data[i];
1946
1947 return 0;
1948 }
1949
1950 static const struct nla_policy inet_af_policy[IFLA_INET_MAX+1] = {
1951 [IFLA_INET_CONF] = { .type = NLA_NESTED },
1952 };
1953
inet_validate_link_af(const struct net_device * dev,const struct nlattr * nla,struct netlink_ext_ack * extack)1954 static int inet_validate_link_af(const struct net_device *dev,
1955 const struct nlattr *nla,
1956 struct netlink_ext_ack *extack)
1957 {
1958 struct nlattr *a, *tb[IFLA_INET_MAX+1];
1959 int err, rem;
1960
1961 if (dev && !__in_dev_get_rtnl(dev))
1962 return -EAFNOSUPPORT;
1963
1964 err = nla_parse_nested_deprecated(tb, IFLA_INET_MAX, nla,
1965 inet_af_policy, extack);
1966 if (err < 0)
1967 return err;
1968
1969 if (tb[IFLA_INET_CONF]) {
1970 nla_for_each_nested(a, tb[IFLA_INET_CONF], rem) {
1971 int cfgid = nla_type(a);
1972
1973 if (nla_len(a) < 4)
1974 return -EINVAL;
1975
1976 if (cfgid <= 0 || cfgid > IPV4_DEVCONF_MAX)
1977 return -EINVAL;
1978 }
1979 }
1980
1981 return 0;
1982 }
1983
inet_set_link_af(struct net_device * dev,const struct nlattr * nla,struct netlink_ext_ack * extack)1984 static int inet_set_link_af(struct net_device *dev, const struct nlattr *nla,
1985 struct netlink_ext_ack *extack)
1986 {
1987 struct in_device *in_dev = __in_dev_get_rtnl(dev);
1988 struct nlattr *a, *tb[IFLA_INET_MAX+1];
1989 int rem;
1990
1991 if (!in_dev)
1992 return -EAFNOSUPPORT;
1993
1994 if (nla_parse_nested_deprecated(tb, IFLA_INET_MAX, nla, NULL, NULL) < 0)
1995 return -EINVAL;
1996
1997 if (tb[IFLA_INET_CONF]) {
1998 nla_for_each_nested(a, tb[IFLA_INET_CONF], rem)
1999 ipv4_devconf_set(in_dev, nla_type(a), nla_get_u32(a));
2000 }
2001
2002 return 0;
2003 }
2004
inet_netconf_msgsize_devconf(int type)2005 static int inet_netconf_msgsize_devconf(int type)
2006 {
2007 int size = NLMSG_ALIGN(sizeof(struct netconfmsg))
2008 + nla_total_size(4); /* NETCONFA_IFINDEX */
2009 bool all = false;
2010
2011 if (type == NETCONFA_ALL)
2012 all = true;
2013
2014 if (all || type == NETCONFA_FORWARDING)
2015 size += nla_total_size(4);
2016 if (all || type == NETCONFA_RP_FILTER)
2017 size += nla_total_size(4);
2018 if (all || type == NETCONFA_MC_FORWARDING)
2019 size += nla_total_size(4);
2020 if (all || type == NETCONFA_BC_FORWARDING)
2021 size += nla_total_size(4);
2022 if (all || type == NETCONFA_PROXY_NEIGH)
2023 size += nla_total_size(4);
2024 if (all || type == NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN)
2025 size += nla_total_size(4);
2026
2027 return size;
2028 }
2029
inet_netconf_fill_devconf(struct sk_buff * skb,int ifindex,struct ipv4_devconf * devconf,u32 portid,u32 seq,int event,unsigned int flags,int type)2030 static int inet_netconf_fill_devconf(struct sk_buff *skb, int ifindex,
2031 struct ipv4_devconf *devconf, u32 portid,
2032 u32 seq, int event, unsigned int flags,
2033 int type)
2034 {
2035 struct nlmsghdr *nlh;
2036 struct netconfmsg *ncm;
2037 bool all = false;
2038
2039 nlh = nlmsg_put(skb, portid, seq, event, sizeof(struct netconfmsg),
2040 flags);
2041 if (!nlh)
2042 return -EMSGSIZE;
2043
2044 if (type == NETCONFA_ALL)
2045 all = true;
2046
2047 ncm = nlmsg_data(nlh);
2048 ncm->ncm_family = AF_INET;
2049
2050 if (nla_put_s32(skb, NETCONFA_IFINDEX, ifindex) < 0)
2051 goto nla_put_failure;
2052
2053 if (!devconf)
2054 goto out;
2055
2056 if ((all || type == NETCONFA_FORWARDING) &&
2057 nla_put_s32(skb, NETCONFA_FORWARDING,
2058 IPV4_DEVCONF(*devconf, FORWARDING)) < 0)
2059 goto nla_put_failure;
2060 if ((all || type == NETCONFA_RP_FILTER) &&
2061 nla_put_s32(skb, NETCONFA_RP_FILTER,
2062 IPV4_DEVCONF(*devconf, RP_FILTER)) < 0)
2063 goto nla_put_failure;
2064 if ((all || type == NETCONFA_MC_FORWARDING) &&
2065 nla_put_s32(skb, NETCONFA_MC_FORWARDING,
2066 IPV4_DEVCONF(*devconf, MC_FORWARDING)) < 0)
2067 goto nla_put_failure;
2068 if ((all || type == NETCONFA_BC_FORWARDING) &&
2069 nla_put_s32(skb, NETCONFA_BC_FORWARDING,
2070 IPV4_DEVCONF(*devconf, BC_FORWARDING)) < 0)
2071 goto nla_put_failure;
2072 if ((all || type == NETCONFA_PROXY_NEIGH) &&
2073 nla_put_s32(skb, NETCONFA_PROXY_NEIGH,
2074 IPV4_DEVCONF(*devconf, PROXY_ARP)) < 0)
2075 goto nla_put_failure;
2076 if ((all || type == NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN) &&
2077 nla_put_s32(skb, NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN,
2078 IPV4_DEVCONF(*devconf, IGNORE_ROUTES_WITH_LINKDOWN)) < 0)
2079 goto nla_put_failure;
2080
2081 out:
2082 nlmsg_end(skb, nlh);
2083 return 0;
2084
2085 nla_put_failure:
2086 nlmsg_cancel(skb, nlh);
2087 return -EMSGSIZE;
2088 }
2089
inet_netconf_notify_devconf(struct net * net,int event,int type,int ifindex,struct ipv4_devconf * devconf)2090 void inet_netconf_notify_devconf(struct net *net, int event, int type,
2091 int ifindex, struct ipv4_devconf *devconf)
2092 {
2093 struct sk_buff *skb;
2094 int err = -ENOBUFS;
2095
2096 skb = nlmsg_new(inet_netconf_msgsize_devconf(type), GFP_KERNEL);
2097 if (!skb)
2098 goto errout;
2099
2100 err = inet_netconf_fill_devconf(skb, ifindex, devconf, 0, 0,
2101 event, 0, type);
2102 if (err < 0) {
2103 /* -EMSGSIZE implies BUG in inet_netconf_msgsize_devconf() */
2104 WARN_ON(err == -EMSGSIZE);
2105 kfree_skb(skb);
2106 goto errout;
2107 }
2108 rtnl_notify(skb, net, 0, RTNLGRP_IPV4_NETCONF, NULL, GFP_KERNEL);
2109 return;
2110 errout:
2111 if (err < 0)
2112 rtnl_set_sk_err(net, RTNLGRP_IPV4_NETCONF, err);
2113 }
2114
2115 static const struct nla_policy devconf_ipv4_policy[NETCONFA_MAX+1] = {
2116 [NETCONFA_IFINDEX] = { .len = sizeof(int) },
2117 [NETCONFA_FORWARDING] = { .len = sizeof(int) },
2118 [NETCONFA_RP_FILTER] = { .len = sizeof(int) },
2119 [NETCONFA_PROXY_NEIGH] = { .len = sizeof(int) },
2120 [NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN] = { .len = sizeof(int) },
2121 };
2122
inet_netconf_valid_get_req(struct sk_buff * skb,const struct nlmsghdr * nlh,struct nlattr ** tb,struct netlink_ext_ack * extack)2123 static int inet_netconf_valid_get_req(struct sk_buff *skb,
2124 const struct nlmsghdr *nlh,
2125 struct nlattr **tb,
2126 struct netlink_ext_ack *extack)
2127 {
2128 int i, err;
2129
2130 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(struct netconfmsg))) {
2131 NL_SET_ERR_MSG(extack, "ipv4: Invalid header for netconf get request");
2132 return -EINVAL;
2133 }
2134
2135 if (!netlink_strict_get_check(skb))
2136 return nlmsg_parse_deprecated(nlh, sizeof(struct netconfmsg),
2137 tb, NETCONFA_MAX,
2138 devconf_ipv4_policy, extack);
2139
2140 err = nlmsg_parse_deprecated_strict(nlh, sizeof(struct netconfmsg),
2141 tb, NETCONFA_MAX,
2142 devconf_ipv4_policy, extack);
2143 if (err)
2144 return err;
2145
2146 for (i = 0; i <= NETCONFA_MAX; i++) {
2147 if (!tb[i])
2148 continue;
2149
2150 switch (i) {
2151 case NETCONFA_IFINDEX:
2152 break;
2153 default:
2154 NL_SET_ERR_MSG(extack, "ipv4: Unsupported attribute in netconf get request");
2155 return -EINVAL;
2156 }
2157 }
2158
2159 return 0;
2160 }
2161
inet_netconf_get_devconf(struct sk_buff * in_skb,struct nlmsghdr * nlh,struct netlink_ext_ack * extack)2162 static int inet_netconf_get_devconf(struct sk_buff *in_skb,
2163 struct nlmsghdr *nlh,
2164 struct netlink_ext_ack *extack)
2165 {
2166 struct net *net = sock_net(in_skb->sk);
2167 struct nlattr *tb[NETCONFA_MAX+1];
2168 struct sk_buff *skb;
2169 struct ipv4_devconf *devconf;
2170 struct in_device *in_dev;
2171 struct net_device *dev;
2172 int ifindex;
2173 int err;
2174
2175 err = inet_netconf_valid_get_req(in_skb, nlh, tb, extack);
2176 if (err)
2177 goto errout;
2178
2179 err = -EINVAL;
2180 if (!tb[NETCONFA_IFINDEX])
2181 goto errout;
2182
2183 ifindex = nla_get_s32(tb[NETCONFA_IFINDEX]);
2184 switch (ifindex) {
2185 case NETCONFA_IFINDEX_ALL:
2186 devconf = net->ipv4.devconf_all;
2187 break;
2188 case NETCONFA_IFINDEX_DEFAULT:
2189 devconf = net->ipv4.devconf_dflt;
2190 break;
2191 default:
2192 dev = __dev_get_by_index(net, ifindex);
2193 if (!dev)
2194 goto errout;
2195 in_dev = __in_dev_get_rtnl(dev);
2196 if (!in_dev)
2197 goto errout;
2198 devconf = &in_dev->cnf;
2199 break;
2200 }
2201
2202 err = -ENOBUFS;
2203 skb = nlmsg_new(inet_netconf_msgsize_devconf(NETCONFA_ALL), GFP_KERNEL);
2204 if (!skb)
2205 goto errout;
2206
2207 err = inet_netconf_fill_devconf(skb, ifindex, devconf,
2208 NETLINK_CB(in_skb).portid,
2209 nlh->nlmsg_seq, RTM_NEWNETCONF, 0,
2210 NETCONFA_ALL);
2211 if (err < 0) {
2212 /* -EMSGSIZE implies BUG in inet_netconf_msgsize_devconf() */
2213 WARN_ON(err == -EMSGSIZE);
2214 kfree_skb(skb);
2215 goto errout;
2216 }
2217 err = rtnl_unicast(skb, net, NETLINK_CB(in_skb).portid);
2218 errout:
2219 return err;
2220 }
2221
inet_netconf_dump_devconf(struct sk_buff * skb,struct netlink_callback * cb)2222 static int inet_netconf_dump_devconf(struct sk_buff *skb,
2223 struct netlink_callback *cb)
2224 {
2225 const struct nlmsghdr *nlh = cb->nlh;
2226 struct net *net = sock_net(skb->sk);
2227 int h, s_h;
2228 int idx, s_idx;
2229 struct net_device *dev;
2230 struct in_device *in_dev;
2231 struct hlist_head *head;
2232
2233 if (cb->strict_check) {
2234 struct netlink_ext_ack *extack = cb->extack;
2235 struct netconfmsg *ncm;
2236
2237 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ncm))) {
2238 NL_SET_ERR_MSG(extack, "ipv4: Invalid header for netconf dump request");
2239 return -EINVAL;
2240 }
2241
2242 if (nlmsg_attrlen(nlh, sizeof(*ncm))) {
2243 NL_SET_ERR_MSG(extack, "ipv4: Invalid data after header in netconf dump request");
2244 return -EINVAL;
2245 }
2246 }
2247
2248 s_h = cb->args[0];
2249 s_idx = idx = cb->args[1];
2250
2251 for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) {
2252 idx = 0;
2253 head = &net->dev_index_head[h];
2254 rcu_read_lock();
2255 cb->seq = atomic_read(&net->ipv4.dev_addr_genid) ^
2256 net->dev_base_seq;
2257 hlist_for_each_entry_rcu(dev, head, index_hlist) {
2258 if (idx < s_idx)
2259 goto cont;
2260 in_dev = __in_dev_get_rcu(dev);
2261 if (!in_dev)
2262 goto cont;
2263
2264 if (inet_netconf_fill_devconf(skb, dev->ifindex,
2265 &in_dev->cnf,
2266 NETLINK_CB(cb->skb).portid,
2267 nlh->nlmsg_seq,
2268 RTM_NEWNETCONF,
2269 NLM_F_MULTI,
2270 NETCONFA_ALL) < 0) {
2271 rcu_read_unlock();
2272 goto done;
2273 }
2274 nl_dump_check_consistent(cb, nlmsg_hdr(skb));
2275 cont:
2276 idx++;
2277 }
2278 rcu_read_unlock();
2279 }
2280 if (h == NETDEV_HASHENTRIES) {
2281 if (inet_netconf_fill_devconf(skb, NETCONFA_IFINDEX_ALL,
2282 net->ipv4.devconf_all,
2283 NETLINK_CB(cb->skb).portid,
2284 nlh->nlmsg_seq,
2285 RTM_NEWNETCONF, NLM_F_MULTI,
2286 NETCONFA_ALL) < 0)
2287 goto done;
2288 else
2289 h++;
2290 }
2291 if (h == NETDEV_HASHENTRIES + 1) {
2292 if (inet_netconf_fill_devconf(skb, NETCONFA_IFINDEX_DEFAULT,
2293 net->ipv4.devconf_dflt,
2294 NETLINK_CB(cb->skb).portid,
2295 nlh->nlmsg_seq,
2296 RTM_NEWNETCONF, NLM_F_MULTI,
2297 NETCONFA_ALL) < 0)
2298 goto done;
2299 else
2300 h++;
2301 }
2302 done:
2303 cb->args[0] = h;
2304 cb->args[1] = idx;
2305
2306 return skb->len;
2307 }
2308
2309 #ifdef CONFIG_SYSCTL
2310
devinet_copy_dflt_conf(struct net * net,int i)2311 static void devinet_copy_dflt_conf(struct net *net, int i)
2312 {
2313 struct net_device *dev;
2314
2315 rcu_read_lock();
2316 for_each_netdev_rcu(net, dev) {
2317 struct in_device *in_dev;
2318
2319 in_dev = __in_dev_get_rcu(dev);
2320 if (in_dev && !test_bit(i, in_dev->cnf.state))
2321 in_dev->cnf.data[i] = net->ipv4.devconf_dflt->data[i];
2322 }
2323 rcu_read_unlock();
2324 }
2325
2326 /* called with RTNL locked */
inet_forward_change(struct net * net)2327 static void inet_forward_change(struct net *net)
2328 {
2329 struct net_device *dev;
2330 int on = IPV4_DEVCONF_ALL(net, FORWARDING);
2331
2332 IPV4_DEVCONF_ALL(net, ACCEPT_REDIRECTS) = !on;
2333 IPV4_DEVCONF_DFLT(net, FORWARDING) = on;
2334 inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
2335 NETCONFA_FORWARDING,
2336 NETCONFA_IFINDEX_ALL,
2337 net->ipv4.devconf_all);
2338 inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
2339 NETCONFA_FORWARDING,
2340 NETCONFA_IFINDEX_DEFAULT,
2341 net->ipv4.devconf_dflt);
2342
2343 for_each_netdev(net, dev) {
2344 struct in_device *in_dev;
2345
2346 if (on)
2347 dev_disable_lro(dev);
2348
2349 in_dev = __in_dev_get_rtnl(dev);
2350 if (in_dev) {
2351 IN_DEV_CONF_SET(in_dev, FORWARDING, on);
2352 inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
2353 NETCONFA_FORWARDING,
2354 dev->ifindex, &in_dev->cnf);
2355 }
2356 }
2357 }
2358
devinet_conf_ifindex(struct net * net,struct ipv4_devconf * cnf)2359 static int devinet_conf_ifindex(struct net *net, struct ipv4_devconf *cnf)
2360 {
2361 if (cnf == net->ipv4.devconf_dflt)
2362 return NETCONFA_IFINDEX_DEFAULT;
2363 else if (cnf == net->ipv4.devconf_all)
2364 return NETCONFA_IFINDEX_ALL;
2365 else {
2366 struct in_device *idev
2367 = container_of(cnf, struct in_device, cnf);
2368 return idev->dev->ifindex;
2369 }
2370 }
2371
devinet_conf_proc(struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)2372 static int devinet_conf_proc(struct ctl_table *ctl, int write,
2373 void *buffer, size_t *lenp, loff_t *ppos)
2374 {
2375 int old_value = *(int *)ctl->data;
2376 int ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
2377 int new_value = *(int *)ctl->data;
2378
2379 if (write) {
2380 struct ipv4_devconf *cnf = ctl->extra1;
2381 struct net *net = ctl->extra2;
2382 int i = (int *)ctl->data - cnf->data;
2383 int ifindex;
2384
2385 set_bit(i, cnf->state);
2386
2387 if (cnf == net->ipv4.devconf_dflt)
2388 devinet_copy_dflt_conf(net, i);
2389 if (i == IPV4_DEVCONF_ACCEPT_LOCAL - 1 ||
2390 i == IPV4_DEVCONF_ROUTE_LOCALNET - 1)
2391 if ((new_value == 0) && (old_value != 0))
2392 rt_cache_flush(net);
2393
2394 if (i == IPV4_DEVCONF_BC_FORWARDING - 1 &&
2395 new_value != old_value)
2396 rt_cache_flush(net);
2397
2398 if (i == IPV4_DEVCONF_RP_FILTER - 1 &&
2399 new_value != old_value) {
2400 ifindex = devinet_conf_ifindex(net, cnf);
2401 inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
2402 NETCONFA_RP_FILTER,
2403 ifindex, cnf);
2404 }
2405 if (i == IPV4_DEVCONF_PROXY_ARP - 1 &&
2406 new_value != old_value) {
2407 ifindex = devinet_conf_ifindex(net, cnf);
2408 inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
2409 NETCONFA_PROXY_NEIGH,
2410 ifindex, cnf);
2411 }
2412 if (i == IPV4_DEVCONF_IGNORE_ROUTES_WITH_LINKDOWN - 1 &&
2413 new_value != old_value) {
2414 ifindex = devinet_conf_ifindex(net, cnf);
2415 inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
2416 NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN,
2417 ifindex, cnf);
2418 }
2419 }
2420
2421 return ret;
2422 }
2423
devinet_sysctl_forward(struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)2424 static int devinet_sysctl_forward(struct ctl_table *ctl, int write,
2425 void *buffer, size_t *lenp, loff_t *ppos)
2426 {
2427 int *valp = ctl->data;
2428 int val = *valp;
2429 loff_t pos = *ppos;
2430 struct net *net = ctl->extra2;
2431 int ret;
2432
2433 if (write && !ns_capable(net->user_ns, CAP_NET_ADMIN))
2434 return -EPERM;
2435
2436 ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
2437
2438 if (write && *valp != val) {
2439 if (valp != &IPV4_DEVCONF_DFLT(net, FORWARDING)) {
2440 if (!rtnl_trylock()) {
2441 /* Restore the original values before restarting */
2442 *valp = val;
2443 *ppos = pos;
2444 return restart_syscall();
2445 }
2446 if (valp == &IPV4_DEVCONF_ALL(net, FORWARDING)) {
2447 inet_forward_change(net);
2448 } else {
2449 struct ipv4_devconf *cnf = ctl->extra1;
2450 struct in_device *idev =
2451 container_of(cnf, struct in_device, cnf);
2452 if (*valp)
2453 dev_disable_lro(idev->dev);
2454 inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
2455 NETCONFA_FORWARDING,
2456 idev->dev->ifindex,
2457 cnf);
2458 }
2459 rtnl_unlock();
2460 rt_cache_flush(net);
2461 } else
2462 inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
2463 NETCONFA_FORWARDING,
2464 NETCONFA_IFINDEX_DEFAULT,
2465 net->ipv4.devconf_dflt);
2466 }
2467
2468 return ret;
2469 }
2470
ipv4_doint_and_flush(struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)2471 static int ipv4_doint_and_flush(struct ctl_table *ctl, int write,
2472 void *buffer, size_t *lenp, loff_t *ppos)
2473 {
2474 int *valp = ctl->data;
2475 int val = *valp;
2476 int ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
2477 struct net *net = ctl->extra2;
2478
2479 if (write && *valp != val)
2480 rt_cache_flush(net);
2481
2482 return ret;
2483 }
2484
2485 #define DEVINET_SYSCTL_ENTRY(attr, name, mval, proc) \
2486 { \
2487 .procname = name, \
2488 .data = ipv4_devconf.data + \
2489 IPV4_DEVCONF_ ## attr - 1, \
2490 .maxlen = sizeof(int), \
2491 .mode = mval, \
2492 .proc_handler = proc, \
2493 .extra1 = &ipv4_devconf, \
2494 }
2495
2496 #define DEVINET_SYSCTL_RW_ENTRY(attr, name) \
2497 DEVINET_SYSCTL_ENTRY(attr, name, 0644, devinet_conf_proc)
2498
2499 #define DEVINET_SYSCTL_RO_ENTRY(attr, name) \
2500 DEVINET_SYSCTL_ENTRY(attr, name, 0444, devinet_conf_proc)
2501
2502 #define DEVINET_SYSCTL_COMPLEX_ENTRY(attr, name, proc) \
2503 DEVINET_SYSCTL_ENTRY(attr, name, 0644, proc)
2504
2505 #define DEVINET_SYSCTL_FLUSHING_ENTRY(attr, name) \
2506 DEVINET_SYSCTL_COMPLEX_ENTRY(attr, name, ipv4_doint_and_flush)
2507
2508 static struct devinet_sysctl_table {
2509 struct ctl_table_header *sysctl_header;
2510 struct ctl_table devinet_vars[__IPV4_DEVCONF_MAX];
2511 } devinet_sysctl = {
2512 .devinet_vars = {
2513 DEVINET_SYSCTL_COMPLEX_ENTRY(FORWARDING, "forwarding",
2514 devinet_sysctl_forward),
2515 DEVINET_SYSCTL_RO_ENTRY(MC_FORWARDING, "mc_forwarding"),
2516 DEVINET_SYSCTL_RW_ENTRY(BC_FORWARDING, "bc_forwarding"),
2517
2518 DEVINET_SYSCTL_RW_ENTRY(ACCEPT_REDIRECTS, "accept_redirects"),
2519 DEVINET_SYSCTL_RW_ENTRY(SECURE_REDIRECTS, "secure_redirects"),
2520 DEVINET_SYSCTL_RW_ENTRY(SHARED_MEDIA, "shared_media"),
2521 DEVINET_SYSCTL_RW_ENTRY(RP_FILTER, "rp_filter"),
2522 DEVINET_SYSCTL_RW_ENTRY(SEND_REDIRECTS, "send_redirects"),
2523 DEVINET_SYSCTL_RW_ENTRY(ACCEPT_SOURCE_ROUTE,
2524 "accept_source_route"),
2525 DEVINET_SYSCTL_RW_ENTRY(ACCEPT_LOCAL, "accept_local"),
2526 DEVINET_SYSCTL_RW_ENTRY(SRC_VMARK, "src_valid_mark"),
2527 DEVINET_SYSCTL_RW_ENTRY(PROXY_ARP, "proxy_arp"),
2528 DEVINET_SYSCTL_RW_ENTRY(MEDIUM_ID, "medium_id"),
2529 DEVINET_SYSCTL_RW_ENTRY(BOOTP_RELAY, "bootp_relay"),
2530 DEVINET_SYSCTL_RW_ENTRY(LOG_MARTIANS, "log_martians"),
2531 DEVINET_SYSCTL_RW_ENTRY(TAG, "tag"),
2532 DEVINET_SYSCTL_RW_ENTRY(ARPFILTER, "arp_filter"),
2533 DEVINET_SYSCTL_RW_ENTRY(ARP_ANNOUNCE, "arp_announce"),
2534 DEVINET_SYSCTL_RW_ENTRY(ARP_IGNORE, "arp_ignore"),
2535 DEVINET_SYSCTL_RW_ENTRY(ARP_ACCEPT, "arp_accept"),
2536 DEVINET_SYSCTL_RW_ENTRY(ARP_NOTIFY, "arp_notify"),
2537 DEVINET_SYSCTL_RW_ENTRY(ARP_EVICT_NOCARRIER,
2538 "arp_evict_nocarrier"),
2539 DEVINET_SYSCTL_RW_ENTRY(PROXY_ARP_PVLAN, "proxy_arp_pvlan"),
2540 DEVINET_SYSCTL_RW_ENTRY(FORCE_IGMP_VERSION,
2541 "force_igmp_version"),
2542 DEVINET_SYSCTL_RW_ENTRY(IGMPV2_UNSOLICITED_REPORT_INTERVAL,
2543 "igmpv2_unsolicited_report_interval"),
2544 DEVINET_SYSCTL_RW_ENTRY(IGMPV3_UNSOLICITED_REPORT_INTERVAL,
2545 "igmpv3_unsolicited_report_interval"),
2546 DEVINET_SYSCTL_RW_ENTRY(IGNORE_ROUTES_WITH_LINKDOWN,
2547 "ignore_routes_with_linkdown"),
2548 DEVINET_SYSCTL_RW_ENTRY(DROP_GRATUITOUS_ARP,
2549 "drop_gratuitous_arp"),
2550
2551 DEVINET_SYSCTL_FLUSHING_ENTRY(NOXFRM, "disable_xfrm"),
2552 DEVINET_SYSCTL_FLUSHING_ENTRY(NOPOLICY, "disable_policy"),
2553 DEVINET_SYSCTL_FLUSHING_ENTRY(PROMOTE_SECONDARIES,
2554 "promote_secondaries"),
2555 DEVINET_SYSCTL_FLUSHING_ENTRY(ROUTE_LOCALNET,
2556 "route_localnet"),
2557 DEVINET_SYSCTL_FLUSHING_ENTRY(DROP_UNICAST_IN_L2_MULTICAST,
2558 "drop_unicast_in_l2_multicast"),
2559 },
2560 };
2561
__devinet_sysctl_register(struct net * net,char * dev_name,int ifindex,struct ipv4_devconf * p)2562 static int __devinet_sysctl_register(struct net *net, char *dev_name,
2563 int ifindex, struct ipv4_devconf *p)
2564 {
2565 int i;
2566 struct devinet_sysctl_table *t;
2567 char path[sizeof("net/ipv4/conf/") + IFNAMSIZ];
2568
2569 t = kmemdup(&devinet_sysctl, sizeof(*t), GFP_KERNEL);
2570 if (!t)
2571 goto out;
2572
2573 for (i = 0; i < ARRAY_SIZE(t->devinet_vars) - 1; i++) {
2574 t->devinet_vars[i].data += (char *)p - (char *)&ipv4_devconf;
2575 t->devinet_vars[i].extra1 = p;
2576 t->devinet_vars[i].extra2 = net;
2577 }
2578
2579 snprintf(path, sizeof(path), "net/ipv4/conf/%s", dev_name);
2580
2581 t->sysctl_header = register_net_sysctl(net, path, t->devinet_vars);
2582 if (!t->sysctl_header)
2583 goto free;
2584
2585 p->sysctl = t;
2586
2587 inet_netconf_notify_devconf(net, RTM_NEWNETCONF, NETCONFA_ALL,
2588 ifindex, p);
2589 return 0;
2590
2591 free:
2592 kfree(t);
2593 out:
2594 return -ENOMEM;
2595 }
2596
__devinet_sysctl_unregister(struct net * net,struct ipv4_devconf * cnf,int ifindex)2597 static void __devinet_sysctl_unregister(struct net *net,
2598 struct ipv4_devconf *cnf, int ifindex)
2599 {
2600 struct devinet_sysctl_table *t = cnf->sysctl;
2601
2602 if (t) {
2603 cnf->sysctl = NULL;
2604 unregister_net_sysctl_table(t->sysctl_header);
2605 kfree(t);
2606 }
2607
2608 inet_netconf_notify_devconf(net, RTM_DELNETCONF, 0, ifindex, NULL);
2609 }
2610
devinet_sysctl_register(struct in_device * idev)2611 static int devinet_sysctl_register(struct in_device *idev)
2612 {
2613 int err;
2614
2615 if (!sysctl_dev_name_is_allowed(idev->dev->name))
2616 return -EINVAL;
2617
2618 err = neigh_sysctl_register(idev->dev, idev->arp_parms, NULL);
2619 if (err)
2620 return err;
2621 err = __devinet_sysctl_register(dev_net(idev->dev), idev->dev->name,
2622 idev->dev->ifindex, &idev->cnf);
2623 if (err)
2624 neigh_sysctl_unregister(idev->arp_parms);
2625 return err;
2626 }
2627
devinet_sysctl_unregister(struct in_device * idev)2628 static void devinet_sysctl_unregister(struct in_device *idev)
2629 {
2630 struct net *net = dev_net(idev->dev);
2631
2632 __devinet_sysctl_unregister(net, &idev->cnf, idev->dev->ifindex);
2633 neigh_sysctl_unregister(idev->arp_parms);
2634 }
2635
2636 static struct ctl_table ctl_forward_entry[] = {
2637 {
2638 .procname = "ip_forward",
2639 .data = &ipv4_devconf.data[
2640 IPV4_DEVCONF_FORWARDING - 1],
2641 .maxlen = sizeof(int),
2642 .mode = 0644,
2643 .proc_handler = devinet_sysctl_forward,
2644 .extra1 = &ipv4_devconf,
2645 .extra2 = &init_net,
2646 },
2647 { },
2648 };
2649 #endif
2650
devinet_init_net(struct net * net)2651 static __net_init int devinet_init_net(struct net *net)
2652 {
2653 int err;
2654 struct ipv4_devconf *all, *dflt;
2655 #ifdef CONFIG_SYSCTL
2656 struct ctl_table *tbl;
2657 struct ctl_table_header *forw_hdr;
2658 #endif
2659
2660 err = -ENOMEM;
2661 all = kmemdup(&ipv4_devconf, sizeof(ipv4_devconf), GFP_KERNEL);
2662 if (!all)
2663 goto err_alloc_all;
2664
2665 dflt = kmemdup(&ipv4_devconf_dflt, sizeof(ipv4_devconf_dflt), GFP_KERNEL);
2666 if (!dflt)
2667 goto err_alloc_dflt;
2668
2669 #ifdef CONFIG_SYSCTL
2670 tbl = kmemdup(ctl_forward_entry, sizeof(ctl_forward_entry), GFP_KERNEL);
2671 if (!tbl)
2672 goto err_alloc_ctl;
2673
2674 tbl[0].data = &all->data[IPV4_DEVCONF_FORWARDING - 1];
2675 tbl[0].extra1 = all;
2676 tbl[0].extra2 = net;
2677 #endif
2678
2679 if (!net_eq(net, &init_net)) {
2680 if (IS_ENABLED(CONFIG_SYSCTL) &&
2681 sysctl_devconf_inherit_init_net == 3) {
2682 /* copy from the current netns */
2683 memcpy(all, current->nsproxy->net_ns->ipv4.devconf_all,
2684 sizeof(ipv4_devconf));
2685 memcpy(dflt,
2686 current->nsproxy->net_ns->ipv4.devconf_dflt,
2687 sizeof(ipv4_devconf_dflt));
2688 } else if (!IS_ENABLED(CONFIG_SYSCTL) ||
2689 sysctl_devconf_inherit_init_net != 2) {
2690 /* inherit == 0 or 1: copy from init_net */
2691 memcpy(all, init_net.ipv4.devconf_all,
2692 sizeof(ipv4_devconf));
2693 memcpy(dflt, init_net.ipv4.devconf_dflt,
2694 sizeof(ipv4_devconf_dflt));
2695 }
2696 /* else inherit == 2: use compiled values */
2697 }
2698
2699 #ifdef CONFIG_SYSCTL
2700 err = __devinet_sysctl_register(net, "all", NETCONFA_IFINDEX_ALL, all);
2701 if (err < 0)
2702 goto err_reg_all;
2703
2704 err = __devinet_sysctl_register(net, "default",
2705 NETCONFA_IFINDEX_DEFAULT, dflt);
2706 if (err < 0)
2707 goto err_reg_dflt;
2708
2709 err = -ENOMEM;
2710 forw_hdr = register_net_sysctl(net, "net/ipv4", tbl);
2711 if (!forw_hdr)
2712 goto err_reg_ctl;
2713 net->ipv4.forw_hdr = forw_hdr;
2714 #endif
2715
2716 net->ipv4.devconf_all = all;
2717 net->ipv4.devconf_dflt = dflt;
2718 return 0;
2719
2720 #ifdef CONFIG_SYSCTL
2721 err_reg_ctl:
2722 __devinet_sysctl_unregister(net, dflt, NETCONFA_IFINDEX_DEFAULT);
2723 err_reg_dflt:
2724 __devinet_sysctl_unregister(net, all, NETCONFA_IFINDEX_ALL);
2725 err_reg_all:
2726 kfree(tbl);
2727 err_alloc_ctl:
2728 #endif
2729 kfree(dflt);
2730 err_alloc_dflt:
2731 kfree(all);
2732 err_alloc_all:
2733 return err;
2734 }
2735
devinet_exit_net(struct net * net)2736 static __net_exit void devinet_exit_net(struct net *net)
2737 {
2738 #ifdef CONFIG_SYSCTL
2739 struct ctl_table *tbl;
2740
2741 tbl = net->ipv4.forw_hdr->ctl_table_arg;
2742 unregister_net_sysctl_table(net->ipv4.forw_hdr);
2743 __devinet_sysctl_unregister(net, net->ipv4.devconf_dflt,
2744 NETCONFA_IFINDEX_DEFAULT);
2745 __devinet_sysctl_unregister(net, net->ipv4.devconf_all,
2746 NETCONFA_IFINDEX_ALL);
2747 kfree(tbl);
2748 #endif
2749 kfree(net->ipv4.devconf_dflt);
2750 kfree(net->ipv4.devconf_all);
2751 }
2752
2753 static __net_initdata struct pernet_operations devinet_ops = {
2754 .init = devinet_init_net,
2755 .exit = devinet_exit_net,
2756 };
2757
2758 static struct rtnl_af_ops inet_af_ops __read_mostly = {
2759 .family = AF_INET,
2760 .fill_link_af = inet_fill_link_af,
2761 .get_link_af_size = inet_get_link_af_size,
2762 .validate_link_af = inet_validate_link_af,
2763 .set_link_af = inet_set_link_af,
2764 };
2765
devinet_init(void)2766 void __init devinet_init(void)
2767 {
2768 int i;
2769
2770 for (i = 0; i < IN4_ADDR_HSIZE; i++)
2771 INIT_HLIST_HEAD(&inet_addr_lst[i]);
2772
2773 register_pernet_subsys(&devinet_ops);
2774 register_netdevice_notifier(&ip_netdev_notifier);
2775
2776 queue_delayed_work(system_power_efficient_wq, &check_lifetime_work, 0);
2777
2778 rtnl_af_register(&inet_af_ops);
2779
2780 rtnl_register(PF_INET, RTM_NEWADDR, inet_rtm_newaddr, NULL, 0);
2781 rtnl_register(PF_INET, RTM_DELADDR, inet_rtm_deladdr, NULL, 0);
2782 rtnl_register(PF_INET, RTM_GETADDR, NULL, inet_dump_ifaddr, 0);
2783 rtnl_register(PF_INET, RTM_GETNETCONF, inet_netconf_get_devconf,
2784 inet_netconf_dump_devconf, 0);
2785 }
2786