1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * NET3 IP device support routines.
4 *
5 * Derived from the IP parts of dev.c 1.0.19
6 * Authors: Ross Biro
7 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
8 * Mark Evans, <evansmp@uhura.aston.ac.uk>
9 *
10 * Additional Authors:
11 * Alan Cox, <gw4pts@gw4pts.ampr.org>
12 * Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>
13 *
14 * Changes:
15 * Alexey Kuznetsov: pa_* fields are replaced with ifaddr
16 * lists.
17 * Cyrus Durgin: updated for kmod
18 * Matthias Andree: in devinet_ioctl, compare label and
19 * address (4.4BSD alias style support),
20 * fall back to comparing just the label
21 * if no match found.
22 */
23
24
25 #include <linux/uaccess.h>
26 #include <linux/bitops.h>
27 #include <linux/capability.h>
28 #include <linux/module.h>
29 #include <linux/types.h>
30 #include <linux/kernel.h>
31 #include <linux/sched/signal.h>
32 #include <linux/string.h>
33 #include <linux/mm.h>
34 #include <linux/socket.h>
35 #include <linux/sockios.h>
36 #include <linux/in.h>
37 #include <linux/errno.h>
38 #include <linux/interrupt.h>
39 #include <linux/if_addr.h>
40 #include <linux/if_ether.h>
41 #include <linux/inet.h>
42 #include <linux/netdevice.h>
43 #include <linux/etherdevice.h>
44 #include <linux/skbuff.h>
45 #include <linux/init.h>
46 #include <linux/notifier.h>
47 #include <linux/inetdevice.h>
48 #include <linux/igmp.h>
49 #include <linux/slab.h>
50 #include <linux/hash.h>
51 #ifdef CONFIG_SYSCTL
52 #include <linux/sysctl.h>
53 #endif
54 #include <linux/kmod.h>
55 #include <linux/netconf.h>
56
57 #include <net/arp.h>
58 #include <net/ip.h>
59 #include <net/route.h>
60 #include <net/ip_fib.h>
61 #include <net/rtnetlink.h>
62 #include <net/net_namespace.h>
63 #include <net/addrconf.h>
64
65 #define IPV6ONLY_FLAGS \
66 (IFA_F_NODAD | IFA_F_OPTIMISTIC | IFA_F_DADFAILED | \
67 IFA_F_HOMEADDRESS | IFA_F_TENTATIVE | \
68 IFA_F_MANAGETEMPADDR | IFA_F_STABLE_PRIVACY)
69
70 static struct ipv4_devconf ipv4_devconf = {
71 .data = {
72 [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 1,
73 [IPV4_DEVCONF_SEND_REDIRECTS - 1] = 1,
74 [IPV4_DEVCONF_SECURE_REDIRECTS - 1] = 1,
75 [IPV4_DEVCONF_SHARED_MEDIA - 1] = 1,
76 [IPV4_DEVCONF_IGMPV2_UNSOLICITED_REPORT_INTERVAL - 1] = 10000 /*ms*/,
77 [IPV4_DEVCONF_IGMPV3_UNSOLICITED_REPORT_INTERVAL - 1] = 1000 /*ms*/,
78 [IPV4_DEVCONF_ARP_EVICT_NOCARRIER - 1] = 1,
79 },
80 };
81
82 static struct ipv4_devconf ipv4_devconf_dflt = {
83 .data = {
84 [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 1,
85 [IPV4_DEVCONF_SEND_REDIRECTS - 1] = 1,
86 [IPV4_DEVCONF_SECURE_REDIRECTS - 1] = 1,
87 [IPV4_DEVCONF_SHARED_MEDIA - 1] = 1,
88 [IPV4_DEVCONF_ACCEPT_SOURCE_ROUTE - 1] = 1,
89 [IPV4_DEVCONF_IGMPV2_UNSOLICITED_REPORT_INTERVAL - 1] = 10000 /*ms*/,
90 [IPV4_DEVCONF_IGMPV3_UNSOLICITED_REPORT_INTERVAL - 1] = 1000 /*ms*/,
91 [IPV4_DEVCONF_ARP_EVICT_NOCARRIER - 1] = 1,
92 },
93 };
94
95 #define IPV4_DEVCONF_DFLT(net, attr) \
96 IPV4_DEVCONF((*net->ipv4.devconf_dflt), attr)
97
98 static const struct nla_policy ifa_ipv4_policy[IFA_MAX+1] = {
99 [IFA_LOCAL] = { .type = NLA_U32 },
100 [IFA_ADDRESS] = { .type = NLA_U32 },
101 [IFA_BROADCAST] = { .type = NLA_U32 },
102 [IFA_LABEL] = { .type = NLA_STRING, .len = IFNAMSIZ - 1 },
103 [IFA_CACHEINFO] = { .len = sizeof(struct ifa_cacheinfo) },
104 [IFA_FLAGS] = { .type = NLA_U32 },
105 [IFA_RT_PRIORITY] = { .type = NLA_U32 },
106 [IFA_TARGET_NETNSID] = { .type = NLA_S32 },
107 [IFA_PROTO] = { .type = NLA_U8 },
108 };
109
110 struct inet_fill_args {
111 u32 portid;
112 u32 seq;
113 int event;
114 unsigned int flags;
115 int netnsid;
116 int ifindex;
117 };
118
119 #define IN4_ADDR_HSIZE_SHIFT 8
120 #define IN4_ADDR_HSIZE (1U << IN4_ADDR_HSIZE_SHIFT)
121
122 static struct hlist_head inet_addr_lst[IN4_ADDR_HSIZE];
123
inet_addr_hash(const struct net * net,__be32 addr)124 static u32 inet_addr_hash(const struct net *net, __be32 addr)
125 {
126 u32 val = (__force u32) addr ^ net_hash_mix(net);
127
128 return hash_32(val, IN4_ADDR_HSIZE_SHIFT);
129 }
130
inet_hash_insert(struct net * net,struct in_ifaddr * ifa)131 static void inet_hash_insert(struct net *net, struct in_ifaddr *ifa)
132 {
133 u32 hash = inet_addr_hash(net, ifa->ifa_local);
134
135 ASSERT_RTNL();
136 hlist_add_head_rcu(&ifa->hash, &inet_addr_lst[hash]);
137 }
138
inet_hash_remove(struct in_ifaddr * ifa)139 static void inet_hash_remove(struct in_ifaddr *ifa)
140 {
141 ASSERT_RTNL();
142 hlist_del_init_rcu(&ifa->hash);
143 }
144
145 /**
146 * __ip_dev_find - find the first device with a given source address.
147 * @net: the net namespace
148 * @addr: the source address
149 * @devref: if true, take a reference on the found device
150 *
151 * If a caller uses devref=false, it should be protected by RCU, or RTNL
152 */
__ip_dev_find(struct net * net,__be32 addr,bool devref)153 struct net_device *__ip_dev_find(struct net *net, __be32 addr, bool devref)
154 {
155 struct net_device *result = NULL;
156 struct in_ifaddr *ifa;
157
158 rcu_read_lock();
159 ifa = inet_lookup_ifaddr_rcu(net, addr);
160 if (!ifa) {
161 struct flowi4 fl4 = { .daddr = addr };
162 struct fib_result res = { 0 };
163 struct fib_table *local;
164
165 /* Fallback to FIB local table so that communication
166 * over loopback subnets work.
167 */
168 local = fib_get_table(net, RT_TABLE_LOCAL);
169 if (local &&
170 !fib_table_lookup(local, &fl4, &res, FIB_LOOKUP_NOREF) &&
171 res.type == RTN_LOCAL)
172 result = FIB_RES_DEV(res);
173 } else {
174 result = ifa->ifa_dev->dev;
175 }
176 if (result && devref)
177 dev_hold(result);
178 rcu_read_unlock();
179 return result;
180 }
181 EXPORT_SYMBOL(__ip_dev_find);
182
183 /* called under RCU lock */
inet_lookup_ifaddr_rcu(struct net * net,__be32 addr)184 struct in_ifaddr *inet_lookup_ifaddr_rcu(struct net *net, __be32 addr)
185 {
186 u32 hash = inet_addr_hash(net, addr);
187 struct in_ifaddr *ifa;
188
189 hlist_for_each_entry_rcu(ifa, &inet_addr_lst[hash], hash)
190 if (ifa->ifa_local == addr &&
191 net_eq(dev_net(ifa->ifa_dev->dev), net))
192 return ifa;
193
194 return NULL;
195 }
196
197 static void rtmsg_ifa(int event, struct in_ifaddr *, struct nlmsghdr *, u32);
198
199 static BLOCKING_NOTIFIER_HEAD(inetaddr_chain);
200 static BLOCKING_NOTIFIER_HEAD(inetaddr_validator_chain);
201 static void inet_del_ifa(struct in_device *in_dev,
202 struct in_ifaddr __rcu **ifap,
203 int destroy);
204 #ifdef CONFIG_SYSCTL
205 static int devinet_sysctl_register(struct in_device *idev);
206 static void devinet_sysctl_unregister(struct in_device *idev);
207 #else
devinet_sysctl_register(struct in_device * idev)208 static int devinet_sysctl_register(struct in_device *idev)
209 {
210 return 0;
211 }
devinet_sysctl_unregister(struct in_device * idev)212 static void devinet_sysctl_unregister(struct in_device *idev)
213 {
214 }
215 #endif
216
217 /* Locks all the inet devices. */
218
inet_alloc_ifa(void)219 static struct in_ifaddr *inet_alloc_ifa(void)
220 {
221 return kzalloc(sizeof(struct in_ifaddr), GFP_KERNEL_ACCOUNT);
222 }
223
inet_rcu_free_ifa(struct rcu_head * head)224 static void inet_rcu_free_ifa(struct rcu_head *head)
225 {
226 struct in_ifaddr *ifa = container_of(head, struct in_ifaddr, rcu_head);
227 if (ifa->ifa_dev)
228 in_dev_put(ifa->ifa_dev);
229 kfree(ifa);
230 }
231
inet_free_ifa(struct in_ifaddr * ifa)232 static void inet_free_ifa(struct in_ifaddr *ifa)
233 {
234 call_rcu(&ifa->rcu_head, inet_rcu_free_ifa);
235 }
236
in_dev_free_rcu(struct rcu_head * head)237 static void in_dev_free_rcu(struct rcu_head *head)
238 {
239 struct in_device *idev = container_of(head, struct in_device, rcu_head);
240
241 kfree(rcu_dereference_protected(idev->mc_hash, 1));
242 kfree(idev);
243 }
244
in_dev_finish_destroy(struct in_device * idev)245 void in_dev_finish_destroy(struct in_device *idev)
246 {
247 struct net_device *dev = idev->dev;
248
249 WARN_ON(idev->ifa_list);
250 WARN_ON(idev->mc_list);
251 #ifdef NET_REFCNT_DEBUG
252 pr_debug("%s: %p=%s\n", __func__, idev, dev ? dev->name : "NIL");
253 #endif
254 netdev_put(dev, &idev->dev_tracker);
255 if (!idev->dead)
256 pr_err("Freeing alive in_device %p\n", idev);
257 else
258 call_rcu(&idev->rcu_head, in_dev_free_rcu);
259 }
260 EXPORT_SYMBOL(in_dev_finish_destroy);
261
inetdev_init(struct net_device * dev)262 static struct in_device *inetdev_init(struct net_device *dev)
263 {
264 struct in_device *in_dev;
265 int err = -ENOMEM;
266
267 ASSERT_RTNL();
268
269 in_dev = kzalloc(sizeof(*in_dev), GFP_KERNEL);
270 if (!in_dev)
271 goto out;
272 memcpy(&in_dev->cnf, dev_net(dev)->ipv4.devconf_dflt,
273 sizeof(in_dev->cnf));
274 in_dev->cnf.sysctl = NULL;
275 in_dev->dev = dev;
276 in_dev->arp_parms = neigh_parms_alloc(dev, &arp_tbl);
277 if (!in_dev->arp_parms)
278 goto out_kfree;
279 if (IPV4_DEVCONF(in_dev->cnf, FORWARDING))
280 dev_disable_lro(dev);
281 /* Reference in_dev->dev */
282 netdev_hold(dev, &in_dev->dev_tracker, GFP_KERNEL);
283 /* Account for reference dev->ip_ptr (below) */
284 refcount_set(&in_dev->refcnt, 1);
285
286 if (dev != blackhole_netdev) {
287 err = devinet_sysctl_register(in_dev);
288 if (err) {
289 in_dev->dead = 1;
290 neigh_parms_release(&arp_tbl, in_dev->arp_parms);
291 in_dev_put(in_dev);
292 in_dev = NULL;
293 goto out;
294 }
295 ip_mc_init_dev(in_dev);
296 if (dev->flags & IFF_UP)
297 ip_mc_up(in_dev);
298 }
299
300 /* we can receive as soon as ip_ptr is set -- do this last */
301 rcu_assign_pointer(dev->ip_ptr, in_dev);
302 out:
303 return in_dev ?: ERR_PTR(err);
304 out_kfree:
305 kfree(in_dev);
306 in_dev = NULL;
307 goto out;
308 }
309
inetdev_destroy(struct in_device * in_dev)310 static void inetdev_destroy(struct in_device *in_dev)
311 {
312 struct net_device *dev;
313 struct in_ifaddr *ifa;
314
315 ASSERT_RTNL();
316
317 dev = in_dev->dev;
318
319 in_dev->dead = 1;
320
321 ip_mc_destroy_dev(in_dev);
322
323 while ((ifa = rtnl_dereference(in_dev->ifa_list)) != NULL) {
324 inet_del_ifa(in_dev, &in_dev->ifa_list, 0);
325 inet_free_ifa(ifa);
326 }
327
328 RCU_INIT_POINTER(dev->ip_ptr, NULL);
329
330 devinet_sysctl_unregister(in_dev);
331 neigh_parms_release(&arp_tbl, in_dev->arp_parms);
332 arp_ifdown(dev);
333
334 in_dev_put(in_dev);
335 }
336
inet_blackhole_dev_init(void)337 static int __init inet_blackhole_dev_init(void)
338 {
339 int err = 0;
340
341 rtnl_lock();
342 if (!inetdev_init(blackhole_netdev))
343 err = -ENOMEM;
344 rtnl_unlock();
345
346 return err;
347 }
348 late_initcall(inet_blackhole_dev_init);
349
inet_addr_onlink(struct in_device * in_dev,__be32 a,__be32 b)350 int inet_addr_onlink(struct in_device *in_dev, __be32 a, __be32 b)
351 {
352 const struct in_ifaddr *ifa;
353
354 rcu_read_lock();
355 in_dev_for_each_ifa_rcu(ifa, in_dev) {
356 if (inet_ifa_match(a, ifa)) {
357 if (!b || inet_ifa_match(b, ifa)) {
358 rcu_read_unlock();
359 return 1;
360 }
361 }
362 }
363 rcu_read_unlock();
364 return 0;
365 }
366
__inet_del_ifa(struct in_device * in_dev,struct in_ifaddr __rcu ** ifap,int destroy,struct nlmsghdr * nlh,u32 portid)367 static void __inet_del_ifa(struct in_device *in_dev,
368 struct in_ifaddr __rcu **ifap,
369 int destroy, struct nlmsghdr *nlh, u32 portid)
370 {
371 struct in_ifaddr *promote = NULL;
372 struct in_ifaddr *ifa, *ifa1;
373 struct in_ifaddr __rcu **last_prim;
374 struct in_ifaddr *prev_prom = NULL;
375 int do_promote = IN_DEV_PROMOTE_SECONDARIES(in_dev);
376
377 ASSERT_RTNL();
378
379 ifa1 = rtnl_dereference(*ifap);
380 last_prim = ifap;
381 if (in_dev->dead)
382 goto no_promotions;
383
384 /* 1. Deleting primary ifaddr forces deletion all secondaries
385 * unless alias promotion is set
386 **/
387
388 if (!(ifa1->ifa_flags & IFA_F_SECONDARY)) {
389 struct in_ifaddr __rcu **ifap1 = &ifa1->ifa_next;
390
391 while ((ifa = rtnl_dereference(*ifap1)) != NULL) {
392 if (!(ifa->ifa_flags & IFA_F_SECONDARY) &&
393 ifa1->ifa_scope <= ifa->ifa_scope)
394 last_prim = &ifa->ifa_next;
395
396 if (!(ifa->ifa_flags & IFA_F_SECONDARY) ||
397 ifa1->ifa_mask != ifa->ifa_mask ||
398 !inet_ifa_match(ifa1->ifa_address, ifa)) {
399 ifap1 = &ifa->ifa_next;
400 prev_prom = ifa;
401 continue;
402 }
403
404 if (!do_promote) {
405 inet_hash_remove(ifa);
406 *ifap1 = ifa->ifa_next;
407
408 rtmsg_ifa(RTM_DELADDR, ifa, nlh, portid);
409 blocking_notifier_call_chain(&inetaddr_chain,
410 NETDEV_DOWN, ifa);
411 inet_free_ifa(ifa);
412 } else {
413 promote = ifa;
414 break;
415 }
416 }
417 }
418
419 /* On promotion all secondaries from subnet are changing
420 * the primary IP, we must remove all their routes silently
421 * and later to add them back with new prefsrc. Do this
422 * while all addresses are on the device list.
423 */
424 for (ifa = promote; ifa; ifa = rtnl_dereference(ifa->ifa_next)) {
425 if (ifa1->ifa_mask == ifa->ifa_mask &&
426 inet_ifa_match(ifa1->ifa_address, ifa))
427 fib_del_ifaddr(ifa, ifa1);
428 }
429
430 no_promotions:
431 /* 2. Unlink it */
432
433 *ifap = ifa1->ifa_next;
434 inet_hash_remove(ifa1);
435
436 /* 3. Announce address deletion */
437
438 /* Send message first, then call notifier.
439 At first sight, FIB update triggered by notifier
440 will refer to already deleted ifaddr, that could confuse
441 netlink listeners. It is not true: look, gated sees
442 that route deleted and if it still thinks that ifaddr
443 is valid, it will try to restore deleted routes... Grr.
444 So that, this order is correct.
445 */
446 rtmsg_ifa(RTM_DELADDR, ifa1, nlh, portid);
447 blocking_notifier_call_chain(&inetaddr_chain, NETDEV_DOWN, ifa1);
448
449 if (promote) {
450 struct in_ifaddr *next_sec;
451
452 next_sec = rtnl_dereference(promote->ifa_next);
453 if (prev_prom) {
454 struct in_ifaddr *last_sec;
455
456 rcu_assign_pointer(prev_prom->ifa_next, next_sec);
457
458 last_sec = rtnl_dereference(*last_prim);
459 rcu_assign_pointer(promote->ifa_next, last_sec);
460 rcu_assign_pointer(*last_prim, promote);
461 }
462
463 promote->ifa_flags &= ~IFA_F_SECONDARY;
464 rtmsg_ifa(RTM_NEWADDR, promote, nlh, portid);
465 blocking_notifier_call_chain(&inetaddr_chain,
466 NETDEV_UP, promote);
467 for (ifa = next_sec; ifa;
468 ifa = rtnl_dereference(ifa->ifa_next)) {
469 if (ifa1->ifa_mask != ifa->ifa_mask ||
470 !inet_ifa_match(ifa1->ifa_address, ifa))
471 continue;
472 fib_add_ifaddr(ifa);
473 }
474
475 }
476 if (destroy)
477 inet_free_ifa(ifa1);
478 }
479
inet_del_ifa(struct in_device * in_dev,struct in_ifaddr __rcu ** ifap,int destroy)480 static void inet_del_ifa(struct in_device *in_dev,
481 struct in_ifaddr __rcu **ifap,
482 int destroy)
483 {
484 __inet_del_ifa(in_dev, ifap, destroy, NULL, 0);
485 }
486
487 static void check_lifetime(struct work_struct *work);
488
489 static DECLARE_DELAYED_WORK(check_lifetime_work, check_lifetime);
490
__inet_insert_ifa(struct in_ifaddr * ifa,struct nlmsghdr * nlh,u32 portid,struct netlink_ext_ack * extack)491 static int __inet_insert_ifa(struct in_ifaddr *ifa, struct nlmsghdr *nlh,
492 u32 portid, struct netlink_ext_ack *extack)
493 {
494 struct in_ifaddr __rcu **last_primary, **ifap;
495 struct in_device *in_dev = ifa->ifa_dev;
496 struct in_validator_info ivi;
497 struct in_ifaddr *ifa1;
498 int ret;
499
500 ASSERT_RTNL();
501
502 if (!ifa->ifa_local) {
503 inet_free_ifa(ifa);
504 return 0;
505 }
506
507 ifa->ifa_flags &= ~IFA_F_SECONDARY;
508 last_primary = &in_dev->ifa_list;
509
510 /* Don't set IPv6 only flags to IPv4 addresses */
511 ifa->ifa_flags &= ~IPV6ONLY_FLAGS;
512
513 ifap = &in_dev->ifa_list;
514 ifa1 = rtnl_dereference(*ifap);
515
516 while (ifa1) {
517 if (!(ifa1->ifa_flags & IFA_F_SECONDARY) &&
518 ifa->ifa_scope <= ifa1->ifa_scope)
519 last_primary = &ifa1->ifa_next;
520 if (ifa1->ifa_mask == ifa->ifa_mask &&
521 inet_ifa_match(ifa1->ifa_address, ifa)) {
522 if (ifa1->ifa_local == ifa->ifa_local) {
523 inet_free_ifa(ifa);
524 return -EEXIST;
525 }
526 if (ifa1->ifa_scope != ifa->ifa_scope) {
527 NL_SET_ERR_MSG(extack, "ipv4: Invalid scope value");
528 inet_free_ifa(ifa);
529 return -EINVAL;
530 }
531 ifa->ifa_flags |= IFA_F_SECONDARY;
532 }
533
534 ifap = &ifa1->ifa_next;
535 ifa1 = rtnl_dereference(*ifap);
536 }
537
538 /* Allow any devices that wish to register ifaddr validtors to weigh
539 * in now, before changes are committed. The rntl lock is serializing
540 * access here, so the state should not change between a validator call
541 * and a final notify on commit. This isn't invoked on promotion under
542 * the assumption that validators are checking the address itself, and
543 * not the flags.
544 */
545 ivi.ivi_addr = ifa->ifa_address;
546 ivi.ivi_dev = ifa->ifa_dev;
547 ivi.extack = extack;
548 ret = blocking_notifier_call_chain(&inetaddr_validator_chain,
549 NETDEV_UP, &ivi);
550 ret = notifier_to_errno(ret);
551 if (ret) {
552 inet_free_ifa(ifa);
553 return ret;
554 }
555
556 if (!(ifa->ifa_flags & IFA_F_SECONDARY))
557 ifap = last_primary;
558
559 rcu_assign_pointer(ifa->ifa_next, *ifap);
560 rcu_assign_pointer(*ifap, ifa);
561
562 inet_hash_insert(dev_net(in_dev->dev), ifa);
563
564 cancel_delayed_work(&check_lifetime_work);
565 queue_delayed_work(system_power_efficient_wq, &check_lifetime_work, 0);
566
567 /* Send message first, then call notifier.
568 Notifier will trigger FIB update, so that
569 listeners of netlink will know about new ifaddr */
570 rtmsg_ifa(RTM_NEWADDR, ifa, nlh, portid);
571 blocking_notifier_call_chain(&inetaddr_chain, NETDEV_UP, ifa);
572
573 return 0;
574 }
575
inet_insert_ifa(struct in_ifaddr * ifa)576 static int inet_insert_ifa(struct in_ifaddr *ifa)
577 {
578 return __inet_insert_ifa(ifa, NULL, 0, NULL);
579 }
580
inet_set_ifa(struct net_device * dev,struct in_ifaddr * ifa)581 static int inet_set_ifa(struct net_device *dev, struct in_ifaddr *ifa)
582 {
583 struct in_device *in_dev = __in_dev_get_rtnl(dev);
584
585 ASSERT_RTNL();
586
587 ipv4_devconf_setall(in_dev);
588 neigh_parms_data_state_setall(in_dev->arp_parms);
589 if (ifa->ifa_dev != in_dev) {
590 WARN_ON(ifa->ifa_dev);
591 in_dev_hold(in_dev);
592 ifa->ifa_dev = in_dev;
593 }
594 if (ipv4_is_loopback(ifa->ifa_local))
595 ifa->ifa_scope = RT_SCOPE_HOST;
596 return inet_insert_ifa(ifa);
597 }
598
599 /* Caller must hold RCU or RTNL :
600 * We dont take a reference on found in_device
601 */
inetdev_by_index(struct net * net,int ifindex)602 struct in_device *inetdev_by_index(struct net *net, int ifindex)
603 {
604 struct net_device *dev;
605 struct in_device *in_dev = NULL;
606
607 rcu_read_lock();
608 dev = dev_get_by_index_rcu(net, ifindex);
609 if (dev)
610 in_dev = rcu_dereference_rtnl(dev->ip_ptr);
611 rcu_read_unlock();
612 return in_dev;
613 }
614 EXPORT_SYMBOL(inetdev_by_index);
615
616 /* Called only from RTNL semaphored context. No locks. */
617
inet_ifa_byprefix(struct in_device * in_dev,__be32 prefix,__be32 mask)618 struct in_ifaddr *inet_ifa_byprefix(struct in_device *in_dev, __be32 prefix,
619 __be32 mask)
620 {
621 struct in_ifaddr *ifa;
622
623 ASSERT_RTNL();
624
625 in_dev_for_each_ifa_rtnl(ifa, in_dev) {
626 if (ifa->ifa_mask == mask && inet_ifa_match(prefix, ifa))
627 return ifa;
628 }
629 return NULL;
630 }
631
ip_mc_autojoin_config(struct net * net,bool join,const struct in_ifaddr * ifa)632 static int ip_mc_autojoin_config(struct net *net, bool join,
633 const struct in_ifaddr *ifa)
634 {
635 #if defined(CONFIG_IP_MULTICAST)
636 struct ip_mreqn mreq = {
637 .imr_multiaddr.s_addr = ifa->ifa_address,
638 .imr_ifindex = ifa->ifa_dev->dev->ifindex,
639 };
640 struct sock *sk = net->ipv4.mc_autojoin_sk;
641 int ret;
642
643 ASSERT_RTNL();
644
645 lock_sock(sk);
646 if (join)
647 ret = ip_mc_join_group(sk, &mreq);
648 else
649 ret = ip_mc_leave_group(sk, &mreq);
650 release_sock(sk);
651
652 return ret;
653 #else
654 return -EOPNOTSUPP;
655 #endif
656 }
657
inet_rtm_deladdr(struct sk_buff * skb,struct nlmsghdr * nlh,struct netlink_ext_ack * extack)658 static int inet_rtm_deladdr(struct sk_buff *skb, struct nlmsghdr *nlh,
659 struct netlink_ext_ack *extack)
660 {
661 struct net *net = sock_net(skb->sk);
662 struct in_ifaddr __rcu **ifap;
663 struct nlattr *tb[IFA_MAX+1];
664 struct in_device *in_dev;
665 struct ifaddrmsg *ifm;
666 struct in_ifaddr *ifa;
667 int err;
668
669 ASSERT_RTNL();
670
671 err = nlmsg_parse_deprecated(nlh, sizeof(*ifm), tb, IFA_MAX,
672 ifa_ipv4_policy, extack);
673 if (err < 0)
674 goto errout;
675
676 ifm = nlmsg_data(nlh);
677 in_dev = inetdev_by_index(net, ifm->ifa_index);
678 if (!in_dev) {
679 NL_SET_ERR_MSG(extack, "ipv4: Device not found");
680 err = -ENODEV;
681 goto errout;
682 }
683
684 for (ifap = &in_dev->ifa_list; (ifa = rtnl_dereference(*ifap)) != NULL;
685 ifap = &ifa->ifa_next) {
686 if (tb[IFA_LOCAL] &&
687 ifa->ifa_local != nla_get_in_addr(tb[IFA_LOCAL]))
688 continue;
689
690 if (tb[IFA_LABEL] && nla_strcmp(tb[IFA_LABEL], ifa->ifa_label))
691 continue;
692
693 if (tb[IFA_ADDRESS] &&
694 (ifm->ifa_prefixlen != ifa->ifa_prefixlen ||
695 !inet_ifa_match(nla_get_in_addr(tb[IFA_ADDRESS]), ifa)))
696 continue;
697
698 if (ipv4_is_multicast(ifa->ifa_address))
699 ip_mc_autojoin_config(net, false, ifa);
700 __inet_del_ifa(in_dev, ifap, 1, nlh, NETLINK_CB(skb).portid);
701 return 0;
702 }
703
704 NL_SET_ERR_MSG(extack, "ipv4: Address not found");
705 err = -EADDRNOTAVAIL;
706 errout:
707 return err;
708 }
709
710 #define INFINITY_LIFE_TIME 0xFFFFFFFF
711
check_lifetime(struct work_struct * work)712 static void check_lifetime(struct work_struct *work)
713 {
714 unsigned long now, next, next_sec, next_sched;
715 struct in_ifaddr *ifa;
716 struct hlist_node *n;
717 int i;
718
719 now = jiffies;
720 next = round_jiffies_up(now + ADDR_CHECK_FREQUENCY);
721
722 for (i = 0; i < IN4_ADDR_HSIZE; i++) {
723 bool change_needed = false;
724
725 rcu_read_lock();
726 hlist_for_each_entry_rcu(ifa, &inet_addr_lst[i], hash) {
727 unsigned long age;
728
729 if (ifa->ifa_flags & IFA_F_PERMANENT)
730 continue;
731
732 /* We try to batch several events at once. */
733 age = (now - ifa->ifa_tstamp +
734 ADDRCONF_TIMER_FUZZ_MINUS) / HZ;
735
736 if (ifa->ifa_valid_lft != INFINITY_LIFE_TIME &&
737 age >= ifa->ifa_valid_lft) {
738 change_needed = true;
739 } else if (ifa->ifa_preferred_lft ==
740 INFINITY_LIFE_TIME) {
741 continue;
742 } else if (age >= ifa->ifa_preferred_lft) {
743 if (time_before(ifa->ifa_tstamp +
744 ifa->ifa_valid_lft * HZ, next))
745 next = ifa->ifa_tstamp +
746 ifa->ifa_valid_lft * HZ;
747
748 if (!(ifa->ifa_flags & IFA_F_DEPRECATED))
749 change_needed = true;
750 } else if (time_before(ifa->ifa_tstamp +
751 ifa->ifa_preferred_lft * HZ,
752 next)) {
753 next = ifa->ifa_tstamp +
754 ifa->ifa_preferred_lft * HZ;
755 }
756 }
757 rcu_read_unlock();
758 if (!change_needed)
759 continue;
760 rtnl_lock();
761 hlist_for_each_entry_safe(ifa, n, &inet_addr_lst[i], hash) {
762 unsigned long age;
763
764 if (ifa->ifa_flags & IFA_F_PERMANENT)
765 continue;
766
767 /* We try to batch several events at once. */
768 age = (now - ifa->ifa_tstamp +
769 ADDRCONF_TIMER_FUZZ_MINUS) / HZ;
770
771 if (ifa->ifa_valid_lft != INFINITY_LIFE_TIME &&
772 age >= ifa->ifa_valid_lft) {
773 struct in_ifaddr __rcu **ifap;
774 struct in_ifaddr *tmp;
775
776 ifap = &ifa->ifa_dev->ifa_list;
777 tmp = rtnl_dereference(*ifap);
778 while (tmp) {
779 if (tmp == ifa) {
780 inet_del_ifa(ifa->ifa_dev,
781 ifap, 1);
782 break;
783 }
784 ifap = &tmp->ifa_next;
785 tmp = rtnl_dereference(*ifap);
786 }
787 } else if (ifa->ifa_preferred_lft !=
788 INFINITY_LIFE_TIME &&
789 age >= ifa->ifa_preferred_lft &&
790 !(ifa->ifa_flags & IFA_F_DEPRECATED)) {
791 ifa->ifa_flags |= IFA_F_DEPRECATED;
792 rtmsg_ifa(RTM_NEWADDR, ifa, NULL, 0);
793 }
794 }
795 rtnl_unlock();
796 }
797
798 next_sec = round_jiffies_up(next);
799 next_sched = next;
800
801 /* If rounded timeout is accurate enough, accept it. */
802 if (time_before(next_sec, next + ADDRCONF_TIMER_FUZZ))
803 next_sched = next_sec;
804
805 now = jiffies;
806 /* And minimum interval is ADDRCONF_TIMER_FUZZ_MAX. */
807 if (time_before(next_sched, now + ADDRCONF_TIMER_FUZZ_MAX))
808 next_sched = now + ADDRCONF_TIMER_FUZZ_MAX;
809
810 queue_delayed_work(system_power_efficient_wq, &check_lifetime_work,
811 next_sched - now);
812 }
813
set_ifa_lifetime(struct in_ifaddr * ifa,__u32 valid_lft,__u32 prefered_lft)814 static void set_ifa_lifetime(struct in_ifaddr *ifa, __u32 valid_lft,
815 __u32 prefered_lft)
816 {
817 unsigned long timeout;
818
819 ifa->ifa_flags &= ~(IFA_F_PERMANENT | IFA_F_DEPRECATED);
820
821 timeout = addrconf_timeout_fixup(valid_lft, HZ);
822 if (addrconf_finite_timeout(timeout))
823 ifa->ifa_valid_lft = timeout;
824 else
825 ifa->ifa_flags |= IFA_F_PERMANENT;
826
827 timeout = addrconf_timeout_fixup(prefered_lft, HZ);
828 if (addrconf_finite_timeout(timeout)) {
829 if (timeout == 0)
830 ifa->ifa_flags |= IFA_F_DEPRECATED;
831 ifa->ifa_preferred_lft = timeout;
832 }
833 ifa->ifa_tstamp = jiffies;
834 if (!ifa->ifa_cstamp)
835 ifa->ifa_cstamp = ifa->ifa_tstamp;
836 }
837
rtm_to_ifaddr(struct net * net,struct nlmsghdr * nlh,__u32 * pvalid_lft,__u32 * pprefered_lft,struct netlink_ext_ack * extack)838 static struct in_ifaddr *rtm_to_ifaddr(struct net *net, struct nlmsghdr *nlh,
839 __u32 *pvalid_lft, __u32 *pprefered_lft,
840 struct netlink_ext_ack *extack)
841 {
842 struct nlattr *tb[IFA_MAX+1];
843 struct in_ifaddr *ifa;
844 struct ifaddrmsg *ifm;
845 struct net_device *dev;
846 struct in_device *in_dev;
847 int err;
848
849 err = nlmsg_parse_deprecated(nlh, sizeof(*ifm), tb, IFA_MAX,
850 ifa_ipv4_policy, extack);
851 if (err < 0)
852 goto errout;
853
854 ifm = nlmsg_data(nlh);
855 err = -EINVAL;
856
857 if (ifm->ifa_prefixlen > 32) {
858 NL_SET_ERR_MSG(extack, "ipv4: Invalid prefix length");
859 goto errout;
860 }
861
862 if (!tb[IFA_LOCAL]) {
863 NL_SET_ERR_MSG(extack, "ipv4: Local address is not supplied");
864 goto errout;
865 }
866
867 dev = __dev_get_by_index(net, ifm->ifa_index);
868 err = -ENODEV;
869 if (!dev) {
870 NL_SET_ERR_MSG(extack, "ipv4: Device not found");
871 goto errout;
872 }
873
874 in_dev = __in_dev_get_rtnl(dev);
875 err = -ENOBUFS;
876 if (!in_dev)
877 goto errout;
878
879 ifa = inet_alloc_ifa();
880 if (!ifa)
881 /*
882 * A potential indev allocation can be left alive, it stays
883 * assigned to its device and is destroy with it.
884 */
885 goto errout;
886
887 ipv4_devconf_setall(in_dev);
888 neigh_parms_data_state_setall(in_dev->arp_parms);
889 in_dev_hold(in_dev);
890
891 if (!tb[IFA_ADDRESS])
892 tb[IFA_ADDRESS] = tb[IFA_LOCAL];
893
894 INIT_HLIST_NODE(&ifa->hash);
895 ifa->ifa_prefixlen = ifm->ifa_prefixlen;
896 ifa->ifa_mask = inet_make_mask(ifm->ifa_prefixlen);
897 ifa->ifa_flags = tb[IFA_FLAGS] ? nla_get_u32(tb[IFA_FLAGS]) :
898 ifm->ifa_flags;
899 ifa->ifa_scope = ifm->ifa_scope;
900 ifa->ifa_dev = in_dev;
901
902 ifa->ifa_local = nla_get_in_addr(tb[IFA_LOCAL]);
903 ifa->ifa_address = nla_get_in_addr(tb[IFA_ADDRESS]);
904
905 if (tb[IFA_BROADCAST])
906 ifa->ifa_broadcast = nla_get_in_addr(tb[IFA_BROADCAST]);
907
908 if (tb[IFA_LABEL])
909 nla_strscpy(ifa->ifa_label, tb[IFA_LABEL], IFNAMSIZ);
910 else
911 memcpy(ifa->ifa_label, dev->name, IFNAMSIZ);
912
913 if (tb[IFA_RT_PRIORITY])
914 ifa->ifa_rt_priority = nla_get_u32(tb[IFA_RT_PRIORITY]);
915
916 if (tb[IFA_PROTO])
917 ifa->ifa_proto = nla_get_u8(tb[IFA_PROTO]);
918
919 if (tb[IFA_CACHEINFO]) {
920 struct ifa_cacheinfo *ci;
921
922 ci = nla_data(tb[IFA_CACHEINFO]);
923 if (!ci->ifa_valid || ci->ifa_prefered > ci->ifa_valid) {
924 NL_SET_ERR_MSG(extack, "ipv4: address lifetime invalid");
925 err = -EINVAL;
926 goto errout_free;
927 }
928 *pvalid_lft = ci->ifa_valid;
929 *pprefered_lft = ci->ifa_prefered;
930 }
931
932 return ifa;
933
934 errout_free:
935 inet_free_ifa(ifa);
936 errout:
937 return ERR_PTR(err);
938 }
939
find_matching_ifa(struct in_ifaddr * ifa)940 static struct in_ifaddr *find_matching_ifa(struct in_ifaddr *ifa)
941 {
942 struct in_device *in_dev = ifa->ifa_dev;
943 struct in_ifaddr *ifa1;
944
945 if (!ifa->ifa_local)
946 return NULL;
947
948 in_dev_for_each_ifa_rtnl(ifa1, in_dev) {
949 if (ifa1->ifa_mask == ifa->ifa_mask &&
950 inet_ifa_match(ifa1->ifa_address, ifa) &&
951 ifa1->ifa_local == ifa->ifa_local)
952 return ifa1;
953 }
954 return NULL;
955 }
956
inet_rtm_newaddr(struct sk_buff * skb,struct nlmsghdr * nlh,struct netlink_ext_ack * extack)957 static int inet_rtm_newaddr(struct sk_buff *skb, struct nlmsghdr *nlh,
958 struct netlink_ext_ack *extack)
959 {
960 struct net *net = sock_net(skb->sk);
961 struct in_ifaddr *ifa;
962 struct in_ifaddr *ifa_existing;
963 __u32 valid_lft = INFINITY_LIFE_TIME;
964 __u32 prefered_lft = INFINITY_LIFE_TIME;
965
966 ASSERT_RTNL();
967
968 ifa = rtm_to_ifaddr(net, nlh, &valid_lft, &prefered_lft, extack);
969 if (IS_ERR(ifa))
970 return PTR_ERR(ifa);
971
972 ifa_existing = find_matching_ifa(ifa);
973 if (!ifa_existing) {
974 /* It would be best to check for !NLM_F_CREATE here but
975 * userspace already relies on not having to provide this.
976 */
977 set_ifa_lifetime(ifa, valid_lft, prefered_lft);
978 if (ifa->ifa_flags & IFA_F_MCAUTOJOIN) {
979 int ret = ip_mc_autojoin_config(net, true, ifa);
980
981 if (ret < 0) {
982 NL_SET_ERR_MSG(extack, "ipv4: Multicast auto join failed");
983 inet_free_ifa(ifa);
984 return ret;
985 }
986 }
987 return __inet_insert_ifa(ifa, nlh, NETLINK_CB(skb).portid,
988 extack);
989 } else {
990 u32 new_metric = ifa->ifa_rt_priority;
991 u8 new_proto = ifa->ifa_proto;
992
993 inet_free_ifa(ifa);
994
995 if (nlh->nlmsg_flags & NLM_F_EXCL ||
996 !(nlh->nlmsg_flags & NLM_F_REPLACE)) {
997 NL_SET_ERR_MSG(extack, "ipv4: Address already assigned");
998 return -EEXIST;
999 }
1000 ifa = ifa_existing;
1001
1002 if (ifa->ifa_rt_priority != new_metric) {
1003 fib_modify_prefix_metric(ifa, new_metric);
1004 ifa->ifa_rt_priority = new_metric;
1005 }
1006
1007 ifa->ifa_proto = new_proto;
1008
1009 set_ifa_lifetime(ifa, valid_lft, prefered_lft);
1010 cancel_delayed_work(&check_lifetime_work);
1011 queue_delayed_work(system_power_efficient_wq,
1012 &check_lifetime_work, 0);
1013 rtmsg_ifa(RTM_NEWADDR, ifa, nlh, NETLINK_CB(skb).portid);
1014 }
1015 return 0;
1016 }
1017
1018 /*
1019 * Determine a default network mask, based on the IP address.
1020 */
1021
inet_abc_len(__be32 addr)1022 static int inet_abc_len(__be32 addr)
1023 {
1024 int rc = -1; /* Something else, probably a multicast. */
1025
1026 if (ipv4_is_zeronet(addr) || ipv4_is_lbcast(addr))
1027 rc = 0;
1028 else {
1029 __u32 haddr = ntohl(addr);
1030 if (IN_CLASSA(haddr))
1031 rc = 8;
1032 else if (IN_CLASSB(haddr))
1033 rc = 16;
1034 else if (IN_CLASSC(haddr))
1035 rc = 24;
1036 else if (IN_CLASSE(haddr))
1037 rc = 32;
1038 }
1039
1040 return rc;
1041 }
1042
1043
devinet_ioctl(struct net * net,unsigned int cmd,struct ifreq * ifr)1044 int devinet_ioctl(struct net *net, unsigned int cmd, struct ifreq *ifr)
1045 {
1046 struct sockaddr_in sin_orig;
1047 struct sockaddr_in *sin = (struct sockaddr_in *)&ifr->ifr_addr;
1048 struct in_ifaddr __rcu **ifap = NULL;
1049 struct in_device *in_dev;
1050 struct in_ifaddr *ifa = NULL;
1051 struct net_device *dev;
1052 char *colon;
1053 int ret = -EFAULT;
1054 int tryaddrmatch = 0;
1055
1056 ifr->ifr_name[IFNAMSIZ - 1] = 0;
1057
1058 /* save original address for comparison */
1059 memcpy(&sin_orig, sin, sizeof(*sin));
1060
1061 colon = strchr(ifr->ifr_name, ':');
1062 if (colon)
1063 *colon = 0;
1064
1065 dev_load(net, ifr->ifr_name);
1066
1067 switch (cmd) {
1068 case SIOCGIFADDR: /* Get interface address */
1069 case SIOCGIFBRDADDR: /* Get the broadcast address */
1070 case SIOCGIFDSTADDR: /* Get the destination address */
1071 case SIOCGIFNETMASK: /* Get the netmask for the interface */
1072 /* Note that these ioctls will not sleep,
1073 so that we do not impose a lock.
1074 One day we will be forced to put shlock here (I mean SMP)
1075 */
1076 tryaddrmatch = (sin_orig.sin_family == AF_INET);
1077 memset(sin, 0, sizeof(*sin));
1078 sin->sin_family = AF_INET;
1079 break;
1080
1081 case SIOCSIFFLAGS:
1082 ret = -EPERM;
1083 if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
1084 goto out;
1085 break;
1086 case SIOCSIFADDR: /* Set interface address (and family) */
1087 case SIOCSIFBRDADDR: /* Set the broadcast address */
1088 case SIOCSIFDSTADDR: /* Set the destination address */
1089 case SIOCSIFNETMASK: /* Set the netmask for the interface */
1090 ret = -EPERM;
1091 if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
1092 goto out;
1093 ret = -EINVAL;
1094 if (sin->sin_family != AF_INET)
1095 goto out;
1096 break;
1097 default:
1098 ret = -EINVAL;
1099 goto out;
1100 }
1101
1102 rtnl_lock();
1103
1104 ret = -ENODEV;
1105 dev = __dev_get_by_name(net, ifr->ifr_name);
1106 if (!dev)
1107 goto done;
1108
1109 if (colon)
1110 *colon = ':';
1111
1112 in_dev = __in_dev_get_rtnl(dev);
1113 if (in_dev) {
1114 if (tryaddrmatch) {
1115 /* Matthias Andree */
1116 /* compare label and address (4.4BSD style) */
1117 /* note: we only do this for a limited set of ioctls
1118 and only if the original address family was AF_INET.
1119 This is checked above. */
1120
1121 for (ifap = &in_dev->ifa_list;
1122 (ifa = rtnl_dereference(*ifap)) != NULL;
1123 ifap = &ifa->ifa_next) {
1124 if (!strcmp(ifr->ifr_name, ifa->ifa_label) &&
1125 sin_orig.sin_addr.s_addr ==
1126 ifa->ifa_local) {
1127 break; /* found */
1128 }
1129 }
1130 }
1131 /* we didn't get a match, maybe the application is
1132 4.3BSD-style and passed in junk so we fall back to
1133 comparing just the label */
1134 if (!ifa) {
1135 for (ifap = &in_dev->ifa_list;
1136 (ifa = rtnl_dereference(*ifap)) != NULL;
1137 ifap = &ifa->ifa_next)
1138 if (!strcmp(ifr->ifr_name, ifa->ifa_label))
1139 break;
1140 }
1141 }
1142
1143 ret = -EADDRNOTAVAIL;
1144 if (!ifa && cmd != SIOCSIFADDR && cmd != SIOCSIFFLAGS)
1145 goto done;
1146
1147 switch (cmd) {
1148 case SIOCGIFADDR: /* Get interface address */
1149 ret = 0;
1150 sin->sin_addr.s_addr = ifa->ifa_local;
1151 break;
1152
1153 case SIOCGIFBRDADDR: /* Get the broadcast address */
1154 ret = 0;
1155 sin->sin_addr.s_addr = ifa->ifa_broadcast;
1156 break;
1157
1158 case SIOCGIFDSTADDR: /* Get the destination address */
1159 ret = 0;
1160 sin->sin_addr.s_addr = ifa->ifa_address;
1161 break;
1162
1163 case SIOCGIFNETMASK: /* Get the netmask for the interface */
1164 ret = 0;
1165 sin->sin_addr.s_addr = ifa->ifa_mask;
1166 break;
1167
1168 case SIOCSIFFLAGS:
1169 if (colon) {
1170 ret = -EADDRNOTAVAIL;
1171 if (!ifa)
1172 break;
1173 ret = 0;
1174 if (!(ifr->ifr_flags & IFF_UP))
1175 inet_del_ifa(in_dev, ifap, 1);
1176 break;
1177 }
1178 ret = dev_change_flags(dev, ifr->ifr_flags, NULL);
1179 break;
1180
1181 case SIOCSIFADDR: /* Set interface address (and family) */
1182 ret = -EINVAL;
1183 if (inet_abc_len(sin->sin_addr.s_addr) < 0)
1184 break;
1185
1186 if (!ifa) {
1187 ret = -ENOBUFS;
1188 if (!in_dev)
1189 break;
1190 ifa = inet_alloc_ifa();
1191 if (!ifa)
1192 break;
1193 INIT_HLIST_NODE(&ifa->hash);
1194 if (colon)
1195 memcpy(ifa->ifa_label, ifr->ifr_name, IFNAMSIZ);
1196 else
1197 memcpy(ifa->ifa_label, dev->name, IFNAMSIZ);
1198 } else {
1199 ret = 0;
1200 if (ifa->ifa_local == sin->sin_addr.s_addr)
1201 break;
1202 inet_del_ifa(in_dev, ifap, 0);
1203 ifa->ifa_broadcast = 0;
1204 ifa->ifa_scope = 0;
1205 }
1206
1207 ifa->ifa_address = ifa->ifa_local = sin->sin_addr.s_addr;
1208
1209 if (!(dev->flags & IFF_POINTOPOINT)) {
1210 ifa->ifa_prefixlen = inet_abc_len(ifa->ifa_address);
1211 ifa->ifa_mask = inet_make_mask(ifa->ifa_prefixlen);
1212 if ((dev->flags & IFF_BROADCAST) &&
1213 ifa->ifa_prefixlen < 31)
1214 ifa->ifa_broadcast = ifa->ifa_address |
1215 ~ifa->ifa_mask;
1216 } else {
1217 ifa->ifa_prefixlen = 32;
1218 ifa->ifa_mask = inet_make_mask(32);
1219 }
1220 set_ifa_lifetime(ifa, INFINITY_LIFE_TIME, INFINITY_LIFE_TIME);
1221 ret = inet_set_ifa(dev, ifa);
1222 break;
1223
1224 case SIOCSIFBRDADDR: /* Set the broadcast address */
1225 ret = 0;
1226 if (ifa->ifa_broadcast != sin->sin_addr.s_addr) {
1227 inet_del_ifa(in_dev, ifap, 0);
1228 ifa->ifa_broadcast = sin->sin_addr.s_addr;
1229 inet_insert_ifa(ifa);
1230 }
1231 break;
1232
1233 case SIOCSIFDSTADDR: /* Set the destination address */
1234 ret = 0;
1235 if (ifa->ifa_address == sin->sin_addr.s_addr)
1236 break;
1237 ret = -EINVAL;
1238 if (inet_abc_len(sin->sin_addr.s_addr) < 0)
1239 break;
1240 ret = 0;
1241 inet_del_ifa(in_dev, ifap, 0);
1242 ifa->ifa_address = sin->sin_addr.s_addr;
1243 inet_insert_ifa(ifa);
1244 break;
1245
1246 case SIOCSIFNETMASK: /* Set the netmask for the interface */
1247
1248 /*
1249 * The mask we set must be legal.
1250 */
1251 ret = -EINVAL;
1252 if (bad_mask(sin->sin_addr.s_addr, 0))
1253 break;
1254 ret = 0;
1255 if (ifa->ifa_mask != sin->sin_addr.s_addr) {
1256 __be32 old_mask = ifa->ifa_mask;
1257 inet_del_ifa(in_dev, ifap, 0);
1258 ifa->ifa_mask = sin->sin_addr.s_addr;
1259 ifa->ifa_prefixlen = inet_mask_len(ifa->ifa_mask);
1260
1261 /* See if current broadcast address matches
1262 * with current netmask, then recalculate
1263 * the broadcast address. Otherwise it's a
1264 * funny address, so don't touch it since
1265 * the user seems to know what (s)he's doing...
1266 */
1267 if ((dev->flags & IFF_BROADCAST) &&
1268 (ifa->ifa_prefixlen < 31) &&
1269 (ifa->ifa_broadcast ==
1270 (ifa->ifa_local|~old_mask))) {
1271 ifa->ifa_broadcast = (ifa->ifa_local |
1272 ~sin->sin_addr.s_addr);
1273 }
1274 inet_insert_ifa(ifa);
1275 }
1276 break;
1277 }
1278 done:
1279 rtnl_unlock();
1280 out:
1281 return ret;
1282 }
1283
inet_gifconf(struct net_device * dev,char __user * buf,int len,int size)1284 int inet_gifconf(struct net_device *dev, char __user *buf, int len, int size)
1285 {
1286 struct in_device *in_dev = __in_dev_get_rtnl(dev);
1287 const struct in_ifaddr *ifa;
1288 struct ifreq ifr;
1289 int done = 0;
1290
1291 if (WARN_ON(size > sizeof(struct ifreq)))
1292 goto out;
1293
1294 if (!in_dev)
1295 goto out;
1296
1297 in_dev_for_each_ifa_rtnl(ifa, in_dev) {
1298 if (!buf) {
1299 done += size;
1300 continue;
1301 }
1302 if (len < size)
1303 break;
1304 memset(&ifr, 0, sizeof(struct ifreq));
1305 strcpy(ifr.ifr_name, ifa->ifa_label);
1306
1307 (*(struct sockaddr_in *)&ifr.ifr_addr).sin_family = AF_INET;
1308 (*(struct sockaddr_in *)&ifr.ifr_addr).sin_addr.s_addr =
1309 ifa->ifa_local;
1310
1311 if (copy_to_user(buf + done, &ifr, size)) {
1312 done = -EFAULT;
1313 break;
1314 }
1315 len -= size;
1316 done += size;
1317 }
1318 out:
1319 return done;
1320 }
1321
in_dev_select_addr(const struct in_device * in_dev,int scope)1322 static __be32 in_dev_select_addr(const struct in_device *in_dev,
1323 int scope)
1324 {
1325 const struct in_ifaddr *ifa;
1326
1327 in_dev_for_each_ifa_rcu(ifa, in_dev) {
1328 if (ifa->ifa_flags & IFA_F_SECONDARY)
1329 continue;
1330 if (ifa->ifa_scope != RT_SCOPE_LINK &&
1331 ifa->ifa_scope <= scope)
1332 return ifa->ifa_local;
1333 }
1334
1335 return 0;
1336 }
1337
inet_select_addr(const struct net_device * dev,__be32 dst,int scope)1338 __be32 inet_select_addr(const struct net_device *dev, __be32 dst, int scope)
1339 {
1340 const struct in_ifaddr *ifa;
1341 __be32 addr = 0;
1342 unsigned char localnet_scope = RT_SCOPE_HOST;
1343 struct in_device *in_dev;
1344 struct net *net = dev_net(dev);
1345 int master_idx;
1346
1347 rcu_read_lock();
1348 in_dev = __in_dev_get_rcu(dev);
1349 if (!in_dev)
1350 goto no_in_dev;
1351
1352 if (unlikely(IN_DEV_ROUTE_LOCALNET(in_dev)))
1353 localnet_scope = RT_SCOPE_LINK;
1354
1355 in_dev_for_each_ifa_rcu(ifa, in_dev) {
1356 if (ifa->ifa_flags & IFA_F_SECONDARY)
1357 continue;
1358 if (min(ifa->ifa_scope, localnet_scope) > scope)
1359 continue;
1360 if (!dst || inet_ifa_match(dst, ifa)) {
1361 addr = ifa->ifa_local;
1362 break;
1363 }
1364 if (!addr)
1365 addr = ifa->ifa_local;
1366 }
1367
1368 if (addr)
1369 goto out_unlock;
1370 no_in_dev:
1371 master_idx = l3mdev_master_ifindex_rcu(dev);
1372
1373 /* For VRFs, the VRF device takes the place of the loopback device,
1374 * with addresses on it being preferred. Note in such cases the
1375 * loopback device will be among the devices that fail the master_idx
1376 * equality check in the loop below.
1377 */
1378 if (master_idx &&
1379 (dev = dev_get_by_index_rcu(net, master_idx)) &&
1380 (in_dev = __in_dev_get_rcu(dev))) {
1381 addr = in_dev_select_addr(in_dev, scope);
1382 if (addr)
1383 goto out_unlock;
1384 }
1385
1386 /* Not loopback addresses on loopback should be preferred
1387 in this case. It is important that lo is the first interface
1388 in dev_base list.
1389 */
1390 for_each_netdev_rcu(net, dev) {
1391 if (l3mdev_master_ifindex_rcu(dev) != master_idx)
1392 continue;
1393
1394 in_dev = __in_dev_get_rcu(dev);
1395 if (!in_dev)
1396 continue;
1397
1398 addr = in_dev_select_addr(in_dev, scope);
1399 if (addr)
1400 goto out_unlock;
1401 }
1402 out_unlock:
1403 rcu_read_unlock();
1404 return addr;
1405 }
1406 EXPORT_SYMBOL(inet_select_addr);
1407
confirm_addr_indev(struct in_device * in_dev,__be32 dst,__be32 local,int scope)1408 static __be32 confirm_addr_indev(struct in_device *in_dev, __be32 dst,
1409 __be32 local, int scope)
1410 {
1411 unsigned char localnet_scope = RT_SCOPE_HOST;
1412 const struct in_ifaddr *ifa;
1413 __be32 addr = 0;
1414 int same = 0;
1415
1416 if (unlikely(IN_DEV_ROUTE_LOCALNET(in_dev)))
1417 localnet_scope = RT_SCOPE_LINK;
1418
1419 in_dev_for_each_ifa_rcu(ifa, in_dev) {
1420 unsigned char min_scope = min(ifa->ifa_scope, localnet_scope);
1421
1422 if (!addr &&
1423 (local == ifa->ifa_local || !local) &&
1424 min_scope <= scope) {
1425 addr = ifa->ifa_local;
1426 if (same)
1427 break;
1428 }
1429 if (!same) {
1430 same = (!local || inet_ifa_match(local, ifa)) &&
1431 (!dst || inet_ifa_match(dst, ifa));
1432 if (same && addr) {
1433 if (local || !dst)
1434 break;
1435 /* Is the selected addr into dst subnet? */
1436 if (inet_ifa_match(addr, ifa))
1437 break;
1438 /* No, then can we use new local src? */
1439 if (min_scope <= scope) {
1440 addr = ifa->ifa_local;
1441 break;
1442 }
1443 /* search for large dst subnet for addr */
1444 same = 0;
1445 }
1446 }
1447 }
1448
1449 return same ? addr : 0;
1450 }
1451
1452 /*
1453 * Confirm that local IP address exists using wildcards:
1454 * - net: netns to check, cannot be NULL
1455 * - in_dev: only on this interface, NULL=any interface
1456 * - dst: only in the same subnet as dst, 0=any dst
1457 * - local: address, 0=autoselect the local address
1458 * - scope: maximum allowed scope value for the local address
1459 */
inet_confirm_addr(struct net * net,struct in_device * in_dev,__be32 dst,__be32 local,int scope)1460 __be32 inet_confirm_addr(struct net *net, struct in_device *in_dev,
1461 __be32 dst, __be32 local, int scope)
1462 {
1463 __be32 addr = 0;
1464 struct net_device *dev;
1465
1466 if (in_dev)
1467 return confirm_addr_indev(in_dev, dst, local, scope);
1468
1469 rcu_read_lock();
1470 for_each_netdev_rcu(net, dev) {
1471 in_dev = __in_dev_get_rcu(dev);
1472 if (in_dev) {
1473 addr = confirm_addr_indev(in_dev, dst, local, scope);
1474 if (addr)
1475 break;
1476 }
1477 }
1478 rcu_read_unlock();
1479
1480 return addr;
1481 }
1482 EXPORT_SYMBOL(inet_confirm_addr);
1483
1484 /*
1485 * Device notifier
1486 */
1487
register_inetaddr_notifier(struct notifier_block * nb)1488 int register_inetaddr_notifier(struct notifier_block *nb)
1489 {
1490 return blocking_notifier_chain_register(&inetaddr_chain, nb);
1491 }
1492 EXPORT_SYMBOL(register_inetaddr_notifier);
1493
unregister_inetaddr_notifier(struct notifier_block * nb)1494 int unregister_inetaddr_notifier(struct notifier_block *nb)
1495 {
1496 return blocking_notifier_chain_unregister(&inetaddr_chain, nb);
1497 }
1498 EXPORT_SYMBOL(unregister_inetaddr_notifier);
1499
register_inetaddr_validator_notifier(struct notifier_block * nb)1500 int register_inetaddr_validator_notifier(struct notifier_block *nb)
1501 {
1502 return blocking_notifier_chain_register(&inetaddr_validator_chain, nb);
1503 }
1504 EXPORT_SYMBOL(register_inetaddr_validator_notifier);
1505
unregister_inetaddr_validator_notifier(struct notifier_block * nb)1506 int unregister_inetaddr_validator_notifier(struct notifier_block *nb)
1507 {
1508 return blocking_notifier_chain_unregister(&inetaddr_validator_chain,
1509 nb);
1510 }
1511 EXPORT_SYMBOL(unregister_inetaddr_validator_notifier);
1512
1513 /* Rename ifa_labels for a device name change. Make some effort to preserve
1514 * existing alias numbering and to create unique labels if possible.
1515 */
inetdev_changename(struct net_device * dev,struct in_device * in_dev)1516 static void inetdev_changename(struct net_device *dev, struct in_device *in_dev)
1517 {
1518 struct in_ifaddr *ifa;
1519 int named = 0;
1520
1521 in_dev_for_each_ifa_rtnl(ifa, in_dev) {
1522 char old[IFNAMSIZ], *dot;
1523
1524 memcpy(old, ifa->ifa_label, IFNAMSIZ);
1525 memcpy(ifa->ifa_label, dev->name, IFNAMSIZ);
1526 if (named++ == 0)
1527 goto skip;
1528 dot = strchr(old, ':');
1529 if (!dot) {
1530 sprintf(old, ":%d", named);
1531 dot = old;
1532 }
1533 if (strlen(dot) + strlen(dev->name) < IFNAMSIZ)
1534 strcat(ifa->ifa_label, dot);
1535 else
1536 strcpy(ifa->ifa_label + (IFNAMSIZ - strlen(dot) - 1), dot);
1537 skip:
1538 rtmsg_ifa(RTM_NEWADDR, ifa, NULL, 0);
1539 }
1540 }
1541
inetdev_send_gratuitous_arp(struct net_device * dev,struct in_device * in_dev)1542 static void inetdev_send_gratuitous_arp(struct net_device *dev,
1543 struct in_device *in_dev)
1544
1545 {
1546 const struct in_ifaddr *ifa;
1547
1548 in_dev_for_each_ifa_rtnl(ifa, in_dev) {
1549 arp_send(ARPOP_REQUEST, ETH_P_ARP,
1550 ifa->ifa_local, dev,
1551 ifa->ifa_local, NULL,
1552 dev->dev_addr, NULL);
1553 }
1554 }
1555
1556 /* Called only under RTNL semaphore */
1557
inetdev_event(struct notifier_block * this,unsigned long event,void * ptr)1558 static int inetdev_event(struct notifier_block *this, unsigned long event,
1559 void *ptr)
1560 {
1561 struct net_device *dev = netdev_notifier_info_to_dev(ptr);
1562 struct in_device *in_dev = __in_dev_get_rtnl(dev);
1563
1564 ASSERT_RTNL();
1565
1566 if (!in_dev) {
1567 if (event == NETDEV_REGISTER) {
1568 in_dev = inetdev_init(dev);
1569 if (IS_ERR(in_dev))
1570 return notifier_from_errno(PTR_ERR(in_dev));
1571 if (dev->flags & IFF_LOOPBACK) {
1572 IN_DEV_CONF_SET(in_dev, NOXFRM, 1);
1573 IN_DEV_CONF_SET(in_dev, NOPOLICY, 1);
1574 }
1575 } else if (event == NETDEV_CHANGEMTU) {
1576 /* Re-enabling IP */
1577 if (inetdev_valid_mtu(dev->mtu))
1578 in_dev = inetdev_init(dev);
1579 }
1580 goto out;
1581 }
1582
1583 switch (event) {
1584 case NETDEV_REGISTER:
1585 pr_debug("%s: bug\n", __func__);
1586 RCU_INIT_POINTER(dev->ip_ptr, NULL);
1587 break;
1588 case NETDEV_UP:
1589 if (!inetdev_valid_mtu(dev->mtu))
1590 break;
1591 if (dev->flags & IFF_LOOPBACK) {
1592 struct in_ifaddr *ifa = inet_alloc_ifa();
1593
1594 if (ifa) {
1595 INIT_HLIST_NODE(&ifa->hash);
1596 ifa->ifa_local =
1597 ifa->ifa_address = htonl(INADDR_LOOPBACK);
1598 ifa->ifa_prefixlen = 8;
1599 ifa->ifa_mask = inet_make_mask(8);
1600 in_dev_hold(in_dev);
1601 ifa->ifa_dev = in_dev;
1602 ifa->ifa_scope = RT_SCOPE_HOST;
1603 memcpy(ifa->ifa_label, dev->name, IFNAMSIZ);
1604 set_ifa_lifetime(ifa, INFINITY_LIFE_TIME,
1605 INFINITY_LIFE_TIME);
1606 ipv4_devconf_setall(in_dev);
1607 neigh_parms_data_state_setall(in_dev->arp_parms);
1608 inet_insert_ifa(ifa);
1609 }
1610 }
1611 ip_mc_up(in_dev);
1612 fallthrough;
1613 case NETDEV_CHANGEADDR:
1614 if (!IN_DEV_ARP_NOTIFY(in_dev))
1615 break;
1616 fallthrough;
1617 case NETDEV_NOTIFY_PEERS:
1618 /* Send gratuitous ARP to notify of link change */
1619 inetdev_send_gratuitous_arp(dev, in_dev);
1620 break;
1621 case NETDEV_DOWN:
1622 ip_mc_down(in_dev);
1623 break;
1624 case NETDEV_PRE_TYPE_CHANGE:
1625 ip_mc_unmap(in_dev);
1626 break;
1627 case NETDEV_POST_TYPE_CHANGE:
1628 ip_mc_remap(in_dev);
1629 break;
1630 case NETDEV_CHANGEMTU:
1631 if (inetdev_valid_mtu(dev->mtu))
1632 break;
1633 /* disable IP when MTU is not enough */
1634 fallthrough;
1635 case NETDEV_UNREGISTER:
1636 inetdev_destroy(in_dev);
1637 break;
1638 case NETDEV_CHANGENAME:
1639 /* Do not notify about label change, this event is
1640 * not interesting to applications using netlink.
1641 */
1642 inetdev_changename(dev, in_dev);
1643
1644 devinet_sysctl_unregister(in_dev);
1645 devinet_sysctl_register(in_dev);
1646 break;
1647 }
1648 out:
1649 return NOTIFY_DONE;
1650 }
1651
1652 static struct notifier_block ip_netdev_notifier = {
1653 .notifier_call = inetdev_event,
1654 };
1655
inet_nlmsg_size(void)1656 static size_t inet_nlmsg_size(void)
1657 {
1658 return NLMSG_ALIGN(sizeof(struct ifaddrmsg))
1659 + nla_total_size(4) /* IFA_ADDRESS */
1660 + nla_total_size(4) /* IFA_LOCAL */
1661 + nla_total_size(4) /* IFA_BROADCAST */
1662 + nla_total_size(IFNAMSIZ) /* IFA_LABEL */
1663 + nla_total_size(4) /* IFA_FLAGS */
1664 + nla_total_size(1) /* IFA_PROTO */
1665 + nla_total_size(4) /* IFA_RT_PRIORITY */
1666 + nla_total_size(sizeof(struct ifa_cacheinfo)); /* IFA_CACHEINFO */
1667 }
1668
cstamp_delta(unsigned long cstamp)1669 static inline u32 cstamp_delta(unsigned long cstamp)
1670 {
1671 return (cstamp - INITIAL_JIFFIES) * 100UL / HZ;
1672 }
1673
put_cacheinfo(struct sk_buff * skb,unsigned long cstamp,unsigned long tstamp,u32 preferred,u32 valid)1674 static int put_cacheinfo(struct sk_buff *skb, unsigned long cstamp,
1675 unsigned long tstamp, u32 preferred, u32 valid)
1676 {
1677 struct ifa_cacheinfo ci;
1678
1679 ci.cstamp = cstamp_delta(cstamp);
1680 ci.tstamp = cstamp_delta(tstamp);
1681 ci.ifa_prefered = preferred;
1682 ci.ifa_valid = valid;
1683
1684 return nla_put(skb, IFA_CACHEINFO, sizeof(ci), &ci);
1685 }
1686
inet_fill_ifaddr(struct sk_buff * skb,struct in_ifaddr * ifa,struct inet_fill_args * args)1687 static int inet_fill_ifaddr(struct sk_buff *skb, struct in_ifaddr *ifa,
1688 struct inet_fill_args *args)
1689 {
1690 struct ifaddrmsg *ifm;
1691 struct nlmsghdr *nlh;
1692 u32 preferred, valid;
1693
1694 nlh = nlmsg_put(skb, args->portid, args->seq, args->event, sizeof(*ifm),
1695 args->flags);
1696 if (!nlh)
1697 return -EMSGSIZE;
1698
1699 ifm = nlmsg_data(nlh);
1700 ifm->ifa_family = AF_INET;
1701 ifm->ifa_prefixlen = ifa->ifa_prefixlen;
1702 ifm->ifa_flags = ifa->ifa_flags;
1703 ifm->ifa_scope = ifa->ifa_scope;
1704 ifm->ifa_index = ifa->ifa_dev->dev->ifindex;
1705
1706 if (args->netnsid >= 0 &&
1707 nla_put_s32(skb, IFA_TARGET_NETNSID, args->netnsid))
1708 goto nla_put_failure;
1709
1710 if (!(ifm->ifa_flags & IFA_F_PERMANENT)) {
1711 preferred = ifa->ifa_preferred_lft;
1712 valid = ifa->ifa_valid_lft;
1713 if (preferred != INFINITY_LIFE_TIME) {
1714 long tval = (jiffies - ifa->ifa_tstamp) / HZ;
1715
1716 if (preferred > tval)
1717 preferred -= tval;
1718 else
1719 preferred = 0;
1720 if (valid != INFINITY_LIFE_TIME) {
1721 if (valid > tval)
1722 valid -= tval;
1723 else
1724 valid = 0;
1725 }
1726 }
1727 } else {
1728 preferred = INFINITY_LIFE_TIME;
1729 valid = INFINITY_LIFE_TIME;
1730 }
1731 if ((ifa->ifa_address &&
1732 nla_put_in_addr(skb, IFA_ADDRESS, ifa->ifa_address)) ||
1733 (ifa->ifa_local &&
1734 nla_put_in_addr(skb, IFA_LOCAL, ifa->ifa_local)) ||
1735 (ifa->ifa_broadcast &&
1736 nla_put_in_addr(skb, IFA_BROADCAST, ifa->ifa_broadcast)) ||
1737 (ifa->ifa_label[0] &&
1738 nla_put_string(skb, IFA_LABEL, ifa->ifa_label)) ||
1739 (ifa->ifa_proto &&
1740 nla_put_u8(skb, IFA_PROTO, ifa->ifa_proto)) ||
1741 nla_put_u32(skb, IFA_FLAGS, ifa->ifa_flags) ||
1742 (ifa->ifa_rt_priority &&
1743 nla_put_u32(skb, IFA_RT_PRIORITY, ifa->ifa_rt_priority)) ||
1744 put_cacheinfo(skb, ifa->ifa_cstamp, ifa->ifa_tstamp,
1745 preferred, valid))
1746 goto nla_put_failure;
1747
1748 nlmsg_end(skb, nlh);
1749 return 0;
1750
1751 nla_put_failure:
1752 nlmsg_cancel(skb, nlh);
1753 return -EMSGSIZE;
1754 }
1755
inet_valid_dump_ifaddr_req(const struct nlmsghdr * nlh,struct inet_fill_args * fillargs,struct net ** tgt_net,struct sock * sk,struct netlink_callback * cb)1756 static int inet_valid_dump_ifaddr_req(const struct nlmsghdr *nlh,
1757 struct inet_fill_args *fillargs,
1758 struct net **tgt_net, struct sock *sk,
1759 struct netlink_callback *cb)
1760 {
1761 struct netlink_ext_ack *extack = cb->extack;
1762 struct nlattr *tb[IFA_MAX+1];
1763 struct ifaddrmsg *ifm;
1764 int err, i;
1765
1766 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ifm))) {
1767 NL_SET_ERR_MSG(extack, "ipv4: Invalid header for address dump request");
1768 return -EINVAL;
1769 }
1770
1771 ifm = nlmsg_data(nlh);
1772 if (ifm->ifa_prefixlen || ifm->ifa_flags || ifm->ifa_scope) {
1773 NL_SET_ERR_MSG(extack, "ipv4: Invalid values in header for address dump request");
1774 return -EINVAL;
1775 }
1776
1777 fillargs->ifindex = ifm->ifa_index;
1778 if (fillargs->ifindex) {
1779 cb->answer_flags |= NLM_F_DUMP_FILTERED;
1780 fillargs->flags |= NLM_F_DUMP_FILTERED;
1781 }
1782
1783 err = nlmsg_parse_deprecated_strict(nlh, sizeof(*ifm), tb, IFA_MAX,
1784 ifa_ipv4_policy, extack);
1785 if (err < 0)
1786 return err;
1787
1788 for (i = 0; i <= IFA_MAX; ++i) {
1789 if (!tb[i])
1790 continue;
1791
1792 if (i == IFA_TARGET_NETNSID) {
1793 struct net *net;
1794
1795 fillargs->netnsid = nla_get_s32(tb[i]);
1796
1797 net = rtnl_get_net_ns_capable(sk, fillargs->netnsid);
1798 if (IS_ERR(net)) {
1799 fillargs->netnsid = -1;
1800 NL_SET_ERR_MSG(extack, "ipv4: Invalid target network namespace id");
1801 return PTR_ERR(net);
1802 }
1803 *tgt_net = net;
1804 } else {
1805 NL_SET_ERR_MSG(extack, "ipv4: Unsupported attribute in dump request");
1806 return -EINVAL;
1807 }
1808 }
1809
1810 return 0;
1811 }
1812
in_dev_dump_addr(struct in_device * in_dev,struct sk_buff * skb,struct netlink_callback * cb,int s_ip_idx,struct inet_fill_args * fillargs)1813 static int in_dev_dump_addr(struct in_device *in_dev, struct sk_buff *skb,
1814 struct netlink_callback *cb, int s_ip_idx,
1815 struct inet_fill_args *fillargs)
1816 {
1817 struct in_ifaddr *ifa;
1818 int ip_idx = 0;
1819 int err;
1820
1821 in_dev_for_each_ifa_rtnl(ifa, in_dev) {
1822 if (ip_idx < s_ip_idx) {
1823 ip_idx++;
1824 continue;
1825 }
1826 err = inet_fill_ifaddr(skb, ifa, fillargs);
1827 if (err < 0)
1828 goto done;
1829
1830 nl_dump_check_consistent(cb, nlmsg_hdr(skb));
1831 ip_idx++;
1832 }
1833 err = 0;
1834
1835 done:
1836 cb->args[2] = ip_idx;
1837
1838 return err;
1839 }
1840
1841 /* Combine dev_addr_genid and dev_base_seq to detect changes.
1842 */
inet_base_seq(const struct net * net)1843 static u32 inet_base_seq(const struct net *net)
1844 {
1845 u32 res = atomic_read(&net->ipv4.dev_addr_genid) +
1846 net->dev_base_seq;
1847
1848 /* Must not return 0 (see nl_dump_check_consistent()).
1849 * Chose a value far away from 0.
1850 */
1851 if (!res)
1852 res = 0x80000000;
1853 return res;
1854 }
1855
inet_dump_ifaddr(struct sk_buff * skb,struct netlink_callback * cb)1856 static int inet_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb)
1857 {
1858 const struct nlmsghdr *nlh = cb->nlh;
1859 struct inet_fill_args fillargs = {
1860 .portid = NETLINK_CB(cb->skb).portid,
1861 .seq = nlh->nlmsg_seq,
1862 .event = RTM_NEWADDR,
1863 .flags = NLM_F_MULTI,
1864 .netnsid = -1,
1865 };
1866 struct net *net = sock_net(skb->sk);
1867 struct net *tgt_net = net;
1868 int h, s_h;
1869 int idx, s_idx;
1870 int s_ip_idx;
1871 struct net_device *dev;
1872 struct in_device *in_dev;
1873 struct hlist_head *head;
1874 int err = 0;
1875
1876 s_h = cb->args[0];
1877 s_idx = idx = cb->args[1];
1878 s_ip_idx = cb->args[2];
1879
1880 if (cb->strict_check) {
1881 err = inet_valid_dump_ifaddr_req(nlh, &fillargs, &tgt_net,
1882 skb->sk, cb);
1883 if (err < 0)
1884 goto put_tgt_net;
1885
1886 err = 0;
1887 if (fillargs.ifindex) {
1888 dev = __dev_get_by_index(tgt_net, fillargs.ifindex);
1889 if (!dev) {
1890 err = -ENODEV;
1891 goto put_tgt_net;
1892 }
1893
1894 in_dev = __in_dev_get_rtnl(dev);
1895 if (in_dev) {
1896 err = in_dev_dump_addr(in_dev, skb, cb, s_ip_idx,
1897 &fillargs);
1898 }
1899 goto put_tgt_net;
1900 }
1901 }
1902
1903 for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) {
1904 idx = 0;
1905 head = &tgt_net->dev_index_head[h];
1906 rcu_read_lock();
1907 cb->seq = inet_base_seq(tgt_net);
1908 hlist_for_each_entry_rcu(dev, head, index_hlist) {
1909 if (idx < s_idx)
1910 goto cont;
1911 if (h > s_h || idx > s_idx)
1912 s_ip_idx = 0;
1913 in_dev = __in_dev_get_rcu(dev);
1914 if (!in_dev)
1915 goto cont;
1916
1917 err = in_dev_dump_addr(in_dev, skb, cb, s_ip_idx,
1918 &fillargs);
1919 if (err < 0) {
1920 rcu_read_unlock();
1921 goto done;
1922 }
1923 cont:
1924 idx++;
1925 }
1926 rcu_read_unlock();
1927 }
1928
1929 done:
1930 cb->args[0] = h;
1931 cb->args[1] = idx;
1932 put_tgt_net:
1933 if (fillargs.netnsid >= 0)
1934 put_net(tgt_net);
1935
1936 return skb->len ? : err;
1937 }
1938
rtmsg_ifa(int event,struct in_ifaddr * ifa,struct nlmsghdr * nlh,u32 portid)1939 static void rtmsg_ifa(int event, struct in_ifaddr *ifa, struct nlmsghdr *nlh,
1940 u32 portid)
1941 {
1942 struct inet_fill_args fillargs = {
1943 .portid = portid,
1944 .seq = nlh ? nlh->nlmsg_seq : 0,
1945 .event = event,
1946 .flags = 0,
1947 .netnsid = -1,
1948 };
1949 struct sk_buff *skb;
1950 int err = -ENOBUFS;
1951 struct net *net;
1952
1953 net = dev_net(ifa->ifa_dev->dev);
1954 skb = nlmsg_new(inet_nlmsg_size(), GFP_KERNEL);
1955 if (!skb)
1956 goto errout;
1957
1958 err = inet_fill_ifaddr(skb, ifa, &fillargs);
1959 if (err < 0) {
1960 /* -EMSGSIZE implies BUG in inet_nlmsg_size() */
1961 WARN_ON(err == -EMSGSIZE);
1962 kfree_skb(skb);
1963 goto errout;
1964 }
1965 rtnl_notify(skb, net, portid, RTNLGRP_IPV4_IFADDR, nlh, GFP_KERNEL);
1966 return;
1967 errout:
1968 if (err < 0)
1969 rtnl_set_sk_err(net, RTNLGRP_IPV4_IFADDR, err);
1970 }
1971
inet_get_link_af_size(const struct net_device * dev,u32 ext_filter_mask)1972 static size_t inet_get_link_af_size(const struct net_device *dev,
1973 u32 ext_filter_mask)
1974 {
1975 struct in_device *in_dev = rcu_dereference_rtnl(dev->ip_ptr);
1976
1977 if (!in_dev)
1978 return 0;
1979
1980 return nla_total_size(IPV4_DEVCONF_MAX * 4); /* IFLA_INET_CONF */
1981 }
1982
inet_fill_link_af(struct sk_buff * skb,const struct net_device * dev,u32 ext_filter_mask)1983 static int inet_fill_link_af(struct sk_buff *skb, const struct net_device *dev,
1984 u32 ext_filter_mask)
1985 {
1986 struct in_device *in_dev = rcu_dereference_rtnl(dev->ip_ptr);
1987 struct nlattr *nla;
1988 int i;
1989
1990 if (!in_dev)
1991 return -ENODATA;
1992
1993 nla = nla_reserve(skb, IFLA_INET_CONF, IPV4_DEVCONF_MAX * 4);
1994 if (!nla)
1995 return -EMSGSIZE;
1996
1997 for (i = 0; i < IPV4_DEVCONF_MAX; i++)
1998 ((u32 *) nla_data(nla))[i] = in_dev->cnf.data[i];
1999
2000 return 0;
2001 }
2002
2003 static const struct nla_policy inet_af_policy[IFLA_INET_MAX+1] = {
2004 [IFLA_INET_CONF] = { .type = NLA_NESTED },
2005 };
2006
inet_validate_link_af(const struct net_device * dev,const struct nlattr * nla,struct netlink_ext_ack * extack)2007 static int inet_validate_link_af(const struct net_device *dev,
2008 const struct nlattr *nla,
2009 struct netlink_ext_ack *extack)
2010 {
2011 struct nlattr *a, *tb[IFLA_INET_MAX+1];
2012 int err, rem;
2013
2014 if (dev && !__in_dev_get_rtnl(dev))
2015 return -EAFNOSUPPORT;
2016
2017 err = nla_parse_nested_deprecated(tb, IFLA_INET_MAX, nla,
2018 inet_af_policy, extack);
2019 if (err < 0)
2020 return err;
2021
2022 if (tb[IFLA_INET_CONF]) {
2023 nla_for_each_nested(a, tb[IFLA_INET_CONF], rem) {
2024 int cfgid = nla_type(a);
2025
2026 if (nla_len(a) < 4)
2027 return -EINVAL;
2028
2029 if (cfgid <= 0 || cfgid > IPV4_DEVCONF_MAX)
2030 return -EINVAL;
2031 }
2032 }
2033
2034 return 0;
2035 }
2036
inet_set_link_af(struct net_device * dev,const struct nlattr * nla,struct netlink_ext_ack * extack)2037 static int inet_set_link_af(struct net_device *dev, const struct nlattr *nla,
2038 struct netlink_ext_ack *extack)
2039 {
2040 struct in_device *in_dev = __in_dev_get_rtnl(dev);
2041 struct nlattr *a, *tb[IFLA_INET_MAX+1];
2042 int rem;
2043
2044 if (!in_dev)
2045 return -EAFNOSUPPORT;
2046
2047 if (nla_parse_nested_deprecated(tb, IFLA_INET_MAX, nla, NULL, NULL) < 0)
2048 return -EINVAL;
2049
2050 if (tb[IFLA_INET_CONF]) {
2051 nla_for_each_nested(a, tb[IFLA_INET_CONF], rem)
2052 ipv4_devconf_set(in_dev, nla_type(a), nla_get_u32(a));
2053 }
2054
2055 return 0;
2056 }
2057
inet_netconf_msgsize_devconf(int type)2058 static int inet_netconf_msgsize_devconf(int type)
2059 {
2060 int size = NLMSG_ALIGN(sizeof(struct netconfmsg))
2061 + nla_total_size(4); /* NETCONFA_IFINDEX */
2062 bool all = false;
2063
2064 if (type == NETCONFA_ALL)
2065 all = true;
2066
2067 if (all || type == NETCONFA_FORWARDING)
2068 size += nla_total_size(4);
2069 if (all || type == NETCONFA_RP_FILTER)
2070 size += nla_total_size(4);
2071 if (all || type == NETCONFA_MC_FORWARDING)
2072 size += nla_total_size(4);
2073 if (all || type == NETCONFA_BC_FORWARDING)
2074 size += nla_total_size(4);
2075 if (all || type == NETCONFA_PROXY_NEIGH)
2076 size += nla_total_size(4);
2077 if (all || type == NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN)
2078 size += nla_total_size(4);
2079
2080 return size;
2081 }
2082
inet_netconf_fill_devconf(struct sk_buff * skb,int ifindex,struct ipv4_devconf * devconf,u32 portid,u32 seq,int event,unsigned int flags,int type)2083 static int inet_netconf_fill_devconf(struct sk_buff *skb, int ifindex,
2084 struct ipv4_devconf *devconf, u32 portid,
2085 u32 seq, int event, unsigned int flags,
2086 int type)
2087 {
2088 struct nlmsghdr *nlh;
2089 struct netconfmsg *ncm;
2090 bool all = false;
2091
2092 nlh = nlmsg_put(skb, portid, seq, event, sizeof(struct netconfmsg),
2093 flags);
2094 if (!nlh)
2095 return -EMSGSIZE;
2096
2097 if (type == NETCONFA_ALL)
2098 all = true;
2099
2100 ncm = nlmsg_data(nlh);
2101 ncm->ncm_family = AF_INET;
2102
2103 if (nla_put_s32(skb, NETCONFA_IFINDEX, ifindex) < 0)
2104 goto nla_put_failure;
2105
2106 if (!devconf)
2107 goto out;
2108
2109 if ((all || type == NETCONFA_FORWARDING) &&
2110 nla_put_s32(skb, NETCONFA_FORWARDING,
2111 IPV4_DEVCONF(*devconf, FORWARDING)) < 0)
2112 goto nla_put_failure;
2113 if ((all || type == NETCONFA_RP_FILTER) &&
2114 nla_put_s32(skb, NETCONFA_RP_FILTER,
2115 IPV4_DEVCONF(*devconf, RP_FILTER)) < 0)
2116 goto nla_put_failure;
2117 if ((all || type == NETCONFA_MC_FORWARDING) &&
2118 nla_put_s32(skb, NETCONFA_MC_FORWARDING,
2119 IPV4_DEVCONF(*devconf, MC_FORWARDING)) < 0)
2120 goto nla_put_failure;
2121 if ((all || type == NETCONFA_BC_FORWARDING) &&
2122 nla_put_s32(skb, NETCONFA_BC_FORWARDING,
2123 IPV4_DEVCONF(*devconf, BC_FORWARDING)) < 0)
2124 goto nla_put_failure;
2125 if ((all || type == NETCONFA_PROXY_NEIGH) &&
2126 nla_put_s32(skb, NETCONFA_PROXY_NEIGH,
2127 IPV4_DEVCONF(*devconf, PROXY_ARP)) < 0)
2128 goto nla_put_failure;
2129 if ((all || type == NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN) &&
2130 nla_put_s32(skb, NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN,
2131 IPV4_DEVCONF(*devconf, IGNORE_ROUTES_WITH_LINKDOWN)) < 0)
2132 goto nla_put_failure;
2133
2134 out:
2135 nlmsg_end(skb, nlh);
2136 return 0;
2137
2138 nla_put_failure:
2139 nlmsg_cancel(skb, nlh);
2140 return -EMSGSIZE;
2141 }
2142
inet_netconf_notify_devconf(struct net * net,int event,int type,int ifindex,struct ipv4_devconf * devconf)2143 void inet_netconf_notify_devconf(struct net *net, int event, int type,
2144 int ifindex, struct ipv4_devconf *devconf)
2145 {
2146 struct sk_buff *skb;
2147 int err = -ENOBUFS;
2148
2149 skb = nlmsg_new(inet_netconf_msgsize_devconf(type), GFP_KERNEL);
2150 if (!skb)
2151 goto errout;
2152
2153 err = inet_netconf_fill_devconf(skb, ifindex, devconf, 0, 0,
2154 event, 0, type);
2155 if (err < 0) {
2156 /* -EMSGSIZE implies BUG in inet_netconf_msgsize_devconf() */
2157 WARN_ON(err == -EMSGSIZE);
2158 kfree_skb(skb);
2159 goto errout;
2160 }
2161 rtnl_notify(skb, net, 0, RTNLGRP_IPV4_NETCONF, NULL, GFP_KERNEL);
2162 return;
2163 errout:
2164 if (err < 0)
2165 rtnl_set_sk_err(net, RTNLGRP_IPV4_NETCONF, err);
2166 }
2167
2168 static const struct nla_policy devconf_ipv4_policy[NETCONFA_MAX+1] = {
2169 [NETCONFA_IFINDEX] = { .len = sizeof(int) },
2170 [NETCONFA_FORWARDING] = { .len = sizeof(int) },
2171 [NETCONFA_RP_FILTER] = { .len = sizeof(int) },
2172 [NETCONFA_PROXY_NEIGH] = { .len = sizeof(int) },
2173 [NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN] = { .len = sizeof(int) },
2174 };
2175
inet_netconf_valid_get_req(struct sk_buff * skb,const struct nlmsghdr * nlh,struct nlattr ** tb,struct netlink_ext_ack * extack)2176 static int inet_netconf_valid_get_req(struct sk_buff *skb,
2177 const struct nlmsghdr *nlh,
2178 struct nlattr **tb,
2179 struct netlink_ext_ack *extack)
2180 {
2181 int i, err;
2182
2183 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(struct netconfmsg))) {
2184 NL_SET_ERR_MSG(extack, "ipv4: Invalid header for netconf get request");
2185 return -EINVAL;
2186 }
2187
2188 if (!netlink_strict_get_check(skb))
2189 return nlmsg_parse_deprecated(nlh, sizeof(struct netconfmsg),
2190 tb, NETCONFA_MAX,
2191 devconf_ipv4_policy, extack);
2192
2193 err = nlmsg_parse_deprecated_strict(nlh, sizeof(struct netconfmsg),
2194 tb, NETCONFA_MAX,
2195 devconf_ipv4_policy, extack);
2196 if (err)
2197 return err;
2198
2199 for (i = 0; i <= NETCONFA_MAX; i++) {
2200 if (!tb[i])
2201 continue;
2202
2203 switch (i) {
2204 case NETCONFA_IFINDEX:
2205 break;
2206 default:
2207 NL_SET_ERR_MSG(extack, "ipv4: Unsupported attribute in netconf get request");
2208 return -EINVAL;
2209 }
2210 }
2211
2212 return 0;
2213 }
2214
inet_netconf_get_devconf(struct sk_buff * in_skb,struct nlmsghdr * nlh,struct netlink_ext_ack * extack)2215 static int inet_netconf_get_devconf(struct sk_buff *in_skb,
2216 struct nlmsghdr *nlh,
2217 struct netlink_ext_ack *extack)
2218 {
2219 struct net *net = sock_net(in_skb->sk);
2220 struct nlattr *tb[NETCONFA_MAX+1];
2221 struct sk_buff *skb;
2222 struct ipv4_devconf *devconf;
2223 struct in_device *in_dev;
2224 struct net_device *dev;
2225 int ifindex;
2226 int err;
2227
2228 err = inet_netconf_valid_get_req(in_skb, nlh, tb, extack);
2229 if (err)
2230 goto errout;
2231
2232 err = -EINVAL;
2233 if (!tb[NETCONFA_IFINDEX])
2234 goto errout;
2235
2236 ifindex = nla_get_s32(tb[NETCONFA_IFINDEX]);
2237 switch (ifindex) {
2238 case NETCONFA_IFINDEX_ALL:
2239 devconf = net->ipv4.devconf_all;
2240 break;
2241 case NETCONFA_IFINDEX_DEFAULT:
2242 devconf = net->ipv4.devconf_dflt;
2243 break;
2244 default:
2245 dev = __dev_get_by_index(net, ifindex);
2246 if (!dev)
2247 goto errout;
2248 in_dev = __in_dev_get_rtnl(dev);
2249 if (!in_dev)
2250 goto errout;
2251 devconf = &in_dev->cnf;
2252 break;
2253 }
2254
2255 err = -ENOBUFS;
2256 skb = nlmsg_new(inet_netconf_msgsize_devconf(NETCONFA_ALL), GFP_KERNEL);
2257 if (!skb)
2258 goto errout;
2259
2260 err = inet_netconf_fill_devconf(skb, ifindex, devconf,
2261 NETLINK_CB(in_skb).portid,
2262 nlh->nlmsg_seq, RTM_NEWNETCONF, 0,
2263 NETCONFA_ALL);
2264 if (err < 0) {
2265 /* -EMSGSIZE implies BUG in inet_netconf_msgsize_devconf() */
2266 WARN_ON(err == -EMSGSIZE);
2267 kfree_skb(skb);
2268 goto errout;
2269 }
2270 err = rtnl_unicast(skb, net, NETLINK_CB(in_skb).portid);
2271 errout:
2272 return err;
2273 }
2274
inet_netconf_dump_devconf(struct sk_buff * skb,struct netlink_callback * cb)2275 static int inet_netconf_dump_devconf(struct sk_buff *skb,
2276 struct netlink_callback *cb)
2277 {
2278 const struct nlmsghdr *nlh = cb->nlh;
2279 struct net *net = sock_net(skb->sk);
2280 int h, s_h;
2281 int idx, s_idx;
2282 struct net_device *dev;
2283 struct in_device *in_dev;
2284 struct hlist_head *head;
2285
2286 if (cb->strict_check) {
2287 struct netlink_ext_ack *extack = cb->extack;
2288 struct netconfmsg *ncm;
2289
2290 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ncm))) {
2291 NL_SET_ERR_MSG(extack, "ipv4: Invalid header for netconf dump request");
2292 return -EINVAL;
2293 }
2294
2295 if (nlmsg_attrlen(nlh, sizeof(*ncm))) {
2296 NL_SET_ERR_MSG(extack, "ipv4: Invalid data after header in netconf dump request");
2297 return -EINVAL;
2298 }
2299 }
2300
2301 s_h = cb->args[0];
2302 s_idx = idx = cb->args[1];
2303
2304 for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) {
2305 idx = 0;
2306 head = &net->dev_index_head[h];
2307 rcu_read_lock();
2308 cb->seq = inet_base_seq(net);
2309 hlist_for_each_entry_rcu(dev, head, index_hlist) {
2310 if (idx < s_idx)
2311 goto cont;
2312 in_dev = __in_dev_get_rcu(dev);
2313 if (!in_dev)
2314 goto cont;
2315
2316 if (inet_netconf_fill_devconf(skb, dev->ifindex,
2317 &in_dev->cnf,
2318 NETLINK_CB(cb->skb).portid,
2319 nlh->nlmsg_seq,
2320 RTM_NEWNETCONF,
2321 NLM_F_MULTI,
2322 NETCONFA_ALL) < 0) {
2323 rcu_read_unlock();
2324 goto done;
2325 }
2326 nl_dump_check_consistent(cb, nlmsg_hdr(skb));
2327 cont:
2328 idx++;
2329 }
2330 rcu_read_unlock();
2331 }
2332 if (h == NETDEV_HASHENTRIES) {
2333 if (inet_netconf_fill_devconf(skb, NETCONFA_IFINDEX_ALL,
2334 net->ipv4.devconf_all,
2335 NETLINK_CB(cb->skb).portid,
2336 nlh->nlmsg_seq,
2337 RTM_NEWNETCONF, NLM_F_MULTI,
2338 NETCONFA_ALL) < 0)
2339 goto done;
2340 else
2341 h++;
2342 }
2343 if (h == NETDEV_HASHENTRIES + 1) {
2344 if (inet_netconf_fill_devconf(skb, NETCONFA_IFINDEX_DEFAULT,
2345 net->ipv4.devconf_dflt,
2346 NETLINK_CB(cb->skb).portid,
2347 nlh->nlmsg_seq,
2348 RTM_NEWNETCONF, NLM_F_MULTI,
2349 NETCONFA_ALL) < 0)
2350 goto done;
2351 else
2352 h++;
2353 }
2354 done:
2355 cb->args[0] = h;
2356 cb->args[1] = idx;
2357
2358 return skb->len;
2359 }
2360
2361 #ifdef CONFIG_SYSCTL
2362
devinet_copy_dflt_conf(struct net * net,int i)2363 static void devinet_copy_dflt_conf(struct net *net, int i)
2364 {
2365 struct net_device *dev;
2366
2367 rcu_read_lock();
2368 for_each_netdev_rcu(net, dev) {
2369 struct in_device *in_dev;
2370
2371 in_dev = __in_dev_get_rcu(dev);
2372 if (in_dev && !test_bit(i, in_dev->cnf.state))
2373 in_dev->cnf.data[i] = net->ipv4.devconf_dflt->data[i];
2374 }
2375 rcu_read_unlock();
2376 }
2377
2378 /* called with RTNL locked */
inet_forward_change(struct net * net)2379 static void inet_forward_change(struct net *net)
2380 {
2381 struct net_device *dev;
2382 int on = IPV4_DEVCONF_ALL(net, FORWARDING);
2383
2384 IPV4_DEVCONF_ALL(net, ACCEPT_REDIRECTS) = !on;
2385 IPV4_DEVCONF_DFLT(net, FORWARDING) = on;
2386 inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
2387 NETCONFA_FORWARDING,
2388 NETCONFA_IFINDEX_ALL,
2389 net->ipv4.devconf_all);
2390 inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
2391 NETCONFA_FORWARDING,
2392 NETCONFA_IFINDEX_DEFAULT,
2393 net->ipv4.devconf_dflt);
2394
2395 for_each_netdev(net, dev) {
2396 struct in_device *in_dev;
2397
2398 if (on)
2399 dev_disable_lro(dev);
2400
2401 in_dev = __in_dev_get_rtnl(dev);
2402 if (in_dev) {
2403 IN_DEV_CONF_SET(in_dev, FORWARDING, on);
2404 inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
2405 NETCONFA_FORWARDING,
2406 dev->ifindex, &in_dev->cnf);
2407 }
2408 }
2409 }
2410
devinet_conf_ifindex(struct net * net,struct ipv4_devconf * cnf)2411 static int devinet_conf_ifindex(struct net *net, struct ipv4_devconf *cnf)
2412 {
2413 if (cnf == net->ipv4.devconf_dflt)
2414 return NETCONFA_IFINDEX_DEFAULT;
2415 else if (cnf == net->ipv4.devconf_all)
2416 return NETCONFA_IFINDEX_ALL;
2417 else {
2418 struct in_device *idev
2419 = container_of(cnf, struct in_device, cnf);
2420 return idev->dev->ifindex;
2421 }
2422 }
2423
devinet_conf_proc(struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)2424 static int devinet_conf_proc(struct ctl_table *ctl, int write,
2425 void *buffer, size_t *lenp, loff_t *ppos)
2426 {
2427 int old_value = *(int *)ctl->data;
2428 int ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
2429 int new_value = *(int *)ctl->data;
2430
2431 if (write) {
2432 struct ipv4_devconf *cnf = ctl->extra1;
2433 struct net *net = ctl->extra2;
2434 int i = (int *)ctl->data - cnf->data;
2435 int ifindex;
2436
2437 set_bit(i, cnf->state);
2438
2439 if (cnf == net->ipv4.devconf_dflt)
2440 devinet_copy_dflt_conf(net, i);
2441 if (i == IPV4_DEVCONF_ACCEPT_LOCAL - 1 ||
2442 i == IPV4_DEVCONF_ROUTE_LOCALNET - 1)
2443 if ((new_value == 0) && (old_value != 0))
2444 rt_cache_flush(net);
2445
2446 if (i == IPV4_DEVCONF_BC_FORWARDING - 1 &&
2447 new_value != old_value)
2448 rt_cache_flush(net);
2449
2450 if (i == IPV4_DEVCONF_RP_FILTER - 1 &&
2451 new_value != old_value) {
2452 ifindex = devinet_conf_ifindex(net, cnf);
2453 inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
2454 NETCONFA_RP_FILTER,
2455 ifindex, cnf);
2456 }
2457 if (i == IPV4_DEVCONF_PROXY_ARP - 1 &&
2458 new_value != old_value) {
2459 ifindex = devinet_conf_ifindex(net, cnf);
2460 inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
2461 NETCONFA_PROXY_NEIGH,
2462 ifindex, cnf);
2463 }
2464 if (i == IPV4_DEVCONF_IGNORE_ROUTES_WITH_LINKDOWN - 1 &&
2465 new_value != old_value) {
2466 ifindex = devinet_conf_ifindex(net, cnf);
2467 inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
2468 NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN,
2469 ifindex, cnf);
2470 }
2471 }
2472
2473 return ret;
2474 }
2475
devinet_sysctl_forward(struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)2476 static int devinet_sysctl_forward(struct ctl_table *ctl, int write,
2477 void *buffer, size_t *lenp, loff_t *ppos)
2478 {
2479 int *valp = ctl->data;
2480 int val = *valp;
2481 loff_t pos = *ppos;
2482 struct net *net = ctl->extra2;
2483 int ret;
2484
2485 if (write && !ns_capable(net->user_ns, CAP_NET_ADMIN))
2486 return -EPERM;
2487
2488 ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
2489
2490 if (write && *valp != val) {
2491 if (valp != &IPV4_DEVCONF_DFLT(net, FORWARDING)) {
2492 if (!rtnl_trylock()) {
2493 /* Restore the original values before restarting */
2494 *valp = val;
2495 *ppos = pos;
2496 return restart_syscall();
2497 }
2498 if (valp == &IPV4_DEVCONF_ALL(net, FORWARDING)) {
2499 inet_forward_change(net);
2500 } else {
2501 struct ipv4_devconf *cnf = ctl->extra1;
2502 struct in_device *idev =
2503 container_of(cnf, struct in_device, cnf);
2504 if (*valp)
2505 dev_disable_lro(idev->dev);
2506 inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
2507 NETCONFA_FORWARDING,
2508 idev->dev->ifindex,
2509 cnf);
2510 }
2511 rtnl_unlock();
2512 rt_cache_flush(net);
2513 } else
2514 inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
2515 NETCONFA_FORWARDING,
2516 NETCONFA_IFINDEX_DEFAULT,
2517 net->ipv4.devconf_dflt);
2518 }
2519
2520 return ret;
2521 }
2522
ipv4_doint_and_flush(struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)2523 static int ipv4_doint_and_flush(struct ctl_table *ctl, int write,
2524 void *buffer, size_t *lenp, loff_t *ppos)
2525 {
2526 int *valp = ctl->data;
2527 int val = *valp;
2528 int ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
2529 struct net *net = ctl->extra2;
2530
2531 if (write && *valp != val)
2532 rt_cache_flush(net);
2533
2534 return ret;
2535 }
2536
2537 #define DEVINET_SYSCTL_ENTRY(attr, name, mval, proc) \
2538 { \
2539 .procname = name, \
2540 .data = ipv4_devconf.data + \
2541 IPV4_DEVCONF_ ## attr - 1, \
2542 .maxlen = sizeof(int), \
2543 .mode = mval, \
2544 .proc_handler = proc, \
2545 .extra1 = &ipv4_devconf, \
2546 }
2547
2548 #define DEVINET_SYSCTL_RW_ENTRY(attr, name) \
2549 DEVINET_SYSCTL_ENTRY(attr, name, 0644, devinet_conf_proc)
2550
2551 #define DEVINET_SYSCTL_RO_ENTRY(attr, name) \
2552 DEVINET_SYSCTL_ENTRY(attr, name, 0444, devinet_conf_proc)
2553
2554 #define DEVINET_SYSCTL_COMPLEX_ENTRY(attr, name, proc) \
2555 DEVINET_SYSCTL_ENTRY(attr, name, 0644, proc)
2556
2557 #define DEVINET_SYSCTL_FLUSHING_ENTRY(attr, name) \
2558 DEVINET_SYSCTL_COMPLEX_ENTRY(attr, name, ipv4_doint_and_flush)
2559
2560 static struct devinet_sysctl_table {
2561 struct ctl_table_header *sysctl_header;
2562 struct ctl_table devinet_vars[__IPV4_DEVCONF_MAX];
2563 } devinet_sysctl = {
2564 .devinet_vars = {
2565 DEVINET_SYSCTL_COMPLEX_ENTRY(FORWARDING, "forwarding",
2566 devinet_sysctl_forward),
2567 DEVINET_SYSCTL_RO_ENTRY(MC_FORWARDING, "mc_forwarding"),
2568 DEVINET_SYSCTL_RW_ENTRY(BC_FORWARDING, "bc_forwarding"),
2569
2570 DEVINET_SYSCTL_RW_ENTRY(ACCEPT_REDIRECTS, "accept_redirects"),
2571 DEVINET_SYSCTL_RW_ENTRY(SECURE_REDIRECTS, "secure_redirects"),
2572 DEVINET_SYSCTL_RW_ENTRY(SHARED_MEDIA, "shared_media"),
2573 DEVINET_SYSCTL_RW_ENTRY(RP_FILTER, "rp_filter"),
2574 DEVINET_SYSCTL_RW_ENTRY(SEND_REDIRECTS, "send_redirects"),
2575 DEVINET_SYSCTL_RW_ENTRY(ACCEPT_SOURCE_ROUTE,
2576 "accept_source_route"),
2577 DEVINET_SYSCTL_RW_ENTRY(ACCEPT_LOCAL, "accept_local"),
2578 DEVINET_SYSCTL_RW_ENTRY(SRC_VMARK, "src_valid_mark"),
2579 DEVINET_SYSCTL_RW_ENTRY(PROXY_ARP, "proxy_arp"),
2580 DEVINET_SYSCTL_RW_ENTRY(MEDIUM_ID, "medium_id"),
2581 DEVINET_SYSCTL_RW_ENTRY(BOOTP_RELAY, "bootp_relay"),
2582 DEVINET_SYSCTL_RW_ENTRY(LOG_MARTIANS, "log_martians"),
2583 DEVINET_SYSCTL_RW_ENTRY(TAG, "tag"),
2584 DEVINET_SYSCTL_RW_ENTRY(ARPFILTER, "arp_filter"),
2585 DEVINET_SYSCTL_RW_ENTRY(ARP_ANNOUNCE, "arp_announce"),
2586 DEVINET_SYSCTL_RW_ENTRY(ARP_IGNORE, "arp_ignore"),
2587 DEVINET_SYSCTL_RW_ENTRY(ARP_ACCEPT, "arp_accept"),
2588 DEVINET_SYSCTL_RW_ENTRY(ARP_NOTIFY, "arp_notify"),
2589 DEVINET_SYSCTL_RW_ENTRY(ARP_EVICT_NOCARRIER,
2590 "arp_evict_nocarrier"),
2591 DEVINET_SYSCTL_RW_ENTRY(PROXY_ARP_PVLAN, "proxy_arp_pvlan"),
2592 DEVINET_SYSCTL_RW_ENTRY(FORCE_IGMP_VERSION,
2593 "force_igmp_version"),
2594 DEVINET_SYSCTL_RW_ENTRY(IGMPV2_UNSOLICITED_REPORT_INTERVAL,
2595 "igmpv2_unsolicited_report_interval"),
2596 DEVINET_SYSCTL_RW_ENTRY(IGMPV3_UNSOLICITED_REPORT_INTERVAL,
2597 "igmpv3_unsolicited_report_interval"),
2598 DEVINET_SYSCTL_RW_ENTRY(IGNORE_ROUTES_WITH_LINKDOWN,
2599 "ignore_routes_with_linkdown"),
2600 DEVINET_SYSCTL_RW_ENTRY(DROP_GRATUITOUS_ARP,
2601 "drop_gratuitous_arp"),
2602
2603 DEVINET_SYSCTL_FLUSHING_ENTRY(NOXFRM, "disable_xfrm"),
2604 DEVINET_SYSCTL_FLUSHING_ENTRY(NOPOLICY, "disable_policy"),
2605 DEVINET_SYSCTL_FLUSHING_ENTRY(PROMOTE_SECONDARIES,
2606 "promote_secondaries"),
2607 DEVINET_SYSCTL_FLUSHING_ENTRY(ROUTE_LOCALNET,
2608 "route_localnet"),
2609 DEVINET_SYSCTL_FLUSHING_ENTRY(DROP_UNICAST_IN_L2_MULTICAST,
2610 "drop_unicast_in_l2_multicast"),
2611 },
2612 };
2613
__devinet_sysctl_register(struct net * net,char * dev_name,int ifindex,struct ipv4_devconf * p)2614 static int __devinet_sysctl_register(struct net *net, char *dev_name,
2615 int ifindex, struct ipv4_devconf *p)
2616 {
2617 int i;
2618 struct devinet_sysctl_table *t;
2619 char path[sizeof("net/ipv4/conf/") + IFNAMSIZ];
2620
2621 t = kmemdup(&devinet_sysctl, sizeof(*t), GFP_KERNEL_ACCOUNT);
2622 if (!t)
2623 goto out;
2624
2625 for (i = 0; i < ARRAY_SIZE(t->devinet_vars) - 1; i++) {
2626 t->devinet_vars[i].data += (char *)p - (char *)&ipv4_devconf;
2627 t->devinet_vars[i].extra1 = p;
2628 t->devinet_vars[i].extra2 = net;
2629 }
2630
2631 snprintf(path, sizeof(path), "net/ipv4/conf/%s", dev_name);
2632
2633 t->sysctl_header = register_net_sysctl(net, path, t->devinet_vars);
2634 if (!t->sysctl_header)
2635 goto free;
2636
2637 p->sysctl = t;
2638
2639 inet_netconf_notify_devconf(net, RTM_NEWNETCONF, NETCONFA_ALL,
2640 ifindex, p);
2641 return 0;
2642
2643 free:
2644 kfree(t);
2645 out:
2646 return -ENOMEM;
2647 }
2648
__devinet_sysctl_unregister(struct net * net,struct ipv4_devconf * cnf,int ifindex)2649 static void __devinet_sysctl_unregister(struct net *net,
2650 struct ipv4_devconf *cnf, int ifindex)
2651 {
2652 struct devinet_sysctl_table *t = cnf->sysctl;
2653
2654 if (t) {
2655 cnf->sysctl = NULL;
2656 unregister_net_sysctl_table(t->sysctl_header);
2657 kfree(t);
2658 }
2659
2660 inet_netconf_notify_devconf(net, RTM_DELNETCONF, 0, ifindex, NULL);
2661 }
2662
devinet_sysctl_register(struct in_device * idev)2663 static int devinet_sysctl_register(struct in_device *idev)
2664 {
2665 int err;
2666
2667 if (!sysctl_dev_name_is_allowed(idev->dev->name))
2668 return -EINVAL;
2669
2670 err = neigh_sysctl_register(idev->dev, idev->arp_parms, NULL);
2671 if (err)
2672 return err;
2673 err = __devinet_sysctl_register(dev_net(idev->dev), idev->dev->name,
2674 idev->dev->ifindex, &idev->cnf);
2675 if (err)
2676 neigh_sysctl_unregister(idev->arp_parms);
2677 return err;
2678 }
2679
devinet_sysctl_unregister(struct in_device * idev)2680 static void devinet_sysctl_unregister(struct in_device *idev)
2681 {
2682 struct net *net = dev_net(idev->dev);
2683
2684 __devinet_sysctl_unregister(net, &idev->cnf, idev->dev->ifindex);
2685 neigh_sysctl_unregister(idev->arp_parms);
2686 }
2687
2688 static struct ctl_table ctl_forward_entry[] = {
2689 {
2690 .procname = "ip_forward",
2691 .data = &ipv4_devconf.data[
2692 IPV4_DEVCONF_FORWARDING - 1],
2693 .maxlen = sizeof(int),
2694 .mode = 0644,
2695 .proc_handler = devinet_sysctl_forward,
2696 .extra1 = &ipv4_devconf,
2697 .extra2 = &init_net,
2698 },
2699 { },
2700 };
2701 #endif
2702
devinet_init_net(struct net * net)2703 static __net_init int devinet_init_net(struct net *net)
2704 {
2705 int err;
2706 struct ipv4_devconf *all, *dflt;
2707 #ifdef CONFIG_SYSCTL
2708 struct ctl_table *tbl;
2709 struct ctl_table_header *forw_hdr;
2710 #endif
2711
2712 err = -ENOMEM;
2713 all = kmemdup(&ipv4_devconf, sizeof(ipv4_devconf), GFP_KERNEL);
2714 if (!all)
2715 goto err_alloc_all;
2716
2717 dflt = kmemdup(&ipv4_devconf_dflt, sizeof(ipv4_devconf_dflt), GFP_KERNEL);
2718 if (!dflt)
2719 goto err_alloc_dflt;
2720
2721 #ifdef CONFIG_SYSCTL
2722 tbl = kmemdup(ctl_forward_entry, sizeof(ctl_forward_entry), GFP_KERNEL);
2723 if (!tbl)
2724 goto err_alloc_ctl;
2725
2726 tbl[0].data = &all->data[IPV4_DEVCONF_FORWARDING - 1];
2727 tbl[0].extra1 = all;
2728 tbl[0].extra2 = net;
2729 #endif
2730
2731 if (!net_eq(net, &init_net)) {
2732 switch (net_inherit_devconf()) {
2733 case 3:
2734 /* copy from the current netns */
2735 memcpy(all, current->nsproxy->net_ns->ipv4.devconf_all,
2736 sizeof(ipv4_devconf));
2737 memcpy(dflt,
2738 current->nsproxy->net_ns->ipv4.devconf_dflt,
2739 sizeof(ipv4_devconf_dflt));
2740 break;
2741 case 0:
2742 case 1:
2743 /* copy from init_net */
2744 memcpy(all, init_net.ipv4.devconf_all,
2745 sizeof(ipv4_devconf));
2746 memcpy(dflt, init_net.ipv4.devconf_dflt,
2747 sizeof(ipv4_devconf_dflt));
2748 break;
2749 case 2:
2750 /* use compiled values */
2751 break;
2752 }
2753 }
2754
2755 #ifdef CONFIG_SYSCTL
2756 err = __devinet_sysctl_register(net, "all", NETCONFA_IFINDEX_ALL, all);
2757 if (err < 0)
2758 goto err_reg_all;
2759
2760 err = __devinet_sysctl_register(net, "default",
2761 NETCONFA_IFINDEX_DEFAULT, dflt);
2762 if (err < 0)
2763 goto err_reg_dflt;
2764
2765 err = -ENOMEM;
2766 forw_hdr = register_net_sysctl_sz(net, "net/ipv4", tbl,
2767 ARRAY_SIZE(ctl_forward_entry));
2768 if (!forw_hdr)
2769 goto err_reg_ctl;
2770 net->ipv4.forw_hdr = forw_hdr;
2771 #endif
2772
2773 net->ipv4.devconf_all = all;
2774 net->ipv4.devconf_dflt = dflt;
2775 return 0;
2776
2777 #ifdef CONFIG_SYSCTL
2778 err_reg_ctl:
2779 __devinet_sysctl_unregister(net, dflt, NETCONFA_IFINDEX_DEFAULT);
2780 err_reg_dflt:
2781 __devinet_sysctl_unregister(net, all, NETCONFA_IFINDEX_ALL);
2782 err_reg_all:
2783 kfree(tbl);
2784 err_alloc_ctl:
2785 #endif
2786 kfree(dflt);
2787 err_alloc_dflt:
2788 kfree(all);
2789 err_alloc_all:
2790 return err;
2791 }
2792
devinet_exit_net(struct net * net)2793 static __net_exit void devinet_exit_net(struct net *net)
2794 {
2795 #ifdef CONFIG_SYSCTL
2796 struct ctl_table *tbl;
2797
2798 tbl = net->ipv4.forw_hdr->ctl_table_arg;
2799 unregister_net_sysctl_table(net->ipv4.forw_hdr);
2800 __devinet_sysctl_unregister(net, net->ipv4.devconf_dflt,
2801 NETCONFA_IFINDEX_DEFAULT);
2802 __devinet_sysctl_unregister(net, net->ipv4.devconf_all,
2803 NETCONFA_IFINDEX_ALL);
2804 kfree(tbl);
2805 #endif
2806 kfree(net->ipv4.devconf_dflt);
2807 kfree(net->ipv4.devconf_all);
2808 }
2809
2810 static __net_initdata struct pernet_operations devinet_ops = {
2811 .init = devinet_init_net,
2812 .exit = devinet_exit_net,
2813 };
2814
2815 static struct rtnl_af_ops inet_af_ops __read_mostly = {
2816 .family = AF_INET,
2817 .fill_link_af = inet_fill_link_af,
2818 .get_link_af_size = inet_get_link_af_size,
2819 .validate_link_af = inet_validate_link_af,
2820 .set_link_af = inet_set_link_af,
2821 };
2822
devinet_init(void)2823 void __init devinet_init(void)
2824 {
2825 int i;
2826
2827 for (i = 0; i < IN4_ADDR_HSIZE; i++)
2828 INIT_HLIST_HEAD(&inet_addr_lst[i]);
2829
2830 register_pernet_subsys(&devinet_ops);
2831 register_netdevice_notifier(&ip_netdev_notifier);
2832
2833 queue_delayed_work(system_power_efficient_wq, &check_lifetime_work, 0);
2834
2835 rtnl_af_register(&inet_af_ops);
2836
2837 rtnl_register(PF_INET, RTM_NEWADDR, inet_rtm_newaddr, NULL, 0);
2838 rtnl_register(PF_INET, RTM_DELADDR, inet_rtm_deladdr, NULL, 0);
2839 rtnl_register(PF_INET, RTM_GETADDR, NULL, inet_dump_ifaddr, 0);
2840 rtnl_register(PF_INET, RTM_GETNETCONF, inet_netconf_get_devconf,
2841 inet_netconf_dump_devconf, 0);
2842 }
2843