1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * NET3 IP device support routines.
4 *
5 * Derived from the IP parts of dev.c 1.0.19
6 * Authors: Ross Biro
7 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
8 * Mark Evans, <evansmp@uhura.aston.ac.uk>
9 *
10 * Additional Authors:
11 * Alan Cox, <gw4pts@gw4pts.ampr.org>
12 * Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>
13 *
14 * Changes:
15 * Alexey Kuznetsov: pa_* fields are replaced with ifaddr
16 * lists.
17 * Cyrus Durgin: updated for kmod
18 * Matthias Andree: in devinet_ioctl, compare label and
19 * address (4.4BSD alias style support),
20 * fall back to comparing just the label
21 * if no match found.
22 */
23
24
25 #include <linux/uaccess.h>
26 #include <linux/bitops.h>
27 #include <linux/capability.h>
28 #include <linux/module.h>
29 #include <linux/types.h>
30 #include <linux/kernel.h>
31 #include <linux/sched/signal.h>
32 #include <linux/string.h>
33 #include <linux/mm.h>
34 #include <linux/socket.h>
35 #include <linux/sockios.h>
36 #include <linux/in.h>
37 #include <linux/errno.h>
38 #include <linux/interrupt.h>
39 #include <linux/if_addr.h>
40 #include <linux/if_ether.h>
41 #include <linux/inet.h>
42 #include <linux/netdevice.h>
43 #include <linux/etherdevice.h>
44 #include <linux/skbuff.h>
45 #include <linux/init.h>
46 #include <linux/notifier.h>
47 #include <linux/inetdevice.h>
48 #include <linux/igmp.h>
49 #include <linux/slab.h>
50 #include <linux/hash.h>
51 #ifdef CONFIG_SYSCTL
52 #include <linux/sysctl.h>
53 #endif
54 #include <linux/kmod.h>
55 #include <linux/netconf.h>
56
57 #include <net/arp.h>
58 #include <net/ip.h>
59 #include <net/route.h>
60 #include <net/ip_fib.h>
61 #include <net/rtnetlink.h>
62 #include <net/net_namespace.h>
63 #include <net/addrconf.h>
64
65 #define IPV6ONLY_FLAGS \
66 (IFA_F_NODAD | IFA_F_OPTIMISTIC | IFA_F_DADFAILED | \
67 IFA_F_HOMEADDRESS | IFA_F_TENTATIVE | \
68 IFA_F_MANAGETEMPADDR | IFA_F_STABLE_PRIVACY)
69
70 static struct ipv4_devconf ipv4_devconf = {
71 .data = {
72 [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 1,
73 [IPV4_DEVCONF_SEND_REDIRECTS - 1] = 1,
74 [IPV4_DEVCONF_SECURE_REDIRECTS - 1] = 1,
75 [IPV4_DEVCONF_SHARED_MEDIA - 1] = 1,
76 [IPV4_DEVCONF_IGMPV2_UNSOLICITED_REPORT_INTERVAL - 1] = 10000 /*ms*/,
77 [IPV4_DEVCONF_IGMPV3_UNSOLICITED_REPORT_INTERVAL - 1] = 1000 /*ms*/,
78 [IPV4_DEVCONF_ARP_EVICT_NOCARRIER - 1] = 1,
79 },
80 };
81
82 static struct ipv4_devconf ipv4_devconf_dflt = {
83 .data = {
84 [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 1,
85 [IPV4_DEVCONF_SEND_REDIRECTS - 1] = 1,
86 [IPV4_DEVCONF_SECURE_REDIRECTS - 1] = 1,
87 [IPV4_DEVCONF_SHARED_MEDIA - 1] = 1,
88 [IPV4_DEVCONF_ACCEPT_SOURCE_ROUTE - 1] = 1,
89 [IPV4_DEVCONF_IGMPV2_UNSOLICITED_REPORT_INTERVAL - 1] = 10000 /*ms*/,
90 [IPV4_DEVCONF_IGMPV3_UNSOLICITED_REPORT_INTERVAL - 1] = 1000 /*ms*/,
91 [IPV4_DEVCONF_ARP_EVICT_NOCARRIER - 1] = 1,
92 },
93 };
94
95 #define IPV4_DEVCONF_DFLT(net, attr) \
96 IPV4_DEVCONF((*net->ipv4.devconf_dflt), attr)
97
98 static const struct nla_policy ifa_ipv4_policy[IFA_MAX+1] = {
99 [IFA_LOCAL] = { .type = NLA_U32 },
100 [IFA_ADDRESS] = { .type = NLA_U32 },
101 [IFA_BROADCAST] = { .type = NLA_U32 },
102 [IFA_LABEL] = { .type = NLA_STRING, .len = IFNAMSIZ - 1 },
103 [IFA_CACHEINFO] = { .len = sizeof(struct ifa_cacheinfo) },
104 [IFA_FLAGS] = { .type = NLA_U32 },
105 [IFA_RT_PRIORITY] = { .type = NLA_U32 },
106 [IFA_TARGET_NETNSID] = { .type = NLA_S32 },
107 [IFA_PROTO] = { .type = NLA_U8 },
108 };
109
110 struct inet_fill_args {
111 u32 portid;
112 u32 seq;
113 int event;
114 unsigned int flags;
115 int netnsid;
116 int ifindex;
117 };
118
119 #define IN4_ADDR_HSIZE_SHIFT 8
120 #define IN4_ADDR_HSIZE (1U << IN4_ADDR_HSIZE_SHIFT)
121
122 static struct hlist_head inet_addr_lst[IN4_ADDR_HSIZE];
123
inet_addr_hash(const struct net * net,__be32 addr)124 static u32 inet_addr_hash(const struct net *net, __be32 addr)
125 {
126 u32 val = (__force u32) addr ^ net_hash_mix(net);
127
128 return hash_32(val, IN4_ADDR_HSIZE_SHIFT);
129 }
130
inet_hash_insert(struct net * net,struct in_ifaddr * ifa)131 static void inet_hash_insert(struct net *net, struct in_ifaddr *ifa)
132 {
133 u32 hash = inet_addr_hash(net, ifa->ifa_local);
134
135 ASSERT_RTNL();
136 hlist_add_head_rcu(&ifa->hash, &inet_addr_lst[hash]);
137 }
138
inet_hash_remove(struct in_ifaddr * ifa)139 static void inet_hash_remove(struct in_ifaddr *ifa)
140 {
141 ASSERT_RTNL();
142 hlist_del_init_rcu(&ifa->hash);
143 }
144
145 /**
146 * __ip_dev_find - find the first device with a given source address.
147 * @net: the net namespace
148 * @addr: the source address
149 * @devref: if true, take a reference on the found device
150 *
151 * If a caller uses devref=false, it should be protected by RCU, or RTNL
152 */
__ip_dev_find(struct net * net,__be32 addr,bool devref)153 struct net_device *__ip_dev_find(struct net *net, __be32 addr, bool devref)
154 {
155 struct net_device *result = NULL;
156 struct in_ifaddr *ifa;
157
158 rcu_read_lock();
159 ifa = inet_lookup_ifaddr_rcu(net, addr);
160 if (!ifa) {
161 struct flowi4 fl4 = { .daddr = addr };
162 struct fib_result res = { 0 };
163 struct fib_table *local;
164
165 /* Fallback to FIB local table so that communication
166 * over loopback subnets work.
167 */
168 local = fib_get_table(net, RT_TABLE_LOCAL);
169 if (local &&
170 !fib_table_lookup(local, &fl4, &res, FIB_LOOKUP_NOREF) &&
171 res.type == RTN_LOCAL)
172 result = FIB_RES_DEV(res);
173 } else {
174 result = ifa->ifa_dev->dev;
175 }
176 if (result && devref)
177 dev_hold(result);
178 rcu_read_unlock();
179 return result;
180 }
181 EXPORT_SYMBOL(__ip_dev_find);
182
183 /* called under RCU lock */
inet_lookup_ifaddr_rcu(struct net * net,__be32 addr)184 struct in_ifaddr *inet_lookup_ifaddr_rcu(struct net *net, __be32 addr)
185 {
186 u32 hash = inet_addr_hash(net, addr);
187 struct in_ifaddr *ifa;
188
189 hlist_for_each_entry_rcu(ifa, &inet_addr_lst[hash], hash)
190 if (ifa->ifa_local == addr &&
191 net_eq(dev_net(ifa->ifa_dev->dev), net))
192 return ifa;
193
194 return NULL;
195 }
196
197 static void rtmsg_ifa(int event, struct in_ifaddr *, struct nlmsghdr *, u32);
198
199 static BLOCKING_NOTIFIER_HEAD(inetaddr_chain);
200 static BLOCKING_NOTIFIER_HEAD(inetaddr_validator_chain);
201 static void inet_del_ifa(struct in_device *in_dev,
202 struct in_ifaddr __rcu **ifap,
203 int destroy);
204 #ifdef CONFIG_SYSCTL
205 static int devinet_sysctl_register(struct in_device *idev);
206 static void devinet_sysctl_unregister(struct in_device *idev);
207 #else
devinet_sysctl_register(struct in_device * idev)208 static int devinet_sysctl_register(struct in_device *idev)
209 {
210 return 0;
211 }
devinet_sysctl_unregister(struct in_device * idev)212 static void devinet_sysctl_unregister(struct in_device *idev)
213 {
214 }
215 #endif
216
217 /* Locks all the inet devices. */
218
inet_alloc_ifa(void)219 static struct in_ifaddr *inet_alloc_ifa(void)
220 {
221 return kzalloc(sizeof(struct in_ifaddr), GFP_KERNEL_ACCOUNT);
222 }
223
inet_rcu_free_ifa(struct rcu_head * head)224 static void inet_rcu_free_ifa(struct rcu_head *head)
225 {
226 struct in_ifaddr *ifa = container_of(head, struct in_ifaddr, rcu_head);
227 if (ifa->ifa_dev)
228 in_dev_put(ifa->ifa_dev);
229 kfree(ifa);
230 }
231
inet_free_ifa(struct in_ifaddr * ifa)232 static void inet_free_ifa(struct in_ifaddr *ifa)
233 {
234 call_rcu(&ifa->rcu_head, inet_rcu_free_ifa);
235 }
236
in_dev_free_rcu(struct rcu_head * head)237 static void in_dev_free_rcu(struct rcu_head *head)
238 {
239 struct in_device *idev = container_of(head, struct in_device, rcu_head);
240
241 kfree(rcu_dereference_protected(idev->mc_hash, 1));
242 kfree(idev);
243 }
244
in_dev_finish_destroy(struct in_device * idev)245 void in_dev_finish_destroy(struct in_device *idev)
246 {
247 struct net_device *dev = idev->dev;
248
249 WARN_ON(idev->ifa_list);
250 WARN_ON(idev->mc_list);
251 #ifdef NET_REFCNT_DEBUG
252 pr_debug("%s: %p=%s\n", __func__, idev, dev ? dev->name : "NIL");
253 #endif
254 netdev_put(dev, &idev->dev_tracker);
255 if (!idev->dead)
256 pr_err("Freeing alive in_device %p\n", idev);
257 else
258 call_rcu(&idev->rcu_head, in_dev_free_rcu);
259 }
260 EXPORT_SYMBOL(in_dev_finish_destroy);
261
inetdev_init(struct net_device * dev)262 static struct in_device *inetdev_init(struct net_device *dev)
263 {
264 struct in_device *in_dev;
265 int err = -ENOMEM;
266
267 ASSERT_RTNL();
268
269 in_dev = kzalloc(sizeof(*in_dev), GFP_KERNEL);
270 if (!in_dev)
271 goto out;
272 memcpy(&in_dev->cnf, dev_net(dev)->ipv4.devconf_dflt,
273 sizeof(in_dev->cnf));
274 in_dev->cnf.sysctl = NULL;
275 in_dev->dev = dev;
276 in_dev->arp_parms = neigh_parms_alloc(dev, &arp_tbl);
277 if (!in_dev->arp_parms)
278 goto out_kfree;
279 if (IPV4_DEVCONF(in_dev->cnf, FORWARDING))
280 dev_disable_lro(dev);
281 /* Reference in_dev->dev */
282 netdev_hold(dev, &in_dev->dev_tracker, GFP_KERNEL);
283 /* Account for reference dev->ip_ptr (below) */
284 refcount_set(&in_dev->refcnt, 1);
285
286 if (dev != blackhole_netdev) {
287 err = devinet_sysctl_register(in_dev);
288 if (err) {
289 in_dev->dead = 1;
290 neigh_parms_release(&arp_tbl, in_dev->arp_parms);
291 in_dev_put(in_dev);
292 in_dev = NULL;
293 goto out;
294 }
295 ip_mc_init_dev(in_dev);
296 if (dev->flags & IFF_UP)
297 ip_mc_up(in_dev);
298 }
299
300 /* we can receive as soon as ip_ptr is set -- do this last */
301 rcu_assign_pointer(dev->ip_ptr, in_dev);
302 out:
303 return in_dev ?: ERR_PTR(err);
304 out_kfree:
305 kfree(in_dev);
306 in_dev = NULL;
307 goto out;
308 }
309
inetdev_destroy(struct in_device * in_dev)310 static void inetdev_destroy(struct in_device *in_dev)
311 {
312 struct net_device *dev;
313 struct in_ifaddr *ifa;
314
315 ASSERT_RTNL();
316
317 dev = in_dev->dev;
318
319 in_dev->dead = 1;
320
321 ip_mc_destroy_dev(in_dev);
322
323 while ((ifa = rtnl_dereference(in_dev->ifa_list)) != NULL) {
324 inet_del_ifa(in_dev, &in_dev->ifa_list, 0);
325 inet_free_ifa(ifa);
326 }
327
328 RCU_INIT_POINTER(dev->ip_ptr, NULL);
329
330 devinet_sysctl_unregister(in_dev);
331 neigh_parms_release(&arp_tbl, in_dev->arp_parms);
332 arp_ifdown(dev);
333
334 in_dev_put(in_dev);
335 }
336
inet_blackhole_dev_init(void)337 static int __init inet_blackhole_dev_init(void)
338 {
339 int err = 0;
340
341 rtnl_lock();
342 if (!inetdev_init(blackhole_netdev))
343 err = -ENOMEM;
344 rtnl_unlock();
345
346 return err;
347 }
348 late_initcall(inet_blackhole_dev_init);
349
inet_addr_onlink(struct in_device * in_dev,__be32 a,__be32 b)350 int inet_addr_onlink(struct in_device *in_dev, __be32 a, __be32 b)
351 {
352 const struct in_ifaddr *ifa;
353
354 rcu_read_lock();
355 in_dev_for_each_ifa_rcu(ifa, in_dev) {
356 if (inet_ifa_match(a, ifa)) {
357 if (!b || inet_ifa_match(b, ifa)) {
358 rcu_read_unlock();
359 return 1;
360 }
361 }
362 }
363 rcu_read_unlock();
364 return 0;
365 }
366
__inet_del_ifa(struct in_device * in_dev,struct in_ifaddr __rcu ** ifap,int destroy,struct nlmsghdr * nlh,u32 portid)367 static void __inet_del_ifa(struct in_device *in_dev,
368 struct in_ifaddr __rcu **ifap,
369 int destroy, struct nlmsghdr *nlh, u32 portid)
370 {
371 struct in_ifaddr *promote = NULL;
372 struct in_ifaddr *ifa, *ifa1;
373 struct in_ifaddr __rcu **last_prim;
374 struct in_ifaddr *prev_prom = NULL;
375 int do_promote = IN_DEV_PROMOTE_SECONDARIES(in_dev);
376
377 ASSERT_RTNL();
378
379 ifa1 = rtnl_dereference(*ifap);
380 last_prim = ifap;
381 if (in_dev->dead)
382 goto no_promotions;
383
384 /* 1. Deleting primary ifaddr forces deletion all secondaries
385 * unless alias promotion is set
386 **/
387
388 if (!(ifa1->ifa_flags & IFA_F_SECONDARY)) {
389 struct in_ifaddr __rcu **ifap1 = &ifa1->ifa_next;
390
391 while ((ifa = rtnl_dereference(*ifap1)) != NULL) {
392 if (!(ifa->ifa_flags & IFA_F_SECONDARY) &&
393 ifa1->ifa_scope <= ifa->ifa_scope)
394 last_prim = &ifa->ifa_next;
395
396 if (!(ifa->ifa_flags & IFA_F_SECONDARY) ||
397 ifa1->ifa_mask != ifa->ifa_mask ||
398 !inet_ifa_match(ifa1->ifa_address, ifa)) {
399 ifap1 = &ifa->ifa_next;
400 prev_prom = ifa;
401 continue;
402 }
403
404 if (!do_promote) {
405 inet_hash_remove(ifa);
406 *ifap1 = ifa->ifa_next;
407
408 rtmsg_ifa(RTM_DELADDR, ifa, nlh, portid);
409 blocking_notifier_call_chain(&inetaddr_chain,
410 NETDEV_DOWN, ifa);
411 inet_free_ifa(ifa);
412 } else {
413 promote = ifa;
414 break;
415 }
416 }
417 }
418
419 /* On promotion all secondaries from subnet are changing
420 * the primary IP, we must remove all their routes silently
421 * and later to add them back with new prefsrc. Do this
422 * while all addresses are on the device list.
423 */
424 for (ifa = promote; ifa; ifa = rtnl_dereference(ifa->ifa_next)) {
425 if (ifa1->ifa_mask == ifa->ifa_mask &&
426 inet_ifa_match(ifa1->ifa_address, ifa))
427 fib_del_ifaddr(ifa, ifa1);
428 }
429
430 no_promotions:
431 /* 2. Unlink it */
432
433 *ifap = ifa1->ifa_next;
434 inet_hash_remove(ifa1);
435
436 /* 3. Announce address deletion */
437
438 /* Send message first, then call notifier.
439 At first sight, FIB update triggered by notifier
440 will refer to already deleted ifaddr, that could confuse
441 netlink listeners. It is not true: look, gated sees
442 that route deleted and if it still thinks that ifaddr
443 is valid, it will try to restore deleted routes... Grr.
444 So that, this order is correct.
445 */
446 rtmsg_ifa(RTM_DELADDR, ifa1, nlh, portid);
447 blocking_notifier_call_chain(&inetaddr_chain, NETDEV_DOWN, ifa1);
448
449 if (promote) {
450 struct in_ifaddr *next_sec;
451
452 next_sec = rtnl_dereference(promote->ifa_next);
453 if (prev_prom) {
454 struct in_ifaddr *last_sec;
455
456 rcu_assign_pointer(prev_prom->ifa_next, next_sec);
457
458 last_sec = rtnl_dereference(*last_prim);
459 rcu_assign_pointer(promote->ifa_next, last_sec);
460 rcu_assign_pointer(*last_prim, promote);
461 }
462
463 promote->ifa_flags &= ~IFA_F_SECONDARY;
464 rtmsg_ifa(RTM_NEWADDR, promote, nlh, portid);
465 blocking_notifier_call_chain(&inetaddr_chain,
466 NETDEV_UP, promote);
467 for (ifa = next_sec; ifa;
468 ifa = rtnl_dereference(ifa->ifa_next)) {
469 if (ifa1->ifa_mask != ifa->ifa_mask ||
470 !inet_ifa_match(ifa1->ifa_address, ifa))
471 continue;
472 fib_add_ifaddr(ifa);
473 }
474
475 }
476 if (destroy)
477 inet_free_ifa(ifa1);
478 }
479
inet_del_ifa(struct in_device * in_dev,struct in_ifaddr __rcu ** ifap,int destroy)480 static void inet_del_ifa(struct in_device *in_dev,
481 struct in_ifaddr __rcu **ifap,
482 int destroy)
483 {
484 __inet_del_ifa(in_dev, ifap, destroy, NULL, 0);
485 }
486
487 static void check_lifetime(struct work_struct *work);
488
489 static DECLARE_DELAYED_WORK(check_lifetime_work, check_lifetime);
490
__inet_insert_ifa(struct in_ifaddr * ifa,struct nlmsghdr * nlh,u32 portid,struct netlink_ext_ack * extack)491 static int __inet_insert_ifa(struct in_ifaddr *ifa, struct nlmsghdr *nlh,
492 u32 portid, struct netlink_ext_ack *extack)
493 {
494 struct in_ifaddr __rcu **last_primary, **ifap;
495 struct in_device *in_dev = ifa->ifa_dev;
496 struct in_validator_info ivi;
497 struct in_ifaddr *ifa1;
498 int ret;
499
500 ASSERT_RTNL();
501
502 if (!ifa->ifa_local) {
503 inet_free_ifa(ifa);
504 return 0;
505 }
506
507 ifa->ifa_flags &= ~IFA_F_SECONDARY;
508 last_primary = &in_dev->ifa_list;
509
510 /* Don't set IPv6 only flags to IPv4 addresses */
511 ifa->ifa_flags &= ~IPV6ONLY_FLAGS;
512
513 ifap = &in_dev->ifa_list;
514 ifa1 = rtnl_dereference(*ifap);
515
516 while (ifa1) {
517 if (!(ifa1->ifa_flags & IFA_F_SECONDARY) &&
518 ifa->ifa_scope <= ifa1->ifa_scope)
519 last_primary = &ifa1->ifa_next;
520 if (ifa1->ifa_mask == ifa->ifa_mask &&
521 inet_ifa_match(ifa1->ifa_address, ifa)) {
522 if (ifa1->ifa_local == ifa->ifa_local) {
523 inet_free_ifa(ifa);
524 return -EEXIST;
525 }
526 if (ifa1->ifa_scope != ifa->ifa_scope) {
527 NL_SET_ERR_MSG(extack, "ipv4: Invalid scope value");
528 inet_free_ifa(ifa);
529 return -EINVAL;
530 }
531 ifa->ifa_flags |= IFA_F_SECONDARY;
532 }
533
534 ifap = &ifa1->ifa_next;
535 ifa1 = rtnl_dereference(*ifap);
536 }
537
538 /* Allow any devices that wish to register ifaddr validtors to weigh
539 * in now, before changes are committed. The rntl lock is serializing
540 * access here, so the state should not change between a validator call
541 * and a final notify on commit. This isn't invoked on promotion under
542 * the assumption that validators are checking the address itself, and
543 * not the flags.
544 */
545 ivi.ivi_addr = ifa->ifa_address;
546 ivi.ivi_dev = ifa->ifa_dev;
547 ivi.extack = extack;
548 ret = blocking_notifier_call_chain(&inetaddr_validator_chain,
549 NETDEV_UP, &ivi);
550 ret = notifier_to_errno(ret);
551 if (ret) {
552 inet_free_ifa(ifa);
553 return ret;
554 }
555
556 if (!(ifa->ifa_flags & IFA_F_SECONDARY))
557 ifap = last_primary;
558
559 rcu_assign_pointer(ifa->ifa_next, *ifap);
560 rcu_assign_pointer(*ifap, ifa);
561
562 inet_hash_insert(dev_net(in_dev->dev), ifa);
563
564 cancel_delayed_work(&check_lifetime_work);
565 queue_delayed_work(system_power_efficient_wq, &check_lifetime_work, 0);
566
567 /* Send message first, then call notifier.
568 Notifier will trigger FIB update, so that
569 listeners of netlink will know about new ifaddr */
570 rtmsg_ifa(RTM_NEWADDR, ifa, nlh, portid);
571 blocking_notifier_call_chain(&inetaddr_chain, NETDEV_UP, ifa);
572
573 return 0;
574 }
575
inet_insert_ifa(struct in_ifaddr * ifa)576 static int inet_insert_ifa(struct in_ifaddr *ifa)
577 {
578 return __inet_insert_ifa(ifa, NULL, 0, NULL);
579 }
580
inet_set_ifa(struct net_device * dev,struct in_ifaddr * ifa)581 static int inet_set_ifa(struct net_device *dev, struct in_ifaddr *ifa)
582 {
583 struct in_device *in_dev = __in_dev_get_rtnl(dev);
584
585 ASSERT_RTNL();
586
587 ipv4_devconf_setall(in_dev);
588 neigh_parms_data_state_setall(in_dev->arp_parms);
589 if (ifa->ifa_dev != in_dev) {
590 WARN_ON(ifa->ifa_dev);
591 in_dev_hold(in_dev);
592 ifa->ifa_dev = in_dev;
593 }
594 if (ipv4_is_loopback(ifa->ifa_local))
595 ifa->ifa_scope = RT_SCOPE_HOST;
596 return inet_insert_ifa(ifa);
597 }
598
599 /* Caller must hold RCU or RTNL :
600 * We dont take a reference on found in_device
601 */
inetdev_by_index(struct net * net,int ifindex)602 struct in_device *inetdev_by_index(struct net *net, int ifindex)
603 {
604 struct net_device *dev;
605 struct in_device *in_dev = NULL;
606
607 rcu_read_lock();
608 dev = dev_get_by_index_rcu(net, ifindex);
609 if (dev)
610 in_dev = rcu_dereference_rtnl(dev->ip_ptr);
611 rcu_read_unlock();
612 return in_dev;
613 }
614 EXPORT_SYMBOL(inetdev_by_index);
615
616 /* Called only from RTNL semaphored context. No locks. */
617
inet_ifa_byprefix(struct in_device * in_dev,__be32 prefix,__be32 mask)618 struct in_ifaddr *inet_ifa_byprefix(struct in_device *in_dev, __be32 prefix,
619 __be32 mask)
620 {
621 struct in_ifaddr *ifa;
622
623 ASSERT_RTNL();
624
625 in_dev_for_each_ifa_rtnl(ifa, in_dev) {
626 if (ifa->ifa_mask == mask && inet_ifa_match(prefix, ifa))
627 return ifa;
628 }
629 return NULL;
630 }
631
ip_mc_autojoin_config(struct net * net,bool join,const struct in_ifaddr * ifa)632 static int ip_mc_autojoin_config(struct net *net, bool join,
633 const struct in_ifaddr *ifa)
634 {
635 #if defined(CONFIG_IP_MULTICAST)
636 struct ip_mreqn mreq = {
637 .imr_multiaddr.s_addr = ifa->ifa_address,
638 .imr_ifindex = ifa->ifa_dev->dev->ifindex,
639 };
640 struct sock *sk = net->ipv4.mc_autojoin_sk;
641 int ret;
642
643 ASSERT_RTNL();
644
645 lock_sock(sk);
646 if (join)
647 ret = ip_mc_join_group(sk, &mreq);
648 else
649 ret = ip_mc_leave_group(sk, &mreq);
650 release_sock(sk);
651
652 return ret;
653 #else
654 return -EOPNOTSUPP;
655 #endif
656 }
657
inet_rtm_deladdr(struct sk_buff * skb,struct nlmsghdr * nlh,struct netlink_ext_ack * extack)658 static int inet_rtm_deladdr(struct sk_buff *skb, struct nlmsghdr *nlh,
659 struct netlink_ext_ack *extack)
660 {
661 struct net *net = sock_net(skb->sk);
662 struct in_ifaddr __rcu **ifap;
663 struct nlattr *tb[IFA_MAX+1];
664 struct in_device *in_dev;
665 struct ifaddrmsg *ifm;
666 struct in_ifaddr *ifa;
667 int err;
668
669 ASSERT_RTNL();
670
671 err = nlmsg_parse_deprecated(nlh, sizeof(*ifm), tb, IFA_MAX,
672 ifa_ipv4_policy, extack);
673 if (err < 0)
674 goto errout;
675
676 ifm = nlmsg_data(nlh);
677 in_dev = inetdev_by_index(net, ifm->ifa_index);
678 if (!in_dev) {
679 NL_SET_ERR_MSG(extack, "ipv4: Device not found");
680 err = -ENODEV;
681 goto errout;
682 }
683
684 for (ifap = &in_dev->ifa_list; (ifa = rtnl_dereference(*ifap)) != NULL;
685 ifap = &ifa->ifa_next) {
686 if (tb[IFA_LOCAL] &&
687 ifa->ifa_local != nla_get_in_addr(tb[IFA_LOCAL]))
688 continue;
689
690 if (tb[IFA_LABEL] && nla_strcmp(tb[IFA_LABEL], ifa->ifa_label))
691 continue;
692
693 if (tb[IFA_ADDRESS] &&
694 (ifm->ifa_prefixlen != ifa->ifa_prefixlen ||
695 !inet_ifa_match(nla_get_in_addr(tb[IFA_ADDRESS]), ifa)))
696 continue;
697
698 if (ipv4_is_multicast(ifa->ifa_address))
699 ip_mc_autojoin_config(net, false, ifa);
700 __inet_del_ifa(in_dev, ifap, 1, nlh, NETLINK_CB(skb).portid);
701 return 0;
702 }
703
704 NL_SET_ERR_MSG(extack, "ipv4: Address not found");
705 err = -EADDRNOTAVAIL;
706 errout:
707 return err;
708 }
709
710 #define INFINITY_LIFE_TIME 0xFFFFFFFF
711
check_lifetime(struct work_struct * work)712 static void check_lifetime(struct work_struct *work)
713 {
714 unsigned long now, next, next_sec, next_sched;
715 struct in_ifaddr *ifa;
716 struct hlist_node *n;
717 int i;
718
719 now = jiffies;
720 next = round_jiffies_up(now + ADDR_CHECK_FREQUENCY);
721
722 for (i = 0; i < IN4_ADDR_HSIZE; i++) {
723 bool change_needed = false;
724
725 rcu_read_lock();
726 hlist_for_each_entry_rcu(ifa, &inet_addr_lst[i], hash) {
727 unsigned long age;
728
729 if (ifa->ifa_flags & IFA_F_PERMANENT)
730 continue;
731
732 /* We try to batch several events at once. */
733 age = (now - ifa->ifa_tstamp +
734 ADDRCONF_TIMER_FUZZ_MINUS) / HZ;
735
736 if (ifa->ifa_valid_lft != INFINITY_LIFE_TIME &&
737 age >= ifa->ifa_valid_lft) {
738 change_needed = true;
739 } else if (ifa->ifa_preferred_lft ==
740 INFINITY_LIFE_TIME) {
741 continue;
742 } else if (age >= ifa->ifa_preferred_lft) {
743 if (time_before(ifa->ifa_tstamp +
744 ifa->ifa_valid_lft * HZ, next))
745 next = ifa->ifa_tstamp +
746 ifa->ifa_valid_lft * HZ;
747
748 if (!(ifa->ifa_flags & IFA_F_DEPRECATED))
749 change_needed = true;
750 } else if (time_before(ifa->ifa_tstamp +
751 ifa->ifa_preferred_lft * HZ,
752 next)) {
753 next = ifa->ifa_tstamp +
754 ifa->ifa_preferred_lft * HZ;
755 }
756 }
757 rcu_read_unlock();
758 if (!change_needed)
759 continue;
760 rtnl_lock();
761 hlist_for_each_entry_safe(ifa, n, &inet_addr_lst[i], hash) {
762 unsigned long age;
763
764 if (ifa->ifa_flags & IFA_F_PERMANENT)
765 continue;
766
767 /* We try to batch several events at once. */
768 age = (now - ifa->ifa_tstamp +
769 ADDRCONF_TIMER_FUZZ_MINUS) / HZ;
770
771 if (ifa->ifa_valid_lft != INFINITY_LIFE_TIME &&
772 age >= ifa->ifa_valid_lft) {
773 struct in_ifaddr __rcu **ifap;
774 struct in_ifaddr *tmp;
775
776 ifap = &ifa->ifa_dev->ifa_list;
777 tmp = rtnl_dereference(*ifap);
778 while (tmp) {
779 if (tmp == ifa) {
780 inet_del_ifa(ifa->ifa_dev,
781 ifap, 1);
782 break;
783 }
784 ifap = &tmp->ifa_next;
785 tmp = rtnl_dereference(*ifap);
786 }
787 } else if (ifa->ifa_preferred_lft !=
788 INFINITY_LIFE_TIME &&
789 age >= ifa->ifa_preferred_lft &&
790 !(ifa->ifa_flags & IFA_F_DEPRECATED)) {
791 ifa->ifa_flags |= IFA_F_DEPRECATED;
792 rtmsg_ifa(RTM_NEWADDR, ifa, NULL, 0);
793 }
794 }
795 rtnl_unlock();
796 }
797
798 next_sec = round_jiffies_up(next);
799 next_sched = next;
800
801 /* If rounded timeout is accurate enough, accept it. */
802 if (time_before(next_sec, next + ADDRCONF_TIMER_FUZZ))
803 next_sched = next_sec;
804
805 now = jiffies;
806 /* And minimum interval is ADDRCONF_TIMER_FUZZ_MAX. */
807 if (time_before(next_sched, now + ADDRCONF_TIMER_FUZZ_MAX))
808 next_sched = now + ADDRCONF_TIMER_FUZZ_MAX;
809
810 queue_delayed_work(system_power_efficient_wq, &check_lifetime_work,
811 next_sched - now);
812 }
813
set_ifa_lifetime(struct in_ifaddr * ifa,__u32 valid_lft,__u32 prefered_lft)814 static void set_ifa_lifetime(struct in_ifaddr *ifa, __u32 valid_lft,
815 __u32 prefered_lft)
816 {
817 unsigned long timeout;
818
819 ifa->ifa_flags &= ~(IFA_F_PERMANENT | IFA_F_DEPRECATED);
820
821 timeout = addrconf_timeout_fixup(valid_lft, HZ);
822 if (addrconf_finite_timeout(timeout))
823 ifa->ifa_valid_lft = timeout;
824 else
825 ifa->ifa_flags |= IFA_F_PERMANENT;
826
827 timeout = addrconf_timeout_fixup(prefered_lft, HZ);
828 if (addrconf_finite_timeout(timeout)) {
829 if (timeout == 0)
830 ifa->ifa_flags |= IFA_F_DEPRECATED;
831 ifa->ifa_preferred_lft = timeout;
832 }
833 ifa->ifa_tstamp = jiffies;
834 if (!ifa->ifa_cstamp)
835 ifa->ifa_cstamp = ifa->ifa_tstamp;
836 }
837
rtm_to_ifaddr(struct net * net,struct nlmsghdr * nlh,__u32 * pvalid_lft,__u32 * pprefered_lft,struct netlink_ext_ack * extack)838 static struct in_ifaddr *rtm_to_ifaddr(struct net *net, struct nlmsghdr *nlh,
839 __u32 *pvalid_lft, __u32 *pprefered_lft,
840 struct netlink_ext_ack *extack)
841 {
842 struct nlattr *tb[IFA_MAX+1];
843 struct in_ifaddr *ifa;
844 struct ifaddrmsg *ifm;
845 struct net_device *dev;
846 struct in_device *in_dev;
847 int err;
848
849 err = nlmsg_parse_deprecated(nlh, sizeof(*ifm), tb, IFA_MAX,
850 ifa_ipv4_policy, extack);
851 if (err < 0)
852 goto errout;
853
854 ifm = nlmsg_data(nlh);
855 err = -EINVAL;
856
857 if (ifm->ifa_prefixlen > 32) {
858 NL_SET_ERR_MSG(extack, "ipv4: Invalid prefix length");
859 goto errout;
860 }
861
862 if (!tb[IFA_LOCAL]) {
863 NL_SET_ERR_MSG(extack, "ipv4: Local address is not supplied");
864 goto errout;
865 }
866
867 dev = __dev_get_by_index(net, ifm->ifa_index);
868 err = -ENODEV;
869 if (!dev) {
870 NL_SET_ERR_MSG(extack, "ipv4: Device not found");
871 goto errout;
872 }
873
874 in_dev = __in_dev_get_rtnl(dev);
875 err = -ENOBUFS;
876 if (!in_dev)
877 goto errout;
878
879 ifa = inet_alloc_ifa();
880 if (!ifa)
881 /*
882 * A potential indev allocation can be left alive, it stays
883 * assigned to its device and is destroy with it.
884 */
885 goto errout;
886
887 ipv4_devconf_setall(in_dev);
888 neigh_parms_data_state_setall(in_dev->arp_parms);
889 in_dev_hold(in_dev);
890
891 if (!tb[IFA_ADDRESS])
892 tb[IFA_ADDRESS] = tb[IFA_LOCAL];
893
894 INIT_HLIST_NODE(&ifa->hash);
895 ifa->ifa_prefixlen = ifm->ifa_prefixlen;
896 ifa->ifa_mask = inet_make_mask(ifm->ifa_prefixlen);
897 ifa->ifa_flags = tb[IFA_FLAGS] ? nla_get_u32(tb[IFA_FLAGS]) :
898 ifm->ifa_flags;
899 ifa->ifa_scope = ifm->ifa_scope;
900 ifa->ifa_dev = in_dev;
901
902 ifa->ifa_local = nla_get_in_addr(tb[IFA_LOCAL]);
903 ifa->ifa_address = nla_get_in_addr(tb[IFA_ADDRESS]);
904
905 if (tb[IFA_BROADCAST])
906 ifa->ifa_broadcast = nla_get_in_addr(tb[IFA_BROADCAST]);
907
908 if (tb[IFA_LABEL])
909 nla_strscpy(ifa->ifa_label, tb[IFA_LABEL], IFNAMSIZ);
910 else
911 memcpy(ifa->ifa_label, dev->name, IFNAMSIZ);
912
913 if (tb[IFA_RT_PRIORITY])
914 ifa->ifa_rt_priority = nla_get_u32(tb[IFA_RT_PRIORITY]);
915
916 if (tb[IFA_PROTO])
917 ifa->ifa_proto = nla_get_u8(tb[IFA_PROTO]);
918
919 if (tb[IFA_CACHEINFO]) {
920 struct ifa_cacheinfo *ci;
921
922 ci = nla_data(tb[IFA_CACHEINFO]);
923 if (!ci->ifa_valid || ci->ifa_prefered > ci->ifa_valid) {
924 NL_SET_ERR_MSG(extack, "ipv4: address lifetime invalid");
925 err = -EINVAL;
926 goto errout_free;
927 }
928 *pvalid_lft = ci->ifa_valid;
929 *pprefered_lft = ci->ifa_prefered;
930 }
931
932 return ifa;
933
934 errout_free:
935 inet_free_ifa(ifa);
936 errout:
937 return ERR_PTR(err);
938 }
939
find_matching_ifa(struct in_ifaddr * ifa)940 static struct in_ifaddr *find_matching_ifa(struct in_ifaddr *ifa)
941 {
942 struct in_device *in_dev = ifa->ifa_dev;
943 struct in_ifaddr *ifa1;
944
945 if (!ifa->ifa_local)
946 return NULL;
947
948 in_dev_for_each_ifa_rtnl(ifa1, in_dev) {
949 if (ifa1->ifa_mask == ifa->ifa_mask &&
950 inet_ifa_match(ifa1->ifa_address, ifa) &&
951 ifa1->ifa_local == ifa->ifa_local)
952 return ifa1;
953 }
954 return NULL;
955 }
956
inet_rtm_newaddr(struct sk_buff * skb,struct nlmsghdr * nlh,struct netlink_ext_ack * extack)957 static int inet_rtm_newaddr(struct sk_buff *skb, struct nlmsghdr *nlh,
958 struct netlink_ext_ack *extack)
959 {
960 struct net *net = sock_net(skb->sk);
961 struct in_ifaddr *ifa;
962 struct in_ifaddr *ifa_existing;
963 __u32 valid_lft = INFINITY_LIFE_TIME;
964 __u32 prefered_lft = INFINITY_LIFE_TIME;
965
966 ASSERT_RTNL();
967
968 ifa = rtm_to_ifaddr(net, nlh, &valid_lft, &prefered_lft, extack);
969 if (IS_ERR(ifa))
970 return PTR_ERR(ifa);
971
972 ifa_existing = find_matching_ifa(ifa);
973 if (!ifa_existing) {
974 /* It would be best to check for !NLM_F_CREATE here but
975 * userspace already relies on not having to provide this.
976 */
977 set_ifa_lifetime(ifa, valid_lft, prefered_lft);
978 if (ifa->ifa_flags & IFA_F_MCAUTOJOIN) {
979 int ret = ip_mc_autojoin_config(net, true, ifa);
980
981 if (ret < 0) {
982 NL_SET_ERR_MSG(extack, "ipv4: Multicast auto join failed");
983 inet_free_ifa(ifa);
984 return ret;
985 }
986 }
987 return __inet_insert_ifa(ifa, nlh, NETLINK_CB(skb).portid,
988 extack);
989 } else {
990 u32 new_metric = ifa->ifa_rt_priority;
991 u8 new_proto = ifa->ifa_proto;
992
993 inet_free_ifa(ifa);
994
995 if (nlh->nlmsg_flags & NLM_F_EXCL ||
996 !(nlh->nlmsg_flags & NLM_F_REPLACE)) {
997 NL_SET_ERR_MSG(extack, "ipv4: Address already assigned");
998 return -EEXIST;
999 }
1000 ifa = ifa_existing;
1001
1002 if (ifa->ifa_rt_priority != new_metric) {
1003 fib_modify_prefix_metric(ifa, new_metric);
1004 ifa->ifa_rt_priority = new_metric;
1005 }
1006
1007 ifa->ifa_proto = new_proto;
1008
1009 set_ifa_lifetime(ifa, valid_lft, prefered_lft);
1010 cancel_delayed_work(&check_lifetime_work);
1011 queue_delayed_work(system_power_efficient_wq,
1012 &check_lifetime_work, 0);
1013 rtmsg_ifa(RTM_NEWADDR, ifa, nlh, NETLINK_CB(skb).portid);
1014 }
1015 return 0;
1016 }
1017
1018 /*
1019 * Determine a default network mask, based on the IP address.
1020 */
1021
inet_abc_len(__be32 addr)1022 static int inet_abc_len(__be32 addr)
1023 {
1024 int rc = -1; /* Something else, probably a multicast. */
1025
1026 if (ipv4_is_zeronet(addr) || ipv4_is_lbcast(addr))
1027 rc = 0;
1028 else {
1029 __u32 haddr = ntohl(addr);
1030 if (IN_CLASSA(haddr))
1031 rc = 8;
1032 else if (IN_CLASSB(haddr))
1033 rc = 16;
1034 else if (IN_CLASSC(haddr))
1035 rc = 24;
1036 else if (IN_CLASSE(haddr))
1037 rc = 32;
1038 }
1039
1040 return rc;
1041 }
1042
1043
devinet_ioctl(struct net * net,unsigned int cmd,struct ifreq * ifr)1044 int devinet_ioctl(struct net *net, unsigned int cmd, struct ifreq *ifr)
1045 {
1046 struct sockaddr_in sin_orig;
1047 struct sockaddr_in *sin = (struct sockaddr_in *)&ifr->ifr_addr;
1048 struct in_ifaddr __rcu **ifap = NULL;
1049 struct in_device *in_dev;
1050 struct in_ifaddr *ifa = NULL;
1051 struct net_device *dev;
1052 char *colon;
1053 int ret = -EFAULT;
1054 int tryaddrmatch = 0;
1055
1056 ifr->ifr_name[IFNAMSIZ - 1] = 0;
1057
1058 /* save original address for comparison */
1059 memcpy(&sin_orig, sin, sizeof(*sin));
1060
1061 colon = strchr(ifr->ifr_name, ':');
1062 if (colon)
1063 *colon = 0;
1064
1065 dev_load(net, ifr->ifr_name);
1066
1067 switch (cmd) {
1068 case SIOCGIFADDR: /* Get interface address */
1069 case SIOCGIFBRDADDR: /* Get the broadcast address */
1070 case SIOCGIFDSTADDR: /* Get the destination address */
1071 case SIOCGIFNETMASK: /* Get the netmask for the interface */
1072 /* Note that these ioctls will not sleep,
1073 so that we do not impose a lock.
1074 One day we will be forced to put shlock here (I mean SMP)
1075 */
1076 tryaddrmatch = (sin_orig.sin_family == AF_INET);
1077 memset(sin, 0, sizeof(*sin));
1078 sin->sin_family = AF_INET;
1079 break;
1080
1081 case SIOCSIFFLAGS:
1082 ret = -EPERM;
1083 if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
1084 goto out;
1085 break;
1086 case SIOCSIFADDR: /* Set interface address (and family) */
1087 case SIOCSIFBRDADDR: /* Set the broadcast address */
1088 case SIOCSIFDSTADDR: /* Set the destination address */
1089 case SIOCSIFNETMASK: /* Set the netmask for the interface */
1090 ret = -EPERM;
1091 if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
1092 goto out;
1093 ret = -EINVAL;
1094 if (sin->sin_family != AF_INET)
1095 goto out;
1096 break;
1097 default:
1098 ret = -EINVAL;
1099 goto out;
1100 }
1101
1102 rtnl_lock();
1103
1104 ret = -ENODEV;
1105 dev = __dev_get_by_name(net, ifr->ifr_name);
1106 if (!dev)
1107 goto done;
1108
1109 if (colon)
1110 *colon = ':';
1111
1112 in_dev = __in_dev_get_rtnl(dev);
1113 if (in_dev) {
1114 if (tryaddrmatch) {
1115 /* Matthias Andree */
1116 /* compare label and address (4.4BSD style) */
1117 /* note: we only do this for a limited set of ioctls
1118 and only if the original address family was AF_INET.
1119 This is checked above. */
1120
1121 for (ifap = &in_dev->ifa_list;
1122 (ifa = rtnl_dereference(*ifap)) != NULL;
1123 ifap = &ifa->ifa_next) {
1124 if (!strcmp(ifr->ifr_name, ifa->ifa_label) &&
1125 sin_orig.sin_addr.s_addr ==
1126 ifa->ifa_local) {
1127 break; /* found */
1128 }
1129 }
1130 }
1131 /* we didn't get a match, maybe the application is
1132 4.3BSD-style and passed in junk so we fall back to
1133 comparing just the label */
1134 if (!ifa) {
1135 for (ifap = &in_dev->ifa_list;
1136 (ifa = rtnl_dereference(*ifap)) != NULL;
1137 ifap = &ifa->ifa_next)
1138 if (!strcmp(ifr->ifr_name, ifa->ifa_label))
1139 break;
1140 }
1141 }
1142
1143 ret = -EADDRNOTAVAIL;
1144 if (!ifa && cmd != SIOCSIFADDR && cmd != SIOCSIFFLAGS)
1145 goto done;
1146
1147 switch (cmd) {
1148 case SIOCGIFADDR: /* Get interface address */
1149 ret = 0;
1150 sin->sin_addr.s_addr = ifa->ifa_local;
1151 break;
1152
1153 case SIOCGIFBRDADDR: /* Get the broadcast address */
1154 ret = 0;
1155 sin->sin_addr.s_addr = ifa->ifa_broadcast;
1156 break;
1157
1158 case SIOCGIFDSTADDR: /* Get the destination address */
1159 ret = 0;
1160 sin->sin_addr.s_addr = ifa->ifa_address;
1161 break;
1162
1163 case SIOCGIFNETMASK: /* Get the netmask for the interface */
1164 ret = 0;
1165 sin->sin_addr.s_addr = ifa->ifa_mask;
1166 break;
1167
1168 case SIOCSIFFLAGS:
1169 if (colon) {
1170 ret = -EADDRNOTAVAIL;
1171 if (!ifa)
1172 break;
1173 ret = 0;
1174 if (!(ifr->ifr_flags & IFF_UP))
1175 inet_del_ifa(in_dev, ifap, 1);
1176 break;
1177 }
1178 ret = dev_change_flags(dev, ifr->ifr_flags, NULL);
1179 break;
1180
1181 case SIOCSIFADDR: /* Set interface address (and family) */
1182 ret = -EINVAL;
1183 if (inet_abc_len(sin->sin_addr.s_addr) < 0)
1184 break;
1185
1186 if (!ifa) {
1187 ret = -ENOBUFS;
1188 if (!in_dev)
1189 break;
1190 ifa = inet_alloc_ifa();
1191 if (!ifa)
1192 break;
1193 INIT_HLIST_NODE(&ifa->hash);
1194 if (colon)
1195 memcpy(ifa->ifa_label, ifr->ifr_name, IFNAMSIZ);
1196 else
1197 memcpy(ifa->ifa_label, dev->name, IFNAMSIZ);
1198 } else {
1199 ret = 0;
1200 if (ifa->ifa_local == sin->sin_addr.s_addr)
1201 break;
1202 inet_del_ifa(in_dev, ifap, 0);
1203 ifa->ifa_broadcast = 0;
1204 ifa->ifa_scope = 0;
1205 }
1206
1207 ifa->ifa_address = ifa->ifa_local = sin->sin_addr.s_addr;
1208
1209 if (!(dev->flags & IFF_POINTOPOINT)) {
1210 ifa->ifa_prefixlen = inet_abc_len(ifa->ifa_address);
1211 ifa->ifa_mask = inet_make_mask(ifa->ifa_prefixlen);
1212 if ((dev->flags & IFF_BROADCAST) &&
1213 ifa->ifa_prefixlen < 31)
1214 ifa->ifa_broadcast = ifa->ifa_address |
1215 ~ifa->ifa_mask;
1216 } else {
1217 ifa->ifa_prefixlen = 32;
1218 ifa->ifa_mask = inet_make_mask(32);
1219 }
1220 set_ifa_lifetime(ifa, INFINITY_LIFE_TIME, INFINITY_LIFE_TIME);
1221 ret = inet_set_ifa(dev, ifa);
1222 break;
1223
1224 case SIOCSIFBRDADDR: /* Set the broadcast address */
1225 ret = 0;
1226 if (ifa->ifa_broadcast != sin->sin_addr.s_addr) {
1227 inet_del_ifa(in_dev, ifap, 0);
1228 ifa->ifa_broadcast = sin->sin_addr.s_addr;
1229 inet_insert_ifa(ifa);
1230 }
1231 break;
1232
1233 case SIOCSIFDSTADDR: /* Set the destination address */
1234 ret = 0;
1235 if (ifa->ifa_address == sin->sin_addr.s_addr)
1236 break;
1237 ret = -EINVAL;
1238 if (inet_abc_len(sin->sin_addr.s_addr) < 0)
1239 break;
1240 ret = 0;
1241 inet_del_ifa(in_dev, ifap, 0);
1242 ifa->ifa_address = sin->sin_addr.s_addr;
1243 inet_insert_ifa(ifa);
1244 break;
1245
1246 case SIOCSIFNETMASK: /* Set the netmask for the interface */
1247
1248 /*
1249 * The mask we set must be legal.
1250 */
1251 ret = -EINVAL;
1252 if (bad_mask(sin->sin_addr.s_addr, 0))
1253 break;
1254 ret = 0;
1255 if (ifa->ifa_mask != sin->sin_addr.s_addr) {
1256 __be32 old_mask = ifa->ifa_mask;
1257 inet_del_ifa(in_dev, ifap, 0);
1258 ifa->ifa_mask = sin->sin_addr.s_addr;
1259 ifa->ifa_prefixlen = inet_mask_len(ifa->ifa_mask);
1260
1261 /* See if current broadcast address matches
1262 * with current netmask, then recalculate
1263 * the broadcast address. Otherwise it's a
1264 * funny address, so don't touch it since
1265 * the user seems to know what (s)he's doing...
1266 */
1267 if ((dev->flags & IFF_BROADCAST) &&
1268 (ifa->ifa_prefixlen < 31) &&
1269 (ifa->ifa_broadcast ==
1270 (ifa->ifa_local|~old_mask))) {
1271 ifa->ifa_broadcast = (ifa->ifa_local |
1272 ~sin->sin_addr.s_addr);
1273 }
1274 inet_insert_ifa(ifa);
1275 }
1276 break;
1277 }
1278 done:
1279 rtnl_unlock();
1280 out:
1281 return ret;
1282 }
1283
inet_gifconf(struct net_device * dev,char __user * buf,int len,int size)1284 int inet_gifconf(struct net_device *dev, char __user *buf, int len, int size)
1285 {
1286 struct in_device *in_dev = __in_dev_get_rtnl(dev);
1287 const struct in_ifaddr *ifa;
1288 struct ifreq ifr;
1289 int done = 0;
1290
1291 if (WARN_ON(size > sizeof(struct ifreq)))
1292 goto out;
1293
1294 if (!in_dev)
1295 goto out;
1296
1297 in_dev_for_each_ifa_rtnl(ifa, in_dev) {
1298 if (!buf) {
1299 done += size;
1300 continue;
1301 }
1302 if (len < size)
1303 break;
1304 memset(&ifr, 0, sizeof(struct ifreq));
1305 strcpy(ifr.ifr_name, ifa->ifa_label);
1306
1307 (*(struct sockaddr_in *)&ifr.ifr_addr).sin_family = AF_INET;
1308 (*(struct sockaddr_in *)&ifr.ifr_addr).sin_addr.s_addr =
1309 ifa->ifa_local;
1310
1311 if (copy_to_user(buf + done, &ifr, size)) {
1312 done = -EFAULT;
1313 break;
1314 }
1315 len -= size;
1316 done += size;
1317 }
1318 out:
1319 return done;
1320 }
1321
in_dev_select_addr(const struct in_device * in_dev,int scope)1322 static __be32 in_dev_select_addr(const struct in_device *in_dev,
1323 int scope)
1324 {
1325 const struct in_ifaddr *ifa;
1326
1327 in_dev_for_each_ifa_rcu(ifa, in_dev) {
1328 if (ifa->ifa_flags & IFA_F_SECONDARY)
1329 continue;
1330 if (ifa->ifa_scope != RT_SCOPE_LINK &&
1331 ifa->ifa_scope <= scope)
1332 return ifa->ifa_local;
1333 }
1334
1335 return 0;
1336 }
1337
inet_select_addr(const struct net_device * dev,__be32 dst,int scope)1338 __be32 inet_select_addr(const struct net_device *dev, __be32 dst, int scope)
1339 {
1340 const struct in_ifaddr *ifa;
1341 __be32 addr = 0;
1342 unsigned char localnet_scope = RT_SCOPE_HOST;
1343 struct in_device *in_dev;
1344 struct net *net;
1345 int master_idx;
1346
1347 rcu_read_lock();
1348 net = dev_net_rcu(dev);
1349 in_dev = __in_dev_get_rcu(dev);
1350 if (!in_dev)
1351 goto no_in_dev;
1352
1353 if (unlikely(IN_DEV_ROUTE_LOCALNET(in_dev)))
1354 localnet_scope = RT_SCOPE_LINK;
1355
1356 in_dev_for_each_ifa_rcu(ifa, in_dev) {
1357 if (ifa->ifa_flags & IFA_F_SECONDARY)
1358 continue;
1359 if (min(ifa->ifa_scope, localnet_scope) > scope)
1360 continue;
1361 if (!dst || inet_ifa_match(dst, ifa)) {
1362 addr = ifa->ifa_local;
1363 break;
1364 }
1365 if (!addr)
1366 addr = ifa->ifa_local;
1367 }
1368
1369 if (addr)
1370 goto out_unlock;
1371 no_in_dev:
1372 master_idx = l3mdev_master_ifindex_rcu(dev);
1373
1374 /* For VRFs, the VRF device takes the place of the loopback device,
1375 * with addresses on it being preferred. Note in such cases the
1376 * loopback device will be among the devices that fail the master_idx
1377 * equality check in the loop below.
1378 */
1379 if (master_idx &&
1380 (dev = dev_get_by_index_rcu(net, master_idx)) &&
1381 (in_dev = __in_dev_get_rcu(dev))) {
1382 addr = in_dev_select_addr(in_dev, scope);
1383 if (addr)
1384 goto out_unlock;
1385 }
1386
1387 /* Not loopback addresses on loopback should be preferred
1388 in this case. It is important that lo is the first interface
1389 in dev_base list.
1390 */
1391 for_each_netdev_rcu(net, dev) {
1392 if (l3mdev_master_ifindex_rcu(dev) != master_idx)
1393 continue;
1394
1395 in_dev = __in_dev_get_rcu(dev);
1396 if (!in_dev)
1397 continue;
1398
1399 addr = in_dev_select_addr(in_dev, scope);
1400 if (addr)
1401 goto out_unlock;
1402 }
1403 out_unlock:
1404 rcu_read_unlock();
1405 return addr;
1406 }
1407 EXPORT_SYMBOL(inet_select_addr);
1408
confirm_addr_indev(struct in_device * in_dev,__be32 dst,__be32 local,int scope)1409 static __be32 confirm_addr_indev(struct in_device *in_dev, __be32 dst,
1410 __be32 local, int scope)
1411 {
1412 unsigned char localnet_scope = RT_SCOPE_HOST;
1413 const struct in_ifaddr *ifa;
1414 __be32 addr = 0;
1415 int same = 0;
1416
1417 if (unlikely(IN_DEV_ROUTE_LOCALNET(in_dev)))
1418 localnet_scope = RT_SCOPE_LINK;
1419
1420 in_dev_for_each_ifa_rcu(ifa, in_dev) {
1421 unsigned char min_scope = min(ifa->ifa_scope, localnet_scope);
1422
1423 if (!addr &&
1424 (local == ifa->ifa_local || !local) &&
1425 min_scope <= scope) {
1426 addr = ifa->ifa_local;
1427 if (same)
1428 break;
1429 }
1430 if (!same) {
1431 same = (!local || inet_ifa_match(local, ifa)) &&
1432 (!dst || inet_ifa_match(dst, ifa));
1433 if (same && addr) {
1434 if (local || !dst)
1435 break;
1436 /* Is the selected addr into dst subnet? */
1437 if (inet_ifa_match(addr, ifa))
1438 break;
1439 /* No, then can we use new local src? */
1440 if (min_scope <= scope) {
1441 addr = ifa->ifa_local;
1442 break;
1443 }
1444 /* search for large dst subnet for addr */
1445 same = 0;
1446 }
1447 }
1448 }
1449
1450 return same ? addr : 0;
1451 }
1452
1453 /*
1454 * Confirm that local IP address exists using wildcards:
1455 * - net: netns to check, cannot be NULL
1456 * - in_dev: only on this interface, NULL=any interface
1457 * - dst: only in the same subnet as dst, 0=any dst
1458 * - local: address, 0=autoselect the local address
1459 * - scope: maximum allowed scope value for the local address
1460 */
inet_confirm_addr(struct net * net,struct in_device * in_dev,__be32 dst,__be32 local,int scope)1461 __be32 inet_confirm_addr(struct net *net, struct in_device *in_dev,
1462 __be32 dst, __be32 local, int scope)
1463 {
1464 __be32 addr = 0;
1465 struct net_device *dev;
1466
1467 if (in_dev)
1468 return confirm_addr_indev(in_dev, dst, local, scope);
1469
1470 rcu_read_lock();
1471 for_each_netdev_rcu(net, dev) {
1472 in_dev = __in_dev_get_rcu(dev);
1473 if (in_dev) {
1474 addr = confirm_addr_indev(in_dev, dst, local, scope);
1475 if (addr)
1476 break;
1477 }
1478 }
1479 rcu_read_unlock();
1480
1481 return addr;
1482 }
1483 EXPORT_SYMBOL(inet_confirm_addr);
1484
1485 /*
1486 * Device notifier
1487 */
1488
register_inetaddr_notifier(struct notifier_block * nb)1489 int register_inetaddr_notifier(struct notifier_block *nb)
1490 {
1491 return blocking_notifier_chain_register(&inetaddr_chain, nb);
1492 }
1493 EXPORT_SYMBOL(register_inetaddr_notifier);
1494
unregister_inetaddr_notifier(struct notifier_block * nb)1495 int unregister_inetaddr_notifier(struct notifier_block *nb)
1496 {
1497 return blocking_notifier_chain_unregister(&inetaddr_chain, nb);
1498 }
1499 EXPORT_SYMBOL(unregister_inetaddr_notifier);
1500
register_inetaddr_validator_notifier(struct notifier_block * nb)1501 int register_inetaddr_validator_notifier(struct notifier_block *nb)
1502 {
1503 return blocking_notifier_chain_register(&inetaddr_validator_chain, nb);
1504 }
1505 EXPORT_SYMBOL(register_inetaddr_validator_notifier);
1506
unregister_inetaddr_validator_notifier(struct notifier_block * nb)1507 int unregister_inetaddr_validator_notifier(struct notifier_block *nb)
1508 {
1509 return blocking_notifier_chain_unregister(&inetaddr_validator_chain,
1510 nb);
1511 }
1512 EXPORT_SYMBOL(unregister_inetaddr_validator_notifier);
1513
1514 /* Rename ifa_labels for a device name change. Make some effort to preserve
1515 * existing alias numbering and to create unique labels if possible.
1516 */
inetdev_changename(struct net_device * dev,struct in_device * in_dev)1517 static void inetdev_changename(struct net_device *dev, struct in_device *in_dev)
1518 {
1519 struct in_ifaddr *ifa;
1520 int named = 0;
1521
1522 in_dev_for_each_ifa_rtnl(ifa, in_dev) {
1523 char old[IFNAMSIZ], *dot;
1524
1525 memcpy(old, ifa->ifa_label, IFNAMSIZ);
1526 memcpy(ifa->ifa_label, dev->name, IFNAMSIZ);
1527 if (named++ == 0)
1528 goto skip;
1529 dot = strchr(old, ':');
1530 if (!dot) {
1531 sprintf(old, ":%d", named);
1532 dot = old;
1533 }
1534 if (strlen(dot) + strlen(dev->name) < IFNAMSIZ)
1535 strcat(ifa->ifa_label, dot);
1536 else
1537 strcpy(ifa->ifa_label + (IFNAMSIZ - strlen(dot) - 1), dot);
1538 skip:
1539 rtmsg_ifa(RTM_NEWADDR, ifa, NULL, 0);
1540 }
1541 }
1542
inetdev_send_gratuitous_arp(struct net_device * dev,struct in_device * in_dev)1543 static void inetdev_send_gratuitous_arp(struct net_device *dev,
1544 struct in_device *in_dev)
1545
1546 {
1547 const struct in_ifaddr *ifa;
1548
1549 in_dev_for_each_ifa_rtnl(ifa, in_dev) {
1550 arp_send(ARPOP_REQUEST, ETH_P_ARP,
1551 ifa->ifa_local, dev,
1552 ifa->ifa_local, NULL,
1553 dev->dev_addr, NULL);
1554 }
1555 }
1556
1557 /* Called only under RTNL semaphore */
1558
inetdev_event(struct notifier_block * this,unsigned long event,void * ptr)1559 static int inetdev_event(struct notifier_block *this, unsigned long event,
1560 void *ptr)
1561 {
1562 struct net_device *dev = netdev_notifier_info_to_dev(ptr);
1563 struct in_device *in_dev = __in_dev_get_rtnl(dev);
1564
1565 ASSERT_RTNL();
1566
1567 if (!in_dev) {
1568 if (event == NETDEV_REGISTER) {
1569 in_dev = inetdev_init(dev);
1570 if (IS_ERR(in_dev))
1571 return notifier_from_errno(PTR_ERR(in_dev));
1572 if (dev->flags & IFF_LOOPBACK) {
1573 IN_DEV_CONF_SET(in_dev, NOXFRM, 1);
1574 IN_DEV_CONF_SET(in_dev, NOPOLICY, 1);
1575 }
1576 } else if (event == NETDEV_CHANGEMTU) {
1577 /* Re-enabling IP */
1578 if (inetdev_valid_mtu(dev->mtu))
1579 in_dev = inetdev_init(dev);
1580 }
1581 goto out;
1582 }
1583
1584 switch (event) {
1585 case NETDEV_REGISTER:
1586 pr_debug("%s: bug\n", __func__);
1587 RCU_INIT_POINTER(dev->ip_ptr, NULL);
1588 break;
1589 case NETDEV_UP:
1590 if (!inetdev_valid_mtu(dev->mtu))
1591 break;
1592 if (dev->flags & IFF_LOOPBACK) {
1593 struct in_ifaddr *ifa = inet_alloc_ifa();
1594
1595 if (ifa) {
1596 INIT_HLIST_NODE(&ifa->hash);
1597 ifa->ifa_local =
1598 ifa->ifa_address = htonl(INADDR_LOOPBACK);
1599 ifa->ifa_prefixlen = 8;
1600 ifa->ifa_mask = inet_make_mask(8);
1601 in_dev_hold(in_dev);
1602 ifa->ifa_dev = in_dev;
1603 ifa->ifa_scope = RT_SCOPE_HOST;
1604 memcpy(ifa->ifa_label, dev->name, IFNAMSIZ);
1605 set_ifa_lifetime(ifa, INFINITY_LIFE_TIME,
1606 INFINITY_LIFE_TIME);
1607 ipv4_devconf_setall(in_dev);
1608 neigh_parms_data_state_setall(in_dev->arp_parms);
1609 inet_insert_ifa(ifa);
1610 }
1611 }
1612 ip_mc_up(in_dev);
1613 fallthrough;
1614 case NETDEV_CHANGEADDR:
1615 if (!IN_DEV_ARP_NOTIFY(in_dev))
1616 break;
1617 fallthrough;
1618 case NETDEV_NOTIFY_PEERS:
1619 /* Send gratuitous ARP to notify of link change */
1620 inetdev_send_gratuitous_arp(dev, in_dev);
1621 break;
1622 case NETDEV_DOWN:
1623 ip_mc_down(in_dev);
1624 break;
1625 case NETDEV_PRE_TYPE_CHANGE:
1626 ip_mc_unmap(in_dev);
1627 break;
1628 case NETDEV_POST_TYPE_CHANGE:
1629 ip_mc_remap(in_dev);
1630 break;
1631 case NETDEV_CHANGEMTU:
1632 if (inetdev_valid_mtu(dev->mtu))
1633 break;
1634 /* disable IP when MTU is not enough */
1635 fallthrough;
1636 case NETDEV_UNREGISTER:
1637 inetdev_destroy(in_dev);
1638 break;
1639 case NETDEV_CHANGENAME:
1640 /* Do not notify about label change, this event is
1641 * not interesting to applications using netlink.
1642 */
1643 inetdev_changename(dev, in_dev);
1644
1645 devinet_sysctl_unregister(in_dev);
1646 devinet_sysctl_register(in_dev);
1647 break;
1648 }
1649 out:
1650 return NOTIFY_DONE;
1651 }
1652
1653 static struct notifier_block ip_netdev_notifier = {
1654 .notifier_call = inetdev_event,
1655 };
1656
inet_nlmsg_size(void)1657 static size_t inet_nlmsg_size(void)
1658 {
1659 return NLMSG_ALIGN(sizeof(struct ifaddrmsg))
1660 + nla_total_size(4) /* IFA_ADDRESS */
1661 + nla_total_size(4) /* IFA_LOCAL */
1662 + nla_total_size(4) /* IFA_BROADCAST */
1663 + nla_total_size(IFNAMSIZ) /* IFA_LABEL */
1664 + nla_total_size(4) /* IFA_FLAGS */
1665 + nla_total_size(1) /* IFA_PROTO */
1666 + nla_total_size(4) /* IFA_RT_PRIORITY */
1667 + nla_total_size(sizeof(struct ifa_cacheinfo)); /* IFA_CACHEINFO */
1668 }
1669
cstamp_delta(unsigned long cstamp)1670 static inline u32 cstamp_delta(unsigned long cstamp)
1671 {
1672 return (cstamp - INITIAL_JIFFIES) * 100UL / HZ;
1673 }
1674
put_cacheinfo(struct sk_buff * skb,unsigned long cstamp,unsigned long tstamp,u32 preferred,u32 valid)1675 static int put_cacheinfo(struct sk_buff *skb, unsigned long cstamp,
1676 unsigned long tstamp, u32 preferred, u32 valid)
1677 {
1678 struct ifa_cacheinfo ci;
1679
1680 ci.cstamp = cstamp_delta(cstamp);
1681 ci.tstamp = cstamp_delta(tstamp);
1682 ci.ifa_prefered = preferred;
1683 ci.ifa_valid = valid;
1684
1685 return nla_put(skb, IFA_CACHEINFO, sizeof(ci), &ci);
1686 }
1687
inet_fill_ifaddr(struct sk_buff * skb,struct in_ifaddr * ifa,struct inet_fill_args * args)1688 static int inet_fill_ifaddr(struct sk_buff *skb, struct in_ifaddr *ifa,
1689 struct inet_fill_args *args)
1690 {
1691 struct ifaddrmsg *ifm;
1692 struct nlmsghdr *nlh;
1693 u32 preferred, valid;
1694
1695 nlh = nlmsg_put(skb, args->portid, args->seq, args->event, sizeof(*ifm),
1696 args->flags);
1697 if (!nlh)
1698 return -EMSGSIZE;
1699
1700 ifm = nlmsg_data(nlh);
1701 ifm->ifa_family = AF_INET;
1702 ifm->ifa_prefixlen = ifa->ifa_prefixlen;
1703 ifm->ifa_flags = ifa->ifa_flags;
1704 ifm->ifa_scope = ifa->ifa_scope;
1705 ifm->ifa_index = ifa->ifa_dev->dev->ifindex;
1706
1707 if (args->netnsid >= 0 &&
1708 nla_put_s32(skb, IFA_TARGET_NETNSID, args->netnsid))
1709 goto nla_put_failure;
1710
1711 if (!(ifm->ifa_flags & IFA_F_PERMANENT)) {
1712 preferred = ifa->ifa_preferred_lft;
1713 valid = ifa->ifa_valid_lft;
1714 if (preferred != INFINITY_LIFE_TIME) {
1715 long tval = (jiffies - ifa->ifa_tstamp) / HZ;
1716
1717 if (preferred > tval)
1718 preferred -= tval;
1719 else
1720 preferred = 0;
1721 if (valid != INFINITY_LIFE_TIME) {
1722 if (valid > tval)
1723 valid -= tval;
1724 else
1725 valid = 0;
1726 }
1727 }
1728 } else {
1729 preferred = INFINITY_LIFE_TIME;
1730 valid = INFINITY_LIFE_TIME;
1731 }
1732 if ((ifa->ifa_address &&
1733 nla_put_in_addr(skb, IFA_ADDRESS, ifa->ifa_address)) ||
1734 (ifa->ifa_local &&
1735 nla_put_in_addr(skb, IFA_LOCAL, ifa->ifa_local)) ||
1736 (ifa->ifa_broadcast &&
1737 nla_put_in_addr(skb, IFA_BROADCAST, ifa->ifa_broadcast)) ||
1738 (ifa->ifa_label[0] &&
1739 nla_put_string(skb, IFA_LABEL, ifa->ifa_label)) ||
1740 (ifa->ifa_proto &&
1741 nla_put_u8(skb, IFA_PROTO, ifa->ifa_proto)) ||
1742 nla_put_u32(skb, IFA_FLAGS, ifa->ifa_flags) ||
1743 (ifa->ifa_rt_priority &&
1744 nla_put_u32(skb, IFA_RT_PRIORITY, ifa->ifa_rt_priority)) ||
1745 put_cacheinfo(skb, ifa->ifa_cstamp, ifa->ifa_tstamp,
1746 preferred, valid))
1747 goto nla_put_failure;
1748
1749 nlmsg_end(skb, nlh);
1750 return 0;
1751
1752 nla_put_failure:
1753 nlmsg_cancel(skb, nlh);
1754 return -EMSGSIZE;
1755 }
1756
inet_valid_dump_ifaddr_req(const struct nlmsghdr * nlh,struct inet_fill_args * fillargs,struct net ** tgt_net,struct sock * sk,struct netlink_callback * cb)1757 static int inet_valid_dump_ifaddr_req(const struct nlmsghdr *nlh,
1758 struct inet_fill_args *fillargs,
1759 struct net **tgt_net, struct sock *sk,
1760 struct netlink_callback *cb)
1761 {
1762 struct netlink_ext_ack *extack = cb->extack;
1763 struct nlattr *tb[IFA_MAX+1];
1764 struct ifaddrmsg *ifm;
1765 int err, i;
1766
1767 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ifm))) {
1768 NL_SET_ERR_MSG(extack, "ipv4: Invalid header for address dump request");
1769 return -EINVAL;
1770 }
1771
1772 ifm = nlmsg_data(nlh);
1773 if (ifm->ifa_prefixlen || ifm->ifa_flags || ifm->ifa_scope) {
1774 NL_SET_ERR_MSG(extack, "ipv4: Invalid values in header for address dump request");
1775 return -EINVAL;
1776 }
1777
1778 fillargs->ifindex = ifm->ifa_index;
1779 if (fillargs->ifindex) {
1780 cb->answer_flags |= NLM_F_DUMP_FILTERED;
1781 fillargs->flags |= NLM_F_DUMP_FILTERED;
1782 }
1783
1784 err = nlmsg_parse_deprecated_strict(nlh, sizeof(*ifm), tb, IFA_MAX,
1785 ifa_ipv4_policy, extack);
1786 if (err < 0)
1787 return err;
1788
1789 for (i = 0; i <= IFA_MAX; ++i) {
1790 if (!tb[i])
1791 continue;
1792
1793 if (i == IFA_TARGET_NETNSID) {
1794 struct net *net;
1795
1796 fillargs->netnsid = nla_get_s32(tb[i]);
1797
1798 net = rtnl_get_net_ns_capable(sk, fillargs->netnsid);
1799 if (IS_ERR(net)) {
1800 fillargs->netnsid = -1;
1801 NL_SET_ERR_MSG(extack, "ipv4: Invalid target network namespace id");
1802 return PTR_ERR(net);
1803 }
1804 *tgt_net = net;
1805 } else {
1806 NL_SET_ERR_MSG(extack, "ipv4: Unsupported attribute in dump request");
1807 return -EINVAL;
1808 }
1809 }
1810
1811 return 0;
1812 }
1813
in_dev_dump_addr(struct in_device * in_dev,struct sk_buff * skb,struct netlink_callback * cb,int s_ip_idx,struct inet_fill_args * fillargs)1814 static int in_dev_dump_addr(struct in_device *in_dev, struct sk_buff *skb,
1815 struct netlink_callback *cb, int s_ip_idx,
1816 struct inet_fill_args *fillargs)
1817 {
1818 struct in_ifaddr *ifa;
1819 int ip_idx = 0;
1820 int err;
1821
1822 in_dev_for_each_ifa_rtnl(ifa, in_dev) {
1823 if (ip_idx < s_ip_idx) {
1824 ip_idx++;
1825 continue;
1826 }
1827 err = inet_fill_ifaddr(skb, ifa, fillargs);
1828 if (err < 0)
1829 goto done;
1830
1831 nl_dump_check_consistent(cb, nlmsg_hdr(skb));
1832 ip_idx++;
1833 }
1834 err = 0;
1835
1836 done:
1837 cb->args[2] = ip_idx;
1838
1839 return err;
1840 }
1841
1842 /* Combine dev_addr_genid and dev_base_seq to detect changes.
1843 */
inet_base_seq(const struct net * net)1844 static u32 inet_base_seq(const struct net *net)
1845 {
1846 u32 res = atomic_read(&net->ipv4.dev_addr_genid) +
1847 net->dev_base_seq;
1848
1849 /* Must not return 0 (see nl_dump_check_consistent()).
1850 * Chose a value far away from 0.
1851 */
1852 if (!res)
1853 res = 0x80000000;
1854 return res;
1855 }
1856
inet_dump_ifaddr(struct sk_buff * skb,struct netlink_callback * cb)1857 static int inet_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb)
1858 {
1859 const struct nlmsghdr *nlh = cb->nlh;
1860 struct inet_fill_args fillargs = {
1861 .portid = NETLINK_CB(cb->skb).portid,
1862 .seq = nlh->nlmsg_seq,
1863 .event = RTM_NEWADDR,
1864 .flags = NLM_F_MULTI,
1865 .netnsid = -1,
1866 };
1867 struct net *net = sock_net(skb->sk);
1868 struct net *tgt_net = net;
1869 int h, s_h;
1870 int idx, s_idx;
1871 int s_ip_idx;
1872 struct net_device *dev;
1873 struct in_device *in_dev;
1874 struct hlist_head *head;
1875 int err = 0;
1876
1877 s_h = cb->args[0];
1878 s_idx = idx = cb->args[1];
1879 s_ip_idx = cb->args[2];
1880
1881 if (cb->strict_check) {
1882 err = inet_valid_dump_ifaddr_req(nlh, &fillargs, &tgt_net,
1883 skb->sk, cb);
1884 if (err < 0)
1885 goto put_tgt_net;
1886
1887 err = 0;
1888 if (fillargs.ifindex) {
1889 dev = __dev_get_by_index(tgt_net, fillargs.ifindex);
1890 if (!dev) {
1891 err = -ENODEV;
1892 goto put_tgt_net;
1893 }
1894
1895 in_dev = __in_dev_get_rtnl(dev);
1896 if (in_dev) {
1897 err = in_dev_dump_addr(in_dev, skb, cb, s_ip_idx,
1898 &fillargs);
1899 }
1900 goto put_tgt_net;
1901 }
1902 }
1903
1904 for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) {
1905 idx = 0;
1906 head = &tgt_net->dev_index_head[h];
1907 rcu_read_lock();
1908 cb->seq = inet_base_seq(tgt_net);
1909 hlist_for_each_entry_rcu(dev, head, index_hlist) {
1910 if (idx < s_idx)
1911 goto cont;
1912 if (h > s_h || idx > s_idx)
1913 s_ip_idx = 0;
1914 in_dev = __in_dev_get_rcu(dev);
1915 if (!in_dev)
1916 goto cont;
1917
1918 err = in_dev_dump_addr(in_dev, skb, cb, s_ip_idx,
1919 &fillargs);
1920 if (err < 0) {
1921 rcu_read_unlock();
1922 goto done;
1923 }
1924 cont:
1925 idx++;
1926 }
1927 rcu_read_unlock();
1928 }
1929
1930 done:
1931 cb->args[0] = h;
1932 cb->args[1] = idx;
1933 put_tgt_net:
1934 if (fillargs.netnsid >= 0)
1935 put_net(tgt_net);
1936
1937 return skb->len ? : err;
1938 }
1939
rtmsg_ifa(int event,struct in_ifaddr * ifa,struct nlmsghdr * nlh,u32 portid)1940 static void rtmsg_ifa(int event, struct in_ifaddr *ifa, struct nlmsghdr *nlh,
1941 u32 portid)
1942 {
1943 struct inet_fill_args fillargs = {
1944 .portid = portid,
1945 .seq = nlh ? nlh->nlmsg_seq : 0,
1946 .event = event,
1947 .flags = 0,
1948 .netnsid = -1,
1949 };
1950 struct sk_buff *skb;
1951 int err = -ENOBUFS;
1952 struct net *net;
1953
1954 net = dev_net(ifa->ifa_dev->dev);
1955 skb = nlmsg_new(inet_nlmsg_size(), GFP_KERNEL);
1956 if (!skb)
1957 goto errout;
1958
1959 err = inet_fill_ifaddr(skb, ifa, &fillargs);
1960 if (err < 0) {
1961 /* -EMSGSIZE implies BUG in inet_nlmsg_size() */
1962 WARN_ON(err == -EMSGSIZE);
1963 kfree_skb(skb);
1964 goto errout;
1965 }
1966 rtnl_notify(skb, net, portid, RTNLGRP_IPV4_IFADDR, nlh, GFP_KERNEL);
1967 return;
1968 errout:
1969 if (err < 0)
1970 rtnl_set_sk_err(net, RTNLGRP_IPV4_IFADDR, err);
1971 }
1972
inet_get_link_af_size(const struct net_device * dev,u32 ext_filter_mask)1973 static size_t inet_get_link_af_size(const struct net_device *dev,
1974 u32 ext_filter_mask)
1975 {
1976 struct in_device *in_dev = rcu_dereference_rtnl(dev->ip_ptr);
1977
1978 if (!in_dev)
1979 return 0;
1980
1981 return nla_total_size(IPV4_DEVCONF_MAX * 4); /* IFLA_INET_CONF */
1982 }
1983
inet_fill_link_af(struct sk_buff * skb,const struct net_device * dev,u32 ext_filter_mask)1984 static int inet_fill_link_af(struct sk_buff *skb, const struct net_device *dev,
1985 u32 ext_filter_mask)
1986 {
1987 struct in_device *in_dev = rcu_dereference_rtnl(dev->ip_ptr);
1988 struct nlattr *nla;
1989 int i;
1990
1991 if (!in_dev)
1992 return -ENODATA;
1993
1994 nla = nla_reserve(skb, IFLA_INET_CONF, IPV4_DEVCONF_MAX * 4);
1995 if (!nla)
1996 return -EMSGSIZE;
1997
1998 for (i = 0; i < IPV4_DEVCONF_MAX; i++)
1999 ((u32 *) nla_data(nla))[i] = in_dev->cnf.data[i];
2000
2001 return 0;
2002 }
2003
2004 static const struct nla_policy inet_af_policy[IFLA_INET_MAX+1] = {
2005 [IFLA_INET_CONF] = { .type = NLA_NESTED },
2006 };
2007
inet_validate_link_af(const struct net_device * dev,const struct nlattr * nla,struct netlink_ext_ack * extack)2008 static int inet_validate_link_af(const struct net_device *dev,
2009 const struct nlattr *nla,
2010 struct netlink_ext_ack *extack)
2011 {
2012 struct nlattr *a, *tb[IFLA_INET_MAX+1];
2013 int err, rem;
2014
2015 if (dev && !__in_dev_get_rtnl(dev))
2016 return -EAFNOSUPPORT;
2017
2018 err = nla_parse_nested_deprecated(tb, IFLA_INET_MAX, nla,
2019 inet_af_policy, extack);
2020 if (err < 0)
2021 return err;
2022
2023 if (tb[IFLA_INET_CONF]) {
2024 nla_for_each_nested(a, tb[IFLA_INET_CONF], rem) {
2025 int cfgid = nla_type(a);
2026
2027 if (nla_len(a) < 4)
2028 return -EINVAL;
2029
2030 if (cfgid <= 0 || cfgid > IPV4_DEVCONF_MAX)
2031 return -EINVAL;
2032 }
2033 }
2034
2035 return 0;
2036 }
2037
inet_set_link_af(struct net_device * dev,const struct nlattr * nla,struct netlink_ext_ack * extack)2038 static int inet_set_link_af(struct net_device *dev, const struct nlattr *nla,
2039 struct netlink_ext_ack *extack)
2040 {
2041 struct in_device *in_dev = __in_dev_get_rtnl(dev);
2042 struct nlattr *a, *tb[IFLA_INET_MAX+1];
2043 int rem;
2044
2045 if (!in_dev)
2046 return -EAFNOSUPPORT;
2047
2048 if (nla_parse_nested_deprecated(tb, IFLA_INET_MAX, nla, NULL, NULL) < 0)
2049 return -EINVAL;
2050
2051 if (tb[IFLA_INET_CONF]) {
2052 nla_for_each_nested(a, tb[IFLA_INET_CONF], rem)
2053 ipv4_devconf_set(in_dev, nla_type(a), nla_get_u32(a));
2054 }
2055
2056 return 0;
2057 }
2058
inet_netconf_msgsize_devconf(int type)2059 static int inet_netconf_msgsize_devconf(int type)
2060 {
2061 int size = NLMSG_ALIGN(sizeof(struct netconfmsg))
2062 + nla_total_size(4); /* NETCONFA_IFINDEX */
2063 bool all = false;
2064
2065 if (type == NETCONFA_ALL)
2066 all = true;
2067
2068 if (all || type == NETCONFA_FORWARDING)
2069 size += nla_total_size(4);
2070 if (all || type == NETCONFA_RP_FILTER)
2071 size += nla_total_size(4);
2072 if (all || type == NETCONFA_MC_FORWARDING)
2073 size += nla_total_size(4);
2074 if (all || type == NETCONFA_BC_FORWARDING)
2075 size += nla_total_size(4);
2076 if (all || type == NETCONFA_PROXY_NEIGH)
2077 size += nla_total_size(4);
2078 if (all || type == NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN)
2079 size += nla_total_size(4);
2080
2081 return size;
2082 }
2083
inet_netconf_fill_devconf(struct sk_buff * skb,int ifindex,struct ipv4_devconf * devconf,u32 portid,u32 seq,int event,unsigned int flags,int type)2084 static int inet_netconf_fill_devconf(struct sk_buff *skb, int ifindex,
2085 struct ipv4_devconf *devconf, u32 portid,
2086 u32 seq, int event, unsigned int flags,
2087 int type)
2088 {
2089 struct nlmsghdr *nlh;
2090 struct netconfmsg *ncm;
2091 bool all = false;
2092
2093 nlh = nlmsg_put(skb, portid, seq, event, sizeof(struct netconfmsg),
2094 flags);
2095 if (!nlh)
2096 return -EMSGSIZE;
2097
2098 if (type == NETCONFA_ALL)
2099 all = true;
2100
2101 ncm = nlmsg_data(nlh);
2102 ncm->ncm_family = AF_INET;
2103
2104 if (nla_put_s32(skb, NETCONFA_IFINDEX, ifindex) < 0)
2105 goto nla_put_failure;
2106
2107 if (!devconf)
2108 goto out;
2109
2110 if ((all || type == NETCONFA_FORWARDING) &&
2111 nla_put_s32(skb, NETCONFA_FORWARDING,
2112 IPV4_DEVCONF(*devconf, FORWARDING)) < 0)
2113 goto nla_put_failure;
2114 if ((all || type == NETCONFA_RP_FILTER) &&
2115 nla_put_s32(skb, NETCONFA_RP_FILTER,
2116 IPV4_DEVCONF(*devconf, RP_FILTER)) < 0)
2117 goto nla_put_failure;
2118 if ((all || type == NETCONFA_MC_FORWARDING) &&
2119 nla_put_s32(skb, NETCONFA_MC_FORWARDING,
2120 IPV4_DEVCONF(*devconf, MC_FORWARDING)) < 0)
2121 goto nla_put_failure;
2122 if ((all || type == NETCONFA_BC_FORWARDING) &&
2123 nla_put_s32(skb, NETCONFA_BC_FORWARDING,
2124 IPV4_DEVCONF(*devconf, BC_FORWARDING)) < 0)
2125 goto nla_put_failure;
2126 if ((all || type == NETCONFA_PROXY_NEIGH) &&
2127 nla_put_s32(skb, NETCONFA_PROXY_NEIGH,
2128 IPV4_DEVCONF(*devconf, PROXY_ARP)) < 0)
2129 goto nla_put_failure;
2130 if ((all || type == NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN) &&
2131 nla_put_s32(skb, NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN,
2132 IPV4_DEVCONF(*devconf, IGNORE_ROUTES_WITH_LINKDOWN)) < 0)
2133 goto nla_put_failure;
2134
2135 out:
2136 nlmsg_end(skb, nlh);
2137 return 0;
2138
2139 nla_put_failure:
2140 nlmsg_cancel(skb, nlh);
2141 return -EMSGSIZE;
2142 }
2143
inet_netconf_notify_devconf(struct net * net,int event,int type,int ifindex,struct ipv4_devconf * devconf)2144 void inet_netconf_notify_devconf(struct net *net, int event, int type,
2145 int ifindex, struct ipv4_devconf *devconf)
2146 {
2147 struct sk_buff *skb;
2148 int err = -ENOBUFS;
2149
2150 skb = nlmsg_new(inet_netconf_msgsize_devconf(type), GFP_KERNEL);
2151 if (!skb)
2152 goto errout;
2153
2154 err = inet_netconf_fill_devconf(skb, ifindex, devconf, 0, 0,
2155 event, 0, type);
2156 if (err < 0) {
2157 /* -EMSGSIZE implies BUG in inet_netconf_msgsize_devconf() */
2158 WARN_ON(err == -EMSGSIZE);
2159 kfree_skb(skb);
2160 goto errout;
2161 }
2162 rtnl_notify(skb, net, 0, RTNLGRP_IPV4_NETCONF, NULL, GFP_KERNEL);
2163 return;
2164 errout:
2165 if (err < 0)
2166 rtnl_set_sk_err(net, RTNLGRP_IPV4_NETCONF, err);
2167 }
2168
2169 static const struct nla_policy devconf_ipv4_policy[NETCONFA_MAX+1] = {
2170 [NETCONFA_IFINDEX] = { .len = sizeof(int) },
2171 [NETCONFA_FORWARDING] = { .len = sizeof(int) },
2172 [NETCONFA_RP_FILTER] = { .len = sizeof(int) },
2173 [NETCONFA_PROXY_NEIGH] = { .len = sizeof(int) },
2174 [NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN] = { .len = sizeof(int) },
2175 };
2176
inet_netconf_valid_get_req(struct sk_buff * skb,const struct nlmsghdr * nlh,struct nlattr ** tb,struct netlink_ext_ack * extack)2177 static int inet_netconf_valid_get_req(struct sk_buff *skb,
2178 const struct nlmsghdr *nlh,
2179 struct nlattr **tb,
2180 struct netlink_ext_ack *extack)
2181 {
2182 int i, err;
2183
2184 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(struct netconfmsg))) {
2185 NL_SET_ERR_MSG(extack, "ipv4: Invalid header for netconf get request");
2186 return -EINVAL;
2187 }
2188
2189 if (!netlink_strict_get_check(skb))
2190 return nlmsg_parse_deprecated(nlh, sizeof(struct netconfmsg),
2191 tb, NETCONFA_MAX,
2192 devconf_ipv4_policy, extack);
2193
2194 err = nlmsg_parse_deprecated_strict(nlh, sizeof(struct netconfmsg),
2195 tb, NETCONFA_MAX,
2196 devconf_ipv4_policy, extack);
2197 if (err)
2198 return err;
2199
2200 for (i = 0; i <= NETCONFA_MAX; i++) {
2201 if (!tb[i])
2202 continue;
2203
2204 switch (i) {
2205 case NETCONFA_IFINDEX:
2206 break;
2207 default:
2208 NL_SET_ERR_MSG(extack, "ipv4: Unsupported attribute in netconf get request");
2209 return -EINVAL;
2210 }
2211 }
2212
2213 return 0;
2214 }
2215
inet_netconf_get_devconf(struct sk_buff * in_skb,struct nlmsghdr * nlh,struct netlink_ext_ack * extack)2216 static int inet_netconf_get_devconf(struct sk_buff *in_skb,
2217 struct nlmsghdr *nlh,
2218 struct netlink_ext_ack *extack)
2219 {
2220 struct net *net = sock_net(in_skb->sk);
2221 struct nlattr *tb[NETCONFA_MAX+1];
2222 struct sk_buff *skb;
2223 struct ipv4_devconf *devconf;
2224 struct in_device *in_dev;
2225 struct net_device *dev;
2226 int ifindex;
2227 int err;
2228
2229 err = inet_netconf_valid_get_req(in_skb, nlh, tb, extack);
2230 if (err)
2231 goto errout;
2232
2233 err = -EINVAL;
2234 if (!tb[NETCONFA_IFINDEX])
2235 goto errout;
2236
2237 ifindex = nla_get_s32(tb[NETCONFA_IFINDEX]);
2238 switch (ifindex) {
2239 case NETCONFA_IFINDEX_ALL:
2240 devconf = net->ipv4.devconf_all;
2241 break;
2242 case NETCONFA_IFINDEX_DEFAULT:
2243 devconf = net->ipv4.devconf_dflt;
2244 break;
2245 default:
2246 dev = __dev_get_by_index(net, ifindex);
2247 if (!dev)
2248 goto errout;
2249 in_dev = __in_dev_get_rtnl(dev);
2250 if (!in_dev)
2251 goto errout;
2252 devconf = &in_dev->cnf;
2253 break;
2254 }
2255
2256 err = -ENOBUFS;
2257 skb = nlmsg_new(inet_netconf_msgsize_devconf(NETCONFA_ALL), GFP_KERNEL);
2258 if (!skb)
2259 goto errout;
2260
2261 err = inet_netconf_fill_devconf(skb, ifindex, devconf,
2262 NETLINK_CB(in_skb).portid,
2263 nlh->nlmsg_seq, RTM_NEWNETCONF, 0,
2264 NETCONFA_ALL);
2265 if (err < 0) {
2266 /* -EMSGSIZE implies BUG in inet_netconf_msgsize_devconf() */
2267 WARN_ON(err == -EMSGSIZE);
2268 kfree_skb(skb);
2269 goto errout;
2270 }
2271 err = rtnl_unicast(skb, net, NETLINK_CB(in_skb).portid);
2272 errout:
2273 return err;
2274 }
2275
inet_netconf_dump_devconf(struct sk_buff * skb,struct netlink_callback * cb)2276 static int inet_netconf_dump_devconf(struct sk_buff *skb,
2277 struct netlink_callback *cb)
2278 {
2279 const struct nlmsghdr *nlh = cb->nlh;
2280 struct net *net = sock_net(skb->sk);
2281 int h, s_h;
2282 int idx, s_idx;
2283 struct net_device *dev;
2284 struct in_device *in_dev;
2285 struct hlist_head *head;
2286
2287 if (cb->strict_check) {
2288 struct netlink_ext_ack *extack = cb->extack;
2289 struct netconfmsg *ncm;
2290
2291 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ncm))) {
2292 NL_SET_ERR_MSG(extack, "ipv4: Invalid header for netconf dump request");
2293 return -EINVAL;
2294 }
2295
2296 if (nlmsg_attrlen(nlh, sizeof(*ncm))) {
2297 NL_SET_ERR_MSG(extack, "ipv4: Invalid data after header in netconf dump request");
2298 return -EINVAL;
2299 }
2300 }
2301
2302 s_h = cb->args[0];
2303 s_idx = idx = cb->args[1];
2304
2305 for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) {
2306 idx = 0;
2307 head = &net->dev_index_head[h];
2308 rcu_read_lock();
2309 cb->seq = inet_base_seq(net);
2310 hlist_for_each_entry_rcu(dev, head, index_hlist) {
2311 if (idx < s_idx)
2312 goto cont;
2313 in_dev = __in_dev_get_rcu(dev);
2314 if (!in_dev)
2315 goto cont;
2316
2317 if (inet_netconf_fill_devconf(skb, dev->ifindex,
2318 &in_dev->cnf,
2319 NETLINK_CB(cb->skb).portid,
2320 nlh->nlmsg_seq,
2321 RTM_NEWNETCONF,
2322 NLM_F_MULTI,
2323 NETCONFA_ALL) < 0) {
2324 rcu_read_unlock();
2325 goto done;
2326 }
2327 nl_dump_check_consistent(cb, nlmsg_hdr(skb));
2328 cont:
2329 idx++;
2330 }
2331 rcu_read_unlock();
2332 }
2333 if (h == NETDEV_HASHENTRIES) {
2334 if (inet_netconf_fill_devconf(skb, NETCONFA_IFINDEX_ALL,
2335 net->ipv4.devconf_all,
2336 NETLINK_CB(cb->skb).portid,
2337 nlh->nlmsg_seq,
2338 RTM_NEWNETCONF, NLM_F_MULTI,
2339 NETCONFA_ALL) < 0)
2340 goto done;
2341 else
2342 h++;
2343 }
2344 if (h == NETDEV_HASHENTRIES + 1) {
2345 if (inet_netconf_fill_devconf(skb, NETCONFA_IFINDEX_DEFAULT,
2346 net->ipv4.devconf_dflt,
2347 NETLINK_CB(cb->skb).portid,
2348 nlh->nlmsg_seq,
2349 RTM_NEWNETCONF, NLM_F_MULTI,
2350 NETCONFA_ALL) < 0)
2351 goto done;
2352 else
2353 h++;
2354 }
2355 done:
2356 cb->args[0] = h;
2357 cb->args[1] = idx;
2358
2359 return skb->len;
2360 }
2361
2362 #ifdef CONFIG_SYSCTL
2363
devinet_copy_dflt_conf(struct net * net,int i)2364 static void devinet_copy_dflt_conf(struct net *net, int i)
2365 {
2366 struct net_device *dev;
2367
2368 rcu_read_lock();
2369 for_each_netdev_rcu(net, dev) {
2370 struct in_device *in_dev;
2371
2372 in_dev = __in_dev_get_rcu(dev);
2373 if (in_dev && !test_bit(i, in_dev->cnf.state))
2374 in_dev->cnf.data[i] = net->ipv4.devconf_dflt->data[i];
2375 }
2376 rcu_read_unlock();
2377 }
2378
2379 /* called with RTNL locked */
inet_forward_change(struct net * net)2380 static void inet_forward_change(struct net *net)
2381 {
2382 struct net_device *dev;
2383 int on = IPV4_DEVCONF_ALL(net, FORWARDING);
2384
2385 IPV4_DEVCONF_ALL(net, ACCEPT_REDIRECTS) = !on;
2386 IPV4_DEVCONF_DFLT(net, FORWARDING) = on;
2387 inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
2388 NETCONFA_FORWARDING,
2389 NETCONFA_IFINDEX_ALL,
2390 net->ipv4.devconf_all);
2391 inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
2392 NETCONFA_FORWARDING,
2393 NETCONFA_IFINDEX_DEFAULT,
2394 net->ipv4.devconf_dflt);
2395
2396 for_each_netdev(net, dev) {
2397 struct in_device *in_dev;
2398
2399 if (on)
2400 dev_disable_lro(dev);
2401
2402 in_dev = __in_dev_get_rtnl(dev);
2403 if (in_dev) {
2404 IN_DEV_CONF_SET(in_dev, FORWARDING, on);
2405 inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
2406 NETCONFA_FORWARDING,
2407 dev->ifindex, &in_dev->cnf);
2408 }
2409 }
2410 }
2411
devinet_conf_ifindex(struct net * net,struct ipv4_devconf * cnf)2412 static int devinet_conf_ifindex(struct net *net, struct ipv4_devconf *cnf)
2413 {
2414 if (cnf == net->ipv4.devconf_dflt)
2415 return NETCONFA_IFINDEX_DEFAULT;
2416 else if (cnf == net->ipv4.devconf_all)
2417 return NETCONFA_IFINDEX_ALL;
2418 else {
2419 struct in_device *idev
2420 = container_of(cnf, struct in_device, cnf);
2421 return idev->dev->ifindex;
2422 }
2423 }
2424
devinet_conf_proc(struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)2425 static int devinet_conf_proc(struct ctl_table *ctl, int write,
2426 void *buffer, size_t *lenp, loff_t *ppos)
2427 {
2428 int old_value = *(int *)ctl->data;
2429 int ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
2430 int new_value = *(int *)ctl->data;
2431
2432 if (write) {
2433 struct ipv4_devconf *cnf = ctl->extra1;
2434 struct net *net = ctl->extra2;
2435 int i = (int *)ctl->data - cnf->data;
2436 int ifindex;
2437
2438 set_bit(i, cnf->state);
2439
2440 if (cnf == net->ipv4.devconf_dflt)
2441 devinet_copy_dflt_conf(net, i);
2442 if (i == IPV4_DEVCONF_ACCEPT_LOCAL - 1 ||
2443 i == IPV4_DEVCONF_ROUTE_LOCALNET - 1)
2444 if ((new_value == 0) && (old_value != 0))
2445 rt_cache_flush(net);
2446
2447 if (i == IPV4_DEVCONF_BC_FORWARDING - 1 &&
2448 new_value != old_value)
2449 rt_cache_flush(net);
2450
2451 if (i == IPV4_DEVCONF_RP_FILTER - 1 &&
2452 new_value != old_value) {
2453 ifindex = devinet_conf_ifindex(net, cnf);
2454 inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
2455 NETCONFA_RP_FILTER,
2456 ifindex, cnf);
2457 }
2458 if (i == IPV4_DEVCONF_PROXY_ARP - 1 &&
2459 new_value != old_value) {
2460 ifindex = devinet_conf_ifindex(net, cnf);
2461 inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
2462 NETCONFA_PROXY_NEIGH,
2463 ifindex, cnf);
2464 }
2465 if (i == IPV4_DEVCONF_IGNORE_ROUTES_WITH_LINKDOWN - 1 &&
2466 new_value != old_value) {
2467 ifindex = devinet_conf_ifindex(net, cnf);
2468 inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
2469 NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN,
2470 ifindex, cnf);
2471 }
2472 }
2473
2474 return ret;
2475 }
2476
devinet_sysctl_forward(struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)2477 static int devinet_sysctl_forward(struct ctl_table *ctl, int write,
2478 void *buffer, size_t *lenp, loff_t *ppos)
2479 {
2480 int *valp = ctl->data;
2481 int val = *valp;
2482 loff_t pos = *ppos;
2483 struct net *net = ctl->extra2;
2484 int ret;
2485
2486 if (write && !ns_capable(net->user_ns, CAP_NET_ADMIN))
2487 return -EPERM;
2488
2489 ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
2490
2491 if (write && *valp != val) {
2492 if (valp != &IPV4_DEVCONF_DFLT(net, FORWARDING)) {
2493 if (!rtnl_trylock()) {
2494 /* Restore the original values before restarting */
2495 *valp = val;
2496 *ppos = pos;
2497 return restart_syscall();
2498 }
2499 if (valp == &IPV4_DEVCONF_ALL(net, FORWARDING)) {
2500 inet_forward_change(net);
2501 } else {
2502 struct ipv4_devconf *cnf = ctl->extra1;
2503 struct in_device *idev =
2504 container_of(cnf, struct in_device, cnf);
2505 if (*valp)
2506 dev_disable_lro(idev->dev);
2507 inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
2508 NETCONFA_FORWARDING,
2509 idev->dev->ifindex,
2510 cnf);
2511 }
2512 rtnl_unlock();
2513 rt_cache_flush(net);
2514 } else
2515 inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
2516 NETCONFA_FORWARDING,
2517 NETCONFA_IFINDEX_DEFAULT,
2518 net->ipv4.devconf_dflt);
2519 }
2520
2521 return ret;
2522 }
2523
ipv4_doint_and_flush(struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)2524 static int ipv4_doint_and_flush(struct ctl_table *ctl, int write,
2525 void *buffer, size_t *lenp, loff_t *ppos)
2526 {
2527 int *valp = ctl->data;
2528 int val = *valp;
2529 int ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
2530 struct net *net = ctl->extra2;
2531
2532 if (write && *valp != val)
2533 rt_cache_flush(net);
2534
2535 return ret;
2536 }
2537
2538 #define DEVINET_SYSCTL_ENTRY(attr, name, mval, proc) \
2539 { \
2540 .procname = name, \
2541 .data = ipv4_devconf.data + \
2542 IPV4_DEVCONF_ ## attr - 1, \
2543 .maxlen = sizeof(int), \
2544 .mode = mval, \
2545 .proc_handler = proc, \
2546 .extra1 = &ipv4_devconf, \
2547 }
2548
2549 #define DEVINET_SYSCTL_RW_ENTRY(attr, name) \
2550 DEVINET_SYSCTL_ENTRY(attr, name, 0644, devinet_conf_proc)
2551
2552 #define DEVINET_SYSCTL_RO_ENTRY(attr, name) \
2553 DEVINET_SYSCTL_ENTRY(attr, name, 0444, devinet_conf_proc)
2554
2555 #define DEVINET_SYSCTL_COMPLEX_ENTRY(attr, name, proc) \
2556 DEVINET_SYSCTL_ENTRY(attr, name, 0644, proc)
2557
2558 #define DEVINET_SYSCTL_FLUSHING_ENTRY(attr, name) \
2559 DEVINET_SYSCTL_COMPLEX_ENTRY(attr, name, ipv4_doint_and_flush)
2560
2561 static struct devinet_sysctl_table {
2562 struct ctl_table_header *sysctl_header;
2563 struct ctl_table devinet_vars[__IPV4_DEVCONF_MAX];
2564 } devinet_sysctl = {
2565 .devinet_vars = {
2566 DEVINET_SYSCTL_COMPLEX_ENTRY(FORWARDING, "forwarding",
2567 devinet_sysctl_forward),
2568 DEVINET_SYSCTL_RO_ENTRY(MC_FORWARDING, "mc_forwarding"),
2569 DEVINET_SYSCTL_RW_ENTRY(BC_FORWARDING, "bc_forwarding"),
2570
2571 DEVINET_SYSCTL_RW_ENTRY(ACCEPT_REDIRECTS, "accept_redirects"),
2572 DEVINET_SYSCTL_RW_ENTRY(SECURE_REDIRECTS, "secure_redirects"),
2573 DEVINET_SYSCTL_RW_ENTRY(SHARED_MEDIA, "shared_media"),
2574 DEVINET_SYSCTL_RW_ENTRY(RP_FILTER, "rp_filter"),
2575 DEVINET_SYSCTL_RW_ENTRY(SEND_REDIRECTS, "send_redirects"),
2576 DEVINET_SYSCTL_RW_ENTRY(ACCEPT_SOURCE_ROUTE,
2577 "accept_source_route"),
2578 DEVINET_SYSCTL_RW_ENTRY(ACCEPT_LOCAL, "accept_local"),
2579 DEVINET_SYSCTL_RW_ENTRY(SRC_VMARK, "src_valid_mark"),
2580 DEVINET_SYSCTL_RW_ENTRY(PROXY_ARP, "proxy_arp"),
2581 DEVINET_SYSCTL_RW_ENTRY(MEDIUM_ID, "medium_id"),
2582 DEVINET_SYSCTL_RW_ENTRY(BOOTP_RELAY, "bootp_relay"),
2583 DEVINET_SYSCTL_RW_ENTRY(LOG_MARTIANS, "log_martians"),
2584 DEVINET_SYSCTL_RW_ENTRY(TAG, "tag"),
2585 DEVINET_SYSCTL_RW_ENTRY(ARPFILTER, "arp_filter"),
2586 DEVINET_SYSCTL_RW_ENTRY(ARP_ANNOUNCE, "arp_announce"),
2587 DEVINET_SYSCTL_RW_ENTRY(ARP_IGNORE, "arp_ignore"),
2588 DEVINET_SYSCTL_RW_ENTRY(ARP_ACCEPT, "arp_accept"),
2589 DEVINET_SYSCTL_RW_ENTRY(ARP_NOTIFY, "arp_notify"),
2590 DEVINET_SYSCTL_RW_ENTRY(ARP_EVICT_NOCARRIER,
2591 "arp_evict_nocarrier"),
2592 DEVINET_SYSCTL_RW_ENTRY(PROXY_ARP_PVLAN, "proxy_arp_pvlan"),
2593 DEVINET_SYSCTL_RW_ENTRY(FORCE_IGMP_VERSION,
2594 "force_igmp_version"),
2595 DEVINET_SYSCTL_RW_ENTRY(IGMPV2_UNSOLICITED_REPORT_INTERVAL,
2596 "igmpv2_unsolicited_report_interval"),
2597 DEVINET_SYSCTL_RW_ENTRY(IGMPV3_UNSOLICITED_REPORT_INTERVAL,
2598 "igmpv3_unsolicited_report_interval"),
2599 DEVINET_SYSCTL_RW_ENTRY(IGNORE_ROUTES_WITH_LINKDOWN,
2600 "ignore_routes_with_linkdown"),
2601 DEVINET_SYSCTL_RW_ENTRY(DROP_GRATUITOUS_ARP,
2602 "drop_gratuitous_arp"),
2603
2604 DEVINET_SYSCTL_FLUSHING_ENTRY(NOXFRM, "disable_xfrm"),
2605 DEVINET_SYSCTL_FLUSHING_ENTRY(NOPOLICY, "disable_policy"),
2606 DEVINET_SYSCTL_FLUSHING_ENTRY(PROMOTE_SECONDARIES,
2607 "promote_secondaries"),
2608 DEVINET_SYSCTL_FLUSHING_ENTRY(ROUTE_LOCALNET,
2609 "route_localnet"),
2610 DEVINET_SYSCTL_FLUSHING_ENTRY(DROP_UNICAST_IN_L2_MULTICAST,
2611 "drop_unicast_in_l2_multicast"),
2612 },
2613 };
2614
__devinet_sysctl_register(struct net * net,char * dev_name,int ifindex,struct ipv4_devconf * p)2615 static int __devinet_sysctl_register(struct net *net, char *dev_name,
2616 int ifindex, struct ipv4_devconf *p)
2617 {
2618 int i;
2619 struct devinet_sysctl_table *t;
2620 char path[sizeof("net/ipv4/conf/") + IFNAMSIZ];
2621
2622 t = kmemdup(&devinet_sysctl, sizeof(*t), GFP_KERNEL_ACCOUNT);
2623 if (!t)
2624 goto out;
2625
2626 for (i = 0; i < ARRAY_SIZE(t->devinet_vars) - 1; i++) {
2627 t->devinet_vars[i].data += (char *)p - (char *)&ipv4_devconf;
2628 t->devinet_vars[i].extra1 = p;
2629 t->devinet_vars[i].extra2 = net;
2630 }
2631
2632 snprintf(path, sizeof(path), "net/ipv4/conf/%s", dev_name);
2633
2634 t->sysctl_header = register_net_sysctl(net, path, t->devinet_vars);
2635 if (!t->sysctl_header)
2636 goto free;
2637
2638 p->sysctl = t;
2639
2640 inet_netconf_notify_devconf(net, RTM_NEWNETCONF, NETCONFA_ALL,
2641 ifindex, p);
2642 return 0;
2643
2644 free:
2645 kfree(t);
2646 out:
2647 return -ENOMEM;
2648 }
2649
__devinet_sysctl_unregister(struct net * net,struct ipv4_devconf * cnf,int ifindex)2650 static void __devinet_sysctl_unregister(struct net *net,
2651 struct ipv4_devconf *cnf, int ifindex)
2652 {
2653 struct devinet_sysctl_table *t = cnf->sysctl;
2654
2655 if (t) {
2656 cnf->sysctl = NULL;
2657 unregister_net_sysctl_table(t->sysctl_header);
2658 kfree(t);
2659 }
2660
2661 inet_netconf_notify_devconf(net, RTM_DELNETCONF, 0, ifindex, NULL);
2662 }
2663
devinet_sysctl_register(struct in_device * idev)2664 static int devinet_sysctl_register(struct in_device *idev)
2665 {
2666 int err;
2667
2668 if (!sysctl_dev_name_is_allowed(idev->dev->name))
2669 return -EINVAL;
2670
2671 err = neigh_sysctl_register(idev->dev, idev->arp_parms, NULL);
2672 if (err)
2673 return err;
2674 err = __devinet_sysctl_register(dev_net(idev->dev), idev->dev->name,
2675 idev->dev->ifindex, &idev->cnf);
2676 if (err)
2677 neigh_sysctl_unregister(idev->arp_parms);
2678 return err;
2679 }
2680
devinet_sysctl_unregister(struct in_device * idev)2681 static void devinet_sysctl_unregister(struct in_device *idev)
2682 {
2683 struct net *net = dev_net(idev->dev);
2684
2685 __devinet_sysctl_unregister(net, &idev->cnf, idev->dev->ifindex);
2686 neigh_sysctl_unregister(idev->arp_parms);
2687 }
2688
2689 static struct ctl_table ctl_forward_entry[] = {
2690 {
2691 .procname = "ip_forward",
2692 .data = &ipv4_devconf.data[
2693 IPV4_DEVCONF_FORWARDING - 1],
2694 .maxlen = sizeof(int),
2695 .mode = 0644,
2696 .proc_handler = devinet_sysctl_forward,
2697 .extra1 = &ipv4_devconf,
2698 .extra2 = &init_net,
2699 },
2700 { },
2701 };
2702 #endif
2703
devinet_init_net(struct net * net)2704 static __net_init int devinet_init_net(struct net *net)
2705 {
2706 int err;
2707 struct ipv4_devconf *all, *dflt;
2708 #ifdef CONFIG_SYSCTL
2709 struct ctl_table *tbl;
2710 struct ctl_table_header *forw_hdr;
2711 #endif
2712
2713 err = -ENOMEM;
2714 all = kmemdup(&ipv4_devconf, sizeof(ipv4_devconf), GFP_KERNEL);
2715 if (!all)
2716 goto err_alloc_all;
2717
2718 dflt = kmemdup(&ipv4_devconf_dflt, sizeof(ipv4_devconf_dflt), GFP_KERNEL);
2719 if (!dflt)
2720 goto err_alloc_dflt;
2721
2722 #ifdef CONFIG_SYSCTL
2723 tbl = kmemdup(ctl_forward_entry, sizeof(ctl_forward_entry), GFP_KERNEL);
2724 if (!tbl)
2725 goto err_alloc_ctl;
2726
2727 tbl[0].data = &all->data[IPV4_DEVCONF_FORWARDING - 1];
2728 tbl[0].extra1 = all;
2729 tbl[0].extra2 = net;
2730 #endif
2731
2732 if (!net_eq(net, &init_net)) {
2733 switch (net_inherit_devconf()) {
2734 case 3:
2735 /* copy from the current netns */
2736 memcpy(all, current->nsproxy->net_ns->ipv4.devconf_all,
2737 sizeof(ipv4_devconf));
2738 memcpy(dflt,
2739 current->nsproxy->net_ns->ipv4.devconf_dflt,
2740 sizeof(ipv4_devconf_dflt));
2741 break;
2742 case 0:
2743 case 1:
2744 /* copy from init_net */
2745 memcpy(all, init_net.ipv4.devconf_all,
2746 sizeof(ipv4_devconf));
2747 memcpy(dflt, init_net.ipv4.devconf_dflt,
2748 sizeof(ipv4_devconf_dflt));
2749 break;
2750 case 2:
2751 /* use compiled values */
2752 break;
2753 }
2754 }
2755
2756 #ifdef CONFIG_SYSCTL
2757 err = __devinet_sysctl_register(net, "all", NETCONFA_IFINDEX_ALL, all);
2758 if (err < 0)
2759 goto err_reg_all;
2760
2761 err = __devinet_sysctl_register(net, "default",
2762 NETCONFA_IFINDEX_DEFAULT, dflt);
2763 if (err < 0)
2764 goto err_reg_dflt;
2765
2766 err = -ENOMEM;
2767 forw_hdr = register_net_sysctl_sz(net, "net/ipv4", tbl,
2768 ARRAY_SIZE(ctl_forward_entry));
2769 if (!forw_hdr)
2770 goto err_reg_ctl;
2771 net->ipv4.forw_hdr = forw_hdr;
2772 #endif
2773
2774 net->ipv4.devconf_all = all;
2775 net->ipv4.devconf_dflt = dflt;
2776 return 0;
2777
2778 #ifdef CONFIG_SYSCTL
2779 err_reg_ctl:
2780 __devinet_sysctl_unregister(net, dflt, NETCONFA_IFINDEX_DEFAULT);
2781 err_reg_dflt:
2782 __devinet_sysctl_unregister(net, all, NETCONFA_IFINDEX_ALL);
2783 err_reg_all:
2784 kfree(tbl);
2785 err_alloc_ctl:
2786 #endif
2787 kfree(dflt);
2788 err_alloc_dflt:
2789 kfree(all);
2790 err_alloc_all:
2791 return err;
2792 }
2793
devinet_exit_net(struct net * net)2794 static __net_exit void devinet_exit_net(struct net *net)
2795 {
2796 #ifdef CONFIG_SYSCTL
2797 struct ctl_table *tbl;
2798
2799 tbl = net->ipv4.forw_hdr->ctl_table_arg;
2800 unregister_net_sysctl_table(net->ipv4.forw_hdr);
2801 __devinet_sysctl_unregister(net, net->ipv4.devconf_dflt,
2802 NETCONFA_IFINDEX_DEFAULT);
2803 __devinet_sysctl_unregister(net, net->ipv4.devconf_all,
2804 NETCONFA_IFINDEX_ALL);
2805 kfree(tbl);
2806 #endif
2807 kfree(net->ipv4.devconf_dflt);
2808 kfree(net->ipv4.devconf_all);
2809 }
2810
2811 static __net_initdata struct pernet_operations devinet_ops = {
2812 .init = devinet_init_net,
2813 .exit = devinet_exit_net,
2814 };
2815
2816 static struct rtnl_af_ops inet_af_ops __read_mostly = {
2817 .family = AF_INET,
2818 .fill_link_af = inet_fill_link_af,
2819 .get_link_af_size = inet_get_link_af_size,
2820 .validate_link_af = inet_validate_link_af,
2821 .set_link_af = inet_set_link_af,
2822 };
2823
devinet_init(void)2824 void __init devinet_init(void)
2825 {
2826 int i;
2827
2828 for (i = 0; i < IN4_ADDR_HSIZE; i++)
2829 INIT_HLIST_HEAD(&inet_addr_lst[i]);
2830
2831 register_pernet_subsys(&devinet_ops);
2832 register_netdevice_notifier(&ip_netdev_notifier);
2833
2834 queue_delayed_work(system_power_efficient_wq, &check_lifetime_work, 0);
2835
2836 rtnl_af_register(&inet_af_ops);
2837
2838 rtnl_register(PF_INET, RTM_NEWADDR, inet_rtm_newaddr, NULL, 0);
2839 rtnl_register(PF_INET, RTM_DELADDR, inet_rtm_deladdr, NULL, 0);
2840 rtnl_register(PF_INET, RTM_GETADDR, NULL, inet_dump_ifaddr, 0);
2841 rtnl_register(PF_INET, RTM_GETNETCONF, inet_netconf_get_devconf,
2842 inet_netconf_dump_devconf, 0);
2843 }
2844