xref: /openbmc/linux/net/ipv6/ip6mr.c (revision ff4a7481c3898ffc3cc271d6aca431d190c37247)
1 /*
2  *	Linux IPv6 multicast routing support for BSD pim6sd
3  *	Based on net/ipv4/ipmr.c.
4  *
5  *	(c) 2004 Mickael Hoerdt, <hoerdt@clarinet.u-strasbg.fr>
6  *		LSIIT Laboratory, Strasbourg, France
7  *	(c) 2004 Jean-Philippe Andriot, <jean-philippe.andriot@6WIND.com>
8  *		6WIND, Paris, France
9  *	Copyright (C)2007,2008 USAGI/WIDE Project
10  *		YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
11  *
12  *	This program is free software; you can redistribute it and/or
13  *	modify it under the terms of the GNU General Public License
14  *	as published by the Free Software Foundation; either version
15  *	2 of the License, or (at your option) any later version.
16  *
17  */
18 
19 #include <linux/uaccess.h>
20 #include <linux/types.h>
21 #include <linux/sched.h>
22 #include <linux/errno.h>
23 #include <linux/mm.h>
24 #include <linux/kernel.h>
25 #include <linux/fcntl.h>
26 #include <linux/stat.h>
27 #include <linux/socket.h>
28 #include <linux/inet.h>
29 #include <linux/netdevice.h>
30 #include <linux/inetdevice.h>
31 #include <linux/proc_fs.h>
32 #include <linux/seq_file.h>
33 #include <linux/init.h>
34 #include <linux/compat.h>
35 #include <linux/rhashtable.h>
36 #include <net/protocol.h>
37 #include <linux/skbuff.h>
38 #include <net/raw.h>
39 #include <linux/notifier.h>
40 #include <linux/if_arp.h>
41 #include <net/checksum.h>
42 #include <net/netlink.h>
43 #include <net/fib_rules.h>
44 
45 #include <net/ipv6.h>
46 #include <net/ip6_route.h>
47 #include <linux/mroute6.h>
48 #include <linux/pim.h>
49 #include <net/addrconf.h>
50 #include <linux/netfilter_ipv6.h>
51 #include <linux/export.h>
52 #include <net/ip6_checksum.h>
53 #include <linux/netconf.h>
54 
55 #include <linux/nospec.h>
56 
57 struct ip6mr_rule {
58 	struct fib_rule		common;
59 };
60 
61 struct ip6mr_result {
62 	struct mr_table	*mrt;
63 };
64 
65 /* Big lock, protecting vif table, mrt cache and mroute socket state.
66    Note that the changes are semaphored via rtnl_lock.
67  */
68 
69 static DEFINE_RWLOCK(mrt_lock);
70 
71 /* Multicast router control variables */
72 
73 /* Special spinlock for queue of unresolved entries */
74 static DEFINE_SPINLOCK(mfc_unres_lock);
75 
76 /* We return to original Alan's scheme. Hash table of resolved
77    entries is changed only in process context and protected
78    with weak lock mrt_lock. Queue of unresolved entries is protected
79    with strong spinlock mfc_unres_lock.
80 
81    In this case data path is free of exclusive locks at all.
82  */
83 
84 static struct kmem_cache *mrt_cachep __read_mostly;
85 
86 static struct mr_table *ip6mr_new_table(struct net *net, u32 id);
87 static void ip6mr_free_table(struct mr_table *mrt);
88 
89 static void ip6_mr_forward(struct net *net, struct mr_table *mrt,
90 			   struct net_device *dev, struct sk_buff *skb,
91 			   struct mfc6_cache *cache);
92 static int ip6mr_cache_report(struct mr_table *mrt, struct sk_buff *pkt,
93 			      mifi_t mifi, int assert);
94 static void mr6_netlink_event(struct mr_table *mrt, struct mfc6_cache *mfc,
95 			      int cmd);
96 static void mrt6msg_netlink_event(struct mr_table *mrt, struct sk_buff *pkt);
97 static int ip6mr_rtm_dumproute(struct sk_buff *skb,
98 			       struct netlink_callback *cb);
99 static void mroute_clean_tables(struct mr_table *mrt, bool all);
100 static void ipmr_expire_process(struct timer_list *t);
101 
102 #ifdef CONFIG_IPV6_MROUTE_MULTIPLE_TABLES
103 #define ip6mr_for_each_table(mrt, net) \
104 	list_for_each_entry_rcu(mrt, &net->ipv6.mr6_tables, list)
105 
106 static struct mr_table *ip6mr_mr_table_iter(struct net *net,
107 					    struct mr_table *mrt)
108 {
109 	struct mr_table *ret;
110 
111 	if (!mrt)
112 		ret = list_entry_rcu(net->ipv6.mr6_tables.next,
113 				     struct mr_table, list);
114 	else
115 		ret = list_entry_rcu(mrt->list.next,
116 				     struct mr_table, list);
117 
118 	if (&ret->list == &net->ipv6.mr6_tables)
119 		return NULL;
120 	return ret;
121 }
122 
123 static struct mr_table *ip6mr_get_table(struct net *net, u32 id)
124 {
125 	struct mr_table *mrt;
126 
127 	ip6mr_for_each_table(mrt, net) {
128 		if (mrt->id == id)
129 			return mrt;
130 	}
131 	return NULL;
132 }
133 
134 static int ip6mr_fib_lookup(struct net *net, struct flowi6 *flp6,
135 			    struct mr_table **mrt)
136 {
137 	int err;
138 	struct ip6mr_result res;
139 	struct fib_lookup_arg arg = {
140 		.result = &res,
141 		.flags = FIB_LOOKUP_NOREF,
142 	};
143 
144 	/* update flow if oif or iif point to device enslaved to l3mdev */
145 	l3mdev_update_flow(net, flowi6_to_flowi(flp6));
146 
147 	err = fib_rules_lookup(net->ipv6.mr6_rules_ops,
148 			       flowi6_to_flowi(flp6), 0, &arg);
149 	if (err < 0)
150 		return err;
151 	*mrt = res.mrt;
152 	return 0;
153 }
154 
155 static int ip6mr_rule_action(struct fib_rule *rule, struct flowi *flp,
156 			     int flags, struct fib_lookup_arg *arg)
157 {
158 	struct ip6mr_result *res = arg->result;
159 	struct mr_table *mrt;
160 
161 	switch (rule->action) {
162 	case FR_ACT_TO_TBL:
163 		break;
164 	case FR_ACT_UNREACHABLE:
165 		return -ENETUNREACH;
166 	case FR_ACT_PROHIBIT:
167 		return -EACCES;
168 	case FR_ACT_BLACKHOLE:
169 	default:
170 		return -EINVAL;
171 	}
172 
173 	arg->table = fib_rule_get_table(rule, arg);
174 
175 	mrt = ip6mr_get_table(rule->fr_net, arg->table);
176 	if (!mrt)
177 		return -EAGAIN;
178 	res->mrt = mrt;
179 	return 0;
180 }
181 
182 static int ip6mr_rule_match(struct fib_rule *rule, struct flowi *flp, int flags)
183 {
184 	return 1;
185 }
186 
187 static const struct nla_policy ip6mr_rule_policy[FRA_MAX + 1] = {
188 	FRA_GENERIC_POLICY,
189 };
190 
191 static int ip6mr_rule_configure(struct fib_rule *rule, struct sk_buff *skb,
192 				struct fib_rule_hdr *frh, struct nlattr **tb,
193 				struct netlink_ext_ack *extack)
194 {
195 	return 0;
196 }
197 
198 static int ip6mr_rule_compare(struct fib_rule *rule, struct fib_rule_hdr *frh,
199 			      struct nlattr **tb)
200 {
201 	return 1;
202 }
203 
204 static int ip6mr_rule_fill(struct fib_rule *rule, struct sk_buff *skb,
205 			   struct fib_rule_hdr *frh)
206 {
207 	frh->dst_len = 0;
208 	frh->src_len = 0;
209 	frh->tos     = 0;
210 	return 0;
211 }
212 
213 static const struct fib_rules_ops __net_initconst ip6mr_rules_ops_template = {
214 	.family		= RTNL_FAMILY_IP6MR,
215 	.rule_size	= sizeof(struct ip6mr_rule),
216 	.addr_size	= sizeof(struct in6_addr),
217 	.action		= ip6mr_rule_action,
218 	.match		= ip6mr_rule_match,
219 	.configure	= ip6mr_rule_configure,
220 	.compare	= ip6mr_rule_compare,
221 	.fill		= ip6mr_rule_fill,
222 	.nlgroup	= RTNLGRP_IPV6_RULE,
223 	.policy		= ip6mr_rule_policy,
224 	.owner		= THIS_MODULE,
225 };
226 
227 static int __net_init ip6mr_rules_init(struct net *net)
228 {
229 	struct fib_rules_ops *ops;
230 	struct mr_table *mrt;
231 	int err;
232 
233 	ops = fib_rules_register(&ip6mr_rules_ops_template, net);
234 	if (IS_ERR(ops))
235 		return PTR_ERR(ops);
236 
237 	INIT_LIST_HEAD(&net->ipv6.mr6_tables);
238 
239 	mrt = ip6mr_new_table(net, RT6_TABLE_DFLT);
240 	if (IS_ERR(mrt)) {
241 		err = PTR_ERR(mrt);
242 		goto err1;
243 	}
244 
245 	err = fib_default_rule_add(ops, 0x7fff, RT6_TABLE_DFLT, 0);
246 	if (err < 0)
247 		goto err2;
248 
249 	net->ipv6.mr6_rules_ops = ops;
250 	return 0;
251 
252 err2:
253 	ip6mr_free_table(mrt);
254 err1:
255 	fib_rules_unregister(ops);
256 	return err;
257 }
258 
259 static void __net_exit ip6mr_rules_exit(struct net *net)
260 {
261 	struct mr_table *mrt, *next;
262 
263 	rtnl_lock();
264 	list_for_each_entry_safe(mrt, next, &net->ipv6.mr6_tables, list) {
265 		list_del(&mrt->list);
266 		ip6mr_free_table(mrt);
267 	}
268 	fib_rules_unregister(net->ipv6.mr6_rules_ops);
269 	rtnl_unlock();
270 }
271 
272 static int ip6mr_rules_dump(struct net *net, struct notifier_block *nb)
273 {
274 	return fib_rules_dump(net, nb, RTNL_FAMILY_IP6MR);
275 }
276 
277 static unsigned int ip6mr_rules_seq_read(struct net *net)
278 {
279 	return fib_rules_seq_read(net, RTNL_FAMILY_IP6MR);
280 }
281 
282 bool ip6mr_rule_default(const struct fib_rule *rule)
283 {
284 	return fib_rule_matchall(rule) && rule->action == FR_ACT_TO_TBL &&
285 	       rule->table == RT6_TABLE_DFLT && !rule->l3mdev;
286 }
287 EXPORT_SYMBOL(ip6mr_rule_default);
288 #else
289 #define ip6mr_for_each_table(mrt, net) \
290 	for (mrt = net->ipv6.mrt6; mrt; mrt = NULL)
291 
292 static struct mr_table *ip6mr_mr_table_iter(struct net *net,
293 					    struct mr_table *mrt)
294 {
295 	if (!mrt)
296 		return net->ipv6.mrt6;
297 	return NULL;
298 }
299 
300 static struct mr_table *ip6mr_get_table(struct net *net, u32 id)
301 {
302 	return net->ipv6.mrt6;
303 }
304 
305 static int ip6mr_fib_lookup(struct net *net, struct flowi6 *flp6,
306 			    struct mr_table **mrt)
307 {
308 	*mrt = net->ipv6.mrt6;
309 	return 0;
310 }
311 
312 static int __net_init ip6mr_rules_init(struct net *net)
313 {
314 	struct mr_table *mrt;
315 
316 	mrt = ip6mr_new_table(net, RT6_TABLE_DFLT);
317 	if (IS_ERR(mrt))
318 		return PTR_ERR(mrt);
319 	net->ipv6.mrt6 = mrt;
320 	return 0;
321 }
322 
323 static void __net_exit ip6mr_rules_exit(struct net *net)
324 {
325 	rtnl_lock();
326 	ip6mr_free_table(net->ipv6.mrt6);
327 	net->ipv6.mrt6 = NULL;
328 	rtnl_unlock();
329 }
330 
331 static int ip6mr_rules_dump(struct net *net, struct notifier_block *nb)
332 {
333 	return 0;
334 }
335 
336 static unsigned int ip6mr_rules_seq_read(struct net *net)
337 {
338 	return 0;
339 }
340 #endif
341 
342 static int ip6mr_hash_cmp(struct rhashtable_compare_arg *arg,
343 			  const void *ptr)
344 {
345 	const struct mfc6_cache_cmp_arg *cmparg = arg->key;
346 	struct mfc6_cache *c = (struct mfc6_cache *)ptr;
347 
348 	return !ipv6_addr_equal(&c->mf6c_mcastgrp, &cmparg->mf6c_mcastgrp) ||
349 	       !ipv6_addr_equal(&c->mf6c_origin, &cmparg->mf6c_origin);
350 }
351 
352 static const struct rhashtable_params ip6mr_rht_params = {
353 	.head_offset = offsetof(struct mr_mfc, mnode),
354 	.key_offset = offsetof(struct mfc6_cache, cmparg),
355 	.key_len = sizeof(struct mfc6_cache_cmp_arg),
356 	.nelem_hint = 3,
357 	.locks_mul = 1,
358 	.obj_cmpfn = ip6mr_hash_cmp,
359 	.automatic_shrinking = true,
360 };
361 
362 static void ip6mr_new_table_set(struct mr_table *mrt,
363 				struct net *net)
364 {
365 #ifdef CONFIG_IPV6_MROUTE_MULTIPLE_TABLES
366 	list_add_tail_rcu(&mrt->list, &net->ipv6.mr6_tables);
367 #endif
368 }
369 
370 static struct mfc6_cache_cmp_arg ip6mr_mr_table_ops_cmparg_any = {
371 	.mf6c_origin = IN6ADDR_ANY_INIT,
372 	.mf6c_mcastgrp = IN6ADDR_ANY_INIT,
373 };
374 
375 static struct mr_table_ops ip6mr_mr_table_ops = {
376 	.rht_params = &ip6mr_rht_params,
377 	.cmparg_any = &ip6mr_mr_table_ops_cmparg_any,
378 };
379 
380 static struct mr_table *ip6mr_new_table(struct net *net, u32 id)
381 {
382 	struct mr_table *mrt;
383 
384 	mrt = ip6mr_get_table(net, id);
385 	if (mrt)
386 		return mrt;
387 
388 	return mr_table_alloc(net, id, &ip6mr_mr_table_ops,
389 			      ipmr_expire_process, ip6mr_new_table_set);
390 }
391 
392 static void ip6mr_free_table(struct mr_table *mrt)
393 {
394 	del_timer_sync(&mrt->ipmr_expire_timer);
395 	mroute_clean_tables(mrt, true);
396 	rhltable_destroy(&mrt->mfc_hash);
397 	kfree(mrt);
398 }
399 
400 #ifdef CONFIG_PROC_FS
401 /* The /proc interfaces to multicast routing
402  * /proc/ip6_mr_cache /proc/ip6_mr_vif
403  */
404 
405 static void *ip6mr_vif_seq_start(struct seq_file *seq, loff_t *pos)
406 	__acquires(mrt_lock)
407 {
408 	struct mr_vif_iter *iter = seq->private;
409 	struct net *net = seq_file_net(seq);
410 	struct mr_table *mrt;
411 
412 	mrt = ip6mr_get_table(net, RT6_TABLE_DFLT);
413 	if (!mrt)
414 		return ERR_PTR(-ENOENT);
415 
416 	iter->mrt = mrt;
417 
418 	read_lock(&mrt_lock);
419 	return mr_vif_seq_start(seq, pos);
420 }
421 
422 static void ip6mr_vif_seq_stop(struct seq_file *seq, void *v)
423 	__releases(mrt_lock)
424 {
425 	read_unlock(&mrt_lock);
426 }
427 
428 static int ip6mr_vif_seq_show(struct seq_file *seq, void *v)
429 {
430 	struct mr_vif_iter *iter = seq->private;
431 	struct mr_table *mrt = iter->mrt;
432 
433 	if (v == SEQ_START_TOKEN) {
434 		seq_puts(seq,
435 			 "Interface      BytesIn  PktsIn  BytesOut PktsOut Flags\n");
436 	} else {
437 		const struct vif_device *vif = v;
438 		const char *name = vif->dev ? vif->dev->name : "none";
439 
440 		seq_printf(seq,
441 			   "%2td %-10s %8ld %7ld  %8ld %7ld %05X\n",
442 			   vif - mrt->vif_table,
443 			   name, vif->bytes_in, vif->pkt_in,
444 			   vif->bytes_out, vif->pkt_out,
445 			   vif->flags);
446 	}
447 	return 0;
448 }
449 
450 static const struct seq_operations ip6mr_vif_seq_ops = {
451 	.start = ip6mr_vif_seq_start,
452 	.next  = mr_vif_seq_next,
453 	.stop  = ip6mr_vif_seq_stop,
454 	.show  = ip6mr_vif_seq_show,
455 };
456 
457 static void *ipmr_mfc_seq_start(struct seq_file *seq, loff_t *pos)
458 {
459 	struct net *net = seq_file_net(seq);
460 	struct mr_table *mrt;
461 
462 	mrt = ip6mr_get_table(net, RT6_TABLE_DFLT);
463 	if (!mrt)
464 		return ERR_PTR(-ENOENT);
465 
466 	return mr_mfc_seq_start(seq, pos, mrt, &mfc_unres_lock);
467 }
468 
469 static int ipmr_mfc_seq_show(struct seq_file *seq, void *v)
470 {
471 	int n;
472 
473 	if (v == SEQ_START_TOKEN) {
474 		seq_puts(seq,
475 			 "Group                            "
476 			 "Origin                           "
477 			 "Iif      Pkts  Bytes     Wrong  Oifs\n");
478 	} else {
479 		const struct mfc6_cache *mfc = v;
480 		const struct mr_mfc_iter *it = seq->private;
481 		struct mr_table *mrt = it->mrt;
482 
483 		seq_printf(seq, "%pI6 %pI6 %-3hd",
484 			   &mfc->mf6c_mcastgrp, &mfc->mf6c_origin,
485 			   mfc->_c.mfc_parent);
486 
487 		if (it->cache != &mrt->mfc_unres_queue) {
488 			seq_printf(seq, " %8lu %8lu %8lu",
489 				   mfc->_c.mfc_un.res.pkt,
490 				   mfc->_c.mfc_un.res.bytes,
491 				   mfc->_c.mfc_un.res.wrong_if);
492 			for (n = mfc->_c.mfc_un.res.minvif;
493 			     n < mfc->_c.mfc_un.res.maxvif; n++) {
494 				if (VIF_EXISTS(mrt, n) &&
495 				    mfc->_c.mfc_un.res.ttls[n] < 255)
496 					seq_printf(seq,
497 						   " %2d:%-3d", n,
498 						   mfc->_c.mfc_un.res.ttls[n]);
499 			}
500 		} else {
501 			/* unresolved mfc_caches don't contain
502 			 * pkt, bytes and wrong_if values
503 			 */
504 			seq_printf(seq, " %8lu %8lu %8lu", 0ul, 0ul, 0ul);
505 		}
506 		seq_putc(seq, '\n');
507 	}
508 	return 0;
509 }
510 
511 static const struct seq_operations ipmr_mfc_seq_ops = {
512 	.start = ipmr_mfc_seq_start,
513 	.next  = mr_mfc_seq_next,
514 	.stop  = mr_mfc_seq_stop,
515 	.show  = ipmr_mfc_seq_show,
516 };
517 #endif
518 
519 #ifdef CONFIG_IPV6_PIMSM_V2
520 
521 static int pim6_rcv(struct sk_buff *skb)
522 {
523 	struct pimreghdr *pim;
524 	struct ipv6hdr   *encap;
525 	struct net_device  *reg_dev = NULL;
526 	struct net *net = dev_net(skb->dev);
527 	struct mr_table *mrt;
528 	struct flowi6 fl6 = {
529 		.flowi6_iif	= skb->dev->ifindex,
530 		.flowi6_mark	= skb->mark,
531 	};
532 	int reg_vif_num;
533 
534 	if (!pskb_may_pull(skb, sizeof(*pim) + sizeof(*encap)))
535 		goto drop;
536 
537 	pim = (struct pimreghdr *)skb_transport_header(skb);
538 	if (pim->type != ((PIM_VERSION << 4) | PIM_TYPE_REGISTER) ||
539 	    (pim->flags & PIM_NULL_REGISTER) ||
540 	    (csum_ipv6_magic(&ipv6_hdr(skb)->saddr, &ipv6_hdr(skb)->daddr,
541 			     sizeof(*pim), IPPROTO_PIM,
542 			     csum_partial((void *)pim, sizeof(*pim), 0)) &&
543 	     csum_fold(skb_checksum(skb, 0, skb->len, 0))))
544 		goto drop;
545 
546 	/* check if the inner packet is destined to mcast group */
547 	encap = (struct ipv6hdr *)(skb_transport_header(skb) +
548 				   sizeof(*pim));
549 
550 	if (!ipv6_addr_is_multicast(&encap->daddr) ||
551 	    encap->payload_len == 0 ||
552 	    ntohs(encap->payload_len) + sizeof(*pim) > skb->len)
553 		goto drop;
554 
555 	if (ip6mr_fib_lookup(net, &fl6, &mrt) < 0)
556 		goto drop;
557 	reg_vif_num = mrt->mroute_reg_vif_num;
558 
559 	read_lock(&mrt_lock);
560 	if (reg_vif_num >= 0)
561 		reg_dev = mrt->vif_table[reg_vif_num].dev;
562 	if (reg_dev)
563 		dev_hold(reg_dev);
564 	read_unlock(&mrt_lock);
565 
566 	if (!reg_dev)
567 		goto drop;
568 
569 	skb->mac_header = skb->network_header;
570 	skb_pull(skb, (u8 *)encap - skb->data);
571 	skb_reset_network_header(skb);
572 	skb->protocol = htons(ETH_P_IPV6);
573 	skb->ip_summed = CHECKSUM_NONE;
574 
575 	skb_tunnel_rx(skb, reg_dev, dev_net(reg_dev));
576 
577 	netif_rx(skb);
578 
579 	dev_put(reg_dev);
580 	return 0;
581  drop:
582 	kfree_skb(skb);
583 	return 0;
584 }
585 
586 static const struct inet6_protocol pim6_protocol = {
587 	.handler	=	pim6_rcv,
588 };
589 
590 /* Service routines creating virtual interfaces: PIMREG */
591 
592 static netdev_tx_t reg_vif_xmit(struct sk_buff *skb,
593 				      struct net_device *dev)
594 {
595 	struct net *net = dev_net(dev);
596 	struct mr_table *mrt;
597 	struct flowi6 fl6 = {
598 		.flowi6_oif	= dev->ifindex,
599 		.flowi6_iif	= skb->skb_iif ? : LOOPBACK_IFINDEX,
600 		.flowi6_mark	= skb->mark,
601 	};
602 	int err;
603 
604 	err = ip6mr_fib_lookup(net, &fl6, &mrt);
605 	if (err < 0) {
606 		kfree_skb(skb);
607 		return err;
608 	}
609 
610 	read_lock(&mrt_lock);
611 	dev->stats.tx_bytes += skb->len;
612 	dev->stats.tx_packets++;
613 	ip6mr_cache_report(mrt, skb, mrt->mroute_reg_vif_num, MRT6MSG_WHOLEPKT);
614 	read_unlock(&mrt_lock);
615 	kfree_skb(skb);
616 	return NETDEV_TX_OK;
617 }
618 
619 static int reg_vif_get_iflink(const struct net_device *dev)
620 {
621 	return 0;
622 }
623 
624 static const struct net_device_ops reg_vif_netdev_ops = {
625 	.ndo_start_xmit	= reg_vif_xmit,
626 	.ndo_get_iflink = reg_vif_get_iflink,
627 };
628 
629 static void reg_vif_setup(struct net_device *dev)
630 {
631 	dev->type		= ARPHRD_PIMREG;
632 	dev->mtu		= 1500 - sizeof(struct ipv6hdr) - 8;
633 	dev->flags		= IFF_NOARP;
634 	dev->netdev_ops		= &reg_vif_netdev_ops;
635 	dev->needs_free_netdev	= true;
636 	dev->features		|= NETIF_F_NETNS_LOCAL;
637 }
638 
639 static struct net_device *ip6mr_reg_vif(struct net *net, struct mr_table *mrt)
640 {
641 	struct net_device *dev;
642 	char name[IFNAMSIZ];
643 
644 	if (mrt->id == RT6_TABLE_DFLT)
645 		sprintf(name, "pim6reg");
646 	else
647 		sprintf(name, "pim6reg%u", mrt->id);
648 
649 	dev = alloc_netdev(0, name, NET_NAME_UNKNOWN, reg_vif_setup);
650 	if (!dev)
651 		return NULL;
652 
653 	dev_net_set(dev, net);
654 
655 	if (register_netdevice(dev)) {
656 		free_netdev(dev);
657 		return NULL;
658 	}
659 
660 	if (dev_open(dev, NULL))
661 		goto failure;
662 
663 	dev_hold(dev);
664 	return dev;
665 
666 failure:
667 	unregister_netdevice(dev);
668 	return NULL;
669 }
670 #endif
671 
672 static int call_ip6mr_vif_entry_notifiers(struct net *net,
673 					  enum fib_event_type event_type,
674 					  struct vif_device *vif,
675 					  mifi_t vif_index, u32 tb_id)
676 {
677 	return mr_call_vif_notifiers(net, RTNL_FAMILY_IP6MR, event_type,
678 				     vif, vif_index, tb_id,
679 				     &net->ipv6.ipmr_seq);
680 }
681 
682 static int call_ip6mr_mfc_entry_notifiers(struct net *net,
683 					  enum fib_event_type event_type,
684 					  struct mfc6_cache *mfc, u32 tb_id)
685 {
686 	return mr_call_mfc_notifiers(net, RTNL_FAMILY_IP6MR, event_type,
687 				     &mfc->_c, tb_id, &net->ipv6.ipmr_seq);
688 }
689 
690 /* Delete a VIF entry */
691 static int mif6_delete(struct mr_table *mrt, int vifi, int notify,
692 		       struct list_head *head)
693 {
694 	struct vif_device *v;
695 	struct net_device *dev;
696 	struct inet6_dev *in6_dev;
697 
698 	if (vifi < 0 || vifi >= mrt->maxvif)
699 		return -EADDRNOTAVAIL;
700 
701 	v = &mrt->vif_table[vifi];
702 
703 	if (VIF_EXISTS(mrt, vifi))
704 		call_ip6mr_vif_entry_notifiers(read_pnet(&mrt->net),
705 					       FIB_EVENT_VIF_DEL, v, vifi,
706 					       mrt->id);
707 
708 	write_lock_bh(&mrt_lock);
709 	dev = v->dev;
710 	v->dev = NULL;
711 
712 	if (!dev) {
713 		write_unlock_bh(&mrt_lock);
714 		return -EADDRNOTAVAIL;
715 	}
716 
717 #ifdef CONFIG_IPV6_PIMSM_V2
718 	if (vifi == mrt->mroute_reg_vif_num)
719 		mrt->mroute_reg_vif_num = -1;
720 #endif
721 
722 	if (vifi + 1 == mrt->maxvif) {
723 		int tmp;
724 		for (tmp = vifi - 1; tmp >= 0; tmp--) {
725 			if (VIF_EXISTS(mrt, tmp))
726 				break;
727 		}
728 		mrt->maxvif = tmp + 1;
729 	}
730 
731 	write_unlock_bh(&mrt_lock);
732 
733 	dev_set_allmulti(dev, -1);
734 
735 	in6_dev = __in6_dev_get(dev);
736 	if (in6_dev) {
737 		in6_dev->cnf.mc_forwarding--;
738 		inet6_netconf_notify_devconf(dev_net(dev), RTM_NEWNETCONF,
739 					     NETCONFA_MC_FORWARDING,
740 					     dev->ifindex, &in6_dev->cnf);
741 	}
742 
743 	if ((v->flags & MIFF_REGISTER) && !notify)
744 		unregister_netdevice_queue(dev, head);
745 
746 	dev_put(dev);
747 	return 0;
748 }
749 
750 static inline void ip6mr_cache_free_rcu(struct rcu_head *head)
751 {
752 	struct mr_mfc *c = container_of(head, struct mr_mfc, rcu);
753 
754 	kmem_cache_free(mrt_cachep, (struct mfc6_cache *)c);
755 }
756 
757 static inline void ip6mr_cache_free(struct mfc6_cache *c)
758 {
759 	call_rcu(&c->_c.rcu, ip6mr_cache_free_rcu);
760 }
761 
762 /* Destroy an unresolved cache entry, killing queued skbs
763    and reporting error to netlink readers.
764  */
765 
766 static void ip6mr_destroy_unres(struct mr_table *mrt, struct mfc6_cache *c)
767 {
768 	struct net *net = read_pnet(&mrt->net);
769 	struct sk_buff *skb;
770 
771 	atomic_dec(&mrt->cache_resolve_queue_len);
772 
773 	while ((skb = skb_dequeue(&c->_c.mfc_un.unres.unresolved)) != NULL) {
774 		if (ipv6_hdr(skb)->version == 0) {
775 			struct nlmsghdr *nlh = skb_pull(skb,
776 							sizeof(struct ipv6hdr));
777 			nlh->nlmsg_type = NLMSG_ERROR;
778 			nlh->nlmsg_len = nlmsg_msg_size(sizeof(struct nlmsgerr));
779 			skb_trim(skb, nlh->nlmsg_len);
780 			((struct nlmsgerr *)nlmsg_data(nlh))->error = -ETIMEDOUT;
781 			rtnl_unicast(skb, net, NETLINK_CB(skb).portid);
782 		} else
783 			kfree_skb(skb);
784 	}
785 
786 	ip6mr_cache_free(c);
787 }
788 
789 
790 /* Timer process for all the unresolved queue. */
791 
792 static void ipmr_do_expire_process(struct mr_table *mrt)
793 {
794 	unsigned long now = jiffies;
795 	unsigned long expires = 10 * HZ;
796 	struct mr_mfc *c, *next;
797 
798 	list_for_each_entry_safe(c, next, &mrt->mfc_unres_queue, list) {
799 		if (time_after(c->mfc_un.unres.expires, now)) {
800 			/* not yet... */
801 			unsigned long interval = c->mfc_un.unres.expires - now;
802 			if (interval < expires)
803 				expires = interval;
804 			continue;
805 		}
806 
807 		list_del(&c->list);
808 		mr6_netlink_event(mrt, (struct mfc6_cache *)c, RTM_DELROUTE);
809 		ip6mr_destroy_unres(mrt, (struct mfc6_cache *)c);
810 	}
811 
812 	if (!list_empty(&mrt->mfc_unres_queue))
813 		mod_timer(&mrt->ipmr_expire_timer, jiffies + expires);
814 }
815 
816 static void ipmr_expire_process(struct timer_list *t)
817 {
818 	struct mr_table *mrt = from_timer(mrt, t, ipmr_expire_timer);
819 
820 	if (!spin_trylock(&mfc_unres_lock)) {
821 		mod_timer(&mrt->ipmr_expire_timer, jiffies + 1);
822 		return;
823 	}
824 
825 	if (!list_empty(&mrt->mfc_unres_queue))
826 		ipmr_do_expire_process(mrt);
827 
828 	spin_unlock(&mfc_unres_lock);
829 }
830 
831 /* Fill oifs list. It is called under write locked mrt_lock. */
832 
833 static void ip6mr_update_thresholds(struct mr_table *mrt,
834 				    struct mr_mfc *cache,
835 				    unsigned char *ttls)
836 {
837 	int vifi;
838 
839 	cache->mfc_un.res.minvif = MAXMIFS;
840 	cache->mfc_un.res.maxvif = 0;
841 	memset(cache->mfc_un.res.ttls, 255, MAXMIFS);
842 
843 	for (vifi = 0; vifi < mrt->maxvif; vifi++) {
844 		if (VIF_EXISTS(mrt, vifi) &&
845 		    ttls[vifi] && ttls[vifi] < 255) {
846 			cache->mfc_un.res.ttls[vifi] = ttls[vifi];
847 			if (cache->mfc_un.res.minvif > vifi)
848 				cache->mfc_un.res.minvif = vifi;
849 			if (cache->mfc_un.res.maxvif <= vifi)
850 				cache->mfc_un.res.maxvif = vifi + 1;
851 		}
852 	}
853 	cache->mfc_un.res.lastuse = jiffies;
854 }
855 
856 static int mif6_add(struct net *net, struct mr_table *mrt,
857 		    struct mif6ctl *vifc, int mrtsock)
858 {
859 	int vifi = vifc->mif6c_mifi;
860 	struct vif_device *v = &mrt->vif_table[vifi];
861 	struct net_device *dev;
862 	struct inet6_dev *in6_dev;
863 	int err;
864 
865 	/* Is vif busy ? */
866 	if (VIF_EXISTS(mrt, vifi))
867 		return -EADDRINUSE;
868 
869 	switch (vifc->mif6c_flags) {
870 #ifdef CONFIG_IPV6_PIMSM_V2
871 	case MIFF_REGISTER:
872 		/*
873 		 * Special Purpose VIF in PIM
874 		 * All the packets will be sent to the daemon
875 		 */
876 		if (mrt->mroute_reg_vif_num >= 0)
877 			return -EADDRINUSE;
878 		dev = ip6mr_reg_vif(net, mrt);
879 		if (!dev)
880 			return -ENOBUFS;
881 		err = dev_set_allmulti(dev, 1);
882 		if (err) {
883 			unregister_netdevice(dev);
884 			dev_put(dev);
885 			return err;
886 		}
887 		break;
888 #endif
889 	case 0:
890 		dev = dev_get_by_index(net, vifc->mif6c_pifi);
891 		if (!dev)
892 			return -EADDRNOTAVAIL;
893 		err = dev_set_allmulti(dev, 1);
894 		if (err) {
895 			dev_put(dev);
896 			return err;
897 		}
898 		break;
899 	default:
900 		return -EINVAL;
901 	}
902 
903 	in6_dev = __in6_dev_get(dev);
904 	if (in6_dev) {
905 		in6_dev->cnf.mc_forwarding++;
906 		inet6_netconf_notify_devconf(dev_net(dev), RTM_NEWNETCONF,
907 					     NETCONFA_MC_FORWARDING,
908 					     dev->ifindex, &in6_dev->cnf);
909 	}
910 
911 	/* Fill in the VIF structures */
912 	vif_device_init(v, dev, vifc->vifc_rate_limit, vifc->vifc_threshold,
913 			vifc->mif6c_flags | (!mrtsock ? VIFF_STATIC : 0),
914 			MIFF_REGISTER);
915 
916 	/* And finish update writing critical data */
917 	write_lock_bh(&mrt_lock);
918 	v->dev = dev;
919 #ifdef CONFIG_IPV6_PIMSM_V2
920 	if (v->flags & MIFF_REGISTER)
921 		mrt->mroute_reg_vif_num = vifi;
922 #endif
923 	if (vifi + 1 > mrt->maxvif)
924 		mrt->maxvif = vifi + 1;
925 	write_unlock_bh(&mrt_lock);
926 	call_ip6mr_vif_entry_notifiers(net, FIB_EVENT_VIF_ADD,
927 				       v, vifi, mrt->id);
928 	return 0;
929 }
930 
931 static struct mfc6_cache *ip6mr_cache_find(struct mr_table *mrt,
932 					   const struct in6_addr *origin,
933 					   const struct in6_addr *mcastgrp)
934 {
935 	struct mfc6_cache_cmp_arg arg = {
936 		.mf6c_origin = *origin,
937 		.mf6c_mcastgrp = *mcastgrp,
938 	};
939 
940 	return mr_mfc_find(mrt, &arg);
941 }
942 
943 /* Look for a (*,G) entry */
944 static struct mfc6_cache *ip6mr_cache_find_any(struct mr_table *mrt,
945 					       struct in6_addr *mcastgrp,
946 					       mifi_t mifi)
947 {
948 	struct mfc6_cache_cmp_arg arg = {
949 		.mf6c_origin = in6addr_any,
950 		.mf6c_mcastgrp = *mcastgrp,
951 	};
952 
953 	if (ipv6_addr_any(mcastgrp))
954 		return mr_mfc_find_any_parent(mrt, mifi);
955 	return mr_mfc_find_any(mrt, mifi, &arg);
956 }
957 
958 /* Look for a (S,G,iif) entry if parent != -1 */
959 static struct mfc6_cache *
960 ip6mr_cache_find_parent(struct mr_table *mrt,
961 			const struct in6_addr *origin,
962 			const struct in6_addr *mcastgrp,
963 			int parent)
964 {
965 	struct mfc6_cache_cmp_arg arg = {
966 		.mf6c_origin = *origin,
967 		.mf6c_mcastgrp = *mcastgrp,
968 	};
969 
970 	return mr_mfc_find_parent(mrt, &arg, parent);
971 }
972 
973 /* Allocate a multicast cache entry */
974 static struct mfc6_cache *ip6mr_cache_alloc(void)
975 {
976 	struct mfc6_cache *c = kmem_cache_zalloc(mrt_cachep, GFP_KERNEL);
977 	if (!c)
978 		return NULL;
979 	c->_c.mfc_un.res.last_assert = jiffies - MFC_ASSERT_THRESH - 1;
980 	c->_c.mfc_un.res.minvif = MAXMIFS;
981 	c->_c.free = ip6mr_cache_free_rcu;
982 	refcount_set(&c->_c.mfc_un.res.refcount, 1);
983 	return c;
984 }
985 
986 static struct mfc6_cache *ip6mr_cache_alloc_unres(void)
987 {
988 	struct mfc6_cache *c = kmem_cache_zalloc(mrt_cachep, GFP_ATOMIC);
989 	if (!c)
990 		return NULL;
991 	skb_queue_head_init(&c->_c.mfc_un.unres.unresolved);
992 	c->_c.mfc_un.unres.expires = jiffies + 10 * HZ;
993 	return c;
994 }
995 
996 /*
997  *	A cache entry has gone into a resolved state from queued
998  */
999 
1000 static void ip6mr_cache_resolve(struct net *net, struct mr_table *mrt,
1001 				struct mfc6_cache *uc, struct mfc6_cache *c)
1002 {
1003 	struct sk_buff *skb;
1004 
1005 	/*
1006 	 *	Play the pending entries through our router
1007 	 */
1008 
1009 	while ((skb = __skb_dequeue(&uc->_c.mfc_un.unres.unresolved))) {
1010 		if (ipv6_hdr(skb)->version == 0) {
1011 			struct nlmsghdr *nlh = skb_pull(skb,
1012 							sizeof(struct ipv6hdr));
1013 
1014 			if (mr_fill_mroute(mrt, skb, &c->_c,
1015 					   nlmsg_data(nlh)) > 0) {
1016 				nlh->nlmsg_len = skb_tail_pointer(skb) - (u8 *)nlh;
1017 			} else {
1018 				nlh->nlmsg_type = NLMSG_ERROR;
1019 				nlh->nlmsg_len = nlmsg_msg_size(sizeof(struct nlmsgerr));
1020 				skb_trim(skb, nlh->nlmsg_len);
1021 				((struct nlmsgerr *)nlmsg_data(nlh))->error = -EMSGSIZE;
1022 			}
1023 			rtnl_unicast(skb, net, NETLINK_CB(skb).portid);
1024 		} else
1025 			ip6_mr_forward(net, mrt, skb->dev, skb, c);
1026 	}
1027 }
1028 
1029 /*
1030  *	Bounce a cache query up to pim6sd and netlink.
1031  *
1032  *	Called under mrt_lock.
1033  */
1034 
1035 static int ip6mr_cache_report(struct mr_table *mrt, struct sk_buff *pkt,
1036 			      mifi_t mifi, int assert)
1037 {
1038 	struct sock *mroute6_sk;
1039 	struct sk_buff *skb;
1040 	struct mrt6msg *msg;
1041 	int ret;
1042 
1043 #ifdef CONFIG_IPV6_PIMSM_V2
1044 	if (assert == MRT6MSG_WHOLEPKT)
1045 		skb = skb_realloc_headroom(pkt, -skb_network_offset(pkt)
1046 						+sizeof(*msg));
1047 	else
1048 #endif
1049 		skb = alloc_skb(sizeof(struct ipv6hdr) + sizeof(*msg), GFP_ATOMIC);
1050 
1051 	if (!skb)
1052 		return -ENOBUFS;
1053 
1054 	/* I suppose that internal messages
1055 	 * do not require checksums */
1056 
1057 	skb->ip_summed = CHECKSUM_UNNECESSARY;
1058 
1059 #ifdef CONFIG_IPV6_PIMSM_V2
1060 	if (assert == MRT6MSG_WHOLEPKT) {
1061 		/* Ugly, but we have no choice with this interface.
1062 		   Duplicate old header, fix length etc.
1063 		   And all this only to mangle msg->im6_msgtype and
1064 		   to set msg->im6_mbz to "mbz" :-)
1065 		 */
1066 		skb_push(skb, -skb_network_offset(pkt));
1067 
1068 		skb_push(skb, sizeof(*msg));
1069 		skb_reset_transport_header(skb);
1070 		msg = (struct mrt6msg *)skb_transport_header(skb);
1071 		msg->im6_mbz = 0;
1072 		msg->im6_msgtype = MRT6MSG_WHOLEPKT;
1073 		msg->im6_mif = mrt->mroute_reg_vif_num;
1074 		msg->im6_pad = 0;
1075 		msg->im6_src = ipv6_hdr(pkt)->saddr;
1076 		msg->im6_dst = ipv6_hdr(pkt)->daddr;
1077 
1078 		skb->ip_summed = CHECKSUM_UNNECESSARY;
1079 	} else
1080 #endif
1081 	{
1082 	/*
1083 	 *	Copy the IP header
1084 	 */
1085 
1086 	skb_put(skb, sizeof(struct ipv6hdr));
1087 	skb_reset_network_header(skb);
1088 	skb_copy_to_linear_data(skb, ipv6_hdr(pkt), sizeof(struct ipv6hdr));
1089 
1090 	/*
1091 	 *	Add our header
1092 	 */
1093 	skb_put(skb, sizeof(*msg));
1094 	skb_reset_transport_header(skb);
1095 	msg = (struct mrt6msg *)skb_transport_header(skb);
1096 
1097 	msg->im6_mbz = 0;
1098 	msg->im6_msgtype = assert;
1099 	msg->im6_mif = mifi;
1100 	msg->im6_pad = 0;
1101 	msg->im6_src = ipv6_hdr(pkt)->saddr;
1102 	msg->im6_dst = ipv6_hdr(pkt)->daddr;
1103 
1104 	skb_dst_set(skb, dst_clone(skb_dst(pkt)));
1105 	skb->ip_summed = CHECKSUM_UNNECESSARY;
1106 	}
1107 
1108 	rcu_read_lock();
1109 	mroute6_sk = rcu_dereference(mrt->mroute_sk);
1110 	if (!mroute6_sk) {
1111 		rcu_read_unlock();
1112 		kfree_skb(skb);
1113 		return -EINVAL;
1114 	}
1115 
1116 	mrt6msg_netlink_event(mrt, skb);
1117 
1118 	/* Deliver to user space multicast routing algorithms */
1119 	ret = sock_queue_rcv_skb(mroute6_sk, skb);
1120 	rcu_read_unlock();
1121 	if (ret < 0) {
1122 		net_warn_ratelimited("mroute6: pending queue full, dropping entries\n");
1123 		kfree_skb(skb);
1124 	}
1125 
1126 	return ret;
1127 }
1128 
1129 /* Queue a packet for resolution. It gets locked cache entry! */
1130 static int ip6mr_cache_unresolved(struct mr_table *mrt, mifi_t mifi,
1131 				  struct sk_buff *skb, struct net_device *dev)
1132 {
1133 	struct mfc6_cache *c;
1134 	bool found = false;
1135 	int err;
1136 
1137 	spin_lock_bh(&mfc_unres_lock);
1138 	list_for_each_entry(c, &mrt->mfc_unres_queue, _c.list) {
1139 		if (ipv6_addr_equal(&c->mf6c_mcastgrp, &ipv6_hdr(skb)->daddr) &&
1140 		    ipv6_addr_equal(&c->mf6c_origin, &ipv6_hdr(skb)->saddr)) {
1141 			found = true;
1142 			break;
1143 		}
1144 	}
1145 
1146 	if (!found) {
1147 		/*
1148 		 *	Create a new entry if allowable
1149 		 */
1150 
1151 		if (atomic_read(&mrt->cache_resolve_queue_len) >= 10 ||
1152 		    (c = ip6mr_cache_alloc_unres()) == NULL) {
1153 			spin_unlock_bh(&mfc_unres_lock);
1154 
1155 			kfree_skb(skb);
1156 			return -ENOBUFS;
1157 		}
1158 
1159 		/* Fill in the new cache entry */
1160 		c->_c.mfc_parent = -1;
1161 		c->mf6c_origin = ipv6_hdr(skb)->saddr;
1162 		c->mf6c_mcastgrp = ipv6_hdr(skb)->daddr;
1163 
1164 		/*
1165 		 *	Reflect first query at pim6sd
1166 		 */
1167 		err = ip6mr_cache_report(mrt, skb, mifi, MRT6MSG_NOCACHE);
1168 		if (err < 0) {
1169 			/* If the report failed throw the cache entry
1170 			   out - Brad Parker
1171 			 */
1172 			spin_unlock_bh(&mfc_unres_lock);
1173 
1174 			ip6mr_cache_free(c);
1175 			kfree_skb(skb);
1176 			return err;
1177 		}
1178 
1179 		atomic_inc(&mrt->cache_resolve_queue_len);
1180 		list_add(&c->_c.list, &mrt->mfc_unres_queue);
1181 		mr6_netlink_event(mrt, c, RTM_NEWROUTE);
1182 
1183 		ipmr_do_expire_process(mrt);
1184 	}
1185 
1186 	/* See if we can append the packet */
1187 	if (c->_c.mfc_un.unres.unresolved.qlen > 3) {
1188 		kfree_skb(skb);
1189 		err = -ENOBUFS;
1190 	} else {
1191 		if (dev) {
1192 			skb->dev = dev;
1193 			skb->skb_iif = dev->ifindex;
1194 		}
1195 		skb_queue_tail(&c->_c.mfc_un.unres.unresolved, skb);
1196 		err = 0;
1197 	}
1198 
1199 	spin_unlock_bh(&mfc_unres_lock);
1200 	return err;
1201 }
1202 
1203 /*
1204  *	MFC6 cache manipulation by user space
1205  */
1206 
1207 static int ip6mr_mfc_delete(struct mr_table *mrt, struct mf6cctl *mfc,
1208 			    int parent)
1209 {
1210 	struct mfc6_cache *c;
1211 
1212 	/* The entries are added/deleted only under RTNL */
1213 	rcu_read_lock();
1214 	c = ip6mr_cache_find_parent(mrt, &mfc->mf6cc_origin.sin6_addr,
1215 				    &mfc->mf6cc_mcastgrp.sin6_addr, parent);
1216 	rcu_read_unlock();
1217 	if (!c)
1218 		return -ENOENT;
1219 	rhltable_remove(&mrt->mfc_hash, &c->_c.mnode, ip6mr_rht_params);
1220 	list_del_rcu(&c->_c.list);
1221 
1222 	call_ip6mr_mfc_entry_notifiers(read_pnet(&mrt->net),
1223 				       FIB_EVENT_ENTRY_DEL, c, mrt->id);
1224 	mr6_netlink_event(mrt, c, RTM_DELROUTE);
1225 	mr_cache_put(&c->_c);
1226 	return 0;
1227 }
1228 
1229 static int ip6mr_device_event(struct notifier_block *this,
1230 			      unsigned long event, void *ptr)
1231 {
1232 	struct net_device *dev = netdev_notifier_info_to_dev(ptr);
1233 	struct net *net = dev_net(dev);
1234 	struct mr_table *mrt;
1235 	struct vif_device *v;
1236 	int ct;
1237 
1238 	if (event != NETDEV_UNREGISTER)
1239 		return NOTIFY_DONE;
1240 
1241 	ip6mr_for_each_table(mrt, net) {
1242 		v = &mrt->vif_table[0];
1243 		for (ct = 0; ct < mrt->maxvif; ct++, v++) {
1244 			if (v->dev == dev)
1245 				mif6_delete(mrt, ct, 1, NULL);
1246 		}
1247 	}
1248 
1249 	return NOTIFY_DONE;
1250 }
1251 
1252 static unsigned int ip6mr_seq_read(struct net *net)
1253 {
1254 	ASSERT_RTNL();
1255 
1256 	return net->ipv6.ipmr_seq + ip6mr_rules_seq_read(net);
1257 }
1258 
1259 static int ip6mr_dump(struct net *net, struct notifier_block *nb)
1260 {
1261 	return mr_dump(net, nb, RTNL_FAMILY_IP6MR, ip6mr_rules_dump,
1262 		       ip6mr_mr_table_iter, &mrt_lock);
1263 }
1264 
1265 static struct notifier_block ip6_mr_notifier = {
1266 	.notifier_call = ip6mr_device_event
1267 };
1268 
1269 static const struct fib_notifier_ops ip6mr_notifier_ops_template = {
1270 	.family		= RTNL_FAMILY_IP6MR,
1271 	.fib_seq_read	= ip6mr_seq_read,
1272 	.fib_dump	= ip6mr_dump,
1273 	.owner		= THIS_MODULE,
1274 };
1275 
1276 static int __net_init ip6mr_notifier_init(struct net *net)
1277 {
1278 	struct fib_notifier_ops *ops;
1279 
1280 	net->ipv6.ipmr_seq = 0;
1281 
1282 	ops = fib_notifier_ops_register(&ip6mr_notifier_ops_template, net);
1283 	if (IS_ERR(ops))
1284 		return PTR_ERR(ops);
1285 
1286 	net->ipv6.ip6mr_notifier_ops = ops;
1287 
1288 	return 0;
1289 }
1290 
1291 static void __net_exit ip6mr_notifier_exit(struct net *net)
1292 {
1293 	fib_notifier_ops_unregister(net->ipv6.ip6mr_notifier_ops);
1294 	net->ipv6.ip6mr_notifier_ops = NULL;
1295 }
1296 
1297 /* Setup for IP multicast routing */
1298 static int __net_init ip6mr_net_init(struct net *net)
1299 {
1300 	int err;
1301 
1302 	err = ip6mr_notifier_init(net);
1303 	if (err)
1304 		return err;
1305 
1306 	err = ip6mr_rules_init(net);
1307 	if (err < 0)
1308 		goto ip6mr_rules_fail;
1309 
1310 #ifdef CONFIG_PROC_FS
1311 	err = -ENOMEM;
1312 	if (!proc_create_net("ip6_mr_vif", 0, net->proc_net, &ip6mr_vif_seq_ops,
1313 			sizeof(struct mr_vif_iter)))
1314 		goto proc_vif_fail;
1315 	if (!proc_create_net("ip6_mr_cache", 0, net->proc_net, &ipmr_mfc_seq_ops,
1316 			sizeof(struct mr_mfc_iter)))
1317 		goto proc_cache_fail;
1318 #endif
1319 
1320 	return 0;
1321 
1322 #ifdef CONFIG_PROC_FS
1323 proc_cache_fail:
1324 	remove_proc_entry("ip6_mr_vif", net->proc_net);
1325 proc_vif_fail:
1326 	ip6mr_rules_exit(net);
1327 #endif
1328 ip6mr_rules_fail:
1329 	ip6mr_notifier_exit(net);
1330 	return err;
1331 }
1332 
1333 static void __net_exit ip6mr_net_exit(struct net *net)
1334 {
1335 #ifdef CONFIG_PROC_FS
1336 	remove_proc_entry("ip6_mr_cache", net->proc_net);
1337 	remove_proc_entry("ip6_mr_vif", net->proc_net);
1338 #endif
1339 	ip6mr_rules_exit(net);
1340 	ip6mr_notifier_exit(net);
1341 }
1342 
1343 static struct pernet_operations ip6mr_net_ops = {
1344 	.init = ip6mr_net_init,
1345 	.exit = ip6mr_net_exit,
1346 };
1347 
1348 int __init ip6_mr_init(void)
1349 {
1350 	int err;
1351 
1352 	mrt_cachep = kmem_cache_create("ip6_mrt_cache",
1353 				       sizeof(struct mfc6_cache),
1354 				       0, SLAB_HWCACHE_ALIGN,
1355 				       NULL);
1356 	if (!mrt_cachep)
1357 		return -ENOMEM;
1358 
1359 	err = register_pernet_subsys(&ip6mr_net_ops);
1360 	if (err)
1361 		goto reg_pernet_fail;
1362 
1363 	err = register_netdevice_notifier(&ip6_mr_notifier);
1364 	if (err)
1365 		goto reg_notif_fail;
1366 #ifdef CONFIG_IPV6_PIMSM_V2
1367 	if (inet6_add_protocol(&pim6_protocol, IPPROTO_PIM) < 0) {
1368 		pr_err("%s: can't add PIM protocol\n", __func__);
1369 		err = -EAGAIN;
1370 		goto add_proto_fail;
1371 	}
1372 #endif
1373 	err = rtnl_register_module(THIS_MODULE, RTNL_FAMILY_IP6MR, RTM_GETROUTE,
1374 				   NULL, ip6mr_rtm_dumproute, 0);
1375 	if (err == 0)
1376 		return 0;
1377 
1378 #ifdef CONFIG_IPV6_PIMSM_V2
1379 	inet6_del_protocol(&pim6_protocol, IPPROTO_PIM);
1380 add_proto_fail:
1381 	unregister_netdevice_notifier(&ip6_mr_notifier);
1382 #endif
1383 reg_notif_fail:
1384 	unregister_pernet_subsys(&ip6mr_net_ops);
1385 reg_pernet_fail:
1386 	kmem_cache_destroy(mrt_cachep);
1387 	return err;
1388 }
1389 
1390 void ip6_mr_cleanup(void)
1391 {
1392 	rtnl_unregister(RTNL_FAMILY_IP6MR, RTM_GETROUTE);
1393 #ifdef CONFIG_IPV6_PIMSM_V2
1394 	inet6_del_protocol(&pim6_protocol, IPPROTO_PIM);
1395 #endif
1396 	unregister_netdevice_notifier(&ip6_mr_notifier);
1397 	unregister_pernet_subsys(&ip6mr_net_ops);
1398 	kmem_cache_destroy(mrt_cachep);
1399 }
1400 
1401 static int ip6mr_mfc_add(struct net *net, struct mr_table *mrt,
1402 			 struct mf6cctl *mfc, int mrtsock, int parent)
1403 {
1404 	unsigned char ttls[MAXMIFS];
1405 	struct mfc6_cache *uc, *c;
1406 	struct mr_mfc *_uc;
1407 	bool found;
1408 	int i, err;
1409 
1410 	if (mfc->mf6cc_parent >= MAXMIFS)
1411 		return -ENFILE;
1412 
1413 	memset(ttls, 255, MAXMIFS);
1414 	for (i = 0; i < MAXMIFS; i++) {
1415 		if (IF_ISSET(i, &mfc->mf6cc_ifset))
1416 			ttls[i] = 1;
1417 	}
1418 
1419 	/* The entries are added/deleted only under RTNL */
1420 	rcu_read_lock();
1421 	c = ip6mr_cache_find_parent(mrt, &mfc->mf6cc_origin.sin6_addr,
1422 				    &mfc->mf6cc_mcastgrp.sin6_addr, parent);
1423 	rcu_read_unlock();
1424 	if (c) {
1425 		write_lock_bh(&mrt_lock);
1426 		c->_c.mfc_parent = mfc->mf6cc_parent;
1427 		ip6mr_update_thresholds(mrt, &c->_c, ttls);
1428 		if (!mrtsock)
1429 			c->_c.mfc_flags |= MFC_STATIC;
1430 		write_unlock_bh(&mrt_lock);
1431 		call_ip6mr_mfc_entry_notifiers(net, FIB_EVENT_ENTRY_REPLACE,
1432 					       c, mrt->id);
1433 		mr6_netlink_event(mrt, c, RTM_NEWROUTE);
1434 		return 0;
1435 	}
1436 
1437 	if (!ipv6_addr_any(&mfc->mf6cc_mcastgrp.sin6_addr) &&
1438 	    !ipv6_addr_is_multicast(&mfc->mf6cc_mcastgrp.sin6_addr))
1439 		return -EINVAL;
1440 
1441 	c = ip6mr_cache_alloc();
1442 	if (!c)
1443 		return -ENOMEM;
1444 
1445 	c->mf6c_origin = mfc->mf6cc_origin.sin6_addr;
1446 	c->mf6c_mcastgrp = mfc->mf6cc_mcastgrp.sin6_addr;
1447 	c->_c.mfc_parent = mfc->mf6cc_parent;
1448 	ip6mr_update_thresholds(mrt, &c->_c, ttls);
1449 	if (!mrtsock)
1450 		c->_c.mfc_flags |= MFC_STATIC;
1451 
1452 	err = rhltable_insert_key(&mrt->mfc_hash, &c->cmparg, &c->_c.mnode,
1453 				  ip6mr_rht_params);
1454 	if (err) {
1455 		pr_err("ip6mr: rhtable insert error %d\n", err);
1456 		ip6mr_cache_free(c);
1457 		return err;
1458 	}
1459 	list_add_tail_rcu(&c->_c.list, &mrt->mfc_cache_list);
1460 
1461 	/* Check to see if we resolved a queued list. If so we
1462 	 * need to send on the frames and tidy up.
1463 	 */
1464 	found = false;
1465 	spin_lock_bh(&mfc_unres_lock);
1466 	list_for_each_entry(_uc, &mrt->mfc_unres_queue, list) {
1467 		uc = (struct mfc6_cache *)_uc;
1468 		if (ipv6_addr_equal(&uc->mf6c_origin, &c->mf6c_origin) &&
1469 		    ipv6_addr_equal(&uc->mf6c_mcastgrp, &c->mf6c_mcastgrp)) {
1470 			list_del(&_uc->list);
1471 			atomic_dec(&mrt->cache_resolve_queue_len);
1472 			found = true;
1473 			break;
1474 		}
1475 	}
1476 	if (list_empty(&mrt->mfc_unres_queue))
1477 		del_timer(&mrt->ipmr_expire_timer);
1478 	spin_unlock_bh(&mfc_unres_lock);
1479 
1480 	if (found) {
1481 		ip6mr_cache_resolve(net, mrt, uc, c);
1482 		ip6mr_cache_free(uc);
1483 	}
1484 	call_ip6mr_mfc_entry_notifiers(net, FIB_EVENT_ENTRY_ADD,
1485 				       c, mrt->id);
1486 	mr6_netlink_event(mrt, c, RTM_NEWROUTE);
1487 	return 0;
1488 }
1489 
1490 /*
1491  *	Close the multicast socket, and clear the vif tables etc
1492  */
1493 
1494 static void mroute_clean_tables(struct mr_table *mrt, bool all)
1495 {
1496 	struct mr_mfc *c, *tmp;
1497 	LIST_HEAD(list);
1498 	int i;
1499 
1500 	/* Shut down all active vif entries */
1501 	for (i = 0; i < mrt->maxvif; i++) {
1502 		if (!all && (mrt->vif_table[i].flags & VIFF_STATIC))
1503 			continue;
1504 		mif6_delete(mrt, i, 0, &list);
1505 	}
1506 	unregister_netdevice_many(&list);
1507 
1508 	/* Wipe the cache */
1509 	list_for_each_entry_safe(c, tmp, &mrt->mfc_cache_list, list) {
1510 		if (!all && (c->mfc_flags & MFC_STATIC))
1511 			continue;
1512 		rhltable_remove(&mrt->mfc_hash, &c->mnode, ip6mr_rht_params);
1513 		list_del_rcu(&c->list);
1514 		mr6_netlink_event(mrt, (struct mfc6_cache *)c, RTM_DELROUTE);
1515 		mr_cache_put(c);
1516 	}
1517 
1518 	if (atomic_read(&mrt->cache_resolve_queue_len) != 0) {
1519 		spin_lock_bh(&mfc_unres_lock);
1520 		list_for_each_entry_safe(c, tmp, &mrt->mfc_unres_queue, list) {
1521 			list_del(&c->list);
1522 			call_ip6mr_mfc_entry_notifiers(read_pnet(&mrt->net),
1523 						       FIB_EVENT_ENTRY_DEL,
1524 						       (struct mfc6_cache *)c,
1525 						       mrt->id);
1526 			mr6_netlink_event(mrt, (struct mfc6_cache *)c,
1527 					  RTM_DELROUTE);
1528 			ip6mr_destroy_unres(mrt, (struct mfc6_cache *)c);
1529 		}
1530 		spin_unlock_bh(&mfc_unres_lock);
1531 	}
1532 }
1533 
1534 static int ip6mr_sk_init(struct mr_table *mrt, struct sock *sk)
1535 {
1536 	int err = 0;
1537 	struct net *net = sock_net(sk);
1538 
1539 	rtnl_lock();
1540 	write_lock_bh(&mrt_lock);
1541 	if (rtnl_dereference(mrt->mroute_sk)) {
1542 		err = -EADDRINUSE;
1543 	} else {
1544 		rcu_assign_pointer(mrt->mroute_sk, sk);
1545 		sock_set_flag(sk, SOCK_RCU_FREE);
1546 		net->ipv6.devconf_all->mc_forwarding++;
1547 	}
1548 	write_unlock_bh(&mrt_lock);
1549 
1550 	if (!err)
1551 		inet6_netconf_notify_devconf(net, RTM_NEWNETCONF,
1552 					     NETCONFA_MC_FORWARDING,
1553 					     NETCONFA_IFINDEX_ALL,
1554 					     net->ipv6.devconf_all);
1555 	rtnl_unlock();
1556 
1557 	return err;
1558 }
1559 
1560 int ip6mr_sk_done(struct sock *sk)
1561 {
1562 	int err = -EACCES;
1563 	struct net *net = sock_net(sk);
1564 	struct mr_table *mrt;
1565 
1566 	if (sk->sk_type != SOCK_RAW ||
1567 	    inet_sk(sk)->inet_num != IPPROTO_ICMPV6)
1568 		return err;
1569 
1570 	rtnl_lock();
1571 	ip6mr_for_each_table(mrt, net) {
1572 		if (sk == rtnl_dereference(mrt->mroute_sk)) {
1573 			write_lock_bh(&mrt_lock);
1574 			RCU_INIT_POINTER(mrt->mroute_sk, NULL);
1575 			/* Note that mroute_sk had SOCK_RCU_FREE set,
1576 			 * so the RCU grace period before sk freeing
1577 			 * is guaranteed by sk_destruct()
1578 			 */
1579 			net->ipv6.devconf_all->mc_forwarding--;
1580 			write_unlock_bh(&mrt_lock);
1581 			inet6_netconf_notify_devconf(net, RTM_NEWNETCONF,
1582 						     NETCONFA_MC_FORWARDING,
1583 						     NETCONFA_IFINDEX_ALL,
1584 						     net->ipv6.devconf_all);
1585 
1586 			mroute_clean_tables(mrt, false);
1587 			err = 0;
1588 			break;
1589 		}
1590 	}
1591 	rtnl_unlock();
1592 
1593 	return err;
1594 }
1595 
1596 bool mroute6_is_socket(struct net *net, struct sk_buff *skb)
1597 {
1598 	struct mr_table *mrt;
1599 	struct flowi6 fl6 = {
1600 		.flowi6_iif	= skb->skb_iif ? : LOOPBACK_IFINDEX,
1601 		.flowi6_oif	= skb->dev->ifindex,
1602 		.flowi6_mark	= skb->mark,
1603 	};
1604 
1605 	if (ip6mr_fib_lookup(net, &fl6, &mrt) < 0)
1606 		return NULL;
1607 
1608 	return rcu_access_pointer(mrt->mroute_sk);
1609 }
1610 EXPORT_SYMBOL(mroute6_is_socket);
1611 
1612 /*
1613  *	Socket options and virtual interface manipulation. The whole
1614  *	virtual interface system is a complete heap, but unfortunately
1615  *	that's how BSD mrouted happens to think. Maybe one day with a proper
1616  *	MOSPF/PIM router set up we can clean this up.
1617  */
1618 
1619 int ip6_mroute_setsockopt(struct sock *sk, int optname, char __user *optval, unsigned int optlen)
1620 {
1621 	int ret, parent = 0;
1622 	struct mif6ctl vif;
1623 	struct mf6cctl mfc;
1624 	mifi_t mifi;
1625 	struct net *net = sock_net(sk);
1626 	struct mr_table *mrt;
1627 
1628 	if (sk->sk_type != SOCK_RAW ||
1629 	    inet_sk(sk)->inet_num != IPPROTO_ICMPV6)
1630 		return -EOPNOTSUPP;
1631 
1632 	mrt = ip6mr_get_table(net, raw6_sk(sk)->ip6mr_table ? : RT6_TABLE_DFLT);
1633 	if (!mrt)
1634 		return -ENOENT;
1635 
1636 	if (optname != MRT6_INIT) {
1637 		if (sk != rcu_access_pointer(mrt->mroute_sk) &&
1638 		    !ns_capable(net->user_ns, CAP_NET_ADMIN))
1639 			return -EACCES;
1640 	}
1641 
1642 	switch (optname) {
1643 	case MRT6_INIT:
1644 		if (optlen < sizeof(int))
1645 			return -EINVAL;
1646 
1647 		return ip6mr_sk_init(mrt, sk);
1648 
1649 	case MRT6_DONE:
1650 		return ip6mr_sk_done(sk);
1651 
1652 	case MRT6_ADD_MIF:
1653 		if (optlen < sizeof(vif))
1654 			return -EINVAL;
1655 		if (copy_from_user(&vif, optval, sizeof(vif)))
1656 			return -EFAULT;
1657 		if (vif.mif6c_mifi >= MAXMIFS)
1658 			return -ENFILE;
1659 		rtnl_lock();
1660 		ret = mif6_add(net, mrt, &vif,
1661 			       sk == rtnl_dereference(mrt->mroute_sk));
1662 		rtnl_unlock();
1663 		return ret;
1664 
1665 	case MRT6_DEL_MIF:
1666 		if (optlen < sizeof(mifi_t))
1667 			return -EINVAL;
1668 		if (copy_from_user(&mifi, optval, sizeof(mifi_t)))
1669 			return -EFAULT;
1670 		rtnl_lock();
1671 		ret = mif6_delete(mrt, mifi, 0, NULL);
1672 		rtnl_unlock();
1673 		return ret;
1674 
1675 	/*
1676 	 *	Manipulate the forwarding caches. These live
1677 	 *	in a sort of kernel/user symbiosis.
1678 	 */
1679 	case MRT6_ADD_MFC:
1680 	case MRT6_DEL_MFC:
1681 		parent = -1;
1682 		/* fall through */
1683 	case MRT6_ADD_MFC_PROXY:
1684 	case MRT6_DEL_MFC_PROXY:
1685 		if (optlen < sizeof(mfc))
1686 			return -EINVAL;
1687 		if (copy_from_user(&mfc, optval, sizeof(mfc)))
1688 			return -EFAULT;
1689 		if (parent == 0)
1690 			parent = mfc.mf6cc_parent;
1691 		rtnl_lock();
1692 		if (optname == MRT6_DEL_MFC || optname == MRT6_DEL_MFC_PROXY)
1693 			ret = ip6mr_mfc_delete(mrt, &mfc, parent);
1694 		else
1695 			ret = ip6mr_mfc_add(net, mrt, &mfc,
1696 					    sk ==
1697 					    rtnl_dereference(mrt->mroute_sk),
1698 					    parent);
1699 		rtnl_unlock();
1700 		return ret;
1701 
1702 	/*
1703 	 *	Control PIM assert (to activate pim will activate assert)
1704 	 */
1705 	case MRT6_ASSERT:
1706 	{
1707 		int v;
1708 
1709 		if (optlen != sizeof(v))
1710 			return -EINVAL;
1711 		if (get_user(v, (int __user *)optval))
1712 			return -EFAULT;
1713 		mrt->mroute_do_assert = v;
1714 		return 0;
1715 	}
1716 
1717 #ifdef CONFIG_IPV6_PIMSM_V2
1718 	case MRT6_PIM:
1719 	{
1720 		int v;
1721 
1722 		if (optlen != sizeof(v))
1723 			return -EINVAL;
1724 		if (get_user(v, (int __user *)optval))
1725 			return -EFAULT;
1726 		v = !!v;
1727 		rtnl_lock();
1728 		ret = 0;
1729 		if (v != mrt->mroute_do_pim) {
1730 			mrt->mroute_do_pim = v;
1731 			mrt->mroute_do_assert = v;
1732 		}
1733 		rtnl_unlock();
1734 		return ret;
1735 	}
1736 
1737 #endif
1738 #ifdef CONFIG_IPV6_MROUTE_MULTIPLE_TABLES
1739 	case MRT6_TABLE:
1740 	{
1741 		u32 v;
1742 
1743 		if (optlen != sizeof(u32))
1744 			return -EINVAL;
1745 		if (get_user(v, (u32 __user *)optval))
1746 			return -EFAULT;
1747 		/* "pim6reg%u" should not exceed 16 bytes (IFNAMSIZ) */
1748 		if (v != RT_TABLE_DEFAULT && v >= 100000000)
1749 			return -EINVAL;
1750 		if (sk == rcu_access_pointer(mrt->mroute_sk))
1751 			return -EBUSY;
1752 
1753 		rtnl_lock();
1754 		ret = 0;
1755 		mrt = ip6mr_new_table(net, v);
1756 		if (IS_ERR(mrt))
1757 			ret = PTR_ERR(mrt);
1758 		else
1759 			raw6_sk(sk)->ip6mr_table = v;
1760 		rtnl_unlock();
1761 		return ret;
1762 	}
1763 #endif
1764 	/*
1765 	 *	Spurious command, or MRT6_VERSION which you cannot
1766 	 *	set.
1767 	 */
1768 	default:
1769 		return -ENOPROTOOPT;
1770 	}
1771 }
1772 
1773 /*
1774  *	Getsock opt support for the multicast routing system.
1775  */
1776 
1777 int ip6_mroute_getsockopt(struct sock *sk, int optname, char __user *optval,
1778 			  int __user *optlen)
1779 {
1780 	int olr;
1781 	int val;
1782 	struct net *net = sock_net(sk);
1783 	struct mr_table *mrt;
1784 
1785 	if (sk->sk_type != SOCK_RAW ||
1786 	    inet_sk(sk)->inet_num != IPPROTO_ICMPV6)
1787 		return -EOPNOTSUPP;
1788 
1789 	mrt = ip6mr_get_table(net, raw6_sk(sk)->ip6mr_table ? : RT6_TABLE_DFLT);
1790 	if (!mrt)
1791 		return -ENOENT;
1792 
1793 	switch (optname) {
1794 	case MRT6_VERSION:
1795 		val = 0x0305;
1796 		break;
1797 #ifdef CONFIG_IPV6_PIMSM_V2
1798 	case MRT6_PIM:
1799 		val = mrt->mroute_do_pim;
1800 		break;
1801 #endif
1802 	case MRT6_ASSERT:
1803 		val = mrt->mroute_do_assert;
1804 		break;
1805 	default:
1806 		return -ENOPROTOOPT;
1807 	}
1808 
1809 	if (get_user(olr, optlen))
1810 		return -EFAULT;
1811 
1812 	olr = min_t(int, olr, sizeof(int));
1813 	if (olr < 0)
1814 		return -EINVAL;
1815 
1816 	if (put_user(olr, optlen))
1817 		return -EFAULT;
1818 	if (copy_to_user(optval, &val, olr))
1819 		return -EFAULT;
1820 	return 0;
1821 }
1822 
1823 /*
1824  *	The IP multicast ioctl support routines.
1825  */
1826 
1827 int ip6mr_ioctl(struct sock *sk, int cmd, void __user *arg)
1828 {
1829 	struct sioc_sg_req6 sr;
1830 	struct sioc_mif_req6 vr;
1831 	struct vif_device *vif;
1832 	struct mfc6_cache *c;
1833 	struct net *net = sock_net(sk);
1834 	struct mr_table *mrt;
1835 
1836 	mrt = ip6mr_get_table(net, raw6_sk(sk)->ip6mr_table ? : RT6_TABLE_DFLT);
1837 	if (!mrt)
1838 		return -ENOENT;
1839 
1840 	switch (cmd) {
1841 	case SIOCGETMIFCNT_IN6:
1842 		if (copy_from_user(&vr, arg, sizeof(vr)))
1843 			return -EFAULT;
1844 		if (vr.mifi >= mrt->maxvif)
1845 			return -EINVAL;
1846 		vr.mifi = array_index_nospec(vr.mifi, mrt->maxvif);
1847 		read_lock(&mrt_lock);
1848 		vif = &mrt->vif_table[vr.mifi];
1849 		if (VIF_EXISTS(mrt, vr.mifi)) {
1850 			vr.icount = vif->pkt_in;
1851 			vr.ocount = vif->pkt_out;
1852 			vr.ibytes = vif->bytes_in;
1853 			vr.obytes = vif->bytes_out;
1854 			read_unlock(&mrt_lock);
1855 
1856 			if (copy_to_user(arg, &vr, sizeof(vr)))
1857 				return -EFAULT;
1858 			return 0;
1859 		}
1860 		read_unlock(&mrt_lock);
1861 		return -EADDRNOTAVAIL;
1862 	case SIOCGETSGCNT_IN6:
1863 		if (copy_from_user(&sr, arg, sizeof(sr)))
1864 			return -EFAULT;
1865 
1866 		rcu_read_lock();
1867 		c = ip6mr_cache_find(mrt, &sr.src.sin6_addr, &sr.grp.sin6_addr);
1868 		if (c) {
1869 			sr.pktcnt = c->_c.mfc_un.res.pkt;
1870 			sr.bytecnt = c->_c.mfc_un.res.bytes;
1871 			sr.wrong_if = c->_c.mfc_un.res.wrong_if;
1872 			rcu_read_unlock();
1873 
1874 			if (copy_to_user(arg, &sr, sizeof(sr)))
1875 				return -EFAULT;
1876 			return 0;
1877 		}
1878 		rcu_read_unlock();
1879 		return -EADDRNOTAVAIL;
1880 	default:
1881 		return -ENOIOCTLCMD;
1882 	}
1883 }
1884 
1885 #ifdef CONFIG_COMPAT
1886 struct compat_sioc_sg_req6 {
1887 	struct sockaddr_in6 src;
1888 	struct sockaddr_in6 grp;
1889 	compat_ulong_t pktcnt;
1890 	compat_ulong_t bytecnt;
1891 	compat_ulong_t wrong_if;
1892 };
1893 
1894 struct compat_sioc_mif_req6 {
1895 	mifi_t	mifi;
1896 	compat_ulong_t icount;
1897 	compat_ulong_t ocount;
1898 	compat_ulong_t ibytes;
1899 	compat_ulong_t obytes;
1900 };
1901 
1902 int ip6mr_compat_ioctl(struct sock *sk, unsigned int cmd, void __user *arg)
1903 {
1904 	struct compat_sioc_sg_req6 sr;
1905 	struct compat_sioc_mif_req6 vr;
1906 	struct vif_device *vif;
1907 	struct mfc6_cache *c;
1908 	struct net *net = sock_net(sk);
1909 	struct mr_table *mrt;
1910 
1911 	mrt = ip6mr_get_table(net, raw6_sk(sk)->ip6mr_table ? : RT6_TABLE_DFLT);
1912 	if (!mrt)
1913 		return -ENOENT;
1914 
1915 	switch (cmd) {
1916 	case SIOCGETMIFCNT_IN6:
1917 		if (copy_from_user(&vr, arg, sizeof(vr)))
1918 			return -EFAULT;
1919 		if (vr.mifi >= mrt->maxvif)
1920 			return -EINVAL;
1921 		vr.mifi = array_index_nospec(vr.mifi, mrt->maxvif);
1922 		read_lock(&mrt_lock);
1923 		vif = &mrt->vif_table[vr.mifi];
1924 		if (VIF_EXISTS(mrt, vr.mifi)) {
1925 			vr.icount = vif->pkt_in;
1926 			vr.ocount = vif->pkt_out;
1927 			vr.ibytes = vif->bytes_in;
1928 			vr.obytes = vif->bytes_out;
1929 			read_unlock(&mrt_lock);
1930 
1931 			if (copy_to_user(arg, &vr, sizeof(vr)))
1932 				return -EFAULT;
1933 			return 0;
1934 		}
1935 		read_unlock(&mrt_lock);
1936 		return -EADDRNOTAVAIL;
1937 	case SIOCGETSGCNT_IN6:
1938 		if (copy_from_user(&sr, arg, sizeof(sr)))
1939 			return -EFAULT;
1940 
1941 		rcu_read_lock();
1942 		c = ip6mr_cache_find(mrt, &sr.src.sin6_addr, &sr.grp.sin6_addr);
1943 		if (c) {
1944 			sr.pktcnt = c->_c.mfc_un.res.pkt;
1945 			sr.bytecnt = c->_c.mfc_un.res.bytes;
1946 			sr.wrong_if = c->_c.mfc_un.res.wrong_if;
1947 			rcu_read_unlock();
1948 
1949 			if (copy_to_user(arg, &sr, sizeof(sr)))
1950 				return -EFAULT;
1951 			return 0;
1952 		}
1953 		rcu_read_unlock();
1954 		return -EADDRNOTAVAIL;
1955 	default:
1956 		return -ENOIOCTLCMD;
1957 	}
1958 }
1959 #endif
1960 
1961 static inline int ip6mr_forward2_finish(struct net *net, struct sock *sk, struct sk_buff *skb)
1962 {
1963 	__IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
1964 			IPSTATS_MIB_OUTFORWDATAGRAMS);
1965 	__IP6_ADD_STATS(net, ip6_dst_idev(skb_dst(skb)),
1966 			IPSTATS_MIB_OUTOCTETS, skb->len);
1967 	return dst_output(net, sk, skb);
1968 }
1969 
1970 /*
1971  *	Processing handlers for ip6mr_forward
1972  */
1973 
1974 static int ip6mr_forward2(struct net *net, struct mr_table *mrt,
1975 			  struct sk_buff *skb, int vifi)
1976 {
1977 	struct ipv6hdr *ipv6h;
1978 	struct vif_device *vif = &mrt->vif_table[vifi];
1979 	struct net_device *dev;
1980 	struct dst_entry *dst;
1981 	struct flowi6 fl6;
1982 
1983 	if (!vif->dev)
1984 		goto out_free;
1985 
1986 #ifdef CONFIG_IPV6_PIMSM_V2
1987 	if (vif->flags & MIFF_REGISTER) {
1988 		vif->pkt_out++;
1989 		vif->bytes_out += skb->len;
1990 		vif->dev->stats.tx_bytes += skb->len;
1991 		vif->dev->stats.tx_packets++;
1992 		ip6mr_cache_report(mrt, skb, vifi, MRT6MSG_WHOLEPKT);
1993 		goto out_free;
1994 	}
1995 #endif
1996 
1997 	ipv6h = ipv6_hdr(skb);
1998 
1999 	fl6 = (struct flowi6) {
2000 		.flowi6_oif = vif->link,
2001 		.daddr = ipv6h->daddr,
2002 	};
2003 
2004 	dst = ip6_route_output(net, NULL, &fl6);
2005 	if (dst->error) {
2006 		dst_release(dst);
2007 		goto out_free;
2008 	}
2009 
2010 	skb_dst_drop(skb);
2011 	skb_dst_set(skb, dst);
2012 
2013 	/*
2014 	 * RFC1584 teaches, that DVMRP/PIM router must deliver packets locally
2015 	 * not only before forwarding, but after forwarding on all output
2016 	 * interfaces. It is clear, if mrouter runs a multicasting
2017 	 * program, it should receive packets not depending to what interface
2018 	 * program is joined.
2019 	 * If we will not make it, the program will have to join on all
2020 	 * interfaces. On the other hand, multihoming host (or router, but
2021 	 * not mrouter) cannot join to more than one interface - it will
2022 	 * result in receiving multiple packets.
2023 	 */
2024 	dev = vif->dev;
2025 	skb->dev = dev;
2026 	vif->pkt_out++;
2027 	vif->bytes_out += skb->len;
2028 
2029 	/* We are about to write */
2030 	/* XXX: extension headers? */
2031 	if (skb_cow(skb, sizeof(*ipv6h) + LL_RESERVED_SPACE(dev)))
2032 		goto out_free;
2033 
2034 	ipv6h = ipv6_hdr(skb);
2035 	ipv6h->hop_limit--;
2036 
2037 	IP6CB(skb)->flags |= IP6SKB_FORWARDED;
2038 
2039 	return NF_HOOK(NFPROTO_IPV6, NF_INET_FORWARD,
2040 		       net, NULL, skb, skb->dev, dev,
2041 		       ip6mr_forward2_finish);
2042 
2043 out_free:
2044 	kfree_skb(skb);
2045 	return 0;
2046 }
2047 
2048 static int ip6mr_find_vif(struct mr_table *mrt, struct net_device *dev)
2049 {
2050 	int ct;
2051 
2052 	for (ct = mrt->maxvif - 1; ct >= 0; ct--) {
2053 		if (mrt->vif_table[ct].dev == dev)
2054 			break;
2055 	}
2056 	return ct;
2057 }
2058 
2059 static void ip6_mr_forward(struct net *net, struct mr_table *mrt,
2060 			   struct net_device *dev, struct sk_buff *skb,
2061 			   struct mfc6_cache *c)
2062 {
2063 	int psend = -1;
2064 	int vif, ct;
2065 	int true_vifi = ip6mr_find_vif(mrt, dev);
2066 
2067 	vif = c->_c.mfc_parent;
2068 	c->_c.mfc_un.res.pkt++;
2069 	c->_c.mfc_un.res.bytes += skb->len;
2070 	c->_c.mfc_un.res.lastuse = jiffies;
2071 
2072 	if (ipv6_addr_any(&c->mf6c_origin) && true_vifi >= 0) {
2073 		struct mfc6_cache *cache_proxy;
2074 
2075 		/* For an (*,G) entry, we only check that the incoming
2076 		 * interface is part of the static tree.
2077 		 */
2078 		rcu_read_lock();
2079 		cache_proxy = mr_mfc_find_any_parent(mrt, vif);
2080 		if (cache_proxy &&
2081 		    cache_proxy->_c.mfc_un.res.ttls[true_vifi] < 255) {
2082 			rcu_read_unlock();
2083 			goto forward;
2084 		}
2085 		rcu_read_unlock();
2086 	}
2087 
2088 	/*
2089 	 * Wrong interface: drop packet and (maybe) send PIM assert.
2090 	 */
2091 	if (mrt->vif_table[vif].dev != dev) {
2092 		c->_c.mfc_un.res.wrong_if++;
2093 
2094 		if (true_vifi >= 0 && mrt->mroute_do_assert &&
2095 		    /* pimsm uses asserts, when switching from RPT to SPT,
2096 		       so that we cannot check that packet arrived on an oif.
2097 		       It is bad, but otherwise we would need to move pretty
2098 		       large chunk of pimd to kernel. Ough... --ANK
2099 		     */
2100 		    (mrt->mroute_do_pim ||
2101 		     c->_c.mfc_un.res.ttls[true_vifi] < 255) &&
2102 		    time_after(jiffies,
2103 			       c->_c.mfc_un.res.last_assert +
2104 			       MFC_ASSERT_THRESH)) {
2105 			c->_c.mfc_un.res.last_assert = jiffies;
2106 			ip6mr_cache_report(mrt, skb, true_vifi, MRT6MSG_WRONGMIF);
2107 		}
2108 		goto dont_forward;
2109 	}
2110 
2111 forward:
2112 	mrt->vif_table[vif].pkt_in++;
2113 	mrt->vif_table[vif].bytes_in += skb->len;
2114 
2115 	/*
2116 	 *	Forward the frame
2117 	 */
2118 	if (ipv6_addr_any(&c->mf6c_origin) &&
2119 	    ipv6_addr_any(&c->mf6c_mcastgrp)) {
2120 		if (true_vifi >= 0 &&
2121 		    true_vifi != c->_c.mfc_parent &&
2122 		    ipv6_hdr(skb)->hop_limit >
2123 				c->_c.mfc_un.res.ttls[c->_c.mfc_parent]) {
2124 			/* It's an (*,*) entry and the packet is not coming from
2125 			 * the upstream: forward the packet to the upstream
2126 			 * only.
2127 			 */
2128 			psend = c->_c.mfc_parent;
2129 			goto last_forward;
2130 		}
2131 		goto dont_forward;
2132 	}
2133 	for (ct = c->_c.mfc_un.res.maxvif - 1;
2134 	     ct >= c->_c.mfc_un.res.minvif; ct--) {
2135 		/* For (*,G) entry, don't forward to the incoming interface */
2136 		if ((!ipv6_addr_any(&c->mf6c_origin) || ct != true_vifi) &&
2137 		    ipv6_hdr(skb)->hop_limit > c->_c.mfc_un.res.ttls[ct]) {
2138 			if (psend != -1) {
2139 				struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC);
2140 				if (skb2)
2141 					ip6mr_forward2(net, mrt, skb2, psend);
2142 			}
2143 			psend = ct;
2144 		}
2145 	}
2146 last_forward:
2147 	if (psend != -1) {
2148 		ip6mr_forward2(net, mrt, skb, psend);
2149 		return;
2150 	}
2151 
2152 dont_forward:
2153 	kfree_skb(skb);
2154 }
2155 
2156 
2157 /*
2158  *	Multicast packets for forwarding arrive here
2159  */
2160 
2161 int ip6_mr_input(struct sk_buff *skb)
2162 {
2163 	struct mfc6_cache *cache;
2164 	struct net *net = dev_net(skb->dev);
2165 	struct mr_table *mrt;
2166 	struct flowi6 fl6 = {
2167 		.flowi6_iif	= skb->dev->ifindex,
2168 		.flowi6_mark	= skb->mark,
2169 	};
2170 	int err;
2171 	struct net_device *dev;
2172 
2173 	/* skb->dev passed in is the master dev for vrfs.
2174 	 * Get the proper interface that does have a vif associated with it.
2175 	 */
2176 	dev = skb->dev;
2177 	if (netif_is_l3_master(skb->dev)) {
2178 		dev = dev_get_by_index_rcu(net, IPCB(skb)->iif);
2179 		if (!dev) {
2180 			kfree_skb(skb);
2181 			return -ENODEV;
2182 		}
2183 	}
2184 
2185 	err = ip6mr_fib_lookup(net, &fl6, &mrt);
2186 	if (err < 0) {
2187 		kfree_skb(skb);
2188 		return err;
2189 	}
2190 
2191 	read_lock(&mrt_lock);
2192 	cache = ip6mr_cache_find(mrt,
2193 				 &ipv6_hdr(skb)->saddr, &ipv6_hdr(skb)->daddr);
2194 	if (!cache) {
2195 		int vif = ip6mr_find_vif(mrt, dev);
2196 
2197 		if (vif >= 0)
2198 			cache = ip6mr_cache_find_any(mrt,
2199 						     &ipv6_hdr(skb)->daddr,
2200 						     vif);
2201 	}
2202 
2203 	/*
2204 	 *	No usable cache entry
2205 	 */
2206 	if (!cache) {
2207 		int vif;
2208 
2209 		vif = ip6mr_find_vif(mrt, dev);
2210 		if (vif >= 0) {
2211 			int err = ip6mr_cache_unresolved(mrt, vif, skb, dev);
2212 			read_unlock(&mrt_lock);
2213 
2214 			return err;
2215 		}
2216 		read_unlock(&mrt_lock);
2217 		kfree_skb(skb);
2218 		return -ENODEV;
2219 	}
2220 
2221 	ip6_mr_forward(net, mrt, dev, skb, cache);
2222 
2223 	read_unlock(&mrt_lock);
2224 
2225 	return 0;
2226 }
2227 
2228 int ip6mr_get_route(struct net *net, struct sk_buff *skb, struct rtmsg *rtm,
2229 		    u32 portid)
2230 {
2231 	int err;
2232 	struct mr_table *mrt;
2233 	struct mfc6_cache *cache;
2234 	struct rt6_info *rt = (struct rt6_info *)skb_dst(skb);
2235 
2236 	mrt = ip6mr_get_table(net, RT6_TABLE_DFLT);
2237 	if (!mrt)
2238 		return -ENOENT;
2239 
2240 	read_lock(&mrt_lock);
2241 	cache = ip6mr_cache_find(mrt, &rt->rt6i_src.addr, &rt->rt6i_dst.addr);
2242 	if (!cache && skb->dev) {
2243 		int vif = ip6mr_find_vif(mrt, skb->dev);
2244 
2245 		if (vif >= 0)
2246 			cache = ip6mr_cache_find_any(mrt, &rt->rt6i_dst.addr,
2247 						     vif);
2248 	}
2249 
2250 	if (!cache) {
2251 		struct sk_buff *skb2;
2252 		struct ipv6hdr *iph;
2253 		struct net_device *dev;
2254 		int vif;
2255 
2256 		dev = skb->dev;
2257 		if (!dev || (vif = ip6mr_find_vif(mrt, dev)) < 0) {
2258 			read_unlock(&mrt_lock);
2259 			return -ENODEV;
2260 		}
2261 
2262 		/* really correct? */
2263 		skb2 = alloc_skb(sizeof(struct ipv6hdr), GFP_ATOMIC);
2264 		if (!skb2) {
2265 			read_unlock(&mrt_lock);
2266 			return -ENOMEM;
2267 		}
2268 
2269 		NETLINK_CB(skb2).portid = portid;
2270 		skb_reset_transport_header(skb2);
2271 
2272 		skb_put(skb2, sizeof(struct ipv6hdr));
2273 		skb_reset_network_header(skb2);
2274 
2275 		iph = ipv6_hdr(skb2);
2276 		iph->version = 0;
2277 		iph->priority = 0;
2278 		iph->flow_lbl[0] = 0;
2279 		iph->flow_lbl[1] = 0;
2280 		iph->flow_lbl[2] = 0;
2281 		iph->payload_len = 0;
2282 		iph->nexthdr = IPPROTO_NONE;
2283 		iph->hop_limit = 0;
2284 		iph->saddr = rt->rt6i_src.addr;
2285 		iph->daddr = rt->rt6i_dst.addr;
2286 
2287 		err = ip6mr_cache_unresolved(mrt, vif, skb2, dev);
2288 		read_unlock(&mrt_lock);
2289 
2290 		return err;
2291 	}
2292 
2293 	err = mr_fill_mroute(mrt, skb, &cache->_c, rtm);
2294 	read_unlock(&mrt_lock);
2295 	return err;
2296 }
2297 
2298 static int ip6mr_fill_mroute(struct mr_table *mrt, struct sk_buff *skb,
2299 			     u32 portid, u32 seq, struct mfc6_cache *c, int cmd,
2300 			     int flags)
2301 {
2302 	struct nlmsghdr *nlh;
2303 	struct rtmsg *rtm;
2304 	int err;
2305 
2306 	nlh = nlmsg_put(skb, portid, seq, cmd, sizeof(*rtm), flags);
2307 	if (!nlh)
2308 		return -EMSGSIZE;
2309 
2310 	rtm = nlmsg_data(nlh);
2311 	rtm->rtm_family   = RTNL_FAMILY_IP6MR;
2312 	rtm->rtm_dst_len  = 128;
2313 	rtm->rtm_src_len  = 128;
2314 	rtm->rtm_tos      = 0;
2315 	rtm->rtm_table    = mrt->id;
2316 	if (nla_put_u32(skb, RTA_TABLE, mrt->id))
2317 		goto nla_put_failure;
2318 	rtm->rtm_type = RTN_MULTICAST;
2319 	rtm->rtm_scope    = RT_SCOPE_UNIVERSE;
2320 	if (c->_c.mfc_flags & MFC_STATIC)
2321 		rtm->rtm_protocol = RTPROT_STATIC;
2322 	else
2323 		rtm->rtm_protocol = RTPROT_MROUTED;
2324 	rtm->rtm_flags    = 0;
2325 
2326 	if (nla_put_in6_addr(skb, RTA_SRC, &c->mf6c_origin) ||
2327 	    nla_put_in6_addr(skb, RTA_DST, &c->mf6c_mcastgrp))
2328 		goto nla_put_failure;
2329 	err = mr_fill_mroute(mrt, skb, &c->_c, rtm);
2330 	/* do not break the dump if cache is unresolved */
2331 	if (err < 0 && err != -ENOENT)
2332 		goto nla_put_failure;
2333 
2334 	nlmsg_end(skb, nlh);
2335 	return 0;
2336 
2337 nla_put_failure:
2338 	nlmsg_cancel(skb, nlh);
2339 	return -EMSGSIZE;
2340 }
2341 
2342 static int _ip6mr_fill_mroute(struct mr_table *mrt, struct sk_buff *skb,
2343 			      u32 portid, u32 seq, struct mr_mfc *c,
2344 			      int cmd, int flags)
2345 {
2346 	return ip6mr_fill_mroute(mrt, skb, portid, seq, (struct mfc6_cache *)c,
2347 				 cmd, flags);
2348 }
2349 
2350 static int mr6_msgsize(bool unresolved, int maxvif)
2351 {
2352 	size_t len =
2353 		NLMSG_ALIGN(sizeof(struct rtmsg))
2354 		+ nla_total_size(4)	/* RTA_TABLE */
2355 		+ nla_total_size(sizeof(struct in6_addr))	/* RTA_SRC */
2356 		+ nla_total_size(sizeof(struct in6_addr))	/* RTA_DST */
2357 		;
2358 
2359 	if (!unresolved)
2360 		len = len
2361 		      + nla_total_size(4)	/* RTA_IIF */
2362 		      + nla_total_size(0)	/* RTA_MULTIPATH */
2363 		      + maxvif * NLA_ALIGN(sizeof(struct rtnexthop))
2364 						/* RTA_MFC_STATS */
2365 		      + nla_total_size_64bit(sizeof(struct rta_mfc_stats))
2366 		;
2367 
2368 	return len;
2369 }
2370 
2371 static void mr6_netlink_event(struct mr_table *mrt, struct mfc6_cache *mfc,
2372 			      int cmd)
2373 {
2374 	struct net *net = read_pnet(&mrt->net);
2375 	struct sk_buff *skb;
2376 	int err = -ENOBUFS;
2377 
2378 	skb = nlmsg_new(mr6_msgsize(mfc->_c.mfc_parent >= MAXMIFS, mrt->maxvif),
2379 			GFP_ATOMIC);
2380 	if (!skb)
2381 		goto errout;
2382 
2383 	err = ip6mr_fill_mroute(mrt, skb, 0, 0, mfc, cmd, 0);
2384 	if (err < 0)
2385 		goto errout;
2386 
2387 	rtnl_notify(skb, net, 0, RTNLGRP_IPV6_MROUTE, NULL, GFP_ATOMIC);
2388 	return;
2389 
2390 errout:
2391 	kfree_skb(skb);
2392 	if (err < 0)
2393 		rtnl_set_sk_err(net, RTNLGRP_IPV6_MROUTE, err);
2394 }
2395 
2396 static size_t mrt6msg_netlink_msgsize(size_t payloadlen)
2397 {
2398 	size_t len =
2399 		NLMSG_ALIGN(sizeof(struct rtgenmsg))
2400 		+ nla_total_size(1)	/* IP6MRA_CREPORT_MSGTYPE */
2401 		+ nla_total_size(4)	/* IP6MRA_CREPORT_MIF_ID */
2402 					/* IP6MRA_CREPORT_SRC_ADDR */
2403 		+ nla_total_size(sizeof(struct in6_addr))
2404 					/* IP6MRA_CREPORT_DST_ADDR */
2405 		+ nla_total_size(sizeof(struct in6_addr))
2406 					/* IP6MRA_CREPORT_PKT */
2407 		+ nla_total_size(payloadlen)
2408 		;
2409 
2410 	return len;
2411 }
2412 
2413 static void mrt6msg_netlink_event(struct mr_table *mrt, struct sk_buff *pkt)
2414 {
2415 	struct net *net = read_pnet(&mrt->net);
2416 	struct nlmsghdr *nlh;
2417 	struct rtgenmsg *rtgenm;
2418 	struct mrt6msg *msg;
2419 	struct sk_buff *skb;
2420 	struct nlattr *nla;
2421 	int payloadlen;
2422 
2423 	payloadlen = pkt->len - sizeof(struct mrt6msg);
2424 	msg = (struct mrt6msg *)skb_transport_header(pkt);
2425 
2426 	skb = nlmsg_new(mrt6msg_netlink_msgsize(payloadlen), GFP_ATOMIC);
2427 	if (!skb)
2428 		goto errout;
2429 
2430 	nlh = nlmsg_put(skb, 0, 0, RTM_NEWCACHEREPORT,
2431 			sizeof(struct rtgenmsg), 0);
2432 	if (!nlh)
2433 		goto errout;
2434 	rtgenm = nlmsg_data(nlh);
2435 	rtgenm->rtgen_family = RTNL_FAMILY_IP6MR;
2436 	if (nla_put_u8(skb, IP6MRA_CREPORT_MSGTYPE, msg->im6_msgtype) ||
2437 	    nla_put_u32(skb, IP6MRA_CREPORT_MIF_ID, msg->im6_mif) ||
2438 	    nla_put_in6_addr(skb, IP6MRA_CREPORT_SRC_ADDR,
2439 			     &msg->im6_src) ||
2440 	    nla_put_in6_addr(skb, IP6MRA_CREPORT_DST_ADDR,
2441 			     &msg->im6_dst))
2442 		goto nla_put_failure;
2443 
2444 	nla = nla_reserve(skb, IP6MRA_CREPORT_PKT, payloadlen);
2445 	if (!nla || skb_copy_bits(pkt, sizeof(struct mrt6msg),
2446 				  nla_data(nla), payloadlen))
2447 		goto nla_put_failure;
2448 
2449 	nlmsg_end(skb, nlh);
2450 
2451 	rtnl_notify(skb, net, 0, RTNLGRP_IPV6_MROUTE_R, NULL, GFP_ATOMIC);
2452 	return;
2453 
2454 nla_put_failure:
2455 	nlmsg_cancel(skb, nlh);
2456 errout:
2457 	kfree_skb(skb);
2458 	rtnl_set_sk_err(net, RTNLGRP_IPV6_MROUTE_R, -ENOBUFS);
2459 }
2460 
2461 static int ip6mr_rtm_dumproute(struct sk_buff *skb, struct netlink_callback *cb)
2462 {
2463 	const struct nlmsghdr *nlh = cb->nlh;
2464 	struct fib_dump_filter filter = {};
2465 	int err;
2466 
2467 	if (cb->strict_check) {
2468 		err = ip_valid_fib_dump_req(sock_net(skb->sk), nlh,
2469 					    &filter, cb);
2470 		if (err < 0)
2471 			return err;
2472 	}
2473 
2474 	if (filter.table_id) {
2475 		struct mr_table *mrt;
2476 
2477 		mrt = ip6mr_get_table(sock_net(skb->sk), filter.table_id);
2478 		if (!mrt) {
2479 			if (filter.dump_all_families)
2480 				return skb->len;
2481 
2482 			NL_SET_ERR_MSG_MOD(cb->extack, "MR table does not exist");
2483 			return -ENOENT;
2484 		}
2485 		err = mr_table_dump(mrt, skb, cb, _ip6mr_fill_mroute,
2486 				    &mfc_unres_lock, &filter);
2487 		return skb->len ? : err;
2488 	}
2489 
2490 	return mr_rtm_dumproute(skb, cb, ip6mr_mr_table_iter,
2491 				_ip6mr_fill_mroute, &mfc_unres_lock, &filter);
2492 }
2493