1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * NET3 IP device support routines. 4 * 5 * Derived from the IP parts of dev.c 1.0.19 6 * Authors: Ross Biro 7 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG> 8 * Mark Evans, <evansmp@uhura.aston.ac.uk> 9 * 10 * Additional Authors: 11 * Alan Cox, <gw4pts@gw4pts.ampr.org> 12 * Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru> 13 * 14 * Changes: 15 * Alexey Kuznetsov: pa_* fields are replaced with ifaddr 16 * lists. 17 * Cyrus Durgin: updated for kmod 18 * Matthias Andree: in devinet_ioctl, compare label and 19 * address (4.4BSD alias style support), 20 * fall back to comparing just the label 21 * if no match found. 22 */ 23 24 25 #include <linux/uaccess.h> 26 #include <linux/bitops.h> 27 #include <linux/capability.h> 28 #include <linux/module.h> 29 #include <linux/types.h> 30 #include <linux/kernel.h> 31 #include <linux/sched/signal.h> 32 #include <linux/string.h> 33 #include <linux/mm.h> 34 #include <linux/socket.h> 35 #include <linux/sockios.h> 36 #include <linux/in.h> 37 #include <linux/errno.h> 38 #include <linux/interrupt.h> 39 #include <linux/if_addr.h> 40 #include <linux/if_ether.h> 41 #include <linux/inet.h> 42 #include <linux/netdevice.h> 43 #include <linux/etherdevice.h> 44 #include <linux/skbuff.h> 45 #include <linux/init.h> 46 #include <linux/notifier.h> 47 #include <linux/inetdevice.h> 48 #include <linux/igmp.h> 49 #include <linux/slab.h> 50 #include <linux/hash.h> 51 #ifdef CONFIG_SYSCTL 52 #include <linux/sysctl.h> 53 #endif 54 #include <linux/kmod.h> 55 #include <linux/netconf.h> 56 57 #include <net/arp.h> 58 #include <net/ip.h> 59 #include <net/route.h> 60 #include <net/ip_fib.h> 61 #include <net/rtnetlink.h> 62 #include <net/net_namespace.h> 63 #include <net/addrconf.h> 64 65 #define IPV6ONLY_FLAGS \ 66 (IFA_F_NODAD | IFA_F_OPTIMISTIC | IFA_F_DADFAILED | \ 67 IFA_F_HOMEADDRESS | IFA_F_TENTATIVE | \ 68 IFA_F_MANAGETEMPADDR | IFA_F_STABLE_PRIVACY) 69 70 static struct ipv4_devconf ipv4_devconf = { 71 .data = { 72 [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 1, 73 [IPV4_DEVCONF_SEND_REDIRECTS - 1] = 1, 74 [IPV4_DEVCONF_SECURE_REDIRECTS - 1] = 1, 75 [IPV4_DEVCONF_SHARED_MEDIA - 1] = 1, 76 [IPV4_DEVCONF_IGMPV2_UNSOLICITED_REPORT_INTERVAL - 1] = 10000 /*ms*/, 77 [IPV4_DEVCONF_IGMPV3_UNSOLICITED_REPORT_INTERVAL - 1] = 1000 /*ms*/, 78 }, 79 }; 80 81 static struct ipv4_devconf ipv4_devconf_dflt = { 82 .data = { 83 [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 1, 84 [IPV4_DEVCONF_SEND_REDIRECTS - 1] = 1, 85 [IPV4_DEVCONF_SECURE_REDIRECTS - 1] = 1, 86 [IPV4_DEVCONF_SHARED_MEDIA - 1] = 1, 87 [IPV4_DEVCONF_ACCEPT_SOURCE_ROUTE - 1] = 1, 88 [IPV4_DEVCONF_IGMPV2_UNSOLICITED_REPORT_INTERVAL - 1] = 10000 /*ms*/, 89 [IPV4_DEVCONF_IGMPV3_UNSOLICITED_REPORT_INTERVAL - 1] = 1000 /*ms*/, 90 }, 91 }; 92 93 #define IPV4_DEVCONF_DFLT(net, attr) \ 94 IPV4_DEVCONF((*net->ipv4.devconf_dflt), attr) 95 96 static const struct nla_policy ifa_ipv4_policy[IFA_MAX+1] = { 97 [IFA_LOCAL] = { .type = NLA_U32 }, 98 [IFA_ADDRESS] = { .type = NLA_U32 }, 99 [IFA_BROADCAST] = { .type = NLA_U32 }, 100 [IFA_LABEL] = { .type = NLA_STRING, .len = IFNAMSIZ - 1 }, 101 [IFA_CACHEINFO] = { .len = sizeof(struct ifa_cacheinfo) }, 102 [IFA_FLAGS] = { .type = NLA_U32 }, 103 [IFA_RT_PRIORITY] = { .type = NLA_U32 }, 104 [IFA_TARGET_NETNSID] = { .type = NLA_S32 }, 105 }; 106 107 struct inet_fill_args { 108 u32 portid; 109 u32 seq; 110 int event; 111 unsigned int flags; 112 int netnsid; 113 int ifindex; 114 }; 115 116 #define IN4_ADDR_HSIZE_SHIFT 8 117 #define IN4_ADDR_HSIZE (1U << IN4_ADDR_HSIZE_SHIFT) 118 119 static struct hlist_head inet_addr_lst[IN4_ADDR_HSIZE]; 120 121 static u32 inet_addr_hash(const struct net *net, __be32 addr) 122 { 123 u32 val = (__force u32) addr ^ net_hash_mix(net); 124 125 return hash_32(val, IN4_ADDR_HSIZE_SHIFT); 126 } 127 128 static void inet_hash_insert(struct net *net, struct in_ifaddr *ifa) 129 { 130 u32 hash = inet_addr_hash(net, ifa->ifa_local); 131 132 ASSERT_RTNL(); 133 hlist_add_head_rcu(&ifa->hash, &inet_addr_lst[hash]); 134 } 135 136 static void inet_hash_remove(struct in_ifaddr *ifa) 137 { 138 ASSERT_RTNL(); 139 hlist_del_init_rcu(&ifa->hash); 140 } 141 142 /** 143 * __ip_dev_find - find the first device with a given source address. 144 * @net: the net namespace 145 * @addr: the source address 146 * @devref: if true, take a reference on the found device 147 * 148 * If a caller uses devref=false, it should be protected by RCU, or RTNL 149 */ 150 struct net_device *__ip_dev_find(struct net *net, __be32 addr, bool devref) 151 { 152 struct net_device *result = NULL; 153 struct in_ifaddr *ifa; 154 155 rcu_read_lock(); 156 ifa = inet_lookup_ifaddr_rcu(net, addr); 157 if (!ifa) { 158 struct flowi4 fl4 = { .daddr = addr }; 159 struct fib_result res = { 0 }; 160 struct fib_table *local; 161 162 /* Fallback to FIB local table so that communication 163 * over loopback subnets work. 164 */ 165 local = fib_get_table(net, RT_TABLE_LOCAL); 166 if (local && 167 !fib_table_lookup(local, &fl4, &res, FIB_LOOKUP_NOREF) && 168 res.type == RTN_LOCAL) 169 result = FIB_RES_DEV(res); 170 } else { 171 result = ifa->ifa_dev->dev; 172 } 173 if (result && devref) 174 dev_hold(result); 175 rcu_read_unlock(); 176 return result; 177 } 178 EXPORT_SYMBOL(__ip_dev_find); 179 180 /* called under RCU lock */ 181 struct in_ifaddr *inet_lookup_ifaddr_rcu(struct net *net, __be32 addr) 182 { 183 u32 hash = inet_addr_hash(net, addr); 184 struct in_ifaddr *ifa; 185 186 hlist_for_each_entry_rcu(ifa, &inet_addr_lst[hash], hash) 187 if (ifa->ifa_local == addr && 188 net_eq(dev_net(ifa->ifa_dev->dev), net)) 189 return ifa; 190 191 return NULL; 192 } 193 194 static void rtmsg_ifa(int event, struct in_ifaddr *, struct nlmsghdr *, u32); 195 196 static BLOCKING_NOTIFIER_HEAD(inetaddr_chain); 197 static BLOCKING_NOTIFIER_HEAD(inetaddr_validator_chain); 198 static void inet_del_ifa(struct in_device *in_dev, 199 struct in_ifaddr __rcu **ifap, 200 int destroy); 201 #ifdef CONFIG_SYSCTL 202 static int devinet_sysctl_register(struct in_device *idev); 203 static void devinet_sysctl_unregister(struct in_device *idev); 204 #else 205 static int devinet_sysctl_register(struct in_device *idev) 206 { 207 return 0; 208 } 209 static void devinet_sysctl_unregister(struct in_device *idev) 210 { 211 } 212 #endif 213 214 /* Locks all the inet devices. */ 215 216 static struct in_ifaddr *inet_alloc_ifa(void) 217 { 218 return kzalloc(sizeof(struct in_ifaddr), GFP_KERNEL_ACCOUNT); 219 } 220 221 static void inet_rcu_free_ifa(struct rcu_head *head) 222 { 223 struct in_ifaddr *ifa = container_of(head, struct in_ifaddr, rcu_head); 224 if (ifa->ifa_dev) 225 in_dev_put(ifa->ifa_dev); 226 kfree(ifa); 227 } 228 229 static void inet_free_ifa(struct in_ifaddr *ifa) 230 { 231 call_rcu(&ifa->rcu_head, inet_rcu_free_ifa); 232 } 233 234 void in_dev_finish_destroy(struct in_device *idev) 235 { 236 struct net_device *dev = idev->dev; 237 238 WARN_ON(idev->ifa_list); 239 WARN_ON(idev->mc_list); 240 kfree(rcu_dereference_protected(idev->mc_hash, 1)); 241 #ifdef NET_REFCNT_DEBUG 242 pr_debug("%s: %p=%s\n", __func__, idev, dev ? dev->name : "NIL"); 243 #endif 244 dev_put(dev); 245 if (!idev->dead) 246 pr_err("Freeing alive in_device %p\n", idev); 247 else 248 kfree(idev); 249 } 250 EXPORT_SYMBOL(in_dev_finish_destroy); 251 252 static struct in_device *inetdev_init(struct net_device *dev) 253 { 254 struct in_device *in_dev; 255 int err = -ENOMEM; 256 257 ASSERT_RTNL(); 258 259 in_dev = kzalloc(sizeof(*in_dev), GFP_KERNEL); 260 if (!in_dev) 261 goto out; 262 memcpy(&in_dev->cnf, dev_net(dev)->ipv4.devconf_dflt, 263 sizeof(in_dev->cnf)); 264 in_dev->cnf.sysctl = NULL; 265 in_dev->dev = dev; 266 in_dev->arp_parms = neigh_parms_alloc(dev, &arp_tbl); 267 if (!in_dev->arp_parms) 268 goto out_kfree; 269 if (IPV4_DEVCONF(in_dev->cnf, FORWARDING)) 270 dev_disable_lro(dev); 271 /* Reference in_dev->dev */ 272 dev_hold(dev); 273 /* Account for reference dev->ip_ptr (below) */ 274 refcount_set(&in_dev->refcnt, 1); 275 276 err = devinet_sysctl_register(in_dev); 277 if (err) { 278 in_dev->dead = 1; 279 neigh_parms_release(&arp_tbl, in_dev->arp_parms); 280 in_dev_put(in_dev); 281 in_dev = NULL; 282 goto out; 283 } 284 ip_mc_init_dev(in_dev); 285 if (dev->flags & IFF_UP) 286 ip_mc_up(in_dev); 287 288 /* we can receive as soon as ip_ptr is set -- do this last */ 289 rcu_assign_pointer(dev->ip_ptr, in_dev); 290 out: 291 return in_dev ?: ERR_PTR(err); 292 out_kfree: 293 kfree(in_dev); 294 in_dev = NULL; 295 goto out; 296 } 297 298 static void in_dev_rcu_put(struct rcu_head *head) 299 { 300 struct in_device *idev = container_of(head, struct in_device, rcu_head); 301 in_dev_put(idev); 302 } 303 304 static void inetdev_destroy(struct in_device *in_dev) 305 { 306 struct net_device *dev; 307 struct in_ifaddr *ifa; 308 309 ASSERT_RTNL(); 310 311 dev = in_dev->dev; 312 313 in_dev->dead = 1; 314 315 ip_mc_destroy_dev(in_dev); 316 317 while ((ifa = rtnl_dereference(in_dev->ifa_list)) != NULL) { 318 inet_del_ifa(in_dev, &in_dev->ifa_list, 0); 319 inet_free_ifa(ifa); 320 } 321 322 RCU_INIT_POINTER(dev->ip_ptr, NULL); 323 324 devinet_sysctl_unregister(in_dev); 325 neigh_parms_release(&arp_tbl, in_dev->arp_parms); 326 arp_ifdown(dev); 327 328 call_rcu(&in_dev->rcu_head, in_dev_rcu_put); 329 } 330 331 int inet_addr_onlink(struct in_device *in_dev, __be32 a, __be32 b) 332 { 333 const struct in_ifaddr *ifa; 334 335 rcu_read_lock(); 336 in_dev_for_each_ifa_rcu(ifa, in_dev) { 337 if (inet_ifa_match(a, ifa)) { 338 if (!b || inet_ifa_match(b, ifa)) { 339 rcu_read_unlock(); 340 return 1; 341 } 342 } 343 } 344 rcu_read_unlock(); 345 return 0; 346 } 347 348 static void __inet_del_ifa(struct in_device *in_dev, 349 struct in_ifaddr __rcu **ifap, 350 int destroy, struct nlmsghdr *nlh, u32 portid) 351 { 352 struct in_ifaddr *promote = NULL; 353 struct in_ifaddr *ifa, *ifa1; 354 struct in_ifaddr *last_prim; 355 struct in_ifaddr *prev_prom = NULL; 356 int do_promote = IN_DEV_PROMOTE_SECONDARIES(in_dev); 357 358 ASSERT_RTNL(); 359 360 ifa1 = rtnl_dereference(*ifap); 361 last_prim = rtnl_dereference(in_dev->ifa_list); 362 if (in_dev->dead) 363 goto no_promotions; 364 365 /* 1. Deleting primary ifaddr forces deletion all secondaries 366 * unless alias promotion is set 367 **/ 368 369 if (!(ifa1->ifa_flags & IFA_F_SECONDARY)) { 370 struct in_ifaddr __rcu **ifap1 = &ifa1->ifa_next; 371 372 while ((ifa = rtnl_dereference(*ifap1)) != NULL) { 373 if (!(ifa->ifa_flags & IFA_F_SECONDARY) && 374 ifa1->ifa_scope <= ifa->ifa_scope) 375 last_prim = ifa; 376 377 if (!(ifa->ifa_flags & IFA_F_SECONDARY) || 378 ifa1->ifa_mask != ifa->ifa_mask || 379 !inet_ifa_match(ifa1->ifa_address, ifa)) { 380 ifap1 = &ifa->ifa_next; 381 prev_prom = ifa; 382 continue; 383 } 384 385 if (!do_promote) { 386 inet_hash_remove(ifa); 387 *ifap1 = ifa->ifa_next; 388 389 rtmsg_ifa(RTM_DELADDR, ifa, nlh, portid); 390 blocking_notifier_call_chain(&inetaddr_chain, 391 NETDEV_DOWN, ifa); 392 inet_free_ifa(ifa); 393 } else { 394 promote = ifa; 395 break; 396 } 397 } 398 } 399 400 /* On promotion all secondaries from subnet are changing 401 * the primary IP, we must remove all their routes silently 402 * and later to add them back with new prefsrc. Do this 403 * while all addresses are on the device list. 404 */ 405 for (ifa = promote; ifa; ifa = rtnl_dereference(ifa->ifa_next)) { 406 if (ifa1->ifa_mask == ifa->ifa_mask && 407 inet_ifa_match(ifa1->ifa_address, ifa)) 408 fib_del_ifaddr(ifa, ifa1); 409 } 410 411 no_promotions: 412 /* 2. Unlink it */ 413 414 *ifap = ifa1->ifa_next; 415 inet_hash_remove(ifa1); 416 417 /* 3. Announce address deletion */ 418 419 /* Send message first, then call notifier. 420 At first sight, FIB update triggered by notifier 421 will refer to already deleted ifaddr, that could confuse 422 netlink listeners. It is not true: look, gated sees 423 that route deleted and if it still thinks that ifaddr 424 is valid, it will try to restore deleted routes... Grr. 425 So that, this order is correct. 426 */ 427 rtmsg_ifa(RTM_DELADDR, ifa1, nlh, portid); 428 blocking_notifier_call_chain(&inetaddr_chain, NETDEV_DOWN, ifa1); 429 430 if (promote) { 431 struct in_ifaddr *next_sec; 432 433 next_sec = rtnl_dereference(promote->ifa_next); 434 if (prev_prom) { 435 struct in_ifaddr *last_sec; 436 437 rcu_assign_pointer(prev_prom->ifa_next, next_sec); 438 439 last_sec = rtnl_dereference(last_prim->ifa_next); 440 rcu_assign_pointer(promote->ifa_next, last_sec); 441 rcu_assign_pointer(last_prim->ifa_next, promote); 442 } 443 444 promote->ifa_flags &= ~IFA_F_SECONDARY; 445 rtmsg_ifa(RTM_NEWADDR, promote, nlh, portid); 446 blocking_notifier_call_chain(&inetaddr_chain, 447 NETDEV_UP, promote); 448 for (ifa = next_sec; ifa; 449 ifa = rtnl_dereference(ifa->ifa_next)) { 450 if (ifa1->ifa_mask != ifa->ifa_mask || 451 !inet_ifa_match(ifa1->ifa_address, ifa)) 452 continue; 453 fib_add_ifaddr(ifa); 454 } 455 456 } 457 if (destroy) 458 inet_free_ifa(ifa1); 459 } 460 461 static void inet_del_ifa(struct in_device *in_dev, 462 struct in_ifaddr __rcu **ifap, 463 int destroy) 464 { 465 __inet_del_ifa(in_dev, ifap, destroy, NULL, 0); 466 } 467 468 static void check_lifetime(struct work_struct *work); 469 470 static DECLARE_DELAYED_WORK(check_lifetime_work, check_lifetime); 471 472 static int __inet_insert_ifa(struct in_ifaddr *ifa, struct nlmsghdr *nlh, 473 u32 portid, struct netlink_ext_ack *extack) 474 { 475 struct in_ifaddr __rcu **last_primary, **ifap; 476 struct in_device *in_dev = ifa->ifa_dev; 477 struct in_validator_info ivi; 478 struct in_ifaddr *ifa1; 479 int ret; 480 481 ASSERT_RTNL(); 482 483 if (!ifa->ifa_local) { 484 inet_free_ifa(ifa); 485 return 0; 486 } 487 488 ifa->ifa_flags &= ~IFA_F_SECONDARY; 489 last_primary = &in_dev->ifa_list; 490 491 /* Don't set IPv6 only flags to IPv4 addresses */ 492 ifa->ifa_flags &= ~IPV6ONLY_FLAGS; 493 494 ifap = &in_dev->ifa_list; 495 ifa1 = rtnl_dereference(*ifap); 496 497 while (ifa1) { 498 if (!(ifa1->ifa_flags & IFA_F_SECONDARY) && 499 ifa->ifa_scope <= ifa1->ifa_scope) 500 last_primary = &ifa1->ifa_next; 501 if (ifa1->ifa_mask == ifa->ifa_mask && 502 inet_ifa_match(ifa1->ifa_address, ifa)) { 503 if (ifa1->ifa_local == ifa->ifa_local) { 504 inet_free_ifa(ifa); 505 return -EEXIST; 506 } 507 if (ifa1->ifa_scope != ifa->ifa_scope) { 508 inet_free_ifa(ifa); 509 return -EINVAL; 510 } 511 ifa->ifa_flags |= IFA_F_SECONDARY; 512 } 513 514 ifap = &ifa1->ifa_next; 515 ifa1 = rtnl_dereference(*ifap); 516 } 517 518 /* Allow any devices that wish to register ifaddr validtors to weigh 519 * in now, before changes are committed. The rntl lock is serializing 520 * access here, so the state should not change between a validator call 521 * and a final notify on commit. This isn't invoked on promotion under 522 * the assumption that validators are checking the address itself, and 523 * not the flags. 524 */ 525 ivi.ivi_addr = ifa->ifa_address; 526 ivi.ivi_dev = ifa->ifa_dev; 527 ivi.extack = extack; 528 ret = blocking_notifier_call_chain(&inetaddr_validator_chain, 529 NETDEV_UP, &ivi); 530 ret = notifier_to_errno(ret); 531 if (ret) { 532 inet_free_ifa(ifa); 533 return ret; 534 } 535 536 if (!(ifa->ifa_flags & IFA_F_SECONDARY)) { 537 prandom_seed((__force u32) ifa->ifa_local); 538 ifap = last_primary; 539 } 540 541 rcu_assign_pointer(ifa->ifa_next, *ifap); 542 rcu_assign_pointer(*ifap, ifa); 543 544 inet_hash_insert(dev_net(in_dev->dev), ifa); 545 546 cancel_delayed_work(&check_lifetime_work); 547 queue_delayed_work(system_power_efficient_wq, &check_lifetime_work, 0); 548 549 /* Send message first, then call notifier. 550 Notifier will trigger FIB update, so that 551 listeners of netlink will know about new ifaddr */ 552 rtmsg_ifa(RTM_NEWADDR, ifa, nlh, portid); 553 blocking_notifier_call_chain(&inetaddr_chain, NETDEV_UP, ifa); 554 555 return 0; 556 } 557 558 static int inet_insert_ifa(struct in_ifaddr *ifa) 559 { 560 return __inet_insert_ifa(ifa, NULL, 0, NULL); 561 } 562 563 static int inet_set_ifa(struct net_device *dev, struct in_ifaddr *ifa) 564 { 565 struct in_device *in_dev = __in_dev_get_rtnl(dev); 566 567 ASSERT_RTNL(); 568 569 if (!in_dev) { 570 inet_free_ifa(ifa); 571 return -ENOBUFS; 572 } 573 ipv4_devconf_setall(in_dev); 574 neigh_parms_data_state_setall(in_dev->arp_parms); 575 if (ifa->ifa_dev != in_dev) { 576 WARN_ON(ifa->ifa_dev); 577 in_dev_hold(in_dev); 578 ifa->ifa_dev = in_dev; 579 } 580 if (ipv4_is_loopback(ifa->ifa_local)) 581 ifa->ifa_scope = RT_SCOPE_HOST; 582 return inet_insert_ifa(ifa); 583 } 584 585 /* Caller must hold RCU or RTNL : 586 * We dont take a reference on found in_device 587 */ 588 struct in_device *inetdev_by_index(struct net *net, int ifindex) 589 { 590 struct net_device *dev; 591 struct in_device *in_dev = NULL; 592 593 rcu_read_lock(); 594 dev = dev_get_by_index_rcu(net, ifindex); 595 if (dev) 596 in_dev = rcu_dereference_rtnl(dev->ip_ptr); 597 rcu_read_unlock(); 598 return in_dev; 599 } 600 EXPORT_SYMBOL(inetdev_by_index); 601 602 /* Called only from RTNL semaphored context. No locks. */ 603 604 struct in_ifaddr *inet_ifa_byprefix(struct in_device *in_dev, __be32 prefix, 605 __be32 mask) 606 { 607 struct in_ifaddr *ifa; 608 609 ASSERT_RTNL(); 610 611 in_dev_for_each_ifa_rtnl(ifa, in_dev) { 612 if (ifa->ifa_mask == mask && inet_ifa_match(prefix, ifa)) 613 return ifa; 614 } 615 return NULL; 616 } 617 618 static int ip_mc_autojoin_config(struct net *net, bool join, 619 const struct in_ifaddr *ifa) 620 { 621 #if defined(CONFIG_IP_MULTICAST) 622 struct ip_mreqn mreq = { 623 .imr_multiaddr.s_addr = ifa->ifa_address, 624 .imr_ifindex = ifa->ifa_dev->dev->ifindex, 625 }; 626 struct sock *sk = net->ipv4.mc_autojoin_sk; 627 int ret; 628 629 ASSERT_RTNL(); 630 631 lock_sock(sk); 632 if (join) 633 ret = ip_mc_join_group(sk, &mreq); 634 else 635 ret = ip_mc_leave_group(sk, &mreq); 636 release_sock(sk); 637 638 return ret; 639 #else 640 return -EOPNOTSUPP; 641 #endif 642 } 643 644 static int inet_rtm_deladdr(struct sk_buff *skb, struct nlmsghdr *nlh, 645 struct netlink_ext_ack *extack) 646 { 647 struct net *net = sock_net(skb->sk); 648 struct in_ifaddr __rcu **ifap; 649 struct nlattr *tb[IFA_MAX+1]; 650 struct in_device *in_dev; 651 struct ifaddrmsg *ifm; 652 struct in_ifaddr *ifa; 653 int err; 654 655 ASSERT_RTNL(); 656 657 err = nlmsg_parse_deprecated(nlh, sizeof(*ifm), tb, IFA_MAX, 658 ifa_ipv4_policy, extack); 659 if (err < 0) 660 goto errout; 661 662 ifm = nlmsg_data(nlh); 663 in_dev = inetdev_by_index(net, ifm->ifa_index); 664 if (!in_dev) { 665 err = -ENODEV; 666 goto errout; 667 } 668 669 for (ifap = &in_dev->ifa_list; (ifa = rtnl_dereference(*ifap)) != NULL; 670 ifap = &ifa->ifa_next) { 671 if (tb[IFA_LOCAL] && 672 ifa->ifa_local != nla_get_in_addr(tb[IFA_LOCAL])) 673 continue; 674 675 if (tb[IFA_LABEL] && nla_strcmp(tb[IFA_LABEL], ifa->ifa_label)) 676 continue; 677 678 if (tb[IFA_ADDRESS] && 679 (ifm->ifa_prefixlen != ifa->ifa_prefixlen || 680 !inet_ifa_match(nla_get_in_addr(tb[IFA_ADDRESS]), ifa))) 681 continue; 682 683 if (ipv4_is_multicast(ifa->ifa_address)) 684 ip_mc_autojoin_config(net, false, ifa); 685 __inet_del_ifa(in_dev, ifap, 1, nlh, NETLINK_CB(skb).portid); 686 return 0; 687 } 688 689 err = -EADDRNOTAVAIL; 690 errout: 691 return err; 692 } 693 694 #define INFINITY_LIFE_TIME 0xFFFFFFFF 695 696 static void check_lifetime(struct work_struct *work) 697 { 698 unsigned long now, next, next_sec, next_sched; 699 struct in_ifaddr *ifa; 700 struct hlist_node *n; 701 int i; 702 703 now = jiffies; 704 next = round_jiffies_up(now + ADDR_CHECK_FREQUENCY); 705 706 for (i = 0; i < IN4_ADDR_HSIZE; i++) { 707 bool change_needed = false; 708 709 rcu_read_lock(); 710 hlist_for_each_entry_rcu(ifa, &inet_addr_lst[i], hash) { 711 unsigned long age; 712 713 if (ifa->ifa_flags & IFA_F_PERMANENT) 714 continue; 715 716 /* We try to batch several events at once. */ 717 age = (now - ifa->ifa_tstamp + 718 ADDRCONF_TIMER_FUZZ_MINUS) / HZ; 719 720 if (ifa->ifa_valid_lft != INFINITY_LIFE_TIME && 721 age >= ifa->ifa_valid_lft) { 722 change_needed = true; 723 } else if (ifa->ifa_preferred_lft == 724 INFINITY_LIFE_TIME) { 725 continue; 726 } else if (age >= ifa->ifa_preferred_lft) { 727 if (time_before(ifa->ifa_tstamp + 728 ifa->ifa_valid_lft * HZ, next)) 729 next = ifa->ifa_tstamp + 730 ifa->ifa_valid_lft * HZ; 731 732 if (!(ifa->ifa_flags & IFA_F_DEPRECATED)) 733 change_needed = true; 734 } else if (time_before(ifa->ifa_tstamp + 735 ifa->ifa_preferred_lft * HZ, 736 next)) { 737 next = ifa->ifa_tstamp + 738 ifa->ifa_preferred_lft * HZ; 739 } 740 } 741 rcu_read_unlock(); 742 if (!change_needed) 743 continue; 744 rtnl_lock(); 745 hlist_for_each_entry_safe(ifa, n, &inet_addr_lst[i], hash) { 746 unsigned long age; 747 748 if (ifa->ifa_flags & IFA_F_PERMANENT) 749 continue; 750 751 /* We try to batch several events at once. */ 752 age = (now - ifa->ifa_tstamp + 753 ADDRCONF_TIMER_FUZZ_MINUS) / HZ; 754 755 if (ifa->ifa_valid_lft != INFINITY_LIFE_TIME && 756 age >= ifa->ifa_valid_lft) { 757 struct in_ifaddr __rcu **ifap; 758 struct in_ifaddr *tmp; 759 760 ifap = &ifa->ifa_dev->ifa_list; 761 tmp = rtnl_dereference(*ifap); 762 while (tmp) { 763 if (tmp == ifa) { 764 inet_del_ifa(ifa->ifa_dev, 765 ifap, 1); 766 break; 767 } 768 ifap = &tmp->ifa_next; 769 tmp = rtnl_dereference(*ifap); 770 } 771 } else if (ifa->ifa_preferred_lft != 772 INFINITY_LIFE_TIME && 773 age >= ifa->ifa_preferred_lft && 774 !(ifa->ifa_flags & IFA_F_DEPRECATED)) { 775 ifa->ifa_flags |= IFA_F_DEPRECATED; 776 rtmsg_ifa(RTM_NEWADDR, ifa, NULL, 0); 777 } 778 } 779 rtnl_unlock(); 780 } 781 782 next_sec = round_jiffies_up(next); 783 next_sched = next; 784 785 /* If rounded timeout is accurate enough, accept it. */ 786 if (time_before(next_sec, next + ADDRCONF_TIMER_FUZZ)) 787 next_sched = next_sec; 788 789 now = jiffies; 790 /* And minimum interval is ADDRCONF_TIMER_FUZZ_MAX. */ 791 if (time_before(next_sched, now + ADDRCONF_TIMER_FUZZ_MAX)) 792 next_sched = now + ADDRCONF_TIMER_FUZZ_MAX; 793 794 queue_delayed_work(system_power_efficient_wq, &check_lifetime_work, 795 next_sched - now); 796 } 797 798 static void set_ifa_lifetime(struct in_ifaddr *ifa, __u32 valid_lft, 799 __u32 prefered_lft) 800 { 801 unsigned long timeout; 802 803 ifa->ifa_flags &= ~(IFA_F_PERMANENT | IFA_F_DEPRECATED); 804 805 timeout = addrconf_timeout_fixup(valid_lft, HZ); 806 if (addrconf_finite_timeout(timeout)) 807 ifa->ifa_valid_lft = timeout; 808 else 809 ifa->ifa_flags |= IFA_F_PERMANENT; 810 811 timeout = addrconf_timeout_fixup(prefered_lft, HZ); 812 if (addrconf_finite_timeout(timeout)) { 813 if (timeout == 0) 814 ifa->ifa_flags |= IFA_F_DEPRECATED; 815 ifa->ifa_preferred_lft = timeout; 816 } 817 ifa->ifa_tstamp = jiffies; 818 if (!ifa->ifa_cstamp) 819 ifa->ifa_cstamp = ifa->ifa_tstamp; 820 } 821 822 static struct in_ifaddr *rtm_to_ifaddr(struct net *net, struct nlmsghdr *nlh, 823 __u32 *pvalid_lft, __u32 *pprefered_lft, 824 struct netlink_ext_ack *extack) 825 { 826 struct nlattr *tb[IFA_MAX+1]; 827 struct in_ifaddr *ifa; 828 struct ifaddrmsg *ifm; 829 struct net_device *dev; 830 struct in_device *in_dev; 831 int err; 832 833 err = nlmsg_parse_deprecated(nlh, sizeof(*ifm), tb, IFA_MAX, 834 ifa_ipv4_policy, extack); 835 if (err < 0) 836 goto errout; 837 838 ifm = nlmsg_data(nlh); 839 err = -EINVAL; 840 if (ifm->ifa_prefixlen > 32 || !tb[IFA_LOCAL]) 841 goto errout; 842 843 dev = __dev_get_by_index(net, ifm->ifa_index); 844 err = -ENODEV; 845 if (!dev) 846 goto errout; 847 848 in_dev = __in_dev_get_rtnl(dev); 849 err = -ENOBUFS; 850 if (!in_dev) 851 goto errout; 852 853 ifa = inet_alloc_ifa(); 854 if (!ifa) 855 /* 856 * A potential indev allocation can be left alive, it stays 857 * assigned to its device and is destroy with it. 858 */ 859 goto errout; 860 861 ipv4_devconf_setall(in_dev); 862 neigh_parms_data_state_setall(in_dev->arp_parms); 863 in_dev_hold(in_dev); 864 865 if (!tb[IFA_ADDRESS]) 866 tb[IFA_ADDRESS] = tb[IFA_LOCAL]; 867 868 INIT_HLIST_NODE(&ifa->hash); 869 ifa->ifa_prefixlen = ifm->ifa_prefixlen; 870 ifa->ifa_mask = inet_make_mask(ifm->ifa_prefixlen); 871 ifa->ifa_flags = tb[IFA_FLAGS] ? nla_get_u32(tb[IFA_FLAGS]) : 872 ifm->ifa_flags; 873 ifa->ifa_scope = ifm->ifa_scope; 874 ifa->ifa_dev = in_dev; 875 876 ifa->ifa_local = nla_get_in_addr(tb[IFA_LOCAL]); 877 ifa->ifa_address = nla_get_in_addr(tb[IFA_ADDRESS]); 878 879 if (tb[IFA_BROADCAST]) 880 ifa->ifa_broadcast = nla_get_in_addr(tb[IFA_BROADCAST]); 881 882 if (tb[IFA_LABEL]) 883 nla_strscpy(ifa->ifa_label, tb[IFA_LABEL], IFNAMSIZ); 884 else 885 memcpy(ifa->ifa_label, dev->name, IFNAMSIZ); 886 887 if (tb[IFA_RT_PRIORITY]) 888 ifa->ifa_rt_priority = nla_get_u32(tb[IFA_RT_PRIORITY]); 889 890 if (tb[IFA_CACHEINFO]) { 891 struct ifa_cacheinfo *ci; 892 893 ci = nla_data(tb[IFA_CACHEINFO]); 894 if (!ci->ifa_valid || ci->ifa_prefered > ci->ifa_valid) { 895 err = -EINVAL; 896 goto errout_free; 897 } 898 *pvalid_lft = ci->ifa_valid; 899 *pprefered_lft = ci->ifa_prefered; 900 } 901 902 return ifa; 903 904 errout_free: 905 inet_free_ifa(ifa); 906 errout: 907 return ERR_PTR(err); 908 } 909 910 static struct in_ifaddr *find_matching_ifa(struct in_ifaddr *ifa) 911 { 912 struct in_device *in_dev = ifa->ifa_dev; 913 struct in_ifaddr *ifa1; 914 915 if (!ifa->ifa_local) 916 return NULL; 917 918 in_dev_for_each_ifa_rtnl(ifa1, in_dev) { 919 if (ifa1->ifa_mask == ifa->ifa_mask && 920 inet_ifa_match(ifa1->ifa_address, ifa) && 921 ifa1->ifa_local == ifa->ifa_local) 922 return ifa1; 923 } 924 return NULL; 925 } 926 927 static int inet_rtm_newaddr(struct sk_buff *skb, struct nlmsghdr *nlh, 928 struct netlink_ext_ack *extack) 929 { 930 struct net *net = sock_net(skb->sk); 931 struct in_ifaddr *ifa; 932 struct in_ifaddr *ifa_existing; 933 __u32 valid_lft = INFINITY_LIFE_TIME; 934 __u32 prefered_lft = INFINITY_LIFE_TIME; 935 936 ASSERT_RTNL(); 937 938 ifa = rtm_to_ifaddr(net, nlh, &valid_lft, &prefered_lft, extack); 939 if (IS_ERR(ifa)) 940 return PTR_ERR(ifa); 941 942 ifa_existing = find_matching_ifa(ifa); 943 if (!ifa_existing) { 944 /* It would be best to check for !NLM_F_CREATE here but 945 * userspace already relies on not having to provide this. 946 */ 947 set_ifa_lifetime(ifa, valid_lft, prefered_lft); 948 if (ifa->ifa_flags & IFA_F_MCAUTOJOIN) { 949 int ret = ip_mc_autojoin_config(net, true, ifa); 950 951 if (ret < 0) { 952 inet_free_ifa(ifa); 953 return ret; 954 } 955 } 956 return __inet_insert_ifa(ifa, nlh, NETLINK_CB(skb).portid, 957 extack); 958 } else { 959 u32 new_metric = ifa->ifa_rt_priority; 960 961 inet_free_ifa(ifa); 962 963 if (nlh->nlmsg_flags & NLM_F_EXCL || 964 !(nlh->nlmsg_flags & NLM_F_REPLACE)) 965 return -EEXIST; 966 ifa = ifa_existing; 967 968 if (ifa->ifa_rt_priority != new_metric) { 969 fib_modify_prefix_metric(ifa, new_metric); 970 ifa->ifa_rt_priority = new_metric; 971 } 972 973 set_ifa_lifetime(ifa, valid_lft, prefered_lft); 974 cancel_delayed_work(&check_lifetime_work); 975 queue_delayed_work(system_power_efficient_wq, 976 &check_lifetime_work, 0); 977 rtmsg_ifa(RTM_NEWADDR, ifa, nlh, NETLINK_CB(skb).portid); 978 } 979 return 0; 980 } 981 982 /* 983 * Determine a default network mask, based on the IP address. 984 */ 985 986 static int inet_abc_len(__be32 addr) 987 { 988 int rc = -1; /* Something else, probably a multicast. */ 989 990 if (ipv4_is_zeronet(addr) || ipv4_is_lbcast(addr)) 991 rc = 0; 992 else { 993 __u32 haddr = ntohl(addr); 994 if (IN_CLASSA(haddr)) 995 rc = 8; 996 else if (IN_CLASSB(haddr)) 997 rc = 16; 998 else if (IN_CLASSC(haddr)) 999 rc = 24; 1000 else if (IN_CLASSE(haddr)) 1001 rc = 32; 1002 } 1003 1004 return rc; 1005 } 1006 1007 1008 int devinet_ioctl(struct net *net, unsigned int cmd, struct ifreq *ifr) 1009 { 1010 struct sockaddr_in sin_orig; 1011 struct sockaddr_in *sin = (struct sockaddr_in *)&ifr->ifr_addr; 1012 struct in_ifaddr __rcu **ifap = NULL; 1013 struct in_device *in_dev; 1014 struct in_ifaddr *ifa = NULL; 1015 struct net_device *dev; 1016 char *colon; 1017 int ret = -EFAULT; 1018 int tryaddrmatch = 0; 1019 1020 ifr->ifr_name[IFNAMSIZ - 1] = 0; 1021 1022 /* save original address for comparison */ 1023 memcpy(&sin_orig, sin, sizeof(*sin)); 1024 1025 colon = strchr(ifr->ifr_name, ':'); 1026 if (colon) 1027 *colon = 0; 1028 1029 dev_load(net, ifr->ifr_name); 1030 1031 switch (cmd) { 1032 case SIOCGIFADDR: /* Get interface address */ 1033 case SIOCGIFBRDADDR: /* Get the broadcast address */ 1034 case SIOCGIFDSTADDR: /* Get the destination address */ 1035 case SIOCGIFNETMASK: /* Get the netmask for the interface */ 1036 /* Note that these ioctls will not sleep, 1037 so that we do not impose a lock. 1038 One day we will be forced to put shlock here (I mean SMP) 1039 */ 1040 tryaddrmatch = (sin_orig.sin_family == AF_INET); 1041 memset(sin, 0, sizeof(*sin)); 1042 sin->sin_family = AF_INET; 1043 break; 1044 1045 case SIOCSIFFLAGS: 1046 ret = -EPERM; 1047 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) 1048 goto out; 1049 break; 1050 case SIOCSIFADDR: /* Set interface address (and family) */ 1051 case SIOCSIFBRDADDR: /* Set the broadcast address */ 1052 case SIOCSIFDSTADDR: /* Set the destination address */ 1053 case SIOCSIFNETMASK: /* Set the netmask for the interface */ 1054 ret = -EPERM; 1055 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) 1056 goto out; 1057 ret = -EINVAL; 1058 if (sin->sin_family != AF_INET) 1059 goto out; 1060 break; 1061 default: 1062 ret = -EINVAL; 1063 goto out; 1064 } 1065 1066 rtnl_lock(); 1067 1068 ret = -ENODEV; 1069 dev = __dev_get_by_name(net, ifr->ifr_name); 1070 if (!dev) 1071 goto done; 1072 1073 if (colon) 1074 *colon = ':'; 1075 1076 in_dev = __in_dev_get_rtnl(dev); 1077 if (in_dev) { 1078 if (tryaddrmatch) { 1079 /* Matthias Andree */ 1080 /* compare label and address (4.4BSD style) */ 1081 /* note: we only do this for a limited set of ioctls 1082 and only if the original address family was AF_INET. 1083 This is checked above. */ 1084 1085 for (ifap = &in_dev->ifa_list; 1086 (ifa = rtnl_dereference(*ifap)) != NULL; 1087 ifap = &ifa->ifa_next) { 1088 if (!strcmp(ifr->ifr_name, ifa->ifa_label) && 1089 sin_orig.sin_addr.s_addr == 1090 ifa->ifa_local) { 1091 break; /* found */ 1092 } 1093 } 1094 } 1095 /* we didn't get a match, maybe the application is 1096 4.3BSD-style and passed in junk so we fall back to 1097 comparing just the label */ 1098 if (!ifa) { 1099 for (ifap = &in_dev->ifa_list; 1100 (ifa = rtnl_dereference(*ifap)) != NULL; 1101 ifap = &ifa->ifa_next) 1102 if (!strcmp(ifr->ifr_name, ifa->ifa_label)) 1103 break; 1104 } 1105 } 1106 1107 ret = -EADDRNOTAVAIL; 1108 if (!ifa && cmd != SIOCSIFADDR && cmd != SIOCSIFFLAGS) 1109 goto done; 1110 1111 switch (cmd) { 1112 case SIOCGIFADDR: /* Get interface address */ 1113 ret = 0; 1114 sin->sin_addr.s_addr = ifa->ifa_local; 1115 break; 1116 1117 case SIOCGIFBRDADDR: /* Get the broadcast address */ 1118 ret = 0; 1119 sin->sin_addr.s_addr = ifa->ifa_broadcast; 1120 break; 1121 1122 case SIOCGIFDSTADDR: /* Get the destination address */ 1123 ret = 0; 1124 sin->sin_addr.s_addr = ifa->ifa_address; 1125 break; 1126 1127 case SIOCGIFNETMASK: /* Get the netmask for the interface */ 1128 ret = 0; 1129 sin->sin_addr.s_addr = ifa->ifa_mask; 1130 break; 1131 1132 case SIOCSIFFLAGS: 1133 if (colon) { 1134 ret = -EADDRNOTAVAIL; 1135 if (!ifa) 1136 break; 1137 ret = 0; 1138 if (!(ifr->ifr_flags & IFF_UP)) 1139 inet_del_ifa(in_dev, ifap, 1); 1140 break; 1141 } 1142 ret = dev_change_flags(dev, ifr->ifr_flags, NULL); 1143 break; 1144 1145 case SIOCSIFADDR: /* Set interface address (and family) */ 1146 ret = -EINVAL; 1147 if (inet_abc_len(sin->sin_addr.s_addr) < 0) 1148 break; 1149 1150 if (!ifa) { 1151 ret = -ENOBUFS; 1152 ifa = inet_alloc_ifa(); 1153 if (!ifa) 1154 break; 1155 INIT_HLIST_NODE(&ifa->hash); 1156 if (colon) 1157 memcpy(ifa->ifa_label, ifr->ifr_name, IFNAMSIZ); 1158 else 1159 memcpy(ifa->ifa_label, dev->name, IFNAMSIZ); 1160 } else { 1161 ret = 0; 1162 if (ifa->ifa_local == sin->sin_addr.s_addr) 1163 break; 1164 inet_del_ifa(in_dev, ifap, 0); 1165 ifa->ifa_broadcast = 0; 1166 ifa->ifa_scope = 0; 1167 } 1168 1169 ifa->ifa_address = ifa->ifa_local = sin->sin_addr.s_addr; 1170 1171 if (!(dev->flags & IFF_POINTOPOINT)) { 1172 ifa->ifa_prefixlen = inet_abc_len(ifa->ifa_address); 1173 ifa->ifa_mask = inet_make_mask(ifa->ifa_prefixlen); 1174 if ((dev->flags & IFF_BROADCAST) && 1175 ifa->ifa_prefixlen < 31) 1176 ifa->ifa_broadcast = ifa->ifa_address | 1177 ~ifa->ifa_mask; 1178 } else { 1179 ifa->ifa_prefixlen = 32; 1180 ifa->ifa_mask = inet_make_mask(32); 1181 } 1182 set_ifa_lifetime(ifa, INFINITY_LIFE_TIME, INFINITY_LIFE_TIME); 1183 ret = inet_set_ifa(dev, ifa); 1184 break; 1185 1186 case SIOCSIFBRDADDR: /* Set the broadcast address */ 1187 ret = 0; 1188 if (ifa->ifa_broadcast != sin->sin_addr.s_addr) { 1189 inet_del_ifa(in_dev, ifap, 0); 1190 ifa->ifa_broadcast = sin->sin_addr.s_addr; 1191 inet_insert_ifa(ifa); 1192 } 1193 break; 1194 1195 case SIOCSIFDSTADDR: /* Set the destination address */ 1196 ret = 0; 1197 if (ifa->ifa_address == sin->sin_addr.s_addr) 1198 break; 1199 ret = -EINVAL; 1200 if (inet_abc_len(sin->sin_addr.s_addr) < 0) 1201 break; 1202 ret = 0; 1203 inet_del_ifa(in_dev, ifap, 0); 1204 ifa->ifa_address = sin->sin_addr.s_addr; 1205 inet_insert_ifa(ifa); 1206 break; 1207 1208 case SIOCSIFNETMASK: /* Set the netmask for the interface */ 1209 1210 /* 1211 * The mask we set must be legal. 1212 */ 1213 ret = -EINVAL; 1214 if (bad_mask(sin->sin_addr.s_addr, 0)) 1215 break; 1216 ret = 0; 1217 if (ifa->ifa_mask != sin->sin_addr.s_addr) { 1218 __be32 old_mask = ifa->ifa_mask; 1219 inet_del_ifa(in_dev, ifap, 0); 1220 ifa->ifa_mask = sin->sin_addr.s_addr; 1221 ifa->ifa_prefixlen = inet_mask_len(ifa->ifa_mask); 1222 1223 /* See if current broadcast address matches 1224 * with current netmask, then recalculate 1225 * the broadcast address. Otherwise it's a 1226 * funny address, so don't touch it since 1227 * the user seems to know what (s)he's doing... 1228 */ 1229 if ((dev->flags & IFF_BROADCAST) && 1230 (ifa->ifa_prefixlen < 31) && 1231 (ifa->ifa_broadcast == 1232 (ifa->ifa_local|~old_mask))) { 1233 ifa->ifa_broadcast = (ifa->ifa_local | 1234 ~sin->sin_addr.s_addr); 1235 } 1236 inet_insert_ifa(ifa); 1237 } 1238 break; 1239 } 1240 done: 1241 rtnl_unlock(); 1242 out: 1243 return ret; 1244 } 1245 1246 int inet_gifconf(struct net_device *dev, char __user *buf, int len, int size) 1247 { 1248 struct in_device *in_dev = __in_dev_get_rtnl(dev); 1249 const struct in_ifaddr *ifa; 1250 struct ifreq ifr; 1251 int done = 0; 1252 1253 if (WARN_ON(size > sizeof(struct ifreq))) 1254 goto out; 1255 1256 if (!in_dev) 1257 goto out; 1258 1259 in_dev_for_each_ifa_rtnl(ifa, in_dev) { 1260 if (!buf) { 1261 done += size; 1262 continue; 1263 } 1264 if (len < size) 1265 break; 1266 memset(&ifr, 0, sizeof(struct ifreq)); 1267 strcpy(ifr.ifr_name, ifa->ifa_label); 1268 1269 (*(struct sockaddr_in *)&ifr.ifr_addr).sin_family = AF_INET; 1270 (*(struct sockaddr_in *)&ifr.ifr_addr).sin_addr.s_addr = 1271 ifa->ifa_local; 1272 1273 if (copy_to_user(buf + done, &ifr, size)) { 1274 done = -EFAULT; 1275 break; 1276 } 1277 len -= size; 1278 done += size; 1279 } 1280 out: 1281 return done; 1282 } 1283 1284 static __be32 in_dev_select_addr(const struct in_device *in_dev, 1285 int scope) 1286 { 1287 const struct in_ifaddr *ifa; 1288 1289 in_dev_for_each_ifa_rcu(ifa, in_dev) { 1290 if (ifa->ifa_flags & IFA_F_SECONDARY) 1291 continue; 1292 if (ifa->ifa_scope != RT_SCOPE_LINK && 1293 ifa->ifa_scope <= scope) 1294 return ifa->ifa_local; 1295 } 1296 1297 return 0; 1298 } 1299 1300 __be32 inet_select_addr(const struct net_device *dev, __be32 dst, int scope) 1301 { 1302 const struct in_ifaddr *ifa; 1303 __be32 addr = 0; 1304 unsigned char localnet_scope = RT_SCOPE_HOST; 1305 struct in_device *in_dev; 1306 struct net *net = dev_net(dev); 1307 int master_idx; 1308 1309 rcu_read_lock(); 1310 in_dev = __in_dev_get_rcu(dev); 1311 if (!in_dev) 1312 goto no_in_dev; 1313 1314 if (unlikely(IN_DEV_ROUTE_LOCALNET(in_dev))) 1315 localnet_scope = RT_SCOPE_LINK; 1316 1317 in_dev_for_each_ifa_rcu(ifa, in_dev) { 1318 if (ifa->ifa_flags & IFA_F_SECONDARY) 1319 continue; 1320 if (min(ifa->ifa_scope, localnet_scope) > scope) 1321 continue; 1322 if (!dst || inet_ifa_match(dst, ifa)) { 1323 addr = ifa->ifa_local; 1324 break; 1325 } 1326 if (!addr) 1327 addr = ifa->ifa_local; 1328 } 1329 1330 if (addr) 1331 goto out_unlock; 1332 no_in_dev: 1333 master_idx = l3mdev_master_ifindex_rcu(dev); 1334 1335 /* For VRFs, the VRF device takes the place of the loopback device, 1336 * with addresses on it being preferred. Note in such cases the 1337 * loopback device will be among the devices that fail the master_idx 1338 * equality check in the loop below. 1339 */ 1340 if (master_idx && 1341 (dev = dev_get_by_index_rcu(net, master_idx)) && 1342 (in_dev = __in_dev_get_rcu(dev))) { 1343 addr = in_dev_select_addr(in_dev, scope); 1344 if (addr) 1345 goto out_unlock; 1346 } 1347 1348 /* Not loopback addresses on loopback should be preferred 1349 in this case. It is important that lo is the first interface 1350 in dev_base list. 1351 */ 1352 for_each_netdev_rcu(net, dev) { 1353 if (l3mdev_master_ifindex_rcu(dev) != master_idx) 1354 continue; 1355 1356 in_dev = __in_dev_get_rcu(dev); 1357 if (!in_dev) 1358 continue; 1359 1360 addr = in_dev_select_addr(in_dev, scope); 1361 if (addr) 1362 goto out_unlock; 1363 } 1364 out_unlock: 1365 rcu_read_unlock(); 1366 return addr; 1367 } 1368 EXPORT_SYMBOL(inet_select_addr); 1369 1370 static __be32 confirm_addr_indev(struct in_device *in_dev, __be32 dst, 1371 __be32 local, int scope) 1372 { 1373 unsigned char localnet_scope = RT_SCOPE_HOST; 1374 const struct in_ifaddr *ifa; 1375 __be32 addr = 0; 1376 int same = 0; 1377 1378 if (unlikely(IN_DEV_ROUTE_LOCALNET(in_dev))) 1379 localnet_scope = RT_SCOPE_LINK; 1380 1381 in_dev_for_each_ifa_rcu(ifa, in_dev) { 1382 unsigned char min_scope = min(ifa->ifa_scope, localnet_scope); 1383 1384 if (!addr && 1385 (local == ifa->ifa_local || !local) && 1386 min_scope <= scope) { 1387 addr = ifa->ifa_local; 1388 if (same) 1389 break; 1390 } 1391 if (!same) { 1392 same = (!local || inet_ifa_match(local, ifa)) && 1393 (!dst || inet_ifa_match(dst, ifa)); 1394 if (same && addr) { 1395 if (local || !dst) 1396 break; 1397 /* Is the selected addr into dst subnet? */ 1398 if (inet_ifa_match(addr, ifa)) 1399 break; 1400 /* No, then can we use new local src? */ 1401 if (min_scope <= scope) { 1402 addr = ifa->ifa_local; 1403 break; 1404 } 1405 /* search for large dst subnet for addr */ 1406 same = 0; 1407 } 1408 } 1409 } 1410 1411 return same ? addr : 0; 1412 } 1413 1414 /* 1415 * Confirm that local IP address exists using wildcards: 1416 * - net: netns to check, cannot be NULL 1417 * - in_dev: only on this interface, NULL=any interface 1418 * - dst: only in the same subnet as dst, 0=any dst 1419 * - local: address, 0=autoselect the local address 1420 * - scope: maximum allowed scope value for the local address 1421 */ 1422 __be32 inet_confirm_addr(struct net *net, struct in_device *in_dev, 1423 __be32 dst, __be32 local, int scope) 1424 { 1425 __be32 addr = 0; 1426 struct net_device *dev; 1427 1428 if (in_dev) 1429 return confirm_addr_indev(in_dev, dst, local, scope); 1430 1431 rcu_read_lock(); 1432 for_each_netdev_rcu(net, dev) { 1433 in_dev = __in_dev_get_rcu(dev); 1434 if (in_dev) { 1435 addr = confirm_addr_indev(in_dev, dst, local, scope); 1436 if (addr) 1437 break; 1438 } 1439 } 1440 rcu_read_unlock(); 1441 1442 return addr; 1443 } 1444 EXPORT_SYMBOL(inet_confirm_addr); 1445 1446 /* 1447 * Device notifier 1448 */ 1449 1450 int register_inetaddr_notifier(struct notifier_block *nb) 1451 { 1452 return blocking_notifier_chain_register(&inetaddr_chain, nb); 1453 } 1454 EXPORT_SYMBOL(register_inetaddr_notifier); 1455 1456 int unregister_inetaddr_notifier(struct notifier_block *nb) 1457 { 1458 return blocking_notifier_chain_unregister(&inetaddr_chain, nb); 1459 } 1460 EXPORT_SYMBOL(unregister_inetaddr_notifier); 1461 1462 int register_inetaddr_validator_notifier(struct notifier_block *nb) 1463 { 1464 return blocking_notifier_chain_register(&inetaddr_validator_chain, nb); 1465 } 1466 EXPORT_SYMBOL(register_inetaddr_validator_notifier); 1467 1468 int unregister_inetaddr_validator_notifier(struct notifier_block *nb) 1469 { 1470 return blocking_notifier_chain_unregister(&inetaddr_validator_chain, 1471 nb); 1472 } 1473 EXPORT_SYMBOL(unregister_inetaddr_validator_notifier); 1474 1475 /* Rename ifa_labels for a device name change. Make some effort to preserve 1476 * existing alias numbering and to create unique labels if possible. 1477 */ 1478 static void inetdev_changename(struct net_device *dev, struct in_device *in_dev) 1479 { 1480 struct in_ifaddr *ifa; 1481 int named = 0; 1482 1483 in_dev_for_each_ifa_rtnl(ifa, in_dev) { 1484 char old[IFNAMSIZ], *dot; 1485 1486 memcpy(old, ifa->ifa_label, IFNAMSIZ); 1487 memcpy(ifa->ifa_label, dev->name, IFNAMSIZ); 1488 if (named++ == 0) 1489 goto skip; 1490 dot = strchr(old, ':'); 1491 if (!dot) { 1492 sprintf(old, ":%d", named); 1493 dot = old; 1494 } 1495 if (strlen(dot) + strlen(dev->name) < IFNAMSIZ) 1496 strcat(ifa->ifa_label, dot); 1497 else 1498 strcpy(ifa->ifa_label + (IFNAMSIZ - strlen(dot) - 1), dot); 1499 skip: 1500 rtmsg_ifa(RTM_NEWADDR, ifa, NULL, 0); 1501 } 1502 } 1503 1504 static void inetdev_send_gratuitous_arp(struct net_device *dev, 1505 struct in_device *in_dev) 1506 1507 { 1508 const struct in_ifaddr *ifa; 1509 1510 in_dev_for_each_ifa_rtnl(ifa, in_dev) { 1511 arp_send(ARPOP_REQUEST, ETH_P_ARP, 1512 ifa->ifa_local, dev, 1513 ifa->ifa_local, NULL, 1514 dev->dev_addr, NULL); 1515 } 1516 } 1517 1518 /* Called only under RTNL semaphore */ 1519 1520 static int inetdev_event(struct notifier_block *this, unsigned long event, 1521 void *ptr) 1522 { 1523 struct net_device *dev = netdev_notifier_info_to_dev(ptr); 1524 struct in_device *in_dev = __in_dev_get_rtnl(dev); 1525 1526 ASSERT_RTNL(); 1527 1528 if (!in_dev) { 1529 if (event == NETDEV_REGISTER) { 1530 in_dev = inetdev_init(dev); 1531 if (IS_ERR(in_dev)) 1532 return notifier_from_errno(PTR_ERR(in_dev)); 1533 if (dev->flags & IFF_LOOPBACK) { 1534 IN_DEV_CONF_SET(in_dev, NOXFRM, 1); 1535 IN_DEV_CONF_SET(in_dev, NOPOLICY, 1); 1536 } 1537 } else if (event == NETDEV_CHANGEMTU) { 1538 /* Re-enabling IP */ 1539 if (inetdev_valid_mtu(dev->mtu)) 1540 in_dev = inetdev_init(dev); 1541 } 1542 goto out; 1543 } 1544 1545 switch (event) { 1546 case NETDEV_REGISTER: 1547 pr_debug("%s: bug\n", __func__); 1548 RCU_INIT_POINTER(dev->ip_ptr, NULL); 1549 break; 1550 case NETDEV_UP: 1551 if (!inetdev_valid_mtu(dev->mtu)) 1552 break; 1553 if (dev->flags & IFF_LOOPBACK) { 1554 struct in_ifaddr *ifa = inet_alloc_ifa(); 1555 1556 if (ifa) { 1557 INIT_HLIST_NODE(&ifa->hash); 1558 ifa->ifa_local = 1559 ifa->ifa_address = htonl(INADDR_LOOPBACK); 1560 ifa->ifa_prefixlen = 8; 1561 ifa->ifa_mask = inet_make_mask(8); 1562 in_dev_hold(in_dev); 1563 ifa->ifa_dev = in_dev; 1564 ifa->ifa_scope = RT_SCOPE_HOST; 1565 memcpy(ifa->ifa_label, dev->name, IFNAMSIZ); 1566 set_ifa_lifetime(ifa, INFINITY_LIFE_TIME, 1567 INFINITY_LIFE_TIME); 1568 ipv4_devconf_setall(in_dev); 1569 neigh_parms_data_state_setall(in_dev->arp_parms); 1570 inet_insert_ifa(ifa); 1571 } 1572 } 1573 ip_mc_up(in_dev); 1574 fallthrough; 1575 case NETDEV_CHANGEADDR: 1576 if (!IN_DEV_ARP_NOTIFY(in_dev)) 1577 break; 1578 fallthrough; 1579 case NETDEV_NOTIFY_PEERS: 1580 /* Send gratuitous ARP to notify of link change */ 1581 inetdev_send_gratuitous_arp(dev, in_dev); 1582 break; 1583 case NETDEV_DOWN: 1584 ip_mc_down(in_dev); 1585 break; 1586 case NETDEV_PRE_TYPE_CHANGE: 1587 ip_mc_unmap(in_dev); 1588 break; 1589 case NETDEV_POST_TYPE_CHANGE: 1590 ip_mc_remap(in_dev); 1591 break; 1592 case NETDEV_CHANGEMTU: 1593 if (inetdev_valid_mtu(dev->mtu)) 1594 break; 1595 /* disable IP when MTU is not enough */ 1596 fallthrough; 1597 case NETDEV_UNREGISTER: 1598 inetdev_destroy(in_dev); 1599 break; 1600 case NETDEV_CHANGENAME: 1601 /* Do not notify about label change, this event is 1602 * not interesting to applications using netlink. 1603 */ 1604 inetdev_changename(dev, in_dev); 1605 1606 devinet_sysctl_unregister(in_dev); 1607 devinet_sysctl_register(in_dev); 1608 break; 1609 } 1610 out: 1611 return NOTIFY_DONE; 1612 } 1613 1614 static struct notifier_block ip_netdev_notifier = { 1615 .notifier_call = inetdev_event, 1616 }; 1617 1618 static size_t inet_nlmsg_size(void) 1619 { 1620 return NLMSG_ALIGN(sizeof(struct ifaddrmsg)) 1621 + nla_total_size(4) /* IFA_ADDRESS */ 1622 + nla_total_size(4) /* IFA_LOCAL */ 1623 + nla_total_size(4) /* IFA_BROADCAST */ 1624 + nla_total_size(IFNAMSIZ) /* IFA_LABEL */ 1625 + nla_total_size(4) /* IFA_FLAGS */ 1626 + nla_total_size(4) /* IFA_RT_PRIORITY */ 1627 + nla_total_size(sizeof(struct ifa_cacheinfo)); /* IFA_CACHEINFO */ 1628 } 1629 1630 static inline u32 cstamp_delta(unsigned long cstamp) 1631 { 1632 return (cstamp - INITIAL_JIFFIES) * 100UL / HZ; 1633 } 1634 1635 static int put_cacheinfo(struct sk_buff *skb, unsigned long cstamp, 1636 unsigned long tstamp, u32 preferred, u32 valid) 1637 { 1638 struct ifa_cacheinfo ci; 1639 1640 ci.cstamp = cstamp_delta(cstamp); 1641 ci.tstamp = cstamp_delta(tstamp); 1642 ci.ifa_prefered = preferred; 1643 ci.ifa_valid = valid; 1644 1645 return nla_put(skb, IFA_CACHEINFO, sizeof(ci), &ci); 1646 } 1647 1648 static int inet_fill_ifaddr(struct sk_buff *skb, struct in_ifaddr *ifa, 1649 struct inet_fill_args *args) 1650 { 1651 struct ifaddrmsg *ifm; 1652 struct nlmsghdr *nlh; 1653 u32 preferred, valid; 1654 1655 nlh = nlmsg_put(skb, args->portid, args->seq, args->event, sizeof(*ifm), 1656 args->flags); 1657 if (!nlh) 1658 return -EMSGSIZE; 1659 1660 ifm = nlmsg_data(nlh); 1661 ifm->ifa_family = AF_INET; 1662 ifm->ifa_prefixlen = ifa->ifa_prefixlen; 1663 ifm->ifa_flags = ifa->ifa_flags; 1664 ifm->ifa_scope = ifa->ifa_scope; 1665 ifm->ifa_index = ifa->ifa_dev->dev->ifindex; 1666 1667 if (args->netnsid >= 0 && 1668 nla_put_s32(skb, IFA_TARGET_NETNSID, args->netnsid)) 1669 goto nla_put_failure; 1670 1671 if (!(ifm->ifa_flags & IFA_F_PERMANENT)) { 1672 preferred = ifa->ifa_preferred_lft; 1673 valid = ifa->ifa_valid_lft; 1674 if (preferred != INFINITY_LIFE_TIME) { 1675 long tval = (jiffies - ifa->ifa_tstamp) / HZ; 1676 1677 if (preferred > tval) 1678 preferred -= tval; 1679 else 1680 preferred = 0; 1681 if (valid != INFINITY_LIFE_TIME) { 1682 if (valid > tval) 1683 valid -= tval; 1684 else 1685 valid = 0; 1686 } 1687 } 1688 } else { 1689 preferred = INFINITY_LIFE_TIME; 1690 valid = INFINITY_LIFE_TIME; 1691 } 1692 if ((ifa->ifa_address && 1693 nla_put_in_addr(skb, IFA_ADDRESS, ifa->ifa_address)) || 1694 (ifa->ifa_local && 1695 nla_put_in_addr(skb, IFA_LOCAL, ifa->ifa_local)) || 1696 (ifa->ifa_broadcast && 1697 nla_put_in_addr(skb, IFA_BROADCAST, ifa->ifa_broadcast)) || 1698 (ifa->ifa_label[0] && 1699 nla_put_string(skb, IFA_LABEL, ifa->ifa_label)) || 1700 nla_put_u32(skb, IFA_FLAGS, ifa->ifa_flags) || 1701 (ifa->ifa_rt_priority && 1702 nla_put_u32(skb, IFA_RT_PRIORITY, ifa->ifa_rt_priority)) || 1703 put_cacheinfo(skb, ifa->ifa_cstamp, ifa->ifa_tstamp, 1704 preferred, valid)) 1705 goto nla_put_failure; 1706 1707 nlmsg_end(skb, nlh); 1708 return 0; 1709 1710 nla_put_failure: 1711 nlmsg_cancel(skb, nlh); 1712 return -EMSGSIZE; 1713 } 1714 1715 static int inet_valid_dump_ifaddr_req(const struct nlmsghdr *nlh, 1716 struct inet_fill_args *fillargs, 1717 struct net **tgt_net, struct sock *sk, 1718 struct netlink_callback *cb) 1719 { 1720 struct netlink_ext_ack *extack = cb->extack; 1721 struct nlattr *tb[IFA_MAX+1]; 1722 struct ifaddrmsg *ifm; 1723 int err, i; 1724 1725 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ifm))) { 1726 NL_SET_ERR_MSG(extack, "ipv4: Invalid header for address dump request"); 1727 return -EINVAL; 1728 } 1729 1730 ifm = nlmsg_data(nlh); 1731 if (ifm->ifa_prefixlen || ifm->ifa_flags || ifm->ifa_scope) { 1732 NL_SET_ERR_MSG(extack, "ipv4: Invalid values in header for address dump request"); 1733 return -EINVAL; 1734 } 1735 1736 fillargs->ifindex = ifm->ifa_index; 1737 if (fillargs->ifindex) { 1738 cb->answer_flags |= NLM_F_DUMP_FILTERED; 1739 fillargs->flags |= NLM_F_DUMP_FILTERED; 1740 } 1741 1742 err = nlmsg_parse_deprecated_strict(nlh, sizeof(*ifm), tb, IFA_MAX, 1743 ifa_ipv4_policy, extack); 1744 if (err < 0) 1745 return err; 1746 1747 for (i = 0; i <= IFA_MAX; ++i) { 1748 if (!tb[i]) 1749 continue; 1750 1751 if (i == IFA_TARGET_NETNSID) { 1752 struct net *net; 1753 1754 fillargs->netnsid = nla_get_s32(tb[i]); 1755 1756 net = rtnl_get_net_ns_capable(sk, fillargs->netnsid); 1757 if (IS_ERR(net)) { 1758 fillargs->netnsid = -1; 1759 NL_SET_ERR_MSG(extack, "ipv4: Invalid target network namespace id"); 1760 return PTR_ERR(net); 1761 } 1762 *tgt_net = net; 1763 } else { 1764 NL_SET_ERR_MSG(extack, "ipv4: Unsupported attribute in dump request"); 1765 return -EINVAL; 1766 } 1767 } 1768 1769 return 0; 1770 } 1771 1772 static int in_dev_dump_addr(struct in_device *in_dev, struct sk_buff *skb, 1773 struct netlink_callback *cb, int s_ip_idx, 1774 struct inet_fill_args *fillargs) 1775 { 1776 struct in_ifaddr *ifa; 1777 int ip_idx = 0; 1778 int err; 1779 1780 in_dev_for_each_ifa_rtnl(ifa, in_dev) { 1781 if (ip_idx < s_ip_idx) { 1782 ip_idx++; 1783 continue; 1784 } 1785 err = inet_fill_ifaddr(skb, ifa, fillargs); 1786 if (err < 0) 1787 goto done; 1788 1789 nl_dump_check_consistent(cb, nlmsg_hdr(skb)); 1790 ip_idx++; 1791 } 1792 err = 0; 1793 1794 done: 1795 cb->args[2] = ip_idx; 1796 1797 return err; 1798 } 1799 1800 static int inet_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb) 1801 { 1802 const struct nlmsghdr *nlh = cb->nlh; 1803 struct inet_fill_args fillargs = { 1804 .portid = NETLINK_CB(cb->skb).portid, 1805 .seq = nlh->nlmsg_seq, 1806 .event = RTM_NEWADDR, 1807 .flags = NLM_F_MULTI, 1808 .netnsid = -1, 1809 }; 1810 struct net *net = sock_net(skb->sk); 1811 struct net *tgt_net = net; 1812 int h, s_h; 1813 int idx, s_idx; 1814 int s_ip_idx; 1815 struct net_device *dev; 1816 struct in_device *in_dev; 1817 struct hlist_head *head; 1818 int err = 0; 1819 1820 s_h = cb->args[0]; 1821 s_idx = idx = cb->args[1]; 1822 s_ip_idx = cb->args[2]; 1823 1824 if (cb->strict_check) { 1825 err = inet_valid_dump_ifaddr_req(nlh, &fillargs, &tgt_net, 1826 skb->sk, cb); 1827 if (err < 0) 1828 goto put_tgt_net; 1829 1830 err = 0; 1831 if (fillargs.ifindex) { 1832 dev = __dev_get_by_index(tgt_net, fillargs.ifindex); 1833 if (!dev) { 1834 err = -ENODEV; 1835 goto put_tgt_net; 1836 } 1837 1838 in_dev = __in_dev_get_rtnl(dev); 1839 if (in_dev) { 1840 err = in_dev_dump_addr(in_dev, skb, cb, s_ip_idx, 1841 &fillargs); 1842 } 1843 goto put_tgt_net; 1844 } 1845 } 1846 1847 for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) { 1848 idx = 0; 1849 head = &tgt_net->dev_index_head[h]; 1850 rcu_read_lock(); 1851 cb->seq = atomic_read(&tgt_net->ipv4.dev_addr_genid) ^ 1852 tgt_net->dev_base_seq; 1853 hlist_for_each_entry_rcu(dev, head, index_hlist) { 1854 if (idx < s_idx) 1855 goto cont; 1856 if (h > s_h || idx > s_idx) 1857 s_ip_idx = 0; 1858 in_dev = __in_dev_get_rcu(dev); 1859 if (!in_dev) 1860 goto cont; 1861 1862 err = in_dev_dump_addr(in_dev, skb, cb, s_ip_idx, 1863 &fillargs); 1864 if (err < 0) { 1865 rcu_read_unlock(); 1866 goto done; 1867 } 1868 cont: 1869 idx++; 1870 } 1871 rcu_read_unlock(); 1872 } 1873 1874 done: 1875 cb->args[0] = h; 1876 cb->args[1] = idx; 1877 put_tgt_net: 1878 if (fillargs.netnsid >= 0) 1879 put_net(tgt_net); 1880 1881 return skb->len ? : err; 1882 } 1883 1884 static void rtmsg_ifa(int event, struct in_ifaddr *ifa, struct nlmsghdr *nlh, 1885 u32 portid) 1886 { 1887 struct inet_fill_args fillargs = { 1888 .portid = portid, 1889 .seq = nlh ? nlh->nlmsg_seq : 0, 1890 .event = event, 1891 .flags = 0, 1892 .netnsid = -1, 1893 }; 1894 struct sk_buff *skb; 1895 int err = -ENOBUFS; 1896 struct net *net; 1897 1898 net = dev_net(ifa->ifa_dev->dev); 1899 skb = nlmsg_new(inet_nlmsg_size(), GFP_KERNEL); 1900 if (!skb) 1901 goto errout; 1902 1903 err = inet_fill_ifaddr(skb, ifa, &fillargs); 1904 if (err < 0) { 1905 /* -EMSGSIZE implies BUG in inet_nlmsg_size() */ 1906 WARN_ON(err == -EMSGSIZE); 1907 kfree_skb(skb); 1908 goto errout; 1909 } 1910 rtnl_notify(skb, net, portid, RTNLGRP_IPV4_IFADDR, nlh, GFP_KERNEL); 1911 return; 1912 errout: 1913 if (err < 0) 1914 rtnl_set_sk_err(net, RTNLGRP_IPV4_IFADDR, err); 1915 } 1916 1917 static size_t inet_get_link_af_size(const struct net_device *dev, 1918 u32 ext_filter_mask) 1919 { 1920 struct in_device *in_dev = rcu_dereference_rtnl(dev->ip_ptr); 1921 1922 if (!in_dev) 1923 return 0; 1924 1925 return nla_total_size(IPV4_DEVCONF_MAX * 4); /* IFLA_INET_CONF */ 1926 } 1927 1928 static int inet_fill_link_af(struct sk_buff *skb, const struct net_device *dev, 1929 u32 ext_filter_mask) 1930 { 1931 struct in_device *in_dev = rcu_dereference_rtnl(dev->ip_ptr); 1932 struct nlattr *nla; 1933 int i; 1934 1935 if (!in_dev) 1936 return -ENODATA; 1937 1938 nla = nla_reserve(skb, IFLA_INET_CONF, IPV4_DEVCONF_MAX * 4); 1939 if (!nla) 1940 return -EMSGSIZE; 1941 1942 for (i = 0; i < IPV4_DEVCONF_MAX; i++) 1943 ((u32 *) nla_data(nla))[i] = in_dev->cnf.data[i]; 1944 1945 return 0; 1946 } 1947 1948 static const struct nla_policy inet_af_policy[IFLA_INET_MAX+1] = { 1949 [IFLA_INET_CONF] = { .type = NLA_NESTED }, 1950 }; 1951 1952 static int inet_validate_link_af(const struct net_device *dev, 1953 const struct nlattr *nla, 1954 struct netlink_ext_ack *extack) 1955 { 1956 struct nlattr *a, *tb[IFLA_INET_MAX+1]; 1957 int err, rem; 1958 1959 if (dev && !__in_dev_get_rtnl(dev)) 1960 return -EAFNOSUPPORT; 1961 1962 err = nla_parse_nested_deprecated(tb, IFLA_INET_MAX, nla, 1963 inet_af_policy, extack); 1964 if (err < 0) 1965 return err; 1966 1967 if (tb[IFLA_INET_CONF]) { 1968 nla_for_each_nested(a, tb[IFLA_INET_CONF], rem) { 1969 int cfgid = nla_type(a); 1970 1971 if (nla_len(a) < 4) 1972 return -EINVAL; 1973 1974 if (cfgid <= 0 || cfgid > IPV4_DEVCONF_MAX) 1975 return -EINVAL; 1976 } 1977 } 1978 1979 return 0; 1980 } 1981 1982 static int inet_set_link_af(struct net_device *dev, const struct nlattr *nla, 1983 struct netlink_ext_ack *extack) 1984 { 1985 struct in_device *in_dev = __in_dev_get_rtnl(dev); 1986 struct nlattr *a, *tb[IFLA_INET_MAX+1]; 1987 int rem; 1988 1989 if (!in_dev) 1990 return -EAFNOSUPPORT; 1991 1992 if (nla_parse_nested_deprecated(tb, IFLA_INET_MAX, nla, NULL, NULL) < 0) 1993 return -EINVAL; 1994 1995 if (tb[IFLA_INET_CONF]) { 1996 nla_for_each_nested(a, tb[IFLA_INET_CONF], rem) 1997 ipv4_devconf_set(in_dev, nla_type(a), nla_get_u32(a)); 1998 } 1999 2000 return 0; 2001 } 2002 2003 static int inet_netconf_msgsize_devconf(int type) 2004 { 2005 int size = NLMSG_ALIGN(sizeof(struct netconfmsg)) 2006 + nla_total_size(4); /* NETCONFA_IFINDEX */ 2007 bool all = false; 2008 2009 if (type == NETCONFA_ALL) 2010 all = true; 2011 2012 if (all || type == NETCONFA_FORWARDING) 2013 size += nla_total_size(4); 2014 if (all || type == NETCONFA_RP_FILTER) 2015 size += nla_total_size(4); 2016 if (all || type == NETCONFA_MC_FORWARDING) 2017 size += nla_total_size(4); 2018 if (all || type == NETCONFA_BC_FORWARDING) 2019 size += nla_total_size(4); 2020 if (all || type == NETCONFA_PROXY_NEIGH) 2021 size += nla_total_size(4); 2022 if (all || type == NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN) 2023 size += nla_total_size(4); 2024 2025 return size; 2026 } 2027 2028 static int inet_netconf_fill_devconf(struct sk_buff *skb, int ifindex, 2029 struct ipv4_devconf *devconf, u32 portid, 2030 u32 seq, int event, unsigned int flags, 2031 int type) 2032 { 2033 struct nlmsghdr *nlh; 2034 struct netconfmsg *ncm; 2035 bool all = false; 2036 2037 nlh = nlmsg_put(skb, portid, seq, event, sizeof(struct netconfmsg), 2038 flags); 2039 if (!nlh) 2040 return -EMSGSIZE; 2041 2042 if (type == NETCONFA_ALL) 2043 all = true; 2044 2045 ncm = nlmsg_data(nlh); 2046 ncm->ncm_family = AF_INET; 2047 2048 if (nla_put_s32(skb, NETCONFA_IFINDEX, ifindex) < 0) 2049 goto nla_put_failure; 2050 2051 if (!devconf) 2052 goto out; 2053 2054 if ((all || type == NETCONFA_FORWARDING) && 2055 nla_put_s32(skb, NETCONFA_FORWARDING, 2056 IPV4_DEVCONF(*devconf, FORWARDING)) < 0) 2057 goto nla_put_failure; 2058 if ((all || type == NETCONFA_RP_FILTER) && 2059 nla_put_s32(skb, NETCONFA_RP_FILTER, 2060 IPV4_DEVCONF(*devconf, RP_FILTER)) < 0) 2061 goto nla_put_failure; 2062 if ((all || type == NETCONFA_MC_FORWARDING) && 2063 nla_put_s32(skb, NETCONFA_MC_FORWARDING, 2064 IPV4_DEVCONF(*devconf, MC_FORWARDING)) < 0) 2065 goto nla_put_failure; 2066 if ((all || type == NETCONFA_BC_FORWARDING) && 2067 nla_put_s32(skb, NETCONFA_BC_FORWARDING, 2068 IPV4_DEVCONF(*devconf, BC_FORWARDING)) < 0) 2069 goto nla_put_failure; 2070 if ((all || type == NETCONFA_PROXY_NEIGH) && 2071 nla_put_s32(skb, NETCONFA_PROXY_NEIGH, 2072 IPV4_DEVCONF(*devconf, PROXY_ARP)) < 0) 2073 goto nla_put_failure; 2074 if ((all || type == NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN) && 2075 nla_put_s32(skb, NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN, 2076 IPV4_DEVCONF(*devconf, IGNORE_ROUTES_WITH_LINKDOWN)) < 0) 2077 goto nla_put_failure; 2078 2079 out: 2080 nlmsg_end(skb, nlh); 2081 return 0; 2082 2083 nla_put_failure: 2084 nlmsg_cancel(skb, nlh); 2085 return -EMSGSIZE; 2086 } 2087 2088 void inet_netconf_notify_devconf(struct net *net, int event, int type, 2089 int ifindex, struct ipv4_devconf *devconf) 2090 { 2091 struct sk_buff *skb; 2092 int err = -ENOBUFS; 2093 2094 skb = nlmsg_new(inet_netconf_msgsize_devconf(type), GFP_KERNEL); 2095 if (!skb) 2096 goto errout; 2097 2098 err = inet_netconf_fill_devconf(skb, ifindex, devconf, 0, 0, 2099 event, 0, type); 2100 if (err < 0) { 2101 /* -EMSGSIZE implies BUG in inet_netconf_msgsize_devconf() */ 2102 WARN_ON(err == -EMSGSIZE); 2103 kfree_skb(skb); 2104 goto errout; 2105 } 2106 rtnl_notify(skb, net, 0, RTNLGRP_IPV4_NETCONF, NULL, GFP_KERNEL); 2107 return; 2108 errout: 2109 if (err < 0) 2110 rtnl_set_sk_err(net, RTNLGRP_IPV4_NETCONF, err); 2111 } 2112 2113 static const struct nla_policy devconf_ipv4_policy[NETCONFA_MAX+1] = { 2114 [NETCONFA_IFINDEX] = { .len = sizeof(int) }, 2115 [NETCONFA_FORWARDING] = { .len = sizeof(int) }, 2116 [NETCONFA_RP_FILTER] = { .len = sizeof(int) }, 2117 [NETCONFA_PROXY_NEIGH] = { .len = sizeof(int) }, 2118 [NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN] = { .len = sizeof(int) }, 2119 }; 2120 2121 static int inet_netconf_valid_get_req(struct sk_buff *skb, 2122 const struct nlmsghdr *nlh, 2123 struct nlattr **tb, 2124 struct netlink_ext_ack *extack) 2125 { 2126 int i, err; 2127 2128 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(struct netconfmsg))) { 2129 NL_SET_ERR_MSG(extack, "ipv4: Invalid header for netconf get request"); 2130 return -EINVAL; 2131 } 2132 2133 if (!netlink_strict_get_check(skb)) 2134 return nlmsg_parse_deprecated(nlh, sizeof(struct netconfmsg), 2135 tb, NETCONFA_MAX, 2136 devconf_ipv4_policy, extack); 2137 2138 err = nlmsg_parse_deprecated_strict(nlh, sizeof(struct netconfmsg), 2139 tb, NETCONFA_MAX, 2140 devconf_ipv4_policy, extack); 2141 if (err) 2142 return err; 2143 2144 for (i = 0; i <= NETCONFA_MAX; i++) { 2145 if (!tb[i]) 2146 continue; 2147 2148 switch (i) { 2149 case NETCONFA_IFINDEX: 2150 break; 2151 default: 2152 NL_SET_ERR_MSG(extack, "ipv4: Unsupported attribute in netconf get request"); 2153 return -EINVAL; 2154 } 2155 } 2156 2157 return 0; 2158 } 2159 2160 static int inet_netconf_get_devconf(struct sk_buff *in_skb, 2161 struct nlmsghdr *nlh, 2162 struct netlink_ext_ack *extack) 2163 { 2164 struct net *net = sock_net(in_skb->sk); 2165 struct nlattr *tb[NETCONFA_MAX+1]; 2166 struct sk_buff *skb; 2167 struct ipv4_devconf *devconf; 2168 struct in_device *in_dev; 2169 struct net_device *dev; 2170 int ifindex; 2171 int err; 2172 2173 err = inet_netconf_valid_get_req(in_skb, nlh, tb, extack); 2174 if (err) 2175 goto errout; 2176 2177 err = -EINVAL; 2178 if (!tb[NETCONFA_IFINDEX]) 2179 goto errout; 2180 2181 ifindex = nla_get_s32(tb[NETCONFA_IFINDEX]); 2182 switch (ifindex) { 2183 case NETCONFA_IFINDEX_ALL: 2184 devconf = net->ipv4.devconf_all; 2185 break; 2186 case NETCONFA_IFINDEX_DEFAULT: 2187 devconf = net->ipv4.devconf_dflt; 2188 break; 2189 default: 2190 dev = __dev_get_by_index(net, ifindex); 2191 if (!dev) 2192 goto errout; 2193 in_dev = __in_dev_get_rtnl(dev); 2194 if (!in_dev) 2195 goto errout; 2196 devconf = &in_dev->cnf; 2197 break; 2198 } 2199 2200 err = -ENOBUFS; 2201 skb = nlmsg_new(inet_netconf_msgsize_devconf(NETCONFA_ALL), GFP_KERNEL); 2202 if (!skb) 2203 goto errout; 2204 2205 err = inet_netconf_fill_devconf(skb, ifindex, devconf, 2206 NETLINK_CB(in_skb).portid, 2207 nlh->nlmsg_seq, RTM_NEWNETCONF, 0, 2208 NETCONFA_ALL); 2209 if (err < 0) { 2210 /* -EMSGSIZE implies BUG in inet_netconf_msgsize_devconf() */ 2211 WARN_ON(err == -EMSGSIZE); 2212 kfree_skb(skb); 2213 goto errout; 2214 } 2215 err = rtnl_unicast(skb, net, NETLINK_CB(in_skb).portid); 2216 errout: 2217 return err; 2218 } 2219 2220 static int inet_netconf_dump_devconf(struct sk_buff *skb, 2221 struct netlink_callback *cb) 2222 { 2223 const struct nlmsghdr *nlh = cb->nlh; 2224 struct net *net = sock_net(skb->sk); 2225 int h, s_h; 2226 int idx, s_idx; 2227 struct net_device *dev; 2228 struct in_device *in_dev; 2229 struct hlist_head *head; 2230 2231 if (cb->strict_check) { 2232 struct netlink_ext_ack *extack = cb->extack; 2233 struct netconfmsg *ncm; 2234 2235 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ncm))) { 2236 NL_SET_ERR_MSG(extack, "ipv4: Invalid header for netconf dump request"); 2237 return -EINVAL; 2238 } 2239 2240 if (nlmsg_attrlen(nlh, sizeof(*ncm))) { 2241 NL_SET_ERR_MSG(extack, "ipv4: Invalid data after header in netconf dump request"); 2242 return -EINVAL; 2243 } 2244 } 2245 2246 s_h = cb->args[0]; 2247 s_idx = idx = cb->args[1]; 2248 2249 for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) { 2250 idx = 0; 2251 head = &net->dev_index_head[h]; 2252 rcu_read_lock(); 2253 cb->seq = atomic_read(&net->ipv4.dev_addr_genid) ^ 2254 net->dev_base_seq; 2255 hlist_for_each_entry_rcu(dev, head, index_hlist) { 2256 if (idx < s_idx) 2257 goto cont; 2258 in_dev = __in_dev_get_rcu(dev); 2259 if (!in_dev) 2260 goto cont; 2261 2262 if (inet_netconf_fill_devconf(skb, dev->ifindex, 2263 &in_dev->cnf, 2264 NETLINK_CB(cb->skb).portid, 2265 nlh->nlmsg_seq, 2266 RTM_NEWNETCONF, 2267 NLM_F_MULTI, 2268 NETCONFA_ALL) < 0) { 2269 rcu_read_unlock(); 2270 goto done; 2271 } 2272 nl_dump_check_consistent(cb, nlmsg_hdr(skb)); 2273 cont: 2274 idx++; 2275 } 2276 rcu_read_unlock(); 2277 } 2278 if (h == NETDEV_HASHENTRIES) { 2279 if (inet_netconf_fill_devconf(skb, NETCONFA_IFINDEX_ALL, 2280 net->ipv4.devconf_all, 2281 NETLINK_CB(cb->skb).portid, 2282 nlh->nlmsg_seq, 2283 RTM_NEWNETCONF, NLM_F_MULTI, 2284 NETCONFA_ALL) < 0) 2285 goto done; 2286 else 2287 h++; 2288 } 2289 if (h == NETDEV_HASHENTRIES + 1) { 2290 if (inet_netconf_fill_devconf(skb, NETCONFA_IFINDEX_DEFAULT, 2291 net->ipv4.devconf_dflt, 2292 NETLINK_CB(cb->skb).portid, 2293 nlh->nlmsg_seq, 2294 RTM_NEWNETCONF, NLM_F_MULTI, 2295 NETCONFA_ALL) < 0) 2296 goto done; 2297 else 2298 h++; 2299 } 2300 done: 2301 cb->args[0] = h; 2302 cb->args[1] = idx; 2303 2304 return skb->len; 2305 } 2306 2307 #ifdef CONFIG_SYSCTL 2308 2309 static void devinet_copy_dflt_conf(struct net *net, int i) 2310 { 2311 struct net_device *dev; 2312 2313 rcu_read_lock(); 2314 for_each_netdev_rcu(net, dev) { 2315 struct in_device *in_dev; 2316 2317 in_dev = __in_dev_get_rcu(dev); 2318 if (in_dev && !test_bit(i, in_dev->cnf.state)) 2319 in_dev->cnf.data[i] = net->ipv4.devconf_dflt->data[i]; 2320 } 2321 rcu_read_unlock(); 2322 } 2323 2324 /* called with RTNL locked */ 2325 static void inet_forward_change(struct net *net) 2326 { 2327 struct net_device *dev; 2328 int on = IPV4_DEVCONF_ALL(net, FORWARDING); 2329 2330 IPV4_DEVCONF_ALL(net, ACCEPT_REDIRECTS) = !on; 2331 IPV4_DEVCONF_DFLT(net, FORWARDING) = on; 2332 inet_netconf_notify_devconf(net, RTM_NEWNETCONF, 2333 NETCONFA_FORWARDING, 2334 NETCONFA_IFINDEX_ALL, 2335 net->ipv4.devconf_all); 2336 inet_netconf_notify_devconf(net, RTM_NEWNETCONF, 2337 NETCONFA_FORWARDING, 2338 NETCONFA_IFINDEX_DEFAULT, 2339 net->ipv4.devconf_dflt); 2340 2341 for_each_netdev(net, dev) { 2342 struct in_device *in_dev; 2343 2344 if (on) 2345 dev_disable_lro(dev); 2346 2347 in_dev = __in_dev_get_rtnl(dev); 2348 if (in_dev) { 2349 IN_DEV_CONF_SET(in_dev, FORWARDING, on); 2350 inet_netconf_notify_devconf(net, RTM_NEWNETCONF, 2351 NETCONFA_FORWARDING, 2352 dev->ifindex, &in_dev->cnf); 2353 } 2354 } 2355 } 2356 2357 static int devinet_conf_ifindex(struct net *net, struct ipv4_devconf *cnf) 2358 { 2359 if (cnf == net->ipv4.devconf_dflt) 2360 return NETCONFA_IFINDEX_DEFAULT; 2361 else if (cnf == net->ipv4.devconf_all) 2362 return NETCONFA_IFINDEX_ALL; 2363 else { 2364 struct in_device *idev 2365 = container_of(cnf, struct in_device, cnf); 2366 return idev->dev->ifindex; 2367 } 2368 } 2369 2370 static int devinet_conf_proc(struct ctl_table *ctl, int write, 2371 void *buffer, size_t *lenp, loff_t *ppos) 2372 { 2373 int old_value = *(int *)ctl->data; 2374 int ret = proc_dointvec(ctl, write, buffer, lenp, ppos); 2375 int new_value = *(int *)ctl->data; 2376 2377 if (write) { 2378 struct ipv4_devconf *cnf = ctl->extra1; 2379 struct net *net = ctl->extra2; 2380 int i = (int *)ctl->data - cnf->data; 2381 int ifindex; 2382 2383 set_bit(i, cnf->state); 2384 2385 if (cnf == net->ipv4.devconf_dflt) 2386 devinet_copy_dflt_conf(net, i); 2387 if (i == IPV4_DEVCONF_ACCEPT_LOCAL - 1 || 2388 i == IPV4_DEVCONF_ROUTE_LOCALNET - 1) 2389 if ((new_value == 0) && (old_value != 0)) 2390 rt_cache_flush(net); 2391 2392 if (i == IPV4_DEVCONF_BC_FORWARDING - 1 && 2393 new_value != old_value) 2394 rt_cache_flush(net); 2395 2396 if (i == IPV4_DEVCONF_RP_FILTER - 1 && 2397 new_value != old_value) { 2398 ifindex = devinet_conf_ifindex(net, cnf); 2399 inet_netconf_notify_devconf(net, RTM_NEWNETCONF, 2400 NETCONFA_RP_FILTER, 2401 ifindex, cnf); 2402 } 2403 if (i == IPV4_DEVCONF_PROXY_ARP - 1 && 2404 new_value != old_value) { 2405 ifindex = devinet_conf_ifindex(net, cnf); 2406 inet_netconf_notify_devconf(net, RTM_NEWNETCONF, 2407 NETCONFA_PROXY_NEIGH, 2408 ifindex, cnf); 2409 } 2410 if (i == IPV4_DEVCONF_IGNORE_ROUTES_WITH_LINKDOWN - 1 && 2411 new_value != old_value) { 2412 ifindex = devinet_conf_ifindex(net, cnf); 2413 inet_netconf_notify_devconf(net, RTM_NEWNETCONF, 2414 NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN, 2415 ifindex, cnf); 2416 } 2417 } 2418 2419 return ret; 2420 } 2421 2422 static int devinet_sysctl_forward(struct ctl_table *ctl, int write, 2423 void *buffer, size_t *lenp, loff_t *ppos) 2424 { 2425 int *valp = ctl->data; 2426 int val = *valp; 2427 loff_t pos = *ppos; 2428 struct net *net = ctl->extra2; 2429 int ret; 2430 2431 if (write && !ns_capable(net->user_ns, CAP_NET_ADMIN)) 2432 return -EPERM; 2433 2434 ret = proc_dointvec(ctl, write, buffer, lenp, ppos); 2435 2436 if (write && *valp != val) { 2437 if (valp != &IPV4_DEVCONF_DFLT(net, FORWARDING)) { 2438 if (!rtnl_trylock()) { 2439 /* Restore the original values before restarting */ 2440 *valp = val; 2441 *ppos = pos; 2442 return restart_syscall(); 2443 } 2444 if (valp == &IPV4_DEVCONF_ALL(net, FORWARDING)) { 2445 inet_forward_change(net); 2446 } else { 2447 struct ipv4_devconf *cnf = ctl->extra1; 2448 struct in_device *idev = 2449 container_of(cnf, struct in_device, cnf); 2450 if (*valp) 2451 dev_disable_lro(idev->dev); 2452 inet_netconf_notify_devconf(net, RTM_NEWNETCONF, 2453 NETCONFA_FORWARDING, 2454 idev->dev->ifindex, 2455 cnf); 2456 } 2457 rtnl_unlock(); 2458 rt_cache_flush(net); 2459 } else 2460 inet_netconf_notify_devconf(net, RTM_NEWNETCONF, 2461 NETCONFA_FORWARDING, 2462 NETCONFA_IFINDEX_DEFAULT, 2463 net->ipv4.devconf_dflt); 2464 } 2465 2466 return ret; 2467 } 2468 2469 static int ipv4_doint_and_flush(struct ctl_table *ctl, int write, 2470 void *buffer, size_t *lenp, loff_t *ppos) 2471 { 2472 int *valp = ctl->data; 2473 int val = *valp; 2474 int ret = proc_dointvec(ctl, write, buffer, lenp, ppos); 2475 struct net *net = ctl->extra2; 2476 2477 if (write && *valp != val) 2478 rt_cache_flush(net); 2479 2480 return ret; 2481 } 2482 2483 #define DEVINET_SYSCTL_ENTRY(attr, name, mval, proc) \ 2484 { \ 2485 .procname = name, \ 2486 .data = ipv4_devconf.data + \ 2487 IPV4_DEVCONF_ ## attr - 1, \ 2488 .maxlen = sizeof(int), \ 2489 .mode = mval, \ 2490 .proc_handler = proc, \ 2491 .extra1 = &ipv4_devconf, \ 2492 } 2493 2494 #define DEVINET_SYSCTL_RW_ENTRY(attr, name) \ 2495 DEVINET_SYSCTL_ENTRY(attr, name, 0644, devinet_conf_proc) 2496 2497 #define DEVINET_SYSCTL_RO_ENTRY(attr, name) \ 2498 DEVINET_SYSCTL_ENTRY(attr, name, 0444, devinet_conf_proc) 2499 2500 #define DEVINET_SYSCTL_COMPLEX_ENTRY(attr, name, proc) \ 2501 DEVINET_SYSCTL_ENTRY(attr, name, 0644, proc) 2502 2503 #define DEVINET_SYSCTL_FLUSHING_ENTRY(attr, name) \ 2504 DEVINET_SYSCTL_COMPLEX_ENTRY(attr, name, ipv4_doint_and_flush) 2505 2506 static struct devinet_sysctl_table { 2507 struct ctl_table_header *sysctl_header; 2508 struct ctl_table devinet_vars[__IPV4_DEVCONF_MAX]; 2509 } devinet_sysctl = { 2510 .devinet_vars = { 2511 DEVINET_SYSCTL_COMPLEX_ENTRY(FORWARDING, "forwarding", 2512 devinet_sysctl_forward), 2513 DEVINET_SYSCTL_RO_ENTRY(MC_FORWARDING, "mc_forwarding"), 2514 DEVINET_SYSCTL_RW_ENTRY(BC_FORWARDING, "bc_forwarding"), 2515 2516 DEVINET_SYSCTL_RW_ENTRY(ACCEPT_REDIRECTS, "accept_redirects"), 2517 DEVINET_SYSCTL_RW_ENTRY(SECURE_REDIRECTS, "secure_redirects"), 2518 DEVINET_SYSCTL_RW_ENTRY(SHARED_MEDIA, "shared_media"), 2519 DEVINET_SYSCTL_RW_ENTRY(RP_FILTER, "rp_filter"), 2520 DEVINET_SYSCTL_RW_ENTRY(SEND_REDIRECTS, "send_redirects"), 2521 DEVINET_SYSCTL_RW_ENTRY(ACCEPT_SOURCE_ROUTE, 2522 "accept_source_route"), 2523 DEVINET_SYSCTL_RW_ENTRY(ACCEPT_LOCAL, "accept_local"), 2524 DEVINET_SYSCTL_RW_ENTRY(SRC_VMARK, "src_valid_mark"), 2525 DEVINET_SYSCTL_RW_ENTRY(PROXY_ARP, "proxy_arp"), 2526 DEVINET_SYSCTL_RW_ENTRY(MEDIUM_ID, "medium_id"), 2527 DEVINET_SYSCTL_RW_ENTRY(BOOTP_RELAY, "bootp_relay"), 2528 DEVINET_SYSCTL_RW_ENTRY(LOG_MARTIANS, "log_martians"), 2529 DEVINET_SYSCTL_RW_ENTRY(TAG, "tag"), 2530 DEVINET_SYSCTL_RW_ENTRY(ARPFILTER, "arp_filter"), 2531 DEVINET_SYSCTL_RW_ENTRY(ARP_ANNOUNCE, "arp_announce"), 2532 DEVINET_SYSCTL_RW_ENTRY(ARP_IGNORE, "arp_ignore"), 2533 DEVINET_SYSCTL_RW_ENTRY(ARP_ACCEPT, "arp_accept"), 2534 DEVINET_SYSCTL_RW_ENTRY(ARP_NOTIFY, "arp_notify"), 2535 DEVINET_SYSCTL_RW_ENTRY(PROXY_ARP_PVLAN, "proxy_arp_pvlan"), 2536 DEVINET_SYSCTL_RW_ENTRY(FORCE_IGMP_VERSION, 2537 "force_igmp_version"), 2538 DEVINET_SYSCTL_RW_ENTRY(IGMPV2_UNSOLICITED_REPORT_INTERVAL, 2539 "igmpv2_unsolicited_report_interval"), 2540 DEVINET_SYSCTL_RW_ENTRY(IGMPV3_UNSOLICITED_REPORT_INTERVAL, 2541 "igmpv3_unsolicited_report_interval"), 2542 DEVINET_SYSCTL_RW_ENTRY(IGNORE_ROUTES_WITH_LINKDOWN, 2543 "ignore_routes_with_linkdown"), 2544 DEVINET_SYSCTL_RW_ENTRY(DROP_GRATUITOUS_ARP, 2545 "drop_gratuitous_arp"), 2546 2547 DEVINET_SYSCTL_FLUSHING_ENTRY(NOXFRM, "disable_xfrm"), 2548 DEVINET_SYSCTL_FLUSHING_ENTRY(NOPOLICY, "disable_policy"), 2549 DEVINET_SYSCTL_FLUSHING_ENTRY(PROMOTE_SECONDARIES, 2550 "promote_secondaries"), 2551 DEVINET_SYSCTL_FLUSHING_ENTRY(ROUTE_LOCALNET, 2552 "route_localnet"), 2553 DEVINET_SYSCTL_FLUSHING_ENTRY(DROP_UNICAST_IN_L2_MULTICAST, 2554 "drop_unicast_in_l2_multicast"), 2555 }, 2556 }; 2557 2558 static int __devinet_sysctl_register(struct net *net, char *dev_name, 2559 int ifindex, struct ipv4_devconf *p) 2560 { 2561 int i; 2562 struct devinet_sysctl_table *t; 2563 char path[sizeof("net/ipv4/conf/") + IFNAMSIZ]; 2564 2565 t = kmemdup(&devinet_sysctl, sizeof(*t), GFP_KERNEL); 2566 if (!t) 2567 goto out; 2568 2569 for (i = 0; i < ARRAY_SIZE(t->devinet_vars) - 1; i++) { 2570 t->devinet_vars[i].data += (char *)p - (char *)&ipv4_devconf; 2571 t->devinet_vars[i].extra1 = p; 2572 t->devinet_vars[i].extra2 = net; 2573 } 2574 2575 snprintf(path, sizeof(path), "net/ipv4/conf/%s", dev_name); 2576 2577 t->sysctl_header = register_net_sysctl(net, path, t->devinet_vars); 2578 if (!t->sysctl_header) 2579 goto free; 2580 2581 p->sysctl = t; 2582 2583 inet_netconf_notify_devconf(net, RTM_NEWNETCONF, NETCONFA_ALL, 2584 ifindex, p); 2585 return 0; 2586 2587 free: 2588 kfree(t); 2589 out: 2590 return -ENOBUFS; 2591 } 2592 2593 static void __devinet_sysctl_unregister(struct net *net, 2594 struct ipv4_devconf *cnf, int ifindex) 2595 { 2596 struct devinet_sysctl_table *t = cnf->sysctl; 2597 2598 if (t) { 2599 cnf->sysctl = NULL; 2600 unregister_net_sysctl_table(t->sysctl_header); 2601 kfree(t); 2602 } 2603 2604 inet_netconf_notify_devconf(net, RTM_DELNETCONF, 0, ifindex, NULL); 2605 } 2606 2607 static int devinet_sysctl_register(struct in_device *idev) 2608 { 2609 int err; 2610 2611 if (!sysctl_dev_name_is_allowed(idev->dev->name)) 2612 return -EINVAL; 2613 2614 err = neigh_sysctl_register(idev->dev, idev->arp_parms, NULL); 2615 if (err) 2616 return err; 2617 err = __devinet_sysctl_register(dev_net(idev->dev), idev->dev->name, 2618 idev->dev->ifindex, &idev->cnf); 2619 if (err) 2620 neigh_sysctl_unregister(idev->arp_parms); 2621 return err; 2622 } 2623 2624 static void devinet_sysctl_unregister(struct in_device *idev) 2625 { 2626 struct net *net = dev_net(idev->dev); 2627 2628 __devinet_sysctl_unregister(net, &idev->cnf, idev->dev->ifindex); 2629 neigh_sysctl_unregister(idev->arp_parms); 2630 } 2631 2632 static struct ctl_table ctl_forward_entry[] = { 2633 { 2634 .procname = "ip_forward", 2635 .data = &ipv4_devconf.data[ 2636 IPV4_DEVCONF_FORWARDING - 1], 2637 .maxlen = sizeof(int), 2638 .mode = 0644, 2639 .proc_handler = devinet_sysctl_forward, 2640 .extra1 = &ipv4_devconf, 2641 .extra2 = &init_net, 2642 }, 2643 { }, 2644 }; 2645 #endif 2646 2647 static __net_init int devinet_init_net(struct net *net) 2648 { 2649 int err; 2650 struct ipv4_devconf *all, *dflt; 2651 #ifdef CONFIG_SYSCTL 2652 struct ctl_table *tbl; 2653 struct ctl_table_header *forw_hdr; 2654 #endif 2655 2656 err = -ENOMEM; 2657 all = kmemdup(&ipv4_devconf, sizeof(ipv4_devconf), GFP_KERNEL); 2658 if (!all) 2659 goto err_alloc_all; 2660 2661 dflt = kmemdup(&ipv4_devconf_dflt, sizeof(ipv4_devconf_dflt), GFP_KERNEL); 2662 if (!dflt) 2663 goto err_alloc_dflt; 2664 2665 #ifdef CONFIG_SYSCTL 2666 tbl = kmemdup(ctl_forward_entry, sizeof(ctl_forward_entry), GFP_KERNEL); 2667 if (!tbl) 2668 goto err_alloc_ctl; 2669 2670 tbl[0].data = &all->data[IPV4_DEVCONF_FORWARDING - 1]; 2671 tbl[0].extra1 = all; 2672 tbl[0].extra2 = net; 2673 #endif 2674 2675 if (!net_eq(net, &init_net)) { 2676 if (IS_ENABLED(CONFIG_SYSCTL) && 2677 sysctl_devconf_inherit_init_net == 3) { 2678 /* copy from the current netns */ 2679 memcpy(all, current->nsproxy->net_ns->ipv4.devconf_all, 2680 sizeof(ipv4_devconf)); 2681 memcpy(dflt, 2682 current->nsproxy->net_ns->ipv4.devconf_dflt, 2683 sizeof(ipv4_devconf_dflt)); 2684 } else if (!IS_ENABLED(CONFIG_SYSCTL) || 2685 sysctl_devconf_inherit_init_net != 2) { 2686 /* inherit == 0 or 1: copy from init_net */ 2687 memcpy(all, init_net.ipv4.devconf_all, 2688 sizeof(ipv4_devconf)); 2689 memcpy(dflt, init_net.ipv4.devconf_dflt, 2690 sizeof(ipv4_devconf_dflt)); 2691 } 2692 /* else inherit == 2: use compiled values */ 2693 } 2694 2695 #ifdef CONFIG_SYSCTL 2696 err = __devinet_sysctl_register(net, "all", NETCONFA_IFINDEX_ALL, all); 2697 if (err < 0) 2698 goto err_reg_all; 2699 2700 err = __devinet_sysctl_register(net, "default", 2701 NETCONFA_IFINDEX_DEFAULT, dflt); 2702 if (err < 0) 2703 goto err_reg_dflt; 2704 2705 err = -ENOMEM; 2706 forw_hdr = register_net_sysctl(net, "net/ipv4", tbl); 2707 if (!forw_hdr) 2708 goto err_reg_ctl; 2709 net->ipv4.forw_hdr = forw_hdr; 2710 #endif 2711 2712 net->ipv4.devconf_all = all; 2713 net->ipv4.devconf_dflt = dflt; 2714 return 0; 2715 2716 #ifdef CONFIG_SYSCTL 2717 err_reg_ctl: 2718 __devinet_sysctl_unregister(net, dflt, NETCONFA_IFINDEX_DEFAULT); 2719 err_reg_dflt: 2720 __devinet_sysctl_unregister(net, all, NETCONFA_IFINDEX_ALL); 2721 err_reg_all: 2722 kfree(tbl); 2723 err_alloc_ctl: 2724 #endif 2725 kfree(dflt); 2726 err_alloc_dflt: 2727 kfree(all); 2728 err_alloc_all: 2729 return err; 2730 } 2731 2732 static __net_exit void devinet_exit_net(struct net *net) 2733 { 2734 #ifdef CONFIG_SYSCTL 2735 struct ctl_table *tbl; 2736 2737 tbl = net->ipv4.forw_hdr->ctl_table_arg; 2738 unregister_net_sysctl_table(net->ipv4.forw_hdr); 2739 __devinet_sysctl_unregister(net, net->ipv4.devconf_dflt, 2740 NETCONFA_IFINDEX_DEFAULT); 2741 __devinet_sysctl_unregister(net, net->ipv4.devconf_all, 2742 NETCONFA_IFINDEX_ALL); 2743 kfree(tbl); 2744 #endif 2745 kfree(net->ipv4.devconf_dflt); 2746 kfree(net->ipv4.devconf_all); 2747 } 2748 2749 static __net_initdata struct pernet_operations devinet_ops = { 2750 .init = devinet_init_net, 2751 .exit = devinet_exit_net, 2752 }; 2753 2754 static struct rtnl_af_ops inet_af_ops __read_mostly = { 2755 .family = AF_INET, 2756 .fill_link_af = inet_fill_link_af, 2757 .get_link_af_size = inet_get_link_af_size, 2758 .validate_link_af = inet_validate_link_af, 2759 .set_link_af = inet_set_link_af, 2760 }; 2761 2762 void __init devinet_init(void) 2763 { 2764 int i; 2765 2766 for (i = 0; i < IN4_ADDR_HSIZE; i++) 2767 INIT_HLIST_HEAD(&inet_addr_lst[i]); 2768 2769 register_pernet_subsys(&devinet_ops); 2770 register_netdevice_notifier(&ip_netdev_notifier); 2771 2772 queue_delayed_work(system_power_efficient_wq, &check_lifetime_work, 0); 2773 2774 rtnl_af_register(&inet_af_ops); 2775 2776 rtnl_register(PF_INET, RTM_NEWADDR, inet_rtm_newaddr, NULL, 0); 2777 rtnl_register(PF_INET, RTM_DELADDR, inet_rtm_deladdr, NULL, 0); 2778 rtnl_register(PF_INET, RTM_GETADDR, NULL, inet_dump_ifaddr, 0); 2779 rtnl_register(PF_INET, RTM_GETNETCONF, inet_netconf_get_devconf, 2780 inet_netconf_dump_devconf, 0); 2781 } 2782