1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * Linux NET3: Internet Group Management Protocol [IGMP] 4 * 5 * This code implements the IGMP protocol as defined in RFC1112. There has 6 * been a further revision of this protocol since which is now supported. 7 * 8 * If you have trouble with this module be careful what gcc you have used, 9 * the older version didn't come out right using gcc 2.5.8, the newer one 10 * seems to fall out with gcc 2.6.2. 11 * 12 * Authors: 13 * Alan Cox <alan@lxorguk.ukuu.org.uk> 14 * 15 * Fixes: 16 * 17 * Alan Cox : Added lots of __inline__ to optimise 18 * the memory usage of all the tiny little 19 * functions. 20 * Alan Cox : Dumped the header building experiment. 21 * Alan Cox : Minor tweaks ready for multicast routing 22 * and extended IGMP protocol. 23 * Alan Cox : Removed a load of inline directives. Gcc 2.5.8 24 * writes utterly bogus code otherwise (sigh) 25 * fixed IGMP loopback to behave in the manner 26 * desired by mrouted, fixed the fact it has been 27 * broken since 1.3.6 and cleaned up a few minor 28 * points. 29 * 30 * Chih-Jen Chang : Tried to revise IGMP to Version 2 31 * Tsu-Sheng Tsao E-mail: chihjenc@scf.usc.edu and tsusheng@scf.usc.edu 32 * The enhancements are mainly based on Steve Deering's 33 * ipmulti-3.5 source code. 34 * Chih-Jen Chang : Added the igmp_get_mrouter_info and 35 * Tsu-Sheng Tsao igmp_set_mrouter_info to keep track of 36 * the mrouted version on that device. 37 * Chih-Jen Chang : Added the max_resp_time parameter to 38 * Tsu-Sheng Tsao igmp_heard_query(). Using this parameter 39 * to identify the multicast router version 40 * and do what the IGMP version 2 specified. 41 * Chih-Jen Chang : Added a timer to revert to IGMP V2 router 42 * Tsu-Sheng Tsao if the specified time expired. 43 * Alan Cox : Stop IGMP from 0.0.0.0 being accepted. 44 * Alan Cox : Use GFP_ATOMIC in the right places. 45 * Christian Daudt : igmp timer wasn't set for local group 46 * memberships but was being deleted, 47 * which caused a "del_timer() called 48 * from %p with timer not initialized\n" 49 * message (960131). 50 * Christian Daudt : removed del_timer from 51 * igmp_timer_expire function (960205). 52 * Christian Daudt : igmp_heard_report now only calls 53 * igmp_timer_expire if tm->running is 54 * true (960216). 55 * Malcolm Beattie : ttl comparison wrong in igmp_rcv made 56 * igmp_heard_query never trigger. Expiry 57 * miscalculation fixed in igmp_heard_query 58 * and random() made to return unsigned to 59 * prevent negative expiry times. 60 * Alexey Kuznetsov: Wrong group leaving behaviour, backport 61 * fix from pending 2.1.x patches. 62 * Alan Cox: Forget to enable FDDI support earlier. 63 * Alexey Kuznetsov: Fixed leaving groups on device down. 64 * Alexey Kuznetsov: Accordance to igmp-v2-06 draft. 65 * David L Stevens: IGMPv3 support, with help from 66 * Vinay Kulkarni 67 */ 68 69 #include <linux/module.h> 70 #include <linux/slab.h> 71 #include <linux/uaccess.h> 72 #include <linux/types.h> 73 #include <linux/kernel.h> 74 #include <linux/jiffies.h> 75 #include <linux/string.h> 76 #include <linux/socket.h> 77 #include <linux/sockios.h> 78 #include <linux/in.h> 79 #include <linux/inet.h> 80 #include <linux/netdevice.h> 81 #include <linux/skbuff.h> 82 #include <linux/inetdevice.h> 83 #include <linux/igmp.h> 84 #include <linux/if_arp.h> 85 #include <linux/rtnetlink.h> 86 #include <linux/times.h> 87 #include <linux/pkt_sched.h> 88 #include <linux/byteorder/generic.h> 89 90 #include <net/net_namespace.h> 91 #include <net/arp.h> 92 #include <net/ip.h> 93 #include <net/protocol.h> 94 #include <net/route.h> 95 #include <net/sock.h> 96 #include <net/checksum.h> 97 #include <net/inet_common.h> 98 #include <linux/netfilter_ipv4.h> 99 #ifdef CONFIG_IP_MROUTE 100 #include <linux/mroute.h> 101 #endif 102 #ifdef CONFIG_PROC_FS 103 #include <linux/proc_fs.h> 104 #include <linux/seq_file.h> 105 #endif 106 107 #ifdef CONFIG_IP_MULTICAST 108 /* Parameter names and values are taken from igmp-v2-06 draft */ 109 110 #define IGMP_V2_UNSOLICITED_REPORT_INTERVAL (10*HZ) 111 #define IGMP_V3_UNSOLICITED_REPORT_INTERVAL (1*HZ) 112 #define IGMP_QUERY_INTERVAL (125*HZ) 113 #define IGMP_QUERY_RESPONSE_INTERVAL (10*HZ) 114 115 #define IGMP_INITIAL_REPORT_DELAY (1) 116 117 /* IGMP_INITIAL_REPORT_DELAY is not from IGMP specs! 118 * IGMP specs require to report membership immediately after 119 * joining a group, but we delay the first report by a 120 * small interval. It seems more natural and still does not 121 * contradict to specs provided this delay is small enough. 122 */ 123 124 #define IGMP_V1_SEEN(in_dev) \ 125 (IPV4_DEVCONF_ALL(dev_net(in_dev->dev), FORCE_IGMP_VERSION) == 1 || \ 126 IN_DEV_CONF_GET((in_dev), FORCE_IGMP_VERSION) == 1 || \ 127 ((in_dev)->mr_v1_seen && \ 128 time_before(jiffies, (in_dev)->mr_v1_seen))) 129 #define IGMP_V2_SEEN(in_dev) \ 130 (IPV4_DEVCONF_ALL(dev_net(in_dev->dev), FORCE_IGMP_VERSION) == 2 || \ 131 IN_DEV_CONF_GET((in_dev), FORCE_IGMP_VERSION) == 2 || \ 132 ((in_dev)->mr_v2_seen && \ 133 time_before(jiffies, (in_dev)->mr_v2_seen))) 134 135 static int unsolicited_report_interval(struct in_device *in_dev) 136 { 137 int interval_ms, interval_jiffies; 138 139 if (IGMP_V1_SEEN(in_dev) || IGMP_V2_SEEN(in_dev)) 140 interval_ms = IN_DEV_CONF_GET( 141 in_dev, 142 IGMPV2_UNSOLICITED_REPORT_INTERVAL); 143 else /* v3 */ 144 interval_ms = IN_DEV_CONF_GET( 145 in_dev, 146 IGMPV3_UNSOLICITED_REPORT_INTERVAL); 147 148 interval_jiffies = msecs_to_jiffies(interval_ms); 149 150 /* _timer functions can't handle a delay of 0 jiffies so ensure 151 * we always return a positive value. 152 */ 153 if (interval_jiffies <= 0) 154 interval_jiffies = 1; 155 return interval_jiffies; 156 } 157 158 static void igmpv3_add_delrec(struct in_device *in_dev, struct ip_mc_list *im, 159 gfp_t gfp); 160 static void igmpv3_del_delrec(struct in_device *in_dev, struct ip_mc_list *im); 161 static void igmpv3_clear_delrec(struct in_device *in_dev); 162 static int sf_setstate(struct ip_mc_list *pmc); 163 static void sf_markstate(struct ip_mc_list *pmc); 164 #endif 165 static void ip_mc_clear_src(struct ip_mc_list *pmc); 166 static int ip_mc_add_src(struct in_device *in_dev, __be32 *pmca, int sfmode, 167 int sfcount, __be32 *psfsrc, int delta); 168 169 static void ip_ma_put(struct ip_mc_list *im) 170 { 171 if (refcount_dec_and_test(&im->refcnt)) { 172 in_dev_put(im->interface); 173 kfree_rcu(im, rcu); 174 } 175 } 176 177 #define for_each_pmc_rcu(in_dev, pmc) \ 178 for (pmc = rcu_dereference(in_dev->mc_list); \ 179 pmc != NULL; \ 180 pmc = rcu_dereference(pmc->next_rcu)) 181 182 #define for_each_pmc_rtnl(in_dev, pmc) \ 183 for (pmc = rtnl_dereference(in_dev->mc_list); \ 184 pmc != NULL; \ 185 pmc = rtnl_dereference(pmc->next_rcu)) 186 187 static void ip_sf_list_clear_all(struct ip_sf_list *psf) 188 { 189 struct ip_sf_list *next; 190 191 while (psf) { 192 next = psf->sf_next; 193 kfree(psf); 194 psf = next; 195 } 196 } 197 198 #ifdef CONFIG_IP_MULTICAST 199 200 /* 201 * Timer management 202 */ 203 204 static void igmp_stop_timer(struct ip_mc_list *im) 205 { 206 spin_lock_bh(&im->lock); 207 if (del_timer(&im->timer)) 208 refcount_dec(&im->refcnt); 209 im->tm_running = 0; 210 im->reporter = 0; 211 im->unsolicit_count = 0; 212 spin_unlock_bh(&im->lock); 213 } 214 215 /* It must be called with locked im->lock */ 216 static void igmp_start_timer(struct ip_mc_list *im, int max_delay) 217 { 218 int tv = prandom_u32() % max_delay; 219 220 im->tm_running = 1; 221 if (!mod_timer(&im->timer, jiffies+tv+2)) 222 refcount_inc(&im->refcnt); 223 } 224 225 static void igmp_gq_start_timer(struct in_device *in_dev) 226 { 227 int tv = prandom_u32() % in_dev->mr_maxdelay; 228 unsigned long exp = jiffies + tv + 2; 229 230 if (in_dev->mr_gq_running && 231 time_after_eq(exp, (in_dev->mr_gq_timer).expires)) 232 return; 233 234 in_dev->mr_gq_running = 1; 235 if (!mod_timer(&in_dev->mr_gq_timer, exp)) 236 in_dev_hold(in_dev); 237 } 238 239 static void igmp_ifc_start_timer(struct in_device *in_dev, int delay) 240 { 241 int tv = prandom_u32() % delay; 242 243 if (!mod_timer(&in_dev->mr_ifc_timer, jiffies+tv+2)) 244 in_dev_hold(in_dev); 245 } 246 247 static void igmp_mod_timer(struct ip_mc_list *im, int max_delay) 248 { 249 spin_lock_bh(&im->lock); 250 im->unsolicit_count = 0; 251 if (del_timer(&im->timer)) { 252 if ((long)(im->timer.expires-jiffies) < max_delay) { 253 add_timer(&im->timer); 254 im->tm_running = 1; 255 spin_unlock_bh(&im->lock); 256 return; 257 } 258 refcount_dec(&im->refcnt); 259 } 260 igmp_start_timer(im, max_delay); 261 spin_unlock_bh(&im->lock); 262 } 263 264 265 /* 266 * Send an IGMP report. 267 */ 268 269 #define IGMP_SIZE (sizeof(struct igmphdr)+sizeof(struct iphdr)+4) 270 271 272 static int is_in(struct ip_mc_list *pmc, struct ip_sf_list *psf, int type, 273 int gdeleted, int sdeleted) 274 { 275 switch (type) { 276 case IGMPV3_MODE_IS_INCLUDE: 277 case IGMPV3_MODE_IS_EXCLUDE: 278 if (gdeleted || sdeleted) 279 return 0; 280 if (!(pmc->gsquery && !psf->sf_gsresp)) { 281 if (pmc->sfmode == MCAST_INCLUDE) 282 return 1; 283 /* don't include if this source is excluded 284 * in all filters 285 */ 286 if (psf->sf_count[MCAST_INCLUDE]) 287 return type == IGMPV3_MODE_IS_INCLUDE; 288 return pmc->sfcount[MCAST_EXCLUDE] == 289 psf->sf_count[MCAST_EXCLUDE]; 290 } 291 return 0; 292 case IGMPV3_CHANGE_TO_INCLUDE: 293 if (gdeleted || sdeleted) 294 return 0; 295 return psf->sf_count[MCAST_INCLUDE] != 0; 296 case IGMPV3_CHANGE_TO_EXCLUDE: 297 if (gdeleted || sdeleted) 298 return 0; 299 if (pmc->sfcount[MCAST_EXCLUDE] == 0 || 300 psf->sf_count[MCAST_INCLUDE]) 301 return 0; 302 return pmc->sfcount[MCAST_EXCLUDE] == 303 psf->sf_count[MCAST_EXCLUDE]; 304 case IGMPV3_ALLOW_NEW_SOURCES: 305 if (gdeleted || !psf->sf_crcount) 306 return 0; 307 return (pmc->sfmode == MCAST_INCLUDE) ^ sdeleted; 308 case IGMPV3_BLOCK_OLD_SOURCES: 309 if (pmc->sfmode == MCAST_INCLUDE) 310 return gdeleted || (psf->sf_crcount && sdeleted); 311 return psf->sf_crcount && !gdeleted && !sdeleted; 312 } 313 return 0; 314 } 315 316 static int 317 igmp_scount(struct ip_mc_list *pmc, int type, int gdeleted, int sdeleted) 318 { 319 struct ip_sf_list *psf; 320 int scount = 0; 321 322 for (psf = pmc->sources; psf; psf = psf->sf_next) { 323 if (!is_in(pmc, psf, type, gdeleted, sdeleted)) 324 continue; 325 scount++; 326 } 327 return scount; 328 } 329 330 /* source address selection per RFC 3376 section 4.2.13 */ 331 static __be32 igmpv3_get_srcaddr(struct net_device *dev, 332 const struct flowi4 *fl4) 333 { 334 struct in_device *in_dev = __in_dev_get_rcu(dev); 335 336 if (!in_dev) 337 return htonl(INADDR_ANY); 338 339 for_ifa(in_dev) { 340 if (fl4->saddr == ifa->ifa_local) 341 return fl4->saddr; 342 } endfor_ifa(in_dev); 343 344 return htonl(INADDR_ANY); 345 } 346 347 static struct sk_buff *igmpv3_newpack(struct net_device *dev, unsigned int mtu) 348 { 349 struct sk_buff *skb; 350 struct rtable *rt; 351 struct iphdr *pip; 352 struct igmpv3_report *pig; 353 struct net *net = dev_net(dev); 354 struct flowi4 fl4; 355 int hlen = LL_RESERVED_SPACE(dev); 356 int tlen = dev->needed_tailroom; 357 unsigned int size = mtu; 358 359 while (1) { 360 skb = alloc_skb(size + hlen + tlen, 361 GFP_ATOMIC | __GFP_NOWARN); 362 if (skb) 363 break; 364 size >>= 1; 365 if (size < 256) 366 return NULL; 367 } 368 skb->priority = TC_PRIO_CONTROL; 369 370 rt = ip_route_output_ports(net, &fl4, NULL, IGMPV3_ALL_MCR, 0, 371 0, 0, 372 IPPROTO_IGMP, 0, dev->ifindex); 373 if (IS_ERR(rt)) { 374 kfree_skb(skb); 375 return NULL; 376 } 377 378 skb_dst_set(skb, &rt->dst); 379 skb->dev = dev; 380 381 skb_reserve(skb, hlen); 382 skb_tailroom_reserve(skb, mtu, tlen); 383 384 skb_reset_network_header(skb); 385 pip = ip_hdr(skb); 386 skb_put(skb, sizeof(struct iphdr) + 4); 387 388 pip->version = 4; 389 pip->ihl = (sizeof(struct iphdr)+4)>>2; 390 pip->tos = 0xc0; 391 pip->frag_off = htons(IP_DF); 392 pip->ttl = 1; 393 pip->daddr = fl4.daddr; 394 395 rcu_read_lock(); 396 pip->saddr = igmpv3_get_srcaddr(dev, &fl4); 397 rcu_read_unlock(); 398 399 pip->protocol = IPPROTO_IGMP; 400 pip->tot_len = 0; /* filled in later */ 401 ip_select_ident(net, skb, NULL); 402 ((u8 *)&pip[1])[0] = IPOPT_RA; 403 ((u8 *)&pip[1])[1] = 4; 404 ((u8 *)&pip[1])[2] = 0; 405 ((u8 *)&pip[1])[3] = 0; 406 407 skb->transport_header = skb->network_header + sizeof(struct iphdr) + 4; 408 skb_put(skb, sizeof(*pig)); 409 pig = igmpv3_report_hdr(skb); 410 pig->type = IGMPV3_HOST_MEMBERSHIP_REPORT; 411 pig->resv1 = 0; 412 pig->csum = 0; 413 pig->resv2 = 0; 414 pig->ngrec = 0; 415 return skb; 416 } 417 418 static int igmpv3_sendpack(struct sk_buff *skb) 419 { 420 struct igmphdr *pig = igmp_hdr(skb); 421 const int igmplen = skb_tail_pointer(skb) - skb_transport_header(skb); 422 423 pig->csum = ip_compute_csum(igmp_hdr(skb), igmplen); 424 425 return ip_local_out(dev_net(skb_dst(skb)->dev), skb->sk, skb); 426 } 427 428 static int grec_size(struct ip_mc_list *pmc, int type, int gdel, int sdel) 429 { 430 return sizeof(struct igmpv3_grec) + 4*igmp_scount(pmc, type, gdel, sdel); 431 } 432 433 static struct sk_buff *add_grhead(struct sk_buff *skb, struct ip_mc_list *pmc, 434 int type, struct igmpv3_grec **ppgr, unsigned int mtu) 435 { 436 struct net_device *dev = pmc->interface->dev; 437 struct igmpv3_report *pih; 438 struct igmpv3_grec *pgr; 439 440 if (!skb) { 441 skb = igmpv3_newpack(dev, mtu); 442 if (!skb) 443 return NULL; 444 } 445 pgr = skb_put(skb, sizeof(struct igmpv3_grec)); 446 pgr->grec_type = type; 447 pgr->grec_auxwords = 0; 448 pgr->grec_nsrcs = 0; 449 pgr->grec_mca = pmc->multiaddr; 450 pih = igmpv3_report_hdr(skb); 451 pih->ngrec = htons(ntohs(pih->ngrec)+1); 452 *ppgr = pgr; 453 return skb; 454 } 455 456 #define AVAILABLE(skb) ((skb) ? skb_availroom(skb) : 0) 457 458 static struct sk_buff *add_grec(struct sk_buff *skb, struct ip_mc_list *pmc, 459 int type, int gdeleted, int sdeleted) 460 { 461 struct net_device *dev = pmc->interface->dev; 462 struct net *net = dev_net(dev); 463 struct igmpv3_report *pih; 464 struct igmpv3_grec *pgr = NULL; 465 struct ip_sf_list *psf, *psf_next, *psf_prev, **psf_list; 466 int scount, stotal, first, isquery, truncate; 467 unsigned int mtu; 468 469 if (pmc->multiaddr == IGMP_ALL_HOSTS) 470 return skb; 471 if (ipv4_is_local_multicast(pmc->multiaddr) && !net->ipv4.sysctl_igmp_llm_reports) 472 return skb; 473 474 mtu = READ_ONCE(dev->mtu); 475 if (mtu < IPV4_MIN_MTU) 476 return skb; 477 478 isquery = type == IGMPV3_MODE_IS_INCLUDE || 479 type == IGMPV3_MODE_IS_EXCLUDE; 480 truncate = type == IGMPV3_MODE_IS_EXCLUDE || 481 type == IGMPV3_CHANGE_TO_EXCLUDE; 482 483 stotal = scount = 0; 484 485 psf_list = sdeleted ? &pmc->tomb : &pmc->sources; 486 487 if (!*psf_list) 488 goto empty_source; 489 490 pih = skb ? igmpv3_report_hdr(skb) : NULL; 491 492 /* EX and TO_EX get a fresh packet, if needed */ 493 if (truncate) { 494 if (pih && pih->ngrec && 495 AVAILABLE(skb) < grec_size(pmc, type, gdeleted, sdeleted)) { 496 if (skb) 497 igmpv3_sendpack(skb); 498 skb = igmpv3_newpack(dev, mtu); 499 } 500 } 501 first = 1; 502 psf_prev = NULL; 503 for (psf = *psf_list; psf; psf = psf_next) { 504 __be32 *psrc; 505 506 psf_next = psf->sf_next; 507 508 if (!is_in(pmc, psf, type, gdeleted, sdeleted)) { 509 psf_prev = psf; 510 continue; 511 } 512 513 /* Based on RFC3376 5.1. Should not send source-list change 514 * records when there is a filter mode change. 515 */ 516 if (((gdeleted && pmc->sfmode == MCAST_EXCLUDE) || 517 (!gdeleted && pmc->crcount)) && 518 (type == IGMPV3_ALLOW_NEW_SOURCES || 519 type == IGMPV3_BLOCK_OLD_SOURCES) && psf->sf_crcount) 520 goto decrease_sf_crcount; 521 522 /* clear marks on query responses */ 523 if (isquery) 524 psf->sf_gsresp = 0; 525 526 if (AVAILABLE(skb) < sizeof(__be32) + 527 first*sizeof(struct igmpv3_grec)) { 528 if (truncate && !first) 529 break; /* truncate these */ 530 if (pgr) 531 pgr->grec_nsrcs = htons(scount); 532 if (skb) 533 igmpv3_sendpack(skb); 534 skb = igmpv3_newpack(dev, mtu); 535 first = 1; 536 scount = 0; 537 } 538 if (first) { 539 skb = add_grhead(skb, pmc, type, &pgr, mtu); 540 first = 0; 541 } 542 if (!skb) 543 return NULL; 544 psrc = skb_put(skb, sizeof(__be32)); 545 *psrc = psf->sf_inaddr; 546 scount++; stotal++; 547 if ((type == IGMPV3_ALLOW_NEW_SOURCES || 548 type == IGMPV3_BLOCK_OLD_SOURCES) && psf->sf_crcount) { 549 decrease_sf_crcount: 550 psf->sf_crcount--; 551 if ((sdeleted || gdeleted) && psf->sf_crcount == 0) { 552 if (psf_prev) 553 psf_prev->sf_next = psf->sf_next; 554 else 555 *psf_list = psf->sf_next; 556 kfree(psf); 557 continue; 558 } 559 } 560 psf_prev = psf; 561 } 562 563 empty_source: 564 if (!stotal) { 565 if (type == IGMPV3_ALLOW_NEW_SOURCES || 566 type == IGMPV3_BLOCK_OLD_SOURCES) 567 return skb; 568 if (pmc->crcount || isquery) { 569 /* make sure we have room for group header */ 570 if (skb && AVAILABLE(skb) < sizeof(struct igmpv3_grec)) { 571 igmpv3_sendpack(skb); 572 skb = NULL; /* add_grhead will get a new one */ 573 } 574 skb = add_grhead(skb, pmc, type, &pgr, mtu); 575 } 576 } 577 if (pgr) 578 pgr->grec_nsrcs = htons(scount); 579 580 if (isquery) 581 pmc->gsquery = 0; /* clear query state on report */ 582 return skb; 583 } 584 585 static int igmpv3_send_report(struct in_device *in_dev, struct ip_mc_list *pmc) 586 { 587 struct sk_buff *skb = NULL; 588 struct net *net = dev_net(in_dev->dev); 589 int type; 590 591 if (!pmc) { 592 rcu_read_lock(); 593 for_each_pmc_rcu(in_dev, pmc) { 594 if (pmc->multiaddr == IGMP_ALL_HOSTS) 595 continue; 596 if (ipv4_is_local_multicast(pmc->multiaddr) && 597 !net->ipv4.sysctl_igmp_llm_reports) 598 continue; 599 spin_lock_bh(&pmc->lock); 600 if (pmc->sfcount[MCAST_EXCLUDE]) 601 type = IGMPV3_MODE_IS_EXCLUDE; 602 else 603 type = IGMPV3_MODE_IS_INCLUDE; 604 skb = add_grec(skb, pmc, type, 0, 0); 605 spin_unlock_bh(&pmc->lock); 606 } 607 rcu_read_unlock(); 608 } else { 609 spin_lock_bh(&pmc->lock); 610 if (pmc->sfcount[MCAST_EXCLUDE]) 611 type = IGMPV3_MODE_IS_EXCLUDE; 612 else 613 type = IGMPV3_MODE_IS_INCLUDE; 614 skb = add_grec(skb, pmc, type, 0, 0); 615 spin_unlock_bh(&pmc->lock); 616 } 617 if (!skb) 618 return 0; 619 return igmpv3_sendpack(skb); 620 } 621 622 /* 623 * remove zero-count source records from a source filter list 624 */ 625 static void igmpv3_clear_zeros(struct ip_sf_list **ppsf) 626 { 627 struct ip_sf_list *psf_prev, *psf_next, *psf; 628 629 psf_prev = NULL; 630 for (psf = *ppsf; psf; psf = psf_next) { 631 psf_next = psf->sf_next; 632 if (psf->sf_crcount == 0) { 633 if (psf_prev) 634 psf_prev->sf_next = psf->sf_next; 635 else 636 *ppsf = psf->sf_next; 637 kfree(psf); 638 } else 639 psf_prev = psf; 640 } 641 } 642 643 static void kfree_pmc(struct ip_mc_list *pmc) 644 { 645 ip_sf_list_clear_all(pmc->sources); 646 ip_sf_list_clear_all(pmc->tomb); 647 kfree(pmc); 648 } 649 650 static void igmpv3_send_cr(struct in_device *in_dev) 651 { 652 struct ip_mc_list *pmc, *pmc_prev, *pmc_next; 653 struct sk_buff *skb = NULL; 654 int type, dtype; 655 656 rcu_read_lock(); 657 spin_lock_bh(&in_dev->mc_tomb_lock); 658 659 /* deleted MCA's */ 660 pmc_prev = NULL; 661 for (pmc = in_dev->mc_tomb; pmc; pmc = pmc_next) { 662 pmc_next = pmc->next; 663 if (pmc->sfmode == MCAST_INCLUDE) { 664 type = IGMPV3_BLOCK_OLD_SOURCES; 665 dtype = IGMPV3_BLOCK_OLD_SOURCES; 666 skb = add_grec(skb, pmc, type, 1, 0); 667 skb = add_grec(skb, pmc, dtype, 1, 1); 668 } 669 if (pmc->crcount) { 670 if (pmc->sfmode == MCAST_EXCLUDE) { 671 type = IGMPV3_CHANGE_TO_INCLUDE; 672 skb = add_grec(skb, pmc, type, 1, 0); 673 } 674 pmc->crcount--; 675 if (pmc->crcount == 0) { 676 igmpv3_clear_zeros(&pmc->tomb); 677 igmpv3_clear_zeros(&pmc->sources); 678 } 679 } 680 if (pmc->crcount == 0 && !pmc->tomb && !pmc->sources) { 681 if (pmc_prev) 682 pmc_prev->next = pmc_next; 683 else 684 in_dev->mc_tomb = pmc_next; 685 in_dev_put(pmc->interface); 686 kfree_pmc(pmc); 687 } else 688 pmc_prev = pmc; 689 } 690 spin_unlock_bh(&in_dev->mc_tomb_lock); 691 692 /* change recs */ 693 for_each_pmc_rcu(in_dev, pmc) { 694 spin_lock_bh(&pmc->lock); 695 if (pmc->sfcount[MCAST_EXCLUDE]) { 696 type = IGMPV3_BLOCK_OLD_SOURCES; 697 dtype = IGMPV3_ALLOW_NEW_SOURCES; 698 } else { 699 type = IGMPV3_ALLOW_NEW_SOURCES; 700 dtype = IGMPV3_BLOCK_OLD_SOURCES; 701 } 702 skb = add_grec(skb, pmc, type, 0, 0); 703 skb = add_grec(skb, pmc, dtype, 0, 1); /* deleted sources */ 704 705 /* filter mode changes */ 706 if (pmc->crcount) { 707 if (pmc->sfmode == MCAST_EXCLUDE) 708 type = IGMPV3_CHANGE_TO_EXCLUDE; 709 else 710 type = IGMPV3_CHANGE_TO_INCLUDE; 711 skb = add_grec(skb, pmc, type, 0, 0); 712 pmc->crcount--; 713 } 714 spin_unlock_bh(&pmc->lock); 715 } 716 rcu_read_unlock(); 717 718 if (!skb) 719 return; 720 (void) igmpv3_sendpack(skb); 721 } 722 723 static int igmp_send_report(struct in_device *in_dev, struct ip_mc_list *pmc, 724 int type) 725 { 726 struct sk_buff *skb; 727 struct iphdr *iph; 728 struct igmphdr *ih; 729 struct rtable *rt; 730 struct net_device *dev = in_dev->dev; 731 struct net *net = dev_net(dev); 732 __be32 group = pmc ? pmc->multiaddr : 0; 733 struct flowi4 fl4; 734 __be32 dst; 735 int hlen, tlen; 736 737 if (type == IGMPV3_HOST_MEMBERSHIP_REPORT) 738 return igmpv3_send_report(in_dev, pmc); 739 740 if (ipv4_is_local_multicast(group) && !net->ipv4.sysctl_igmp_llm_reports) 741 return 0; 742 743 if (type == IGMP_HOST_LEAVE_MESSAGE) 744 dst = IGMP_ALL_ROUTER; 745 else 746 dst = group; 747 748 rt = ip_route_output_ports(net, &fl4, NULL, dst, 0, 749 0, 0, 750 IPPROTO_IGMP, 0, dev->ifindex); 751 if (IS_ERR(rt)) 752 return -1; 753 754 hlen = LL_RESERVED_SPACE(dev); 755 tlen = dev->needed_tailroom; 756 skb = alloc_skb(IGMP_SIZE + hlen + tlen, GFP_ATOMIC); 757 if (!skb) { 758 ip_rt_put(rt); 759 return -1; 760 } 761 skb->priority = TC_PRIO_CONTROL; 762 763 skb_dst_set(skb, &rt->dst); 764 765 skb_reserve(skb, hlen); 766 767 skb_reset_network_header(skb); 768 iph = ip_hdr(skb); 769 skb_put(skb, sizeof(struct iphdr) + 4); 770 771 iph->version = 4; 772 iph->ihl = (sizeof(struct iphdr)+4)>>2; 773 iph->tos = 0xc0; 774 iph->frag_off = htons(IP_DF); 775 iph->ttl = 1; 776 iph->daddr = dst; 777 iph->saddr = fl4.saddr; 778 iph->protocol = IPPROTO_IGMP; 779 ip_select_ident(net, skb, NULL); 780 ((u8 *)&iph[1])[0] = IPOPT_RA; 781 ((u8 *)&iph[1])[1] = 4; 782 ((u8 *)&iph[1])[2] = 0; 783 ((u8 *)&iph[1])[3] = 0; 784 785 ih = skb_put(skb, sizeof(struct igmphdr)); 786 ih->type = type; 787 ih->code = 0; 788 ih->csum = 0; 789 ih->group = group; 790 ih->csum = ip_compute_csum((void *)ih, sizeof(struct igmphdr)); 791 792 return ip_local_out(net, skb->sk, skb); 793 } 794 795 static void igmp_gq_timer_expire(struct timer_list *t) 796 { 797 struct in_device *in_dev = from_timer(in_dev, t, mr_gq_timer); 798 799 in_dev->mr_gq_running = 0; 800 igmpv3_send_report(in_dev, NULL); 801 in_dev_put(in_dev); 802 } 803 804 static void igmp_ifc_timer_expire(struct timer_list *t) 805 { 806 struct in_device *in_dev = from_timer(in_dev, t, mr_ifc_timer); 807 808 igmpv3_send_cr(in_dev); 809 if (in_dev->mr_ifc_count) { 810 in_dev->mr_ifc_count--; 811 igmp_ifc_start_timer(in_dev, 812 unsolicited_report_interval(in_dev)); 813 } 814 in_dev_put(in_dev); 815 } 816 817 static void igmp_ifc_event(struct in_device *in_dev) 818 { 819 struct net *net = dev_net(in_dev->dev); 820 if (IGMP_V1_SEEN(in_dev) || IGMP_V2_SEEN(in_dev)) 821 return; 822 in_dev->mr_ifc_count = in_dev->mr_qrv ?: net->ipv4.sysctl_igmp_qrv; 823 igmp_ifc_start_timer(in_dev, 1); 824 } 825 826 827 static void igmp_timer_expire(struct timer_list *t) 828 { 829 struct ip_mc_list *im = from_timer(im, t, timer); 830 struct in_device *in_dev = im->interface; 831 832 spin_lock(&im->lock); 833 im->tm_running = 0; 834 835 if (im->unsolicit_count && --im->unsolicit_count) 836 igmp_start_timer(im, unsolicited_report_interval(in_dev)); 837 838 im->reporter = 1; 839 spin_unlock(&im->lock); 840 841 if (IGMP_V1_SEEN(in_dev)) 842 igmp_send_report(in_dev, im, IGMP_HOST_MEMBERSHIP_REPORT); 843 else if (IGMP_V2_SEEN(in_dev)) 844 igmp_send_report(in_dev, im, IGMPV2_HOST_MEMBERSHIP_REPORT); 845 else 846 igmp_send_report(in_dev, im, IGMPV3_HOST_MEMBERSHIP_REPORT); 847 848 ip_ma_put(im); 849 } 850 851 /* mark EXCLUDE-mode sources */ 852 static int igmp_xmarksources(struct ip_mc_list *pmc, int nsrcs, __be32 *srcs) 853 { 854 struct ip_sf_list *psf; 855 int i, scount; 856 857 scount = 0; 858 for (psf = pmc->sources; psf; psf = psf->sf_next) { 859 if (scount == nsrcs) 860 break; 861 for (i = 0; i < nsrcs; i++) { 862 /* skip inactive filters */ 863 if (psf->sf_count[MCAST_INCLUDE] || 864 pmc->sfcount[MCAST_EXCLUDE] != 865 psf->sf_count[MCAST_EXCLUDE]) 866 break; 867 if (srcs[i] == psf->sf_inaddr) { 868 scount++; 869 break; 870 } 871 } 872 } 873 pmc->gsquery = 0; 874 if (scount == nsrcs) /* all sources excluded */ 875 return 0; 876 return 1; 877 } 878 879 static int igmp_marksources(struct ip_mc_list *pmc, int nsrcs, __be32 *srcs) 880 { 881 struct ip_sf_list *psf; 882 int i, scount; 883 884 if (pmc->sfmode == MCAST_EXCLUDE) 885 return igmp_xmarksources(pmc, nsrcs, srcs); 886 887 /* mark INCLUDE-mode sources */ 888 scount = 0; 889 for (psf = pmc->sources; psf; psf = psf->sf_next) { 890 if (scount == nsrcs) 891 break; 892 for (i = 0; i < nsrcs; i++) 893 if (srcs[i] == psf->sf_inaddr) { 894 psf->sf_gsresp = 1; 895 scount++; 896 break; 897 } 898 } 899 if (!scount) { 900 pmc->gsquery = 0; 901 return 0; 902 } 903 pmc->gsquery = 1; 904 return 1; 905 } 906 907 /* return true if packet was dropped */ 908 static bool igmp_heard_report(struct in_device *in_dev, __be32 group) 909 { 910 struct ip_mc_list *im; 911 struct net *net = dev_net(in_dev->dev); 912 913 /* Timers are only set for non-local groups */ 914 915 if (group == IGMP_ALL_HOSTS) 916 return false; 917 if (ipv4_is_local_multicast(group) && !net->ipv4.sysctl_igmp_llm_reports) 918 return false; 919 920 rcu_read_lock(); 921 for_each_pmc_rcu(in_dev, im) { 922 if (im->multiaddr == group) { 923 igmp_stop_timer(im); 924 break; 925 } 926 } 927 rcu_read_unlock(); 928 return false; 929 } 930 931 /* return true if packet was dropped */ 932 static bool igmp_heard_query(struct in_device *in_dev, struct sk_buff *skb, 933 int len) 934 { 935 struct igmphdr *ih = igmp_hdr(skb); 936 struct igmpv3_query *ih3 = igmpv3_query_hdr(skb); 937 struct ip_mc_list *im; 938 __be32 group = ih->group; 939 int max_delay; 940 int mark = 0; 941 struct net *net = dev_net(in_dev->dev); 942 943 944 if (len == 8) { 945 if (ih->code == 0) { 946 /* Alas, old v1 router presents here. */ 947 948 max_delay = IGMP_QUERY_RESPONSE_INTERVAL; 949 in_dev->mr_v1_seen = jiffies + 950 (in_dev->mr_qrv * in_dev->mr_qi) + 951 in_dev->mr_qri; 952 group = 0; 953 } else { 954 /* v2 router present */ 955 max_delay = ih->code*(HZ/IGMP_TIMER_SCALE); 956 in_dev->mr_v2_seen = jiffies + 957 (in_dev->mr_qrv * in_dev->mr_qi) + 958 in_dev->mr_qri; 959 } 960 /* cancel the interface change timer */ 961 in_dev->mr_ifc_count = 0; 962 if (del_timer(&in_dev->mr_ifc_timer)) 963 __in_dev_put(in_dev); 964 /* clear deleted report items */ 965 igmpv3_clear_delrec(in_dev); 966 } else if (len < 12) { 967 return true; /* ignore bogus packet; freed by caller */ 968 } else if (IGMP_V1_SEEN(in_dev)) { 969 /* This is a v3 query with v1 queriers present */ 970 max_delay = IGMP_QUERY_RESPONSE_INTERVAL; 971 group = 0; 972 } else if (IGMP_V2_SEEN(in_dev)) { 973 /* this is a v3 query with v2 queriers present; 974 * Interpretation of the max_delay code is problematic here. 975 * A real v2 host would use ih_code directly, while v3 has a 976 * different encoding. We use the v3 encoding as more likely 977 * to be intended in a v3 query. 978 */ 979 max_delay = IGMPV3_MRC(ih3->code)*(HZ/IGMP_TIMER_SCALE); 980 if (!max_delay) 981 max_delay = 1; /* can't mod w/ 0 */ 982 } else { /* v3 */ 983 if (!pskb_may_pull(skb, sizeof(struct igmpv3_query))) 984 return true; 985 986 ih3 = igmpv3_query_hdr(skb); 987 if (ih3->nsrcs) { 988 if (!pskb_may_pull(skb, sizeof(struct igmpv3_query) 989 + ntohs(ih3->nsrcs)*sizeof(__be32))) 990 return true; 991 ih3 = igmpv3_query_hdr(skb); 992 } 993 994 max_delay = IGMPV3_MRC(ih3->code)*(HZ/IGMP_TIMER_SCALE); 995 if (!max_delay) 996 max_delay = 1; /* can't mod w/ 0 */ 997 in_dev->mr_maxdelay = max_delay; 998 999 /* RFC3376, 4.1.6. QRV and 4.1.7. QQIC, when the most recently 1000 * received value was zero, use the default or statically 1001 * configured value. 1002 */ 1003 in_dev->mr_qrv = ih3->qrv ?: net->ipv4.sysctl_igmp_qrv; 1004 in_dev->mr_qi = IGMPV3_QQIC(ih3->qqic)*HZ ?: IGMP_QUERY_INTERVAL; 1005 1006 /* RFC3376, 8.3. Query Response Interval: 1007 * The number of seconds represented by the [Query Response 1008 * Interval] must be less than the [Query Interval]. 1009 */ 1010 if (in_dev->mr_qri >= in_dev->mr_qi) 1011 in_dev->mr_qri = (in_dev->mr_qi/HZ - 1)*HZ; 1012 1013 if (!group) { /* general query */ 1014 if (ih3->nsrcs) 1015 return true; /* no sources allowed */ 1016 igmp_gq_start_timer(in_dev); 1017 return false; 1018 } 1019 /* mark sources to include, if group & source-specific */ 1020 mark = ih3->nsrcs != 0; 1021 } 1022 1023 /* 1024 * - Start the timers in all of our membership records 1025 * that the query applies to for the interface on 1026 * which the query arrived excl. those that belong 1027 * to a "local" group (224.0.0.X) 1028 * - For timers already running check if they need to 1029 * be reset. 1030 * - Use the igmp->igmp_code field as the maximum 1031 * delay possible 1032 */ 1033 rcu_read_lock(); 1034 for_each_pmc_rcu(in_dev, im) { 1035 int changed; 1036 1037 if (group && group != im->multiaddr) 1038 continue; 1039 if (im->multiaddr == IGMP_ALL_HOSTS) 1040 continue; 1041 if (ipv4_is_local_multicast(im->multiaddr) && 1042 !net->ipv4.sysctl_igmp_llm_reports) 1043 continue; 1044 spin_lock_bh(&im->lock); 1045 if (im->tm_running) 1046 im->gsquery = im->gsquery && mark; 1047 else 1048 im->gsquery = mark; 1049 changed = !im->gsquery || 1050 igmp_marksources(im, ntohs(ih3->nsrcs), ih3->srcs); 1051 spin_unlock_bh(&im->lock); 1052 if (changed) 1053 igmp_mod_timer(im, max_delay); 1054 } 1055 rcu_read_unlock(); 1056 return false; 1057 } 1058 1059 /* called in rcu_read_lock() section */ 1060 int igmp_rcv(struct sk_buff *skb) 1061 { 1062 /* This basically follows the spec line by line -- see RFC1112 */ 1063 struct igmphdr *ih; 1064 struct net_device *dev = skb->dev; 1065 struct in_device *in_dev; 1066 int len = skb->len; 1067 bool dropped = true; 1068 1069 if (netif_is_l3_master(dev)) { 1070 dev = dev_get_by_index_rcu(dev_net(dev), IPCB(skb)->iif); 1071 if (!dev) 1072 goto drop; 1073 } 1074 1075 in_dev = __in_dev_get_rcu(dev); 1076 if (!in_dev) 1077 goto drop; 1078 1079 if (!pskb_may_pull(skb, sizeof(struct igmphdr))) 1080 goto drop; 1081 1082 if (skb_checksum_simple_validate(skb)) 1083 goto drop; 1084 1085 ih = igmp_hdr(skb); 1086 switch (ih->type) { 1087 case IGMP_HOST_MEMBERSHIP_QUERY: 1088 dropped = igmp_heard_query(in_dev, skb, len); 1089 break; 1090 case IGMP_HOST_MEMBERSHIP_REPORT: 1091 case IGMPV2_HOST_MEMBERSHIP_REPORT: 1092 /* Is it our report looped back? */ 1093 if (rt_is_output_route(skb_rtable(skb))) 1094 break; 1095 /* don't rely on MC router hearing unicast reports */ 1096 if (skb->pkt_type == PACKET_MULTICAST || 1097 skb->pkt_type == PACKET_BROADCAST) 1098 dropped = igmp_heard_report(in_dev, ih->group); 1099 break; 1100 case IGMP_PIM: 1101 #ifdef CONFIG_IP_PIMSM_V1 1102 return pim_rcv_v1(skb); 1103 #endif 1104 case IGMPV3_HOST_MEMBERSHIP_REPORT: 1105 case IGMP_DVMRP: 1106 case IGMP_TRACE: 1107 case IGMP_HOST_LEAVE_MESSAGE: 1108 case IGMP_MTRACE: 1109 case IGMP_MTRACE_RESP: 1110 break; 1111 default: 1112 break; 1113 } 1114 1115 drop: 1116 if (dropped) 1117 kfree_skb(skb); 1118 else 1119 consume_skb(skb); 1120 return 0; 1121 } 1122 1123 #endif 1124 1125 1126 /* 1127 * Add a filter to a device 1128 */ 1129 1130 static void ip_mc_filter_add(struct in_device *in_dev, __be32 addr) 1131 { 1132 char buf[MAX_ADDR_LEN]; 1133 struct net_device *dev = in_dev->dev; 1134 1135 /* Checking for IFF_MULTICAST here is WRONG-WRONG-WRONG. 1136 We will get multicast token leakage, when IFF_MULTICAST 1137 is changed. This check should be done in ndo_set_rx_mode 1138 routine. Something sort of: 1139 if (dev->mc_list && dev->flags&IFF_MULTICAST) { do it; } 1140 --ANK 1141 */ 1142 if (arp_mc_map(addr, buf, dev, 0) == 0) 1143 dev_mc_add(dev, buf); 1144 } 1145 1146 /* 1147 * Remove a filter from a device 1148 */ 1149 1150 static void ip_mc_filter_del(struct in_device *in_dev, __be32 addr) 1151 { 1152 char buf[MAX_ADDR_LEN]; 1153 struct net_device *dev = in_dev->dev; 1154 1155 if (arp_mc_map(addr, buf, dev, 0) == 0) 1156 dev_mc_del(dev, buf); 1157 } 1158 1159 #ifdef CONFIG_IP_MULTICAST 1160 /* 1161 * deleted ip_mc_list manipulation 1162 */ 1163 static void igmpv3_add_delrec(struct in_device *in_dev, struct ip_mc_list *im, 1164 gfp_t gfp) 1165 { 1166 struct ip_mc_list *pmc; 1167 struct net *net = dev_net(in_dev->dev); 1168 1169 /* this is an "ip_mc_list" for convenience; only the fields below 1170 * are actually used. In particular, the refcnt and users are not 1171 * used for management of the delete list. Using the same structure 1172 * for deleted items allows change reports to use common code with 1173 * non-deleted or query-response MCA's. 1174 */ 1175 pmc = kzalloc(sizeof(*pmc), gfp); 1176 if (!pmc) 1177 return; 1178 spin_lock_init(&pmc->lock); 1179 spin_lock_bh(&im->lock); 1180 pmc->interface = im->interface; 1181 in_dev_hold(in_dev); 1182 pmc->multiaddr = im->multiaddr; 1183 pmc->crcount = in_dev->mr_qrv ?: net->ipv4.sysctl_igmp_qrv; 1184 pmc->sfmode = im->sfmode; 1185 if (pmc->sfmode == MCAST_INCLUDE) { 1186 struct ip_sf_list *psf; 1187 1188 pmc->tomb = im->tomb; 1189 pmc->sources = im->sources; 1190 im->tomb = im->sources = NULL; 1191 for (psf = pmc->sources; psf; psf = psf->sf_next) 1192 psf->sf_crcount = pmc->crcount; 1193 } 1194 spin_unlock_bh(&im->lock); 1195 1196 spin_lock_bh(&in_dev->mc_tomb_lock); 1197 pmc->next = in_dev->mc_tomb; 1198 in_dev->mc_tomb = pmc; 1199 spin_unlock_bh(&in_dev->mc_tomb_lock); 1200 } 1201 1202 /* 1203 * restore ip_mc_list deleted records 1204 */ 1205 static void igmpv3_del_delrec(struct in_device *in_dev, struct ip_mc_list *im) 1206 { 1207 struct ip_mc_list *pmc, *pmc_prev; 1208 struct ip_sf_list *psf; 1209 struct net *net = dev_net(in_dev->dev); 1210 __be32 multiaddr = im->multiaddr; 1211 1212 spin_lock_bh(&in_dev->mc_tomb_lock); 1213 pmc_prev = NULL; 1214 for (pmc = in_dev->mc_tomb; pmc; pmc = pmc->next) { 1215 if (pmc->multiaddr == multiaddr) 1216 break; 1217 pmc_prev = pmc; 1218 } 1219 if (pmc) { 1220 if (pmc_prev) 1221 pmc_prev->next = pmc->next; 1222 else 1223 in_dev->mc_tomb = pmc->next; 1224 } 1225 spin_unlock_bh(&in_dev->mc_tomb_lock); 1226 1227 spin_lock_bh(&im->lock); 1228 if (pmc) { 1229 im->interface = pmc->interface; 1230 if (im->sfmode == MCAST_INCLUDE) { 1231 im->tomb = pmc->tomb; 1232 pmc->tomb = NULL; 1233 1234 im->sources = pmc->sources; 1235 pmc->sources = NULL; 1236 1237 for (psf = im->sources; psf; psf = psf->sf_next) 1238 psf->sf_crcount = in_dev->mr_qrv ?: net->ipv4.sysctl_igmp_qrv; 1239 } else { 1240 im->crcount = in_dev->mr_qrv ?: net->ipv4.sysctl_igmp_qrv; 1241 } 1242 in_dev_put(pmc->interface); 1243 kfree_pmc(pmc); 1244 } 1245 spin_unlock_bh(&im->lock); 1246 } 1247 1248 /* 1249 * flush ip_mc_list deleted records 1250 */ 1251 static void igmpv3_clear_delrec(struct in_device *in_dev) 1252 { 1253 struct ip_mc_list *pmc, *nextpmc; 1254 1255 spin_lock_bh(&in_dev->mc_tomb_lock); 1256 pmc = in_dev->mc_tomb; 1257 in_dev->mc_tomb = NULL; 1258 spin_unlock_bh(&in_dev->mc_tomb_lock); 1259 1260 for (; pmc; pmc = nextpmc) { 1261 nextpmc = pmc->next; 1262 ip_mc_clear_src(pmc); 1263 in_dev_put(pmc->interface); 1264 kfree_pmc(pmc); 1265 } 1266 /* clear dead sources, too */ 1267 rcu_read_lock(); 1268 for_each_pmc_rcu(in_dev, pmc) { 1269 struct ip_sf_list *psf; 1270 1271 spin_lock_bh(&pmc->lock); 1272 psf = pmc->tomb; 1273 pmc->tomb = NULL; 1274 spin_unlock_bh(&pmc->lock); 1275 ip_sf_list_clear_all(psf); 1276 } 1277 rcu_read_unlock(); 1278 } 1279 #endif 1280 1281 static void __igmp_group_dropped(struct ip_mc_list *im, gfp_t gfp) 1282 { 1283 struct in_device *in_dev = im->interface; 1284 #ifdef CONFIG_IP_MULTICAST 1285 struct net *net = dev_net(in_dev->dev); 1286 int reporter; 1287 #endif 1288 1289 if (im->loaded) { 1290 im->loaded = 0; 1291 ip_mc_filter_del(in_dev, im->multiaddr); 1292 } 1293 1294 #ifdef CONFIG_IP_MULTICAST 1295 if (im->multiaddr == IGMP_ALL_HOSTS) 1296 return; 1297 if (ipv4_is_local_multicast(im->multiaddr) && !net->ipv4.sysctl_igmp_llm_reports) 1298 return; 1299 1300 reporter = im->reporter; 1301 igmp_stop_timer(im); 1302 1303 if (!in_dev->dead) { 1304 if (IGMP_V1_SEEN(in_dev)) 1305 return; 1306 if (IGMP_V2_SEEN(in_dev)) { 1307 if (reporter) 1308 igmp_send_report(in_dev, im, IGMP_HOST_LEAVE_MESSAGE); 1309 return; 1310 } 1311 /* IGMPv3 */ 1312 igmpv3_add_delrec(in_dev, im, gfp); 1313 1314 igmp_ifc_event(in_dev); 1315 } 1316 #endif 1317 } 1318 1319 static void igmp_group_dropped(struct ip_mc_list *im) 1320 { 1321 __igmp_group_dropped(im, GFP_KERNEL); 1322 } 1323 1324 static void igmp_group_added(struct ip_mc_list *im) 1325 { 1326 struct in_device *in_dev = im->interface; 1327 #ifdef CONFIG_IP_MULTICAST 1328 struct net *net = dev_net(in_dev->dev); 1329 #endif 1330 1331 if (im->loaded == 0) { 1332 im->loaded = 1; 1333 ip_mc_filter_add(in_dev, im->multiaddr); 1334 } 1335 1336 #ifdef CONFIG_IP_MULTICAST 1337 if (im->multiaddr == IGMP_ALL_HOSTS) 1338 return; 1339 if (ipv4_is_local_multicast(im->multiaddr) && !net->ipv4.sysctl_igmp_llm_reports) 1340 return; 1341 1342 if (in_dev->dead) 1343 return; 1344 1345 im->unsolicit_count = net->ipv4.sysctl_igmp_qrv; 1346 if (IGMP_V1_SEEN(in_dev) || IGMP_V2_SEEN(in_dev)) { 1347 spin_lock_bh(&im->lock); 1348 igmp_start_timer(im, IGMP_INITIAL_REPORT_DELAY); 1349 spin_unlock_bh(&im->lock); 1350 return; 1351 } 1352 /* else, v3 */ 1353 1354 /* Based on RFC3376 5.1, for newly added INCLUDE SSM, we should 1355 * not send filter-mode change record as the mode should be from 1356 * IN() to IN(A). 1357 */ 1358 if (im->sfmode == MCAST_EXCLUDE) 1359 im->crcount = in_dev->mr_qrv ?: net->ipv4.sysctl_igmp_qrv; 1360 1361 igmp_ifc_event(in_dev); 1362 #endif 1363 } 1364 1365 1366 /* 1367 * Multicast list managers 1368 */ 1369 1370 static u32 ip_mc_hash(const struct ip_mc_list *im) 1371 { 1372 return hash_32((__force u32)im->multiaddr, MC_HASH_SZ_LOG); 1373 } 1374 1375 static void ip_mc_hash_add(struct in_device *in_dev, 1376 struct ip_mc_list *im) 1377 { 1378 struct ip_mc_list __rcu **mc_hash; 1379 u32 hash; 1380 1381 mc_hash = rtnl_dereference(in_dev->mc_hash); 1382 if (mc_hash) { 1383 hash = ip_mc_hash(im); 1384 im->next_hash = mc_hash[hash]; 1385 rcu_assign_pointer(mc_hash[hash], im); 1386 return; 1387 } 1388 1389 /* do not use a hash table for small number of items */ 1390 if (in_dev->mc_count < 4) 1391 return; 1392 1393 mc_hash = kzalloc(sizeof(struct ip_mc_list *) << MC_HASH_SZ_LOG, 1394 GFP_KERNEL); 1395 if (!mc_hash) 1396 return; 1397 1398 for_each_pmc_rtnl(in_dev, im) { 1399 hash = ip_mc_hash(im); 1400 im->next_hash = mc_hash[hash]; 1401 RCU_INIT_POINTER(mc_hash[hash], im); 1402 } 1403 1404 rcu_assign_pointer(in_dev->mc_hash, mc_hash); 1405 } 1406 1407 static void ip_mc_hash_remove(struct in_device *in_dev, 1408 struct ip_mc_list *im) 1409 { 1410 struct ip_mc_list __rcu **mc_hash = rtnl_dereference(in_dev->mc_hash); 1411 struct ip_mc_list *aux; 1412 1413 if (!mc_hash) 1414 return; 1415 mc_hash += ip_mc_hash(im); 1416 while ((aux = rtnl_dereference(*mc_hash)) != im) 1417 mc_hash = &aux->next_hash; 1418 *mc_hash = im->next_hash; 1419 } 1420 1421 1422 /* 1423 * A socket has joined a multicast group on device dev. 1424 */ 1425 static void ____ip_mc_inc_group(struct in_device *in_dev, __be32 addr, 1426 unsigned int mode, gfp_t gfp) 1427 { 1428 struct ip_mc_list *im; 1429 1430 ASSERT_RTNL(); 1431 1432 for_each_pmc_rtnl(in_dev, im) { 1433 if (im->multiaddr == addr) { 1434 im->users++; 1435 ip_mc_add_src(in_dev, &addr, mode, 0, NULL, 0); 1436 goto out; 1437 } 1438 } 1439 1440 im = kzalloc(sizeof(*im), gfp); 1441 if (!im) 1442 goto out; 1443 1444 im->users = 1; 1445 im->interface = in_dev; 1446 in_dev_hold(in_dev); 1447 im->multiaddr = addr; 1448 /* initial mode is (EX, empty) */ 1449 im->sfmode = mode; 1450 im->sfcount[mode] = 1; 1451 refcount_set(&im->refcnt, 1); 1452 spin_lock_init(&im->lock); 1453 #ifdef CONFIG_IP_MULTICAST 1454 timer_setup(&im->timer, igmp_timer_expire, 0); 1455 #endif 1456 1457 im->next_rcu = in_dev->mc_list; 1458 in_dev->mc_count++; 1459 rcu_assign_pointer(in_dev->mc_list, im); 1460 1461 ip_mc_hash_add(in_dev, im); 1462 1463 #ifdef CONFIG_IP_MULTICAST 1464 igmpv3_del_delrec(in_dev, im); 1465 #endif 1466 igmp_group_added(im); 1467 if (!in_dev->dead) 1468 ip_rt_multicast_event(in_dev); 1469 out: 1470 return; 1471 } 1472 1473 void __ip_mc_inc_group(struct in_device *in_dev, __be32 addr, gfp_t gfp) 1474 { 1475 ____ip_mc_inc_group(in_dev, addr, MCAST_EXCLUDE, gfp); 1476 } 1477 EXPORT_SYMBOL(__ip_mc_inc_group); 1478 1479 void ip_mc_inc_group(struct in_device *in_dev, __be32 addr) 1480 { 1481 __ip_mc_inc_group(in_dev, addr, MCAST_EXCLUDE); 1482 } 1483 EXPORT_SYMBOL(ip_mc_inc_group); 1484 1485 static int ip_mc_check_iphdr(struct sk_buff *skb) 1486 { 1487 const struct iphdr *iph; 1488 unsigned int len; 1489 unsigned int offset = skb_network_offset(skb) + sizeof(*iph); 1490 1491 if (!pskb_may_pull(skb, offset)) 1492 return -EINVAL; 1493 1494 iph = ip_hdr(skb); 1495 1496 if (iph->version != 4 || ip_hdrlen(skb) < sizeof(*iph)) 1497 return -EINVAL; 1498 1499 offset += ip_hdrlen(skb) - sizeof(*iph); 1500 1501 if (!pskb_may_pull(skb, offset)) 1502 return -EINVAL; 1503 1504 iph = ip_hdr(skb); 1505 1506 if (unlikely(ip_fast_csum((u8 *)iph, iph->ihl))) 1507 return -EINVAL; 1508 1509 len = skb_network_offset(skb) + ntohs(iph->tot_len); 1510 if (skb->len < len || len < offset) 1511 return -EINVAL; 1512 1513 skb_set_transport_header(skb, offset); 1514 1515 return 0; 1516 } 1517 1518 static int ip_mc_check_igmp_reportv3(struct sk_buff *skb) 1519 { 1520 unsigned int len = skb_transport_offset(skb); 1521 1522 len += sizeof(struct igmpv3_report); 1523 1524 return ip_mc_may_pull(skb, len) ? 0 : -EINVAL; 1525 } 1526 1527 static int ip_mc_check_igmp_query(struct sk_buff *skb) 1528 { 1529 unsigned int transport_len = ip_transport_len(skb); 1530 unsigned int len; 1531 1532 /* IGMPv{1,2}? */ 1533 if (transport_len != sizeof(struct igmphdr)) { 1534 /* or IGMPv3? */ 1535 if (transport_len < sizeof(struct igmpv3_query)) 1536 return -EINVAL; 1537 1538 len = skb_transport_offset(skb) + sizeof(struct igmpv3_query); 1539 if (!ip_mc_may_pull(skb, len)) 1540 return -EINVAL; 1541 } 1542 1543 /* RFC2236+RFC3376 (IGMPv2+IGMPv3) require the multicast link layer 1544 * all-systems destination addresses (224.0.0.1) for general queries 1545 */ 1546 if (!igmp_hdr(skb)->group && 1547 ip_hdr(skb)->daddr != htonl(INADDR_ALLHOSTS_GROUP)) 1548 return -EINVAL; 1549 1550 return 0; 1551 } 1552 1553 static int ip_mc_check_igmp_msg(struct sk_buff *skb) 1554 { 1555 switch (igmp_hdr(skb)->type) { 1556 case IGMP_HOST_LEAVE_MESSAGE: 1557 case IGMP_HOST_MEMBERSHIP_REPORT: 1558 case IGMPV2_HOST_MEMBERSHIP_REPORT: 1559 return 0; 1560 case IGMPV3_HOST_MEMBERSHIP_REPORT: 1561 return ip_mc_check_igmp_reportv3(skb); 1562 case IGMP_HOST_MEMBERSHIP_QUERY: 1563 return ip_mc_check_igmp_query(skb); 1564 default: 1565 return -ENOMSG; 1566 } 1567 } 1568 1569 static inline __sum16 ip_mc_validate_checksum(struct sk_buff *skb) 1570 { 1571 return skb_checksum_simple_validate(skb); 1572 } 1573 1574 static int ip_mc_check_igmp_csum(struct sk_buff *skb) 1575 { 1576 unsigned int len = skb_transport_offset(skb) + sizeof(struct igmphdr); 1577 unsigned int transport_len = ip_transport_len(skb); 1578 struct sk_buff *skb_chk; 1579 1580 if (!ip_mc_may_pull(skb, len)) 1581 return -EINVAL; 1582 1583 skb_chk = skb_checksum_trimmed(skb, transport_len, 1584 ip_mc_validate_checksum); 1585 if (!skb_chk) 1586 return -EINVAL; 1587 1588 if (skb_chk != skb) 1589 kfree_skb(skb_chk); 1590 1591 return 0; 1592 } 1593 1594 /** 1595 * ip_mc_check_igmp - checks whether this is a sane IGMP packet 1596 * @skb: the skb to validate 1597 * 1598 * Checks whether an IPv4 packet is a valid IGMP packet. If so sets 1599 * skb transport header accordingly and returns zero. 1600 * 1601 * -EINVAL: A broken packet was detected, i.e. it violates some internet 1602 * standard 1603 * -ENOMSG: IP header validation succeeded but it is not an IGMP packet. 1604 * -ENOMEM: A memory allocation failure happened. 1605 * 1606 * Caller needs to set the skb network header and free any returned skb if it 1607 * differs from the provided skb. 1608 */ 1609 int ip_mc_check_igmp(struct sk_buff *skb) 1610 { 1611 int ret = ip_mc_check_iphdr(skb); 1612 1613 if (ret < 0) 1614 return ret; 1615 1616 if (ip_hdr(skb)->protocol != IPPROTO_IGMP) 1617 return -ENOMSG; 1618 1619 ret = ip_mc_check_igmp_csum(skb); 1620 if (ret < 0) 1621 return ret; 1622 1623 return ip_mc_check_igmp_msg(skb); 1624 } 1625 EXPORT_SYMBOL(ip_mc_check_igmp); 1626 1627 /* 1628 * Resend IGMP JOIN report; used by netdev notifier. 1629 */ 1630 static void ip_mc_rejoin_groups(struct in_device *in_dev) 1631 { 1632 #ifdef CONFIG_IP_MULTICAST 1633 struct ip_mc_list *im; 1634 int type; 1635 struct net *net = dev_net(in_dev->dev); 1636 1637 ASSERT_RTNL(); 1638 1639 for_each_pmc_rtnl(in_dev, im) { 1640 if (im->multiaddr == IGMP_ALL_HOSTS) 1641 continue; 1642 if (ipv4_is_local_multicast(im->multiaddr) && 1643 !net->ipv4.sysctl_igmp_llm_reports) 1644 continue; 1645 1646 /* a failover is happening and switches 1647 * must be notified immediately 1648 */ 1649 if (IGMP_V1_SEEN(in_dev)) 1650 type = IGMP_HOST_MEMBERSHIP_REPORT; 1651 else if (IGMP_V2_SEEN(in_dev)) 1652 type = IGMPV2_HOST_MEMBERSHIP_REPORT; 1653 else 1654 type = IGMPV3_HOST_MEMBERSHIP_REPORT; 1655 igmp_send_report(in_dev, im, type); 1656 } 1657 #endif 1658 } 1659 1660 /* 1661 * A socket has left a multicast group on device dev 1662 */ 1663 1664 void __ip_mc_dec_group(struct in_device *in_dev, __be32 addr, gfp_t gfp) 1665 { 1666 struct ip_mc_list *i; 1667 struct ip_mc_list __rcu **ip; 1668 1669 ASSERT_RTNL(); 1670 1671 for (ip = &in_dev->mc_list; 1672 (i = rtnl_dereference(*ip)) != NULL; 1673 ip = &i->next_rcu) { 1674 if (i->multiaddr == addr) { 1675 if (--i->users == 0) { 1676 ip_mc_hash_remove(in_dev, i); 1677 *ip = i->next_rcu; 1678 in_dev->mc_count--; 1679 __igmp_group_dropped(i, gfp); 1680 ip_mc_clear_src(i); 1681 1682 if (!in_dev->dead) 1683 ip_rt_multicast_event(in_dev); 1684 1685 ip_ma_put(i); 1686 return; 1687 } 1688 break; 1689 } 1690 } 1691 } 1692 EXPORT_SYMBOL(__ip_mc_dec_group); 1693 1694 /* Device changing type */ 1695 1696 void ip_mc_unmap(struct in_device *in_dev) 1697 { 1698 struct ip_mc_list *pmc; 1699 1700 ASSERT_RTNL(); 1701 1702 for_each_pmc_rtnl(in_dev, pmc) 1703 igmp_group_dropped(pmc); 1704 } 1705 1706 void ip_mc_remap(struct in_device *in_dev) 1707 { 1708 struct ip_mc_list *pmc; 1709 1710 ASSERT_RTNL(); 1711 1712 for_each_pmc_rtnl(in_dev, pmc) { 1713 #ifdef CONFIG_IP_MULTICAST 1714 igmpv3_del_delrec(in_dev, pmc); 1715 #endif 1716 igmp_group_added(pmc); 1717 } 1718 } 1719 1720 /* Device going down */ 1721 1722 void ip_mc_down(struct in_device *in_dev) 1723 { 1724 struct ip_mc_list *pmc; 1725 1726 ASSERT_RTNL(); 1727 1728 for_each_pmc_rtnl(in_dev, pmc) 1729 igmp_group_dropped(pmc); 1730 1731 #ifdef CONFIG_IP_MULTICAST 1732 in_dev->mr_ifc_count = 0; 1733 if (del_timer(&in_dev->mr_ifc_timer)) 1734 __in_dev_put(in_dev); 1735 in_dev->mr_gq_running = 0; 1736 if (del_timer(&in_dev->mr_gq_timer)) 1737 __in_dev_put(in_dev); 1738 #endif 1739 1740 ip_mc_dec_group(in_dev, IGMP_ALL_HOSTS); 1741 } 1742 1743 #ifdef CONFIG_IP_MULTICAST 1744 static void ip_mc_reset(struct in_device *in_dev) 1745 { 1746 struct net *net = dev_net(in_dev->dev); 1747 1748 in_dev->mr_qi = IGMP_QUERY_INTERVAL; 1749 in_dev->mr_qri = IGMP_QUERY_RESPONSE_INTERVAL; 1750 in_dev->mr_qrv = net->ipv4.sysctl_igmp_qrv; 1751 } 1752 #else 1753 static void ip_mc_reset(struct in_device *in_dev) 1754 { 1755 } 1756 #endif 1757 1758 void ip_mc_init_dev(struct in_device *in_dev) 1759 { 1760 ASSERT_RTNL(); 1761 1762 #ifdef CONFIG_IP_MULTICAST 1763 timer_setup(&in_dev->mr_gq_timer, igmp_gq_timer_expire, 0); 1764 timer_setup(&in_dev->mr_ifc_timer, igmp_ifc_timer_expire, 0); 1765 #endif 1766 ip_mc_reset(in_dev); 1767 1768 spin_lock_init(&in_dev->mc_tomb_lock); 1769 } 1770 1771 /* Device going up */ 1772 1773 void ip_mc_up(struct in_device *in_dev) 1774 { 1775 struct ip_mc_list *pmc; 1776 1777 ASSERT_RTNL(); 1778 1779 ip_mc_reset(in_dev); 1780 ip_mc_inc_group(in_dev, IGMP_ALL_HOSTS); 1781 1782 for_each_pmc_rtnl(in_dev, pmc) { 1783 #ifdef CONFIG_IP_MULTICAST 1784 igmpv3_del_delrec(in_dev, pmc); 1785 #endif 1786 igmp_group_added(pmc); 1787 } 1788 } 1789 1790 /* 1791 * Device is about to be destroyed: clean up. 1792 */ 1793 1794 void ip_mc_destroy_dev(struct in_device *in_dev) 1795 { 1796 struct ip_mc_list *i; 1797 1798 ASSERT_RTNL(); 1799 1800 /* Deactivate timers */ 1801 ip_mc_down(in_dev); 1802 #ifdef CONFIG_IP_MULTICAST 1803 igmpv3_clear_delrec(in_dev); 1804 #endif 1805 1806 while ((i = rtnl_dereference(in_dev->mc_list)) != NULL) { 1807 in_dev->mc_list = i->next_rcu; 1808 in_dev->mc_count--; 1809 ip_ma_put(i); 1810 } 1811 } 1812 1813 /* RTNL is locked */ 1814 static struct in_device *ip_mc_find_dev(struct net *net, struct ip_mreqn *imr) 1815 { 1816 struct net_device *dev = NULL; 1817 struct in_device *idev = NULL; 1818 1819 if (imr->imr_ifindex) { 1820 idev = inetdev_by_index(net, imr->imr_ifindex); 1821 return idev; 1822 } 1823 if (imr->imr_address.s_addr) { 1824 dev = __ip_dev_find(net, imr->imr_address.s_addr, false); 1825 if (!dev) 1826 return NULL; 1827 } 1828 1829 if (!dev) { 1830 struct rtable *rt = ip_route_output(net, 1831 imr->imr_multiaddr.s_addr, 1832 0, 0, 0); 1833 if (!IS_ERR(rt)) { 1834 dev = rt->dst.dev; 1835 ip_rt_put(rt); 1836 } 1837 } 1838 if (dev) { 1839 imr->imr_ifindex = dev->ifindex; 1840 idev = __in_dev_get_rtnl(dev); 1841 } 1842 return idev; 1843 } 1844 1845 /* 1846 * Join a socket to a group 1847 */ 1848 1849 static int ip_mc_del1_src(struct ip_mc_list *pmc, int sfmode, 1850 __be32 *psfsrc) 1851 { 1852 struct ip_sf_list *psf, *psf_prev; 1853 int rv = 0; 1854 1855 psf_prev = NULL; 1856 for (psf = pmc->sources; psf; psf = psf->sf_next) { 1857 if (psf->sf_inaddr == *psfsrc) 1858 break; 1859 psf_prev = psf; 1860 } 1861 if (!psf || psf->sf_count[sfmode] == 0) { 1862 /* source filter not found, or count wrong => bug */ 1863 return -ESRCH; 1864 } 1865 psf->sf_count[sfmode]--; 1866 if (psf->sf_count[sfmode] == 0) { 1867 ip_rt_multicast_event(pmc->interface); 1868 } 1869 if (!psf->sf_count[MCAST_INCLUDE] && !psf->sf_count[MCAST_EXCLUDE]) { 1870 #ifdef CONFIG_IP_MULTICAST 1871 struct in_device *in_dev = pmc->interface; 1872 struct net *net = dev_net(in_dev->dev); 1873 #endif 1874 1875 /* no more filters for this source */ 1876 if (psf_prev) 1877 psf_prev->sf_next = psf->sf_next; 1878 else 1879 pmc->sources = psf->sf_next; 1880 #ifdef CONFIG_IP_MULTICAST 1881 if (psf->sf_oldin && 1882 !IGMP_V1_SEEN(in_dev) && !IGMP_V2_SEEN(in_dev)) { 1883 psf->sf_crcount = in_dev->mr_qrv ?: net->ipv4.sysctl_igmp_qrv; 1884 psf->sf_next = pmc->tomb; 1885 pmc->tomb = psf; 1886 rv = 1; 1887 } else 1888 #endif 1889 kfree(psf); 1890 } 1891 return rv; 1892 } 1893 1894 #ifndef CONFIG_IP_MULTICAST 1895 #define igmp_ifc_event(x) do { } while (0) 1896 #endif 1897 1898 static int ip_mc_del_src(struct in_device *in_dev, __be32 *pmca, int sfmode, 1899 int sfcount, __be32 *psfsrc, int delta) 1900 { 1901 struct ip_mc_list *pmc; 1902 int changerec = 0; 1903 int i, err; 1904 1905 if (!in_dev) 1906 return -ENODEV; 1907 rcu_read_lock(); 1908 for_each_pmc_rcu(in_dev, pmc) { 1909 if (*pmca == pmc->multiaddr) 1910 break; 1911 } 1912 if (!pmc) { 1913 /* MCA not found?? bug */ 1914 rcu_read_unlock(); 1915 return -ESRCH; 1916 } 1917 spin_lock_bh(&pmc->lock); 1918 rcu_read_unlock(); 1919 #ifdef CONFIG_IP_MULTICAST 1920 sf_markstate(pmc); 1921 #endif 1922 if (!delta) { 1923 err = -EINVAL; 1924 if (!pmc->sfcount[sfmode]) 1925 goto out_unlock; 1926 pmc->sfcount[sfmode]--; 1927 } 1928 err = 0; 1929 for (i = 0; i < sfcount; i++) { 1930 int rv = ip_mc_del1_src(pmc, sfmode, &psfsrc[i]); 1931 1932 changerec |= rv > 0; 1933 if (!err && rv < 0) 1934 err = rv; 1935 } 1936 if (pmc->sfmode == MCAST_EXCLUDE && 1937 pmc->sfcount[MCAST_EXCLUDE] == 0 && 1938 pmc->sfcount[MCAST_INCLUDE]) { 1939 #ifdef CONFIG_IP_MULTICAST 1940 struct ip_sf_list *psf; 1941 struct net *net = dev_net(in_dev->dev); 1942 #endif 1943 1944 /* filter mode change */ 1945 pmc->sfmode = MCAST_INCLUDE; 1946 #ifdef CONFIG_IP_MULTICAST 1947 pmc->crcount = in_dev->mr_qrv ?: net->ipv4.sysctl_igmp_qrv; 1948 in_dev->mr_ifc_count = pmc->crcount; 1949 for (psf = pmc->sources; psf; psf = psf->sf_next) 1950 psf->sf_crcount = 0; 1951 igmp_ifc_event(pmc->interface); 1952 } else if (sf_setstate(pmc) || changerec) { 1953 igmp_ifc_event(pmc->interface); 1954 #endif 1955 } 1956 out_unlock: 1957 spin_unlock_bh(&pmc->lock); 1958 return err; 1959 } 1960 1961 /* 1962 * Add multicast single-source filter to the interface list 1963 */ 1964 static int ip_mc_add1_src(struct ip_mc_list *pmc, int sfmode, 1965 __be32 *psfsrc) 1966 { 1967 struct ip_sf_list *psf, *psf_prev; 1968 1969 psf_prev = NULL; 1970 for (psf = pmc->sources; psf; psf = psf->sf_next) { 1971 if (psf->sf_inaddr == *psfsrc) 1972 break; 1973 psf_prev = psf; 1974 } 1975 if (!psf) { 1976 psf = kzalloc(sizeof(*psf), GFP_ATOMIC); 1977 if (!psf) 1978 return -ENOBUFS; 1979 psf->sf_inaddr = *psfsrc; 1980 if (psf_prev) { 1981 psf_prev->sf_next = psf; 1982 } else 1983 pmc->sources = psf; 1984 } 1985 psf->sf_count[sfmode]++; 1986 if (psf->sf_count[sfmode] == 1) { 1987 ip_rt_multicast_event(pmc->interface); 1988 } 1989 return 0; 1990 } 1991 1992 #ifdef CONFIG_IP_MULTICAST 1993 static void sf_markstate(struct ip_mc_list *pmc) 1994 { 1995 struct ip_sf_list *psf; 1996 int mca_xcount = pmc->sfcount[MCAST_EXCLUDE]; 1997 1998 for (psf = pmc->sources; psf; psf = psf->sf_next) 1999 if (pmc->sfcount[MCAST_EXCLUDE]) { 2000 psf->sf_oldin = mca_xcount == 2001 psf->sf_count[MCAST_EXCLUDE] && 2002 !psf->sf_count[MCAST_INCLUDE]; 2003 } else 2004 psf->sf_oldin = psf->sf_count[MCAST_INCLUDE] != 0; 2005 } 2006 2007 static int sf_setstate(struct ip_mc_list *pmc) 2008 { 2009 struct ip_sf_list *psf, *dpsf; 2010 int mca_xcount = pmc->sfcount[MCAST_EXCLUDE]; 2011 int qrv = pmc->interface->mr_qrv; 2012 int new_in, rv; 2013 2014 rv = 0; 2015 for (psf = pmc->sources; psf; psf = psf->sf_next) { 2016 if (pmc->sfcount[MCAST_EXCLUDE]) { 2017 new_in = mca_xcount == psf->sf_count[MCAST_EXCLUDE] && 2018 !psf->sf_count[MCAST_INCLUDE]; 2019 } else 2020 new_in = psf->sf_count[MCAST_INCLUDE] != 0; 2021 if (new_in) { 2022 if (!psf->sf_oldin) { 2023 struct ip_sf_list *prev = NULL; 2024 2025 for (dpsf = pmc->tomb; dpsf; dpsf = dpsf->sf_next) { 2026 if (dpsf->sf_inaddr == psf->sf_inaddr) 2027 break; 2028 prev = dpsf; 2029 } 2030 if (dpsf) { 2031 if (prev) 2032 prev->sf_next = dpsf->sf_next; 2033 else 2034 pmc->tomb = dpsf->sf_next; 2035 kfree(dpsf); 2036 } 2037 psf->sf_crcount = qrv; 2038 rv++; 2039 } 2040 } else if (psf->sf_oldin) { 2041 2042 psf->sf_crcount = 0; 2043 /* 2044 * add or update "delete" records if an active filter 2045 * is now inactive 2046 */ 2047 for (dpsf = pmc->tomb; dpsf; dpsf = dpsf->sf_next) 2048 if (dpsf->sf_inaddr == psf->sf_inaddr) 2049 break; 2050 if (!dpsf) { 2051 dpsf = kmalloc(sizeof(*dpsf), GFP_ATOMIC); 2052 if (!dpsf) 2053 continue; 2054 *dpsf = *psf; 2055 /* pmc->lock held by callers */ 2056 dpsf->sf_next = pmc->tomb; 2057 pmc->tomb = dpsf; 2058 } 2059 dpsf->sf_crcount = qrv; 2060 rv++; 2061 } 2062 } 2063 return rv; 2064 } 2065 #endif 2066 2067 /* 2068 * Add multicast source filter list to the interface list 2069 */ 2070 static int ip_mc_add_src(struct in_device *in_dev, __be32 *pmca, int sfmode, 2071 int sfcount, __be32 *psfsrc, int delta) 2072 { 2073 struct ip_mc_list *pmc; 2074 int isexclude; 2075 int i, err; 2076 2077 if (!in_dev) 2078 return -ENODEV; 2079 rcu_read_lock(); 2080 for_each_pmc_rcu(in_dev, pmc) { 2081 if (*pmca == pmc->multiaddr) 2082 break; 2083 } 2084 if (!pmc) { 2085 /* MCA not found?? bug */ 2086 rcu_read_unlock(); 2087 return -ESRCH; 2088 } 2089 spin_lock_bh(&pmc->lock); 2090 rcu_read_unlock(); 2091 2092 #ifdef CONFIG_IP_MULTICAST 2093 sf_markstate(pmc); 2094 #endif 2095 isexclude = pmc->sfmode == MCAST_EXCLUDE; 2096 if (!delta) 2097 pmc->sfcount[sfmode]++; 2098 err = 0; 2099 for (i = 0; i < sfcount; i++) { 2100 err = ip_mc_add1_src(pmc, sfmode, &psfsrc[i]); 2101 if (err) 2102 break; 2103 } 2104 if (err) { 2105 int j; 2106 2107 if (!delta) 2108 pmc->sfcount[sfmode]--; 2109 for (j = 0; j < i; j++) 2110 (void) ip_mc_del1_src(pmc, sfmode, &psfsrc[j]); 2111 } else if (isexclude != (pmc->sfcount[MCAST_EXCLUDE] != 0)) { 2112 #ifdef CONFIG_IP_MULTICAST 2113 struct ip_sf_list *psf; 2114 struct net *net = dev_net(pmc->interface->dev); 2115 in_dev = pmc->interface; 2116 #endif 2117 2118 /* filter mode change */ 2119 if (pmc->sfcount[MCAST_EXCLUDE]) 2120 pmc->sfmode = MCAST_EXCLUDE; 2121 else if (pmc->sfcount[MCAST_INCLUDE]) 2122 pmc->sfmode = MCAST_INCLUDE; 2123 #ifdef CONFIG_IP_MULTICAST 2124 /* else no filters; keep old mode for reports */ 2125 2126 pmc->crcount = in_dev->mr_qrv ?: net->ipv4.sysctl_igmp_qrv; 2127 in_dev->mr_ifc_count = pmc->crcount; 2128 for (psf = pmc->sources; psf; psf = psf->sf_next) 2129 psf->sf_crcount = 0; 2130 igmp_ifc_event(in_dev); 2131 } else if (sf_setstate(pmc)) { 2132 igmp_ifc_event(in_dev); 2133 #endif 2134 } 2135 spin_unlock_bh(&pmc->lock); 2136 return err; 2137 } 2138 2139 static void ip_mc_clear_src(struct ip_mc_list *pmc) 2140 { 2141 struct ip_sf_list *tomb, *sources; 2142 2143 spin_lock_bh(&pmc->lock); 2144 tomb = pmc->tomb; 2145 pmc->tomb = NULL; 2146 sources = pmc->sources; 2147 pmc->sources = NULL; 2148 pmc->sfmode = MCAST_EXCLUDE; 2149 pmc->sfcount[MCAST_INCLUDE] = 0; 2150 pmc->sfcount[MCAST_EXCLUDE] = 1; 2151 spin_unlock_bh(&pmc->lock); 2152 2153 ip_sf_list_clear_all(tomb); 2154 ip_sf_list_clear_all(sources); 2155 } 2156 2157 /* Join a multicast group 2158 */ 2159 static int __ip_mc_join_group(struct sock *sk, struct ip_mreqn *imr, 2160 unsigned int mode) 2161 { 2162 __be32 addr = imr->imr_multiaddr.s_addr; 2163 struct ip_mc_socklist *iml, *i; 2164 struct in_device *in_dev; 2165 struct inet_sock *inet = inet_sk(sk); 2166 struct net *net = sock_net(sk); 2167 int ifindex; 2168 int count = 0; 2169 int err; 2170 2171 ASSERT_RTNL(); 2172 2173 if (!ipv4_is_multicast(addr)) 2174 return -EINVAL; 2175 2176 in_dev = ip_mc_find_dev(net, imr); 2177 2178 if (!in_dev) { 2179 err = -ENODEV; 2180 goto done; 2181 } 2182 2183 err = -EADDRINUSE; 2184 ifindex = imr->imr_ifindex; 2185 for_each_pmc_rtnl(inet, i) { 2186 if (i->multi.imr_multiaddr.s_addr == addr && 2187 i->multi.imr_ifindex == ifindex) 2188 goto done; 2189 count++; 2190 } 2191 err = -ENOBUFS; 2192 if (count >= net->ipv4.sysctl_igmp_max_memberships) 2193 goto done; 2194 iml = sock_kmalloc(sk, sizeof(*iml), GFP_KERNEL); 2195 if (!iml) 2196 goto done; 2197 2198 memcpy(&iml->multi, imr, sizeof(*imr)); 2199 iml->next_rcu = inet->mc_list; 2200 iml->sflist = NULL; 2201 iml->sfmode = mode; 2202 rcu_assign_pointer(inet->mc_list, iml); 2203 __ip_mc_inc_group(in_dev, addr, mode); 2204 err = 0; 2205 done: 2206 return err; 2207 } 2208 2209 /* Join ASM (Any-Source Multicast) group 2210 */ 2211 int ip_mc_join_group(struct sock *sk, struct ip_mreqn *imr) 2212 { 2213 return __ip_mc_join_group(sk, imr, MCAST_EXCLUDE); 2214 } 2215 EXPORT_SYMBOL(ip_mc_join_group); 2216 2217 /* Join SSM (Source-Specific Multicast) group 2218 */ 2219 int ip_mc_join_group_ssm(struct sock *sk, struct ip_mreqn *imr, 2220 unsigned int mode) 2221 { 2222 return __ip_mc_join_group(sk, imr, mode); 2223 } 2224 2225 static int ip_mc_leave_src(struct sock *sk, struct ip_mc_socklist *iml, 2226 struct in_device *in_dev) 2227 { 2228 struct ip_sf_socklist *psf = rtnl_dereference(iml->sflist); 2229 int err; 2230 2231 if (!psf) { 2232 /* any-source empty exclude case */ 2233 return ip_mc_del_src(in_dev, &iml->multi.imr_multiaddr.s_addr, 2234 iml->sfmode, 0, NULL, 0); 2235 } 2236 err = ip_mc_del_src(in_dev, &iml->multi.imr_multiaddr.s_addr, 2237 iml->sfmode, psf->sl_count, psf->sl_addr, 0); 2238 RCU_INIT_POINTER(iml->sflist, NULL); 2239 /* decrease mem now to avoid the memleak warning */ 2240 atomic_sub(IP_SFLSIZE(psf->sl_max), &sk->sk_omem_alloc); 2241 kfree_rcu(psf, rcu); 2242 return err; 2243 } 2244 2245 int ip_mc_leave_group(struct sock *sk, struct ip_mreqn *imr) 2246 { 2247 struct inet_sock *inet = inet_sk(sk); 2248 struct ip_mc_socklist *iml; 2249 struct ip_mc_socklist __rcu **imlp; 2250 struct in_device *in_dev; 2251 struct net *net = sock_net(sk); 2252 __be32 group = imr->imr_multiaddr.s_addr; 2253 u32 ifindex; 2254 int ret = -EADDRNOTAVAIL; 2255 2256 ASSERT_RTNL(); 2257 2258 in_dev = ip_mc_find_dev(net, imr); 2259 if (!imr->imr_ifindex && !imr->imr_address.s_addr && !in_dev) { 2260 ret = -ENODEV; 2261 goto out; 2262 } 2263 ifindex = imr->imr_ifindex; 2264 for (imlp = &inet->mc_list; 2265 (iml = rtnl_dereference(*imlp)) != NULL; 2266 imlp = &iml->next_rcu) { 2267 if (iml->multi.imr_multiaddr.s_addr != group) 2268 continue; 2269 if (ifindex) { 2270 if (iml->multi.imr_ifindex != ifindex) 2271 continue; 2272 } else if (imr->imr_address.s_addr && imr->imr_address.s_addr != 2273 iml->multi.imr_address.s_addr) 2274 continue; 2275 2276 (void) ip_mc_leave_src(sk, iml, in_dev); 2277 2278 *imlp = iml->next_rcu; 2279 2280 if (in_dev) 2281 ip_mc_dec_group(in_dev, group); 2282 2283 /* decrease mem now to avoid the memleak warning */ 2284 atomic_sub(sizeof(*iml), &sk->sk_omem_alloc); 2285 kfree_rcu(iml, rcu); 2286 return 0; 2287 } 2288 out: 2289 return ret; 2290 } 2291 EXPORT_SYMBOL(ip_mc_leave_group); 2292 2293 int ip_mc_source(int add, int omode, struct sock *sk, struct 2294 ip_mreq_source *mreqs, int ifindex) 2295 { 2296 int err; 2297 struct ip_mreqn imr; 2298 __be32 addr = mreqs->imr_multiaddr; 2299 struct ip_mc_socklist *pmc; 2300 struct in_device *in_dev = NULL; 2301 struct inet_sock *inet = inet_sk(sk); 2302 struct ip_sf_socklist *psl; 2303 struct net *net = sock_net(sk); 2304 int leavegroup = 0; 2305 int i, j, rv; 2306 2307 if (!ipv4_is_multicast(addr)) 2308 return -EINVAL; 2309 2310 ASSERT_RTNL(); 2311 2312 imr.imr_multiaddr.s_addr = mreqs->imr_multiaddr; 2313 imr.imr_address.s_addr = mreqs->imr_interface; 2314 imr.imr_ifindex = ifindex; 2315 in_dev = ip_mc_find_dev(net, &imr); 2316 2317 if (!in_dev) { 2318 err = -ENODEV; 2319 goto done; 2320 } 2321 err = -EADDRNOTAVAIL; 2322 2323 for_each_pmc_rtnl(inet, pmc) { 2324 if ((pmc->multi.imr_multiaddr.s_addr == 2325 imr.imr_multiaddr.s_addr) && 2326 (pmc->multi.imr_ifindex == imr.imr_ifindex)) 2327 break; 2328 } 2329 if (!pmc) { /* must have a prior join */ 2330 err = -EINVAL; 2331 goto done; 2332 } 2333 /* if a source filter was set, must be the same mode as before */ 2334 if (pmc->sflist) { 2335 if (pmc->sfmode != omode) { 2336 err = -EINVAL; 2337 goto done; 2338 } 2339 } else if (pmc->sfmode != omode) { 2340 /* allow mode switches for empty-set filters */ 2341 ip_mc_add_src(in_dev, &mreqs->imr_multiaddr, omode, 0, NULL, 0); 2342 ip_mc_del_src(in_dev, &mreqs->imr_multiaddr, pmc->sfmode, 0, 2343 NULL, 0); 2344 pmc->sfmode = omode; 2345 } 2346 2347 psl = rtnl_dereference(pmc->sflist); 2348 if (!add) { 2349 if (!psl) 2350 goto done; /* err = -EADDRNOTAVAIL */ 2351 rv = !0; 2352 for (i = 0; i < psl->sl_count; i++) { 2353 rv = memcmp(&psl->sl_addr[i], &mreqs->imr_sourceaddr, 2354 sizeof(__be32)); 2355 if (rv == 0) 2356 break; 2357 } 2358 if (rv) /* source not found */ 2359 goto done; /* err = -EADDRNOTAVAIL */ 2360 2361 /* special case - (INCLUDE, empty) == LEAVE_GROUP */ 2362 if (psl->sl_count == 1 && omode == MCAST_INCLUDE) { 2363 leavegroup = 1; 2364 goto done; 2365 } 2366 2367 /* update the interface filter */ 2368 ip_mc_del_src(in_dev, &mreqs->imr_multiaddr, omode, 1, 2369 &mreqs->imr_sourceaddr, 1); 2370 2371 for (j = i+1; j < psl->sl_count; j++) 2372 psl->sl_addr[j-1] = psl->sl_addr[j]; 2373 psl->sl_count--; 2374 err = 0; 2375 goto done; 2376 } 2377 /* else, add a new source to the filter */ 2378 2379 if (psl && psl->sl_count >= net->ipv4.sysctl_igmp_max_msf) { 2380 err = -ENOBUFS; 2381 goto done; 2382 } 2383 if (!psl || psl->sl_count == psl->sl_max) { 2384 struct ip_sf_socklist *newpsl; 2385 int count = IP_SFBLOCK; 2386 2387 if (psl) 2388 count += psl->sl_max; 2389 newpsl = sock_kmalloc(sk, IP_SFLSIZE(count), GFP_KERNEL); 2390 if (!newpsl) { 2391 err = -ENOBUFS; 2392 goto done; 2393 } 2394 newpsl->sl_max = count; 2395 newpsl->sl_count = count - IP_SFBLOCK; 2396 if (psl) { 2397 for (i = 0; i < psl->sl_count; i++) 2398 newpsl->sl_addr[i] = psl->sl_addr[i]; 2399 /* decrease mem now to avoid the memleak warning */ 2400 atomic_sub(IP_SFLSIZE(psl->sl_max), &sk->sk_omem_alloc); 2401 kfree_rcu(psl, rcu); 2402 } 2403 rcu_assign_pointer(pmc->sflist, newpsl); 2404 psl = newpsl; 2405 } 2406 rv = 1; /* > 0 for insert logic below if sl_count is 0 */ 2407 for (i = 0; i < psl->sl_count; i++) { 2408 rv = memcmp(&psl->sl_addr[i], &mreqs->imr_sourceaddr, 2409 sizeof(__be32)); 2410 if (rv == 0) 2411 break; 2412 } 2413 if (rv == 0) /* address already there is an error */ 2414 goto done; 2415 for (j = psl->sl_count-1; j >= i; j--) 2416 psl->sl_addr[j+1] = psl->sl_addr[j]; 2417 psl->sl_addr[i] = mreqs->imr_sourceaddr; 2418 psl->sl_count++; 2419 err = 0; 2420 /* update the interface list */ 2421 ip_mc_add_src(in_dev, &mreqs->imr_multiaddr, omode, 1, 2422 &mreqs->imr_sourceaddr, 1); 2423 done: 2424 if (leavegroup) 2425 err = ip_mc_leave_group(sk, &imr); 2426 return err; 2427 } 2428 2429 int ip_mc_msfilter(struct sock *sk, struct ip_msfilter *msf, int ifindex) 2430 { 2431 int err = 0; 2432 struct ip_mreqn imr; 2433 __be32 addr = msf->imsf_multiaddr; 2434 struct ip_mc_socklist *pmc; 2435 struct in_device *in_dev; 2436 struct inet_sock *inet = inet_sk(sk); 2437 struct ip_sf_socklist *newpsl, *psl; 2438 struct net *net = sock_net(sk); 2439 int leavegroup = 0; 2440 2441 if (!ipv4_is_multicast(addr)) 2442 return -EINVAL; 2443 if (msf->imsf_fmode != MCAST_INCLUDE && 2444 msf->imsf_fmode != MCAST_EXCLUDE) 2445 return -EINVAL; 2446 2447 ASSERT_RTNL(); 2448 2449 imr.imr_multiaddr.s_addr = msf->imsf_multiaddr; 2450 imr.imr_address.s_addr = msf->imsf_interface; 2451 imr.imr_ifindex = ifindex; 2452 in_dev = ip_mc_find_dev(net, &imr); 2453 2454 if (!in_dev) { 2455 err = -ENODEV; 2456 goto done; 2457 } 2458 2459 /* special case - (INCLUDE, empty) == LEAVE_GROUP */ 2460 if (msf->imsf_fmode == MCAST_INCLUDE && msf->imsf_numsrc == 0) { 2461 leavegroup = 1; 2462 goto done; 2463 } 2464 2465 for_each_pmc_rtnl(inet, pmc) { 2466 if (pmc->multi.imr_multiaddr.s_addr == msf->imsf_multiaddr && 2467 pmc->multi.imr_ifindex == imr.imr_ifindex) 2468 break; 2469 } 2470 if (!pmc) { /* must have a prior join */ 2471 err = -EINVAL; 2472 goto done; 2473 } 2474 if (msf->imsf_numsrc) { 2475 newpsl = sock_kmalloc(sk, IP_SFLSIZE(msf->imsf_numsrc), 2476 GFP_KERNEL); 2477 if (!newpsl) { 2478 err = -ENOBUFS; 2479 goto done; 2480 } 2481 newpsl->sl_max = newpsl->sl_count = msf->imsf_numsrc; 2482 memcpy(newpsl->sl_addr, msf->imsf_slist, 2483 msf->imsf_numsrc * sizeof(msf->imsf_slist[0])); 2484 err = ip_mc_add_src(in_dev, &msf->imsf_multiaddr, 2485 msf->imsf_fmode, newpsl->sl_count, newpsl->sl_addr, 0); 2486 if (err) { 2487 sock_kfree_s(sk, newpsl, IP_SFLSIZE(newpsl->sl_max)); 2488 goto done; 2489 } 2490 } else { 2491 newpsl = NULL; 2492 (void) ip_mc_add_src(in_dev, &msf->imsf_multiaddr, 2493 msf->imsf_fmode, 0, NULL, 0); 2494 } 2495 psl = rtnl_dereference(pmc->sflist); 2496 if (psl) { 2497 (void) ip_mc_del_src(in_dev, &msf->imsf_multiaddr, pmc->sfmode, 2498 psl->sl_count, psl->sl_addr, 0); 2499 /* decrease mem now to avoid the memleak warning */ 2500 atomic_sub(IP_SFLSIZE(psl->sl_max), &sk->sk_omem_alloc); 2501 kfree_rcu(psl, rcu); 2502 } else 2503 (void) ip_mc_del_src(in_dev, &msf->imsf_multiaddr, pmc->sfmode, 2504 0, NULL, 0); 2505 rcu_assign_pointer(pmc->sflist, newpsl); 2506 pmc->sfmode = msf->imsf_fmode; 2507 err = 0; 2508 done: 2509 if (leavegroup) 2510 err = ip_mc_leave_group(sk, &imr); 2511 return err; 2512 } 2513 2514 int ip_mc_msfget(struct sock *sk, struct ip_msfilter *msf, 2515 struct ip_msfilter __user *optval, int __user *optlen) 2516 { 2517 int err, len, count, copycount; 2518 struct ip_mreqn imr; 2519 __be32 addr = msf->imsf_multiaddr; 2520 struct ip_mc_socklist *pmc; 2521 struct in_device *in_dev; 2522 struct inet_sock *inet = inet_sk(sk); 2523 struct ip_sf_socklist *psl; 2524 struct net *net = sock_net(sk); 2525 2526 ASSERT_RTNL(); 2527 2528 if (!ipv4_is_multicast(addr)) 2529 return -EINVAL; 2530 2531 imr.imr_multiaddr.s_addr = msf->imsf_multiaddr; 2532 imr.imr_address.s_addr = msf->imsf_interface; 2533 imr.imr_ifindex = 0; 2534 in_dev = ip_mc_find_dev(net, &imr); 2535 2536 if (!in_dev) { 2537 err = -ENODEV; 2538 goto done; 2539 } 2540 err = -EADDRNOTAVAIL; 2541 2542 for_each_pmc_rtnl(inet, pmc) { 2543 if (pmc->multi.imr_multiaddr.s_addr == msf->imsf_multiaddr && 2544 pmc->multi.imr_ifindex == imr.imr_ifindex) 2545 break; 2546 } 2547 if (!pmc) /* must have a prior join */ 2548 goto done; 2549 msf->imsf_fmode = pmc->sfmode; 2550 psl = rtnl_dereference(pmc->sflist); 2551 if (!psl) { 2552 len = 0; 2553 count = 0; 2554 } else { 2555 count = psl->sl_count; 2556 } 2557 copycount = count < msf->imsf_numsrc ? count : msf->imsf_numsrc; 2558 len = copycount * sizeof(psl->sl_addr[0]); 2559 msf->imsf_numsrc = count; 2560 if (put_user(IP_MSFILTER_SIZE(copycount), optlen) || 2561 copy_to_user(optval, msf, IP_MSFILTER_SIZE(0))) { 2562 return -EFAULT; 2563 } 2564 if (len && 2565 copy_to_user(&optval->imsf_slist[0], psl->sl_addr, len)) 2566 return -EFAULT; 2567 return 0; 2568 done: 2569 return err; 2570 } 2571 2572 int ip_mc_gsfget(struct sock *sk, struct group_filter *gsf, 2573 struct group_filter __user *optval, int __user *optlen) 2574 { 2575 int err, i, count, copycount; 2576 struct sockaddr_in *psin; 2577 __be32 addr; 2578 struct ip_mc_socklist *pmc; 2579 struct inet_sock *inet = inet_sk(sk); 2580 struct ip_sf_socklist *psl; 2581 2582 ASSERT_RTNL(); 2583 2584 psin = (struct sockaddr_in *)&gsf->gf_group; 2585 if (psin->sin_family != AF_INET) 2586 return -EINVAL; 2587 addr = psin->sin_addr.s_addr; 2588 if (!ipv4_is_multicast(addr)) 2589 return -EINVAL; 2590 2591 err = -EADDRNOTAVAIL; 2592 2593 for_each_pmc_rtnl(inet, pmc) { 2594 if (pmc->multi.imr_multiaddr.s_addr == addr && 2595 pmc->multi.imr_ifindex == gsf->gf_interface) 2596 break; 2597 } 2598 if (!pmc) /* must have a prior join */ 2599 goto done; 2600 gsf->gf_fmode = pmc->sfmode; 2601 psl = rtnl_dereference(pmc->sflist); 2602 count = psl ? psl->sl_count : 0; 2603 copycount = count < gsf->gf_numsrc ? count : gsf->gf_numsrc; 2604 gsf->gf_numsrc = count; 2605 if (put_user(GROUP_FILTER_SIZE(copycount), optlen) || 2606 copy_to_user(optval, gsf, GROUP_FILTER_SIZE(0))) { 2607 return -EFAULT; 2608 } 2609 for (i = 0; i < copycount; i++) { 2610 struct sockaddr_storage ss; 2611 2612 psin = (struct sockaddr_in *)&ss; 2613 memset(&ss, 0, sizeof(ss)); 2614 psin->sin_family = AF_INET; 2615 psin->sin_addr.s_addr = psl->sl_addr[i]; 2616 if (copy_to_user(&optval->gf_slist[i], &ss, sizeof(ss))) 2617 return -EFAULT; 2618 } 2619 return 0; 2620 done: 2621 return err; 2622 } 2623 2624 /* 2625 * check if a multicast source filter allows delivery for a given <src,dst,intf> 2626 */ 2627 int ip_mc_sf_allow(struct sock *sk, __be32 loc_addr, __be32 rmt_addr, 2628 int dif, int sdif) 2629 { 2630 struct inet_sock *inet = inet_sk(sk); 2631 struct ip_mc_socklist *pmc; 2632 struct ip_sf_socklist *psl; 2633 int i; 2634 int ret; 2635 2636 ret = 1; 2637 if (!ipv4_is_multicast(loc_addr)) 2638 goto out; 2639 2640 rcu_read_lock(); 2641 for_each_pmc_rcu(inet, pmc) { 2642 if (pmc->multi.imr_multiaddr.s_addr == loc_addr && 2643 (pmc->multi.imr_ifindex == dif || 2644 (sdif && pmc->multi.imr_ifindex == sdif))) 2645 break; 2646 } 2647 ret = inet->mc_all; 2648 if (!pmc) 2649 goto unlock; 2650 psl = rcu_dereference(pmc->sflist); 2651 ret = (pmc->sfmode == MCAST_EXCLUDE); 2652 if (!psl) 2653 goto unlock; 2654 2655 for (i = 0; i < psl->sl_count; i++) { 2656 if (psl->sl_addr[i] == rmt_addr) 2657 break; 2658 } 2659 ret = 0; 2660 if (pmc->sfmode == MCAST_INCLUDE && i >= psl->sl_count) 2661 goto unlock; 2662 if (pmc->sfmode == MCAST_EXCLUDE && i < psl->sl_count) 2663 goto unlock; 2664 ret = 1; 2665 unlock: 2666 rcu_read_unlock(); 2667 out: 2668 return ret; 2669 } 2670 2671 /* 2672 * A socket is closing. 2673 */ 2674 2675 void ip_mc_drop_socket(struct sock *sk) 2676 { 2677 struct inet_sock *inet = inet_sk(sk); 2678 struct ip_mc_socklist *iml; 2679 struct net *net = sock_net(sk); 2680 2681 if (!inet->mc_list) 2682 return; 2683 2684 rtnl_lock(); 2685 while ((iml = rtnl_dereference(inet->mc_list)) != NULL) { 2686 struct in_device *in_dev; 2687 2688 inet->mc_list = iml->next_rcu; 2689 in_dev = inetdev_by_index(net, iml->multi.imr_ifindex); 2690 (void) ip_mc_leave_src(sk, iml, in_dev); 2691 if (in_dev) 2692 ip_mc_dec_group(in_dev, iml->multi.imr_multiaddr.s_addr); 2693 /* decrease mem now to avoid the memleak warning */ 2694 atomic_sub(sizeof(*iml), &sk->sk_omem_alloc); 2695 kfree_rcu(iml, rcu); 2696 } 2697 rtnl_unlock(); 2698 } 2699 2700 /* called with rcu_read_lock() */ 2701 int ip_check_mc_rcu(struct in_device *in_dev, __be32 mc_addr, __be32 src_addr, u8 proto) 2702 { 2703 struct ip_mc_list *im; 2704 struct ip_mc_list __rcu **mc_hash; 2705 struct ip_sf_list *psf; 2706 int rv = 0; 2707 2708 mc_hash = rcu_dereference(in_dev->mc_hash); 2709 if (mc_hash) { 2710 u32 hash = hash_32((__force u32)mc_addr, MC_HASH_SZ_LOG); 2711 2712 for (im = rcu_dereference(mc_hash[hash]); 2713 im != NULL; 2714 im = rcu_dereference(im->next_hash)) { 2715 if (im->multiaddr == mc_addr) 2716 break; 2717 } 2718 } else { 2719 for_each_pmc_rcu(in_dev, im) { 2720 if (im->multiaddr == mc_addr) 2721 break; 2722 } 2723 } 2724 if (im && proto == IPPROTO_IGMP) { 2725 rv = 1; 2726 } else if (im) { 2727 if (src_addr) { 2728 for (psf = im->sources; psf; psf = psf->sf_next) { 2729 if (psf->sf_inaddr == src_addr) 2730 break; 2731 } 2732 if (psf) 2733 rv = psf->sf_count[MCAST_INCLUDE] || 2734 psf->sf_count[MCAST_EXCLUDE] != 2735 im->sfcount[MCAST_EXCLUDE]; 2736 else 2737 rv = im->sfcount[MCAST_EXCLUDE] != 0; 2738 } else 2739 rv = 1; /* unspecified source; tentatively allow */ 2740 } 2741 return rv; 2742 } 2743 2744 #if defined(CONFIG_PROC_FS) 2745 struct igmp_mc_iter_state { 2746 struct seq_net_private p; 2747 struct net_device *dev; 2748 struct in_device *in_dev; 2749 }; 2750 2751 #define igmp_mc_seq_private(seq) ((struct igmp_mc_iter_state *)(seq)->private) 2752 2753 static inline struct ip_mc_list *igmp_mc_get_first(struct seq_file *seq) 2754 { 2755 struct net *net = seq_file_net(seq); 2756 struct ip_mc_list *im = NULL; 2757 struct igmp_mc_iter_state *state = igmp_mc_seq_private(seq); 2758 2759 state->in_dev = NULL; 2760 for_each_netdev_rcu(net, state->dev) { 2761 struct in_device *in_dev; 2762 2763 in_dev = __in_dev_get_rcu(state->dev); 2764 if (!in_dev) 2765 continue; 2766 im = rcu_dereference(in_dev->mc_list); 2767 if (im) { 2768 state->in_dev = in_dev; 2769 break; 2770 } 2771 } 2772 return im; 2773 } 2774 2775 static struct ip_mc_list *igmp_mc_get_next(struct seq_file *seq, struct ip_mc_list *im) 2776 { 2777 struct igmp_mc_iter_state *state = igmp_mc_seq_private(seq); 2778 2779 im = rcu_dereference(im->next_rcu); 2780 while (!im) { 2781 state->dev = next_net_device_rcu(state->dev); 2782 if (!state->dev) { 2783 state->in_dev = NULL; 2784 break; 2785 } 2786 state->in_dev = __in_dev_get_rcu(state->dev); 2787 if (!state->in_dev) 2788 continue; 2789 im = rcu_dereference(state->in_dev->mc_list); 2790 } 2791 return im; 2792 } 2793 2794 static struct ip_mc_list *igmp_mc_get_idx(struct seq_file *seq, loff_t pos) 2795 { 2796 struct ip_mc_list *im = igmp_mc_get_first(seq); 2797 if (im) 2798 while (pos && (im = igmp_mc_get_next(seq, im)) != NULL) 2799 --pos; 2800 return pos ? NULL : im; 2801 } 2802 2803 static void *igmp_mc_seq_start(struct seq_file *seq, loff_t *pos) 2804 __acquires(rcu) 2805 { 2806 rcu_read_lock(); 2807 return *pos ? igmp_mc_get_idx(seq, *pos - 1) : SEQ_START_TOKEN; 2808 } 2809 2810 static void *igmp_mc_seq_next(struct seq_file *seq, void *v, loff_t *pos) 2811 { 2812 struct ip_mc_list *im; 2813 if (v == SEQ_START_TOKEN) 2814 im = igmp_mc_get_first(seq); 2815 else 2816 im = igmp_mc_get_next(seq, v); 2817 ++*pos; 2818 return im; 2819 } 2820 2821 static void igmp_mc_seq_stop(struct seq_file *seq, void *v) 2822 __releases(rcu) 2823 { 2824 struct igmp_mc_iter_state *state = igmp_mc_seq_private(seq); 2825 2826 state->in_dev = NULL; 2827 state->dev = NULL; 2828 rcu_read_unlock(); 2829 } 2830 2831 static int igmp_mc_seq_show(struct seq_file *seq, void *v) 2832 { 2833 if (v == SEQ_START_TOKEN) 2834 seq_puts(seq, 2835 "Idx\tDevice : Count Querier\tGroup Users Timer\tReporter\n"); 2836 else { 2837 struct ip_mc_list *im = (struct ip_mc_list *)v; 2838 struct igmp_mc_iter_state *state = igmp_mc_seq_private(seq); 2839 char *querier; 2840 long delta; 2841 2842 #ifdef CONFIG_IP_MULTICAST 2843 querier = IGMP_V1_SEEN(state->in_dev) ? "V1" : 2844 IGMP_V2_SEEN(state->in_dev) ? "V2" : 2845 "V3"; 2846 #else 2847 querier = "NONE"; 2848 #endif 2849 2850 if (rcu_access_pointer(state->in_dev->mc_list) == im) { 2851 seq_printf(seq, "%d\t%-10s: %5d %7s\n", 2852 state->dev->ifindex, state->dev->name, state->in_dev->mc_count, querier); 2853 } 2854 2855 delta = im->timer.expires - jiffies; 2856 seq_printf(seq, 2857 "\t\t\t\t%08X %5d %d:%08lX\t\t%d\n", 2858 im->multiaddr, im->users, 2859 im->tm_running, 2860 im->tm_running ? jiffies_delta_to_clock_t(delta) : 0, 2861 im->reporter); 2862 } 2863 return 0; 2864 } 2865 2866 static const struct seq_operations igmp_mc_seq_ops = { 2867 .start = igmp_mc_seq_start, 2868 .next = igmp_mc_seq_next, 2869 .stop = igmp_mc_seq_stop, 2870 .show = igmp_mc_seq_show, 2871 }; 2872 2873 struct igmp_mcf_iter_state { 2874 struct seq_net_private p; 2875 struct net_device *dev; 2876 struct in_device *idev; 2877 struct ip_mc_list *im; 2878 }; 2879 2880 #define igmp_mcf_seq_private(seq) ((struct igmp_mcf_iter_state *)(seq)->private) 2881 2882 static inline struct ip_sf_list *igmp_mcf_get_first(struct seq_file *seq) 2883 { 2884 struct net *net = seq_file_net(seq); 2885 struct ip_sf_list *psf = NULL; 2886 struct ip_mc_list *im = NULL; 2887 struct igmp_mcf_iter_state *state = igmp_mcf_seq_private(seq); 2888 2889 state->idev = NULL; 2890 state->im = NULL; 2891 for_each_netdev_rcu(net, state->dev) { 2892 struct in_device *idev; 2893 idev = __in_dev_get_rcu(state->dev); 2894 if (unlikely(!idev)) 2895 continue; 2896 im = rcu_dereference(idev->mc_list); 2897 if (likely(im)) { 2898 spin_lock_bh(&im->lock); 2899 psf = im->sources; 2900 if (likely(psf)) { 2901 state->im = im; 2902 state->idev = idev; 2903 break; 2904 } 2905 spin_unlock_bh(&im->lock); 2906 } 2907 } 2908 return psf; 2909 } 2910 2911 static struct ip_sf_list *igmp_mcf_get_next(struct seq_file *seq, struct ip_sf_list *psf) 2912 { 2913 struct igmp_mcf_iter_state *state = igmp_mcf_seq_private(seq); 2914 2915 psf = psf->sf_next; 2916 while (!psf) { 2917 spin_unlock_bh(&state->im->lock); 2918 state->im = state->im->next; 2919 while (!state->im) { 2920 state->dev = next_net_device_rcu(state->dev); 2921 if (!state->dev) { 2922 state->idev = NULL; 2923 goto out; 2924 } 2925 state->idev = __in_dev_get_rcu(state->dev); 2926 if (!state->idev) 2927 continue; 2928 state->im = rcu_dereference(state->idev->mc_list); 2929 } 2930 if (!state->im) 2931 break; 2932 spin_lock_bh(&state->im->lock); 2933 psf = state->im->sources; 2934 } 2935 out: 2936 return psf; 2937 } 2938 2939 static struct ip_sf_list *igmp_mcf_get_idx(struct seq_file *seq, loff_t pos) 2940 { 2941 struct ip_sf_list *psf = igmp_mcf_get_first(seq); 2942 if (psf) 2943 while (pos && (psf = igmp_mcf_get_next(seq, psf)) != NULL) 2944 --pos; 2945 return pos ? NULL : psf; 2946 } 2947 2948 static void *igmp_mcf_seq_start(struct seq_file *seq, loff_t *pos) 2949 __acquires(rcu) 2950 { 2951 rcu_read_lock(); 2952 return *pos ? igmp_mcf_get_idx(seq, *pos - 1) : SEQ_START_TOKEN; 2953 } 2954 2955 static void *igmp_mcf_seq_next(struct seq_file *seq, void *v, loff_t *pos) 2956 { 2957 struct ip_sf_list *psf; 2958 if (v == SEQ_START_TOKEN) 2959 psf = igmp_mcf_get_first(seq); 2960 else 2961 psf = igmp_mcf_get_next(seq, v); 2962 ++*pos; 2963 return psf; 2964 } 2965 2966 static void igmp_mcf_seq_stop(struct seq_file *seq, void *v) 2967 __releases(rcu) 2968 { 2969 struct igmp_mcf_iter_state *state = igmp_mcf_seq_private(seq); 2970 if (likely(state->im)) { 2971 spin_unlock_bh(&state->im->lock); 2972 state->im = NULL; 2973 } 2974 state->idev = NULL; 2975 state->dev = NULL; 2976 rcu_read_unlock(); 2977 } 2978 2979 static int igmp_mcf_seq_show(struct seq_file *seq, void *v) 2980 { 2981 struct ip_sf_list *psf = (struct ip_sf_list *)v; 2982 struct igmp_mcf_iter_state *state = igmp_mcf_seq_private(seq); 2983 2984 if (v == SEQ_START_TOKEN) { 2985 seq_puts(seq, "Idx Device MCA SRC INC EXC\n"); 2986 } else { 2987 seq_printf(seq, 2988 "%3d %6.6s 0x%08x " 2989 "0x%08x %6lu %6lu\n", 2990 state->dev->ifindex, state->dev->name, 2991 ntohl(state->im->multiaddr), 2992 ntohl(psf->sf_inaddr), 2993 psf->sf_count[MCAST_INCLUDE], 2994 psf->sf_count[MCAST_EXCLUDE]); 2995 } 2996 return 0; 2997 } 2998 2999 static const struct seq_operations igmp_mcf_seq_ops = { 3000 .start = igmp_mcf_seq_start, 3001 .next = igmp_mcf_seq_next, 3002 .stop = igmp_mcf_seq_stop, 3003 .show = igmp_mcf_seq_show, 3004 }; 3005 3006 static int __net_init igmp_net_init(struct net *net) 3007 { 3008 struct proc_dir_entry *pde; 3009 int err; 3010 3011 pde = proc_create_net("igmp", 0444, net->proc_net, &igmp_mc_seq_ops, 3012 sizeof(struct igmp_mc_iter_state)); 3013 if (!pde) 3014 goto out_igmp; 3015 pde = proc_create_net("mcfilter", 0444, net->proc_net, 3016 &igmp_mcf_seq_ops, sizeof(struct igmp_mcf_iter_state)); 3017 if (!pde) 3018 goto out_mcfilter; 3019 err = inet_ctl_sock_create(&net->ipv4.mc_autojoin_sk, AF_INET, 3020 SOCK_DGRAM, 0, net); 3021 if (err < 0) { 3022 pr_err("Failed to initialize the IGMP autojoin socket (err %d)\n", 3023 err); 3024 goto out_sock; 3025 } 3026 3027 return 0; 3028 3029 out_sock: 3030 remove_proc_entry("mcfilter", net->proc_net); 3031 out_mcfilter: 3032 remove_proc_entry("igmp", net->proc_net); 3033 out_igmp: 3034 return -ENOMEM; 3035 } 3036 3037 static void __net_exit igmp_net_exit(struct net *net) 3038 { 3039 remove_proc_entry("mcfilter", net->proc_net); 3040 remove_proc_entry("igmp", net->proc_net); 3041 inet_ctl_sock_destroy(net->ipv4.mc_autojoin_sk); 3042 } 3043 3044 static struct pernet_operations igmp_net_ops = { 3045 .init = igmp_net_init, 3046 .exit = igmp_net_exit, 3047 }; 3048 #endif 3049 3050 static int igmp_netdev_event(struct notifier_block *this, 3051 unsigned long event, void *ptr) 3052 { 3053 struct net_device *dev = netdev_notifier_info_to_dev(ptr); 3054 struct in_device *in_dev; 3055 3056 switch (event) { 3057 case NETDEV_RESEND_IGMP: 3058 in_dev = __in_dev_get_rtnl(dev); 3059 if (in_dev) 3060 ip_mc_rejoin_groups(in_dev); 3061 break; 3062 default: 3063 break; 3064 } 3065 return NOTIFY_DONE; 3066 } 3067 3068 static struct notifier_block igmp_notifier = { 3069 .notifier_call = igmp_netdev_event, 3070 }; 3071 3072 int __init igmp_mc_init(void) 3073 { 3074 #if defined(CONFIG_PROC_FS) 3075 int err; 3076 3077 err = register_pernet_subsys(&igmp_net_ops); 3078 if (err) 3079 return err; 3080 err = register_netdevice_notifier(&igmp_notifier); 3081 if (err) 3082 goto reg_notif_fail; 3083 return 0; 3084 3085 reg_notif_fail: 3086 unregister_pernet_subsys(&igmp_net_ops); 3087 return err; 3088 #else 3089 return register_netdevice_notifier(&igmp_notifier); 3090 #endif 3091 } 3092