1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * Linux NET3: Internet Group Management Protocol [IGMP] 4 * 5 * This code implements the IGMP protocol as defined in RFC1112. There has 6 * been a further revision of this protocol since which is now supported. 7 * 8 * If you have trouble with this module be careful what gcc you have used, 9 * the older version didn't come out right using gcc 2.5.8, the newer one 10 * seems to fall out with gcc 2.6.2. 11 * 12 * Authors: 13 * Alan Cox <alan@lxorguk.ukuu.org.uk> 14 * 15 * Fixes: 16 * 17 * Alan Cox : Added lots of __inline__ to optimise 18 * the memory usage of all the tiny little 19 * functions. 20 * Alan Cox : Dumped the header building experiment. 21 * Alan Cox : Minor tweaks ready for multicast routing 22 * and extended IGMP protocol. 23 * Alan Cox : Removed a load of inline directives. Gcc 2.5.8 24 * writes utterly bogus code otherwise (sigh) 25 * fixed IGMP loopback to behave in the manner 26 * desired by mrouted, fixed the fact it has been 27 * broken since 1.3.6 and cleaned up a few minor 28 * points. 29 * 30 * Chih-Jen Chang : Tried to revise IGMP to Version 2 31 * Tsu-Sheng Tsao E-mail: chihjenc@scf.usc.edu and tsusheng@scf.usc.edu 32 * The enhancements are mainly based on Steve Deering's 33 * ipmulti-3.5 source code. 34 * Chih-Jen Chang : Added the igmp_get_mrouter_info and 35 * Tsu-Sheng Tsao igmp_set_mrouter_info to keep track of 36 * the mrouted version on that device. 37 * Chih-Jen Chang : Added the max_resp_time parameter to 38 * Tsu-Sheng Tsao igmp_heard_query(). Using this parameter 39 * to identify the multicast router version 40 * and do what the IGMP version 2 specified. 41 * Chih-Jen Chang : Added a timer to revert to IGMP V2 router 42 * Tsu-Sheng Tsao if the specified time expired. 43 * Alan Cox : Stop IGMP from 0.0.0.0 being accepted. 44 * Alan Cox : Use GFP_ATOMIC in the right places. 45 * Christian Daudt : igmp timer wasn't set for local group 46 * memberships but was being deleted, 47 * which caused a "del_timer() called 48 * from %p with timer not initialized\n" 49 * message (960131). 50 * Christian Daudt : removed del_timer from 51 * igmp_timer_expire function (960205). 52 * Christian Daudt : igmp_heard_report now only calls 53 * igmp_timer_expire if tm->running is 54 * true (960216). 55 * Malcolm Beattie : ttl comparison wrong in igmp_rcv made 56 * igmp_heard_query never trigger. Expiry 57 * miscalculation fixed in igmp_heard_query 58 * and random() made to return unsigned to 59 * prevent negative expiry times. 60 * Alexey Kuznetsov: Wrong group leaving behaviour, backport 61 * fix from pending 2.1.x patches. 62 * Alan Cox: Forget to enable FDDI support earlier. 63 * Alexey Kuznetsov: Fixed leaving groups on device down. 64 * Alexey Kuznetsov: Accordance to igmp-v2-06 draft. 65 * David L Stevens: IGMPv3 support, with help from 66 * Vinay Kulkarni 67 */ 68 69 #include <linux/module.h> 70 #include <linux/slab.h> 71 #include <linux/uaccess.h> 72 #include <linux/types.h> 73 #include <linux/kernel.h> 74 #include <linux/jiffies.h> 75 #include <linux/string.h> 76 #include <linux/socket.h> 77 #include <linux/sockios.h> 78 #include <linux/in.h> 79 #include <linux/inet.h> 80 #include <linux/netdevice.h> 81 #include <linux/skbuff.h> 82 #include <linux/inetdevice.h> 83 #include <linux/igmp.h> 84 #include <linux/if_arp.h> 85 #include <linux/rtnetlink.h> 86 #include <linux/times.h> 87 #include <linux/pkt_sched.h> 88 #include <linux/byteorder/generic.h> 89 90 #include <net/net_namespace.h> 91 #include <net/arp.h> 92 #include <net/ip.h> 93 #include <net/protocol.h> 94 #include <net/route.h> 95 #include <net/sock.h> 96 #include <net/checksum.h> 97 #include <net/inet_common.h> 98 #include <linux/netfilter_ipv4.h> 99 #ifdef CONFIG_IP_MROUTE 100 #include <linux/mroute.h> 101 #endif 102 #ifdef CONFIG_PROC_FS 103 #include <linux/proc_fs.h> 104 #include <linux/seq_file.h> 105 #endif 106 107 #ifdef CONFIG_IP_MULTICAST 108 /* Parameter names and values are taken from igmp-v2-06 draft */ 109 110 #define IGMP_V2_UNSOLICITED_REPORT_INTERVAL (10*HZ) 111 #define IGMP_V3_UNSOLICITED_REPORT_INTERVAL (1*HZ) 112 #define IGMP_QUERY_INTERVAL (125*HZ) 113 #define IGMP_QUERY_RESPONSE_INTERVAL (10*HZ) 114 115 #define IGMP_INITIAL_REPORT_DELAY (1) 116 117 /* IGMP_INITIAL_REPORT_DELAY is not from IGMP specs! 118 * IGMP specs require to report membership immediately after 119 * joining a group, but we delay the first report by a 120 * small interval. It seems more natural and still does not 121 * contradict to specs provided this delay is small enough. 122 */ 123 124 #define IGMP_V1_SEEN(in_dev) \ 125 (IPV4_DEVCONF_ALL(dev_net(in_dev->dev), FORCE_IGMP_VERSION) == 1 || \ 126 IN_DEV_CONF_GET((in_dev), FORCE_IGMP_VERSION) == 1 || \ 127 ((in_dev)->mr_v1_seen && \ 128 time_before(jiffies, (in_dev)->mr_v1_seen))) 129 #define IGMP_V2_SEEN(in_dev) \ 130 (IPV4_DEVCONF_ALL(dev_net(in_dev->dev), FORCE_IGMP_VERSION) == 2 || \ 131 IN_DEV_CONF_GET((in_dev), FORCE_IGMP_VERSION) == 2 || \ 132 ((in_dev)->mr_v2_seen && \ 133 time_before(jiffies, (in_dev)->mr_v2_seen))) 134 135 static int unsolicited_report_interval(struct in_device *in_dev) 136 { 137 int interval_ms, interval_jiffies; 138 139 if (IGMP_V1_SEEN(in_dev) || IGMP_V2_SEEN(in_dev)) 140 interval_ms = IN_DEV_CONF_GET( 141 in_dev, 142 IGMPV2_UNSOLICITED_REPORT_INTERVAL); 143 else /* v3 */ 144 interval_ms = IN_DEV_CONF_GET( 145 in_dev, 146 IGMPV3_UNSOLICITED_REPORT_INTERVAL); 147 148 interval_jiffies = msecs_to_jiffies(interval_ms); 149 150 /* _timer functions can't handle a delay of 0 jiffies so ensure 151 * we always return a positive value. 152 */ 153 if (interval_jiffies <= 0) 154 interval_jiffies = 1; 155 return interval_jiffies; 156 } 157 158 static void igmpv3_add_delrec(struct in_device *in_dev, struct ip_mc_list *im, 159 gfp_t gfp); 160 static void igmpv3_del_delrec(struct in_device *in_dev, struct ip_mc_list *im); 161 static void igmpv3_clear_delrec(struct in_device *in_dev); 162 static int sf_setstate(struct ip_mc_list *pmc); 163 static void sf_markstate(struct ip_mc_list *pmc); 164 #endif 165 static void ip_mc_clear_src(struct ip_mc_list *pmc); 166 static int ip_mc_add_src(struct in_device *in_dev, __be32 *pmca, int sfmode, 167 int sfcount, __be32 *psfsrc, int delta); 168 169 static void ip_ma_put(struct ip_mc_list *im) 170 { 171 if (refcount_dec_and_test(&im->refcnt)) { 172 in_dev_put(im->interface); 173 kfree_rcu(im, rcu); 174 } 175 } 176 177 #define for_each_pmc_rcu(in_dev, pmc) \ 178 for (pmc = rcu_dereference(in_dev->mc_list); \ 179 pmc != NULL; \ 180 pmc = rcu_dereference(pmc->next_rcu)) 181 182 #define for_each_pmc_rtnl(in_dev, pmc) \ 183 for (pmc = rtnl_dereference(in_dev->mc_list); \ 184 pmc != NULL; \ 185 pmc = rtnl_dereference(pmc->next_rcu)) 186 187 static void ip_sf_list_clear_all(struct ip_sf_list *psf) 188 { 189 struct ip_sf_list *next; 190 191 while (psf) { 192 next = psf->sf_next; 193 kfree(psf); 194 psf = next; 195 } 196 } 197 198 #ifdef CONFIG_IP_MULTICAST 199 200 /* 201 * Timer management 202 */ 203 204 static void igmp_stop_timer(struct ip_mc_list *im) 205 { 206 spin_lock_bh(&im->lock); 207 if (del_timer(&im->timer)) 208 refcount_dec(&im->refcnt); 209 im->tm_running = 0; 210 im->reporter = 0; 211 im->unsolicit_count = 0; 212 spin_unlock_bh(&im->lock); 213 } 214 215 /* It must be called with locked im->lock */ 216 static void igmp_start_timer(struct ip_mc_list *im, int max_delay) 217 { 218 int tv = prandom_u32() % max_delay; 219 220 im->tm_running = 1; 221 if (!mod_timer(&im->timer, jiffies+tv+2)) 222 refcount_inc(&im->refcnt); 223 } 224 225 static void igmp_gq_start_timer(struct in_device *in_dev) 226 { 227 int tv = prandom_u32() % in_dev->mr_maxdelay; 228 unsigned long exp = jiffies + tv + 2; 229 230 if (in_dev->mr_gq_running && 231 time_after_eq(exp, (in_dev->mr_gq_timer).expires)) 232 return; 233 234 in_dev->mr_gq_running = 1; 235 if (!mod_timer(&in_dev->mr_gq_timer, exp)) 236 in_dev_hold(in_dev); 237 } 238 239 static void igmp_ifc_start_timer(struct in_device *in_dev, int delay) 240 { 241 int tv = prandom_u32() % delay; 242 243 if (!mod_timer(&in_dev->mr_ifc_timer, jiffies+tv+2)) 244 in_dev_hold(in_dev); 245 } 246 247 static void igmp_mod_timer(struct ip_mc_list *im, int max_delay) 248 { 249 spin_lock_bh(&im->lock); 250 im->unsolicit_count = 0; 251 if (del_timer(&im->timer)) { 252 if ((long)(im->timer.expires-jiffies) < max_delay) { 253 add_timer(&im->timer); 254 im->tm_running = 1; 255 spin_unlock_bh(&im->lock); 256 return; 257 } 258 refcount_dec(&im->refcnt); 259 } 260 igmp_start_timer(im, max_delay); 261 spin_unlock_bh(&im->lock); 262 } 263 264 265 /* 266 * Send an IGMP report. 267 */ 268 269 #define IGMP_SIZE (sizeof(struct igmphdr)+sizeof(struct iphdr)+4) 270 271 272 static int is_in(struct ip_mc_list *pmc, struct ip_sf_list *psf, int type, 273 int gdeleted, int sdeleted) 274 { 275 switch (type) { 276 case IGMPV3_MODE_IS_INCLUDE: 277 case IGMPV3_MODE_IS_EXCLUDE: 278 if (gdeleted || sdeleted) 279 return 0; 280 if (!(pmc->gsquery && !psf->sf_gsresp)) { 281 if (pmc->sfmode == MCAST_INCLUDE) 282 return 1; 283 /* don't include if this source is excluded 284 * in all filters 285 */ 286 if (psf->sf_count[MCAST_INCLUDE]) 287 return type == IGMPV3_MODE_IS_INCLUDE; 288 return pmc->sfcount[MCAST_EXCLUDE] == 289 psf->sf_count[MCAST_EXCLUDE]; 290 } 291 return 0; 292 case IGMPV3_CHANGE_TO_INCLUDE: 293 if (gdeleted || sdeleted) 294 return 0; 295 return psf->sf_count[MCAST_INCLUDE] != 0; 296 case IGMPV3_CHANGE_TO_EXCLUDE: 297 if (gdeleted || sdeleted) 298 return 0; 299 if (pmc->sfcount[MCAST_EXCLUDE] == 0 || 300 psf->sf_count[MCAST_INCLUDE]) 301 return 0; 302 return pmc->sfcount[MCAST_EXCLUDE] == 303 psf->sf_count[MCAST_EXCLUDE]; 304 case IGMPV3_ALLOW_NEW_SOURCES: 305 if (gdeleted || !psf->sf_crcount) 306 return 0; 307 return (pmc->sfmode == MCAST_INCLUDE) ^ sdeleted; 308 case IGMPV3_BLOCK_OLD_SOURCES: 309 if (pmc->sfmode == MCAST_INCLUDE) 310 return gdeleted || (psf->sf_crcount && sdeleted); 311 return psf->sf_crcount && !gdeleted && !sdeleted; 312 } 313 return 0; 314 } 315 316 static int 317 igmp_scount(struct ip_mc_list *pmc, int type, int gdeleted, int sdeleted) 318 { 319 struct ip_sf_list *psf; 320 int scount = 0; 321 322 for (psf = pmc->sources; psf; psf = psf->sf_next) { 323 if (!is_in(pmc, psf, type, gdeleted, sdeleted)) 324 continue; 325 scount++; 326 } 327 return scount; 328 } 329 330 /* source address selection per RFC 3376 section 4.2.13 */ 331 static __be32 igmpv3_get_srcaddr(struct net_device *dev, 332 const struct flowi4 *fl4) 333 { 334 struct in_device *in_dev = __in_dev_get_rcu(dev); 335 const struct in_ifaddr *ifa; 336 337 if (!in_dev) 338 return htonl(INADDR_ANY); 339 340 in_dev_for_each_ifa_rcu(ifa, in_dev) { 341 if (fl4->saddr == ifa->ifa_local) 342 return fl4->saddr; 343 } 344 345 return htonl(INADDR_ANY); 346 } 347 348 static struct sk_buff *igmpv3_newpack(struct net_device *dev, unsigned int mtu) 349 { 350 struct sk_buff *skb; 351 struct rtable *rt; 352 struct iphdr *pip; 353 struct igmpv3_report *pig; 354 struct net *net = dev_net(dev); 355 struct flowi4 fl4; 356 int hlen = LL_RESERVED_SPACE(dev); 357 int tlen = dev->needed_tailroom; 358 unsigned int size = mtu; 359 360 while (1) { 361 skb = alloc_skb(size + hlen + tlen, 362 GFP_ATOMIC | __GFP_NOWARN); 363 if (skb) 364 break; 365 size >>= 1; 366 if (size < 256) 367 return NULL; 368 } 369 skb->priority = TC_PRIO_CONTROL; 370 371 rt = ip_route_output_ports(net, &fl4, NULL, IGMPV3_ALL_MCR, 0, 372 0, 0, 373 IPPROTO_IGMP, 0, dev->ifindex); 374 if (IS_ERR(rt)) { 375 kfree_skb(skb); 376 return NULL; 377 } 378 379 skb_dst_set(skb, &rt->dst); 380 skb->dev = dev; 381 382 skb_reserve(skb, hlen); 383 skb_tailroom_reserve(skb, mtu, tlen); 384 385 skb_reset_network_header(skb); 386 pip = ip_hdr(skb); 387 skb_put(skb, sizeof(struct iphdr) + 4); 388 389 pip->version = 4; 390 pip->ihl = (sizeof(struct iphdr)+4)>>2; 391 pip->tos = 0xc0; 392 pip->frag_off = htons(IP_DF); 393 pip->ttl = 1; 394 pip->daddr = fl4.daddr; 395 396 rcu_read_lock(); 397 pip->saddr = igmpv3_get_srcaddr(dev, &fl4); 398 rcu_read_unlock(); 399 400 pip->protocol = IPPROTO_IGMP; 401 pip->tot_len = 0; /* filled in later */ 402 ip_select_ident(net, skb, NULL); 403 ((u8 *)&pip[1])[0] = IPOPT_RA; 404 ((u8 *)&pip[1])[1] = 4; 405 ((u8 *)&pip[1])[2] = 0; 406 ((u8 *)&pip[1])[3] = 0; 407 408 skb->transport_header = skb->network_header + sizeof(struct iphdr) + 4; 409 skb_put(skb, sizeof(*pig)); 410 pig = igmpv3_report_hdr(skb); 411 pig->type = IGMPV3_HOST_MEMBERSHIP_REPORT; 412 pig->resv1 = 0; 413 pig->csum = 0; 414 pig->resv2 = 0; 415 pig->ngrec = 0; 416 return skb; 417 } 418 419 static int igmpv3_sendpack(struct sk_buff *skb) 420 { 421 struct igmphdr *pig = igmp_hdr(skb); 422 const int igmplen = skb_tail_pointer(skb) - skb_transport_header(skb); 423 424 pig->csum = ip_compute_csum(igmp_hdr(skb), igmplen); 425 426 return ip_local_out(dev_net(skb_dst(skb)->dev), skb->sk, skb); 427 } 428 429 static int grec_size(struct ip_mc_list *pmc, int type, int gdel, int sdel) 430 { 431 return sizeof(struct igmpv3_grec) + 4*igmp_scount(pmc, type, gdel, sdel); 432 } 433 434 static struct sk_buff *add_grhead(struct sk_buff *skb, struct ip_mc_list *pmc, 435 int type, struct igmpv3_grec **ppgr, unsigned int mtu) 436 { 437 struct net_device *dev = pmc->interface->dev; 438 struct igmpv3_report *pih; 439 struct igmpv3_grec *pgr; 440 441 if (!skb) { 442 skb = igmpv3_newpack(dev, mtu); 443 if (!skb) 444 return NULL; 445 } 446 pgr = skb_put(skb, sizeof(struct igmpv3_grec)); 447 pgr->grec_type = type; 448 pgr->grec_auxwords = 0; 449 pgr->grec_nsrcs = 0; 450 pgr->grec_mca = pmc->multiaddr; 451 pih = igmpv3_report_hdr(skb); 452 pih->ngrec = htons(ntohs(pih->ngrec)+1); 453 *ppgr = pgr; 454 return skb; 455 } 456 457 #define AVAILABLE(skb) ((skb) ? skb_availroom(skb) : 0) 458 459 static struct sk_buff *add_grec(struct sk_buff *skb, struct ip_mc_list *pmc, 460 int type, int gdeleted, int sdeleted) 461 { 462 struct net_device *dev = pmc->interface->dev; 463 struct net *net = dev_net(dev); 464 struct igmpv3_report *pih; 465 struct igmpv3_grec *pgr = NULL; 466 struct ip_sf_list *psf, *psf_next, *psf_prev, **psf_list; 467 int scount, stotal, first, isquery, truncate; 468 unsigned int mtu; 469 470 if (pmc->multiaddr == IGMP_ALL_HOSTS) 471 return skb; 472 if (ipv4_is_local_multicast(pmc->multiaddr) && !net->ipv4.sysctl_igmp_llm_reports) 473 return skb; 474 475 mtu = READ_ONCE(dev->mtu); 476 if (mtu < IPV4_MIN_MTU) 477 return skb; 478 479 isquery = type == IGMPV3_MODE_IS_INCLUDE || 480 type == IGMPV3_MODE_IS_EXCLUDE; 481 truncate = type == IGMPV3_MODE_IS_EXCLUDE || 482 type == IGMPV3_CHANGE_TO_EXCLUDE; 483 484 stotal = scount = 0; 485 486 psf_list = sdeleted ? &pmc->tomb : &pmc->sources; 487 488 if (!*psf_list) 489 goto empty_source; 490 491 pih = skb ? igmpv3_report_hdr(skb) : NULL; 492 493 /* EX and TO_EX get a fresh packet, if needed */ 494 if (truncate) { 495 if (pih && pih->ngrec && 496 AVAILABLE(skb) < grec_size(pmc, type, gdeleted, sdeleted)) { 497 if (skb) 498 igmpv3_sendpack(skb); 499 skb = igmpv3_newpack(dev, mtu); 500 } 501 } 502 first = 1; 503 psf_prev = NULL; 504 for (psf = *psf_list; psf; psf = psf_next) { 505 __be32 *psrc; 506 507 psf_next = psf->sf_next; 508 509 if (!is_in(pmc, psf, type, gdeleted, sdeleted)) { 510 psf_prev = psf; 511 continue; 512 } 513 514 /* Based on RFC3376 5.1. Should not send source-list change 515 * records when there is a filter mode change. 516 */ 517 if (((gdeleted && pmc->sfmode == MCAST_EXCLUDE) || 518 (!gdeleted && pmc->crcount)) && 519 (type == IGMPV3_ALLOW_NEW_SOURCES || 520 type == IGMPV3_BLOCK_OLD_SOURCES) && psf->sf_crcount) 521 goto decrease_sf_crcount; 522 523 /* clear marks on query responses */ 524 if (isquery) 525 psf->sf_gsresp = 0; 526 527 if (AVAILABLE(skb) < sizeof(__be32) + 528 first*sizeof(struct igmpv3_grec)) { 529 if (truncate && !first) 530 break; /* truncate these */ 531 if (pgr) 532 pgr->grec_nsrcs = htons(scount); 533 if (skb) 534 igmpv3_sendpack(skb); 535 skb = igmpv3_newpack(dev, mtu); 536 first = 1; 537 scount = 0; 538 } 539 if (first) { 540 skb = add_grhead(skb, pmc, type, &pgr, mtu); 541 first = 0; 542 } 543 if (!skb) 544 return NULL; 545 psrc = skb_put(skb, sizeof(__be32)); 546 *psrc = psf->sf_inaddr; 547 scount++; stotal++; 548 if ((type == IGMPV3_ALLOW_NEW_SOURCES || 549 type == IGMPV3_BLOCK_OLD_SOURCES) && psf->sf_crcount) { 550 decrease_sf_crcount: 551 psf->sf_crcount--; 552 if ((sdeleted || gdeleted) && psf->sf_crcount == 0) { 553 if (psf_prev) 554 psf_prev->sf_next = psf->sf_next; 555 else 556 *psf_list = psf->sf_next; 557 kfree(psf); 558 continue; 559 } 560 } 561 psf_prev = psf; 562 } 563 564 empty_source: 565 if (!stotal) { 566 if (type == IGMPV3_ALLOW_NEW_SOURCES || 567 type == IGMPV3_BLOCK_OLD_SOURCES) 568 return skb; 569 if (pmc->crcount || isquery) { 570 /* make sure we have room for group header */ 571 if (skb && AVAILABLE(skb) < sizeof(struct igmpv3_grec)) { 572 igmpv3_sendpack(skb); 573 skb = NULL; /* add_grhead will get a new one */ 574 } 575 skb = add_grhead(skb, pmc, type, &pgr, mtu); 576 } 577 } 578 if (pgr) 579 pgr->grec_nsrcs = htons(scount); 580 581 if (isquery) 582 pmc->gsquery = 0; /* clear query state on report */ 583 return skb; 584 } 585 586 static int igmpv3_send_report(struct in_device *in_dev, struct ip_mc_list *pmc) 587 { 588 struct sk_buff *skb = NULL; 589 struct net *net = dev_net(in_dev->dev); 590 int type; 591 592 if (!pmc) { 593 rcu_read_lock(); 594 for_each_pmc_rcu(in_dev, pmc) { 595 if (pmc->multiaddr == IGMP_ALL_HOSTS) 596 continue; 597 if (ipv4_is_local_multicast(pmc->multiaddr) && 598 !net->ipv4.sysctl_igmp_llm_reports) 599 continue; 600 spin_lock_bh(&pmc->lock); 601 if (pmc->sfcount[MCAST_EXCLUDE]) 602 type = IGMPV3_MODE_IS_EXCLUDE; 603 else 604 type = IGMPV3_MODE_IS_INCLUDE; 605 skb = add_grec(skb, pmc, type, 0, 0); 606 spin_unlock_bh(&pmc->lock); 607 } 608 rcu_read_unlock(); 609 } else { 610 spin_lock_bh(&pmc->lock); 611 if (pmc->sfcount[MCAST_EXCLUDE]) 612 type = IGMPV3_MODE_IS_EXCLUDE; 613 else 614 type = IGMPV3_MODE_IS_INCLUDE; 615 skb = add_grec(skb, pmc, type, 0, 0); 616 spin_unlock_bh(&pmc->lock); 617 } 618 if (!skb) 619 return 0; 620 return igmpv3_sendpack(skb); 621 } 622 623 /* 624 * remove zero-count source records from a source filter list 625 */ 626 static void igmpv3_clear_zeros(struct ip_sf_list **ppsf) 627 { 628 struct ip_sf_list *psf_prev, *psf_next, *psf; 629 630 psf_prev = NULL; 631 for (psf = *ppsf; psf; psf = psf_next) { 632 psf_next = psf->sf_next; 633 if (psf->sf_crcount == 0) { 634 if (psf_prev) 635 psf_prev->sf_next = psf->sf_next; 636 else 637 *ppsf = psf->sf_next; 638 kfree(psf); 639 } else 640 psf_prev = psf; 641 } 642 } 643 644 static void kfree_pmc(struct ip_mc_list *pmc) 645 { 646 ip_sf_list_clear_all(pmc->sources); 647 ip_sf_list_clear_all(pmc->tomb); 648 kfree(pmc); 649 } 650 651 static void igmpv3_send_cr(struct in_device *in_dev) 652 { 653 struct ip_mc_list *pmc, *pmc_prev, *pmc_next; 654 struct sk_buff *skb = NULL; 655 int type, dtype; 656 657 rcu_read_lock(); 658 spin_lock_bh(&in_dev->mc_tomb_lock); 659 660 /* deleted MCA's */ 661 pmc_prev = NULL; 662 for (pmc = in_dev->mc_tomb; pmc; pmc = pmc_next) { 663 pmc_next = pmc->next; 664 if (pmc->sfmode == MCAST_INCLUDE) { 665 type = IGMPV3_BLOCK_OLD_SOURCES; 666 dtype = IGMPV3_BLOCK_OLD_SOURCES; 667 skb = add_grec(skb, pmc, type, 1, 0); 668 skb = add_grec(skb, pmc, dtype, 1, 1); 669 } 670 if (pmc->crcount) { 671 if (pmc->sfmode == MCAST_EXCLUDE) { 672 type = IGMPV3_CHANGE_TO_INCLUDE; 673 skb = add_grec(skb, pmc, type, 1, 0); 674 } 675 pmc->crcount--; 676 if (pmc->crcount == 0) { 677 igmpv3_clear_zeros(&pmc->tomb); 678 igmpv3_clear_zeros(&pmc->sources); 679 } 680 } 681 if (pmc->crcount == 0 && !pmc->tomb && !pmc->sources) { 682 if (pmc_prev) 683 pmc_prev->next = pmc_next; 684 else 685 in_dev->mc_tomb = pmc_next; 686 in_dev_put(pmc->interface); 687 kfree_pmc(pmc); 688 } else 689 pmc_prev = pmc; 690 } 691 spin_unlock_bh(&in_dev->mc_tomb_lock); 692 693 /* change recs */ 694 for_each_pmc_rcu(in_dev, pmc) { 695 spin_lock_bh(&pmc->lock); 696 if (pmc->sfcount[MCAST_EXCLUDE]) { 697 type = IGMPV3_BLOCK_OLD_SOURCES; 698 dtype = IGMPV3_ALLOW_NEW_SOURCES; 699 } else { 700 type = IGMPV3_ALLOW_NEW_SOURCES; 701 dtype = IGMPV3_BLOCK_OLD_SOURCES; 702 } 703 skb = add_grec(skb, pmc, type, 0, 0); 704 skb = add_grec(skb, pmc, dtype, 0, 1); /* deleted sources */ 705 706 /* filter mode changes */ 707 if (pmc->crcount) { 708 if (pmc->sfmode == MCAST_EXCLUDE) 709 type = IGMPV3_CHANGE_TO_EXCLUDE; 710 else 711 type = IGMPV3_CHANGE_TO_INCLUDE; 712 skb = add_grec(skb, pmc, type, 0, 0); 713 pmc->crcount--; 714 } 715 spin_unlock_bh(&pmc->lock); 716 } 717 rcu_read_unlock(); 718 719 if (!skb) 720 return; 721 (void) igmpv3_sendpack(skb); 722 } 723 724 static int igmp_send_report(struct in_device *in_dev, struct ip_mc_list *pmc, 725 int type) 726 { 727 struct sk_buff *skb; 728 struct iphdr *iph; 729 struct igmphdr *ih; 730 struct rtable *rt; 731 struct net_device *dev = in_dev->dev; 732 struct net *net = dev_net(dev); 733 __be32 group = pmc ? pmc->multiaddr : 0; 734 struct flowi4 fl4; 735 __be32 dst; 736 int hlen, tlen; 737 738 if (type == IGMPV3_HOST_MEMBERSHIP_REPORT) 739 return igmpv3_send_report(in_dev, pmc); 740 741 if (ipv4_is_local_multicast(group) && !net->ipv4.sysctl_igmp_llm_reports) 742 return 0; 743 744 if (type == IGMP_HOST_LEAVE_MESSAGE) 745 dst = IGMP_ALL_ROUTER; 746 else 747 dst = group; 748 749 rt = ip_route_output_ports(net, &fl4, NULL, dst, 0, 750 0, 0, 751 IPPROTO_IGMP, 0, dev->ifindex); 752 if (IS_ERR(rt)) 753 return -1; 754 755 hlen = LL_RESERVED_SPACE(dev); 756 tlen = dev->needed_tailroom; 757 skb = alloc_skb(IGMP_SIZE + hlen + tlen, GFP_ATOMIC); 758 if (!skb) { 759 ip_rt_put(rt); 760 return -1; 761 } 762 skb->priority = TC_PRIO_CONTROL; 763 764 skb_dst_set(skb, &rt->dst); 765 766 skb_reserve(skb, hlen); 767 768 skb_reset_network_header(skb); 769 iph = ip_hdr(skb); 770 skb_put(skb, sizeof(struct iphdr) + 4); 771 772 iph->version = 4; 773 iph->ihl = (sizeof(struct iphdr)+4)>>2; 774 iph->tos = 0xc0; 775 iph->frag_off = htons(IP_DF); 776 iph->ttl = 1; 777 iph->daddr = dst; 778 iph->saddr = fl4.saddr; 779 iph->protocol = IPPROTO_IGMP; 780 ip_select_ident(net, skb, NULL); 781 ((u8 *)&iph[1])[0] = IPOPT_RA; 782 ((u8 *)&iph[1])[1] = 4; 783 ((u8 *)&iph[1])[2] = 0; 784 ((u8 *)&iph[1])[3] = 0; 785 786 ih = skb_put(skb, sizeof(struct igmphdr)); 787 ih->type = type; 788 ih->code = 0; 789 ih->csum = 0; 790 ih->group = group; 791 ih->csum = ip_compute_csum((void *)ih, sizeof(struct igmphdr)); 792 793 return ip_local_out(net, skb->sk, skb); 794 } 795 796 static void igmp_gq_timer_expire(struct timer_list *t) 797 { 798 struct in_device *in_dev = from_timer(in_dev, t, mr_gq_timer); 799 800 in_dev->mr_gq_running = 0; 801 igmpv3_send_report(in_dev, NULL); 802 in_dev_put(in_dev); 803 } 804 805 static void igmp_ifc_timer_expire(struct timer_list *t) 806 { 807 struct in_device *in_dev = from_timer(in_dev, t, mr_ifc_timer); 808 809 igmpv3_send_cr(in_dev); 810 if (in_dev->mr_ifc_count) { 811 in_dev->mr_ifc_count--; 812 igmp_ifc_start_timer(in_dev, 813 unsolicited_report_interval(in_dev)); 814 } 815 in_dev_put(in_dev); 816 } 817 818 static void igmp_ifc_event(struct in_device *in_dev) 819 { 820 struct net *net = dev_net(in_dev->dev); 821 if (IGMP_V1_SEEN(in_dev) || IGMP_V2_SEEN(in_dev)) 822 return; 823 in_dev->mr_ifc_count = in_dev->mr_qrv ?: net->ipv4.sysctl_igmp_qrv; 824 igmp_ifc_start_timer(in_dev, 1); 825 } 826 827 828 static void igmp_timer_expire(struct timer_list *t) 829 { 830 struct ip_mc_list *im = from_timer(im, t, timer); 831 struct in_device *in_dev = im->interface; 832 833 spin_lock(&im->lock); 834 im->tm_running = 0; 835 836 if (im->unsolicit_count && --im->unsolicit_count) 837 igmp_start_timer(im, unsolicited_report_interval(in_dev)); 838 839 im->reporter = 1; 840 spin_unlock(&im->lock); 841 842 if (IGMP_V1_SEEN(in_dev)) 843 igmp_send_report(in_dev, im, IGMP_HOST_MEMBERSHIP_REPORT); 844 else if (IGMP_V2_SEEN(in_dev)) 845 igmp_send_report(in_dev, im, IGMPV2_HOST_MEMBERSHIP_REPORT); 846 else 847 igmp_send_report(in_dev, im, IGMPV3_HOST_MEMBERSHIP_REPORT); 848 849 ip_ma_put(im); 850 } 851 852 /* mark EXCLUDE-mode sources */ 853 static int igmp_xmarksources(struct ip_mc_list *pmc, int nsrcs, __be32 *srcs) 854 { 855 struct ip_sf_list *psf; 856 int i, scount; 857 858 scount = 0; 859 for (psf = pmc->sources; psf; psf = psf->sf_next) { 860 if (scount == nsrcs) 861 break; 862 for (i = 0; i < nsrcs; i++) { 863 /* skip inactive filters */ 864 if (psf->sf_count[MCAST_INCLUDE] || 865 pmc->sfcount[MCAST_EXCLUDE] != 866 psf->sf_count[MCAST_EXCLUDE]) 867 break; 868 if (srcs[i] == psf->sf_inaddr) { 869 scount++; 870 break; 871 } 872 } 873 } 874 pmc->gsquery = 0; 875 if (scount == nsrcs) /* all sources excluded */ 876 return 0; 877 return 1; 878 } 879 880 static int igmp_marksources(struct ip_mc_list *pmc, int nsrcs, __be32 *srcs) 881 { 882 struct ip_sf_list *psf; 883 int i, scount; 884 885 if (pmc->sfmode == MCAST_EXCLUDE) 886 return igmp_xmarksources(pmc, nsrcs, srcs); 887 888 /* mark INCLUDE-mode sources */ 889 scount = 0; 890 for (psf = pmc->sources; psf; psf = psf->sf_next) { 891 if (scount == nsrcs) 892 break; 893 for (i = 0; i < nsrcs; i++) 894 if (srcs[i] == psf->sf_inaddr) { 895 psf->sf_gsresp = 1; 896 scount++; 897 break; 898 } 899 } 900 if (!scount) { 901 pmc->gsquery = 0; 902 return 0; 903 } 904 pmc->gsquery = 1; 905 return 1; 906 } 907 908 /* return true if packet was dropped */ 909 static bool igmp_heard_report(struct in_device *in_dev, __be32 group) 910 { 911 struct ip_mc_list *im; 912 struct net *net = dev_net(in_dev->dev); 913 914 /* Timers are only set for non-local groups */ 915 916 if (group == IGMP_ALL_HOSTS) 917 return false; 918 if (ipv4_is_local_multicast(group) && !net->ipv4.sysctl_igmp_llm_reports) 919 return false; 920 921 rcu_read_lock(); 922 for_each_pmc_rcu(in_dev, im) { 923 if (im->multiaddr == group) { 924 igmp_stop_timer(im); 925 break; 926 } 927 } 928 rcu_read_unlock(); 929 return false; 930 } 931 932 /* return true if packet was dropped */ 933 static bool igmp_heard_query(struct in_device *in_dev, struct sk_buff *skb, 934 int len) 935 { 936 struct igmphdr *ih = igmp_hdr(skb); 937 struct igmpv3_query *ih3 = igmpv3_query_hdr(skb); 938 struct ip_mc_list *im; 939 __be32 group = ih->group; 940 int max_delay; 941 int mark = 0; 942 struct net *net = dev_net(in_dev->dev); 943 944 945 if (len == 8) { 946 if (ih->code == 0) { 947 /* Alas, old v1 router presents here. */ 948 949 max_delay = IGMP_QUERY_RESPONSE_INTERVAL; 950 in_dev->mr_v1_seen = jiffies + 951 (in_dev->mr_qrv * in_dev->mr_qi) + 952 in_dev->mr_qri; 953 group = 0; 954 } else { 955 /* v2 router present */ 956 max_delay = ih->code*(HZ/IGMP_TIMER_SCALE); 957 in_dev->mr_v2_seen = jiffies + 958 (in_dev->mr_qrv * in_dev->mr_qi) + 959 in_dev->mr_qri; 960 } 961 /* cancel the interface change timer */ 962 in_dev->mr_ifc_count = 0; 963 if (del_timer(&in_dev->mr_ifc_timer)) 964 __in_dev_put(in_dev); 965 /* clear deleted report items */ 966 igmpv3_clear_delrec(in_dev); 967 } else if (len < 12) { 968 return true; /* ignore bogus packet; freed by caller */ 969 } else if (IGMP_V1_SEEN(in_dev)) { 970 /* This is a v3 query with v1 queriers present */ 971 max_delay = IGMP_QUERY_RESPONSE_INTERVAL; 972 group = 0; 973 } else if (IGMP_V2_SEEN(in_dev)) { 974 /* this is a v3 query with v2 queriers present; 975 * Interpretation of the max_delay code is problematic here. 976 * A real v2 host would use ih_code directly, while v3 has a 977 * different encoding. We use the v3 encoding as more likely 978 * to be intended in a v3 query. 979 */ 980 max_delay = IGMPV3_MRC(ih3->code)*(HZ/IGMP_TIMER_SCALE); 981 if (!max_delay) 982 max_delay = 1; /* can't mod w/ 0 */ 983 } else { /* v3 */ 984 if (!pskb_may_pull(skb, sizeof(struct igmpv3_query))) 985 return true; 986 987 ih3 = igmpv3_query_hdr(skb); 988 if (ih3->nsrcs) { 989 if (!pskb_may_pull(skb, sizeof(struct igmpv3_query) 990 + ntohs(ih3->nsrcs)*sizeof(__be32))) 991 return true; 992 ih3 = igmpv3_query_hdr(skb); 993 } 994 995 max_delay = IGMPV3_MRC(ih3->code)*(HZ/IGMP_TIMER_SCALE); 996 if (!max_delay) 997 max_delay = 1; /* can't mod w/ 0 */ 998 in_dev->mr_maxdelay = max_delay; 999 1000 /* RFC3376, 4.1.6. QRV and 4.1.7. QQIC, when the most recently 1001 * received value was zero, use the default or statically 1002 * configured value. 1003 */ 1004 in_dev->mr_qrv = ih3->qrv ?: net->ipv4.sysctl_igmp_qrv; 1005 in_dev->mr_qi = IGMPV3_QQIC(ih3->qqic)*HZ ?: IGMP_QUERY_INTERVAL; 1006 1007 /* RFC3376, 8.3. Query Response Interval: 1008 * The number of seconds represented by the [Query Response 1009 * Interval] must be less than the [Query Interval]. 1010 */ 1011 if (in_dev->mr_qri >= in_dev->mr_qi) 1012 in_dev->mr_qri = (in_dev->mr_qi/HZ - 1)*HZ; 1013 1014 if (!group) { /* general query */ 1015 if (ih3->nsrcs) 1016 return true; /* no sources allowed */ 1017 igmp_gq_start_timer(in_dev); 1018 return false; 1019 } 1020 /* mark sources to include, if group & source-specific */ 1021 mark = ih3->nsrcs != 0; 1022 } 1023 1024 /* 1025 * - Start the timers in all of our membership records 1026 * that the query applies to for the interface on 1027 * which the query arrived excl. those that belong 1028 * to a "local" group (224.0.0.X) 1029 * - For timers already running check if they need to 1030 * be reset. 1031 * - Use the igmp->igmp_code field as the maximum 1032 * delay possible 1033 */ 1034 rcu_read_lock(); 1035 for_each_pmc_rcu(in_dev, im) { 1036 int changed; 1037 1038 if (group && group != im->multiaddr) 1039 continue; 1040 if (im->multiaddr == IGMP_ALL_HOSTS) 1041 continue; 1042 if (ipv4_is_local_multicast(im->multiaddr) && 1043 !net->ipv4.sysctl_igmp_llm_reports) 1044 continue; 1045 spin_lock_bh(&im->lock); 1046 if (im->tm_running) 1047 im->gsquery = im->gsquery && mark; 1048 else 1049 im->gsquery = mark; 1050 changed = !im->gsquery || 1051 igmp_marksources(im, ntohs(ih3->nsrcs), ih3->srcs); 1052 spin_unlock_bh(&im->lock); 1053 if (changed) 1054 igmp_mod_timer(im, max_delay); 1055 } 1056 rcu_read_unlock(); 1057 return false; 1058 } 1059 1060 /* called in rcu_read_lock() section */ 1061 int igmp_rcv(struct sk_buff *skb) 1062 { 1063 /* This basically follows the spec line by line -- see RFC1112 */ 1064 struct igmphdr *ih; 1065 struct net_device *dev = skb->dev; 1066 struct in_device *in_dev; 1067 int len = skb->len; 1068 bool dropped = true; 1069 1070 if (netif_is_l3_master(dev)) { 1071 dev = dev_get_by_index_rcu(dev_net(dev), IPCB(skb)->iif); 1072 if (!dev) 1073 goto drop; 1074 } 1075 1076 in_dev = __in_dev_get_rcu(dev); 1077 if (!in_dev) 1078 goto drop; 1079 1080 if (!pskb_may_pull(skb, sizeof(struct igmphdr))) 1081 goto drop; 1082 1083 if (skb_checksum_simple_validate(skb)) 1084 goto drop; 1085 1086 ih = igmp_hdr(skb); 1087 switch (ih->type) { 1088 case IGMP_HOST_MEMBERSHIP_QUERY: 1089 dropped = igmp_heard_query(in_dev, skb, len); 1090 break; 1091 case IGMP_HOST_MEMBERSHIP_REPORT: 1092 case IGMPV2_HOST_MEMBERSHIP_REPORT: 1093 /* Is it our report looped back? */ 1094 if (rt_is_output_route(skb_rtable(skb))) 1095 break; 1096 /* don't rely on MC router hearing unicast reports */ 1097 if (skb->pkt_type == PACKET_MULTICAST || 1098 skb->pkt_type == PACKET_BROADCAST) 1099 dropped = igmp_heard_report(in_dev, ih->group); 1100 break; 1101 case IGMP_PIM: 1102 #ifdef CONFIG_IP_PIMSM_V1 1103 return pim_rcv_v1(skb); 1104 #endif 1105 case IGMPV3_HOST_MEMBERSHIP_REPORT: 1106 case IGMP_DVMRP: 1107 case IGMP_TRACE: 1108 case IGMP_HOST_LEAVE_MESSAGE: 1109 case IGMP_MTRACE: 1110 case IGMP_MTRACE_RESP: 1111 break; 1112 default: 1113 break; 1114 } 1115 1116 drop: 1117 if (dropped) 1118 kfree_skb(skb); 1119 else 1120 consume_skb(skb); 1121 return 0; 1122 } 1123 1124 #endif 1125 1126 1127 /* 1128 * Add a filter to a device 1129 */ 1130 1131 static void ip_mc_filter_add(struct in_device *in_dev, __be32 addr) 1132 { 1133 char buf[MAX_ADDR_LEN]; 1134 struct net_device *dev = in_dev->dev; 1135 1136 /* Checking for IFF_MULTICAST here is WRONG-WRONG-WRONG. 1137 We will get multicast token leakage, when IFF_MULTICAST 1138 is changed. This check should be done in ndo_set_rx_mode 1139 routine. Something sort of: 1140 if (dev->mc_list && dev->flags&IFF_MULTICAST) { do it; } 1141 --ANK 1142 */ 1143 if (arp_mc_map(addr, buf, dev, 0) == 0) 1144 dev_mc_add(dev, buf); 1145 } 1146 1147 /* 1148 * Remove a filter from a device 1149 */ 1150 1151 static void ip_mc_filter_del(struct in_device *in_dev, __be32 addr) 1152 { 1153 char buf[MAX_ADDR_LEN]; 1154 struct net_device *dev = in_dev->dev; 1155 1156 if (arp_mc_map(addr, buf, dev, 0) == 0) 1157 dev_mc_del(dev, buf); 1158 } 1159 1160 #ifdef CONFIG_IP_MULTICAST 1161 /* 1162 * deleted ip_mc_list manipulation 1163 */ 1164 static void igmpv3_add_delrec(struct in_device *in_dev, struct ip_mc_list *im, 1165 gfp_t gfp) 1166 { 1167 struct ip_mc_list *pmc; 1168 struct net *net = dev_net(in_dev->dev); 1169 1170 /* this is an "ip_mc_list" for convenience; only the fields below 1171 * are actually used. In particular, the refcnt and users are not 1172 * used for management of the delete list. Using the same structure 1173 * for deleted items allows change reports to use common code with 1174 * non-deleted or query-response MCA's. 1175 */ 1176 pmc = kzalloc(sizeof(*pmc), gfp); 1177 if (!pmc) 1178 return; 1179 spin_lock_init(&pmc->lock); 1180 spin_lock_bh(&im->lock); 1181 pmc->interface = im->interface; 1182 in_dev_hold(in_dev); 1183 pmc->multiaddr = im->multiaddr; 1184 pmc->crcount = in_dev->mr_qrv ?: net->ipv4.sysctl_igmp_qrv; 1185 pmc->sfmode = im->sfmode; 1186 if (pmc->sfmode == MCAST_INCLUDE) { 1187 struct ip_sf_list *psf; 1188 1189 pmc->tomb = im->tomb; 1190 pmc->sources = im->sources; 1191 im->tomb = im->sources = NULL; 1192 for (psf = pmc->sources; psf; psf = psf->sf_next) 1193 psf->sf_crcount = pmc->crcount; 1194 } 1195 spin_unlock_bh(&im->lock); 1196 1197 spin_lock_bh(&in_dev->mc_tomb_lock); 1198 pmc->next = in_dev->mc_tomb; 1199 in_dev->mc_tomb = pmc; 1200 spin_unlock_bh(&in_dev->mc_tomb_lock); 1201 } 1202 1203 /* 1204 * restore ip_mc_list deleted records 1205 */ 1206 static void igmpv3_del_delrec(struct in_device *in_dev, struct ip_mc_list *im) 1207 { 1208 struct ip_mc_list *pmc, *pmc_prev; 1209 struct ip_sf_list *psf; 1210 struct net *net = dev_net(in_dev->dev); 1211 __be32 multiaddr = im->multiaddr; 1212 1213 spin_lock_bh(&in_dev->mc_tomb_lock); 1214 pmc_prev = NULL; 1215 for (pmc = in_dev->mc_tomb; pmc; pmc = pmc->next) { 1216 if (pmc->multiaddr == multiaddr) 1217 break; 1218 pmc_prev = pmc; 1219 } 1220 if (pmc) { 1221 if (pmc_prev) 1222 pmc_prev->next = pmc->next; 1223 else 1224 in_dev->mc_tomb = pmc->next; 1225 } 1226 spin_unlock_bh(&in_dev->mc_tomb_lock); 1227 1228 spin_lock_bh(&im->lock); 1229 if (pmc) { 1230 im->interface = pmc->interface; 1231 if (im->sfmode == MCAST_INCLUDE) { 1232 swap(im->tomb, pmc->tomb); 1233 swap(im->sources, pmc->sources); 1234 for (psf = im->sources; psf; psf = psf->sf_next) 1235 psf->sf_crcount = in_dev->mr_qrv ?: net->ipv4.sysctl_igmp_qrv; 1236 } else { 1237 im->crcount = in_dev->mr_qrv ?: net->ipv4.sysctl_igmp_qrv; 1238 } 1239 in_dev_put(pmc->interface); 1240 kfree_pmc(pmc); 1241 } 1242 spin_unlock_bh(&im->lock); 1243 } 1244 1245 /* 1246 * flush ip_mc_list deleted records 1247 */ 1248 static void igmpv3_clear_delrec(struct in_device *in_dev) 1249 { 1250 struct ip_mc_list *pmc, *nextpmc; 1251 1252 spin_lock_bh(&in_dev->mc_tomb_lock); 1253 pmc = in_dev->mc_tomb; 1254 in_dev->mc_tomb = NULL; 1255 spin_unlock_bh(&in_dev->mc_tomb_lock); 1256 1257 for (; pmc; pmc = nextpmc) { 1258 nextpmc = pmc->next; 1259 ip_mc_clear_src(pmc); 1260 in_dev_put(pmc->interface); 1261 kfree_pmc(pmc); 1262 } 1263 /* clear dead sources, too */ 1264 rcu_read_lock(); 1265 for_each_pmc_rcu(in_dev, pmc) { 1266 struct ip_sf_list *psf; 1267 1268 spin_lock_bh(&pmc->lock); 1269 psf = pmc->tomb; 1270 pmc->tomb = NULL; 1271 spin_unlock_bh(&pmc->lock); 1272 ip_sf_list_clear_all(psf); 1273 } 1274 rcu_read_unlock(); 1275 } 1276 #endif 1277 1278 static void __igmp_group_dropped(struct ip_mc_list *im, gfp_t gfp) 1279 { 1280 struct in_device *in_dev = im->interface; 1281 #ifdef CONFIG_IP_MULTICAST 1282 struct net *net = dev_net(in_dev->dev); 1283 int reporter; 1284 #endif 1285 1286 if (im->loaded) { 1287 im->loaded = 0; 1288 ip_mc_filter_del(in_dev, im->multiaddr); 1289 } 1290 1291 #ifdef CONFIG_IP_MULTICAST 1292 if (im->multiaddr == IGMP_ALL_HOSTS) 1293 return; 1294 if (ipv4_is_local_multicast(im->multiaddr) && !net->ipv4.sysctl_igmp_llm_reports) 1295 return; 1296 1297 reporter = im->reporter; 1298 igmp_stop_timer(im); 1299 1300 if (!in_dev->dead) { 1301 if (IGMP_V1_SEEN(in_dev)) 1302 return; 1303 if (IGMP_V2_SEEN(in_dev)) { 1304 if (reporter) 1305 igmp_send_report(in_dev, im, IGMP_HOST_LEAVE_MESSAGE); 1306 return; 1307 } 1308 /* IGMPv3 */ 1309 igmpv3_add_delrec(in_dev, im, gfp); 1310 1311 igmp_ifc_event(in_dev); 1312 } 1313 #endif 1314 } 1315 1316 static void igmp_group_dropped(struct ip_mc_list *im) 1317 { 1318 __igmp_group_dropped(im, GFP_KERNEL); 1319 } 1320 1321 static void igmp_group_added(struct ip_mc_list *im) 1322 { 1323 struct in_device *in_dev = im->interface; 1324 #ifdef CONFIG_IP_MULTICAST 1325 struct net *net = dev_net(in_dev->dev); 1326 #endif 1327 1328 if (im->loaded == 0) { 1329 im->loaded = 1; 1330 ip_mc_filter_add(in_dev, im->multiaddr); 1331 } 1332 1333 #ifdef CONFIG_IP_MULTICAST 1334 if (im->multiaddr == IGMP_ALL_HOSTS) 1335 return; 1336 if (ipv4_is_local_multicast(im->multiaddr) && !net->ipv4.sysctl_igmp_llm_reports) 1337 return; 1338 1339 if (in_dev->dead) 1340 return; 1341 1342 im->unsolicit_count = net->ipv4.sysctl_igmp_qrv; 1343 if (IGMP_V1_SEEN(in_dev) || IGMP_V2_SEEN(in_dev)) { 1344 spin_lock_bh(&im->lock); 1345 igmp_start_timer(im, IGMP_INITIAL_REPORT_DELAY); 1346 spin_unlock_bh(&im->lock); 1347 return; 1348 } 1349 /* else, v3 */ 1350 1351 /* Based on RFC3376 5.1, for newly added INCLUDE SSM, we should 1352 * not send filter-mode change record as the mode should be from 1353 * IN() to IN(A). 1354 */ 1355 if (im->sfmode == MCAST_EXCLUDE) 1356 im->crcount = in_dev->mr_qrv ?: net->ipv4.sysctl_igmp_qrv; 1357 1358 igmp_ifc_event(in_dev); 1359 #endif 1360 } 1361 1362 1363 /* 1364 * Multicast list managers 1365 */ 1366 1367 static u32 ip_mc_hash(const struct ip_mc_list *im) 1368 { 1369 return hash_32((__force u32)im->multiaddr, MC_HASH_SZ_LOG); 1370 } 1371 1372 static void ip_mc_hash_add(struct in_device *in_dev, 1373 struct ip_mc_list *im) 1374 { 1375 struct ip_mc_list __rcu **mc_hash; 1376 u32 hash; 1377 1378 mc_hash = rtnl_dereference(in_dev->mc_hash); 1379 if (mc_hash) { 1380 hash = ip_mc_hash(im); 1381 im->next_hash = mc_hash[hash]; 1382 rcu_assign_pointer(mc_hash[hash], im); 1383 return; 1384 } 1385 1386 /* do not use a hash table for small number of items */ 1387 if (in_dev->mc_count < 4) 1388 return; 1389 1390 mc_hash = kzalloc(sizeof(struct ip_mc_list *) << MC_HASH_SZ_LOG, 1391 GFP_KERNEL); 1392 if (!mc_hash) 1393 return; 1394 1395 for_each_pmc_rtnl(in_dev, im) { 1396 hash = ip_mc_hash(im); 1397 im->next_hash = mc_hash[hash]; 1398 RCU_INIT_POINTER(mc_hash[hash], im); 1399 } 1400 1401 rcu_assign_pointer(in_dev->mc_hash, mc_hash); 1402 } 1403 1404 static void ip_mc_hash_remove(struct in_device *in_dev, 1405 struct ip_mc_list *im) 1406 { 1407 struct ip_mc_list __rcu **mc_hash = rtnl_dereference(in_dev->mc_hash); 1408 struct ip_mc_list *aux; 1409 1410 if (!mc_hash) 1411 return; 1412 mc_hash += ip_mc_hash(im); 1413 while ((aux = rtnl_dereference(*mc_hash)) != im) 1414 mc_hash = &aux->next_hash; 1415 *mc_hash = im->next_hash; 1416 } 1417 1418 1419 /* 1420 * A socket has joined a multicast group on device dev. 1421 */ 1422 static void ____ip_mc_inc_group(struct in_device *in_dev, __be32 addr, 1423 unsigned int mode, gfp_t gfp) 1424 { 1425 struct ip_mc_list *im; 1426 1427 ASSERT_RTNL(); 1428 1429 for_each_pmc_rtnl(in_dev, im) { 1430 if (im->multiaddr == addr) { 1431 im->users++; 1432 ip_mc_add_src(in_dev, &addr, mode, 0, NULL, 0); 1433 goto out; 1434 } 1435 } 1436 1437 im = kzalloc(sizeof(*im), gfp); 1438 if (!im) 1439 goto out; 1440 1441 im->users = 1; 1442 im->interface = in_dev; 1443 in_dev_hold(in_dev); 1444 im->multiaddr = addr; 1445 /* initial mode is (EX, empty) */ 1446 im->sfmode = mode; 1447 im->sfcount[mode] = 1; 1448 refcount_set(&im->refcnt, 1); 1449 spin_lock_init(&im->lock); 1450 #ifdef CONFIG_IP_MULTICAST 1451 timer_setup(&im->timer, igmp_timer_expire, 0); 1452 #endif 1453 1454 im->next_rcu = in_dev->mc_list; 1455 in_dev->mc_count++; 1456 rcu_assign_pointer(in_dev->mc_list, im); 1457 1458 ip_mc_hash_add(in_dev, im); 1459 1460 #ifdef CONFIG_IP_MULTICAST 1461 igmpv3_del_delrec(in_dev, im); 1462 #endif 1463 igmp_group_added(im); 1464 if (!in_dev->dead) 1465 ip_rt_multicast_event(in_dev); 1466 out: 1467 return; 1468 } 1469 1470 void __ip_mc_inc_group(struct in_device *in_dev, __be32 addr, gfp_t gfp) 1471 { 1472 ____ip_mc_inc_group(in_dev, addr, MCAST_EXCLUDE, gfp); 1473 } 1474 EXPORT_SYMBOL(__ip_mc_inc_group); 1475 1476 void ip_mc_inc_group(struct in_device *in_dev, __be32 addr) 1477 { 1478 __ip_mc_inc_group(in_dev, addr, GFP_KERNEL); 1479 } 1480 EXPORT_SYMBOL(ip_mc_inc_group); 1481 1482 static int ip_mc_check_iphdr(struct sk_buff *skb) 1483 { 1484 const struct iphdr *iph; 1485 unsigned int len; 1486 unsigned int offset = skb_network_offset(skb) + sizeof(*iph); 1487 1488 if (!pskb_may_pull(skb, offset)) 1489 return -EINVAL; 1490 1491 iph = ip_hdr(skb); 1492 1493 if (iph->version != 4 || ip_hdrlen(skb) < sizeof(*iph)) 1494 return -EINVAL; 1495 1496 offset += ip_hdrlen(skb) - sizeof(*iph); 1497 1498 if (!pskb_may_pull(skb, offset)) 1499 return -EINVAL; 1500 1501 iph = ip_hdr(skb); 1502 1503 if (unlikely(ip_fast_csum((u8 *)iph, iph->ihl))) 1504 return -EINVAL; 1505 1506 len = skb_network_offset(skb) + ntohs(iph->tot_len); 1507 if (skb->len < len || len < offset) 1508 return -EINVAL; 1509 1510 skb_set_transport_header(skb, offset); 1511 1512 return 0; 1513 } 1514 1515 static int ip_mc_check_igmp_reportv3(struct sk_buff *skb) 1516 { 1517 unsigned int len = skb_transport_offset(skb); 1518 1519 len += sizeof(struct igmpv3_report); 1520 1521 return ip_mc_may_pull(skb, len) ? 0 : -EINVAL; 1522 } 1523 1524 static int ip_mc_check_igmp_query(struct sk_buff *skb) 1525 { 1526 unsigned int transport_len = ip_transport_len(skb); 1527 unsigned int len; 1528 1529 /* IGMPv{1,2}? */ 1530 if (transport_len != sizeof(struct igmphdr)) { 1531 /* or IGMPv3? */ 1532 if (transport_len < sizeof(struct igmpv3_query)) 1533 return -EINVAL; 1534 1535 len = skb_transport_offset(skb) + sizeof(struct igmpv3_query); 1536 if (!ip_mc_may_pull(skb, len)) 1537 return -EINVAL; 1538 } 1539 1540 /* RFC2236+RFC3376 (IGMPv2+IGMPv3) require the multicast link layer 1541 * all-systems destination addresses (224.0.0.1) for general queries 1542 */ 1543 if (!igmp_hdr(skb)->group && 1544 ip_hdr(skb)->daddr != htonl(INADDR_ALLHOSTS_GROUP)) 1545 return -EINVAL; 1546 1547 return 0; 1548 } 1549 1550 static int ip_mc_check_igmp_msg(struct sk_buff *skb) 1551 { 1552 switch (igmp_hdr(skb)->type) { 1553 case IGMP_HOST_LEAVE_MESSAGE: 1554 case IGMP_HOST_MEMBERSHIP_REPORT: 1555 case IGMPV2_HOST_MEMBERSHIP_REPORT: 1556 return 0; 1557 case IGMPV3_HOST_MEMBERSHIP_REPORT: 1558 return ip_mc_check_igmp_reportv3(skb); 1559 case IGMP_HOST_MEMBERSHIP_QUERY: 1560 return ip_mc_check_igmp_query(skb); 1561 default: 1562 return -ENOMSG; 1563 } 1564 } 1565 1566 static __sum16 ip_mc_validate_checksum(struct sk_buff *skb) 1567 { 1568 return skb_checksum_simple_validate(skb); 1569 } 1570 1571 static int ip_mc_check_igmp_csum(struct sk_buff *skb) 1572 { 1573 unsigned int len = skb_transport_offset(skb) + sizeof(struct igmphdr); 1574 unsigned int transport_len = ip_transport_len(skb); 1575 struct sk_buff *skb_chk; 1576 1577 if (!ip_mc_may_pull(skb, len)) 1578 return -EINVAL; 1579 1580 skb_chk = skb_checksum_trimmed(skb, transport_len, 1581 ip_mc_validate_checksum); 1582 if (!skb_chk) 1583 return -EINVAL; 1584 1585 if (skb_chk != skb) 1586 kfree_skb(skb_chk); 1587 1588 return 0; 1589 } 1590 1591 /** 1592 * ip_mc_check_igmp - checks whether this is a sane IGMP packet 1593 * @skb: the skb to validate 1594 * 1595 * Checks whether an IPv4 packet is a valid IGMP packet. If so sets 1596 * skb transport header accordingly and returns zero. 1597 * 1598 * -EINVAL: A broken packet was detected, i.e. it violates some internet 1599 * standard 1600 * -ENOMSG: IP header validation succeeded but it is not an IGMP packet. 1601 * -ENOMEM: A memory allocation failure happened. 1602 * 1603 * Caller needs to set the skb network header and free any returned skb if it 1604 * differs from the provided skb. 1605 */ 1606 int ip_mc_check_igmp(struct sk_buff *skb) 1607 { 1608 int ret = ip_mc_check_iphdr(skb); 1609 1610 if (ret < 0) 1611 return ret; 1612 1613 if (ip_hdr(skb)->protocol != IPPROTO_IGMP) 1614 return -ENOMSG; 1615 1616 ret = ip_mc_check_igmp_csum(skb); 1617 if (ret < 0) 1618 return ret; 1619 1620 return ip_mc_check_igmp_msg(skb); 1621 } 1622 EXPORT_SYMBOL(ip_mc_check_igmp); 1623 1624 /* 1625 * Resend IGMP JOIN report; used by netdev notifier. 1626 */ 1627 static void ip_mc_rejoin_groups(struct in_device *in_dev) 1628 { 1629 #ifdef CONFIG_IP_MULTICAST 1630 struct ip_mc_list *im; 1631 int type; 1632 struct net *net = dev_net(in_dev->dev); 1633 1634 ASSERT_RTNL(); 1635 1636 for_each_pmc_rtnl(in_dev, im) { 1637 if (im->multiaddr == IGMP_ALL_HOSTS) 1638 continue; 1639 if (ipv4_is_local_multicast(im->multiaddr) && 1640 !net->ipv4.sysctl_igmp_llm_reports) 1641 continue; 1642 1643 /* a failover is happening and switches 1644 * must be notified immediately 1645 */ 1646 if (IGMP_V1_SEEN(in_dev)) 1647 type = IGMP_HOST_MEMBERSHIP_REPORT; 1648 else if (IGMP_V2_SEEN(in_dev)) 1649 type = IGMPV2_HOST_MEMBERSHIP_REPORT; 1650 else 1651 type = IGMPV3_HOST_MEMBERSHIP_REPORT; 1652 igmp_send_report(in_dev, im, type); 1653 } 1654 #endif 1655 } 1656 1657 /* 1658 * A socket has left a multicast group on device dev 1659 */ 1660 1661 void __ip_mc_dec_group(struct in_device *in_dev, __be32 addr, gfp_t gfp) 1662 { 1663 struct ip_mc_list *i; 1664 struct ip_mc_list __rcu **ip; 1665 1666 ASSERT_RTNL(); 1667 1668 for (ip = &in_dev->mc_list; 1669 (i = rtnl_dereference(*ip)) != NULL; 1670 ip = &i->next_rcu) { 1671 if (i->multiaddr == addr) { 1672 if (--i->users == 0) { 1673 ip_mc_hash_remove(in_dev, i); 1674 *ip = i->next_rcu; 1675 in_dev->mc_count--; 1676 __igmp_group_dropped(i, gfp); 1677 ip_mc_clear_src(i); 1678 1679 if (!in_dev->dead) 1680 ip_rt_multicast_event(in_dev); 1681 1682 ip_ma_put(i); 1683 return; 1684 } 1685 break; 1686 } 1687 } 1688 } 1689 EXPORT_SYMBOL(__ip_mc_dec_group); 1690 1691 /* Device changing type */ 1692 1693 void ip_mc_unmap(struct in_device *in_dev) 1694 { 1695 struct ip_mc_list *pmc; 1696 1697 ASSERT_RTNL(); 1698 1699 for_each_pmc_rtnl(in_dev, pmc) 1700 igmp_group_dropped(pmc); 1701 } 1702 1703 void ip_mc_remap(struct in_device *in_dev) 1704 { 1705 struct ip_mc_list *pmc; 1706 1707 ASSERT_RTNL(); 1708 1709 for_each_pmc_rtnl(in_dev, pmc) { 1710 #ifdef CONFIG_IP_MULTICAST 1711 igmpv3_del_delrec(in_dev, pmc); 1712 #endif 1713 igmp_group_added(pmc); 1714 } 1715 } 1716 1717 /* Device going down */ 1718 1719 void ip_mc_down(struct in_device *in_dev) 1720 { 1721 struct ip_mc_list *pmc; 1722 1723 ASSERT_RTNL(); 1724 1725 for_each_pmc_rtnl(in_dev, pmc) 1726 igmp_group_dropped(pmc); 1727 1728 #ifdef CONFIG_IP_MULTICAST 1729 in_dev->mr_ifc_count = 0; 1730 if (del_timer(&in_dev->mr_ifc_timer)) 1731 __in_dev_put(in_dev); 1732 in_dev->mr_gq_running = 0; 1733 if (del_timer(&in_dev->mr_gq_timer)) 1734 __in_dev_put(in_dev); 1735 #endif 1736 1737 ip_mc_dec_group(in_dev, IGMP_ALL_HOSTS); 1738 } 1739 1740 #ifdef CONFIG_IP_MULTICAST 1741 static void ip_mc_reset(struct in_device *in_dev) 1742 { 1743 struct net *net = dev_net(in_dev->dev); 1744 1745 in_dev->mr_qi = IGMP_QUERY_INTERVAL; 1746 in_dev->mr_qri = IGMP_QUERY_RESPONSE_INTERVAL; 1747 in_dev->mr_qrv = net->ipv4.sysctl_igmp_qrv; 1748 } 1749 #else 1750 static void ip_mc_reset(struct in_device *in_dev) 1751 { 1752 } 1753 #endif 1754 1755 void ip_mc_init_dev(struct in_device *in_dev) 1756 { 1757 ASSERT_RTNL(); 1758 1759 #ifdef CONFIG_IP_MULTICAST 1760 timer_setup(&in_dev->mr_gq_timer, igmp_gq_timer_expire, 0); 1761 timer_setup(&in_dev->mr_ifc_timer, igmp_ifc_timer_expire, 0); 1762 #endif 1763 ip_mc_reset(in_dev); 1764 1765 spin_lock_init(&in_dev->mc_tomb_lock); 1766 } 1767 1768 /* Device going up */ 1769 1770 void ip_mc_up(struct in_device *in_dev) 1771 { 1772 struct ip_mc_list *pmc; 1773 1774 ASSERT_RTNL(); 1775 1776 ip_mc_reset(in_dev); 1777 ip_mc_inc_group(in_dev, IGMP_ALL_HOSTS); 1778 1779 for_each_pmc_rtnl(in_dev, pmc) { 1780 #ifdef CONFIG_IP_MULTICAST 1781 igmpv3_del_delrec(in_dev, pmc); 1782 #endif 1783 igmp_group_added(pmc); 1784 } 1785 } 1786 1787 /* 1788 * Device is about to be destroyed: clean up. 1789 */ 1790 1791 void ip_mc_destroy_dev(struct in_device *in_dev) 1792 { 1793 struct ip_mc_list *i; 1794 1795 ASSERT_RTNL(); 1796 1797 /* Deactivate timers */ 1798 ip_mc_down(in_dev); 1799 #ifdef CONFIG_IP_MULTICAST 1800 igmpv3_clear_delrec(in_dev); 1801 #endif 1802 1803 while ((i = rtnl_dereference(in_dev->mc_list)) != NULL) { 1804 in_dev->mc_list = i->next_rcu; 1805 in_dev->mc_count--; 1806 ip_ma_put(i); 1807 } 1808 } 1809 1810 /* RTNL is locked */ 1811 static struct in_device *ip_mc_find_dev(struct net *net, struct ip_mreqn *imr) 1812 { 1813 struct net_device *dev = NULL; 1814 struct in_device *idev = NULL; 1815 1816 if (imr->imr_ifindex) { 1817 idev = inetdev_by_index(net, imr->imr_ifindex); 1818 return idev; 1819 } 1820 if (imr->imr_address.s_addr) { 1821 dev = __ip_dev_find(net, imr->imr_address.s_addr, false); 1822 if (!dev) 1823 return NULL; 1824 } 1825 1826 if (!dev) { 1827 struct rtable *rt = ip_route_output(net, 1828 imr->imr_multiaddr.s_addr, 1829 0, 0, 0); 1830 if (!IS_ERR(rt)) { 1831 dev = rt->dst.dev; 1832 ip_rt_put(rt); 1833 } 1834 } 1835 if (dev) { 1836 imr->imr_ifindex = dev->ifindex; 1837 idev = __in_dev_get_rtnl(dev); 1838 } 1839 return idev; 1840 } 1841 1842 /* 1843 * Join a socket to a group 1844 */ 1845 1846 static int ip_mc_del1_src(struct ip_mc_list *pmc, int sfmode, 1847 __be32 *psfsrc) 1848 { 1849 struct ip_sf_list *psf, *psf_prev; 1850 int rv = 0; 1851 1852 psf_prev = NULL; 1853 for (psf = pmc->sources; psf; psf = psf->sf_next) { 1854 if (psf->sf_inaddr == *psfsrc) 1855 break; 1856 psf_prev = psf; 1857 } 1858 if (!psf || psf->sf_count[sfmode] == 0) { 1859 /* source filter not found, or count wrong => bug */ 1860 return -ESRCH; 1861 } 1862 psf->sf_count[sfmode]--; 1863 if (psf->sf_count[sfmode] == 0) { 1864 ip_rt_multicast_event(pmc->interface); 1865 } 1866 if (!psf->sf_count[MCAST_INCLUDE] && !psf->sf_count[MCAST_EXCLUDE]) { 1867 #ifdef CONFIG_IP_MULTICAST 1868 struct in_device *in_dev = pmc->interface; 1869 struct net *net = dev_net(in_dev->dev); 1870 #endif 1871 1872 /* no more filters for this source */ 1873 if (psf_prev) 1874 psf_prev->sf_next = psf->sf_next; 1875 else 1876 pmc->sources = psf->sf_next; 1877 #ifdef CONFIG_IP_MULTICAST 1878 if (psf->sf_oldin && 1879 !IGMP_V1_SEEN(in_dev) && !IGMP_V2_SEEN(in_dev)) { 1880 psf->sf_crcount = in_dev->mr_qrv ?: net->ipv4.sysctl_igmp_qrv; 1881 psf->sf_next = pmc->tomb; 1882 pmc->tomb = psf; 1883 rv = 1; 1884 } else 1885 #endif 1886 kfree(psf); 1887 } 1888 return rv; 1889 } 1890 1891 #ifndef CONFIG_IP_MULTICAST 1892 #define igmp_ifc_event(x) do { } while (0) 1893 #endif 1894 1895 static int ip_mc_del_src(struct in_device *in_dev, __be32 *pmca, int sfmode, 1896 int sfcount, __be32 *psfsrc, int delta) 1897 { 1898 struct ip_mc_list *pmc; 1899 int changerec = 0; 1900 int i, err; 1901 1902 if (!in_dev) 1903 return -ENODEV; 1904 rcu_read_lock(); 1905 for_each_pmc_rcu(in_dev, pmc) { 1906 if (*pmca == pmc->multiaddr) 1907 break; 1908 } 1909 if (!pmc) { 1910 /* MCA not found?? bug */ 1911 rcu_read_unlock(); 1912 return -ESRCH; 1913 } 1914 spin_lock_bh(&pmc->lock); 1915 rcu_read_unlock(); 1916 #ifdef CONFIG_IP_MULTICAST 1917 sf_markstate(pmc); 1918 #endif 1919 if (!delta) { 1920 err = -EINVAL; 1921 if (!pmc->sfcount[sfmode]) 1922 goto out_unlock; 1923 pmc->sfcount[sfmode]--; 1924 } 1925 err = 0; 1926 for (i = 0; i < sfcount; i++) { 1927 int rv = ip_mc_del1_src(pmc, sfmode, &psfsrc[i]); 1928 1929 changerec |= rv > 0; 1930 if (!err && rv < 0) 1931 err = rv; 1932 } 1933 if (pmc->sfmode == MCAST_EXCLUDE && 1934 pmc->sfcount[MCAST_EXCLUDE] == 0 && 1935 pmc->sfcount[MCAST_INCLUDE]) { 1936 #ifdef CONFIG_IP_MULTICAST 1937 struct ip_sf_list *psf; 1938 struct net *net = dev_net(in_dev->dev); 1939 #endif 1940 1941 /* filter mode change */ 1942 pmc->sfmode = MCAST_INCLUDE; 1943 #ifdef CONFIG_IP_MULTICAST 1944 pmc->crcount = in_dev->mr_qrv ?: net->ipv4.sysctl_igmp_qrv; 1945 in_dev->mr_ifc_count = pmc->crcount; 1946 for (psf = pmc->sources; psf; psf = psf->sf_next) 1947 psf->sf_crcount = 0; 1948 igmp_ifc_event(pmc->interface); 1949 } else if (sf_setstate(pmc) || changerec) { 1950 igmp_ifc_event(pmc->interface); 1951 #endif 1952 } 1953 out_unlock: 1954 spin_unlock_bh(&pmc->lock); 1955 return err; 1956 } 1957 1958 /* 1959 * Add multicast single-source filter to the interface list 1960 */ 1961 static int ip_mc_add1_src(struct ip_mc_list *pmc, int sfmode, 1962 __be32 *psfsrc) 1963 { 1964 struct ip_sf_list *psf, *psf_prev; 1965 1966 psf_prev = NULL; 1967 for (psf = pmc->sources; psf; psf = psf->sf_next) { 1968 if (psf->sf_inaddr == *psfsrc) 1969 break; 1970 psf_prev = psf; 1971 } 1972 if (!psf) { 1973 psf = kzalloc(sizeof(*psf), GFP_ATOMIC); 1974 if (!psf) 1975 return -ENOBUFS; 1976 psf->sf_inaddr = *psfsrc; 1977 if (psf_prev) { 1978 psf_prev->sf_next = psf; 1979 } else 1980 pmc->sources = psf; 1981 } 1982 psf->sf_count[sfmode]++; 1983 if (psf->sf_count[sfmode] == 1) { 1984 ip_rt_multicast_event(pmc->interface); 1985 } 1986 return 0; 1987 } 1988 1989 #ifdef CONFIG_IP_MULTICAST 1990 static void sf_markstate(struct ip_mc_list *pmc) 1991 { 1992 struct ip_sf_list *psf; 1993 int mca_xcount = pmc->sfcount[MCAST_EXCLUDE]; 1994 1995 for (psf = pmc->sources; psf; psf = psf->sf_next) 1996 if (pmc->sfcount[MCAST_EXCLUDE]) { 1997 psf->sf_oldin = mca_xcount == 1998 psf->sf_count[MCAST_EXCLUDE] && 1999 !psf->sf_count[MCAST_INCLUDE]; 2000 } else 2001 psf->sf_oldin = psf->sf_count[MCAST_INCLUDE] != 0; 2002 } 2003 2004 static int sf_setstate(struct ip_mc_list *pmc) 2005 { 2006 struct ip_sf_list *psf, *dpsf; 2007 int mca_xcount = pmc->sfcount[MCAST_EXCLUDE]; 2008 int qrv = pmc->interface->mr_qrv; 2009 int new_in, rv; 2010 2011 rv = 0; 2012 for (psf = pmc->sources; psf; psf = psf->sf_next) { 2013 if (pmc->sfcount[MCAST_EXCLUDE]) { 2014 new_in = mca_xcount == psf->sf_count[MCAST_EXCLUDE] && 2015 !psf->sf_count[MCAST_INCLUDE]; 2016 } else 2017 new_in = psf->sf_count[MCAST_INCLUDE] != 0; 2018 if (new_in) { 2019 if (!psf->sf_oldin) { 2020 struct ip_sf_list *prev = NULL; 2021 2022 for (dpsf = pmc->tomb; dpsf; dpsf = dpsf->sf_next) { 2023 if (dpsf->sf_inaddr == psf->sf_inaddr) 2024 break; 2025 prev = dpsf; 2026 } 2027 if (dpsf) { 2028 if (prev) 2029 prev->sf_next = dpsf->sf_next; 2030 else 2031 pmc->tomb = dpsf->sf_next; 2032 kfree(dpsf); 2033 } 2034 psf->sf_crcount = qrv; 2035 rv++; 2036 } 2037 } else if (psf->sf_oldin) { 2038 2039 psf->sf_crcount = 0; 2040 /* 2041 * add or update "delete" records if an active filter 2042 * is now inactive 2043 */ 2044 for (dpsf = pmc->tomb; dpsf; dpsf = dpsf->sf_next) 2045 if (dpsf->sf_inaddr == psf->sf_inaddr) 2046 break; 2047 if (!dpsf) { 2048 dpsf = kmalloc(sizeof(*dpsf), GFP_ATOMIC); 2049 if (!dpsf) 2050 continue; 2051 *dpsf = *psf; 2052 /* pmc->lock held by callers */ 2053 dpsf->sf_next = pmc->tomb; 2054 pmc->tomb = dpsf; 2055 } 2056 dpsf->sf_crcount = qrv; 2057 rv++; 2058 } 2059 } 2060 return rv; 2061 } 2062 #endif 2063 2064 /* 2065 * Add multicast source filter list to the interface list 2066 */ 2067 static int ip_mc_add_src(struct in_device *in_dev, __be32 *pmca, int sfmode, 2068 int sfcount, __be32 *psfsrc, int delta) 2069 { 2070 struct ip_mc_list *pmc; 2071 int isexclude; 2072 int i, err; 2073 2074 if (!in_dev) 2075 return -ENODEV; 2076 rcu_read_lock(); 2077 for_each_pmc_rcu(in_dev, pmc) { 2078 if (*pmca == pmc->multiaddr) 2079 break; 2080 } 2081 if (!pmc) { 2082 /* MCA not found?? bug */ 2083 rcu_read_unlock(); 2084 return -ESRCH; 2085 } 2086 spin_lock_bh(&pmc->lock); 2087 rcu_read_unlock(); 2088 2089 #ifdef CONFIG_IP_MULTICAST 2090 sf_markstate(pmc); 2091 #endif 2092 isexclude = pmc->sfmode == MCAST_EXCLUDE; 2093 if (!delta) 2094 pmc->sfcount[sfmode]++; 2095 err = 0; 2096 for (i = 0; i < sfcount; i++) { 2097 err = ip_mc_add1_src(pmc, sfmode, &psfsrc[i]); 2098 if (err) 2099 break; 2100 } 2101 if (err) { 2102 int j; 2103 2104 if (!delta) 2105 pmc->sfcount[sfmode]--; 2106 for (j = 0; j < i; j++) 2107 (void) ip_mc_del1_src(pmc, sfmode, &psfsrc[j]); 2108 } else if (isexclude != (pmc->sfcount[MCAST_EXCLUDE] != 0)) { 2109 #ifdef CONFIG_IP_MULTICAST 2110 struct ip_sf_list *psf; 2111 struct net *net = dev_net(pmc->interface->dev); 2112 in_dev = pmc->interface; 2113 #endif 2114 2115 /* filter mode change */ 2116 if (pmc->sfcount[MCAST_EXCLUDE]) 2117 pmc->sfmode = MCAST_EXCLUDE; 2118 else if (pmc->sfcount[MCAST_INCLUDE]) 2119 pmc->sfmode = MCAST_INCLUDE; 2120 #ifdef CONFIG_IP_MULTICAST 2121 /* else no filters; keep old mode for reports */ 2122 2123 pmc->crcount = in_dev->mr_qrv ?: net->ipv4.sysctl_igmp_qrv; 2124 in_dev->mr_ifc_count = pmc->crcount; 2125 for (psf = pmc->sources; psf; psf = psf->sf_next) 2126 psf->sf_crcount = 0; 2127 igmp_ifc_event(in_dev); 2128 } else if (sf_setstate(pmc)) { 2129 igmp_ifc_event(in_dev); 2130 #endif 2131 } 2132 spin_unlock_bh(&pmc->lock); 2133 return err; 2134 } 2135 2136 static void ip_mc_clear_src(struct ip_mc_list *pmc) 2137 { 2138 struct ip_sf_list *tomb, *sources; 2139 2140 spin_lock_bh(&pmc->lock); 2141 tomb = pmc->tomb; 2142 pmc->tomb = NULL; 2143 sources = pmc->sources; 2144 pmc->sources = NULL; 2145 pmc->sfmode = MCAST_EXCLUDE; 2146 pmc->sfcount[MCAST_INCLUDE] = 0; 2147 pmc->sfcount[MCAST_EXCLUDE] = 1; 2148 spin_unlock_bh(&pmc->lock); 2149 2150 ip_sf_list_clear_all(tomb); 2151 ip_sf_list_clear_all(sources); 2152 } 2153 2154 /* Join a multicast group 2155 */ 2156 static int __ip_mc_join_group(struct sock *sk, struct ip_mreqn *imr, 2157 unsigned int mode) 2158 { 2159 __be32 addr = imr->imr_multiaddr.s_addr; 2160 struct ip_mc_socklist *iml, *i; 2161 struct in_device *in_dev; 2162 struct inet_sock *inet = inet_sk(sk); 2163 struct net *net = sock_net(sk); 2164 int ifindex; 2165 int count = 0; 2166 int err; 2167 2168 ASSERT_RTNL(); 2169 2170 if (!ipv4_is_multicast(addr)) 2171 return -EINVAL; 2172 2173 in_dev = ip_mc_find_dev(net, imr); 2174 2175 if (!in_dev) { 2176 err = -ENODEV; 2177 goto done; 2178 } 2179 2180 err = -EADDRINUSE; 2181 ifindex = imr->imr_ifindex; 2182 for_each_pmc_rtnl(inet, i) { 2183 if (i->multi.imr_multiaddr.s_addr == addr && 2184 i->multi.imr_ifindex == ifindex) 2185 goto done; 2186 count++; 2187 } 2188 err = -ENOBUFS; 2189 if (count >= net->ipv4.sysctl_igmp_max_memberships) 2190 goto done; 2191 iml = sock_kmalloc(sk, sizeof(*iml), GFP_KERNEL); 2192 if (!iml) 2193 goto done; 2194 2195 memcpy(&iml->multi, imr, sizeof(*imr)); 2196 iml->next_rcu = inet->mc_list; 2197 iml->sflist = NULL; 2198 iml->sfmode = mode; 2199 rcu_assign_pointer(inet->mc_list, iml); 2200 ____ip_mc_inc_group(in_dev, addr, mode, GFP_KERNEL); 2201 err = 0; 2202 done: 2203 return err; 2204 } 2205 2206 /* Join ASM (Any-Source Multicast) group 2207 */ 2208 int ip_mc_join_group(struct sock *sk, struct ip_mreqn *imr) 2209 { 2210 return __ip_mc_join_group(sk, imr, MCAST_EXCLUDE); 2211 } 2212 EXPORT_SYMBOL(ip_mc_join_group); 2213 2214 /* Join SSM (Source-Specific Multicast) group 2215 */ 2216 int ip_mc_join_group_ssm(struct sock *sk, struct ip_mreqn *imr, 2217 unsigned int mode) 2218 { 2219 return __ip_mc_join_group(sk, imr, mode); 2220 } 2221 2222 static int ip_mc_leave_src(struct sock *sk, struct ip_mc_socklist *iml, 2223 struct in_device *in_dev) 2224 { 2225 struct ip_sf_socklist *psf = rtnl_dereference(iml->sflist); 2226 int err; 2227 2228 if (!psf) { 2229 /* any-source empty exclude case */ 2230 return ip_mc_del_src(in_dev, &iml->multi.imr_multiaddr.s_addr, 2231 iml->sfmode, 0, NULL, 0); 2232 } 2233 err = ip_mc_del_src(in_dev, &iml->multi.imr_multiaddr.s_addr, 2234 iml->sfmode, psf->sl_count, psf->sl_addr, 0); 2235 RCU_INIT_POINTER(iml->sflist, NULL); 2236 /* decrease mem now to avoid the memleak warning */ 2237 atomic_sub(IP_SFLSIZE(psf->sl_max), &sk->sk_omem_alloc); 2238 kfree_rcu(psf, rcu); 2239 return err; 2240 } 2241 2242 int ip_mc_leave_group(struct sock *sk, struct ip_mreqn *imr) 2243 { 2244 struct inet_sock *inet = inet_sk(sk); 2245 struct ip_mc_socklist *iml; 2246 struct ip_mc_socklist __rcu **imlp; 2247 struct in_device *in_dev; 2248 struct net *net = sock_net(sk); 2249 __be32 group = imr->imr_multiaddr.s_addr; 2250 u32 ifindex; 2251 int ret = -EADDRNOTAVAIL; 2252 2253 ASSERT_RTNL(); 2254 2255 in_dev = ip_mc_find_dev(net, imr); 2256 if (!imr->imr_ifindex && !imr->imr_address.s_addr && !in_dev) { 2257 ret = -ENODEV; 2258 goto out; 2259 } 2260 ifindex = imr->imr_ifindex; 2261 for (imlp = &inet->mc_list; 2262 (iml = rtnl_dereference(*imlp)) != NULL; 2263 imlp = &iml->next_rcu) { 2264 if (iml->multi.imr_multiaddr.s_addr != group) 2265 continue; 2266 if (ifindex) { 2267 if (iml->multi.imr_ifindex != ifindex) 2268 continue; 2269 } else if (imr->imr_address.s_addr && imr->imr_address.s_addr != 2270 iml->multi.imr_address.s_addr) 2271 continue; 2272 2273 (void) ip_mc_leave_src(sk, iml, in_dev); 2274 2275 *imlp = iml->next_rcu; 2276 2277 if (in_dev) 2278 ip_mc_dec_group(in_dev, group); 2279 2280 /* decrease mem now to avoid the memleak warning */ 2281 atomic_sub(sizeof(*iml), &sk->sk_omem_alloc); 2282 kfree_rcu(iml, rcu); 2283 return 0; 2284 } 2285 out: 2286 return ret; 2287 } 2288 EXPORT_SYMBOL(ip_mc_leave_group); 2289 2290 int ip_mc_source(int add, int omode, struct sock *sk, struct 2291 ip_mreq_source *mreqs, int ifindex) 2292 { 2293 int err; 2294 struct ip_mreqn imr; 2295 __be32 addr = mreqs->imr_multiaddr; 2296 struct ip_mc_socklist *pmc; 2297 struct in_device *in_dev = NULL; 2298 struct inet_sock *inet = inet_sk(sk); 2299 struct ip_sf_socklist *psl; 2300 struct net *net = sock_net(sk); 2301 int leavegroup = 0; 2302 int i, j, rv; 2303 2304 if (!ipv4_is_multicast(addr)) 2305 return -EINVAL; 2306 2307 ASSERT_RTNL(); 2308 2309 imr.imr_multiaddr.s_addr = mreqs->imr_multiaddr; 2310 imr.imr_address.s_addr = mreqs->imr_interface; 2311 imr.imr_ifindex = ifindex; 2312 in_dev = ip_mc_find_dev(net, &imr); 2313 2314 if (!in_dev) { 2315 err = -ENODEV; 2316 goto done; 2317 } 2318 err = -EADDRNOTAVAIL; 2319 2320 for_each_pmc_rtnl(inet, pmc) { 2321 if ((pmc->multi.imr_multiaddr.s_addr == 2322 imr.imr_multiaddr.s_addr) && 2323 (pmc->multi.imr_ifindex == imr.imr_ifindex)) 2324 break; 2325 } 2326 if (!pmc) { /* must have a prior join */ 2327 err = -EINVAL; 2328 goto done; 2329 } 2330 /* if a source filter was set, must be the same mode as before */ 2331 if (pmc->sflist) { 2332 if (pmc->sfmode != omode) { 2333 err = -EINVAL; 2334 goto done; 2335 } 2336 } else if (pmc->sfmode != omode) { 2337 /* allow mode switches for empty-set filters */ 2338 ip_mc_add_src(in_dev, &mreqs->imr_multiaddr, omode, 0, NULL, 0); 2339 ip_mc_del_src(in_dev, &mreqs->imr_multiaddr, pmc->sfmode, 0, 2340 NULL, 0); 2341 pmc->sfmode = omode; 2342 } 2343 2344 psl = rtnl_dereference(pmc->sflist); 2345 if (!add) { 2346 if (!psl) 2347 goto done; /* err = -EADDRNOTAVAIL */ 2348 rv = !0; 2349 for (i = 0; i < psl->sl_count; i++) { 2350 rv = memcmp(&psl->sl_addr[i], &mreqs->imr_sourceaddr, 2351 sizeof(__be32)); 2352 if (rv == 0) 2353 break; 2354 } 2355 if (rv) /* source not found */ 2356 goto done; /* err = -EADDRNOTAVAIL */ 2357 2358 /* special case - (INCLUDE, empty) == LEAVE_GROUP */ 2359 if (psl->sl_count == 1 && omode == MCAST_INCLUDE) { 2360 leavegroup = 1; 2361 goto done; 2362 } 2363 2364 /* update the interface filter */ 2365 ip_mc_del_src(in_dev, &mreqs->imr_multiaddr, omode, 1, 2366 &mreqs->imr_sourceaddr, 1); 2367 2368 for (j = i+1; j < psl->sl_count; j++) 2369 psl->sl_addr[j-1] = psl->sl_addr[j]; 2370 psl->sl_count--; 2371 err = 0; 2372 goto done; 2373 } 2374 /* else, add a new source to the filter */ 2375 2376 if (psl && psl->sl_count >= net->ipv4.sysctl_igmp_max_msf) { 2377 err = -ENOBUFS; 2378 goto done; 2379 } 2380 if (!psl || psl->sl_count == psl->sl_max) { 2381 struct ip_sf_socklist *newpsl; 2382 int count = IP_SFBLOCK; 2383 2384 if (psl) 2385 count += psl->sl_max; 2386 newpsl = sock_kmalloc(sk, IP_SFLSIZE(count), GFP_KERNEL); 2387 if (!newpsl) { 2388 err = -ENOBUFS; 2389 goto done; 2390 } 2391 newpsl->sl_max = count; 2392 newpsl->sl_count = count - IP_SFBLOCK; 2393 if (psl) { 2394 for (i = 0; i < psl->sl_count; i++) 2395 newpsl->sl_addr[i] = psl->sl_addr[i]; 2396 /* decrease mem now to avoid the memleak warning */ 2397 atomic_sub(IP_SFLSIZE(psl->sl_max), &sk->sk_omem_alloc); 2398 kfree_rcu(psl, rcu); 2399 } 2400 rcu_assign_pointer(pmc->sflist, newpsl); 2401 psl = newpsl; 2402 } 2403 rv = 1; /* > 0 for insert logic below if sl_count is 0 */ 2404 for (i = 0; i < psl->sl_count; i++) { 2405 rv = memcmp(&psl->sl_addr[i], &mreqs->imr_sourceaddr, 2406 sizeof(__be32)); 2407 if (rv == 0) 2408 break; 2409 } 2410 if (rv == 0) /* address already there is an error */ 2411 goto done; 2412 for (j = psl->sl_count-1; j >= i; j--) 2413 psl->sl_addr[j+1] = psl->sl_addr[j]; 2414 psl->sl_addr[i] = mreqs->imr_sourceaddr; 2415 psl->sl_count++; 2416 err = 0; 2417 /* update the interface list */ 2418 ip_mc_add_src(in_dev, &mreqs->imr_multiaddr, omode, 1, 2419 &mreqs->imr_sourceaddr, 1); 2420 done: 2421 if (leavegroup) 2422 err = ip_mc_leave_group(sk, &imr); 2423 return err; 2424 } 2425 2426 int ip_mc_msfilter(struct sock *sk, struct ip_msfilter *msf, int ifindex) 2427 { 2428 int err = 0; 2429 struct ip_mreqn imr; 2430 __be32 addr = msf->imsf_multiaddr; 2431 struct ip_mc_socklist *pmc; 2432 struct in_device *in_dev; 2433 struct inet_sock *inet = inet_sk(sk); 2434 struct ip_sf_socklist *newpsl, *psl; 2435 struct net *net = sock_net(sk); 2436 int leavegroup = 0; 2437 2438 if (!ipv4_is_multicast(addr)) 2439 return -EINVAL; 2440 if (msf->imsf_fmode != MCAST_INCLUDE && 2441 msf->imsf_fmode != MCAST_EXCLUDE) 2442 return -EINVAL; 2443 2444 ASSERT_RTNL(); 2445 2446 imr.imr_multiaddr.s_addr = msf->imsf_multiaddr; 2447 imr.imr_address.s_addr = msf->imsf_interface; 2448 imr.imr_ifindex = ifindex; 2449 in_dev = ip_mc_find_dev(net, &imr); 2450 2451 if (!in_dev) { 2452 err = -ENODEV; 2453 goto done; 2454 } 2455 2456 /* special case - (INCLUDE, empty) == LEAVE_GROUP */ 2457 if (msf->imsf_fmode == MCAST_INCLUDE && msf->imsf_numsrc == 0) { 2458 leavegroup = 1; 2459 goto done; 2460 } 2461 2462 for_each_pmc_rtnl(inet, pmc) { 2463 if (pmc->multi.imr_multiaddr.s_addr == msf->imsf_multiaddr && 2464 pmc->multi.imr_ifindex == imr.imr_ifindex) 2465 break; 2466 } 2467 if (!pmc) { /* must have a prior join */ 2468 err = -EINVAL; 2469 goto done; 2470 } 2471 if (msf->imsf_numsrc) { 2472 newpsl = sock_kmalloc(sk, IP_SFLSIZE(msf->imsf_numsrc), 2473 GFP_KERNEL); 2474 if (!newpsl) { 2475 err = -ENOBUFS; 2476 goto done; 2477 } 2478 newpsl->sl_max = newpsl->sl_count = msf->imsf_numsrc; 2479 memcpy(newpsl->sl_addr, msf->imsf_slist, 2480 msf->imsf_numsrc * sizeof(msf->imsf_slist[0])); 2481 err = ip_mc_add_src(in_dev, &msf->imsf_multiaddr, 2482 msf->imsf_fmode, newpsl->sl_count, newpsl->sl_addr, 0); 2483 if (err) { 2484 sock_kfree_s(sk, newpsl, IP_SFLSIZE(newpsl->sl_max)); 2485 goto done; 2486 } 2487 } else { 2488 newpsl = NULL; 2489 (void) ip_mc_add_src(in_dev, &msf->imsf_multiaddr, 2490 msf->imsf_fmode, 0, NULL, 0); 2491 } 2492 psl = rtnl_dereference(pmc->sflist); 2493 if (psl) { 2494 (void) ip_mc_del_src(in_dev, &msf->imsf_multiaddr, pmc->sfmode, 2495 psl->sl_count, psl->sl_addr, 0); 2496 /* decrease mem now to avoid the memleak warning */ 2497 atomic_sub(IP_SFLSIZE(psl->sl_max), &sk->sk_omem_alloc); 2498 kfree_rcu(psl, rcu); 2499 } else 2500 (void) ip_mc_del_src(in_dev, &msf->imsf_multiaddr, pmc->sfmode, 2501 0, NULL, 0); 2502 rcu_assign_pointer(pmc->sflist, newpsl); 2503 pmc->sfmode = msf->imsf_fmode; 2504 err = 0; 2505 done: 2506 if (leavegroup) 2507 err = ip_mc_leave_group(sk, &imr); 2508 return err; 2509 } 2510 2511 int ip_mc_msfget(struct sock *sk, struct ip_msfilter *msf, 2512 struct ip_msfilter __user *optval, int __user *optlen) 2513 { 2514 int err, len, count, copycount; 2515 struct ip_mreqn imr; 2516 __be32 addr = msf->imsf_multiaddr; 2517 struct ip_mc_socklist *pmc; 2518 struct in_device *in_dev; 2519 struct inet_sock *inet = inet_sk(sk); 2520 struct ip_sf_socklist *psl; 2521 struct net *net = sock_net(sk); 2522 2523 ASSERT_RTNL(); 2524 2525 if (!ipv4_is_multicast(addr)) 2526 return -EINVAL; 2527 2528 imr.imr_multiaddr.s_addr = msf->imsf_multiaddr; 2529 imr.imr_address.s_addr = msf->imsf_interface; 2530 imr.imr_ifindex = 0; 2531 in_dev = ip_mc_find_dev(net, &imr); 2532 2533 if (!in_dev) { 2534 err = -ENODEV; 2535 goto done; 2536 } 2537 err = -EADDRNOTAVAIL; 2538 2539 for_each_pmc_rtnl(inet, pmc) { 2540 if (pmc->multi.imr_multiaddr.s_addr == msf->imsf_multiaddr && 2541 pmc->multi.imr_ifindex == imr.imr_ifindex) 2542 break; 2543 } 2544 if (!pmc) /* must have a prior join */ 2545 goto done; 2546 msf->imsf_fmode = pmc->sfmode; 2547 psl = rtnl_dereference(pmc->sflist); 2548 if (!psl) { 2549 len = 0; 2550 count = 0; 2551 } else { 2552 count = psl->sl_count; 2553 } 2554 copycount = count < msf->imsf_numsrc ? count : msf->imsf_numsrc; 2555 len = copycount * sizeof(psl->sl_addr[0]); 2556 msf->imsf_numsrc = count; 2557 if (put_user(IP_MSFILTER_SIZE(copycount), optlen) || 2558 copy_to_user(optval, msf, IP_MSFILTER_SIZE(0))) { 2559 return -EFAULT; 2560 } 2561 if (len && 2562 copy_to_user(&optval->imsf_slist[0], psl->sl_addr, len)) 2563 return -EFAULT; 2564 return 0; 2565 done: 2566 return err; 2567 } 2568 2569 int ip_mc_gsfget(struct sock *sk, struct group_filter *gsf, 2570 struct group_filter __user *optval, int __user *optlen) 2571 { 2572 int err, i, count, copycount; 2573 struct sockaddr_in *psin; 2574 __be32 addr; 2575 struct ip_mc_socklist *pmc; 2576 struct inet_sock *inet = inet_sk(sk); 2577 struct ip_sf_socklist *psl; 2578 2579 ASSERT_RTNL(); 2580 2581 psin = (struct sockaddr_in *)&gsf->gf_group; 2582 if (psin->sin_family != AF_INET) 2583 return -EINVAL; 2584 addr = psin->sin_addr.s_addr; 2585 if (!ipv4_is_multicast(addr)) 2586 return -EINVAL; 2587 2588 err = -EADDRNOTAVAIL; 2589 2590 for_each_pmc_rtnl(inet, pmc) { 2591 if (pmc->multi.imr_multiaddr.s_addr == addr && 2592 pmc->multi.imr_ifindex == gsf->gf_interface) 2593 break; 2594 } 2595 if (!pmc) /* must have a prior join */ 2596 goto done; 2597 gsf->gf_fmode = pmc->sfmode; 2598 psl = rtnl_dereference(pmc->sflist); 2599 count = psl ? psl->sl_count : 0; 2600 copycount = count < gsf->gf_numsrc ? count : gsf->gf_numsrc; 2601 gsf->gf_numsrc = count; 2602 if (put_user(GROUP_FILTER_SIZE(copycount), optlen) || 2603 copy_to_user(optval, gsf, GROUP_FILTER_SIZE(0))) { 2604 return -EFAULT; 2605 } 2606 for (i = 0; i < copycount; i++) { 2607 struct sockaddr_storage ss; 2608 2609 psin = (struct sockaddr_in *)&ss; 2610 memset(&ss, 0, sizeof(ss)); 2611 psin->sin_family = AF_INET; 2612 psin->sin_addr.s_addr = psl->sl_addr[i]; 2613 if (copy_to_user(&optval->gf_slist[i], &ss, sizeof(ss))) 2614 return -EFAULT; 2615 } 2616 return 0; 2617 done: 2618 return err; 2619 } 2620 2621 /* 2622 * check if a multicast source filter allows delivery for a given <src,dst,intf> 2623 */ 2624 int ip_mc_sf_allow(struct sock *sk, __be32 loc_addr, __be32 rmt_addr, 2625 int dif, int sdif) 2626 { 2627 struct inet_sock *inet = inet_sk(sk); 2628 struct ip_mc_socklist *pmc; 2629 struct ip_sf_socklist *psl; 2630 int i; 2631 int ret; 2632 2633 ret = 1; 2634 if (!ipv4_is_multicast(loc_addr)) 2635 goto out; 2636 2637 rcu_read_lock(); 2638 for_each_pmc_rcu(inet, pmc) { 2639 if (pmc->multi.imr_multiaddr.s_addr == loc_addr && 2640 (pmc->multi.imr_ifindex == dif || 2641 (sdif && pmc->multi.imr_ifindex == sdif))) 2642 break; 2643 } 2644 ret = inet->mc_all; 2645 if (!pmc) 2646 goto unlock; 2647 psl = rcu_dereference(pmc->sflist); 2648 ret = (pmc->sfmode == MCAST_EXCLUDE); 2649 if (!psl) 2650 goto unlock; 2651 2652 for (i = 0; i < psl->sl_count; i++) { 2653 if (psl->sl_addr[i] == rmt_addr) 2654 break; 2655 } 2656 ret = 0; 2657 if (pmc->sfmode == MCAST_INCLUDE && i >= psl->sl_count) 2658 goto unlock; 2659 if (pmc->sfmode == MCAST_EXCLUDE && i < psl->sl_count) 2660 goto unlock; 2661 ret = 1; 2662 unlock: 2663 rcu_read_unlock(); 2664 out: 2665 return ret; 2666 } 2667 2668 /* 2669 * A socket is closing. 2670 */ 2671 2672 void ip_mc_drop_socket(struct sock *sk) 2673 { 2674 struct inet_sock *inet = inet_sk(sk); 2675 struct ip_mc_socklist *iml; 2676 struct net *net = sock_net(sk); 2677 2678 if (!inet->mc_list) 2679 return; 2680 2681 rtnl_lock(); 2682 while ((iml = rtnl_dereference(inet->mc_list)) != NULL) { 2683 struct in_device *in_dev; 2684 2685 inet->mc_list = iml->next_rcu; 2686 in_dev = inetdev_by_index(net, iml->multi.imr_ifindex); 2687 (void) ip_mc_leave_src(sk, iml, in_dev); 2688 if (in_dev) 2689 ip_mc_dec_group(in_dev, iml->multi.imr_multiaddr.s_addr); 2690 /* decrease mem now to avoid the memleak warning */ 2691 atomic_sub(sizeof(*iml), &sk->sk_omem_alloc); 2692 kfree_rcu(iml, rcu); 2693 } 2694 rtnl_unlock(); 2695 } 2696 2697 /* called with rcu_read_lock() */ 2698 int ip_check_mc_rcu(struct in_device *in_dev, __be32 mc_addr, __be32 src_addr, u8 proto) 2699 { 2700 struct ip_mc_list *im; 2701 struct ip_mc_list __rcu **mc_hash; 2702 struct ip_sf_list *psf; 2703 int rv = 0; 2704 2705 mc_hash = rcu_dereference(in_dev->mc_hash); 2706 if (mc_hash) { 2707 u32 hash = hash_32((__force u32)mc_addr, MC_HASH_SZ_LOG); 2708 2709 for (im = rcu_dereference(mc_hash[hash]); 2710 im != NULL; 2711 im = rcu_dereference(im->next_hash)) { 2712 if (im->multiaddr == mc_addr) 2713 break; 2714 } 2715 } else { 2716 for_each_pmc_rcu(in_dev, im) { 2717 if (im->multiaddr == mc_addr) 2718 break; 2719 } 2720 } 2721 if (im && proto == IPPROTO_IGMP) { 2722 rv = 1; 2723 } else if (im) { 2724 if (src_addr) { 2725 for (psf = im->sources; psf; psf = psf->sf_next) { 2726 if (psf->sf_inaddr == src_addr) 2727 break; 2728 } 2729 if (psf) 2730 rv = psf->sf_count[MCAST_INCLUDE] || 2731 psf->sf_count[MCAST_EXCLUDE] != 2732 im->sfcount[MCAST_EXCLUDE]; 2733 else 2734 rv = im->sfcount[MCAST_EXCLUDE] != 0; 2735 } else 2736 rv = 1; /* unspecified source; tentatively allow */ 2737 } 2738 return rv; 2739 } 2740 2741 #if defined(CONFIG_PROC_FS) 2742 struct igmp_mc_iter_state { 2743 struct seq_net_private p; 2744 struct net_device *dev; 2745 struct in_device *in_dev; 2746 }; 2747 2748 #define igmp_mc_seq_private(seq) ((struct igmp_mc_iter_state *)(seq)->private) 2749 2750 static inline struct ip_mc_list *igmp_mc_get_first(struct seq_file *seq) 2751 { 2752 struct net *net = seq_file_net(seq); 2753 struct ip_mc_list *im = NULL; 2754 struct igmp_mc_iter_state *state = igmp_mc_seq_private(seq); 2755 2756 state->in_dev = NULL; 2757 for_each_netdev_rcu(net, state->dev) { 2758 struct in_device *in_dev; 2759 2760 in_dev = __in_dev_get_rcu(state->dev); 2761 if (!in_dev) 2762 continue; 2763 im = rcu_dereference(in_dev->mc_list); 2764 if (im) { 2765 state->in_dev = in_dev; 2766 break; 2767 } 2768 } 2769 return im; 2770 } 2771 2772 static struct ip_mc_list *igmp_mc_get_next(struct seq_file *seq, struct ip_mc_list *im) 2773 { 2774 struct igmp_mc_iter_state *state = igmp_mc_seq_private(seq); 2775 2776 im = rcu_dereference(im->next_rcu); 2777 while (!im) { 2778 state->dev = next_net_device_rcu(state->dev); 2779 if (!state->dev) { 2780 state->in_dev = NULL; 2781 break; 2782 } 2783 state->in_dev = __in_dev_get_rcu(state->dev); 2784 if (!state->in_dev) 2785 continue; 2786 im = rcu_dereference(state->in_dev->mc_list); 2787 } 2788 return im; 2789 } 2790 2791 static struct ip_mc_list *igmp_mc_get_idx(struct seq_file *seq, loff_t pos) 2792 { 2793 struct ip_mc_list *im = igmp_mc_get_first(seq); 2794 if (im) 2795 while (pos && (im = igmp_mc_get_next(seq, im)) != NULL) 2796 --pos; 2797 return pos ? NULL : im; 2798 } 2799 2800 static void *igmp_mc_seq_start(struct seq_file *seq, loff_t *pos) 2801 __acquires(rcu) 2802 { 2803 rcu_read_lock(); 2804 return *pos ? igmp_mc_get_idx(seq, *pos - 1) : SEQ_START_TOKEN; 2805 } 2806 2807 static void *igmp_mc_seq_next(struct seq_file *seq, void *v, loff_t *pos) 2808 { 2809 struct ip_mc_list *im; 2810 if (v == SEQ_START_TOKEN) 2811 im = igmp_mc_get_first(seq); 2812 else 2813 im = igmp_mc_get_next(seq, v); 2814 ++*pos; 2815 return im; 2816 } 2817 2818 static void igmp_mc_seq_stop(struct seq_file *seq, void *v) 2819 __releases(rcu) 2820 { 2821 struct igmp_mc_iter_state *state = igmp_mc_seq_private(seq); 2822 2823 state->in_dev = NULL; 2824 state->dev = NULL; 2825 rcu_read_unlock(); 2826 } 2827 2828 static int igmp_mc_seq_show(struct seq_file *seq, void *v) 2829 { 2830 if (v == SEQ_START_TOKEN) 2831 seq_puts(seq, 2832 "Idx\tDevice : Count Querier\tGroup Users Timer\tReporter\n"); 2833 else { 2834 struct ip_mc_list *im = (struct ip_mc_list *)v; 2835 struct igmp_mc_iter_state *state = igmp_mc_seq_private(seq); 2836 char *querier; 2837 long delta; 2838 2839 #ifdef CONFIG_IP_MULTICAST 2840 querier = IGMP_V1_SEEN(state->in_dev) ? "V1" : 2841 IGMP_V2_SEEN(state->in_dev) ? "V2" : 2842 "V3"; 2843 #else 2844 querier = "NONE"; 2845 #endif 2846 2847 if (rcu_access_pointer(state->in_dev->mc_list) == im) { 2848 seq_printf(seq, "%d\t%-10s: %5d %7s\n", 2849 state->dev->ifindex, state->dev->name, state->in_dev->mc_count, querier); 2850 } 2851 2852 delta = im->timer.expires - jiffies; 2853 seq_printf(seq, 2854 "\t\t\t\t%08X %5d %d:%08lX\t\t%d\n", 2855 im->multiaddr, im->users, 2856 im->tm_running, 2857 im->tm_running ? jiffies_delta_to_clock_t(delta) : 0, 2858 im->reporter); 2859 } 2860 return 0; 2861 } 2862 2863 static const struct seq_operations igmp_mc_seq_ops = { 2864 .start = igmp_mc_seq_start, 2865 .next = igmp_mc_seq_next, 2866 .stop = igmp_mc_seq_stop, 2867 .show = igmp_mc_seq_show, 2868 }; 2869 2870 struct igmp_mcf_iter_state { 2871 struct seq_net_private p; 2872 struct net_device *dev; 2873 struct in_device *idev; 2874 struct ip_mc_list *im; 2875 }; 2876 2877 #define igmp_mcf_seq_private(seq) ((struct igmp_mcf_iter_state *)(seq)->private) 2878 2879 static inline struct ip_sf_list *igmp_mcf_get_first(struct seq_file *seq) 2880 { 2881 struct net *net = seq_file_net(seq); 2882 struct ip_sf_list *psf = NULL; 2883 struct ip_mc_list *im = NULL; 2884 struct igmp_mcf_iter_state *state = igmp_mcf_seq_private(seq); 2885 2886 state->idev = NULL; 2887 state->im = NULL; 2888 for_each_netdev_rcu(net, state->dev) { 2889 struct in_device *idev; 2890 idev = __in_dev_get_rcu(state->dev); 2891 if (unlikely(!idev)) 2892 continue; 2893 im = rcu_dereference(idev->mc_list); 2894 if (likely(im)) { 2895 spin_lock_bh(&im->lock); 2896 psf = im->sources; 2897 if (likely(psf)) { 2898 state->im = im; 2899 state->idev = idev; 2900 break; 2901 } 2902 spin_unlock_bh(&im->lock); 2903 } 2904 } 2905 return psf; 2906 } 2907 2908 static struct ip_sf_list *igmp_mcf_get_next(struct seq_file *seq, struct ip_sf_list *psf) 2909 { 2910 struct igmp_mcf_iter_state *state = igmp_mcf_seq_private(seq); 2911 2912 psf = psf->sf_next; 2913 while (!psf) { 2914 spin_unlock_bh(&state->im->lock); 2915 state->im = state->im->next; 2916 while (!state->im) { 2917 state->dev = next_net_device_rcu(state->dev); 2918 if (!state->dev) { 2919 state->idev = NULL; 2920 goto out; 2921 } 2922 state->idev = __in_dev_get_rcu(state->dev); 2923 if (!state->idev) 2924 continue; 2925 state->im = rcu_dereference(state->idev->mc_list); 2926 } 2927 if (!state->im) 2928 break; 2929 spin_lock_bh(&state->im->lock); 2930 psf = state->im->sources; 2931 } 2932 out: 2933 return psf; 2934 } 2935 2936 static struct ip_sf_list *igmp_mcf_get_idx(struct seq_file *seq, loff_t pos) 2937 { 2938 struct ip_sf_list *psf = igmp_mcf_get_first(seq); 2939 if (psf) 2940 while (pos && (psf = igmp_mcf_get_next(seq, psf)) != NULL) 2941 --pos; 2942 return pos ? NULL : psf; 2943 } 2944 2945 static void *igmp_mcf_seq_start(struct seq_file *seq, loff_t *pos) 2946 __acquires(rcu) 2947 { 2948 rcu_read_lock(); 2949 return *pos ? igmp_mcf_get_idx(seq, *pos - 1) : SEQ_START_TOKEN; 2950 } 2951 2952 static void *igmp_mcf_seq_next(struct seq_file *seq, void *v, loff_t *pos) 2953 { 2954 struct ip_sf_list *psf; 2955 if (v == SEQ_START_TOKEN) 2956 psf = igmp_mcf_get_first(seq); 2957 else 2958 psf = igmp_mcf_get_next(seq, v); 2959 ++*pos; 2960 return psf; 2961 } 2962 2963 static void igmp_mcf_seq_stop(struct seq_file *seq, void *v) 2964 __releases(rcu) 2965 { 2966 struct igmp_mcf_iter_state *state = igmp_mcf_seq_private(seq); 2967 if (likely(state->im)) { 2968 spin_unlock_bh(&state->im->lock); 2969 state->im = NULL; 2970 } 2971 state->idev = NULL; 2972 state->dev = NULL; 2973 rcu_read_unlock(); 2974 } 2975 2976 static int igmp_mcf_seq_show(struct seq_file *seq, void *v) 2977 { 2978 struct ip_sf_list *psf = (struct ip_sf_list *)v; 2979 struct igmp_mcf_iter_state *state = igmp_mcf_seq_private(seq); 2980 2981 if (v == SEQ_START_TOKEN) { 2982 seq_puts(seq, "Idx Device MCA SRC INC EXC\n"); 2983 } else { 2984 seq_printf(seq, 2985 "%3d %6.6s 0x%08x " 2986 "0x%08x %6lu %6lu\n", 2987 state->dev->ifindex, state->dev->name, 2988 ntohl(state->im->multiaddr), 2989 ntohl(psf->sf_inaddr), 2990 psf->sf_count[MCAST_INCLUDE], 2991 psf->sf_count[MCAST_EXCLUDE]); 2992 } 2993 return 0; 2994 } 2995 2996 static const struct seq_operations igmp_mcf_seq_ops = { 2997 .start = igmp_mcf_seq_start, 2998 .next = igmp_mcf_seq_next, 2999 .stop = igmp_mcf_seq_stop, 3000 .show = igmp_mcf_seq_show, 3001 }; 3002 3003 static int __net_init igmp_net_init(struct net *net) 3004 { 3005 struct proc_dir_entry *pde; 3006 int err; 3007 3008 pde = proc_create_net("igmp", 0444, net->proc_net, &igmp_mc_seq_ops, 3009 sizeof(struct igmp_mc_iter_state)); 3010 if (!pde) 3011 goto out_igmp; 3012 pde = proc_create_net("mcfilter", 0444, net->proc_net, 3013 &igmp_mcf_seq_ops, sizeof(struct igmp_mcf_iter_state)); 3014 if (!pde) 3015 goto out_mcfilter; 3016 err = inet_ctl_sock_create(&net->ipv4.mc_autojoin_sk, AF_INET, 3017 SOCK_DGRAM, 0, net); 3018 if (err < 0) { 3019 pr_err("Failed to initialize the IGMP autojoin socket (err %d)\n", 3020 err); 3021 goto out_sock; 3022 } 3023 3024 return 0; 3025 3026 out_sock: 3027 remove_proc_entry("mcfilter", net->proc_net); 3028 out_mcfilter: 3029 remove_proc_entry("igmp", net->proc_net); 3030 out_igmp: 3031 return -ENOMEM; 3032 } 3033 3034 static void __net_exit igmp_net_exit(struct net *net) 3035 { 3036 remove_proc_entry("mcfilter", net->proc_net); 3037 remove_proc_entry("igmp", net->proc_net); 3038 inet_ctl_sock_destroy(net->ipv4.mc_autojoin_sk); 3039 } 3040 3041 static struct pernet_operations igmp_net_ops = { 3042 .init = igmp_net_init, 3043 .exit = igmp_net_exit, 3044 }; 3045 #endif 3046 3047 static int igmp_netdev_event(struct notifier_block *this, 3048 unsigned long event, void *ptr) 3049 { 3050 struct net_device *dev = netdev_notifier_info_to_dev(ptr); 3051 struct in_device *in_dev; 3052 3053 switch (event) { 3054 case NETDEV_RESEND_IGMP: 3055 in_dev = __in_dev_get_rtnl(dev); 3056 if (in_dev) 3057 ip_mc_rejoin_groups(in_dev); 3058 break; 3059 default: 3060 break; 3061 } 3062 return NOTIFY_DONE; 3063 } 3064 3065 static struct notifier_block igmp_notifier = { 3066 .notifier_call = igmp_netdev_event, 3067 }; 3068 3069 int __init igmp_mc_init(void) 3070 { 3071 #if defined(CONFIG_PROC_FS) 3072 int err; 3073 3074 err = register_pernet_subsys(&igmp_net_ops); 3075 if (err) 3076 return err; 3077 err = register_netdevice_notifier(&igmp_notifier); 3078 if (err) 3079 goto reg_notif_fail; 3080 return 0; 3081 3082 reg_notif_fail: 3083 unregister_pernet_subsys(&igmp_net_ops); 3084 return err; 3085 #else 3086 return register_netdevice_notifier(&igmp_notifier); 3087 #endif 3088 } 3089