xref: /openbmc/linux/net/ipv6/ip6mr.c (revision 0bea2a65)
1 /*
2  *	Linux IPv6 multicast routing support for BSD pim6sd
3  *	Based on net/ipv4/ipmr.c.
4  *
5  *	(c) 2004 Mickael Hoerdt, <hoerdt@clarinet.u-strasbg.fr>
6  *		LSIIT Laboratory, Strasbourg, France
7  *	(c) 2004 Jean-Philippe Andriot, <jean-philippe.andriot@6WIND.com>
8  *		6WIND, Paris, France
9  *	Copyright (C)2007,2008 USAGI/WIDE Project
10  *		YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
11  *
12  *	This program is free software; you can redistribute it and/or
13  *	modify it under the terms of the GNU General Public License
14  *	as published by the Free Software Foundation; either version
15  *	2 of the License, or (at your option) any later version.
16  *
17  */
18 
19 #include <linux/uaccess.h>
20 #include <linux/types.h>
21 #include <linux/sched.h>
22 #include <linux/errno.h>
23 #include <linux/timer.h>
24 #include <linux/mm.h>
25 #include <linux/kernel.h>
26 #include <linux/fcntl.h>
27 #include <linux/stat.h>
28 #include <linux/socket.h>
29 #include <linux/inet.h>
30 #include <linux/netdevice.h>
31 #include <linux/inetdevice.h>
32 #include <linux/proc_fs.h>
33 #include <linux/seq_file.h>
34 #include <linux/init.h>
35 #include <linux/slab.h>
36 #include <linux/compat.h>
37 #include <net/protocol.h>
38 #include <linux/skbuff.h>
39 #include <net/sock.h>
40 #include <net/raw.h>
41 #include <linux/notifier.h>
42 #include <linux/if_arp.h>
43 #include <net/checksum.h>
44 #include <net/netlink.h>
45 #include <net/fib_rules.h>
46 
47 #include <net/ipv6.h>
48 #include <net/ip6_route.h>
49 #include <linux/mroute6.h>
50 #include <linux/pim.h>
51 #include <net/addrconf.h>
52 #include <linux/netfilter_ipv6.h>
53 #include <linux/export.h>
54 #include <net/ip6_checksum.h>
55 #include <linux/netconf.h>
56 
57 struct mr6_table {
58 	struct list_head	list;
59 	possible_net_t		net;
60 	u32			id;
61 	struct sock		*mroute6_sk;
62 	struct timer_list	ipmr_expire_timer;
63 	struct list_head	mfc6_unres_queue;
64 	struct list_head	mfc6_cache_array[MFC6_LINES];
65 	struct mif_device	vif6_table[MAXMIFS];
66 	int			maxvif;
67 	atomic_t		cache_resolve_queue_len;
68 	bool			mroute_do_assert;
69 	bool			mroute_do_pim;
70 #ifdef CONFIG_IPV6_PIMSM_V2
71 	int			mroute_reg_vif_num;
72 #endif
73 };
74 
75 struct ip6mr_rule {
76 	struct fib_rule		common;
77 };
78 
79 struct ip6mr_result {
80 	struct mr6_table	*mrt;
81 };
82 
83 /* Big lock, protecting vif table, mrt cache and mroute socket state.
84    Note that the changes are semaphored via rtnl_lock.
85  */
86 
87 static DEFINE_RWLOCK(mrt_lock);
88 
89 /*
90  *	Multicast router control variables
91  */
92 
93 #define MIF_EXISTS(_mrt, _idx) ((_mrt)->vif6_table[_idx].dev != NULL)
94 
95 /* Special spinlock for queue of unresolved entries */
96 static DEFINE_SPINLOCK(mfc_unres_lock);
97 
98 /* We return to original Alan's scheme. Hash table of resolved
99    entries is changed only in process context and protected
100    with weak lock mrt_lock. Queue of unresolved entries is protected
101    with strong spinlock mfc_unres_lock.
102 
103    In this case data path is free of exclusive locks at all.
104  */
105 
106 static struct kmem_cache *mrt_cachep __read_mostly;
107 
108 static struct mr6_table *ip6mr_new_table(struct net *net, u32 id);
109 static void ip6mr_free_table(struct mr6_table *mrt);
110 
111 static void ip6_mr_forward(struct net *net, struct mr6_table *mrt,
112 			   struct sk_buff *skb, struct mfc6_cache *cache);
113 static int ip6mr_cache_report(struct mr6_table *mrt, struct sk_buff *pkt,
114 			      mifi_t mifi, int assert);
115 static int __ip6mr_fill_mroute(struct mr6_table *mrt, struct sk_buff *skb,
116 			       struct mfc6_cache *c, struct rtmsg *rtm);
117 static void mr6_netlink_event(struct mr6_table *mrt, struct mfc6_cache *mfc,
118 			      int cmd);
119 static void mrt6msg_netlink_event(struct mr6_table *mrt, struct sk_buff *pkt);
120 static int ip6mr_rtm_dumproute(struct sk_buff *skb,
121 			       struct netlink_callback *cb);
122 static void mroute_clean_tables(struct mr6_table *mrt, bool all);
123 static void ipmr_expire_process(struct timer_list *t);
124 
125 #ifdef CONFIG_IPV6_MROUTE_MULTIPLE_TABLES
126 #define ip6mr_for_each_table(mrt, net) \
127 	list_for_each_entry_rcu(mrt, &net->ipv6.mr6_tables, list)
128 
129 static struct mr6_table *ip6mr_get_table(struct net *net, u32 id)
130 {
131 	struct mr6_table *mrt;
132 
133 	ip6mr_for_each_table(mrt, net) {
134 		if (mrt->id == id)
135 			return mrt;
136 	}
137 	return NULL;
138 }
139 
140 static int ip6mr_fib_lookup(struct net *net, struct flowi6 *flp6,
141 			    struct mr6_table **mrt)
142 {
143 	int err;
144 	struct ip6mr_result res;
145 	struct fib_lookup_arg arg = {
146 		.result = &res,
147 		.flags = FIB_LOOKUP_NOREF,
148 	};
149 
150 	err = fib_rules_lookup(net->ipv6.mr6_rules_ops,
151 			       flowi6_to_flowi(flp6), 0, &arg);
152 	if (err < 0)
153 		return err;
154 	*mrt = res.mrt;
155 	return 0;
156 }
157 
158 static int ip6mr_rule_action(struct fib_rule *rule, struct flowi *flp,
159 			     int flags, struct fib_lookup_arg *arg)
160 {
161 	struct ip6mr_result *res = arg->result;
162 	struct mr6_table *mrt;
163 
164 	switch (rule->action) {
165 	case FR_ACT_TO_TBL:
166 		break;
167 	case FR_ACT_UNREACHABLE:
168 		return -ENETUNREACH;
169 	case FR_ACT_PROHIBIT:
170 		return -EACCES;
171 	case FR_ACT_BLACKHOLE:
172 	default:
173 		return -EINVAL;
174 	}
175 
176 	mrt = ip6mr_get_table(rule->fr_net, rule->table);
177 	if (!mrt)
178 		return -EAGAIN;
179 	res->mrt = mrt;
180 	return 0;
181 }
182 
183 static int ip6mr_rule_match(struct fib_rule *rule, struct flowi *flp, int flags)
184 {
185 	return 1;
186 }
187 
188 static const struct nla_policy ip6mr_rule_policy[FRA_MAX + 1] = {
189 	FRA_GENERIC_POLICY,
190 };
191 
192 static int ip6mr_rule_configure(struct fib_rule *rule, struct sk_buff *skb,
193 				struct fib_rule_hdr *frh, struct nlattr **tb)
194 {
195 	return 0;
196 }
197 
198 static int ip6mr_rule_compare(struct fib_rule *rule, struct fib_rule_hdr *frh,
199 			      struct nlattr **tb)
200 {
201 	return 1;
202 }
203 
204 static int ip6mr_rule_fill(struct fib_rule *rule, struct sk_buff *skb,
205 			   struct fib_rule_hdr *frh)
206 {
207 	frh->dst_len = 0;
208 	frh->src_len = 0;
209 	frh->tos     = 0;
210 	return 0;
211 }
212 
213 static const struct fib_rules_ops __net_initconst ip6mr_rules_ops_template = {
214 	.family		= RTNL_FAMILY_IP6MR,
215 	.rule_size	= sizeof(struct ip6mr_rule),
216 	.addr_size	= sizeof(struct in6_addr),
217 	.action		= ip6mr_rule_action,
218 	.match		= ip6mr_rule_match,
219 	.configure	= ip6mr_rule_configure,
220 	.compare	= ip6mr_rule_compare,
221 	.fill		= ip6mr_rule_fill,
222 	.nlgroup	= RTNLGRP_IPV6_RULE,
223 	.policy		= ip6mr_rule_policy,
224 	.owner		= THIS_MODULE,
225 };
226 
227 static int __net_init ip6mr_rules_init(struct net *net)
228 {
229 	struct fib_rules_ops *ops;
230 	struct mr6_table *mrt;
231 	int err;
232 
233 	ops = fib_rules_register(&ip6mr_rules_ops_template, net);
234 	if (IS_ERR(ops))
235 		return PTR_ERR(ops);
236 
237 	INIT_LIST_HEAD(&net->ipv6.mr6_tables);
238 
239 	mrt = ip6mr_new_table(net, RT6_TABLE_DFLT);
240 	if (!mrt) {
241 		err = -ENOMEM;
242 		goto err1;
243 	}
244 
245 	err = fib_default_rule_add(ops, 0x7fff, RT6_TABLE_DFLT, 0);
246 	if (err < 0)
247 		goto err2;
248 
249 	net->ipv6.mr6_rules_ops = ops;
250 	return 0;
251 
252 err2:
253 	ip6mr_free_table(mrt);
254 err1:
255 	fib_rules_unregister(ops);
256 	return err;
257 }
258 
259 static void __net_exit ip6mr_rules_exit(struct net *net)
260 {
261 	struct mr6_table *mrt, *next;
262 
263 	rtnl_lock();
264 	list_for_each_entry_safe(mrt, next, &net->ipv6.mr6_tables, list) {
265 		list_del(&mrt->list);
266 		ip6mr_free_table(mrt);
267 	}
268 	fib_rules_unregister(net->ipv6.mr6_rules_ops);
269 	rtnl_unlock();
270 }
271 #else
272 #define ip6mr_for_each_table(mrt, net) \
273 	for (mrt = net->ipv6.mrt6; mrt; mrt = NULL)
274 
275 static struct mr6_table *ip6mr_get_table(struct net *net, u32 id)
276 {
277 	return net->ipv6.mrt6;
278 }
279 
280 static int ip6mr_fib_lookup(struct net *net, struct flowi6 *flp6,
281 			    struct mr6_table **mrt)
282 {
283 	*mrt = net->ipv6.mrt6;
284 	return 0;
285 }
286 
287 static int __net_init ip6mr_rules_init(struct net *net)
288 {
289 	net->ipv6.mrt6 = ip6mr_new_table(net, RT6_TABLE_DFLT);
290 	return net->ipv6.mrt6 ? 0 : -ENOMEM;
291 }
292 
293 static void __net_exit ip6mr_rules_exit(struct net *net)
294 {
295 	rtnl_lock();
296 	ip6mr_free_table(net->ipv6.mrt6);
297 	net->ipv6.mrt6 = NULL;
298 	rtnl_unlock();
299 }
300 #endif
301 
302 static struct mr6_table *ip6mr_new_table(struct net *net, u32 id)
303 {
304 	struct mr6_table *mrt;
305 	unsigned int i;
306 
307 	mrt = ip6mr_get_table(net, id);
308 	if (mrt)
309 		return mrt;
310 
311 	mrt = kzalloc(sizeof(*mrt), GFP_KERNEL);
312 	if (!mrt)
313 		return NULL;
314 	mrt->id = id;
315 	write_pnet(&mrt->net, net);
316 
317 	/* Forwarding cache */
318 	for (i = 0; i < MFC6_LINES; i++)
319 		INIT_LIST_HEAD(&mrt->mfc6_cache_array[i]);
320 
321 	INIT_LIST_HEAD(&mrt->mfc6_unres_queue);
322 
323 	timer_setup(&mrt->ipmr_expire_timer, ipmr_expire_process, 0);
324 
325 #ifdef CONFIG_IPV6_PIMSM_V2
326 	mrt->mroute_reg_vif_num = -1;
327 #endif
328 #ifdef CONFIG_IPV6_MROUTE_MULTIPLE_TABLES
329 	list_add_tail_rcu(&mrt->list, &net->ipv6.mr6_tables);
330 #endif
331 	return mrt;
332 }
333 
334 static void ip6mr_free_table(struct mr6_table *mrt)
335 {
336 	del_timer_sync(&mrt->ipmr_expire_timer);
337 	mroute_clean_tables(mrt, true);
338 	kfree(mrt);
339 }
340 
341 #ifdef CONFIG_PROC_FS
342 
343 struct ipmr_mfc_iter {
344 	struct seq_net_private p;
345 	struct mr6_table *mrt;
346 	struct list_head *cache;
347 	int ct;
348 };
349 
350 
351 static struct mfc6_cache *ipmr_mfc_seq_idx(struct net *net,
352 					   struct ipmr_mfc_iter *it, loff_t pos)
353 {
354 	struct mr6_table *mrt = it->mrt;
355 	struct mfc6_cache *mfc;
356 
357 	read_lock(&mrt_lock);
358 	for (it->ct = 0; it->ct < MFC6_LINES; it->ct++) {
359 		it->cache = &mrt->mfc6_cache_array[it->ct];
360 		list_for_each_entry(mfc, it->cache, list)
361 			if (pos-- == 0)
362 				return mfc;
363 	}
364 	read_unlock(&mrt_lock);
365 
366 	spin_lock_bh(&mfc_unres_lock);
367 	it->cache = &mrt->mfc6_unres_queue;
368 	list_for_each_entry(mfc, it->cache, list)
369 		if (pos-- == 0)
370 			return mfc;
371 	spin_unlock_bh(&mfc_unres_lock);
372 
373 	it->cache = NULL;
374 	return NULL;
375 }
376 
377 /*
378  *	The /proc interfaces to multicast routing /proc/ip6_mr_cache /proc/ip6_mr_vif
379  */
380 
381 struct ipmr_vif_iter {
382 	struct seq_net_private p;
383 	struct mr6_table *mrt;
384 	int ct;
385 };
386 
387 static struct mif_device *ip6mr_vif_seq_idx(struct net *net,
388 					    struct ipmr_vif_iter *iter,
389 					    loff_t pos)
390 {
391 	struct mr6_table *mrt = iter->mrt;
392 
393 	for (iter->ct = 0; iter->ct < mrt->maxvif; ++iter->ct) {
394 		if (!MIF_EXISTS(mrt, iter->ct))
395 			continue;
396 		if (pos-- == 0)
397 			return &mrt->vif6_table[iter->ct];
398 	}
399 	return NULL;
400 }
401 
402 static void *ip6mr_vif_seq_start(struct seq_file *seq, loff_t *pos)
403 	__acquires(mrt_lock)
404 {
405 	struct ipmr_vif_iter *iter = seq->private;
406 	struct net *net = seq_file_net(seq);
407 	struct mr6_table *mrt;
408 
409 	mrt = ip6mr_get_table(net, RT6_TABLE_DFLT);
410 	if (!mrt)
411 		return ERR_PTR(-ENOENT);
412 
413 	iter->mrt = mrt;
414 
415 	read_lock(&mrt_lock);
416 	return *pos ? ip6mr_vif_seq_idx(net, seq->private, *pos - 1)
417 		: SEQ_START_TOKEN;
418 }
419 
420 static void *ip6mr_vif_seq_next(struct seq_file *seq, void *v, loff_t *pos)
421 {
422 	struct ipmr_vif_iter *iter = seq->private;
423 	struct net *net = seq_file_net(seq);
424 	struct mr6_table *mrt = iter->mrt;
425 
426 	++*pos;
427 	if (v == SEQ_START_TOKEN)
428 		return ip6mr_vif_seq_idx(net, iter, 0);
429 
430 	while (++iter->ct < mrt->maxvif) {
431 		if (!MIF_EXISTS(mrt, iter->ct))
432 			continue;
433 		return &mrt->vif6_table[iter->ct];
434 	}
435 	return NULL;
436 }
437 
438 static void ip6mr_vif_seq_stop(struct seq_file *seq, void *v)
439 	__releases(mrt_lock)
440 {
441 	read_unlock(&mrt_lock);
442 }
443 
444 static int ip6mr_vif_seq_show(struct seq_file *seq, void *v)
445 {
446 	struct ipmr_vif_iter *iter = seq->private;
447 	struct mr6_table *mrt = iter->mrt;
448 
449 	if (v == SEQ_START_TOKEN) {
450 		seq_puts(seq,
451 			 "Interface      BytesIn  PktsIn  BytesOut PktsOut Flags\n");
452 	} else {
453 		const struct mif_device *vif = v;
454 		const char *name = vif->dev ? vif->dev->name : "none";
455 
456 		seq_printf(seq,
457 			   "%2td %-10s %8ld %7ld  %8ld %7ld %05X\n",
458 			   vif - mrt->vif6_table,
459 			   name, vif->bytes_in, vif->pkt_in,
460 			   vif->bytes_out, vif->pkt_out,
461 			   vif->flags);
462 	}
463 	return 0;
464 }
465 
466 static const struct seq_operations ip6mr_vif_seq_ops = {
467 	.start = ip6mr_vif_seq_start,
468 	.next  = ip6mr_vif_seq_next,
469 	.stop  = ip6mr_vif_seq_stop,
470 	.show  = ip6mr_vif_seq_show,
471 };
472 
473 static int ip6mr_vif_open(struct inode *inode, struct file *file)
474 {
475 	return seq_open_net(inode, file, &ip6mr_vif_seq_ops,
476 			    sizeof(struct ipmr_vif_iter));
477 }
478 
479 static const struct file_operations ip6mr_vif_fops = {
480 	.owner	 = THIS_MODULE,
481 	.open    = ip6mr_vif_open,
482 	.read    = seq_read,
483 	.llseek  = seq_lseek,
484 	.release = seq_release_net,
485 };
486 
487 static void *ipmr_mfc_seq_start(struct seq_file *seq, loff_t *pos)
488 {
489 	struct ipmr_mfc_iter *it = seq->private;
490 	struct net *net = seq_file_net(seq);
491 	struct mr6_table *mrt;
492 
493 	mrt = ip6mr_get_table(net, RT6_TABLE_DFLT);
494 	if (!mrt)
495 		return ERR_PTR(-ENOENT);
496 
497 	it->mrt = mrt;
498 	return *pos ? ipmr_mfc_seq_idx(net, seq->private, *pos - 1)
499 		: SEQ_START_TOKEN;
500 }
501 
502 static void *ipmr_mfc_seq_next(struct seq_file *seq, void *v, loff_t *pos)
503 {
504 	struct mfc6_cache *mfc = v;
505 	struct ipmr_mfc_iter *it = seq->private;
506 	struct net *net = seq_file_net(seq);
507 	struct mr6_table *mrt = it->mrt;
508 
509 	++*pos;
510 
511 	if (v == SEQ_START_TOKEN)
512 		return ipmr_mfc_seq_idx(net, seq->private, 0);
513 
514 	if (mfc->list.next != it->cache)
515 		return list_entry(mfc->list.next, struct mfc6_cache, list);
516 
517 	if (it->cache == &mrt->mfc6_unres_queue)
518 		goto end_of_list;
519 
520 	BUG_ON(it->cache != &mrt->mfc6_cache_array[it->ct]);
521 
522 	while (++it->ct < MFC6_LINES) {
523 		it->cache = &mrt->mfc6_cache_array[it->ct];
524 		if (list_empty(it->cache))
525 			continue;
526 		return list_first_entry(it->cache, struct mfc6_cache, list);
527 	}
528 
529 	/* exhausted cache_array, show unresolved */
530 	read_unlock(&mrt_lock);
531 	it->cache = &mrt->mfc6_unres_queue;
532 	it->ct = 0;
533 
534 	spin_lock_bh(&mfc_unres_lock);
535 	if (!list_empty(it->cache))
536 		return list_first_entry(it->cache, struct mfc6_cache, list);
537 
538  end_of_list:
539 	spin_unlock_bh(&mfc_unres_lock);
540 	it->cache = NULL;
541 
542 	return NULL;
543 }
544 
545 static void ipmr_mfc_seq_stop(struct seq_file *seq, void *v)
546 {
547 	struct ipmr_mfc_iter *it = seq->private;
548 	struct mr6_table *mrt = it->mrt;
549 
550 	if (it->cache == &mrt->mfc6_unres_queue)
551 		spin_unlock_bh(&mfc_unres_lock);
552 	else if (it->cache == &mrt->mfc6_cache_array[it->ct])
553 		read_unlock(&mrt_lock);
554 }
555 
556 static int ipmr_mfc_seq_show(struct seq_file *seq, void *v)
557 {
558 	int n;
559 
560 	if (v == SEQ_START_TOKEN) {
561 		seq_puts(seq,
562 			 "Group                            "
563 			 "Origin                           "
564 			 "Iif      Pkts  Bytes     Wrong  Oifs\n");
565 	} else {
566 		const struct mfc6_cache *mfc = v;
567 		const struct ipmr_mfc_iter *it = seq->private;
568 		struct mr6_table *mrt = it->mrt;
569 
570 		seq_printf(seq, "%pI6 %pI6 %-3hd",
571 			   &mfc->mf6c_mcastgrp, &mfc->mf6c_origin,
572 			   mfc->mf6c_parent);
573 
574 		if (it->cache != &mrt->mfc6_unres_queue) {
575 			seq_printf(seq, " %8lu %8lu %8lu",
576 				   mfc->mfc_un.res.pkt,
577 				   mfc->mfc_un.res.bytes,
578 				   mfc->mfc_un.res.wrong_if);
579 			for (n = mfc->mfc_un.res.minvif;
580 			     n < mfc->mfc_un.res.maxvif; n++) {
581 				if (MIF_EXISTS(mrt, n) &&
582 				    mfc->mfc_un.res.ttls[n] < 255)
583 					seq_printf(seq,
584 						   " %2d:%-3d",
585 						   n, mfc->mfc_un.res.ttls[n]);
586 			}
587 		} else {
588 			/* unresolved mfc_caches don't contain
589 			 * pkt, bytes and wrong_if values
590 			 */
591 			seq_printf(seq, " %8lu %8lu %8lu", 0ul, 0ul, 0ul);
592 		}
593 		seq_putc(seq, '\n');
594 	}
595 	return 0;
596 }
597 
598 static const struct seq_operations ipmr_mfc_seq_ops = {
599 	.start = ipmr_mfc_seq_start,
600 	.next  = ipmr_mfc_seq_next,
601 	.stop  = ipmr_mfc_seq_stop,
602 	.show  = ipmr_mfc_seq_show,
603 };
604 
605 static int ipmr_mfc_open(struct inode *inode, struct file *file)
606 {
607 	return seq_open_net(inode, file, &ipmr_mfc_seq_ops,
608 			    sizeof(struct ipmr_mfc_iter));
609 }
610 
611 static const struct file_operations ip6mr_mfc_fops = {
612 	.owner	 = THIS_MODULE,
613 	.open    = ipmr_mfc_open,
614 	.read    = seq_read,
615 	.llseek  = seq_lseek,
616 	.release = seq_release_net,
617 };
618 #endif
619 
620 #ifdef CONFIG_IPV6_PIMSM_V2
621 
622 static int pim6_rcv(struct sk_buff *skb)
623 {
624 	struct pimreghdr *pim;
625 	struct ipv6hdr   *encap;
626 	struct net_device  *reg_dev = NULL;
627 	struct net *net = dev_net(skb->dev);
628 	struct mr6_table *mrt;
629 	struct flowi6 fl6 = {
630 		.flowi6_iif	= skb->dev->ifindex,
631 		.flowi6_mark	= skb->mark,
632 	};
633 	int reg_vif_num;
634 
635 	if (!pskb_may_pull(skb, sizeof(*pim) + sizeof(*encap)))
636 		goto drop;
637 
638 	pim = (struct pimreghdr *)skb_transport_header(skb);
639 	if (pim->type != ((PIM_VERSION << 4) | PIM_TYPE_REGISTER) ||
640 	    (pim->flags & PIM_NULL_REGISTER) ||
641 	    (csum_ipv6_magic(&ipv6_hdr(skb)->saddr, &ipv6_hdr(skb)->daddr,
642 			     sizeof(*pim), IPPROTO_PIM,
643 			     csum_partial((void *)pim, sizeof(*pim), 0)) &&
644 	     csum_fold(skb_checksum(skb, 0, skb->len, 0))))
645 		goto drop;
646 
647 	/* check if the inner packet is destined to mcast group */
648 	encap = (struct ipv6hdr *)(skb_transport_header(skb) +
649 				   sizeof(*pim));
650 
651 	if (!ipv6_addr_is_multicast(&encap->daddr) ||
652 	    encap->payload_len == 0 ||
653 	    ntohs(encap->payload_len) + sizeof(*pim) > skb->len)
654 		goto drop;
655 
656 	if (ip6mr_fib_lookup(net, &fl6, &mrt) < 0)
657 		goto drop;
658 	reg_vif_num = mrt->mroute_reg_vif_num;
659 
660 	read_lock(&mrt_lock);
661 	if (reg_vif_num >= 0)
662 		reg_dev = mrt->vif6_table[reg_vif_num].dev;
663 	if (reg_dev)
664 		dev_hold(reg_dev);
665 	read_unlock(&mrt_lock);
666 
667 	if (!reg_dev)
668 		goto drop;
669 
670 	skb->mac_header = skb->network_header;
671 	skb_pull(skb, (u8 *)encap - skb->data);
672 	skb_reset_network_header(skb);
673 	skb->protocol = htons(ETH_P_IPV6);
674 	skb->ip_summed = CHECKSUM_NONE;
675 
676 	skb_tunnel_rx(skb, reg_dev, dev_net(reg_dev));
677 
678 	netif_rx(skb);
679 
680 	dev_put(reg_dev);
681 	return 0;
682  drop:
683 	kfree_skb(skb);
684 	return 0;
685 }
686 
687 static const struct inet6_protocol pim6_protocol = {
688 	.handler	=	pim6_rcv,
689 };
690 
691 /* Service routines creating virtual interfaces: PIMREG */
692 
693 static netdev_tx_t reg_vif_xmit(struct sk_buff *skb,
694 				      struct net_device *dev)
695 {
696 	struct net *net = dev_net(dev);
697 	struct mr6_table *mrt;
698 	struct flowi6 fl6 = {
699 		.flowi6_oif	= dev->ifindex,
700 		.flowi6_iif	= skb->skb_iif ? : LOOPBACK_IFINDEX,
701 		.flowi6_mark	= skb->mark,
702 	};
703 	int err;
704 
705 	err = ip6mr_fib_lookup(net, &fl6, &mrt);
706 	if (err < 0) {
707 		kfree_skb(skb);
708 		return err;
709 	}
710 
711 	read_lock(&mrt_lock);
712 	dev->stats.tx_bytes += skb->len;
713 	dev->stats.tx_packets++;
714 	ip6mr_cache_report(mrt, skb, mrt->mroute_reg_vif_num, MRT6MSG_WHOLEPKT);
715 	read_unlock(&mrt_lock);
716 	kfree_skb(skb);
717 	return NETDEV_TX_OK;
718 }
719 
720 static int reg_vif_get_iflink(const struct net_device *dev)
721 {
722 	return 0;
723 }
724 
725 static const struct net_device_ops reg_vif_netdev_ops = {
726 	.ndo_start_xmit	= reg_vif_xmit,
727 	.ndo_get_iflink = reg_vif_get_iflink,
728 };
729 
730 static void reg_vif_setup(struct net_device *dev)
731 {
732 	dev->type		= ARPHRD_PIMREG;
733 	dev->mtu		= 1500 - sizeof(struct ipv6hdr) - 8;
734 	dev->flags		= IFF_NOARP;
735 	dev->netdev_ops		= &reg_vif_netdev_ops;
736 	dev->needs_free_netdev	= true;
737 	dev->features		|= NETIF_F_NETNS_LOCAL;
738 }
739 
740 static struct net_device *ip6mr_reg_vif(struct net *net, struct mr6_table *mrt)
741 {
742 	struct net_device *dev;
743 	char name[IFNAMSIZ];
744 
745 	if (mrt->id == RT6_TABLE_DFLT)
746 		sprintf(name, "pim6reg");
747 	else
748 		sprintf(name, "pim6reg%u", mrt->id);
749 
750 	dev = alloc_netdev(0, name, NET_NAME_UNKNOWN, reg_vif_setup);
751 	if (!dev)
752 		return NULL;
753 
754 	dev_net_set(dev, net);
755 
756 	if (register_netdevice(dev)) {
757 		free_netdev(dev);
758 		return NULL;
759 	}
760 
761 	if (dev_open(dev))
762 		goto failure;
763 
764 	dev_hold(dev);
765 	return dev;
766 
767 failure:
768 	unregister_netdevice(dev);
769 	return NULL;
770 }
771 #endif
772 
773 /*
774  *	Delete a VIF entry
775  */
776 
777 static int mif6_delete(struct mr6_table *mrt, int vifi, int notify,
778 		       struct list_head *head)
779 {
780 	struct mif_device *v;
781 	struct net_device *dev;
782 	struct inet6_dev *in6_dev;
783 
784 	if (vifi < 0 || vifi >= mrt->maxvif)
785 		return -EADDRNOTAVAIL;
786 
787 	v = &mrt->vif6_table[vifi];
788 
789 	write_lock_bh(&mrt_lock);
790 	dev = v->dev;
791 	v->dev = NULL;
792 
793 	if (!dev) {
794 		write_unlock_bh(&mrt_lock);
795 		return -EADDRNOTAVAIL;
796 	}
797 
798 #ifdef CONFIG_IPV6_PIMSM_V2
799 	if (vifi == mrt->mroute_reg_vif_num)
800 		mrt->mroute_reg_vif_num = -1;
801 #endif
802 
803 	if (vifi + 1 == mrt->maxvif) {
804 		int tmp;
805 		for (tmp = vifi - 1; tmp >= 0; tmp--) {
806 			if (MIF_EXISTS(mrt, tmp))
807 				break;
808 		}
809 		mrt->maxvif = tmp + 1;
810 	}
811 
812 	write_unlock_bh(&mrt_lock);
813 
814 	dev_set_allmulti(dev, -1);
815 
816 	in6_dev = __in6_dev_get(dev);
817 	if (in6_dev) {
818 		in6_dev->cnf.mc_forwarding--;
819 		inet6_netconf_notify_devconf(dev_net(dev), RTM_NEWNETCONF,
820 					     NETCONFA_MC_FORWARDING,
821 					     dev->ifindex, &in6_dev->cnf);
822 	}
823 
824 	if ((v->flags & MIFF_REGISTER) && !notify)
825 		unregister_netdevice_queue(dev, head);
826 
827 	dev_put(dev);
828 	return 0;
829 }
830 
831 static inline void ip6mr_cache_free(struct mfc6_cache *c)
832 {
833 	kmem_cache_free(mrt_cachep, c);
834 }
835 
836 /* Destroy an unresolved cache entry, killing queued skbs
837    and reporting error to netlink readers.
838  */
839 
840 static void ip6mr_destroy_unres(struct mr6_table *mrt, struct mfc6_cache *c)
841 {
842 	struct net *net = read_pnet(&mrt->net);
843 	struct sk_buff *skb;
844 
845 	atomic_dec(&mrt->cache_resolve_queue_len);
846 
847 	while ((skb = skb_dequeue(&c->mfc_un.unres.unresolved)) != NULL) {
848 		if (ipv6_hdr(skb)->version == 0) {
849 			struct nlmsghdr *nlh = skb_pull(skb,
850 							sizeof(struct ipv6hdr));
851 			nlh->nlmsg_type = NLMSG_ERROR;
852 			nlh->nlmsg_len = nlmsg_msg_size(sizeof(struct nlmsgerr));
853 			skb_trim(skb, nlh->nlmsg_len);
854 			((struct nlmsgerr *)nlmsg_data(nlh))->error = -ETIMEDOUT;
855 			rtnl_unicast(skb, net, NETLINK_CB(skb).portid);
856 		} else
857 			kfree_skb(skb);
858 	}
859 
860 	ip6mr_cache_free(c);
861 }
862 
863 
864 /* Timer process for all the unresolved queue. */
865 
866 static void ipmr_do_expire_process(struct mr6_table *mrt)
867 {
868 	unsigned long now = jiffies;
869 	unsigned long expires = 10 * HZ;
870 	struct mfc6_cache *c, *next;
871 
872 	list_for_each_entry_safe(c, next, &mrt->mfc6_unres_queue, list) {
873 		if (time_after(c->mfc_un.unres.expires, now)) {
874 			/* not yet... */
875 			unsigned long interval = c->mfc_un.unres.expires - now;
876 			if (interval < expires)
877 				expires = interval;
878 			continue;
879 		}
880 
881 		list_del(&c->list);
882 		mr6_netlink_event(mrt, c, RTM_DELROUTE);
883 		ip6mr_destroy_unres(mrt, c);
884 	}
885 
886 	if (!list_empty(&mrt->mfc6_unres_queue))
887 		mod_timer(&mrt->ipmr_expire_timer, jiffies + expires);
888 }
889 
890 static void ipmr_expire_process(struct timer_list *t)
891 {
892 	struct mr6_table *mrt = from_timer(mrt, t, ipmr_expire_timer);
893 
894 	if (!spin_trylock(&mfc_unres_lock)) {
895 		mod_timer(&mrt->ipmr_expire_timer, jiffies + 1);
896 		return;
897 	}
898 
899 	if (!list_empty(&mrt->mfc6_unres_queue))
900 		ipmr_do_expire_process(mrt);
901 
902 	spin_unlock(&mfc_unres_lock);
903 }
904 
905 /* Fill oifs list. It is called under write locked mrt_lock. */
906 
907 static void ip6mr_update_thresholds(struct mr6_table *mrt, struct mfc6_cache *cache,
908 				    unsigned char *ttls)
909 {
910 	int vifi;
911 
912 	cache->mfc_un.res.minvif = MAXMIFS;
913 	cache->mfc_un.res.maxvif = 0;
914 	memset(cache->mfc_un.res.ttls, 255, MAXMIFS);
915 
916 	for (vifi = 0; vifi < mrt->maxvif; vifi++) {
917 		if (MIF_EXISTS(mrt, vifi) &&
918 		    ttls[vifi] && ttls[vifi] < 255) {
919 			cache->mfc_un.res.ttls[vifi] = ttls[vifi];
920 			if (cache->mfc_un.res.minvif > vifi)
921 				cache->mfc_un.res.minvif = vifi;
922 			if (cache->mfc_un.res.maxvif <= vifi)
923 				cache->mfc_un.res.maxvif = vifi + 1;
924 		}
925 	}
926 	cache->mfc_un.res.lastuse = jiffies;
927 }
928 
929 static int mif6_add(struct net *net, struct mr6_table *mrt,
930 		    struct mif6ctl *vifc, int mrtsock)
931 {
932 	int vifi = vifc->mif6c_mifi;
933 	struct mif_device *v = &mrt->vif6_table[vifi];
934 	struct net_device *dev;
935 	struct inet6_dev *in6_dev;
936 	int err;
937 
938 	/* Is vif busy ? */
939 	if (MIF_EXISTS(mrt, vifi))
940 		return -EADDRINUSE;
941 
942 	switch (vifc->mif6c_flags) {
943 #ifdef CONFIG_IPV6_PIMSM_V2
944 	case MIFF_REGISTER:
945 		/*
946 		 * Special Purpose VIF in PIM
947 		 * All the packets will be sent to the daemon
948 		 */
949 		if (mrt->mroute_reg_vif_num >= 0)
950 			return -EADDRINUSE;
951 		dev = ip6mr_reg_vif(net, mrt);
952 		if (!dev)
953 			return -ENOBUFS;
954 		err = dev_set_allmulti(dev, 1);
955 		if (err) {
956 			unregister_netdevice(dev);
957 			dev_put(dev);
958 			return err;
959 		}
960 		break;
961 #endif
962 	case 0:
963 		dev = dev_get_by_index(net, vifc->mif6c_pifi);
964 		if (!dev)
965 			return -EADDRNOTAVAIL;
966 		err = dev_set_allmulti(dev, 1);
967 		if (err) {
968 			dev_put(dev);
969 			return err;
970 		}
971 		break;
972 	default:
973 		return -EINVAL;
974 	}
975 
976 	in6_dev = __in6_dev_get(dev);
977 	if (in6_dev) {
978 		in6_dev->cnf.mc_forwarding++;
979 		inet6_netconf_notify_devconf(dev_net(dev), RTM_NEWNETCONF,
980 					     NETCONFA_MC_FORWARDING,
981 					     dev->ifindex, &in6_dev->cnf);
982 	}
983 
984 	/*
985 	 *	Fill in the VIF structures
986 	 */
987 	v->rate_limit = vifc->vifc_rate_limit;
988 	v->flags = vifc->mif6c_flags;
989 	if (!mrtsock)
990 		v->flags |= VIFF_STATIC;
991 	v->threshold = vifc->vifc_threshold;
992 	v->bytes_in = 0;
993 	v->bytes_out = 0;
994 	v->pkt_in = 0;
995 	v->pkt_out = 0;
996 	v->link = dev->ifindex;
997 	if (v->flags & MIFF_REGISTER)
998 		v->link = dev_get_iflink(dev);
999 
1000 	/* And finish update writing critical data */
1001 	write_lock_bh(&mrt_lock);
1002 	v->dev = dev;
1003 #ifdef CONFIG_IPV6_PIMSM_V2
1004 	if (v->flags & MIFF_REGISTER)
1005 		mrt->mroute_reg_vif_num = vifi;
1006 #endif
1007 	if (vifi + 1 > mrt->maxvif)
1008 		mrt->maxvif = vifi + 1;
1009 	write_unlock_bh(&mrt_lock);
1010 	return 0;
1011 }
1012 
1013 static struct mfc6_cache *ip6mr_cache_find(struct mr6_table *mrt,
1014 					   const struct in6_addr *origin,
1015 					   const struct in6_addr *mcastgrp)
1016 {
1017 	int line = MFC6_HASH(mcastgrp, origin);
1018 	struct mfc6_cache *c;
1019 
1020 	list_for_each_entry(c, &mrt->mfc6_cache_array[line], list) {
1021 		if (ipv6_addr_equal(&c->mf6c_origin, origin) &&
1022 		    ipv6_addr_equal(&c->mf6c_mcastgrp, mcastgrp))
1023 			return c;
1024 	}
1025 	return NULL;
1026 }
1027 
1028 /* Look for a (*,*,oif) entry */
1029 static struct mfc6_cache *ip6mr_cache_find_any_parent(struct mr6_table *mrt,
1030 						      mifi_t mifi)
1031 {
1032 	int line = MFC6_HASH(&in6addr_any, &in6addr_any);
1033 	struct mfc6_cache *c;
1034 
1035 	list_for_each_entry(c, &mrt->mfc6_cache_array[line], list)
1036 		if (ipv6_addr_any(&c->mf6c_origin) &&
1037 		    ipv6_addr_any(&c->mf6c_mcastgrp) &&
1038 		    (c->mfc_un.res.ttls[mifi] < 255))
1039 			return c;
1040 
1041 	return NULL;
1042 }
1043 
1044 /* Look for a (*,G) entry */
1045 static struct mfc6_cache *ip6mr_cache_find_any(struct mr6_table *mrt,
1046 					       struct in6_addr *mcastgrp,
1047 					       mifi_t mifi)
1048 {
1049 	int line = MFC6_HASH(mcastgrp, &in6addr_any);
1050 	struct mfc6_cache *c, *proxy;
1051 
1052 	if (ipv6_addr_any(mcastgrp))
1053 		goto skip;
1054 
1055 	list_for_each_entry(c, &mrt->mfc6_cache_array[line], list)
1056 		if (ipv6_addr_any(&c->mf6c_origin) &&
1057 		    ipv6_addr_equal(&c->mf6c_mcastgrp, mcastgrp)) {
1058 			if (c->mfc_un.res.ttls[mifi] < 255)
1059 				return c;
1060 
1061 			/* It's ok if the mifi is part of the static tree */
1062 			proxy = ip6mr_cache_find_any_parent(mrt,
1063 							    c->mf6c_parent);
1064 			if (proxy && proxy->mfc_un.res.ttls[mifi] < 255)
1065 				return c;
1066 		}
1067 
1068 skip:
1069 	return ip6mr_cache_find_any_parent(mrt, mifi);
1070 }
1071 
1072 /*
1073  *	Allocate a multicast cache entry
1074  */
1075 static struct mfc6_cache *ip6mr_cache_alloc(void)
1076 {
1077 	struct mfc6_cache *c = kmem_cache_zalloc(mrt_cachep, GFP_KERNEL);
1078 	if (!c)
1079 		return NULL;
1080 	c->mfc_un.res.last_assert = jiffies - MFC_ASSERT_THRESH - 1;
1081 	c->mfc_un.res.minvif = MAXMIFS;
1082 	return c;
1083 }
1084 
1085 static struct mfc6_cache *ip6mr_cache_alloc_unres(void)
1086 {
1087 	struct mfc6_cache *c = kmem_cache_zalloc(mrt_cachep, GFP_ATOMIC);
1088 	if (!c)
1089 		return NULL;
1090 	skb_queue_head_init(&c->mfc_un.unres.unresolved);
1091 	c->mfc_un.unres.expires = jiffies + 10 * HZ;
1092 	return c;
1093 }
1094 
1095 /*
1096  *	A cache entry has gone into a resolved state from queued
1097  */
1098 
1099 static void ip6mr_cache_resolve(struct net *net, struct mr6_table *mrt,
1100 				struct mfc6_cache *uc, struct mfc6_cache *c)
1101 {
1102 	struct sk_buff *skb;
1103 
1104 	/*
1105 	 *	Play the pending entries through our router
1106 	 */
1107 
1108 	while ((skb = __skb_dequeue(&uc->mfc_un.unres.unresolved))) {
1109 		if (ipv6_hdr(skb)->version == 0) {
1110 			struct nlmsghdr *nlh = skb_pull(skb,
1111 							sizeof(struct ipv6hdr));
1112 
1113 			if (__ip6mr_fill_mroute(mrt, skb, c, nlmsg_data(nlh)) > 0) {
1114 				nlh->nlmsg_len = skb_tail_pointer(skb) - (u8 *)nlh;
1115 			} else {
1116 				nlh->nlmsg_type = NLMSG_ERROR;
1117 				nlh->nlmsg_len = nlmsg_msg_size(sizeof(struct nlmsgerr));
1118 				skb_trim(skb, nlh->nlmsg_len);
1119 				((struct nlmsgerr *)nlmsg_data(nlh))->error = -EMSGSIZE;
1120 			}
1121 			rtnl_unicast(skb, net, NETLINK_CB(skb).portid);
1122 		} else
1123 			ip6_mr_forward(net, mrt, skb, c);
1124 	}
1125 }
1126 
1127 /*
1128  *	Bounce a cache query up to pim6sd and netlink.
1129  *
1130  *	Called under mrt_lock.
1131  */
1132 
1133 static int ip6mr_cache_report(struct mr6_table *mrt, struct sk_buff *pkt,
1134 			      mifi_t mifi, int assert)
1135 {
1136 	struct sk_buff *skb;
1137 	struct mrt6msg *msg;
1138 	int ret;
1139 
1140 #ifdef CONFIG_IPV6_PIMSM_V2
1141 	if (assert == MRT6MSG_WHOLEPKT)
1142 		skb = skb_realloc_headroom(pkt, -skb_network_offset(pkt)
1143 						+sizeof(*msg));
1144 	else
1145 #endif
1146 		skb = alloc_skb(sizeof(struct ipv6hdr) + sizeof(*msg), GFP_ATOMIC);
1147 
1148 	if (!skb)
1149 		return -ENOBUFS;
1150 
1151 	/* I suppose that internal messages
1152 	 * do not require checksums */
1153 
1154 	skb->ip_summed = CHECKSUM_UNNECESSARY;
1155 
1156 #ifdef CONFIG_IPV6_PIMSM_V2
1157 	if (assert == MRT6MSG_WHOLEPKT) {
1158 		/* Ugly, but we have no choice with this interface.
1159 		   Duplicate old header, fix length etc.
1160 		   And all this only to mangle msg->im6_msgtype and
1161 		   to set msg->im6_mbz to "mbz" :-)
1162 		 */
1163 		skb_push(skb, -skb_network_offset(pkt));
1164 
1165 		skb_push(skb, sizeof(*msg));
1166 		skb_reset_transport_header(skb);
1167 		msg = (struct mrt6msg *)skb_transport_header(skb);
1168 		msg->im6_mbz = 0;
1169 		msg->im6_msgtype = MRT6MSG_WHOLEPKT;
1170 		msg->im6_mif = mrt->mroute_reg_vif_num;
1171 		msg->im6_pad = 0;
1172 		msg->im6_src = ipv6_hdr(pkt)->saddr;
1173 		msg->im6_dst = ipv6_hdr(pkt)->daddr;
1174 
1175 		skb->ip_summed = CHECKSUM_UNNECESSARY;
1176 	} else
1177 #endif
1178 	{
1179 	/*
1180 	 *	Copy the IP header
1181 	 */
1182 
1183 	skb_put(skb, sizeof(struct ipv6hdr));
1184 	skb_reset_network_header(skb);
1185 	skb_copy_to_linear_data(skb, ipv6_hdr(pkt), sizeof(struct ipv6hdr));
1186 
1187 	/*
1188 	 *	Add our header
1189 	 */
1190 	skb_put(skb, sizeof(*msg));
1191 	skb_reset_transport_header(skb);
1192 	msg = (struct mrt6msg *)skb_transport_header(skb);
1193 
1194 	msg->im6_mbz = 0;
1195 	msg->im6_msgtype = assert;
1196 	msg->im6_mif = mifi;
1197 	msg->im6_pad = 0;
1198 	msg->im6_src = ipv6_hdr(pkt)->saddr;
1199 	msg->im6_dst = ipv6_hdr(pkt)->daddr;
1200 
1201 	skb_dst_set(skb, dst_clone(skb_dst(pkt)));
1202 	skb->ip_summed = CHECKSUM_UNNECESSARY;
1203 	}
1204 
1205 	if (!mrt->mroute6_sk) {
1206 		kfree_skb(skb);
1207 		return -EINVAL;
1208 	}
1209 
1210 	mrt6msg_netlink_event(mrt, skb);
1211 
1212 	/*
1213 	 *	Deliver to user space multicast routing algorithms
1214 	 */
1215 	ret = sock_queue_rcv_skb(mrt->mroute6_sk, skb);
1216 	if (ret < 0) {
1217 		net_warn_ratelimited("mroute6: pending queue full, dropping entries\n");
1218 		kfree_skb(skb);
1219 	}
1220 
1221 	return ret;
1222 }
1223 
1224 /*
1225  *	Queue a packet for resolution. It gets locked cache entry!
1226  */
1227 
1228 static int
1229 ip6mr_cache_unresolved(struct mr6_table *mrt, mifi_t mifi, struct sk_buff *skb)
1230 {
1231 	bool found = false;
1232 	int err;
1233 	struct mfc6_cache *c;
1234 
1235 	spin_lock_bh(&mfc_unres_lock);
1236 	list_for_each_entry(c, &mrt->mfc6_unres_queue, list) {
1237 		if (ipv6_addr_equal(&c->mf6c_mcastgrp, &ipv6_hdr(skb)->daddr) &&
1238 		    ipv6_addr_equal(&c->mf6c_origin, &ipv6_hdr(skb)->saddr)) {
1239 			found = true;
1240 			break;
1241 		}
1242 	}
1243 
1244 	if (!found) {
1245 		/*
1246 		 *	Create a new entry if allowable
1247 		 */
1248 
1249 		if (atomic_read(&mrt->cache_resolve_queue_len) >= 10 ||
1250 		    (c = ip6mr_cache_alloc_unres()) == NULL) {
1251 			spin_unlock_bh(&mfc_unres_lock);
1252 
1253 			kfree_skb(skb);
1254 			return -ENOBUFS;
1255 		}
1256 
1257 		/*
1258 		 *	Fill in the new cache entry
1259 		 */
1260 		c->mf6c_parent = -1;
1261 		c->mf6c_origin = ipv6_hdr(skb)->saddr;
1262 		c->mf6c_mcastgrp = ipv6_hdr(skb)->daddr;
1263 
1264 		/*
1265 		 *	Reflect first query at pim6sd
1266 		 */
1267 		err = ip6mr_cache_report(mrt, skb, mifi, MRT6MSG_NOCACHE);
1268 		if (err < 0) {
1269 			/* If the report failed throw the cache entry
1270 			   out - Brad Parker
1271 			 */
1272 			spin_unlock_bh(&mfc_unres_lock);
1273 
1274 			ip6mr_cache_free(c);
1275 			kfree_skb(skb);
1276 			return err;
1277 		}
1278 
1279 		atomic_inc(&mrt->cache_resolve_queue_len);
1280 		list_add(&c->list, &mrt->mfc6_unres_queue);
1281 		mr6_netlink_event(mrt, c, RTM_NEWROUTE);
1282 
1283 		ipmr_do_expire_process(mrt);
1284 	}
1285 
1286 	/*
1287 	 *	See if we can append the packet
1288 	 */
1289 	if (c->mfc_un.unres.unresolved.qlen > 3) {
1290 		kfree_skb(skb);
1291 		err = -ENOBUFS;
1292 	} else {
1293 		skb_queue_tail(&c->mfc_un.unres.unresolved, skb);
1294 		err = 0;
1295 	}
1296 
1297 	spin_unlock_bh(&mfc_unres_lock);
1298 	return err;
1299 }
1300 
1301 /*
1302  *	MFC6 cache manipulation by user space
1303  */
1304 
1305 static int ip6mr_mfc_delete(struct mr6_table *mrt, struct mf6cctl *mfc,
1306 			    int parent)
1307 {
1308 	int line;
1309 	struct mfc6_cache *c, *next;
1310 
1311 	line = MFC6_HASH(&mfc->mf6cc_mcastgrp.sin6_addr, &mfc->mf6cc_origin.sin6_addr);
1312 
1313 	list_for_each_entry_safe(c, next, &mrt->mfc6_cache_array[line], list) {
1314 		if (ipv6_addr_equal(&c->mf6c_origin, &mfc->mf6cc_origin.sin6_addr) &&
1315 		    ipv6_addr_equal(&c->mf6c_mcastgrp,
1316 				    &mfc->mf6cc_mcastgrp.sin6_addr) &&
1317 		    (parent == -1 || parent == c->mf6c_parent)) {
1318 			write_lock_bh(&mrt_lock);
1319 			list_del(&c->list);
1320 			write_unlock_bh(&mrt_lock);
1321 
1322 			mr6_netlink_event(mrt, c, RTM_DELROUTE);
1323 			ip6mr_cache_free(c);
1324 			return 0;
1325 		}
1326 	}
1327 	return -ENOENT;
1328 }
1329 
1330 static int ip6mr_device_event(struct notifier_block *this,
1331 			      unsigned long event, void *ptr)
1332 {
1333 	struct net_device *dev = netdev_notifier_info_to_dev(ptr);
1334 	struct net *net = dev_net(dev);
1335 	struct mr6_table *mrt;
1336 	struct mif_device *v;
1337 	int ct;
1338 
1339 	if (event != NETDEV_UNREGISTER)
1340 		return NOTIFY_DONE;
1341 
1342 	ip6mr_for_each_table(mrt, net) {
1343 		v = &mrt->vif6_table[0];
1344 		for (ct = 0; ct < mrt->maxvif; ct++, v++) {
1345 			if (v->dev == dev)
1346 				mif6_delete(mrt, ct, 1, NULL);
1347 		}
1348 	}
1349 
1350 	return NOTIFY_DONE;
1351 }
1352 
1353 static struct notifier_block ip6_mr_notifier = {
1354 	.notifier_call = ip6mr_device_event
1355 };
1356 
1357 /*
1358  *	Setup for IP multicast routing
1359  */
1360 
1361 static int __net_init ip6mr_net_init(struct net *net)
1362 {
1363 	int err;
1364 
1365 	err = ip6mr_rules_init(net);
1366 	if (err < 0)
1367 		goto fail;
1368 
1369 #ifdef CONFIG_PROC_FS
1370 	err = -ENOMEM;
1371 	if (!proc_create("ip6_mr_vif", 0, net->proc_net, &ip6mr_vif_fops))
1372 		goto proc_vif_fail;
1373 	if (!proc_create("ip6_mr_cache", 0, net->proc_net, &ip6mr_mfc_fops))
1374 		goto proc_cache_fail;
1375 #endif
1376 
1377 	return 0;
1378 
1379 #ifdef CONFIG_PROC_FS
1380 proc_cache_fail:
1381 	remove_proc_entry("ip6_mr_vif", net->proc_net);
1382 proc_vif_fail:
1383 	ip6mr_rules_exit(net);
1384 #endif
1385 fail:
1386 	return err;
1387 }
1388 
1389 static void __net_exit ip6mr_net_exit(struct net *net)
1390 {
1391 #ifdef CONFIG_PROC_FS
1392 	remove_proc_entry("ip6_mr_cache", net->proc_net);
1393 	remove_proc_entry("ip6_mr_vif", net->proc_net);
1394 #endif
1395 	ip6mr_rules_exit(net);
1396 }
1397 
1398 static struct pernet_operations ip6mr_net_ops = {
1399 	.init = ip6mr_net_init,
1400 	.exit = ip6mr_net_exit,
1401 };
1402 
1403 int __init ip6_mr_init(void)
1404 {
1405 	int err;
1406 
1407 	mrt_cachep = kmem_cache_create("ip6_mrt_cache",
1408 				       sizeof(struct mfc6_cache),
1409 				       0, SLAB_HWCACHE_ALIGN,
1410 				       NULL);
1411 	if (!mrt_cachep)
1412 		return -ENOMEM;
1413 
1414 	err = register_pernet_subsys(&ip6mr_net_ops);
1415 	if (err)
1416 		goto reg_pernet_fail;
1417 
1418 	err = register_netdevice_notifier(&ip6_mr_notifier);
1419 	if (err)
1420 		goto reg_notif_fail;
1421 #ifdef CONFIG_IPV6_PIMSM_V2
1422 	if (inet6_add_protocol(&pim6_protocol, IPPROTO_PIM) < 0) {
1423 		pr_err("%s: can't add PIM protocol\n", __func__);
1424 		err = -EAGAIN;
1425 		goto add_proto_fail;
1426 	}
1427 #endif
1428 	rtnl_register(RTNL_FAMILY_IP6MR, RTM_GETROUTE, NULL,
1429 		      ip6mr_rtm_dumproute, 0);
1430 	return 0;
1431 #ifdef CONFIG_IPV6_PIMSM_V2
1432 add_proto_fail:
1433 	unregister_netdevice_notifier(&ip6_mr_notifier);
1434 #endif
1435 reg_notif_fail:
1436 	unregister_pernet_subsys(&ip6mr_net_ops);
1437 reg_pernet_fail:
1438 	kmem_cache_destroy(mrt_cachep);
1439 	return err;
1440 }
1441 
1442 void ip6_mr_cleanup(void)
1443 {
1444 	rtnl_unregister(RTNL_FAMILY_IP6MR, RTM_GETROUTE);
1445 #ifdef CONFIG_IPV6_PIMSM_V2
1446 	inet6_del_protocol(&pim6_protocol, IPPROTO_PIM);
1447 #endif
1448 	unregister_netdevice_notifier(&ip6_mr_notifier);
1449 	unregister_pernet_subsys(&ip6mr_net_ops);
1450 	kmem_cache_destroy(mrt_cachep);
1451 }
1452 
1453 static int ip6mr_mfc_add(struct net *net, struct mr6_table *mrt,
1454 			 struct mf6cctl *mfc, int mrtsock, int parent)
1455 {
1456 	bool found = false;
1457 	int line;
1458 	struct mfc6_cache *uc, *c;
1459 	unsigned char ttls[MAXMIFS];
1460 	int i;
1461 
1462 	if (mfc->mf6cc_parent >= MAXMIFS)
1463 		return -ENFILE;
1464 
1465 	memset(ttls, 255, MAXMIFS);
1466 	for (i = 0; i < MAXMIFS; i++) {
1467 		if (IF_ISSET(i, &mfc->mf6cc_ifset))
1468 			ttls[i] = 1;
1469 
1470 	}
1471 
1472 	line = MFC6_HASH(&mfc->mf6cc_mcastgrp.sin6_addr, &mfc->mf6cc_origin.sin6_addr);
1473 
1474 	list_for_each_entry(c, &mrt->mfc6_cache_array[line], list) {
1475 		if (ipv6_addr_equal(&c->mf6c_origin, &mfc->mf6cc_origin.sin6_addr) &&
1476 		    ipv6_addr_equal(&c->mf6c_mcastgrp,
1477 				    &mfc->mf6cc_mcastgrp.sin6_addr) &&
1478 		    (parent == -1 || parent == mfc->mf6cc_parent)) {
1479 			found = true;
1480 			break;
1481 		}
1482 	}
1483 
1484 	if (found) {
1485 		write_lock_bh(&mrt_lock);
1486 		c->mf6c_parent = mfc->mf6cc_parent;
1487 		ip6mr_update_thresholds(mrt, c, ttls);
1488 		if (!mrtsock)
1489 			c->mfc_flags |= MFC_STATIC;
1490 		write_unlock_bh(&mrt_lock);
1491 		mr6_netlink_event(mrt, c, RTM_NEWROUTE);
1492 		return 0;
1493 	}
1494 
1495 	if (!ipv6_addr_any(&mfc->mf6cc_mcastgrp.sin6_addr) &&
1496 	    !ipv6_addr_is_multicast(&mfc->mf6cc_mcastgrp.sin6_addr))
1497 		return -EINVAL;
1498 
1499 	c = ip6mr_cache_alloc();
1500 	if (!c)
1501 		return -ENOMEM;
1502 
1503 	c->mf6c_origin = mfc->mf6cc_origin.sin6_addr;
1504 	c->mf6c_mcastgrp = mfc->mf6cc_mcastgrp.sin6_addr;
1505 	c->mf6c_parent = mfc->mf6cc_parent;
1506 	ip6mr_update_thresholds(mrt, c, ttls);
1507 	if (!mrtsock)
1508 		c->mfc_flags |= MFC_STATIC;
1509 
1510 	write_lock_bh(&mrt_lock);
1511 	list_add(&c->list, &mrt->mfc6_cache_array[line]);
1512 	write_unlock_bh(&mrt_lock);
1513 
1514 	/*
1515 	 *	Check to see if we resolved a queued list. If so we
1516 	 *	need to send on the frames and tidy up.
1517 	 */
1518 	found = false;
1519 	spin_lock_bh(&mfc_unres_lock);
1520 	list_for_each_entry(uc, &mrt->mfc6_unres_queue, list) {
1521 		if (ipv6_addr_equal(&uc->mf6c_origin, &c->mf6c_origin) &&
1522 		    ipv6_addr_equal(&uc->mf6c_mcastgrp, &c->mf6c_mcastgrp)) {
1523 			list_del(&uc->list);
1524 			atomic_dec(&mrt->cache_resolve_queue_len);
1525 			found = true;
1526 			break;
1527 		}
1528 	}
1529 	if (list_empty(&mrt->mfc6_unres_queue))
1530 		del_timer(&mrt->ipmr_expire_timer);
1531 	spin_unlock_bh(&mfc_unres_lock);
1532 
1533 	if (found) {
1534 		ip6mr_cache_resolve(net, mrt, uc, c);
1535 		ip6mr_cache_free(uc);
1536 	}
1537 	mr6_netlink_event(mrt, c, RTM_NEWROUTE);
1538 	return 0;
1539 }
1540 
1541 /*
1542  *	Close the multicast socket, and clear the vif tables etc
1543  */
1544 
1545 static void mroute_clean_tables(struct mr6_table *mrt, bool all)
1546 {
1547 	int i;
1548 	LIST_HEAD(list);
1549 	struct mfc6_cache *c, *next;
1550 
1551 	/*
1552 	 *	Shut down all active vif entries
1553 	 */
1554 	for (i = 0; i < mrt->maxvif; i++) {
1555 		if (!all && (mrt->vif6_table[i].flags & VIFF_STATIC))
1556 			continue;
1557 		mif6_delete(mrt, i, 0, &list);
1558 	}
1559 	unregister_netdevice_many(&list);
1560 
1561 	/*
1562 	 *	Wipe the cache
1563 	 */
1564 	for (i = 0; i < MFC6_LINES; i++) {
1565 		list_for_each_entry_safe(c, next, &mrt->mfc6_cache_array[i], list) {
1566 			if (!all && (c->mfc_flags & MFC_STATIC))
1567 				continue;
1568 			write_lock_bh(&mrt_lock);
1569 			list_del(&c->list);
1570 			write_unlock_bh(&mrt_lock);
1571 
1572 			mr6_netlink_event(mrt, c, RTM_DELROUTE);
1573 			ip6mr_cache_free(c);
1574 		}
1575 	}
1576 
1577 	if (atomic_read(&mrt->cache_resolve_queue_len) != 0) {
1578 		spin_lock_bh(&mfc_unres_lock);
1579 		list_for_each_entry_safe(c, next, &mrt->mfc6_unres_queue, list) {
1580 			list_del(&c->list);
1581 			mr6_netlink_event(mrt, c, RTM_DELROUTE);
1582 			ip6mr_destroy_unres(mrt, c);
1583 		}
1584 		spin_unlock_bh(&mfc_unres_lock);
1585 	}
1586 }
1587 
1588 static int ip6mr_sk_init(struct mr6_table *mrt, struct sock *sk)
1589 {
1590 	int err = 0;
1591 	struct net *net = sock_net(sk);
1592 
1593 	rtnl_lock();
1594 	write_lock_bh(&mrt_lock);
1595 	if (likely(mrt->mroute6_sk == NULL)) {
1596 		mrt->mroute6_sk = sk;
1597 		net->ipv6.devconf_all->mc_forwarding++;
1598 	} else {
1599 		err = -EADDRINUSE;
1600 	}
1601 	write_unlock_bh(&mrt_lock);
1602 
1603 	if (!err)
1604 		inet6_netconf_notify_devconf(net, RTM_NEWNETCONF,
1605 					     NETCONFA_MC_FORWARDING,
1606 					     NETCONFA_IFINDEX_ALL,
1607 					     net->ipv6.devconf_all);
1608 	rtnl_unlock();
1609 
1610 	return err;
1611 }
1612 
1613 int ip6mr_sk_done(struct sock *sk)
1614 {
1615 	int err = -EACCES;
1616 	struct net *net = sock_net(sk);
1617 	struct mr6_table *mrt;
1618 
1619 	if (sk->sk_type != SOCK_RAW ||
1620 	    inet_sk(sk)->inet_num != IPPROTO_ICMPV6)
1621 		return err;
1622 
1623 	rtnl_lock();
1624 	ip6mr_for_each_table(mrt, net) {
1625 		if (sk == mrt->mroute6_sk) {
1626 			write_lock_bh(&mrt_lock);
1627 			mrt->mroute6_sk = NULL;
1628 			net->ipv6.devconf_all->mc_forwarding--;
1629 			write_unlock_bh(&mrt_lock);
1630 			inet6_netconf_notify_devconf(net, RTM_NEWNETCONF,
1631 						     NETCONFA_MC_FORWARDING,
1632 						     NETCONFA_IFINDEX_ALL,
1633 						     net->ipv6.devconf_all);
1634 
1635 			mroute_clean_tables(mrt, false);
1636 			err = 0;
1637 			break;
1638 		}
1639 	}
1640 	rtnl_unlock();
1641 
1642 	return err;
1643 }
1644 
1645 struct sock *mroute6_socket(struct net *net, struct sk_buff *skb)
1646 {
1647 	struct mr6_table *mrt;
1648 	struct flowi6 fl6 = {
1649 		.flowi6_iif	= skb->skb_iif ? : LOOPBACK_IFINDEX,
1650 		.flowi6_oif	= skb->dev->ifindex,
1651 		.flowi6_mark	= skb->mark,
1652 	};
1653 
1654 	if (ip6mr_fib_lookup(net, &fl6, &mrt) < 0)
1655 		return NULL;
1656 
1657 	return mrt->mroute6_sk;
1658 }
1659 
1660 /*
1661  *	Socket options and virtual interface manipulation. The whole
1662  *	virtual interface system is a complete heap, but unfortunately
1663  *	that's how BSD mrouted happens to think. Maybe one day with a proper
1664  *	MOSPF/PIM router set up we can clean this up.
1665  */
1666 
1667 int ip6_mroute_setsockopt(struct sock *sk, int optname, char __user *optval, unsigned int optlen)
1668 {
1669 	int ret, parent = 0;
1670 	struct mif6ctl vif;
1671 	struct mf6cctl mfc;
1672 	mifi_t mifi;
1673 	struct net *net = sock_net(sk);
1674 	struct mr6_table *mrt;
1675 
1676 	if (sk->sk_type != SOCK_RAW ||
1677 	    inet_sk(sk)->inet_num != IPPROTO_ICMPV6)
1678 		return -EOPNOTSUPP;
1679 
1680 	mrt = ip6mr_get_table(net, raw6_sk(sk)->ip6mr_table ? : RT6_TABLE_DFLT);
1681 	if (!mrt)
1682 		return -ENOENT;
1683 
1684 	if (optname != MRT6_INIT) {
1685 		if (sk != mrt->mroute6_sk && !ns_capable(net->user_ns, CAP_NET_ADMIN))
1686 			return -EACCES;
1687 	}
1688 
1689 	switch (optname) {
1690 	case MRT6_INIT:
1691 		if (optlen < sizeof(int))
1692 			return -EINVAL;
1693 
1694 		return ip6mr_sk_init(mrt, sk);
1695 
1696 	case MRT6_DONE:
1697 		return ip6mr_sk_done(sk);
1698 
1699 	case MRT6_ADD_MIF:
1700 		if (optlen < sizeof(vif))
1701 			return -EINVAL;
1702 		if (copy_from_user(&vif, optval, sizeof(vif)))
1703 			return -EFAULT;
1704 		if (vif.mif6c_mifi >= MAXMIFS)
1705 			return -ENFILE;
1706 		rtnl_lock();
1707 		ret = mif6_add(net, mrt, &vif, sk == mrt->mroute6_sk);
1708 		rtnl_unlock();
1709 		return ret;
1710 
1711 	case MRT6_DEL_MIF:
1712 		if (optlen < sizeof(mifi_t))
1713 			return -EINVAL;
1714 		if (copy_from_user(&mifi, optval, sizeof(mifi_t)))
1715 			return -EFAULT;
1716 		rtnl_lock();
1717 		ret = mif6_delete(mrt, mifi, 0, NULL);
1718 		rtnl_unlock();
1719 		return ret;
1720 
1721 	/*
1722 	 *	Manipulate the forwarding caches. These live
1723 	 *	in a sort of kernel/user symbiosis.
1724 	 */
1725 	case MRT6_ADD_MFC:
1726 	case MRT6_DEL_MFC:
1727 		parent = -1;
1728 		/* fall through */
1729 	case MRT6_ADD_MFC_PROXY:
1730 	case MRT6_DEL_MFC_PROXY:
1731 		if (optlen < sizeof(mfc))
1732 			return -EINVAL;
1733 		if (copy_from_user(&mfc, optval, sizeof(mfc)))
1734 			return -EFAULT;
1735 		if (parent == 0)
1736 			parent = mfc.mf6cc_parent;
1737 		rtnl_lock();
1738 		if (optname == MRT6_DEL_MFC || optname == MRT6_DEL_MFC_PROXY)
1739 			ret = ip6mr_mfc_delete(mrt, &mfc, parent);
1740 		else
1741 			ret = ip6mr_mfc_add(net, mrt, &mfc,
1742 					    sk == mrt->mroute6_sk, parent);
1743 		rtnl_unlock();
1744 		return ret;
1745 
1746 	/*
1747 	 *	Control PIM assert (to activate pim will activate assert)
1748 	 */
1749 	case MRT6_ASSERT:
1750 	{
1751 		int v;
1752 
1753 		if (optlen != sizeof(v))
1754 			return -EINVAL;
1755 		if (get_user(v, (int __user *)optval))
1756 			return -EFAULT;
1757 		mrt->mroute_do_assert = v;
1758 		return 0;
1759 	}
1760 
1761 #ifdef CONFIG_IPV6_PIMSM_V2
1762 	case MRT6_PIM:
1763 	{
1764 		int v;
1765 
1766 		if (optlen != sizeof(v))
1767 			return -EINVAL;
1768 		if (get_user(v, (int __user *)optval))
1769 			return -EFAULT;
1770 		v = !!v;
1771 		rtnl_lock();
1772 		ret = 0;
1773 		if (v != mrt->mroute_do_pim) {
1774 			mrt->mroute_do_pim = v;
1775 			mrt->mroute_do_assert = v;
1776 		}
1777 		rtnl_unlock();
1778 		return ret;
1779 	}
1780 
1781 #endif
1782 #ifdef CONFIG_IPV6_MROUTE_MULTIPLE_TABLES
1783 	case MRT6_TABLE:
1784 	{
1785 		u32 v;
1786 
1787 		if (optlen != sizeof(u32))
1788 			return -EINVAL;
1789 		if (get_user(v, (u32 __user *)optval))
1790 			return -EFAULT;
1791 		/* "pim6reg%u" should not exceed 16 bytes (IFNAMSIZ) */
1792 		if (v != RT_TABLE_DEFAULT && v >= 100000000)
1793 			return -EINVAL;
1794 		if (sk == mrt->mroute6_sk)
1795 			return -EBUSY;
1796 
1797 		rtnl_lock();
1798 		ret = 0;
1799 		if (!ip6mr_new_table(net, v))
1800 			ret = -ENOMEM;
1801 		raw6_sk(sk)->ip6mr_table = v;
1802 		rtnl_unlock();
1803 		return ret;
1804 	}
1805 #endif
1806 	/*
1807 	 *	Spurious command, or MRT6_VERSION which you cannot
1808 	 *	set.
1809 	 */
1810 	default:
1811 		return -ENOPROTOOPT;
1812 	}
1813 }
1814 
1815 /*
1816  *	Getsock opt support for the multicast routing system.
1817  */
1818 
1819 int ip6_mroute_getsockopt(struct sock *sk, int optname, char __user *optval,
1820 			  int __user *optlen)
1821 {
1822 	int olr;
1823 	int val;
1824 	struct net *net = sock_net(sk);
1825 	struct mr6_table *mrt;
1826 
1827 	if (sk->sk_type != SOCK_RAW ||
1828 	    inet_sk(sk)->inet_num != IPPROTO_ICMPV6)
1829 		return -EOPNOTSUPP;
1830 
1831 	mrt = ip6mr_get_table(net, raw6_sk(sk)->ip6mr_table ? : RT6_TABLE_DFLT);
1832 	if (!mrt)
1833 		return -ENOENT;
1834 
1835 	switch (optname) {
1836 	case MRT6_VERSION:
1837 		val = 0x0305;
1838 		break;
1839 #ifdef CONFIG_IPV6_PIMSM_V2
1840 	case MRT6_PIM:
1841 		val = mrt->mroute_do_pim;
1842 		break;
1843 #endif
1844 	case MRT6_ASSERT:
1845 		val = mrt->mroute_do_assert;
1846 		break;
1847 	default:
1848 		return -ENOPROTOOPT;
1849 	}
1850 
1851 	if (get_user(olr, optlen))
1852 		return -EFAULT;
1853 
1854 	olr = min_t(int, olr, sizeof(int));
1855 	if (olr < 0)
1856 		return -EINVAL;
1857 
1858 	if (put_user(olr, optlen))
1859 		return -EFAULT;
1860 	if (copy_to_user(optval, &val, olr))
1861 		return -EFAULT;
1862 	return 0;
1863 }
1864 
1865 /*
1866  *	The IP multicast ioctl support routines.
1867  */
1868 
1869 int ip6mr_ioctl(struct sock *sk, int cmd, void __user *arg)
1870 {
1871 	struct sioc_sg_req6 sr;
1872 	struct sioc_mif_req6 vr;
1873 	struct mif_device *vif;
1874 	struct mfc6_cache *c;
1875 	struct net *net = sock_net(sk);
1876 	struct mr6_table *mrt;
1877 
1878 	mrt = ip6mr_get_table(net, raw6_sk(sk)->ip6mr_table ? : RT6_TABLE_DFLT);
1879 	if (!mrt)
1880 		return -ENOENT;
1881 
1882 	switch (cmd) {
1883 	case SIOCGETMIFCNT_IN6:
1884 		if (copy_from_user(&vr, arg, sizeof(vr)))
1885 			return -EFAULT;
1886 		if (vr.mifi >= mrt->maxvif)
1887 			return -EINVAL;
1888 		read_lock(&mrt_lock);
1889 		vif = &mrt->vif6_table[vr.mifi];
1890 		if (MIF_EXISTS(mrt, vr.mifi)) {
1891 			vr.icount = vif->pkt_in;
1892 			vr.ocount = vif->pkt_out;
1893 			vr.ibytes = vif->bytes_in;
1894 			vr.obytes = vif->bytes_out;
1895 			read_unlock(&mrt_lock);
1896 
1897 			if (copy_to_user(arg, &vr, sizeof(vr)))
1898 				return -EFAULT;
1899 			return 0;
1900 		}
1901 		read_unlock(&mrt_lock);
1902 		return -EADDRNOTAVAIL;
1903 	case SIOCGETSGCNT_IN6:
1904 		if (copy_from_user(&sr, arg, sizeof(sr)))
1905 			return -EFAULT;
1906 
1907 		read_lock(&mrt_lock);
1908 		c = ip6mr_cache_find(mrt, &sr.src.sin6_addr, &sr.grp.sin6_addr);
1909 		if (c) {
1910 			sr.pktcnt = c->mfc_un.res.pkt;
1911 			sr.bytecnt = c->mfc_un.res.bytes;
1912 			sr.wrong_if = c->mfc_un.res.wrong_if;
1913 			read_unlock(&mrt_lock);
1914 
1915 			if (copy_to_user(arg, &sr, sizeof(sr)))
1916 				return -EFAULT;
1917 			return 0;
1918 		}
1919 		read_unlock(&mrt_lock);
1920 		return -EADDRNOTAVAIL;
1921 	default:
1922 		return -ENOIOCTLCMD;
1923 	}
1924 }
1925 
1926 #ifdef CONFIG_COMPAT
1927 struct compat_sioc_sg_req6 {
1928 	struct sockaddr_in6 src;
1929 	struct sockaddr_in6 grp;
1930 	compat_ulong_t pktcnt;
1931 	compat_ulong_t bytecnt;
1932 	compat_ulong_t wrong_if;
1933 };
1934 
1935 struct compat_sioc_mif_req6 {
1936 	mifi_t	mifi;
1937 	compat_ulong_t icount;
1938 	compat_ulong_t ocount;
1939 	compat_ulong_t ibytes;
1940 	compat_ulong_t obytes;
1941 };
1942 
1943 int ip6mr_compat_ioctl(struct sock *sk, unsigned int cmd, void __user *arg)
1944 {
1945 	struct compat_sioc_sg_req6 sr;
1946 	struct compat_sioc_mif_req6 vr;
1947 	struct mif_device *vif;
1948 	struct mfc6_cache *c;
1949 	struct net *net = sock_net(sk);
1950 	struct mr6_table *mrt;
1951 
1952 	mrt = ip6mr_get_table(net, raw6_sk(sk)->ip6mr_table ? : RT6_TABLE_DFLT);
1953 	if (!mrt)
1954 		return -ENOENT;
1955 
1956 	switch (cmd) {
1957 	case SIOCGETMIFCNT_IN6:
1958 		if (copy_from_user(&vr, arg, sizeof(vr)))
1959 			return -EFAULT;
1960 		if (vr.mifi >= mrt->maxvif)
1961 			return -EINVAL;
1962 		read_lock(&mrt_lock);
1963 		vif = &mrt->vif6_table[vr.mifi];
1964 		if (MIF_EXISTS(mrt, vr.mifi)) {
1965 			vr.icount = vif->pkt_in;
1966 			vr.ocount = vif->pkt_out;
1967 			vr.ibytes = vif->bytes_in;
1968 			vr.obytes = vif->bytes_out;
1969 			read_unlock(&mrt_lock);
1970 
1971 			if (copy_to_user(arg, &vr, sizeof(vr)))
1972 				return -EFAULT;
1973 			return 0;
1974 		}
1975 		read_unlock(&mrt_lock);
1976 		return -EADDRNOTAVAIL;
1977 	case SIOCGETSGCNT_IN6:
1978 		if (copy_from_user(&sr, arg, sizeof(sr)))
1979 			return -EFAULT;
1980 
1981 		read_lock(&mrt_lock);
1982 		c = ip6mr_cache_find(mrt, &sr.src.sin6_addr, &sr.grp.sin6_addr);
1983 		if (c) {
1984 			sr.pktcnt = c->mfc_un.res.pkt;
1985 			sr.bytecnt = c->mfc_un.res.bytes;
1986 			sr.wrong_if = c->mfc_un.res.wrong_if;
1987 			read_unlock(&mrt_lock);
1988 
1989 			if (copy_to_user(arg, &sr, sizeof(sr)))
1990 				return -EFAULT;
1991 			return 0;
1992 		}
1993 		read_unlock(&mrt_lock);
1994 		return -EADDRNOTAVAIL;
1995 	default:
1996 		return -ENOIOCTLCMD;
1997 	}
1998 }
1999 #endif
2000 
2001 static inline int ip6mr_forward2_finish(struct net *net, struct sock *sk, struct sk_buff *skb)
2002 {
2003 	__IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)),
2004 			IPSTATS_MIB_OUTFORWDATAGRAMS);
2005 	__IP6_ADD_STATS(net, ip6_dst_idev(skb_dst(skb)),
2006 			IPSTATS_MIB_OUTOCTETS, skb->len);
2007 	return dst_output(net, sk, skb);
2008 }
2009 
2010 /*
2011  *	Processing handlers for ip6mr_forward
2012  */
2013 
2014 static int ip6mr_forward2(struct net *net, struct mr6_table *mrt,
2015 			  struct sk_buff *skb, struct mfc6_cache *c, int vifi)
2016 {
2017 	struct ipv6hdr *ipv6h;
2018 	struct mif_device *vif = &mrt->vif6_table[vifi];
2019 	struct net_device *dev;
2020 	struct dst_entry *dst;
2021 	struct flowi6 fl6;
2022 
2023 	if (!vif->dev)
2024 		goto out_free;
2025 
2026 #ifdef CONFIG_IPV6_PIMSM_V2
2027 	if (vif->flags & MIFF_REGISTER) {
2028 		vif->pkt_out++;
2029 		vif->bytes_out += skb->len;
2030 		vif->dev->stats.tx_bytes += skb->len;
2031 		vif->dev->stats.tx_packets++;
2032 		ip6mr_cache_report(mrt, skb, vifi, MRT6MSG_WHOLEPKT);
2033 		goto out_free;
2034 	}
2035 #endif
2036 
2037 	ipv6h = ipv6_hdr(skb);
2038 
2039 	fl6 = (struct flowi6) {
2040 		.flowi6_oif = vif->link,
2041 		.daddr = ipv6h->daddr,
2042 	};
2043 
2044 	dst = ip6_route_output(net, NULL, &fl6);
2045 	if (dst->error) {
2046 		dst_release(dst);
2047 		goto out_free;
2048 	}
2049 
2050 	skb_dst_drop(skb);
2051 	skb_dst_set(skb, dst);
2052 
2053 	/*
2054 	 * RFC1584 teaches, that DVMRP/PIM router must deliver packets locally
2055 	 * not only before forwarding, but after forwarding on all output
2056 	 * interfaces. It is clear, if mrouter runs a multicasting
2057 	 * program, it should receive packets not depending to what interface
2058 	 * program is joined.
2059 	 * If we will not make it, the program will have to join on all
2060 	 * interfaces. On the other hand, multihoming host (or router, but
2061 	 * not mrouter) cannot join to more than one interface - it will
2062 	 * result in receiving multiple packets.
2063 	 */
2064 	dev = vif->dev;
2065 	skb->dev = dev;
2066 	vif->pkt_out++;
2067 	vif->bytes_out += skb->len;
2068 
2069 	/* We are about to write */
2070 	/* XXX: extension headers? */
2071 	if (skb_cow(skb, sizeof(*ipv6h) + LL_RESERVED_SPACE(dev)))
2072 		goto out_free;
2073 
2074 	ipv6h = ipv6_hdr(skb);
2075 	ipv6h->hop_limit--;
2076 
2077 	IP6CB(skb)->flags |= IP6SKB_FORWARDED;
2078 
2079 	return NF_HOOK(NFPROTO_IPV6, NF_INET_FORWARD,
2080 		       net, NULL, skb, skb->dev, dev,
2081 		       ip6mr_forward2_finish);
2082 
2083 out_free:
2084 	kfree_skb(skb);
2085 	return 0;
2086 }
2087 
2088 static int ip6mr_find_vif(struct mr6_table *mrt, struct net_device *dev)
2089 {
2090 	int ct;
2091 
2092 	for (ct = mrt->maxvif - 1; ct >= 0; ct--) {
2093 		if (mrt->vif6_table[ct].dev == dev)
2094 			break;
2095 	}
2096 	return ct;
2097 }
2098 
2099 static void ip6_mr_forward(struct net *net, struct mr6_table *mrt,
2100 			   struct sk_buff *skb, struct mfc6_cache *cache)
2101 {
2102 	int psend = -1;
2103 	int vif, ct;
2104 	int true_vifi = ip6mr_find_vif(mrt, skb->dev);
2105 
2106 	vif = cache->mf6c_parent;
2107 	cache->mfc_un.res.pkt++;
2108 	cache->mfc_un.res.bytes += skb->len;
2109 	cache->mfc_un.res.lastuse = jiffies;
2110 
2111 	if (ipv6_addr_any(&cache->mf6c_origin) && true_vifi >= 0) {
2112 		struct mfc6_cache *cache_proxy;
2113 
2114 		/* For an (*,G) entry, we only check that the incoming
2115 		 * interface is part of the static tree.
2116 		 */
2117 		cache_proxy = ip6mr_cache_find_any_parent(mrt, vif);
2118 		if (cache_proxy &&
2119 		    cache_proxy->mfc_un.res.ttls[true_vifi] < 255)
2120 			goto forward;
2121 	}
2122 
2123 	/*
2124 	 * Wrong interface: drop packet and (maybe) send PIM assert.
2125 	 */
2126 	if (mrt->vif6_table[vif].dev != skb->dev) {
2127 		cache->mfc_un.res.wrong_if++;
2128 
2129 		if (true_vifi >= 0 && mrt->mroute_do_assert &&
2130 		    /* pimsm uses asserts, when switching from RPT to SPT,
2131 		       so that we cannot check that packet arrived on an oif.
2132 		       It is bad, but otherwise we would need to move pretty
2133 		       large chunk of pimd to kernel. Ough... --ANK
2134 		     */
2135 		    (mrt->mroute_do_pim ||
2136 		     cache->mfc_un.res.ttls[true_vifi] < 255) &&
2137 		    time_after(jiffies,
2138 			       cache->mfc_un.res.last_assert + MFC_ASSERT_THRESH)) {
2139 			cache->mfc_un.res.last_assert = jiffies;
2140 			ip6mr_cache_report(mrt, skb, true_vifi, MRT6MSG_WRONGMIF);
2141 		}
2142 		goto dont_forward;
2143 	}
2144 
2145 forward:
2146 	mrt->vif6_table[vif].pkt_in++;
2147 	mrt->vif6_table[vif].bytes_in += skb->len;
2148 
2149 	/*
2150 	 *	Forward the frame
2151 	 */
2152 	if (ipv6_addr_any(&cache->mf6c_origin) &&
2153 	    ipv6_addr_any(&cache->mf6c_mcastgrp)) {
2154 		if (true_vifi >= 0 &&
2155 		    true_vifi != cache->mf6c_parent &&
2156 		    ipv6_hdr(skb)->hop_limit >
2157 				cache->mfc_un.res.ttls[cache->mf6c_parent]) {
2158 			/* It's an (*,*) entry and the packet is not coming from
2159 			 * the upstream: forward the packet to the upstream
2160 			 * only.
2161 			 */
2162 			psend = cache->mf6c_parent;
2163 			goto last_forward;
2164 		}
2165 		goto dont_forward;
2166 	}
2167 	for (ct = cache->mfc_un.res.maxvif - 1; ct >= cache->mfc_un.res.minvif; ct--) {
2168 		/* For (*,G) entry, don't forward to the incoming interface */
2169 		if ((!ipv6_addr_any(&cache->mf6c_origin) || ct != true_vifi) &&
2170 		    ipv6_hdr(skb)->hop_limit > cache->mfc_un.res.ttls[ct]) {
2171 			if (psend != -1) {
2172 				struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC);
2173 				if (skb2)
2174 					ip6mr_forward2(net, mrt, skb2, cache, psend);
2175 			}
2176 			psend = ct;
2177 		}
2178 	}
2179 last_forward:
2180 	if (psend != -1) {
2181 		ip6mr_forward2(net, mrt, skb, cache, psend);
2182 		return;
2183 	}
2184 
2185 dont_forward:
2186 	kfree_skb(skb);
2187 }
2188 
2189 
2190 /*
2191  *	Multicast packets for forwarding arrive here
2192  */
2193 
2194 int ip6_mr_input(struct sk_buff *skb)
2195 {
2196 	struct mfc6_cache *cache;
2197 	struct net *net = dev_net(skb->dev);
2198 	struct mr6_table *mrt;
2199 	struct flowi6 fl6 = {
2200 		.flowi6_iif	= skb->dev->ifindex,
2201 		.flowi6_mark	= skb->mark,
2202 	};
2203 	int err;
2204 
2205 	err = ip6mr_fib_lookup(net, &fl6, &mrt);
2206 	if (err < 0) {
2207 		kfree_skb(skb);
2208 		return err;
2209 	}
2210 
2211 	read_lock(&mrt_lock);
2212 	cache = ip6mr_cache_find(mrt,
2213 				 &ipv6_hdr(skb)->saddr, &ipv6_hdr(skb)->daddr);
2214 	if (!cache) {
2215 		int vif = ip6mr_find_vif(mrt, skb->dev);
2216 
2217 		if (vif >= 0)
2218 			cache = ip6mr_cache_find_any(mrt,
2219 						     &ipv6_hdr(skb)->daddr,
2220 						     vif);
2221 	}
2222 
2223 	/*
2224 	 *	No usable cache entry
2225 	 */
2226 	if (!cache) {
2227 		int vif;
2228 
2229 		vif = ip6mr_find_vif(mrt, skb->dev);
2230 		if (vif >= 0) {
2231 			int err = ip6mr_cache_unresolved(mrt, vif, skb);
2232 			read_unlock(&mrt_lock);
2233 
2234 			return err;
2235 		}
2236 		read_unlock(&mrt_lock);
2237 		kfree_skb(skb);
2238 		return -ENODEV;
2239 	}
2240 
2241 	ip6_mr_forward(net, mrt, skb, cache);
2242 
2243 	read_unlock(&mrt_lock);
2244 
2245 	return 0;
2246 }
2247 
2248 
2249 static int __ip6mr_fill_mroute(struct mr6_table *mrt, struct sk_buff *skb,
2250 			       struct mfc6_cache *c, struct rtmsg *rtm)
2251 {
2252 	struct rta_mfc_stats mfcs;
2253 	struct nlattr *mp_attr;
2254 	struct rtnexthop *nhp;
2255 	unsigned long lastuse;
2256 	int ct;
2257 
2258 	/* If cache is unresolved, don't try to parse IIF and OIF */
2259 	if (c->mf6c_parent >= MAXMIFS) {
2260 		rtm->rtm_flags |= RTNH_F_UNRESOLVED;
2261 		return -ENOENT;
2262 	}
2263 
2264 	if (MIF_EXISTS(mrt, c->mf6c_parent) &&
2265 	    nla_put_u32(skb, RTA_IIF, mrt->vif6_table[c->mf6c_parent].dev->ifindex) < 0)
2266 		return -EMSGSIZE;
2267 	mp_attr = nla_nest_start(skb, RTA_MULTIPATH);
2268 	if (!mp_attr)
2269 		return -EMSGSIZE;
2270 
2271 	for (ct = c->mfc_un.res.minvif; ct < c->mfc_un.res.maxvif; ct++) {
2272 		if (MIF_EXISTS(mrt, ct) && c->mfc_un.res.ttls[ct] < 255) {
2273 			nhp = nla_reserve_nohdr(skb, sizeof(*nhp));
2274 			if (!nhp) {
2275 				nla_nest_cancel(skb, mp_attr);
2276 				return -EMSGSIZE;
2277 			}
2278 
2279 			nhp->rtnh_flags = 0;
2280 			nhp->rtnh_hops = c->mfc_un.res.ttls[ct];
2281 			nhp->rtnh_ifindex = mrt->vif6_table[ct].dev->ifindex;
2282 			nhp->rtnh_len = sizeof(*nhp);
2283 		}
2284 	}
2285 
2286 	nla_nest_end(skb, mp_attr);
2287 
2288 	lastuse = READ_ONCE(c->mfc_un.res.lastuse);
2289 	lastuse = time_after_eq(jiffies, lastuse) ? jiffies - lastuse : 0;
2290 
2291 	mfcs.mfcs_packets = c->mfc_un.res.pkt;
2292 	mfcs.mfcs_bytes = c->mfc_un.res.bytes;
2293 	mfcs.mfcs_wrong_if = c->mfc_un.res.wrong_if;
2294 	if (nla_put_64bit(skb, RTA_MFC_STATS, sizeof(mfcs), &mfcs, RTA_PAD) ||
2295 	    nla_put_u64_64bit(skb, RTA_EXPIRES, jiffies_to_clock_t(lastuse),
2296 			      RTA_PAD))
2297 		return -EMSGSIZE;
2298 
2299 	rtm->rtm_type = RTN_MULTICAST;
2300 	return 1;
2301 }
2302 
2303 int ip6mr_get_route(struct net *net, struct sk_buff *skb, struct rtmsg *rtm,
2304 		    u32 portid)
2305 {
2306 	int err;
2307 	struct mr6_table *mrt;
2308 	struct mfc6_cache *cache;
2309 	struct rt6_info *rt = (struct rt6_info *)skb_dst(skb);
2310 
2311 	mrt = ip6mr_get_table(net, RT6_TABLE_DFLT);
2312 	if (!mrt)
2313 		return -ENOENT;
2314 
2315 	read_lock(&mrt_lock);
2316 	cache = ip6mr_cache_find(mrt, &rt->rt6i_src.addr, &rt->rt6i_dst.addr);
2317 	if (!cache && skb->dev) {
2318 		int vif = ip6mr_find_vif(mrt, skb->dev);
2319 
2320 		if (vif >= 0)
2321 			cache = ip6mr_cache_find_any(mrt, &rt->rt6i_dst.addr,
2322 						     vif);
2323 	}
2324 
2325 	if (!cache) {
2326 		struct sk_buff *skb2;
2327 		struct ipv6hdr *iph;
2328 		struct net_device *dev;
2329 		int vif;
2330 
2331 		dev = skb->dev;
2332 		if (!dev || (vif = ip6mr_find_vif(mrt, dev)) < 0) {
2333 			read_unlock(&mrt_lock);
2334 			return -ENODEV;
2335 		}
2336 
2337 		/* really correct? */
2338 		skb2 = alloc_skb(sizeof(struct ipv6hdr), GFP_ATOMIC);
2339 		if (!skb2) {
2340 			read_unlock(&mrt_lock);
2341 			return -ENOMEM;
2342 		}
2343 
2344 		NETLINK_CB(skb2).portid = portid;
2345 		skb_reset_transport_header(skb2);
2346 
2347 		skb_put(skb2, sizeof(struct ipv6hdr));
2348 		skb_reset_network_header(skb2);
2349 
2350 		iph = ipv6_hdr(skb2);
2351 		iph->version = 0;
2352 		iph->priority = 0;
2353 		iph->flow_lbl[0] = 0;
2354 		iph->flow_lbl[1] = 0;
2355 		iph->flow_lbl[2] = 0;
2356 		iph->payload_len = 0;
2357 		iph->nexthdr = IPPROTO_NONE;
2358 		iph->hop_limit = 0;
2359 		iph->saddr = rt->rt6i_src.addr;
2360 		iph->daddr = rt->rt6i_dst.addr;
2361 
2362 		err = ip6mr_cache_unresolved(mrt, vif, skb2);
2363 		read_unlock(&mrt_lock);
2364 
2365 		return err;
2366 	}
2367 
2368 	if (rtm->rtm_flags & RTM_F_NOTIFY)
2369 		cache->mfc_flags |= MFC_NOTIFY;
2370 
2371 	err = __ip6mr_fill_mroute(mrt, skb, cache, rtm);
2372 	read_unlock(&mrt_lock);
2373 	return err;
2374 }
2375 
2376 static int ip6mr_fill_mroute(struct mr6_table *mrt, struct sk_buff *skb,
2377 			     u32 portid, u32 seq, struct mfc6_cache *c, int cmd,
2378 			     int flags)
2379 {
2380 	struct nlmsghdr *nlh;
2381 	struct rtmsg *rtm;
2382 	int err;
2383 
2384 	nlh = nlmsg_put(skb, portid, seq, cmd, sizeof(*rtm), flags);
2385 	if (!nlh)
2386 		return -EMSGSIZE;
2387 
2388 	rtm = nlmsg_data(nlh);
2389 	rtm->rtm_family   = RTNL_FAMILY_IP6MR;
2390 	rtm->rtm_dst_len  = 128;
2391 	rtm->rtm_src_len  = 128;
2392 	rtm->rtm_tos      = 0;
2393 	rtm->rtm_table    = mrt->id;
2394 	if (nla_put_u32(skb, RTA_TABLE, mrt->id))
2395 		goto nla_put_failure;
2396 	rtm->rtm_type = RTN_MULTICAST;
2397 	rtm->rtm_scope    = RT_SCOPE_UNIVERSE;
2398 	if (c->mfc_flags & MFC_STATIC)
2399 		rtm->rtm_protocol = RTPROT_STATIC;
2400 	else
2401 		rtm->rtm_protocol = RTPROT_MROUTED;
2402 	rtm->rtm_flags    = 0;
2403 
2404 	if (nla_put_in6_addr(skb, RTA_SRC, &c->mf6c_origin) ||
2405 	    nla_put_in6_addr(skb, RTA_DST, &c->mf6c_mcastgrp))
2406 		goto nla_put_failure;
2407 	err = __ip6mr_fill_mroute(mrt, skb, c, rtm);
2408 	/* do not break the dump if cache is unresolved */
2409 	if (err < 0 && err != -ENOENT)
2410 		goto nla_put_failure;
2411 
2412 	nlmsg_end(skb, nlh);
2413 	return 0;
2414 
2415 nla_put_failure:
2416 	nlmsg_cancel(skb, nlh);
2417 	return -EMSGSIZE;
2418 }
2419 
2420 static int mr6_msgsize(bool unresolved, int maxvif)
2421 {
2422 	size_t len =
2423 		NLMSG_ALIGN(sizeof(struct rtmsg))
2424 		+ nla_total_size(4)	/* RTA_TABLE */
2425 		+ nla_total_size(sizeof(struct in6_addr))	/* RTA_SRC */
2426 		+ nla_total_size(sizeof(struct in6_addr))	/* RTA_DST */
2427 		;
2428 
2429 	if (!unresolved)
2430 		len = len
2431 		      + nla_total_size(4)	/* RTA_IIF */
2432 		      + nla_total_size(0)	/* RTA_MULTIPATH */
2433 		      + maxvif * NLA_ALIGN(sizeof(struct rtnexthop))
2434 						/* RTA_MFC_STATS */
2435 		      + nla_total_size_64bit(sizeof(struct rta_mfc_stats))
2436 		;
2437 
2438 	return len;
2439 }
2440 
2441 static void mr6_netlink_event(struct mr6_table *mrt, struct mfc6_cache *mfc,
2442 			      int cmd)
2443 {
2444 	struct net *net = read_pnet(&mrt->net);
2445 	struct sk_buff *skb;
2446 	int err = -ENOBUFS;
2447 
2448 	skb = nlmsg_new(mr6_msgsize(mfc->mf6c_parent >= MAXMIFS, mrt->maxvif),
2449 			GFP_ATOMIC);
2450 	if (!skb)
2451 		goto errout;
2452 
2453 	err = ip6mr_fill_mroute(mrt, skb, 0, 0, mfc, cmd, 0);
2454 	if (err < 0)
2455 		goto errout;
2456 
2457 	rtnl_notify(skb, net, 0, RTNLGRP_IPV6_MROUTE, NULL, GFP_ATOMIC);
2458 	return;
2459 
2460 errout:
2461 	kfree_skb(skb);
2462 	if (err < 0)
2463 		rtnl_set_sk_err(net, RTNLGRP_IPV6_MROUTE, err);
2464 }
2465 
2466 static size_t mrt6msg_netlink_msgsize(size_t payloadlen)
2467 {
2468 	size_t len =
2469 		NLMSG_ALIGN(sizeof(struct rtgenmsg))
2470 		+ nla_total_size(1)	/* IP6MRA_CREPORT_MSGTYPE */
2471 		+ nla_total_size(4)	/* IP6MRA_CREPORT_MIF_ID */
2472 					/* IP6MRA_CREPORT_SRC_ADDR */
2473 		+ nla_total_size(sizeof(struct in6_addr))
2474 					/* IP6MRA_CREPORT_DST_ADDR */
2475 		+ nla_total_size(sizeof(struct in6_addr))
2476 					/* IP6MRA_CREPORT_PKT */
2477 		+ nla_total_size(payloadlen)
2478 		;
2479 
2480 	return len;
2481 }
2482 
2483 static void mrt6msg_netlink_event(struct mr6_table *mrt, struct sk_buff *pkt)
2484 {
2485 	struct net *net = read_pnet(&mrt->net);
2486 	struct nlmsghdr *nlh;
2487 	struct rtgenmsg *rtgenm;
2488 	struct mrt6msg *msg;
2489 	struct sk_buff *skb;
2490 	struct nlattr *nla;
2491 	int payloadlen;
2492 
2493 	payloadlen = pkt->len - sizeof(struct mrt6msg);
2494 	msg = (struct mrt6msg *)skb_transport_header(pkt);
2495 
2496 	skb = nlmsg_new(mrt6msg_netlink_msgsize(payloadlen), GFP_ATOMIC);
2497 	if (!skb)
2498 		goto errout;
2499 
2500 	nlh = nlmsg_put(skb, 0, 0, RTM_NEWCACHEREPORT,
2501 			sizeof(struct rtgenmsg), 0);
2502 	if (!nlh)
2503 		goto errout;
2504 	rtgenm = nlmsg_data(nlh);
2505 	rtgenm->rtgen_family = RTNL_FAMILY_IP6MR;
2506 	if (nla_put_u8(skb, IP6MRA_CREPORT_MSGTYPE, msg->im6_msgtype) ||
2507 	    nla_put_u32(skb, IP6MRA_CREPORT_MIF_ID, msg->im6_mif) ||
2508 	    nla_put_in6_addr(skb, IP6MRA_CREPORT_SRC_ADDR,
2509 			     &msg->im6_src) ||
2510 	    nla_put_in6_addr(skb, IP6MRA_CREPORT_DST_ADDR,
2511 			     &msg->im6_dst))
2512 		goto nla_put_failure;
2513 
2514 	nla = nla_reserve(skb, IP6MRA_CREPORT_PKT, payloadlen);
2515 	if (!nla || skb_copy_bits(pkt, sizeof(struct mrt6msg),
2516 				  nla_data(nla), payloadlen))
2517 		goto nla_put_failure;
2518 
2519 	nlmsg_end(skb, nlh);
2520 
2521 	rtnl_notify(skb, net, 0, RTNLGRP_IPV6_MROUTE_R, NULL, GFP_ATOMIC);
2522 	return;
2523 
2524 nla_put_failure:
2525 	nlmsg_cancel(skb, nlh);
2526 errout:
2527 	kfree_skb(skb);
2528 	rtnl_set_sk_err(net, RTNLGRP_IPV6_MROUTE_R, -ENOBUFS);
2529 }
2530 
2531 static int ip6mr_rtm_dumproute(struct sk_buff *skb, struct netlink_callback *cb)
2532 {
2533 	struct net *net = sock_net(skb->sk);
2534 	struct mr6_table *mrt;
2535 	struct mfc6_cache *mfc;
2536 	unsigned int t = 0, s_t;
2537 	unsigned int h = 0, s_h;
2538 	unsigned int e = 0, s_e;
2539 
2540 	s_t = cb->args[0];
2541 	s_h = cb->args[1];
2542 	s_e = cb->args[2];
2543 
2544 	read_lock(&mrt_lock);
2545 	ip6mr_for_each_table(mrt, net) {
2546 		if (t < s_t)
2547 			goto next_table;
2548 		if (t > s_t)
2549 			s_h = 0;
2550 		for (h = s_h; h < MFC6_LINES; h++) {
2551 			list_for_each_entry(mfc, &mrt->mfc6_cache_array[h], list) {
2552 				if (e < s_e)
2553 					goto next_entry;
2554 				if (ip6mr_fill_mroute(mrt, skb,
2555 						      NETLINK_CB(cb->skb).portid,
2556 						      cb->nlh->nlmsg_seq,
2557 						      mfc, RTM_NEWROUTE,
2558 						      NLM_F_MULTI) < 0)
2559 					goto done;
2560 next_entry:
2561 				e++;
2562 			}
2563 			e = s_e = 0;
2564 		}
2565 		spin_lock_bh(&mfc_unres_lock);
2566 		list_for_each_entry(mfc, &mrt->mfc6_unres_queue, list) {
2567 			if (e < s_e)
2568 				goto next_entry2;
2569 			if (ip6mr_fill_mroute(mrt, skb,
2570 					      NETLINK_CB(cb->skb).portid,
2571 					      cb->nlh->nlmsg_seq,
2572 					      mfc, RTM_NEWROUTE,
2573 					      NLM_F_MULTI) < 0) {
2574 				spin_unlock_bh(&mfc_unres_lock);
2575 				goto done;
2576 			}
2577 next_entry2:
2578 			e++;
2579 		}
2580 		spin_unlock_bh(&mfc_unres_lock);
2581 		e = s_e = 0;
2582 		s_h = 0;
2583 next_table:
2584 		t++;
2585 	}
2586 done:
2587 	read_unlock(&mrt_lock);
2588 
2589 	cb->args[2] = e;
2590 	cb->args[1] = h;
2591 	cb->args[0] = t;
2592 
2593 	return skb->len;
2594 }
2595