1 /* 2 * Multicast support for IPv6 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * 8 * Based on linux/ipv4/igmp.c and linux/ipv4/ip_sockglue.c 9 * 10 * This program is free software; you can redistribute it and/or 11 * modify it under the terms of the GNU General Public License 12 * as published by the Free Software Foundation; either version 13 * 2 of the License, or (at your option) any later version. 14 */ 15 16 /* Changes: 17 * 18 * yoshfuji : fix format of router-alert option 19 * YOSHIFUJI Hideaki @USAGI: 20 * Fixed source address for MLD message based on 21 * <draft-ietf-magma-mld-source-05.txt>. 22 * YOSHIFUJI Hideaki @USAGI: 23 * - Ignore Queries for invalid addresses. 24 * - MLD for link-local addresses. 25 * David L Stevens <dlstevens@us.ibm.com>: 26 * - MLDv2 support 27 */ 28 29 #include <linux/module.h> 30 #include <linux/errno.h> 31 #include <linux/types.h> 32 #include <linux/string.h> 33 #include <linux/socket.h> 34 #include <linux/sockios.h> 35 #include <linux/jiffies.h> 36 #include <linux/times.h> 37 #include <linux/net.h> 38 #include <linux/in.h> 39 #include <linux/in6.h> 40 #include <linux/netdevice.h> 41 #include <linux/if_arp.h> 42 #include <linux/route.h> 43 #include <linux/init.h> 44 #include <linux/proc_fs.h> 45 #include <linux/seq_file.h> 46 #include <linux/slab.h> 47 #include <linux/pkt_sched.h> 48 #include <net/mld.h> 49 50 #include <linux/netfilter.h> 51 #include <linux/netfilter_ipv6.h> 52 53 #include <net/net_namespace.h> 54 #include <net/sock.h> 55 #include <net/snmp.h> 56 57 #include <net/ipv6.h> 58 #include <net/protocol.h> 59 #include <net/if_inet6.h> 60 #include <net/ndisc.h> 61 #include <net/addrconf.h> 62 #include <net/ip6_route.h> 63 #include <net/inet_common.h> 64 65 #include <net/ip6_checksum.h> 66 67 /* Ensure that we have struct in6_addr aligned on 32bit word. */ 68 static int __mld2_query_bugs[] __attribute__((__unused__)) = { 69 BUILD_BUG_ON_ZERO(offsetof(struct mld2_query, mld2q_srcs) % 4), 70 BUILD_BUG_ON_ZERO(offsetof(struct mld2_report, mld2r_grec) % 4), 71 BUILD_BUG_ON_ZERO(offsetof(struct mld2_grec, grec_mca) % 4) 72 }; 73 74 static struct in6_addr mld2_all_mcr = MLD2_ALL_MCR_INIT; 75 76 static void igmp6_join_group(struct ifmcaddr6 *ma); 77 static void igmp6_leave_group(struct ifmcaddr6 *ma); 78 static void igmp6_timer_handler(struct timer_list *t); 79 80 static void mld_gq_timer_expire(struct timer_list *t); 81 static void mld_ifc_timer_expire(struct timer_list *t); 82 static void mld_ifc_event(struct inet6_dev *idev); 83 static void mld_add_delrec(struct inet6_dev *idev, struct ifmcaddr6 *pmc); 84 static void mld_del_delrec(struct inet6_dev *idev, struct ifmcaddr6 *pmc); 85 static void mld_clear_delrec(struct inet6_dev *idev); 86 static bool mld_in_v1_mode(const struct inet6_dev *idev); 87 static int sf_setstate(struct ifmcaddr6 *pmc); 88 static void sf_markstate(struct ifmcaddr6 *pmc); 89 static void ip6_mc_clear_src(struct ifmcaddr6 *pmc); 90 static int ip6_mc_del_src(struct inet6_dev *idev, const struct in6_addr *pmca, 91 int sfmode, int sfcount, const struct in6_addr *psfsrc, 92 int delta); 93 static int ip6_mc_add_src(struct inet6_dev *idev, const struct in6_addr *pmca, 94 int sfmode, int sfcount, const struct in6_addr *psfsrc, 95 int delta); 96 static int ip6_mc_leave_src(struct sock *sk, struct ipv6_mc_socklist *iml, 97 struct inet6_dev *idev); 98 static int __ipv6_dev_mc_inc(struct net_device *dev, 99 const struct in6_addr *addr, unsigned int mode); 100 101 #define MLD_QRV_DEFAULT 2 102 /* RFC3810, 9.2. Query Interval */ 103 #define MLD_QI_DEFAULT (125 * HZ) 104 /* RFC3810, 9.3. Query Response Interval */ 105 #define MLD_QRI_DEFAULT (10 * HZ) 106 107 /* RFC3810, 8.1 Query Version Distinctions */ 108 #define MLD_V1_QUERY_LEN 24 109 #define MLD_V2_QUERY_LEN_MIN 28 110 111 #define IPV6_MLD_MAX_MSF 64 112 113 int sysctl_mld_max_msf __read_mostly = IPV6_MLD_MAX_MSF; 114 int sysctl_mld_qrv __read_mostly = MLD_QRV_DEFAULT; 115 116 /* 117 * socket join on multicast group 118 */ 119 120 #define for_each_pmc_rcu(np, pmc) \ 121 for (pmc = rcu_dereference(np->ipv6_mc_list); \ 122 pmc != NULL; \ 123 pmc = rcu_dereference(pmc->next)) 124 125 static int unsolicited_report_interval(struct inet6_dev *idev) 126 { 127 int iv; 128 129 if (mld_in_v1_mode(idev)) 130 iv = idev->cnf.mldv1_unsolicited_report_interval; 131 else 132 iv = idev->cnf.mldv2_unsolicited_report_interval; 133 134 return iv > 0 ? iv : 1; 135 } 136 137 static int __ipv6_sock_mc_join(struct sock *sk, int ifindex, 138 const struct in6_addr *addr, unsigned int mode) 139 { 140 struct net_device *dev = NULL; 141 struct ipv6_mc_socklist *mc_lst; 142 struct ipv6_pinfo *np = inet6_sk(sk); 143 struct net *net = sock_net(sk); 144 int err; 145 146 ASSERT_RTNL(); 147 148 if (!ipv6_addr_is_multicast(addr)) 149 return -EINVAL; 150 151 rcu_read_lock(); 152 for_each_pmc_rcu(np, mc_lst) { 153 if ((ifindex == 0 || mc_lst->ifindex == ifindex) && 154 ipv6_addr_equal(&mc_lst->addr, addr)) { 155 rcu_read_unlock(); 156 return -EADDRINUSE; 157 } 158 } 159 rcu_read_unlock(); 160 161 mc_lst = sock_kmalloc(sk, sizeof(struct ipv6_mc_socklist), GFP_KERNEL); 162 163 if (!mc_lst) 164 return -ENOMEM; 165 166 mc_lst->next = NULL; 167 mc_lst->addr = *addr; 168 169 if (ifindex == 0) { 170 struct rt6_info *rt; 171 rt = rt6_lookup(net, addr, NULL, 0, NULL, 0); 172 if (rt) { 173 dev = rt->dst.dev; 174 ip6_rt_put(rt); 175 } 176 } else 177 dev = __dev_get_by_index(net, ifindex); 178 179 if (!dev) { 180 sock_kfree_s(sk, mc_lst, sizeof(*mc_lst)); 181 return -ENODEV; 182 } 183 184 mc_lst->ifindex = dev->ifindex; 185 mc_lst->sfmode = mode; 186 rwlock_init(&mc_lst->sflock); 187 mc_lst->sflist = NULL; 188 189 /* 190 * now add/increase the group membership on the device 191 */ 192 193 err = __ipv6_dev_mc_inc(dev, addr, mode); 194 195 if (err) { 196 sock_kfree_s(sk, mc_lst, sizeof(*mc_lst)); 197 return err; 198 } 199 200 mc_lst->next = np->ipv6_mc_list; 201 rcu_assign_pointer(np->ipv6_mc_list, mc_lst); 202 203 return 0; 204 } 205 206 int ipv6_sock_mc_join(struct sock *sk, int ifindex, const struct in6_addr *addr) 207 { 208 return __ipv6_sock_mc_join(sk, ifindex, addr, MCAST_EXCLUDE); 209 } 210 EXPORT_SYMBOL(ipv6_sock_mc_join); 211 212 int ipv6_sock_mc_join_ssm(struct sock *sk, int ifindex, 213 const struct in6_addr *addr, unsigned int mode) 214 { 215 return __ipv6_sock_mc_join(sk, ifindex, addr, mode); 216 } 217 218 /* 219 * socket leave on multicast group 220 */ 221 int ipv6_sock_mc_drop(struct sock *sk, int ifindex, const struct in6_addr *addr) 222 { 223 struct ipv6_pinfo *np = inet6_sk(sk); 224 struct ipv6_mc_socklist *mc_lst; 225 struct ipv6_mc_socklist __rcu **lnk; 226 struct net *net = sock_net(sk); 227 228 ASSERT_RTNL(); 229 230 if (!ipv6_addr_is_multicast(addr)) 231 return -EINVAL; 232 233 for (lnk = &np->ipv6_mc_list; 234 (mc_lst = rtnl_dereference(*lnk)) != NULL; 235 lnk = &mc_lst->next) { 236 if ((ifindex == 0 || mc_lst->ifindex == ifindex) && 237 ipv6_addr_equal(&mc_lst->addr, addr)) { 238 struct net_device *dev; 239 240 *lnk = mc_lst->next; 241 242 dev = __dev_get_by_index(net, mc_lst->ifindex); 243 if (dev) { 244 struct inet6_dev *idev = __in6_dev_get(dev); 245 246 (void) ip6_mc_leave_src(sk, mc_lst, idev); 247 if (idev) 248 __ipv6_dev_mc_dec(idev, &mc_lst->addr); 249 } else 250 (void) ip6_mc_leave_src(sk, mc_lst, NULL); 251 252 atomic_sub(sizeof(*mc_lst), &sk->sk_omem_alloc); 253 kfree_rcu(mc_lst, rcu); 254 return 0; 255 } 256 } 257 258 return -EADDRNOTAVAIL; 259 } 260 EXPORT_SYMBOL(ipv6_sock_mc_drop); 261 262 /* called with rcu_read_lock() */ 263 static struct inet6_dev *ip6_mc_find_dev_rcu(struct net *net, 264 const struct in6_addr *group, 265 int ifindex) 266 { 267 struct net_device *dev = NULL; 268 struct inet6_dev *idev = NULL; 269 270 if (ifindex == 0) { 271 struct rt6_info *rt = rt6_lookup(net, group, NULL, 0, NULL, 0); 272 273 if (rt) { 274 dev = rt->dst.dev; 275 ip6_rt_put(rt); 276 } 277 } else 278 dev = dev_get_by_index_rcu(net, ifindex); 279 280 if (!dev) 281 return NULL; 282 idev = __in6_dev_get(dev); 283 if (!idev) 284 return NULL; 285 read_lock_bh(&idev->lock); 286 if (idev->dead) { 287 read_unlock_bh(&idev->lock); 288 return NULL; 289 } 290 return idev; 291 } 292 293 void __ipv6_sock_mc_close(struct sock *sk) 294 { 295 struct ipv6_pinfo *np = inet6_sk(sk); 296 struct ipv6_mc_socklist *mc_lst; 297 struct net *net = sock_net(sk); 298 299 ASSERT_RTNL(); 300 301 while ((mc_lst = rtnl_dereference(np->ipv6_mc_list)) != NULL) { 302 struct net_device *dev; 303 304 np->ipv6_mc_list = mc_lst->next; 305 306 dev = __dev_get_by_index(net, mc_lst->ifindex); 307 if (dev) { 308 struct inet6_dev *idev = __in6_dev_get(dev); 309 310 (void) ip6_mc_leave_src(sk, mc_lst, idev); 311 if (idev) 312 __ipv6_dev_mc_dec(idev, &mc_lst->addr); 313 } else 314 (void) ip6_mc_leave_src(sk, mc_lst, NULL); 315 316 atomic_sub(sizeof(*mc_lst), &sk->sk_omem_alloc); 317 kfree_rcu(mc_lst, rcu); 318 } 319 } 320 321 void ipv6_sock_mc_close(struct sock *sk) 322 { 323 struct ipv6_pinfo *np = inet6_sk(sk); 324 325 if (!rcu_access_pointer(np->ipv6_mc_list)) 326 return; 327 rtnl_lock(); 328 __ipv6_sock_mc_close(sk); 329 rtnl_unlock(); 330 } 331 332 int ip6_mc_source(int add, int omode, struct sock *sk, 333 struct group_source_req *pgsr) 334 { 335 struct in6_addr *source, *group; 336 struct ipv6_mc_socklist *pmc; 337 struct inet6_dev *idev; 338 struct ipv6_pinfo *inet6 = inet6_sk(sk); 339 struct ip6_sf_socklist *psl; 340 struct net *net = sock_net(sk); 341 int i, j, rv; 342 int leavegroup = 0; 343 int pmclocked = 0; 344 int err; 345 346 source = &((struct sockaddr_in6 *)&pgsr->gsr_source)->sin6_addr; 347 group = &((struct sockaddr_in6 *)&pgsr->gsr_group)->sin6_addr; 348 349 if (!ipv6_addr_is_multicast(group)) 350 return -EINVAL; 351 352 rcu_read_lock(); 353 idev = ip6_mc_find_dev_rcu(net, group, pgsr->gsr_interface); 354 if (!idev) { 355 rcu_read_unlock(); 356 return -ENODEV; 357 } 358 359 err = -EADDRNOTAVAIL; 360 361 for_each_pmc_rcu(inet6, pmc) { 362 if (pgsr->gsr_interface && pmc->ifindex != pgsr->gsr_interface) 363 continue; 364 if (ipv6_addr_equal(&pmc->addr, group)) 365 break; 366 } 367 if (!pmc) { /* must have a prior join */ 368 err = -EINVAL; 369 goto done; 370 } 371 /* if a source filter was set, must be the same mode as before */ 372 if (pmc->sflist) { 373 if (pmc->sfmode != omode) { 374 err = -EINVAL; 375 goto done; 376 } 377 } else if (pmc->sfmode != omode) { 378 /* allow mode switches for empty-set filters */ 379 ip6_mc_add_src(idev, group, omode, 0, NULL, 0); 380 ip6_mc_del_src(idev, group, pmc->sfmode, 0, NULL, 0); 381 pmc->sfmode = omode; 382 } 383 384 write_lock(&pmc->sflock); 385 pmclocked = 1; 386 387 psl = pmc->sflist; 388 if (!add) { 389 if (!psl) 390 goto done; /* err = -EADDRNOTAVAIL */ 391 rv = !0; 392 for (i = 0; i < psl->sl_count; i++) { 393 rv = !ipv6_addr_equal(&psl->sl_addr[i], source); 394 if (rv == 0) 395 break; 396 } 397 if (rv) /* source not found */ 398 goto done; /* err = -EADDRNOTAVAIL */ 399 400 /* special case - (INCLUDE, empty) == LEAVE_GROUP */ 401 if (psl->sl_count == 1 && omode == MCAST_INCLUDE) { 402 leavegroup = 1; 403 goto done; 404 } 405 406 /* update the interface filter */ 407 ip6_mc_del_src(idev, group, omode, 1, source, 1); 408 409 for (j = i+1; j < psl->sl_count; j++) 410 psl->sl_addr[j-1] = psl->sl_addr[j]; 411 psl->sl_count--; 412 err = 0; 413 goto done; 414 } 415 /* else, add a new source to the filter */ 416 417 if (psl && psl->sl_count >= sysctl_mld_max_msf) { 418 err = -ENOBUFS; 419 goto done; 420 } 421 if (!psl || psl->sl_count == psl->sl_max) { 422 struct ip6_sf_socklist *newpsl; 423 int count = IP6_SFBLOCK; 424 425 if (psl) 426 count += psl->sl_max; 427 newpsl = sock_kmalloc(sk, IP6_SFLSIZE(count), GFP_ATOMIC); 428 if (!newpsl) { 429 err = -ENOBUFS; 430 goto done; 431 } 432 newpsl->sl_max = count; 433 newpsl->sl_count = count - IP6_SFBLOCK; 434 if (psl) { 435 for (i = 0; i < psl->sl_count; i++) 436 newpsl->sl_addr[i] = psl->sl_addr[i]; 437 sock_kfree_s(sk, psl, IP6_SFLSIZE(psl->sl_max)); 438 } 439 pmc->sflist = psl = newpsl; 440 } 441 rv = 1; /* > 0 for insert logic below if sl_count is 0 */ 442 for (i = 0; i < psl->sl_count; i++) { 443 rv = !ipv6_addr_equal(&psl->sl_addr[i], source); 444 if (rv == 0) /* There is an error in the address. */ 445 goto done; 446 } 447 for (j = psl->sl_count-1; j >= i; j--) 448 psl->sl_addr[j+1] = psl->sl_addr[j]; 449 psl->sl_addr[i] = *source; 450 psl->sl_count++; 451 err = 0; 452 /* update the interface list */ 453 ip6_mc_add_src(idev, group, omode, 1, source, 1); 454 done: 455 if (pmclocked) 456 write_unlock(&pmc->sflock); 457 read_unlock_bh(&idev->lock); 458 rcu_read_unlock(); 459 if (leavegroup) 460 err = ipv6_sock_mc_drop(sk, pgsr->gsr_interface, group); 461 return err; 462 } 463 464 int ip6_mc_msfilter(struct sock *sk, struct group_filter *gsf) 465 { 466 const struct in6_addr *group; 467 struct ipv6_mc_socklist *pmc; 468 struct inet6_dev *idev; 469 struct ipv6_pinfo *inet6 = inet6_sk(sk); 470 struct ip6_sf_socklist *newpsl, *psl; 471 struct net *net = sock_net(sk); 472 int leavegroup = 0; 473 int i, err; 474 475 group = &((struct sockaddr_in6 *)&gsf->gf_group)->sin6_addr; 476 477 if (!ipv6_addr_is_multicast(group)) 478 return -EINVAL; 479 if (gsf->gf_fmode != MCAST_INCLUDE && 480 gsf->gf_fmode != MCAST_EXCLUDE) 481 return -EINVAL; 482 483 rcu_read_lock(); 484 idev = ip6_mc_find_dev_rcu(net, group, gsf->gf_interface); 485 486 if (!idev) { 487 rcu_read_unlock(); 488 return -ENODEV; 489 } 490 491 err = 0; 492 493 if (gsf->gf_fmode == MCAST_INCLUDE && gsf->gf_numsrc == 0) { 494 leavegroup = 1; 495 goto done; 496 } 497 498 for_each_pmc_rcu(inet6, pmc) { 499 if (pmc->ifindex != gsf->gf_interface) 500 continue; 501 if (ipv6_addr_equal(&pmc->addr, group)) 502 break; 503 } 504 if (!pmc) { /* must have a prior join */ 505 err = -EINVAL; 506 goto done; 507 } 508 if (gsf->gf_numsrc) { 509 newpsl = sock_kmalloc(sk, IP6_SFLSIZE(gsf->gf_numsrc), 510 GFP_ATOMIC); 511 if (!newpsl) { 512 err = -ENOBUFS; 513 goto done; 514 } 515 newpsl->sl_max = newpsl->sl_count = gsf->gf_numsrc; 516 for (i = 0; i < newpsl->sl_count; ++i) { 517 struct sockaddr_in6 *psin6; 518 519 psin6 = (struct sockaddr_in6 *)&gsf->gf_slist[i]; 520 newpsl->sl_addr[i] = psin6->sin6_addr; 521 } 522 err = ip6_mc_add_src(idev, group, gsf->gf_fmode, 523 newpsl->sl_count, newpsl->sl_addr, 0); 524 if (err) { 525 sock_kfree_s(sk, newpsl, IP6_SFLSIZE(newpsl->sl_max)); 526 goto done; 527 } 528 } else { 529 newpsl = NULL; 530 (void) ip6_mc_add_src(idev, group, gsf->gf_fmode, 0, NULL, 0); 531 } 532 533 write_lock(&pmc->sflock); 534 psl = pmc->sflist; 535 if (psl) { 536 (void) ip6_mc_del_src(idev, group, pmc->sfmode, 537 psl->sl_count, psl->sl_addr, 0); 538 sock_kfree_s(sk, psl, IP6_SFLSIZE(psl->sl_max)); 539 } else 540 (void) ip6_mc_del_src(idev, group, pmc->sfmode, 0, NULL, 0); 541 pmc->sflist = newpsl; 542 pmc->sfmode = gsf->gf_fmode; 543 write_unlock(&pmc->sflock); 544 err = 0; 545 done: 546 read_unlock_bh(&idev->lock); 547 rcu_read_unlock(); 548 if (leavegroup) 549 err = ipv6_sock_mc_drop(sk, gsf->gf_interface, group); 550 return err; 551 } 552 553 int ip6_mc_msfget(struct sock *sk, struct group_filter *gsf, 554 struct group_filter __user *optval, int __user *optlen) 555 { 556 int err, i, count, copycount; 557 const struct in6_addr *group; 558 struct ipv6_mc_socklist *pmc; 559 struct inet6_dev *idev; 560 struct ipv6_pinfo *inet6 = inet6_sk(sk); 561 struct ip6_sf_socklist *psl; 562 struct net *net = sock_net(sk); 563 564 group = &((struct sockaddr_in6 *)&gsf->gf_group)->sin6_addr; 565 566 if (!ipv6_addr_is_multicast(group)) 567 return -EINVAL; 568 569 rcu_read_lock(); 570 idev = ip6_mc_find_dev_rcu(net, group, gsf->gf_interface); 571 572 if (!idev) { 573 rcu_read_unlock(); 574 return -ENODEV; 575 } 576 577 err = -EADDRNOTAVAIL; 578 /* changes to the ipv6_mc_list require the socket lock and 579 * rtnl lock. We have the socket lock and rcu read lock, 580 * so reading the list is safe. 581 */ 582 583 for_each_pmc_rcu(inet6, pmc) { 584 if (pmc->ifindex != gsf->gf_interface) 585 continue; 586 if (ipv6_addr_equal(group, &pmc->addr)) 587 break; 588 } 589 if (!pmc) /* must have a prior join */ 590 goto done; 591 gsf->gf_fmode = pmc->sfmode; 592 psl = pmc->sflist; 593 count = psl ? psl->sl_count : 0; 594 read_unlock_bh(&idev->lock); 595 rcu_read_unlock(); 596 597 copycount = count < gsf->gf_numsrc ? count : gsf->gf_numsrc; 598 gsf->gf_numsrc = count; 599 if (put_user(GROUP_FILTER_SIZE(copycount), optlen) || 600 copy_to_user(optval, gsf, GROUP_FILTER_SIZE(0))) { 601 return -EFAULT; 602 } 603 /* changes to psl require the socket lock, and a write lock 604 * on pmc->sflock. We have the socket lock so reading here is safe. 605 */ 606 for (i = 0; i < copycount; i++) { 607 struct sockaddr_in6 *psin6; 608 struct sockaddr_storage ss; 609 610 psin6 = (struct sockaddr_in6 *)&ss; 611 memset(&ss, 0, sizeof(ss)); 612 psin6->sin6_family = AF_INET6; 613 psin6->sin6_addr = psl->sl_addr[i]; 614 if (copy_to_user(&optval->gf_slist[i], &ss, sizeof(ss))) 615 return -EFAULT; 616 } 617 return 0; 618 done: 619 read_unlock_bh(&idev->lock); 620 rcu_read_unlock(); 621 return err; 622 } 623 624 bool inet6_mc_check(struct sock *sk, const struct in6_addr *mc_addr, 625 const struct in6_addr *src_addr) 626 { 627 struct ipv6_pinfo *np = inet6_sk(sk); 628 struct ipv6_mc_socklist *mc; 629 struct ip6_sf_socklist *psl; 630 bool rv = true; 631 632 rcu_read_lock(); 633 for_each_pmc_rcu(np, mc) { 634 if (ipv6_addr_equal(&mc->addr, mc_addr)) 635 break; 636 } 637 if (!mc) { 638 rcu_read_unlock(); 639 return true; 640 } 641 read_lock(&mc->sflock); 642 psl = mc->sflist; 643 if (!psl) { 644 rv = mc->sfmode == MCAST_EXCLUDE; 645 } else { 646 int i; 647 648 for (i = 0; i < psl->sl_count; i++) { 649 if (ipv6_addr_equal(&psl->sl_addr[i], src_addr)) 650 break; 651 } 652 if (mc->sfmode == MCAST_INCLUDE && i >= psl->sl_count) 653 rv = false; 654 if (mc->sfmode == MCAST_EXCLUDE && i < psl->sl_count) 655 rv = false; 656 } 657 read_unlock(&mc->sflock); 658 rcu_read_unlock(); 659 660 return rv; 661 } 662 663 static void igmp6_group_added(struct ifmcaddr6 *mc) 664 { 665 struct net_device *dev = mc->idev->dev; 666 char buf[MAX_ADDR_LEN]; 667 668 if (IPV6_ADDR_MC_SCOPE(&mc->mca_addr) < 669 IPV6_ADDR_SCOPE_LINKLOCAL) 670 return; 671 672 spin_lock_bh(&mc->mca_lock); 673 if (!(mc->mca_flags&MAF_LOADED)) { 674 mc->mca_flags |= MAF_LOADED; 675 if (ndisc_mc_map(&mc->mca_addr, buf, dev, 0) == 0) 676 dev_mc_add(dev, buf); 677 } 678 spin_unlock_bh(&mc->mca_lock); 679 680 if (!(dev->flags & IFF_UP) || (mc->mca_flags & MAF_NOREPORT)) 681 return; 682 683 if (mld_in_v1_mode(mc->idev)) { 684 igmp6_join_group(mc); 685 return; 686 } 687 /* else v2 */ 688 689 /* Based on RFC3810 6.1, for newly added INCLUDE SSM, we 690 * should not send filter-mode change record as the mode 691 * should be from IN() to IN(A). 692 */ 693 if (mc->mca_sfmode == MCAST_EXCLUDE) 694 mc->mca_crcount = mc->idev->mc_qrv; 695 696 mld_ifc_event(mc->idev); 697 } 698 699 static void igmp6_group_dropped(struct ifmcaddr6 *mc) 700 { 701 struct net_device *dev = mc->idev->dev; 702 char buf[MAX_ADDR_LEN]; 703 704 if (IPV6_ADDR_MC_SCOPE(&mc->mca_addr) < 705 IPV6_ADDR_SCOPE_LINKLOCAL) 706 return; 707 708 spin_lock_bh(&mc->mca_lock); 709 if (mc->mca_flags&MAF_LOADED) { 710 mc->mca_flags &= ~MAF_LOADED; 711 if (ndisc_mc_map(&mc->mca_addr, buf, dev, 0) == 0) 712 dev_mc_del(dev, buf); 713 } 714 715 spin_unlock_bh(&mc->mca_lock); 716 if (mc->mca_flags & MAF_NOREPORT) 717 return; 718 719 if (!mc->idev->dead) 720 igmp6_leave_group(mc); 721 722 spin_lock_bh(&mc->mca_lock); 723 if (del_timer(&mc->mca_timer)) 724 refcount_dec(&mc->mca_refcnt); 725 spin_unlock_bh(&mc->mca_lock); 726 } 727 728 /* 729 * deleted ifmcaddr6 manipulation 730 */ 731 static void mld_add_delrec(struct inet6_dev *idev, struct ifmcaddr6 *im) 732 { 733 struct ifmcaddr6 *pmc; 734 735 /* this is an "ifmcaddr6" for convenience; only the fields below 736 * are actually used. In particular, the refcnt and users are not 737 * used for management of the delete list. Using the same structure 738 * for deleted items allows change reports to use common code with 739 * non-deleted or query-response MCA's. 740 */ 741 pmc = kzalloc(sizeof(*pmc), GFP_ATOMIC); 742 if (!pmc) 743 return; 744 745 spin_lock_bh(&im->mca_lock); 746 spin_lock_init(&pmc->mca_lock); 747 pmc->idev = im->idev; 748 in6_dev_hold(idev); 749 pmc->mca_addr = im->mca_addr; 750 pmc->mca_crcount = idev->mc_qrv; 751 pmc->mca_sfmode = im->mca_sfmode; 752 if (pmc->mca_sfmode == MCAST_INCLUDE) { 753 struct ip6_sf_list *psf; 754 755 pmc->mca_tomb = im->mca_tomb; 756 pmc->mca_sources = im->mca_sources; 757 im->mca_tomb = im->mca_sources = NULL; 758 for (psf = pmc->mca_sources; psf; psf = psf->sf_next) 759 psf->sf_crcount = pmc->mca_crcount; 760 } 761 spin_unlock_bh(&im->mca_lock); 762 763 spin_lock_bh(&idev->mc_lock); 764 pmc->next = idev->mc_tomb; 765 idev->mc_tomb = pmc; 766 spin_unlock_bh(&idev->mc_lock); 767 } 768 769 static void mld_del_delrec(struct inet6_dev *idev, struct ifmcaddr6 *im) 770 { 771 struct ifmcaddr6 *pmc, *pmc_prev; 772 struct ip6_sf_list *psf; 773 struct in6_addr *pmca = &im->mca_addr; 774 775 spin_lock_bh(&idev->mc_lock); 776 pmc_prev = NULL; 777 for (pmc = idev->mc_tomb; pmc; pmc = pmc->next) { 778 if (ipv6_addr_equal(&pmc->mca_addr, pmca)) 779 break; 780 pmc_prev = pmc; 781 } 782 if (pmc) { 783 if (pmc_prev) 784 pmc_prev->next = pmc->next; 785 else 786 idev->mc_tomb = pmc->next; 787 } 788 spin_unlock_bh(&idev->mc_lock); 789 790 spin_lock_bh(&im->mca_lock); 791 if (pmc) { 792 im->idev = pmc->idev; 793 if (im->mca_sfmode == MCAST_INCLUDE) { 794 im->mca_tomb = pmc->mca_tomb; 795 im->mca_sources = pmc->mca_sources; 796 for (psf = im->mca_sources; psf; psf = psf->sf_next) 797 psf->sf_crcount = idev->mc_qrv; 798 } else { 799 im->mca_crcount = idev->mc_qrv; 800 } 801 in6_dev_put(pmc->idev); 802 kfree(pmc); 803 } 804 spin_unlock_bh(&im->mca_lock); 805 } 806 807 static void mld_clear_delrec(struct inet6_dev *idev) 808 { 809 struct ifmcaddr6 *pmc, *nextpmc; 810 811 spin_lock_bh(&idev->mc_lock); 812 pmc = idev->mc_tomb; 813 idev->mc_tomb = NULL; 814 spin_unlock_bh(&idev->mc_lock); 815 816 for (; pmc; pmc = nextpmc) { 817 nextpmc = pmc->next; 818 ip6_mc_clear_src(pmc); 819 in6_dev_put(pmc->idev); 820 kfree(pmc); 821 } 822 823 /* clear dead sources, too */ 824 read_lock_bh(&idev->lock); 825 for (pmc = idev->mc_list; pmc; pmc = pmc->next) { 826 struct ip6_sf_list *psf, *psf_next; 827 828 spin_lock_bh(&pmc->mca_lock); 829 psf = pmc->mca_tomb; 830 pmc->mca_tomb = NULL; 831 spin_unlock_bh(&pmc->mca_lock); 832 for (; psf; psf = psf_next) { 833 psf_next = psf->sf_next; 834 kfree(psf); 835 } 836 } 837 read_unlock_bh(&idev->lock); 838 } 839 840 static void mca_get(struct ifmcaddr6 *mc) 841 { 842 refcount_inc(&mc->mca_refcnt); 843 } 844 845 static void ma_put(struct ifmcaddr6 *mc) 846 { 847 if (refcount_dec_and_test(&mc->mca_refcnt)) { 848 in6_dev_put(mc->idev); 849 kfree(mc); 850 } 851 } 852 853 static struct ifmcaddr6 *mca_alloc(struct inet6_dev *idev, 854 const struct in6_addr *addr, 855 unsigned int mode) 856 { 857 struct ifmcaddr6 *mc; 858 859 mc = kzalloc(sizeof(*mc), GFP_ATOMIC); 860 if (!mc) 861 return NULL; 862 863 timer_setup(&mc->mca_timer, igmp6_timer_handler, 0); 864 865 mc->mca_addr = *addr; 866 mc->idev = idev; /* reference taken by caller */ 867 mc->mca_users = 1; 868 /* mca_stamp should be updated upon changes */ 869 mc->mca_cstamp = mc->mca_tstamp = jiffies; 870 refcount_set(&mc->mca_refcnt, 1); 871 spin_lock_init(&mc->mca_lock); 872 873 mc->mca_sfmode = mode; 874 mc->mca_sfcount[mode] = 1; 875 876 if (ipv6_addr_is_ll_all_nodes(&mc->mca_addr) || 877 IPV6_ADDR_MC_SCOPE(&mc->mca_addr) < IPV6_ADDR_SCOPE_LINKLOCAL) 878 mc->mca_flags |= MAF_NOREPORT; 879 880 return mc; 881 } 882 883 /* 884 * device multicast group inc (add if not found) 885 */ 886 static int __ipv6_dev_mc_inc(struct net_device *dev, 887 const struct in6_addr *addr, unsigned int mode) 888 { 889 struct ifmcaddr6 *mc; 890 struct inet6_dev *idev; 891 892 ASSERT_RTNL(); 893 894 /* we need to take a reference on idev */ 895 idev = in6_dev_get(dev); 896 897 if (!idev) 898 return -EINVAL; 899 900 write_lock_bh(&idev->lock); 901 if (idev->dead) { 902 write_unlock_bh(&idev->lock); 903 in6_dev_put(idev); 904 return -ENODEV; 905 } 906 907 for (mc = idev->mc_list; mc; mc = mc->next) { 908 if (ipv6_addr_equal(&mc->mca_addr, addr)) { 909 mc->mca_users++; 910 write_unlock_bh(&idev->lock); 911 ip6_mc_add_src(idev, &mc->mca_addr, mode, 0, NULL, 0); 912 in6_dev_put(idev); 913 return 0; 914 } 915 } 916 917 mc = mca_alloc(idev, addr, mode); 918 if (!mc) { 919 write_unlock_bh(&idev->lock); 920 in6_dev_put(idev); 921 return -ENOMEM; 922 } 923 924 mc->next = idev->mc_list; 925 idev->mc_list = mc; 926 927 /* Hold this for the code below before we unlock, 928 * it is already exposed via idev->mc_list. 929 */ 930 mca_get(mc); 931 write_unlock_bh(&idev->lock); 932 933 mld_del_delrec(idev, mc); 934 igmp6_group_added(mc); 935 ma_put(mc); 936 return 0; 937 } 938 939 int ipv6_dev_mc_inc(struct net_device *dev, const struct in6_addr *addr) 940 { 941 return __ipv6_dev_mc_inc(dev, addr, MCAST_EXCLUDE); 942 } 943 944 /* 945 * device multicast group del 946 */ 947 int __ipv6_dev_mc_dec(struct inet6_dev *idev, const struct in6_addr *addr) 948 { 949 struct ifmcaddr6 *ma, **map; 950 951 ASSERT_RTNL(); 952 953 write_lock_bh(&idev->lock); 954 for (map = &idev->mc_list; (ma = *map) != NULL; map = &ma->next) { 955 if (ipv6_addr_equal(&ma->mca_addr, addr)) { 956 if (--ma->mca_users == 0) { 957 *map = ma->next; 958 write_unlock_bh(&idev->lock); 959 960 igmp6_group_dropped(ma); 961 ip6_mc_clear_src(ma); 962 963 ma_put(ma); 964 return 0; 965 } 966 write_unlock_bh(&idev->lock); 967 return 0; 968 } 969 } 970 write_unlock_bh(&idev->lock); 971 972 return -ENOENT; 973 } 974 975 int ipv6_dev_mc_dec(struct net_device *dev, const struct in6_addr *addr) 976 { 977 struct inet6_dev *idev; 978 int err; 979 980 ASSERT_RTNL(); 981 982 idev = __in6_dev_get(dev); 983 if (!idev) 984 err = -ENODEV; 985 else 986 err = __ipv6_dev_mc_dec(idev, addr); 987 988 return err; 989 } 990 991 /* 992 * check if the interface/address pair is valid 993 */ 994 bool ipv6_chk_mcast_addr(struct net_device *dev, const struct in6_addr *group, 995 const struct in6_addr *src_addr) 996 { 997 struct inet6_dev *idev; 998 struct ifmcaddr6 *mc; 999 bool rv = false; 1000 1001 rcu_read_lock(); 1002 idev = __in6_dev_get(dev); 1003 if (idev) { 1004 read_lock_bh(&idev->lock); 1005 for (mc = idev->mc_list; mc; mc = mc->next) { 1006 if (ipv6_addr_equal(&mc->mca_addr, group)) 1007 break; 1008 } 1009 if (mc) { 1010 if (src_addr && !ipv6_addr_any(src_addr)) { 1011 struct ip6_sf_list *psf; 1012 1013 spin_lock_bh(&mc->mca_lock); 1014 for (psf = mc->mca_sources; psf; psf = psf->sf_next) { 1015 if (ipv6_addr_equal(&psf->sf_addr, src_addr)) 1016 break; 1017 } 1018 if (psf) 1019 rv = psf->sf_count[MCAST_INCLUDE] || 1020 psf->sf_count[MCAST_EXCLUDE] != 1021 mc->mca_sfcount[MCAST_EXCLUDE]; 1022 else 1023 rv = mc->mca_sfcount[MCAST_EXCLUDE] != 0; 1024 spin_unlock_bh(&mc->mca_lock); 1025 } else 1026 rv = true; /* don't filter unspecified source */ 1027 } 1028 read_unlock_bh(&idev->lock); 1029 } 1030 rcu_read_unlock(); 1031 return rv; 1032 } 1033 1034 static void mld_gq_start_timer(struct inet6_dev *idev) 1035 { 1036 unsigned long tv = prandom_u32() % idev->mc_maxdelay; 1037 1038 idev->mc_gq_running = 1; 1039 if (!mod_timer(&idev->mc_gq_timer, jiffies+tv+2)) 1040 in6_dev_hold(idev); 1041 } 1042 1043 static void mld_gq_stop_timer(struct inet6_dev *idev) 1044 { 1045 idev->mc_gq_running = 0; 1046 if (del_timer(&idev->mc_gq_timer)) 1047 __in6_dev_put(idev); 1048 } 1049 1050 static void mld_ifc_start_timer(struct inet6_dev *idev, unsigned long delay) 1051 { 1052 unsigned long tv = prandom_u32() % delay; 1053 1054 if (!mod_timer(&idev->mc_ifc_timer, jiffies+tv+2)) 1055 in6_dev_hold(idev); 1056 } 1057 1058 static void mld_ifc_stop_timer(struct inet6_dev *idev) 1059 { 1060 idev->mc_ifc_count = 0; 1061 if (del_timer(&idev->mc_ifc_timer)) 1062 __in6_dev_put(idev); 1063 } 1064 1065 static void mld_dad_start_timer(struct inet6_dev *idev, unsigned long delay) 1066 { 1067 unsigned long tv = prandom_u32() % delay; 1068 1069 if (!mod_timer(&idev->mc_dad_timer, jiffies+tv+2)) 1070 in6_dev_hold(idev); 1071 } 1072 1073 static void mld_dad_stop_timer(struct inet6_dev *idev) 1074 { 1075 if (del_timer(&idev->mc_dad_timer)) 1076 __in6_dev_put(idev); 1077 } 1078 1079 /* 1080 * IGMP handling (alias multicast ICMPv6 messages) 1081 */ 1082 1083 static void igmp6_group_queried(struct ifmcaddr6 *ma, unsigned long resptime) 1084 { 1085 unsigned long delay = resptime; 1086 1087 /* Do not start timer for these addresses */ 1088 if (ipv6_addr_is_ll_all_nodes(&ma->mca_addr) || 1089 IPV6_ADDR_MC_SCOPE(&ma->mca_addr) < IPV6_ADDR_SCOPE_LINKLOCAL) 1090 return; 1091 1092 if (del_timer(&ma->mca_timer)) { 1093 refcount_dec(&ma->mca_refcnt); 1094 delay = ma->mca_timer.expires - jiffies; 1095 } 1096 1097 if (delay >= resptime) 1098 delay = prandom_u32() % resptime; 1099 1100 ma->mca_timer.expires = jiffies + delay; 1101 if (!mod_timer(&ma->mca_timer, jiffies + delay)) 1102 refcount_inc(&ma->mca_refcnt); 1103 ma->mca_flags |= MAF_TIMER_RUNNING; 1104 } 1105 1106 /* mark EXCLUDE-mode sources */ 1107 static bool mld_xmarksources(struct ifmcaddr6 *pmc, int nsrcs, 1108 const struct in6_addr *srcs) 1109 { 1110 struct ip6_sf_list *psf; 1111 int i, scount; 1112 1113 scount = 0; 1114 for (psf = pmc->mca_sources; psf; psf = psf->sf_next) { 1115 if (scount == nsrcs) 1116 break; 1117 for (i = 0; i < nsrcs; i++) { 1118 /* skip inactive filters */ 1119 if (psf->sf_count[MCAST_INCLUDE] || 1120 pmc->mca_sfcount[MCAST_EXCLUDE] != 1121 psf->sf_count[MCAST_EXCLUDE]) 1122 break; 1123 if (ipv6_addr_equal(&srcs[i], &psf->sf_addr)) { 1124 scount++; 1125 break; 1126 } 1127 } 1128 } 1129 pmc->mca_flags &= ~MAF_GSQUERY; 1130 if (scount == nsrcs) /* all sources excluded */ 1131 return false; 1132 return true; 1133 } 1134 1135 static bool mld_marksources(struct ifmcaddr6 *pmc, int nsrcs, 1136 const struct in6_addr *srcs) 1137 { 1138 struct ip6_sf_list *psf; 1139 int i, scount; 1140 1141 if (pmc->mca_sfmode == MCAST_EXCLUDE) 1142 return mld_xmarksources(pmc, nsrcs, srcs); 1143 1144 /* mark INCLUDE-mode sources */ 1145 1146 scount = 0; 1147 for (psf = pmc->mca_sources; psf; psf = psf->sf_next) { 1148 if (scount == nsrcs) 1149 break; 1150 for (i = 0; i < nsrcs; i++) { 1151 if (ipv6_addr_equal(&srcs[i], &psf->sf_addr)) { 1152 psf->sf_gsresp = 1; 1153 scount++; 1154 break; 1155 } 1156 } 1157 } 1158 if (!scount) { 1159 pmc->mca_flags &= ~MAF_GSQUERY; 1160 return false; 1161 } 1162 pmc->mca_flags |= MAF_GSQUERY; 1163 return true; 1164 } 1165 1166 static int mld_force_mld_version(const struct inet6_dev *idev) 1167 { 1168 /* Normally, both are 0 here. If enforcement to a particular is 1169 * being used, individual device enforcement will have a lower 1170 * precedence over 'all' device (.../conf/all/force_mld_version). 1171 */ 1172 1173 if (dev_net(idev->dev)->ipv6.devconf_all->force_mld_version != 0) 1174 return dev_net(idev->dev)->ipv6.devconf_all->force_mld_version; 1175 else 1176 return idev->cnf.force_mld_version; 1177 } 1178 1179 static bool mld_in_v2_mode_only(const struct inet6_dev *idev) 1180 { 1181 return mld_force_mld_version(idev) == 2; 1182 } 1183 1184 static bool mld_in_v1_mode_only(const struct inet6_dev *idev) 1185 { 1186 return mld_force_mld_version(idev) == 1; 1187 } 1188 1189 static bool mld_in_v1_mode(const struct inet6_dev *idev) 1190 { 1191 if (mld_in_v2_mode_only(idev)) 1192 return false; 1193 if (mld_in_v1_mode_only(idev)) 1194 return true; 1195 if (idev->mc_v1_seen && time_before(jiffies, idev->mc_v1_seen)) 1196 return true; 1197 1198 return false; 1199 } 1200 1201 static void mld_set_v1_mode(struct inet6_dev *idev) 1202 { 1203 /* RFC3810, relevant sections: 1204 * - 9.1. Robustness Variable 1205 * - 9.2. Query Interval 1206 * - 9.3. Query Response Interval 1207 * - 9.12. Older Version Querier Present Timeout 1208 */ 1209 unsigned long switchback; 1210 1211 switchback = (idev->mc_qrv * idev->mc_qi) + idev->mc_qri; 1212 1213 idev->mc_v1_seen = jiffies + switchback; 1214 } 1215 1216 static void mld_update_qrv(struct inet6_dev *idev, 1217 const struct mld2_query *mlh2) 1218 { 1219 /* RFC3810, relevant sections: 1220 * - 5.1.8. QRV (Querier's Robustness Variable) 1221 * - 9.1. Robustness Variable 1222 */ 1223 1224 /* The value of the Robustness Variable MUST NOT be zero, 1225 * and SHOULD NOT be one. Catch this here if we ever run 1226 * into such a case in future. 1227 */ 1228 const int min_qrv = min(MLD_QRV_DEFAULT, sysctl_mld_qrv); 1229 WARN_ON(idev->mc_qrv == 0); 1230 1231 if (mlh2->mld2q_qrv > 0) 1232 idev->mc_qrv = mlh2->mld2q_qrv; 1233 1234 if (unlikely(idev->mc_qrv < min_qrv)) { 1235 net_warn_ratelimited("IPv6: MLD: clamping QRV from %u to %u!\n", 1236 idev->mc_qrv, min_qrv); 1237 idev->mc_qrv = min_qrv; 1238 } 1239 } 1240 1241 static void mld_update_qi(struct inet6_dev *idev, 1242 const struct mld2_query *mlh2) 1243 { 1244 /* RFC3810, relevant sections: 1245 * - 5.1.9. QQIC (Querier's Query Interval Code) 1246 * - 9.2. Query Interval 1247 * - 9.12. Older Version Querier Present Timeout 1248 * (the [Query Interval] in the last Query received) 1249 */ 1250 unsigned long mc_qqi; 1251 1252 if (mlh2->mld2q_qqic < 128) { 1253 mc_qqi = mlh2->mld2q_qqic; 1254 } else { 1255 unsigned long mc_man, mc_exp; 1256 1257 mc_exp = MLDV2_QQIC_EXP(mlh2->mld2q_qqic); 1258 mc_man = MLDV2_QQIC_MAN(mlh2->mld2q_qqic); 1259 1260 mc_qqi = (mc_man | 0x10) << (mc_exp + 3); 1261 } 1262 1263 idev->mc_qi = mc_qqi * HZ; 1264 } 1265 1266 static void mld_update_qri(struct inet6_dev *idev, 1267 const struct mld2_query *mlh2) 1268 { 1269 /* RFC3810, relevant sections: 1270 * - 5.1.3. Maximum Response Code 1271 * - 9.3. Query Response Interval 1272 */ 1273 idev->mc_qri = msecs_to_jiffies(mldv2_mrc(mlh2)); 1274 } 1275 1276 static int mld_process_v1(struct inet6_dev *idev, struct mld_msg *mld, 1277 unsigned long *max_delay, bool v1_query) 1278 { 1279 unsigned long mldv1_md; 1280 1281 /* Ignore v1 queries */ 1282 if (mld_in_v2_mode_only(idev)) 1283 return -EINVAL; 1284 1285 mldv1_md = ntohs(mld->mld_maxdelay); 1286 1287 /* When in MLDv1 fallback and a MLDv2 router start-up being 1288 * unaware of current MLDv1 operation, the MRC == MRD mapping 1289 * only works when the exponential algorithm is not being 1290 * used (as MLDv1 is unaware of such things). 1291 * 1292 * According to the RFC author, the MLDv2 implementations 1293 * he's aware of all use a MRC < 32768 on start up queries. 1294 * 1295 * Thus, should we *ever* encounter something else larger 1296 * than that, just assume the maximum possible within our 1297 * reach. 1298 */ 1299 if (!v1_query) 1300 mldv1_md = min(mldv1_md, MLDV1_MRD_MAX_COMPAT); 1301 1302 *max_delay = max(msecs_to_jiffies(mldv1_md), 1UL); 1303 1304 /* MLDv1 router present: we need to go into v1 mode *only* 1305 * when an MLDv1 query is received as per section 9.12. of 1306 * RFC3810! And we know from RFC2710 section 3.7 that MLDv1 1307 * queries MUST be of exactly 24 octets. 1308 */ 1309 if (v1_query) 1310 mld_set_v1_mode(idev); 1311 1312 /* cancel MLDv2 report timer */ 1313 mld_gq_stop_timer(idev); 1314 /* cancel the interface change timer */ 1315 mld_ifc_stop_timer(idev); 1316 /* clear deleted report items */ 1317 mld_clear_delrec(idev); 1318 1319 return 0; 1320 } 1321 1322 static int mld_process_v2(struct inet6_dev *idev, struct mld2_query *mld, 1323 unsigned long *max_delay) 1324 { 1325 *max_delay = max(msecs_to_jiffies(mldv2_mrc(mld)), 1UL); 1326 1327 mld_update_qrv(idev, mld); 1328 mld_update_qi(idev, mld); 1329 mld_update_qri(idev, mld); 1330 1331 idev->mc_maxdelay = *max_delay; 1332 1333 return 0; 1334 } 1335 1336 /* called with rcu_read_lock() */ 1337 int igmp6_event_query(struct sk_buff *skb) 1338 { 1339 struct mld2_query *mlh2 = NULL; 1340 struct ifmcaddr6 *ma; 1341 const struct in6_addr *group; 1342 unsigned long max_delay; 1343 struct inet6_dev *idev; 1344 struct mld_msg *mld; 1345 int group_type; 1346 int mark = 0; 1347 int len, err; 1348 1349 if (!pskb_may_pull(skb, sizeof(struct in6_addr))) 1350 return -EINVAL; 1351 1352 /* compute payload length excluding extension headers */ 1353 len = ntohs(ipv6_hdr(skb)->payload_len) + sizeof(struct ipv6hdr); 1354 len -= skb_network_header_len(skb); 1355 1356 /* RFC3810 6.2 1357 * Upon reception of an MLD message that contains a Query, the node 1358 * checks if the source address of the message is a valid link-local 1359 * address, if the Hop Limit is set to 1, and if the Router Alert 1360 * option is present in the Hop-By-Hop Options header of the IPv6 1361 * packet. If any of these checks fails, the packet is dropped. 1362 */ 1363 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL) || 1364 ipv6_hdr(skb)->hop_limit != 1 || 1365 !(IP6CB(skb)->flags & IP6SKB_ROUTERALERT) || 1366 IP6CB(skb)->ra != htons(IPV6_OPT_ROUTERALERT_MLD)) 1367 return -EINVAL; 1368 1369 idev = __in6_dev_get(skb->dev); 1370 if (!idev) 1371 return 0; 1372 1373 mld = (struct mld_msg *)icmp6_hdr(skb); 1374 group = &mld->mld_mca; 1375 group_type = ipv6_addr_type(group); 1376 1377 if (group_type != IPV6_ADDR_ANY && 1378 !(group_type&IPV6_ADDR_MULTICAST)) 1379 return -EINVAL; 1380 1381 if (len < MLD_V1_QUERY_LEN) { 1382 return -EINVAL; 1383 } else if (len == MLD_V1_QUERY_LEN || mld_in_v1_mode(idev)) { 1384 err = mld_process_v1(idev, mld, &max_delay, 1385 len == MLD_V1_QUERY_LEN); 1386 if (err < 0) 1387 return err; 1388 } else if (len >= MLD_V2_QUERY_LEN_MIN) { 1389 int srcs_offset = sizeof(struct mld2_query) - 1390 sizeof(struct icmp6hdr); 1391 1392 if (!pskb_may_pull(skb, srcs_offset)) 1393 return -EINVAL; 1394 1395 mlh2 = (struct mld2_query *)skb_transport_header(skb); 1396 1397 err = mld_process_v2(idev, mlh2, &max_delay); 1398 if (err < 0) 1399 return err; 1400 1401 if (group_type == IPV6_ADDR_ANY) { /* general query */ 1402 if (mlh2->mld2q_nsrcs) 1403 return -EINVAL; /* no sources allowed */ 1404 1405 mld_gq_start_timer(idev); 1406 return 0; 1407 } 1408 /* mark sources to include, if group & source-specific */ 1409 if (mlh2->mld2q_nsrcs != 0) { 1410 if (!pskb_may_pull(skb, srcs_offset + 1411 ntohs(mlh2->mld2q_nsrcs) * sizeof(struct in6_addr))) 1412 return -EINVAL; 1413 1414 mlh2 = (struct mld2_query *)skb_transport_header(skb); 1415 mark = 1; 1416 } 1417 } else { 1418 return -EINVAL; 1419 } 1420 1421 read_lock_bh(&idev->lock); 1422 if (group_type == IPV6_ADDR_ANY) { 1423 for (ma = idev->mc_list; ma; ma = ma->next) { 1424 spin_lock_bh(&ma->mca_lock); 1425 igmp6_group_queried(ma, max_delay); 1426 spin_unlock_bh(&ma->mca_lock); 1427 } 1428 } else { 1429 for (ma = idev->mc_list; ma; ma = ma->next) { 1430 if (!ipv6_addr_equal(group, &ma->mca_addr)) 1431 continue; 1432 spin_lock_bh(&ma->mca_lock); 1433 if (ma->mca_flags & MAF_TIMER_RUNNING) { 1434 /* gsquery <- gsquery && mark */ 1435 if (!mark) 1436 ma->mca_flags &= ~MAF_GSQUERY; 1437 } else { 1438 /* gsquery <- mark */ 1439 if (mark) 1440 ma->mca_flags |= MAF_GSQUERY; 1441 else 1442 ma->mca_flags &= ~MAF_GSQUERY; 1443 } 1444 if (!(ma->mca_flags & MAF_GSQUERY) || 1445 mld_marksources(ma, ntohs(mlh2->mld2q_nsrcs), mlh2->mld2q_srcs)) 1446 igmp6_group_queried(ma, max_delay); 1447 spin_unlock_bh(&ma->mca_lock); 1448 break; 1449 } 1450 } 1451 read_unlock_bh(&idev->lock); 1452 1453 return 0; 1454 } 1455 1456 /* called with rcu_read_lock() */ 1457 int igmp6_event_report(struct sk_buff *skb) 1458 { 1459 struct ifmcaddr6 *ma; 1460 struct inet6_dev *idev; 1461 struct mld_msg *mld; 1462 int addr_type; 1463 1464 /* Our own report looped back. Ignore it. */ 1465 if (skb->pkt_type == PACKET_LOOPBACK) 1466 return 0; 1467 1468 /* send our report if the MC router may not have heard this report */ 1469 if (skb->pkt_type != PACKET_MULTICAST && 1470 skb->pkt_type != PACKET_BROADCAST) 1471 return 0; 1472 1473 if (!pskb_may_pull(skb, sizeof(*mld) - sizeof(struct icmp6hdr))) 1474 return -EINVAL; 1475 1476 mld = (struct mld_msg *)icmp6_hdr(skb); 1477 1478 /* Drop reports with not link local source */ 1479 addr_type = ipv6_addr_type(&ipv6_hdr(skb)->saddr); 1480 if (addr_type != IPV6_ADDR_ANY && 1481 !(addr_type&IPV6_ADDR_LINKLOCAL)) 1482 return -EINVAL; 1483 1484 idev = __in6_dev_get(skb->dev); 1485 if (!idev) 1486 return -ENODEV; 1487 1488 /* 1489 * Cancel the timer for this group 1490 */ 1491 1492 read_lock_bh(&idev->lock); 1493 for (ma = idev->mc_list; ma; ma = ma->next) { 1494 if (ipv6_addr_equal(&ma->mca_addr, &mld->mld_mca)) { 1495 spin_lock(&ma->mca_lock); 1496 if (del_timer(&ma->mca_timer)) 1497 refcount_dec(&ma->mca_refcnt); 1498 ma->mca_flags &= ~(MAF_LAST_REPORTER|MAF_TIMER_RUNNING); 1499 spin_unlock(&ma->mca_lock); 1500 break; 1501 } 1502 } 1503 read_unlock_bh(&idev->lock); 1504 return 0; 1505 } 1506 1507 static bool is_in(struct ifmcaddr6 *pmc, struct ip6_sf_list *psf, int type, 1508 int gdeleted, int sdeleted) 1509 { 1510 switch (type) { 1511 case MLD2_MODE_IS_INCLUDE: 1512 case MLD2_MODE_IS_EXCLUDE: 1513 if (gdeleted || sdeleted) 1514 return false; 1515 if (!((pmc->mca_flags & MAF_GSQUERY) && !psf->sf_gsresp)) { 1516 if (pmc->mca_sfmode == MCAST_INCLUDE) 1517 return true; 1518 /* don't include if this source is excluded 1519 * in all filters 1520 */ 1521 if (psf->sf_count[MCAST_INCLUDE]) 1522 return type == MLD2_MODE_IS_INCLUDE; 1523 return pmc->mca_sfcount[MCAST_EXCLUDE] == 1524 psf->sf_count[MCAST_EXCLUDE]; 1525 } 1526 return false; 1527 case MLD2_CHANGE_TO_INCLUDE: 1528 if (gdeleted || sdeleted) 1529 return false; 1530 return psf->sf_count[MCAST_INCLUDE] != 0; 1531 case MLD2_CHANGE_TO_EXCLUDE: 1532 if (gdeleted || sdeleted) 1533 return false; 1534 if (pmc->mca_sfcount[MCAST_EXCLUDE] == 0 || 1535 psf->sf_count[MCAST_INCLUDE]) 1536 return false; 1537 return pmc->mca_sfcount[MCAST_EXCLUDE] == 1538 psf->sf_count[MCAST_EXCLUDE]; 1539 case MLD2_ALLOW_NEW_SOURCES: 1540 if (gdeleted || !psf->sf_crcount) 1541 return false; 1542 return (pmc->mca_sfmode == MCAST_INCLUDE) ^ sdeleted; 1543 case MLD2_BLOCK_OLD_SOURCES: 1544 if (pmc->mca_sfmode == MCAST_INCLUDE) 1545 return gdeleted || (psf->sf_crcount && sdeleted); 1546 return psf->sf_crcount && !gdeleted && !sdeleted; 1547 } 1548 return false; 1549 } 1550 1551 static int 1552 mld_scount(struct ifmcaddr6 *pmc, int type, int gdeleted, int sdeleted) 1553 { 1554 struct ip6_sf_list *psf; 1555 int scount = 0; 1556 1557 for (psf = pmc->mca_sources; psf; psf = psf->sf_next) { 1558 if (!is_in(pmc, psf, type, gdeleted, sdeleted)) 1559 continue; 1560 scount++; 1561 } 1562 return scount; 1563 } 1564 1565 static void ip6_mc_hdr(struct sock *sk, struct sk_buff *skb, 1566 struct net_device *dev, 1567 const struct in6_addr *saddr, 1568 const struct in6_addr *daddr, 1569 int proto, int len) 1570 { 1571 struct ipv6hdr *hdr; 1572 1573 skb->protocol = htons(ETH_P_IPV6); 1574 skb->dev = dev; 1575 1576 skb_reset_network_header(skb); 1577 skb_put(skb, sizeof(struct ipv6hdr)); 1578 hdr = ipv6_hdr(skb); 1579 1580 ip6_flow_hdr(hdr, 0, 0); 1581 1582 hdr->payload_len = htons(len); 1583 hdr->nexthdr = proto; 1584 hdr->hop_limit = inet6_sk(sk)->hop_limit; 1585 1586 hdr->saddr = *saddr; 1587 hdr->daddr = *daddr; 1588 } 1589 1590 static struct sk_buff *mld_newpack(struct inet6_dev *idev, unsigned int mtu) 1591 { 1592 struct net_device *dev = idev->dev; 1593 struct net *net = dev_net(dev); 1594 struct sock *sk = net->ipv6.igmp_sk; 1595 struct sk_buff *skb; 1596 struct mld2_report *pmr; 1597 struct in6_addr addr_buf; 1598 const struct in6_addr *saddr; 1599 int hlen = LL_RESERVED_SPACE(dev); 1600 int tlen = dev->needed_tailroom; 1601 unsigned int size = mtu + hlen + tlen; 1602 int err; 1603 u8 ra[8] = { IPPROTO_ICMPV6, 0, 1604 IPV6_TLV_ROUTERALERT, 2, 0, 0, 1605 IPV6_TLV_PADN, 0 }; 1606 1607 /* we assume size > sizeof(ra) here */ 1608 /* limit our allocations to order-0 page */ 1609 size = min_t(int, size, SKB_MAX_ORDER(0, 0)); 1610 skb = sock_alloc_send_skb(sk, size, 1, &err); 1611 1612 if (!skb) 1613 return NULL; 1614 1615 skb->priority = TC_PRIO_CONTROL; 1616 skb_reserve(skb, hlen); 1617 skb_tailroom_reserve(skb, mtu, tlen); 1618 1619 if (__ipv6_get_lladdr(idev, &addr_buf, IFA_F_TENTATIVE)) { 1620 /* <draft-ietf-magma-mld-source-05.txt>: 1621 * use unspecified address as the source address 1622 * when a valid link-local address is not available. 1623 */ 1624 saddr = &in6addr_any; 1625 } else 1626 saddr = &addr_buf; 1627 1628 ip6_mc_hdr(sk, skb, dev, saddr, &mld2_all_mcr, NEXTHDR_HOP, 0); 1629 1630 skb_put_data(skb, ra, sizeof(ra)); 1631 1632 skb_set_transport_header(skb, skb_tail_pointer(skb) - skb->data); 1633 skb_put(skb, sizeof(*pmr)); 1634 pmr = (struct mld2_report *)skb_transport_header(skb); 1635 pmr->mld2r_type = ICMPV6_MLD2_REPORT; 1636 pmr->mld2r_resv1 = 0; 1637 pmr->mld2r_cksum = 0; 1638 pmr->mld2r_resv2 = 0; 1639 pmr->mld2r_ngrec = 0; 1640 return skb; 1641 } 1642 1643 static void mld_sendpack(struct sk_buff *skb) 1644 { 1645 struct ipv6hdr *pip6 = ipv6_hdr(skb); 1646 struct mld2_report *pmr = 1647 (struct mld2_report *)skb_transport_header(skb); 1648 int payload_len, mldlen; 1649 struct inet6_dev *idev; 1650 struct net *net = dev_net(skb->dev); 1651 int err; 1652 struct flowi6 fl6; 1653 struct dst_entry *dst; 1654 1655 rcu_read_lock(); 1656 idev = __in6_dev_get(skb->dev); 1657 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len); 1658 1659 payload_len = (skb_tail_pointer(skb) - skb_network_header(skb)) - 1660 sizeof(*pip6); 1661 mldlen = skb_tail_pointer(skb) - skb_transport_header(skb); 1662 pip6->payload_len = htons(payload_len); 1663 1664 pmr->mld2r_cksum = csum_ipv6_magic(&pip6->saddr, &pip6->daddr, mldlen, 1665 IPPROTO_ICMPV6, 1666 csum_partial(skb_transport_header(skb), 1667 mldlen, 0)); 1668 1669 icmpv6_flow_init(net->ipv6.igmp_sk, &fl6, ICMPV6_MLD2_REPORT, 1670 &ipv6_hdr(skb)->saddr, &ipv6_hdr(skb)->daddr, 1671 skb->dev->ifindex); 1672 dst = icmp6_dst_alloc(skb->dev, &fl6); 1673 1674 err = 0; 1675 if (IS_ERR(dst)) { 1676 err = PTR_ERR(dst); 1677 dst = NULL; 1678 } 1679 skb_dst_set(skb, dst); 1680 if (err) 1681 goto err_out; 1682 1683 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, 1684 net, net->ipv6.igmp_sk, skb, NULL, skb->dev, 1685 dst_output); 1686 out: 1687 if (!err) { 1688 ICMP6MSGOUT_INC_STATS(net, idev, ICMPV6_MLD2_REPORT); 1689 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS); 1690 } else { 1691 IP6_INC_STATS(net, idev, IPSTATS_MIB_OUTDISCARDS); 1692 } 1693 1694 rcu_read_unlock(); 1695 return; 1696 1697 err_out: 1698 kfree_skb(skb); 1699 goto out; 1700 } 1701 1702 static int grec_size(struct ifmcaddr6 *pmc, int type, int gdel, int sdel) 1703 { 1704 return sizeof(struct mld2_grec) + 16 * mld_scount(pmc,type,gdel,sdel); 1705 } 1706 1707 static struct sk_buff *add_grhead(struct sk_buff *skb, struct ifmcaddr6 *pmc, 1708 int type, struct mld2_grec **ppgr, unsigned int mtu) 1709 { 1710 struct mld2_report *pmr; 1711 struct mld2_grec *pgr; 1712 1713 if (!skb) { 1714 skb = mld_newpack(pmc->idev, mtu); 1715 if (!skb) 1716 return NULL; 1717 } 1718 pgr = skb_put(skb, sizeof(struct mld2_grec)); 1719 pgr->grec_type = type; 1720 pgr->grec_auxwords = 0; 1721 pgr->grec_nsrcs = 0; 1722 pgr->grec_mca = pmc->mca_addr; /* structure copy */ 1723 pmr = (struct mld2_report *)skb_transport_header(skb); 1724 pmr->mld2r_ngrec = htons(ntohs(pmr->mld2r_ngrec)+1); 1725 *ppgr = pgr; 1726 return skb; 1727 } 1728 1729 #define AVAILABLE(skb) ((skb) ? skb_availroom(skb) : 0) 1730 1731 static struct sk_buff *add_grec(struct sk_buff *skb, struct ifmcaddr6 *pmc, 1732 int type, int gdeleted, int sdeleted, int crsend) 1733 { 1734 struct inet6_dev *idev = pmc->idev; 1735 struct net_device *dev = idev->dev; 1736 struct mld2_report *pmr; 1737 struct mld2_grec *pgr = NULL; 1738 struct ip6_sf_list *psf, *psf_next, *psf_prev, **psf_list; 1739 int scount, stotal, first, isquery, truncate; 1740 unsigned int mtu; 1741 1742 if (pmc->mca_flags & MAF_NOREPORT) 1743 return skb; 1744 1745 mtu = READ_ONCE(dev->mtu); 1746 if (mtu < IPV6_MIN_MTU) 1747 return skb; 1748 1749 isquery = type == MLD2_MODE_IS_INCLUDE || 1750 type == MLD2_MODE_IS_EXCLUDE; 1751 truncate = type == MLD2_MODE_IS_EXCLUDE || 1752 type == MLD2_CHANGE_TO_EXCLUDE; 1753 1754 stotal = scount = 0; 1755 1756 psf_list = sdeleted ? &pmc->mca_tomb : &pmc->mca_sources; 1757 1758 if (!*psf_list) 1759 goto empty_source; 1760 1761 pmr = skb ? (struct mld2_report *)skb_transport_header(skb) : NULL; 1762 1763 /* EX and TO_EX get a fresh packet, if needed */ 1764 if (truncate) { 1765 if (pmr && pmr->mld2r_ngrec && 1766 AVAILABLE(skb) < grec_size(pmc, type, gdeleted, sdeleted)) { 1767 if (skb) 1768 mld_sendpack(skb); 1769 skb = mld_newpack(idev, mtu); 1770 } 1771 } 1772 first = 1; 1773 psf_prev = NULL; 1774 for (psf = *psf_list; psf; psf = psf_next) { 1775 struct in6_addr *psrc; 1776 1777 psf_next = psf->sf_next; 1778 1779 if (!is_in(pmc, psf, type, gdeleted, sdeleted) && !crsend) { 1780 psf_prev = psf; 1781 continue; 1782 } 1783 1784 /* Based on RFC3810 6.1. Should not send source-list change 1785 * records when there is a filter mode change. 1786 */ 1787 if (((gdeleted && pmc->mca_sfmode == MCAST_EXCLUDE) || 1788 (!gdeleted && pmc->mca_crcount)) && 1789 (type == MLD2_ALLOW_NEW_SOURCES || 1790 type == MLD2_BLOCK_OLD_SOURCES) && psf->sf_crcount) 1791 goto decrease_sf_crcount; 1792 1793 /* clear marks on query responses */ 1794 if (isquery) 1795 psf->sf_gsresp = 0; 1796 1797 if (AVAILABLE(skb) < sizeof(*psrc) + 1798 first*sizeof(struct mld2_grec)) { 1799 if (truncate && !first) 1800 break; /* truncate these */ 1801 if (pgr) 1802 pgr->grec_nsrcs = htons(scount); 1803 if (skb) 1804 mld_sendpack(skb); 1805 skb = mld_newpack(idev, mtu); 1806 first = 1; 1807 scount = 0; 1808 } 1809 if (first) { 1810 skb = add_grhead(skb, pmc, type, &pgr, mtu); 1811 first = 0; 1812 } 1813 if (!skb) 1814 return NULL; 1815 psrc = skb_put(skb, sizeof(*psrc)); 1816 *psrc = psf->sf_addr; 1817 scount++; stotal++; 1818 if ((type == MLD2_ALLOW_NEW_SOURCES || 1819 type == MLD2_BLOCK_OLD_SOURCES) && psf->sf_crcount) { 1820 decrease_sf_crcount: 1821 psf->sf_crcount--; 1822 if ((sdeleted || gdeleted) && psf->sf_crcount == 0) { 1823 if (psf_prev) 1824 psf_prev->sf_next = psf->sf_next; 1825 else 1826 *psf_list = psf->sf_next; 1827 kfree(psf); 1828 continue; 1829 } 1830 } 1831 psf_prev = psf; 1832 } 1833 1834 empty_source: 1835 if (!stotal) { 1836 if (type == MLD2_ALLOW_NEW_SOURCES || 1837 type == MLD2_BLOCK_OLD_SOURCES) 1838 return skb; 1839 if (pmc->mca_crcount || isquery || crsend) { 1840 /* make sure we have room for group header */ 1841 if (skb && AVAILABLE(skb) < sizeof(struct mld2_grec)) { 1842 mld_sendpack(skb); 1843 skb = NULL; /* add_grhead will get a new one */ 1844 } 1845 skb = add_grhead(skb, pmc, type, &pgr, mtu); 1846 } 1847 } 1848 if (pgr) 1849 pgr->grec_nsrcs = htons(scount); 1850 1851 if (isquery) 1852 pmc->mca_flags &= ~MAF_GSQUERY; /* clear query state */ 1853 return skb; 1854 } 1855 1856 static void mld_send_report(struct inet6_dev *idev, struct ifmcaddr6 *pmc) 1857 { 1858 struct sk_buff *skb = NULL; 1859 int type; 1860 1861 read_lock_bh(&idev->lock); 1862 if (!pmc) { 1863 for (pmc = idev->mc_list; pmc; pmc = pmc->next) { 1864 if (pmc->mca_flags & MAF_NOREPORT) 1865 continue; 1866 spin_lock_bh(&pmc->mca_lock); 1867 if (pmc->mca_sfcount[MCAST_EXCLUDE]) 1868 type = MLD2_MODE_IS_EXCLUDE; 1869 else 1870 type = MLD2_MODE_IS_INCLUDE; 1871 skb = add_grec(skb, pmc, type, 0, 0, 0); 1872 spin_unlock_bh(&pmc->mca_lock); 1873 } 1874 } else { 1875 spin_lock_bh(&pmc->mca_lock); 1876 if (pmc->mca_sfcount[MCAST_EXCLUDE]) 1877 type = MLD2_MODE_IS_EXCLUDE; 1878 else 1879 type = MLD2_MODE_IS_INCLUDE; 1880 skb = add_grec(skb, pmc, type, 0, 0, 0); 1881 spin_unlock_bh(&pmc->mca_lock); 1882 } 1883 read_unlock_bh(&idev->lock); 1884 if (skb) 1885 mld_sendpack(skb); 1886 } 1887 1888 /* 1889 * remove zero-count source records from a source filter list 1890 */ 1891 static void mld_clear_zeros(struct ip6_sf_list **ppsf) 1892 { 1893 struct ip6_sf_list *psf_prev, *psf_next, *psf; 1894 1895 psf_prev = NULL; 1896 for (psf = *ppsf; psf; psf = psf_next) { 1897 psf_next = psf->sf_next; 1898 if (psf->sf_crcount == 0) { 1899 if (psf_prev) 1900 psf_prev->sf_next = psf->sf_next; 1901 else 1902 *ppsf = psf->sf_next; 1903 kfree(psf); 1904 } else 1905 psf_prev = psf; 1906 } 1907 } 1908 1909 static void mld_send_cr(struct inet6_dev *idev) 1910 { 1911 struct ifmcaddr6 *pmc, *pmc_prev, *pmc_next; 1912 struct sk_buff *skb = NULL; 1913 int type, dtype; 1914 1915 read_lock_bh(&idev->lock); 1916 spin_lock(&idev->mc_lock); 1917 1918 /* deleted MCA's */ 1919 pmc_prev = NULL; 1920 for (pmc = idev->mc_tomb; pmc; pmc = pmc_next) { 1921 pmc_next = pmc->next; 1922 if (pmc->mca_sfmode == MCAST_INCLUDE) { 1923 type = MLD2_BLOCK_OLD_SOURCES; 1924 dtype = MLD2_BLOCK_OLD_SOURCES; 1925 skb = add_grec(skb, pmc, type, 1, 0, 0); 1926 skb = add_grec(skb, pmc, dtype, 1, 1, 0); 1927 } 1928 if (pmc->mca_crcount) { 1929 if (pmc->mca_sfmode == MCAST_EXCLUDE) { 1930 type = MLD2_CHANGE_TO_INCLUDE; 1931 skb = add_grec(skb, pmc, type, 1, 0, 0); 1932 } 1933 pmc->mca_crcount--; 1934 if (pmc->mca_crcount == 0) { 1935 mld_clear_zeros(&pmc->mca_tomb); 1936 mld_clear_zeros(&pmc->mca_sources); 1937 } 1938 } 1939 if (pmc->mca_crcount == 0 && !pmc->mca_tomb && 1940 !pmc->mca_sources) { 1941 if (pmc_prev) 1942 pmc_prev->next = pmc_next; 1943 else 1944 idev->mc_tomb = pmc_next; 1945 in6_dev_put(pmc->idev); 1946 kfree(pmc); 1947 } else 1948 pmc_prev = pmc; 1949 } 1950 spin_unlock(&idev->mc_lock); 1951 1952 /* change recs */ 1953 for (pmc = idev->mc_list; pmc; pmc = pmc->next) { 1954 spin_lock_bh(&pmc->mca_lock); 1955 if (pmc->mca_sfcount[MCAST_EXCLUDE]) { 1956 type = MLD2_BLOCK_OLD_SOURCES; 1957 dtype = MLD2_ALLOW_NEW_SOURCES; 1958 } else { 1959 type = MLD2_ALLOW_NEW_SOURCES; 1960 dtype = MLD2_BLOCK_OLD_SOURCES; 1961 } 1962 skb = add_grec(skb, pmc, type, 0, 0, 0); 1963 skb = add_grec(skb, pmc, dtype, 0, 1, 0); /* deleted sources */ 1964 1965 /* filter mode changes */ 1966 if (pmc->mca_crcount) { 1967 if (pmc->mca_sfmode == MCAST_EXCLUDE) 1968 type = MLD2_CHANGE_TO_EXCLUDE; 1969 else 1970 type = MLD2_CHANGE_TO_INCLUDE; 1971 skb = add_grec(skb, pmc, type, 0, 0, 0); 1972 pmc->mca_crcount--; 1973 } 1974 spin_unlock_bh(&pmc->mca_lock); 1975 } 1976 read_unlock_bh(&idev->lock); 1977 if (!skb) 1978 return; 1979 (void) mld_sendpack(skb); 1980 } 1981 1982 static void igmp6_send(struct in6_addr *addr, struct net_device *dev, int type) 1983 { 1984 struct net *net = dev_net(dev); 1985 struct sock *sk = net->ipv6.igmp_sk; 1986 struct inet6_dev *idev; 1987 struct sk_buff *skb; 1988 struct mld_msg *hdr; 1989 const struct in6_addr *snd_addr, *saddr; 1990 struct in6_addr addr_buf; 1991 int hlen = LL_RESERVED_SPACE(dev); 1992 int tlen = dev->needed_tailroom; 1993 int err, len, payload_len, full_len; 1994 u8 ra[8] = { IPPROTO_ICMPV6, 0, 1995 IPV6_TLV_ROUTERALERT, 2, 0, 0, 1996 IPV6_TLV_PADN, 0 }; 1997 struct flowi6 fl6; 1998 struct dst_entry *dst; 1999 2000 if (type == ICMPV6_MGM_REDUCTION) 2001 snd_addr = &in6addr_linklocal_allrouters; 2002 else 2003 snd_addr = addr; 2004 2005 len = sizeof(struct icmp6hdr) + sizeof(struct in6_addr); 2006 payload_len = len + sizeof(ra); 2007 full_len = sizeof(struct ipv6hdr) + payload_len; 2008 2009 rcu_read_lock(); 2010 IP6_UPD_PO_STATS(net, __in6_dev_get(dev), 2011 IPSTATS_MIB_OUT, full_len); 2012 rcu_read_unlock(); 2013 2014 skb = sock_alloc_send_skb(sk, hlen + tlen + full_len, 1, &err); 2015 2016 if (!skb) { 2017 rcu_read_lock(); 2018 IP6_INC_STATS(net, __in6_dev_get(dev), 2019 IPSTATS_MIB_OUTDISCARDS); 2020 rcu_read_unlock(); 2021 return; 2022 } 2023 skb->priority = TC_PRIO_CONTROL; 2024 skb_reserve(skb, hlen); 2025 2026 if (ipv6_get_lladdr(dev, &addr_buf, IFA_F_TENTATIVE)) { 2027 /* <draft-ietf-magma-mld-source-05.txt>: 2028 * use unspecified address as the source address 2029 * when a valid link-local address is not available. 2030 */ 2031 saddr = &in6addr_any; 2032 } else 2033 saddr = &addr_buf; 2034 2035 ip6_mc_hdr(sk, skb, dev, saddr, snd_addr, NEXTHDR_HOP, payload_len); 2036 2037 skb_put_data(skb, ra, sizeof(ra)); 2038 2039 hdr = skb_put_zero(skb, sizeof(struct mld_msg)); 2040 hdr->mld_type = type; 2041 hdr->mld_mca = *addr; 2042 2043 hdr->mld_cksum = csum_ipv6_magic(saddr, snd_addr, len, 2044 IPPROTO_ICMPV6, 2045 csum_partial(hdr, len, 0)); 2046 2047 rcu_read_lock(); 2048 idev = __in6_dev_get(skb->dev); 2049 2050 icmpv6_flow_init(sk, &fl6, type, 2051 &ipv6_hdr(skb)->saddr, &ipv6_hdr(skb)->daddr, 2052 skb->dev->ifindex); 2053 dst = icmp6_dst_alloc(skb->dev, &fl6); 2054 if (IS_ERR(dst)) { 2055 err = PTR_ERR(dst); 2056 goto err_out; 2057 } 2058 2059 skb_dst_set(skb, dst); 2060 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, 2061 net, sk, skb, NULL, skb->dev, 2062 dst_output); 2063 out: 2064 if (!err) { 2065 ICMP6MSGOUT_INC_STATS(net, idev, type); 2066 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS); 2067 } else 2068 IP6_INC_STATS(net, idev, IPSTATS_MIB_OUTDISCARDS); 2069 2070 rcu_read_unlock(); 2071 return; 2072 2073 err_out: 2074 kfree_skb(skb); 2075 goto out; 2076 } 2077 2078 static void mld_send_initial_cr(struct inet6_dev *idev) 2079 { 2080 struct sk_buff *skb; 2081 struct ifmcaddr6 *pmc; 2082 int type; 2083 2084 if (mld_in_v1_mode(idev)) 2085 return; 2086 2087 skb = NULL; 2088 read_lock_bh(&idev->lock); 2089 for (pmc = idev->mc_list; pmc; pmc = pmc->next) { 2090 spin_lock_bh(&pmc->mca_lock); 2091 if (pmc->mca_sfcount[MCAST_EXCLUDE]) 2092 type = MLD2_CHANGE_TO_EXCLUDE; 2093 else 2094 type = MLD2_ALLOW_NEW_SOURCES; 2095 skb = add_grec(skb, pmc, type, 0, 0, 1); 2096 spin_unlock_bh(&pmc->mca_lock); 2097 } 2098 read_unlock_bh(&idev->lock); 2099 if (skb) 2100 mld_sendpack(skb); 2101 } 2102 2103 void ipv6_mc_dad_complete(struct inet6_dev *idev) 2104 { 2105 idev->mc_dad_count = idev->mc_qrv; 2106 if (idev->mc_dad_count) { 2107 mld_send_initial_cr(idev); 2108 idev->mc_dad_count--; 2109 if (idev->mc_dad_count) 2110 mld_dad_start_timer(idev, 2111 unsolicited_report_interval(idev)); 2112 } 2113 } 2114 2115 static void mld_dad_timer_expire(struct timer_list *t) 2116 { 2117 struct inet6_dev *idev = from_timer(idev, t, mc_dad_timer); 2118 2119 mld_send_initial_cr(idev); 2120 if (idev->mc_dad_count) { 2121 idev->mc_dad_count--; 2122 if (idev->mc_dad_count) 2123 mld_dad_start_timer(idev, 2124 unsolicited_report_interval(idev)); 2125 } 2126 in6_dev_put(idev); 2127 } 2128 2129 static int ip6_mc_del1_src(struct ifmcaddr6 *pmc, int sfmode, 2130 const struct in6_addr *psfsrc) 2131 { 2132 struct ip6_sf_list *psf, *psf_prev; 2133 int rv = 0; 2134 2135 psf_prev = NULL; 2136 for (psf = pmc->mca_sources; psf; psf = psf->sf_next) { 2137 if (ipv6_addr_equal(&psf->sf_addr, psfsrc)) 2138 break; 2139 psf_prev = psf; 2140 } 2141 if (!psf || psf->sf_count[sfmode] == 0) { 2142 /* source filter not found, or count wrong => bug */ 2143 return -ESRCH; 2144 } 2145 psf->sf_count[sfmode]--; 2146 if (!psf->sf_count[MCAST_INCLUDE] && !psf->sf_count[MCAST_EXCLUDE]) { 2147 struct inet6_dev *idev = pmc->idev; 2148 2149 /* no more filters for this source */ 2150 if (psf_prev) 2151 psf_prev->sf_next = psf->sf_next; 2152 else 2153 pmc->mca_sources = psf->sf_next; 2154 if (psf->sf_oldin && !(pmc->mca_flags & MAF_NOREPORT) && 2155 !mld_in_v1_mode(idev)) { 2156 psf->sf_crcount = idev->mc_qrv; 2157 psf->sf_next = pmc->mca_tomb; 2158 pmc->mca_tomb = psf; 2159 rv = 1; 2160 } else 2161 kfree(psf); 2162 } 2163 return rv; 2164 } 2165 2166 static int ip6_mc_del_src(struct inet6_dev *idev, const struct in6_addr *pmca, 2167 int sfmode, int sfcount, const struct in6_addr *psfsrc, 2168 int delta) 2169 { 2170 struct ifmcaddr6 *pmc; 2171 int changerec = 0; 2172 int i, err; 2173 2174 if (!idev) 2175 return -ENODEV; 2176 read_lock_bh(&idev->lock); 2177 for (pmc = idev->mc_list; pmc; pmc = pmc->next) { 2178 if (ipv6_addr_equal(pmca, &pmc->mca_addr)) 2179 break; 2180 } 2181 if (!pmc) { 2182 /* MCA not found?? bug */ 2183 read_unlock_bh(&idev->lock); 2184 return -ESRCH; 2185 } 2186 spin_lock_bh(&pmc->mca_lock); 2187 sf_markstate(pmc); 2188 if (!delta) { 2189 if (!pmc->mca_sfcount[sfmode]) { 2190 spin_unlock_bh(&pmc->mca_lock); 2191 read_unlock_bh(&idev->lock); 2192 return -EINVAL; 2193 } 2194 pmc->mca_sfcount[sfmode]--; 2195 } 2196 err = 0; 2197 for (i = 0; i < sfcount; i++) { 2198 int rv = ip6_mc_del1_src(pmc, sfmode, &psfsrc[i]); 2199 2200 changerec |= rv > 0; 2201 if (!err && rv < 0) 2202 err = rv; 2203 } 2204 if (pmc->mca_sfmode == MCAST_EXCLUDE && 2205 pmc->mca_sfcount[MCAST_EXCLUDE] == 0 && 2206 pmc->mca_sfcount[MCAST_INCLUDE]) { 2207 struct ip6_sf_list *psf; 2208 2209 /* filter mode change */ 2210 pmc->mca_sfmode = MCAST_INCLUDE; 2211 pmc->mca_crcount = idev->mc_qrv; 2212 idev->mc_ifc_count = pmc->mca_crcount; 2213 for (psf = pmc->mca_sources; psf; psf = psf->sf_next) 2214 psf->sf_crcount = 0; 2215 mld_ifc_event(pmc->idev); 2216 } else if (sf_setstate(pmc) || changerec) 2217 mld_ifc_event(pmc->idev); 2218 spin_unlock_bh(&pmc->mca_lock); 2219 read_unlock_bh(&idev->lock); 2220 return err; 2221 } 2222 2223 /* 2224 * Add multicast single-source filter to the interface list 2225 */ 2226 static int ip6_mc_add1_src(struct ifmcaddr6 *pmc, int sfmode, 2227 const struct in6_addr *psfsrc) 2228 { 2229 struct ip6_sf_list *psf, *psf_prev; 2230 2231 psf_prev = NULL; 2232 for (psf = pmc->mca_sources; psf; psf = psf->sf_next) { 2233 if (ipv6_addr_equal(&psf->sf_addr, psfsrc)) 2234 break; 2235 psf_prev = psf; 2236 } 2237 if (!psf) { 2238 psf = kzalloc(sizeof(*psf), GFP_ATOMIC); 2239 if (!psf) 2240 return -ENOBUFS; 2241 2242 psf->sf_addr = *psfsrc; 2243 if (psf_prev) { 2244 psf_prev->sf_next = psf; 2245 } else 2246 pmc->mca_sources = psf; 2247 } 2248 psf->sf_count[sfmode]++; 2249 return 0; 2250 } 2251 2252 static void sf_markstate(struct ifmcaddr6 *pmc) 2253 { 2254 struct ip6_sf_list *psf; 2255 int mca_xcount = pmc->mca_sfcount[MCAST_EXCLUDE]; 2256 2257 for (psf = pmc->mca_sources; psf; psf = psf->sf_next) 2258 if (pmc->mca_sfcount[MCAST_EXCLUDE]) { 2259 psf->sf_oldin = mca_xcount == 2260 psf->sf_count[MCAST_EXCLUDE] && 2261 !psf->sf_count[MCAST_INCLUDE]; 2262 } else 2263 psf->sf_oldin = psf->sf_count[MCAST_INCLUDE] != 0; 2264 } 2265 2266 static int sf_setstate(struct ifmcaddr6 *pmc) 2267 { 2268 struct ip6_sf_list *psf, *dpsf; 2269 int mca_xcount = pmc->mca_sfcount[MCAST_EXCLUDE]; 2270 int qrv = pmc->idev->mc_qrv; 2271 int new_in, rv; 2272 2273 rv = 0; 2274 for (psf = pmc->mca_sources; psf; psf = psf->sf_next) { 2275 if (pmc->mca_sfcount[MCAST_EXCLUDE]) { 2276 new_in = mca_xcount == psf->sf_count[MCAST_EXCLUDE] && 2277 !psf->sf_count[MCAST_INCLUDE]; 2278 } else 2279 new_in = psf->sf_count[MCAST_INCLUDE] != 0; 2280 if (new_in) { 2281 if (!psf->sf_oldin) { 2282 struct ip6_sf_list *prev = NULL; 2283 2284 for (dpsf = pmc->mca_tomb; dpsf; 2285 dpsf = dpsf->sf_next) { 2286 if (ipv6_addr_equal(&dpsf->sf_addr, 2287 &psf->sf_addr)) 2288 break; 2289 prev = dpsf; 2290 } 2291 if (dpsf) { 2292 if (prev) 2293 prev->sf_next = dpsf->sf_next; 2294 else 2295 pmc->mca_tomb = dpsf->sf_next; 2296 kfree(dpsf); 2297 } 2298 psf->sf_crcount = qrv; 2299 rv++; 2300 } 2301 } else if (psf->sf_oldin) { 2302 psf->sf_crcount = 0; 2303 /* 2304 * add or update "delete" records if an active filter 2305 * is now inactive 2306 */ 2307 for (dpsf = pmc->mca_tomb; dpsf; dpsf = dpsf->sf_next) 2308 if (ipv6_addr_equal(&dpsf->sf_addr, 2309 &psf->sf_addr)) 2310 break; 2311 if (!dpsf) { 2312 dpsf = kmalloc(sizeof(*dpsf), GFP_ATOMIC); 2313 if (!dpsf) 2314 continue; 2315 *dpsf = *psf; 2316 /* pmc->mca_lock held by callers */ 2317 dpsf->sf_next = pmc->mca_tomb; 2318 pmc->mca_tomb = dpsf; 2319 } 2320 dpsf->sf_crcount = qrv; 2321 rv++; 2322 } 2323 } 2324 return rv; 2325 } 2326 2327 /* 2328 * Add multicast source filter list to the interface list 2329 */ 2330 static int ip6_mc_add_src(struct inet6_dev *idev, const struct in6_addr *pmca, 2331 int sfmode, int sfcount, const struct in6_addr *psfsrc, 2332 int delta) 2333 { 2334 struct ifmcaddr6 *pmc; 2335 int isexclude; 2336 int i, err; 2337 2338 if (!idev) 2339 return -ENODEV; 2340 read_lock_bh(&idev->lock); 2341 for (pmc = idev->mc_list; pmc; pmc = pmc->next) { 2342 if (ipv6_addr_equal(pmca, &pmc->mca_addr)) 2343 break; 2344 } 2345 if (!pmc) { 2346 /* MCA not found?? bug */ 2347 read_unlock_bh(&idev->lock); 2348 return -ESRCH; 2349 } 2350 spin_lock_bh(&pmc->mca_lock); 2351 2352 sf_markstate(pmc); 2353 isexclude = pmc->mca_sfmode == MCAST_EXCLUDE; 2354 if (!delta) 2355 pmc->mca_sfcount[sfmode]++; 2356 err = 0; 2357 for (i = 0; i < sfcount; i++) { 2358 err = ip6_mc_add1_src(pmc, sfmode, &psfsrc[i]); 2359 if (err) 2360 break; 2361 } 2362 if (err) { 2363 int j; 2364 2365 if (!delta) 2366 pmc->mca_sfcount[sfmode]--; 2367 for (j = 0; j < i; j++) 2368 ip6_mc_del1_src(pmc, sfmode, &psfsrc[j]); 2369 } else if (isexclude != (pmc->mca_sfcount[MCAST_EXCLUDE] != 0)) { 2370 struct ip6_sf_list *psf; 2371 2372 /* filter mode change */ 2373 if (pmc->mca_sfcount[MCAST_EXCLUDE]) 2374 pmc->mca_sfmode = MCAST_EXCLUDE; 2375 else if (pmc->mca_sfcount[MCAST_INCLUDE]) 2376 pmc->mca_sfmode = MCAST_INCLUDE; 2377 /* else no filters; keep old mode for reports */ 2378 2379 pmc->mca_crcount = idev->mc_qrv; 2380 idev->mc_ifc_count = pmc->mca_crcount; 2381 for (psf = pmc->mca_sources; psf; psf = psf->sf_next) 2382 psf->sf_crcount = 0; 2383 mld_ifc_event(idev); 2384 } else if (sf_setstate(pmc)) 2385 mld_ifc_event(idev); 2386 spin_unlock_bh(&pmc->mca_lock); 2387 read_unlock_bh(&idev->lock); 2388 return err; 2389 } 2390 2391 static void ip6_mc_clear_src(struct ifmcaddr6 *pmc) 2392 { 2393 struct ip6_sf_list *psf, *nextpsf; 2394 2395 for (psf = pmc->mca_tomb; psf; psf = nextpsf) { 2396 nextpsf = psf->sf_next; 2397 kfree(psf); 2398 } 2399 pmc->mca_tomb = NULL; 2400 for (psf = pmc->mca_sources; psf; psf = nextpsf) { 2401 nextpsf = psf->sf_next; 2402 kfree(psf); 2403 } 2404 pmc->mca_sources = NULL; 2405 pmc->mca_sfmode = MCAST_EXCLUDE; 2406 pmc->mca_sfcount[MCAST_INCLUDE] = 0; 2407 pmc->mca_sfcount[MCAST_EXCLUDE] = 1; 2408 } 2409 2410 2411 static void igmp6_join_group(struct ifmcaddr6 *ma) 2412 { 2413 unsigned long delay; 2414 2415 if (ma->mca_flags & MAF_NOREPORT) 2416 return; 2417 2418 igmp6_send(&ma->mca_addr, ma->idev->dev, ICMPV6_MGM_REPORT); 2419 2420 delay = prandom_u32() % unsolicited_report_interval(ma->idev); 2421 2422 spin_lock_bh(&ma->mca_lock); 2423 if (del_timer(&ma->mca_timer)) { 2424 refcount_dec(&ma->mca_refcnt); 2425 delay = ma->mca_timer.expires - jiffies; 2426 } 2427 2428 if (!mod_timer(&ma->mca_timer, jiffies + delay)) 2429 refcount_inc(&ma->mca_refcnt); 2430 ma->mca_flags |= MAF_TIMER_RUNNING | MAF_LAST_REPORTER; 2431 spin_unlock_bh(&ma->mca_lock); 2432 } 2433 2434 static int ip6_mc_leave_src(struct sock *sk, struct ipv6_mc_socklist *iml, 2435 struct inet6_dev *idev) 2436 { 2437 int err; 2438 2439 /* callers have the socket lock and rtnl lock 2440 * so no other readers or writers of iml or its sflist 2441 */ 2442 if (!iml->sflist) { 2443 /* any-source empty exclude case */ 2444 return ip6_mc_del_src(idev, &iml->addr, iml->sfmode, 0, NULL, 0); 2445 } 2446 err = ip6_mc_del_src(idev, &iml->addr, iml->sfmode, 2447 iml->sflist->sl_count, iml->sflist->sl_addr, 0); 2448 sock_kfree_s(sk, iml->sflist, IP6_SFLSIZE(iml->sflist->sl_max)); 2449 iml->sflist = NULL; 2450 return err; 2451 } 2452 2453 static void igmp6_leave_group(struct ifmcaddr6 *ma) 2454 { 2455 if (mld_in_v1_mode(ma->idev)) { 2456 if (ma->mca_flags & MAF_LAST_REPORTER) 2457 igmp6_send(&ma->mca_addr, ma->idev->dev, 2458 ICMPV6_MGM_REDUCTION); 2459 } else { 2460 mld_add_delrec(ma->idev, ma); 2461 mld_ifc_event(ma->idev); 2462 } 2463 } 2464 2465 static void mld_gq_timer_expire(struct timer_list *t) 2466 { 2467 struct inet6_dev *idev = from_timer(idev, t, mc_gq_timer); 2468 2469 idev->mc_gq_running = 0; 2470 mld_send_report(idev, NULL); 2471 in6_dev_put(idev); 2472 } 2473 2474 static void mld_ifc_timer_expire(struct timer_list *t) 2475 { 2476 struct inet6_dev *idev = from_timer(idev, t, mc_ifc_timer); 2477 2478 mld_send_cr(idev); 2479 if (idev->mc_ifc_count) { 2480 idev->mc_ifc_count--; 2481 if (idev->mc_ifc_count) 2482 mld_ifc_start_timer(idev, 2483 unsolicited_report_interval(idev)); 2484 } 2485 in6_dev_put(idev); 2486 } 2487 2488 static void mld_ifc_event(struct inet6_dev *idev) 2489 { 2490 if (mld_in_v1_mode(idev)) 2491 return; 2492 idev->mc_ifc_count = idev->mc_qrv; 2493 mld_ifc_start_timer(idev, 1); 2494 } 2495 2496 static void igmp6_timer_handler(struct timer_list *t) 2497 { 2498 struct ifmcaddr6 *ma = from_timer(ma, t, mca_timer); 2499 2500 if (mld_in_v1_mode(ma->idev)) 2501 igmp6_send(&ma->mca_addr, ma->idev->dev, ICMPV6_MGM_REPORT); 2502 else 2503 mld_send_report(ma->idev, ma); 2504 2505 spin_lock(&ma->mca_lock); 2506 ma->mca_flags |= MAF_LAST_REPORTER; 2507 ma->mca_flags &= ~MAF_TIMER_RUNNING; 2508 spin_unlock(&ma->mca_lock); 2509 ma_put(ma); 2510 } 2511 2512 /* Device changing type */ 2513 2514 void ipv6_mc_unmap(struct inet6_dev *idev) 2515 { 2516 struct ifmcaddr6 *i; 2517 2518 /* Install multicast list, except for all-nodes (already installed) */ 2519 2520 read_lock_bh(&idev->lock); 2521 for (i = idev->mc_list; i; i = i->next) 2522 igmp6_group_dropped(i); 2523 read_unlock_bh(&idev->lock); 2524 } 2525 2526 void ipv6_mc_remap(struct inet6_dev *idev) 2527 { 2528 ipv6_mc_up(idev); 2529 } 2530 2531 /* Device going down */ 2532 2533 void ipv6_mc_down(struct inet6_dev *idev) 2534 { 2535 struct ifmcaddr6 *i; 2536 2537 /* Withdraw multicast list */ 2538 2539 read_lock_bh(&idev->lock); 2540 2541 for (i = idev->mc_list; i; i = i->next) 2542 igmp6_group_dropped(i); 2543 2544 /* Should stop timer after group drop. or we will 2545 * start timer again in mld_ifc_event() 2546 */ 2547 mld_ifc_stop_timer(idev); 2548 mld_gq_stop_timer(idev); 2549 mld_dad_stop_timer(idev); 2550 read_unlock_bh(&idev->lock); 2551 } 2552 2553 static void ipv6_mc_reset(struct inet6_dev *idev) 2554 { 2555 idev->mc_qrv = sysctl_mld_qrv; 2556 idev->mc_qi = MLD_QI_DEFAULT; 2557 idev->mc_qri = MLD_QRI_DEFAULT; 2558 idev->mc_v1_seen = 0; 2559 idev->mc_maxdelay = unsolicited_report_interval(idev); 2560 } 2561 2562 /* Device going up */ 2563 2564 void ipv6_mc_up(struct inet6_dev *idev) 2565 { 2566 struct ifmcaddr6 *i; 2567 2568 /* Install multicast list, except for all-nodes (already installed) */ 2569 2570 read_lock_bh(&idev->lock); 2571 ipv6_mc_reset(idev); 2572 for (i = idev->mc_list; i; i = i->next) { 2573 mld_del_delrec(idev, i); 2574 igmp6_group_added(i); 2575 } 2576 read_unlock_bh(&idev->lock); 2577 } 2578 2579 /* IPv6 device initialization. */ 2580 2581 void ipv6_mc_init_dev(struct inet6_dev *idev) 2582 { 2583 write_lock_bh(&idev->lock); 2584 spin_lock_init(&idev->mc_lock); 2585 idev->mc_gq_running = 0; 2586 timer_setup(&idev->mc_gq_timer, mld_gq_timer_expire, 0); 2587 idev->mc_tomb = NULL; 2588 idev->mc_ifc_count = 0; 2589 timer_setup(&idev->mc_ifc_timer, mld_ifc_timer_expire, 0); 2590 timer_setup(&idev->mc_dad_timer, mld_dad_timer_expire, 0); 2591 ipv6_mc_reset(idev); 2592 write_unlock_bh(&idev->lock); 2593 } 2594 2595 /* 2596 * Device is about to be destroyed: clean up. 2597 */ 2598 2599 void ipv6_mc_destroy_dev(struct inet6_dev *idev) 2600 { 2601 struct ifmcaddr6 *i; 2602 2603 /* Deactivate timers */ 2604 ipv6_mc_down(idev); 2605 mld_clear_delrec(idev); 2606 2607 /* Delete all-nodes address. */ 2608 /* We cannot call ipv6_dev_mc_dec() directly, our caller in 2609 * addrconf.c has NULL'd out dev->ip6_ptr so in6_dev_get() will 2610 * fail. 2611 */ 2612 __ipv6_dev_mc_dec(idev, &in6addr_linklocal_allnodes); 2613 2614 if (idev->cnf.forwarding) 2615 __ipv6_dev_mc_dec(idev, &in6addr_linklocal_allrouters); 2616 2617 write_lock_bh(&idev->lock); 2618 while ((i = idev->mc_list) != NULL) { 2619 idev->mc_list = i->next; 2620 2621 write_unlock_bh(&idev->lock); 2622 ma_put(i); 2623 write_lock_bh(&idev->lock); 2624 } 2625 write_unlock_bh(&idev->lock); 2626 } 2627 2628 static void ipv6_mc_rejoin_groups(struct inet6_dev *idev) 2629 { 2630 struct ifmcaddr6 *pmc; 2631 2632 ASSERT_RTNL(); 2633 2634 if (mld_in_v1_mode(idev)) { 2635 read_lock_bh(&idev->lock); 2636 for (pmc = idev->mc_list; pmc; pmc = pmc->next) 2637 igmp6_join_group(pmc); 2638 read_unlock_bh(&idev->lock); 2639 } else 2640 mld_send_report(idev, NULL); 2641 } 2642 2643 static int ipv6_mc_netdev_event(struct notifier_block *this, 2644 unsigned long event, 2645 void *ptr) 2646 { 2647 struct net_device *dev = netdev_notifier_info_to_dev(ptr); 2648 struct inet6_dev *idev = __in6_dev_get(dev); 2649 2650 switch (event) { 2651 case NETDEV_RESEND_IGMP: 2652 if (idev) 2653 ipv6_mc_rejoin_groups(idev); 2654 break; 2655 default: 2656 break; 2657 } 2658 2659 return NOTIFY_DONE; 2660 } 2661 2662 static struct notifier_block igmp6_netdev_notifier = { 2663 .notifier_call = ipv6_mc_netdev_event, 2664 }; 2665 2666 #ifdef CONFIG_PROC_FS 2667 struct igmp6_mc_iter_state { 2668 struct seq_net_private p; 2669 struct net_device *dev; 2670 struct inet6_dev *idev; 2671 }; 2672 2673 #define igmp6_mc_seq_private(seq) ((struct igmp6_mc_iter_state *)(seq)->private) 2674 2675 static inline struct ifmcaddr6 *igmp6_mc_get_first(struct seq_file *seq) 2676 { 2677 struct ifmcaddr6 *im = NULL; 2678 struct igmp6_mc_iter_state *state = igmp6_mc_seq_private(seq); 2679 struct net *net = seq_file_net(seq); 2680 2681 state->idev = NULL; 2682 for_each_netdev_rcu(net, state->dev) { 2683 struct inet6_dev *idev; 2684 idev = __in6_dev_get(state->dev); 2685 if (!idev) 2686 continue; 2687 read_lock_bh(&idev->lock); 2688 im = idev->mc_list; 2689 if (im) { 2690 state->idev = idev; 2691 break; 2692 } 2693 read_unlock_bh(&idev->lock); 2694 } 2695 return im; 2696 } 2697 2698 static struct ifmcaddr6 *igmp6_mc_get_next(struct seq_file *seq, struct ifmcaddr6 *im) 2699 { 2700 struct igmp6_mc_iter_state *state = igmp6_mc_seq_private(seq); 2701 2702 im = im->next; 2703 while (!im) { 2704 if (likely(state->idev)) 2705 read_unlock_bh(&state->idev->lock); 2706 2707 state->dev = next_net_device_rcu(state->dev); 2708 if (!state->dev) { 2709 state->idev = NULL; 2710 break; 2711 } 2712 state->idev = __in6_dev_get(state->dev); 2713 if (!state->idev) 2714 continue; 2715 read_lock_bh(&state->idev->lock); 2716 im = state->idev->mc_list; 2717 } 2718 return im; 2719 } 2720 2721 static struct ifmcaddr6 *igmp6_mc_get_idx(struct seq_file *seq, loff_t pos) 2722 { 2723 struct ifmcaddr6 *im = igmp6_mc_get_first(seq); 2724 if (im) 2725 while (pos && (im = igmp6_mc_get_next(seq, im)) != NULL) 2726 --pos; 2727 return pos ? NULL : im; 2728 } 2729 2730 static void *igmp6_mc_seq_start(struct seq_file *seq, loff_t *pos) 2731 __acquires(RCU) 2732 { 2733 rcu_read_lock(); 2734 return igmp6_mc_get_idx(seq, *pos); 2735 } 2736 2737 static void *igmp6_mc_seq_next(struct seq_file *seq, void *v, loff_t *pos) 2738 { 2739 struct ifmcaddr6 *im = igmp6_mc_get_next(seq, v); 2740 2741 ++*pos; 2742 return im; 2743 } 2744 2745 static void igmp6_mc_seq_stop(struct seq_file *seq, void *v) 2746 __releases(RCU) 2747 { 2748 struct igmp6_mc_iter_state *state = igmp6_mc_seq_private(seq); 2749 2750 if (likely(state->idev)) { 2751 read_unlock_bh(&state->idev->lock); 2752 state->idev = NULL; 2753 } 2754 state->dev = NULL; 2755 rcu_read_unlock(); 2756 } 2757 2758 static int igmp6_mc_seq_show(struct seq_file *seq, void *v) 2759 { 2760 struct ifmcaddr6 *im = (struct ifmcaddr6 *)v; 2761 struct igmp6_mc_iter_state *state = igmp6_mc_seq_private(seq); 2762 2763 seq_printf(seq, 2764 "%-4d %-15s %pi6 %5d %08X %ld\n", 2765 state->dev->ifindex, state->dev->name, 2766 &im->mca_addr, 2767 im->mca_users, im->mca_flags, 2768 (im->mca_flags&MAF_TIMER_RUNNING) ? 2769 jiffies_to_clock_t(im->mca_timer.expires-jiffies) : 0); 2770 return 0; 2771 } 2772 2773 static const struct seq_operations igmp6_mc_seq_ops = { 2774 .start = igmp6_mc_seq_start, 2775 .next = igmp6_mc_seq_next, 2776 .stop = igmp6_mc_seq_stop, 2777 .show = igmp6_mc_seq_show, 2778 }; 2779 2780 struct igmp6_mcf_iter_state { 2781 struct seq_net_private p; 2782 struct net_device *dev; 2783 struct inet6_dev *idev; 2784 struct ifmcaddr6 *im; 2785 }; 2786 2787 #define igmp6_mcf_seq_private(seq) ((struct igmp6_mcf_iter_state *)(seq)->private) 2788 2789 static inline struct ip6_sf_list *igmp6_mcf_get_first(struct seq_file *seq) 2790 { 2791 struct ip6_sf_list *psf = NULL; 2792 struct ifmcaddr6 *im = NULL; 2793 struct igmp6_mcf_iter_state *state = igmp6_mcf_seq_private(seq); 2794 struct net *net = seq_file_net(seq); 2795 2796 state->idev = NULL; 2797 state->im = NULL; 2798 for_each_netdev_rcu(net, state->dev) { 2799 struct inet6_dev *idev; 2800 idev = __in6_dev_get(state->dev); 2801 if (unlikely(idev == NULL)) 2802 continue; 2803 read_lock_bh(&idev->lock); 2804 im = idev->mc_list; 2805 if (likely(im)) { 2806 spin_lock_bh(&im->mca_lock); 2807 psf = im->mca_sources; 2808 if (likely(psf)) { 2809 state->im = im; 2810 state->idev = idev; 2811 break; 2812 } 2813 spin_unlock_bh(&im->mca_lock); 2814 } 2815 read_unlock_bh(&idev->lock); 2816 } 2817 return psf; 2818 } 2819 2820 static struct ip6_sf_list *igmp6_mcf_get_next(struct seq_file *seq, struct ip6_sf_list *psf) 2821 { 2822 struct igmp6_mcf_iter_state *state = igmp6_mcf_seq_private(seq); 2823 2824 psf = psf->sf_next; 2825 while (!psf) { 2826 spin_unlock_bh(&state->im->mca_lock); 2827 state->im = state->im->next; 2828 while (!state->im) { 2829 if (likely(state->idev)) 2830 read_unlock_bh(&state->idev->lock); 2831 2832 state->dev = next_net_device_rcu(state->dev); 2833 if (!state->dev) { 2834 state->idev = NULL; 2835 goto out; 2836 } 2837 state->idev = __in6_dev_get(state->dev); 2838 if (!state->idev) 2839 continue; 2840 read_lock_bh(&state->idev->lock); 2841 state->im = state->idev->mc_list; 2842 } 2843 if (!state->im) 2844 break; 2845 spin_lock_bh(&state->im->mca_lock); 2846 psf = state->im->mca_sources; 2847 } 2848 out: 2849 return psf; 2850 } 2851 2852 static struct ip6_sf_list *igmp6_mcf_get_idx(struct seq_file *seq, loff_t pos) 2853 { 2854 struct ip6_sf_list *psf = igmp6_mcf_get_first(seq); 2855 if (psf) 2856 while (pos && (psf = igmp6_mcf_get_next(seq, psf)) != NULL) 2857 --pos; 2858 return pos ? NULL : psf; 2859 } 2860 2861 static void *igmp6_mcf_seq_start(struct seq_file *seq, loff_t *pos) 2862 __acquires(RCU) 2863 { 2864 rcu_read_lock(); 2865 return *pos ? igmp6_mcf_get_idx(seq, *pos - 1) : SEQ_START_TOKEN; 2866 } 2867 2868 static void *igmp6_mcf_seq_next(struct seq_file *seq, void *v, loff_t *pos) 2869 { 2870 struct ip6_sf_list *psf; 2871 if (v == SEQ_START_TOKEN) 2872 psf = igmp6_mcf_get_first(seq); 2873 else 2874 psf = igmp6_mcf_get_next(seq, v); 2875 ++*pos; 2876 return psf; 2877 } 2878 2879 static void igmp6_mcf_seq_stop(struct seq_file *seq, void *v) 2880 __releases(RCU) 2881 { 2882 struct igmp6_mcf_iter_state *state = igmp6_mcf_seq_private(seq); 2883 if (likely(state->im)) { 2884 spin_unlock_bh(&state->im->mca_lock); 2885 state->im = NULL; 2886 } 2887 if (likely(state->idev)) { 2888 read_unlock_bh(&state->idev->lock); 2889 state->idev = NULL; 2890 } 2891 state->dev = NULL; 2892 rcu_read_unlock(); 2893 } 2894 2895 static int igmp6_mcf_seq_show(struct seq_file *seq, void *v) 2896 { 2897 struct ip6_sf_list *psf = (struct ip6_sf_list *)v; 2898 struct igmp6_mcf_iter_state *state = igmp6_mcf_seq_private(seq); 2899 2900 if (v == SEQ_START_TOKEN) { 2901 seq_puts(seq, "Idx Device Multicast Address Source Address INC EXC\n"); 2902 } else { 2903 seq_printf(seq, 2904 "%3d %6.6s %pi6 %pi6 %6lu %6lu\n", 2905 state->dev->ifindex, state->dev->name, 2906 &state->im->mca_addr, 2907 &psf->sf_addr, 2908 psf->sf_count[MCAST_INCLUDE], 2909 psf->sf_count[MCAST_EXCLUDE]); 2910 } 2911 return 0; 2912 } 2913 2914 static const struct seq_operations igmp6_mcf_seq_ops = { 2915 .start = igmp6_mcf_seq_start, 2916 .next = igmp6_mcf_seq_next, 2917 .stop = igmp6_mcf_seq_stop, 2918 .show = igmp6_mcf_seq_show, 2919 }; 2920 2921 static int __net_init igmp6_proc_init(struct net *net) 2922 { 2923 int err; 2924 2925 err = -ENOMEM; 2926 if (!proc_create_net("igmp6", 0444, net->proc_net, &igmp6_mc_seq_ops, 2927 sizeof(struct igmp6_mc_iter_state))) 2928 goto out; 2929 if (!proc_create_net("mcfilter6", 0444, net->proc_net, 2930 &igmp6_mcf_seq_ops, 2931 sizeof(struct igmp6_mcf_iter_state))) 2932 goto out_proc_net_igmp6; 2933 2934 err = 0; 2935 out: 2936 return err; 2937 2938 out_proc_net_igmp6: 2939 remove_proc_entry("igmp6", net->proc_net); 2940 goto out; 2941 } 2942 2943 static void __net_exit igmp6_proc_exit(struct net *net) 2944 { 2945 remove_proc_entry("mcfilter6", net->proc_net); 2946 remove_proc_entry("igmp6", net->proc_net); 2947 } 2948 #else 2949 static inline int igmp6_proc_init(struct net *net) 2950 { 2951 return 0; 2952 } 2953 static inline void igmp6_proc_exit(struct net *net) 2954 { 2955 } 2956 #endif 2957 2958 static int __net_init igmp6_net_init(struct net *net) 2959 { 2960 int err; 2961 2962 err = inet_ctl_sock_create(&net->ipv6.igmp_sk, PF_INET6, 2963 SOCK_RAW, IPPROTO_ICMPV6, net); 2964 if (err < 0) { 2965 pr_err("Failed to initialize the IGMP6 control socket (err %d)\n", 2966 err); 2967 goto out; 2968 } 2969 2970 inet6_sk(net->ipv6.igmp_sk)->hop_limit = 1; 2971 2972 err = inet_ctl_sock_create(&net->ipv6.mc_autojoin_sk, PF_INET6, 2973 SOCK_RAW, IPPROTO_ICMPV6, net); 2974 if (err < 0) { 2975 pr_err("Failed to initialize the IGMP6 autojoin socket (err %d)\n", 2976 err); 2977 goto out_sock_create; 2978 } 2979 2980 err = igmp6_proc_init(net); 2981 if (err) 2982 goto out_sock_create_autojoin; 2983 2984 return 0; 2985 2986 out_sock_create_autojoin: 2987 inet_ctl_sock_destroy(net->ipv6.mc_autojoin_sk); 2988 out_sock_create: 2989 inet_ctl_sock_destroy(net->ipv6.igmp_sk); 2990 out: 2991 return err; 2992 } 2993 2994 static void __net_exit igmp6_net_exit(struct net *net) 2995 { 2996 inet_ctl_sock_destroy(net->ipv6.igmp_sk); 2997 inet_ctl_sock_destroy(net->ipv6.mc_autojoin_sk); 2998 igmp6_proc_exit(net); 2999 } 3000 3001 static struct pernet_operations igmp6_net_ops = { 3002 .init = igmp6_net_init, 3003 .exit = igmp6_net_exit, 3004 }; 3005 3006 int __init igmp6_init(void) 3007 { 3008 return register_pernet_subsys(&igmp6_net_ops); 3009 } 3010 3011 int __init igmp6_late_init(void) 3012 { 3013 return register_netdevice_notifier(&igmp6_netdev_notifier); 3014 } 3015 3016 void igmp6_cleanup(void) 3017 { 3018 unregister_pernet_subsys(&igmp6_net_ops); 3019 } 3020 3021 void igmp6_late_cleanup(void) 3022 { 3023 unregister_netdevice_notifier(&igmp6_netdev_notifier); 3024 } 3025