1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * NET3 IP device support routines. 4 * 5 * Derived from the IP parts of dev.c 1.0.19 6 * Authors: Ross Biro 7 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG> 8 * Mark Evans, <evansmp@uhura.aston.ac.uk> 9 * 10 * Additional Authors: 11 * Alan Cox, <gw4pts@gw4pts.ampr.org> 12 * Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru> 13 * 14 * Changes: 15 * Alexey Kuznetsov: pa_* fields are replaced with ifaddr 16 * lists. 17 * Cyrus Durgin: updated for kmod 18 * Matthias Andree: in devinet_ioctl, compare label and 19 * address (4.4BSD alias style support), 20 * fall back to comparing just the label 21 * if no match found. 22 */ 23 24 25 #include <linux/uaccess.h> 26 #include <linux/bitops.h> 27 #include <linux/capability.h> 28 #include <linux/module.h> 29 #include <linux/types.h> 30 #include <linux/kernel.h> 31 #include <linux/sched/signal.h> 32 #include <linux/string.h> 33 #include <linux/mm.h> 34 #include <linux/socket.h> 35 #include <linux/sockios.h> 36 #include <linux/in.h> 37 #include <linux/errno.h> 38 #include <linux/interrupt.h> 39 #include <linux/if_addr.h> 40 #include <linux/if_ether.h> 41 #include <linux/inet.h> 42 #include <linux/netdevice.h> 43 #include <linux/etherdevice.h> 44 #include <linux/skbuff.h> 45 #include <linux/init.h> 46 #include <linux/notifier.h> 47 #include <linux/inetdevice.h> 48 #include <linux/igmp.h> 49 #include <linux/slab.h> 50 #include <linux/hash.h> 51 #ifdef CONFIG_SYSCTL 52 #include <linux/sysctl.h> 53 #endif 54 #include <linux/kmod.h> 55 #include <linux/netconf.h> 56 57 #include <net/arp.h> 58 #include <net/ip.h> 59 #include <net/route.h> 60 #include <net/ip_fib.h> 61 #include <net/rtnetlink.h> 62 #include <net/net_namespace.h> 63 #include <net/addrconf.h> 64 65 #define IPV6ONLY_FLAGS \ 66 (IFA_F_NODAD | IFA_F_OPTIMISTIC | IFA_F_DADFAILED | \ 67 IFA_F_HOMEADDRESS | IFA_F_TENTATIVE | \ 68 IFA_F_MANAGETEMPADDR | IFA_F_STABLE_PRIVACY) 69 70 static struct ipv4_devconf ipv4_devconf = { 71 .data = { 72 [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 1, 73 [IPV4_DEVCONF_SEND_REDIRECTS - 1] = 1, 74 [IPV4_DEVCONF_SECURE_REDIRECTS - 1] = 1, 75 [IPV4_DEVCONF_SHARED_MEDIA - 1] = 1, 76 [IPV4_DEVCONF_IGMPV2_UNSOLICITED_REPORT_INTERVAL - 1] = 10000 /*ms*/, 77 [IPV4_DEVCONF_IGMPV3_UNSOLICITED_REPORT_INTERVAL - 1] = 1000 /*ms*/, 78 [IPV4_DEVCONF_ARP_EVICT_NOCARRIER - 1] = 1, 79 }, 80 }; 81 82 static struct ipv4_devconf ipv4_devconf_dflt = { 83 .data = { 84 [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 1, 85 [IPV4_DEVCONF_SEND_REDIRECTS - 1] = 1, 86 [IPV4_DEVCONF_SECURE_REDIRECTS - 1] = 1, 87 [IPV4_DEVCONF_SHARED_MEDIA - 1] = 1, 88 [IPV4_DEVCONF_ACCEPT_SOURCE_ROUTE - 1] = 1, 89 [IPV4_DEVCONF_IGMPV2_UNSOLICITED_REPORT_INTERVAL - 1] = 10000 /*ms*/, 90 [IPV4_DEVCONF_IGMPV3_UNSOLICITED_REPORT_INTERVAL - 1] = 1000 /*ms*/, 91 [IPV4_DEVCONF_ARP_EVICT_NOCARRIER - 1] = 1, 92 }, 93 }; 94 95 #define IPV4_DEVCONF_DFLT(net, attr) \ 96 IPV4_DEVCONF((*net->ipv4.devconf_dflt), attr) 97 98 static const struct nla_policy ifa_ipv4_policy[IFA_MAX+1] = { 99 [IFA_LOCAL] = { .type = NLA_U32 }, 100 [IFA_ADDRESS] = { .type = NLA_U32 }, 101 [IFA_BROADCAST] = { .type = NLA_U32 }, 102 [IFA_LABEL] = { .type = NLA_STRING, .len = IFNAMSIZ - 1 }, 103 [IFA_CACHEINFO] = { .len = sizeof(struct ifa_cacheinfo) }, 104 [IFA_FLAGS] = { .type = NLA_U32 }, 105 [IFA_RT_PRIORITY] = { .type = NLA_U32 }, 106 [IFA_TARGET_NETNSID] = { .type = NLA_S32 }, 107 [IFA_PROTO] = { .type = NLA_U8 }, 108 }; 109 110 struct inet_fill_args { 111 u32 portid; 112 u32 seq; 113 int event; 114 unsigned int flags; 115 int netnsid; 116 int ifindex; 117 }; 118 119 #define IN4_ADDR_HSIZE_SHIFT 8 120 #define IN4_ADDR_HSIZE (1U << IN4_ADDR_HSIZE_SHIFT) 121 122 static struct hlist_head inet_addr_lst[IN4_ADDR_HSIZE]; 123 inet_addr_hash(const struct net * net,__be32 addr)124 static u32 inet_addr_hash(const struct net *net, __be32 addr) 125 { 126 u32 val = (__force u32) addr ^ net_hash_mix(net); 127 128 return hash_32(val, IN4_ADDR_HSIZE_SHIFT); 129 } 130 inet_hash_insert(struct net * net,struct in_ifaddr * ifa)131 static void inet_hash_insert(struct net *net, struct in_ifaddr *ifa) 132 { 133 u32 hash = inet_addr_hash(net, ifa->ifa_local); 134 135 ASSERT_RTNL(); 136 hlist_add_head_rcu(&ifa->hash, &inet_addr_lst[hash]); 137 } 138 inet_hash_remove(struct in_ifaddr * ifa)139 static void inet_hash_remove(struct in_ifaddr *ifa) 140 { 141 ASSERT_RTNL(); 142 hlist_del_init_rcu(&ifa->hash); 143 } 144 145 /** 146 * __ip_dev_find - find the first device with a given source address. 147 * @net: the net namespace 148 * @addr: the source address 149 * @devref: if true, take a reference on the found device 150 * 151 * If a caller uses devref=false, it should be protected by RCU, or RTNL 152 */ __ip_dev_find(struct net * net,__be32 addr,bool devref)153 struct net_device *__ip_dev_find(struct net *net, __be32 addr, bool devref) 154 { 155 struct net_device *result = NULL; 156 struct in_ifaddr *ifa; 157 158 rcu_read_lock(); 159 ifa = inet_lookup_ifaddr_rcu(net, addr); 160 if (!ifa) { 161 struct flowi4 fl4 = { .daddr = addr }; 162 struct fib_result res = { 0 }; 163 struct fib_table *local; 164 165 /* Fallback to FIB local table so that communication 166 * over loopback subnets work. 167 */ 168 local = fib_get_table(net, RT_TABLE_LOCAL); 169 if (local && 170 !fib_table_lookup(local, &fl4, &res, FIB_LOOKUP_NOREF) && 171 res.type == RTN_LOCAL) 172 result = FIB_RES_DEV(res); 173 } else { 174 result = ifa->ifa_dev->dev; 175 } 176 if (result && devref) 177 dev_hold(result); 178 rcu_read_unlock(); 179 return result; 180 } 181 EXPORT_SYMBOL(__ip_dev_find); 182 183 /* called under RCU lock */ inet_lookup_ifaddr_rcu(struct net * net,__be32 addr)184 struct in_ifaddr *inet_lookup_ifaddr_rcu(struct net *net, __be32 addr) 185 { 186 u32 hash = inet_addr_hash(net, addr); 187 struct in_ifaddr *ifa; 188 189 hlist_for_each_entry_rcu(ifa, &inet_addr_lst[hash], hash) 190 if (ifa->ifa_local == addr && 191 net_eq(dev_net(ifa->ifa_dev->dev), net)) 192 return ifa; 193 194 return NULL; 195 } 196 197 static void rtmsg_ifa(int event, struct in_ifaddr *, struct nlmsghdr *, u32); 198 199 static BLOCKING_NOTIFIER_HEAD(inetaddr_chain); 200 static BLOCKING_NOTIFIER_HEAD(inetaddr_validator_chain); 201 static void inet_del_ifa(struct in_device *in_dev, 202 struct in_ifaddr __rcu **ifap, 203 int destroy); 204 #ifdef CONFIG_SYSCTL 205 static int devinet_sysctl_register(struct in_device *idev); 206 static void devinet_sysctl_unregister(struct in_device *idev); 207 #else devinet_sysctl_register(struct in_device * idev)208 static int devinet_sysctl_register(struct in_device *idev) 209 { 210 return 0; 211 } devinet_sysctl_unregister(struct in_device * idev)212 static void devinet_sysctl_unregister(struct in_device *idev) 213 { 214 } 215 #endif 216 217 /* Locks all the inet devices. */ 218 inet_alloc_ifa(struct in_device * in_dev)219 static struct in_ifaddr *inet_alloc_ifa(struct in_device *in_dev) 220 { 221 struct in_ifaddr *ifa; 222 223 ifa = kzalloc(sizeof(*ifa), GFP_KERNEL_ACCOUNT); 224 if (!ifa) 225 return NULL; 226 227 in_dev_hold(in_dev); 228 ifa->ifa_dev = in_dev; 229 230 INIT_HLIST_NODE(&ifa->hash); 231 232 return ifa; 233 } 234 inet_rcu_free_ifa(struct rcu_head * head)235 static void inet_rcu_free_ifa(struct rcu_head *head) 236 { 237 struct in_ifaddr *ifa = container_of(head, struct in_ifaddr, rcu_head); 238 239 in_dev_put(ifa->ifa_dev); 240 kfree(ifa); 241 } 242 inet_free_ifa(struct in_ifaddr * ifa)243 static void inet_free_ifa(struct in_ifaddr *ifa) 244 { 245 /* Our reference to ifa->ifa_dev must be freed ASAP 246 * to release the reference to the netdev the same way. 247 * in_dev_put() -> in_dev_finish_destroy() -> netdev_put() 248 */ 249 call_rcu_hurry(&ifa->rcu_head, inet_rcu_free_ifa); 250 } 251 in_dev_free_rcu(struct rcu_head * head)252 static void in_dev_free_rcu(struct rcu_head *head) 253 { 254 struct in_device *idev = container_of(head, struct in_device, rcu_head); 255 256 kfree(rcu_dereference_protected(idev->mc_hash, 1)); 257 kfree(idev); 258 } 259 in_dev_finish_destroy(struct in_device * idev)260 void in_dev_finish_destroy(struct in_device *idev) 261 { 262 struct net_device *dev = idev->dev; 263 264 WARN_ON(idev->ifa_list); 265 WARN_ON(idev->mc_list); 266 #ifdef NET_REFCNT_DEBUG 267 pr_debug("%s: %p=%s\n", __func__, idev, dev ? dev->name : "NIL"); 268 #endif 269 netdev_put(dev, &idev->dev_tracker); 270 if (!idev->dead) 271 pr_err("Freeing alive in_device %p\n", idev); 272 else 273 call_rcu(&idev->rcu_head, in_dev_free_rcu); 274 } 275 EXPORT_SYMBOL(in_dev_finish_destroy); 276 inetdev_init(struct net_device * dev)277 static struct in_device *inetdev_init(struct net_device *dev) 278 { 279 struct in_device *in_dev; 280 int err = -ENOMEM; 281 282 ASSERT_RTNL(); 283 284 in_dev = kzalloc(sizeof(*in_dev), GFP_KERNEL); 285 if (!in_dev) 286 goto out; 287 memcpy(&in_dev->cnf, dev_net(dev)->ipv4.devconf_dflt, 288 sizeof(in_dev->cnf)); 289 in_dev->cnf.sysctl = NULL; 290 in_dev->dev = dev; 291 in_dev->arp_parms = neigh_parms_alloc(dev, &arp_tbl); 292 if (!in_dev->arp_parms) 293 goto out_kfree; 294 if (IPV4_DEVCONF(in_dev->cnf, FORWARDING)) 295 dev_disable_lro(dev); 296 /* Reference in_dev->dev */ 297 netdev_hold(dev, &in_dev->dev_tracker, GFP_KERNEL); 298 /* Account for reference dev->ip_ptr (below) */ 299 refcount_set(&in_dev->refcnt, 1); 300 301 if (dev != blackhole_netdev) { 302 err = devinet_sysctl_register(in_dev); 303 if (err) { 304 in_dev->dead = 1; 305 neigh_parms_release(&arp_tbl, in_dev->arp_parms); 306 in_dev_put(in_dev); 307 in_dev = NULL; 308 goto out; 309 } 310 ip_mc_init_dev(in_dev); 311 if (dev->flags & IFF_UP) 312 ip_mc_up(in_dev); 313 } 314 315 /* we can receive as soon as ip_ptr is set -- do this last */ 316 rcu_assign_pointer(dev->ip_ptr, in_dev); 317 out: 318 return in_dev ?: ERR_PTR(err); 319 out_kfree: 320 kfree(in_dev); 321 in_dev = NULL; 322 goto out; 323 } 324 inetdev_destroy(struct in_device * in_dev)325 static void inetdev_destroy(struct in_device *in_dev) 326 { 327 struct net_device *dev; 328 struct in_ifaddr *ifa; 329 330 ASSERT_RTNL(); 331 332 dev = in_dev->dev; 333 334 in_dev->dead = 1; 335 336 ip_mc_destroy_dev(in_dev); 337 338 while ((ifa = rtnl_dereference(in_dev->ifa_list)) != NULL) { 339 inet_del_ifa(in_dev, &in_dev->ifa_list, 0); 340 inet_free_ifa(ifa); 341 } 342 343 RCU_INIT_POINTER(dev->ip_ptr, NULL); 344 345 devinet_sysctl_unregister(in_dev); 346 neigh_parms_release(&arp_tbl, in_dev->arp_parms); 347 arp_ifdown(dev); 348 349 in_dev_put(in_dev); 350 } 351 inet_blackhole_dev_init(void)352 static int __init inet_blackhole_dev_init(void) 353 { 354 int err = 0; 355 356 rtnl_lock(); 357 if (!inetdev_init(blackhole_netdev)) 358 err = -ENOMEM; 359 rtnl_unlock(); 360 361 return err; 362 } 363 late_initcall(inet_blackhole_dev_init); 364 inet_addr_onlink(struct in_device * in_dev,__be32 a,__be32 b)365 int inet_addr_onlink(struct in_device *in_dev, __be32 a, __be32 b) 366 { 367 const struct in_ifaddr *ifa; 368 369 rcu_read_lock(); 370 in_dev_for_each_ifa_rcu(ifa, in_dev) { 371 if (inet_ifa_match(a, ifa)) { 372 if (!b || inet_ifa_match(b, ifa)) { 373 rcu_read_unlock(); 374 return 1; 375 } 376 } 377 } 378 rcu_read_unlock(); 379 return 0; 380 } 381 __inet_del_ifa(struct in_device * in_dev,struct in_ifaddr __rcu ** ifap,int destroy,struct nlmsghdr * nlh,u32 portid)382 static void __inet_del_ifa(struct in_device *in_dev, 383 struct in_ifaddr __rcu **ifap, 384 int destroy, struct nlmsghdr *nlh, u32 portid) 385 { 386 struct in_ifaddr *promote = NULL; 387 struct in_ifaddr *ifa, *ifa1; 388 struct in_ifaddr __rcu **last_prim; 389 struct in_ifaddr *prev_prom = NULL; 390 int do_promote = IN_DEV_PROMOTE_SECONDARIES(in_dev); 391 392 ASSERT_RTNL(); 393 394 ifa1 = rtnl_dereference(*ifap); 395 last_prim = ifap; 396 if (in_dev->dead) 397 goto no_promotions; 398 399 /* 1. Deleting primary ifaddr forces deletion all secondaries 400 * unless alias promotion is set 401 **/ 402 403 if (!(ifa1->ifa_flags & IFA_F_SECONDARY)) { 404 struct in_ifaddr __rcu **ifap1 = &ifa1->ifa_next; 405 406 while ((ifa = rtnl_dereference(*ifap1)) != NULL) { 407 if (!(ifa->ifa_flags & IFA_F_SECONDARY) && 408 ifa1->ifa_scope <= ifa->ifa_scope) 409 last_prim = &ifa->ifa_next; 410 411 if (!(ifa->ifa_flags & IFA_F_SECONDARY) || 412 ifa1->ifa_mask != ifa->ifa_mask || 413 !inet_ifa_match(ifa1->ifa_address, ifa)) { 414 ifap1 = &ifa->ifa_next; 415 prev_prom = ifa; 416 continue; 417 } 418 419 if (!do_promote) { 420 inet_hash_remove(ifa); 421 *ifap1 = ifa->ifa_next; 422 423 rtmsg_ifa(RTM_DELADDR, ifa, nlh, portid); 424 blocking_notifier_call_chain(&inetaddr_chain, 425 NETDEV_DOWN, ifa); 426 inet_free_ifa(ifa); 427 } else { 428 promote = ifa; 429 break; 430 } 431 } 432 } 433 434 /* On promotion all secondaries from subnet are changing 435 * the primary IP, we must remove all their routes silently 436 * and later to add them back with new prefsrc. Do this 437 * while all addresses are on the device list. 438 */ 439 for (ifa = promote; ifa; ifa = rtnl_dereference(ifa->ifa_next)) { 440 if (ifa1->ifa_mask == ifa->ifa_mask && 441 inet_ifa_match(ifa1->ifa_address, ifa)) 442 fib_del_ifaddr(ifa, ifa1); 443 } 444 445 no_promotions: 446 /* 2. Unlink it */ 447 448 *ifap = ifa1->ifa_next; 449 inet_hash_remove(ifa1); 450 451 /* 3. Announce address deletion */ 452 453 /* Send message first, then call notifier. 454 At first sight, FIB update triggered by notifier 455 will refer to already deleted ifaddr, that could confuse 456 netlink listeners. It is not true: look, gated sees 457 that route deleted and if it still thinks that ifaddr 458 is valid, it will try to restore deleted routes... Grr. 459 So that, this order is correct. 460 */ 461 rtmsg_ifa(RTM_DELADDR, ifa1, nlh, portid); 462 blocking_notifier_call_chain(&inetaddr_chain, NETDEV_DOWN, ifa1); 463 464 if (promote) { 465 struct in_ifaddr *next_sec; 466 467 next_sec = rtnl_dereference(promote->ifa_next); 468 if (prev_prom) { 469 struct in_ifaddr *last_sec; 470 471 rcu_assign_pointer(prev_prom->ifa_next, next_sec); 472 473 last_sec = rtnl_dereference(*last_prim); 474 rcu_assign_pointer(promote->ifa_next, last_sec); 475 rcu_assign_pointer(*last_prim, promote); 476 } 477 478 promote->ifa_flags &= ~IFA_F_SECONDARY; 479 rtmsg_ifa(RTM_NEWADDR, promote, nlh, portid); 480 blocking_notifier_call_chain(&inetaddr_chain, 481 NETDEV_UP, promote); 482 for (ifa = next_sec; ifa; 483 ifa = rtnl_dereference(ifa->ifa_next)) { 484 if (ifa1->ifa_mask != ifa->ifa_mask || 485 !inet_ifa_match(ifa1->ifa_address, ifa)) 486 continue; 487 fib_add_ifaddr(ifa); 488 } 489 490 } 491 if (destroy) 492 inet_free_ifa(ifa1); 493 } 494 inet_del_ifa(struct in_device * in_dev,struct in_ifaddr __rcu ** ifap,int destroy)495 static void inet_del_ifa(struct in_device *in_dev, 496 struct in_ifaddr __rcu **ifap, 497 int destroy) 498 { 499 __inet_del_ifa(in_dev, ifap, destroy, NULL, 0); 500 } 501 502 static void check_lifetime(struct work_struct *work); 503 504 static DECLARE_DELAYED_WORK(check_lifetime_work, check_lifetime); 505 __inet_insert_ifa(struct in_ifaddr * ifa,struct nlmsghdr * nlh,u32 portid,struct netlink_ext_ack * extack)506 static int __inet_insert_ifa(struct in_ifaddr *ifa, struct nlmsghdr *nlh, 507 u32 portid, struct netlink_ext_ack *extack) 508 { 509 struct in_ifaddr __rcu **last_primary, **ifap; 510 struct in_device *in_dev = ifa->ifa_dev; 511 struct in_validator_info ivi; 512 struct in_ifaddr *ifa1; 513 int ret; 514 515 ASSERT_RTNL(); 516 517 if (!ifa->ifa_local) { 518 inet_free_ifa(ifa); 519 return 0; 520 } 521 522 ifa->ifa_flags &= ~IFA_F_SECONDARY; 523 last_primary = &in_dev->ifa_list; 524 525 /* Don't set IPv6 only flags to IPv4 addresses */ 526 ifa->ifa_flags &= ~IPV6ONLY_FLAGS; 527 528 ifap = &in_dev->ifa_list; 529 ifa1 = rtnl_dereference(*ifap); 530 531 while (ifa1) { 532 if (!(ifa1->ifa_flags & IFA_F_SECONDARY) && 533 ifa->ifa_scope <= ifa1->ifa_scope) 534 last_primary = &ifa1->ifa_next; 535 if (ifa1->ifa_mask == ifa->ifa_mask && 536 inet_ifa_match(ifa1->ifa_address, ifa)) { 537 if (ifa1->ifa_local == ifa->ifa_local) { 538 inet_free_ifa(ifa); 539 return -EEXIST; 540 } 541 if (ifa1->ifa_scope != ifa->ifa_scope) { 542 NL_SET_ERR_MSG(extack, "ipv4: Invalid scope value"); 543 inet_free_ifa(ifa); 544 return -EINVAL; 545 } 546 ifa->ifa_flags |= IFA_F_SECONDARY; 547 } 548 549 ifap = &ifa1->ifa_next; 550 ifa1 = rtnl_dereference(*ifap); 551 } 552 553 /* Allow any devices that wish to register ifaddr validtors to weigh 554 * in now, before changes are committed. The rntl lock is serializing 555 * access here, so the state should not change between a validator call 556 * and a final notify on commit. This isn't invoked on promotion under 557 * the assumption that validators are checking the address itself, and 558 * not the flags. 559 */ 560 ivi.ivi_addr = ifa->ifa_address; 561 ivi.ivi_dev = ifa->ifa_dev; 562 ivi.extack = extack; 563 ret = blocking_notifier_call_chain(&inetaddr_validator_chain, 564 NETDEV_UP, &ivi); 565 ret = notifier_to_errno(ret); 566 if (ret) { 567 inet_free_ifa(ifa); 568 return ret; 569 } 570 571 if (!(ifa->ifa_flags & IFA_F_SECONDARY)) 572 ifap = last_primary; 573 574 rcu_assign_pointer(ifa->ifa_next, *ifap); 575 rcu_assign_pointer(*ifap, ifa); 576 577 inet_hash_insert(dev_net(in_dev->dev), ifa); 578 579 cancel_delayed_work(&check_lifetime_work); 580 queue_delayed_work(system_power_efficient_wq, &check_lifetime_work, 0); 581 582 /* Send message first, then call notifier. 583 Notifier will trigger FIB update, so that 584 listeners of netlink will know about new ifaddr */ 585 rtmsg_ifa(RTM_NEWADDR, ifa, nlh, portid); 586 blocking_notifier_call_chain(&inetaddr_chain, NETDEV_UP, ifa); 587 588 return 0; 589 } 590 inet_insert_ifa(struct in_ifaddr * ifa)591 static int inet_insert_ifa(struct in_ifaddr *ifa) 592 { 593 return __inet_insert_ifa(ifa, NULL, 0, NULL); 594 } 595 inet_set_ifa(struct net_device * dev,struct in_ifaddr * ifa)596 static int inet_set_ifa(struct net_device *dev, struct in_ifaddr *ifa) 597 { 598 struct in_device *in_dev = __in_dev_get_rtnl(dev); 599 600 ASSERT_RTNL(); 601 602 ipv4_devconf_setall(in_dev); 603 neigh_parms_data_state_setall(in_dev->arp_parms); 604 605 if (ipv4_is_loopback(ifa->ifa_local)) 606 ifa->ifa_scope = RT_SCOPE_HOST; 607 return inet_insert_ifa(ifa); 608 } 609 610 /* Caller must hold RCU or RTNL : 611 * We dont take a reference on found in_device 612 */ inetdev_by_index(struct net * net,int ifindex)613 struct in_device *inetdev_by_index(struct net *net, int ifindex) 614 { 615 struct net_device *dev; 616 struct in_device *in_dev = NULL; 617 618 rcu_read_lock(); 619 dev = dev_get_by_index_rcu(net, ifindex); 620 if (dev) 621 in_dev = rcu_dereference_rtnl(dev->ip_ptr); 622 rcu_read_unlock(); 623 return in_dev; 624 } 625 EXPORT_SYMBOL(inetdev_by_index); 626 627 /* Called only from RTNL semaphored context. No locks. */ 628 inet_ifa_byprefix(struct in_device * in_dev,__be32 prefix,__be32 mask)629 struct in_ifaddr *inet_ifa_byprefix(struct in_device *in_dev, __be32 prefix, 630 __be32 mask) 631 { 632 struct in_ifaddr *ifa; 633 634 ASSERT_RTNL(); 635 636 in_dev_for_each_ifa_rtnl(ifa, in_dev) { 637 if (ifa->ifa_mask == mask && inet_ifa_match(prefix, ifa)) 638 return ifa; 639 } 640 return NULL; 641 } 642 ip_mc_autojoin_config(struct net * net,bool join,const struct in_ifaddr * ifa)643 static int ip_mc_autojoin_config(struct net *net, bool join, 644 const struct in_ifaddr *ifa) 645 { 646 #if defined(CONFIG_IP_MULTICAST) 647 struct ip_mreqn mreq = { 648 .imr_multiaddr.s_addr = ifa->ifa_address, 649 .imr_ifindex = ifa->ifa_dev->dev->ifindex, 650 }; 651 struct sock *sk = net->ipv4.mc_autojoin_sk; 652 int ret; 653 654 ASSERT_RTNL(); 655 656 lock_sock(sk); 657 if (join) 658 ret = ip_mc_join_group(sk, &mreq); 659 else 660 ret = ip_mc_leave_group(sk, &mreq); 661 release_sock(sk); 662 663 return ret; 664 #else 665 return -EOPNOTSUPP; 666 #endif 667 } 668 inet_rtm_deladdr(struct sk_buff * skb,struct nlmsghdr * nlh,struct netlink_ext_ack * extack)669 static int inet_rtm_deladdr(struct sk_buff *skb, struct nlmsghdr *nlh, 670 struct netlink_ext_ack *extack) 671 { 672 struct net *net = sock_net(skb->sk); 673 struct in_ifaddr __rcu **ifap; 674 struct nlattr *tb[IFA_MAX+1]; 675 struct in_device *in_dev; 676 struct ifaddrmsg *ifm; 677 struct in_ifaddr *ifa; 678 int err; 679 680 ASSERT_RTNL(); 681 682 err = nlmsg_parse_deprecated(nlh, sizeof(*ifm), tb, IFA_MAX, 683 ifa_ipv4_policy, extack); 684 if (err < 0) 685 goto errout; 686 687 ifm = nlmsg_data(nlh); 688 in_dev = inetdev_by_index(net, ifm->ifa_index); 689 if (!in_dev) { 690 NL_SET_ERR_MSG(extack, "ipv4: Device not found"); 691 err = -ENODEV; 692 goto errout; 693 } 694 695 for (ifap = &in_dev->ifa_list; (ifa = rtnl_dereference(*ifap)) != NULL; 696 ifap = &ifa->ifa_next) { 697 if (tb[IFA_LOCAL] && 698 ifa->ifa_local != nla_get_in_addr(tb[IFA_LOCAL])) 699 continue; 700 701 if (tb[IFA_LABEL] && nla_strcmp(tb[IFA_LABEL], ifa->ifa_label)) 702 continue; 703 704 if (tb[IFA_ADDRESS] && 705 (ifm->ifa_prefixlen != ifa->ifa_prefixlen || 706 !inet_ifa_match(nla_get_in_addr(tb[IFA_ADDRESS]), ifa))) 707 continue; 708 709 if (ipv4_is_multicast(ifa->ifa_address)) 710 ip_mc_autojoin_config(net, false, ifa); 711 __inet_del_ifa(in_dev, ifap, 1, nlh, NETLINK_CB(skb).portid); 712 return 0; 713 } 714 715 NL_SET_ERR_MSG(extack, "ipv4: Address not found"); 716 err = -EADDRNOTAVAIL; 717 errout: 718 return err; 719 } 720 check_lifetime(struct work_struct * work)721 static void check_lifetime(struct work_struct *work) 722 { 723 unsigned long now, next, next_sec, next_sched; 724 struct in_ifaddr *ifa; 725 struct hlist_node *n; 726 int i; 727 728 now = jiffies; 729 next = round_jiffies_up(now + ADDR_CHECK_FREQUENCY); 730 731 for (i = 0; i < IN4_ADDR_HSIZE; i++) { 732 bool change_needed = false; 733 734 rcu_read_lock(); 735 hlist_for_each_entry_rcu(ifa, &inet_addr_lst[i], hash) { 736 unsigned long age, tstamp; 737 u32 preferred_lft; 738 u32 valid_lft; 739 u32 flags; 740 741 flags = READ_ONCE(ifa->ifa_flags); 742 if (flags & IFA_F_PERMANENT) 743 continue; 744 745 preferred_lft = READ_ONCE(ifa->ifa_preferred_lft); 746 valid_lft = READ_ONCE(ifa->ifa_valid_lft); 747 tstamp = READ_ONCE(ifa->ifa_tstamp); 748 /* We try to batch several events at once. */ 749 age = (now - tstamp + 750 ADDRCONF_TIMER_FUZZ_MINUS) / HZ; 751 752 if (valid_lft != INFINITY_LIFE_TIME && 753 age >= valid_lft) { 754 change_needed = true; 755 } else if (preferred_lft == 756 INFINITY_LIFE_TIME) { 757 continue; 758 } else if (age >= preferred_lft) { 759 if (time_before(tstamp + valid_lft * HZ, next)) 760 next = tstamp + valid_lft * HZ; 761 762 if (!(flags & IFA_F_DEPRECATED)) 763 change_needed = true; 764 } else if (time_before(tstamp + preferred_lft * HZ, 765 next)) { 766 next = tstamp + preferred_lft * HZ; 767 } 768 } 769 rcu_read_unlock(); 770 if (!change_needed) 771 continue; 772 rtnl_lock(); 773 hlist_for_each_entry_safe(ifa, n, &inet_addr_lst[i], hash) { 774 unsigned long age; 775 776 if (ifa->ifa_flags & IFA_F_PERMANENT) 777 continue; 778 779 /* We try to batch several events at once. */ 780 age = (now - ifa->ifa_tstamp + 781 ADDRCONF_TIMER_FUZZ_MINUS) / HZ; 782 783 if (ifa->ifa_valid_lft != INFINITY_LIFE_TIME && 784 age >= ifa->ifa_valid_lft) { 785 struct in_ifaddr __rcu **ifap; 786 struct in_ifaddr *tmp; 787 788 ifap = &ifa->ifa_dev->ifa_list; 789 tmp = rtnl_dereference(*ifap); 790 while (tmp) { 791 if (tmp == ifa) { 792 inet_del_ifa(ifa->ifa_dev, 793 ifap, 1); 794 break; 795 } 796 ifap = &tmp->ifa_next; 797 tmp = rtnl_dereference(*ifap); 798 } 799 } else if (ifa->ifa_preferred_lft != 800 INFINITY_LIFE_TIME && 801 age >= ifa->ifa_preferred_lft && 802 !(ifa->ifa_flags & IFA_F_DEPRECATED)) { 803 ifa->ifa_flags |= IFA_F_DEPRECATED; 804 rtmsg_ifa(RTM_NEWADDR, ifa, NULL, 0); 805 } 806 } 807 rtnl_unlock(); 808 } 809 810 next_sec = round_jiffies_up(next); 811 next_sched = next; 812 813 /* If rounded timeout is accurate enough, accept it. */ 814 if (time_before(next_sec, next + ADDRCONF_TIMER_FUZZ)) 815 next_sched = next_sec; 816 817 now = jiffies; 818 /* And minimum interval is ADDRCONF_TIMER_FUZZ_MAX. */ 819 if (time_before(next_sched, now + ADDRCONF_TIMER_FUZZ_MAX)) 820 next_sched = now + ADDRCONF_TIMER_FUZZ_MAX; 821 822 queue_delayed_work(system_power_efficient_wq, &check_lifetime_work, 823 next_sched - now); 824 } 825 set_ifa_lifetime(struct in_ifaddr * ifa,__u32 valid_lft,__u32 prefered_lft)826 static void set_ifa_lifetime(struct in_ifaddr *ifa, __u32 valid_lft, 827 __u32 prefered_lft) 828 { 829 unsigned long timeout; 830 u32 flags; 831 832 flags = ifa->ifa_flags & ~(IFA_F_PERMANENT | IFA_F_DEPRECATED); 833 834 timeout = addrconf_timeout_fixup(valid_lft, HZ); 835 if (addrconf_finite_timeout(timeout)) 836 WRITE_ONCE(ifa->ifa_valid_lft, timeout); 837 else 838 flags |= IFA_F_PERMANENT; 839 840 timeout = addrconf_timeout_fixup(prefered_lft, HZ); 841 if (addrconf_finite_timeout(timeout)) { 842 if (timeout == 0) 843 flags |= IFA_F_DEPRECATED; 844 WRITE_ONCE(ifa->ifa_preferred_lft, timeout); 845 } 846 WRITE_ONCE(ifa->ifa_flags, flags); 847 WRITE_ONCE(ifa->ifa_tstamp, jiffies); 848 if (!ifa->ifa_cstamp) 849 WRITE_ONCE(ifa->ifa_cstamp, ifa->ifa_tstamp); 850 } 851 rtm_to_ifaddr(struct net * net,struct nlmsghdr * nlh,__u32 * pvalid_lft,__u32 * pprefered_lft,struct netlink_ext_ack * extack)852 static struct in_ifaddr *rtm_to_ifaddr(struct net *net, struct nlmsghdr *nlh, 853 __u32 *pvalid_lft, __u32 *pprefered_lft, 854 struct netlink_ext_ack *extack) 855 { 856 struct nlattr *tb[IFA_MAX+1]; 857 struct in_ifaddr *ifa; 858 struct ifaddrmsg *ifm; 859 struct net_device *dev; 860 struct in_device *in_dev; 861 int err; 862 863 err = nlmsg_parse_deprecated(nlh, sizeof(*ifm), tb, IFA_MAX, 864 ifa_ipv4_policy, extack); 865 if (err < 0) 866 goto errout; 867 868 ifm = nlmsg_data(nlh); 869 err = -EINVAL; 870 871 if (ifm->ifa_prefixlen > 32) { 872 NL_SET_ERR_MSG(extack, "ipv4: Invalid prefix length"); 873 goto errout; 874 } 875 876 if (!tb[IFA_LOCAL]) { 877 NL_SET_ERR_MSG(extack, "ipv4: Local address is not supplied"); 878 goto errout; 879 } 880 881 dev = __dev_get_by_index(net, ifm->ifa_index); 882 err = -ENODEV; 883 if (!dev) { 884 NL_SET_ERR_MSG(extack, "ipv4: Device not found"); 885 goto errout; 886 } 887 888 in_dev = __in_dev_get_rtnl(dev); 889 err = -ENOBUFS; 890 if (!in_dev) 891 goto errout; 892 893 ifa = inet_alloc_ifa(in_dev); 894 if (!ifa) 895 /* 896 * A potential indev allocation can be left alive, it stays 897 * assigned to its device and is destroy with it. 898 */ 899 goto errout; 900 901 ipv4_devconf_setall(in_dev); 902 neigh_parms_data_state_setall(in_dev->arp_parms); 903 904 if (!tb[IFA_ADDRESS]) 905 tb[IFA_ADDRESS] = tb[IFA_LOCAL]; 906 907 ifa->ifa_prefixlen = ifm->ifa_prefixlen; 908 ifa->ifa_mask = inet_make_mask(ifm->ifa_prefixlen); 909 ifa->ifa_flags = tb[IFA_FLAGS] ? nla_get_u32(tb[IFA_FLAGS]) : 910 ifm->ifa_flags; 911 ifa->ifa_scope = ifm->ifa_scope; 912 ifa->ifa_local = nla_get_in_addr(tb[IFA_LOCAL]); 913 ifa->ifa_address = nla_get_in_addr(tb[IFA_ADDRESS]); 914 915 if (tb[IFA_BROADCAST]) 916 ifa->ifa_broadcast = nla_get_in_addr(tb[IFA_BROADCAST]); 917 918 if (tb[IFA_LABEL]) 919 nla_strscpy(ifa->ifa_label, tb[IFA_LABEL], IFNAMSIZ); 920 else 921 memcpy(ifa->ifa_label, dev->name, IFNAMSIZ); 922 923 if (tb[IFA_RT_PRIORITY]) 924 ifa->ifa_rt_priority = nla_get_u32(tb[IFA_RT_PRIORITY]); 925 926 if (tb[IFA_PROTO]) 927 ifa->ifa_proto = nla_get_u8(tb[IFA_PROTO]); 928 929 if (tb[IFA_CACHEINFO]) { 930 struct ifa_cacheinfo *ci; 931 932 ci = nla_data(tb[IFA_CACHEINFO]); 933 if (!ci->ifa_valid || ci->ifa_prefered > ci->ifa_valid) { 934 NL_SET_ERR_MSG(extack, "ipv4: address lifetime invalid"); 935 err = -EINVAL; 936 goto errout_free; 937 } 938 *pvalid_lft = ci->ifa_valid; 939 *pprefered_lft = ci->ifa_prefered; 940 } 941 942 return ifa; 943 944 errout_free: 945 inet_free_ifa(ifa); 946 errout: 947 return ERR_PTR(err); 948 } 949 find_matching_ifa(struct in_ifaddr * ifa)950 static struct in_ifaddr *find_matching_ifa(struct in_ifaddr *ifa) 951 { 952 struct in_device *in_dev = ifa->ifa_dev; 953 struct in_ifaddr *ifa1; 954 955 if (!ifa->ifa_local) 956 return NULL; 957 958 in_dev_for_each_ifa_rtnl(ifa1, in_dev) { 959 if (ifa1->ifa_mask == ifa->ifa_mask && 960 inet_ifa_match(ifa1->ifa_address, ifa) && 961 ifa1->ifa_local == ifa->ifa_local) 962 return ifa1; 963 } 964 return NULL; 965 } 966 inet_rtm_newaddr(struct sk_buff * skb,struct nlmsghdr * nlh,struct netlink_ext_ack * extack)967 static int inet_rtm_newaddr(struct sk_buff *skb, struct nlmsghdr *nlh, 968 struct netlink_ext_ack *extack) 969 { 970 struct net *net = sock_net(skb->sk); 971 struct in_ifaddr *ifa; 972 struct in_ifaddr *ifa_existing; 973 __u32 valid_lft = INFINITY_LIFE_TIME; 974 __u32 prefered_lft = INFINITY_LIFE_TIME; 975 976 ASSERT_RTNL(); 977 978 ifa = rtm_to_ifaddr(net, nlh, &valid_lft, &prefered_lft, extack); 979 if (IS_ERR(ifa)) 980 return PTR_ERR(ifa); 981 982 ifa_existing = find_matching_ifa(ifa); 983 if (!ifa_existing) { 984 /* It would be best to check for !NLM_F_CREATE here but 985 * userspace already relies on not having to provide this. 986 */ 987 set_ifa_lifetime(ifa, valid_lft, prefered_lft); 988 if (ifa->ifa_flags & IFA_F_MCAUTOJOIN) { 989 int ret = ip_mc_autojoin_config(net, true, ifa); 990 991 if (ret < 0) { 992 NL_SET_ERR_MSG(extack, "ipv4: Multicast auto join failed"); 993 inet_free_ifa(ifa); 994 return ret; 995 } 996 } 997 return __inet_insert_ifa(ifa, nlh, NETLINK_CB(skb).portid, 998 extack); 999 } else { 1000 u32 new_metric = ifa->ifa_rt_priority; 1001 u8 new_proto = ifa->ifa_proto; 1002 1003 inet_free_ifa(ifa); 1004 1005 if (nlh->nlmsg_flags & NLM_F_EXCL || 1006 !(nlh->nlmsg_flags & NLM_F_REPLACE)) { 1007 NL_SET_ERR_MSG(extack, "ipv4: Address already assigned"); 1008 return -EEXIST; 1009 } 1010 ifa = ifa_existing; 1011 1012 if (ifa->ifa_rt_priority != new_metric) { 1013 fib_modify_prefix_metric(ifa, new_metric); 1014 ifa->ifa_rt_priority = new_metric; 1015 } 1016 1017 ifa->ifa_proto = new_proto; 1018 1019 set_ifa_lifetime(ifa, valid_lft, prefered_lft); 1020 cancel_delayed_work(&check_lifetime_work); 1021 queue_delayed_work(system_power_efficient_wq, 1022 &check_lifetime_work, 0); 1023 rtmsg_ifa(RTM_NEWADDR, ifa, nlh, NETLINK_CB(skb).portid); 1024 } 1025 return 0; 1026 } 1027 1028 /* 1029 * Determine a default network mask, based on the IP address. 1030 */ 1031 inet_abc_len(__be32 addr)1032 static int inet_abc_len(__be32 addr) 1033 { 1034 int rc = -1; /* Something else, probably a multicast. */ 1035 1036 if (ipv4_is_zeronet(addr) || ipv4_is_lbcast(addr)) 1037 rc = 0; 1038 else { 1039 __u32 haddr = ntohl(addr); 1040 if (IN_CLASSA(haddr)) 1041 rc = 8; 1042 else if (IN_CLASSB(haddr)) 1043 rc = 16; 1044 else if (IN_CLASSC(haddr)) 1045 rc = 24; 1046 else if (IN_CLASSE(haddr)) 1047 rc = 32; 1048 } 1049 1050 return rc; 1051 } 1052 1053 devinet_ioctl(struct net * net,unsigned int cmd,struct ifreq * ifr)1054 int devinet_ioctl(struct net *net, unsigned int cmd, struct ifreq *ifr) 1055 { 1056 struct sockaddr_in sin_orig; 1057 struct sockaddr_in *sin = (struct sockaddr_in *)&ifr->ifr_addr; 1058 struct in_ifaddr __rcu **ifap = NULL; 1059 struct in_device *in_dev; 1060 struct in_ifaddr *ifa = NULL; 1061 struct net_device *dev; 1062 char *colon; 1063 int ret = -EFAULT; 1064 int tryaddrmatch = 0; 1065 1066 ifr->ifr_name[IFNAMSIZ - 1] = 0; 1067 1068 /* save original address for comparison */ 1069 memcpy(&sin_orig, sin, sizeof(*sin)); 1070 1071 colon = strchr(ifr->ifr_name, ':'); 1072 if (colon) 1073 *colon = 0; 1074 1075 dev_load(net, ifr->ifr_name); 1076 1077 switch (cmd) { 1078 case SIOCGIFADDR: /* Get interface address */ 1079 case SIOCGIFBRDADDR: /* Get the broadcast address */ 1080 case SIOCGIFDSTADDR: /* Get the destination address */ 1081 case SIOCGIFNETMASK: /* Get the netmask for the interface */ 1082 /* Note that these ioctls will not sleep, 1083 so that we do not impose a lock. 1084 One day we will be forced to put shlock here (I mean SMP) 1085 */ 1086 tryaddrmatch = (sin_orig.sin_family == AF_INET); 1087 memset(sin, 0, sizeof(*sin)); 1088 sin->sin_family = AF_INET; 1089 break; 1090 1091 case SIOCSIFFLAGS: 1092 ret = -EPERM; 1093 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) 1094 goto out; 1095 break; 1096 case SIOCSIFADDR: /* Set interface address (and family) */ 1097 case SIOCSIFBRDADDR: /* Set the broadcast address */ 1098 case SIOCSIFDSTADDR: /* Set the destination address */ 1099 case SIOCSIFNETMASK: /* Set the netmask for the interface */ 1100 ret = -EPERM; 1101 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) 1102 goto out; 1103 ret = -EINVAL; 1104 if (sin->sin_family != AF_INET) 1105 goto out; 1106 break; 1107 default: 1108 ret = -EINVAL; 1109 goto out; 1110 } 1111 1112 rtnl_lock(); 1113 1114 ret = -ENODEV; 1115 dev = __dev_get_by_name(net, ifr->ifr_name); 1116 if (!dev) 1117 goto done; 1118 1119 if (colon) 1120 *colon = ':'; 1121 1122 in_dev = __in_dev_get_rtnl(dev); 1123 if (in_dev) { 1124 if (tryaddrmatch) { 1125 /* Matthias Andree */ 1126 /* compare label and address (4.4BSD style) */ 1127 /* note: we only do this for a limited set of ioctls 1128 and only if the original address family was AF_INET. 1129 This is checked above. */ 1130 1131 for (ifap = &in_dev->ifa_list; 1132 (ifa = rtnl_dereference(*ifap)) != NULL; 1133 ifap = &ifa->ifa_next) { 1134 if (!strcmp(ifr->ifr_name, ifa->ifa_label) && 1135 sin_orig.sin_addr.s_addr == 1136 ifa->ifa_local) { 1137 break; /* found */ 1138 } 1139 } 1140 } 1141 /* we didn't get a match, maybe the application is 1142 4.3BSD-style and passed in junk so we fall back to 1143 comparing just the label */ 1144 if (!ifa) { 1145 for (ifap = &in_dev->ifa_list; 1146 (ifa = rtnl_dereference(*ifap)) != NULL; 1147 ifap = &ifa->ifa_next) 1148 if (!strcmp(ifr->ifr_name, ifa->ifa_label)) 1149 break; 1150 } 1151 } 1152 1153 ret = -EADDRNOTAVAIL; 1154 if (!ifa && cmd != SIOCSIFADDR && cmd != SIOCSIFFLAGS) 1155 goto done; 1156 1157 switch (cmd) { 1158 case SIOCGIFADDR: /* Get interface address */ 1159 ret = 0; 1160 sin->sin_addr.s_addr = ifa->ifa_local; 1161 break; 1162 1163 case SIOCGIFBRDADDR: /* Get the broadcast address */ 1164 ret = 0; 1165 sin->sin_addr.s_addr = ifa->ifa_broadcast; 1166 break; 1167 1168 case SIOCGIFDSTADDR: /* Get the destination address */ 1169 ret = 0; 1170 sin->sin_addr.s_addr = ifa->ifa_address; 1171 break; 1172 1173 case SIOCGIFNETMASK: /* Get the netmask for the interface */ 1174 ret = 0; 1175 sin->sin_addr.s_addr = ifa->ifa_mask; 1176 break; 1177 1178 case SIOCSIFFLAGS: 1179 if (colon) { 1180 ret = -EADDRNOTAVAIL; 1181 if (!ifa) 1182 break; 1183 ret = 0; 1184 if (!(ifr->ifr_flags & IFF_UP)) 1185 inet_del_ifa(in_dev, ifap, 1); 1186 break; 1187 } 1188 ret = dev_change_flags(dev, ifr->ifr_flags, NULL); 1189 break; 1190 1191 case SIOCSIFADDR: /* Set interface address (and family) */ 1192 ret = -EINVAL; 1193 if (inet_abc_len(sin->sin_addr.s_addr) < 0) 1194 break; 1195 1196 if (!ifa) { 1197 ret = -ENOBUFS; 1198 if (!in_dev) 1199 break; 1200 ifa = inet_alloc_ifa(in_dev); 1201 if (!ifa) 1202 break; 1203 1204 if (colon) 1205 memcpy(ifa->ifa_label, ifr->ifr_name, IFNAMSIZ); 1206 else 1207 memcpy(ifa->ifa_label, dev->name, IFNAMSIZ); 1208 } else { 1209 ret = 0; 1210 if (ifa->ifa_local == sin->sin_addr.s_addr) 1211 break; 1212 inet_del_ifa(in_dev, ifap, 0); 1213 ifa->ifa_broadcast = 0; 1214 ifa->ifa_scope = 0; 1215 } 1216 1217 ifa->ifa_address = ifa->ifa_local = sin->sin_addr.s_addr; 1218 1219 if (!(dev->flags & IFF_POINTOPOINT)) { 1220 ifa->ifa_prefixlen = inet_abc_len(ifa->ifa_address); 1221 ifa->ifa_mask = inet_make_mask(ifa->ifa_prefixlen); 1222 if ((dev->flags & IFF_BROADCAST) && 1223 ifa->ifa_prefixlen < 31) 1224 ifa->ifa_broadcast = ifa->ifa_address | 1225 ~ifa->ifa_mask; 1226 } else { 1227 ifa->ifa_prefixlen = 32; 1228 ifa->ifa_mask = inet_make_mask(32); 1229 } 1230 set_ifa_lifetime(ifa, INFINITY_LIFE_TIME, INFINITY_LIFE_TIME); 1231 ret = inet_set_ifa(dev, ifa); 1232 break; 1233 1234 case SIOCSIFBRDADDR: /* Set the broadcast address */ 1235 ret = 0; 1236 if (ifa->ifa_broadcast != sin->sin_addr.s_addr) { 1237 inet_del_ifa(in_dev, ifap, 0); 1238 ifa->ifa_broadcast = sin->sin_addr.s_addr; 1239 inet_insert_ifa(ifa); 1240 } 1241 break; 1242 1243 case SIOCSIFDSTADDR: /* Set the destination address */ 1244 ret = 0; 1245 if (ifa->ifa_address == sin->sin_addr.s_addr) 1246 break; 1247 ret = -EINVAL; 1248 if (inet_abc_len(sin->sin_addr.s_addr) < 0) 1249 break; 1250 ret = 0; 1251 inet_del_ifa(in_dev, ifap, 0); 1252 ifa->ifa_address = sin->sin_addr.s_addr; 1253 inet_insert_ifa(ifa); 1254 break; 1255 1256 case SIOCSIFNETMASK: /* Set the netmask for the interface */ 1257 1258 /* 1259 * The mask we set must be legal. 1260 */ 1261 ret = -EINVAL; 1262 if (bad_mask(sin->sin_addr.s_addr, 0)) 1263 break; 1264 ret = 0; 1265 if (ifa->ifa_mask != sin->sin_addr.s_addr) { 1266 __be32 old_mask = ifa->ifa_mask; 1267 inet_del_ifa(in_dev, ifap, 0); 1268 ifa->ifa_mask = sin->sin_addr.s_addr; 1269 ifa->ifa_prefixlen = inet_mask_len(ifa->ifa_mask); 1270 1271 /* See if current broadcast address matches 1272 * with current netmask, then recalculate 1273 * the broadcast address. Otherwise it's a 1274 * funny address, so don't touch it since 1275 * the user seems to know what (s)he's doing... 1276 */ 1277 if ((dev->flags & IFF_BROADCAST) && 1278 (ifa->ifa_prefixlen < 31) && 1279 (ifa->ifa_broadcast == 1280 (ifa->ifa_local|~old_mask))) { 1281 ifa->ifa_broadcast = (ifa->ifa_local | 1282 ~sin->sin_addr.s_addr); 1283 } 1284 inet_insert_ifa(ifa); 1285 } 1286 break; 1287 } 1288 done: 1289 rtnl_unlock(); 1290 out: 1291 return ret; 1292 } 1293 inet_gifconf(struct net_device * dev,char __user * buf,int len,int size)1294 int inet_gifconf(struct net_device *dev, char __user *buf, int len, int size) 1295 { 1296 struct in_device *in_dev = __in_dev_get_rtnl(dev); 1297 const struct in_ifaddr *ifa; 1298 struct ifreq ifr; 1299 int done = 0; 1300 1301 if (WARN_ON(size > sizeof(struct ifreq))) 1302 goto out; 1303 1304 if (!in_dev) 1305 goto out; 1306 1307 in_dev_for_each_ifa_rtnl(ifa, in_dev) { 1308 if (!buf) { 1309 done += size; 1310 continue; 1311 } 1312 if (len < size) 1313 break; 1314 memset(&ifr, 0, sizeof(struct ifreq)); 1315 strcpy(ifr.ifr_name, ifa->ifa_label); 1316 1317 (*(struct sockaddr_in *)&ifr.ifr_addr).sin_family = AF_INET; 1318 (*(struct sockaddr_in *)&ifr.ifr_addr).sin_addr.s_addr = 1319 ifa->ifa_local; 1320 1321 if (copy_to_user(buf + done, &ifr, size)) { 1322 done = -EFAULT; 1323 break; 1324 } 1325 len -= size; 1326 done += size; 1327 } 1328 out: 1329 return done; 1330 } 1331 in_dev_select_addr(const struct in_device * in_dev,int scope)1332 static __be32 in_dev_select_addr(const struct in_device *in_dev, 1333 int scope) 1334 { 1335 const struct in_ifaddr *ifa; 1336 1337 in_dev_for_each_ifa_rcu(ifa, in_dev) { 1338 if (READ_ONCE(ifa->ifa_flags) & IFA_F_SECONDARY) 1339 continue; 1340 if (ifa->ifa_scope != RT_SCOPE_LINK && 1341 ifa->ifa_scope <= scope) 1342 return ifa->ifa_local; 1343 } 1344 1345 return 0; 1346 } 1347 inet_select_addr(const struct net_device * dev,__be32 dst,int scope)1348 __be32 inet_select_addr(const struct net_device *dev, __be32 dst, int scope) 1349 { 1350 const struct in_ifaddr *ifa; 1351 __be32 addr = 0; 1352 unsigned char localnet_scope = RT_SCOPE_HOST; 1353 struct in_device *in_dev; 1354 struct net *net = dev_net(dev); 1355 int master_idx; 1356 1357 rcu_read_lock(); 1358 in_dev = __in_dev_get_rcu(dev); 1359 if (!in_dev) 1360 goto no_in_dev; 1361 1362 if (unlikely(IN_DEV_ROUTE_LOCALNET(in_dev))) 1363 localnet_scope = RT_SCOPE_LINK; 1364 1365 in_dev_for_each_ifa_rcu(ifa, in_dev) { 1366 if (READ_ONCE(ifa->ifa_flags) & IFA_F_SECONDARY) 1367 continue; 1368 if (min(ifa->ifa_scope, localnet_scope) > scope) 1369 continue; 1370 if (!dst || inet_ifa_match(dst, ifa)) { 1371 addr = ifa->ifa_local; 1372 break; 1373 } 1374 if (!addr) 1375 addr = ifa->ifa_local; 1376 } 1377 1378 if (addr) 1379 goto out_unlock; 1380 no_in_dev: 1381 master_idx = l3mdev_master_ifindex_rcu(dev); 1382 1383 /* For VRFs, the VRF device takes the place of the loopback device, 1384 * with addresses on it being preferred. Note in such cases the 1385 * loopback device will be among the devices that fail the master_idx 1386 * equality check in the loop below. 1387 */ 1388 if (master_idx && 1389 (dev = dev_get_by_index_rcu(net, master_idx)) && 1390 (in_dev = __in_dev_get_rcu(dev))) { 1391 addr = in_dev_select_addr(in_dev, scope); 1392 if (addr) 1393 goto out_unlock; 1394 } 1395 1396 /* Not loopback addresses on loopback should be preferred 1397 in this case. It is important that lo is the first interface 1398 in dev_base list. 1399 */ 1400 for_each_netdev_rcu(net, dev) { 1401 if (l3mdev_master_ifindex_rcu(dev) != master_idx) 1402 continue; 1403 1404 in_dev = __in_dev_get_rcu(dev); 1405 if (!in_dev) 1406 continue; 1407 1408 addr = in_dev_select_addr(in_dev, scope); 1409 if (addr) 1410 goto out_unlock; 1411 } 1412 out_unlock: 1413 rcu_read_unlock(); 1414 return addr; 1415 } 1416 EXPORT_SYMBOL(inet_select_addr); 1417 confirm_addr_indev(struct in_device * in_dev,__be32 dst,__be32 local,int scope)1418 static __be32 confirm_addr_indev(struct in_device *in_dev, __be32 dst, 1419 __be32 local, int scope) 1420 { 1421 unsigned char localnet_scope = RT_SCOPE_HOST; 1422 const struct in_ifaddr *ifa; 1423 __be32 addr = 0; 1424 int same = 0; 1425 1426 if (unlikely(IN_DEV_ROUTE_LOCALNET(in_dev))) 1427 localnet_scope = RT_SCOPE_LINK; 1428 1429 in_dev_for_each_ifa_rcu(ifa, in_dev) { 1430 unsigned char min_scope = min(ifa->ifa_scope, localnet_scope); 1431 1432 if (!addr && 1433 (local == ifa->ifa_local || !local) && 1434 min_scope <= scope) { 1435 addr = ifa->ifa_local; 1436 if (same) 1437 break; 1438 } 1439 if (!same) { 1440 same = (!local || inet_ifa_match(local, ifa)) && 1441 (!dst || inet_ifa_match(dst, ifa)); 1442 if (same && addr) { 1443 if (local || !dst) 1444 break; 1445 /* Is the selected addr into dst subnet? */ 1446 if (inet_ifa_match(addr, ifa)) 1447 break; 1448 /* No, then can we use new local src? */ 1449 if (min_scope <= scope) { 1450 addr = ifa->ifa_local; 1451 break; 1452 } 1453 /* search for large dst subnet for addr */ 1454 same = 0; 1455 } 1456 } 1457 } 1458 1459 return same ? addr : 0; 1460 } 1461 1462 /* 1463 * Confirm that local IP address exists using wildcards: 1464 * - net: netns to check, cannot be NULL 1465 * - in_dev: only on this interface, NULL=any interface 1466 * - dst: only in the same subnet as dst, 0=any dst 1467 * - local: address, 0=autoselect the local address 1468 * - scope: maximum allowed scope value for the local address 1469 */ inet_confirm_addr(struct net * net,struct in_device * in_dev,__be32 dst,__be32 local,int scope)1470 __be32 inet_confirm_addr(struct net *net, struct in_device *in_dev, 1471 __be32 dst, __be32 local, int scope) 1472 { 1473 __be32 addr = 0; 1474 struct net_device *dev; 1475 1476 if (in_dev) 1477 return confirm_addr_indev(in_dev, dst, local, scope); 1478 1479 rcu_read_lock(); 1480 for_each_netdev_rcu(net, dev) { 1481 in_dev = __in_dev_get_rcu(dev); 1482 if (in_dev) { 1483 addr = confirm_addr_indev(in_dev, dst, local, scope); 1484 if (addr) 1485 break; 1486 } 1487 } 1488 rcu_read_unlock(); 1489 1490 return addr; 1491 } 1492 EXPORT_SYMBOL(inet_confirm_addr); 1493 1494 /* 1495 * Device notifier 1496 */ 1497 register_inetaddr_notifier(struct notifier_block * nb)1498 int register_inetaddr_notifier(struct notifier_block *nb) 1499 { 1500 return blocking_notifier_chain_register(&inetaddr_chain, nb); 1501 } 1502 EXPORT_SYMBOL(register_inetaddr_notifier); 1503 unregister_inetaddr_notifier(struct notifier_block * nb)1504 int unregister_inetaddr_notifier(struct notifier_block *nb) 1505 { 1506 return blocking_notifier_chain_unregister(&inetaddr_chain, nb); 1507 } 1508 EXPORT_SYMBOL(unregister_inetaddr_notifier); 1509 register_inetaddr_validator_notifier(struct notifier_block * nb)1510 int register_inetaddr_validator_notifier(struct notifier_block *nb) 1511 { 1512 return blocking_notifier_chain_register(&inetaddr_validator_chain, nb); 1513 } 1514 EXPORT_SYMBOL(register_inetaddr_validator_notifier); 1515 unregister_inetaddr_validator_notifier(struct notifier_block * nb)1516 int unregister_inetaddr_validator_notifier(struct notifier_block *nb) 1517 { 1518 return blocking_notifier_chain_unregister(&inetaddr_validator_chain, 1519 nb); 1520 } 1521 EXPORT_SYMBOL(unregister_inetaddr_validator_notifier); 1522 1523 /* Rename ifa_labels for a device name change. Make some effort to preserve 1524 * existing alias numbering and to create unique labels if possible. 1525 */ inetdev_changename(struct net_device * dev,struct in_device * in_dev)1526 static void inetdev_changename(struct net_device *dev, struct in_device *in_dev) 1527 { 1528 struct in_ifaddr *ifa; 1529 int named = 0; 1530 1531 in_dev_for_each_ifa_rtnl(ifa, in_dev) { 1532 char old[IFNAMSIZ], *dot; 1533 1534 memcpy(old, ifa->ifa_label, IFNAMSIZ); 1535 memcpy(ifa->ifa_label, dev->name, IFNAMSIZ); 1536 if (named++ == 0) 1537 goto skip; 1538 dot = strchr(old, ':'); 1539 if (!dot) { 1540 sprintf(old, ":%d", named); 1541 dot = old; 1542 } 1543 if (strlen(dot) + strlen(dev->name) < IFNAMSIZ) 1544 strcat(ifa->ifa_label, dot); 1545 else 1546 strcpy(ifa->ifa_label + (IFNAMSIZ - strlen(dot) - 1), dot); 1547 skip: 1548 rtmsg_ifa(RTM_NEWADDR, ifa, NULL, 0); 1549 } 1550 } 1551 inetdev_send_gratuitous_arp(struct net_device * dev,struct in_device * in_dev)1552 static void inetdev_send_gratuitous_arp(struct net_device *dev, 1553 struct in_device *in_dev) 1554 1555 { 1556 const struct in_ifaddr *ifa; 1557 1558 in_dev_for_each_ifa_rtnl(ifa, in_dev) { 1559 arp_send(ARPOP_REQUEST, ETH_P_ARP, 1560 ifa->ifa_local, dev, 1561 ifa->ifa_local, NULL, 1562 dev->dev_addr, NULL); 1563 } 1564 } 1565 1566 /* Called only under RTNL semaphore */ 1567 inetdev_event(struct notifier_block * this,unsigned long event,void * ptr)1568 static int inetdev_event(struct notifier_block *this, unsigned long event, 1569 void *ptr) 1570 { 1571 struct net_device *dev = netdev_notifier_info_to_dev(ptr); 1572 struct in_device *in_dev = __in_dev_get_rtnl(dev); 1573 1574 ASSERT_RTNL(); 1575 1576 if (!in_dev) { 1577 if (event == NETDEV_REGISTER) { 1578 in_dev = inetdev_init(dev); 1579 if (IS_ERR(in_dev)) 1580 return notifier_from_errno(PTR_ERR(in_dev)); 1581 if (dev->flags & IFF_LOOPBACK) { 1582 IN_DEV_CONF_SET(in_dev, NOXFRM, 1); 1583 IN_DEV_CONF_SET(in_dev, NOPOLICY, 1); 1584 } 1585 } else if (event == NETDEV_CHANGEMTU) { 1586 /* Re-enabling IP */ 1587 if (inetdev_valid_mtu(dev->mtu)) 1588 in_dev = inetdev_init(dev); 1589 } 1590 goto out; 1591 } 1592 1593 switch (event) { 1594 case NETDEV_REGISTER: 1595 pr_debug("%s: bug\n", __func__); 1596 RCU_INIT_POINTER(dev->ip_ptr, NULL); 1597 break; 1598 case NETDEV_UP: 1599 if (!inetdev_valid_mtu(dev->mtu)) 1600 break; 1601 if (dev->flags & IFF_LOOPBACK) { 1602 struct in_ifaddr *ifa = inet_alloc_ifa(in_dev); 1603 1604 if (ifa) { 1605 ifa->ifa_local = 1606 ifa->ifa_address = htonl(INADDR_LOOPBACK); 1607 ifa->ifa_prefixlen = 8; 1608 ifa->ifa_mask = inet_make_mask(8); 1609 ifa->ifa_scope = RT_SCOPE_HOST; 1610 memcpy(ifa->ifa_label, dev->name, IFNAMSIZ); 1611 set_ifa_lifetime(ifa, INFINITY_LIFE_TIME, 1612 INFINITY_LIFE_TIME); 1613 ipv4_devconf_setall(in_dev); 1614 neigh_parms_data_state_setall(in_dev->arp_parms); 1615 inet_insert_ifa(ifa); 1616 } 1617 } 1618 ip_mc_up(in_dev); 1619 fallthrough; 1620 case NETDEV_CHANGEADDR: 1621 if (!IN_DEV_ARP_NOTIFY(in_dev)) 1622 break; 1623 fallthrough; 1624 case NETDEV_NOTIFY_PEERS: 1625 /* Send gratuitous ARP to notify of link change */ 1626 inetdev_send_gratuitous_arp(dev, in_dev); 1627 break; 1628 case NETDEV_DOWN: 1629 ip_mc_down(in_dev); 1630 break; 1631 case NETDEV_PRE_TYPE_CHANGE: 1632 ip_mc_unmap(in_dev); 1633 break; 1634 case NETDEV_POST_TYPE_CHANGE: 1635 ip_mc_remap(in_dev); 1636 break; 1637 case NETDEV_CHANGEMTU: 1638 if (inetdev_valid_mtu(dev->mtu)) 1639 break; 1640 /* disable IP when MTU is not enough */ 1641 fallthrough; 1642 case NETDEV_UNREGISTER: 1643 inetdev_destroy(in_dev); 1644 break; 1645 case NETDEV_CHANGENAME: 1646 /* Do not notify about label change, this event is 1647 * not interesting to applications using netlink. 1648 */ 1649 inetdev_changename(dev, in_dev); 1650 1651 devinet_sysctl_unregister(in_dev); 1652 devinet_sysctl_register(in_dev); 1653 break; 1654 } 1655 out: 1656 return NOTIFY_DONE; 1657 } 1658 1659 static struct notifier_block ip_netdev_notifier = { 1660 .notifier_call = inetdev_event, 1661 }; 1662 inet_nlmsg_size(void)1663 static size_t inet_nlmsg_size(void) 1664 { 1665 return NLMSG_ALIGN(sizeof(struct ifaddrmsg)) 1666 + nla_total_size(4) /* IFA_ADDRESS */ 1667 + nla_total_size(4) /* IFA_LOCAL */ 1668 + nla_total_size(4) /* IFA_BROADCAST */ 1669 + nla_total_size(IFNAMSIZ) /* IFA_LABEL */ 1670 + nla_total_size(4) /* IFA_FLAGS */ 1671 + nla_total_size(1) /* IFA_PROTO */ 1672 + nla_total_size(4) /* IFA_RT_PRIORITY */ 1673 + nla_total_size(sizeof(struct ifa_cacheinfo)); /* IFA_CACHEINFO */ 1674 } 1675 cstamp_delta(unsigned long cstamp)1676 static inline u32 cstamp_delta(unsigned long cstamp) 1677 { 1678 return (cstamp - INITIAL_JIFFIES) * 100UL / HZ; 1679 } 1680 put_cacheinfo(struct sk_buff * skb,unsigned long cstamp,unsigned long tstamp,u32 preferred,u32 valid)1681 static int put_cacheinfo(struct sk_buff *skb, unsigned long cstamp, 1682 unsigned long tstamp, u32 preferred, u32 valid) 1683 { 1684 struct ifa_cacheinfo ci; 1685 1686 ci.cstamp = cstamp_delta(cstamp); 1687 ci.tstamp = cstamp_delta(tstamp); 1688 ci.ifa_prefered = preferred; 1689 ci.ifa_valid = valid; 1690 1691 return nla_put(skb, IFA_CACHEINFO, sizeof(ci), &ci); 1692 } 1693 inet_fill_ifaddr(struct sk_buff * skb,const struct in_ifaddr * ifa,struct inet_fill_args * args)1694 static int inet_fill_ifaddr(struct sk_buff *skb, const struct in_ifaddr *ifa, 1695 struct inet_fill_args *args) 1696 { 1697 struct ifaddrmsg *ifm; 1698 struct nlmsghdr *nlh; 1699 unsigned long tstamp; 1700 u32 preferred, valid; 1701 u32 flags; 1702 1703 nlh = nlmsg_put(skb, args->portid, args->seq, args->event, sizeof(*ifm), 1704 args->flags); 1705 if (!nlh) 1706 return -EMSGSIZE; 1707 1708 ifm = nlmsg_data(nlh); 1709 ifm->ifa_family = AF_INET; 1710 ifm->ifa_prefixlen = ifa->ifa_prefixlen; 1711 1712 flags = READ_ONCE(ifa->ifa_flags); 1713 /* Warning : ifm->ifa_flags is an __u8, it holds only 8 bits. 1714 * The 32bit value is given in IFA_FLAGS attribute. 1715 */ 1716 ifm->ifa_flags = (__u8)flags; 1717 1718 ifm->ifa_scope = ifa->ifa_scope; 1719 ifm->ifa_index = ifa->ifa_dev->dev->ifindex; 1720 1721 if (args->netnsid >= 0 && 1722 nla_put_s32(skb, IFA_TARGET_NETNSID, args->netnsid)) 1723 goto nla_put_failure; 1724 1725 tstamp = READ_ONCE(ifa->ifa_tstamp); 1726 if (!(flags & IFA_F_PERMANENT)) { 1727 preferred = READ_ONCE(ifa->ifa_preferred_lft); 1728 valid = READ_ONCE(ifa->ifa_valid_lft); 1729 if (preferred != INFINITY_LIFE_TIME) { 1730 long tval = (jiffies - tstamp) / HZ; 1731 1732 if (preferred > tval) 1733 preferred -= tval; 1734 else 1735 preferred = 0; 1736 if (valid != INFINITY_LIFE_TIME) { 1737 if (valid > tval) 1738 valid -= tval; 1739 else 1740 valid = 0; 1741 } 1742 } 1743 } else { 1744 preferred = INFINITY_LIFE_TIME; 1745 valid = INFINITY_LIFE_TIME; 1746 } 1747 if ((ifa->ifa_address && 1748 nla_put_in_addr(skb, IFA_ADDRESS, ifa->ifa_address)) || 1749 (ifa->ifa_local && 1750 nla_put_in_addr(skb, IFA_LOCAL, ifa->ifa_local)) || 1751 (ifa->ifa_broadcast && 1752 nla_put_in_addr(skb, IFA_BROADCAST, ifa->ifa_broadcast)) || 1753 (ifa->ifa_label[0] && 1754 nla_put_string(skb, IFA_LABEL, ifa->ifa_label)) || 1755 (ifa->ifa_proto && 1756 nla_put_u8(skb, IFA_PROTO, ifa->ifa_proto)) || 1757 nla_put_u32(skb, IFA_FLAGS, flags) || 1758 (ifa->ifa_rt_priority && 1759 nla_put_u32(skb, IFA_RT_PRIORITY, ifa->ifa_rt_priority)) || 1760 put_cacheinfo(skb, READ_ONCE(ifa->ifa_cstamp), tstamp, 1761 preferred, valid)) 1762 goto nla_put_failure; 1763 1764 nlmsg_end(skb, nlh); 1765 return 0; 1766 1767 nla_put_failure: 1768 nlmsg_cancel(skb, nlh); 1769 return -EMSGSIZE; 1770 } 1771 inet_valid_dump_ifaddr_req(const struct nlmsghdr * nlh,struct inet_fill_args * fillargs,struct net ** tgt_net,struct sock * sk,struct netlink_callback * cb)1772 static int inet_valid_dump_ifaddr_req(const struct nlmsghdr *nlh, 1773 struct inet_fill_args *fillargs, 1774 struct net **tgt_net, struct sock *sk, 1775 struct netlink_callback *cb) 1776 { 1777 struct netlink_ext_ack *extack = cb->extack; 1778 struct nlattr *tb[IFA_MAX+1]; 1779 struct ifaddrmsg *ifm; 1780 int err, i; 1781 1782 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ifm))) { 1783 NL_SET_ERR_MSG(extack, "ipv4: Invalid header for address dump request"); 1784 return -EINVAL; 1785 } 1786 1787 ifm = nlmsg_data(nlh); 1788 if (ifm->ifa_prefixlen || ifm->ifa_flags || ifm->ifa_scope) { 1789 NL_SET_ERR_MSG(extack, "ipv4: Invalid values in header for address dump request"); 1790 return -EINVAL; 1791 } 1792 1793 fillargs->ifindex = ifm->ifa_index; 1794 if (fillargs->ifindex) { 1795 cb->answer_flags |= NLM_F_DUMP_FILTERED; 1796 fillargs->flags |= NLM_F_DUMP_FILTERED; 1797 } 1798 1799 err = nlmsg_parse_deprecated_strict(nlh, sizeof(*ifm), tb, IFA_MAX, 1800 ifa_ipv4_policy, extack); 1801 if (err < 0) 1802 return err; 1803 1804 for (i = 0; i <= IFA_MAX; ++i) { 1805 if (!tb[i]) 1806 continue; 1807 1808 if (i == IFA_TARGET_NETNSID) { 1809 struct net *net; 1810 1811 fillargs->netnsid = nla_get_s32(tb[i]); 1812 1813 net = rtnl_get_net_ns_capable(sk, fillargs->netnsid); 1814 if (IS_ERR(net)) { 1815 fillargs->netnsid = -1; 1816 NL_SET_ERR_MSG(extack, "ipv4: Invalid target network namespace id"); 1817 return PTR_ERR(net); 1818 } 1819 *tgt_net = net; 1820 } else { 1821 NL_SET_ERR_MSG(extack, "ipv4: Unsupported attribute in dump request"); 1822 return -EINVAL; 1823 } 1824 } 1825 1826 return 0; 1827 } 1828 in_dev_dump_addr(struct in_device * in_dev,struct sk_buff * skb,struct netlink_callback * cb,int * s_ip_idx,struct inet_fill_args * fillargs)1829 static int in_dev_dump_addr(struct in_device *in_dev, struct sk_buff *skb, 1830 struct netlink_callback *cb, int *s_ip_idx, 1831 struct inet_fill_args *fillargs) 1832 { 1833 struct in_ifaddr *ifa; 1834 int ip_idx = 0; 1835 int err; 1836 1837 in_dev_for_each_ifa_rcu(ifa, in_dev) { 1838 if (ip_idx < *s_ip_idx) { 1839 ip_idx++; 1840 continue; 1841 } 1842 err = inet_fill_ifaddr(skb, ifa, fillargs); 1843 if (err < 0) 1844 goto done; 1845 1846 nl_dump_check_consistent(cb, nlmsg_hdr(skb)); 1847 ip_idx++; 1848 } 1849 err = 0; 1850 ip_idx = 0; 1851 done: 1852 *s_ip_idx = ip_idx; 1853 1854 return err; 1855 } 1856 1857 /* Combine dev_addr_genid and dev_base_seq to detect changes. 1858 */ inet_base_seq(const struct net * net)1859 static u32 inet_base_seq(const struct net *net) 1860 { 1861 u32 res = atomic_read(&net->ipv4.dev_addr_genid) + 1862 READ_ONCE(net->dev_base_seq); 1863 1864 /* Must not return 0 (see nl_dump_check_consistent()). 1865 * Chose a value far away from 0. 1866 */ 1867 if (!res) 1868 res = 0x80000000; 1869 return res; 1870 } 1871 inet_dump_ifaddr(struct sk_buff * skb,struct netlink_callback * cb)1872 static int inet_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb) 1873 { 1874 const struct nlmsghdr *nlh = cb->nlh; 1875 struct inet_fill_args fillargs = { 1876 .portid = NETLINK_CB(cb->skb).portid, 1877 .seq = nlh->nlmsg_seq, 1878 .event = RTM_NEWADDR, 1879 .flags = NLM_F_MULTI, 1880 .netnsid = -1, 1881 }; 1882 struct net *net = sock_net(skb->sk); 1883 struct net *tgt_net = net; 1884 struct { 1885 unsigned long ifindex; 1886 int ip_idx; 1887 } *ctx = (void *)cb->ctx; 1888 struct in_device *in_dev; 1889 struct net_device *dev; 1890 int err = 0; 1891 1892 rcu_read_lock(); 1893 if (cb->strict_check) { 1894 err = inet_valid_dump_ifaddr_req(nlh, &fillargs, &tgt_net, 1895 skb->sk, cb); 1896 if (err < 0) 1897 goto done; 1898 1899 if (fillargs.ifindex) { 1900 dev = dev_get_by_index_rcu(tgt_net, fillargs.ifindex); 1901 if (!dev) { 1902 err = -ENODEV; 1903 goto done; 1904 } 1905 in_dev = __in_dev_get_rcu(dev); 1906 if (!in_dev) 1907 goto done; 1908 err = in_dev_dump_addr(in_dev, skb, cb, &ctx->ip_idx, 1909 &fillargs); 1910 goto done; 1911 } 1912 } 1913 1914 cb->seq = inet_base_seq(tgt_net); 1915 1916 for_each_netdev_dump(tgt_net, dev, ctx->ifindex) { 1917 in_dev = __in_dev_get_rcu(dev); 1918 if (!in_dev) 1919 continue; 1920 err = in_dev_dump_addr(in_dev, skb, cb, &ctx->ip_idx, 1921 &fillargs); 1922 if (err < 0) 1923 goto done; 1924 } 1925 done: 1926 if (fillargs.netnsid >= 0) 1927 put_net(tgt_net); 1928 rcu_read_unlock(); 1929 return err; 1930 } 1931 rtmsg_ifa(int event,struct in_ifaddr * ifa,struct nlmsghdr * nlh,u32 portid)1932 static void rtmsg_ifa(int event, struct in_ifaddr *ifa, struct nlmsghdr *nlh, 1933 u32 portid) 1934 { 1935 struct inet_fill_args fillargs = { 1936 .portid = portid, 1937 .seq = nlh ? nlh->nlmsg_seq : 0, 1938 .event = event, 1939 .flags = 0, 1940 .netnsid = -1, 1941 }; 1942 struct sk_buff *skb; 1943 int err = -ENOBUFS; 1944 struct net *net; 1945 1946 net = dev_net(ifa->ifa_dev->dev); 1947 skb = nlmsg_new(inet_nlmsg_size(), GFP_KERNEL); 1948 if (!skb) 1949 goto errout; 1950 1951 err = inet_fill_ifaddr(skb, ifa, &fillargs); 1952 if (err < 0) { 1953 /* -EMSGSIZE implies BUG in inet_nlmsg_size() */ 1954 WARN_ON(err == -EMSGSIZE); 1955 kfree_skb(skb); 1956 goto errout; 1957 } 1958 rtnl_notify(skb, net, portid, RTNLGRP_IPV4_IFADDR, nlh, GFP_KERNEL); 1959 return; 1960 errout: 1961 rtnl_set_sk_err(net, RTNLGRP_IPV4_IFADDR, err); 1962 } 1963 inet_get_link_af_size(const struct net_device * dev,u32 ext_filter_mask)1964 static size_t inet_get_link_af_size(const struct net_device *dev, 1965 u32 ext_filter_mask) 1966 { 1967 struct in_device *in_dev = rcu_dereference_rtnl(dev->ip_ptr); 1968 1969 if (!in_dev) 1970 return 0; 1971 1972 return nla_total_size(IPV4_DEVCONF_MAX * 4); /* IFLA_INET_CONF */ 1973 } 1974 inet_fill_link_af(struct sk_buff * skb,const struct net_device * dev,u32 ext_filter_mask)1975 static int inet_fill_link_af(struct sk_buff *skb, const struct net_device *dev, 1976 u32 ext_filter_mask) 1977 { 1978 struct in_device *in_dev = rcu_dereference_rtnl(dev->ip_ptr); 1979 struct nlattr *nla; 1980 int i; 1981 1982 if (!in_dev) 1983 return -ENODATA; 1984 1985 nla = nla_reserve(skb, IFLA_INET_CONF, IPV4_DEVCONF_MAX * 4); 1986 if (!nla) 1987 return -EMSGSIZE; 1988 1989 for (i = 0; i < IPV4_DEVCONF_MAX; i++) 1990 ((u32 *) nla_data(nla))[i] = READ_ONCE(in_dev->cnf.data[i]); 1991 1992 return 0; 1993 } 1994 1995 static const struct nla_policy inet_af_policy[IFLA_INET_MAX+1] = { 1996 [IFLA_INET_CONF] = { .type = NLA_NESTED }, 1997 }; 1998 inet_validate_link_af(const struct net_device * dev,const struct nlattr * nla,struct netlink_ext_ack * extack)1999 static int inet_validate_link_af(const struct net_device *dev, 2000 const struct nlattr *nla, 2001 struct netlink_ext_ack *extack) 2002 { 2003 struct nlattr *a, *tb[IFLA_INET_MAX+1]; 2004 int err, rem; 2005 2006 if (dev && !__in_dev_get_rtnl(dev)) 2007 return -EAFNOSUPPORT; 2008 2009 err = nla_parse_nested_deprecated(tb, IFLA_INET_MAX, nla, 2010 inet_af_policy, extack); 2011 if (err < 0) 2012 return err; 2013 2014 if (tb[IFLA_INET_CONF]) { 2015 nla_for_each_nested(a, tb[IFLA_INET_CONF], rem) { 2016 int cfgid = nla_type(a); 2017 2018 if (nla_len(a) < 4) 2019 return -EINVAL; 2020 2021 if (cfgid <= 0 || cfgid > IPV4_DEVCONF_MAX) 2022 return -EINVAL; 2023 } 2024 } 2025 2026 return 0; 2027 } 2028 inet_set_link_af(struct net_device * dev,const struct nlattr * nla,struct netlink_ext_ack * extack)2029 static int inet_set_link_af(struct net_device *dev, const struct nlattr *nla, 2030 struct netlink_ext_ack *extack) 2031 { 2032 struct in_device *in_dev = __in_dev_get_rtnl(dev); 2033 struct nlattr *a, *tb[IFLA_INET_MAX+1]; 2034 int rem; 2035 2036 if (!in_dev) 2037 return -EAFNOSUPPORT; 2038 2039 if (nla_parse_nested_deprecated(tb, IFLA_INET_MAX, nla, NULL, NULL) < 0) 2040 return -EINVAL; 2041 2042 if (tb[IFLA_INET_CONF]) { 2043 nla_for_each_nested(a, tb[IFLA_INET_CONF], rem) 2044 ipv4_devconf_set(in_dev, nla_type(a), nla_get_u32(a)); 2045 } 2046 2047 return 0; 2048 } 2049 inet_netconf_msgsize_devconf(int type)2050 static int inet_netconf_msgsize_devconf(int type) 2051 { 2052 int size = NLMSG_ALIGN(sizeof(struct netconfmsg)) 2053 + nla_total_size(4); /* NETCONFA_IFINDEX */ 2054 bool all = false; 2055 2056 if (type == NETCONFA_ALL) 2057 all = true; 2058 2059 if (all || type == NETCONFA_FORWARDING) 2060 size += nla_total_size(4); 2061 if (all || type == NETCONFA_RP_FILTER) 2062 size += nla_total_size(4); 2063 if (all || type == NETCONFA_MC_FORWARDING) 2064 size += nla_total_size(4); 2065 if (all || type == NETCONFA_BC_FORWARDING) 2066 size += nla_total_size(4); 2067 if (all || type == NETCONFA_PROXY_NEIGH) 2068 size += nla_total_size(4); 2069 if (all || type == NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN) 2070 size += nla_total_size(4); 2071 2072 return size; 2073 } 2074 inet_netconf_fill_devconf(struct sk_buff * skb,int ifindex,const struct ipv4_devconf * devconf,u32 portid,u32 seq,int event,unsigned int flags,int type)2075 static int inet_netconf_fill_devconf(struct sk_buff *skb, int ifindex, 2076 const struct ipv4_devconf *devconf, 2077 u32 portid, u32 seq, int event, 2078 unsigned int flags, int type) 2079 { 2080 struct nlmsghdr *nlh; 2081 struct netconfmsg *ncm; 2082 bool all = false; 2083 2084 nlh = nlmsg_put(skb, portid, seq, event, sizeof(struct netconfmsg), 2085 flags); 2086 if (!nlh) 2087 return -EMSGSIZE; 2088 2089 if (type == NETCONFA_ALL) 2090 all = true; 2091 2092 ncm = nlmsg_data(nlh); 2093 ncm->ncm_family = AF_INET; 2094 2095 if (nla_put_s32(skb, NETCONFA_IFINDEX, ifindex) < 0) 2096 goto nla_put_failure; 2097 2098 if (!devconf) 2099 goto out; 2100 2101 if ((all || type == NETCONFA_FORWARDING) && 2102 nla_put_s32(skb, NETCONFA_FORWARDING, 2103 IPV4_DEVCONF_RO(*devconf, FORWARDING)) < 0) 2104 goto nla_put_failure; 2105 if ((all || type == NETCONFA_RP_FILTER) && 2106 nla_put_s32(skb, NETCONFA_RP_FILTER, 2107 IPV4_DEVCONF_RO(*devconf, RP_FILTER)) < 0) 2108 goto nla_put_failure; 2109 if ((all || type == NETCONFA_MC_FORWARDING) && 2110 nla_put_s32(skb, NETCONFA_MC_FORWARDING, 2111 IPV4_DEVCONF_RO(*devconf, MC_FORWARDING)) < 0) 2112 goto nla_put_failure; 2113 if ((all || type == NETCONFA_BC_FORWARDING) && 2114 nla_put_s32(skb, NETCONFA_BC_FORWARDING, 2115 IPV4_DEVCONF_RO(*devconf, BC_FORWARDING)) < 0) 2116 goto nla_put_failure; 2117 if ((all || type == NETCONFA_PROXY_NEIGH) && 2118 nla_put_s32(skb, NETCONFA_PROXY_NEIGH, 2119 IPV4_DEVCONF_RO(*devconf, PROXY_ARP)) < 0) 2120 goto nla_put_failure; 2121 if ((all || type == NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN) && 2122 nla_put_s32(skb, NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN, 2123 IPV4_DEVCONF_RO(*devconf, 2124 IGNORE_ROUTES_WITH_LINKDOWN)) < 0) 2125 goto nla_put_failure; 2126 2127 out: 2128 nlmsg_end(skb, nlh); 2129 return 0; 2130 2131 nla_put_failure: 2132 nlmsg_cancel(skb, nlh); 2133 return -EMSGSIZE; 2134 } 2135 inet_netconf_notify_devconf(struct net * net,int event,int type,int ifindex,struct ipv4_devconf * devconf)2136 void inet_netconf_notify_devconf(struct net *net, int event, int type, 2137 int ifindex, struct ipv4_devconf *devconf) 2138 { 2139 struct sk_buff *skb; 2140 int err = -ENOBUFS; 2141 2142 skb = nlmsg_new(inet_netconf_msgsize_devconf(type), GFP_KERNEL); 2143 if (!skb) 2144 goto errout; 2145 2146 err = inet_netconf_fill_devconf(skb, ifindex, devconf, 0, 0, 2147 event, 0, type); 2148 if (err < 0) { 2149 /* -EMSGSIZE implies BUG in inet_netconf_msgsize_devconf() */ 2150 WARN_ON(err == -EMSGSIZE); 2151 kfree_skb(skb); 2152 goto errout; 2153 } 2154 rtnl_notify(skb, net, 0, RTNLGRP_IPV4_NETCONF, NULL, GFP_KERNEL); 2155 return; 2156 errout: 2157 rtnl_set_sk_err(net, RTNLGRP_IPV4_NETCONF, err); 2158 } 2159 2160 static const struct nla_policy devconf_ipv4_policy[NETCONFA_MAX+1] = { 2161 [NETCONFA_IFINDEX] = { .len = sizeof(int) }, 2162 [NETCONFA_FORWARDING] = { .len = sizeof(int) }, 2163 [NETCONFA_RP_FILTER] = { .len = sizeof(int) }, 2164 [NETCONFA_PROXY_NEIGH] = { .len = sizeof(int) }, 2165 [NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN] = { .len = sizeof(int) }, 2166 }; 2167 inet_netconf_valid_get_req(struct sk_buff * skb,const struct nlmsghdr * nlh,struct nlattr ** tb,struct netlink_ext_ack * extack)2168 static int inet_netconf_valid_get_req(struct sk_buff *skb, 2169 const struct nlmsghdr *nlh, 2170 struct nlattr **tb, 2171 struct netlink_ext_ack *extack) 2172 { 2173 int i, err; 2174 2175 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(struct netconfmsg))) { 2176 NL_SET_ERR_MSG(extack, "ipv4: Invalid header for netconf get request"); 2177 return -EINVAL; 2178 } 2179 2180 if (!netlink_strict_get_check(skb)) 2181 return nlmsg_parse_deprecated(nlh, sizeof(struct netconfmsg), 2182 tb, NETCONFA_MAX, 2183 devconf_ipv4_policy, extack); 2184 2185 err = nlmsg_parse_deprecated_strict(nlh, sizeof(struct netconfmsg), 2186 tb, NETCONFA_MAX, 2187 devconf_ipv4_policy, extack); 2188 if (err) 2189 return err; 2190 2191 for (i = 0; i <= NETCONFA_MAX; i++) { 2192 if (!tb[i]) 2193 continue; 2194 2195 switch (i) { 2196 case NETCONFA_IFINDEX: 2197 break; 2198 default: 2199 NL_SET_ERR_MSG(extack, "ipv4: Unsupported attribute in netconf get request"); 2200 return -EINVAL; 2201 } 2202 } 2203 2204 return 0; 2205 } 2206 inet_netconf_get_devconf(struct sk_buff * in_skb,struct nlmsghdr * nlh,struct netlink_ext_ack * extack)2207 static int inet_netconf_get_devconf(struct sk_buff *in_skb, 2208 struct nlmsghdr *nlh, 2209 struct netlink_ext_ack *extack) 2210 { 2211 struct net *net = sock_net(in_skb->sk); 2212 struct nlattr *tb[NETCONFA_MAX + 1]; 2213 const struct ipv4_devconf *devconf; 2214 struct in_device *in_dev = NULL; 2215 struct net_device *dev = NULL; 2216 struct sk_buff *skb; 2217 int ifindex; 2218 int err; 2219 2220 err = inet_netconf_valid_get_req(in_skb, nlh, tb, extack); 2221 if (err) 2222 return err; 2223 2224 if (!tb[NETCONFA_IFINDEX]) 2225 return -EINVAL; 2226 2227 ifindex = nla_get_s32(tb[NETCONFA_IFINDEX]); 2228 switch (ifindex) { 2229 case NETCONFA_IFINDEX_ALL: 2230 devconf = net->ipv4.devconf_all; 2231 break; 2232 case NETCONFA_IFINDEX_DEFAULT: 2233 devconf = net->ipv4.devconf_dflt; 2234 break; 2235 default: 2236 err = -ENODEV; 2237 dev = dev_get_by_index(net, ifindex); 2238 if (dev) 2239 in_dev = in_dev_get(dev); 2240 if (!in_dev) 2241 goto errout; 2242 devconf = &in_dev->cnf; 2243 break; 2244 } 2245 2246 err = -ENOBUFS; 2247 skb = nlmsg_new(inet_netconf_msgsize_devconf(NETCONFA_ALL), GFP_KERNEL); 2248 if (!skb) 2249 goto errout; 2250 2251 err = inet_netconf_fill_devconf(skb, ifindex, devconf, 2252 NETLINK_CB(in_skb).portid, 2253 nlh->nlmsg_seq, RTM_NEWNETCONF, 0, 2254 NETCONFA_ALL); 2255 if (err < 0) { 2256 /* -EMSGSIZE implies BUG in inet_netconf_msgsize_devconf() */ 2257 WARN_ON(err == -EMSGSIZE); 2258 kfree_skb(skb); 2259 goto errout; 2260 } 2261 err = rtnl_unicast(skb, net, NETLINK_CB(in_skb).portid); 2262 errout: 2263 if (in_dev) 2264 in_dev_put(in_dev); 2265 dev_put(dev); 2266 return err; 2267 } 2268 inet_netconf_dump_devconf(struct sk_buff * skb,struct netlink_callback * cb)2269 static int inet_netconf_dump_devconf(struct sk_buff *skb, 2270 struct netlink_callback *cb) 2271 { 2272 const struct nlmsghdr *nlh = cb->nlh; 2273 struct net *net = sock_net(skb->sk); 2274 struct { 2275 unsigned long ifindex; 2276 unsigned int all_default; 2277 } *ctx = (void *)cb->ctx; 2278 const struct in_device *in_dev; 2279 struct net_device *dev; 2280 int err = 0; 2281 2282 if (cb->strict_check) { 2283 struct netlink_ext_ack *extack = cb->extack; 2284 struct netconfmsg *ncm; 2285 2286 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ncm))) { 2287 NL_SET_ERR_MSG(extack, "ipv4: Invalid header for netconf dump request"); 2288 return -EINVAL; 2289 } 2290 2291 if (nlmsg_attrlen(nlh, sizeof(*ncm))) { 2292 NL_SET_ERR_MSG(extack, "ipv4: Invalid data after header in netconf dump request"); 2293 return -EINVAL; 2294 } 2295 } 2296 2297 rcu_read_lock(); 2298 for_each_netdev_dump(net, dev, ctx->ifindex) { 2299 in_dev = __in_dev_get_rcu(dev); 2300 if (!in_dev) 2301 continue; 2302 err = inet_netconf_fill_devconf(skb, dev->ifindex, 2303 &in_dev->cnf, 2304 NETLINK_CB(cb->skb).portid, 2305 nlh->nlmsg_seq, 2306 RTM_NEWNETCONF, NLM_F_MULTI, 2307 NETCONFA_ALL); 2308 if (err < 0) 2309 goto done; 2310 } 2311 if (ctx->all_default == 0) { 2312 err = inet_netconf_fill_devconf(skb, NETCONFA_IFINDEX_ALL, 2313 net->ipv4.devconf_all, 2314 NETLINK_CB(cb->skb).portid, 2315 nlh->nlmsg_seq, 2316 RTM_NEWNETCONF, NLM_F_MULTI, 2317 NETCONFA_ALL); 2318 if (err < 0) 2319 goto done; 2320 ctx->all_default++; 2321 } 2322 if (ctx->all_default == 1) { 2323 err = inet_netconf_fill_devconf(skb, NETCONFA_IFINDEX_DEFAULT, 2324 net->ipv4.devconf_dflt, 2325 NETLINK_CB(cb->skb).portid, 2326 nlh->nlmsg_seq, 2327 RTM_NEWNETCONF, NLM_F_MULTI, 2328 NETCONFA_ALL); 2329 if (err < 0) 2330 goto done; 2331 ctx->all_default++; 2332 } 2333 done: 2334 rcu_read_unlock(); 2335 return err; 2336 } 2337 2338 #ifdef CONFIG_SYSCTL 2339 devinet_copy_dflt_conf(struct net * net,int i)2340 static void devinet_copy_dflt_conf(struct net *net, int i) 2341 { 2342 struct net_device *dev; 2343 2344 rcu_read_lock(); 2345 for_each_netdev_rcu(net, dev) { 2346 struct in_device *in_dev; 2347 2348 in_dev = __in_dev_get_rcu(dev); 2349 if (in_dev && !test_bit(i, in_dev->cnf.state)) 2350 in_dev->cnf.data[i] = net->ipv4.devconf_dflt->data[i]; 2351 } 2352 rcu_read_unlock(); 2353 } 2354 2355 /* called with RTNL locked */ inet_forward_change(struct net * net)2356 static void inet_forward_change(struct net *net) 2357 { 2358 struct net_device *dev; 2359 int on = IPV4_DEVCONF_ALL(net, FORWARDING); 2360 2361 IPV4_DEVCONF_ALL(net, ACCEPT_REDIRECTS) = !on; 2362 IPV4_DEVCONF_DFLT(net, FORWARDING) = on; 2363 inet_netconf_notify_devconf(net, RTM_NEWNETCONF, 2364 NETCONFA_FORWARDING, 2365 NETCONFA_IFINDEX_ALL, 2366 net->ipv4.devconf_all); 2367 inet_netconf_notify_devconf(net, RTM_NEWNETCONF, 2368 NETCONFA_FORWARDING, 2369 NETCONFA_IFINDEX_DEFAULT, 2370 net->ipv4.devconf_dflt); 2371 2372 for_each_netdev(net, dev) { 2373 struct in_device *in_dev; 2374 2375 if (on) 2376 dev_disable_lro(dev); 2377 2378 in_dev = __in_dev_get_rtnl(dev); 2379 if (in_dev) { 2380 IN_DEV_CONF_SET(in_dev, FORWARDING, on); 2381 inet_netconf_notify_devconf(net, RTM_NEWNETCONF, 2382 NETCONFA_FORWARDING, 2383 dev->ifindex, &in_dev->cnf); 2384 } 2385 } 2386 } 2387 devinet_conf_ifindex(struct net * net,struct ipv4_devconf * cnf)2388 static int devinet_conf_ifindex(struct net *net, struct ipv4_devconf *cnf) 2389 { 2390 if (cnf == net->ipv4.devconf_dflt) 2391 return NETCONFA_IFINDEX_DEFAULT; 2392 else if (cnf == net->ipv4.devconf_all) 2393 return NETCONFA_IFINDEX_ALL; 2394 else { 2395 struct in_device *idev 2396 = container_of(cnf, struct in_device, cnf); 2397 return idev->dev->ifindex; 2398 } 2399 } 2400 devinet_conf_proc(const struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)2401 static int devinet_conf_proc(const struct ctl_table *ctl, int write, 2402 void *buffer, size_t *lenp, loff_t *ppos) 2403 { 2404 int old_value = *(int *)ctl->data; 2405 int ret = proc_dointvec(ctl, write, buffer, lenp, ppos); 2406 int new_value = *(int *)ctl->data; 2407 2408 if (write) { 2409 struct ipv4_devconf *cnf = ctl->extra1; 2410 struct net *net = ctl->extra2; 2411 int i = (int *)ctl->data - cnf->data; 2412 int ifindex; 2413 2414 set_bit(i, cnf->state); 2415 2416 if (cnf == net->ipv4.devconf_dflt) 2417 devinet_copy_dflt_conf(net, i); 2418 if (i == IPV4_DEVCONF_ACCEPT_LOCAL - 1 || 2419 i == IPV4_DEVCONF_ROUTE_LOCALNET - 1) 2420 if ((new_value == 0) && (old_value != 0)) 2421 rt_cache_flush(net); 2422 2423 if (i == IPV4_DEVCONF_BC_FORWARDING - 1 && 2424 new_value != old_value) 2425 rt_cache_flush(net); 2426 2427 if (i == IPV4_DEVCONF_RP_FILTER - 1 && 2428 new_value != old_value) { 2429 ifindex = devinet_conf_ifindex(net, cnf); 2430 inet_netconf_notify_devconf(net, RTM_NEWNETCONF, 2431 NETCONFA_RP_FILTER, 2432 ifindex, cnf); 2433 } 2434 if (i == IPV4_DEVCONF_PROXY_ARP - 1 && 2435 new_value != old_value) { 2436 ifindex = devinet_conf_ifindex(net, cnf); 2437 inet_netconf_notify_devconf(net, RTM_NEWNETCONF, 2438 NETCONFA_PROXY_NEIGH, 2439 ifindex, cnf); 2440 } 2441 if (i == IPV4_DEVCONF_IGNORE_ROUTES_WITH_LINKDOWN - 1 && 2442 new_value != old_value) { 2443 ifindex = devinet_conf_ifindex(net, cnf); 2444 inet_netconf_notify_devconf(net, RTM_NEWNETCONF, 2445 NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN, 2446 ifindex, cnf); 2447 } 2448 } 2449 2450 return ret; 2451 } 2452 devinet_sysctl_forward(const struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)2453 static int devinet_sysctl_forward(const struct ctl_table *ctl, int write, 2454 void *buffer, size_t *lenp, loff_t *ppos) 2455 { 2456 int *valp = ctl->data; 2457 int val = *valp; 2458 loff_t pos = *ppos; 2459 struct net *net = ctl->extra2; 2460 int ret; 2461 2462 if (write && !ns_capable(net->user_ns, CAP_NET_ADMIN)) 2463 return -EPERM; 2464 2465 ret = proc_dointvec(ctl, write, buffer, lenp, ppos); 2466 2467 if (write && *valp != val) { 2468 if (valp != &IPV4_DEVCONF_DFLT(net, FORWARDING)) { 2469 if (!rtnl_trylock()) { 2470 /* Restore the original values before restarting */ 2471 *valp = val; 2472 *ppos = pos; 2473 return restart_syscall(); 2474 } 2475 if (valp == &IPV4_DEVCONF_ALL(net, FORWARDING)) { 2476 inet_forward_change(net); 2477 } else { 2478 struct ipv4_devconf *cnf = ctl->extra1; 2479 struct in_device *idev = 2480 container_of(cnf, struct in_device, cnf); 2481 if (*valp) 2482 dev_disable_lro(idev->dev); 2483 inet_netconf_notify_devconf(net, RTM_NEWNETCONF, 2484 NETCONFA_FORWARDING, 2485 idev->dev->ifindex, 2486 cnf); 2487 } 2488 rtnl_unlock(); 2489 rt_cache_flush(net); 2490 } else 2491 inet_netconf_notify_devconf(net, RTM_NEWNETCONF, 2492 NETCONFA_FORWARDING, 2493 NETCONFA_IFINDEX_DEFAULT, 2494 net->ipv4.devconf_dflt); 2495 } 2496 2497 return ret; 2498 } 2499 ipv4_doint_and_flush(const struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)2500 static int ipv4_doint_and_flush(const struct ctl_table *ctl, int write, 2501 void *buffer, size_t *lenp, loff_t *ppos) 2502 { 2503 int *valp = ctl->data; 2504 int val = *valp; 2505 int ret = proc_dointvec(ctl, write, buffer, lenp, ppos); 2506 struct net *net = ctl->extra2; 2507 2508 if (write && *valp != val) 2509 rt_cache_flush(net); 2510 2511 return ret; 2512 } 2513 2514 #define DEVINET_SYSCTL_ENTRY(attr, name, mval, proc) \ 2515 { \ 2516 .procname = name, \ 2517 .data = ipv4_devconf.data + \ 2518 IPV4_DEVCONF_ ## attr - 1, \ 2519 .maxlen = sizeof(int), \ 2520 .mode = mval, \ 2521 .proc_handler = proc, \ 2522 .extra1 = &ipv4_devconf, \ 2523 } 2524 2525 #define DEVINET_SYSCTL_RW_ENTRY(attr, name) \ 2526 DEVINET_SYSCTL_ENTRY(attr, name, 0644, devinet_conf_proc) 2527 2528 #define DEVINET_SYSCTL_RO_ENTRY(attr, name) \ 2529 DEVINET_SYSCTL_ENTRY(attr, name, 0444, devinet_conf_proc) 2530 2531 #define DEVINET_SYSCTL_COMPLEX_ENTRY(attr, name, proc) \ 2532 DEVINET_SYSCTL_ENTRY(attr, name, 0644, proc) 2533 2534 #define DEVINET_SYSCTL_FLUSHING_ENTRY(attr, name) \ 2535 DEVINET_SYSCTL_COMPLEX_ENTRY(attr, name, ipv4_doint_and_flush) 2536 2537 static struct devinet_sysctl_table { 2538 struct ctl_table_header *sysctl_header; 2539 struct ctl_table devinet_vars[IPV4_DEVCONF_MAX]; 2540 } devinet_sysctl = { 2541 .devinet_vars = { 2542 DEVINET_SYSCTL_COMPLEX_ENTRY(FORWARDING, "forwarding", 2543 devinet_sysctl_forward), 2544 DEVINET_SYSCTL_RO_ENTRY(MC_FORWARDING, "mc_forwarding"), 2545 DEVINET_SYSCTL_RW_ENTRY(BC_FORWARDING, "bc_forwarding"), 2546 2547 DEVINET_SYSCTL_RW_ENTRY(ACCEPT_REDIRECTS, "accept_redirects"), 2548 DEVINET_SYSCTL_RW_ENTRY(SECURE_REDIRECTS, "secure_redirects"), 2549 DEVINET_SYSCTL_RW_ENTRY(SHARED_MEDIA, "shared_media"), 2550 DEVINET_SYSCTL_RW_ENTRY(RP_FILTER, "rp_filter"), 2551 DEVINET_SYSCTL_RW_ENTRY(SEND_REDIRECTS, "send_redirects"), 2552 DEVINET_SYSCTL_RW_ENTRY(ACCEPT_SOURCE_ROUTE, 2553 "accept_source_route"), 2554 DEVINET_SYSCTL_RW_ENTRY(ACCEPT_LOCAL, "accept_local"), 2555 DEVINET_SYSCTL_RW_ENTRY(SRC_VMARK, "src_valid_mark"), 2556 DEVINET_SYSCTL_RW_ENTRY(PROXY_ARP, "proxy_arp"), 2557 DEVINET_SYSCTL_RW_ENTRY(MEDIUM_ID, "medium_id"), 2558 DEVINET_SYSCTL_RW_ENTRY(BOOTP_RELAY, "bootp_relay"), 2559 DEVINET_SYSCTL_RW_ENTRY(LOG_MARTIANS, "log_martians"), 2560 DEVINET_SYSCTL_RW_ENTRY(TAG, "tag"), 2561 DEVINET_SYSCTL_RW_ENTRY(ARPFILTER, "arp_filter"), 2562 DEVINET_SYSCTL_RW_ENTRY(ARP_ANNOUNCE, "arp_announce"), 2563 DEVINET_SYSCTL_RW_ENTRY(ARP_IGNORE, "arp_ignore"), 2564 DEVINET_SYSCTL_RW_ENTRY(ARP_ACCEPT, "arp_accept"), 2565 DEVINET_SYSCTL_RW_ENTRY(ARP_NOTIFY, "arp_notify"), 2566 DEVINET_SYSCTL_RW_ENTRY(ARP_EVICT_NOCARRIER, 2567 "arp_evict_nocarrier"), 2568 DEVINET_SYSCTL_RW_ENTRY(PROXY_ARP_PVLAN, "proxy_arp_pvlan"), 2569 DEVINET_SYSCTL_RW_ENTRY(FORCE_IGMP_VERSION, 2570 "force_igmp_version"), 2571 DEVINET_SYSCTL_RW_ENTRY(IGMPV2_UNSOLICITED_REPORT_INTERVAL, 2572 "igmpv2_unsolicited_report_interval"), 2573 DEVINET_SYSCTL_RW_ENTRY(IGMPV3_UNSOLICITED_REPORT_INTERVAL, 2574 "igmpv3_unsolicited_report_interval"), 2575 DEVINET_SYSCTL_RW_ENTRY(IGNORE_ROUTES_WITH_LINKDOWN, 2576 "ignore_routes_with_linkdown"), 2577 DEVINET_SYSCTL_RW_ENTRY(DROP_GRATUITOUS_ARP, 2578 "drop_gratuitous_arp"), 2579 2580 DEVINET_SYSCTL_FLUSHING_ENTRY(NOXFRM, "disable_xfrm"), 2581 DEVINET_SYSCTL_FLUSHING_ENTRY(NOPOLICY, "disable_policy"), 2582 DEVINET_SYSCTL_FLUSHING_ENTRY(PROMOTE_SECONDARIES, 2583 "promote_secondaries"), 2584 DEVINET_SYSCTL_FLUSHING_ENTRY(ROUTE_LOCALNET, 2585 "route_localnet"), 2586 DEVINET_SYSCTL_FLUSHING_ENTRY(DROP_UNICAST_IN_L2_MULTICAST, 2587 "drop_unicast_in_l2_multicast"), 2588 }, 2589 }; 2590 __devinet_sysctl_register(struct net * net,char * dev_name,int ifindex,struct ipv4_devconf * p)2591 static int __devinet_sysctl_register(struct net *net, char *dev_name, 2592 int ifindex, struct ipv4_devconf *p) 2593 { 2594 int i; 2595 struct devinet_sysctl_table *t; 2596 char path[sizeof("net/ipv4/conf/") + IFNAMSIZ]; 2597 2598 t = kmemdup(&devinet_sysctl, sizeof(*t), GFP_KERNEL_ACCOUNT); 2599 if (!t) 2600 goto out; 2601 2602 for (i = 0; i < ARRAY_SIZE(t->devinet_vars); i++) { 2603 t->devinet_vars[i].data += (char *)p - (char *)&ipv4_devconf; 2604 t->devinet_vars[i].extra1 = p; 2605 t->devinet_vars[i].extra2 = net; 2606 } 2607 2608 snprintf(path, sizeof(path), "net/ipv4/conf/%s", dev_name); 2609 2610 t->sysctl_header = register_net_sysctl(net, path, t->devinet_vars); 2611 if (!t->sysctl_header) 2612 goto free; 2613 2614 p->sysctl = t; 2615 2616 inet_netconf_notify_devconf(net, RTM_NEWNETCONF, NETCONFA_ALL, 2617 ifindex, p); 2618 return 0; 2619 2620 free: 2621 kfree(t); 2622 out: 2623 return -ENOMEM; 2624 } 2625 __devinet_sysctl_unregister(struct net * net,struct ipv4_devconf * cnf,int ifindex)2626 static void __devinet_sysctl_unregister(struct net *net, 2627 struct ipv4_devconf *cnf, int ifindex) 2628 { 2629 struct devinet_sysctl_table *t = cnf->sysctl; 2630 2631 if (t) { 2632 cnf->sysctl = NULL; 2633 unregister_net_sysctl_table(t->sysctl_header); 2634 kfree(t); 2635 } 2636 2637 inet_netconf_notify_devconf(net, RTM_DELNETCONF, 0, ifindex, NULL); 2638 } 2639 devinet_sysctl_register(struct in_device * idev)2640 static int devinet_sysctl_register(struct in_device *idev) 2641 { 2642 int err; 2643 2644 if (!sysctl_dev_name_is_allowed(idev->dev->name)) 2645 return -EINVAL; 2646 2647 err = neigh_sysctl_register(idev->dev, idev->arp_parms, NULL); 2648 if (err) 2649 return err; 2650 err = __devinet_sysctl_register(dev_net(idev->dev), idev->dev->name, 2651 idev->dev->ifindex, &idev->cnf); 2652 if (err) 2653 neigh_sysctl_unregister(idev->arp_parms); 2654 return err; 2655 } 2656 devinet_sysctl_unregister(struct in_device * idev)2657 static void devinet_sysctl_unregister(struct in_device *idev) 2658 { 2659 struct net *net = dev_net(idev->dev); 2660 2661 __devinet_sysctl_unregister(net, &idev->cnf, idev->dev->ifindex); 2662 neigh_sysctl_unregister(idev->arp_parms); 2663 } 2664 2665 static struct ctl_table ctl_forward_entry[] = { 2666 { 2667 .procname = "ip_forward", 2668 .data = &ipv4_devconf.data[ 2669 IPV4_DEVCONF_FORWARDING - 1], 2670 .maxlen = sizeof(int), 2671 .mode = 0644, 2672 .proc_handler = devinet_sysctl_forward, 2673 .extra1 = &ipv4_devconf, 2674 .extra2 = &init_net, 2675 }, 2676 }; 2677 #endif 2678 devinet_init_net(struct net * net)2679 static __net_init int devinet_init_net(struct net *net) 2680 { 2681 int err; 2682 struct ipv4_devconf *all, *dflt; 2683 #ifdef CONFIG_SYSCTL 2684 struct ctl_table *tbl; 2685 struct ctl_table_header *forw_hdr; 2686 #endif 2687 2688 err = -ENOMEM; 2689 all = kmemdup(&ipv4_devconf, sizeof(ipv4_devconf), GFP_KERNEL); 2690 if (!all) 2691 goto err_alloc_all; 2692 2693 dflt = kmemdup(&ipv4_devconf_dflt, sizeof(ipv4_devconf_dflt), GFP_KERNEL); 2694 if (!dflt) 2695 goto err_alloc_dflt; 2696 2697 #ifdef CONFIG_SYSCTL 2698 tbl = kmemdup(ctl_forward_entry, sizeof(ctl_forward_entry), GFP_KERNEL); 2699 if (!tbl) 2700 goto err_alloc_ctl; 2701 2702 tbl[0].data = &all->data[IPV4_DEVCONF_FORWARDING - 1]; 2703 tbl[0].extra1 = all; 2704 tbl[0].extra2 = net; 2705 #endif 2706 2707 if (!net_eq(net, &init_net)) { 2708 switch (net_inherit_devconf()) { 2709 case 3: 2710 /* copy from the current netns */ 2711 memcpy(all, current->nsproxy->net_ns->ipv4.devconf_all, 2712 sizeof(ipv4_devconf)); 2713 memcpy(dflt, 2714 current->nsproxy->net_ns->ipv4.devconf_dflt, 2715 sizeof(ipv4_devconf_dflt)); 2716 break; 2717 case 0: 2718 case 1: 2719 /* copy from init_net */ 2720 memcpy(all, init_net.ipv4.devconf_all, 2721 sizeof(ipv4_devconf)); 2722 memcpy(dflt, init_net.ipv4.devconf_dflt, 2723 sizeof(ipv4_devconf_dflt)); 2724 break; 2725 case 2: 2726 /* use compiled values */ 2727 break; 2728 } 2729 } 2730 2731 #ifdef CONFIG_SYSCTL 2732 err = __devinet_sysctl_register(net, "all", NETCONFA_IFINDEX_ALL, all); 2733 if (err < 0) 2734 goto err_reg_all; 2735 2736 err = __devinet_sysctl_register(net, "default", 2737 NETCONFA_IFINDEX_DEFAULT, dflt); 2738 if (err < 0) 2739 goto err_reg_dflt; 2740 2741 err = -ENOMEM; 2742 forw_hdr = register_net_sysctl_sz(net, "net/ipv4", tbl, 2743 ARRAY_SIZE(ctl_forward_entry)); 2744 if (!forw_hdr) 2745 goto err_reg_ctl; 2746 net->ipv4.forw_hdr = forw_hdr; 2747 #endif 2748 2749 net->ipv4.devconf_all = all; 2750 net->ipv4.devconf_dflt = dflt; 2751 return 0; 2752 2753 #ifdef CONFIG_SYSCTL 2754 err_reg_ctl: 2755 __devinet_sysctl_unregister(net, dflt, NETCONFA_IFINDEX_DEFAULT); 2756 err_reg_dflt: 2757 __devinet_sysctl_unregister(net, all, NETCONFA_IFINDEX_ALL); 2758 err_reg_all: 2759 kfree(tbl); 2760 err_alloc_ctl: 2761 #endif 2762 kfree(dflt); 2763 err_alloc_dflt: 2764 kfree(all); 2765 err_alloc_all: 2766 return err; 2767 } 2768 devinet_exit_net(struct net * net)2769 static __net_exit void devinet_exit_net(struct net *net) 2770 { 2771 #ifdef CONFIG_SYSCTL 2772 const struct ctl_table *tbl; 2773 2774 tbl = net->ipv4.forw_hdr->ctl_table_arg; 2775 unregister_net_sysctl_table(net->ipv4.forw_hdr); 2776 __devinet_sysctl_unregister(net, net->ipv4.devconf_dflt, 2777 NETCONFA_IFINDEX_DEFAULT); 2778 __devinet_sysctl_unregister(net, net->ipv4.devconf_all, 2779 NETCONFA_IFINDEX_ALL); 2780 kfree(tbl); 2781 #endif 2782 kfree(net->ipv4.devconf_dflt); 2783 kfree(net->ipv4.devconf_all); 2784 } 2785 2786 static __net_initdata struct pernet_operations devinet_ops = { 2787 .init = devinet_init_net, 2788 .exit = devinet_exit_net, 2789 }; 2790 2791 static struct rtnl_af_ops inet_af_ops __read_mostly = { 2792 .family = AF_INET, 2793 .fill_link_af = inet_fill_link_af, 2794 .get_link_af_size = inet_get_link_af_size, 2795 .validate_link_af = inet_validate_link_af, 2796 .set_link_af = inet_set_link_af, 2797 }; 2798 devinet_init(void)2799 void __init devinet_init(void) 2800 { 2801 int i; 2802 2803 for (i = 0; i < IN4_ADDR_HSIZE; i++) 2804 INIT_HLIST_HEAD(&inet_addr_lst[i]); 2805 2806 register_pernet_subsys(&devinet_ops); 2807 register_netdevice_notifier(&ip_netdev_notifier); 2808 2809 queue_delayed_work(system_power_efficient_wq, &check_lifetime_work, 0); 2810 2811 rtnl_af_register(&inet_af_ops); 2812 2813 rtnl_register(PF_INET, RTM_NEWADDR, inet_rtm_newaddr, NULL, 0); 2814 rtnl_register(PF_INET, RTM_DELADDR, inet_rtm_deladdr, NULL, 0); 2815 rtnl_register(PF_INET, RTM_GETADDR, NULL, inet_dump_ifaddr, 2816 RTNL_FLAG_DUMP_UNLOCKED | RTNL_FLAG_DUMP_SPLIT_NLM_DONE); 2817 rtnl_register(PF_INET, RTM_GETNETCONF, inet_netconf_get_devconf, 2818 inet_netconf_dump_devconf, 2819 RTNL_FLAG_DOIT_UNLOCKED | RTNL_FLAG_DUMP_UNLOCKED); 2820 } 2821