Version:  2.0.40 2.2.26 2.4.37 3.5 3.6 3.7 3.8 3.9 3.10 3.11 3.12 3.13 3.14 3.15 3.16 3.17 3.18 3.19 4.0 4.1

Linux/net/ipv6/ip6mr.c

  1 /*
  2  *      Linux IPv6 multicast routing support for BSD pim6sd
  3  *      Based on net/ipv4/ipmr.c.
  4  *
  5  *      (c) 2004 Mickael Hoerdt, <hoerdt@clarinet.u-strasbg.fr>
  6  *              LSIIT Laboratory, Strasbourg, France
  7  *      (c) 2004 Jean-Philippe Andriot, <jean-philippe.andriot@6WIND.com>
  8  *              6WIND, Paris, France
  9  *      Copyright (C)2007,2008 USAGI/WIDE Project
 10  *              YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
 11  *
 12  *      This program is free software; you can redistribute it and/or
 13  *      modify it under the terms of the GNU General Public License
 14  *      as published by the Free Software Foundation; either version
 15  *      2 of the License, or (at your option) any later version.
 16  *
 17  */
 18 
 19 #include <asm/uaccess.h>
 20 #include <linux/types.h>
 21 #include <linux/sched.h>
 22 #include <linux/errno.h>
 23 #include <linux/timer.h>
 24 #include <linux/mm.h>
 25 #include <linux/kernel.h>
 26 #include <linux/fcntl.h>
 27 #include <linux/stat.h>
 28 #include <linux/socket.h>
 29 #include <linux/inet.h>
 30 #include <linux/netdevice.h>
 31 #include <linux/inetdevice.h>
 32 #include <linux/proc_fs.h>
 33 #include <linux/seq_file.h>
 34 #include <linux/init.h>
 35 #include <linux/slab.h>
 36 #include <linux/compat.h>
 37 #include <net/protocol.h>
 38 #include <linux/skbuff.h>
 39 #include <net/sock.h>
 40 #include <net/raw.h>
 41 #include <linux/notifier.h>
 42 #include <linux/if_arp.h>
 43 #include <net/checksum.h>
 44 #include <net/netlink.h>
 45 #include <net/fib_rules.h>
 46 
 47 #include <net/ipv6.h>
 48 #include <net/ip6_route.h>
 49 #include <linux/mroute6.h>
 50 #include <linux/pim.h>
 51 #include <net/addrconf.h>
 52 #include <linux/netfilter_ipv6.h>
 53 #include <linux/export.h>
 54 #include <net/ip6_checksum.h>
 55 #include <linux/netconf.h>
 56 
 57 struct mr6_table {
 58         struct list_head        list;
 59         possible_net_t          net;
 60         u32                     id;
 61         struct sock             *mroute6_sk;
 62         struct timer_list       ipmr_expire_timer;
 63         struct list_head        mfc6_unres_queue;
 64         struct list_head        mfc6_cache_array[MFC6_LINES];
 65         struct mif_device       vif6_table[MAXMIFS];
 66         int                     maxvif;
 67         atomic_t                cache_resolve_queue_len;
 68         bool                    mroute_do_assert;
 69         bool                    mroute_do_pim;
 70 #ifdef CONFIG_IPV6_PIMSM_V2
 71         int                     mroute_reg_vif_num;
 72 #endif
 73 };
 74 
 75 struct ip6mr_rule {
 76         struct fib_rule         common;
 77 };
 78 
 79 struct ip6mr_result {
 80         struct mr6_table        *mrt;
 81 };
 82 
 83 /* Big lock, protecting vif table, mrt cache and mroute socket state.
 84    Note that the changes are semaphored via rtnl_lock.
 85  */
 86 
 87 static DEFINE_RWLOCK(mrt_lock);
 88 
 89 /*
 90  *      Multicast router control variables
 91  */
 92 
 93 #define MIF_EXISTS(_mrt, _idx) ((_mrt)->vif6_table[_idx].dev != NULL)
 94 
 95 /* Special spinlock for queue of unresolved entries */
 96 static DEFINE_SPINLOCK(mfc_unres_lock);
 97 
 98 /* We return to original Alan's scheme. Hash table of resolved
 99    entries is changed only in process context and protected
100    with weak lock mrt_lock. Queue of unresolved entries is protected
101    with strong spinlock mfc_unres_lock.
102 
103    In this case data path is free of exclusive locks at all.
104  */
105 
106 static struct kmem_cache *mrt_cachep __read_mostly;
107 
108 static struct mr6_table *ip6mr_new_table(struct net *net, u32 id);
109 static void ip6mr_free_table(struct mr6_table *mrt);
110 
111 static void ip6_mr_forward(struct net *net, struct mr6_table *mrt,
112                            struct sk_buff *skb, struct mfc6_cache *cache);
113 static int ip6mr_cache_report(struct mr6_table *mrt, struct sk_buff *pkt,
114                               mifi_t mifi, int assert);
115 static int __ip6mr_fill_mroute(struct mr6_table *mrt, struct sk_buff *skb,
116                                struct mfc6_cache *c, struct rtmsg *rtm);
117 static void mr6_netlink_event(struct mr6_table *mrt, struct mfc6_cache *mfc,
118                               int cmd);
119 static int ip6mr_rtm_dumproute(struct sk_buff *skb,
120                                struct netlink_callback *cb);
121 static void mroute_clean_tables(struct mr6_table *mrt);
122 static void ipmr_expire_process(unsigned long arg);
123 
124 #ifdef CONFIG_IPV6_MROUTE_MULTIPLE_TABLES
125 #define ip6mr_for_each_table(mrt, net) \
126         list_for_each_entry_rcu(mrt, &net->ipv6.mr6_tables, list)
127 
128 static struct mr6_table *ip6mr_get_table(struct net *net, u32 id)
129 {
130         struct mr6_table *mrt;
131 
132         ip6mr_for_each_table(mrt, net) {
133                 if (mrt->id == id)
134                         return mrt;
135         }
136         return NULL;
137 }
138 
139 static int ip6mr_fib_lookup(struct net *net, struct flowi6 *flp6,
140                             struct mr6_table **mrt)
141 {
142         int err;
143         struct ip6mr_result res;
144         struct fib_lookup_arg arg = {
145                 .result = &res,
146                 .flags = FIB_LOOKUP_NOREF,
147         };
148 
149         err = fib_rules_lookup(net->ipv6.mr6_rules_ops,
150                                flowi6_to_flowi(flp6), 0, &arg);
151         if (err < 0)
152                 return err;
153         *mrt = res.mrt;
154         return 0;
155 }
156 
157 static int ip6mr_rule_action(struct fib_rule *rule, struct flowi *flp,
158                              int flags, struct fib_lookup_arg *arg)
159 {
160         struct ip6mr_result *res = arg->result;
161         struct mr6_table *mrt;
162 
163         switch (rule->action) {
164         case FR_ACT_TO_TBL:
165                 break;
166         case FR_ACT_UNREACHABLE:
167                 return -ENETUNREACH;
168         case FR_ACT_PROHIBIT:
169                 return -EACCES;
170         case FR_ACT_BLACKHOLE:
171         default:
172                 return -EINVAL;
173         }
174 
175         mrt = ip6mr_get_table(rule->fr_net, rule->table);
176         if (!mrt)
177                 return -EAGAIN;
178         res->mrt = mrt;
179         return 0;
180 }
181 
182 static int ip6mr_rule_match(struct fib_rule *rule, struct flowi *flp, int flags)
183 {
184         return 1;
185 }
186 
187 static const struct nla_policy ip6mr_rule_policy[FRA_MAX + 1] = {
188         FRA_GENERIC_POLICY,
189 };
190 
191 static int ip6mr_rule_configure(struct fib_rule *rule, struct sk_buff *skb,
192                                 struct fib_rule_hdr *frh, struct nlattr **tb)
193 {
194         return 0;
195 }
196 
197 static int ip6mr_rule_compare(struct fib_rule *rule, struct fib_rule_hdr *frh,
198                               struct nlattr **tb)
199 {
200         return 1;
201 }
202 
203 static int ip6mr_rule_fill(struct fib_rule *rule, struct sk_buff *skb,
204                            struct fib_rule_hdr *frh)
205 {
206         frh->dst_len = 0;
207         frh->src_len = 0;
208         frh->tos     = 0;
209         return 0;
210 }
211 
212 static const struct fib_rules_ops __net_initconst ip6mr_rules_ops_template = {
213         .family         = RTNL_FAMILY_IP6MR,
214         .rule_size      = sizeof(struct ip6mr_rule),
215         .addr_size      = sizeof(struct in6_addr),
216         .action         = ip6mr_rule_action,
217         .match          = ip6mr_rule_match,
218         .configure      = ip6mr_rule_configure,
219         .compare        = ip6mr_rule_compare,
220         .default_pref   = fib_default_rule_pref,
221         .fill           = ip6mr_rule_fill,
222         .nlgroup        = RTNLGRP_IPV6_RULE,
223         .policy         = ip6mr_rule_policy,
224         .owner          = THIS_MODULE,
225 };
226 
227 static int __net_init ip6mr_rules_init(struct net *net)
228 {
229         struct fib_rules_ops *ops;
230         struct mr6_table *mrt;
231         int err;
232 
233         ops = fib_rules_register(&ip6mr_rules_ops_template, net);
234         if (IS_ERR(ops))
235                 return PTR_ERR(ops);
236 
237         INIT_LIST_HEAD(&net->ipv6.mr6_tables);
238 
239         mrt = ip6mr_new_table(net, RT6_TABLE_DFLT);
240         if (!mrt) {
241                 err = -ENOMEM;
242                 goto err1;
243         }
244 
245         err = fib_default_rule_add(ops, 0x7fff, RT6_TABLE_DFLT, 0);
246         if (err < 0)
247                 goto err2;
248 
249         net->ipv6.mr6_rules_ops = ops;
250         return 0;
251 
252 err2:
253         ip6mr_free_table(mrt);
254 err1:
255         fib_rules_unregister(ops);
256         return err;
257 }
258 
259 static void __net_exit ip6mr_rules_exit(struct net *net)
260 {
261         struct mr6_table *mrt, *next;
262 
263         rtnl_lock();
264         list_for_each_entry_safe(mrt, next, &net->ipv6.mr6_tables, list) {
265                 list_del(&mrt->list);
266                 ip6mr_free_table(mrt);
267         }
268         fib_rules_unregister(net->ipv6.mr6_rules_ops);
269         rtnl_unlock();
270 }
271 #else
272 #define ip6mr_for_each_table(mrt, net) \
273         for (mrt = net->ipv6.mrt6; mrt; mrt = NULL)
274 
275 static struct mr6_table *ip6mr_get_table(struct net *net, u32 id)
276 {
277         return net->ipv6.mrt6;
278 }
279 
280 static int ip6mr_fib_lookup(struct net *net, struct flowi6 *flp6,
281                             struct mr6_table **mrt)
282 {
283         *mrt = net->ipv6.mrt6;
284         return 0;
285 }
286 
287 static int __net_init ip6mr_rules_init(struct net *net)
288 {
289         net->ipv6.mrt6 = ip6mr_new_table(net, RT6_TABLE_DFLT);
290         return net->ipv6.mrt6 ? 0 : -ENOMEM;
291 }
292 
293 static void __net_exit ip6mr_rules_exit(struct net *net)
294 {
295         rtnl_lock();
296         ip6mr_free_table(net->ipv6.mrt6);
297         net->ipv6.mrt6 = NULL;
298         rtnl_unlock();
299 }
300 #endif
301 
302 static struct mr6_table *ip6mr_new_table(struct net *net, u32 id)
303 {
304         struct mr6_table *mrt;
305         unsigned int i;
306 
307         mrt = ip6mr_get_table(net, id);
308         if (mrt)
309                 return mrt;
310 
311         mrt = kzalloc(sizeof(*mrt), GFP_KERNEL);
312         if (!mrt)
313                 return NULL;
314         mrt->id = id;
315         write_pnet(&mrt->net, net);
316 
317         /* Forwarding cache */
318         for (i = 0; i < MFC6_LINES; i++)
319                 INIT_LIST_HEAD(&mrt->mfc6_cache_array[i]);
320 
321         INIT_LIST_HEAD(&mrt->mfc6_unres_queue);
322 
323         setup_timer(&mrt->ipmr_expire_timer, ipmr_expire_process,
324                     (unsigned long)mrt);
325 
326 #ifdef CONFIG_IPV6_PIMSM_V2
327         mrt->mroute_reg_vif_num = -1;
328 #endif
329 #ifdef CONFIG_IPV6_MROUTE_MULTIPLE_TABLES
330         list_add_tail_rcu(&mrt->list, &net->ipv6.mr6_tables);
331 #endif
332         return mrt;
333 }
334 
335 static void ip6mr_free_table(struct mr6_table *mrt)
336 {
337         del_timer_sync(&mrt->ipmr_expire_timer);
338         mroute_clean_tables(mrt);
339         kfree(mrt);
340 }
341 
342 #ifdef CONFIG_PROC_FS
343 
344 struct ipmr_mfc_iter {
345         struct seq_net_private p;
346         struct mr6_table *mrt;
347         struct list_head *cache;
348         int ct;
349 };
350 
351 
352 static struct mfc6_cache *ipmr_mfc_seq_idx(struct net *net,
353                                            struct ipmr_mfc_iter *it, loff_t pos)
354 {
355         struct mr6_table *mrt = it->mrt;
356         struct mfc6_cache *mfc;
357 
358         read_lock(&mrt_lock);
359         for (it->ct = 0; it->ct < MFC6_LINES; it->ct++) {
360                 it->cache = &mrt->mfc6_cache_array[it->ct];
361                 list_for_each_entry(mfc, it->cache, list)
362                         if (pos-- == 0)
363                                 return mfc;
364         }
365         read_unlock(&mrt_lock);
366 
367         spin_lock_bh(&mfc_unres_lock);
368         it->cache = &mrt->mfc6_unres_queue;
369         list_for_each_entry(mfc, it->cache, list)
370                 if (pos-- == 0)
371                         return mfc;
372         spin_unlock_bh(&mfc_unres_lock);
373 
374         it->cache = NULL;
375         return NULL;
376 }
377 
378 /*
379  *      The /proc interfaces to multicast routing /proc/ip6_mr_cache /proc/ip6_mr_vif
380  */
381 
382 struct ipmr_vif_iter {
383         struct seq_net_private p;
384         struct mr6_table *mrt;
385         int ct;
386 };
387 
388 static struct mif_device *ip6mr_vif_seq_idx(struct net *net,
389                                             struct ipmr_vif_iter *iter,
390                                             loff_t pos)
391 {
392         struct mr6_table *mrt = iter->mrt;
393 
394         for (iter->ct = 0; iter->ct < mrt->maxvif; ++iter->ct) {
395                 if (!MIF_EXISTS(mrt, iter->ct))
396                         continue;
397                 if (pos-- == 0)
398                         return &mrt->vif6_table[iter->ct];
399         }
400         return NULL;
401 }
402 
403 static void *ip6mr_vif_seq_start(struct seq_file *seq, loff_t *pos)
404         __acquires(mrt_lock)
405 {
406         struct ipmr_vif_iter *iter = seq->private;
407         struct net *net = seq_file_net(seq);
408         struct mr6_table *mrt;
409 
410         mrt = ip6mr_get_table(net, RT6_TABLE_DFLT);
411         if (!mrt)
412                 return ERR_PTR(-ENOENT);
413 
414         iter->mrt = mrt;
415 
416         read_lock(&mrt_lock);
417         return *pos ? ip6mr_vif_seq_idx(net, seq->private, *pos - 1)
418                 : SEQ_START_TOKEN;
419 }
420 
421 static void *ip6mr_vif_seq_next(struct seq_file *seq, void *v, loff_t *pos)
422 {
423         struct ipmr_vif_iter *iter = seq->private;
424         struct net *net = seq_file_net(seq);
425         struct mr6_table *mrt = iter->mrt;
426 
427         ++*pos;
428         if (v == SEQ_START_TOKEN)
429                 return ip6mr_vif_seq_idx(net, iter, 0);
430 
431         while (++iter->ct < mrt->maxvif) {
432                 if (!MIF_EXISTS(mrt, iter->ct))
433                         continue;
434                 return &mrt->vif6_table[iter->ct];
435         }
436         return NULL;
437 }
438 
439 static void ip6mr_vif_seq_stop(struct seq_file *seq, void *v)
440         __releases(mrt_lock)
441 {
442         read_unlock(&mrt_lock);
443 }
444 
445 static int ip6mr_vif_seq_show(struct seq_file *seq, void *v)
446 {
447         struct ipmr_vif_iter *iter = seq->private;
448         struct mr6_table *mrt = iter->mrt;
449 
450         if (v == SEQ_START_TOKEN) {
451                 seq_puts(seq,
452                          "Interface      BytesIn  PktsIn  BytesOut PktsOut Flags\n");
453         } else {
454                 const struct mif_device *vif = v;
455                 const char *name = vif->dev ? vif->dev->name : "none";
456 
457                 seq_printf(seq,
458                            "%2td %-10s %8ld %7ld  %8ld %7ld %05X\n",
459                            vif - mrt->vif6_table,
460                            name, vif->bytes_in, vif->pkt_in,
461                            vif->bytes_out, vif->pkt_out,
462                            vif->flags);
463         }
464         return 0;
465 }
466 
467 static const struct seq_operations ip6mr_vif_seq_ops = {
468         .start = ip6mr_vif_seq_start,
469         .next  = ip6mr_vif_seq_next,
470         .stop  = ip6mr_vif_seq_stop,
471         .show  = ip6mr_vif_seq_show,
472 };
473 
474 static int ip6mr_vif_open(struct inode *inode, struct file *file)
475 {
476         return seq_open_net(inode, file, &ip6mr_vif_seq_ops,
477                             sizeof(struct ipmr_vif_iter));
478 }
479 
480 static const struct file_operations ip6mr_vif_fops = {
481         .owner   = THIS_MODULE,
482         .open    = ip6mr_vif_open,
483         .read    = seq_read,
484         .llseek  = seq_lseek,
485         .release = seq_release_net,
486 };
487 
488 static void *ipmr_mfc_seq_start(struct seq_file *seq, loff_t *pos)
489 {
490         struct ipmr_mfc_iter *it = seq->private;
491         struct net *net = seq_file_net(seq);
492         struct mr6_table *mrt;
493 
494         mrt = ip6mr_get_table(net, RT6_TABLE_DFLT);
495         if (!mrt)
496                 return ERR_PTR(-ENOENT);
497 
498         it->mrt = mrt;
499         return *pos ? ipmr_mfc_seq_idx(net, seq->private, *pos - 1)
500                 : SEQ_START_TOKEN;
501 }
502 
503 static void *ipmr_mfc_seq_next(struct seq_file *seq, void *v, loff_t *pos)
504 {
505         struct mfc6_cache *mfc = v;
506         struct ipmr_mfc_iter *it = seq->private;
507         struct net *net = seq_file_net(seq);
508         struct mr6_table *mrt = it->mrt;
509 
510         ++*pos;
511 
512         if (v == SEQ_START_TOKEN)
513                 return ipmr_mfc_seq_idx(net, seq->private, 0);
514 
515         if (mfc->list.next != it->cache)
516                 return list_entry(mfc->list.next, struct mfc6_cache, list);
517 
518         if (it->cache == &mrt->mfc6_unres_queue)
519                 goto end_of_list;
520 
521         BUG_ON(it->cache != &mrt->mfc6_cache_array[it->ct]);
522 
523         while (++it->ct < MFC6_LINES) {
524                 it->cache = &mrt->mfc6_cache_array[it->ct];
525                 if (list_empty(it->cache))
526                         continue;
527                 return list_first_entry(it->cache, struct mfc6_cache, list);
528         }
529 
530         /* exhausted cache_array, show unresolved */
531         read_unlock(&mrt_lock);
532         it->cache = &mrt->mfc6_unres_queue;
533         it->ct = 0;
534 
535         spin_lock_bh(&mfc_unres_lock);
536         if (!list_empty(it->cache))
537                 return list_first_entry(it->cache, struct mfc6_cache, list);
538 
539  end_of_list:
540         spin_unlock_bh(&mfc_unres_lock);
541         it->cache = NULL;
542 
543         return NULL;
544 }
545 
546 static void ipmr_mfc_seq_stop(struct seq_file *seq, void *v)
547 {
548         struct ipmr_mfc_iter *it = seq->private;
549         struct mr6_table *mrt = it->mrt;
550 
551         if (it->cache == &mrt->mfc6_unres_queue)
552                 spin_unlock_bh(&mfc_unres_lock);
553         else if (it->cache == mrt->mfc6_cache_array)
554                 read_unlock(&mrt_lock);
555 }
556 
557 static int ipmr_mfc_seq_show(struct seq_file *seq, void *v)
558 {
559         int n;
560 
561         if (v == SEQ_START_TOKEN) {
562                 seq_puts(seq,
563                          "Group                            "
564                          "Origin                           "
565                          "Iif      Pkts  Bytes     Wrong  Oifs\n");
566         } else {
567                 const struct mfc6_cache *mfc = v;
568                 const struct ipmr_mfc_iter *it = seq->private;
569                 struct mr6_table *mrt = it->mrt;
570 
571                 seq_printf(seq, "%pI6 %pI6 %-3hd",
572                            &mfc->mf6c_mcastgrp, &mfc->mf6c_origin,
573                            mfc->mf6c_parent);
574 
575                 if (it->cache != &mrt->mfc6_unres_queue) {
576                         seq_printf(seq, " %8lu %8lu %8lu",
577                                    mfc->mfc_un.res.pkt,
578                                    mfc->mfc_un.res.bytes,
579                                    mfc->mfc_un.res.wrong_if);
580                         for (n = mfc->mfc_un.res.minvif;
581                              n < mfc->mfc_un.res.maxvif; n++) {
582                                 if (MIF_EXISTS(mrt, n) &&
583                                     mfc->mfc_un.res.ttls[n] < 255)
584                                         seq_printf(seq,
585                                                    " %2d:%-3d",
586                                                    n, mfc->mfc_un.res.ttls[n]);
587                         }
588                 } else {
589                         /* unresolved mfc_caches don't contain
590                          * pkt, bytes and wrong_if values
591                          */
592                         seq_printf(seq, " %8lu %8lu %8lu", 0ul, 0ul, 0ul);
593                 }
594                 seq_putc(seq, '\n');
595         }
596         return 0;
597 }
598 
599 static const struct seq_operations ipmr_mfc_seq_ops = {
600         .start = ipmr_mfc_seq_start,
601         .next  = ipmr_mfc_seq_next,
602         .stop  = ipmr_mfc_seq_stop,
603         .show  = ipmr_mfc_seq_show,
604 };
605 
606 static int ipmr_mfc_open(struct inode *inode, struct file *file)
607 {
608         return seq_open_net(inode, file, &ipmr_mfc_seq_ops,
609                             sizeof(struct ipmr_mfc_iter));
610 }
611 
612 static const struct file_operations ip6mr_mfc_fops = {
613         .owner   = THIS_MODULE,
614         .open    = ipmr_mfc_open,
615         .read    = seq_read,
616         .llseek  = seq_lseek,
617         .release = seq_release_net,
618 };
619 #endif
620 
621 #ifdef CONFIG_IPV6_PIMSM_V2
622 
623 static int pim6_rcv(struct sk_buff *skb)
624 {
625         struct pimreghdr *pim;
626         struct ipv6hdr   *encap;
627         struct net_device  *reg_dev = NULL;
628         struct net *net = dev_net(skb->dev);
629         struct mr6_table *mrt;
630         struct flowi6 fl6 = {
631                 .flowi6_iif     = skb->dev->ifindex,
632                 .flowi6_mark    = skb->mark,
633         };
634         int reg_vif_num;
635 
636         if (!pskb_may_pull(skb, sizeof(*pim) + sizeof(*encap)))
637                 goto drop;
638 
639         pim = (struct pimreghdr *)skb_transport_header(skb);
640         if (pim->type != ((PIM_VERSION << 4) | PIM_REGISTER) ||
641             (pim->flags & PIM_NULL_REGISTER) ||
642             (csum_ipv6_magic(&ipv6_hdr(skb)->saddr, &ipv6_hdr(skb)->daddr,
643                              sizeof(*pim), IPPROTO_PIM,
644                              csum_partial((void *)pim, sizeof(*pim), 0)) &&
645              csum_fold(skb_checksum(skb, 0, skb->len, 0))))
646                 goto drop;
647 
648         /* check if the inner packet is destined to mcast group */
649         encap = (struct ipv6hdr *)(skb_transport_header(skb) +
650                                    sizeof(*pim));
651 
652         if (!ipv6_addr_is_multicast(&encap->daddr) ||
653             encap->payload_len == 0 ||
654             ntohs(encap->payload_len) + sizeof(*pim) > skb->len)
655                 goto drop;
656 
657         if (ip6mr_fib_lookup(net, &fl6, &mrt) < 0)
658                 goto drop;
659         reg_vif_num = mrt->mroute_reg_vif_num;
660 
661         read_lock(&mrt_lock);
662         if (reg_vif_num >= 0)
663                 reg_dev = mrt->vif6_table[reg_vif_num].dev;
664         if (reg_dev)
665                 dev_hold(reg_dev);
666         read_unlock(&mrt_lock);
667 
668         if (!reg_dev)
669                 goto drop;
670 
671         skb->mac_header = skb->network_header;
672         skb_pull(skb, (u8 *)encap - skb->data);
673         skb_reset_network_header(skb);
674         skb->protocol = htons(ETH_P_IPV6);
675         skb->ip_summed = CHECKSUM_NONE;
676 
677         skb_tunnel_rx(skb, reg_dev, dev_net(reg_dev));
678 
679         netif_rx(skb);
680 
681         dev_put(reg_dev);
682         return 0;
683  drop:
684         kfree_skb(skb);
685         return 0;
686 }
687 
688 static const struct inet6_protocol pim6_protocol = {
689         .handler        =       pim6_rcv,
690 };
691 
692 /* Service routines creating virtual interfaces: PIMREG */
693 
694 static netdev_tx_t reg_vif_xmit(struct sk_buff *skb,
695                                       struct net_device *dev)
696 {
697         struct net *net = dev_net(dev);
698         struct mr6_table *mrt;
699         struct flowi6 fl6 = {
700                 .flowi6_oif     = dev->ifindex,
701                 .flowi6_iif     = skb->skb_iif ? : LOOPBACK_IFINDEX,
702                 .flowi6_mark    = skb->mark,
703         };
704         int err;
705 
706         err = ip6mr_fib_lookup(net, &fl6, &mrt);
707         if (err < 0) {
708                 kfree_skb(skb);
709                 return err;
710         }
711 
712         read_lock(&mrt_lock);
713         dev->stats.tx_bytes += skb->len;
714         dev->stats.tx_packets++;
715         ip6mr_cache_report(mrt, skb, mrt->mroute_reg_vif_num, MRT6MSG_WHOLEPKT);
716         read_unlock(&mrt_lock);
717         kfree_skb(skb);
718         return NETDEV_TX_OK;
719 }
720 
721 static int reg_vif_get_iflink(const struct net_device *dev)
722 {
723         return 0;
724 }
725 
726 static const struct net_device_ops reg_vif_netdev_ops = {
727         .ndo_start_xmit = reg_vif_xmit,
728         .ndo_get_iflink = reg_vif_get_iflink,
729 };
730 
731 static void reg_vif_setup(struct net_device *dev)
732 {
733         dev->type               = ARPHRD_PIMREG;
734         dev->mtu                = 1500 - sizeof(struct ipv6hdr) - 8;
735         dev->flags              = IFF_NOARP;
736         dev->netdev_ops         = &reg_vif_netdev_ops;
737         dev->destructor         = free_netdev;
738         dev->features           |= NETIF_F_NETNS_LOCAL;
739 }
740 
741 static struct net_device *ip6mr_reg_vif(struct net *net, struct mr6_table *mrt)
742 {
743         struct net_device *dev;
744         char name[IFNAMSIZ];
745 
746         if (mrt->id == RT6_TABLE_DFLT)
747                 sprintf(name, "pim6reg");
748         else
749                 sprintf(name, "pim6reg%u", mrt->id);
750 
751         dev = alloc_netdev(0, name, NET_NAME_UNKNOWN, reg_vif_setup);
752         if (!dev)
753                 return NULL;
754 
755         dev_net_set(dev, net);
756 
757         if (register_netdevice(dev)) {
758                 free_netdev(dev);
759                 return NULL;
760         }
761 
762         if (dev_open(dev))
763                 goto failure;
764 
765         dev_hold(dev);
766         return dev;
767 
768 failure:
769         /* allow the register to be completed before unregistering. */
770         rtnl_unlock();
771         rtnl_lock();
772 
773         unregister_netdevice(dev);
774         return NULL;
775 }
776 #endif
777 
778 /*
779  *      Delete a VIF entry
780  */
781 
782 static int mif6_delete(struct mr6_table *mrt, int vifi, struct list_head *head)
783 {
784         struct mif_device *v;
785         struct net_device *dev;
786         struct inet6_dev *in6_dev;
787 
788         if (vifi < 0 || vifi >= mrt->maxvif)
789                 return -EADDRNOTAVAIL;
790 
791         v = &mrt->vif6_table[vifi];
792 
793         write_lock_bh(&mrt_lock);
794         dev = v->dev;
795         v->dev = NULL;
796 
797         if (!dev) {
798                 write_unlock_bh(&mrt_lock);
799                 return -EADDRNOTAVAIL;
800         }
801 
802 #ifdef CONFIG_IPV6_PIMSM_V2
803         if (vifi == mrt->mroute_reg_vif_num)
804                 mrt->mroute_reg_vif_num = -1;
805 #endif
806 
807         if (vifi + 1 == mrt->maxvif) {
808                 int tmp;
809                 for (tmp = vifi - 1; tmp >= 0; tmp--) {
810                         if (MIF_EXISTS(mrt, tmp))
811                                 break;
812                 }
813                 mrt->maxvif = tmp + 1;
814         }
815 
816         write_unlock_bh(&mrt_lock);
817 
818         dev_set_allmulti(dev, -1);
819 
820         in6_dev = __in6_dev_get(dev);
821         if (in6_dev) {
822                 in6_dev->cnf.mc_forwarding--;
823                 inet6_netconf_notify_devconf(dev_net(dev),
824                                              NETCONFA_MC_FORWARDING,
825                                              dev->ifindex, &in6_dev->cnf);
826         }
827 
828         if (v->flags & MIFF_REGISTER)
829                 unregister_netdevice_queue(dev, head);
830 
831         dev_put(dev);
832         return 0;
833 }
834 
835 static inline void ip6mr_cache_free(struct mfc6_cache *c)
836 {
837         kmem_cache_free(mrt_cachep, c);
838 }
839 
840 /* Destroy an unresolved cache entry, killing queued skbs
841    and reporting error to netlink readers.
842  */
843 
844 static void ip6mr_destroy_unres(struct mr6_table *mrt, struct mfc6_cache *c)
845 {
846         struct net *net = read_pnet(&mrt->net);
847         struct sk_buff *skb;
848 
849         atomic_dec(&mrt->cache_resolve_queue_len);
850 
851         while ((skb = skb_dequeue(&c->mfc_un.unres.unresolved)) != NULL) {
852                 if (ipv6_hdr(skb)->version == 0) {
853                         struct nlmsghdr *nlh = (struct nlmsghdr *)skb_pull(skb, sizeof(struct ipv6hdr));
854                         nlh->nlmsg_type = NLMSG_ERROR;
855                         nlh->nlmsg_len = nlmsg_msg_size(sizeof(struct nlmsgerr));
856                         skb_trim(skb, nlh->nlmsg_len);
857                         ((struct nlmsgerr *)nlmsg_data(nlh))->error = -ETIMEDOUT;
858                         rtnl_unicast(skb, net, NETLINK_CB(skb).portid);
859                 } else
860                         kfree_skb(skb);
861         }
862 
863         ip6mr_cache_free(c);
864 }
865 
866 
867 /* Timer process for all the unresolved queue. */
868 
869 static void ipmr_do_expire_process(struct mr6_table *mrt)
870 {
871         unsigned long now = jiffies;
872         unsigned long expires = 10 * HZ;
873         struct mfc6_cache *c, *next;
874 
875         list_for_each_entry_safe(c, next, &mrt->mfc6_unres_queue, list) {
876                 if (time_after(c->mfc_un.unres.expires, now)) {
877                         /* not yet... */
878                         unsigned long interval = c->mfc_un.unres.expires - now;
879                         if (interval < expires)
880                                 expires = interval;
881                         continue;
882                 }
883 
884                 list_del(&c->list);
885                 mr6_netlink_event(mrt, c, RTM_DELROUTE);
886                 ip6mr_destroy_unres(mrt, c);
887         }
888 
889         if (!list_empty(&mrt->mfc6_unres_queue))
890                 mod_timer(&mrt->ipmr_expire_timer, jiffies + expires);
891 }
892 
893 static void ipmr_expire_process(unsigned long arg)
894 {
895         struct mr6_table *mrt = (struct mr6_table *)arg;
896 
897         if (!spin_trylock(&mfc_unres_lock)) {
898                 mod_timer(&mrt->ipmr_expire_timer, jiffies + 1);
899                 return;
900         }
901 
902         if (!list_empty(&mrt->mfc6_unres_queue))
903                 ipmr_do_expire_process(mrt);
904 
905         spin_unlock(&mfc_unres_lock);
906 }
907 
908 /* Fill oifs list. It is called under write locked mrt_lock. */
909 
910 static void ip6mr_update_thresholds(struct mr6_table *mrt, struct mfc6_cache *cache,
911                                     unsigned char *ttls)
912 {
913         int vifi;
914 
915         cache->mfc_un.res.minvif = MAXMIFS;
916         cache->mfc_un.res.maxvif = 0;
917         memset(cache->mfc_un.res.ttls, 255, MAXMIFS);
918 
919         for (vifi = 0; vifi < mrt->maxvif; vifi++) {
920                 if (MIF_EXISTS(mrt, vifi) &&
921                     ttls[vifi] && ttls[vifi] < 255) {
922                         cache->mfc_un.res.ttls[vifi] = ttls[vifi];
923                         if (cache->mfc_un.res.minvif > vifi)
924                                 cache->mfc_un.res.minvif = vifi;
925                         if (cache->mfc_un.res.maxvif <= vifi)
926                                 cache->mfc_un.res.maxvif = vifi + 1;
927                 }
928         }
929 }
930 
931 static int mif6_add(struct net *net, struct mr6_table *mrt,
932                     struct mif6ctl *vifc, int mrtsock)
933 {
934         int vifi = vifc->mif6c_mifi;
935         struct mif_device *v = &mrt->vif6_table[vifi];
936         struct net_device *dev;
937         struct inet6_dev *in6_dev;
938         int err;
939 
940         /* Is vif busy ? */
941         if (MIF_EXISTS(mrt, vifi))
942                 return -EADDRINUSE;
943 
944         switch (vifc->mif6c_flags) {
945 #ifdef CONFIG_IPV6_PIMSM_V2
946         case MIFF_REGISTER:
947                 /*
948                  * Special Purpose VIF in PIM
949                  * All the packets will be sent to the daemon
950                  */
951                 if (mrt->mroute_reg_vif_num >= 0)
952                         return -EADDRINUSE;
953                 dev = ip6mr_reg_vif(net, mrt);
954                 if (!dev)
955                         return -ENOBUFS;
956                 err = dev_set_allmulti(dev, 1);
957                 if (err) {
958                         unregister_netdevice(dev);
959                         dev_put(dev);
960                         return err;
961                 }
962                 break;
963 #endif
964         case 0:
965                 dev = dev_get_by_index(net, vifc->mif6c_pifi);
966                 if (!dev)
967                         return -EADDRNOTAVAIL;
968                 err = dev_set_allmulti(dev, 1);
969                 if (err) {
970                         dev_put(dev);
971                         return err;
972                 }
973                 break;
974         default:
975                 return -EINVAL;
976         }
977 
978         in6_dev = __in6_dev_get(dev);
979         if (in6_dev) {
980                 in6_dev->cnf.mc_forwarding++;
981                 inet6_netconf_notify_devconf(dev_net(dev),
982                                              NETCONFA_MC_FORWARDING,
983                                              dev->ifindex, &in6_dev->cnf);
984         }
985 
986         /*
987          *      Fill in the VIF structures
988          */
989         v->rate_limit = vifc->vifc_rate_limit;
990         v->flags = vifc->mif6c_flags;
991         if (!mrtsock)
992                 v->flags |= VIFF_STATIC;
993         v->threshold = vifc->vifc_threshold;
994         v->bytes_in = 0;
995         v->bytes_out = 0;
996         v->pkt_in = 0;
997         v->pkt_out = 0;
998         v->link = dev->ifindex;
999         if (v->flags & MIFF_REGISTER)
1000                 v->link = dev_get_iflink(dev);
1001 
1002         /* And finish update writing critical data */
1003         write_lock_bh(&mrt_lock);
1004         v->dev = dev;
1005 #ifdef CONFIG_IPV6_PIMSM_V2
1006         if (v->flags & MIFF_REGISTER)
1007                 mrt->mroute_reg_vif_num = vifi;
1008 #endif
1009         if (vifi + 1 > mrt->maxvif)
1010                 mrt->maxvif = vifi + 1;
1011         write_unlock_bh(&mrt_lock);
1012         return 0;
1013 }
1014 
1015 static struct mfc6_cache *ip6mr_cache_find(struct mr6_table *mrt,
1016                                            const struct in6_addr *origin,
1017                                            const struct in6_addr *mcastgrp)
1018 {
1019         int line = MFC6_HASH(mcastgrp, origin);
1020         struct mfc6_cache *c;
1021 
1022         list_for_each_entry(c, &mrt->mfc6_cache_array[line], list) {
1023                 if (ipv6_addr_equal(&c->mf6c_origin, origin) &&
1024                     ipv6_addr_equal(&c->mf6c_mcastgrp, mcastgrp))
1025                         return c;
1026         }
1027         return NULL;
1028 }
1029 
1030 /* Look for a (*,*,oif) entry */
1031 static struct mfc6_cache *ip6mr_cache_find_any_parent(struct mr6_table *mrt,
1032                                                       mifi_t mifi)
1033 {
1034         int line = MFC6_HASH(&in6addr_any, &in6addr_any);
1035         struct mfc6_cache *c;
1036 
1037         list_for_each_entry(c, &mrt->mfc6_cache_array[line], list)
1038                 if (ipv6_addr_any(&c->mf6c_origin) &&
1039                     ipv6_addr_any(&c->mf6c_mcastgrp) &&
1040                     (c->mfc_un.res.ttls[mifi] < 255))
1041                         return c;
1042 
1043         return NULL;
1044 }
1045 
1046 /* Look for a (*,G) entry */
1047 static struct mfc6_cache *ip6mr_cache_find_any(struct mr6_table *mrt,
1048                                                struct in6_addr *mcastgrp,
1049                                                mifi_t mifi)
1050 {
1051         int line = MFC6_HASH(mcastgrp, &in6addr_any);
1052         struct mfc6_cache *c, *proxy;
1053 
1054         if (ipv6_addr_any(mcastgrp))
1055                 goto skip;
1056 
1057         list_for_each_entry(c, &mrt->mfc6_cache_array[line], list)
1058                 if (ipv6_addr_any(&c->mf6c_origin) &&
1059                     ipv6_addr_equal(&c->mf6c_mcastgrp, mcastgrp)) {
1060                         if (c->mfc_un.res.ttls[mifi] < 255)
1061                                 return c;
1062 
1063                         /* It's ok if the mifi is part of the static tree */
1064                         proxy = ip6mr_cache_find_any_parent(mrt,
1065                                                             c->mf6c_parent);
1066                         if (proxy && proxy->mfc_un.res.ttls[mifi] < 255)
1067                                 return c;
1068                 }
1069 
1070 skip:
1071         return ip6mr_cache_find_any_parent(mrt, mifi);
1072 }
1073 
1074 /*
1075  *      Allocate a multicast cache entry
1076  */
1077 static struct mfc6_cache *ip6mr_cache_alloc(void)
1078 {
1079         struct mfc6_cache *c = kmem_cache_zalloc(mrt_cachep, GFP_KERNEL);
1080         if (!c)
1081                 return NULL;
1082         c->mfc_un.res.minvif = MAXMIFS;
1083         return c;
1084 }
1085 
1086 static struct mfc6_cache *ip6mr_cache_alloc_unres(void)
1087 {
1088         struct mfc6_cache *c = kmem_cache_zalloc(mrt_cachep, GFP_ATOMIC);
1089         if (!c)
1090                 return NULL;
1091         skb_queue_head_init(&c->mfc_un.unres.unresolved);
1092         c->mfc_un.unres.expires = jiffies + 10 * HZ;
1093         return c;
1094 }
1095 
1096 /*
1097  *      A cache entry has gone into a resolved state from queued
1098  */
1099 
1100 static void ip6mr_cache_resolve(struct net *net, struct mr6_table *mrt,
1101                                 struct mfc6_cache *uc, struct mfc6_cache *c)
1102 {
1103         struct sk_buff *skb;
1104 
1105         /*
1106          *      Play the pending entries through our router
1107          */
1108 
1109         while ((skb = __skb_dequeue(&uc->mfc_un.unres.unresolved))) {
1110                 if (ipv6_hdr(skb)->version == 0) {
1111                         struct nlmsghdr *nlh = (struct nlmsghdr *)skb_pull(skb, sizeof(struct ipv6hdr));
1112 
1113                         if (__ip6mr_fill_mroute(mrt, skb, c, nlmsg_data(nlh)) > 0) {
1114                                 nlh->nlmsg_len = skb_tail_pointer(skb) - (u8 *)nlh;
1115                         } else {
1116                                 nlh->nlmsg_type = NLMSG_ERROR;
1117                                 nlh->nlmsg_len = nlmsg_msg_size(sizeof(struct nlmsgerr));
1118                                 skb_trim(skb, nlh->nlmsg_len);
1119                                 ((struct nlmsgerr *)nlmsg_data(nlh))->error = -EMSGSIZE;
1120                         }
1121                         rtnl_unicast(skb, net, NETLINK_CB(skb).portid);
1122                 } else
1123                         ip6_mr_forward(net, mrt, skb, c);
1124         }
1125 }
1126 
1127 /*
1128  *      Bounce a cache query up to pim6sd. We could use netlink for this but pim6sd
1129  *      expects the following bizarre scheme.
1130  *
1131  *      Called under mrt_lock.
1132  */
1133 
1134 static int ip6mr_cache_report(struct mr6_table *mrt, struct sk_buff *pkt,
1135                               mifi_t mifi, int assert)
1136 {
1137         struct sk_buff *skb;
1138         struct mrt6msg *msg;
1139         int ret;
1140 
1141 #ifdef CONFIG_IPV6_PIMSM_V2
1142         if (assert == MRT6MSG_WHOLEPKT)
1143                 skb = skb_realloc_headroom(pkt, -skb_network_offset(pkt)
1144                                                 +sizeof(*msg));
1145         else
1146 #endif
1147                 skb = alloc_skb(sizeof(struct ipv6hdr) + sizeof(*msg), GFP_ATOMIC);
1148 
1149         if (!skb)
1150                 return -ENOBUFS;
1151 
1152         /* I suppose that internal messages
1153          * do not require checksums */
1154 
1155         skb->ip_summed = CHECKSUM_UNNECESSARY;
1156 
1157 #ifdef CONFIG_IPV6_PIMSM_V2
1158         if (assert == MRT6MSG_WHOLEPKT) {
1159                 /* Ugly, but we have no choice with this interface.
1160                    Duplicate old header, fix length etc.
1161                    And all this only to mangle msg->im6_msgtype and
1162                    to set msg->im6_mbz to "mbz" :-)
1163                  */
1164                 skb_push(skb, -skb_network_offset(pkt));
1165 
1166                 skb_push(skb, sizeof(*msg));
1167                 skb_reset_transport_header(skb);
1168                 msg = (struct mrt6msg *)skb_transport_header(skb);
1169                 msg->im6_mbz = 0;
1170                 msg->im6_msgtype = MRT6MSG_WHOLEPKT;
1171                 msg->im6_mif = mrt->mroute_reg_vif_num;
1172                 msg->im6_pad = 0;
1173                 msg->im6_src = ipv6_hdr(pkt)->saddr;
1174                 msg->im6_dst = ipv6_hdr(pkt)->daddr;
1175 
1176                 skb->ip_summed = CHECKSUM_UNNECESSARY;
1177         } else
1178 #endif
1179         {
1180         /*
1181          *      Copy the IP header
1182          */
1183 
1184         skb_put(skb, sizeof(struct ipv6hdr));
1185         skb_reset_network_header(skb);
1186         skb_copy_to_linear_data(skb, ipv6_hdr(pkt), sizeof(struct ipv6hdr));
1187 
1188         /*
1189          *      Add our header
1190          */
1191         skb_put(skb, sizeof(*msg));
1192         skb_reset_transport_header(skb);
1193         msg = (struct mrt6msg *)skb_transport_header(skb);
1194 
1195         msg->im6_mbz = 0;
1196         msg->im6_msgtype = assert;
1197         msg->im6_mif = mifi;
1198         msg->im6_pad = 0;
1199         msg->im6_src = ipv6_hdr(pkt)->saddr;
1200         msg->im6_dst = ipv6_hdr(pkt)->daddr;
1201 
1202         skb_dst_set(skb, dst_clone(skb_dst(pkt)));
1203         skb->ip_summed = CHECKSUM_UNNECESSARY;
1204         }
1205 
1206         if (!mrt->mroute6_sk) {
1207                 kfree_skb(skb);
1208                 return -EINVAL;
1209         }
1210 
1211         /*
1212          *      Deliver to user space multicast routing algorithms
1213          */
1214         ret = sock_queue_rcv_skb(mrt->mroute6_sk, skb);
1215         if (ret < 0) {
1216                 net_warn_ratelimited("mroute6: pending queue full, dropping entries\n");
1217                 kfree_skb(skb);
1218         }
1219 
1220         return ret;
1221 }
1222 
1223 /*
1224  *      Queue a packet for resolution. It gets locked cache entry!
1225  */
1226 
1227 static int
1228 ip6mr_cache_unresolved(struct mr6_table *mrt, mifi_t mifi, struct sk_buff *skb)
1229 {
1230         bool found = false;
1231         int err;
1232         struct mfc6_cache *c;
1233 
1234         spin_lock_bh(&mfc_unres_lock);
1235         list_for_each_entry(c, &mrt->mfc6_unres_queue, list) {
1236                 if (ipv6_addr_equal(&c->mf6c_mcastgrp, &ipv6_hdr(skb)->daddr) &&
1237                     ipv6_addr_equal(&c->mf6c_origin, &ipv6_hdr(skb)->saddr)) {
1238                         found = true;
1239                         break;
1240                 }
1241         }
1242 
1243         if (!found) {
1244                 /*
1245                  *      Create a new entry if allowable
1246                  */
1247 
1248                 if (atomic_read(&mrt->cache_resolve_queue_len) >= 10 ||
1249                     (c = ip6mr_cache_alloc_unres()) == NULL) {
1250                         spin_unlock_bh(&mfc_unres_lock);
1251 
1252                         kfree_skb(skb);
1253                         return -ENOBUFS;
1254                 }
1255 
1256                 /*
1257                  *      Fill in the new cache entry
1258                  */
1259                 c->mf6c_parent = -1;
1260                 c->mf6c_origin = ipv6_hdr(skb)->saddr;
1261                 c->mf6c_mcastgrp = ipv6_hdr(skb)->daddr;
1262 
1263                 /*
1264                  *      Reflect first query at pim6sd
1265                  */
1266                 err = ip6mr_cache_report(mrt, skb, mifi, MRT6MSG_NOCACHE);
1267                 if (err < 0) {
1268                         /* If the report failed throw the cache entry
1269                            out - Brad Parker
1270                          */
1271                         spin_unlock_bh(&mfc_unres_lock);
1272 
1273                         ip6mr_cache_free(c);
1274                         kfree_skb(skb);
1275                         return err;
1276                 }
1277 
1278                 atomic_inc(&mrt->cache_resolve_queue_len);
1279                 list_add(&c->list, &mrt->mfc6_unres_queue);
1280                 mr6_netlink_event(mrt, c, RTM_NEWROUTE);
1281 
1282                 ipmr_do_expire_process(mrt);
1283         }
1284 
1285         /*
1286          *      See if we can append the packet
1287          */
1288         if (c->mfc_un.unres.unresolved.qlen > 3) {
1289                 kfree_skb(skb);
1290                 err = -ENOBUFS;
1291         } else {
1292                 skb_queue_tail(&c->mfc_un.unres.unresolved, skb);
1293                 err = 0;
1294         }
1295 
1296         spin_unlock_bh(&mfc_unres_lock);
1297         return err;
1298 }
1299 
1300 /*
1301  *      MFC6 cache manipulation by user space
1302  */
1303 
1304 static int ip6mr_mfc_delete(struct mr6_table *mrt, struct mf6cctl *mfc,
1305                             int parent)
1306 {
1307         int line;
1308         struct mfc6_cache *c, *next;
1309 
1310         line = MFC6_HASH(&mfc->mf6cc_mcastgrp.sin6_addr, &mfc->mf6cc_origin.sin6_addr);
1311 
1312         list_for_each_entry_safe(c, next, &mrt->mfc6_cache_array[line], list) {
1313                 if (ipv6_addr_equal(&c->mf6c_origin, &mfc->mf6cc_origin.sin6_addr) &&
1314                     ipv6_addr_equal(&c->mf6c_mcastgrp,
1315                                     &mfc->mf6cc_mcastgrp.sin6_addr) &&
1316                     (parent == -1 || parent == c->mf6c_parent)) {
1317                         write_lock_bh(&mrt_lock);
1318                         list_del(&c->list);
1319                         write_unlock_bh(&mrt_lock);
1320 
1321                         mr6_netlink_event(mrt, c, RTM_DELROUTE);
1322                         ip6mr_cache_free(c);
1323                         return 0;
1324                 }
1325         }
1326         return -ENOENT;
1327 }
1328 
1329 static int ip6mr_device_event(struct notifier_block *this,
1330                               unsigned long event, void *ptr)
1331 {
1332         struct net_device *dev = netdev_notifier_info_to_dev(ptr);
1333         struct net *net = dev_net(dev);
1334         struct mr6_table *mrt;
1335         struct mif_device *v;
1336         int ct;
1337         LIST_HEAD(list);
1338 
1339         if (event != NETDEV_UNREGISTER)
1340                 return NOTIFY_DONE;
1341 
1342         ip6mr_for_each_table(mrt, net) {
1343                 v = &mrt->vif6_table[0];
1344                 for (ct = 0; ct < mrt->maxvif; ct++, v++) {
1345                         if (v->dev == dev)
1346                                 mif6_delete(mrt, ct, &list);
1347                 }
1348         }
1349         unregister_netdevice_many(&list);
1350 
1351         return NOTIFY_DONE;
1352 }
1353 
1354 static struct notifier_block ip6_mr_notifier = {
1355         .notifier_call = ip6mr_device_event
1356 };
1357 
1358 /*
1359  *      Setup for IP multicast routing
1360  */
1361 
1362 static int __net_init ip6mr_net_init(struct net *net)
1363 {
1364         int err;
1365 
1366         err = ip6mr_rules_init(net);
1367         if (err < 0)
1368                 goto fail;
1369 
1370 #ifdef CONFIG_PROC_FS
1371         err = -ENOMEM;
1372         if (!proc_create("ip6_mr_vif", 0, net->proc_net, &ip6mr_vif_fops))
1373                 goto proc_vif_fail;
1374         if (!proc_create("ip6_mr_cache", 0, net->proc_net, &ip6mr_mfc_fops))
1375                 goto proc_cache_fail;
1376 #endif
1377 
1378         return 0;
1379 
1380 #ifdef CONFIG_PROC_FS
1381 proc_cache_fail:
1382         remove_proc_entry("ip6_mr_vif", net->proc_net);
1383 proc_vif_fail:
1384         ip6mr_rules_exit(net);
1385 #endif
1386 fail:
1387         return err;
1388 }
1389 
1390 static void __net_exit ip6mr_net_exit(struct net *net)
1391 {
1392 #ifdef CONFIG_PROC_FS
1393         remove_proc_entry("ip6_mr_cache", net->proc_net);
1394         remove_proc_entry("ip6_mr_vif", net->proc_net);
1395 #endif
1396         ip6mr_rules_exit(net);
1397 }
1398 
1399 static struct pernet_operations ip6mr_net_ops = {
1400         .init = ip6mr_net_init,
1401         .exit = ip6mr_net_exit,
1402 };
1403 
1404 int __init ip6_mr_init(void)
1405 {
1406         int err;
1407 
1408         mrt_cachep = kmem_cache_create("ip6_mrt_cache",
1409                                        sizeof(struct mfc6_cache),
1410                                        0, SLAB_HWCACHE_ALIGN,
1411                                        NULL);
1412         if (!mrt_cachep)
1413                 return -ENOMEM;
1414 
1415         err = register_pernet_subsys(&ip6mr_net_ops);
1416         if (err)
1417                 goto reg_pernet_fail;
1418 
1419         err = register_netdevice_notifier(&ip6_mr_notifier);
1420         if (err)
1421                 goto reg_notif_fail;
1422 #ifdef CONFIG_IPV6_PIMSM_V2
1423         if (inet6_add_protocol(&pim6_protocol, IPPROTO_PIM) < 0) {
1424                 pr_err("%s: can't add PIM protocol\n", __func__);
1425                 err = -EAGAIN;
1426                 goto add_proto_fail;
1427         }
1428 #endif
1429         rtnl_register(RTNL_FAMILY_IP6MR, RTM_GETROUTE, NULL,
1430                       ip6mr_rtm_dumproute, NULL);
1431         return 0;
1432 #ifdef CONFIG_IPV6_PIMSM_V2
1433 add_proto_fail:
1434         unregister_netdevice_notifier(&ip6_mr_notifier);
1435 #endif
1436 reg_notif_fail:
1437         unregister_pernet_subsys(&ip6mr_net_ops);
1438 reg_pernet_fail:
1439         kmem_cache_destroy(mrt_cachep);
1440         return err;
1441 }
1442 
1443 void ip6_mr_cleanup(void)
1444 {
1445         rtnl_unregister(RTNL_FAMILY_IP6MR, RTM_GETROUTE);
1446 #ifdef CONFIG_IPV6_PIMSM_V2
1447         inet6_del_protocol(&pim6_protocol, IPPROTO_PIM);
1448 #endif
1449         unregister_netdevice_notifier(&ip6_mr_notifier);
1450         unregister_pernet_subsys(&ip6mr_net_ops);
1451         kmem_cache_destroy(mrt_cachep);
1452 }
1453 
1454 static int ip6mr_mfc_add(struct net *net, struct mr6_table *mrt,
1455                          struct mf6cctl *mfc, int mrtsock, int parent)
1456 {
1457         bool found = false;
1458         int line;
1459         struct mfc6_cache *uc, *c;
1460         unsigned char ttls[MAXMIFS];
1461         int i;
1462 
1463         if (mfc->mf6cc_parent >= MAXMIFS)
1464                 return -ENFILE;
1465 
1466         memset(ttls, 255, MAXMIFS);
1467         for (i = 0; i < MAXMIFS; i++) {
1468                 if (IF_ISSET(i, &mfc->mf6cc_ifset))
1469                         ttls[i] = 1;
1470 
1471         }
1472 
1473         line = MFC6_HASH(&mfc->mf6cc_mcastgrp.sin6_addr, &mfc->mf6cc_origin.sin6_addr);
1474 
1475         list_for_each_entry(c, &mrt->mfc6_cache_array[line], list) {
1476                 if (ipv6_addr_equal(&c->mf6c_origin, &mfc->mf6cc_origin.sin6_addr) &&
1477                     ipv6_addr_equal(&c->mf6c_mcastgrp,
1478                                     &mfc->mf6cc_mcastgrp.sin6_addr) &&
1479                     (parent == -1 || parent == mfc->mf6cc_parent)) {
1480                         found = true;
1481                         break;
1482                 }
1483         }
1484 
1485         if (found) {
1486                 write_lock_bh(&mrt_lock);
1487                 c->mf6c_parent = mfc->mf6cc_parent;
1488                 ip6mr_update_thresholds(mrt, c, ttls);
1489                 if (!mrtsock)
1490                         c->mfc_flags |= MFC_STATIC;
1491                 write_unlock_bh(&mrt_lock);
1492                 mr6_netlink_event(mrt, c, RTM_NEWROUTE);
1493                 return 0;
1494         }
1495 
1496         if (!ipv6_addr_any(&mfc->mf6cc_mcastgrp.sin6_addr) &&
1497             !ipv6_addr_is_multicast(&mfc->mf6cc_mcastgrp.sin6_addr))
1498                 return -EINVAL;
1499 
1500         c = ip6mr_cache_alloc();
1501         if (!c)
1502                 return -ENOMEM;
1503 
1504         c->mf6c_origin = mfc->mf6cc_origin.sin6_addr;
1505         c->mf6c_mcastgrp = mfc->mf6cc_mcastgrp.sin6_addr;
1506         c->mf6c_parent = mfc->mf6cc_parent;
1507         ip6mr_update_thresholds(mrt, c, ttls);
1508         if (!mrtsock)
1509                 c->mfc_flags |= MFC_STATIC;
1510 
1511         write_lock_bh(&mrt_lock);
1512         list_add(&c->list, &mrt->mfc6_cache_array[line]);
1513         write_unlock_bh(&mrt_lock);
1514 
1515         /*
1516          *      Check to see if we resolved a queued list. If so we
1517          *      need to send on the frames and tidy up.
1518          */
1519         found = false;
1520         spin_lock_bh(&mfc_unres_lock);
1521         list_for_each_entry(uc, &mrt->mfc6_unres_queue, list) {
1522                 if (ipv6_addr_equal(&uc->mf6c_origin, &c->mf6c_origin) &&
1523                     ipv6_addr_equal(&uc->mf6c_mcastgrp, &c->mf6c_mcastgrp)) {
1524                         list_del(&uc->list);
1525                         atomic_dec(&mrt->cache_resolve_queue_len);
1526                         found = true;
1527                         break;
1528                 }
1529         }
1530         if (list_empty(&mrt->mfc6_unres_queue))
1531                 del_timer(&mrt->ipmr_expire_timer);
1532         spin_unlock_bh(&mfc_unres_lock);
1533 
1534         if (found) {
1535                 ip6mr_cache_resolve(net, mrt, uc, c);
1536                 ip6mr_cache_free(uc);
1537         }
1538         mr6_netlink_event(mrt, c, RTM_NEWROUTE);
1539         return 0;
1540 }
1541 
1542 /*
1543  *      Close the multicast socket, and clear the vif tables etc
1544  */
1545 
1546 static void mroute_clean_tables(struct mr6_table *mrt)
1547 {
1548         int i;
1549         LIST_HEAD(list);
1550         struct mfc6_cache *c, *next;
1551 
1552         /*
1553          *      Shut down all active vif entries
1554          */
1555         for (i = 0; i < mrt->maxvif; i++) {
1556                 if (!(mrt->vif6_table[i].flags & VIFF_STATIC))
1557                         mif6_delete(mrt, i, &list);
1558         }
1559         unregister_netdevice_many(&list);
1560 
1561         /*
1562          *      Wipe the cache
1563          */
1564         for (i = 0; i < MFC6_LINES; i++) {
1565                 list_for_each_entry_safe(c, next, &mrt->mfc6_cache_array[i], list) {
1566                         if (c->mfc_flags & MFC_STATIC)
1567                                 continue;
1568                         write_lock_bh(&mrt_lock);
1569                         list_del(&c->list);
1570                         write_unlock_bh(&mrt_lock);
1571 
1572                         mr6_netlink_event(mrt, c, RTM_DELROUTE);
1573                         ip6mr_cache_free(c);
1574                 }
1575         }
1576 
1577         if (atomic_read(&mrt->cache_resolve_queue_len) != 0) {
1578                 spin_lock_bh(&mfc_unres_lock);
1579                 list_for_each_entry_safe(c, next, &mrt->mfc6_unres_queue, list) {
1580                         list_del(&c->list);
1581                         mr6_netlink_event(mrt, c, RTM_DELROUTE);
1582                         ip6mr_destroy_unres(mrt, c);
1583                 }
1584                 spin_unlock_bh(&mfc_unres_lock);
1585         }
1586 }
1587 
1588 static int ip6mr_sk_init(struct mr6_table *mrt, struct sock *sk)
1589 {
1590         int err = 0;
1591         struct net *net = sock_net(sk);
1592 
1593         rtnl_lock();
1594         write_lock_bh(&mrt_lock);
1595         if (likely(mrt->mroute6_sk == NULL)) {
1596                 mrt->mroute6_sk = sk;
1597                 net->ipv6.devconf_all->mc_forwarding++;
1598                 inet6_netconf_notify_devconf(net, NETCONFA_MC_FORWARDING,
1599                                              NETCONFA_IFINDEX_ALL,
1600                                              net->ipv6.devconf_all);
1601         }
1602         else
1603                 err = -EADDRINUSE;
1604         write_unlock_bh(&mrt_lock);
1605 
1606         rtnl_unlock();
1607 
1608         return err;
1609 }
1610 
1611 int ip6mr_sk_done(struct sock *sk)
1612 {
1613         int err = -EACCES;
1614         struct net *net = sock_net(sk);
1615         struct mr6_table *mrt;
1616 
1617         rtnl_lock();
1618         ip6mr_for_each_table(mrt, net) {
1619                 if (sk == mrt->mroute6_sk) {
1620                         write_lock_bh(&mrt_lock);
1621                         mrt->mroute6_sk = NULL;
1622                         net->ipv6.devconf_all->mc_forwarding--;
1623                         inet6_netconf_notify_devconf(net,
1624                                                      NETCONFA_MC_FORWARDING,
1625                                                      NETCONFA_IFINDEX_ALL,
1626                                                      net->ipv6.devconf_all);
1627                         write_unlock_bh(&mrt_lock);
1628 
1629                         mroute_clean_tables(mrt);
1630                         err = 0;
1631                         break;
1632                 }
1633         }
1634         rtnl_unlock();
1635 
1636         return err;
1637 }
1638 
1639 struct sock *mroute6_socket(struct net *net, struct sk_buff *skb)
1640 {
1641         struct mr6_table *mrt;
1642         struct flowi6 fl6 = {
1643                 .flowi6_iif     = skb->skb_iif ? : LOOPBACK_IFINDEX,
1644                 .flowi6_oif     = skb->dev->ifindex,
1645                 .flowi6_mark    = skb->mark,
1646         };
1647 
1648         if (ip6mr_fib_lookup(net, &fl6, &mrt) < 0)
1649                 return NULL;
1650 
1651         return mrt->mroute6_sk;
1652 }
1653 
1654 /*
1655  *      Socket options and virtual interface manipulation. The whole
1656  *      virtual interface system is a complete heap, but unfortunately
1657  *      that's how BSD mrouted happens to think. Maybe one day with a proper
1658  *      MOSPF/PIM router set up we can clean this up.
1659  */
1660 
1661 int ip6_mroute_setsockopt(struct sock *sk, int optname, char __user *optval, unsigned int optlen)
1662 {
1663         int ret, parent = 0;
1664         struct mif6ctl vif;
1665         struct mf6cctl mfc;
1666         mifi_t mifi;
1667         struct net *net = sock_net(sk);
1668         struct mr6_table *mrt;
1669 
1670         mrt = ip6mr_get_table(net, raw6_sk(sk)->ip6mr_table ? : RT6_TABLE_DFLT);
1671         if (!mrt)
1672                 return -ENOENT;
1673 
1674         if (optname != MRT6_INIT) {
1675                 if (sk != mrt->mroute6_sk && !ns_capable(net->user_ns, CAP_NET_ADMIN))
1676                         return -EACCES;
1677         }
1678 
1679         switch (optname) {
1680         case MRT6_INIT:
1681                 if (sk->sk_type != SOCK_RAW ||
1682                     inet_sk(sk)->inet_num != IPPROTO_ICMPV6)
1683                         return -EOPNOTSUPP;
1684                 if (optlen < sizeof(int))
1685                         return -EINVAL;
1686 
1687                 return ip6mr_sk_init(mrt, sk);
1688 
1689         case MRT6_DONE:
1690                 return ip6mr_sk_done(sk);
1691 
1692         case MRT6_ADD_MIF:
1693                 if (optlen < sizeof(vif))
1694                         return -EINVAL;
1695                 if (copy_from_user(&vif, optval, sizeof(vif)))
1696                         return -EFAULT;
1697                 if (vif.mif6c_mifi >= MAXMIFS)
1698                         return -ENFILE;
1699                 rtnl_lock();
1700                 ret = mif6_add(net, mrt, &vif, sk == mrt->mroute6_sk);
1701                 rtnl_unlock();
1702                 return ret;
1703 
1704         case MRT6_DEL_MIF:
1705                 if (optlen < sizeof(mifi_t))
1706                         return -EINVAL;
1707                 if (copy_from_user(&mifi, optval, sizeof(mifi_t)))
1708                         return -EFAULT;
1709                 rtnl_lock();
1710                 ret = mif6_delete(mrt, mifi, NULL);
1711                 rtnl_unlock();
1712                 return ret;
1713 
1714         /*
1715          *      Manipulate the forwarding caches. These live
1716          *      in a sort of kernel/user symbiosis.
1717          */
1718         case MRT6_ADD_MFC:
1719         case MRT6_DEL_MFC:
1720                 parent = -1;
1721         case MRT6_ADD_MFC_PROXY:
1722         case MRT6_DEL_MFC_PROXY:
1723                 if (optlen < sizeof(mfc))
1724                         return -EINVAL;
1725                 if (copy_from_user(&mfc, optval, sizeof(mfc)))
1726                         return -EFAULT;
1727                 if (parent == 0)
1728                         parent = mfc.mf6cc_parent;
1729                 rtnl_lock();
1730                 if (optname == MRT6_DEL_MFC || optname == MRT6_DEL_MFC_PROXY)
1731                         ret = ip6mr_mfc_delete(mrt, &mfc, parent);
1732                 else
1733                         ret = ip6mr_mfc_add(net, mrt, &mfc,
1734                                             sk == mrt->mroute6_sk, parent);
1735                 rtnl_unlock();
1736                 return ret;
1737 
1738         /*
1739          *      Control PIM assert (to activate pim will activate assert)
1740          */
1741         case MRT6_ASSERT:
1742         {
1743                 int v;
1744 
1745                 if (optlen != sizeof(v))
1746                         return -EINVAL;
1747                 if (get_user(v, (int __user *)optval))
1748                         return -EFAULT;
1749                 mrt->mroute_do_assert = v;
1750                 return 0;
1751         }
1752 
1753 #ifdef CONFIG_IPV6_PIMSM_V2
1754         case MRT6_PIM:
1755         {
1756                 int v;
1757 
1758                 if (optlen != sizeof(v))
1759                         return -EINVAL;
1760                 if (get_user(v, (int __user *)optval))
1761                         return -EFAULT;
1762                 v = !!v;
1763                 rtnl_lock();
1764                 ret = 0;
1765                 if (v != mrt->mroute_do_pim) {
1766                         mrt->mroute_do_pim = v;
1767                         mrt->mroute_do_assert = v;
1768                 }
1769                 rtnl_unlock();
1770                 return ret;
1771         }
1772 
1773 #endif
1774 #ifdef CONFIG_IPV6_MROUTE_MULTIPLE_TABLES
1775         case MRT6_TABLE:
1776         {
1777                 u32 v;
1778 
1779                 if (optlen != sizeof(u32))
1780                         return -EINVAL;
1781                 if (get_user(v, (u32 __user *)optval))
1782                         return -EFAULT;
1783                 /* "pim6reg%u" should not exceed 16 bytes (IFNAMSIZ) */
1784                 if (v != RT_TABLE_DEFAULT && v >= 100000000)
1785                         return -EINVAL;
1786                 if (sk == mrt->mroute6_sk)
1787                         return -EBUSY;
1788 
1789                 rtnl_lock();
1790                 ret = 0;
1791                 if (!ip6mr_new_table(net, v))
1792                         ret = -ENOMEM;
1793                 raw6_sk(sk)->ip6mr_table = v;
1794                 rtnl_unlock();
1795                 return ret;
1796         }
1797 #endif
1798         /*
1799          *      Spurious command, or MRT6_VERSION which you cannot
1800          *      set.
1801          */
1802         default:
1803                 return -ENOPROTOOPT;
1804         }
1805 }
1806 
1807 /*
1808  *      Getsock opt support for the multicast routing system.
1809  */
1810 
1811 int ip6_mroute_getsockopt(struct sock *sk, int optname, char __user *optval,
1812                           int __user *optlen)
1813 {
1814         int olr;
1815         int val;
1816         struct net *net = sock_net(sk);
1817         struct mr6_table *mrt;
1818 
1819         mrt = ip6mr_get_table(net, raw6_sk(sk)->ip6mr_table ? : RT6_TABLE_DFLT);
1820         if (!mrt)
1821                 return -ENOENT;
1822 
1823         switch (optname) {
1824         case MRT6_VERSION:
1825                 val = 0x0305;
1826                 break;
1827 #ifdef CONFIG_IPV6_PIMSM_V2
1828         case MRT6_PIM:
1829                 val = mrt->mroute_do_pim;
1830                 break;
1831 #endif
1832         case MRT6_ASSERT:
1833                 val = mrt->mroute_do_assert;
1834                 break;
1835         default:
1836                 return -ENOPROTOOPT;
1837         }
1838 
1839         if (get_user(olr, optlen))
1840                 return -EFAULT;
1841 
1842         olr = min_t(int, olr, sizeof(int));
1843         if (olr < 0)
1844                 return -EINVAL;
1845 
1846         if (put_user(olr, optlen))
1847                 return -EFAULT;
1848         if (copy_to_user(optval, &val, olr))
1849                 return -EFAULT;
1850         return 0;
1851 }
1852 
1853 /*
1854  *      The IP multicast ioctl support routines.
1855  */
1856 
1857 int ip6mr_ioctl(struct sock *sk, int cmd, void __user *arg)
1858 {
1859         struct sioc_sg_req6 sr;
1860         struct sioc_mif_req6 vr;
1861         struct mif_device *vif;
1862         struct mfc6_cache *c;
1863         struct net *net = sock_net(sk);
1864         struct mr6_table *mrt;
1865 
1866         mrt = ip6mr_get_table(net, raw6_sk(sk)->ip6mr_table ? : RT6_TABLE_DFLT);
1867         if (!mrt)
1868                 return -ENOENT;
1869 
1870         switch (cmd) {
1871         case SIOCGETMIFCNT_IN6:
1872                 if (copy_from_user(&vr, arg, sizeof(vr)))
1873                         return -EFAULT;
1874                 if (vr.mifi >= mrt->maxvif)
1875                         return -EINVAL;
1876                 read_lock(&mrt_lock);
1877                 vif = &mrt->vif6_table[vr.mifi];
1878                 if (MIF_EXISTS(mrt, vr.mifi)) {
1879                         vr.icount = vif->pkt_in;
1880                         vr.ocount = vif->pkt_out;
1881                         vr.ibytes = vif->bytes_in;
1882                         vr.obytes = vif->bytes_out;
1883                         read_unlock(&mrt_lock);
1884 
1885                         if (copy_to_user(arg, &vr, sizeof(vr)))
1886                                 return -EFAULT;
1887                         return 0;
1888                 }
1889                 read_unlock(&mrt_lock);
1890                 return -EADDRNOTAVAIL;
1891         case SIOCGETSGCNT_IN6:
1892                 if (copy_from_user(&sr, arg, sizeof(sr)))
1893                         return -EFAULT;
1894 
1895                 read_lock(&mrt_lock);
1896                 c = ip6mr_cache_find(mrt, &sr.src.sin6_addr, &sr.grp.sin6_addr);
1897                 if (c) {
1898                         sr.pktcnt = c->mfc_un.res.pkt;
1899                         sr.bytecnt = c->mfc_un.res.bytes;
1900                         sr.wrong_if = c->mfc_un.res.wrong_if;
1901                         read_unlock(&mrt_lock);
1902 
1903                         if (copy_to_user(arg, &sr, sizeof(sr)))
1904                                 return -EFAULT;
1905                         return 0;
1906                 }
1907                 read_unlock(&mrt_lock);
1908                 return -EADDRNOTAVAIL;
1909         default:
1910                 return -ENOIOCTLCMD;
1911         }
1912 }
1913 
1914 #ifdef CONFIG_COMPAT
1915 struct compat_sioc_sg_req6 {
1916         struct sockaddr_in6 src;
1917         struct sockaddr_in6 grp;
1918         compat_ulong_t pktcnt;
1919         compat_ulong_t bytecnt;
1920         compat_ulong_t wrong_if;
1921 };
1922 
1923 struct compat_sioc_mif_req6 {
1924         mifi_t  mifi;
1925         compat_ulong_t icount;
1926         compat_ulong_t ocount;
1927         compat_ulong_t ibytes;
1928         compat_ulong_t obytes;
1929 };
1930 
1931 int ip6mr_compat_ioctl(struct sock *sk, unsigned int cmd, void __user *arg)
1932 {
1933         struct compat_sioc_sg_req6 sr;
1934         struct compat_sioc_mif_req6 vr;
1935         struct mif_device *vif;
1936         struct mfc6_cache *c;
1937         struct net *net = sock_net(sk);
1938         struct mr6_table *mrt;
1939 
1940         mrt = ip6mr_get_table(net, raw6_sk(sk)->ip6mr_table ? : RT6_TABLE_DFLT);
1941         if (!mrt)
1942                 return -ENOENT;
1943 
1944         switch (cmd) {
1945         case SIOCGETMIFCNT_IN6:
1946                 if (copy_from_user(&vr, arg, sizeof(vr)))
1947                         return -EFAULT;
1948                 if (vr.mifi >= mrt->maxvif)
1949                         return -EINVAL;
1950                 read_lock(&mrt_lock);
1951                 vif = &mrt->vif6_table[vr.mifi];
1952                 if (MIF_EXISTS(mrt, vr.mifi)) {
1953                         vr.icount = vif->pkt_in;
1954                         vr.ocount = vif->pkt_out;
1955                         vr.ibytes = vif->bytes_in;
1956                         vr.obytes = vif->bytes_out;
1957                         read_unlock(&mrt_lock);
1958 
1959                         if (copy_to_user(arg, &vr, sizeof(vr)))
1960                                 return -EFAULT;
1961                         return 0;
1962                 }
1963                 read_unlock(&mrt_lock);
1964                 return -EADDRNOTAVAIL;
1965         case SIOCGETSGCNT_IN6:
1966                 if (copy_from_user(&sr, arg, sizeof(sr)))
1967                         return -EFAULT;
1968 
1969                 read_lock(&mrt_lock);
1970                 c = ip6mr_cache_find(mrt, &sr.src.sin6_addr, &sr.grp.sin6_addr);
1971                 if (c) {
1972                         sr.pktcnt = c->mfc_un.res.pkt;
1973                         sr.bytecnt = c->mfc_un.res.bytes;
1974                         sr.wrong_if = c->mfc_un.res.wrong_if;
1975                         read_unlock(&mrt_lock);
1976 
1977                         if (copy_to_user(arg, &sr, sizeof(sr)))
1978                                 return -EFAULT;
1979                         return 0;
1980                 }
1981                 read_unlock(&mrt_lock);
1982                 return -EADDRNOTAVAIL;
1983         default:
1984                 return -ENOIOCTLCMD;
1985         }
1986 }
1987 #endif
1988 
1989 static inline int ip6mr_forward2_finish(struct sock *sk, struct sk_buff *skb)
1990 {
1991         IP6_INC_STATS_BH(dev_net(skb_dst(skb)->dev), ip6_dst_idev(skb_dst(skb)),
1992                          IPSTATS_MIB_OUTFORWDATAGRAMS);
1993         IP6_ADD_STATS_BH(dev_net(skb_dst(skb)->dev), ip6_dst_idev(skb_dst(skb)),
1994                          IPSTATS_MIB_OUTOCTETS, skb->len);
1995         return dst_output_sk(sk, skb);
1996 }
1997 
1998 /*
1999  *      Processing handlers for ip6mr_forward
2000  */
2001 
2002 static int ip6mr_forward2(struct net *net, struct mr6_table *mrt,
2003                           struct sk_buff *skb, struct mfc6_cache *c, int vifi)
2004 {
2005         struct ipv6hdr *ipv6h;
2006         struct mif_device *vif = &mrt->vif6_table[vifi];
2007         struct net_device *dev;
2008         struct dst_entry *dst;
2009         struct flowi6 fl6;
2010 
2011         if (!vif->dev)
2012                 goto out_free;
2013 
2014 #ifdef CONFIG_IPV6_PIMSM_V2
2015         if (vif->flags & MIFF_REGISTER) {
2016                 vif->pkt_out++;
2017                 vif->bytes_out += skb->len;
2018                 vif->dev->stats.tx_bytes += skb->len;
2019                 vif->dev->stats.tx_packets++;
2020                 ip6mr_cache_report(mrt, skb, vifi, MRT6MSG_WHOLEPKT);
2021                 goto out_free;
2022         }
2023 #endif
2024 
2025         ipv6h = ipv6_hdr(skb);
2026 
2027         fl6 = (struct flowi6) {
2028                 .flowi6_oif = vif->link,
2029                 .daddr = ipv6h->daddr,
2030         };
2031 
2032         dst = ip6_route_output(net, NULL, &fl6);
2033         if (dst->error) {
2034                 dst_release(dst);
2035                 goto out_free;
2036         }
2037 
2038         skb_dst_drop(skb);
2039         skb_dst_set(skb, dst);
2040 
2041         /*
2042          * RFC1584 teaches, that DVMRP/PIM router must deliver packets locally
2043          * not only before forwarding, but after forwarding on all output
2044          * interfaces. It is clear, if mrouter runs a multicasting
2045          * program, it should receive packets not depending to what interface
2046          * program is joined.
2047          * If we will not make it, the program will have to join on all
2048          * interfaces. On the other hand, multihoming host (or router, but
2049          * not mrouter) cannot join to more than one interface - it will
2050          * result in receiving multiple packets.
2051          */
2052         dev = vif->dev;
2053         skb->dev = dev;
2054         vif->pkt_out++;
2055         vif->bytes_out += skb->len;
2056 
2057         /* We are about to write */
2058         /* XXX: extension headers? */
2059         if (skb_cow(skb, sizeof(*ipv6h) + LL_RESERVED_SPACE(dev)))
2060                 goto out_free;
2061 
2062         ipv6h = ipv6_hdr(skb);
2063         ipv6h->hop_limit--;
2064 
2065         IP6CB(skb)->flags |= IP6SKB_FORWARDED;
2066 
2067         return NF_HOOK(NFPROTO_IPV6, NF_INET_FORWARD, NULL, skb,
2068                        skb->dev, dev,
2069                        ip6mr_forward2_finish);
2070 
2071 out_free:
2072         kfree_skb(skb);
2073         return 0;
2074 }
2075 
2076 static int ip6mr_find_vif(struct mr6_table *mrt, struct net_device *dev)
2077 {
2078         int ct;
2079 
2080         for (ct = mrt->maxvif - 1; ct >= 0; ct--) {
2081                 if (mrt->vif6_table[ct].dev == dev)
2082                         break;
2083         }
2084         return ct;
2085 }
2086 
2087 static void ip6_mr_forward(struct net *net, struct mr6_table *mrt,
2088                            struct sk_buff *skb, struct mfc6_cache *cache)
2089 {
2090         int psend = -1;
2091         int vif, ct;
2092         int true_vifi = ip6mr_find_vif(mrt, skb->dev);
2093 
2094         vif = cache->mf6c_parent;
2095         cache->mfc_un.res.pkt++;
2096         cache->mfc_un.res.bytes += skb->len;
2097 
2098         if (ipv6_addr_any(&cache->mf6c_origin) && true_vifi >= 0) {
2099                 struct mfc6_cache *cache_proxy;
2100 
2101                 /* For an (*,G) entry, we only check that the incoming
2102                  * interface is part of the static tree.
2103                  */
2104                 cache_proxy = ip6mr_cache_find_any_parent(mrt, vif);
2105                 if (cache_proxy &&
2106                     cache_proxy->mfc_un.res.ttls[true_vifi] < 255)
2107                         goto forward;
2108         }
2109 
2110         /*
2111          * Wrong interface: drop packet and (maybe) send PIM assert.
2112          */
2113         if (mrt->vif6_table[vif].dev != skb->dev) {
2114                 cache->mfc_un.res.wrong_if++;
2115 
2116                 if (true_vifi >= 0 && mrt->mroute_do_assert &&
2117                     /* pimsm uses asserts, when switching from RPT to SPT,
2118                        so that we cannot check that packet arrived on an oif.
2119                        It is bad, but otherwise we would need to move pretty
2120                        large chunk of pimd to kernel. Ough... --ANK
2121                      */
2122                     (mrt->mroute_do_pim ||
2123                      cache->mfc_un.res.ttls[true_vifi] < 255) &&
2124                     time_after(jiffies,
2125                                cache->mfc_un.res.last_assert + MFC_ASSERT_THRESH)) {
2126                         cache->mfc_un.res.last_assert = jiffies;
2127                         ip6mr_cache_report(mrt, skb, true_vifi, MRT6MSG_WRONGMIF);
2128                 }
2129                 goto dont_forward;
2130         }
2131 
2132 forward:
2133         mrt->vif6_table[vif].pkt_in++;
2134         mrt->vif6_table[vif].bytes_in += skb->len;
2135 
2136         /*
2137          *      Forward the frame
2138          */
2139         if (ipv6_addr_any(&cache->mf6c_origin) &&
2140             ipv6_addr_any(&cache->mf6c_mcastgrp)) {
2141                 if (true_vifi >= 0 &&
2142                     true_vifi != cache->mf6c_parent &&
2143                     ipv6_hdr(skb)->hop_limit >
2144                                 cache->mfc_un.res.ttls[cache->mf6c_parent]) {
2145                         /* It's an (*,*) entry and the packet is not coming from
2146                          * the upstream: forward the packet to the upstream
2147                          * only.
2148                          */
2149                         psend = cache->mf6c_parent;
2150                         goto last_forward;
2151                 }
2152                 goto dont_forward;
2153         }
2154         for (ct = cache->mfc_un.res.maxvif - 1; ct >= cache->mfc_un.res.minvif; ct--) {
2155                 /* For (*,G) entry, don't forward to the incoming interface */
2156                 if ((!ipv6_addr_any(&cache->mf6c_origin) || ct != true_vifi) &&
2157                     ipv6_hdr(skb)->hop_limit > cache->mfc_un.res.ttls[ct]) {
2158                         if (psend != -1) {
2159                                 struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC);
2160                                 if (skb2)
2161                                         ip6mr_forward2(net, mrt, skb2, cache, psend);
2162                         }
2163                         psend = ct;
2164                 }
2165         }
2166 last_forward:
2167         if (psend != -1) {
2168                 ip6mr_forward2(net, mrt, skb, cache, psend);
2169                 return;
2170         }
2171 
2172 dont_forward:
2173         kfree_skb(skb);
2174 }
2175 
2176 
2177 /*
2178  *      Multicast packets for forwarding arrive here
2179  */
2180 
2181 int ip6_mr_input(struct sk_buff *skb)
2182 {
2183         struct mfc6_cache *cache;
2184         struct net *net = dev_net(skb->dev);
2185         struct mr6_table *mrt;
2186         struct flowi6 fl6 = {
2187                 .flowi6_iif     = skb->dev->ifindex,
2188                 .flowi6_mark    = skb->mark,
2189         };
2190         int err;
2191 
2192         err = ip6mr_fib_lookup(net, &fl6, &mrt);
2193         if (err < 0) {
2194                 kfree_skb(skb);
2195                 return err;
2196         }
2197 
2198         read_lock(&mrt_lock);
2199         cache = ip6mr_cache_find(mrt,
2200                                  &ipv6_hdr(skb)->saddr, &ipv6_hdr(skb)->daddr);
2201         if (!cache) {
2202                 int vif = ip6mr_find_vif(mrt, skb->dev);
2203 
2204                 if (vif >= 0)
2205                         cache = ip6mr_cache_find_any(mrt,
2206                                                      &ipv6_hdr(skb)->daddr,
2207                                                      vif);
2208         }
2209 
2210         /*
2211          *      No usable cache entry
2212          */
2213         if (!cache) {
2214                 int vif;
2215 
2216                 vif = ip6mr_find_vif(mrt, skb->dev);
2217                 if (vif >= 0) {
2218                         int err = ip6mr_cache_unresolved(mrt, vif, skb);
2219                         read_unlock(&mrt_lock);
2220 
2221                         return err;
2222                 }
2223                 read_unlock(&mrt_lock);
2224                 kfree_skb(skb);
2225                 return -ENODEV;
2226         }
2227 
2228         ip6_mr_forward(net, mrt, skb, cache);
2229 
2230         read_unlock(&mrt_lock);
2231 
2232         return 0;
2233 }
2234 
2235 
2236 static int __ip6mr_fill_mroute(struct mr6_table *mrt, struct sk_buff *skb,
2237                                struct mfc6_cache *c, struct rtmsg *rtm)
2238 {
2239         int ct;
2240         struct rtnexthop *nhp;
2241         struct nlattr *mp_attr;
2242         struct rta_mfc_stats mfcs;
2243 
2244         /* If cache is unresolved, don't try to parse IIF and OIF */
2245         if (c->mf6c_parent >= MAXMIFS)
2246                 return -ENOENT;
2247 
2248         if (MIF_EXISTS(mrt, c->mf6c_parent) &&
2249             nla_put_u32(skb, RTA_IIF, mrt->vif6_table[c->mf6c_parent].dev->ifindex) < 0)
2250                 return -EMSGSIZE;
2251         mp_attr = nla_nest_start(skb, RTA_MULTIPATH);
2252         if (!mp_attr)
2253                 return -EMSGSIZE;
2254 
2255         for (ct = c->mfc_un.res.minvif; ct < c->mfc_un.res.maxvif; ct++) {
2256                 if (MIF_EXISTS(mrt, ct) && c->mfc_un.res.ttls[ct] < 255) {
2257                         nhp = nla_reserve_nohdr(skb, sizeof(*nhp));
2258                         if (!nhp) {
2259                                 nla_nest_cancel(skb, mp_attr);
2260                                 return -EMSGSIZE;
2261                         }
2262 
2263                         nhp->rtnh_flags = 0;
2264                         nhp->rtnh_hops = c->mfc_un.res.ttls[ct];
2265                         nhp->rtnh_ifindex = mrt->vif6_table[ct].dev->ifindex;
2266                         nhp->rtnh_len = sizeof(*nhp);
2267                 }
2268         }
2269 
2270         nla_nest_end(skb, mp_attr);
2271 
2272         mfcs.mfcs_packets = c->mfc_un.res.pkt;
2273         mfcs.mfcs_bytes = c->mfc_un.res.bytes;
2274         mfcs.mfcs_wrong_if = c->mfc_un.res.wrong_if;
2275         if (nla_put(skb, RTA_MFC_STATS, sizeof(mfcs), &mfcs) < 0)
2276                 return -EMSGSIZE;
2277 
2278         rtm->rtm_type = RTN_MULTICAST;
2279         return 1;
2280 }
2281 
2282 int ip6mr_get_route(struct net *net,
2283                     struct sk_buff *skb, struct rtmsg *rtm, int nowait)
2284 {
2285         int err;
2286         struct mr6_table *mrt;
2287         struct mfc6_cache *cache;
2288         struct rt6_info *rt = (struct rt6_info *)skb_dst(skb);
2289 
2290         mrt = ip6mr_get_table(net, RT6_TABLE_DFLT);
2291         if (!mrt)
2292                 return -ENOENT;
2293 
2294         read_lock(&mrt_lock);
2295         cache = ip6mr_cache_find(mrt, &rt->rt6i_src.addr, &rt->rt6i_dst.addr);
2296         if (!cache && skb->dev) {
2297                 int vif = ip6mr_find_vif(mrt, skb->dev);
2298 
2299                 if (vif >= 0)
2300                         cache = ip6mr_cache_find_any(mrt, &rt->rt6i_dst.addr,
2301                                                      vif);
2302         }
2303 
2304         if (!cache) {
2305                 struct sk_buff *skb2;
2306                 struct ipv6hdr *iph;
2307                 struct net_device *dev;
2308                 int vif;
2309 
2310                 if (nowait) {
2311                         read_unlock(&mrt_lock);
2312                         return -EAGAIN;
2313                 }
2314 
2315                 dev = skb->dev;
2316                 if (!dev || (vif = ip6mr_find_vif(mrt, dev)) < 0) {
2317                         read_unlock(&mrt_lock);
2318                         return -ENODEV;
2319                 }
2320 
2321                 /* really correct? */
2322                 skb2 = alloc_skb(sizeof(struct ipv6hdr), GFP_ATOMIC);
2323                 if (!skb2) {
2324                         read_unlock(&mrt_lock);
2325                         return -ENOMEM;
2326                 }
2327 
2328                 skb_reset_transport_header(skb2);
2329 
2330                 skb_put(skb2, sizeof(struct ipv6hdr));
2331                 skb_reset_network_header(skb2);
2332 
2333                 iph = ipv6_hdr(skb2);
2334                 iph->version = 0;
2335                 iph->priority = 0;
2336                 iph->flow_lbl[0] = 0;
2337                 iph->flow_lbl[1] = 0;
2338                 iph->flow_lbl[2] = 0;
2339                 iph->payload_len = 0;
2340                 iph->nexthdr = IPPROTO_NONE;
2341                 iph->hop_limit = 0;
2342                 iph->saddr = rt->rt6i_src.addr;
2343                 iph->daddr = rt->rt6i_dst.addr;
2344 
2345                 err = ip6mr_cache_unresolved(mrt, vif, skb2);
2346                 read_unlock(&mrt_lock);
2347 
2348                 return err;
2349         }
2350 
2351         if (!nowait && (rtm->rtm_flags&RTM_F_NOTIFY))
2352                 cache->mfc_flags |= MFC_NOTIFY;
2353 
2354         err = __ip6mr_fill_mroute(mrt, skb, cache, rtm);
2355         read_unlock(&mrt_lock);
2356         return err;
2357 }
2358 
2359 static int ip6mr_fill_mroute(struct mr6_table *mrt, struct sk_buff *skb,
2360                              u32 portid, u32 seq, struct mfc6_cache *c, int cmd,
2361                              int flags)
2362 {
2363         struct nlmsghdr *nlh;
2364         struct rtmsg *rtm;
2365         int err;
2366 
2367         nlh = nlmsg_put(skb, portid, seq, cmd, sizeof(*rtm), flags);
2368         if (!nlh)
2369                 return -EMSGSIZE;
2370 
2371         rtm = nlmsg_data(nlh);
2372         rtm->rtm_family   = RTNL_FAMILY_IP6MR;
2373         rtm->rtm_dst_len  = 128;
2374         rtm->rtm_src_len  = 128;
2375         rtm->rtm_tos      = 0;
2376         rtm->rtm_table    = mrt->id;
2377         if (nla_put_u32(skb, RTA_TABLE, mrt->id))
2378                 goto nla_put_failure;
2379         rtm->rtm_type = RTN_MULTICAST;
2380         rtm->rtm_scope    = RT_SCOPE_UNIVERSE;
2381         if (c->mfc_flags & MFC_STATIC)
2382                 rtm->rtm_protocol = RTPROT_STATIC;
2383         else
2384                 rtm->rtm_protocol = RTPROT_MROUTED;
2385         rtm->rtm_flags    = 0;
2386 
2387         if (nla_put_in6_addr(skb, RTA_SRC, &c->mf6c_origin) ||
2388             nla_put_in6_addr(skb, RTA_DST, &c->mf6c_mcastgrp))
2389                 goto nla_put_failure;
2390         err = __ip6mr_fill_mroute(mrt, skb, c, rtm);
2391         /* do not break the dump if cache is unresolved */
2392         if (err < 0 && err != -ENOENT)
2393                 goto nla_put_failure;
2394 
2395         nlmsg_end(skb, nlh);
2396         return 0;
2397 
2398 nla_put_failure:
2399         nlmsg_cancel(skb, nlh);
2400         return -EMSGSIZE;
2401 }
2402 
2403 static int mr6_msgsize(bool unresolved, int maxvif)
2404 {
2405         size_t len =
2406                 NLMSG_ALIGN(sizeof(struct rtmsg))
2407                 + nla_total_size(4)     /* RTA_TABLE */
2408                 + nla_total_size(sizeof(struct in6_addr))       /* RTA_SRC */
2409                 + nla_total_size(sizeof(struct in6_addr))       /* RTA_DST */
2410                 ;
2411 
2412         if (!unresolved)
2413                 len = len
2414                       + nla_total_size(4)       /* RTA_IIF */
2415                       + nla_total_size(0)       /* RTA_MULTIPATH */
2416                       + maxvif * NLA_ALIGN(sizeof(struct rtnexthop))
2417                                                 /* RTA_MFC_STATS */
2418                       + nla_total_size(sizeof(struct rta_mfc_stats))
2419                 ;
2420 
2421         return len;
2422 }
2423 
2424 static void mr6_netlink_event(struct mr6_table *mrt, struct mfc6_cache *mfc,
2425                               int cmd)
2426 {
2427         struct net *net = read_pnet(&mrt->net);
2428         struct sk_buff *skb;
2429         int err = -ENOBUFS;
2430 
2431         skb = nlmsg_new(mr6_msgsize(mfc->mf6c_parent >= MAXMIFS, mrt->maxvif),
2432                         GFP_ATOMIC);
2433         if (!skb)
2434                 goto errout;
2435 
2436         err = ip6mr_fill_mroute(mrt, skb, 0, 0, mfc, cmd, 0);
2437         if (err < 0)
2438                 goto errout;
2439 
2440         rtnl_notify(skb, net, 0, RTNLGRP_IPV6_MROUTE, NULL, GFP_ATOMIC);
2441         return;
2442 
2443 errout:
2444         kfree_skb(skb);
2445         if (err < 0)
2446                 rtnl_set_sk_err(net, RTNLGRP_IPV6_MROUTE, err);
2447 }
2448 
2449 static int ip6mr_rtm_dumproute(struct sk_buff *skb, struct netlink_callback *cb)
2450 {
2451         struct net *net = sock_net(skb->sk);
2452         struct mr6_table *mrt;
2453         struct mfc6_cache *mfc;
2454         unsigned int t = 0, s_t;
2455         unsigned int h = 0, s_h;
2456         unsigned int e = 0, s_e;
2457 
2458         s_t = cb->args[0];
2459         s_h = cb->args[1];
2460         s_e = cb->args[2];
2461 
2462         read_lock(&mrt_lock);
2463         ip6mr_for_each_table(mrt, net) {
2464                 if (t < s_t)
2465                         goto next_table;
2466                 if (t > s_t)
2467                         s_h = 0;
2468                 for (h = s_h; h < MFC6_LINES; h++) {
2469                         list_for_each_entry(mfc, &mrt->mfc6_cache_array[h], list) {
2470                                 if (e < s_e)
2471                                         goto next_entry;
2472                                 if (ip6mr_fill_mroute(mrt, skb,
2473                                                       NETLINK_CB(cb->skb).portid,
2474                                                       cb->nlh->nlmsg_seq,
2475                                                       mfc, RTM_NEWROUTE,
2476                                                       NLM_F_MULTI) < 0)
2477                                         goto done;
2478 next_entry:
2479                                 e++;
2480                         }
2481                         e = s_e = 0;
2482                 }
2483                 spin_lock_bh(&mfc_unres_lock);
2484                 list_for_each_entry(mfc, &mrt->mfc6_unres_queue, list) {
2485                         if (e < s_e)
2486                                 goto next_entry2;
2487                         if (ip6mr_fill_mroute(mrt, skb,
2488                                               NETLINK_CB(cb->skb).portid,
2489                                               cb->nlh->nlmsg_seq,
2490                                               mfc, RTM_NEWROUTE,
2491                                               NLM_F_MULTI) < 0) {
2492                                 spin_unlock_bh(&mfc_unres_lock);
2493                                 goto done;
2494                         }
2495 next_entry2:
2496                         e++;
2497                 }
2498                 spin_unlock_bh(&mfc_unres_lock);
2499                 e = s_e = 0;
2500                 s_h = 0;
2501 next_table:
2502                 t++;
2503         }
2504 done:
2505         read_unlock(&mrt_lock);
2506 
2507         cb->args[2] = e;
2508         cb->args[1] = h;
2509         cb->args[0] = t;
2510 
2511         return skb->len;
2512 }
2513 

This page was automatically generated by LXR 0.3.1 (source).  •  Linux is a registered trademark of Linus Torvalds  •  Contact us