1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  *	Linux NET3:	Internet Group Management Protocol  [IGMP]
4  *
5  *	This code implements the IGMP protocol as defined in RFC1112. There has
6  *	been a further revision of this protocol since which is now supported.
7  *
8  *	If you have trouble with this module be careful what gcc you have used,
9  *	the older version didn't come out right using gcc 2.5.8, the newer one
10  *	seems to fall out with gcc 2.6.2.
11  *
12  *	Authors:
13  *		Alan Cox <alan@lxorguk.ukuu.org.uk>
14  *
15  *	Fixes:
16  *
17  *		Alan Cox	:	Added lots of __inline__ to optimise
18  *					the memory usage of all the tiny little
19  *					functions.
20  *		Alan Cox	:	Dumped the header building experiment.
21  *		Alan Cox	:	Minor tweaks ready for multicast routing
22  *					and extended IGMP protocol.
23  *		Alan Cox	:	Removed a load of inline directives. Gcc 2.5.8
24  *					writes utterly bogus code otherwise (sigh)
25  *					fixed IGMP loopback to behave in the manner
26  *					desired by mrouted, fixed the fact it has been
27  *					broken since 1.3.6 and cleaned up a few minor
28  *					points.
29  *
30  *		Chih-Jen Chang	:	Tried to revise IGMP to Version 2
31  *		Tsu-Sheng Tsao		E-mail: chihjenc@scf.usc.edu and tsusheng@scf.usc.edu
32  *					The enhancements are mainly based on Steve Deering's
33  * 					ipmulti-3.5 source code.
34  *		Chih-Jen Chang	:	Added the igmp_get_mrouter_info and
35  *		Tsu-Sheng Tsao		igmp_set_mrouter_info to keep track of
36  *					the mrouted version on that device.
37  *		Chih-Jen Chang	:	Added the max_resp_time parameter to
38  *		Tsu-Sheng Tsao		igmp_heard_query(). Using this parameter
39  *					to identify the multicast router version
40  *					and do what the IGMP version 2 specified.
41  *		Chih-Jen Chang	:	Added a timer to revert to IGMP V2 router
42  *		Tsu-Sheng Tsao		if the specified time expired.
43  *		Alan Cox	:	Stop IGMP from 0.0.0.0 being accepted.
44  *		Alan Cox	:	Use GFP_ATOMIC in the right places.
45  *		Christian Daudt :	igmp timer wasn't set for local group
46  *					memberships but was being deleted,
47  *					which caused a "del_timer() called
48  *					from %p with timer not initialized\n"
49  *					message (960131).
50  *		Christian Daudt :	removed del_timer from
51  *					igmp_timer_expire function (960205).
52  *             Christian Daudt :       igmp_heard_report now only calls
53  *                                     igmp_timer_expire if tm->running is
54  *                                     true (960216).
55  *		Malcolm Beattie :	ttl comparison wrong in igmp_rcv made
56  *					igmp_heard_query never trigger. Expiry
57  *					miscalculation fixed in igmp_heard_query
58  *					and random() made to return unsigned to
59  *					prevent negative expiry times.
60  *		Alexey Kuznetsov:	Wrong group leaving behaviour, backport
61  *					fix from pending 2.1.x patches.
62  *		Alan Cox:		Forget to enable FDDI support earlier.
63  *		Alexey Kuznetsov:	Fixed leaving groups on device down.
64  *		Alexey Kuznetsov:	Accordance to igmp-v2-06 draft.
65  *		David L Stevens:	IGMPv3 support, with help from
66  *					Vinay Kulkarni
67  */
68 
69 #include <linux/module.h>
70 #include <linux/slab.h>
71 #include <linux/uaccess.h>
72 #include <linux/types.h>
73 #include <linux/kernel.h>
74 #include <linux/jiffies.h>
75 #include <linux/string.h>
76 #include <linux/socket.h>
77 #include <linux/sockios.h>
78 #include <linux/in.h>
79 #include <linux/inet.h>
80 #include <linux/netdevice.h>
81 #include <linux/skbuff.h>
82 #include <linux/inetdevice.h>
83 #include <linux/igmp.h>
84 #include <linux/if_arp.h>
85 #include <linux/rtnetlink.h>
86 #include <linux/times.h>
87 #include <linux/pkt_sched.h>
88 #include <linux/byteorder/generic.h>
89 
90 #include <net/net_namespace.h>
91 #include <net/arp.h>
92 #include <net/ip.h>
93 #include <net/protocol.h>
94 #include <net/route.h>
95 #include <net/sock.h>
96 #include <net/checksum.h>
97 #include <net/inet_common.h>
98 #include <linux/netfilter_ipv4.h>
99 #ifdef CONFIG_IP_MROUTE
100 #include <linux/mroute.h>
101 #endif
102 #ifdef CONFIG_PROC_FS
103 #include <linux/proc_fs.h>
104 #include <linux/seq_file.h>
105 #endif
106 
107 #ifdef CONFIG_IP_MULTICAST
108 /* Parameter names and values are taken from igmp-v2-06 draft */
109 
110 #define IGMP_QUERY_INTERVAL			(125*HZ)
111 #define IGMP_QUERY_RESPONSE_INTERVAL		(10*HZ)
112 
113 #define IGMP_INITIAL_REPORT_DELAY		(1)
114 
115 /* IGMP_INITIAL_REPORT_DELAY is not from IGMP specs!
116  * IGMP specs require to report membership immediately after
117  * joining a group, but we delay the first report by a
118  * small interval. It seems more natural and still does not
119  * contradict to specs provided this delay is small enough.
120  */
121 
122 #define IGMP_V1_SEEN(in_dev) \
123 	(IPV4_DEVCONF_ALL(dev_net(in_dev->dev), FORCE_IGMP_VERSION) == 1 || \
124 	 IN_DEV_CONF_GET((in_dev), FORCE_IGMP_VERSION) == 1 || \
125 	 ((in_dev)->mr_v1_seen && \
126 	  time_before(jiffies, (in_dev)->mr_v1_seen)))
127 #define IGMP_V2_SEEN(in_dev) \
128 	(IPV4_DEVCONF_ALL(dev_net(in_dev->dev), FORCE_IGMP_VERSION) == 2 || \
129 	 IN_DEV_CONF_GET((in_dev), FORCE_IGMP_VERSION) == 2 || \
130 	 ((in_dev)->mr_v2_seen && \
131 	  time_before(jiffies, (in_dev)->mr_v2_seen)))
132 
unsolicited_report_interval(struct in_device * in_dev)133 static int unsolicited_report_interval(struct in_device *in_dev)
134 {
135 	int interval_ms, interval_jiffies;
136 
137 	if (IGMP_V1_SEEN(in_dev) || IGMP_V2_SEEN(in_dev))
138 		interval_ms = IN_DEV_CONF_GET(
139 			in_dev,
140 			IGMPV2_UNSOLICITED_REPORT_INTERVAL);
141 	else /* v3 */
142 		interval_ms = IN_DEV_CONF_GET(
143 			in_dev,
144 			IGMPV3_UNSOLICITED_REPORT_INTERVAL);
145 
146 	interval_jiffies = msecs_to_jiffies(interval_ms);
147 
148 	/* _timer functions can't handle a delay of 0 jiffies so ensure
149 	 *  we always return a positive value.
150 	 */
151 	if (interval_jiffies <= 0)
152 		interval_jiffies = 1;
153 	return interval_jiffies;
154 }
155 
156 static void igmpv3_add_delrec(struct in_device *in_dev, struct ip_mc_list *im,
157 			      gfp_t gfp);
158 static void igmpv3_del_delrec(struct in_device *in_dev, struct ip_mc_list *im);
159 static void igmpv3_clear_delrec(struct in_device *in_dev);
160 static int sf_setstate(struct ip_mc_list *pmc);
161 static void sf_markstate(struct ip_mc_list *pmc);
162 #endif
163 static void ip_mc_clear_src(struct ip_mc_list *pmc);
164 static int ip_mc_add_src(struct in_device *in_dev, __be32 *pmca, int sfmode,
165 			 int sfcount, __be32 *psfsrc, int delta);
166 
ip_ma_put(struct ip_mc_list * im)167 static void ip_ma_put(struct ip_mc_list *im)
168 {
169 	if (refcount_dec_and_test(&im->refcnt)) {
170 		in_dev_put(im->interface);
171 		kfree_rcu(im, rcu);
172 	}
173 }
174 
175 #define for_each_pmc_rcu(in_dev, pmc)				\
176 	for (pmc = rcu_dereference(in_dev->mc_list);		\
177 	     pmc != NULL;					\
178 	     pmc = rcu_dereference(pmc->next_rcu))
179 
180 #define for_each_pmc_rtnl(in_dev, pmc)				\
181 	for (pmc = rtnl_dereference(in_dev->mc_list);		\
182 	     pmc != NULL;					\
183 	     pmc = rtnl_dereference(pmc->next_rcu))
184 
ip_sf_list_clear_all(struct ip_sf_list * psf)185 static void ip_sf_list_clear_all(struct ip_sf_list *psf)
186 {
187 	struct ip_sf_list *next;
188 
189 	while (psf) {
190 		next = psf->sf_next;
191 		kfree(psf);
192 		psf = next;
193 	}
194 }
195 
196 #ifdef CONFIG_IP_MULTICAST
197 
198 /*
199  *	Timer management
200  */
201 
igmp_stop_timer(struct ip_mc_list * im)202 static void igmp_stop_timer(struct ip_mc_list *im)
203 {
204 	spin_lock_bh(&im->lock);
205 	if (del_timer(&im->timer))
206 		refcount_dec(&im->refcnt);
207 	im->tm_running = 0;
208 	im->reporter = 0;
209 	im->unsolicit_count = 0;
210 	spin_unlock_bh(&im->lock);
211 }
212 
213 /* It must be called with locked im->lock */
igmp_start_timer(struct ip_mc_list * im,int max_delay)214 static void igmp_start_timer(struct ip_mc_list *im, int max_delay)
215 {
216 	int tv = get_random_u32_below(max_delay);
217 
218 	im->tm_running = 1;
219 	if (refcount_inc_not_zero(&im->refcnt)) {
220 		if (mod_timer(&im->timer, jiffies + tv + 2))
221 			ip_ma_put(im);
222 	}
223 }
224 
igmp_gq_start_timer(struct in_device * in_dev)225 static void igmp_gq_start_timer(struct in_device *in_dev)
226 {
227 	int tv = get_random_u32_below(in_dev->mr_maxdelay);
228 	unsigned long exp = jiffies + tv + 2;
229 
230 	if (in_dev->mr_gq_running &&
231 	    time_after_eq(exp, (in_dev->mr_gq_timer).expires))
232 		return;
233 
234 	in_dev->mr_gq_running = 1;
235 	if (!mod_timer(&in_dev->mr_gq_timer, exp))
236 		in_dev_hold(in_dev);
237 }
238 
igmp_ifc_start_timer(struct in_device * in_dev,int delay)239 static void igmp_ifc_start_timer(struct in_device *in_dev, int delay)
240 {
241 	int tv = get_random_u32_below(delay);
242 
243 	if (!mod_timer(&in_dev->mr_ifc_timer, jiffies+tv+2))
244 		in_dev_hold(in_dev);
245 }
246 
igmp_mod_timer(struct ip_mc_list * im,int max_delay)247 static void igmp_mod_timer(struct ip_mc_list *im, int max_delay)
248 {
249 	spin_lock_bh(&im->lock);
250 	im->unsolicit_count = 0;
251 	if (del_timer(&im->timer)) {
252 		if ((long)(im->timer.expires-jiffies) < max_delay) {
253 			add_timer(&im->timer);
254 			im->tm_running = 1;
255 			spin_unlock_bh(&im->lock);
256 			return;
257 		}
258 		refcount_dec(&im->refcnt);
259 	}
260 	igmp_start_timer(im, max_delay);
261 	spin_unlock_bh(&im->lock);
262 }
263 
264 
265 /*
266  *	Send an IGMP report.
267  */
268 
269 #define IGMP_SIZE (sizeof(struct igmphdr)+sizeof(struct iphdr)+4)
270 
271 
is_in(struct ip_mc_list * pmc,struct ip_sf_list * psf,int type,int gdeleted,int sdeleted)272 static int is_in(struct ip_mc_list *pmc, struct ip_sf_list *psf, int type,
273 	int gdeleted, int sdeleted)
274 {
275 	switch (type) {
276 	case IGMPV3_MODE_IS_INCLUDE:
277 	case IGMPV3_MODE_IS_EXCLUDE:
278 		if (gdeleted || sdeleted)
279 			return 0;
280 		if (!(pmc->gsquery && !psf->sf_gsresp)) {
281 			if (pmc->sfmode == MCAST_INCLUDE)
282 				return 1;
283 			/* don't include if this source is excluded
284 			 * in all filters
285 			 */
286 			if (psf->sf_count[MCAST_INCLUDE])
287 				return type == IGMPV3_MODE_IS_INCLUDE;
288 			return pmc->sfcount[MCAST_EXCLUDE] ==
289 				psf->sf_count[MCAST_EXCLUDE];
290 		}
291 		return 0;
292 	case IGMPV3_CHANGE_TO_INCLUDE:
293 		if (gdeleted || sdeleted)
294 			return 0;
295 		return psf->sf_count[MCAST_INCLUDE] != 0;
296 	case IGMPV3_CHANGE_TO_EXCLUDE:
297 		if (gdeleted || sdeleted)
298 			return 0;
299 		if (pmc->sfcount[MCAST_EXCLUDE] == 0 ||
300 		    psf->sf_count[MCAST_INCLUDE])
301 			return 0;
302 		return pmc->sfcount[MCAST_EXCLUDE] ==
303 			psf->sf_count[MCAST_EXCLUDE];
304 	case IGMPV3_ALLOW_NEW_SOURCES:
305 		if (gdeleted || !psf->sf_crcount)
306 			return 0;
307 		return (pmc->sfmode == MCAST_INCLUDE) ^ sdeleted;
308 	case IGMPV3_BLOCK_OLD_SOURCES:
309 		if (pmc->sfmode == MCAST_INCLUDE)
310 			return gdeleted || (psf->sf_crcount && sdeleted);
311 		return psf->sf_crcount && !gdeleted && !sdeleted;
312 	}
313 	return 0;
314 }
315 
316 static int
igmp_scount(struct ip_mc_list * pmc,int type,int gdeleted,int sdeleted)317 igmp_scount(struct ip_mc_list *pmc, int type, int gdeleted, int sdeleted)
318 {
319 	struct ip_sf_list *psf;
320 	int scount = 0;
321 
322 	for (psf = pmc->sources; psf; psf = psf->sf_next) {
323 		if (!is_in(pmc, psf, type, gdeleted, sdeleted))
324 			continue;
325 		scount++;
326 	}
327 	return scount;
328 }
329 
330 /* source address selection per RFC 3376 section 4.2.13 */
igmpv3_get_srcaddr(struct net_device * dev,const struct flowi4 * fl4)331 static __be32 igmpv3_get_srcaddr(struct net_device *dev,
332 				 const struct flowi4 *fl4)
333 {
334 	struct in_device *in_dev = __in_dev_get_rcu(dev);
335 	const struct in_ifaddr *ifa;
336 
337 	if (!in_dev)
338 		return htonl(INADDR_ANY);
339 
340 	in_dev_for_each_ifa_rcu(ifa, in_dev) {
341 		if (fl4->saddr == ifa->ifa_local)
342 			return fl4->saddr;
343 	}
344 
345 	return htonl(INADDR_ANY);
346 }
347 
igmpv3_newpack(struct net_device * dev,unsigned int mtu)348 static struct sk_buff *igmpv3_newpack(struct net_device *dev, unsigned int mtu)
349 {
350 	struct sk_buff *skb;
351 	struct rtable *rt;
352 	struct iphdr *pip;
353 	struct igmpv3_report *pig;
354 	struct net *net = dev_net(dev);
355 	struct flowi4 fl4;
356 	int hlen = LL_RESERVED_SPACE(dev);
357 	int tlen = dev->needed_tailroom;
358 	unsigned int size;
359 
360 	size = min(mtu, IP_MAX_MTU);
361 	while (1) {
362 		skb = alloc_skb(size + hlen + tlen,
363 				GFP_ATOMIC | __GFP_NOWARN);
364 		if (skb)
365 			break;
366 		size >>= 1;
367 		if (size < 256)
368 			return NULL;
369 	}
370 	skb->priority = TC_PRIO_CONTROL;
371 
372 	rt = ip_route_output_ports(net, &fl4, NULL, IGMPV3_ALL_MCR, 0,
373 				   0, 0,
374 				   IPPROTO_IGMP, 0, dev->ifindex);
375 	if (IS_ERR(rt)) {
376 		kfree_skb(skb);
377 		return NULL;
378 	}
379 
380 	skb_dst_set(skb, &rt->dst);
381 	skb->dev = dev;
382 
383 	skb_reserve(skb, hlen);
384 	skb_tailroom_reserve(skb, mtu, tlen);
385 
386 	skb_reset_network_header(skb);
387 	pip = ip_hdr(skb);
388 	skb_put(skb, sizeof(struct iphdr) + 4);
389 
390 	pip->version  = 4;
391 	pip->ihl      = (sizeof(struct iphdr)+4)>>2;
392 	pip->tos      = 0xc0;
393 	pip->frag_off = htons(IP_DF);
394 	pip->ttl      = 1;
395 	pip->daddr    = fl4.daddr;
396 
397 	rcu_read_lock();
398 	pip->saddr    = igmpv3_get_srcaddr(dev, &fl4);
399 	rcu_read_unlock();
400 
401 	pip->protocol = IPPROTO_IGMP;
402 	pip->tot_len  = 0;	/* filled in later */
403 	ip_select_ident(net, skb, NULL);
404 	((u8 *)&pip[1])[0] = IPOPT_RA;
405 	((u8 *)&pip[1])[1] = 4;
406 	((u8 *)&pip[1])[2] = 0;
407 	((u8 *)&pip[1])[3] = 0;
408 
409 	skb->transport_header = skb->network_header + sizeof(struct iphdr) + 4;
410 	skb_put(skb, sizeof(*pig));
411 	pig = igmpv3_report_hdr(skb);
412 	pig->type = IGMPV3_HOST_MEMBERSHIP_REPORT;
413 	pig->resv1 = 0;
414 	pig->csum = 0;
415 	pig->resv2 = 0;
416 	pig->ngrec = 0;
417 	return skb;
418 }
419 
igmpv3_sendpack(struct sk_buff * skb)420 static int igmpv3_sendpack(struct sk_buff *skb)
421 {
422 	struct igmphdr *pig = igmp_hdr(skb);
423 	const int igmplen = skb_tail_pointer(skb) - skb_transport_header(skb);
424 
425 	pig->csum = ip_compute_csum(igmp_hdr(skb), igmplen);
426 
427 	return ip_local_out(dev_net(skb_dst(skb)->dev), skb->sk, skb);
428 }
429 
grec_size(struct ip_mc_list * pmc,int type,int gdel,int sdel)430 static int grec_size(struct ip_mc_list *pmc, int type, int gdel, int sdel)
431 {
432 	return sizeof(struct igmpv3_grec) + 4*igmp_scount(pmc, type, gdel, sdel);
433 }
434 
add_grhead(struct sk_buff * skb,struct ip_mc_list * pmc,int type,struct igmpv3_grec ** ppgr,unsigned int mtu)435 static struct sk_buff *add_grhead(struct sk_buff *skb, struct ip_mc_list *pmc,
436 	int type, struct igmpv3_grec **ppgr, unsigned int mtu)
437 {
438 	struct net_device *dev = pmc->interface->dev;
439 	struct igmpv3_report *pih;
440 	struct igmpv3_grec *pgr;
441 
442 	if (!skb) {
443 		skb = igmpv3_newpack(dev, mtu);
444 		if (!skb)
445 			return NULL;
446 	}
447 	pgr = skb_put(skb, sizeof(struct igmpv3_grec));
448 	pgr->grec_type = type;
449 	pgr->grec_auxwords = 0;
450 	pgr->grec_nsrcs = 0;
451 	pgr->grec_mca = pmc->multiaddr;
452 	pih = igmpv3_report_hdr(skb);
453 	pih->ngrec = htons(ntohs(pih->ngrec)+1);
454 	*ppgr = pgr;
455 	return skb;
456 }
457 
458 #define AVAILABLE(skb)	((skb) ? skb_availroom(skb) : 0)
459 
add_grec(struct sk_buff * skb,struct ip_mc_list * pmc,int type,int gdeleted,int sdeleted)460 static struct sk_buff *add_grec(struct sk_buff *skb, struct ip_mc_list *pmc,
461 	int type, int gdeleted, int sdeleted)
462 {
463 	struct net_device *dev = pmc->interface->dev;
464 	struct net *net = dev_net(dev);
465 	struct igmpv3_report *pih;
466 	struct igmpv3_grec *pgr = NULL;
467 	struct ip_sf_list *psf, *psf_next, *psf_prev, **psf_list;
468 	int scount, stotal, first, isquery, truncate;
469 	unsigned int mtu;
470 
471 	if (pmc->multiaddr == IGMP_ALL_HOSTS)
472 		return skb;
473 	if (ipv4_is_local_multicast(pmc->multiaddr) &&
474 	    !READ_ONCE(net->ipv4.sysctl_igmp_llm_reports))
475 		return skb;
476 
477 	mtu = READ_ONCE(dev->mtu);
478 	if (mtu < IPV4_MIN_MTU)
479 		return skb;
480 
481 	isquery = type == IGMPV3_MODE_IS_INCLUDE ||
482 		  type == IGMPV3_MODE_IS_EXCLUDE;
483 	truncate = type == IGMPV3_MODE_IS_EXCLUDE ||
484 		    type == IGMPV3_CHANGE_TO_EXCLUDE;
485 
486 	stotal = scount = 0;
487 
488 	psf_list = sdeleted ? &pmc->tomb : &pmc->sources;
489 
490 	if (!*psf_list)
491 		goto empty_source;
492 
493 	pih = skb ? igmpv3_report_hdr(skb) : NULL;
494 
495 	/* EX and TO_EX get a fresh packet, if needed */
496 	if (truncate) {
497 		if (pih && pih->ngrec &&
498 		    AVAILABLE(skb) < grec_size(pmc, type, gdeleted, sdeleted)) {
499 			if (skb)
500 				igmpv3_sendpack(skb);
501 			skb = igmpv3_newpack(dev, mtu);
502 		}
503 	}
504 	first = 1;
505 	psf_prev = NULL;
506 	for (psf = *psf_list; psf; psf = psf_next) {
507 		__be32 *psrc;
508 
509 		psf_next = psf->sf_next;
510 
511 		if (!is_in(pmc, psf, type, gdeleted, sdeleted)) {
512 			psf_prev = psf;
513 			continue;
514 		}
515 
516 		/* Based on RFC3376 5.1. Should not send source-list change
517 		 * records when there is a filter mode change.
518 		 */
519 		if (((gdeleted && pmc->sfmode == MCAST_EXCLUDE) ||
520 		     (!gdeleted && pmc->crcount)) &&
521 		    (type == IGMPV3_ALLOW_NEW_SOURCES ||
522 		     type == IGMPV3_BLOCK_OLD_SOURCES) && psf->sf_crcount)
523 			goto decrease_sf_crcount;
524 
525 		/* clear marks on query responses */
526 		if (isquery)
527 			psf->sf_gsresp = 0;
528 
529 		if (AVAILABLE(skb) < sizeof(__be32) +
530 		    first*sizeof(struct igmpv3_grec)) {
531 			if (truncate && !first)
532 				break;	 /* truncate these */
533 			if (pgr)
534 				pgr->grec_nsrcs = htons(scount);
535 			if (skb)
536 				igmpv3_sendpack(skb);
537 			skb = igmpv3_newpack(dev, mtu);
538 			first = 1;
539 			scount = 0;
540 		}
541 		if (first) {
542 			skb = add_grhead(skb, pmc, type, &pgr, mtu);
543 			first = 0;
544 		}
545 		if (!skb)
546 			return NULL;
547 		psrc = skb_put(skb, sizeof(__be32));
548 		*psrc = psf->sf_inaddr;
549 		scount++; stotal++;
550 		if ((type == IGMPV3_ALLOW_NEW_SOURCES ||
551 		     type == IGMPV3_BLOCK_OLD_SOURCES) && psf->sf_crcount) {
552 decrease_sf_crcount:
553 			psf->sf_crcount--;
554 			if ((sdeleted || gdeleted) && psf->sf_crcount == 0) {
555 				if (psf_prev)
556 					psf_prev->sf_next = psf->sf_next;
557 				else
558 					*psf_list = psf->sf_next;
559 				kfree(psf);
560 				continue;
561 			}
562 		}
563 		psf_prev = psf;
564 	}
565 
566 empty_source:
567 	if (!stotal) {
568 		if (type == IGMPV3_ALLOW_NEW_SOURCES ||
569 		    type == IGMPV3_BLOCK_OLD_SOURCES)
570 			return skb;
571 		if (pmc->crcount || isquery) {
572 			/* make sure we have room for group header */
573 			if (skb && AVAILABLE(skb) < sizeof(struct igmpv3_grec)) {
574 				igmpv3_sendpack(skb);
575 				skb = NULL; /* add_grhead will get a new one */
576 			}
577 			skb = add_grhead(skb, pmc, type, &pgr, mtu);
578 		}
579 	}
580 	if (pgr)
581 		pgr->grec_nsrcs = htons(scount);
582 
583 	if (isquery)
584 		pmc->gsquery = 0;	/* clear query state on report */
585 	return skb;
586 }
587 
igmpv3_send_report(struct in_device * in_dev,struct ip_mc_list * pmc)588 static int igmpv3_send_report(struct in_device *in_dev, struct ip_mc_list *pmc)
589 {
590 	struct sk_buff *skb = NULL;
591 	struct net *net = dev_net(in_dev->dev);
592 	int type;
593 
594 	if (!pmc) {
595 		rcu_read_lock();
596 		for_each_pmc_rcu(in_dev, pmc) {
597 			if (pmc->multiaddr == IGMP_ALL_HOSTS)
598 				continue;
599 			if (ipv4_is_local_multicast(pmc->multiaddr) &&
600 			    !READ_ONCE(net->ipv4.sysctl_igmp_llm_reports))
601 				continue;
602 			spin_lock_bh(&pmc->lock);
603 			if (pmc->sfcount[MCAST_EXCLUDE])
604 				type = IGMPV3_MODE_IS_EXCLUDE;
605 			else
606 				type = IGMPV3_MODE_IS_INCLUDE;
607 			skb = add_grec(skb, pmc, type, 0, 0);
608 			spin_unlock_bh(&pmc->lock);
609 		}
610 		rcu_read_unlock();
611 	} else {
612 		spin_lock_bh(&pmc->lock);
613 		if (pmc->sfcount[MCAST_EXCLUDE])
614 			type = IGMPV3_MODE_IS_EXCLUDE;
615 		else
616 			type = IGMPV3_MODE_IS_INCLUDE;
617 		skb = add_grec(skb, pmc, type, 0, 0);
618 		spin_unlock_bh(&pmc->lock);
619 	}
620 	if (!skb)
621 		return 0;
622 	return igmpv3_sendpack(skb);
623 }
624 
625 /*
626  * remove zero-count source records from a source filter list
627  */
igmpv3_clear_zeros(struct ip_sf_list ** ppsf)628 static void igmpv3_clear_zeros(struct ip_sf_list **ppsf)
629 {
630 	struct ip_sf_list *psf_prev, *psf_next, *psf;
631 
632 	psf_prev = NULL;
633 	for (psf = *ppsf; psf; psf = psf_next) {
634 		psf_next = psf->sf_next;
635 		if (psf->sf_crcount == 0) {
636 			if (psf_prev)
637 				psf_prev->sf_next = psf->sf_next;
638 			else
639 				*ppsf = psf->sf_next;
640 			kfree(psf);
641 		} else
642 			psf_prev = psf;
643 	}
644 }
645 
kfree_pmc(struct ip_mc_list * pmc)646 static void kfree_pmc(struct ip_mc_list *pmc)
647 {
648 	ip_sf_list_clear_all(pmc->sources);
649 	ip_sf_list_clear_all(pmc->tomb);
650 	kfree(pmc);
651 }
652 
igmpv3_send_cr(struct in_device * in_dev)653 static void igmpv3_send_cr(struct in_device *in_dev)
654 {
655 	struct ip_mc_list *pmc, *pmc_prev, *pmc_next;
656 	struct sk_buff *skb = NULL;
657 	int type, dtype;
658 
659 	rcu_read_lock();
660 	spin_lock_bh(&in_dev->mc_tomb_lock);
661 
662 	/* deleted MCA's */
663 	pmc_prev = NULL;
664 	for (pmc = in_dev->mc_tomb; pmc; pmc = pmc_next) {
665 		pmc_next = pmc->next;
666 		if (pmc->sfmode == MCAST_INCLUDE) {
667 			type = IGMPV3_BLOCK_OLD_SOURCES;
668 			dtype = IGMPV3_BLOCK_OLD_SOURCES;
669 			skb = add_grec(skb, pmc, type, 1, 0);
670 			skb = add_grec(skb, pmc, dtype, 1, 1);
671 		}
672 		if (pmc->crcount) {
673 			if (pmc->sfmode == MCAST_EXCLUDE) {
674 				type = IGMPV3_CHANGE_TO_INCLUDE;
675 				skb = add_grec(skb, pmc, type, 1, 0);
676 			}
677 			pmc->crcount--;
678 			if (pmc->crcount == 0) {
679 				igmpv3_clear_zeros(&pmc->tomb);
680 				igmpv3_clear_zeros(&pmc->sources);
681 			}
682 		}
683 		if (pmc->crcount == 0 && !pmc->tomb && !pmc->sources) {
684 			if (pmc_prev)
685 				pmc_prev->next = pmc_next;
686 			else
687 				in_dev->mc_tomb = pmc_next;
688 			in_dev_put(pmc->interface);
689 			kfree_pmc(pmc);
690 		} else
691 			pmc_prev = pmc;
692 	}
693 	spin_unlock_bh(&in_dev->mc_tomb_lock);
694 
695 	/* change recs */
696 	for_each_pmc_rcu(in_dev, pmc) {
697 		spin_lock_bh(&pmc->lock);
698 		if (pmc->sfcount[MCAST_EXCLUDE]) {
699 			type = IGMPV3_BLOCK_OLD_SOURCES;
700 			dtype = IGMPV3_ALLOW_NEW_SOURCES;
701 		} else {
702 			type = IGMPV3_ALLOW_NEW_SOURCES;
703 			dtype = IGMPV3_BLOCK_OLD_SOURCES;
704 		}
705 		skb = add_grec(skb, pmc, type, 0, 0);
706 		skb = add_grec(skb, pmc, dtype, 0, 1);	/* deleted sources */
707 
708 		/* filter mode changes */
709 		if (pmc->crcount) {
710 			if (pmc->sfmode == MCAST_EXCLUDE)
711 				type = IGMPV3_CHANGE_TO_EXCLUDE;
712 			else
713 				type = IGMPV3_CHANGE_TO_INCLUDE;
714 			skb = add_grec(skb, pmc, type, 0, 0);
715 			pmc->crcount--;
716 		}
717 		spin_unlock_bh(&pmc->lock);
718 	}
719 	rcu_read_unlock();
720 
721 	if (!skb)
722 		return;
723 	(void) igmpv3_sendpack(skb);
724 }
725 
igmp_send_report(struct in_device * in_dev,struct ip_mc_list * pmc,int type)726 static int igmp_send_report(struct in_device *in_dev, struct ip_mc_list *pmc,
727 	int type)
728 {
729 	struct sk_buff *skb;
730 	struct iphdr *iph;
731 	struct igmphdr *ih;
732 	struct rtable *rt;
733 	struct net_device *dev = in_dev->dev;
734 	struct net *net = dev_net(dev);
735 	__be32	group = pmc ? pmc->multiaddr : 0;
736 	struct flowi4 fl4;
737 	__be32	dst;
738 	int hlen, tlen;
739 
740 	if (type == IGMPV3_HOST_MEMBERSHIP_REPORT)
741 		return igmpv3_send_report(in_dev, pmc);
742 
743 	if (ipv4_is_local_multicast(group) &&
744 	    !READ_ONCE(net->ipv4.sysctl_igmp_llm_reports))
745 		return 0;
746 
747 	if (type == IGMP_HOST_LEAVE_MESSAGE)
748 		dst = IGMP_ALL_ROUTER;
749 	else
750 		dst = group;
751 
752 	rt = ip_route_output_ports(net, &fl4, NULL, dst, 0,
753 				   0, 0,
754 				   IPPROTO_IGMP, 0, dev->ifindex);
755 	if (IS_ERR(rt))
756 		return -1;
757 
758 	hlen = LL_RESERVED_SPACE(dev);
759 	tlen = dev->needed_tailroom;
760 	skb = alloc_skb(IGMP_SIZE + hlen + tlen, GFP_ATOMIC);
761 	if (!skb) {
762 		ip_rt_put(rt);
763 		return -1;
764 	}
765 	skb->priority = TC_PRIO_CONTROL;
766 
767 	skb_dst_set(skb, &rt->dst);
768 
769 	skb_reserve(skb, hlen);
770 
771 	skb_reset_network_header(skb);
772 	iph = ip_hdr(skb);
773 	skb_put(skb, sizeof(struct iphdr) + 4);
774 
775 	iph->version  = 4;
776 	iph->ihl      = (sizeof(struct iphdr)+4)>>2;
777 	iph->tos      = 0xc0;
778 	iph->frag_off = htons(IP_DF);
779 	iph->ttl      = 1;
780 	iph->daddr    = dst;
781 	iph->saddr    = fl4.saddr;
782 	iph->protocol = IPPROTO_IGMP;
783 	ip_select_ident(net, skb, NULL);
784 	((u8 *)&iph[1])[0] = IPOPT_RA;
785 	((u8 *)&iph[1])[1] = 4;
786 	((u8 *)&iph[1])[2] = 0;
787 	((u8 *)&iph[1])[3] = 0;
788 
789 	ih = skb_put(skb, sizeof(struct igmphdr));
790 	ih->type = type;
791 	ih->code = 0;
792 	ih->csum = 0;
793 	ih->group = group;
794 	ih->csum = ip_compute_csum((void *)ih, sizeof(struct igmphdr));
795 
796 	return ip_local_out(net, skb->sk, skb);
797 }
798 
igmp_gq_timer_expire(struct timer_list * t)799 static void igmp_gq_timer_expire(struct timer_list *t)
800 {
801 	struct in_device *in_dev = from_timer(in_dev, t, mr_gq_timer);
802 
803 	in_dev->mr_gq_running = 0;
804 	igmpv3_send_report(in_dev, NULL);
805 	in_dev_put(in_dev);
806 }
807 
igmp_ifc_timer_expire(struct timer_list * t)808 static void igmp_ifc_timer_expire(struct timer_list *t)
809 {
810 	struct in_device *in_dev = from_timer(in_dev, t, mr_ifc_timer);
811 	u32 mr_ifc_count;
812 
813 	igmpv3_send_cr(in_dev);
814 restart:
815 	mr_ifc_count = READ_ONCE(in_dev->mr_ifc_count);
816 
817 	if (mr_ifc_count) {
818 		if (cmpxchg(&in_dev->mr_ifc_count,
819 			    mr_ifc_count,
820 			    mr_ifc_count - 1) != mr_ifc_count)
821 			goto restart;
822 		igmp_ifc_start_timer(in_dev,
823 				     unsolicited_report_interval(in_dev));
824 	}
825 	in_dev_put(in_dev);
826 }
827 
igmp_ifc_event(struct in_device * in_dev)828 static void igmp_ifc_event(struct in_device *in_dev)
829 {
830 	struct net *net = dev_net(in_dev->dev);
831 	if (IGMP_V1_SEEN(in_dev) || IGMP_V2_SEEN(in_dev))
832 		return;
833 	WRITE_ONCE(in_dev->mr_ifc_count, in_dev->mr_qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv));
834 	igmp_ifc_start_timer(in_dev, 1);
835 }
836 
837 
igmp_timer_expire(struct timer_list * t)838 static void igmp_timer_expire(struct timer_list *t)
839 {
840 	struct ip_mc_list *im = from_timer(im, t, timer);
841 	struct in_device *in_dev = im->interface;
842 
843 	spin_lock(&im->lock);
844 	im->tm_running = 0;
845 
846 	if (im->unsolicit_count && --im->unsolicit_count)
847 		igmp_start_timer(im, unsolicited_report_interval(in_dev));
848 
849 	im->reporter = 1;
850 	spin_unlock(&im->lock);
851 
852 	if (IGMP_V1_SEEN(in_dev))
853 		igmp_send_report(in_dev, im, IGMP_HOST_MEMBERSHIP_REPORT);
854 	else if (IGMP_V2_SEEN(in_dev))
855 		igmp_send_report(in_dev, im, IGMPV2_HOST_MEMBERSHIP_REPORT);
856 	else
857 		igmp_send_report(in_dev, im, IGMPV3_HOST_MEMBERSHIP_REPORT);
858 
859 	ip_ma_put(im);
860 }
861 
862 /* mark EXCLUDE-mode sources */
igmp_xmarksources(struct ip_mc_list * pmc,int nsrcs,__be32 * srcs)863 static int igmp_xmarksources(struct ip_mc_list *pmc, int nsrcs, __be32 *srcs)
864 {
865 	struct ip_sf_list *psf;
866 	int i, scount;
867 
868 	scount = 0;
869 	for (psf = pmc->sources; psf; psf = psf->sf_next) {
870 		if (scount == nsrcs)
871 			break;
872 		for (i = 0; i < nsrcs; i++) {
873 			/* skip inactive filters */
874 			if (psf->sf_count[MCAST_INCLUDE] ||
875 			    pmc->sfcount[MCAST_EXCLUDE] !=
876 			    psf->sf_count[MCAST_EXCLUDE])
877 				break;
878 			if (srcs[i] == psf->sf_inaddr) {
879 				scount++;
880 				break;
881 			}
882 		}
883 	}
884 	pmc->gsquery = 0;
885 	if (scount == nsrcs)	/* all sources excluded */
886 		return 0;
887 	return 1;
888 }
889 
igmp_marksources(struct ip_mc_list * pmc,int nsrcs,__be32 * srcs)890 static int igmp_marksources(struct ip_mc_list *pmc, int nsrcs, __be32 *srcs)
891 {
892 	struct ip_sf_list *psf;
893 	int i, scount;
894 
895 	if (pmc->sfmode == MCAST_EXCLUDE)
896 		return igmp_xmarksources(pmc, nsrcs, srcs);
897 
898 	/* mark INCLUDE-mode sources */
899 	scount = 0;
900 	for (psf = pmc->sources; psf; psf = psf->sf_next) {
901 		if (scount == nsrcs)
902 			break;
903 		for (i = 0; i < nsrcs; i++)
904 			if (srcs[i] == psf->sf_inaddr) {
905 				psf->sf_gsresp = 1;
906 				scount++;
907 				break;
908 			}
909 	}
910 	if (!scount) {
911 		pmc->gsquery = 0;
912 		return 0;
913 	}
914 	pmc->gsquery = 1;
915 	return 1;
916 }
917 
918 /* return true if packet was dropped */
igmp_heard_report(struct in_device * in_dev,__be32 group)919 static bool igmp_heard_report(struct in_device *in_dev, __be32 group)
920 {
921 	struct ip_mc_list *im;
922 	struct net *net = dev_net(in_dev->dev);
923 
924 	/* Timers are only set for non-local groups */
925 
926 	if (group == IGMP_ALL_HOSTS)
927 		return false;
928 	if (ipv4_is_local_multicast(group) &&
929 	    !READ_ONCE(net->ipv4.sysctl_igmp_llm_reports))
930 		return false;
931 
932 	rcu_read_lock();
933 	for_each_pmc_rcu(in_dev, im) {
934 		if (im->multiaddr == group) {
935 			igmp_stop_timer(im);
936 			break;
937 		}
938 	}
939 	rcu_read_unlock();
940 	return false;
941 }
942 
943 /* return true if packet was dropped */
igmp_heard_query(struct in_device * in_dev,struct sk_buff * skb,int len)944 static bool igmp_heard_query(struct in_device *in_dev, struct sk_buff *skb,
945 	int len)
946 {
947 	struct igmphdr 		*ih = igmp_hdr(skb);
948 	struct igmpv3_query *ih3 = igmpv3_query_hdr(skb);
949 	struct ip_mc_list	*im;
950 	__be32			group = ih->group;
951 	int			max_delay;
952 	int			mark = 0;
953 	struct net		*net = dev_net(in_dev->dev);
954 
955 
956 	if (len == 8) {
957 		if (ih->code == 0) {
958 			/* Alas, old v1 router presents here. */
959 
960 			max_delay = IGMP_QUERY_RESPONSE_INTERVAL;
961 			in_dev->mr_v1_seen = jiffies +
962 				(in_dev->mr_qrv * in_dev->mr_qi) +
963 				in_dev->mr_qri;
964 			group = 0;
965 		} else {
966 			/* v2 router present */
967 			max_delay = ih->code*(HZ/IGMP_TIMER_SCALE);
968 			in_dev->mr_v2_seen = jiffies +
969 				(in_dev->mr_qrv * in_dev->mr_qi) +
970 				in_dev->mr_qri;
971 		}
972 		/* cancel the interface change timer */
973 		WRITE_ONCE(in_dev->mr_ifc_count, 0);
974 		if (del_timer(&in_dev->mr_ifc_timer))
975 			__in_dev_put(in_dev);
976 		/* clear deleted report items */
977 		igmpv3_clear_delrec(in_dev);
978 	} else if (len < 12) {
979 		return true;	/* ignore bogus packet; freed by caller */
980 	} else if (IGMP_V1_SEEN(in_dev)) {
981 		/* This is a v3 query with v1 queriers present */
982 		max_delay = IGMP_QUERY_RESPONSE_INTERVAL;
983 		group = 0;
984 	} else if (IGMP_V2_SEEN(in_dev)) {
985 		/* this is a v3 query with v2 queriers present;
986 		 * Interpretation of the max_delay code is problematic here.
987 		 * A real v2 host would use ih_code directly, while v3 has a
988 		 * different encoding. We use the v3 encoding as more likely
989 		 * to be intended in a v3 query.
990 		 */
991 		max_delay = IGMPV3_MRC(ih3->code)*(HZ/IGMP_TIMER_SCALE);
992 		if (!max_delay)
993 			max_delay = 1;	/* can't mod w/ 0 */
994 	} else { /* v3 */
995 		if (!pskb_may_pull(skb, sizeof(struct igmpv3_query)))
996 			return true;
997 
998 		ih3 = igmpv3_query_hdr(skb);
999 		if (ih3->nsrcs) {
1000 			if (!pskb_may_pull(skb, sizeof(struct igmpv3_query)
1001 					   + ntohs(ih3->nsrcs)*sizeof(__be32)))
1002 				return true;
1003 			ih3 = igmpv3_query_hdr(skb);
1004 		}
1005 
1006 		max_delay = IGMPV3_MRC(ih3->code)*(HZ/IGMP_TIMER_SCALE);
1007 		if (!max_delay)
1008 			max_delay = 1;	/* can't mod w/ 0 */
1009 		in_dev->mr_maxdelay = max_delay;
1010 
1011 		/* RFC3376, 4.1.6. QRV and 4.1.7. QQIC, when the most recently
1012 		 * received value was zero, use the default or statically
1013 		 * configured value.
1014 		 */
1015 		in_dev->mr_qrv = ih3->qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv);
1016 		in_dev->mr_qi = IGMPV3_QQIC(ih3->qqic)*HZ ?: IGMP_QUERY_INTERVAL;
1017 
1018 		/* RFC3376, 8.3. Query Response Interval:
1019 		 * The number of seconds represented by the [Query Response
1020 		 * Interval] must be less than the [Query Interval].
1021 		 */
1022 		if (in_dev->mr_qri >= in_dev->mr_qi)
1023 			in_dev->mr_qri = (in_dev->mr_qi/HZ - 1)*HZ;
1024 
1025 		if (!group) { /* general query */
1026 			if (ih3->nsrcs)
1027 				return true;	/* no sources allowed */
1028 			igmp_gq_start_timer(in_dev);
1029 			return false;
1030 		}
1031 		/* mark sources to include, if group & source-specific */
1032 		mark = ih3->nsrcs != 0;
1033 	}
1034 
1035 	/*
1036 	 * - Start the timers in all of our membership records
1037 	 *   that the query applies to for the interface on
1038 	 *   which the query arrived excl. those that belong
1039 	 *   to a "local" group (224.0.0.X)
1040 	 * - For timers already running check if they need to
1041 	 *   be reset.
1042 	 * - Use the igmp->igmp_code field as the maximum
1043 	 *   delay possible
1044 	 */
1045 	rcu_read_lock();
1046 	for_each_pmc_rcu(in_dev, im) {
1047 		int changed;
1048 
1049 		if (group && group != im->multiaddr)
1050 			continue;
1051 		if (im->multiaddr == IGMP_ALL_HOSTS)
1052 			continue;
1053 		if (ipv4_is_local_multicast(im->multiaddr) &&
1054 		    !READ_ONCE(net->ipv4.sysctl_igmp_llm_reports))
1055 			continue;
1056 		spin_lock_bh(&im->lock);
1057 		if (im->tm_running)
1058 			im->gsquery = im->gsquery && mark;
1059 		else
1060 			im->gsquery = mark;
1061 		changed = !im->gsquery ||
1062 			igmp_marksources(im, ntohs(ih3->nsrcs), ih3->srcs);
1063 		spin_unlock_bh(&im->lock);
1064 		if (changed)
1065 			igmp_mod_timer(im, max_delay);
1066 	}
1067 	rcu_read_unlock();
1068 	return false;
1069 }
1070 
1071 /* called in rcu_read_lock() section */
igmp_rcv(struct sk_buff * skb)1072 int igmp_rcv(struct sk_buff *skb)
1073 {
1074 	/* This basically follows the spec line by line -- see RFC1112 */
1075 	struct igmphdr *ih;
1076 	struct net_device *dev = skb->dev;
1077 	struct in_device *in_dev;
1078 	int len = skb->len;
1079 	bool dropped = true;
1080 
1081 	if (netif_is_l3_master(dev)) {
1082 		dev = dev_get_by_index_rcu(dev_net(dev), IPCB(skb)->iif);
1083 		if (!dev)
1084 			goto drop;
1085 	}
1086 
1087 	in_dev = __in_dev_get_rcu(dev);
1088 	if (!in_dev)
1089 		goto drop;
1090 
1091 	if (!pskb_may_pull(skb, sizeof(struct igmphdr)))
1092 		goto drop;
1093 
1094 	if (skb_checksum_simple_validate(skb))
1095 		goto drop;
1096 
1097 	ih = igmp_hdr(skb);
1098 	switch (ih->type) {
1099 	case IGMP_HOST_MEMBERSHIP_QUERY:
1100 		dropped = igmp_heard_query(in_dev, skb, len);
1101 		break;
1102 	case IGMP_HOST_MEMBERSHIP_REPORT:
1103 	case IGMPV2_HOST_MEMBERSHIP_REPORT:
1104 		/* Is it our report looped back? */
1105 		if (rt_is_output_route(skb_rtable(skb)))
1106 			break;
1107 		/* don't rely on MC router hearing unicast reports */
1108 		if (skb->pkt_type == PACKET_MULTICAST ||
1109 		    skb->pkt_type == PACKET_BROADCAST)
1110 			dropped = igmp_heard_report(in_dev, ih->group);
1111 		break;
1112 	case IGMP_PIM:
1113 #ifdef CONFIG_IP_PIMSM_V1
1114 		return pim_rcv_v1(skb);
1115 #endif
1116 	case IGMPV3_HOST_MEMBERSHIP_REPORT:
1117 	case IGMP_DVMRP:
1118 	case IGMP_TRACE:
1119 	case IGMP_HOST_LEAVE_MESSAGE:
1120 	case IGMP_MTRACE:
1121 	case IGMP_MTRACE_RESP:
1122 		break;
1123 	default:
1124 		break;
1125 	}
1126 
1127 drop:
1128 	if (dropped)
1129 		kfree_skb(skb);
1130 	else
1131 		consume_skb(skb);
1132 	return 0;
1133 }
1134 
1135 #endif
1136 
1137 
1138 /*
1139  *	Add a filter to a device
1140  */
1141 
ip_mc_filter_add(struct in_device * in_dev,__be32 addr)1142 static void ip_mc_filter_add(struct in_device *in_dev, __be32 addr)
1143 {
1144 	char buf[MAX_ADDR_LEN];
1145 	struct net_device *dev = in_dev->dev;
1146 
1147 	/* Checking for IFF_MULTICAST here is WRONG-WRONG-WRONG.
1148 	   We will get multicast token leakage, when IFF_MULTICAST
1149 	   is changed. This check should be done in ndo_set_rx_mode
1150 	   routine. Something sort of:
1151 	   if (dev->mc_list && dev->flags&IFF_MULTICAST) { do it; }
1152 	   --ANK
1153 	   */
1154 	if (arp_mc_map(addr, buf, dev, 0) == 0)
1155 		dev_mc_add(dev, buf);
1156 }
1157 
1158 /*
1159  *	Remove a filter from a device
1160  */
1161 
ip_mc_filter_del(struct in_device * in_dev,__be32 addr)1162 static void ip_mc_filter_del(struct in_device *in_dev, __be32 addr)
1163 {
1164 	char buf[MAX_ADDR_LEN];
1165 	struct net_device *dev = in_dev->dev;
1166 
1167 	if (arp_mc_map(addr, buf, dev, 0) == 0)
1168 		dev_mc_del(dev, buf);
1169 }
1170 
1171 #ifdef CONFIG_IP_MULTICAST
1172 /*
1173  * deleted ip_mc_list manipulation
1174  */
igmpv3_add_delrec(struct in_device * in_dev,struct ip_mc_list * im,gfp_t gfp)1175 static void igmpv3_add_delrec(struct in_device *in_dev, struct ip_mc_list *im,
1176 			      gfp_t gfp)
1177 {
1178 	struct ip_mc_list *pmc;
1179 	struct net *net = dev_net(in_dev->dev);
1180 
1181 	/* this is an "ip_mc_list" for convenience; only the fields below
1182 	 * are actually used. In particular, the refcnt and users are not
1183 	 * used for management of the delete list. Using the same structure
1184 	 * for deleted items allows change reports to use common code with
1185 	 * non-deleted or query-response MCA's.
1186 	 */
1187 	pmc = kzalloc(sizeof(*pmc), gfp);
1188 	if (!pmc)
1189 		return;
1190 	spin_lock_init(&pmc->lock);
1191 	spin_lock_bh(&im->lock);
1192 	pmc->interface = im->interface;
1193 	in_dev_hold(in_dev);
1194 	pmc->multiaddr = im->multiaddr;
1195 	pmc->crcount = in_dev->mr_qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv);
1196 	pmc->sfmode = im->sfmode;
1197 	if (pmc->sfmode == MCAST_INCLUDE) {
1198 		struct ip_sf_list *psf;
1199 
1200 		pmc->tomb = im->tomb;
1201 		pmc->sources = im->sources;
1202 		im->tomb = im->sources = NULL;
1203 		for (psf = pmc->sources; psf; psf = psf->sf_next)
1204 			psf->sf_crcount = pmc->crcount;
1205 	}
1206 	spin_unlock_bh(&im->lock);
1207 
1208 	spin_lock_bh(&in_dev->mc_tomb_lock);
1209 	pmc->next = in_dev->mc_tomb;
1210 	in_dev->mc_tomb = pmc;
1211 	spin_unlock_bh(&in_dev->mc_tomb_lock);
1212 }
1213 
1214 /*
1215  * restore ip_mc_list deleted records
1216  */
igmpv3_del_delrec(struct in_device * in_dev,struct ip_mc_list * im)1217 static void igmpv3_del_delrec(struct in_device *in_dev, struct ip_mc_list *im)
1218 {
1219 	struct ip_mc_list *pmc, *pmc_prev;
1220 	struct ip_sf_list *psf;
1221 	struct net *net = dev_net(in_dev->dev);
1222 	__be32 multiaddr = im->multiaddr;
1223 
1224 	spin_lock_bh(&in_dev->mc_tomb_lock);
1225 	pmc_prev = NULL;
1226 	for (pmc = in_dev->mc_tomb; pmc; pmc = pmc->next) {
1227 		if (pmc->multiaddr == multiaddr)
1228 			break;
1229 		pmc_prev = pmc;
1230 	}
1231 	if (pmc) {
1232 		if (pmc_prev)
1233 			pmc_prev->next = pmc->next;
1234 		else
1235 			in_dev->mc_tomb = pmc->next;
1236 	}
1237 	spin_unlock_bh(&in_dev->mc_tomb_lock);
1238 
1239 	spin_lock_bh(&im->lock);
1240 	if (pmc) {
1241 		im->interface = pmc->interface;
1242 		if (im->sfmode == MCAST_INCLUDE) {
1243 			swap(im->tomb, pmc->tomb);
1244 			swap(im->sources, pmc->sources);
1245 			for (psf = im->sources; psf; psf = psf->sf_next)
1246 				psf->sf_crcount = in_dev->mr_qrv ?:
1247 					READ_ONCE(net->ipv4.sysctl_igmp_qrv);
1248 		} else {
1249 			im->crcount = in_dev->mr_qrv ?:
1250 				READ_ONCE(net->ipv4.sysctl_igmp_qrv);
1251 		}
1252 		in_dev_put(pmc->interface);
1253 		kfree_pmc(pmc);
1254 	}
1255 	spin_unlock_bh(&im->lock);
1256 }
1257 
1258 /*
1259  * flush ip_mc_list deleted records
1260  */
igmpv3_clear_delrec(struct in_device * in_dev)1261 static void igmpv3_clear_delrec(struct in_device *in_dev)
1262 {
1263 	struct ip_mc_list *pmc, *nextpmc;
1264 
1265 	spin_lock_bh(&in_dev->mc_tomb_lock);
1266 	pmc = in_dev->mc_tomb;
1267 	in_dev->mc_tomb = NULL;
1268 	spin_unlock_bh(&in_dev->mc_tomb_lock);
1269 
1270 	for (; pmc; pmc = nextpmc) {
1271 		nextpmc = pmc->next;
1272 		ip_mc_clear_src(pmc);
1273 		in_dev_put(pmc->interface);
1274 		kfree_pmc(pmc);
1275 	}
1276 	/* clear dead sources, too */
1277 	rcu_read_lock();
1278 	for_each_pmc_rcu(in_dev, pmc) {
1279 		struct ip_sf_list *psf;
1280 
1281 		spin_lock_bh(&pmc->lock);
1282 		psf = pmc->tomb;
1283 		pmc->tomb = NULL;
1284 		spin_unlock_bh(&pmc->lock);
1285 		ip_sf_list_clear_all(psf);
1286 	}
1287 	rcu_read_unlock();
1288 }
1289 #endif
1290 
__igmp_group_dropped(struct ip_mc_list * im,gfp_t gfp)1291 static void __igmp_group_dropped(struct ip_mc_list *im, gfp_t gfp)
1292 {
1293 	struct in_device *in_dev = im->interface;
1294 #ifdef CONFIG_IP_MULTICAST
1295 	struct net *net = dev_net(in_dev->dev);
1296 	int reporter;
1297 #endif
1298 
1299 	if (im->loaded) {
1300 		im->loaded = 0;
1301 		ip_mc_filter_del(in_dev, im->multiaddr);
1302 	}
1303 
1304 #ifdef CONFIG_IP_MULTICAST
1305 	if (im->multiaddr == IGMP_ALL_HOSTS)
1306 		return;
1307 	if (ipv4_is_local_multicast(im->multiaddr) &&
1308 	    !READ_ONCE(net->ipv4.sysctl_igmp_llm_reports))
1309 		return;
1310 
1311 	reporter = im->reporter;
1312 	igmp_stop_timer(im);
1313 
1314 	if (!in_dev->dead) {
1315 		if (IGMP_V1_SEEN(in_dev))
1316 			return;
1317 		if (IGMP_V2_SEEN(in_dev)) {
1318 			if (reporter)
1319 				igmp_send_report(in_dev, im, IGMP_HOST_LEAVE_MESSAGE);
1320 			return;
1321 		}
1322 		/* IGMPv3 */
1323 		igmpv3_add_delrec(in_dev, im, gfp);
1324 
1325 		igmp_ifc_event(in_dev);
1326 	}
1327 #endif
1328 }
1329 
igmp_group_dropped(struct ip_mc_list * im)1330 static void igmp_group_dropped(struct ip_mc_list *im)
1331 {
1332 	__igmp_group_dropped(im, GFP_KERNEL);
1333 }
1334 
igmp_group_added(struct ip_mc_list * im)1335 static void igmp_group_added(struct ip_mc_list *im)
1336 {
1337 	struct in_device *in_dev = im->interface;
1338 #ifdef CONFIG_IP_MULTICAST
1339 	struct net *net = dev_net(in_dev->dev);
1340 #endif
1341 
1342 	if (im->loaded == 0) {
1343 		im->loaded = 1;
1344 		ip_mc_filter_add(in_dev, im->multiaddr);
1345 	}
1346 
1347 #ifdef CONFIG_IP_MULTICAST
1348 	if (im->multiaddr == IGMP_ALL_HOSTS)
1349 		return;
1350 	if (ipv4_is_local_multicast(im->multiaddr) &&
1351 	    !READ_ONCE(net->ipv4.sysctl_igmp_llm_reports))
1352 		return;
1353 
1354 	if (in_dev->dead)
1355 		return;
1356 
1357 	im->unsolicit_count = READ_ONCE(net->ipv4.sysctl_igmp_qrv);
1358 	if (IGMP_V1_SEEN(in_dev) || IGMP_V2_SEEN(in_dev)) {
1359 		spin_lock_bh(&im->lock);
1360 		igmp_start_timer(im, IGMP_INITIAL_REPORT_DELAY);
1361 		spin_unlock_bh(&im->lock);
1362 		return;
1363 	}
1364 	/* else, v3 */
1365 
1366 	/* Based on RFC3376 5.1, for newly added INCLUDE SSM, we should
1367 	 * not send filter-mode change record as the mode should be from
1368 	 * IN() to IN(A).
1369 	 */
1370 	if (im->sfmode == MCAST_EXCLUDE)
1371 		im->crcount = in_dev->mr_qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv);
1372 
1373 	igmp_ifc_event(in_dev);
1374 #endif
1375 }
1376 
1377 
1378 /*
1379  *	Multicast list managers
1380  */
1381 
ip_mc_hash(const struct ip_mc_list * im)1382 static u32 ip_mc_hash(const struct ip_mc_list *im)
1383 {
1384 	return hash_32((__force u32)im->multiaddr, MC_HASH_SZ_LOG);
1385 }
1386 
ip_mc_hash_add(struct in_device * in_dev,struct ip_mc_list * im)1387 static void ip_mc_hash_add(struct in_device *in_dev,
1388 			   struct ip_mc_list *im)
1389 {
1390 	struct ip_mc_list __rcu **mc_hash;
1391 	u32 hash;
1392 
1393 	mc_hash = rtnl_dereference(in_dev->mc_hash);
1394 	if (mc_hash) {
1395 		hash = ip_mc_hash(im);
1396 		im->next_hash = mc_hash[hash];
1397 		rcu_assign_pointer(mc_hash[hash], im);
1398 		return;
1399 	}
1400 
1401 	/* do not use a hash table for small number of items */
1402 	if (in_dev->mc_count < 4)
1403 		return;
1404 
1405 	mc_hash = kzalloc(sizeof(struct ip_mc_list *) << MC_HASH_SZ_LOG,
1406 			  GFP_KERNEL);
1407 	if (!mc_hash)
1408 		return;
1409 
1410 	for_each_pmc_rtnl(in_dev, im) {
1411 		hash = ip_mc_hash(im);
1412 		im->next_hash = mc_hash[hash];
1413 		RCU_INIT_POINTER(mc_hash[hash], im);
1414 	}
1415 
1416 	rcu_assign_pointer(in_dev->mc_hash, mc_hash);
1417 }
1418 
ip_mc_hash_remove(struct in_device * in_dev,struct ip_mc_list * im)1419 static void ip_mc_hash_remove(struct in_device *in_dev,
1420 			      struct ip_mc_list *im)
1421 {
1422 	struct ip_mc_list __rcu **mc_hash = rtnl_dereference(in_dev->mc_hash);
1423 	struct ip_mc_list *aux;
1424 
1425 	if (!mc_hash)
1426 		return;
1427 	mc_hash += ip_mc_hash(im);
1428 	while ((aux = rtnl_dereference(*mc_hash)) != im)
1429 		mc_hash = &aux->next_hash;
1430 	*mc_hash = im->next_hash;
1431 }
1432 
1433 
1434 /*
1435  *	A socket has joined a multicast group on device dev.
1436  */
____ip_mc_inc_group(struct in_device * in_dev,__be32 addr,unsigned int mode,gfp_t gfp)1437 static void ____ip_mc_inc_group(struct in_device *in_dev, __be32 addr,
1438 				unsigned int mode, gfp_t gfp)
1439 {
1440 	struct ip_mc_list *im;
1441 
1442 	ASSERT_RTNL();
1443 
1444 	for_each_pmc_rtnl(in_dev, im) {
1445 		if (im->multiaddr == addr) {
1446 			im->users++;
1447 			ip_mc_add_src(in_dev, &addr, mode, 0, NULL, 0);
1448 			goto out;
1449 		}
1450 	}
1451 
1452 	im = kzalloc(sizeof(*im), gfp);
1453 	if (!im)
1454 		goto out;
1455 
1456 	im->users = 1;
1457 	im->interface = in_dev;
1458 	in_dev_hold(in_dev);
1459 	im->multiaddr = addr;
1460 	/* initial mode is (EX, empty) */
1461 	im->sfmode = mode;
1462 	im->sfcount[mode] = 1;
1463 	refcount_set(&im->refcnt, 1);
1464 	spin_lock_init(&im->lock);
1465 #ifdef CONFIG_IP_MULTICAST
1466 	timer_setup(&im->timer, igmp_timer_expire, 0);
1467 #endif
1468 
1469 	im->next_rcu = in_dev->mc_list;
1470 	in_dev->mc_count++;
1471 	rcu_assign_pointer(in_dev->mc_list, im);
1472 
1473 	ip_mc_hash_add(in_dev, im);
1474 
1475 #ifdef CONFIG_IP_MULTICAST
1476 	igmpv3_del_delrec(in_dev, im);
1477 #endif
1478 	igmp_group_added(im);
1479 	if (!in_dev->dead)
1480 		ip_rt_multicast_event(in_dev);
1481 out:
1482 	return;
1483 }
1484 
__ip_mc_inc_group(struct in_device * in_dev,__be32 addr,gfp_t gfp)1485 void __ip_mc_inc_group(struct in_device *in_dev, __be32 addr, gfp_t gfp)
1486 {
1487 	____ip_mc_inc_group(in_dev, addr, MCAST_EXCLUDE, gfp);
1488 }
1489 EXPORT_SYMBOL(__ip_mc_inc_group);
1490 
ip_mc_inc_group(struct in_device * in_dev,__be32 addr)1491 void ip_mc_inc_group(struct in_device *in_dev, __be32 addr)
1492 {
1493 	__ip_mc_inc_group(in_dev, addr, GFP_KERNEL);
1494 }
1495 EXPORT_SYMBOL(ip_mc_inc_group);
1496 
ip_mc_check_iphdr(struct sk_buff * skb)1497 static int ip_mc_check_iphdr(struct sk_buff *skb)
1498 {
1499 	const struct iphdr *iph;
1500 	unsigned int len;
1501 	unsigned int offset = skb_network_offset(skb) + sizeof(*iph);
1502 
1503 	if (!pskb_may_pull(skb, offset))
1504 		return -EINVAL;
1505 
1506 	iph = ip_hdr(skb);
1507 
1508 	if (iph->version != 4 || ip_hdrlen(skb) < sizeof(*iph))
1509 		return -EINVAL;
1510 
1511 	offset += ip_hdrlen(skb) - sizeof(*iph);
1512 
1513 	if (!pskb_may_pull(skb, offset))
1514 		return -EINVAL;
1515 
1516 	iph = ip_hdr(skb);
1517 
1518 	if (unlikely(ip_fast_csum((u8 *)iph, iph->ihl)))
1519 		return -EINVAL;
1520 
1521 	len = skb_network_offset(skb) + ntohs(iph->tot_len);
1522 	if (skb->len < len || len < offset)
1523 		return -EINVAL;
1524 
1525 	skb_set_transport_header(skb, offset);
1526 
1527 	return 0;
1528 }
1529 
ip_mc_check_igmp_reportv3(struct sk_buff * skb)1530 static int ip_mc_check_igmp_reportv3(struct sk_buff *skb)
1531 {
1532 	unsigned int len = skb_transport_offset(skb);
1533 
1534 	len += sizeof(struct igmpv3_report);
1535 
1536 	return ip_mc_may_pull(skb, len) ? 0 : -EINVAL;
1537 }
1538 
ip_mc_check_igmp_query(struct sk_buff * skb)1539 static int ip_mc_check_igmp_query(struct sk_buff *skb)
1540 {
1541 	unsigned int transport_len = ip_transport_len(skb);
1542 	unsigned int len;
1543 
1544 	/* IGMPv{1,2}? */
1545 	if (transport_len != sizeof(struct igmphdr)) {
1546 		/* or IGMPv3? */
1547 		if (transport_len < sizeof(struct igmpv3_query))
1548 			return -EINVAL;
1549 
1550 		len = skb_transport_offset(skb) + sizeof(struct igmpv3_query);
1551 		if (!ip_mc_may_pull(skb, len))
1552 			return -EINVAL;
1553 	}
1554 
1555 	/* RFC2236+RFC3376 (IGMPv2+IGMPv3) require the multicast link layer
1556 	 * all-systems destination addresses (224.0.0.1) for general queries
1557 	 */
1558 	if (!igmp_hdr(skb)->group &&
1559 	    ip_hdr(skb)->daddr != htonl(INADDR_ALLHOSTS_GROUP))
1560 		return -EINVAL;
1561 
1562 	return 0;
1563 }
1564 
ip_mc_check_igmp_msg(struct sk_buff * skb)1565 static int ip_mc_check_igmp_msg(struct sk_buff *skb)
1566 {
1567 	switch (igmp_hdr(skb)->type) {
1568 	case IGMP_HOST_LEAVE_MESSAGE:
1569 	case IGMP_HOST_MEMBERSHIP_REPORT:
1570 	case IGMPV2_HOST_MEMBERSHIP_REPORT:
1571 		return 0;
1572 	case IGMPV3_HOST_MEMBERSHIP_REPORT:
1573 		return ip_mc_check_igmp_reportv3(skb);
1574 	case IGMP_HOST_MEMBERSHIP_QUERY:
1575 		return ip_mc_check_igmp_query(skb);
1576 	default:
1577 		return -ENOMSG;
1578 	}
1579 }
1580 
ip_mc_validate_checksum(struct sk_buff * skb)1581 static __sum16 ip_mc_validate_checksum(struct sk_buff *skb)
1582 {
1583 	return skb_checksum_simple_validate(skb);
1584 }
1585 
ip_mc_check_igmp_csum(struct sk_buff * skb)1586 static int ip_mc_check_igmp_csum(struct sk_buff *skb)
1587 {
1588 	unsigned int len = skb_transport_offset(skb) + sizeof(struct igmphdr);
1589 	unsigned int transport_len = ip_transport_len(skb);
1590 	struct sk_buff *skb_chk;
1591 
1592 	if (!ip_mc_may_pull(skb, len))
1593 		return -EINVAL;
1594 
1595 	skb_chk = skb_checksum_trimmed(skb, transport_len,
1596 				       ip_mc_validate_checksum);
1597 	if (!skb_chk)
1598 		return -EINVAL;
1599 
1600 	if (skb_chk != skb)
1601 		kfree_skb(skb_chk);
1602 
1603 	return 0;
1604 }
1605 
1606 /**
1607  * ip_mc_check_igmp - checks whether this is a sane IGMP packet
1608  * @skb: the skb to validate
1609  *
1610  * Checks whether an IPv4 packet is a valid IGMP packet. If so sets
1611  * skb transport header accordingly and returns zero.
1612  *
1613  * -EINVAL: A broken packet was detected, i.e. it violates some internet
1614  *  standard
1615  * -ENOMSG: IP header validation succeeded but it is not an IGMP packet.
1616  * -ENOMEM: A memory allocation failure happened.
1617  *
1618  * Caller needs to set the skb network header and free any returned skb if it
1619  * differs from the provided skb.
1620  */
ip_mc_check_igmp(struct sk_buff * skb)1621 int ip_mc_check_igmp(struct sk_buff *skb)
1622 {
1623 	int ret = ip_mc_check_iphdr(skb);
1624 
1625 	if (ret < 0)
1626 		return ret;
1627 
1628 	if (ip_hdr(skb)->protocol != IPPROTO_IGMP)
1629 		return -ENOMSG;
1630 
1631 	ret = ip_mc_check_igmp_csum(skb);
1632 	if (ret < 0)
1633 		return ret;
1634 
1635 	return ip_mc_check_igmp_msg(skb);
1636 }
1637 EXPORT_SYMBOL(ip_mc_check_igmp);
1638 
1639 /*
1640  *	Resend IGMP JOIN report; used by netdev notifier.
1641  */
ip_mc_rejoin_groups(struct in_device * in_dev)1642 static void ip_mc_rejoin_groups(struct in_device *in_dev)
1643 {
1644 #ifdef CONFIG_IP_MULTICAST
1645 	struct ip_mc_list *im;
1646 	int type;
1647 	struct net *net = dev_net(in_dev->dev);
1648 
1649 	ASSERT_RTNL();
1650 
1651 	for_each_pmc_rtnl(in_dev, im) {
1652 		if (im->multiaddr == IGMP_ALL_HOSTS)
1653 			continue;
1654 		if (ipv4_is_local_multicast(im->multiaddr) &&
1655 		    !READ_ONCE(net->ipv4.sysctl_igmp_llm_reports))
1656 			continue;
1657 
1658 		/* a failover is happening and switches
1659 		 * must be notified immediately
1660 		 */
1661 		if (IGMP_V1_SEEN(in_dev))
1662 			type = IGMP_HOST_MEMBERSHIP_REPORT;
1663 		else if (IGMP_V2_SEEN(in_dev))
1664 			type = IGMPV2_HOST_MEMBERSHIP_REPORT;
1665 		else
1666 			type = IGMPV3_HOST_MEMBERSHIP_REPORT;
1667 		igmp_send_report(in_dev, im, type);
1668 	}
1669 #endif
1670 }
1671 
1672 /*
1673  *	A socket has left a multicast group on device dev
1674  */
1675 
__ip_mc_dec_group(struct in_device * in_dev,__be32 addr,gfp_t gfp)1676 void __ip_mc_dec_group(struct in_device *in_dev, __be32 addr, gfp_t gfp)
1677 {
1678 	struct ip_mc_list *i;
1679 	struct ip_mc_list __rcu **ip;
1680 
1681 	ASSERT_RTNL();
1682 
1683 	for (ip = &in_dev->mc_list;
1684 	     (i = rtnl_dereference(*ip)) != NULL;
1685 	     ip = &i->next_rcu) {
1686 		if (i->multiaddr == addr) {
1687 			if (--i->users == 0) {
1688 				ip_mc_hash_remove(in_dev, i);
1689 				*ip = i->next_rcu;
1690 				in_dev->mc_count--;
1691 				__igmp_group_dropped(i, gfp);
1692 				ip_mc_clear_src(i);
1693 
1694 				if (!in_dev->dead)
1695 					ip_rt_multicast_event(in_dev);
1696 
1697 				ip_ma_put(i);
1698 				return;
1699 			}
1700 			break;
1701 		}
1702 	}
1703 }
1704 EXPORT_SYMBOL(__ip_mc_dec_group);
1705 
1706 /* Device changing type */
1707 
ip_mc_unmap(struct in_device * in_dev)1708 void ip_mc_unmap(struct in_device *in_dev)
1709 {
1710 	struct ip_mc_list *pmc;
1711 
1712 	ASSERT_RTNL();
1713 
1714 	for_each_pmc_rtnl(in_dev, pmc)
1715 		igmp_group_dropped(pmc);
1716 }
1717 
ip_mc_remap(struct in_device * in_dev)1718 void ip_mc_remap(struct in_device *in_dev)
1719 {
1720 	struct ip_mc_list *pmc;
1721 
1722 	ASSERT_RTNL();
1723 
1724 	for_each_pmc_rtnl(in_dev, pmc) {
1725 #ifdef CONFIG_IP_MULTICAST
1726 		igmpv3_del_delrec(in_dev, pmc);
1727 #endif
1728 		igmp_group_added(pmc);
1729 	}
1730 }
1731 
1732 /* Device going down */
1733 
ip_mc_down(struct in_device * in_dev)1734 void ip_mc_down(struct in_device *in_dev)
1735 {
1736 	struct ip_mc_list *pmc;
1737 
1738 	ASSERT_RTNL();
1739 
1740 	for_each_pmc_rtnl(in_dev, pmc)
1741 		igmp_group_dropped(pmc);
1742 
1743 #ifdef CONFIG_IP_MULTICAST
1744 	WRITE_ONCE(in_dev->mr_ifc_count, 0);
1745 	if (del_timer(&in_dev->mr_ifc_timer))
1746 		__in_dev_put(in_dev);
1747 	in_dev->mr_gq_running = 0;
1748 	if (del_timer(&in_dev->mr_gq_timer))
1749 		__in_dev_put(in_dev);
1750 #endif
1751 
1752 	ip_mc_dec_group(in_dev, IGMP_ALL_HOSTS);
1753 }
1754 
1755 #ifdef CONFIG_IP_MULTICAST
ip_mc_reset(struct in_device * in_dev)1756 static void ip_mc_reset(struct in_device *in_dev)
1757 {
1758 	struct net *net = dev_net(in_dev->dev);
1759 
1760 	in_dev->mr_qi = IGMP_QUERY_INTERVAL;
1761 	in_dev->mr_qri = IGMP_QUERY_RESPONSE_INTERVAL;
1762 	in_dev->mr_qrv = READ_ONCE(net->ipv4.sysctl_igmp_qrv);
1763 }
1764 #else
ip_mc_reset(struct in_device * in_dev)1765 static void ip_mc_reset(struct in_device *in_dev)
1766 {
1767 }
1768 #endif
1769 
ip_mc_init_dev(struct in_device * in_dev)1770 void ip_mc_init_dev(struct in_device *in_dev)
1771 {
1772 	ASSERT_RTNL();
1773 
1774 #ifdef CONFIG_IP_MULTICAST
1775 	timer_setup(&in_dev->mr_gq_timer, igmp_gq_timer_expire, 0);
1776 	timer_setup(&in_dev->mr_ifc_timer, igmp_ifc_timer_expire, 0);
1777 #endif
1778 	ip_mc_reset(in_dev);
1779 
1780 	spin_lock_init(&in_dev->mc_tomb_lock);
1781 }
1782 
1783 /* Device going up */
1784 
ip_mc_up(struct in_device * in_dev)1785 void ip_mc_up(struct in_device *in_dev)
1786 {
1787 	struct ip_mc_list *pmc;
1788 
1789 	ASSERT_RTNL();
1790 
1791 	ip_mc_reset(in_dev);
1792 	ip_mc_inc_group(in_dev, IGMP_ALL_HOSTS);
1793 
1794 	for_each_pmc_rtnl(in_dev, pmc) {
1795 #ifdef CONFIG_IP_MULTICAST
1796 		igmpv3_del_delrec(in_dev, pmc);
1797 #endif
1798 		igmp_group_added(pmc);
1799 	}
1800 }
1801 
1802 /*
1803  *	Device is about to be destroyed: clean up.
1804  */
1805 
ip_mc_destroy_dev(struct in_device * in_dev)1806 void ip_mc_destroy_dev(struct in_device *in_dev)
1807 {
1808 	struct ip_mc_list *i;
1809 
1810 	ASSERT_RTNL();
1811 
1812 	/* Deactivate timers */
1813 	ip_mc_down(in_dev);
1814 #ifdef CONFIG_IP_MULTICAST
1815 	igmpv3_clear_delrec(in_dev);
1816 #endif
1817 
1818 	while ((i = rtnl_dereference(in_dev->mc_list)) != NULL) {
1819 		in_dev->mc_list = i->next_rcu;
1820 		in_dev->mc_count--;
1821 		ip_mc_clear_src(i);
1822 		ip_ma_put(i);
1823 	}
1824 }
1825 
1826 /* RTNL is locked */
ip_mc_find_dev(struct net * net,struct ip_mreqn * imr)1827 static struct in_device *ip_mc_find_dev(struct net *net, struct ip_mreqn *imr)
1828 {
1829 	struct net_device *dev = NULL;
1830 	struct in_device *idev = NULL;
1831 
1832 	if (imr->imr_ifindex) {
1833 		idev = inetdev_by_index(net, imr->imr_ifindex);
1834 		return idev;
1835 	}
1836 	if (imr->imr_address.s_addr) {
1837 		dev = __ip_dev_find(net, imr->imr_address.s_addr, false);
1838 		if (!dev)
1839 			return NULL;
1840 	}
1841 
1842 	if (!dev) {
1843 		struct rtable *rt = ip_route_output(net,
1844 						    imr->imr_multiaddr.s_addr,
1845 						    0, 0, 0);
1846 		if (!IS_ERR(rt)) {
1847 			dev = rt->dst.dev;
1848 			ip_rt_put(rt);
1849 		}
1850 	}
1851 	if (dev) {
1852 		imr->imr_ifindex = dev->ifindex;
1853 		idev = __in_dev_get_rtnl(dev);
1854 	}
1855 	return idev;
1856 }
1857 
1858 /*
1859  *	Join a socket to a group
1860  */
1861 
ip_mc_del1_src(struct ip_mc_list * pmc,int sfmode,__be32 * psfsrc)1862 static int ip_mc_del1_src(struct ip_mc_list *pmc, int sfmode,
1863 	__be32 *psfsrc)
1864 {
1865 	struct ip_sf_list *psf, *psf_prev;
1866 	int rv = 0;
1867 
1868 	psf_prev = NULL;
1869 	for (psf = pmc->sources; psf; psf = psf->sf_next) {
1870 		if (psf->sf_inaddr == *psfsrc)
1871 			break;
1872 		psf_prev = psf;
1873 	}
1874 	if (!psf || psf->sf_count[sfmode] == 0) {
1875 		/* source filter not found, or count wrong =>  bug */
1876 		return -ESRCH;
1877 	}
1878 	psf->sf_count[sfmode]--;
1879 	if (psf->sf_count[sfmode] == 0) {
1880 		ip_rt_multicast_event(pmc->interface);
1881 	}
1882 	if (!psf->sf_count[MCAST_INCLUDE] && !psf->sf_count[MCAST_EXCLUDE]) {
1883 #ifdef CONFIG_IP_MULTICAST
1884 		struct in_device *in_dev = pmc->interface;
1885 		struct net *net = dev_net(in_dev->dev);
1886 #endif
1887 
1888 		/* no more filters for this source */
1889 		if (psf_prev)
1890 			psf_prev->sf_next = psf->sf_next;
1891 		else
1892 			pmc->sources = psf->sf_next;
1893 #ifdef CONFIG_IP_MULTICAST
1894 		if (psf->sf_oldin &&
1895 		    !IGMP_V1_SEEN(in_dev) && !IGMP_V2_SEEN(in_dev)) {
1896 			psf->sf_crcount = in_dev->mr_qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv);
1897 			psf->sf_next = pmc->tomb;
1898 			pmc->tomb = psf;
1899 			rv = 1;
1900 		} else
1901 #endif
1902 			kfree(psf);
1903 	}
1904 	return rv;
1905 }
1906 
1907 #ifndef CONFIG_IP_MULTICAST
1908 #define igmp_ifc_event(x)	do { } while (0)
1909 #endif
1910 
ip_mc_del_src(struct in_device * in_dev,__be32 * pmca,int sfmode,int sfcount,__be32 * psfsrc,int delta)1911 static int ip_mc_del_src(struct in_device *in_dev, __be32 *pmca, int sfmode,
1912 			 int sfcount, __be32 *psfsrc, int delta)
1913 {
1914 	struct ip_mc_list *pmc;
1915 	int	changerec = 0;
1916 	int	i, err;
1917 
1918 	if (!in_dev)
1919 		return -ENODEV;
1920 	rcu_read_lock();
1921 	for_each_pmc_rcu(in_dev, pmc) {
1922 		if (*pmca == pmc->multiaddr)
1923 			break;
1924 	}
1925 	if (!pmc) {
1926 		/* MCA not found?? bug */
1927 		rcu_read_unlock();
1928 		return -ESRCH;
1929 	}
1930 	spin_lock_bh(&pmc->lock);
1931 	rcu_read_unlock();
1932 #ifdef CONFIG_IP_MULTICAST
1933 	sf_markstate(pmc);
1934 #endif
1935 	if (!delta) {
1936 		err = -EINVAL;
1937 		if (!pmc->sfcount[sfmode])
1938 			goto out_unlock;
1939 		pmc->sfcount[sfmode]--;
1940 	}
1941 	err = 0;
1942 	for (i = 0; i < sfcount; i++) {
1943 		int rv = ip_mc_del1_src(pmc, sfmode, &psfsrc[i]);
1944 
1945 		changerec |= rv > 0;
1946 		if (!err && rv < 0)
1947 			err = rv;
1948 	}
1949 	if (pmc->sfmode == MCAST_EXCLUDE &&
1950 	    pmc->sfcount[MCAST_EXCLUDE] == 0 &&
1951 	    pmc->sfcount[MCAST_INCLUDE]) {
1952 #ifdef CONFIG_IP_MULTICAST
1953 		struct ip_sf_list *psf;
1954 		struct net *net = dev_net(in_dev->dev);
1955 #endif
1956 
1957 		/* filter mode change */
1958 		pmc->sfmode = MCAST_INCLUDE;
1959 #ifdef CONFIG_IP_MULTICAST
1960 		pmc->crcount = in_dev->mr_qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv);
1961 		WRITE_ONCE(in_dev->mr_ifc_count, pmc->crcount);
1962 		for (psf = pmc->sources; psf; psf = psf->sf_next)
1963 			psf->sf_crcount = 0;
1964 		igmp_ifc_event(pmc->interface);
1965 	} else if (sf_setstate(pmc) || changerec) {
1966 		igmp_ifc_event(pmc->interface);
1967 #endif
1968 	}
1969 out_unlock:
1970 	spin_unlock_bh(&pmc->lock);
1971 	return err;
1972 }
1973 
1974 /*
1975  * Add multicast single-source filter to the interface list
1976  */
ip_mc_add1_src(struct ip_mc_list * pmc,int sfmode,__be32 * psfsrc)1977 static int ip_mc_add1_src(struct ip_mc_list *pmc, int sfmode,
1978 	__be32 *psfsrc)
1979 {
1980 	struct ip_sf_list *psf, *psf_prev;
1981 
1982 	psf_prev = NULL;
1983 	for (psf = pmc->sources; psf; psf = psf->sf_next) {
1984 		if (psf->sf_inaddr == *psfsrc)
1985 			break;
1986 		psf_prev = psf;
1987 	}
1988 	if (!psf) {
1989 		psf = kzalloc(sizeof(*psf), GFP_ATOMIC);
1990 		if (!psf)
1991 			return -ENOBUFS;
1992 		psf->sf_inaddr = *psfsrc;
1993 		if (psf_prev) {
1994 			psf_prev->sf_next = psf;
1995 		} else
1996 			pmc->sources = psf;
1997 	}
1998 	psf->sf_count[sfmode]++;
1999 	if (psf->sf_count[sfmode] == 1) {
2000 		ip_rt_multicast_event(pmc->interface);
2001 	}
2002 	return 0;
2003 }
2004 
2005 #ifdef CONFIG_IP_MULTICAST
sf_markstate(struct ip_mc_list * pmc)2006 static void sf_markstate(struct ip_mc_list *pmc)
2007 {
2008 	struct ip_sf_list *psf;
2009 	int mca_xcount = pmc->sfcount[MCAST_EXCLUDE];
2010 
2011 	for (psf = pmc->sources; psf; psf = psf->sf_next)
2012 		if (pmc->sfcount[MCAST_EXCLUDE]) {
2013 			psf->sf_oldin = mca_xcount ==
2014 				psf->sf_count[MCAST_EXCLUDE] &&
2015 				!psf->sf_count[MCAST_INCLUDE];
2016 		} else
2017 			psf->sf_oldin = psf->sf_count[MCAST_INCLUDE] != 0;
2018 }
2019 
sf_setstate(struct ip_mc_list * pmc)2020 static int sf_setstate(struct ip_mc_list *pmc)
2021 {
2022 	struct ip_sf_list *psf, *dpsf;
2023 	int mca_xcount = pmc->sfcount[MCAST_EXCLUDE];
2024 	int qrv = pmc->interface->mr_qrv;
2025 	int new_in, rv;
2026 
2027 	rv = 0;
2028 	for (psf = pmc->sources; psf; psf = psf->sf_next) {
2029 		if (pmc->sfcount[MCAST_EXCLUDE]) {
2030 			new_in = mca_xcount == psf->sf_count[MCAST_EXCLUDE] &&
2031 				!psf->sf_count[MCAST_INCLUDE];
2032 		} else
2033 			new_in = psf->sf_count[MCAST_INCLUDE] != 0;
2034 		if (new_in) {
2035 			if (!psf->sf_oldin) {
2036 				struct ip_sf_list *prev = NULL;
2037 
2038 				for (dpsf = pmc->tomb; dpsf; dpsf = dpsf->sf_next) {
2039 					if (dpsf->sf_inaddr == psf->sf_inaddr)
2040 						break;
2041 					prev = dpsf;
2042 				}
2043 				if (dpsf) {
2044 					if (prev)
2045 						prev->sf_next = dpsf->sf_next;
2046 					else
2047 						pmc->tomb = dpsf->sf_next;
2048 					kfree(dpsf);
2049 				}
2050 				psf->sf_crcount = qrv;
2051 				rv++;
2052 			}
2053 		} else if (psf->sf_oldin) {
2054 
2055 			psf->sf_crcount = 0;
2056 			/*
2057 			 * add or update "delete" records if an active filter
2058 			 * is now inactive
2059 			 */
2060 			for (dpsf = pmc->tomb; dpsf; dpsf = dpsf->sf_next)
2061 				if (dpsf->sf_inaddr == psf->sf_inaddr)
2062 					break;
2063 			if (!dpsf) {
2064 				dpsf = kmalloc(sizeof(*dpsf), GFP_ATOMIC);
2065 				if (!dpsf)
2066 					continue;
2067 				*dpsf = *psf;
2068 				/* pmc->lock held by callers */
2069 				dpsf->sf_next = pmc->tomb;
2070 				pmc->tomb = dpsf;
2071 			}
2072 			dpsf->sf_crcount = qrv;
2073 			rv++;
2074 		}
2075 	}
2076 	return rv;
2077 }
2078 #endif
2079 
2080 /*
2081  * Add multicast source filter list to the interface list
2082  */
ip_mc_add_src(struct in_device * in_dev,__be32 * pmca,int sfmode,int sfcount,__be32 * psfsrc,int delta)2083 static int ip_mc_add_src(struct in_device *in_dev, __be32 *pmca, int sfmode,
2084 			 int sfcount, __be32 *psfsrc, int delta)
2085 {
2086 	struct ip_mc_list *pmc;
2087 	int	isexclude;
2088 	int	i, err;
2089 
2090 	if (!in_dev)
2091 		return -ENODEV;
2092 	rcu_read_lock();
2093 	for_each_pmc_rcu(in_dev, pmc) {
2094 		if (*pmca == pmc->multiaddr)
2095 			break;
2096 	}
2097 	if (!pmc) {
2098 		/* MCA not found?? bug */
2099 		rcu_read_unlock();
2100 		return -ESRCH;
2101 	}
2102 	spin_lock_bh(&pmc->lock);
2103 	rcu_read_unlock();
2104 
2105 #ifdef CONFIG_IP_MULTICAST
2106 	sf_markstate(pmc);
2107 #endif
2108 	isexclude = pmc->sfmode == MCAST_EXCLUDE;
2109 	if (!delta)
2110 		pmc->sfcount[sfmode]++;
2111 	err = 0;
2112 	for (i = 0; i < sfcount; i++) {
2113 		err = ip_mc_add1_src(pmc, sfmode, &psfsrc[i]);
2114 		if (err)
2115 			break;
2116 	}
2117 	if (err) {
2118 		int j;
2119 
2120 		if (!delta)
2121 			pmc->sfcount[sfmode]--;
2122 		for (j = 0; j < i; j++)
2123 			(void) ip_mc_del1_src(pmc, sfmode, &psfsrc[j]);
2124 	} else if (isexclude != (pmc->sfcount[MCAST_EXCLUDE] != 0)) {
2125 #ifdef CONFIG_IP_MULTICAST
2126 		struct ip_sf_list *psf;
2127 		struct net *net = dev_net(pmc->interface->dev);
2128 		in_dev = pmc->interface;
2129 #endif
2130 
2131 		/* filter mode change */
2132 		if (pmc->sfcount[MCAST_EXCLUDE])
2133 			pmc->sfmode = MCAST_EXCLUDE;
2134 		else if (pmc->sfcount[MCAST_INCLUDE])
2135 			pmc->sfmode = MCAST_INCLUDE;
2136 #ifdef CONFIG_IP_MULTICAST
2137 		/* else no filters; keep old mode for reports */
2138 
2139 		pmc->crcount = in_dev->mr_qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv);
2140 		WRITE_ONCE(in_dev->mr_ifc_count, pmc->crcount);
2141 		for (psf = pmc->sources; psf; psf = psf->sf_next)
2142 			psf->sf_crcount = 0;
2143 		igmp_ifc_event(in_dev);
2144 	} else if (sf_setstate(pmc)) {
2145 		igmp_ifc_event(in_dev);
2146 #endif
2147 	}
2148 	spin_unlock_bh(&pmc->lock);
2149 	return err;
2150 }
2151 
ip_mc_clear_src(struct ip_mc_list * pmc)2152 static void ip_mc_clear_src(struct ip_mc_list *pmc)
2153 {
2154 	struct ip_sf_list *tomb, *sources;
2155 
2156 	spin_lock_bh(&pmc->lock);
2157 	tomb = pmc->tomb;
2158 	pmc->tomb = NULL;
2159 	sources = pmc->sources;
2160 	pmc->sources = NULL;
2161 	pmc->sfmode = MCAST_EXCLUDE;
2162 	pmc->sfcount[MCAST_INCLUDE] = 0;
2163 	pmc->sfcount[MCAST_EXCLUDE] = 1;
2164 	spin_unlock_bh(&pmc->lock);
2165 
2166 	ip_sf_list_clear_all(tomb);
2167 	ip_sf_list_clear_all(sources);
2168 }
2169 
2170 /* Join a multicast group
2171  */
__ip_mc_join_group(struct sock * sk,struct ip_mreqn * imr,unsigned int mode)2172 static int __ip_mc_join_group(struct sock *sk, struct ip_mreqn *imr,
2173 			      unsigned int mode)
2174 {
2175 	__be32 addr = imr->imr_multiaddr.s_addr;
2176 	struct ip_mc_socklist *iml, *i;
2177 	struct in_device *in_dev;
2178 	struct inet_sock *inet = inet_sk(sk);
2179 	struct net *net = sock_net(sk);
2180 	int ifindex;
2181 	int count = 0;
2182 	int err;
2183 
2184 	ASSERT_RTNL();
2185 
2186 	if (!ipv4_is_multicast(addr))
2187 		return -EINVAL;
2188 
2189 	in_dev = ip_mc_find_dev(net, imr);
2190 
2191 	if (!in_dev) {
2192 		err = -ENODEV;
2193 		goto done;
2194 	}
2195 
2196 	err = -EADDRINUSE;
2197 	ifindex = imr->imr_ifindex;
2198 	for_each_pmc_rtnl(inet, i) {
2199 		if (i->multi.imr_multiaddr.s_addr == addr &&
2200 		    i->multi.imr_ifindex == ifindex)
2201 			goto done;
2202 		count++;
2203 	}
2204 	err = -ENOBUFS;
2205 	if (count >= READ_ONCE(net->ipv4.sysctl_igmp_max_memberships))
2206 		goto done;
2207 	iml = sock_kmalloc(sk, sizeof(*iml), GFP_KERNEL);
2208 	if (!iml)
2209 		goto done;
2210 
2211 	memcpy(&iml->multi, imr, sizeof(*imr));
2212 	iml->next_rcu = inet->mc_list;
2213 	iml->sflist = NULL;
2214 	iml->sfmode = mode;
2215 	rcu_assign_pointer(inet->mc_list, iml);
2216 	____ip_mc_inc_group(in_dev, addr, mode, GFP_KERNEL);
2217 	err = 0;
2218 done:
2219 	return err;
2220 }
2221 
2222 /* Join ASM (Any-Source Multicast) group
2223  */
ip_mc_join_group(struct sock * sk,struct ip_mreqn * imr)2224 int ip_mc_join_group(struct sock *sk, struct ip_mreqn *imr)
2225 {
2226 	return __ip_mc_join_group(sk, imr, MCAST_EXCLUDE);
2227 }
2228 EXPORT_SYMBOL(ip_mc_join_group);
2229 
2230 /* Join SSM (Source-Specific Multicast) group
2231  */
ip_mc_join_group_ssm(struct sock * sk,struct ip_mreqn * imr,unsigned int mode)2232 int ip_mc_join_group_ssm(struct sock *sk, struct ip_mreqn *imr,
2233 			 unsigned int mode)
2234 {
2235 	return __ip_mc_join_group(sk, imr, mode);
2236 }
2237 
ip_mc_leave_src(struct sock * sk,struct ip_mc_socklist * iml,struct in_device * in_dev)2238 static int ip_mc_leave_src(struct sock *sk, struct ip_mc_socklist *iml,
2239 			   struct in_device *in_dev)
2240 {
2241 	struct ip_sf_socklist *psf = rtnl_dereference(iml->sflist);
2242 	int err;
2243 
2244 	if (!psf) {
2245 		/* any-source empty exclude case */
2246 		return ip_mc_del_src(in_dev, &iml->multi.imr_multiaddr.s_addr,
2247 			iml->sfmode, 0, NULL, 0);
2248 	}
2249 	err = ip_mc_del_src(in_dev, &iml->multi.imr_multiaddr.s_addr,
2250 			iml->sfmode, psf->sl_count, psf->sl_addr, 0);
2251 	RCU_INIT_POINTER(iml->sflist, NULL);
2252 	/* decrease mem now to avoid the memleak warning */
2253 	atomic_sub(struct_size(psf, sl_addr, psf->sl_max), &sk->sk_omem_alloc);
2254 	kfree_rcu(psf, rcu);
2255 	return err;
2256 }
2257 
ip_mc_leave_group(struct sock * sk,struct ip_mreqn * imr)2258 int ip_mc_leave_group(struct sock *sk, struct ip_mreqn *imr)
2259 {
2260 	struct inet_sock *inet = inet_sk(sk);
2261 	struct ip_mc_socklist *iml;
2262 	struct ip_mc_socklist __rcu **imlp;
2263 	struct in_device *in_dev;
2264 	struct net *net = sock_net(sk);
2265 	__be32 group = imr->imr_multiaddr.s_addr;
2266 	u32 ifindex;
2267 	int ret = -EADDRNOTAVAIL;
2268 
2269 	ASSERT_RTNL();
2270 
2271 	in_dev = ip_mc_find_dev(net, imr);
2272 	if (!imr->imr_ifindex && !imr->imr_address.s_addr && !in_dev) {
2273 		ret = -ENODEV;
2274 		goto out;
2275 	}
2276 	ifindex = imr->imr_ifindex;
2277 	for (imlp = &inet->mc_list;
2278 	     (iml = rtnl_dereference(*imlp)) != NULL;
2279 	     imlp = &iml->next_rcu) {
2280 		if (iml->multi.imr_multiaddr.s_addr != group)
2281 			continue;
2282 		if (ifindex) {
2283 			if (iml->multi.imr_ifindex != ifindex)
2284 				continue;
2285 		} else if (imr->imr_address.s_addr && imr->imr_address.s_addr !=
2286 				iml->multi.imr_address.s_addr)
2287 			continue;
2288 
2289 		(void) ip_mc_leave_src(sk, iml, in_dev);
2290 
2291 		*imlp = iml->next_rcu;
2292 
2293 		if (in_dev)
2294 			ip_mc_dec_group(in_dev, group);
2295 
2296 		/* decrease mem now to avoid the memleak warning */
2297 		atomic_sub(sizeof(*iml), &sk->sk_omem_alloc);
2298 		kfree_rcu(iml, rcu);
2299 		return 0;
2300 	}
2301 out:
2302 	return ret;
2303 }
2304 EXPORT_SYMBOL(ip_mc_leave_group);
2305 
ip_mc_source(int add,int omode,struct sock * sk,struct ip_mreq_source * mreqs,int ifindex)2306 int ip_mc_source(int add, int omode, struct sock *sk, struct
2307 	ip_mreq_source *mreqs, int ifindex)
2308 {
2309 	int err;
2310 	struct ip_mreqn imr;
2311 	__be32 addr = mreqs->imr_multiaddr;
2312 	struct ip_mc_socklist *pmc;
2313 	struct in_device *in_dev = NULL;
2314 	struct inet_sock *inet = inet_sk(sk);
2315 	struct ip_sf_socklist *psl;
2316 	struct net *net = sock_net(sk);
2317 	int leavegroup = 0;
2318 	int i, j, rv;
2319 
2320 	if (!ipv4_is_multicast(addr))
2321 		return -EINVAL;
2322 
2323 	ASSERT_RTNL();
2324 
2325 	imr.imr_multiaddr.s_addr = mreqs->imr_multiaddr;
2326 	imr.imr_address.s_addr = mreqs->imr_interface;
2327 	imr.imr_ifindex = ifindex;
2328 	in_dev = ip_mc_find_dev(net, &imr);
2329 
2330 	if (!in_dev) {
2331 		err = -ENODEV;
2332 		goto done;
2333 	}
2334 	err = -EADDRNOTAVAIL;
2335 
2336 	for_each_pmc_rtnl(inet, pmc) {
2337 		if ((pmc->multi.imr_multiaddr.s_addr ==
2338 		     imr.imr_multiaddr.s_addr) &&
2339 		    (pmc->multi.imr_ifindex == imr.imr_ifindex))
2340 			break;
2341 	}
2342 	if (!pmc) {		/* must have a prior join */
2343 		err = -EINVAL;
2344 		goto done;
2345 	}
2346 	/* if a source filter was set, must be the same mode as before */
2347 	if (pmc->sflist) {
2348 		if (pmc->sfmode != omode) {
2349 			err = -EINVAL;
2350 			goto done;
2351 		}
2352 	} else if (pmc->sfmode != omode) {
2353 		/* allow mode switches for empty-set filters */
2354 		ip_mc_add_src(in_dev, &mreqs->imr_multiaddr, omode, 0, NULL, 0);
2355 		ip_mc_del_src(in_dev, &mreqs->imr_multiaddr, pmc->sfmode, 0,
2356 			NULL, 0);
2357 		pmc->sfmode = omode;
2358 	}
2359 
2360 	psl = rtnl_dereference(pmc->sflist);
2361 	if (!add) {
2362 		if (!psl)
2363 			goto done;	/* err = -EADDRNOTAVAIL */
2364 		rv = !0;
2365 		for (i = 0; i < psl->sl_count; i++) {
2366 			rv = memcmp(&psl->sl_addr[i], &mreqs->imr_sourceaddr,
2367 				sizeof(__be32));
2368 			if (rv == 0)
2369 				break;
2370 		}
2371 		if (rv)		/* source not found */
2372 			goto done;	/* err = -EADDRNOTAVAIL */
2373 
2374 		/* special case - (INCLUDE, empty) == LEAVE_GROUP */
2375 		if (psl->sl_count == 1 && omode == MCAST_INCLUDE) {
2376 			leavegroup = 1;
2377 			goto done;
2378 		}
2379 
2380 		/* update the interface filter */
2381 		ip_mc_del_src(in_dev, &mreqs->imr_multiaddr, omode, 1,
2382 			&mreqs->imr_sourceaddr, 1);
2383 
2384 		for (j = i+1; j < psl->sl_count; j++)
2385 			psl->sl_addr[j-1] = psl->sl_addr[j];
2386 		psl->sl_count--;
2387 		err = 0;
2388 		goto done;
2389 	}
2390 	/* else, add a new source to the filter */
2391 
2392 	if (psl && psl->sl_count >= READ_ONCE(net->ipv4.sysctl_igmp_max_msf)) {
2393 		err = -ENOBUFS;
2394 		goto done;
2395 	}
2396 	if (!psl || psl->sl_count == psl->sl_max) {
2397 		struct ip_sf_socklist *newpsl;
2398 		int count = IP_SFBLOCK;
2399 
2400 		if (psl)
2401 			count += psl->sl_max;
2402 		newpsl = sock_kmalloc(sk, struct_size(newpsl, sl_addr, count),
2403 				      GFP_KERNEL);
2404 		if (!newpsl) {
2405 			err = -ENOBUFS;
2406 			goto done;
2407 		}
2408 		newpsl->sl_max = count;
2409 		newpsl->sl_count = count - IP_SFBLOCK;
2410 		if (psl) {
2411 			for (i = 0; i < psl->sl_count; i++)
2412 				newpsl->sl_addr[i] = psl->sl_addr[i];
2413 			/* decrease mem now to avoid the memleak warning */
2414 			atomic_sub(struct_size(psl, sl_addr, psl->sl_max),
2415 				   &sk->sk_omem_alloc);
2416 		}
2417 		rcu_assign_pointer(pmc->sflist, newpsl);
2418 		if (psl)
2419 			kfree_rcu(psl, rcu);
2420 		psl = newpsl;
2421 	}
2422 	rv = 1;	/* > 0 for insert logic below if sl_count is 0 */
2423 	for (i = 0; i < psl->sl_count; i++) {
2424 		rv = memcmp(&psl->sl_addr[i], &mreqs->imr_sourceaddr,
2425 			sizeof(__be32));
2426 		if (rv == 0)
2427 			break;
2428 	}
2429 	if (rv == 0)		/* address already there is an error */
2430 		goto done;
2431 	for (j = psl->sl_count-1; j >= i; j--)
2432 		psl->sl_addr[j+1] = psl->sl_addr[j];
2433 	psl->sl_addr[i] = mreqs->imr_sourceaddr;
2434 	psl->sl_count++;
2435 	err = 0;
2436 	/* update the interface list */
2437 	ip_mc_add_src(in_dev, &mreqs->imr_multiaddr, omode, 1,
2438 		&mreqs->imr_sourceaddr, 1);
2439 done:
2440 	if (leavegroup)
2441 		err = ip_mc_leave_group(sk, &imr);
2442 	return err;
2443 }
2444 
ip_mc_msfilter(struct sock * sk,struct ip_msfilter * msf,int ifindex)2445 int ip_mc_msfilter(struct sock *sk, struct ip_msfilter *msf, int ifindex)
2446 {
2447 	int err = 0;
2448 	struct ip_mreqn	imr;
2449 	__be32 addr = msf->imsf_multiaddr;
2450 	struct ip_mc_socklist *pmc;
2451 	struct in_device *in_dev;
2452 	struct inet_sock *inet = inet_sk(sk);
2453 	struct ip_sf_socklist *newpsl, *psl;
2454 	struct net *net = sock_net(sk);
2455 	int leavegroup = 0;
2456 
2457 	if (!ipv4_is_multicast(addr))
2458 		return -EINVAL;
2459 	if (msf->imsf_fmode != MCAST_INCLUDE &&
2460 	    msf->imsf_fmode != MCAST_EXCLUDE)
2461 		return -EINVAL;
2462 
2463 	ASSERT_RTNL();
2464 
2465 	imr.imr_multiaddr.s_addr = msf->imsf_multiaddr;
2466 	imr.imr_address.s_addr = msf->imsf_interface;
2467 	imr.imr_ifindex = ifindex;
2468 	in_dev = ip_mc_find_dev(net, &imr);
2469 
2470 	if (!in_dev) {
2471 		err = -ENODEV;
2472 		goto done;
2473 	}
2474 
2475 	/* special case - (INCLUDE, empty) == LEAVE_GROUP */
2476 	if (msf->imsf_fmode == MCAST_INCLUDE && msf->imsf_numsrc == 0) {
2477 		leavegroup = 1;
2478 		goto done;
2479 	}
2480 
2481 	for_each_pmc_rtnl(inet, pmc) {
2482 		if (pmc->multi.imr_multiaddr.s_addr == msf->imsf_multiaddr &&
2483 		    pmc->multi.imr_ifindex == imr.imr_ifindex)
2484 			break;
2485 	}
2486 	if (!pmc) {		/* must have a prior join */
2487 		err = -EINVAL;
2488 		goto done;
2489 	}
2490 	if (msf->imsf_numsrc) {
2491 		newpsl = sock_kmalloc(sk, struct_size(newpsl, sl_addr,
2492 						      msf->imsf_numsrc),
2493 				      GFP_KERNEL);
2494 		if (!newpsl) {
2495 			err = -ENOBUFS;
2496 			goto done;
2497 		}
2498 		newpsl->sl_max = newpsl->sl_count = msf->imsf_numsrc;
2499 		memcpy(newpsl->sl_addr, msf->imsf_slist_flex,
2500 		       flex_array_size(msf, imsf_slist_flex, msf->imsf_numsrc));
2501 		err = ip_mc_add_src(in_dev, &msf->imsf_multiaddr,
2502 			msf->imsf_fmode, newpsl->sl_count, newpsl->sl_addr, 0);
2503 		if (err) {
2504 			sock_kfree_s(sk, newpsl,
2505 				     struct_size(newpsl, sl_addr,
2506 						 newpsl->sl_max));
2507 			goto done;
2508 		}
2509 	} else {
2510 		newpsl = NULL;
2511 		(void) ip_mc_add_src(in_dev, &msf->imsf_multiaddr,
2512 				     msf->imsf_fmode, 0, NULL, 0);
2513 	}
2514 	psl = rtnl_dereference(pmc->sflist);
2515 	if (psl) {
2516 		(void) ip_mc_del_src(in_dev, &msf->imsf_multiaddr, pmc->sfmode,
2517 			psl->sl_count, psl->sl_addr, 0);
2518 		/* decrease mem now to avoid the memleak warning */
2519 		atomic_sub(struct_size(psl, sl_addr, psl->sl_max),
2520 			   &sk->sk_omem_alloc);
2521 	} else {
2522 		(void) ip_mc_del_src(in_dev, &msf->imsf_multiaddr, pmc->sfmode,
2523 			0, NULL, 0);
2524 	}
2525 	rcu_assign_pointer(pmc->sflist, newpsl);
2526 	if (psl)
2527 		kfree_rcu(psl, rcu);
2528 	pmc->sfmode = msf->imsf_fmode;
2529 	err = 0;
2530 done:
2531 	if (leavegroup)
2532 		err = ip_mc_leave_group(sk, &imr);
2533 	return err;
2534 }
ip_mc_msfget(struct sock * sk,struct ip_msfilter * msf,sockptr_t optval,sockptr_t optlen)2535 int ip_mc_msfget(struct sock *sk, struct ip_msfilter *msf,
2536 		 sockptr_t optval, sockptr_t optlen)
2537 {
2538 	int err, len, count, copycount, msf_size;
2539 	struct ip_mreqn	imr;
2540 	__be32 addr = msf->imsf_multiaddr;
2541 	struct ip_mc_socklist *pmc;
2542 	struct in_device *in_dev;
2543 	struct inet_sock *inet = inet_sk(sk);
2544 	struct ip_sf_socklist *psl;
2545 	struct net *net = sock_net(sk);
2546 
2547 	ASSERT_RTNL();
2548 
2549 	if (!ipv4_is_multicast(addr))
2550 		return -EINVAL;
2551 
2552 	imr.imr_multiaddr.s_addr = msf->imsf_multiaddr;
2553 	imr.imr_address.s_addr = msf->imsf_interface;
2554 	imr.imr_ifindex = 0;
2555 	in_dev = ip_mc_find_dev(net, &imr);
2556 
2557 	if (!in_dev) {
2558 		err = -ENODEV;
2559 		goto done;
2560 	}
2561 	err = -EADDRNOTAVAIL;
2562 
2563 	for_each_pmc_rtnl(inet, pmc) {
2564 		if (pmc->multi.imr_multiaddr.s_addr == msf->imsf_multiaddr &&
2565 		    pmc->multi.imr_ifindex == imr.imr_ifindex)
2566 			break;
2567 	}
2568 	if (!pmc)		/* must have a prior join */
2569 		goto done;
2570 	msf->imsf_fmode = pmc->sfmode;
2571 	psl = rtnl_dereference(pmc->sflist);
2572 	if (!psl) {
2573 		count = 0;
2574 	} else {
2575 		count = psl->sl_count;
2576 	}
2577 	copycount = count < msf->imsf_numsrc ? count : msf->imsf_numsrc;
2578 	len = flex_array_size(psl, sl_addr, copycount);
2579 	msf->imsf_numsrc = count;
2580 	msf_size = IP_MSFILTER_SIZE(copycount);
2581 	if (copy_to_sockptr(optlen, &msf_size, sizeof(int)) ||
2582 	    copy_to_sockptr(optval, msf, IP_MSFILTER_SIZE(0))) {
2583 		return -EFAULT;
2584 	}
2585 	if (len &&
2586 	    copy_to_sockptr_offset(optval,
2587 				   offsetof(struct ip_msfilter, imsf_slist_flex),
2588 				   psl->sl_addr, len))
2589 		return -EFAULT;
2590 	return 0;
2591 done:
2592 	return err;
2593 }
2594 
ip_mc_gsfget(struct sock * sk,struct group_filter * gsf,sockptr_t optval,size_t ss_offset)2595 int ip_mc_gsfget(struct sock *sk, struct group_filter *gsf,
2596 		 sockptr_t optval, size_t ss_offset)
2597 {
2598 	int i, count, copycount;
2599 	struct sockaddr_in *psin;
2600 	__be32 addr;
2601 	struct ip_mc_socklist *pmc;
2602 	struct inet_sock *inet = inet_sk(sk);
2603 	struct ip_sf_socklist *psl;
2604 
2605 	ASSERT_RTNL();
2606 
2607 	psin = (struct sockaddr_in *)&gsf->gf_group;
2608 	if (psin->sin_family != AF_INET)
2609 		return -EINVAL;
2610 	addr = psin->sin_addr.s_addr;
2611 	if (!ipv4_is_multicast(addr))
2612 		return -EINVAL;
2613 
2614 	for_each_pmc_rtnl(inet, pmc) {
2615 		if (pmc->multi.imr_multiaddr.s_addr == addr &&
2616 		    pmc->multi.imr_ifindex == gsf->gf_interface)
2617 			break;
2618 	}
2619 	if (!pmc)		/* must have a prior join */
2620 		return -EADDRNOTAVAIL;
2621 	gsf->gf_fmode = pmc->sfmode;
2622 	psl = rtnl_dereference(pmc->sflist);
2623 	count = psl ? psl->sl_count : 0;
2624 	copycount = count < gsf->gf_numsrc ? count : gsf->gf_numsrc;
2625 	gsf->gf_numsrc = count;
2626 	for (i = 0; i < copycount; i++) {
2627 		struct sockaddr_storage ss;
2628 
2629 		psin = (struct sockaddr_in *)&ss;
2630 		memset(&ss, 0, sizeof(ss));
2631 		psin->sin_family = AF_INET;
2632 		psin->sin_addr.s_addr = psl->sl_addr[i];
2633 		if (copy_to_sockptr_offset(optval, ss_offset,
2634 					   &ss, sizeof(ss)))
2635 			return -EFAULT;
2636 		ss_offset += sizeof(ss);
2637 	}
2638 	return 0;
2639 }
2640 
2641 /*
2642  * check if a multicast source filter allows delivery for a given <src,dst,intf>
2643  */
ip_mc_sf_allow(const struct sock * sk,__be32 loc_addr,__be32 rmt_addr,int dif,int sdif)2644 int ip_mc_sf_allow(const struct sock *sk, __be32 loc_addr, __be32 rmt_addr,
2645 		   int dif, int sdif)
2646 {
2647 	const struct inet_sock *inet = inet_sk(sk);
2648 	struct ip_mc_socklist *pmc;
2649 	struct ip_sf_socklist *psl;
2650 	int i;
2651 	int ret;
2652 
2653 	ret = 1;
2654 	if (!ipv4_is_multicast(loc_addr))
2655 		goto out;
2656 
2657 	rcu_read_lock();
2658 	for_each_pmc_rcu(inet, pmc) {
2659 		if (pmc->multi.imr_multiaddr.s_addr == loc_addr &&
2660 		    (pmc->multi.imr_ifindex == dif ||
2661 		     (sdif && pmc->multi.imr_ifindex == sdif)))
2662 			break;
2663 	}
2664 	ret = inet_test_bit(MC_ALL, sk);
2665 	if (!pmc)
2666 		goto unlock;
2667 	psl = rcu_dereference(pmc->sflist);
2668 	ret = (pmc->sfmode == MCAST_EXCLUDE);
2669 	if (!psl)
2670 		goto unlock;
2671 
2672 	for (i = 0; i < psl->sl_count; i++) {
2673 		if (psl->sl_addr[i] == rmt_addr)
2674 			break;
2675 	}
2676 	ret = 0;
2677 	if (pmc->sfmode == MCAST_INCLUDE && i >= psl->sl_count)
2678 		goto unlock;
2679 	if (pmc->sfmode == MCAST_EXCLUDE && i < psl->sl_count)
2680 		goto unlock;
2681 	ret = 1;
2682 unlock:
2683 	rcu_read_unlock();
2684 out:
2685 	return ret;
2686 }
2687 
2688 /*
2689  *	A socket is closing.
2690  */
2691 
ip_mc_drop_socket(struct sock * sk)2692 void ip_mc_drop_socket(struct sock *sk)
2693 {
2694 	struct inet_sock *inet = inet_sk(sk);
2695 	struct ip_mc_socklist *iml;
2696 	struct net *net = sock_net(sk);
2697 
2698 	if (!inet->mc_list)
2699 		return;
2700 
2701 	rtnl_lock();
2702 	while ((iml = rtnl_dereference(inet->mc_list)) != NULL) {
2703 		struct in_device *in_dev;
2704 
2705 		inet->mc_list = iml->next_rcu;
2706 		in_dev = inetdev_by_index(net, iml->multi.imr_ifindex);
2707 		(void) ip_mc_leave_src(sk, iml, in_dev);
2708 		if (in_dev)
2709 			ip_mc_dec_group(in_dev, iml->multi.imr_multiaddr.s_addr);
2710 		/* decrease mem now to avoid the memleak warning */
2711 		atomic_sub(sizeof(*iml), &sk->sk_omem_alloc);
2712 		kfree_rcu(iml, rcu);
2713 	}
2714 	rtnl_unlock();
2715 }
2716 
2717 /* called with rcu_read_lock() */
ip_check_mc_rcu(struct in_device * in_dev,__be32 mc_addr,__be32 src_addr,u8 proto)2718 int ip_check_mc_rcu(struct in_device *in_dev, __be32 mc_addr, __be32 src_addr, u8 proto)
2719 {
2720 	struct ip_mc_list *im;
2721 	struct ip_mc_list __rcu **mc_hash;
2722 	struct ip_sf_list *psf;
2723 	int rv = 0;
2724 
2725 	mc_hash = rcu_dereference(in_dev->mc_hash);
2726 	if (mc_hash) {
2727 		u32 hash = hash_32((__force u32)mc_addr, MC_HASH_SZ_LOG);
2728 
2729 		for (im = rcu_dereference(mc_hash[hash]);
2730 		     im != NULL;
2731 		     im = rcu_dereference(im->next_hash)) {
2732 			if (im->multiaddr == mc_addr)
2733 				break;
2734 		}
2735 	} else {
2736 		for_each_pmc_rcu(in_dev, im) {
2737 			if (im->multiaddr == mc_addr)
2738 				break;
2739 		}
2740 	}
2741 	if (im && proto == IPPROTO_IGMP) {
2742 		rv = 1;
2743 	} else if (im) {
2744 		if (src_addr) {
2745 			spin_lock_bh(&im->lock);
2746 			for (psf = im->sources; psf; psf = psf->sf_next) {
2747 				if (psf->sf_inaddr == src_addr)
2748 					break;
2749 			}
2750 			if (psf)
2751 				rv = psf->sf_count[MCAST_INCLUDE] ||
2752 					psf->sf_count[MCAST_EXCLUDE] !=
2753 					im->sfcount[MCAST_EXCLUDE];
2754 			else
2755 				rv = im->sfcount[MCAST_EXCLUDE] != 0;
2756 			spin_unlock_bh(&im->lock);
2757 		} else
2758 			rv = 1; /* unspecified source; tentatively allow */
2759 	}
2760 	return rv;
2761 }
2762 
2763 #if defined(CONFIG_PROC_FS)
2764 struct igmp_mc_iter_state {
2765 	struct seq_net_private p;
2766 	struct net_device *dev;
2767 	struct in_device *in_dev;
2768 };
2769 
2770 #define	igmp_mc_seq_private(seq)	((struct igmp_mc_iter_state *)(seq)->private)
2771 
igmp_mc_get_first(struct seq_file * seq)2772 static inline struct ip_mc_list *igmp_mc_get_first(struct seq_file *seq)
2773 {
2774 	struct net *net = seq_file_net(seq);
2775 	struct ip_mc_list *im = NULL;
2776 	struct igmp_mc_iter_state *state = igmp_mc_seq_private(seq);
2777 
2778 	state->in_dev = NULL;
2779 	for_each_netdev_rcu(net, state->dev) {
2780 		struct in_device *in_dev;
2781 
2782 		in_dev = __in_dev_get_rcu(state->dev);
2783 		if (!in_dev)
2784 			continue;
2785 		im = rcu_dereference(in_dev->mc_list);
2786 		if (im) {
2787 			state->in_dev = in_dev;
2788 			break;
2789 		}
2790 	}
2791 	return im;
2792 }
2793 
igmp_mc_get_next(struct seq_file * seq,struct ip_mc_list * im)2794 static struct ip_mc_list *igmp_mc_get_next(struct seq_file *seq, struct ip_mc_list *im)
2795 {
2796 	struct igmp_mc_iter_state *state = igmp_mc_seq_private(seq);
2797 
2798 	im = rcu_dereference(im->next_rcu);
2799 	while (!im) {
2800 		state->dev = next_net_device_rcu(state->dev);
2801 		if (!state->dev) {
2802 			state->in_dev = NULL;
2803 			break;
2804 		}
2805 		state->in_dev = __in_dev_get_rcu(state->dev);
2806 		if (!state->in_dev)
2807 			continue;
2808 		im = rcu_dereference(state->in_dev->mc_list);
2809 	}
2810 	return im;
2811 }
2812 
igmp_mc_get_idx(struct seq_file * seq,loff_t pos)2813 static struct ip_mc_list *igmp_mc_get_idx(struct seq_file *seq, loff_t pos)
2814 {
2815 	struct ip_mc_list *im = igmp_mc_get_first(seq);
2816 	if (im)
2817 		while (pos && (im = igmp_mc_get_next(seq, im)) != NULL)
2818 			--pos;
2819 	return pos ? NULL : im;
2820 }
2821 
igmp_mc_seq_start(struct seq_file * seq,loff_t * pos)2822 static void *igmp_mc_seq_start(struct seq_file *seq, loff_t *pos)
2823 	__acquires(rcu)
2824 {
2825 	rcu_read_lock();
2826 	return *pos ? igmp_mc_get_idx(seq, *pos - 1) : SEQ_START_TOKEN;
2827 }
2828 
igmp_mc_seq_next(struct seq_file * seq,void * v,loff_t * pos)2829 static void *igmp_mc_seq_next(struct seq_file *seq, void *v, loff_t *pos)
2830 {
2831 	struct ip_mc_list *im;
2832 	if (v == SEQ_START_TOKEN)
2833 		im = igmp_mc_get_first(seq);
2834 	else
2835 		im = igmp_mc_get_next(seq, v);
2836 	++*pos;
2837 	return im;
2838 }
2839 
igmp_mc_seq_stop(struct seq_file * seq,void * v)2840 static void igmp_mc_seq_stop(struct seq_file *seq, void *v)
2841 	__releases(rcu)
2842 {
2843 	struct igmp_mc_iter_state *state = igmp_mc_seq_private(seq);
2844 
2845 	state->in_dev = NULL;
2846 	state->dev = NULL;
2847 	rcu_read_unlock();
2848 }
2849 
igmp_mc_seq_show(struct seq_file * seq,void * v)2850 static int igmp_mc_seq_show(struct seq_file *seq, void *v)
2851 {
2852 	if (v == SEQ_START_TOKEN)
2853 		seq_puts(seq,
2854 			 "Idx\tDevice    : Count Querier\tGroup    Users Timer\tReporter\n");
2855 	else {
2856 		struct ip_mc_list *im = v;
2857 		struct igmp_mc_iter_state *state = igmp_mc_seq_private(seq);
2858 		char   *querier;
2859 		long delta;
2860 
2861 #ifdef CONFIG_IP_MULTICAST
2862 		querier = IGMP_V1_SEEN(state->in_dev) ? "V1" :
2863 			  IGMP_V2_SEEN(state->in_dev) ? "V2" :
2864 			  "V3";
2865 #else
2866 		querier = "NONE";
2867 #endif
2868 
2869 		if (rcu_access_pointer(state->in_dev->mc_list) == im) {
2870 			seq_printf(seq, "%d\t%-10s: %5d %7s\n",
2871 				   state->dev->ifindex, state->dev->name, state->in_dev->mc_count, querier);
2872 		}
2873 
2874 		delta = im->timer.expires - jiffies;
2875 		seq_printf(seq,
2876 			   "\t\t\t\t%08X %5d %d:%08lX\t\t%d\n",
2877 			   im->multiaddr, im->users,
2878 			   im->tm_running,
2879 			   im->tm_running ? jiffies_delta_to_clock_t(delta) : 0,
2880 			   im->reporter);
2881 	}
2882 	return 0;
2883 }
2884 
2885 static const struct seq_operations igmp_mc_seq_ops = {
2886 	.start	=	igmp_mc_seq_start,
2887 	.next	=	igmp_mc_seq_next,
2888 	.stop	=	igmp_mc_seq_stop,
2889 	.show	=	igmp_mc_seq_show,
2890 };
2891 
2892 struct igmp_mcf_iter_state {
2893 	struct seq_net_private p;
2894 	struct net_device *dev;
2895 	struct in_device *idev;
2896 	struct ip_mc_list *im;
2897 };
2898 
2899 #define igmp_mcf_seq_private(seq)	((struct igmp_mcf_iter_state *)(seq)->private)
2900 
igmp_mcf_get_first(struct seq_file * seq)2901 static inline struct ip_sf_list *igmp_mcf_get_first(struct seq_file *seq)
2902 {
2903 	struct net *net = seq_file_net(seq);
2904 	struct ip_sf_list *psf = NULL;
2905 	struct ip_mc_list *im = NULL;
2906 	struct igmp_mcf_iter_state *state = igmp_mcf_seq_private(seq);
2907 
2908 	state->idev = NULL;
2909 	state->im = NULL;
2910 	for_each_netdev_rcu(net, state->dev) {
2911 		struct in_device *idev;
2912 		idev = __in_dev_get_rcu(state->dev);
2913 		if (unlikely(!idev))
2914 			continue;
2915 		im = rcu_dereference(idev->mc_list);
2916 		if (likely(im)) {
2917 			spin_lock_bh(&im->lock);
2918 			psf = im->sources;
2919 			if (likely(psf)) {
2920 				state->im = im;
2921 				state->idev = idev;
2922 				break;
2923 			}
2924 			spin_unlock_bh(&im->lock);
2925 		}
2926 	}
2927 	return psf;
2928 }
2929 
igmp_mcf_get_next(struct seq_file * seq,struct ip_sf_list * psf)2930 static struct ip_sf_list *igmp_mcf_get_next(struct seq_file *seq, struct ip_sf_list *psf)
2931 {
2932 	struct igmp_mcf_iter_state *state = igmp_mcf_seq_private(seq);
2933 
2934 	psf = psf->sf_next;
2935 	while (!psf) {
2936 		spin_unlock_bh(&state->im->lock);
2937 		state->im = state->im->next;
2938 		while (!state->im) {
2939 			state->dev = next_net_device_rcu(state->dev);
2940 			if (!state->dev) {
2941 				state->idev = NULL;
2942 				goto out;
2943 			}
2944 			state->idev = __in_dev_get_rcu(state->dev);
2945 			if (!state->idev)
2946 				continue;
2947 			state->im = rcu_dereference(state->idev->mc_list);
2948 		}
2949 		if (!state->im)
2950 			break;
2951 		spin_lock_bh(&state->im->lock);
2952 		psf = state->im->sources;
2953 	}
2954 out:
2955 	return psf;
2956 }
2957 
igmp_mcf_get_idx(struct seq_file * seq,loff_t pos)2958 static struct ip_sf_list *igmp_mcf_get_idx(struct seq_file *seq, loff_t pos)
2959 {
2960 	struct ip_sf_list *psf = igmp_mcf_get_first(seq);
2961 	if (psf)
2962 		while (pos && (psf = igmp_mcf_get_next(seq, psf)) != NULL)
2963 			--pos;
2964 	return pos ? NULL : psf;
2965 }
2966 
igmp_mcf_seq_start(struct seq_file * seq,loff_t * pos)2967 static void *igmp_mcf_seq_start(struct seq_file *seq, loff_t *pos)
2968 	__acquires(rcu)
2969 {
2970 	rcu_read_lock();
2971 	return *pos ? igmp_mcf_get_idx(seq, *pos - 1) : SEQ_START_TOKEN;
2972 }
2973 
igmp_mcf_seq_next(struct seq_file * seq,void * v,loff_t * pos)2974 static void *igmp_mcf_seq_next(struct seq_file *seq, void *v, loff_t *pos)
2975 {
2976 	struct ip_sf_list *psf;
2977 	if (v == SEQ_START_TOKEN)
2978 		psf = igmp_mcf_get_first(seq);
2979 	else
2980 		psf = igmp_mcf_get_next(seq, v);
2981 	++*pos;
2982 	return psf;
2983 }
2984 
igmp_mcf_seq_stop(struct seq_file * seq,void * v)2985 static void igmp_mcf_seq_stop(struct seq_file *seq, void *v)
2986 	__releases(rcu)
2987 {
2988 	struct igmp_mcf_iter_state *state = igmp_mcf_seq_private(seq);
2989 	if (likely(state->im)) {
2990 		spin_unlock_bh(&state->im->lock);
2991 		state->im = NULL;
2992 	}
2993 	state->idev = NULL;
2994 	state->dev = NULL;
2995 	rcu_read_unlock();
2996 }
2997 
igmp_mcf_seq_show(struct seq_file * seq,void * v)2998 static int igmp_mcf_seq_show(struct seq_file *seq, void *v)
2999 {
3000 	struct ip_sf_list *psf = v;
3001 	struct igmp_mcf_iter_state *state = igmp_mcf_seq_private(seq);
3002 
3003 	if (v == SEQ_START_TOKEN) {
3004 		seq_puts(seq, "Idx Device        MCA        SRC    INC    EXC\n");
3005 	} else {
3006 		seq_printf(seq,
3007 			   "%3d %6.6s 0x%08x "
3008 			   "0x%08x %6lu %6lu\n",
3009 			   state->dev->ifindex, state->dev->name,
3010 			   ntohl(state->im->multiaddr),
3011 			   ntohl(psf->sf_inaddr),
3012 			   psf->sf_count[MCAST_INCLUDE],
3013 			   psf->sf_count[MCAST_EXCLUDE]);
3014 	}
3015 	return 0;
3016 }
3017 
3018 static const struct seq_operations igmp_mcf_seq_ops = {
3019 	.start	=	igmp_mcf_seq_start,
3020 	.next	=	igmp_mcf_seq_next,
3021 	.stop	=	igmp_mcf_seq_stop,
3022 	.show	=	igmp_mcf_seq_show,
3023 };
3024 
igmp_net_init(struct net * net)3025 static int __net_init igmp_net_init(struct net *net)
3026 {
3027 	struct proc_dir_entry *pde;
3028 	int err;
3029 
3030 	pde = proc_create_net("igmp", 0444, net->proc_net, &igmp_mc_seq_ops,
3031 			sizeof(struct igmp_mc_iter_state));
3032 	if (!pde)
3033 		goto out_igmp;
3034 	pde = proc_create_net("mcfilter", 0444, net->proc_net,
3035 			&igmp_mcf_seq_ops, sizeof(struct igmp_mcf_iter_state));
3036 	if (!pde)
3037 		goto out_mcfilter;
3038 	err = inet_ctl_sock_create(&net->ipv4.mc_autojoin_sk, AF_INET,
3039 				   SOCK_DGRAM, 0, net);
3040 	if (err < 0) {
3041 		pr_err("Failed to initialize the IGMP autojoin socket (err %d)\n",
3042 		       err);
3043 		goto out_sock;
3044 	}
3045 
3046 	return 0;
3047 
3048 out_sock:
3049 	remove_proc_entry("mcfilter", net->proc_net);
3050 out_mcfilter:
3051 	remove_proc_entry("igmp", net->proc_net);
3052 out_igmp:
3053 	return -ENOMEM;
3054 }
3055 
igmp_net_exit(struct net * net)3056 static void __net_exit igmp_net_exit(struct net *net)
3057 {
3058 	remove_proc_entry("mcfilter", net->proc_net);
3059 	remove_proc_entry("igmp", net->proc_net);
3060 	inet_ctl_sock_destroy(net->ipv4.mc_autojoin_sk);
3061 }
3062 
3063 static struct pernet_operations igmp_net_ops = {
3064 	.init = igmp_net_init,
3065 	.exit = igmp_net_exit,
3066 };
3067 #endif
3068 
igmp_netdev_event(struct notifier_block * this,unsigned long event,void * ptr)3069 static int igmp_netdev_event(struct notifier_block *this,
3070 			     unsigned long event, void *ptr)
3071 {
3072 	struct net_device *dev = netdev_notifier_info_to_dev(ptr);
3073 	struct in_device *in_dev;
3074 
3075 	switch (event) {
3076 	case NETDEV_RESEND_IGMP:
3077 		in_dev = __in_dev_get_rtnl(dev);
3078 		if (in_dev)
3079 			ip_mc_rejoin_groups(in_dev);
3080 		break;
3081 	default:
3082 		break;
3083 	}
3084 	return NOTIFY_DONE;
3085 }
3086 
3087 static struct notifier_block igmp_notifier = {
3088 	.notifier_call = igmp_netdev_event,
3089 };
3090 
igmp_mc_init(void)3091 int __init igmp_mc_init(void)
3092 {
3093 #if defined(CONFIG_PROC_FS)
3094 	int err;
3095 
3096 	err = register_pernet_subsys(&igmp_net_ops);
3097 	if (err)
3098 		return err;
3099 	err = register_netdevice_notifier(&igmp_notifier);
3100 	if (err)
3101 		goto reg_notif_fail;
3102 	return 0;
3103 
3104 reg_notif_fail:
3105 	unregister_pernet_subsys(&igmp_net_ops);
3106 	return err;
3107 #else
3108 	return register_netdevice_notifier(&igmp_notifier);
3109 #endif
3110 }
3111