1
/*
2
 *	IP multicast routing support for mrouted 3.6/3.8
3
 *
4
 *		(c) 1995 Alan Cox, <[email protected]>
5
 *	  Linux Consultancy and Custom Driver Development
6
 *
7
 *	This program is free software; you can redistribute it and/or
8
 *	modify it under the terms of the GNU General Public License
9
 *	as published by the Free Software Foundation; either version
10
 *	2 of the License, or (at your option) any later version.
11
 *
12
 *	Fixes:
13
 *	Michael Chastain	:	Incorrect size of copying.
14
 *	Alan Cox		:	Added the cache manager code
15
 *	Alan Cox		:	Fixed the clone/copy bug and device race.
16
 *	Mike McLagan		:	Routing by source
17
 *	Malcolm Beattie		:	Buffer handling fixes.
18
 *	Alexey Kuznetsov	:	Double buffer free and other fixes.
19
 *	SVR Anand		:	Fixed several multicast bugs and problems.
20
 *	Alexey Kuznetsov	:	Status, optimisations and more.
21
 *	Brad Parker		:	Better behaviour on mrouted upcall
22
 *					overflow.
23
 *      Carlos Picoto           :       PIMv1 Support
24
 *	Pavlin Ivanov Radoslavov:	PIMv2 Registers must checksum only PIM header
25
 *					Relax this requirement to work with older peers.
26
 *
27
 */
28

29
#include <asm/system.h>
30
#include <asm/uaccess.h>
31
#include <linux/types.h>
32
#include <linux/capability.h>
33
#include <linux/errno.h>
34
#include <linux/timer.h>
35
#include <linux/mm.h>
36
#include <linux/kernel.h>
37
#include <linux/fcntl.h>
38
#include <linux/stat.h>
39
#include <linux/socket.h>
40
#include <linux/in.h>
41
#include <linux/inet.h>
42
#include <linux/netdevice.h>
43
#include <linux/inetdevice.h>
44
#include <linux/igmp.h>
45
#include <linux/proc_fs.h>
46
#include <linux/seq_file.h>
47
#include <linux/mroute.h>
48
#include <linux/init.h>
49
#include <linux/if_ether.h>
50
#include <linux/slab.h>
51
#include <net/net_namespace.h>
52
#include <net/ip.h>
53
#include <net/protocol.h>
54
#include <linux/skbuff.h>
55
#include <net/route.h>
56
#include <net/sock.h>
57
#include <net/icmp.h>
58
#include <net/udp.h>
59
#include <net/raw.h>
60
#include <linux/notifier.h>
61
#include <linux/if_arp.h>
62
#include <linux/netfilter_ipv4.h>
63
#include <linux/compat.h>
64
#include <net/ipip.h>
65
#include <net/checksum.h>
66
#include <net/netlink.h>
67
#include <net/fib_rules.h>
68

69
#if defined(CONFIG_IP_PIMSM_V1) || defined(CONFIG_IP_PIMSM_V2)
70
#define CONFIG_IP_PIMSM	1
71
#endif
72

73
struct mr_table {
74
	struct list_head	list;
75
#ifdef CONFIG_NET_NS
76
	struct net		*net;
77
#endif
78
	u32			id;
79
	struct sock __rcu	*mroute_sk;
80
	struct timer_list	ipmr_expire_timer;
81
	struct list_head	mfc_unres_queue;
82
	struct list_head	mfc_cache_array[MFC_LINES];
83
	struct vif_device	vif_table[MAXVIFS];
84
	int			maxvif;
85
	atomic_t		cache_resolve_queue_len;
86
	int			mroute_do_assert;
87
	int			mroute_do_pim;
88
#if defined(CONFIG_IP_PIMSM_V1) || defined(CONFIG_IP_PIMSM_V2)
89
	int			mroute_reg_vif_num;
90
#endif
91
};
92

93
struct ipmr_rule {
94
	struct fib_rule		common;
95
};
96

97
struct ipmr_result {
98
	struct mr_table		*mrt;
99
};
100

101
/* Big lock, protecting vif table, mrt cache and mroute socket state.
102
 * Note that the changes are semaphored via rtnl_lock.
103
 */
104

105
static DEFINE_RWLOCK(mrt_lock);
106

107
/*
108
 *	Multicast router control variables
109
 */
110

111
#define VIF_EXISTS(_mrt, _idx) ((_mrt)->vif_table[_idx].dev != NULL)
112

113
/* Special spinlock for queue of unresolved entries */
114
static DEFINE_SPINLOCK(mfc_unres_lock);
115

116
/* We return to original Alan's scheme. Hash table of resolved
117
 * entries is changed only in process context and protected
118
 * with weak lock mrt_lock. Queue of unresolved entries is protected
119
 * with strong spinlock mfc_unres_lock.
120
 *
121
 * In this case data path is free of exclusive locks at all.
122
 */
123

124
static struct kmem_cache *mrt_cachep __read_mostly;
125

126
static struct mr_table *ipmr_new_table(struct net *net, u32 id);
127
static int ip_mr_forward(struct net *net, struct mr_table *mrt,
128
			 struct sk_buff *skb, struct mfc_cache *cache,
129
			 int local);
130
static int ipmr_cache_report(struct mr_table *mrt,
131
			     struct sk_buff *pkt, vifi_t vifi, int assert);
132
static int __ipmr_fill_mroute(struct mr_table *mrt, struct sk_buff *skb,
133
			      struct mfc_cache *c, struct rtmsg *rtm);
134
static void ipmr_expire_process(unsigned long arg);
135

136
#ifdef CONFIG_IP_MROUTE_MULTIPLE_TABLES
137
#define ipmr_for_each_table(mrt, net) \
138
	list_for_each_entry_rcu(mrt, &net->ipv4.mr_tables, list)
139

140
static struct mr_table *ipmr_get_table(struct net *net, u32 id)
141
{
142
	struct mr_table *mrt;
143

144
	ipmr_for_each_table(mrt, net) {
145
		if (mrt->id == id)
146
			return mrt;
147
	}
148
	return NULL;
149
}
150

151
static int ipmr_fib_lookup(struct net *net, struct flowi4 *flp4,
152
			   struct mr_table **mrt)
153
{
154
	struct ipmr_result res;
155
	struct fib_lookup_arg arg = { .result = &res, };
156
	int err;
157

158
	err = fib_rules_lookup(net->ipv4.mr_rules_ops,
159
			       flowi4_to_flowi(flp4), 0, &arg);
160
	if (err < 0)
161
		return err;
162
	*mrt = res.mrt;
163
	return 0;
164
}
165

166
static int ipmr_rule_action(struct fib_rule *rule, struct flowi *flp,
167
			    int flags, struct fib_lookup_arg *arg)
168
{
169
	struct ipmr_result *res = arg->result;
170
	struct mr_table *mrt;
171

172
	switch (rule->action) {
173
	case FR_ACT_TO_TBL:
174
		break;
175
	case FR_ACT_UNREACHABLE:
176
		return -ENETUNREACH;
177
	case FR_ACT_PROHIBIT:
178
		return -EACCES;
179
	case FR_ACT_BLACKHOLE:
180
	default:
181
		return -EINVAL;
182
	}
183

184
	mrt = ipmr_get_table(rule->fr_net, rule->table);
185
	if (mrt == NULL)
186
		return -EAGAIN;
187
	res->mrt = mrt;
188
	return 0;
189
}
190

191
static int ipmr_rule_match(struct fib_rule *rule, struct flowi *fl, int flags)
192
{
193
	return 1;
194
}
195

196
static const struct nla_policy ipmr_rule_policy[FRA_MAX + 1] = {
197
	FRA_GENERIC_POLICY,
198
};
199

200
static int ipmr_rule_configure(struct fib_rule *rule, struct sk_buff *skb,
201
			       struct fib_rule_hdr *frh, struct nlattr **tb)
202
{
203
	return 0;
204
}
205

206
static int ipmr_rule_compare(struct fib_rule *rule, struct fib_rule_hdr *frh,
207
			     struct nlattr **tb)
208
{
209
	return 1;
210
}
211

212
static int ipmr_rule_fill(struct fib_rule *rule, struct sk_buff *skb,
213
			  struct fib_rule_hdr *frh)
214
{
215
	frh->dst_len = 0;
216
	frh->src_len = 0;
217
	frh->tos     = 0;
218
	return 0;
219
}
220

221
static const struct fib_rules_ops __net_initdata ipmr_rules_ops_template = {
222
	.family		= RTNL_FAMILY_IPMR,
223
	.rule_size	= sizeof(struct ipmr_rule),
224
	.addr_size	= sizeof(u32),
225
	.action		= ipmr_rule_action,
226
	.match		= ipmr_rule_match,
227
	.configure	= ipmr_rule_configure,
228
	.compare	= ipmr_rule_compare,
229
	.default_pref	= fib_default_rule_pref,
230
	.fill		= ipmr_rule_fill,
231
	.nlgroup	= RTNLGRP_IPV4_RULE,
232
	.policy		= ipmr_rule_policy,
233
	.owner		= THIS_MODULE,
234
};
235

236
static int __net_init ipmr_rules_init(struct net *net)
237
{
238
	struct fib_rules_ops *ops;
239
	struct mr_table *mrt;
240
	int err;
241

242
	ops = fib_rules_register(&ipmr_rules_ops_template, net);
243
	if (IS_ERR(ops))
244
		return PTR_ERR(ops);
245

246
	INIT_LIST_HEAD(&net->ipv4.mr_tables);
247

248
	mrt = ipmr_new_table(net, RT_TABLE_DEFAULT);
249
	if (mrt == NULL) {
250
		err = -ENOMEM;
251
		goto err1;
252
	}
253

254
	err = fib_default_rule_add(ops, 0x7fff, RT_TABLE_DEFAULT, 0);
255
	if (err < 0)
256
		goto err2;
257

258
	net->ipv4.mr_rules_ops = ops;
259
	return 0;
260

261
err2:
262
	kfree(mrt);
263
err1:
264
	fib_rules_unregister(ops);
265
	return err;
266
}
267

268
static void __net_exit ipmr_rules_exit(struct net *net)
269
{
270
	struct mr_table *mrt, *next;
271

272
	list_for_each_entry_safe(mrt, next, &net->ipv4.mr_tables, list) {
273
		list_del(&mrt->list);
274
		kfree(mrt);
275
	}
276
	fib_rules_unregister(net->ipv4.mr_rules_ops);
277
}
278
#else
279
#define ipmr_for_each_table(mrt, net) \
280
	for (mrt = net->ipv4.mrt; mrt; mrt = NULL)
281

282
static struct mr_table *ipmr_get_table(struct net *net, u32 id)
283
{
284
	return net->ipv4.mrt;
285
}
286

287
static int ipmr_fib_lookup(struct net *net, struct flowi4 *flp4,
288
			   struct mr_table **mrt)
289
{
290
	*mrt = net->ipv4.mrt;
291
	return 0;
292
}
293

294
static int __net_init ipmr_rules_init(struct net *net)
295
{
296
	net->ipv4.mrt = ipmr_new_table(net, RT_TABLE_DEFAULT);
297
	return net->ipv4.mrt ? 0 : -ENOMEM;
298
}
299

300
static void __net_exit ipmr_rules_exit(struct net *net)
301
{
302
	kfree(net->ipv4.mrt);
303
}
304
#endif
305

306
static struct mr_table *ipmr_new_table(struct net *net, u32 id)
307
{
308
	struct mr_table *mrt;
309
	unsigned int i;
310

311
	mrt = ipmr_get_table(net, id);
312
	if (mrt != NULL)
313
		return mrt;
314

315
	mrt = kzalloc(sizeof(*mrt), GFP_KERNEL);
316
	if (mrt == NULL)
317
		return NULL;
318
	write_pnet(&mrt->net, net);
319
	mrt->id = id;
320

321
	/* Forwarding cache */
322
	for (i = 0; i < MFC_LINES; i++)
323
		INIT_LIST_HEAD(&mrt->mfc_cache_array[i]);
324

325
	INIT_LIST_HEAD(&mrt->mfc_unres_queue);
326

327
	setup_timer(&mrt->ipmr_expire_timer, ipmr_expire_process,
328
		    (unsigned long)mrt);
329

330
#ifdef CONFIG_IP_PIMSM
331
	mrt->mroute_reg_vif_num = -1;
332
#endif
333
#ifdef CONFIG_IP_MROUTE_MULTIPLE_TABLES
334
	list_add_tail_rcu(&mrt->list, &net->ipv4.mr_tables);
335
#endif
336
	return mrt;
337
}
338

339
/* Service routines creating virtual interfaces: DVMRP tunnels and PIMREG */
340

341
static void ipmr_del_tunnel(struct net_device *dev, struct vifctl *v)
342
{
343
	struct net *net = dev_net(dev);
344

345
	dev_close(dev);
346

347
	dev = __dev_get_by_name(net, "tunl0");
348
	if (dev) {
349
		const struct net_device_ops *ops = dev->netdev_ops;
350
		struct ifreq ifr;
351
		struct ip_tunnel_parm p;
352

353
		memset(&p, 0, sizeof(p));
354
		p.iph.daddr = v->vifc_rmt_addr.s_addr;
355
		p.iph.saddr = v->vifc_lcl_addr.s_addr;
356
		p.iph.version = 4;
357
		p.iph.ihl = 5;
358
		p.iph.protocol = IPPROTO_IPIP;
359
		sprintf(p.name, "dvmrp%d", v->vifc_vifi);
360
		ifr.ifr_ifru.ifru_data = (__force void __user *)&p;
361

362
		if (ops->ndo_do_ioctl) {
363
			mm_segment_t oldfs = get_fs();
364

365
			set_fs(KERNEL_DS);
366
			ops->ndo_do_ioctl(dev, &ifr, SIOCDELTUNNEL);
367
			set_fs(oldfs);
368
		}
369
	}
370
}
371

372
static
373
struct net_device *ipmr_new_tunnel(struct net *net, struct vifctl *v)
374
{
375
	struct net_device  *dev;
376

377
	dev = __dev_get_by_name(net, "tunl0");
378

379
	if (dev) {
380
		const struct net_device_ops *ops = dev->netdev_ops;
381
		int err;
382
		struct ifreq ifr;
383
		struct ip_tunnel_parm p;
384
		struct in_device  *in_dev;
385

386
		memset(&p, 0, sizeof(p));
387
		p.iph.daddr = v->vifc_rmt_addr.s_addr;
388
		p.iph.saddr = v->vifc_lcl_addr.s_addr;
389
		p.iph.version = 4;
390
		p.iph.ihl = 5;
391
		p.iph.protocol = IPPROTO_IPIP;
392
		sprintf(p.name, "dvmrp%d", v->vifc_vifi);
393
		ifr.ifr_ifru.ifru_data = (__force void __user *)&p;
394

395
		if (ops->ndo_do_ioctl) {
396
			mm_segment_t oldfs = get_fs();
397

398
			set_fs(KERNEL_DS);
399
			err = ops->ndo_do_ioctl(dev, &ifr, SIOCADDTUNNEL);
400
			set_fs(oldfs);
401
		} else {
402
			err = -EOPNOTSUPP;
403
		}
404
		dev = NULL;
405

406
		if (err == 0 &&
407
		    (dev = __dev_get_by_name(net, p.name)) != NULL) {
408
			dev->flags |= IFF_MULTICAST;
409

410
			in_dev = __in_dev_get_rtnl(dev);
411
			if (in_dev == NULL)
412
				goto failure;
413

414
			ipv4_devconf_setall(in_dev);
415
			IPV4_DEVCONF(in_dev->cnf, RP_FILTER) = 0;
416

417
			if (dev_open(dev))
418
				goto failure;
419
			dev_hold(dev);
420
		}
421
	}
422
	return dev;
423

424
failure:
425
	/* allow the register to be completed before unregistering. */
426
	rtnl_unlock();
427
	rtnl_lock();
428

429
	unregister_netdevice(dev);
430
	return NULL;
431
}
432

433
#ifdef CONFIG_IP_PIMSM
434

435
static netdev_tx_t reg_vif_xmit(struct sk_buff *skb, struct net_device *dev)
436
{
437
	struct net *net = dev_net(dev);
438
	struct mr_table *mrt;
439
	struct flowi4 fl4 = {
440
		.flowi4_oif	= dev->ifindex,
441
		.flowi4_iif	= skb->skb_iif,
442
		.flowi4_mark	= skb->mark,
443
	};
444
	int err;
445

446
	err = ipmr_fib_lookup(net, &fl4, &mrt);
447
	if (err < 0) {
448
		kfree_skb(skb);
449
		return err;
450
	}
451

452
	read_lock(&mrt_lock);
453
	dev->stats.tx_bytes += skb->len;
454
	dev->stats.tx_packets++;
455
	ipmr_cache_report(mrt, skb, mrt->mroute_reg_vif_num, IGMPMSG_WHOLEPKT);
456
	read_unlock(&mrt_lock);
457
	kfree_skb(skb);
458
	return NETDEV_TX_OK;
459
}
460

461
static const struct net_device_ops reg_vif_netdev_ops = {
462
	.ndo_start_xmit	= reg_vif_xmit,
463
};
464

465
static void reg_vif_setup(struct net_device *dev)
466
{
467
	dev->type		= ARPHRD_PIMREG;
468
	dev->mtu		= ETH_DATA_LEN - sizeof(struct iphdr) - 8;
469
	dev->flags		= IFF_NOARP;
470
	dev->netdev_ops		= &reg_vif_netdev_ops,
471
	dev->destructor		= free_netdev;
472
	dev->features		|= NETIF_F_NETNS_LOCAL;
473
}
474

475
static struct net_device *ipmr_reg_vif(struct net *net, struct mr_table *mrt)
476
{
477
	struct net_device *dev;
478
	struct in_device *in_dev;
479
	char name[IFNAMSIZ];
480

481
	if (mrt->id == RT_TABLE_DEFAULT)
482
		sprintf(name, "pimreg");
483
	else
484
		sprintf(name, "pimreg%u", mrt->id);
485

486
	dev = alloc_netdev(0, name, reg_vif_setup);
487

488
	if (dev == NULL)
489
		return NULL;
490

491
	dev_net_set(dev, net);
492

493
	if (register_netdevice(dev)) {
494
		free_netdev(dev);
495
		return NULL;
496
	}
497
	dev->iflink = 0;
498

499
	rcu_read_lock();
500
	in_dev = __in_dev_get_rcu(dev);
501
	if (!in_dev) {
502
		rcu_read_unlock();
503
		goto failure;
504
	}
505

506
	ipv4_devconf_setall(in_dev);
507
	IPV4_DEVCONF(in_dev->cnf, RP_FILTER) = 0;
508
	rcu_read_unlock();
509

510
	if (dev_open(dev))
511
		goto failure;
512

513
	dev_hold(dev);
514

515
	return dev;
516

517
failure:
518
	/* allow the register to be completed before unregistering. */
519
	rtnl_unlock();
520
	rtnl_lock();
521

522
	unregister_netdevice(dev);
523
	return NULL;
524
}
525
#endif
526

527
/*
528
 *	Delete a VIF entry
529
 *	@notify: Set to 1, if the caller is a notifier_call
530
 */
531

532
static int vif_delete(struct mr_table *mrt, int vifi, int notify,
533
		      struct list_head *head)
534
{
535
	struct vif_device *v;
536
	struct net_device *dev;
537
	struct in_device *in_dev;
538

539
	if (vifi < 0 || vifi >= mrt->maxvif)
540
		return -EADDRNOTAVAIL;
541

542
	v = &mrt->vif_table[vifi];
543

544
	write_lock_bh(&mrt_lock);
545
	dev = v->dev;
546
	v->dev = NULL;
547

548
	if (!dev) {
549
		write_unlock_bh(&mrt_lock);
550
		return -EADDRNOTAVAIL;
551
	}
552

553
#ifdef CONFIG_IP_PIMSM
554
	if (vifi == mrt->mroute_reg_vif_num)
555
		mrt->mroute_reg_vif_num = -1;
556
#endif
557

558
	if (vifi + 1 == mrt->maxvif) {
559
		int tmp;
560

561
		for (tmp = vifi - 1; tmp >= 0; tmp--) {
562
			if (VIF_EXISTS(mrt, tmp))
563
				break;
564
		}
565
		mrt->maxvif = tmp+1;
566
	}
567

568
	write_unlock_bh(&mrt_lock);
569

570
	dev_set_allmulti(dev, -1);
571

572
	in_dev = __in_dev_get_rtnl(dev);
573
	if (in_dev) {
574
		IPV4_DEVCONF(in_dev->cnf, MC_FORWARDING)--;
575
		ip_rt_multicast_event(in_dev);
576
	}
577

578
	if (v->flags & (VIFF_TUNNEL | VIFF_REGISTER) && !notify)
579
		unregister_netdevice_queue(dev, head);
580

581
	dev_put(dev);
582
	return 0;
583
}
584

585
static void ipmr_cache_free_rcu(struct rcu_head *head)
586
{
587
	struct mfc_cache *c = container_of(head, struct mfc_cache, rcu);
588

589
	kmem_cache_free(mrt_cachep, c);
590
}
591

592
static inline void ipmr_cache_free(struct mfc_cache *c)
593
{
594
	call_rcu(&c->rcu, ipmr_cache_free_rcu);
595
}
596

597
/* Destroy an unresolved cache entry, killing queued skbs
598
 * and reporting error to netlink readers.
599
 */
600

601
static void ipmr_destroy_unres(struct mr_table *mrt, struct mfc_cache *c)
602
{
603
	struct net *net = read_pnet(&mrt->net);
604
	struct sk_buff *skb;
605
	struct nlmsgerr *e;
606

607
	atomic_dec(&mrt->cache_resolve_queue_len);
608

609
	while ((skb = skb_dequeue(&c->mfc_un.unres.unresolved))) {
610
		if (ip_hdr(skb)->version == 0) {
611
			struct nlmsghdr *nlh = (struct nlmsghdr *)skb_pull(skb, sizeof(struct iphdr));
612
			nlh->nlmsg_type = NLMSG_ERROR;
613
			nlh->nlmsg_len = NLMSG_LENGTH(sizeof(struct nlmsgerr));
614
			skb_trim(skb, nlh->nlmsg_len);
615
			e = NLMSG_DATA(nlh);
616
			e->error = -ETIMEDOUT;
617
			memset(&e->msg, 0, sizeof(e->msg));
618

619
			rtnl_unicast(skb, net, NETLINK_CB(skb).pid);
620
		} else {
621
			kfree_skb(skb);
622
		}
623
	}
624

625
	ipmr_cache_free(c);
626
}
627

628

629
/* Timer process for the unresolved queue. */
630

631
static void ipmr_expire_process(unsigned long arg)
632
{
633
	struct mr_table *mrt = (struct mr_table *)arg;
634
	unsigned long now;
635
	unsigned long expires;
636
	struct mfc_cache *c, *next;
637

638
	if (!spin_trylock(&mfc_unres_lock)) {
639
		mod_timer(&mrt->ipmr_expire_timer, jiffies+HZ/10);
640
		return;
641
	}
642

643
	if (list_empty(&mrt->mfc_unres_queue))
644
		goto out;
645

646
	now = jiffies;
647
	expires = 10*HZ;
648

649
	list_for_each_entry_safe(c, next, &mrt->mfc_unres_queue, list) {
650
		if (time_after(c->mfc_un.unres.expires, now)) {
651
			unsigned long interval = c->mfc_un.unres.expires - now;
652
			if (interval < expires)
653
				expires = interval;
654
			continue;
655
		}
656

657
		list_del(&c->list);
658
		ipmr_destroy_unres(mrt, c);
659
	}
660

661
	if (!list_empty(&mrt->mfc_unres_queue))
662
		mod_timer(&mrt->ipmr_expire_timer, jiffies + expires);
663

664
out:
665
	spin_unlock(&mfc_unres_lock);
666
}
667

668
/* Fill oifs list. It is called under write locked mrt_lock. */
669

670
static void ipmr_update_thresholds(struct mr_table *mrt, struct mfc_cache *cache,
671
				   unsigned char *ttls)
672
{
673
	int vifi;
674

675
	cache->mfc_un.res.minvif = MAXVIFS;
676
	cache->mfc_un.res.maxvif = 0;
677
	memset(cache->mfc_un.res.ttls, 255, MAXVIFS);
678

679
	for (vifi = 0; vifi < mrt->maxvif; vifi++) {
680
		if (VIF_EXISTS(mrt, vifi) &&
681
		    ttls[vifi] && ttls[vifi] < 255) {
682
			cache->mfc_un.res.ttls[vifi] = ttls[vifi];
683
			if (cache->mfc_un.res.minvif > vifi)
684
				cache->mfc_un.res.minvif = vifi;
685
			if (cache->mfc_un.res.maxvif <= vifi)
686
				cache->mfc_un.res.maxvif = vifi + 1;
687
		}
688
	}
689
}
690

691
static int vif_add(struct net *net, struct mr_table *mrt,
692
		   struct vifctl *vifc, int mrtsock)
693
{
694
	int vifi = vifc->vifc_vifi;
695
	struct vif_device *v = &mrt->vif_table[vifi];
696
	struct net_device *dev;
697
	struct in_device *in_dev;
698
	int err;
699

700
	/* Is vif busy ? */
701
	if (VIF_EXISTS(mrt, vifi))
702
		return -EADDRINUSE;
703

704
	switch (vifc->vifc_flags) {
705
#ifdef CONFIG_IP_PIMSM
706
	case VIFF_REGISTER:
707
		/*
708
		 * Special Purpose VIF in PIM
709
		 * All the packets will be sent to the daemon
710
		 */
711
		if (mrt->mroute_reg_vif_num >= 0)
712
			return -EADDRINUSE;
713
		dev = ipmr_reg_vif(net, mrt);
714
		if (!dev)
715
			return -ENOBUFS;
716
		err = dev_set_allmulti(dev, 1);
717
		if (err) {
718
			unregister_netdevice(dev);
719
			dev_put(dev);
720
			return err;
721
		}
722
		break;
723
#endif
724
	case VIFF_TUNNEL:
725
		dev = ipmr_new_tunnel(net, vifc);
726
		if (!dev)
727
			return -ENOBUFS;
728
		err = dev_set_allmulti(dev, 1);
729
		if (err) {
730
			ipmr_del_tunnel(dev, vifc);
731
			dev_put(dev);
732
			return err;
733
		}
734
		break;
735

736
	case VIFF_USE_IFINDEX:
737
	case 0:
738
		if (vifc->vifc_flags == VIFF_USE_IFINDEX) {
739
			dev = dev_get_by_index(net, vifc->vifc_lcl_ifindex);
740
			if (dev && __in_dev_get_rtnl(dev) == NULL) {
741
				dev_put(dev);
742
				return -EADDRNOTAVAIL;
743
			}
744
		} else {
745
			dev = ip_dev_find(net, vifc->vifc_lcl_addr.s_addr);
746
		}
747
		if (!dev)
748
			return -EADDRNOTAVAIL;
749
		err = dev_set_allmulti(dev, 1);
750
		if (err) {
751
			dev_put(dev);
752
			return err;
753
		}
754
		break;
755
	default:
756
		return -EINVAL;
757
	}
758

759
	in_dev = __in_dev_get_rtnl(dev);
760
	if (!in_dev) {
761
		dev_put(dev);
762
		return -EADDRNOTAVAIL;
763
	}
764
	IPV4_DEVCONF(in_dev->cnf, MC_FORWARDING)++;
765
	ip_rt_multicast_event(in_dev);
766

767
	/* Fill in the VIF structures */
768

769
	v->rate_limit = vifc->vifc_rate_limit;
770
	v->local = vifc->vifc_lcl_addr.s_addr;
771
	v->remote = vifc->vifc_rmt_addr.s_addr;
772
	v->flags = vifc->vifc_flags;
773
	if (!mrtsock)
774
		v->flags |= VIFF_STATIC;
775
	v->threshold = vifc->vifc_threshold;
776
	v->bytes_in = 0;
777
	v->bytes_out = 0;
778
	v->pkt_in = 0;
779
	v->pkt_out = 0;
780
	v->link = dev->ifindex;
781
	if (v->flags & (VIFF_TUNNEL | VIFF_REGISTER))
782
		v->link = dev->iflink;
783

784
	/* And finish update writing critical data */
785
	write_lock_bh(&mrt_lock);
786
	v->dev = dev;
787
#ifdef CONFIG_IP_PIMSM
788
	if (v->flags & VIFF_REGISTER)
789
		mrt->mroute_reg_vif_num = vifi;
790
#endif
791
	if (vifi+1 > mrt->maxvif)
792
		mrt->maxvif = vifi+1;
793
	write_unlock_bh(&mrt_lock);
794
	return 0;
795
}
796

797
/* called with rcu_read_lock() */
798
static struct mfc_cache *ipmr_cache_find(struct mr_table *mrt,
799
					 __be32 origin,
800
					 __be32 mcastgrp)
801
{
802
	int line = MFC_HASH(mcastgrp, origin);
803
	struct mfc_cache *c;
804

805
	list_for_each_entry_rcu(c, &mrt->mfc_cache_array[line], list) {
806
		if (c->mfc_origin == origin && c->mfc_mcastgrp == mcastgrp)
807
			return c;
808
	}
809
	return NULL;
810
}
811

812
/*
813
 *	Allocate a multicast cache entry
814
 */
815
static struct mfc_cache *ipmr_cache_alloc(void)
816
{
817
	struct mfc_cache *c = kmem_cache_zalloc(mrt_cachep, GFP_KERNEL);
818

819
	if (c)
820
		c->mfc_un.res.minvif = MAXVIFS;
821
	return c;
822
}
823

824
static struct mfc_cache *ipmr_cache_alloc_unres(void)
825
{
826
	struct mfc_cache *c = kmem_cache_zalloc(mrt_cachep, GFP_ATOMIC);
827

828
	if (c) {
829
		skb_queue_head_init(&c->mfc_un.unres.unresolved);
830
		c->mfc_un.unres.expires = jiffies + 10*HZ;
831
	}
832
	return c;
833
}
834

835
/*
836
 *	A cache entry has gone into a resolved state from queued
837
 */
838

839
static void ipmr_cache_resolve(struct net *net, struct mr_table *mrt,
840
			       struct mfc_cache *uc, struct mfc_cache *c)
841
{
842
	struct sk_buff *skb;
843
	struct nlmsgerr *e;
844

845
	/* Play the pending entries through our router */
846

847
	while ((skb = __skb_dequeue(&uc->mfc_un.unres.unresolved))) {
848
		if (ip_hdr(skb)->version == 0) {
849
			struct nlmsghdr *nlh = (struct nlmsghdr *)skb_pull(skb, sizeof(struct iphdr));
850

851
			if (__ipmr_fill_mroute(mrt, skb, c, NLMSG_DATA(nlh)) > 0) {
852
				nlh->nlmsg_len = skb_tail_pointer(skb) -
853
						 (u8 *)nlh;
854
			} else {
855
				nlh->nlmsg_type = NLMSG_ERROR;
856
				nlh->nlmsg_len = NLMSG_LENGTH(sizeof(struct nlmsgerr));
857
				skb_trim(skb, nlh->nlmsg_len);
858
				e = NLMSG_DATA(nlh);
859
				e->error = -EMSGSIZE;
860
				memset(&e->msg, 0, sizeof(e->msg));
861
			}
862

863
			rtnl_unicast(skb, net, NETLINK_CB(skb).pid);
864
		} else {
865
			ip_mr_forward(net, mrt, skb, c, 0);
866
		}
867
	}
868
}
869

870
/*
871
 *	Bounce a cache query up to mrouted. We could use netlink for this but mrouted
872
 *	expects the following bizarre scheme.
873
 *
874
 *	Called under mrt_lock.
875
 */
876

877
static int ipmr_cache_report(struct mr_table *mrt,
878
			     struct sk_buff *pkt, vifi_t vifi, int assert)
879
{
880
	struct sk_buff *skb;
881
	const int ihl = ip_hdrlen(pkt);
882
	struct igmphdr *igmp;
883
	struct igmpmsg *msg;
884
	struct sock *mroute_sk;
885
	int ret;
886

887
#ifdef CONFIG_IP_PIMSM
888
	if (assert == IGMPMSG_WHOLEPKT)
889
		skb = skb_realloc_headroom(pkt, sizeof(struct iphdr));
890
	else
891
#endif
892
		skb = alloc_skb(128, GFP_ATOMIC);
893

894
	if (!skb)
895
		return -ENOBUFS;
896

897
#ifdef CONFIG_IP_PIMSM
898
	if (assert == IGMPMSG_WHOLEPKT) {
899
		/* Ugly, but we have no choice with this interface.
900
		 * Duplicate old header, fix ihl, length etc.
901
		 * And all this only to mangle msg->im_msgtype and
902
		 * to set msg->im_mbz to "mbz" :-)
903
		 */
904
		skb_push(skb, sizeof(struct iphdr));
905
		skb_reset_network_header(skb);
906
		skb_reset_transport_header(skb);
907
		msg = (struct igmpmsg *)skb_network_header(skb);
908
		memcpy(msg, skb_network_header(pkt), sizeof(struct iphdr));
909
		msg->im_msgtype = IGMPMSG_WHOLEPKT;
910
		msg->im_mbz = 0;
911
		msg->im_vif = mrt->mroute_reg_vif_num;
912
		ip_hdr(skb)->ihl = sizeof(struct iphdr) >> 2;
913
		ip_hdr(skb)->tot_len = htons(ntohs(ip_hdr(pkt)->tot_len) +
914
					     sizeof(struct iphdr));
915
	} else
916
#endif
917
	{
918

919
	/* Copy the IP header */
920

921
	skb->network_header = skb->tail;
922
	skb_put(skb, ihl);
923
	skb_copy_to_linear_data(skb, pkt->data, ihl);
924
	ip_hdr(skb)->protocol = 0;	/* Flag to the kernel this is a route add */
925
	msg = (struct igmpmsg *)skb_network_header(skb);
926
	msg->im_vif = vifi;
927
	skb_dst_set(skb, dst_clone(skb_dst(pkt)));
928

929
	/* Add our header */
930

931
	igmp = (struct igmphdr *)skb_put(skb, sizeof(struct igmphdr));
932
	igmp->type	=
933
	msg->im_msgtype = assert;
934
	igmp->code	= 0;
935
	ip_hdr(skb)->tot_len = htons(skb->len);		/* Fix the length */
936
	skb->transport_header = skb->network_header;
937
	}
938

939
	rcu_read_lock();
940
	mroute_sk = rcu_dereference(mrt->mroute_sk);
941
	if (mroute_sk == NULL) {
942
		rcu_read_unlock();
943
		kfree_skb(skb);
944
		return -EINVAL;
945
	}
946

947
	/* Deliver to mrouted */
948

949
	ret = sock_queue_rcv_skb(mroute_sk, skb);
950
	rcu_read_unlock();
951
	if (ret < 0) {
952
		if (net_ratelimit())
953
			printk(KERN_WARNING "mroute: pending queue full, dropping entries.\n");
954
		kfree_skb(skb);
955
	}
956

957
	return ret;
958
}
959

960
/*
961
 *	Queue a packet for resolution. It gets locked cache entry!
962
 */
963

964
static int
965
ipmr_cache_unresolved(struct mr_table *mrt, vifi_t vifi, struct sk_buff *skb)
966
{
967
	bool found = false;
968
	int err;
969
	struct mfc_cache *c;
970
	const struct iphdr *iph = ip_hdr(skb);
971

972
	spin_lock_bh(&mfc_unres_lock);
973
	list_for_each_entry(c, &mrt->mfc_unres_queue, list) {
974
		if (c->mfc_mcastgrp == iph->daddr &&
975
		    c->mfc_origin == iph->saddr) {
976
			found = true;
977
			break;
978
		}
979
	}
980

981
	if (!found) {
982
		/* Create a new entry if allowable */
983

984
		if (atomic_read(&mrt->cache_resolve_queue_len) >= 10 ||
985
		    (c = ipmr_cache_alloc_unres()) == NULL) {
986
			spin_unlock_bh(&mfc_unres_lock);
987

988
			kfree_skb(skb);
989
			return -ENOBUFS;
990
		}
991

992
		/* Fill in the new cache entry */
993

994
		c->mfc_parent	= -1;
995
		c->mfc_origin	= iph->saddr;
996
		c->mfc_mcastgrp	= iph->daddr;
997

998
		/* Reflect first query at mrouted. */
999

1000
		err = ipmr_cache_report(mrt, skb, vifi, IGMPMSG_NOCACHE);
1001
		if (err < 0) {
1002
			/* If the report failed throw the cache entry
1003
			   out - Brad Parker
1004
			 */
1005
			spin_unlock_bh(&mfc_unres_lock);
1006

1007
			ipmr_cache_free(c);
1008
			kfree_skb(skb);
1009
			return err;
1010
		}
1011

1012
		atomic_inc(&mrt->cache_resolve_queue_len);
1013
		list_add(&c->list, &mrt->mfc_unres_queue);
1014

1015
		if (atomic_read(&mrt->cache_resolve_queue_len) == 1)
1016
			mod_timer(&mrt->ipmr_expire_timer, c->mfc_un.unres.expires);
1017
	}
1018

1019
	/* See if we can append the packet */
1020

1021
	if (c->mfc_un.unres.unresolved.qlen > 3) {
1022
		kfree_skb(skb);
1023
		err = -ENOBUFS;
1024
	} else {
1025
		skb_queue_tail(&c->mfc_un.unres.unresolved, skb);
1026
		err = 0;
1027
	}
1028

1029
	spin_unlock_bh(&mfc_unres_lock);
1030
	return err;
1031
}
1032

1033
/*
1034
 *	MFC cache manipulation by user space mroute daemon
1035
 */
1036

1037
static int ipmr_mfc_delete(struct mr_table *mrt, struct mfcctl *mfc)
1038
{
1039
	int line;
1040
	struct mfc_cache *c, *next;
1041

1042
	line = MFC_HASH(mfc->mfcc_mcastgrp.s_addr, mfc->mfcc_origin.s_addr);
1043

1044
	list_for_each_entry_safe(c, next, &mrt->mfc_cache_array[line], list) {
1045
		if (c->mfc_origin == mfc->mfcc_origin.s_addr &&
1046
		    c->mfc_mcastgrp == mfc->mfcc_mcastgrp.s_addr) {
1047
			list_del_rcu(&c->list);
1048

1049
			ipmr_cache_free(c);
1050
			return 0;
1051
		}
1052
	}
1053
	return -ENOENT;
1054
}
1055

1056
static int ipmr_mfc_add(struct net *net, struct mr_table *mrt,
1057
			struct mfcctl *mfc, int mrtsock)
1058
{
1059
	bool found = false;
1060
	int line;
1061
	struct mfc_cache *uc, *c;
1062

1063
	if (mfc->mfcc_parent >= MAXVIFS)
1064
		return -ENFILE;
1065

1066
	line = MFC_HASH(mfc->mfcc_mcastgrp.s_addr, mfc->mfcc_origin.s_addr);
1067

1068
	list_for_each_entry(c, &mrt->mfc_cache_array[line], list) {
1069
		if (c->mfc_origin == mfc->mfcc_origin.s_addr &&
1070
		    c->mfc_mcastgrp == mfc->mfcc_mcastgrp.s_addr) {
1071
			found = true;
1072
			break;
1073
		}
1074
	}
1075

1076
	if (found) {
1077
		write_lock_bh(&mrt_lock);
1078
		c->mfc_parent = mfc->mfcc_parent;
1079
		ipmr_update_thresholds(mrt, c, mfc->mfcc_ttls);
1080
		if (!mrtsock)
1081
			c->mfc_flags |= MFC_STATIC;
1082
		write_unlock_bh(&mrt_lock);
1083
		return 0;
1084
	}
1085

1086
	if (!ipv4_is_multicast(mfc->mfcc_mcastgrp.s_addr))
1087
		return -EINVAL;
1088

1089
	c = ipmr_cache_alloc();
1090
	if (c == NULL)
1091
		return -ENOMEM;
1092

1093
	c->mfc_origin = mfc->mfcc_origin.s_addr;
1094
	c->mfc_mcastgrp = mfc->mfcc_mcastgrp.s_addr;
1095
	c->mfc_parent = mfc->mfcc_parent;
1096
	ipmr_update_thresholds(mrt, c, mfc->mfcc_ttls);
1097
	if (!mrtsock)
1098
		c->mfc_flags |= MFC_STATIC;
1099

1100
	list_add_rcu(&c->list, &mrt->mfc_cache_array[line]);
1101

1102
	/*
1103
	 *	Check to see if we resolved a queued list. If so we
1104
	 *	need to send on the frames and tidy up.
1105
	 */
1106
	found = false;
1107
	spin_lock_bh(&mfc_unres_lock);
1108
	list_for_each_entry(uc, &mrt->mfc_unres_queue, list) {
1109
		if (uc->mfc_origin == c->mfc_origin &&
1110
		    uc->mfc_mcastgrp == c->mfc_mcastgrp) {
1111
			list_del(&uc->list);
1112
			atomic_dec(&mrt->cache_resolve_queue_len);
1113
			found = true;
1114
			break;
1115
		}
1116
	}
1117
	if (list_empty(&mrt->mfc_unres_queue))
1118
		del_timer(&mrt->ipmr_expire_timer);
1119
	spin_unlock_bh(&mfc_unres_lock);
1120

1121
	if (found) {
1122
		ipmr_cache_resolve(net, mrt, uc, c);
1123
		ipmr_cache_free(uc);
1124
	}
1125
	return 0;
1126
}
1127

1128
/*
1129
 *	Close the multicast socket, and clear the vif tables etc
1130
 */
1131

1132
static void mroute_clean_tables(struct mr_table *mrt)
1133
{
1134
	int i;
1135
	LIST_HEAD(list);
1136
	struct mfc_cache *c, *next;
1137

1138
	/* Shut down all active vif entries */
1139

1140
	for (i = 0; i < mrt->maxvif; i++) {
1141
		if (!(mrt->vif_table[i].flags & VIFF_STATIC))
1142
			vif_delete(mrt, i, 0, &list);
1143
	}
1144
	unregister_netdevice_many(&list);
1145

1146
	/* Wipe the cache */
1147

1148
	for (i = 0; i < MFC_LINES; i++) {
1149
		list_for_each_entry_safe(c, next, &mrt->mfc_cache_array[i], list) {
1150
			if (c->mfc_flags & MFC_STATIC)
1151
				continue;
1152
			list_del_rcu(&c->list);
1153
			ipmr_cache_free(c);
1154
		}
1155
	}
1156

1157
	if (atomic_read(&mrt->cache_resolve_queue_len) != 0) {
1158
		spin_lock_bh(&mfc_unres_lock);
1159
		list_for_each_entry_safe(c, next, &mrt->mfc_unres_queue, list) {
1160
			list_del(&c->list);
1161
			ipmr_destroy_unres(mrt, c);
1162
		}
1163
		spin_unlock_bh(&mfc_unres_lock);
1164
	}
1165
}
1166

1167
/* called from ip_ra_control(), before an RCU grace period,
1168
 * we dont need to call synchronize_rcu() here
1169
 */
1170
static void mrtsock_destruct(struct sock *sk)
1171
{
1172
	struct net *net = sock_net(sk);
1173
	struct mr_table *mrt;
1174

1175
	rtnl_lock();
1176
	ipmr_for_each_table(mrt, net) {
1177
		if (sk == rtnl_dereference(mrt->mroute_sk)) {
1178
			IPV4_DEVCONF_ALL(net, MC_FORWARDING)--;
1179
			rcu_assign_pointer(mrt->mroute_sk, NULL);
1180
			mroute_clean_tables(mrt);
1181
		}
1182
	}
1183
	rtnl_unlock();
1184
}
1185

1186
/*
1187
 *	Socket options and virtual interface manipulation. The whole
1188
 *	virtual interface system is a complete heap, but unfortunately
1189
 *	that's how BSD mrouted happens to think. Maybe one day with a proper
1190
 *	MOSPF/PIM router set up we can clean this up.
1191
 */
1192

1193
int ip_mroute_setsockopt(struct sock *sk, int optname, char __user *optval, unsigned int optlen)
1194
{
1195
	int ret;
1196
	struct vifctl vif;
1197
	struct mfcctl mfc;
1198
	struct net *net = sock_net(sk);
1199
	struct mr_table *mrt;
1200

1201
	mrt = ipmr_get_table(net, raw_sk(sk)->ipmr_table ? : RT_TABLE_DEFAULT);
1202
	if (mrt == NULL)
1203
		return -ENOENT;
1204

1205
	if (optname != MRT_INIT) {
1206
		if (sk != rcu_dereference_raw(mrt->mroute_sk) &&
1207
		    !capable(CAP_NET_ADMIN))
1208
			return -EACCES;
1209
	}
1210

1211
	switch (optname) {
1212
	case MRT_INIT:
1213
		if (sk->sk_type != SOCK_RAW ||
1214
		    inet_sk(sk)->inet_num != IPPROTO_IGMP)
1215
			return -EOPNOTSUPP;
1216
		if (optlen != sizeof(int))
1217
			return -ENOPROTOOPT;
1218

1219
		rtnl_lock();
1220
		if (rtnl_dereference(mrt->mroute_sk)) {
1221
			rtnl_unlock();
1222
			return -EADDRINUSE;
1223
		}
1224

1225
		ret = ip_ra_control(sk, 1, mrtsock_destruct);
1226
		if (ret == 0) {
1227
			rcu_assign_pointer(mrt->mroute_sk, sk);
1228
			IPV4_DEVCONF_ALL(net, MC_FORWARDING)++;
1229
		}
1230
		rtnl_unlock();
1231
		return ret;
1232
	case MRT_DONE:
1233
		if (sk != rcu_dereference_raw(mrt->mroute_sk))
1234
			return -EACCES;
1235
		return ip_ra_control(sk, 0, NULL);
1236
	case MRT_ADD_VIF:
1237
	case MRT_DEL_VIF:
1238
		if (optlen != sizeof(vif))
1239
			return -EINVAL;
1240
		if (copy_from_user(&vif, optval, sizeof(vif)))
1241
			return -EFAULT;
1242
		if (vif.vifc_vifi >= MAXVIFS)
1243
			return -ENFILE;
1244
		rtnl_lock();
1245
		if (optname == MRT_ADD_VIF) {
1246
			ret = vif_add(net, mrt, &vif,
1247
				      sk == rtnl_dereference(mrt->mroute_sk));
1248
		} else {
1249
			ret = vif_delete(mrt, vif.vifc_vifi, 0, NULL);
1250
		}
1251
		rtnl_unlock();
1252
		return ret;
1253

1254
		/*
1255
		 *	Manipulate the forwarding caches. These live
1256
		 *	in a sort of kernel/user symbiosis.
1257
		 */
1258
	case MRT_ADD_MFC:
1259
	case MRT_DEL_MFC:
1260
		if (optlen != sizeof(mfc))
1261
			return -EINVAL;
1262
		if (copy_from_user(&mfc, optval, sizeof(mfc)))
1263
			return -EFAULT;
1264
		rtnl_lock();
1265
		if (optname == MRT_DEL_MFC)
1266
			ret = ipmr_mfc_delete(mrt, &mfc);
1267
		else
1268
			ret = ipmr_mfc_add(net, mrt, &mfc,
1269
					   sk == rtnl_dereference(mrt->mroute_sk));
1270
		rtnl_unlock();
1271
		return ret;
1272
		/*
1273
		 *	Control PIM assert.
1274
		 */
1275
	case MRT_ASSERT:
1276
	{
1277
		int v;
1278
		if (get_user(v, (int __user *)optval))
1279
			return -EFAULT;
1280
		mrt->mroute_do_assert = (v) ? 1 : 0;
1281
		return 0;
1282
	}
1283
#ifdef CONFIG_IP_PIMSM
1284
	case MRT_PIM:
1285
	{
1286
		int v;
1287

1288
		if (get_user(v, (int __user *)optval))
1289
			return -EFAULT;
1290
		v = (v) ? 1 : 0;
1291

1292
		rtnl_lock();
1293
		ret = 0;
1294
		if (v != mrt->mroute_do_pim) {
1295
			mrt->mroute_do_pim = v;
1296
			mrt->mroute_do_assert = v;
1297
		}
1298
		rtnl_unlock();
1299
		return ret;
1300
	}
1301
#endif
1302
#ifdef CONFIG_IP_MROUTE_MULTIPLE_TABLES
1303
	case MRT_TABLE:
1304
	{
1305
		u32 v;
1306

1307
		if (optlen != sizeof(u32))
1308
			return -EINVAL;
1309
		if (get_user(v, (u32 __user *)optval))
1310
			return -EFAULT;
1311

1312
		rtnl_lock();
1313
		ret = 0;
1314
		if (sk == rtnl_dereference(mrt->mroute_sk)) {
1315
			ret = -EBUSY;
1316
		} else {
1317
			if (!ipmr_new_table(net, v))
1318
				ret = -ENOMEM;
1319
			raw_sk(sk)->ipmr_table = v;
1320
		}
1321
		rtnl_unlock();
1322
		return ret;
1323
	}
1324
#endif
1325
	/*
1326
	 *	Spurious command, or MRT_VERSION which you cannot
1327
	 *	set.
1328
	 */
1329
	default:
1330
		return -ENOPROTOOPT;
1331
	}
1332
}
1333

1334
/*
1335
 *	Getsock opt support for the multicast routing system.
1336
 */
1337

1338
int ip_mroute_getsockopt(struct sock *sk, int optname, char __user *optval, int __user *optlen)
1339
{
1340
	int olr;
1341
	int val;
1342
	struct net *net = sock_net(sk);
1343
	struct mr_table *mrt;
1344

1345
	mrt = ipmr_get_table(net, raw_sk(sk)->ipmr_table ? : RT_TABLE_DEFAULT);
1346
	if (mrt == NULL)
1347
		return -ENOENT;
1348

1349
	if (optname != MRT_VERSION &&
1350
#ifdef CONFIG_IP_PIMSM
1351
	   optname != MRT_PIM &&
1352
#endif
1353
	   optname != MRT_ASSERT)
1354
		return -ENOPROTOOPT;
1355

1356
	if (get_user(olr, optlen))
1357
		return -EFAULT;
1358

1359
	olr = min_t(unsigned int, olr, sizeof(int));
1360
	if (olr < 0)
1361
		return -EINVAL;
1362

1363
	if (put_user(olr, optlen))
1364
		return -EFAULT;
1365
	if (optname == MRT_VERSION)
1366
		val = 0x0305;
1367
#ifdef CONFIG_IP_PIMSM
1368
	else if (optname == MRT_PIM)
1369
		val = mrt->mroute_do_pim;
1370
#endif
1371
	else
1372
		val = mrt->mroute_do_assert;
1373
	if (copy_to_user(optval, &val, olr))
1374
		return -EFAULT;
1375
	return 0;
1376
}
1377

1378
/*
1379
 *	The IP multicast ioctl support routines.
1380
 */
1381

1382
int ipmr_ioctl(struct sock *sk, int cmd, void __user *arg)
1383
{
1384
	struct sioc_sg_req sr;
1385
	struct sioc_vif_req vr;
1386
	struct vif_device *vif;
1387
	struct mfc_cache *c;
1388
	struct net *net = sock_net(sk);
1389
	struct mr_table *mrt;
1390

1391
	mrt = ipmr_get_table(net, raw_sk(sk)->ipmr_table ? : RT_TABLE_DEFAULT);
1392
	if (mrt == NULL)
1393
		return -ENOENT;
1394

1395
	switch (cmd) {
1396
	case SIOCGETVIFCNT:
1397
		if (copy_from_user(&vr, arg, sizeof(vr)))
1398
			return -EFAULT;
1399
		if (vr.vifi >= mrt->maxvif)
1400
			return -EINVAL;
1401
		read_lock(&mrt_lock);
1402
		vif = &mrt->vif_table[vr.vifi];
1403
		if (VIF_EXISTS(mrt, vr.vifi)) {
1404
			vr.icount = vif->pkt_in;
1405
			vr.ocount = vif->pkt_out;
1406
			vr.ibytes = vif->bytes_in;
1407
			vr.obytes = vif->bytes_out;
1408
			read_unlock(&mrt_lock);
1409

1410
			if (copy_to_user(arg, &vr, sizeof(vr)))
1411
				return -EFAULT;
1412
			return 0;
1413
		}
1414
		read_unlock(&mrt_lock);
1415
		return -EADDRNOTAVAIL;
1416
	case SIOCGETSGCNT:
1417
		if (copy_from_user(&sr, arg, sizeof(sr)))
1418
			return -EFAULT;
1419

1420
		rcu_read_lock();
1421
		c = ipmr_cache_find(mrt, sr.src.s_addr, sr.grp.s_addr);
1422
		if (c) {
1423
			sr.pktcnt = c->mfc_un.res.pkt;
1424
			sr.bytecnt = c->mfc_un.res.bytes;
1425
			sr.wrong_if = c->mfc_un.res.wrong_if;
1426
			rcu_read_unlock();
1427

1428
			if (copy_to_user(arg, &sr, sizeof(sr)))
1429
				return -EFAULT;
1430
			return 0;
1431
		}
1432
		rcu_read_unlock();
1433
		return -EADDRNOTAVAIL;
1434
	default:
1435
		return -ENOIOCTLCMD;
1436
	}
1437
}
1438

1439
#ifdef CONFIG_COMPAT
1440
struct compat_sioc_sg_req {
1441
	struct in_addr src;
1442
	struct in_addr grp;
1443
	compat_ulong_t pktcnt;
1444
	compat_ulong_t bytecnt;
1445
	compat_ulong_t wrong_if;
1446
};
1447

1448
struct compat_sioc_vif_req {
1449
	vifi_t	vifi;		/* Which iface */
1450
	compat_ulong_t icount;
1451
	compat_ulong_t ocount;
1452
	compat_ulong_t ibytes;
1453
	compat_ulong_t obytes;
1454
};
1455

1456
int ipmr_compat_ioctl(struct sock *sk, unsigned int cmd, void __user *arg)
1457
{
1458
	struct compat_sioc_sg_req sr;
1459
	struct compat_sioc_vif_req vr;
1460
	struct vif_device *vif;
1461
	struct mfc_cache *c;
1462
	struct net *net = sock_net(sk);
1463
	struct mr_table *mrt;
1464

1465
	mrt = ipmr_get_table(net, raw_sk(sk)->ipmr_table ? : RT_TABLE_DEFAULT);
1466
	if (mrt == NULL)
1467
		return -ENOENT;
1468

1469
	switch (cmd) {
1470
	case SIOCGETVIFCNT:
1471
		if (copy_from_user(&vr, arg, sizeof(vr)))
1472
			return -EFAULT;
1473
		if (vr.vifi >= mrt->maxvif)
1474
			return -EINVAL;
1475
		read_lock(&mrt_lock);
1476
		vif = &mrt->vif_table[vr.vifi];
1477
		if (VIF_EXISTS(mrt, vr.vifi)) {
1478
			vr.icount = vif->pkt_in;
1479
			vr.ocount = vif->pkt_out;
1480
			vr.ibytes = vif->bytes_in;
1481
			vr.obytes = vif->bytes_out;
1482
			read_unlock(&mrt_lock);
1483

1484
			if (copy_to_user(arg, &vr, sizeof(vr)))
1485
				return -EFAULT;
1486
			return 0;
1487
		}
1488
		read_unlock(&mrt_lock);
1489
		return -EADDRNOTAVAIL;
1490
	case SIOCGETSGCNT:
1491
		if (copy_from_user(&sr, arg, sizeof(sr)))
1492
			return -EFAULT;
1493

1494
		rcu_read_lock();
1495
		c = ipmr_cache_find(mrt, sr.src.s_addr, sr.grp.s_addr);
1496
		if (c) {
1497
			sr.pktcnt = c->mfc_un.res.pkt;
1498
			sr.bytecnt = c->mfc_un.res.bytes;
1499
			sr.wrong_if = c->mfc_un.res.wrong_if;
1500
			rcu_read_unlock();
1501

1502
			if (copy_to_user(arg, &sr, sizeof(sr)))
1503
				return -EFAULT;
1504
			return 0;
1505
		}
1506
		rcu_read_unlock();
1507
		return -EADDRNOTAVAIL;
1508
	default:
1509
		return -ENOIOCTLCMD;
1510
	}
1511
}
1512
#endif
1513

1514

1515
static int ipmr_device_event(struct notifier_block *this, unsigned long event, void *ptr)
1516
{
1517
	struct net_device *dev = ptr;
1518
	struct net *net = dev_net(dev);
1519
	struct mr_table *mrt;
1520
	struct vif_device *v;
1521
	int ct;
1522
	LIST_HEAD(list);
1523

1524
	if (event != NETDEV_UNREGISTER)
1525
		return NOTIFY_DONE;
1526

1527
	ipmr_for_each_table(mrt, net) {
1528
		v = &mrt->vif_table[0];
1529
		for (ct = 0; ct < mrt->maxvif; ct++, v++) {
1530
			if (v->dev == dev)
1531
				vif_delete(mrt, ct, 1, &list);
1532
		}
1533
	}
1534
	unregister_netdevice_many(&list);
1535
	return NOTIFY_DONE;
1536
}
1537

1538

1539
static struct notifier_block ip_mr_notifier = {
1540
	.notifier_call = ipmr_device_event,
1541
};
1542

1543
/*
1544
 *	Encapsulate a packet by attaching a valid IPIP header to it.
1545
 *	This avoids tunnel drivers and other mess and gives us the speed so
1546
 *	important for multicast video.
1547
 */
1548

1549
static void ip_encap(struct sk_buff *skb, __be32 saddr, __be32 daddr)
1550
{
1551
	struct iphdr *iph;
1552
	const struct iphdr *old_iph = ip_hdr(skb);
1553

1554
	skb_push(skb, sizeof(struct iphdr));
1555
	skb->transport_header = skb->network_header;
1556
	skb_reset_network_header(skb);
1557
	iph = ip_hdr(skb);
1558

1559
	iph->version	=	4;
1560
	iph->tos	=	old_iph->tos;
1561
	iph->ttl	=	old_iph->ttl;
1562
	iph->frag_off	=	0;
1563
	iph->daddr	=	daddr;
1564
	iph->saddr	=	saddr;
1565
	iph->protocol	=	IPPROTO_IPIP;
1566
	iph->ihl	=	5;
1567
	iph->tot_len	=	htons(skb->len);
1568
	ip_select_ident(iph, skb_dst(skb), NULL);
1569
	ip_send_check(iph);
1570

1571
	memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt));
1572
	nf_reset(skb);
1573
}
1574

1575
static inline int ipmr_forward_finish(struct sk_buff *skb)
1576
{
1577
	struct ip_options *opt = &(IPCB(skb)->opt);
1578

1579
	IP_INC_STATS_BH(dev_net(skb_dst(skb)->dev), IPSTATS_MIB_OUTFORWDATAGRAMS);
1580

1581
	if (unlikely(opt->optlen))
1582
		ip_forward_options(skb);
1583

1584
	return dst_output(skb);
1585
}
1586

1587
/*
1588
 *	Processing handlers for ipmr_forward
1589
 */
1590

1591
static void ipmr_queue_xmit(struct net *net, struct mr_table *mrt,
1592
			    struct sk_buff *skb, struct mfc_cache *c, int vifi)
1593
{
1594
	const struct iphdr *iph = ip_hdr(skb);
1595
	struct vif_device *vif = &mrt->vif_table[vifi];
1596
	struct net_device *dev;
1597
	struct rtable *rt;
1598
	struct flowi4 fl4;
1599
	int    encap = 0;
1600

1601
	if (vif->dev == NULL)
1602
		goto out_free;
1603

1604
#ifdef CONFIG_IP_PIMSM
1605
	if (vif->flags & VIFF_REGISTER) {
1606
		vif->pkt_out++;
1607
		vif->bytes_out += skb->len;
1608
		vif->dev->stats.tx_bytes += skb->len;
1609
		vif->dev->stats.tx_packets++;
1610
		ipmr_cache_report(mrt, skb, vifi, IGMPMSG_WHOLEPKT);
1611
		goto out_free;
1612
	}
1613
#endif
1614

1615
	if (vif->flags & VIFF_TUNNEL) {
1616
		rt = ip_route_output_ports(net, &fl4, NULL,
1617
					   vif->remote, vif->local,
1618
					   0, 0,
1619
					   IPPROTO_IPIP,
1620
					   RT_TOS(iph->tos), vif->link);
1621
		if (IS_ERR(rt))
1622
			goto out_free;
1623
		encap = sizeof(struct iphdr);
1624
	} else {
1625
		rt = ip_route_output_ports(net, &fl4, NULL, iph->daddr, 0,
1626
					   0, 0,
1627
					   IPPROTO_IPIP,
1628
					   RT_TOS(iph->tos), vif->link);
1629
		if (IS_ERR(rt))
1630
			goto out_free;
1631
	}
1632

1633
	dev = rt->dst.dev;
1634

1635
	if (skb->len+encap > dst_mtu(&rt->dst) && (ntohs(iph->frag_off) & IP_DF)) {
1636
		/* Do not fragment multicasts. Alas, IPv4 does not
1637
		 * allow to send ICMP, so that packets will disappear
1638
		 * to blackhole.
1639
		 */
1640

1641
		IP_INC_STATS_BH(dev_net(dev), IPSTATS_MIB_FRAGFAILS);
1642
		ip_rt_put(rt);
1643
		goto out_free;
1644
	}
1645

1646
	encap += LL_RESERVED_SPACE(dev) + rt->dst.header_len;
1647

1648
	if (skb_cow(skb, encap)) {
1649
		ip_rt_put(rt);
1650
		goto out_free;
1651
	}
1652

1653
	vif->pkt_out++;
1654
	vif->bytes_out += skb->len;
1655

1656
	skb_dst_drop(skb);
1657
	skb_dst_set(skb, &rt->dst);
1658
	ip_decrease_ttl(ip_hdr(skb));
1659

1660
	/* FIXME: forward and output firewalls used to be called here.
1661
	 * What do we do with netfilter? -- RR
1662
	 */
1663
	if (vif->flags & VIFF_TUNNEL) {
1664
		ip_encap(skb, vif->local, vif->remote);
1665
		/* FIXME: extra output firewall step used to be here. --RR */
1666
		vif->dev->stats.tx_packets++;
1667
		vif->dev->stats.tx_bytes += skb->len;
1668
	}
1669

1670
	IPCB(skb)->flags |= IPSKB_FORWARDED;
1671

1672
	/*
1673
	 * RFC1584 teaches, that DVMRP/PIM router must deliver packets locally
1674
	 * not only before forwarding, but after forwarding on all output
1675
	 * interfaces. It is clear, if mrouter runs a multicasting
1676
	 * program, it should receive packets not depending to what interface
1677
	 * program is joined.
1678
	 * If we will not make it, the program will have to join on all
1679
	 * interfaces. On the other hand, multihoming host (or router, but
1680
	 * not mrouter) cannot join to more than one interface - it will
1681
	 * result in receiving multiple packets.
1682
	 */
1683
	NF_HOOK(NFPROTO_IPV4, NF_INET_FORWARD, skb, skb->dev, dev,
1684
		ipmr_forward_finish);
1685
	return;
1686

1687
out_free:
1688
	kfree_skb(skb);
1689
}
1690

1691
static int ipmr_find_vif(struct mr_table *mrt, struct net_device *dev)
1692
{
1693
	int ct;
1694

1695
	for (ct = mrt->maxvif-1; ct >= 0; ct--) {
1696
		if (mrt->vif_table[ct].dev == dev)
1697
			break;
1698
	}
1699
	return ct;
1700
}
1701

1702
/* "local" means that we should preserve one skb (for local delivery) */
1703

1704
static int ip_mr_forward(struct net *net, struct mr_table *mrt,
1705
			 struct sk_buff *skb, struct mfc_cache *cache,
1706
			 int local)
1707
{
1708
	int psend = -1;
1709
	int vif, ct;
1710

1711
	vif = cache->mfc_parent;
1712
	cache->mfc_un.res.pkt++;
1713
	cache->mfc_un.res.bytes += skb->len;
1714

1715
	/*
1716
	 * Wrong interface: drop packet and (maybe) send PIM assert.
1717
	 */
1718
	if (mrt->vif_table[vif].dev != skb->dev) {
1719
		int true_vifi;
1720

1721
		if (rt_is_output_route(skb_rtable(skb))) {
1722
			/* It is our own packet, looped back.
1723
			 * Very complicated situation...
1724
			 *
1725
			 * The best workaround until routing daemons will be
1726
			 * fixed is not to redistribute packet, if it was
1727
			 * send through wrong interface. It means, that
1728
			 * multicast applications WILL NOT work for
1729
			 * (S,G), which have default multicast route pointing
1730
			 * to wrong oif. In any case, it is not a good
1731
			 * idea to use multicasting applications on router.
1732
			 */
1733
			goto dont_forward;
1734
		}
1735

1736
		cache->mfc_un.res.wrong_if++;
1737
		true_vifi = ipmr_find_vif(mrt, skb->dev);
1738

1739
		if (true_vifi >= 0 && mrt->mroute_do_assert &&
1740
		    /* pimsm uses asserts, when switching from RPT to SPT,
1741
		     * so that we cannot check that packet arrived on an oif.
1742
		     * It is bad, but otherwise we would need to move pretty
1743
		     * large chunk of pimd to kernel. Ough... --ANK
1744
		     */
1745
		    (mrt->mroute_do_pim ||
1746
		     cache->mfc_un.res.ttls[true_vifi] < 255) &&
1747
		    time_after(jiffies,
1748
			       cache->mfc_un.res.last_assert + MFC_ASSERT_THRESH)) {
1749
			cache->mfc_un.res.last_assert = jiffies;
1750
			ipmr_cache_report(mrt, skb, true_vifi, IGMPMSG_WRONGVIF);
1751
		}
1752
		goto dont_forward;
1753
	}
1754

1755
	mrt->vif_table[vif].pkt_in++;
1756
	mrt->vif_table[vif].bytes_in += skb->len;
1757

1758
	/*
1759
	 *	Forward the frame
1760
	 */
1761
	for (ct = cache->mfc_un.res.maxvif - 1;
1762
	     ct >= cache->mfc_un.res.minvif; ct--) {
1763
		if (ip_hdr(skb)->ttl > cache->mfc_un.res.ttls[ct]) {
1764
			if (psend != -1) {
1765
				struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC);
1766

1767
				if (skb2)
1768
					ipmr_queue_xmit(net, mrt, skb2, cache,
1769
							psend);
1770
			}
1771
			psend = ct;
1772
		}
1773
	}
1774
	if (psend != -1) {
1775
		if (local) {
1776
			struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC);
1777

1778
			if (skb2)
1779
				ipmr_queue_xmit(net, mrt, skb2, cache, psend);
1780
		} else {
1781
			ipmr_queue_xmit(net, mrt, skb, cache, psend);
1782
			return 0;
1783
		}
1784
	}
1785

1786
dont_forward:
1787
	if (!local)
1788
		kfree_skb(skb);
1789
	return 0;
1790
}
1791

1792
static struct mr_table *ipmr_rt_fib_lookup(struct net *net, struct sk_buff *skb)
1793
{
1794
	struct rtable *rt = skb_rtable(skb);
1795
	struct iphdr *iph = ip_hdr(skb);
1796
	struct flowi4 fl4 = {
1797
		.daddr = iph->daddr,
1798
		.saddr = iph->saddr,
1799
		.flowi4_tos = iph->tos,
1800
		.flowi4_oif = rt->rt_oif,
1801
		.flowi4_iif = rt->rt_iif,
1802
		.flowi4_mark = rt->rt_mark,
1803
	};
1804
	struct mr_table *mrt;
1805
	int err;
1806

1807
	err = ipmr_fib_lookup(net, &fl4, &mrt);
1808
	if (err)
1809
		return ERR_PTR(err);
1810
	return mrt;
1811
}
1812

1813
/*
1814
 *	Multicast packets for forwarding arrive here
1815
 *	Called with rcu_read_lock();
1816
 */
1817

1818
int ip_mr_input(struct sk_buff *skb)
1819
{
1820
	struct mfc_cache *cache;
1821
	struct net *net = dev_net(skb->dev);
1822
	int local = skb_rtable(skb)->rt_flags & RTCF_LOCAL;
1823
	struct mr_table *mrt;
1824

1825
	/* Packet is looped back after forward, it should not be
1826
	 * forwarded second time, but still can be delivered locally.
1827
	 */
1828
	if (IPCB(skb)->flags & IPSKB_FORWARDED)
1829
		goto dont_forward;
1830

1831
	mrt = ipmr_rt_fib_lookup(net, skb);
1832
	if (IS_ERR(mrt)) {
1833
		kfree_skb(skb);
1834
		return PTR_ERR(mrt);
1835
	}
1836
	if (!local) {
1837
		if (IPCB(skb)->opt.router_alert) {
1838
			if (ip_call_ra_chain(skb))
1839
				return 0;
1840
		} else if (ip_hdr(skb)->protocol == IPPROTO_IGMP) {
1841
			/* IGMPv1 (and broken IGMPv2 implementations sort of
1842
			 * Cisco IOS <= 11.2(8)) do not put router alert
1843
			 * option to IGMP packets destined to routable
1844
			 * groups. It is very bad, because it means
1845
			 * that we can forward NO IGMP messages.
1846
			 */
1847
			struct sock *mroute_sk;
1848

1849
			mroute_sk = rcu_dereference(mrt->mroute_sk);
1850
			if (mroute_sk) {
1851
				nf_reset(skb);
1852
				raw_rcv(mroute_sk, skb);
1853
				return 0;
1854
			}
1855
		    }
1856
	}
1857

1858
	/* already under rcu_read_lock() */
1859
	cache = ipmr_cache_find(mrt, ip_hdr(skb)->saddr, ip_hdr(skb)->daddr);
1860

1861
	/*
1862
	 *	No usable cache entry
1863
	 */
1864
	if (cache == NULL) {
1865
		int vif;
1866

1867
		if (local) {
1868
			struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC);
1869
			ip_local_deliver(skb);
1870
			if (skb2 == NULL)
1871
				return -ENOBUFS;
1872
			skb = skb2;
1873
		}
1874

1875
		read_lock(&mrt_lock);
1876
		vif = ipmr_find_vif(mrt, skb->dev);
1877
		if (vif >= 0) {
1878
			int err2 = ipmr_cache_unresolved(mrt, vif, skb);
1879
			read_unlock(&mrt_lock);
1880

1881
			return err2;
1882
		}
1883
		read_unlock(&mrt_lock);
1884
		kfree_skb(skb);
1885
		return -ENODEV;
1886
	}
1887

1888
	read_lock(&mrt_lock);
1889
	ip_mr_forward(net, mrt, skb, cache, local);
1890
	read_unlock(&mrt_lock);
1891

1892
	if (local)
1893
		return ip_local_deliver(skb);
1894

1895
	return 0;
1896

1897
dont_forward:
1898
	if (local)
1899
		return ip_local_deliver(skb);
1900
	kfree_skb(skb);
1901
	return 0;
1902
}
1903

1904
#ifdef CONFIG_IP_PIMSM
1905
/* called with rcu_read_lock() */
1906
static int __pim_rcv(struct mr_table *mrt, struct sk_buff *skb,
1907
		     unsigned int pimlen)
1908
{
1909
	struct net_device *reg_dev = NULL;
1910
	struct iphdr *encap;
1911

1912
	encap = (struct iphdr *)(skb_transport_header(skb) + pimlen);
1913
	/*
1914
	 * Check that:
1915
	 * a. packet is really sent to a multicast group
1916
	 * b. packet is not a NULL-REGISTER
1917
	 * c. packet is not truncated
1918
	 */
1919
	if (!ipv4_is_multicast(encap->daddr) ||
1920
	    encap->tot_len == 0 ||
1921
	    ntohs(encap->tot_len) + pimlen > skb->len)
1922
		return 1;
1923

1924
	read_lock(&mrt_lock);
1925
	if (mrt->mroute_reg_vif_num >= 0)
1926
		reg_dev = mrt->vif_table[mrt->mroute_reg_vif_num].dev;
1927
	read_unlock(&mrt_lock);
1928

1929
	if (reg_dev == NULL)
1930
		return 1;
1931

1932
	skb->mac_header = skb->network_header;
1933
	skb_pull(skb, (u8 *)encap - skb->data);
1934
	skb_reset_network_header(skb);
1935
	skb->protocol = htons(ETH_P_IP);
1936
	skb->ip_summed = CHECKSUM_NONE;
1937
	skb->pkt_type = PACKET_HOST;
1938

1939
	skb_tunnel_rx(skb, reg_dev);
1940

1941
	netif_rx(skb);
1942

1943
	return NET_RX_SUCCESS;
1944
}
1945
#endif
1946

1947
#ifdef CONFIG_IP_PIMSM_V1
1948
/*
1949
 * Handle IGMP messages of PIMv1
1950
 */
1951

1952
int pim_rcv_v1(struct sk_buff *skb)
1953
{
1954
	struct igmphdr *pim;
1955
	struct net *net = dev_net(skb->dev);
1956
	struct mr_table *mrt;
1957

1958
	if (!pskb_may_pull(skb, sizeof(*pim) + sizeof(struct iphdr)))
1959
		goto drop;
1960

1961
	pim = igmp_hdr(skb);
1962

1963
	mrt = ipmr_rt_fib_lookup(net, skb);
1964
	if (IS_ERR(mrt))
1965
		goto drop;
1966
	if (!mrt->mroute_do_pim ||
1967
	    pim->group != PIM_V1_VERSION || pim->code != PIM_V1_REGISTER)
1968
		goto drop;
1969

1970
	if (__pim_rcv(mrt, skb, sizeof(*pim))) {
1971
drop:
1972
		kfree_skb(skb);
1973
	}
1974
	return 0;
1975
}
1976
#endif
1977

1978
#ifdef CONFIG_IP_PIMSM_V2
1979
static int pim_rcv(struct sk_buff *skb)
1980
{
1981
	struct pimreghdr *pim;
1982
	struct net *net = dev_net(skb->dev);
1983
	struct mr_table *mrt;
1984

1985
	if (!pskb_may_pull(skb, sizeof(*pim) + sizeof(struct iphdr)))
1986
		goto drop;
1987

1988
	pim = (struct pimreghdr *)skb_transport_header(skb);
1989
	if (pim->type != ((PIM_VERSION << 4) | (PIM_REGISTER)) ||
1990
	    (pim->flags & PIM_NULL_REGISTER) ||
1991
	    (ip_compute_csum((void *)pim, sizeof(*pim)) != 0 &&
1992
	     csum_fold(skb_checksum(skb, 0, skb->len, 0))))
1993
		goto drop;
1994

1995
	mrt = ipmr_rt_fib_lookup(net, skb);
1996
	if (IS_ERR(mrt))
1997
		goto drop;
1998
	if (__pim_rcv(mrt, skb, sizeof(*pim))) {
1999
drop:
2000
		kfree_skb(skb);
2001
	}
2002
	return 0;
2003
}
2004
#endif
2005

2006
static int __ipmr_fill_mroute(struct mr_table *mrt, struct sk_buff *skb,
2007
			      struct mfc_cache *c, struct rtmsg *rtm)
2008
{
2009
	int ct;
2010
	struct rtnexthop *nhp;
2011
	u8 *b = skb_tail_pointer(skb);
2012
	struct rtattr *mp_head;
2013

2014
	/* If cache is unresolved, don't try to parse IIF and OIF */
2015
	if (c->mfc_parent >= MAXVIFS)
2016
		return -ENOENT;
2017

2018
	if (VIF_EXISTS(mrt, c->mfc_parent))
2019
		RTA_PUT(skb, RTA_IIF, 4, &mrt->vif_table[c->mfc_parent].dev->ifindex);
2020

2021
	mp_head = (struct rtattr *)skb_put(skb, RTA_LENGTH(0));
2022

2023
	for (ct = c->mfc_un.res.minvif; ct < c->mfc_un.res.maxvif; ct++) {
2024
		if (VIF_EXISTS(mrt, ct) && c->mfc_un.res.ttls[ct] < 255) {
2025
			if (skb_tailroom(skb) < RTA_ALIGN(RTA_ALIGN(sizeof(*nhp)) + 4))
2026
				goto rtattr_failure;
2027
			nhp = (struct rtnexthop *)skb_put(skb, RTA_ALIGN(sizeof(*nhp)));
2028
			nhp->rtnh_flags = 0;
2029
			nhp->rtnh_hops = c->mfc_un.res.ttls[ct];
2030
			nhp->rtnh_ifindex = mrt->vif_table[ct].dev->ifindex;
2031
			nhp->rtnh_len = sizeof(*nhp);
2032
		}
2033
	}
2034
	mp_head->rta_type = RTA_MULTIPATH;
2035
	mp_head->rta_len = skb_tail_pointer(skb) - (u8 *)mp_head;
2036
	rtm->rtm_type = RTN_MULTICAST;
2037
	return 1;
2038

2039
rtattr_failure:
2040
	nlmsg_trim(skb, b);
2041
	return -EMSGSIZE;
2042
}
2043

2044
int ipmr_get_route(struct net *net, struct sk_buff *skb,
2045
		   __be32 saddr, __be32 daddr,
2046
		   struct rtmsg *rtm, int nowait)
2047
{
2048
	struct mfc_cache *cache;
2049
	struct mr_table *mrt;
2050
	int err;
2051

2052
	mrt = ipmr_get_table(net, RT_TABLE_DEFAULT);
2053
	if (mrt == NULL)
2054
		return -ENOENT;
2055

2056
	rcu_read_lock();
2057
	cache = ipmr_cache_find(mrt, saddr, daddr);
2058

2059
	if (cache == NULL) {
2060
		struct sk_buff *skb2;
2061
		struct iphdr *iph;
2062
		struct net_device *dev;
2063
		int vif = -1;
2064

2065
		if (nowait) {
2066
			rcu_read_unlock();
2067
			return -EAGAIN;
2068
		}
2069

2070
		dev = skb->dev;
2071
		read_lock(&mrt_lock);
2072
		if (dev)
2073
			vif = ipmr_find_vif(mrt, dev);
2074
		if (vif < 0) {
2075
			read_unlock(&mrt_lock);
2076
			rcu_read_unlock();
2077
			return -ENODEV;
2078
		}
2079
		skb2 = skb_clone(skb, GFP_ATOMIC);
2080
		if (!skb2) {
2081
			read_unlock(&mrt_lock);
2082
			rcu_read_unlock();
2083
			return -ENOMEM;
2084
		}
2085

2086
		skb_push(skb2, sizeof(struct iphdr));
2087
		skb_reset_network_header(skb2);
2088
		iph = ip_hdr(skb2);
2089
		iph->ihl = sizeof(struct iphdr) >> 2;
2090
		iph->saddr = saddr;
2091
		iph->daddr = daddr;
2092
		iph->version = 0;
2093
		err = ipmr_cache_unresolved(mrt, vif, skb2);
2094
		read_unlock(&mrt_lock);
2095
		rcu_read_unlock();
2096
		return err;
2097
	}
2098

2099
	read_lock(&mrt_lock);
2100
	if (!nowait && (rtm->rtm_flags & RTM_F_NOTIFY))
2101
		cache->mfc_flags |= MFC_NOTIFY;
2102
	err = __ipmr_fill_mroute(mrt, skb, cache, rtm);
2103
	read_unlock(&mrt_lock);
2104
	rcu_read_unlock();
2105
	return err;
2106
}
2107

2108
static int ipmr_fill_mroute(struct mr_table *mrt, struct sk_buff *skb,
2109
			    u32 pid, u32 seq, struct mfc_cache *c)
2110
{
2111
	struct nlmsghdr *nlh;
2112
	struct rtmsg *rtm;
2113

2114
	nlh = nlmsg_put(skb, pid, seq, RTM_NEWROUTE, sizeof(*rtm), NLM_F_MULTI);
2115
	if (nlh == NULL)
2116
		return -EMSGSIZE;
2117

2118
	rtm = nlmsg_data(nlh);
2119
	rtm->rtm_family   = RTNL_FAMILY_IPMR;
2120
	rtm->rtm_dst_len  = 32;
2121
	rtm->rtm_src_len  = 32;
2122
	rtm->rtm_tos      = 0;
2123
	rtm->rtm_table    = mrt->id;
2124
	NLA_PUT_U32(skb, RTA_TABLE, mrt->id);
2125
	rtm->rtm_type     = RTN_MULTICAST;
2126
	rtm->rtm_scope    = RT_SCOPE_UNIVERSE;
2127
	rtm->rtm_protocol = RTPROT_UNSPEC;
2128
	rtm->rtm_flags    = 0;
2129

2130
	NLA_PUT_BE32(skb, RTA_SRC, c->mfc_origin);
2131
	NLA_PUT_BE32(skb, RTA_DST, c->mfc_mcastgrp);
2132

2133
	if (__ipmr_fill_mroute(mrt, skb, c, rtm) < 0)
2134
		goto nla_put_failure;
2135

2136
	return nlmsg_end(skb, nlh);
2137

2138
nla_put_failure:
2139
	nlmsg_cancel(skb, nlh);
2140
	return -EMSGSIZE;
2141
}
2142

2143
static int ipmr_rtm_dumproute(struct sk_buff *skb, struct netlink_callback *cb)
2144
{
2145
	struct net *net = sock_net(skb->sk);
2146
	struct mr_table *mrt;
2147
	struct mfc_cache *mfc;
2148
	unsigned int t = 0, s_t;
2149
	unsigned int h = 0, s_h;
2150
	unsigned int e = 0, s_e;
2151

2152
	s_t = cb->args[0];
2153
	s_h = cb->args[1];
2154
	s_e = cb->args[2];
2155

2156
	rcu_read_lock();
2157
	ipmr_for_each_table(mrt, net) {
2158
		if (t < s_t)
2159
			goto next_table;
2160
		if (t > s_t)
2161
			s_h = 0;
2162
		for (h = s_h; h < MFC_LINES; h++) {
2163
			list_for_each_entry_rcu(mfc, &mrt->mfc_cache_array[h], list) {
2164
				if (e < s_e)
2165
					goto next_entry;
2166
				if (ipmr_fill_mroute(mrt, skb,
2167
						     NETLINK_CB(cb->skb).pid,
2168
						     cb->nlh->nlmsg_seq,
2169
						     mfc) < 0)
2170
					goto done;
2171
next_entry:
2172
				e++;
2173
			}
2174
			e = s_e = 0;
2175
		}
2176
		s_h = 0;
2177
next_table:
2178
		t++;
2179
	}
2180
done:
2181
	rcu_read_unlock();
2182

2183
	cb->args[2] = e;
2184
	cb->args[1] = h;
2185
	cb->args[0] = t;
2186

2187
	return skb->len;
2188
}
2189

2190
#ifdef CONFIG_PROC_FS
2191
/*
2192
 *	The /proc interfaces to multicast routing :
2193
 *	/proc/net/ip_mr_cache & /proc/net/ip_mr_vif
2194
 */
2195
struct ipmr_vif_iter {
2196
	struct seq_net_private p;
2197
	struct mr_table *mrt;
2198
	int ct;
2199
};
2200

2201
static struct vif_device *ipmr_vif_seq_idx(struct net *net,
2202
					   struct ipmr_vif_iter *iter,
2203
					   loff_t pos)
2204
{
2205
	struct mr_table *mrt = iter->mrt;
2206

2207
	for (iter->ct = 0; iter->ct < mrt->maxvif; ++iter->ct) {
2208
		if (!VIF_EXISTS(mrt, iter->ct))
2209
			continue;
2210
		if (pos-- == 0)
2211
			return &mrt->vif_table[iter->ct];
2212
	}
2213
	return NULL;
2214
}
2215

2216
static void *ipmr_vif_seq_start(struct seq_file *seq, loff_t *pos)
2217
	__acquires(mrt_lock)
2218
{
2219
	struct ipmr_vif_iter *iter = seq->private;
2220
	struct net *net = seq_file_net(seq);
2221
	struct mr_table *mrt;
2222

2223
	mrt = ipmr_get_table(net, RT_TABLE_DEFAULT);
2224
	if (mrt == NULL)
2225
		return ERR_PTR(-ENOENT);
2226

2227
	iter->mrt = mrt;
2228

2229
	read_lock(&mrt_lock);
2230
	return *pos ? ipmr_vif_seq_idx(net, seq->private, *pos - 1)
2231
		: SEQ_START_TOKEN;
2232
}
2233

2234
static void *ipmr_vif_seq_next(struct seq_file *seq, void *v, loff_t *pos)
2235
{
2236
	struct ipmr_vif_iter *iter = seq->private;
2237
	struct net *net = seq_file_net(seq);
2238
	struct mr_table *mrt = iter->mrt;
2239

2240
	++*pos;
2241
	if (v == SEQ_START_TOKEN)
2242
		return ipmr_vif_seq_idx(net, iter, 0);
2243

2244
	while (++iter->ct < mrt->maxvif) {
2245
		if (!VIF_EXISTS(mrt, iter->ct))
2246
			continue;
2247
		return &mrt->vif_table[iter->ct];
2248
	}
2249
	return NULL;
2250
}
2251

2252
static void ipmr_vif_seq_stop(struct seq_file *seq, void *v)
2253
	__releases(mrt_lock)
2254
{
2255
	read_unlock(&mrt_lock);
2256
}
2257

2258
static int ipmr_vif_seq_show(struct seq_file *seq, void *v)
2259
{
2260
	struct ipmr_vif_iter *iter = seq->private;
2261
	struct mr_table *mrt = iter->mrt;
2262

2263
	if (v == SEQ_START_TOKEN) {
2264
		seq_puts(seq,
2265
			 "Interface      BytesIn  PktsIn  BytesOut PktsOut Flags Local    Remote\n");
2266
	} else {
2267
		const struct vif_device *vif = v;
2268
		const char *name =  vif->dev ? vif->dev->name : "none";
2269

2270
		seq_printf(seq,
2271
			   "%2Zd %-10s %8ld %7ld  %8ld %7ld %05X %08X %08X\n",
2272
			   vif - mrt->vif_table,
2273
			   name, vif->bytes_in, vif->pkt_in,
2274
			   vif->bytes_out, vif->pkt_out,
2275
			   vif->flags, vif->local, vif->remote);
2276
	}
2277
	return 0;
2278
}
2279

2280
static const struct seq_operations ipmr_vif_seq_ops = {
2281
	.start = ipmr_vif_seq_start,
2282
	.next  = ipmr_vif_seq_next,
2283
	.stop  = ipmr_vif_seq_stop,
2284
	.show  = ipmr_vif_seq_show,
2285
};
2286

2287
static int ipmr_vif_open(struct inode *inode, struct file *file)
2288
{
2289
	return seq_open_net(inode, file, &ipmr_vif_seq_ops,
2290
			    sizeof(struct ipmr_vif_iter));
2291
}
2292

2293
static const struct file_operations ipmr_vif_fops = {
2294
	.owner	 = THIS_MODULE,
2295
	.open    = ipmr_vif_open,
2296
	.read    = seq_read,
2297
	.llseek  = seq_lseek,
2298
	.release = seq_release_net,
2299
};
2300

2301
struct ipmr_mfc_iter {
2302
	struct seq_net_private p;
2303
	struct mr_table *mrt;
2304
	struct list_head *cache;
2305
	int ct;
2306
};
2307

2308

2309
static struct mfc_cache *ipmr_mfc_seq_idx(struct net *net,
2310
					  struct ipmr_mfc_iter *it, loff_t pos)
2311
{
2312
	struct mr_table *mrt = it->mrt;
2313
	struct mfc_cache *mfc;
2314

2315
	rcu_read_lock();
2316
	for (it->ct = 0; it->ct < MFC_LINES; it->ct++) {
2317
		it->cache = &mrt->mfc_cache_array[it->ct];
2318
		list_for_each_entry_rcu(mfc, it->cache, list)
2319
			if (pos-- == 0)
2320
				return mfc;
2321
	}
2322
	rcu_read_unlock();
2323

2324
	spin_lock_bh(&mfc_unres_lock);
2325
	it->cache = &mrt->mfc_unres_queue;
2326
	list_for_each_entry(mfc, it->cache, list)
2327
		if (pos-- == 0)
2328
			return mfc;
2329
	spin_unlock_bh(&mfc_unres_lock);
2330

2331
	it->cache = NULL;
2332
	return NULL;
2333
}
2334

2335

2336
static void *ipmr_mfc_seq_start(struct seq_file *seq, loff_t *pos)
2337
{
2338
	struct ipmr_mfc_iter *it = seq->private;
2339
	struct net *net = seq_file_net(seq);
2340
	struct mr_table *mrt;
2341

2342
	mrt = ipmr_get_table(net, RT_TABLE_DEFAULT);
2343
	if (mrt == NULL)
2344
		return ERR_PTR(-ENOENT);
2345

2346
	it->mrt = mrt;
2347
	it->cache = NULL;
2348
	it->ct = 0;
2349
	return *pos ? ipmr_mfc_seq_idx(net, seq->private, *pos - 1)
2350
		: SEQ_START_TOKEN;
2351
}
2352

2353
static void *ipmr_mfc_seq_next(struct seq_file *seq, void *v, loff_t *pos)
2354
{
2355
	struct mfc_cache *mfc = v;
2356
	struct ipmr_mfc_iter *it = seq->private;
2357
	struct net *net = seq_file_net(seq);
2358
	struct mr_table *mrt = it->mrt;
2359

2360
	++*pos;
2361

2362
	if (v == SEQ_START_TOKEN)
2363
		return ipmr_mfc_seq_idx(net, seq->private, 0);
2364

2365
	if (mfc->list.next != it->cache)
2366
		return list_entry(mfc->list.next, struct mfc_cache, list);
2367

2368
	if (it->cache == &mrt->mfc_unres_queue)
2369
		goto end_of_list;
2370

2371
	BUG_ON(it->cache != &mrt->mfc_cache_array[it->ct]);
2372

2373
	while (++it->ct < MFC_LINES) {
2374
		it->cache = &mrt->mfc_cache_array[it->ct];
2375
		if (list_empty(it->cache))
2376
			continue;
2377
		return list_first_entry(it->cache, struct mfc_cache, list);
2378
	}
2379

2380
	/* exhausted cache_array, show unresolved */
2381
	rcu_read_unlock();
2382
	it->cache = &mrt->mfc_unres_queue;
2383
	it->ct = 0;
2384

2385
	spin_lock_bh(&mfc_unres_lock);
2386
	if (!list_empty(it->cache))
2387
		return list_first_entry(it->cache, struct mfc_cache, list);
2388

2389
end_of_list:
2390
	spin_unlock_bh(&mfc_unres_lock);
2391
	it->cache = NULL;
2392

2393
	return NULL;
2394
}
2395

2396
static void ipmr_mfc_seq_stop(struct seq_file *seq, void *v)
2397
{
2398
	struct ipmr_mfc_iter *it = seq->private;
2399
	struct mr_table *mrt = it->mrt;
2400

2401
	if (it->cache == &mrt->mfc_unres_queue)
2402
		spin_unlock_bh(&mfc_unres_lock);
2403
	else if (it->cache == &mrt->mfc_cache_array[it->ct])
2404
		rcu_read_unlock();
2405
}
2406

2407
static int ipmr_mfc_seq_show(struct seq_file *seq, void *v)
2408
{
2409
	int n;
2410

2411
	if (v == SEQ_START_TOKEN) {
2412
		seq_puts(seq,
2413
		 "Group    Origin   Iif     Pkts    Bytes    Wrong Oifs\n");
2414
	} else {
2415
		const struct mfc_cache *mfc = v;
2416
		const struct ipmr_mfc_iter *it = seq->private;
2417
		const struct mr_table *mrt = it->mrt;
2418

2419
		seq_printf(seq, "%08X %08X %-3hd",
2420
			   (__force u32) mfc->mfc_mcastgrp,
2421
			   (__force u32) mfc->mfc_origin,
2422
			   mfc->mfc_parent);
2423

2424
		if (it->cache != &mrt->mfc_unres_queue) {
2425
			seq_printf(seq, " %8lu %8lu %8lu",
2426
				   mfc->mfc_un.res.pkt,
2427
				   mfc->mfc_un.res.bytes,
2428
				   mfc->mfc_un.res.wrong_if);
2429
			for (n = mfc->mfc_un.res.minvif;
2430
			     n < mfc->mfc_un.res.maxvif; n++) {
2431
				if (VIF_EXISTS(mrt, n) &&
2432
				    mfc->mfc_un.res.ttls[n] < 255)
2433
					seq_printf(seq,
2434
					   " %2d:%-3d",
2435
					   n, mfc->mfc_un.res.ttls[n]);
2436
			}
2437
		} else {
2438
			/* unresolved mfc_caches don't contain
2439
			 * pkt, bytes and wrong_if values
2440
			 */
2441
			seq_printf(seq, " %8lu %8lu %8lu", 0ul, 0ul, 0ul);
2442
		}
2443
		seq_putc(seq, '\n');
2444
	}
2445
	return 0;
2446
}
2447

2448
static const struct seq_operations ipmr_mfc_seq_ops = {
2449
	.start = ipmr_mfc_seq_start,
2450
	.next  = ipmr_mfc_seq_next,
2451
	.stop  = ipmr_mfc_seq_stop,
2452
	.show  = ipmr_mfc_seq_show,
2453
};
2454

2455
static int ipmr_mfc_open(struct inode *inode, struct file *file)
2456
{
2457
	return seq_open_net(inode, file, &ipmr_mfc_seq_ops,
2458
			    sizeof(struct ipmr_mfc_iter));
2459
}
2460

2461
static const struct file_operations ipmr_mfc_fops = {
2462
	.owner	 = THIS_MODULE,
2463
	.open    = ipmr_mfc_open,
2464
	.read    = seq_read,
2465
	.llseek  = seq_lseek,
2466
	.release = seq_release_net,
2467
};
2468
#endif
2469

2470
#ifdef CONFIG_IP_PIMSM_V2
2471
static const struct net_protocol pim_protocol = {
2472
	.handler	=	pim_rcv,
2473
	.netns_ok	=	1,
2474
};
2475
#endif
2476

2477

2478
/*
2479
 *	Setup for IP multicast routing
2480
 */
2481
static int __net_init ipmr_net_init(struct net *net)
2482
{
2483
	int err;
2484

2485
	err = ipmr_rules_init(net);
2486
	if (err < 0)
2487
		goto fail;
2488

2489
#ifdef CONFIG_PROC_FS
2490
	err = -ENOMEM;
2491
	if (!proc_net_fops_create(net, "ip_mr_vif", 0, &ipmr_vif_fops))
2492
		goto proc_vif_fail;
2493
	if (!proc_net_fops_create(net, "ip_mr_cache", 0, &ipmr_mfc_fops))
2494
		goto proc_cache_fail;
2495
#endif
2496
	return 0;
2497

2498
#ifdef CONFIG_PROC_FS
2499
proc_cache_fail:
2500
	proc_net_remove(net, "ip_mr_vif");
2501
proc_vif_fail:
2502
	ipmr_rules_exit(net);
2503
#endif
2504
fail:
2505
	return err;
2506
}
2507

2508
static void __net_exit ipmr_net_exit(struct net *net)
2509
{
2510
#ifdef CONFIG_PROC_FS
2511
	proc_net_remove(net, "ip_mr_cache");
2512
	proc_net_remove(net, "ip_mr_vif");
2513
#endif
2514
	ipmr_rules_exit(net);
2515
}
2516

2517
static struct pernet_operations ipmr_net_ops = {
2518
	.init = ipmr_net_init,
2519
	.exit = ipmr_net_exit,
2520
};
2521

2522
int __init ip_mr_init(void)
2523
{
2524
	int err;
2525

2526
	mrt_cachep = kmem_cache_create("ip_mrt_cache",
2527
				       sizeof(struct mfc_cache),
2528
				       0, SLAB_HWCACHE_ALIGN | SLAB_PANIC,
2529
				       NULL);
2530
	if (!mrt_cachep)
2531
		return -ENOMEM;
2532

2533
	err = register_pernet_subsys(&ipmr_net_ops);
2534
	if (err)
2535
		goto reg_pernet_fail;
2536

2537
	err = register_netdevice_notifier(&ip_mr_notifier);
2538
	if (err)
2539
		goto reg_notif_fail;
2540
#ifdef CONFIG_IP_PIMSM_V2
2541
	if (inet_add_protocol(&pim_protocol, IPPROTO_PIM) < 0) {
2542
		printk(KERN_ERR "ip_mr_init: can't add PIM protocol\n");
2543
		err = -EAGAIN;
2544
		goto add_proto_fail;
2545
	}
2546
#endif
2547
	rtnl_register(RTNL_FAMILY_IPMR, RTM_GETROUTE, NULL, ipmr_rtm_dumproute);
2548
	return 0;
2549

2550
#ifdef CONFIG_IP_PIMSM_V2
2551
add_proto_fail:
2552
	unregister_netdevice_notifier(&ip_mr_notifier);
2553
#endif
2554
reg_notif_fail:
2555
	unregister_pernet_subsys(&ipmr_net_ops);
2556
reg_pernet_fail:
2557
	kmem_cache_destroy(mrt_cachep);
2558
	return err;
2559
}
2560

2561