1 | // SPDX-License-Identifier: GPL-2.0-or-later |
2 | /* |
3 | * IPv6 Address [auto]configuration |
4 | * Linux INET6 implementation |
5 | * |
6 | * Authors: |
7 | * Pedro Roque <roque@di.fc.ul.pt> |
8 | * Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> |
9 | */ |
10 | |
11 | /* |
12 | * Changes: |
13 | * |
14 | * Janos Farkas : delete timer on ifdown |
15 | * <chexum@bankinf.banki.hu> |
16 | * Andi Kleen : kill double kfree on module |
17 | * unload. |
18 | * Maciej W. Rozycki : FDDI support |
19 | * sekiya@USAGI : Don't send too many RS |
20 | * packets. |
21 | * yoshfuji@USAGI : Fixed interval between DAD |
22 | * packets. |
23 | * YOSHIFUJI Hideaki @USAGI : improved accuracy of |
24 | * address validation timer. |
25 | * YOSHIFUJI Hideaki @USAGI : Privacy Extensions (RFC3041) |
26 | * support. |
27 | * Yuji SEKIYA @USAGI : Don't assign a same IPv6 |
28 | * address on a same interface. |
29 | * YOSHIFUJI Hideaki @USAGI : ARCnet support |
30 | * YOSHIFUJI Hideaki @USAGI : convert /proc/net/if_inet6 to |
31 | * seq_file. |
32 | * YOSHIFUJI Hideaki @USAGI : improved source address |
33 | * selection; consider scope, |
34 | * status etc. |
35 | */ |
36 | |
37 | #define pr_fmt(fmt) "IPv6: " fmt |
38 | |
39 | #include <linux/errno.h> |
40 | #include <linux/types.h> |
41 | #include <linux/kernel.h> |
42 | #include <linux/sched/signal.h> |
43 | #include <linux/socket.h> |
44 | #include <linux/sockios.h> |
45 | #include <linux/net.h> |
46 | #include <linux/inet.h> |
47 | #include <linux/in6.h> |
48 | #include <linux/netdevice.h> |
49 | #include <linux/if_addr.h> |
50 | #include <linux/if_arp.h> |
51 | #include <linux/if_arcnet.h> |
52 | #include <linux/if_infiniband.h> |
53 | #include <linux/route.h> |
54 | #include <linux/inetdevice.h> |
55 | #include <linux/init.h> |
56 | #include <linux/slab.h> |
57 | #ifdef CONFIG_SYSCTL |
58 | #include <linux/sysctl.h> |
59 | #endif |
60 | #include <linux/capability.h> |
61 | #include <linux/delay.h> |
62 | #include <linux/notifier.h> |
63 | #include <linux/string.h> |
64 | #include <linux/hash.h> |
65 | |
66 | #include <net/net_namespace.h> |
67 | #include <net/sock.h> |
68 | #include <net/snmp.h> |
69 | |
70 | #include <net/6lowpan.h> |
71 | #include <net/firewire.h> |
72 | #include <net/ipv6.h> |
73 | #include <net/protocol.h> |
74 | #include <net/ndisc.h> |
75 | #include <net/ip6_route.h> |
76 | #include <net/addrconf.h> |
77 | #include <net/tcp.h> |
78 | #include <net/ip.h> |
79 | #include <net/netlink.h> |
80 | #include <net/pkt_sched.h> |
81 | #include <net/l3mdev.h> |
82 | #include <linux/if_tunnel.h> |
83 | #include <linux/rtnetlink.h> |
84 | #include <linux/netconf.h> |
85 | #include <linux/random.h> |
86 | #include <linux/uaccess.h> |
87 | #include <asm/unaligned.h> |
88 | |
89 | #include <linux/proc_fs.h> |
90 | #include <linux/seq_file.h> |
91 | #include <linux/export.h> |
92 | #include <linux/ioam6.h> |
93 | |
94 | #define INFINITY_LIFE_TIME 0xFFFFFFFF |
95 | |
96 | #define IPV6_MAX_STRLEN \ |
97 | sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255") |
98 | |
99 | static inline u32 cstamp_delta(unsigned long cstamp) |
100 | { |
101 | return (cstamp - INITIAL_JIFFIES) * 100UL / HZ; |
102 | } |
103 | |
104 | static inline s32 rfc3315_s14_backoff_init(s32 irt) |
105 | { |
106 | /* multiply 'initial retransmission time' by 0.9 .. 1.1 */ |
107 | u64 tmp = get_random_u32_inclusive(floor: 900000, ceil: 1100000) * (u64)irt; |
108 | do_div(tmp, 1000000); |
109 | return (s32)tmp; |
110 | } |
111 | |
112 | static inline s32 rfc3315_s14_backoff_update(s32 rt, s32 mrt) |
113 | { |
114 | /* multiply 'retransmission timeout' by 1.9 .. 2.1 */ |
115 | u64 tmp = get_random_u32_inclusive(floor: 1900000, ceil: 2100000) * (u64)rt; |
116 | do_div(tmp, 1000000); |
117 | if ((s32)tmp > mrt) { |
118 | /* multiply 'maximum retransmission time' by 0.9 .. 1.1 */ |
119 | tmp = get_random_u32_inclusive(floor: 900000, ceil: 1100000) * (u64)mrt; |
120 | do_div(tmp, 1000000); |
121 | } |
122 | return (s32)tmp; |
123 | } |
124 | |
125 | #ifdef CONFIG_SYSCTL |
126 | static int addrconf_sysctl_register(struct inet6_dev *idev); |
127 | static void addrconf_sysctl_unregister(struct inet6_dev *idev); |
128 | #else |
129 | static inline int addrconf_sysctl_register(struct inet6_dev *idev) |
130 | { |
131 | return 0; |
132 | } |
133 | |
134 | static inline void addrconf_sysctl_unregister(struct inet6_dev *idev) |
135 | { |
136 | } |
137 | #endif |
138 | |
139 | static void ipv6_gen_rnd_iid(struct in6_addr *addr); |
140 | |
141 | static int ipv6_generate_eui64(u8 *eui, struct net_device *dev); |
142 | static int ipv6_count_addresses(const struct inet6_dev *idev); |
143 | static int ipv6_generate_stable_address(struct in6_addr *addr, |
144 | u8 dad_count, |
145 | const struct inet6_dev *idev); |
146 | |
147 | #define IN6_ADDR_HSIZE_SHIFT 8 |
148 | #define IN6_ADDR_HSIZE (1 << IN6_ADDR_HSIZE_SHIFT) |
149 | |
150 | static void addrconf_verify(struct net *net); |
151 | static void addrconf_verify_rtnl(struct net *net); |
152 | |
153 | static struct workqueue_struct *addrconf_wq; |
154 | |
155 | static void addrconf_join_anycast(struct inet6_ifaddr *ifp); |
156 | static void addrconf_leave_anycast(struct inet6_ifaddr *ifp); |
157 | |
158 | static void addrconf_type_change(struct net_device *dev, |
159 | unsigned long event); |
160 | static int addrconf_ifdown(struct net_device *dev, bool unregister); |
161 | |
162 | static struct fib6_info *addrconf_get_prefix_route(const struct in6_addr *pfx, |
163 | int plen, |
164 | const struct net_device *dev, |
165 | u32 flags, u32 noflags, |
166 | bool no_gw); |
167 | |
168 | static void addrconf_dad_start(struct inet6_ifaddr *ifp); |
169 | static void addrconf_dad_work(struct work_struct *w); |
170 | static void addrconf_dad_completed(struct inet6_ifaddr *ifp, bool bump_id, |
171 | bool send_na); |
172 | static void addrconf_dad_run(struct inet6_dev *idev, bool restart); |
173 | static void addrconf_rs_timer(struct timer_list *t); |
174 | static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifa); |
175 | static void ipv6_ifa_notify(int event, struct inet6_ifaddr *ifa); |
176 | |
177 | static void inet6_prefix_notify(int event, struct inet6_dev *idev, |
178 | struct prefix_info *pinfo); |
179 | |
180 | static struct ipv6_devconf ipv6_devconf __read_mostly = { |
181 | .forwarding = 0, |
182 | .hop_limit = IPV6_DEFAULT_HOPLIMIT, |
183 | .mtu6 = IPV6_MIN_MTU, |
184 | .accept_ra = 1, |
185 | .accept_redirects = 1, |
186 | .autoconf = 1, |
187 | .force_mld_version = 0, |
188 | .mldv1_unsolicited_report_interval = 10 * HZ, |
189 | .mldv2_unsolicited_report_interval = HZ, |
190 | .dad_transmits = 1, |
191 | .rtr_solicits = MAX_RTR_SOLICITATIONS, |
192 | .rtr_solicit_interval = RTR_SOLICITATION_INTERVAL, |
193 | .rtr_solicit_max_interval = RTR_SOLICITATION_MAX_INTERVAL, |
194 | .rtr_solicit_delay = MAX_RTR_SOLICITATION_DELAY, |
195 | .use_tempaddr = 0, |
196 | .temp_valid_lft = TEMP_VALID_LIFETIME, |
197 | .temp_prefered_lft = TEMP_PREFERRED_LIFETIME, |
198 | .regen_max_retry = REGEN_MAX_RETRY, |
199 | .max_desync_factor = MAX_DESYNC_FACTOR, |
200 | .max_addresses = IPV6_MAX_ADDRESSES, |
201 | .accept_ra_defrtr = 1, |
202 | .ra_defrtr_metric = IP6_RT_PRIO_USER, |
203 | .accept_ra_from_local = 0, |
204 | .accept_ra_min_hop_limit= 1, |
205 | .accept_ra_min_lft = 0, |
206 | .accept_ra_pinfo = 1, |
207 | #ifdef CONFIG_IPV6_ROUTER_PREF |
208 | .accept_ra_rtr_pref = 1, |
209 | .rtr_probe_interval = 60 * HZ, |
210 | #ifdef CONFIG_IPV6_ROUTE_INFO |
211 | .accept_ra_rt_info_min_plen = 0, |
212 | .accept_ra_rt_info_max_plen = 0, |
213 | #endif |
214 | #endif |
215 | .proxy_ndp = 0, |
216 | .accept_source_route = 0, /* we do not accept RH0 by default. */ |
217 | .disable_ipv6 = 0, |
218 | .accept_dad = 0, |
219 | .suppress_frag_ndisc = 1, |
220 | .accept_ra_mtu = 1, |
221 | .stable_secret = { |
222 | .initialized = false, |
223 | }, |
224 | .use_oif_addrs_only = 0, |
225 | .ignore_routes_with_linkdown = 0, |
226 | .keep_addr_on_down = 0, |
227 | .seg6_enabled = 0, |
228 | #ifdef CONFIG_IPV6_SEG6_HMAC |
229 | .seg6_require_hmac = 0, |
230 | #endif |
231 | .enhanced_dad = 1, |
232 | .addr_gen_mode = IN6_ADDR_GEN_MODE_EUI64, |
233 | .disable_policy = 0, |
234 | .rpl_seg_enabled = 0, |
235 | .ioam6_enabled = 0, |
236 | .ioam6_id = IOAM6_DEFAULT_IF_ID, |
237 | .ioam6_id_wide = IOAM6_DEFAULT_IF_ID_WIDE, |
238 | .ndisc_evict_nocarrier = 1, |
239 | .ra_honor_pio_life = 0, |
240 | }; |
241 | |
242 | static struct ipv6_devconf ipv6_devconf_dflt __read_mostly = { |
243 | .forwarding = 0, |
244 | .hop_limit = IPV6_DEFAULT_HOPLIMIT, |
245 | .mtu6 = IPV6_MIN_MTU, |
246 | .accept_ra = 1, |
247 | .accept_redirects = 1, |
248 | .autoconf = 1, |
249 | .force_mld_version = 0, |
250 | .mldv1_unsolicited_report_interval = 10 * HZ, |
251 | .mldv2_unsolicited_report_interval = HZ, |
252 | .dad_transmits = 1, |
253 | .rtr_solicits = MAX_RTR_SOLICITATIONS, |
254 | .rtr_solicit_interval = RTR_SOLICITATION_INTERVAL, |
255 | .rtr_solicit_max_interval = RTR_SOLICITATION_MAX_INTERVAL, |
256 | .rtr_solicit_delay = MAX_RTR_SOLICITATION_DELAY, |
257 | .use_tempaddr = 0, |
258 | .temp_valid_lft = TEMP_VALID_LIFETIME, |
259 | .temp_prefered_lft = TEMP_PREFERRED_LIFETIME, |
260 | .regen_max_retry = REGEN_MAX_RETRY, |
261 | .max_desync_factor = MAX_DESYNC_FACTOR, |
262 | .max_addresses = IPV6_MAX_ADDRESSES, |
263 | .accept_ra_defrtr = 1, |
264 | .ra_defrtr_metric = IP6_RT_PRIO_USER, |
265 | .accept_ra_from_local = 0, |
266 | .accept_ra_min_hop_limit= 1, |
267 | .accept_ra_min_lft = 0, |
268 | .accept_ra_pinfo = 1, |
269 | #ifdef CONFIG_IPV6_ROUTER_PREF |
270 | .accept_ra_rtr_pref = 1, |
271 | .rtr_probe_interval = 60 * HZ, |
272 | #ifdef CONFIG_IPV6_ROUTE_INFO |
273 | .accept_ra_rt_info_min_plen = 0, |
274 | .accept_ra_rt_info_max_plen = 0, |
275 | #endif |
276 | #endif |
277 | .proxy_ndp = 0, |
278 | .accept_source_route = 0, /* we do not accept RH0 by default. */ |
279 | .disable_ipv6 = 0, |
280 | .accept_dad = 1, |
281 | .suppress_frag_ndisc = 1, |
282 | .accept_ra_mtu = 1, |
283 | .stable_secret = { |
284 | .initialized = false, |
285 | }, |
286 | .use_oif_addrs_only = 0, |
287 | .ignore_routes_with_linkdown = 0, |
288 | .keep_addr_on_down = 0, |
289 | .seg6_enabled = 0, |
290 | #ifdef CONFIG_IPV6_SEG6_HMAC |
291 | .seg6_require_hmac = 0, |
292 | #endif |
293 | .enhanced_dad = 1, |
294 | .addr_gen_mode = IN6_ADDR_GEN_MODE_EUI64, |
295 | .disable_policy = 0, |
296 | .rpl_seg_enabled = 0, |
297 | .ioam6_enabled = 0, |
298 | .ioam6_id = IOAM6_DEFAULT_IF_ID, |
299 | .ioam6_id_wide = IOAM6_DEFAULT_IF_ID_WIDE, |
300 | .ndisc_evict_nocarrier = 1, |
301 | .ra_honor_pio_life = 0, |
302 | }; |
303 | |
304 | /* Check if link is ready: is it up and is a valid qdisc available */ |
305 | static inline bool addrconf_link_ready(const struct net_device *dev) |
306 | { |
307 | return netif_oper_up(dev) && !qdisc_tx_is_noop(dev); |
308 | } |
309 | |
310 | static void addrconf_del_rs_timer(struct inet6_dev *idev) |
311 | { |
312 | if (del_timer(timer: &idev->rs_timer)) |
313 | __in6_dev_put(idev); |
314 | } |
315 | |
316 | static void addrconf_del_dad_work(struct inet6_ifaddr *ifp) |
317 | { |
318 | if (cancel_delayed_work(dwork: &ifp->dad_work)) |
319 | __in6_ifa_put(ifp); |
320 | } |
321 | |
322 | static void addrconf_mod_rs_timer(struct inet6_dev *idev, |
323 | unsigned long when) |
324 | { |
325 | if (!mod_timer(timer: &idev->rs_timer, expires: jiffies + when)) |
326 | in6_dev_hold(idev); |
327 | } |
328 | |
329 | static void addrconf_mod_dad_work(struct inet6_ifaddr *ifp, |
330 | unsigned long delay) |
331 | { |
332 | in6_ifa_hold(ifp); |
333 | if (mod_delayed_work(wq: addrconf_wq, dwork: &ifp->dad_work, delay)) |
334 | in6_ifa_put(ifp); |
335 | } |
336 | |
337 | static int snmp6_alloc_dev(struct inet6_dev *idev) |
338 | { |
339 | int i; |
340 | |
341 | idev->stats.ipv6 = alloc_percpu_gfp(struct ipstats_mib, GFP_KERNEL_ACCOUNT); |
342 | if (!idev->stats.ipv6) |
343 | goto err_ip; |
344 | |
345 | for_each_possible_cpu(i) { |
346 | struct ipstats_mib *addrconf_stats; |
347 | addrconf_stats = per_cpu_ptr(idev->stats.ipv6, i); |
348 | u64_stats_init(syncp: &addrconf_stats->syncp); |
349 | } |
350 | |
351 | |
352 | idev->stats.icmpv6dev = kzalloc(size: sizeof(struct icmpv6_mib_device), |
353 | GFP_KERNEL); |
354 | if (!idev->stats.icmpv6dev) |
355 | goto err_icmp; |
356 | idev->stats.icmpv6msgdev = kzalloc(size: sizeof(struct icmpv6msg_mib_device), |
357 | GFP_KERNEL_ACCOUNT); |
358 | if (!idev->stats.icmpv6msgdev) |
359 | goto err_icmpmsg; |
360 | |
361 | return 0; |
362 | |
363 | err_icmpmsg: |
364 | kfree(objp: idev->stats.icmpv6dev); |
365 | err_icmp: |
366 | free_percpu(pdata: idev->stats.ipv6); |
367 | err_ip: |
368 | return -ENOMEM; |
369 | } |
370 | |
371 | static struct inet6_dev *ipv6_add_dev(struct net_device *dev) |
372 | { |
373 | struct inet6_dev *ndev; |
374 | int err = -ENOMEM; |
375 | |
376 | ASSERT_RTNL(); |
377 | |
378 | if (dev->mtu < IPV6_MIN_MTU && dev != blackhole_netdev) |
379 | return ERR_PTR(error: -EINVAL); |
380 | |
381 | ndev = kzalloc(size: sizeof(*ndev), GFP_KERNEL_ACCOUNT); |
382 | if (!ndev) |
383 | return ERR_PTR(error: err); |
384 | |
385 | rwlock_init(&ndev->lock); |
386 | ndev->dev = dev; |
387 | INIT_LIST_HEAD(list: &ndev->addr_list); |
388 | timer_setup(&ndev->rs_timer, addrconf_rs_timer, 0); |
389 | memcpy(&ndev->cnf, dev_net(dev)->ipv6.devconf_dflt, sizeof(ndev->cnf)); |
390 | |
391 | if (ndev->cnf.stable_secret.initialized) |
392 | ndev->cnf.addr_gen_mode = IN6_ADDR_GEN_MODE_STABLE_PRIVACY; |
393 | |
394 | ndev->cnf.mtu6 = dev->mtu; |
395 | ndev->ra_mtu = 0; |
396 | ndev->nd_parms = neigh_parms_alloc(dev, tbl: &nd_tbl); |
397 | if (!ndev->nd_parms) { |
398 | kfree(objp: ndev); |
399 | return ERR_PTR(error: err); |
400 | } |
401 | if (ndev->cnf.forwarding) |
402 | dev_disable_lro(dev); |
403 | /* We refer to the device */ |
404 | netdev_hold(dev, tracker: &ndev->dev_tracker, GFP_KERNEL); |
405 | |
406 | if (snmp6_alloc_dev(idev: ndev) < 0) { |
407 | netdev_dbg(dev, "%s: cannot allocate memory for statistics\n" , |
408 | __func__); |
409 | neigh_parms_release(tbl: &nd_tbl, parms: ndev->nd_parms); |
410 | netdev_put(dev, tracker: &ndev->dev_tracker); |
411 | kfree(objp: ndev); |
412 | return ERR_PTR(error: err); |
413 | } |
414 | |
415 | if (dev != blackhole_netdev) { |
416 | if (snmp6_register_dev(idev: ndev) < 0) { |
417 | netdev_dbg(dev, "%s: cannot create /proc/net/dev_snmp6/%s\n" , |
418 | __func__, dev->name); |
419 | goto err_release; |
420 | } |
421 | } |
422 | /* One reference from device. */ |
423 | refcount_set(r: &ndev->refcnt, n: 1); |
424 | |
425 | if (dev->flags & (IFF_NOARP | IFF_LOOPBACK)) |
426 | ndev->cnf.accept_dad = -1; |
427 | |
428 | #if IS_ENABLED(CONFIG_IPV6_SIT) |
429 | if (dev->type == ARPHRD_SIT && (dev->priv_flags & IFF_ISATAP)) { |
430 | pr_info("%s: Disabled Multicast RS\n" , dev->name); |
431 | ndev->cnf.rtr_solicits = 0; |
432 | } |
433 | #endif |
434 | |
435 | INIT_LIST_HEAD(list: &ndev->tempaddr_list); |
436 | ndev->desync_factor = U32_MAX; |
437 | if ((dev->flags&IFF_LOOPBACK) || |
438 | dev->type == ARPHRD_TUNNEL || |
439 | dev->type == ARPHRD_TUNNEL6 || |
440 | dev->type == ARPHRD_SIT || |
441 | dev->type == ARPHRD_NONE) { |
442 | ndev->cnf.use_tempaddr = -1; |
443 | } |
444 | |
445 | ndev->token = in6addr_any; |
446 | |
447 | if (netif_running(dev) && addrconf_link_ready(dev)) |
448 | ndev->if_flags |= IF_READY; |
449 | |
450 | ipv6_mc_init_dev(idev: ndev); |
451 | ndev->tstamp = jiffies; |
452 | if (dev != blackhole_netdev) { |
453 | err = addrconf_sysctl_register(idev: ndev); |
454 | if (err) { |
455 | ipv6_mc_destroy_dev(idev: ndev); |
456 | snmp6_unregister_dev(idev: ndev); |
457 | goto err_release; |
458 | } |
459 | } |
460 | /* protected by rtnl_lock */ |
461 | rcu_assign_pointer(dev->ip6_ptr, ndev); |
462 | |
463 | if (dev != blackhole_netdev) { |
464 | /* Join interface-local all-node multicast group */ |
465 | ipv6_dev_mc_inc(dev, addr: &in6addr_interfacelocal_allnodes); |
466 | |
467 | /* Join all-node multicast group */ |
468 | ipv6_dev_mc_inc(dev, addr: &in6addr_linklocal_allnodes); |
469 | |
470 | /* Join all-router multicast group if forwarding is set */ |
471 | if (ndev->cnf.forwarding && (dev->flags & IFF_MULTICAST)) |
472 | ipv6_dev_mc_inc(dev, addr: &in6addr_linklocal_allrouters); |
473 | } |
474 | return ndev; |
475 | |
476 | err_release: |
477 | neigh_parms_release(tbl: &nd_tbl, parms: ndev->nd_parms); |
478 | ndev->dead = 1; |
479 | in6_dev_finish_destroy(idev: ndev); |
480 | return ERR_PTR(error: err); |
481 | } |
482 | |
483 | static struct inet6_dev *ipv6_find_idev(struct net_device *dev) |
484 | { |
485 | struct inet6_dev *idev; |
486 | |
487 | ASSERT_RTNL(); |
488 | |
489 | idev = __in6_dev_get(dev); |
490 | if (!idev) { |
491 | idev = ipv6_add_dev(dev); |
492 | if (IS_ERR(ptr: idev)) |
493 | return idev; |
494 | } |
495 | |
496 | if (dev->flags&IFF_UP) |
497 | ipv6_mc_up(idev); |
498 | return idev; |
499 | } |
500 | |
501 | static int inet6_netconf_msgsize_devconf(int type) |
502 | { |
503 | int size = NLMSG_ALIGN(sizeof(struct netconfmsg)) |
504 | + nla_total_size(payload: 4); /* NETCONFA_IFINDEX */ |
505 | bool all = false; |
506 | |
507 | if (type == NETCONFA_ALL) |
508 | all = true; |
509 | |
510 | if (all || type == NETCONFA_FORWARDING) |
511 | size += nla_total_size(payload: 4); |
512 | #ifdef CONFIG_IPV6_MROUTE |
513 | if (all || type == NETCONFA_MC_FORWARDING) |
514 | size += nla_total_size(payload: 4); |
515 | #endif |
516 | if (all || type == NETCONFA_PROXY_NEIGH) |
517 | size += nla_total_size(payload: 4); |
518 | |
519 | if (all || type == NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN) |
520 | size += nla_total_size(payload: 4); |
521 | |
522 | return size; |
523 | } |
524 | |
525 | static int inet6_netconf_fill_devconf(struct sk_buff *skb, int ifindex, |
526 | struct ipv6_devconf *devconf, u32 portid, |
527 | u32 seq, int event, unsigned int flags, |
528 | int type) |
529 | { |
530 | struct nlmsghdr *nlh; |
531 | struct netconfmsg *ncm; |
532 | bool all = false; |
533 | |
534 | nlh = nlmsg_put(skb, portid, seq, type: event, payload: sizeof(struct netconfmsg), |
535 | flags); |
536 | if (!nlh) |
537 | return -EMSGSIZE; |
538 | |
539 | if (type == NETCONFA_ALL) |
540 | all = true; |
541 | |
542 | ncm = nlmsg_data(nlh); |
543 | ncm->ncm_family = AF_INET6; |
544 | |
545 | if (nla_put_s32(skb, attrtype: NETCONFA_IFINDEX, value: ifindex) < 0) |
546 | goto nla_put_failure; |
547 | |
548 | if (!devconf) |
549 | goto out; |
550 | |
551 | if ((all || type == NETCONFA_FORWARDING) && |
552 | nla_put_s32(skb, attrtype: NETCONFA_FORWARDING, value: devconf->forwarding) < 0) |
553 | goto nla_put_failure; |
554 | #ifdef CONFIG_IPV6_MROUTE |
555 | if ((all || type == NETCONFA_MC_FORWARDING) && |
556 | nla_put_s32(skb, attrtype: NETCONFA_MC_FORWARDING, |
557 | value: atomic_read(v: &devconf->mc_forwarding)) < 0) |
558 | goto nla_put_failure; |
559 | #endif |
560 | if ((all || type == NETCONFA_PROXY_NEIGH) && |
561 | nla_put_s32(skb, attrtype: NETCONFA_PROXY_NEIGH, value: devconf->proxy_ndp) < 0) |
562 | goto nla_put_failure; |
563 | |
564 | if ((all || type == NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN) && |
565 | nla_put_s32(skb, attrtype: NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN, |
566 | value: devconf->ignore_routes_with_linkdown) < 0) |
567 | goto nla_put_failure; |
568 | |
569 | out: |
570 | nlmsg_end(skb, nlh); |
571 | return 0; |
572 | |
573 | nla_put_failure: |
574 | nlmsg_cancel(skb, nlh); |
575 | return -EMSGSIZE; |
576 | } |
577 | |
578 | void inet6_netconf_notify_devconf(struct net *net, int event, int type, |
579 | int ifindex, struct ipv6_devconf *devconf) |
580 | { |
581 | struct sk_buff *skb; |
582 | int err = -ENOBUFS; |
583 | |
584 | skb = nlmsg_new(payload: inet6_netconf_msgsize_devconf(type), GFP_KERNEL); |
585 | if (!skb) |
586 | goto errout; |
587 | |
588 | err = inet6_netconf_fill_devconf(skb, ifindex, devconf, portid: 0, seq: 0, |
589 | event, flags: 0, type); |
590 | if (err < 0) { |
591 | /* -EMSGSIZE implies BUG in inet6_netconf_msgsize_devconf() */ |
592 | WARN_ON(err == -EMSGSIZE); |
593 | kfree_skb(skb); |
594 | goto errout; |
595 | } |
596 | rtnl_notify(skb, net, pid: 0, RTNLGRP_IPV6_NETCONF, NULL, GFP_KERNEL); |
597 | return; |
598 | errout: |
599 | rtnl_set_sk_err(net, RTNLGRP_IPV6_NETCONF, error: err); |
600 | } |
601 | |
602 | static const struct nla_policy devconf_ipv6_policy[NETCONFA_MAX+1] = { |
603 | [NETCONFA_IFINDEX] = { .len = sizeof(int) }, |
604 | [NETCONFA_FORWARDING] = { .len = sizeof(int) }, |
605 | [NETCONFA_PROXY_NEIGH] = { .len = sizeof(int) }, |
606 | [NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN] = { .len = sizeof(int) }, |
607 | }; |
608 | |
609 | static int inet6_netconf_valid_get_req(struct sk_buff *skb, |
610 | const struct nlmsghdr *nlh, |
611 | struct nlattr **tb, |
612 | struct netlink_ext_ack *extack) |
613 | { |
614 | int i, err; |
615 | |
616 | if (nlh->nlmsg_len < nlmsg_msg_size(payload: sizeof(struct netconfmsg))) { |
617 | NL_SET_ERR_MSG_MOD(extack, "Invalid header for netconf get request" ); |
618 | return -EINVAL; |
619 | } |
620 | |
621 | if (!netlink_strict_get_check(skb)) |
622 | return nlmsg_parse_deprecated(nlh, hdrlen: sizeof(struct netconfmsg), |
623 | tb, NETCONFA_MAX, |
624 | policy: devconf_ipv6_policy, extack); |
625 | |
626 | err = nlmsg_parse_deprecated_strict(nlh, hdrlen: sizeof(struct netconfmsg), |
627 | tb, NETCONFA_MAX, |
628 | policy: devconf_ipv6_policy, extack); |
629 | if (err) |
630 | return err; |
631 | |
632 | for (i = 0; i <= NETCONFA_MAX; i++) { |
633 | if (!tb[i]) |
634 | continue; |
635 | |
636 | switch (i) { |
637 | case NETCONFA_IFINDEX: |
638 | break; |
639 | default: |
640 | NL_SET_ERR_MSG_MOD(extack, "Unsupported attribute in netconf get request" ); |
641 | return -EINVAL; |
642 | } |
643 | } |
644 | |
645 | return 0; |
646 | } |
647 | |
648 | static int inet6_netconf_get_devconf(struct sk_buff *in_skb, |
649 | struct nlmsghdr *nlh, |
650 | struct netlink_ext_ack *extack) |
651 | { |
652 | struct net *net = sock_net(sk: in_skb->sk); |
653 | struct nlattr *tb[NETCONFA_MAX+1]; |
654 | struct inet6_dev *in6_dev = NULL; |
655 | struct net_device *dev = NULL; |
656 | struct sk_buff *skb; |
657 | struct ipv6_devconf *devconf; |
658 | int ifindex; |
659 | int err; |
660 | |
661 | err = inet6_netconf_valid_get_req(skb: in_skb, nlh, tb, extack); |
662 | if (err < 0) |
663 | return err; |
664 | |
665 | if (!tb[NETCONFA_IFINDEX]) |
666 | return -EINVAL; |
667 | |
668 | err = -EINVAL; |
669 | ifindex = nla_get_s32(nla: tb[NETCONFA_IFINDEX]); |
670 | switch (ifindex) { |
671 | case NETCONFA_IFINDEX_ALL: |
672 | devconf = net->ipv6.devconf_all; |
673 | break; |
674 | case NETCONFA_IFINDEX_DEFAULT: |
675 | devconf = net->ipv6.devconf_dflt; |
676 | break; |
677 | default: |
678 | dev = dev_get_by_index(net, ifindex); |
679 | if (!dev) |
680 | return -EINVAL; |
681 | in6_dev = in6_dev_get(dev); |
682 | if (!in6_dev) |
683 | goto errout; |
684 | devconf = &in6_dev->cnf; |
685 | break; |
686 | } |
687 | |
688 | err = -ENOBUFS; |
689 | skb = nlmsg_new(payload: inet6_netconf_msgsize_devconf(NETCONFA_ALL), GFP_KERNEL); |
690 | if (!skb) |
691 | goto errout; |
692 | |
693 | err = inet6_netconf_fill_devconf(skb, ifindex, devconf, |
694 | NETLINK_CB(in_skb).portid, |
695 | seq: nlh->nlmsg_seq, RTM_NEWNETCONF, flags: 0, |
696 | NETCONFA_ALL); |
697 | if (err < 0) { |
698 | /* -EMSGSIZE implies BUG in inet6_netconf_msgsize_devconf() */ |
699 | WARN_ON(err == -EMSGSIZE); |
700 | kfree_skb(skb); |
701 | goto errout; |
702 | } |
703 | err = rtnl_unicast(skb, net, NETLINK_CB(in_skb).portid); |
704 | errout: |
705 | if (in6_dev) |
706 | in6_dev_put(idev: in6_dev); |
707 | dev_put(dev); |
708 | return err; |
709 | } |
710 | |
711 | static int inet6_netconf_dump_devconf(struct sk_buff *skb, |
712 | struct netlink_callback *cb) |
713 | { |
714 | const struct nlmsghdr *nlh = cb->nlh; |
715 | struct net *net = sock_net(sk: skb->sk); |
716 | int h, s_h; |
717 | int idx, s_idx; |
718 | struct net_device *dev; |
719 | struct inet6_dev *idev; |
720 | struct hlist_head *head; |
721 | |
722 | if (cb->strict_check) { |
723 | struct netlink_ext_ack *extack = cb->extack; |
724 | struct netconfmsg *ncm; |
725 | |
726 | if (nlh->nlmsg_len < nlmsg_msg_size(payload: sizeof(*ncm))) { |
727 | NL_SET_ERR_MSG_MOD(extack, "Invalid header for netconf dump request" ); |
728 | return -EINVAL; |
729 | } |
730 | |
731 | if (nlmsg_attrlen(nlh, hdrlen: sizeof(*ncm))) { |
732 | NL_SET_ERR_MSG_MOD(extack, "Invalid data after header in netconf dump request" ); |
733 | return -EINVAL; |
734 | } |
735 | } |
736 | |
737 | s_h = cb->args[0]; |
738 | s_idx = idx = cb->args[1]; |
739 | |
740 | for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) { |
741 | idx = 0; |
742 | head = &net->dev_index_head[h]; |
743 | rcu_read_lock(); |
744 | cb->seq = atomic_read(v: &net->ipv6.dev_addr_genid) ^ |
745 | net->dev_base_seq; |
746 | hlist_for_each_entry_rcu(dev, head, index_hlist) { |
747 | if (idx < s_idx) |
748 | goto cont; |
749 | idev = __in6_dev_get(dev); |
750 | if (!idev) |
751 | goto cont; |
752 | |
753 | if (inet6_netconf_fill_devconf(skb, ifindex: dev->ifindex, |
754 | devconf: &idev->cnf, |
755 | NETLINK_CB(cb->skb).portid, |
756 | seq: nlh->nlmsg_seq, |
757 | RTM_NEWNETCONF, |
758 | NLM_F_MULTI, |
759 | NETCONFA_ALL) < 0) { |
760 | rcu_read_unlock(); |
761 | goto done; |
762 | } |
763 | nl_dump_check_consistent(cb, nlh: nlmsg_hdr(skb)); |
764 | cont: |
765 | idx++; |
766 | } |
767 | rcu_read_unlock(); |
768 | } |
769 | if (h == NETDEV_HASHENTRIES) { |
770 | if (inet6_netconf_fill_devconf(skb, NETCONFA_IFINDEX_ALL, |
771 | devconf: net->ipv6.devconf_all, |
772 | NETLINK_CB(cb->skb).portid, |
773 | seq: nlh->nlmsg_seq, |
774 | RTM_NEWNETCONF, NLM_F_MULTI, |
775 | NETCONFA_ALL) < 0) |
776 | goto done; |
777 | else |
778 | h++; |
779 | } |
780 | if (h == NETDEV_HASHENTRIES + 1) { |
781 | if (inet6_netconf_fill_devconf(skb, NETCONFA_IFINDEX_DEFAULT, |
782 | devconf: net->ipv6.devconf_dflt, |
783 | NETLINK_CB(cb->skb).portid, |
784 | seq: nlh->nlmsg_seq, |
785 | RTM_NEWNETCONF, NLM_F_MULTI, |
786 | NETCONFA_ALL) < 0) |
787 | goto done; |
788 | else |
789 | h++; |
790 | } |
791 | done: |
792 | cb->args[0] = h; |
793 | cb->args[1] = idx; |
794 | |
795 | return skb->len; |
796 | } |
797 | |
798 | #ifdef CONFIG_SYSCTL |
799 | static void dev_forward_change(struct inet6_dev *idev) |
800 | { |
801 | struct net_device *dev; |
802 | struct inet6_ifaddr *ifa; |
803 | LIST_HEAD(tmp_addr_list); |
804 | |
805 | if (!idev) |
806 | return; |
807 | dev = idev->dev; |
808 | if (idev->cnf.forwarding) |
809 | dev_disable_lro(dev); |
810 | if (dev->flags & IFF_MULTICAST) { |
811 | if (idev->cnf.forwarding) { |
812 | ipv6_dev_mc_inc(dev, addr: &in6addr_linklocal_allrouters); |
813 | ipv6_dev_mc_inc(dev, addr: &in6addr_interfacelocal_allrouters); |
814 | ipv6_dev_mc_inc(dev, addr: &in6addr_sitelocal_allrouters); |
815 | } else { |
816 | ipv6_dev_mc_dec(dev, addr: &in6addr_linklocal_allrouters); |
817 | ipv6_dev_mc_dec(dev, addr: &in6addr_interfacelocal_allrouters); |
818 | ipv6_dev_mc_dec(dev, addr: &in6addr_sitelocal_allrouters); |
819 | } |
820 | } |
821 | |
822 | read_lock_bh(&idev->lock); |
823 | list_for_each_entry(ifa, &idev->addr_list, if_list) { |
824 | if (ifa->flags&IFA_F_TENTATIVE) |
825 | continue; |
826 | list_add_tail(new: &ifa->if_list_aux, head: &tmp_addr_list); |
827 | } |
828 | read_unlock_bh(&idev->lock); |
829 | |
830 | while (!list_empty(head: &tmp_addr_list)) { |
831 | ifa = list_first_entry(&tmp_addr_list, |
832 | struct inet6_ifaddr, if_list_aux); |
833 | list_del(entry: &ifa->if_list_aux); |
834 | if (idev->cnf.forwarding) |
835 | addrconf_join_anycast(ifp: ifa); |
836 | else |
837 | addrconf_leave_anycast(ifp: ifa); |
838 | } |
839 | |
840 | inet6_netconf_notify_devconf(net: dev_net(dev), RTM_NEWNETCONF, |
841 | type: NETCONFA_FORWARDING, |
842 | ifindex: dev->ifindex, devconf: &idev->cnf); |
843 | } |
844 | |
845 | |
846 | static void addrconf_forward_change(struct net *net, __s32 newf) |
847 | { |
848 | struct net_device *dev; |
849 | struct inet6_dev *idev; |
850 | |
851 | for_each_netdev(net, dev) { |
852 | idev = __in6_dev_get(dev); |
853 | if (idev) { |
854 | int changed = (!idev->cnf.forwarding) ^ (!newf); |
855 | idev->cnf.forwarding = newf; |
856 | if (changed) |
857 | dev_forward_change(idev); |
858 | } |
859 | } |
860 | } |
861 | |
862 | static int addrconf_fixup_forwarding(struct ctl_table *table, int *p, int newf) |
863 | { |
864 | struct net *net; |
865 | int old; |
866 | |
867 | if (!rtnl_trylock()) |
868 | return restart_syscall(); |
869 | |
870 | net = (struct net *)table->extra2; |
871 | old = *p; |
872 | *p = newf; |
873 | |
874 | if (p == &net->ipv6.devconf_dflt->forwarding) { |
875 | if ((!newf) ^ (!old)) |
876 | inet6_netconf_notify_devconf(net, RTM_NEWNETCONF, |
877 | type: NETCONFA_FORWARDING, |
878 | NETCONFA_IFINDEX_DEFAULT, |
879 | devconf: net->ipv6.devconf_dflt); |
880 | rtnl_unlock(); |
881 | return 0; |
882 | } |
883 | |
884 | if (p == &net->ipv6.devconf_all->forwarding) { |
885 | int old_dflt = net->ipv6.devconf_dflt->forwarding; |
886 | |
887 | net->ipv6.devconf_dflt->forwarding = newf; |
888 | if ((!newf) ^ (!old_dflt)) |
889 | inet6_netconf_notify_devconf(net, RTM_NEWNETCONF, |
890 | type: NETCONFA_FORWARDING, |
891 | NETCONFA_IFINDEX_DEFAULT, |
892 | devconf: net->ipv6.devconf_dflt); |
893 | |
894 | addrconf_forward_change(net, newf); |
895 | if ((!newf) ^ (!old)) |
896 | inet6_netconf_notify_devconf(net, RTM_NEWNETCONF, |
897 | type: NETCONFA_FORWARDING, |
898 | NETCONFA_IFINDEX_ALL, |
899 | devconf: net->ipv6.devconf_all); |
900 | } else if ((!newf) ^ (!old)) |
901 | dev_forward_change(idev: (struct inet6_dev *)table->extra1); |
902 | rtnl_unlock(); |
903 | |
904 | if (newf) |
905 | rt6_purge_dflt_routers(net); |
906 | return 1; |
907 | } |
908 | |
909 | static void addrconf_linkdown_change(struct net *net, __s32 newf) |
910 | { |
911 | struct net_device *dev; |
912 | struct inet6_dev *idev; |
913 | |
914 | for_each_netdev(net, dev) { |
915 | idev = __in6_dev_get(dev); |
916 | if (idev) { |
917 | int changed = (!idev->cnf.ignore_routes_with_linkdown) ^ (!newf); |
918 | |
919 | idev->cnf.ignore_routes_with_linkdown = newf; |
920 | if (changed) |
921 | inet6_netconf_notify_devconf(net: dev_net(dev), |
922 | RTM_NEWNETCONF, |
923 | type: NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN, |
924 | ifindex: dev->ifindex, |
925 | devconf: &idev->cnf); |
926 | } |
927 | } |
928 | } |
929 | |
930 | static int addrconf_fixup_linkdown(struct ctl_table *table, int *p, int newf) |
931 | { |
932 | struct net *net; |
933 | int old; |
934 | |
935 | if (!rtnl_trylock()) |
936 | return restart_syscall(); |
937 | |
938 | net = (struct net *)table->extra2; |
939 | old = *p; |
940 | *p = newf; |
941 | |
942 | if (p == &net->ipv6.devconf_dflt->ignore_routes_with_linkdown) { |
943 | if ((!newf) ^ (!old)) |
944 | inet6_netconf_notify_devconf(net, |
945 | RTM_NEWNETCONF, |
946 | type: NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN, |
947 | NETCONFA_IFINDEX_DEFAULT, |
948 | devconf: net->ipv6.devconf_dflt); |
949 | rtnl_unlock(); |
950 | return 0; |
951 | } |
952 | |
953 | if (p == &net->ipv6.devconf_all->ignore_routes_with_linkdown) { |
954 | net->ipv6.devconf_dflt->ignore_routes_with_linkdown = newf; |
955 | addrconf_linkdown_change(net, newf); |
956 | if ((!newf) ^ (!old)) |
957 | inet6_netconf_notify_devconf(net, |
958 | RTM_NEWNETCONF, |
959 | type: NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN, |
960 | NETCONFA_IFINDEX_ALL, |
961 | devconf: net->ipv6.devconf_all); |
962 | } |
963 | rtnl_unlock(); |
964 | |
965 | return 1; |
966 | } |
967 | |
968 | #endif |
969 | |
970 | /* Nobody refers to this ifaddr, destroy it */ |
971 | void inet6_ifa_finish_destroy(struct inet6_ifaddr *ifp) |
972 | { |
973 | WARN_ON(!hlist_unhashed(&ifp->addr_lst)); |
974 | |
975 | #ifdef NET_REFCNT_DEBUG |
976 | pr_debug("%s\n" , __func__); |
977 | #endif |
978 | |
979 | in6_dev_put(idev: ifp->idev); |
980 | |
981 | if (cancel_delayed_work(dwork: &ifp->dad_work)) |
982 | pr_notice("delayed DAD work was pending while freeing ifa=%p\n" , |
983 | ifp); |
984 | |
985 | if (ifp->state != INET6_IFADDR_STATE_DEAD) { |
986 | pr_warn("Freeing alive inet6 address %p\n" , ifp); |
987 | return; |
988 | } |
989 | |
990 | kfree_rcu(ifp, rcu); |
991 | } |
992 | |
993 | static void |
994 | ipv6_link_dev_addr(struct inet6_dev *idev, struct inet6_ifaddr *ifp) |
995 | { |
996 | struct list_head *p; |
997 | int ifp_scope = ipv6_addr_src_scope(addr: &ifp->addr); |
998 | |
999 | /* |
1000 | * Each device address list is sorted in order of scope - |
1001 | * global before linklocal. |
1002 | */ |
1003 | list_for_each(p, &idev->addr_list) { |
1004 | struct inet6_ifaddr *ifa |
1005 | = list_entry(p, struct inet6_ifaddr, if_list); |
1006 | if (ifp_scope >= ipv6_addr_src_scope(addr: &ifa->addr)) |
1007 | break; |
1008 | } |
1009 | |
1010 | list_add_tail_rcu(new: &ifp->if_list, head: p); |
1011 | } |
1012 | |
1013 | static u32 inet6_addr_hash(const struct net *net, const struct in6_addr *addr) |
1014 | { |
1015 | u32 val = ipv6_addr_hash(a: addr) ^ net_hash_mix(net); |
1016 | |
1017 | return hash_32(val, IN6_ADDR_HSIZE_SHIFT); |
1018 | } |
1019 | |
1020 | static bool ipv6_chk_same_addr(struct net *net, const struct in6_addr *addr, |
1021 | struct net_device *dev, unsigned int hash) |
1022 | { |
1023 | struct inet6_ifaddr *ifp; |
1024 | |
1025 | hlist_for_each_entry(ifp, &net->ipv6.inet6_addr_lst[hash], addr_lst) { |
1026 | if (ipv6_addr_equal(a1: &ifp->addr, a2: addr)) { |
1027 | if (!dev || ifp->idev->dev == dev) |
1028 | return true; |
1029 | } |
1030 | } |
1031 | return false; |
1032 | } |
1033 | |
1034 | static int ipv6_add_addr_hash(struct net_device *dev, struct inet6_ifaddr *ifa) |
1035 | { |
1036 | struct net *net = dev_net(dev); |
1037 | unsigned int hash = inet6_addr_hash(net, addr: &ifa->addr); |
1038 | int err = 0; |
1039 | |
1040 | spin_lock_bh(lock: &net->ipv6.addrconf_hash_lock); |
1041 | |
1042 | /* Ignore adding duplicate addresses on an interface */ |
1043 | if (ipv6_chk_same_addr(net, addr: &ifa->addr, dev, hash)) { |
1044 | netdev_dbg(dev, "ipv6_add_addr: already assigned\n" ); |
1045 | err = -EEXIST; |
1046 | } else { |
1047 | hlist_add_head_rcu(n: &ifa->addr_lst, h: &net->ipv6.inet6_addr_lst[hash]); |
1048 | } |
1049 | |
1050 | spin_unlock_bh(lock: &net->ipv6.addrconf_hash_lock); |
1051 | |
1052 | return err; |
1053 | } |
1054 | |
1055 | /* On success it returns ifp with increased reference count */ |
1056 | |
1057 | static struct inet6_ifaddr * |
1058 | ipv6_add_addr(struct inet6_dev *idev, struct ifa6_config *cfg, |
1059 | bool can_block, struct netlink_ext_ack *extack) |
1060 | { |
1061 | gfp_t gfp_flags = can_block ? GFP_KERNEL : GFP_ATOMIC; |
1062 | int addr_type = ipv6_addr_type(addr: cfg->pfx); |
1063 | struct net *net = dev_net(dev: idev->dev); |
1064 | struct inet6_ifaddr *ifa = NULL; |
1065 | struct fib6_info *f6i = NULL; |
1066 | int err = 0; |
1067 | |
1068 | if (addr_type == IPV6_ADDR_ANY) { |
1069 | NL_SET_ERR_MSG_MOD(extack, "Invalid address" ); |
1070 | return ERR_PTR(error: -EADDRNOTAVAIL); |
1071 | } else if (addr_type & IPV6_ADDR_MULTICAST && |
1072 | !(cfg->ifa_flags & IFA_F_MCAUTOJOIN)) { |
1073 | NL_SET_ERR_MSG_MOD(extack, "Cannot assign multicast address without \"IFA_F_MCAUTOJOIN\" flag" ); |
1074 | return ERR_PTR(error: -EADDRNOTAVAIL); |
1075 | } else if (!(idev->dev->flags & IFF_LOOPBACK) && |
1076 | !netif_is_l3_master(dev: idev->dev) && |
1077 | addr_type & IPV6_ADDR_LOOPBACK) { |
1078 | NL_SET_ERR_MSG_MOD(extack, "Cannot assign loopback address on this device" ); |
1079 | return ERR_PTR(error: -EADDRNOTAVAIL); |
1080 | } |
1081 | |
1082 | if (idev->dead) { |
1083 | NL_SET_ERR_MSG_MOD(extack, "device is going away" ); |
1084 | err = -ENODEV; |
1085 | goto out; |
1086 | } |
1087 | |
1088 | if (idev->cnf.disable_ipv6) { |
1089 | NL_SET_ERR_MSG_MOD(extack, "IPv6 is disabled on this device" ); |
1090 | err = -EACCES; |
1091 | goto out; |
1092 | } |
1093 | |
1094 | /* validator notifier needs to be blocking; |
1095 | * do not call in atomic context |
1096 | */ |
1097 | if (can_block) { |
1098 | struct in6_validator_info i6vi = { |
1099 | .i6vi_addr = *cfg->pfx, |
1100 | .i6vi_dev = idev, |
1101 | .extack = extack, |
1102 | }; |
1103 | |
1104 | err = inet6addr_validator_notifier_call_chain(val: NETDEV_UP, v: &i6vi); |
1105 | err = notifier_to_errno(ret: err); |
1106 | if (err < 0) |
1107 | goto out; |
1108 | } |
1109 | |
1110 | ifa = kzalloc(size: sizeof(*ifa), flags: gfp_flags | __GFP_ACCOUNT); |
1111 | if (!ifa) { |
1112 | err = -ENOBUFS; |
1113 | goto out; |
1114 | } |
1115 | |
1116 | f6i = addrconf_f6i_alloc(net, idev, addr: cfg->pfx, anycast: false, gfp_flags, extack); |
1117 | if (IS_ERR(ptr: f6i)) { |
1118 | err = PTR_ERR(ptr: f6i); |
1119 | f6i = NULL; |
1120 | goto out; |
1121 | } |
1122 | |
1123 | neigh_parms_data_state_setall(p: idev->nd_parms); |
1124 | |
1125 | ifa->addr = *cfg->pfx; |
1126 | if (cfg->peer_pfx) |
1127 | ifa->peer_addr = *cfg->peer_pfx; |
1128 | |
1129 | spin_lock_init(&ifa->lock); |
1130 | INIT_DELAYED_WORK(&ifa->dad_work, addrconf_dad_work); |
1131 | INIT_HLIST_NODE(h: &ifa->addr_lst); |
1132 | ifa->scope = cfg->scope; |
1133 | ifa->prefix_len = cfg->plen; |
1134 | ifa->rt_priority = cfg->rt_priority; |
1135 | ifa->flags = cfg->ifa_flags; |
1136 | ifa->ifa_proto = cfg->ifa_proto; |
1137 | /* No need to add the TENTATIVE flag for addresses with NODAD */ |
1138 | if (!(cfg->ifa_flags & IFA_F_NODAD)) |
1139 | ifa->flags |= IFA_F_TENTATIVE; |
1140 | ifa->valid_lft = cfg->valid_lft; |
1141 | ifa->prefered_lft = cfg->preferred_lft; |
1142 | ifa->cstamp = ifa->tstamp = jiffies; |
1143 | ifa->tokenized = false; |
1144 | |
1145 | ifa->rt = f6i; |
1146 | |
1147 | ifa->idev = idev; |
1148 | in6_dev_hold(idev); |
1149 | |
1150 | /* For caller */ |
1151 | refcount_set(r: &ifa->refcnt, n: 1); |
1152 | |
1153 | rcu_read_lock(); |
1154 | |
1155 | err = ipv6_add_addr_hash(dev: idev->dev, ifa); |
1156 | if (err < 0) { |
1157 | rcu_read_unlock(); |
1158 | goto out; |
1159 | } |
1160 | |
1161 | write_lock_bh(&idev->lock); |
1162 | |
1163 | /* Add to inet6_dev unicast addr list. */ |
1164 | ipv6_link_dev_addr(idev, ifp: ifa); |
1165 | |
1166 | if (ifa->flags&IFA_F_TEMPORARY) { |
1167 | list_add(new: &ifa->tmp_list, head: &idev->tempaddr_list); |
1168 | in6_ifa_hold(ifp: ifa); |
1169 | } |
1170 | |
1171 | in6_ifa_hold(ifp: ifa); |
1172 | write_unlock_bh(&idev->lock); |
1173 | |
1174 | rcu_read_unlock(); |
1175 | |
1176 | inet6addr_notifier_call_chain(val: NETDEV_UP, v: ifa); |
1177 | out: |
1178 | if (unlikely(err < 0)) { |
1179 | fib6_info_release(f6i); |
1180 | |
1181 | if (ifa) { |
1182 | if (ifa->idev) |
1183 | in6_dev_put(idev: ifa->idev); |
1184 | kfree(objp: ifa); |
1185 | } |
1186 | ifa = ERR_PTR(error: err); |
1187 | } |
1188 | |
1189 | return ifa; |
1190 | } |
1191 | |
1192 | enum cleanup_prefix_rt_t { |
1193 | CLEANUP_PREFIX_RT_NOP, /* no cleanup action for prefix route */ |
1194 | CLEANUP_PREFIX_RT_DEL, /* delete the prefix route */ |
1195 | CLEANUP_PREFIX_RT_EXPIRE, /* update the lifetime of the prefix route */ |
1196 | }; |
1197 | |
1198 | /* |
1199 | * Check, whether the prefix for ifp would still need a prefix route |
1200 | * after deleting ifp. The function returns one of the CLEANUP_PREFIX_RT_* |
1201 | * constants. |
1202 | * |
1203 | * 1) we don't purge prefix if address was not permanent. |
1204 | * prefix is managed by its own lifetime. |
1205 | * 2) we also don't purge, if the address was IFA_F_NOPREFIXROUTE. |
1206 | * 3) if there are no addresses, delete prefix. |
1207 | * 4) if there are still other permanent address(es), |
1208 | * corresponding prefix is still permanent. |
1209 | * 5) if there are still other addresses with IFA_F_NOPREFIXROUTE, |
1210 | * don't purge the prefix, assume user space is managing it. |
1211 | * 6) otherwise, update prefix lifetime to the |
1212 | * longest valid lifetime among the corresponding |
1213 | * addresses on the device. |
1214 | * Note: subsequent RA will update lifetime. |
1215 | **/ |
1216 | static enum cleanup_prefix_rt_t |
1217 | check_cleanup_prefix_route(struct inet6_ifaddr *ifp, unsigned long *expires) |
1218 | { |
1219 | struct inet6_ifaddr *ifa; |
1220 | struct inet6_dev *idev = ifp->idev; |
1221 | unsigned long lifetime; |
1222 | enum cleanup_prefix_rt_t action = CLEANUP_PREFIX_RT_DEL; |
1223 | |
1224 | *expires = jiffies; |
1225 | |
1226 | list_for_each_entry(ifa, &idev->addr_list, if_list) { |
1227 | if (ifa == ifp) |
1228 | continue; |
1229 | if (ifa->prefix_len != ifp->prefix_len || |
1230 | !ipv6_prefix_equal(addr1: &ifa->addr, addr2: &ifp->addr, |
1231 | prefixlen: ifp->prefix_len)) |
1232 | continue; |
1233 | if (ifa->flags & (IFA_F_PERMANENT | IFA_F_NOPREFIXROUTE)) |
1234 | return CLEANUP_PREFIX_RT_NOP; |
1235 | |
1236 | action = CLEANUP_PREFIX_RT_EXPIRE; |
1237 | |
1238 | spin_lock(lock: &ifa->lock); |
1239 | |
1240 | lifetime = addrconf_timeout_fixup(timeout: ifa->valid_lft, HZ); |
1241 | /* |
1242 | * Note: Because this address is |
1243 | * not permanent, lifetime < |
1244 | * LONG_MAX / HZ here. |
1245 | */ |
1246 | if (time_before(*expires, ifa->tstamp + lifetime * HZ)) |
1247 | *expires = ifa->tstamp + lifetime * HZ; |
1248 | spin_unlock(lock: &ifa->lock); |
1249 | } |
1250 | |
1251 | return action; |
1252 | } |
1253 | |
1254 | static void |
1255 | cleanup_prefix_route(struct inet6_ifaddr *ifp, unsigned long expires, |
1256 | bool del_rt, bool del_peer) |
1257 | { |
1258 | struct fib6_info *f6i; |
1259 | |
1260 | f6i = addrconf_get_prefix_route(pfx: del_peer ? &ifp->peer_addr : &ifp->addr, |
1261 | plen: ifp->prefix_len, |
1262 | dev: ifp->idev->dev, flags: 0, RTF_DEFAULT, no_gw: true); |
1263 | if (f6i) { |
1264 | if (del_rt) |
1265 | ip6_del_rt(net: dev_net(dev: ifp->idev->dev), f6i, skip_notify: false); |
1266 | else { |
1267 | if (!(f6i->fib6_flags & RTF_EXPIRES)) |
1268 | fib6_set_expires(f6i, expires); |
1269 | fib6_info_release(f6i); |
1270 | } |
1271 | } |
1272 | } |
1273 | |
1274 | |
1275 | /* This function wants to get referenced ifp and releases it before return */ |
1276 | |
1277 | static void ipv6_del_addr(struct inet6_ifaddr *ifp) |
1278 | { |
1279 | enum cleanup_prefix_rt_t action = CLEANUP_PREFIX_RT_NOP; |
1280 | struct net *net = dev_net(dev: ifp->idev->dev); |
1281 | unsigned long expires; |
1282 | int state; |
1283 | |
1284 | ASSERT_RTNL(); |
1285 | |
1286 | spin_lock_bh(lock: &ifp->lock); |
1287 | state = ifp->state; |
1288 | ifp->state = INET6_IFADDR_STATE_DEAD; |
1289 | spin_unlock_bh(lock: &ifp->lock); |
1290 | |
1291 | if (state == INET6_IFADDR_STATE_DEAD) |
1292 | goto out; |
1293 | |
1294 | spin_lock_bh(lock: &net->ipv6.addrconf_hash_lock); |
1295 | hlist_del_init_rcu(n: &ifp->addr_lst); |
1296 | spin_unlock_bh(lock: &net->ipv6.addrconf_hash_lock); |
1297 | |
1298 | write_lock_bh(&ifp->idev->lock); |
1299 | |
1300 | if (ifp->flags&IFA_F_TEMPORARY) { |
1301 | list_del(entry: &ifp->tmp_list); |
1302 | if (ifp->ifpub) { |
1303 | in6_ifa_put(ifp: ifp->ifpub); |
1304 | ifp->ifpub = NULL; |
1305 | } |
1306 | __in6_ifa_put(ifp); |
1307 | } |
1308 | |
1309 | if (ifp->flags & IFA_F_PERMANENT && !(ifp->flags & IFA_F_NOPREFIXROUTE)) |
1310 | action = check_cleanup_prefix_route(ifp, expires: &expires); |
1311 | |
1312 | list_del_rcu(entry: &ifp->if_list); |
1313 | __in6_ifa_put(ifp); |
1314 | |
1315 | write_unlock_bh(&ifp->idev->lock); |
1316 | |
1317 | addrconf_del_dad_work(ifp); |
1318 | |
1319 | ipv6_ifa_notify(RTM_DELADDR, ifa: ifp); |
1320 | |
1321 | inet6addr_notifier_call_chain(val: NETDEV_DOWN, v: ifp); |
1322 | |
1323 | if (action != CLEANUP_PREFIX_RT_NOP) { |
1324 | cleanup_prefix_route(ifp, expires, |
1325 | del_rt: action == CLEANUP_PREFIX_RT_DEL, del_peer: false); |
1326 | } |
1327 | |
1328 | /* clean up prefsrc entries */ |
1329 | rt6_remove_prefsrc(ifp); |
1330 | out: |
1331 | in6_ifa_put(ifp); |
1332 | } |
1333 | |
1334 | static int ipv6_create_tempaddr(struct inet6_ifaddr *ifp, bool block) |
1335 | { |
1336 | struct inet6_dev *idev = ifp->idev; |
1337 | unsigned long tmp_tstamp, age; |
1338 | unsigned long regen_advance; |
1339 | unsigned long now = jiffies; |
1340 | s32 cnf_temp_preferred_lft; |
1341 | struct inet6_ifaddr *ift; |
1342 | struct ifa6_config cfg; |
1343 | long max_desync_factor; |
1344 | struct in6_addr addr; |
1345 | int ret = 0; |
1346 | |
1347 | write_lock_bh(&idev->lock); |
1348 | |
1349 | retry: |
1350 | in6_dev_hold(idev); |
1351 | if (idev->cnf.use_tempaddr <= 0) { |
1352 | write_unlock_bh(&idev->lock); |
1353 | pr_info("%s: use_tempaddr is disabled\n" , __func__); |
1354 | in6_dev_put(idev); |
1355 | ret = -1; |
1356 | goto out; |
1357 | } |
1358 | spin_lock_bh(lock: &ifp->lock); |
1359 | if (ifp->regen_count++ >= idev->cnf.regen_max_retry) { |
1360 | idev->cnf.use_tempaddr = -1; /*XXX*/ |
1361 | spin_unlock_bh(lock: &ifp->lock); |
1362 | write_unlock_bh(&idev->lock); |
1363 | pr_warn("%s: regeneration time exceeded - disabled temporary address support\n" , |
1364 | __func__); |
1365 | in6_dev_put(idev); |
1366 | ret = -1; |
1367 | goto out; |
1368 | } |
1369 | in6_ifa_hold(ifp); |
1370 | memcpy(addr.s6_addr, ifp->addr.s6_addr, 8); |
1371 | ipv6_gen_rnd_iid(addr: &addr); |
1372 | |
1373 | age = (now - ifp->tstamp) / HZ; |
1374 | |
1375 | regen_advance = idev->cnf.regen_max_retry * |
1376 | idev->cnf.dad_transmits * |
1377 | max(NEIGH_VAR(idev->nd_parms, RETRANS_TIME), HZ/100) / HZ; |
1378 | |
1379 | /* recalculate max_desync_factor each time and update |
1380 | * idev->desync_factor if it's larger |
1381 | */ |
1382 | cnf_temp_preferred_lft = READ_ONCE(idev->cnf.temp_prefered_lft); |
1383 | max_desync_factor = min_t(long, |
1384 | idev->cnf.max_desync_factor, |
1385 | cnf_temp_preferred_lft - regen_advance); |
1386 | |
1387 | if (unlikely(idev->desync_factor > max_desync_factor)) { |
1388 | if (max_desync_factor > 0) { |
1389 | get_random_bytes(buf: &idev->desync_factor, |
1390 | len: sizeof(idev->desync_factor)); |
1391 | idev->desync_factor %= max_desync_factor; |
1392 | } else { |
1393 | idev->desync_factor = 0; |
1394 | } |
1395 | } |
1396 | |
1397 | memset(&cfg, 0, sizeof(cfg)); |
1398 | cfg.valid_lft = min_t(__u32, ifp->valid_lft, |
1399 | idev->cnf.temp_valid_lft + age); |
1400 | cfg.preferred_lft = cnf_temp_preferred_lft + age - idev->desync_factor; |
1401 | cfg.preferred_lft = min_t(__u32, ifp->prefered_lft, cfg.preferred_lft); |
1402 | cfg.preferred_lft = min_t(__u32, cfg.valid_lft, cfg.preferred_lft); |
1403 | |
1404 | cfg.plen = ifp->prefix_len; |
1405 | tmp_tstamp = ifp->tstamp; |
1406 | spin_unlock_bh(lock: &ifp->lock); |
1407 | |
1408 | write_unlock_bh(&idev->lock); |
1409 | |
1410 | /* From RFC 4941: |
1411 | * |
1412 | * A temporary address is created only if this calculated Preferred |
1413 | * Lifetime is greater than REGEN_ADVANCE time units. In |
1414 | * particular, an implementation must not create a temporary address |
1415 | * with a zero Preferred Lifetime. |
1416 | * |
1417 | * Clamp the preferred lifetime to a minimum of regen_advance, unless |
1418 | * that would exceed valid_lft. |
1419 | * |
1420 | * Use age calculation as in addrconf_verify to avoid unnecessary |
1421 | * temporary addresses being generated. |
1422 | */ |
1423 | age = (now - tmp_tstamp + ADDRCONF_TIMER_FUZZ_MINUS) / HZ; |
1424 | if (cfg.preferred_lft <= regen_advance + age) |
1425 | cfg.preferred_lft = regen_advance + age + 1; |
1426 | if (cfg.preferred_lft > cfg.valid_lft) { |
1427 | in6_ifa_put(ifp); |
1428 | in6_dev_put(idev); |
1429 | ret = -1; |
1430 | goto out; |
1431 | } |
1432 | |
1433 | cfg.ifa_flags = IFA_F_TEMPORARY; |
1434 | /* set in addrconf_prefix_rcv() */ |
1435 | if (ifp->flags & IFA_F_OPTIMISTIC) |
1436 | cfg.ifa_flags |= IFA_F_OPTIMISTIC; |
1437 | |
1438 | cfg.pfx = &addr; |
1439 | cfg.scope = ipv6_addr_scope(addr: cfg.pfx); |
1440 | |
1441 | ift = ipv6_add_addr(idev, cfg: &cfg, can_block: block, NULL); |
1442 | if (IS_ERR(ptr: ift)) { |
1443 | in6_ifa_put(ifp); |
1444 | in6_dev_put(idev); |
1445 | pr_info("%s: retry temporary address regeneration\n" , __func__); |
1446 | write_lock_bh(&idev->lock); |
1447 | goto retry; |
1448 | } |
1449 | |
1450 | spin_lock_bh(lock: &ift->lock); |
1451 | ift->ifpub = ifp; |
1452 | ift->cstamp = now; |
1453 | ift->tstamp = tmp_tstamp; |
1454 | spin_unlock_bh(lock: &ift->lock); |
1455 | |
1456 | addrconf_dad_start(ifp: ift); |
1457 | in6_ifa_put(ifp: ift); |
1458 | in6_dev_put(idev); |
1459 | out: |
1460 | return ret; |
1461 | } |
1462 | |
1463 | /* |
1464 | * Choose an appropriate source address (RFC3484) |
1465 | */ |
1466 | enum { |
1467 | IPV6_SADDR_RULE_INIT = 0, |
1468 | IPV6_SADDR_RULE_LOCAL, |
1469 | IPV6_SADDR_RULE_SCOPE, |
1470 | IPV6_SADDR_RULE_PREFERRED, |
1471 | #ifdef CONFIG_IPV6_MIP6 |
1472 | IPV6_SADDR_RULE_HOA, |
1473 | #endif |
1474 | IPV6_SADDR_RULE_OIF, |
1475 | IPV6_SADDR_RULE_LABEL, |
1476 | IPV6_SADDR_RULE_PRIVACY, |
1477 | IPV6_SADDR_RULE_ORCHID, |
1478 | IPV6_SADDR_RULE_PREFIX, |
1479 | #ifdef CONFIG_IPV6_OPTIMISTIC_DAD |
1480 | IPV6_SADDR_RULE_NOT_OPTIMISTIC, |
1481 | #endif |
1482 | IPV6_SADDR_RULE_MAX |
1483 | }; |
1484 | |
1485 | struct ipv6_saddr_score { |
1486 | int rule; |
1487 | int addr_type; |
1488 | struct inet6_ifaddr *ifa; |
1489 | DECLARE_BITMAP(scorebits, IPV6_SADDR_RULE_MAX); |
1490 | int scopedist; |
1491 | int matchlen; |
1492 | }; |
1493 | |
1494 | struct ipv6_saddr_dst { |
1495 | const struct in6_addr *addr; |
1496 | int ifindex; |
1497 | int scope; |
1498 | int label; |
1499 | unsigned int prefs; |
1500 | }; |
1501 | |
1502 | static inline int ipv6_saddr_preferred(int type) |
1503 | { |
1504 | if (type & (IPV6_ADDR_MAPPED|IPV6_ADDR_COMPATv4|IPV6_ADDR_LOOPBACK)) |
1505 | return 1; |
1506 | return 0; |
1507 | } |
1508 | |
1509 | static bool ipv6_use_optimistic_addr(struct net *net, |
1510 | struct inet6_dev *idev) |
1511 | { |
1512 | #ifdef CONFIG_IPV6_OPTIMISTIC_DAD |
1513 | if (!idev) |
1514 | return false; |
1515 | if (!net->ipv6.devconf_all->optimistic_dad && !idev->cnf.optimistic_dad) |
1516 | return false; |
1517 | if (!net->ipv6.devconf_all->use_optimistic && !idev->cnf.use_optimistic) |
1518 | return false; |
1519 | |
1520 | return true; |
1521 | #else |
1522 | return false; |
1523 | #endif |
1524 | } |
1525 | |
1526 | static bool ipv6_allow_optimistic_dad(struct net *net, |
1527 | struct inet6_dev *idev) |
1528 | { |
1529 | #ifdef CONFIG_IPV6_OPTIMISTIC_DAD |
1530 | if (!idev) |
1531 | return false; |
1532 | if (!net->ipv6.devconf_all->optimistic_dad && !idev->cnf.optimistic_dad) |
1533 | return false; |
1534 | |
1535 | return true; |
1536 | #else |
1537 | return false; |
1538 | #endif |
1539 | } |
1540 | |
1541 | static int ipv6_get_saddr_eval(struct net *net, |
1542 | struct ipv6_saddr_score *score, |
1543 | struct ipv6_saddr_dst *dst, |
1544 | int i) |
1545 | { |
1546 | int ret; |
1547 | |
1548 | if (i <= score->rule) { |
1549 | switch (i) { |
1550 | case IPV6_SADDR_RULE_SCOPE: |
1551 | ret = score->scopedist; |
1552 | break; |
1553 | case IPV6_SADDR_RULE_PREFIX: |
1554 | ret = score->matchlen; |
1555 | break; |
1556 | default: |
1557 | ret = !!test_bit(i, score->scorebits); |
1558 | } |
1559 | goto out; |
1560 | } |
1561 | |
1562 | switch (i) { |
1563 | case IPV6_SADDR_RULE_INIT: |
1564 | /* Rule 0: remember if hiscore is not ready yet */ |
1565 | ret = !!score->ifa; |
1566 | break; |
1567 | case IPV6_SADDR_RULE_LOCAL: |
1568 | /* Rule 1: Prefer same address */ |
1569 | ret = ipv6_addr_equal(a1: &score->ifa->addr, a2: dst->addr); |
1570 | break; |
1571 | case IPV6_SADDR_RULE_SCOPE: |
1572 | /* Rule 2: Prefer appropriate scope |
1573 | * |
1574 | * ret |
1575 | * ^ |
1576 | * -1 | d 15 |
1577 | * ---+--+-+---> scope |
1578 | * | |
1579 | * | d is scope of the destination. |
1580 | * B-d | \ |
1581 | * | \ <- smaller scope is better if |
1582 | * B-15 | \ if scope is enough for destination. |
1583 | * | ret = B - scope (-1 <= scope >= d <= 15). |
1584 | * d-C-1 | / |
1585 | * |/ <- greater is better |
1586 | * -C / if scope is not enough for destination. |
1587 | * /| ret = scope - C (-1 <= d < scope <= 15). |
1588 | * |
1589 | * d - C - 1 < B -15 (for all -1 <= d <= 15). |
1590 | * C > d + 14 - B >= 15 + 14 - B = 29 - B. |
1591 | * Assume B = 0 and we get C > 29. |
1592 | */ |
1593 | ret = __ipv6_addr_src_scope(type: score->addr_type); |
1594 | if (ret >= dst->scope) |
1595 | ret = -ret; |
1596 | else |
1597 | ret -= 128; /* 30 is enough */ |
1598 | score->scopedist = ret; |
1599 | break; |
1600 | case IPV6_SADDR_RULE_PREFERRED: |
1601 | { |
1602 | /* Rule 3: Avoid deprecated and optimistic addresses */ |
1603 | u8 avoid = IFA_F_DEPRECATED; |
1604 | |
1605 | if (!ipv6_use_optimistic_addr(net, idev: score->ifa->idev)) |
1606 | avoid |= IFA_F_OPTIMISTIC; |
1607 | ret = ipv6_saddr_preferred(type: score->addr_type) || |
1608 | !(score->ifa->flags & avoid); |
1609 | break; |
1610 | } |
1611 | #ifdef CONFIG_IPV6_MIP6 |
1612 | case IPV6_SADDR_RULE_HOA: |
1613 | { |
1614 | /* Rule 4: Prefer home address */ |
1615 | int prefhome = !(dst->prefs & IPV6_PREFER_SRC_COA); |
1616 | ret = !(score->ifa->flags & IFA_F_HOMEADDRESS) ^ prefhome; |
1617 | break; |
1618 | } |
1619 | #endif |
1620 | case IPV6_SADDR_RULE_OIF: |
1621 | /* Rule 5: Prefer outgoing interface */ |
1622 | ret = (!dst->ifindex || |
1623 | dst->ifindex == score->ifa->idev->dev->ifindex); |
1624 | break; |
1625 | case IPV6_SADDR_RULE_LABEL: |
1626 | /* Rule 6: Prefer matching label */ |
1627 | ret = ipv6_addr_label(net, |
1628 | addr: &score->ifa->addr, type: score->addr_type, |
1629 | ifindex: score->ifa->idev->dev->ifindex) == dst->label; |
1630 | break; |
1631 | case IPV6_SADDR_RULE_PRIVACY: |
1632 | { |
1633 | /* Rule 7: Prefer public address |
1634 | * Note: prefer temporary address if use_tempaddr >= 2 |
1635 | */ |
1636 | int preftmp = dst->prefs & (IPV6_PREFER_SRC_PUBLIC|IPV6_PREFER_SRC_TMP) ? |
1637 | !!(dst->prefs & IPV6_PREFER_SRC_TMP) : |
1638 | score->ifa->idev->cnf.use_tempaddr >= 2; |
1639 | ret = (!(score->ifa->flags & IFA_F_TEMPORARY)) ^ preftmp; |
1640 | break; |
1641 | } |
1642 | case IPV6_SADDR_RULE_ORCHID: |
1643 | /* Rule 8-: Prefer ORCHID vs ORCHID or |
1644 | * non-ORCHID vs non-ORCHID |
1645 | */ |
1646 | ret = !(ipv6_addr_orchid(a: &score->ifa->addr) ^ |
1647 | ipv6_addr_orchid(a: dst->addr)); |
1648 | break; |
1649 | case IPV6_SADDR_RULE_PREFIX: |
1650 | /* Rule 8: Use longest matching prefix */ |
1651 | ret = ipv6_addr_diff(a1: &score->ifa->addr, a2: dst->addr); |
1652 | if (ret > score->ifa->prefix_len) |
1653 | ret = score->ifa->prefix_len; |
1654 | score->matchlen = ret; |
1655 | break; |
1656 | #ifdef CONFIG_IPV6_OPTIMISTIC_DAD |
1657 | case IPV6_SADDR_RULE_NOT_OPTIMISTIC: |
1658 | /* Optimistic addresses still have lower precedence than other |
1659 | * preferred addresses. |
1660 | */ |
1661 | ret = !(score->ifa->flags & IFA_F_OPTIMISTIC); |
1662 | break; |
1663 | #endif |
1664 | default: |
1665 | ret = 0; |
1666 | } |
1667 | |
1668 | if (ret) |
1669 | __set_bit(i, score->scorebits); |
1670 | score->rule = i; |
1671 | out: |
1672 | return ret; |
1673 | } |
1674 | |
1675 | static int __ipv6_dev_get_saddr(struct net *net, |
1676 | struct ipv6_saddr_dst *dst, |
1677 | struct inet6_dev *idev, |
1678 | struct ipv6_saddr_score *scores, |
1679 | int hiscore_idx) |
1680 | { |
1681 | struct ipv6_saddr_score *score = &scores[1 - hiscore_idx], *hiscore = &scores[hiscore_idx]; |
1682 | |
1683 | list_for_each_entry_rcu(score->ifa, &idev->addr_list, if_list) { |
1684 | int i; |
1685 | |
1686 | /* |
1687 | * - Tentative Address (RFC2462 section 5.4) |
1688 | * - A tentative address is not considered |
1689 | * "assigned to an interface" in the traditional |
1690 | * sense, unless it is also flagged as optimistic. |
1691 | * - Candidate Source Address (section 4) |
1692 | * - In any case, anycast addresses, multicast |
1693 | * addresses, and the unspecified address MUST |
1694 | * NOT be included in a candidate set. |
1695 | */ |
1696 | if ((score->ifa->flags & IFA_F_TENTATIVE) && |
1697 | (!(score->ifa->flags & IFA_F_OPTIMISTIC))) |
1698 | continue; |
1699 | |
1700 | score->addr_type = __ipv6_addr_type(addr: &score->ifa->addr); |
1701 | |
1702 | if (unlikely(score->addr_type == IPV6_ADDR_ANY || |
1703 | score->addr_type & IPV6_ADDR_MULTICAST)) { |
1704 | net_dbg_ratelimited("ADDRCONF: unspecified / multicast address assigned as unicast address on %s" , |
1705 | idev->dev->name); |
1706 | continue; |
1707 | } |
1708 | |
1709 | score->rule = -1; |
1710 | bitmap_zero(dst: score->scorebits, nbits: IPV6_SADDR_RULE_MAX); |
1711 | |
1712 | for (i = 0; i < IPV6_SADDR_RULE_MAX; i++) { |
1713 | int minihiscore, miniscore; |
1714 | |
1715 | minihiscore = ipv6_get_saddr_eval(net, score: hiscore, dst, i); |
1716 | miniscore = ipv6_get_saddr_eval(net, score, dst, i); |
1717 | |
1718 | if (minihiscore > miniscore) { |
1719 | if (i == IPV6_SADDR_RULE_SCOPE && |
1720 | score->scopedist > 0) { |
1721 | /* |
1722 | * special case: |
1723 | * each remaining entry |
1724 | * has too small (not enough) |
1725 | * scope, because ifa entries |
1726 | * are sorted by their scope |
1727 | * values. |
1728 | */ |
1729 | goto out; |
1730 | } |
1731 | break; |
1732 | } else if (minihiscore < miniscore) { |
1733 | swap(hiscore, score); |
1734 | hiscore_idx = 1 - hiscore_idx; |
1735 | |
1736 | /* restore our iterator */ |
1737 | score->ifa = hiscore->ifa; |
1738 | |
1739 | break; |
1740 | } |
1741 | } |
1742 | } |
1743 | out: |
1744 | return hiscore_idx; |
1745 | } |
1746 | |
1747 | static int ipv6_get_saddr_master(struct net *net, |
1748 | const struct net_device *dst_dev, |
1749 | const struct net_device *master, |
1750 | struct ipv6_saddr_dst *dst, |
1751 | struct ipv6_saddr_score *scores, |
1752 | int hiscore_idx) |
1753 | { |
1754 | struct inet6_dev *idev; |
1755 | |
1756 | idev = __in6_dev_get(dev: dst_dev); |
1757 | if (idev) |
1758 | hiscore_idx = __ipv6_dev_get_saddr(net, dst, idev, |
1759 | scores, hiscore_idx); |
1760 | |
1761 | idev = __in6_dev_get(dev: master); |
1762 | if (idev) |
1763 | hiscore_idx = __ipv6_dev_get_saddr(net, dst, idev, |
1764 | scores, hiscore_idx); |
1765 | |
1766 | return hiscore_idx; |
1767 | } |
1768 | |
1769 | int ipv6_dev_get_saddr(struct net *net, const struct net_device *dst_dev, |
1770 | const struct in6_addr *daddr, unsigned int prefs, |
1771 | struct in6_addr *saddr) |
1772 | { |
1773 | struct ipv6_saddr_score scores[2], *hiscore; |
1774 | struct ipv6_saddr_dst dst; |
1775 | struct inet6_dev *idev; |
1776 | struct net_device *dev; |
1777 | int dst_type; |
1778 | bool use_oif_addr = false; |
1779 | int hiscore_idx = 0; |
1780 | int ret = 0; |
1781 | |
1782 | dst_type = __ipv6_addr_type(addr: daddr); |
1783 | dst.addr = daddr; |
1784 | dst.ifindex = dst_dev ? dst_dev->ifindex : 0; |
1785 | dst.scope = __ipv6_addr_src_scope(type: dst_type); |
1786 | dst.label = ipv6_addr_label(net, addr: daddr, type: dst_type, ifindex: dst.ifindex); |
1787 | dst.prefs = prefs; |
1788 | |
1789 | scores[hiscore_idx].rule = -1; |
1790 | scores[hiscore_idx].ifa = NULL; |
1791 | |
1792 | rcu_read_lock(); |
1793 | |
1794 | /* Candidate Source Address (section 4) |
1795 | * - multicast and link-local destination address, |
1796 | * the set of candidate source address MUST only |
1797 | * include addresses assigned to interfaces |
1798 | * belonging to the same link as the outgoing |
1799 | * interface. |
1800 | * (- For site-local destination addresses, the |
1801 | * set of candidate source addresses MUST only |
1802 | * include addresses assigned to interfaces |
1803 | * belonging to the same site as the outgoing |
1804 | * interface.) |
1805 | * - "It is RECOMMENDED that the candidate source addresses |
1806 | * be the set of unicast addresses assigned to the |
1807 | * interface that will be used to send to the destination |
1808 | * (the 'outgoing' interface)." (RFC 6724) |
1809 | */ |
1810 | if (dst_dev) { |
1811 | idev = __in6_dev_get(dev: dst_dev); |
1812 | if ((dst_type & IPV6_ADDR_MULTICAST) || |
1813 | dst.scope <= IPV6_ADDR_SCOPE_LINKLOCAL || |
1814 | (idev && idev->cnf.use_oif_addrs_only)) { |
1815 | use_oif_addr = true; |
1816 | } |
1817 | } |
1818 | |
1819 | if (use_oif_addr) { |
1820 | if (idev) |
1821 | hiscore_idx = __ipv6_dev_get_saddr(net, dst: &dst, idev, scores, hiscore_idx); |
1822 | } else { |
1823 | const struct net_device *master; |
1824 | int master_idx = 0; |
1825 | |
1826 | /* if dst_dev exists and is enslaved to an L3 device, then |
1827 | * prefer addresses from dst_dev and then the master over |
1828 | * any other enslaved devices in the L3 domain. |
1829 | */ |
1830 | master = l3mdev_master_dev_rcu(dev: dst_dev); |
1831 | if (master) { |
1832 | master_idx = master->ifindex; |
1833 | |
1834 | hiscore_idx = ipv6_get_saddr_master(net, dst_dev, |
1835 | master, dst: &dst, |
1836 | scores, hiscore_idx); |
1837 | |
1838 | if (scores[hiscore_idx].ifa) |
1839 | goto out; |
1840 | } |
1841 | |
1842 | for_each_netdev_rcu(net, dev) { |
1843 | /* only consider addresses on devices in the |
1844 | * same L3 domain |
1845 | */ |
1846 | if (l3mdev_master_ifindex_rcu(dev) != master_idx) |
1847 | continue; |
1848 | idev = __in6_dev_get(dev); |
1849 | if (!idev) |
1850 | continue; |
1851 | hiscore_idx = __ipv6_dev_get_saddr(net, dst: &dst, idev, scores, hiscore_idx); |
1852 | } |
1853 | } |
1854 | |
1855 | out: |
1856 | hiscore = &scores[hiscore_idx]; |
1857 | if (!hiscore->ifa) |
1858 | ret = -EADDRNOTAVAIL; |
1859 | else |
1860 | *saddr = hiscore->ifa->addr; |
1861 | |
1862 | rcu_read_unlock(); |
1863 | return ret; |
1864 | } |
1865 | EXPORT_SYMBOL(ipv6_dev_get_saddr); |
1866 | |
1867 | static int __ipv6_get_lladdr(struct inet6_dev *idev, struct in6_addr *addr, |
1868 | u32 banned_flags) |
1869 | { |
1870 | struct inet6_ifaddr *ifp; |
1871 | int err = -EADDRNOTAVAIL; |
1872 | |
1873 | list_for_each_entry_reverse(ifp, &idev->addr_list, if_list) { |
1874 | if (ifp->scope > IFA_LINK) |
1875 | break; |
1876 | if (ifp->scope == IFA_LINK && |
1877 | !(ifp->flags & banned_flags)) { |
1878 | *addr = ifp->addr; |
1879 | err = 0; |
1880 | break; |
1881 | } |
1882 | } |
1883 | return err; |
1884 | } |
1885 | |
1886 | int ipv6_get_lladdr(struct net_device *dev, struct in6_addr *addr, |
1887 | u32 banned_flags) |
1888 | { |
1889 | struct inet6_dev *idev; |
1890 | int err = -EADDRNOTAVAIL; |
1891 | |
1892 | rcu_read_lock(); |
1893 | idev = __in6_dev_get(dev); |
1894 | if (idev) { |
1895 | read_lock_bh(&idev->lock); |
1896 | err = __ipv6_get_lladdr(idev, addr, banned_flags); |
1897 | read_unlock_bh(&idev->lock); |
1898 | } |
1899 | rcu_read_unlock(); |
1900 | return err; |
1901 | } |
1902 | |
1903 | static int ipv6_count_addresses(const struct inet6_dev *idev) |
1904 | { |
1905 | const struct inet6_ifaddr *ifp; |
1906 | int cnt = 0; |
1907 | |
1908 | rcu_read_lock(); |
1909 | list_for_each_entry_rcu(ifp, &idev->addr_list, if_list) |
1910 | cnt++; |
1911 | rcu_read_unlock(); |
1912 | return cnt; |
1913 | } |
1914 | |
1915 | int ipv6_chk_addr(struct net *net, const struct in6_addr *addr, |
1916 | const struct net_device *dev, int strict) |
1917 | { |
1918 | return ipv6_chk_addr_and_flags(net, addr, dev, skip_dev_check: !dev, |
1919 | strict, IFA_F_TENTATIVE); |
1920 | } |
1921 | EXPORT_SYMBOL(ipv6_chk_addr); |
1922 | |
1923 | /* device argument is used to find the L3 domain of interest. If |
1924 | * skip_dev_check is set, then the ifp device is not checked against |
1925 | * the passed in dev argument. So the 2 cases for addresses checks are: |
1926 | * 1. does the address exist in the L3 domain that dev is part of |
1927 | * (skip_dev_check = true), or |
1928 | * |
1929 | * 2. does the address exist on the specific device |
1930 | * (skip_dev_check = false) |
1931 | */ |
1932 | static struct net_device * |
1933 | __ipv6_chk_addr_and_flags(struct net *net, const struct in6_addr *addr, |
1934 | const struct net_device *dev, bool skip_dev_check, |
1935 | int strict, u32 banned_flags) |
1936 | { |
1937 | unsigned int hash = inet6_addr_hash(net, addr); |
1938 | struct net_device *l3mdev, *ndev; |
1939 | struct inet6_ifaddr *ifp; |
1940 | u32 ifp_flags; |
1941 | |
1942 | rcu_read_lock(); |
1943 | |
1944 | l3mdev = l3mdev_master_dev_rcu(dev: dev); |
1945 | if (skip_dev_check) |
1946 | dev = NULL; |
1947 | |
1948 | hlist_for_each_entry_rcu(ifp, &net->ipv6.inet6_addr_lst[hash], addr_lst) { |
1949 | ndev = ifp->idev->dev; |
1950 | |
1951 | if (l3mdev_master_dev_rcu(dev: ndev) != l3mdev) |
1952 | continue; |
1953 | |
1954 | /* Decouple optimistic from tentative for evaluation here. |
1955 | * Ban optimistic addresses explicitly, when required. |
1956 | */ |
1957 | ifp_flags = (ifp->flags&IFA_F_OPTIMISTIC) |
1958 | ? (ifp->flags&~IFA_F_TENTATIVE) |
1959 | : ifp->flags; |
1960 | if (ipv6_addr_equal(a1: &ifp->addr, a2: addr) && |
1961 | !(ifp_flags&banned_flags) && |
1962 | (!dev || ndev == dev || |
1963 | !(ifp->scope&(IFA_LINK|IFA_HOST) || strict))) { |
1964 | rcu_read_unlock(); |
1965 | return ndev; |
1966 | } |
1967 | } |
1968 | |
1969 | rcu_read_unlock(); |
1970 | return NULL; |
1971 | } |
1972 | |
1973 | int ipv6_chk_addr_and_flags(struct net *net, const struct in6_addr *addr, |
1974 | const struct net_device *dev, bool skip_dev_check, |
1975 | int strict, u32 banned_flags) |
1976 | { |
1977 | return __ipv6_chk_addr_and_flags(net, addr, dev, skip_dev_check, |
1978 | strict, banned_flags) ? 1 : 0; |
1979 | } |
1980 | EXPORT_SYMBOL(ipv6_chk_addr_and_flags); |
1981 | |
1982 | |
1983 | /* Compares an address/prefix_len with addresses on device @dev. |
1984 | * If one is found it returns true. |
1985 | */ |
1986 | bool ipv6_chk_custom_prefix(const struct in6_addr *addr, |
1987 | const unsigned int prefix_len, struct net_device *dev) |
1988 | { |
1989 | const struct inet6_ifaddr *ifa; |
1990 | const struct inet6_dev *idev; |
1991 | bool ret = false; |
1992 | |
1993 | rcu_read_lock(); |
1994 | idev = __in6_dev_get(dev); |
1995 | if (idev) { |
1996 | list_for_each_entry_rcu(ifa, &idev->addr_list, if_list) { |
1997 | ret = ipv6_prefix_equal(addr1: addr, addr2: &ifa->addr, prefixlen: prefix_len); |
1998 | if (ret) |
1999 | break; |
2000 | } |
2001 | } |
2002 | rcu_read_unlock(); |
2003 | |
2004 | return ret; |
2005 | } |
2006 | EXPORT_SYMBOL(ipv6_chk_custom_prefix); |
2007 | |
2008 | int ipv6_chk_prefix(const struct in6_addr *addr, struct net_device *dev) |
2009 | { |
2010 | const struct inet6_ifaddr *ifa; |
2011 | const struct inet6_dev *idev; |
2012 | int onlink; |
2013 | |
2014 | onlink = 0; |
2015 | rcu_read_lock(); |
2016 | idev = __in6_dev_get(dev); |
2017 | if (idev) { |
2018 | list_for_each_entry_rcu(ifa, &idev->addr_list, if_list) { |
2019 | onlink = ipv6_prefix_equal(addr1: addr, addr2: &ifa->addr, |
2020 | prefixlen: ifa->prefix_len); |
2021 | if (onlink) |
2022 | break; |
2023 | } |
2024 | } |
2025 | rcu_read_unlock(); |
2026 | return onlink; |
2027 | } |
2028 | EXPORT_SYMBOL(ipv6_chk_prefix); |
2029 | |
2030 | /** |
2031 | * ipv6_dev_find - find the first device with a given source address. |
2032 | * @net: the net namespace |
2033 | * @addr: the source address |
2034 | * @dev: used to find the L3 domain of interest |
2035 | * |
2036 | * The caller should be protected by RCU, or RTNL. |
2037 | */ |
2038 | struct net_device *ipv6_dev_find(struct net *net, const struct in6_addr *addr, |
2039 | struct net_device *dev) |
2040 | { |
2041 | return __ipv6_chk_addr_and_flags(net, addr, dev, skip_dev_check: !dev, strict: 1, |
2042 | IFA_F_TENTATIVE); |
2043 | } |
2044 | EXPORT_SYMBOL(ipv6_dev_find); |
2045 | |
2046 | struct inet6_ifaddr *ipv6_get_ifaddr(struct net *net, const struct in6_addr *addr, |
2047 | struct net_device *dev, int strict) |
2048 | { |
2049 | unsigned int hash = inet6_addr_hash(net, addr); |
2050 | struct inet6_ifaddr *ifp, *result = NULL; |
2051 | |
2052 | rcu_read_lock(); |
2053 | hlist_for_each_entry_rcu(ifp, &net->ipv6.inet6_addr_lst[hash], addr_lst) { |
2054 | if (ipv6_addr_equal(a1: &ifp->addr, a2: addr)) { |
2055 | if (!dev || ifp->idev->dev == dev || |
2056 | !(ifp->scope&(IFA_LINK|IFA_HOST) || strict)) { |
2057 | result = ifp; |
2058 | in6_ifa_hold(ifp); |
2059 | break; |
2060 | } |
2061 | } |
2062 | } |
2063 | rcu_read_unlock(); |
2064 | |
2065 | return result; |
2066 | } |
2067 | |
2068 | /* Gets referenced address, destroys ifaddr */ |
2069 | |
2070 | static void addrconf_dad_stop(struct inet6_ifaddr *ifp, int dad_failed) |
2071 | { |
2072 | if (dad_failed) |
2073 | ifp->flags |= IFA_F_DADFAILED; |
2074 | |
2075 | if (ifp->flags&IFA_F_TEMPORARY) { |
2076 | struct inet6_ifaddr *ifpub; |
2077 | spin_lock_bh(lock: &ifp->lock); |
2078 | ifpub = ifp->ifpub; |
2079 | if (ifpub) { |
2080 | in6_ifa_hold(ifp: ifpub); |
2081 | spin_unlock_bh(lock: &ifp->lock); |
2082 | ipv6_create_tempaddr(ifp: ifpub, block: true); |
2083 | in6_ifa_put(ifp: ifpub); |
2084 | } else { |
2085 | spin_unlock_bh(lock: &ifp->lock); |
2086 | } |
2087 | ipv6_del_addr(ifp); |
2088 | } else if (ifp->flags&IFA_F_PERMANENT || !dad_failed) { |
2089 | spin_lock_bh(lock: &ifp->lock); |
2090 | addrconf_del_dad_work(ifp); |
2091 | ifp->flags |= IFA_F_TENTATIVE; |
2092 | if (dad_failed) |
2093 | ifp->flags &= ~IFA_F_OPTIMISTIC; |
2094 | spin_unlock_bh(lock: &ifp->lock); |
2095 | if (dad_failed) |
2096 | ipv6_ifa_notify(event: 0, ifa: ifp); |
2097 | in6_ifa_put(ifp); |
2098 | } else { |
2099 | ipv6_del_addr(ifp); |
2100 | } |
2101 | } |
2102 | |
2103 | static int addrconf_dad_end(struct inet6_ifaddr *ifp) |
2104 | { |
2105 | int err = -ENOENT; |
2106 | |
2107 | spin_lock_bh(lock: &ifp->lock); |
2108 | if (ifp->state == INET6_IFADDR_STATE_DAD) { |
2109 | ifp->state = INET6_IFADDR_STATE_POSTDAD; |
2110 | err = 0; |
2111 | } |
2112 | spin_unlock_bh(lock: &ifp->lock); |
2113 | |
2114 | return err; |
2115 | } |
2116 | |
2117 | void addrconf_dad_failure(struct sk_buff *skb, struct inet6_ifaddr *ifp) |
2118 | { |
2119 | struct inet6_dev *idev = ifp->idev; |
2120 | struct net *net = dev_net(dev: idev->dev); |
2121 | |
2122 | if (addrconf_dad_end(ifp)) { |
2123 | in6_ifa_put(ifp); |
2124 | return; |
2125 | } |
2126 | |
2127 | net_info_ratelimited("%s: IPv6 duplicate address %pI6c used by %pM detected!\n" , |
2128 | ifp->idev->dev->name, &ifp->addr, eth_hdr(skb)->h_source); |
2129 | |
2130 | spin_lock_bh(lock: &ifp->lock); |
2131 | |
2132 | if (ifp->flags & IFA_F_STABLE_PRIVACY) { |
2133 | struct in6_addr new_addr; |
2134 | struct inet6_ifaddr *ifp2; |
2135 | int retries = ifp->stable_privacy_retry + 1; |
2136 | struct ifa6_config cfg = { |
2137 | .pfx = &new_addr, |
2138 | .plen = ifp->prefix_len, |
2139 | .ifa_flags = ifp->flags, |
2140 | .valid_lft = ifp->valid_lft, |
2141 | .preferred_lft = ifp->prefered_lft, |
2142 | .scope = ifp->scope, |
2143 | }; |
2144 | |
2145 | if (retries > net->ipv6.sysctl.idgen_retries) { |
2146 | net_info_ratelimited("%s: privacy stable address generation failed because of DAD conflicts!\n" , |
2147 | ifp->idev->dev->name); |
2148 | goto errdad; |
2149 | } |
2150 | |
2151 | new_addr = ifp->addr; |
2152 | if (ipv6_generate_stable_address(addr: &new_addr, dad_count: retries, |
2153 | idev)) |
2154 | goto errdad; |
2155 | |
2156 | spin_unlock_bh(lock: &ifp->lock); |
2157 | |
2158 | if (idev->cnf.max_addresses && |
2159 | ipv6_count_addresses(idev) >= |
2160 | idev->cnf.max_addresses) |
2161 | goto lock_errdad; |
2162 | |
2163 | net_info_ratelimited("%s: generating new stable privacy address because of DAD conflict\n" , |
2164 | ifp->idev->dev->name); |
2165 | |
2166 | ifp2 = ipv6_add_addr(idev, cfg: &cfg, can_block: false, NULL); |
2167 | if (IS_ERR(ptr: ifp2)) |
2168 | goto lock_errdad; |
2169 | |
2170 | spin_lock_bh(lock: &ifp2->lock); |
2171 | ifp2->stable_privacy_retry = retries; |
2172 | ifp2->state = INET6_IFADDR_STATE_PREDAD; |
2173 | spin_unlock_bh(lock: &ifp2->lock); |
2174 | |
2175 | addrconf_mod_dad_work(ifp: ifp2, delay: net->ipv6.sysctl.idgen_delay); |
2176 | in6_ifa_put(ifp: ifp2); |
2177 | lock_errdad: |
2178 | spin_lock_bh(lock: &ifp->lock); |
2179 | } |
2180 | |
2181 | errdad: |
2182 | /* transition from _POSTDAD to _ERRDAD */ |
2183 | ifp->state = INET6_IFADDR_STATE_ERRDAD; |
2184 | spin_unlock_bh(lock: &ifp->lock); |
2185 | |
2186 | addrconf_mod_dad_work(ifp, delay: 0); |
2187 | in6_ifa_put(ifp); |
2188 | } |
2189 | |
2190 | /* Join to solicited addr multicast group. |
2191 | * caller must hold RTNL */ |
2192 | void addrconf_join_solict(struct net_device *dev, const struct in6_addr *addr) |
2193 | { |
2194 | struct in6_addr maddr; |
2195 | |
2196 | if (dev->flags&(IFF_LOOPBACK|IFF_NOARP)) |
2197 | return; |
2198 | |
2199 | addrconf_addr_solict_mult(addr, solicited: &maddr); |
2200 | ipv6_dev_mc_inc(dev, addr: &maddr); |
2201 | } |
2202 | |
2203 | /* caller must hold RTNL */ |
2204 | void addrconf_leave_solict(struct inet6_dev *idev, const struct in6_addr *addr) |
2205 | { |
2206 | struct in6_addr maddr; |
2207 | |
2208 | if (idev->dev->flags&(IFF_LOOPBACK|IFF_NOARP)) |
2209 | return; |
2210 | |
2211 | addrconf_addr_solict_mult(addr, solicited: &maddr); |
2212 | __ipv6_dev_mc_dec(idev, addr: &maddr); |
2213 | } |
2214 | |
2215 | /* caller must hold RTNL */ |
2216 | static void addrconf_join_anycast(struct inet6_ifaddr *ifp) |
2217 | { |
2218 | struct in6_addr addr; |
2219 | |
2220 | if (ifp->prefix_len >= 127) /* RFC 6164 */ |
2221 | return; |
2222 | ipv6_addr_prefix(pfx: &addr, addr: &ifp->addr, plen: ifp->prefix_len); |
2223 | if (ipv6_addr_any(a: &addr)) |
2224 | return; |
2225 | __ipv6_dev_ac_inc(idev: ifp->idev, addr: &addr); |
2226 | } |
2227 | |
2228 | /* caller must hold RTNL */ |
2229 | static void addrconf_leave_anycast(struct inet6_ifaddr *ifp) |
2230 | { |
2231 | struct in6_addr addr; |
2232 | |
2233 | if (ifp->prefix_len >= 127) /* RFC 6164 */ |
2234 | return; |
2235 | ipv6_addr_prefix(pfx: &addr, addr: &ifp->addr, plen: ifp->prefix_len); |
2236 | if (ipv6_addr_any(a: &addr)) |
2237 | return; |
2238 | __ipv6_dev_ac_dec(idev: ifp->idev, addr: &addr); |
2239 | } |
2240 | |
2241 | static int addrconf_ifid_6lowpan(u8 *eui, struct net_device *dev) |
2242 | { |
2243 | switch (dev->addr_len) { |
2244 | case ETH_ALEN: |
2245 | memcpy(eui, dev->dev_addr, 3); |
2246 | eui[3] = 0xFF; |
2247 | eui[4] = 0xFE; |
2248 | memcpy(eui + 5, dev->dev_addr + 3, 3); |
2249 | break; |
2250 | case EUI64_ADDR_LEN: |
2251 | memcpy(eui, dev->dev_addr, EUI64_ADDR_LEN); |
2252 | eui[0] ^= 2; |
2253 | break; |
2254 | default: |
2255 | return -1; |
2256 | } |
2257 | |
2258 | return 0; |
2259 | } |
2260 | |
2261 | static int addrconf_ifid_ieee1394(u8 *eui, struct net_device *dev) |
2262 | { |
2263 | const union fwnet_hwaddr *ha; |
2264 | |
2265 | if (dev->addr_len != FWNET_ALEN) |
2266 | return -1; |
2267 | |
2268 | ha = (const union fwnet_hwaddr *)dev->dev_addr; |
2269 | |
2270 | memcpy(eui, &ha->uc.uniq_id, sizeof(ha->uc.uniq_id)); |
2271 | eui[0] ^= 2; |
2272 | return 0; |
2273 | } |
2274 | |
2275 | static int addrconf_ifid_arcnet(u8 *eui, struct net_device *dev) |
2276 | { |
2277 | /* XXX: inherit EUI-64 from other interface -- yoshfuji */ |
2278 | if (dev->addr_len != ARCNET_ALEN) |
2279 | return -1; |
2280 | memset(eui, 0, 7); |
2281 | eui[7] = *(u8 *)dev->dev_addr; |
2282 | return 0; |
2283 | } |
2284 | |
2285 | static int addrconf_ifid_infiniband(u8 *eui, struct net_device *dev) |
2286 | { |
2287 | if (dev->addr_len != INFINIBAND_ALEN) |
2288 | return -1; |
2289 | memcpy(eui, dev->dev_addr + 12, 8); |
2290 | eui[0] |= 2; |
2291 | return 0; |
2292 | } |
2293 | |
2294 | static int __ipv6_isatap_ifid(u8 *eui, __be32 addr) |
2295 | { |
2296 | if (addr == 0) |
2297 | return -1; |
2298 | eui[0] = (ipv4_is_zeronet(addr) || ipv4_is_private_10(addr) || |
2299 | ipv4_is_loopback(addr) || ipv4_is_linklocal_169(addr) || |
2300 | ipv4_is_private_172(addr) || ipv4_is_test_192(addr) || |
2301 | ipv4_is_anycast_6to4(addr) || ipv4_is_private_192(addr) || |
2302 | ipv4_is_test_198(addr) || ipv4_is_multicast(addr) || |
2303 | ipv4_is_lbcast(addr)) ? 0x00 : 0x02; |
2304 | eui[1] = 0; |
2305 | eui[2] = 0x5E; |
2306 | eui[3] = 0xFE; |
2307 | memcpy(eui + 4, &addr, 4); |
2308 | return 0; |
2309 | } |
2310 | |
2311 | static int addrconf_ifid_sit(u8 *eui, struct net_device *dev) |
2312 | { |
2313 | if (dev->priv_flags & IFF_ISATAP) |
2314 | return __ipv6_isatap_ifid(eui, addr: *(__be32 *)dev->dev_addr); |
2315 | return -1; |
2316 | } |
2317 | |
2318 | static int addrconf_ifid_gre(u8 *eui, struct net_device *dev) |
2319 | { |
2320 | return __ipv6_isatap_ifid(eui, addr: *(__be32 *)dev->dev_addr); |
2321 | } |
2322 | |
2323 | static int addrconf_ifid_ip6tnl(u8 *eui, struct net_device *dev) |
2324 | { |
2325 | memcpy(eui, dev->perm_addr, 3); |
2326 | memcpy(eui + 5, dev->perm_addr + 3, 3); |
2327 | eui[3] = 0xFF; |
2328 | eui[4] = 0xFE; |
2329 | eui[0] ^= 2; |
2330 | return 0; |
2331 | } |
2332 | |
2333 | static int ipv6_generate_eui64(u8 *eui, struct net_device *dev) |
2334 | { |
2335 | switch (dev->type) { |
2336 | case ARPHRD_ETHER: |
2337 | case ARPHRD_FDDI: |
2338 | return addrconf_ifid_eui48(eui, dev); |
2339 | case ARPHRD_ARCNET: |
2340 | return addrconf_ifid_arcnet(eui, dev); |
2341 | case ARPHRD_INFINIBAND: |
2342 | return addrconf_ifid_infiniband(eui, dev); |
2343 | case ARPHRD_SIT: |
2344 | return addrconf_ifid_sit(eui, dev); |
2345 | case ARPHRD_IPGRE: |
2346 | case ARPHRD_TUNNEL: |
2347 | return addrconf_ifid_gre(eui, dev); |
2348 | case ARPHRD_6LOWPAN: |
2349 | return addrconf_ifid_6lowpan(eui, dev); |
2350 | case ARPHRD_IEEE1394: |
2351 | return addrconf_ifid_ieee1394(eui, dev); |
2352 | case ARPHRD_TUNNEL6: |
2353 | case ARPHRD_IP6GRE: |
2354 | case ARPHRD_RAWIP: |
2355 | return addrconf_ifid_ip6tnl(eui, dev); |
2356 | } |
2357 | return -1; |
2358 | } |
2359 | |
2360 | static int ipv6_inherit_eui64(u8 *eui, struct inet6_dev *idev) |
2361 | { |
2362 | int err = -1; |
2363 | struct inet6_ifaddr *ifp; |
2364 | |
2365 | read_lock_bh(&idev->lock); |
2366 | list_for_each_entry_reverse(ifp, &idev->addr_list, if_list) { |
2367 | if (ifp->scope > IFA_LINK) |
2368 | break; |
2369 | if (ifp->scope == IFA_LINK && !(ifp->flags&IFA_F_TENTATIVE)) { |
2370 | memcpy(eui, ifp->addr.s6_addr+8, 8); |
2371 | err = 0; |
2372 | break; |
2373 | } |
2374 | } |
2375 | read_unlock_bh(&idev->lock); |
2376 | return err; |
2377 | } |
2378 | |
2379 | /* Generation of a randomized Interface Identifier |
2380 | * draft-ietf-6man-rfc4941bis, Section 3.3.1 |
2381 | */ |
2382 | |
2383 | static void ipv6_gen_rnd_iid(struct in6_addr *addr) |
2384 | { |
2385 | regen: |
2386 | get_random_bytes(buf: &addr->s6_addr[8], len: 8); |
2387 | |
2388 | /* <draft-ietf-6man-rfc4941bis-08.txt>, Section 3.3.1: |
2389 | * check if generated address is not inappropriate: |
2390 | * |
2391 | * - Reserved IPv6 Interface Identifiers |
2392 | * - XXX: already assigned to an address on the device |
2393 | */ |
2394 | |
2395 | /* Subnet-router anycast: 0000:0000:0000:0000 */ |
2396 | if (!(addr->s6_addr32[2] | addr->s6_addr32[3])) |
2397 | goto regen; |
2398 | |
2399 | /* IANA Ethernet block: 0200:5EFF:FE00:0000-0200:5EFF:FE00:5212 |
2400 | * Proxy Mobile IPv6: 0200:5EFF:FE00:5213 |
2401 | * IANA Ethernet block: 0200:5EFF:FE00:5214-0200:5EFF:FEFF:FFFF |
2402 | */ |
2403 | if (ntohl(addr->s6_addr32[2]) == 0x02005eff && |
2404 | (ntohl(addr->s6_addr32[3]) & 0Xff000000) == 0xfe000000) |
2405 | goto regen; |
2406 | |
2407 | /* Reserved subnet anycast addresses */ |
2408 | if (ntohl(addr->s6_addr32[2]) == 0xfdffffff && |
2409 | ntohl(addr->s6_addr32[3]) >= 0Xffffff80) |
2410 | goto regen; |
2411 | } |
2412 | |
2413 | /* |
2414 | * Add prefix route. |
2415 | */ |
2416 | |
2417 | static void |
2418 | addrconf_prefix_route(struct in6_addr *pfx, int plen, u32 metric, |
2419 | struct net_device *dev, unsigned long expires, |
2420 | u32 flags, gfp_t gfp_flags) |
2421 | { |
2422 | struct fib6_config cfg = { |
2423 | .fc_table = l3mdev_fib_table(dev) ? : RT6_TABLE_PREFIX, |
2424 | .fc_metric = metric ? : IP6_RT_PRIO_ADDRCONF, |
2425 | .fc_ifindex = dev->ifindex, |
2426 | .fc_expires = expires, |
2427 | .fc_dst_len = plen, |
2428 | .fc_flags = RTF_UP | flags, |
2429 | .fc_nlinfo.nl_net = dev_net(dev), |
2430 | .fc_protocol = RTPROT_KERNEL, |
2431 | .fc_type = RTN_UNICAST, |
2432 | }; |
2433 | |
2434 | cfg.fc_dst = *pfx; |
2435 | |
2436 | /* Prevent useless cloning on PtP SIT. |
2437 | This thing is done here expecting that the whole |
2438 | class of non-broadcast devices need not cloning. |
2439 | */ |
2440 | #if IS_ENABLED(CONFIG_IPV6_SIT) |
2441 | if (dev->type == ARPHRD_SIT && (dev->flags & IFF_POINTOPOINT)) |
2442 | cfg.fc_flags |= RTF_NONEXTHOP; |
2443 | #endif |
2444 | |
2445 | ip6_route_add(cfg: &cfg, gfp_flags, NULL); |
2446 | } |
2447 | |
2448 | |
2449 | static struct fib6_info *addrconf_get_prefix_route(const struct in6_addr *pfx, |
2450 | int plen, |
2451 | const struct net_device *dev, |
2452 | u32 flags, u32 noflags, |
2453 | bool no_gw) |
2454 | { |
2455 | struct fib6_node *fn; |
2456 | struct fib6_info *rt = NULL; |
2457 | struct fib6_table *table; |
2458 | u32 tb_id = l3mdev_fib_table(dev) ? : RT6_TABLE_PREFIX; |
2459 | |
2460 | table = fib6_get_table(net: dev_net(dev), id: tb_id); |
2461 | if (!table) |
2462 | return NULL; |
2463 | |
2464 | rcu_read_lock(); |
2465 | fn = fib6_locate(root: &table->tb6_root, daddr: pfx, dst_len: plen, NULL, src_len: 0, exact_match: true); |
2466 | if (!fn) |
2467 | goto out; |
2468 | |
2469 | for_each_fib6_node_rt_rcu(fn) { |
2470 | /* prefix routes only use builtin fib6_nh */ |
2471 | if (rt->nh) |
2472 | continue; |
2473 | |
2474 | if (rt->fib6_nh->fib_nh_dev->ifindex != dev->ifindex) |
2475 | continue; |
2476 | if (no_gw && rt->fib6_nh->fib_nh_gw_family) |
2477 | continue; |
2478 | if ((rt->fib6_flags & flags) != flags) |
2479 | continue; |
2480 | if ((rt->fib6_flags & noflags) != 0) |
2481 | continue; |
2482 | if (!fib6_info_hold_safe(f6i: rt)) |
2483 | continue; |
2484 | break; |
2485 | } |
2486 | out: |
2487 | rcu_read_unlock(); |
2488 | return rt; |
2489 | } |
2490 | |
2491 | |
2492 | /* Create "default" multicast route to the interface */ |
2493 | |
2494 | static void addrconf_add_mroute(struct net_device *dev) |
2495 | { |
2496 | struct fib6_config cfg = { |
2497 | .fc_table = l3mdev_fib_table(dev) ? : RT6_TABLE_LOCAL, |
2498 | .fc_metric = IP6_RT_PRIO_ADDRCONF, |
2499 | .fc_ifindex = dev->ifindex, |
2500 | .fc_dst_len = 8, |
2501 | .fc_flags = RTF_UP, |
2502 | .fc_type = RTN_MULTICAST, |
2503 | .fc_nlinfo.nl_net = dev_net(dev), |
2504 | .fc_protocol = RTPROT_KERNEL, |
2505 | }; |
2506 | |
2507 | ipv6_addr_set(addr: &cfg.fc_dst, htonl(0xFF000000), w2: 0, w3: 0, w4: 0); |
2508 | |
2509 | ip6_route_add(cfg: &cfg, GFP_KERNEL, NULL); |
2510 | } |
2511 | |
2512 | static struct inet6_dev *addrconf_add_dev(struct net_device *dev) |
2513 | { |
2514 | struct inet6_dev *idev; |
2515 | |
2516 | ASSERT_RTNL(); |
2517 | |
2518 | idev = ipv6_find_idev(dev); |
2519 | if (IS_ERR(ptr: idev)) |
2520 | return idev; |
2521 | |
2522 | if (idev->cnf.disable_ipv6) |
2523 | return ERR_PTR(error: -EACCES); |
2524 | |
2525 | /* Add default multicast route */ |
2526 | if (!(dev->flags & IFF_LOOPBACK) && !netif_is_l3_master(dev)) |
2527 | addrconf_add_mroute(dev); |
2528 | |
2529 | return idev; |
2530 | } |
2531 | |
2532 | static void manage_tempaddrs(struct inet6_dev *idev, |
2533 | struct inet6_ifaddr *ifp, |
2534 | __u32 valid_lft, __u32 prefered_lft, |
2535 | bool create, unsigned long now) |
2536 | { |
2537 | u32 flags; |
2538 | struct inet6_ifaddr *ift; |
2539 | |
2540 | read_lock_bh(&idev->lock); |
2541 | /* update all temporary addresses in the list */ |
2542 | list_for_each_entry(ift, &idev->tempaddr_list, tmp_list) { |
2543 | int age, max_valid, max_prefered; |
2544 | |
2545 | if (ifp != ift->ifpub) |
2546 | continue; |
2547 | |
2548 | /* RFC 4941 section 3.3: |
2549 | * If a received option will extend the lifetime of a public |
2550 | * address, the lifetimes of temporary addresses should |
2551 | * be extended, subject to the overall constraint that no |
2552 | * temporary addresses should ever remain "valid" or "preferred" |
2553 | * for a time longer than (TEMP_VALID_LIFETIME) or |
2554 | * (TEMP_PREFERRED_LIFETIME - DESYNC_FACTOR), respectively. |
2555 | */ |
2556 | age = (now - ift->cstamp) / HZ; |
2557 | max_valid = idev->cnf.temp_valid_lft - age; |
2558 | if (max_valid < 0) |
2559 | max_valid = 0; |
2560 | |
2561 | max_prefered = idev->cnf.temp_prefered_lft - |
2562 | idev->desync_factor - age; |
2563 | if (max_prefered < 0) |
2564 | max_prefered = 0; |
2565 | |
2566 | if (valid_lft > max_valid) |
2567 | valid_lft = max_valid; |
2568 | |
2569 | if (prefered_lft > max_prefered) |
2570 | prefered_lft = max_prefered; |
2571 | |
2572 | spin_lock(lock: &ift->lock); |
2573 | flags = ift->flags; |
2574 | ift->valid_lft = valid_lft; |
2575 | ift->prefered_lft = prefered_lft; |
2576 | ift->tstamp = now; |
2577 | if (prefered_lft > 0) |
2578 | ift->flags &= ~IFA_F_DEPRECATED; |
2579 | |
2580 | spin_unlock(lock: &ift->lock); |
2581 | if (!(flags&IFA_F_TENTATIVE)) |
2582 | ipv6_ifa_notify(event: 0, ifa: ift); |
2583 | } |
2584 | |
2585 | /* Also create a temporary address if it's enabled but no temporary |
2586 | * address currently exists. |
2587 | * However, we get called with valid_lft == 0, prefered_lft == 0, create == false |
2588 | * as part of cleanup (ie. deleting the mngtmpaddr). |
2589 | * We don't want that to result in creating a new temporary ip address. |
2590 | */ |
2591 | if (list_empty(head: &idev->tempaddr_list) && (valid_lft || prefered_lft)) |
2592 | create = true; |
2593 | |
2594 | if (create && idev->cnf.use_tempaddr > 0) { |
2595 | /* When a new public address is created as described |
2596 | * in [ADDRCONF], also create a new temporary address. |
2597 | */ |
2598 | read_unlock_bh(&idev->lock); |
2599 | ipv6_create_tempaddr(ifp, block: false); |
2600 | } else { |
2601 | read_unlock_bh(&idev->lock); |
2602 | } |
2603 | } |
2604 | |
2605 | static bool is_addr_mode_generate_stable(struct inet6_dev *idev) |
2606 | { |
2607 | return idev->cnf.addr_gen_mode == IN6_ADDR_GEN_MODE_STABLE_PRIVACY || |
2608 | idev->cnf.addr_gen_mode == IN6_ADDR_GEN_MODE_RANDOM; |
2609 | } |
2610 | |
2611 | int addrconf_prefix_rcv_add_addr(struct net *net, struct net_device *dev, |
2612 | const struct prefix_info *pinfo, |
2613 | struct inet6_dev *in6_dev, |
2614 | const struct in6_addr *addr, int addr_type, |
2615 | u32 addr_flags, bool sllao, bool tokenized, |
2616 | __u32 valid_lft, u32 prefered_lft) |
2617 | { |
2618 | struct inet6_ifaddr *ifp = ipv6_get_ifaddr(net, addr, dev, strict: 1); |
2619 | int create = 0, update_lft = 0; |
2620 | |
2621 | if (!ifp && valid_lft) { |
2622 | int max_addresses = in6_dev->cnf.max_addresses; |
2623 | struct ifa6_config cfg = { |
2624 | .pfx = addr, |
2625 | .plen = pinfo->prefix_len, |
2626 | .ifa_flags = addr_flags, |
2627 | .valid_lft = valid_lft, |
2628 | .preferred_lft = prefered_lft, |
2629 | .scope = addr_type & IPV6_ADDR_SCOPE_MASK, |
2630 | .ifa_proto = IFAPROT_KERNEL_RA |
2631 | }; |
2632 | |
2633 | #ifdef CONFIG_IPV6_OPTIMISTIC_DAD |
2634 | if ((net->ipv6.devconf_all->optimistic_dad || |
2635 | in6_dev->cnf.optimistic_dad) && |
2636 | !net->ipv6.devconf_all->forwarding && sllao) |
2637 | cfg.ifa_flags |= IFA_F_OPTIMISTIC; |
2638 | #endif |
2639 | |
2640 | /* Do not allow to create too much of autoconfigured |
2641 | * addresses; this would be too easy way to crash kernel. |
2642 | */ |
2643 | if (!max_addresses || |
2644 | ipv6_count_addresses(idev: in6_dev) < max_addresses) |
2645 | ifp = ipv6_add_addr(idev: in6_dev, cfg: &cfg, can_block: false, NULL); |
2646 | |
2647 | if (IS_ERR_OR_NULL(ptr: ifp)) |
2648 | return -1; |
2649 | |
2650 | create = 1; |
2651 | spin_lock_bh(lock: &ifp->lock); |
2652 | ifp->flags |= IFA_F_MANAGETEMPADDR; |
2653 | ifp->cstamp = jiffies; |
2654 | ifp->tokenized = tokenized; |
2655 | spin_unlock_bh(lock: &ifp->lock); |
2656 | addrconf_dad_start(ifp); |
2657 | } |
2658 | |
2659 | if (ifp) { |
2660 | u32 flags; |
2661 | unsigned long now; |
2662 | u32 stored_lft; |
2663 | |
2664 | /* update lifetime (RFC2462 5.5.3 e) */ |
2665 | spin_lock_bh(lock: &ifp->lock); |
2666 | now = jiffies; |
2667 | if (ifp->valid_lft > (now - ifp->tstamp) / HZ) |
2668 | stored_lft = ifp->valid_lft - (now - ifp->tstamp) / HZ; |
2669 | else |
2670 | stored_lft = 0; |
2671 | |
2672 | /* RFC4862 Section 5.5.3e: |
2673 | * "Note that the preferred lifetime of the |
2674 | * corresponding address is always reset to |
2675 | * the Preferred Lifetime in the received |
2676 | * Prefix Information option, regardless of |
2677 | * whether the valid lifetime is also reset or |
2678 | * ignored." |
2679 | * |
2680 | * So we should always update prefered_lft here. |
2681 | */ |
2682 | update_lft = !create && stored_lft; |
2683 | |
2684 | if (update_lft && !in6_dev->cnf.ra_honor_pio_life) { |
2685 | const u32 minimum_lft = min_t(u32, |
2686 | stored_lft, MIN_VALID_LIFETIME); |
2687 | valid_lft = max(valid_lft, minimum_lft); |
2688 | } |
2689 | |
2690 | if (update_lft) { |
2691 | ifp->valid_lft = valid_lft; |
2692 | ifp->prefered_lft = prefered_lft; |
2693 | ifp->tstamp = now; |
2694 | flags = ifp->flags; |
2695 | ifp->flags &= ~IFA_F_DEPRECATED; |
2696 | spin_unlock_bh(lock: &ifp->lock); |
2697 | |
2698 | if (!(flags&IFA_F_TENTATIVE)) |
2699 | ipv6_ifa_notify(event: 0, ifa: ifp); |
2700 | } else |
2701 | spin_unlock_bh(lock: &ifp->lock); |
2702 | |
2703 | manage_tempaddrs(idev: in6_dev, ifp, valid_lft, prefered_lft, |
2704 | create, now); |
2705 | |
2706 | in6_ifa_put(ifp); |
2707 | addrconf_verify(net); |
2708 | } |
2709 | |
2710 | return 0; |
2711 | } |
2712 | EXPORT_SYMBOL_GPL(addrconf_prefix_rcv_add_addr); |
2713 | |
2714 | void addrconf_prefix_rcv(struct net_device *dev, u8 *opt, int len, bool sllao) |
2715 | { |
2716 | struct prefix_info *pinfo; |
2717 | __u32 valid_lft; |
2718 | __u32 prefered_lft; |
2719 | int addr_type, err; |
2720 | u32 addr_flags = 0; |
2721 | struct inet6_dev *in6_dev; |
2722 | struct net *net = dev_net(dev); |
2723 | |
2724 | pinfo = (struct prefix_info *) opt; |
2725 | |
2726 | if (len < sizeof(struct prefix_info)) { |
2727 | netdev_dbg(dev, "addrconf: prefix option too short\n" ); |
2728 | return; |
2729 | } |
2730 | |
2731 | /* |
2732 | * Validation checks ([ADDRCONF], page 19) |
2733 | */ |
2734 | |
2735 | addr_type = ipv6_addr_type(addr: &pinfo->prefix); |
2736 | |
2737 | if (addr_type & (IPV6_ADDR_MULTICAST|IPV6_ADDR_LINKLOCAL)) |
2738 | return; |
2739 | |
2740 | valid_lft = ntohl(pinfo->valid); |
2741 | prefered_lft = ntohl(pinfo->prefered); |
2742 | |
2743 | if (prefered_lft > valid_lft) { |
2744 | net_warn_ratelimited("addrconf: prefix option has invalid lifetime\n" ); |
2745 | return; |
2746 | } |
2747 | |
2748 | in6_dev = in6_dev_get(dev); |
2749 | |
2750 | if (!in6_dev) { |
2751 | net_dbg_ratelimited("addrconf: device %s not configured\n" , |
2752 | dev->name); |
2753 | return; |
2754 | } |
2755 | |
2756 | if (valid_lft != 0 && valid_lft < in6_dev->cnf.accept_ra_min_lft) |
2757 | goto put; |
2758 | |
2759 | /* |
2760 | * Two things going on here: |
2761 | * 1) Add routes for on-link prefixes |
2762 | * 2) Configure prefixes with the auto flag set |
2763 | */ |
2764 | |
2765 | if (pinfo->onlink) { |
2766 | struct fib6_info *rt; |
2767 | unsigned long rt_expires; |
2768 | |
2769 | /* Avoid arithmetic overflow. Really, we could |
2770 | * save rt_expires in seconds, likely valid_lft, |
2771 | * but it would require division in fib gc, that it |
2772 | * not good. |
2773 | */ |
2774 | if (HZ > USER_HZ) |
2775 | rt_expires = addrconf_timeout_fixup(timeout: valid_lft, HZ); |
2776 | else |
2777 | rt_expires = addrconf_timeout_fixup(timeout: valid_lft, USER_HZ); |
2778 | |
2779 | if (addrconf_finite_timeout(timeout: rt_expires)) |
2780 | rt_expires *= HZ; |
2781 | |
2782 | rt = addrconf_get_prefix_route(pfx: &pinfo->prefix, |
2783 | plen: pinfo->prefix_len, |
2784 | dev, |
2785 | RTF_ADDRCONF | RTF_PREFIX_RT, |
2786 | RTF_DEFAULT, no_gw: true); |
2787 | |
2788 | if (rt) { |
2789 | /* Autoconf prefix route */ |
2790 | if (valid_lft == 0) { |
2791 | ip6_del_rt(net, f6i: rt, skip_notify: false); |
2792 | rt = NULL; |
2793 | } else if (addrconf_finite_timeout(timeout: rt_expires)) { |
2794 | /* not infinity */ |
2795 | fib6_set_expires(f6i: rt, expires: jiffies + rt_expires); |
2796 | } else { |
2797 | fib6_clean_expires(f6i: rt); |
2798 | } |
2799 | } else if (valid_lft) { |
2800 | clock_t expires = 0; |
2801 | int flags = RTF_ADDRCONF | RTF_PREFIX_RT; |
2802 | if (addrconf_finite_timeout(timeout: rt_expires)) { |
2803 | /* not infinity */ |
2804 | flags |= RTF_EXPIRES; |
2805 | expires = jiffies_to_clock_t(x: rt_expires); |
2806 | } |
2807 | addrconf_prefix_route(pfx: &pinfo->prefix, plen: pinfo->prefix_len, |
2808 | metric: 0, dev, expires, flags, |
2809 | GFP_ATOMIC); |
2810 | } |
2811 | fib6_info_release(f6i: rt); |
2812 | } |
2813 | |
2814 | /* Try to figure out our local address for this prefix */ |
2815 | |
2816 | if (pinfo->autoconf && in6_dev->cnf.autoconf) { |
2817 | struct in6_addr addr; |
2818 | bool tokenized = false, dev_addr_generated = false; |
2819 | |
2820 | if (pinfo->prefix_len == 64) { |
2821 | memcpy(&addr, &pinfo->prefix, 8); |
2822 | |
2823 | if (!ipv6_addr_any(a: &in6_dev->token)) { |
2824 | read_lock_bh(&in6_dev->lock); |
2825 | memcpy(addr.s6_addr + 8, |
2826 | in6_dev->token.s6_addr + 8, 8); |
2827 | read_unlock_bh(&in6_dev->lock); |
2828 | tokenized = true; |
2829 | } else if (is_addr_mode_generate_stable(idev: in6_dev) && |
2830 | !ipv6_generate_stable_address(addr: &addr, dad_count: 0, |
2831 | idev: in6_dev)) { |
2832 | addr_flags |= IFA_F_STABLE_PRIVACY; |
2833 | goto ok; |
2834 | } else if (ipv6_generate_eui64(eui: addr.s6_addr + 8, dev) && |
2835 | ipv6_inherit_eui64(eui: addr.s6_addr + 8, idev: in6_dev)) { |
2836 | goto put; |
2837 | } else { |
2838 | dev_addr_generated = true; |
2839 | } |
2840 | goto ok; |
2841 | } |
2842 | net_dbg_ratelimited("IPv6 addrconf: prefix with wrong length %d\n" , |
2843 | pinfo->prefix_len); |
2844 | goto put; |
2845 | |
2846 | ok: |
2847 | err = addrconf_prefix_rcv_add_addr(net, dev, pinfo, in6_dev, |
2848 | &addr, addr_type, |
2849 | addr_flags, sllao, |
2850 | tokenized, valid_lft, |
2851 | prefered_lft); |
2852 | if (err) |
2853 | goto put; |
2854 | |
2855 | /* Ignore error case here because previous prefix add addr was |
2856 | * successful which will be notified. |
2857 | */ |
2858 | ndisc_ops_prefix_rcv_add_addr(net, dev, pinfo, in6_dev, addr: &addr, |
2859 | addr_type, addr_flags, sllao, |
2860 | tokenized, valid_lft, |
2861 | prefered_lft, |
2862 | dev_addr_generated); |
2863 | } |
2864 | inet6_prefix_notify(RTM_NEWPREFIX, idev: in6_dev, pinfo); |
2865 | put: |
2866 | in6_dev_put(idev: in6_dev); |
2867 | } |
2868 | |
2869 | static int addrconf_set_sit_dstaddr(struct net *net, struct net_device *dev, |
2870 | struct in6_ifreq *ireq) |
2871 | { |
2872 | struct ip_tunnel_parm p = { }; |
2873 | int err; |
2874 | |
2875 | if (!(ipv6_addr_type(addr: &ireq->ifr6_addr) & IPV6_ADDR_COMPATv4)) |
2876 | return -EADDRNOTAVAIL; |
2877 | |
2878 | p.iph.daddr = ireq->ifr6_addr.s6_addr32[3]; |
2879 | p.iph.version = 4; |
2880 | p.iph.ihl = 5; |
2881 | p.iph.protocol = IPPROTO_IPV6; |
2882 | p.iph.ttl = 64; |
2883 | |
2884 | if (!dev->netdev_ops->ndo_tunnel_ctl) |
2885 | return -EOPNOTSUPP; |
2886 | err = dev->netdev_ops->ndo_tunnel_ctl(dev, &p, SIOCADDTUNNEL); |
2887 | if (err) |
2888 | return err; |
2889 | |
2890 | dev = __dev_get_by_name(net, name: p.name); |
2891 | if (!dev) |
2892 | return -ENOBUFS; |
2893 | return dev_open(dev, NULL); |
2894 | } |
2895 | |
2896 | /* |
2897 | * Set destination address. |
2898 | * Special case for SIT interfaces where we create a new "virtual" |
2899 | * device. |
2900 | */ |
2901 | int addrconf_set_dstaddr(struct net *net, void __user *arg) |
2902 | { |
2903 | struct net_device *dev; |
2904 | struct in6_ifreq ireq; |
2905 | int err = -ENODEV; |
2906 | |
2907 | if (!IS_ENABLED(CONFIG_IPV6_SIT)) |
2908 | return -ENODEV; |
2909 | if (copy_from_user(to: &ireq, from: arg, n: sizeof(struct in6_ifreq))) |
2910 | return -EFAULT; |
2911 | |
2912 | rtnl_lock(); |
2913 | dev = __dev_get_by_index(net, ifindex: ireq.ifr6_ifindex); |
2914 | if (dev && dev->type == ARPHRD_SIT) |
2915 | err = addrconf_set_sit_dstaddr(net, dev, ireq: &ireq); |
2916 | rtnl_unlock(); |
2917 | return err; |
2918 | } |
2919 | |
2920 | static int ipv6_mc_config(struct sock *sk, bool join, |
2921 | const struct in6_addr *addr, int ifindex) |
2922 | { |
2923 | int ret; |
2924 | |
2925 | ASSERT_RTNL(); |
2926 | |
2927 | lock_sock(sk); |
2928 | if (join) |
2929 | ret = ipv6_sock_mc_join(sk, ifindex, addr); |
2930 | else |
2931 | ret = ipv6_sock_mc_drop(sk, ifindex, addr); |
2932 | release_sock(sk); |
2933 | |
2934 | return ret; |
2935 | } |
2936 | |
2937 | /* |
2938 | * Manual configuration of address on an interface |
2939 | */ |
2940 | static int inet6_addr_add(struct net *net, int ifindex, |
2941 | struct ifa6_config *cfg, |
2942 | struct netlink_ext_ack *extack) |
2943 | { |
2944 | struct inet6_ifaddr *ifp; |
2945 | struct inet6_dev *idev; |
2946 | struct net_device *dev; |
2947 | unsigned long timeout; |
2948 | clock_t expires; |
2949 | u32 flags; |
2950 | |
2951 | ASSERT_RTNL(); |
2952 | |
2953 | if (cfg->plen > 128) { |
2954 | NL_SET_ERR_MSG_MOD(extack, "Invalid prefix length" ); |
2955 | return -EINVAL; |
2956 | } |
2957 | |
2958 | /* check the lifetime */ |
2959 | if (!cfg->valid_lft || cfg->preferred_lft > cfg->valid_lft) { |
2960 | NL_SET_ERR_MSG_MOD(extack, "address lifetime invalid" ); |
2961 | return -EINVAL; |
2962 | } |
2963 | |
2964 | if (cfg->ifa_flags & IFA_F_MANAGETEMPADDR && cfg->plen != 64) { |
2965 | NL_SET_ERR_MSG_MOD(extack, "address with \"mngtmpaddr\" flag must have a prefix length of 64" ); |
2966 | return -EINVAL; |
2967 | } |
2968 | |
2969 | dev = __dev_get_by_index(net, ifindex); |
2970 | if (!dev) |
2971 | return -ENODEV; |
2972 | |
2973 | idev = addrconf_add_dev(dev); |
2974 | if (IS_ERR(ptr: idev)) { |
2975 | NL_SET_ERR_MSG_MOD(extack, "IPv6 is disabled on this device" ); |
2976 | return PTR_ERR(ptr: idev); |
2977 | } |
2978 | |
2979 | if (cfg->ifa_flags & IFA_F_MCAUTOJOIN) { |
2980 | int ret = ipv6_mc_config(sk: net->ipv6.mc_autojoin_sk, |
2981 | join: true, addr: cfg->pfx, ifindex); |
2982 | |
2983 | if (ret < 0) { |
2984 | NL_SET_ERR_MSG_MOD(extack, "Multicast auto join failed" ); |
2985 | return ret; |
2986 | } |
2987 | } |
2988 | |
2989 | cfg->scope = ipv6_addr_scope(addr: cfg->pfx); |
2990 | |
2991 | timeout = addrconf_timeout_fixup(timeout: cfg->valid_lft, HZ); |
2992 | if (addrconf_finite_timeout(timeout)) { |
2993 | expires = jiffies_to_clock_t(x: timeout * HZ); |
2994 | cfg->valid_lft = timeout; |
2995 | flags = RTF_EXPIRES; |
2996 | } else { |
2997 | expires = 0; |
2998 | flags = 0; |
2999 | cfg->ifa_flags |= IFA_F_PERMANENT; |
3000 | } |
3001 | |
3002 | timeout = addrconf_timeout_fixup(timeout: cfg->preferred_lft, HZ); |
3003 | if (addrconf_finite_timeout(timeout)) { |
3004 | if (timeout == 0) |
3005 | cfg->ifa_flags |= IFA_F_DEPRECATED; |
3006 | cfg->preferred_lft = timeout; |
3007 | } |
3008 | |
3009 | ifp = ipv6_add_addr(idev, cfg, can_block: true, extack); |
3010 | if (!IS_ERR(ptr: ifp)) { |
3011 | if (!(cfg->ifa_flags & IFA_F_NOPREFIXROUTE)) { |
3012 | addrconf_prefix_route(pfx: &ifp->addr, plen: ifp->prefix_len, |
3013 | metric: ifp->rt_priority, dev, expires, |
3014 | flags, GFP_KERNEL); |
3015 | } |
3016 | |
3017 | /* Send a netlink notification if DAD is enabled and |
3018 | * optimistic flag is not set |
3019 | */ |
3020 | if (!(ifp->flags & (IFA_F_OPTIMISTIC | IFA_F_NODAD))) |
3021 | ipv6_ifa_notify(event: 0, ifa: ifp); |
3022 | /* |
3023 | * Note that section 3.1 of RFC 4429 indicates |
3024 | * that the Optimistic flag should not be set for |
3025 | * manually configured addresses |
3026 | */ |
3027 | addrconf_dad_start(ifp); |
3028 | if (cfg->ifa_flags & IFA_F_MANAGETEMPADDR) |
3029 | manage_tempaddrs(idev, ifp, valid_lft: cfg->valid_lft, |
3030 | prefered_lft: cfg->preferred_lft, create: true, now: jiffies); |
3031 | in6_ifa_put(ifp); |
3032 | addrconf_verify_rtnl(net); |
3033 | return 0; |
3034 | } else if (cfg->ifa_flags & IFA_F_MCAUTOJOIN) { |
3035 | ipv6_mc_config(sk: net->ipv6.mc_autojoin_sk, join: false, |
3036 | addr: cfg->pfx, ifindex); |
3037 | } |
3038 | |
3039 | return PTR_ERR(ptr: ifp); |
3040 | } |
3041 | |
3042 | static int inet6_addr_del(struct net *net, int ifindex, u32 ifa_flags, |
3043 | const struct in6_addr *pfx, unsigned int plen, |
3044 | struct netlink_ext_ack *extack) |
3045 | { |
3046 | struct inet6_ifaddr *ifp; |
3047 | struct inet6_dev *idev; |
3048 | struct net_device *dev; |
3049 | |
3050 | if (plen > 128) { |
3051 | NL_SET_ERR_MSG_MOD(extack, "Invalid prefix length" ); |
3052 | return -EINVAL; |
3053 | } |
3054 | |
3055 | dev = __dev_get_by_index(net, ifindex); |
3056 | if (!dev) { |
3057 | NL_SET_ERR_MSG_MOD(extack, "Unable to find the interface" ); |
3058 | return -ENODEV; |
3059 | } |
3060 | |
3061 | idev = __in6_dev_get(dev); |
3062 | if (!idev) { |
3063 | NL_SET_ERR_MSG_MOD(extack, "IPv6 is disabled on this device" ); |
3064 | return -ENXIO; |
3065 | } |
3066 | |
3067 | read_lock_bh(&idev->lock); |
3068 | list_for_each_entry(ifp, &idev->addr_list, if_list) { |
3069 | if (ifp->prefix_len == plen && |
3070 | ipv6_addr_equal(a1: pfx, a2: &ifp->addr)) { |
3071 | in6_ifa_hold(ifp); |
3072 | read_unlock_bh(&idev->lock); |
3073 | |
3074 | if (!(ifp->flags & IFA_F_TEMPORARY) && |
3075 | (ifa_flags & IFA_F_MANAGETEMPADDR)) |
3076 | manage_tempaddrs(idev, ifp, valid_lft: 0, prefered_lft: 0, create: false, |
3077 | now: jiffies); |
3078 | ipv6_del_addr(ifp); |
3079 | addrconf_verify_rtnl(net); |
3080 | if (ipv6_addr_is_multicast(addr: pfx)) { |
3081 | ipv6_mc_config(sk: net->ipv6.mc_autojoin_sk, |
3082 | join: false, addr: pfx, ifindex: dev->ifindex); |
3083 | } |
3084 | return 0; |
3085 | } |
3086 | } |
3087 | read_unlock_bh(&idev->lock); |
3088 | |
3089 | NL_SET_ERR_MSG_MOD(extack, "address not found" ); |
3090 | return -EADDRNOTAVAIL; |
3091 | } |
3092 | |
3093 | |
3094 | int addrconf_add_ifaddr(struct net *net, void __user *arg) |
3095 | { |
3096 | struct ifa6_config cfg = { |
3097 | .ifa_flags = IFA_F_PERMANENT, |
3098 | .preferred_lft = INFINITY_LIFE_TIME, |
3099 | .valid_lft = INFINITY_LIFE_TIME, |
3100 | }; |
3101 | struct in6_ifreq ireq; |
3102 | int err; |
3103 | |
3104 | if (!ns_capable(ns: net->user_ns, CAP_NET_ADMIN)) |
3105 | return -EPERM; |
3106 | |
3107 | if (copy_from_user(to: &ireq, from: arg, n: sizeof(struct in6_ifreq))) |
3108 | return -EFAULT; |
3109 | |
3110 | cfg.pfx = &ireq.ifr6_addr; |
3111 | cfg.plen = ireq.ifr6_prefixlen; |
3112 | |
3113 | rtnl_lock(); |
3114 | err = inet6_addr_add(net, ifindex: ireq.ifr6_ifindex, cfg: &cfg, NULL); |
3115 | rtnl_unlock(); |
3116 | return err; |
3117 | } |
3118 | |
3119 | int addrconf_del_ifaddr(struct net *net, void __user *arg) |
3120 | { |
3121 | struct in6_ifreq ireq; |
3122 | int err; |
3123 | |
3124 | if (!ns_capable(ns: net->user_ns, CAP_NET_ADMIN)) |
3125 | return -EPERM; |
3126 | |
3127 | if (copy_from_user(to: &ireq, from: arg, n: sizeof(struct in6_ifreq))) |
3128 | return -EFAULT; |
3129 | |
3130 | rtnl_lock(); |
3131 | err = inet6_addr_del(net, ifindex: ireq.ifr6_ifindex, ifa_flags: 0, pfx: &ireq.ifr6_addr, |
3132 | plen: ireq.ifr6_prefixlen, NULL); |
3133 | rtnl_unlock(); |
3134 | return err; |
3135 | } |
3136 | |
3137 | static void add_addr(struct inet6_dev *idev, const struct in6_addr *addr, |
3138 | int plen, int scope, u8 proto) |
3139 | { |
3140 | struct inet6_ifaddr *ifp; |
3141 | struct ifa6_config cfg = { |
3142 | .pfx = addr, |
3143 | .plen = plen, |
3144 | .ifa_flags = IFA_F_PERMANENT, |
3145 | .valid_lft = INFINITY_LIFE_TIME, |
3146 | .preferred_lft = INFINITY_LIFE_TIME, |
3147 | .scope = scope, |
3148 | .ifa_proto = proto |
3149 | }; |
3150 | |
3151 | ifp = ipv6_add_addr(idev, cfg: &cfg, can_block: true, NULL); |
3152 | if (!IS_ERR(ptr: ifp)) { |
3153 | spin_lock_bh(lock: &ifp->lock); |
3154 | ifp->flags &= ~IFA_F_TENTATIVE; |
3155 | spin_unlock_bh(lock: &ifp->lock); |
3156 | rt_genid_bump_ipv6(net: dev_net(dev: idev->dev)); |
3157 | ipv6_ifa_notify(RTM_NEWADDR, ifa: ifp); |
3158 | in6_ifa_put(ifp); |
3159 | } |
3160 | } |
3161 | |
3162 | #if IS_ENABLED(CONFIG_IPV6_SIT) || IS_ENABLED(CONFIG_NET_IPGRE) || IS_ENABLED(CONFIG_IPV6_GRE) |
3163 | static void add_v4_addrs(struct inet6_dev *idev) |
3164 | { |
3165 | struct in6_addr addr; |
3166 | struct net_device *dev; |
3167 | struct net *net = dev_net(dev: idev->dev); |
3168 | int scope, plen, offset = 0; |
3169 | u32 pflags = 0; |
3170 | |
3171 | ASSERT_RTNL(); |
3172 | |
3173 | memset(&addr, 0, sizeof(struct in6_addr)); |
3174 | /* in case of IP6GRE the dev_addr is an IPv6 and therefore we use only the last 4 bytes */ |
3175 | if (idev->dev->addr_len == sizeof(struct in6_addr)) |
3176 | offset = sizeof(struct in6_addr) - 4; |
3177 | memcpy(&addr.s6_addr32[3], idev->dev->dev_addr + offset, 4); |
3178 | |
3179 | if (!(idev->dev->flags & IFF_POINTOPOINT) && idev->dev->type == ARPHRD_SIT) { |
3180 | scope = IPV6_ADDR_COMPATv4; |
3181 | plen = 96; |
3182 | pflags |= RTF_NONEXTHOP; |
3183 | } else { |
3184 | if (idev->cnf.addr_gen_mode == IN6_ADDR_GEN_MODE_NONE) |
3185 | return; |
3186 | |
3187 | addr.s6_addr32[0] = htonl(0xfe800000); |
3188 | scope = IFA_LINK; |
3189 | plen = 64; |
3190 | } |
3191 | |
3192 | if (addr.s6_addr32[3]) { |
3193 | add_addr(idev, addr: &addr, plen, scope, IFAPROT_UNSPEC); |
3194 | addrconf_prefix_route(pfx: &addr, plen, metric: 0, dev: idev->dev, expires: 0, flags: pflags, |
3195 | GFP_KERNEL); |
3196 | return; |
3197 | } |
3198 | |
3199 | for_each_netdev(net, dev) { |
3200 | struct in_device *in_dev = __in_dev_get_rtnl(dev); |
3201 | if (in_dev && (dev->flags & IFF_UP)) { |
3202 | struct in_ifaddr *ifa; |
3203 | int flag = scope; |
3204 | |
3205 | in_dev_for_each_ifa_rtnl(ifa, in_dev) { |
3206 | addr.s6_addr32[3] = ifa->ifa_local; |
3207 | |
3208 | if (ifa->ifa_scope == RT_SCOPE_LINK) |
3209 | continue; |
3210 | if (ifa->ifa_scope >= RT_SCOPE_HOST) { |
3211 | if (idev->dev->flags&IFF_POINTOPOINT) |
3212 | continue; |
3213 | flag |= IFA_HOST; |
3214 | } |
3215 | |
3216 | add_addr(idev, addr: &addr, plen, scope: flag, |
3217 | IFAPROT_UNSPEC); |
3218 | addrconf_prefix_route(pfx: &addr, plen, metric: 0, dev: idev->dev, |
3219 | expires: 0, flags: pflags, GFP_KERNEL); |
3220 | } |
3221 | } |
3222 | } |
3223 | } |
3224 | #endif |
3225 | |
3226 | static void init_loopback(struct net_device *dev) |
3227 | { |
3228 | struct inet6_dev *idev; |
3229 | |
3230 | /* ::1 */ |
3231 | |
3232 | ASSERT_RTNL(); |
3233 | |
3234 | idev = ipv6_find_idev(dev); |
3235 | if (IS_ERR(ptr: idev)) { |
3236 | pr_debug("%s: add_dev failed\n" , __func__); |
3237 | return; |
3238 | } |
3239 | |
3240 | add_addr(idev, addr: &in6addr_loopback, plen: 128, IFA_HOST, IFAPROT_KERNEL_LO); |
3241 | } |
3242 | |
3243 | void addrconf_add_linklocal(struct inet6_dev *idev, |
3244 | const struct in6_addr *addr, u32 flags) |
3245 | { |
3246 | struct ifa6_config cfg = { |
3247 | .pfx = addr, |
3248 | .plen = 64, |
3249 | .ifa_flags = flags | IFA_F_PERMANENT, |
3250 | .valid_lft = INFINITY_LIFE_TIME, |
3251 | .preferred_lft = INFINITY_LIFE_TIME, |
3252 | .scope = IFA_LINK, |
3253 | .ifa_proto = IFAPROT_KERNEL_LL |
3254 | }; |
3255 | struct inet6_ifaddr *ifp; |
3256 | |
3257 | #ifdef CONFIG_IPV6_OPTIMISTIC_DAD |
3258 | if ((dev_net(dev: idev->dev)->ipv6.devconf_all->optimistic_dad || |
3259 | idev->cnf.optimistic_dad) && |
3260 | !dev_net(dev: idev->dev)->ipv6.devconf_all->forwarding) |
3261 | cfg.ifa_flags |= IFA_F_OPTIMISTIC; |
3262 | #endif |
3263 | |
3264 | ifp = ipv6_add_addr(idev, cfg: &cfg, can_block: true, NULL); |
3265 | if (!IS_ERR(ptr: ifp)) { |
3266 | addrconf_prefix_route(pfx: &ifp->addr, plen: ifp->prefix_len, metric: 0, dev: idev->dev, |
3267 | expires: 0, flags: 0, GFP_ATOMIC); |
3268 | addrconf_dad_start(ifp); |
3269 | in6_ifa_put(ifp); |
3270 | } |
3271 | } |
3272 | EXPORT_SYMBOL_GPL(addrconf_add_linklocal); |
3273 | |
3274 | static bool ipv6_reserved_interfaceid(struct in6_addr address) |
3275 | { |
3276 | if ((address.s6_addr32[2] | address.s6_addr32[3]) == 0) |
3277 | return true; |
3278 | |
3279 | if (address.s6_addr32[2] == htonl(0x02005eff) && |
3280 | ((address.s6_addr32[3] & htonl(0xfe000000)) == htonl(0xfe000000))) |
3281 | return true; |
3282 | |
3283 | if (address.s6_addr32[2] == htonl(0xfdffffff) && |
3284 | ((address.s6_addr32[3] & htonl(0xffffff80)) == htonl(0xffffff80))) |
3285 | return true; |
3286 | |
3287 | return false; |
3288 | } |
3289 | |
3290 | static int ipv6_generate_stable_address(struct in6_addr *address, |
3291 | u8 dad_count, |
3292 | const struct inet6_dev *idev) |
3293 | { |
3294 | static DEFINE_SPINLOCK(lock); |
3295 | static __u32 digest[SHA1_DIGEST_WORDS]; |
3296 | static __u32 workspace[SHA1_WORKSPACE_WORDS]; |
3297 | |
3298 | static union { |
3299 | char __data[SHA1_BLOCK_SIZE]; |
3300 | struct { |
3301 | struct in6_addr secret; |
3302 | __be32 prefix[2]; |
3303 | unsigned char hwaddr[MAX_ADDR_LEN]; |
3304 | u8 dad_count; |
3305 | } __packed; |
3306 | } data; |
3307 | |
3308 | struct in6_addr secret; |
3309 | struct in6_addr temp; |
3310 | struct net *net = dev_net(dev: idev->dev); |
3311 | |
3312 | BUILD_BUG_ON(sizeof(data.__data) != sizeof(data)); |
3313 | |
3314 | if (idev->cnf.stable_secret.initialized) |
3315 | secret = idev->cnf.stable_secret.secret; |
3316 | else if (net->ipv6.devconf_dflt->stable_secret.initialized) |
3317 | secret = net->ipv6.devconf_dflt->stable_secret.secret; |
3318 | else |
3319 | return -1; |
3320 | |
3321 | retry: |
3322 | spin_lock_bh(lock: &lock); |
3323 | |
3324 | sha1_init(buf: digest); |
3325 | memset(&data, 0, sizeof(data)); |
3326 | memset(workspace, 0, sizeof(workspace)); |
3327 | memcpy(data.hwaddr, idev->dev->perm_addr, idev->dev->addr_len); |
3328 | data.prefix[0] = address->s6_addr32[0]; |
3329 | data.prefix[1] = address->s6_addr32[1]; |
3330 | data.secret = secret; |
3331 | data.dad_count = dad_count; |
3332 | |
3333 | sha1_transform(digest, data: data.__data, W: workspace); |
3334 | |
3335 | temp = *address; |
3336 | temp.s6_addr32[2] = (__force __be32)digest[0]; |
3337 | temp.s6_addr32[3] = (__force __be32)digest[1]; |
3338 | |
3339 | spin_unlock_bh(lock: &lock); |
3340 | |
3341 | if (ipv6_reserved_interfaceid(address: temp)) { |
3342 | dad_count++; |
3343 | if (dad_count > dev_net(dev: idev->dev)->ipv6.sysctl.idgen_retries) |
3344 | return -1; |
3345 | goto retry; |
3346 | } |
3347 | |
3348 | *address = temp; |
3349 | return 0; |
3350 | } |
3351 | |
3352 | static void ipv6_gen_mode_random_init(struct inet6_dev *idev) |
3353 | { |
3354 | struct ipv6_stable_secret *s = &idev->cnf.stable_secret; |
3355 | |
3356 | if (s->initialized) |
3357 | return; |
3358 | s = &idev->cnf.stable_secret; |
3359 | get_random_bytes(buf: &s->secret, len: sizeof(s->secret)); |
3360 | s->initialized = true; |
3361 | } |
3362 | |
3363 | static void addrconf_addr_gen(struct inet6_dev *idev, bool prefix_route) |
3364 | { |
3365 | struct in6_addr addr; |
3366 | |
3367 | /* no link local addresses on L3 master devices */ |
3368 | if (netif_is_l3_master(dev: idev->dev)) |
3369 | return; |
3370 | |
3371 | /* no link local addresses on devices flagged as slaves */ |
3372 | if (idev->dev->priv_flags & IFF_NO_ADDRCONF) |
3373 | return; |
3374 | |
3375 | ipv6_addr_set(addr: &addr, htonl(0xFE800000), w2: 0, w3: 0, w4: 0); |
3376 | |
3377 | switch (idev->cnf.addr_gen_mode) { |
3378 | case IN6_ADDR_GEN_MODE_RANDOM: |
3379 | ipv6_gen_mode_random_init(idev); |
3380 | fallthrough; |
3381 | case IN6_ADDR_GEN_MODE_STABLE_PRIVACY: |
3382 | if (!ipv6_generate_stable_address(address: &addr, dad_count: 0, idev)) |
3383 | addrconf_add_linklocal(idev, &addr, |
3384 | IFA_F_STABLE_PRIVACY); |
3385 | else if (prefix_route) |
3386 | addrconf_prefix_route(pfx: &addr, plen: 64, metric: 0, dev: idev->dev, |
3387 | expires: 0, flags: 0, GFP_KERNEL); |
3388 | break; |
3389 | case IN6_ADDR_GEN_MODE_EUI64: |
3390 | /* addrconf_add_linklocal also adds a prefix_route and we |
3391 | * only need to care about prefix routes if ipv6_generate_eui64 |
3392 | * couldn't generate one. |
3393 | */ |
3394 | if (ipv6_generate_eui64(eui: addr.s6_addr + 8, dev: idev->dev) == 0) |
3395 | addrconf_add_linklocal(idev, &addr, 0); |
3396 | else if (prefix_route) |
3397 | addrconf_prefix_route(pfx: &addr, plen: 64, metric: 0, dev: idev->dev, |
3398 | expires: 0, flags: 0, GFP_KERNEL); |
3399 | break; |
3400 | case IN6_ADDR_GEN_MODE_NONE: |
3401 | default: |
3402 | /* will not add any link local address */ |
3403 | break; |
3404 | } |
3405 | } |
3406 | |
3407 | static void addrconf_dev_config(struct net_device *dev) |
3408 | { |
3409 | struct inet6_dev *idev; |
3410 | |
3411 | ASSERT_RTNL(); |
3412 | |
3413 | if ((dev->type != ARPHRD_ETHER) && |
3414 | (dev->type != ARPHRD_FDDI) && |
3415 | (dev->type != ARPHRD_ARCNET) && |
3416 | (dev->type != ARPHRD_INFINIBAND) && |
3417 | (dev->type != ARPHRD_IEEE1394) && |
3418 | (dev->type != ARPHRD_TUNNEL6) && |
3419 | (dev->type != ARPHRD_6LOWPAN) && |
3420 | (dev->type != ARPHRD_TUNNEL) && |
3421 | (dev->type != ARPHRD_NONE) && |
3422 | (dev->type != ARPHRD_RAWIP)) { |
3423 | /* Alas, we support only Ethernet autoconfiguration. */ |
3424 | idev = __in6_dev_get(dev); |
3425 | if (!IS_ERR_OR_NULL(ptr: idev) && dev->flags & IFF_UP && |
3426 | dev->flags & IFF_MULTICAST) |
3427 | ipv6_mc_up(idev); |
3428 | return; |
3429 | } |
3430 | |
3431 | idev = addrconf_add_dev(dev); |
3432 | if (IS_ERR(ptr: idev)) |
3433 | return; |
3434 | |
3435 | /* this device type has no EUI support */ |
3436 | if (dev->type == ARPHRD_NONE && |
3437 | idev->cnf.addr_gen_mode == IN6_ADDR_GEN_MODE_EUI64) |
3438 | idev->cnf.addr_gen_mode = IN6_ADDR_GEN_MODE_RANDOM; |
3439 | |
3440 | addrconf_addr_gen(idev, prefix_route: false); |
3441 | } |
3442 | |
3443 | #if IS_ENABLED(CONFIG_IPV6_SIT) |
3444 | static void addrconf_sit_config(struct net_device *dev) |
3445 | { |
3446 | struct inet6_dev *idev; |
3447 | |
3448 | ASSERT_RTNL(); |
3449 | |
3450 | /* |
3451 | * Configure the tunnel with one of our IPv4 |
3452 | * addresses... we should configure all of |
3453 | * our v4 addrs in the tunnel |
3454 | */ |
3455 | |
3456 | idev = ipv6_find_idev(dev); |
3457 | if (IS_ERR(ptr: idev)) { |
3458 | pr_debug("%s: add_dev failed\n" , __func__); |
3459 | return; |
3460 | } |
3461 | |
3462 | if (dev->priv_flags & IFF_ISATAP) { |
3463 | addrconf_addr_gen(idev, prefix_route: false); |
3464 | return; |
3465 | } |
3466 | |
3467 | add_v4_addrs(idev); |
3468 | |
3469 | if (dev->flags&IFF_POINTOPOINT) |
3470 | addrconf_add_mroute(dev); |
3471 | } |
3472 | #endif |
3473 | |
3474 | #if IS_ENABLED(CONFIG_NET_IPGRE) || IS_ENABLED(CONFIG_IPV6_GRE) |
3475 | static void addrconf_gre_config(struct net_device *dev) |
3476 | { |
3477 | struct inet6_dev *idev; |
3478 | |
3479 | ASSERT_RTNL(); |
3480 | |
3481 | idev = ipv6_find_idev(dev); |
3482 | if (IS_ERR(ptr: idev)) { |
3483 | pr_debug("%s: add_dev failed\n" , __func__); |
3484 | return; |
3485 | } |
3486 | |
3487 | if (dev->type == ARPHRD_ETHER) { |
3488 | addrconf_addr_gen(idev, prefix_route: true); |
3489 | return; |
3490 | } |
3491 | |
3492 | add_v4_addrs(idev); |
3493 | |
3494 | if (dev->flags & IFF_POINTOPOINT) |
3495 | addrconf_add_mroute(dev); |
3496 | } |
3497 | #endif |
3498 | |
3499 | static void addrconf_init_auto_addrs(struct net_device *dev) |
3500 | { |
3501 | switch (dev->type) { |
3502 | #if IS_ENABLED(CONFIG_IPV6_SIT) |
3503 | case ARPHRD_SIT: |
3504 | addrconf_sit_config(dev); |
3505 | break; |
3506 | #endif |
3507 | #if IS_ENABLED(CONFIG_NET_IPGRE) || IS_ENABLED(CONFIG_IPV6_GRE) |
3508 | case ARPHRD_IP6GRE: |
3509 | case ARPHRD_IPGRE: |
3510 | addrconf_gre_config(dev); |
3511 | break; |
3512 | #endif |
3513 | case ARPHRD_LOOPBACK: |
3514 | init_loopback(dev); |
3515 | break; |
3516 | |
3517 | default: |
3518 | addrconf_dev_config(dev); |
3519 | break; |
3520 | } |
3521 | } |
3522 | |
3523 | static int fixup_permanent_addr(struct net *net, |
3524 | struct inet6_dev *idev, |
3525 | struct inet6_ifaddr *ifp) |
3526 | { |
3527 | /* !fib6_node means the host route was removed from the |
3528 | * FIB, for example, if 'lo' device is taken down. In that |
3529 | * case regenerate the host route. |
3530 | */ |
3531 | if (!ifp->rt || !ifp->rt->fib6_node) { |
3532 | struct fib6_info *f6i, *prev; |
3533 | |
3534 | f6i = addrconf_f6i_alloc(net, idev, addr: &ifp->addr, anycast: false, |
3535 | GFP_ATOMIC, NULL); |
3536 | if (IS_ERR(ptr: f6i)) |
3537 | return PTR_ERR(ptr: f6i); |
3538 | |
3539 | /* ifp->rt can be accessed outside of rtnl */ |
3540 | spin_lock(lock: &ifp->lock); |
3541 | prev = ifp->rt; |
3542 | ifp->rt = f6i; |
3543 | spin_unlock(lock: &ifp->lock); |
3544 | |
3545 | fib6_info_release(f6i: prev); |
3546 | } |
3547 | |
3548 | if (!(ifp->flags & IFA_F_NOPREFIXROUTE)) { |
3549 | addrconf_prefix_route(pfx: &ifp->addr, plen: ifp->prefix_len, |
3550 | metric: ifp->rt_priority, dev: idev->dev, expires: 0, flags: 0, |
3551 | GFP_ATOMIC); |
3552 | } |
3553 | |
3554 | if (ifp->state == INET6_IFADDR_STATE_PREDAD) |
3555 | addrconf_dad_start(ifp); |
3556 | |
3557 | return 0; |
3558 | } |
3559 | |
3560 | static void addrconf_permanent_addr(struct net *net, struct net_device *dev) |
3561 | { |
3562 | struct inet6_ifaddr *ifp, *tmp; |
3563 | struct inet6_dev *idev; |
3564 | |
3565 | idev = __in6_dev_get(dev); |
3566 | if (!idev) |
3567 | return; |
3568 | |
3569 | write_lock_bh(&idev->lock); |
3570 | |
3571 | list_for_each_entry_safe(ifp, tmp, &idev->addr_list, if_list) { |
3572 | if ((ifp->flags & IFA_F_PERMANENT) && |
3573 | fixup_permanent_addr(net, idev, ifp) < 0) { |
3574 | write_unlock_bh(&idev->lock); |
3575 | in6_ifa_hold(ifp); |
3576 | ipv6_del_addr(ifp); |
3577 | write_lock_bh(&idev->lock); |
3578 | |
3579 | net_info_ratelimited("%s: Failed to add prefix route for address %pI6c; dropping\n" , |
3580 | idev->dev->name, &ifp->addr); |
3581 | } |
3582 | } |
3583 | |
3584 | write_unlock_bh(&idev->lock); |
3585 | } |
3586 | |
3587 | static int addrconf_notify(struct notifier_block *this, unsigned long event, |
3588 | void *ptr) |
3589 | { |
3590 | struct net_device *dev = netdev_notifier_info_to_dev(info: ptr); |
3591 | struct netdev_notifier_change_info *change_info; |
3592 | struct netdev_notifier_changeupper_info *info; |
3593 | struct inet6_dev *idev = __in6_dev_get(dev); |
3594 | struct net *net = dev_net(dev); |
3595 | int run_pending = 0; |
3596 | int err; |
3597 | |
3598 | switch (event) { |
3599 | case NETDEV_REGISTER: |
3600 | if (!idev && dev->mtu >= IPV6_MIN_MTU) { |
3601 | idev = ipv6_add_dev(dev); |
3602 | if (IS_ERR(ptr: idev)) |
3603 | return notifier_from_errno(err: PTR_ERR(ptr: idev)); |
3604 | } |
3605 | break; |
3606 | |
3607 | case NETDEV_CHANGEMTU: |
3608 | /* if MTU under IPV6_MIN_MTU stop IPv6 on this interface. */ |
3609 | if (dev->mtu < IPV6_MIN_MTU) { |
3610 | addrconf_ifdown(dev, unregister: dev != net->loopback_dev); |
3611 | break; |
3612 | } |
3613 | |
3614 | if (idev) { |
3615 | rt6_mtu_change(dev, mtu: dev->mtu); |
3616 | idev->cnf.mtu6 = dev->mtu; |
3617 | break; |
3618 | } |
3619 | |
3620 | /* allocate new idev */ |
3621 | idev = ipv6_add_dev(dev); |
3622 | if (IS_ERR(ptr: idev)) |
3623 | break; |
3624 | |
3625 | /* device is still not ready */ |
3626 | if (!(idev->if_flags & IF_READY)) |
3627 | break; |
3628 | |
3629 | run_pending = 1; |
3630 | fallthrough; |
3631 | case NETDEV_UP: |
3632 | case NETDEV_CHANGE: |
3633 | if (idev && idev->cnf.disable_ipv6) |
3634 | break; |
3635 | |
3636 | if (dev->priv_flags & IFF_NO_ADDRCONF) { |
3637 | if (event == NETDEV_UP && !IS_ERR_OR_NULL(ptr: idev) && |
3638 | dev->flags & IFF_UP && dev->flags & IFF_MULTICAST) |
3639 | ipv6_mc_up(idev); |
3640 | break; |
3641 | } |
3642 | |
3643 | if (event == NETDEV_UP) { |
3644 | /* restore routes for permanent addresses */ |
3645 | addrconf_permanent_addr(net, dev); |
3646 | |
3647 | if (!addrconf_link_ready(dev)) { |
3648 | /* device is not ready yet. */ |
3649 | pr_debug("ADDRCONF(NETDEV_UP): %s: link is not ready\n" , |
3650 | dev->name); |
3651 | break; |
3652 | } |
3653 | |
3654 | if (!idev && dev->mtu >= IPV6_MIN_MTU) |
3655 | idev = ipv6_add_dev(dev); |
3656 | |
3657 | if (!IS_ERR_OR_NULL(ptr: idev)) { |
3658 | idev->if_flags |= IF_READY; |
3659 | run_pending = 1; |
3660 | } |
3661 | } else if (event == NETDEV_CHANGE) { |
3662 | if (!addrconf_link_ready(dev)) { |
3663 | /* device is still not ready. */ |
3664 | rt6_sync_down_dev(dev, event); |
3665 | break; |
3666 | } |
3667 | |
3668 | if (!IS_ERR_OR_NULL(ptr: idev)) { |
3669 | if (idev->if_flags & IF_READY) { |
3670 | /* device is already configured - |
3671 | * but resend MLD reports, we might |
3672 | * have roamed and need to update |
3673 | * multicast snooping switches |
3674 | */ |
3675 | ipv6_mc_up(idev); |
3676 | change_info = ptr; |
3677 | if (change_info->flags_changed & IFF_NOARP) |
3678 | addrconf_dad_run(idev, restart: true); |
3679 | rt6_sync_up(dev, RTNH_F_LINKDOWN); |
3680 | break; |
3681 | } |
3682 | idev->if_flags |= IF_READY; |
3683 | } |
3684 | |
3685 | pr_debug("ADDRCONF(NETDEV_CHANGE): %s: link becomes ready\n" , |
3686 | dev->name); |
3687 | |
3688 | run_pending = 1; |
3689 | } |
3690 | |
3691 | addrconf_init_auto_addrs(dev); |
3692 | |
3693 | if (!IS_ERR_OR_NULL(ptr: idev)) { |
3694 | if (run_pending) |
3695 | addrconf_dad_run(idev, restart: false); |
3696 | |
3697 | /* Device has an address by now */ |
3698 | rt6_sync_up(dev, RTNH_F_DEAD); |
3699 | |
3700 | /* |
3701 | * If the MTU changed during the interface down, |
3702 | * when the interface up, the changed MTU must be |
3703 | * reflected in the idev as well as routers. |
3704 | */ |
3705 | if (idev->cnf.mtu6 != dev->mtu && |
3706 | dev->mtu >= IPV6_MIN_MTU) { |
3707 | rt6_mtu_change(dev, mtu: dev->mtu); |
3708 | idev->cnf.mtu6 = dev->mtu; |
3709 | } |
3710 | idev->tstamp = jiffies; |
3711 | inet6_ifinfo_notify(RTM_NEWLINK, idev); |
3712 | |
3713 | /* |
3714 | * If the changed mtu during down is lower than |
3715 | * IPV6_MIN_MTU stop IPv6 on this interface. |
3716 | */ |
3717 | if (dev->mtu < IPV6_MIN_MTU) |
3718 | addrconf_ifdown(dev, unregister: dev != net->loopback_dev); |
3719 | } |
3720 | break; |
3721 | |
3722 | case NETDEV_DOWN: |
3723 | case NETDEV_UNREGISTER: |
3724 | /* |
3725 | * Remove all addresses from this interface. |
3726 | */ |
3727 | addrconf_ifdown(dev, unregister: event != NETDEV_DOWN); |
3728 | break; |
3729 | |
3730 | case NETDEV_CHANGENAME: |
3731 | if (idev) { |
3732 | snmp6_unregister_dev(idev); |
3733 | addrconf_sysctl_unregister(idev); |
3734 | err = addrconf_sysctl_register(idev); |
3735 | if (err) |
3736 | return notifier_from_errno(err); |
3737 | err = snmp6_register_dev(idev); |
3738 | if (err) { |
3739 | addrconf_sysctl_unregister(idev); |
3740 | return notifier_from_errno(err); |
3741 | } |
3742 | } |
3743 | break; |
3744 | |
3745 | case NETDEV_PRE_TYPE_CHANGE: |
3746 | case NETDEV_POST_TYPE_CHANGE: |
3747 | if (idev) |
3748 | addrconf_type_change(dev, event); |
3749 | break; |
3750 | |
3751 | case NETDEV_CHANGEUPPER: |
3752 | info = ptr; |
3753 | |
3754 | /* flush all routes if dev is linked to or unlinked from |
3755 | * an L3 master device (e.g., VRF) |
3756 | */ |
3757 | if (info->upper_dev && netif_is_l3_master(dev: info->upper_dev)) |
3758 | addrconf_ifdown(dev, unregister: false); |
3759 | } |
3760 | |
3761 | return NOTIFY_OK; |
3762 | } |
3763 | |
3764 | /* |
3765 | * addrconf module should be notified of a device going up |
3766 | */ |
3767 | static struct notifier_block ipv6_dev_notf = { |
3768 | .notifier_call = addrconf_notify, |
3769 | .priority = ADDRCONF_NOTIFY_PRIORITY, |
3770 | }; |
3771 | |
3772 | static void addrconf_type_change(struct net_device *dev, unsigned long event) |
3773 | { |
3774 | struct inet6_dev *idev; |
3775 | ASSERT_RTNL(); |
3776 | |
3777 | idev = __in6_dev_get(dev); |
3778 | |
3779 | if (event == NETDEV_POST_TYPE_CHANGE) |
3780 | ipv6_mc_remap(idev); |
3781 | else if (event == NETDEV_PRE_TYPE_CHANGE) |
3782 | ipv6_mc_unmap(idev); |
3783 | } |
3784 | |
3785 | static bool addr_is_local(const struct in6_addr *addr) |
3786 | { |
3787 | return ipv6_addr_type(addr) & |
3788 | (IPV6_ADDR_LINKLOCAL | IPV6_ADDR_LOOPBACK); |
3789 | } |
3790 | |
3791 | static int addrconf_ifdown(struct net_device *dev, bool unregister) |
3792 | { |
3793 | unsigned long event = unregister ? NETDEV_UNREGISTER : NETDEV_DOWN; |
3794 | struct net *net = dev_net(dev); |
3795 | struct inet6_dev *idev; |
3796 | struct inet6_ifaddr *ifa; |
3797 | LIST_HEAD(tmp_addr_list); |
3798 | bool keep_addr = false; |
3799 | bool was_ready; |
3800 | int state, i; |
3801 | |
3802 | ASSERT_RTNL(); |
3803 | |
3804 | rt6_disable_ip(dev, event); |
3805 | |
3806 | idev = __in6_dev_get(dev); |
3807 | if (!idev) |
3808 | return -ENODEV; |
3809 | |
3810 | /* |
3811 | * Step 1: remove reference to ipv6 device from parent device. |
3812 | * Do not dev_put! |
3813 | */ |
3814 | if (unregister) { |
3815 | idev->dead = 1; |
3816 | |
3817 | /* protected by rtnl_lock */ |
3818 | RCU_INIT_POINTER(dev->ip6_ptr, NULL); |
3819 | |
3820 | /* Step 1.5: remove snmp6 entry */ |
3821 | snmp6_unregister_dev(idev); |
3822 | |
3823 | } |
3824 | |
3825 | /* combine the user config with event to determine if permanent |
3826 | * addresses are to be removed from address hash table |
3827 | */ |
3828 | if (!unregister && !idev->cnf.disable_ipv6) { |
3829 | /* aggregate the system setting and interface setting */ |
3830 | int _keep_addr = net->ipv6.devconf_all->keep_addr_on_down; |
3831 | |
3832 | if (!_keep_addr) |
3833 | _keep_addr = idev->cnf.keep_addr_on_down; |
3834 | |
3835 | keep_addr = (_keep_addr > 0); |
3836 | } |
3837 | |
3838 | /* Step 2: clear hash table */ |
3839 | for (i = 0; i < IN6_ADDR_HSIZE; i++) { |
3840 | struct hlist_head *h = &net->ipv6.inet6_addr_lst[i]; |
3841 | |
3842 | spin_lock_bh(lock: &net->ipv6.addrconf_hash_lock); |
3843 | restart: |
3844 | hlist_for_each_entry_rcu(ifa, h, addr_lst) { |
3845 | if (ifa->idev == idev) { |
3846 | addrconf_del_dad_work(ifp: ifa); |
3847 | /* combined flag + permanent flag decide if |
3848 | * address is retained on a down event |
3849 | */ |
3850 | if (!keep_addr || |
3851 | !(ifa->flags & IFA_F_PERMANENT) || |
3852 | addr_is_local(addr: &ifa->addr)) { |
3853 | hlist_del_init_rcu(n: &ifa->addr_lst); |
3854 | goto restart; |
3855 | } |
3856 | } |
3857 | } |
3858 | spin_unlock_bh(lock: &net->ipv6.addrconf_hash_lock); |
3859 | } |
3860 | |
3861 | write_lock_bh(&idev->lock); |
3862 | |
3863 | addrconf_del_rs_timer(idev); |
3864 | |
3865 | /* Step 2: clear flags for stateless addrconf, repeated down |
3866 | * detection |
3867 | */ |
3868 | was_ready = idev->if_flags & IF_READY; |
3869 | if (!unregister) |
3870 | idev->if_flags &= ~(IF_RS_SENT|IF_RA_RCVD|IF_READY); |
3871 | |
3872 | /* Step 3: clear tempaddr list */ |
3873 | while (!list_empty(head: &idev->tempaddr_list)) { |
3874 | ifa = list_first_entry(&idev->tempaddr_list, |
3875 | struct inet6_ifaddr, tmp_list); |
3876 | list_del(entry: &ifa->tmp_list); |
3877 | write_unlock_bh(&idev->lock); |
3878 | spin_lock_bh(lock: &ifa->lock); |
3879 | |
3880 | if (ifa->ifpub) { |
3881 | in6_ifa_put(ifp: ifa->ifpub); |
3882 | ifa->ifpub = NULL; |
3883 | } |
3884 | spin_unlock_bh(lock: &ifa->lock); |
3885 | in6_ifa_put(ifp: ifa); |
3886 | write_lock_bh(&idev->lock); |
3887 | } |
3888 | |
3889 | list_for_each_entry(ifa, &idev->addr_list, if_list) |
3890 | list_add_tail(new: &ifa->if_list_aux, head: &tmp_addr_list); |
3891 | write_unlock_bh(&idev->lock); |
3892 | |
3893 | while (!list_empty(head: &tmp_addr_list)) { |
3894 | struct fib6_info *rt = NULL; |
3895 | bool keep; |
3896 | |
3897 | ifa = list_first_entry(&tmp_addr_list, |
3898 | struct inet6_ifaddr, if_list_aux); |
3899 | list_del(entry: &ifa->if_list_aux); |
3900 | |
3901 | addrconf_del_dad_work(ifp: ifa); |
3902 | |
3903 | keep = keep_addr && (ifa->flags & IFA_F_PERMANENT) && |
3904 | !addr_is_local(addr: &ifa->addr); |
3905 | |
3906 | spin_lock_bh(lock: &ifa->lock); |
3907 | |
3908 | if (keep) { |
3909 | /* set state to skip the notifier below */ |
3910 | state = INET6_IFADDR_STATE_DEAD; |
3911 | ifa->state = INET6_IFADDR_STATE_PREDAD; |
3912 | if (!(ifa->flags & IFA_F_NODAD)) |
3913 | ifa->flags |= IFA_F_TENTATIVE; |
3914 | |
3915 | rt = ifa->rt; |
3916 | ifa->rt = NULL; |
3917 | } else { |
3918 | state = ifa->state; |
3919 | ifa->state = INET6_IFADDR_STATE_DEAD; |
3920 | } |
3921 | |
3922 | spin_unlock_bh(lock: &ifa->lock); |
3923 | |
3924 | if (rt) |
3925 | ip6_del_rt(net, f6i: rt, skip_notify: false); |
3926 | |
3927 | if (state != INET6_IFADDR_STATE_DEAD) { |
3928 | __ipv6_ifa_notify(RTM_DELADDR, ifa); |
3929 | inet6addr_notifier_call_chain(val: NETDEV_DOWN, v: ifa); |
3930 | } else { |
3931 | if (idev->cnf.forwarding) |
3932 | addrconf_leave_anycast(ifp: ifa); |
3933 | addrconf_leave_solict(idev: ifa->idev, addr: &ifa->addr); |
3934 | } |
3935 | |
3936 | if (!keep) { |
3937 | write_lock_bh(&idev->lock); |
3938 | list_del_rcu(entry: &ifa->if_list); |
3939 | write_unlock_bh(&idev->lock); |
3940 | in6_ifa_put(ifp: ifa); |
3941 | } |
3942 | } |
3943 | |
3944 | /* Step 5: Discard anycast and multicast list */ |
3945 | if (unregister) { |
3946 | ipv6_ac_destroy_dev(idev); |
3947 | ipv6_mc_destroy_dev(idev); |
3948 | } else if (was_ready) { |
3949 | ipv6_mc_down(idev); |
3950 | } |
3951 | |
3952 | idev->tstamp = jiffies; |
3953 | idev->ra_mtu = 0; |
3954 | |
3955 | /* Last: Shot the device (if unregistered) */ |
3956 | if (unregister) { |
3957 | addrconf_sysctl_unregister(idev); |
3958 | neigh_parms_release(tbl: &nd_tbl, parms: idev->nd_parms); |
3959 | neigh_ifdown(tbl: &nd_tbl, dev); |
3960 | in6_dev_put(idev); |
3961 | } |
3962 | return 0; |
3963 | } |
3964 | |
3965 | static void addrconf_rs_timer(struct timer_list *t) |
3966 | { |
3967 | struct inet6_dev *idev = from_timer(idev, t, rs_timer); |
3968 | struct net_device *dev = idev->dev; |
3969 | struct in6_addr lladdr; |
3970 | |
3971 | write_lock(&idev->lock); |
3972 | if (idev->dead || !(idev->if_flags & IF_READY)) |
3973 | goto out; |
3974 | |
3975 | if (!ipv6_accept_ra(idev)) |
3976 | goto out; |
3977 | |
3978 | /* Announcement received after solicitation was sent */ |
3979 | if (idev->if_flags & IF_RA_RCVD) |
3980 | goto out; |
3981 | |
3982 | if (idev->rs_probes++ < idev->cnf.rtr_solicits || idev->cnf.rtr_solicits < 0) { |
3983 | write_unlock(&idev->lock); |
3984 | if (!ipv6_get_lladdr(dev, addr: &lladdr, IFA_F_TENTATIVE)) |
3985 | ndisc_send_rs(dev, saddr: &lladdr, |
3986 | daddr: &in6addr_linklocal_allrouters); |
3987 | else |
3988 | goto put; |
3989 | |
3990 | write_lock(&idev->lock); |
3991 | idev->rs_interval = rfc3315_s14_backoff_update( |
3992 | rt: idev->rs_interval, mrt: idev->cnf.rtr_solicit_max_interval); |
3993 | /* The wait after the last probe can be shorter */ |
3994 | addrconf_mod_rs_timer(idev, when: (idev->rs_probes == |
3995 | idev->cnf.rtr_solicits) ? |
3996 | idev->cnf.rtr_solicit_delay : |
3997 | idev->rs_interval); |
3998 | } else { |
3999 | /* |
4000 | * Note: we do not support deprecated "all on-link" |
4001 | * assumption any longer. |
4002 | */ |
4003 | pr_debug("%s: no IPv6 routers present\n" , idev->dev->name); |
4004 | } |
4005 | |
4006 | out: |
4007 | write_unlock(&idev->lock); |
4008 | put: |
4009 | in6_dev_put(idev); |
4010 | } |
4011 | |
4012 | /* |
4013 | * Duplicate Address Detection |
4014 | */ |
4015 | static void addrconf_dad_kick(struct inet6_ifaddr *ifp) |
4016 | { |
4017 | unsigned long rand_num; |
4018 | struct inet6_dev *idev = ifp->idev; |
4019 | u64 nonce; |
4020 | |
4021 | if (ifp->flags & IFA_F_OPTIMISTIC) |
4022 | rand_num = 0; |
4023 | else |
4024 | rand_num = get_random_u32_below(ceil: idev->cnf.rtr_solicit_delay ? : 1); |
4025 | |
4026 | nonce = 0; |
4027 | if (idev->cnf.enhanced_dad || |
4028 | dev_net(dev: idev->dev)->ipv6.devconf_all->enhanced_dad) { |
4029 | do |
4030 | get_random_bytes(buf: &nonce, len: 6); |
4031 | while (nonce == 0); |
4032 | } |
4033 | ifp->dad_nonce = nonce; |
4034 | ifp->dad_probes = idev->cnf.dad_transmits; |
4035 | addrconf_mod_dad_work(ifp, delay: rand_num); |
4036 | } |
4037 | |
4038 | static void addrconf_dad_begin(struct inet6_ifaddr *ifp) |
4039 | { |
4040 | struct inet6_dev *idev = ifp->idev; |
4041 | struct net_device *dev = idev->dev; |
4042 | bool bump_id, notify = false; |
4043 | struct net *net; |
4044 | |
4045 | addrconf_join_solict(dev, addr: &ifp->addr); |
4046 | |
4047 | read_lock_bh(&idev->lock); |
4048 | spin_lock(lock: &ifp->lock); |
4049 | if (ifp->state == INET6_IFADDR_STATE_DEAD) |
4050 | goto out; |
4051 | |
4052 | net = dev_net(dev); |
4053 | if (dev->flags&(IFF_NOARP|IFF_LOOPBACK) || |
4054 | (net->ipv6.devconf_all->accept_dad < 1 && |
4055 | idev->cnf.accept_dad < 1) || |
4056 | !(ifp->flags&IFA_F_TENTATIVE) || |
4057 | ifp->flags & IFA_F_NODAD) { |
4058 | bool send_na = false; |
4059 | |
4060 | if (ifp->flags & IFA_F_TENTATIVE && |
4061 | !(ifp->flags & IFA_F_OPTIMISTIC)) |
4062 | send_na = true; |
4063 | bump_id = ifp->flags & IFA_F_TENTATIVE; |
4064 | ifp->flags &= ~(IFA_F_TENTATIVE|IFA_F_OPTIMISTIC|IFA_F_DADFAILED); |
4065 | spin_unlock(lock: &ifp->lock); |
4066 | read_unlock_bh(&idev->lock); |
4067 | |
4068 | addrconf_dad_completed(ifp, bump_id, send_na); |
4069 | return; |
4070 | } |
4071 | |
4072 | if (!(idev->if_flags & IF_READY)) { |
4073 | spin_unlock(lock: &ifp->lock); |
4074 | read_unlock_bh(&idev->lock); |
4075 | /* |
4076 | * If the device is not ready: |
4077 | * - keep it tentative if it is a permanent address. |
4078 | * - otherwise, kill it. |
4079 | */ |
4080 | in6_ifa_hold(ifp); |
4081 | addrconf_dad_stop(ifp, dad_failed: 0); |
4082 | return; |
4083 | } |
4084 | |
4085 | /* |
4086 | * Optimistic nodes can start receiving |
4087 | * Frames right away |
4088 | */ |
4089 | if (ifp->flags & IFA_F_OPTIMISTIC) { |
4090 | ip6_ins_rt(net, f6i: ifp->rt); |
4091 | if (ipv6_use_optimistic_addr(net, idev)) { |
4092 | /* Because optimistic nodes can use this address, |
4093 | * notify listeners. If DAD fails, RTM_DELADDR is sent. |
4094 | */ |
4095 | notify = true; |
4096 | } |
4097 | } |
4098 | |
4099 | addrconf_dad_kick(ifp); |
4100 | out: |
4101 | spin_unlock(lock: &ifp->lock); |
4102 | read_unlock_bh(&idev->lock); |
4103 | if (notify) |
4104 | ipv6_ifa_notify(RTM_NEWADDR, ifa: ifp); |
4105 | } |
4106 | |
4107 | static void addrconf_dad_start(struct inet6_ifaddr *ifp) |
4108 | { |
4109 | bool begin_dad = false; |
4110 | |
4111 | spin_lock_bh(lock: &ifp->lock); |
4112 | if (ifp->state != INET6_IFADDR_STATE_DEAD) { |
4113 | ifp->state = INET6_IFADDR_STATE_PREDAD; |
4114 | begin_dad = true; |
4115 | } |
4116 | spin_unlock_bh(lock: &ifp->lock); |
4117 | |
4118 | if (begin_dad) |
4119 | addrconf_mod_dad_work(ifp, delay: 0); |
4120 | } |
4121 | |
4122 | static void addrconf_dad_work(struct work_struct *w) |
4123 | { |
4124 | struct inet6_ifaddr *ifp = container_of(to_delayed_work(w), |
4125 | struct inet6_ifaddr, |
4126 | dad_work); |
4127 | struct inet6_dev *idev = ifp->idev; |
4128 | bool bump_id, disable_ipv6 = false; |
4129 | struct in6_addr mcaddr; |
4130 | |
4131 | enum { |
4132 | DAD_PROCESS, |
4133 | DAD_BEGIN, |
4134 | DAD_ABORT, |
4135 | } action = DAD_PROCESS; |
4136 | |
4137 | rtnl_lock(); |
4138 | |
4139 | spin_lock_bh(lock: &ifp->lock); |
4140 | if (ifp->state == INET6_IFADDR_STATE_PREDAD) { |
4141 | action = DAD_BEGIN; |
4142 | ifp->state = INET6_IFADDR_STATE_DAD; |
4143 | } else if (ifp->state == INET6_IFADDR_STATE_ERRDAD) { |
4144 | action = DAD_ABORT; |
4145 | ifp->state = INET6_IFADDR_STATE_POSTDAD; |
4146 | |
4147 | if ((dev_net(dev: idev->dev)->ipv6.devconf_all->accept_dad > 1 || |
4148 | idev->cnf.accept_dad > 1) && |
4149 | !idev->cnf.disable_ipv6 && |
4150 | !(ifp->flags & IFA_F_STABLE_PRIVACY)) { |
4151 | struct in6_addr addr; |
4152 | |
4153 | addr.s6_addr32[0] = htonl(0xfe800000); |
4154 | addr.s6_addr32[1] = 0; |
4155 | |
4156 | if (!ipv6_generate_eui64(eui: addr.s6_addr + 8, dev: idev->dev) && |
4157 | ipv6_addr_equal(a1: &ifp->addr, a2: &addr)) { |
4158 | /* DAD failed for link-local based on MAC */ |
4159 | idev->cnf.disable_ipv6 = 1; |
4160 | |
4161 | pr_info("%s: IPv6 being disabled!\n" , |
4162 | ifp->idev->dev->name); |
4163 | disable_ipv6 = true; |
4164 | } |
4165 | } |
4166 | } |
4167 | spin_unlock_bh(lock: &ifp->lock); |
4168 | |
4169 | if (action == DAD_BEGIN) { |
4170 | addrconf_dad_begin(ifp); |
4171 | goto out; |
4172 | } else if (action == DAD_ABORT) { |
4173 | in6_ifa_hold(ifp); |
4174 | addrconf_dad_stop(ifp, dad_failed: 1); |
4175 | if (disable_ipv6) |
4176 | addrconf_ifdown(dev: idev->dev, unregister: false); |
4177 | goto out; |
4178 | } |
4179 | |
4180 | if (!ifp->dad_probes && addrconf_dad_end(ifp)) |
4181 | goto out; |
4182 | |
4183 | write_lock_bh(&idev->lock); |
4184 | if (idev->dead || !(idev->if_flags & IF_READY)) { |
4185 | write_unlock_bh(&idev->lock); |
4186 | goto out; |
4187 | } |
4188 | |
4189 | spin_lock(lock: &ifp->lock); |
4190 | if (ifp->state == INET6_IFADDR_STATE_DEAD) { |
4191 | spin_unlock(lock: &ifp->lock); |
4192 | write_unlock_bh(&idev->lock); |
4193 | goto out; |
4194 | } |
4195 | |
4196 | if (ifp->dad_probes == 0) { |
4197 | bool send_na = false; |
4198 | |
4199 | /* |
4200 | * DAD was successful |
4201 | */ |
4202 | |
4203 | if (ifp->flags & IFA_F_TENTATIVE && |
4204 | !(ifp->flags & IFA_F_OPTIMISTIC)) |
4205 | send_na = true; |
4206 | bump_id = ifp->flags & IFA_F_TENTATIVE; |
4207 | ifp->flags &= ~(IFA_F_TENTATIVE|IFA_F_OPTIMISTIC|IFA_F_DADFAILED); |
4208 | spin_unlock(lock: &ifp->lock); |
4209 | write_unlock_bh(&idev->lock); |
4210 | |
4211 | addrconf_dad_completed(ifp, bump_id, send_na); |
4212 | |
4213 | goto out; |
4214 | } |
4215 | |
4216 | ifp->dad_probes--; |
4217 | addrconf_mod_dad_work(ifp, |
4218 | max(NEIGH_VAR(ifp->idev->nd_parms, RETRANS_TIME), |
4219 | HZ/100)); |
4220 | spin_unlock(lock: &ifp->lock); |
4221 | write_unlock_bh(&idev->lock); |
4222 | |
4223 | /* send a neighbour solicitation for our addr */ |
4224 | addrconf_addr_solict_mult(addr: &ifp->addr, solicited: &mcaddr); |
4225 | ndisc_send_ns(dev: ifp->idev->dev, solicit: &ifp->addr, daddr: &mcaddr, saddr: &in6addr_any, |
4226 | nonce: ifp->dad_nonce); |
4227 | out: |
4228 | in6_ifa_put(ifp); |
4229 | rtnl_unlock(); |
4230 | } |
4231 | |
4232 | /* ifp->idev must be at least read locked */ |
4233 | static bool ipv6_lonely_lladdr(struct inet6_ifaddr *ifp) |
4234 | { |
4235 | struct inet6_ifaddr *ifpiter; |
4236 | struct inet6_dev *idev = ifp->idev; |
4237 | |
4238 | list_for_each_entry_reverse(ifpiter, &idev->addr_list, if_list) { |
4239 | if (ifpiter->scope > IFA_LINK) |
4240 | break; |
4241 | if (ifp != ifpiter && ifpiter->scope == IFA_LINK && |
4242 | (ifpiter->flags & (IFA_F_PERMANENT|IFA_F_TENTATIVE| |
4243 | IFA_F_OPTIMISTIC|IFA_F_DADFAILED)) == |
4244 | IFA_F_PERMANENT) |
4245 | return false; |
4246 | } |
4247 | return true; |
4248 | } |
4249 | |
4250 | static void addrconf_dad_completed(struct inet6_ifaddr *ifp, bool bump_id, |
4251 | bool send_na) |
4252 | { |
4253 | struct net_device *dev = ifp->idev->dev; |
4254 | struct in6_addr lladdr; |
4255 | bool send_rs, send_mld; |
4256 | |
4257 | addrconf_del_dad_work(ifp); |
4258 | |
4259 | /* |
4260 | * Configure the address for reception. Now it is valid. |
4261 | */ |
4262 | |
4263 | ipv6_ifa_notify(RTM_NEWADDR, ifa: ifp); |
4264 | |
4265 | /* If added prefix is link local and we are prepared to process |
4266 | router advertisements, start sending router solicitations. |
4267 | */ |
4268 | |
4269 | read_lock_bh(&ifp->idev->lock); |
4270 | send_mld = ifp->scope == IFA_LINK && ipv6_lonely_lladdr(ifp); |
4271 | send_rs = send_mld && |
4272 | ipv6_accept_ra(idev: ifp->idev) && |
4273 | ifp->idev->cnf.rtr_solicits != 0 && |
4274 | (dev->flags & IFF_LOOPBACK) == 0 && |
4275 | (dev->type != ARPHRD_TUNNEL) && |
4276 | !netif_is_team_port(dev); |
4277 | read_unlock_bh(&ifp->idev->lock); |
4278 | |
4279 | /* While dad is in progress mld report's source address is in6_addrany. |
4280 | * Resend with proper ll now. |
4281 | */ |
4282 | if (send_mld) |
4283 | ipv6_mc_dad_complete(idev: ifp->idev); |
4284 | |
4285 | /* send unsolicited NA if enabled */ |
4286 | if (send_na && |
4287 | (ifp->idev->cnf.ndisc_notify || |
4288 | dev_net(dev)->ipv6.devconf_all->ndisc_notify)) { |
4289 | ndisc_send_na(dev, daddr: &in6addr_linklocal_allnodes, solicited_addr: &ifp->addr, |
4290 | /*router=*/ !!ifp->idev->cnf.forwarding, |
4291 | /*solicited=*/ false, /*override=*/ true, |
4292 | /*inc_opt=*/ true); |
4293 | } |
4294 | |
4295 | if (send_rs) { |
4296 | /* |
4297 | * If a host as already performed a random delay |
4298 | * [...] as part of DAD [...] there is no need |
4299 | * to delay again before sending the first RS |
4300 | */ |
4301 | if (ipv6_get_lladdr(dev, addr: &lladdr, IFA_F_TENTATIVE)) |
4302 | return; |
4303 | ndisc_send_rs(dev, saddr: &lladdr, daddr: &in6addr_linklocal_allrouters); |
4304 | |
4305 | write_lock_bh(&ifp->idev->lock); |
4306 | spin_lock(lock: &ifp->lock); |
4307 | ifp->idev->rs_interval = rfc3315_s14_backoff_init( |
4308 | irt: ifp->idev->cnf.rtr_solicit_interval); |
4309 | ifp->idev->rs_probes = 1; |
4310 | ifp->idev->if_flags |= IF_RS_SENT; |
4311 | addrconf_mod_rs_timer(idev: ifp->idev, when: ifp->idev->rs_interval); |
4312 | spin_unlock(lock: &ifp->lock); |
4313 | write_unlock_bh(&ifp->idev->lock); |
4314 | } |
4315 | |
4316 | if (bump_id) |
4317 | rt_genid_bump_ipv6(net: dev_net(dev)); |
4318 | |
4319 | /* Make sure that a new temporary address will be created |
4320 | * before this temporary address becomes deprecated. |
4321 | */ |
4322 | if (ifp->flags & IFA_F_TEMPORARY) |
4323 | addrconf_verify_rtnl(net: dev_net(dev)); |
4324 | } |
4325 | |
4326 | static void addrconf_dad_run(struct inet6_dev *idev, bool restart) |
4327 | { |
4328 | struct inet6_ifaddr *ifp; |
4329 | |
4330 | read_lock_bh(&idev->lock); |
4331 | list_for_each_entry(ifp, &idev->addr_list, if_list) { |
4332 | spin_lock(lock: &ifp->lock); |
4333 | if ((ifp->flags & IFA_F_TENTATIVE && |
4334 | ifp->state == INET6_IFADDR_STATE_DAD) || restart) { |
4335 | if (restart) |
4336 | ifp->state = INET6_IFADDR_STATE_PREDAD; |
4337 | addrconf_dad_kick(ifp); |
4338 | } |
4339 | spin_unlock(lock: &ifp->lock); |
4340 | } |
4341 | read_unlock_bh(&idev->lock); |
4342 | } |
4343 | |
4344 | #ifdef CONFIG_PROC_FS |
4345 | struct if6_iter_state { |
4346 | struct seq_net_private p; |
4347 | int bucket; |
4348 | int offset; |
4349 | }; |
4350 | |
4351 | static struct inet6_ifaddr *if6_get_first(struct seq_file *seq, loff_t pos) |
4352 | { |
4353 | struct if6_iter_state *state = seq->private; |
4354 | struct net *net = seq_file_net(seq); |
4355 | struct inet6_ifaddr *ifa = NULL; |
4356 | int p = 0; |
4357 | |
4358 | /* initial bucket if pos is 0 */ |
4359 | if (pos == 0) { |
4360 | state->bucket = 0; |
4361 | state->offset = 0; |
4362 | } |
4363 | |
4364 | for (; state->bucket < IN6_ADDR_HSIZE; ++state->bucket) { |
4365 | hlist_for_each_entry_rcu(ifa, &net->ipv6.inet6_addr_lst[state->bucket], |
4366 | addr_lst) { |
4367 | /* sync with offset */ |
4368 | if (p < state->offset) { |
4369 | p++; |
4370 | continue; |
4371 | } |
4372 | return ifa; |
4373 | } |
4374 | |
4375 | /* prepare for next bucket */ |
4376 | state->offset = 0; |
4377 | p = 0; |
4378 | } |
4379 | return NULL; |
4380 | } |
4381 | |
4382 | static struct inet6_ifaddr *if6_get_next(struct seq_file *seq, |
4383 | struct inet6_ifaddr *ifa) |
4384 | { |
4385 | struct if6_iter_state *state = seq->private; |
4386 | struct net *net = seq_file_net(seq); |
4387 | |
4388 | hlist_for_each_entry_continue_rcu(ifa, addr_lst) { |
4389 | state->offset++; |
4390 | return ifa; |
4391 | } |
4392 | |
4393 | state->offset = 0; |
4394 | while (++state->bucket < IN6_ADDR_HSIZE) { |
4395 | hlist_for_each_entry_rcu(ifa, |
4396 | &net->ipv6.inet6_addr_lst[state->bucket], addr_lst) { |
4397 | return ifa; |
4398 | } |
4399 | } |
4400 | |
4401 | return NULL; |
4402 | } |
4403 | |
4404 | static void *if6_seq_start(struct seq_file *seq, loff_t *pos) |
4405 | __acquires(rcu) |
4406 | { |
4407 | rcu_read_lock(); |
4408 | return if6_get_first(seq, pos: *pos); |
4409 | } |
4410 | |
4411 | static void *if6_seq_next(struct seq_file *seq, void *v, loff_t *pos) |
4412 | { |
4413 | struct inet6_ifaddr *ifa; |
4414 | |
4415 | ifa = if6_get_next(seq, ifa: v); |
4416 | ++*pos; |
4417 | return ifa; |
4418 | } |
4419 | |
4420 | static void if6_seq_stop(struct seq_file *seq, void *v) |
4421 | __releases(rcu) |
4422 | { |
4423 | rcu_read_unlock(); |
4424 | } |
4425 | |
4426 | static int if6_seq_show(struct seq_file *seq, void *v) |
4427 | { |
4428 | struct inet6_ifaddr *ifp = (struct inet6_ifaddr *)v; |
4429 | seq_printf(m: seq, fmt: "%pi6 %02x %02x %02x %02x %8s\n" , |
4430 | &ifp->addr, |
4431 | ifp->idev->dev->ifindex, |
4432 | ifp->prefix_len, |
4433 | ifp->scope, |
4434 | (u8) ifp->flags, |
4435 | ifp->idev->dev->name); |
4436 | return 0; |
4437 | } |
4438 | |
4439 | static const struct seq_operations if6_seq_ops = { |
4440 | .start = if6_seq_start, |
4441 | .next = if6_seq_next, |
4442 | .show = if6_seq_show, |
4443 | .stop = if6_seq_stop, |
4444 | }; |
4445 | |
4446 | static int __net_init if6_proc_net_init(struct net *net) |
4447 | { |
4448 | if (!proc_create_net("if_inet6" , 0444, net->proc_net, &if6_seq_ops, |
4449 | sizeof(struct if6_iter_state))) |
4450 | return -ENOMEM; |
4451 | return 0; |
4452 | } |
4453 | |
4454 | static void __net_exit if6_proc_net_exit(struct net *net) |
4455 | { |
4456 | remove_proc_entry("if_inet6" , net->proc_net); |
4457 | } |
4458 | |
4459 | static struct pernet_operations if6_proc_net_ops = { |
4460 | .init = if6_proc_net_init, |
4461 | .exit = if6_proc_net_exit, |
4462 | }; |
4463 | |
4464 | int __init if6_proc_init(void) |
4465 | { |
4466 | return register_pernet_subsys(&if6_proc_net_ops); |
4467 | } |
4468 | |
4469 | void if6_proc_exit(void) |
4470 | { |
4471 | unregister_pernet_subsys(&if6_proc_net_ops); |
4472 | } |
4473 | #endif /* CONFIG_PROC_FS */ |
4474 | |
4475 | #if IS_ENABLED(CONFIG_IPV6_MIP6) |
4476 | /* Check if address is a home address configured on any interface. */ |
4477 | int ipv6_chk_home_addr(struct net *net, const struct in6_addr *addr) |
4478 | { |
4479 | unsigned int hash = inet6_addr_hash(net, addr); |
4480 | struct inet6_ifaddr *ifp = NULL; |
4481 | int ret = 0; |
4482 | |
4483 | rcu_read_lock(); |
4484 | hlist_for_each_entry_rcu(ifp, &net->ipv6.inet6_addr_lst[hash], addr_lst) { |
4485 | if (ipv6_addr_equal(a1: &ifp->addr, a2: addr) && |
4486 | (ifp->flags & IFA_F_HOMEADDRESS)) { |
4487 | ret = 1; |
4488 | break; |
4489 | } |
4490 | } |
4491 | rcu_read_unlock(); |
4492 | return ret; |
4493 | } |
4494 | #endif |
4495 | |
4496 | /* RFC6554 has some algorithm to avoid loops in segment routing by |
4497 | * checking if the segments contains any of a local interface address. |
4498 | * |
4499 | * Quote: |
4500 | * |
4501 | * To detect loops in the SRH, a router MUST determine if the SRH |
4502 | * includes multiple addresses assigned to any interface on that router. |
4503 | * If such addresses appear more than once and are separated by at least |
4504 | * one address not assigned to that router. |
4505 | */ |
4506 | int ipv6_chk_rpl_srh_loop(struct net *net, const struct in6_addr *segs, |
4507 | unsigned char nsegs) |
4508 | { |
4509 | const struct in6_addr *addr; |
4510 | int i, ret = 0, found = 0; |
4511 | struct inet6_ifaddr *ifp; |
4512 | bool separated = false; |
4513 | unsigned int hash; |
4514 | bool hash_found; |
4515 | |
4516 | rcu_read_lock(); |
4517 | for (i = 0; i < nsegs; i++) { |
4518 | addr = &segs[i]; |
4519 | hash = inet6_addr_hash(net, addr); |
4520 | |
4521 | hash_found = false; |
4522 | hlist_for_each_entry_rcu(ifp, &net->ipv6.inet6_addr_lst[hash], addr_lst) { |
4523 | |
4524 | if (ipv6_addr_equal(a1: &ifp->addr, a2: addr)) { |
4525 | hash_found = true; |
4526 | break; |
4527 | } |
4528 | } |
4529 | |
4530 | if (hash_found) { |
4531 | if (found > 1 && separated) { |
4532 | ret = 1; |
4533 | break; |
4534 | } |
4535 | |
4536 | separated = false; |
4537 | found++; |
4538 | } else { |
4539 | separated = true; |
4540 | } |
4541 | } |
4542 | rcu_read_unlock(); |
4543 | |
4544 | return ret; |
4545 | } |
4546 | |
4547 | /* |
4548 | * Periodic address status verification |
4549 | */ |
4550 | |
4551 | static void addrconf_verify_rtnl(struct net *net) |
4552 | { |
4553 | unsigned long now, next, next_sec, next_sched; |
4554 | struct inet6_ifaddr *ifp; |
4555 | int i; |
4556 | |
4557 | ASSERT_RTNL(); |
4558 | |
4559 | rcu_read_lock_bh(); |
4560 | now = jiffies; |
4561 | next = round_jiffies_up(j: now + ADDR_CHECK_FREQUENCY); |
4562 | |
4563 | cancel_delayed_work(dwork: &net->ipv6.addr_chk_work); |
4564 | |
4565 | for (i = 0; i < IN6_ADDR_HSIZE; i++) { |
4566 | restart: |
4567 | hlist_for_each_entry_rcu_bh(ifp, &net->ipv6.inet6_addr_lst[i], addr_lst) { |
4568 | unsigned long age; |
4569 | |
4570 | /* When setting preferred_lft to a value not zero or |
4571 | * infinity, while valid_lft is infinity |
4572 | * IFA_F_PERMANENT has a non-infinity life time. |
4573 | */ |
4574 | if ((ifp->flags & IFA_F_PERMANENT) && |
4575 | (ifp->prefered_lft == INFINITY_LIFE_TIME)) |
4576 | continue; |
4577 | |
4578 | spin_lock(lock: &ifp->lock); |
4579 | /* We try to batch several events at once. */ |
4580 | age = (now - ifp->tstamp + ADDRCONF_TIMER_FUZZ_MINUS) / HZ; |
4581 | |
4582 | if ((ifp->flags&IFA_F_TEMPORARY) && |
4583 | !(ifp->flags&IFA_F_TENTATIVE) && |
4584 | ifp->prefered_lft != INFINITY_LIFE_TIME && |
4585 | !ifp->regen_count && ifp->ifpub) { |
4586 | /* This is a non-regenerated temporary addr. */ |
4587 | |
4588 | unsigned long regen_advance = ifp->idev->cnf.regen_max_retry * |
4589 | ifp->idev->cnf.dad_transmits * |
4590 | max(NEIGH_VAR(ifp->idev->nd_parms, RETRANS_TIME), HZ/100) / HZ; |
4591 | |
4592 | if (age + regen_advance >= ifp->prefered_lft) { |
4593 | struct inet6_ifaddr *ifpub = ifp->ifpub; |
4594 | if (time_before(ifp->tstamp + ifp->prefered_lft * HZ, next)) |
4595 | next = ifp->tstamp + ifp->prefered_lft * HZ; |
4596 | |
4597 | ifp->regen_count++; |
4598 | in6_ifa_hold(ifp); |
4599 | in6_ifa_hold(ifp: ifpub); |
4600 | spin_unlock(lock: &ifp->lock); |
4601 | |
4602 | spin_lock(lock: &ifpub->lock); |
4603 | ifpub->regen_count = 0; |
4604 | spin_unlock(lock: &ifpub->lock); |
4605 | rcu_read_unlock_bh(); |
4606 | ipv6_create_tempaddr(ifp: ifpub, block: true); |
4607 | in6_ifa_put(ifp: ifpub); |
4608 | in6_ifa_put(ifp); |
4609 | rcu_read_lock_bh(); |
4610 | goto restart; |
4611 | } else if (time_before(ifp->tstamp + ifp->prefered_lft * HZ - regen_advance * HZ, next)) |
4612 | next = ifp->tstamp + ifp->prefered_lft * HZ - regen_advance * HZ; |
4613 | } |
4614 | |
4615 | if (ifp->valid_lft != INFINITY_LIFE_TIME && |
4616 | age >= ifp->valid_lft) { |
4617 | spin_unlock(lock: &ifp->lock); |
4618 | in6_ifa_hold(ifp); |
4619 | rcu_read_unlock_bh(); |
4620 | ipv6_del_addr(ifp); |
4621 | rcu_read_lock_bh(); |
4622 | goto restart; |
4623 | } else if (ifp->prefered_lft == INFINITY_LIFE_TIME) { |
4624 | spin_unlock(lock: &ifp->lock); |
4625 | continue; |
4626 | } else if (age >= ifp->prefered_lft) { |
4627 | /* jiffies - ifp->tstamp > age >= ifp->prefered_lft */ |
4628 | int deprecate = 0; |
4629 | |
4630 | if (!(ifp->flags&IFA_F_DEPRECATED)) { |
4631 | deprecate = 1; |
4632 | ifp->flags |= IFA_F_DEPRECATED; |
4633 | } |
4634 | |
4635 | if ((ifp->valid_lft != INFINITY_LIFE_TIME) && |
4636 | (time_before(ifp->tstamp + ifp->valid_lft * HZ, next))) |
4637 | next = ifp->tstamp + ifp->valid_lft * HZ; |
4638 | |
4639 | spin_unlock(lock: &ifp->lock); |
4640 | |
4641 | if (deprecate) { |
4642 | in6_ifa_hold(ifp); |
4643 | |
4644 | ipv6_ifa_notify(event: 0, ifa: ifp); |
4645 | in6_ifa_put(ifp); |
4646 | goto restart; |
4647 | } |
4648 | } else { |
4649 | /* ifp->prefered_lft <= ifp->valid_lft */ |
4650 | if (time_before(ifp->tstamp + ifp->prefered_lft * HZ, next)) |
4651 | next = ifp->tstamp + ifp->prefered_lft * HZ; |
4652 | spin_unlock(lock: &ifp->lock); |
4653 | } |
4654 | } |
4655 | } |
4656 | |
4657 | next_sec = round_jiffies_up(j: next); |
4658 | next_sched = next; |
4659 | |
4660 | /* If rounded timeout is accurate enough, accept it. */ |
4661 | if (time_before(next_sec, next + ADDRCONF_TIMER_FUZZ)) |
4662 | next_sched = next_sec; |
4663 | |
4664 | /* And minimum interval is ADDRCONF_TIMER_FUZZ_MAX. */ |
4665 | if (time_before(next_sched, jiffies + ADDRCONF_TIMER_FUZZ_MAX)) |
4666 | next_sched = jiffies + ADDRCONF_TIMER_FUZZ_MAX; |
4667 | |
4668 | pr_debug("now = %lu, schedule = %lu, rounded schedule = %lu => %lu\n" , |
4669 | now, next, next_sec, next_sched); |
4670 | mod_delayed_work(wq: addrconf_wq, dwork: &net->ipv6.addr_chk_work, delay: next_sched - now); |
4671 | rcu_read_unlock_bh(); |
4672 | } |
4673 | |
4674 | static void addrconf_verify_work(struct work_struct *w) |
4675 | { |
4676 | struct net *net = container_of(to_delayed_work(w), struct net, |
4677 | ipv6.addr_chk_work); |
4678 | |
4679 | rtnl_lock(); |
4680 | addrconf_verify_rtnl(net); |
4681 | rtnl_unlock(); |
4682 | } |
4683 | |
4684 | static void addrconf_verify(struct net *net) |
4685 | { |
4686 | mod_delayed_work(wq: addrconf_wq, dwork: &net->ipv6.addr_chk_work, delay: 0); |
4687 | } |
4688 | |
4689 | static struct in6_addr *(struct nlattr *addr, struct nlattr *local, |
4690 | struct in6_addr **peer_pfx) |
4691 | { |
4692 | struct in6_addr *pfx = NULL; |
4693 | |
4694 | *peer_pfx = NULL; |
4695 | |
4696 | if (addr) |
4697 | pfx = nla_data(nla: addr); |
4698 | |
4699 | if (local) { |
4700 | if (pfx && nla_memcmp(nla: local, data: pfx, size: sizeof(*pfx))) |
4701 | *peer_pfx = pfx; |
4702 | pfx = nla_data(nla: local); |
4703 | } |
4704 | |
4705 | return pfx; |
4706 | } |
4707 | |
4708 | static const struct nla_policy ifa_ipv6_policy[IFA_MAX+1] = { |
4709 | [IFA_ADDRESS] = { .len = sizeof(struct in6_addr) }, |
4710 | [IFA_LOCAL] = { .len = sizeof(struct in6_addr) }, |
4711 | [IFA_CACHEINFO] = { .len = sizeof(struct ifa_cacheinfo) }, |
4712 | [IFA_FLAGS] = { .len = sizeof(u32) }, |
4713 | [IFA_RT_PRIORITY] = { .len = sizeof(u32) }, |
4714 | [IFA_TARGET_NETNSID] = { .type = NLA_S32 }, |
4715 | [IFA_PROTO] = { .type = NLA_U8 }, |
4716 | }; |
4717 | |
4718 | static int |
4719 | inet6_rtm_deladdr(struct sk_buff *skb, struct nlmsghdr *nlh, |
4720 | struct netlink_ext_ack *extack) |
4721 | { |
4722 | struct net *net = sock_net(sk: skb->sk); |
4723 | struct ifaddrmsg *ifm; |
4724 | struct nlattr *tb[IFA_MAX+1]; |
4725 | struct in6_addr *pfx, *peer_pfx; |
4726 | u32 ifa_flags; |
4727 | int err; |
4728 | |
4729 | err = nlmsg_parse_deprecated(nlh, hdrlen: sizeof(*ifm), tb, IFA_MAX, |
4730 | policy: ifa_ipv6_policy, extack); |
4731 | if (err < 0) |
4732 | return err; |
4733 | |
4734 | ifm = nlmsg_data(nlh); |
4735 | pfx = extract_addr(addr: tb[IFA_ADDRESS], local: tb[IFA_LOCAL], peer_pfx: &peer_pfx); |
4736 | if (!pfx) |
4737 | return -EINVAL; |
4738 | |
4739 | ifa_flags = tb[IFA_FLAGS] ? nla_get_u32(nla: tb[IFA_FLAGS]) : ifm->ifa_flags; |
4740 | |
4741 | /* We ignore other flags so far. */ |
4742 | ifa_flags &= IFA_F_MANAGETEMPADDR; |
4743 | |
4744 | return inet6_addr_del(net, ifindex: ifm->ifa_index, ifa_flags, pfx, |
4745 | plen: ifm->ifa_prefixlen, extack); |
4746 | } |
4747 | |
4748 | static int modify_prefix_route(struct inet6_ifaddr *ifp, |
4749 | unsigned long expires, u32 flags, |
4750 | bool modify_peer) |
4751 | { |
4752 | struct fib6_info *f6i; |
4753 | u32 prio; |
4754 | |
4755 | f6i = addrconf_get_prefix_route(pfx: modify_peer ? &ifp->peer_addr : &ifp->addr, |
4756 | plen: ifp->prefix_len, |
4757 | dev: ifp->idev->dev, flags: 0, RTF_DEFAULT, no_gw: true); |
4758 | if (!f6i) |
4759 | return -ENOENT; |
4760 | |
4761 | prio = ifp->rt_priority ? : IP6_RT_PRIO_ADDRCONF; |
4762 | if (f6i->fib6_metric != prio) { |
4763 | /* delete old one */ |
4764 | ip6_del_rt(net: dev_net(dev: ifp->idev->dev), f6i, skip_notify: false); |
4765 | |
4766 | /* add new one */ |
4767 | addrconf_prefix_route(pfx: modify_peer ? &ifp->peer_addr : &ifp->addr, |
4768 | plen: ifp->prefix_len, |
4769 | metric: ifp->rt_priority, dev: ifp->idev->dev, |
4770 | expires, flags, GFP_KERNEL); |
4771 | } else { |
4772 | if (!expires) |
4773 | fib6_clean_expires(f6i); |
4774 | else |
4775 | fib6_set_expires(f6i, expires); |
4776 | |
4777 | fib6_info_release(f6i); |
4778 | } |
4779 | |
4780 | return 0; |
4781 | } |
4782 | |
4783 | static int inet6_addr_modify(struct net *net, struct inet6_ifaddr *ifp, |
4784 | struct ifa6_config *cfg) |
4785 | { |
4786 | u32 flags; |
4787 | clock_t expires; |
4788 | unsigned long timeout; |
4789 | bool was_managetempaddr; |
4790 | bool had_prefixroute; |
4791 | bool new_peer = false; |
4792 | |
4793 | ASSERT_RTNL(); |
4794 | |
4795 | if (!cfg->valid_lft || cfg->preferred_lft > cfg->valid_lft) |
4796 | return -EINVAL; |
4797 | |
4798 | if (cfg->ifa_flags & IFA_F_MANAGETEMPADDR && |
4799 | (ifp->flags & IFA_F_TEMPORARY || ifp->prefix_len != 64)) |
4800 | return -EINVAL; |
4801 | |
4802 | if (!(ifp->flags & IFA_F_TENTATIVE) || ifp->flags & IFA_F_DADFAILED) |
4803 | cfg->ifa_flags &= ~IFA_F_OPTIMISTIC; |
4804 | |
4805 | timeout = addrconf_timeout_fixup(timeout: cfg->valid_lft, HZ); |
4806 | if (addrconf_finite_timeout(timeout)) { |
4807 | expires = jiffies_to_clock_t(x: timeout * HZ); |
4808 | cfg->valid_lft = timeout; |
4809 | flags = RTF_EXPIRES; |
4810 | } else { |
4811 | expires = 0; |
4812 | flags = 0; |
4813 | cfg->ifa_flags |= IFA_F_PERMANENT; |
4814 | } |
4815 | |
4816 | timeout = addrconf_timeout_fixup(timeout: cfg->preferred_lft, HZ); |
4817 | if (addrconf_finite_timeout(timeout)) { |
4818 | if (timeout == 0) |
4819 | cfg->ifa_flags |= IFA_F_DEPRECATED; |
4820 | cfg->preferred_lft = timeout; |
4821 | } |
4822 | |
4823 | if (cfg->peer_pfx && |
4824 | memcmp(p: &ifp->peer_addr, q: cfg->peer_pfx, size: sizeof(struct in6_addr))) { |
4825 | if (!ipv6_addr_any(a: &ifp->peer_addr)) |
4826 | cleanup_prefix_route(ifp, expires, del_rt: true, del_peer: true); |
4827 | new_peer = true; |
4828 | } |
4829 | |
4830 | spin_lock_bh(lock: &ifp->lock); |
4831 | was_managetempaddr = ifp->flags & IFA_F_MANAGETEMPADDR; |
4832 | had_prefixroute = ifp->flags & IFA_F_PERMANENT && |
4833 | !(ifp->flags & IFA_F_NOPREFIXROUTE); |
4834 | ifp->flags &= ~(IFA_F_DEPRECATED | IFA_F_PERMANENT | IFA_F_NODAD | |
4835 | IFA_F_HOMEADDRESS | IFA_F_MANAGETEMPADDR | |
4836 | IFA_F_NOPREFIXROUTE); |
4837 | ifp->flags |= cfg->ifa_flags; |
4838 | ifp->tstamp = jiffies; |
4839 | ifp->valid_lft = cfg->valid_lft; |
4840 | ifp->prefered_lft = cfg->preferred_lft; |
4841 | ifp->ifa_proto = cfg->ifa_proto; |
4842 | |
4843 | if (cfg->rt_priority && cfg->rt_priority != ifp->rt_priority) |
4844 | ifp->rt_priority = cfg->rt_priority; |
4845 | |
4846 | if (new_peer) |
4847 | ifp->peer_addr = *cfg->peer_pfx; |
4848 | |
4849 | spin_unlock_bh(lock: &ifp->lock); |
4850 | if (!(ifp->flags&IFA_F_TENTATIVE)) |
4851 | ipv6_ifa_notify(event: 0, ifa: ifp); |
4852 | |
4853 | if (!(cfg->ifa_flags & IFA_F_NOPREFIXROUTE)) { |
4854 | int rc = -ENOENT; |
4855 | |
4856 | if (had_prefixroute) |
4857 | rc = modify_prefix_route(ifp, expires, flags, modify_peer: false); |
4858 | |
4859 | /* prefix route could have been deleted; if so restore it */ |
4860 | if (rc == -ENOENT) { |
4861 | addrconf_prefix_route(pfx: &ifp->addr, plen: ifp->prefix_len, |
4862 | metric: ifp->rt_priority, dev: ifp->idev->dev, |
4863 | expires, flags, GFP_KERNEL); |
4864 | } |
4865 | |
4866 | if (had_prefixroute && !ipv6_addr_any(a: &ifp->peer_addr)) |
4867 | rc = modify_prefix_route(ifp, expires, flags, modify_peer: true); |
4868 | |
4869 | if (rc == -ENOENT && !ipv6_addr_any(a: &ifp->peer_addr)) { |
4870 | addrconf_prefix_route(pfx: &ifp->peer_addr, plen: ifp->prefix_len, |
4871 | metric: ifp->rt_priority, dev: ifp->idev->dev, |
4872 | expires, flags, GFP_KERNEL); |
4873 | } |
4874 | } else if (had_prefixroute) { |
4875 | enum cleanup_prefix_rt_t action; |
4876 | unsigned long rt_expires; |
4877 | |
4878 | write_lock_bh(&ifp->idev->lock); |
4879 | action = check_cleanup_prefix_route(ifp, expires: &rt_expires); |
4880 | write_unlock_bh(&ifp->idev->lock); |
4881 | |
4882 | if (action != CLEANUP_PREFIX_RT_NOP) { |
4883 | cleanup_prefix_route(ifp, expires: rt_expires, |
4884 | del_rt: action == CLEANUP_PREFIX_RT_DEL, del_peer: false); |
4885 | } |
4886 | } |
4887 | |
4888 | if (was_managetempaddr || ifp->flags & IFA_F_MANAGETEMPADDR) { |
4889 | if (was_managetempaddr && |
4890 | !(ifp->flags & IFA_F_MANAGETEMPADDR)) { |
4891 | cfg->valid_lft = 0; |
4892 | cfg->preferred_lft = 0; |
4893 | } |
4894 | manage_tempaddrs(idev: ifp->idev, ifp, valid_lft: cfg->valid_lft, |
4895 | prefered_lft: cfg->preferred_lft, create: !was_managetempaddr, |
4896 | now: jiffies); |
4897 | } |
4898 | |
4899 | addrconf_verify_rtnl(net); |
4900 | |
4901 | return 0; |
4902 | } |
4903 | |
4904 | static int |
4905 | inet6_rtm_newaddr(struct sk_buff *skb, struct nlmsghdr *nlh, |
4906 | struct netlink_ext_ack *extack) |
4907 | { |
4908 | struct net *net = sock_net(sk: skb->sk); |
4909 | struct ifaddrmsg *ifm; |
4910 | struct nlattr *tb[IFA_MAX+1]; |
4911 | struct in6_addr *peer_pfx; |
4912 | struct inet6_ifaddr *ifa; |
4913 | struct net_device *dev; |
4914 | struct inet6_dev *idev; |
4915 | struct ifa6_config cfg; |
4916 | int err; |
4917 | |
4918 | err = nlmsg_parse_deprecated(nlh, hdrlen: sizeof(*ifm), tb, IFA_MAX, |
4919 | policy: ifa_ipv6_policy, extack); |
4920 | if (err < 0) |
4921 | return err; |
4922 | |
4923 | memset(&cfg, 0, sizeof(cfg)); |
4924 | |
4925 | ifm = nlmsg_data(nlh); |
4926 | cfg.pfx = extract_addr(addr: tb[IFA_ADDRESS], local: tb[IFA_LOCAL], peer_pfx: &peer_pfx); |
4927 | if (!cfg.pfx) |
4928 | return -EINVAL; |
4929 | |
4930 | cfg.peer_pfx = peer_pfx; |
4931 | cfg.plen = ifm->ifa_prefixlen; |
4932 | if (tb[IFA_RT_PRIORITY]) |
4933 | cfg.rt_priority = nla_get_u32(nla: tb[IFA_RT_PRIORITY]); |
4934 | |
4935 | if (tb[IFA_PROTO]) |
4936 | cfg.ifa_proto = nla_get_u8(nla: tb[IFA_PROTO]); |
4937 | |
4938 | cfg.valid_lft = INFINITY_LIFE_TIME; |
4939 | cfg.preferred_lft = INFINITY_LIFE_TIME; |
4940 | |
4941 | if (tb[IFA_CACHEINFO]) { |
4942 | struct ifa_cacheinfo *ci; |
4943 | |
4944 | ci = nla_data(nla: tb[IFA_CACHEINFO]); |
4945 | cfg.valid_lft = ci->ifa_valid; |
4946 | cfg.preferred_lft = ci->ifa_prefered; |
4947 | } |
4948 | |
4949 | dev = __dev_get_by_index(net, ifindex: ifm->ifa_index); |
4950 | if (!dev) { |
4951 | NL_SET_ERR_MSG_MOD(extack, "Unable to find the interface" ); |
4952 | return -ENODEV; |
4953 | } |
4954 | |
4955 | if (tb[IFA_FLAGS]) |
4956 | cfg.ifa_flags = nla_get_u32(nla: tb[IFA_FLAGS]); |
4957 | else |
4958 | cfg.ifa_flags = ifm->ifa_flags; |
4959 | |
4960 | /* We ignore other flags so far. */ |
4961 | cfg.ifa_flags &= IFA_F_NODAD | IFA_F_HOMEADDRESS | |
4962 | IFA_F_MANAGETEMPADDR | IFA_F_NOPREFIXROUTE | |
4963 | IFA_F_MCAUTOJOIN | IFA_F_OPTIMISTIC; |
4964 | |
4965 | idev = ipv6_find_idev(dev); |
4966 | if (IS_ERR(ptr: idev)) |
4967 | return PTR_ERR(ptr: idev); |
4968 | |
4969 | if (!ipv6_allow_optimistic_dad(net, idev)) |
4970 | cfg.ifa_flags &= ~IFA_F_OPTIMISTIC; |
4971 | |
4972 | if (cfg.ifa_flags & IFA_F_NODAD && |
4973 | cfg.ifa_flags & IFA_F_OPTIMISTIC) { |
4974 | NL_SET_ERR_MSG(extack, "IFA_F_NODAD and IFA_F_OPTIMISTIC are mutually exclusive" ); |
4975 | return -EINVAL; |
4976 | } |
4977 | |
4978 | ifa = ipv6_get_ifaddr(net, addr: cfg.pfx, dev, strict: 1); |
4979 | if (!ifa) { |
4980 | /* |
4981 | * It would be best to check for !NLM_F_CREATE here but |
4982 | * userspace already relies on not having to provide this. |
4983 | */ |
4984 | return inet6_addr_add(net, ifindex: ifm->ifa_index, cfg: &cfg, extack); |
4985 | } |
4986 | |
4987 | if (nlh->nlmsg_flags & NLM_F_EXCL || |
4988 | !(nlh->nlmsg_flags & NLM_F_REPLACE)) { |
4989 | NL_SET_ERR_MSG_MOD(extack, "address already assigned" ); |
4990 | err = -EEXIST; |
4991 | } else { |
4992 | err = inet6_addr_modify(net, ifp: ifa, cfg: &cfg); |
4993 | } |
4994 | |
4995 | in6_ifa_put(ifp: ifa); |
4996 | |
4997 | return err; |
4998 | } |
4999 | |
5000 | static void put_ifaddrmsg(struct nlmsghdr *nlh, u8 prefixlen, u32 flags, |
5001 | u8 scope, int ifindex) |
5002 | { |
5003 | struct ifaddrmsg *ifm; |
5004 | |
5005 | ifm = nlmsg_data(nlh); |
5006 | ifm->ifa_family = AF_INET6; |
5007 | ifm->ifa_prefixlen = prefixlen; |
5008 | ifm->ifa_flags = flags; |
5009 | ifm->ifa_scope = scope; |
5010 | ifm->ifa_index = ifindex; |
5011 | } |
5012 | |
5013 | static int put_cacheinfo(struct sk_buff *skb, unsigned long cstamp, |
5014 | unsigned long tstamp, u32 preferred, u32 valid) |
5015 | { |
5016 | struct ifa_cacheinfo ci; |
5017 | |
5018 | ci.cstamp = cstamp_delta(cstamp); |
5019 | ci.tstamp = cstamp_delta(cstamp: tstamp); |
5020 | ci.ifa_prefered = preferred; |
5021 | ci.ifa_valid = valid; |
5022 | |
5023 | return nla_put(skb, attrtype: IFA_CACHEINFO, attrlen: sizeof(ci), data: &ci); |
5024 | } |
5025 | |
5026 | static inline int rt_scope(int ifa_scope) |
5027 | { |
5028 | if (ifa_scope & IFA_HOST) |
5029 | return RT_SCOPE_HOST; |
5030 | else if (ifa_scope & IFA_LINK) |
5031 | return RT_SCOPE_LINK; |
5032 | else if (ifa_scope & IFA_SITE) |
5033 | return RT_SCOPE_SITE; |
5034 | else |
5035 | return RT_SCOPE_UNIVERSE; |
5036 | } |
5037 | |
5038 | static inline int inet6_ifaddr_msgsize(void) |
5039 | { |
5040 | return NLMSG_ALIGN(sizeof(struct ifaddrmsg)) |
5041 | + nla_total_size(payload: 16) /* IFA_LOCAL */ |
5042 | + nla_total_size(payload: 16) /* IFA_ADDRESS */ |
5043 | + nla_total_size(payload: sizeof(struct ifa_cacheinfo)) |
5044 | + nla_total_size(payload: 4) /* IFA_FLAGS */ |
5045 | + nla_total_size(payload: 1) /* IFA_PROTO */ |
5046 | + nla_total_size(payload: 4) /* IFA_RT_PRIORITY */; |
5047 | } |
5048 | |
5049 | enum addr_type_t { |
5050 | UNICAST_ADDR, |
5051 | MULTICAST_ADDR, |
5052 | ANYCAST_ADDR, |
5053 | }; |
5054 | |
5055 | struct inet6_fill_args { |
5056 | u32 portid; |
5057 | u32 seq; |
5058 | int event; |
5059 | unsigned int flags; |
5060 | int netnsid; |
5061 | int ifindex; |
5062 | enum addr_type_t type; |
5063 | }; |
5064 | |
5065 | static int inet6_fill_ifaddr(struct sk_buff *skb, struct inet6_ifaddr *ifa, |
5066 | struct inet6_fill_args *args) |
5067 | { |
5068 | struct nlmsghdr *nlh; |
5069 | u32 preferred, valid; |
5070 | |
5071 | nlh = nlmsg_put(skb, portid: args->portid, seq: args->seq, type: args->event, |
5072 | payload: sizeof(struct ifaddrmsg), flags: args->flags); |
5073 | if (!nlh) |
5074 | return -EMSGSIZE; |
5075 | |
5076 | put_ifaddrmsg(nlh, prefixlen: ifa->prefix_len, flags: ifa->flags, scope: rt_scope(ifa_scope: ifa->scope), |
5077 | ifindex: ifa->idev->dev->ifindex); |
5078 | |
5079 | if (args->netnsid >= 0 && |
5080 | nla_put_s32(skb, attrtype: IFA_TARGET_NETNSID, value: args->netnsid)) |
5081 | goto error; |
5082 | |
5083 | spin_lock_bh(lock: &ifa->lock); |
5084 | if (!((ifa->flags&IFA_F_PERMANENT) && |
5085 | (ifa->prefered_lft == INFINITY_LIFE_TIME))) { |
5086 | preferred = ifa->prefered_lft; |
5087 | valid = ifa->valid_lft; |
5088 | if (preferred != INFINITY_LIFE_TIME) { |
5089 | long tval = (jiffies - ifa->tstamp)/HZ; |
5090 | if (preferred > tval) |
5091 | preferred -= tval; |
5092 | else |
5093 | preferred = 0; |
5094 | if (valid != INFINITY_LIFE_TIME) { |
5095 | if (valid > tval) |
5096 | valid -= tval; |
5097 | else |
5098 | valid = 0; |
5099 | } |
5100 | } |
5101 | } else { |
5102 | preferred = INFINITY_LIFE_TIME; |
5103 | valid = INFINITY_LIFE_TIME; |
5104 | } |
5105 | spin_unlock_bh(lock: &ifa->lock); |
5106 | |
5107 | if (!ipv6_addr_any(a: &ifa->peer_addr)) { |
5108 | if (nla_put_in6_addr(skb, attrtype: IFA_LOCAL, addr: &ifa->addr) < 0 || |
5109 | nla_put_in6_addr(skb, attrtype: IFA_ADDRESS, addr: &ifa->peer_addr) < 0) |
5110 | goto error; |
5111 | } else |
5112 | if (nla_put_in6_addr(skb, attrtype: IFA_ADDRESS, addr: &ifa->addr) < 0) |
5113 | goto error; |
5114 | |
5115 | if (ifa->rt_priority && |
5116 | nla_put_u32(skb, attrtype: IFA_RT_PRIORITY, value: ifa->rt_priority)) |
5117 | goto error; |
5118 | |
5119 | if (put_cacheinfo(skb, cstamp: ifa->cstamp, tstamp: ifa->tstamp, preferred, valid) < 0) |
5120 | goto error; |
5121 | |
5122 | if (nla_put_u32(skb, attrtype: IFA_FLAGS, value: ifa->flags) < 0) |
5123 | goto error; |
5124 | |
5125 | if (ifa->ifa_proto && |
5126 | nla_put_u8(skb, attrtype: IFA_PROTO, value: ifa->ifa_proto)) |
5127 | goto error; |
5128 | |
5129 | nlmsg_end(skb, nlh); |
5130 | return 0; |
5131 | |
5132 | error: |
5133 | nlmsg_cancel(skb, nlh); |
5134 | return -EMSGSIZE; |
5135 | } |
5136 | |
5137 | static int inet6_fill_ifmcaddr(struct sk_buff *skb, struct ifmcaddr6 *ifmca, |
5138 | struct inet6_fill_args *args) |
5139 | { |
5140 | struct nlmsghdr *nlh; |
5141 | u8 scope = RT_SCOPE_UNIVERSE; |
5142 | int ifindex = ifmca->idev->dev->ifindex; |
5143 | |
5144 | if (ipv6_addr_scope(addr: &ifmca->mca_addr) & IFA_SITE) |
5145 | scope = RT_SCOPE_SITE; |
5146 | |
5147 | nlh = nlmsg_put(skb, portid: args->portid, seq: args->seq, type: args->event, |
5148 | payload: sizeof(struct ifaddrmsg), flags: args->flags); |
5149 | if (!nlh) |
5150 | return -EMSGSIZE; |
5151 | |
5152 | if (args->netnsid >= 0 && |
5153 | nla_put_s32(skb, attrtype: IFA_TARGET_NETNSID, value: args->netnsid)) { |
5154 | nlmsg_cancel(skb, nlh); |
5155 | return -EMSGSIZE; |
5156 | } |
5157 | |
5158 | put_ifaddrmsg(nlh, prefixlen: 128, IFA_F_PERMANENT, scope, ifindex); |
5159 | if (nla_put_in6_addr(skb, attrtype: IFA_MULTICAST, addr: &ifmca->mca_addr) < 0 || |
5160 | put_cacheinfo(skb, cstamp: ifmca->mca_cstamp, tstamp: ifmca->mca_tstamp, |
5161 | INFINITY_LIFE_TIME, INFINITY_LIFE_TIME) < 0) { |
5162 | nlmsg_cancel(skb, nlh); |
5163 | return -EMSGSIZE; |
5164 | } |
5165 | |
5166 | nlmsg_end(skb, nlh); |
5167 | return 0; |
5168 | } |
5169 | |
5170 | static int inet6_fill_ifacaddr(struct sk_buff *skb, struct ifacaddr6 *ifaca, |
5171 | struct inet6_fill_args *args) |
5172 | { |
5173 | struct net_device *dev = fib6_info_nh_dev(f6i: ifaca->aca_rt); |
5174 | int ifindex = dev ? dev->ifindex : 1; |
5175 | struct nlmsghdr *nlh; |
5176 | u8 scope = RT_SCOPE_UNIVERSE; |
5177 | |
5178 | if (ipv6_addr_scope(addr: &ifaca->aca_addr) & IFA_SITE) |
5179 | scope = RT_SCOPE_SITE; |
5180 | |
5181 | nlh = nlmsg_put(skb, portid: args->portid, seq: args->seq, type: args->event, |
5182 | payload: sizeof(struct ifaddrmsg), flags: args->flags); |
5183 | if (!nlh) |
5184 | return -EMSGSIZE; |
5185 | |
5186 | if (args->netnsid >= 0 && |
5187 | nla_put_s32(skb, attrtype: IFA_TARGET_NETNSID, value: args->netnsid)) { |
5188 | nlmsg_cancel(skb, nlh); |
5189 | return -EMSGSIZE; |
5190 | } |
5191 | |
5192 | put_ifaddrmsg(nlh, prefixlen: 128, IFA_F_PERMANENT, scope, ifindex); |
5193 | if (nla_put_in6_addr(skb, attrtype: IFA_ANYCAST, addr: &ifaca->aca_addr) < 0 || |
5194 | put_cacheinfo(skb, cstamp: ifaca->aca_cstamp, tstamp: ifaca->aca_tstamp, |
5195 | INFINITY_LIFE_TIME, INFINITY_LIFE_TIME) < 0) { |
5196 | nlmsg_cancel(skb, nlh); |
5197 | return -EMSGSIZE; |
5198 | } |
5199 | |
5200 | nlmsg_end(skb, nlh); |
5201 | return 0; |
5202 | } |
5203 | |
5204 | /* called with rcu_read_lock() */ |
5205 | static int in6_dump_addrs(struct inet6_dev *idev, struct sk_buff *skb, |
5206 | struct netlink_callback *cb, int s_ip_idx, |
5207 | struct inet6_fill_args *fillargs) |
5208 | { |
5209 | struct ifmcaddr6 *ifmca; |
5210 | struct ifacaddr6 *ifaca; |
5211 | int ip_idx = 0; |
5212 | int err = 1; |
5213 | |
5214 | read_lock_bh(&idev->lock); |
5215 | switch (fillargs->type) { |
5216 | case UNICAST_ADDR: { |
5217 | struct inet6_ifaddr *ifa; |
5218 | fillargs->event = RTM_NEWADDR; |
5219 | |
5220 | /* unicast address incl. temp addr */ |
5221 | list_for_each_entry(ifa, &idev->addr_list, if_list) { |
5222 | if (ip_idx < s_ip_idx) |
5223 | goto next; |
5224 | err = inet6_fill_ifaddr(skb, ifa, args: fillargs); |
5225 | if (err < 0) |
5226 | break; |
5227 | nl_dump_check_consistent(cb, nlh: nlmsg_hdr(skb)); |
5228 | next: |
5229 | ip_idx++; |
5230 | } |
5231 | break; |
5232 | } |
5233 | case MULTICAST_ADDR: |
5234 | read_unlock_bh(&idev->lock); |
5235 | fillargs->event = RTM_GETMULTICAST; |
5236 | |
5237 | /* multicast address */ |
5238 | for (ifmca = rtnl_dereference(idev->mc_list); |
5239 | ifmca; |
5240 | ifmca = rtnl_dereference(ifmca->next), ip_idx++) { |
5241 | if (ip_idx < s_ip_idx) |
5242 | continue; |
5243 | err = inet6_fill_ifmcaddr(skb, ifmca, args: fillargs); |
5244 | if (err < 0) |
5245 | break; |
5246 | } |
5247 | read_lock_bh(&idev->lock); |
5248 | break; |
5249 | case ANYCAST_ADDR: |
5250 | fillargs->event = RTM_GETANYCAST; |
5251 | /* anycast address */ |
5252 | for (ifaca = idev->ac_list; ifaca; |
5253 | ifaca = ifaca->aca_next, ip_idx++) { |
5254 | if (ip_idx < s_ip_idx) |
5255 | continue; |
5256 | err = inet6_fill_ifacaddr(skb, ifaca, args: fillargs); |
5257 | if (err < 0) |
5258 | break; |
5259 | } |
5260 | break; |
5261 | default: |
5262 | break; |
5263 | } |
5264 | read_unlock_bh(&idev->lock); |
5265 | cb->args[2] = ip_idx; |
5266 | return err; |
5267 | } |
5268 | |
5269 | static int inet6_valid_dump_ifaddr_req(const struct nlmsghdr *nlh, |
5270 | struct inet6_fill_args *fillargs, |
5271 | struct net **tgt_net, struct sock *sk, |
5272 | struct netlink_callback *cb) |
5273 | { |
5274 | struct netlink_ext_ack *extack = cb->extack; |
5275 | struct nlattr *tb[IFA_MAX+1]; |
5276 | struct ifaddrmsg *ifm; |
5277 | int err, i; |
5278 | |
5279 | if (nlh->nlmsg_len < nlmsg_msg_size(payload: sizeof(*ifm))) { |
5280 | NL_SET_ERR_MSG_MOD(extack, "Invalid header for address dump request" ); |
5281 | return -EINVAL; |
5282 | } |
5283 | |
5284 | ifm = nlmsg_data(nlh); |
5285 | if (ifm->ifa_prefixlen || ifm->ifa_flags || ifm->ifa_scope) { |
5286 | NL_SET_ERR_MSG_MOD(extack, "Invalid values in header for address dump request" ); |
5287 | return -EINVAL; |
5288 | } |
5289 | |
5290 | fillargs->ifindex = ifm->ifa_index; |
5291 | if (fillargs->ifindex) { |
5292 | cb->answer_flags |= NLM_F_DUMP_FILTERED; |
5293 | fillargs->flags |= NLM_F_DUMP_FILTERED; |
5294 | } |
5295 | |
5296 | err = nlmsg_parse_deprecated_strict(nlh, hdrlen: sizeof(*ifm), tb, IFA_MAX, |
5297 | policy: ifa_ipv6_policy, extack); |
5298 | if (err < 0) |
5299 | return err; |
5300 | |
5301 | for (i = 0; i <= IFA_MAX; ++i) { |
5302 | if (!tb[i]) |
5303 | continue; |
5304 | |
5305 | if (i == IFA_TARGET_NETNSID) { |
5306 | struct net *net; |
5307 | |
5308 | fillargs->netnsid = nla_get_s32(nla: tb[i]); |
5309 | net = rtnl_get_net_ns_capable(sk, netnsid: fillargs->netnsid); |
5310 | if (IS_ERR(ptr: net)) { |
5311 | fillargs->netnsid = -1; |
5312 | NL_SET_ERR_MSG_MOD(extack, "Invalid target network namespace id" ); |
5313 | return PTR_ERR(ptr: net); |
5314 | } |
5315 | *tgt_net = net; |
5316 | } else { |
5317 | NL_SET_ERR_MSG_MOD(extack, "Unsupported attribute in dump request" ); |
5318 | return -EINVAL; |
5319 | } |
5320 | } |
5321 | |
5322 | return 0; |
5323 | } |
5324 | |
5325 | static int inet6_dump_addr(struct sk_buff *skb, struct netlink_callback *cb, |
5326 | enum addr_type_t type) |
5327 | { |
5328 | const struct nlmsghdr *nlh = cb->nlh; |
5329 | struct inet6_fill_args fillargs = { |
5330 | .portid = NETLINK_CB(cb->skb).portid, |
5331 | .seq = cb->nlh->nlmsg_seq, |
5332 | .flags = NLM_F_MULTI, |
5333 | .netnsid = -1, |
5334 | .type = type, |
5335 | }; |
5336 | struct net *tgt_net = sock_net(sk: skb->sk); |
5337 | int idx, s_idx, s_ip_idx; |
5338 | int h, s_h; |
5339 | struct net_device *dev; |
5340 | struct inet6_dev *idev; |
5341 | struct hlist_head *head; |
5342 | int err = 0; |
5343 | |
5344 | s_h = cb->args[0]; |
5345 | s_idx = idx = cb->args[1]; |
5346 | s_ip_idx = cb->args[2]; |
5347 | |
5348 | if (cb->strict_check) { |
5349 | err = inet6_valid_dump_ifaddr_req(nlh, fillargs: &fillargs, tgt_net: &tgt_net, |
5350 | sk: skb->sk, cb); |
5351 | if (err < 0) |
5352 | goto put_tgt_net; |
5353 | |
5354 | err = 0; |
5355 | if (fillargs.ifindex) { |
5356 | dev = __dev_get_by_index(net: tgt_net, ifindex: fillargs.ifindex); |
5357 | if (!dev) { |
5358 | err = -ENODEV; |
5359 | goto put_tgt_net; |
5360 | } |
5361 | idev = __in6_dev_get(dev); |
5362 | if (idev) { |
5363 | err = in6_dump_addrs(idev, skb, cb, s_ip_idx, |
5364 | fillargs: &fillargs); |
5365 | if (err > 0) |
5366 | err = 0; |
5367 | } |
5368 | goto put_tgt_net; |
5369 | } |
5370 | } |
5371 | |
5372 | rcu_read_lock(); |
5373 | cb->seq = atomic_read(v: &tgt_net->ipv6.dev_addr_genid) ^ tgt_net->dev_base_seq; |
5374 | for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) { |
5375 | idx = 0; |
5376 | head = &tgt_net->dev_index_head[h]; |
5377 | hlist_for_each_entry_rcu(dev, head, index_hlist) { |
5378 | if (idx < s_idx) |
5379 | goto cont; |
5380 | if (h > s_h || idx > s_idx) |
5381 | s_ip_idx = 0; |
5382 | idev = __in6_dev_get(dev); |
5383 | if (!idev) |
5384 | goto cont; |
5385 | |
5386 | if (in6_dump_addrs(idev, skb, cb, s_ip_idx, |
5387 | fillargs: &fillargs) < 0) |
5388 | goto done; |
5389 | cont: |
5390 | idx++; |
5391 | } |
5392 | } |
5393 | done: |
5394 | rcu_read_unlock(); |
5395 | cb->args[0] = h; |
5396 | cb->args[1] = idx; |
5397 | put_tgt_net: |
5398 | if (fillargs.netnsid >= 0) |
5399 | put_net(net: tgt_net); |
5400 | |
5401 | return skb->len ? : err; |
5402 | } |
5403 | |
5404 | static int inet6_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb) |
5405 | { |
5406 | enum addr_type_t type = UNICAST_ADDR; |
5407 | |
5408 | return inet6_dump_addr(skb, cb, type); |
5409 | } |
5410 | |
5411 | static int inet6_dump_ifmcaddr(struct sk_buff *skb, struct netlink_callback *cb) |
5412 | { |
5413 | enum addr_type_t type = MULTICAST_ADDR; |
5414 | |
5415 | return inet6_dump_addr(skb, cb, type); |
5416 | } |
5417 | |
5418 | |
5419 | static int inet6_dump_ifacaddr(struct sk_buff *skb, struct netlink_callback *cb) |
5420 | { |
5421 | enum addr_type_t type = ANYCAST_ADDR; |
5422 | |
5423 | return inet6_dump_addr(skb, cb, type); |
5424 | } |
5425 | |
5426 | static int inet6_rtm_valid_getaddr_req(struct sk_buff *skb, |
5427 | const struct nlmsghdr *nlh, |
5428 | struct nlattr **tb, |
5429 | struct netlink_ext_ack *extack) |
5430 | { |
5431 | struct ifaddrmsg *ifm; |
5432 | int i, err; |
5433 | |
5434 | if (nlh->nlmsg_len < nlmsg_msg_size(payload: sizeof(*ifm))) { |
5435 | NL_SET_ERR_MSG_MOD(extack, "Invalid header for get address request" ); |
5436 | return -EINVAL; |
5437 | } |
5438 | |
5439 | if (!netlink_strict_get_check(skb)) |
5440 | return nlmsg_parse_deprecated(nlh, hdrlen: sizeof(*ifm), tb, IFA_MAX, |
5441 | policy: ifa_ipv6_policy, extack); |
5442 | |
5443 | ifm = nlmsg_data(nlh); |
5444 | if (ifm->ifa_prefixlen || ifm->ifa_flags || ifm->ifa_scope) { |
5445 | NL_SET_ERR_MSG_MOD(extack, "Invalid values in header for get address request" ); |
5446 | return -EINVAL; |
5447 | } |
5448 | |
5449 | err = nlmsg_parse_deprecated_strict(nlh, hdrlen: sizeof(*ifm), tb, IFA_MAX, |
5450 | policy: ifa_ipv6_policy, extack); |
5451 | if (err) |
5452 | return err; |
5453 | |
5454 | for (i = 0; i <= IFA_MAX; i++) { |
5455 | if (!tb[i]) |
5456 | continue; |
5457 | |
5458 | switch (i) { |
5459 | case IFA_TARGET_NETNSID: |
5460 | case IFA_ADDRESS: |
5461 | case IFA_LOCAL: |
5462 | break; |
5463 | default: |
5464 | NL_SET_ERR_MSG_MOD(extack, "Unsupported attribute in get address request" ); |
5465 | return -EINVAL; |
5466 | } |
5467 | } |
5468 | |
5469 | return 0; |
5470 | } |
5471 | |
5472 | static int inet6_rtm_getaddr(struct sk_buff *in_skb, struct nlmsghdr *nlh, |
5473 | struct netlink_ext_ack *extack) |
5474 | { |
5475 | struct net *tgt_net = sock_net(sk: in_skb->sk); |
5476 | struct inet6_fill_args fillargs = { |
5477 | .portid = NETLINK_CB(in_skb).portid, |
5478 | .seq = nlh->nlmsg_seq, |
5479 | .event = RTM_NEWADDR, |
5480 | .flags = 0, |
5481 | .netnsid = -1, |
5482 | }; |
5483 | struct ifaddrmsg *ifm; |
5484 | struct nlattr *tb[IFA_MAX+1]; |
5485 | struct in6_addr *addr = NULL, *peer; |
5486 | struct net_device *dev = NULL; |
5487 | struct inet6_ifaddr *ifa; |
5488 | struct sk_buff *skb; |
5489 | int err; |
5490 | |
5491 | err = inet6_rtm_valid_getaddr_req(skb: in_skb, nlh, tb, extack); |
5492 | if (err < 0) |
5493 | return err; |
5494 | |
5495 | if (tb[IFA_TARGET_NETNSID]) { |
5496 | fillargs.netnsid = nla_get_s32(nla: tb[IFA_TARGET_NETNSID]); |
5497 | |
5498 | tgt_net = rtnl_get_net_ns_capable(NETLINK_CB(in_skb).sk, |
5499 | netnsid: fillargs.netnsid); |
5500 | if (IS_ERR(ptr: tgt_net)) |
5501 | return PTR_ERR(ptr: tgt_net); |
5502 | } |
5503 | |
5504 | addr = extract_addr(addr: tb[IFA_ADDRESS], local: tb[IFA_LOCAL], peer_pfx: &peer); |
5505 | if (!addr) |
5506 | return -EINVAL; |
5507 | |
5508 | ifm = nlmsg_data(nlh); |
5509 | if (ifm->ifa_index) |
5510 | dev = dev_get_by_index(net: tgt_net, ifindex: ifm->ifa_index); |
5511 | |
5512 | ifa = ipv6_get_ifaddr(net: tgt_net, addr, dev, strict: 1); |
5513 | if (!ifa) { |
5514 | err = -EADDRNOTAVAIL; |
5515 | goto errout; |
5516 | } |
5517 | |
5518 | skb = nlmsg_new(payload: inet6_ifaddr_msgsize(), GFP_KERNEL); |
5519 | if (!skb) { |
5520 | err = -ENOBUFS; |
5521 | goto errout_ifa; |
5522 | } |
5523 | |
5524 | err = inet6_fill_ifaddr(skb, ifa, args: &fillargs); |
5525 | if (err < 0) { |
5526 | /* -EMSGSIZE implies BUG in inet6_ifaddr_msgsize() */ |
5527 | WARN_ON(err == -EMSGSIZE); |
5528 | kfree_skb(skb); |
5529 | goto errout_ifa; |
5530 | } |
5531 | err = rtnl_unicast(skb, net: tgt_net, NETLINK_CB(in_skb).portid); |
5532 | errout_ifa: |
5533 | in6_ifa_put(ifp: ifa); |
5534 | errout: |
5535 | dev_put(dev); |
5536 | if (fillargs.netnsid >= 0) |
5537 | put_net(net: tgt_net); |
5538 | |
5539 | return err; |
5540 | } |
5541 | |
5542 | static void inet6_ifa_notify(int event, struct inet6_ifaddr *ifa) |
5543 | { |
5544 | struct sk_buff *skb; |
5545 | struct net *net = dev_net(dev: ifa->idev->dev); |
5546 | struct inet6_fill_args fillargs = { |
5547 | .portid = 0, |
5548 | .seq = 0, |
5549 | .event = event, |
5550 | .flags = 0, |
5551 | .netnsid = -1, |
5552 | }; |
5553 | int err = -ENOBUFS; |
5554 | |
5555 | skb = nlmsg_new(payload: inet6_ifaddr_msgsize(), GFP_ATOMIC); |
5556 | if (!skb) |
5557 | goto errout; |
5558 | |
5559 | err = inet6_fill_ifaddr(skb, ifa, args: &fillargs); |
5560 | if (err < 0) { |
5561 | /* -EMSGSIZE implies BUG in inet6_ifaddr_msgsize() */ |
5562 | WARN_ON(err == -EMSGSIZE); |
5563 | kfree_skb(skb); |
5564 | goto errout; |
5565 | } |
5566 | rtnl_notify(skb, net, pid: 0, RTNLGRP_IPV6_IFADDR, NULL, GFP_ATOMIC); |
5567 | return; |
5568 | errout: |
5569 | if (err < 0) |
5570 | rtnl_set_sk_err(net, RTNLGRP_IPV6_IFADDR, error: err); |
5571 | } |
5572 | |
5573 | static inline void ipv6_store_devconf(struct ipv6_devconf *cnf, |
5574 | __s32 *array, int bytes) |
5575 | { |
5576 | BUG_ON(bytes < (DEVCONF_MAX * 4)); |
5577 | |
5578 | memset(array, 0, bytes); |
5579 | array[DEVCONF_FORWARDING] = cnf->forwarding; |
5580 | array[DEVCONF_HOPLIMIT] = cnf->hop_limit; |
5581 | array[DEVCONF_MTU6] = cnf->mtu6; |
5582 | array[DEVCONF_ACCEPT_RA] = cnf->accept_ra; |
5583 | array[DEVCONF_ACCEPT_REDIRECTS] = cnf->accept_redirects; |
5584 | array[DEVCONF_AUTOCONF] = cnf->autoconf; |
5585 | array[DEVCONF_DAD_TRANSMITS] = cnf->dad_transmits; |
5586 | array[DEVCONF_RTR_SOLICITS] = cnf->rtr_solicits; |
5587 | array[DEVCONF_RTR_SOLICIT_INTERVAL] = |
5588 | jiffies_to_msecs(j: cnf->rtr_solicit_interval); |
5589 | array[DEVCONF_RTR_SOLICIT_MAX_INTERVAL] = |
5590 | jiffies_to_msecs(j: cnf->rtr_solicit_max_interval); |
5591 | array[DEVCONF_RTR_SOLICIT_DELAY] = |
5592 | jiffies_to_msecs(j: cnf->rtr_solicit_delay); |
5593 | array[DEVCONF_FORCE_MLD_VERSION] = cnf->force_mld_version; |
5594 | array[DEVCONF_MLDV1_UNSOLICITED_REPORT_INTERVAL] = |
5595 | jiffies_to_msecs(j: cnf->mldv1_unsolicited_report_interval); |
5596 | array[DEVCONF_MLDV2_UNSOLICITED_REPORT_INTERVAL] = |
5597 | jiffies_to_msecs(j: cnf->mldv2_unsolicited_report_interval); |
5598 | array[DEVCONF_USE_TEMPADDR] = cnf->use_tempaddr; |
5599 | array[DEVCONF_TEMP_VALID_LFT] = cnf->temp_valid_lft; |
5600 | array[DEVCONF_TEMP_PREFERED_LFT] = cnf->temp_prefered_lft; |
5601 | array[DEVCONF_REGEN_MAX_RETRY] = cnf->regen_max_retry; |
5602 | array[DEVCONF_MAX_DESYNC_FACTOR] = cnf->max_desync_factor; |
5603 | array[DEVCONF_MAX_ADDRESSES] = cnf->max_addresses; |
5604 | array[DEVCONF_ACCEPT_RA_DEFRTR] = cnf->accept_ra_defrtr; |
5605 | array[DEVCONF_RA_DEFRTR_METRIC] = cnf->ra_defrtr_metric; |
5606 | array[DEVCONF_ACCEPT_RA_MIN_HOP_LIMIT] = cnf->accept_ra_min_hop_limit; |
5607 | array[DEVCONF_ACCEPT_RA_PINFO] = cnf->accept_ra_pinfo; |
5608 | #ifdef CONFIG_IPV6_ROUTER_PREF |
5609 | array[DEVCONF_ACCEPT_RA_RTR_PREF] = cnf->accept_ra_rtr_pref; |
5610 | array[DEVCONF_RTR_PROBE_INTERVAL] = |
5611 | jiffies_to_msecs(j: cnf->rtr_probe_interval); |
5612 | #ifdef CONFIG_IPV6_ROUTE_INFO |
5613 | array[DEVCONF_ACCEPT_RA_RT_INFO_MIN_PLEN] = cnf->accept_ra_rt_info_min_plen; |
5614 | array[DEVCONF_ACCEPT_RA_RT_INFO_MAX_PLEN] = cnf->accept_ra_rt_info_max_plen; |
5615 | #endif |
5616 | #endif |
5617 | array[DEVCONF_PROXY_NDP] = cnf->proxy_ndp; |
5618 | array[DEVCONF_ACCEPT_SOURCE_ROUTE] = cnf->accept_source_route; |
5619 | #ifdef CONFIG_IPV6_OPTIMISTIC_DAD |
5620 | array[DEVCONF_OPTIMISTIC_DAD] = cnf->optimistic_dad; |
5621 | array[DEVCONF_USE_OPTIMISTIC] = cnf->use_optimistic; |
5622 | #endif |
5623 | #ifdef CONFIG_IPV6_MROUTE |
5624 | array[DEVCONF_MC_FORWARDING] = atomic_read(v: &cnf->mc_forwarding); |
5625 | #endif |
5626 | array[DEVCONF_DISABLE_IPV6] = cnf->disable_ipv6; |
5627 | array[DEVCONF_ACCEPT_DAD] = cnf->accept_dad; |
5628 | array[DEVCONF_FORCE_TLLAO] = cnf->force_tllao; |
5629 | array[DEVCONF_NDISC_NOTIFY] = cnf->ndisc_notify; |
5630 | array[DEVCONF_SUPPRESS_FRAG_NDISC] = cnf->suppress_frag_ndisc; |
5631 | array[DEVCONF_ACCEPT_RA_FROM_LOCAL] = cnf->accept_ra_from_local; |
5632 | array[DEVCONF_ACCEPT_RA_MTU] = cnf->accept_ra_mtu; |
5633 | array[DEVCONF_IGNORE_ROUTES_WITH_LINKDOWN] = cnf->ignore_routes_with_linkdown; |
5634 | /* we omit DEVCONF_STABLE_SECRET for now */ |
5635 | array[DEVCONF_USE_OIF_ADDRS_ONLY] = cnf->use_oif_addrs_only; |
5636 | array[DEVCONF_DROP_UNICAST_IN_L2_MULTICAST] = cnf->drop_unicast_in_l2_multicast; |
5637 | array[DEVCONF_DROP_UNSOLICITED_NA] = cnf->drop_unsolicited_na; |
5638 | array[DEVCONF_KEEP_ADDR_ON_DOWN] = cnf->keep_addr_on_down; |
5639 | array[DEVCONF_SEG6_ENABLED] = cnf->seg6_enabled; |
5640 | #ifdef CONFIG_IPV6_SEG6_HMAC |
5641 | array[DEVCONF_SEG6_REQUIRE_HMAC] = cnf->seg6_require_hmac; |
5642 | #endif |
5643 | array[DEVCONF_ENHANCED_DAD] = cnf->enhanced_dad; |
5644 | array[DEVCONF_ADDR_GEN_MODE] = cnf->addr_gen_mode; |
5645 | array[DEVCONF_DISABLE_POLICY] = cnf->disable_policy; |
5646 | array[DEVCONF_NDISC_TCLASS] = cnf->ndisc_tclass; |
5647 | array[DEVCONF_RPL_SEG_ENABLED] = cnf->rpl_seg_enabled; |
5648 | array[DEVCONF_IOAM6_ENABLED] = cnf->ioam6_enabled; |
5649 | array[DEVCONF_IOAM6_ID] = cnf->ioam6_id; |
5650 | array[DEVCONF_IOAM6_ID_WIDE] = cnf->ioam6_id_wide; |
5651 | array[DEVCONF_NDISC_EVICT_NOCARRIER] = cnf->ndisc_evict_nocarrier; |
5652 | array[DEVCONF_ACCEPT_UNTRACKED_NA] = cnf->accept_untracked_na; |
5653 | array[DEVCONF_ACCEPT_RA_MIN_LFT] = cnf->accept_ra_min_lft; |
5654 | } |
5655 | |
5656 | static inline size_t inet6_ifla6_size(void) |
5657 | { |
5658 | return nla_total_size(payload: 4) /* IFLA_INET6_FLAGS */ |
5659 | + nla_total_size(payload: sizeof(struct ifla_cacheinfo)) |
5660 | + nla_total_size(payload: DEVCONF_MAX * 4) /* IFLA_INET6_CONF */ |
5661 | + nla_total_size(IPSTATS_MIB_MAX * 8) /* IFLA_INET6_STATS */ |
5662 | + nla_total_size(ICMP6_MIB_MAX * 8) /* IFLA_INET6_ICMP6STATS */ |
5663 | + nla_total_size(payload: sizeof(struct in6_addr)) /* IFLA_INET6_TOKEN */ |
5664 | + nla_total_size(payload: 1) /* IFLA_INET6_ADDR_GEN_MODE */ |
5665 | + nla_total_size(payload: 4) /* IFLA_INET6_RA_MTU */ |
5666 | + 0; |
5667 | } |
5668 | |
5669 | static inline size_t inet6_if_nlmsg_size(void) |
5670 | { |
5671 | return NLMSG_ALIGN(sizeof(struct ifinfomsg)) |
5672 | + nla_total_size(IFNAMSIZ) /* IFLA_IFNAME */ |
5673 | + nla_total_size(MAX_ADDR_LEN) /* IFLA_ADDRESS */ |
5674 | + nla_total_size(payload: 4) /* IFLA_MTU */ |
5675 | + nla_total_size(payload: 4) /* IFLA_LINK */ |
5676 | + nla_total_size(payload: 1) /* IFLA_OPERSTATE */ |
5677 | + nla_total_size(payload: inet6_ifla6_size()); /* IFLA_PROTINFO */ |
5678 | } |
5679 | |
5680 | static inline void __snmp6_fill_statsdev(u64 *stats, atomic_long_t *mib, |
5681 | int bytes) |
5682 | { |
5683 | int i; |
5684 | int pad = bytes - sizeof(u64) * ICMP6_MIB_MAX; |
5685 | BUG_ON(pad < 0); |
5686 | |
5687 | /* Use put_unaligned() because stats may not be aligned for u64. */ |
5688 | put_unaligned(ICMP6_MIB_MAX, &stats[0]); |
5689 | for (i = 1; i < ICMP6_MIB_MAX; i++) |
5690 | put_unaligned(atomic_long_read(&mib[i]), &stats[i]); |
5691 | |
5692 | memset(&stats[ICMP6_MIB_MAX], 0, pad); |
5693 | } |
5694 | |
5695 | static inline void __snmp6_fill_stats64(u64 *stats, void __percpu *mib, |
5696 | int bytes, size_t syncpoff) |
5697 | { |
5698 | int i, c; |
5699 | u64 buff[IPSTATS_MIB_MAX]; |
5700 | int pad = bytes - sizeof(u64) * IPSTATS_MIB_MAX; |
5701 | |
5702 | BUG_ON(pad < 0); |
5703 | |
5704 | memset(buff, 0, sizeof(buff)); |
5705 | buff[0] = IPSTATS_MIB_MAX; |
5706 | |
5707 | for_each_possible_cpu(c) { |
5708 | for (i = 1; i < IPSTATS_MIB_MAX; i++) |
5709 | buff[i] += snmp_get_cpu_field64(mib, cpu: c, offct: i, syncp_offset: syncpoff); |
5710 | } |
5711 | |
5712 | memcpy(stats, buff, IPSTATS_MIB_MAX * sizeof(u64)); |
5713 | memset(&stats[IPSTATS_MIB_MAX], 0, pad); |
5714 | } |
5715 | |
5716 | static void snmp6_fill_stats(u64 *stats, struct inet6_dev *idev, int attrtype, |
5717 | int bytes) |
5718 | { |
5719 | switch (attrtype) { |
5720 | case IFLA_INET6_STATS: |
5721 | __snmp6_fill_stats64(stats, mib: idev->stats.ipv6, bytes, |
5722 | offsetof(struct ipstats_mib, syncp)); |
5723 | break; |
5724 | case IFLA_INET6_ICMP6STATS: |
5725 | __snmp6_fill_statsdev(stats, mib: idev->stats.icmpv6dev->mibs, bytes); |
5726 | break; |
5727 | } |
5728 | } |
5729 | |
5730 | static int inet6_fill_ifla6_attrs(struct sk_buff *skb, struct inet6_dev *idev, |
5731 | u32 ext_filter_mask) |
5732 | { |
5733 | struct nlattr *nla; |
5734 | struct ifla_cacheinfo ci; |
5735 | |
5736 | if (nla_put_u32(skb, attrtype: IFLA_INET6_FLAGS, value: idev->if_flags)) |
5737 | goto nla_put_failure; |
5738 | ci.max_reasm_len = IPV6_MAXPLEN; |
5739 | ci.tstamp = cstamp_delta(cstamp: idev->tstamp); |
5740 | ci.reachable_time = jiffies_to_msecs(j: idev->nd_parms->reachable_time); |
5741 | ci.retrans_time = jiffies_to_msecs(NEIGH_VAR(idev->nd_parms, RETRANS_TIME)); |
5742 | if (nla_put(skb, attrtype: IFLA_INET6_CACHEINFO, attrlen: sizeof(ci), data: &ci)) |
5743 | goto nla_put_failure; |
5744 | nla = nla_reserve(skb, attrtype: IFLA_INET6_CONF, attrlen: DEVCONF_MAX * sizeof(s32)); |
5745 | if (!nla) |
5746 | goto nla_put_failure; |
5747 | ipv6_store_devconf(cnf: &idev->cnf, array: nla_data(nla), bytes: nla_len(nla)); |
5748 | |
5749 | /* XXX - MC not implemented */ |
5750 | |
5751 | if (ext_filter_mask & RTEXT_FILTER_SKIP_STATS) |
5752 | return 0; |
5753 | |
5754 | nla = nla_reserve(skb, attrtype: IFLA_INET6_STATS, IPSTATS_MIB_MAX * sizeof(u64)); |
5755 | if (!nla) |
5756 | goto nla_put_failure; |
5757 | snmp6_fill_stats(stats: nla_data(nla), idev, attrtype: IFLA_INET6_STATS, bytes: nla_len(nla)); |
5758 | |
5759 | nla = nla_reserve(skb, attrtype: IFLA_INET6_ICMP6STATS, ICMP6_MIB_MAX * sizeof(u64)); |
5760 | if (!nla) |
5761 | goto nla_put_failure; |
5762 | snmp6_fill_stats(stats: nla_data(nla), idev, attrtype: IFLA_INET6_ICMP6STATS, bytes: nla_len(nla)); |
5763 | |
5764 | nla = nla_reserve(skb, attrtype: IFLA_INET6_TOKEN, attrlen: sizeof(struct in6_addr)); |
5765 | if (!nla) |
5766 | goto nla_put_failure; |
5767 | read_lock_bh(&idev->lock); |
5768 | memcpy(nla_data(nla), idev->token.s6_addr, nla_len(nla)); |
5769 | read_unlock_bh(&idev->lock); |
5770 | |
5771 | if (nla_put_u8(skb, attrtype: IFLA_INET6_ADDR_GEN_MODE, value: idev->cnf.addr_gen_mode)) |
5772 | goto nla_put_failure; |
5773 | |
5774 | if (idev->ra_mtu && |
5775 | nla_put_u32(skb, attrtype: IFLA_INET6_RA_MTU, value: idev->ra_mtu)) |
5776 | goto nla_put_failure; |
5777 | |
5778 | return 0; |
5779 | |
5780 | nla_put_failure: |
5781 | return -EMSGSIZE; |
5782 | } |
5783 | |
5784 | static size_t inet6_get_link_af_size(const struct net_device *dev, |
5785 | u32 ext_filter_mask) |
5786 | { |
5787 | if (!__in6_dev_get(dev)) |
5788 | return 0; |
5789 | |
5790 | return inet6_ifla6_size(); |
5791 | } |
5792 | |
5793 | static int inet6_fill_link_af(struct sk_buff *skb, const struct net_device *dev, |
5794 | u32 ext_filter_mask) |
5795 | { |
5796 | struct inet6_dev *idev = __in6_dev_get(dev); |
5797 | |
5798 | if (!idev) |
5799 | return -ENODATA; |
5800 | |
5801 | if (inet6_fill_ifla6_attrs(skb, idev, ext_filter_mask) < 0) |
5802 | return -EMSGSIZE; |
5803 | |
5804 | return 0; |
5805 | } |
5806 | |
5807 | static int inet6_set_iftoken(struct inet6_dev *idev, struct in6_addr *token, |
5808 | struct netlink_ext_ack *extack) |
5809 | { |
5810 | struct inet6_ifaddr *ifp; |
5811 | struct net_device *dev = idev->dev; |
5812 | bool clear_token, update_rs = false; |
5813 | struct in6_addr ll_addr; |
5814 | |
5815 | ASSERT_RTNL(); |
5816 | |
5817 | if (!token) |
5818 | return -EINVAL; |
5819 | |
5820 | if (dev->flags & IFF_LOOPBACK) { |
5821 | NL_SET_ERR_MSG_MOD(extack, "Device is loopback" ); |
5822 | return -EINVAL; |
5823 | } |
5824 | |
5825 | if (dev->flags & IFF_NOARP) { |
5826 | NL_SET_ERR_MSG_MOD(extack, |
5827 | "Device does not do neighbour discovery" ); |
5828 | return -EINVAL; |
5829 | } |
5830 | |
5831 | if (!ipv6_accept_ra(idev)) { |
5832 | NL_SET_ERR_MSG_MOD(extack, |
5833 | "Router advertisement is disabled on device" ); |
5834 | return -EINVAL; |
5835 | } |
5836 | |
5837 | if (idev->cnf.rtr_solicits == 0) { |
5838 | NL_SET_ERR_MSG(extack, |
5839 | "Router solicitation is disabled on device" ); |
5840 | return -EINVAL; |
5841 | } |
5842 | |
5843 | write_lock_bh(&idev->lock); |
5844 | |
5845 | BUILD_BUG_ON(sizeof(token->s6_addr) != 16); |
5846 | memcpy(idev->token.s6_addr + 8, token->s6_addr + 8, 8); |
5847 | |
5848 | write_unlock_bh(&idev->lock); |
5849 | |
5850 | clear_token = ipv6_addr_any(a: token); |
5851 | if (clear_token) |
5852 | goto update_lft; |
5853 | |
5854 | if (!idev->dead && (idev->if_flags & IF_READY) && |
5855 | !ipv6_get_lladdr(dev, addr: &ll_addr, IFA_F_TENTATIVE | |
5856 | IFA_F_OPTIMISTIC)) { |
5857 | /* If we're not ready, then normal ifup will take care |
5858 | * of this. Otherwise, we need to request our rs here. |
5859 | */ |
5860 | ndisc_send_rs(dev, saddr: &ll_addr, daddr: &in6addr_linklocal_allrouters); |
5861 | update_rs = true; |
5862 | } |
5863 | |
5864 | update_lft: |
5865 | write_lock_bh(&idev->lock); |
5866 | |
5867 | if (update_rs) { |
5868 | idev->if_flags |= IF_RS_SENT; |
5869 | idev->rs_interval = rfc3315_s14_backoff_init( |
5870 | irt: idev->cnf.rtr_solicit_interval); |
5871 | idev->rs_probes = 1; |
5872 | addrconf_mod_rs_timer(idev, when: idev->rs_interval); |
5873 | } |
5874 | |
5875 | /* Well, that's kinda nasty ... */ |
5876 | list_for_each_entry(ifp, &idev->addr_list, if_list) { |
5877 | spin_lock(lock: &ifp->lock); |
5878 | if (ifp->tokenized) { |
5879 | ifp->valid_lft = 0; |
5880 | ifp->prefered_lft = 0; |
5881 | } |
5882 | spin_unlock(lock: &ifp->lock); |
5883 | } |
5884 | |
5885 | write_unlock_bh(&idev->lock); |
5886 | inet6_ifinfo_notify(RTM_NEWLINK, idev); |
5887 | addrconf_verify_rtnl(net: dev_net(dev)); |
5888 | return 0; |
5889 | } |
5890 | |
5891 | static const struct nla_policy inet6_af_policy[IFLA_INET6_MAX + 1] = { |
5892 | [IFLA_INET6_ADDR_GEN_MODE] = { .type = NLA_U8 }, |
5893 | [IFLA_INET6_TOKEN] = { .len = sizeof(struct in6_addr) }, |
5894 | [IFLA_INET6_RA_MTU] = { .type = NLA_REJECT, |
5895 | .reject_message = |
5896 | "IFLA_INET6_RA_MTU can not be set" }, |
5897 | }; |
5898 | |
5899 | static int check_addr_gen_mode(int mode) |
5900 | { |
5901 | if (mode != IN6_ADDR_GEN_MODE_EUI64 && |
5902 | mode != IN6_ADDR_GEN_MODE_NONE && |
5903 | mode != IN6_ADDR_GEN_MODE_STABLE_PRIVACY && |
5904 | mode != IN6_ADDR_GEN_MODE_RANDOM) |
5905 | return -EINVAL; |
5906 | return 1; |
5907 | } |
5908 | |
5909 | static int check_stable_privacy(struct inet6_dev *idev, struct net *net, |
5910 | int mode) |
5911 | { |
5912 | if (mode == IN6_ADDR_GEN_MODE_STABLE_PRIVACY && |
5913 | !idev->cnf.stable_secret.initialized && |
5914 | !net->ipv6.devconf_dflt->stable_secret.initialized) |
5915 | return -EINVAL; |
5916 | return 1; |
5917 | } |
5918 | |
5919 | static int inet6_validate_link_af(const struct net_device *dev, |
5920 | const struct nlattr *nla, |
5921 | struct netlink_ext_ack *extack) |
5922 | { |
5923 | struct nlattr *tb[IFLA_INET6_MAX + 1]; |
5924 | struct inet6_dev *idev = NULL; |
5925 | int err; |
5926 | |
5927 | if (dev) { |
5928 | idev = __in6_dev_get(dev); |
5929 | if (!idev) |
5930 | return -EAFNOSUPPORT; |
5931 | } |
5932 | |
5933 | err = nla_parse_nested_deprecated(tb, IFLA_INET6_MAX, nla, |
5934 | policy: inet6_af_policy, extack); |
5935 | if (err) |
5936 | return err; |
5937 | |
5938 | if (!tb[IFLA_INET6_TOKEN] && !tb[IFLA_INET6_ADDR_GEN_MODE]) |
5939 | return -EINVAL; |
5940 | |
5941 | if (tb[IFLA_INET6_ADDR_GEN_MODE]) { |
5942 | u8 mode = nla_get_u8(nla: tb[IFLA_INET6_ADDR_GEN_MODE]); |
5943 | |
5944 | if (check_addr_gen_mode(mode) < 0) |
5945 | return -EINVAL; |
5946 | if (dev && check_stable_privacy(idev, net: dev_net(dev), mode) < 0) |
5947 | return -EINVAL; |
5948 | } |
5949 | |
5950 | return 0; |
5951 | } |
5952 | |
5953 | static int inet6_set_link_af(struct net_device *dev, const struct nlattr *nla, |
5954 | struct netlink_ext_ack *extack) |
5955 | { |
5956 | struct inet6_dev *idev = __in6_dev_get(dev); |
5957 | struct nlattr *tb[IFLA_INET6_MAX + 1]; |
5958 | int err; |
5959 | |
5960 | if (!idev) |
5961 | return -EAFNOSUPPORT; |
5962 | |
5963 | if (nla_parse_nested_deprecated(tb, IFLA_INET6_MAX, nla, NULL, NULL) < 0) |
5964 | return -EINVAL; |
5965 | |
5966 | if (tb[IFLA_INET6_TOKEN]) { |
5967 | err = inet6_set_iftoken(idev, token: nla_data(nla: tb[IFLA_INET6_TOKEN]), |
5968 | extack); |
5969 | if (err) |
5970 | return err; |
5971 | } |
5972 | |
5973 | if (tb[IFLA_INET6_ADDR_GEN_MODE]) { |
5974 | u8 mode = nla_get_u8(nla: tb[IFLA_INET6_ADDR_GEN_MODE]); |
5975 | |
5976 | idev->cnf.addr_gen_mode = mode; |
5977 | } |
5978 | |
5979 | return 0; |
5980 | } |
5981 | |
5982 | static int inet6_fill_ifinfo(struct sk_buff *skb, struct inet6_dev *idev, |
5983 | u32 portid, u32 seq, int event, unsigned int flags) |
5984 | { |
5985 | struct net_device *dev = idev->dev; |
5986 | struct ifinfomsg *hdr; |
5987 | struct nlmsghdr *nlh; |
5988 | void *protoinfo; |
5989 | |
5990 | nlh = nlmsg_put(skb, portid, seq, type: event, payload: sizeof(*hdr), flags); |
5991 | if (!nlh) |
5992 | return -EMSGSIZE; |
5993 | |
5994 | hdr = nlmsg_data(nlh); |
5995 | hdr->ifi_family = AF_INET6; |
5996 | hdr->__ifi_pad = 0; |
5997 | hdr->ifi_type = dev->type; |
5998 | hdr->ifi_index = dev->ifindex; |
5999 | hdr->ifi_flags = dev_get_flags(dev); |
6000 | hdr->ifi_change = 0; |
6001 | |
6002 | if (nla_put_string(skb, attrtype: IFLA_IFNAME, str: dev->name) || |
6003 | (dev->addr_len && |
6004 | nla_put(skb, attrtype: IFLA_ADDRESS, attrlen: dev->addr_len, data: dev->dev_addr)) || |
6005 | nla_put_u32(skb, attrtype: IFLA_MTU, value: dev->mtu) || |
6006 | (dev->ifindex != dev_get_iflink(dev) && |
6007 | nla_put_u32(skb, attrtype: IFLA_LINK, value: dev_get_iflink(dev))) || |
6008 | nla_put_u8(skb, attrtype: IFLA_OPERSTATE, |
6009 | value: netif_running(dev) ? dev->operstate : IF_OPER_DOWN)) |
6010 | goto nla_put_failure; |
6011 | protoinfo = nla_nest_start_noflag(skb, IFLA_PROTINFO); |
6012 | if (!protoinfo) |
6013 | goto nla_put_failure; |
6014 | |
6015 | if (inet6_fill_ifla6_attrs(skb, idev, ext_filter_mask: 0) < 0) |
6016 | goto nla_put_failure; |
6017 | |
6018 | nla_nest_end(skb, start: protoinfo); |
6019 | nlmsg_end(skb, nlh); |
6020 | return 0; |
6021 | |
6022 | nla_put_failure: |
6023 | nlmsg_cancel(skb, nlh); |
6024 | return -EMSGSIZE; |
6025 | } |
6026 | |
6027 | static int inet6_valid_dump_ifinfo(const struct nlmsghdr *nlh, |
6028 | struct netlink_ext_ack *extack) |
6029 | { |
6030 | struct ifinfomsg *ifm; |
6031 | |
6032 | if (nlh->nlmsg_len < nlmsg_msg_size(payload: sizeof(*ifm))) { |
6033 | NL_SET_ERR_MSG_MOD(extack, "Invalid header for link dump request" ); |
6034 | return -EINVAL; |
6035 | } |
6036 | |
6037 | if (nlmsg_attrlen(nlh, hdrlen: sizeof(*ifm))) { |
6038 | NL_SET_ERR_MSG_MOD(extack, "Invalid data after header" ); |
6039 | return -EINVAL; |
6040 | } |
6041 | |
6042 | ifm = nlmsg_data(nlh); |
6043 | if (ifm->__ifi_pad || ifm->ifi_type || ifm->ifi_flags || |
6044 | ifm->ifi_change || ifm->ifi_index) { |
6045 | NL_SET_ERR_MSG_MOD(extack, "Invalid values in header for dump request" ); |
6046 | return -EINVAL; |
6047 | } |
6048 | |
6049 | return 0; |
6050 | } |
6051 | |
6052 | static int inet6_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb) |
6053 | { |
6054 | struct net *net = sock_net(sk: skb->sk); |
6055 | int h, s_h; |
6056 | int idx = 0, s_idx; |
6057 | struct net_device *dev; |
6058 | struct inet6_dev *idev; |
6059 | struct hlist_head *head; |
6060 | |
6061 | /* only requests using strict checking can pass data to |
6062 | * influence the dump |
6063 | */ |
6064 | if (cb->strict_check) { |
6065 | int err = inet6_valid_dump_ifinfo(nlh: cb->nlh, extack: cb->extack); |
6066 | |
6067 | if (err < 0) |
6068 | return err; |
6069 | } |
6070 | |
6071 | s_h = cb->args[0]; |
6072 | s_idx = cb->args[1]; |
6073 | |
6074 | rcu_read_lock(); |
6075 | for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) { |
6076 | idx = 0; |
6077 | head = &net->dev_index_head[h]; |
6078 | hlist_for_each_entry_rcu(dev, head, index_hlist) { |
6079 | if (idx < s_idx) |
6080 | goto cont; |
6081 | idev = __in6_dev_get(dev); |
6082 | if (!idev) |
6083 | goto cont; |
6084 | if (inet6_fill_ifinfo(skb, idev, |
6085 | NETLINK_CB(cb->skb).portid, |
6086 | seq: cb->nlh->nlmsg_seq, |
6087 | RTM_NEWLINK, NLM_F_MULTI) < 0) |
6088 | goto out; |
6089 | cont: |
6090 | idx++; |
6091 | } |
6092 | } |
6093 | out: |
6094 | rcu_read_unlock(); |
6095 | cb->args[1] = idx; |
6096 | cb->args[0] = h; |
6097 | |
6098 | return skb->len; |
6099 | } |
6100 | |
6101 | void inet6_ifinfo_notify(int event, struct inet6_dev *idev) |
6102 | { |
6103 | struct sk_buff *skb; |
6104 | struct net *net = dev_net(dev: idev->dev); |
6105 | int err = -ENOBUFS; |
6106 | |
6107 | skb = nlmsg_new(payload: inet6_if_nlmsg_size(), GFP_ATOMIC); |
6108 | if (!skb) |
6109 | goto errout; |
6110 | |
6111 | err = inet6_fill_ifinfo(skb, idev, portid: 0, seq: 0, event, flags: 0); |
6112 | if (err < 0) { |
6113 | /* -EMSGSIZE implies BUG in inet6_if_nlmsg_size() */ |
6114 | WARN_ON(err == -EMSGSIZE); |
6115 | kfree_skb(skb); |
6116 | goto errout; |
6117 | } |
6118 | rtnl_notify(skb, net, pid: 0, RTNLGRP_IPV6_IFINFO, NULL, GFP_ATOMIC); |
6119 | return; |
6120 | errout: |
6121 | if (err < 0) |
6122 | rtnl_set_sk_err(net, RTNLGRP_IPV6_IFINFO, error: err); |
6123 | } |
6124 | |
6125 | static inline size_t inet6_prefix_nlmsg_size(void) |
6126 | { |
6127 | return NLMSG_ALIGN(sizeof(struct prefixmsg)) |
6128 | + nla_total_size(payload: sizeof(struct in6_addr)) |
6129 | + nla_total_size(payload: sizeof(struct prefix_cacheinfo)); |
6130 | } |
6131 | |
6132 | static int inet6_fill_prefix(struct sk_buff *skb, struct inet6_dev *idev, |
6133 | struct prefix_info *pinfo, u32 portid, u32 seq, |
6134 | int event, unsigned int flags) |
6135 | { |
6136 | struct prefixmsg *pmsg; |
6137 | struct nlmsghdr *nlh; |
6138 | struct prefix_cacheinfo ci; |
6139 | |
6140 | nlh = nlmsg_put(skb, portid, seq, type: event, payload: sizeof(*pmsg), flags); |
6141 | if (!nlh) |
6142 | return -EMSGSIZE; |
6143 | |
6144 | pmsg = nlmsg_data(nlh); |
6145 | pmsg->prefix_family = AF_INET6; |
6146 | pmsg->prefix_pad1 = 0; |
6147 | pmsg->prefix_pad2 = 0; |
6148 | pmsg->prefix_ifindex = idev->dev->ifindex; |
6149 | pmsg->prefix_len = pinfo->prefix_len; |
6150 | pmsg->prefix_type = pinfo->type; |
6151 | pmsg->prefix_pad3 = 0; |
6152 | pmsg->prefix_flags = 0; |
6153 | if (pinfo->onlink) |
6154 | pmsg->prefix_flags |= IF_PREFIX_ONLINK; |
6155 | if (pinfo->autoconf) |
6156 | pmsg->prefix_flags |= IF_PREFIX_AUTOCONF; |
6157 | |
6158 | if (nla_put(skb, attrtype: PREFIX_ADDRESS, attrlen: sizeof(pinfo->prefix), data: &pinfo->prefix)) |
6159 | goto nla_put_failure; |
6160 | ci.preferred_time = ntohl(pinfo->prefered); |
6161 | ci.valid_time = ntohl(pinfo->valid); |
6162 | if (nla_put(skb, attrtype: PREFIX_CACHEINFO, attrlen: sizeof(ci), data: &ci)) |
6163 | goto nla_put_failure; |
6164 | nlmsg_end(skb, nlh); |
6165 | return 0; |
6166 | |
6167 | nla_put_failure: |
6168 | nlmsg_cancel(skb, nlh); |
6169 | return -EMSGSIZE; |
6170 | } |
6171 | |
6172 | static void inet6_prefix_notify(int event, struct inet6_dev *idev, |
6173 | struct prefix_info *pinfo) |
6174 | { |
6175 | struct sk_buff *skb; |
6176 | struct net *net = dev_net(dev: idev->dev); |
6177 | int err = -ENOBUFS; |
6178 | |
6179 | skb = nlmsg_new(payload: inet6_prefix_nlmsg_size(), GFP_ATOMIC); |
6180 | if (!skb) |
6181 | goto errout; |
6182 | |
6183 | err = inet6_fill_prefix(skb, idev, pinfo, portid: 0, seq: 0, event, flags: 0); |
6184 | if (err < 0) { |
6185 | /* -EMSGSIZE implies BUG in inet6_prefix_nlmsg_size() */ |
6186 | WARN_ON(err == -EMSGSIZE); |
6187 | kfree_skb(skb); |
6188 | goto errout; |
6189 | } |
6190 | rtnl_notify(skb, net, pid: 0, RTNLGRP_IPV6_PREFIX, NULL, GFP_ATOMIC); |
6191 | return; |
6192 | errout: |
6193 | if (err < 0) |
6194 | rtnl_set_sk_err(net, RTNLGRP_IPV6_PREFIX, error: err); |
6195 | } |
6196 | |
6197 | static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp) |
6198 | { |
6199 | struct net *net = dev_net(dev: ifp->idev->dev); |
6200 | |
6201 | if (event) |
6202 | ASSERT_RTNL(); |
6203 | |
6204 | inet6_ifa_notify(event: event ? : RTM_NEWADDR, ifa: ifp); |
6205 | |
6206 | switch (event) { |
6207 | case RTM_NEWADDR: |
6208 | /* |
6209 | * If the address was optimistic we inserted the route at the |
6210 | * start of our DAD process, so we don't need to do it again. |
6211 | * If the device was taken down in the middle of the DAD |
6212 | * cycle there is a race where we could get here without a |
6213 | * host route, so nothing to insert. That will be fixed when |
6214 | * the device is brought up. |
6215 | */ |
6216 | if (ifp->rt && !rcu_access_pointer(ifp->rt->fib6_node)) { |
6217 | ip6_ins_rt(net, f6i: ifp->rt); |
6218 | } else if (!ifp->rt && (ifp->idev->dev->flags & IFF_UP)) { |
6219 | pr_warn("BUG: Address %pI6c on device %s is missing its host route.\n" , |
6220 | &ifp->addr, ifp->idev->dev->name); |
6221 | } |
6222 | |
6223 | if (ifp->idev->cnf.forwarding) |
6224 | addrconf_join_anycast(ifp); |
6225 | if (!ipv6_addr_any(a: &ifp->peer_addr)) |
6226 | addrconf_prefix_route(pfx: &ifp->peer_addr, plen: 128, |
6227 | metric: ifp->rt_priority, dev: ifp->idev->dev, |
6228 | expires: 0, flags: 0, GFP_ATOMIC); |
6229 | break; |
6230 | case RTM_DELADDR: |
6231 | if (ifp->idev->cnf.forwarding) |
6232 | addrconf_leave_anycast(ifp); |
6233 | addrconf_leave_solict(idev: ifp->idev, addr: &ifp->addr); |
6234 | if (!ipv6_addr_any(a: &ifp->peer_addr)) { |
6235 | struct fib6_info *rt; |
6236 | |
6237 | rt = addrconf_get_prefix_route(pfx: &ifp->peer_addr, plen: 128, |
6238 | dev: ifp->idev->dev, flags: 0, noflags: 0, |
6239 | no_gw: false); |
6240 | if (rt) |
6241 | ip6_del_rt(net, f6i: rt, skip_notify: false); |
6242 | } |
6243 | if (ifp->rt) { |
6244 | ip6_del_rt(net, f6i: ifp->rt, skip_notify: false); |
6245 | ifp->rt = NULL; |
6246 | } |
6247 | rt_genid_bump_ipv6(net); |
6248 | break; |
6249 | } |
6250 | atomic_inc(v: &net->ipv6.dev_addr_genid); |
6251 | } |
6252 | |
6253 | static void ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp) |
6254 | { |
6255 | if (likely(ifp->idev->dead == 0)) |
6256 | __ipv6_ifa_notify(event, ifp); |
6257 | } |
6258 | |
6259 | #ifdef CONFIG_SYSCTL |
6260 | |
6261 | static int addrconf_sysctl_forward(struct ctl_table *ctl, int write, |
6262 | void *buffer, size_t *lenp, loff_t *ppos) |
6263 | { |
6264 | int *valp = ctl->data; |
6265 | int val = *valp; |
6266 | loff_t pos = *ppos; |
6267 | struct ctl_table lctl; |
6268 | int ret; |
6269 | |
6270 | /* |
6271 | * ctl->data points to idev->cnf.forwarding, we should |
6272 | * not modify it until we get the rtnl lock. |
6273 | */ |
6274 | lctl = *ctl; |
6275 | lctl.data = &val; |
6276 | |
6277 | ret = proc_dointvec(&lctl, write, buffer, lenp, ppos); |
6278 | |
6279 | if (write) |
6280 | ret = addrconf_fixup_forwarding(table: ctl, p: valp, newf: val); |
6281 | if (ret) |
6282 | *ppos = pos; |
6283 | return ret; |
6284 | } |
6285 | |
6286 | static int addrconf_sysctl_mtu(struct ctl_table *ctl, int write, |
6287 | void *buffer, size_t *lenp, loff_t *ppos) |
6288 | { |
6289 | struct inet6_dev *idev = ctl->extra1; |
6290 | int min_mtu = IPV6_MIN_MTU; |
6291 | struct ctl_table lctl; |
6292 | |
6293 | lctl = *ctl; |
6294 | lctl.extra1 = &min_mtu; |
6295 | lctl.extra2 = idev ? &idev->dev->mtu : NULL; |
6296 | |
6297 | return proc_dointvec_minmax(&lctl, write, buffer, lenp, ppos); |
6298 | } |
6299 | |
6300 | static void dev_disable_change(struct inet6_dev *idev) |
6301 | { |
6302 | struct netdev_notifier_info info; |
6303 | |
6304 | if (!idev || !idev->dev) |
6305 | return; |
6306 | |
6307 | netdev_notifier_info_init(info: &info, dev: idev->dev); |
6308 | if (idev->cnf.disable_ipv6) |
6309 | addrconf_notify(NULL, event: NETDEV_DOWN, ptr: &info); |
6310 | else |
6311 | addrconf_notify(NULL, event: NETDEV_UP, ptr: &info); |
6312 | } |
6313 | |
6314 | static void addrconf_disable_change(struct net *net, __s32 newf) |
6315 | { |
6316 | struct net_device *dev; |
6317 | struct inet6_dev *idev; |
6318 | |
6319 | for_each_netdev(net, dev) { |
6320 | idev = __in6_dev_get(dev); |
6321 | if (idev) { |
6322 | int changed = (!idev->cnf.disable_ipv6) ^ (!newf); |
6323 | idev->cnf.disable_ipv6 = newf; |
6324 | if (changed) |
6325 | dev_disable_change(idev); |
6326 | } |
6327 | } |
6328 | } |
6329 | |
6330 | static int addrconf_disable_ipv6(struct ctl_table *table, int *p, int newf) |
6331 | { |
6332 | struct net *net; |
6333 | int old; |
6334 | |
6335 | if (!rtnl_trylock()) |
6336 | return restart_syscall(); |
6337 | |
6338 | net = (struct net *)table->extra2; |
6339 | old = *p; |
6340 | *p = newf; |
6341 | |
6342 | if (p == &net->ipv6.devconf_dflt->disable_ipv6) { |
6343 | rtnl_unlock(); |
6344 | return 0; |
6345 | } |
6346 | |
6347 | if (p == &net->ipv6.devconf_all->disable_ipv6) { |
6348 | net->ipv6.devconf_dflt->disable_ipv6 = newf; |
6349 | addrconf_disable_change(net, newf); |
6350 | } else if ((!newf) ^ (!old)) |
6351 | dev_disable_change(idev: (struct inet6_dev *)table->extra1); |
6352 | |
6353 | rtnl_unlock(); |
6354 | return 0; |
6355 | } |
6356 | |
6357 | static int addrconf_sysctl_disable(struct ctl_table *ctl, int write, |
6358 | void *buffer, size_t *lenp, loff_t *ppos) |
6359 | { |
6360 | int *valp = ctl->data; |
6361 | int val = *valp; |
6362 | loff_t pos = *ppos; |
6363 | struct ctl_table lctl; |
6364 | int ret; |
6365 | |
6366 | /* |
6367 | * ctl->data points to idev->cnf.disable_ipv6, we should |
6368 | * not modify it until we get the rtnl lock. |
6369 | */ |
6370 | lctl = *ctl; |
6371 | lctl.data = &val; |
6372 | |
6373 | ret = proc_dointvec(&lctl, write, buffer, lenp, ppos); |
6374 | |
6375 | if (write) |
6376 | ret = addrconf_disable_ipv6(table: ctl, p: valp, newf: val); |
6377 | if (ret) |
6378 | *ppos = pos; |
6379 | return ret; |
6380 | } |
6381 | |
6382 | static int addrconf_sysctl_proxy_ndp(struct ctl_table *ctl, int write, |
6383 | void *buffer, size_t *lenp, loff_t *ppos) |
6384 | { |
6385 | int *valp = ctl->data; |
6386 | int ret; |
6387 | int old, new; |
6388 | |
6389 | old = *valp; |
6390 | ret = proc_dointvec(ctl, write, buffer, lenp, ppos); |
6391 | new = *valp; |
6392 | |
6393 | if (write && old != new) { |
6394 | struct net *net = ctl->extra2; |
6395 | |
6396 | if (!rtnl_trylock()) |
6397 | return restart_syscall(); |
6398 | |
6399 | if (valp == &net->ipv6.devconf_dflt->proxy_ndp) |
6400 | inet6_netconf_notify_devconf(net, RTM_NEWNETCONF, |
6401 | type: NETCONFA_PROXY_NEIGH, |
6402 | NETCONFA_IFINDEX_DEFAULT, |
6403 | devconf: net->ipv6.devconf_dflt); |
6404 | else if (valp == &net->ipv6.devconf_all->proxy_ndp) |
6405 | inet6_netconf_notify_devconf(net, RTM_NEWNETCONF, |
6406 | type: NETCONFA_PROXY_NEIGH, |
6407 | NETCONFA_IFINDEX_ALL, |
6408 | devconf: net->ipv6.devconf_all); |
6409 | else { |
6410 | struct inet6_dev *idev = ctl->extra1; |
6411 | |
6412 | inet6_netconf_notify_devconf(net, RTM_NEWNETCONF, |
6413 | type: NETCONFA_PROXY_NEIGH, |
6414 | ifindex: idev->dev->ifindex, |
6415 | devconf: &idev->cnf); |
6416 | } |
6417 | rtnl_unlock(); |
6418 | } |
6419 | |
6420 | return ret; |
6421 | } |
6422 | |
6423 | static int addrconf_sysctl_addr_gen_mode(struct ctl_table *ctl, int write, |
6424 | void *buffer, size_t *lenp, |
6425 | loff_t *ppos) |
6426 | { |
6427 | int ret = 0; |
6428 | u32 new_val; |
6429 | struct inet6_dev *idev = (struct inet6_dev *)ctl->extra1; |
6430 | struct net *net = (struct net *)ctl->extra2; |
6431 | struct ctl_table tmp = { |
6432 | .data = &new_val, |
6433 | .maxlen = sizeof(new_val), |
6434 | .mode = ctl->mode, |
6435 | }; |
6436 | |
6437 | if (!rtnl_trylock()) |
6438 | return restart_syscall(); |
6439 | |
6440 | new_val = *((u32 *)ctl->data); |
6441 | |
6442 | ret = proc_douintvec(&tmp, write, buffer, lenp, ppos); |
6443 | if (ret != 0) |
6444 | goto out; |
6445 | |
6446 | if (write) { |
6447 | if (check_addr_gen_mode(mode: new_val) < 0) { |
6448 | ret = -EINVAL; |
6449 | goto out; |
6450 | } |
6451 | |
6452 | if (idev) { |
6453 | if (check_stable_privacy(idev, net, mode: new_val) < 0) { |
6454 | ret = -EINVAL; |
6455 | goto out; |
6456 | } |
6457 | |
6458 | if (idev->cnf.addr_gen_mode != new_val) { |
6459 | idev->cnf.addr_gen_mode = new_val; |
6460 | addrconf_init_auto_addrs(dev: idev->dev); |
6461 | } |
6462 | } else if (&net->ipv6.devconf_all->addr_gen_mode == ctl->data) { |
6463 | struct net_device *dev; |
6464 | |
6465 | net->ipv6.devconf_dflt->addr_gen_mode = new_val; |
6466 | for_each_netdev(net, dev) { |
6467 | idev = __in6_dev_get(dev); |
6468 | if (idev && |
6469 | idev->cnf.addr_gen_mode != new_val) { |
6470 | idev->cnf.addr_gen_mode = new_val; |
6471 | addrconf_init_auto_addrs(dev: idev->dev); |
6472 | } |
6473 | } |
6474 | } |
6475 | |
6476 | *((u32 *)ctl->data) = new_val; |
6477 | } |
6478 | |
6479 | out: |
6480 | rtnl_unlock(); |
6481 | |
6482 | return ret; |
6483 | } |
6484 | |
6485 | static int addrconf_sysctl_stable_secret(struct ctl_table *ctl, int write, |
6486 | void *buffer, size_t *lenp, |
6487 | loff_t *ppos) |
6488 | { |
6489 | int err; |
6490 | struct in6_addr addr; |
6491 | char str[IPV6_MAX_STRLEN]; |
6492 | struct ctl_table lctl = *ctl; |
6493 | struct net *net = ctl->extra2; |
6494 | struct ipv6_stable_secret *secret = ctl->data; |
6495 | |
6496 | if (&net->ipv6.devconf_all->stable_secret == ctl->data) |
6497 | return -EIO; |
6498 | |
6499 | lctl.maxlen = IPV6_MAX_STRLEN; |
6500 | lctl.data = str; |
6501 | |
6502 | if (!rtnl_trylock()) |
6503 | return restart_syscall(); |
6504 | |
6505 | if (!write && !secret->initialized) { |
6506 | err = -EIO; |
6507 | goto out; |
6508 | } |
6509 | |
6510 | err = snprintf(buf: str, size: sizeof(str), fmt: "%pI6" , &secret->secret); |
6511 | if (err >= sizeof(str)) { |
6512 | err = -EIO; |
6513 | goto out; |
6514 | } |
6515 | |
6516 | err = proc_dostring(&lctl, write, buffer, lenp, ppos); |
6517 | if (err || !write) |
6518 | goto out; |
6519 | |
6520 | if (in6_pton(src: str, srclen: -1, dst: addr.in6_u.u6_addr8, delim: -1, NULL) != 1) { |
6521 | err = -EIO; |
6522 | goto out; |
6523 | } |
6524 | |
6525 | secret->initialized = true; |
6526 | secret->secret = addr; |
6527 | |
6528 | if (&net->ipv6.devconf_dflt->stable_secret == ctl->data) { |
6529 | struct net_device *dev; |
6530 | |
6531 | for_each_netdev(net, dev) { |
6532 | struct inet6_dev *idev = __in6_dev_get(dev); |
6533 | |
6534 | if (idev) { |
6535 | idev->cnf.addr_gen_mode = |
6536 | IN6_ADDR_GEN_MODE_STABLE_PRIVACY; |
6537 | } |
6538 | } |
6539 | } else { |
6540 | struct inet6_dev *idev = ctl->extra1; |
6541 | |
6542 | idev->cnf.addr_gen_mode = IN6_ADDR_GEN_MODE_STABLE_PRIVACY; |
6543 | } |
6544 | |
6545 | out: |
6546 | rtnl_unlock(); |
6547 | |
6548 | return err; |
6549 | } |
6550 | |
6551 | static |
6552 | int addrconf_sysctl_ignore_routes_with_linkdown(struct ctl_table *ctl, |
6553 | int write, void *buffer, |
6554 | size_t *lenp, |
6555 | loff_t *ppos) |
6556 | { |
6557 | int *valp = ctl->data; |
6558 | int val = *valp; |
6559 | loff_t pos = *ppos; |
6560 | struct ctl_table lctl; |
6561 | int ret; |
6562 | |
6563 | /* ctl->data points to idev->cnf.ignore_routes_when_linkdown |
6564 | * we should not modify it until we get the rtnl lock. |
6565 | */ |
6566 | lctl = *ctl; |
6567 | lctl.data = &val; |
6568 | |
6569 | ret = proc_dointvec(&lctl, write, buffer, lenp, ppos); |
6570 | |
6571 | if (write) |
6572 | ret = addrconf_fixup_linkdown(table: ctl, p: valp, newf: val); |
6573 | if (ret) |
6574 | *ppos = pos; |
6575 | return ret; |
6576 | } |
6577 | |
6578 | static |
6579 | void addrconf_set_nopolicy(struct rt6_info *rt, int action) |
6580 | { |
6581 | if (rt) { |
6582 | if (action) |
6583 | rt->dst.flags |= DST_NOPOLICY; |
6584 | else |
6585 | rt->dst.flags &= ~DST_NOPOLICY; |
6586 | } |
6587 | } |
6588 | |
6589 | static |
6590 | void addrconf_disable_policy_idev(struct inet6_dev *idev, int val) |
6591 | { |
6592 | struct inet6_ifaddr *ifa; |
6593 | |
6594 | read_lock_bh(&idev->lock); |
6595 | list_for_each_entry(ifa, &idev->addr_list, if_list) { |
6596 | spin_lock(lock: &ifa->lock); |
6597 | if (ifa->rt) { |
6598 | /* host routes only use builtin fib6_nh */ |
6599 | struct fib6_nh *nh = ifa->rt->fib6_nh; |
6600 | int cpu; |
6601 | |
6602 | rcu_read_lock(); |
6603 | ifa->rt->dst_nopolicy = val ? true : false; |
6604 | if (nh->rt6i_pcpu) { |
6605 | for_each_possible_cpu(cpu) { |
6606 | struct rt6_info **rtp; |
6607 | |
6608 | rtp = per_cpu_ptr(nh->rt6i_pcpu, cpu); |
6609 | addrconf_set_nopolicy(rt: *rtp, action: val); |
6610 | } |
6611 | } |
6612 | rcu_read_unlock(); |
6613 | } |
6614 | spin_unlock(lock: &ifa->lock); |
6615 | } |
6616 | read_unlock_bh(&idev->lock); |
6617 | } |
6618 | |
6619 | static |
6620 | int addrconf_disable_policy(struct ctl_table *ctl, int *valp, int val) |
6621 | { |
6622 | struct inet6_dev *idev; |
6623 | struct net *net; |
6624 | |
6625 | if (!rtnl_trylock()) |
6626 | return restart_syscall(); |
6627 | |
6628 | *valp = val; |
6629 | |
6630 | net = (struct net *)ctl->extra2; |
6631 | if (valp == &net->ipv6.devconf_dflt->disable_policy) { |
6632 | rtnl_unlock(); |
6633 | return 0; |
6634 | } |
6635 | |
6636 | if (valp == &net->ipv6.devconf_all->disable_policy) { |
6637 | struct net_device *dev; |
6638 | |
6639 | for_each_netdev(net, dev) { |
6640 | idev = __in6_dev_get(dev); |
6641 | if (idev) |
6642 | addrconf_disable_policy_idev(idev, val); |
6643 | } |
6644 | } else { |
6645 | idev = (struct inet6_dev *)ctl->extra1; |
6646 | addrconf_disable_policy_idev(idev, val); |
6647 | } |
6648 | |
6649 | rtnl_unlock(); |
6650 | return 0; |
6651 | } |
6652 | |
6653 | static int addrconf_sysctl_disable_policy(struct ctl_table *ctl, int write, |
6654 | void *buffer, size_t *lenp, loff_t *ppos) |
6655 | { |
6656 | int *valp = ctl->data; |
6657 | int val = *valp; |
6658 | loff_t pos = *ppos; |
6659 | struct ctl_table lctl; |
6660 | int ret; |
6661 | |
6662 | lctl = *ctl; |
6663 | lctl.data = &val; |
6664 | ret = proc_dointvec(&lctl, write, buffer, lenp, ppos); |
6665 | |
6666 | if (write && (*valp != val)) |
6667 | ret = addrconf_disable_policy(ctl, valp, val); |
6668 | |
6669 | if (ret) |
6670 | *ppos = pos; |
6671 | |
6672 | return ret; |
6673 | } |
6674 | |
6675 | static int minus_one = -1; |
6676 | static const int two_five_five = 255; |
6677 | static u32 ioam6_if_id_max = U16_MAX; |
6678 | |
6679 | static const struct ctl_table addrconf_sysctl[] = { |
6680 | { |
6681 | .procname = "forwarding" , |
6682 | .data = &ipv6_devconf.forwarding, |
6683 | .maxlen = sizeof(int), |
6684 | .mode = 0644, |
6685 | .proc_handler = addrconf_sysctl_forward, |
6686 | }, |
6687 | { |
6688 | .procname = "hop_limit" , |
6689 | .data = &ipv6_devconf.hop_limit, |
6690 | .maxlen = sizeof(int), |
6691 | .mode = 0644, |
6692 | .proc_handler = proc_dointvec_minmax, |
6693 | .extra1 = (void *)SYSCTL_ONE, |
6694 | .extra2 = (void *)&two_five_five, |
6695 | }, |
6696 | { |
6697 | .procname = "mtu" , |
6698 | .data = &ipv6_devconf.mtu6, |
6699 | .maxlen = sizeof(int), |
6700 | .mode = 0644, |
6701 | .proc_handler = addrconf_sysctl_mtu, |
6702 | }, |
6703 | { |
6704 | .procname = "accept_ra" , |
6705 | .data = &ipv6_devconf.accept_ra, |
6706 | .maxlen = sizeof(int), |
6707 | .mode = 0644, |
6708 | .proc_handler = proc_dointvec, |
6709 | }, |
6710 | { |
6711 | .procname = "accept_redirects" , |
6712 | .data = &ipv6_devconf.accept_redirects, |
6713 | .maxlen = sizeof(int), |
6714 | .mode = 0644, |
6715 | .proc_handler = proc_dointvec, |
6716 | }, |
6717 | { |
6718 | .procname = "autoconf" , |
6719 | .data = &ipv6_devconf.autoconf, |
6720 | .maxlen = sizeof(int), |
6721 | .mode = 0644, |
6722 | .proc_handler = proc_dointvec, |
6723 | }, |
6724 | { |
6725 | .procname = "dad_transmits" , |
6726 | .data = &ipv6_devconf.dad_transmits, |
6727 | .maxlen = sizeof(int), |
6728 | .mode = 0644, |
6729 | .proc_handler = proc_dointvec, |
6730 | }, |
6731 | { |
6732 | .procname = "router_solicitations" , |
6733 | .data = &ipv6_devconf.rtr_solicits, |
6734 | .maxlen = sizeof(int), |
6735 | .mode = 0644, |
6736 | .proc_handler = proc_dointvec_minmax, |
6737 | .extra1 = &minus_one, |
6738 | }, |
6739 | { |
6740 | .procname = "router_solicitation_interval" , |
6741 | .data = &ipv6_devconf.rtr_solicit_interval, |
6742 | .maxlen = sizeof(int), |
6743 | .mode = 0644, |
6744 | .proc_handler = proc_dointvec_jiffies, |
6745 | }, |
6746 | { |
6747 | .procname = "router_solicitation_max_interval" , |
6748 | .data = &ipv6_devconf.rtr_solicit_max_interval, |
6749 | .maxlen = sizeof(int), |
6750 | .mode = 0644, |
6751 | .proc_handler = proc_dointvec_jiffies, |
6752 | }, |
6753 | { |
6754 | .procname = "router_solicitation_delay" , |
6755 | .data = &ipv6_devconf.rtr_solicit_delay, |
6756 | .maxlen = sizeof(int), |
6757 | .mode = 0644, |
6758 | .proc_handler = proc_dointvec_jiffies, |
6759 | }, |
6760 | { |
6761 | .procname = "force_mld_version" , |
6762 | .data = &ipv6_devconf.force_mld_version, |
6763 | .maxlen = sizeof(int), |
6764 | .mode = 0644, |
6765 | .proc_handler = proc_dointvec, |
6766 | }, |
6767 | { |
6768 | .procname = "mldv1_unsolicited_report_interval" , |
6769 | .data = |
6770 | &ipv6_devconf.mldv1_unsolicited_report_interval, |
6771 | .maxlen = sizeof(int), |
6772 | .mode = 0644, |
6773 | .proc_handler = proc_dointvec_ms_jiffies, |
6774 | }, |
6775 | { |
6776 | .procname = "mldv2_unsolicited_report_interval" , |
6777 | .data = |
6778 | &ipv6_devconf.mldv2_unsolicited_report_interval, |
6779 | .maxlen = sizeof(int), |
6780 | .mode = 0644, |
6781 | .proc_handler = proc_dointvec_ms_jiffies, |
6782 | }, |
6783 | { |
6784 | .procname = "use_tempaddr" , |
6785 | .data = &ipv6_devconf.use_tempaddr, |
6786 | .maxlen = sizeof(int), |
6787 | .mode = 0644, |
6788 | .proc_handler = proc_dointvec, |
6789 | }, |
6790 | { |
6791 | .procname = "temp_valid_lft" , |
6792 | .data = &ipv6_devconf.temp_valid_lft, |
6793 | .maxlen = sizeof(int), |
6794 | .mode = 0644, |
6795 | .proc_handler = proc_dointvec, |
6796 | }, |
6797 | { |
6798 | .procname = "temp_prefered_lft" , |
6799 | .data = &ipv6_devconf.temp_prefered_lft, |
6800 | .maxlen = sizeof(int), |
6801 | .mode = 0644, |
6802 | .proc_handler = proc_dointvec, |
6803 | }, |
6804 | { |
6805 | .procname = "regen_max_retry" , |
6806 | .data = &ipv6_devconf.regen_max_retry, |
6807 | .maxlen = sizeof(int), |
6808 | .mode = 0644, |
6809 | .proc_handler = proc_dointvec, |
6810 | }, |
6811 | { |
6812 | .procname = "max_desync_factor" , |
6813 | .data = &ipv6_devconf.max_desync_factor, |
6814 | .maxlen = sizeof(int), |
6815 | .mode = 0644, |
6816 | .proc_handler = proc_dointvec, |
6817 | }, |
6818 | { |
6819 | .procname = "max_addresses" , |
6820 | .data = &ipv6_devconf.max_addresses, |
6821 | .maxlen = sizeof(int), |
6822 | .mode = 0644, |
6823 | .proc_handler = proc_dointvec, |
6824 | }, |
6825 | { |
6826 | .procname = "accept_ra_defrtr" , |
6827 | .data = &ipv6_devconf.accept_ra_defrtr, |
6828 | .maxlen = sizeof(int), |
6829 | .mode = 0644, |
6830 | .proc_handler = proc_dointvec, |
6831 | }, |
6832 | { |
6833 | .procname = "ra_defrtr_metric" , |
6834 | .data = &ipv6_devconf.ra_defrtr_metric, |
6835 | .maxlen = sizeof(u32), |
6836 | .mode = 0644, |
6837 | .proc_handler = proc_douintvec_minmax, |
6838 | .extra1 = (void *)SYSCTL_ONE, |
6839 | }, |
6840 | { |
6841 | .procname = "accept_ra_min_hop_limit" , |
6842 | .data = &ipv6_devconf.accept_ra_min_hop_limit, |
6843 | .maxlen = sizeof(int), |
6844 | .mode = 0644, |
6845 | .proc_handler = proc_dointvec, |
6846 | }, |
6847 | { |
6848 | .procname = "accept_ra_min_lft" , |
6849 | .data = &ipv6_devconf.accept_ra_min_lft, |
6850 | .maxlen = sizeof(int), |
6851 | .mode = 0644, |
6852 | .proc_handler = proc_dointvec, |
6853 | }, |
6854 | { |
6855 | .procname = "accept_ra_pinfo" , |
6856 | .data = &ipv6_devconf.accept_ra_pinfo, |
6857 | .maxlen = sizeof(int), |
6858 | .mode = 0644, |
6859 | .proc_handler = proc_dointvec, |
6860 | }, |
6861 | { |
6862 | .procname = "ra_honor_pio_life" , |
6863 | .data = &ipv6_devconf.ra_honor_pio_life, |
6864 | .maxlen = sizeof(u8), |
6865 | .mode = 0644, |
6866 | .proc_handler = proc_dou8vec_minmax, |
6867 | .extra1 = SYSCTL_ZERO, |
6868 | .extra2 = SYSCTL_ONE, |
6869 | }, |
6870 | #ifdef CONFIG_IPV6_ROUTER_PREF |
6871 | { |
6872 | .procname = "accept_ra_rtr_pref" , |
6873 | .data = &ipv6_devconf.accept_ra_rtr_pref, |
6874 | .maxlen = sizeof(int), |
6875 | .mode = 0644, |
6876 | .proc_handler = proc_dointvec, |
6877 | }, |
6878 | { |
6879 | .procname = "router_probe_interval" , |
6880 | .data = &ipv6_devconf.rtr_probe_interval, |
6881 | .maxlen = sizeof(int), |
6882 | .mode = 0644, |
6883 | .proc_handler = proc_dointvec_jiffies, |
6884 | }, |
6885 | #ifdef CONFIG_IPV6_ROUTE_INFO |
6886 | { |
6887 | .procname = "accept_ra_rt_info_min_plen" , |
6888 | .data = &ipv6_devconf.accept_ra_rt_info_min_plen, |
6889 | .maxlen = sizeof(int), |
6890 | .mode = 0644, |
6891 | .proc_handler = proc_dointvec, |
6892 | }, |
6893 | { |
6894 | .procname = "accept_ra_rt_info_max_plen" , |
6895 | .data = &ipv6_devconf.accept_ra_rt_info_max_plen, |
6896 | .maxlen = sizeof(int), |
6897 | .mode = 0644, |
6898 | .proc_handler = proc_dointvec, |
6899 | }, |
6900 | #endif |
6901 | #endif |
6902 | { |
6903 | .procname = "proxy_ndp" , |
6904 | .data = &ipv6_devconf.proxy_ndp, |
6905 | .maxlen = sizeof(int), |
6906 | .mode = 0644, |
6907 | .proc_handler = addrconf_sysctl_proxy_ndp, |
6908 | }, |
6909 | { |
6910 | .procname = "accept_source_route" , |
6911 | .data = &ipv6_devconf.accept_source_route, |
6912 | .maxlen = sizeof(int), |
6913 | .mode = 0644, |
6914 | .proc_handler = proc_dointvec, |
6915 | }, |
6916 | #ifdef CONFIG_IPV6_OPTIMISTIC_DAD |
6917 | { |
6918 | .procname = "optimistic_dad" , |
6919 | .data = &ipv6_devconf.optimistic_dad, |
6920 | .maxlen = sizeof(int), |
6921 | .mode = 0644, |
6922 | .proc_handler = proc_dointvec, |
6923 | }, |
6924 | { |
6925 | .procname = "use_optimistic" , |
6926 | .data = &ipv6_devconf.use_optimistic, |
6927 | .maxlen = sizeof(int), |
6928 | .mode = 0644, |
6929 | .proc_handler = proc_dointvec, |
6930 | }, |
6931 | #endif |
6932 | #ifdef CONFIG_IPV6_MROUTE |
6933 | { |
6934 | .procname = "mc_forwarding" , |
6935 | .data = &ipv6_devconf.mc_forwarding, |
6936 | .maxlen = sizeof(int), |
6937 | .mode = 0444, |
6938 | .proc_handler = proc_dointvec, |
6939 | }, |
6940 | #endif |
6941 | { |
6942 | .procname = "disable_ipv6" , |
6943 | .data = &ipv6_devconf.disable_ipv6, |
6944 | .maxlen = sizeof(int), |
6945 | .mode = 0644, |
6946 | .proc_handler = addrconf_sysctl_disable, |
6947 | }, |
6948 | { |
6949 | .procname = "accept_dad" , |
6950 | .data = &ipv6_devconf.accept_dad, |
6951 | .maxlen = sizeof(int), |
6952 | .mode = 0644, |
6953 | .proc_handler = proc_dointvec, |
6954 | }, |
6955 | { |
6956 | .procname = "force_tllao" , |
6957 | .data = &ipv6_devconf.force_tllao, |
6958 | .maxlen = sizeof(int), |
6959 | .mode = 0644, |
6960 | .proc_handler = proc_dointvec |
6961 | }, |
6962 | { |
6963 | .procname = "ndisc_notify" , |
6964 | .data = &ipv6_devconf.ndisc_notify, |
6965 | .maxlen = sizeof(int), |
6966 | .mode = 0644, |
6967 | .proc_handler = proc_dointvec |
6968 | }, |
6969 | { |
6970 | .procname = "suppress_frag_ndisc" , |
6971 | .data = &ipv6_devconf.suppress_frag_ndisc, |
6972 | .maxlen = sizeof(int), |
6973 | .mode = 0644, |
6974 | .proc_handler = proc_dointvec |
6975 | }, |
6976 | { |
6977 | .procname = "accept_ra_from_local" , |
6978 | .data = &ipv6_devconf.accept_ra_from_local, |
6979 | .maxlen = sizeof(int), |
6980 | .mode = 0644, |
6981 | .proc_handler = proc_dointvec, |
6982 | }, |
6983 | { |
6984 | .procname = "accept_ra_mtu" , |
6985 | .data = &ipv6_devconf.accept_ra_mtu, |
6986 | .maxlen = sizeof(int), |
6987 | .mode = 0644, |
6988 | .proc_handler = proc_dointvec, |
6989 | }, |
6990 | { |
6991 | .procname = "stable_secret" , |
6992 | .data = &ipv6_devconf.stable_secret, |
6993 | .maxlen = IPV6_MAX_STRLEN, |
6994 | .mode = 0600, |
6995 | .proc_handler = addrconf_sysctl_stable_secret, |
6996 | }, |
6997 | { |
6998 | .procname = "use_oif_addrs_only" , |
6999 | .data = &ipv6_devconf.use_oif_addrs_only, |
7000 | .maxlen = sizeof(int), |
7001 | .mode = 0644, |
7002 | .proc_handler = proc_dointvec, |
7003 | }, |
7004 | { |
7005 | .procname = "ignore_routes_with_linkdown" , |
7006 | .data = &ipv6_devconf.ignore_routes_with_linkdown, |
7007 | .maxlen = sizeof(int), |
7008 | .mode = 0644, |
7009 | .proc_handler = addrconf_sysctl_ignore_routes_with_linkdown, |
7010 | }, |
7011 | { |
7012 | .procname = "drop_unicast_in_l2_multicast" , |
7013 | .data = &ipv6_devconf.drop_unicast_in_l2_multicast, |
7014 | .maxlen = sizeof(int), |
7015 | .mode = 0644, |
7016 | .proc_handler = proc_dointvec, |
7017 | }, |
7018 | { |
7019 | .procname = "drop_unsolicited_na" , |
7020 | .data = &ipv6_devconf.drop_unsolicited_na, |
7021 | .maxlen = sizeof(int), |
7022 | .mode = 0644, |
7023 | .proc_handler = proc_dointvec, |
7024 | }, |
7025 | { |
7026 | .procname = "keep_addr_on_down" , |
7027 | .data = &ipv6_devconf.keep_addr_on_down, |
7028 | .maxlen = sizeof(int), |
7029 | .mode = 0644, |
7030 | .proc_handler = proc_dointvec, |
7031 | |
7032 | }, |
7033 | { |
7034 | .procname = "seg6_enabled" , |
7035 | .data = &ipv6_devconf.seg6_enabled, |
7036 | .maxlen = sizeof(int), |
7037 | .mode = 0644, |
7038 | .proc_handler = proc_dointvec, |
7039 | }, |
7040 | #ifdef CONFIG_IPV6_SEG6_HMAC |
7041 | { |
7042 | .procname = "seg6_require_hmac" , |
7043 | .data = &ipv6_devconf.seg6_require_hmac, |
7044 | .maxlen = sizeof(int), |
7045 | .mode = 0644, |
7046 | .proc_handler = proc_dointvec, |
7047 | }, |
7048 | #endif |
7049 | { |
7050 | .procname = "enhanced_dad" , |
7051 | .data = &ipv6_devconf.enhanced_dad, |
7052 | .maxlen = sizeof(int), |
7053 | .mode = 0644, |
7054 | .proc_handler = proc_dointvec, |
7055 | }, |
7056 | { |
7057 | .procname = "addr_gen_mode" , |
7058 | .data = &ipv6_devconf.addr_gen_mode, |
7059 | .maxlen = sizeof(int), |
7060 | .mode = 0644, |
7061 | .proc_handler = addrconf_sysctl_addr_gen_mode, |
7062 | }, |
7063 | { |
7064 | .procname = "disable_policy" , |
7065 | .data = &ipv6_devconf.disable_policy, |
7066 | .maxlen = sizeof(int), |
7067 | .mode = 0644, |
7068 | .proc_handler = addrconf_sysctl_disable_policy, |
7069 | }, |
7070 | { |
7071 | .procname = "ndisc_tclass" , |
7072 | .data = &ipv6_devconf.ndisc_tclass, |
7073 | .maxlen = sizeof(int), |
7074 | .mode = 0644, |
7075 | .proc_handler = proc_dointvec_minmax, |
7076 | .extra1 = (void *)SYSCTL_ZERO, |
7077 | .extra2 = (void *)&two_five_five, |
7078 | }, |
7079 | { |
7080 | .procname = "rpl_seg_enabled" , |
7081 | .data = &ipv6_devconf.rpl_seg_enabled, |
7082 | .maxlen = sizeof(int), |
7083 | .mode = 0644, |
7084 | .proc_handler = proc_dointvec, |
7085 | }, |
7086 | { |
7087 | .procname = "ioam6_enabled" , |
7088 | .data = &ipv6_devconf.ioam6_enabled, |
7089 | .maxlen = sizeof(u8), |
7090 | .mode = 0644, |
7091 | .proc_handler = proc_dou8vec_minmax, |
7092 | .extra1 = (void *)SYSCTL_ZERO, |
7093 | .extra2 = (void *)SYSCTL_ONE, |
7094 | }, |
7095 | { |
7096 | .procname = "ioam6_id" , |
7097 | .data = &ipv6_devconf.ioam6_id, |
7098 | .maxlen = sizeof(u32), |
7099 | .mode = 0644, |
7100 | .proc_handler = proc_douintvec_minmax, |
7101 | .extra1 = (void *)SYSCTL_ZERO, |
7102 | .extra2 = (void *)&ioam6_if_id_max, |
7103 | }, |
7104 | { |
7105 | .procname = "ioam6_id_wide" , |
7106 | .data = &ipv6_devconf.ioam6_id_wide, |
7107 | .maxlen = sizeof(u32), |
7108 | .mode = 0644, |
7109 | .proc_handler = proc_douintvec, |
7110 | }, |
7111 | { |
7112 | .procname = "ndisc_evict_nocarrier" , |
7113 | .data = &ipv6_devconf.ndisc_evict_nocarrier, |
7114 | .maxlen = sizeof(u8), |
7115 | .mode = 0644, |
7116 | .proc_handler = proc_dou8vec_minmax, |
7117 | .extra1 = (void *)SYSCTL_ZERO, |
7118 | .extra2 = (void *)SYSCTL_ONE, |
7119 | }, |
7120 | { |
7121 | .procname = "accept_untracked_na" , |
7122 | .data = &ipv6_devconf.accept_untracked_na, |
7123 | .maxlen = sizeof(int), |
7124 | .mode = 0644, |
7125 | .proc_handler = proc_dointvec_minmax, |
7126 | .extra1 = SYSCTL_ZERO, |
7127 | .extra2 = SYSCTL_TWO, |
7128 | }, |
7129 | { |
7130 | /* sentinel */ |
7131 | } |
7132 | }; |
7133 | |
7134 | static int __addrconf_sysctl_register(struct net *net, char *dev_name, |
7135 | struct inet6_dev *idev, struct ipv6_devconf *p) |
7136 | { |
7137 | int i, ifindex; |
7138 | struct ctl_table *table; |
7139 | char path[sizeof("net/ipv6/conf/" ) + IFNAMSIZ]; |
7140 | |
7141 | table = kmemdup(p: addrconf_sysctl, size: sizeof(addrconf_sysctl), GFP_KERNEL_ACCOUNT); |
7142 | if (!table) |
7143 | goto out; |
7144 | |
7145 | for (i = 0; table[i].data; i++) { |
7146 | table[i].data += (char *)p - (char *)&ipv6_devconf; |
7147 | /* If one of these is already set, then it is not safe to |
7148 | * overwrite either of them: this makes proc_dointvec_minmax |
7149 | * usable. |
7150 | */ |
7151 | if (!table[i].extra1 && !table[i].extra2) { |
7152 | table[i].extra1 = idev; /* embedded; no ref */ |
7153 | table[i].extra2 = net; |
7154 | } |
7155 | } |
7156 | |
7157 | snprintf(buf: path, size: sizeof(path), fmt: "net/ipv6/conf/%s" , dev_name); |
7158 | |
7159 | p->sysctl_header = register_net_sysctl_sz(net, path, table, |
7160 | ARRAY_SIZE(addrconf_sysctl)); |
7161 | if (!p->sysctl_header) |
7162 | goto free; |
7163 | |
7164 | if (!strcmp(dev_name, "all" )) |
7165 | ifindex = NETCONFA_IFINDEX_ALL; |
7166 | else if (!strcmp(dev_name, "default" )) |
7167 | ifindex = NETCONFA_IFINDEX_DEFAULT; |
7168 | else |
7169 | ifindex = idev->dev->ifindex; |
7170 | inet6_netconf_notify_devconf(net, RTM_NEWNETCONF, NETCONFA_ALL, |
7171 | ifindex, devconf: p); |
7172 | return 0; |
7173 | |
7174 | free: |
7175 | kfree(objp: table); |
7176 | out: |
7177 | return -ENOBUFS; |
7178 | } |
7179 | |
7180 | static void __addrconf_sysctl_unregister(struct net *net, |
7181 | struct ipv6_devconf *p, int ifindex) |
7182 | { |
7183 | struct ctl_table *table; |
7184 | |
7185 | if (!p->sysctl_header) |
7186 | return; |
7187 | |
7188 | table = p->sysctl_header->ctl_table_arg; |
7189 | unregister_net_sysctl_table(header: p->sysctl_header); |
7190 | p->sysctl_header = NULL; |
7191 | kfree(objp: table); |
7192 | |
7193 | inet6_netconf_notify_devconf(net, RTM_DELNETCONF, type: 0, ifindex, NULL); |
7194 | } |
7195 | |
7196 | static int addrconf_sysctl_register(struct inet6_dev *idev) |
7197 | { |
7198 | int err; |
7199 | |
7200 | if (!sysctl_dev_name_is_allowed(name: idev->dev->name)) |
7201 | return -EINVAL; |
7202 | |
7203 | err = neigh_sysctl_register(dev: idev->dev, p: idev->nd_parms, |
7204 | proc_handler: &ndisc_ifinfo_sysctl_change); |
7205 | if (err) |
7206 | return err; |
7207 | err = __addrconf_sysctl_register(net: dev_net(dev: idev->dev), dev_name: idev->dev->name, |
7208 | idev, p: &idev->cnf); |
7209 | if (err) |
7210 | neigh_sysctl_unregister(p: idev->nd_parms); |
7211 | |
7212 | return err; |
7213 | } |
7214 | |
7215 | static void addrconf_sysctl_unregister(struct inet6_dev *idev) |
7216 | { |
7217 | __addrconf_sysctl_unregister(net: dev_net(dev: idev->dev), p: &idev->cnf, |
7218 | ifindex: idev->dev->ifindex); |
7219 | neigh_sysctl_unregister(p: idev->nd_parms); |
7220 | } |
7221 | |
7222 | |
7223 | #endif |
7224 | |
7225 | static int __net_init addrconf_init_net(struct net *net) |
7226 | { |
7227 | int err = -ENOMEM; |
7228 | struct ipv6_devconf *all, *dflt; |
7229 | |
7230 | spin_lock_init(&net->ipv6.addrconf_hash_lock); |
7231 | INIT_DEFERRABLE_WORK(&net->ipv6.addr_chk_work, addrconf_verify_work); |
7232 | net->ipv6.inet6_addr_lst = kcalloc(IN6_ADDR_HSIZE, |
7233 | size: sizeof(struct hlist_head), |
7234 | GFP_KERNEL); |
7235 | if (!net->ipv6.inet6_addr_lst) |
7236 | goto err_alloc_addr; |
7237 | |
7238 | all = kmemdup(p: &ipv6_devconf, size: sizeof(ipv6_devconf), GFP_KERNEL); |
7239 | if (!all) |
7240 | goto err_alloc_all; |
7241 | |
7242 | dflt = kmemdup(p: &ipv6_devconf_dflt, size: sizeof(ipv6_devconf_dflt), GFP_KERNEL); |
7243 | if (!dflt) |
7244 | goto err_alloc_dflt; |
7245 | |
7246 | if (!net_eq(net1: net, net2: &init_net)) { |
7247 | switch (net_inherit_devconf()) { |
7248 | case 1: /* copy from init_net */ |
7249 | memcpy(all, init_net.ipv6.devconf_all, |
7250 | sizeof(ipv6_devconf)); |
7251 | memcpy(dflt, init_net.ipv6.devconf_dflt, |
7252 | sizeof(ipv6_devconf_dflt)); |
7253 | break; |
7254 | case 3: /* copy from the current netns */ |
7255 | memcpy(all, current->nsproxy->net_ns->ipv6.devconf_all, |
7256 | sizeof(ipv6_devconf)); |
7257 | memcpy(dflt, |
7258 | current->nsproxy->net_ns->ipv6.devconf_dflt, |
7259 | sizeof(ipv6_devconf_dflt)); |
7260 | break; |
7261 | case 0: |
7262 | case 2: |
7263 | /* use compiled values */ |
7264 | break; |
7265 | } |
7266 | } |
7267 | |
7268 | /* these will be inherited by all namespaces */ |
7269 | dflt->autoconf = ipv6_defaults.autoconf; |
7270 | dflt->disable_ipv6 = ipv6_defaults.disable_ipv6; |
7271 | |
7272 | dflt->stable_secret.initialized = false; |
7273 | all->stable_secret.initialized = false; |
7274 | |
7275 | net->ipv6.devconf_all = all; |
7276 | net->ipv6.devconf_dflt = dflt; |
7277 | |
7278 | #ifdef CONFIG_SYSCTL |
7279 | err = __addrconf_sysctl_register(net, dev_name: "all" , NULL, p: all); |
7280 | if (err < 0) |
7281 | goto err_reg_all; |
7282 | |
7283 | err = __addrconf_sysctl_register(net, dev_name: "default" , NULL, p: dflt); |
7284 | if (err < 0) |
7285 | goto err_reg_dflt; |
7286 | #endif |
7287 | return 0; |
7288 | |
7289 | #ifdef CONFIG_SYSCTL |
7290 | err_reg_dflt: |
7291 | __addrconf_sysctl_unregister(net, p: all, NETCONFA_IFINDEX_ALL); |
7292 | err_reg_all: |
7293 | kfree(objp: dflt); |
7294 | net->ipv6.devconf_dflt = NULL; |
7295 | #endif |
7296 | err_alloc_dflt: |
7297 | kfree(objp: all); |
7298 | net->ipv6.devconf_all = NULL; |
7299 | err_alloc_all: |
7300 | kfree(objp: net->ipv6.inet6_addr_lst); |
7301 | err_alloc_addr: |
7302 | return err; |
7303 | } |
7304 | |
7305 | static void __net_exit addrconf_exit_net(struct net *net) |
7306 | { |
7307 | int i; |
7308 | |
7309 | #ifdef CONFIG_SYSCTL |
7310 | __addrconf_sysctl_unregister(net, p: net->ipv6.devconf_dflt, |
7311 | NETCONFA_IFINDEX_DEFAULT); |
7312 | __addrconf_sysctl_unregister(net, p: net->ipv6.devconf_all, |
7313 | NETCONFA_IFINDEX_ALL); |
7314 | #endif |
7315 | kfree(objp: net->ipv6.devconf_dflt); |
7316 | net->ipv6.devconf_dflt = NULL; |
7317 | kfree(objp: net->ipv6.devconf_all); |
7318 | net->ipv6.devconf_all = NULL; |
7319 | |
7320 | cancel_delayed_work_sync(dwork: &net->ipv6.addr_chk_work); |
7321 | /* |
7322 | * Check hash table, then free it. |
7323 | */ |
7324 | for (i = 0; i < IN6_ADDR_HSIZE; i++) |
7325 | WARN_ON_ONCE(!hlist_empty(&net->ipv6.inet6_addr_lst[i])); |
7326 | |
7327 | kfree(objp: net->ipv6.inet6_addr_lst); |
7328 | net->ipv6.inet6_addr_lst = NULL; |
7329 | } |
7330 | |
7331 | static struct pernet_operations addrconf_ops = { |
7332 | .init = addrconf_init_net, |
7333 | .exit = addrconf_exit_net, |
7334 | }; |
7335 | |
7336 | static struct rtnl_af_ops inet6_ops __read_mostly = { |
7337 | .family = AF_INET6, |
7338 | .fill_link_af = inet6_fill_link_af, |
7339 | .get_link_af_size = inet6_get_link_af_size, |
7340 | .validate_link_af = inet6_validate_link_af, |
7341 | .set_link_af = inet6_set_link_af, |
7342 | }; |
7343 | |
7344 | /* |
7345 | * Init / cleanup code |
7346 | */ |
7347 | |
7348 | int __init addrconf_init(void) |
7349 | { |
7350 | struct inet6_dev *idev; |
7351 | int err; |
7352 | |
7353 | err = ipv6_addr_label_init(); |
7354 | if (err < 0) { |
7355 | pr_crit("%s: cannot initialize default policy table: %d\n" , |
7356 | __func__, err); |
7357 | goto out; |
7358 | } |
7359 | |
7360 | err = register_pernet_subsys(&addrconf_ops); |
7361 | if (err < 0) |
7362 | goto out_addrlabel; |
7363 | |
7364 | addrconf_wq = create_workqueue("ipv6_addrconf" ); |
7365 | if (!addrconf_wq) { |
7366 | err = -ENOMEM; |
7367 | goto out_nowq; |
7368 | } |
7369 | |
7370 | rtnl_lock(); |
7371 | idev = ipv6_add_dev(dev: blackhole_netdev); |
7372 | rtnl_unlock(); |
7373 | if (IS_ERR(ptr: idev)) { |
7374 | err = PTR_ERR(ptr: idev); |
7375 | goto errlo; |
7376 | } |
7377 | |
7378 | ip6_route_init_special_entries(); |
7379 | |
7380 | register_netdevice_notifier(nb: &ipv6_dev_notf); |
7381 | |
7382 | addrconf_verify(net: &init_net); |
7383 | |
7384 | rtnl_af_register(ops: &inet6_ops); |
7385 | |
7386 | err = rtnl_register_module(THIS_MODULE, PF_INET6, RTM_GETLINK, |
7387 | NULL, inet6_dump_ifinfo, flags: 0); |
7388 | if (err < 0) |
7389 | goto errout; |
7390 | |
7391 | err = rtnl_register_module(THIS_MODULE, PF_INET6, RTM_NEWADDR, |
7392 | inet6_rtm_newaddr, NULL, flags: 0); |
7393 | if (err < 0) |
7394 | goto errout; |
7395 | err = rtnl_register_module(THIS_MODULE, PF_INET6, RTM_DELADDR, |
7396 | inet6_rtm_deladdr, NULL, flags: 0); |
7397 | if (err < 0) |
7398 | goto errout; |
7399 | err = rtnl_register_module(THIS_MODULE, PF_INET6, RTM_GETADDR, |
7400 | inet6_rtm_getaddr, inet6_dump_ifaddr, |
7401 | flags: RTNL_FLAG_DOIT_UNLOCKED); |
7402 | if (err < 0) |
7403 | goto errout; |
7404 | err = rtnl_register_module(THIS_MODULE, PF_INET6, RTM_GETMULTICAST, |
7405 | NULL, inet6_dump_ifmcaddr, flags: 0); |
7406 | if (err < 0) |
7407 | goto errout; |
7408 | err = rtnl_register_module(THIS_MODULE, PF_INET6, RTM_GETANYCAST, |
7409 | NULL, inet6_dump_ifacaddr, flags: 0); |
7410 | if (err < 0) |
7411 | goto errout; |
7412 | err = rtnl_register_module(THIS_MODULE, PF_INET6, RTM_GETNETCONF, |
7413 | inet6_netconf_get_devconf, |
7414 | inet6_netconf_dump_devconf, |
7415 | flags: RTNL_FLAG_DOIT_UNLOCKED); |
7416 | if (err < 0) |
7417 | goto errout; |
7418 | err = ipv6_addr_label_rtnl_register(); |
7419 | if (err < 0) |
7420 | goto errout; |
7421 | |
7422 | return 0; |
7423 | errout: |
7424 | rtnl_unregister_all(PF_INET6); |
7425 | rtnl_af_unregister(ops: &inet6_ops); |
7426 | unregister_netdevice_notifier(nb: &ipv6_dev_notf); |
7427 | errlo: |
7428 | destroy_workqueue(wq: addrconf_wq); |
7429 | out_nowq: |
7430 | unregister_pernet_subsys(&addrconf_ops); |
7431 | out_addrlabel: |
7432 | ipv6_addr_label_cleanup(); |
7433 | out: |
7434 | return err; |
7435 | } |
7436 | |
7437 | void addrconf_cleanup(void) |
7438 | { |
7439 | struct net_device *dev; |
7440 | |
7441 | unregister_netdevice_notifier(nb: &ipv6_dev_notf); |
7442 | unregister_pernet_subsys(&addrconf_ops); |
7443 | ipv6_addr_label_cleanup(); |
7444 | |
7445 | rtnl_af_unregister(ops: &inet6_ops); |
7446 | |
7447 | rtnl_lock(); |
7448 | |
7449 | /* clean dev list */ |
7450 | for_each_netdev(&init_net, dev) { |
7451 | if (__in6_dev_get(dev) == NULL) |
7452 | continue; |
7453 | addrconf_ifdown(dev, unregister: true); |
7454 | } |
7455 | addrconf_ifdown(dev: init_net.loopback_dev, unregister: true); |
7456 | |
7457 | rtnl_unlock(); |
7458 | |
7459 | destroy_workqueue(wq: addrconf_wq); |
7460 | } |
7461 | |