projects / releases.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
GNU Linux-libre 4.19.286-gnu1
[releases.git] / net / ipv4 / igmp.c
1 /*
2  *      Linux NET3:     Internet Group Management Protocol  [IGMP]
3  *
4  *      This code implements the IGMP protocol as defined in RFC1112. There has
5  *      been a further revision of this protocol since which is now supported.
6  *
7  *      If you have trouble with this module be careful what gcc you have used,
8  *      the older version didn't come out right using gcc 2.5.8, the newer one
9  *      seems to fall out with gcc 2.6.2.
10  *
11  *      Authors:
12  *              Alan Cox <alan@lxorguk.ukuu.org.uk>
13  *
14  *      This program is free software; you can redistribute it and/or
15  *      modify it under the terms of the GNU General Public License
16  *      as published by the Free Software Foundation; either version
17  *      2 of the License, or (at your option) any later version.
18  *
19  *      Fixes:
20  *
21  *              Alan Cox        :       Added lots of __inline__ to optimise
22  *                                      the memory usage of all the tiny little
23  *                                      functions.
24  *              Alan Cox        :       Dumped the header building experiment.
25  *              Alan Cox        :       Minor tweaks ready for multicast routing
26  *                                      and extended IGMP protocol.
27  *              Alan Cox        :       Removed a load of inline directives. Gcc 2.5.8
28  *                                      writes utterly bogus code otherwise (sigh)
29  *                                      fixed IGMP loopback to behave in the manner
30  *                                      desired by mrouted, fixed the fact it has been
31  *                                      broken since 1.3.6 and cleaned up a few minor
32  *                                      points.
33  *
34  *              Chih-Jen Chang  :       Tried to revise IGMP to Version 2
35  *              Tsu-Sheng Tsao          E-mail: chihjenc@scf.usc.edu and tsusheng@scf.usc.edu
36  *                                      The enhancements are mainly based on Steve Deering's
37  *                                      ipmulti-3.5 source code.
38  *              Chih-Jen Chang  :       Added the igmp_get_mrouter_info and
39  *              Tsu-Sheng Tsao          igmp_set_mrouter_info to keep track of
40  *                                      the mrouted version on that device.
41  *              Chih-Jen Chang  :       Added the max_resp_time parameter to
42  *              Tsu-Sheng Tsao          igmp_heard_query(). Using this parameter
43  *                                      to identify the multicast router version
44  *                                      and do what the IGMP version 2 specified.
45  *              Chih-Jen Chang  :       Added a timer to revert to IGMP V2 router
46  *              Tsu-Sheng Tsao          if the specified time expired.
47  *              Alan Cox        :       Stop IGMP from 0.0.0.0 being accepted.
48  *              Alan Cox        :       Use GFP_ATOMIC in the right places.
49  *              Christian Daudt :       igmp timer wasn't set for local group
50  *                                      memberships but was being deleted,
51  *                                      which caused a "del_timer() called
52  *                                      from %p with timer not initialized\n"
53  *                                      message (960131).
54  *              Christian Daudt :       removed del_timer from
55  *                                      igmp_timer_expire function (960205).
56  *             Christian Daudt :       igmp_heard_report now only calls
57  *                                     igmp_timer_expire if tm->running is
58  *                                     true (960216).
59  *              Malcolm Beattie :       ttl comparison wrong in igmp_rcv made
60  *                                      igmp_heard_query never trigger. Expiry
61  *                                      miscalculation fixed in igmp_heard_query
62  *                                      and random() made to return unsigned to
63  *                                      prevent negative expiry times.
64  *              Alexey Kuznetsov:       Wrong group leaving behaviour, backport
65  *                                      fix from pending 2.1.x patches.
66  *              Alan Cox:               Forget to enable FDDI support earlier.
67  *              Alexey Kuznetsov:       Fixed leaving groups on device down.
68  *              Alexey Kuznetsov:       Accordance to igmp-v2-06 draft.
69  *              David L Stevens:        IGMPv3 support, with help from
70  *                                      Vinay Kulkarni
71  */
72
73 #include <linux/module.h>
74 #include <linux/slab.h>
75 #include <linux/uaccess.h>
76 #include <linux/types.h>
77 #include <linux/kernel.h>
78 #include <linux/jiffies.h>
79 #include <linux/string.h>
80 #include <linux/socket.h>
81 #include <linux/sockios.h>
82 #include <linux/in.h>
83 #include <linux/inet.h>
84 #include <linux/netdevice.h>
85 #include <linux/skbuff.h>
86 #include <linux/inetdevice.h>
87 #include <linux/igmp.h>
88 #include <linux/if_arp.h>
89 #include <linux/rtnetlink.h>
90 #include <linux/times.h>
91 #include <linux/pkt_sched.h>
92 #include <linux/byteorder/generic.h>
93
94 #include <net/net_namespace.h>
95 #include <net/arp.h>
96 #include <net/ip.h>
97 #include <net/protocol.h>
98 #include <net/route.h>
99 #include <net/sock.h>
100 #include <net/checksum.h>
101 #include <net/inet_common.h>
102 #include <linux/netfilter_ipv4.h>
103 #ifdef CONFIG_IP_MROUTE
104 #include <linux/mroute.h>
105 #endif
106 #ifdef CONFIG_PROC_FS
107 #include <linux/proc_fs.h>
108 #include <linux/seq_file.h>
109 #endif
110
111 #ifdef CONFIG_IP_MULTICAST
112 /* Parameter names and values are taken from igmp-v2-06 draft */
113
114 #define IGMP_V2_UNSOLICITED_REPORT_INTERVAL     (10*HZ)
115 #define IGMP_V3_UNSOLICITED_REPORT_INTERVAL     (1*HZ)
116 #define IGMP_QUERY_INTERVAL                     (125*HZ)
117 #define IGMP_QUERY_RESPONSE_INTERVAL            (10*HZ)
118
119 #define IGMP_INITIAL_REPORT_DELAY               (1)
120
121 /* IGMP_INITIAL_REPORT_DELAY is not from IGMP specs!
122  * IGMP specs require to report membership immediately after
123  * joining a group, but we delay the first report by a
124  * small interval. It seems more natural and still does not
125  * contradict to specs provided this delay is small enough.
126  */
127
128 #define IGMP_V1_SEEN(in_dev) \
129         (IPV4_DEVCONF_ALL(dev_net(in_dev->dev), FORCE_IGMP_VERSION) == 1 || \
130          IN_DEV_CONF_GET((in_dev), FORCE_IGMP_VERSION) == 1 || \
131          ((in_dev)->mr_v1_seen && \
132           time_before(jiffies, (in_dev)->mr_v1_seen)))
133 #define IGMP_V2_SEEN(in_dev) \
134         (IPV4_DEVCONF_ALL(dev_net(in_dev->dev), FORCE_IGMP_VERSION) == 2 || \
135          IN_DEV_CONF_GET((in_dev), FORCE_IGMP_VERSION) == 2 || \
136          ((in_dev)->mr_v2_seen && \
137           time_before(jiffies, (in_dev)->mr_v2_seen)))
138
139 static int unsolicited_report_interval(struct in_device *in_dev)
140 {
141         int interval_ms, interval_jiffies;
142
143         if (IGMP_V1_SEEN(in_dev) || IGMP_V2_SEEN(in_dev))
144                 interval_ms = IN_DEV_CONF_GET(
145                         in_dev,
146                         IGMPV2_UNSOLICITED_REPORT_INTERVAL);
147         else /* v3 */
148                 interval_ms = IN_DEV_CONF_GET(
149                         in_dev,
150                         IGMPV3_UNSOLICITED_REPORT_INTERVAL);
151
152         interval_jiffies = msecs_to_jiffies(interval_ms);
153
154         /* _timer functions can't handle a delay of 0 jiffies so ensure
155          *  we always return a positive value.
156          */
157         if (interval_jiffies <= 0)
158                 interval_jiffies = 1;
159         return interval_jiffies;
160 }
161
162 static void igmpv3_add_delrec(struct in_device *in_dev, struct ip_mc_list *im);
163 static void igmpv3_del_delrec(struct in_device *in_dev, struct ip_mc_list *im);
164 static void igmpv3_clear_delrec(struct in_device *in_dev);
165 static int sf_setstate(struct ip_mc_list *pmc);
166 static void sf_markstate(struct ip_mc_list *pmc);
167 #endif
168 static void ip_mc_clear_src(struct ip_mc_list *pmc);
169 static int ip_mc_add_src(struct in_device *in_dev, __be32 *pmca, int sfmode,
170                          int sfcount, __be32 *psfsrc, int delta);
171
172 static void ip_ma_put(struct ip_mc_list *im)
173 {
174         if (refcount_dec_and_test(&im->refcnt)) {
175                 in_dev_put(im->interface);
176                 kfree_rcu(im, rcu);
177         }
178 }
179
180 #define for_each_pmc_rcu(in_dev, pmc)                           \
181         for (pmc = rcu_dereference(in_dev->mc_list);            \
182              pmc != NULL;                                       \
183              pmc = rcu_dereference(pmc->next_rcu))
184
185 #define for_each_pmc_rtnl(in_dev, pmc)                          \
186         for (pmc = rtnl_dereference(in_dev->mc_list);           \
187              pmc != NULL;                                       \
188              pmc = rtnl_dereference(pmc->next_rcu))
189
190 static void ip_sf_list_clear_all(struct ip_sf_list *psf)
191 {
192         struct ip_sf_list *next;
193
194         while (psf) {
195                 next = psf->sf_next;
196                 kfree(psf);
197                 psf = next;
198         }
199 }
200
201 #ifdef CONFIG_IP_MULTICAST
202
203 /*
204  *      Timer management
205  */
206
207 static void igmp_stop_timer(struct ip_mc_list *im)
208 {
209         spin_lock_bh(&im->lock);
210         if (del_timer(&im->timer))
211                 refcount_dec(&im->refcnt);
212         im->tm_running = 0;
213         im->reporter = 0;
214         im->unsolicit_count = 0;
215         spin_unlock_bh(&im->lock);
216 }
217
218 /* It must be called with locked im->lock */
219 static void igmp_start_timer(struct ip_mc_list *im, int max_delay)
220 {
221         int tv = prandom_u32() % max_delay;
222
223         im->tm_running = 1;
224         if (!mod_timer(&im->timer, jiffies+tv+2))
225                 refcount_inc(&im->refcnt);
226 }
227
228 static void igmp_gq_start_timer(struct in_device *in_dev)
229 {
230         int tv = prandom_u32() % in_dev->mr_maxdelay;
231         unsigned long exp = jiffies + tv + 2;
232
233         if (in_dev->mr_gq_running &&
234             time_after_eq(exp, (in_dev->mr_gq_timer).expires))
235                 return;
236
237         in_dev->mr_gq_running = 1;
238         if (!mod_timer(&in_dev->mr_gq_timer, exp))
239                 in_dev_hold(in_dev);
240 }
241
242 static void igmp_ifc_start_timer(struct in_device *in_dev, int delay)
243 {
244         int tv = prandom_u32() % delay;
245
246         if (!mod_timer(&in_dev->mr_ifc_timer, jiffies+tv+2))
247                 in_dev_hold(in_dev);
248 }
249
250 static void igmp_mod_timer(struct ip_mc_list *im, int max_delay)
251 {
252         spin_lock_bh(&im->lock);
253         im->unsolicit_count = 0;
254         if (del_timer(&im->timer)) {
255                 if ((long)(im->timer.expires-jiffies) < max_delay) {
256                         add_timer(&im->timer);
257                         im->tm_running = 1;
258                         spin_unlock_bh(&im->lock);
259                         return;
260                 }
261                 refcount_dec(&im->refcnt);
262         }
263         igmp_start_timer(im, max_delay);
264         spin_unlock_bh(&im->lock);
265 }
266
267
268 /*
269  *      Send an IGMP report.
270  */
271
272 #define IGMP_SIZE (sizeof(struct igmphdr)+sizeof(struct iphdr)+4)
273
274
275 static int is_in(struct ip_mc_list *pmc, struct ip_sf_list *psf, int type,
276         int gdeleted, int sdeleted)
277 {
278         switch (type) {
279         case IGMPV3_MODE_IS_INCLUDE:
280         case IGMPV3_MODE_IS_EXCLUDE:
281                 if (gdeleted || sdeleted)
282                         return 0;
283                 if (!(pmc->gsquery && !psf->sf_gsresp)) {
284                         if (pmc->sfmode == MCAST_INCLUDE)
285                                 return 1;
286                         /* don't include if this source is excluded
287                          * in all filters
288                          */
289                         if (psf->sf_count[MCAST_INCLUDE])
290                                 return type == IGMPV3_MODE_IS_INCLUDE;
291                         return pmc->sfcount[MCAST_EXCLUDE] ==
292                                 psf->sf_count[MCAST_EXCLUDE];
293                 }
294                 return 0;
295         case IGMPV3_CHANGE_TO_INCLUDE:
296                 if (gdeleted || sdeleted)
297                         return 0;
298                 return psf->sf_count[MCAST_INCLUDE] != 0;
299         case IGMPV3_CHANGE_TO_EXCLUDE:
300                 if (gdeleted || sdeleted)
301                         return 0;
302                 if (pmc->sfcount[MCAST_EXCLUDE] == 0 ||
303                     psf->sf_count[MCAST_INCLUDE])
304                         return 0;
305                 return pmc->sfcount[MCAST_EXCLUDE] ==
306                         psf->sf_count[MCAST_EXCLUDE];
307         case IGMPV3_ALLOW_NEW_SOURCES:
308                 if (gdeleted || !psf->sf_crcount)
309                         return 0;
310                 return (pmc->sfmode == MCAST_INCLUDE) ^ sdeleted;
311         case IGMPV3_BLOCK_OLD_SOURCES:
312                 if (pmc->sfmode == MCAST_INCLUDE)
313                         return gdeleted || (psf->sf_crcount && sdeleted);
314                 return psf->sf_crcount && !gdeleted && !sdeleted;
315         }
316         return 0;
317 }
318
319 static int
320 igmp_scount(struct ip_mc_list *pmc, int type, int gdeleted, int sdeleted)
321 {
322         struct ip_sf_list *psf;
323         int scount = 0;
324
325         for (psf = pmc->sources; psf; psf = psf->sf_next) {
326                 if (!is_in(pmc, psf, type, gdeleted, sdeleted))
327                         continue;
328                 scount++;
329         }
330         return scount;
331 }
332
333 /* source address selection per RFC 3376 section 4.2.13 */
334 static __be32 igmpv3_get_srcaddr(struct net_device *dev,
335                                  const struct flowi4 *fl4)
336 {
337         struct in_device *in_dev = __in_dev_get_rcu(dev);
338
339         if (!in_dev)
340                 return htonl(INADDR_ANY);
341
342         for_ifa(in_dev) {
343                 if (fl4->saddr == ifa->ifa_local)
344                         return fl4->saddr;
345         } endfor_ifa(in_dev);
346
347         return htonl(INADDR_ANY);
348 }
349
350 static struct sk_buff *igmpv3_newpack(struct net_device *dev, unsigned int mtu)
351 {
352         struct sk_buff *skb;
353         struct rtable *rt;
354         struct iphdr *pip;
355         struct igmpv3_report *pig;
356         struct net *net = dev_net(dev);
357         struct flowi4 fl4;
358         int hlen = LL_RESERVED_SPACE(dev);
359         int tlen = dev->needed_tailroom;
360         unsigned int size = mtu;
361
362         while (1) {
363                 skb = alloc_skb(size + hlen + tlen,
364                                 GFP_ATOMIC | __GFP_NOWARN);
365                 if (skb)
366                         break;
367                 size >>= 1;
368                 if (size < 256)
369                         return NULL;
370         }
371         skb->priority = TC_PRIO_CONTROL;
372
373         rt = ip_route_output_ports(net, &fl4, NULL, IGMPV3_ALL_MCR, 0,
374                                    0, 0,
375                                    IPPROTO_IGMP, 0, dev->ifindex);
376         if (IS_ERR(rt)) {
377                 kfree_skb(skb);
378                 return NULL;
379         }
380
381         skb_dst_set(skb, &rt->dst);
382         skb->dev = dev;
383
384         skb_reserve(skb, hlen);
385         skb_tailroom_reserve(skb, mtu, tlen);
386
387         skb_reset_network_header(skb);
388         pip = ip_hdr(skb);
389         skb_put(skb, sizeof(struct iphdr) + 4);
390
391         pip->version  = 4;
392         pip->ihl      = (sizeof(struct iphdr)+4)>>2;
393         pip->tos      = 0xc0;
394         pip->frag_off = htons(IP_DF);
395         pip->ttl      = 1;
396         pip->daddr    = fl4.daddr;
397
398         rcu_read_lock();
399         pip->saddr    = igmpv3_get_srcaddr(dev, &fl4);
400         rcu_read_unlock();
401
402         pip->protocol = IPPROTO_IGMP;
403         pip->tot_len  = 0;      /* filled in later */
404         ip_select_ident(net, skb, NULL);
405         ((u8 *)&pip[1])[0] = IPOPT_RA;
406         ((u8 *)&pip[1])[1] = 4;
407         ((u8 *)&pip[1])[2] = 0;
408         ((u8 *)&pip[1])[3] = 0;
409
410         skb->transport_header = skb->network_header + sizeof(struct iphdr) + 4;
411         skb_put(skb, sizeof(*pig));
412         pig = igmpv3_report_hdr(skb);
413         pig->type = IGMPV3_HOST_MEMBERSHIP_REPORT;
414         pig->resv1 = 0;
415         pig->csum = 0;
416         pig->resv2 = 0;
417         pig->ngrec = 0;
418         return skb;
419 }
420
421 static int igmpv3_sendpack(struct sk_buff *skb)
422 {
423         struct igmphdr *pig = igmp_hdr(skb);
424         const int igmplen = skb_tail_pointer(skb) - skb_transport_header(skb);
425
426         pig->csum = ip_compute_csum(igmp_hdr(skb), igmplen);
427
428         return ip_local_out(dev_net(skb_dst(skb)->dev), skb->sk, skb);
429 }
430
431 static int grec_size(struct ip_mc_list *pmc, int type, int gdel, int sdel)
432 {
433         return sizeof(struct igmpv3_grec) + 4*igmp_scount(pmc, type, gdel, sdel);
434 }
435
436 static struct sk_buff *add_grhead(struct sk_buff *skb, struct ip_mc_list *pmc,
437         int type, struct igmpv3_grec **ppgr, unsigned int mtu)
438 {
439         struct net_device *dev = pmc->interface->dev;
440         struct igmpv3_report *pih;
441         struct igmpv3_grec *pgr;
442
443         if (!skb) {
444                 skb = igmpv3_newpack(dev, mtu);
445                 if (!skb)
446                         return NULL;
447         }
448         pgr = skb_put(skb, sizeof(struct igmpv3_grec));
449         pgr->grec_type = type;
450         pgr->grec_auxwords = 0;
451         pgr->grec_nsrcs = 0;
452         pgr->grec_mca = pmc->multiaddr;
453         pih = igmpv3_report_hdr(skb);
454         pih->ngrec = htons(ntohs(pih->ngrec)+1);
455         *ppgr = pgr;
456         return skb;
457 }
458
459 #define AVAILABLE(skb)  ((skb) ? skb_availroom(skb) : 0)
460
461 static struct sk_buff *add_grec(struct sk_buff *skb, struct ip_mc_list *pmc,
462         int type, int gdeleted, int sdeleted)
463 {
464         struct net_device *dev = pmc->interface->dev;
465         struct net *net = dev_net(dev);
466         struct igmpv3_report *pih;
467         struct igmpv3_grec *pgr = NULL;
468         struct ip_sf_list *psf, *psf_next, *psf_prev, **psf_list;
469         int scount, stotal, first, isquery, truncate;
470         unsigned int mtu;
471
472         if (pmc->multiaddr == IGMP_ALL_HOSTS)
473                 return skb;
474         if (ipv4_is_local_multicast(pmc->multiaddr) &&
475             !READ_ONCE(net->ipv4.sysctl_igmp_llm_reports))
476                 return skb;
477
478         mtu = READ_ONCE(dev->mtu);
479         if (mtu < IPV4_MIN_MTU)
480                 return skb;
481
482         isquery = type == IGMPV3_MODE_IS_INCLUDE ||
483                   type == IGMPV3_MODE_IS_EXCLUDE;
484         truncate = type == IGMPV3_MODE_IS_EXCLUDE ||
485                     type == IGMPV3_CHANGE_TO_EXCLUDE;
486
487         stotal = scount = 0;
488
489         psf_list = sdeleted ? &pmc->tomb : &pmc->sources;
490
491         if (!*psf_list)
492                 goto empty_source;
493
494         pih = skb ? igmpv3_report_hdr(skb) : NULL;
495
496         /* EX and TO_EX get a fresh packet, if needed */
497         if (truncate) {
498                 if (pih && pih->ngrec &&
499                     AVAILABLE(skb) < grec_size(pmc, type, gdeleted, sdeleted)) {
500                         if (skb)
501                                 igmpv3_sendpack(skb);
502                         skb = igmpv3_newpack(dev, mtu);
503                 }
504         }
505         first = 1;
506         psf_prev = NULL;
507         for (psf = *psf_list; psf; psf = psf_next) {
508                 __be32 *psrc;
509
510                 psf_next = psf->sf_next;
511
512                 if (!is_in(pmc, psf, type, gdeleted, sdeleted)) {
513                         psf_prev = psf;
514                         continue;
515                 }
516
517                 /* Based on RFC3376 5.1. Should not send source-list change
518                  * records when there is a filter mode change.
519                  */
520                 if (((gdeleted && pmc->sfmode == MCAST_EXCLUDE) ||
521                      (!gdeleted && pmc->crcount)) &&
522                     (type == IGMPV3_ALLOW_NEW_SOURCES ||
523                      type == IGMPV3_BLOCK_OLD_SOURCES) && psf->sf_crcount)
524                         goto decrease_sf_crcount;
525
526                 /* clear marks on query responses */
527                 if (isquery)
528                         psf->sf_gsresp = 0;
529
530                 if (AVAILABLE(skb) < sizeof(__be32) +
531                     first*sizeof(struct igmpv3_grec)) {
532                         if (truncate && !first)
533                                 break;   /* truncate these */
534                         if (pgr)
535                                 pgr->grec_nsrcs = htons(scount);
536                         if (skb)
537                                 igmpv3_sendpack(skb);
538                         skb = igmpv3_newpack(dev, mtu);
539                         first = 1;
540                         scount = 0;
541                 }
542                 if (first) {
543                         skb = add_grhead(skb, pmc, type, &pgr, mtu);
544                         first = 0;
545                 }
546                 if (!skb)
547                         return NULL;
548                 psrc = skb_put(skb, sizeof(__be32));
549                 *psrc = psf->sf_inaddr;
550                 scount++; stotal++;
551                 if ((type == IGMPV3_ALLOW_NEW_SOURCES ||
552                      type == IGMPV3_BLOCK_OLD_SOURCES) && psf->sf_crcount) {
553 decrease_sf_crcount:
554                         psf->sf_crcount--;
555                         if ((sdeleted || gdeleted) && psf->sf_crcount == 0) {
556                                 if (psf_prev)
557                                         psf_prev->sf_next = psf->sf_next;
558                                 else
559                                         *psf_list = psf->sf_next;
560                                 kfree(psf);
561                                 continue;
562                         }
563                 }
564                 psf_prev = psf;
565         }
566
567 empty_source:
568         if (!stotal) {
569                 if (type == IGMPV3_ALLOW_NEW_SOURCES ||
570                     type == IGMPV3_BLOCK_OLD_SOURCES)
571                         return skb;
572                 if (pmc->crcount || isquery) {
573                         /* make sure we have room for group header */
574                         if (skb && AVAILABLE(skb) < sizeof(struct igmpv3_grec)) {
575                                 igmpv3_sendpack(skb);
576                                 skb = NULL; /* add_grhead will get a new one */
577                         }
578                         skb = add_grhead(skb, pmc, type, &pgr, mtu);
579                 }
580         }
581         if (pgr)
582                 pgr->grec_nsrcs = htons(scount);
583
584         if (isquery)
585                 pmc->gsquery = 0;       /* clear query state on report */
586         return skb;
587 }
588
589 static int igmpv3_send_report(struct in_device *in_dev, struct ip_mc_list *pmc)
590 {
591         struct sk_buff *skb = NULL;
592         struct net *net = dev_net(in_dev->dev);
593         int type;
594
595         if (!pmc) {
596                 rcu_read_lock();
597                 for_each_pmc_rcu(in_dev, pmc) {
598                         if (pmc->multiaddr == IGMP_ALL_HOSTS)
599                                 continue;
600                         if (ipv4_is_local_multicast(pmc->multiaddr) &&
601                             !READ_ONCE(net->ipv4.sysctl_igmp_llm_reports))
602                                 continue;
603                         spin_lock_bh(&pmc->lock);
604                         if (pmc->sfcount[MCAST_EXCLUDE])
605                                 type = IGMPV3_MODE_IS_EXCLUDE;
606                         else
607                                 type = IGMPV3_MODE_IS_INCLUDE;
608                         skb = add_grec(skb, pmc, type, 0, 0);
609                         spin_unlock_bh(&pmc->lock);
610                 }
611                 rcu_read_unlock();
612         } else {
613                 spin_lock_bh(&pmc->lock);
614                 if (pmc->sfcount[MCAST_EXCLUDE])
615                         type = IGMPV3_MODE_IS_EXCLUDE;
616                 else
617                         type = IGMPV3_MODE_IS_INCLUDE;
618                 skb = add_grec(skb, pmc, type, 0, 0);
619                 spin_unlock_bh(&pmc->lock);
620         }
621         if (!skb)
622                 return 0;
623         return igmpv3_sendpack(skb);
624 }
625
626 /*
627  * remove zero-count source records from a source filter list
628  */
629 static void igmpv3_clear_zeros(struct ip_sf_list **ppsf)
630 {
631         struct ip_sf_list *psf_prev, *psf_next, *psf;
632
633         psf_prev = NULL;
634         for (psf = *ppsf; psf; psf = psf_next) {
635                 psf_next = psf->sf_next;
636                 if (psf->sf_crcount == 0) {
637                         if (psf_prev)
638                                 psf_prev->sf_next = psf->sf_next;
639                         else
640                                 *ppsf = psf->sf_next;
641                         kfree(psf);
642                 } else
643                         psf_prev = psf;
644         }
645 }
646
647 static void kfree_pmc(struct ip_mc_list *pmc)
648 {
649         ip_sf_list_clear_all(pmc->sources);
650         ip_sf_list_clear_all(pmc->tomb);
651         kfree(pmc);
652 }
653
654 static void igmpv3_send_cr(struct in_device *in_dev)
655 {
656         struct ip_mc_list *pmc, *pmc_prev, *pmc_next;
657         struct sk_buff *skb = NULL;
658         int type, dtype;
659
660         rcu_read_lock();
661         spin_lock_bh(&in_dev->mc_tomb_lock);
662
663         /* deleted MCA's */
664         pmc_prev = NULL;
665         for (pmc = in_dev->mc_tomb; pmc; pmc = pmc_next) {
666                 pmc_next = pmc->next;
667                 if (pmc->sfmode == MCAST_INCLUDE) {
668                         type = IGMPV3_BLOCK_OLD_SOURCES;
669                         dtype = IGMPV3_BLOCK_OLD_SOURCES;
670                         skb = add_grec(skb, pmc, type, 1, 0);
671                         skb = add_grec(skb, pmc, dtype, 1, 1);
672                 }
673                 if (pmc->crcount) {
674                         if (pmc->sfmode == MCAST_EXCLUDE) {
675                                 type = IGMPV3_CHANGE_TO_INCLUDE;
676                                 skb = add_grec(skb, pmc, type, 1, 0);
677                         }
678                         pmc->crcount--;
679                         if (pmc->crcount == 0) {
680                                 igmpv3_clear_zeros(&pmc->tomb);
681                                 igmpv3_clear_zeros(&pmc->sources);
682                         }
683                 }
684                 if (pmc->crcount == 0 && !pmc->tomb && !pmc->sources) {
685                         if (pmc_prev)
686                                 pmc_prev->next = pmc_next;
687                         else
688                                 in_dev->mc_tomb = pmc_next;
689                         in_dev_put(pmc->interface);
690                         kfree_pmc(pmc);
691                 } else
692                         pmc_prev = pmc;
693         }
694         spin_unlock_bh(&in_dev->mc_tomb_lock);
695
696         /* change recs */
697         for_each_pmc_rcu(in_dev, pmc) {
698                 spin_lock_bh(&pmc->lock);
699                 if (pmc->sfcount[MCAST_EXCLUDE]) {
700                         type = IGMPV3_BLOCK_OLD_SOURCES;
701                         dtype = IGMPV3_ALLOW_NEW_SOURCES;
702                 } else {
703                         type = IGMPV3_ALLOW_NEW_SOURCES;
704                         dtype = IGMPV3_BLOCK_OLD_SOURCES;
705                 }
706                 skb = add_grec(skb, pmc, type, 0, 0);
707                 skb = add_grec(skb, pmc, dtype, 0, 1);  /* deleted sources */
708
709                 /* filter mode changes */
710                 if (pmc->crcount) {
711                         if (pmc->sfmode == MCAST_EXCLUDE)
712                                 type = IGMPV3_CHANGE_TO_EXCLUDE;
713                         else
714                                 type = IGMPV3_CHANGE_TO_INCLUDE;
715                         skb = add_grec(skb, pmc, type, 0, 0);
716                         pmc->crcount--;
717                 }
718                 spin_unlock_bh(&pmc->lock);
719         }
720         rcu_read_unlock();
721
722         if (!skb)
723                 return;
724         (void) igmpv3_sendpack(skb);
725 }
726
727 static int igmp_send_report(struct in_device *in_dev, struct ip_mc_list *pmc,
728         int type)
729 {
730         struct sk_buff *skb;
731         struct iphdr *iph;
732         struct igmphdr *ih;
733         struct rtable *rt;
734         struct net_device *dev = in_dev->dev;
735         struct net *net = dev_net(dev);
736         __be32  group = pmc ? pmc->multiaddr : 0;
737         struct flowi4 fl4;
738         __be32  dst;
739         int hlen, tlen;
740
741         if (type == IGMPV3_HOST_MEMBERSHIP_REPORT)
742                 return igmpv3_send_report(in_dev, pmc);
743
744         if (ipv4_is_local_multicast(group) &&
745             !READ_ONCE(net->ipv4.sysctl_igmp_llm_reports))
746                 return 0;
747
748         if (type == IGMP_HOST_LEAVE_MESSAGE)
749                 dst = IGMP_ALL_ROUTER;
750         else
751                 dst = group;
752
753         rt = ip_route_output_ports(net, &fl4, NULL, dst, 0,
754                                    0, 0,
755                                    IPPROTO_IGMP, 0, dev->ifindex);
756         if (IS_ERR(rt))
757                 return -1;
758
759         hlen = LL_RESERVED_SPACE(dev);
760         tlen = dev->needed_tailroom;
761         skb = alloc_skb(IGMP_SIZE + hlen + tlen, GFP_ATOMIC);
762         if (!skb) {
763                 ip_rt_put(rt);
764                 return -1;
765         }
766         skb->priority = TC_PRIO_CONTROL;
767
768         skb_dst_set(skb, &rt->dst);
769
770         skb_reserve(skb, hlen);
771
772         skb_reset_network_header(skb);
773         iph = ip_hdr(skb);
774         skb_put(skb, sizeof(struct iphdr) + 4);
775
776         iph->version  = 4;
777         iph->ihl      = (sizeof(struct iphdr)+4)>>2;
778         iph->tos      = 0xc0;
779         iph->frag_off = htons(IP_DF);
780         iph->ttl      = 1;
781         iph->daddr    = dst;
782         iph->saddr    = fl4.saddr;
783         iph->protocol = IPPROTO_IGMP;
784         ip_select_ident(net, skb, NULL);
785         ((u8 *)&iph[1])[0] = IPOPT_RA;
786         ((u8 *)&iph[1])[1] = 4;
787         ((u8 *)&iph[1])[2] = 0;
788         ((u8 *)&iph[1])[3] = 0;
789
790         ih = skb_put(skb, sizeof(struct igmphdr));
791         ih->type = type;
792         ih->code = 0;
793         ih->csum = 0;
794         ih->group = group;
795         ih->csum = ip_compute_csum((void *)ih, sizeof(struct igmphdr));
796
797         return ip_local_out(net, skb->sk, skb);
798 }
799
800 static void igmp_gq_timer_expire(struct timer_list *t)
801 {
802         struct in_device *in_dev = from_timer(in_dev, t, mr_gq_timer);
803
804         in_dev->mr_gq_running = 0;
805         igmpv3_send_report(in_dev, NULL);
806         in_dev_put(in_dev);
807 }
808
809 static void igmp_ifc_timer_expire(struct timer_list *t)
810 {
811         struct in_device *in_dev = from_timer(in_dev, t, mr_ifc_timer);
812         u32 mr_ifc_count;
813
814         igmpv3_send_cr(in_dev);
815 restart:
816         mr_ifc_count = READ_ONCE(in_dev->mr_ifc_count);
817
818         if (mr_ifc_count) {
819                 if (cmpxchg(&in_dev->mr_ifc_count,
820                             mr_ifc_count,
821                             mr_ifc_count - 1) != mr_ifc_count)
822                         goto restart;
823                 igmp_ifc_start_timer(in_dev,
824                                      unsolicited_report_interval(in_dev));
825         }
826         in_dev_put(in_dev);
827 }
828
829 static void igmp_ifc_event(struct in_device *in_dev)
830 {
831         struct net *net = dev_net(in_dev->dev);
832         if (IGMP_V1_SEEN(in_dev) || IGMP_V2_SEEN(in_dev))
833                 return;
834         WRITE_ONCE(in_dev->mr_ifc_count, in_dev->mr_qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv));
835         igmp_ifc_start_timer(in_dev, 1);
836 }
837
838
839 static void igmp_timer_expire(struct timer_list *t)
840 {
841         struct ip_mc_list *im = from_timer(im, t, timer);
842         struct in_device *in_dev = im->interface;
843
844         spin_lock(&im->lock);
845         im->tm_running = 0;
846
847         if (im->unsolicit_count && --im->unsolicit_count)
848                 igmp_start_timer(im, unsolicited_report_interval(in_dev));
849
850         im->reporter = 1;
851         spin_unlock(&im->lock);
852
853         if (IGMP_V1_SEEN(in_dev))
854                 igmp_send_report(in_dev, im, IGMP_HOST_MEMBERSHIP_REPORT);
855         else if (IGMP_V2_SEEN(in_dev))
856                 igmp_send_report(in_dev, im, IGMPV2_HOST_MEMBERSHIP_REPORT);
857         else
858                 igmp_send_report(in_dev, im, IGMPV3_HOST_MEMBERSHIP_REPORT);
859
860         ip_ma_put(im);
861 }
862
863 /* mark EXCLUDE-mode sources */
864 static int igmp_xmarksources(struct ip_mc_list *pmc, int nsrcs, __be32 *srcs)
865 {
866         struct ip_sf_list *psf;
867         int i, scount;
868
869         scount = 0;
870         for (psf = pmc->sources; psf; psf = psf->sf_next) {
871                 if (scount == nsrcs)
872                         break;
873                 for (i = 0; i < nsrcs; i++) {
874                         /* skip inactive filters */
875                         if (psf->sf_count[MCAST_INCLUDE] ||
876                             pmc->sfcount[MCAST_EXCLUDE] !=
877                             psf->sf_count[MCAST_EXCLUDE])
878                                 break;
879                         if (srcs[i] == psf->sf_inaddr) {
880                                 scount++;
881                                 break;
882                         }
883                 }
884         }
885         pmc->gsquery = 0;
886         if (scount == nsrcs)    /* all sources excluded */
887                 return 0;
888         return 1;
889 }
890
891 static int igmp_marksources(struct ip_mc_list *pmc, int nsrcs, __be32 *srcs)
892 {
893         struct ip_sf_list *psf;
894         int i, scount;
895
896         if (pmc->sfmode == MCAST_EXCLUDE)
897                 return igmp_xmarksources(pmc, nsrcs, srcs);
898
899         /* mark INCLUDE-mode sources */
900         scount = 0;
901         for (psf = pmc->sources; psf; psf = psf->sf_next) {
902                 if (scount == nsrcs)
903                         break;
904                 for (i = 0; i < nsrcs; i++)
905                         if (srcs[i] == psf->sf_inaddr) {
906                                 psf->sf_gsresp = 1;
907                                 scount++;
908                                 break;
909                         }
910         }
911         if (!scount) {
912                 pmc->gsquery = 0;
913                 return 0;
914         }
915         pmc->gsquery = 1;
916         return 1;
917 }
918
919 /* return true if packet was dropped */
920 static bool igmp_heard_report(struct in_device *in_dev, __be32 group)
921 {
922         struct ip_mc_list *im;
923         struct net *net = dev_net(in_dev->dev);
924
925         /* Timers are only set for non-local groups */
926
927         if (group == IGMP_ALL_HOSTS)
928                 return false;
929         if (ipv4_is_local_multicast(group) &&
930             !READ_ONCE(net->ipv4.sysctl_igmp_llm_reports))
931                 return false;
932
933         rcu_read_lock();
934         for_each_pmc_rcu(in_dev, im) {
935                 if (im->multiaddr == group) {
936                         igmp_stop_timer(im);
937                         break;
938                 }
939         }
940         rcu_read_unlock();
941         return false;
942 }
943
944 /* return true if packet was dropped */
945 static bool igmp_heard_query(struct in_device *in_dev, struct sk_buff *skb,
946         int len)
947 {
948         struct igmphdr          *ih = igmp_hdr(skb);
949         struct igmpv3_query *ih3 = igmpv3_query_hdr(skb);
950         struct ip_mc_list       *im;
951         __be32                  group = ih->group;
952         int                     max_delay;
953         int                     mark = 0;
954         struct net              *net = dev_net(in_dev->dev);
955
956
957         if (len == 8) {
958                 if (ih->code == 0) {
959                         /* Alas, old v1 router presents here. */
960
961                         max_delay = IGMP_QUERY_RESPONSE_INTERVAL;
962                         in_dev->mr_v1_seen = jiffies +
963                                 (in_dev->mr_qrv * in_dev->mr_qi) +
964                                 in_dev->mr_qri;
965                         group = 0;
966                 } else {
967                         /* v2 router present */
968                         max_delay = ih->code*(HZ/IGMP_TIMER_SCALE);
969                         in_dev->mr_v2_seen = jiffies +
970                                 (in_dev->mr_qrv * in_dev->mr_qi) +
971                                 in_dev->mr_qri;
972                 }
973                 /* cancel the interface change timer */
974                 WRITE_ONCE(in_dev->mr_ifc_count, 0);
975                 if (del_timer(&in_dev->mr_ifc_timer))
976                         __in_dev_put(in_dev);
977                 /* clear deleted report items */
978                 igmpv3_clear_delrec(in_dev);
979         } else if (len < 12) {
980                 return true;    /* ignore bogus packet; freed by caller */
981         } else if (IGMP_V1_SEEN(in_dev)) {
982                 /* This is a v3 query with v1 queriers present */
983                 max_delay = IGMP_QUERY_RESPONSE_INTERVAL;
984                 group = 0;
985         } else if (IGMP_V2_SEEN(in_dev)) {
986                 /* this is a v3 query with v2 queriers present;
987                  * Interpretation of the max_delay code is problematic here.
988                  * A real v2 host would use ih_code directly, while v3 has a
989                  * different encoding. We use the v3 encoding as more likely
990                  * to be intended in a v3 query.
991                  */
992                 max_delay = IGMPV3_MRC(ih3->code)*(HZ/IGMP_TIMER_SCALE);
993                 if (!max_delay)
994                         max_delay = 1;  /* can't mod w/ 0 */
995         } else { /* v3 */
996                 if (!pskb_may_pull(skb, sizeof(struct igmpv3_query)))
997                         return true;
998
999                 ih3 = igmpv3_query_hdr(skb);
1000                 if (ih3->nsrcs) {
1001                         if (!pskb_may_pull(skb, sizeof(struct igmpv3_query)
1002                                            + ntohs(ih3->nsrcs)*sizeof(__be32)))
1003                                 return true;
1004                         ih3 = igmpv3_query_hdr(skb);
1005                 }
1006
1007                 max_delay = IGMPV3_MRC(ih3->code)*(HZ/IGMP_TIMER_SCALE);
1008                 if (!max_delay)
1009                         max_delay = 1;  /* can't mod w/ 0 */
1010                 in_dev->mr_maxdelay = max_delay;
1011
1012                 /* RFC3376, 4.1.6. QRV and 4.1.7. QQIC, when the most recently
1013                  * received value was zero, use the default or statically
1014                  * configured value.
1015                  */
1016                 in_dev->mr_qrv = ih3->qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv);
1017                 in_dev->mr_qi = IGMPV3_QQIC(ih3->qqic)*HZ ?: IGMP_QUERY_INTERVAL;
1018
1019                 /* RFC3376, 8.3. Query Response Interval:
1020                  * The number of seconds represented by the [Query Response
1021                  * Interval] must be less than the [Query Interval].
1022                  */
1023                 if (in_dev->mr_qri >= in_dev->mr_qi)
1024                         in_dev->mr_qri = (in_dev->mr_qi/HZ - 1)*HZ;
1025
1026                 if (!group) { /* general query */
1027                         if (ih3->nsrcs)
1028                                 return true;    /* no sources allowed */
1029                         igmp_gq_start_timer(in_dev);
1030                         return false;
1031                 }
1032                 /* mark sources to include, if group & source-specific */
1033                 mark = ih3->nsrcs != 0;
1034         }
1035
1036         /*
1037          * - Start the timers in all of our membership records
1038          *   that the query applies to for the interface on
1039          *   which the query arrived excl. those that belong
1040          *   to a "local" group (224.0.0.X)
1041          * - For timers already running check if they need to
1042          *   be reset.
1043          * - Use the igmp->igmp_code field as the maximum
1044          *   delay possible
1045          */
1046         rcu_read_lock();
1047         for_each_pmc_rcu(in_dev, im) {
1048                 int changed;
1049
1050                 if (group && group != im->multiaddr)
1051                         continue;
1052                 if (im->multiaddr == IGMP_ALL_HOSTS)
1053                         continue;
1054                 if (ipv4_is_local_multicast(im->multiaddr) &&
1055                     !READ_ONCE(net->ipv4.sysctl_igmp_llm_reports))
1056                         continue;
1057                 spin_lock_bh(&im->lock);
1058                 if (im->tm_running)
1059                         im->gsquery = im->gsquery && mark;
1060                 else
1061                         im->gsquery = mark;
1062                 changed = !im->gsquery ||
1063                         igmp_marksources(im, ntohs(ih3->nsrcs), ih3->srcs);
1064                 spin_unlock_bh(&im->lock);
1065                 if (changed)
1066                         igmp_mod_timer(im, max_delay);
1067         }
1068         rcu_read_unlock();
1069         return false;
1070 }
1071
1072 /* called in rcu_read_lock() section */
1073 int igmp_rcv(struct sk_buff *skb)
1074 {
1075         /* This basically follows the spec line by line -- see RFC1112 */
1076         struct igmphdr *ih;
1077         struct net_device *dev = skb->dev;
1078         struct in_device *in_dev;
1079         int len = skb->len;
1080         bool dropped = true;
1081
1082         if (netif_is_l3_master(dev)) {
1083                 dev = dev_get_by_index_rcu(dev_net(dev), IPCB(skb)->iif);
1084                 if (!dev)
1085                         goto drop;
1086         }
1087
1088         in_dev = __in_dev_get_rcu(dev);
1089         if (!in_dev)
1090                 goto drop;
1091
1092         if (!pskb_may_pull(skb, sizeof(struct igmphdr)))
1093                 goto drop;
1094
1095         if (skb_checksum_simple_validate(skb))
1096                 goto drop;
1097
1098         ih = igmp_hdr(skb);
1099         switch (ih->type) {
1100         case IGMP_HOST_MEMBERSHIP_QUERY:
1101                 dropped = igmp_heard_query(in_dev, skb, len);
1102                 break;
1103         case IGMP_HOST_MEMBERSHIP_REPORT:
1104         case IGMPV2_HOST_MEMBERSHIP_REPORT:
1105                 /* Is it our report looped back? */
1106                 if (rt_is_output_route(skb_rtable(skb)))
1107                         break;
1108                 /* don't rely on MC router hearing unicast reports */
1109                 if (skb->pkt_type == PACKET_MULTICAST ||
1110                     skb->pkt_type == PACKET_BROADCAST)
1111                         dropped = igmp_heard_report(in_dev, ih->group);
1112                 break;
1113         case IGMP_PIM:
1114 #ifdef CONFIG_IP_PIMSM_V1
1115                 return pim_rcv_v1(skb);
1116 #endif
1117         case IGMPV3_HOST_MEMBERSHIP_REPORT:
1118         case IGMP_DVMRP:
1119         case IGMP_TRACE:
1120         case IGMP_HOST_LEAVE_MESSAGE:
1121         case IGMP_MTRACE:
1122         case IGMP_MTRACE_RESP:
1123                 break;
1124         default:
1125                 break;
1126         }
1127
1128 drop:
1129         if (dropped)
1130                 kfree_skb(skb);
1131         else
1132                 consume_skb(skb);
1133         return 0;
1134 }
1135
1136 #endif
1137
1138
1139 /*
1140  *      Add a filter to a device
1141  */
1142
1143 static void ip_mc_filter_add(struct in_device *in_dev, __be32 addr)
1144 {
1145         char buf[MAX_ADDR_LEN];
1146         struct net_device *dev = in_dev->dev;
1147
1148         /* Checking for IFF_MULTICAST here is WRONG-WRONG-WRONG.
1149            We will get multicast token leakage, when IFF_MULTICAST
1150            is changed. This check should be done in ndo_set_rx_mode
1151            routine. Something sort of:
1152            if (dev->mc_list && dev->flags&IFF_MULTICAST) { do it; }
1153            --ANK
1154            */
1155         if (arp_mc_map(addr, buf, dev, 0) == 0)
1156                 dev_mc_add(dev, buf);
1157 }
1158
1159 /*
1160  *      Remove a filter from a device
1161  */
1162
1163 static void ip_mc_filter_del(struct in_device *in_dev, __be32 addr)
1164 {
1165         char buf[MAX_ADDR_LEN];
1166         struct net_device *dev = in_dev->dev;
1167
1168         if (arp_mc_map(addr, buf, dev, 0) == 0)
1169                 dev_mc_del(dev, buf);
1170 }
1171
1172 #ifdef CONFIG_IP_MULTICAST
1173 /*
1174  * deleted ip_mc_list manipulation
1175  */
1176 static void igmpv3_add_delrec(struct in_device *in_dev, struct ip_mc_list *im)
1177 {
1178         struct ip_mc_list *pmc;
1179         struct net *net = dev_net(in_dev->dev);
1180
1181         /* this is an "ip_mc_list" for convenience; only the fields below
1182          * are actually used. In particular, the refcnt and users are not
1183          * used for management of the delete list. Using the same structure
1184          * for deleted items allows change reports to use common code with
1185          * non-deleted or query-response MCA's.
1186          */
1187         pmc = kzalloc(sizeof(*pmc), GFP_KERNEL);
1188         if (!pmc)
1189                 return;
1190         spin_lock_init(&pmc->lock);
1191         spin_lock_bh(&im->lock);
1192         pmc->interface = im->interface;
1193         in_dev_hold(in_dev);
1194         pmc->multiaddr = im->multiaddr;
1195         pmc->crcount = in_dev->mr_qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv);
1196         pmc->sfmode = im->sfmode;
1197         if (pmc->sfmode == MCAST_INCLUDE) {
1198                 struct ip_sf_list *psf;
1199
1200                 pmc->tomb = im->tomb;
1201                 pmc->sources = im->sources;
1202                 im->tomb = im->sources = NULL;
1203                 for (psf = pmc->sources; psf; psf = psf->sf_next)
1204                         psf->sf_crcount = pmc->crcount;
1205         }
1206         spin_unlock_bh(&im->lock);
1207
1208         spin_lock_bh(&in_dev->mc_tomb_lock);
1209         pmc->next = in_dev->mc_tomb;
1210         in_dev->mc_tomb = pmc;
1211         spin_unlock_bh(&in_dev->mc_tomb_lock);
1212 }
1213
1214 /*
1215  * restore ip_mc_list deleted records
1216  */
1217 static void igmpv3_del_delrec(struct in_device *in_dev, struct ip_mc_list *im)
1218 {
1219         struct ip_mc_list *pmc, *pmc_prev;
1220         struct ip_sf_list *psf;
1221         struct net *net = dev_net(in_dev->dev);
1222         __be32 multiaddr = im->multiaddr;
1223
1224         spin_lock_bh(&in_dev->mc_tomb_lock);
1225         pmc_prev = NULL;
1226         for (pmc = in_dev->mc_tomb; pmc; pmc = pmc->next) {
1227                 if (pmc->multiaddr == multiaddr)
1228                         break;
1229                 pmc_prev = pmc;
1230         }
1231         if (pmc) {
1232                 if (pmc_prev)
1233                         pmc_prev->next = pmc->next;
1234                 else
1235                         in_dev->mc_tomb = pmc->next;
1236         }
1237         spin_unlock_bh(&in_dev->mc_tomb_lock);
1238
1239         spin_lock_bh(&im->lock);
1240         if (pmc) {
1241                 im->interface = pmc->interface;
1242                 if (im->sfmode == MCAST_INCLUDE) {
1243                         swap(im->tomb, pmc->tomb);
1244                         swap(im->sources, pmc->sources);
1245                         for (psf = im->sources; psf; psf = psf->sf_next)
1246                                 psf->sf_crcount = in_dev->mr_qrv ?:
1247                                         READ_ONCE(net->ipv4.sysctl_igmp_qrv);
1248                 } else {
1249                         im->crcount = in_dev->mr_qrv ?:
1250                                 READ_ONCE(net->ipv4.sysctl_igmp_qrv);
1251                 }
1252                 in_dev_put(pmc->interface);
1253                 kfree_pmc(pmc);
1254         }
1255         spin_unlock_bh(&im->lock);
1256 }
1257
1258 /*
1259  * flush ip_mc_list deleted records
1260  */
1261 static void igmpv3_clear_delrec(struct in_device *in_dev)
1262 {
1263         struct ip_mc_list *pmc, *nextpmc;
1264
1265         spin_lock_bh(&in_dev->mc_tomb_lock);
1266         pmc = in_dev->mc_tomb;
1267         in_dev->mc_tomb = NULL;
1268         spin_unlock_bh(&in_dev->mc_tomb_lock);
1269
1270         for (; pmc; pmc = nextpmc) {
1271                 nextpmc = pmc->next;
1272                 ip_mc_clear_src(pmc);
1273                 in_dev_put(pmc->interface);
1274                 kfree_pmc(pmc);
1275         }
1276         /* clear dead sources, too */
1277         rcu_read_lock();
1278         for_each_pmc_rcu(in_dev, pmc) {
1279                 struct ip_sf_list *psf;
1280
1281                 spin_lock_bh(&pmc->lock);
1282                 psf = pmc->tomb;
1283                 pmc->tomb = NULL;
1284                 spin_unlock_bh(&pmc->lock);
1285                 ip_sf_list_clear_all(psf);
1286         }
1287         rcu_read_unlock();
1288 }
1289 #endif
1290
1291 static void igmp_group_dropped(struct ip_mc_list *im)
1292 {
1293         struct in_device *in_dev = im->interface;
1294 #ifdef CONFIG_IP_MULTICAST
1295         struct net *net = dev_net(in_dev->dev);
1296         int reporter;
1297 #endif
1298
1299         if (im->loaded) {
1300                 im->loaded = 0;
1301                 ip_mc_filter_del(in_dev, im->multiaddr);
1302         }
1303
1304 #ifdef CONFIG_IP_MULTICAST
1305         if (im->multiaddr == IGMP_ALL_HOSTS)
1306                 return;
1307         if (ipv4_is_local_multicast(im->multiaddr) &&
1308             !READ_ONCE(net->ipv4.sysctl_igmp_llm_reports))
1309                 return;
1310
1311         reporter = im->reporter;
1312         igmp_stop_timer(im);
1313
1314         if (!in_dev->dead) {
1315                 if (IGMP_V1_SEEN(in_dev))
1316                         return;
1317                 if (IGMP_V2_SEEN(in_dev)) {
1318                         if (reporter)
1319                                 igmp_send_report(in_dev, im, IGMP_HOST_LEAVE_MESSAGE);
1320                         return;
1321                 }
1322                 /* IGMPv3 */
1323                 igmpv3_add_delrec(in_dev, im);
1324
1325                 igmp_ifc_event(in_dev);
1326         }
1327 #endif
1328 }
1329
1330 static void igmp_group_added(struct ip_mc_list *im)
1331 {
1332         struct in_device *in_dev = im->interface;
1333 #ifdef CONFIG_IP_MULTICAST
1334         struct net *net = dev_net(in_dev->dev);
1335 #endif
1336
1337         if (im->loaded == 0) {
1338                 im->loaded = 1;
1339                 ip_mc_filter_add(in_dev, im->multiaddr);
1340         }
1341
1342 #ifdef CONFIG_IP_MULTICAST
1343         if (im->multiaddr == IGMP_ALL_HOSTS)
1344                 return;
1345         if (ipv4_is_local_multicast(im->multiaddr) &&
1346             !READ_ONCE(net->ipv4.sysctl_igmp_llm_reports))
1347                 return;
1348
1349         if (in_dev->dead)
1350                 return;
1351
1352         im->unsolicit_count = READ_ONCE(net->ipv4.sysctl_igmp_qrv);
1353         if (IGMP_V1_SEEN(in_dev) || IGMP_V2_SEEN(in_dev)) {
1354                 spin_lock_bh(&im->lock);
1355                 igmp_start_timer(im, IGMP_INITIAL_REPORT_DELAY);
1356                 spin_unlock_bh(&im->lock);
1357                 return;
1358         }
1359         /* else, v3 */
1360
1361         /* Based on RFC3376 5.1, for newly added INCLUDE SSM, we should
1362          * not send filter-mode change record as the mode should be from
1363          * IN() to IN(A).
1364          */
1365         if (im->sfmode == MCAST_EXCLUDE)
1366                 im->crcount = in_dev->mr_qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv);
1367
1368         igmp_ifc_event(in_dev);
1369 #endif
1370 }
1371
1372
1373 /*
1374  *      Multicast list managers
1375  */
1376
1377 static u32 ip_mc_hash(const struct ip_mc_list *im)
1378 {
1379         return hash_32((__force u32)im->multiaddr, MC_HASH_SZ_LOG);
1380 }
1381
1382 static void ip_mc_hash_add(struct in_device *in_dev,
1383                            struct ip_mc_list *im)
1384 {
1385         struct ip_mc_list __rcu **mc_hash;
1386         u32 hash;
1387
1388         mc_hash = rtnl_dereference(in_dev->mc_hash);
1389         if (mc_hash) {
1390                 hash = ip_mc_hash(im);
1391                 im->next_hash = mc_hash[hash];
1392                 rcu_assign_pointer(mc_hash[hash], im);
1393                 return;
1394         }
1395
1396         /* do not use a hash table for small number of items */
1397         if (in_dev->mc_count < 4)
1398                 return;
1399
1400         mc_hash = kzalloc(sizeof(struct ip_mc_list *) << MC_HASH_SZ_LOG,
1401                           GFP_KERNEL);
1402         if (!mc_hash)
1403                 return;
1404
1405         for_each_pmc_rtnl(in_dev, im) {
1406                 hash = ip_mc_hash(im);
1407                 im->next_hash = mc_hash[hash];
1408                 RCU_INIT_POINTER(mc_hash[hash], im);
1409         }
1410
1411         rcu_assign_pointer(in_dev->mc_hash, mc_hash);
1412 }
1413
1414 static void ip_mc_hash_remove(struct in_device *in_dev,
1415                               struct ip_mc_list *im)
1416 {
1417         struct ip_mc_list __rcu **mc_hash = rtnl_dereference(in_dev->mc_hash);
1418         struct ip_mc_list *aux;
1419
1420         if (!mc_hash)
1421                 return;
1422         mc_hash += ip_mc_hash(im);
1423         while ((aux = rtnl_dereference(*mc_hash)) != im)
1424                 mc_hash = &aux->next_hash;
1425         *mc_hash = im->next_hash;
1426 }
1427
1428
1429 /*
1430  *      A socket has joined a multicast group on device dev.
1431  */
1432 static void __ip_mc_inc_group(struct in_device *in_dev, __be32 addr,
1433                               unsigned int mode)
1434 {
1435         struct ip_mc_list *im;
1436
1437         ASSERT_RTNL();
1438
1439         for_each_pmc_rtnl(in_dev, im) {
1440                 if (im->multiaddr == addr) {
1441                         im->users++;
1442                         ip_mc_add_src(in_dev, &addr, mode, 0, NULL, 0);
1443                         goto out;
1444                 }
1445         }
1446
1447         im = kzalloc(sizeof(*im), GFP_KERNEL);
1448         if (!im)
1449                 goto out;
1450
1451         im->users = 1;
1452         im->interface = in_dev;
1453         in_dev_hold(in_dev);
1454         im->multiaddr = addr;
1455         /* initial mode is (EX, empty) */
1456         im->sfmode = mode;
1457         im->sfcount[mode] = 1;
1458         refcount_set(&im->refcnt, 1);
1459         spin_lock_init(&im->lock);
1460 #ifdef CONFIG_IP_MULTICAST
1461         timer_setup(&im->timer, igmp_timer_expire, 0);
1462 #endif
1463
1464         im->next_rcu = in_dev->mc_list;
1465         in_dev->mc_count++;
1466         rcu_assign_pointer(in_dev->mc_list, im);
1467
1468         ip_mc_hash_add(in_dev, im);
1469
1470 #ifdef CONFIG_IP_MULTICAST
1471         igmpv3_del_delrec(in_dev, im);
1472 #endif
1473         igmp_group_added(im);
1474         if (!in_dev->dead)
1475                 ip_rt_multicast_event(in_dev);
1476 out:
1477         return;
1478 }
1479
1480 void ip_mc_inc_group(struct in_device *in_dev, __be32 addr)
1481 {
1482         __ip_mc_inc_group(in_dev, addr, MCAST_EXCLUDE);
1483 }
1484 EXPORT_SYMBOL(ip_mc_inc_group);
1485
1486 static int ip_mc_check_iphdr(struct sk_buff *skb)
1487 {
1488         const struct iphdr *iph;
1489         unsigned int len;
1490         unsigned int offset = skb_network_offset(skb) + sizeof(*iph);
1491
1492         if (!pskb_may_pull(skb, offset))
1493                 return -EINVAL;
1494
1495         iph = ip_hdr(skb);
1496
1497         if (iph->version != 4 || ip_hdrlen(skb) < sizeof(*iph))
1498                 return -EINVAL;
1499
1500         offset += ip_hdrlen(skb) - sizeof(*iph);
1501
1502         if (!pskb_may_pull(skb, offset))
1503                 return -EINVAL;
1504
1505         iph = ip_hdr(skb);
1506
1507         if (unlikely(ip_fast_csum((u8 *)iph, iph->ihl)))
1508                 return -EINVAL;
1509
1510         len = skb_network_offset(skb) + ntohs(iph->tot_len);
1511         if (skb->len < len || len < offset)
1512                 return -EINVAL;
1513
1514         skb_set_transport_header(skb, offset);
1515
1516         return 0;
1517 }
1518
1519 static int ip_mc_check_igmp_reportv3(struct sk_buff *skb)
1520 {
1521         unsigned int len = skb_transport_offset(skb);
1522
1523         len += sizeof(struct igmpv3_report);
1524
1525         return pskb_may_pull(skb, len) ? 0 : -EINVAL;
1526 }
1527
1528 static int ip_mc_check_igmp_query(struct sk_buff *skb)
1529 {
1530         unsigned int len = skb_transport_offset(skb);
1531
1532         len += sizeof(struct igmphdr);
1533         if (skb->len < len)
1534                 return -EINVAL;
1535
1536         /* IGMPv{1,2}? */
1537         if (skb->len != len) {
1538                 /* or IGMPv3? */
1539                 len += sizeof(struct igmpv3_query) - sizeof(struct igmphdr);
1540                 if (skb->len < len || !pskb_may_pull(skb, len))
1541                         return -EINVAL;
1542         }
1543
1544         /* RFC2236+RFC3376 (IGMPv2+IGMPv3) require the multicast link layer
1545          * all-systems destination addresses (224.0.0.1) for general queries
1546          */
1547         if (!igmp_hdr(skb)->group &&
1548             ip_hdr(skb)->daddr != htonl(INADDR_ALLHOSTS_GROUP))
1549                 return -EINVAL;
1550
1551         return 0;
1552 }
1553
1554 static int ip_mc_check_igmp_msg(struct sk_buff *skb)
1555 {
1556         switch (igmp_hdr(skb)->type) {
1557         case IGMP_HOST_LEAVE_MESSAGE:
1558         case IGMP_HOST_MEMBERSHIP_REPORT:
1559         case IGMPV2_HOST_MEMBERSHIP_REPORT:
1560                 /* fall through */
1561                 return 0;
1562         case IGMPV3_HOST_MEMBERSHIP_REPORT:
1563                 return ip_mc_check_igmp_reportv3(skb);
1564         case IGMP_HOST_MEMBERSHIP_QUERY:
1565                 return ip_mc_check_igmp_query(skb);
1566         default:
1567                 return -ENOMSG;
1568         }
1569 }
1570
1571 static inline __sum16 ip_mc_validate_checksum(struct sk_buff *skb)
1572 {
1573         return skb_checksum_simple_validate(skb);
1574 }
1575
1576 static int __ip_mc_check_igmp(struct sk_buff *skb, struct sk_buff **skb_trimmed)
1577
1578 {
1579         struct sk_buff *skb_chk;
1580         unsigned int transport_len;
1581         unsigned int len = skb_transport_offset(skb) + sizeof(struct igmphdr);
1582         int ret = -EINVAL;
1583
1584         transport_len = ntohs(ip_hdr(skb)->tot_len) - ip_hdrlen(skb);
1585
1586         skb_chk = skb_checksum_trimmed(skb, transport_len,
1587                                        ip_mc_validate_checksum);
1588         if (!skb_chk)
1589                 goto err;
1590
1591         if (!pskb_may_pull(skb_chk, len))
1592                 goto err;
1593
1594         ret = ip_mc_check_igmp_msg(skb_chk);
1595         if (ret)
1596                 goto err;
1597
1598         if (skb_trimmed)
1599                 *skb_trimmed = skb_chk;
1600         /* free now unneeded clone */
1601         else if (skb_chk != skb)
1602                 kfree_skb(skb_chk);
1603
1604         ret = 0;
1605
1606 err:
1607         if (ret && skb_chk && skb_chk != skb)
1608                 kfree_skb(skb_chk);
1609
1610         return ret;
1611 }
1612
1613 /**
1614  * ip_mc_check_igmp - checks whether this is a sane IGMP packet
1615  * @skb: the skb to validate
1616  * @skb_trimmed: to store an skb pointer trimmed to IPv4 packet tail (optional)
1617  *
1618  * Checks whether an IPv4 packet is a valid IGMP packet. If so sets
1619  * skb transport header accordingly and returns zero.
1620  *
1621  * -EINVAL: A broken packet was detected, i.e. it violates some internet
1622  *  standard
1623  * -ENOMSG: IP header validation succeeded but it is not an IGMP packet.
1624  * -ENOMEM: A memory allocation failure happened.
1625  *
1626  * Optionally, an skb pointer might be provided via skb_trimmed (or set it
1627  * to NULL): After parsing an IGMP packet successfully it will point to
1628  * an skb which has its tail aligned to the IP packet end. This might
1629  * either be the originally provided skb or a trimmed, cloned version if
1630  * the skb frame had data beyond the IP packet. A cloned skb allows us
1631  * to leave the original skb and its full frame unchanged (which might be
1632  * desirable for layer 2 frame jugglers).
1633  *
1634  * Caller needs to set the skb network header and free any returned skb if it
1635  * differs from the provided skb.
1636  */
1637 int ip_mc_check_igmp(struct sk_buff *skb, struct sk_buff **skb_trimmed)
1638 {
1639         int ret = ip_mc_check_iphdr(skb);
1640
1641         if (ret < 0)
1642                 return ret;
1643
1644         if (ip_hdr(skb)->protocol != IPPROTO_IGMP)
1645                 return -ENOMSG;
1646
1647         return __ip_mc_check_igmp(skb, skb_trimmed);
1648 }
1649 EXPORT_SYMBOL(ip_mc_check_igmp);
1650
1651 /*
1652  *      Resend IGMP JOIN report; used by netdev notifier.
1653  */
1654 static void ip_mc_rejoin_groups(struct in_device *in_dev)
1655 {
1656 #ifdef CONFIG_IP_MULTICAST
1657         struct ip_mc_list *im;
1658         int type;
1659         struct net *net = dev_net(in_dev->dev);
1660
1661         ASSERT_RTNL();
1662
1663         for_each_pmc_rtnl(in_dev, im) {
1664                 if (im->multiaddr == IGMP_ALL_HOSTS)
1665                         continue;
1666                 if (ipv4_is_local_multicast(im->multiaddr) &&
1667                     !READ_ONCE(net->ipv4.sysctl_igmp_llm_reports))
1668                         continue;
1669
1670                 /* a failover is happening and switches
1671                  * must be notified immediately
1672                  */
1673                 if (IGMP_V1_SEEN(in_dev))
1674                         type = IGMP_HOST_MEMBERSHIP_REPORT;
1675                 else if (IGMP_V2_SEEN(in_dev))
1676                         type = IGMPV2_HOST_MEMBERSHIP_REPORT;
1677                 else
1678                         type = IGMPV3_HOST_MEMBERSHIP_REPORT;
1679                 igmp_send_report(in_dev, im, type);
1680         }
1681 #endif
1682 }
1683
1684 /*
1685  *      A socket has left a multicast group on device dev
1686  */
1687
1688 void ip_mc_dec_group(struct in_device *in_dev, __be32 addr)
1689 {
1690         struct ip_mc_list *i;
1691         struct ip_mc_list __rcu **ip;
1692
1693         ASSERT_RTNL();
1694
1695         for (ip = &in_dev->mc_list;
1696              (i = rtnl_dereference(*ip)) != NULL;
1697              ip = &i->next_rcu) {
1698                 if (i->multiaddr == addr) {
1699                         if (--i->users == 0) {
1700                                 ip_mc_hash_remove(in_dev, i);
1701                                 *ip = i->next_rcu;
1702                                 in_dev->mc_count--;
1703                                 igmp_group_dropped(i);
1704                                 ip_mc_clear_src(i);
1705
1706                                 if (!in_dev->dead)
1707                                         ip_rt_multicast_event(in_dev);
1708
1709                                 ip_ma_put(i);
1710                                 return;
1711                         }
1712                         break;
1713                 }
1714         }
1715 }
1716 EXPORT_SYMBOL(ip_mc_dec_group);
1717
1718 /* Device changing type */
1719
1720 void ip_mc_unmap(struct in_device *in_dev)
1721 {
1722         struct ip_mc_list *pmc;
1723
1724         ASSERT_RTNL();
1725
1726         for_each_pmc_rtnl(in_dev, pmc)
1727                 igmp_group_dropped(pmc);
1728 }
1729
1730 void ip_mc_remap(struct in_device *in_dev)
1731 {
1732         struct ip_mc_list *pmc;
1733
1734         ASSERT_RTNL();
1735
1736         for_each_pmc_rtnl(in_dev, pmc) {
1737 #ifdef CONFIG_IP_MULTICAST
1738                 igmpv3_del_delrec(in_dev, pmc);
1739 #endif
1740                 igmp_group_added(pmc);
1741         }
1742 }
1743
1744 /* Device going down */
1745
1746 void ip_mc_down(struct in_device *in_dev)
1747 {
1748         struct ip_mc_list *pmc;
1749
1750         ASSERT_RTNL();
1751
1752         for_each_pmc_rtnl(in_dev, pmc)
1753                 igmp_group_dropped(pmc);
1754
1755 #ifdef CONFIG_IP_MULTICAST
1756         WRITE_ONCE(in_dev->mr_ifc_count, 0);
1757         if (del_timer(&in_dev->mr_ifc_timer))
1758                 __in_dev_put(in_dev);
1759         in_dev->mr_gq_running = 0;
1760         if (del_timer(&in_dev->mr_gq_timer))
1761                 __in_dev_put(in_dev);
1762 #endif
1763
1764         ip_mc_dec_group(in_dev, IGMP_ALL_HOSTS);
1765 }
1766
1767 #ifdef CONFIG_IP_MULTICAST
1768 static void ip_mc_reset(struct in_device *in_dev)
1769 {
1770         struct net *net = dev_net(in_dev->dev);
1771
1772         in_dev->mr_qi = IGMP_QUERY_INTERVAL;
1773         in_dev->mr_qri = IGMP_QUERY_RESPONSE_INTERVAL;
1774         in_dev->mr_qrv = READ_ONCE(net->ipv4.sysctl_igmp_qrv);
1775 }
1776 #else
1777 static void ip_mc_reset(struct in_device *in_dev)
1778 {
1779 }
1780 #endif
1781
1782 void ip_mc_init_dev(struct in_device *in_dev)
1783 {
1784         ASSERT_RTNL();
1785
1786 #ifdef CONFIG_IP_MULTICAST
1787         timer_setup(&in_dev->mr_gq_timer, igmp_gq_timer_expire, 0);
1788         timer_setup(&in_dev->mr_ifc_timer, igmp_ifc_timer_expire, 0);
1789 #endif
1790         ip_mc_reset(in_dev);
1791
1792         spin_lock_init(&in_dev->mc_tomb_lock);
1793 }
1794
1795 /* Device going up */
1796
1797 void ip_mc_up(struct in_device *in_dev)
1798 {
1799         struct ip_mc_list *pmc;
1800
1801         ASSERT_RTNL();
1802
1803         ip_mc_reset(in_dev);
1804         ip_mc_inc_group(in_dev, IGMP_ALL_HOSTS);
1805
1806         for_each_pmc_rtnl(in_dev, pmc) {
1807 #ifdef CONFIG_IP_MULTICAST
1808                 igmpv3_del_delrec(in_dev, pmc);
1809 #endif
1810                 igmp_group_added(pmc);
1811         }
1812 }
1813
1814 /*
1815  *      Device is about to be destroyed: clean up.
1816  */
1817
1818 void ip_mc_destroy_dev(struct in_device *in_dev)
1819 {
1820         struct ip_mc_list *i;
1821
1822         ASSERT_RTNL();
1823
1824         /* Deactivate timers */
1825         ip_mc_down(in_dev);
1826 #ifdef CONFIG_IP_MULTICAST
1827         igmpv3_clear_delrec(in_dev);
1828 #endif
1829
1830         while ((i = rtnl_dereference(in_dev->mc_list)) != NULL) {
1831                 in_dev->mc_list = i->next_rcu;
1832                 in_dev->mc_count--;
1833                 ip_mc_clear_src(i);
1834                 ip_ma_put(i);
1835         }
1836 }
1837
1838 /* RTNL is locked */
1839 static struct in_device *ip_mc_find_dev(struct net *net, struct ip_mreqn *imr)
1840 {
1841         struct net_device *dev = NULL;
1842         struct in_device *idev = NULL;
1843
1844         if (imr->imr_ifindex) {
1845                 idev = inetdev_by_index(net, imr->imr_ifindex);
1846                 return idev;
1847         }
1848         if (imr->imr_address.s_addr) {
1849                 dev = __ip_dev_find(net, imr->imr_address.s_addr, false);
1850                 if (!dev)
1851                         return NULL;
1852         }
1853
1854         if (!dev) {
1855                 struct rtable *rt = ip_route_output(net,
1856                                                     imr->imr_multiaddr.s_addr,
1857                                                     0, 0, 0);
1858                 if (!IS_ERR(rt)) {
1859                         dev = rt->dst.dev;
1860                         ip_rt_put(rt);
1861                 }
1862         }
1863         if (dev) {
1864                 imr->imr_ifindex = dev->ifindex;
1865                 idev = __in_dev_get_rtnl(dev);
1866         }
1867         return idev;
1868 }
1869
1870 /*
1871  *      Join a socket to a group
1872  */
1873
1874 static int ip_mc_del1_src(struct ip_mc_list *pmc, int sfmode,
1875         __be32 *psfsrc)
1876 {
1877         struct ip_sf_list *psf, *psf_prev;
1878         int rv = 0;
1879
1880         psf_prev = NULL;
1881         for (psf = pmc->sources; psf; psf = psf->sf_next) {
1882                 if (psf->sf_inaddr == *psfsrc)
1883                         break;
1884                 psf_prev = psf;
1885         }
1886         if (!psf || psf->sf_count[sfmode] == 0) {
1887                 /* source filter not found, or count wrong =>  bug */
1888                 return -ESRCH;
1889         }
1890         psf->sf_count[sfmode]--;
1891         if (psf->sf_count[sfmode] == 0) {
1892                 ip_rt_multicast_event(pmc->interface);
1893         }
1894         if (!psf->sf_count[MCAST_INCLUDE] && !psf->sf_count[MCAST_EXCLUDE]) {
1895 #ifdef CONFIG_IP_MULTICAST
1896                 struct in_device *in_dev = pmc->interface;
1897                 struct net *net = dev_net(in_dev->dev);
1898 #endif
1899
1900                 /* no more filters for this source */
1901                 if (psf_prev)
1902                         psf_prev->sf_next = psf->sf_next;
1903                 else
1904                         pmc->sources = psf->sf_next;
1905 #ifdef CONFIG_IP_MULTICAST
1906                 if (psf->sf_oldin &&
1907                     !IGMP_V1_SEEN(in_dev) && !IGMP_V2_SEEN(in_dev)) {
1908                         psf->sf_crcount = in_dev->mr_qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv);
1909                         psf->sf_next = pmc->tomb;
1910                         pmc->tomb = psf;
1911                         rv = 1;
1912                 } else
1913 #endif
1914                         kfree(psf);
1915         }
1916         return rv;
1917 }
1918
1919 #ifndef CONFIG_IP_MULTICAST
1920 #define igmp_ifc_event(x)       do { } while (0)
1921 #endif
1922
1923 static int ip_mc_del_src(struct in_device *in_dev, __be32 *pmca, int sfmode,
1924                          int sfcount, __be32 *psfsrc, int delta)
1925 {
1926         struct ip_mc_list *pmc;
1927         int     changerec = 0;
1928         int     i, err;
1929
1930         if (!in_dev)
1931                 return -ENODEV;
1932         rcu_read_lock();
1933         for_each_pmc_rcu(in_dev, pmc) {
1934                 if (*pmca == pmc->multiaddr)
1935                         break;
1936         }
1937         if (!pmc) {
1938                 /* MCA not found?? bug */
1939                 rcu_read_unlock();
1940                 return -ESRCH;
1941         }
1942         spin_lock_bh(&pmc->lock);
1943         rcu_read_unlock();
1944 #ifdef CONFIG_IP_MULTICAST
1945         sf_markstate(pmc);
1946 #endif
1947         if (!delta) {
1948                 err = -EINVAL;
1949                 if (!pmc->sfcount[sfmode])
1950                         goto out_unlock;
1951                 pmc->sfcount[sfmode]--;
1952         }
1953         err = 0;
1954         for (i = 0; i < sfcount; i++) {
1955                 int rv = ip_mc_del1_src(pmc, sfmode, &psfsrc[i]);
1956
1957                 changerec |= rv > 0;
1958                 if (!err && rv < 0)
1959                         err = rv;
1960         }
1961         if (pmc->sfmode == MCAST_EXCLUDE &&
1962             pmc->sfcount[MCAST_EXCLUDE] == 0 &&
1963             pmc->sfcount[MCAST_INCLUDE]) {
1964 #ifdef CONFIG_IP_MULTICAST
1965                 struct ip_sf_list *psf;
1966                 struct net *net = dev_net(in_dev->dev);
1967 #endif
1968
1969                 /* filter mode change */
1970                 pmc->sfmode = MCAST_INCLUDE;
1971 #ifdef CONFIG_IP_MULTICAST
1972                 pmc->crcount = in_dev->mr_qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv);
1973                 WRITE_ONCE(in_dev->mr_ifc_count, pmc->crcount);
1974                 for (psf = pmc->sources; psf; psf = psf->sf_next)
1975                         psf->sf_crcount = 0;
1976                 igmp_ifc_event(pmc->interface);
1977         } else if (sf_setstate(pmc) || changerec) {
1978                 igmp_ifc_event(pmc->interface);
1979 #endif
1980         }
1981 out_unlock:
1982         spin_unlock_bh(&pmc->lock);
1983         return err;
1984 }
1985
1986 /*
1987  * Add multicast single-source filter to the interface list
1988  */
1989 static int ip_mc_add1_src(struct ip_mc_list *pmc, int sfmode,
1990         __be32 *psfsrc)
1991 {
1992         struct ip_sf_list *psf, *psf_prev;
1993
1994         psf_prev = NULL;
1995         for (psf = pmc->sources; psf; psf = psf->sf_next) {
1996                 if (psf->sf_inaddr == *psfsrc)
1997                         break;
1998                 psf_prev = psf;
1999         }
2000         if (!psf) {
2001                 psf = kzalloc(sizeof(*psf), GFP_ATOMIC);
2002                 if (!psf)
2003                         return -ENOBUFS;
2004                 psf->sf_inaddr = *psfsrc;
2005                 if (psf_prev) {
2006                         psf_prev->sf_next = psf;
2007                 } else
2008                         pmc->sources = psf;
2009         }
2010         psf->sf_count[sfmode]++;
2011         if (psf->sf_count[sfmode] == 1) {
2012                 ip_rt_multicast_event(pmc->interface);
2013         }
2014         return 0;
2015 }
2016
2017 #ifdef CONFIG_IP_MULTICAST
2018 static void sf_markstate(struct ip_mc_list *pmc)
2019 {
2020         struct ip_sf_list *psf;
2021         int mca_xcount = pmc->sfcount[MCAST_EXCLUDE];
2022
2023         for (psf = pmc->sources; psf; psf = psf->sf_next)
2024                 if (pmc->sfcount[MCAST_EXCLUDE]) {
2025                         psf->sf_oldin = mca_xcount ==
2026                                 psf->sf_count[MCAST_EXCLUDE] &&
2027                                 !psf->sf_count[MCAST_INCLUDE];
2028                 } else
2029                         psf->sf_oldin = psf->sf_count[MCAST_INCLUDE] != 0;
2030 }
2031
2032 static int sf_setstate(struct ip_mc_list *pmc)
2033 {
2034         struct ip_sf_list *psf, *dpsf;
2035         int mca_xcount = pmc->sfcount[MCAST_EXCLUDE];
2036         int qrv = pmc->interface->mr_qrv;
2037         int new_in, rv;
2038
2039         rv = 0;
2040         for (psf = pmc->sources; psf; psf = psf->sf_next) {
2041                 if (pmc->sfcount[MCAST_EXCLUDE]) {
2042                         new_in = mca_xcount == psf->sf_count[MCAST_EXCLUDE] &&
2043                                 !psf->sf_count[MCAST_INCLUDE];
2044                 } else
2045                         new_in = psf->sf_count[MCAST_INCLUDE] != 0;
2046                 if (new_in) {
2047                         if (!psf->sf_oldin) {
2048                                 struct ip_sf_list *prev = NULL;
2049
2050                                 for (dpsf = pmc->tomb; dpsf; dpsf = dpsf->sf_next) {
2051                                         if (dpsf->sf_inaddr == psf->sf_inaddr)
2052                                                 break;
2053                                         prev = dpsf;
2054                                 }
2055                                 if (dpsf) {
2056                                         if (prev)
2057                                                 prev->sf_next = dpsf->sf_next;
2058                                         else
2059                                                 pmc->tomb = dpsf->sf_next;
2060                                         kfree(dpsf);
2061                                 }
2062                                 psf->sf_crcount = qrv;
2063                                 rv++;
2064                         }
2065                 } else if (psf->sf_oldin) {
2066
2067                         psf->sf_crcount = 0;
2068                         /*
2069                          * add or update "delete" records if an active filter
2070                          * is now inactive
2071                          */
2072                         for (dpsf = pmc->tomb; dpsf; dpsf = dpsf->sf_next)
2073                                 if (dpsf->sf_inaddr == psf->sf_inaddr)
2074                                         break;
2075                         if (!dpsf) {
2076                                 dpsf = kmalloc(sizeof(*dpsf), GFP_ATOMIC);
2077                                 if (!dpsf)
2078                                         continue;
2079                                 *dpsf = *psf;
2080                                 /* pmc->lock held by callers */
2081                                 dpsf->sf_next = pmc->tomb;
2082                                 pmc->tomb = dpsf;
2083                         }
2084                         dpsf->sf_crcount = qrv;
2085                         rv++;
2086                 }
2087         }
2088         return rv;
2089 }
2090 #endif
2091
2092 /*
2093  * Add multicast source filter list to the interface list
2094  */
2095 static int ip_mc_add_src(struct in_device *in_dev, __be32 *pmca, int sfmode,
2096                          int sfcount, __be32 *psfsrc, int delta)
2097 {
2098         struct ip_mc_list *pmc;
2099         int     isexclude;
2100         int     i, err;
2101
2102         if (!in_dev)
2103                 return -ENODEV;
2104         rcu_read_lock();
2105         for_each_pmc_rcu(in_dev, pmc) {
2106                 if (*pmca == pmc->multiaddr)
2107                         break;
2108         }
2109         if (!pmc) {
2110                 /* MCA not found?? bug */
2111                 rcu_read_unlock();
2112                 return -ESRCH;
2113         }
2114         spin_lock_bh(&pmc->lock);
2115         rcu_read_unlock();
2116
2117 #ifdef CONFIG_IP_MULTICAST
2118         sf_markstate(pmc);
2119 #endif
2120         isexclude = pmc->sfmode == MCAST_EXCLUDE;
2121         if (!delta)
2122                 pmc->sfcount[sfmode]++;
2123         err = 0;
2124         for (i = 0; i < sfcount; i++) {
2125                 err = ip_mc_add1_src(pmc, sfmode, &psfsrc[i]);
2126                 if (err)
2127                         break;
2128         }
2129         if (err) {
2130                 int j;
2131
2132                 if (!delta)
2133                         pmc->sfcount[sfmode]--;
2134                 for (j = 0; j < i; j++)
2135                         (void) ip_mc_del1_src(pmc, sfmode, &psfsrc[j]);
2136         } else if (isexclude != (pmc->sfcount[MCAST_EXCLUDE] != 0)) {
2137 #ifdef CONFIG_IP_MULTICAST
2138                 struct ip_sf_list *psf;
2139                 struct net *net = dev_net(pmc->interface->dev);
2140                 in_dev = pmc->interface;
2141 #endif
2142
2143                 /* filter mode change */
2144                 if (pmc->sfcount[MCAST_EXCLUDE])
2145                         pmc->sfmode = MCAST_EXCLUDE;
2146                 else if (pmc->sfcount[MCAST_INCLUDE])
2147                         pmc->sfmode = MCAST_INCLUDE;
2148 #ifdef CONFIG_IP_MULTICAST
2149                 /* else no filters; keep old mode for reports */
2150
2151                 pmc->crcount = in_dev->mr_qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv);
2152                 WRITE_ONCE(in_dev->mr_ifc_count, pmc->crcount);
2153                 for (psf = pmc->sources; psf; psf = psf->sf_next)
2154                         psf->sf_crcount = 0;
2155                 igmp_ifc_event(in_dev);
2156         } else if (sf_setstate(pmc)) {
2157                 igmp_ifc_event(in_dev);
2158 #endif
2159         }
2160         spin_unlock_bh(&pmc->lock);
2161         return err;
2162 }
2163
2164 static void ip_mc_clear_src(struct ip_mc_list *pmc)
2165 {
2166         struct ip_sf_list *tomb, *sources;
2167
2168         spin_lock_bh(&pmc->lock);
2169         tomb = pmc->tomb;
2170         pmc->tomb = NULL;
2171         sources = pmc->sources;
2172         pmc->sources = NULL;
2173         pmc->sfmode = MCAST_EXCLUDE;
2174         pmc->sfcount[MCAST_INCLUDE] = 0;
2175         pmc->sfcount[MCAST_EXCLUDE] = 1;
2176         spin_unlock_bh(&pmc->lock);
2177
2178         ip_sf_list_clear_all(tomb);
2179         ip_sf_list_clear_all(sources);
2180 }
2181
2182 /* Join a multicast group
2183  */
2184 static int __ip_mc_join_group(struct sock *sk, struct ip_mreqn *imr,
2185                               unsigned int mode)
2186 {
2187         __be32 addr = imr->imr_multiaddr.s_addr;
2188         struct ip_mc_socklist *iml, *i;
2189         struct in_device *in_dev;
2190         struct inet_sock *inet = inet_sk(sk);
2191         struct net *net = sock_net(sk);
2192         int ifindex;
2193         int count = 0;
2194         int err;
2195
2196         ASSERT_RTNL();
2197
2198         if (!ipv4_is_multicast(addr))
2199                 return -EINVAL;
2200
2201         in_dev = ip_mc_find_dev(net, imr);
2202
2203         if (!in_dev) {
2204                 err = -ENODEV;
2205                 goto done;
2206         }
2207
2208         err = -EADDRINUSE;
2209         ifindex = imr->imr_ifindex;
2210         for_each_pmc_rtnl(inet, i) {
2211                 if (i->multi.imr_multiaddr.s_addr == addr &&
2212                     i->multi.imr_ifindex == ifindex)
2213                         goto done;
2214                 count++;
2215         }
2216         err = -ENOBUFS;
2217         if (count >= READ_ONCE(net->ipv4.sysctl_igmp_max_memberships))
2218                 goto done;
2219         iml = sock_kmalloc(sk, sizeof(*iml), GFP_KERNEL);
2220         if (!iml)
2221                 goto done;
2222
2223         memcpy(&iml->multi, imr, sizeof(*imr));
2224         iml->next_rcu = inet->mc_list;
2225         iml->sflist = NULL;
2226         iml->sfmode = mode;
2227         rcu_assign_pointer(inet->mc_list, iml);
2228         __ip_mc_inc_group(in_dev, addr, mode);
2229         err = 0;
2230 done:
2231         return err;
2232 }
2233
2234 /* Join ASM (Any-Source Multicast) group
2235  */
2236 int ip_mc_join_group(struct sock *sk, struct ip_mreqn *imr)
2237 {
2238         return __ip_mc_join_group(sk, imr, MCAST_EXCLUDE);
2239 }
2240 EXPORT_SYMBOL(ip_mc_join_group);
2241
2242 /* Join SSM (Source-Specific Multicast) group
2243  */
2244 int ip_mc_join_group_ssm(struct sock *sk, struct ip_mreqn *imr,
2245                          unsigned int mode)
2246 {
2247         return __ip_mc_join_group(sk, imr, mode);
2248 }
2249
2250 static int ip_mc_leave_src(struct sock *sk, struct ip_mc_socklist *iml,
2251                            struct in_device *in_dev)
2252 {
2253         struct ip_sf_socklist *psf = rtnl_dereference(iml->sflist);
2254         int err;
2255
2256         if (!psf) {
2257                 /* any-source empty exclude case */
2258                 return ip_mc_del_src(in_dev, &iml->multi.imr_multiaddr.s_addr,
2259                         iml->sfmode, 0, NULL, 0);
2260         }
2261         err = ip_mc_del_src(in_dev, &iml->multi.imr_multiaddr.s_addr,
2262                         iml->sfmode, psf->sl_count, psf->sl_addr, 0);
2263         RCU_INIT_POINTER(iml->sflist, NULL);
2264         /* decrease mem now to avoid the memleak warning */
2265         atomic_sub(IP_SFLSIZE(psf->sl_max), &sk->sk_omem_alloc);
2266         kfree_rcu(psf, rcu);
2267         return err;
2268 }
2269
2270 int ip_mc_leave_group(struct sock *sk, struct ip_mreqn *imr)
2271 {
2272         struct inet_sock *inet = inet_sk(sk);
2273         struct ip_mc_socklist *iml;
2274         struct ip_mc_socklist __rcu **imlp;
2275         struct in_device *in_dev;
2276         struct net *net = sock_net(sk);
2277         __be32 group = imr->imr_multiaddr.s_addr;
2278         u32 ifindex;
2279         int ret = -EADDRNOTAVAIL;
2280
2281         ASSERT_RTNL();
2282
2283         in_dev = ip_mc_find_dev(net, imr);
2284         if (!imr->imr_ifindex && !imr->imr_address.s_addr && !in_dev) {
2285                 ret = -ENODEV;
2286                 goto out;
2287         }
2288         ifindex = imr->imr_ifindex;
2289         for (imlp = &inet->mc_list;
2290              (iml = rtnl_dereference(*imlp)) != NULL;
2291              imlp = &iml->next_rcu) {
2292                 if (iml->multi.imr_multiaddr.s_addr != group)
2293                         continue;
2294                 if (ifindex) {
2295                         if (iml->multi.imr_ifindex != ifindex)
2296                                 continue;
2297                 } else if (imr->imr_address.s_addr && imr->imr_address.s_addr !=
2298                                 iml->multi.imr_address.s_addr)
2299                         continue;
2300
2301                 (void) ip_mc_leave_src(sk, iml, in_dev);
2302
2303                 *imlp = iml->next_rcu;
2304
2305                 if (in_dev)
2306                         ip_mc_dec_group(in_dev, group);
2307
2308                 /* decrease mem now to avoid the memleak warning */
2309                 atomic_sub(sizeof(*iml), &sk->sk_omem_alloc);
2310                 kfree_rcu(iml, rcu);
2311                 return 0;
2312         }
2313 out:
2314         return ret;
2315 }
2316 EXPORT_SYMBOL(ip_mc_leave_group);
2317
2318 int ip_mc_source(int add, int omode, struct sock *sk, struct
2319         ip_mreq_source *mreqs, int ifindex)
2320 {
2321         int err;
2322         struct ip_mreqn imr;
2323         __be32 addr = mreqs->imr_multiaddr;
2324         struct ip_mc_socklist *pmc;
2325         struct in_device *in_dev = NULL;
2326         struct inet_sock *inet = inet_sk(sk);
2327         struct ip_sf_socklist *psl;
2328         struct net *net = sock_net(sk);
2329         int leavegroup = 0;
2330         int i, j, rv;
2331
2332         if (!ipv4_is_multicast(addr))
2333                 return -EINVAL;
2334
2335         ASSERT_RTNL();
2336
2337         imr.imr_multiaddr.s_addr = mreqs->imr_multiaddr;
2338         imr.imr_address.s_addr = mreqs->imr_interface;
2339         imr.imr_ifindex = ifindex;
2340         in_dev = ip_mc_find_dev(net, &imr);
2341
2342         if (!in_dev) {
2343                 err = -ENODEV;
2344                 goto done;
2345         }
2346         err = -EADDRNOTAVAIL;
2347
2348         for_each_pmc_rtnl(inet, pmc) {
2349                 if ((pmc->multi.imr_multiaddr.s_addr ==
2350                      imr.imr_multiaddr.s_addr) &&
2351                     (pmc->multi.imr_ifindex == imr.imr_ifindex))
2352                         break;
2353         }
2354         if (!pmc) {             /* must have a prior join */
2355                 err = -EINVAL;
2356                 goto done;
2357         }
2358         /* if a source filter was set, must be the same mode as before */
2359         if (pmc->sflist) {
2360                 if (pmc->sfmode != omode) {
2361                         err = -EINVAL;
2362                         goto done;
2363                 }
2364         } else if (pmc->sfmode != omode) {
2365                 /* allow mode switches for empty-set filters */
2366                 ip_mc_add_src(in_dev, &mreqs->imr_multiaddr, omode, 0, NULL, 0);
2367                 ip_mc_del_src(in_dev, &mreqs->imr_multiaddr, pmc->sfmode, 0,
2368                         NULL, 0);
2369                 pmc->sfmode = omode;
2370         }
2371
2372         psl = rtnl_dereference(pmc->sflist);
2373         if (!add) {
2374                 if (!psl)
2375                         goto done;      /* err = -EADDRNOTAVAIL */
2376                 rv = !0;
2377                 for (i = 0; i < psl->sl_count; i++) {
2378                         rv = memcmp(&psl->sl_addr[i], &mreqs->imr_sourceaddr,
2379                                 sizeof(__be32));
2380                         if (rv == 0)
2381                                 break;
2382                 }
2383                 if (rv)         /* source not found */
2384                         goto done;      /* err = -EADDRNOTAVAIL */
2385
2386                 /* special case - (INCLUDE, empty) == LEAVE_GROUP */
2387                 if (psl->sl_count == 1 && omode == MCAST_INCLUDE) {
2388                         leavegroup = 1;
2389                         goto done;
2390                 }
2391
2392                 /* update the interface filter */
2393                 ip_mc_del_src(in_dev, &mreqs->imr_multiaddr, omode, 1,
2394                         &mreqs->imr_sourceaddr, 1);
2395
2396                 for (j = i+1; j < psl->sl_count; j++)
2397                         psl->sl_addr[j-1] = psl->sl_addr[j];
2398                 psl->sl_count--;
2399                 err = 0;
2400                 goto done;
2401         }
2402         /* else, add a new source to the filter */
2403
2404         if (psl && psl->sl_count >= net->ipv4.sysctl_igmp_max_msf) {
2405                 err = -ENOBUFS;
2406                 goto done;
2407         }
2408         if (!psl || psl->sl_count == psl->sl_max) {
2409                 struct ip_sf_socklist *newpsl;
2410                 int count = IP_SFBLOCK;
2411
2412                 if (psl)
2413                         count += psl->sl_max;
2414                 newpsl = sock_kmalloc(sk, IP_SFLSIZE(count), GFP_KERNEL);
2415                 if (!newpsl) {
2416                         err = -ENOBUFS;
2417                         goto done;
2418                 }
2419                 newpsl->sl_max = count;
2420                 newpsl->sl_count = count - IP_SFBLOCK;
2421                 if (psl) {
2422                         for (i = 0; i < psl->sl_count; i++)
2423                                 newpsl->sl_addr[i] = psl->sl_addr[i];
2424                         /* decrease mem now to avoid the memleak warning */
2425                         atomic_sub(IP_SFLSIZE(psl->sl_max), &sk->sk_omem_alloc);
2426                 }
2427                 rcu_assign_pointer(pmc->sflist, newpsl);
2428                 if (psl)
2429                         kfree_rcu(psl, rcu);
2430                 psl = newpsl;
2431         }
2432         rv = 1; /* > 0 for insert logic below if sl_count is 0 */
2433         for (i = 0; i < psl->sl_count; i++) {
2434                 rv = memcmp(&psl->sl_addr[i], &mreqs->imr_sourceaddr,
2435                         sizeof(__be32));
2436                 if (rv == 0)
2437                         break;
2438         }
2439         if (rv == 0)            /* address already there is an error */
2440                 goto done;
2441         for (j = psl->sl_count-1; j >= i; j--)
2442                 psl->sl_addr[j+1] = psl->sl_addr[j];
2443         psl->sl_addr[i] = mreqs->imr_sourceaddr;
2444         psl->sl_count++;
2445         err = 0;
2446         /* update the interface list */
2447         ip_mc_add_src(in_dev, &mreqs->imr_multiaddr, omode, 1,
2448                 &mreqs->imr_sourceaddr, 1);
2449 done:
2450         if (leavegroup)
2451                 err = ip_mc_leave_group(sk, &imr);
2452         return err;
2453 }
2454
2455 int ip_mc_msfilter(struct sock *sk, struct ip_msfilter *msf, int ifindex)
2456 {
2457         int err = 0;
2458         struct ip_mreqn imr;
2459         __be32 addr = msf->imsf_multiaddr;
2460         struct ip_mc_socklist *pmc;
2461         struct in_device *in_dev;
2462         struct inet_sock *inet = inet_sk(sk);
2463         struct ip_sf_socklist *newpsl, *psl;
2464         struct net *net = sock_net(sk);
2465         int leavegroup = 0;
2466
2467         if (!ipv4_is_multicast(addr))
2468                 return -EINVAL;
2469         if (msf->imsf_fmode != MCAST_INCLUDE &&
2470             msf->imsf_fmode != MCAST_EXCLUDE)
2471                 return -EINVAL;
2472
2473         ASSERT_RTNL();
2474
2475         imr.imr_multiaddr.s_addr = msf->imsf_multiaddr;
2476         imr.imr_address.s_addr = msf->imsf_interface;
2477         imr.imr_ifindex = ifindex;
2478         in_dev = ip_mc_find_dev(net, &imr);
2479
2480         if (!in_dev) {
2481                 err = -ENODEV;
2482                 goto done;
2483         }
2484
2485         /* special case - (INCLUDE, empty) == LEAVE_GROUP */
2486         if (msf->imsf_fmode == MCAST_INCLUDE && msf->imsf_numsrc == 0) {
2487                 leavegroup = 1;
2488                 goto done;
2489         }
2490
2491         for_each_pmc_rtnl(inet, pmc) {
2492                 if (pmc->multi.imr_multiaddr.s_addr == msf->imsf_multiaddr &&
2493                     pmc->multi.imr_ifindex == imr.imr_ifindex)
2494                         break;
2495         }
2496         if (!pmc) {             /* must have a prior join */
2497                 err = -EINVAL;
2498                 goto done;
2499         }
2500         if (msf->imsf_numsrc) {
2501                 newpsl = sock_kmalloc(sk, IP_SFLSIZE(msf->imsf_numsrc),
2502                                                            GFP_KERNEL);
2503                 if (!newpsl) {
2504                         err = -ENOBUFS;
2505                         goto done;
2506                 }
2507                 newpsl->sl_max = newpsl->sl_count = msf->imsf_numsrc;
2508                 memcpy(newpsl->sl_addr, msf->imsf_slist,
2509                         msf->imsf_numsrc * sizeof(msf->imsf_slist[0]));
2510                 err = ip_mc_add_src(in_dev, &msf->imsf_multiaddr,
2511                         msf->imsf_fmode, newpsl->sl_count, newpsl->sl_addr, 0);
2512                 if (err) {
2513                         sock_kfree_s(sk, newpsl, IP_SFLSIZE(newpsl->sl_max));
2514                         goto done;
2515                 }
2516         } else {
2517                 newpsl = NULL;
2518                 (void) ip_mc_add_src(in_dev, &msf->imsf_multiaddr,
2519                                      msf->imsf_fmode, 0, NULL, 0);
2520         }
2521         psl = rtnl_dereference(pmc->sflist);
2522         if (psl) {
2523                 (void) ip_mc_del_src(in_dev, &msf->imsf_multiaddr, pmc->sfmode,
2524                         psl->sl_count, psl->sl_addr, 0);
2525                 /* decrease mem now to avoid the memleak warning */
2526                 atomic_sub(IP_SFLSIZE(psl->sl_max), &sk->sk_omem_alloc);
2527         } else {
2528                 (void) ip_mc_del_src(in_dev, &msf->imsf_multiaddr, pmc->sfmode,
2529                         0, NULL, 0);
2530         }
2531         rcu_assign_pointer(pmc->sflist, newpsl);
2532         if (psl)
2533                 kfree_rcu(psl, rcu);
2534         pmc->sfmode = msf->imsf_fmode;
2535         err = 0;
2536 done:
2537         if (leavegroup)
2538                 err = ip_mc_leave_group(sk, &imr);
2539         return err;
2540 }
2541
2542 int ip_mc_msfget(struct sock *sk, struct ip_msfilter *msf,
2543         struct ip_msfilter __user *optval, int __user *optlen)
2544 {
2545         int err, len, count, copycount;
2546         struct ip_mreqn imr;
2547         __be32 addr = msf->imsf_multiaddr;
2548         struct ip_mc_socklist *pmc;
2549         struct in_device *in_dev;
2550         struct inet_sock *inet = inet_sk(sk);
2551         struct ip_sf_socklist *psl;
2552         struct net *net = sock_net(sk);
2553
2554         ASSERT_RTNL();
2555
2556         if (!ipv4_is_multicast(addr))
2557                 return -EINVAL;
2558
2559         imr.imr_multiaddr.s_addr = msf->imsf_multiaddr;
2560         imr.imr_address.s_addr = msf->imsf_interface;
2561         imr.imr_ifindex = 0;
2562         in_dev = ip_mc_find_dev(net, &imr);
2563
2564         if (!in_dev) {
2565                 err = -ENODEV;
2566                 goto done;
2567         }
2568         err = -EADDRNOTAVAIL;
2569
2570         for_each_pmc_rtnl(inet, pmc) {
2571                 if (pmc->multi.imr_multiaddr.s_addr == msf->imsf_multiaddr &&
2572                     pmc->multi.imr_ifindex == imr.imr_ifindex)
2573                         break;
2574         }
2575         if (!pmc)               /* must have a prior join */
2576                 goto done;
2577         msf->imsf_fmode = pmc->sfmode;
2578         psl = rtnl_dereference(pmc->sflist);
2579         if (!psl) {
2580                 len = 0;
2581                 count = 0;
2582         } else {
2583                 count = psl->sl_count;
2584         }
2585         copycount = count < msf->imsf_numsrc ? count : msf->imsf_numsrc;
2586         len = copycount * sizeof(psl->sl_addr[0]);
2587         msf->imsf_numsrc = count;
2588         if (put_user(IP_MSFILTER_SIZE(copycount), optlen) ||
2589             copy_to_user(optval, msf, IP_MSFILTER_SIZE(0))) {
2590                 return -EFAULT;
2591         }
2592         if (len &&
2593             copy_to_user(&optval->imsf_slist[0], psl->sl_addr, len))
2594                 return -EFAULT;
2595         return 0;
2596 done:
2597         return err;
2598 }
2599
2600 int ip_mc_gsfget(struct sock *sk, struct group_filter *gsf,
2601         struct group_filter __user *optval, int __user *optlen)
2602 {
2603         int err, i, count, copycount;
2604         struct sockaddr_in *psin;
2605         __be32 addr;
2606         struct ip_mc_socklist *pmc;
2607         struct inet_sock *inet = inet_sk(sk);
2608         struct ip_sf_socklist *psl;
2609
2610         ASSERT_RTNL();
2611
2612         psin = (struct sockaddr_in *)&gsf->gf_group;
2613         if (psin->sin_family != AF_INET)
2614                 return -EINVAL;
2615         addr = psin->sin_addr.s_addr;
2616         if (!ipv4_is_multicast(addr))
2617                 return -EINVAL;
2618
2619         err = -EADDRNOTAVAIL;
2620
2621         for_each_pmc_rtnl(inet, pmc) {
2622                 if (pmc->multi.imr_multiaddr.s_addr == addr &&
2623                     pmc->multi.imr_ifindex == gsf->gf_interface)
2624                         break;
2625         }
2626         if (!pmc)               /* must have a prior join */
2627                 goto done;
2628         gsf->gf_fmode = pmc->sfmode;
2629         psl = rtnl_dereference(pmc->sflist);
2630         count = psl ? psl->sl_count : 0;
2631         copycount = count < gsf->gf_numsrc ? count : gsf->gf_numsrc;
2632         gsf->gf_numsrc = count;
2633         if (put_user(GROUP_FILTER_SIZE(copycount), optlen) ||
2634             copy_to_user(optval, gsf, GROUP_FILTER_SIZE(0))) {
2635                 return -EFAULT;
2636         }
2637         for (i = 0; i < copycount; i++) {
2638                 struct sockaddr_storage ss;
2639
2640                 psin = (struct sockaddr_in *)&ss;
2641                 memset(&ss, 0, sizeof(ss));
2642                 psin->sin_family = AF_INET;
2643                 psin->sin_addr.s_addr = psl->sl_addr[i];
2644                 if (copy_to_user(&optval->gf_slist[i], &ss, sizeof(ss)))
2645                         return -EFAULT;
2646         }
2647         return 0;
2648 done:
2649         return err;
2650 }
2651
2652 /*
2653  * check if a multicast source filter allows delivery for a given <src,dst,intf>
2654  */
2655 int ip_mc_sf_allow(struct sock *sk, __be32 loc_addr, __be32 rmt_addr,
2656                    int dif, int sdif)
2657 {
2658         struct inet_sock *inet = inet_sk(sk);
2659         struct ip_mc_socklist *pmc;
2660         struct ip_sf_socklist *psl;
2661         int i;
2662         int ret;
2663
2664         ret = 1;
2665         if (!ipv4_is_multicast(loc_addr))
2666                 goto out;
2667
2668         rcu_read_lock();
2669         for_each_pmc_rcu(inet, pmc) {
2670                 if (pmc->multi.imr_multiaddr.s_addr == loc_addr &&
2671                     (pmc->multi.imr_ifindex == dif ||
2672                      (sdif && pmc->multi.imr_ifindex == sdif)))
2673                         break;
2674         }
2675         ret = inet->mc_all;
2676         if (!pmc)
2677                 goto unlock;
2678         psl = rcu_dereference(pmc->sflist);
2679         ret = (pmc->sfmode == MCAST_EXCLUDE);
2680         if (!psl)
2681                 goto unlock;
2682
2683         for (i = 0; i < psl->sl_count; i++) {
2684                 if (psl->sl_addr[i] == rmt_addr)
2685                         break;
2686         }
2687         ret = 0;
2688         if (pmc->sfmode == MCAST_INCLUDE && i >= psl->sl_count)
2689                 goto unlock;
2690         if (pmc->sfmode == MCAST_EXCLUDE && i < psl->sl_count)
2691                 goto unlock;
2692         ret = 1;
2693 unlock:
2694         rcu_read_unlock();
2695 out:
2696         return ret;
2697 }
2698
2699 /*
2700  *      A socket is closing.
2701  */
2702
2703 void ip_mc_drop_socket(struct sock *sk)
2704 {
2705         struct inet_sock *inet = inet_sk(sk);
2706         struct ip_mc_socklist *iml;
2707         struct net *net = sock_net(sk);
2708
2709         if (!inet->mc_list)
2710                 return;
2711
2712         rtnl_lock();
2713         while ((iml = rtnl_dereference(inet->mc_list)) != NULL) {
2714                 struct in_device *in_dev;
2715
2716                 inet->mc_list = iml->next_rcu;
2717                 in_dev = inetdev_by_index(net, iml->multi.imr_ifindex);
2718                 (void) ip_mc_leave_src(sk, iml, in_dev);
2719                 if (in_dev)
2720                         ip_mc_dec_group(in_dev, iml->multi.imr_multiaddr.s_addr);
2721                 /* decrease mem now to avoid the memleak warning */
2722                 atomic_sub(sizeof(*iml), &sk->sk_omem_alloc);
2723                 kfree_rcu(iml, rcu);
2724         }
2725         rtnl_unlock();
2726 }
2727
2728 /* called with rcu_read_lock() */
2729 int ip_check_mc_rcu(struct in_device *in_dev, __be32 mc_addr, __be32 src_addr, u8 proto)
2730 {
2731         struct ip_mc_list *im;
2732         struct ip_mc_list __rcu **mc_hash;
2733         struct ip_sf_list *psf;
2734         int rv = 0;
2735
2736         mc_hash = rcu_dereference(in_dev->mc_hash);
2737         if (mc_hash) {
2738                 u32 hash = hash_32((__force u32)mc_addr, MC_HASH_SZ_LOG);
2739
2740                 for (im = rcu_dereference(mc_hash[hash]);
2741                      im != NULL;
2742                      im = rcu_dereference(im->next_hash)) {
2743                         if (im->multiaddr == mc_addr)
2744                                 break;
2745                 }
2746         } else {
2747                 for_each_pmc_rcu(in_dev, im) {
2748                         if (im->multiaddr == mc_addr)
2749                                 break;
2750                 }
2751         }
2752         if (im && proto == IPPROTO_IGMP) {
2753                 rv = 1;
2754         } else if (im) {
2755                 if (src_addr) {
2756                         spin_lock_bh(&im->lock);
2757                         for (psf = im->sources; psf; psf = psf->sf_next) {
2758                                 if (psf->sf_inaddr == src_addr)
2759                                         break;
2760                         }
2761                         if (psf)
2762                                 rv = psf->sf_count[MCAST_INCLUDE] ||
2763                                         psf->sf_count[MCAST_EXCLUDE] !=
2764                                         im->sfcount[MCAST_EXCLUDE];
2765                         else
2766                                 rv = im->sfcount[MCAST_EXCLUDE] != 0;
2767                         spin_unlock_bh(&im->lock);
2768                 } else
2769                         rv = 1; /* unspecified source; tentatively allow */
2770         }
2771         return rv;
2772 }
2773
2774 #if defined(CONFIG_PROC_FS)
2775 struct igmp_mc_iter_state {
2776         struct seq_net_private p;
2777         struct net_device *dev;
2778         struct in_device *in_dev;
2779 };
2780
2781 #define igmp_mc_seq_private(seq)        ((struct igmp_mc_iter_state *)(seq)->private)
2782
2783 static inline struct ip_mc_list *igmp_mc_get_first(struct seq_file *seq)
2784 {
2785         struct net *net = seq_file_net(seq);
2786         struct ip_mc_list *im = NULL;
2787         struct igmp_mc_iter_state *state = igmp_mc_seq_private(seq);
2788
2789         state->in_dev = NULL;
2790         for_each_netdev_rcu(net, state->dev) {
2791                 struct in_device *in_dev;
2792
2793                 in_dev = __in_dev_get_rcu(state->dev);
2794                 if (!in_dev)
2795                         continue;
2796                 im = rcu_dereference(in_dev->mc_list);
2797                 if (im) {
2798                         state->in_dev = in_dev;
2799                         break;
2800                 }
2801         }
2802         return im;
2803 }
2804
2805 static struct ip_mc_list *igmp_mc_get_next(struct seq_file *seq, struct ip_mc_list *im)
2806 {
2807         struct igmp_mc_iter_state *state = igmp_mc_seq_private(seq);
2808
2809         im = rcu_dereference(im->next_rcu);
2810         while (!im) {
2811                 state->dev = next_net_device_rcu(state->dev);
2812                 if (!state->dev) {
2813                         state->in_dev = NULL;
2814                         break;
2815                 }
2816                 state->in_dev = __in_dev_get_rcu(state->dev);
2817                 if (!state->in_dev)
2818                         continue;
2819                 im = rcu_dereference(state->in_dev->mc_list);
2820         }
2821         return im;
2822 }
2823
2824 static struct ip_mc_list *igmp_mc_get_idx(struct seq_file *seq, loff_t pos)
2825 {
2826         struct ip_mc_list *im = igmp_mc_get_first(seq);
2827         if (im)
2828                 while (pos && (im = igmp_mc_get_next(seq, im)) != NULL)
2829                         --pos;
2830         return pos ? NULL : im;
2831 }
2832
2833 static void *igmp_mc_seq_start(struct seq_file *seq, loff_t *pos)
2834         __acquires(rcu)
2835 {
2836         rcu_read_lock();
2837         return *pos ? igmp_mc_get_idx(seq, *pos - 1) : SEQ_START_TOKEN;
2838 }
2839
2840 static void *igmp_mc_seq_next(struct seq_file *seq, void *v, loff_t *pos)
2841 {
2842         struct ip_mc_list *im;
2843         if (v == SEQ_START_TOKEN)
2844                 im = igmp_mc_get_first(seq);
2845         else
2846                 im = igmp_mc_get_next(seq, v);
2847         ++*pos;
2848         return im;
2849 }
2850
2851 static void igmp_mc_seq_stop(struct seq_file *seq, void *v)
2852         __releases(rcu)
2853 {
2854         struct igmp_mc_iter_state *state = igmp_mc_seq_private(seq);
2855
2856         state->in_dev = NULL;
2857         state->dev = NULL;
2858         rcu_read_unlock();
2859 }
2860
2861 static int igmp_mc_seq_show(struct seq_file *seq, void *v)
2862 {
2863         if (v == SEQ_START_TOKEN)
2864                 seq_puts(seq,
2865                          "Idx\tDevice    : Count Querier\tGroup    Users Timer\tReporter\n");
2866         else {
2867                 struct ip_mc_list *im = (struct ip_mc_list *)v;
2868                 struct igmp_mc_iter_state *state = igmp_mc_seq_private(seq);
2869                 char   *querier;
2870                 long delta;
2871
2872 #ifdef CONFIG_IP_MULTICAST
2873                 querier = IGMP_V1_SEEN(state->in_dev) ? "V1" :
2874                           IGMP_V2_SEEN(state->in_dev) ? "V2" :
2875                           "V3";
2876 #else
2877                 querier = "NONE";
2878 #endif
2879
2880                 if (rcu_access_pointer(state->in_dev->mc_list) == im) {
2881                         seq_printf(seq, "%d\t%-10s: %5d %7s\n",
2882                                    state->dev->ifindex, state->dev->name, state->in_dev->mc_count, querier);
2883                 }
2884
2885                 delta = im->timer.expires - jiffies;
2886                 seq_printf(seq,
2887                            "\t\t\t\t%08X %5d %d:%08lX\t\t%d\n",
2888                            im->multiaddr, im->users,
2889                            im->tm_running,
2890                            im->tm_running ? jiffies_delta_to_clock_t(delta) : 0,
2891                            im->reporter);
2892         }
2893         return 0;
2894 }
2895
2896 static const struct seq_operations igmp_mc_seq_ops = {
2897         .start  =       igmp_mc_seq_start,
2898         .next   =       igmp_mc_seq_next,
2899         .stop   =       igmp_mc_seq_stop,
2900         .show   =       igmp_mc_seq_show,
2901 };
2902
2903 struct igmp_mcf_iter_state {
2904         struct seq_net_private p;
2905         struct net_device *dev;
2906         struct in_device *idev;
2907         struct ip_mc_list *im;
2908 };
2909
2910 #define igmp_mcf_seq_private(seq)       ((struct igmp_mcf_iter_state *)(seq)->private)
2911
2912 static inline struct ip_sf_list *igmp_mcf_get_first(struct seq_file *seq)
2913 {
2914         struct net *net = seq_file_net(seq);
2915         struct ip_sf_list *psf = NULL;
2916         struct ip_mc_list *im = NULL;
2917         struct igmp_mcf_iter_state *state = igmp_mcf_seq_private(seq);
2918
2919         state->idev = NULL;
2920         state->im = NULL;
2921         for_each_netdev_rcu(net, state->dev) {
2922                 struct in_device *idev;
2923                 idev = __in_dev_get_rcu(state->dev);
2924                 if (unlikely(!idev))
2925                         continue;
2926                 im = rcu_dereference(idev->mc_list);
2927                 if (likely(im)) {
2928                         spin_lock_bh(&im->lock);
2929                         psf = im->sources;
2930                         if (likely(psf)) {
2931                                 state->im = im;
2932                                 state->idev = idev;
2933                                 break;
2934                         }
2935                         spin_unlock_bh(&im->lock);
2936                 }
2937         }
2938         return psf;
2939 }
2940
2941 static struct ip_sf_list *igmp_mcf_get_next(struct seq_file *seq, struct ip_sf_list *psf)
2942 {
2943         struct igmp_mcf_iter_state *state = igmp_mcf_seq_private(seq);
2944
2945         psf = psf->sf_next;
2946         while (!psf) {
2947                 spin_unlock_bh(&state->im->lock);
2948                 state->im = state->im->next;
2949                 while (!state->im) {
2950                         state->dev = next_net_device_rcu(state->dev);
2951                         if (!state->dev) {
2952                                 state->idev = NULL;
2953                                 goto out;
2954                         }
2955                         state->idev = __in_dev_get_rcu(state->dev);
2956                         if (!state->idev)
2957                                 continue;
2958                         state->im = rcu_dereference(state->idev->mc_list);
2959                 }
2960                 if (!state->im)
2961                         break;
2962                 spin_lock_bh(&state->im->lock);
2963                 psf = state->im->sources;
2964         }
2965 out:
2966         return psf;
2967 }
2968
2969 static struct ip_sf_list *igmp_mcf_get_idx(struct seq_file *seq, loff_t pos)
2970 {
2971         struct ip_sf_list *psf = igmp_mcf_get_first(seq);
2972         if (psf)
2973                 while (pos && (psf = igmp_mcf_get_next(seq, psf)) != NULL)
2974                         --pos;
2975         return pos ? NULL : psf;
2976 }
2977
2978 static void *igmp_mcf_seq_start(struct seq_file *seq, loff_t *pos)
2979         __acquires(rcu)
2980 {
2981         rcu_read_lock();
2982         return *pos ? igmp_mcf_get_idx(seq, *pos - 1) : SEQ_START_TOKEN;
2983 }
2984
2985 static void *igmp_mcf_seq_next(struct seq_file *seq, void *v, loff_t *pos)
2986 {
2987         struct ip_sf_list *psf;
2988         if (v == SEQ_START_TOKEN)
2989                 psf = igmp_mcf_get_first(seq);
2990         else
2991                 psf = igmp_mcf_get_next(seq, v);
2992         ++*pos;
2993         return psf;
2994 }
2995
2996 static void igmp_mcf_seq_stop(struct seq_file *seq, void *v)
2997         __releases(rcu)
2998 {
2999         struct igmp_mcf_iter_state *state = igmp_mcf_seq_private(seq);
3000         if (likely(state->im)) {
3001                 spin_unlock_bh(&state->im->lock);
3002                 state->im = NULL;
3003         }
3004         state->idev = NULL;
3005         state->dev = NULL;
3006         rcu_read_unlock();
3007 }
3008
3009 static int igmp_mcf_seq_show(struct seq_file *seq, void *v)
3010 {
3011         struct ip_sf_list *psf = (struct ip_sf_list *)v;
3012         struct igmp_mcf_iter_state *state = igmp_mcf_seq_private(seq);
3013
3014         if (v == SEQ_START_TOKEN) {
3015                 seq_puts(seq, "Idx Device        MCA        SRC    INC    EXC\n");
3016         } else {
3017                 seq_printf(seq,
3018                            "%3d %6.6s 0x%08x "
3019                            "0x%08x %6lu %6lu\n",
3020                            state->dev->ifindex, state->dev->name,
3021                            ntohl(state->im->multiaddr),
3022                            ntohl(psf->sf_inaddr),
3023                            psf->sf_count[MCAST_INCLUDE],
3024                            psf->sf_count[MCAST_EXCLUDE]);
3025         }
3026         return 0;
3027 }
3028
3029 static const struct seq_operations igmp_mcf_seq_ops = {
3030         .start  =       igmp_mcf_seq_start,
3031         .next   =       igmp_mcf_seq_next,
3032         .stop   =       igmp_mcf_seq_stop,
3033         .show   =       igmp_mcf_seq_show,
3034 };
3035
3036 static int __net_init igmp_net_init(struct net *net)
3037 {
3038         struct proc_dir_entry *pde;
3039         int err;
3040
3041         pde = proc_create_net("igmp", 0444, net->proc_net, &igmp_mc_seq_ops,
3042                         sizeof(struct igmp_mc_iter_state));
3043         if (!pde)
3044                 goto out_igmp;
3045         pde = proc_create_net("mcfilter", 0444, net->proc_net,
3046                         &igmp_mcf_seq_ops, sizeof(struct igmp_mcf_iter_state));
3047         if (!pde)
3048                 goto out_mcfilter;
3049         err = inet_ctl_sock_create(&net->ipv4.mc_autojoin_sk, AF_INET,
3050                                    SOCK_DGRAM, 0, net);
3051         if (err < 0) {
3052                 pr_err("Failed to initialize the IGMP autojoin socket (err %d)\n",
3053                        err);
3054                 goto out_sock;
3055         }
3056
3057         return 0;
3058
3059 out_sock:
3060         remove_proc_entry("mcfilter", net->proc_net);
3061 out_mcfilter:
3062         remove_proc_entry("igmp", net->proc_net);
3063 out_igmp:
3064         return -ENOMEM;
3065 }
3066
3067 static void __net_exit igmp_net_exit(struct net *net)
3068 {
3069         remove_proc_entry("mcfilter", net->proc_net);
3070         remove_proc_entry("igmp", net->proc_net);
3071         inet_ctl_sock_destroy(net->ipv4.mc_autojoin_sk);
3072 }
3073
3074 static struct pernet_operations igmp_net_ops = {
3075         .init = igmp_net_init,
3076         .exit = igmp_net_exit,
3077 };
3078 #endif
3079
3080 static int igmp_netdev_event(struct notifier_block *this,
3081                              unsigned long event, void *ptr)
3082 {
3083         struct net_device *dev = netdev_notifier_info_to_dev(ptr);
3084         struct in_device *in_dev;
3085
3086         switch (event) {
3087         case NETDEV_RESEND_IGMP:
3088                 in_dev = __in_dev_get_rtnl(dev);
3089                 if (in_dev)
3090                         ip_mc_rejoin_groups(in_dev);
3091                 break;
3092         default:
3093                 break;
3094         }
3095         return NOTIFY_DONE;
3096 }
3097
3098 static struct notifier_block igmp_notifier = {
3099         .notifier_call = igmp_netdev_event,
3100 };
3101
3102 int __init igmp_mc_init(void)
3103 {
3104 #if defined(CONFIG_PROC_FS)
3105         int err;
3106
3107         err = register_pernet_subsys(&igmp_net_ops);
3108         if (err)
3109                 return err;
3110         err = register_netdevice_notifier(&igmp_notifier);
3111         if (err)
3112                 goto reg_notif_fail;
3113         return 0;
3114
3115 reg_notif_fail:
3116         unregister_pernet_subsys(&igmp_net_ops);
3117         return err;
3118 #else
3119         return register_netdevice_notifier(&igmp_notifier);
3120 #endif
3121 }
Source code of Linux-libre