1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * NET3 IP device support routines.
5 * Derived from the IP parts of dev.c 1.0.19
7 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
8 * Mark Evans, <evansmp@uhura.aston.ac.uk>
11 * Alan Cox, <gw4pts@gw4pts.ampr.org>
12 * Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>
15 * Alexey Kuznetsov: pa_* fields are replaced with ifaddr
17 * Cyrus Durgin: updated for kmod
18 * Matthias Andree: in devinet_ioctl, compare label and
19 * address (4.4BSD alias style support),
20 * fall back to comparing just the label
25 #include <linux/uaccess.h>
26 #include <linux/bitops.h>
27 #include <linux/capability.h>
28 #include <linux/module.h>
29 #include <linux/types.h>
30 #include <linux/kernel.h>
31 #include <linux/sched/signal.h>
32 #include <linux/string.h>
34 #include <linux/socket.h>
35 #include <linux/sockios.h>
37 #include <linux/errno.h>
38 #include <linux/interrupt.h>
39 #include <linux/if_addr.h>
40 #include <linux/if_ether.h>
41 #include <linux/inet.h>
42 #include <linux/netdevice.h>
43 #include <linux/etherdevice.h>
44 #include <linux/skbuff.h>
45 #include <linux/init.h>
46 #include <linux/notifier.h>
47 #include <linux/inetdevice.h>
48 #include <linux/igmp.h>
49 #include <linux/slab.h>
50 #include <linux/hash.h>
52 #include <linux/sysctl.h>
54 #include <linux/kmod.h>
55 #include <linux/netconf.h>
59 #include <net/route.h>
60 #include <net/ip_fib.h>
61 #include <net/rtnetlink.h>
62 #include <net/net_namespace.h>
63 #include <net/addrconf.h>
65 #define IPV6ONLY_FLAGS \
66 (IFA_F_NODAD | IFA_F_OPTIMISTIC | IFA_F_DADFAILED | \
67 IFA_F_HOMEADDRESS | IFA_F_TENTATIVE | \
68 IFA_F_MANAGETEMPADDR | IFA_F_STABLE_PRIVACY)
70 static struct ipv4_devconf ipv4_devconf = {
72 [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 1,
73 [IPV4_DEVCONF_SEND_REDIRECTS - 1] = 1,
74 [IPV4_DEVCONF_SECURE_REDIRECTS - 1] = 1,
75 [IPV4_DEVCONF_SHARED_MEDIA - 1] = 1,
76 [IPV4_DEVCONF_IGMPV2_UNSOLICITED_REPORT_INTERVAL - 1] = 10000 /*ms*/,
77 [IPV4_DEVCONF_IGMPV3_UNSOLICITED_REPORT_INTERVAL - 1] = 1000 /*ms*/,
78 [IPV4_DEVCONF_ARP_EVICT_NOCARRIER - 1] = 1,
82 static struct ipv4_devconf ipv4_devconf_dflt = {
84 [IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 1,
85 [IPV4_DEVCONF_SEND_REDIRECTS - 1] = 1,
86 [IPV4_DEVCONF_SECURE_REDIRECTS - 1] = 1,
87 [IPV4_DEVCONF_SHARED_MEDIA - 1] = 1,
88 [IPV4_DEVCONF_ACCEPT_SOURCE_ROUTE - 1] = 1,
89 [IPV4_DEVCONF_IGMPV2_UNSOLICITED_REPORT_INTERVAL - 1] = 10000 /*ms*/,
90 [IPV4_DEVCONF_IGMPV3_UNSOLICITED_REPORT_INTERVAL - 1] = 1000 /*ms*/,
91 [IPV4_DEVCONF_ARP_EVICT_NOCARRIER - 1] = 1,
95 #define IPV4_DEVCONF_DFLT(net, attr) \
96 IPV4_DEVCONF((*net->ipv4.devconf_dflt), attr)
98 static const struct nla_policy ifa_ipv4_policy[IFA_MAX+1] = {
99 [IFA_LOCAL] = { .type = NLA_U32 },
100 [IFA_ADDRESS] = { .type = NLA_U32 },
101 [IFA_BROADCAST] = { .type = NLA_U32 },
102 [IFA_LABEL] = { .type = NLA_STRING, .len = IFNAMSIZ - 1 },
103 [IFA_CACHEINFO] = { .len = sizeof(struct ifa_cacheinfo) },
104 [IFA_FLAGS] = { .type = NLA_U32 },
105 [IFA_RT_PRIORITY] = { .type = NLA_U32 },
106 [IFA_TARGET_NETNSID] = { .type = NLA_S32 },
107 [IFA_PROTO] = { .type = NLA_U8 },
110 struct inet_fill_args {
119 #define IN4_ADDR_HSIZE_SHIFT 8
120 #define IN4_ADDR_HSIZE (1U << IN4_ADDR_HSIZE_SHIFT)
122 static struct hlist_head inet_addr_lst[IN4_ADDR_HSIZE];
124 static u32 inet_addr_hash(const struct net *net, __be32 addr)
126 u32 val = (__force u32) addr ^ net_hash_mix(net);
128 return hash_32(val, IN4_ADDR_HSIZE_SHIFT);
131 static void inet_hash_insert(struct net *net, struct in_ifaddr *ifa)
133 u32 hash = inet_addr_hash(net, ifa->ifa_local);
136 hlist_add_head_rcu(&ifa->hash, &inet_addr_lst[hash]);
139 static void inet_hash_remove(struct in_ifaddr *ifa)
142 hlist_del_init_rcu(&ifa->hash);
146 * __ip_dev_find - find the first device with a given source address.
147 * @net: the net namespace
148 * @addr: the source address
149 * @devref: if true, take a reference on the found device
151 * If a caller uses devref=false, it should be protected by RCU, or RTNL
153 struct net_device *__ip_dev_find(struct net *net, __be32 addr, bool devref)
155 struct net_device *result = NULL;
156 struct in_ifaddr *ifa;
159 ifa = inet_lookup_ifaddr_rcu(net, addr);
161 struct flowi4 fl4 = { .daddr = addr };
162 struct fib_result res = { 0 };
163 struct fib_table *local;
165 /* Fallback to FIB local table so that communication
166 * over loopback subnets work.
168 local = fib_get_table(net, RT_TABLE_LOCAL);
170 !fib_table_lookup(local, &fl4, &res, FIB_LOOKUP_NOREF) &&
171 res.type == RTN_LOCAL)
172 result = FIB_RES_DEV(res);
174 result = ifa->ifa_dev->dev;
176 if (result && devref)
181 EXPORT_SYMBOL(__ip_dev_find);
183 /* called under RCU lock */
184 struct in_ifaddr *inet_lookup_ifaddr_rcu(struct net *net, __be32 addr)
186 u32 hash = inet_addr_hash(net, addr);
187 struct in_ifaddr *ifa;
189 hlist_for_each_entry_rcu(ifa, &inet_addr_lst[hash], hash)
190 if (ifa->ifa_local == addr &&
191 net_eq(dev_net(ifa->ifa_dev->dev), net))
197 static void rtmsg_ifa(int event, struct in_ifaddr *, struct nlmsghdr *, u32);
199 static BLOCKING_NOTIFIER_HEAD(inetaddr_chain);
200 static BLOCKING_NOTIFIER_HEAD(inetaddr_validator_chain);
201 static void inet_del_ifa(struct in_device *in_dev,
202 struct in_ifaddr __rcu **ifap,
205 static int devinet_sysctl_register(struct in_device *idev);
206 static void devinet_sysctl_unregister(struct in_device *idev);
208 static int devinet_sysctl_register(struct in_device *idev)
212 static void devinet_sysctl_unregister(struct in_device *idev)
217 /* Locks all the inet devices. */
219 static struct in_ifaddr *inet_alloc_ifa(void)
221 return kzalloc(sizeof(struct in_ifaddr), GFP_KERNEL_ACCOUNT);
224 static void inet_rcu_free_ifa(struct rcu_head *head)
226 struct in_ifaddr *ifa = container_of(head, struct in_ifaddr, rcu_head);
228 in_dev_put(ifa->ifa_dev);
232 static void inet_free_ifa(struct in_ifaddr *ifa)
234 call_rcu(&ifa->rcu_head, inet_rcu_free_ifa);
237 static void in_dev_free_rcu(struct rcu_head *head)
239 struct in_device *idev = container_of(head, struct in_device, rcu_head);
241 kfree(rcu_dereference_protected(idev->mc_hash, 1));
245 void in_dev_finish_destroy(struct in_device *idev)
247 struct net_device *dev = idev->dev;
249 WARN_ON(idev->ifa_list);
250 WARN_ON(idev->mc_list);
251 #ifdef NET_REFCNT_DEBUG
252 pr_debug("%s: %p=%s\n", __func__, idev, dev ? dev->name : "NIL");
254 netdev_put(dev, &idev->dev_tracker);
256 pr_err("Freeing alive in_device %p\n", idev);
258 call_rcu(&idev->rcu_head, in_dev_free_rcu);
260 EXPORT_SYMBOL(in_dev_finish_destroy);
262 static struct in_device *inetdev_init(struct net_device *dev)
264 struct in_device *in_dev;
269 in_dev = kzalloc(sizeof(*in_dev), GFP_KERNEL);
272 memcpy(&in_dev->cnf, dev_net(dev)->ipv4.devconf_dflt,
273 sizeof(in_dev->cnf));
274 in_dev->cnf.sysctl = NULL;
276 in_dev->arp_parms = neigh_parms_alloc(dev, &arp_tbl);
277 if (!in_dev->arp_parms)
279 if (IPV4_DEVCONF(in_dev->cnf, FORWARDING))
280 dev_disable_lro(dev);
281 /* Reference in_dev->dev */
282 netdev_hold(dev, &in_dev->dev_tracker, GFP_KERNEL);
283 /* Account for reference dev->ip_ptr (below) */
284 refcount_set(&in_dev->refcnt, 1);
286 err = devinet_sysctl_register(in_dev);
289 neigh_parms_release(&arp_tbl, in_dev->arp_parms);
294 ip_mc_init_dev(in_dev);
295 if (dev->flags & IFF_UP)
298 /* we can receive as soon as ip_ptr is set -- do this last */
299 rcu_assign_pointer(dev->ip_ptr, in_dev);
301 return in_dev ?: ERR_PTR(err);
308 static void inetdev_destroy(struct in_device *in_dev)
310 struct net_device *dev;
311 struct in_ifaddr *ifa;
319 ip_mc_destroy_dev(in_dev);
321 while ((ifa = rtnl_dereference(in_dev->ifa_list)) != NULL) {
322 inet_del_ifa(in_dev, &in_dev->ifa_list, 0);
326 RCU_INIT_POINTER(dev->ip_ptr, NULL);
328 devinet_sysctl_unregister(in_dev);
329 neigh_parms_release(&arp_tbl, in_dev->arp_parms);
335 int inet_addr_onlink(struct in_device *in_dev, __be32 a, __be32 b)
337 const struct in_ifaddr *ifa;
340 in_dev_for_each_ifa_rcu(ifa, in_dev) {
341 if (inet_ifa_match(a, ifa)) {
342 if (!b || inet_ifa_match(b, ifa)) {
352 static void __inet_del_ifa(struct in_device *in_dev,
353 struct in_ifaddr __rcu **ifap,
354 int destroy, struct nlmsghdr *nlh, u32 portid)
356 struct in_ifaddr *promote = NULL;
357 struct in_ifaddr *ifa, *ifa1;
358 struct in_ifaddr __rcu **last_prim;
359 struct in_ifaddr *prev_prom = NULL;
360 int do_promote = IN_DEV_PROMOTE_SECONDARIES(in_dev);
364 ifa1 = rtnl_dereference(*ifap);
369 /* 1. Deleting primary ifaddr forces deletion all secondaries
370 * unless alias promotion is set
373 if (!(ifa1->ifa_flags & IFA_F_SECONDARY)) {
374 struct in_ifaddr __rcu **ifap1 = &ifa1->ifa_next;
376 while ((ifa = rtnl_dereference(*ifap1)) != NULL) {
377 if (!(ifa->ifa_flags & IFA_F_SECONDARY) &&
378 ifa1->ifa_scope <= ifa->ifa_scope)
379 last_prim = &ifa->ifa_next;
381 if (!(ifa->ifa_flags & IFA_F_SECONDARY) ||
382 ifa1->ifa_mask != ifa->ifa_mask ||
383 !inet_ifa_match(ifa1->ifa_address, ifa)) {
384 ifap1 = &ifa->ifa_next;
390 inet_hash_remove(ifa);
391 *ifap1 = ifa->ifa_next;
393 rtmsg_ifa(RTM_DELADDR, ifa, nlh, portid);
394 blocking_notifier_call_chain(&inetaddr_chain,
404 /* On promotion all secondaries from subnet are changing
405 * the primary IP, we must remove all their routes silently
406 * and later to add them back with new prefsrc. Do this
407 * while all addresses are on the device list.
409 for (ifa = promote; ifa; ifa = rtnl_dereference(ifa->ifa_next)) {
410 if (ifa1->ifa_mask == ifa->ifa_mask &&
411 inet_ifa_match(ifa1->ifa_address, ifa))
412 fib_del_ifaddr(ifa, ifa1);
418 *ifap = ifa1->ifa_next;
419 inet_hash_remove(ifa1);
421 /* 3. Announce address deletion */
423 /* Send message first, then call notifier.
424 At first sight, FIB update triggered by notifier
425 will refer to already deleted ifaddr, that could confuse
426 netlink listeners. It is not true: look, gated sees
427 that route deleted and if it still thinks that ifaddr
428 is valid, it will try to restore deleted routes... Grr.
429 So that, this order is correct.
431 rtmsg_ifa(RTM_DELADDR, ifa1, nlh, portid);
432 blocking_notifier_call_chain(&inetaddr_chain, NETDEV_DOWN, ifa1);
435 struct in_ifaddr *next_sec;
437 next_sec = rtnl_dereference(promote->ifa_next);
439 struct in_ifaddr *last_sec;
441 rcu_assign_pointer(prev_prom->ifa_next, next_sec);
443 last_sec = rtnl_dereference(*last_prim);
444 rcu_assign_pointer(promote->ifa_next, last_sec);
445 rcu_assign_pointer(*last_prim, promote);
448 promote->ifa_flags &= ~IFA_F_SECONDARY;
449 rtmsg_ifa(RTM_NEWADDR, promote, nlh, portid);
450 blocking_notifier_call_chain(&inetaddr_chain,
452 for (ifa = next_sec; ifa;
453 ifa = rtnl_dereference(ifa->ifa_next)) {
454 if (ifa1->ifa_mask != ifa->ifa_mask ||
455 !inet_ifa_match(ifa1->ifa_address, ifa))
465 static void inet_del_ifa(struct in_device *in_dev,
466 struct in_ifaddr __rcu **ifap,
469 __inet_del_ifa(in_dev, ifap, destroy, NULL, 0);
472 static void check_lifetime(struct work_struct *work);
474 static DECLARE_DELAYED_WORK(check_lifetime_work, check_lifetime);
476 static int __inet_insert_ifa(struct in_ifaddr *ifa, struct nlmsghdr *nlh,
477 u32 portid, struct netlink_ext_ack *extack)
479 struct in_ifaddr __rcu **last_primary, **ifap;
480 struct in_device *in_dev = ifa->ifa_dev;
481 struct in_validator_info ivi;
482 struct in_ifaddr *ifa1;
487 if (!ifa->ifa_local) {
492 ifa->ifa_flags &= ~IFA_F_SECONDARY;
493 last_primary = &in_dev->ifa_list;
495 /* Don't set IPv6 only flags to IPv4 addresses */
496 ifa->ifa_flags &= ~IPV6ONLY_FLAGS;
498 ifap = &in_dev->ifa_list;
499 ifa1 = rtnl_dereference(*ifap);
502 if (!(ifa1->ifa_flags & IFA_F_SECONDARY) &&
503 ifa->ifa_scope <= ifa1->ifa_scope)
504 last_primary = &ifa1->ifa_next;
505 if (ifa1->ifa_mask == ifa->ifa_mask &&
506 inet_ifa_match(ifa1->ifa_address, ifa)) {
507 if (ifa1->ifa_local == ifa->ifa_local) {
511 if (ifa1->ifa_scope != ifa->ifa_scope) {
512 NL_SET_ERR_MSG(extack, "ipv4: Invalid scope value");
516 ifa->ifa_flags |= IFA_F_SECONDARY;
519 ifap = &ifa1->ifa_next;
520 ifa1 = rtnl_dereference(*ifap);
523 /* Allow any devices that wish to register ifaddr validtors to weigh
524 * in now, before changes are committed. The rntl lock is serializing
525 * access here, so the state should not change between a validator call
526 * and a final notify on commit. This isn't invoked on promotion under
527 * the assumption that validators are checking the address itself, and
530 ivi.ivi_addr = ifa->ifa_address;
531 ivi.ivi_dev = ifa->ifa_dev;
533 ret = blocking_notifier_call_chain(&inetaddr_validator_chain,
535 ret = notifier_to_errno(ret);
541 if (!(ifa->ifa_flags & IFA_F_SECONDARY))
544 rcu_assign_pointer(ifa->ifa_next, *ifap);
545 rcu_assign_pointer(*ifap, ifa);
547 inet_hash_insert(dev_net(in_dev->dev), ifa);
549 cancel_delayed_work(&check_lifetime_work);
550 queue_delayed_work(system_power_efficient_wq, &check_lifetime_work, 0);
552 /* Send message first, then call notifier.
553 Notifier will trigger FIB update, so that
554 listeners of netlink will know about new ifaddr */
555 rtmsg_ifa(RTM_NEWADDR, ifa, nlh, portid);
556 blocking_notifier_call_chain(&inetaddr_chain, NETDEV_UP, ifa);
561 static int inet_insert_ifa(struct in_ifaddr *ifa)
563 return __inet_insert_ifa(ifa, NULL, 0, NULL);
566 static int inet_set_ifa(struct net_device *dev, struct in_ifaddr *ifa)
568 struct in_device *in_dev = __in_dev_get_rtnl(dev);
576 ipv4_devconf_setall(in_dev);
577 neigh_parms_data_state_setall(in_dev->arp_parms);
578 if (ifa->ifa_dev != in_dev) {
579 WARN_ON(ifa->ifa_dev);
581 ifa->ifa_dev = in_dev;
583 if (ipv4_is_loopback(ifa->ifa_local))
584 ifa->ifa_scope = RT_SCOPE_HOST;
585 return inet_insert_ifa(ifa);
588 /* Caller must hold RCU or RTNL :
589 * We dont take a reference on found in_device
591 struct in_device *inetdev_by_index(struct net *net, int ifindex)
593 struct net_device *dev;
594 struct in_device *in_dev = NULL;
597 dev = dev_get_by_index_rcu(net, ifindex);
599 in_dev = rcu_dereference_rtnl(dev->ip_ptr);
603 EXPORT_SYMBOL(inetdev_by_index);
605 /* Called only from RTNL semaphored context. No locks. */
607 struct in_ifaddr *inet_ifa_byprefix(struct in_device *in_dev, __be32 prefix,
610 struct in_ifaddr *ifa;
614 in_dev_for_each_ifa_rtnl(ifa, in_dev) {
615 if (ifa->ifa_mask == mask && inet_ifa_match(prefix, ifa))
621 static int ip_mc_autojoin_config(struct net *net, bool join,
622 const struct in_ifaddr *ifa)
624 #if defined(CONFIG_IP_MULTICAST)
625 struct ip_mreqn mreq = {
626 .imr_multiaddr.s_addr = ifa->ifa_address,
627 .imr_ifindex = ifa->ifa_dev->dev->ifindex,
629 struct sock *sk = net->ipv4.mc_autojoin_sk;
636 ret = ip_mc_join_group(sk, &mreq);
638 ret = ip_mc_leave_group(sk, &mreq);
647 static int inet_rtm_deladdr(struct sk_buff *skb, struct nlmsghdr *nlh,
648 struct netlink_ext_ack *extack)
650 struct net *net = sock_net(skb->sk);
651 struct in_ifaddr __rcu **ifap;
652 struct nlattr *tb[IFA_MAX+1];
653 struct in_device *in_dev;
654 struct ifaddrmsg *ifm;
655 struct in_ifaddr *ifa;
660 err = nlmsg_parse_deprecated(nlh, sizeof(*ifm), tb, IFA_MAX,
661 ifa_ipv4_policy, extack);
665 ifm = nlmsg_data(nlh);
666 in_dev = inetdev_by_index(net, ifm->ifa_index);
668 NL_SET_ERR_MSG(extack, "ipv4: Device not found");
673 for (ifap = &in_dev->ifa_list; (ifa = rtnl_dereference(*ifap)) != NULL;
674 ifap = &ifa->ifa_next) {
676 ifa->ifa_local != nla_get_in_addr(tb[IFA_LOCAL]))
679 if (tb[IFA_LABEL] && nla_strcmp(tb[IFA_LABEL], ifa->ifa_label))
682 if (tb[IFA_ADDRESS] &&
683 (ifm->ifa_prefixlen != ifa->ifa_prefixlen ||
684 !inet_ifa_match(nla_get_in_addr(tb[IFA_ADDRESS]), ifa)))
687 if (ipv4_is_multicast(ifa->ifa_address))
688 ip_mc_autojoin_config(net, false, ifa);
689 __inet_del_ifa(in_dev, ifap, 1, nlh, NETLINK_CB(skb).portid);
693 NL_SET_ERR_MSG(extack, "ipv4: Address not found");
694 err = -EADDRNOTAVAIL;
699 #define INFINITY_LIFE_TIME 0xFFFFFFFF
701 static void check_lifetime(struct work_struct *work)
703 unsigned long now, next, next_sec, next_sched;
704 struct in_ifaddr *ifa;
705 struct hlist_node *n;
709 next = round_jiffies_up(now + ADDR_CHECK_FREQUENCY);
711 for (i = 0; i < IN4_ADDR_HSIZE; i++) {
712 bool change_needed = false;
715 hlist_for_each_entry_rcu(ifa, &inet_addr_lst[i], hash) {
718 if (ifa->ifa_flags & IFA_F_PERMANENT)
721 /* We try to batch several events at once. */
722 age = (now - ifa->ifa_tstamp +
723 ADDRCONF_TIMER_FUZZ_MINUS) / HZ;
725 if (ifa->ifa_valid_lft != INFINITY_LIFE_TIME &&
726 age >= ifa->ifa_valid_lft) {
727 change_needed = true;
728 } else if (ifa->ifa_preferred_lft ==
729 INFINITY_LIFE_TIME) {
731 } else if (age >= ifa->ifa_preferred_lft) {
732 if (time_before(ifa->ifa_tstamp +
733 ifa->ifa_valid_lft * HZ, next))
734 next = ifa->ifa_tstamp +
735 ifa->ifa_valid_lft * HZ;
737 if (!(ifa->ifa_flags & IFA_F_DEPRECATED))
738 change_needed = true;
739 } else if (time_before(ifa->ifa_tstamp +
740 ifa->ifa_preferred_lft * HZ,
742 next = ifa->ifa_tstamp +
743 ifa->ifa_preferred_lft * HZ;
750 hlist_for_each_entry_safe(ifa, n, &inet_addr_lst[i], hash) {
753 if (ifa->ifa_flags & IFA_F_PERMANENT)
756 /* We try to batch several events at once. */
757 age = (now - ifa->ifa_tstamp +
758 ADDRCONF_TIMER_FUZZ_MINUS) / HZ;
760 if (ifa->ifa_valid_lft != INFINITY_LIFE_TIME &&
761 age >= ifa->ifa_valid_lft) {
762 struct in_ifaddr __rcu **ifap;
763 struct in_ifaddr *tmp;
765 ifap = &ifa->ifa_dev->ifa_list;
766 tmp = rtnl_dereference(*ifap);
769 inet_del_ifa(ifa->ifa_dev,
773 ifap = &tmp->ifa_next;
774 tmp = rtnl_dereference(*ifap);
776 } else if (ifa->ifa_preferred_lft !=
777 INFINITY_LIFE_TIME &&
778 age >= ifa->ifa_preferred_lft &&
779 !(ifa->ifa_flags & IFA_F_DEPRECATED)) {
780 ifa->ifa_flags |= IFA_F_DEPRECATED;
781 rtmsg_ifa(RTM_NEWADDR, ifa, NULL, 0);
787 next_sec = round_jiffies_up(next);
790 /* If rounded timeout is accurate enough, accept it. */
791 if (time_before(next_sec, next + ADDRCONF_TIMER_FUZZ))
792 next_sched = next_sec;
795 /* And minimum interval is ADDRCONF_TIMER_FUZZ_MAX. */
796 if (time_before(next_sched, now + ADDRCONF_TIMER_FUZZ_MAX))
797 next_sched = now + ADDRCONF_TIMER_FUZZ_MAX;
799 queue_delayed_work(system_power_efficient_wq, &check_lifetime_work,
803 static void set_ifa_lifetime(struct in_ifaddr *ifa, __u32 valid_lft,
806 unsigned long timeout;
808 ifa->ifa_flags &= ~(IFA_F_PERMANENT | IFA_F_DEPRECATED);
810 timeout = addrconf_timeout_fixup(valid_lft, HZ);
811 if (addrconf_finite_timeout(timeout))
812 ifa->ifa_valid_lft = timeout;
814 ifa->ifa_flags |= IFA_F_PERMANENT;
816 timeout = addrconf_timeout_fixup(prefered_lft, HZ);
817 if (addrconf_finite_timeout(timeout)) {
819 ifa->ifa_flags |= IFA_F_DEPRECATED;
820 ifa->ifa_preferred_lft = timeout;
822 ifa->ifa_tstamp = jiffies;
823 if (!ifa->ifa_cstamp)
824 ifa->ifa_cstamp = ifa->ifa_tstamp;
827 static struct in_ifaddr *rtm_to_ifaddr(struct net *net, struct nlmsghdr *nlh,
828 __u32 *pvalid_lft, __u32 *pprefered_lft,
829 struct netlink_ext_ack *extack)
831 struct nlattr *tb[IFA_MAX+1];
832 struct in_ifaddr *ifa;
833 struct ifaddrmsg *ifm;
834 struct net_device *dev;
835 struct in_device *in_dev;
838 err = nlmsg_parse_deprecated(nlh, sizeof(*ifm), tb, IFA_MAX,
839 ifa_ipv4_policy, extack);
843 ifm = nlmsg_data(nlh);
846 if (ifm->ifa_prefixlen > 32) {
847 NL_SET_ERR_MSG(extack, "ipv4: Invalid prefix length");
851 if (!tb[IFA_LOCAL]) {
852 NL_SET_ERR_MSG(extack, "ipv4: Local address is not supplied");
856 dev = __dev_get_by_index(net, ifm->ifa_index);
859 NL_SET_ERR_MSG(extack, "ipv4: Device not found");
863 in_dev = __in_dev_get_rtnl(dev);
868 ifa = inet_alloc_ifa();
871 * A potential indev allocation can be left alive, it stays
872 * assigned to its device and is destroy with it.
876 ipv4_devconf_setall(in_dev);
877 neigh_parms_data_state_setall(in_dev->arp_parms);
880 if (!tb[IFA_ADDRESS])
881 tb[IFA_ADDRESS] = tb[IFA_LOCAL];
883 INIT_HLIST_NODE(&ifa->hash);
884 ifa->ifa_prefixlen = ifm->ifa_prefixlen;
885 ifa->ifa_mask = inet_make_mask(ifm->ifa_prefixlen);
886 ifa->ifa_flags = tb[IFA_FLAGS] ? nla_get_u32(tb[IFA_FLAGS]) :
888 ifa->ifa_scope = ifm->ifa_scope;
889 ifa->ifa_dev = in_dev;
891 ifa->ifa_local = nla_get_in_addr(tb[IFA_LOCAL]);
892 ifa->ifa_address = nla_get_in_addr(tb[IFA_ADDRESS]);
894 if (tb[IFA_BROADCAST])
895 ifa->ifa_broadcast = nla_get_in_addr(tb[IFA_BROADCAST]);
898 nla_strscpy(ifa->ifa_label, tb[IFA_LABEL], IFNAMSIZ);
900 memcpy(ifa->ifa_label, dev->name, IFNAMSIZ);
902 if (tb[IFA_RT_PRIORITY])
903 ifa->ifa_rt_priority = nla_get_u32(tb[IFA_RT_PRIORITY]);
906 ifa->ifa_proto = nla_get_u8(tb[IFA_PROTO]);
908 if (tb[IFA_CACHEINFO]) {
909 struct ifa_cacheinfo *ci;
911 ci = nla_data(tb[IFA_CACHEINFO]);
912 if (!ci->ifa_valid || ci->ifa_prefered > ci->ifa_valid) {
913 NL_SET_ERR_MSG(extack, "ipv4: address lifetime invalid");
917 *pvalid_lft = ci->ifa_valid;
918 *pprefered_lft = ci->ifa_prefered;
929 static struct in_ifaddr *find_matching_ifa(struct in_ifaddr *ifa)
931 struct in_device *in_dev = ifa->ifa_dev;
932 struct in_ifaddr *ifa1;
937 in_dev_for_each_ifa_rtnl(ifa1, in_dev) {
938 if (ifa1->ifa_mask == ifa->ifa_mask &&
939 inet_ifa_match(ifa1->ifa_address, ifa) &&
940 ifa1->ifa_local == ifa->ifa_local)
946 static int inet_rtm_newaddr(struct sk_buff *skb, struct nlmsghdr *nlh,
947 struct netlink_ext_ack *extack)
949 struct net *net = sock_net(skb->sk);
950 struct in_ifaddr *ifa;
951 struct in_ifaddr *ifa_existing;
952 __u32 valid_lft = INFINITY_LIFE_TIME;
953 __u32 prefered_lft = INFINITY_LIFE_TIME;
957 ifa = rtm_to_ifaddr(net, nlh, &valid_lft, &prefered_lft, extack);
961 ifa_existing = find_matching_ifa(ifa);
963 /* It would be best to check for !NLM_F_CREATE here but
964 * userspace already relies on not having to provide this.
966 set_ifa_lifetime(ifa, valid_lft, prefered_lft);
967 if (ifa->ifa_flags & IFA_F_MCAUTOJOIN) {
968 int ret = ip_mc_autojoin_config(net, true, ifa);
971 NL_SET_ERR_MSG(extack, "ipv4: Multicast auto join failed");
976 return __inet_insert_ifa(ifa, nlh, NETLINK_CB(skb).portid,
979 u32 new_metric = ifa->ifa_rt_priority;
980 u8 new_proto = ifa->ifa_proto;
984 if (nlh->nlmsg_flags & NLM_F_EXCL ||
985 !(nlh->nlmsg_flags & NLM_F_REPLACE)) {
986 NL_SET_ERR_MSG(extack, "ipv4: Address already assigned");
991 if (ifa->ifa_rt_priority != new_metric) {
992 fib_modify_prefix_metric(ifa, new_metric);
993 ifa->ifa_rt_priority = new_metric;
996 ifa->ifa_proto = new_proto;
998 set_ifa_lifetime(ifa, valid_lft, prefered_lft);
999 cancel_delayed_work(&check_lifetime_work);
1000 queue_delayed_work(system_power_efficient_wq,
1001 &check_lifetime_work, 0);
1002 rtmsg_ifa(RTM_NEWADDR, ifa, nlh, NETLINK_CB(skb).portid);
1008 * Determine a default network mask, based on the IP address.
1011 static int inet_abc_len(__be32 addr)
1013 int rc = -1; /* Something else, probably a multicast. */
1015 if (ipv4_is_zeronet(addr) || ipv4_is_lbcast(addr))
1018 __u32 haddr = ntohl(addr);
1019 if (IN_CLASSA(haddr))
1021 else if (IN_CLASSB(haddr))
1023 else if (IN_CLASSC(haddr))
1025 else if (IN_CLASSE(haddr))
1033 int devinet_ioctl(struct net *net, unsigned int cmd, struct ifreq *ifr)
1035 struct sockaddr_in sin_orig;
1036 struct sockaddr_in *sin = (struct sockaddr_in *)&ifr->ifr_addr;
1037 struct in_ifaddr __rcu **ifap = NULL;
1038 struct in_device *in_dev;
1039 struct in_ifaddr *ifa = NULL;
1040 struct net_device *dev;
1043 int tryaddrmatch = 0;
1045 ifr->ifr_name[IFNAMSIZ - 1] = 0;
1047 /* save original address for comparison */
1048 memcpy(&sin_orig, sin, sizeof(*sin));
1050 colon = strchr(ifr->ifr_name, ':');
1054 dev_load(net, ifr->ifr_name);
1057 case SIOCGIFADDR: /* Get interface address */
1058 case SIOCGIFBRDADDR: /* Get the broadcast address */
1059 case SIOCGIFDSTADDR: /* Get the destination address */
1060 case SIOCGIFNETMASK: /* Get the netmask for the interface */
1061 /* Note that these ioctls will not sleep,
1062 so that we do not impose a lock.
1063 One day we will be forced to put shlock here (I mean SMP)
1065 tryaddrmatch = (sin_orig.sin_family == AF_INET);
1066 memset(sin, 0, sizeof(*sin));
1067 sin->sin_family = AF_INET;
1072 if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
1075 case SIOCSIFADDR: /* Set interface address (and family) */
1076 case SIOCSIFBRDADDR: /* Set the broadcast address */
1077 case SIOCSIFDSTADDR: /* Set the destination address */
1078 case SIOCSIFNETMASK: /* Set the netmask for the interface */
1080 if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
1083 if (sin->sin_family != AF_INET)
1094 dev = __dev_get_by_name(net, ifr->ifr_name);
1101 in_dev = __in_dev_get_rtnl(dev);
1104 /* Matthias Andree */
1105 /* compare label and address (4.4BSD style) */
1106 /* note: we only do this for a limited set of ioctls
1107 and only if the original address family was AF_INET.
1108 This is checked above. */
1110 for (ifap = &in_dev->ifa_list;
1111 (ifa = rtnl_dereference(*ifap)) != NULL;
1112 ifap = &ifa->ifa_next) {
1113 if (!strcmp(ifr->ifr_name, ifa->ifa_label) &&
1114 sin_orig.sin_addr.s_addr ==
1120 /* we didn't get a match, maybe the application is
1121 4.3BSD-style and passed in junk so we fall back to
1122 comparing just the label */
1124 for (ifap = &in_dev->ifa_list;
1125 (ifa = rtnl_dereference(*ifap)) != NULL;
1126 ifap = &ifa->ifa_next)
1127 if (!strcmp(ifr->ifr_name, ifa->ifa_label))
1132 ret = -EADDRNOTAVAIL;
1133 if (!ifa && cmd != SIOCSIFADDR && cmd != SIOCSIFFLAGS)
1137 case SIOCGIFADDR: /* Get interface address */
1139 sin->sin_addr.s_addr = ifa->ifa_local;
1142 case SIOCGIFBRDADDR: /* Get the broadcast address */
1144 sin->sin_addr.s_addr = ifa->ifa_broadcast;
1147 case SIOCGIFDSTADDR: /* Get the destination address */
1149 sin->sin_addr.s_addr = ifa->ifa_address;
1152 case SIOCGIFNETMASK: /* Get the netmask for the interface */
1154 sin->sin_addr.s_addr = ifa->ifa_mask;
1159 ret = -EADDRNOTAVAIL;
1163 if (!(ifr->ifr_flags & IFF_UP))
1164 inet_del_ifa(in_dev, ifap, 1);
1167 ret = dev_change_flags(dev, ifr->ifr_flags, NULL);
1170 case SIOCSIFADDR: /* Set interface address (and family) */
1172 if (inet_abc_len(sin->sin_addr.s_addr) < 0)
1177 ifa = inet_alloc_ifa();
1180 INIT_HLIST_NODE(&ifa->hash);
1182 memcpy(ifa->ifa_label, ifr->ifr_name, IFNAMSIZ);
1184 memcpy(ifa->ifa_label, dev->name, IFNAMSIZ);
1187 if (ifa->ifa_local == sin->sin_addr.s_addr)
1189 inet_del_ifa(in_dev, ifap, 0);
1190 ifa->ifa_broadcast = 0;
1194 ifa->ifa_address = ifa->ifa_local = sin->sin_addr.s_addr;
1196 if (!(dev->flags & IFF_POINTOPOINT)) {
1197 ifa->ifa_prefixlen = inet_abc_len(ifa->ifa_address);
1198 ifa->ifa_mask = inet_make_mask(ifa->ifa_prefixlen);
1199 if ((dev->flags & IFF_BROADCAST) &&
1200 ifa->ifa_prefixlen < 31)
1201 ifa->ifa_broadcast = ifa->ifa_address |
1204 ifa->ifa_prefixlen = 32;
1205 ifa->ifa_mask = inet_make_mask(32);
1207 set_ifa_lifetime(ifa, INFINITY_LIFE_TIME, INFINITY_LIFE_TIME);
1208 ret = inet_set_ifa(dev, ifa);
1211 case SIOCSIFBRDADDR: /* Set the broadcast address */
1213 if (ifa->ifa_broadcast != sin->sin_addr.s_addr) {
1214 inet_del_ifa(in_dev, ifap, 0);
1215 ifa->ifa_broadcast = sin->sin_addr.s_addr;
1216 inet_insert_ifa(ifa);
1220 case SIOCSIFDSTADDR: /* Set the destination address */
1222 if (ifa->ifa_address == sin->sin_addr.s_addr)
1225 if (inet_abc_len(sin->sin_addr.s_addr) < 0)
1228 inet_del_ifa(in_dev, ifap, 0);
1229 ifa->ifa_address = sin->sin_addr.s_addr;
1230 inet_insert_ifa(ifa);
1233 case SIOCSIFNETMASK: /* Set the netmask for the interface */
1236 * The mask we set must be legal.
1239 if (bad_mask(sin->sin_addr.s_addr, 0))
1242 if (ifa->ifa_mask != sin->sin_addr.s_addr) {
1243 __be32 old_mask = ifa->ifa_mask;
1244 inet_del_ifa(in_dev, ifap, 0);
1245 ifa->ifa_mask = sin->sin_addr.s_addr;
1246 ifa->ifa_prefixlen = inet_mask_len(ifa->ifa_mask);
1248 /* See if current broadcast address matches
1249 * with current netmask, then recalculate
1250 * the broadcast address. Otherwise it's a
1251 * funny address, so don't touch it since
1252 * the user seems to know what (s)he's doing...
1254 if ((dev->flags & IFF_BROADCAST) &&
1255 (ifa->ifa_prefixlen < 31) &&
1256 (ifa->ifa_broadcast ==
1257 (ifa->ifa_local|~old_mask))) {
1258 ifa->ifa_broadcast = (ifa->ifa_local |
1259 ~sin->sin_addr.s_addr);
1261 inet_insert_ifa(ifa);
1271 int inet_gifconf(struct net_device *dev, char __user *buf, int len, int size)
1273 struct in_device *in_dev = __in_dev_get_rtnl(dev);
1274 const struct in_ifaddr *ifa;
1278 if (WARN_ON(size > sizeof(struct ifreq)))
1284 in_dev_for_each_ifa_rtnl(ifa, in_dev) {
1291 memset(&ifr, 0, sizeof(struct ifreq));
1292 strcpy(ifr.ifr_name, ifa->ifa_label);
1294 (*(struct sockaddr_in *)&ifr.ifr_addr).sin_family = AF_INET;
1295 (*(struct sockaddr_in *)&ifr.ifr_addr).sin_addr.s_addr =
1298 if (copy_to_user(buf + done, &ifr, size)) {
1309 static __be32 in_dev_select_addr(const struct in_device *in_dev,
1312 const struct in_ifaddr *ifa;
1314 in_dev_for_each_ifa_rcu(ifa, in_dev) {
1315 if (ifa->ifa_flags & IFA_F_SECONDARY)
1317 if (ifa->ifa_scope != RT_SCOPE_LINK &&
1318 ifa->ifa_scope <= scope)
1319 return ifa->ifa_local;
1325 __be32 inet_select_addr(const struct net_device *dev, __be32 dst, int scope)
1327 const struct in_ifaddr *ifa;
1329 unsigned char localnet_scope = RT_SCOPE_HOST;
1330 struct in_device *in_dev;
1331 struct net *net = dev_net(dev);
1335 in_dev = __in_dev_get_rcu(dev);
1339 if (unlikely(IN_DEV_ROUTE_LOCALNET(in_dev)))
1340 localnet_scope = RT_SCOPE_LINK;
1342 in_dev_for_each_ifa_rcu(ifa, in_dev) {
1343 if (ifa->ifa_flags & IFA_F_SECONDARY)
1345 if (min(ifa->ifa_scope, localnet_scope) > scope)
1347 if (!dst || inet_ifa_match(dst, ifa)) {
1348 addr = ifa->ifa_local;
1352 addr = ifa->ifa_local;
1358 master_idx = l3mdev_master_ifindex_rcu(dev);
1360 /* For VRFs, the VRF device takes the place of the loopback device,
1361 * with addresses on it being preferred. Note in such cases the
1362 * loopback device will be among the devices that fail the master_idx
1363 * equality check in the loop below.
1366 (dev = dev_get_by_index_rcu(net, master_idx)) &&
1367 (in_dev = __in_dev_get_rcu(dev))) {
1368 addr = in_dev_select_addr(in_dev, scope);
1373 /* Not loopback addresses on loopback should be preferred
1374 in this case. It is important that lo is the first interface
1377 for_each_netdev_rcu(net, dev) {
1378 if (l3mdev_master_ifindex_rcu(dev) != master_idx)
1381 in_dev = __in_dev_get_rcu(dev);
1385 addr = in_dev_select_addr(in_dev, scope);
1393 EXPORT_SYMBOL(inet_select_addr);
1395 static __be32 confirm_addr_indev(struct in_device *in_dev, __be32 dst,
1396 __be32 local, int scope)
1398 unsigned char localnet_scope = RT_SCOPE_HOST;
1399 const struct in_ifaddr *ifa;
1403 if (unlikely(IN_DEV_ROUTE_LOCALNET(in_dev)))
1404 localnet_scope = RT_SCOPE_LINK;
1406 in_dev_for_each_ifa_rcu(ifa, in_dev) {
1407 unsigned char min_scope = min(ifa->ifa_scope, localnet_scope);
1410 (local == ifa->ifa_local || !local) &&
1411 min_scope <= scope) {
1412 addr = ifa->ifa_local;
1417 same = (!local || inet_ifa_match(local, ifa)) &&
1418 (!dst || inet_ifa_match(dst, ifa));
1422 /* Is the selected addr into dst subnet? */
1423 if (inet_ifa_match(addr, ifa))
1425 /* No, then can we use new local src? */
1426 if (min_scope <= scope) {
1427 addr = ifa->ifa_local;
1430 /* search for large dst subnet for addr */
1436 return same ? addr : 0;
1440 * Confirm that local IP address exists using wildcards:
1441 * - net: netns to check, cannot be NULL
1442 * - in_dev: only on this interface, NULL=any interface
1443 * - dst: only in the same subnet as dst, 0=any dst
1444 * - local: address, 0=autoselect the local address
1445 * - scope: maximum allowed scope value for the local address
1447 __be32 inet_confirm_addr(struct net *net, struct in_device *in_dev,
1448 __be32 dst, __be32 local, int scope)
1451 struct net_device *dev;
1454 return confirm_addr_indev(in_dev, dst, local, scope);
1457 for_each_netdev_rcu(net, dev) {
1458 in_dev = __in_dev_get_rcu(dev);
1460 addr = confirm_addr_indev(in_dev, dst, local, scope);
1469 EXPORT_SYMBOL(inet_confirm_addr);
1475 int register_inetaddr_notifier(struct notifier_block *nb)
1477 return blocking_notifier_chain_register(&inetaddr_chain, nb);
1479 EXPORT_SYMBOL(register_inetaddr_notifier);
1481 int unregister_inetaddr_notifier(struct notifier_block *nb)
1483 return blocking_notifier_chain_unregister(&inetaddr_chain, nb);
1485 EXPORT_SYMBOL(unregister_inetaddr_notifier);
1487 int register_inetaddr_validator_notifier(struct notifier_block *nb)
1489 return blocking_notifier_chain_register(&inetaddr_validator_chain, nb);
1491 EXPORT_SYMBOL(register_inetaddr_validator_notifier);
1493 int unregister_inetaddr_validator_notifier(struct notifier_block *nb)
1495 return blocking_notifier_chain_unregister(&inetaddr_validator_chain,
1498 EXPORT_SYMBOL(unregister_inetaddr_validator_notifier);
1500 /* Rename ifa_labels for a device name change. Make some effort to preserve
1501 * existing alias numbering and to create unique labels if possible.
1503 static void inetdev_changename(struct net_device *dev, struct in_device *in_dev)
1505 struct in_ifaddr *ifa;
1508 in_dev_for_each_ifa_rtnl(ifa, in_dev) {
1509 char old[IFNAMSIZ], *dot;
1511 memcpy(old, ifa->ifa_label, IFNAMSIZ);
1512 memcpy(ifa->ifa_label, dev->name, IFNAMSIZ);
1515 dot = strchr(old, ':');
1517 sprintf(old, ":%d", named);
1520 if (strlen(dot) + strlen(dev->name) < IFNAMSIZ)
1521 strcat(ifa->ifa_label, dot);
1523 strcpy(ifa->ifa_label + (IFNAMSIZ - strlen(dot) - 1), dot);
1525 rtmsg_ifa(RTM_NEWADDR, ifa, NULL, 0);
1529 static void inetdev_send_gratuitous_arp(struct net_device *dev,
1530 struct in_device *in_dev)
1533 const struct in_ifaddr *ifa;
1535 in_dev_for_each_ifa_rtnl(ifa, in_dev) {
1536 arp_send(ARPOP_REQUEST, ETH_P_ARP,
1537 ifa->ifa_local, dev,
1538 ifa->ifa_local, NULL,
1539 dev->dev_addr, NULL);
1543 /* Called only under RTNL semaphore */
1545 static int inetdev_event(struct notifier_block *this, unsigned long event,
1548 struct net_device *dev = netdev_notifier_info_to_dev(ptr);
1549 struct in_device *in_dev = __in_dev_get_rtnl(dev);
1554 if (event == NETDEV_REGISTER) {
1555 in_dev = inetdev_init(dev);
1557 return notifier_from_errno(PTR_ERR(in_dev));
1558 if (dev->flags & IFF_LOOPBACK) {
1559 IN_DEV_CONF_SET(in_dev, NOXFRM, 1);
1560 IN_DEV_CONF_SET(in_dev, NOPOLICY, 1);
1562 } else if (event == NETDEV_CHANGEMTU) {
1563 /* Re-enabling IP */
1564 if (inetdev_valid_mtu(dev->mtu))
1565 in_dev = inetdev_init(dev);
1571 case NETDEV_REGISTER:
1572 pr_debug("%s: bug\n", __func__);
1573 RCU_INIT_POINTER(dev->ip_ptr, NULL);
1576 if (!inetdev_valid_mtu(dev->mtu))
1578 if (dev->flags & IFF_LOOPBACK) {
1579 struct in_ifaddr *ifa = inet_alloc_ifa();
1582 INIT_HLIST_NODE(&ifa->hash);
1584 ifa->ifa_address = htonl(INADDR_LOOPBACK);
1585 ifa->ifa_prefixlen = 8;
1586 ifa->ifa_mask = inet_make_mask(8);
1587 in_dev_hold(in_dev);
1588 ifa->ifa_dev = in_dev;
1589 ifa->ifa_scope = RT_SCOPE_HOST;
1590 memcpy(ifa->ifa_label, dev->name, IFNAMSIZ);
1591 set_ifa_lifetime(ifa, INFINITY_LIFE_TIME,
1592 INFINITY_LIFE_TIME);
1593 ipv4_devconf_setall(in_dev);
1594 neigh_parms_data_state_setall(in_dev->arp_parms);
1595 inet_insert_ifa(ifa);
1600 case NETDEV_CHANGEADDR:
1601 if (!IN_DEV_ARP_NOTIFY(in_dev))
1604 case NETDEV_NOTIFY_PEERS:
1605 /* Send gratuitous ARP to notify of link change */
1606 inetdev_send_gratuitous_arp(dev, in_dev);
1611 case NETDEV_PRE_TYPE_CHANGE:
1612 ip_mc_unmap(in_dev);
1614 case NETDEV_POST_TYPE_CHANGE:
1615 ip_mc_remap(in_dev);
1617 case NETDEV_CHANGEMTU:
1618 if (inetdev_valid_mtu(dev->mtu))
1620 /* disable IP when MTU is not enough */
1622 case NETDEV_UNREGISTER:
1623 inetdev_destroy(in_dev);
1625 case NETDEV_CHANGENAME:
1626 /* Do not notify about label change, this event is
1627 * not interesting to applications using netlink.
1629 inetdev_changename(dev, in_dev);
1631 devinet_sysctl_unregister(in_dev);
1632 devinet_sysctl_register(in_dev);
1639 static struct notifier_block ip_netdev_notifier = {
1640 .notifier_call = inetdev_event,
1643 static size_t inet_nlmsg_size(void)
1645 return NLMSG_ALIGN(sizeof(struct ifaddrmsg))
1646 + nla_total_size(4) /* IFA_ADDRESS */
1647 + nla_total_size(4) /* IFA_LOCAL */
1648 + nla_total_size(4) /* IFA_BROADCAST */
1649 + nla_total_size(IFNAMSIZ) /* IFA_LABEL */
1650 + nla_total_size(4) /* IFA_FLAGS */
1651 + nla_total_size(1) /* IFA_PROTO */
1652 + nla_total_size(4) /* IFA_RT_PRIORITY */
1653 + nla_total_size(sizeof(struct ifa_cacheinfo)); /* IFA_CACHEINFO */
1656 static inline u32 cstamp_delta(unsigned long cstamp)
1658 return (cstamp - INITIAL_JIFFIES) * 100UL / HZ;
1661 static int put_cacheinfo(struct sk_buff *skb, unsigned long cstamp,
1662 unsigned long tstamp, u32 preferred, u32 valid)
1664 struct ifa_cacheinfo ci;
1666 ci.cstamp = cstamp_delta(cstamp);
1667 ci.tstamp = cstamp_delta(tstamp);
1668 ci.ifa_prefered = preferred;
1669 ci.ifa_valid = valid;
1671 return nla_put(skb, IFA_CACHEINFO, sizeof(ci), &ci);
1674 static int inet_fill_ifaddr(struct sk_buff *skb, struct in_ifaddr *ifa,
1675 struct inet_fill_args *args)
1677 struct ifaddrmsg *ifm;
1678 struct nlmsghdr *nlh;
1679 u32 preferred, valid;
1681 nlh = nlmsg_put(skb, args->portid, args->seq, args->event, sizeof(*ifm),
1686 ifm = nlmsg_data(nlh);
1687 ifm->ifa_family = AF_INET;
1688 ifm->ifa_prefixlen = ifa->ifa_prefixlen;
1689 ifm->ifa_flags = ifa->ifa_flags;
1690 ifm->ifa_scope = ifa->ifa_scope;
1691 ifm->ifa_index = ifa->ifa_dev->dev->ifindex;
1693 if (args->netnsid >= 0 &&
1694 nla_put_s32(skb, IFA_TARGET_NETNSID, args->netnsid))
1695 goto nla_put_failure;
1697 if (!(ifm->ifa_flags & IFA_F_PERMANENT)) {
1698 preferred = ifa->ifa_preferred_lft;
1699 valid = ifa->ifa_valid_lft;
1700 if (preferred != INFINITY_LIFE_TIME) {
1701 long tval = (jiffies - ifa->ifa_tstamp) / HZ;
1703 if (preferred > tval)
1707 if (valid != INFINITY_LIFE_TIME) {
1715 preferred = INFINITY_LIFE_TIME;
1716 valid = INFINITY_LIFE_TIME;
1718 if ((ifa->ifa_address &&
1719 nla_put_in_addr(skb, IFA_ADDRESS, ifa->ifa_address)) ||
1721 nla_put_in_addr(skb, IFA_LOCAL, ifa->ifa_local)) ||
1722 (ifa->ifa_broadcast &&
1723 nla_put_in_addr(skb, IFA_BROADCAST, ifa->ifa_broadcast)) ||
1724 (ifa->ifa_label[0] &&
1725 nla_put_string(skb, IFA_LABEL, ifa->ifa_label)) ||
1727 nla_put_u8(skb, IFA_PROTO, ifa->ifa_proto)) ||
1728 nla_put_u32(skb, IFA_FLAGS, ifa->ifa_flags) ||
1729 (ifa->ifa_rt_priority &&
1730 nla_put_u32(skb, IFA_RT_PRIORITY, ifa->ifa_rt_priority)) ||
1731 put_cacheinfo(skb, ifa->ifa_cstamp, ifa->ifa_tstamp,
1733 goto nla_put_failure;
1735 nlmsg_end(skb, nlh);
1739 nlmsg_cancel(skb, nlh);
1743 static int inet_valid_dump_ifaddr_req(const struct nlmsghdr *nlh,
1744 struct inet_fill_args *fillargs,
1745 struct net **tgt_net, struct sock *sk,
1746 struct netlink_callback *cb)
1748 struct netlink_ext_ack *extack = cb->extack;
1749 struct nlattr *tb[IFA_MAX+1];
1750 struct ifaddrmsg *ifm;
1753 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ifm))) {
1754 NL_SET_ERR_MSG(extack, "ipv4: Invalid header for address dump request");
1758 ifm = nlmsg_data(nlh);
1759 if (ifm->ifa_prefixlen || ifm->ifa_flags || ifm->ifa_scope) {
1760 NL_SET_ERR_MSG(extack, "ipv4: Invalid values in header for address dump request");
1764 fillargs->ifindex = ifm->ifa_index;
1765 if (fillargs->ifindex) {
1766 cb->answer_flags |= NLM_F_DUMP_FILTERED;
1767 fillargs->flags |= NLM_F_DUMP_FILTERED;
1770 err = nlmsg_parse_deprecated_strict(nlh, sizeof(*ifm), tb, IFA_MAX,
1771 ifa_ipv4_policy, extack);
1775 for (i = 0; i <= IFA_MAX; ++i) {
1779 if (i == IFA_TARGET_NETNSID) {
1782 fillargs->netnsid = nla_get_s32(tb[i]);
1784 net = rtnl_get_net_ns_capable(sk, fillargs->netnsid);
1786 fillargs->netnsid = -1;
1787 NL_SET_ERR_MSG(extack, "ipv4: Invalid target network namespace id");
1788 return PTR_ERR(net);
1792 NL_SET_ERR_MSG(extack, "ipv4: Unsupported attribute in dump request");
1800 static int in_dev_dump_addr(struct in_device *in_dev, struct sk_buff *skb,
1801 struct netlink_callback *cb, int s_ip_idx,
1802 struct inet_fill_args *fillargs)
1804 struct in_ifaddr *ifa;
1808 in_dev_for_each_ifa_rtnl(ifa, in_dev) {
1809 if (ip_idx < s_ip_idx) {
1813 err = inet_fill_ifaddr(skb, ifa, fillargs);
1817 nl_dump_check_consistent(cb, nlmsg_hdr(skb));
1823 cb->args[2] = ip_idx;
1828 /* Combine dev_addr_genid and dev_base_seq to detect changes.
1830 static u32 inet_base_seq(const struct net *net)
1832 u32 res = atomic_read(&net->ipv4.dev_addr_genid) +
1835 /* Must not return 0 (see nl_dump_check_consistent()).
1836 * Chose a value far away from 0.
1843 static int inet_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb)
1845 const struct nlmsghdr *nlh = cb->nlh;
1846 struct inet_fill_args fillargs = {
1847 .portid = NETLINK_CB(cb->skb).portid,
1848 .seq = nlh->nlmsg_seq,
1849 .event = RTM_NEWADDR,
1850 .flags = NLM_F_MULTI,
1853 struct net *net = sock_net(skb->sk);
1854 struct net *tgt_net = net;
1858 struct net_device *dev;
1859 struct in_device *in_dev;
1860 struct hlist_head *head;
1864 s_idx = idx = cb->args[1];
1865 s_ip_idx = cb->args[2];
1867 if (cb->strict_check) {
1868 err = inet_valid_dump_ifaddr_req(nlh, &fillargs, &tgt_net,
1874 if (fillargs.ifindex) {
1875 dev = __dev_get_by_index(tgt_net, fillargs.ifindex);
1881 in_dev = __in_dev_get_rtnl(dev);
1883 err = in_dev_dump_addr(in_dev, skb, cb, s_ip_idx,
1890 for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) {
1892 head = &tgt_net->dev_index_head[h];
1894 cb->seq = inet_base_seq(tgt_net);
1895 hlist_for_each_entry_rcu(dev, head, index_hlist) {
1898 if (h > s_h || idx > s_idx)
1900 in_dev = __in_dev_get_rcu(dev);
1904 err = in_dev_dump_addr(in_dev, skb, cb, s_ip_idx,
1920 if (fillargs.netnsid >= 0)
1923 return skb->len ? : err;
1926 static void rtmsg_ifa(int event, struct in_ifaddr *ifa, struct nlmsghdr *nlh,
1929 struct inet_fill_args fillargs = {
1931 .seq = nlh ? nlh->nlmsg_seq : 0,
1936 struct sk_buff *skb;
1940 net = dev_net(ifa->ifa_dev->dev);
1941 skb = nlmsg_new(inet_nlmsg_size(), GFP_KERNEL);
1945 err = inet_fill_ifaddr(skb, ifa, &fillargs);
1947 /* -EMSGSIZE implies BUG in inet_nlmsg_size() */
1948 WARN_ON(err == -EMSGSIZE);
1952 rtnl_notify(skb, net, portid, RTNLGRP_IPV4_IFADDR, nlh, GFP_KERNEL);
1956 rtnl_set_sk_err(net, RTNLGRP_IPV4_IFADDR, err);
1959 static size_t inet_get_link_af_size(const struct net_device *dev,
1960 u32 ext_filter_mask)
1962 struct in_device *in_dev = rcu_dereference_rtnl(dev->ip_ptr);
1967 return nla_total_size(IPV4_DEVCONF_MAX * 4); /* IFLA_INET_CONF */
1970 static int inet_fill_link_af(struct sk_buff *skb, const struct net_device *dev,
1971 u32 ext_filter_mask)
1973 struct in_device *in_dev = rcu_dereference_rtnl(dev->ip_ptr);
1980 nla = nla_reserve(skb, IFLA_INET_CONF, IPV4_DEVCONF_MAX * 4);
1984 for (i = 0; i < IPV4_DEVCONF_MAX; i++)
1985 ((u32 *) nla_data(nla))[i] = in_dev->cnf.data[i];
1990 static const struct nla_policy inet_af_policy[IFLA_INET_MAX+1] = {
1991 [IFLA_INET_CONF] = { .type = NLA_NESTED },
1994 static int inet_validate_link_af(const struct net_device *dev,
1995 const struct nlattr *nla,
1996 struct netlink_ext_ack *extack)
1998 struct nlattr *a, *tb[IFLA_INET_MAX+1];
2001 if (dev && !__in_dev_get_rtnl(dev))
2002 return -EAFNOSUPPORT;
2004 err = nla_parse_nested_deprecated(tb, IFLA_INET_MAX, nla,
2005 inet_af_policy, extack);
2009 if (tb[IFLA_INET_CONF]) {
2010 nla_for_each_nested(a, tb[IFLA_INET_CONF], rem) {
2011 int cfgid = nla_type(a);
2016 if (cfgid <= 0 || cfgid > IPV4_DEVCONF_MAX)
2024 static int inet_set_link_af(struct net_device *dev, const struct nlattr *nla,
2025 struct netlink_ext_ack *extack)
2027 struct in_device *in_dev = __in_dev_get_rtnl(dev);
2028 struct nlattr *a, *tb[IFLA_INET_MAX+1];
2032 return -EAFNOSUPPORT;
2034 if (nla_parse_nested_deprecated(tb, IFLA_INET_MAX, nla, NULL, NULL) < 0)
2037 if (tb[IFLA_INET_CONF]) {
2038 nla_for_each_nested(a, tb[IFLA_INET_CONF], rem)
2039 ipv4_devconf_set(in_dev, nla_type(a), nla_get_u32(a));
2045 static int inet_netconf_msgsize_devconf(int type)
2047 int size = NLMSG_ALIGN(sizeof(struct netconfmsg))
2048 + nla_total_size(4); /* NETCONFA_IFINDEX */
2051 if (type == NETCONFA_ALL)
2054 if (all || type == NETCONFA_FORWARDING)
2055 size += nla_total_size(4);
2056 if (all || type == NETCONFA_RP_FILTER)
2057 size += nla_total_size(4);
2058 if (all || type == NETCONFA_MC_FORWARDING)
2059 size += nla_total_size(4);
2060 if (all || type == NETCONFA_BC_FORWARDING)
2061 size += nla_total_size(4);
2062 if (all || type == NETCONFA_PROXY_NEIGH)
2063 size += nla_total_size(4);
2064 if (all || type == NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN)
2065 size += nla_total_size(4);
2070 static int inet_netconf_fill_devconf(struct sk_buff *skb, int ifindex,
2071 struct ipv4_devconf *devconf, u32 portid,
2072 u32 seq, int event, unsigned int flags,
2075 struct nlmsghdr *nlh;
2076 struct netconfmsg *ncm;
2079 nlh = nlmsg_put(skb, portid, seq, event, sizeof(struct netconfmsg),
2084 if (type == NETCONFA_ALL)
2087 ncm = nlmsg_data(nlh);
2088 ncm->ncm_family = AF_INET;
2090 if (nla_put_s32(skb, NETCONFA_IFINDEX, ifindex) < 0)
2091 goto nla_put_failure;
2096 if ((all || type == NETCONFA_FORWARDING) &&
2097 nla_put_s32(skb, NETCONFA_FORWARDING,
2098 IPV4_DEVCONF(*devconf, FORWARDING)) < 0)
2099 goto nla_put_failure;
2100 if ((all || type == NETCONFA_RP_FILTER) &&
2101 nla_put_s32(skb, NETCONFA_RP_FILTER,
2102 IPV4_DEVCONF(*devconf, RP_FILTER)) < 0)
2103 goto nla_put_failure;
2104 if ((all || type == NETCONFA_MC_FORWARDING) &&
2105 nla_put_s32(skb, NETCONFA_MC_FORWARDING,
2106 IPV4_DEVCONF(*devconf, MC_FORWARDING)) < 0)
2107 goto nla_put_failure;
2108 if ((all || type == NETCONFA_BC_FORWARDING) &&
2109 nla_put_s32(skb, NETCONFA_BC_FORWARDING,
2110 IPV4_DEVCONF(*devconf, BC_FORWARDING)) < 0)
2111 goto nla_put_failure;
2112 if ((all || type == NETCONFA_PROXY_NEIGH) &&
2113 nla_put_s32(skb, NETCONFA_PROXY_NEIGH,
2114 IPV4_DEVCONF(*devconf, PROXY_ARP)) < 0)
2115 goto nla_put_failure;
2116 if ((all || type == NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN) &&
2117 nla_put_s32(skb, NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN,
2118 IPV4_DEVCONF(*devconf, IGNORE_ROUTES_WITH_LINKDOWN)) < 0)
2119 goto nla_put_failure;
2122 nlmsg_end(skb, nlh);
2126 nlmsg_cancel(skb, nlh);
2130 void inet_netconf_notify_devconf(struct net *net, int event, int type,
2131 int ifindex, struct ipv4_devconf *devconf)
2133 struct sk_buff *skb;
2136 skb = nlmsg_new(inet_netconf_msgsize_devconf(type), GFP_KERNEL);
2140 err = inet_netconf_fill_devconf(skb, ifindex, devconf, 0, 0,
2143 /* -EMSGSIZE implies BUG in inet_netconf_msgsize_devconf() */
2144 WARN_ON(err == -EMSGSIZE);
2148 rtnl_notify(skb, net, 0, RTNLGRP_IPV4_NETCONF, NULL, GFP_KERNEL);
2152 rtnl_set_sk_err(net, RTNLGRP_IPV4_NETCONF, err);
2155 static const struct nla_policy devconf_ipv4_policy[NETCONFA_MAX+1] = {
2156 [NETCONFA_IFINDEX] = { .len = sizeof(int) },
2157 [NETCONFA_FORWARDING] = { .len = sizeof(int) },
2158 [NETCONFA_RP_FILTER] = { .len = sizeof(int) },
2159 [NETCONFA_PROXY_NEIGH] = { .len = sizeof(int) },
2160 [NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN] = { .len = sizeof(int) },
2163 static int inet_netconf_valid_get_req(struct sk_buff *skb,
2164 const struct nlmsghdr *nlh,
2166 struct netlink_ext_ack *extack)
2170 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(struct netconfmsg))) {
2171 NL_SET_ERR_MSG(extack, "ipv4: Invalid header for netconf get request");
2175 if (!netlink_strict_get_check(skb))
2176 return nlmsg_parse_deprecated(nlh, sizeof(struct netconfmsg),
2178 devconf_ipv4_policy, extack);
2180 err = nlmsg_parse_deprecated_strict(nlh, sizeof(struct netconfmsg),
2182 devconf_ipv4_policy, extack);
2186 for (i = 0; i <= NETCONFA_MAX; i++) {
2191 case NETCONFA_IFINDEX:
2194 NL_SET_ERR_MSG(extack, "ipv4: Unsupported attribute in netconf get request");
2202 static int inet_netconf_get_devconf(struct sk_buff *in_skb,
2203 struct nlmsghdr *nlh,
2204 struct netlink_ext_ack *extack)
2206 struct net *net = sock_net(in_skb->sk);
2207 struct nlattr *tb[NETCONFA_MAX+1];
2208 struct sk_buff *skb;
2209 struct ipv4_devconf *devconf;
2210 struct in_device *in_dev;
2211 struct net_device *dev;
2215 err = inet_netconf_valid_get_req(in_skb, nlh, tb, extack);
2220 if (!tb[NETCONFA_IFINDEX])
2223 ifindex = nla_get_s32(tb[NETCONFA_IFINDEX]);
2225 case NETCONFA_IFINDEX_ALL:
2226 devconf = net->ipv4.devconf_all;
2228 case NETCONFA_IFINDEX_DEFAULT:
2229 devconf = net->ipv4.devconf_dflt;
2232 dev = __dev_get_by_index(net, ifindex);
2235 in_dev = __in_dev_get_rtnl(dev);
2238 devconf = &in_dev->cnf;
2243 skb = nlmsg_new(inet_netconf_msgsize_devconf(NETCONFA_ALL), GFP_KERNEL);
2247 err = inet_netconf_fill_devconf(skb, ifindex, devconf,
2248 NETLINK_CB(in_skb).portid,
2249 nlh->nlmsg_seq, RTM_NEWNETCONF, 0,
2252 /* -EMSGSIZE implies BUG in inet_netconf_msgsize_devconf() */
2253 WARN_ON(err == -EMSGSIZE);
2257 err = rtnl_unicast(skb, net, NETLINK_CB(in_skb).portid);
2262 static int inet_netconf_dump_devconf(struct sk_buff *skb,
2263 struct netlink_callback *cb)
2265 const struct nlmsghdr *nlh = cb->nlh;
2266 struct net *net = sock_net(skb->sk);
2269 struct net_device *dev;
2270 struct in_device *in_dev;
2271 struct hlist_head *head;
2273 if (cb->strict_check) {
2274 struct netlink_ext_ack *extack = cb->extack;
2275 struct netconfmsg *ncm;
2277 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ncm))) {
2278 NL_SET_ERR_MSG(extack, "ipv4: Invalid header for netconf dump request");
2282 if (nlmsg_attrlen(nlh, sizeof(*ncm))) {
2283 NL_SET_ERR_MSG(extack, "ipv4: Invalid data after header in netconf dump request");
2289 s_idx = idx = cb->args[1];
2291 for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) {
2293 head = &net->dev_index_head[h];
2295 cb->seq = inet_base_seq(net);
2296 hlist_for_each_entry_rcu(dev, head, index_hlist) {
2299 in_dev = __in_dev_get_rcu(dev);
2303 if (inet_netconf_fill_devconf(skb, dev->ifindex,
2305 NETLINK_CB(cb->skb).portid,
2309 NETCONFA_ALL) < 0) {
2313 nl_dump_check_consistent(cb, nlmsg_hdr(skb));
2319 if (h == NETDEV_HASHENTRIES) {
2320 if (inet_netconf_fill_devconf(skb, NETCONFA_IFINDEX_ALL,
2321 net->ipv4.devconf_all,
2322 NETLINK_CB(cb->skb).portid,
2324 RTM_NEWNETCONF, NLM_F_MULTI,
2330 if (h == NETDEV_HASHENTRIES + 1) {
2331 if (inet_netconf_fill_devconf(skb, NETCONFA_IFINDEX_DEFAULT,
2332 net->ipv4.devconf_dflt,
2333 NETLINK_CB(cb->skb).portid,
2335 RTM_NEWNETCONF, NLM_F_MULTI,
2348 #ifdef CONFIG_SYSCTL
2350 static void devinet_copy_dflt_conf(struct net *net, int i)
2352 struct net_device *dev;
2355 for_each_netdev_rcu(net, dev) {
2356 struct in_device *in_dev;
2358 in_dev = __in_dev_get_rcu(dev);
2359 if (in_dev && !test_bit(i, in_dev->cnf.state))
2360 in_dev->cnf.data[i] = net->ipv4.devconf_dflt->data[i];
2365 /* called with RTNL locked */
2366 static void inet_forward_change(struct net *net)
2368 struct net_device *dev;
2369 int on = IPV4_DEVCONF_ALL(net, FORWARDING);
2371 IPV4_DEVCONF_ALL(net, ACCEPT_REDIRECTS) = !on;
2372 IPV4_DEVCONF_DFLT(net, FORWARDING) = on;
2373 inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
2374 NETCONFA_FORWARDING,
2375 NETCONFA_IFINDEX_ALL,
2376 net->ipv4.devconf_all);
2377 inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
2378 NETCONFA_FORWARDING,
2379 NETCONFA_IFINDEX_DEFAULT,
2380 net->ipv4.devconf_dflt);
2382 for_each_netdev(net, dev) {
2383 struct in_device *in_dev;
2386 dev_disable_lro(dev);
2388 in_dev = __in_dev_get_rtnl(dev);
2390 IN_DEV_CONF_SET(in_dev, FORWARDING, on);
2391 inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
2392 NETCONFA_FORWARDING,
2393 dev->ifindex, &in_dev->cnf);
2398 static int devinet_conf_ifindex(struct net *net, struct ipv4_devconf *cnf)
2400 if (cnf == net->ipv4.devconf_dflt)
2401 return NETCONFA_IFINDEX_DEFAULT;
2402 else if (cnf == net->ipv4.devconf_all)
2403 return NETCONFA_IFINDEX_ALL;
2405 struct in_device *idev
2406 = container_of(cnf, struct in_device, cnf);
2407 return idev->dev->ifindex;
2411 static int devinet_conf_proc(struct ctl_table *ctl, int write,
2412 void *buffer, size_t *lenp, loff_t *ppos)
2414 int old_value = *(int *)ctl->data;
2415 int ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
2416 int new_value = *(int *)ctl->data;
2419 struct ipv4_devconf *cnf = ctl->extra1;
2420 struct net *net = ctl->extra2;
2421 int i = (int *)ctl->data - cnf->data;
2424 set_bit(i, cnf->state);
2426 if (cnf == net->ipv4.devconf_dflt)
2427 devinet_copy_dflt_conf(net, i);
2428 if (i == IPV4_DEVCONF_ACCEPT_LOCAL - 1 ||
2429 i == IPV4_DEVCONF_ROUTE_LOCALNET - 1)
2430 if ((new_value == 0) && (old_value != 0))
2431 rt_cache_flush(net);
2433 if (i == IPV4_DEVCONF_BC_FORWARDING - 1 &&
2434 new_value != old_value)
2435 rt_cache_flush(net);
2437 if (i == IPV4_DEVCONF_RP_FILTER - 1 &&
2438 new_value != old_value) {
2439 ifindex = devinet_conf_ifindex(net, cnf);
2440 inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
2444 if (i == IPV4_DEVCONF_PROXY_ARP - 1 &&
2445 new_value != old_value) {
2446 ifindex = devinet_conf_ifindex(net, cnf);
2447 inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
2448 NETCONFA_PROXY_NEIGH,
2451 if (i == IPV4_DEVCONF_IGNORE_ROUTES_WITH_LINKDOWN - 1 &&
2452 new_value != old_value) {
2453 ifindex = devinet_conf_ifindex(net, cnf);
2454 inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
2455 NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN,
2463 static int devinet_sysctl_forward(struct ctl_table *ctl, int write,
2464 void *buffer, size_t *lenp, loff_t *ppos)
2466 int *valp = ctl->data;
2469 struct net *net = ctl->extra2;
2472 if (write && !ns_capable(net->user_ns, CAP_NET_ADMIN))
2475 ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
2477 if (write && *valp != val) {
2478 if (valp != &IPV4_DEVCONF_DFLT(net, FORWARDING)) {
2479 if (!rtnl_trylock()) {
2480 /* Restore the original values before restarting */
2483 return restart_syscall();
2485 if (valp == &IPV4_DEVCONF_ALL(net, FORWARDING)) {
2486 inet_forward_change(net);
2488 struct ipv4_devconf *cnf = ctl->extra1;
2489 struct in_device *idev =
2490 container_of(cnf, struct in_device, cnf);
2492 dev_disable_lro(idev->dev);
2493 inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
2494 NETCONFA_FORWARDING,
2499 rt_cache_flush(net);
2501 inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
2502 NETCONFA_FORWARDING,
2503 NETCONFA_IFINDEX_DEFAULT,
2504 net->ipv4.devconf_dflt);
2510 static int ipv4_doint_and_flush(struct ctl_table *ctl, int write,
2511 void *buffer, size_t *lenp, loff_t *ppos)
2513 int *valp = ctl->data;
2515 int ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
2516 struct net *net = ctl->extra2;
2518 if (write && *valp != val)
2519 rt_cache_flush(net);
2524 #define DEVINET_SYSCTL_ENTRY(attr, name, mval, proc) \
2527 .data = ipv4_devconf.data + \
2528 IPV4_DEVCONF_ ## attr - 1, \
2529 .maxlen = sizeof(int), \
2531 .proc_handler = proc, \
2532 .extra1 = &ipv4_devconf, \
2535 #define DEVINET_SYSCTL_RW_ENTRY(attr, name) \
2536 DEVINET_SYSCTL_ENTRY(attr, name, 0644, devinet_conf_proc)
2538 #define DEVINET_SYSCTL_RO_ENTRY(attr, name) \
2539 DEVINET_SYSCTL_ENTRY(attr, name, 0444, devinet_conf_proc)
2541 #define DEVINET_SYSCTL_COMPLEX_ENTRY(attr, name, proc) \
2542 DEVINET_SYSCTL_ENTRY(attr, name, 0644, proc)
2544 #define DEVINET_SYSCTL_FLUSHING_ENTRY(attr, name) \
2545 DEVINET_SYSCTL_COMPLEX_ENTRY(attr, name, ipv4_doint_and_flush)
2547 static struct devinet_sysctl_table {
2548 struct ctl_table_header *sysctl_header;
2549 struct ctl_table devinet_vars[__IPV4_DEVCONF_MAX];
2550 } devinet_sysctl = {
2552 DEVINET_SYSCTL_COMPLEX_ENTRY(FORWARDING, "forwarding",
2553 devinet_sysctl_forward),
2554 DEVINET_SYSCTL_RO_ENTRY(MC_FORWARDING, "mc_forwarding"),
2555 DEVINET_SYSCTL_RW_ENTRY(BC_FORWARDING, "bc_forwarding"),
2557 DEVINET_SYSCTL_RW_ENTRY(ACCEPT_REDIRECTS, "accept_redirects"),
2558 DEVINET_SYSCTL_RW_ENTRY(SECURE_REDIRECTS, "secure_redirects"),
2559 DEVINET_SYSCTL_RW_ENTRY(SHARED_MEDIA, "shared_media"),
2560 DEVINET_SYSCTL_RW_ENTRY(RP_FILTER, "rp_filter"),
2561 DEVINET_SYSCTL_RW_ENTRY(SEND_REDIRECTS, "send_redirects"),
2562 DEVINET_SYSCTL_RW_ENTRY(ACCEPT_SOURCE_ROUTE,
2563 "accept_source_route"),
2564 DEVINET_SYSCTL_RW_ENTRY(ACCEPT_LOCAL, "accept_local"),
2565 DEVINET_SYSCTL_RW_ENTRY(SRC_VMARK, "src_valid_mark"),
2566 DEVINET_SYSCTL_RW_ENTRY(PROXY_ARP, "proxy_arp"),
2567 DEVINET_SYSCTL_RW_ENTRY(MEDIUM_ID, "medium_id"),
2568 DEVINET_SYSCTL_RW_ENTRY(BOOTP_RELAY, "bootp_relay"),
2569 DEVINET_SYSCTL_RW_ENTRY(LOG_MARTIANS, "log_martians"),
2570 DEVINET_SYSCTL_RW_ENTRY(TAG, "tag"),
2571 DEVINET_SYSCTL_RW_ENTRY(ARPFILTER, "arp_filter"),
2572 DEVINET_SYSCTL_RW_ENTRY(ARP_ANNOUNCE, "arp_announce"),
2573 DEVINET_SYSCTL_RW_ENTRY(ARP_IGNORE, "arp_ignore"),
2574 DEVINET_SYSCTL_RW_ENTRY(ARP_ACCEPT, "arp_accept"),
2575 DEVINET_SYSCTL_RW_ENTRY(ARP_NOTIFY, "arp_notify"),
2576 DEVINET_SYSCTL_RW_ENTRY(ARP_EVICT_NOCARRIER,
2577 "arp_evict_nocarrier"),
2578 DEVINET_SYSCTL_RW_ENTRY(PROXY_ARP_PVLAN, "proxy_arp_pvlan"),
2579 DEVINET_SYSCTL_RW_ENTRY(FORCE_IGMP_VERSION,
2580 "force_igmp_version"),
2581 DEVINET_SYSCTL_RW_ENTRY(IGMPV2_UNSOLICITED_REPORT_INTERVAL,
2582 "igmpv2_unsolicited_report_interval"),
2583 DEVINET_SYSCTL_RW_ENTRY(IGMPV3_UNSOLICITED_REPORT_INTERVAL,
2584 "igmpv3_unsolicited_report_interval"),
2585 DEVINET_SYSCTL_RW_ENTRY(IGNORE_ROUTES_WITH_LINKDOWN,
2586 "ignore_routes_with_linkdown"),
2587 DEVINET_SYSCTL_RW_ENTRY(DROP_GRATUITOUS_ARP,
2588 "drop_gratuitous_arp"),
2590 DEVINET_SYSCTL_FLUSHING_ENTRY(NOXFRM, "disable_xfrm"),
2591 DEVINET_SYSCTL_FLUSHING_ENTRY(NOPOLICY, "disable_policy"),
2592 DEVINET_SYSCTL_FLUSHING_ENTRY(PROMOTE_SECONDARIES,
2593 "promote_secondaries"),
2594 DEVINET_SYSCTL_FLUSHING_ENTRY(ROUTE_LOCALNET,
2596 DEVINET_SYSCTL_FLUSHING_ENTRY(DROP_UNICAST_IN_L2_MULTICAST,
2597 "drop_unicast_in_l2_multicast"),
2601 static int __devinet_sysctl_register(struct net *net, char *dev_name,
2602 int ifindex, struct ipv4_devconf *p)
2605 struct devinet_sysctl_table *t;
2606 char path[sizeof("net/ipv4/conf/") + IFNAMSIZ];
2608 t = kmemdup(&devinet_sysctl, sizeof(*t), GFP_KERNEL_ACCOUNT);
2612 for (i = 0; i < ARRAY_SIZE(t->devinet_vars) - 1; i++) {
2613 t->devinet_vars[i].data += (char *)p - (char *)&ipv4_devconf;
2614 t->devinet_vars[i].extra1 = p;
2615 t->devinet_vars[i].extra2 = net;
2618 snprintf(path, sizeof(path), "net/ipv4/conf/%s", dev_name);
2620 t->sysctl_header = register_net_sysctl(net, path, t->devinet_vars);
2621 if (!t->sysctl_header)
2626 inet_netconf_notify_devconf(net, RTM_NEWNETCONF, NETCONFA_ALL,
2636 static void __devinet_sysctl_unregister(struct net *net,
2637 struct ipv4_devconf *cnf, int ifindex)
2639 struct devinet_sysctl_table *t = cnf->sysctl;
2643 unregister_net_sysctl_table(t->sysctl_header);
2647 inet_netconf_notify_devconf(net, RTM_DELNETCONF, 0, ifindex, NULL);
2650 static int devinet_sysctl_register(struct in_device *idev)
2654 if (!sysctl_dev_name_is_allowed(idev->dev->name))
2657 err = neigh_sysctl_register(idev->dev, idev->arp_parms, NULL);
2660 err = __devinet_sysctl_register(dev_net(idev->dev), idev->dev->name,
2661 idev->dev->ifindex, &idev->cnf);
2663 neigh_sysctl_unregister(idev->arp_parms);
2667 static void devinet_sysctl_unregister(struct in_device *idev)
2669 struct net *net = dev_net(idev->dev);
2671 __devinet_sysctl_unregister(net, &idev->cnf, idev->dev->ifindex);
2672 neigh_sysctl_unregister(idev->arp_parms);
2675 static struct ctl_table ctl_forward_entry[] = {
2677 .procname = "ip_forward",
2678 .data = &ipv4_devconf.data[
2679 IPV4_DEVCONF_FORWARDING - 1],
2680 .maxlen = sizeof(int),
2682 .proc_handler = devinet_sysctl_forward,
2683 .extra1 = &ipv4_devconf,
2684 .extra2 = &init_net,
2690 static __net_init int devinet_init_net(struct net *net)
2693 struct ipv4_devconf *all, *dflt;
2694 #ifdef CONFIG_SYSCTL
2695 struct ctl_table *tbl;
2696 struct ctl_table_header *forw_hdr;
2700 all = kmemdup(&ipv4_devconf, sizeof(ipv4_devconf), GFP_KERNEL);
2704 dflt = kmemdup(&ipv4_devconf_dflt, sizeof(ipv4_devconf_dflt), GFP_KERNEL);
2706 goto err_alloc_dflt;
2708 #ifdef CONFIG_SYSCTL
2709 tbl = kmemdup(ctl_forward_entry, sizeof(ctl_forward_entry), GFP_KERNEL);
2713 tbl[0].data = &all->data[IPV4_DEVCONF_FORWARDING - 1];
2714 tbl[0].extra1 = all;
2715 tbl[0].extra2 = net;
2718 if (!net_eq(net, &init_net)) {
2719 switch (net_inherit_devconf()) {
2721 /* copy from the current netns */
2722 memcpy(all, current->nsproxy->net_ns->ipv4.devconf_all,
2723 sizeof(ipv4_devconf));
2725 current->nsproxy->net_ns->ipv4.devconf_dflt,
2726 sizeof(ipv4_devconf_dflt));
2730 /* copy from init_net */
2731 memcpy(all, init_net.ipv4.devconf_all,
2732 sizeof(ipv4_devconf));
2733 memcpy(dflt, init_net.ipv4.devconf_dflt,
2734 sizeof(ipv4_devconf_dflt));
2737 /* use compiled values */
2742 #ifdef CONFIG_SYSCTL
2743 err = __devinet_sysctl_register(net, "all", NETCONFA_IFINDEX_ALL, all);
2747 err = __devinet_sysctl_register(net, "default",
2748 NETCONFA_IFINDEX_DEFAULT, dflt);
2753 forw_hdr = register_net_sysctl_sz(net, "net/ipv4", tbl,
2754 ARRAY_SIZE(ctl_forward_entry));
2757 net->ipv4.forw_hdr = forw_hdr;
2760 net->ipv4.devconf_all = all;
2761 net->ipv4.devconf_dflt = dflt;
2764 #ifdef CONFIG_SYSCTL
2766 __devinet_sysctl_unregister(net, dflt, NETCONFA_IFINDEX_DEFAULT);
2768 __devinet_sysctl_unregister(net, all, NETCONFA_IFINDEX_ALL);
2780 static __net_exit void devinet_exit_net(struct net *net)
2782 #ifdef CONFIG_SYSCTL
2783 struct ctl_table *tbl;
2785 tbl = net->ipv4.forw_hdr->ctl_table_arg;
2786 unregister_net_sysctl_table(net->ipv4.forw_hdr);
2787 __devinet_sysctl_unregister(net, net->ipv4.devconf_dflt,
2788 NETCONFA_IFINDEX_DEFAULT);
2789 __devinet_sysctl_unregister(net, net->ipv4.devconf_all,
2790 NETCONFA_IFINDEX_ALL);
2793 kfree(net->ipv4.devconf_dflt);
2794 kfree(net->ipv4.devconf_all);
2797 static __net_initdata struct pernet_operations devinet_ops = {
2798 .init = devinet_init_net,
2799 .exit = devinet_exit_net,
2802 static struct rtnl_af_ops inet_af_ops __read_mostly = {
2804 .fill_link_af = inet_fill_link_af,
2805 .get_link_af_size = inet_get_link_af_size,
2806 .validate_link_af = inet_validate_link_af,
2807 .set_link_af = inet_set_link_af,
2810 void __init devinet_init(void)
2814 for (i = 0; i < IN4_ADDR_HSIZE; i++)
2815 INIT_HLIST_HEAD(&inet_addr_lst[i]);
2817 register_pernet_subsys(&devinet_ops);
2818 register_netdevice_notifier(&ip_netdev_notifier);
2820 queue_delayed_work(system_power_efficient_wq, &check_lifetime_work, 0);
2822 rtnl_af_register(&inet_af_ops);
2824 rtnl_register(PF_INET, RTM_NEWADDR, inet_rtm_newaddr, NULL, 0);
2825 rtnl_register(PF_INET, RTM_DELADDR, inet_rtm_deladdr, NULL, 0);
2826 rtnl_register(PF_INET, RTM_GETADDR, NULL, inet_dump_ifaddr, 0);
2827 rtnl_register(PF_INET, RTM_GETNETCONF, inet_netconf_get_devconf,
2828 inet_netconf_dump_devconf, 0);