2 * ip6_flowlabel.c IPv6 flowlabel manager.
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version
7 * 2 of the License, or (at your option) any later version.
9 * Authors: Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>
12 #include <linux/capability.h>
13 #include <linux/errno.h>
14 #include <linux/types.h>
15 #include <linux/socket.h>
16 #include <linux/net.h>
17 #include <linux/netdevice.h>
18 #include <linux/in6.h>
19 #include <linux/proc_fs.h>
20 #include <linux/seq_file.h>
21 #include <linux/slab.h>
22 #include <linux/export.h>
23 #include <linux/pid_namespace.h>
25 #include <net/net_namespace.h>
29 #include <net/rawv6.h>
30 #include <net/transp_v6.h>
32 #include <linux/uaccess.h>
34 #define FL_MIN_LINGER 6 /* Minimal linger. It is set to 6sec specified
35 in old IPv6 RFC. Well, it was reasonable value.
37 #define FL_MAX_LINGER 150 /* Maximal linger timeout */
41 #define FL_MAX_PER_SOCK 32
42 #define FL_MAX_SIZE 4096
43 #define FL_HASH_MASK 255
44 #define FL_HASH(l) (ntohl(l)&FL_HASH_MASK)
46 static atomic_t fl_size = ATOMIC_INIT(0);
47 static struct ip6_flowlabel __rcu *fl_ht[FL_HASH_MASK+1];
49 static void ip6_fl_gc(unsigned long dummy);
50 static DEFINE_TIMER(ip6_fl_gc_timer, ip6_fl_gc, 0, 0);
52 /* FL hash table lock: it protects only of GC */
54 static DEFINE_SPINLOCK(ip6_fl_lock);
58 static DEFINE_SPINLOCK(ip6_sk_fl_lock);
60 #define for_each_fl_rcu(hash, fl) \
61 for (fl = rcu_dereference_bh(fl_ht[(hash)]); \
63 fl = rcu_dereference_bh(fl->next))
64 #define for_each_fl_continue_rcu(fl) \
65 for (fl = rcu_dereference_bh(fl->next); \
67 fl = rcu_dereference_bh(fl->next))
69 #define for_each_sk_fl_rcu(np, sfl) \
70 for (sfl = rcu_dereference_bh(np->ipv6_fl_list); \
72 sfl = rcu_dereference_bh(sfl->next))
74 static inline struct ip6_flowlabel *__fl_lookup(struct net *net, __be32 label)
76 struct ip6_flowlabel *fl;
78 for_each_fl_rcu(FL_HASH(label), fl) {
79 if (fl->label == label && net_eq(fl->fl_net, net))
85 static struct ip6_flowlabel *fl_lookup(struct net *net, __be32 label)
87 struct ip6_flowlabel *fl;
90 fl = __fl_lookup(net, label);
91 if (fl && !atomic_inc_not_zero(&fl->users))
97 static void fl_free_rcu(struct rcu_head *head)
99 struct ip6_flowlabel *fl = container_of(head, struct ip6_flowlabel, rcu);
101 if (fl->share == IPV6_FL_S_PROCESS)
102 put_pid(fl->owner.pid);
108 static void fl_free(struct ip6_flowlabel *fl)
111 call_rcu(&fl->rcu, fl_free_rcu);
114 static void fl_release(struct ip6_flowlabel *fl)
116 spin_lock_bh(&ip6_fl_lock);
118 fl->lastuse = jiffies;
119 if (atomic_dec_and_test(&fl->users)) {
120 unsigned long ttd = fl->lastuse + fl->linger;
121 if (time_after(ttd, fl->expires))
124 if (fl->opt && fl->share == IPV6_FL_S_EXCL) {
125 struct ipv6_txoptions *opt = fl->opt;
129 if (!timer_pending(&ip6_fl_gc_timer) ||
130 time_after(ip6_fl_gc_timer.expires, ttd))
131 mod_timer(&ip6_fl_gc_timer, ttd);
133 spin_unlock_bh(&ip6_fl_lock);
136 static void ip6_fl_gc(unsigned long dummy)
139 unsigned long now = jiffies;
140 unsigned long sched = 0;
142 spin_lock(&ip6_fl_lock);
144 for (i = 0; i <= FL_HASH_MASK; i++) {
145 struct ip6_flowlabel *fl;
146 struct ip6_flowlabel __rcu **flp;
149 while ((fl = rcu_dereference_protected(*flp,
150 lockdep_is_held(&ip6_fl_lock))) != NULL) {
151 if (atomic_read(&fl->users) == 0) {
152 unsigned long ttd = fl->lastuse + fl->linger;
153 if (time_after(ttd, fl->expires))
156 if (time_after_eq(now, ttd)) {
159 atomic_dec(&fl_size);
162 if (!sched || time_before(ttd, sched))
168 if (!sched && atomic_read(&fl_size))
169 sched = now + FL_MAX_LINGER;
171 mod_timer(&ip6_fl_gc_timer, sched);
173 spin_unlock(&ip6_fl_lock);
176 static void __net_exit ip6_fl_purge(struct net *net)
180 spin_lock_bh(&ip6_fl_lock);
181 for (i = 0; i <= FL_HASH_MASK; i++) {
182 struct ip6_flowlabel *fl;
183 struct ip6_flowlabel __rcu **flp;
186 while ((fl = rcu_dereference_protected(*flp,
187 lockdep_is_held(&ip6_fl_lock))) != NULL) {
188 if (net_eq(fl->fl_net, net) &&
189 atomic_read(&fl->users) == 0) {
192 atomic_dec(&fl_size);
198 spin_unlock_bh(&ip6_fl_lock);
201 static struct ip6_flowlabel *fl_intern(struct net *net,
202 struct ip6_flowlabel *fl, __be32 label)
204 struct ip6_flowlabel *lfl;
206 fl->label = label & IPV6_FLOWLABEL_MASK;
208 spin_lock_bh(&ip6_fl_lock);
211 fl->label = htonl(prandom_u32())&IPV6_FLOWLABEL_MASK;
213 lfl = __fl_lookup(net, fl->label);
220 * we dropper the ip6_fl_lock, so this entry could reappear
221 * and we need to recheck with it.
223 * OTOH no need to search the active socket first, like it is
224 * done in ipv6_flowlabel_opt - sock is locked, so new entry
225 * with the same label can only appear on another sock
227 lfl = __fl_lookup(net, fl->label);
229 atomic_inc(&lfl->users);
230 spin_unlock_bh(&ip6_fl_lock);
235 fl->lastuse = jiffies;
236 fl->next = fl_ht[FL_HASH(fl->label)];
237 rcu_assign_pointer(fl_ht[FL_HASH(fl->label)], fl);
238 atomic_inc(&fl_size);
239 spin_unlock_bh(&ip6_fl_lock);
245 /* Socket flowlabel lists */
247 struct ip6_flowlabel *fl6_sock_lookup(struct sock *sk, __be32 label)
249 struct ipv6_fl_socklist *sfl;
250 struct ipv6_pinfo *np = inet6_sk(sk);
252 label &= IPV6_FLOWLABEL_MASK;
255 for_each_sk_fl_rcu(np, sfl) {
256 struct ip6_flowlabel *fl = sfl->fl;
258 if (fl->label == label && atomic_inc_not_zero(&fl->users)) {
259 fl->lastuse = jiffies;
260 rcu_read_unlock_bh();
264 rcu_read_unlock_bh();
267 EXPORT_SYMBOL_GPL(fl6_sock_lookup);
269 void fl6_free_socklist(struct sock *sk)
271 struct ipv6_pinfo *np = inet6_sk(sk);
272 struct ipv6_fl_socklist *sfl;
274 if (!rcu_access_pointer(np->ipv6_fl_list))
277 spin_lock_bh(&ip6_sk_fl_lock);
278 while ((sfl = rcu_dereference_protected(np->ipv6_fl_list,
279 lockdep_is_held(&ip6_sk_fl_lock))) != NULL) {
280 np->ipv6_fl_list = sfl->next;
281 spin_unlock_bh(&ip6_sk_fl_lock);
286 spin_lock_bh(&ip6_sk_fl_lock);
288 spin_unlock_bh(&ip6_sk_fl_lock);
291 /* Service routines */
295 It is the only difficult place. flowlabel enforces equal headers
296 before and including routing header, however user may supply options
300 struct ipv6_txoptions *fl6_merge_options(struct ipv6_txoptions *opt_space,
301 struct ip6_flowlabel *fl,
302 struct ipv6_txoptions *fopt)
304 struct ipv6_txoptions *fl_opt = fl->opt;
306 if (!fopt || fopt->opt_flen == 0)
310 opt_space->hopopt = fl_opt->hopopt;
311 opt_space->dst0opt = fl_opt->dst0opt;
312 opt_space->srcrt = fl_opt->srcrt;
313 opt_space->opt_nflen = fl_opt->opt_nflen;
315 if (fopt->opt_nflen == 0)
317 opt_space->hopopt = NULL;
318 opt_space->dst0opt = NULL;
319 opt_space->srcrt = NULL;
320 opt_space->opt_nflen = 0;
322 opt_space->dst1opt = fopt->dst1opt;
323 opt_space->opt_flen = fopt->opt_flen;
324 opt_space->tot_len = fopt->tot_len;
327 EXPORT_SYMBOL_GPL(fl6_merge_options);
329 static unsigned long check_linger(unsigned long ttl)
331 if (ttl < FL_MIN_LINGER)
332 return FL_MIN_LINGER*HZ;
333 if (ttl > FL_MAX_LINGER && !capable(CAP_NET_ADMIN))
338 static int fl6_renew(struct ip6_flowlabel *fl, unsigned long linger, unsigned long expires)
340 linger = check_linger(linger);
343 expires = check_linger(expires);
347 spin_lock_bh(&ip6_fl_lock);
348 fl->lastuse = jiffies;
349 if (time_before(fl->linger, linger))
351 if (time_before(expires, fl->linger))
352 expires = fl->linger;
353 if (time_before(fl->expires, fl->lastuse + expires))
354 fl->expires = fl->lastuse + expires;
355 spin_unlock_bh(&ip6_fl_lock);
360 static struct ip6_flowlabel *
361 fl_create(struct net *net, struct sock *sk, struct in6_flowlabel_req *freq,
362 char __user *optval, int optlen, int *err_p)
364 struct ip6_flowlabel *fl = NULL;
369 olen = optlen - CMSG_ALIGN(sizeof(*freq));
371 if (olen > 64 * 1024)
375 fl = kzalloc(sizeof(*fl), GFP_KERNEL);
381 struct flowi6 flowi6;
382 struct sockcm_cookie sockc_junk;
383 struct ipcm6_cookie ipc6;
386 fl->opt = kmalloc(sizeof(*fl->opt) + olen, GFP_KERNEL);
390 memset(fl->opt, 0, sizeof(*fl->opt));
391 fl->opt->tot_len = sizeof(*fl->opt) + olen;
393 if (copy_from_user(fl->opt+1, optval+CMSG_ALIGN(sizeof(*freq)), olen))
396 msg.msg_controllen = olen;
397 msg.msg_control = (void *)(fl->opt+1);
398 memset(&flowi6, 0, sizeof(flowi6));
401 err = ip6_datagram_send_ctl(net, sk, &msg, &flowi6, &ipc6, &sockc_junk);
405 if (fl->opt->opt_flen)
407 if (fl->opt->opt_nflen == 0) {
414 fl->expires = jiffies;
415 err = fl6_renew(fl, freq->flr_linger, freq->flr_expires);
418 fl->share = freq->flr_share;
419 addr_type = ipv6_addr_type(&freq->flr_dst);
420 if ((addr_type & IPV6_ADDR_MAPPED) ||
421 addr_type == IPV6_ADDR_ANY) {
425 fl->dst = freq->flr_dst;
426 atomic_set(&fl->users, 1);
431 case IPV6_FL_S_PROCESS:
432 fl->owner.pid = get_task_pid(current, PIDTYPE_PID);
435 fl->owner.uid = current_euid();
449 static int mem_check(struct sock *sk)
451 struct ipv6_pinfo *np = inet6_sk(sk);
452 struct ipv6_fl_socklist *sfl;
453 int room = FL_MAX_SIZE - atomic_read(&fl_size);
456 if (room > FL_MAX_SIZE - FL_MAX_PER_SOCK)
460 for_each_sk_fl_rcu(np, sfl)
462 rcu_read_unlock_bh();
465 ((count >= FL_MAX_PER_SOCK ||
466 (count > 0 && room < FL_MAX_SIZE/2) || room < FL_MAX_SIZE/4) &&
467 !capable(CAP_NET_ADMIN)))
473 static inline void fl_link(struct ipv6_pinfo *np, struct ipv6_fl_socklist *sfl,
474 struct ip6_flowlabel *fl)
476 spin_lock_bh(&ip6_sk_fl_lock);
478 sfl->next = np->ipv6_fl_list;
479 rcu_assign_pointer(np->ipv6_fl_list, sfl);
480 spin_unlock_bh(&ip6_sk_fl_lock);
483 int ipv6_flowlabel_opt_get(struct sock *sk, struct in6_flowlabel_req *freq,
486 struct ipv6_pinfo *np = inet6_sk(sk);
487 struct ipv6_fl_socklist *sfl;
489 if (flags & IPV6_FL_F_REMOTE) {
490 freq->flr_label = np->rcv_flowinfo & IPV6_FLOWLABEL_MASK;
495 freq->flr_label = np->flow_label;
501 for_each_sk_fl_rcu(np, sfl) {
502 if (sfl->fl->label == (np->flow_label & IPV6_FLOWLABEL_MASK)) {
503 spin_lock_bh(&ip6_fl_lock);
504 freq->flr_label = sfl->fl->label;
505 freq->flr_dst = sfl->fl->dst;
506 freq->flr_share = sfl->fl->share;
507 freq->flr_expires = (sfl->fl->expires - jiffies) / HZ;
508 freq->flr_linger = sfl->fl->linger / HZ;
510 spin_unlock_bh(&ip6_fl_lock);
511 rcu_read_unlock_bh();
515 rcu_read_unlock_bh();
520 int ipv6_flowlabel_opt(struct sock *sk, char __user *optval, int optlen)
523 struct net *net = sock_net(sk);
524 struct ipv6_pinfo *np = inet6_sk(sk);
525 struct in6_flowlabel_req freq;
526 struct ipv6_fl_socklist *sfl1 = NULL;
527 struct ipv6_fl_socklist *sfl;
528 struct ipv6_fl_socklist __rcu **sflp;
529 struct ip6_flowlabel *fl, *fl1 = NULL;
532 if (optlen < sizeof(freq))
535 if (copy_from_user(&freq, optval, sizeof(freq)))
538 switch (freq.flr_action) {
540 if (freq.flr_flags & IPV6_FL_F_REFLECT) {
541 if (sk->sk_protocol != IPPROTO_TCP)
549 spin_lock_bh(&ip6_sk_fl_lock);
550 for (sflp = &np->ipv6_fl_list;
551 (sfl = rcu_dereference_protected(*sflp,
552 lockdep_is_held(&ip6_sk_fl_lock))) != NULL;
554 if (sfl->fl->label == freq.flr_label) {
555 if (freq.flr_label == (np->flow_label&IPV6_FLOWLABEL_MASK))
556 np->flow_label &= ~IPV6_FLOWLABEL_MASK;
558 spin_unlock_bh(&ip6_sk_fl_lock);
564 spin_unlock_bh(&ip6_sk_fl_lock);
567 case IPV6_FL_A_RENEW:
569 for_each_sk_fl_rcu(np, sfl) {
570 if (sfl->fl->label == freq.flr_label) {
571 err = fl6_renew(sfl->fl, freq.flr_linger, freq.flr_expires);
572 rcu_read_unlock_bh();
576 rcu_read_unlock_bh();
578 if (freq.flr_share == IPV6_FL_S_NONE &&
579 ns_capable(net->user_ns, CAP_NET_ADMIN)) {
580 fl = fl_lookup(net, freq.flr_label);
582 err = fl6_renew(fl, freq.flr_linger, freq.flr_expires);
590 if (freq.flr_flags & IPV6_FL_F_REFLECT) {
591 struct net *net = sock_net(sk);
592 if (net->ipv6.sysctl.flowlabel_consistency) {
593 net_info_ratelimited("Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable\n");
597 if (sk->sk_protocol != IPPROTO_TCP)
604 if (freq.flr_label & ~IPV6_FLOWLABEL_MASK)
607 if (net->ipv6.sysctl.flowlabel_state_ranges &&
608 (freq.flr_label & IPV6_FLOWLABEL_STATELESS_FLAG))
611 fl = fl_create(net, sk, &freq, optval, optlen, &err);
614 sfl1 = kmalloc(sizeof(*sfl1), GFP_KERNEL);
616 if (freq.flr_label) {
619 for_each_sk_fl_rcu(np, sfl) {
620 if (sfl->fl->label == freq.flr_label) {
621 if (freq.flr_flags&IPV6_FL_F_EXCL) {
622 rcu_read_unlock_bh();
626 if (!atomic_inc_not_zero(&fl1->users))
631 rcu_read_unlock_bh();
634 fl1 = fl_lookup(net, freq.flr_label);
638 if (freq.flr_flags&IPV6_FL_F_EXCL)
641 if (fl1->share == IPV6_FL_S_EXCL ||
642 fl1->share != fl->share ||
643 ((fl1->share == IPV6_FL_S_PROCESS) &&
644 (fl1->owner.pid != fl->owner.pid)) ||
645 ((fl1->share == IPV6_FL_S_USER) &&
646 !uid_eq(fl1->owner.uid, fl->owner.uid)))
652 if (fl->linger > fl1->linger)
653 fl1->linger = fl->linger;
654 if ((long)(fl->expires - fl1->expires) > 0)
655 fl1->expires = fl->expires;
656 fl_link(np, sfl1, fl1);
666 if (!(freq.flr_flags&IPV6_FL_F_CREATE))
677 fl1 = fl_intern(net, fl, freq.flr_label);
681 if (!freq.flr_label) {
682 if (copy_to_user(&((struct in6_flowlabel_req __user *) optval)->flr_label,
683 &fl->label, sizeof(fl->label))) {
684 /* Intentionally ignore fault. */
688 fl_link(np, sfl1, fl);
701 #ifdef CONFIG_PROC_FS
703 struct ip6fl_iter_state {
704 struct seq_net_private p;
705 struct pid_namespace *pid_ns;
709 #define ip6fl_seq_private(seq) ((struct ip6fl_iter_state *)(seq)->private)
711 static struct ip6_flowlabel *ip6fl_get_first(struct seq_file *seq)
713 struct ip6_flowlabel *fl = NULL;
714 struct ip6fl_iter_state *state = ip6fl_seq_private(seq);
715 struct net *net = seq_file_net(seq);
717 for (state->bucket = 0; state->bucket <= FL_HASH_MASK; ++state->bucket) {
718 for_each_fl_rcu(state->bucket, fl) {
719 if (net_eq(fl->fl_net, net))
728 static struct ip6_flowlabel *ip6fl_get_next(struct seq_file *seq, struct ip6_flowlabel *fl)
730 struct ip6fl_iter_state *state = ip6fl_seq_private(seq);
731 struct net *net = seq_file_net(seq);
733 for_each_fl_continue_rcu(fl) {
734 if (net_eq(fl->fl_net, net))
739 if (++state->bucket <= FL_HASH_MASK) {
740 for_each_fl_rcu(state->bucket, fl) {
741 if (net_eq(fl->fl_net, net))
752 static struct ip6_flowlabel *ip6fl_get_idx(struct seq_file *seq, loff_t pos)
754 struct ip6_flowlabel *fl = ip6fl_get_first(seq);
756 while (pos && (fl = ip6fl_get_next(seq, fl)) != NULL)
758 return pos ? NULL : fl;
761 static void *ip6fl_seq_start(struct seq_file *seq, loff_t *pos)
765 return *pos ? ip6fl_get_idx(seq, *pos - 1) : SEQ_START_TOKEN;
768 static void *ip6fl_seq_next(struct seq_file *seq, void *v, loff_t *pos)
770 struct ip6_flowlabel *fl;
772 if (v == SEQ_START_TOKEN)
773 fl = ip6fl_get_first(seq);
775 fl = ip6fl_get_next(seq, v);
780 static void ip6fl_seq_stop(struct seq_file *seq, void *v)
783 rcu_read_unlock_bh();
786 static int ip6fl_seq_show(struct seq_file *seq, void *v)
788 struct ip6fl_iter_state *state = ip6fl_seq_private(seq);
789 if (v == SEQ_START_TOKEN) {
790 seq_puts(seq, "Label S Owner Users Linger Expires Dst Opt\n");
792 struct ip6_flowlabel *fl = v;
794 "%05X %-1d %-6d %-6d %-6ld %-8ld %pi6 %-4d\n",
795 (unsigned int)ntohl(fl->label),
797 ((fl->share == IPV6_FL_S_PROCESS) ?
798 pid_nr_ns(fl->owner.pid, state->pid_ns) :
799 ((fl->share == IPV6_FL_S_USER) ?
800 from_kuid_munged(seq_user_ns(seq), fl->owner.uid) :
802 atomic_read(&fl->users),
804 (long)(fl->expires - jiffies)/HZ,
806 fl->opt ? fl->opt->opt_nflen : 0);
811 static const struct seq_operations ip6fl_seq_ops = {
812 .start = ip6fl_seq_start,
813 .next = ip6fl_seq_next,
814 .stop = ip6fl_seq_stop,
815 .show = ip6fl_seq_show,
818 static int ip6fl_seq_open(struct inode *inode, struct file *file)
820 struct seq_file *seq;
821 struct ip6fl_iter_state *state;
824 err = seq_open_net(inode, file, &ip6fl_seq_ops,
825 sizeof(struct ip6fl_iter_state));
828 seq = file->private_data;
829 state = ip6fl_seq_private(seq);
831 state->pid_ns = get_pid_ns(task_active_pid_ns(current));
837 static int ip6fl_seq_release(struct inode *inode, struct file *file)
839 struct seq_file *seq = file->private_data;
840 struct ip6fl_iter_state *state = ip6fl_seq_private(seq);
841 put_pid_ns(state->pid_ns);
842 return seq_release_net(inode, file);
845 static const struct file_operations ip6fl_seq_fops = {
846 .owner = THIS_MODULE,
847 .open = ip6fl_seq_open,
850 .release = ip6fl_seq_release,
853 static int __net_init ip6_flowlabel_proc_init(struct net *net)
855 if (!proc_create("ip6_flowlabel", S_IRUGO, net->proc_net,
861 static void __net_exit ip6_flowlabel_proc_fini(struct net *net)
863 remove_proc_entry("ip6_flowlabel", net->proc_net);
866 static inline int ip6_flowlabel_proc_init(struct net *net)
870 static inline void ip6_flowlabel_proc_fini(struct net *net)
875 static void __net_exit ip6_flowlabel_net_exit(struct net *net)
878 ip6_flowlabel_proc_fini(net);
881 static struct pernet_operations ip6_flowlabel_net_ops = {
882 .init = ip6_flowlabel_proc_init,
883 .exit = ip6_flowlabel_net_exit,
886 int ip6_flowlabel_init(void)
888 return register_pernet_subsys(&ip6_flowlabel_net_ops);
891 void ip6_flowlabel_cleanup(void)
893 del_timer(&ip6_fl_gc_timer);
894 unregister_pernet_subsys(&ip6_flowlabel_net_ops);
projects / releases.git / blob