2019-05-27 14:55:01 +08:00
|
|
|
// SPDX-License-Identifier: GPL-2.0-or-later
|
2005-04-17 06:20:36 +08:00
|
|
|
/*
|
|
|
|
* NET3 IP device support routines.
|
|
|
|
*
|
|
|
|
* Derived from the IP parts of dev.c 1.0.19
|
2005-05-06 07:16:16 +08:00
|
|
|
* Authors: Ross Biro
|
2005-04-17 06:20:36 +08:00
|
|
|
* Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
|
|
|
|
* Mark Evans, <evansmp@uhura.aston.ac.uk>
|
|
|
|
*
|
|
|
|
* Additional Authors:
|
|
|
|
* Alan Cox, <gw4pts@gw4pts.ampr.org>
|
|
|
|
* Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>
|
|
|
|
*
|
|
|
|
* Changes:
|
|
|
|
* Alexey Kuznetsov: pa_* fields are replaced with ifaddr
|
|
|
|
* lists.
|
|
|
|
* Cyrus Durgin: updated for kmod
|
|
|
|
* Matthias Andree: in devinet_ioctl, compare label and
|
|
|
|
* address (4.4BSD alias style support),
|
|
|
|
* fall back to comparing just the label
|
|
|
|
* if no match found.
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
2016-12-25 03:46:01 +08:00
|
|
|
#include <linux/uaccess.h>
|
2005-04-17 06:20:36 +08:00
|
|
|
#include <linux/bitops.h>
|
2006-01-12 04:17:47 +08:00
|
|
|
#include <linux/capability.h>
|
2005-04-17 06:20:36 +08:00
|
|
|
#include <linux/module.h>
|
|
|
|
#include <linux/types.h>
|
|
|
|
#include <linux/kernel.h>
|
2017-02-03 02:15:33 +08:00
|
|
|
#include <linux/sched/signal.h>
|
2005-04-17 06:20:36 +08:00
|
|
|
#include <linux/string.h>
|
|
|
|
#include <linux/mm.h>
|
|
|
|
#include <linux/socket.h>
|
|
|
|
#include <linux/sockios.h>
|
|
|
|
#include <linux/in.h>
|
|
|
|
#include <linux/errno.h>
|
|
|
|
#include <linux/interrupt.h>
|
2006-08-05 14:04:54 +08:00
|
|
|
#include <linux/if_addr.h>
|
2005-04-17 06:20:36 +08:00
|
|
|
#include <linux/if_ether.h>
|
|
|
|
#include <linux/inet.h>
|
|
|
|
#include <linux/netdevice.h>
|
|
|
|
#include <linux/etherdevice.h>
|
|
|
|
#include <linux/skbuff.h>
|
|
|
|
#include <linux/init.h>
|
|
|
|
#include <linux/notifier.h>
|
|
|
|
#include <linux/inetdevice.h>
|
|
|
|
#include <linux/igmp.h>
|
include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
percpu.h is included by sched.h and module.h and thus ends up being
included when building most .c files. percpu.h includes slab.h which
in turn includes gfp.h making everything defined by the two files
universally available and complicating inclusion dependencies.
percpu.h -> slab.h dependency is about to be removed. Prepare for
this change by updating users of gfp and slab facilities include those
headers directly instead of assuming availability. As this conversion
needs to touch large number of source files, the following script is
used as the basis of conversion.
http://userweb.kernel.org/~tj/misc/slabh-sweep.py
The script does the followings.
* Scan files for gfp and slab usages and update includes such that
only the necessary includes are there. ie. if only gfp is used,
gfp.h, if slab is used, slab.h.
* When the script inserts a new include, it looks at the include
blocks and try to put the new include such that its order conforms
to its surrounding. It's put in the include block which contains
core kernel includes, in the same order that the rest are ordered -
alphabetical, Christmas tree, rev-Xmas-tree or at the end if there
doesn't seem to be any matching order.
* If the script can't find a place to put a new include (mostly
because the file doesn't have fitting include block), it prints out
an error message indicating which .h file needs to be added to the
file.
The conversion was done in the following steps.
1. The initial automatic conversion of all .c files updated slightly
over 4000 files, deleting around 700 includes and adding ~480 gfp.h
and ~3000 slab.h inclusions. The script emitted errors for ~400
files.
2. Each error was manually checked. Some didn't need the inclusion,
some needed manual addition while adding it to implementation .h or
embedding .c file was more appropriate for others. This step added
inclusions to around 150 files.
3. The script was run again and the output was compared to the edits
from #2 to make sure no file was left behind.
4. Several build tests were done and a couple of problems were fixed.
e.g. lib/decompress_*.c used malloc/free() wrappers around slab
APIs requiring slab.h to be added manually.
5. The script was run on all .h files but without automatically
editing them as sprinkling gfp.h and slab.h inclusions around .h
files could easily lead to inclusion dependency hell. Most gfp.h
inclusion directives were ignored as stuff from gfp.h was usually
wildly available and often used in preprocessor macros. Each
slab.h inclusion directive was examined and added manually as
necessary.
6. percpu.h was updated not to include slab.h.
7. Build test were done on the following configurations and failures
were fixed. CONFIG_GCOV_KERNEL was turned off for all tests (as my
distributed build env didn't work with gcov compiles) and a few
more options had to be turned off depending on archs to make things
build (like ipr on powerpc/64 which failed due to missing writeq).
* x86 and x86_64 UP and SMP allmodconfig and a custom test config.
* powerpc and powerpc64 SMP allmodconfig
* sparc and sparc64 SMP allmodconfig
* ia64 SMP allmodconfig
* s390 SMP allmodconfig
* alpha SMP allmodconfig
* um on x86_64 SMP allmodconfig
8. percpu.h modifications were reverted so that it could be applied as
a separate patch and serve as bisection point.
Given the fact that I had only a couple of failures from tests on step
6, I'm fairly confident about the coverage of this conversion patch.
If there is a breakage, it's likely to be something in one of the arch
headers which should be easily discoverable easily on most builds of
the specific arch.
Signed-off-by: Tejun Heo <tj@kernel.org>
Guess-its-ok-by: Christoph Lameter <cl@linux-foundation.org>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Lee Schermerhorn <Lee.Schermerhorn@hp.com>
2010-03-24 16:04:11 +08:00
|
|
|
#include <linux/slab.h>
|
2011-02-19 04:42:28 +08:00
|
|
|
#include <linux/hash.h>
|
2005-04-17 06:20:36 +08:00
|
|
|
#ifdef CONFIG_SYSCTL
|
|
|
|
#include <linux/sysctl.h>
|
|
|
|
#endif
|
|
|
|
#include <linux/kmod.h>
|
2012-10-26 06:28:52 +08:00
|
|
|
#include <linux/netconf.h>
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2005-12-27 12:43:12 +08:00
|
|
|
#include <net/arp.h>
|
2005-04-17 06:20:36 +08:00
|
|
|
#include <net/ip.h>
|
|
|
|
#include <net/route.h>
|
|
|
|
#include <net/ip_fib.h>
|
2007-03-23 02:55:17 +08:00
|
|
|
#include <net/rtnetlink.h>
|
2007-12-17 05:31:47 +08:00
|
|
|
#include <net/net_namespace.h>
|
2013-01-24 17:41:41 +08:00
|
|
|
#include <net/addrconf.h>
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2019-07-02 01:01:55 +08:00
|
|
|
#define IPV6ONLY_FLAGS \
|
|
|
|
(IFA_F_NODAD | IFA_F_OPTIMISTIC | IFA_F_DADFAILED | \
|
|
|
|
IFA_F_HOMEADDRESS | IFA_F_TENTATIVE | \
|
|
|
|
IFA_F_MANAGETEMPADDR | IFA_F_STABLE_PRIVACY)
|
|
|
|
|
2008-02-01 09:17:31 +08:00
|
|
|
static struct ipv4_devconf ipv4_devconf = {
|
2007-06-05 14:34:44 +08:00
|
|
|
.data = {
|
2010-02-14 11:25:51 +08:00
|
|
|
[IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 1,
|
|
|
|
[IPV4_DEVCONF_SEND_REDIRECTS - 1] = 1,
|
|
|
|
[IPV4_DEVCONF_SECURE_REDIRECTS - 1] = 1,
|
|
|
|
[IPV4_DEVCONF_SHARED_MEDIA - 1] = 1,
|
2013-08-07 02:03:15 +08:00
|
|
|
[IPV4_DEVCONF_IGMPV2_UNSOLICITED_REPORT_INTERVAL - 1] = 10000 /*ms*/,
|
|
|
|
[IPV4_DEVCONF_IGMPV3_UNSOLICITED_REPORT_INTERVAL - 1] = 1000 /*ms*/,
|
net: arp: introduce arp_evict_nocarrier sysctl parameter
This change introduces a new sysctl parameter, arp_evict_nocarrier.
When set (default) the ARP cache will be cleared on a NOCARRIER event.
This new option has been defaulted to '1' which maintains existing
behavior.
Clearing the ARP cache on NOCARRIER is relatively new, introduced by:
commit 859bd2ef1fc1110a8031b967ee656c53a6260a76
Author: David Ahern <dsahern@gmail.com>
Date: Thu Oct 11 20:33:49 2018 -0700
net: Evict neighbor entries on carrier down
The reason for this changes is to prevent the ARP cache from being
cleared when a wireless device roams. Specifically for wireless roams
the ARP cache should not be cleared because the underlying network has not
changed. Clearing the ARP cache in this case can introduce significant
delays sending out packets after a roam.
A user reported such a situation here:
https://lore.kernel.org/linux-wireless/CACsRnHWa47zpx3D1oDq9JYnZWniS8yBwW1h0WAVZ6vrbwL_S0w@mail.gmail.com/
After some investigation it was found that the kernel was holding onto
packets until ARP finished which resulted in this 1 second delay. It
was also found that the first ARP who-has was never responded to,
which is actually what caues the delay. This change is more or less
working around this behavior, but again, there is no reason to clear
the cache on a roam anyways.
As for the unanswered who-has, we know the packet made it OTA since
it was seen while monitoring. Why it never received a response is
unknown. In any case, since this is a problem on the AP side of things
all that can be done is to work around it until it is solved.
Some background on testing/reproducing the packet delay:
Hardware:
- 2 access points configured for Fast BSS Transition (Though I don't
see why regular reassociation wouldn't have the same behavior)
- Wireless station running IWD as supplicant
- A device on network able to respond to pings (I used one of the APs)
Procedure:
- Connect to first AP
- Ping once to establish an ARP entry
- Start a tcpdump
- Roam to second AP
- Wait for operstate UP event, and note the timestamp
- Start pinging
Results:
Below is the tcpdump after UP. It was recorded the interface went UP at
10:42:01.432875.
10:42:01.461871 ARP, Request who-has 192.168.254.1 tell 192.168.254.71, length 28
10:42:02.497976 ARP, Request who-has 192.168.254.1 tell 192.168.254.71, length 28
10:42:02.507162 ARP, Reply 192.168.254.1 is-at ac:86:74:55:b0:20, length 46
10:42:02.507185 IP 192.168.254.71 > 192.168.254.1: ICMP echo request, id 52792, seq 1, length 64
10:42:02.507205 IP 192.168.254.71 > 192.168.254.1: ICMP echo request, id 52792, seq 2, length 64
10:42:02.507212 IP 192.168.254.71 > 192.168.254.1: ICMP echo request, id 52792, seq 3, length 64
10:42:02.507219 IP 192.168.254.71 > 192.168.254.1: ICMP echo request, id 52792, seq 4, length 64
10:42:02.507225 IP 192.168.254.71 > 192.168.254.1: ICMP echo request, id 52792, seq 5, length 64
10:42:02.507232 IP 192.168.254.71 > 192.168.254.1: ICMP echo request, id 52792, seq 6, length 64
10:42:02.515373 IP 192.168.254.1 > 192.168.254.71: ICMP echo reply, id 52792, seq 1, length 64
10:42:02.521399 IP 192.168.254.1 > 192.168.254.71: ICMP echo reply, id 52792, seq 2, length 64
10:42:02.521612 IP 192.168.254.1 > 192.168.254.71: ICMP echo reply, id 52792, seq 3, length 64
10:42:02.521941 IP 192.168.254.1 > 192.168.254.71: ICMP echo reply, id 52792, seq 4, length 64
10:42:02.522419 IP 192.168.254.1 > 192.168.254.71: ICMP echo reply, id 52792, seq 5, length 64
10:42:02.523085 IP 192.168.254.1 > 192.168.254.71: ICMP echo reply, id 52792, seq 6, length 64
You can see the first ARP who-has went out very quickly after UP, but
was never responded to. Nearly a second later the kernel retries and
gets a response. Only then do the ping packets go out. If an ARP entry
is manually added prior to UP (after the cache is cleared) it is seen
that the first ping is never responded to, so its not only an issue with
ARP but with data packets in general.
As mentioned prior, the wireless interface was also monitored to verify
the ping/ARP packet made it OTA which was observed to be true.
Signed-off-by: James Prestwood <prestwoj@gmail.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2021-11-02 01:36:28 +08:00
|
|
|
[IPV4_DEVCONF_ARP_EVICT_NOCARRIER - 1] = 1,
|
2007-06-05 14:34:44 +08:00
|
|
|
},
|
2005-04-17 06:20:36 +08:00
|
|
|
};
|
|
|
|
|
|
|
|
static struct ipv4_devconf ipv4_devconf_dflt = {
|
2007-06-05 14:34:44 +08:00
|
|
|
.data = {
|
2010-02-14 11:25:51 +08:00
|
|
|
[IPV4_DEVCONF_ACCEPT_REDIRECTS - 1] = 1,
|
|
|
|
[IPV4_DEVCONF_SEND_REDIRECTS - 1] = 1,
|
|
|
|
[IPV4_DEVCONF_SECURE_REDIRECTS - 1] = 1,
|
|
|
|
[IPV4_DEVCONF_SHARED_MEDIA - 1] = 1,
|
|
|
|
[IPV4_DEVCONF_ACCEPT_SOURCE_ROUTE - 1] = 1,
|
2013-08-07 02:03:15 +08:00
|
|
|
[IPV4_DEVCONF_IGMPV2_UNSOLICITED_REPORT_INTERVAL - 1] = 10000 /*ms*/,
|
|
|
|
[IPV4_DEVCONF_IGMPV3_UNSOLICITED_REPORT_INTERVAL - 1] = 1000 /*ms*/,
|
net: arp: introduce arp_evict_nocarrier sysctl parameter
This change introduces a new sysctl parameter, arp_evict_nocarrier.
When set (default) the ARP cache will be cleared on a NOCARRIER event.
This new option has been defaulted to '1' which maintains existing
behavior.
Clearing the ARP cache on NOCARRIER is relatively new, introduced by:
commit 859bd2ef1fc1110a8031b967ee656c53a6260a76
Author: David Ahern <dsahern@gmail.com>
Date: Thu Oct 11 20:33:49 2018 -0700
net: Evict neighbor entries on carrier down
The reason for this changes is to prevent the ARP cache from being
cleared when a wireless device roams. Specifically for wireless roams
the ARP cache should not be cleared because the underlying network has not
changed. Clearing the ARP cache in this case can introduce significant
delays sending out packets after a roam.
A user reported such a situation here:
https://lore.kernel.org/linux-wireless/CACsRnHWa47zpx3D1oDq9JYnZWniS8yBwW1h0WAVZ6vrbwL_S0w@mail.gmail.com/
After some investigation it was found that the kernel was holding onto
packets until ARP finished which resulted in this 1 second delay. It
was also found that the first ARP who-has was never responded to,
which is actually what caues the delay. This change is more or less
working around this behavior, but again, there is no reason to clear
the cache on a roam anyways.
As for the unanswered who-has, we know the packet made it OTA since
it was seen while monitoring. Why it never received a response is
unknown. In any case, since this is a problem on the AP side of things
all that can be done is to work around it until it is solved.
Some background on testing/reproducing the packet delay:
Hardware:
- 2 access points configured for Fast BSS Transition (Though I don't
see why regular reassociation wouldn't have the same behavior)
- Wireless station running IWD as supplicant
- A device on network able to respond to pings (I used one of the APs)
Procedure:
- Connect to first AP
- Ping once to establish an ARP entry
- Start a tcpdump
- Roam to second AP
- Wait for operstate UP event, and note the timestamp
- Start pinging
Results:
Below is the tcpdump after UP. It was recorded the interface went UP at
10:42:01.432875.
10:42:01.461871 ARP, Request who-has 192.168.254.1 tell 192.168.254.71, length 28
10:42:02.497976 ARP, Request who-has 192.168.254.1 tell 192.168.254.71, length 28
10:42:02.507162 ARP, Reply 192.168.254.1 is-at ac:86:74:55:b0:20, length 46
10:42:02.507185 IP 192.168.254.71 > 192.168.254.1: ICMP echo request, id 52792, seq 1, length 64
10:42:02.507205 IP 192.168.254.71 > 192.168.254.1: ICMP echo request, id 52792, seq 2, length 64
10:42:02.507212 IP 192.168.254.71 > 192.168.254.1: ICMP echo request, id 52792, seq 3, length 64
10:42:02.507219 IP 192.168.254.71 > 192.168.254.1: ICMP echo request, id 52792, seq 4, length 64
10:42:02.507225 IP 192.168.254.71 > 192.168.254.1: ICMP echo request, id 52792, seq 5, length 64
10:42:02.507232 IP 192.168.254.71 > 192.168.254.1: ICMP echo request, id 52792, seq 6, length 64
10:42:02.515373 IP 192.168.254.1 > 192.168.254.71: ICMP echo reply, id 52792, seq 1, length 64
10:42:02.521399 IP 192.168.254.1 > 192.168.254.71: ICMP echo reply, id 52792, seq 2, length 64
10:42:02.521612 IP 192.168.254.1 > 192.168.254.71: ICMP echo reply, id 52792, seq 3, length 64
10:42:02.521941 IP 192.168.254.1 > 192.168.254.71: ICMP echo reply, id 52792, seq 4, length 64
10:42:02.522419 IP 192.168.254.1 > 192.168.254.71: ICMP echo reply, id 52792, seq 5, length 64
10:42:02.523085 IP 192.168.254.1 > 192.168.254.71: ICMP echo reply, id 52792, seq 6, length 64
You can see the first ARP who-has went out very quickly after UP, but
was never responded to. Nearly a second later the kernel retries and
gets a response. Only then do the ping packets go out. If an ARP entry
is manually added prior to UP (after the cache is cleared) it is seen
that the first ping is never responded to, so its not only an issue with
ARP but with data packets in general.
As mentioned prior, the wireless interface was also monitored to verify
the ping/ARP packet made it OTA which was observed to be true.
Signed-off-by: James Prestwood <prestwoj@gmail.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2021-11-02 01:36:28 +08:00
|
|
|
[IPV4_DEVCONF_ARP_EVICT_NOCARRIER - 1] = 1,
|
2007-06-05 14:34:44 +08:00
|
|
|
},
|
2005-04-17 06:20:36 +08:00
|
|
|
};
|
|
|
|
|
2007-12-17 05:32:16 +08:00
|
|
|
#define IPV4_DEVCONF_DFLT(net, attr) \
|
|
|
|
IPV4_DEVCONF((*net->ipv4.devconf_dflt), attr)
|
2007-06-05 14:34:44 +08:00
|
|
|
|
2007-06-06 03:38:30 +08:00
|
|
|
static const struct nla_policy ifa_ipv4_policy[IFA_MAX+1] = {
|
2006-08-05 14:03:53 +08:00
|
|
|
[IFA_LOCAL] = { .type = NLA_U32 },
|
|
|
|
[IFA_ADDRESS] = { .type = NLA_U32 },
|
|
|
|
[IFA_BROADCAST] = { .type = NLA_U32 },
|
2006-08-27 11:13:18 +08:00
|
|
|
[IFA_LABEL] = { .type = NLA_STRING, .len = IFNAMSIZ - 1 },
|
2013-01-24 17:41:41 +08:00
|
|
|
[IFA_CACHEINFO] = { .len = sizeof(struct ifa_cacheinfo) },
|
2013-12-08 19:16:10 +08:00
|
|
|
[IFA_FLAGS] = { .type = NLA_U32 },
|
2018-05-27 23:09:57 +08:00
|
|
|
[IFA_RT_PRIORITY] = { .type = NLA_U32 },
|
2018-09-05 03:53:49 +08:00
|
|
|
[IFA_TARGET_NETNSID] = { .type = NLA_S32 },
|
2022-02-17 23:02:02 +08:00
|
|
|
[IFA_PROTO] = { .type = NLA_U8 },
|
2006-08-05 14:03:53 +08:00
|
|
|
};
|
|
|
|
|
2018-09-05 03:53:54 +08:00
|
|
|
struct inet_fill_args {
|
|
|
|
u32 portid;
|
|
|
|
u32 seq;
|
|
|
|
int event;
|
|
|
|
unsigned int flags;
|
|
|
|
int netnsid;
|
2018-10-20 03:45:29 +08:00
|
|
|
int ifindex;
|
2018-09-05 03:53:54 +08:00
|
|
|
};
|
|
|
|
|
2012-08-04 05:06:50 +08:00
|
|
|
#define IN4_ADDR_HSIZE_SHIFT 8
|
|
|
|
#define IN4_ADDR_HSIZE (1U << IN4_ADDR_HSIZE_SHIFT)
|
|
|
|
|
2011-02-19 04:42:28 +08:00
|
|
|
static struct hlist_head inet_addr_lst[IN4_ADDR_HSIZE];
|
|
|
|
|
2015-03-19 05:05:33 +08:00
|
|
|
static u32 inet_addr_hash(const struct net *net, __be32 addr)
|
2011-02-19 04:42:28 +08:00
|
|
|
{
|
2012-08-04 05:06:50 +08:00
|
|
|
u32 val = (__force u32) addr ^ net_hash_mix(net);
|
2011-02-19 04:42:28 +08:00
|
|
|
|
2012-08-04 05:06:50 +08:00
|
|
|
return hash_32(val, IN4_ADDR_HSIZE_SHIFT);
|
2011-02-19 04:42:28 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
static void inet_hash_insert(struct net *net, struct in_ifaddr *ifa)
|
|
|
|
{
|
2012-08-04 05:06:50 +08:00
|
|
|
u32 hash = inet_addr_hash(net, ifa->ifa_local);
|
2011-02-19 04:42:28 +08:00
|
|
|
|
2014-05-07 02:15:56 +08:00
|
|
|
ASSERT_RTNL();
|
2011-02-19 04:42:28 +08:00
|
|
|
hlist_add_head_rcu(&ifa->hash, &inet_addr_lst[hash]);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void inet_hash_remove(struct in_ifaddr *ifa)
|
|
|
|
{
|
2014-05-07 02:15:56 +08:00
|
|
|
ASSERT_RTNL();
|
2011-02-19 04:42:28 +08:00
|
|
|
hlist_del_init_rcu(&ifa->hash);
|
|
|
|
}
|
|
|
|
|
2011-02-19 04:43:09 +08:00
|
|
|
/**
|
|
|
|
* __ip_dev_find - find the first device with a given source address.
|
|
|
|
* @net: the net namespace
|
|
|
|
* @addr: the source address
|
|
|
|
* @devref: if true, take a reference on the found device
|
|
|
|
*
|
|
|
|
* If a caller uses devref=false, it should be protected by RCU, or RTNL
|
|
|
|
*/
|
|
|
|
struct net_device *__ip_dev_find(struct net *net, __be32 addr, bool devref)
|
|
|
|
{
|
|
|
|
struct net_device *result = NULL;
|
|
|
|
struct in_ifaddr *ifa;
|
|
|
|
|
|
|
|
rcu_read_lock();
|
2017-09-21 00:26:53 +08:00
|
|
|
ifa = inet_lookup_ifaddr_rcu(net, addr);
|
|
|
|
if (!ifa) {
|
2011-03-23 12:56:23 +08:00
|
|
|
struct flowi4 fl4 = { .daddr = addr };
|
|
|
|
struct fib_result res = { 0 };
|
|
|
|
struct fib_table *local;
|
|
|
|
|
|
|
|
/* Fallback to FIB local table so that communication
|
|
|
|
* over loopback subnets work.
|
|
|
|
*/
|
|
|
|
local = fib_get_table(net, RT_TABLE_LOCAL);
|
|
|
|
if (local &&
|
|
|
|
!fib_table_lookup(local, &fl4, &res, FIB_LOOKUP_NOREF) &&
|
|
|
|
res.type == RTN_LOCAL)
|
|
|
|
result = FIB_RES_DEV(res);
|
2017-09-21 00:26:53 +08:00
|
|
|
} else {
|
|
|
|
result = ifa->ifa_dev->dev;
|
2011-03-23 12:56:23 +08:00
|
|
|
}
|
2011-02-19 04:43:09 +08:00
|
|
|
if (result && devref)
|
|
|
|
dev_hold(result);
|
|
|
|
rcu_read_unlock();
|
|
|
|
return result;
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL(__ip_dev_find);
|
|
|
|
|
2017-09-21 00:26:53 +08:00
|
|
|
/* called under RCU lock */
|
|
|
|
struct in_ifaddr *inet_lookup_ifaddr_rcu(struct net *net, __be32 addr)
|
|
|
|
{
|
|
|
|
u32 hash = inet_addr_hash(net, addr);
|
|
|
|
struct in_ifaddr *ifa;
|
|
|
|
|
|
|
|
hlist_for_each_entry_rcu(ifa, &inet_addr_lst[hash], hash)
|
|
|
|
if (ifa->ifa_local == addr &&
|
|
|
|
net_eq(dev_net(ifa->ifa_dev->dev), net))
|
|
|
|
return ifa;
|
|
|
|
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2006-08-15 15:33:59 +08:00
|
|
|
static void rtmsg_ifa(int event, struct in_ifaddr *, struct nlmsghdr *, u32);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
[PATCH] Notifier chain update: API changes
The kernel's implementation of notifier chains is unsafe. There is no
protection against entries being added to or removed from a chain while the
chain is in use. The issues were discussed in this thread:
http://marc.theaimsgroup.com/?l=linux-kernel&m=113018709002036&w=2
We noticed that notifier chains in the kernel fall into two basic usage
classes:
"Blocking" chains are always called from a process context
and the callout routines are allowed to sleep;
"Atomic" chains can be called from an atomic context and
the callout routines are not allowed to sleep.
We decided to codify this distinction and make it part of the API. Therefore
this set of patches introduces three new, parallel APIs: one for blocking
notifiers, one for atomic notifiers, and one for "raw" notifiers (which is
really just the old API under a new name). New kinds of data structures are
used for the heads of the chains, and new routines are defined for
registration, unregistration, and calling a chain. The three APIs are
explained in include/linux/notifier.h and their implementation is in
kernel/sys.c.
With atomic and blocking chains, the implementation guarantees that the chain
links will not be corrupted and that chain callers will not get messed up by
entries being added or removed. For raw chains the implementation provides no
guarantees at all; users of this API must provide their own protections. (The
idea was that situations may come up where the assumptions of the atomic and
blocking APIs are not appropriate, so it should be possible for users to
handle these things in their own way.)
There are some limitations, which should not be too hard to live with. For
atomic/blocking chains, registration and unregistration must always be done in
a process context since the chain is protected by a mutex/rwsem. Also, a
callout routine for a non-raw chain must not try to register or unregister
entries on its own chain. (This did happen in a couple of places and the code
had to be changed to avoid it.)
Since atomic chains may be called from within an NMI handler, they cannot use
spinlocks for synchronization. Instead we use RCU. The overhead falls almost
entirely in the unregister routine, which is okay since unregistration is much
less frequent that calling a chain.
Here is the list of chains that we adjusted and their classifications. None
of them use the raw API, so for the moment it is only a placeholder.
ATOMIC CHAINS
-------------
arch/i386/kernel/traps.c: i386die_chain
arch/ia64/kernel/traps.c: ia64die_chain
arch/powerpc/kernel/traps.c: powerpc_die_chain
arch/sparc64/kernel/traps.c: sparc64die_chain
arch/x86_64/kernel/traps.c: die_chain
drivers/char/ipmi/ipmi_si_intf.c: xaction_notifier_list
kernel/panic.c: panic_notifier_list
kernel/profile.c: task_free_notifier
net/bluetooth/hci_core.c: hci_notifier
net/ipv4/netfilter/ip_conntrack_core.c: ip_conntrack_chain
net/ipv4/netfilter/ip_conntrack_core.c: ip_conntrack_expect_chain
net/ipv6/addrconf.c: inet6addr_chain
net/netfilter/nf_conntrack_core.c: nf_conntrack_chain
net/netfilter/nf_conntrack_core.c: nf_conntrack_expect_chain
net/netlink/af_netlink.c: netlink_chain
BLOCKING CHAINS
---------------
arch/powerpc/platforms/pseries/reconfig.c: pSeries_reconfig_chain
arch/s390/kernel/process.c: idle_chain
arch/x86_64/kernel/process.c idle_notifier
drivers/base/memory.c: memory_chain
drivers/cpufreq/cpufreq.c cpufreq_policy_notifier_list
drivers/cpufreq/cpufreq.c cpufreq_transition_notifier_list
drivers/macintosh/adb.c: adb_client_list
drivers/macintosh/via-pmu.c sleep_notifier_list
drivers/macintosh/via-pmu68k.c sleep_notifier_list
drivers/macintosh/windfarm_core.c wf_client_list
drivers/usb/core/notify.c usb_notifier_list
drivers/video/fbmem.c fb_notifier_list
kernel/cpu.c cpu_chain
kernel/module.c module_notify_list
kernel/profile.c munmap_notifier
kernel/profile.c task_exit_notifier
kernel/sys.c reboot_notifier_list
net/core/dev.c netdev_chain
net/decnet/dn_dev.c: dnaddr_chain
net/ipv4/devinet.c: inetaddr_chain
It's possible that some of these classifications are wrong. If they are,
please let us know or submit a patch to fix them. Note that any chain that
gets called very frequently should be atomic, because the rwsem read-locking
used for blocking chains is very likely to incur cache misses on SMP systems.
(However, if the chain's callout routines may sleep then the chain cannot be
atomic.)
The patch set was written by Alan Stern and Chandra Seetharaman, incorporating
material written by Keith Owens and suggestions from Paul McKenney and Andrew
Morton.
[jes@sgi.com: restructure the notifier chain initialization macros]
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Chandra Seetharaman <sekharan@us.ibm.com>
Signed-off-by: Jes Sorensen <jes@sgi.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-27 17:16:30 +08:00
|
|
|
static BLOCKING_NOTIFIER_HEAD(inetaddr_chain);
|
2017-06-09 04:12:14 +08:00
|
|
|
static BLOCKING_NOTIFIER_HEAD(inetaddr_validator_chain);
|
2019-06-01 00:27:09 +08:00
|
|
|
static void inet_del_ifa(struct in_device *in_dev,
|
|
|
|
struct in_ifaddr __rcu **ifap,
|
2005-04-17 06:20:36 +08:00
|
|
|
int destroy);
|
|
|
|
#ifdef CONFIG_SYSCTL
|
2014-07-26 06:25:08 +08:00
|
|
|
static int devinet_sysctl_register(struct in_device *idev);
|
2007-12-11 18:17:40 +08:00
|
|
|
static void devinet_sysctl_unregister(struct in_device *idev);
|
|
|
|
#else
|
2014-07-26 06:25:08 +08:00
|
|
|
static int devinet_sysctl_register(struct in_device *idev)
|
2007-12-11 18:17:40 +08:00
|
|
|
{
|
2014-07-26 06:25:08 +08:00
|
|
|
return 0;
|
2007-12-11 18:17:40 +08:00
|
|
|
}
|
2012-08-04 05:06:50 +08:00
|
|
|
static void devinet_sysctl_unregister(struct in_device *idev)
|
2007-12-11 18:17:40 +08:00
|
|
|
{
|
|
|
|
}
|
2005-04-17 06:20:36 +08:00
|
|
|
#endif
|
|
|
|
|
|
|
|
/* Locks all the inet devices. */
|
|
|
|
|
|
|
|
static struct in_ifaddr *inet_alloc_ifa(void)
|
|
|
|
{
|
memcg: enable accounting for IP address and routing-related objects
An netadmin inside container can use 'ip a a' and 'ip r a'
to assign a large number of ipv4/ipv6 addresses and routing entries
and force kernel to allocate megabytes of unaccounted memory
for long-lived per-netdevice related kernel objects:
'struct in_ifaddr', 'struct inet6_ifaddr', 'struct fib6_node',
'struct rt6_info', 'struct fib_rules' and ip_fib caches.
These objects can be manually removed, though usually they lives
in memory till destroy of its net namespace.
It makes sense to account for them to restrict the host's memory
consumption from inside the memcg-limited container.
One of such objects is the 'struct fib6_node' mostly allocated in
net/ipv6/route.c::__ip6_ins_rt() inside the lock_bh()/unlock_bh() section:
write_lock_bh(&table->tb6_lock);
err = fib6_add(&table->tb6_root, rt, info, mxc);
write_unlock_bh(&table->tb6_lock);
In this case it is not enough to simply add SLAB_ACCOUNT to corresponding
kmem cache. The proper memory cgroup still cannot be found due to the
incorrect 'in_interrupt()' check used in memcg_kmem_bypass().
Obsoleted in_interrupt() does not describe real execution context properly.
>From include/linux/preempt.h:
The following macros are deprecated and should not be used in new code:
in_interrupt() - We're in NMI,IRQ,SoftIRQ context or have BH disabled
To verify the current execution context new macro should be used instead:
in_task() - We're in task context
Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2021-07-19 18:44:31 +08:00
|
|
|
return kzalloc(sizeof(struct in_ifaddr), GFP_KERNEL_ACCOUNT);
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
static void inet_rcu_free_ifa(struct rcu_head *head)
|
|
|
|
{
|
|
|
|
struct in_ifaddr *ifa = container_of(head, struct in_ifaddr, rcu_head);
|
|
|
|
if (ifa->ifa_dev)
|
|
|
|
in_dev_put(ifa->ifa_dev);
|
|
|
|
kfree(ifa);
|
|
|
|
}
|
|
|
|
|
2012-08-04 05:06:50 +08:00
|
|
|
static void inet_free_ifa(struct in_ifaddr *ifa)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
|
|
|
call_rcu(&ifa->rcu_head, inet_rcu_free_ifa);
|
|
|
|
}
|
|
|
|
|
2022-11-19 03:19:09 +08:00
|
|
|
static void in_dev_free_rcu(struct rcu_head *head)
|
|
|
|
{
|
|
|
|
struct in_device *idev = container_of(head, struct in_device, rcu_head);
|
|
|
|
|
|
|
|
kfree(rcu_dereference_protected(idev->mc_hash, 1));
|
|
|
|
kfree(idev);
|
|
|
|
}
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
void in_dev_finish_destroy(struct in_device *idev)
|
|
|
|
{
|
|
|
|
struct net_device *dev = idev->dev;
|
|
|
|
|
2008-07-26 12:43:18 +08:00
|
|
|
WARN_ON(idev->ifa_list);
|
|
|
|
WARN_ON(idev->mc_list);
|
2005-04-17 06:20:36 +08:00
|
|
|
#ifdef NET_REFCNT_DEBUG
|
2012-05-15 22:11:54 +08:00
|
|
|
pr_debug("%s: %p=%s\n", __func__, idev, dev ? dev->name : "NIL");
|
2005-04-17 06:20:36 +08:00
|
|
|
#endif
|
2022-06-08 12:39:55 +08:00
|
|
|
netdev_put(dev, &idev->dev_tracker);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (!idev->dead)
|
2009-11-05 14:05:10 +08:00
|
|
|
pr_err("Freeing alive in_device %p\n", idev);
|
|
|
|
else
|
2022-11-19 03:19:09 +08:00
|
|
|
call_rcu(&idev->rcu_head, in_dev_free_rcu);
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
2009-11-05 14:05:10 +08:00
|
|
|
EXPORT_SYMBOL(in_dev_finish_destroy);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2007-06-05 14:36:06 +08:00
|
|
|
static struct in_device *inetdev_init(struct net_device *dev)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
|
|
|
struct in_device *in_dev;
|
2014-07-26 06:25:08 +08:00
|
|
|
int err = -ENOMEM;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
ASSERT_RTNL();
|
|
|
|
|
2006-07-22 05:51:30 +08:00
|
|
|
in_dev = kzalloc(sizeof(*in_dev), GFP_KERNEL);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (!in_dev)
|
|
|
|
goto out;
|
2008-03-25 20:47:49 +08:00
|
|
|
memcpy(&in_dev->cnf, dev_net(dev)->ipv4.devconf_dflt,
|
2007-12-17 05:32:16 +08:00
|
|
|
sizeof(in_dev->cnf));
|
2005-04-17 06:20:36 +08:00
|
|
|
in_dev->cnf.sysctl = NULL;
|
|
|
|
in_dev->dev = dev;
|
2009-11-05 14:05:10 +08:00
|
|
|
in_dev->arp_parms = neigh_parms_alloc(dev, &arp_tbl);
|
|
|
|
if (!in_dev->arp_parms)
|
2005-04-17 06:20:36 +08:00
|
|
|
goto out_kfree;
|
2008-06-20 07:15:47 +08:00
|
|
|
if (IPV4_DEVCONF(in_dev->cnf, FORWARDING))
|
|
|
|
dev_disable_lro(dev);
|
2005-04-17 06:20:36 +08:00
|
|
|
/* Reference in_dev->dev */
|
2022-06-08 12:39:55 +08:00
|
|
|
netdev_hold(dev, &in_dev->dev_tracker, GFP_KERNEL);
|
2007-01-05 04:31:14 +08:00
|
|
|
/* Account for reference dev->ip_ptr (below) */
|
2017-06-30 18:08:03 +08:00
|
|
|
refcount_set(&in_dev->refcnt, 1);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2014-07-26 06:25:08 +08:00
|
|
|
err = devinet_sysctl_register(in_dev);
|
|
|
|
if (err) {
|
|
|
|
in_dev->dead = 1;
|
2020-05-30 11:34:33 +08:00
|
|
|
neigh_parms_release(&arp_tbl, in_dev->arp_parms);
|
2014-07-26 06:25:08 +08:00
|
|
|
in_dev_put(in_dev);
|
|
|
|
in_dev = NULL;
|
|
|
|
goto out;
|
|
|
|
}
|
2005-04-17 06:20:36 +08:00
|
|
|
ip_mc_init_dev(in_dev);
|
|
|
|
if (dev->flags & IFF_UP)
|
|
|
|
ip_mc_up(in_dev);
|
2007-01-10 06:38:31 +08:00
|
|
|
|
2007-01-05 04:31:14 +08:00
|
|
|
/* we can receive as soon as ip_ptr is set -- do this last */
|
2012-01-12 12:41:32 +08:00
|
|
|
rcu_assign_pointer(dev->ip_ptr, in_dev);
|
2007-01-10 06:38:31 +08:00
|
|
|
out:
|
2014-07-26 06:25:08 +08:00
|
|
|
return in_dev ?: ERR_PTR(err);
|
2005-04-17 06:20:36 +08:00
|
|
|
out_kfree:
|
|
|
|
kfree(in_dev);
|
|
|
|
in_dev = NULL;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void inetdev_destroy(struct in_device *in_dev)
|
|
|
|
{
|
|
|
|
struct net_device *dev;
|
2019-06-01 00:27:09 +08:00
|
|
|
struct in_ifaddr *ifa;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
ASSERT_RTNL();
|
|
|
|
|
|
|
|
dev = in_dev->dev;
|
|
|
|
|
|
|
|
in_dev->dead = 1;
|
|
|
|
|
|
|
|
ip_mc_destroy_dev(in_dev);
|
|
|
|
|
2019-06-01 00:27:09 +08:00
|
|
|
while ((ifa = rtnl_dereference(in_dev->ifa_list)) != NULL) {
|
2005-04-17 06:20:36 +08:00
|
|
|
inet_del_ifa(in_dev, &in_dev->ifa_list, 0);
|
|
|
|
inet_free_ifa(ifa);
|
|
|
|
}
|
|
|
|
|
2011-08-02 00:19:00 +08:00
|
|
|
RCU_INIT_POINTER(dev->ip_ptr, NULL);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2007-12-11 18:17:40 +08:00
|
|
|
devinet_sysctl_unregister(in_dev);
|
2005-04-17 06:20:36 +08:00
|
|
|
neigh_parms_release(&arp_tbl, in_dev->arp_parms);
|
|
|
|
arp_ifdown(dev);
|
|
|
|
|
2022-11-19 03:19:09 +08:00
|
|
|
in_dev_put(in_dev);
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
2006-09-27 13:13:35 +08:00
|
|
|
int inet_addr_onlink(struct in_device *in_dev, __be32 a, __be32 b)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
2019-06-01 00:27:05 +08:00
|
|
|
const struct in_ifaddr *ifa;
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
rcu_read_lock();
|
2019-06-01 00:27:05 +08:00
|
|
|
in_dev_for_each_ifa_rcu(ifa, in_dev) {
|
2005-04-17 06:20:36 +08:00
|
|
|
if (inet_ifa_match(a, ifa)) {
|
|
|
|
if (!b || inet_ifa_match(b, ifa)) {
|
|
|
|
rcu_read_unlock();
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
}
|
2019-06-01 00:27:05 +08:00
|
|
|
}
|
2005-04-17 06:20:36 +08:00
|
|
|
rcu_read_unlock();
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2019-06-01 00:27:09 +08:00
|
|
|
static void __inet_del_ifa(struct in_device *in_dev,
|
|
|
|
struct in_ifaddr __rcu **ifap,
|
|
|
|
int destroy, struct nlmsghdr *nlh, u32 portid)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
2005-05-30 11:23:46 +08:00
|
|
|
struct in_ifaddr *promote = NULL;
|
2019-06-01 00:27:09 +08:00
|
|
|
struct in_ifaddr *ifa, *ifa1;
|
|
|
|
struct in_ifaddr *last_prim;
|
2005-11-23 06:47:37 +08:00
|
|
|
struct in_ifaddr *prev_prom = NULL;
|
|
|
|
int do_promote = IN_DEV_PROMOTE_SECONDARIES(in_dev);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
ASSERT_RTNL();
|
|
|
|
|
2019-06-01 00:27:09 +08:00
|
|
|
ifa1 = rtnl_dereference(*ifap);
|
|
|
|
last_prim = rtnl_dereference(in_dev->ifa_list);
|
2016-03-14 11:28:00 +08:00
|
|
|
if (in_dev->dead)
|
|
|
|
goto no_promotions;
|
|
|
|
|
2007-02-09 22:24:47 +08:00
|
|
|
/* 1. Deleting primary ifaddr forces deletion all secondaries
|
2005-05-30 11:23:46 +08:00
|
|
|
* unless alias promotion is set
|
|
|
|
**/
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
if (!(ifa1->ifa_flags & IFA_F_SECONDARY)) {
|
2019-06-01 00:27:09 +08:00
|
|
|
struct in_ifaddr __rcu **ifap1 = &ifa1->ifa_next;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2019-06-01 00:27:09 +08:00
|
|
|
while ((ifa = rtnl_dereference(*ifap1)) != NULL) {
|
2007-02-09 22:24:47 +08:00
|
|
|
if (!(ifa->ifa_flags & IFA_F_SECONDARY) &&
|
2005-11-23 06:47:37 +08:00
|
|
|
ifa1->ifa_scope <= ifa->ifa_scope)
|
|
|
|
last_prim = ifa;
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
if (!(ifa->ifa_flags & IFA_F_SECONDARY) ||
|
|
|
|
ifa1->ifa_mask != ifa->ifa_mask ||
|
|
|
|
!inet_ifa_match(ifa1->ifa_address, ifa)) {
|
|
|
|
ifap1 = &ifa->ifa_next;
|
2005-11-23 06:47:37 +08:00
|
|
|
prev_prom = ifa;
|
2005-04-17 06:20:36 +08:00
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
2005-11-23 06:47:37 +08:00
|
|
|
if (!do_promote) {
|
2011-02-19 04:42:28 +08:00
|
|
|
inet_hash_remove(ifa);
|
2005-05-30 11:23:46 +08:00
|
|
|
*ifap1 = ifa->ifa_next;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2012-09-08 04:12:54 +08:00
|
|
|
rtmsg_ifa(RTM_DELADDR, ifa, nlh, portid);
|
[PATCH] Notifier chain update: API changes
The kernel's implementation of notifier chains is unsafe. There is no
protection against entries being added to or removed from a chain while the
chain is in use. The issues were discussed in this thread:
http://marc.theaimsgroup.com/?l=linux-kernel&m=113018709002036&w=2
We noticed that notifier chains in the kernel fall into two basic usage
classes:
"Blocking" chains are always called from a process context
and the callout routines are allowed to sleep;
"Atomic" chains can be called from an atomic context and
the callout routines are not allowed to sleep.
We decided to codify this distinction and make it part of the API. Therefore
this set of patches introduces three new, parallel APIs: one for blocking
notifiers, one for atomic notifiers, and one for "raw" notifiers (which is
really just the old API under a new name). New kinds of data structures are
used for the heads of the chains, and new routines are defined for
registration, unregistration, and calling a chain. The three APIs are
explained in include/linux/notifier.h and their implementation is in
kernel/sys.c.
With atomic and blocking chains, the implementation guarantees that the chain
links will not be corrupted and that chain callers will not get messed up by
entries being added or removed. For raw chains the implementation provides no
guarantees at all; users of this API must provide their own protections. (The
idea was that situations may come up where the assumptions of the atomic and
blocking APIs are not appropriate, so it should be possible for users to
handle these things in their own way.)
There are some limitations, which should not be too hard to live with. For
atomic/blocking chains, registration and unregistration must always be done in
a process context since the chain is protected by a mutex/rwsem. Also, a
callout routine for a non-raw chain must not try to register or unregister
entries on its own chain. (This did happen in a couple of places and the code
had to be changed to avoid it.)
Since atomic chains may be called from within an NMI handler, they cannot use
spinlocks for synchronization. Instead we use RCU. The overhead falls almost
entirely in the unregister routine, which is okay since unregistration is much
less frequent that calling a chain.
Here is the list of chains that we adjusted and their classifications. None
of them use the raw API, so for the moment it is only a placeholder.
ATOMIC CHAINS
-------------
arch/i386/kernel/traps.c: i386die_chain
arch/ia64/kernel/traps.c: ia64die_chain
arch/powerpc/kernel/traps.c: powerpc_die_chain
arch/sparc64/kernel/traps.c: sparc64die_chain
arch/x86_64/kernel/traps.c: die_chain
drivers/char/ipmi/ipmi_si_intf.c: xaction_notifier_list
kernel/panic.c: panic_notifier_list
kernel/profile.c: task_free_notifier
net/bluetooth/hci_core.c: hci_notifier
net/ipv4/netfilter/ip_conntrack_core.c: ip_conntrack_chain
net/ipv4/netfilter/ip_conntrack_core.c: ip_conntrack_expect_chain
net/ipv6/addrconf.c: inet6addr_chain
net/netfilter/nf_conntrack_core.c: nf_conntrack_chain
net/netfilter/nf_conntrack_core.c: nf_conntrack_expect_chain
net/netlink/af_netlink.c: netlink_chain
BLOCKING CHAINS
---------------
arch/powerpc/platforms/pseries/reconfig.c: pSeries_reconfig_chain
arch/s390/kernel/process.c: idle_chain
arch/x86_64/kernel/process.c idle_notifier
drivers/base/memory.c: memory_chain
drivers/cpufreq/cpufreq.c cpufreq_policy_notifier_list
drivers/cpufreq/cpufreq.c cpufreq_transition_notifier_list
drivers/macintosh/adb.c: adb_client_list
drivers/macintosh/via-pmu.c sleep_notifier_list
drivers/macintosh/via-pmu68k.c sleep_notifier_list
drivers/macintosh/windfarm_core.c wf_client_list
drivers/usb/core/notify.c usb_notifier_list
drivers/video/fbmem.c fb_notifier_list
kernel/cpu.c cpu_chain
kernel/module.c module_notify_list
kernel/profile.c munmap_notifier
kernel/profile.c task_exit_notifier
kernel/sys.c reboot_notifier_list
net/core/dev.c netdev_chain
net/decnet/dn_dev.c: dnaddr_chain
net/ipv4/devinet.c: inetaddr_chain
It's possible that some of these classifications are wrong. If they are,
please let us know or submit a patch to fix them. Note that any chain that
gets called very frequently should be atomic, because the rwsem read-locking
used for blocking chains is very likely to incur cache misses on SMP systems.
(However, if the chain's callout routines may sleep then the chain cannot be
atomic.)
The patch set was written by Alan Stern and Chandra Seetharaman, incorporating
material written by Keith Owens and suggestions from Paul McKenney and Andrew
Morton.
[jes@sgi.com: restructure the notifier chain initialization macros]
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Chandra Seetharaman <sekharan@us.ibm.com>
Signed-off-by: Jes Sorensen <jes@sgi.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-27 17:16:30 +08:00
|
|
|
blocking_notifier_call_chain(&inetaddr_chain,
|
|
|
|
NETDEV_DOWN, ifa);
|
2005-05-30 11:23:46 +08:00
|
|
|
inet_free_ifa(ifa);
|
|
|
|
} else {
|
|
|
|
promote = ifa;
|
|
|
|
break;
|
|
|
|
}
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2011-03-19 20:13:52 +08:00
|
|
|
/* On promotion all secondaries from subnet are changing
|
|
|
|
* the primary IP, we must remove all their routes silently
|
|
|
|
* and later to add them back with new prefsrc. Do this
|
|
|
|
* while all addresses are on the device list.
|
|
|
|
*/
|
2019-06-01 00:27:09 +08:00
|
|
|
for (ifa = promote; ifa; ifa = rtnl_dereference(ifa->ifa_next)) {
|
2011-03-19 20:13:52 +08:00
|
|
|
if (ifa1->ifa_mask == ifa->ifa_mask &&
|
|
|
|
inet_ifa_match(ifa1->ifa_address, ifa))
|
|
|
|
fib_del_ifaddr(ifa, ifa1);
|
|
|
|
}
|
|
|
|
|
2016-03-14 11:28:00 +08:00
|
|
|
no_promotions:
|
2005-04-17 06:20:36 +08:00
|
|
|
/* 2. Unlink it */
|
|
|
|
|
|
|
|
*ifap = ifa1->ifa_next;
|
2011-02-19 04:42:28 +08:00
|
|
|
inet_hash_remove(ifa1);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
/* 3. Announce address deletion */
|
|
|
|
|
|
|
|
/* Send message first, then call notifier.
|
|
|
|
At first sight, FIB update triggered by notifier
|
|
|
|
will refer to already deleted ifaddr, that could confuse
|
|
|
|
netlink listeners. It is not true: look, gated sees
|
|
|
|
that route deleted and if it still thinks that ifaddr
|
|
|
|
is valid, it will try to restore deleted routes... Grr.
|
|
|
|
So that, this order is correct.
|
|
|
|
*/
|
2012-09-08 04:12:54 +08:00
|
|
|
rtmsg_ifa(RTM_DELADDR, ifa1, nlh, portid);
|
[PATCH] Notifier chain update: API changes
The kernel's implementation of notifier chains is unsafe. There is no
protection against entries being added to or removed from a chain while the
chain is in use. The issues were discussed in this thread:
http://marc.theaimsgroup.com/?l=linux-kernel&m=113018709002036&w=2
We noticed that notifier chains in the kernel fall into two basic usage
classes:
"Blocking" chains are always called from a process context
and the callout routines are allowed to sleep;
"Atomic" chains can be called from an atomic context and
the callout routines are not allowed to sleep.
We decided to codify this distinction and make it part of the API. Therefore
this set of patches introduces three new, parallel APIs: one for blocking
notifiers, one for atomic notifiers, and one for "raw" notifiers (which is
really just the old API under a new name). New kinds of data structures are
used for the heads of the chains, and new routines are defined for
registration, unregistration, and calling a chain. The three APIs are
explained in include/linux/notifier.h and their implementation is in
kernel/sys.c.
With atomic and blocking chains, the implementation guarantees that the chain
links will not be corrupted and that chain callers will not get messed up by
entries being added or removed. For raw chains the implementation provides no
guarantees at all; users of this API must provide their own protections. (The
idea was that situations may come up where the assumptions of the atomic and
blocking APIs are not appropriate, so it should be possible for users to
handle these things in their own way.)
There are some limitations, which should not be too hard to live with. For
atomic/blocking chains, registration and unregistration must always be done in
a process context since the chain is protected by a mutex/rwsem. Also, a
callout routine for a non-raw chain must not try to register or unregister
entries on its own chain. (This did happen in a couple of places and the code
had to be changed to avoid it.)
Since atomic chains may be called from within an NMI handler, they cannot use
spinlocks for synchronization. Instead we use RCU. The overhead falls almost
entirely in the unregister routine, which is okay since unregistration is much
less frequent that calling a chain.
Here is the list of chains that we adjusted and their classifications. None
of them use the raw API, so for the moment it is only a placeholder.
ATOMIC CHAINS
-------------
arch/i386/kernel/traps.c: i386die_chain
arch/ia64/kernel/traps.c: ia64die_chain
arch/powerpc/kernel/traps.c: powerpc_die_chain
arch/sparc64/kernel/traps.c: sparc64die_chain
arch/x86_64/kernel/traps.c: die_chain
drivers/char/ipmi/ipmi_si_intf.c: xaction_notifier_list
kernel/panic.c: panic_notifier_list
kernel/profile.c: task_free_notifier
net/bluetooth/hci_core.c: hci_notifier
net/ipv4/netfilter/ip_conntrack_core.c: ip_conntrack_chain
net/ipv4/netfilter/ip_conntrack_core.c: ip_conntrack_expect_chain
net/ipv6/addrconf.c: inet6addr_chain
net/netfilter/nf_conntrack_core.c: nf_conntrack_chain
net/netfilter/nf_conntrack_core.c: nf_conntrack_expect_chain
net/netlink/af_netlink.c: netlink_chain
BLOCKING CHAINS
---------------
arch/powerpc/platforms/pseries/reconfig.c: pSeries_reconfig_chain
arch/s390/kernel/process.c: idle_chain
arch/x86_64/kernel/process.c idle_notifier
drivers/base/memory.c: memory_chain
drivers/cpufreq/cpufreq.c cpufreq_policy_notifier_list
drivers/cpufreq/cpufreq.c cpufreq_transition_notifier_list
drivers/macintosh/adb.c: adb_client_list
drivers/macintosh/via-pmu.c sleep_notifier_list
drivers/macintosh/via-pmu68k.c sleep_notifier_list
drivers/macintosh/windfarm_core.c wf_client_list
drivers/usb/core/notify.c usb_notifier_list
drivers/video/fbmem.c fb_notifier_list
kernel/cpu.c cpu_chain
kernel/module.c module_notify_list
kernel/profile.c munmap_notifier
kernel/profile.c task_exit_notifier
kernel/sys.c reboot_notifier_list
net/core/dev.c netdev_chain
net/decnet/dn_dev.c: dnaddr_chain
net/ipv4/devinet.c: inetaddr_chain
It's possible that some of these classifications are wrong. If they are,
please let us know or submit a patch to fix them. Note that any chain that
gets called very frequently should be atomic, because the rwsem read-locking
used for blocking chains is very likely to incur cache misses on SMP systems.
(However, if the chain's callout routines may sleep then the chain cannot be
atomic.)
The patch set was written by Alan Stern and Chandra Seetharaman, incorporating
material written by Keith Owens and suggestions from Paul McKenney and Andrew
Morton.
[jes@sgi.com: restructure the notifier chain initialization macros]
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Chandra Seetharaman <sekharan@us.ibm.com>
Signed-off-by: Jes Sorensen <jes@sgi.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-27 17:16:30 +08:00
|
|
|
blocking_notifier_call_chain(&inetaddr_chain, NETDEV_DOWN, ifa1);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2005-11-23 06:47:37 +08:00
|
|
|
if (promote) {
|
2019-06-01 00:27:09 +08:00
|
|
|
struct in_ifaddr *next_sec;
|
2005-11-23 06:47:37 +08:00
|
|
|
|
2019-06-01 00:27:09 +08:00
|
|
|
next_sec = rtnl_dereference(promote->ifa_next);
|
2005-11-23 06:47:37 +08:00
|
|
|
if (prev_prom) {
|
2019-06-01 00:27:09 +08:00
|
|
|
struct in_ifaddr *last_sec;
|
|
|
|
|
|
|
|
rcu_assign_pointer(prev_prom->ifa_next, next_sec);
|
2019-06-27 20:03:32 +08:00
|
|
|
|
|
|
|
last_sec = rtnl_dereference(last_prim->ifa_next);
|
2019-06-01 00:27:09 +08:00
|
|
|
rcu_assign_pointer(promote->ifa_next, last_sec);
|
|
|
|
rcu_assign_pointer(last_prim->ifa_next, promote);
|
2005-11-23 06:47:37 +08:00
|
|
|
}
|
2005-05-30 11:23:46 +08:00
|
|
|
|
|
|
|
promote->ifa_flags &= ~IFA_F_SECONDARY;
|
2012-09-08 04:12:54 +08:00
|
|
|
rtmsg_ifa(RTM_NEWADDR, promote, nlh, portid);
|
[PATCH] Notifier chain update: API changes
The kernel's implementation of notifier chains is unsafe. There is no
protection against entries being added to or removed from a chain while the
chain is in use. The issues were discussed in this thread:
http://marc.theaimsgroup.com/?l=linux-kernel&m=113018709002036&w=2
We noticed that notifier chains in the kernel fall into two basic usage
classes:
"Blocking" chains are always called from a process context
and the callout routines are allowed to sleep;
"Atomic" chains can be called from an atomic context and
the callout routines are not allowed to sleep.
We decided to codify this distinction and make it part of the API. Therefore
this set of patches introduces three new, parallel APIs: one for blocking
notifiers, one for atomic notifiers, and one for "raw" notifiers (which is
really just the old API under a new name). New kinds of data structures are
used for the heads of the chains, and new routines are defined for
registration, unregistration, and calling a chain. The three APIs are
explained in include/linux/notifier.h and their implementation is in
kernel/sys.c.
With atomic and blocking chains, the implementation guarantees that the chain
links will not be corrupted and that chain callers will not get messed up by
entries being added or removed. For raw chains the implementation provides no
guarantees at all; users of this API must provide their own protections. (The
idea was that situations may come up where the assumptions of the atomic and
blocking APIs are not appropriate, so it should be possible for users to
handle these things in their own way.)
There are some limitations, which should not be too hard to live with. For
atomic/blocking chains, registration and unregistration must always be done in
a process context since the chain is protected by a mutex/rwsem. Also, a
callout routine for a non-raw chain must not try to register or unregister
entries on its own chain. (This did happen in a couple of places and the code
had to be changed to avoid it.)
Since atomic chains may be called from within an NMI handler, they cannot use
spinlocks for synchronization. Instead we use RCU. The overhead falls almost
entirely in the unregister routine, which is okay since unregistration is much
less frequent that calling a chain.
Here is the list of chains that we adjusted and their classifications. None
of them use the raw API, so for the moment it is only a placeholder.
ATOMIC CHAINS
-------------
arch/i386/kernel/traps.c: i386die_chain
arch/ia64/kernel/traps.c: ia64die_chain
arch/powerpc/kernel/traps.c: powerpc_die_chain
arch/sparc64/kernel/traps.c: sparc64die_chain
arch/x86_64/kernel/traps.c: die_chain
drivers/char/ipmi/ipmi_si_intf.c: xaction_notifier_list
kernel/panic.c: panic_notifier_list
kernel/profile.c: task_free_notifier
net/bluetooth/hci_core.c: hci_notifier
net/ipv4/netfilter/ip_conntrack_core.c: ip_conntrack_chain
net/ipv4/netfilter/ip_conntrack_core.c: ip_conntrack_expect_chain
net/ipv6/addrconf.c: inet6addr_chain
net/netfilter/nf_conntrack_core.c: nf_conntrack_chain
net/netfilter/nf_conntrack_core.c: nf_conntrack_expect_chain
net/netlink/af_netlink.c: netlink_chain
BLOCKING CHAINS
---------------
arch/powerpc/platforms/pseries/reconfig.c: pSeries_reconfig_chain
arch/s390/kernel/process.c: idle_chain
arch/x86_64/kernel/process.c idle_notifier
drivers/base/memory.c: memory_chain
drivers/cpufreq/cpufreq.c cpufreq_policy_notifier_list
drivers/cpufreq/cpufreq.c cpufreq_transition_notifier_list
drivers/macintosh/adb.c: adb_client_list
drivers/macintosh/via-pmu.c sleep_notifier_list
drivers/macintosh/via-pmu68k.c sleep_notifier_list
drivers/macintosh/windfarm_core.c wf_client_list
drivers/usb/core/notify.c usb_notifier_list
drivers/video/fbmem.c fb_notifier_list
kernel/cpu.c cpu_chain
kernel/module.c module_notify_list
kernel/profile.c munmap_notifier
kernel/profile.c task_exit_notifier
kernel/sys.c reboot_notifier_list
net/core/dev.c netdev_chain
net/decnet/dn_dev.c: dnaddr_chain
net/ipv4/devinet.c: inetaddr_chain
It's possible that some of these classifications are wrong. If they are,
please let us know or submit a patch to fix them. Note that any chain that
gets called very frequently should be atomic, because the rwsem read-locking
used for blocking chains is very likely to incur cache misses on SMP systems.
(However, if the chain's callout routines may sleep then the chain cannot be
atomic.)
The patch set was written by Alan Stern and Chandra Seetharaman, incorporating
material written by Keith Owens and suggestions from Paul McKenney and Andrew
Morton.
[jes@sgi.com: restructure the notifier chain initialization macros]
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Chandra Seetharaman <sekharan@us.ibm.com>
Signed-off-by: Jes Sorensen <jes@sgi.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-27 17:16:30 +08:00
|
|
|
blocking_notifier_call_chain(&inetaddr_chain,
|
|
|
|
NETDEV_UP, promote);
|
2019-06-01 00:27:09 +08:00
|
|
|
for (ifa = next_sec; ifa;
|
|
|
|
ifa = rtnl_dereference(ifa->ifa_next)) {
|
2005-11-23 06:47:37 +08:00
|
|
|
if (ifa1->ifa_mask != ifa->ifa_mask ||
|
|
|
|
!inet_ifa_match(ifa1->ifa_address, ifa))
|
|
|
|
continue;
|
|
|
|
fib_add_ifaddr(ifa);
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
2007-06-08 09:35:38 +08:00
|
|
|
if (destroy)
|
2005-11-23 06:47:37 +08:00
|
|
|
inet_free_ifa(ifa1);
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
2019-06-01 00:27:09 +08:00
|
|
|
static void inet_del_ifa(struct in_device *in_dev,
|
|
|
|
struct in_ifaddr __rcu **ifap,
|
2006-08-15 15:33:59 +08:00
|
|
|
int destroy)
|
|
|
|
{
|
|
|
|
__inet_del_ifa(in_dev, ifap, destroy, NULL, 0);
|
|
|
|
}
|
|
|
|
|
2013-01-24 17:41:41 +08:00
|
|
|
static void check_lifetime(struct work_struct *work);
|
|
|
|
|
|
|
|
static DECLARE_DELAYED_WORK(check_lifetime_work, check_lifetime);
|
|
|
|
|
2006-08-15 15:33:59 +08:00
|
|
|
static int __inet_insert_ifa(struct in_ifaddr *ifa, struct nlmsghdr *nlh,
|
2017-10-19 00:56:54 +08:00
|
|
|
u32 portid, struct netlink_ext_ack *extack)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
2019-06-01 00:27:09 +08:00
|
|
|
struct in_ifaddr __rcu **last_primary, **ifap;
|
2005-04-17 06:20:36 +08:00
|
|
|
struct in_device *in_dev = ifa->ifa_dev;
|
2017-06-09 04:12:14 +08:00
|
|
|
struct in_validator_info ivi;
|
2019-06-01 00:27:09 +08:00
|
|
|
struct in_ifaddr *ifa1;
|
2017-06-09 04:12:14 +08:00
|
|
|
int ret;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
ASSERT_RTNL();
|
|
|
|
|
|
|
|
if (!ifa->ifa_local) {
|
|
|
|
inet_free_ifa(ifa);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
ifa->ifa_flags &= ~IFA_F_SECONDARY;
|
|
|
|
last_primary = &in_dev->ifa_list;
|
|
|
|
|
2019-07-02 01:01:55 +08:00
|
|
|
/* Don't set IPv6 only flags to IPv4 addresses */
|
|
|
|
ifa->ifa_flags &= ~IPV6ONLY_FLAGS;
|
|
|
|
|
2019-06-01 00:27:09 +08:00
|
|
|
ifap = &in_dev->ifa_list;
|
|
|
|
ifa1 = rtnl_dereference(*ifap);
|
|
|
|
|
|
|
|
while (ifa1) {
|
2005-04-17 06:20:36 +08:00
|
|
|
if (!(ifa1->ifa_flags & IFA_F_SECONDARY) &&
|
|
|
|
ifa->ifa_scope <= ifa1->ifa_scope)
|
|
|
|
last_primary = &ifa1->ifa_next;
|
|
|
|
if (ifa1->ifa_mask == ifa->ifa_mask &&
|
|
|
|
inet_ifa_match(ifa1->ifa_address, ifa)) {
|
|
|
|
if (ifa1->ifa_local == ifa->ifa_local) {
|
|
|
|
inet_free_ifa(ifa);
|
|
|
|
return -EEXIST;
|
|
|
|
}
|
|
|
|
if (ifa1->ifa_scope != ifa->ifa_scope) {
|
|
|
|
inet_free_ifa(ifa);
|
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
ifa->ifa_flags |= IFA_F_SECONDARY;
|
|
|
|
}
|
2019-06-01 00:27:09 +08:00
|
|
|
|
|
|
|
ifap = &ifa1->ifa_next;
|
|
|
|
ifa1 = rtnl_dereference(*ifap);
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
2017-06-09 04:12:14 +08:00
|
|
|
/* Allow any devices that wish to register ifaddr validtors to weigh
|
|
|
|
* in now, before changes are committed. The rntl lock is serializing
|
|
|
|
* access here, so the state should not change between a validator call
|
|
|
|
* and a final notify on commit. This isn't invoked on promotion under
|
|
|
|
* the assumption that validators are checking the address itself, and
|
|
|
|
* not the flags.
|
|
|
|
*/
|
|
|
|
ivi.ivi_addr = ifa->ifa_address;
|
|
|
|
ivi.ivi_dev = ifa->ifa_dev;
|
2017-10-19 00:56:54 +08:00
|
|
|
ivi.extack = extack;
|
2017-06-09 04:12:14 +08:00
|
|
|
ret = blocking_notifier_call_chain(&inetaddr_validator_chain,
|
|
|
|
NETDEV_UP, &ivi);
|
|
|
|
ret = notifier_to_errno(ret);
|
|
|
|
if (ret) {
|
|
|
|
inet_free_ifa(ifa);
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
random32: use real rng for non-deterministic randomness
random32.c has two random number generators in it: one that is meant to
be used deterministically, with some predefined seed, and one that does
the same exact thing as random.c, except does it poorly. The first one
has some use cases. The second one no longer does and can be replaced
with calls to random.c's proper random number generator.
The relatively recent siphash-based bad random32.c code was added in
response to concerns that the prior random32.c was too deterministic.
Out of fears that random.c was (at the time) too slow, this code was
anonymously contributed. Then out of that emerged a kind of shadow
entropy gathering system, with its own tentacles throughout various net
code, added willy nilly.
Stop👏making👏bespoke👏random👏number👏generators👏.
Fortunately, recent advances in random.c mean that we can stop playing
with this sketchiness, and just use get_random_u32(), which is now fast
enough. In micro benchmarks using RDPMC, I'm seeing the same median
cycle count between the two functions, with the mean being _slightly_
higher due to batches refilling (which we can optimize further need be).
However, when doing *real* benchmarks of the net functions that actually
use these random numbers, the mean cycles actually *decreased* slightly
(with the median still staying the same), likely because the additional
prandom code means icache misses and complexity, whereas random.c is
generally already being used by something else nearby.
The biggest benefit of this is that there are many users of prandom who
probably should be using cryptographically secure random numbers. This
makes all of those accidental cases become secure by just flipping a
switch. Later on, we can do a tree-wide cleanup to remove the static
inline wrapper functions that this commit adds.
There are also some low-ish hanging fruits for making this even faster
in the future: a get_random_u16() function for use in the networking
stack will give a 2x performance boost there, using SIMD for ChaCha20
will let us compute 4 or 8 or 16 blocks of output in parallel, instead
of just one, giving us large buffers for cheap, and introducing a
get_random_*_bh() function that assumes irqs are already disabled will
shave off a few cycles for ordinary calls. These are things we can chip
away at down the road.
Acked-by: Jakub Kicinski <kuba@kernel.org>
Acked-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2022-05-11 22:11:29 +08:00
|
|
|
if (!(ifa->ifa_flags & IFA_F_SECONDARY))
|
2005-04-17 06:20:36 +08:00
|
|
|
ifap = last_primary;
|
|
|
|
|
2019-06-01 00:27:09 +08:00
|
|
|
rcu_assign_pointer(ifa->ifa_next, *ifap);
|
|
|
|
rcu_assign_pointer(*ifap, ifa);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2011-02-19 04:42:28 +08:00
|
|
|
inet_hash_insert(dev_net(in_dev->dev), ifa);
|
|
|
|
|
2013-01-24 17:41:41 +08:00
|
|
|
cancel_delayed_work(&check_lifetime_work);
|
2014-01-22 14:53:32 +08:00
|
|
|
queue_delayed_work(system_power_efficient_wq, &check_lifetime_work, 0);
|
2013-01-24 17:41:41 +08:00
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
/* Send message first, then call notifier.
|
|
|
|
Notifier will trigger FIB update, so that
|
|
|
|
listeners of netlink will know about new ifaddr */
|
2012-09-08 04:12:54 +08:00
|
|
|
rtmsg_ifa(RTM_NEWADDR, ifa, nlh, portid);
|
[PATCH] Notifier chain update: API changes
The kernel's implementation of notifier chains is unsafe. There is no
protection against entries being added to or removed from a chain while the
chain is in use. The issues were discussed in this thread:
http://marc.theaimsgroup.com/?l=linux-kernel&m=113018709002036&w=2
We noticed that notifier chains in the kernel fall into two basic usage
classes:
"Blocking" chains are always called from a process context
and the callout routines are allowed to sleep;
"Atomic" chains can be called from an atomic context and
the callout routines are not allowed to sleep.
We decided to codify this distinction and make it part of the API. Therefore
this set of patches introduces three new, parallel APIs: one for blocking
notifiers, one for atomic notifiers, and one for "raw" notifiers (which is
really just the old API under a new name). New kinds of data structures are
used for the heads of the chains, and new routines are defined for
registration, unregistration, and calling a chain. The three APIs are
explained in include/linux/notifier.h and their implementation is in
kernel/sys.c.
With atomic and blocking chains, the implementation guarantees that the chain
links will not be corrupted and that chain callers will not get messed up by
entries being added or removed. For raw chains the implementation provides no
guarantees at all; users of this API must provide their own protections. (The
idea was that situations may come up where the assumptions of the atomic and
blocking APIs are not appropriate, so it should be possible for users to
handle these things in their own way.)
There are some limitations, which should not be too hard to live with. For
atomic/blocking chains, registration and unregistration must always be done in
a process context since the chain is protected by a mutex/rwsem. Also, a
callout routine for a non-raw chain must not try to register or unregister
entries on its own chain. (This did happen in a couple of places and the code
had to be changed to avoid it.)
Since atomic chains may be called from within an NMI handler, they cannot use
spinlocks for synchronization. Instead we use RCU. The overhead falls almost
entirely in the unregister routine, which is okay since unregistration is much
less frequent that calling a chain.
Here is the list of chains that we adjusted and their classifications. None
of them use the raw API, so for the moment it is only a placeholder.
ATOMIC CHAINS
-------------
arch/i386/kernel/traps.c: i386die_chain
arch/ia64/kernel/traps.c: ia64die_chain
arch/powerpc/kernel/traps.c: powerpc_die_chain
arch/sparc64/kernel/traps.c: sparc64die_chain
arch/x86_64/kernel/traps.c: die_chain
drivers/char/ipmi/ipmi_si_intf.c: xaction_notifier_list
kernel/panic.c: panic_notifier_list
kernel/profile.c: task_free_notifier
net/bluetooth/hci_core.c: hci_notifier
net/ipv4/netfilter/ip_conntrack_core.c: ip_conntrack_chain
net/ipv4/netfilter/ip_conntrack_core.c: ip_conntrack_expect_chain
net/ipv6/addrconf.c: inet6addr_chain
net/netfilter/nf_conntrack_core.c: nf_conntrack_chain
net/netfilter/nf_conntrack_core.c: nf_conntrack_expect_chain
net/netlink/af_netlink.c: netlink_chain
BLOCKING CHAINS
---------------
arch/powerpc/platforms/pseries/reconfig.c: pSeries_reconfig_chain
arch/s390/kernel/process.c: idle_chain
arch/x86_64/kernel/process.c idle_notifier
drivers/base/memory.c: memory_chain
drivers/cpufreq/cpufreq.c cpufreq_policy_notifier_list
drivers/cpufreq/cpufreq.c cpufreq_transition_notifier_list
drivers/macintosh/adb.c: adb_client_list
drivers/macintosh/via-pmu.c sleep_notifier_list
drivers/macintosh/via-pmu68k.c sleep_notifier_list
drivers/macintosh/windfarm_core.c wf_client_list
drivers/usb/core/notify.c usb_notifier_list
drivers/video/fbmem.c fb_notifier_list
kernel/cpu.c cpu_chain
kernel/module.c module_notify_list
kernel/profile.c munmap_notifier
kernel/profile.c task_exit_notifier
kernel/sys.c reboot_notifier_list
net/core/dev.c netdev_chain
net/decnet/dn_dev.c: dnaddr_chain
net/ipv4/devinet.c: inetaddr_chain
It's possible that some of these classifications are wrong. If they are,
please let us know or submit a patch to fix them. Note that any chain that
gets called very frequently should be atomic, because the rwsem read-locking
used for blocking chains is very likely to incur cache misses on SMP systems.
(However, if the chain's callout routines may sleep then the chain cannot be
atomic.)
The patch set was written by Alan Stern and Chandra Seetharaman, incorporating
material written by Keith Owens and suggestions from Paul McKenney and Andrew
Morton.
[jes@sgi.com: restructure the notifier chain initialization macros]
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Chandra Seetharaman <sekharan@us.ibm.com>
Signed-off-by: Jes Sorensen <jes@sgi.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-27 17:16:30 +08:00
|
|
|
blocking_notifier_call_chain(&inetaddr_chain, NETDEV_UP, ifa);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2006-08-15 15:33:59 +08:00
|
|
|
static int inet_insert_ifa(struct in_ifaddr *ifa)
|
|
|
|
{
|
2017-10-19 00:56:54 +08:00
|
|
|
return __inet_insert_ifa(ifa, NULL, 0, NULL);
|
2006-08-15 15:33:59 +08:00
|
|
|
}
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
static int inet_set_ifa(struct net_device *dev, struct in_ifaddr *ifa)
|
|
|
|
{
|
2005-10-04 05:35:55 +08:00
|
|
|
struct in_device *in_dev = __in_dev_get_rtnl(dev);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
ASSERT_RTNL();
|
|
|
|
|
|
|
|
if (!in_dev) {
|
2007-06-05 14:36:06 +08:00
|
|
|
inet_free_ifa(ifa);
|
|
|
|
return -ENOBUFS;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
2007-06-05 14:36:06 +08:00
|
|
|
ipv4_devconf_setall(in_dev);
|
2013-12-08 02:26:56 +08:00
|
|
|
neigh_parms_data_state_setall(in_dev->arp_parms);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (ifa->ifa_dev != in_dev) {
|
2008-07-26 12:43:18 +08:00
|
|
|
WARN_ON(ifa->ifa_dev);
|
2005-04-17 06:20:36 +08:00
|
|
|
in_dev_hold(in_dev);
|
|
|
|
ifa->ifa_dev = in_dev;
|
|
|
|
}
|
2007-12-17 05:45:43 +08:00
|
|
|
if (ipv4_is_loopback(ifa->ifa_local))
|
2005-04-17 06:20:36 +08:00
|
|
|
ifa->ifa_scope = RT_SCOPE_HOST;
|
|
|
|
return inet_insert_ifa(ifa);
|
|
|
|
}
|
|
|
|
|
2010-10-19 08:39:26 +08:00
|
|
|
/* Caller must hold RCU or RTNL :
|
|
|
|
* We dont take a reference on found in_device
|
|
|
|
*/
|
2008-01-22 09:32:38 +08:00
|
|
|
struct in_device *inetdev_by_index(struct net *net, int ifindex)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
|
|
|
struct net_device *dev;
|
|
|
|
struct in_device *in_dev = NULL;
|
2009-11-02 03:23:04 +08:00
|
|
|
|
|
|
|
rcu_read_lock();
|
|
|
|
dev = dev_get_by_index_rcu(net, ifindex);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (dev)
|
2010-10-19 08:39:26 +08:00
|
|
|
in_dev = rcu_dereference_rtnl(dev->ip_ptr);
|
2009-11-02 03:23:04 +08:00
|
|
|
rcu_read_unlock();
|
2005-04-17 06:20:36 +08:00
|
|
|
return in_dev;
|
|
|
|
}
|
2009-11-05 14:05:10 +08:00
|
|
|
EXPORT_SYMBOL(inetdev_by_index);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
/* Called only from RTNL semaphored context. No locks. */
|
|
|
|
|
2006-09-27 13:17:09 +08:00
|
|
|
struct in_ifaddr *inet_ifa_byprefix(struct in_device *in_dev, __be32 prefix,
|
|
|
|
__be32 mask)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
2019-06-01 00:27:05 +08:00
|
|
|
struct in_ifaddr *ifa;
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
ASSERT_RTNL();
|
|
|
|
|
2019-06-01 00:27:05 +08:00
|
|
|
in_dev_for_each_ifa_rtnl(ifa, in_dev) {
|
2005-04-17 06:20:36 +08:00
|
|
|
if (ifa->ifa_mask == mask && inet_ifa_match(prefix, ifa))
|
|
|
|
return ifa;
|
2019-06-01 00:27:05 +08:00
|
|
|
}
|
2005-04-17 06:20:36 +08:00
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2020-04-10 01:25:24 +08:00
|
|
|
static int ip_mc_autojoin_config(struct net *net, bool join,
|
|
|
|
const struct in_ifaddr *ifa)
|
2015-02-26 01:58:35 +08:00
|
|
|
{
|
2020-04-10 01:25:24 +08:00
|
|
|
#if defined(CONFIG_IP_MULTICAST)
|
2015-02-26 01:58:35 +08:00
|
|
|
struct ip_mreqn mreq = {
|
|
|
|
.imr_multiaddr.s_addr = ifa->ifa_address,
|
|
|
|
.imr_ifindex = ifa->ifa_dev->dev->ifindex,
|
|
|
|
};
|
2020-04-10 01:25:24 +08:00
|
|
|
struct sock *sk = net->ipv4.mc_autojoin_sk;
|
2015-02-26 01:58:35 +08:00
|
|
|
int ret;
|
|
|
|
|
|
|
|
ASSERT_RTNL();
|
|
|
|
|
|
|
|
lock_sock(sk);
|
|
|
|
if (join)
|
ipv4, ipv6: kill ip_mc_{join, leave}_group and ipv6_sock_mc_{join, drop}
in favor of their inner __ ones, which doesn't grab rtnl.
As these functions need to operate on a locked socket, we can't be
grabbing rtnl by then. It's too late and doing so causes reversed
locking.
So this patch:
- move rtnl handling to callers instead while already fixing some
reversed locking situations, like on vxlan and ipvs code.
- renames __ ones to not have the __ mark:
__ip_mc_{join,leave}_group -> ip_mc_{join,leave}_group
__ipv6_sock_mc_{join,drop} -> ipv6_sock_mc_{join,drop}
Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-03-19 01:50:43 +08:00
|
|
|
ret = ip_mc_join_group(sk, &mreq);
|
2015-02-26 01:58:35 +08:00
|
|
|
else
|
ipv4, ipv6: kill ip_mc_{join, leave}_group and ipv6_sock_mc_{join, drop}
in favor of their inner __ ones, which doesn't grab rtnl.
As these functions need to operate on a locked socket, we can't be
grabbing rtnl by then. It's too late and doing so causes reversed
locking.
So this patch:
- move rtnl handling to callers instead while already fixing some
reversed locking situations, like on vxlan and ipvs code.
- renames __ ones to not have the __ mark:
__ip_mc_{join,leave}_group -> ip_mc_{join,leave}_group
__ipv6_sock_mc_{join,drop} -> ipv6_sock_mc_{join,drop}
Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-03-19 01:50:43 +08:00
|
|
|
ret = ip_mc_leave_group(sk, &mreq);
|
2015-02-26 01:58:35 +08:00
|
|
|
release_sock(sk);
|
|
|
|
|
|
|
|
return ret;
|
2020-04-10 01:25:24 +08:00
|
|
|
#else
|
|
|
|
return -EOPNOTSUPP;
|
|
|
|
#endif
|
2015-02-26 01:58:35 +08:00
|
|
|
}
|
|
|
|
|
2017-04-17 00:48:24 +08:00
|
|
|
static int inet_rtm_deladdr(struct sk_buff *skb, struct nlmsghdr *nlh,
|
|
|
|
struct netlink_ext_ack *extack)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
2008-03-26 01:26:21 +08:00
|
|
|
struct net *net = sock_net(skb->sk);
|
2019-06-01 00:27:09 +08:00
|
|
|
struct in_ifaddr __rcu **ifap;
|
2006-08-05 14:04:17 +08:00
|
|
|
struct nlattr *tb[IFA_MAX+1];
|
2005-04-17 06:20:36 +08:00
|
|
|
struct in_device *in_dev;
|
2006-08-05 14:04:17 +08:00
|
|
|
struct ifaddrmsg *ifm;
|
2019-06-01 00:27:09 +08:00
|
|
|
struct in_ifaddr *ifa;
|
2020-11-08 09:05:41 +08:00
|
|
|
int err;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
ASSERT_RTNL();
|
|
|
|
|
netlink: make validation more configurable for future strictness
We currently have two levels of strict validation:
1) liberal (default)
- undefined (type >= max) & NLA_UNSPEC attributes accepted
- attribute length >= expected accepted
- garbage at end of message accepted
2) strict (opt-in)
- NLA_UNSPEC attributes accepted
- attribute length >= expected accepted
Split out parsing strictness into four different options:
* TRAILING - check that there's no trailing data after parsing
attributes (in message or nested)
* MAXTYPE - reject attrs > max known type
* UNSPEC - reject attributes with NLA_UNSPEC policy entries
* STRICT_ATTRS - strictly validate attribute size
The default for future things should be *everything*.
The current *_strict() is a combination of TRAILING and MAXTYPE,
and is renamed to _deprecated_strict().
The current regular parsing has none of this, and is renamed to
*_parse_deprecated().
Additionally it allows us to selectively set one of the new flags
even on old policies. Notably, the UNSPEC flag could be useful in
this case, since it can be arranged (by filling in the policy) to
not be an incompatible userspace ABI change, but would then going
forward prevent forgetting attribute entries. Similar can apply
to the POLICY flag.
We end up with the following renames:
* nla_parse -> nla_parse_deprecated
* nla_parse_strict -> nla_parse_deprecated_strict
* nlmsg_parse -> nlmsg_parse_deprecated
* nlmsg_parse_strict -> nlmsg_parse_deprecated_strict
* nla_parse_nested -> nla_parse_nested_deprecated
* nla_validate_nested -> nla_validate_nested_deprecated
Using spatch, of course:
@@
expression TB, MAX, HEAD, LEN, POL, EXT;
@@
-nla_parse(TB, MAX, HEAD, LEN, POL, EXT)
+nla_parse_deprecated(TB, MAX, HEAD, LEN, POL, EXT)
@@
expression NLH, HDRLEN, TB, MAX, POL, EXT;
@@
-nlmsg_parse(NLH, HDRLEN, TB, MAX, POL, EXT)
+nlmsg_parse_deprecated(NLH, HDRLEN, TB, MAX, POL, EXT)
@@
expression NLH, HDRLEN, TB, MAX, POL, EXT;
@@
-nlmsg_parse_strict(NLH, HDRLEN, TB, MAX, POL, EXT)
+nlmsg_parse_deprecated_strict(NLH, HDRLEN, TB, MAX, POL, EXT)
@@
expression TB, MAX, NLA, POL, EXT;
@@
-nla_parse_nested(TB, MAX, NLA, POL, EXT)
+nla_parse_nested_deprecated(TB, MAX, NLA, POL, EXT)
@@
expression START, MAX, POL, EXT;
@@
-nla_validate_nested(START, MAX, POL, EXT)
+nla_validate_nested_deprecated(START, MAX, POL, EXT)
@@
expression NLH, HDRLEN, MAX, POL, EXT;
@@
-nlmsg_validate(NLH, HDRLEN, MAX, POL, EXT)
+nlmsg_validate_deprecated(NLH, HDRLEN, MAX, POL, EXT)
For this patch, don't actually add the strict, non-renamed versions
yet so that it breaks compile if I get it wrong.
Also, while at it, make nla_validate and nla_parse go down to a
common __nla_validate_parse() function to avoid code duplication.
Ultimately, this allows us to have very strict validation for every
new caller of nla_parse()/nlmsg_parse() etc as re-introduced in the
next patch, while existing things will continue to work as is.
In effect then, this adds fully strict validation for any new command.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-04-26 20:07:28 +08:00
|
|
|
err = nlmsg_parse_deprecated(nlh, sizeof(*ifm), tb, IFA_MAX,
|
|
|
|
ifa_ipv4_policy, extack);
|
2006-08-05 14:04:17 +08:00
|
|
|
if (err < 0)
|
|
|
|
goto errout;
|
|
|
|
|
|
|
|
ifm = nlmsg_data(nlh);
|
2008-01-22 09:32:38 +08:00
|
|
|
in_dev = inetdev_by_index(net, ifm->ifa_index);
|
2015-04-03 16:17:26 +08:00
|
|
|
if (!in_dev) {
|
2006-08-05 14:04:17 +08:00
|
|
|
err = -ENODEV;
|
|
|
|
goto errout;
|
|
|
|
}
|
|
|
|
|
2019-06-01 00:27:09 +08:00
|
|
|
for (ifap = &in_dev->ifa_list; (ifa = rtnl_dereference(*ifap)) != NULL;
|
2005-04-17 06:20:36 +08:00
|
|
|
ifap = &ifa->ifa_next) {
|
2006-08-05 14:04:17 +08:00
|
|
|
if (tb[IFA_LOCAL] &&
|
2015-03-29 22:59:26 +08:00
|
|
|
ifa->ifa_local != nla_get_in_addr(tb[IFA_LOCAL]))
|
2006-08-05 14:04:17 +08:00
|
|
|
continue;
|
|
|
|
|
|
|
|
if (tb[IFA_LABEL] && nla_strcmp(tb[IFA_LABEL], ifa->ifa_label))
|
2005-04-17 06:20:36 +08:00
|
|
|
continue;
|
2006-08-05 14:04:17 +08:00
|
|
|
|
|
|
|
if (tb[IFA_ADDRESS] &&
|
|
|
|
(ifm->ifa_prefixlen != ifa->ifa_prefixlen ||
|
2015-03-29 22:59:26 +08:00
|
|
|
!inet_ifa_match(nla_get_in_addr(tb[IFA_ADDRESS]), ifa)))
|
2006-08-05 14:04:17 +08:00
|
|
|
continue;
|
|
|
|
|
2015-02-26 01:58:35 +08:00
|
|
|
if (ipv4_is_multicast(ifa->ifa_address))
|
2020-04-10 01:25:24 +08:00
|
|
|
ip_mc_autojoin_config(net, false, ifa);
|
2012-09-08 04:12:54 +08:00
|
|
|
__inet_del_ifa(in_dev, ifap, 1, nlh, NETLINK_CB(skb).portid);
|
2005-04-17 06:20:36 +08:00
|
|
|
return 0;
|
|
|
|
}
|
2006-08-05 14:04:17 +08:00
|
|
|
|
|
|
|
err = -EADDRNOTAVAIL;
|
|
|
|
errout:
|
|
|
|
return err;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
2013-01-24 17:41:41 +08:00
|
|
|
#define INFINITY_LIFE_TIME 0xFFFFFFFF
|
|
|
|
|
|
|
|
static void check_lifetime(struct work_struct *work)
|
|
|
|
{
|
|
|
|
unsigned long now, next, next_sec, next_sched;
|
|
|
|
struct in_ifaddr *ifa;
|
2013-04-05 07:39:39 +08:00
|
|
|
struct hlist_node *n;
|
2013-01-24 17:41:41 +08:00
|
|
|
int i;
|
|
|
|
|
|
|
|
now = jiffies;
|
|
|
|
next = round_jiffies_up(now + ADDR_CHECK_FREQUENCY);
|
|
|
|
|
|
|
|
for (i = 0; i < IN4_ADDR_HSIZE; i++) {
|
2013-04-05 07:39:39 +08:00
|
|
|
bool change_needed = false;
|
|
|
|
|
|
|
|
rcu_read_lock();
|
hlist: drop the node parameter from iterators
I'm not sure why, but the hlist for each entry iterators were conceived
list_for_each_entry(pos, head, member)
The hlist ones were greedy and wanted an extra parameter:
hlist_for_each_entry(tpos, pos, head, member)
Why did they need an extra pos parameter? I'm not quite sure. Not only
they don't really need it, it also prevents the iterator from looking
exactly like the list iterator, which is unfortunate.
Besides the semantic patch, there was some manual work required:
- Fix up the actual hlist iterators in linux/list.h
- Fix up the declaration of other iterators based on the hlist ones.
- A very small amount of places were using the 'node' parameter, this
was modified to use 'obj->member' instead.
- Coccinelle didn't handle the hlist_for_each_entry_safe iterator
properly, so those had to be fixed up manually.
The semantic patch which is mostly the work of Peter Senna Tschudin is here:
@@
iterator name hlist_for_each_entry, hlist_for_each_entry_continue, hlist_for_each_entry_from, hlist_for_each_entry_rcu, hlist_for_each_entry_rcu_bh, hlist_for_each_entry_continue_rcu_bh, for_each_busy_worker, ax25_uid_for_each, ax25_for_each, inet_bind_bucket_for_each, sctp_for_each_hentry, sk_for_each, sk_for_each_rcu, sk_for_each_from, sk_for_each_safe, sk_for_each_bound, hlist_for_each_entry_safe, hlist_for_each_entry_continue_rcu, nr_neigh_for_each, nr_neigh_for_each_safe, nr_node_for_each, nr_node_for_each_safe, for_each_gfn_indirect_valid_sp, for_each_gfn_sp, for_each_host;
type T;
expression a,c,d,e;
identifier b;
statement S;
@@
-T b;
<+... when != b
(
hlist_for_each_entry(a,
- b,
c, d) S
|
hlist_for_each_entry_continue(a,
- b,
c) S
|
hlist_for_each_entry_from(a,
- b,
c) S
|
hlist_for_each_entry_rcu(a,
- b,
c, d) S
|
hlist_for_each_entry_rcu_bh(a,
- b,
c, d) S
|
hlist_for_each_entry_continue_rcu_bh(a,
- b,
c) S
|
for_each_busy_worker(a, c,
- b,
d) S
|
ax25_uid_for_each(a,
- b,
c) S
|
ax25_for_each(a,
- b,
c) S
|
inet_bind_bucket_for_each(a,
- b,
c) S
|
sctp_for_each_hentry(a,
- b,
c) S
|
sk_for_each(a,
- b,
c) S
|
sk_for_each_rcu(a,
- b,
c) S
|
sk_for_each_from
-(a, b)
+(a)
S
+ sk_for_each_from(a) S
|
sk_for_each_safe(a,
- b,
c, d) S
|
sk_for_each_bound(a,
- b,
c) S
|
hlist_for_each_entry_safe(a,
- b,
c, d, e) S
|
hlist_for_each_entry_continue_rcu(a,
- b,
c) S
|
nr_neigh_for_each(a,
- b,
c) S
|
nr_neigh_for_each_safe(a,
- b,
c, d) S
|
nr_node_for_each(a,
- b,
c) S
|
nr_node_for_each_safe(a,
- b,
c, d) S
|
- for_each_gfn_sp(a, c, d, b) S
+ for_each_gfn_sp(a, c, d) S
|
- for_each_gfn_indirect_valid_sp(a, c, d, b) S
+ for_each_gfn_indirect_valid_sp(a, c, d) S
|
for_each_host(a,
- b,
c) S
|
for_each_host_safe(a,
- b,
c, d) S
|
for_each_mesh_entry(a,
- b,
c, d) S
)
...+>
[akpm@linux-foundation.org: drop bogus change from net/ipv4/raw.c]
[akpm@linux-foundation.org: drop bogus hunk from net/ipv6/raw.c]
[akpm@linux-foundation.org: checkpatch fixes]
[akpm@linux-foundation.org: fix warnings]
[akpm@linux-foudnation.org: redo intrusive kvm changes]
Tested-by: Peter Senna Tschudin <peter.senna@gmail.com>
Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Cc: Wu Fengguang <fengguang.wu@intel.com>
Cc: Marcelo Tosatti <mtosatti@redhat.com>
Cc: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-02-28 09:06:00 +08:00
|
|
|
hlist_for_each_entry_rcu(ifa, &inet_addr_lst[i], hash) {
|
2013-01-24 17:41:41 +08:00
|
|
|
unsigned long age;
|
|
|
|
|
|
|
|
if (ifa->ifa_flags & IFA_F_PERMANENT)
|
|
|
|
continue;
|
|
|
|
|
|
|
|
/* We try to batch several events at once. */
|
|
|
|
age = (now - ifa->ifa_tstamp +
|
|
|
|
ADDRCONF_TIMER_FUZZ_MINUS) / HZ;
|
|
|
|
|
|
|
|
if (ifa->ifa_valid_lft != INFINITY_LIFE_TIME &&
|
|
|
|
age >= ifa->ifa_valid_lft) {
|
2013-04-05 07:39:39 +08:00
|
|
|
change_needed = true;
|
2013-01-24 17:41:41 +08:00
|
|
|
} else if (ifa->ifa_preferred_lft ==
|
|
|
|
INFINITY_LIFE_TIME) {
|
|
|
|
continue;
|
|
|
|
} else if (age >= ifa->ifa_preferred_lft) {
|
|
|
|
if (time_before(ifa->ifa_tstamp +
|
|
|
|
ifa->ifa_valid_lft * HZ, next))
|
|
|
|
next = ifa->ifa_tstamp +
|
|
|
|
ifa->ifa_valid_lft * HZ;
|
|
|
|
|
2013-04-05 07:39:39 +08:00
|
|
|
if (!(ifa->ifa_flags & IFA_F_DEPRECATED))
|
|
|
|
change_needed = true;
|
2013-01-24 17:41:41 +08:00
|
|
|
} else if (time_before(ifa->ifa_tstamp +
|
|
|
|
ifa->ifa_preferred_lft * HZ,
|
|
|
|
next)) {
|
|
|
|
next = ifa->ifa_tstamp +
|
|
|
|
ifa->ifa_preferred_lft * HZ;
|
|
|
|
}
|
|
|
|
}
|
2013-04-05 07:39:39 +08:00
|
|
|
rcu_read_unlock();
|
|
|
|
if (!change_needed)
|
|
|
|
continue;
|
|
|
|
rtnl_lock();
|
|
|
|
hlist_for_each_entry_safe(ifa, n, &inet_addr_lst[i], hash) {
|
|
|
|
unsigned long age;
|
|
|
|
|
|
|
|
if (ifa->ifa_flags & IFA_F_PERMANENT)
|
|
|
|
continue;
|
|
|
|
|
|
|
|
/* We try to batch several events at once. */
|
|
|
|
age = (now - ifa->ifa_tstamp +
|
|
|
|
ADDRCONF_TIMER_FUZZ_MINUS) / HZ;
|
|
|
|
|
|
|
|
if (ifa->ifa_valid_lft != INFINITY_LIFE_TIME &&
|
|
|
|
age >= ifa->ifa_valid_lft) {
|
2019-06-01 00:27:09 +08:00
|
|
|
struct in_ifaddr __rcu **ifap;
|
|
|
|
struct in_ifaddr *tmp;
|
|
|
|
|
|
|
|
ifap = &ifa->ifa_dev->ifa_list;
|
|
|
|
tmp = rtnl_dereference(*ifap);
|
|
|
|
while (tmp) {
|
2019-06-17 22:02:27 +08:00
|
|
|
if (tmp == ifa) {
|
2013-04-05 07:39:39 +08:00
|
|
|
inet_del_ifa(ifa->ifa_dev,
|
|
|
|
ifap, 1);
|
|
|
|
break;
|
|
|
|
}
|
2019-06-01 00:27:09 +08:00
|
|
|
ifap = &tmp->ifa_next;
|
|
|
|
tmp = rtnl_dereference(*ifap);
|
2013-04-05 07:39:39 +08:00
|
|
|
}
|
|
|
|
} else if (ifa->ifa_preferred_lft !=
|
|
|
|
INFINITY_LIFE_TIME &&
|
|
|
|
age >= ifa->ifa_preferred_lft &&
|
|
|
|
!(ifa->ifa_flags & IFA_F_DEPRECATED)) {
|
|
|
|
ifa->ifa_flags |= IFA_F_DEPRECATED;
|
|
|
|
rtmsg_ifa(RTM_NEWADDR, ifa, NULL, 0);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
rtnl_unlock();
|
2013-01-24 17:41:41 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
next_sec = round_jiffies_up(next);
|
|
|
|
next_sched = next;
|
|
|
|
|
|
|
|
/* If rounded timeout is accurate enough, accept it. */
|
|
|
|
if (time_before(next_sec, next + ADDRCONF_TIMER_FUZZ))
|
|
|
|
next_sched = next_sec;
|
|
|
|
|
|
|
|
now = jiffies;
|
|
|
|
/* And minimum interval is ADDRCONF_TIMER_FUZZ_MAX. */
|
|
|
|
if (time_before(next_sched, now + ADDRCONF_TIMER_FUZZ_MAX))
|
|
|
|
next_sched = now + ADDRCONF_TIMER_FUZZ_MAX;
|
|
|
|
|
2014-01-22 14:53:32 +08:00
|
|
|
queue_delayed_work(system_power_efficient_wq, &check_lifetime_work,
|
|
|
|
next_sched - now);
|
2013-01-24 17:41:41 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
static void set_ifa_lifetime(struct in_ifaddr *ifa, __u32 valid_lft,
|
|
|
|
__u32 prefered_lft)
|
|
|
|
{
|
|
|
|
unsigned long timeout;
|
|
|
|
|
|
|
|
ifa->ifa_flags &= ~(IFA_F_PERMANENT | IFA_F_DEPRECATED);
|
|
|
|
|
|
|
|
timeout = addrconf_timeout_fixup(valid_lft, HZ);
|
|
|
|
if (addrconf_finite_timeout(timeout))
|
|
|
|
ifa->ifa_valid_lft = timeout;
|
|
|
|
else
|
|
|
|
ifa->ifa_flags |= IFA_F_PERMANENT;
|
|
|
|
|
|
|
|
timeout = addrconf_timeout_fixup(prefered_lft, HZ);
|
|
|
|
if (addrconf_finite_timeout(timeout)) {
|
|
|
|
if (timeout == 0)
|
|
|
|
ifa->ifa_flags |= IFA_F_DEPRECATED;
|
|
|
|
ifa->ifa_preferred_lft = timeout;
|
|
|
|
}
|
|
|
|
ifa->ifa_tstamp = jiffies;
|
|
|
|
if (!ifa->ifa_cstamp)
|
|
|
|
ifa->ifa_cstamp = ifa->ifa_tstamp;
|
|
|
|
}
|
|
|
|
|
|
|
|
static struct in_ifaddr *rtm_to_ifaddr(struct net *net, struct nlmsghdr *nlh,
|
2018-10-08 11:16:24 +08:00
|
|
|
__u32 *pvalid_lft, __u32 *pprefered_lft,
|
|
|
|
struct netlink_ext_ack *extack)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
2006-08-05 14:03:53 +08:00
|
|
|
struct nlattr *tb[IFA_MAX+1];
|
|
|
|
struct in_ifaddr *ifa;
|
|
|
|
struct ifaddrmsg *ifm;
|
2005-04-17 06:20:36 +08:00
|
|
|
struct net_device *dev;
|
|
|
|
struct in_device *in_dev;
|
2008-02-01 10:47:00 +08:00
|
|
|
int err;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
netlink: make validation more configurable for future strictness
We currently have two levels of strict validation:
1) liberal (default)
- undefined (type >= max) & NLA_UNSPEC attributes accepted
- attribute length >= expected accepted
- garbage at end of message accepted
2) strict (opt-in)
- NLA_UNSPEC attributes accepted
- attribute length >= expected accepted
Split out parsing strictness into four different options:
* TRAILING - check that there's no trailing data after parsing
attributes (in message or nested)
* MAXTYPE - reject attrs > max known type
* UNSPEC - reject attributes with NLA_UNSPEC policy entries
* STRICT_ATTRS - strictly validate attribute size
The default for future things should be *everything*.
The current *_strict() is a combination of TRAILING and MAXTYPE,
and is renamed to _deprecated_strict().
The current regular parsing has none of this, and is renamed to
*_parse_deprecated().
Additionally it allows us to selectively set one of the new flags
even on old policies. Notably, the UNSPEC flag could be useful in
this case, since it can be arranged (by filling in the policy) to
not be an incompatible userspace ABI change, but would then going
forward prevent forgetting attribute entries. Similar can apply
to the POLICY flag.
We end up with the following renames:
* nla_parse -> nla_parse_deprecated
* nla_parse_strict -> nla_parse_deprecated_strict
* nlmsg_parse -> nlmsg_parse_deprecated
* nlmsg_parse_strict -> nlmsg_parse_deprecated_strict
* nla_parse_nested -> nla_parse_nested_deprecated
* nla_validate_nested -> nla_validate_nested_deprecated
Using spatch, of course:
@@
expression TB, MAX, HEAD, LEN, POL, EXT;
@@
-nla_parse(TB, MAX, HEAD, LEN, POL, EXT)
+nla_parse_deprecated(TB, MAX, HEAD, LEN, POL, EXT)
@@
expression NLH, HDRLEN, TB, MAX, POL, EXT;
@@
-nlmsg_parse(NLH, HDRLEN, TB, MAX, POL, EXT)
+nlmsg_parse_deprecated(NLH, HDRLEN, TB, MAX, POL, EXT)
@@
expression NLH, HDRLEN, TB, MAX, POL, EXT;
@@
-nlmsg_parse_strict(NLH, HDRLEN, TB, MAX, POL, EXT)
+nlmsg_parse_deprecated_strict(NLH, HDRLEN, TB, MAX, POL, EXT)
@@
expression TB, MAX, NLA, POL, EXT;
@@
-nla_parse_nested(TB, MAX, NLA, POL, EXT)
+nla_parse_nested_deprecated(TB, MAX, NLA, POL, EXT)
@@
expression START, MAX, POL, EXT;
@@
-nla_validate_nested(START, MAX, POL, EXT)
+nla_validate_nested_deprecated(START, MAX, POL, EXT)
@@
expression NLH, HDRLEN, MAX, POL, EXT;
@@
-nlmsg_validate(NLH, HDRLEN, MAX, POL, EXT)
+nlmsg_validate_deprecated(NLH, HDRLEN, MAX, POL, EXT)
For this patch, don't actually add the strict, non-renamed versions
yet so that it breaks compile if I get it wrong.
Also, while at it, make nla_validate and nla_parse go down to a
common __nla_validate_parse() function to avoid code duplication.
Ultimately, this allows us to have very strict validation for every
new caller of nla_parse()/nlmsg_parse() etc as re-introduced in the
next patch, while existing things will continue to work as is.
In effect then, this adds fully strict validation for any new command.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-04-26 20:07:28 +08:00
|
|
|
err = nlmsg_parse_deprecated(nlh, sizeof(*ifm), tb, IFA_MAX,
|
|
|
|
ifa_ipv4_policy, extack);
|
2006-08-05 14:03:53 +08:00
|
|
|
if (err < 0)
|
|
|
|
goto errout;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2006-08-05 14:03:53 +08:00
|
|
|
ifm = nlmsg_data(nlh);
|
2008-02-01 10:47:00 +08:00
|
|
|
err = -EINVAL;
|
2015-04-03 16:17:26 +08:00
|
|
|
if (ifm->ifa_prefixlen > 32 || !tb[IFA_LOCAL])
|
2006-08-05 14:03:53 +08:00
|
|
|
goto errout;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2008-02-01 10:47:40 +08:00
|
|
|
dev = __dev_get_by_index(net, ifm->ifa_index);
|
2008-02-01 10:47:00 +08:00
|
|
|
err = -ENODEV;
|
2015-04-03 16:17:26 +08:00
|
|
|
if (!dev)
|
2006-08-05 14:03:53 +08:00
|
|
|
goto errout;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2006-08-05 14:03:53 +08:00
|
|
|
in_dev = __in_dev_get_rtnl(dev);
|
2008-02-01 10:47:00 +08:00
|
|
|
err = -ENOBUFS;
|
2015-04-03 16:17:26 +08:00
|
|
|
if (!in_dev)
|
2007-06-05 14:36:06 +08:00
|
|
|
goto errout;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2006-08-05 14:03:53 +08:00
|
|
|
ifa = inet_alloc_ifa();
|
2015-04-03 16:17:26 +08:00
|
|
|
if (!ifa)
|
2006-08-05 14:03:53 +08:00
|
|
|
/*
|
|
|
|
* A potential indev allocation can be left alive, it stays
|
|
|
|
* assigned to its device and is destroy with it.
|
|
|
|
*/
|
|
|
|
goto errout;
|
|
|
|
|
2007-12-08 15:55:43 +08:00
|
|
|
ipv4_devconf_setall(in_dev);
|
2013-12-08 02:26:56 +08:00
|
|
|
neigh_parms_data_state_setall(in_dev->arp_parms);
|
2006-08-05 14:03:53 +08:00
|
|
|
in_dev_hold(in_dev);
|
|
|
|
|
2015-04-03 16:17:26 +08:00
|
|
|
if (!tb[IFA_ADDRESS])
|
2006-08-05 14:03:53 +08:00
|
|
|
tb[IFA_ADDRESS] = tb[IFA_LOCAL];
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2011-02-19 04:42:28 +08:00
|
|
|
INIT_HLIST_NODE(&ifa->hash);
|
2005-04-17 06:20:36 +08:00
|
|
|
ifa->ifa_prefixlen = ifm->ifa_prefixlen;
|
|
|
|
ifa->ifa_mask = inet_make_mask(ifm->ifa_prefixlen);
|
2013-12-08 19:16:10 +08:00
|
|
|
ifa->ifa_flags = tb[IFA_FLAGS] ? nla_get_u32(tb[IFA_FLAGS]) :
|
|
|
|
ifm->ifa_flags;
|
2005-04-17 06:20:36 +08:00
|
|
|
ifa->ifa_scope = ifm->ifa_scope;
|
2006-08-05 14:03:53 +08:00
|
|
|
ifa->ifa_dev = in_dev;
|
|
|
|
|
2015-03-29 22:59:26 +08:00
|
|
|
ifa->ifa_local = nla_get_in_addr(tb[IFA_LOCAL]);
|
|
|
|
ifa->ifa_address = nla_get_in_addr(tb[IFA_ADDRESS]);
|
2006-08-05 14:03:53 +08:00
|
|
|
|
|
|
|
if (tb[IFA_BROADCAST])
|
2015-03-29 22:59:26 +08:00
|
|
|
ifa->ifa_broadcast = nla_get_in_addr(tb[IFA_BROADCAST]);
|
2006-08-05 14:03:53 +08:00
|
|
|
|
|
|
|
if (tb[IFA_LABEL])
|
2020-11-16 01:08:06 +08:00
|
|
|
nla_strscpy(ifa->ifa_label, tb[IFA_LABEL], IFNAMSIZ);
|
2005-04-17 06:20:36 +08:00
|
|
|
else
|
|
|
|
memcpy(ifa->ifa_label, dev->name, IFNAMSIZ);
|
|
|
|
|
2018-05-27 23:09:57 +08:00
|
|
|
if (tb[IFA_RT_PRIORITY])
|
|
|
|
ifa->ifa_rt_priority = nla_get_u32(tb[IFA_RT_PRIORITY]);
|
|
|
|
|
2022-02-17 23:02:02 +08:00
|
|
|
if (tb[IFA_PROTO])
|
|
|
|
ifa->ifa_proto = nla_get_u8(tb[IFA_PROTO]);
|
|
|
|
|
2013-01-24 17:41:41 +08:00
|
|
|
if (tb[IFA_CACHEINFO]) {
|
|
|
|
struct ifa_cacheinfo *ci;
|
|
|
|
|
|
|
|
ci = nla_data(tb[IFA_CACHEINFO]);
|
|
|
|
if (!ci->ifa_valid || ci->ifa_prefered > ci->ifa_valid) {
|
|
|
|
err = -EINVAL;
|
2013-08-02 17:32:43 +08:00
|
|
|
goto errout_free;
|
2013-01-24 17:41:41 +08:00
|
|
|
}
|
|
|
|
*pvalid_lft = ci->ifa_valid;
|
|
|
|
*pprefered_lft = ci->ifa_prefered;
|
|
|
|
}
|
|
|
|
|
2006-08-05 14:03:53 +08:00
|
|
|
return ifa;
|
|
|
|
|
2013-08-02 17:32:43 +08:00
|
|
|
errout_free:
|
|
|
|
inet_free_ifa(ifa);
|
2006-08-05 14:03:53 +08:00
|
|
|
errout:
|
|
|
|
return ERR_PTR(err);
|
|
|
|
}
|
|
|
|
|
2013-01-24 17:41:41 +08:00
|
|
|
static struct in_ifaddr *find_matching_ifa(struct in_ifaddr *ifa)
|
|
|
|
{
|
|
|
|
struct in_device *in_dev = ifa->ifa_dev;
|
2019-06-01 00:27:04 +08:00
|
|
|
struct in_ifaddr *ifa1;
|
2013-01-24 17:41:41 +08:00
|
|
|
|
|
|
|
if (!ifa->ifa_local)
|
|
|
|
return NULL;
|
|
|
|
|
2019-06-01 00:27:04 +08:00
|
|
|
in_dev_for_each_ifa_rtnl(ifa1, in_dev) {
|
2013-01-24 17:41:41 +08:00
|
|
|
if (ifa1->ifa_mask == ifa->ifa_mask &&
|
|
|
|
inet_ifa_match(ifa1->ifa_address, ifa) &&
|
|
|
|
ifa1->ifa_local == ifa->ifa_local)
|
|
|
|
return ifa1;
|
|
|
|
}
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2017-04-17 00:48:24 +08:00
|
|
|
static int inet_rtm_newaddr(struct sk_buff *skb, struct nlmsghdr *nlh,
|
|
|
|
struct netlink_ext_ack *extack)
|
2006-08-05 14:03:53 +08:00
|
|
|
{
|
2008-03-26 01:26:21 +08:00
|
|
|
struct net *net = sock_net(skb->sk);
|
2006-08-05 14:03:53 +08:00
|
|
|
struct in_ifaddr *ifa;
|
2013-01-24 17:41:41 +08:00
|
|
|
struct in_ifaddr *ifa_existing;
|
|
|
|
__u32 valid_lft = INFINITY_LIFE_TIME;
|
|
|
|
__u32 prefered_lft = INFINITY_LIFE_TIME;
|
2006-08-05 14:03:53 +08:00
|
|
|
|
|
|
|
ASSERT_RTNL();
|
|
|
|
|
2018-10-08 11:16:24 +08:00
|
|
|
ifa = rtm_to_ifaddr(net, nlh, &valid_lft, &prefered_lft, extack);
|
2006-08-05 14:03:53 +08:00
|
|
|
if (IS_ERR(ifa))
|
|
|
|
return PTR_ERR(ifa);
|
|
|
|
|
2013-01-24 17:41:41 +08:00
|
|
|
ifa_existing = find_matching_ifa(ifa);
|
|
|
|
if (!ifa_existing) {
|
|
|
|
/* It would be best to check for !NLM_F_CREATE here but
|
2014-05-17 11:46:58 +08:00
|
|
|
* userspace already relies on not having to provide this.
|
2013-01-24 17:41:41 +08:00
|
|
|
*/
|
|
|
|
set_ifa_lifetime(ifa, valid_lft, prefered_lft);
|
2015-02-26 01:58:35 +08:00
|
|
|
if (ifa->ifa_flags & IFA_F_MCAUTOJOIN) {
|
2020-04-10 01:25:24 +08:00
|
|
|
int ret = ip_mc_autojoin_config(net, true, ifa);
|
2015-02-26 01:58:35 +08:00
|
|
|
|
|
|
|
if (ret < 0) {
|
|
|
|
inet_free_ifa(ifa);
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
}
|
2017-10-19 00:56:54 +08:00
|
|
|
return __inet_insert_ifa(ifa, nlh, NETLINK_CB(skb).portid,
|
|
|
|
extack);
|
2013-01-24 17:41:41 +08:00
|
|
|
} else {
|
2018-05-27 23:09:57 +08:00
|
|
|
u32 new_metric = ifa->ifa_rt_priority;
|
|
|
|
|
2013-01-24 17:41:41 +08:00
|
|
|
inet_free_ifa(ifa);
|
|
|
|
|
|
|
|
if (nlh->nlmsg_flags & NLM_F_EXCL ||
|
|
|
|
!(nlh->nlmsg_flags & NLM_F_REPLACE))
|
|
|
|
return -EEXIST;
|
2013-04-04 16:33:00 +08:00
|
|
|
ifa = ifa_existing;
|
2018-05-27 23:09:57 +08:00
|
|
|
|
|
|
|
if (ifa->ifa_rt_priority != new_metric) {
|
|
|
|
fib_modify_prefix_metric(ifa, new_metric);
|
|
|
|
ifa->ifa_rt_priority = new_metric;
|
|
|
|
}
|
|
|
|
|
2013-04-04 16:33:00 +08:00
|
|
|
set_ifa_lifetime(ifa, valid_lft, prefered_lft);
|
2013-04-05 07:39:38 +08:00
|
|
|
cancel_delayed_work(&check_lifetime_work);
|
2014-01-22 14:53:32 +08:00
|
|
|
queue_delayed_work(system_power_efficient_wq,
|
|
|
|
&check_lifetime_work, 0);
|
2013-04-04 16:33:00 +08:00
|
|
|
rtmsg_ifa(RTM_NEWADDR, ifa, nlh, NETLINK_CB(skb).portid);
|
2013-01-24 17:41:41 +08:00
|
|
|
}
|
|
|
|
return 0;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Determine a default network mask, based on the IP address.
|
|
|
|
*/
|
|
|
|
|
2012-08-04 05:06:50 +08:00
|
|
|
static int inet_abc_len(__be32 addr)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
|
|
|
int rc = -1; /* Something else, probably a multicast. */
|
|
|
|
|
2018-12-12 07:30:34 +08:00
|
|
|
if (ipv4_is_zeronet(addr) || ipv4_is_lbcast(addr))
|
2007-02-09 22:24:47 +08:00
|
|
|
rc = 0;
|
2005-04-17 06:20:36 +08:00
|
|
|
else {
|
2006-11-15 12:51:49 +08:00
|
|
|
__u32 haddr = ntohl(addr);
|
|
|
|
if (IN_CLASSA(haddr))
|
2005-04-17 06:20:36 +08:00
|
|
|
rc = 8;
|
2006-11-15 12:51:49 +08:00
|
|
|
else if (IN_CLASSB(haddr))
|
2005-04-17 06:20:36 +08:00
|
|
|
rc = 16;
|
2006-11-15 12:51:49 +08:00
|
|
|
else if (IN_CLASSC(haddr))
|
2005-04-17 06:20:36 +08:00
|
|
|
rc = 24;
|
2018-12-12 07:30:34 +08:00
|
|
|
else if (IN_CLASSE(haddr))
|
|
|
|
rc = 32;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
2007-02-09 22:24:47 +08:00
|
|
|
return rc;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2017-07-01 19:53:12 +08:00
|
|
|
int devinet_ioctl(struct net *net, unsigned int cmd, struct ifreq *ifr)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
|
|
|
struct sockaddr_in sin_orig;
|
2017-07-01 19:53:12 +08:00
|
|
|
struct sockaddr_in *sin = (struct sockaddr_in *)&ifr->ifr_addr;
|
2019-06-01 00:27:09 +08:00
|
|
|
struct in_ifaddr __rcu **ifap = NULL;
|
2005-04-17 06:20:36 +08:00
|
|
|
struct in_device *in_dev;
|
|
|
|
struct in_ifaddr *ifa = NULL;
|
|
|
|
struct net_device *dev;
|
|
|
|
char *colon;
|
|
|
|
int ret = -EFAULT;
|
|
|
|
int tryaddrmatch = 0;
|
|
|
|
|
2017-07-01 19:53:12 +08:00
|
|
|
ifr->ifr_name[IFNAMSIZ - 1] = 0;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
/* save original address for comparison */
|
|
|
|
memcpy(&sin_orig, sin, sizeof(*sin));
|
|
|
|
|
2017-07-01 19:53:12 +08:00
|
|
|
colon = strchr(ifr->ifr_name, ':');
|
2005-04-17 06:20:36 +08:00
|
|
|
if (colon)
|
|
|
|
*colon = 0;
|
|
|
|
|
2017-07-01 19:53:12 +08:00
|
|
|
dev_load(net, ifr->ifr_name);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2007-03-09 12:44:43 +08:00
|
|
|
switch (cmd) {
|
2005-04-17 06:20:36 +08:00
|
|
|
case SIOCGIFADDR: /* Get interface address */
|
|
|
|
case SIOCGIFBRDADDR: /* Get the broadcast address */
|
|
|
|
case SIOCGIFDSTADDR: /* Get the destination address */
|
|
|
|
case SIOCGIFNETMASK: /* Get the netmask for the interface */
|
|
|
|
/* Note that these ioctls will not sleep,
|
|
|
|
so that we do not impose a lock.
|
|
|
|
One day we will be forced to put shlock here (I mean SMP)
|
|
|
|
*/
|
|
|
|
tryaddrmatch = (sin_orig.sin_family == AF_INET);
|
|
|
|
memset(sin, 0, sizeof(*sin));
|
|
|
|
sin->sin_family = AF_INET;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case SIOCSIFFLAGS:
|
2012-09-21 06:37:25 +08:00
|
|
|
ret = -EPERM;
|
net: Allow userns root to control ipv4
Allow an unpriviled user who has created a user namespace, and then
created a network namespace to effectively use the new network
namespace, by reducing capable(CAP_NET_ADMIN) and
capable(CAP_NET_RAW) calls to be ns_capable(net->user_ns,
CAP_NET_ADMIN), or capable(net->user_ns, CAP_NET_RAW) calls.
Settings that merely control a single network device are allowed.
Either the network device is a logical network device where
restrictions make no difference or the network device is hardware NIC
that has been explicity moved from the initial network namespace.
In general policy and network stack state changes are allowed
while resource control is left unchanged.
Allow creating raw sockets.
Allow the SIOCSARP ioctl to control the arp cache.
Allow the SIOCSIFFLAG ioctl to allow setting network device flags.
Allow the SIOCSIFADDR ioctl to allow setting a netdevice ipv4 address.
Allow the SIOCSIFBRDADDR ioctl to allow setting a netdevice ipv4 broadcast address.
Allow the SIOCSIFDSTADDR ioctl to allow setting a netdevice ipv4 destination address.
Allow the SIOCSIFNETMASK ioctl to allow setting a netdevice ipv4 netmask.
Allow the SIOCADDRT and SIOCDELRT ioctls to allow adding and deleting ipv4 routes.
Allow the SIOCADDTUNNEL, SIOCCHGTUNNEL and SIOCDELTUNNEL ioctls for
adding, changing and deleting gre tunnels.
Allow the SIOCADDTUNNEL, SIOCCHGTUNNEL and SIOCDELTUNNEL ioctls for
adding, changing and deleting ipip tunnels.
Allow the SIOCADDTUNNEL, SIOCCHGTUNNEL and SIOCDELTUNNEL ioctls for
adding, changing and deleting ipsec virtual tunnel interfaces.
Allow setting the MRT_INIT, MRT_DONE, MRT_ADD_VIF, MRT_DEL_VIF, MRT_ADD_MFC,
MRT_DEL_MFC, MRT_ASSERT, MRT_PIM, MRT_TABLE socket options on multicast routing
sockets.
Allow setting and receiving IPOPT_CIPSO, IP_OPT_SEC, IP_OPT_SID and
arbitrary ip options.
Allow setting IP_SEC_POLICY/IP_XFRM_POLICY ipv4 socket option.
Allow setting the IP_TRANSPARENT ipv4 socket option.
Allow setting the TCP_REPAIR socket option.
Allow setting the TCP_CONGESTION socket option.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-11-16 11:03:05 +08:00
|
|
|
if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
|
2005-04-17 06:20:36 +08:00
|
|
|
goto out;
|
|
|
|
break;
|
|
|
|
case SIOCSIFADDR: /* Set interface address (and family) */
|
|
|
|
case SIOCSIFBRDADDR: /* Set the broadcast address */
|
|
|
|
case SIOCSIFDSTADDR: /* Set the destination address */
|
|
|
|
case SIOCSIFNETMASK: /* Set the netmask for the interface */
|
2012-09-21 06:37:25 +08:00
|
|
|
ret = -EPERM;
|
net: Allow userns root to control ipv4
Allow an unpriviled user who has created a user namespace, and then
created a network namespace to effectively use the new network
namespace, by reducing capable(CAP_NET_ADMIN) and
capable(CAP_NET_RAW) calls to be ns_capable(net->user_ns,
CAP_NET_ADMIN), or capable(net->user_ns, CAP_NET_RAW) calls.
Settings that merely control a single network device are allowed.
Either the network device is a logical network device where
restrictions make no difference or the network device is hardware NIC
that has been explicity moved from the initial network namespace.
In general policy and network stack state changes are allowed
while resource control is left unchanged.
Allow creating raw sockets.
Allow the SIOCSARP ioctl to control the arp cache.
Allow the SIOCSIFFLAG ioctl to allow setting network device flags.
Allow the SIOCSIFADDR ioctl to allow setting a netdevice ipv4 address.
Allow the SIOCSIFBRDADDR ioctl to allow setting a netdevice ipv4 broadcast address.
Allow the SIOCSIFDSTADDR ioctl to allow setting a netdevice ipv4 destination address.
Allow the SIOCSIFNETMASK ioctl to allow setting a netdevice ipv4 netmask.
Allow the SIOCADDRT and SIOCDELRT ioctls to allow adding and deleting ipv4 routes.
Allow the SIOCADDTUNNEL, SIOCCHGTUNNEL and SIOCDELTUNNEL ioctls for
adding, changing and deleting gre tunnels.
Allow the SIOCADDTUNNEL, SIOCCHGTUNNEL and SIOCDELTUNNEL ioctls for
adding, changing and deleting ipip tunnels.
Allow the SIOCADDTUNNEL, SIOCCHGTUNNEL and SIOCDELTUNNEL ioctls for
adding, changing and deleting ipsec virtual tunnel interfaces.
Allow setting the MRT_INIT, MRT_DONE, MRT_ADD_VIF, MRT_DEL_VIF, MRT_ADD_MFC,
MRT_DEL_MFC, MRT_ASSERT, MRT_PIM, MRT_TABLE socket options on multicast routing
sockets.
Allow setting and receiving IPOPT_CIPSO, IP_OPT_SEC, IP_OPT_SID and
arbitrary ip options.
Allow setting IP_SEC_POLICY/IP_XFRM_POLICY ipv4 socket option.
Allow setting the IP_TRANSPARENT ipv4 socket option.
Allow setting the TCP_REPAIR socket option.
Allow setting the TCP_CONGESTION socket option.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-11-16 11:03:05 +08:00
|
|
|
if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
|
2005-04-17 06:20:36 +08:00
|
|
|
goto out;
|
|
|
|
ret = -EINVAL;
|
|
|
|
if (sin->sin_family != AF_INET)
|
|
|
|
goto out;
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
ret = -EINVAL;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
|
|
|
rtnl_lock();
|
|
|
|
|
|
|
|
ret = -ENODEV;
|
2017-07-01 19:53:12 +08:00
|
|
|
dev = __dev_get_by_name(net, ifr->ifr_name);
|
2009-11-05 14:05:10 +08:00
|
|
|
if (!dev)
|
2005-04-17 06:20:36 +08:00
|
|
|
goto done;
|
|
|
|
|
|
|
|
if (colon)
|
|
|
|
*colon = ':';
|
|
|
|
|
2009-11-05 14:05:10 +08:00
|
|
|
in_dev = __in_dev_get_rtnl(dev);
|
|
|
|
if (in_dev) {
|
2005-04-17 06:20:36 +08:00
|
|
|
if (tryaddrmatch) {
|
|
|
|
/* Matthias Andree */
|
|
|
|
/* compare label and address (4.4BSD style) */
|
|
|
|
/* note: we only do this for a limited set of ioctls
|
|
|
|
and only if the original address family was AF_INET.
|
|
|
|
This is checked above. */
|
2019-06-01 00:27:09 +08:00
|
|
|
|
|
|
|
for (ifap = &in_dev->ifa_list;
|
|
|
|
(ifa = rtnl_dereference(*ifap)) != NULL;
|
2005-04-17 06:20:36 +08:00
|
|
|
ifap = &ifa->ifa_next) {
|
2017-07-01 19:53:12 +08:00
|
|
|
if (!strcmp(ifr->ifr_name, ifa->ifa_label) &&
|
2005-04-17 06:20:36 +08:00
|
|
|
sin_orig.sin_addr.s_addr ==
|
2011-03-10 05:27:16 +08:00
|
|
|
ifa->ifa_local) {
|
2005-04-17 06:20:36 +08:00
|
|
|
break; /* found */
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
/* we didn't get a match, maybe the application is
|
|
|
|
4.3BSD-style and passed in junk so we fall back to
|
|
|
|
comparing just the label */
|
|
|
|
if (!ifa) {
|
2019-06-01 00:27:09 +08:00
|
|
|
for (ifap = &in_dev->ifa_list;
|
|
|
|
(ifa = rtnl_dereference(*ifap)) != NULL;
|
2005-04-17 06:20:36 +08:00
|
|
|
ifap = &ifa->ifa_next)
|
2017-07-01 19:53:12 +08:00
|
|
|
if (!strcmp(ifr->ifr_name, ifa->ifa_label))
|
2005-04-17 06:20:36 +08:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
ret = -EADDRNOTAVAIL;
|
|
|
|
if (!ifa && cmd != SIOCSIFADDR && cmd != SIOCSIFFLAGS)
|
|
|
|
goto done;
|
|
|
|
|
2007-03-09 12:44:43 +08:00
|
|
|
switch (cmd) {
|
2005-04-17 06:20:36 +08:00
|
|
|
case SIOCGIFADDR: /* Get interface address */
|
2018-01-28 19:38:58 +08:00
|
|
|
ret = 0;
|
2005-04-17 06:20:36 +08:00
|
|
|
sin->sin_addr.s_addr = ifa->ifa_local;
|
2017-07-01 19:53:12 +08:00
|
|
|
break;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
case SIOCGIFBRDADDR: /* Get the broadcast address */
|
2018-01-28 19:38:58 +08:00
|
|
|
ret = 0;
|
2005-04-17 06:20:36 +08:00
|
|
|
sin->sin_addr.s_addr = ifa->ifa_broadcast;
|
2017-07-01 19:53:12 +08:00
|
|
|
break;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
case SIOCGIFDSTADDR: /* Get the destination address */
|
2018-01-28 19:38:58 +08:00
|
|
|
ret = 0;
|
2005-04-17 06:20:36 +08:00
|
|
|
sin->sin_addr.s_addr = ifa->ifa_address;
|
2017-07-01 19:53:12 +08:00
|
|
|
break;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
case SIOCGIFNETMASK: /* Get the netmask for the interface */
|
2018-01-28 19:38:58 +08:00
|
|
|
ret = 0;
|
2005-04-17 06:20:36 +08:00
|
|
|
sin->sin_addr.s_addr = ifa->ifa_mask;
|
2017-07-01 19:53:12 +08:00
|
|
|
break;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
case SIOCSIFFLAGS:
|
|
|
|
if (colon) {
|
|
|
|
ret = -EADDRNOTAVAIL;
|
|
|
|
if (!ifa)
|
|
|
|
break;
|
|
|
|
ret = 0;
|
2017-07-01 19:53:12 +08:00
|
|
|
if (!(ifr->ifr_flags & IFF_UP))
|
2005-04-17 06:20:36 +08:00
|
|
|
inet_del_ifa(in_dev, ifap, 1);
|
|
|
|
break;
|
|
|
|
}
|
2018-12-07 01:05:42 +08:00
|
|
|
ret = dev_change_flags(dev, ifr->ifr_flags, NULL);
|
2005-04-17 06:20:36 +08:00
|
|
|
break;
|
|
|
|
|
|
|
|
case SIOCSIFADDR: /* Set interface address (and family) */
|
|
|
|
ret = -EINVAL;
|
|
|
|
if (inet_abc_len(sin->sin_addr.s_addr) < 0)
|
|
|
|
break;
|
|
|
|
|
|
|
|
if (!ifa) {
|
|
|
|
ret = -ENOBUFS;
|
2009-11-05 14:05:10 +08:00
|
|
|
ifa = inet_alloc_ifa();
|
|
|
|
if (!ifa)
|
2005-04-17 06:20:36 +08:00
|
|
|
break;
|
2013-01-05 19:19:24 +08:00
|
|
|
INIT_HLIST_NODE(&ifa->hash);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (colon)
|
2017-07-01 19:53:12 +08:00
|
|
|
memcpy(ifa->ifa_label, ifr->ifr_name, IFNAMSIZ);
|
2005-04-17 06:20:36 +08:00
|
|
|
else
|
|
|
|
memcpy(ifa->ifa_label, dev->name, IFNAMSIZ);
|
|
|
|
} else {
|
|
|
|
ret = 0;
|
|
|
|
if (ifa->ifa_local == sin->sin_addr.s_addr)
|
|
|
|
break;
|
|
|
|
inet_del_ifa(in_dev, ifap, 0);
|
|
|
|
ifa->ifa_broadcast = 0;
|
2008-02-27 10:17:53 +08:00
|
|
|
ifa->ifa_scope = 0;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
ifa->ifa_address = ifa->ifa_local = sin->sin_addr.s_addr;
|
|
|
|
|
|
|
|
if (!(dev->flags & IFF_POINTOPOINT)) {
|
|
|
|
ifa->ifa_prefixlen = inet_abc_len(ifa->ifa_address);
|
|
|
|
ifa->ifa_mask = inet_make_mask(ifa->ifa_prefixlen);
|
|
|
|
if ((dev->flags & IFF_BROADCAST) &&
|
|
|
|
ifa->ifa_prefixlen < 31)
|
|
|
|
ifa->ifa_broadcast = ifa->ifa_address |
|
|
|
|
~ifa->ifa_mask;
|
|
|
|
} else {
|
|
|
|
ifa->ifa_prefixlen = 32;
|
|
|
|
ifa->ifa_mask = inet_make_mask(32);
|
|
|
|
}
|
2013-01-24 17:41:41 +08:00
|
|
|
set_ifa_lifetime(ifa, INFINITY_LIFE_TIME, INFINITY_LIFE_TIME);
|
2005-04-17 06:20:36 +08:00
|
|
|
ret = inet_set_ifa(dev, ifa);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case SIOCSIFBRDADDR: /* Set the broadcast address */
|
|
|
|
ret = 0;
|
|
|
|
if (ifa->ifa_broadcast != sin->sin_addr.s_addr) {
|
|
|
|
inet_del_ifa(in_dev, ifap, 0);
|
|
|
|
ifa->ifa_broadcast = sin->sin_addr.s_addr;
|
|
|
|
inet_insert_ifa(ifa);
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
case SIOCSIFDSTADDR: /* Set the destination address */
|
|
|
|
ret = 0;
|
|
|
|
if (ifa->ifa_address == sin->sin_addr.s_addr)
|
|
|
|
break;
|
|
|
|
ret = -EINVAL;
|
|
|
|
if (inet_abc_len(sin->sin_addr.s_addr) < 0)
|
|
|
|
break;
|
|
|
|
ret = 0;
|
|
|
|
inet_del_ifa(in_dev, ifap, 0);
|
|
|
|
ifa->ifa_address = sin->sin_addr.s_addr;
|
|
|
|
inet_insert_ifa(ifa);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case SIOCSIFNETMASK: /* Set the netmask for the interface */
|
|
|
|
|
|
|
|
/*
|
|
|
|
* The mask we set must be legal.
|
|
|
|
*/
|
|
|
|
ret = -EINVAL;
|
|
|
|
if (bad_mask(sin->sin_addr.s_addr, 0))
|
|
|
|
break;
|
|
|
|
ret = 0;
|
|
|
|
if (ifa->ifa_mask != sin->sin_addr.s_addr) {
|
2006-09-29 09:00:55 +08:00
|
|
|
__be32 old_mask = ifa->ifa_mask;
|
2005-04-17 06:20:36 +08:00
|
|
|
inet_del_ifa(in_dev, ifap, 0);
|
|
|
|
ifa->ifa_mask = sin->sin_addr.s_addr;
|
|
|
|
ifa->ifa_prefixlen = inet_mask_len(ifa->ifa_mask);
|
|
|
|
|
|
|
|
/* See if current broadcast address matches
|
|
|
|
* with current netmask, then recalculate
|
|
|
|
* the broadcast address. Otherwise it's a
|
|
|
|
* funny address, so don't touch it since
|
|
|
|
* the user seems to know what (s)he's doing...
|
|
|
|
*/
|
|
|
|
if ((dev->flags & IFF_BROADCAST) &&
|
|
|
|
(ifa->ifa_prefixlen < 31) &&
|
|
|
|
(ifa->ifa_broadcast ==
|
2005-10-22 11:09:16 +08:00
|
|
|
(ifa->ifa_local|~old_mask))) {
|
2005-04-17 06:20:36 +08:00
|
|
|
ifa->ifa_broadcast = (ifa->ifa_local |
|
|
|
|
~sin->sin_addr.s_addr);
|
|
|
|
}
|
|
|
|
inet_insert_ifa(ifa);
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
done:
|
|
|
|
rtnl_unlock();
|
|
|
|
out:
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2021-07-22 22:29:01 +08:00
|
|
|
int inet_gifconf(struct net_device *dev, char __user *buf, int len, int size)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
2005-10-04 05:35:55 +08:00
|
|
|
struct in_device *in_dev = __in_dev_get_rtnl(dev);
|
2019-06-01 00:27:04 +08:00
|
|
|
const struct in_ifaddr *ifa;
|
2005-04-17 06:20:36 +08:00
|
|
|
struct ifreq ifr;
|
|
|
|
int done = 0;
|
|
|
|
|
2017-06-27 01:19:16 +08:00
|
|
|
if (WARN_ON(size > sizeof(struct ifreq)))
|
|
|
|
goto out;
|
|
|
|
|
2009-11-05 14:05:10 +08:00
|
|
|
if (!in_dev)
|
2005-04-17 06:20:36 +08:00
|
|
|
goto out;
|
|
|
|
|
2019-06-01 00:27:04 +08:00
|
|
|
in_dev_for_each_ifa_rtnl(ifa, in_dev) {
|
2005-04-17 06:20:36 +08:00
|
|
|
if (!buf) {
|
2017-06-27 01:19:16 +08:00
|
|
|
done += size;
|
2005-04-17 06:20:36 +08:00
|
|
|
continue;
|
|
|
|
}
|
2017-06-27 01:19:16 +08:00
|
|
|
if (len < size)
|
2005-04-17 06:20:36 +08:00
|
|
|
break;
|
|
|
|
memset(&ifr, 0, sizeof(struct ifreq));
|
2013-07-30 03:15:19 +08:00
|
|
|
strcpy(ifr.ifr_name, ifa->ifa_label);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
(*(struct sockaddr_in *)&ifr.ifr_addr).sin_family = AF_INET;
|
|
|
|
(*(struct sockaddr_in *)&ifr.ifr_addr).sin_addr.s_addr =
|
|
|
|
ifa->ifa_local;
|
|
|
|
|
2017-06-27 01:19:16 +08:00
|
|
|
if (copy_to_user(buf + done, &ifr, size)) {
|
2005-04-17 06:20:36 +08:00
|
|
|
done = -EFAULT;
|
|
|
|
break;
|
|
|
|
}
|
2017-06-27 01:19:16 +08:00
|
|
|
len -= size;
|
|
|
|
done += size;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
out:
|
|
|
|
return done;
|
|
|
|
}
|
|
|
|
|
2017-03-10 12:38:47 +08:00
|
|
|
static __be32 in_dev_select_addr(const struct in_device *in_dev,
|
|
|
|
int scope)
|
|
|
|
{
|
2019-06-01 00:27:05 +08:00
|
|
|
const struct in_ifaddr *ifa;
|
|
|
|
|
|
|
|
in_dev_for_each_ifa_rcu(ifa, in_dev) {
|
|
|
|
if (ifa->ifa_flags & IFA_F_SECONDARY)
|
|
|
|
continue;
|
2017-03-10 12:38:47 +08:00
|
|
|
if (ifa->ifa_scope != RT_SCOPE_LINK &&
|
|
|
|
ifa->ifa_scope <= scope)
|
|
|
|
return ifa->ifa_local;
|
2019-06-01 00:27:05 +08:00
|
|
|
}
|
2017-03-10 12:38:47 +08:00
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2006-09-27 12:27:54 +08:00
|
|
|
__be32 inet_select_addr(const struct net_device *dev, __be32 dst, int scope)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
2019-06-01 00:27:05 +08:00
|
|
|
const struct in_ifaddr *ifa;
|
2006-09-27 12:27:54 +08:00
|
|
|
__be32 addr = 0;
|
2019-06-18 23:14:03 +08:00
|
|
|
unsigned char localnet_scope = RT_SCOPE_HOST;
|
2005-04-17 06:20:36 +08:00
|
|
|
struct in_device *in_dev;
|
2008-03-25 20:47:49 +08:00
|
|
|
struct net *net = dev_net(dev);
|
2016-02-25 03:47:02 +08:00
|
|
|
int master_idx;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
rcu_read_lock();
|
2005-10-04 05:35:55 +08:00
|
|
|
in_dev = __in_dev_get_rcu(dev);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (!in_dev)
|
|
|
|
goto no_in_dev;
|
|
|
|
|
2019-06-18 23:14:03 +08:00
|
|
|
if (unlikely(IN_DEV_ROUTE_LOCALNET(in_dev)))
|
|
|
|
localnet_scope = RT_SCOPE_LINK;
|
|
|
|
|
2019-06-01 00:27:05 +08:00
|
|
|
in_dev_for_each_ifa_rcu(ifa, in_dev) {
|
|
|
|
if (ifa->ifa_flags & IFA_F_SECONDARY)
|
|
|
|
continue;
|
2019-06-18 23:14:03 +08:00
|
|
|
if (min(ifa->ifa_scope, localnet_scope) > scope)
|
2005-04-17 06:20:36 +08:00
|
|
|
continue;
|
|
|
|
if (!dst || inet_ifa_match(dst, ifa)) {
|
|
|
|
addr = ifa->ifa_local;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
if (!addr)
|
|
|
|
addr = ifa->ifa_local;
|
2019-06-01 00:27:05 +08:00
|
|
|
}
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
if (addr)
|
2009-11-04 21:43:23 +08:00
|
|
|
goto out_unlock;
|
2009-11-05 14:05:10 +08:00
|
|
|
no_in_dev:
|
2016-02-25 03:47:02 +08:00
|
|
|
master_idx = l3mdev_master_ifindex_rcu(dev);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2016-02-25 03:47:03 +08:00
|
|
|
/* For VRFs, the VRF device takes the place of the loopback device,
|
|
|
|
* with addresses on it being preferred. Note in such cases the
|
|
|
|
* loopback device will be among the devices that fail the master_idx
|
|
|
|
* equality check in the loop below.
|
|
|
|
*/
|
|
|
|
if (master_idx &&
|
|
|
|
(dev = dev_get_by_index_rcu(net, master_idx)) &&
|
|
|
|
(in_dev = __in_dev_get_rcu(dev))) {
|
2017-03-10 12:38:47 +08:00
|
|
|
addr = in_dev_select_addr(in_dev, scope);
|
|
|
|
if (addr)
|
|
|
|
goto out_unlock;
|
2016-02-25 03:47:03 +08:00
|
|
|
}
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
/* Not loopback addresses on loopback should be preferred
|
2015-02-15 02:47:54 +08:00
|
|
|
in this case. It is important that lo is the first interface
|
2005-04-17 06:20:36 +08:00
|
|
|
in dev_base list.
|
|
|
|
*/
|
2009-11-04 21:43:23 +08:00
|
|
|
for_each_netdev_rcu(net, dev) {
|
2016-02-25 03:47:02 +08:00
|
|
|
if (l3mdev_master_ifindex_rcu(dev) != master_idx)
|
|
|
|
continue;
|
|
|
|
|
2009-11-05 14:05:10 +08:00
|
|
|
in_dev = __in_dev_get_rcu(dev);
|
|
|
|
if (!in_dev)
|
2005-04-17 06:20:36 +08:00
|
|
|
continue;
|
|
|
|
|
2017-03-10 12:38:47 +08:00
|
|
|
addr = in_dev_select_addr(in_dev, scope);
|
|
|
|
if (addr)
|
|
|
|
goto out_unlock;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
2009-11-04 21:43:23 +08:00
|
|
|
out_unlock:
|
2005-04-17 06:20:36 +08:00
|
|
|
rcu_read_unlock();
|
|
|
|
return addr;
|
|
|
|
}
|
2009-11-05 14:05:10 +08:00
|
|
|
EXPORT_SYMBOL(inet_select_addr);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2006-09-27 13:17:09 +08:00
|
|
|
static __be32 confirm_addr_indev(struct in_device *in_dev, __be32 dst,
|
|
|
|
__be32 local, int scope)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
2019-06-18 23:14:04 +08:00
|
|
|
unsigned char localnet_scope = RT_SCOPE_HOST;
|
2019-06-01 00:27:04 +08:00
|
|
|
const struct in_ifaddr *ifa;
|
2006-09-29 09:00:55 +08:00
|
|
|
__be32 addr = 0;
|
2019-06-01 00:27:04 +08:00
|
|
|
int same = 0;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2019-06-18 23:14:04 +08:00
|
|
|
if (unlikely(IN_DEV_ROUTE_LOCALNET(in_dev)))
|
|
|
|
localnet_scope = RT_SCOPE_LINK;
|
|
|
|
|
2019-06-01 00:27:04 +08:00
|
|
|
in_dev_for_each_ifa_rcu(ifa, in_dev) {
|
2019-06-18 23:14:04 +08:00
|
|
|
unsigned char min_scope = min(ifa->ifa_scope, localnet_scope);
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
if (!addr &&
|
|
|
|
(local == ifa->ifa_local || !local) &&
|
2019-06-18 23:14:04 +08:00
|
|
|
min_scope <= scope) {
|
2005-04-17 06:20:36 +08:00
|
|
|
addr = ifa->ifa_local;
|
|
|
|
if (same)
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
if (!same) {
|
|
|
|
same = (!local || inet_ifa_match(local, ifa)) &&
|
|
|
|
(!dst || inet_ifa_match(dst, ifa));
|
|
|
|
if (same && addr) {
|
|
|
|
if (local || !dst)
|
|
|
|
break;
|
|
|
|
/* Is the selected addr into dst subnet? */
|
|
|
|
if (inet_ifa_match(addr, ifa))
|
|
|
|
break;
|
|
|
|
/* No, then can we use new local src? */
|
2019-06-18 23:14:04 +08:00
|
|
|
if (min_scope <= scope) {
|
2005-04-17 06:20:36 +08:00
|
|
|
addr = ifa->ifa_local;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
/* search for large dst subnet for addr */
|
|
|
|
same = 0;
|
|
|
|
}
|
|
|
|
}
|
2019-06-01 00:27:04 +08:00
|
|
|
}
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2009-11-05 14:05:10 +08:00
|
|
|
return same ? addr : 0;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Confirm that local IP address exists using wildcards:
|
2013-12-10 22:02:40 +08:00
|
|
|
* - net: netns to check, cannot be NULL
|
|
|
|
* - in_dev: only on this interface, NULL=any interface
|
2005-04-17 06:20:36 +08:00
|
|
|
* - dst: only in the same subnet as dst, 0=any dst
|
|
|
|
* - local: address, 0=autoselect the local address
|
|
|
|
* - scope: maximum allowed scope value for the local address
|
|
|
|
*/
|
2013-12-10 22:02:40 +08:00
|
|
|
__be32 inet_confirm_addr(struct net *net, struct in_device *in_dev,
|
2008-01-15 15:05:55 +08:00
|
|
|
__be32 dst, __be32 local, int scope)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
2006-09-27 13:17:09 +08:00
|
|
|
__be32 addr = 0;
|
2008-01-15 15:05:55 +08:00
|
|
|
struct net_device *dev;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2015-04-03 16:17:27 +08:00
|
|
|
if (in_dev)
|
2008-01-15 15:05:55 +08:00
|
|
|
return confirm_addr_indev(in_dev, dst, local, scope);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
rcu_read_lock();
|
2009-11-04 21:43:23 +08:00
|
|
|
for_each_netdev_rcu(net, dev) {
|
2009-11-05 14:05:10 +08:00
|
|
|
in_dev = __in_dev_get_rcu(dev);
|
|
|
|
if (in_dev) {
|
2005-04-17 06:20:36 +08:00
|
|
|
addr = confirm_addr_indev(in_dev, dst, local, scope);
|
|
|
|
if (addr)
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
rcu_read_unlock();
|
|
|
|
|
|
|
|
return addr;
|
|
|
|
}
|
2012-03-23 00:14:29 +08:00
|
|
|
EXPORT_SYMBOL(inet_confirm_addr);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Device notifier
|
|
|
|
*/
|
|
|
|
|
|
|
|
int register_inetaddr_notifier(struct notifier_block *nb)
|
|
|
|
{
|
[PATCH] Notifier chain update: API changes
The kernel's implementation of notifier chains is unsafe. There is no
protection against entries being added to or removed from a chain while the
chain is in use. The issues were discussed in this thread:
http://marc.theaimsgroup.com/?l=linux-kernel&m=113018709002036&w=2
We noticed that notifier chains in the kernel fall into two basic usage
classes:
"Blocking" chains are always called from a process context
and the callout routines are allowed to sleep;
"Atomic" chains can be called from an atomic context and
the callout routines are not allowed to sleep.
We decided to codify this distinction and make it part of the API. Therefore
this set of patches introduces three new, parallel APIs: one for blocking
notifiers, one for atomic notifiers, and one for "raw" notifiers (which is
really just the old API under a new name). New kinds of data structures are
used for the heads of the chains, and new routines are defined for
registration, unregistration, and calling a chain. The three APIs are
explained in include/linux/notifier.h and their implementation is in
kernel/sys.c.
With atomic and blocking chains, the implementation guarantees that the chain
links will not be corrupted and that chain callers will not get messed up by
entries being added or removed. For raw chains the implementation provides no
guarantees at all; users of this API must provide their own protections. (The
idea was that situations may come up where the assumptions of the atomic and
blocking APIs are not appropriate, so it should be possible for users to
handle these things in their own way.)
There are some limitations, which should not be too hard to live with. For
atomic/blocking chains, registration and unregistration must always be done in
a process context since the chain is protected by a mutex/rwsem. Also, a
callout routine for a non-raw chain must not try to register or unregister
entries on its own chain. (This did happen in a couple of places and the code
had to be changed to avoid it.)
Since atomic chains may be called from within an NMI handler, they cannot use
spinlocks for synchronization. Instead we use RCU. The overhead falls almost
entirely in the unregister routine, which is okay since unregistration is much
less frequent that calling a chain.
Here is the list of chains that we adjusted and their classifications. None
of them use the raw API, so for the moment it is only a placeholder.
ATOMIC CHAINS
-------------
arch/i386/kernel/traps.c: i386die_chain
arch/ia64/kernel/traps.c: ia64die_chain
arch/powerpc/kernel/traps.c: powerpc_die_chain
arch/sparc64/kernel/traps.c: sparc64die_chain
arch/x86_64/kernel/traps.c: die_chain
drivers/char/ipmi/ipmi_si_intf.c: xaction_notifier_list
kernel/panic.c: panic_notifier_list
kernel/profile.c: task_free_notifier
net/bluetooth/hci_core.c: hci_notifier
net/ipv4/netfilter/ip_conntrack_core.c: ip_conntrack_chain
net/ipv4/netfilter/ip_conntrack_core.c: ip_conntrack_expect_chain
net/ipv6/addrconf.c: inet6addr_chain
net/netfilter/nf_conntrack_core.c: nf_conntrack_chain
net/netfilter/nf_conntrack_core.c: nf_conntrack_expect_chain
net/netlink/af_netlink.c: netlink_chain
BLOCKING CHAINS
---------------
arch/powerpc/platforms/pseries/reconfig.c: pSeries_reconfig_chain
arch/s390/kernel/process.c: idle_chain
arch/x86_64/kernel/process.c idle_notifier
drivers/base/memory.c: memory_chain
drivers/cpufreq/cpufreq.c cpufreq_policy_notifier_list
drivers/cpufreq/cpufreq.c cpufreq_transition_notifier_list
drivers/macintosh/adb.c: adb_client_list
drivers/macintosh/via-pmu.c sleep_notifier_list
drivers/macintosh/via-pmu68k.c sleep_notifier_list
drivers/macintosh/windfarm_core.c wf_client_list
drivers/usb/core/notify.c usb_notifier_list
drivers/video/fbmem.c fb_notifier_list
kernel/cpu.c cpu_chain
kernel/module.c module_notify_list
kernel/profile.c munmap_notifier
kernel/profile.c task_exit_notifier
kernel/sys.c reboot_notifier_list
net/core/dev.c netdev_chain
net/decnet/dn_dev.c: dnaddr_chain
net/ipv4/devinet.c: inetaddr_chain
It's possible that some of these classifications are wrong. If they are,
please let us know or submit a patch to fix them. Note that any chain that
gets called very frequently should be atomic, because the rwsem read-locking
used for blocking chains is very likely to incur cache misses on SMP systems.
(However, if the chain's callout routines may sleep then the chain cannot be
atomic.)
The patch set was written by Alan Stern and Chandra Seetharaman, incorporating
material written by Keith Owens and suggestions from Paul McKenney and Andrew
Morton.
[jes@sgi.com: restructure the notifier chain initialization macros]
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Chandra Seetharaman <sekharan@us.ibm.com>
Signed-off-by: Jes Sorensen <jes@sgi.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-27 17:16:30 +08:00
|
|
|
return blocking_notifier_chain_register(&inetaddr_chain, nb);
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
2009-11-05 14:05:10 +08:00
|
|
|
EXPORT_SYMBOL(register_inetaddr_notifier);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
int unregister_inetaddr_notifier(struct notifier_block *nb)
|
|
|
|
{
|
[PATCH] Notifier chain update: API changes
The kernel's implementation of notifier chains is unsafe. There is no
protection against entries being added to or removed from a chain while the
chain is in use. The issues were discussed in this thread:
http://marc.theaimsgroup.com/?l=linux-kernel&m=113018709002036&w=2
We noticed that notifier chains in the kernel fall into two basic usage
classes:
"Blocking" chains are always called from a process context
and the callout routines are allowed to sleep;
"Atomic" chains can be called from an atomic context and
the callout routines are not allowed to sleep.
We decided to codify this distinction and make it part of the API. Therefore
this set of patches introduces three new, parallel APIs: one for blocking
notifiers, one for atomic notifiers, and one for "raw" notifiers (which is
really just the old API under a new name). New kinds of data structures are
used for the heads of the chains, and new routines are defined for
registration, unregistration, and calling a chain. The three APIs are
explained in include/linux/notifier.h and their implementation is in
kernel/sys.c.
With atomic and blocking chains, the implementation guarantees that the chain
links will not be corrupted and that chain callers will not get messed up by
entries being added or removed. For raw chains the implementation provides no
guarantees at all; users of this API must provide their own protections. (The
idea was that situations may come up where the assumptions of the atomic and
blocking APIs are not appropriate, so it should be possible for users to
handle these things in their own way.)
There are some limitations, which should not be too hard to live with. For
atomic/blocking chains, registration and unregistration must always be done in
a process context since the chain is protected by a mutex/rwsem. Also, a
callout routine for a non-raw chain must not try to register or unregister
entries on its own chain. (This did happen in a couple of places and the code
had to be changed to avoid it.)
Since atomic chains may be called from within an NMI handler, they cannot use
spinlocks for synchronization. Instead we use RCU. The overhead falls almost
entirely in the unregister routine, which is okay since unregistration is much
less frequent that calling a chain.
Here is the list of chains that we adjusted and their classifications. None
of them use the raw API, so for the moment it is only a placeholder.
ATOMIC CHAINS
-------------
arch/i386/kernel/traps.c: i386die_chain
arch/ia64/kernel/traps.c: ia64die_chain
arch/powerpc/kernel/traps.c: powerpc_die_chain
arch/sparc64/kernel/traps.c: sparc64die_chain
arch/x86_64/kernel/traps.c: die_chain
drivers/char/ipmi/ipmi_si_intf.c: xaction_notifier_list
kernel/panic.c: panic_notifier_list
kernel/profile.c: task_free_notifier
net/bluetooth/hci_core.c: hci_notifier
net/ipv4/netfilter/ip_conntrack_core.c: ip_conntrack_chain
net/ipv4/netfilter/ip_conntrack_core.c: ip_conntrack_expect_chain
net/ipv6/addrconf.c: inet6addr_chain
net/netfilter/nf_conntrack_core.c: nf_conntrack_chain
net/netfilter/nf_conntrack_core.c: nf_conntrack_expect_chain
net/netlink/af_netlink.c: netlink_chain
BLOCKING CHAINS
---------------
arch/powerpc/platforms/pseries/reconfig.c: pSeries_reconfig_chain
arch/s390/kernel/process.c: idle_chain
arch/x86_64/kernel/process.c idle_notifier
drivers/base/memory.c: memory_chain
drivers/cpufreq/cpufreq.c cpufreq_policy_notifier_list
drivers/cpufreq/cpufreq.c cpufreq_transition_notifier_list
drivers/macintosh/adb.c: adb_client_list
drivers/macintosh/via-pmu.c sleep_notifier_list
drivers/macintosh/via-pmu68k.c sleep_notifier_list
drivers/macintosh/windfarm_core.c wf_client_list
drivers/usb/core/notify.c usb_notifier_list
drivers/video/fbmem.c fb_notifier_list
kernel/cpu.c cpu_chain
kernel/module.c module_notify_list
kernel/profile.c munmap_notifier
kernel/profile.c task_exit_notifier
kernel/sys.c reboot_notifier_list
net/core/dev.c netdev_chain
net/decnet/dn_dev.c: dnaddr_chain
net/ipv4/devinet.c: inetaddr_chain
It's possible that some of these classifications are wrong. If they are,
please let us know or submit a patch to fix them. Note that any chain that
gets called very frequently should be atomic, because the rwsem read-locking
used for blocking chains is very likely to incur cache misses on SMP systems.
(However, if the chain's callout routines may sleep then the chain cannot be
atomic.)
The patch set was written by Alan Stern and Chandra Seetharaman, incorporating
material written by Keith Owens and suggestions from Paul McKenney and Andrew
Morton.
[jes@sgi.com: restructure the notifier chain initialization macros]
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Chandra Seetharaman <sekharan@us.ibm.com>
Signed-off-by: Jes Sorensen <jes@sgi.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-27 17:16:30 +08:00
|
|
|
return blocking_notifier_chain_unregister(&inetaddr_chain, nb);
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
2009-11-05 14:05:10 +08:00
|
|
|
EXPORT_SYMBOL(unregister_inetaddr_notifier);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2017-06-09 04:12:14 +08:00
|
|
|
int register_inetaddr_validator_notifier(struct notifier_block *nb)
|
|
|
|
{
|
|
|
|
return blocking_notifier_chain_register(&inetaddr_validator_chain, nb);
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL(register_inetaddr_validator_notifier);
|
|
|
|
|
|
|
|
int unregister_inetaddr_validator_notifier(struct notifier_block *nb)
|
|
|
|
{
|
|
|
|
return blocking_notifier_chain_unregister(&inetaddr_validator_chain,
|
|
|
|
nb);
|
|
|
|
}
|
|
|
|
EXPORT_SYMBOL(unregister_inetaddr_validator_notifier);
|
|
|
|
|
2009-11-05 14:05:10 +08:00
|
|
|
/* Rename ifa_labels for a device name change. Make some effort to preserve
|
|
|
|
* existing alias numbering and to create unique labels if possible.
|
2005-04-17 06:20:36 +08:00
|
|
|
*/
|
|
|
|
static void inetdev_changename(struct net_device *dev, struct in_device *in_dev)
|
2007-02-09 22:24:47 +08:00
|
|
|
{
|
2005-04-17 06:20:36 +08:00
|
|
|
struct in_ifaddr *ifa;
|
|
|
|
int named = 0;
|
|
|
|
|
2019-06-01 00:27:04 +08:00
|
|
|
in_dev_for_each_ifa_rtnl(ifa, in_dev) {
|
2007-02-09 22:24:47 +08:00
|
|
|
char old[IFNAMSIZ], *dot;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
memcpy(old, ifa->ifa_label, IFNAMSIZ);
|
2007-02-09 22:24:47 +08:00
|
|
|
memcpy(ifa->ifa_label, dev->name, IFNAMSIZ);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (named++ == 0)
|
2008-06-11 06:40:04 +08:00
|
|
|
goto skip;
|
2008-01-04 16:56:25 +08:00
|
|
|
dot = strchr(old, ':');
|
2015-04-03 16:17:26 +08:00
|
|
|
if (!dot) {
|
2007-02-09 22:24:47 +08:00
|
|
|
sprintf(old, ":%d", named);
|
2005-04-17 06:20:36 +08:00
|
|
|
dot = old;
|
|
|
|
}
|
2009-11-05 14:05:10 +08:00
|
|
|
if (strlen(dot) + strlen(dev->name) < IFNAMSIZ)
|
2007-02-09 22:24:47 +08:00
|
|
|
strcat(ifa->ifa_label, dot);
|
2009-11-05 14:05:10 +08:00
|
|
|
else
|
2007-02-09 22:24:47 +08:00
|
|
|
strcpy(ifa->ifa_label + (IFNAMSIZ - strlen(dot) - 1), dot);
|
2008-06-11 06:40:04 +08:00
|
|
|
skip:
|
|
|
|
rtmsg_ifa(RTM_NEWADDR, ifa, NULL, 0);
|
2007-02-09 22:24:47 +08:00
|
|
|
}
|
|
|
|
}
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2011-02-11 15:44:16 +08:00
|
|
|
static void inetdev_send_gratuitous_arp(struct net_device *dev,
|
|
|
|
struct in_device *in_dev)
|
|
|
|
|
|
|
|
{
|
2019-06-01 00:27:04 +08:00
|
|
|
const struct in_ifaddr *ifa;
|
2011-02-11 15:44:16 +08:00
|
|
|
|
2019-06-01 00:27:04 +08:00
|
|
|
in_dev_for_each_ifa_rtnl(ifa, in_dev) {
|
2011-07-24 21:09:30 +08:00
|
|
|
arp_send(ARPOP_REQUEST, ETH_P_ARP,
|
|
|
|
ifa->ifa_local, dev,
|
|
|
|
ifa->ifa_local, NULL,
|
|
|
|
dev->dev_addr, NULL);
|
|
|
|
}
|
2011-02-11 15:44:16 +08:00
|
|
|
}
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
/* Called only under RTNL semaphore */
|
|
|
|
|
|
|
|
static int inetdev_event(struct notifier_block *this, unsigned long event,
|
|
|
|
void *ptr)
|
|
|
|
{
|
2013-05-28 09:30:21 +08:00
|
|
|
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
|
2012-08-23 05:50:59 +08:00
|
|
|
struct in_device *in_dev = __in_dev_get_rtnl(dev);
|
2012-08-23 01:19:46 +08:00
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
ASSERT_RTNL();
|
|
|
|
|
|
|
|
if (!in_dev) {
|
2007-02-22 00:53:47 +08:00
|
|
|
if (event == NETDEV_REGISTER) {
|
2005-04-17 06:20:36 +08:00
|
|
|
in_dev = inetdev_init(dev);
|
2014-07-26 06:25:08 +08:00
|
|
|
if (IS_ERR(in_dev))
|
|
|
|
return notifier_from_errno(PTR_ERR(in_dev));
|
2007-09-27 13:10:06 +08:00
|
|
|
if (dev->flags & IFF_LOOPBACK) {
|
2007-06-05 14:34:44 +08:00
|
|
|
IN_DEV_CONF_SET(in_dev, NOXFRM, 1);
|
|
|
|
IN_DEV_CONF_SET(in_dev, NOPOLICY, 1);
|
2007-02-22 00:53:47 +08:00
|
|
|
}
|
2008-09-03 08:28:58 +08:00
|
|
|
} else if (event == NETDEV_CHANGEMTU) {
|
|
|
|
/* Re-enabling IP */
|
|
|
|
if (inetdev_valid_mtu(dev->mtu))
|
|
|
|
in_dev = inetdev_init(dev);
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
|
|
|
switch (event) {
|
|
|
|
case NETDEV_REGISTER:
|
2012-05-15 22:11:54 +08:00
|
|
|
pr_debug("%s: bug\n", __func__);
|
2011-08-02 00:19:00 +08:00
|
|
|
RCU_INIT_POINTER(dev->ip_ptr, NULL);
|
2005-04-17 06:20:36 +08:00
|
|
|
break;
|
|
|
|
case NETDEV_UP:
|
2008-09-03 08:28:58 +08:00
|
|
|
if (!inetdev_valid_mtu(dev->mtu))
|
2005-04-17 06:20:36 +08:00
|
|
|
break;
|
2007-09-27 13:10:06 +08:00
|
|
|
if (dev->flags & IFF_LOOPBACK) {
|
2009-11-05 14:05:10 +08:00
|
|
|
struct in_ifaddr *ifa = inet_alloc_ifa();
|
|
|
|
|
|
|
|
if (ifa) {
|
2011-02-19 04:42:28 +08:00
|
|
|
INIT_HLIST_NODE(&ifa->hash);
|
2005-04-17 06:20:36 +08:00
|
|
|
ifa->ifa_local =
|
|
|
|
ifa->ifa_address = htonl(INADDR_LOOPBACK);
|
|
|
|
ifa->ifa_prefixlen = 8;
|
|
|
|
ifa->ifa_mask = inet_make_mask(8);
|
|
|
|
in_dev_hold(in_dev);
|
|
|
|
ifa->ifa_dev = in_dev;
|
|
|
|
ifa->ifa_scope = RT_SCOPE_HOST;
|
|
|
|
memcpy(ifa->ifa_label, dev->name, IFNAMSIZ);
|
2013-01-24 17:41:41 +08:00
|
|
|
set_ifa_lifetime(ifa, INFINITY_LIFE_TIME,
|
|
|
|
INFINITY_LIFE_TIME);
|
2014-01-07 22:55:45 +08:00
|
|
|
ipv4_devconf_setall(in_dev);
|
|
|
|
neigh_parms_data_state_setall(in_dev->arp_parms);
|
2005-04-17 06:20:36 +08:00
|
|
|
inet_insert_ifa(ifa);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
ip_mc_up(in_dev);
|
2020-03-13 06:50:22 +08:00
|
|
|
fallthrough;
|
2009-02-01 17:04:33 +08:00
|
|
|
case NETDEV_CHANGEADDR:
|
2011-02-11 15:44:16 +08:00
|
|
|
if (!IN_DEV_ARP_NOTIFY(in_dev))
|
|
|
|
break;
|
2020-03-13 06:50:22 +08:00
|
|
|
fallthrough;
|
2011-02-11 15:44:16 +08:00
|
|
|
case NETDEV_NOTIFY_PEERS:
|
2009-10-07 18:18:17 +08:00
|
|
|
/* Send gratuitous ARP to notify of link change */
|
2011-02-11 15:44:16 +08:00
|
|
|
inetdev_send_gratuitous_arp(dev, in_dev);
|
2005-04-17 06:20:36 +08:00
|
|
|
break;
|
|
|
|
case NETDEV_DOWN:
|
|
|
|
ip_mc_down(in_dev);
|
|
|
|
break;
|
2010-03-10 18:28:56 +08:00
|
|
|
case NETDEV_PRE_TYPE_CHANGE:
|
2009-09-15 17:37:40 +08:00
|
|
|
ip_mc_unmap(in_dev);
|
|
|
|
break;
|
2010-03-10 18:28:56 +08:00
|
|
|
case NETDEV_POST_TYPE_CHANGE:
|
2009-09-15 17:37:40 +08:00
|
|
|
ip_mc_remap(in_dev);
|
|
|
|
break;
|
2005-04-17 06:20:36 +08:00
|
|
|
case NETDEV_CHANGEMTU:
|
2008-09-03 08:28:58 +08:00
|
|
|
if (inetdev_valid_mtu(dev->mtu))
|
2005-04-17 06:20:36 +08:00
|
|
|
break;
|
2008-09-03 08:28:58 +08:00
|
|
|
/* disable IP when MTU is not enough */
|
2020-03-13 06:50:22 +08:00
|
|
|
fallthrough;
|
2005-04-17 06:20:36 +08:00
|
|
|
case NETDEV_UNREGISTER:
|
|
|
|
inetdev_destroy(in_dev);
|
|
|
|
break;
|
|
|
|
case NETDEV_CHANGENAME:
|
|
|
|
/* Do not notify about label change, this event is
|
|
|
|
* not interesting to applications using netlink.
|
|
|
|
*/
|
|
|
|
inetdev_changename(dev, in_dev);
|
|
|
|
|
2007-12-11 18:17:40 +08:00
|
|
|
devinet_sysctl_unregister(in_dev);
|
2007-12-01 21:55:54 +08:00
|
|
|
devinet_sysctl_register(in_dev);
|
2005-04-17 06:20:36 +08:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
out:
|
|
|
|
return NOTIFY_DONE;
|
|
|
|
}
|
|
|
|
|
|
|
|
static struct notifier_block ip_netdev_notifier = {
|
2008-11-03 18:48:48 +08:00
|
|
|
.notifier_call = inetdev_event,
|
2005-04-17 06:20:36 +08:00
|
|
|
};
|
|
|
|
|
2012-08-04 05:06:50 +08:00
|
|
|
static size_t inet_nlmsg_size(void)
|
2006-11-11 06:10:15 +08:00
|
|
|
{
|
|
|
|
return NLMSG_ALIGN(sizeof(struct ifaddrmsg))
|
|
|
|
+ nla_total_size(4) /* IFA_ADDRESS */
|
|
|
|
+ nla_total_size(4) /* IFA_LOCAL */
|
|
|
|
+ nla_total_size(4) /* IFA_BROADCAST */
|
2013-12-08 19:16:10 +08:00
|
|
|
+ nla_total_size(IFNAMSIZ) /* IFA_LABEL */
|
2014-02-05 15:38:25 +08:00
|
|
|
+ nla_total_size(4) /* IFA_FLAGS */
|
2022-02-17 23:02:02 +08:00
|
|
|
+ nla_total_size(1) /* IFA_PROTO */
|
2018-05-27 23:09:57 +08:00
|
|
|
+ nla_total_size(4) /* IFA_RT_PRIORITY */
|
2014-02-05 15:38:25 +08:00
|
|
|
+ nla_total_size(sizeof(struct ifa_cacheinfo)); /* IFA_CACHEINFO */
|
2006-11-11 06:10:15 +08:00
|
|
|
}
|
|
|
|
|
2013-01-24 17:41:41 +08:00
|
|
|
static inline u32 cstamp_delta(unsigned long cstamp)
|
|
|
|
{
|
|
|
|
return (cstamp - INITIAL_JIFFIES) * 100UL / HZ;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int put_cacheinfo(struct sk_buff *skb, unsigned long cstamp,
|
|
|
|
unsigned long tstamp, u32 preferred, u32 valid)
|
|
|
|
{
|
|
|
|
struct ifa_cacheinfo ci;
|
|
|
|
|
|
|
|
ci.cstamp = cstamp_delta(cstamp);
|
|
|
|
ci.tstamp = cstamp_delta(tstamp);
|
|
|
|
ci.ifa_prefered = preferred;
|
|
|
|
ci.ifa_valid = valid;
|
|
|
|
|
|
|
|
return nla_put(skb, IFA_CACHEINFO, sizeof(ci), &ci);
|
|
|
|
}
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
static int inet_fill_ifaddr(struct sk_buff *skb, struct in_ifaddr *ifa,
|
2018-09-05 03:53:54 +08:00
|
|
|
struct inet_fill_args *args)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
|
|
|
struct ifaddrmsg *ifm;
|
|
|
|
struct nlmsghdr *nlh;
|
2013-01-24 17:41:41 +08:00
|
|
|
u32 preferred, valid;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2018-09-05 03:53:54 +08:00
|
|
|
nlh = nlmsg_put(skb, args->portid, args->seq, args->event, sizeof(*ifm),
|
|
|
|
args->flags);
|
2015-04-03 16:17:26 +08:00
|
|
|
if (!nlh)
|
2007-02-01 15:16:40 +08:00
|
|
|
return -EMSGSIZE;
|
2006-08-05 14:04:36 +08:00
|
|
|
|
|
|
|
ifm = nlmsg_data(nlh);
|
2005-04-17 06:20:36 +08:00
|
|
|
ifm->ifa_family = AF_INET;
|
|
|
|
ifm->ifa_prefixlen = ifa->ifa_prefixlen;
|
2013-01-24 17:41:41 +08:00
|
|
|
ifm->ifa_flags = ifa->ifa_flags;
|
2005-04-17 06:20:36 +08:00
|
|
|
ifm->ifa_scope = ifa->ifa_scope;
|
|
|
|
ifm->ifa_index = ifa->ifa_dev->dev->ifindex;
|
2006-08-05 14:04:36 +08:00
|
|
|
|
2018-09-05 03:53:54 +08:00
|
|
|
if (args->netnsid >= 0 &&
|
|
|
|
nla_put_s32(skb, IFA_TARGET_NETNSID, args->netnsid))
|
2018-09-05 03:53:49 +08:00
|
|
|
goto nla_put_failure;
|
|
|
|
|
2013-01-24 17:41:41 +08:00
|
|
|
if (!(ifm->ifa_flags & IFA_F_PERMANENT)) {
|
|
|
|
preferred = ifa->ifa_preferred_lft;
|
|
|
|
valid = ifa->ifa_valid_lft;
|
|
|
|
if (preferred != INFINITY_LIFE_TIME) {
|
|
|
|
long tval = (jiffies - ifa->ifa_tstamp) / HZ;
|
|
|
|
|
|
|
|
if (preferred > tval)
|
|
|
|
preferred -= tval;
|
|
|
|
else
|
|
|
|
preferred = 0;
|
|
|
|
if (valid != INFINITY_LIFE_TIME) {
|
|
|
|
if (valid > tval)
|
|
|
|
valid -= tval;
|
|
|
|
else
|
|
|
|
valid = 0;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
preferred = INFINITY_LIFE_TIME;
|
|
|
|
valid = INFINITY_LIFE_TIME;
|
|
|
|
}
|
2012-04-02 08:39:02 +08:00
|
|
|
if ((ifa->ifa_address &&
|
2015-03-29 22:59:25 +08:00
|
|
|
nla_put_in_addr(skb, IFA_ADDRESS, ifa->ifa_address)) ||
|
2012-04-02 08:39:02 +08:00
|
|
|
(ifa->ifa_local &&
|
2015-03-29 22:59:25 +08:00
|
|
|
nla_put_in_addr(skb, IFA_LOCAL, ifa->ifa_local)) ||
|
2012-04-02 08:39:02 +08:00
|
|
|
(ifa->ifa_broadcast &&
|
2015-03-29 22:59:25 +08:00
|
|
|
nla_put_in_addr(skb, IFA_BROADCAST, ifa->ifa_broadcast)) ||
|
2012-04-02 08:39:02 +08:00
|
|
|
(ifa->ifa_label[0] &&
|
2013-01-24 17:41:41 +08:00
|
|
|
nla_put_string(skb, IFA_LABEL, ifa->ifa_label)) ||
|
2022-02-17 23:02:02 +08:00
|
|
|
(ifa->ifa_proto &&
|
|
|
|
nla_put_u8(skb, IFA_PROTO, ifa->ifa_proto)) ||
|
2013-12-08 19:16:10 +08:00
|
|
|
nla_put_u32(skb, IFA_FLAGS, ifa->ifa_flags) ||
|
2018-05-27 23:09:57 +08:00
|
|
|
(ifa->ifa_rt_priority &&
|
|
|
|
nla_put_u32(skb, IFA_RT_PRIORITY, ifa->ifa_rt_priority)) ||
|
2013-01-24 17:41:41 +08:00
|
|
|
put_cacheinfo(skb, ifa->ifa_cstamp, ifa->ifa_tstamp,
|
|
|
|
preferred, valid))
|
2012-04-02 08:39:02 +08:00
|
|
|
goto nla_put_failure;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2015-01-17 05:09:00 +08:00
|
|
|
nlmsg_end(skb, nlh);
|
|
|
|
return 0;
|
2006-08-05 14:04:36 +08:00
|
|
|
|
|
|
|
nla_put_failure:
|
2007-02-01 15:16:40 +08:00
|
|
|
nlmsg_cancel(skb, nlh);
|
|
|
|
return -EMSGSIZE;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
2018-10-08 11:16:28 +08:00
|
|
|
static int inet_valid_dump_ifaddr_req(const struct nlmsghdr *nlh,
|
|
|
|
struct inet_fill_args *fillargs,
|
|
|
|
struct net **tgt_net, struct sock *sk,
|
2018-10-20 03:45:29 +08:00
|
|
|
struct netlink_callback *cb)
|
2018-10-08 11:16:28 +08:00
|
|
|
{
|
2018-10-20 03:45:29 +08:00
|
|
|
struct netlink_ext_ack *extack = cb->extack;
|
2018-10-08 11:16:28 +08:00
|
|
|
struct nlattr *tb[IFA_MAX+1];
|
|
|
|
struct ifaddrmsg *ifm;
|
|
|
|
int err, i;
|
|
|
|
|
|
|
|
if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ifm))) {
|
|
|
|
NL_SET_ERR_MSG(extack, "ipv4: Invalid header for address dump request");
|
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
|
|
|
ifm = nlmsg_data(nlh);
|
|
|
|
if (ifm->ifa_prefixlen || ifm->ifa_flags || ifm->ifa_scope) {
|
|
|
|
NL_SET_ERR_MSG(extack, "ipv4: Invalid values in header for address dump request");
|
|
|
|
return -EINVAL;
|
|
|
|
}
|
2018-10-20 03:45:29 +08:00
|
|
|
|
|
|
|
fillargs->ifindex = ifm->ifa_index;
|
|
|
|
if (fillargs->ifindex) {
|
|
|
|
cb->answer_flags |= NLM_F_DUMP_FILTERED;
|
|
|
|
fillargs->flags |= NLM_F_DUMP_FILTERED;
|
2018-10-08 11:16:28 +08:00
|
|
|
}
|
|
|
|
|
netlink: make validation more configurable for future strictness
We currently have two levels of strict validation:
1) liberal (default)
- undefined (type >= max) & NLA_UNSPEC attributes accepted
- attribute length >= expected accepted
- garbage at end of message accepted
2) strict (opt-in)
- NLA_UNSPEC attributes accepted
- attribute length >= expected accepted
Split out parsing strictness into four different options:
* TRAILING - check that there's no trailing data after parsing
attributes (in message or nested)
* MAXTYPE - reject attrs > max known type
* UNSPEC - reject attributes with NLA_UNSPEC policy entries
* STRICT_ATTRS - strictly validate attribute size
The default for future things should be *everything*.
The current *_strict() is a combination of TRAILING and MAXTYPE,
and is renamed to _deprecated_strict().
The current regular parsing has none of this, and is renamed to
*_parse_deprecated().
Additionally it allows us to selectively set one of the new flags
even on old policies. Notably, the UNSPEC flag could be useful in
this case, since it can be arranged (by filling in the policy) to
not be an incompatible userspace ABI change, but would then going
forward prevent forgetting attribute entries. Similar can apply
to the POLICY flag.
We end up with the following renames:
* nla_parse -> nla_parse_deprecated
* nla_parse_strict -> nla_parse_deprecated_strict
* nlmsg_parse -> nlmsg_parse_deprecated
* nlmsg_parse_strict -> nlmsg_parse_deprecated_strict
* nla_parse_nested -> nla_parse_nested_deprecated
* nla_validate_nested -> nla_validate_nested_deprecated
Using spatch, of course:
@@
expression TB, MAX, HEAD, LEN, POL, EXT;
@@
-nla_parse(TB, MAX, HEAD, LEN, POL, EXT)
+nla_parse_deprecated(TB, MAX, HEAD, LEN, POL, EXT)
@@
expression NLH, HDRLEN, TB, MAX, POL, EXT;
@@
-nlmsg_parse(NLH, HDRLEN, TB, MAX, POL, EXT)
+nlmsg_parse_deprecated(NLH, HDRLEN, TB, MAX, POL, EXT)
@@
expression NLH, HDRLEN, TB, MAX, POL, EXT;
@@
-nlmsg_parse_strict(NLH, HDRLEN, TB, MAX, POL, EXT)
+nlmsg_parse_deprecated_strict(NLH, HDRLEN, TB, MAX, POL, EXT)
@@
expression TB, MAX, NLA, POL, EXT;
@@
-nla_parse_nested(TB, MAX, NLA, POL, EXT)
+nla_parse_nested_deprecated(TB, MAX, NLA, POL, EXT)
@@
expression START, MAX, POL, EXT;
@@
-nla_validate_nested(START, MAX, POL, EXT)
+nla_validate_nested_deprecated(START, MAX, POL, EXT)
@@
expression NLH, HDRLEN, MAX, POL, EXT;
@@
-nlmsg_validate(NLH, HDRLEN, MAX, POL, EXT)
+nlmsg_validate_deprecated(NLH, HDRLEN, MAX, POL, EXT)
For this patch, don't actually add the strict, non-renamed versions
yet so that it breaks compile if I get it wrong.
Also, while at it, make nla_validate and nla_parse go down to a
common __nla_validate_parse() function to avoid code duplication.
Ultimately, this allows us to have very strict validation for every
new caller of nla_parse()/nlmsg_parse() etc as re-introduced in the
next patch, while existing things will continue to work as is.
In effect then, this adds fully strict validation for any new command.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-04-26 20:07:28 +08:00
|
|
|
err = nlmsg_parse_deprecated_strict(nlh, sizeof(*ifm), tb, IFA_MAX,
|
|
|
|
ifa_ipv4_policy, extack);
|
2018-10-08 11:16:28 +08:00
|
|
|
if (err < 0)
|
|
|
|
return err;
|
|
|
|
|
|
|
|
for (i = 0; i <= IFA_MAX; ++i) {
|
|
|
|
if (!tb[i])
|
|
|
|
continue;
|
|
|
|
|
|
|
|
if (i == IFA_TARGET_NETNSID) {
|
|
|
|
struct net *net;
|
|
|
|
|
|
|
|
fillargs->netnsid = nla_get_s32(tb[i]);
|
|
|
|
|
|
|
|
net = rtnl_get_net_ns_capable(sk, fillargs->netnsid);
|
|
|
|
if (IS_ERR(net)) {
|
2018-10-26 03:18:25 +08:00
|
|
|
fillargs->netnsid = -1;
|
2018-10-08 11:16:28 +08:00
|
|
|
NL_SET_ERR_MSG(extack, "ipv4: Invalid target network namespace id");
|
|
|
|
return PTR_ERR(net);
|
|
|
|
}
|
|
|
|
*tgt_net = net;
|
|
|
|
} else {
|
|
|
|
NL_SET_ERR_MSG(extack, "ipv4: Unsupported attribute in dump request");
|
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2018-10-20 03:45:27 +08:00
|
|
|
static int in_dev_dump_addr(struct in_device *in_dev, struct sk_buff *skb,
|
|
|
|
struct netlink_callback *cb, int s_ip_idx,
|
|
|
|
struct inet_fill_args *fillargs)
|
|
|
|
{
|
|
|
|
struct in_ifaddr *ifa;
|
|
|
|
int ip_idx = 0;
|
|
|
|
int err;
|
|
|
|
|
2019-06-04 04:41:44 +08:00
|
|
|
in_dev_for_each_ifa_rtnl(ifa, in_dev) {
|
2019-06-01 00:27:04 +08:00
|
|
|
if (ip_idx < s_ip_idx) {
|
|
|
|
ip_idx++;
|
2018-10-20 03:45:27 +08:00
|
|
|
continue;
|
2019-06-01 00:27:04 +08:00
|
|
|
}
|
2018-10-20 03:45:27 +08:00
|
|
|
err = inet_fill_ifaddr(skb, ifa, fillargs);
|
|
|
|
if (err < 0)
|
|
|
|
goto done;
|
|
|
|
|
|
|
|
nl_dump_check_consistent(cb, nlmsg_hdr(skb));
|
2019-06-01 00:27:04 +08:00
|
|
|
ip_idx++;
|
2018-10-20 03:45:27 +08:00
|
|
|
}
|
|
|
|
err = 0;
|
|
|
|
|
|
|
|
done:
|
|
|
|
cb->args[2] = ip_idx;
|
|
|
|
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
static int inet_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb)
|
|
|
|
{
|
2018-10-08 11:16:28 +08:00
|
|
|
const struct nlmsghdr *nlh = cb->nlh;
|
2018-09-05 03:53:54 +08:00
|
|
|
struct inet_fill_args fillargs = {
|
|
|
|
.portid = NETLINK_CB(cb->skb).portid,
|
2018-10-08 11:16:28 +08:00
|
|
|
.seq = nlh->nlmsg_seq,
|
2018-09-05 03:53:54 +08:00
|
|
|
.event = RTM_NEWADDR,
|
|
|
|
.flags = NLM_F_MULTI,
|
|
|
|
.netnsid = -1,
|
|
|
|
};
|
2008-03-26 01:26:21 +08:00
|
|
|
struct net *net = sock_net(skb->sk);
|
2018-09-05 03:53:49 +08:00
|
|
|
struct net *tgt_net = net;
|
2009-11-12 15:44:25 +08:00
|
|
|
int h, s_h;
|
|
|
|
int idx, s_idx;
|
2018-10-20 03:45:27 +08:00
|
|
|
int s_ip_idx;
|
2005-04-17 06:20:36 +08:00
|
|
|
struct net_device *dev;
|
|
|
|
struct in_device *in_dev;
|
2009-11-12 15:44:25 +08:00
|
|
|
struct hlist_head *head;
|
2018-10-25 03:58:59 +08:00
|
|
|
int err = 0;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2009-11-12 15:44:25 +08:00
|
|
|
s_h = cb->args[0];
|
|
|
|
s_idx = idx = cb->args[1];
|
2018-10-20 03:45:27 +08:00
|
|
|
s_ip_idx = cb->args[2];
|
2009-11-12 15:44:25 +08:00
|
|
|
|
2018-10-08 11:16:28 +08:00
|
|
|
if (cb->strict_check) {
|
|
|
|
err = inet_valid_dump_ifaddr_req(nlh, &fillargs, &tgt_net,
|
2018-10-20 03:45:29 +08:00
|
|
|
skb->sk, cb);
|
2018-10-08 11:16:28 +08:00
|
|
|
if (err < 0)
|
2018-10-25 03:58:59 +08:00
|
|
|
goto put_tgt_net;
|
2018-10-20 03:45:29 +08:00
|
|
|
|
2018-10-25 03:58:59 +08:00
|
|
|
err = 0;
|
2018-10-20 03:45:29 +08:00
|
|
|
if (fillargs.ifindex) {
|
|
|
|
dev = __dev_get_by_index(tgt_net, fillargs.ifindex);
|
2018-10-25 03:58:59 +08:00
|
|
|
if (!dev) {
|
|
|
|
err = -ENODEV;
|
|
|
|
goto put_tgt_net;
|
|
|
|
}
|
2018-10-20 03:45:29 +08:00
|
|
|
|
|
|
|
in_dev = __in_dev_get_rtnl(dev);
|
|
|
|
if (in_dev) {
|
|
|
|
err = in_dev_dump_addr(in_dev, skb, cb, s_ip_idx,
|
|
|
|
&fillargs);
|
|
|
|
}
|
|
|
|
goto put_tgt_net;
|
|
|
|
}
|
2018-09-05 03:53:49 +08:00
|
|
|
}
|
|
|
|
|
2009-11-12 15:44:25 +08:00
|
|
|
for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) {
|
|
|
|
idx = 0;
|
2018-09-05 03:53:49 +08:00
|
|
|
head = &tgt_net->dev_index_head[h];
|
2009-11-12 15:44:25 +08:00
|
|
|
rcu_read_lock();
|
2018-09-05 03:53:49 +08:00
|
|
|
cb->seq = atomic_read(&tgt_net->ipv4.dev_addr_genid) ^
|
|
|
|
tgt_net->dev_base_seq;
|
hlist: drop the node parameter from iterators
I'm not sure why, but the hlist for each entry iterators were conceived
list_for_each_entry(pos, head, member)
The hlist ones were greedy and wanted an extra parameter:
hlist_for_each_entry(tpos, pos, head, member)
Why did they need an extra pos parameter? I'm not quite sure. Not only
they don't really need it, it also prevents the iterator from looking
exactly like the list iterator, which is unfortunate.
Besides the semantic patch, there was some manual work required:
- Fix up the actual hlist iterators in linux/list.h
- Fix up the declaration of other iterators based on the hlist ones.
- A very small amount of places were using the 'node' parameter, this
was modified to use 'obj->member' instead.
- Coccinelle didn't handle the hlist_for_each_entry_safe iterator
properly, so those had to be fixed up manually.
The semantic patch which is mostly the work of Peter Senna Tschudin is here:
@@
iterator name hlist_for_each_entry, hlist_for_each_entry_continue, hlist_for_each_entry_from, hlist_for_each_entry_rcu, hlist_for_each_entry_rcu_bh, hlist_for_each_entry_continue_rcu_bh, for_each_busy_worker, ax25_uid_for_each, ax25_for_each, inet_bind_bucket_for_each, sctp_for_each_hentry, sk_for_each, sk_for_each_rcu, sk_for_each_from, sk_for_each_safe, sk_for_each_bound, hlist_for_each_entry_safe, hlist_for_each_entry_continue_rcu, nr_neigh_for_each, nr_neigh_for_each_safe, nr_node_for_each, nr_node_for_each_safe, for_each_gfn_indirect_valid_sp, for_each_gfn_sp, for_each_host;
type T;
expression a,c,d,e;
identifier b;
statement S;
@@
-T b;
<+... when != b
(
hlist_for_each_entry(a,
- b,
c, d) S
|
hlist_for_each_entry_continue(a,
- b,
c) S
|
hlist_for_each_entry_from(a,
- b,
c) S
|
hlist_for_each_entry_rcu(a,
- b,
c, d) S
|
hlist_for_each_entry_rcu_bh(a,
- b,
c, d) S
|
hlist_for_each_entry_continue_rcu_bh(a,
- b,
c) S
|
for_each_busy_worker(a, c,
- b,
d) S
|
ax25_uid_for_each(a,
- b,
c) S
|
ax25_for_each(a,
- b,
c) S
|
inet_bind_bucket_for_each(a,
- b,
c) S
|
sctp_for_each_hentry(a,
- b,
c) S
|
sk_for_each(a,
- b,
c) S
|
sk_for_each_rcu(a,
- b,
c) S
|
sk_for_each_from
-(a, b)
+(a)
S
+ sk_for_each_from(a) S
|
sk_for_each_safe(a,
- b,
c, d) S
|
sk_for_each_bound(a,
- b,
c) S
|
hlist_for_each_entry_safe(a,
- b,
c, d, e) S
|
hlist_for_each_entry_continue_rcu(a,
- b,
c) S
|
nr_neigh_for_each(a,
- b,
c) S
|
nr_neigh_for_each_safe(a,
- b,
c, d) S
|
nr_node_for_each(a,
- b,
c) S
|
nr_node_for_each_safe(a,
- b,
c, d) S
|
- for_each_gfn_sp(a, c, d, b) S
+ for_each_gfn_sp(a, c, d) S
|
- for_each_gfn_indirect_valid_sp(a, c, d, b) S
+ for_each_gfn_indirect_valid_sp(a, c, d) S
|
for_each_host(a,
- b,
c) S
|
for_each_host_safe(a,
- b,
c, d) S
|
for_each_mesh_entry(a,
- b,
c, d) S
)
...+>
[akpm@linux-foundation.org: drop bogus change from net/ipv4/raw.c]
[akpm@linux-foundation.org: drop bogus hunk from net/ipv6/raw.c]
[akpm@linux-foundation.org: checkpatch fixes]
[akpm@linux-foundation.org: fix warnings]
[akpm@linux-foudnation.org: redo intrusive kvm changes]
Tested-by: Peter Senna Tschudin <peter.senna@gmail.com>
Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Cc: Wu Fengguang <fengguang.wu@intel.com>
Cc: Marcelo Tosatti <mtosatti@redhat.com>
Cc: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-02-28 09:06:00 +08:00
|
|
|
hlist_for_each_entry_rcu(dev, head, index_hlist) {
|
2009-11-12 15:44:25 +08:00
|
|
|
if (idx < s_idx)
|
|
|
|
goto cont;
|
2010-03-27 11:27:49 +08:00
|
|
|
if (h > s_h || idx > s_idx)
|
2009-11-12 15:44:25 +08:00
|
|
|
s_ip_idx = 0;
|
|
|
|
in_dev = __in_dev_get_rcu(dev);
|
|
|
|
if (!in_dev)
|
|
|
|
goto cont;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2018-10-20 03:45:27 +08:00
|
|
|
err = in_dev_dump_addr(in_dev, skb, cb, s_ip_idx,
|
|
|
|
&fillargs);
|
|
|
|
if (err < 0) {
|
|
|
|
rcu_read_unlock();
|
|
|
|
goto done;
|
2009-11-12 15:44:25 +08:00
|
|
|
}
|
2007-05-04 06:13:45 +08:00
|
|
|
cont:
|
2009-11-12 15:44:25 +08:00
|
|
|
idx++;
|
|
|
|
}
|
|
|
|
rcu_read_unlock();
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
done:
|
2009-11-12 15:44:25 +08:00
|
|
|
cb->args[0] = h;
|
|
|
|
cb->args[1] = idx;
|
2018-10-20 03:45:29 +08:00
|
|
|
put_tgt_net:
|
2018-09-05 03:53:54 +08:00
|
|
|
if (fillargs.netnsid >= 0)
|
2018-09-05 03:53:49 +08:00
|
|
|
put_net(tgt_net);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2018-12-31 10:10:58 +08:00
|
|
|
return skb->len ? : err;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
2008-11-03 18:48:48 +08:00
|
|
|
static void rtmsg_ifa(int event, struct in_ifaddr *ifa, struct nlmsghdr *nlh,
|
2012-09-08 04:12:54 +08:00
|
|
|
u32 portid)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
2018-09-05 03:53:54 +08:00
|
|
|
struct inet_fill_args fillargs = {
|
|
|
|
.portid = portid,
|
|
|
|
.seq = nlh ? nlh->nlmsg_seq : 0,
|
|
|
|
.event = event,
|
|
|
|
.flags = 0,
|
|
|
|
.netnsid = -1,
|
|
|
|
};
|
2006-08-05 14:04:36 +08:00
|
|
|
struct sk_buff *skb;
|
2006-08-15 15:33:59 +08:00
|
|
|
int err = -ENOBUFS;
|
2008-02-01 10:47:40 +08:00
|
|
|
struct net *net;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2008-03-25 20:47:49 +08:00
|
|
|
net = dev_net(ifa->ifa_dev->dev);
|
2006-11-11 06:10:15 +08:00
|
|
|
skb = nlmsg_new(inet_nlmsg_size(), GFP_KERNEL);
|
2015-04-03 16:17:26 +08:00
|
|
|
if (!skb)
|
2006-08-15 15:33:59 +08:00
|
|
|
goto errout;
|
|
|
|
|
2018-09-05 03:53:54 +08:00
|
|
|
err = inet_fill_ifaddr(skb, ifa, &fillargs);
|
2007-02-01 15:16:40 +08:00
|
|
|
if (err < 0) {
|
|
|
|
/* -EMSGSIZE implies BUG in inet_nlmsg_size() */
|
|
|
|
WARN_ON(err == -EMSGSIZE);
|
|
|
|
kfree_skb(skb);
|
|
|
|
goto errout;
|
|
|
|
}
|
2012-09-08 04:12:54 +08:00
|
|
|
rtnl_notify(skb, net, portid, RTNLGRP_IPV4_IFADDR, nlh, GFP_KERNEL);
|
2009-02-25 15:18:28 +08:00
|
|
|
return;
|
2006-08-15 15:33:59 +08:00
|
|
|
errout:
|
|
|
|
if (err < 0)
|
2008-02-01 10:47:40 +08:00
|
|
|
rtnl_set_sk_err(net, RTNLGRP_IPV4_IFADDR, err);
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
2015-10-20 00:23:28 +08:00
|
|
|
static size_t inet_get_link_af_size(const struct net_device *dev,
|
|
|
|
u32 ext_filter_mask)
|
2010-11-16 12:32:48 +08:00
|
|
|
{
|
2011-05-10 11:55:03 +08:00
|
|
|
struct in_device *in_dev = rcu_dereference_rtnl(dev->ip_ptr);
|
2010-11-16 12:32:48 +08:00
|
|
|
|
|
|
|
if (!in_dev)
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
return nla_total_size(IPV4_DEVCONF_MAX * 4); /* IFLA_INET_CONF */
|
|
|
|
}
|
|
|
|
|
2015-09-12 04:48:48 +08:00
|
|
|
static int inet_fill_link_af(struct sk_buff *skb, const struct net_device *dev,
|
|
|
|
u32 ext_filter_mask)
|
2010-11-16 12:32:48 +08:00
|
|
|
{
|
2011-05-10 11:55:03 +08:00
|
|
|
struct in_device *in_dev = rcu_dereference_rtnl(dev->ip_ptr);
|
2010-11-16 12:32:48 +08:00
|
|
|
struct nlattr *nla;
|
|
|
|
int i;
|
|
|
|
|
|
|
|
if (!in_dev)
|
|
|
|
return -ENODATA;
|
|
|
|
|
|
|
|
nla = nla_reserve(skb, IFLA_INET_CONF, IPV4_DEVCONF_MAX * 4);
|
2015-04-03 16:17:26 +08:00
|
|
|
if (!nla)
|
2010-11-16 12:32:48 +08:00
|
|
|
return -EMSGSIZE;
|
|
|
|
|
|
|
|
for (i = 0; i < IPV4_DEVCONF_MAX; i++)
|
|
|
|
((u32 *) nla_data(nla))[i] = in_dev->cnf.data[i];
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static const struct nla_policy inet_af_policy[IFLA_INET_MAX+1] = {
|
|
|
|
[IFLA_INET_CONF] = { .type = NLA_NESTED },
|
|
|
|
};
|
|
|
|
|
2010-11-22 09:31:54 +08:00
|
|
|
static int inet_validate_link_af(const struct net_device *dev,
|
2021-08-03 20:02:50 +08:00
|
|
|
const struct nlattr *nla,
|
|
|
|
struct netlink_ext_ack *extack)
|
2010-11-16 12:32:48 +08:00
|
|
|
{
|
|
|
|
struct nlattr *a, *tb[IFLA_INET_MAX+1];
|
|
|
|
int err, rem;
|
|
|
|
|
2021-05-09 02:00:33 +08:00
|
|
|
if (dev && !__in_dev_get_rtnl(dev))
|
2010-11-22 09:31:54 +08:00
|
|
|
return -EAFNOSUPPORT;
|
2010-11-16 12:32:48 +08:00
|
|
|
|
netlink: make validation more configurable for future strictness
We currently have two levels of strict validation:
1) liberal (default)
- undefined (type >= max) & NLA_UNSPEC attributes accepted
- attribute length >= expected accepted
- garbage at end of message accepted
2) strict (opt-in)
- NLA_UNSPEC attributes accepted
- attribute length >= expected accepted
Split out parsing strictness into four different options:
* TRAILING - check that there's no trailing data after parsing
attributes (in message or nested)
* MAXTYPE - reject attrs > max known type
* UNSPEC - reject attributes with NLA_UNSPEC policy entries
* STRICT_ATTRS - strictly validate attribute size
The default for future things should be *everything*.
The current *_strict() is a combination of TRAILING and MAXTYPE,
and is renamed to _deprecated_strict().
The current regular parsing has none of this, and is renamed to
*_parse_deprecated().
Additionally it allows us to selectively set one of the new flags
even on old policies. Notably, the UNSPEC flag could be useful in
this case, since it can be arranged (by filling in the policy) to
not be an incompatible userspace ABI change, but would then going
forward prevent forgetting attribute entries. Similar can apply
to the POLICY flag.
We end up with the following renames:
* nla_parse -> nla_parse_deprecated
* nla_parse_strict -> nla_parse_deprecated_strict
* nlmsg_parse -> nlmsg_parse_deprecated
* nlmsg_parse_strict -> nlmsg_parse_deprecated_strict
* nla_parse_nested -> nla_parse_nested_deprecated
* nla_validate_nested -> nla_validate_nested_deprecated
Using spatch, of course:
@@
expression TB, MAX, HEAD, LEN, POL, EXT;
@@
-nla_parse(TB, MAX, HEAD, LEN, POL, EXT)
+nla_parse_deprecated(TB, MAX, HEAD, LEN, POL, EXT)
@@
expression NLH, HDRLEN, TB, MAX, POL, EXT;
@@
-nlmsg_parse(NLH, HDRLEN, TB, MAX, POL, EXT)
+nlmsg_parse_deprecated(NLH, HDRLEN, TB, MAX, POL, EXT)
@@
expression NLH, HDRLEN, TB, MAX, POL, EXT;
@@
-nlmsg_parse_strict(NLH, HDRLEN, TB, MAX, POL, EXT)
+nlmsg_parse_deprecated_strict(NLH, HDRLEN, TB, MAX, POL, EXT)
@@
expression TB, MAX, NLA, POL, EXT;
@@
-nla_parse_nested(TB, MAX, NLA, POL, EXT)
+nla_parse_nested_deprecated(TB, MAX, NLA, POL, EXT)
@@
expression START, MAX, POL, EXT;
@@
-nla_validate_nested(START, MAX, POL, EXT)
+nla_validate_nested_deprecated(START, MAX, POL, EXT)
@@
expression NLH, HDRLEN, MAX, POL, EXT;
@@
-nlmsg_validate(NLH, HDRLEN, MAX, POL, EXT)
+nlmsg_validate_deprecated(NLH, HDRLEN, MAX, POL, EXT)
For this patch, don't actually add the strict, non-renamed versions
yet so that it breaks compile if I get it wrong.
Also, while at it, make nla_validate and nla_parse go down to a
common __nla_validate_parse() function to avoid code duplication.
Ultimately, this allows us to have very strict validation for every
new caller of nla_parse()/nlmsg_parse() etc as re-introduced in the
next patch, while existing things will continue to work as is.
In effect then, this adds fully strict validation for any new command.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-04-26 20:07:28 +08:00
|
|
|
err = nla_parse_nested_deprecated(tb, IFLA_INET_MAX, nla,
|
2021-08-03 20:02:50 +08:00
|
|
|
inet_af_policy, extack);
|
2010-11-16 12:32:48 +08:00
|
|
|
if (err < 0)
|
|
|
|
return err;
|
|
|
|
|
|
|
|
if (tb[IFLA_INET_CONF]) {
|
|
|
|
nla_for_each_nested(a, tb[IFLA_INET_CONF], rem) {
|
|
|
|
int cfgid = nla_type(a);
|
|
|
|
|
|
|
|
if (nla_len(a) < 4)
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
if (cfgid <= 0 || cfgid > IPV4_DEVCONF_MAX)
|
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2010-11-22 09:31:54 +08:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2021-04-07 23:59:12 +08:00
|
|
|
static int inet_set_link_af(struct net_device *dev, const struct nlattr *nla,
|
|
|
|
struct netlink_ext_ack *extack)
|
2010-11-22 09:31:54 +08:00
|
|
|
{
|
2021-05-09 02:00:33 +08:00
|
|
|
struct in_device *in_dev = __in_dev_get_rtnl(dev);
|
2010-11-22 09:31:54 +08:00
|
|
|
struct nlattr *a, *tb[IFLA_INET_MAX+1];
|
|
|
|
int rem;
|
|
|
|
|
|
|
|
if (!in_dev)
|
|
|
|
return -EAFNOSUPPORT;
|
|
|
|
|
netlink: make validation more configurable for future strictness
We currently have two levels of strict validation:
1) liberal (default)
- undefined (type >= max) & NLA_UNSPEC attributes accepted
- attribute length >= expected accepted
- garbage at end of message accepted
2) strict (opt-in)
- NLA_UNSPEC attributes accepted
- attribute length >= expected accepted
Split out parsing strictness into four different options:
* TRAILING - check that there's no trailing data after parsing
attributes (in message or nested)
* MAXTYPE - reject attrs > max known type
* UNSPEC - reject attributes with NLA_UNSPEC policy entries
* STRICT_ATTRS - strictly validate attribute size
The default for future things should be *everything*.
The current *_strict() is a combination of TRAILING and MAXTYPE,
and is renamed to _deprecated_strict().
The current regular parsing has none of this, and is renamed to
*_parse_deprecated().
Additionally it allows us to selectively set one of the new flags
even on old policies. Notably, the UNSPEC flag could be useful in
this case, since it can be arranged (by filling in the policy) to
not be an incompatible userspace ABI change, but would then going
forward prevent forgetting attribute entries. Similar can apply
to the POLICY flag.
We end up with the following renames:
* nla_parse -> nla_parse_deprecated
* nla_parse_strict -> nla_parse_deprecated_strict
* nlmsg_parse -> nlmsg_parse_deprecated
* nlmsg_parse_strict -> nlmsg_parse_deprecated_strict
* nla_parse_nested -> nla_parse_nested_deprecated
* nla_validate_nested -> nla_validate_nested_deprecated
Using spatch, of course:
@@
expression TB, MAX, HEAD, LEN, POL, EXT;
@@
-nla_parse(TB, MAX, HEAD, LEN, POL, EXT)
+nla_parse_deprecated(TB, MAX, HEAD, LEN, POL, EXT)
@@
expression NLH, HDRLEN, TB, MAX, POL, EXT;
@@
-nlmsg_parse(NLH, HDRLEN, TB, MAX, POL, EXT)
+nlmsg_parse_deprecated(NLH, HDRLEN, TB, MAX, POL, EXT)
@@
expression NLH, HDRLEN, TB, MAX, POL, EXT;
@@
-nlmsg_parse_strict(NLH, HDRLEN, TB, MAX, POL, EXT)
+nlmsg_parse_deprecated_strict(NLH, HDRLEN, TB, MAX, POL, EXT)
@@
expression TB, MAX, NLA, POL, EXT;
@@
-nla_parse_nested(TB, MAX, NLA, POL, EXT)
+nla_parse_nested_deprecated(TB, MAX, NLA, POL, EXT)
@@
expression START, MAX, POL, EXT;
@@
-nla_validate_nested(START, MAX, POL, EXT)
+nla_validate_nested_deprecated(START, MAX, POL, EXT)
@@
expression NLH, HDRLEN, MAX, POL, EXT;
@@
-nlmsg_validate(NLH, HDRLEN, MAX, POL, EXT)
+nlmsg_validate_deprecated(NLH, HDRLEN, MAX, POL, EXT)
For this patch, don't actually add the strict, non-renamed versions
yet so that it breaks compile if I get it wrong.
Also, while at it, make nla_validate and nla_parse go down to a
common __nla_validate_parse() function to avoid code duplication.
Ultimately, this allows us to have very strict validation for every
new caller of nla_parse()/nlmsg_parse() etc as re-introduced in the
next patch, while existing things will continue to work as is.
In effect then, this adds fully strict validation for any new command.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-04-26 20:07:28 +08:00
|
|
|
if (nla_parse_nested_deprecated(tb, IFLA_INET_MAX, nla, NULL, NULL) < 0)
|
2021-06-08 09:53:15 +08:00
|
|
|
return -EINVAL;
|
2010-11-22 09:31:54 +08:00
|
|
|
|
2010-11-16 12:32:48 +08:00
|
|
|
if (tb[IFLA_INET_CONF]) {
|
|
|
|
nla_for_each_nested(a, tb[IFLA_INET_CONF], rem)
|
|
|
|
ipv4_devconf_set(in_dev, nla_type(a), nla_get_u32(a));
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2012-10-26 06:28:52 +08:00
|
|
|
static int inet_netconf_msgsize_devconf(int type)
|
|
|
|
{
|
|
|
|
int size = NLMSG_ALIGN(sizeof(struct netconfmsg))
|
|
|
|
+ nla_total_size(4); /* NETCONFA_IFINDEX */
|
2016-03-10 16:55:50 +08:00
|
|
|
bool all = false;
|
2012-10-26 06:28:52 +08:00
|
|
|
|
2016-03-10 16:55:50 +08:00
|
|
|
if (type == NETCONFA_ALL)
|
|
|
|
all = true;
|
|
|
|
|
|
|
|
if (all || type == NETCONFA_FORWARDING)
|
2012-10-26 06:28:52 +08:00
|
|
|
size += nla_total_size(4);
|
2016-03-10 16:55:50 +08:00
|
|
|
if (all || type == NETCONFA_RP_FILTER)
|
2012-10-29 12:53:27 +08:00
|
|
|
size += nla_total_size(4);
|
2016-03-10 16:55:50 +08:00
|
|
|
if (all || type == NETCONFA_MC_FORWARDING)
|
2012-12-04 09:13:35 +08:00
|
|
|
size += nla_total_size(4);
|
2018-07-27 16:37:28 +08:00
|
|
|
if (all || type == NETCONFA_BC_FORWARDING)
|
|
|
|
size += nla_total_size(4);
|
2016-03-10 16:55:50 +08:00
|
|
|
if (all || type == NETCONFA_PROXY_NEIGH)
|
2013-12-13 05:06:50 +08:00
|
|
|
size += nla_total_size(4);
|
2016-03-10 16:55:50 +08:00
|
|
|
if (all || type == NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN)
|
2015-07-08 01:56:57 +08:00
|
|
|
size += nla_total_size(4);
|
2012-10-26 06:28:52 +08:00
|
|
|
|
|
|
|
return size;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int inet_netconf_fill_devconf(struct sk_buff *skb, int ifindex,
|
|
|
|
struct ipv4_devconf *devconf, u32 portid,
|
|
|
|
u32 seq, int event, unsigned int flags,
|
|
|
|
int type)
|
|
|
|
{
|
|
|
|
struct nlmsghdr *nlh;
|
|
|
|
struct netconfmsg *ncm;
|
2016-03-10 16:55:50 +08:00
|
|
|
bool all = false;
|
2012-10-26 06:28:52 +08:00
|
|
|
|
|
|
|
nlh = nlmsg_put(skb, portid, seq, event, sizeof(struct netconfmsg),
|
|
|
|
flags);
|
2015-04-03 16:17:26 +08:00
|
|
|
if (!nlh)
|
2012-10-26 06:28:52 +08:00
|
|
|
return -EMSGSIZE;
|
|
|
|
|
2016-03-10 16:55:50 +08:00
|
|
|
if (type == NETCONFA_ALL)
|
|
|
|
all = true;
|
|
|
|
|
2012-10-26 06:28:52 +08:00
|
|
|
ncm = nlmsg_data(nlh);
|
|
|
|
ncm->ncm_family = AF_INET;
|
|
|
|
|
|
|
|
if (nla_put_s32(skb, NETCONFA_IFINDEX, ifindex) < 0)
|
|
|
|
goto nla_put_failure;
|
|
|
|
|
2017-03-29 05:28:03 +08:00
|
|
|
if (!devconf)
|
|
|
|
goto out;
|
|
|
|
|
2016-03-10 16:55:50 +08:00
|
|
|
if ((all || type == NETCONFA_FORWARDING) &&
|
2012-10-26 06:28:52 +08:00
|
|
|
nla_put_s32(skb, NETCONFA_FORWARDING,
|
|
|
|
IPV4_DEVCONF(*devconf, FORWARDING)) < 0)
|
|
|
|
goto nla_put_failure;
|
2016-03-10 16:55:50 +08:00
|
|
|
if ((all || type == NETCONFA_RP_FILTER) &&
|
2012-10-29 12:53:27 +08:00
|
|
|
nla_put_s32(skb, NETCONFA_RP_FILTER,
|
|
|
|
IPV4_DEVCONF(*devconf, RP_FILTER)) < 0)
|
|
|
|
goto nla_put_failure;
|
2016-03-10 16:55:50 +08:00
|
|
|
if ((all || type == NETCONFA_MC_FORWARDING) &&
|
2012-12-04 09:13:35 +08:00
|
|
|
nla_put_s32(skb, NETCONFA_MC_FORWARDING,
|
|
|
|
IPV4_DEVCONF(*devconf, MC_FORWARDING)) < 0)
|
|
|
|
goto nla_put_failure;
|
2018-07-27 16:37:28 +08:00
|
|
|
if ((all || type == NETCONFA_BC_FORWARDING) &&
|
|
|
|
nla_put_s32(skb, NETCONFA_BC_FORWARDING,
|
|
|
|
IPV4_DEVCONF(*devconf, BC_FORWARDING)) < 0)
|
|
|
|
goto nla_put_failure;
|
2016-03-10 16:55:50 +08:00
|
|
|
if ((all || type == NETCONFA_PROXY_NEIGH) &&
|
2013-12-18 14:35:52 +08:00
|
|
|
nla_put_s32(skb, NETCONFA_PROXY_NEIGH,
|
2013-12-13 05:06:50 +08:00
|
|
|
IPV4_DEVCONF(*devconf, PROXY_ARP)) < 0)
|
|
|
|
goto nla_put_failure;
|
2016-03-10 16:55:50 +08:00
|
|
|
if ((all || type == NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN) &&
|
2015-07-08 01:56:57 +08:00
|
|
|
nla_put_s32(skb, NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN,
|
|
|
|
IPV4_DEVCONF(*devconf, IGNORE_ROUTES_WITH_LINKDOWN)) < 0)
|
|
|
|
goto nla_put_failure;
|
2012-10-26 06:28:52 +08:00
|
|
|
|
2017-03-29 05:28:03 +08:00
|
|
|
out:
|
2015-01-17 05:09:00 +08:00
|
|
|
nlmsg_end(skb, nlh);
|
|
|
|
return 0;
|
2012-10-26 06:28:52 +08:00
|
|
|
|
|
|
|
nla_put_failure:
|
|
|
|
nlmsg_cancel(skb, nlh);
|
|
|
|
return -EMSGSIZE;
|
|
|
|
}
|
|
|
|
|
2017-03-29 05:28:02 +08:00
|
|
|
void inet_netconf_notify_devconf(struct net *net, int event, int type,
|
|
|
|
int ifindex, struct ipv4_devconf *devconf)
|
2012-10-26 06:28:52 +08:00
|
|
|
{
|
|
|
|
struct sk_buff *skb;
|
|
|
|
int err = -ENOBUFS;
|
|
|
|
|
2016-07-08 11:18:24 +08:00
|
|
|
skb = nlmsg_new(inet_netconf_msgsize_devconf(type), GFP_KERNEL);
|
2015-04-03 16:17:26 +08:00
|
|
|
if (!skb)
|
2012-10-26 06:28:52 +08:00
|
|
|
goto errout;
|
|
|
|
|
|
|
|
err = inet_netconf_fill_devconf(skb, ifindex, devconf, 0, 0,
|
2017-03-29 05:28:02 +08:00
|
|
|
event, 0, type);
|
2012-10-26 06:28:52 +08:00
|
|
|
if (err < 0) {
|
|
|
|
/* -EMSGSIZE implies BUG in inet_netconf_msgsize_devconf() */
|
|
|
|
WARN_ON(err == -EMSGSIZE);
|
|
|
|
kfree_skb(skb);
|
|
|
|
goto errout;
|
|
|
|
}
|
2016-07-08 11:18:24 +08:00
|
|
|
rtnl_notify(skb, net, 0, RTNLGRP_IPV4_NETCONF, NULL, GFP_KERNEL);
|
2012-10-26 06:28:52 +08:00
|
|
|
return;
|
|
|
|
errout:
|
|
|
|
if (err < 0)
|
|
|
|
rtnl_set_sk_err(net, RTNLGRP_IPV4_NETCONF, err);
|
|
|
|
}
|
|
|
|
|
2012-10-26 06:28:53 +08:00
|
|
|
static const struct nla_policy devconf_ipv4_policy[NETCONFA_MAX+1] = {
|
|
|
|
[NETCONFA_IFINDEX] = { .len = sizeof(int) },
|
|
|
|
[NETCONFA_FORWARDING] = { .len = sizeof(int) },
|
2012-10-29 12:53:27 +08:00
|
|
|
[NETCONFA_RP_FILTER] = { .len = sizeof(int) },
|
2013-12-18 14:35:52 +08:00
|
|
|
[NETCONFA_PROXY_NEIGH] = { .len = sizeof(int) },
|
2015-07-08 01:56:57 +08:00
|
|
|
[NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN] = { .len = sizeof(int) },
|
2012-10-26 06:28:53 +08:00
|
|
|
};
|
|
|
|
|
2019-01-19 02:46:18 +08:00
|
|
|
static int inet_netconf_valid_get_req(struct sk_buff *skb,
|
|
|
|
const struct nlmsghdr *nlh,
|
|
|
|
struct nlattr **tb,
|
|
|
|
struct netlink_ext_ack *extack)
|
|
|
|
{
|
|
|
|
int i, err;
|
|
|
|
|
|
|
|
if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(struct netconfmsg))) {
|
|
|
|
NL_SET_ERR_MSG(extack, "ipv4: Invalid header for netconf get request");
|
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!netlink_strict_get_check(skb))
|
netlink: make validation more configurable for future strictness
We currently have two levels of strict validation:
1) liberal (default)
- undefined (type >= max) & NLA_UNSPEC attributes accepted
- attribute length >= expected accepted
- garbage at end of message accepted
2) strict (opt-in)
- NLA_UNSPEC attributes accepted
- attribute length >= expected accepted
Split out parsing strictness into four different options:
* TRAILING - check that there's no trailing data after parsing
attributes (in message or nested)
* MAXTYPE - reject attrs > max known type
* UNSPEC - reject attributes with NLA_UNSPEC policy entries
* STRICT_ATTRS - strictly validate attribute size
The default for future things should be *everything*.
The current *_strict() is a combination of TRAILING and MAXTYPE,
and is renamed to _deprecated_strict().
The current regular parsing has none of this, and is renamed to
*_parse_deprecated().
Additionally it allows us to selectively set one of the new flags
even on old policies. Notably, the UNSPEC flag could be useful in
this case, since it can be arranged (by filling in the policy) to
not be an incompatible userspace ABI change, but would then going
forward prevent forgetting attribute entries. Similar can apply
to the POLICY flag.
We end up with the following renames:
* nla_parse -> nla_parse_deprecated
* nla_parse_strict -> nla_parse_deprecated_strict
* nlmsg_parse -> nlmsg_parse_deprecated
* nlmsg_parse_strict -> nlmsg_parse_deprecated_strict
* nla_parse_nested -> nla_parse_nested_deprecated
* nla_validate_nested -> nla_validate_nested_deprecated
Using spatch, of course:
@@
expression TB, MAX, HEAD, LEN, POL, EXT;
@@
-nla_parse(TB, MAX, HEAD, LEN, POL, EXT)
+nla_parse_deprecated(TB, MAX, HEAD, LEN, POL, EXT)
@@
expression NLH, HDRLEN, TB, MAX, POL, EXT;
@@
-nlmsg_parse(NLH, HDRLEN, TB, MAX, POL, EXT)
+nlmsg_parse_deprecated(NLH, HDRLEN, TB, MAX, POL, EXT)
@@
expression NLH, HDRLEN, TB, MAX, POL, EXT;
@@
-nlmsg_parse_strict(NLH, HDRLEN, TB, MAX, POL, EXT)
+nlmsg_parse_deprecated_strict(NLH, HDRLEN, TB, MAX, POL, EXT)
@@
expression TB, MAX, NLA, POL, EXT;
@@
-nla_parse_nested(TB, MAX, NLA, POL, EXT)
+nla_parse_nested_deprecated(TB, MAX, NLA, POL, EXT)
@@
expression START, MAX, POL, EXT;
@@
-nla_validate_nested(START, MAX, POL, EXT)
+nla_validate_nested_deprecated(START, MAX, POL, EXT)
@@
expression NLH, HDRLEN, MAX, POL, EXT;
@@
-nlmsg_validate(NLH, HDRLEN, MAX, POL, EXT)
+nlmsg_validate_deprecated(NLH, HDRLEN, MAX, POL, EXT)
For this patch, don't actually add the strict, non-renamed versions
yet so that it breaks compile if I get it wrong.
Also, while at it, make nla_validate and nla_parse go down to a
common __nla_validate_parse() function to avoid code duplication.
Ultimately, this allows us to have very strict validation for every
new caller of nla_parse()/nlmsg_parse() etc as re-introduced in the
next patch, while existing things will continue to work as is.
In effect then, this adds fully strict validation for any new command.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-04-26 20:07:28 +08:00
|
|
|
return nlmsg_parse_deprecated(nlh, sizeof(struct netconfmsg),
|
|
|
|
tb, NETCONFA_MAX,
|
|
|
|
devconf_ipv4_policy, extack);
|
2019-01-19 02:46:18 +08:00
|
|
|
|
netlink: make validation more configurable for future strictness
We currently have two levels of strict validation:
1) liberal (default)
- undefined (type >= max) & NLA_UNSPEC attributes accepted
- attribute length >= expected accepted
- garbage at end of message accepted
2) strict (opt-in)
- NLA_UNSPEC attributes accepted
- attribute length >= expected accepted
Split out parsing strictness into four different options:
* TRAILING - check that there's no trailing data after parsing
attributes (in message or nested)
* MAXTYPE - reject attrs > max known type
* UNSPEC - reject attributes with NLA_UNSPEC policy entries
* STRICT_ATTRS - strictly validate attribute size
The default for future things should be *everything*.
The current *_strict() is a combination of TRAILING and MAXTYPE,
and is renamed to _deprecated_strict().
The current regular parsing has none of this, and is renamed to
*_parse_deprecated().
Additionally it allows us to selectively set one of the new flags
even on old policies. Notably, the UNSPEC flag could be useful in
this case, since it can be arranged (by filling in the policy) to
not be an incompatible userspace ABI change, but would then going
forward prevent forgetting attribute entries. Similar can apply
to the POLICY flag.
We end up with the following renames:
* nla_parse -> nla_parse_deprecated
* nla_parse_strict -> nla_parse_deprecated_strict
* nlmsg_parse -> nlmsg_parse_deprecated
* nlmsg_parse_strict -> nlmsg_parse_deprecated_strict
* nla_parse_nested -> nla_parse_nested_deprecated
* nla_validate_nested -> nla_validate_nested_deprecated
Using spatch, of course:
@@
expression TB, MAX, HEAD, LEN, POL, EXT;
@@
-nla_parse(TB, MAX, HEAD, LEN, POL, EXT)
+nla_parse_deprecated(TB, MAX, HEAD, LEN, POL, EXT)
@@
expression NLH, HDRLEN, TB, MAX, POL, EXT;
@@
-nlmsg_parse(NLH, HDRLEN, TB, MAX, POL, EXT)
+nlmsg_parse_deprecated(NLH, HDRLEN, TB, MAX, POL, EXT)
@@
expression NLH, HDRLEN, TB, MAX, POL, EXT;
@@
-nlmsg_parse_strict(NLH, HDRLEN, TB, MAX, POL, EXT)
+nlmsg_parse_deprecated_strict(NLH, HDRLEN, TB, MAX, POL, EXT)
@@
expression TB, MAX, NLA, POL, EXT;
@@
-nla_parse_nested(TB, MAX, NLA, POL, EXT)
+nla_parse_nested_deprecated(TB, MAX, NLA, POL, EXT)
@@
expression START, MAX, POL, EXT;
@@
-nla_validate_nested(START, MAX, POL, EXT)
+nla_validate_nested_deprecated(START, MAX, POL, EXT)
@@
expression NLH, HDRLEN, MAX, POL, EXT;
@@
-nlmsg_validate(NLH, HDRLEN, MAX, POL, EXT)
+nlmsg_validate_deprecated(NLH, HDRLEN, MAX, POL, EXT)
For this patch, don't actually add the strict, non-renamed versions
yet so that it breaks compile if I get it wrong.
Also, while at it, make nla_validate and nla_parse go down to a
common __nla_validate_parse() function to avoid code duplication.
Ultimately, this allows us to have very strict validation for every
new caller of nla_parse()/nlmsg_parse() etc as re-introduced in the
next patch, while existing things will continue to work as is.
In effect then, this adds fully strict validation for any new command.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-04-26 20:07:28 +08:00
|
|
|
err = nlmsg_parse_deprecated_strict(nlh, sizeof(struct netconfmsg),
|
|
|
|
tb, NETCONFA_MAX,
|
|
|
|
devconf_ipv4_policy, extack);
|
2019-01-19 02:46:18 +08:00
|
|
|
if (err)
|
|
|
|
return err;
|
|
|
|
|
|
|
|
for (i = 0; i <= NETCONFA_MAX; i++) {
|
|
|
|
if (!tb[i])
|
|
|
|
continue;
|
|
|
|
|
|
|
|
switch (i) {
|
|
|
|
case NETCONFA_IFINDEX:
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
NL_SET_ERR_MSG(extack, "ipv4: Unsupported attribute in netconf get request");
|
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2012-10-26 06:28:53 +08:00
|
|
|
static int inet_netconf_get_devconf(struct sk_buff *in_skb,
|
2017-04-17 00:48:24 +08:00
|
|
|
struct nlmsghdr *nlh,
|
|
|
|
struct netlink_ext_ack *extack)
|
2012-10-26 06:28:53 +08:00
|
|
|
{
|
|
|
|
struct net *net = sock_net(in_skb->sk);
|
|
|
|
struct nlattr *tb[NETCONFA_MAX+1];
|
|
|
|
struct sk_buff *skb;
|
|
|
|
struct ipv4_devconf *devconf;
|
|
|
|
struct in_device *in_dev;
|
|
|
|
struct net_device *dev;
|
|
|
|
int ifindex;
|
|
|
|
int err;
|
|
|
|
|
2019-01-19 02:46:18 +08:00
|
|
|
err = inet_netconf_valid_get_req(in_skb, nlh, tb, extack);
|
|
|
|
if (err)
|
2012-10-26 06:28:53 +08:00
|
|
|
goto errout;
|
|
|
|
|
2016-02-17 10:43:16 +08:00
|
|
|
err = -EINVAL;
|
2012-10-26 06:28:53 +08:00
|
|
|
if (!tb[NETCONFA_IFINDEX])
|
|
|
|
goto errout;
|
|
|
|
|
|
|
|
ifindex = nla_get_s32(tb[NETCONFA_IFINDEX]);
|
|
|
|
switch (ifindex) {
|
|
|
|
case NETCONFA_IFINDEX_ALL:
|
|
|
|
devconf = net->ipv4.devconf_all;
|
|
|
|
break;
|
|
|
|
case NETCONFA_IFINDEX_DEFAULT:
|
|
|
|
devconf = net->ipv4.devconf_dflt;
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
dev = __dev_get_by_index(net, ifindex);
|
2015-04-03 16:17:26 +08:00
|
|
|
if (!dev)
|
2012-10-26 06:28:53 +08:00
|
|
|
goto errout;
|
|
|
|
in_dev = __in_dev_get_rtnl(dev);
|
2015-04-03 16:17:26 +08:00
|
|
|
if (!in_dev)
|
2012-10-26 06:28:53 +08:00
|
|
|
goto errout;
|
|
|
|
devconf = &in_dev->cnf;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
err = -ENOBUFS;
|
2016-07-08 11:18:24 +08:00
|
|
|
skb = nlmsg_new(inet_netconf_msgsize_devconf(NETCONFA_ALL), GFP_KERNEL);
|
2015-04-03 16:17:26 +08:00
|
|
|
if (!skb)
|
2012-10-26 06:28:53 +08:00
|
|
|
goto errout;
|
|
|
|
|
|
|
|
err = inet_netconf_fill_devconf(skb, ifindex, devconf,
|
|
|
|
NETLINK_CB(in_skb).portid,
|
|
|
|
nlh->nlmsg_seq, RTM_NEWNETCONF, 0,
|
2016-03-10 16:55:50 +08:00
|
|
|
NETCONFA_ALL);
|
2012-10-26 06:28:53 +08:00
|
|
|
if (err < 0) {
|
|
|
|
/* -EMSGSIZE implies BUG in inet_netconf_msgsize_devconf() */
|
|
|
|
WARN_ON(err == -EMSGSIZE);
|
|
|
|
kfree_skb(skb);
|
|
|
|
goto errout;
|
|
|
|
}
|
|
|
|
err = rtnl_unicast(skb, net, NETLINK_CB(in_skb).portid);
|
|
|
|
errout:
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
|
2013-03-06 07:42:06 +08:00
|
|
|
static int inet_netconf_dump_devconf(struct sk_buff *skb,
|
|
|
|
struct netlink_callback *cb)
|
|
|
|
{
|
2018-10-08 11:16:41 +08:00
|
|
|
const struct nlmsghdr *nlh = cb->nlh;
|
2013-03-06 07:42:06 +08:00
|
|
|
struct net *net = sock_net(skb->sk);
|
|
|
|
int h, s_h;
|
|
|
|
int idx, s_idx;
|
|
|
|
struct net_device *dev;
|
|
|
|
struct in_device *in_dev;
|
|
|
|
struct hlist_head *head;
|
|
|
|
|
2018-10-08 11:16:41 +08:00
|
|
|
if (cb->strict_check) {
|
|
|
|
struct netlink_ext_ack *extack = cb->extack;
|
|
|
|
struct netconfmsg *ncm;
|
|
|
|
|
|
|
|
if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*ncm))) {
|
|
|
|
NL_SET_ERR_MSG(extack, "ipv4: Invalid header for netconf dump request");
|
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (nlmsg_attrlen(nlh, sizeof(*ncm))) {
|
|
|
|
NL_SET_ERR_MSG(extack, "ipv4: Invalid data after header in netconf dump request");
|
|
|
|
return -EINVAL;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2013-03-06 07:42:06 +08:00
|
|
|
s_h = cb->args[0];
|
|
|
|
s_idx = idx = cb->args[1];
|
|
|
|
|
|
|
|
for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) {
|
|
|
|
idx = 0;
|
|
|
|
head = &net->dev_index_head[h];
|
|
|
|
rcu_read_lock();
|
2013-03-22 14:28:42 +08:00
|
|
|
cb->seq = atomic_read(&net->ipv4.dev_addr_genid) ^
|
|
|
|
net->dev_base_seq;
|
2013-03-06 07:42:06 +08:00
|
|
|
hlist_for_each_entry_rcu(dev, head, index_hlist) {
|
|
|
|
if (idx < s_idx)
|
|
|
|
goto cont;
|
|
|
|
in_dev = __in_dev_get_rcu(dev);
|
|
|
|
if (!in_dev)
|
|
|
|
goto cont;
|
|
|
|
|
|
|
|
if (inet_netconf_fill_devconf(skb, dev->ifindex,
|
|
|
|
&in_dev->cnf,
|
|
|
|
NETLINK_CB(cb->skb).portid,
|
2018-10-08 11:16:41 +08:00
|
|
|
nlh->nlmsg_seq,
|
2013-03-06 07:42:06 +08:00
|
|
|
RTM_NEWNETCONF,
|
|
|
|
NLM_F_MULTI,
|
2016-03-10 16:55:50 +08:00
|
|
|
NETCONFA_ALL) < 0) {
|
2013-03-06 07:42:06 +08:00
|
|
|
rcu_read_unlock();
|
|
|
|
goto done;
|
|
|
|
}
|
2013-03-22 14:28:42 +08:00
|
|
|
nl_dump_check_consistent(cb, nlmsg_hdr(skb));
|
2013-03-06 07:42:06 +08:00
|
|
|
cont:
|
|
|
|
idx++;
|
|
|
|
}
|
|
|
|
rcu_read_unlock();
|
|
|
|
}
|
|
|
|
if (h == NETDEV_HASHENTRIES) {
|
|
|
|
if (inet_netconf_fill_devconf(skb, NETCONFA_IFINDEX_ALL,
|
|
|
|
net->ipv4.devconf_all,
|
|
|
|
NETLINK_CB(cb->skb).portid,
|
2018-10-08 11:16:41 +08:00
|
|
|
nlh->nlmsg_seq,
|
2013-03-06 07:42:06 +08:00
|
|
|
RTM_NEWNETCONF, NLM_F_MULTI,
|
2016-03-10 16:55:50 +08:00
|
|
|
NETCONFA_ALL) < 0)
|
2013-03-06 07:42:06 +08:00
|
|
|
goto done;
|
|
|
|
else
|
|
|
|
h++;
|
|
|
|
}
|
|
|
|
if (h == NETDEV_HASHENTRIES + 1) {
|
|
|
|
if (inet_netconf_fill_devconf(skb, NETCONFA_IFINDEX_DEFAULT,
|
|
|
|
net->ipv4.devconf_dflt,
|
|
|
|
NETLINK_CB(cb->skb).portid,
|
2018-10-08 11:16:41 +08:00
|
|
|
nlh->nlmsg_seq,
|
2013-03-06 07:42:06 +08:00
|
|
|
RTM_NEWNETCONF, NLM_F_MULTI,
|
2016-03-10 16:55:50 +08:00
|
|
|
NETCONFA_ALL) < 0)
|
2013-03-06 07:42:06 +08:00
|
|
|
goto done;
|
|
|
|
else
|
|
|
|
h++;
|
|
|
|
}
|
|
|
|
done:
|
|
|
|
cb->args[0] = h;
|
|
|
|
cb->args[1] = idx;
|
|
|
|
|
|
|
|
return skb->len;
|
|
|
|
}
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
#ifdef CONFIG_SYSCTL
|
|
|
|
|
2007-12-17 05:31:14 +08:00
|
|
|
static void devinet_copy_dflt_conf(struct net *net, int i)
|
2007-06-05 14:35:37 +08:00
|
|
|
{
|
|
|
|
struct net_device *dev;
|
|
|
|
|
2009-11-04 21:43:23 +08:00
|
|
|
rcu_read_lock();
|
|
|
|
for_each_netdev_rcu(net, dev) {
|
2007-06-05 14:35:37 +08:00
|
|
|
struct in_device *in_dev;
|
2009-11-04 21:43:23 +08:00
|
|
|
|
2007-06-05 14:35:37 +08:00
|
|
|
in_dev = __in_dev_get_rcu(dev);
|
|
|
|
if (in_dev && !test_bit(i, in_dev->cnf.state))
|
2007-12-17 05:32:16 +08:00
|
|
|
in_dev->cnf.data[i] = net->ipv4.devconf_dflt->data[i];
|
2007-06-05 14:35:37 +08:00
|
|
|
}
|
2009-11-04 21:43:23 +08:00
|
|
|
rcu_read_unlock();
|
2007-06-05 14:35:37 +08:00
|
|
|
}
|
|
|
|
|
2009-11-04 21:43:23 +08:00
|
|
|
/* called with RTNL locked */
|
2007-12-17 05:31:14 +08:00
|
|
|
static void inet_forward_change(struct net *net)
|
2007-12-05 17:44:58 +08:00
|
|
|
{
|
|
|
|
struct net_device *dev;
|
2007-12-17 05:32:48 +08:00
|
|
|
int on = IPV4_DEVCONF_ALL(net, FORWARDING);
|
2007-12-05 17:44:58 +08:00
|
|
|
|
2007-12-17 05:32:48 +08:00
|
|
|
IPV4_DEVCONF_ALL(net, ACCEPT_REDIRECTS) = !on;
|
2007-12-17 05:32:16 +08:00
|
|
|
IPV4_DEVCONF_DFLT(net, FORWARDING) = on;
|
2017-03-29 05:28:02 +08:00
|
|
|
inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
|
|
|
|
NETCONFA_FORWARDING,
|
2012-10-26 06:28:52 +08:00
|
|
|
NETCONFA_IFINDEX_ALL,
|
|
|
|
net->ipv4.devconf_all);
|
2017-03-29 05:28:02 +08:00
|
|
|
inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
|
|
|
|
NETCONFA_FORWARDING,
|
2012-10-26 06:28:52 +08:00
|
|
|
NETCONFA_IFINDEX_DEFAULT,
|
|
|
|
net->ipv4.devconf_dflt);
|
2007-12-05 17:44:58 +08:00
|
|
|
|
2007-12-17 05:31:14 +08:00
|
|
|
for_each_netdev(net, dev) {
|
2007-12-05 17:44:58 +08:00
|
|
|
struct in_device *in_dev;
|
2016-07-08 11:18:24 +08:00
|
|
|
|
2008-06-20 07:15:47 +08:00
|
|
|
if (on)
|
|
|
|
dev_disable_lro(dev);
|
2016-07-08 11:18:24 +08:00
|
|
|
|
|
|
|
in_dev = __in_dev_get_rtnl(dev);
|
2012-10-26 06:28:52 +08:00
|
|
|
if (in_dev) {
|
2007-12-05 17:44:58 +08:00
|
|
|
IN_DEV_CONF_SET(in_dev, FORWARDING, on);
|
2017-03-29 05:28:02 +08:00
|
|
|
inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
|
|
|
|
NETCONFA_FORWARDING,
|
2012-10-26 06:28:52 +08:00
|
|
|
dev->ifindex, &in_dev->cnf);
|
|
|
|
}
|
2007-12-05 17:44:58 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2013-12-13 05:06:50 +08:00
|
|
|
static int devinet_conf_ifindex(struct net *net, struct ipv4_devconf *cnf)
|
|
|
|
{
|
|
|
|
if (cnf == net->ipv4.devconf_dflt)
|
|
|
|
return NETCONFA_IFINDEX_DEFAULT;
|
|
|
|
else if (cnf == net->ipv4.devconf_all)
|
|
|
|
return NETCONFA_IFINDEX_ALL;
|
|
|
|
else {
|
|
|
|
struct in_device *idev
|
|
|
|
= container_of(cnf, struct in_device, cnf);
|
|
|
|
return idev->dev->ifindex;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2013-06-12 14:04:25 +08:00
|
|
|
static int devinet_conf_proc(struct ctl_table *ctl, int write,
|
2020-04-24 14:43:38 +08:00
|
|
|
void *buffer, size_t *lenp, loff_t *ppos)
|
2007-06-05 14:35:37 +08:00
|
|
|
{
|
2011-12-01 23:47:06 +08:00
|
|
|
int old_value = *(int *)ctl->data;
|
2009-09-24 06:57:19 +08:00
|
|
|
int ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
|
2011-12-01 23:47:06 +08:00
|
|
|
int new_value = *(int *)ctl->data;
|
2007-06-05 14:35:37 +08:00
|
|
|
|
|
|
|
if (write) {
|
|
|
|
struct ipv4_devconf *cnf = ctl->extra1;
|
2007-12-17 05:31:14 +08:00
|
|
|
struct net *net = ctl->extra2;
|
2007-06-05 14:35:37 +08:00
|
|
|
int i = (int *)ctl->data - cnf->data;
|
2013-12-13 05:06:50 +08:00
|
|
|
int ifindex;
|
2007-06-05 14:35:37 +08:00
|
|
|
|
|
|
|
set_bit(i, cnf->state);
|
|
|
|
|
2007-12-17 05:32:16 +08:00
|
|
|
if (cnf == net->ipv4.devconf_dflt)
|
2007-12-17 05:31:14 +08:00
|
|
|
devinet_copy_dflt_conf(net, i);
|
2012-06-12 08:44:01 +08:00
|
|
|
if (i == IPV4_DEVCONF_ACCEPT_LOCAL - 1 ||
|
|
|
|
i == IPV4_DEVCONF_ROUTE_LOCALNET - 1)
|
2011-12-01 23:47:06 +08:00
|
|
|
if ((new_value == 0) && (old_value != 0))
|
2012-09-07 08:45:29 +08:00
|
|
|
rt_cache_flush(net);
|
2013-12-13 05:06:50 +08:00
|
|
|
|
2018-07-27 16:37:28 +08:00
|
|
|
if (i == IPV4_DEVCONF_BC_FORWARDING - 1 &&
|
|
|
|
new_value != old_value)
|
|
|
|
rt_cache_flush(net);
|
|
|
|
|
2012-10-29 12:53:27 +08:00
|
|
|
if (i == IPV4_DEVCONF_RP_FILTER - 1 &&
|
|
|
|
new_value != old_value) {
|
2013-12-13 05:06:50 +08:00
|
|
|
ifindex = devinet_conf_ifindex(net, cnf);
|
2017-03-29 05:28:02 +08:00
|
|
|
inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
|
|
|
|
NETCONFA_RP_FILTER,
|
2012-10-29 12:53:27 +08:00
|
|
|
ifindex, cnf);
|
|
|
|
}
|
2013-12-13 05:06:50 +08:00
|
|
|
if (i == IPV4_DEVCONF_PROXY_ARP - 1 &&
|
|
|
|
new_value != old_value) {
|
|
|
|
ifindex = devinet_conf_ifindex(net, cnf);
|
2017-03-29 05:28:02 +08:00
|
|
|
inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
|
|
|
|
NETCONFA_PROXY_NEIGH,
|
2013-12-13 05:06:50 +08:00
|
|
|
ifindex, cnf);
|
|
|
|
}
|
2015-07-08 01:56:57 +08:00
|
|
|
if (i == IPV4_DEVCONF_IGNORE_ROUTES_WITH_LINKDOWN - 1 &&
|
|
|
|
new_value != old_value) {
|
|
|
|
ifindex = devinet_conf_ifindex(net, cnf);
|
2017-03-29 05:28:02 +08:00
|
|
|
inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
|
|
|
|
NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN,
|
2015-07-08 01:56:57 +08:00
|
|
|
ifindex, cnf);
|
|
|
|
}
|
2007-06-05 14:35:37 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2013-06-12 14:04:25 +08:00
|
|
|
static int devinet_sysctl_forward(struct ctl_table *ctl, int write,
|
2020-04-24 14:43:38 +08:00
|
|
|
void *buffer, size_t *lenp, loff_t *ppos)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
|
|
|
int *valp = ctl->data;
|
|
|
|
int val = *valp;
|
2010-02-19 21:22:59 +08:00
|
|
|
loff_t pos = *ppos;
|
2021-07-20 09:43:28 +08:00
|
|
|
struct net *net = ctl->extra2;
|
|
|
|
int ret;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2021-07-20 09:43:28 +08:00
|
|
|
if (write && !ns_capable(net->user_ns, CAP_NET_ADMIN))
|
|
|
|
return -EPERM;
|
|
|
|
|
|
|
|
ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
|
2007-12-17 05:31:14 +08:00
|
|
|
|
2021-07-20 09:43:28 +08:00
|
|
|
if (write && *valp != val) {
|
2008-06-20 07:15:47 +08:00
|
|
|
if (valp != &IPV4_DEVCONF_DFLT(net, FORWARDING)) {
|
2010-02-19 21:22:59 +08:00
|
|
|
if (!rtnl_trylock()) {
|
|
|
|
/* Restore the original values before restarting */
|
|
|
|
*valp = val;
|
|
|
|
*ppos = pos;
|
2009-05-14 00:59:21 +08:00
|
|
|
return restart_syscall();
|
2010-02-19 21:22:59 +08:00
|
|
|
}
|
2008-06-20 07:15:47 +08:00
|
|
|
if (valp == &IPV4_DEVCONF_ALL(net, FORWARDING)) {
|
|
|
|
inet_forward_change(net);
|
2012-10-26 06:28:52 +08:00
|
|
|
} else {
|
2008-06-20 07:15:47 +08:00
|
|
|
struct ipv4_devconf *cnf = ctl->extra1;
|
|
|
|
struct in_device *idev =
|
|
|
|
container_of(cnf, struct in_device, cnf);
|
2012-10-26 06:28:52 +08:00
|
|
|
if (*valp)
|
|
|
|
dev_disable_lro(idev->dev);
|
2017-03-29 05:28:02 +08:00
|
|
|
inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
|
2012-10-26 06:28:52 +08:00
|
|
|
NETCONFA_FORWARDING,
|
|
|
|
idev->dev->ifindex,
|
|
|
|
cnf);
|
2008-06-20 07:15:47 +08:00
|
|
|
}
|
|
|
|
rtnl_unlock();
|
2012-09-07 08:45:29 +08:00
|
|
|
rt_cache_flush(net);
|
2012-10-26 06:28:52 +08:00
|
|
|
} else
|
2017-03-29 05:28:02 +08:00
|
|
|
inet_netconf_notify_devconf(net, RTM_NEWNETCONF,
|
|
|
|
NETCONFA_FORWARDING,
|
2012-10-26 06:28:52 +08:00
|
|
|
NETCONFA_IFINDEX_DEFAULT,
|
|
|
|
net->ipv4.devconf_dflt);
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2013-06-12 14:04:25 +08:00
|
|
|
static int ipv4_doint_and_flush(struct ctl_table *ctl, int write,
|
2020-04-24 14:43:38 +08:00
|
|
|
void *buffer, size_t *lenp, loff_t *ppos)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
|
|
|
int *valp = ctl->data;
|
|
|
|
int val = *valp;
|
2009-09-24 06:57:19 +08:00
|
|
|
int ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
|
2008-07-06 10:00:44 +08:00
|
|
|
struct net *net = ctl->extra2;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
if (write && *valp != val)
|
2012-09-07 08:45:29 +08:00
|
|
|
rt_cache_flush(net);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2009-11-06 05:32:03 +08:00
|
|
|
#define DEVINET_SYSCTL_ENTRY(attr, name, mval, proc) \
|
2007-06-05 14:34:44 +08:00
|
|
|
{ \
|
|
|
|
.procname = name, \
|
|
|
|
.data = ipv4_devconf.data + \
|
2010-02-14 11:25:51 +08:00
|
|
|
IPV4_DEVCONF_ ## attr - 1, \
|
2007-06-05 14:34:44 +08:00
|
|
|
.maxlen = sizeof(int), \
|
|
|
|
.mode = mval, \
|
|
|
|
.proc_handler = proc, \
|
2007-06-05 14:35:37 +08:00
|
|
|
.extra1 = &ipv4_devconf, \
|
2007-06-05 14:34:44 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
#define DEVINET_SYSCTL_RW_ENTRY(attr, name) \
|
2009-11-06 05:32:03 +08:00
|
|
|
DEVINET_SYSCTL_ENTRY(attr, name, 0644, devinet_conf_proc)
|
2007-06-05 14:34:44 +08:00
|
|
|
|
|
|
|
#define DEVINET_SYSCTL_RO_ENTRY(attr, name) \
|
2009-11-06 05:32:03 +08:00
|
|
|
DEVINET_SYSCTL_ENTRY(attr, name, 0444, devinet_conf_proc)
|
2007-06-05 14:34:44 +08:00
|
|
|
|
2009-11-06 05:32:03 +08:00
|
|
|
#define DEVINET_SYSCTL_COMPLEX_ENTRY(attr, name, proc) \
|
|
|
|
DEVINET_SYSCTL_ENTRY(attr, name, 0644, proc)
|
2007-06-05 14:34:44 +08:00
|
|
|
|
|
|
|
#define DEVINET_SYSCTL_FLUSHING_ENTRY(attr, name) \
|
2009-11-06 05:32:03 +08:00
|
|
|
DEVINET_SYSCTL_COMPLEX_ENTRY(attr, name, ipv4_doint_and_flush)
|
2007-06-05 14:34:44 +08:00
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
static struct devinet_sysctl_table {
|
|
|
|
struct ctl_table_header *sysctl_header;
|
2010-02-14 11:25:51 +08:00
|
|
|
struct ctl_table devinet_vars[__IPV4_DEVCONF_MAX];
|
2005-04-17 06:20:36 +08:00
|
|
|
} devinet_sysctl = {
|
|
|
|
.devinet_vars = {
|
2007-06-05 14:34:44 +08:00
|
|
|
DEVINET_SYSCTL_COMPLEX_ENTRY(FORWARDING, "forwarding",
|
2009-11-06 05:32:03 +08:00
|
|
|
devinet_sysctl_forward),
|
2007-06-05 14:34:44 +08:00
|
|
|
DEVINET_SYSCTL_RO_ENTRY(MC_FORWARDING, "mc_forwarding"),
|
2018-07-27 16:37:28 +08:00
|
|
|
DEVINET_SYSCTL_RW_ENTRY(BC_FORWARDING, "bc_forwarding"),
|
2007-06-05 14:34:44 +08:00
|
|
|
|
|
|
|
DEVINET_SYSCTL_RW_ENTRY(ACCEPT_REDIRECTS, "accept_redirects"),
|
|
|
|
DEVINET_SYSCTL_RW_ENTRY(SECURE_REDIRECTS, "secure_redirects"),
|
|
|
|
DEVINET_SYSCTL_RW_ENTRY(SHARED_MEDIA, "shared_media"),
|
|
|
|
DEVINET_SYSCTL_RW_ENTRY(RP_FILTER, "rp_filter"),
|
|
|
|
DEVINET_SYSCTL_RW_ENTRY(SEND_REDIRECTS, "send_redirects"),
|
|
|
|
DEVINET_SYSCTL_RW_ENTRY(ACCEPT_SOURCE_ROUTE,
|
|
|
|
"accept_source_route"),
|
2009-12-03 09:25:58 +08:00
|
|
|
DEVINET_SYSCTL_RW_ENTRY(ACCEPT_LOCAL, "accept_local"),
|
2009-12-26 09:30:22 +08:00
|
|
|
DEVINET_SYSCTL_RW_ENTRY(SRC_VMARK, "src_valid_mark"),
|
2007-06-05 14:34:44 +08:00
|
|
|
DEVINET_SYSCTL_RW_ENTRY(PROXY_ARP, "proxy_arp"),
|
|
|
|
DEVINET_SYSCTL_RW_ENTRY(MEDIUM_ID, "medium_id"),
|
|
|
|
DEVINET_SYSCTL_RW_ENTRY(BOOTP_RELAY, "bootp_relay"),
|
|
|
|
DEVINET_SYSCTL_RW_ENTRY(LOG_MARTIANS, "log_martians"),
|
|
|
|
DEVINET_SYSCTL_RW_ENTRY(TAG, "tag"),
|
|
|
|
DEVINET_SYSCTL_RW_ENTRY(ARPFILTER, "arp_filter"),
|
|
|
|
DEVINET_SYSCTL_RW_ENTRY(ARP_ANNOUNCE, "arp_announce"),
|
|
|
|
DEVINET_SYSCTL_RW_ENTRY(ARP_IGNORE, "arp_ignore"),
|
|
|
|
DEVINET_SYSCTL_RW_ENTRY(ARP_ACCEPT, "arp_accept"),
|
2009-02-01 17:04:33 +08:00
|
|
|
DEVINET_SYSCTL_RW_ENTRY(ARP_NOTIFY, "arp_notify"),
|
net: arp: introduce arp_evict_nocarrier sysctl parameter
This change introduces a new sysctl parameter, arp_evict_nocarrier.
When set (default) the ARP cache will be cleared on a NOCARRIER event.
This new option has been defaulted to '1' which maintains existing
behavior.
Clearing the ARP cache on NOCARRIER is relatively new, introduced by:
commit 859bd2ef1fc1110a8031b967ee656c53a6260a76
Author: David Ahern <dsahern@gmail.com>
Date: Thu Oct 11 20:33:49 2018 -0700
net: Evict neighbor entries on carrier down
The reason for this changes is to prevent the ARP cache from being
cleared when a wireless device roams. Specifically for wireless roams
the ARP cache should not be cleared because the underlying network has not
changed. Clearing the ARP cache in this case can introduce significant
delays sending out packets after a roam.
A user reported such a situation here:
https://lore.kernel.org/linux-wireless/CACsRnHWa47zpx3D1oDq9JYnZWniS8yBwW1h0WAVZ6vrbwL_S0w@mail.gmail.com/
After some investigation it was found that the kernel was holding onto
packets until ARP finished which resulted in this 1 second delay. It
was also found that the first ARP who-has was never responded to,
which is actually what caues the delay. This change is more or less
working around this behavior, but again, there is no reason to clear
the cache on a roam anyways.
As for the unanswered who-has, we know the packet made it OTA since
it was seen while monitoring. Why it never received a response is
unknown. In any case, since this is a problem on the AP side of things
all that can be done is to work around it until it is solved.
Some background on testing/reproducing the packet delay:
Hardware:
- 2 access points configured for Fast BSS Transition (Though I don't
see why regular reassociation wouldn't have the same behavior)
- Wireless station running IWD as supplicant
- A device on network able to respond to pings (I used one of the APs)
Procedure:
- Connect to first AP
- Ping once to establish an ARP entry
- Start a tcpdump
- Roam to second AP
- Wait for operstate UP event, and note the timestamp
- Start pinging
Results:
Below is the tcpdump after UP. It was recorded the interface went UP at
10:42:01.432875.
10:42:01.461871 ARP, Request who-has 192.168.254.1 tell 192.168.254.71, length 28
10:42:02.497976 ARP, Request who-has 192.168.254.1 tell 192.168.254.71, length 28
10:42:02.507162 ARP, Reply 192.168.254.1 is-at ac:86:74:55:b0:20, length 46
10:42:02.507185 IP 192.168.254.71 > 192.168.254.1: ICMP echo request, id 52792, seq 1, length 64
10:42:02.507205 IP 192.168.254.71 > 192.168.254.1: ICMP echo request, id 52792, seq 2, length 64
10:42:02.507212 IP 192.168.254.71 > 192.168.254.1: ICMP echo request, id 52792, seq 3, length 64
10:42:02.507219 IP 192.168.254.71 > 192.168.254.1: ICMP echo request, id 52792, seq 4, length 64
10:42:02.507225 IP 192.168.254.71 > 192.168.254.1: ICMP echo request, id 52792, seq 5, length 64
10:42:02.507232 IP 192.168.254.71 > 192.168.254.1: ICMP echo request, id 52792, seq 6, length 64
10:42:02.515373 IP 192.168.254.1 > 192.168.254.71: ICMP echo reply, id 52792, seq 1, length 64
10:42:02.521399 IP 192.168.254.1 > 192.168.254.71: ICMP echo reply, id 52792, seq 2, length 64
10:42:02.521612 IP 192.168.254.1 > 192.168.254.71: ICMP echo reply, id 52792, seq 3, length 64
10:42:02.521941 IP 192.168.254.1 > 192.168.254.71: ICMP echo reply, id 52792, seq 4, length 64
10:42:02.522419 IP 192.168.254.1 > 192.168.254.71: ICMP echo reply, id 52792, seq 5, length 64
10:42:02.523085 IP 192.168.254.1 > 192.168.254.71: ICMP echo reply, id 52792, seq 6, length 64
You can see the first ARP who-has went out very quickly after UP, but
was never responded to. Nearly a second later the kernel retries and
gets a response. Only then do the ping packets go out. If an ARP entry
is manually added prior to UP (after the cache is cleared) it is seen
that the first ping is never responded to, so its not only an issue with
ARP but with data packets in general.
As mentioned prior, the wireless interface was also monitored to verify
the ping/ARP packet made it OTA which was observed to be true.
Signed-off-by: James Prestwood <prestwoj@gmail.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2021-11-02 01:36:28 +08:00
|
|
|
DEVINET_SYSCTL_RW_ENTRY(ARP_EVICT_NOCARRIER,
|
|
|
|
"arp_evict_nocarrier"),
|
2010-01-05 13:50:47 +08:00
|
|
|
DEVINET_SYSCTL_RW_ENTRY(PROXY_ARP_PVLAN, "proxy_arp_pvlan"),
|
2013-08-07 02:03:14 +08:00
|
|
|
DEVINET_SYSCTL_RW_ENTRY(FORCE_IGMP_VERSION,
|
|
|
|
"force_igmp_version"),
|
2013-08-07 02:03:15 +08:00
|
|
|
DEVINET_SYSCTL_RW_ENTRY(IGMPV2_UNSOLICITED_REPORT_INTERVAL,
|
|
|
|
"igmpv2_unsolicited_report_interval"),
|
|
|
|
DEVINET_SYSCTL_RW_ENTRY(IGMPV3_UNSOLICITED_REPORT_INTERVAL,
|
|
|
|
"igmpv3_unsolicited_report_interval"),
|
2015-06-24 01:45:37 +08:00
|
|
|
DEVINET_SYSCTL_RW_ENTRY(IGNORE_ROUTES_WITH_LINKDOWN,
|
|
|
|
"ignore_routes_with_linkdown"),
|
2016-02-04 20:31:18 +08:00
|
|
|
DEVINET_SYSCTL_RW_ENTRY(DROP_GRATUITOUS_ARP,
|
|
|
|
"drop_gratuitous_arp"),
|
2007-06-05 14:34:44 +08:00
|
|
|
|
|
|
|
DEVINET_SYSCTL_FLUSHING_ENTRY(NOXFRM, "disable_xfrm"),
|
|
|
|
DEVINET_SYSCTL_FLUSHING_ENTRY(NOPOLICY, "disable_policy"),
|
|
|
|
DEVINET_SYSCTL_FLUSHING_ENTRY(PROMOTE_SECONDARIES,
|
|
|
|
"promote_secondaries"),
|
2012-06-12 08:44:01 +08:00
|
|
|
DEVINET_SYSCTL_FLUSHING_ENTRY(ROUTE_LOCALNET,
|
|
|
|
"route_localnet"),
|
2016-02-04 20:31:17 +08:00
|
|
|
DEVINET_SYSCTL_FLUSHING_ENTRY(DROP_UNICAST_IN_L2_MULTICAST,
|
|
|
|
"drop_unicast_in_l2_multicast"),
|
2005-04-17 06:20:36 +08:00
|
|
|
},
|
|
|
|
};
|
|
|
|
|
2007-12-17 05:30:07 +08:00
|
|
|
static int __devinet_sysctl_register(struct net *net, char *dev_name,
|
2016-08-30 16:09:22 +08:00
|
|
|
int ifindex, struct ipv4_devconf *p)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
|
|
|
int i;
|
2007-12-01 21:17:46 +08:00
|
|
|
struct devinet_sysctl_table *t;
|
2012-04-19 21:42:09 +08:00
|
|
|
char path[sizeof("net/ipv4/conf/") + IFNAMSIZ];
|
2007-12-01 21:57:08 +08:00
|
|
|
|
2022-05-02 20:15:51 +08:00
|
|
|
t = kmemdup(&devinet_sysctl, sizeof(*t), GFP_KERNEL_ACCOUNT);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (!t)
|
2007-12-01 21:17:46 +08:00
|
|
|
goto out;
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
for (i = 0; i < ARRAY_SIZE(t->devinet_vars) - 1; i++) {
|
|
|
|
t->devinet_vars[i].data += (char *)p - (char *)&ipv4_devconf;
|
2007-06-05 14:35:37 +08:00
|
|
|
t->devinet_vars[i].extra1 = p;
|
2007-12-17 05:31:14 +08:00
|
|
|
t->devinet_vars[i].extra2 = net;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
2012-04-19 21:42:09 +08:00
|
|
|
snprintf(path, sizeof(path), "net/ipv4/conf/%s", dev_name);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2012-04-19 21:42:09 +08:00
|
|
|
t->sysctl_header = register_net_sysctl(net, path, t->devinet_vars);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (!t->sysctl_header)
|
2012-04-19 21:42:09 +08:00
|
|
|
goto free;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
p->sysctl = t;
|
2016-08-30 16:09:22 +08:00
|
|
|
|
2017-03-29 05:28:02 +08:00
|
|
|
inet_netconf_notify_devconf(net, RTM_NEWNETCONF, NETCONFA_ALL,
|
|
|
|
ifindex, p);
|
2007-12-17 05:30:07 +08:00
|
|
|
return 0;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2007-12-01 21:17:46 +08:00
|
|
|
free:
|
2005-04-17 06:20:36 +08:00
|
|
|
kfree(t);
|
2007-12-01 21:17:46 +08:00
|
|
|
out:
|
2021-11-15 16:14:48 +08:00
|
|
|
return -ENOMEM;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
2017-03-29 05:28:03 +08:00
|
|
|
static void __devinet_sysctl_unregister(struct net *net,
|
|
|
|
struct ipv4_devconf *cnf, int ifindex)
|
2007-12-11 18:17:40 +08:00
|
|
|
{
|
|
|
|
struct devinet_sysctl_table *t = cnf->sysctl;
|
|
|
|
|
2017-03-29 05:28:03 +08:00
|
|
|
if (t) {
|
|
|
|
cnf->sysctl = NULL;
|
|
|
|
unregister_net_sysctl_table(t->sysctl_header);
|
|
|
|
kfree(t);
|
|
|
|
}
|
2007-12-11 18:17:40 +08:00
|
|
|
|
2017-03-29 05:28:03 +08:00
|
|
|
inet_netconf_notify_devconf(net, RTM_DELNETCONF, 0, ifindex, NULL);
|
2007-12-11 18:17:40 +08:00
|
|
|
}
|
|
|
|
|
2014-07-26 06:25:08 +08:00
|
|
|
static int devinet_sysctl_register(struct in_device *idev)
|
2007-12-01 21:55:54 +08:00
|
|
|
{
|
2014-07-26 06:25:08 +08:00
|
|
|
int err;
|
|
|
|
|
|
|
|
if (!sysctl_dev_name_is_allowed(idev->dev->name))
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
err = neigh_sysctl_register(idev->dev, idev->arp_parms, NULL);
|
|
|
|
if (err)
|
|
|
|
return err;
|
|
|
|
err = __devinet_sysctl_register(dev_net(idev->dev), idev->dev->name,
|
2016-08-30 16:09:22 +08:00
|
|
|
idev->dev->ifindex, &idev->cnf);
|
2014-07-26 06:25:08 +08:00
|
|
|
if (err)
|
|
|
|
neigh_sysctl_unregister(idev->arp_parms);
|
|
|
|
return err;
|
2007-12-01 21:55:54 +08:00
|
|
|
}
|
|
|
|
|
2007-12-11 18:17:40 +08:00
|
|
|
static void devinet_sysctl_unregister(struct in_device *idev)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
2017-03-29 05:28:03 +08:00
|
|
|
struct net *net = dev_net(idev->dev);
|
|
|
|
|
|
|
|
__devinet_sysctl_unregister(net, &idev->cnf, idev->dev->ifindex);
|
2007-12-11 18:17:40 +08:00
|
|
|
neigh_sysctl_unregister(idev->arp_parms);
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
2007-12-05 17:44:58 +08:00
|
|
|
static struct ctl_table ctl_forward_entry[] = {
|
|
|
|
{
|
|
|
|
.procname = "ip_forward",
|
|
|
|
.data = &ipv4_devconf.data[
|
2010-02-14 11:25:51 +08:00
|
|
|
IPV4_DEVCONF_FORWARDING - 1],
|
2007-12-05 17:44:58 +08:00
|
|
|
.maxlen = sizeof(int),
|
|
|
|
.mode = 0644,
|
|
|
|
.proc_handler = devinet_sysctl_forward,
|
|
|
|
.extra1 = &ipv4_devconf,
|
2007-12-17 05:31:14 +08:00
|
|
|
.extra2 = &init_net,
|
2007-12-05 17:44:58 +08:00
|
|
|
},
|
|
|
|
{ },
|
|
|
|
};
|
2008-01-06 15:08:49 +08:00
|
|
|
#endif
|
2007-12-05 17:44:58 +08:00
|
|
|
|
2007-12-17 05:31:47 +08:00
|
|
|
static __net_init int devinet_init_net(struct net *net)
|
|
|
|
{
|
|
|
|
int err;
|
|
|
|
struct ipv4_devconf *all, *dflt;
|
2008-01-06 15:08:49 +08:00
|
|
|
#ifdef CONFIG_SYSCTL
|
2019-01-18 15:27:11 +08:00
|
|
|
struct ctl_table *tbl;
|
2007-12-17 05:31:47 +08:00
|
|
|
struct ctl_table_header *forw_hdr;
|
2008-01-06 15:08:49 +08:00
|
|
|
#endif
|
2007-12-17 05:31:47 +08:00
|
|
|
|
|
|
|
err = -ENOMEM;
|
2019-01-18 15:27:11 +08:00
|
|
|
all = kmemdup(&ipv4_devconf, sizeof(ipv4_devconf), GFP_KERNEL);
|
|
|
|
if (!all)
|
|
|
|
goto err_alloc_all;
|
2007-12-17 05:31:47 +08:00
|
|
|
|
2019-01-18 15:27:11 +08:00
|
|
|
dflt = kmemdup(&ipv4_devconf_dflt, sizeof(ipv4_devconf_dflt), GFP_KERNEL);
|
|
|
|
if (!dflt)
|
|
|
|
goto err_alloc_dflt;
|
2007-12-17 05:31:47 +08:00
|
|
|
|
2008-01-06 15:08:49 +08:00
|
|
|
#ifdef CONFIG_SYSCTL
|
2019-01-18 15:27:11 +08:00
|
|
|
tbl = kmemdup(ctl_forward_entry, sizeof(ctl_forward_entry), GFP_KERNEL);
|
|
|
|
if (!tbl)
|
|
|
|
goto err_alloc_ctl;
|
2007-12-17 05:31:47 +08:00
|
|
|
|
2019-01-18 15:27:11 +08:00
|
|
|
tbl[0].data = &all->data[IPV4_DEVCONF_FORWARDING - 1];
|
|
|
|
tbl[0].extra1 = all;
|
|
|
|
tbl[0].extra2 = net;
|
2008-01-06 15:08:49 +08:00
|
|
|
#endif
|
2019-01-18 15:27:11 +08:00
|
|
|
|
2020-05-13 21:58:43 +08:00
|
|
|
if (!net_eq(net, &init_net)) {
|
2022-08-24 01:46:57 +08:00
|
|
|
switch (net_inherit_devconf()) {
|
|
|
|
case 3:
|
2020-05-13 21:58:43 +08:00
|
|
|
/* copy from the current netns */
|
|
|
|
memcpy(all, current->nsproxy->net_ns->ipv4.devconf_all,
|
|
|
|
sizeof(ipv4_devconf));
|
|
|
|
memcpy(dflt,
|
|
|
|
current->nsproxy->net_ns->ipv4.devconf_dflt,
|
|
|
|
sizeof(ipv4_devconf_dflt));
|
2022-08-24 01:46:57 +08:00
|
|
|
break;
|
|
|
|
case 0:
|
|
|
|
case 1:
|
|
|
|
/* copy from init_net */
|
2020-05-13 21:58:43 +08:00
|
|
|
memcpy(all, init_net.ipv4.devconf_all,
|
|
|
|
sizeof(ipv4_devconf));
|
|
|
|
memcpy(dflt, init_net.ipv4.devconf_dflt,
|
|
|
|
sizeof(ipv4_devconf_dflt));
|
2022-08-24 01:46:57 +08:00
|
|
|
break;
|
|
|
|
case 2:
|
|
|
|
/* use compiled values */
|
|
|
|
break;
|
2020-05-13 21:58:43 +08:00
|
|
|
}
|
2007-12-17 05:31:47 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
#ifdef CONFIG_SYSCTL
|
2016-08-30 16:09:22 +08:00
|
|
|
err = __devinet_sysctl_register(net, "all", NETCONFA_IFINDEX_ALL, all);
|
2007-12-17 05:31:47 +08:00
|
|
|
if (err < 0)
|
|
|
|
goto err_reg_all;
|
|
|
|
|
2016-08-30 16:09:22 +08:00
|
|
|
err = __devinet_sysctl_register(net, "default",
|
|
|
|
NETCONFA_IFINDEX_DEFAULT, dflt);
|
2007-12-17 05:31:47 +08:00
|
|
|
if (err < 0)
|
|
|
|
goto err_reg_dflt;
|
|
|
|
|
|
|
|
err = -ENOMEM;
|
2012-04-19 21:42:09 +08:00
|
|
|
forw_hdr = register_net_sysctl(net, "net/ipv4", tbl);
|
2015-04-03 16:17:26 +08:00
|
|
|
if (!forw_hdr)
|
2007-12-17 05:31:47 +08:00
|
|
|
goto err_reg_ctl;
|
2008-01-06 15:08:49 +08:00
|
|
|
net->ipv4.forw_hdr = forw_hdr;
|
2007-12-17 05:31:47 +08:00
|
|
|
#endif
|
|
|
|
|
|
|
|
net->ipv4.devconf_all = all;
|
|
|
|
net->ipv4.devconf_dflt = dflt;
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
#ifdef CONFIG_SYSCTL
|
|
|
|
err_reg_ctl:
|
2017-03-29 05:28:03 +08:00
|
|
|
__devinet_sysctl_unregister(net, dflt, NETCONFA_IFINDEX_DEFAULT);
|
2007-12-17 05:31:47 +08:00
|
|
|
err_reg_dflt:
|
2017-03-29 05:28:03 +08:00
|
|
|
__devinet_sysctl_unregister(net, all, NETCONFA_IFINDEX_ALL);
|
2007-12-17 05:31:47 +08:00
|
|
|
err_reg_all:
|
2019-01-18 15:27:11 +08:00
|
|
|
kfree(tbl);
|
2007-12-17 05:31:47 +08:00
|
|
|
err_alloc_ctl:
|
2008-01-06 15:08:49 +08:00
|
|
|
#endif
|
2019-01-18 15:27:11 +08:00
|
|
|
kfree(dflt);
|
2007-12-17 05:31:47 +08:00
|
|
|
err_alloc_dflt:
|
2019-01-18 15:27:11 +08:00
|
|
|
kfree(all);
|
2007-12-17 05:31:47 +08:00
|
|
|
err_alloc_all:
|
|
|
|
return err;
|
|
|
|
}
|
|
|
|
|
|
|
|
static __net_exit void devinet_exit_net(struct net *net)
|
|
|
|
{
|
2008-01-06 15:08:49 +08:00
|
|
|
#ifdef CONFIG_SYSCTL
|
2007-12-17 05:31:47 +08:00
|
|
|
struct ctl_table *tbl;
|
|
|
|
|
|
|
|
tbl = net->ipv4.forw_hdr->ctl_table_arg;
|
|
|
|
unregister_net_sysctl_table(net->ipv4.forw_hdr);
|
2017-03-29 05:28:03 +08:00
|
|
|
__devinet_sysctl_unregister(net, net->ipv4.devconf_dflt,
|
|
|
|
NETCONFA_IFINDEX_DEFAULT);
|
|
|
|
__devinet_sysctl_unregister(net, net->ipv4.devconf_all,
|
|
|
|
NETCONFA_IFINDEX_ALL);
|
2007-12-17 05:31:47 +08:00
|
|
|
kfree(tbl);
|
2008-01-06 15:08:49 +08:00
|
|
|
#endif
|
2007-12-17 05:31:47 +08:00
|
|
|
kfree(net->ipv4.devconf_dflt);
|
|
|
|
kfree(net->ipv4.devconf_all);
|
|
|
|
}
|
|
|
|
|
|
|
|
static __net_initdata struct pernet_operations devinet_ops = {
|
|
|
|
.init = devinet_init_net,
|
|
|
|
.exit = devinet_exit_net,
|
|
|
|
};
|
|
|
|
|
2015-01-29 19:15:03 +08:00
|
|
|
static struct rtnl_af_ops inet_af_ops __read_mostly = {
|
2010-11-16 12:32:48 +08:00
|
|
|
.family = AF_INET,
|
|
|
|
.fill_link_af = inet_fill_link_af,
|
|
|
|
.get_link_af_size = inet_get_link_af_size,
|
2010-11-22 09:31:54 +08:00
|
|
|
.validate_link_af = inet_validate_link_af,
|
|
|
|
.set_link_af = inet_set_link_af,
|
2010-11-16 12:32:48 +08:00
|
|
|
};
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
void __init devinet_init(void)
|
|
|
|
{
|
2011-02-19 04:42:28 +08:00
|
|
|
int i;
|
|
|
|
|
|
|
|
for (i = 0; i < IN4_ADDR_HSIZE; i++)
|
|
|
|
INIT_HLIST_HEAD(&inet_addr_lst[i]);
|
|
|
|
|
2007-12-17 05:31:47 +08:00
|
|
|
register_pernet_subsys(&devinet_ops);
|
2005-04-17 06:20:36 +08:00
|
|
|
register_netdevice_notifier(&ip_netdev_notifier);
|
2007-03-23 02:55:17 +08:00
|
|
|
|
2014-01-22 14:53:32 +08:00
|
|
|
queue_delayed_work(system_power_efficient_wq, &check_lifetime_work, 0);
|
2013-01-24 17:41:41 +08:00
|
|
|
|
2010-11-16 12:32:48 +08:00
|
|
|
rtnl_af_register(&inet_af_ops);
|
|
|
|
|
2017-08-10 02:41:48 +08:00
|
|
|
rtnl_register(PF_INET, RTM_NEWADDR, inet_rtm_newaddr, NULL, 0);
|
|
|
|
rtnl_register(PF_INET, RTM_DELADDR, inet_rtm_deladdr, NULL, 0);
|
|
|
|
rtnl_register(PF_INET, RTM_GETADDR, NULL, inet_dump_ifaddr, 0);
|
2012-10-26 06:28:53 +08:00
|
|
|
rtnl_register(PF_INET, RTM_GETNETCONF, inet_netconf_get_devconf,
|
2017-08-10 02:41:48 +08:00
|
|
|
inet_netconf_dump_devconf, 0);
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|