projects / linux-drm-fsl-dcu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
MIPS: Save MSA extended context around signals
[linux-drm-fsl-dcu.git] / net / ipv4 / igmp.c
1 /*
2  *      Linux NET3:     Internet Group Management Protocol  [IGMP]
3  *
4  *      This code implements the IGMP protocol as defined in RFC1112. There has
5  *      been a further revision of this protocol since which is now supported.
6  *
7  *      If you have trouble with this module be careful what gcc you have used,
8  *      the older version didn't come out right using gcc 2.5.8, the newer one
9  *      seems to fall out with gcc 2.6.2.
10  *
11  *      Authors:
12  *              Alan Cox <alan@lxorguk.ukuu.org.uk>
13  *
14  *      This program is free software; you can redistribute it and/or
15  *      modify it under the terms of the GNU General Public License
16  *      as published by the Free Software Foundation; either version
17  *      2 of the License, or (at your option) any later version.
18  *
19  *      Fixes:
20  *
21  *              Alan Cox        :       Added lots of __inline__ to optimise
22  *                                      the memory usage of all the tiny little
23  *                                      functions.
24  *              Alan Cox        :       Dumped the header building experiment.
25  *              Alan Cox        :       Minor tweaks ready for multicast routing
26  *                                      and extended IGMP protocol.
27  *              Alan Cox        :       Removed a load of inline directives. Gcc 2.5.8
28  *                                      writes utterly bogus code otherwise (sigh)
29  *                                      fixed IGMP loopback to behave in the manner
30  *                                      desired by mrouted, fixed the fact it has been
31  *                                      broken since 1.3.6 and cleaned up a few minor
32  *                                      points.
33  *
34  *              Chih-Jen Chang  :       Tried to revise IGMP to Version 2
35  *              Tsu-Sheng Tsao          E-mail: chihjenc@scf.usc.edu and tsusheng@scf.usc.edu
36  *                                      The enhancements are mainly based on Steve Deering's
37  *                                      ipmulti-3.5 source code.
38  *              Chih-Jen Chang  :       Added the igmp_get_mrouter_info and
39  *              Tsu-Sheng Tsao          igmp_set_mrouter_info to keep track of
40  *                                      the mrouted version on that device.
41  *              Chih-Jen Chang  :       Added the max_resp_time parameter to
42  *              Tsu-Sheng Tsao          igmp_heard_query(). Using this parameter
43  *                                      to identify the multicast router version
44  *                                      and do what the IGMP version 2 specified.
45  *              Chih-Jen Chang  :       Added a timer to revert to IGMP V2 router
46  *              Tsu-Sheng Tsao          if the specified time expired.
47  *              Alan Cox        :       Stop IGMP from 0.0.0.0 being accepted.
48  *              Alan Cox        :       Use GFP_ATOMIC in the right places.
49  *              Christian Daudt :       igmp timer wasn't set for local group
50  *                                      memberships but was being deleted,
51  *                                      which caused a "del_timer() called
52  *                                      from %p with timer not initialized\n"
53  *                                      message (960131).
54  *              Christian Daudt :       removed del_timer from
55  *                                      igmp_timer_expire function (960205).
56  *             Christian Daudt :       igmp_heard_report now only calls
57  *                                     igmp_timer_expire if tm->running is
58  *                                     true (960216).
59  *              Malcolm Beattie :       ttl comparison wrong in igmp_rcv made
60  *                                      igmp_heard_query never trigger. Expiry
61  *                                      miscalculation fixed in igmp_heard_query
62  *                                      and random() made to return unsigned to
63  *                                      prevent negative expiry times.
64  *              Alexey Kuznetsov:       Wrong group leaving behaviour, backport
65  *                                      fix from pending 2.1.x patches.
66  *              Alan Cox:               Forget to enable FDDI support earlier.
67  *              Alexey Kuznetsov:       Fixed leaving groups on device down.
68  *              Alexey Kuznetsov:       Accordance to igmp-v2-06 draft.
69  *              David L Stevens:        IGMPv3 support, with help from
70  *                                      Vinay Kulkarni
71  */
72
73 #include <linux/module.h>
74 #include <linux/slab.h>
75 #include <asm/uaccess.h>
76 #include <linux/types.h>
77 #include <linux/kernel.h>
78 #include <linux/jiffies.h>
79 #include <linux/string.h>
80 #include <linux/socket.h>
81 #include <linux/sockios.h>
82 #include <linux/in.h>
83 #include <linux/inet.h>
84 #include <linux/netdevice.h>
85 #include <linux/skbuff.h>
86 #include <linux/inetdevice.h>
87 #include <linux/igmp.h>
88 #include <linux/if_arp.h>
89 #include <linux/rtnetlink.h>
90 #include <linux/times.h>
91 #include <linux/pkt_sched.h>
92
93 #include <net/net_namespace.h>
94 #include <net/arp.h>
95 #include <net/ip.h>
96 #include <net/protocol.h>
97 #include <net/route.h>
98 #include <net/sock.h>
99 #include <net/checksum.h>
100 #include <net/inet_common.h>
101 #include <linux/netfilter_ipv4.h>
102 #ifdef CONFIG_IP_MROUTE
103 #include <linux/mroute.h>
104 #endif
105 #ifdef CONFIG_PROC_FS
106 #include <linux/proc_fs.h>
107 #include <linux/seq_file.h>
108 #endif
109
110 #define IP_MAX_MEMBERSHIPS      20
111 #define IP_MAX_MSF              10
112
113 #ifdef CONFIG_IP_MULTICAST
114 /* Parameter names and values are taken from igmp-v2-06 draft */
115
116 #define IGMP_V1_ROUTER_PRESENT_TIMEOUT          (400*HZ)
117 #define IGMP_V2_ROUTER_PRESENT_TIMEOUT          (400*HZ)
118 #define IGMP_V2_UNSOLICITED_REPORT_INTERVAL     (10*HZ)
119 #define IGMP_V3_UNSOLICITED_REPORT_INTERVAL     (1*HZ)
120 #define IGMP_QUERY_RESPONSE_INTERVAL            (10*HZ)
121 #define IGMP_QUERY_ROBUSTNESS_VARIABLE          2
122
123
124 #define IGMP_INITIAL_REPORT_DELAY               (1)
125
126 /* IGMP_INITIAL_REPORT_DELAY is not from IGMP specs!
127  * IGMP specs require to report membership immediately after
128  * joining a group, but we delay the first report by a
129  * small interval. It seems more natural and still does not
130  * contradict to specs provided this delay is small enough.
131  */
132
133 #define IGMP_V1_SEEN(in_dev) \
134         (IPV4_DEVCONF_ALL(dev_net(in_dev->dev), FORCE_IGMP_VERSION) == 1 || \
135          IN_DEV_CONF_GET((in_dev), FORCE_IGMP_VERSION) == 1 || \
136          ((in_dev)->mr_v1_seen && \
137           time_before(jiffies, (in_dev)->mr_v1_seen)))
138 #define IGMP_V2_SEEN(in_dev) \
139         (IPV4_DEVCONF_ALL(dev_net(in_dev->dev), FORCE_IGMP_VERSION) == 2 || \
140          IN_DEV_CONF_GET((in_dev), FORCE_IGMP_VERSION) == 2 || \
141          ((in_dev)->mr_v2_seen && \
142           time_before(jiffies, (in_dev)->mr_v2_seen)))
143
144 static int unsolicited_report_interval(struct in_device *in_dev)
145 {
146         int interval_ms, interval_jiffies;
147
148         if (IGMP_V1_SEEN(in_dev) || IGMP_V2_SEEN(in_dev))
149                 interval_ms = IN_DEV_CONF_GET(
150                         in_dev,
151                         IGMPV2_UNSOLICITED_REPORT_INTERVAL);
152         else /* v3 */
153                 interval_ms = IN_DEV_CONF_GET(
154                         in_dev,
155                         IGMPV3_UNSOLICITED_REPORT_INTERVAL);
156
157         interval_jiffies = msecs_to_jiffies(interval_ms);
158
159         /* _timer functions can't handle a delay of 0 jiffies so ensure
160          *  we always return a positive value.
161          */
162         if (interval_jiffies <= 0)
163                 interval_jiffies = 1;
164         return interval_jiffies;
165 }
166
167 static void igmpv3_add_delrec(struct in_device *in_dev, struct ip_mc_list *im);
168 static void igmpv3_del_delrec(struct in_device *in_dev, __be32 multiaddr);
169 static void igmpv3_clear_delrec(struct in_device *in_dev);
170 static int sf_setstate(struct ip_mc_list *pmc);
171 static void sf_markstate(struct ip_mc_list *pmc);
172 #endif
173 static void ip_mc_clear_src(struct ip_mc_list *pmc);
174 static int ip_mc_add_src(struct in_device *in_dev, __be32 *pmca, int sfmode,
175                          int sfcount, __be32 *psfsrc, int delta);
176
177 static void ip_ma_put(struct ip_mc_list *im)
178 {
179         if (atomic_dec_and_test(&im->refcnt)) {
180                 in_dev_put(im->interface);
181                 kfree_rcu(im, rcu);
182         }
183 }
184
185 #define for_each_pmc_rcu(in_dev, pmc)                           \
186         for (pmc = rcu_dereference(in_dev->mc_list);            \
187              pmc != NULL;                                       \
188              pmc = rcu_dereference(pmc->next_rcu))
189
190 #define for_each_pmc_rtnl(in_dev, pmc)                          \
191         for (pmc = rtnl_dereference(in_dev->mc_list);           \
192              pmc != NULL;                                       \
193              pmc = rtnl_dereference(pmc->next_rcu))
194
195 #ifdef CONFIG_IP_MULTICAST
196
197 /*
198  *      Timer management
199  */
200
201 static void igmp_stop_timer(struct ip_mc_list *im)
202 {
203         spin_lock_bh(&im->lock);
204         if (del_timer(&im->timer))
205                 atomic_dec(&im->refcnt);
206         im->tm_running = 0;
207         im->reporter = 0;
208         im->unsolicit_count = 0;
209         spin_unlock_bh(&im->lock);
210 }
211
212 /* It must be called with locked im->lock */
213 static void igmp_start_timer(struct ip_mc_list *im, int max_delay)
214 {
215         int tv = prandom_u32() % max_delay;
216
217         im->tm_running = 1;
218         if (!mod_timer(&im->timer, jiffies+tv+2))
219                 atomic_inc(&im->refcnt);
220 }
221
222 static void igmp_gq_start_timer(struct in_device *in_dev)
223 {
224         int tv = prandom_u32() % in_dev->mr_maxdelay;
225
226         in_dev->mr_gq_running = 1;
227         if (!mod_timer(&in_dev->mr_gq_timer, jiffies+tv+2))
228                 in_dev_hold(in_dev);
229 }
230
231 static void igmp_ifc_start_timer(struct in_device *in_dev, int delay)
232 {
233         int tv = prandom_u32() % delay;
234
235         if (!mod_timer(&in_dev->mr_ifc_timer, jiffies+tv+2))
236                 in_dev_hold(in_dev);
237 }
238
239 static void igmp_mod_timer(struct ip_mc_list *im, int max_delay)
240 {
241         spin_lock_bh(&im->lock);
242         im->unsolicit_count = 0;
243         if (del_timer(&im->timer)) {
244                 if ((long)(im->timer.expires-jiffies) < max_delay) {
245                         add_timer(&im->timer);
246                         im->tm_running = 1;
247                         spin_unlock_bh(&im->lock);
248                         return;
249                 }
250                 atomic_dec(&im->refcnt);
251         }
252         igmp_start_timer(im, max_delay);
253         spin_unlock_bh(&im->lock);
254 }
255
256
257 /*
258  *      Send an IGMP report.
259  */
260
261 #define IGMP_SIZE (sizeof(struct igmphdr)+sizeof(struct iphdr)+4)
262
263
264 static int is_in(struct ip_mc_list *pmc, struct ip_sf_list *psf, int type,
265         int gdeleted, int sdeleted)
266 {
267         switch (type) {
268         case IGMPV3_MODE_IS_INCLUDE:
269         case IGMPV3_MODE_IS_EXCLUDE:
270                 if (gdeleted || sdeleted)
271                         return 0;
272                 if (!(pmc->gsquery && !psf->sf_gsresp)) {
273                         if (pmc->sfmode == MCAST_INCLUDE)
274                                 return 1;
275                         /* don't include if this source is excluded
276                          * in all filters
277                          */
278                         if (psf->sf_count[MCAST_INCLUDE])
279                                 return type == IGMPV3_MODE_IS_INCLUDE;
280                         return pmc->sfcount[MCAST_EXCLUDE] ==
281                                 psf->sf_count[MCAST_EXCLUDE];
282                 }
283                 return 0;
284         case IGMPV3_CHANGE_TO_INCLUDE:
285                 if (gdeleted || sdeleted)
286                         return 0;
287                 return psf->sf_count[MCAST_INCLUDE] != 0;
288         case IGMPV3_CHANGE_TO_EXCLUDE:
289                 if (gdeleted || sdeleted)
290                         return 0;
291                 if (pmc->sfcount[MCAST_EXCLUDE] == 0 ||
292                     psf->sf_count[MCAST_INCLUDE])
293                         return 0;
294                 return pmc->sfcount[MCAST_EXCLUDE] ==
295                         psf->sf_count[MCAST_EXCLUDE];
296         case IGMPV3_ALLOW_NEW_SOURCES:
297                 if (gdeleted || !psf->sf_crcount)
298                         return 0;
299                 return (pmc->sfmode == MCAST_INCLUDE) ^ sdeleted;
300         case IGMPV3_BLOCK_OLD_SOURCES:
301                 if (pmc->sfmode == MCAST_INCLUDE)
302                         return gdeleted || (psf->sf_crcount && sdeleted);
303                 return psf->sf_crcount && !gdeleted && !sdeleted;
304         }
305         return 0;
306 }
307
308 static int
309 igmp_scount(struct ip_mc_list *pmc, int type, int gdeleted, int sdeleted)
310 {
311         struct ip_sf_list *psf;
312         int scount = 0;
313
314         for (psf = pmc->sources; psf; psf = psf->sf_next) {
315                 if (!is_in(pmc, psf, type, gdeleted, sdeleted))
316                         continue;
317                 scount++;
318         }
319         return scount;
320 }
321
322 static struct sk_buff *igmpv3_newpack(struct net_device *dev, unsigned int mtu)
323 {
324         struct sk_buff *skb;
325         struct rtable *rt;
326         struct iphdr *pip;
327         struct igmpv3_report *pig;
328         struct net *net = dev_net(dev);
329         struct flowi4 fl4;
330         int hlen = LL_RESERVED_SPACE(dev);
331         int tlen = dev->needed_tailroom;
332         unsigned int size = mtu;
333
334         while (1) {
335                 skb = alloc_skb(size + hlen + tlen,
336                                 GFP_ATOMIC | __GFP_NOWARN);
337                 if (skb)
338                         break;
339                 size >>= 1;
340                 if (size < 256)
341                         return NULL;
342         }
343         skb->priority = TC_PRIO_CONTROL;
344
345         rt = ip_route_output_ports(net, &fl4, NULL, IGMPV3_ALL_MCR, 0,
346                                    0, 0,
347                                    IPPROTO_IGMP, 0, dev->ifindex);
348         if (IS_ERR(rt)) {
349                 kfree_skb(skb);
350                 return NULL;
351         }
352
353         skb_dst_set(skb, &rt->dst);
354         skb->dev = dev;
355
356         skb->reserved_tailroom = skb_end_offset(skb) -
357                                  min(mtu, skb_end_offset(skb));
358         skb_reserve(skb, hlen);
359
360         skb_reset_network_header(skb);
361         pip = ip_hdr(skb);
362         skb_put(skb, sizeof(struct iphdr) + 4);
363
364         pip->version  = 4;
365         pip->ihl      = (sizeof(struct iphdr)+4)>>2;
366         pip->tos      = 0xc0;
367         pip->frag_off = htons(IP_DF);
368         pip->ttl      = 1;
369         pip->daddr    = fl4.daddr;
370         pip->saddr    = fl4.saddr;
371         pip->protocol = IPPROTO_IGMP;
372         pip->tot_len  = 0;      /* filled in later */
373         ip_select_ident(net, skb, NULL);
374         ((u8 *)&pip[1])[0] = IPOPT_RA;
375         ((u8 *)&pip[1])[1] = 4;
376         ((u8 *)&pip[1])[2] = 0;
377         ((u8 *)&pip[1])[3] = 0;
378
379         skb->transport_header = skb->network_header + sizeof(struct iphdr) + 4;
380         skb_put(skb, sizeof(*pig));
381         pig = igmpv3_report_hdr(skb);
382         pig->type = IGMPV3_HOST_MEMBERSHIP_REPORT;
383         pig->resv1 = 0;
384         pig->csum = 0;
385         pig->resv2 = 0;
386         pig->ngrec = 0;
387         return skb;
388 }
389
390 static int igmpv3_sendpack(struct sk_buff *skb)
391 {
392         struct igmphdr *pig = igmp_hdr(skb);
393         const int igmplen = skb_tail_pointer(skb) - skb_transport_header(skb);
394
395         pig->csum = ip_compute_csum(igmp_hdr(skb), igmplen);
396
397         return ip_local_out(skb);
398 }
399
400 static int grec_size(struct ip_mc_list *pmc, int type, int gdel, int sdel)
401 {
402         return sizeof(struct igmpv3_grec) + 4*igmp_scount(pmc, type, gdel, sdel);
403 }
404
405 static struct sk_buff *add_grhead(struct sk_buff *skb, struct ip_mc_list *pmc,
406         int type, struct igmpv3_grec **ppgr)
407 {
408         struct net_device *dev = pmc->interface->dev;
409         struct igmpv3_report *pih;
410         struct igmpv3_grec *pgr;
411
412         if (!skb)
413                 skb = igmpv3_newpack(dev, dev->mtu);
414         if (!skb)
415                 return NULL;
416         pgr = (struct igmpv3_grec *)skb_put(skb, sizeof(struct igmpv3_grec));
417         pgr->grec_type = type;
418         pgr->grec_auxwords = 0;
419         pgr->grec_nsrcs = 0;
420         pgr->grec_mca = pmc->multiaddr;
421         pih = igmpv3_report_hdr(skb);
422         pih->ngrec = htons(ntohs(pih->ngrec)+1);
423         *ppgr = pgr;
424         return skb;
425 }
426
427 #define AVAILABLE(skb)  ((skb) ? skb_availroom(skb) : 0)
428
429 static struct sk_buff *add_grec(struct sk_buff *skb, struct ip_mc_list *pmc,
430         int type, int gdeleted, int sdeleted)
431 {
432         struct net_device *dev = pmc->interface->dev;
433         struct igmpv3_report *pih;
434         struct igmpv3_grec *pgr = NULL;
435         struct ip_sf_list *psf, *psf_next, *psf_prev, **psf_list;
436         int scount, stotal, first, isquery, truncate;
437
438         if (pmc->multiaddr == IGMP_ALL_HOSTS)
439                 return skb;
440
441         isquery = type == IGMPV3_MODE_IS_INCLUDE ||
442                   type == IGMPV3_MODE_IS_EXCLUDE;
443         truncate = type == IGMPV3_MODE_IS_EXCLUDE ||
444                     type == IGMPV3_CHANGE_TO_EXCLUDE;
445
446         stotal = scount = 0;
447
448         psf_list = sdeleted ? &pmc->tomb : &pmc->sources;
449
450         if (!*psf_list)
451                 goto empty_source;
452
453         pih = skb ? igmpv3_report_hdr(skb) : NULL;
454
455         /* EX and TO_EX get a fresh packet, if needed */
456         if (truncate) {
457                 if (pih && pih->ngrec &&
458                     AVAILABLE(skb) < grec_size(pmc, type, gdeleted, sdeleted)) {
459                         if (skb)
460                                 igmpv3_sendpack(skb);
461                         skb = igmpv3_newpack(dev, dev->mtu);
462                 }
463         }
464         first = 1;
465         psf_prev = NULL;
466         for (psf = *psf_list; psf; psf = psf_next) {
467                 __be32 *psrc;
468
469                 psf_next = psf->sf_next;
470
471                 if (!is_in(pmc, psf, type, gdeleted, sdeleted)) {
472                         psf_prev = psf;
473                         continue;
474                 }
475
476                 /* clear marks on query responses */
477                 if (isquery)
478                         psf->sf_gsresp = 0;
479
480                 if (AVAILABLE(skb) < sizeof(__be32) +
481                     first*sizeof(struct igmpv3_grec)) {
482                         if (truncate && !first)
483                                 break;   /* truncate these */
484                         if (pgr)
485                                 pgr->grec_nsrcs = htons(scount);
486                         if (skb)
487                                 igmpv3_sendpack(skb);
488                         skb = igmpv3_newpack(dev, dev->mtu);
489                         first = 1;
490                         scount = 0;
491                 }
492                 if (first) {
493                         skb = add_grhead(skb, pmc, type, &pgr);
494                         first = 0;
495                 }
496                 if (!skb)
497                         return NULL;
498                 psrc = (__be32 *)skb_put(skb, sizeof(__be32));
499                 *psrc = psf->sf_inaddr;
500                 scount++; stotal++;
501                 if ((type == IGMPV3_ALLOW_NEW_SOURCES ||
502                      type == IGMPV3_BLOCK_OLD_SOURCES) && psf->sf_crcount) {
503                         psf->sf_crcount--;
504                         if ((sdeleted || gdeleted) && psf->sf_crcount == 0) {
505                                 if (psf_prev)
506                                         psf_prev->sf_next = psf->sf_next;
507                                 else
508                                         *psf_list = psf->sf_next;
509                                 kfree(psf);
510                                 continue;
511                         }
512                 }
513                 psf_prev = psf;
514         }
515
516 empty_source:
517         if (!stotal) {
518                 if (type == IGMPV3_ALLOW_NEW_SOURCES ||
519                     type == IGMPV3_BLOCK_OLD_SOURCES)
520                         return skb;
521                 if (pmc->crcount || isquery) {
522                         /* make sure we have room for group header */
523                         if (skb && AVAILABLE(skb) < sizeof(struct igmpv3_grec)) {
524                                 igmpv3_sendpack(skb);
525                                 skb = NULL; /* add_grhead will get a new one */
526                         }
527                         skb = add_grhead(skb, pmc, type, &pgr);
528                 }
529         }
530         if (pgr)
531                 pgr->grec_nsrcs = htons(scount);
532
533         if (isquery)
534                 pmc->gsquery = 0;       /* clear query state on report */
535         return skb;
536 }
537
538 static int igmpv3_send_report(struct in_device *in_dev, struct ip_mc_list *pmc)
539 {
540         struct sk_buff *skb = NULL;
541         int type;
542
543         if (!pmc) {
544                 rcu_read_lock();
545                 for_each_pmc_rcu(in_dev, pmc) {
546                         if (pmc->multiaddr == IGMP_ALL_HOSTS)
547                                 continue;
548                         spin_lock_bh(&pmc->lock);
549                         if (pmc->sfcount[MCAST_EXCLUDE])
550                                 type = IGMPV3_MODE_IS_EXCLUDE;
551                         else
552                                 type = IGMPV3_MODE_IS_INCLUDE;
553                         skb = add_grec(skb, pmc, type, 0, 0);
554                         spin_unlock_bh(&pmc->lock);
555                 }
556                 rcu_read_unlock();
557         } else {
558                 spin_lock_bh(&pmc->lock);
559                 if (pmc->sfcount[MCAST_EXCLUDE])
560                         type = IGMPV3_MODE_IS_EXCLUDE;
561                 else
562                         type = IGMPV3_MODE_IS_INCLUDE;
563                 skb = add_grec(skb, pmc, type, 0, 0);
564                 spin_unlock_bh(&pmc->lock);
565         }
566         if (!skb)
567                 return 0;
568         return igmpv3_sendpack(skb);
569 }
570
571 /*
572  * remove zero-count source records from a source filter list
573  */
574 static void igmpv3_clear_zeros(struct ip_sf_list **ppsf)
575 {
576         struct ip_sf_list *psf_prev, *psf_next, *psf;
577
578         psf_prev = NULL;
579         for (psf = *ppsf; psf; psf = psf_next) {
580                 psf_next = psf->sf_next;
581                 if (psf->sf_crcount == 0) {
582                         if (psf_prev)
583                                 psf_prev->sf_next = psf->sf_next;
584                         else
585                                 *ppsf = psf->sf_next;
586                         kfree(psf);
587                 } else
588                         psf_prev = psf;
589         }
590 }
591
592 static void igmpv3_send_cr(struct in_device *in_dev)
593 {
594         struct ip_mc_list *pmc, *pmc_prev, *pmc_next;
595         struct sk_buff *skb = NULL;
596         int type, dtype;
597
598         rcu_read_lock();
599         spin_lock_bh(&in_dev->mc_tomb_lock);
600
601         /* deleted MCA's */
602         pmc_prev = NULL;
603         for (pmc = in_dev->mc_tomb; pmc; pmc = pmc_next) {
604                 pmc_next = pmc->next;
605                 if (pmc->sfmode == MCAST_INCLUDE) {
606                         type = IGMPV3_BLOCK_OLD_SOURCES;
607                         dtype = IGMPV3_BLOCK_OLD_SOURCES;
608                         skb = add_grec(skb, pmc, type, 1, 0);
609                         skb = add_grec(skb, pmc, dtype, 1, 1);
610                 }
611                 if (pmc->crcount) {
612                         if (pmc->sfmode == MCAST_EXCLUDE) {
613                                 type = IGMPV3_CHANGE_TO_INCLUDE;
614                                 skb = add_grec(skb, pmc, type, 1, 0);
615                         }
616                         pmc->crcount--;
617                         if (pmc->crcount == 0) {
618                                 igmpv3_clear_zeros(&pmc->tomb);
619                                 igmpv3_clear_zeros(&pmc->sources);
620                         }
621                 }
622                 if (pmc->crcount == 0 && !pmc->tomb && !pmc->sources) {
623                         if (pmc_prev)
624                                 pmc_prev->next = pmc_next;
625                         else
626                                 in_dev->mc_tomb = pmc_next;
627                         in_dev_put(pmc->interface);
628                         kfree(pmc);
629                 } else
630                         pmc_prev = pmc;
631         }
632         spin_unlock_bh(&in_dev->mc_tomb_lock);
633
634         /* change recs */
635         for_each_pmc_rcu(in_dev, pmc) {
636                 spin_lock_bh(&pmc->lock);
637                 if (pmc->sfcount[MCAST_EXCLUDE]) {
638                         type = IGMPV3_BLOCK_OLD_SOURCES;
639                         dtype = IGMPV3_ALLOW_NEW_SOURCES;
640                 } else {
641                         type = IGMPV3_ALLOW_NEW_SOURCES;
642                         dtype = IGMPV3_BLOCK_OLD_SOURCES;
643                 }
644                 skb = add_grec(skb, pmc, type, 0, 0);
645                 skb = add_grec(skb, pmc, dtype, 0, 1);  /* deleted sources */
646
647                 /* filter mode changes */
648                 if (pmc->crcount) {
649                         if (pmc->sfmode == MCAST_EXCLUDE)
650                                 type = IGMPV3_CHANGE_TO_EXCLUDE;
651                         else
652                                 type = IGMPV3_CHANGE_TO_INCLUDE;
653                         skb = add_grec(skb, pmc, type, 0, 0);
654                         pmc->crcount--;
655                 }
656                 spin_unlock_bh(&pmc->lock);
657         }
658         rcu_read_unlock();
659
660         if (!skb)
661                 return;
662         (void) igmpv3_sendpack(skb);
663 }
664
665 static int igmp_send_report(struct in_device *in_dev, struct ip_mc_list *pmc,
666         int type)
667 {
668         struct sk_buff *skb;
669         struct iphdr *iph;
670         struct igmphdr *ih;
671         struct rtable *rt;
672         struct net_device *dev = in_dev->dev;
673         struct net *net = dev_net(dev);
674         __be32  group = pmc ? pmc->multiaddr : 0;
675         struct flowi4 fl4;
676         __be32  dst;
677         int hlen, tlen;
678
679         if (type == IGMPV3_HOST_MEMBERSHIP_REPORT)
680                 return igmpv3_send_report(in_dev, pmc);
681         else if (type == IGMP_HOST_LEAVE_MESSAGE)
682                 dst = IGMP_ALL_ROUTER;
683         else
684                 dst = group;
685
686         rt = ip_route_output_ports(net, &fl4, NULL, dst, 0,
687                                    0, 0,
688                                    IPPROTO_IGMP, 0, dev->ifindex);
689         if (IS_ERR(rt))
690                 return -1;
691
692         hlen = LL_RESERVED_SPACE(dev);
693         tlen = dev->needed_tailroom;
694         skb = alloc_skb(IGMP_SIZE + hlen + tlen, GFP_ATOMIC);
695         if (!skb) {
696                 ip_rt_put(rt);
697                 return -1;
698         }
699         skb->priority = TC_PRIO_CONTROL;
700
701         skb_dst_set(skb, &rt->dst);
702
703         skb_reserve(skb, hlen);
704
705         skb_reset_network_header(skb);
706         iph = ip_hdr(skb);
707         skb_put(skb, sizeof(struct iphdr) + 4);
708
709         iph->version  = 4;
710         iph->ihl      = (sizeof(struct iphdr)+4)>>2;
711         iph->tos      = 0xc0;
712         iph->frag_off = htons(IP_DF);
713         iph->ttl      = 1;
714         iph->daddr    = dst;
715         iph->saddr    = fl4.saddr;
716         iph->protocol = IPPROTO_IGMP;
717         ip_select_ident(net, skb, NULL);
718         ((u8 *)&iph[1])[0] = IPOPT_RA;
719         ((u8 *)&iph[1])[1] = 4;
720         ((u8 *)&iph[1])[2] = 0;
721         ((u8 *)&iph[1])[3] = 0;
722
723         ih = (struct igmphdr *)skb_put(skb, sizeof(struct igmphdr));
724         ih->type = type;
725         ih->code = 0;
726         ih->csum = 0;
727         ih->group = group;
728         ih->csum = ip_compute_csum((void *)ih, sizeof(struct igmphdr));
729
730         return ip_local_out(skb);
731 }
732
733 static void igmp_gq_timer_expire(unsigned long data)
734 {
735         struct in_device *in_dev = (struct in_device *)data;
736
737         in_dev->mr_gq_running = 0;
738         igmpv3_send_report(in_dev, NULL);
739         in_dev_put(in_dev);
740 }
741
742 static void igmp_ifc_timer_expire(unsigned long data)
743 {
744         struct in_device *in_dev = (struct in_device *)data;
745
746         igmpv3_send_cr(in_dev);
747         if (in_dev->mr_ifc_count) {
748                 in_dev->mr_ifc_count--;
749                 igmp_ifc_start_timer(in_dev,
750                                      unsolicited_report_interval(in_dev));
751         }
752         in_dev_put(in_dev);
753 }
754
755 static void igmp_ifc_event(struct in_device *in_dev)
756 {
757         if (IGMP_V1_SEEN(in_dev) || IGMP_V2_SEEN(in_dev))
758                 return;
759         in_dev->mr_ifc_count = in_dev->mr_qrv ?: sysctl_igmp_qrv;
760         igmp_ifc_start_timer(in_dev, 1);
761 }
762
763
764 static void igmp_timer_expire(unsigned long data)
765 {
766         struct ip_mc_list *im = (struct ip_mc_list *)data;
767         struct in_device *in_dev = im->interface;
768
769         spin_lock(&im->lock);
770         im->tm_running = 0;
771
772         if (im->unsolicit_count) {
773                 im->unsolicit_count--;
774                 igmp_start_timer(im, unsolicited_report_interval(in_dev));
775         }
776         im->reporter = 1;
777         spin_unlock(&im->lock);
778
779         if (IGMP_V1_SEEN(in_dev))
780                 igmp_send_report(in_dev, im, IGMP_HOST_MEMBERSHIP_REPORT);
781         else if (IGMP_V2_SEEN(in_dev))
782                 igmp_send_report(in_dev, im, IGMPV2_HOST_MEMBERSHIP_REPORT);
783         else
784                 igmp_send_report(in_dev, im, IGMPV3_HOST_MEMBERSHIP_REPORT);
785
786         ip_ma_put(im);
787 }
788
789 /* mark EXCLUDE-mode sources */
790 static int igmp_xmarksources(struct ip_mc_list *pmc, int nsrcs, __be32 *srcs)
791 {
792         struct ip_sf_list *psf;
793         int i, scount;
794
795         scount = 0;
796         for (psf = pmc->sources; psf; psf = psf->sf_next) {
797                 if (scount == nsrcs)
798                         break;
799                 for (i = 0; i < nsrcs; i++) {
800                         /* skip inactive filters */
801                         if (psf->sf_count[MCAST_INCLUDE] ||
802                             pmc->sfcount[MCAST_EXCLUDE] !=
803                             psf->sf_count[MCAST_EXCLUDE])
804                                 break;
805                         if (srcs[i] == psf->sf_inaddr) {
806                                 scount++;
807                                 break;
808                         }
809                 }
810         }
811         pmc->gsquery = 0;
812         if (scount == nsrcs)    /* all sources excluded */
813                 return 0;
814         return 1;
815 }
816
817 static int igmp_marksources(struct ip_mc_list *pmc, int nsrcs, __be32 *srcs)
818 {
819         struct ip_sf_list *psf;
820         int i, scount;
821
822         if (pmc->sfmode == MCAST_EXCLUDE)
823                 return igmp_xmarksources(pmc, nsrcs, srcs);
824
825         /* mark INCLUDE-mode sources */
826         scount = 0;
827         for (psf = pmc->sources; psf; psf = psf->sf_next) {
828                 if (scount == nsrcs)
829                         break;
830                 for (i = 0; i < nsrcs; i++)
831                         if (srcs[i] == psf->sf_inaddr) {
832                                 psf->sf_gsresp = 1;
833                                 scount++;
834                                 break;
835                         }
836         }
837         if (!scount) {
838                 pmc->gsquery = 0;
839                 return 0;
840         }
841         pmc->gsquery = 1;
842         return 1;
843 }
844
845 /* return true if packet was dropped */
846 static bool igmp_heard_report(struct in_device *in_dev, __be32 group)
847 {
848         struct ip_mc_list *im;
849
850         /* Timers are only set for non-local groups */
851
852         if (group == IGMP_ALL_HOSTS)
853                 return false;
854
855         rcu_read_lock();
856         for_each_pmc_rcu(in_dev, im) {
857                 if (im->multiaddr == group) {
858                         igmp_stop_timer(im);
859                         break;
860                 }
861         }
862         rcu_read_unlock();
863         return false;
864 }
865
866 /* return true if packet was dropped */
867 static bool igmp_heard_query(struct in_device *in_dev, struct sk_buff *skb,
868         int len)
869 {
870         struct igmphdr          *ih = igmp_hdr(skb);
871         struct igmpv3_query *ih3 = igmpv3_query_hdr(skb);
872         struct ip_mc_list       *im;
873         __be32                  group = ih->group;
874         int                     max_delay;
875         int                     mark = 0;
876
877
878         if (len == 8) {
879                 if (ih->code == 0) {
880                         /* Alas, old v1 router presents here. */
881
882                         max_delay = IGMP_QUERY_RESPONSE_INTERVAL;
883                         in_dev->mr_v1_seen = jiffies +
884                                 IGMP_V1_ROUTER_PRESENT_TIMEOUT;
885                         group = 0;
886                 } else {
887                         /* v2 router present */
888                         max_delay = ih->code*(HZ/IGMP_TIMER_SCALE);
889                         in_dev->mr_v2_seen = jiffies +
890                                 IGMP_V2_ROUTER_PRESENT_TIMEOUT;
891                 }
892                 /* cancel the interface change timer */
893                 in_dev->mr_ifc_count = 0;
894                 if (del_timer(&in_dev->mr_ifc_timer))
895                         __in_dev_put(in_dev);
896                 /* clear deleted report items */
897                 igmpv3_clear_delrec(in_dev);
898         } else if (len < 12) {
899                 return true;    /* ignore bogus packet; freed by caller */
900         } else if (IGMP_V1_SEEN(in_dev)) {
901                 /* This is a v3 query with v1 queriers present */
902                 max_delay = IGMP_QUERY_RESPONSE_INTERVAL;
903                 group = 0;
904         } else if (IGMP_V2_SEEN(in_dev)) {
905                 /* this is a v3 query with v2 queriers present;
906                  * Interpretation of the max_delay code is problematic here.
907                  * A real v2 host would use ih_code directly, while v3 has a
908                  * different encoding. We use the v3 encoding as more likely
909                  * to be intended in a v3 query.
910                  */
911                 max_delay = IGMPV3_MRC(ih3->code)*(HZ/IGMP_TIMER_SCALE);
912                 if (!max_delay)
913                         max_delay = 1;  /* can't mod w/ 0 */
914         } else { /* v3 */
915                 if (!pskb_may_pull(skb, sizeof(struct igmpv3_query)))
916                         return true;
917
918                 ih3 = igmpv3_query_hdr(skb);
919                 if (ih3->nsrcs) {
920                         if (!pskb_may_pull(skb, sizeof(struct igmpv3_query)
921                                            + ntohs(ih3->nsrcs)*sizeof(__be32)))
922                                 return true;
923                         ih3 = igmpv3_query_hdr(skb);
924                 }
925
926                 max_delay = IGMPV3_MRC(ih3->code)*(HZ/IGMP_TIMER_SCALE);
927                 if (!max_delay)
928                         max_delay = 1;  /* can't mod w/ 0 */
929                 in_dev->mr_maxdelay = max_delay;
930                 if (ih3->qrv)
931                         in_dev->mr_qrv = ih3->qrv;
932                 if (!group) { /* general query */
933                         if (ih3->nsrcs)
934                                 return true;    /* no sources allowed */
935                         igmp_gq_start_timer(in_dev);
936                         return false;
937                 }
938                 /* mark sources to include, if group & source-specific */
939                 mark = ih3->nsrcs != 0;
940         }
941
942         /*
943          * - Start the timers in all of our membership records
944          *   that the query applies to for the interface on
945          *   which the query arrived excl. those that belong
946          *   to a "local" group (224.0.0.X)
947          * - For timers already running check if they need to
948          *   be reset.
949          * - Use the igmp->igmp_code field as the maximum
950          *   delay possible
951          */
952         rcu_read_lock();
953         for_each_pmc_rcu(in_dev, im) {
954                 int changed;
955
956                 if (group && group != im->multiaddr)
957                         continue;
958                 if (im->multiaddr == IGMP_ALL_HOSTS)
959                         continue;
960                 spin_lock_bh(&im->lock);
961                 if (im->tm_running)
962                         im->gsquery = im->gsquery && mark;
963                 else
964                         im->gsquery = mark;
965                 changed = !im->gsquery ||
966                         igmp_marksources(im, ntohs(ih3->nsrcs), ih3->srcs);
967                 spin_unlock_bh(&im->lock);
968                 if (changed)
969                         igmp_mod_timer(im, max_delay);
970         }
971         rcu_read_unlock();
972         return false;
973 }
974
975 /* called in rcu_read_lock() section */
976 int igmp_rcv(struct sk_buff *skb)
977 {
978         /* This basically follows the spec line by line -- see RFC1112 */
979         struct igmphdr *ih;
980         struct in_device *in_dev = __in_dev_get_rcu(skb->dev);
981         int len = skb->len;
982         bool dropped = true;
983
984         if (!in_dev)
985                 goto drop;
986
987         if (!pskb_may_pull(skb, sizeof(struct igmphdr)))
988                 goto drop;
989
990         if (skb_checksum_simple_validate(skb))
991                 goto drop;
992
993         ih = igmp_hdr(skb);
994         switch (ih->type) {
995         case IGMP_HOST_MEMBERSHIP_QUERY:
996                 dropped = igmp_heard_query(in_dev, skb, len);
997                 break;
998         case IGMP_HOST_MEMBERSHIP_REPORT:
999         case IGMPV2_HOST_MEMBERSHIP_REPORT:
1000                 /* Is it our report looped back? */
1001                 if (rt_is_output_route(skb_rtable(skb)))
1002                         break;
1003                 /* don't rely on MC router hearing unicast reports */
1004                 if (skb->pkt_type == PACKET_MULTICAST ||
1005                     skb->pkt_type == PACKET_BROADCAST)
1006                         dropped = igmp_heard_report(in_dev, ih->group);
1007                 break;
1008         case IGMP_PIM:
1009 #ifdef CONFIG_IP_PIMSM_V1
1010                 return pim_rcv_v1(skb);
1011 #endif
1012         case IGMPV3_HOST_MEMBERSHIP_REPORT:
1013         case IGMP_DVMRP:
1014         case IGMP_TRACE:
1015         case IGMP_HOST_LEAVE_MESSAGE:
1016         case IGMP_MTRACE:
1017         case IGMP_MTRACE_RESP:
1018                 break;
1019         default:
1020                 break;
1021         }
1022
1023 drop:
1024         if (dropped)
1025                 kfree_skb(skb);
1026         else
1027                 consume_skb(skb);
1028         return 0;
1029 }
1030
1031 #endif
1032
1033
1034 /*
1035  *      Add a filter to a device
1036  */
1037
1038 static void ip_mc_filter_add(struct in_device *in_dev, __be32 addr)
1039 {
1040         char buf[MAX_ADDR_LEN];
1041         struct net_device *dev = in_dev->dev;
1042
1043         /* Checking for IFF_MULTICAST here is WRONG-WRONG-WRONG.
1044            We will get multicast token leakage, when IFF_MULTICAST
1045            is changed. This check should be done in ndo_set_rx_mode
1046            routine. Something sort of:
1047            if (dev->mc_list && dev->flags&IFF_MULTICAST) { do it; }
1048            --ANK
1049            */
1050         if (arp_mc_map(addr, buf, dev, 0) == 0)
1051                 dev_mc_add(dev, buf);
1052 }
1053
1054 /*
1055  *      Remove a filter from a device
1056  */
1057
1058 static void ip_mc_filter_del(struct in_device *in_dev, __be32 addr)
1059 {
1060         char buf[MAX_ADDR_LEN];
1061         struct net_device *dev = in_dev->dev;
1062
1063         if (arp_mc_map(addr, buf, dev, 0) == 0)
1064                 dev_mc_del(dev, buf);
1065 }
1066
1067 #ifdef CONFIG_IP_MULTICAST
1068 /*
1069  * deleted ip_mc_list manipulation
1070  */
1071 static void igmpv3_add_delrec(struct in_device *in_dev, struct ip_mc_list *im)
1072 {
1073         struct ip_mc_list *pmc;
1074
1075         /* this is an "ip_mc_list" for convenience; only the fields below
1076          * are actually used. In particular, the refcnt and users are not
1077          * used for management of the delete list. Using the same structure
1078          * for deleted items allows change reports to use common code with
1079          * non-deleted or query-response MCA's.
1080          */
1081         pmc = kzalloc(sizeof(*pmc), GFP_KERNEL);
1082         if (!pmc)
1083                 return;
1084         spin_lock_bh(&im->lock);
1085         pmc->interface = im->interface;
1086         in_dev_hold(in_dev);
1087         pmc->multiaddr = im->multiaddr;
1088         pmc->crcount = in_dev->mr_qrv ?: sysctl_igmp_qrv;
1089         pmc->sfmode = im->sfmode;
1090         if (pmc->sfmode == MCAST_INCLUDE) {
1091                 struct ip_sf_list *psf;
1092
1093                 pmc->tomb = im->tomb;
1094                 pmc->sources = im->sources;
1095                 im->tomb = im->sources = NULL;
1096                 for (psf = pmc->sources; psf; psf = psf->sf_next)
1097                         psf->sf_crcount = pmc->crcount;
1098         }
1099         spin_unlock_bh(&im->lock);
1100
1101         spin_lock_bh(&in_dev->mc_tomb_lock);
1102         pmc->next = in_dev->mc_tomb;
1103         in_dev->mc_tomb = pmc;
1104         spin_unlock_bh(&in_dev->mc_tomb_lock);
1105 }
1106
1107 static void igmpv3_del_delrec(struct in_device *in_dev, __be32 multiaddr)
1108 {
1109         struct ip_mc_list *pmc, *pmc_prev;
1110         struct ip_sf_list *psf, *psf_next;
1111
1112         spin_lock_bh(&in_dev->mc_tomb_lock);
1113         pmc_prev = NULL;
1114         for (pmc = in_dev->mc_tomb; pmc; pmc = pmc->next) {
1115                 if (pmc->multiaddr == multiaddr)
1116                         break;
1117                 pmc_prev = pmc;
1118         }
1119         if (pmc) {
1120                 if (pmc_prev)
1121                         pmc_prev->next = pmc->next;
1122                 else
1123                         in_dev->mc_tomb = pmc->next;
1124         }
1125         spin_unlock_bh(&in_dev->mc_tomb_lock);
1126         if (pmc) {
1127                 for (psf = pmc->tomb; psf; psf = psf_next) {
1128                         psf_next = psf->sf_next;
1129                         kfree(psf);
1130                 }
1131                 in_dev_put(pmc->interface);
1132                 kfree(pmc);
1133         }
1134 }
1135
1136 static void igmpv3_clear_delrec(struct in_device *in_dev)
1137 {
1138         struct ip_mc_list *pmc, *nextpmc;
1139
1140         spin_lock_bh(&in_dev->mc_tomb_lock);
1141         pmc = in_dev->mc_tomb;
1142         in_dev->mc_tomb = NULL;
1143         spin_unlock_bh(&in_dev->mc_tomb_lock);
1144
1145         for (; pmc; pmc = nextpmc) {
1146                 nextpmc = pmc->next;
1147                 ip_mc_clear_src(pmc);
1148                 in_dev_put(pmc->interface);
1149                 kfree(pmc);
1150         }
1151         /* clear dead sources, too */
1152         rcu_read_lock();
1153         for_each_pmc_rcu(in_dev, pmc) {
1154                 struct ip_sf_list *psf, *psf_next;
1155
1156                 spin_lock_bh(&pmc->lock);
1157                 psf = pmc->tomb;
1158                 pmc->tomb = NULL;
1159                 spin_unlock_bh(&pmc->lock);
1160                 for (; psf; psf = psf_next) {
1161                         psf_next = psf->sf_next;
1162                         kfree(psf);
1163                 }
1164         }
1165         rcu_read_unlock();
1166 }
1167 #endif
1168
1169 static void igmp_group_dropped(struct ip_mc_list *im)
1170 {
1171         struct in_device *in_dev = im->interface;
1172 #ifdef CONFIG_IP_MULTICAST
1173         int reporter;
1174 #endif
1175
1176         if (im->loaded) {
1177                 im->loaded = 0;
1178                 ip_mc_filter_del(in_dev, im->multiaddr);
1179         }
1180
1181 #ifdef CONFIG_IP_MULTICAST
1182         if (im->multiaddr == IGMP_ALL_HOSTS)
1183                 return;
1184
1185         reporter = im->reporter;
1186         igmp_stop_timer(im);
1187
1188         if (!in_dev->dead) {
1189                 if (IGMP_V1_SEEN(in_dev))
1190                         return;
1191                 if (IGMP_V2_SEEN(in_dev)) {
1192                         if (reporter)
1193                                 igmp_send_report(in_dev, im, IGMP_HOST_LEAVE_MESSAGE);
1194                         return;
1195                 }
1196                 /* IGMPv3 */
1197                 igmpv3_add_delrec(in_dev, im);
1198
1199                 igmp_ifc_event(in_dev);
1200         }
1201 #endif
1202 }
1203
1204 static void igmp_group_added(struct ip_mc_list *im)
1205 {
1206         struct in_device *in_dev = im->interface;
1207
1208         if (im->loaded == 0) {
1209                 im->loaded = 1;
1210                 ip_mc_filter_add(in_dev, im->multiaddr);
1211         }
1212
1213 #ifdef CONFIG_IP_MULTICAST
1214         if (im->multiaddr == IGMP_ALL_HOSTS)
1215                 return;
1216
1217         if (in_dev->dead)
1218                 return;
1219         if (IGMP_V1_SEEN(in_dev) || IGMP_V2_SEEN(in_dev)) {
1220                 spin_lock_bh(&im->lock);
1221                 igmp_start_timer(im, IGMP_INITIAL_REPORT_DELAY);
1222                 spin_unlock_bh(&im->lock);
1223                 return;
1224         }
1225         /* else, v3 */
1226
1227         im->crcount = in_dev->mr_qrv ?: sysctl_igmp_qrv;
1228         igmp_ifc_event(in_dev);
1229 #endif
1230 }
1231
1232
1233 /*
1234  *      Multicast list managers
1235  */
1236
1237 static u32 ip_mc_hash(const struct ip_mc_list *im)
1238 {
1239         return hash_32((__force u32)im->multiaddr, MC_HASH_SZ_LOG);
1240 }
1241
1242 static void ip_mc_hash_add(struct in_device *in_dev,
1243                            struct ip_mc_list *im)
1244 {
1245         struct ip_mc_list __rcu **mc_hash;
1246         u32 hash;
1247
1248         mc_hash = rtnl_dereference(in_dev->mc_hash);
1249         if (mc_hash) {
1250                 hash = ip_mc_hash(im);
1251                 im->next_hash = mc_hash[hash];
1252                 rcu_assign_pointer(mc_hash[hash], im);
1253                 return;
1254         }
1255
1256         /* do not use a hash table for small number of items */
1257         if (in_dev->mc_count < 4)
1258                 return;
1259
1260         mc_hash = kzalloc(sizeof(struct ip_mc_list *) << MC_HASH_SZ_LOG,
1261                           GFP_KERNEL);
1262         if (!mc_hash)
1263                 return;
1264
1265         for_each_pmc_rtnl(in_dev, im) {
1266                 hash = ip_mc_hash(im);
1267                 im->next_hash = mc_hash[hash];
1268                 RCU_INIT_POINTER(mc_hash[hash], im);
1269         }
1270
1271         rcu_assign_pointer(in_dev->mc_hash, mc_hash);
1272 }
1273
1274 static void ip_mc_hash_remove(struct in_device *in_dev,
1275                               struct ip_mc_list *im)
1276 {
1277         struct ip_mc_list __rcu **mc_hash = rtnl_dereference(in_dev->mc_hash);
1278         struct ip_mc_list *aux;
1279
1280         if (!mc_hash)
1281                 return;
1282         mc_hash += ip_mc_hash(im);
1283         while ((aux = rtnl_dereference(*mc_hash)) != im)
1284                 mc_hash = &aux->next_hash;
1285         *mc_hash = im->next_hash;
1286 }
1287
1288
1289 /*
1290  *      A socket has joined a multicast group on device dev.
1291  */
1292
1293 void ip_mc_inc_group(struct in_device *in_dev, __be32 addr)
1294 {
1295         struct ip_mc_list *im;
1296
1297         ASSERT_RTNL();
1298
1299         for_each_pmc_rtnl(in_dev, im) {
1300                 if (im->multiaddr == addr) {
1301                         im->users++;
1302                         ip_mc_add_src(in_dev, &addr, MCAST_EXCLUDE, 0, NULL, 0);
1303                         goto out;
1304                 }
1305         }
1306
1307         im = kzalloc(sizeof(*im), GFP_KERNEL);
1308         if (!im)
1309                 goto out;
1310
1311         im->users = 1;
1312         im->interface = in_dev;
1313         in_dev_hold(in_dev);
1314         im->multiaddr = addr;
1315         /* initial mode is (EX, empty) */
1316         im->sfmode = MCAST_EXCLUDE;
1317         im->sfcount[MCAST_EXCLUDE] = 1;
1318         atomic_set(&im->refcnt, 1);
1319         spin_lock_init(&im->lock);
1320 #ifdef CONFIG_IP_MULTICAST
1321         setup_timer(&im->timer, igmp_timer_expire, (unsigned long)im);
1322         im->unsolicit_count = sysctl_igmp_qrv;
1323 #endif
1324
1325         im->next_rcu = in_dev->mc_list;
1326         in_dev->mc_count++;
1327         rcu_assign_pointer(in_dev->mc_list, im);
1328
1329         ip_mc_hash_add(in_dev, im);
1330
1331 #ifdef CONFIG_IP_MULTICAST
1332         igmpv3_del_delrec(in_dev, im->multiaddr);
1333 #endif
1334         igmp_group_added(im);
1335         if (!in_dev->dead)
1336                 ip_rt_multicast_event(in_dev);
1337 out:
1338         return;
1339 }
1340 EXPORT_SYMBOL(ip_mc_inc_group);
1341
1342 static int ip_mc_check_iphdr(struct sk_buff *skb)
1343 {
1344         const struct iphdr *iph;
1345         unsigned int len;
1346         unsigned int offset = skb_network_offset(skb) + sizeof(*iph);
1347
1348         if (!pskb_may_pull(skb, offset))
1349                 return -EINVAL;
1350
1351         iph = ip_hdr(skb);
1352
1353         if (iph->version != 4 || ip_hdrlen(skb) < sizeof(*iph))
1354                 return -EINVAL;
1355
1356         offset += ip_hdrlen(skb) - sizeof(*iph);
1357
1358         if (!pskb_may_pull(skb, offset))
1359                 return -EINVAL;
1360
1361         iph = ip_hdr(skb);
1362
1363         if (unlikely(ip_fast_csum((u8 *)iph, iph->ihl)))
1364                 return -EINVAL;
1365
1366         len = skb_network_offset(skb) + ntohs(iph->tot_len);
1367         if (skb->len < len || len < offset)
1368                 return -EINVAL;
1369
1370         skb_set_transport_header(skb, offset);
1371
1372         return 0;
1373 }
1374
1375 static int ip_mc_check_igmp_reportv3(struct sk_buff *skb)
1376 {
1377         unsigned int len = skb_transport_offset(skb);
1378
1379         len += sizeof(struct igmpv3_report);
1380
1381         return pskb_may_pull(skb, len) ? 0 : -EINVAL;
1382 }
1383
1384 static int ip_mc_check_igmp_query(struct sk_buff *skb)
1385 {
1386         unsigned int len = skb_transport_offset(skb);
1387
1388         len += sizeof(struct igmphdr);
1389         if (skb->len < len)
1390                 return -EINVAL;
1391
1392         /* IGMPv{1,2}? */
1393         if (skb->len != len) {
1394                 /* or IGMPv3? */
1395                 len += sizeof(struct igmpv3_query) - sizeof(struct igmphdr);
1396                 if (skb->len < len || !pskb_may_pull(skb, len))
1397                         return -EINVAL;
1398         }
1399
1400         /* RFC2236+RFC3376 (IGMPv2+IGMPv3) require the multicast link layer
1401          * all-systems destination addresses (224.0.0.1) for general queries
1402          */
1403         if (!igmp_hdr(skb)->group &&
1404             ip_hdr(skb)->daddr != htonl(INADDR_ALLHOSTS_GROUP))
1405                 return -EINVAL;
1406
1407         return 0;
1408 }
1409
1410 static int ip_mc_check_igmp_msg(struct sk_buff *skb)
1411 {
1412         switch (igmp_hdr(skb)->type) {
1413         case IGMP_HOST_LEAVE_MESSAGE:
1414         case IGMP_HOST_MEMBERSHIP_REPORT:
1415         case IGMPV2_HOST_MEMBERSHIP_REPORT:
1416                 /* fall through */
1417                 return 0;
1418         case IGMPV3_HOST_MEMBERSHIP_REPORT:
1419                 return ip_mc_check_igmp_reportv3(skb);
1420         case IGMP_HOST_MEMBERSHIP_QUERY:
1421                 return ip_mc_check_igmp_query(skb);
1422         default:
1423                 return -ENOMSG;
1424         }
1425 }
1426
1427 static inline __sum16 ip_mc_validate_checksum(struct sk_buff *skb)
1428 {
1429         return skb_checksum_simple_validate(skb);
1430 }
1431
1432 static int __ip_mc_check_igmp(struct sk_buff *skb, struct sk_buff **skb_trimmed)
1433
1434 {
1435         struct sk_buff *skb_chk;
1436         unsigned int transport_len;
1437         unsigned int len = skb_transport_offset(skb) + sizeof(struct igmphdr);
1438         int ret = -EINVAL;
1439
1440         transport_len = ntohs(ip_hdr(skb)->tot_len) - ip_hdrlen(skb);
1441
1442         skb_chk = skb_checksum_trimmed(skb, transport_len,
1443                                        ip_mc_validate_checksum);
1444         if (!skb_chk)
1445                 goto err;
1446
1447         if (!pskb_may_pull(skb_chk, len))
1448                 goto err;
1449
1450         ret = ip_mc_check_igmp_msg(skb_chk);
1451         if (ret)
1452                 goto err;
1453
1454         if (skb_trimmed)
1455                 *skb_trimmed = skb_chk;
1456         /* free now unneeded clone */
1457         else if (skb_chk != skb)
1458                 kfree_skb(skb_chk);
1459
1460         ret = 0;
1461
1462 err:
1463         if (ret && skb_chk && skb_chk != skb)
1464                 kfree_skb(skb_chk);
1465
1466         return ret;
1467 }
1468
1469 /**
1470  * ip_mc_check_igmp - checks whether this is a sane IGMP packet
1471  * @skb: the skb to validate
1472  * @skb_trimmed: to store an skb pointer trimmed to IPv4 packet tail (optional)
1473  *
1474  * Checks whether an IPv4 packet is a valid IGMP packet. If so sets
1475  * skb transport header accordingly and returns zero.
1476  *
1477  * -EINVAL: A broken packet was detected, i.e. it violates some internet
1478  *  standard
1479  * -ENOMSG: IP header validation succeeded but it is not an IGMP packet.
1480  * -ENOMEM: A memory allocation failure happened.
1481  *
1482  * Optionally, an skb pointer might be provided via skb_trimmed (or set it
1483  * to NULL): After parsing an IGMP packet successfully it will point to
1484  * an skb which has its tail aligned to the IP packet end. This might
1485  * either be the originally provided skb or a trimmed, cloned version if
1486  * the skb frame had data beyond the IP packet. A cloned skb allows us
1487  * to leave the original skb and its full frame unchanged (which might be
1488  * desirable for layer 2 frame jugglers).
1489  *
1490  * Caller needs to set the skb network header and free any returned skb if it
1491  * differs from the provided skb.
1492  */
1493 int ip_mc_check_igmp(struct sk_buff *skb, struct sk_buff **skb_trimmed)
1494 {
1495         int ret = ip_mc_check_iphdr(skb);
1496
1497         if (ret < 0)
1498                 return ret;
1499
1500         if (ip_hdr(skb)->protocol != IPPROTO_IGMP)
1501                 return -ENOMSG;
1502
1503         return __ip_mc_check_igmp(skb, skb_trimmed);
1504 }
1505 EXPORT_SYMBOL(ip_mc_check_igmp);
1506
1507 /*
1508  *      Resend IGMP JOIN report; used by netdev notifier.
1509  */
1510 static void ip_mc_rejoin_groups(struct in_device *in_dev)
1511 {
1512 #ifdef CONFIG_IP_MULTICAST
1513         struct ip_mc_list *im;
1514         int type;
1515
1516         ASSERT_RTNL();
1517
1518         for_each_pmc_rtnl(in_dev, im) {
1519                 if (im->multiaddr == IGMP_ALL_HOSTS)
1520                         continue;
1521
1522                 /* a failover is happening and switches
1523                  * must be notified immediately
1524                  */
1525                 if (IGMP_V1_SEEN(in_dev))
1526                         type = IGMP_HOST_MEMBERSHIP_REPORT;
1527                 else if (IGMP_V2_SEEN(in_dev))
1528                         type = IGMPV2_HOST_MEMBERSHIP_REPORT;
1529                 else
1530                         type = IGMPV3_HOST_MEMBERSHIP_REPORT;
1531                 igmp_send_report(in_dev, im, type);
1532         }
1533 #endif
1534 }
1535
1536 /*
1537  *      A socket has left a multicast group on device dev
1538  */
1539
1540 void ip_mc_dec_group(struct in_device *in_dev, __be32 addr)
1541 {
1542         struct ip_mc_list *i;
1543         struct ip_mc_list __rcu **ip;
1544
1545         ASSERT_RTNL();
1546
1547         for (ip = &in_dev->mc_list;
1548              (i = rtnl_dereference(*ip)) != NULL;
1549              ip = &i->next_rcu) {
1550                 if (i->multiaddr == addr) {
1551                         if (--i->users == 0) {
1552                                 ip_mc_hash_remove(in_dev, i);
1553                                 *ip = i->next_rcu;
1554                                 in_dev->mc_count--;
1555                                 igmp_group_dropped(i);
1556                                 ip_mc_clear_src(i);
1557
1558                                 if (!in_dev->dead)
1559                                         ip_rt_multicast_event(in_dev);
1560
1561                                 ip_ma_put(i);
1562                                 return;
1563                         }
1564                         break;
1565                 }
1566         }
1567 }
1568 EXPORT_SYMBOL(ip_mc_dec_group);
1569
1570 /* Device changing type */
1571
1572 void ip_mc_unmap(struct in_device *in_dev)
1573 {
1574         struct ip_mc_list *pmc;
1575
1576         ASSERT_RTNL();
1577
1578         for_each_pmc_rtnl(in_dev, pmc)
1579                 igmp_group_dropped(pmc);
1580 }
1581
1582 void ip_mc_remap(struct in_device *in_dev)
1583 {
1584         struct ip_mc_list *pmc;
1585
1586         ASSERT_RTNL();
1587
1588         for_each_pmc_rtnl(in_dev, pmc)
1589                 igmp_group_added(pmc);
1590 }
1591
1592 /* Device going down */
1593
1594 void ip_mc_down(struct in_device *in_dev)
1595 {
1596         struct ip_mc_list *pmc;
1597
1598         ASSERT_RTNL();
1599
1600         for_each_pmc_rtnl(in_dev, pmc)
1601                 igmp_group_dropped(pmc);
1602
1603 #ifdef CONFIG_IP_MULTICAST
1604         in_dev->mr_ifc_count = 0;
1605         if (del_timer(&in_dev->mr_ifc_timer))
1606                 __in_dev_put(in_dev);
1607         in_dev->mr_gq_running = 0;
1608         if (del_timer(&in_dev->mr_gq_timer))
1609                 __in_dev_put(in_dev);
1610         igmpv3_clear_delrec(in_dev);
1611 #endif
1612
1613         ip_mc_dec_group(in_dev, IGMP_ALL_HOSTS);
1614 }
1615
1616 void ip_mc_init_dev(struct in_device *in_dev)
1617 {
1618         ASSERT_RTNL();
1619
1620 #ifdef CONFIG_IP_MULTICAST
1621         setup_timer(&in_dev->mr_gq_timer, igmp_gq_timer_expire,
1622                         (unsigned long)in_dev);
1623         setup_timer(&in_dev->mr_ifc_timer, igmp_ifc_timer_expire,
1624                         (unsigned long)in_dev);
1625         in_dev->mr_qrv = sysctl_igmp_qrv;
1626 #endif
1627
1628         spin_lock_init(&in_dev->mc_tomb_lock);
1629 }
1630
1631 /* Device going up */
1632
1633 void ip_mc_up(struct in_device *in_dev)
1634 {
1635         struct ip_mc_list *pmc;
1636
1637         ASSERT_RTNL();
1638
1639 #ifdef CONFIG_IP_MULTICAST
1640         in_dev->mr_qrv = sysctl_igmp_qrv;
1641 #endif
1642         ip_mc_inc_group(in_dev, IGMP_ALL_HOSTS);
1643
1644         for_each_pmc_rtnl(in_dev, pmc)
1645                 igmp_group_added(pmc);
1646 }
1647
1648 /*
1649  *      Device is about to be destroyed: clean up.
1650  */
1651
1652 void ip_mc_destroy_dev(struct in_device *in_dev)
1653 {
1654         struct ip_mc_list *i;
1655
1656         ASSERT_RTNL();
1657
1658         /* Deactivate timers */
1659         ip_mc_down(in_dev);
1660
1661         while ((i = rtnl_dereference(in_dev->mc_list)) != NULL) {
1662                 in_dev->mc_list = i->next_rcu;
1663                 in_dev->mc_count--;
1664
1665                 /* We've dropped the groups in ip_mc_down already */
1666                 ip_mc_clear_src(i);
1667                 ip_ma_put(i);
1668         }
1669 }
1670
1671 /* RTNL is locked */
1672 static struct in_device *ip_mc_find_dev(struct net *net, struct ip_mreqn *imr)
1673 {
1674         struct net_device *dev = NULL;
1675         struct in_device *idev = NULL;
1676
1677         if (imr->imr_ifindex) {
1678                 idev = inetdev_by_index(net, imr->imr_ifindex);
1679                 return idev;
1680         }
1681         if (imr->imr_address.s_addr) {
1682                 dev = __ip_dev_find(net, imr->imr_address.s_addr, false);
1683                 if (!dev)
1684                         return NULL;
1685         }
1686
1687         if (!dev) {
1688                 struct rtable *rt = ip_route_output(net,
1689                                                     imr->imr_multiaddr.s_addr,
1690                                                     0, 0, 0);
1691                 if (!IS_ERR(rt)) {
1692                         dev = rt->dst.dev;
1693                         ip_rt_put(rt);
1694                 }
1695         }
1696         if (dev) {
1697                 imr->imr_ifindex = dev->ifindex;
1698                 idev = __in_dev_get_rtnl(dev);
1699         }
1700         return idev;
1701 }
1702
1703 /*
1704  *      Join a socket to a group
1705  */
1706 int sysctl_igmp_max_memberships __read_mostly = IP_MAX_MEMBERSHIPS;
1707 int sysctl_igmp_max_msf __read_mostly = IP_MAX_MSF;
1708 #ifdef CONFIG_IP_MULTICAST
1709 int sysctl_igmp_qrv __read_mostly = IGMP_QUERY_ROBUSTNESS_VARIABLE;
1710 #endif
1711
1712 static int ip_mc_del1_src(struct ip_mc_list *pmc, int sfmode,
1713         __be32 *psfsrc)
1714 {
1715         struct ip_sf_list *psf, *psf_prev;
1716         int rv = 0;
1717
1718         psf_prev = NULL;
1719         for (psf = pmc->sources; psf; psf = psf->sf_next) {
1720                 if (psf->sf_inaddr == *psfsrc)
1721                         break;
1722                 psf_prev = psf;
1723         }
1724         if (!psf || psf->sf_count[sfmode] == 0) {
1725                 /* source filter not found, or count wrong =>  bug */
1726                 return -ESRCH;
1727         }
1728         psf->sf_count[sfmode]--;
1729         if (psf->sf_count[sfmode] == 0) {
1730                 ip_rt_multicast_event(pmc->interface);
1731         }
1732         if (!psf->sf_count[MCAST_INCLUDE] && !psf->sf_count[MCAST_EXCLUDE]) {
1733 #ifdef CONFIG_IP_MULTICAST
1734                 struct in_device *in_dev = pmc->interface;
1735 #endif
1736
1737                 /* no more filters for this source */
1738                 if (psf_prev)
1739                         psf_prev->sf_next = psf->sf_next;
1740                 else
1741                         pmc->sources = psf->sf_next;
1742 #ifdef CONFIG_IP_MULTICAST
1743                 if (psf->sf_oldin &&
1744                     !IGMP_V1_SEEN(in_dev) && !IGMP_V2_SEEN(in_dev)) {
1745                         psf->sf_crcount = in_dev->mr_qrv ?: sysctl_igmp_qrv;
1746                         psf->sf_next = pmc->tomb;
1747                         pmc->tomb = psf;
1748                         rv = 1;
1749                 } else
1750 #endif
1751                         kfree(psf);
1752         }
1753         return rv;
1754 }
1755
1756 #ifndef CONFIG_IP_MULTICAST
1757 #define igmp_ifc_event(x)       do { } while (0)
1758 #endif
1759
1760 static int ip_mc_del_src(struct in_device *in_dev, __be32 *pmca, int sfmode,
1761                          int sfcount, __be32 *psfsrc, int delta)
1762 {
1763         struct ip_mc_list *pmc;
1764         int     changerec = 0;
1765         int     i, err;
1766
1767         if (!in_dev)
1768                 return -ENODEV;
1769         rcu_read_lock();
1770         for_each_pmc_rcu(in_dev, pmc) {
1771                 if (*pmca == pmc->multiaddr)
1772                         break;
1773         }
1774         if (!pmc) {
1775                 /* MCA not found?? bug */
1776                 rcu_read_unlock();
1777                 return -ESRCH;
1778         }
1779         spin_lock_bh(&pmc->lock);
1780         rcu_read_unlock();
1781 #ifdef CONFIG_IP_MULTICAST
1782         sf_markstate(pmc);
1783 #endif
1784         if (!delta) {
1785                 err = -EINVAL;
1786                 if (!pmc->sfcount[sfmode])
1787                         goto out_unlock;
1788                 pmc->sfcount[sfmode]--;
1789         }
1790         err = 0;
1791         for (i = 0; i < sfcount; i++) {
1792                 int rv = ip_mc_del1_src(pmc, sfmode, &psfsrc[i]);
1793
1794                 changerec |= rv > 0;
1795                 if (!err && rv < 0)
1796                         err = rv;
1797         }
1798         if (pmc->sfmode == MCAST_EXCLUDE &&
1799             pmc->sfcount[MCAST_EXCLUDE] == 0 &&
1800             pmc->sfcount[MCAST_INCLUDE]) {
1801 #ifdef CONFIG_IP_MULTICAST
1802                 struct ip_sf_list *psf;
1803 #endif
1804
1805                 /* filter mode change */
1806                 pmc->sfmode = MCAST_INCLUDE;
1807 #ifdef CONFIG_IP_MULTICAST
1808                 pmc->crcount = in_dev->mr_qrv ?: sysctl_igmp_qrv;
1809                 in_dev->mr_ifc_count = pmc->crcount;
1810                 for (psf = pmc->sources; psf; psf = psf->sf_next)
1811                         psf->sf_crcount = 0;
1812                 igmp_ifc_event(pmc->interface);
1813         } else if (sf_setstate(pmc) || changerec) {
1814                 igmp_ifc_event(pmc->interface);
1815 #endif
1816         }
1817 out_unlock:
1818         spin_unlock_bh(&pmc->lock);
1819         return err;
1820 }
1821
1822 /*
1823  * Add multicast single-source filter to the interface list
1824  */
1825 static int ip_mc_add1_src(struct ip_mc_list *pmc, int sfmode,
1826         __be32 *psfsrc)
1827 {
1828         struct ip_sf_list *psf, *psf_prev;
1829
1830         psf_prev = NULL;
1831         for (psf = pmc->sources; psf; psf = psf->sf_next) {
1832                 if (psf->sf_inaddr == *psfsrc)
1833                         break;
1834                 psf_prev = psf;
1835         }
1836         if (!psf) {
1837                 psf = kzalloc(sizeof(*psf), GFP_ATOMIC);
1838                 if (!psf)
1839                         return -ENOBUFS;
1840                 psf->sf_inaddr = *psfsrc;
1841                 if (psf_prev) {
1842                         psf_prev->sf_next = psf;
1843                 } else
1844                         pmc->sources = psf;
1845         }
1846         psf->sf_count[sfmode]++;
1847         if (psf->sf_count[sfmode] == 1) {
1848                 ip_rt_multicast_event(pmc->interface);
1849         }
1850         return 0;
1851 }
1852
1853 #ifdef CONFIG_IP_MULTICAST
1854 static void sf_markstate(struct ip_mc_list *pmc)
1855 {
1856         struct ip_sf_list *psf;
1857         int mca_xcount = pmc->sfcount[MCAST_EXCLUDE];
1858
1859         for (psf = pmc->sources; psf; psf = psf->sf_next)
1860                 if (pmc->sfcount[MCAST_EXCLUDE]) {
1861                         psf->sf_oldin = mca_xcount ==
1862                                 psf->sf_count[MCAST_EXCLUDE] &&
1863                                 !psf->sf_count[MCAST_INCLUDE];
1864                 } else
1865                         psf->sf_oldin = psf->sf_count[MCAST_INCLUDE] != 0;
1866 }
1867
1868 static int sf_setstate(struct ip_mc_list *pmc)
1869 {
1870         struct ip_sf_list *psf, *dpsf;
1871         int mca_xcount = pmc->sfcount[MCAST_EXCLUDE];
1872         int qrv = pmc->interface->mr_qrv;
1873         int new_in, rv;
1874
1875         rv = 0;
1876         for (psf = pmc->sources; psf; psf = psf->sf_next) {
1877                 if (pmc->sfcount[MCAST_EXCLUDE]) {
1878                         new_in = mca_xcount == psf->sf_count[MCAST_EXCLUDE] &&
1879                                 !psf->sf_count[MCAST_INCLUDE];
1880                 } else
1881                         new_in = psf->sf_count[MCAST_INCLUDE] != 0;
1882                 if (new_in) {
1883                         if (!psf->sf_oldin) {
1884                                 struct ip_sf_list *prev = NULL;
1885
1886                                 for (dpsf = pmc->tomb; dpsf; dpsf = dpsf->sf_next) {
1887                                         if (dpsf->sf_inaddr == psf->sf_inaddr)
1888                                                 break;
1889                                         prev = dpsf;
1890                                 }
1891                                 if (dpsf) {
1892                                         if (prev)
1893                                                 prev->sf_next = dpsf->sf_next;
1894                                         else
1895                                                 pmc->tomb = dpsf->sf_next;
1896                                         kfree(dpsf);
1897                                 }
1898                                 psf->sf_crcount = qrv;
1899                                 rv++;
1900                         }
1901                 } else if (psf->sf_oldin) {
1902
1903                         psf->sf_crcount = 0;
1904                         /*
1905                          * add or update "delete" records if an active filter
1906                          * is now inactive
1907                          */
1908                         for (dpsf = pmc->tomb; dpsf; dpsf = dpsf->sf_next)
1909                                 if (dpsf->sf_inaddr == psf->sf_inaddr)
1910                                         break;
1911                         if (!dpsf) {
1912                                 dpsf = kmalloc(sizeof(*dpsf), GFP_ATOMIC);
1913                                 if (!dpsf)
1914                                         continue;
1915                                 *dpsf = *psf;
1916                                 /* pmc->lock held by callers */
1917                                 dpsf->sf_next = pmc->tomb;
1918                                 pmc->tomb = dpsf;
1919                         }
1920                         dpsf->sf_crcount = qrv;
1921                         rv++;
1922                 }
1923         }
1924         return rv;
1925 }
1926 #endif
1927
1928 /*
1929  * Add multicast source filter list to the interface list
1930  */
1931 static int ip_mc_add_src(struct in_device *in_dev, __be32 *pmca, int sfmode,
1932                          int sfcount, __be32 *psfsrc, int delta)
1933 {
1934         struct ip_mc_list *pmc;
1935         int     isexclude;
1936         int     i, err;
1937
1938         if (!in_dev)
1939                 return -ENODEV;
1940         rcu_read_lock();
1941         for_each_pmc_rcu(in_dev, pmc) {
1942                 if (*pmca == pmc->multiaddr)
1943                         break;
1944         }
1945         if (!pmc) {
1946                 /* MCA not found?? bug */
1947                 rcu_read_unlock();
1948                 return -ESRCH;
1949         }
1950         spin_lock_bh(&pmc->lock);
1951         rcu_read_unlock();
1952
1953 #ifdef CONFIG_IP_MULTICAST
1954         sf_markstate(pmc);
1955 #endif
1956         isexclude = pmc->sfmode == MCAST_EXCLUDE;
1957         if (!delta)
1958                 pmc->sfcount[sfmode]++;
1959         err = 0;
1960         for (i = 0; i < sfcount; i++) {
1961                 err = ip_mc_add1_src(pmc, sfmode, &psfsrc[i]);
1962                 if (err)
1963                         break;
1964         }
1965         if (err) {
1966                 int j;
1967
1968                 if (!delta)
1969                         pmc->sfcount[sfmode]--;
1970                 for (j = 0; j < i; j++)
1971                         (void) ip_mc_del1_src(pmc, sfmode, &psfsrc[j]);
1972         } else if (isexclude != (pmc->sfcount[MCAST_EXCLUDE] != 0)) {
1973 #ifdef CONFIG_IP_MULTICAST
1974                 struct ip_sf_list *psf;
1975                 in_dev = pmc->interface;
1976 #endif
1977
1978                 /* filter mode change */
1979                 if (pmc->sfcount[MCAST_EXCLUDE])
1980                         pmc->sfmode = MCAST_EXCLUDE;
1981                 else if (pmc->sfcount[MCAST_INCLUDE])
1982                         pmc->sfmode = MCAST_INCLUDE;
1983 #ifdef CONFIG_IP_MULTICAST
1984                 /* else no filters; keep old mode for reports */
1985
1986                 pmc->crcount = in_dev->mr_qrv ?: sysctl_igmp_qrv;
1987                 in_dev->mr_ifc_count = pmc->crcount;
1988                 for (psf = pmc->sources; psf; psf = psf->sf_next)
1989                         psf->sf_crcount = 0;
1990                 igmp_ifc_event(in_dev);
1991         } else if (sf_setstate(pmc)) {
1992                 igmp_ifc_event(in_dev);
1993 #endif
1994         }
1995         spin_unlock_bh(&pmc->lock);
1996         return err;
1997 }
1998
1999 static void ip_mc_clear_src(struct ip_mc_list *pmc)
2000 {
2001         struct ip_sf_list *psf, *nextpsf;
2002
2003         for (psf = pmc->tomb; psf; psf = nextpsf) {
2004                 nextpsf = psf->sf_next;
2005                 kfree(psf);
2006         }
2007         pmc->tomb = NULL;
2008         for (psf = pmc->sources; psf; psf = nextpsf) {
2009                 nextpsf = psf->sf_next;
2010                 kfree(psf);
2011         }
2012         pmc->sources = NULL;
2013         pmc->sfmode = MCAST_EXCLUDE;
2014         pmc->sfcount[MCAST_INCLUDE] = 0;
2015         pmc->sfcount[MCAST_EXCLUDE] = 1;
2016 }
2017
2018 /* Join a multicast group
2019  */
2020
2021 int ip_mc_join_group(struct sock *sk, struct ip_mreqn *imr)
2022 {
2023         __be32 addr = imr->imr_multiaddr.s_addr;
2024         struct ip_mc_socklist *iml, *i;
2025         struct in_device *in_dev;
2026         struct inet_sock *inet = inet_sk(sk);
2027         struct net *net = sock_net(sk);
2028         int ifindex;
2029         int count = 0;
2030         int err;
2031
2032         ASSERT_RTNL();
2033
2034         if (!ipv4_is_multicast(addr))
2035                 return -EINVAL;
2036
2037         in_dev = ip_mc_find_dev(net, imr);
2038
2039         if (!in_dev) {
2040                 err = -ENODEV;
2041                 goto done;
2042         }
2043
2044         err = -EADDRINUSE;
2045         ifindex = imr->imr_ifindex;
2046         for_each_pmc_rtnl(inet, i) {
2047                 if (i->multi.imr_multiaddr.s_addr == addr &&
2048                     i->multi.imr_ifindex == ifindex)
2049                         goto done;
2050                 count++;
2051         }
2052         err = -ENOBUFS;
2053         if (count >= sysctl_igmp_max_memberships)
2054                 goto done;
2055         iml = sock_kmalloc(sk, sizeof(*iml), GFP_KERNEL);
2056         if (!iml)
2057                 goto done;
2058
2059         memcpy(&iml->multi, imr, sizeof(*imr));
2060         iml->next_rcu = inet->mc_list;
2061         iml->sflist = NULL;
2062         iml->sfmode = MCAST_EXCLUDE;
2063         rcu_assign_pointer(inet->mc_list, iml);
2064         ip_mc_inc_group(in_dev, addr);
2065         err = 0;
2066 done:
2067         return err;
2068 }
2069 EXPORT_SYMBOL(ip_mc_join_group);
2070
2071 static int ip_mc_leave_src(struct sock *sk, struct ip_mc_socklist *iml,
2072                            struct in_device *in_dev)
2073 {
2074         struct ip_sf_socklist *psf = rtnl_dereference(iml->sflist);
2075         int err;
2076
2077         if (!psf) {
2078                 /* any-source empty exclude case */
2079                 return ip_mc_del_src(in_dev, &iml->multi.imr_multiaddr.s_addr,
2080                         iml->sfmode, 0, NULL, 0);
2081         }
2082         err = ip_mc_del_src(in_dev, &iml->multi.imr_multiaddr.s_addr,
2083                         iml->sfmode, psf->sl_count, psf->sl_addr, 0);
2084         RCU_INIT_POINTER(iml->sflist, NULL);
2085         /* decrease mem now to avoid the memleak warning */
2086         atomic_sub(IP_SFLSIZE(psf->sl_max), &sk->sk_omem_alloc);
2087         kfree_rcu(psf, rcu);
2088         return err;
2089 }
2090
2091 int ip_mc_leave_group(struct sock *sk, struct ip_mreqn *imr)
2092 {
2093         struct inet_sock *inet = inet_sk(sk);
2094         struct ip_mc_socklist *iml;
2095         struct ip_mc_socklist __rcu **imlp;
2096         struct in_device *in_dev;
2097         struct net *net = sock_net(sk);
2098         __be32 group = imr->imr_multiaddr.s_addr;
2099         u32 ifindex;
2100         int ret = -EADDRNOTAVAIL;
2101
2102         ASSERT_RTNL();
2103
2104         in_dev = ip_mc_find_dev(net, imr);
2105         if (!in_dev) {
2106                 ret = -ENODEV;
2107                 goto out;
2108         }
2109         ifindex = imr->imr_ifindex;
2110         for (imlp = &inet->mc_list;
2111              (iml = rtnl_dereference(*imlp)) != NULL;
2112              imlp = &iml->next_rcu) {
2113                 if (iml->multi.imr_multiaddr.s_addr != group)
2114                         continue;
2115                 if (ifindex) {
2116                         if (iml->multi.imr_ifindex != ifindex)
2117                                 continue;
2118                 } else if (imr->imr_address.s_addr && imr->imr_address.s_addr !=
2119                                 iml->multi.imr_address.s_addr)
2120                         continue;
2121
2122                 (void) ip_mc_leave_src(sk, iml, in_dev);
2123
2124                 *imlp = iml->next_rcu;
2125
2126                 ip_mc_dec_group(in_dev, group);
2127
2128                 /* decrease mem now to avoid the memleak warning */
2129                 atomic_sub(sizeof(*iml), &sk->sk_omem_alloc);
2130                 kfree_rcu(iml, rcu);
2131                 return 0;
2132         }
2133 out:
2134         return ret;
2135 }
2136 EXPORT_SYMBOL(ip_mc_leave_group);
2137
2138 int ip_mc_source(int add, int omode, struct sock *sk, struct
2139         ip_mreq_source *mreqs, int ifindex)
2140 {
2141         int err;
2142         struct ip_mreqn imr;
2143         __be32 addr = mreqs->imr_multiaddr;
2144         struct ip_mc_socklist *pmc;
2145         struct in_device *in_dev = NULL;
2146         struct inet_sock *inet = inet_sk(sk);
2147         struct ip_sf_socklist *psl;
2148         struct net *net = sock_net(sk);
2149         int leavegroup = 0;
2150         int i, j, rv;
2151
2152         if (!ipv4_is_multicast(addr))
2153                 return -EINVAL;
2154
2155         ASSERT_RTNL();
2156
2157         imr.imr_multiaddr.s_addr = mreqs->imr_multiaddr;
2158         imr.imr_address.s_addr = mreqs->imr_interface;
2159         imr.imr_ifindex = ifindex;
2160         in_dev = ip_mc_find_dev(net, &imr);
2161
2162         if (!in_dev) {
2163                 err = -ENODEV;
2164                 goto done;
2165         }
2166         err = -EADDRNOTAVAIL;
2167
2168         for_each_pmc_rtnl(inet, pmc) {
2169                 if ((pmc->multi.imr_multiaddr.s_addr ==
2170                      imr.imr_multiaddr.s_addr) &&
2171                     (pmc->multi.imr_ifindex == imr.imr_ifindex))
2172                         break;
2173         }
2174         if (!pmc) {             /* must have a prior join */
2175                 err = -EINVAL;
2176                 goto done;
2177         }
2178         /* if a source filter was set, must be the same mode as before */
2179         if (pmc->sflist) {
2180                 if (pmc->sfmode != omode) {
2181                         err = -EINVAL;
2182                         goto done;
2183                 }
2184         } else if (pmc->sfmode != omode) {
2185                 /* allow mode switches for empty-set filters */
2186                 ip_mc_add_src(in_dev, &mreqs->imr_multiaddr, omode, 0, NULL, 0);
2187                 ip_mc_del_src(in_dev, &mreqs->imr_multiaddr, pmc->sfmode, 0,
2188                         NULL, 0);
2189                 pmc->sfmode = omode;
2190         }
2191
2192         psl = rtnl_dereference(pmc->sflist);
2193         if (!add) {
2194                 if (!psl)
2195                         goto done;      /* err = -EADDRNOTAVAIL */
2196                 rv = !0;
2197                 for (i = 0; i < psl->sl_count; i++) {
2198                         rv = memcmp(&psl->sl_addr[i], &mreqs->imr_sourceaddr,
2199                                 sizeof(__be32));
2200                         if (rv == 0)
2201                                 break;
2202                 }
2203                 if (rv)         /* source not found */
2204                         goto done;      /* err = -EADDRNOTAVAIL */
2205
2206                 /* special case - (INCLUDE, empty) == LEAVE_GROUP */
2207                 if (psl->sl_count == 1 && omode == MCAST_INCLUDE) {
2208                         leavegroup = 1;
2209                         goto done;
2210                 }
2211
2212                 /* update the interface filter */
2213                 ip_mc_del_src(in_dev, &mreqs->imr_multiaddr, omode, 1,
2214                         &mreqs->imr_sourceaddr, 1);
2215
2216                 for (j = i+1; j < psl->sl_count; j++)
2217                         psl->sl_addr[j-1] = psl->sl_addr[j];
2218                 psl->sl_count--;
2219                 err = 0;
2220                 goto done;
2221         }
2222         /* else, add a new source to the filter */
2223
2224         if (psl && psl->sl_count >= sysctl_igmp_max_msf) {
2225                 err = -ENOBUFS;
2226                 goto done;
2227         }
2228         if (!psl || psl->sl_count == psl->sl_max) {
2229                 struct ip_sf_socklist *newpsl;
2230                 int count = IP_SFBLOCK;
2231
2232                 if (psl)
2233                         count += psl->sl_max;
2234                 newpsl = sock_kmalloc(sk, IP_SFLSIZE(count), GFP_KERNEL);
2235                 if (!newpsl) {
2236                         err = -ENOBUFS;
2237                         goto done;
2238                 }
2239                 newpsl->sl_max = count;
2240                 newpsl->sl_count = count - IP_SFBLOCK;
2241                 if (psl) {
2242                         for (i = 0; i < psl->sl_count; i++)
2243                                 newpsl->sl_addr[i] = psl->sl_addr[i];
2244                         /* decrease mem now to avoid the memleak warning */
2245                         atomic_sub(IP_SFLSIZE(psl->sl_max), &sk->sk_omem_alloc);
2246                         kfree_rcu(psl, rcu);
2247                 }
2248                 rcu_assign_pointer(pmc->sflist, newpsl);
2249                 psl = newpsl;
2250         }
2251         rv = 1; /* > 0 for insert logic below if sl_count is 0 */
2252         for (i = 0; i < psl->sl_count; i++) {
2253                 rv = memcmp(&psl->sl_addr[i], &mreqs->imr_sourceaddr,
2254                         sizeof(__be32));
2255                 if (rv == 0)
2256                         break;
2257         }
2258         if (rv == 0)            /* address already there is an error */
2259                 goto done;
2260         for (j = psl->sl_count-1; j >= i; j--)
2261                 psl->sl_addr[j+1] = psl->sl_addr[j];
2262         psl->sl_addr[i] = mreqs->imr_sourceaddr;
2263         psl->sl_count++;
2264         err = 0;
2265         /* update the interface list */
2266         ip_mc_add_src(in_dev, &mreqs->imr_multiaddr, omode, 1,
2267                 &mreqs->imr_sourceaddr, 1);
2268 done:
2269         if (leavegroup)
2270                 err = ip_mc_leave_group(sk, &imr);
2271         return err;
2272 }
2273
2274 int ip_mc_msfilter(struct sock *sk, struct ip_msfilter *msf, int ifindex)
2275 {
2276         int err = 0;
2277         struct ip_mreqn imr;
2278         __be32 addr = msf->imsf_multiaddr;
2279         struct ip_mc_socklist *pmc;
2280         struct in_device *in_dev;
2281         struct inet_sock *inet = inet_sk(sk);
2282         struct ip_sf_socklist *newpsl, *psl;
2283         struct net *net = sock_net(sk);
2284         int leavegroup = 0;
2285
2286         if (!ipv4_is_multicast(addr))
2287                 return -EINVAL;
2288         if (msf->imsf_fmode != MCAST_INCLUDE &&
2289             msf->imsf_fmode != MCAST_EXCLUDE)
2290                 return -EINVAL;
2291
2292         ASSERT_RTNL();
2293
2294         imr.imr_multiaddr.s_addr = msf->imsf_multiaddr;
2295         imr.imr_address.s_addr = msf->imsf_interface;
2296         imr.imr_ifindex = ifindex;
2297         in_dev = ip_mc_find_dev(net, &imr);
2298
2299         if (!in_dev) {
2300                 err = -ENODEV;
2301                 goto done;
2302         }
2303
2304         /* special case - (INCLUDE, empty) == LEAVE_GROUP */
2305         if (msf->imsf_fmode == MCAST_INCLUDE && msf->imsf_numsrc == 0) {
2306                 leavegroup = 1;
2307                 goto done;
2308         }
2309
2310         for_each_pmc_rtnl(inet, pmc) {
2311                 if (pmc->multi.imr_multiaddr.s_addr == msf->imsf_multiaddr &&
2312                     pmc->multi.imr_ifindex == imr.imr_ifindex)
2313                         break;
2314         }
2315         if (!pmc) {             /* must have a prior join */
2316                 err = -EINVAL;
2317                 goto done;
2318         }
2319         if (msf->imsf_numsrc) {
2320                 newpsl = sock_kmalloc(sk, IP_SFLSIZE(msf->imsf_numsrc),
2321                                                            GFP_KERNEL);
2322                 if (!newpsl) {
2323                         err = -ENOBUFS;
2324                         goto done;
2325                 }
2326                 newpsl->sl_max = newpsl->sl_count = msf->imsf_numsrc;
2327                 memcpy(newpsl->sl_addr, msf->imsf_slist,
2328                         msf->imsf_numsrc * sizeof(msf->imsf_slist[0]));
2329                 err = ip_mc_add_src(in_dev, &msf->imsf_multiaddr,
2330                         msf->imsf_fmode, newpsl->sl_count, newpsl->sl_addr, 0);
2331                 if (err) {
2332                         sock_kfree_s(sk, newpsl, IP_SFLSIZE(newpsl->sl_max));
2333                         goto done;
2334                 }
2335         } else {
2336                 newpsl = NULL;
2337                 (void) ip_mc_add_src(in_dev, &msf->imsf_multiaddr,
2338                                      msf->imsf_fmode, 0, NULL, 0);
2339         }
2340         psl = rtnl_dereference(pmc->sflist);
2341         if (psl) {
2342                 (void) ip_mc_del_src(in_dev, &msf->imsf_multiaddr, pmc->sfmode,
2343                         psl->sl_count, psl->sl_addr, 0);
2344                 /* decrease mem now to avoid the memleak warning */
2345                 atomic_sub(IP_SFLSIZE(psl->sl_max), &sk->sk_omem_alloc);
2346                 kfree_rcu(psl, rcu);
2347         } else
2348                 (void) ip_mc_del_src(in_dev, &msf->imsf_multiaddr, pmc->sfmode,
2349                         0, NULL, 0);
2350         rcu_assign_pointer(pmc->sflist, newpsl);
2351         pmc->sfmode = msf->imsf_fmode;
2352         err = 0;
2353 done:
2354         if (leavegroup)
2355                 err = ip_mc_leave_group(sk, &imr);
2356         return err;
2357 }
2358
2359 int ip_mc_msfget(struct sock *sk, struct ip_msfilter *msf,
2360         struct ip_msfilter __user *optval, int __user *optlen)
2361 {
2362         int err, len, count, copycount;
2363         struct ip_mreqn imr;
2364         __be32 addr = msf->imsf_multiaddr;
2365         struct ip_mc_socklist *pmc;
2366         struct in_device *in_dev;
2367         struct inet_sock *inet = inet_sk(sk);
2368         struct ip_sf_socklist *psl;
2369         struct net *net = sock_net(sk);
2370
2371         if (!ipv4_is_multicast(addr))
2372                 return -EINVAL;
2373
2374         rtnl_lock();
2375
2376         imr.imr_multiaddr.s_addr = msf->imsf_multiaddr;
2377         imr.imr_address.s_addr = msf->imsf_interface;
2378         imr.imr_ifindex = 0;
2379         in_dev = ip_mc_find_dev(net, &imr);
2380
2381         if (!in_dev) {
2382                 err = -ENODEV;
2383                 goto done;
2384         }
2385         err = -EADDRNOTAVAIL;
2386
2387         for_each_pmc_rtnl(inet, pmc) {
2388                 if (pmc->multi.imr_multiaddr.s_addr == msf->imsf_multiaddr &&
2389                     pmc->multi.imr_ifindex == imr.imr_ifindex)
2390                         break;
2391         }
2392         if (!pmc)               /* must have a prior join */
2393                 goto done;
2394         msf->imsf_fmode = pmc->sfmode;
2395         psl = rtnl_dereference(pmc->sflist);
2396         rtnl_unlock();
2397         if (!psl) {
2398                 len = 0;
2399                 count = 0;
2400         } else {
2401                 count = psl->sl_count;
2402         }
2403         copycount = count < msf->imsf_numsrc ? count : msf->imsf_numsrc;
2404         len = copycount * sizeof(psl->sl_addr[0]);
2405         msf->imsf_numsrc = count;
2406         if (put_user(IP_MSFILTER_SIZE(copycount), optlen) ||
2407             copy_to_user(optval, msf, IP_MSFILTER_SIZE(0))) {
2408                 return -EFAULT;
2409         }
2410         if (len &&
2411             copy_to_user(&optval->imsf_slist[0], psl->sl_addr, len))
2412                 return -EFAULT;
2413         return 0;
2414 done:
2415         rtnl_unlock();
2416         return err;
2417 }
2418
2419 int ip_mc_gsfget(struct sock *sk, struct group_filter *gsf,
2420         struct group_filter __user *optval, int __user *optlen)
2421 {
2422         int err, i, count, copycount;
2423         struct sockaddr_in *psin;
2424         __be32 addr;
2425         struct ip_mc_socklist *pmc;
2426         struct inet_sock *inet = inet_sk(sk);
2427         struct ip_sf_socklist *psl;
2428
2429         psin = (struct sockaddr_in *)&gsf->gf_group;
2430         if (psin->sin_family != AF_INET)
2431                 return -EINVAL;
2432         addr = psin->sin_addr.s_addr;
2433         if (!ipv4_is_multicast(addr))
2434                 return -EINVAL;
2435
2436         rtnl_lock();
2437
2438         err = -EADDRNOTAVAIL;
2439
2440         for_each_pmc_rtnl(inet, pmc) {
2441                 if (pmc->multi.imr_multiaddr.s_addr == addr &&
2442                     pmc->multi.imr_ifindex == gsf->gf_interface)
2443                         break;
2444         }
2445         if (!pmc)               /* must have a prior join */
2446                 goto done;
2447         gsf->gf_fmode = pmc->sfmode;
2448         psl = rtnl_dereference(pmc->sflist);
2449         rtnl_unlock();
2450         count = psl ? psl->sl_count : 0;
2451         copycount = count < gsf->gf_numsrc ? count : gsf->gf_numsrc;
2452         gsf->gf_numsrc = count;
2453         if (put_user(GROUP_FILTER_SIZE(copycount), optlen) ||
2454             copy_to_user(optval, gsf, GROUP_FILTER_SIZE(0))) {
2455                 return -EFAULT;
2456         }
2457         for (i = 0; i < copycount; i++) {
2458                 struct sockaddr_storage ss;
2459
2460                 psin = (struct sockaddr_in *)&ss;
2461                 memset(&ss, 0, sizeof(ss));
2462                 psin->sin_family = AF_INET;
2463                 psin->sin_addr.s_addr = psl->sl_addr[i];
2464                 if (copy_to_user(&optval->gf_slist[i], &ss, sizeof(ss)))
2465                         return -EFAULT;
2466         }
2467         return 0;
2468 done:
2469         rtnl_unlock();
2470         return err;
2471 }
2472
2473 /*
2474  * check if a multicast source filter allows delivery for a given <src,dst,intf>
2475  */
2476 int ip_mc_sf_allow(struct sock *sk, __be32 loc_addr, __be32 rmt_addr, int dif)
2477 {
2478         struct inet_sock *inet = inet_sk(sk);
2479         struct ip_mc_socklist *pmc;
2480         struct ip_sf_socklist *psl;
2481         int i;
2482         int ret;
2483
2484         ret = 1;
2485         if (!ipv4_is_multicast(loc_addr))
2486                 goto out;
2487
2488         rcu_read_lock();
2489         for_each_pmc_rcu(inet, pmc) {
2490                 if (pmc->multi.imr_multiaddr.s_addr == loc_addr &&
2491                     pmc->multi.imr_ifindex == dif)
2492                         break;
2493         }
2494         ret = inet->mc_all;
2495         if (!pmc)
2496                 goto unlock;
2497         psl = rcu_dereference(pmc->sflist);
2498         ret = (pmc->sfmode == MCAST_EXCLUDE);
2499         if (!psl)
2500                 goto unlock;
2501
2502         for (i = 0; i < psl->sl_count; i++) {
2503                 if (psl->sl_addr[i] == rmt_addr)
2504                         break;
2505         }
2506         ret = 0;
2507         if (pmc->sfmode == MCAST_INCLUDE && i >= psl->sl_count)
2508                 goto unlock;
2509         if (pmc->sfmode == MCAST_EXCLUDE && i < psl->sl_count)
2510                 goto unlock;
2511         ret = 1;
2512 unlock:
2513         rcu_read_unlock();
2514 out:
2515         return ret;
2516 }
2517
2518 /*
2519  *      A socket is closing.
2520  */
2521
2522 void ip_mc_drop_socket(struct sock *sk)
2523 {
2524         struct inet_sock *inet = inet_sk(sk);
2525         struct ip_mc_socklist *iml;
2526         struct net *net = sock_net(sk);
2527
2528         if (!inet->mc_list)
2529                 return;
2530
2531         rtnl_lock();
2532         while ((iml = rtnl_dereference(inet->mc_list)) != NULL) {
2533                 struct in_device *in_dev;
2534
2535                 inet->mc_list = iml->next_rcu;
2536                 in_dev = inetdev_by_index(net, iml->multi.imr_ifindex);
2537                 (void) ip_mc_leave_src(sk, iml, in_dev);
2538                 if (in_dev)
2539                         ip_mc_dec_group(in_dev, iml->multi.imr_multiaddr.s_addr);
2540                 /* decrease mem now to avoid the memleak warning */
2541                 atomic_sub(sizeof(*iml), &sk->sk_omem_alloc);
2542                 kfree_rcu(iml, rcu);
2543         }
2544         rtnl_unlock();
2545 }
2546
2547 /* called with rcu_read_lock() */
2548 int ip_check_mc_rcu(struct in_device *in_dev, __be32 mc_addr, __be32 src_addr, u16 proto)
2549 {
2550         struct ip_mc_list *im;
2551         struct ip_mc_list __rcu **mc_hash;
2552         struct ip_sf_list *psf;
2553         int rv = 0;
2554
2555         mc_hash = rcu_dereference(in_dev->mc_hash);
2556         if (mc_hash) {
2557                 u32 hash = hash_32((__force u32)mc_addr, MC_HASH_SZ_LOG);
2558
2559                 for (im = rcu_dereference(mc_hash[hash]);
2560                      im != NULL;
2561                      im = rcu_dereference(im->next_hash)) {
2562                         if (im->multiaddr == mc_addr)
2563                                 break;
2564                 }
2565         } else {
2566                 for_each_pmc_rcu(in_dev, im) {
2567                         if (im->multiaddr == mc_addr)
2568                                 break;
2569                 }
2570         }
2571         if (im && proto == IPPROTO_IGMP) {
2572                 rv = 1;
2573         } else if (im) {
2574                 if (src_addr) {
2575                         for (psf = im->sources; psf; psf = psf->sf_next) {
2576                                 if (psf->sf_inaddr == src_addr)
2577                                         break;
2578                         }
2579                         if (psf)
2580                                 rv = psf->sf_count[MCAST_INCLUDE] ||
2581                                         psf->sf_count[MCAST_EXCLUDE] !=
2582                                         im->sfcount[MCAST_EXCLUDE];
2583                         else
2584                                 rv = im->sfcount[MCAST_EXCLUDE] != 0;
2585                 } else
2586                         rv = 1; /* unspecified source; tentatively allow */
2587         }
2588         return rv;
2589 }
2590
2591 #if defined(CONFIG_PROC_FS)
2592 struct igmp_mc_iter_state {
2593         struct seq_net_private p;
2594         struct net_device *dev;
2595         struct in_device *in_dev;
2596 };
2597
2598 #define igmp_mc_seq_private(seq)        ((struct igmp_mc_iter_state *)(seq)->private)
2599
2600 static inline struct ip_mc_list *igmp_mc_get_first(struct seq_file *seq)
2601 {
2602         struct net *net = seq_file_net(seq);
2603         struct ip_mc_list *im = NULL;
2604         struct igmp_mc_iter_state *state = igmp_mc_seq_private(seq);
2605
2606         state->in_dev = NULL;
2607         for_each_netdev_rcu(net, state->dev) {
2608                 struct in_device *in_dev;
2609
2610                 in_dev = __in_dev_get_rcu(state->dev);
2611                 if (!in_dev)
2612                         continue;
2613                 im = rcu_dereference(in_dev->mc_list);
2614                 if (im) {
2615                         state->in_dev = in_dev;
2616                         break;
2617                 }
2618         }
2619         return im;
2620 }
2621
2622 static struct ip_mc_list *igmp_mc_get_next(struct seq_file *seq, struct ip_mc_list *im)
2623 {
2624         struct igmp_mc_iter_state *state = igmp_mc_seq_private(seq);
2625
2626         im = rcu_dereference(im->next_rcu);
2627         while (!im) {
2628                 state->dev = next_net_device_rcu(state->dev);
2629                 if (!state->dev) {
2630                         state->in_dev = NULL;
2631                         break;
2632                 }
2633                 state->in_dev = __in_dev_get_rcu(state->dev);
2634                 if (!state->in_dev)
2635                         continue;
2636                 im = rcu_dereference(state->in_dev->mc_list);
2637         }
2638         return im;
2639 }
2640
2641 static struct ip_mc_list *igmp_mc_get_idx(struct seq_file *seq, loff_t pos)
2642 {
2643         struct ip_mc_list *im = igmp_mc_get_first(seq);
2644         if (im)
2645                 while (pos && (im = igmp_mc_get_next(seq, im)) != NULL)
2646                         --pos;
2647         return pos ? NULL : im;
2648 }
2649
2650 static void *igmp_mc_seq_start(struct seq_file *seq, loff_t *pos)
2651         __acquires(rcu)
2652 {
2653         rcu_read_lock();
2654         return *pos ? igmp_mc_get_idx(seq, *pos - 1) : SEQ_START_TOKEN;
2655 }
2656
2657 static void *igmp_mc_seq_next(struct seq_file *seq, void *v, loff_t *pos)
2658 {
2659         struct ip_mc_list *im;
2660         if (v == SEQ_START_TOKEN)
2661                 im = igmp_mc_get_first(seq);
2662         else
2663                 im = igmp_mc_get_next(seq, v);
2664         ++*pos;
2665         return im;
2666 }
2667
2668 static void igmp_mc_seq_stop(struct seq_file *seq, void *v)
2669         __releases(rcu)
2670 {
2671         struct igmp_mc_iter_state *state = igmp_mc_seq_private(seq);
2672
2673         state->in_dev = NULL;
2674         state->dev = NULL;
2675         rcu_read_unlock();
2676 }
2677
2678 static int igmp_mc_seq_show(struct seq_file *seq, void *v)
2679 {
2680         if (v == SEQ_START_TOKEN)
2681                 seq_puts(seq,
2682                          "Idx\tDevice    : Count Querier\tGroup    Users Timer\tReporter\n");
2683         else {
2684                 struct ip_mc_list *im = (struct ip_mc_list *)v;
2685                 struct igmp_mc_iter_state *state = igmp_mc_seq_private(seq);
2686                 char   *querier;
2687                 long delta;
2688
2689 #ifdef CONFIG_IP_MULTICAST
2690                 querier = IGMP_V1_SEEN(state->in_dev) ? "V1" :
2691                           IGMP_V2_SEEN(state->in_dev) ? "V2" :
2692                           "V3";
2693 #else
2694                 querier = "NONE";
2695 #endif
2696
2697                 if (rcu_access_pointer(state->in_dev->mc_list) == im) {
2698                         seq_printf(seq, "%d\t%-10s: %5d %7s\n",
2699                                    state->dev->ifindex, state->dev->name, state->in_dev->mc_count, querier);
2700                 }
2701
2702                 delta = im->timer.expires - jiffies;
2703                 seq_printf(seq,
2704                            "\t\t\t\t%08X %5d %d:%08lX\t\t%d\n",
2705                            im->multiaddr, im->users,
2706                            im->tm_running,
2707                            im->tm_running ? jiffies_delta_to_clock_t(delta) : 0,
2708                            im->reporter);
2709         }
2710         return 0;
2711 }
2712
2713 static const struct seq_operations igmp_mc_seq_ops = {
2714         .start  =       igmp_mc_seq_start,
2715         .next   =       igmp_mc_seq_next,
2716         .stop   =       igmp_mc_seq_stop,
2717         .show   =       igmp_mc_seq_show,
2718 };
2719
2720 static int igmp_mc_seq_open(struct inode *inode, struct file *file)
2721 {
2722         return seq_open_net(inode, file, &igmp_mc_seq_ops,
2723                         sizeof(struct igmp_mc_iter_state));
2724 }
2725
2726 static const struct file_operations igmp_mc_seq_fops = {
2727         .owner          =       THIS_MODULE,
2728         .open           =       igmp_mc_seq_open,
2729         .read           =       seq_read,
2730         .llseek         =       seq_lseek,
2731         .release        =       seq_release_net,
2732 };
2733
2734 struct igmp_mcf_iter_state {
2735         struct seq_net_private p;
2736         struct net_device *dev;
2737         struct in_device *idev;
2738         struct ip_mc_list *im;
2739 };
2740
2741 #define igmp_mcf_seq_private(seq)       ((struct igmp_mcf_iter_state *)(seq)->private)
2742
2743 static inline struct ip_sf_list *igmp_mcf_get_first(struct seq_file *seq)
2744 {
2745         struct net *net = seq_file_net(seq);
2746         struct ip_sf_list *psf = NULL;
2747         struct ip_mc_list *im = NULL;
2748         struct igmp_mcf_iter_state *state = igmp_mcf_seq_private(seq);
2749
2750         state->idev = NULL;
2751         state->im = NULL;
2752         for_each_netdev_rcu(net, state->dev) {
2753                 struct in_device *idev;
2754                 idev = __in_dev_get_rcu(state->dev);
2755                 if (unlikely(!idev))
2756                         continue;
2757                 im = rcu_dereference(idev->mc_list);
2758                 if (likely(im)) {
2759                         spin_lock_bh(&im->lock);
2760                         psf = im->sources;
2761                         if (likely(psf)) {
2762                                 state->im = im;
2763                                 state->idev = idev;
2764                                 break;
2765                         }
2766                         spin_unlock_bh(&im->lock);
2767                 }
2768         }
2769         return psf;
2770 }
2771
2772 static struct ip_sf_list *igmp_mcf_get_next(struct seq_file *seq, struct ip_sf_list *psf)
2773 {
2774         struct igmp_mcf_iter_state *state = igmp_mcf_seq_private(seq);
2775
2776         psf = psf->sf_next;
2777         while (!psf) {
2778                 spin_unlock_bh(&state->im->lock);
2779                 state->im = state->im->next;
2780                 while (!state->im) {
2781                         state->dev = next_net_device_rcu(state->dev);
2782                         if (!state->dev) {
2783                                 state->idev = NULL;
2784                                 goto out;
2785                         }
2786                         state->idev = __in_dev_get_rcu(state->dev);
2787                         if (!state->idev)
2788                                 continue;
2789                         state->im = rcu_dereference(state->idev->mc_list);
2790                 }
2791                 if (!state->im)
2792                         break;
2793                 spin_lock_bh(&state->im->lock);
2794                 psf = state->im->sources;
2795         }
2796 out:
2797         return psf;
2798 }
2799
2800 static struct ip_sf_list *igmp_mcf_get_idx(struct seq_file *seq, loff_t pos)
2801 {
2802         struct ip_sf_list *psf = igmp_mcf_get_first(seq);
2803         if (psf)
2804                 while (pos && (psf = igmp_mcf_get_next(seq, psf)) != NULL)
2805                         --pos;
2806         return pos ? NULL : psf;
2807 }
2808
2809 static void *igmp_mcf_seq_start(struct seq_file *seq, loff_t *pos)
2810         __acquires(rcu)
2811 {
2812         rcu_read_lock();
2813         return *pos ? igmp_mcf_get_idx(seq, *pos - 1) : SEQ_START_TOKEN;
2814 }
2815
2816 static void *igmp_mcf_seq_next(struct seq_file *seq, void *v, loff_t *pos)
2817 {
2818         struct ip_sf_list *psf;
2819         if (v == SEQ_START_TOKEN)
2820                 psf = igmp_mcf_get_first(seq);
2821         else
2822                 psf = igmp_mcf_get_next(seq, v);
2823         ++*pos;
2824         return psf;
2825 }
2826
2827 static void igmp_mcf_seq_stop(struct seq_file *seq, void *v)
2828         __releases(rcu)
2829 {
2830         struct igmp_mcf_iter_state *state = igmp_mcf_seq_private(seq);
2831         if (likely(state->im)) {
2832                 spin_unlock_bh(&state->im->lock);
2833                 state->im = NULL;
2834         }
2835         state->idev = NULL;
2836         state->dev = NULL;
2837         rcu_read_unlock();
2838 }
2839
2840 static int igmp_mcf_seq_show(struct seq_file *seq, void *v)
2841 {
2842         struct ip_sf_list *psf = (struct ip_sf_list *)v;
2843         struct igmp_mcf_iter_state *state = igmp_mcf_seq_private(seq);
2844
2845         if (v == SEQ_START_TOKEN) {
2846                 seq_puts(seq, "Idx Device        MCA        SRC    INC    EXC\n");
2847         } else {
2848                 seq_printf(seq,
2849                            "%3d %6.6s 0x%08x "
2850                            "0x%08x %6lu %6lu\n",
2851                            state->dev->ifindex, state->dev->name,
2852                            ntohl(state->im->multiaddr),
2853                            ntohl(psf->sf_inaddr),
2854                            psf->sf_count[MCAST_INCLUDE],
2855                            psf->sf_count[MCAST_EXCLUDE]);
2856         }
2857         return 0;
2858 }
2859
2860 static const struct seq_operations igmp_mcf_seq_ops = {
2861         .start  =       igmp_mcf_seq_start,
2862         .next   =       igmp_mcf_seq_next,
2863         .stop   =       igmp_mcf_seq_stop,
2864         .show   =       igmp_mcf_seq_show,
2865 };
2866
2867 static int igmp_mcf_seq_open(struct inode *inode, struct file *file)
2868 {
2869         return seq_open_net(inode, file, &igmp_mcf_seq_ops,
2870                         sizeof(struct igmp_mcf_iter_state));
2871 }
2872
2873 static const struct file_operations igmp_mcf_seq_fops = {
2874         .owner          =       THIS_MODULE,
2875         .open           =       igmp_mcf_seq_open,
2876         .read           =       seq_read,
2877         .llseek         =       seq_lseek,
2878         .release        =       seq_release_net,
2879 };
2880
2881 static int __net_init igmp_net_init(struct net *net)
2882 {
2883         struct proc_dir_entry *pde;
2884         int err;
2885
2886         pde = proc_create("igmp", S_IRUGO, net->proc_net, &igmp_mc_seq_fops);
2887         if (!pde)
2888                 goto out_igmp;
2889         pde = proc_create("mcfilter", S_IRUGO, net->proc_net,
2890                           &igmp_mcf_seq_fops);
2891         if (!pde)
2892                 goto out_mcfilter;
2893         err = inet_ctl_sock_create(&net->ipv4.mc_autojoin_sk, AF_INET,
2894                                    SOCK_DGRAM, 0, net);
2895         if (err < 0) {
2896                 pr_err("Failed to initialize the IGMP autojoin socket (err %d)\n",
2897                        err);
2898                 goto out_sock;
2899         }
2900
2901         return 0;
2902
2903 out_sock:
2904         remove_proc_entry("mcfilter", net->proc_net);
2905 out_mcfilter:
2906         remove_proc_entry("igmp", net->proc_net);
2907 out_igmp:
2908         return -ENOMEM;
2909 }
2910
2911 static void __net_exit igmp_net_exit(struct net *net)
2912 {
2913         remove_proc_entry("mcfilter", net->proc_net);
2914         remove_proc_entry("igmp", net->proc_net);
2915         inet_ctl_sock_destroy(net->ipv4.mc_autojoin_sk);
2916 }
2917
2918 static struct pernet_operations igmp_net_ops = {
2919         .init = igmp_net_init,
2920         .exit = igmp_net_exit,
2921 };
2922 #endif
2923
2924 static int igmp_netdev_event(struct notifier_block *this,
2925                              unsigned long event, void *ptr)
2926 {
2927         struct net_device *dev = netdev_notifier_info_to_dev(ptr);
2928         struct in_device *in_dev;
2929
2930         switch (event) {
2931         case NETDEV_RESEND_IGMP:
2932                 in_dev = __in_dev_get_rtnl(dev);
2933                 if (in_dev)
2934                         ip_mc_rejoin_groups(in_dev);
2935                 break;
2936         default:
2937                 break;
2938         }
2939         return NOTIFY_DONE;
2940 }
2941
2942 static struct notifier_block igmp_notifier = {
2943         .notifier_call = igmp_netdev_event,
2944 };
2945
2946 int __init igmp_mc_init(void)
2947 {
2948 #if defined(CONFIG_PROC_FS)
2949         int err;
2950
2951         err = register_pernet_subsys(&igmp_net_ops);
2952         if (err)
2953                 return err;
2954         err = register_netdevice_notifier(&igmp_notifier);
2955         if (err)
2956                 goto reg_notif_fail;
2957         return 0;
2958
2959 reg_notif_fail:
2960         unregister_pernet_subsys(&igmp_net_ops);
2961         return err;
2962 #else
2963         return register_netdevice_notifier(&igmp_notifier);
2964 #endif
2965 }
Freescale DCU DRM driver