search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
memcg: free spare array to avoid memory leak
[zen-stable.git] / net / bridge / br_multicast.c
blob27ca25ed70216979790ffd6c555baaf88bf4e7a4
1 /*
2 * Bridge multicast support.
3 *
4 * Copyright (c) 2010 Herbert Xu <herbert@gondor.apana.org.au>
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the Free
8 * Software Foundation; either version 2 of the License, or (at your option)
9 * any later version.
10 *
11 */
12
13 #include <linux/err.h>
14 #include <linux/if_ether.h>
15 #include <linux/igmp.h>
16 #include <linux/jhash.h>
17 #include <linux/kernel.h>
18 #include <linux/log2.h>
19 #include <linux/netdevice.h>
20 #include <linux/netfilter_bridge.h>
21 #include <linux/random.h>
22 #include <linux/rculist.h>
23 #include <linux/skbuff.h>
24 #include <linux/slab.h>
25 #include <linux/timer.h>
26 #include <net/ip.h>
27 #if IS_ENABLED(CONFIG_IPV6)
28 #include <net/ipv6.h>
29 #include <net/mld.h>
30 #include <net/addrconf.h>
31 #include <net/ip6_checksum.h>
32 #endif
33
34 #include "br_private.h"
35
36 #define mlock_dereference(X, br) \
37 rcu_dereference_protected(X, lockdep_is_held(&br->multicast_lock))
38
39 #if IS_ENABLED(CONFIG_IPV6)
40 static inline int ipv6_is_transient_multicast(const struct in6_addr *addr)
41 {
42 if (ipv6_addr_is_multicast(addr) && IPV6_ADDR_MC_FLAG_TRANSIENT(addr))
43 return 1;
44 return 0;
45 }
46 #endif
47
48 static inline int br_ip_equal(const struct br_ip *a, const struct br_ip *b)
49 {
50 if (a->proto != b->proto)
51 return 0;
52 switch (a->proto) {
53 case htons(ETH_P_IP):
54 return a->u.ip4 == b->u.ip4;
55 #if IS_ENABLED(CONFIG_IPV6)
56 case htons(ETH_P_IPV6):
57 return ipv6_addr_equal(&a->u.ip6, &b->u.ip6);
58 #endif
59 }
60 return 0;
61 }
62
63 static inline int __br_ip4_hash(struct net_bridge_mdb_htable *mdb, __be32 ip)
64 {
65 return jhash_1word(mdb->secret, (__force u32)ip) & (mdb->max - 1);
66 }
67
68 #if IS_ENABLED(CONFIG_IPV6)
69 static inline int __br_ip6_hash(struct net_bridge_mdb_htable *mdb,
70 const struct in6_addr *ip)
71 {
72 return jhash2((__force u32 *)ip->s6_addr32, 4, mdb->secret) & (mdb->max - 1);
73 }
74 #endif
75
76 static inline int br_ip_hash(struct net_bridge_mdb_htable *mdb,
77 struct br_ip *ip)
78 {
79 switch (ip->proto) {
80 case htons(ETH_P_IP):
81 return __br_ip4_hash(mdb, ip->u.ip4);
82 #if IS_ENABLED(CONFIG_IPV6)
83 case htons(ETH_P_IPV6):
84 return __br_ip6_hash(mdb, &ip->u.ip6);
85 #endif
86 }
87 return 0;
88 }
89
90 static struct net_bridge_mdb_entry *__br_mdb_ip_get(
91 struct net_bridge_mdb_htable *mdb, struct br_ip *dst, int hash)
92 {
93 struct net_bridge_mdb_entry *mp;
94 struct hlist_node *p;
95
96 hlist_for_each_entry_rcu(mp, p, &mdb->mhash[hash], hlist[mdb->ver]) {
97 if (br_ip_equal(&mp->addr, dst))
98 return mp;
99 }
100
101 return NULL;
102 }
103
104 static struct net_bridge_mdb_entry *br_mdb_ip_get(
105 struct net_bridge_mdb_htable *mdb, struct br_ip *dst)
106 {
107 if (!mdb)
108 return NULL;
109
110 return __br_mdb_ip_get(mdb, dst, br_ip_hash(mdb, dst));
111 }
112
113 static struct net_bridge_mdb_entry *br_mdb_ip4_get(
114 struct net_bridge_mdb_htable *mdb, __be32 dst)
115 {
116 struct br_ip br_dst;
117
118 br_dst.u.ip4 = dst;
119 br_dst.proto = htons(ETH_P_IP);
120
121 return br_mdb_ip_get(mdb, &br_dst);
122 }
123
124 #if IS_ENABLED(CONFIG_IPV6)
125 static struct net_bridge_mdb_entry *br_mdb_ip6_get(
126 struct net_bridge_mdb_htable *mdb, const struct in6_addr *dst)
127 {
128 struct br_ip br_dst;
129
130 br_dst.u.ip6 = *dst;
131 br_dst.proto = htons(ETH_P_IPV6);
132
133 return br_mdb_ip_get(mdb, &br_dst);
134 }
135 #endif
136
137 struct net_bridge_mdb_entry *br_mdb_get(struct net_bridge *br,
138 struct sk_buff *skb)
139 {
140 struct net_bridge_mdb_htable *mdb = rcu_dereference(br->mdb);
141 struct br_ip ip;
142
143 if (br->multicast_disabled)
144 return NULL;
145
146 if (BR_INPUT_SKB_CB(skb)->igmp)
147 return NULL;
148
149 ip.proto = skb->protocol;
150
151 switch (skb->protocol) {
152 case htons(ETH_P_IP):
153 ip.u.ip4 = ip_hdr(skb)->daddr;
154 break;
155 #if IS_ENABLED(CONFIG_IPV6)
156 case htons(ETH_P_IPV6):
157 ip.u.ip6 = ipv6_hdr(skb)->daddr;
158 break;
159 #endif
160 default:
161 return NULL;
162 }
163
164 return br_mdb_ip_get(mdb, &ip);
165 }
166
167 static void br_mdb_free(struct rcu_head *head)
168 {
169 struct net_bridge_mdb_htable *mdb =
170 container_of(head, struct net_bridge_mdb_htable, rcu);
171 struct net_bridge_mdb_htable *old = mdb->old;
172
173 mdb->old = NULL;
174 kfree(old->mhash);
175 kfree(old);
176 }
177
178 static int br_mdb_copy(struct net_bridge_mdb_htable *new,
179 struct net_bridge_mdb_htable *old,
180 int elasticity)
181 {
182 struct net_bridge_mdb_entry *mp;
183 struct hlist_node *p;
184 int maxlen;
185 int len;
186 int i;
187
188 for (i = 0; i < old->max; i++)
189 hlist_for_each_entry(mp, p, &old->mhash[i], hlist[old->ver])
190 hlist_add_head(&mp->hlist[new->ver],
191 &new->mhash[br_ip_hash(new, &mp->addr)]);
192
193 if (!elasticity)
194 return 0;
195
196 maxlen = 0;
197 for (i = 0; i < new->max; i++) {
198 len = 0;
199 hlist_for_each_entry(mp, p, &new->mhash[i], hlist[new->ver])
200 len++;
201 if (len > maxlen)
202 maxlen = len;
203 }
204
205 return maxlen > elasticity ? -EINVAL : 0;
206 }
207
208 static void br_multicast_free_pg(struct rcu_head *head)
209 {
210 struct net_bridge_port_group *p =
211 container_of(head, struct net_bridge_port_group, rcu);
212
213 kfree(p);
214 }
215
216 static void br_multicast_free_group(struct rcu_head *head)
217 {
218 struct net_bridge_mdb_entry *mp =
219 container_of(head, struct net_bridge_mdb_entry, rcu);
220
221 kfree(mp);
222 }
223
224 static void br_multicast_group_expired(unsigned long data)
225 {
226 struct net_bridge_mdb_entry *mp = (void *)data;
227 struct net_bridge *br = mp->br;
228 struct net_bridge_mdb_htable *mdb;
229
230 spin_lock(&br->multicast_lock);
231 if (!netif_running(br->dev) || timer_pending(&mp->timer))
232 goto out;
233
234 mp->mglist = false;
235
236 if (mp->ports)
237 goto out;
238
239 mdb = mlock_dereference(br->mdb, br);
240
241 hlist_del_rcu(&mp->hlist[mdb->ver]);
242 mdb->size--;
243
244 call_rcu_bh(&mp->rcu, br_multicast_free_group);
245
246 out:
247 spin_unlock(&br->multicast_lock);
248 }
249
250 static void br_multicast_del_pg(struct net_bridge *br,
251 struct net_bridge_port_group *pg)
252 {
253 struct net_bridge_mdb_htable *mdb;
254 struct net_bridge_mdb_entry *mp;
255 struct net_bridge_port_group *p;
256 struct net_bridge_port_group __rcu **pp;
257
258 mdb = mlock_dereference(br->mdb, br);
259
260 mp = br_mdb_ip_get(mdb, &pg->addr);
261 if (WARN_ON(!mp))
262 return;
263
264 for (pp = &mp->ports;
265 (p = mlock_dereference(*pp, br)) != NULL;
266 pp = &p->next) {
267 if (p != pg)
268 continue;
269
270 rcu_assign_pointer(*pp, p->next);
271 hlist_del_init(&p->mglist);
272 del_timer(&p->timer);
273 call_rcu_bh(&p->rcu, br_multicast_free_pg);
274
275 if (!mp->ports && !mp->mglist &&
276 netif_running(br->dev))
277 mod_timer(&mp->timer, jiffies);
278
279 return;
280 }
281
282 WARN_ON(1);
283 }
284
285 static void br_multicast_port_group_expired(unsigned long data)
286 {
287 struct net_bridge_port_group *pg = (void *)data;
288 struct net_bridge *br = pg->port->br;
289
290 spin_lock(&br->multicast_lock);
291 if (!netif_running(br->dev) || timer_pending(&pg->timer) ||
292 hlist_unhashed(&pg->mglist))
293 goto out;
294
295 br_multicast_del_pg(br, pg);
296
297 out:
298 spin_unlock(&br->multicast_lock);
299 }
300
301 static int br_mdb_rehash(struct net_bridge_mdb_htable __rcu **mdbp, int max,
302 int elasticity)
303 {
304 struct net_bridge_mdb_htable *old = rcu_dereference_protected(*mdbp, 1);
305 struct net_bridge_mdb_htable *mdb;
306 int err;
307
308 mdb = kmalloc(sizeof(*mdb), GFP_ATOMIC);
309 if (!mdb)
310 return -ENOMEM;
311
312 mdb->max = max;
313 mdb->old = old;
314
315 mdb->mhash = kzalloc(max * sizeof(*mdb->mhash), GFP_ATOMIC);
316 if (!mdb->mhash) {
317 kfree(mdb);
318 return -ENOMEM;
319 }
320
321 mdb->size = old ? old->size : 0;
322 mdb->ver = old ? old->ver ^ 1 : 0;
323
324 if (!old || elasticity)
325 get_random_bytes(&mdb->secret, sizeof(mdb->secret));
326 else
327 mdb->secret = old->secret;
328
329 if (!old)
330 goto out;
331
332 err = br_mdb_copy(mdb, old, elasticity);
333 if (err) {
334 kfree(mdb->mhash);
335 kfree(mdb);
336 return err;
337 }
338
339 call_rcu_bh(&mdb->rcu, br_mdb_free);
340
341 out:
342 rcu_assign_pointer(*mdbp, mdb);
343
344 return 0;
345 }
346
347 static struct sk_buff *br_ip4_multicast_alloc_query(struct net_bridge *br,
348 __be32 group)
349 {
350 struct sk_buff *skb;
351 struct igmphdr *ih;
352 struct ethhdr *eth;
353 struct iphdr *iph;
354
355 skb = netdev_alloc_skb_ip_align(br->dev, sizeof(*eth) + sizeof(*iph) +
356 sizeof(*ih) + 4);
357 if (!skb)
358 goto out;
359
360 skb->protocol = htons(ETH_P_IP);
361
362 skb_reset_mac_header(skb);
363 eth = eth_hdr(skb);
364
365 memcpy(eth->h_source, br->dev->dev_addr, 6);
366 eth->h_dest[0] = 1;
367 eth->h_dest[1] = 0;
368 eth->h_dest[2] = 0x5e;
369 eth->h_dest[3] = 0;
370 eth->h_dest[4] = 0;
371 eth->h_dest[5] = 1;
372 eth->h_proto = htons(ETH_P_IP);
373 skb_put(skb, sizeof(*eth));
374
375 skb_set_network_header(skb, skb->len);
376 iph = ip_hdr(skb);
377
378 iph->version = 4;
379 iph->ihl = 6;
380 iph->tos = 0xc0;
381 iph->tot_len = htons(sizeof(*iph) + sizeof(*ih) + 4);
382 iph->id = 0;
383 iph->frag_off = htons(IP_DF);
384 iph->ttl = 1;
385 iph->protocol = IPPROTO_IGMP;
386 iph->saddr = 0;
387 iph->daddr = htonl(INADDR_ALLHOSTS_GROUP);
388 ((u8 *)&iph[1])[0] = IPOPT_RA;
389 ((u8 *)&iph[1])[1] = 4;
390 ((u8 *)&iph[1])[2] = 0;
391 ((u8 *)&iph[1])[3] = 0;
392 ip_send_check(iph);
393 skb_put(skb, 24);
394
395 skb_set_transport_header(skb, skb->len);
396 ih = igmp_hdr(skb);
397 ih->type = IGMP_HOST_MEMBERSHIP_QUERY;
398 ih->code = (group ? br->multicast_last_member_interval :
399 br->multicast_query_response_interval) /
400 (HZ / IGMP_TIMER_SCALE);
401 ih->group = group;
402 ih->csum = 0;
403 ih->csum = ip_compute_csum((void *)ih, sizeof(struct igmphdr));
404 skb_put(skb, sizeof(*ih));
405
406 __skb_pull(skb, sizeof(*eth));
407
408 out:
409 return skb;
410 }
411
412 #if IS_ENABLED(CONFIG_IPV6)
413 static struct sk_buff *br_ip6_multicast_alloc_query(struct net_bridge *br,
414 const struct in6_addr *group)
415 {
416 struct sk_buff *skb;
417 struct ipv6hdr *ip6h;
418 struct mld_msg *mldq;
419 struct ethhdr *eth;
420 u8 *hopopt;
421 unsigned long interval;
422
423 skb = netdev_alloc_skb_ip_align(br->dev, sizeof(*eth) + sizeof(*ip6h) +
424 8 + sizeof(*mldq));
425 if (!skb)
426 goto out;
427
428 skb->protocol = htons(ETH_P_IPV6);
429
430 /* Ethernet header */
431 skb_reset_mac_header(skb);
432 eth = eth_hdr(skb);
433
434 memcpy(eth->h_source, br->dev->dev_addr, 6);
435 eth->h_proto = htons(ETH_P_IPV6);
436 skb_put(skb, sizeof(*eth));
437
438 /* IPv6 header + HbH option */
439 skb_set_network_header(skb, skb->len);
440 ip6h = ipv6_hdr(skb);
441
442 *(__force __be32 *)ip6h = htonl(0x60000000);
443 ip6h->payload_len = htons(8 + sizeof(*mldq));
444 ip6h->nexthdr = IPPROTO_HOPOPTS;
445 ip6h->hop_limit = 1;
446 ipv6_addr_set(&ip6h->daddr, htonl(0xff020000), 0, 0, htonl(1));
447 if (ipv6_dev_get_saddr(dev_net(br->dev), br->dev, &ip6h->daddr, 0,
448 &ip6h->saddr)) {
449 kfree_skb(skb);
450 return NULL;
451 }
452 ipv6_eth_mc_map(&ip6h->daddr, eth->h_dest);
453
454 hopopt = (u8 *)(ip6h + 1);
455 hopopt[0] = IPPROTO_ICMPV6; /* next hdr */
456 hopopt[1] = 0; /* length of HbH */
457 hopopt[2] = IPV6_TLV_ROUTERALERT; /* Router Alert */
458 hopopt[3] = 2; /* Length of RA Option */
459 hopopt[4] = 0; /* Type = 0x0000 (MLD) */
460 hopopt[5] = 0;
461 hopopt[6] = IPV6_TLV_PAD0; /* Pad0 */
462 hopopt[7] = IPV6_TLV_PAD0; /* Pad0 */
463
464 skb_put(skb, sizeof(*ip6h) + 8);
465
466 /* ICMPv6 */
467 skb_set_transport_header(skb, skb->len);
468 mldq = (struct mld_msg *) icmp6_hdr(skb);
469
470 interval = ipv6_addr_any(group) ? br->multicast_last_member_interval :
471 br->multicast_query_response_interval;
472
473 mldq->mld_type = ICMPV6_MGM_QUERY;
474 mldq->mld_code = 0;
475 mldq->mld_cksum = 0;
476 mldq->mld_maxdelay = htons((u16)jiffies_to_msecs(interval));
477 mldq->mld_reserved = 0;
478 mldq->mld_mca = *group;
479
480 /* checksum */
481 mldq->mld_cksum = csum_ipv6_magic(&ip6h->saddr, &ip6h->daddr,
482 sizeof(*mldq), IPPROTO_ICMPV6,
483 csum_partial(mldq,
484 sizeof(*mldq), 0));
485 skb_put(skb, sizeof(*mldq));
486
487 __skb_pull(skb, sizeof(*eth));
488
489 out:
490 return skb;
491 }
492 #endif
493
494 static struct sk_buff *br_multicast_alloc_query(struct net_bridge *br,
495 struct br_ip *addr)
496 {
497 switch (addr->proto) {
498 case htons(ETH_P_IP):
499 return br_ip4_multicast_alloc_query(br, addr->u.ip4);
500 #if IS_ENABLED(CONFIG_IPV6)
501 case htons(ETH_P_IPV6):
502 return br_ip6_multicast_alloc_query(br, &addr->u.ip6);
503 #endif
504 }
505 return NULL;
506 }
507
508 static struct net_bridge_mdb_entry *br_multicast_get_group(
509 struct net_bridge *br, struct net_bridge_port *port,
510 struct br_ip *group, int hash)
511 {
512 struct net_bridge_mdb_htable *mdb;
513 struct net_bridge_mdb_entry *mp;
514 struct hlist_node *p;
515 unsigned count = 0;
516 unsigned max;
517 int elasticity;
518 int err;
519
520 mdb = rcu_dereference_protected(br->mdb, 1);
521 hlist_for_each_entry(mp, p, &mdb->mhash[hash], hlist[mdb->ver]) {
522 count++;
523 if (unlikely(br_ip_equal(group, &mp->addr)))
524 return mp;
525 }
526
527 elasticity = 0;
528 max = mdb->max;
529
530 if (unlikely(count > br->hash_elasticity && count)) {
531 if (net_ratelimit())
532 br_info(br, "Multicast hash table "
533 "chain limit reached: %s\n",
534 port ? port->dev->name : br->dev->name);
535
536 elasticity = br->hash_elasticity;
537 }
538
539 if (mdb->size >= max) {
540 max *= 2;
541 if (unlikely(max >= br->hash_max)) {
542 br_warn(br, "Multicast hash table maximum "
543 "reached, disabling snooping: %s, %d\n",
544 port ? port->dev->name : br->dev->name, max);
545 err = -E2BIG;
546 disable:
547 br->multicast_disabled = 1;
548 goto err;
549 }
550 }
551
552 if (max > mdb->max || elasticity) {
553 if (mdb->old) {
554 if (net_ratelimit())
555 br_info(br, "Multicast hash table "
556 "on fire: %s\n",
557 port ? port->dev->name : br->dev->name);
558 err = -EEXIST;
559 goto err;
560 }
561
562 err = br_mdb_rehash(&br->mdb, max, elasticity);
563 if (err) {
564 br_warn(br, "Cannot rehash multicast "
565 "hash table, disabling snooping: %s, %d, %d\n",
566 port ? port->dev->name : br->dev->name,
567 mdb->size, err);
568 goto disable;
569 }
570
571 err = -EAGAIN;
572 goto err;
573 }
574
575 return NULL;
576
577 err:
578 mp = ERR_PTR(err);
579 return mp;
580 }
581
582 static struct net_bridge_mdb_entry *br_multicast_new_group(
583 struct net_bridge *br, struct net_bridge_port *port,
584 struct br_ip *group)
585 {
586 struct net_bridge_mdb_htable *mdb;
587 struct net_bridge_mdb_entry *mp;
588 int hash;
589 int err;
590
591 mdb = rcu_dereference_protected(br->mdb, 1);
592 if (!mdb) {
593 err = br_mdb_rehash(&br->mdb, BR_HASH_SIZE, 0);
594 if (err)
595 return ERR_PTR(err);
596 goto rehash;
597 }
598
599 hash = br_ip_hash(mdb, group);
600 mp = br_multicast_get_group(br, port, group, hash);
601 switch (PTR_ERR(mp)) {
602 case 0:
603 break;
604
605 case -EAGAIN:
606 rehash:
607 mdb = rcu_dereference_protected(br->mdb, 1);
608 hash = br_ip_hash(mdb, group);
609 break;
610
611 default:
612 goto out;
613 }
614
615 mp = kzalloc(sizeof(*mp), GFP_ATOMIC);
616 if (unlikely(!mp))
617 return ERR_PTR(-ENOMEM);
618
619 mp->br = br;
620 mp->addr = *group;
621 setup_timer(&mp->timer, br_multicast_group_expired,
622 (unsigned long)mp);
623
624 hlist_add_head_rcu(&mp->hlist[mdb->ver], &mdb->mhash[hash]);
625 mdb->size++;
626
627 out:
628 return mp;
629 }
630
631 static int br_multicast_add_group(struct net_bridge *br,
632 struct net_bridge_port *port,
633 struct br_ip *group)
634 {
635 struct net_bridge_mdb_entry *mp;
636 struct net_bridge_port_group *p;
637 struct net_bridge_port_group __rcu **pp;
638 unsigned long now = jiffies;
639 int err;
640
641 spin_lock(&br->multicast_lock);
642 if (!netif_running(br->dev) ||
643 (port && port->state == BR_STATE_DISABLED))
644 goto out;
645
646 mp = br_multicast_new_group(br, port, group);
647 err = PTR_ERR(mp);
648 if (IS_ERR(mp))
649 goto err;
650
651 if (!port) {
652 mp->mglist = true;
653 mod_timer(&mp->timer, now + br->multicast_membership_interval);
654 goto out;
655 }
656
657 for (pp = &mp->ports;
658 (p = mlock_dereference(*pp, br)) != NULL;
659 pp = &p->next) {
660 if (p->port == port)
661 goto found;
662 if ((unsigned long)p->port < (unsigned long)port)
663 break;
664 }
665
666 p = kzalloc(sizeof(*p), GFP_ATOMIC);
667 err = -ENOMEM;
668 if (unlikely(!p))
669 goto err;
670
671 p->addr = *group;
672 p->port = port;
673 p->next = *pp;
674 hlist_add_head(&p->mglist, &port->mglist);
675 setup_timer(&p->timer, br_multicast_port_group_expired,
676 (unsigned long)p);
677
678 rcu_assign_pointer(*pp, p);
679
680 found:
681 mod_timer(&p->timer, now + br->multicast_membership_interval);
682 out:
683 err = 0;
684
685 err:
686 spin_unlock(&br->multicast_lock);
687 return err;
688 }
689
690 static int br_ip4_multicast_add_group(struct net_bridge *br,
691 struct net_bridge_port *port,
692 __be32 group)
693 {
694 struct br_ip br_group;
695
696 if (ipv4_is_local_multicast(group))
697 return 0;
698
699 br_group.u.ip4 = group;
700 br_group.proto = htons(ETH_P_IP);
701
702 return br_multicast_add_group(br, port, &br_group);
703 }
704
705 #if IS_ENABLED(CONFIG_IPV6)
706 static int br_ip6_multicast_add_group(struct net_bridge *br,
707 struct net_bridge_port *port,
708 const struct in6_addr *group)
709 {
710 struct br_ip br_group;
711
712 if (!ipv6_is_transient_multicast(group))
713 return 0;
714
715 br_group.u.ip6 = *group;
716 br_group.proto = htons(ETH_P_IPV6);
717
718 return br_multicast_add_group(br, port, &br_group);
719 }
720 #endif
721
722 static void br_multicast_router_expired(unsigned long data)
723 {
724 struct net_bridge_port *port = (void *)data;
725 struct net_bridge *br = port->br;
726
727 spin_lock(&br->multicast_lock);
728 if (port->multicast_router != 1 ||
729 timer_pending(&port->multicast_router_timer) ||
730 hlist_unhashed(&port->rlist))
731 goto out;
732
733 hlist_del_init_rcu(&port->rlist);
734
735 out:
736 spin_unlock(&br->multicast_lock);
737 }
738
739 static void br_multicast_local_router_expired(unsigned long data)
740 {
741 }
742
743 static void __br_multicast_send_query(struct net_bridge *br,
744 struct net_bridge_port *port,
745 struct br_ip *ip)
746 {
747 struct sk_buff *skb;
748
749 skb = br_multicast_alloc_query(br, ip);
750 if (!skb)
751 return;
752
753 if (port) {
754 __skb_push(skb, sizeof(struct ethhdr));
755 skb->dev = port->dev;
756 NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev,
757 dev_queue_xmit);
758 } else
759 netif_rx(skb);
760 }
761
762 static void br_multicast_send_query(struct net_bridge *br,
763 struct net_bridge_port *port, u32 sent)
764 {
765 unsigned long time;
766 struct br_ip br_group;
767
768 if (!netif_running(br->dev) || br->multicast_disabled ||
769 timer_pending(&br->multicast_querier_timer))
770 return;
771
772 memset(&br_group.u, 0, sizeof(br_group.u));
773
774 br_group.proto = htons(ETH_P_IP);
775 __br_multicast_send_query(br, port, &br_group);
776
777 #if IS_ENABLED(CONFIG_IPV6)
778 br_group.proto = htons(ETH_P_IPV6);
779 __br_multicast_send_query(br, port, &br_group);
780 #endif
781
782 time = jiffies;
783 time += sent < br->multicast_startup_query_count ?
784 br->multicast_startup_query_interval :
785 br->multicast_query_interval;
786 mod_timer(port ? &port->multicast_query_timer :
787 &br->multicast_query_timer, time);
788 }
789
790 static void br_multicast_port_query_expired(unsigned long data)
791 {
792 struct net_bridge_port *port = (void *)data;
793 struct net_bridge *br = port->br;
794
795 spin_lock(&br->multicast_lock);
796 if (port->state == BR_STATE_DISABLED ||
797 port->state == BR_STATE_BLOCKING)
798 goto out;
799
800 if (port->multicast_startup_queries_sent <
801 br->multicast_startup_query_count)
802 port->multicast_startup_queries_sent++;
803
804 br_multicast_send_query(port->br, port,
805 port->multicast_startup_queries_sent);
806
807 out:
808 spin_unlock(&br->multicast_lock);
809 }
810
811 void br_multicast_add_port(struct net_bridge_port *port)
812 {
813 port->multicast_router = 1;
814
815 setup_timer(&port->multicast_router_timer, br_multicast_router_expired,
816 (unsigned long)port);
817 setup_timer(&port->multicast_query_timer,
818 br_multicast_port_query_expired, (unsigned long)port);
819 }
820
821 void br_multicast_del_port(struct net_bridge_port *port)
822 {
823 del_timer_sync(&port->multicast_router_timer);
824 }
825
826 static void __br_multicast_enable_port(struct net_bridge_port *port)
827 {
828 port->multicast_startup_queries_sent = 0;
829
830 if (try_to_del_timer_sync(&port->multicast_query_timer) >= 0 ||
831 del_timer(&port->multicast_query_timer))
832 mod_timer(&port->multicast_query_timer, jiffies);
833 }
834
835 void br_multicast_enable_port(struct net_bridge_port *port)
836 {
837 struct net_bridge *br = port->br;
838
839 spin_lock(&br->multicast_lock);
840 if (br->multicast_disabled || !netif_running(br->dev))
841 goto out;
842
843 __br_multicast_enable_port(port);
844
845 out:
846 spin_unlock(&br->multicast_lock);
847 }
848
849 void br_multicast_disable_port(struct net_bridge_port *port)
850 {
851 struct net_bridge *br = port->br;
852 struct net_bridge_port_group *pg;
853 struct hlist_node *p, *n;
854
855 spin_lock(&br->multicast_lock);
856 hlist_for_each_entry_safe(pg, p, n, &port->mglist, mglist)
857 br_multicast_del_pg(br, pg);
858
859 if (!hlist_unhashed(&port->rlist))
860 hlist_del_init_rcu(&port->rlist);
861 del_timer(&port->multicast_router_timer);
862 del_timer(&port->multicast_query_timer);
863 spin_unlock(&br->multicast_lock);
864 }
865
866 static int br_ip4_multicast_igmp3_report(struct net_bridge *br,
867 struct net_bridge_port *port,
868 struct sk_buff *skb)
869 {
870 struct igmpv3_report *ih;
871 struct igmpv3_grec *grec;
872 int i;
873 int len;
874 int num;
875 int type;
876 int err = 0;
877 __be32 group;
878
879 if (!pskb_may_pull(skb, sizeof(*ih)))
880 return -EINVAL;
881
882 ih = igmpv3_report_hdr(skb);
883 num = ntohs(ih->ngrec);
884 len = sizeof(*ih);
885
886 for (i = 0; i < num; i++) {
887 len += sizeof(*grec);
888 if (!pskb_may_pull(skb, len))
889 return -EINVAL;
890
891 grec = (void *)(skb->data + len - sizeof(*grec));
892 group = grec->grec_mca;
893 type = grec->grec_type;
894
895 len += ntohs(grec->grec_nsrcs) * 4;
896 if (!pskb_may_pull(skb, len))
897 return -EINVAL;
898
899 /* We treat this as an IGMPv2 report for now. */
900 switch (type) {
901 case IGMPV3_MODE_IS_INCLUDE:
902 case IGMPV3_MODE_IS_EXCLUDE:
903 case IGMPV3_CHANGE_TO_INCLUDE:
904 case IGMPV3_CHANGE_TO_EXCLUDE:
905 case IGMPV3_ALLOW_NEW_SOURCES:
906 case IGMPV3_BLOCK_OLD_SOURCES:
907 break;
908
909 default:
910 continue;
911 }
912
913 err = br_ip4_multicast_add_group(br, port, group);
914 if (err)
915 break;
916 }
917
918 return err;
919 }
920
921 #if IS_ENABLED(CONFIG_IPV6)
922 static int br_ip6_multicast_mld2_report(struct net_bridge *br,
923 struct net_bridge_port *port,
924 struct sk_buff *skb)
925 {
926 struct icmp6hdr *icmp6h;
927 struct mld2_grec *grec;
928 int i;
929 int len;
930 int num;
931 int err = 0;
932
933 if (!pskb_may_pull(skb, sizeof(*icmp6h)))
934 return -EINVAL;
935
936 icmp6h = icmp6_hdr(skb);
937 num = ntohs(icmp6h->icmp6_dataun.un_data16[1]);
938 len = sizeof(*icmp6h);
939
940 for (i = 0; i < num; i++) {
941 __be16 *nsrcs, _nsrcs;
942
943 nsrcs = skb_header_pointer(skb,
944 len + offsetof(struct mld2_grec,
945 grec_nsrcs),
946 sizeof(_nsrcs), &_nsrcs);
947 if (!nsrcs)
948 return -EINVAL;
949
950 if (!pskb_may_pull(skb,
951 len + sizeof(*grec) +
952 sizeof(struct in6_addr) * ntohs(*nsrcs)))
953 return -EINVAL;
954
955 grec = (struct mld2_grec *)(skb->data + len);
956 len += sizeof(*grec) +
957 sizeof(struct in6_addr) * ntohs(*nsrcs);
958
959 /* We treat these as MLDv1 reports for now. */
960 switch (grec->grec_type) {
961 case MLD2_MODE_IS_INCLUDE:
962 case MLD2_MODE_IS_EXCLUDE:
963 case MLD2_CHANGE_TO_INCLUDE:
964 case MLD2_CHANGE_TO_EXCLUDE:
965 case MLD2_ALLOW_NEW_SOURCES:
966 case MLD2_BLOCK_OLD_SOURCES:
967 break;
968
969 default:
970 continue;
971 }
972
973 err = br_ip6_multicast_add_group(br, port, &grec->grec_mca);
974 if (!err)
975 break;
976 }
977
978 return err;
979 }
980 #endif
981
982 /*
983 * Add port to rotuer_list
984 * list is maintained ordered by pointer value
985 * and locked by br->multicast_lock and RCU
986 */
987 static void br_multicast_add_router(struct net_bridge *br,
988 struct net_bridge_port *port)
989 {
990 struct net_bridge_port *p;
991 struct hlist_node *n, *slot = NULL;
992
993 hlist_for_each_entry(p, n, &br->router_list, rlist) {
994 if ((unsigned long) port >= (unsigned long) p)
995 break;
996 slot = n;
997 }
998
999 if (slot)
1000 hlist_add_after_rcu(slot, &port->rlist);
1001 else
1002 hlist_add_head_rcu(&port->rlist, &br->router_list);
1003 }
1004
1005 static void br_multicast_mark_router(struct net_bridge *br,
1006 struct net_bridge_port *port)
1007 {
1008 unsigned long now = jiffies;
1009
1010 if (!port) {
1011 if (br->multicast_router == 1)
1012 mod_timer(&br->multicast_router_timer,
1013 now + br->multicast_querier_interval);
1014 return;
1015 }
1016
1017 if (port->multicast_router != 1)
1018 return;
1019
1020 if (!hlist_unhashed(&port->rlist))
1021 goto timer;
1022
1023 br_multicast_add_router(br, port);
1024
1025 timer:
1026 mod_timer(&port->multicast_router_timer,
1027 now + br->multicast_querier_interval);
1028 }
1029
1030 static void br_multicast_query_received(struct net_bridge *br,
1031 struct net_bridge_port *port,
1032 int saddr)
1033 {
1034 if (saddr)
1035 mod_timer(&br->multicast_querier_timer,
1036 jiffies + br->multicast_querier_interval);
1037 else if (timer_pending(&br->multicast_querier_timer))
1038 return;
1039
1040 br_multicast_mark_router(br, port);
1041 }
1042
1043 static int br_ip4_multicast_query(struct net_bridge *br,
1044 struct net_bridge_port *port,
1045 struct sk_buff *skb)
1046 {
1047 const struct iphdr *iph = ip_hdr(skb);
1048 struct igmphdr *ih = igmp_hdr(skb);
1049 struct net_bridge_mdb_entry *mp;
1050 struct igmpv3_query *ih3;
1051 struct net_bridge_port_group *p;
1052 struct net_bridge_port_group __rcu **pp;
1053 unsigned long max_delay;
1054 unsigned long now = jiffies;
1055 __be32 group;
1056 int err = 0;
1057
1058 spin_lock(&br->multicast_lock);
1059 if (!netif_running(br->dev) ||
1060 (port && port->state == BR_STATE_DISABLED))
1061 goto out;
1062
1063 br_multicast_query_received(br, port, !!iph->saddr);
1064
1065 group = ih->group;
1066
1067 if (skb->len == sizeof(*ih)) {
1068 max_delay = ih->code * (HZ / IGMP_TIMER_SCALE);
1069
1070 if (!max_delay) {
1071 max_delay = 10 * HZ;
1072 group = 0;
1073 }
1074 } else {
1075 if (!pskb_may_pull(skb, sizeof(struct igmpv3_query))) {
1076 err = -EINVAL;
1077 goto out;
1078 }
1079
1080 ih3 = igmpv3_query_hdr(skb);
1081 if (ih3->nsrcs)
1082 goto out;
1083
1084 max_delay = ih3->code ?
1085 IGMPV3_MRC(ih3->code) * (HZ / IGMP_TIMER_SCALE) : 1;
1086 }
1087
1088 if (!group)
1089 goto out;
1090
1091 mp = br_mdb_ip4_get(mlock_dereference(br->mdb, br), group);
1092 if (!mp)
1093 goto out;
1094
1095 max_delay *= br->multicast_last_member_count;
1096
1097 if (mp->mglist &&
1098 (timer_pending(&mp->timer) ?
1099 time_after(mp->timer.expires, now + max_delay) :
1100 try_to_del_timer_sync(&mp->timer) >= 0))
1101 mod_timer(&mp->timer, now + max_delay);
1102
1103 for (pp = &mp->ports;
1104 (p = mlock_dereference(*pp, br)) != NULL;
1105 pp = &p->next) {
1106 if (timer_pending(&p->timer) ?
1107 time_after(p->timer.expires, now + max_delay) :
1108 try_to_del_timer_sync(&p->timer) >= 0)
1109 mod_timer(&p->timer, now + max_delay);
1110 }
1111
1112 out:
1113 spin_unlock(&br->multicast_lock);
1114 return err;
1115 }
1116
1117 #if IS_ENABLED(CONFIG_IPV6)
1118 static int br_ip6_multicast_query(struct net_bridge *br,
1119 struct net_bridge_port *port,
1120 struct sk_buff *skb)
1121 {
1122 const struct ipv6hdr *ip6h = ipv6_hdr(skb);
1123 struct mld_msg *mld = (struct mld_msg *) icmp6_hdr(skb);
1124 struct net_bridge_mdb_entry *mp;
1125 struct mld2_query *mld2q;
1126 struct net_bridge_port_group *p;
1127 struct net_bridge_port_group __rcu **pp;
1128 unsigned long max_delay;
1129 unsigned long now = jiffies;
1130 const struct in6_addr *group = NULL;
1131 int err = 0;
1132
1133 spin_lock(&br->multicast_lock);
1134 if (!netif_running(br->dev) ||
1135 (port && port->state == BR_STATE_DISABLED))
1136 goto out;
1137
1138 br_multicast_query_received(br, port, !ipv6_addr_any(&ip6h->saddr));
1139
1140 if (skb->len == sizeof(*mld)) {
1141 if (!pskb_may_pull(skb, sizeof(*mld))) {
1142 err = -EINVAL;
1143 goto out;
1144 }
1145 mld = (struct mld_msg *) icmp6_hdr(skb);
1146 max_delay = msecs_to_jiffies(htons(mld->mld_maxdelay));
1147 if (max_delay)
1148 group = &mld->mld_mca;
1149 } else if (skb->len >= sizeof(*mld2q)) {
1150 if (!pskb_may_pull(skb, sizeof(*mld2q))) {
1151 err = -EINVAL;
1152 goto out;
1153 }
1154 mld2q = (struct mld2_query *)icmp6_hdr(skb);
1155 if (!mld2q->mld2q_nsrcs)
1156 group = &mld2q->mld2q_mca;
1157 max_delay = mld2q->mld2q_mrc ? MLDV2_MRC(mld2q->mld2q_mrc) : 1;
1158 }
1159
1160 if (!group)
1161 goto out;
1162
1163 mp = br_mdb_ip6_get(mlock_dereference(br->mdb, br), group);
1164 if (!mp)
1165 goto out;
1166
1167 max_delay *= br->multicast_last_member_count;
1168 if (mp->mglist &&
1169 (timer_pending(&mp->timer) ?
1170 time_after(mp->timer.expires, now + max_delay) :
1171 try_to_del_timer_sync(&mp->timer) >= 0))
1172 mod_timer(&mp->timer, now + max_delay);
1173
1174 for (pp = &mp->ports;
1175 (p = mlock_dereference(*pp, br)) != NULL;
1176 pp = &p->next) {
1177 if (timer_pending(&p->timer) ?
1178 time_after(p->timer.expires, now + max_delay) :
1179 try_to_del_timer_sync(&p->timer) >= 0)
1180 mod_timer(&p->timer, now + max_delay);
1181 }
1182
1183 out:
1184 spin_unlock(&br->multicast_lock);
1185 return err;
1186 }
1187 #endif
1188
1189 static void br_multicast_leave_group(struct net_bridge *br,
1190 struct net_bridge_port *port,
1191 struct br_ip *group)
1192 {
1193 struct net_bridge_mdb_htable *mdb;
1194 struct net_bridge_mdb_entry *mp;
1195 struct net_bridge_port_group *p;
1196 unsigned long now;
1197 unsigned long time;
1198
1199 spin_lock(&br->multicast_lock);
1200 if (!netif_running(br->dev) ||
1201 (port && port->state == BR_STATE_DISABLED) ||
1202 timer_pending(&br->multicast_querier_timer))
1203 goto out;
1204
1205 mdb = mlock_dereference(br->mdb, br);
1206 mp = br_mdb_ip_get(mdb, group);
1207 if (!mp)
1208 goto out;
1209
1210 now = jiffies;
1211 time = now + br->multicast_last_member_count *
1212 br->multicast_last_member_interval;
1213
1214 if (!port) {
1215 if (mp->mglist &&
1216 (timer_pending(&mp->timer) ?
1217 time_after(mp->timer.expires, time) :
1218 try_to_del_timer_sync(&mp->timer) >= 0)) {
1219 mod_timer(&mp->timer, time);
1220 }
1221
1222 goto out;
1223 }
1224
1225 for (p = mlock_dereference(mp->ports, br);
1226 p != NULL;
1227 p = mlock_dereference(p->next, br)) {
1228 if (p->port != port)
1229 continue;
1230
1231 if (!hlist_unhashed(&p->mglist) &&
1232 (timer_pending(&p->timer) ?
1233 time_after(p->timer.expires, time) :
1234 try_to_del_timer_sync(&p->timer) >= 0)) {
1235 mod_timer(&p->timer, time);
1236 }
1237
1238 break;
1239 }
1240
1241 out:
1242 spin_unlock(&br->multicast_lock);
1243 }
1244
1245 static void br_ip4_multicast_leave_group(struct net_bridge *br,
1246 struct net_bridge_port *port,
1247 __be32 group)
1248 {
1249 struct br_ip br_group;
1250
1251 if (ipv4_is_local_multicast(group))
1252 return;
1253
1254 br_group.u.ip4 = group;
1255 br_group.proto = htons(ETH_P_IP);
1256
1257 br_multicast_leave_group(br, port, &br_group);
1258 }
1259
1260 #if IS_ENABLED(CONFIG_IPV6)
1261 static void br_ip6_multicast_leave_group(struct net_bridge *br,
1262 struct net_bridge_port *port,
1263 const struct in6_addr *group)
1264 {
1265 struct br_ip br_group;
1266
1267 if (!ipv6_is_transient_multicast(group))
1268 return;
1269
1270 br_group.u.ip6 = *group;
1271 br_group.proto = htons(ETH_P_IPV6);
1272
1273 br_multicast_leave_group(br, port, &br_group);
1274 }
1275 #endif
1276
1277 static int br_multicast_ipv4_rcv(struct net_bridge *br,
1278 struct net_bridge_port *port,
1279 struct sk_buff *skb)
1280 {
1281 struct sk_buff *skb2 = skb;
1282 const struct iphdr *iph;
1283 struct igmphdr *ih;
1284 unsigned len;
1285 unsigned offset;
1286 int err;
1287
1288 /* We treat OOM as packet loss for now. */
1289 if (!pskb_may_pull(skb, sizeof(*iph)))
1290 return -EINVAL;
1291
1292 iph = ip_hdr(skb);
1293
1294 if (iph->ihl < 5 || iph->version != 4)
1295 return -EINVAL;
1296
1297 if (!pskb_may_pull(skb, ip_hdrlen(skb)))
1298 return -EINVAL;
1299
1300 iph = ip_hdr(skb);
1301
1302 if (unlikely(ip_fast_csum((u8 *)iph, iph->ihl)))
1303 return -EINVAL;
1304
1305 if (iph->protocol != IPPROTO_IGMP) {
1306 if ((iph->daddr & IGMP_LOCAL_GROUP_MASK) != IGMP_LOCAL_GROUP)
1307 BR_INPUT_SKB_CB(skb)->mrouters_only = 1;
1308 return 0;
1309 }
1310
1311 len = ntohs(iph->tot_len);
1312 if (skb->len < len || len < ip_hdrlen(skb))
1313 return -EINVAL;
1314
1315 if (skb->len > len) {
1316 skb2 = skb_clone(skb, GFP_ATOMIC);
1317 if (!skb2)
1318 return -ENOMEM;
1319
1320 err = pskb_trim_rcsum(skb2, len);
1321 if (err)
1322 goto err_out;
1323 }
1324
1325 len -= ip_hdrlen(skb2);
1326 offset = skb_network_offset(skb2) + ip_hdrlen(skb2);
1327 __skb_pull(skb2, offset);
1328 skb_reset_transport_header(skb2);
1329
1330 err = -EINVAL;
1331 if (!pskb_may_pull(skb2, sizeof(*ih)))
1332 goto out;
1333
1334 switch (skb2->ip_summed) {
1335 case CHECKSUM_COMPLETE:
1336 if (!csum_fold(skb2->csum))
1337 break;
1338 /* fall through */
1339 case CHECKSUM_NONE:
1340 skb2->csum = 0;
1341 if (skb_checksum_complete(skb2))
1342 goto out;
1343 }
1344
1345 err = 0;
1346
1347 BR_INPUT_SKB_CB(skb)->igmp = 1;
1348 ih = igmp_hdr(skb2);
1349
1350 switch (ih->type) {
1351 case IGMP_HOST_MEMBERSHIP_REPORT:
1352 case IGMPV2_HOST_MEMBERSHIP_REPORT:
1353 BR_INPUT_SKB_CB(skb)->mrouters_only = 1;
1354 err = br_ip4_multicast_add_group(br, port, ih->group);
1355 break;
1356 case IGMPV3_HOST_MEMBERSHIP_REPORT:
1357 err = br_ip4_multicast_igmp3_report(br, port, skb2);
1358 break;
1359 case IGMP_HOST_MEMBERSHIP_QUERY:
1360 err = br_ip4_multicast_query(br, port, skb2);
1361 break;
1362 case IGMP_HOST_LEAVE_MESSAGE:
1363 br_ip4_multicast_leave_group(br, port, ih->group);
1364 break;
1365 }
1366
1367 out:
1368 __skb_push(skb2, offset);
1369 err_out:
1370 if (skb2 != skb)
1371 kfree_skb(skb2);
1372 return err;
1373 }
1374
1375 #if IS_ENABLED(CONFIG_IPV6)
1376 static int br_multicast_ipv6_rcv(struct net_bridge *br,
1377 struct net_bridge_port *port,
1378 struct sk_buff *skb)
1379 {
1380 struct sk_buff *skb2;
1381 const struct ipv6hdr *ip6h;
1382 u8 icmp6_type;
1383 u8 nexthdr;
1384 __be16 frag_off;
1385 unsigned len;
1386 int offset;
1387 int err;
1388
1389 if (!pskb_may_pull(skb, sizeof(*ip6h)))
1390 return -EINVAL;
1391
1392 ip6h = ipv6_hdr(skb);
1393
1394 /*
1395 * We're interested in MLD messages only.
1396 * - Version is 6
1397 * - MLD has always Router Alert hop-by-hop option
1398 * - But we do not support jumbrograms.
1399 */
1400 if (ip6h->version != 6 ||
1401 ip6h->nexthdr != IPPROTO_HOPOPTS ||
1402 ip6h->payload_len == 0)
1403 return 0;
1404
1405 len = ntohs(ip6h->payload_len) + sizeof(*ip6h);
1406 if (skb->len < len)
1407 return -EINVAL;
1408
1409 nexthdr = ip6h->nexthdr;
1410 offset = ipv6_skip_exthdr(skb, sizeof(*ip6h), &nexthdr, &frag_off);
1411
1412 if (offset < 0 || nexthdr != IPPROTO_ICMPV6)
1413 return 0;
1414
1415 /* Okay, we found ICMPv6 header */
1416 skb2 = skb_clone(skb, GFP_ATOMIC);
1417 if (!skb2)
1418 return -ENOMEM;
1419
1420 err = -EINVAL;
1421 if (!pskb_may_pull(skb2, offset + sizeof(struct icmp6hdr)))
1422 goto out;
1423
1424 len -= offset - skb_network_offset(skb2);
1425
1426 __skb_pull(skb2, offset);
1427 skb_reset_transport_header(skb2);
1428 skb_postpull_rcsum(skb2, skb_network_header(skb2),
1429 skb_network_header_len(skb2));
1430
1431 icmp6_type = icmp6_hdr(skb2)->icmp6_type;
1432
1433 switch (icmp6_type) {
1434 case ICMPV6_MGM_QUERY:
1435 case ICMPV6_MGM_REPORT:
1436 case ICMPV6_MGM_REDUCTION:
1437 case ICMPV6_MLD2_REPORT:
1438 break;
1439 default:
1440 err = 0;
1441 goto out;
1442 }
1443
1444 /* Okay, we found MLD message. Check further. */
1445 if (skb2->len > len) {
1446 err = pskb_trim_rcsum(skb2, len);
1447 if (err)
1448 goto out;
1449 err = -EINVAL;
1450 }
1451
1452 ip6h = ipv6_hdr(skb2);
1453
1454 switch (skb2->ip_summed) {
1455 case CHECKSUM_COMPLETE:
1456 if (!csum_ipv6_magic(&ip6h->saddr, &ip6h->daddr, skb2->len,
1457 IPPROTO_ICMPV6, skb2->csum))
1458 break;
1459 /*FALLTHROUGH*/
1460 case CHECKSUM_NONE:
1461 skb2->csum = ~csum_unfold(csum_ipv6_magic(&ip6h->saddr,
1462 &ip6h->daddr,
1463 skb2->len,
1464 IPPROTO_ICMPV6, 0));
1465 if (__skb_checksum_complete(skb2))
1466 goto out;
1467 }
1468
1469 err = 0;
1470
1471 BR_INPUT_SKB_CB(skb)->igmp = 1;
1472
1473 switch (icmp6_type) {
1474 case ICMPV6_MGM_REPORT:
1475 {
1476 struct mld_msg *mld;
1477 if (!pskb_may_pull(skb2, sizeof(*mld))) {
1478 err = -EINVAL;
1479 goto out;
1480 }
1481 mld = (struct mld_msg *)skb_transport_header(skb2);
1482 BR_INPUT_SKB_CB(skb)->mrouters_only = 1;
1483 err = br_ip6_multicast_add_group(br, port, &mld->mld_mca);
1484 break;
1485 }
1486 case ICMPV6_MLD2_REPORT:
1487 err = br_ip6_multicast_mld2_report(br, port, skb2);
1488 break;
1489 case ICMPV6_MGM_QUERY:
1490 err = br_ip6_multicast_query(br, port, skb2);
1491 break;
1492 case ICMPV6_MGM_REDUCTION:
1493 {
1494 struct mld_msg *mld;
1495 if (!pskb_may_pull(skb2, sizeof(*mld))) {
1496 err = -EINVAL;
1497 goto out;
1498 }
1499 mld = (struct mld_msg *)skb_transport_header(skb2);
1500 br_ip6_multicast_leave_group(br, port, &mld->mld_mca);
1501 }
1502 }
1503
1504 out:
1505 kfree_skb(skb2);
1506 return err;
1507 }
1508 #endif
1509
1510 int br_multicast_rcv(struct net_bridge *br, struct net_bridge_port *port,
1511 struct sk_buff *skb)
1512 {
1513 BR_INPUT_SKB_CB(skb)->igmp = 0;
1514 BR_INPUT_SKB_CB(skb)->mrouters_only = 0;
1515
1516 if (br->multicast_disabled)
1517 return 0;
1518
1519 switch (skb->protocol) {
1520 case htons(ETH_P_IP):
1521 return br_multicast_ipv4_rcv(br, port, skb);
1522 #if IS_ENABLED(CONFIG_IPV6)
1523 case htons(ETH_P_IPV6):
1524 return br_multicast_ipv6_rcv(br, port, skb);
1525 #endif
1526 }
1527
1528 return 0;
1529 }
1530
1531 static void br_multicast_query_expired(unsigned long data)
1532 {
1533 struct net_bridge *br = (void *)data;
1534
1535 spin_lock(&br->multicast_lock);
1536 if (br->multicast_startup_queries_sent <
1537 br->multicast_startup_query_count)
1538 br->multicast_startup_queries_sent++;
1539
1540 br_multicast_send_query(br, NULL, br->multicast_startup_queries_sent);
1541
1542 spin_unlock(&br->multicast_lock);
1543 }
1544
1545 void br_multicast_init(struct net_bridge *br)
1546 {
1547 br->hash_elasticity = 4;
1548 br->hash_max = 512;
1549
1550 br->multicast_router = 1;
1551 br->multicast_last_member_count = 2;
1552 br->multicast_startup_query_count = 2;
1553
1554 br->multicast_last_member_interval = HZ;
1555 br->multicast_query_response_interval = 10 * HZ;
1556 br->multicast_startup_query_interval = 125 * HZ / 4;
1557 br->multicast_query_interval = 125 * HZ;
1558 br->multicast_querier_interval = 255 * HZ;
1559 br->multicast_membership_interval = 260 * HZ;
1560
1561 spin_lock_init(&br->multicast_lock);
1562 setup_timer(&br->multicast_router_timer,
1563 br_multicast_local_router_expired, 0);
1564 setup_timer(&br->multicast_querier_timer,
1565 br_multicast_local_router_expired, 0);
1566 setup_timer(&br->multicast_query_timer, br_multicast_query_expired,
1567 (unsigned long)br);
1568 }
1569
1570 void br_multicast_open(struct net_bridge *br)
1571 {
1572 br->multicast_startup_queries_sent = 0;
1573
1574 if (br->multicast_disabled)
1575 return;
1576
1577 mod_timer(&br->multicast_query_timer, jiffies);
1578 }
1579
1580 void br_multicast_stop(struct net_bridge *br)
1581 {
1582 struct net_bridge_mdb_htable *mdb;
1583 struct net_bridge_mdb_entry *mp;
1584 struct hlist_node *p, *n;
1585 u32 ver;
1586 int i;
1587
1588 del_timer_sync(&br->multicast_router_timer);
1589 del_timer_sync(&br->multicast_querier_timer);
1590 del_timer_sync(&br->multicast_query_timer);
1591
1592 spin_lock_bh(&br->multicast_lock);
1593 mdb = mlock_dereference(br->mdb, br);
1594 if (!mdb)
1595 goto out;
1596
1597 br->mdb = NULL;
1598
1599 ver = mdb->ver;
1600 for (i = 0; i < mdb->max; i++) {
1601 hlist_for_each_entry_safe(mp, p, n, &mdb->mhash[i],
1602 hlist[ver]) {
1603 del_timer(&mp->timer);
1604 call_rcu_bh(&mp->rcu, br_multicast_free_group);
1605 }
1606 }
1607
1608 if (mdb->old) {
1609 spin_unlock_bh(&br->multicast_lock);
1610 rcu_barrier_bh();
1611 spin_lock_bh(&br->multicast_lock);
1612 WARN_ON(mdb->old);
1613 }
1614
1615 mdb->old = mdb;
1616 call_rcu_bh(&mdb->rcu, br_mdb_free);
1617
1618 out:
1619 spin_unlock_bh(&br->multicast_lock);
1620 }
1621
1622 int br_multicast_set_router(struct net_bridge *br, unsigned long val)
1623 {
1624 int err = -ENOENT;
1625
1626 spin_lock_bh(&br->multicast_lock);
1627 if (!netif_running(br->dev))
1628 goto unlock;
1629
1630 switch (val) {
1631 case 0:
1632 case 2:
1633 del_timer(&br->multicast_router_timer);
1634 /* fall through */
1635 case 1:
1636 br->multicast_router = val;
1637 err = 0;
1638 break;
1639
1640 default:
1641 err = -EINVAL;
1642 break;
1643 }
1644
1645 unlock:
1646 spin_unlock_bh(&br->multicast_lock);
1647
1648 return err;
1649 }
1650
1651 int br_multicast_set_port_router(struct net_bridge_port *p, unsigned long val)
1652 {
1653 struct net_bridge *br = p->br;
1654 int err = -ENOENT;
1655
1656 spin_lock(&br->multicast_lock);
1657 if (!netif_running(br->dev) || p->state == BR_STATE_DISABLED)
1658 goto unlock;
1659
1660 switch (val) {
1661 case 0:
1662 case 1:
1663 case 2:
1664 p->multicast_router = val;
1665 err = 0;
1666
1667 if (val < 2 && !hlist_unhashed(&p->rlist))
1668 hlist_del_init_rcu(&p->rlist);
1669
1670 if (val == 1)
1671 break;
1672
1673 del_timer(&p->multicast_router_timer);
1674
1675 if (val == 0)
1676 break;
1677
1678 br_multicast_add_router(br, p);
1679 break;
1680
1681 default:
1682 err = -EINVAL;
1683 break;
1684 }
1685
1686 unlock:
1687 spin_unlock(&br->multicast_lock);
1688
1689 return err;
1690 }
1691
1692 int br_multicast_toggle(struct net_bridge *br, unsigned long val)
1693 {
1694 struct net_bridge_port *port;
1695 int err = 0;
1696 struct net_bridge_mdb_htable *mdb;
1697
1698 spin_lock_bh(&br->multicast_lock);
1699 if (br->multicast_disabled == !val)
1700 goto unlock;
1701
1702 br->multicast_disabled = !val;
1703 if (br->multicast_disabled)
1704 goto unlock;
1705
1706 if (!netif_running(br->dev))
1707 goto unlock;
1708
1709 mdb = mlock_dereference(br->mdb, br);
1710 if (mdb) {
1711 if (mdb->old) {
1712 err = -EEXIST;
1713 rollback:
1714 br->multicast_disabled = !!val;
1715 goto unlock;
1716 }
1717
1718 err = br_mdb_rehash(&br->mdb, mdb->max,
1719 br->hash_elasticity);
1720 if (err)
1721 goto rollback;
1722 }
1723
1724 br_multicast_open(br);
1725 list_for_each_entry(port, &br->port_list, list) {
1726 if (port->state == BR_STATE_DISABLED ||
1727 port->state == BR_STATE_BLOCKING)
1728 continue;
1729
1730 __br_multicast_enable_port(port);
1731 }
1732
1733 unlock:
1734 spin_unlock_bh(&br->multicast_lock);
1735
1736 return err;
1737 }
1738
1739 int br_multicast_set_hash_max(struct net_bridge *br, unsigned long val)
1740 {
1741 int err = -ENOENT;
1742 u32 old;
1743 struct net_bridge_mdb_htable *mdb;
1744
1745 spin_lock(&br->multicast_lock);
1746 if (!netif_running(br->dev))
1747 goto unlock;
1748
1749 err = -EINVAL;
1750 if (!is_power_of_2(val))
1751 goto unlock;
1752
1753 mdb = mlock_dereference(br->mdb, br);
1754 if (mdb && val < mdb->size)
1755 goto unlock;
1756
1757 err = 0;
1758
1759 old = br->hash_max;
1760 br->hash_max = val;
1761
1762 if (mdb) {
1763 if (mdb->old) {
1764 err = -EEXIST;
1765 rollback:
1766 br->hash_max = old;
1767 goto unlock;
1768 }
1769
1770 err = br_mdb_rehash(&br->mdb, br->hash_max,
1771 br->hash_elasticity);
1772 if (err)
1773 goto rollback;
1774 }
1775
1776 unlock:
1777 spin_unlock(&br->multicast_lock);
1778
1779 return err;
1780 }