2 * ip6_flowlabel.c IPv6 flowlabel manager.
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version
7 * 2 of the License, or (at your option) any later version.
9 * Authors: Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>
12 #include <linux/capability.h>
13 #include <linux/errno.h>
14 #include <linux/types.h>
15 #include <linux/socket.h>
16 #include <linux/net.h>
17 #include <linux/netdevice.h>
18 #include <linux/if_arp.h>
19 #include <linux/in6.h>
20 #include <linux/route.h>
21 #include <linux/proc_fs.h>
22 #include <linux/seq_file.h>
23 #include <linux/slab.h>
24 #include <linux/export.h>
25 #include <linux/pid_namespace.h>
27 #include <net/net_namespace.h>
31 #include <net/ndisc.h>
32 #include <net/protocol.h>
33 #include <net/ip6_route.h>
34 #include <net/addrconf.h>
35 #include <net/rawv6.h>
37 #include <net/transp_v6.h>
39 #include <asm/uaccess.h>
41 #define FL_MIN_LINGER 6 /* Minimal linger. It is set to 6sec specified
42 in old IPv6 RFC. Well, it was reasonable value.
44 #define FL_MAX_LINGER 60 /* Maximal linger timeout */
48 #define FL_MAX_PER_SOCK 32
49 #define FL_MAX_SIZE 4096
50 #define FL_HASH_MASK 255
51 #define FL_HASH(l) (ntohl(l)&FL_HASH_MASK)
53 static atomic_t fl_size = ATOMIC_INIT(0);
54 static struct ip6_flowlabel *fl_ht[FL_HASH_MASK+1];
56 static void ip6_fl_gc(unsigned long dummy);
57 static DEFINE_TIMER(ip6_fl_gc_timer, ip6_fl_gc, 0, 0);
59 /* FL hash table lock: it protects only of GC */
61 static DEFINE_RWLOCK(ip6_fl_lock);
65 static DEFINE_RWLOCK(ip6_sk_fl_lock);
68 static inline struct ip6_flowlabel *__fl_lookup(struct net *net, __be32 label)
70 struct ip6_flowlabel *fl;
72 for (fl=fl_ht[FL_HASH(label)]; fl; fl = fl->next) {
73 if (fl->label == label && net_eq(fl->fl_net, net))
79 static struct ip6_flowlabel *fl_lookup(struct net *net, __be32 label)
81 struct ip6_flowlabel *fl;
83 read_lock_bh(&ip6_fl_lock);
84 fl = __fl_lookup(net, label);
86 atomic_inc(&fl->users);
87 read_unlock_bh(&ip6_fl_lock);
92 static void fl_free(struct ip6_flowlabel *fl)
95 case IPV6_FL_S_PROCESS:
96 put_pid(fl->owner.pid);
100 release_net(fl->fl_net);
106 static void fl_release(struct ip6_flowlabel *fl)
108 write_lock_bh(&ip6_fl_lock);
110 fl->lastuse = jiffies;
111 if (atomic_dec_and_test(&fl->users)) {
112 unsigned long ttd = fl->lastuse + fl->linger;
113 if (time_after(ttd, fl->expires))
116 if (fl->opt && fl->share == IPV6_FL_S_EXCL) {
117 struct ipv6_txoptions *opt = fl->opt;
121 if (!timer_pending(&ip6_fl_gc_timer) ||
122 time_after(ip6_fl_gc_timer.expires, ttd))
123 mod_timer(&ip6_fl_gc_timer, ttd);
125 write_unlock_bh(&ip6_fl_lock);
128 static void ip6_fl_gc(unsigned long dummy)
131 unsigned long now = jiffies;
132 unsigned long sched = 0;
134 write_lock(&ip6_fl_lock);
136 for (i=0; i<=FL_HASH_MASK; i++) {
137 struct ip6_flowlabel *fl, **flp;
139 while ((fl=*flp) != NULL) {
140 if (atomic_read(&fl->users) == 0) {
141 unsigned long ttd = fl->lastuse + fl->linger;
142 if (time_after(ttd, fl->expires))
145 if (time_after_eq(now, ttd)) {
148 atomic_dec(&fl_size);
151 if (!sched || time_before(ttd, sched))
157 if (!sched && atomic_read(&fl_size))
158 sched = now + FL_MAX_LINGER;
160 mod_timer(&ip6_fl_gc_timer, sched);
162 write_unlock(&ip6_fl_lock);
165 static void __net_exit ip6_fl_purge(struct net *net)
169 write_lock(&ip6_fl_lock);
170 for (i = 0; i <= FL_HASH_MASK; i++) {
171 struct ip6_flowlabel *fl, **flp;
173 while ((fl = *flp) != NULL) {
174 if (net_eq(fl->fl_net, net) &&
175 atomic_read(&fl->users) == 0) {
178 atomic_dec(&fl_size);
184 write_unlock(&ip6_fl_lock);
187 static struct ip6_flowlabel *fl_intern(struct net *net,
188 struct ip6_flowlabel *fl, __be32 label)
190 struct ip6_flowlabel *lfl;
192 fl->label = label & IPV6_FLOWLABEL_MASK;
194 write_lock_bh(&ip6_fl_lock);
197 fl->label = htonl(net_random())&IPV6_FLOWLABEL_MASK;
199 lfl = __fl_lookup(net, fl->label);
206 * we dropper the ip6_fl_lock, so this entry could reappear
207 * and we need to recheck with it.
209 * OTOH no need to search the active socket first, like it is
210 * done in ipv6_flowlabel_opt - sock is locked, so new entry
211 * with the same label can only appear on another sock
213 lfl = __fl_lookup(net, fl->label);
215 atomic_inc(&lfl->users);
216 write_unlock_bh(&ip6_fl_lock);
221 fl->lastuse = jiffies;
222 fl->next = fl_ht[FL_HASH(fl->label)];
223 fl_ht[FL_HASH(fl->label)] = fl;
224 atomic_inc(&fl_size);
225 write_unlock_bh(&ip6_fl_lock);
231 /* Socket flowlabel lists */
233 struct ip6_flowlabel * fl6_sock_lookup(struct sock *sk, __be32 label)
235 struct ipv6_fl_socklist *sfl;
236 struct ipv6_pinfo *np = inet6_sk(sk);
238 label &= IPV6_FLOWLABEL_MASK;
240 read_lock_bh(&ip6_sk_fl_lock);
241 for (sfl=np->ipv6_fl_list; sfl; sfl = sfl->next) {
242 struct ip6_flowlabel *fl = sfl->fl;
243 if (fl->label == label) {
244 fl->lastuse = jiffies;
245 atomic_inc(&fl->users);
246 read_unlock_bh(&ip6_sk_fl_lock);
250 read_unlock_bh(&ip6_sk_fl_lock);
254 EXPORT_SYMBOL_GPL(fl6_sock_lookup);
256 void fl6_free_socklist(struct sock *sk)
258 struct ipv6_pinfo *np = inet6_sk(sk);
259 struct ipv6_fl_socklist *sfl;
261 while ((sfl = np->ipv6_fl_list) != NULL) {
262 np->ipv6_fl_list = sfl->next;
268 /* Service routines */
272 It is the only difficult place. flowlabel enforces equal headers
273 before and including routing header, however user may supply options
277 struct ipv6_txoptions *fl6_merge_options(struct ipv6_txoptions * opt_space,
278 struct ip6_flowlabel * fl,
279 struct ipv6_txoptions * fopt)
281 struct ipv6_txoptions * fl_opt = fl->opt;
283 if (fopt == NULL || fopt->opt_flen == 0)
286 if (fl_opt != NULL) {
287 opt_space->hopopt = fl_opt->hopopt;
288 opt_space->dst0opt = fl_opt->dst0opt;
289 opt_space->srcrt = fl_opt->srcrt;
290 opt_space->opt_nflen = fl_opt->opt_nflen;
292 if (fopt->opt_nflen == 0)
294 opt_space->hopopt = NULL;
295 opt_space->dst0opt = NULL;
296 opt_space->srcrt = NULL;
297 opt_space->opt_nflen = 0;
299 opt_space->dst1opt = fopt->dst1opt;
300 opt_space->opt_flen = fopt->opt_flen;
303 EXPORT_SYMBOL_GPL(fl6_merge_options);
305 static unsigned long check_linger(unsigned long ttl)
307 if (ttl < FL_MIN_LINGER)
308 return FL_MIN_LINGER*HZ;
309 if (ttl > FL_MAX_LINGER && !capable(CAP_NET_ADMIN))
314 static int fl6_renew(struct ip6_flowlabel *fl, unsigned long linger, unsigned long expires)
316 linger = check_linger(linger);
319 expires = check_linger(expires);
322 fl->lastuse = jiffies;
323 if (time_before(fl->linger, linger))
325 if (time_before(expires, fl->linger))
326 expires = fl->linger;
327 if (time_before(fl->expires, fl->lastuse + expires))
328 fl->expires = fl->lastuse + expires;
332 static struct ip6_flowlabel *
333 fl_create(struct net *net, struct sock *sk, struct in6_flowlabel_req *freq,
334 char __user *optval, int optlen, int *err_p)
336 struct ip6_flowlabel *fl = NULL;
341 olen = optlen - CMSG_ALIGN(sizeof(*freq));
343 if (olen > 64 * 1024)
347 fl = kzalloc(sizeof(*fl), GFP_KERNEL);
353 struct flowi6 flowi6;
357 fl->opt = kmalloc(sizeof(*fl->opt) + olen, GFP_KERNEL);
361 memset(fl->opt, 0, sizeof(*fl->opt));
362 fl->opt->tot_len = sizeof(*fl->opt) + olen;
364 if (copy_from_user(fl->opt+1, optval+CMSG_ALIGN(sizeof(*freq)), olen))
367 msg.msg_controllen = olen;
368 msg.msg_control = (void*)(fl->opt+1);
369 memset(&flowi6, 0, sizeof(flowi6));
371 err = datagram_send_ctl(net, sk, &msg, &flowi6, fl->opt, &junk,
376 if (fl->opt->opt_flen)
378 if (fl->opt->opt_nflen == 0) {
384 fl->fl_net = hold_net(net);
385 fl->expires = jiffies;
386 err = fl6_renew(fl, freq->flr_linger, freq->flr_expires);
389 fl->share = freq->flr_share;
390 addr_type = ipv6_addr_type(&freq->flr_dst);
391 if ((addr_type & IPV6_ADDR_MAPPED) ||
392 addr_type == IPV6_ADDR_ANY) {
396 fl->dst = freq->flr_dst;
397 atomic_set(&fl->users, 1);
402 case IPV6_FL_S_PROCESS:
403 fl->owner.pid = get_task_pid(current, PIDTYPE_PID);
406 fl->owner.uid = current_euid();
420 static int mem_check(struct sock *sk)
422 struct ipv6_pinfo *np = inet6_sk(sk);
423 struct ipv6_fl_socklist *sfl;
424 int room = FL_MAX_SIZE - atomic_read(&fl_size);
427 if (room > FL_MAX_SIZE - FL_MAX_PER_SOCK)
430 for (sfl = np->ipv6_fl_list; sfl; sfl = sfl->next)
434 ((count >= FL_MAX_PER_SOCK ||
435 (count > 0 && room < FL_MAX_SIZE/2) || room < FL_MAX_SIZE/4) &&
436 !capable(CAP_NET_ADMIN)))
442 static bool ipv6_hdr_cmp(struct ipv6_opt_hdr *h1, struct ipv6_opt_hdr *h2)
446 if (h1 == NULL || h2 == NULL)
448 if (h1->hdrlen != h2->hdrlen)
450 return memcmp(h1+1, h2+1, ((h1->hdrlen+1)<<3) - sizeof(*h1));
453 static bool ipv6_opt_cmp(struct ipv6_txoptions *o1, struct ipv6_txoptions *o2)
457 if (o1 == NULL || o2 == NULL)
459 if (o1->opt_nflen != o2->opt_nflen)
461 if (ipv6_hdr_cmp(o1->hopopt, o2->hopopt))
463 if (ipv6_hdr_cmp(o1->dst0opt, o2->dst0opt))
465 if (ipv6_hdr_cmp((struct ipv6_opt_hdr *)o1->srcrt, (struct ipv6_opt_hdr *)o2->srcrt))
470 static inline void fl_link(struct ipv6_pinfo *np, struct ipv6_fl_socklist *sfl,
471 struct ip6_flowlabel *fl)
473 write_lock_bh(&ip6_sk_fl_lock);
475 sfl->next = np->ipv6_fl_list;
476 np->ipv6_fl_list = sfl;
477 write_unlock_bh(&ip6_sk_fl_lock);
480 int ipv6_flowlabel_opt(struct sock *sk, char __user *optval, int optlen)
482 int uninitialized_var(err);
483 struct net *net = sock_net(sk);
484 struct ipv6_pinfo *np = inet6_sk(sk);
485 struct in6_flowlabel_req freq;
486 struct ipv6_fl_socklist *sfl1=NULL;
487 struct ipv6_fl_socklist *sfl, **sflp;
488 struct ip6_flowlabel *fl, *fl1 = NULL;
491 if (optlen < sizeof(freq))
494 if (copy_from_user(&freq, optval, sizeof(freq)))
497 switch (freq.flr_action) {
499 write_lock_bh(&ip6_sk_fl_lock);
500 for (sflp = &np->ipv6_fl_list; (sfl=*sflp)!=NULL; sflp = &sfl->next) {
501 if (sfl->fl->label == freq.flr_label) {
502 if (freq.flr_label == (np->flow_label&IPV6_FLOWLABEL_MASK))
503 np->flow_label &= ~IPV6_FLOWLABEL_MASK;
505 write_unlock_bh(&ip6_sk_fl_lock);
511 write_unlock_bh(&ip6_sk_fl_lock);
514 case IPV6_FL_A_RENEW:
515 read_lock_bh(&ip6_sk_fl_lock);
516 for (sfl = np->ipv6_fl_list; sfl; sfl = sfl->next) {
517 if (sfl->fl->label == freq.flr_label) {
518 err = fl6_renew(sfl->fl, freq.flr_linger, freq.flr_expires);
519 read_unlock_bh(&ip6_sk_fl_lock);
523 read_unlock_bh(&ip6_sk_fl_lock);
525 if (freq.flr_share == IPV6_FL_S_NONE && capable(CAP_NET_ADMIN)) {
526 fl = fl_lookup(net, freq.flr_label);
528 err = fl6_renew(fl, freq.flr_linger, freq.flr_expires);
536 if (freq.flr_label & ~IPV6_FLOWLABEL_MASK)
539 fl = fl_create(net, sk, &freq, optval, optlen, &err);
542 sfl1 = kmalloc(sizeof(*sfl1), GFP_KERNEL);
544 if (freq.flr_label) {
546 read_lock_bh(&ip6_sk_fl_lock);
547 for (sfl = np->ipv6_fl_list; sfl; sfl = sfl->next) {
548 if (sfl->fl->label == freq.flr_label) {
549 if (freq.flr_flags&IPV6_FL_F_EXCL) {
550 read_unlock_bh(&ip6_sk_fl_lock);
554 atomic_inc(&fl1->users);
558 read_unlock_bh(&ip6_sk_fl_lock);
561 fl1 = fl_lookup(net, freq.flr_label);
565 if (freq.flr_flags&IPV6_FL_F_EXCL)
568 if (fl1->share == IPV6_FL_S_EXCL ||
569 fl1->share != fl->share ||
570 ((fl1->share == IPV6_FL_S_PROCESS) &&
571 (fl1->owner.pid == fl->owner.pid)) ||
572 ((fl1->share == IPV6_FL_S_USER) &&
573 uid_eq(fl1->owner.uid, fl->owner.uid)))
577 if (!ipv6_addr_equal(&fl1->dst, &fl->dst) ||
578 ipv6_opt_cmp(fl1->opt, fl->opt))
584 if (fl->linger > fl1->linger)
585 fl1->linger = fl->linger;
586 if ((long)(fl->expires - fl1->expires) > 0)
587 fl1->expires = fl->expires;
588 fl_link(np, sfl1, fl1);
598 if (!(freq.flr_flags&IPV6_FL_F_CREATE))
602 if (sfl1 == NULL || (err = mem_check(sk)) != 0)
605 fl1 = fl_intern(net, fl, freq.flr_label);
609 if (!freq.flr_label) {
610 if (copy_to_user(&((struct in6_flowlabel_req __user *) optval)->flr_label,
611 &fl->label, sizeof(fl->label))) {
612 /* Intentionally ignore fault. */
616 fl_link(np, sfl1, fl);
629 #ifdef CONFIG_PROC_FS
631 struct ip6fl_iter_state {
632 struct seq_net_private p;
633 struct pid_namespace *pid_ns;
637 #define ip6fl_seq_private(seq) ((struct ip6fl_iter_state *)(seq)->private)
639 static struct ip6_flowlabel *ip6fl_get_first(struct seq_file *seq)
641 struct ip6_flowlabel *fl = NULL;
642 struct ip6fl_iter_state *state = ip6fl_seq_private(seq);
643 struct net *net = seq_file_net(seq);
645 for (state->bucket = 0; state->bucket <= FL_HASH_MASK; ++state->bucket) {
646 fl = fl_ht[state->bucket];
648 while (fl && !net_eq(fl->fl_net, net))
656 static struct ip6_flowlabel *ip6fl_get_next(struct seq_file *seq, struct ip6_flowlabel *fl)
658 struct ip6fl_iter_state *state = ip6fl_seq_private(seq);
659 struct net *net = seq_file_net(seq);
663 while (fl && !net_eq(fl->fl_net, net))
667 if (++state->bucket <= FL_HASH_MASK) {
668 fl = fl_ht[state->bucket];
676 static struct ip6_flowlabel *ip6fl_get_idx(struct seq_file *seq, loff_t pos)
678 struct ip6_flowlabel *fl = ip6fl_get_first(seq);
680 while (pos && (fl = ip6fl_get_next(seq, fl)) != NULL)
682 return pos ? NULL : fl;
685 static void *ip6fl_seq_start(struct seq_file *seq, loff_t *pos)
686 __acquires(ip6_fl_lock)
688 read_lock_bh(&ip6_fl_lock);
689 return *pos ? ip6fl_get_idx(seq, *pos - 1) : SEQ_START_TOKEN;
692 static void *ip6fl_seq_next(struct seq_file *seq, void *v, loff_t *pos)
694 struct ip6_flowlabel *fl;
696 if (v == SEQ_START_TOKEN)
697 fl = ip6fl_get_first(seq);
699 fl = ip6fl_get_next(seq, v);
704 static void ip6fl_seq_stop(struct seq_file *seq, void *v)
705 __releases(ip6_fl_lock)
707 read_unlock_bh(&ip6_fl_lock);
710 static int ip6fl_seq_show(struct seq_file *seq, void *v)
712 struct ip6fl_iter_state *state = ip6fl_seq_private(seq);
713 if (v == SEQ_START_TOKEN)
714 seq_printf(seq, "%-5s %-1s %-6s %-6s %-6s %-8s %-32s %s\n",
715 "Label", "S", "Owner", "Users", "Linger", "Expires", "Dst", "Opt");
717 struct ip6_flowlabel *fl = v;
719 "%05X %-1d %-6d %-6d %-6ld %-8ld %pi6 %-4d\n",
720 (unsigned int)ntohl(fl->label),
722 ((fl->share == IPV6_FL_S_PROCESS) ?
723 pid_nr_ns(fl->owner.pid, state->pid_ns) :
724 ((fl->share == IPV6_FL_S_USER) ?
725 from_kuid_munged(seq_user_ns(seq), fl->owner.uid) :
727 atomic_read(&fl->users),
729 (long)(fl->expires - jiffies)/HZ,
731 fl->opt ? fl->opt->opt_nflen : 0);
736 static const struct seq_operations ip6fl_seq_ops = {
737 .start = ip6fl_seq_start,
738 .next = ip6fl_seq_next,
739 .stop = ip6fl_seq_stop,
740 .show = ip6fl_seq_show,
743 static int ip6fl_seq_open(struct inode *inode, struct file *file)
745 struct seq_file *seq;
746 struct ip6fl_iter_state *state;
749 err = seq_open_net(inode, file, &ip6fl_seq_ops,
750 sizeof(struct ip6fl_iter_state));
753 seq = file->private_data;
754 state = ip6fl_seq_private(seq);
756 state->pid_ns = get_pid_ns(task_active_pid_ns(current));
762 static int ip6fl_seq_release(struct inode *inode, struct file *file)
764 struct seq_file *seq = file->private_data;
765 struct ip6fl_iter_state *state = ip6fl_seq_private(seq);
766 put_pid_ns(state->pid_ns);
767 return seq_release_net(inode, file);
770 static const struct file_operations ip6fl_seq_fops = {
771 .owner = THIS_MODULE,
772 .open = ip6fl_seq_open,
775 .release = ip6fl_seq_release,
778 static int __net_init ip6_flowlabel_proc_init(struct net *net)
780 if (!proc_net_fops_create(net, "ip6_flowlabel",
781 S_IRUGO, &ip6fl_seq_fops))
786 static void __net_exit ip6_flowlabel_proc_fini(struct net *net)
788 proc_net_remove(net, "ip6_flowlabel");
791 static inline int ip6_flowlabel_proc_init(struct net *net)
795 static inline void ip6_flowlabel_proc_fini(struct net *net)
800 static void __net_exit ip6_flowlabel_net_exit(struct net *net)
803 ip6_flowlabel_proc_fini(net);
806 static struct pernet_operations ip6_flowlabel_net_ops = {
807 .init = ip6_flowlabel_proc_init,
808 .exit = ip6_flowlabel_net_exit,
811 int ip6_flowlabel_init(void)
813 return register_pernet_subsys(&ip6_flowlabel_net_ops);
816 void ip6_flowlabel_cleanup(void)
818 del_timer(&ip6_fl_gc_timer);
819 unregister_pernet_subsys(&ip6_flowlabel_net_ops);
projects / linux-2.6-microblaze.git / blob