[SK_BUFF]: Use skb_reset_network_header in skb_push cases
[linux-2.6.git] / net / ipv4 / ipmr.c
1 /*
2  *      IP multicast routing support for mrouted 3.6/3.8
3  *
4  *              (c) 1995 Alan Cox, <alan@redhat.com>
5  *        Linux Consultancy and Custom Driver Development
6  *
7  *      This program is free software; you can redistribute it and/or
8  *      modify it under the terms of the GNU General Public License
9  *      as published by the Free Software Foundation; either version
10  *      2 of the License, or (at your option) any later version.
11  *
12  *      Version: $Id: ipmr.c,v 1.65 2001/10/31 21:55:54 davem Exp $
13  *
14  *      Fixes:
15  *      Michael Chastain        :       Incorrect size of copying.
16  *      Alan Cox                :       Added the cache manager code
17  *      Alan Cox                :       Fixed the clone/copy bug and device race.
18  *      Mike McLagan            :       Routing by source
19  *      Malcolm Beattie         :       Buffer handling fixes.
20  *      Alexey Kuznetsov        :       Double buffer free and other fixes.
21  *      SVR Anand               :       Fixed several multicast bugs and problems.
22  *      Alexey Kuznetsov        :       Status, optimisations and more.
23  *      Brad Parker             :       Better behaviour on mrouted upcall
24  *                                      overflow.
25  *      Carlos Picoto           :       PIMv1 Support
26  *      Pavlin Ivanov Radoslavov:       PIMv2 Registers must checksum only PIM header
27  *                                      Relax this requrement to work with older peers.
28  *
29  */
30
31 #include <asm/system.h>
32 #include <asm/uaccess.h>
33 #include <linux/types.h>
34 #include <linux/capability.h>
35 #include <linux/errno.h>
36 #include <linux/timer.h>
37 #include <linux/mm.h>
38 #include <linux/kernel.h>
39 #include <linux/fcntl.h>
40 #include <linux/stat.h>
41 #include <linux/socket.h>
42 #include <linux/in.h>
43 #include <linux/inet.h>
44 #include <linux/netdevice.h>
45 #include <linux/inetdevice.h>
46 #include <linux/igmp.h>
47 #include <linux/proc_fs.h>
48 #include <linux/seq_file.h>
49 #include <linux/mroute.h>
50 #include <linux/init.h>
51 #include <linux/if_ether.h>
52 #include <net/ip.h>
53 #include <net/protocol.h>
54 #include <linux/skbuff.h>
55 #include <net/route.h>
56 #include <net/sock.h>
57 #include <net/icmp.h>
58 #include <net/udp.h>
59 #include <net/raw.h>
60 #include <linux/notifier.h>
61 #include <linux/if_arp.h>
62 #include <linux/netfilter_ipv4.h>
63 #include <net/ipip.h>
64 #include <net/checksum.h>
65
66 #if defined(CONFIG_IP_PIMSM_V1) || defined(CONFIG_IP_PIMSM_V2)
67 #define CONFIG_IP_PIMSM 1
68 #endif
69
70 static struct sock *mroute_socket;
71
72
73 /* Big lock, protecting vif table, mrt cache and mroute socket state.
74    Note that the changes are semaphored via rtnl_lock.
75  */
76
77 static DEFINE_RWLOCK(mrt_lock);
78
79 /*
80  *      Multicast router control variables
81  */
82
83 static struct vif_device vif_table[MAXVIFS];            /* Devices              */
84 static int maxvif;
85
86 #define VIF_EXISTS(idx) (vif_table[idx].dev != NULL)
87
88 static int mroute_do_assert;                            /* Set in PIM assert    */
89 static int mroute_do_pim;
90
91 static struct mfc_cache *mfc_cache_array[MFC_LINES];    /* Forwarding cache     */
92
93 static struct mfc_cache *mfc_unres_queue;               /* Queue of unresolved entries */
94 static atomic_t cache_resolve_queue_len;                /* Size of unresolved   */
95
96 /* Special spinlock for queue of unresolved entries */
97 static DEFINE_SPINLOCK(mfc_unres_lock);
98
99 /* We return to original Alan's scheme. Hash table of resolved
100    entries is changed only in process context and protected
101    with weak lock mrt_lock. Queue of unresolved entries is protected
102    with strong spinlock mfc_unres_lock.
103
104    In this case data path is free of exclusive locks at all.
105  */
106
107 static struct kmem_cache *mrt_cachep __read_mostly;
108
109 static int ip_mr_forward(struct sk_buff *skb, struct mfc_cache *cache, int local);
110 static int ipmr_cache_report(struct sk_buff *pkt, vifi_t vifi, int assert);
111 static int ipmr_fill_mroute(struct sk_buff *skb, struct mfc_cache *c, struct rtmsg *rtm);
112
113 #ifdef CONFIG_IP_PIMSM_V2
114 static struct net_protocol pim_protocol;
115 #endif
116
117 static struct timer_list ipmr_expire_timer;
118
119 /* Service routines creating virtual interfaces: DVMRP tunnels and PIMREG */
120
121 static
122 struct net_device *ipmr_new_tunnel(struct vifctl *v)
123 {
124         struct net_device  *dev;
125
126         dev = __dev_get_by_name("tunl0");
127
128         if (dev) {
129                 int err;
130                 struct ifreq ifr;
131                 mm_segment_t    oldfs;
132                 struct ip_tunnel_parm p;
133                 struct in_device  *in_dev;
134
135                 memset(&p, 0, sizeof(p));
136                 p.iph.daddr = v->vifc_rmt_addr.s_addr;
137                 p.iph.saddr = v->vifc_lcl_addr.s_addr;
138                 p.iph.version = 4;
139                 p.iph.ihl = 5;
140                 p.iph.protocol = IPPROTO_IPIP;
141                 sprintf(p.name, "dvmrp%d", v->vifc_vifi);
142                 ifr.ifr_ifru.ifru_data = (void*)&p;
143
144                 oldfs = get_fs(); set_fs(KERNEL_DS);
145                 err = dev->do_ioctl(dev, &ifr, SIOCADDTUNNEL);
146                 set_fs(oldfs);
147
148                 dev = NULL;
149
150                 if (err == 0 && (dev = __dev_get_by_name(p.name)) != NULL) {
151                         dev->flags |= IFF_MULTICAST;
152
153                         in_dev = __in_dev_get_rtnl(dev);
154                         if (in_dev == NULL && (in_dev = inetdev_init(dev)) == NULL)
155                                 goto failure;
156                         in_dev->cnf.rp_filter = 0;
157
158                         if (dev_open(dev))
159                                 goto failure;
160                 }
161         }
162         return dev;
163
164 failure:
165         /* allow the register to be completed before unregistering. */
166         rtnl_unlock();
167         rtnl_lock();
168
169         unregister_netdevice(dev);
170         return NULL;
171 }
172
173 #ifdef CONFIG_IP_PIMSM
174
175 static int reg_vif_num = -1;
176
177 static int reg_vif_xmit(struct sk_buff *skb, struct net_device *dev)
178 {
179         read_lock(&mrt_lock);
180         ((struct net_device_stats*)netdev_priv(dev))->tx_bytes += skb->len;
181         ((struct net_device_stats*)netdev_priv(dev))->tx_packets++;
182         ipmr_cache_report(skb, reg_vif_num, IGMPMSG_WHOLEPKT);
183         read_unlock(&mrt_lock);
184         kfree_skb(skb);
185         return 0;
186 }
187
188 static struct net_device_stats *reg_vif_get_stats(struct net_device *dev)
189 {
190         return (struct net_device_stats*)netdev_priv(dev);
191 }
192
193 static void reg_vif_setup(struct net_device *dev)
194 {
195         dev->type               = ARPHRD_PIMREG;
196         dev->mtu                = ETH_DATA_LEN - sizeof(struct iphdr) - 8;
197         dev->flags              = IFF_NOARP;
198         dev->hard_start_xmit    = reg_vif_xmit;
199         dev->get_stats          = reg_vif_get_stats;
200         dev->destructor         = free_netdev;
201 }
202
203 static struct net_device *ipmr_reg_vif(void)
204 {
205         struct net_device *dev;
206         struct in_device *in_dev;
207
208         dev = alloc_netdev(sizeof(struct net_device_stats), "pimreg",
209                            reg_vif_setup);
210
211         if (dev == NULL)
212                 return NULL;
213
214         if (register_netdevice(dev)) {
215                 free_netdev(dev);
216                 return NULL;
217         }
218         dev->iflink = 0;
219
220         if ((in_dev = inetdev_init(dev)) == NULL)
221                 goto failure;
222
223         in_dev->cnf.rp_filter = 0;
224
225         if (dev_open(dev))
226                 goto failure;
227
228         return dev;
229
230 failure:
231         /* allow the register to be completed before unregistering. */
232         rtnl_unlock();
233         rtnl_lock();
234
235         unregister_netdevice(dev);
236         return NULL;
237 }
238 #endif
239
240 /*
241  *      Delete a VIF entry
242  */
243
244 static int vif_delete(int vifi)
245 {
246         struct vif_device *v;
247         struct net_device *dev;
248         struct in_device *in_dev;
249
250         if (vifi < 0 || vifi >= maxvif)
251                 return -EADDRNOTAVAIL;
252
253         v = &vif_table[vifi];
254
255         write_lock_bh(&mrt_lock);
256         dev = v->dev;
257         v->dev = NULL;
258
259         if (!dev) {
260                 write_unlock_bh(&mrt_lock);
261                 return -EADDRNOTAVAIL;
262         }
263
264 #ifdef CONFIG_IP_PIMSM
265         if (vifi == reg_vif_num)
266                 reg_vif_num = -1;
267 #endif
268
269         if (vifi+1 == maxvif) {
270                 int tmp;
271                 for (tmp=vifi-1; tmp>=0; tmp--) {
272                         if (VIF_EXISTS(tmp))
273                                 break;
274                 }
275                 maxvif = tmp+1;
276         }
277
278         write_unlock_bh(&mrt_lock);
279
280         dev_set_allmulti(dev, -1);
281
282         if ((in_dev = __in_dev_get_rtnl(dev)) != NULL) {
283                 in_dev->cnf.mc_forwarding--;
284                 ip_rt_multicast_event(in_dev);
285         }
286
287         if (v->flags&(VIFF_TUNNEL|VIFF_REGISTER))
288                 unregister_netdevice(dev);
289
290         dev_put(dev);
291         return 0;
292 }
293
294 /* Destroy an unresolved cache entry, killing queued skbs
295    and reporting error to netlink readers.
296  */
297
298 static void ipmr_destroy_unres(struct mfc_cache *c)
299 {
300         struct sk_buff *skb;
301         struct nlmsgerr *e;
302
303         atomic_dec(&cache_resolve_queue_len);
304
305         while ((skb=skb_dequeue(&c->mfc_un.unres.unresolved))) {
306                 if (skb->nh.iph->version == 0) {
307                         struct nlmsghdr *nlh = (struct nlmsghdr *)skb_pull(skb, sizeof(struct iphdr));
308                         nlh->nlmsg_type = NLMSG_ERROR;
309                         nlh->nlmsg_len = NLMSG_LENGTH(sizeof(struct nlmsgerr));
310                         skb_trim(skb, nlh->nlmsg_len);
311                         e = NLMSG_DATA(nlh);
312                         e->error = -ETIMEDOUT;
313                         memset(&e->msg, 0, sizeof(e->msg));
314
315                         rtnl_unicast(skb, NETLINK_CB(skb).pid);
316                 } else
317                         kfree_skb(skb);
318         }
319
320         kmem_cache_free(mrt_cachep, c);
321 }
322
323
324 /* Single timer process for all the unresolved queue. */
325
326 static void ipmr_expire_process(unsigned long dummy)
327 {
328         unsigned long now;
329         unsigned long expires;
330         struct mfc_cache *c, **cp;
331
332         if (!spin_trylock(&mfc_unres_lock)) {
333                 mod_timer(&ipmr_expire_timer, jiffies+HZ/10);
334                 return;
335         }
336
337         if (atomic_read(&cache_resolve_queue_len) == 0)
338                 goto out;
339
340         now = jiffies;
341         expires = 10*HZ;
342         cp = &mfc_unres_queue;
343
344         while ((c=*cp) != NULL) {
345                 if (time_after(c->mfc_un.unres.expires, now)) {
346                         unsigned long interval = c->mfc_un.unres.expires - now;
347                         if (interval < expires)
348                                 expires = interval;
349                         cp = &c->next;
350                         continue;
351                 }
352
353                 *cp = c->next;
354
355                 ipmr_destroy_unres(c);
356         }
357
358         if (atomic_read(&cache_resolve_queue_len))
359                 mod_timer(&ipmr_expire_timer, jiffies + expires);
360
361 out:
362         spin_unlock(&mfc_unres_lock);
363 }
364
365 /* Fill oifs list. It is called under write locked mrt_lock. */
366
367 static void ipmr_update_thresholds(struct mfc_cache *cache, unsigned char *ttls)
368 {
369         int vifi;
370
371         cache->mfc_un.res.minvif = MAXVIFS;
372         cache->mfc_un.res.maxvif = 0;
373         memset(cache->mfc_un.res.ttls, 255, MAXVIFS);
374
375         for (vifi=0; vifi<maxvif; vifi++) {
376                 if (VIF_EXISTS(vifi) && ttls[vifi] && ttls[vifi] < 255) {
377                         cache->mfc_un.res.ttls[vifi] = ttls[vifi];
378                         if (cache->mfc_un.res.minvif > vifi)
379                                 cache->mfc_un.res.minvif = vifi;
380                         if (cache->mfc_un.res.maxvif <= vifi)
381                                 cache->mfc_un.res.maxvif = vifi + 1;
382                 }
383         }
384 }
385
386 static int vif_add(struct vifctl *vifc, int mrtsock)
387 {
388         int vifi = vifc->vifc_vifi;
389         struct vif_device *v = &vif_table[vifi];
390         struct net_device *dev;
391         struct in_device *in_dev;
392
393         /* Is vif busy ? */
394         if (VIF_EXISTS(vifi))
395                 return -EADDRINUSE;
396
397         switch (vifc->vifc_flags) {
398 #ifdef CONFIG_IP_PIMSM
399         case VIFF_REGISTER:
400                 /*
401                  * Special Purpose VIF in PIM
402                  * All the packets will be sent to the daemon
403                  */
404                 if (reg_vif_num >= 0)
405                         return -EADDRINUSE;
406                 dev = ipmr_reg_vif();
407                 if (!dev)
408                         return -ENOBUFS;
409                 break;
410 #endif
411         case VIFF_TUNNEL:
412                 dev = ipmr_new_tunnel(vifc);
413                 if (!dev)
414                         return -ENOBUFS;
415                 break;
416         case 0:
417                 dev = ip_dev_find(vifc->vifc_lcl_addr.s_addr);
418                 if (!dev)
419                         return -EADDRNOTAVAIL;
420                 dev_put(dev);
421                 break;
422         default:
423                 return -EINVAL;
424         }
425
426         if ((in_dev = __in_dev_get_rtnl(dev)) == NULL)
427                 return -EADDRNOTAVAIL;
428         in_dev->cnf.mc_forwarding++;
429         dev_set_allmulti(dev, +1);
430         ip_rt_multicast_event(in_dev);
431
432         /*
433          *      Fill in the VIF structures
434          */
435         v->rate_limit=vifc->vifc_rate_limit;
436         v->local=vifc->vifc_lcl_addr.s_addr;
437         v->remote=vifc->vifc_rmt_addr.s_addr;
438         v->flags=vifc->vifc_flags;
439         if (!mrtsock)
440                 v->flags |= VIFF_STATIC;
441         v->threshold=vifc->vifc_threshold;
442         v->bytes_in = 0;
443         v->bytes_out = 0;
444         v->pkt_in = 0;
445         v->pkt_out = 0;
446         v->link = dev->ifindex;
447         if (v->flags&(VIFF_TUNNEL|VIFF_REGISTER))
448                 v->link = dev->iflink;
449
450         /* And finish update writing critical data */
451         write_lock_bh(&mrt_lock);
452         dev_hold(dev);
453         v->dev=dev;
454 #ifdef CONFIG_IP_PIMSM
455         if (v->flags&VIFF_REGISTER)
456                 reg_vif_num = vifi;
457 #endif
458         if (vifi+1 > maxvif)
459                 maxvif = vifi+1;
460         write_unlock_bh(&mrt_lock);
461         return 0;
462 }
463
464 static struct mfc_cache *ipmr_cache_find(__be32 origin, __be32 mcastgrp)
465 {
466         int line=MFC_HASH(mcastgrp,origin);
467         struct mfc_cache *c;
468
469         for (c=mfc_cache_array[line]; c; c = c->next) {
470                 if (c->mfc_origin==origin && c->mfc_mcastgrp==mcastgrp)
471                         break;
472         }
473         return c;
474 }
475
476 /*
477  *      Allocate a multicast cache entry
478  */
479 static struct mfc_cache *ipmr_cache_alloc(void)
480 {
481         struct mfc_cache *c=kmem_cache_zalloc(mrt_cachep, GFP_KERNEL);
482         if (c==NULL)
483                 return NULL;
484         c->mfc_un.res.minvif = MAXVIFS;
485         return c;
486 }
487
488 static struct mfc_cache *ipmr_cache_alloc_unres(void)
489 {
490         struct mfc_cache *c=kmem_cache_zalloc(mrt_cachep, GFP_ATOMIC);
491         if (c==NULL)
492                 return NULL;
493         skb_queue_head_init(&c->mfc_un.unres.unresolved);
494         c->mfc_un.unres.expires = jiffies + 10*HZ;
495         return c;
496 }
497
498 /*
499  *      A cache entry has gone into a resolved state from queued
500  */
501
502 static void ipmr_cache_resolve(struct mfc_cache *uc, struct mfc_cache *c)
503 {
504         struct sk_buff *skb;
505         struct nlmsgerr *e;
506
507         /*
508          *      Play the pending entries through our router
509          */
510
511         while ((skb=__skb_dequeue(&uc->mfc_un.unres.unresolved))) {
512                 if (skb->nh.iph->version == 0) {
513                         struct nlmsghdr *nlh = (struct nlmsghdr *)skb_pull(skb, sizeof(struct iphdr));
514
515                         if (ipmr_fill_mroute(skb, c, NLMSG_DATA(nlh)) > 0) {
516                                 nlh->nlmsg_len = skb->tail - (u8*)nlh;
517                         } else {
518                                 nlh->nlmsg_type = NLMSG_ERROR;
519                                 nlh->nlmsg_len = NLMSG_LENGTH(sizeof(struct nlmsgerr));
520                                 skb_trim(skb, nlh->nlmsg_len);
521                                 e = NLMSG_DATA(nlh);
522                                 e->error = -EMSGSIZE;
523                                 memset(&e->msg, 0, sizeof(e->msg));
524                         }
525
526                         rtnl_unicast(skb, NETLINK_CB(skb).pid);
527                 } else
528                         ip_mr_forward(skb, c, 0);
529         }
530 }
531
532 /*
533  *      Bounce a cache query up to mrouted. We could use netlink for this but mrouted
534  *      expects the following bizarre scheme.
535  *
536  *      Called under mrt_lock.
537  */
538
539 static int ipmr_cache_report(struct sk_buff *pkt, vifi_t vifi, int assert)
540 {
541         struct sk_buff *skb;
542         int ihl = pkt->nh.iph->ihl<<2;
543         struct igmphdr *igmp;
544         struct igmpmsg *msg;
545         int ret;
546
547 #ifdef CONFIG_IP_PIMSM
548         if (assert == IGMPMSG_WHOLEPKT)
549                 skb = skb_realloc_headroom(pkt, sizeof(struct iphdr));
550         else
551 #endif
552                 skb = alloc_skb(128, GFP_ATOMIC);
553
554         if (!skb)
555                 return -ENOBUFS;
556
557 #ifdef CONFIG_IP_PIMSM
558         if (assert == IGMPMSG_WHOLEPKT) {
559                 /* Ugly, but we have no choice with this interface.
560                    Duplicate old header, fix ihl, length etc.
561                    And all this only to mangle msg->im_msgtype and
562                    to set msg->im_mbz to "mbz" :-)
563                  */
564                 msg = (struct igmpmsg*)skb_push(skb, sizeof(struct iphdr));
565                 skb->nh.raw = skb->h.raw = (u8*)msg;
566                 memcpy(msg, pkt->nh.raw, sizeof(struct iphdr));
567                 msg->im_msgtype = IGMPMSG_WHOLEPKT;
568                 msg->im_mbz = 0;
569                 msg->im_vif = reg_vif_num;
570                 skb->nh.iph->ihl = sizeof(struct iphdr) >> 2;
571                 skb->nh.iph->tot_len = htons(ntohs(pkt->nh.iph->tot_len) + sizeof(struct iphdr));
572         } else
573 #endif
574         {
575
576         /*
577          *      Copy the IP header
578          */
579
580         skb->nh.iph = (struct iphdr *)skb_put(skb, ihl);
581         memcpy(skb->data,pkt->data,ihl);
582         skb->nh.iph->protocol = 0;                      /* Flag to the kernel this is a route add */
583         msg = (struct igmpmsg*)skb->nh.iph;
584         msg->im_vif = vifi;
585         skb->dst = dst_clone(pkt->dst);
586
587         /*
588          *      Add our header
589          */
590
591         igmp=(struct igmphdr *)skb_put(skb,sizeof(struct igmphdr));
592         igmp->type      =
593         msg->im_msgtype = assert;
594         igmp->code      =       0;
595         skb->nh.iph->tot_len=htons(skb->len);                   /* Fix the length */
596         skb->h.raw = skb->nh.raw;
597         }
598
599         if (mroute_socket == NULL) {
600                 kfree_skb(skb);
601                 return -EINVAL;
602         }
603
604         /*
605          *      Deliver to mrouted
606          */
607         if ((ret=sock_queue_rcv_skb(mroute_socket,skb))<0) {
608                 if (net_ratelimit())
609                         printk(KERN_WARNING "mroute: pending queue full, dropping entries.\n");
610                 kfree_skb(skb);
611         }
612
613         return ret;
614 }
615
616 /*
617  *      Queue a packet for resolution. It gets locked cache entry!
618  */
619
620 static int
621 ipmr_cache_unresolved(vifi_t vifi, struct sk_buff *skb)
622 {
623         int err;
624         struct mfc_cache *c;
625
626         spin_lock_bh(&mfc_unres_lock);
627         for (c=mfc_unres_queue; c; c=c->next) {
628                 if (c->mfc_mcastgrp == skb->nh.iph->daddr &&
629                     c->mfc_origin == skb->nh.iph->saddr)
630                         break;
631         }
632
633         if (c == NULL) {
634                 /*
635                  *      Create a new entry if allowable
636                  */
637
638                 if (atomic_read(&cache_resolve_queue_len)>=10 ||
639                     (c=ipmr_cache_alloc_unres())==NULL) {
640                         spin_unlock_bh(&mfc_unres_lock);
641
642                         kfree_skb(skb);
643                         return -ENOBUFS;
644                 }
645
646                 /*
647                  *      Fill in the new cache entry
648                  */
649                 c->mfc_parent=-1;
650                 c->mfc_origin=skb->nh.iph->saddr;
651                 c->mfc_mcastgrp=skb->nh.iph->daddr;
652
653                 /*
654                  *      Reflect first query at mrouted.
655                  */
656                 if ((err = ipmr_cache_report(skb, vifi, IGMPMSG_NOCACHE))<0) {
657                         /* If the report failed throw the cache entry
658                            out - Brad Parker
659                          */
660                         spin_unlock_bh(&mfc_unres_lock);
661
662                         kmem_cache_free(mrt_cachep, c);
663                         kfree_skb(skb);
664                         return err;
665                 }
666
667                 atomic_inc(&cache_resolve_queue_len);
668                 c->next = mfc_unres_queue;
669                 mfc_unres_queue = c;
670
671                 mod_timer(&ipmr_expire_timer, c->mfc_un.unres.expires);
672         }
673
674         /*
675          *      See if we can append the packet
676          */
677         if (c->mfc_un.unres.unresolved.qlen>3) {
678                 kfree_skb(skb);
679                 err = -ENOBUFS;
680         } else {
681                 skb_queue_tail(&c->mfc_un.unres.unresolved,skb);
682                 err = 0;
683         }
684
685         spin_unlock_bh(&mfc_unres_lock);
686         return err;
687 }
688
689 /*
690  *      MFC cache manipulation by user space mroute daemon
691  */
692
693 static int ipmr_mfc_delete(struct mfcctl *mfc)
694 {
695         int line;
696         struct mfc_cache *c, **cp;
697
698         line=MFC_HASH(mfc->mfcc_mcastgrp.s_addr, mfc->mfcc_origin.s_addr);
699
700         for (cp=&mfc_cache_array[line]; (c=*cp) != NULL; cp = &c->next) {
701                 if (c->mfc_origin == mfc->mfcc_origin.s_addr &&
702                     c->mfc_mcastgrp == mfc->mfcc_mcastgrp.s_addr) {
703                         write_lock_bh(&mrt_lock);
704                         *cp = c->next;
705                         write_unlock_bh(&mrt_lock);
706
707                         kmem_cache_free(mrt_cachep, c);
708                         return 0;
709                 }
710         }
711         return -ENOENT;
712 }
713
714 static int ipmr_mfc_add(struct mfcctl *mfc, int mrtsock)
715 {
716         int line;
717         struct mfc_cache *uc, *c, **cp;
718
719         line=MFC_HASH(mfc->mfcc_mcastgrp.s_addr, mfc->mfcc_origin.s_addr);
720
721         for (cp=&mfc_cache_array[line]; (c=*cp) != NULL; cp = &c->next) {
722                 if (c->mfc_origin == mfc->mfcc_origin.s_addr &&
723                     c->mfc_mcastgrp == mfc->mfcc_mcastgrp.s_addr)
724                         break;
725         }
726
727         if (c != NULL) {
728                 write_lock_bh(&mrt_lock);
729                 c->mfc_parent = mfc->mfcc_parent;
730                 ipmr_update_thresholds(c, mfc->mfcc_ttls);
731                 if (!mrtsock)
732                         c->mfc_flags |= MFC_STATIC;
733                 write_unlock_bh(&mrt_lock);
734                 return 0;
735         }
736
737         if (!MULTICAST(mfc->mfcc_mcastgrp.s_addr))
738                 return -EINVAL;
739
740         c=ipmr_cache_alloc();
741         if (c==NULL)
742                 return -ENOMEM;
743
744         c->mfc_origin=mfc->mfcc_origin.s_addr;
745         c->mfc_mcastgrp=mfc->mfcc_mcastgrp.s_addr;
746         c->mfc_parent=mfc->mfcc_parent;
747         ipmr_update_thresholds(c, mfc->mfcc_ttls);
748         if (!mrtsock)
749                 c->mfc_flags |= MFC_STATIC;
750
751         write_lock_bh(&mrt_lock);
752         c->next = mfc_cache_array[line];
753         mfc_cache_array[line] = c;
754         write_unlock_bh(&mrt_lock);
755
756         /*
757          *      Check to see if we resolved a queued list. If so we
758          *      need to send on the frames and tidy up.
759          */
760         spin_lock_bh(&mfc_unres_lock);
761         for (cp = &mfc_unres_queue; (uc=*cp) != NULL;
762              cp = &uc->next) {
763                 if (uc->mfc_origin == c->mfc_origin &&
764                     uc->mfc_mcastgrp == c->mfc_mcastgrp) {
765                         *cp = uc->next;
766                         if (atomic_dec_and_test(&cache_resolve_queue_len))
767                                 del_timer(&ipmr_expire_timer);
768                         break;
769                 }
770         }
771         spin_unlock_bh(&mfc_unres_lock);
772
773         if (uc) {
774                 ipmr_cache_resolve(uc, c);
775                 kmem_cache_free(mrt_cachep, uc);
776         }
777         return 0;
778 }
779
780 /*
781  *      Close the multicast socket, and clear the vif tables etc
782  */
783
784 static void mroute_clean_tables(struct sock *sk)
785 {
786         int i;
787
788         /*
789          *      Shut down all active vif entries
790          */
791         for (i=0; i<maxvif; i++) {
792                 if (!(vif_table[i].flags&VIFF_STATIC))
793                         vif_delete(i);
794         }
795
796         /*
797          *      Wipe the cache
798          */
799         for (i=0;i<MFC_LINES;i++) {
800                 struct mfc_cache *c, **cp;
801
802                 cp = &mfc_cache_array[i];
803                 while ((c = *cp) != NULL) {
804                         if (c->mfc_flags&MFC_STATIC) {
805                                 cp = &c->next;
806                                 continue;
807                         }
808                         write_lock_bh(&mrt_lock);
809                         *cp = c->next;
810                         write_unlock_bh(&mrt_lock);
811
812                         kmem_cache_free(mrt_cachep, c);
813                 }
814         }
815
816         if (atomic_read(&cache_resolve_queue_len) != 0) {
817                 struct mfc_cache *c;
818
819                 spin_lock_bh(&mfc_unres_lock);
820                 while (mfc_unres_queue != NULL) {
821                         c = mfc_unres_queue;
822                         mfc_unres_queue = c->next;
823                         spin_unlock_bh(&mfc_unres_lock);
824
825                         ipmr_destroy_unres(c);
826
827                         spin_lock_bh(&mfc_unres_lock);
828                 }
829                 spin_unlock_bh(&mfc_unres_lock);
830         }
831 }
832
833 static void mrtsock_destruct(struct sock *sk)
834 {
835         rtnl_lock();
836         if (sk == mroute_socket) {
837                 ipv4_devconf.mc_forwarding--;
838
839                 write_lock_bh(&mrt_lock);
840                 mroute_socket=NULL;
841                 write_unlock_bh(&mrt_lock);
842
843                 mroute_clean_tables(sk);
844         }
845         rtnl_unlock();
846 }
847
848 /*
849  *      Socket options and virtual interface manipulation. The whole
850  *      virtual interface system is a complete heap, but unfortunately
851  *      that's how BSD mrouted happens to think. Maybe one day with a proper
852  *      MOSPF/PIM router set up we can clean this up.
853  */
854
855 int ip_mroute_setsockopt(struct sock *sk,int optname,char __user *optval,int optlen)
856 {
857         int ret;
858         struct vifctl vif;
859         struct mfcctl mfc;
860
861         if (optname != MRT_INIT) {
862                 if (sk != mroute_socket && !capable(CAP_NET_ADMIN))
863                         return -EACCES;
864         }
865
866         switch (optname) {
867         case MRT_INIT:
868                 if (sk->sk_type != SOCK_RAW ||
869                     inet_sk(sk)->num != IPPROTO_IGMP)
870                         return -EOPNOTSUPP;
871                 if (optlen!=sizeof(int))
872                         return -ENOPROTOOPT;
873
874                 rtnl_lock();
875                 if (mroute_socket) {
876                         rtnl_unlock();
877                         return -EADDRINUSE;
878                 }
879
880                 ret = ip_ra_control(sk, 1, mrtsock_destruct);
881                 if (ret == 0) {
882                         write_lock_bh(&mrt_lock);
883                         mroute_socket=sk;
884                         write_unlock_bh(&mrt_lock);
885
886                         ipv4_devconf.mc_forwarding++;
887                 }
888                 rtnl_unlock();
889                 return ret;
890         case MRT_DONE:
891                 if (sk!=mroute_socket)
892                         return -EACCES;
893                 return ip_ra_control(sk, 0, NULL);
894         case MRT_ADD_VIF:
895         case MRT_DEL_VIF:
896                 if (optlen!=sizeof(vif))
897                         return -EINVAL;
898                 if (copy_from_user(&vif,optval,sizeof(vif)))
899                         return -EFAULT;
900                 if (vif.vifc_vifi >= MAXVIFS)
901                         return -ENFILE;
902                 rtnl_lock();
903                 if (optname==MRT_ADD_VIF) {
904                         ret = vif_add(&vif, sk==mroute_socket);
905                 } else {
906                         ret = vif_delete(vif.vifc_vifi);
907                 }
908                 rtnl_unlock();
909                 return ret;
910
911                 /*
912                  *      Manipulate the forwarding caches. These live
913                  *      in a sort of kernel/user symbiosis.
914                  */
915         case MRT_ADD_MFC:
916         case MRT_DEL_MFC:
917                 if (optlen!=sizeof(mfc))
918                         return -EINVAL;
919                 if (copy_from_user(&mfc,optval, sizeof(mfc)))
920                         return -EFAULT;
921                 rtnl_lock();
922                 if (optname==MRT_DEL_MFC)
923                         ret = ipmr_mfc_delete(&mfc);
924                 else
925                         ret = ipmr_mfc_add(&mfc, sk==mroute_socket);
926                 rtnl_unlock();
927                 return ret;
928                 /*
929                  *      Control PIM assert.
930                  */
931         case MRT_ASSERT:
932         {
933                 int v;
934                 if (get_user(v,(int __user *)optval))
935                         return -EFAULT;
936                 mroute_do_assert=(v)?1:0;
937                 return 0;
938         }
939 #ifdef CONFIG_IP_PIMSM
940         case MRT_PIM:
941         {
942                 int v, ret;
943                 if (get_user(v,(int __user *)optval))
944                         return -EFAULT;
945                 v = (v)?1:0;
946                 rtnl_lock();
947                 ret = 0;
948                 if (v != mroute_do_pim) {
949                         mroute_do_pim = v;
950                         mroute_do_assert = v;
951 #ifdef CONFIG_IP_PIMSM_V2
952                         if (mroute_do_pim)
953                                 ret = inet_add_protocol(&pim_protocol,
954                                                         IPPROTO_PIM);
955                         else
956                                 ret = inet_del_protocol(&pim_protocol,
957                                                         IPPROTO_PIM);
958                         if (ret < 0)
959                                 ret = -EAGAIN;
960 #endif
961                 }
962                 rtnl_unlock();
963                 return ret;
964         }
965 #endif
966         /*
967          *      Spurious command, or MRT_VERSION which you cannot
968          *      set.
969          */
970         default:
971                 return -ENOPROTOOPT;
972         }
973 }
974
975 /*
976  *      Getsock opt support for the multicast routing system.
977  */
978
979 int ip_mroute_getsockopt(struct sock *sk,int optname,char __user *optval,int __user *optlen)
980 {
981         int olr;
982         int val;
983
984         if (optname!=MRT_VERSION &&
985 #ifdef CONFIG_IP_PIMSM
986            optname!=MRT_PIM &&
987 #endif
988            optname!=MRT_ASSERT)
989                 return -ENOPROTOOPT;
990
991         if (get_user(olr, optlen))
992                 return -EFAULT;
993
994         olr = min_t(unsigned int, olr, sizeof(int));
995         if (olr < 0)
996                 return -EINVAL;
997
998         if (put_user(olr,optlen))
999                 return -EFAULT;
1000         if (optname==MRT_VERSION)
1001                 val=0x0305;
1002 #ifdef CONFIG_IP_PIMSM
1003         else if (optname==MRT_PIM)
1004                 val=mroute_do_pim;
1005 #endif
1006         else
1007                 val=mroute_do_assert;
1008         if (copy_to_user(optval,&val,olr))
1009                 return -EFAULT;
1010         return 0;
1011 }
1012
1013 /*
1014  *      The IP multicast ioctl support routines.
1015  */
1016
1017 int ipmr_ioctl(struct sock *sk, int cmd, void __user *arg)
1018 {
1019         struct sioc_sg_req sr;
1020         struct sioc_vif_req vr;
1021         struct vif_device *vif;
1022         struct mfc_cache *c;
1023
1024         switch (cmd) {
1025         case SIOCGETVIFCNT:
1026                 if (copy_from_user(&vr,arg,sizeof(vr)))
1027                         return -EFAULT;
1028                 if (vr.vifi>=maxvif)
1029                         return -EINVAL;
1030                 read_lock(&mrt_lock);
1031                 vif=&vif_table[vr.vifi];
1032                 if (VIF_EXISTS(vr.vifi))        {
1033                         vr.icount=vif->pkt_in;
1034                         vr.ocount=vif->pkt_out;
1035                         vr.ibytes=vif->bytes_in;
1036                         vr.obytes=vif->bytes_out;
1037                         read_unlock(&mrt_lock);
1038
1039                         if (copy_to_user(arg,&vr,sizeof(vr)))
1040                                 return -EFAULT;
1041                         return 0;
1042                 }
1043                 read_unlock(&mrt_lock);
1044                 return -EADDRNOTAVAIL;
1045         case SIOCGETSGCNT:
1046                 if (copy_from_user(&sr,arg,sizeof(sr)))
1047                         return -EFAULT;
1048
1049                 read_lock(&mrt_lock);
1050                 c = ipmr_cache_find(sr.src.s_addr, sr.grp.s_addr);
1051                 if (c) {
1052                         sr.pktcnt = c->mfc_un.res.pkt;
1053                         sr.bytecnt = c->mfc_un.res.bytes;
1054                         sr.wrong_if = c->mfc_un.res.wrong_if;
1055                         read_unlock(&mrt_lock);
1056
1057                         if (copy_to_user(arg,&sr,sizeof(sr)))
1058                                 return -EFAULT;
1059                         return 0;
1060                 }
1061                 read_unlock(&mrt_lock);
1062                 return -EADDRNOTAVAIL;
1063         default:
1064                 return -ENOIOCTLCMD;
1065         }
1066 }
1067
1068
1069 static int ipmr_device_event(struct notifier_block *this, unsigned long event, void *ptr)
1070 {
1071         struct vif_device *v;
1072         int ct;
1073         if (event != NETDEV_UNREGISTER)
1074                 return NOTIFY_DONE;
1075         v=&vif_table[0];
1076         for (ct=0;ct<maxvif;ct++,v++) {
1077                 if (v->dev==ptr)
1078                         vif_delete(ct);
1079         }
1080         return NOTIFY_DONE;
1081 }
1082
1083
1084 static struct notifier_block ip_mr_notifier={
1085         .notifier_call = ipmr_device_event,
1086 };
1087
1088 /*
1089  *      Encapsulate a packet by attaching a valid IPIP header to it.
1090  *      This avoids tunnel drivers and other mess and gives us the speed so
1091  *      important for multicast video.
1092  */
1093
1094 static void ip_encap(struct sk_buff *skb, __be32 saddr, __be32 daddr)
1095 {
1096         struct iphdr *iph = (struct iphdr *)skb_push(skb,sizeof(struct iphdr));
1097
1098         iph->version    =       4;
1099         iph->tos        =       skb->nh.iph->tos;
1100         iph->ttl        =       skb->nh.iph->ttl;
1101         iph->frag_off   =       0;
1102         iph->daddr      =       daddr;
1103         iph->saddr      =       saddr;
1104         iph->protocol   =       IPPROTO_IPIP;
1105         iph->ihl        =       5;
1106         iph->tot_len    =       htons(skb->len);
1107         ip_select_ident(iph, skb->dst, NULL);
1108         ip_send_check(iph);
1109
1110         skb->h.ipiph = skb->nh.iph;
1111         skb->nh.iph = iph;
1112         memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt));
1113         nf_reset(skb);
1114 }
1115
1116 static inline int ipmr_forward_finish(struct sk_buff *skb)
1117 {
1118         struct ip_options * opt = &(IPCB(skb)->opt);
1119
1120         IP_INC_STATS_BH(IPSTATS_MIB_OUTFORWDATAGRAMS);
1121
1122         if (unlikely(opt->optlen))
1123                 ip_forward_options(skb);
1124
1125         return dst_output(skb);
1126 }
1127
1128 /*
1129  *      Processing handlers for ipmr_forward
1130  */
1131
1132 static void ipmr_queue_xmit(struct sk_buff *skb, struct mfc_cache *c, int vifi)
1133 {
1134         struct iphdr *iph = skb->nh.iph;
1135         struct vif_device *vif = &vif_table[vifi];
1136         struct net_device *dev;
1137         struct rtable *rt;
1138         int    encap = 0;
1139
1140         if (vif->dev == NULL)
1141                 goto out_free;
1142
1143 #ifdef CONFIG_IP_PIMSM
1144         if (vif->flags & VIFF_REGISTER) {
1145                 vif->pkt_out++;
1146                 vif->bytes_out+=skb->len;
1147                 ((struct net_device_stats*)netdev_priv(vif->dev))->tx_bytes += skb->len;
1148                 ((struct net_device_stats*)netdev_priv(vif->dev))->tx_packets++;
1149                 ipmr_cache_report(skb, vifi, IGMPMSG_WHOLEPKT);
1150                 kfree_skb(skb);
1151                 return;
1152         }
1153 #endif
1154
1155         if (vif->flags&VIFF_TUNNEL) {
1156                 struct flowi fl = { .oif = vif->link,
1157                                     .nl_u = { .ip4_u =
1158                                               { .daddr = vif->remote,
1159                                                 .saddr = vif->local,
1160                                                 .tos = RT_TOS(iph->tos) } },
1161                                     .proto = IPPROTO_IPIP };
1162                 if (ip_route_output_key(&rt, &fl))
1163                         goto out_free;
1164                 encap = sizeof(struct iphdr);
1165         } else {
1166                 struct flowi fl = { .oif = vif->link,
1167                                     .nl_u = { .ip4_u =
1168                                               { .daddr = iph->daddr,
1169                                                 .tos = RT_TOS(iph->tos) } },
1170                                     .proto = IPPROTO_IPIP };
1171                 if (ip_route_output_key(&rt, &fl))
1172                         goto out_free;
1173         }
1174
1175         dev = rt->u.dst.dev;
1176
1177         if (skb->len+encap > dst_mtu(&rt->u.dst) && (ntohs(iph->frag_off) & IP_DF)) {
1178                 /* Do not fragment multicasts. Alas, IPv4 does not
1179                    allow to send ICMP, so that packets will disappear
1180                    to blackhole.
1181                  */
1182
1183                 IP_INC_STATS_BH(IPSTATS_MIB_FRAGFAILS);
1184                 ip_rt_put(rt);
1185                 goto out_free;
1186         }
1187
1188         encap += LL_RESERVED_SPACE(dev) + rt->u.dst.header_len;
1189
1190         if (skb_cow(skb, encap)) {
1191                 ip_rt_put(rt);
1192                 goto out_free;
1193         }
1194
1195         vif->pkt_out++;
1196         vif->bytes_out+=skb->len;
1197
1198         dst_release(skb->dst);
1199         skb->dst = &rt->u.dst;
1200         iph = skb->nh.iph;
1201         ip_decrease_ttl(iph);
1202
1203         /* FIXME: forward and output firewalls used to be called here.
1204          * What do we do with netfilter? -- RR */
1205         if (vif->flags & VIFF_TUNNEL) {
1206                 ip_encap(skb, vif->local, vif->remote);
1207                 /* FIXME: extra output firewall step used to be here. --RR */
1208                 ((struct ip_tunnel *)netdev_priv(vif->dev))->stat.tx_packets++;
1209                 ((struct ip_tunnel *)netdev_priv(vif->dev))->stat.tx_bytes+=skb->len;
1210         }
1211
1212         IPCB(skb)->flags |= IPSKB_FORWARDED;
1213
1214         /*
1215          * RFC1584 teaches, that DVMRP/PIM router must deliver packets locally
1216          * not only before forwarding, but after forwarding on all output
1217          * interfaces. It is clear, if mrouter runs a multicasting
1218          * program, it should receive packets not depending to what interface
1219          * program is joined.
1220          * If we will not make it, the program will have to join on all
1221          * interfaces. On the other hand, multihoming host (or router, but
1222          * not mrouter) cannot join to more than one interface - it will
1223          * result in receiving multiple packets.
1224          */
1225         NF_HOOK(PF_INET, NF_IP_FORWARD, skb, skb->dev, dev,
1226                 ipmr_forward_finish);
1227         return;
1228
1229 out_free:
1230         kfree_skb(skb);
1231         return;
1232 }
1233
1234 static int ipmr_find_vif(struct net_device *dev)
1235 {
1236         int ct;
1237         for (ct=maxvif-1; ct>=0; ct--) {
1238                 if (vif_table[ct].dev == dev)
1239                         break;
1240         }
1241         return ct;
1242 }
1243
1244 /* "local" means that we should preserve one skb (for local delivery) */
1245
1246 static int ip_mr_forward(struct sk_buff *skb, struct mfc_cache *cache, int local)
1247 {
1248         int psend = -1;
1249         int vif, ct;
1250
1251         vif = cache->mfc_parent;
1252         cache->mfc_un.res.pkt++;
1253         cache->mfc_un.res.bytes += skb->len;
1254
1255         /*
1256          * Wrong interface: drop packet and (maybe) send PIM assert.
1257          */
1258         if (vif_table[vif].dev != skb->dev) {
1259                 int true_vifi;
1260
1261                 if (((struct rtable*)skb->dst)->fl.iif == 0) {
1262                         /* It is our own packet, looped back.
1263                            Very complicated situation...
1264
1265                            The best workaround until routing daemons will be
1266                            fixed is not to redistribute packet, if it was
1267                            send through wrong interface. It means, that
1268                            multicast applications WILL NOT work for
1269                            (S,G), which have default multicast route pointing
1270                            to wrong oif. In any case, it is not a good
1271                            idea to use multicasting applications on router.
1272                          */
1273                         goto dont_forward;
1274                 }
1275
1276                 cache->mfc_un.res.wrong_if++;
1277                 true_vifi = ipmr_find_vif(skb->dev);
1278
1279                 if (true_vifi >= 0 && mroute_do_assert &&
1280                     /* pimsm uses asserts, when switching from RPT to SPT,
1281                        so that we cannot check that packet arrived on an oif.
1282                        It is bad, but otherwise we would need to move pretty
1283                        large chunk of pimd to kernel. Ough... --ANK
1284                      */
1285                     (mroute_do_pim || cache->mfc_un.res.ttls[true_vifi] < 255) &&
1286                     time_after(jiffies,
1287                                cache->mfc_un.res.last_assert + MFC_ASSERT_THRESH)) {
1288                         cache->mfc_un.res.last_assert = jiffies;
1289                         ipmr_cache_report(skb, true_vifi, IGMPMSG_WRONGVIF);
1290                 }
1291                 goto dont_forward;
1292         }
1293
1294         vif_table[vif].pkt_in++;
1295         vif_table[vif].bytes_in+=skb->len;
1296
1297         /*
1298          *      Forward the frame
1299          */
1300         for (ct = cache->mfc_un.res.maxvif-1; ct >= cache->mfc_un.res.minvif; ct--) {
1301                 if (skb->nh.iph->ttl > cache->mfc_un.res.ttls[ct]) {
1302                         if (psend != -1) {
1303                                 struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC);
1304                                 if (skb2)
1305                                         ipmr_queue_xmit(skb2, cache, psend);
1306                         }
1307                         psend=ct;
1308                 }
1309         }
1310         if (psend != -1) {
1311                 if (local) {
1312                         struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC);
1313                         if (skb2)
1314                                 ipmr_queue_xmit(skb2, cache, psend);
1315                 } else {
1316                         ipmr_queue_xmit(skb, cache, psend);
1317                         return 0;
1318                 }
1319         }
1320
1321 dont_forward:
1322         if (!local)
1323                 kfree_skb(skb);
1324         return 0;
1325 }
1326
1327
1328 /*
1329  *      Multicast packets for forwarding arrive here
1330  */
1331
1332 int ip_mr_input(struct sk_buff *skb)
1333 {
1334         struct mfc_cache *cache;
1335         int local = ((struct rtable*)skb->dst)->rt_flags&RTCF_LOCAL;
1336
1337         /* Packet is looped back after forward, it should not be
1338            forwarded second time, but still can be delivered locally.
1339          */
1340         if (IPCB(skb)->flags&IPSKB_FORWARDED)
1341                 goto dont_forward;
1342
1343         if (!local) {
1344                     if (IPCB(skb)->opt.router_alert) {
1345                             if (ip_call_ra_chain(skb))
1346                                     return 0;
1347                     } else if (skb->nh.iph->protocol == IPPROTO_IGMP){
1348                             /* IGMPv1 (and broken IGMPv2 implementations sort of
1349                                Cisco IOS <= 11.2(8)) do not put router alert
1350                                option to IGMP packets destined to routable
1351                                groups. It is very bad, because it means
1352                                that we can forward NO IGMP messages.
1353                              */
1354                             read_lock(&mrt_lock);
1355                             if (mroute_socket) {
1356                                     nf_reset(skb);
1357                                     raw_rcv(mroute_socket, skb);
1358                                     read_unlock(&mrt_lock);
1359                                     return 0;
1360                             }
1361                             read_unlock(&mrt_lock);
1362                     }
1363         }
1364
1365         read_lock(&mrt_lock);
1366         cache = ipmr_cache_find(skb->nh.iph->saddr, skb->nh.iph->daddr);
1367
1368         /*
1369          *      No usable cache entry
1370          */
1371         if (cache==NULL) {
1372                 int vif;
1373
1374                 if (local) {
1375                         struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC);
1376                         ip_local_deliver(skb);
1377                         if (skb2 == NULL) {
1378                                 read_unlock(&mrt_lock);
1379                                 return -ENOBUFS;
1380                         }
1381                         skb = skb2;
1382                 }
1383
1384                 vif = ipmr_find_vif(skb->dev);
1385                 if (vif >= 0) {
1386                         int err = ipmr_cache_unresolved(vif, skb);
1387                         read_unlock(&mrt_lock);
1388
1389                         return err;
1390                 }
1391                 read_unlock(&mrt_lock);
1392                 kfree_skb(skb);
1393                 return -ENODEV;
1394         }
1395
1396         ip_mr_forward(skb, cache, local);
1397
1398         read_unlock(&mrt_lock);
1399
1400         if (local)
1401                 return ip_local_deliver(skb);
1402
1403         return 0;
1404
1405 dont_forward:
1406         if (local)
1407                 return ip_local_deliver(skb);
1408         kfree_skb(skb);
1409         return 0;
1410 }
1411
1412 #ifdef CONFIG_IP_PIMSM_V1
1413 /*
1414  * Handle IGMP messages of PIMv1
1415  */
1416
1417 int pim_rcv_v1(struct sk_buff * skb)
1418 {
1419         struct igmphdr *pim;
1420         struct iphdr   *encap;
1421         struct net_device  *reg_dev = NULL;
1422
1423         if (!pskb_may_pull(skb, sizeof(*pim) + sizeof(*encap)))
1424                 goto drop;
1425
1426         pim = (struct igmphdr*)skb->h.raw;
1427
1428         if (!mroute_do_pim ||
1429             skb->len < sizeof(*pim) + sizeof(*encap) ||
1430             pim->group != PIM_V1_VERSION || pim->code != PIM_V1_REGISTER)
1431                 goto drop;
1432
1433         encap = (struct iphdr*)(skb->h.raw + sizeof(struct igmphdr));
1434         /*
1435            Check that:
1436            a. packet is really destinted to a multicast group
1437            b. packet is not a NULL-REGISTER
1438            c. packet is not truncated
1439          */
1440         if (!MULTICAST(encap->daddr) ||
1441             encap->tot_len == 0 ||
1442             ntohs(encap->tot_len) + sizeof(*pim) > skb->len)
1443                 goto drop;
1444
1445         read_lock(&mrt_lock);
1446         if (reg_vif_num >= 0)
1447                 reg_dev = vif_table[reg_vif_num].dev;
1448         if (reg_dev)
1449                 dev_hold(reg_dev);
1450         read_unlock(&mrt_lock);
1451
1452         if (reg_dev == NULL)
1453                 goto drop;
1454
1455         skb->mac.raw = skb->nh.raw;
1456         skb_pull(skb, (u8*)encap - skb->data);
1457         skb->nh.iph = (struct iphdr *)skb->data;
1458         skb->dev = reg_dev;
1459         skb->protocol = htons(ETH_P_IP);
1460         skb->ip_summed = 0;
1461         skb->pkt_type = PACKET_HOST;
1462         dst_release(skb->dst);
1463         skb->dst = NULL;
1464         ((struct net_device_stats*)netdev_priv(reg_dev))->rx_bytes += skb->len;
1465         ((struct net_device_stats*)netdev_priv(reg_dev))->rx_packets++;
1466         nf_reset(skb);
1467         netif_rx(skb);
1468         dev_put(reg_dev);
1469         return 0;
1470  drop:
1471         kfree_skb(skb);
1472         return 0;
1473 }
1474 #endif
1475
1476 #ifdef CONFIG_IP_PIMSM_V2
1477 static int pim_rcv(struct sk_buff * skb)
1478 {
1479         struct pimreghdr *pim;
1480         struct iphdr   *encap;
1481         struct net_device  *reg_dev = NULL;
1482
1483         if (!pskb_may_pull(skb, sizeof(*pim) + sizeof(*encap)))
1484                 goto drop;
1485
1486         pim = (struct pimreghdr*)skb->h.raw;
1487         if (pim->type != ((PIM_VERSION<<4)|(PIM_REGISTER)) ||
1488             (pim->flags&PIM_NULL_REGISTER) ||
1489             (ip_compute_csum((void *)pim, sizeof(*pim)) != 0 &&
1490              csum_fold(skb_checksum(skb, 0, skb->len, 0))))
1491                 goto drop;
1492
1493         /* check if the inner packet is destined to mcast group */
1494         encap = (struct iphdr*)(skb->h.raw + sizeof(struct pimreghdr));
1495         if (!MULTICAST(encap->daddr) ||
1496             encap->tot_len == 0 ||
1497             ntohs(encap->tot_len) + sizeof(*pim) > skb->len)
1498                 goto drop;
1499
1500         read_lock(&mrt_lock);
1501         if (reg_vif_num >= 0)
1502                 reg_dev = vif_table[reg_vif_num].dev;
1503         if (reg_dev)
1504                 dev_hold(reg_dev);
1505         read_unlock(&mrt_lock);
1506
1507         if (reg_dev == NULL)
1508                 goto drop;
1509
1510         skb->mac.raw = skb->nh.raw;
1511         skb_pull(skb, (u8*)encap - skb->data);
1512         skb->nh.iph = (struct iphdr *)skb->data;
1513         skb->dev = reg_dev;
1514         skb->protocol = htons(ETH_P_IP);
1515         skb->ip_summed = 0;
1516         skb->pkt_type = PACKET_HOST;
1517         dst_release(skb->dst);
1518         ((struct net_device_stats*)netdev_priv(reg_dev))->rx_bytes += skb->len;
1519         ((struct net_device_stats*)netdev_priv(reg_dev))->rx_packets++;
1520         skb->dst = NULL;
1521         nf_reset(skb);
1522         netif_rx(skb);
1523         dev_put(reg_dev);
1524         return 0;
1525  drop:
1526         kfree_skb(skb);
1527         return 0;
1528 }
1529 #endif
1530
1531 static int
1532 ipmr_fill_mroute(struct sk_buff *skb, struct mfc_cache *c, struct rtmsg *rtm)
1533 {
1534         int ct;
1535         struct rtnexthop *nhp;
1536         struct net_device *dev = vif_table[c->mfc_parent].dev;
1537         u8 *b = skb->tail;
1538         struct rtattr *mp_head;
1539
1540         if (dev)
1541                 RTA_PUT(skb, RTA_IIF, 4, &dev->ifindex);
1542
1543         mp_head = (struct rtattr*)skb_put(skb, RTA_LENGTH(0));
1544
1545         for (ct = c->mfc_un.res.minvif; ct < c->mfc_un.res.maxvif; ct++) {
1546                 if (c->mfc_un.res.ttls[ct] < 255) {
1547                         if (skb_tailroom(skb) < RTA_ALIGN(RTA_ALIGN(sizeof(*nhp)) + 4))
1548                                 goto rtattr_failure;
1549                         nhp = (struct rtnexthop*)skb_put(skb, RTA_ALIGN(sizeof(*nhp)));
1550                         nhp->rtnh_flags = 0;
1551                         nhp->rtnh_hops = c->mfc_un.res.ttls[ct];
1552                         nhp->rtnh_ifindex = vif_table[ct].dev->ifindex;
1553                         nhp->rtnh_len = sizeof(*nhp);
1554                 }
1555         }
1556         mp_head->rta_type = RTA_MULTIPATH;
1557         mp_head->rta_len = skb->tail - (u8*)mp_head;
1558         rtm->rtm_type = RTN_MULTICAST;
1559         return 1;
1560
1561 rtattr_failure:
1562         skb_trim(skb, b - skb->data);
1563         return -EMSGSIZE;
1564 }
1565
1566 int ipmr_get_route(struct sk_buff *skb, struct rtmsg *rtm, int nowait)
1567 {
1568         int err;
1569         struct mfc_cache *cache;
1570         struct rtable *rt = (struct rtable*)skb->dst;
1571
1572         read_lock(&mrt_lock);
1573         cache = ipmr_cache_find(rt->rt_src, rt->rt_dst);
1574
1575         if (cache==NULL) {
1576                 struct sk_buff *skb2;
1577                 struct net_device *dev;
1578                 int vif;
1579
1580                 if (nowait) {
1581                         read_unlock(&mrt_lock);
1582                         return -EAGAIN;
1583                 }
1584
1585                 dev = skb->dev;
1586                 if (dev == NULL || (vif = ipmr_find_vif(dev)) < 0) {
1587                         read_unlock(&mrt_lock);
1588                         return -ENODEV;
1589                 }
1590                 skb2 = skb_clone(skb, GFP_ATOMIC);
1591                 if (!skb2) {
1592                         read_unlock(&mrt_lock);
1593                         return -ENOMEM;
1594                 }
1595
1596                 skb_push(skb2, sizeof(struct iphdr));
1597                 skb_reset_network_header(skb2);
1598                 skb2->nh.iph->ihl = sizeof(struct iphdr)>>2;
1599                 skb2->nh.iph->saddr = rt->rt_src;
1600                 skb2->nh.iph->daddr = rt->rt_dst;
1601                 skb2->nh.iph->version = 0;
1602                 err = ipmr_cache_unresolved(vif, skb2);
1603                 read_unlock(&mrt_lock);
1604                 return err;
1605         }
1606
1607         if (!nowait && (rtm->rtm_flags&RTM_F_NOTIFY))
1608                 cache->mfc_flags |= MFC_NOTIFY;
1609         err = ipmr_fill_mroute(skb, cache, rtm);
1610         read_unlock(&mrt_lock);
1611         return err;
1612 }
1613
1614 #ifdef CONFIG_PROC_FS
1615 /*
1616  *      The /proc interfaces to multicast routing /proc/ip_mr_cache /proc/ip_mr_vif
1617  */
1618 struct ipmr_vif_iter {
1619         int ct;
1620 };
1621
1622 static struct vif_device *ipmr_vif_seq_idx(struct ipmr_vif_iter *iter,
1623                                            loff_t pos)
1624 {
1625         for (iter->ct = 0; iter->ct < maxvif; ++iter->ct) {
1626                 if (!VIF_EXISTS(iter->ct))
1627                         continue;
1628                 if (pos-- == 0)
1629                         return &vif_table[iter->ct];
1630         }
1631         return NULL;
1632 }
1633
1634 static void *ipmr_vif_seq_start(struct seq_file *seq, loff_t *pos)
1635 {
1636         read_lock(&mrt_lock);
1637         return *pos ? ipmr_vif_seq_idx(seq->private, *pos - 1)
1638                 : SEQ_START_TOKEN;
1639 }
1640
1641 static void *ipmr_vif_seq_next(struct seq_file *seq, void *v, loff_t *pos)
1642 {
1643         struct ipmr_vif_iter *iter = seq->private;
1644
1645         ++*pos;
1646         if (v == SEQ_START_TOKEN)
1647                 return ipmr_vif_seq_idx(iter, 0);
1648
1649         while (++iter->ct < maxvif) {
1650                 if (!VIF_EXISTS(iter->ct))
1651                         continue;
1652                 return &vif_table[iter->ct];
1653         }
1654         return NULL;
1655 }
1656
1657 static void ipmr_vif_seq_stop(struct seq_file *seq, void *v)
1658 {
1659         read_unlock(&mrt_lock);
1660 }
1661
1662 static int ipmr_vif_seq_show(struct seq_file *seq, void *v)
1663 {
1664         if (v == SEQ_START_TOKEN) {
1665                 seq_puts(seq,
1666                          "Interface      BytesIn  PktsIn  BytesOut PktsOut Flags Local    Remote\n");
1667         } else {
1668                 const struct vif_device *vif = v;
1669                 const char *name =  vif->dev ? vif->dev->name : "none";
1670
1671                 seq_printf(seq,
1672                            "%2Zd %-10s %8ld %7ld  %8ld %7ld %05X %08X %08X\n",
1673                            vif - vif_table,
1674                            name, vif->bytes_in, vif->pkt_in,
1675                            vif->bytes_out, vif->pkt_out,
1676                            vif->flags, vif->local, vif->remote);
1677         }
1678         return 0;
1679 }
1680
1681 static struct seq_operations ipmr_vif_seq_ops = {
1682         .start = ipmr_vif_seq_start,
1683         .next  = ipmr_vif_seq_next,
1684         .stop  = ipmr_vif_seq_stop,
1685         .show  = ipmr_vif_seq_show,
1686 };
1687
1688 static int ipmr_vif_open(struct inode *inode, struct file *file)
1689 {
1690         struct seq_file *seq;
1691         int rc = -ENOMEM;
1692         struct ipmr_vif_iter *s = kmalloc(sizeof(*s), GFP_KERNEL);
1693
1694         if (!s)
1695                 goto out;
1696
1697         rc = seq_open(file, &ipmr_vif_seq_ops);
1698         if (rc)
1699                 goto out_kfree;
1700
1701         s->ct = 0;
1702         seq = file->private_data;
1703         seq->private = s;
1704 out:
1705         return rc;
1706 out_kfree:
1707         kfree(s);
1708         goto out;
1709
1710 }
1711
1712 static const struct file_operations ipmr_vif_fops = {
1713         .owner   = THIS_MODULE,
1714         .open    = ipmr_vif_open,
1715         .read    = seq_read,
1716         .llseek  = seq_lseek,
1717         .release = seq_release_private,
1718 };
1719
1720 struct ipmr_mfc_iter {
1721         struct mfc_cache **cache;
1722         int ct;
1723 };
1724
1725
1726 static struct mfc_cache *ipmr_mfc_seq_idx(struct ipmr_mfc_iter *it, loff_t pos)
1727 {
1728         struct mfc_cache *mfc;
1729
1730         it->cache = mfc_cache_array;
1731         read_lock(&mrt_lock);
1732         for (it->ct = 0; it->ct < MFC_LINES; it->ct++)
1733                 for (mfc = mfc_cache_array[it->ct]; mfc; mfc = mfc->next)
1734                         if (pos-- == 0)
1735                                 return mfc;
1736         read_unlock(&mrt_lock);
1737
1738         it->cache = &mfc_unres_queue;
1739         spin_lock_bh(&mfc_unres_lock);
1740         for (mfc = mfc_unres_queue; mfc; mfc = mfc->next)
1741                 if (pos-- == 0)
1742                         return mfc;
1743         spin_unlock_bh(&mfc_unres_lock);
1744
1745         it->cache = NULL;
1746         return NULL;
1747 }
1748
1749
1750 static void *ipmr_mfc_seq_start(struct seq_file *seq, loff_t *pos)
1751 {
1752         struct ipmr_mfc_iter *it = seq->private;
1753         it->cache = NULL;
1754         it->ct = 0;
1755         return *pos ? ipmr_mfc_seq_idx(seq->private, *pos - 1)
1756                 : SEQ_START_TOKEN;
1757 }
1758
1759 static void *ipmr_mfc_seq_next(struct seq_file *seq, void *v, loff_t *pos)
1760 {
1761         struct mfc_cache *mfc = v;
1762         struct ipmr_mfc_iter *it = seq->private;
1763
1764         ++*pos;
1765
1766         if (v == SEQ_START_TOKEN)
1767                 return ipmr_mfc_seq_idx(seq->private, 0);
1768
1769         if (mfc->next)
1770                 return mfc->next;
1771
1772         if (it->cache == &mfc_unres_queue)
1773                 goto end_of_list;
1774
1775         BUG_ON(it->cache != mfc_cache_array);
1776
1777         while (++it->ct < MFC_LINES) {
1778                 mfc = mfc_cache_array[it->ct];
1779                 if (mfc)
1780                         return mfc;
1781         }
1782
1783         /* exhausted cache_array, show unresolved */
1784         read_unlock(&mrt_lock);
1785         it->cache = &mfc_unres_queue;
1786         it->ct = 0;
1787
1788         spin_lock_bh(&mfc_unres_lock);
1789         mfc = mfc_unres_queue;
1790         if (mfc)
1791                 return mfc;
1792
1793  end_of_list:
1794         spin_unlock_bh(&mfc_unres_lock);
1795         it->cache = NULL;
1796
1797         return NULL;
1798 }
1799
1800 static void ipmr_mfc_seq_stop(struct seq_file *seq, void *v)
1801 {
1802         struct ipmr_mfc_iter *it = seq->private;
1803
1804         if (it->cache == &mfc_unres_queue)
1805                 spin_unlock_bh(&mfc_unres_lock);
1806         else if (it->cache == mfc_cache_array)
1807                 read_unlock(&mrt_lock);
1808 }
1809
1810 static int ipmr_mfc_seq_show(struct seq_file *seq, void *v)
1811 {
1812         int n;
1813
1814         if (v == SEQ_START_TOKEN) {
1815                 seq_puts(seq,
1816                  "Group    Origin   Iif     Pkts    Bytes    Wrong Oifs\n");
1817         } else {
1818                 const struct mfc_cache *mfc = v;
1819                 const struct ipmr_mfc_iter *it = seq->private;
1820
1821                 seq_printf(seq, "%08lX %08lX %-3d %8ld %8ld %8ld",
1822                            (unsigned long) mfc->mfc_mcastgrp,
1823                            (unsigned long) mfc->mfc_origin,
1824                            mfc->mfc_parent,
1825                            mfc->mfc_un.res.pkt,
1826                            mfc->mfc_un.res.bytes,
1827                            mfc->mfc_un.res.wrong_if);
1828
1829                 if (it->cache != &mfc_unres_queue) {
1830                         for (n = mfc->mfc_un.res.minvif;
1831                              n < mfc->mfc_un.res.maxvif; n++ ) {
1832                                 if (VIF_EXISTS(n)
1833                                    && mfc->mfc_un.res.ttls[n] < 255)
1834                                 seq_printf(seq,
1835                                            " %2d:%-3d",
1836                                            n, mfc->mfc_un.res.ttls[n]);
1837                         }
1838                 }
1839                 seq_putc(seq, '\n');
1840         }
1841         return 0;
1842 }
1843
1844 static struct seq_operations ipmr_mfc_seq_ops = {
1845         .start = ipmr_mfc_seq_start,
1846         .next  = ipmr_mfc_seq_next,
1847         .stop  = ipmr_mfc_seq_stop,
1848         .show  = ipmr_mfc_seq_show,
1849 };
1850
1851 static int ipmr_mfc_open(struct inode *inode, struct file *file)
1852 {
1853         struct seq_file *seq;
1854         int rc = -ENOMEM;
1855         struct ipmr_mfc_iter *s = kmalloc(sizeof(*s), GFP_KERNEL);
1856
1857         if (!s)
1858                 goto out;
1859
1860         rc = seq_open(file, &ipmr_mfc_seq_ops);
1861         if (rc)
1862                 goto out_kfree;
1863
1864         seq = file->private_data;
1865         seq->private = s;
1866 out:
1867         return rc;
1868 out_kfree:
1869         kfree(s);
1870         goto out;
1871
1872 }
1873
1874 static const struct file_operations ipmr_mfc_fops = {
1875         .owner   = THIS_MODULE,
1876         .open    = ipmr_mfc_open,
1877         .read    = seq_read,
1878         .llseek  = seq_lseek,
1879         .release = seq_release_private,
1880 };
1881 #endif
1882
1883 #ifdef CONFIG_IP_PIMSM_V2
1884 static struct net_protocol pim_protocol = {
1885         .handler        =       pim_rcv,
1886 };
1887 #endif
1888
1889
1890 /*
1891  *      Setup for IP multicast routing
1892  */
1893
1894 void __init ip_mr_init(void)
1895 {
1896         mrt_cachep = kmem_cache_create("ip_mrt_cache",
1897                                        sizeof(struct mfc_cache),
1898                                        0, SLAB_HWCACHE_ALIGN|SLAB_PANIC,
1899                                        NULL, NULL);
1900         init_timer(&ipmr_expire_timer);
1901         ipmr_expire_timer.function=ipmr_expire_process;
1902         register_netdevice_notifier(&ip_mr_notifier);
1903 #ifdef CONFIG_PROC_FS
1904         proc_net_fops_create("ip_mr_vif", 0, &ipmr_vif_fops);
1905         proc_net_fops_create("ip_mr_cache", 0, &ipmr_mfc_fops);
1906 #endif
1907 }