netfilter: ip6t_ipv6header: fix match on packets ending with NEXTHDR_NONE
[linux-2.6.git] / net / ipv6 / anycast.c
1 /*
2  *      Anycast support for IPv6
3  *      Linux INET6 implementation
4  *
5  *      Authors:
6  *      David L Stevens (dlstevens@us.ibm.com)
7  *
8  *      based heavily on net/ipv6/mcast.c
9  *
10  *      This program is free software; you can redistribute it and/or
11  *      modify it under the terms of the GNU General Public License
12  *      as published by the Free Software Foundation; either version
13  *      2 of the License, or (at your option) any later version.
14  */
15
16 #include <linux/capability.h>
17 #include <linux/module.h>
18 #include <linux/errno.h>
19 #include <linux/types.h>
20 #include <linux/random.h>
21 #include <linux/string.h>
22 #include <linux/socket.h>
23 #include <linux/sockios.h>
24 #include <linux/net.h>
25 #include <linux/in6.h>
26 #include <linux/netdevice.h>
27 #include <linux/if_arp.h>
28 #include <linux/route.h>
29 #include <linux/init.h>
30 #include <linux/proc_fs.h>
31 #include <linux/seq_file.h>
32
33 #include <net/net_namespace.h>
34 #include <net/sock.h>
35 #include <net/snmp.h>
36
37 #include <net/ipv6.h>
38 #include <net/protocol.h>
39 #include <net/if_inet6.h>
40 #include <net/ndisc.h>
41 #include <net/addrconf.h>
42 #include <net/ip6_route.h>
43
44 #include <net/checksum.h>
45
46 static int ipv6_dev_ac_dec(struct net_device *dev, struct in6_addr *addr);
47
48 /* Big ac list lock for all the sockets */
49 static DEFINE_RWLOCK(ipv6_sk_ac_lock);
50
51
52 /*
53  *      socket join an anycast group
54  */
55
56 int ipv6_sock_ac_join(struct sock *sk, int ifindex, struct in6_addr *addr)
57 {
58         struct ipv6_pinfo *np = inet6_sk(sk);
59         struct net_device *dev = NULL;
60         struct inet6_dev *idev;
61         struct ipv6_ac_socklist *pac;
62         struct net *net = sock_net(sk);
63         int     ishost = !net->ipv6.devconf_all->forwarding;
64         int     err = 0;
65
66         if (!capable(CAP_NET_ADMIN))
67                 return -EPERM;
68         if (ipv6_addr_is_multicast(addr))
69                 return -EINVAL;
70         if (ipv6_chk_addr(net, addr, NULL, 0))
71                 return -EINVAL;
72
73         pac = sock_kmalloc(sk, sizeof(struct ipv6_ac_socklist), GFP_KERNEL);
74         if (pac == NULL)
75                 return -ENOMEM;
76         pac->acl_next = NULL;
77         ipv6_addr_copy(&pac->acl_addr, addr);
78
79         if (ifindex == 0) {
80                 struct rt6_info *rt;
81
82                 rt = rt6_lookup(net, addr, NULL, 0, 0);
83                 if (rt) {
84                         dev = rt->rt6i_dev;
85                         dev_hold(dev);
86                         dst_release(&rt->u.dst);
87                 } else if (ishost) {
88                         err = -EADDRNOTAVAIL;
89                         goto out_free_pac;
90                 } else {
91                         /* router, no matching interface: just pick one */
92
93                         dev = dev_get_by_flags(net, IFF_UP, IFF_UP|IFF_LOOPBACK);
94                 }
95         } else
96                 dev = dev_get_by_index(net, ifindex);
97
98         if (dev == NULL) {
99                 err = -ENODEV;
100                 goto out_free_pac;
101         }
102
103         idev = in6_dev_get(dev);
104         if (!idev) {
105                 if (ifindex)
106                         err = -ENODEV;
107                 else
108                         err = -EADDRNOTAVAIL;
109                 goto out_dev_put;
110         }
111         /* reset ishost, now that we have a specific device */
112         ishost = !idev->cnf.forwarding;
113         in6_dev_put(idev);
114
115         pac->acl_ifindex = dev->ifindex;
116
117         /* XXX
118          * For hosts, allow link-local or matching prefix anycasts.
119          * This obviates the need for propagating anycast routes while
120          * still allowing some non-router anycast participation.
121          */
122         if (!ipv6_chk_prefix(addr, dev)) {
123                 if (ishost)
124                         err = -EADDRNOTAVAIL;
125                 if (err)
126                         goto out_dev_put;
127         }
128
129         err = ipv6_dev_ac_inc(dev, addr);
130         if (err)
131                 goto out_dev_put;
132
133         write_lock_bh(&ipv6_sk_ac_lock);
134         pac->acl_next = np->ipv6_ac_list;
135         np->ipv6_ac_list = pac;
136         write_unlock_bh(&ipv6_sk_ac_lock);
137
138         dev_put(dev);
139
140         return 0;
141
142 out_dev_put:
143         dev_put(dev);
144 out_free_pac:
145         sock_kfree_s(sk, pac, sizeof(*pac));
146         return err;
147 }
148
149 /*
150  *      socket leave an anycast group
151  */
152 int ipv6_sock_ac_drop(struct sock *sk, int ifindex, struct in6_addr *addr)
153 {
154         struct ipv6_pinfo *np = inet6_sk(sk);
155         struct net_device *dev;
156         struct ipv6_ac_socklist *pac, *prev_pac;
157         struct net *net = sock_net(sk);
158
159         write_lock_bh(&ipv6_sk_ac_lock);
160         prev_pac = NULL;
161         for (pac = np->ipv6_ac_list; pac; pac = pac->acl_next) {
162                 if ((ifindex == 0 || pac->acl_ifindex == ifindex) &&
163                      ipv6_addr_equal(&pac->acl_addr, addr))
164                         break;
165                 prev_pac = pac;
166         }
167         if (!pac) {
168                 write_unlock_bh(&ipv6_sk_ac_lock);
169                 return -ENOENT;
170         }
171         if (prev_pac)
172                 prev_pac->acl_next = pac->acl_next;
173         else
174                 np->ipv6_ac_list = pac->acl_next;
175
176         write_unlock_bh(&ipv6_sk_ac_lock);
177
178         dev = dev_get_by_index(net, pac->acl_ifindex);
179         if (dev) {
180                 ipv6_dev_ac_dec(dev, &pac->acl_addr);
181                 dev_put(dev);
182         }
183         sock_kfree_s(sk, pac, sizeof(*pac));
184         return 0;
185 }
186
187 void ipv6_sock_ac_close(struct sock *sk)
188 {
189         struct ipv6_pinfo *np = inet6_sk(sk);
190         struct net_device *dev = NULL;
191         struct ipv6_ac_socklist *pac;
192         struct net *net = sock_net(sk);
193         int     prev_index;
194
195         write_lock_bh(&ipv6_sk_ac_lock);
196         pac = np->ipv6_ac_list;
197         np->ipv6_ac_list = NULL;
198         write_unlock_bh(&ipv6_sk_ac_lock);
199
200         prev_index = 0;
201         while (pac) {
202                 struct ipv6_ac_socklist *next = pac->acl_next;
203
204                 if (pac->acl_ifindex != prev_index) {
205                         if (dev)
206                                 dev_put(dev);
207                         dev = dev_get_by_index(net, pac->acl_ifindex);
208                         prev_index = pac->acl_ifindex;
209                 }
210                 if (dev)
211                         ipv6_dev_ac_dec(dev, &pac->acl_addr);
212                 sock_kfree_s(sk, pac, sizeof(*pac));
213                 pac = next;
214         }
215         if (dev)
216                 dev_put(dev);
217 }
218
219 #if 0
220 /* The function is not used, which is funny. Apparently, author
221  * supposed to use it to filter out datagrams inside udp/raw but forgot.
222  *
223  * It is OK, anycasts are not special comparing to delivery to unicasts.
224  */
225
226 int inet6_ac_check(struct sock *sk, struct in6_addr *addr, int ifindex)
227 {
228         struct ipv6_ac_socklist *pac;
229         struct ipv6_pinfo *np = inet6_sk(sk);
230         int     found;
231
232         found = 0;
233         read_lock(&ipv6_sk_ac_lock);
234         for (pac=np->ipv6_ac_list; pac; pac=pac->acl_next) {
235                 if (ifindex && pac->acl_ifindex != ifindex)
236                         continue;
237                 found = ipv6_addr_equal(&pac->acl_addr, addr);
238                 if (found)
239                         break;
240         }
241         read_unlock(&ipv6_sk_ac_lock);
242
243         return found;
244 }
245
246 #endif
247
248 static void aca_put(struct ifacaddr6 *ac)
249 {
250         if (atomic_dec_and_test(&ac->aca_refcnt)) {
251                 in6_dev_put(ac->aca_idev);
252                 dst_release(&ac->aca_rt->u.dst);
253                 kfree(ac);
254         }
255 }
256
257 /*
258  *      device anycast group inc (add if not found)
259  */
260 int ipv6_dev_ac_inc(struct net_device *dev, struct in6_addr *addr)
261 {
262         struct ifacaddr6 *aca;
263         struct inet6_dev *idev;
264         struct rt6_info *rt;
265         int err;
266
267         idev = in6_dev_get(dev);
268
269         if (idev == NULL)
270                 return -EINVAL;
271
272         write_lock_bh(&idev->lock);
273         if (idev->dead) {
274                 err = -ENODEV;
275                 goto out;
276         }
277
278         for (aca = idev->ac_list; aca; aca = aca->aca_next) {
279                 if (ipv6_addr_equal(&aca->aca_addr, addr)) {
280                         aca->aca_users++;
281                         err = 0;
282                         goto out;
283                 }
284         }
285
286         /*
287          *      not found: create a new one.
288          */
289
290         aca = kzalloc(sizeof(struct ifacaddr6), GFP_ATOMIC);
291
292         if (aca == NULL) {
293                 err = -ENOMEM;
294                 goto out;
295         }
296
297         rt = addrconf_dst_alloc(idev, addr, 1);
298         if (IS_ERR(rt)) {
299                 kfree(aca);
300                 err = PTR_ERR(rt);
301                 goto out;
302         }
303
304         ipv6_addr_copy(&aca->aca_addr, addr);
305         aca->aca_idev = idev;
306         aca->aca_rt = rt;
307         aca->aca_users = 1;
308         /* aca_tstamp should be updated upon changes */
309         aca->aca_cstamp = aca->aca_tstamp = jiffies;
310         atomic_set(&aca->aca_refcnt, 2);
311         spin_lock_init(&aca->aca_lock);
312
313         aca->aca_next = idev->ac_list;
314         idev->ac_list = aca;
315         write_unlock_bh(&idev->lock);
316
317         ip6_ins_rt(rt);
318
319         addrconf_join_solict(dev, &aca->aca_addr);
320
321         aca_put(aca);
322         return 0;
323 out:
324         write_unlock_bh(&idev->lock);
325         in6_dev_put(idev);
326         return err;
327 }
328
329 /*
330  *      device anycast group decrement
331  */
332 int __ipv6_dev_ac_dec(struct inet6_dev *idev, struct in6_addr *addr)
333 {
334         struct ifacaddr6 *aca, *prev_aca;
335
336         write_lock_bh(&idev->lock);
337         prev_aca = NULL;
338         for (aca = idev->ac_list; aca; aca = aca->aca_next) {
339                 if (ipv6_addr_equal(&aca->aca_addr, addr))
340                         break;
341                 prev_aca = aca;
342         }
343         if (!aca) {
344                 write_unlock_bh(&idev->lock);
345                 return -ENOENT;
346         }
347         if (--aca->aca_users > 0) {
348                 write_unlock_bh(&idev->lock);
349                 return 0;
350         }
351         if (prev_aca)
352                 prev_aca->aca_next = aca->aca_next;
353         else
354                 idev->ac_list = aca->aca_next;
355         write_unlock_bh(&idev->lock);
356         addrconf_leave_solict(idev, &aca->aca_addr);
357
358         dst_hold(&aca->aca_rt->u.dst);
359         ip6_del_rt(aca->aca_rt);
360
361         aca_put(aca);
362         return 0;
363 }
364
365 static int ipv6_dev_ac_dec(struct net_device *dev, struct in6_addr *addr)
366 {
367         int ret;
368         struct inet6_dev *idev = in6_dev_get(dev);
369         if (idev == NULL)
370                 return -ENODEV;
371         ret = __ipv6_dev_ac_dec(idev, addr);
372         in6_dev_put(idev);
373         return ret;
374 }
375
376 /*
377  *      check if the interface has this anycast address
378  */
379 static int ipv6_chk_acast_dev(struct net_device *dev, struct in6_addr *addr)
380 {
381         struct inet6_dev *idev;
382         struct ifacaddr6 *aca;
383
384         idev = in6_dev_get(dev);
385         if (idev) {
386                 read_lock_bh(&idev->lock);
387                 for (aca = idev->ac_list; aca; aca = aca->aca_next)
388                         if (ipv6_addr_equal(&aca->aca_addr, addr))
389                                 break;
390                 read_unlock_bh(&idev->lock);
391                 in6_dev_put(idev);
392                 return aca != NULL;
393         }
394         return 0;
395 }
396
397 /*
398  *      check if given interface (or any, if dev==0) has this anycast address
399  */
400 int ipv6_chk_acast_addr(struct net *net, struct net_device *dev,
401                         struct in6_addr *addr)
402 {
403         int found = 0;
404
405         if (dev)
406                 return ipv6_chk_acast_dev(dev, addr);
407         read_lock(&dev_base_lock);
408         for_each_netdev(net, dev)
409                 if (ipv6_chk_acast_dev(dev, addr)) {
410                         found = 1;
411                         break;
412                 }
413         read_unlock(&dev_base_lock);
414         return found;
415 }
416
417
418 #ifdef CONFIG_PROC_FS
419 struct ac6_iter_state {
420         struct seq_net_private p;
421         struct net_device *dev;
422         struct inet6_dev *idev;
423 };
424
425 #define ac6_seq_private(seq)    ((struct ac6_iter_state *)(seq)->private)
426
427 static inline struct ifacaddr6 *ac6_get_first(struct seq_file *seq)
428 {
429         struct ifacaddr6 *im = NULL;
430         struct ac6_iter_state *state = ac6_seq_private(seq);
431         struct net *net = seq_file_net(seq);
432
433         state->idev = NULL;
434         for_each_netdev(net, state->dev) {
435                 struct inet6_dev *idev;
436                 idev = in6_dev_get(state->dev);
437                 if (!idev)
438                         continue;
439                 read_lock_bh(&idev->lock);
440                 im = idev->ac_list;
441                 if (im) {
442                         state->idev = idev;
443                         break;
444                 }
445                 read_unlock_bh(&idev->lock);
446                 in6_dev_put(idev);
447         }
448         return im;
449 }
450
451 static struct ifacaddr6 *ac6_get_next(struct seq_file *seq, struct ifacaddr6 *im)
452 {
453         struct ac6_iter_state *state = ac6_seq_private(seq);
454
455         im = im->aca_next;
456         while (!im) {
457                 if (likely(state->idev != NULL)) {
458                         read_unlock_bh(&state->idev->lock);
459                         in6_dev_put(state->idev);
460                 }
461                 state->dev = next_net_device(state->dev);
462                 if (!state->dev) {
463                         state->idev = NULL;
464                         break;
465                 }
466                 state->idev = in6_dev_get(state->dev);
467                 if (!state->idev)
468                         continue;
469                 read_lock_bh(&state->idev->lock);
470                 im = state->idev->ac_list;
471         }
472         return im;
473 }
474
475 static struct ifacaddr6 *ac6_get_idx(struct seq_file *seq, loff_t pos)
476 {
477         struct ifacaddr6 *im = ac6_get_first(seq);
478         if (im)
479                 while (pos && (im = ac6_get_next(seq, im)) != NULL)
480                         --pos;
481         return pos ? NULL : im;
482 }
483
484 static void *ac6_seq_start(struct seq_file *seq, loff_t *pos)
485         __acquires(dev_base_lock)
486 {
487         read_lock(&dev_base_lock);
488         return ac6_get_idx(seq, *pos);
489 }
490
491 static void *ac6_seq_next(struct seq_file *seq, void *v, loff_t *pos)
492 {
493         struct ifacaddr6 *im;
494         im = ac6_get_next(seq, v);
495         ++*pos;
496         return im;
497 }
498
499 static void ac6_seq_stop(struct seq_file *seq, void *v)
500         __releases(dev_base_lock)
501 {
502         struct ac6_iter_state *state = ac6_seq_private(seq);
503         if (likely(state->idev != NULL)) {
504                 read_unlock_bh(&state->idev->lock);
505                 in6_dev_put(state->idev);
506         }
507         read_unlock(&dev_base_lock);
508 }
509
510 static int ac6_seq_show(struct seq_file *seq, void *v)
511 {
512         struct ifacaddr6 *im = (struct ifacaddr6 *)v;
513         struct ac6_iter_state *state = ac6_seq_private(seq);
514
515         seq_printf(seq, "%-4d %-15s %pi6 %5d\n",
516                    state->dev->ifindex, state->dev->name,
517                    &im->aca_addr, im->aca_users);
518         return 0;
519 }
520
521 static const struct seq_operations ac6_seq_ops = {
522         .start  =       ac6_seq_start,
523         .next   =       ac6_seq_next,
524         .stop   =       ac6_seq_stop,
525         .show   =       ac6_seq_show,
526 };
527
528 static int ac6_seq_open(struct inode *inode, struct file *file)
529 {
530         return seq_open_net(inode, file, &ac6_seq_ops,
531                             sizeof(struct ac6_iter_state));
532 }
533
534 static const struct file_operations ac6_seq_fops = {
535         .owner          =       THIS_MODULE,
536         .open           =       ac6_seq_open,
537         .read           =       seq_read,
538         .llseek         =       seq_lseek,
539         .release        =       seq_release_net,
540 };
541
542 int ac6_proc_init(struct net *net)
543 {
544         if (!proc_net_fops_create(net, "anycast6", S_IRUGO, &ac6_seq_fops))
545                 return -ENOMEM;
546
547         return 0;
548 }
549
550 void ac6_proc_exit(struct net *net)
551 {
552         proc_net_remove(net, "anycast6");
553 }
554 #endif
555