[NETFILTER]: nf_conntrack: attach conntrack to locally generated ICMPv6 error
[linux-2.6.git] / net / ipv6 / anycast.c
1 /*
2  *      Anycast support for IPv6
3  *      Linux INET6 implementation 
4  *
5  *      Authors:
6  *      David L Stevens (dlstevens@us.ibm.com)
7  *
8  *      based heavily on net/ipv6/mcast.c
9  *
10  *      This program is free software; you can redistribute it and/or
11  *      modify it under the terms of the GNU General Public License
12  *      as published by the Free Software Foundation; either version
13  *      2 of the License, or (at your option) any later version.
14  */
15
16 #include <linux/capability.h>
17 #include <linux/config.h>
18 #include <linux/module.h>
19 #include <linux/errno.h>
20 #include <linux/types.h>
21 #include <linux/random.h>
22 #include <linux/string.h>
23 #include <linux/socket.h>
24 #include <linux/sockios.h>
25 #include <linux/sched.h>
26 #include <linux/net.h>
27 #include <linux/in6.h>
28 #include <linux/netdevice.h>
29 #include <linux/if_arp.h>
30 #include <linux/route.h>
31 #include <linux/init.h>
32 #include <linux/proc_fs.h>
33 #include <linux/seq_file.h>
34
35 #include <net/sock.h>
36 #include <net/snmp.h>
37
38 #include <net/ipv6.h>
39 #include <net/protocol.h>
40 #include <net/if_inet6.h>
41 #include <net/ndisc.h>
42 #include <net/addrconf.h>
43 #include <net/ip6_route.h>
44
45 #include <net/checksum.h>
46
47 static int ipv6_dev_ac_dec(struct net_device *dev, struct in6_addr *addr);
48
49 /* Big ac list lock for all the sockets */
50 static DEFINE_RWLOCK(ipv6_sk_ac_lock);
51
52 static int
53 ip6_onlink(struct in6_addr *addr, struct net_device *dev)
54 {
55         struct inet6_dev        *idev;
56         struct inet6_ifaddr     *ifa;
57         int     onlink;
58
59         onlink = 0;
60         read_lock(&addrconf_lock);
61         idev = __in6_dev_get(dev);
62         if (idev) {
63                 read_lock_bh(&idev->lock);
64                 for (ifa=idev->addr_list; ifa; ifa=ifa->if_next) {
65                         onlink = ipv6_prefix_equal(addr, &ifa->addr,
66                                                    ifa->prefix_len);
67                         if (onlink)
68                                 break;
69                 }
70                 read_unlock_bh(&idev->lock);
71         }
72         read_unlock(&addrconf_lock);
73         return onlink;
74 }
75
76 /*
77  *      socket join an anycast group
78  */
79
80 int ipv6_sock_ac_join(struct sock *sk, int ifindex, struct in6_addr *addr)
81 {
82         struct ipv6_pinfo *np = inet6_sk(sk);
83         struct net_device *dev = NULL;
84         struct inet6_dev *idev;
85         struct ipv6_ac_socklist *pac;
86         int     ishost = !ipv6_devconf.forwarding;
87         int     err = 0;
88
89         if (!capable(CAP_NET_ADMIN))
90                 return -EPERM;
91         if (ipv6_addr_is_multicast(addr))
92                 return -EINVAL;
93         if (ipv6_chk_addr(addr, NULL, 0))
94                 return -EINVAL;
95
96         pac = sock_kmalloc(sk, sizeof(struct ipv6_ac_socklist), GFP_KERNEL);
97         if (pac == NULL)
98                 return -ENOMEM;
99         pac->acl_next = NULL;
100         ipv6_addr_copy(&pac->acl_addr, addr);
101
102         if (ifindex == 0) {
103                 struct rt6_info *rt;
104
105                 rt = rt6_lookup(addr, NULL, 0, 0);
106                 if (rt) {
107                         dev = rt->rt6i_dev;
108                         dev_hold(dev);
109                         dst_release(&rt->u.dst);
110                 } else if (ishost) {
111                         err = -EADDRNOTAVAIL;
112                         goto out_free_pac;
113                 } else {
114                         /* router, no matching interface: just pick one */
115
116                         dev = dev_get_by_flags(IFF_UP, IFF_UP|IFF_LOOPBACK);
117                 }
118         } else
119                 dev = dev_get_by_index(ifindex);
120
121         if (dev == NULL) {
122                 err = -ENODEV;
123                 goto out_free_pac;
124         }
125
126         idev = in6_dev_get(dev);
127         if (!idev) {
128                 if (ifindex)
129                         err = -ENODEV;
130                 else
131                         err = -EADDRNOTAVAIL;
132                 goto out_dev_put;
133         }
134         /* reset ishost, now that we have a specific device */
135         ishost = !idev->cnf.forwarding;
136         in6_dev_put(idev);
137
138         pac->acl_ifindex = dev->ifindex;
139
140         /* XXX
141          * For hosts, allow link-local or matching prefix anycasts.
142          * This obviates the need for propagating anycast routes while
143          * still allowing some non-router anycast participation.
144          */
145         if (!ip6_onlink(addr, dev)) {
146                 if (ishost)
147                         err = -EADDRNOTAVAIL;
148                 if (err)
149                         goto out_dev_put;
150         }
151
152         err = ipv6_dev_ac_inc(dev, addr);
153         if (err)
154                 goto out_dev_put;
155
156         write_lock_bh(&ipv6_sk_ac_lock);
157         pac->acl_next = np->ipv6_ac_list;
158         np->ipv6_ac_list = pac;
159         write_unlock_bh(&ipv6_sk_ac_lock);
160
161         dev_put(dev);
162
163         return 0;
164
165 out_dev_put:
166         dev_put(dev);
167 out_free_pac:
168         sock_kfree_s(sk, pac, sizeof(*pac));
169         return err;
170 }
171
172 /*
173  *      socket leave an anycast group
174  */
175 int ipv6_sock_ac_drop(struct sock *sk, int ifindex, struct in6_addr *addr)
176 {
177         struct ipv6_pinfo *np = inet6_sk(sk);
178         struct net_device *dev;
179         struct ipv6_ac_socklist *pac, *prev_pac;
180
181         write_lock_bh(&ipv6_sk_ac_lock);
182         prev_pac = NULL;
183         for (pac = np->ipv6_ac_list; pac; pac = pac->acl_next) {
184                 if ((ifindex == 0 || pac->acl_ifindex == ifindex) &&
185                      ipv6_addr_equal(&pac->acl_addr, addr))
186                         break;
187                 prev_pac = pac;
188         }
189         if (!pac) {
190                 write_unlock_bh(&ipv6_sk_ac_lock);
191                 return -ENOENT;
192         }
193         if (prev_pac)
194                 prev_pac->acl_next = pac->acl_next;
195         else
196                 np->ipv6_ac_list = pac->acl_next;
197
198         write_unlock_bh(&ipv6_sk_ac_lock);
199
200         dev = dev_get_by_index(pac->acl_ifindex);
201         if (dev) {
202                 ipv6_dev_ac_dec(dev, &pac->acl_addr);
203                 dev_put(dev);
204         }
205         sock_kfree_s(sk, pac, sizeof(*pac));
206         return 0;
207 }
208
209 void ipv6_sock_ac_close(struct sock *sk)
210 {
211         struct ipv6_pinfo *np = inet6_sk(sk);
212         struct net_device *dev = NULL;
213         struct ipv6_ac_socklist *pac;
214         int     prev_index;
215
216         write_lock_bh(&ipv6_sk_ac_lock);
217         pac = np->ipv6_ac_list;
218         np->ipv6_ac_list = NULL;
219         write_unlock_bh(&ipv6_sk_ac_lock);
220
221         prev_index = 0;
222         while (pac) {
223                 struct ipv6_ac_socklist *next = pac->acl_next;
224
225                 if (pac->acl_ifindex != prev_index) {
226                         if (dev)
227                                 dev_put(dev);
228                         dev = dev_get_by_index(pac->acl_ifindex);
229                         prev_index = pac->acl_ifindex;
230                 }
231                 if (dev)
232                         ipv6_dev_ac_dec(dev, &pac->acl_addr);
233                 sock_kfree_s(sk, pac, sizeof(*pac));
234                 pac = next;
235         }
236         if (dev)
237                 dev_put(dev);
238 }
239
240 #if 0
241 /* The function is not used, which is funny. Apparently, author
242  * supposed to use it to filter out datagrams inside udp/raw but forgot.
243  *
244  * It is OK, anycasts are not special comparing to delivery to unicasts.
245  */
246
247 int inet6_ac_check(struct sock *sk, struct in6_addr *addr, int ifindex)
248 {
249         struct ipv6_ac_socklist *pac;
250         struct ipv6_pinfo *np = inet6_sk(sk);
251         int     found;
252
253         found = 0;
254         read_lock(&ipv6_sk_ac_lock);
255         for (pac=np->ipv6_ac_list; pac; pac=pac->acl_next) {
256                 if (ifindex && pac->acl_ifindex != ifindex)
257                         continue;
258                 found = ipv6_addr_equal(&pac->acl_addr, addr);
259                 if (found)
260                         break;
261         }
262         read_unlock(&ipv6_sk_ac_lock);
263
264         return found;
265 }
266
267 #endif
268
269 static void aca_put(struct ifacaddr6 *ac)
270 {
271         if (atomic_dec_and_test(&ac->aca_refcnt)) {
272                 in6_dev_put(ac->aca_idev);
273                 dst_release(&ac->aca_rt->u.dst);
274                 kfree(ac);
275         }
276 }
277
278 /*
279  *      device anycast group inc (add if not found)
280  */
281 int ipv6_dev_ac_inc(struct net_device *dev, struct in6_addr *addr)
282 {
283         struct ifacaddr6 *aca;
284         struct inet6_dev *idev;
285         struct rt6_info *rt;
286         int err;
287
288         idev = in6_dev_get(dev);
289
290         if (idev == NULL)
291                 return -EINVAL;
292
293         write_lock_bh(&idev->lock);
294         if (idev->dead) {
295                 err = -ENODEV;
296                 goto out;
297         }
298
299         for (aca = idev->ac_list; aca; aca = aca->aca_next) {
300                 if (ipv6_addr_equal(&aca->aca_addr, addr)) {
301                         aca->aca_users++;
302                         err = 0;
303                         goto out;
304                 }
305         }
306
307         /*
308          *      not found: create a new one.
309          */
310
311         aca = kmalloc(sizeof(struct ifacaddr6), GFP_ATOMIC);
312
313         if (aca == NULL) {
314                 err = -ENOMEM;
315                 goto out;
316         }
317
318         rt = addrconf_dst_alloc(idev, addr, 1);
319         if (IS_ERR(rt)) {
320                 kfree(aca);
321                 err = PTR_ERR(rt);
322                 goto out;
323         }
324
325         memset(aca, 0, sizeof(struct ifacaddr6));
326
327         ipv6_addr_copy(&aca->aca_addr, addr);
328         aca->aca_idev = idev;
329         aca->aca_rt = rt;
330         aca->aca_users = 1;
331         /* aca_tstamp should be updated upon changes */
332         aca->aca_cstamp = aca->aca_tstamp = jiffies;
333         atomic_set(&aca->aca_refcnt, 2);
334         spin_lock_init(&aca->aca_lock);
335
336         aca->aca_next = idev->ac_list;
337         idev->ac_list = aca;
338         write_unlock_bh(&idev->lock);
339
340         dst_hold(&rt->u.dst);
341         if (ip6_ins_rt(rt, NULL, NULL, NULL))
342                 dst_release(&rt->u.dst);
343
344         addrconf_join_solict(dev, &aca->aca_addr);
345
346         aca_put(aca);
347         return 0;
348 out:
349         write_unlock_bh(&idev->lock);
350         in6_dev_put(idev);
351         return err;
352 }
353
354 /*
355  *      device anycast group decrement
356  */
357 int __ipv6_dev_ac_dec(struct inet6_dev *idev, struct in6_addr *addr)
358 {
359         struct ifacaddr6 *aca, *prev_aca;
360
361         write_lock_bh(&idev->lock);
362         prev_aca = NULL;
363         for (aca = idev->ac_list; aca; aca = aca->aca_next) {
364                 if (ipv6_addr_equal(&aca->aca_addr, addr))
365                         break;
366                 prev_aca = aca;
367         }
368         if (!aca) {
369                 write_unlock_bh(&idev->lock);
370                 return -ENOENT;
371         }
372         if (--aca->aca_users > 0) {
373                 write_unlock_bh(&idev->lock);
374                 return 0;
375         }
376         if (prev_aca)
377                 prev_aca->aca_next = aca->aca_next;
378         else
379                 idev->ac_list = aca->aca_next;
380         write_unlock_bh(&idev->lock);
381         addrconf_leave_solict(idev, &aca->aca_addr);
382
383         dst_hold(&aca->aca_rt->u.dst);
384         if (ip6_del_rt(aca->aca_rt, NULL, NULL, NULL))
385                 dst_free(&aca->aca_rt->u.dst);
386         else
387                 dst_release(&aca->aca_rt->u.dst);
388
389         aca_put(aca);
390         return 0;
391 }
392
393 static int ipv6_dev_ac_dec(struct net_device *dev, struct in6_addr *addr)
394 {
395         int ret;
396         struct inet6_dev *idev = in6_dev_get(dev);
397         if (idev == NULL)
398                 return -ENODEV;
399         ret = __ipv6_dev_ac_dec(idev, addr);
400         in6_dev_put(idev);
401         return ret;
402 }
403         
404 /*
405  *      check if the interface has this anycast address
406  */
407 static int ipv6_chk_acast_dev(struct net_device *dev, struct in6_addr *addr)
408 {
409         struct inet6_dev *idev;
410         struct ifacaddr6 *aca;
411
412         idev = in6_dev_get(dev);
413         if (idev) {
414                 read_lock_bh(&idev->lock);
415                 for (aca = idev->ac_list; aca; aca = aca->aca_next)
416                         if (ipv6_addr_equal(&aca->aca_addr, addr))
417                                 break;
418                 read_unlock_bh(&idev->lock);
419                 in6_dev_put(idev);
420                 return aca != 0;
421         }
422         return 0;
423 }
424
425 /*
426  *      check if given interface (or any, if dev==0) has this anycast address
427  */
428 int ipv6_chk_acast_addr(struct net_device *dev, struct in6_addr *addr)
429 {
430         if (dev)
431                 return ipv6_chk_acast_dev(dev, addr);
432         read_lock(&dev_base_lock);
433         for (dev=dev_base; dev; dev=dev->next)
434                 if (ipv6_chk_acast_dev(dev, addr))
435                         break;
436         read_unlock(&dev_base_lock);
437         return dev != 0;
438 }
439
440
441 #ifdef CONFIG_PROC_FS
442 struct ac6_iter_state {
443         struct net_device *dev;
444         struct inet6_dev *idev;
445 };
446
447 #define ac6_seq_private(seq)    ((struct ac6_iter_state *)(seq)->private)
448
449 static inline struct ifacaddr6 *ac6_get_first(struct seq_file *seq)
450 {
451         struct ifacaddr6 *im = NULL;
452         struct ac6_iter_state *state = ac6_seq_private(seq);
453
454         for (state->dev = dev_base, state->idev = NULL;
455              state->dev;
456              state->dev = state->dev->next) {
457                 struct inet6_dev *idev;
458                 idev = in6_dev_get(state->dev);
459                 if (!idev)
460                         continue;
461                 read_lock_bh(&idev->lock);
462                 im = idev->ac_list;
463                 if (im) {
464                         state->idev = idev;
465                         break;
466                 }
467                 read_unlock_bh(&idev->lock);
468         }
469         return im;
470 }
471
472 static struct ifacaddr6 *ac6_get_next(struct seq_file *seq, struct ifacaddr6 *im)
473 {
474         struct ac6_iter_state *state = ac6_seq_private(seq);
475
476         im = im->aca_next;
477         while (!im) {
478                 if (likely(state->idev != NULL)) {
479                         read_unlock_bh(&state->idev->lock);
480                         in6_dev_put(state->idev);
481                 }
482                 state->dev = state->dev->next;
483                 if (!state->dev) {
484                         state->idev = NULL;
485                         break;
486                 }
487                 state->idev = in6_dev_get(state->dev);
488                 if (!state->idev)
489                         continue;
490                 read_lock_bh(&state->idev->lock);
491                 im = state->idev->ac_list;
492         }
493         return im;
494 }
495
496 static struct ifacaddr6 *ac6_get_idx(struct seq_file *seq, loff_t pos)
497 {
498         struct ifacaddr6 *im = ac6_get_first(seq);
499         if (im)
500                 while (pos && (im = ac6_get_next(seq, im)) != NULL)
501                         --pos;
502         return pos ? NULL : im;
503 }
504
505 static void *ac6_seq_start(struct seq_file *seq, loff_t *pos)
506 {
507         read_lock(&dev_base_lock);
508         return ac6_get_idx(seq, *pos);
509 }
510
511 static void *ac6_seq_next(struct seq_file *seq, void *v, loff_t *pos)
512 {
513         struct ifacaddr6 *im;
514         im = ac6_get_next(seq, v);
515         ++*pos;
516         return im;
517 }
518
519 static void ac6_seq_stop(struct seq_file *seq, void *v)
520 {
521         struct ac6_iter_state *state = ac6_seq_private(seq);
522         if (likely(state->idev != NULL)) {
523                 read_unlock_bh(&state->idev->lock);
524                 in6_dev_put(state->idev);
525         }
526         read_unlock(&dev_base_lock);
527 }
528
529 static int ac6_seq_show(struct seq_file *seq, void *v)
530 {
531         struct ifacaddr6 *im = (struct ifacaddr6 *)v;
532         struct ac6_iter_state *state = ac6_seq_private(seq);
533
534         seq_printf(seq,
535                    "%-4d %-15s " NIP6_SEQFMT " %5d\n",
536                    state->dev->ifindex, state->dev->name,
537                    NIP6(im->aca_addr),
538                    im->aca_users);
539         return 0;
540 }
541
542 static struct seq_operations ac6_seq_ops = {
543         .start  =       ac6_seq_start,
544         .next   =       ac6_seq_next,
545         .stop   =       ac6_seq_stop,
546         .show   =       ac6_seq_show,
547 };
548
549 static int ac6_seq_open(struct inode *inode, struct file *file)
550 {
551         struct seq_file *seq;
552         int rc = -ENOMEM;
553         struct ac6_iter_state *s = kmalloc(sizeof(*s), GFP_KERNEL);
554
555         if (!s)
556                 goto out;
557
558         rc = seq_open(file, &ac6_seq_ops);
559         if (rc)
560                 goto out_kfree;
561
562         seq = file->private_data;
563         seq->private = s;
564         memset(s, 0, sizeof(*s));
565 out:
566         return rc;
567 out_kfree:
568         kfree(s);
569         goto out;
570 }
571
572 static struct file_operations ac6_seq_fops = {
573         .owner          =       THIS_MODULE,
574         .open           =       ac6_seq_open,
575         .read           =       seq_read,
576         .llseek         =       seq_lseek,
577         .release        =       seq_release_private,
578 };
579
580 int __init ac6_proc_init(void)
581 {
582         if (!proc_net_fops_create("anycast6", S_IRUGO, &ac6_seq_fops))
583                 return -ENOMEM;
584
585         return 0;
586 }
587
588 void ac6_proc_exit(void)
589 {
590         proc_net_remove("anycast6");
591 }
592 #endif
593