netns: ebtable: allow unprivileged users to operate ebtables
[linux-3.10.git] / net / bridge / br_mdb.c
1 #include <linux/err.h>
2 #include <linux/igmp.h>
3 #include <linux/kernel.h>
4 #include <linux/netdevice.h>
5 #include <linux/rculist.h>
6 #include <linux/skbuff.h>
7 #include <linux/if_ether.h>
8 #include <net/ip.h>
9 #include <net/netlink.h>
10 #if IS_ENABLED(CONFIG_IPV6)
11 #include <net/ipv6.h>
12 #endif
13
14 #include "br_private.h"
15
16 static int br_rports_fill_info(struct sk_buff *skb, struct netlink_callback *cb,
17                                struct net_device *dev)
18 {
19         struct net_bridge *br = netdev_priv(dev);
20         struct net_bridge_port *p;
21         struct hlist_node *n;
22         struct nlattr *nest;
23
24         if (!br->multicast_router || hlist_empty(&br->router_list))
25                 return 0;
26
27         nest = nla_nest_start(skb, MDBA_ROUTER);
28         if (nest == NULL)
29                 return -EMSGSIZE;
30
31         hlist_for_each_entry_rcu(p, n, &br->router_list, rlist) {
32                 if (p && nla_put_u32(skb, MDBA_ROUTER_PORT, p->dev->ifindex))
33                         goto fail;
34         }
35
36         nla_nest_end(skb, nest);
37         return 0;
38 fail:
39         nla_nest_cancel(skb, nest);
40         return -EMSGSIZE;
41 }
42
43 static int br_mdb_fill_info(struct sk_buff *skb, struct netlink_callback *cb,
44                             struct net_device *dev)
45 {
46         struct net_bridge *br = netdev_priv(dev);
47         struct net_bridge_mdb_htable *mdb;
48         struct nlattr *nest, *nest2;
49         int i, err = 0;
50         int idx = 0, s_idx = cb->args[1];
51
52         if (br->multicast_disabled)
53                 return 0;
54
55         mdb = rcu_dereference(br->mdb);
56         if (!mdb)
57                 return 0;
58
59         nest = nla_nest_start(skb, MDBA_MDB);
60         if (nest == NULL)
61                 return -EMSGSIZE;
62
63         for (i = 0; i < mdb->max; i++) {
64                 struct hlist_node *h;
65                 struct net_bridge_mdb_entry *mp;
66                 struct net_bridge_port_group *p, **pp;
67                 struct net_bridge_port *port;
68
69                 hlist_for_each_entry_rcu(mp, h, &mdb->mhash[i], hlist[mdb->ver]) {
70                         if (idx < s_idx)
71                                 goto skip;
72
73                         nest2 = nla_nest_start(skb, MDBA_MDB_ENTRY);
74                         if (nest2 == NULL) {
75                                 err = -EMSGSIZE;
76                                 goto out;
77                         }
78
79                         for (pp = &mp->ports;
80                              (p = rcu_dereference(*pp)) != NULL;
81                               pp = &p->next) {
82                                 port = p->port;
83                                 if (port) {
84                                         struct br_mdb_entry e;
85                                         e.ifindex = port->dev->ifindex;
86                                         e.state = p->state;
87                                         if (p->addr.proto == htons(ETH_P_IP))
88                                                 e.addr.u.ip4 = p->addr.u.ip4;
89 #if IS_ENABLED(CONFIG_IPV6)
90                                         if (p->addr.proto == htons(ETH_P_IPV6))
91                                                 e.addr.u.ip6 = p->addr.u.ip6;
92 #endif
93                                         e.addr.proto = p->addr.proto;
94                                         if (nla_put(skb, MDBA_MDB_ENTRY_INFO, sizeof(e), &e)) {
95                                                 nla_nest_cancel(skb, nest2);
96                                                 err = -EMSGSIZE;
97                                                 goto out;
98                                         }
99                                 }
100                         }
101                         nla_nest_end(skb, nest2);
102                 skip:
103                         idx++;
104                 }
105         }
106
107 out:
108         cb->args[1] = idx;
109         nla_nest_end(skb, nest);
110         return err;
111 }
112
113 static int br_mdb_dump(struct sk_buff *skb, struct netlink_callback *cb)
114 {
115         struct net_device *dev;
116         struct net *net = sock_net(skb->sk);
117         struct nlmsghdr *nlh = NULL;
118         int idx = 0, s_idx;
119
120         s_idx = cb->args[0];
121
122         rcu_read_lock();
123
124         /* In theory this could be wrapped to 0... */
125         cb->seq = net->dev_base_seq + br_mdb_rehash_seq;
126
127         for_each_netdev_rcu(net, dev) {
128                 if (dev->priv_flags & IFF_EBRIDGE) {
129                         struct br_port_msg *bpm;
130
131                         if (idx < s_idx)
132                                 goto skip;
133
134                         nlh = nlmsg_put(skb, NETLINK_CB(cb->skb).portid,
135                                         cb->nlh->nlmsg_seq, RTM_GETMDB,
136                                         sizeof(*bpm), NLM_F_MULTI);
137                         if (nlh == NULL)
138                                 break;
139
140                         bpm = nlmsg_data(nlh);
141                         bpm->ifindex = dev->ifindex;
142                         if (br_mdb_fill_info(skb, cb, dev) < 0)
143                                 goto out;
144                         if (br_rports_fill_info(skb, cb, dev) < 0)
145                                 goto out;
146
147                         cb->args[1] = 0;
148                         nlmsg_end(skb, nlh);
149                 skip:
150                         idx++;
151                 }
152         }
153
154 out:
155         if (nlh)
156                 nlmsg_end(skb, nlh);
157         rcu_read_unlock();
158         cb->args[0] = idx;
159         return skb->len;
160 }
161
162 static int nlmsg_populate_mdb_fill(struct sk_buff *skb,
163                                    struct net_device *dev,
164                                    struct br_mdb_entry *entry, u32 pid,
165                                    u32 seq, int type, unsigned int flags)
166 {
167         struct nlmsghdr *nlh;
168         struct br_port_msg *bpm;
169         struct nlattr *nest, *nest2;
170
171         nlh = nlmsg_put(skb, pid, seq, type, sizeof(*bpm), NLM_F_MULTI);
172         if (!nlh)
173                 return -EMSGSIZE;
174
175         bpm = nlmsg_data(nlh);
176         bpm->family  = AF_BRIDGE;
177         bpm->ifindex = dev->ifindex;
178         nest = nla_nest_start(skb, MDBA_MDB);
179         if (nest == NULL)
180                 goto cancel;
181         nest2 = nla_nest_start(skb, MDBA_MDB_ENTRY);
182         if (nest2 == NULL)
183                 goto end;
184
185         if (nla_put(skb, MDBA_MDB_ENTRY_INFO, sizeof(*entry), entry))
186                 goto end;
187
188         nla_nest_end(skb, nest2);
189         nla_nest_end(skb, nest);
190         return nlmsg_end(skb, nlh);
191
192 end:
193         nla_nest_end(skb, nest);
194 cancel:
195         nlmsg_cancel(skb, nlh);
196         return -EMSGSIZE;
197 }
198
199 static inline size_t rtnl_mdb_nlmsg_size(void)
200 {
201         return NLMSG_ALIGN(sizeof(struct br_port_msg))
202                 + nla_total_size(sizeof(struct br_mdb_entry));
203 }
204
205 static void __br_mdb_notify(struct net_device *dev, struct br_mdb_entry *entry,
206                             int type)
207 {
208         struct net *net = dev_net(dev);
209         struct sk_buff *skb;
210         int err = -ENOBUFS;
211
212         skb = nlmsg_new(rtnl_mdb_nlmsg_size(), GFP_ATOMIC);
213         if (!skb)
214                 goto errout;
215
216         err = nlmsg_populate_mdb_fill(skb, dev, entry, 0, 0, type, NTF_SELF);
217         if (err < 0) {
218                 kfree_skb(skb);
219                 goto errout;
220         }
221
222         rtnl_notify(skb, net, 0, RTNLGRP_MDB, NULL, GFP_ATOMIC);
223         return;
224 errout:
225         rtnl_set_sk_err(net, RTNLGRP_MDB, err);
226 }
227
228 void br_mdb_notify(struct net_device *dev, struct net_bridge_port *port,
229                    struct br_ip *group, int type)
230 {
231         struct br_mdb_entry entry;
232
233         entry.ifindex = port->dev->ifindex;
234         entry.addr.proto = group->proto;
235         entry.addr.u.ip4 = group->u.ip4;
236 #if IS_ENABLED(CONFIG_IPV6)
237         entry.addr.u.ip6 = group->u.ip6;
238 #endif
239         __br_mdb_notify(dev, &entry, type);
240 }
241
242 static bool is_valid_mdb_entry(struct br_mdb_entry *entry)
243 {
244         if (entry->ifindex == 0)
245                 return false;
246
247         if (entry->addr.proto == htons(ETH_P_IP)) {
248                 if (!ipv4_is_multicast(entry->addr.u.ip4))
249                         return false;
250                 if (ipv4_is_local_multicast(entry->addr.u.ip4))
251                         return false;
252 #if IS_ENABLED(CONFIG_IPV6)
253         } else if (entry->addr.proto == htons(ETH_P_IPV6)) {
254                 if (!ipv6_is_transient_multicast(&entry->addr.u.ip6))
255                         return false;
256 #endif
257         } else
258                 return false;
259         if (entry->state != MDB_PERMANENT && entry->state != MDB_TEMPORARY)
260                 return false;
261
262         return true;
263 }
264
265 static int br_mdb_parse(struct sk_buff *skb, struct nlmsghdr *nlh,
266                         struct net_device **pdev, struct br_mdb_entry **pentry)
267 {
268         struct net *net = sock_net(skb->sk);
269         struct br_mdb_entry *entry;
270         struct br_port_msg *bpm;
271         struct nlattr *tb[MDBA_SET_ENTRY_MAX+1];
272         struct net_device *dev;
273         int err;
274
275         if (!capable(CAP_NET_ADMIN))
276                 return -EPERM;
277
278         err = nlmsg_parse(nlh, sizeof(*bpm), tb, MDBA_SET_ENTRY, NULL);
279         if (err < 0)
280                 return err;
281
282         bpm = nlmsg_data(nlh);
283         if (bpm->ifindex == 0) {
284                 pr_info("PF_BRIDGE: br_mdb_parse() with invalid ifindex\n");
285                 return -EINVAL;
286         }
287
288         dev = __dev_get_by_index(net, bpm->ifindex);
289         if (dev == NULL) {
290                 pr_info("PF_BRIDGE: br_mdb_parse() with unknown ifindex\n");
291                 return -ENODEV;
292         }
293
294         if (!(dev->priv_flags & IFF_EBRIDGE)) {
295                 pr_info("PF_BRIDGE: br_mdb_parse() with non-bridge\n");
296                 return -EOPNOTSUPP;
297         }
298
299         *pdev = dev;
300
301         if (!tb[MDBA_SET_ENTRY] ||
302             nla_len(tb[MDBA_SET_ENTRY]) != sizeof(struct br_mdb_entry)) {
303                 pr_info("PF_BRIDGE: br_mdb_parse() with invalid attr\n");
304                 return -EINVAL;
305         }
306
307         entry = nla_data(tb[MDBA_SET_ENTRY]);
308         if (!is_valid_mdb_entry(entry)) {
309                 pr_info("PF_BRIDGE: br_mdb_parse() with invalid entry\n");
310                 return -EINVAL;
311         }
312
313         *pentry = entry;
314         return 0;
315 }
316
317 static int br_mdb_add_group(struct net_bridge *br, struct net_bridge_port *port,
318                             struct br_ip *group, unsigned char state)
319 {
320         struct net_bridge_mdb_entry *mp;
321         struct net_bridge_port_group *p;
322         struct net_bridge_port_group __rcu **pp;
323         struct net_bridge_mdb_htable *mdb;
324         int err;
325
326         mdb = mlock_dereference(br->mdb, br);
327         mp = br_mdb_ip_get(mdb, group);
328         if (!mp) {
329                 mp = br_multicast_new_group(br, port, group);
330                 err = PTR_ERR(mp);
331                 if (IS_ERR(mp))
332                         return err;
333         }
334
335         for (pp = &mp->ports;
336              (p = mlock_dereference(*pp, br)) != NULL;
337              pp = &p->next) {
338                 if (p->port == port)
339                         return -EEXIST;
340                 if ((unsigned long)p->port < (unsigned long)port)
341                         break;
342         }
343
344         p = br_multicast_new_port_group(port, group, *pp, state);
345         if (unlikely(!p))
346                 return -ENOMEM;
347         rcu_assign_pointer(*pp, p);
348
349         br_mdb_notify(br->dev, port, group, RTM_NEWMDB);
350         return 0;
351 }
352
353 static int __br_mdb_add(struct net *net, struct net_bridge *br,
354                         struct br_mdb_entry *entry)
355 {
356         struct br_ip ip;
357         struct net_device *dev;
358         struct net_bridge_port *p;
359         int ret;
360
361         if (!netif_running(br->dev) || br->multicast_disabled)
362                 return -EINVAL;
363
364         dev = __dev_get_by_index(net, entry->ifindex);
365         if (!dev)
366                 return -ENODEV;
367
368         p = br_port_get_rtnl(dev);
369         if (!p || p->br != br || p->state == BR_STATE_DISABLED)
370                 return -EINVAL;
371
372         ip.proto = entry->addr.proto;
373         if (ip.proto == htons(ETH_P_IP))
374                 ip.u.ip4 = entry->addr.u.ip4;
375 #if IS_ENABLED(CONFIG_IPV6)
376         else
377                 ip.u.ip6 = entry->addr.u.ip6;
378 #endif
379
380         spin_lock_bh(&br->multicast_lock);
381         ret = br_mdb_add_group(br, p, &ip, entry->state);
382         spin_unlock_bh(&br->multicast_lock);
383         return ret;
384 }
385
386 static int br_mdb_add(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg)
387 {
388         struct net *net = sock_net(skb->sk);
389         struct br_mdb_entry *entry;
390         struct net_device *dev;
391         struct net_bridge *br;
392         int err;
393
394         err = br_mdb_parse(skb, nlh, &dev, &entry);
395         if (err < 0)
396                 return err;
397
398         br = netdev_priv(dev);
399
400         err = __br_mdb_add(net, br, entry);
401         if (!err)
402                 __br_mdb_notify(dev, entry, RTM_NEWMDB);
403         return err;
404 }
405
406 static int __br_mdb_del(struct net_bridge *br, struct br_mdb_entry *entry)
407 {
408         struct net_bridge_mdb_htable *mdb;
409         struct net_bridge_mdb_entry *mp;
410         struct net_bridge_port_group *p;
411         struct net_bridge_port_group __rcu **pp;
412         struct br_ip ip;
413         int err = -EINVAL;
414
415         if (!netif_running(br->dev) || br->multicast_disabled)
416                 return -EINVAL;
417
418         if (timer_pending(&br->multicast_querier_timer))
419                 return -EBUSY;
420
421         ip.proto = entry->addr.proto;
422         if (ip.proto == htons(ETH_P_IP))
423                 ip.u.ip4 = entry->addr.u.ip4;
424 #if IS_ENABLED(CONFIG_IPV6)
425         else
426                 ip.u.ip6 = entry->addr.u.ip6;
427 #endif
428
429         spin_lock_bh(&br->multicast_lock);
430         mdb = mlock_dereference(br->mdb, br);
431
432         mp = br_mdb_ip_get(mdb, &ip);
433         if (!mp)
434                 goto unlock;
435
436         for (pp = &mp->ports;
437              (p = mlock_dereference(*pp, br)) != NULL;
438              pp = &p->next) {
439                 if (!p->port || p->port->dev->ifindex != entry->ifindex)
440                         continue;
441
442                 if (p->port->state == BR_STATE_DISABLED)
443                         goto unlock;
444
445                 rcu_assign_pointer(*pp, p->next);
446                 hlist_del_init(&p->mglist);
447                 del_timer(&p->timer);
448                 call_rcu_bh(&p->rcu, br_multicast_free_pg);
449                 err = 0;
450
451                 if (!mp->ports && !mp->mglist &&
452                     netif_running(br->dev))
453                         mod_timer(&mp->timer, jiffies);
454                 break;
455         }
456
457 unlock:
458         spin_unlock_bh(&br->multicast_lock);
459         return err;
460 }
461
462 static int br_mdb_del(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg)
463 {
464         struct net_device *dev;
465         struct br_mdb_entry *entry;
466         struct net_bridge *br;
467         int err;
468
469         err = br_mdb_parse(skb, nlh, &dev, &entry);
470         if (err < 0)
471                 return err;
472
473         br = netdev_priv(dev);
474
475         err = __br_mdb_del(br, entry);
476         if (!err)
477                 __br_mdb_notify(dev, entry, RTM_DELMDB);
478         return err;
479 }
480
481 void br_mdb_init(void)
482 {
483         rtnl_register(PF_BRIDGE, RTM_GETMDB, NULL, br_mdb_dump, NULL);
484         rtnl_register(PF_BRIDGE, RTM_NEWMDB, br_mdb_add, NULL, NULL);
485         rtnl_register(PF_BRIDGE, RTM_DELMDB, br_mdb_del, NULL, NULL);
486 }
487
488 void br_mdb_uninit(void)
489 {
490         rtnl_unregister(PF_BRIDGE, RTM_GETMDB);
491         rtnl_unregister(PF_BRIDGE, RTM_NEWMDB);
492         rtnl_unregister(PF_BRIDGE, RTM_DELMDB);
493 }