2 * ip6_flowlabel.c IPv6 flowlabel manager.
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version
7 * 2 of the License, or (at your option) any later version.
9 * Authors: Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>
12 #include <linux/capability.h>
13 #include <linux/errno.h>
14 #include <linux/types.h>
15 #include <linux/socket.h>
16 #include <linux/net.h>
17 #include <linux/netdevice.h>
18 #include <linux/if_arp.h>
19 #include <linux/in6.h>
20 #include <linux/route.h>
21 #include <linux/proc_fs.h>
22 #include <linux/seq_file.h>
24 #include <net/net_namespace.h>
28 #include <net/ndisc.h>
29 #include <net/protocol.h>
30 #include <net/ip6_route.h>
31 #include <net/addrconf.h>
32 #include <net/rawv6.h>
34 #include <net/transp_v6.h>
36 #include <asm/uaccess.h>
38 #define FL_MIN_LINGER 6 /* Minimal linger. It is set to 6sec specified
39 in old IPv6 RFC. Well, it was reasonable value.
41 #define FL_MAX_LINGER 60 /* Maximal linger timeout */
45 #define FL_MAX_PER_SOCK 32
46 #define FL_MAX_SIZE 4096
47 #define FL_HASH_MASK 255
48 #define FL_HASH(l) (ntohl(l)&FL_HASH_MASK)
50 static atomic_t fl_size = ATOMIC_INIT(0);
51 static struct ip6_flowlabel *fl_ht[FL_HASH_MASK+1];
53 static void ip6_fl_gc(unsigned long dummy);
54 static DEFINE_TIMER(ip6_fl_gc_timer, ip6_fl_gc, 0, 0);
56 /* FL hash table lock: it protects only of GC */
58 static DEFINE_RWLOCK(ip6_fl_lock);
62 static DEFINE_RWLOCK(ip6_sk_fl_lock);
65 static __inline__ struct ip6_flowlabel * __fl_lookup(__be32 label)
67 struct ip6_flowlabel *fl;
69 for (fl=fl_ht[FL_HASH(label)]; fl; fl = fl->next) {
70 if (fl->label == label)
76 static struct ip6_flowlabel * fl_lookup(__be32 label)
78 struct ip6_flowlabel *fl;
80 read_lock_bh(&ip6_fl_lock);
81 fl = __fl_lookup(label);
83 atomic_inc(&fl->users);
84 read_unlock_bh(&ip6_fl_lock);
89 static void fl_free(struct ip6_flowlabel *fl)
96 static void fl_release(struct ip6_flowlabel *fl)
98 write_lock_bh(&ip6_fl_lock);
100 fl->lastuse = jiffies;
101 if (atomic_dec_and_test(&fl->users)) {
102 unsigned long ttd = fl->lastuse + fl->linger;
103 if (time_after(ttd, fl->expires))
106 if (fl->opt && fl->share == IPV6_FL_S_EXCL) {
107 struct ipv6_txoptions *opt = fl->opt;
111 if (!timer_pending(&ip6_fl_gc_timer) ||
112 time_after(ip6_fl_gc_timer.expires, ttd))
113 mod_timer(&ip6_fl_gc_timer, ttd);
116 write_unlock_bh(&ip6_fl_lock);
119 static void ip6_fl_gc(unsigned long dummy)
122 unsigned long now = jiffies;
123 unsigned long sched = 0;
125 write_lock(&ip6_fl_lock);
127 for (i=0; i<=FL_HASH_MASK; i++) {
128 struct ip6_flowlabel *fl, **flp;
130 while ((fl=*flp) != NULL) {
131 if (atomic_read(&fl->users) == 0) {
132 unsigned long ttd = fl->lastuse + fl->linger;
133 if (time_after(ttd, fl->expires))
136 if (time_after_eq(now, ttd)) {
139 atomic_dec(&fl_size);
142 if (!sched || time_before(ttd, sched))
148 if (!sched && atomic_read(&fl_size))
149 sched = now + FL_MAX_LINGER;
151 ip6_fl_gc_timer.expires = sched;
152 add_timer(&ip6_fl_gc_timer);
154 write_unlock(&ip6_fl_lock);
157 static int fl_intern(struct ip6_flowlabel *fl, __be32 label)
159 fl->label = label & IPV6_FLOWLABEL_MASK;
161 write_lock_bh(&ip6_fl_lock);
164 fl->label = htonl(net_random())&IPV6_FLOWLABEL_MASK;
166 struct ip6_flowlabel *lfl;
167 lfl = __fl_lookup(fl->label);
174 fl->lastuse = jiffies;
175 fl->next = fl_ht[FL_HASH(fl->label)];
176 fl_ht[FL_HASH(fl->label)] = fl;
177 atomic_inc(&fl_size);
178 write_unlock_bh(&ip6_fl_lock);
184 /* Socket flowlabel lists */
186 struct ip6_flowlabel * fl6_sock_lookup(struct sock *sk, __be32 label)
188 struct ipv6_fl_socklist *sfl;
189 struct ipv6_pinfo *np = inet6_sk(sk);
191 label &= IPV6_FLOWLABEL_MASK;
193 for (sfl=np->ipv6_fl_list; sfl; sfl = sfl->next) {
194 struct ip6_flowlabel *fl = sfl->fl;
195 if (fl->label == label) {
196 fl->lastuse = jiffies;
197 atomic_inc(&fl->users);
204 EXPORT_SYMBOL_GPL(fl6_sock_lookup);
206 void fl6_free_socklist(struct sock *sk)
208 struct ipv6_pinfo *np = inet6_sk(sk);
209 struct ipv6_fl_socklist *sfl;
211 while ((sfl = np->ipv6_fl_list) != NULL) {
212 np->ipv6_fl_list = sfl->next;
218 /* Service routines */
222 It is the only difficult place. flowlabel enforces equal headers
223 before and including routing header, however user may supply options
227 struct ipv6_txoptions *fl6_merge_options(struct ipv6_txoptions * opt_space,
228 struct ip6_flowlabel * fl,
229 struct ipv6_txoptions * fopt)
231 struct ipv6_txoptions * fl_opt = fl->opt;
233 if (fopt == NULL || fopt->opt_flen == 0)
236 if (fl_opt != NULL) {
237 opt_space->hopopt = fl_opt->hopopt;
238 opt_space->dst0opt = fl_opt->dst0opt;
239 opt_space->srcrt = fl_opt->srcrt;
240 opt_space->opt_nflen = fl_opt->opt_nflen;
242 if (fopt->opt_nflen == 0)
244 opt_space->hopopt = NULL;
245 opt_space->dst0opt = NULL;
246 opt_space->srcrt = NULL;
247 opt_space->opt_nflen = 0;
249 opt_space->dst1opt = fopt->dst1opt;
250 opt_space->opt_flen = fopt->opt_flen;
254 static unsigned long check_linger(unsigned long ttl)
256 if (ttl < FL_MIN_LINGER)
257 return FL_MIN_LINGER*HZ;
258 if (ttl > FL_MAX_LINGER && !capable(CAP_NET_ADMIN))
263 static int fl6_renew(struct ip6_flowlabel *fl, unsigned long linger, unsigned long expires)
265 linger = check_linger(linger);
268 expires = check_linger(expires);
271 fl->lastuse = jiffies;
272 if (time_before(fl->linger, linger))
274 if (time_before(expires, fl->linger))
275 expires = fl->linger;
276 if (time_before(fl->expires, fl->lastuse + expires))
277 fl->expires = fl->lastuse + expires;
281 static struct ip6_flowlabel *
282 fl_create(struct in6_flowlabel_req *freq, char __user *optval, int optlen, int *err_p)
284 struct ip6_flowlabel *fl;
290 fl = kzalloc(sizeof(*fl), GFP_KERNEL);
294 olen = optlen - CMSG_ALIGN(sizeof(*freq));
301 fl->opt = kmalloc(sizeof(*fl->opt) + olen, GFP_KERNEL);
305 memset(fl->opt, 0, sizeof(*fl->opt));
306 fl->opt->tot_len = sizeof(*fl->opt) + olen;
308 if (copy_from_user(fl->opt+1, optval+CMSG_ALIGN(sizeof(*freq)), olen))
311 msg.msg_controllen = olen;
312 msg.msg_control = (void*)(fl->opt+1);
315 err = datagram_send_ctl(&msg, &flowi, fl->opt, &junk, &junk);
319 if (fl->opt->opt_flen)
321 if (fl->opt->opt_nflen == 0) {
327 fl->expires = jiffies;
328 err = fl6_renew(fl, freq->flr_linger, freq->flr_expires);
331 fl->share = freq->flr_share;
332 addr_type = ipv6_addr_type(&freq->flr_dst);
333 if ((addr_type&IPV6_ADDR_MAPPED)
334 || addr_type == IPV6_ADDR_ANY) {
338 ipv6_addr_copy(&fl->dst, &freq->flr_dst);
339 atomic_set(&fl->users, 1);
344 case IPV6_FL_S_PROCESS:
345 fl->owner = current->pid;
348 fl->owner = current->euid;
362 static int mem_check(struct sock *sk)
364 struct ipv6_pinfo *np = inet6_sk(sk);
365 struct ipv6_fl_socklist *sfl;
366 int room = FL_MAX_SIZE - atomic_read(&fl_size);
369 if (room > FL_MAX_SIZE - FL_MAX_PER_SOCK)
372 for (sfl = np->ipv6_fl_list; sfl; sfl = sfl->next)
376 ((count >= FL_MAX_PER_SOCK ||
377 (count > 0 && room < FL_MAX_SIZE/2) || room < FL_MAX_SIZE/4)
378 && !capable(CAP_NET_ADMIN)))
384 static int ipv6_hdr_cmp(struct ipv6_opt_hdr *h1, struct ipv6_opt_hdr *h2)
388 if (h1 == NULL || h2 == NULL)
390 if (h1->hdrlen != h2->hdrlen)
392 return memcmp(h1+1, h2+1, ((h1->hdrlen+1)<<3) - sizeof(*h1));
395 static int ipv6_opt_cmp(struct ipv6_txoptions *o1, struct ipv6_txoptions *o2)
399 if (o1 == NULL || o2 == NULL)
401 if (o1->opt_nflen != o2->opt_nflen)
403 if (ipv6_hdr_cmp(o1->hopopt, o2->hopopt))
405 if (ipv6_hdr_cmp(o1->dst0opt, o2->dst0opt))
407 if (ipv6_hdr_cmp((struct ipv6_opt_hdr *)o1->srcrt, (struct ipv6_opt_hdr *)o2->srcrt))
412 int ipv6_flowlabel_opt(struct sock *sk, char __user *optval, int optlen)
415 struct ipv6_pinfo *np = inet6_sk(sk);
416 struct in6_flowlabel_req freq;
417 struct ipv6_fl_socklist *sfl1=NULL;
418 struct ipv6_fl_socklist *sfl, **sflp;
419 struct ip6_flowlabel *fl;
421 if (optlen < sizeof(freq))
424 if (copy_from_user(&freq, optval, sizeof(freq)))
427 switch (freq.flr_action) {
429 write_lock_bh(&ip6_sk_fl_lock);
430 for (sflp = &np->ipv6_fl_list; (sfl=*sflp)!=NULL; sflp = &sfl->next) {
431 if (sfl->fl->label == freq.flr_label) {
432 if (freq.flr_label == (np->flow_label&IPV6_FLOWLABEL_MASK))
433 np->flow_label &= ~IPV6_FLOWLABEL_MASK;
435 write_unlock_bh(&ip6_sk_fl_lock);
441 write_unlock_bh(&ip6_sk_fl_lock);
444 case IPV6_FL_A_RENEW:
445 read_lock_bh(&ip6_sk_fl_lock);
446 for (sfl = np->ipv6_fl_list; sfl; sfl = sfl->next) {
447 if (sfl->fl->label == freq.flr_label) {
448 err = fl6_renew(sfl->fl, freq.flr_linger, freq.flr_expires);
449 read_unlock_bh(&ip6_sk_fl_lock);
453 read_unlock_bh(&ip6_sk_fl_lock);
455 if (freq.flr_share == IPV6_FL_S_NONE && capable(CAP_NET_ADMIN)) {
456 fl = fl_lookup(freq.flr_label);
458 err = fl6_renew(fl, freq.flr_linger, freq.flr_expires);
466 if (freq.flr_label & ~IPV6_FLOWLABEL_MASK)
469 fl = fl_create(&freq, optval, optlen, &err);
472 sfl1 = kmalloc(sizeof(*sfl1), GFP_KERNEL);
474 if (freq.flr_label) {
475 struct ip6_flowlabel *fl1 = NULL;
478 read_lock_bh(&ip6_sk_fl_lock);
479 for (sfl = np->ipv6_fl_list; sfl; sfl = sfl->next) {
480 if (sfl->fl->label == freq.flr_label) {
481 if (freq.flr_flags&IPV6_FL_F_EXCL) {
482 read_unlock_bh(&ip6_sk_fl_lock);
486 atomic_inc(&fl1->users);
490 read_unlock_bh(&ip6_sk_fl_lock);
493 fl1 = fl_lookup(freq.flr_label);
496 if (freq.flr_flags&IPV6_FL_F_EXCL)
499 if (fl1->share == IPV6_FL_S_EXCL ||
500 fl1->share != fl->share ||
501 fl1->owner != fl->owner)
505 if (!ipv6_addr_equal(&fl1->dst, &fl->dst) ||
506 ipv6_opt_cmp(fl1->opt, fl->opt))
512 if (fl->linger > fl1->linger)
513 fl1->linger = fl->linger;
514 if ((long)(fl->expires - fl1->expires) > 0)
515 fl1->expires = fl->expires;
516 write_lock_bh(&ip6_sk_fl_lock);
518 sfl1->next = np->ipv6_fl_list;
519 np->ipv6_fl_list = sfl1;
520 write_unlock_bh(&ip6_sk_fl_lock);
530 if (!(freq.flr_flags&IPV6_FL_F_CREATE))
534 if (sfl1 == NULL || (err = mem_check(sk)) != 0)
537 err = fl_intern(fl, freq.flr_label);
541 if (!freq.flr_label) {
542 if (copy_to_user(&((struct in6_flowlabel_req __user *) optval)->flr_label,
543 &fl->label, sizeof(fl->label))) {
544 /* Intentionally ignore fault. */
549 sfl1->next = np->ipv6_fl_list;
550 np->ipv6_fl_list = sfl1;
563 #ifdef CONFIG_PROC_FS
565 struct ip6fl_iter_state {
569 #define ip6fl_seq_private(seq) ((struct ip6fl_iter_state *)(seq)->private)
571 static struct ip6_flowlabel *ip6fl_get_first(struct seq_file *seq)
573 struct ip6_flowlabel *fl = NULL;
574 struct ip6fl_iter_state *state = ip6fl_seq_private(seq);
576 for (state->bucket = 0; state->bucket <= FL_HASH_MASK; ++state->bucket) {
577 if (fl_ht[state->bucket]) {
578 fl = fl_ht[state->bucket];
585 static struct ip6_flowlabel *ip6fl_get_next(struct seq_file *seq, struct ip6_flowlabel *fl)
587 struct ip6fl_iter_state *state = ip6fl_seq_private(seq);
591 if (++state->bucket <= FL_HASH_MASK)
592 fl = fl_ht[state->bucket];
599 static struct ip6_flowlabel *ip6fl_get_idx(struct seq_file *seq, loff_t pos)
601 struct ip6_flowlabel *fl = ip6fl_get_first(seq);
603 while (pos && (fl = ip6fl_get_next(seq, fl)) != NULL)
605 return pos ? NULL : fl;
608 static void *ip6fl_seq_start(struct seq_file *seq, loff_t *pos)
610 read_lock_bh(&ip6_fl_lock);
611 return *pos ? ip6fl_get_idx(seq, *pos - 1) : SEQ_START_TOKEN;
614 static void *ip6fl_seq_next(struct seq_file *seq, void *v, loff_t *pos)
616 struct ip6_flowlabel *fl;
618 if (v == SEQ_START_TOKEN)
619 fl = ip6fl_get_first(seq);
621 fl = ip6fl_get_next(seq, v);
626 static void ip6fl_seq_stop(struct seq_file *seq, void *v)
628 read_unlock_bh(&ip6_fl_lock);
631 static int ip6fl_seq_show(struct seq_file *seq, void *v)
633 if (v == SEQ_START_TOKEN)
634 seq_printf(seq, "%-5s %-1s %-6s %-6s %-6s %-8s %-32s %s\n",
635 "Label", "S", "Owner", "Users", "Linger", "Expires", "Dst", "Opt");
637 struct ip6_flowlabel *fl = v;
639 "%05X %-1d %-6d %-6d %-6ld %-8ld " NIP6_SEQFMT " %-4d\n",
640 (unsigned)ntohl(fl->label),
643 atomic_read(&fl->users),
645 (long)(fl->expires - jiffies)/HZ,
647 fl->opt ? fl->opt->opt_nflen : 0);
652 static const struct seq_operations ip6fl_seq_ops = {
653 .start = ip6fl_seq_start,
654 .next = ip6fl_seq_next,
655 .stop = ip6fl_seq_stop,
656 .show = ip6fl_seq_show,
659 static int ip6fl_seq_open(struct inode *inode, struct file *file)
661 return seq_open_private(file, &ip6fl_seq_ops,
662 sizeof(struct ip6fl_iter_state));
665 static const struct file_operations ip6fl_seq_fops = {
666 .owner = THIS_MODULE,
667 .open = ip6fl_seq_open,
670 .release = seq_release_private,
675 void ip6_flowlabel_init(void)
677 #ifdef CONFIG_PROC_FS
678 proc_net_fops_create(&init_net, "ip6_flowlabel", S_IRUGO, &ip6fl_seq_fops);
682 void ip6_flowlabel_cleanup(void)
684 del_timer(&ip6_fl_gc_timer);
685 #ifdef CONFIG_PROC_FS
686 proc_net_remove(&init_net, "ip6_flowlabel");
git://ftp.safe.ca / safe / jmp / linux-2.6 / blob