aboutsummaryrefslogtreecommitdiffstats
path: root/net/ipv6
diff options
context:
space:
mode:
Diffstat (limited to 'net/ipv6')
-rw-r--r--net/ipv6/Kconfig41
-rw-r--r--net/ipv6/Makefile3
-rw-r--r--net/ipv6/addrconf.c784
-rw-r--r--net/ipv6/addrlabel.c25
-rw-r--r--net/ipv6/af_inet6.c227
-rw-r--r--net/ipv6/anycast.c63
-rw-r--r--net/ipv6/fib6_rules.c113
-rw-r--r--net/ipv6/icmp.c145
-rw-r--r--net/ipv6/inet6_connection_sock.c4
-rw-r--r--net/ipv6/inet6_hashtables.c10
-rw-r--r--net/ipv6/ip6_fib.c298
-rw-r--r--net/ipv6/ip6_flowlabel.c101
-rw-r--r--net/ipv6/ip6_input.c98
-rw-r--r--net/ipv6/ip6_output.c40
-rw-r--r--net/ipv6/ip6_tunnel.c228
-rw-r--r--net/ipv6/ip6mr.c1643
-rw-r--r--net/ipv6/ipv6_sockglue.c365
-rw-r--r--net/ipv6/mcast.c272
-rw-r--r--net/ipv6/mip6.c24
-rw-r--r--net/ipv6/ndisc.c237
-rw-r--r--net/ipv6/netfilter.c46
-rw-r--r--net/ipv6/netfilter/ip6_queue.c2
-rw-r--r--net/ipv6/netfilter/ip6_tables.c51
-rw-r--r--net/ipv6/netfilter/ip6t_LOG.c6
-rw-r--r--net/ipv6/netfilter/ip6t_REJECT.c7
-rw-r--r--net/ipv6/netfilter/ip6t_ipv6header.c3
-rw-r--r--net/ipv6/netfilter/ip6t_rt.c3
-rw-r--r--net/ipv6/netfilter/ip6table_filter.c2
-rw-r--r--net/ipv6/netfilter/ip6table_mangle.c2
-rw-r--r--net/ipv6/netfilter/ip6table_raw.c2
-rw-r--r--net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c14
-rw-r--r--net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c29
-rw-r--r--net/ipv6/netfilter/nf_conntrack_reasm.c23
-rw-r--r--net/ipv6/proc.c73
-rw-r--r--net/ipv6/raw.c67
-rw-r--r--net/ipv6/reassembly.c19
-rw-r--r--net/ipv6/route.c640
-rw-r--r--net/ipv6/sit.c456
-rw-r--r--net/ipv6/syncookies.c279
-rw-r--r--net/ipv6/sysctl_net_ipv6.c15
-rw-r--r--net/ipv6/tcp_ipv6.c199
-rw-r--r--net/ipv6/udp.c44
-rw-r--r--net/ipv6/udp_impl.h2
-rw-r--r--net/ipv6/udplite.c40
-rw-r--r--net/ipv6/xfrm6_input.c55
-rw-r--r--net/ipv6/xfrm6_policy.c9
-rw-r--r--net/ipv6/xfrm6_state.c171
-rw-r--r--net/ipv6/xfrm6_tunnel.c45
48 files changed, 5063 insertions, 1962 deletions
diff --git a/net/ipv6/Kconfig b/net/ipv6/Kconfig
index 47263e45bacb..42814a2ec9d7 100644
--- a/net/ipv6/Kconfig
+++ b/net/ipv6/Kconfig
@@ -3,7 +3,7 @@
3# 3#
4 4
5# IPv6 as module will cause a CRASH if you try to unload it 5# IPv6 as module will cause a CRASH if you try to unload it
6config IPV6 6menuconfig IPV6
7 tristate "The IPv6 protocol" 7 tristate "The IPv6 protocol"
8 default m 8 default m
9 ---help--- 9 ---help---
@@ -19,9 +19,10 @@ config IPV6
19 To compile this protocol support as a module, choose M here: the 19 To compile this protocol support as a module, choose M here: the
20 module will be called ipv6. 20 module will be called ipv6.
21 21
22if IPV6
23
22config IPV6_PRIVACY 24config IPV6_PRIVACY
23 bool "IPv6: Privacy Extensions support" 25 bool "IPv6: Privacy Extensions support"
24 depends on IPV6
25 ---help--- 26 ---help---
26 Privacy Extensions for Stateless Address Autoconfiguration in IPv6 27 Privacy Extensions for Stateless Address Autoconfiguration in IPv6
27 support. With this option, additional periodically-alter 28 support. With this option, additional periodically-alter
@@ -40,7 +41,6 @@ config IPV6_PRIVACY
40 41
41config IPV6_ROUTER_PREF 42config IPV6_ROUTER_PREF
42 bool "IPv6: Router Preference (RFC 4191) support" 43 bool "IPv6: Router Preference (RFC 4191) support"
43 depends on IPV6
44 ---help--- 44 ---help---
45 Router Preference is an optional extension to the Router 45 Router Preference is an optional extension to the Router
46 Advertisement message to improve the ability of hosts 46 Advertisement message to improve the ability of hosts
@@ -59,7 +59,7 @@ config IPV6_ROUTE_INFO
59 59
60config IPV6_OPTIMISTIC_DAD 60config IPV6_OPTIMISTIC_DAD
61 bool "IPv6: Enable RFC 4429 Optimistic DAD (EXPERIMENTAL)" 61 bool "IPv6: Enable RFC 4429 Optimistic DAD (EXPERIMENTAL)"
62 depends on IPV6 && EXPERIMENTAL 62 depends on EXPERIMENTAL
63 ---help--- 63 ---help---
64 This is experimental support for optimistic Duplicate 64 This is experimental support for optimistic Duplicate
65 Address Detection. It allows for autoconfigured addresses 65 Address Detection. It allows for autoconfigured addresses
@@ -69,7 +69,6 @@ config IPV6_OPTIMISTIC_DAD
69 69
70config INET6_AH 70config INET6_AH
71 tristate "IPv6: AH transformation" 71 tristate "IPv6: AH transformation"
72 depends on IPV6
73 select XFRM 72 select XFRM
74 select CRYPTO 73 select CRYPTO
75 select CRYPTO_HMAC 74 select CRYPTO_HMAC
@@ -82,7 +81,6 @@ config INET6_AH
82 81
83config INET6_ESP 82config INET6_ESP
84 tristate "IPv6: ESP transformation" 83 tristate "IPv6: ESP transformation"
85 depends on IPV6
86 select XFRM 84 select XFRM
87 select CRYPTO 85 select CRYPTO
88 select CRYPTO_AUTHENC 86 select CRYPTO_AUTHENC
@@ -98,7 +96,6 @@ config INET6_ESP
98 96
99config INET6_IPCOMP 97config INET6_IPCOMP
100 tristate "IPv6: IPComp transformation" 98 tristate "IPv6: IPComp transformation"
101 depends on IPV6
102 select XFRM 99 select XFRM
103 select INET6_XFRM_TUNNEL 100 select INET6_XFRM_TUNNEL
104 select CRYPTO 101 select CRYPTO
@@ -111,7 +108,7 @@ config INET6_IPCOMP
111 108
112config IPV6_MIP6 109config IPV6_MIP6
113 tristate "IPv6: Mobility (EXPERIMENTAL)" 110 tristate "IPv6: Mobility (EXPERIMENTAL)"
114 depends on IPV6 && EXPERIMENTAL 111 depends on EXPERIMENTAL
115 select XFRM 112 select XFRM
116 ---help--- 113 ---help---
117 Support for IPv6 Mobility described in RFC 3775. 114 Support for IPv6 Mobility described in RFC 3775.
@@ -129,7 +126,6 @@ config INET6_TUNNEL
129 126
130config INET6_XFRM_MODE_TRANSPORT 127config INET6_XFRM_MODE_TRANSPORT
131 tristate "IPv6: IPsec transport mode" 128 tristate "IPv6: IPsec transport mode"
132 depends on IPV6
133 default IPV6 129 default IPV6
134 select XFRM 130 select XFRM
135 ---help--- 131 ---help---
@@ -139,7 +135,6 @@ config INET6_XFRM_MODE_TRANSPORT
139 135
140config INET6_XFRM_MODE_TUNNEL 136config INET6_XFRM_MODE_TUNNEL
141 tristate "IPv6: IPsec tunnel mode" 137 tristate "IPv6: IPsec tunnel mode"
142 depends on IPV6
143 default IPV6 138 default IPV6
144 select XFRM 139 select XFRM
145 ---help--- 140 ---help---
@@ -149,7 +144,6 @@ config INET6_XFRM_MODE_TUNNEL
149 144
150config INET6_XFRM_MODE_BEET 145config INET6_XFRM_MODE_BEET
151 tristate "IPv6: IPsec BEET mode" 146 tristate "IPv6: IPsec BEET mode"
152 depends on IPV6
153 default IPV6 147 default IPV6
154 select XFRM 148 select XFRM
155 ---help--- 149 ---help---
@@ -159,15 +153,15 @@ config INET6_XFRM_MODE_BEET
159 153
160config INET6_XFRM_MODE_ROUTEOPTIMIZATION 154config INET6_XFRM_MODE_ROUTEOPTIMIZATION
161 tristate "IPv6: MIPv6 route optimization mode (EXPERIMENTAL)" 155 tristate "IPv6: MIPv6 route optimization mode (EXPERIMENTAL)"
162 depends on IPV6 && EXPERIMENTAL 156 depends on EXPERIMENTAL
163 select XFRM 157 select XFRM
164 ---help--- 158 ---help---
165 Support for MIPv6 route optimization mode. 159 Support for MIPv6 route optimization mode.
166 160
167config IPV6_SIT 161config IPV6_SIT
168 tristate "IPv6: IPv6-in-IPv4 tunnel (SIT driver)" 162 tristate "IPv6: IPv6-in-IPv4 tunnel (SIT driver)"
169 depends on IPV6
170 select INET_TUNNEL 163 select INET_TUNNEL
164 select IPV6_NDISC_NODETYPE
171 default y 165 default y
172 ---help--- 166 ---help---
173 Tunneling means encapsulating data of one protocol type within 167 Tunneling means encapsulating data of one protocol type within
@@ -178,10 +172,12 @@ config IPV6_SIT
178 172
179 Saying M here will produce a module called sit.ko. If unsure, say Y. 173 Saying M here will produce a module called sit.ko. If unsure, say Y.
180 174
175config IPV6_NDISC_NODETYPE
176 bool
177
181config IPV6_TUNNEL 178config IPV6_TUNNEL
182 tristate "IPv6: IP-in-IPv6 tunnel (RFC2473)" 179 tristate "IPv6: IP-in-IPv6 tunnel (RFC2473)"
183 select INET6_TUNNEL 180 select INET6_TUNNEL
184 depends on IPV6
185 ---help--- 181 ---help---
186 Support for IPv6-in-IPv6 and IPv4-in-IPv6 tunnels described in 182 Support for IPv6-in-IPv6 and IPv4-in-IPv6 tunnels described in
187 RFC 2473. 183 RFC 2473.
@@ -190,7 +186,7 @@ config IPV6_TUNNEL
190 186
191config IPV6_MULTIPLE_TABLES 187config IPV6_MULTIPLE_TABLES
192 bool "IPv6: Multiple Routing Tables" 188 bool "IPv6: Multiple Routing Tables"
193 depends on IPV6 && EXPERIMENTAL 189 depends on EXPERIMENTAL
194 select FIB_RULES 190 select FIB_RULES
195 ---help--- 191 ---help---
196 Support multiple routing tables. 192 Support multiple routing tables.
@@ -209,3 +205,18 @@ config IPV6_SUBTREES
209 205
210 If unsure, say N. 206 If unsure, say N.
211 207
208config IPV6_MROUTE
209 bool "IPv6: multicast routing (EXPERIMENTAL)"
210 depends on IPV6 && EXPERIMENTAL
211 ---help---
212 Experimental support for IPv6 multicast forwarding.
213 If unsure, say N.
214
215config IPV6_PIMSM_V2
216 bool "IPv6: PIM-SM version 2 support (EXPERIMENTAL)"
217 depends on IPV6_MROUTE
218 ---help---
219 Support for IPv6 PIM multicast routing protocol PIM-SMv2.
220 If unsure, say N.
221
222endif # IPV6
diff --git a/net/ipv6/Makefile b/net/ipv6/Makefile
index 24f3aa0f2a35..686934acfac1 100644
--- a/net/ipv6/Makefile
+++ b/net/ipv6/Makefile
@@ -11,11 +11,14 @@ ipv6-objs := af_inet6.o anycast.o ip6_output.o ip6_input.o addrconf.o \
11 exthdrs.o datagram.o ip6_flowlabel.o inet6_connection_sock.o 11 exthdrs.o datagram.o ip6_flowlabel.o inet6_connection_sock.o
12 12
13ipv6-$(CONFIG_SYSCTL) = sysctl_net_ipv6.o 13ipv6-$(CONFIG_SYSCTL) = sysctl_net_ipv6.o
14ipv6-$(CONFIG_IPV6_MROUTE) += ip6mr.o
15
14ipv6-$(CONFIG_XFRM) += xfrm6_policy.o xfrm6_state.o xfrm6_input.o \ 16ipv6-$(CONFIG_XFRM) += xfrm6_policy.o xfrm6_state.o xfrm6_input.o \
15 xfrm6_output.o 17 xfrm6_output.o
16ipv6-$(CONFIG_NETFILTER) += netfilter.o 18ipv6-$(CONFIG_NETFILTER) += netfilter.o
17ipv6-$(CONFIG_IPV6_MULTIPLE_TABLES) += fib6_rules.o 19ipv6-$(CONFIG_IPV6_MULTIPLE_TABLES) += fib6_rules.o
18ipv6-$(CONFIG_PROC_FS) += proc.o 20ipv6-$(CONFIG_PROC_FS) += proc.o
21ipv6-$(CONFIG_SYN_COOKIES) += syncookies.o
19 22
20ipv6-objs += $(ipv6-y) 23ipv6-objs += $(ipv6-y)
21 24
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index a65935a9afd9..8a0fd4007bdb 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -222,6 +222,8 @@ static struct ipv6_devconf ipv6_devconf_dflt __read_mostly = {
222/* IPv6 Wildcard Address and Loopback Address defined by RFC2553 */ 222/* IPv6 Wildcard Address and Loopback Address defined by RFC2553 */
223const struct in6_addr in6addr_any = IN6ADDR_ANY_INIT; 223const struct in6_addr in6addr_any = IN6ADDR_ANY_INIT;
224const struct in6_addr in6addr_loopback = IN6ADDR_LOOPBACK_INIT; 224const struct in6_addr in6addr_loopback = IN6ADDR_LOOPBACK_INIT;
225const struct in6_addr in6addr_linklocal_allnodes = IN6ADDR_LINKLOCAL_ALLNODES_INIT;
226const struct in6_addr in6addr_linklocal_allrouters = IN6ADDR_LINKLOCAL_ALLROUTERS_INIT;
225 227
226/* Check if a valid qdisc is available */ 228/* Check if a valid qdisc is available */
227static inline int addrconf_qdisc_ok(struct net_device *dev) 229static inline int addrconf_qdisc_ok(struct net_device *dev)
@@ -321,7 +323,6 @@ EXPORT_SYMBOL(in6_dev_finish_destroy);
321static struct inet6_dev * ipv6_add_dev(struct net_device *dev) 323static struct inet6_dev * ipv6_add_dev(struct net_device *dev)
322{ 324{
323 struct inet6_dev *ndev; 325 struct inet6_dev *ndev;
324 struct in6_addr maddr;
325 326
326 ASSERT_RTNL(); 327 ASSERT_RTNL();
327 328
@@ -335,7 +336,7 @@ static struct inet6_dev * ipv6_add_dev(struct net_device *dev)
335 336
336 rwlock_init(&ndev->lock); 337 rwlock_init(&ndev->lock);
337 ndev->dev = dev; 338 ndev->dev = dev;
338 memcpy(&ndev->cnf, dev->nd_net->ipv6.devconf_dflt, sizeof(ndev->cnf)); 339 memcpy(&ndev->cnf, dev_net(dev)->ipv6.devconf_dflt, sizeof(ndev->cnf));
339 ndev->cnf.mtu6 = dev->mtu; 340 ndev->cnf.mtu6 = dev->mtu;
340 ndev->cnf.sysctl = NULL; 341 ndev->cnf.sysctl = NULL;
341 ndev->nd_parms = neigh_parms_alloc(dev, &nd_tbl); 342 ndev->nd_parms = neigh_parms_alloc(dev, &nd_tbl);
@@ -349,7 +350,7 @@ static struct inet6_dev * ipv6_add_dev(struct net_device *dev)
349 if (snmp6_alloc_dev(ndev) < 0) { 350 if (snmp6_alloc_dev(ndev) < 0) {
350 ADBG((KERN_WARNING 351 ADBG((KERN_WARNING
351 "%s(): cannot allocate memory for statistics; dev=%s.\n", 352 "%s(): cannot allocate memory for statistics; dev=%s.\n",
352 __FUNCTION__, dev->name)); 353 __func__, dev->name));
353 neigh_parms_release(&nd_tbl, ndev->nd_parms); 354 neigh_parms_release(&nd_tbl, ndev->nd_parms);
354 ndev->dead = 1; 355 ndev->dead = 1;
355 in6_dev_finish_destroy(ndev); 356 in6_dev_finish_destroy(ndev);
@@ -359,7 +360,7 @@ static struct inet6_dev * ipv6_add_dev(struct net_device *dev)
359 if (snmp6_register_dev(ndev) < 0) { 360 if (snmp6_register_dev(ndev) < 0) {
360 ADBG((KERN_WARNING 361 ADBG((KERN_WARNING
361 "%s(): cannot create /proc/net/dev_snmp6/%s\n", 362 "%s(): cannot create /proc/net/dev_snmp6/%s\n",
362 __FUNCTION__, dev->name)); 363 __func__, dev->name));
363 neigh_parms_release(&nd_tbl, ndev->nd_parms); 364 neigh_parms_release(&nd_tbl, ndev->nd_parms);
364 ndev->dead = 1; 365 ndev->dead = 1;
365 in6_dev_finish_destroy(ndev); 366 in6_dev_finish_destroy(ndev);
@@ -371,25 +372,26 @@ static struct inet6_dev * ipv6_add_dev(struct net_device *dev)
371 */ 372 */
372 in6_dev_hold(ndev); 373 in6_dev_hold(ndev);
373 374
375#if defined(CONFIG_IPV6_SIT) || defined(CONFIG_IPV6_SIT_MODULE)
376 if (dev->type == ARPHRD_SIT && (dev->priv_flags & IFF_ISATAP)) {
377 printk(KERN_INFO
378 "%s: Disabled Multicast RS\n",
379 dev->name);
380 ndev->cnf.rtr_solicits = 0;
381 }
382#endif
383
374#ifdef CONFIG_IPV6_PRIVACY 384#ifdef CONFIG_IPV6_PRIVACY
375 setup_timer(&ndev->regen_timer, ipv6_regen_rndid, (unsigned long)ndev); 385 setup_timer(&ndev->regen_timer, ipv6_regen_rndid, (unsigned long)ndev);
376 if ((dev->flags&IFF_LOOPBACK) || 386 if ((dev->flags&IFF_LOOPBACK) ||
377 dev->type == ARPHRD_TUNNEL || 387 dev->type == ARPHRD_TUNNEL ||
378#if defined(CONFIG_IPV6_SIT) || defined(CONFIG_IPV6_SIT_MODULE) 388 dev->type == ARPHRD_TUNNEL6 ||
379 dev->type == ARPHRD_SIT || 389 dev->type == ARPHRD_SIT ||
380#endif
381 dev->type == ARPHRD_NONE) { 390 dev->type == ARPHRD_NONE) {
382 printk(KERN_INFO 391 printk(KERN_INFO
383 "%s: Disabled Privacy Extensions\n", 392 "%s: Disabled Privacy Extensions\n",
384 dev->name); 393 dev->name);
385 ndev->cnf.use_tempaddr = -1; 394 ndev->cnf.use_tempaddr = -1;
386
387 if (dev->type == ARPHRD_SIT && (dev->priv_flags & IFF_ISATAP)) {
388 printk(KERN_INFO
389 "%s: Disabled Multicast RS\n",
390 dev->name);
391 ndev->cnf.rtr_solicits = 0;
392 }
393 } else { 395 } else {
394 in6_dev_hold(ndev); 396 in6_dev_hold(ndev);
395 ipv6_regen_rndid((unsigned long) ndev); 397 ipv6_regen_rndid((unsigned long) ndev);
@@ -406,8 +408,7 @@ static struct inet6_dev * ipv6_add_dev(struct net_device *dev)
406 rcu_assign_pointer(dev->ip6_ptr, ndev); 408 rcu_assign_pointer(dev->ip6_ptr, ndev);
407 409
408 /* Join all-node multicast group */ 410 /* Join all-node multicast group */
409 ipv6_addr_all_nodes(&maddr); 411 ipv6_dev_mc_inc(dev, &in6addr_linklocal_allnodes);
410 ipv6_dev_mc_inc(dev, &maddr);
411 412
412 return ndev; 413 return ndev;
413} 414}
@@ -433,18 +434,15 @@ static void dev_forward_change(struct inet6_dev *idev)
433{ 434{
434 struct net_device *dev; 435 struct net_device *dev;
435 struct inet6_ifaddr *ifa; 436 struct inet6_ifaddr *ifa;
436 struct in6_addr addr;
437 437
438 if (!idev) 438 if (!idev)
439 return; 439 return;
440 dev = idev->dev; 440 dev = idev->dev;
441 if (dev && (dev->flags & IFF_MULTICAST)) { 441 if (dev && (dev->flags & IFF_MULTICAST)) {
442 ipv6_addr_all_routers(&addr);
443
444 if (idev->cnf.forwarding) 442 if (idev->cnf.forwarding)
445 ipv6_dev_mc_inc(dev, &addr); 443 ipv6_dev_mc_inc(dev, &in6addr_linklocal_allrouters);
446 else 444 else
447 ipv6_dev_mc_dec(dev, &addr); 445 ipv6_dev_mc_dec(dev, &in6addr_linklocal_allrouters);
448 } 446 }
449 for (ifa=idev->addr_list; ifa; ifa=ifa->if_next) { 447 for (ifa=idev->addr_list; ifa; ifa=ifa->if_next) {
450 if (ifa->flags&IFA_F_TENTATIVE) 448 if (ifa->flags&IFA_F_TENTATIVE)
@@ -493,7 +491,7 @@ static void addrconf_fixup_forwarding(struct ctl_table *table, int *p, int old)
493 dev_forward_change((struct inet6_dev *)table->extra1); 491 dev_forward_change((struct inet6_dev *)table->extra1);
494 492
495 if (*p) 493 if (*p)
496 rt6_purge_dflt_routers(); 494 rt6_purge_dflt_routers(net);
497} 495}
498#endif 496#endif
499 497
@@ -541,6 +539,25 @@ ipv6_link_dev_addr(struct inet6_dev *idev, struct inet6_ifaddr *ifp)
541 *ifap = ifp; 539 *ifap = ifp;
542} 540}
543 541
542/*
543 * Hash function taken from net_alias.c
544 */
545static u8 ipv6_addr_hash(const struct in6_addr *addr)
546{
547 __u32 word;
548
549 /*
550 * We perform the hash function over the last 64 bits of the address
551 * This will include the IEEE address token on links that support it.
552 */
553
554 word = (__force u32)(addr->s6_addr32[2] ^ addr->s6_addr32[3]);
555 word ^= (word >> 16);
556 word ^= (word >> 8);
557
558 return ((word ^ (word >> 4)) & 0x0f);
559}
560
544/* On success it returns ifp with increased reference count */ 561/* On success it returns ifp with increased reference count */
545 562
546static struct inet6_ifaddr * 563static struct inet6_ifaddr *
@@ -561,7 +578,7 @@ ipv6_add_addr(struct inet6_dev *idev, const struct in6_addr *addr, int pfxlen,
561 write_lock(&addrconf_hash_lock); 578 write_lock(&addrconf_hash_lock);
562 579
563 /* Ignore adding duplicate addresses on an interface */ 580 /* Ignore adding duplicate addresses on an interface */
564 if (ipv6_chk_same_addr(&init_net, addr, idev->dev)) { 581 if (ipv6_chk_same_addr(dev_net(idev->dev), addr, idev->dev)) {
565 ADBG(("ipv6_add_addr: already assigned\n")); 582 ADBG(("ipv6_add_addr: already assigned\n"));
566 err = -EEXIST; 583 err = -EEXIST;
567 goto out; 584 goto out;
@@ -751,9 +768,9 @@ static void ipv6_del_addr(struct inet6_ifaddr *ifp)
751 if ((ifp->flags & IFA_F_PERMANENT) && onlink < 1) { 768 if ((ifp->flags & IFA_F_PERMANENT) && onlink < 1) {
752 struct in6_addr prefix; 769 struct in6_addr prefix;
753 struct rt6_info *rt; 770 struct rt6_info *rt;
754 771 struct net *net = dev_net(ifp->idev->dev);
755 ipv6_addr_prefix(&prefix, &ifp->addr, ifp->prefix_len); 772 ipv6_addr_prefix(&prefix, &ifp->addr, ifp->prefix_len);
756 rt = rt6_lookup(&prefix, NULL, ifp->idev->dev->ifindex, 1); 773 rt = rt6_lookup(net, &prefix, NULL, ifp->idev->dev->ifindex, 1);
757 774
758 if (rt && ((rt->rt6i_flags & (RTF_GATEWAY | RTF_DEFAULT)) == 0)) { 775 if (rt && ((rt->rt6i_flags & (RTF_GATEWAY | RTF_DEFAULT)) == 0)) {
759 if (onlink == 0) { 776 if (onlink == 0) {
@@ -893,20 +910,40 @@ out:
893/* 910/*
894 * Choose an appropriate source address (RFC3484) 911 * Choose an appropriate source address (RFC3484)
895 */ 912 */
913enum {
914 IPV6_SADDR_RULE_INIT = 0,
915 IPV6_SADDR_RULE_LOCAL,
916 IPV6_SADDR_RULE_SCOPE,
917 IPV6_SADDR_RULE_PREFERRED,
918#ifdef CONFIG_IPV6_MIP6
919 IPV6_SADDR_RULE_HOA,
920#endif
921 IPV6_SADDR_RULE_OIF,
922 IPV6_SADDR_RULE_LABEL,
923#ifdef CONFIG_IPV6_PRIVACY
924 IPV6_SADDR_RULE_PRIVACY,
925#endif
926 IPV6_SADDR_RULE_ORCHID,
927 IPV6_SADDR_RULE_PREFIX,
928 IPV6_SADDR_RULE_MAX
929};
930
896struct ipv6_saddr_score { 931struct ipv6_saddr_score {
897 int addr_type; 932 int rule;
898 unsigned int attrs; 933 int addr_type;
899 int matchlen; 934 struct inet6_ifaddr *ifa;
900 int scope; 935 DECLARE_BITMAP(scorebits, IPV6_SADDR_RULE_MAX);
901 unsigned int rule; 936 int scopedist;
937 int matchlen;
902}; 938};
903 939
904#define IPV6_SADDR_SCORE_LOCAL 0x0001 940struct ipv6_saddr_dst {
905#define IPV6_SADDR_SCORE_PREFERRED 0x0004 941 const struct in6_addr *addr;
906#define IPV6_SADDR_SCORE_HOA 0x0008 942 int ifindex;
907#define IPV6_SADDR_SCORE_OIF 0x0010 943 int scope;
908#define IPV6_SADDR_SCORE_LABEL 0x0020 944 int label;
909#define IPV6_SADDR_SCORE_PRIVACY 0x0040 945 unsigned int prefs;
946};
910 947
911static inline int ipv6_saddr_preferred(int type) 948static inline int ipv6_saddr_preferred(int type)
912{ 949{
@@ -916,27 +953,152 @@ static inline int ipv6_saddr_preferred(int type)
916 return 0; 953 return 0;
917} 954}
918 955
919int ipv6_dev_get_saddr(struct net_device *daddr_dev, 956static int ipv6_get_saddr_eval(struct ipv6_saddr_score *score,
920 struct in6_addr *daddr, struct in6_addr *saddr) 957 struct ipv6_saddr_dst *dst,
958 int i)
921{ 959{
922 struct ipv6_saddr_score hiscore; 960 int ret;
923 struct inet6_ifaddr *ifa_result = NULL; 961
924 int daddr_type = __ipv6_addr_type(daddr); 962 if (i <= score->rule) {
925 int daddr_scope = __ipv6_addr_src_scope(daddr_type); 963 switch (i) {
926 int daddr_ifindex = daddr_dev ? daddr_dev->ifindex : 0; 964 case IPV6_SADDR_RULE_SCOPE:
927 u32 daddr_label = ipv6_addr_label(daddr, daddr_type, daddr_ifindex); 965 ret = score->scopedist;
966 break;
967 case IPV6_SADDR_RULE_PREFIX:
968 ret = score->matchlen;
969 break;
970 default:
971 ret = !!test_bit(i, score->scorebits);
972 }
973 goto out;
974 }
975
976 switch (i) {
977 case IPV6_SADDR_RULE_INIT:
978 /* Rule 0: remember if hiscore is not ready yet */
979 ret = !!score->ifa;
980 break;
981 case IPV6_SADDR_RULE_LOCAL:
982 /* Rule 1: Prefer same address */
983 ret = ipv6_addr_equal(&score->ifa->addr, dst->addr);
984 break;
985 case IPV6_SADDR_RULE_SCOPE:
986 /* Rule 2: Prefer appropriate scope
987 *
988 * ret
989 * ^
990 * -1 | d 15
991 * ---+--+-+---> scope
992 * |
993 * | d is scope of the destination.
994 * B-d | \
995 * | \ <- smaller scope is better if
996 * B-15 | \ if scope is enough for destinaion.
997 * | ret = B - scope (-1 <= scope >= d <= 15).
998 * d-C-1 | /
999 * |/ <- greater is better
1000 * -C / if scope is not enough for destination.
1001 * /| ret = scope - C (-1 <= d < scope <= 15).
1002 *
1003 * d - C - 1 < B -15 (for all -1 <= d <= 15).
1004 * C > d + 14 - B >= 15 + 14 - B = 29 - B.
1005 * Assume B = 0 and we get C > 29.
1006 */
1007 ret = __ipv6_addr_src_scope(score->addr_type);
1008 if (ret >= dst->scope)
1009 ret = -ret;
1010 else
1011 ret -= 128; /* 30 is enough */
1012 score->scopedist = ret;
1013 break;
1014 case IPV6_SADDR_RULE_PREFERRED:
1015 /* Rule 3: Avoid deprecated and optimistic addresses */
1016 ret = ipv6_saddr_preferred(score->addr_type) ||
1017 !(score->ifa->flags & (IFA_F_DEPRECATED|IFA_F_OPTIMISTIC));
1018 break;
1019#ifdef CONFIG_IPV6_MIP6
1020 case IPV6_SADDR_RULE_HOA:
1021 {
1022 /* Rule 4: Prefer home address */
1023 int prefhome = !(dst->prefs & IPV6_PREFER_SRC_COA);
1024 ret = !(score->ifa->flags & IFA_F_HOMEADDRESS) ^ prefhome;
1025 break;
1026 }
1027#endif
1028 case IPV6_SADDR_RULE_OIF:
1029 /* Rule 5: Prefer outgoing interface */
1030 ret = (!dst->ifindex ||
1031 dst->ifindex == score->ifa->idev->dev->ifindex);
1032 break;
1033 case IPV6_SADDR_RULE_LABEL:
1034 /* Rule 6: Prefer matching label */
1035 ret = ipv6_addr_label(&score->ifa->addr, score->addr_type,
1036 score->ifa->idev->dev->ifindex) == dst->label;
1037 break;
1038#ifdef CONFIG_IPV6_PRIVACY
1039 case IPV6_SADDR_RULE_PRIVACY:
1040 {
1041 /* Rule 7: Prefer public address
1042 * Note: prefer temprary address if use_tempaddr >= 2
1043 */
1044 int preftmp = dst->prefs & (IPV6_PREFER_SRC_PUBLIC|IPV6_PREFER_SRC_TMP) ?
1045 !!(dst->prefs & IPV6_PREFER_SRC_TMP) :
1046 score->ifa->idev->cnf.use_tempaddr >= 2;
1047 ret = (!(score->ifa->flags & IFA_F_TEMPORARY)) ^ preftmp;
1048 break;
1049 }
1050#endif
1051 case IPV6_SADDR_RULE_ORCHID:
1052 /* Rule 8-: Prefer ORCHID vs ORCHID or
1053 * non-ORCHID vs non-ORCHID
1054 */
1055 ret = !(ipv6_addr_orchid(&score->ifa->addr) ^
1056 ipv6_addr_orchid(dst->addr));
1057 break;
1058 case IPV6_SADDR_RULE_PREFIX:
1059 /* Rule 8: Use longest matching prefix */
1060 score->matchlen = ret = ipv6_addr_diff(&score->ifa->addr,
1061 dst->addr);
1062 break;
1063 default:
1064 ret = 0;
1065 }
1066
1067 if (ret)
1068 __set_bit(i, score->scorebits);
1069 score->rule = i;
1070out:
1071 return ret;
1072}
1073
1074int ipv6_dev_get_saddr(struct net_device *dst_dev,
1075 const struct in6_addr *daddr, unsigned int prefs,
1076 struct in6_addr *saddr)
1077{
1078 struct ipv6_saddr_score scores[2],
1079 *score = &scores[0], *hiscore = &scores[1];
1080 struct net *net = dev_net(dst_dev);
1081 struct ipv6_saddr_dst dst;
928 struct net_device *dev; 1082 struct net_device *dev;
1083 int dst_type;
929 1084
930 memset(&hiscore, 0, sizeof(hiscore)); 1085 dst_type = __ipv6_addr_type(daddr);
1086 dst.addr = daddr;
1087 dst.ifindex = dst_dev ? dst_dev->ifindex : 0;
1088 dst.scope = __ipv6_addr_src_scope(dst_type);
1089 dst.label = ipv6_addr_label(daddr, dst_type, dst.ifindex);
1090 dst.prefs = prefs;
1091
1092 hiscore->rule = -1;
1093 hiscore->ifa = NULL;
931 1094
932 read_lock(&dev_base_lock); 1095 read_lock(&dev_base_lock);
933 rcu_read_lock(); 1096 rcu_read_lock();
934 1097
935 for_each_netdev(&init_net, dev) { 1098 for_each_netdev(net, dev) {
936 struct inet6_dev *idev; 1099 struct inet6_dev *idev;
937 struct inet6_ifaddr *ifa;
938 1100
939 /* Rule 0: Candidate Source Address (section 4) 1101 /* Candidate Source Address (section 4)
940 * - multicast and link-local destination address, 1102 * - multicast and link-local destination address,
941 * the set of candidate source address MUST only 1103 * the set of candidate source address MUST only
942 * include addresses assigned to interfaces 1104 * include addresses assigned to interfaces
@@ -948,9 +1110,9 @@ int ipv6_dev_get_saddr(struct net_device *daddr_dev,
948 * belonging to the same site as the outgoing 1110 * belonging to the same site as the outgoing
949 * interface.) 1111 * interface.)
950 */ 1112 */
951 if ((daddr_type & IPV6_ADDR_MULTICAST || 1113 if (((dst_type & IPV6_ADDR_MULTICAST) ||
952 daddr_scope <= IPV6_ADDR_SCOPE_LINKLOCAL) && 1114 dst.scope <= IPV6_ADDR_SCOPE_LINKLOCAL) &&
953 daddr_dev && dev != daddr_dev) 1115 dst.ifindex && dev->ifindex != dst.ifindex)
954 continue; 1116 continue;
955 1117
956 idev = __in6_dev_get(dev); 1118 idev = __in6_dev_get(dev);
@@ -958,12 +1120,10 @@ int ipv6_dev_get_saddr(struct net_device *daddr_dev,
958 continue; 1120 continue;
959 1121
960 read_lock_bh(&idev->lock); 1122 read_lock_bh(&idev->lock);
961 for (ifa = idev->addr_list; ifa; ifa = ifa->if_next) { 1123 for (score->ifa = idev->addr_list; score->ifa; score->ifa = score->ifa->if_next) {
962 struct ipv6_saddr_score score; 1124 int i;
963 1125
964 score.addr_type = __ipv6_addr_type(&ifa->addr); 1126 /*
965
966 /* Rule 0:
967 * - Tentative Address (RFC2462 section 5.4) 1127 * - Tentative Address (RFC2462 section 5.4)
968 * - A tentative address is not considered 1128 * - A tentative address is not considered
969 * "assigned to an interface" in the traditional 1129 * "assigned to an interface" in the traditional
@@ -973,11 +1133,14 @@ int ipv6_dev_get_saddr(struct net_device *daddr_dev,
973 * addresses, and the unspecified address MUST 1133 * addresses, and the unspecified address MUST
974 * NOT be included in a candidate set. 1134 * NOT be included in a candidate set.
975 */ 1135 */
976 if ((ifa->flags & IFA_F_TENTATIVE) && 1136 if ((score->ifa->flags & IFA_F_TENTATIVE) &&
977 (!(ifa->flags & IFA_F_OPTIMISTIC))) 1137 (!(score->ifa->flags & IFA_F_OPTIMISTIC)))
978 continue; 1138 continue;
979 if (unlikely(score.addr_type == IPV6_ADDR_ANY || 1139
980 score.addr_type & IPV6_ADDR_MULTICAST)) { 1140 score->addr_type = __ipv6_addr_type(&score->ifa->addr);
1141
1142 if (unlikely(score->addr_type == IPV6_ADDR_ANY ||
1143 score->addr_type & IPV6_ADDR_MULTICAST)) {
981 LIMIT_NETDEBUG(KERN_DEBUG 1144 LIMIT_NETDEBUG(KERN_DEBUG
982 "ADDRCONF: unspecified / multicast address " 1145 "ADDRCONF: unspecified / multicast address "
983 "assigned as unicast address on %s", 1146 "assigned as unicast address on %s",
@@ -985,207 +1148,63 @@ int ipv6_dev_get_saddr(struct net_device *daddr_dev,
985 continue; 1148 continue;
986 } 1149 }
987 1150
988 score.attrs = 0; 1151 score->rule = -1;
989 score.matchlen = 0; 1152 bitmap_zero(score->scorebits, IPV6_SADDR_RULE_MAX);
990 score.scope = 0; 1153
991 score.rule = 0; 1154 for (i = 0; i < IPV6_SADDR_RULE_MAX; i++) {
992 1155 int minihiscore, miniscore;
993 if (ifa_result == NULL) { 1156
994 /* record it if the first available entry */ 1157 minihiscore = ipv6_get_saddr_eval(hiscore, &dst, i);
995 goto record_it; 1158 miniscore = ipv6_get_saddr_eval(score, &dst, i);
996 } 1159
997 1160 if (minihiscore > miniscore) {
998 /* Rule 1: Prefer same address */ 1161 if (i == IPV6_SADDR_RULE_SCOPE &&
999 if (hiscore.rule < 1) { 1162 score->scopedist > 0) {
1000 if (ipv6_addr_equal(&ifa_result->addr, daddr)) 1163 /*
1001 hiscore.attrs |= IPV6_SADDR_SCORE_LOCAL; 1164 * special case:
1002 hiscore.rule++; 1165 * each remaining entry
1003 } 1166 * has too small (not enough)
1004 if (ipv6_addr_equal(&ifa->addr, daddr)) { 1167 * scope, because ifa entries
1005 score.attrs |= IPV6_SADDR_SCORE_LOCAL; 1168 * are sorted by their scope
1006 if (!(hiscore.attrs & IPV6_SADDR_SCORE_LOCAL)) { 1169 * values.
1007 score.rule = 1; 1170 */
1008 goto record_it; 1171 goto try_nextdev;
1009 } 1172 }
1010 } else { 1173 break;
1011 if (hiscore.attrs & IPV6_SADDR_SCORE_LOCAL) 1174 } else if (minihiscore < miniscore) {
1012 continue; 1175 struct ipv6_saddr_score *tmp;
1013 }
1014 1176
1015 /* Rule 2: Prefer appropriate scope */ 1177 if (hiscore->ifa)
1016 if (hiscore.rule < 2) { 1178 in6_ifa_put(hiscore->ifa);
1017 hiscore.scope = __ipv6_addr_src_scope(hiscore.addr_type);
1018 hiscore.rule++;
1019 }
1020 score.scope = __ipv6_addr_src_scope(score.addr_type);
1021 if (hiscore.scope < score.scope) {
1022 if (hiscore.scope < daddr_scope) {
1023 score.rule = 2;
1024 goto record_it;
1025 } else
1026 continue;
1027 } else if (score.scope < hiscore.scope) {
1028 if (score.scope < daddr_scope)
1029 break; /* addresses sorted by scope */
1030 else {
1031 score.rule = 2;
1032 goto record_it;
1033 }
1034 }
1035 1179
1036 /* Rule 3: Avoid deprecated and optimistic addresses */ 1180 in6_ifa_hold(score->ifa);
1037 if (hiscore.rule < 3) {
1038 if (ipv6_saddr_preferred(hiscore.addr_type) ||
1039 (((ifa_result->flags &
1040 (IFA_F_DEPRECATED|IFA_F_OPTIMISTIC)) == 0)))
1041 hiscore.attrs |= IPV6_SADDR_SCORE_PREFERRED;
1042 hiscore.rule++;
1043 }
1044 if (ipv6_saddr_preferred(score.addr_type) ||
1045 (((ifa->flags &
1046 (IFA_F_DEPRECATED|IFA_F_OPTIMISTIC)) == 0))) {
1047 score.attrs |= IPV6_SADDR_SCORE_PREFERRED;
1048 if (!(hiscore.attrs & IPV6_SADDR_SCORE_PREFERRED)) {
1049 score.rule = 3;
1050 goto record_it;
1051 }
1052 } else {
1053 if (hiscore.attrs & IPV6_SADDR_SCORE_PREFERRED)
1054 continue;
1055 }
1056 1181
1057 /* Rule 4: Prefer home address */ 1182 tmp = hiscore;
1058#if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE) 1183 hiscore = score;
1059 if (hiscore.rule < 4) { 1184 score = tmp;
1060 if (ifa_result->flags & IFA_F_HOMEADDRESS)
1061 hiscore.attrs |= IPV6_SADDR_SCORE_HOA;
1062 hiscore.rule++;
1063 }
1064 if (ifa->flags & IFA_F_HOMEADDRESS) {
1065 score.attrs |= IPV6_SADDR_SCORE_HOA;
1066 if (!(ifa_result->flags & IFA_F_HOMEADDRESS)) {
1067 score.rule = 4;
1068 goto record_it;
1069 }
1070 } else {
1071 if (hiscore.attrs & IPV6_SADDR_SCORE_HOA)
1072 continue;
1073 }
1074#else
1075 if (hiscore.rule < 4)
1076 hiscore.rule++;
1077#endif
1078 1185
1079 /* Rule 5: Prefer outgoing interface */ 1186 /* restore our iterator */
1080 if (hiscore.rule < 5) { 1187 score->ifa = hiscore->ifa;
1081 if (daddr_dev == NULL ||
1082 daddr_dev == ifa_result->idev->dev)
1083 hiscore.attrs |= IPV6_SADDR_SCORE_OIF;
1084 hiscore.rule++;
1085 }
1086 if (daddr_dev == NULL ||
1087 daddr_dev == ifa->idev->dev) {
1088 score.attrs |= IPV6_SADDR_SCORE_OIF;
1089 if (!(hiscore.attrs & IPV6_SADDR_SCORE_OIF)) {
1090 score.rule = 5;
1091 goto record_it;
1092 }
1093 } else {
1094 if (hiscore.attrs & IPV6_SADDR_SCORE_OIF)
1095 continue;
1096 }
1097 1188
1098 /* Rule 6: Prefer matching label */ 1189 break;
1099 if (hiscore.rule < 6) {
1100 if (ipv6_addr_label(&ifa_result->addr,
1101 hiscore.addr_type,
1102 ifa_result->idev->dev->ifindex) == daddr_label)
1103 hiscore.attrs |= IPV6_SADDR_SCORE_LABEL;
1104 hiscore.rule++;
1105 }
1106 if (ipv6_addr_label(&ifa->addr,
1107 score.addr_type,
1108 ifa->idev->dev->ifindex) == daddr_label) {
1109 score.attrs |= IPV6_SADDR_SCORE_LABEL;
1110 if (!(hiscore.attrs & IPV6_SADDR_SCORE_LABEL)) {
1111 score.rule = 6;
1112 goto record_it;
1113 }
1114 } else {
1115 if (hiscore.attrs & IPV6_SADDR_SCORE_LABEL)
1116 continue;
1117 }
1118
1119#ifdef CONFIG_IPV6_PRIVACY
1120 /* Rule 7: Prefer public address
1121 * Note: prefer temprary address if use_tempaddr >= 2
1122 */
1123 if (hiscore.rule < 7) {
1124 if ((!(ifa_result->flags & IFA_F_TEMPORARY)) ^
1125 (ifa_result->idev->cnf.use_tempaddr >= 2))
1126 hiscore.attrs |= IPV6_SADDR_SCORE_PRIVACY;
1127 hiscore.rule++;
1128 }
1129 if ((!(ifa->flags & IFA_F_TEMPORARY)) ^
1130 (ifa->idev->cnf.use_tempaddr >= 2)) {
1131 score.attrs |= IPV6_SADDR_SCORE_PRIVACY;
1132 if (!(hiscore.attrs & IPV6_SADDR_SCORE_PRIVACY)) {
1133 score.rule = 7;
1134 goto record_it;
1135 } 1190 }
1136 } else {
1137 if (hiscore.attrs & IPV6_SADDR_SCORE_PRIVACY)
1138 continue;
1139 } 1191 }
1140#else
1141 if (hiscore.rule < 7)
1142 hiscore.rule++;
1143#endif
1144 /* Rule 8: Use longest matching prefix */
1145 if (hiscore.rule < 8) {
1146 hiscore.matchlen = ipv6_addr_diff(&ifa_result->addr, daddr);
1147 hiscore.rule++;
1148 }
1149 score.matchlen = ipv6_addr_diff(&ifa->addr, daddr);
1150 if (score.matchlen > hiscore.matchlen) {
1151 score.rule = 8;
1152 goto record_it;
1153 }
1154#if 0
1155 else if (score.matchlen < hiscore.matchlen)
1156 continue;
1157#endif
1158
1159 /* Final Rule: choose first available one */
1160 continue;
1161record_it:
1162 if (ifa_result)
1163 in6_ifa_put(ifa_result);
1164 in6_ifa_hold(ifa);
1165 ifa_result = ifa;
1166 hiscore = score;
1167 } 1192 }
1193try_nextdev:
1168 read_unlock_bh(&idev->lock); 1194 read_unlock_bh(&idev->lock);
1169 } 1195 }
1170 rcu_read_unlock(); 1196 rcu_read_unlock();
1171 read_unlock(&dev_base_lock); 1197 read_unlock(&dev_base_lock);
1172 1198
1173 if (!ifa_result) 1199 if (!hiscore->ifa)
1174 return -EADDRNOTAVAIL; 1200 return -EADDRNOTAVAIL;
1175 1201
1176 ipv6_addr_copy(saddr, &ifa_result->addr); 1202 ipv6_addr_copy(saddr, &hiscore->ifa->addr);
1177 in6_ifa_put(ifa_result); 1203 in6_ifa_put(hiscore->ifa);
1178 return 0; 1204 return 0;
1179} 1205}
1180 1206
1181 1207EXPORT_SYMBOL(ipv6_dev_get_saddr);
1182int ipv6_get_saddr(struct dst_entry *dst,
1183 struct in6_addr *daddr, struct in6_addr *saddr)
1184{
1185 return ipv6_dev_get_saddr(dst ? ip6_dst_idev(dst)->dev : NULL, daddr, saddr);
1186}
1187
1188EXPORT_SYMBOL(ipv6_get_saddr);
1189 1208
1190int ipv6_get_lladdr(struct net_device *dev, struct in6_addr *addr, 1209int ipv6_get_lladdr(struct net_device *dev, struct in6_addr *addr,
1191 unsigned char banned_flags) 1210 unsigned char banned_flags)
@@ -1231,7 +1250,7 @@ int ipv6_chk_addr(struct net *net, struct in6_addr *addr,
1231 1250
1232 read_lock_bh(&addrconf_hash_lock); 1251 read_lock_bh(&addrconf_hash_lock);
1233 for(ifp = inet6_addr_lst[hash]; ifp; ifp=ifp->lst_next) { 1252 for(ifp = inet6_addr_lst[hash]; ifp; ifp=ifp->lst_next) {
1234 if (ifp->idev->dev->nd_net != net) 1253 if (!net_eq(dev_net(ifp->idev->dev), net))
1235 continue; 1254 continue;
1236 if (ipv6_addr_equal(&ifp->addr, addr) && 1255 if (ipv6_addr_equal(&ifp->addr, addr) &&
1237 !(ifp->flags&IFA_F_TENTATIVE)) { 1256 !(ifp->flags&IFA_F_TENTATIVE)) {
@@ -1253,7 +1272,7 @@ int ipv6_chk_same_addr(struct net *net, const struct in6_addr *addr,
1253 u8 hash = ipv6_addr_hash(addr); 1272 u8 hash = ipv6_addr_hash(addr);
1254 1273
1255 for(ifp = inet6_addr_lst[hash]; ifp; ifp=ifp->lst_next) { 1274 for(ifp = inet6_addr_lst[hash]; ifp; ifp=ifp->lst_next) {
1256 if (ifp->idev->dev->nd_net != net) 1275 if (!net_eq(dev_net(ifp->idev->dev), net))
1257 continue; 1276 continue;
1258 if (ipv6_addr_equal(&ifp->addr, addr)) { 1277 if (ipv6_addr_equal(&ifp->addr, addr)) {
1259 if (dev == NULL || ifp->idev->dev == dev) 1278 if (dev == NULL || ifp->idev->dev == dev)
@@ -1263,7 +1282,32 @@ int ipv6_chk_same_addr(struct net *net, const struct in6_addr *addr,
1263 return ifp != NULL; 1282 return ifp != NULL;
1264} 1283}
1265 1284
1266struct inet6_ifaddr *ipv6_get_ifaddr(struct net *net, struct in6_addr *addr, 1285int ipv6_chk_prefix(struct in6_addr *addr, struct net_device *dev)
1286{
1287 struct inet6_dev *idev;
1288 struct inet6_ifaddr *ifa;
1289 int onlink;
1290
1291 onlink = 0;
1292 rcu_read_lock();
1293 idev = __in6_dev_get(dev);
1294 if (idev) {
1295 read_lock_bh(&idev->lock);
1296 for (ifa = idev->addr_list; ifa; ifa = ifa->if_next) {
1297 onlink = ipv6_prefix_equal(addr, &ifa->addr,
1298 ifa->prefix_len);
1299 if (onlink)
1300 break;
1301 }
1302 read_unlock_bh(&idev->lock);
1303 }
1304 rcu_read_unlock();
1305 return onlink;
1306}
1307
1308EXPORT_SYMBOL(ipv6_chk_prefix);
1309
1310struct inet6_ifaddr *ipv6_get_ifaddr(struct net *net, const struct in6_addr *addr,
1267 struct net_device *dev, int strict) 1311 struct net_device *dev, int strict)
1268{ 1312{
1269 struct inet6_ifaddr * ifp; 1313 struct inet6_ifaddr * ifp;
@@ -1271,7 +1315,7 @@ struct inet6_ifaddr *ipv6_get_ifaddr(struct net *net, struct in6_addr *addr,
1271 1315
1272 read_lock_bh(&addrconf_hash_lock); 1316 read_lock_bh(&addrconf_hash_lock);
1273 for(ifp = inet6_addr_lst[hash]; ifp; ifp=ifp->lst_next) { 1317 for(ifp = inet6_addr_lst[hash]; ifp; ifp=ifp->lst_next) {
1274 if (ifp->idev->dev->nd_net != net) 1318 if (!net_eq(dev_net(ifp->idev->dev), net))
1275 continue; 1319 continue;
1276 if (ipv6_addr_equal(&ifp->addr, addr)) { 1320 if (ipv6_addr_equal(&ifp->addr, addr)) {
1277 if (dev == NULL || ifp->idev->dev == dev || 1321 if (dev == NULL || ifp->idev->dev == dev ||
@@ -1448,6 +1492,29 @@ static int addrconf_ifid_infiniband(u8 *eui, struct net_device *dev)
1448 return 0; 1492 return 0;
1449} 1493}
1450 1494
1495int __ipv6_isatap_ifid(u8 *eui, __be32 addr)
1496{
1497 eui[0] = (ipv4_is_zeronet(addr) || ipv4_is_private_10(addr) ||
1498 ipv4_is_loopback(addr) || ipv4_is_linklocal_169(addr) ||
1499 ipv4_is_private_172(addr) || ipv4_is_test_192(addr) ||
1500 ipv4_is_anycast_6to4(addr) || ipv4_is_private_192(addr) ||
1501 ipv4_is_test_198(addr) || ipv4_is_multicast(addr) ||
1502 ipv4_is_lbcast(addr)) ? 0x00 : 0x02;
1503 eui[1] = 0;
1504 eui[2] = 0x5E;
1505 eui[3] = 0xFE;
1506 memcpy(eui + 4, &addr, 4);
1507 return 0;
1508}
1509EXPORT_SYMBOL(__ipv6_isatap_ifid);
1510
1511static int addrconf_ifid_sit(u8 *eui, struct net_device *dev)
1512{
1513 if (dev->priv_flags & IFF_ISATAP)
1514 return __ipv6_isatap_ifid(eui, *(__be32 *)dev->dev_addr);
1515 return -1;
1516}
1517
1451static int ipv6_generate_eui64(u8 *eui, struct net_device *dev) 1518static int ipv6_generate_eui64(u8 *eui, struct net_device *dev)
1452{ 1519{
1453 switch (dev->type) { 1520 switch (dev->type) {
@@ -1460,8 +1527,7 @@ static int ipv6_generate_eui64(u8 *eui, struct net_device *dev)
1460 case ARPHRD_INFINIBAND: 1527 case ARPHRD_INFINIBAND:
1461 return addrconf_ifid_infiniband(eui, dev); 1528 return addrconf_ifid_infiniband(eui, dev);
1462 case ARPHRD_SIT: 1529 case ARPHRD_SIT:
1463 if (dev->priv_flags & IFF_ISATAP) 1530 return addrconf_ifid_sit(eui, dev);
1464 return ipv6_isatap_eui64(eui, *(__be32 *)dev->dev_addr);
1465 } 1531 }
1466 return -1; 1532 return -1;
1467} 1533}
@@ -1573,7 +1639,7 @@ addrconf_prefix_route(struct in6_addr *pfx, int plen, struct net_device *dev,
1573 .fc_expires = expires, 1639 .fc_expires = expires,
1574 .fc_dst_len = plen, 1640 .fc_dst_len = plen,
1575 .fc_flags = RTF_UP | flags, 1641 .fc_flags = RTF_UP | flags,
1576 .fc_nlinfo.nl_net = &init_net, 1642 .fc_nlinfo.nl_net = dev_net(dev),
1577 }; 1643 };
1578 1644
1579 ipv6_addr_copy(&cfg.fc_dst, pfx); 1645 ipv6_addr_copy(&cfg.fc_dst, pfx);
@@ -1600,7 +1666,7 @@ static void addrconf_add_mroute(struct net_device *dev)
1600 .fc_ifindex = dev->ifindex, 1666 .fc_ifindex = dev->ifindex,
1601 .fc_dst_len = 8, 1667 .fc_dst_len = 8,
1602 .fc_flags = RTF_UP, 1668 .fc_flags = RTF_UP,
1603 .fc_nlinfo.nl_net = &init_net, 1669 .fc_nlinfo.nl_net = dev_net(dev),
1604 }; 1670 };
1605 1671
1606 ipv6_addr_set(&cfg.fc_dst, htonl(0xFF000000), 0, 0, 0); 1672 ipv6_addr_set(&cfg.fc_dst, htonl(0xFF000000), 0, 0, 0);
@@ -1617,7 +1683,7 @@ static void sit_route_add(struct net_device *dev)
1617 .fc_ifindex = dev->ifindex, 1683 .fc_ifindex = dev->ifindex,
1618 .fc_dst_len = 96, 1684 .fc_dst_len = 96,
1619 .fc_flags = RTF_UP | RTF_NONEXTHOP, 1685 .fc_flags = RTF_UP | RTF_NONEXTHOP,
1620 .fc_nlinfo.nl_net = &init_net, 1686 .fc_nlinfo.nl_net = dev_net(dev),
1621 }; 1687 };
1622 1688
1623 /* prefix length - 96 bits "::d.d.d.d" */ 1689 /* prefix length - 96 bits "::d.d.d.d" */
@@ -1718,7 +1784,8 @@ void addrconf_prefix_rcv(struct net_device *dev, u8 *opt, int len)
1718 1784
1719 if (pinfo->onlink) { 1785 if (pinfo->onlink) {
1720 struct rt6_info *rt; 1786 struct rt6_info *rt;
1721 rt = rt6_lookup(&pinfo->prefix, NULL, dev->ifindex, 1); 1787 rt = rt6_lookup(dev_net(dev), &pinfo->prefix, NULL,
1788 dev->ifindex, 1);
1722 1789
1723 if (rt && ((rt->rt6i_flags & (RTF_GATEWAY | RTF_DEFAULT)) == 0)) { 1790 if (rt && ((rt->rt6i_flags & (RTF_GATEWAY | RTF_DEFAULT)) == 0)) {
1724 if (rt->rt6i_flags&RTF_EXPIRES) { 1791 if (rt->rt6i_flags&RTF_EXPIRES) {
@@ -1761,7 +1828,7 @@ void addrconf_prefix_rcv(struct net_device *dev, u8 *opt, int len)
1761 1828
1762ok: 1829ok:
1763 1830
1764 ifp = ipv6_get_ifaddr(&init_net, &addr, dev, 1); 1831 ifp = ipv6_get_ifaddr(dev_net(dev), &addr, dev, 1);
1765 1832
1766 if (ifp == NULL && valid_lft) { 1833 if (ifp == NULL && valid_lft) {
1767 int max_addresses = in6_dev->cnf.max_addresses; 1834 int max_addresses = in6_dev->cnf.max_addresses;
@@ -1887,7 +1954,7 @@ ok:
1887 * Special case for SIT interfaces where we create a new "virtual" 1954 * Special case for SIT interfaces where we create a new "virtual"
1888 * device. 1955 * device.
1889 */ 1956 */
1890int addrconf_set_dstaddr(void __user *arg) 1957int addrconf_set_dstaddr(struct net *net, void __user *arg)
1891{ 1958{
1892 struct in6_ifreq ireq; 1959 struct in6_ifreq ireq;
1893 struct net_device *dev; 1960 struct net_device *dev;
@@ -1899,7 +1966,7 @@ int addrconf_set_dstaddr(void __user *arg)
1899 if (copy_from_user(&ireq, arg, sizeof(struct in6_ifreq))) 1966 if (copy_from_user(&ireq, arg, sizeof(struct in6_ifreq)))
1900 goto err_exit; 1967 goto err_exit;
1901 1968
1902 dev = __dev_get_by_index(&init_net, ireq.ifr6_ifindex); 1969 dev = __dev_get_by_index(net, ireq.ifr6_ifindex);
1903 1970
1904 err = -ENODEV; 1971 err = -ENODEV;
1905 if (dev == NULL) 1972 if (dev == NULL)
@@ -1930,7 +1997,8 @@ int addrconf_set_dstaddr(void __user *arg)
1930 1997
1931 if (err == 0) { 1998 if (err == 0) {
1932 err = -ENOBUFS; 1999 err = -ENOBUFS;
1933 if ((dev = __dev_get_by_name(&init_net, p.name)) == NULL) 2000 dev = __dev_get_by_name(net, p.name);
2001 if (!dev)
1934 goto err_exit; 2002 goto err_exit;
1935 err = dev_open(dev); 2003 err = dev_open(dev);
1936 } 2004 }
@@ -1945,8 +2013,9 @@ err_exit:
1945/* 2013/*
1946 * Manual configuration of address on an interface 2014 * Manual configuration of address on an interface
1947 */ 2015 */
1948static int inet6_addr_add(int ifindex, struct in6_addr *pfx, int plen, 2016static int inet6_addr_add(struct net *net, int ifindex, struct in6_addr *pfx,
1949 __u8 ifa_flags, __u32 prefered_lft, __u32 valid_lft) 2017 int plen, __u8 ifa_flags, __u32 prefered_lft,
2018 __u32 valid_lft)
1950{ 2019{
1951 struct inet6_ifaddr *ifp; 2020 struct inet6_ifaddr *ifp;
1952 struct inet6_dev *idev; 2021 struct inet6_dev *idev;
@@ -1960,7 +2029,8 @@ static int inet6_addr_add(int ifindex, struct in6_addr *pfx, int plen,
1960 if (!valid_lft || prefered_lft > valid_lft) 2029 if (!valid_lft || prefered_lft > valid_lft)
1961 return -EINVAL; 2030 return -EINVAL;
1962 2031
1963 if ((dev = __dev_get_by_index(&init_net, ifindex)) == NULL) 2032 dev = __dev_get_by_index(net, ifindex);
2033 if (!dev)
1964 return -ENODEV; 2034 return -ENODEV;
1965 2035
1966 if ((idev = addrconf_add_dev(dev)) == NULL) 2036 if ((idev = addrconf_add_dev(dev)) == NULL)
@@ -2005,13 +2075,15 @@ static int inet6_addr_add(int ifindex, struct in6_addr *pfx, int plen,
2005 return PTR_ERR(ifp); 2075 return PTR_ERR(ifp);
2006} 2076}
2007 2077
2008static int inet6_addr_del(int ifindex, struct in6_addr *pfx, int plen) 2078static int inet6_addr_del(struct net *net, int ifindex, struct in6_addr *pfx,
2079 int plen)
2009{ 2080{
2010 struct inet6_ifaddr *ifp; 2081 struct inet6_ifaddr *ifp;
2011 struct inet6_dev *idev; 2082 struct inet6_dev *idev;
2012 struct net_device *dev; 2083 struct net_device *dev;
2013 2084
2014 if ((dev = __dev_get_by_index(&init_net, ifindex)) == NULL) 2085 dev = __dev_get_by_index(net, ifindex);
2086 if (!dev)
2015 return -ENODEV; 2087 return -ENODEV;
2016 2088
2017 if ((idev = __in6_dev_get(dev)) == NULL) 2089 if ((idev = __in6_dev_get(dev)) == NULL)
@@ -2039,7 +2111,7 @@ static int inet6_addr_del(int ifindex, struct in6_addr *pfx, int plen)
2039} 2111}
2040 2112
2041 2113
2042int addrconf_add_ifaddr(void __user *arg) 2114int addrconf_add_ifaddr(struct net *net, void __user *arg)
2043{ 2115{
2044 struct in6_ifreq ireq; 2116 struct in6_ifreq ireq;
2045 int err; 2117 int err;
@@ -2051,13 +2123,14 @@ int addrconf_add_ifaddr(void __user *arg)
2051 return -EFAULT; 2123 return -EFAULT;
2052 2124
2053 rtnl_lock(); 2125 rtnl_lock();
2054 err = inet6_addr_add(ireq.ifr6_ifindex, &ireq.ifr6_addr, ireq.ifr6_prefixlen, 2126 err = inet6_addr_add(net, ireq.ifr6_ifindex, &ireq.ifr6_addr,
2055 IFA_F_PERMANENT, INFINITY_LIFE_TIME, INFINITY_LIFE_TIME); 2127 ireq.ifr6_prefixlen, IFA_F_PERMANENT,
2128 INFINITY_LIFE_TIME, INFINITY_LIFE_TIME);
2056 rtnl_unlock(); 2129 rtnl_unlock();
2057 return err; 2130 return err;
2058} 2131}
2059 2132
2060int addrconf_del_ifaddr(void __user *arg) 2133int addrconf_del_ifaddr(struct net *net, void __user *arg)
2061{ 2134{
2062 struct in6_ifreq ireq; 2135 struct in6_ifreq ireq;
2063 int err; 2136 int err;
@@ -2069,7 +2142,8 @@ int addrconf_del_ifaddr(void __user *arg)
2069 return -EFAULT; 2142 return -EFAULT;
2070 2143
2071 rtnl_lock(); 2144 rtnl_lock();
2072 err = inet6_addr_del(ireq.ifr6_ifindex, &ireq.ifr6_addr, ireq.ifr6_prefixlen); 2145 err = inet6_addr_del(net, ireq.ifr6_ifindex, &ireq.ifr6_addr,
2146 ireq.ifr6_prefixlen);
2073 rtnl_unlock(); 2147 rtnl_unlock();
2074 return err; 2148 return err;
2075} 2149}
@@ -2080,6 +2154,7 @@ static void sit_add_v4_addrs(struct inet6_dev *idev)
2080 struct inet6_ifaddr * ifp; 2154 struct inet6_ifaddr * ifp;
2081 struct in6_addr addr; 2155 struct in6_addr addr;
2082 struct net_device *dev; 2156 struct net_device *dev;
2157 struct net *net = dev_net(idev->dev);
2083 int scope; 2158 int scope;
2084 2159
2085 ASSERT_RTNL(); 2160 ASSERT_RTNL();
@@ -2106,7 +2181,7 @@ static void sit_add_v4_addrs(struct inet6_dev *idev)
2106 return; 2181 return;
2107 } 2182 }
2108 2183
2109 for_each_netdev(&init_net, dev) { 2184 for_each_netdev(net, dev) {
2110 struct in_device * in_dev = __in_dev_get_rtnl(dev); 2185 struct in_device * in_dev = __in_dev_get_rtnl(dev);
2111 if (in_dev && (dev->flags & IFF_UP)) { 2186 if (in_dev && (dev->flags & IFF_UP)) {
2112 struct in_ifaddr * ifa; 2187 struct in_ifaddr * ifa;
@@ -2269,15 +2344,16 @@ ipv6_inherit_linklocal(struct inet6_dev *idev, struct net_device *link_dev)
2269static void ip6_tnl_add_linklocal(struct inet6_dev *idev) 2344static void ip6_tnl_add_linklocal(struct inet6_dev *idev)
2270{ 2345{
2271 struct net_device *link_dev; 2346 struct net_device *link_dev;
2347 struct net *net = dev_net(idev->dev);
2272 2348
2273 /* first try to inherit the link-local address from the link device */ 2349 /* first try to inherit the link-local address from the link device */
2274 if (idev->dev->iflink && 2350 if (idev->dev->iflink &&
2275 (link_dev = __dev_get_by_index(&init_net, idev->dev->iflink))) { 2351 (link_dev = __dev_get_by_index(net, idev->dev->iflink))) {
2276 if (!ipv6_inherit_linklocal(idev, link_dev)) 2352 if (!ipv6_inherit_linklocal(idev, link_dev))
2277 return; 2353 return;
2278 } 2354 }
2279 /* then try to inherit it from any device */ 2355 /* then try to inherit it from any device */
2280 for_each_netdev(&init_net, link_dev) { 2356 for_each_netdev(net, link_dev) {
2281 if (!ipv6_inherit_linklocal(idev, link_dev)) 2357 if (!ipv6_inherit_linklocal(idev, link_dev))
2282 return; 2358 return;
2283 } 2359 }
@@ -2310,9 +2386,6 @@ static int addrconf_notify(struct notifier_block *this, unsigned long event,
2310 int run_pending = 0; 2386 int run_pending = 0;
2311 int err; 2387 int err;
2312 2388
2313 if (dev->nd_net != &init_net)
2314 return NOTIFY_DONE;
2315
2316 switch(event) { 2389 switch(event) {
2317 case NETDEV_REGISTER: 2390 case NETDEV_REGISTER:
2318 if (!idev && dev->mtu >= IPV6_MIN_MTU) { 2391 if (!idev && dev->mtu >= IPV6_MIN_MTU) {
@@ -2452,6 +2525,7 @@ static int addrconf_ifdown(struct net_device *dev, int how)
2452{ 2525{
2453 struct inet6_dev *idev; 2526 struct inet6_dev *idev;
2454 struct inet6_ifaddr *ifa, **bifa; 2527 struct inet6_ifaddr *ifa, **bifa;
2528 struct net *net = dev_net(dev);
2455 int i; 2529 int i;
2456 2530
2457 ASSERT_RTNL(); 2531 ASSERT_RTNL();
@@ -2459,7 +2533,7 @@ static int addrconf_ifdown(struct net_device *dev, int how)
2459 if ((dev->flags & IFF_LOOPBACK) && how == 1) 2533 if ((dev->flags & IFF_LOOPBACK) && how == 1)
2460 how = 0; 2534 how = 0;
2461 2535
2462 rt6_ifdown(dev); 2536 rt6_ifdown(net, dev);
2463 neigh_ifdown(&nd_tbl, dev); 2537 neigh_ifdown(&nd_tbl, dev);
2464 2538
2465 idev = __in6_dev_get(dev); 2539 idev = __in6_dev_get(dev);
@@ -2578,8 +2652,6 @@ static void addrconf_rs_timer(unsigned long data)
2578 2652
2579 spin_lock(&ifp->lock); 2653 spin_lock(&ifp->lock);
2580 if (ifp->probes++ < ifp->idev->cnf.rtr_solicits) { 2654 if (ifp->probes++ < ifp->idev->cnf.rtr_solicits) {
2581 struct in6_addr all_routers;
2582
2583 /* The wait after the last probe can be shorter */ 2655 /* The wait after the last probe can be shorter */
2584 addrconf_mod_timer(ifp, AC_RS, 2656 addrconf_mod_timer(ifp, AC_RS,
2585 (ifp->probes == ifp->idev->cnf.rtr_solicits) ? 2657 (ifp->probes == ifp->idev->cnf.rtr_solicits) ?
@@ -2587,9 +2659,7 @@ static void addrconf_rs_timer(unsigned long data)
2587 ifp->idev->cnf.rtr_solicit_interval); 2659 ifp->idev->cnf.rtr_solicit_interval);
2588 spin_unlock(&ifp->lock); 2660 spin_unlock(&ifp->lock);
2589 2661
2590 ipv6_addr_all_routers(&all_routers); 2662 ndisc_send_rs(ifp->idev->dev, &ifp->addr, &in6addr_linklocal_allrouters);
2591
2592 ndisc_send_rs(ifp->idev->dev, &ifp->addr, &all_routers);
2593 } else { 2663 } else {
2594 spin_unlock(&ifp->lock); 2664 spin_unlock(&ifp->lock);
2595 /* 2665 /*
@@ -2676,7 +2746,6 @@ static void addrconf_dad_timer(unsigned long data)
2676{ 2746{
2677 struct inet6_ifaddr *ifp = (struct inet6_ifaddr *) data; 2747 struct inet6_ifaddr *ifp = (struct inet6_ifaddr *) data;
2678 struct inet6_dev *idev = ifp->idev; 2748 struct inet6_dev *idev = ifp->idev;
2679 struct in6_addr unspec;
2680 struct in6_addr mcaddr; 2749 struct in6_addr mcaddr;
2681 2750
2682 read_lock_bh(&idev->lock); 2751 read_lock_bh(&idev->lock);
@@ -2705,9 +2774,8 @@ static void addrconf_dad_timer(unsigned long data)
2705 read_unlock_bh(&idev->lock); 2774 read_unlock_bh(&idev->lock);
2706 2775
2707 /* send a neighbour solicitation for our addr */ 2776 /* send a neighbour solicitation for our addr */
2708 memset(&unspec, 0, sizeof(unspec));
2709 addrconf_addr_solict_mult(&ifp->addr, &mcaddr); 2777 addrconf_addr_solict_mult(&ifp->addr, &mcaddr);
2710 ndisc_send_ns(ifp->idev->dev, NULL, &ifp->addr, &mcaddr, &unspec); 2778 ndisc_send_ns(ifp->idev->dev, NULL, &ifp->addr, &mcaddr, &in6addr_any);
2711out: 2779out:
2712 in6_ifa_put(ifp); 2780 in6_ifa_put(ifp);
2713} 2781}
@@ -2730,16 +2798,12 @@ static void addrconf_dad_completed(struct inet6_ifaddr *ifp)
2730 ifp->idev->cnf.rtr_solicits > 0 && 2798 ifp->idev->cnf.rtr_solicits > 0 &&
2731 (dev->flags&IFF_LOOPBACK) == 0 && 2799 (dev->flags&IFF_LOOPBACK) == 0 &&
2732 (ipv6_addr_type(&ifp->addr) & IPV6_ADDR_LINKLOCAL)) { 2800 (ipv6_addr_type(&ifp->addr) & IPV6_ADDR_LINKLOCAL)) {
2733 struct in6_addr all_routers;
2734
2735 ipv6_addr_all_routers(&all_routers);
2736
2737 /* 2801 /*
2738 * If a host as already performed a random delay 2802 * If a host as already performed a random delay
2739 * [...] as part of DAD [...] there is no need 2803 * [...] as part of DAD [...] there is no need
2740 * to delay again before sending the first RS 2804 * to delay again before sending the first RS
2741 */ 2805 */
2742 ndisc_send_rs(ifp->idev->dev, &ifp->addr, &all_routers); 2806 ndisc_send_rs(ifp->idev->dev, &ifp->addr, &in6addr_linklocal_allrouters);
2743 2807
2744 spin_lock_bh(&ifp->lock); 2808 spin_lock_bh(&ifp->lock);
2745 ifp->probes = 1; 2809 ifp->probes = 1;
@@ -2775,12 +2839,12 @@ static struct inet6_ifaddr *if6_get_first(struct seq_file *seq)
2775{ 2839{
2776 struct inet6_ifaddr *ifa = NULL; 2840 struct inet6_ifaddr *ifa = NULL;
2777 struct if6_iter_state *state = seq->private; 2841 struct if6_iter_state *state = seq->private;
2778 struct net *net = state->p.net; 2842 struct net *net = seq_file_net(seq);
2779 2843
2780 for (state->bucket = 0; state->bucket < IN6_ADDR_HSIZE; ++state->bucket) { 2844 for (state->bucket = 0; state->bucket < IN6_ADDR_HSIZE; ++state->bucket) {
2781 ifa = inet6_addr_lst[state->bucket]; 2845 ifa = inet6_addr_lst[state->bucket];
2782 2846
2783 while (ifa && ifa->idev->dev->nd_net != net) 2847 while (ifa && !net_eq(dev_net(ifa->idev->dev), net))
2784 ifa = ifa->lst_next; 2848 ifa = ifa->lst_next;
2785 if (ifa) 2849 if (ifa)
2786 break; 2850 break;
@@ -2791,12 +2855,12 @@ static struct inet6_ifaddr *if6_get_first(struct seq_file *seq)
2791static struct inet6_ifaddr *if6_get_next(struct seq_file *seq, struct inet6_ifaddr *ifa) 2855static struct inet6_ifaddr *if6_get_next(struct seq_file *seq, struct inet6_ifaddr *ifa)
2792{ 2856{
2793 struct if6_iter_state *state = seq->private; 2857 struct if6_iter_state *state = seq->private;
2794 struct net *net = state->p.net; 2858 struct net *net = seq_file_net(seq);
2795 2859
2796 ifa = ifa->lst_next; 2860 ifa = ifa->lst_next;
2797try_again: 2861try_again:
2798 if (ifa) { 2862 if (ifa) {
2799 if (ifa->idev->dev->nd_net != net) { 2863 if (!net_eq(dev_net(ifa->idev->dev), net)) {
2800 ifa = ifa->lst_next; 2864 ifa = ifa->lst_next;
2801 goto try_again; 2865 goto try_again;
2802 } 2866 }
@@ -2914,9 +2978,9 @@ int ipv6_chk_home_addr(struct net *net, struct in6_addr *addr)
2914 u8 hash = ipv6_addr_hash(addr); 2978 u8 hash = ipv6_addr_hash(addr);
2915 read_lock_bh(&addrconf_hash_lock); 2979 read_lock_bh(&addrconf_hash_lock);
2916 for (ifp = inet6_addr_lst[hash]; ifp; ifp = ifp->lst_next) { 2980 for (ifp = inet6_addr_lst[hash]; ifp; ifp = ifp->lst_next) {
2917 if (ifp->idev->dev->nd_net != net) 2981 if (!net_eq(dev_net(ifp->idev->dev), net))
2918 continue; 2982 continue;
2919 if (ipv6_addr_cmp(&ifp->addr, addr) == 0 && 2983 if (ipv6_addr_equal(&ifp->addr, addr) &&
2920 (ifp->flags & IFA_F_HOMEADDRESS)) { 2984 (ifp->flags & IFA_F_HOMEADDRESS)) {
2921 ret = 1; 2985 ret = 1;
2922 break; 2986 break;
@@ -3063,15 +3127,12 @@ static const struct nla_policy ifa_ipv6_policy[IFA_MAX+1] = {
3063static int 3127static int
3064inet6_rtm_deladdr(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg) 3128inet6_rtm_deladdr(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg)
3065{ 3129{
3066 struct net *net = skb->sk->sk_net; 3130 struct net *net = sock_net(skb->sk);
3067 struct ifaddrmsg *ifm; 3131 struct ifaddrmsg *ifm;
3068 struct nlattr *tb[IFA_MAX+1]; 3132 struct nlattr *tb[IFA_MAX+1];
3069 struct in6_addr *pfx; 3133 struct in6_addr *pfx;
3070 int err; 3134 int err;
3071 3135
3072 if (net != &init_net)
3073 return -EINVAL;
3074
3075 err = nlmsg_parse(nlh, sizeof(*ifm), tb, IFA_MAX, ifa_ipv6_policy); 3136 err = nlmsg_parse(nlh, sizeof(*ifm), tb, IFA_MAX, ifa_ipv6_policy);
3076 if (err < 0) 3137 if (err < 0)
3077 return err; 3138 return err;
@@ -3081,7 +3142,7 @@ inet6_rtm_deladdr(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg)
3081 if (pfx == NULL) 3142 if (pfx == NULL)
3082 return -EINVAL; 3143 return -EINVAL;
3083 3144
3084 return inet6_addr_del(ifm->ifa_index, pfx, ifm->ifa_prefixlen); 3145 return inet6_addr_del(net, ifm->ifa_index, pfx, ifm->ifa_prefixlen);
3085} 3146}
3086 3147
3087static int inet6_addr_modify(struct inet6_ifaddr *ifp, u8 ifa_flags, 3148static int inet6_addr_modify(struct inet6_ifaddr *ifp, u8 ifa_flags,
@@ -3124,7 +3185,7 @@ static int inet6_addr_modify(struct inet6_ifaddr *ifp, u8 ifa_flags,
3124static int 3185static int
3125inet6_rtm_newaddr(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg) 3186inet6_rtm_newaddr(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg)
3126{ 3187{
3127 struct net *net = skb->sk->sk_net; 3188 struct net *net = sock_net(skb->sk);
3128 struct ifaddrmsg *ifm; 3189 struct ifaddrmsg *ifm;
3129 struct nlattr *tb[IFA_MAX+1]; 3190 struct nlattr *tb[IFA_MAX+1];
3130 struct in6_addr *pfx; 3191 struct in6_addr *pfx;
@@ -3134,9 +3195,6 @@ inet6_rtm_newaddr(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg)
3134 u8 ifa_flags; 3195 u8 ifa_flags;
3135 int err; 3196 int err;
3136 3197
3137 if (net != &init_net)
3138 return -EINVAL;
3139
3140 err = nlmsg_parse(nlh, sizeof(*ifm), tb, IFA_MAX, ifa_ipv6_policy); 3198 err = nlmsg_parse(nlh, sizeof(*ifm), tb, IFA_MAX, ifa_ipv6_policy);
3141 if (err < 0) 3199 if (err < 0)
3142 return err; 3200 return err;
@@ -3157,7 +3215,7 @@ inet6_rtm_newaddr(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg)
3157 valid_lft = INFINITY_LIFE_TIME; 3215 valid_lft = INFINITY_LIFE_TIME;
3158 } 3216 }
3159 3217
3160 dev = __dev_get_by_index(&init_net, ifm->ifa_index); 3218 dev = __dev_get_by_index(net, ifm->ifa_index);
3161 if (dev == NULL) 3219 if (dev == NULL)
3162 return -ENODEV; 3220 return -ENODEV;
3163 3221
@@ -3170,8 +3228,9 @@ inet6_rtm_newaddr(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg)
3170 * It would be best to check for !NLM_F_CREATE here but 3228 * It would be best to check for !NLM_F_CREATE here but
3171 * userspace alreay relies on not having to provide this. 3229 * userspace alreay relies on not having to provide this.
3172 */ 3230 */
3173 return inet6_addr_add(ifm->ifa_index, pfx, ifm->ifa_prefixlen, 3231 return inet6_addr_add(net, ifm->ifa_index, pfx,
3174 ifa_flags, preferred_lft, valid_lft); 3232 ifm->ifa_prefixlen, ifa_flags,
3233 preferred_lft, valid_lft);
3175 } 3234 }
3176 3235
3177 if (nlh->nlmsg_flags & NLM_F_EXCL || 3236 if (nlh->nlmsg_flags & NLM_F_EXCL ||
@@ -3336,12 +3395,13 @@ static int inet6_dump_addr(struct sk_buff *skb, struct netlink_callback *cb,
3336 struct inet6_ifaddr *ifa; 3395 struct inet6_ifaddr *ifa;
3337 struct ifmcaddr6 *ifmca; 3396 struct ifmcaddr6 *ifmca;
3338 struct ifacaddr6 *ifaca; 3397 struct ifacaddr6 *ifaca;
3398 struct net *net = sock_net(skb->sk);
3339 3399
3340 s_idx = cb->args[0]; 3400 s_idx = cb->args[0];
3341 s_ip_idx = ip_idx = cb->args[1]; 3401 s_ip_idx = ip_idx = cb->args[1];
3342 3402
3343 idx = 0; 3403 idx = 0;
3344 for_each_netdev(&init_net, dev) { 3404 for_each_netdev(net, dev) {
3345 if (idx < s_idx) 3405 if (idx < s_idx)
3346 goto cont; 3406 goto cont;
3347 if (idx > s_idx) 3407 if (idx > s_idx)
@@ -3408,42 +3468,30 @@ cont:
3408 3468
3409static int inet6_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb) 3469static int inet6_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb)
3410{ 3470{
3411 struct net *net = skb->sk->sk_net;
3412 enum addr_type_t type = UNICAST_ADDR; 3471 enum addr_type_t type = UNICAST_ADDR;
3413 3472
3414 if (net != &init_net)
3415 return 0;
3416
3417 return inet6_dump_addr(skb, cb, type); 3473 return inet6_dump_addr(skb, cb, type);
3418} 3474}
3419 3475
3420static int inet6_dump_ifmcaddr(struct sk_buff *skb, struct netlink_callback *cb) 3476static int inet6_dump_ifmcaddr(struct sk_buff *skb, struct netlink_callback *cb)
3421{ 3477{
3422 struct net *net = skb->sk->sk_net;
3423 enum addr_type_t type = MULTICAST_ADDR; 3478 enum addr_type_t type = MULTICAST_ADDR;
3424 3479
3425 if (net != &init_net)
3426 return 0;
3427
3428 return inet6_dump_addr(skb, cb, type); 3480 return inet6_dump_addr(skb, cb, type);
3429} 3481}
3430 3482
3431 3483
3432static int inet6_dump_ifacaddr(struct sk_buff *skb, struct netlink_callback *cb) 3484static int inet6_dump_ifacaddr(struct sk_buff *skb, struct netlink_callback *cb)
3433{ 3485{
3434 struct net *net = skb->sk->sk_net;
3435 enum addr_type_t type = ANYCAST_ADDR; 3486 enum addr_type_t type = ANYCAST_ADDR;
3436 3487
3437 if (net != &init_net)
3438 return 0;
3439
3440 return inet6_dump_addr(skb, cb, type); 3488 return inet6_dump_addr(skb, cb, type);
3441} 3489}
3442 3490
3443static int inet6_rtm_getaddr(struct sk_buff *in_skb, struct nlmsghdr* nlh, 3491static int inet6_rtm_getaddr(struct sk_buff *in_skb, struct nlmsghdr* nlh,
3444 void *arg) 3492 void *arg)
3445{ 3493{
3446 struct net *net = in_skb->sk->sk_net; 3494 struct net *net = sock_net(in_skb->sk);
3447 struct ifaddrmsg *ifm; 3495 struct ifaddrmsg *ifm;
3448 struct nlattr *tb[IFA_MAX+1]; 3496 struct nlattr *tb[IFA_MAX+1];
3449 struct in6_addr *addr = NULL; 3497 struct in6_addr *addr = NULL;
@@ -3452,9 +3500,6 @@ static int inet6_rtm_getaddr(struct sk_buff *in_skb, struct nlmsghdr* nlh,
3452 struct sk_buff *skb; 3500 struct sk_buff *skb;
3453 int err; 3501 int err;
3454 3502
3455 if (net != &init_net)
3456 return -EINVAL;
3457
3458 err = nlmsg_parse(nlh, sizeof(*ifm), tb, IFA_MAX, ifa_ipv6_policy); 3503 err = nlmsg_parse(nlh, sizeof(*ifm), tb, IFA_MAX, ifa_ipv6_policy);
3459 if (err < 0) 3504 if (err < 0)
3460 goto errout; 3505 goto errout;
@@ -3467,7 +3512,7 @@ static int inet6_rtm_getaddr(struct sk_buff *in_skb, struct nlmsghdr* nlh,
3467 3512
3468 ifm = nlmsg_data(nlh); 3513 ifm = nlmsg_data(nlh);
3469 if (ifm->ifa_index) 3514 if (ifm->ifa_index)
3470 dev = __dev_get_by_index(&init_net, ifm->ifa_index); 3515 dev = __dev_get_by_index(net, ifm->ifa_index);
3471 3516
3472 if ((ifa = ipv6_get_ifaddr(net, addr, dev, 1)) == NULL) { 3517 if ((ifa = ipv6_get_ifaddr(net, addr, dev, 1)) == NULL) {
3473 err = -EADDRNOTAVAIL; 3518 err = -EADDRNOTAVAIL;
@@ -3487,7 +3532,7 @@ static int inet6_rtm_getaddr(struct sk_buff *in_skb, struct nlmsghdr* nlh,
3487 kfree_skb(skb); 3532 kfree_skb(skb);
3488 goto errout_ifa; 3533 goto errout_ifa;
3489 } 3534 }
3490 err = rtnl_unicast(skb, &init_net, NETLINK_CB(in_skb).pid); 3535 err = rtnl_unicast(skb, net, NETLINK_CB(in_skb).pid);
3491errout_ifa: 3536errout_ifa:
3492 in6_ifa_put(ifa); 3537 in6_ifa_put(ifa);
3493errout: 3538errout:
@@ -3497,6 +3542,7 @@ errout:
3497static void inet6_ifa_notify(int event, struct inet6_ifaddr *ifa) 3542static void inet6_ifa_notify(int event, struct inet6_ifaddr *ifa)
3498{ 3543{
3499 struct sk_buff *skb; 3544 struct sk_buff *skb;
3545 struct net *net = dev_net(ifa->idev->dev);
3500 int err = -ENOBUFS; 3546 int err = -ENOBUFS;
3501 3547
3502 skb = nlmsg_new(inet6_ifaddr_msgsize(), GFP_ATOMIC); 3548 skb = nlmsg_new(inet6_ifaddr_msgsize(), GFP_ATOMIC);
@@ -3510,10 +3556,10 @@ static void inet6_ifa_notify(int event, struct inet6_ifaddr *ifa)
3510 kfree_skb(skb); 3556 kfree_skb(skb);
3511 goto errout; 3557 goto errout;
3512 } 3558 }
3513 err = rtnl_notify(skb, &init_net, 0, RTNLGRP_IPV6_IFADDR, NULL, GFP_ATOMIC); 3559 err = rtnl_notify(skb, net, 0, RTNLGRP_IPV6_IFADDR, NULL, GFP_ATOMIC);
3514errout: 3560errout:
3515 if (err < 0) 3561 if (err < 0)
3516 rtnl_set_sk_err(&init_net, RTNLGRP_IPV6_IFADDR, err); 3562 rtnl_set_sk_err(net, RTNLGRP_IPV6_IFADDR, err);
3517} 3563}
3518 3564
3519static inline void ipv6_store_devconf(struct ipv6_devconf *cnf, 3565static inline void ipv6_store_devconf(struct ipv6_devconf *cnf,
@@ -3555,6 +3601,9 @@ static inline void ipv6_store_devconf(struct ipv6_devconf *cnf,
3555#ifdef CONFIG_IPV6_OPTIMISTIC_DAD 3601#ifdef CONFIG_IPV6_OPTIMISTIC_DAD
3556 array[DEVCONF_OPTIMISTIC_DAD] = cnf->optimistic_dad; 3602 array[DEVCONF_OPTIMISTIC_DAD] = cnf->optimistic_dad;
3557#endif 3603#endif
3604#ifdef CONFIG_IPV6_MROUTE
3605 array[DEVCONF_MC_FORWARDING] = cnf->mc_forwarding;
3606#endif
3558} 3607}
3559 3608
3560static inline size_t inet6_if_nlmsg_size(void) 3609static inline size_t inet6_if_nlmsg_size(void)
@@ -3672,18 +3721,15 @@ nla_put_failure:
3672 3721
3673static int inet6_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb) 3722static int inet6_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb)
3674{ 3723{
3675 struct net *net = skb->sk->sk_net; 3724 struct net *net = sock_net(skb->sk);
3676 int idx, err; 3725 int idx, err;
3677 int s_idx = cb->args[0]; 3726 int s_idx = cb->args[0];
3678 struct net_device *dev; 3727 struct net_device *dev;
3679 struct inet6_dev *idev; 3728 struct inet6_dev *idev;
3680 3729
3681 if (net != &init_net)
3682 return 0;
3683
3684 read_lock(&dev_base_lock); 3730 read_lock(&dev_base_lock);
3685 idx = 0; 3731 idx = 0;
3686 for_each_netdev(&init_net, dev) { 3732 for_each_netdev(net, dev) {
3687 if (idx < s_idx) 3733 if (idx < s_idx)
3688 goto cont; 3734 goto cont;
3689 if ((idev = in6_dev_get(dev)) == NULL) 3735 if ((idev = in6_dev_get(dev)) == NULL)
@@ -3705,6 +3751,7 @@ cont:
3705void inet6_ifinfo_notify(int event, struct inet6_dev *idev) 3751void inet6_ifinfo_notify(int event, struct inet6_dev *idev)
3706{ 3752{
3707 struct sk_buff *skb; 3753 struct sk_buff *skb;
3754 struct net *net = dev_net(idev->dev);
3708 int err = -ENOBUFS; 3755 int err = -ENOBUFS;
3709 3756
3710 skb = nlmsg_new(inet6_if_nlmsg_size(), GFP_ATOMIC); 3757 skb = nlmsg_new(inet6_if_nlmsg_size(), GFP_ATOMIC);
@@ -3718,10 +3765,10 @@ void inet6_ifinfo_notify(int event, struct inet6_dev *idev)
3718 kfree_skb(skb); 3765 kfree_skb(skb);
3719 goto errout; 3766 goto errout;
3720 } 3767 }
3721 err = rtnl_notify(skb, &init_net, 0, RTNLGRP_IPV6_IFADDR, NULL, GFP_ATOMIC); 3768 err = rtnl_notify(skb, net, 0, RTNLGRP_IPV6_IFADDR, NULL, GFP_ATOMIC);
3722errout: 3769errout:
3723 if (err < 0) 3770 if (err < 0)
3724 rtnl_set_sk_err(&init_net, RTNLGRP_IPV6_IFADDR, err); 3771 rtnl_set_sk_err(net, RTNLGRP_IPV6_IFADDR, err);
3725} 3772}
3726 3773
3727static inline size_t inet6_prefix_nlmsg_size(void) 3774static inline size_t inet6_prefix_nlmsg_size(void)
@@ -3774,6 +3821,7 @@ static void inet6_prefix_notify(int event, struct inet6_dev *idev,
3774 struct prefix_info *pinfo) 3821 struct prefix_info *pinfo)
3775{ 3822{
3776 struct sk_buff *skb; 3823 struct sk_buff *skb;
3824 struct net *net = dev_net(idev->dev);
3777 int err = -ENOBUFS; 3825 int err = -ENOBUFS;
3778 3826
3779 skb = nlmsg_new(inet6_prefix_nlmsg_size(), GFP_ATOMIC); 3827 skb = nlmsg_new(inet6_prefix_nlmsg_size(), GFP_ATOMIC);
@@ -3787,10 +3835,10 @@ static void inet6_prefix_notify(int event, struct inet6_dev *idev,
3787 kfree_skb(skb); 3835 kfree_skb(skb);
3788 goto errout; 3836 goto errout;
3789 } 3837 }
3790 err = rtnl_notify(skb, &init_net, 0, RTNLGRP_IPV6_PREFIX, NULL, GFP_ATOMIC); 3838 err = rtnl_notify(skb, net, 0, RTNLGRP_IPV6_PREFIX, NULL, GFP_ATOMIC);
3791errout: 3839errout:
3792 if (err < 0) 3840 if (err < 0)
3793 rtnl_set_sk_err(&init_net, RTNLGRP_IPV6_PREFIX, err); 3841 rtnl_set_sk_err(net, RTNLGRP_IPV6_PREFIX, err);
3794} 3842}
3795 3843
3796static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp) 3844static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp)
@@ -3886,7 +3934,7 @@ static int addrconf_sysctl_forward_strategy(ctl_table *table,
3886static struct addrconf_sysctl_table 3934static struct addrconf_sysctl_table
3887{ 3935{
3888 struct ctl_table_header *sysctl_header; 3936 struct ctl_table_header *sysctl_header;
3889 ctl_table addrconf_vars[__NET_IPV6_MAX]; 3937 ctl_table addrconf_vars[DEVCONF_MAX+1];
3890 char *dev_name; 3938 char *dev_name;
3891} addrconf_sysctl __read_mostly = { 3939} addrconf_sysctl __read_mostly = {
3892 .sysctl_header = NULL, 3940 .sysctl_header = NULL,
@@ -4104,6 +4152,16 @@ static struct addrconf_sysctl_table
4104 4152
4105 }, 4153 },
4106#endif 4154#endif
4155#ifdef CONFIG_IPV6_MROUTE
4156 {
4157 .ctl_name = CTL_UNNUMBERED,
4158 .procname = "mc_forwarding",
4159 .data = &ipv6_devconf.mc_forwarding,
4160 .maxlen = sizeof(int),
4161 .mode = 0644,
4162 .proc_handler = &proc_dointvec,
4163 },
4164#endif
4107 { 4165 {
4108 .ctl_name = 0, /* sentinel */ 4166 .ctl_name = 0, /* sentinel */
4109 } 4167 }
@@ -4185,7 +4243,7 @@ static void addrconf_sysctl_register(struct inet6_dev *idev)
4185 NET_IPV6_NEIGH, "ipv6", 4243 NET_IPV6_NEIGH, "ipv6",
4186 &ndisc_ifinfo_sysctl_change, 4244 &ndisc_ifinfo_sysctl_change,
4187 NULL); 4245 NULL);
4188 __addrconf_sysctl_register(idev->dev->nd_net, idev->dev->name, 4246 __addrconf_sysctl_register(dev_net(idev->dev), idev->dev->name,
4189 idev->dev->ifindex, idev, &idev->cnf); 4247 idev->dev->ifindex, idev, &idev->cnf);
4190} 4248}
4191 4249
@@ -4280,6 +4338,32 @@ int unregister_inet6addr_notifier(struct notifier_block *nb)
4280 4338
4281EXPORT_SYMBOL(unregister_inet6addr_notifier); 4339EXPORT_SYMBOL(unregister_inet6addr_notifier);
4282 4340
4341
4342static int addrconf_net_init(struct net *net)
4343{
4344 return 0;
4345}
4346
4347static void addrconf_net_exit(struct net *net)
4348{
4349 struct net_device *dev;
4350
4351 rtnl_lock();
4352 /* clean dev list */
4353 for_each_netdev(net, dev) {
4354 if (__in6_dev_get(dev) == NULL)
4355 continue;
4356 addrconf_ifdown(dev, 1);
4357 }
4358 addrconf_ifdown(net->loopback_dev, 2);
4359 rtnl_unlock();
4360}
4361
4362static struct pernet_operations addrconf_net_ops = {
4363 .init = addrconf_net_init,
4364 .exit = addrconf_net_exit,
4365};
4366
4283/* 4367/*
4284 * Init / cleanup code 4368 * Init / cleanup code
4285 */ 4369 */
@@ -4321,14 +4405,9 @@ int __init addrconf_init(void)
4321 if (err) 4405 if (err)
4322 goto errlo; 4406 goto errlo;
4323 4407
4324 ip6_null_entry.u.dst.dev = init_net.loopback_dev; 4408 err = register_pernet_device(&addrconf_net_ops);
4325 ip6_null_entry.rt6i_idev = in6_dev_get(init_net.loopback_dev); 4409 if (err)
4326#ifdef CONFIG_IPV6_MULTIPLE_TABLES 4410 return err;
4327 ip6_prohibit_entry.u.dst.dev = init_net.loopback_dev;
4328 ip6_prohibit_entry.rt6i_idev = in6_dev_get(init_net.loopback_dev);
4329 ip6_blk_hole_entry.u.dst.dev = init_net.loopback_dev;
4330 ip6_blk_hole_entry.rt6i_idev = in6_dev_get(init_net.loopback_dev);
4331#endif
4332 4411
4333 register_netdevice_notifier(&ipv6_dev_notf); 4412 register_netdevice_notifier(&ipv6_dev_notf);
4334 4413
@@ -4358,31 +4437,19 @@ errlo:
4358 4437
4359void addrconf_cleanup(void) 4438void addrconf_cleanup(void)
4360{ 4439{
4361 struct net_device *dev;
4362 struct inet6_ifaddr *ifa; 4440 struct inet6_ifaddr *ifa;
4363 int i; 4441 int i;
4364 4442
4365 unregister_netdevice_notifier(&ipv6_dev_notf); 4443 unregister_netdevice_notifier(&ipv6_dev_notf);
4444 unregister_pernet_device(&addrconf_net_ops);
4366 4445
4367 unregister_pernet_subsys(&addrconf_ops); 4446 unregister_pernet_subsys(&addrconf_ops);
4368 4447
4369 rtnl_lock(); 4448 rtnl_lock();
4370 4449
4371 /* 4450 /*
4372 * clean dev list.
4373 */
4374
4375 for_each_netdev(&init_net, dev) {
4376 if (__in6_dev_get(dev) == NULL)
4377 continue;
4378 addrconf_ifdown(dev, 1);
4379 }
4380 addrconf_ifdown(init_net.loopback_dev, 2);
4381
4382 /*
4383 * Check hash table. 4451 * Check hash table.
4384 */ 4452 */
4385
4386 write_lock_bh(&addrconf_hash_lock); 4453 write_lock_bh(&addrconf_hash_lock);
4387 for (i=0; i < IN6_ADDR_HSIZE; i++) { 4454 for (i=0; i < IN6_ADDR_HSIZE; i++) {
4388 for (ifa=inet6_addr_lst[i]; ifa; ) { 4455 for (ifa=inet6_addr_lst[i]; ifa; ) {
@@ -4399,6 +4466,7 @@ void addrconf_cleanup(void)
4399 write_unlock_bh(&addrconf_hash_lock); 4466 write_unlock_bh(&addrconf_hash_lock);
4400 4467
4401 del_timer(&addr_chk_timer); 4468 del_timer(&addr_chk_timer);
4402
4403 rtnl_unlock(); 4469 rtnl_unlock();
4470
4471 unregister_pernet_subsys(&addrconf_net_ops);
4404} 4472}
diff --git a/net/ipv6/addrlabel.c b/net/ipv6/addrlabel.c
index a3c5a72218fd..9bfa8846f262 100644
--- a/net/ipv6/addrlabel.c
+++ b/net/ipv6/addrlabel.c
@@ -58,6 +58,7 @@ static struct ip6addrlbl_table
58 * ::ffff:0:0/96 V4MAPPED 4 58 * ::ffff:0:0/96 V4MAPPED 4
59 * fc00::/7 N/A 5 ULA (RFC 4193) 59 * fc00::/7 N/A 5 ULA (RFC 4193)
60 * 2001::/32 N/A 6 Teredo (RFC 4380) 60 * 2001::/32 N/A 6 Teredo (RFC 4380)
61 * 2001:10::/28 N/A 7 ORCHID (RFC 4843)
61 * 62 *
62 * Note: 0xffffffff is used if we do not have any policies. 63 * Note: 0xffffffff is used if we do not have any policies.
63 */ 64 */
@@ -85,6 +86,10 @@ static const __initdata struct ip6addrlbl_init_table
85 .prefix = &(struct in6_addr){{{ 0x20, 0x01 }}}, 86 .prefix = &(struct in6_addr){{{ 0x20, 0x01 }}},
86 .prefixlen = 32, 87 .prefixlen = 32,
87 .label = 6, 88 .label = 6,
89 },{ /* 2001:10::/28 */
90 .prefix = &(struct in6_addr){{{ 0x20, 0x01, 0x00, 0x10 }}},
91 .prefixlen = 28,
92 .label = 7,
88 },{ /* ::ffff:0:0 */ 93 },{ /* ::ffff:0:0 */
89 .prefix = &(struct in6_addr){{{ [10] = 0xff, [11] = 0xff }}}, 94 .prefix = &(struct in6_addr){{{ [10] = 0xff, [11] = 0xff }}},
90 .prefixlen = 96, 95 .prefixlen = 96,
@@ -161,7 +166,7 @@ u32 ipv6_addr_label(const struct in6_addr *addr, int type, int ifindex)
161 rcu_read_unlock(); 166 rcu_read_unlock();
162 167
163 ADDRLABEL(KERN_DEBUG "%s(addr=" NIP6_FMT ", type=%d, ifindex=%d) => %08x\n", 168 ADDRLABEL(KERN_DEBUG "%s(addr=" NIP6_FMT ", type=%d, ifindex=%d) => %08x\n",
164 __FUNCTION__, 169 __func__,
165 NIP6(*addr), type, ifindex, 170 NIP6(*addr), type, ifindex,
166 label); 171 label);
167 172
@@ -177,7 +182,7 @@ static struct ip6addrlbl_entry *ip6addrlbl_alloc(const struct in6_addr *prefix,
177 int addrtype; 182 int addrtype;
178 183
179 ADDRLABEL(KERN_DEBUG "%s(prefix=" NIP6_FMT ", prefixlen=%d, ifindex=%d, label=%u)\n", 184 ADDRLABEL(KERN_DEBUG "%s(prefix=" NIP6_FMT ", prefixlen=%d, ifindex=%d, label=%u)\n",
180 __FUNCTION__, 185 __func__,
181 NIP6(*prefix), prefixlen, 186 NIP6(*prefix), prefixlen,
182 ifindex, 187 ifindex,
183 (unsigned int)label); 188 (unsigned int)label);
@@ -221,7 +226,7 @@ static int __ip6addrlbl_add(struct ip6addrlbl_entry *newp, int replace)
221 int ret = 0; 226 int ret = 0;
222 227
223 ADDRLABEL(KERN_DEBUG "%s(newp=%p, replace=%d)\n", 228 ADDRLABEL(KERN_DEBUG "%s(newp=%p, replace=%d)\n",
224 __FUNCTION__, 229 __func__,
225 newp, replace); 230 newp, replace);
226 231
227 if (hlist_empty(&ip6addrlbl_table.head)) { 232 if (hlist_empty(&ip6addrlbl_table.head)) {
@@ -263,7 +268,7 @@ static int ip6addrlbl_add(const struct in6_addr *prefix, int prefixlen,
263 int ret = 0; 268 int ret = 0;
264 269
265 ADDRLABEL(KERN_DEBUG "%s(prefix=" NIP6_FMT ", prefixlen=%d, ifindex=%d, label=%u, replace=%d)\n", 270 ADDRLABEL(KERN_DEBUG "%s(prefix=" NIP6_FMT ", prefixlen=%d, ifindex=%d, label=%u, replace=%d)\n",
266 __FUNCTION__, 271 __func__,
267 NIP6(*prefix), prefixlen, 272 NIP6(*prefix), prefixlen,
268 ifindex, 273 ifindex,
269 (unsigned int)label, 274 (unsigned int)label,
@@ -289,7 +294,7 @@ static int __ip6addrlbl_del(const struct in6_addr *prefix, int prefixlen,
289 int ret = -ESRCH; 294 int ret = -ESRCH;
290 295
291 ADDRLABEL(KERN_DEBUG "%s(prefix=" NIP6_FMT ", prefixlen=%d, ifindex=%d)\n", 296 ADDRLABEL(KERN_DEBUG "%s(prefix=" NIP6_FMT ", prefixlen=%d, ifindex=%d)\n",
292 __FUNCTION__, 297 __func__,
293 NIP6(*prefix), prefixlen, 298 NIP6(*prefix), prefixlen,
294 ifindex); 299 ifindex);
295 300
@@ -313,7 +318,7 @@ static int ip6addrlbl_del(const struct in6_addr *prefix, int prefixlen,
313 int ret; 318 int ret;
314 319
315 ADDRLABEL(KERN_DEBUG "%s(prefix=" NIP6_FMT ", prefixlen=%d, ifindex=%d)\n", 320 ADDRLABEL(KERN_DEBUG "%s(prefix=" NIP6_FMT ", prefixlen=%d, ifindex=%d)\n",
316 __FUNCTION__, 321 __func__,
317 NIP6(*prefix), prefixlen, 322 NIP6(*prefix), prefixlen,
318 ifindex); 323 ifindex);
319 324
@@ -330,7 +335,7 @@ static __init int ip6addrlbl_init(void)
330 int err = 0; 335 int err = 0;
331 int i; 336 int i;
332 337
333 ADDRLABEL(KERN_DEBUG "%s()\n", __FUNCTION__); 338 ADDRLABEL(KERN_DEBUG "%s()\n", __func__);
334 339
335 for (i = 0; i < ARRAY_SIZE(ip6addrlbl_init_table); i++) { 340 for (i = 0; i < ARRAY_SIZE(ip6addrlbl_init_table); i++) {
336 int ret = ip6addrlbl_add(ip6addrlbl_init_table[i].prefix, 341 int ret = ip6addrlbl_add(ip6addrlbl_init_table[i].prefix,
@@ -359,7 +364,7 @@ static const struct nla_policy ifal_policy[IFAL_MAX+1] = {
359static int ip6addrlbl_newdel(struct sk_buff *skb, struct nlmsghdr *nlh, 364static int ip6addrlbl_newdel(struct sk_buff *skb, struct nlmsghdr *nlh,
360 void *arg) 365 void *arg)
361{ 366{
362 struct net *net = skb->sk->sk_net; 367 struct net *net = sock_net(skb->sk);
363 struct ifaddrlblmsg *ifal; 368 struct ifaddrlblmsg *ifal;
364 struct nlattr *tb[IFAL_MAX+1]; 369 struct nlattr *tb[IFAL_MAX+1];
365 struct in6_addr *pfx; 370 struct in6_addr *pfx;
@@ -447,7 +452,7 @@ static int ip6addrlbl_fill(struct sk_buff *skb,
447 452
448static int ip6addrlbl_dump(struct sk_buff *skb, struct netlink_callback *cb) 453static int ip6addrlbl_dump(struct sk_buff *skb, struct netlink_callback *cb)
449{ 454{
450 struct net *net = skb->sk->sk_net; 455 struct net *net = sock_net(skb->sk);
451 struct ip6addrlbl_entry *p; 456 struct ip6addrlbl_entry *p;
452 struct hlist_node *pos; 457 struct hlist_node *pos;
453 int idx = 0, s_idx = cb->args[0]; 458 int idx = 0, s_idx = cb->args[0];
@@ -485,7 +490,7 @@ static inline int ip6addrlbl_msgsize(void)
485static int ip6addrlbl_get(struct sk_buff *in_skb, struct nlmsghdr* nlh, 490static int ip6addrlbl_get(struct sk_buff *in_skb, struct nlmsghdr* nlh,
486 void *arg) 491 void *arg)
487{ 492{
488 struct net *net = in_skb->sk->sk_net; 493 struct net *net = sock_net(in_skb->sk);
489 struct ifaddrlblmsg *ifal; 494 struct ifaddrlblmsg *ifal;
490 struct nlattr *tb[IFAL_MAX+1]; 495 struct nlattr *tb[IFAL_MAX+1];
491 struct in6_addr *addr; 496 struct in6_addr *addr;
diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c
index f0aa97738746..3c6aafb02183 100644
--- a/net/ipv6/af_inet6.c
+++ b/net/ipv6/af_inet6.c
@@ -61,6 +61,9 @@
61 61
62#include <asm/uaccess.h> 62#include <asm/uaccess.h>
63#include <asm/system.h> 63#include <asm/system.h>
64#ifdef CONFIG_IPV6_MROUTE
65#include <linux/mroute6.h>
66#endif
64 67
65MODULE_AUTHOR("Cast of dozens"); 68MODULE_AUTHOR("Cast of dozens");
66MODULE_DESCRIPTION("IPv6 protocol stack for Linux"); 69MODULE_DESCRIPTION("IPv6 protocol stack for Linux");
@@ -92,9 +95,6 @@ static int inet6_create(struct net *net, struct socket *sock, int protocol)
92 int try_loading_module = 0; 95 int try_loading_module = 0;
93 int err; 96 int err;
94 97
95 if (net != &init_net)
96 return -EAFNOSUPPORT;
97
98 if (sock->type != SOCK_RAW && 98 if (sock->type != SOCK_RAW &&
99 sock->type != SOCK_DGRAM && 99 sock->type != SOCK_DGRAM &&
100 !inet_ehash_secret) 100 !inet_ehash_secret)
@@ -248,6 +248,7 @@ int inet6_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
248 struct sock *sk = sock->sk; 248 struct sock *sk = sock->sk;
249 struct inet_sock *inet = inet_sk(sk); 249 struct inet_sock *inet = inet_sk(sk);
250 struct ipv6_pinfo *np = inet6_sk(sk); 250 struct ipv6_pinfo *np = inet6_sk(sk);
251 struct net *net = sock_net(sk);
251 __be32 v4addr = 0; 252 __be32 v4addr = 0;
252 unsigned short snum; 253 unsigned short snum;
253 int addr_type = 0; 254 int addr_type = 0;
@@ -278,7 +279,7 @@ int inet6_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
278 /* Check if the address belongs to the host. */ 279 /* Check if the address belongs to the host. */
279 if (addr_type == IPV6_ADDR_MAPPED) { 280 if (addr_type == IPV6_ADDR_MAPPED) {
280 v4addr = addr->sin6_addr.s6_addr32[3]; 281 v4addr = addr->sin6_addr.s6_addr32[3];
281 if (inet_addr_type(&init_net, v4addr) != RTN_LOCAL) { 282 if (inet_addr_type(net, v4addr) != RTN_LOCAL) {
282 err = -EADDRNOTAVAIL; 283 err = -EADDRNOTAVAIL;
283 goto out; 284 goto out;
284 } 285 }
@@ -300,7 +301,7 @@ int inet6_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
300 err = -EINVAL; 301 err = -EINVAL;
301 goto out; 302 goto out;
302 } 303 }
303 dev = dev_get_by_index(&init_net, sk->sk_bound_dev_if); 304 dev = dev_get_by_index(net, sk->sk_bound_dev_if);
304 if (!dev) { 305 if (!dev) {
305 err = -ENODEV; 306 err = -ENODEV;
306 goto out; 307 goto out;
@@ -312,7 +313,7 @@ int inet6_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
312 */ 313 */
313 v4addr = LOOPBACK4_IPV6; 314 v4addr = LOOPBACK4_IPV6;
314 if (!(addr_type & IPV6_ADDR_MULTICAST)) { 315 if (!(addr_type & IPV6_ADDR_MULTICAST)) {
315 if (!ipv6_chk_addr(&init_net, &addr->sin6_addr, 316 if (!ipv6_chk_addr(net, &addr->sin6_addr,
316 dev, 0)) { 317 dev, 0)) {
317 if (dev) 318 if (dev)
318 dev_put(dev); 319 dev_put(dev);
@@ -440,6 +441,7 @@ EXPORT_SYMBOL(inet6_getname);
440int inet6_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) 441int inet6_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
441{ 442{
442 struct sock *sk = sock->sk; 443 struct sock *sk = sock->sk;
444 struct net *net = sock_net(sk);
443 445
444 switch(cmd) 446 switch(cmd)
445 { 447 {
@@ -452,14 +454,14 @@ int inet6_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
452 case SIOCADDRT: 454 case SIOCADDRT:
453 case SIOCDELRT: 455 case SIOCDELRT:
454 456
455 return(ipv6_route_ioctl(cmd,(void __user *)arg)); 457 return(ipv6_route_ioctl(net, cmd, (void __user *)arg));
456 458
457 case SIOCSIFADDR: 459 case SIOCSIFADDR:
458 return addrconf_add_ifaddr((void __user *) arg); 460 return addrconf_add_ifaddr(net, (void __user *) arg);
459 case SIOCDIFADDR: 461 case SIOCDIFADDR:
460 return addrconf_del_ifaddr((void __user *) arg); 462 return addrconf_del_ifaddr(net, (void __user *) arg);
461 case SIOCSIFDSTADDR: 463 case SIOCSIFDSTADDR:
462 return addrconf_set_dstaddr((void __user *) arg); 464 return addrconf_set_dstaddr(net, (void __user *) arg);
463 default: 465 default:
464 if (!sk->sk_prot->ioctl) 466 if (!sk->sk_prot->ioctl)
465 return -ENOIOCTLCMD; 467 return -ENOIOCTLCMD;
@@ -678,6 +680,129 @@ int ipv6_opt_accepted(struct sock *sk, struct sk_buff *skb)
678 680
679EXPORT_SYMBOL_GPL(ipv6_opt_accepted); 681EXPORT_SYMBOL_GPL(ipv6_opt_accepted);
680 682
683static struct inet6_protocol *ipv6_gso_pull_exthdrs(struct sk_buff *skb,
684 int proto)
685{
686 struct inet6_protocol *ops = NULL;
687
688 for (;;) {
689 struct ipv6_opt_hdr *opth;
690 int len;
691
692 if (proto != NEXTHDR_HOP) {
693 ops = rcu_dereference(inet6_protos[proto]);
694
695 if (unlikely(!ops))
696 break;
697
698 if (!(ops->flags & INET6_PROTO_GSO_EXTHDR))
699 break;
700 }
701
702 if (unlikely(!pskb_may_pull(skb, 8)))
703 break;
704
705 opth = (void *)skb->data;
706 len = ipv6_optlen(opth);
707
708 if (unlikely(!pskb_may_pull(skb, len)))
709 break;
710
711 proto = opth->nexthdr;
712 __skb_pull(skb, len);
713 }
714
715 return ops;
716}
717
718static int ipv6_gso_send_check(struct sk_buff *skb)
719{
720 struct ipv6hdr *ipv6h;
721 struct inet6_protocol *ops;
722 int err = -EINVAL;
723
724 if (unlikely(!pskb_may_pull(skb, sizeof(*ipv6h))))
725 goto out;
726
727 ipv6h = ipv6_hdr(skb);
728 __skb_pull(skb, sizeof(*ipv6h));
729 err = -EPROTONOSUPPORT;
730
731 rcu_read_lock();
732 ops = ipv6_gso_pull_exthdrs(skb, ipv6h->nexthdr);
733 if (likely(ops && ops->gso_send_check)) {
734 skb_reset_transport_header(skb);
735 err = ops->gso_send_check(skb);
736 }
737 rcu_read_unlock();
738
739out:
740 return err;
741}
742
743static struct sk_buff *ipv6_gso_segment(struct sk_buff *skb, int features)
744{
745 struct sk_buff *segs = ERR_PTR(-EINVAL);
746 struct ipv6hdr *ipv6h;
747 struct inet6_protocol *ops;
748
749 if (!(features & NETIF_F_V6_CSUM))
750 features &= ~NETIF_F_SG;
751
752 if (unlikely(skb_shinfo(skb)->gso_type &
753 ~(SKB_GSO_UDP |
754 SKB_GSO_DODGY |
755 SKB_GSO_TCP_ECN |
756 SKB_GSO_TCPV6 |
757 0)))
758 goto out;
759
760 if (unlikely(!pskb_may_pull(skb, sizeof(*ipv6h))))
761 goto out;
762
763 ipv6h = ipv6_hdr(skb);
764 __skb_pull(skb, sizeof(*ipv6h));
765 segs = ERR_PTR(-EPROTONOSUPPORT);
766
767 rcu_read_lock();
768 ops = ipv6_gso_pull_exthdrs(skb, ipv6h->nexthdr);
769 if (likely(ops && ops->gso_segment)) {
770 skb_reset_transport_header(skb);
771 segs = ops->gso_segment(skb, features);
772 }
773 rcu_read_unlock();
774
775 if (unlikely(IS_ERR(segs)))
776 goto out;
777
778 for (skb = segs; skb; skb = skb->next) {
779 ipv6h = ipv6_hdr(skb);
780 ipv6h->payload_len = htons(skb->len - skb->mac_len -
781 sizeof(*ipv6h));
782 }
783
784out:
785 return segs;
786}
787
788static struct packet_type ipv6_packet_type = {
789 .type = __constant_htons(ETH_P_IPV6),
790 .func = ipv6_rcv,
791 .gso_send_check = ipv6_gso_send_check,
792 .gso_segment = ipv6_gso_segment,
793};
794
795static int __init ipv6_packet_init(void)
796{
797 dev_add_pack(&ipv6_packet_type);
798 return 0;
799}
800
801static void ipv6_packet_cleanup(void)
802{
803 dev_remove_pack(&ipv6_packet_type);
804}
805
681static int __init init_ipv6_mibs(void) 806static int __init init_ipv6_mibs(void)
682{ 807{
683 if (snmp_mib_init((void **)ipv6_statistics, 808 if (snmp_mib_init((void **)ipv6_statistics,
@@ -720,6 +845,8 @@ static void cleanup_ipv6_mibs(void)
720 845
721static int inet6_net_init(struct net *net) 846static int inet6_net_init(struct net *net)
722{ 847{
848 int err = 0;
849
723 net->ipv6.sysctl.bindv6only = 0; 850 net->ipv6.sysctl.bindv6only = 0;
724 net->ipv6.sysctl.flush_delay = 0; 851 net->ipv6.sysctl.flush_delay = 0;
725 net->ipv6.sysctl.ip6_rt_max_size = 4096; 852 net->ipv6.sysctl.ip6_rt_max_size = 4096;
@@ -731,12 +858,36 @@ static int inet6_net_init(struct net *net)
731 net->ipv6.sysctl.ip6_rt_min_advmss = IPV6_MIN_MTU - 20 - 40; 858 net->ipv6.sysctl.ip6_rt_min_advmss = IPV6_MIN_MTU - 20 - 40;
732 net->ipv6.sysctl.icmpv6_time = 1*HZ; 859 net->ipv6.sysctl.icmpv6_time = 1*HZ;
733 860
734 return 0; 861#ifdef CONFIG_PROC_FS
862 err = udp6_proc_init(net);
863 if (err)
864 goto out;
865 err = tcp6_proc_init(net);
866 if (err)
867 goto proc_tcp6_fail;
868 err = ac6_proc_init(net);
869 if (err)
870 goto proc_ac6_fail;
871out:
872#endif
873 return err;
874
875#ifdef CONFIG_PROC_FS
876proc_ac6_fail:
877 tcp6_proc_exit(net);
878proc_tcp6_fail:
879 udp6_proc_exit(net);
880 goto out;
881#endif
735} 882}
736 883
737static void inet6_net_exit(struct net *net) 884static void inet6_net_exit(struct net *net)
738{ 885{
739 return; 886#ifdef CONFIG_PROC_FS
887 udp6_proc_exit(net);
888 tcp6_proc_exit(net);
889 ac6_proc_exit(net);
890#endif
740} 891}
741 892
742static struct pernet_operations inet6_net_ops = { 893static struct pernet_operations inet6_net_ops = {
@@ -802,19 +953,16 @@ static int __init inet6_init(void)
802 err = register_pernet_subsys(&inet6_net_ops); 953 err = register_pernet_subsys(&inet6_net_ops);
803 if (err) 954 if (err)
804 goto register_pernet_fail; 955 goto register_pernet_fail;
805 956 err = icmpv6_init();
806#ifdef CONFIG_SYSCTL
807 err = ipv6_sysctl_register();
808 if (err)
809 goto sysctl_fail;
810#endif
811 err = icmpv6_init(&inet6_family_ops);
812 if (err) 957 if (err)
813 goto icmp_fail; 958 goto icmp_fail;
814 err = ndisc_init(&inet6_family_ops); 959#ifdef CONFIG_IPV6_MROUTE
960 ip6_mr_init();
961#endif
962 err = ndisc_init();
815 if (err) 963 if (err)
816 goto ndisc_fail; 964 goto ndisc_fail;
817 err = igmp6_init(&inet6_family_ops); 965 err = igmp6_init();
818 if (err) 966 if (err)
819 goto igmp_fail; 967 goto igmp_fail;
820 err = ipv6_netfilter_init(); 968 err = ipv6_netfilter_init();
@@ -825,17 +973,10 @@ static int __init inet6_init(void)
825 err = -ENOMEM; 973 err = -ENOMEM;
826 if (raw6_proc_init()) 974 if (raw6_proc_init())
827 goto proc_raw6_fail; 975 goto proc_raw6_fail;
828 if (tcp6_proc_init())
829 goto proc_tcp6_fail;
830 if (udp6_proc_init())
831 goto proc_udp6_fail;
832 if (udplite6_proc_init()) 976 if (udplite6_proc_init())
833 goto proc_udplite6_fail; 977 goto proc_udplite6_fail;
834 if (ipv6_misc_proc_init()) 978 if (ipv6_misc_proc_init())
835 goto proc_misc6_fail; 979 goto proc_misc6_fail;
836
837 if (ac6_proc_init())
838 goto proc_anycast6_fail;
839 if (if6_proc_init()) 980 if (if6_proc_init())
840 goto proc_if6_fail; 981 goto proc_if6_fail;
841#endif 982#endif
@@ -874,9 +1015,19 @@ static int __init inet6_init(void)
874 err = ipv6_packet_init(); 1015 err = ipv6_packet_init();
875 if (err) 1016 if (err)
876 goto ipv6_packet_fail; 1017 goto ipv6_packet_fail;
1018
1019#ifdef CONFIG_SYSCTL
1020 err = ipv6_sysctl_register();
1021 if (err)
1022 goto sysctl_fail;
1023#endif
877out: 1024out:
878 return err; 1025 return err;
879 1026
1027#ifdef CONFIG_SYSCTL
1028sysctl_fail:
1029 ipv6_packet_cleanup();
1030#endif
880ipv6_packet_fail: 1031ipv6_packet_fail:
881 tcpv6_exit(); 1032 tcpv6_exit();
882tcpv6_fail: 1033tcpv6_fail:
@@ -897,16 +1048,10 @@ ip6_route_fail:
897#ifdef CONFIG_PROC_FS 1048#ifdef CONFIG_PROC_FS
898 if6_proc_exit(); 1049 if6_proc_exit();
899proc_if6_fail: 1050proc_if6_fail:
900 ac6_proc_exit();
901proc_anycast6_fail:
902 ipv6_misc_proc_exit(); 1051 ipv6_misc_proc_exit();
903proc_misc6_fail: 1052proc_misc6_fail:
904 udplite6_proc_exit(); 1053 udplite6_proc_exit();
905proc_udplite6_fail: 1054proc_udplite6_fail:
906 udp6_proc_exit();
907proc_udp6_fail:
908 tcp6_proc_exit();
909proc_tcp6_fail:
910 raw6_proc_exit(); 1055 raw6_proc_exit();
911proc_raw6_fail: 1056proc_raw6_fail:
912#endif 1057#endif
@@ -918,10 +1063,6 @@ igmp_fail:
918ndisc_fail: 1063ndisc_fail:
919 icmpv6_cleanup(); 1064 icmpv6_cleanup();
920icmp_fail: 1065icmp_fail:
921#ifdef CONFIG_SYSCTL
922 ipv6_sysctl_unregister();
923sysctl_fail:
924#endif
925 unregister_pernet_subsys(&inet6_net_ops); 1066 unregister_pernet_subsys(&inet6_net_ops);
926register_pernet_fail: 1067register_pernet_fail:
927 cleanup_ipv6_mibs(); 1068 cleanup_ipv6_mibs();
@@ -949,6 +1090,9 @@ static void __exit inet6_exit(void)
949 /* Disallow any further netlink messages */ 1090 /* Disallow any further netlink messages */
950 rtnl_unregister_all(PF_INET6); 1091 rtnl_unregister_all(PF_INET6);
951 1092
1093#ifdef CONFIG_SYSCTL
1094 ipv6_sysctl_unregister();
1095#endif
952 udpv6_exit(); 1096 udpv6_exit();
953 udplitev6_exit(); 1097 udplitev6_exit();
954 tcpv6_exit(); 1098 tcpv6_exit();
@@ -964,11 +1108,8 @@ static void __exit inet6_exit(void)
964 1108
965 /* Cleanup code parts. */ 1109 /* Cleanup code parts. */
966 if6_proc_exit(); 1110 if6_proc_exit();
967 ac6_proc_exit();
968 ipv6_misc_proc_exit(); 1111 ipv6_misc_proc_exit();
969 udplite6_proc_exit(); 1112 udplite6_proc_exit();
970 udp6_proc_exit();
971 tcp6_proc_exit();
972 raw6_proc_exit(); 1113 raw6_proc_exit();
973#endif 1114#endif
974 ipv6_netfilter_fini(); 1115 ipv6_netfilter_fini();
@@ -976,9 +1117,7 @@ static void __exit inet6_exit(void)
976 ndisc_cleanup(); 1117 ndisc_cleanup();
977 icmpv6_cleanup(); 1118 icmpv6_cleanup();
978 rawv6_exit(); 1119 rawv6_exit();
979#ifdef CONFIG_SYSCTL 1120
980 ipv6_sysctl_unregister();
981#endif
982 unregister_pernet_subsys(&inet6_net_ops); 1121 unregister_pernet_subsys(&inet6_net_ops);
983 cleanup_ipv6_mibs(); 1122 cleanup_ipv6_mibs();
984 proto_unregister(&rawv6_prot); 1123 proto_unregister(&rawv6_prot);
diff --git a/net/ipv6/anycast.c b/net/ipv6/anycast.c
index e5f56c953b58..4e1b29fabdf0 100644
--- a/net/ipv6/anycast.c
+++ b/net/ipv6/anycast.c
@@ -48,29 +48,6 @@ static int ipv6_dev_ac_dec(struct net_device *dev, struct in6_addr *addr);
48/* Big ac list lock for all the sockets */ 48/* Big ac list lock for all the sockets */
49static DEFINE_RWLOCK(ipv6_sk_ac_lock); 49static DEFINE_RWLOCK(ipv6_sk_ac_lock);
50 50
51static int
52ip6_onlink(struct in6_addr *addr, struct net_device *dev)
53{
54 struct inet6_dev *idev;
55 struct inet6_ifaddr *ifa;
56 int onlink;
57
58 onlink = 0;
59 rcu_read_lock();
60 idev = __in6_dev_get(dev);
61 if (idev) {
62 read_lock_bh(&idev->lock);
63 for (ifa=idev->addr_list; ifa; ifa=ifa->if_next) {
64 onlink = ipv6_prefix_equal(addr, &ifa->addr,
65 ifa->prefix_len);
66 if (onlink)
67 break;
68 }
69 read_unlock_bh(&idev->lock);
70 }
71 rcu_read_unlock();
72 return onlink;
73}
74 51
75/* 52/*
76 * socket join an anycast group 53 * socket join an anycast group
@@ -82,6 +59,7 @@ int ipv6_sock_ac_join(struct sock *sk, int ifindex, struct in6_addr *addr)
82 struct net_device *dev = NULL; 59 struct net_device *dev = NULL;
83 struct inet6_dev *idev; 60 struct inet6_dev *idev;
84 struct ipv6_ac_socklist *pac; 61 struct ipv6_ac_socklist *pac;
62 struct net *net = sock_net(sk);
85 int ishost = !ipv6_devconf.forwarding; 63 int ishost = !ipv6_devconf.forwarding;
86 int err = 0; 64 int err = 0;
87 65
@@ -89,7 +67,7 @@ int ipv6_sock_ac_join(struct sock *sk, int ifindex, struct in6_addr *addr)
89 return -EPERM; 67 return -EPERM;
90 if (ipv6_addr_is_multicast(addr)) 68 if (ipv6_addr_is_multicast(addr))
91 return -EINVAL; 69 return -EINVAL;
92 if (ipv6_chk_addr(&init_net, addr, NULL, 0)) 70 if (ipv6_chk_addr(net, addr, NULL, 0))
93 return -EINVAL; 71 return -EINVAL;
94 72
95 pac = sock_kmalloc(sk, sizeof(struct ipv6_ac_socklist), GFP_KERNEL); 73 pac = sock_kmalloc(sk, sizeof(struct ipv6_ac_socklist), GFP_KERNEL);
@@ -101,7 +79,7 @@ int ipv6_sock_ac_join(struct sock *sk, int ifindex, struct in6_addr *addr)
101 if (ifindex == 0) { 79 if (ifindex == 0) {
102 struct rt6_info *rt; 80 struct rt6_info *rt;
103 81
104 rt = rt6_lookup(addr, NULL, 0, 0); 82 rt = rt6_lookup(net, addr, NULL, 0, 0);
105 if (rt) { 83 if (rt) {
106 dev = rt->rt6i_dev; 84 dev = rt->rt6i_dev;
107 dev_hold(dev); 85 dev_hold(dev);
@@ -112,10 +90,10 @@ int ipv6_sock_ac_join(struct sock *sk, int ifindex, struct in6_addr *addr)
112 } else { 90 } else {
113 /* router, no matching interface: just pick one */ 91 /* router, no matching interface: just pick one */
114 92
115 dev = dev_get_by_flags(&init_net, IFF_UP, IFF_UP|IFF_LOOPBACK); 93 dev = dev_get_by_flags(net, IFF_UP, IFF_UP|IFF_LOOPBACK);
116 } 94 }
117 } else 95 } else
118 dev = dev_get_by_index(&init_net, ifindex); 96 dev = dev_get_by_index(net, ifindex);
119 97
120 if (dev == NULL) { 98 if (dev == NULL) {
121 err = -ENODEV; 99 err = -ENODEV;
@@ -141,7 +119,7 @@ int ipv6_sock_ac_join(struct sock *sk, int ifindex, struct in6_addr *addr)
141 * This obviates the need for propagating anycast routes while 119 * This obviates the need for propagating anycast routes while
142 * still allowing some non-router anycast participation. 120 * still allowing some non-router anycast participation.
143 */ 121 */
144 if (!ip6_onlink(addr, dev)) { 122 if (!ipv6_chk_prefix(addr, dev)) {
145 if (ishost) 123 if (ishost)
146 err = -EADDRNOTAVAIL; 124 err = -EADDRNOTAVAIL;
147 if (err) 125 if (err)
@@ -176,6 +154,7 @@ int ipv6_sock_ac_drop(struct sock *sk, int ifindex, struct in6_addr *addr)
176 struct ipv6_pinfo *np = inet6_sk(sk); 154 struct ipv6_pinfo *np = inet6_sk(sk);
177 struct net_device *dev; 155 struct net_device *dev;
178 struct ipv6_ac_socklist *pac, *prev_pac; 156 struct ipv6_ac_socklist *pac, *prev_pac;
157 struct net *net = sock_net(sk);
179 158
180 write_lock_bh(&ipv6_sk_ac_lock); 159 write_lock_bh(&ipv6_sk_ac_lock);
181 prev_pac = NULL; 160 prev_pac = NULL;
@@ -196,7 +175,7 @@ int ipv6_sock_ac_drop(struct sock *sk, int ifindex, struct in6_addr *addr)
196 175
197 write_unlock_bh(&ipv6_sk_ac_lock); 176 write_unlock_bh(&ipv6_sk_ac_lock);
198 177
199 dev = dev_get_by_index(&init_net, pac->acl_ifindex); 178 dev = dev_get_by_index(net, pac->acl_ifindex);
200 if (dev) { 179 if (dev) {
201 ipv6_dev_ac_dec(dev, &pac->acl_addr); 180 ipv6_dev_ac_dec(dev, &pac->acl_addr);
202 dev_put(dev); 181 dev_put(dev);
@@ -210,6 +189,7 @@ void ipv6_sock_ac_close(struct sock *sk)
210 struct ipv6_pinfo *np = inet6_sk(sk); 189 struct ipv6_pinfo *np = inet6_sk(sk);
211 struct net_device *dev = NULL; 190 struct net_device *dev = NULL;
212 struct ipv6_ac_socklist *pac; 191 struct ipv6_ac_socklist *pac;
192 struct net *net = sock_net(sk);
213 int prev_index; 193 int prev_index;
214 194
215 write_lock_bh(&ipv6_sk_ac_lock); 195 write_lock_bh(&ipv6_sk_ac_lock);
@@ -224,7 +204,7 @@ void ipv6_sock_ac_close(struct sock *sk)
224 if (pac->acl_ifindex != prev_index) { 204 if (pac->acl_ifindex != prev_index) {
225 if (dev) 205 if (dev)
226 dev_put(dev); 206 dev_put(dev);
227 dev = dev_get_by_index(&init_net, pac->acl_ifindex); 207 dev = dev_get_by_index(net, pac->acl_ifindex);
228 prev_index = pac->acl_ifindex; 208 prev_index = pac->acl_ifindex;
229 } 209 }
230 if (dev) 210 if (dev)
@@ -417,14 +397,15 @@ static int ipv6_chk_acast_dev(struct net_device *dev, struct in6_addr *addr)
417/* 397/*
418 * check if given interface (or any, if dev==0) has this anycast address 398 * check if given interface (or any, if dev==0) has this anycast address
419 */ 399 */
420int ipv6_chk_acast_addr(struct net_device *dev, struct in6_addr *addr) 400int ipv6_chk_acast_addr(struct net *net, struct net_device *dev,
401 struct in6_addr *addr)
421{ 402{
422 int found = 0; 403 int found = 0;
423 404
424 if (dev) 405 if (dev)
425 return ipv6_chk_acast_dev(dev, addr); 406 return ipv6_chk_acast_dev(dev, addr);
426 read_lock(&dev_base_lock); 407 read_lock(&dev_base_lock);
427 for_each_netdev(&init_net, dev) 408 for_each_netdev(net, dev)
428 if (ipv6_chk_acast_dev(dev, addr)) { 409 if (ipv6_chk_acast_dev(dev, addr)) {
429 found = 1; 410 found = 1;
430 break; 411 break;
@@ -436,6 +417,7 @@ int ipv6_chk_acast_addr(struct net_device *dev, struct in6_addr *addr)
436 417
437#ifdef CONFIG_PROC_FS 418#ifdef CONFIG_PROC_FS
438struct ac6_iter_state { 419struct ac6_iter_state {
420 struct seq_net_private p;
439 struct net_device *dev; 421 struct net_device *dev;
440 struct inet6_dev *idev; 422 struct inet6_dev *idev;
441}; 423};
@@ -446,9 +428,10 @@ static inline struct ifacaddr6 *ac6_get_first(struct seq_file *seq)
446{ 428{
447 struct ifacaddr6 *im = NULL; 429 struct ifacaddr6 *im = NULL;
448 struct ac6_iter_state *state = ac6_seq_private(seq); 430 struct ac6_iter_state *state = ac6_seq_private(seq);
431 struct net *net = seq_file_net(seq);
449 432
450 state->idev = NULL; 433 state->idev = NULL;
451 for_each_netdev(&init_net, state->dev) { 434 for_each_netdev(net, state->dev) {
452 struct inet6_dev *idev; 435 struct inet6_dev *idev;
453 idev = in6_dev_get(state->dev); 436 idev = in6_dev_get(state->dev);
454 if (!idev) 437 if (!idev)
@@ -546,8 +529,8 @@ static const struct seq_operations ac6_seq_ops = {
546 529
547static int ac6_seq_open(struct inode *inode, struct file *file) 530static int ac6_seq_open(struct inode *inode, struct file *file)
548{ 531{
549 return seq_open_private(file, &ac6_seq_ops, 532 return seq_open_net(inode, file, &ac6_seq_ops,
550 sizeof(struct ac6_iter_state)); 533 sizeof(struct ac6_iter_state));
551} 534}
552 535
553static const struct file_operations ac6_seq_fops = { 536static const struct file_operations ac6_seq_fops = {
@@ -555,20 +538,20 @@ static const struct file_operations ac6_seq_fops = {
555 .open = ac6_seq_open, 538 .open = ac6_seq_open,
556 .read = seq_read, 539 .read = seq_read,
557 .llseek = seq_lseek, 540 .llseek = seq_lseek,
558 .release = seq_release_private, 541 .release = seq_release_net,
559}; 542};
560 543
561int __init ac6_proc_init(void) 544int ac6_proc_init(struct net *net)
562{ 545{
563 if (!proc_net_fops_create(&init_net, "anycast6", S_IRUGO, &ac6_seq_fops)) 546 if (!proc_net_fops_create(net, "anycast6", S_IRUGO, &ac6_seq_fops))
564 return -ENOMEM; 547 return -ENOMEM;
565 548
566 return 0; 549 return 0;
567} 550}
568 551
569void ac6_proc_exit(void) 552void ac6_proc_exit(struct net *net)
570{ 553{
571 proc_net_remove(&init_net, "anycast6"); 554 proc_net_remove(net, "anycast6");
572} 555}
573#endif 556#endif
574 557
diff --git a/net/ipv6/fib6_rules.c b/net/ipv6/fib6_rules.c
index 695c0ca8a417..8d05527524e3 100644
--- a/net/ipv6/fib6_rules.c
+++ b/net/ipv6/fib6_rules.c
@@ -29,24 +29,22 @@ struct fib6_rule
29 u8 tclass; 29 u8 tclass;
30}; 30};
31 31
32static struct fib_rules_ops fib6_rules_ops; 32struct dst_entry *fib6_rule_lookup(struct net *net, struct flowi *fl,
33 33 int flags, pol_lookup_t lookup)
34struct dst_entry *fib6_rule_lookup(struct flowi *fl, int flags,
35 pol_lookup_t lookup)
36{ 34{
37 struct fib_lookup_arg arg = { 35 struct fib_lookup_arg arg = {
38 .lookup_ptr = lookup, 36 .lookup_ptr = lookup,
39 }; 37 };
40 38
41 fib_rules_lookup(&fib6_rules_ops, fl, flags, &arg); 39 fib_rules_lookup(net->ipv6.fib6_rules_ops, fl, flags, &arg);
42 if (arg.rule) 40 if (arg.rule)
43 fib_rule_put(arg.rule); 41 fib_rule_put(arg.rule);
44 42
45 if (arg.result) 43 if (arg.result)
46 return arg.result; 44 return arg.result;
47 45
48 dst_hold(&ip6_null_entry.u.dst); 46 dst_hold(&net->ipv6.ip6_null_entry->u.dst);
49 return &ip6_null_entry.u.dst; 47 return &net->ipv6.ip6_null_entry->u.dst;
50} 48}
51 49
52static int fib6_rule_action(struct fib_rule *rule, struct flowi *flp, 50static int fib6_rule_action(struct fib_rule *rule, struct flowi *flp,
@@ -54,28 +52,29 @@ static int fib6_rule_action(struct fib_rule *rule, struct flowi *flp,
54{ 52{
55 struct rt6_info *rt = NULL; 53 struct rt6_info *rt = NULL;
56 struct fib6_table *table; 54 struct fib6_table *table;
55 struct net *net = rule->fr_net;
57 pol_lookup_t lookup = arg->lookup_ptr; 56 pol_lookup_t lookup = arg->lookup_ptr;
58 57
59 switch (rule->action) { 58 switch (rule->action) {
60 case FR_ACT_TO_TBL: 59 case FR_ACT_TO_TBL:
61 break; 60 break;
62 case FR_ACT_UNREACHABLE: 61 case FR_ACT_UNREACHABLE:
63 rt = &ip6_null_entry; 62 rt = net->ipv6.ip6_null_entry;
64 goto discard_pkt; 63 goto discard_pkt;
65 default: 64 default:
66 case FR_ACT_BLACKHOLE: 65 case FR_ACT_BLACKHOLE:
67 rt = &ip6_blk_hole_entry; 66 rt = net->ipv6.ip6_blk_hole_entry;
68 goto discard_pkt; 67 goto discard_pkt;
69 case FR_ACT_PROHIBIT: 68 case FR_ACT_PROHIBIT:
70 rt = &ip6_prohibit_entry; 69 rt = net->ipv6.ip6_prohibit_entry;
71 goto discard_pkt; 70 goto discard_pkt;
72 } 71 }
73 72
74 table = fib6_get_table(rule->table); 73 table = fib6_get_table(net, rule->table);
75 if (table) 74 if (table)
76 rt = lookup(table, flp, flags); 75 rt = lookup(net, table, flp, flags);
77 76
78 if (rt != &ip6_null_entry) { 77 if (rt != net->ipv6.ip6_null_entry) {
79 struct fib6_rule *r = (struct fib6_rule *)rule; 78 struct fib6_rule *r = (struct fib6_rule *)rule;
80 79
81 /* 80 /*
@@ -85,8 +84,18 @@ static int fib6_rule_action(struct fib_rule *rule, struct flowi *flp,
85 if ((rule->flags & FIB_RULE_FIND_SADDR) && 84 if ((rule->flags & FIB_RULE_FIND_SADDR) &&
86 r->src.plen && !(flags & RT6_LOOKUP_F_HAS_SADDR)) { 85 r->src.plen && !(flags & RT6_LOOKUP_F_HAS_SADDR)) {
87 struct in6_addr saddr; 86 struct in6_addr saddr;
88 if (ipv6_get_saddr(&rt->u.dst, &flp->fl6_dst, 87 unsigned int srcprefs = 0;
89 &saddr)) 88
89 if (flags & RT6_LOOKUP_F_SRCPREF_TMP)
90 srcprefs |= IPV6_PREFER_SRC_TMP;
91 if (flags & RT6_LOOKUP_F_SRCPREF_PUBLIC)
92 srcprefs |= IPV6_PREFER_SRC_PUBLIC;
93 if (flags & RT6_LOOKUP_F_SRCPREF_COA)
94 srcprefs |= IPV6_PREFER_SRC_COA;
95
96 if (ipv6_dev_get_saddr(ip6_dst_idev(&rt->u.dst)->dev,
97 &flp->fl6_dst, srcprefs,
98 &saddr))
90 goto again; 99 goto again;
91 if (!ipv6_prefix_equal(&saddr, &r->src.addr, 100 if (!ipv6_prefix_equal(&saddr, &r->src.addr,
92 r->src.plen)) 101 r->src.plen))
@@ -145,13 +154,14 @@ static int fib6_rule_configure(struct fib_rule *rule, struct sk_buff *skb,
145 struct nlattr **tb) 154 struct nlattr **tb)
146{ 155{
147 int err = -EINVAL; 156 int err = -EINVAL;
157 struct net *net = sock_net(skb->sk);
148 struct fib6_rule *rule6 = (struct fib6_rule *) rule; 158 struct fib6_rule *rule6 = (struct fib6_rule *) rule;
149 159
150 if (rule->action == FR_ACT_TO_TBL) { 160 if (rule->action == FR_ACT_TO_TBL) {
151 if (rule->table == RT6_TABLE_UNSPEC) 161 if (rule->table == RT6_TABLE_UNSPEC)
152 goto errout; 162 goto errout;
153 163
154 if (fib6_new_table(rule->table) == NULL) { 164 if (fib6_new_table(net, rule->table) == NULL) {
155 err = -ENOBUFS; 165 err = -ENOBUFS;
156 goto errout; 166 goto errout;
157 } 167 }
@@ -234,7 +244,7 @@ static size_t fib6_rule_nlmsg_payload(struct fib_rule *rule)
234 + nla_total_size(16); /* src */ 244 + nla_total_size(16); /* src */
235} 245}
236 246
237static struct fib_rules_ops fib6_rules_ops = { 247static struct fib_rules_ops fib6_rules_ops_template = {
238 .family = AF_INET6, 248 .family = AF_INET6,
239 .rule_size = sizeof(struct fib6_rule), 249 .rule_size = sizeof(struct fib6_rule),
240 .addr_size = sizeof(struct in6_addr), 250 .addr_size = sizeof(struct in6_addr),
@@ -247,45 +257,64 @@ static struct fib_rules_ops fib6_rules_ops = {
247 .nlmsg_payload = fib6_rule_nlmsg_payload, 257 .nlmsg_payload = fib6_rule_nlmsg_payload,
248 .nlgroup = RTNLGRP_IPV6_RULE, 258 .nlgroup = RTNLGRP_IPV6_RULE,
249 .policy = fib6_rule_policy, 259 .policy = fib6_rule_policy,
250 .rules_list = LIST_HEAD_INIT(fib6_rules_ops.rules_list),
251 .owner = THIS_MODULE, 260 .owner = THIS_MODULE,
252 .fro_net = &init_net, 261 .fro_net = &init_net,
253}; 262};
254 263
255static int __init fib6_default_rules_init(void) 264static int fib6_rules_net_init(struct net *net)
256{ 265{
257 int err; 266 int err = -ENOMEM;
258 267
259 err = fib_default_rule_add(&fib6_rules_ops, 0, 268 net->ipv6.fib6_rules_ops = kmemdup(&fib6_rules_ops_template,
260 RT6_TABLE_LOCAL, FIB_RULE_PERMANENT); 269 sizeof(*net->ipv6.fib6_rules_ops),
261 if (err < 0) 270 GFP_KERNEL);
262 return err; 271 if (!net->ipv6.fib6_rules_ops)
263 err = fib_default_rule_add(&fib6_rules_ops, 0x7FFE, RT6_TABLE_MAIN, 0); 272 goto out;
264 if (err < 0)
265 return err;
266 return 0;
267}
268 273
269int __init fib6_rules_init(void) 274 net->ipv6.fib6_rules_ops->fro_net = net;
270{ 275 INIT_LIST_HEAD(&net->ipv6.fib6_rules_ops->rules_list);
271 int ret;
272 276
273 ret = fib6_default_rules_init(); 277 err = fib_default_rule_add(net->ipv6.fib6_rules_ops, 0,
274 if (ret) 278 RT6_TABLE_LOCAL, FIB_RULE_PERMANENT);
275 goto out; 279 if (err)
280 goto out_fib6_rules_ops;
276 281
277 ret = fib_rules_register(&fib6_rules_ops); 282 err = fib_default_rule_add(net->ipv6.fib6_rules_ops,
278 if (ret) 283 0x7FFE, RT6_TABLE_MAIN, 0);
279 goto out_default_rules_init; 284 if (err)
285 goto out_fib6_default_rule_add;
286
287 err = fib_rules_register(net->ipv6.fib6_rules_ops);
288 if (err)
289 goto out_fib6_default_rule_add;
280out: 290out:
281 return ret; 291 return err;
282 292
283out_default_rules_init: 293out_fib6_default_rule_add:
284 fib_rules_cleanup_ops(&fib6_rules_ops); 294 fib_rules_cleanup_ops(net->ipv6.fib6_rules_ops);
295out_fib6_rules_ops:
296 kfree(net->ipv6.fib6_rules_ops);
285 goto out; 297 goto out;
286} 298}
287 299
300static void fib6_rules_net_exit(struct net *net)
301{
302 fib_rules_unregister(net->ipv6.fib6_rules_ops);
303 kfree(net->ipv6.fib6_rules_ops);
304}
305
306static struct pernet_operations fib6_rules_net_ops = {
307 .init = fib6_rules_net_init,
308 .exit = fib6_rules_net_exit,
309};
310
311int __init fib6_rules_init(void)
312{
313 return register_pernet_subsys(&fib6_rules_net_ops);
314}
315
316
288void fib6_rules_cleanup(void) 317void fib6_rules_cleanup(void)
289{ 318{
290 fib_rules_unregister(&fib6_rules_ops); 319 unregister_pernet_subsys(&fib6_rules_net_ops);
291} 320}
diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c
index 893287ecc628..d42dd16d3487 100644
--- a/net/ipv6/icmp.c
+++ b/net/ipv6/icmp.c
@@ -64,6 +64,7 @@
64#include <net/addrconf.h> 64#include <net/addrconf.h>
65#include <net/icmp.h> 65#include <net/icmp.h>
66#include <net/xfrm.h> 66#include <net/xfrm.h>
67#include <net/inet_common.h>
67 68
68#include <asm/uaccess.h> 69#include <asm/uaccess.h>
69#include <asm/system.h> 70#include <asm/system.h>
@@ -80,8 +81,10 @@ EXPORT_SYMBOL(icmpv6msg_statistics);
80 * 81 *
81 * On SMP we have one ICMP socket per-cpu. 82 * On SMP we have one ICMP socket per-cpu.
82 */ 83 */
83static DEFINE_PER_CPU(struct socket *, __icmpv6_socket) = NULL; 84static inline struct sock *icmpv6_sk(struct net *net)
84#define icmpv6_socket __get_cpu_var(__icmpv6_socket) 85{
86 return net->ipv6.icmp_sk[smp_processor_id()];
87}
85 88
86static int icmpv6_rcv(struct sk_buff *skb); 89static int icmpv6_rcv(struct sk_buff *skb);
87 90
@@ -90,11 +93,11 @@ static struct inet6_protocol icmpv6_protocol = {
90 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL, 93 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
91}; 94};
92 95
93static __inline__ int icmpv6_xmit_lock(void) 96static __inline__ int icmpv6_xmit_lock(struct sock *sk)
94{ 97{
95 local_bh_disable(); 98 local_bh_disable();
96 99
97 if (unlikely(!spin_trylock(&icmpv6_socket->sk->sk_lock.slock))) { 100 if (unlikely(!spin_trylock(&sk->sk_lock.slock))) {
98 /* This can happen if the output path (f.e. SIT or 101 /* This can happen if the output path (f.e. SIT or
99 * ip6ip6 tunnel) signals dst_link_failure() for an 102 * ip6ip6 tunnel) signals dst_link_failure() for an
100 * outgoing ICMP6 packet. 103 * outgoing ICMP6 packet.
@@ -105,9 +108,9 @@ static __inline__ int icmpv6_xmit_lock(void)
105 return 0; 108 return 0;
106} 109}
107 110
108static __inline__ void icmpv6_xmit_unlock(void) 111static __inline__ void icmpv6_xmit_unlock(struct sock *sk)
109{ 112{
110 spin_unlock_bh(&icmpv6_socket->sk->sk_lock.slock); 113 spin_unlock_bh(&sk->sk_lock.slock);
111} 114}
112 115
113/* 116/*
@@ -161,6 +164,7 @@ static inline int icmpv6_xrlim_allow(struct sock *sk, int type,
161 struct flowi *fl) 164 struct flowi *fl)
162{ 165{
163 struct dst_entry *dst; 166 struct dst_entry *dst;
167 struct net *net = sock_net(sk);
164 int res = 0; 168 int res = 0;
165 169
166 /* Informational messages are not limited. */ 170 /* Informational messages are not limited. */
@@ -176,7 +180,7 @@ static inline int icmpv6_xrlim_allow(struct sock *sk, int type,
176 * XXX: perhaps the expire for routing entries cloned by 180 * XXX: perhaps the expire for routing entries cloned by
177 * this lookup should be more aggressive (not longer than timeout). 181 * this lookup should be more aggressive (not longer than timeout).
178 */ 182 */
179 dst = ip6_route_output(sk, fl); 183 dst = ip6_route_output(net, sk, fl);
180 if (dst->error) { 184 if (dst->error) {
181 IP6_INC_STATS(ip6_dst_idev(dst), 185 IP6_INC_STATS(ip6_dst_idev(dst),
182 IPSTATS_MIB_OUTNOROUTES); 186 IPSTATS_MIB_OUTNOROUTES);
@@ -184,7 +188,7 @@ static inline int icmpv6_xrlim_allow(struct sock *sk, int type,
184 res = 1; 188 res = 1;
185 } else { 189 } else {
186 struct rt6_info *rt = (struct rt6_info *)dst; 190 struct rt6_info *rt = (struct rt6_info *)dst;
187 int tmo = init_net.ipv6.sysctl.icmpv6_time; 191 int tmo = net->ipv6.sysctl.icmpv6_time;
188 192
189 /* Give more bandwidth to wider prefixes. */ 193 /* Give more bandwidth to wider prefixes. */
190 if (rt->rt6i_dst.plen < 128) 194 if (rt->rt6i_dst.plen < 128)
@@ -303,6 +307,7 @@ static inline void mip6_addr_swap(struct sk_buff *skb) {}
303void icmpv6_send(struct sk_buff *skb, int type, int code, __u32 info, 307void icmpv6_send(struct sk_buff *skb, int type, int code, __u32 info,
304 struct net_device *dev) 308 struct net_device *dev)
305{ 309{
310 struct net *net = dev_net(skb->dev);
306 struct inet6_dev *idev = NULL; 311 struct inet6_dev *idev = NULL;
307 struct ipv6hdr *hdr = ipv6_hdr(skb); 312 struct ipv6hdr *hdr = ipv6_hdr(skb);
308 struct sock *sk; 313 struct sock *sk;
@@ -332,7 +337,7 @@ void icmpv6_send(struct sk_buff *skb, int type, int code, __u32 info,
332 */ 337 */
333 addr_type = ipv6_addr_type(&hdr->daddr); 338 addr_type = ipv6_addr_type(&hdr->daddr);
334 339
335 if (ipv6_chk_addr(&init_net, &hdr->daddr, skb->dev, 0)) 340 if (ipv6_chk_addr(net, &hdr->daddr, skb->dev, 0))
336 saddr = &hdr->daddr; 341 saddr = &hdr->daddr;
337 342
338 /* 343 /*
@@ -389,12 +394,12 @@ void icmpv6_send(struct sk_buff *skb, int type, int code, __u32 info,
389 fl.fl_icmp_code = code; 394 fl.fl_icmp_code = code;
390 security_skb_classify_flow(skb, &fl); 395 security_skb_classify_flow(skb, &fl);
391 396
392 if (icmpv6_xmit_lock()) 397 sk = icmpv6_sk(net);
393 return;
394
395 sk = icmpv6_socket->sk;
396 np = inet6_sk(sk); 398 np = inet6_sk(sk);
397 399
400 if (icmpv6_xmit_lock(sk))
401 return;
402
398 if (!icmpv6_xrlim_allow(sk, type, &fl)) 403 if (!icmpv6_xrlim_allow(sk, type, &fl))
399 goto out; 404 goto out;
400 405
@@ -462,9 +467,7 @@ route_done:
462 else 467 else
463 hlimit = np->hop_limit; 468 hlimit = np->hop_limit;
464 if (hlimit < 0) 469 if (hlimit < 0)
465 hlimit = dst_metric(dst, RTAX_HOPLIMIT); 470 hlimit = ip6_dst_hoplimit(dst);
466 if (hlimit < 0)
467 hlimit = ipv6_get_hoplimit(dst->dev);
468 471
469 tclass = np->tclass; 472 tclass = np->tclass;
470 if (tclass < 0) 473 if (tclass < 0)
@@ -500,13 +503,14 @@ out_put:
500out_dst_release: 503out_dst_release:
501 dst_release(dst); 504 dst_release(dst);
502out: 505out:
503 icmpv6_xmit_unlock(); 506 icmpv6_xmit_unlock(sk);
504} 507}
505 508
506EXPORT_SYMBOL(icmpv6_send); 509EXPORT_SYMBOL(icmpv6_send);
507 510
508static void icmpv6_echo_reply(struct sk_buff *skb) 511static void icmpv6_echo_reply(struct sk_buff *skb)
509{ 512{
513 struct net *net = dev_net(skb->dev);
510 struct sock *sk; 514 struct sock *sk;
511 struct inet6_dev *idev; 515 struct inet6_dev *idev;
512 struct ipv6_pinfo *np; 516 struct ipv6_pinfo *np;
@@ -537,12 +541,12 @@ static void icmpv6_echo_reply(struct sk_buff *skb)
537 fl.fl_icmp_type = ICMPV6_ECHO_REPLY; 541 fl.fl_icmp_type = ICMPV6_ECHO_REPLY;
538 security_skb_classify_flow(skb, &fl); 542 security_skb_classify_flow(skb, &fl);
539 543
540 if (icmpv6_xmit_lock()) 544 sk = icmpv6_sk(net);
541 return;
542
543 sk = icmpv6_socket->sk;
544 np = inet6_sk(sk); 545 np = inet6_sk(sk);
545 546
547 if (icmpv6_xmit_lock(sk))
548 return;
549
546 if (!fl.oif && ipv6_addr_is_multicast(&fl.fl6_dst)) 550 if (!fl.oif && ipv6_addr_is_multicast(&fl.fl6_dst))
547 fl.oif = np->mcast_oif; 551 fl.oif = np->mcast_oif;
548 552
@@ -557,9 +561,7 @@ static void icmpv6_echo_reply(struct sk_buff *skb)
557 else 561 else
558 hlimit = np->hop_limit; 562 hlimit = np->hop_limit;
559 if (hlimit < 0) 563 if (hlimit < 0)
560 hlimit = dst_metric(dst, RTAX_HOPLIMIT); 564 hlimit = ip6_dst_hoplimit(dst);
561 if (hlimit < 0)
562 hlimit = ipv6_get_hoplimit(dst->dev);
563 565
564 tclass = np->tclass; 566 tclass = np->tclass;
565 if (tclass < 0) 567 if (tclass < 0)
@@ -586,7 +588,7 @@ out_put:
586 in6_dev_put(idev); 588 in6_dev_put(idev);
587 dst_release(dst); 589 dst_release(dst);
588out: 590out:
589 icmpv6_xmit_unlock(); 591 icmpv6_xmit_unlock(sk);
590} 592}
591 593
592static void icmpv6_notify(struct sk_buff *skb, int type, int code, __be32 info) 594static void icmpv6_notify(struct sk_buff *skb, int type, int code, __be32 info)
@@ -777,19 +779,40 @@ drop_no_count:
777 return 0; 779 return 0;
778} 780}
779 781
782void icmpv6_flow_init(struct sock *sk, struct flowi *fl,
783 u8 type,
784 const struct in6_addr *saddr,
785 const struct in6_addr *daddr,
786 int oif)
787{
788 memset(fl, 0, sizeof(*fl));
789 ipv6_addr_copy(&fl->fl6_src, saddr);
790 ipv6_addr_copy(&fl->fl6_dst, daddr);
791 fl->proto = IPPROTO_ICMPV6;
792 fl->fl_icmp_type = type;
793 fl->fl_icmp_code = 0;
794 fl->oif = oif;
795 security_sk_classify_flow(sk, fl);
796}
797
780/* 798/*
781 * Special lock-class for __icmpv6_socket: 799 * Special lock-class for __icmpv6_sk:
782 */ 800 */
783static struct lock_class_key icmpv6_socket_sk_dst_lock_key; 801static struct lock_class_key icmpv6_socket_sk_dst_lock_key;
784 802
785int __init icmpv6_init(struct net_proto_family *ops) 803static int __net_init icmpv6_sk_init(struct net *net)
786{ 804{
787 struct sock *sk; 805 struct sock *sk;
788 int err, i, j; 806 int err, i, j;
789 807
808 net->ipv6.icmp_sk =
809 kzalloc(nr_cpu_ids * sizeof(struct sock *), GFP_KERNEL);
810 if (net->ipv6.icmp_sk == NULL)
811 return -ENOMEM;
812
790 for_each_possible_cpu(i) { 813 for_each_possible_cpu(i) {
791 err = sock_create_kern(PF_INET6, SOCK_RAW, IPPROTO_ICMPV6, 814 err = inet_ctl_sock_create(&sk, PF_INET6,
792 &per_cpu(__icmpv6_socket, i)); 815 SOCK_RAW, IPPROTO_ICMPV6, net);
793 if (err < 0) { 816 if (err < 0) {
794 printk(KERN_ERR 817 printk(KERN_ERR
795 "Failed to initialize the ICMP6 control socket " 818 "Failed to initialize the ICMP6 control socket "
@@ -798,12 +821,12 @@ int __init icmpv6_init(struct net_proto_family *ops)
798 goto fail; 821 goto fail;
799 } 822 }
800 823
801 sk = per_cpu(__icmpv6_socket, i)->sk; 824 net->ipv6.icmp_sk[i] = sk;
802 sk->sk_allocation = GFP_ATOMIC; 825
803 /* 826 /*
804 * Split off their lock-class, because sk->sk_dst_lock 827 * Split off their lock-class, because sk->sk_dst_lock
805 * gets used from softirqs, which is safe for 828 * gets used from softirqs, which is safe for
806 * __icmpv6_socket (because those never get directly used 829 * __icmpv6_sk (because those never get directly used
807 * via userspace syscalls), but unsafe for normal sockets. 830 * via userspace syscalls), but unsafe for normal sockets.
808 */ 831 */
809 lockdep_set_class(&sk->sk_dst_lock, 832 lockdep_set_class(&sk->sk_dst_lock,
@@ -814,39 +837,57 @@ int __init icmpv6_init(struct net_proto_family *ops)
814 */ 837 */
815 sk->sk_sndbuf = 838 sk->sk_sndbuf =
816 (2 * ((64 * 1024) + sizeof(struct sk_buff))); 839 (2 * ((64 * 1024) + sizeof(struct sk_buff)));
817
818 sk->sk_prot->unhash(sk);
819 } 840 }
820
821
822 if (inet6_add_protocol(&icmpv6_protocol, IPPROTO_ICMPV6) < 0) {
823 printk(KERN_ERR "Failed to register ICMP6 protocol\n");
824 err = -EAGAIN;
825 goto fail;
826 }
827
828 return 0; 841 return 0;
829 842
830 fail: 843 fail:
831 for (j = 0; j < i; j++) { 844 for (j = 0; j < i; j++)
832 if (!cpu_possible(j)) 845 inet_ctl_sock_destroy(net->ipv6.icmp_sk[j]);
833 continue; 846 kfree(net->ipv6.icmp_sk);
834 sock_release(per_cpu(__icmpv6_socket, j));
835 }
836
837 return err; 847 return err;
838} 848}
839 849
840void icmpv6_cleanup(void) 850static void __net_exit icmpv6_sk_exit(struct net *net)
841{ 851{
842 int i; 852 int i;
843 853
844 for_each_possible_cpu(i) { 854 for_each_possible_cpu(i) {
845 sock_release(per_cpu(__icmpv6_socket, i)); 855 inet_ctl_sock_destroy(net->ipv6.icmp_sk[i]);
846 } 856 }
857 kfree(net->ipv6.icmp_sk);
858}
859
860static struct pernet_operations icmpv6_sk_ops = {
861 .init = icmpv6_sk_init,
862 .exit = icmpv6_sk_exit,
863};
864
865int __init icmpv6_init(void)
866{
867 int err;
868
869 err = register_pernet_subsys(&icmpv6_sk_ops);
870 if (err < 0)
871 return err;
872
873 err = -EAGAIN;
874 if (inet6_add_protocol(&icmpv6_protocol, IPPROTO_ICMPV6) < 0)
875 goto fail;
876 return 0;
877
878fail:
879 printk(KERN_ERR "Failed to register ICMP6 protocol\n");
880 unregister_pernet_subsys(&icmpv6_sk_ops);
881 return err;
882}
883
884void icmpv6_cleanup(void)
885{
886 unregister_pernet_subsys(&icmpv6_sk_ops);
847 inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6); 887 inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6);
848} 888}
849 889
890
850static const struct icmp6_err { 891static const struct icmp6_err {
851 int err; 892 int err;
852 int fatal; 893 int fatal;
@@ -927,6 +968,10 @@ struct ctl_table *ipv6_icmp_sysctl_init(struct net *net)
927 table = kmemdup(ipv6_icmp_table_template, 968 table = kmemdup(ipv6_icmp_table_template,
928 sizeof(ipv6_icmp_table_template), 969 sizeof(ipv6_icmp_table_template),
929 GFP_KERNEL); 970 GFP_KERNEL);
971
972 if (table)
973 table[0].data = &net->ipv6.sysctl.icmpv6_time;
974
930 return table; 975 return table;
931} 976}
932#endif 977#endif
diff --git a/net/ipv6/inet6_connection_sock.c b/net/ipv6/inet6_connection_sock.c
index 78de42ada844..87801cc1b2f8 100644
--- a/net/ipv6/inet6_connection_sock.c
+++ b/net/ipv6/inet6_connection_sock.c
@@ -33,6 +33,10 @@ int inet6_csk_bind_conflict(const struct sock *sk,
33 const struct hlist_node *node; 33 const struct hlist_node *node;
34 34
35 /* We must walk the whole port owner list in this case. -DaveM */ 35 /* We must walk the whole port owner list in this case. -DaveM */
36 /*
37 * See comment in inet_csk_bind_conflict about sock lookup
38 * vs net namespaces issues.
39 */
36 sk_for_each_bound(sk2, node, &tb->owners) { 40 sk_for_each_bound(sk2, node, &tb->owners) {
37 if (sk != sk2 && 41 if (sk != sk2 &&
38 (!sk->sk_bound_dev_if || 42 (!sk->sk_bound_dev_if ||
diff --git a/net/ipv6/inet6_hashtables.c b/net/ipv6/inet6_hashtables.c
index 99fd25f7f005..580014aea4d6 100644
--- a/net/ipv6/inet6_hashtables.c
+++ b/net/ipv6/inet6_hashtables.c
@@ -24,7 +24,7 @@
24 24
25void __inet6_hash(struct sock *sk) 25void __inet6_hash(struct sock *sk)
26{ 26{
27 struct inet_hashinfo *hashinfo = sk->sk_prot->hashinfo; 27 struct inet_hashinfo *hashinfo = sk->sk_prot->h.hashinfo;
28 struct hlist_head *list; 28 struct hlist_head *list;
29 rwlock_t *lock; 29 rwlock_t *lock;
30 30
@@ -43,7 +43,7 @@ void __inet6_hash(struct sock *sk)
43 } 43 }
44 44
45 __sk_add_node(sk, list); 45 __sk_add_node(sk, list);
46 sock_prot_inuse_add(sk->sk_prot, 1); 46 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1);
47 write_unlock(lock); 47 write_unlock(lock);
48} 48}
49EXPORT_SYMBOL(__inet6_hash); 49EXPORT_SYMBOL(__inet6_hash);
@@ -105,7 +105,7 @@ struct sock *inet6_lookup_listener(struct net *net,
105 105
106 read_lock(&hashinfo->lhash_lock); 106 read_lock(&hashinfo->lhash_lock);
107 sk_for_each(sk, node, &hashinfo->listening_hash[inet_lhashfn(hnum)]) { 107 sk_for_each(sk, node, &hashinfo->listening_hash[inet_lhashfn(hnum)]) {
108 if (sk->sk_net == net && inet_sk(sk)->num == hnum && 108 if (net_eq(sock_net(sk), net) && inet_sk(sk)->num == hnum &&
109 sk->sk_family == PF_INET6) { 109 sk->sk_family == PF_INET6) {
110 const struct ipv6_pinfo *np = inet6_sk(sk); 110 const struct ipv6_pinfo *np = inet6_sk(sk);
111 111
@@ -172,7 +172,7 @@ static int __inet6_check_established(struct inet_timewait_death_row *death_row,
172 struct sock *sk2; 172 struct sock *sk2;
173 const struct hlist_node *node; 173 const struct hlist_node *node;
174 struct inet_timewait_sock *tw; 174 struct inet_timewait_sock *tw;
175 struct net *net = sk->sk_net; 175 struct net *net = sock_net(sk);
176 176
177 prefetch(head->chain.first); 177 prefetch(head->chain.first);
178 write_lock(lock); 178 write_lock(lock);
@@ -204,7 +204,7 @@ unique:
204 BUG_TRAP(sk_unhashed(sk)); 204 BUG_TRAP(sk_unhashed(sk));
205 __sk_add_node(sk, &head->chain); 205 __sk_add_node(sk, &head->chain);
206 sk->sk_hash = hash; 206 sk->sk_hash = hash;
207 sock_prot_inuse_add(sk->sk_prot, 1); 207 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1);
208 write_unlock(lock); 208 write_unlock(lock);
209 209
210 if (twp != NULL) { 210 if (twp != NULL) {
diff --git a/net/ipv6/ip6_fib.c b/net/ipv6/ip6_fib.c
index bab72b6f1444..50f3f8f8a59b 100644
--- a/net/ipv6/ip6_fib.c
+++ b/net/ipv6/ip6_fib.c
@@ -48,8 +48,6 @@
48#define RT6_TRACE(x...) do { ; } while (0) 48#define RT6_TRACE(x...) do { ; } while (0)
49#endif 49#endif
50 50
51struct rt6_statistics rt6_stats;
52
53static struct kmem_cache * fib6_node_kmem __read_mostly; 51static struct kmem_cache * fib6_node_kmem __read_mostly;
54 52
55enum fib_walk_state_t 53enum fib_walk_state_t
@@ -66,6 +64,7 @@ enum fib_walk_state_t
66struct fib6_cleaner_t 64struct fib6_cleaner_t
67{ 65{
68 struct fib6_walker_t w; 66 struct fib6_walker_t w;
67 struct net *net;
69 int (*func)(struct rt6_info *, void *arg); 68 int (*func)(struct rt6_info *, void *arg);
70 void *arg; 69 void *arg;
71}; 70};
@@ -78,9 +77,10 @@ static DEFINE_RWLOCK(fib6_walker_lock);
78#define FWS_INIT FWS_L 77#define FWS_INIT FWS_L
79#endif 78#endif
80 79
81static void fib6_prune_clones(struct fib6_node *fn, struct rt6_info *rt); 80static void fib6_prune_clones(struct net *net, struct fib6_node *fn,
82static struct rt6_info * fib6_find_prefix(struct fib6_node *fn); 81 struct rt6_info *rt);
83static struct fib6_node * fib6_repair_tree(struct fib6_node *fn); 82static struct rt6_info *fib6_find_prefix(struct net *net, struct fib6_node *fn);
83static struct fib6_node *fib6_repair_tree(struct net *net, struct fib6_node *fn);
84static int fib6_walk(struct fib6_walker_t *w); 84static int fib6_walk(struct fib6_walker_t *w);
85static int fib6_walk_continue(struct fib6_walker_t *w); 85static int fib6_walk_continue(struct fib6_walker_t *w);
86 86
@@ -93,7 +93,7 @@ static int fib6_walk_continue(struct fib6_walker_t *w);
93 93
94static __u32 rt_sernum; 94static __u32 rt_sernum;
95 95
96static DEFINE_TIMER(ip6_fib_timer, fib6_run_gc, 0, 0); 96static void fib6_gc_timer_cb(unsigned long arg);
97 97
98static struct fib6_walker_t fib6_walker_list = { 98static struct fib6_walker_t fib6_walker_list = {
99 .prev = &fib6_walker_list, 99 .prev = &fib6_walker_list,
@@ -166,22 +166,13 @@ static __inline__ void rt6_release(struct rt6_info *rt)
166 dst_free(&rt->u.dst); 166 dst_free(&rt->u.dst);
167} 167}
168 168
169static struct fib6_table fib6_main_tbl = {
170 .tb6_id = RT6_TABLE_MAIN,
171 .tb6_root = {
172 .leaf = &ip6_null_entry,
173 .fn_flags = RTN_ROOT | RTN_TL_ROOT | RTN_RTINFO,
174 },
175};
176
177#ifdef CONFIG_IPV6_MULTIPLE_TABLES 169#ifdef CONFIG_IPV6_MULTIPLE_TABLES
178#define FIB_TABLE_HASHSZ 256 170#define FIB_TABLE_HASHSZ 256
179#else 171#else
180#define FIB_TABLE_HASHSZ 1 172#define FIB_TABLE_HASHSZ 1
181#endif 173#endif
182static struct hlist_head fib_table_hash[FIB_TABLE_HASHSZ];
183 174
184static void fib6_link_table(struct fib6_table *tb) 175static void fib6_link_table(struct net *net, struct fib6_table *tb)
185{ 176{
186 unsigned int h; 177 unsigned int h;
187 178
@@ -197,52 +188,46 @@ static void fib6_link_table(struct fib6_table *tb)
197 * No protection necessary, this is the only list mutatation 188 * No protection necessary, this is the only list mutatation
198 * operation, tables never disappear once they exist. 189 * operation, tables never disappear once they exist.
199 */ 190 */
200 hlist_add_head_rcu(&tb->tb6_hlist, &fib_table_hash[h]); 191 hlist_add_head_rcu(&tb->tb6_hlist, &net->ipv6.fib_table_hash[h]);
201} 192}
202 193
203#ifdef CONFIG_IPV6_MULTIPLE_TABLES 194#ifdef CONFIG_IPV6_MULTIPLE_TABLES
204static struct fib6_table fib6_local_tbl = {
205 .tb6_id = RT6_TABLE_LOCAL,
206 .tb6_root = {
207 .leaf = &ip6_null_entry,
208 .fn_flags = RTN_ROOT | RTN_TL_ROOT | RTN_RTINFO,
209 },
210};
211 195
212static struct fib6_table *fib6_alloc_table(u32 id) 196static struct fib6_table *fib6_alloc_table(struct net *net, u32 id)
213{ 197{
214 struct fib6_table *table; 198 struct fib6_table *table;
215 199
216 table = kzalloc(sizeof(*table), GFP_ATOMIC); 200 table = kzalloc(sizeof(*table), GFP_ATOMIC);
217 if (table != NULL) { 201 if (table != NULL) {
218 table->tb6_id = id; 202 table->tb6_id = id;
219 table->tb6_root.leaf = &ip6_null_entry; 203 table->tb6_root.leaf = net->ipv6.ip6_null_entry;
220 table->tb6_root.fn_flags = RTN_ROOT | RTN_TL_ROOT | RTN_RTINFO; 204 table->tb6_root.fn_flags = RTN_ROOT | RTN_TL_ROOT | RTN_RTINFO;
221 } 205 }
222 206
223 return table; 207 return table;
224} 208}
225 209
226struct fib6_table *fib6_new_table(u32 id) 210struct fib6_table *fib6_new_table(struct net *net, u32 id)
227{ 211{
228 struct fib6_table *tb; 212 struct fib6_table *tb;
229 213
230 if (id == 0) 214 if (id == 0)
231 id = RT6_TABLE_MAIN; 215 id = RT6_TABLE_MAIN;
232 tb = fib6_get_table(id); 216 tb = fib6_get_table(net, id);
233 if (tb) 217 if (tb)
234 return tb; 218 return tb;
235 219
236 tb = fib6_alloc_table(id); 220 tb = fib6_alloc_table(net, id);
237 if (tb != NULL) 221 if (tb != NULL)
238 fib6_link_table(tb); 222 fib6_link_table(net, tb);
239 223
240 return tb; 224 return tb;
241} 225}
242 226
243struct fib6_table *fib6_get_table(u32 id) 227struct fib6_table *fib6_get_table(struct net *net, u32 id)
244{ 228{
245 struct fib6_table *tb; 229 struct fib6_table *tb;
230 struct hlist_head *head;
246 struct hlist_node *node; 231 struct hlist_node *node;
247 unsigned int h; 232 unsigned int h;
248 233
@@ -250,7 +235,8 @@ struct fib6_table *fib6_get_table(u32 id)
250 id = RT6_TABLE_MAIN; 235 id = RT6_TABLE_MAIN;
251 h = id & (FIB_TABLE_HASHSZ - 1); 236 h = id & (FIB_TABLE_HASHSZ - 1);
252 rcu_read_lock(); 237 rcu_read_lock();
253 hlist_for_each_entry_rcu(tb, node, &fib_table_hash[h], tb6_hlist) { 238 head = &net->ipv6.fib_table_hash[h];
239 hlist_for_each_entry_rcu(tb, node, head, tb6_hlist) {
254 if (tb->tb6_id == id) { 240 if (tb->tb6_id == id) {
255 rcu_read_unlock(); 241 rcu_read_unlock();
256 return tb; 242 return tb;
@@ -261,33 +247,32 @@ struct fib6_table *fib6_get_table(u32 id)
261 return NULL; 247 return NULL;
262} 248}
263 249
264static void __init fib6_tables_init(void) 250static void fib6_tables_init(struct net *net)
265{ 251{
266 fib6_link_table(&fib6_main_tbl); 252 fib6_link_table(net, net->ipv6.fib6_main_tbl);
267 fib6_link_table(&fib6_local_tbl); 253 fib6_link_table(net, net->ipv6.fib6_local_tbl);
268} 254}
269
270#else 255#else
271 256
272struct fib6_table *fib6_new_table(u32 id) 257struct fib6_table *fib6_new_table(struct net *net, u32 id)
273{ 258{
274 return fib6_get_table(id); 259 return fib6_get_table(net, id);
275} 260}
276 261
277struct fib6_table *fib6_get_table(u32 id) 262struct fib6_table *fib6_get_table(struct net *net, u32 id)
278{ 263{
279 return &fib6_main_tbl; 264 return net->ipv6.fib6_main_tbl;
280} 265}
281 266
282struct dst_entry *fib6_rule_lookup(struct flowi *fl, int flags, 267struct dst_entry *fib6_rule_lookup(struct net *net, struct flowi *fl,
283 pol_lookup_t lookup) 268 int flags, pol_lookup_t lookup)
284{ 269{
285 return (struct dst_entry *) lookup(&fib6_main_tbl, fl, flags); 270 return (struct dst_entry *) lookup(net, net->ipv6.fib6_main_tbl, fl, flags);
286} 271}
287 272
288static void __init fib6_tables_init(void) 273static void fib6_tables_init(struct net *net)
289{ 274{
290 fib6_link_table(&fib6_main_tbl); 275 fib6_link_table(net, net->ipv6.fib6_main_tbl);
291} 276}
292 277
293#endif 278#endif
@@ -361,18 +346,16 @@ end:
361 346
362static int inet6_dump_fib(struct sk_buff *skb, struct netlink_callback *cb) 347static int inet6_dump_fib(struct sk_buff *skb, struct netlink_callback *cb)
363{ 348{
364 struct net *net = skb->sk->sk_net; 349 struct net *net = sock_net(skb->sk);
365 unsigned int h, s_h; 350 unsigned int h, s_h;
366 unsigned int e = 0, s_e; 351 unsigned int e = 0, s_e;
367 struct rt6_rtnl_dump_arg arg; 352 struct rt6_rtnl_dump_arg arg;
368 struct fib6_walker_t *w; 353 struct fib6_walker_t *w;
369 struct fib6_table *tb; 354 struct fib6_table *tb;
370 struct hlist_node *node; 355 struct hlist_node *node;
356 struct hlist_head *head;
371 int res = 0; 357 int res = 0;
372 358
373 if (net != &init_net)
374 return 0;
375
376 s_h = cb->args[0]; 359 s_h = cb->args[0];
377 s_e = cb->args[1]; 360 s_e = cb->args[1];
378 361
@@ -401,7 +384,8 @@ static int inet6_dump_fib(struct sk_buff *skb, struct netlink_callback *cb)
401 384
402 for (h = s_h; h < FIB_TABLE_HASHSZ; h++, s_e = 0) { 385 for (h = s_h; h < FIB_TABLE_HASHSZ; h++, s_e = 0) {
403 e = 0; 386 e = 0;
404 hlist_for_each_entry(tb, node, &fib_table_hash[h], tb6_hlist) { 387 head = &net->ipv6.fib_table_hash[h];
388 hlist_for_each_entry(tb, node, head, tb6_hlist) {
405 if (e < s_e) 389 if (e < s_e)
406 goto next; 390 goto next;
407 res = fib6_dump_table(tb, skb, cb); 391 res = fib6_dump_table(tb, skb, cb);
@@ -667,29 +651,29 @@ static int fib6_add_rt2node(struct fib6_node *fn, struct rt6_info *rt,
667 rt->rt6i_node = fn; 651 rt->rt6i_node = fn;
668 atomic_inc(&rt->rt6i_ref); 652 atomic_inc(&rt->rt6i_ref);
669 inet6_rt_notify(RTM_NEWROUTE, rt, info); 653 inet6_rt_notify(RTM_NEWROUTE, rt, info);
670 rt6_stats.fib_rt_entries++; 654 info->nl_net->ipv6.rt6_stats->fib_rt_entries++;
671 655
672 if ((fn->fn_flags & RTN_RTINFO) == 0) { 656 if ((fn->fn_flags & RTN_RTINFO) == 0) {
673 rt6_stats.fib_route_nodes++; 657 info->nl_net->ipv6.rt6_stats->fib_route_nodes++;
674 fn->fn_flags |= RTN_RTINFO; 658 fn->fn_flags |= RTN_RTINFO;
675 } 659 }
676 660
677 return 0; 661 return 0;
678} 662}
679 663
680static __inline__ void fib6_start_gc(struct rt6_info *rt) 664static __inline__ void fib6_start_gc(struct net *net, struct rt6_info *rt)
681{ 665{
682 if (ip6_fib_timer.expires == 0 && 666 if (net->ipv6.ip6_fib_timer->expires == 0 &&
683 (rt->rt6i_flags & (RTF_EXPIRES|RTF_CACHE))) 667 (rt->rt6i_flags & (RTF_EXPIRES|RTF_CACHE)))
684 mod_timer(&ip6_fib_timer, jiffies + 668 mod_timer(net->ipv6.ip6_fib_timer, jiffies +
685 init_net.ipv6.sysctl.ip6_rt_gc_interval); 669 net->ipv6.sysctl.ip6_rt_gc_interval);
686} 670}
687 671
688void fib6_force_start_gc(void) 672void fib6_force_start_gc(struct net *net)
689{ 673{
690 if (ip6_fib_timer.expires == 0) 674 if (net->ipv6.ip6_fib_timer->expires == 0)
691 mod_timer(&ip6_fib_timer, jiffies + 675 mod_timer(net->ipv6.ip6_fib_timer, jiffies +
692 init_net.ipv6.sysctl.ip6_rt_gc_interval); 676 net->ipv6.sysctl.ip6_rt_gc_interval);
693} 677}
694 678
695/* 679/*
@@ -733,8 +717,8 @@ int fib6_add(struct fib6_node *root, struct rt6_info *rt, struct nl_info *info)
733 if (sfn == NULL) 717 if (sfn == NULL)
734 goto st_failure; 718 goto st_failure;
735 719
736 sfn->leaf = &ip6_null_entry; 720 sfn->leaf = info->nl_net->ipv6.ip6_null_entry;
737 atomic_inc(&ip6_null_entry.rt6i_ref); 721 atomic_inc(&info->nl_net->ipv6.ip6_null_entry->rt6i_ref);
738 sfn->fn_flags = RTN_ROOT; 722 sfn->fn_flags = RTN_ROOT;
739 sfn->fn_sernum = fib6_new_sernum(); 723 sfn->fn_sernum = fib6_new_sernum();
740 724
@@ -776,9 +760,9 @@ int fib6_add(struct fib6_node *root, struct rt6_info *rt, struct nl_info *info)
776 err = fib6_add_rt2node(fn, rt, info); 760 err = fib6_add_rt2node(fn, rt, info);
777 761
778 if (err == 0) { 762 if (err == 0) {
779 fib6_start_gc(rt); 763 fib6_start_gc(info->nl_net, rt);
780 if (!(rt->rt6i_flags&RTF_CACHE)) 764 if (!(rt->rt6i_flags&RTF_CACHE))
781 fib6_prune_clones(pn, rt); 765 fib6_prune_clones(info->nl_net, pn, rt);
782 } 766 }
783 767
784out: 768out:
@@ -788,12 +772,16 @@ out:
788 * If fib6_add_1 has cleared the old leaf pointer in the 772 * If fib6_add_1 has cleared the old leaf pointer in the
789 * super-tree leaf node we have to find a new one for it. 773 * super-tree leaf node we have to find a new one for it.
790 */ 774 */
775 if (pn != fn && pn->leaf == rt) {
776 pn->leaf = NULL;
777 atomic_dec(&rt->rt6i_ref);
778 }
791 if (pn != fn && !pn->leaf && !(pn->fn_flags & RTN_RTINFO)) { 779 if (pn != fn && !pn->leaf && !(pn->fn_flags & RTN_RTINFO)) {
792 pn->leaf = fib6_find_prefix(pn); 780 pn->leaf = fib6_find_prefix(info->nl_net, pn);
793#if RT6_DEBUG >= 2 781#if RT6_DEBUG >= 2
794 if (!pn->leaf) { 782 if (!pn->leaf) {
795 BUG_TRAP(pn->leaf != NULL); 783 BUG_TRAP(pn->leaf != NULL);
796 pn->leaf = &ip6_null_entry; 784 pn->leaf = info->nl_net->ipv6.ip6_null_entry;
797 } 785 }
798#endif 786#endif
799 atomic_inc(&pn->leaf->rt6i_ref); 787 atomic_inc(&pn->leaf->rt6i_ref);
@@ -809,7 +797,7 @@ out:
809 */ 797 */
810st_failure: 798st_failure:
811 if (fn && !(fn->fn_flags & (RTN_RTINFO|RTN_ROOT))) 799 if (fn && !(fn->fn_flags & (RTN_RTINFO|RTN_ROOT)))
812 fib6_repair_tree(fn); 800 fib6_repair_tree(info->nl_net, fn);
813 dst_free(&rt->u.dst); 801 dst_free(&rt->u.dst);
814 return err; 802 return err;
815#endif 803#endif
@@ -975,10 +963,10 @@ struct fib6_node * fib6_locate(struct fib6_node *root,
975 * 963 *
976 */ 964 */
977 965
978static struct rt6_info * fib6_find_prefix(struct fib6_node *fn) 966static struct rt6_info *fib6_find_prefix(struct net *net, struct fib6_node *fn)
979{ 967{
980 if (fn->fn_flags&RTN_ROOT) 968 if (fn->fn_flags&RTN_ROOT)
981 return &ip6_null_entry; 969 return net->ipv6.ip6_null_entry;
982 970
983 while(fn) { 971 while(fn) {
984 if(fn->left) 972 if(fn->left)
@@ -997,7 +985,8 @@ static struct rt6_info * fib6_find_prefix(struct fib6_node *fn)
997 * is the node we want to try and remove. 985 * is the node we want to try and remove.
998 */ 986 */
999 987
1000static struct fib6_node * fib6_repair_tree(struct fib6_node *fn) 988static struct fib6_node *fib6_repair_tree(struct net *net,
989 struct fib6_node *fn)
1001{ 990{
1002 int children; 991 int children;
1003 int nstate; 992 int nstate;
@@ -1024,11 +1013,11 @@ static struct fib6_node * fib6_repair_tree(struct fib6_node *fn)
1024 || (children && fn->fn_flags&RTN_ROOT) 1013 || (children && fn->fn_flags&RTN_ROOT)
1025#endif 1014#endif
1026 ) { 1015 ) {
1027 fn->leaf = fib6_find_prefix(fn); 1016 fn->leaf = fib6_find_prefix(net, fn);
1028#if RT6_DEBUG >= 2 1017#if RT6_DEBUG >= 2
1029 if (fn->leaf==NULL) { 1018 if (fn->leaf==NULL) {
1030 BUG_TRAP(fn->leaf); 1019 BUG_TRAP(fn->leaf);
1031 fn->leaf = &ip6_null_entry; 1020 fn->leaf = net->ipv6.ip6_null_entry;
1032 } 1021 }
1033#endif 1022#endif
1034 atomic_inc(&fn->leaf->rt6i_ref); 1023 atomic_inc(&fn->leaf->rt6i_ref);
@@ -1101,14 +1090,15 @@ static void fib6_del_route(struct fib6_node *fn, struct rt6_info **rtp,
1101{ 1090{
1102 struct fib6_walker_t *w; 1091 struct fib6_walker_t *w;
1103 struct rt6_info *rt = *rtp; 1092 struct rt6_info *rt = *rtp;
1093 struct net *net = info->nl_net;
1104 1094
1105 RT6_TRACE("fib6_del_route\n"); 1095 RT6_TRACE("fib6_del_route\n");
1106 1096
1107 /* Unlink it */ 1097 /* Unlink it */
1108 *rtp = rt->u.dst.rt6_next; 1098 *rtp = rt->u.dst.rt6_next;
1109 rt->rt6i_node = NULL; 1099 rt->rt6i_node = NULL;
1110 rt6_stats.fib_rt_entries--; 1100 net->ipv6.rt6_stats->fib_rt_entries--;
1111 rt6_stats.fib_discarded_routes++; 1101 net->ipv6.rt6_stats->fib_discarded_routes++;
1112 1102
1113 /* Reset round-robin state, if necessary */ 1103 /* Reset round-robin state, if necessary */
1114 if (fn->rr_ptr == rt) 1104 if (fn->rr_ptr == rt)
@@ -1131,8 +1121,8 @@ static void fib6_del_route(struct fib6_node *fn, struct rt6_info **rtp,
1131 /* If it was last route, expunge its radix tree node */ 1121 /* If it was last route, expunge its radix tree node */
1132 if (fn->leaf == NULL) { 1122 if (fn->leaf == NULL) {
1133 fn->fn_flags &= ~RTN_RTINFO; 1123 fn->fn_flags &= ~RTN_RTINFO;
1134 rt6_stats.fib_route_nodes--; 1124 net->ipv6.rt6_stats->fib_route_nodes--;
1135 fn = fib6_repair_tree(fn); 1125 fn = fib6_repair_tree(net, fn);
1136 } 1126 }
1137 1127
1138 if (atomic_read(&rt->rt6i_ref) != 1) { 1128 if (atomic_read(&rt->rt6i_ref) != 1) {
@@ -1144,7 +1134,7 @@ static void fib6_del_route(struct fib6_node *fn, struct rt6_info **rtp,
1144 */ 1134 */
1145 while (fn) { 1135 while (fn) {
1146 if (!(fn->fn_flags&RTN_RTINFO) && fn->leaf == rt) { 1136 if (!(fn->fn_flags&RTN_RTINFO) && fn->leaf == rt) {
1147 fn->leaf = fib6_find_prefix(fn); 1137 fn->leaf = fib6_find_prefix(net, fn);
1148 atomic_inc(&fn->leaf->rt6i_ref); 1138 atomic_inc(&fn->leaf->rt6i_ref);
1149 rt6_release(rt); 1139 rt6_release(rt);
1150 } 1140 }
@@ -1160,6 +1150,7 @@ static void fib6_del_route(struct fib6_node *fn, struct rt6_info **rtp,
1160 1150
1161int fib6_del(struct rt6_info *rt, struct nl_info *info) 1151int fib6_del(struct rt6_info *rt, struct nl_info *info)
1162{ 1152{
1153 struct net *net = info->nl_net;
1163 struct fib6_node *fn = rt->rt6i_node; 1154 struct fib6_node *fn = rt->rt6i_node;
1164 struct rt6_info **rtp; 1155 struct rt6_info **rtp;
1165 1156
@@ -1169,7 +1160,7 @@ int fib6_del(struct rt6_info *rt, struct nl_info *info)
1169 return -ENOENT; 1160 return -ENOENT;
1170 } 1161 }
1171#endif 1162#endif
1172 if (fn == NULL || rt == &ip6_null_entry) 1163 if (fn == NULL || rt == net->ipv6.ip6_null_entry)
1173 return -ENOENT; 1164 return -ENOENT;
1174 1165
1175 BUG_TRAP(fn->fn_flags&RTN_RTINFO); 1166 BUG_TRAP(fn->fn_flags&RTN_RTINFO);
@@ -1184,7 +1175,7 @@ int fib6_del(struct rt6_info *rt, struct nl_info *info)
1184 pn = pn->parent; 1175 pn = pn->parent;
1185 } 1176 }
1186#endif 1177#endif
1187 fib6_prune_clones(pn, rt); 1178 fib6_prune_clones(info->nl_net, pn, rt);
1188 } 1179 }
1189 1180
1190 /* 1181 /*
@@ -1314,12 +1305,12 @@ static int fib6_walk(struct fib6_walker_t *w)
1314 1305
1315static int fib6_clean_node(struct fib6_walker_t *w) 1306static int fib6_clean_node(struct fib6_walker_t *w)
1316{ 1307{
1317 struct nl_info info = {
1318 .nl_net = &init_net,
1319 };
1320 int res; 1308 int res;
1321 struct rt6_info *rt; 1309 struct rt6_info *rt;
1322 struct fib6_cleaner_t *c = container_of(w, struct fib6_cleaner_t, w); 1310 struct fib6_cleaner_t *c = container_of(w, struct fib6_cleaner_t, w);
1311 struct nl_info info = {
1312 .nl_net = c->net,
1313 };
1323 1314
1324 for (rt = w->leaf; rt; rt = rt->u.dst.rt6_next) { 1315 for (rt = w->leaf; rt; rt = rt->u.dst.rt6_next) {
1325 res = c->func(rt, c->arg); 1316 res = c->func(rt, c->arg);
@@ -1351,7 +1342,7 @@ static int fib6_clean_node(struct fib6_walker_t *w)
1351 * ignoring pure split nodes) will be scanned. 1342 * ignoring pure split nodes) will be scanned.
1352 */ 1343 */
1353 1344
1354static void fib6_clean_tree(struct fib6_node *root, 1345static void fib6_clean_tree(struct net *net, struct fib6_node *root,
1355 int (*func)(struct rt6_info *, void *arg), 1346 int (*func)(struct rt6_info *, void *arg),
1356 int prune, void *arg) 1347 int prune, void *arg)
1357{ 1348{
@@ -1362,23 +1353,26 @@ static void fib6_clean_tree(struct fib6_node *root,
1362 c.w.prune = prune; 1353 c.w.prune = prune;
1363 c.func = func; 1354 c.func = func;
1364 c.arg = arg; 1355 c.arg = arg;
1356 c.net = net;
1365 1357
1366 fib6_walk(&c.w); 1358 fib6_walk(&c.w);
1367} 1359}
1368 1360
1369void fib6_clean_all(int (*func)(struct rt6_info *, void *arg), 1361void fib6_clean_all(struct net *net, int (*func)(struct rt6_info *, void *arg),
1370 int prune, void *arg) 1362 int prune, void *arg)
1371{ 1363{
1372 struct fib6_table *table; 1364 struct fib6_table *table;
1373 struct hlist_node *node; 1365 struct hlist_node *node;
1366 struct hlist_head *head;
1374 unsigned int h; 1367 unsigned int h;
1375 1368
1376 rcu_read_lock(); 1369 rcu_read_lock();
1377 for (h = 0; h < FIB_TABLE_HASHSZ; h++) { 1370 for (h = 0; h < FIB_TABLE_HASHSZ; h++) {
1378 hlist_for_each_entry_rcu(table, node, &fib_table_hash[h], 1371 head = &net->ipv6.fib_table_hash[h];
1379 tb6_hlist) { 1372 hlist_for_each_entry_rcu(table, node, head, tb6_hlist) {
1380 write_lock_bh(&table->tb6_lock); 1373 write_lock_bh(&table->tb6_lock);
1381 fib6_clean_tree(&table->tb6_root, func, prune, arg); 1374 fib6_clean_tree(net, &table->tb6_root,
1375 func, prune, arg);
1382 write_unlock_bh(&table->tb6_lock); 1376 write_unlock_bh(&table->tb6_lock);
1383 } 1377 }
1384 } 1378 }
@@ -1395,9 +1389,10 @@ static int fib6_prune_clone(struct rt6_info *rt, void *arg)
1395 return 0; 1389 return 0;
1396} 1390}
1397 1391
1398static void fib6_prune_clones(struct fib6_node *fn, struct rt6_info *rt) 1392static void fib6_prune_clones(struct net *net, struct fib6_node *fn,
1393 struct rt6_info *rt)
1399{ 1394{
1400 fib6_clean_tree(fn, fib6_prune_clone, 1, rt); 1395 fib6_clean_tree(net, fn, fib6_prune_clone, 1, rt);
1401} 1396}
1402 1397
1403/* 1398/*
@@ -1447,54 +1442,145 @@ static int fib6_age(struct rt6_info *rt, void *arg)
1447 1442
1448static DEFINE_SPINLOCK(fib6_gc_lock); 1443static DEFINE_SPINLOCK(fib6_gc_lock);
1449 1444
1450void fib6_run_gc(unsigned long dummy) 1445void fib6_run_gc(unsigned long expires, struct net *net)
1451{ 1446{
1452 if (dummy != ~0UL) { 1447 if (expires != ~0UL) {
1453 spin_lock_bh(&fib6_gc_lock); 1448 spin_lock_bh(&fib6_gc_lock);
1454 gc_args.timeout = dummy ? (int)dummy : 1449 gc_args.timeout = expires ? (int)expires :
1455 init_net.ipv6.sysctl.ip6_rt_gc_interval; 1450 net->ipv6.sysctl.ip6_rt_gc_interval;
1456 } else { 1451 } else {
1457 local_bh_disable(); 1452 local_bh_disable();
1458 if (!spin_trylock(&fib6_gc_lock)) { 1453 if (!spin_trylock(&fib6_gc_lock)) {
1459 mod_timer(&ip6_fib_timer, jiffies + HZ); 1454 mod_timer(net->ipv6.ip6_fib_timer, jiffies + HZ);
1460 local_bh_enable(); 1455 local_bh_enable();
1461 return; 1456 return;
1462 } 1457 }
1463 gc_args.timeout = init_net.ipv6.sysctl.ip6_rt_gc_interval; 1458 gc_args.timeout = net->ipv6.sysctl.ip6_rt_gc_interval;
1464 } 1459 }
1465 gc_args.more = 0; 1460 gc_args.more = 0;
1466 1461
1467 ndisc_dst_gc(&gc_args.more); 1462 icmp6_dst_gc(&gc_args.more);
1468 fib6_clean_all(fib6_age, 0, NULL); 1463
1464 fib6_clean_all(net, fib6_age, 0, NULL);
1469 1465
1470 if (gc_args.more) 1466 if (gc_args.more)
1471 mod_timer(&ip6_fib_timer, jiffies + 1467 mod_timer(net->ipv6.ip6_fib_timer, jiffies +
1472 init_net.ipv6.sysctl.ip6_rt_gc_interval); 1468 net->ipv6.sysctl.ip6_rt_gc_interval);
1473 else { 1469 else {
1474 del_timer(&ip6_fib_timer); 1470 del_timer(net->ipv6.ip6_fib_timer);
1475 ip6_fib_timer.expires = 0; 1471 net->ipv6.ip6_fib_timer->expires = 0;
1476 } 1472 }
1477 spin_unlock_bh(&fib6_gc_lock); 1473 spin_unlock_bh(&fib6_gc_lock);
1478} 1474}
1479 1475
1480int __init fib6_init(void) 1476static void fib6_gc_timer_cb(unsigned long arg)
1477{
1478 fib6_run_gc(0, (struct net *)arg);
1479}
1480
1481static int fib6_net_init(struct net *net)
1481{ 1482{
1482 int ret; 1483 int ret;
1484 struct timer_list *timer;
1485
1486 ret = -ENOMEM;
1487 timer = kzalloc(sizeof(*timer), GFP_KERNEL);
1488 if (!timer)
1489 goto out;
1490
1491 setup_timer(timer, fib6_gc_timer_cb, (unsigned long)net);
1492 net->ipv6.ip6_fib_timer = timer;
1493
1494 net->ipv6.rt6_stats = kzalloc(sizeof(*net->ipv6.rt6_stats), GFP_KERNEL);
1495 if (!net->ipv6.rt6_stats)
1496 goto out_timer;
1497
1498 net->ipv6.fib_table_hash =
1499 kzalloc(sizeof(*net->ipv6.fib_table_hash)*FIB_TABLE_HASHSZ,
1500 GFP_KERNEL);
1501 if (!net->ipv6.fib_table_hash)
1502 goto out_rt6_stats;
1503
1504 net->ipv6.fib6_main_tbl = kzalloc(sizeof(*net->ipv6.fib6_main_tbl),
1505 GFP_KERNEL);
1506 if (!net->ipv6.fib6_main_tbl)
1507 goto out_fib_table_hash;
1508
1509 net->ipv6.fib6_main_tbl->tb6_id = RT6_TABLE_MAIN;
1510 net->ipv6.fib6_main_tbl->tb6_root.leaf = net->ipv6.ip6_null_entry;
1511 net->ipv6.fib6_main_tbl->tb6_root.fn_flags =
1512 RTN_ROOT | RTN_TL_ROOT | RTN_RTINFO;
1513
1514#ifdef CONFIG_IPV6_MULTIPLE_TABLES
1515 net->ipv6.fib6_local_tbl = kzalloc(sizeof(*net->ipv6.fib6_local_tbl),
1516 GFP_KERNEL);
1517 if (!net->ipv6.fib6_local_tbl)
1518 goto out_fib6_main_tbl;
1519 net->ipv6.fib6_local_tbl->tb6_id = RT6_TABLE_LOCAL;
1520 net->ipv6.fib6_local_tbl->tb6_root.leaf = net->ipv6.ip6_null_entry;
1521 net->ipv6.fib6_local_tbl->tb6_root.fn_flags =
1522 RTN_ROOT | RTN_TL_ROOT | RTN_RTINFO;
1523#endif
1524 fib6_tables_init(net);
1525
1526 ret = 0;
1527out:
1528 return ret;
1529
1530#ifdef CONFIG_IPV6_MULTIPLE_TABLES
1531out_fib6_main_tbl:
1532 kfree(net->ipv6.fib6_main_tbl);
1533#endif
1534out_fib_table_hash:
1535 kfree(net->ipv6.fib_table_hash);
1536out_rt6_stats:
1537 kfree(net->ipv6.rt6_stats);
1538out_timer:
1539 kfree(timer);
1540 goto out;
1541 }
1542
1543static void fib6_net_exit(struct net *net)
1544{
1545 rt6_ifdown(net, NULL);
1546 del_timer(net->ipv6.ip6_fib_timer);
1547 kfree(net->ipv6.ip6_fib_timer);
1548#ifdef CONFIG_IPV6_MULTIPLE_TABLES
1549 kfree(net->ipv6.fib6_local_tbl);
1550#endif
1551 kfree(net->ipv6.fib6_main_tbl);
1552 kfree(net->ipv6.fib_table_hash);
1553 kfree(net->ipv6.rt6_stats);
1554}
1555
1556static struct pernet_operations fib6_net_ops = {
1557 .init = fib6_net_init,
1558 .exit = fib6_net_exit,
1559};
1560
1561int __init fib6_init(void)
1562{
1563 int ret = -ENOMEM;
1564
1483 fib6_node_kmem = kmem_cache_create("fib6_nodes", 1565 fib6_node_kmem = kmem_cache_create("fib6_nodes",
1484 sizeof(struct fib6_node), 1566 sizeof(struct fib6_node),
1485 0, SLAB_HWCACHE_ALIGN, 1567 0, SLAB_HWCACHE_ALIGN,
1486 NULL); 1568 NULL);
1487 if (!fib6_node_kmem) 1569 if (!fib6_node_kmem)
1488 return -ENOMEM; 1570 goto out;
1489 1571
1490 fib6_tables_init(); 1572 ret = register_pernet_subsys(&fib6_net_ops);
1573 if (ret)
1574 goto out_kmem_cache_create;
1491 1575
1492 ret = __rtnl_register(PF_INET6, RTM_GETROUTE, NULL, inet6_dump_fib); 1576 ret = __rtnl_register(PF_INET6, RTM_GETROUTE, NULL, inet6_dump_fib);
1493 if (ret) 1577 if (ret)
1494 goto out_kmem_cache_create; 1578 goto out_unregister_subsys;
1495out: 1579out:
1496 return ret; 1580 return ret;
1497 1581
1582out_unregister_subsys:
1583 unregister_pernet_subsys(&fib6_net_ops);
1498out_kmem_cache_create: 1584out_kmem_cache_create:
1499 kmem_cache_destroy(fib6_node_kmem); 1585 kmem_cache_destroy(fib6_node_kmem);
1500 goto out; 1586 goto out;
@@ -1502,6 +1588,6 @@ out_kmem_cache_create:
1502 1588
1503void fib6_gc_cleanup(void) 1589void fib6_gc_cleanup(void)
1504{ 1590{
1505 del_timer(&ip6_fib_timer); 1591 unregister_pernet_subsys(&fib6_net_ops);
1506 kmem_cache_destroy(fib6_node_kmem); 1592 kmem_cache_destroy(fib6_node_kmem);
1507} 1593}
diff --git a/net/ipv6/ip6_flowlabel.c b/net/ipv6/ip6_flowlabel.c
index 2b7d9ee98832..eb7a940310f4 100644
--- a/net/ipv6/ip6_flowlabel.c
+++ b/net/ipv6/ip6_flowlabel.c
@@ -62,23 +62,23 @@ static DEFINE_RWLOCK(ip6_fl_lock);
62static DEFINE_RWLOCK(ip6_sk_fl_lock); 62static DEFINE_RWLOCK(ip6_sk_fl_lock);
63 63
64 64
65static __inline__ struct ip6_flowlabel * __fl_lookup(__be32 label) 65static inline struct ip6_flowlabel *__fl_lookup(struct net *net, __be32 label)
66{ 66{
67 struct ip6_flowlabel *fl; 67 struct ip6_flowlabel *fl;
68 68
69 for (fl=fl_ht[FL_HASH(label)]; fl; fl = fl->next) { 69 for (fl=fl_ht[FL_HASH(label)]; fl; fl = fl->next) {
70 if (fl->label == label) 70 if (fl->label == label && fl->fl_net == net)
71 return fl; 71 return fl;
72 } 72 }
73 return NULL; 73 return NULL;
74} 74}
75 75
76static struct ip6_flowlabel * fl_lookup(__be32 label) 76static struct ip6_flowlabel *fl_lookup(struct net *net, __be32 label)
77{ 77{
78 struct ip6_flowlabel *fl; 78 struct ip6_flowlabel *fl;
79 79
80 read_lock_bh(&ip6_fl_lock); 80 read_lock_bh(&ip6_fl_lock);
81 fl = __fl_lookup(label); 81 fl = __fl_lookup(net, label);
82 if (fl) 82 if (fl)
83 atomic_inc(&fl->users); 83 atomic_inc(&fl->users);
84 read_unlock_bh(&ip6_fl_lock); 84 read_unlock_bh(&ip6_fl_lock);
@@ -88,8 +88,10 @@ static struct ip6_flowlabel * fl_lookup(__be32 label)
88 88
89static void fl_free(struct ip6_flowlabel *fl) 89static void fl_free(struct ip6_flowlabel *fl)
90{ 90{
91 if (fl) 91 if (fl) {
92 release_net(fl->fl_net);
92 kfree(fl->opt); 93 kfree(fl->opt);
94 }
93 kfree(fl); 95 kfree(fl);
94} 96}
95 97
@@ -112,7 +114,6 @@ static void fl_release(struct ip6_flowlabel *fl)
112 time_after(ip6_fl_gc_timer.expires, ttd)) 114 time_after(ip6_fl_gc_timer.expires, ttd))
113 mod_timer(&ip6_fl_gc_timer, ttd); 115 mod_timer(&ip6_fl_gc_timer, ttd);
114 } 116 }
115
116 write_unlock_bh(&ip6_fl_lock); 117 write_unlock_bh(&ip6_fl_lock);
117} 118}
118 119
@@ -148,13 +149,34 @@ static void ip6_fl_gc(unsigned long dummy)
148 if (!sched && atomic_read(&fl_size)) 149 if (!sched && atomic_read(&fl_size))
149 sched = now + FL_MAX_LINGER; 150 sched = now + FL_MAX_LINGER;
150 if (sched) { 151 if (sched) {
151 ip6_fl_gc_timer.expires = sched; 152 mod_timer(&ip6_fl_gc_timer, sched);
152 add_timer(&ip6_fl_gc_timer); 153 }
154 write_unlock(&ip6_fl_lock);
155}
156
157static void ip6_fl_purge(struct net *net)
158{
159 int i;
160
161 write_lock(&ip6_fl_lock);
162 for (i = 0; i <= FL_HASH_MASK; i++) {
163 struct ip6_flowlabel *fl, **flp;
164 flp = &fl_ht[i];
165 while ((fl = *flp) != NULL) {
166 if (fl->fl_net == net && atomic_read(&fl->users) == 0) {
167 *flp = fl->next;
168 fl_free(fl);
169 atomic_dec(&fl_size);
170 continue;
171 }
172 flp = &fl->next;
173 }
153 } 174 }
154 write_unlock(&ip6_fl_lock); 175 write_unlock(&ip6_fl_lock);
155} 176}
156 177
157static struct ip6_flowlabel *fl_intern(struct ip6_flowlabel *fl, __be32 label) 178static struct ip6_flowlabel *fl_intern(struct net *net,
179 struct ip6_flowlabel *fl, __be32 label)
158{ 180{
159 struct ip6_flowlabel *lfl; 181 struct ip6_flowlabel *lfl;
160 182
@@ -165,7 +187,7 @@ static struct ip6_flowlabel *fl_intern(struct ip6_flowlabel *fl, __be32 label)
165 for (;;) { 187 for (;;) {
166 fl->label = htonl(net_random())&IPV6_FLOWLABEL_MASK; 188 fl->label = htonl(net_random())&IPV6_FLOWLABEL_MASK;
167 if (fl->label) { 189 if (fl->label) {
168 lfl = __fl_lookup(fl->label); 190 lfl = __fl_lookup(net, fl->label);
169 if (lfl == NULL) 191 if (lfl == NULL)
170 break; 192 break;
171 } 193 }
@@ -179,7 +201,7 @@ static struct ip6_flowlabel *fl_intern(struct ip6_flowlabel *fl, __be32 label)
179 * done in ipv6_flowlabel_opt - sock is locked, so new entry 201 * done in ipv6_flowlabel_opt - sock is locked, so new entry
180 * with the same label can only appear on another sock 202 * with the same label can only appear on another sock
181 */ 203 */
182 lfl = __fl_lookup(fl->label); 204 lfl = __fl_lookup(net, fl->label);
183 if (lfl != NULL) { 205 if (lfl != NULL) {
184 atomic_inc(&lfl->users); 206 atomic_inc(&lfl->users);
185 write_unlock_bh(&ip6_fl_lock); 207 write_unlock_bh(&ip6_fl_lock);
@@ -298,7 +320,8 @@ static int fl6_renew(struct ip6_flowlabel *fl, unsigned long linger, unsigned lo
298} 320}
299 321
300static struct ip6_flowlabel * 322static struct ip6_flowlabel *
301fl_create(struct in6_flowlabel_req *freq, char __user *optval, int optlen, int *err_p) 323fl_create(struct net *net, struct in6_flowlabel_req *freq, char __user *optval,
324 int optlen, int *err_p)
302{ 325{
303 struct ip6_flowlabel *fl; 326 struct ip6_flowlabel *fl;
304 int olen; 327 int olen;
@@ -343,6 +366,7 @@ fl_create(struct in6_flowlabel_req *freq, char __user *optval, int optlen, int *
343 } 366 }
344 } 367 }
345 368
369 fl->fl_net = hold_net(net);
346 fl->expires = jiffies; 370 fl->expires = jiffies;
347 err = fl6_renew(fl, freq->flr_linger, freq->flr_expires); 371 err = fl6_renew(fl, freq->flr_linger, freq->flr_expires);
348 if (err) 372 if (err)
@@ -441,6 +465,7 @@ static inline void fl_link(struct ipv6_pinfo *np, struct ipv6_fl_socklist *sfl,
441int ipv6_flowlabel_opt(struct sock *sk, char __user *optval, int optlen) 465int ipv6_flowlabel_opt(struct sock *sk, char __user *optval, int optlen)
442{ 466{
443 int err; 467 int err;
468 struct net *net = sock_net(sk);
444 struct ipv6_pinfo *np = inet6_sk(sk); 469 struct ipv6_pinfo *np = inet6_sk(sk);
445 struct in6_flowlabel_req freq; 470 struct in6_flowlabel_req freq;
446 struct ipv6_fl_socklist *sfl1=NULL; 471 struct ipv6_fl_socklist *sfl1=NULL;
@@ -483,7 +508,7 @@ int ipv6_flowlabel_opt(struct sock *sk, char __user *optval, int optlen)
483 read_unlock_bh(&ip6_sk_fl_lock); 508 read_unlock_bh(&ip6_sk_fl_lock);
484 509
485 if (freq.flr_share == IPV6_FL_S_NONE && capable(CAP_NET_ADMIN)) { 510 if (freq.flr_share == IPV6_FL_S_NONE && capable(CAP_NET_ADMIN)) {
486 fl = fl_lookup(freq.flr_label); 511 fl = fl_lookup(net, freq.flr_label);
487 if (fl) { 512 if (fl) {
488 err = fl6_renew(fl, freq.flr_linger, freq.flr_expires); 513 err = fl6_renew(fl, freq.flr_linger, freq.flr_expires);
489 fl_release(fl); 514 fl_release(fl);
@@ -496,7 +521,7 @@ int ipv6_flowlabel_opt(struct sock *sk, char __user *optval, int optlen)
496 if (freq.flr_label & ~IPV6_FLOWLABEL_MASK) 521 if (freq.flr_label & ~IPV6_FLOWLABEL_MASK)
497 return -EINVAL; 522 return -EINVAL;
498 523
499 fl = fl_create(&freq, optval, optlen, &err); 524 fl = fl_create(net, &freq, optval, optlen, &err);
500 if (fl == NULL) 525 if (fl == NULL)
501 return err; 526 return err;
502 sfl1 = kmalloc(sizeof(*sfl1), GFP_KERNEL); 527 sfl1 = kmalloc(sizeof(*sfl1), GFP_KERNEL);
@@ -518,7 +543,7 @@ int ipv6_flowlabel_opt(struct sock *sk, char __user *optval, int optlen)
518 read_unlock_bh(&ip6_sk_fl_lock); 543 read_unlock_bh(&ip6_sk_fl_lock);
519 544
520 if (fl1 == NULL) 545 if (fl1 == NULL)
521 fl1 = fl_lookup(freq.flr_label); 546 fl1 = fl_lookup(net, freq.flr_label);
522 if (fl1) { 547 if (fl1) {
523recheck: 548recheck:
524 err = -EEXIST; 549 err = -EEXIST;
@@ -559,7 +584,7 @@ release:
559 if (sfl1 == NULL || (err = mem_check(sk)) != 0) 584 if (sfl1 == NULL || (err = mem_check(sk)) != 0)
560 goto done; 585 goto done;
561 586
562 fl1 = fl_intern(fl, freq.flr_label); 587 fl1 = fl_intern(net, fl, freq.flr_label);
563 if (fl1 != NULL) 588 if (fl1 != NULL)
564 goto recheck; 589 goto recheck;
565 590
@@ -586,6 +611,7 @@ done:
586#ifdef CONFIG_PROC_FS 611#ifdef CONFIG_PROC_FS
587 612
588struct ip6fl_iter_state { 613struct ip6fl_iter_state {
614 struct seq_net_private p;
589 int bucket; 615 int bucket;
590}; 616};
591 617
@@ -595,12 +621,15 @@ static struct ip6_flowlabel *ip6fl_get_first(struct seq_file *seq)
595{ 621{
596 struct ip6_flowlabel *fl = NULL; 622 struct ip6_flowlabel *fl = NULL;
597 struct ip6fl_iter_state *state = ip6fl_seq_private(seq); 623 struct ip6fl_iter_state *state = ip6fl_seq_private(seq);
624 struct net *net = seq_file_net(seq);
598 625
599 for (state->bucket = 0; state->bucket <= FL_HASH_MASK; ++state->bucket) { 626 for (state->bucket = 0; state->bucket <= FL_HASH_MASK; ++state->bucket) {
600 if (fl_ht[state->bucket]) { 627 fl = fl_ht[state->bucket];
601 fl = fl_ht[state->bucket]; 628
629 while (fl && fl->fl_net != net)
630 fl = fl->next;
631 if (fl)
602 break; 632 break;
603 }
604 } 633 }
605 return fl; 634 return fl;
606} 635}
@@ -608,12 +637,18 @@ static struct ip6_flowlabel *ip6fl_get_first(struct seq_file *seq)
608static struct ip6_flowlabel *ip6fl_get_next(struct seq_file *seq, struct ip6_flowlabel *fl) 637static struct ip6_flowlabel *ip6fl_get_next(struct seq_file *seq, struct ip6_flowlabel *fl)
609{ 638{
610 struct ip6fl_iter_state *state = ip6fl_seq_private(seq); 639 struct ip6fl_iter_state *state = ip6fl_seq_private(seq);
640 struct net *net = seq_file_net(seq);
611 641
612 fl = fl->next; 642 fl = fl->next;
643try_again:
644 while (fl && fl->fl_net != net)
645 fl = fl->next;
646
613 while (!fl) { 647 while (!fl) {
614 if (++state->bucket <= FL_HASH_MASK) 648 if (++state->bucket <= FL_HASH_MASK) {
615 fl = fl_ht[state->bucket]; 649 fl = fl_ht[state->bucket];
616 else 650 goto try_again;
651 } else
617 break; 652 break;
618 } 653 }
619 return fl; 654 return fl;
@@ -683,8 +718,8 @@ static const struct seq_operations ip6fl_seq_ops = {
683 718
684static int ip6fl_seq_open(struct inode *inode, struct file *file) 719static int ip6fl_seq_open(struct inode *inode, struct file *file)
685{ 720{
686 return seq_open_private(file, &ip6fl_seq_ops, 721 return seq_open_net(inode, file, &ip6fl_seq_ops,
687 sizeof(struct ip6fl_iter_state)); 722 sizeof(struct ip6fl_iter_state));
688} 723}
689 724
690static const struct file_operations ip6fl_seq_fops = { 725static const struct file_operations ip6fl_seq_fops = {
@@ -692,12 +727,13 @@ static const struct file_operations ip6fl_seq_fops = {
692 .open = ip6fl_seq_open, 727 .open = ip6fl_seq_open,
693 .read = seq_read, 728 .read = seq_read,
694 .llseek = seq_lseek, 729 .llseek = seq_lseek,
695 .release = seq_release_private, 730 .release = seq_release_net,
696}; 731};
697 732
698static int ip6_flowlabel_proc_init(struct net *net) 733static int ip6_flowlabel_proc_init(struct net *net)
699{ 734{
700 if (!proc_net_fops_create(net, "ip6_flowlabel", S_IRUGO, &ip6fl_seq_fops)) 735 if (!proc_net_fops_create(net, "ip6_flowlabel",
736 S_IRUGO, &ip6fl_seq_fops))
701 return -ENOMEM; 737 return -ENOMEM;
702 return 0; 738 return 0;
703} 739}
@@ -717,13 +753,24 @@ static inline void ip6_flowlabel_proc_fini(struct net *net)
717} 753}
718#endif 754#endif
719 755
756static inline void ip6_flowlabel_net_exit(struct net *net)
757{
758 ip6_fl_purge(net);
759 ip6_flowlabel_proc_fini(net);
760}
761
762static struct pernet_operations ip6_flowlabel_net_ops = {
763 .init = ip6_flowlabel_proc_init,
764 .exit = ip6_flowlabel_net_exit,
765};
766
720int ip6_flowlabel_init(void) 767int ip6_flowlabel_init(void)
721{ 768{
722 return ip6_flowlabel_proc_init(&init_net); 769 return register_pernet_subsys(&ip6_flowlabel_net_ops);
723} 770}
724 771
725void ip6_flowlabel_cleanup(void) 772void ip6_flowlabel_cleanup(void)
726{ 773{
727 del_timer(&ip6_fl_gc_timer); 774 del_timer(&ip6_fl_gc_timer);
728 ip6_flowlabel_proc_fini(&init_net); 775 unregister_pernet_subsys(&ip6_flowlabel_net_ops);
729} 776}
diff --git a/net/ipv6/ip6_input.c b/net/ipv6/ip6_input.c
index 98ab4f459905..4e5c8615832c 100644
--- a/net/ipv6/ip6_input.c
+++ b/net/ipv6/ip6_input.c
@@ -29,6 +29,7 @@
29#include <linux/netdevice.h> 29#include <linux/netdevice.h>
30#include <linux/in6.h> 30#include <linux/in6.h>
31#include <linux/icmpv6.h> 31#include <linux/icmpv6.h>
32#include <linux/mroute6.h>
32 33
33#include <linux/netfilter.h> 34#include <linux/netfilter.h>
34#include <linux/netfilter_ipv6.h> 35#include <linux/netfilter_ipv6.h>
@@ -61,11 +62,6 @@ int ipv6_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt
61 u32 pkt_len; 62 u32 pkt_len;
62 struct inet6_dev *idev; 63 struct inet6_dev *idev;
63 64
64 if (dev->nd_net != &init_net) {
65 kfree_skb(skb);
66 return 0;
67 }
68
69 if (skb->pkt_type == PACKET_OTHERHOST) { 65 if (skb->pkt_type == PACKET_OTHERHOST) {
70 kfree_skb(skb); 66 kfree_skb(skb);
71 return 0; 67 return 0;
@@ -241,38 +237,84 @@ int ip6_mc_input(struct sk_buff *skb)
241 hdr = ipv6_hdr(skb); 237 hdr = ipv6_hdr(skb);
242 deliver = ipv6_chk_mcast_addr(skb->dev, &hdr->daddr, NULL); 238 deliver = ipv6_chk_mcast_addr(skb->dev, &hdr->daddr, NULL);
243 239
240#ifdef CONFIG_IPV6_MROUTE
244 /* 241 /*
245 * IPv6 multicast router mode isnt currently supported. 242 * IPv6 multicast router mode is now supported ;)
246 */ 243 */
247#if 0 244 if (ipv6_devconf.mc_forwarding &&
248 if (ipv6_config.multicast_route) { 245 likely(!(IP6CB(skb)->flags & IP6SKB_FORWARDED))) {
249 int addr_type; 246 /*
250 247 * Okay, we try to forward - split and duplicate
251 addr_type = ipv6_addr_type(&hdr->daddr); 248 * packets.
252 249 */
253 if (!(addr_type & (IPV6_ADDR_LOOPBACK | IPV6_ADDR_LINKLOCAL))) { 250 struct sk_buff *skb2;
254 struct sk_buff *skb2; 251 struct inet6_skb_parm *opt = IP6CB(skb);
255 struct dst_entry *dst; 252
253 /* Check for MLD */
254 if (unlikely(opt->ra)) {
255 /* Check if this is a mld message */
256 u8 *ptr = skb_network_header(skb) + opt->ra;
257 struct icmp6hdr *icmp6;
258 u8 nexthdr = hdr->nexthdr;
259 int offset;
260
261 /* Check if the value of Router Alert
262 * is for MLD (0x0000).
263 */
264 if ((ptr[2] | ptr[3]) == 0) {
265 deliver = 0;
266
267 if (!ipv6_ext_hdr(nexthdr)) {
268 /* BUG */
269 goto out;
270 }
271 offset = ipv6_skip_exthdr(skb, sizeof(*hdr),
272 &nexthdr);
273 if (offset < 0)
274 goto out;
275
276 if (nexthdr != IPPROTO_ICMPV6)
277 goto out;
278
279 if (!pskb_may_pull(skb, (skb_network_header(skb) +
280 offset + 1 - skb->data)))
281 goto out;
282
283 icmp6 = (struct icmp6hdr *)(skb_network_header(skb) + offset);
284
285 switch (icmp6->icmp6_type) {
286 case ICMPV6_MGM_QUERY:
287 case ICMPV6_MGM_REPORT:
288 case ICMPV6_MGM_REDUCTION:
289 case ICMPV6_MLD2_REPORT:
290 deliver = 1;
291 break;
292 }
293 goto out;
294 }
295 /* unknown RA - process it normally */
296 }
256 297
257 dst = skb->dst; 298 if (deliver)
299 skb2 = skb_clone(skb, GFP_ATOMIC);
300 else {
301 skb2 = skb;
302 skb = NULL;
303 }
258 304
259 if (deliver) { 305 if (skb2) {
260 skb2 = skb_clone(skb, GFP_ATOMIC); 306 skb2->dev = skb2->dst->dev;
261 dst_output(skb2); 307 ip6_mr_input(skb2);
262 } else {
263 dst_output(skb);
264 return 0;
265 }
266 } 308 }
267 } 309 }
310out:
268#endif 311#endif
269 312 if (likely(deliver))
270 if (likely(deliver)) {
271 ip6_input(skb); 313 ip6_input(skb);
272 return 0; 314 else {
315 /* discard */
316 kfree_skb(skb);
273 } 317 }
274 /* discard */
275 kfree_skb(skb);
276 318
277 return 0; 319 return 0;
278} 320}
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index 8b67ca07467d..0af2e055f883 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -55,6 +55,7 @@
55#include <net/icmp.h> 55#include <net/icmp.h>
56#include <net/xfrm.h> 56#include <net/xfrm.h>
57#include <net/checksum.h> 57#include <net/checksum.h>
58#include <linux/mroute6.h>
58 59
59static int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *)); 60static int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *));
60 61
@@ -137,8 +138,9 @@ static int ip6_output2(struct sk_buff *skb)
137 struct inet6_dev *idev = ip6_dst_idev(skb->dst); 138 struct inet6_dev *idev = ip6_dst_idev(skb->dst);
138 139
139 if (!(dev->flags & IFF_LOOPBACK) && (!np || np->mc_loop) && 140 if (!(dev->flags & IFF_LOOPBACK) && (!np || np->mc_loop) &&
140 ipv6_chk_mcast_addr(dev, &ipv6_hdr(skb)->daddr, 141 ((mroute6_socket && !(IP6CB(skb)->flags & IP6SKB_FORWARDED)) ||
141 &ipv6_hdr(skb)->saddr)) { 142 ipv6_chk_mcast_addr(dev, &ipv6_hdr(skb)->daddr,
143 &ipv6_hdr(skb)->saddr))) {
142 struct sk_buff *newskb = skb_clone(skb, GFP_ATOMIC); 144 struct sk_buff *newskb = skb_clone(skb, GFP_ATOMIC);
143 145
144 /* Do not check for IFF_ALLMULTI; multicast routing 146 /* Do not check for IFF_ALLMULTI; multicast routing
@@ -237,9 +239,7 @@ int ip6_xmit(struct sock *sk, struct sk_buff *skb, struct flowi *fl,
237 if (np) 239 if (np)
238 hlimit = np->hop_limit; 240 hlimit = np->hop_limit;
239 if (hlimit < 0) 241 if (hlimit < 0)
240 hlimit = dst_metric(dst, RTAX_HOPLIMIT); 242 hlimit = ip6_dst_hoplimit(dst);
241 if (hlimit < 0)
242 hlimit = ipv6_get_hoplimit(dst->dev);
243 243
244 tclass = -1; 244 tclass = -1;
245 if (np) 245 if (np)
@@ -286,7 +286,7 @@ EXPORT_SYMBOL(ip6_xmit);
286 */ 286 */
287 287
288int ip6_nd_hdr(struct sock *sk, struct sk_buff *skb, struct net_device *dev, 288int ip6_nd_hdr(struct sock *sk, struct sk_buff *skb, struct net_device *dev,
289 struct in6_addr *saddr, struct in6_addr *daddr, 289 const struct in6_addr *saddr, const struct in6_addr *daddr,
290 int proto, int len) 290 int proto, int len)
291{ 291{
292 struct ipv6_pinfo *np = inet6_sk(sk); 292 struct ipv6_pinfo *np = inet6_sk(sk);
@@ -404,6 +404,7 @@ int ip6_forward(struct sk_buff *skb)
404 struct dst_entry *dst = skb->dst; 404 struct dst_entry *dst = skb->dst;
405 struct ipv6hdr *hdr = ipv6_hdr(skb); 405 struct ipv6hdr *hdr = ipv6_hdr(skb);
406 struct inet6_skb_parm *opt = IP6CB(skb); 406 struct inet6_skb_parm *opt = IP6CB(skb);
407 struct net *net = dev_net(dst->dev);
407 408
408 if (ipv6_devconf.forwarding == 0) 409 if (ipv6_devconf.forwarding == 0)
409 goto error; 410 goto error;
@@ -450,7 +451,7 @@ int ip6_forward(struct sk_buff *skb)
450 451
451 /* XXX: idev->cnf.proxy_ndp? */ 452 /* XXX: idev->cnf.proxy_ndp? */
452 if (ipv6_devconf.proxy_ndp && 453 if (ipv6_devconf.proxy_ndp &&
453 pneigh_lookup(&nd_tbl, &init_net, &hdr->daddr, skb->dev, 0)) { 454 pneigh_lookup(&nd_tbl, net, &hdr->daddr, skb->dev, 0)) {
454 int proxied = ip6_forward_proxy_check(skb); 455 int proxied = ip6_forward_proxy_check(skb);
455 if (proxied > 0) 456 if (proxied > 0)
456 return ip6_input(skb); 457 return ip6_input(skb);
@@ -596,7 +597,6 @@ int ip6_find_1stfragopt(struct sk_buff *skb, u8 **nexthdr)
596 597
597 return offset; 598 return offset;
598} 599}
599EXPORT_SYMBOL_GPL(ip6_find_1stfragopt);
600 600
601static int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *)) 601static int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *))
602{ 602{
@@ -912,15 +912,19 @@ static int ip6_dst_lookup_tail(struct sock *sk,
912 struct dst_entry **dst, struct flowi *fl) 912 struct dst_entry **dst, struct flowi *fl)
913{ 913{
914 int err; 914 int err;
915 struct net *net = sock_net(sk);
915 916
916 if (*dst == NULL) 917 if (*dst == NULL)
917 *dst = ip6_route_output(sk, fl); 918 *dst = ip6_route_output(net, sk, fl);
918 919
919 if ((err = (*dst)->error)) 920 if ((err = (*dst)->error))
920 goto out_err_release; 921 goto out_err_release;
921 922
922 if (ipv6_addr_any(&fl->fl6_src)) { 923 if (ipv6_addr_any(&fl->fl6_src)) {
923 err = ipv6_get_saddr(*dst, &fl->fl6_dst, &fl->fl6_src); 924 err = ipv6_dev_get_saddr(ip6_dst_idev(*dst)->dev,
925 &fl->fl6_dst,
926 sk ? inet6_sk(sk)->srcprefs : 0,
927 &fl->fl6_src);
924 if (err) 928 if (err)
925 goto out_err_release; 929 goto out_err_release;
926 } 930 }
@@ -939,7 +943,7 @@ static int ip6_dst_lookup_tail(struct sock *sk,
939 struct flowi fl_gw; 943 struct flowi fl_gw;
940 int redirect; 944 int redirect;
941 945
942 ifp = ipv6_get_ifaddr(&init_net, &fl->fl6_src, 946 ifp = ipv6_get_ifaddr(net, &fl->fl6_src,
943 (*dst)->dev, 1); 947 (*dst)->dev, 1);
944 948
945 redirect = (ifp && ifp->flags & IFA_F_OPTIMISTIC); 949 redirect = (ifp && ifp->flags & IFA_F_OPTIMISTIC);
@@ -954,7 +958,7 @@ static int ip6_dst_lookup_tail(struct sock *sk,
954 dst_release(*dst); 958 dst_release(*dst);
955 memcpy(&fl_gw, fl, sizeof(struct flowi)); 959 memcpy(&fl_gw, fl, sizeof(struct flowi));
956 memset(&fl_gw.fl6_dst, 0, sizeof(struct in6_addr)); 960 memset(&fl_gw.fl6_dst, 0, sizeof(struct in6_addr));
957 *dst = ip6_route_output(sk, &fl_gw); 961 *dst = ip6_route_output(net, sk, &fl_gw);
958 if ((err = (*dst)->error)) 962 if ((err = (*dst)->error))
959 goto out_err_release; 963 goto out_err_release;
960 } 964 }
@@ -1113,7 +1117,7 @@ int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to,
1113 /* need source address above miyazawa*/ 1117 /* need source address above miyazawa*/
1114 } 1118 }
1115 dst_hold(&rt->u.dst); 1119 dst_hold(&rt->u.dst);
1116 np->cork.rt = rt; 1120 inet->cork.dst = &rt->u.dst;
1117 inet->cork.fl = *fl; 1121 inet->cork.fl = *fl;
1118 np->cork.hop_limit = hlimit; 1122 np->cork.hop_limit = hlimit;
1119 np->cork.tclass = tclass; 1123 np->cork.tclass = tclass;
@@ -1134,7 +1138,7 @@ int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to,
1134 length += exthdrlen; 1138 length += exthdrlen;
1135 transhdrlen += exthdrlen; 1139 transhdrlen += exthdrlen;
1136 } else { 1140 } else {
1137 rt = np->cork.rt; 1141 rt = (struct rt6_info *)inet->cork.dst;
1138 fl = &inet->cork.fl; 1142 fl = &inet->cork.fl;
1139 if (inet->cork.flags & IPCORK_OPT) 1143 if (inet->cork.flags & IPCORK_OPT)
1140 opt = np->cork.opt; 1144 opt = np->cork.opt;
@@ -1379,9 +1383,9 @@ static void ip6_cork_release(struct inet_sock *inet, struct ipv6_pinfo *np)
1379 inet->cork.flags &= ~IPCORK_OPT; 1383 inet->cork.flags &= ~IPCORK_OPT;
1380 kfree(np->cork.opt); 1384 kfree(np->cork.opt);
1381 np->cork.opt = NULL; 1385 np->cork.opt = NULL;
1382 if (np->cork.rt) { 1386 if (inet->cork.dst) {
1383 dst_release(&np->cork.rt->u.dst); 1387 dst_release(inet->cork.dst);
1384 np->cork.rt = NULL; 1388 inet->cork.dst = NULL;
1385 inet->cork.flags &= ~IPCORK_ALLFRAG; 1389 inet->cork.flags &= ~IPCORK_ALLFRAG;
1386 } 1390 }
1387 memset(&inet->cork.fl, 0, sizeof(inet->cork.fl)); 1391 memset(&inet->cork.fl, 0, sizeof(inet->cork.fl));
@@ -1396,7 +1400,7 @@ int ip6_push_pending_frames(struct sock *sk)
1396 struct ipv6_pinfo *np = inet6_sk(sk); 1400 struct ipv6_pinfo *np = inet6_sk(sk);
1397 struct ipv6hdr *hdr; 1401 struct ipv6hdr *hdr;
1398 struct ipv6_txoptions *opt = np->cork.opt; 1402 struct ipv6_txoptions *opt = np->cork.opt;
1399 struct rt6_info *rt = np->cork.rt; 1403 struct rt6_info *rt = (struct rt6_info *)inet->cork.dst;
1400 struct flowi *fl = &inet->cork.fl; 1404 struct flowi *fl = &inet->cork.fl;
1401 unsigned char proto = fl->proto; 1405 unsigned char proto = fl->proto;
1402 int err = 0; 1406 int err = 0;
diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c
index 78f438880923..2bda3ba100b1 100644
--- a/net/ipv6/ip6_tunnel.c
+++ b/net/ipv6/ip6_tunnel.c
@@ -52,6 +52,8 @@
52#include <net/xfrm.h> 52#include <net/xfrm.h>
53#include <net/dsfield.h> 53#include <net/dsfield.h>
54#include <net/inet_ecn.h> 54#include <net/inet_ecn.h>
55#include <net/net_namespace.h>
56#include <net/netns/generic.h>
55 57
56MODULE_AUTHOR("Ville Nuorvala"); 58MODULE_AUTHOR("Ville Nuorvala");
57MODULE_DESCRIPTION("IPv6 tunneling device"); 59MODULE_DESCRIPTION("IPv6 tunneling device");
@@ -60,7 +62,7 @@ MODULE_LICENSE("GPL");
60#define IPV6_TLV_TEL_DST_SIZE 8 62#define IPV6_TLV_TEL_DST_SIZE 8
61 63
62#ifdef IP6_TNL_DEBUG 64#ifdef IP6_TNL_DEBUG
63#define IP6_TNL_TRACE(x...) printk(KERN_DEBUG "%s:" x "\n", __FUNCTION__) 65#define IP6_TNL_TRACE(x...) printk(KERN_DEBUG "%s:" x "\n", __func__)
64#else 66#else
65#define IP6_TNL_TRACE(x...) do {;} while(0) 67#define IP6_TNL_TRACE(x...) do {;} while(0)
66#endif 68#endif
@@ -78,14 +80,15 @@ static int ip6_fb_tnl_dev_init(struct net_device *dev);
78static int ip6_tnl_dev_init(struct net_device *dev); 80static int ip6_tnl_dev_init(struct net_device *dev);
79static void ip6_tnl_dev_setup(struct net_device *dev); 81static void ip6_tnl_dev_setup(struct net_device *dev);
80 82
81/* the IPv6 tunnel fallback device */ 83static int ip6_tnl_net_id;
82static struct net_device *ip6_fb_tnl_dev; 84struct ip6_tnl_net {
83 85 /* the IPv6 tunnel fallback device */
84 86 struct net_device *fb_tnl_dev;
85/* lists for storing tunnels in use */ 87 /* lists for storing tunnels in use */
86static struct ip6_tnl *tnls_r_l[HASH_SIZE]; 88 struct ip6_tnl *tnls_r_l[HASH_SIZE];
87static struct ip6_tnl *tnls_wc[1]; 89 struct ip6_tnl *tnls_wc[1];
88static struct ip6_tnl **tnls[2] = { tnls_wc, tnls_r_l }; 90 struct ip6_tnl **tnls[2];
91};
89 92
90/* lock for the tunnel lists */ 93/* lock for the tunnel lists */
91static DEFINE_RWLOCK(ip6_tnl_lock); 94static DEFINE_RWLOCK(ip6_tnl_lock);
@@ -130,19 +133,20 @@ static inline void ip6_tnl_dst_store(struct ip6_tnl *t, struct dst_entry *dst)
130 **/ 133 **/
131 134
132static struct ip6_tnl * 135static struct ip6_tnl *
133ip6_tnl_lookup(struct in6_addr *remote, struct in6_addr *local) 136ip6_tnl_lookup(struct net *net, struct in6_addr *remote, struct in6_addr *local)
134{ 137{
135 unsigned h0 = HASH(remote); 138 unsigned h0 = HASH(remote);
136 unsigned h1 = HASH(local); 139 unsigned h1 = HASH(local);
137 struct ip6_tnl *t; 140 struct ip6_tnl *t;
141 struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id);
138 142
139 for (t = tnls_r_l[h0 ^ h1]; t; t = t->next) { 143 for (t = ip6n->tnls_r_l[h0 ^ h1]; t; t = t->next) {
140 if (ipv6_addr_equal(local, &t->parms.laddr) && 144 if (ipv6_addr_equal(local, &t->parms.laddr) &&
141 ipv6_addr_equal(remote, &t->parms.raddr) && 145 ipv6_addr_equal(remote, &t->parms.raddr) &&
142 (t->dev->flags & IFF_UP)) 146 (t->dev->flags & IFF_UP))
143 return t; 147 return t;
144 } 148 }
145 if ((t = tnls_wc[0]) != NULL && (t->dev->flags & IFF_UP)) 149 if ((t = ip6n->tnls_wc[0]) != NULL && (t->dev->flags & IFF_UP))
146 return t; 150 return t;
147 151
148 return NULL; 152 return NULL;
@@ -160,7 +164,7 @@ ip6_tnl_lookup(struct in6_addr *remote, struct in6_addr *local)
160 **/ 164 **/
161 165
162static struct ip6_tnl ** 166static struct ip6_tnl **
163ip6_tnl_bucket(struct ip6_tnl_parm *p) 167ip6_tnl_bucket(struct ip6_tnl_net *ip6n, struct ip6_tnl_parm *p)
164{ 168{
165 struct in6_addr *remote = &p->raddr; 169 struct in6_addr *remote = &p->raddr;
166 struct in6_addr *local = &p->laddr; 170 struct in6_addr *local = &p->laddr;
@@ -171,7 +175,7 @@ ip6_tnl_bucket(struct ip6_tnl_parm *p)
171 prio = 1; 175 prio = 1;
172 h = HASH(remote) ^ HASH(local); 176 h = HASH(remote) ^ HASH(local);
173 } 177 }
174 return &tnls[prio][h]; 178 return &ip6n->tnls[prio][h];
175} 179}
176 180
177/** 181/**
@@ -180,9 +184,9 @@ ip6_tnl_bucket(struct ip6_tnl_parm *p)
180 **/ 184 **/
181 185
182static void 186static void
183ip6_tnl_link(struct ip6_tnl *t) 187ip6_tnl_link(struct ip6_tnl_net *ip6n, struct ip6_tnl *t)
184{ 188{
185 struct ip6_tnl **tp = ip6_tnl_bucket(&t->parms); 189 struct ip6_tnl **tp = ip6_tnl_bucket(ip6n, &t->parms);
186 190
187 t->next = *tp; 191 t->next = *tp;
188 write_lock_bh(&ip6_tnl_lock); 192 write_lock_bh(&ip6_tnl_lock);
@@ -196,11 +200,11 @@ ip6_tnl_link(struct ip6_tnl *t)
196 **/ 200 **/
197 201
198static void 202static void
199ip6_tnl_unlink(struct ip6_tnl *t) 203ip6_tnl_unlink(struct ip6_tnl_net *ip6n, struct ip6_tnl *t)
200{ 204{
201 struct ip6_tnl **tp; 205 struct ip6_tnl **tp;
202 206
203 for (tp = ip6_tnl_bucket(&t->parms); *tp; tp = &(*tp)->next) { 207 for (tp = ip6_tnl_bucket(ip6n, &t->parms); *tp; tp = &(*tp)->next) {
204 if (t == *tp) { 208 if (t == *tp) {
205 write_lock_bh(&ip6_tnl_lock); 209 write_lock_bh(&ip6_tnl_lock);
206 *tp = t->next; 210 *tp = t->next;
@@ -222,12 +226,13 @@ ip6_tnl_unlink(struct ip6_tnl *t)
222 * created tunnel or NULL 226 * created tunnel or NULL
223 **/ 227 **/
224 228
225static struct ip6_tnl *ip6_tnl_create(struct ip6_tnl_parm *p) 229static struct ip6_tnl *ip6_tnl_create(struct net *net, struct ip6_tnl_parm *p)
226{ 230{
227 struct net_device *dev; 231 struct net_device *dev;
228 struct ip6_tnl *t; 232 struct ip6_tnl *t;
229 char name[IFNAMSIZ]; 233 char name[IFNAMSIZ];
230 int err; 234 int err;
235 struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id);
231 236
232 if (p->name[0]) 237 if (p->name[0])
233 strlcpy(name, p->name, IFNAMSIZ); 238 strlcpy(name, p->name, IFNAMSIZ);
@@ -238,6 +243,8 @@ static struct ip6_tnl *ip6_tnl_create(struct ip6_tnl_parm *p)
238 if (dev == NULL) 243 if (dev == NULL)
239 goto failed; 244 goto failed;
240 245
246 dev_net_set(dev, net);
247
241 if (strchr(name, '%')) { 248 if (strchr(name, '%')) {
242 if (dev_alloc_name(dev, name) < 0) 249 if (dev_alloc_name(dev, name) < 0)
243 goto failed_free; 250 goto failed_free;
@@ -251,7 +258,7 @@ static struct ip6_tnl *ip6_tnl_create(struct ip6_tnl_parm *p)
251 goto failed_free; 258 goto failed_free;
252 259
253 dev_hold(dev); 260 dev_hold(dev);
254 ip6_tnl_link(t); 261 ip6_tnl_link(ip6n, t);
255 return t; 262 return t;
256 263
257failed_free: 264failed_free:
@@ -274,20 +281,22 @@ failed:
274 * matching tunnel or NULL 281 * matching tunnel or NULL
275 **/ 282 **/
276 283
277static struct ip6_tnl *ip6_tnl_locate(struct ip6_tnl_parm *p, int create) 284static struct ip6_tnl *ip6_tnl_locate(struct net *net,
285 struct ip6_tnl_parm *p, int create)
278{ 286{
279 struct in6_addr *remote = &p->raddr; 287 struct in6_addr *remote = &p->raddr;
280 struct in6_addr *local = &p->laddr; 288 struct in6_addr *local = &p->laddr;
281 struct ip6_tnl *t; 289 struct ip6_tnl *t;
290 struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id);
282 291
283 for (t = *ip6_tnl_bucket(p); t; t = t->next) { 292 for (t = *ip6_tnl_bucket(ip6n, p); t; t = t->next) {
284 if (ipv6_addr_equal(local, &t->parms.laddr) && 293 if (ipv6_addr_equal(local, &t->parms.laddr) &&
285 ipv6_addr_equal(remote, &t->parms.raddr)) 294 ipv6_addr_equal(remote, &t->parms.raddr))
286 return t; 295 return t;
287 } 296 }
288 if (!create) 297 if (!create)
289 return NULL; 298 return NULL;
290 return ip6_tnl_create(p); 299 return ip6_tnl_create(net, p);
291} 300}
292 301
293/** 302/**
@@ -302,13 +311,15 @@ static void
302ip6_tnl_dev_uninit(struct net_device *dev) 311ip6_tnl_dev_uninit(struct net_device *dev)
303{ 312{
304 struct ip6_tnl *t = netdev_priv(dev); 313 struct ip6_tnl *t = netdev_priv(dev);
314 struct net *net = dev_net(dev);
315 struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id);
305 316
306 if (dev == ip6_fb_tnl_dev) { 317 if (dev == ip6n->fb_tnl_dev) {
307 write_lock_bh(&ip6_tnl_lock); 318 write_lock_bh(&ip6_tnl_lock);
308 tnls_wc[0] = NULL; 319 ip6n->tnls_wc[0] = NULL;
309 write_unlock_bh(&ip6_tnl_lock); 320 write_unlock_bh(&ip6_tnl_lock);
310 } else { 321 } else {
311 ip6_tnl_unlink(t); 322 ip6_tnl_unlink(ip6n, t);
312 } 323 }
313 ip6_tnl_dst_reset(t); 324 ip6_tnl_dst_reset(t);
314 dev_put(dev); 325 dev_put(dev);
@@ -401,7 +412,8 @@ ip6_tnl_err(struct sk_buff *skb, __u8 ipproto, struct inet6_skb_parm *opt,
401 processing of the error. */ 412 processing of the error. */
402 413
403 read_lock(&ip6_tnl_lock); 414 read_lock(&ip6_tnl_lock);
404 if ((t = ip6_tnl_lookup(&ipv6h->daddr, &ipv6h->saddr)) == NULL) 415 if ((t = ip6_tnl_lookup(dev_net(skb->dev), &ipv6h->daddr,
416 &ipv6h->saddr)) == NULL)
405 goto out; 417 goto out;
406 418
407 if (t->parms.proto != ipproto && t->parms.proto != 0) 419 if (t->parms.proto != ipproto && t->parms.proto != 0)
@@ -533,7 +545,7 @@ ip4ip6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
533 fl.fl4_dst = eiph->saddr; 545 fl.fl4_dst = eiph->saddr;
534 fl.fl4_tos = RT_TOS(eiph->tos); 546 fl.fl4_tos = RT_TOS(eiph->tos);
535 fl.proto = IPPROTO_IPIP; 547 fl.proto = IPPROTO_IPIP;
536 if (ip_route_output_key(&init_net, &rt, &fl)) 548 if (ip_route_output_key(dev_net(skb->dev), &rt, &fl))
537 goto out; 549 goto out;
538 550
539 skb2->dev = rt->u.dst.dev; 551 skb2->dev = rt->u.dst.dev;
@@ -545,7 +557,7 @@ ip4ip6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
545 fl.fl4_dst = eiph->daddr; 557 fl.fl4_dst = eiph->daddr;
546 fl.fl4_src = eiph->saddr; 558 fl.fl4_src = eiph->saddr;
547 fl.fl4_tos = eiph->tos; 559 fl.fl4_tos = eiph->tos;
548 if (ip_route_output_key(&init_net, &rt, &fl) || 560 if (ip_route_output_key(dev_net(skb->dev), &rt, &fl) ||
549 rt->u.dst.dev->type != ARPHRD_TUNNEL) { 561 rt->u.dst.dev->type != ARPHRD_TUNNEL) {
550 ip_rt_put(rt); 562 ip_rt_put(rt);
551 goto out; 563 goto out;
@@ -602,7 +614,8 @@ ip6ip6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
602 skb_reset_network_header(skb2); 614 skb_reset_network_header(skb2);
603 615
604 /* Try to guess incoming interface */ 616 /* Try to guess incoming interface */
605 rt = rt6_lookup(&ipv6_hdr(skb2)->saddr, NULL, 0, 0); 617 rt = rt6_lookup(dev_net(skb->dev), &ipv6_hdr(skb2)->saddr,
618 NULL, 0, 0);
606 619
607 if (rt && rt->rt6i_dev) 620 if (rt && rt->rt6i_dev)
608 skb2->dev = rt->rt6i_dev; 621 skb2->dev = rt->rt6i_dev;
@@ -646,16 +659,17 @@ static inline int ip6_tnl_rcv_ctl(struct ip6_tnl *t)
646{ 659{
647 struct ip6_tnl_parm *p = &t->parms; 660 struct ip6_tnl_parm *p = &t->parms;
648 int ret = 0; 661 int ret = 0;
662 struct net *net = dev_net(t->dev);
649 663
650 if (p->flags & IP6_TNL_F_CAP_RCV) { 664 if (p->flags & IP6_TNL_F_CAP_RCV) {
651 struct net_device *ldev = NULL; 665 struct net_device *ldev = NULL;
652 666
653 if (p->link) 667 if (p->link)
654 ldev = dev_get_by_index(&init_net, p->link); 668 ldev = dev_get_by_index(net, p->link);
655 669
656 if ((ipv6_addr_is_multicast(&p->laddr) || 670 if ((ipv6_addr_is_multicast(&p->laddr) ||
657 likely(ipv6_chk_addr(&init_net, &p->laddr, ldev, 0))) && 671 likely(ipv6_chk_addr(net, &p->laddr, ldev, 0))) &&
658 likely(!ipv6_chk_addr(&init_net, &p->raddr, NULL, 0))) 672 likely(!ipv6_chk_addr(net, &p->raddr, NULL, 0)))
659 ret = 1; 673 ret = 1;
660 674
661 if (ldev) 675 if (ldev)
@@ -684,7 +698,8 @@ static int ip6_tnl_rcv(struct sk_buff *skb, __u16 protocol,
684 698
685 read_lock(&ip6_tnl_lock); 699 read_lock(&ip6_tnl_lock);
686 700
687 if ((t = ip6_tnl_lookup(&ipv6h->saddr, &ipv6h->daddr)) != NULL) { 701 if ((t = ip6_tnl_lookup(dev_net(skb->dev), &ipv6h->saddr,
702 &ipv6h->daddr)) != NULL) {
688 if (t->parms.proto != ipproto && t->parms.proto != 0) { 703 if (t->parms.proto != ipproto && t->parms.proto != 0) {
689 read_unlock(&ip6_tnl_lock); 704 read_unlock(&ip6_tnl_lock);
690 goto discard; 705 goto discard;
@@ -782,19 +797,20 @@ static inline int ip6_tnl_xmit_ctl(struct ip6_tnl *t)
782{ 797{
783 struct ip6_tnl_parm *p = &t->parms; 798 struct ip6_tnl_parm *p = &t->parms;
784 int ret = 0; 799 int ret = 0;
800 struct net *net = dev_net(t->dev);
785 801
786 if (p->flags & IP6_TNL_F_CAP_XMIT) { 802 if (p->flags & IP6_TNL_F_CAP_XMIT) {
787 struct net_device *ldev = NULL; 803 struct net_device *ldev = NULL;
788 804
789 if (p->link) 805 if (p->link)
790 ldev = dev_get_by_index(&init_net, p->link); 806 ldev = dev_get_by_index(net, p->link);
791 807
792 if (unlikely(!ipv6_chk_addr(&init_net, &p->laddr, ldev, 0))) 808 if (unlikely(!ipv6_chk_addr(net, &p->laddr, ldev, 0)))
793 printk(KERN_WARNING 809 printk(KERN_WARNING
794 "%s xmit: Local address not yet configured!\n", 810 "%s xmit: Local address not yet configured!\n",
795 p->name); 811 p->name);
796 else if (!ipv6_addr_is_multicast(&p->raddr) && 812 else if (!ipv6_addr_is_multicast(&p->raddr) &&
797 unlikely(ipv6_chk_addr(&init_net, &p->raddr, NULL, 0))) 813 unlikely(ipv6_chk_addr(net, &p->raddr, NULL, 0)))
798 printk(KERN_WARNING 814 printk(KERN_WARNING
799 "%s xmit: Routing loop! " 815 "%s xmit: Routing loop! "
800 "Remote address found on this node!\n", 816 "Remote address found on this node!\n",
@@ -847,7 +863,7 @@ static int ip6_tnl_xmit2(struct sk_buff *skb,
847 if ((dst = ip6_tnl_dst_check(t)) != NULL) 863 if ((dst = ip6_tnl_dst_check(t)) != NULL)
848 dst_hold(dst); 864 dst_hold(dst);
849 else { 865 else {
850 dst = ip6_route_output(NULL, fl); 866 dst = ip6_route_output(dev_net(dev), NULL, fl);
851 867
852 if (dst->error || xfrm_lookup(&dst, fl, NULL, 0) < 0) 868 if (dst->error || xfrm_lookup(&dst, fl, NULL, 0) < 0)
853 goto tx_err_link_failure; 869 goto tx_err_link_failure;
@@ -1112,7 +1128,8 @@ static void ip6_tnl_link_config(struct ip6_tnl *t)
1112 int strict = (ipv6_addr_type(&p->raddr) & 1128 int strict = (ipv6_addr_type(&p->raddr) &
1113 (IPV6_ADDR_MULTICAST|IPV6_ADDR_LINKLOCAL)); 1129 (IPV6_ADDR_MULTICAST|IPV6_ADDR_LINKLOCAL));
1114 1130
1115 struct rt6_info *rt = rt6_lookup(&p->raddr, &p->laddr, 1131 struct rt6_info *rt = rt6_lookup(dev_net(dev),
1132 &p->raddr, &p->laddr,
1116 p->link, strict); 1133 p->link, strict);
1117 1134
1118 if (rt == NULL) 1135 if (rt == NULL)
@@ -1191,15 +1208,17 @@ ip6_tnl_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
1191 int err = 0; 1208 int err = 0;
1192 struct ip6_tnl_parm p; 1209 struct ip6_tnl_parm p;
1193 struct ip6_tnl *t = NULL; 1210 struct ip6_tnl *t = NULL;
1211 struct net *net = dev_net(dev);
1212 struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id);
1194 1213
1195 switch (cmd) { 1214 switch (cmd) {
1196 case SIOCGETTUNNEL: 1215 case SIOCGETTUNNEL:
1197 if (dev == ip6_fb_tnl_dev) { 1216 if (dev == ip6n->fb_tnl_dev) {
1198 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof (p))) { 1217 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof (p))) {
1199 err = -EFAULT; 1218 err = -EFAULT;
1200 break; 1219 break;
1201 } 1220 }
1202 t = ip6_tnl_locate(&p, 0); 1221 t = ip6_tnl_locate(net, &p, 0);
1203 } 1222 }
1204 if (t == NULL) 1223 if (t == NULL)
1205 t = netdev_priv(dev); 1224 t = netdev_priv(dev);
@@ -1220,8 +1239,8 @@ ip6_tnl_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
1220 if (p.proto != IPPROTO_IPV6 && p.proto != IPPROTO_IPIP && 1239 if (p.proto != IPPROTO_IPV6 && p.proto != IPPROTO_IPIP &&
1221 p.proto != 0) 1240 p.proto != 0)
1222 break; 1241 break;
1223 t = ip6_tnl_locate(&p, cmd == SIOCADDTUNNEL); 1242 t = ip6_tnl_locate(net, &p, cmd == SIOCADDTUNNEL);
1224 if (dev != ip6_fb_tnl_dev && cmd == SIOCCHGTUNNEL) { 1243 if (dev != ip6n->fb_tnl_dev && cmd == SIOCCHGTUNNEL) {
1225 if (t != NULL) { 1244 if (t != NULL) {
1226 if (t->dev != dev) { 1245 if (t->dev != dev) {
1227 err = -EEXIST; 1246 err = -EEXIST;
@@ -1230,9 +1249,9 @@ ip6_tnl_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
1230 } else 1249 } else
1231 t = netdev_priv(dev); 1250 t = netdev_priv(dev);
1232 1251
1233 ip6_tnl_unlink(t); 1252 ip6_tnl_unlink(ip6n, t);
1234 err = ip6_tnl_change(t, &p); 1253 err = ip6_tnl_change(t, &p);
1235 ip6_tnl_link(t); 1254 ip6_tnl_link(ip6n, t);
1236 netdev_state_change(dev); 1255 netdev_state_change(dev);
1237 } 1256 }
1238 if (t) { 1257 if (t) {
@@ -1248,15 +1267,15 @@ ip6_tnl_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
1248 if (!capable(CAP_NET_ADMIN)) 1267 if (!capable(CAP_NET_ADMIN))
1249 break; 1268 break;
1250 1269
1251 if (dev == ip6_fb_tnl_dev) { 1270 if (dev == ip6n->fb_tnl_dev) {
1252 err = -EFAULT; 1271 err = -EFAULT;
1253 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof (p))) 1272 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof (p)))
1254 break; 1273 break;
1255 err = -ENOENT; 1274 err = -ENOENT;
1256 if ((t = ip6_tnl_locate(&p, 0)) == NULL) 1275 if ((t = ip6_tnl_locate(net, &p, 0)) == NULL)
1257 break; 1276 break;
1258 err = -EPERM; 1277 err = -EPERM;
1259 if (t->dev == ip6_fb_tnl_dev) 1278 if (t->dev == ip6n->fb_tnl_dev)
1260 break; 1279 break;
1261 dev = t->dev; 1280 dev = t->dev;
1262 } 1281 }
@@ -1324,6 +1343,7 @@ static void ip6_tnl_dev_setup(struct net_device *dev)
1324 dev->mtu = ETH_DATA_LEN - sizeof (struct ipv6hdr); 1343 dev->mtu = ETH_DATA_LEN - sizeof (struct ipv6hdr);
1325 dev->flags |= IFF_NOARP; 1344 dev->flags |= IFF_NOARP;
1326 dev->addr_len = sizeof(struct in6_addr); 1345 dev->addr_len = sizeof(struct in6_addr);
1346 dev->features |= NETIF_F_NETNS_LOCAL;
1327} 1347}
1328 1348
1329 1349
@@ -1365,10 +1385,13 @@ static int
1365ip6_fb_tnl_dev_init(struct net_device *dev) 1385ip6_fb_tnl_dev_init(struct net_device *dev)
1366{ 1386{
1367 struct ip6_tnl *t = netdev_priv(dev); 1387 struct ip6_tnl *t = netdev_priv(dev);
1388 struct net *net = dev_net(dev);
1389 struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id);
1390
1368 ip6_tnl_dev_init_gen(dev); 1391 ip6_tnl_dev_init_gen(dev);
1369 t->parms.proto = IPPROTO_IPV6; 1392 t->parms.proto = IPPROTO_IPV6;
1370 dev_hold(dev); 1393 dev_hold(dev);
1371 tnls_wc[0] = t; 1394 ip6n->tnls_wc[0] = t;
1372 return 0; 1395 return 0;
1373} 1396}
1374 1397
@@ -1384,6 +1407,78 @@ static struct xfrm6_tunnel ip6ip6_handler = {
1384 .priority = 1, 1407 .priority = 1,
1385}; 1408};
1386 1409
1410static void ip6_tnl_destroy_tunnels(struct ip6_tnl_net *ip6n)
1411{
1412 int h;
1413 struct ip6_tnl *t;
1414
1415 for (h = 0; h < HASH_SIZE; h++) {
1416 while ((t = ip6n->tnls_r_l[h]) != NULL)
1417 unregister_netdevice(t->dev);
1418 }
1419
1420 t = ip6n->tnls_wc[0];
1421 unregister_netdevice(t->dev);
1422}
1423
1424static int ip6_tnl_init_net(struct net *net)
1425{
1426 int err;
1427 struct ip6_tnl_net *ip6n;
1428
1429 err = -ENOMEM;
1430 ip6n = kzalloc(sizeof(struct ip6_tnl_net), GFP_KERNEL);
1431 if (ip6n == NULL)
1432 goto err_alloc;
1433
1434 err = net_assign_generic(net, ip6_tnl_net_id, ip6n);
1435 if (err < 0)
1436 goto err_assign;
1437
1438 ip6n->tnls[0] = ip6n->tnls_wc;
1439 ip6n->tnls[1] = ip6n->tnls_r_l;
1440
1441 err = -ENOMEM;
1442 ip6n->fb_tnl_dev = alloc_netdev(sizeof(struct ip6_tnl), "ip6tnl0",
1443 ip6_tnl_dev_setup);
1444
1445 if (!ip6n->fb_tnl_dev)
1446 goto err_alloc_dev;
1447
1448 ip6n->fb_tnl_dev->init = ip6_fb_tnl_dev_init;
1449 dev_net_set(ip6n->fb_tnl_dev, net);
1450
1451 err = register_netdev(ip6n->fb_tnl_dev);
1452 if (err < 0)
1453 goto err_register;
1454 return 0;
1455
1456err_register:
1457 free_netdev(ip6n->fb_tnl_dev);
1458err_alloc_dev:
1459 /* nothing */
1460err_assign:
1461 kfree(ip6n);
1462err_alloc:
1463 return err;
1464}
1465
1466static void ip6_tnl_exit_net(struct net *net)
1467{
1468 struct ip6_tnl_net *ip6n;
1469
1470 ip6n = net_generic(net, ip6_tnl_net_id);
1471 rtnl_lock();
1472 ip6_tnl_destroy_tunnels(ip6n);
1473 rtnl_unlock();
1474 kfree(ip6n);
1475}
1476
1477static struct pernet_operations ip6_tnl_net_ops = {
1478 .init = ip6_tnl_init_net,
1479 .exit = ip6_tnl_exit_net,
1480};
1481
1387/** 1482/**
1388 * ip6_tunnel_init - register protocol and reserve needed resources 1483 * ip6_tunnel_init - register protocol and reserve needed resources
1389 * 1484 *
@@ -1405,21 +1500,12 @@ static int __init ip6_tunnel_init(void)
1405 err = -EAGAIN; 1500 err = -EAGAIN;
1406 goto unreg_ip4ip6; 1501 goto unreg_ip4ip6;
1407 } 1502 }
1408 ip6_fb_tnl_dev = alloc_netdev(sizeof(struct ip6_tnl), "ip6tnl0",
1409 ip6_tnl_dev_setup);
1410 1503
1411 if (!ip6_fb_tnl_dev) { 1504 err = register_pernet_gen_device(&ip6_tnl_net_id, &ip6_tnl_net_ops);
1412 err = -ENOMEM; 1505 if (err < 0)
1413 goto fail; 1506 goto err_pernet;
1414 }
1415 ip6_fb_tnl_dev->init = ip6_fb_tnl_dev_init;
1416
1417 if ((err = register_netdev(ip6_fb_tnl_dev))) {
1418 free_netdev(ip6_fb_tnl_dev);
1419 goto fail;
1420 }
1421 return 0; 1507 return 0;
1422fail: 1508err_pernet:
1423 xfrm6_tunnel_deregister(&ip6ip6_handler, AF_INET6); 1509 xfrm6_tunnel_deregister(&ip6ip6_handler, AF_INET6);
1424unreg_ip4ip6: 1510unreg_ip4ip6:
1425 xfrm6_tunnel_deregister(&ip4ip6_handler, AF_INET); 1511 xfrm6_tunnel_deregister(&ip4ip6_handler, AF_INET);
@@ -1427,20 +1513,6 @@ out:
1427 return err; 1513 return err;
1428} 1514}
1429 1515
1430static void __exit ip6_tnl_destroy_tunnels(void)
1431{
1432 int h;
1433 struct ip6_tnl *t;
1434
1435 for (h = 0; h < HASH_SIZE; h++) {
1436 while ((t = tnls_r_l[h]) != NULL)
1437 unregister_netdevice(t->dev);
1438 }
1439
1440 t = tnls_wc[0];
1441 unregister_netdevice(t->dev);
1442}
1443
1444/** 1516/**
1445 * ip6_tunnel_cleanup - free resources and unregister protocol 1517 * ip6_tunnel_cleanup - free resources and unregister protocol
1446 **/ 1518 **/
@@ -1453,9 +1525,7 @@ static void __exit ip6_tunnel_cleanup(void)
1453 if (xfrm6_tunnel_deregister(&ip6ip6_handler, AF_INET6)) 1525 if (xfrm6_tunnel_deregister(&ip6ip6_handler, AF_INET6))
1454 printk(KERN_INFO "ip6_tunnel close: can't deregister ip6ip6\n"); 1526 printk(KERN_INFO "ip6_tunnel close: can't deregister ip6ip6\n");
1455 1527
1456 rtnl_lock(); 1528 unregister_pernet_gen_device(ip6_tnl_net_id, &ip6_tnl_net_ops);
1457 ip6_tnl_destroy_tunnels();
1458 rtnl_unlock();
1459} 1529}
1460 1530
1461module_init(ip6_tunnel_init); 1531module_init(ip6_tunnel_init);
diff --git a/net/ipv6/ip6mr.c b/net/ipv6/ip6mr.c
new file mode 100644
index 000000000000..c8c6e33d1163
--- /dev/null
+++ b/net/ipv6/ip6mr.c
@@ -0,0 +1,1643 @@
1/*
2 * Linux IPv6 multicast routing support for BSD pim6sd
3 * Based on net/ipv4/ipmr.c.
4 *
5 * (c) 2004 Mickael Hoerdt, <hoerdt@clarinet.u-strasbg.fr>
6 * LSIIT Laboratory, Strasbourg, France
7 * (c) 2004 Jean-Philippe Andriot, <jean-philippe.andriot@6WIND.com>
8 * 6WIND, Paris, France
9 * Copyright (C)2007,2008 USAGI/WIDE Project
10 * YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
11 *
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version
15 * 2 of the License, or (at your option) any later version.
16 *
17 */
18
19#include <asm/system.h>
20#include <asm/uaccess.h>
21#include <linux/types.h>
22#include <linux/sched.h>
23#include <linux/errno.h>
24#include <linux/timer.h>
25#include <linux/mm.h>
26#include <linux/kernel.h>
27#include <linux/fcntl.h>
28#include <linux/stat.h>
29#include <linux/socket.h>
30#include <linux/inet.h>
31#include <linux/netdevice.h>
32#include <linux/inetdevice.h>
33#include <linux/proc_fs.h>
34#include <linux/seq_file.h>
35#include <linux/init.h>
36#include <net/protocol.h>
37#include <linux/skbuff.h>
38#include <net/sock.h>
39#include <net/raw.h>
40#include <linux/notifier.h>
41#include <linux/if_arp.h>
42#include <net/checksum.h>
43#include <net/netlink.h>
44
45#include <net/ipv6.h>
46#include <net/ip6_route.h>
47#include <linux/mroute6.h>
48#include <linux/pim.h>
49#include <net/addrconf.h>
50#include <linux/netfilter_ipv6.h>
51
52struct sock *mroute6_socket;
53
54
55/* Big lock, protecting vif table, mrt cache and mroute socket state.
56 Note that the changes are semaphored via rtnl_lock.
57 */
58
59static DEFINE_RWLOCK(mrt_lock);
60
61/*
62 * Multicast router control variables
63 */
64
65static struct mif_device vif6_table[MAXMIFS]; /* Devices */
66static int maxvif;
67
68#define MIF_EXISTS(idx) (vif6_table[idx].dev != NULL)
69
70static int mroute_do_assert; /* Set in PIM assert */
71#ifdef CONFIG_IPV6_PIMSM_V2
72static int mroute_do_pim;
73#else
74#define mroute_do_pim 0
75#endif
76
77static struct mfc6_cache *mfc6_cache_array[MFC6_LINES]; /* Forwarding cache */
78
79static struct mfc6_cache *mfc_unres_queue; /* Queue of unresolved entries */
80static atomic_t cache_resolve_queue_len; /* Size of unresolved */
81
82/* Special spinlock for queue of unresolved entries */
83static DEFINE_SPINLOCK(mfc_unres_lock);
84
85/* We return to original Alan's scheme. Hash table of resolved
86 entries is changed only in process context and protected
87 with weak lock mrt_lock. Queue of unresolved entries is protected
88 with strong spinlock mfc_unres_lock.
89
90 In this case data path is free of exclusive locks at all.
91 */
92
93static struct kmem_cache *mrt_cachep __read_mostly;
94
95static int ip6_mr_forward(struct sk_buff *skb, struct mfc6_cache *cache);
96static int ip6mr_cache_report(struct sk_buff *pkt, mifi_t mifi, int assert);
97static int ip6mr_fill_mroute(struct sk_buff *skb, struct mfc6_cache *c, struct rtmsg *rtm);
98
99#ifdef CONFIG_IPV6_PIMSM_V2
100static struct inet6_protocol pim6_protocol;
101#endif
102
103static struct timer_list ipmr_expire_timer;
104
105
106#ifdef CONFIG_PROC_FS
107
108struct ipmr_mfc_iter {
109 struct mfc6_cache **cache;
110 int ct;
111};
112
113
114static struct mfc6_cache *ipmr_mfc_seq_idx(struct ipmr_mfc_iter *it, loff_t pos)
115{
116 struct mfc6_cache *mfc;
117
118 it->cache = mfc6_cache_array;
119 read_lock(&mrt_lock);
120 for (it->ct = 0; it->ct < ARRAY_SIZE(mfc6_cache_array); it->ct++)
121 for (mfc = mfc6_cache_array[it->ct]; mfc; mfc = mfc->next)
122 if (pos-- == 0)
123 return mfc;
124 read_unlock(&mrt_lock);
125
126 it->cache = &mfc_unres_queue;
127 spin_lock_bh(&mfc_unres_lock);
128 for (mfc = mfc_unres_queue; mfc; mfc = mfc->next)
129 if (pos-- == 0)
130 return mfc;
131 spin_unlock_bh(&mfc_unres_lock);
132
133 it->cache = NULL;
134 return NULL;
135}
136
137
138
139
140/*
141 * The /proc interfaces to multicast routing /proc/ip6_mr_cache /proc/ip6_mr_vif
142 */
143
144struct ipmr_vif_iter {
145 int ct;
146};
147
148static struct mif_device *ip6mr_vif_seq_idx(struct ipmr_vif_iter *iter,
149 loff_t pos)
150{
151 for (iter->ct = 0; iter->ct < maxvif; ++iter->ct) {
152 if (!MIF_EXISTS(iter->ct))
153 continue;
154 if (pos-- == 0)
155 return &vif6_table[iter->ct];
156 }
157 return NULL;
158}
159
160static void *ip6mr_vif_seq_start(struct seq_file *seq, loff_t *pos)
161 __acquires(mrt_lock)
162{
163 read_lock(&mrt_lock);
164 return (*pos ? ip6mr_vif_seq_idx(seq->private, *pos - 1)
165 : SEQ_START_TOKEN);
166}
167
168static void *ip6mr_vif_seq_next(struct seq_file *seq, void *v, loff_t *pos)
169{
170 struct ipmr_vif_iter *iter = seq->private;
171
172 ++*pos;
173 if (v == SEQ_START_TOKEN)
174 return ip6mr_vif_seq_idx(iter, 0);
175
176 while (++iter->ct < maxvif) {
177 if (!MIF_EXISTS(iter->ct))
178 continue;
179 return &vif6_table[iter->ct];
180 }
181 return NULL;
182}
183
184static void ip6mr_vif_seq_stop(struct seq_file *seq, void *v)
185 __releases(mrt_lock)
186{
187 read_unlock(&mrt_lock);
188}
189
190static int ip6mr_vif_seq_show(struct seq_file *seq, void *v)
191{
192 if (v == SEQ_START_TOKEN) {
193 seq_puts(seq,
194 "Interface BytesIn PktsIn BytesOut PktsOut Flags\n");
195 } else {
196 const struct mif_device *vif = v;
197 const char *name = vif->dev ? vif->dev->name : "none";
198
199 seq_printf(seq,
200 "%2Zd %-10s %8ld %7ld %8ld %7ld %05X\n",
201 vif - vif6_table,
202 name, vif->bytes_in, vif->pkt_in,
203 vif->bytes_out, vif->pkt_out,
204 vif->flags);
205 }
206 return 0;
207}
208
209static struct seq_operations ip6mr_vif_seq_ops = {
210 .start = ip6mr_vif_seq_start,
211 .next = ip6mr_vif_seq_next,
212 .stop = ip6mr_vif_seq_stop,
213 .show = ip6mr_vif_seq_show,
214};
215
216static int ip6mr_vif_open(struct inode *inode, struct file *file)
217{
218 return seq_open_private(file, &ip6mr_vif_seq_ops,
219 sizeof(struct ipmr_vif_iter));
220}
221
222static struct file_operations ip6mr_vif_fops = {
223 .owner = THIS_MODULE,
224 .open = ip6mr_vif_open,
225 .read = seq_read,
226 .llseek = seq_lseek,
227 .release = seq_release,
228};
229
230static void *ipmr_mfc_seq_start(struct seq_file *seq, loff_t *pos)
231{
232 return (*pos ? ipmr_mfc_seq_idx(seq->private, *pos - 1)
233 : SEQ_START_TOKEN);
234}
235
236static void *ipmr_mfc_seq_next(struct seq_file *seq, void *v, loff_t *pos)
237{
238 struct mfc6_cache *mfc = v;
239 struct ipmr_mfc_iter *it = seq->private;
240
241 ++*pos;
242
243 if (v == SEQ_START_TOKEN)
244 return ipmr_mfc_seq_idx(seq->private, 0);
245
246 if (mfc->next)
247 return mfc->next;
248
249 if (it->cache == &mfc_unres_queue)
250 goto end_of_list;
251
252 BUG_ON(it->cache != mfc6_cache_array);
253
254 while (++it->ct < ARRAY_SIZE(mfc6_cache_array)) {
255 mfc = mfc6_cache_array[it->ct];
256 if (mfc)
257 return mfc;
258 }
259
260 /* exhausted cache_array, show unresolved */
261 read_unlock(&mrt_lock);
262 it->cache = &mfc_unres_queue;
263 it->ct = 0;
264
265 spin_lock_bh(&mfc_unres_lock);
266 mfc = mfc_unres_queue;
267 if (mfc)
268 return mfc;
269
270 end_of_list:
271 spin_unlock_bh(&mfc_unres_lock);
272 it->cache = NULL;
273
274 return NULL;
275}
276
277static void ipmr_mfc_seq_stop(struct seq_file *seq, void *v)
278{
279 struct ipmr_mfc_iter *it = seq->private;
280
281 if (it->cache == &mfc_unres_queue)
282 spin_unlock_bh(&mfc_unres_lock);
283 else if (it->cache == mfc6_cache_array)
284 read_unlock(&mrt_lock);
285}
286
287static int ipmr_mfc_seq_show(struct seq_file *seq, void *v)
288{
289 int n;
290
291 if (v == SEQ_START_TOKEN) {
292 seq_puts(seq,
293 "Group "
294 "Origin "
295 "Iif Pkts Bytes Wrong Oifs\n");
296 } else {
297 const struct mfc6_cache *mfc = v;
298 const struct ipmr_mfc_iter *it = seq->private;
299
300 seq_printf(seq,
301 NIP6_FMT " " NIP6_FMT " %-3d %8ld %8ld %8ld",
302 NIP6(mfc->mf6c_mcastgrp), NIP6(mfc->mf6c_origin),
303 mfc->mf6c_parent,
304 mfc->mfc_un.res.pkt,
305 mfc->mfc_un.res.bytes,
306 mfc->mfc_un.res.wrong_if);
307
308 if (it->cache != &mfc_unres_queue) {
309 for (n = mfc->mfc_un.res.minvif;
310 n < mfc->mfc_un.res.maxvif; n++) {
311 if (MIF_EXISTS(n) &&
312 mfc->mfc_un.res.ttls[n] < 255)
313 seq_printf(seq,
314 " %2d:%-3d",
315 n, mfc->mfc_un.res.ttls[n]);
316 }
317 }
318 seq_putc(seq, '\n');
319 }
320 return 0;
321}
322
323static struct seq_operations ipmr_mfc_seq_ops = {
324 .start = ipmr_mfc_seq_start,
325 .next = ipmr_mfc_seq_next,
326 .stop = ipmr_mfc_seq_stop,
327 .show = ipmr_mfc_seq_show,
328};
329
330static int ipmr_mfc_open(struct inode *inode, struct file *file)
331{
332 return seq_open_private(file, &ipmr_mfc_seq_ops,
333 sizeof(struct ipmr_mfc_iter));
334}
335
336static struct file_operations ip6mr_mfc_fops = {
337 .owner = THIS_MODULE,
338 .open = ipmr_mfc_open,
339 .read = seq_read,
340 .llseek = seq_lseek,
341 .release = seq_release,
342};
343#endif
344
345#ifdef CONFIG_IPV6_PIMSM_V2
346static int reg_vif_num = -1;
347
348static int pim6_rcv(struct sk_buff *skb)
349{
350 struct pimreghdr *pim;
351 struct ipv6hdr *encap;
352 struct net_device *reg_dev = NULL;
353
354 if (!pskb_may_pull(skb, sizeof(*pim) + sizeof(*encap)))
355 goto drop;
356
357 pim = (struct pimreghdr *)skb_transport_header(skb);
358 if (pim->type != ((PIM_VERSION << 4) | PIM_REGISTER) ||
359 (pim->flags & PIM_NULL_REGISTER) ||
360 (ip_compute_csum((void *)pim, sizeof(*pim)) != 0 &&
361 (u16)csum_fold(skb_checksum(skb, 0, skb->len, 0))))
362 goto drop;
363
364 /* check if the inner packet is destined to mcast group */
365 encap = (struct ipv6hdr *)(skb_transport_header(skb) +
366 sizeof(*pim));
367
368 if (!ipv6_addr_is_multicast(&encap->daddr) ||
369 encap->payload_len == 0 ||
370 ntohs(encap->payload_len) + sizeof(*pim) > skb->len)
371 goto drop;
372
373 read_lock(&mrt_lock);
374 if (reg_vif_num >= 0)
375 reg_dev = vif6_table[reg_vif_num].dev;
376 if (reg_dev)
377 dev_hold(reg_dev);
378 read_unlock(&mrt_lock);
379
380 if (reg_dev == NULL)
381 goto drop;
382
383 skb->mac_header = skb->network_header;
384 skb_pull(skb, (u8 *)encap - skb->data);
385 skb_reset_network_header(skb);
386 skb->dev = reg_dev;
387 skb->protocol = htons(ETH_P_IP);
388 skb->ip_summed = 0;
389 skb->pkt_type = PACKET_HOST;
390 dst_release(skb->dst);
391 ((struct net_device_stats *)netdev_priv(reg_dev))->rx_bytes += skb->len;
392 ((struct net_device_stats *)netdev_priv(reg_dev))->rx_packets++;
393 skb->dst = NULL;
394 nf_reset(skb);
395 netif_rx(skb);
396 dev_put(reg_dev);
397 return 0;
398 drop:
399 kfree_skb(skb);
400 return 0;
401}
402
403static struct inet6_protocol pim6_protocol = {
404 .handler = pim6_rcv,
405};
406
407/* Service routines creating virtual interfaces: PIMREG */
408
409static int reg_vif_xmit(struct sk_buff *skb, struct net_device *dev)
410{
411 read_lock(&mrt_lock);
412 ((struct net_device_stats *)netdev_priv(dev))->tx_bytes += skb->len;
413 ((struct net_device_stats *)netdev_priv(dev))->tx_packets++;
414 ip6mr_cache_report(skb, reg_vif_num, MRT6MSG_WHOLEPKT);
415 read_unlock(&mrt_lock);
416 kfree_skb(skb);
417 return 0;
418}
419
420static struct net_device_stats *reg_vif_get_stats(struct net_device *dev)
421{
422 return (struct net_device_stats *)netdev_priv(dev);
423}
424
425static void reg_vif_setup(struct net_device *dev)
426{
427 dev->type = ARPHRD_PIMREG;
428 dev->mtu = 1500 - sizeof(struct ipv6hdr) - 8;
429 dev->flags = IFF_NOARP;
430 dev->hard_start_xmit = reg_vif_xmit;
431 dev->get_stats = reg_vif_get_stats;
432 dev->destructor = free_netdev;
433}
434
435static struct net_device *ip6mr_reg_vif(void)
436{
437 struct net_device *dev;
438
439 dev = alloc_netdev(sizeof(struct net_device_stats), "pim6reg",
440 reg_vif_setup);
441
442 if (dev == NULL)
443 return NULL;
444
445 if (register_netdevice(dev)) {
446 free_netdev(dev);
447 return NULL;
448 }
449 dev->iflink = 0;
450
451 if (dev_open(dev))
452 goto failure;
453
454 return dev;
455
456failure:
457 /* allow the register to be completed before unregistering. */
458 rtnl_unlock();
459 rtnl_lock();
460
461 unregister_netdevice(dev);
462 return NULL;
463}
464#endif
465
466/*
467 * Delete a VIF entry
468 */
469
470static int mif6_delete(int vifi)
471{
472 struct mif_device *v;
473 struct net_device *dev;
474 if (vifi < 0 || vifi >= maxvif)
475 return -EADDRNOTAVAIL;
476
477 v = &vif6_table[vifi];
478
479 write_lock_bh(&mrt_lock);
480 dev = v->dev;
481 v->dev = NULL;
482
483 if (!dev) {
484 write_unlock_bh(&mrt_lock);
485 return -EADDRNOTAVAIL;
486 }
487
488#ifdef CONFIG_IPV6_PIMSM_V2
489 if (vifi == reg_vif_num)
490 reg_vif_num = -1;
491#endif
492
493 if (vifi + 1 == maxvif) {
494 int tmp;
495 for (tmp = vifi - 1; tmp >= 0; tmp--) {
496 if (MIF_EXISTS(tmp))
497 break;
498 }
499 maxvif = tmp + 1;
500 }
501
502 write_unlock_bh(&mrt_lock);
503
504 dev_set_allmulti(dev, -1);
505
506 if (v->flags & MIFF_REGISTER)
507 unregister_netdevice(dev);
508
509 dev_put(dev);
510 return 0;
511}
512
513/* Destroy an unresolved cache entry, killing queued skbs
514 and reporting error to netlink readers.
515 */
516
517static void ip6mr_destroy_unres(struct mfc6_cache *c)
518{
519 struct sk_buff *skb;
520
521 atomic_dec(&cache_resolve_queue_len);
522
523 while((skb = skb_dequeue(&c->mfc_un.unres.unresolved)) != NULL) {
524 if (ipv6_hdr(skb)->version == 0) {
525 struct nlmsghdr *nlh = (struct nlmsghdr *)skb_pull(skb, sizeof(struct ipv6hdr));
526 nlh->nlmsg_type = NLMSG_ERROR;
527 nlh->nlmsg_len = NLMSG_LENGTH(sizeof(struct nlmsgerr));
528 skb_trim(skb, nlh->nlmsg_len);
529 ((struct nlmsgerr *)NLMSG_DATA(nlh))->error = -ETIMEDOUT;
530 rtnl_unicast(skb, &init_net, NETLINK_CB(skb).pid);
531 } else
532 kfree_skb(skb);
533 }
534
535 kmem_cache_free(mrt_cachep, c);
536}
537
538
539/* Single timer process for all the unresolved queue. */
540
541static void ipmr_do_expire_process(unsigned long dummy)
542{
543 unsigned long now = jiffies;
544 unsigned long expires = 10 * HZ;
545 struct mfc6_cache *c, **cp;
546
547 cp = &mfc_unres_queue;
548
549 while ((c = *cp) != NULL) {
550 if (time_after(c->mfc_un.unres.expires, now)) {
551 /* not yet... */
552 unsigned long interval = c->mfc_un.unres.expires - now;
553 if (interval < expires)
554 expires = interval;
555 cp = &c->next;
556 continue;
557 }
558
559 *cp = c->next;
560 ip6mr_destroy_unres(c);
561 }
562
563 if (atomic_read(&cache_resolve_queue_len))
564 mod_timer(&ipmr_expire_timer, jiffies + expires);
565}
566
567static void ipmr_expire_process(unsigned long dummy)
568{
569 if (!spin_trylock(&mfc_unres_lock)) {
570 mod_timer(&ipmr_expire_timer, jiffies + 1);
571 return;
572 }
573
574 if (atomic_read(&cache_resolve_queue_len))
575 ipmr_do_expire_process(dummy);
576
577 spin_unlock(&mfc_unres_lock);
578}
579
580/* Fill oifs list. It is called under write locked mrt_lock. */
581
582static void ip6mr_update_thresholds(struct mfc6_cache *cache, unsigned char *ttls)
583{
584 int vifi;
585
586 cache->mfc_un.res.minvif = MAXMIFS;
587 cache->mfc_un.res.maxvif = 0;
588 memset(cache->mfc_un.res.ttls, 255, MAXMIFS);
589
590 for (vifi = 0; vifi < maxvif; vifi++) {
591 if (MIF_EXISTS(vifi) && ttls[vifi] && ttls[vifi] < 255) {
592 cache->mfc_un.res.ttls[vifi] = ttls[vifi];
593 if (cache->mfc_un.res.minvif > vifi)
594 cache->mfc_un.res.minvif = vifi;
595 if (cache->mfc_un.res.maxvif <= vifi)
596 cache->mfc_un.res.maxvif = vifi + 1;
597 }
598 }
599}
600
601static int mif6_add(struct mif6ctl *vifc, int mrtsock)
602{
603 int vifi = vifc->mif6c_mifi;
604 struct mif_device *v = &vif6_table[vifi];
605 struct net_device *dev;
606
607 /* Is vif busy ? */
608 if (MIF_EXISTS(vifi))
609 return -EADDRINUSE;
610
611 switch (vifc->mif6c_flags) {
612#ifdef CONFIG_IPV6_PIMSM_V2
613 case MIFF_REGISTER:
614 /*
615 * Special Purpose VIF in PIM
616 * All the packets will be sent to the daemon
617 */
618 if (reg_vif_num >= 0)
619 return -EADDRINUSE;
620 dev = ip6mr_reg_vif();
621 if (!dev)
622 return -ENOBUFS;
623 break;
624#endif
625 case 0:
626 dev = dev_get_by_index(&init_net, vifc->mif6c_pifi);
627 if (!dev)
628 return -EADDRNOTAVAIL;
629 dev_put(dev);
630 break;
631 default:
632 return -EINVAL;
633 }
634
635 dev_set_allmulti(dev, 1);
636
637 /*
638 * Fill in the VIF structures
639 */
640 v->rate_limit = vifc->vifc_rate_limit;
641 v->flags = vifc->mif6c_flags;
642 if (!mrtsock)
643 v->flags |= VIFF_STATIC;
644 v->threshold = vifc->vifc_threshold;
645 v->bytes_in = 0;
646 v->bytes_out = 0;
647 v->pkt_in = 0;
648 v->pkt_out = 0;
649 v->link = dev->ifindex;
650 if (v->flags & MIFF_REGISTER)
651 v->link = dev->iflink;
652
653 /* And finish update writing critical data */
654 write_lock_bh(&mrt_lock);
655 dev_hold(dev);
656 v->dev = dev;
657#ifdef CONFIG_IPV6_PIMSM_V2
658 if (v->flags & MIFF_REGISTER)
659 reg_vif_num = vifi;
660#endif
661 if (vifi + 1 > maxvif)
662 maxvif = vifi + 1;
663 write_unlock_bh(&mrt_lock);
664 return 0;
665}
666
667static struct mfc6_cache *ip6mr_cache_find(struct in6_addr *origin, struct in6_addr *mcastgrp)
668{
669 int line = MFC6_HASH(mcastgrp, origin);
670 struct mfc6_cache *c;
671
672 for (c = mfc6_cache_array[line]; c; c = c->next) {
673 if (ipv6_addr_equal(&c->mf6c_origin, origin) &&
674 ipv6_addr_equal(&c->mf6c_mcastgrp, mcastgrp))
675 break;
676 }
677 return c;
678}
679
680/*
681 * Allocate a multicast cache entry
682 */
683static struct mfc6_cache *ip6mr_cache_alloc(void)
684{
685 struct mfc6_cache *c = kmem_cache_alloc(mrt_cachep, GFP_KERNEL);
686 if (c == NULL)
687 return NULL;
688 memset(c, 0, sizeof(*c));
689 c->mfc_un.res.minvif = MAXMIFS;
690 return c;
691}
692
693static struct mfc6_cache *ip6mr_cache_alloc_unres(void)
694{
695 struct mfc6_cache *c = kmem_cache_alloc(mrt_cachep, GFP_ATOMIC);
696 if (c == NULL)
697 return NULL;
698 memset(c, 0, sizeof(*c));
699 skb_queue_head_init(&c->mfc_un.unres.unresolved);
700 c->mfc_un.unres.expires = jiffies + 10 * HZ;
701 return c;
702}
703
704/*
705 * A cache entry has gone into a resolved state from queued
706 */
707
708static void ip6mr_cache_resolve(struct mfc6_cache *uc, struct mfc6_cache *c)
709{
710 struct sk_buff *skb;
711
712 /*
713 * Play the pending entries through our router
714 */
715
716 while((skb = __skb_dequeue(&uc->mfc_un.unres.unresolved))) {
717 if (ipv6_hdr(skb)->version == 0) {
718 int err;
719 struct nlmsghdr *nlh = (struct nlmsghdr *)skb_pull(skb, sizeof(struct ipv6hdr));
720
721 if (ip6mr_fill_mroute(skb, c, NLMSG_DATA(nlh)) > 0) {
722 nlh->nlmsg_len = skb_tail_pointer(skb) - (u8 *)nlh;
723 } else {
724 nlh->nlmsg_type = NLMSG_ERROR;
725 nlh->nlmsg_len = NLMSG_LENGTH(sizeof(struct nlmsgerr));
726 skb_trim(skb, nlh->nlmsg_len);
727 ((struct nlmsgerr *)NLMSG_DATA(nlh))->error = -EMSGSIZE;
728 }
729 err = rtnl_unicast(skb, &init_net, NETLINK_CB(skb).pid);
730 } else
731 ip6_mr_forward(skb, c);
732 }
733}
734
735/*
736 * Bounce a cache query up to pim6sd. We could use netlink for this but pim6sd
737 * expects the following bizarre scheme.
738 *
739 * Called under mrt_lock.
740 */
741
742static int ip6mr_cache_report(struct sk_buff *pkt, mifi_t mifi, int assert)
743{
744 struct sk_buff *skb;
745 struct mrt6msg *msg;
746 int ret;
747
748#ifdef CONFIG_IPV6_PIMSM_V2
749 if (assert == MRT6MSG_WHOLEPKT)
750 skb = skb_realloc_headroom(pkt, -skb_network_offset(pkt)
751 +sizeof(*msg));
752 else
753#endif
754 skb = alloc_skb(sizeof(struct ipv6hdr) + sizeof(*msg), GFP_ATOMIC);
755
756 if (!skb)
757 return -ENOBUFS;
758
759 /* I suppose that internal messages
760 * do not require checksums */
761
762 skb->ip_summed = CHECKSUM_UNNECESSARY;
763
764#ifdef CONFIG_IPV6_PIMSM_V2
765 if (assert == MRT6MSG_WHOLEPKT) {
766 /* Ugly, but we have no choice with this interface.
767 Duplicate old header, fix length etc.
768 And all this only to mangle msg->im6_msgtype and
769 to set msg->im6_mbz to "mbz" :-)
770 */
771 skb_push(skb, -skb_network_offset(pkt));
772
773 skb_push(skb, sizeof(*msg));
774 skb_reset_transport_header(skb);
775 msg = (struct mrt6msg *)skb_transport_header(skb);
776 msg->im6_mbz = 0;
777 msg->im6_msgtype = MRT6MSG_WHOLEPKT;
778 msg->im6_mif = reg_vif_num;
779 msg->im6_pad = 0;
780 ipv6_addr_copy(&msg->im6_src, &ipv6_hdr(pkt)->saddr);
781 ipv6_addr_copy(&msg->im6_dst, &ipv6_hdr(pkt)->daddr);
782
783 skb->ip_summed = CHECKSUM_UNNECESSARY;
784 } else
785#endif
786 {
787 /*
788 * Copy the IP header
789 */
790
791 skb_put(skb, sizeof(struct ipv6hdr));
792 skb_reset_network_header(skb);
793 skb_copy_to_linear_data(skb, ipv6_hdr(pkt), sizeof(struct ipv6hdr));
794
795 /*
796 * Add our header
797 */
798 skb_put(skb, sizeof(*msg));
799 skb_reset_transport_header(skb);
800 msg = (struct mrt6msg *)skb_transport_header(skb);
801
802 msg->im6_mbz = 0;
803 msg->im6_msgtype = assert;
804 msg->im6_mif = mifi;
805 msg->im6_pad = 0;
806 ipv6_addr_copy(&msg->im6_src, &ipv6_hdr(pkt)->saddr);
807 ipv6_addr_copy(&msg->im6_dst, &ipv6_hdr(pkt)->daddr);
808
809 skb->dst = dst_clone(pkt->dst);
810 skb->ip_summed = CHECKSUM_UNNECESSARY;
811
812 skb_pull(skb, sizeof(struct ipv6hdr));
813 }
814
815 if (mroute6_socket == NULL) {
816 kfree_skb(skb);
817 return -EINVAL;
818 }
819
820 /*
821 * Deliver to user space multicast routing algorithms
822 */
823 if ((ret = sock_queue_rcv_skb(mroute6_socket, skb)) < 0) {
824 if (net_ratelimit())
825 printk(KERN_WARNING "mroute6: pending queue full, dropping entries.\n");
826 kfree_skb(skb);
827 }
828
829 return ret;
830}
831
832/*
833 * Queue a packet for resolution. It gets locked cache entry!
834 */
835
836static int
837ip6mr_cache_unresolved(mifi_t mifi, struct sk_buff *skb)
838{
839 int err;
840 struct mfc6_cache *c;
841
842 spin_lock_bh(&mfc_unres_lock);
843 for (c = mfc_unres_queue; c; c = c->next) {
844 if (ipv6_addr_equal(&c->mf6c_mcastgrp, &ipv6_hdr(skb)->daddr) &&
845 ipv6_addr_equal(&c->mf6c_origin, &ipv6_hdr(skb)->saddr))
846 break;
847 }
848
849 if (c == NULL) {
850 /*
851 * Create a new entry if allowable
852 */
853
854 if (atomic_read(&cache_resolve_queue_len) >= 10 ||
855 (c = ip6mr_cache_alloc_unres()) == NULL) {
856 spin_unlock_bh(&mfc_unres_lock);
857
858 kfree_skb(skb);
859 return -ENOBUFS;
860 }
861
862 /*
863 * Fill in the new cache entry
864 */
865 c->mf6c_parent = -1;
866 c->mf6c_origin = ipv6_hdr(skb)->saddr;
867 c->mf6c_mcastgrp = ipv6_hdr(skb)->daddr;
868
869 /*
870 * Reflect first query at pim6sd
871 */
872 if ((err = ip6mr_cache_report(skb, mifi, MRT6MSG_NOCACHE)) < 0) {
873 /* If the report failed throw the cache entry
874 out - Brad Parker
875 */
876 spin_unlock_bh(&mfc_unres_lock);
877
878 kmem_cache_free(mrt_cachep, c);
879 kfree_skb(skb);
880 return err;
881 }
882
883 atomic_inc(&cache_resolve_queue_len);
884 c->next = mfc_unres_queue;
885 mfc_unres_queue = c;
886
887 ipmr_do_expire_process(1);
888 }
889
890 /*
891 * See if we can append the packet
892 */
893 if (c->mfc_un.unres.unresolved.qlen > 3) {
894 kfree_skb(skb);
895 err = -ENOBUFS;
896 } else {
897 skb_queue_tail(&c->mfc_un.unres.unresolved, skb);
898 err = 0;
899 }
900
901 spin_unlock_bh(&mfc_unres_lock);
902 return err;
903}
904
905/*
906 * MFC6 cache manipulation by user space
907 */
908
909static int ip6mr_mfc_delete(struct mf6cctl *mfc)
910{
911 int line;
912 struct mfc6_cache *c, **cp;
913
914 line = MFC6_HASH(&mfc->mf6cc_mcastgrp.sin6_addr, &mfc->mf6cc_origin.sin6_addr);
915
916 for (cp = &mfc6_cache_array[line]; (c = *cp) != NULL; cp = &c->next) {
917 if (ipv6_addr_equal(&c->mf6c_origin, &mfc->mf6cc_origin.sin6_addr) &&
918 ipv6_addr_equal(&c->mf6c_mcastgrp, &mfc->mf6cc_mcastgrp.sin6_addr)) {
919 write_lock_bh(&mrt_lock);
920 *cp = c->next;
921 write_unlock_bh(&mrt_lock);
922
923 kmem_cache_free(mrt_cachep, c);
924 return 0;
925 }
926 }
927 return -ENOENT;
928}
929
930static int ip6mr_device_event(struct notifier_block *this,
931 unsigned long event, void *ptr)
932{
933 struct net_device *dev = ptr;
934 struct mif_device *v;
935 int ct;
936
937 if (dev_net(dev) != &init_net)
938 return NOTIFY_DONE;
939
940 if (event != NETDEV_UNREGISTER)
941 return NOTIFY_DONE;
942
943 v = &vif6_table[0];
944 for (ct = 0; ct < maxvif; ct++, v++) {
945 if (v->dev == dev)
946 mif6_delete(ct);
947 }
948 return NOTIFY_DONE;
949}
950
951static struct notifier_block ip6_mr_notifier = {
952 .notifier_call = ip6mr_device_event
953};
954
955/*
956 * Setup for IP multicast routing
957 */
958
959void __init ip6_mr_init(void)
960{
961 mrt_cachep = kmem_cache_create("ip6_mrt_cache",
962 sizeof(struct mfc6_cache),
963 0, SLAB_HWCACHE_ALIGN,
964 NULL);
965 if (!mrt_cachep)
966 panic("cannot allocate ip6_mrt_cache");
967
968 setup_timer(&ipmr_expire_timer, ipmr_expire_process, 0);
969 register_netdevice_notifier(&ip6_mr_notifier);
970#ifdef CONFIG_PROC_FS
971 proc_net_fops_create(&init_net, "ip6_mr_vif", 0, &ip6mr_vif_fops);
972 proc_net_fops_create(&init_net, "ip6_mr_cache", 0, &ip6mr_mfc_fops);
973#endif
974}
975
976
977static int ip6mr_mfc_add(struct mf6cctl *mfc, int mrtsock)
978{
979 int line;
980 struct mfc6_cache *uc, *c, **cp;
981 unsigned char ttls[MAXMIFS];
982 int i;
983
984 memset(ttls, 255, MAXMIFS);
985 for (i = 0; i < MAXMIFS; i++) {
986 if (IF_ISSET(i, &mfc->mf6cc_ifset))
987 ttls[i] = 1;
988
989 }
990
991 line = MFC6_HASH(&mfc->mf6cc_mcastgrp.sin6_addr, &mfc->mf6cc_origin.sin6_addr);
992
993 for (cp = &mfc6_cache_array[line]; (c = *cp) != NULL; cp = &c->next) {
994 if (ipv6_addr_equal(&c->mf6c_origin, &mfc->mf6cc_origin.sin6_addr) &&
995 ipv6_addr_equal(&c->mf6c_mcastgrp, &mfc->mf6cc_mcastgrp.sin6_addr))
996 break;
997 }
998
999 if (c != NULL) {
1000 write_lock_bh(&mrt_lock);
1001 c->mf6c_parent = mfc->mf6cc_parent;
1002 ip6mr_update_thresholds(c, ttls);
1003 if (!mrtsock)
1004 c->mfc_flags |= MFC_STATIC;
1005 write_unlock_bh(&mrt_lock);
1006 return 0;
1007 }
1008
1009 if (!ipv6_addr_is_multicast(&mfc->mf6cc_mcastgrp.sin6_addr))
1010 return -EINVAL;
1011
1012 c = ip6mr_cache_alloc();
1013 if (c == NULL)
1014 return -ENOMEM;
1015
1016 c->mf6c_origin = mfc->mf6cc_origin.sin6_addr;
1017 c->mf6c_mcastgrp = mfc->mf6cc_mcastgrp.sin6_addr;
1018 c->mf6c_parent = mfc->mf6cc_parent;
1019 ip6mr_update_thresholds(c, ttls);
1020 if (!mrtsock)
1021 c->mfc_flags |= MFC_STATIC;
1022
1023 write_lock_bh(&mrt_lock);
1024 c->next = mfc6_cache_array[line];
1025 mfc6_cache_array[line] = c;
1026 write_unlock_bh(&mrt_lock);
1027
1028 /*
1029 * Check to see if we resolved a queued list. If so we
1030 * need to send on the frames and tidy up.
1031 */
1032 spin_lock_bh(&mfc_unres_lock);
1033 for (cp = &mfc_unres_queue; (uc = *cp) != NULL;
1034 cp = &uc->next) {
1035 if (ipv6_addr_equal(&uc->mf6c_origin, &c->mf6c_origin) &&
1036 ipv6_addr_equal(&uc->mf6c_mcastgrp, &c->mf6c_mcastgrp)) {
1037 *cp = uc->next;
1038 if (atomic_dec_and_test(&cache_resolve_queue_len))
1039 del_timer(&ipmr_expire_timer);
1040 break;
1041 }
1042 }
1043 spin_unlock_bh(&mfc_unres_lock);
1044
1045 if (uc) {
1046 ip6mr_cache_resolve(uc, c);
1047 kmem_cache_free(mrt_cachep, uc);
1048 }
1049 return 0;
1050}
1051
1052/*
1053 * Close the multicast socket, and clear the vif tables etc
1054 */
1055
1056static void mroute_clean_tables(struct sock *sk)
1057{
1058 int i;
1059
1060 /*
1061 * Shut down all active vif entries
1062 */
1063 for (i = 0; i < maxvif; i++) {
1064 if (!(vif6_table[i].flags & VIFF_STATIC))
1065 mif6_delete(i);
1066 }
1067
1068 /*
1069 * Wipe the cache
1070 */
1071 for (i = 0; i < ARRAY_SIZE(mfc6_cache_array); i++) {
1072 struct mfc6_cache *c, **cp;
1073
1074 cp = &mfc6_cache_array[i];
1075 while ((c = *cp) != NULL) {
1076 if (c->mfc_flags & MFC_STATIC) {
1077 cp = &c->next;
1078 continue;
1079 }
1080 write_lock_bh(&mrt_lock);
1081 *cp = c->next;
1082 write_unlock_bh(&mrt_lock);
1083
1084 kmem_cache_free(mrt_cachep, c);
1085 }
1086 }
1087
1088 if (atomic_read(&cache_resolve_queue_len) != 0) {
1089 struct mfc6_cache *c;
1090
1091 spin_lock_bh(&mfc_unres_lock);
1092 while (mfc_unres_queue != NULL) {
1093 c = mfc_unres_queue;
1094 mfc_unres_queue = c->next;
1095 spin_unlock_bh(&mfc_unres_lock);
1096
1097 ip6mr_destroy_unres(c);
1098
1099 spin_lock_bh(&mfc_unres_lock);
1100 }
1101 spin_unlock_bh(&mfc_unres_lock);
1102 }
1103}
1104
1105static int ip6mr_sk_init(struct sock *sk)
1106{
1107 int err = 0;
1108
1109 rtnl_lock();
1110 write_lock_bh(&mrt_lock);
1111 if (likely(mroute6_socket == NULL))
1112 mroute6_socket = sk;
1113 else
1114 err = -EADDRINUSE;
1115 write_unlock_bh(&mrt_lock);
1116
1117 rtnl_unlock();
1118
1119 return err;
1120}
1121
1122int ip6mr_sk_done(struct sock *sk)
1123{
1124 int err = 0;
1125
1126 rtnl_lock();
1127 if (sk == mroute6_socket) {
1128 write_lock_bh(&mrt_lock);
1129 mroute6_socket = NULL;
1130 write_unlock_bh(&mrt_lock);
1131
1132 mroute_clean_tables(sk);
1133 } else
1134 err = -EACCES;
1135 rtnl_unlock();
1136
1137 return err;
1138}
1139
1140/*
1141 * Socket options and virtual interface manipulation. The whole
1142 * virtual interface system is a complete heap, but unfortunately
1143 * that's how BSD mrouted happens to think. Maybe one day with a proper
1144 * MOSPF/PIM router set up we can clean this up.
1145 */
1146
1147int ip6_mroute_setsockopt(struct sock *sk, int optname, char __user *optval, int optlen)
1148{
1149 int ret;
1150 struct mif6ctl vif;
1151 struct mf6cctl mfc;
1152 mifi_t mifi;
1153
1154 if (optname != MRT6_INIT) {
1155 if (sk != mroute6_socket && !capable(CAP_NET_ADMIN))
1156 return -EACCES;
1157 }
1158
1159 switch (optname) {
1160 case MRT6_INIT:
1161 if (sk->sk_type != SOCK_RAW ||
1162 inet_sk(sk)->num != IPPROTO_ICMPV6)
1163 return -EOPNOTSUPP;
1164 if (optlen < sizeof(int))
1165 return -EINVAL;
1166
1167 return ip6mr_sk_init(sk);
1168
1169 case MRT6_DONE:
1170 return ip6mr_sk_done(sk);
1171
1172 case MRT6_ADD_MIF:
1173 if (optlen < sizeof(vif))
1174 return -EINVAL;
1175 if (copy_from_user(&vif, optval, sizeof(vif)))
1176 return -EFAULT;
1177 if (vif.mif6c_mifi >= MAXMIFS)
1178 return -ENFILE;
1179 rtnl_lock();
1180 ret = mif6_add(&vif, sk == mroute6_socket);
1181 rtnl_unlock();
1182 return ret;
1183
1184 case MRT6_DEL_MIF:
1185 if (optlen < sizeof(mifi_t))
1186 return -EINVAL;
1187 if (copy_from_user(&mifi, optval, sizeof(mifi_t)))
1188 return -EFAULT;
1189 rtnl_lock();
1190 ret = mif6_delete(mifi);
1191 rtnl_unlock();
1192 return ret;
1193
1194 /*
1195 * Manipulate the forwarding caches. These live
1196 * in a sort of kernel/user symbiosis.
1197 */
1198 case MRT6_ADD_MFC:
1199 case MRT6_DEL_MFC:
1200 if (optlen < sizeof(mfc))
1201 return -EINVAL;
1202 if (copy_from_user(&mfc, optval, sizeof(mfc)))
1203 return -EFAULT;
1204 rtnl_lock();
1205 if (optname == MRT6_DEL_MFC)
1206 ret = ip6mr_mfc_delete(&mfc);
1207 else
1208 ret = ip6mr_mfc_add(&mfc, sk == mroute6_socket);
1209 rtnl_unlock();
1210 return ret;
1211
1212 /*
1213 * Control PIM assert (to activate pim will activate assert)
1214 */
1215 case MRT6_ASSERT:
1216 {
1217 int v;
1218 if (get_user(v, (int __user *)optval))
1219 return -EFAULT;
1220 mroute_do_assert = !!v;
1221 return 0;
1222 }
1223
1224#ifdef CONFIG_IPV6_PIMSM_V2
1225 case MRT6_PIM:
1226 {
1227 int v;
1228 if (get_user(v, (int __user *)optval))
1229 return -EFAULT;
1230 v = !!v;
1231 rtnl_lock();
1232 ret = 0;
1233 if (v != mroute_do_pim) {
1234 mroute_do_pim = v;
1235 mroute_do_assert = v;
1236 if (mroute_do_pim)
1237 ret = inet6_add_protocol(&pim6_protocol,
1238 IPPROTO_PIM);
1239 else
1240 ret = inet6_del_protocol(&pim6_protocol,
1241 IPPROTO_PIM);
1242 if (ret < 0)
1243 ret = -EAGAIN;
1244 }
1245 rtnl_unlock();
1246 return ret;
1247 }
1248
1249#endif
1250 /*
1251 * Spurious command, or MRT_VERSION which you cannot
1252 * set.
1253 */
1254 default:
1255 return -ENOPROTOOPT;
1256 }
1257}
1258
1259/*
1260 * Getsock opt support for the multicast routing system.
1261 */
1262
1263int ip6_mroute_getsockopt(struct sock *sk, int optname, char __user *optval,
1264 int __user *optlen)
1265{
1266 int olr;
1267 int val;
1268
1269 switch (optname) {
1270 case MRT6_VERSION:
1271 val = 0x0305;
1272 break;
1273#ifdef CONFIG_IPV6_PIMSM_V2
1274 case MRT6_PIM:
1275 val = mroute_do_pim;
1276 break;
1277#endif
1278 case MRT6_ASSERT:
1279 val = mroute_do_assert;
1280 break;
1281 default:
1282 return -ENOPROTOOPT;
1283 }
1284
1285 if (get_user(olr, optlen))
1286 return -EFAULT;
1287
1288 olr = min_t(int, olr, sizeof(int));
1289 if (olr < 0)
1290 return -EINVAL;
1291
1292 if (put_user(olr, optlen))
1293 return -EFAULT;
1294 if (copy_to_user(optval, &val, olr))
1295 return -EFAULT;
1296 return 0;
1297}
1298
1299/*
1300 * The IP multicast ioctl support routines.
1301 */
1302
1303int ip6mr_ioctl(struct sock *sk, int cmd, void __user *arg)
1304{
1305 struct sioc_sg_req6 sr;
1306 struct sioc_mif_req6 vr;
1307 struct mif_device *vif;
1308 struct mfc6_cache *c;
1309
1310 switch (cmd) {
1311 case SIOCGETMIFCNT_IN6:
1312 if (copy_from_user(&vr, arg, sizeof(vr)))
1313 return -EFAULT;
1314 if (vr.mifi >= maxvif)
1315 return -EINVAL;
1316 read_lock(&mrt_lock);
1317 vif = &vif6_table[vr.mifi];
1318 if (MIF_EXISTS(vr.mifi)) {
1319 vr.icount = vif->pkt_in;
1320 vr.ocount = vif->pkt_out;
1321 vr.ibytes = vif->bytes_in;
1322 vr.obytes = vif->bytes_out;
1323 read_unlock(&mrt_lock);
1324
1325 if (copy_to_user(arg, &vr, sizeof(vr)))
1326 return -EFAULT;
1327 return 0;
1328 }
1329 read_unlock(&mrt_lock);
1330 return -EADDRNOTAVAIL;
1331 case SIOCGETSGCNT_IN6:
1332 if (copy_from_user(&sr, arg, sizeof(sr)))
1333 return -EFAULT;
1334
1335 read_lock(&mrt_lock);
1336 c = ip6mr_cache_find(&sr.src.sin6_addr, &sr.grp.sin6_addr);
1337 if (c) {
1338 sr.pktcnt = c->mfc_un.res.pkt;
1339 sr.bytecnt = c->mfc_un.res.bytes;
1340 sr.wrong_if = c->mfc_un.res.wrong_if;
1341 read_unlock(&mrt_lock);
1342
1343 if (copy_to_user(arg, &sr, sizeof(sr)))
1344 return -EFAULT;
1345 return 0;
1346 }
1347 read_unlock(&mrt_lock);
1348 return -EADDRNOTAVAIL;
1349 default:
1350 return -ENOIOCTLCMD;
1351 }
1352}
1353
1354
1355static inline int ip6mr_forward2_finish(struct sk_buff *skb)
1356{
1357 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst), IPSTATS_MIB_OUTFORWDATAGRAMS);
1358 return dst_output(skb);
1359}
1360
1361/*
1362 * Processing handlers for ip6mr_forward
1363 */
1364
1365static int ip6mr_forward2(struct sk_buff *skb, struct mfc6_cache *c, int vifi)
1366{
1367 struct ipv6hdr *ipv6h;
1368 struct mif_device *vif = &vif6_table[vifi];
1369 struct net_device *dev;
1370 struct dst_entry *dst;
1371 struct flowi fl;
1372
1373 if (vif->dev == NULL)
1374 goto out_free;
1375
1376#ifdef CONFIG_IPV6_PIMSM_V2
1377 if (vif->flags & MIFF_REGISTER) {
1378 vif->pkt_out++;
1379 vif->bytes_out += skb->len;
1380 ((struct net_device_stats *)netdev_priv(vif->dev))->tx_bytes += skb->len;
1381 ((struct net_device_stats *)netdev_priv(vif->dev))->tx_packets++;
1382 ip6mr_cache_report(skb, vifi, MRT6MSG_WHOLEPKT);
1383 kfree_skb(skb);
1384 return 0;
1385 }
1386#endif
1387
1388 ipv6h = ipv6_hdr(skb);
1389
1390 fl = (struct flowi) {
1391 .oif = vif->link,
1392 .nl_u = { .ip6_u =
1393 { .daddr = ipv6h->daddr, }
1394 }
1395 };
1396
1397 dst = ip6_route_output(&init_net, NULL, &fl);
1398 if (!dst)
1399 goto out_free;
1400
1401 dst_release(skb->dst);
1402 skb->dst = dst;
1403
1404 /*
1405 * RFC1584 teaches, that DVMRP/PIM router must deliver packets locally
1406 * not only before forwarding, but after forwarding on all output
1407 * interfaces. It is clear, if mrouter runs a multicasting
1408 * program, it should receive packets not depending to what interface
1409 * program is joined.
1410 * If we will not make it, the program will have to join on all
1411 * interfaces. On the other hand, multihoming host (or router, but
1412 * not mrouter) cannot join to more than one interface - it will
1413 * result in receiving multiple packets.
1414 */
1415 dev = vif->dev;
1416 skb->dev = dev;
1417 vif->pkt_out++;
1418 vif->bytes_out += skb->len;
1419
1420 /* We are about to write */
1421 /* XXX: extension headers? */
1422 if (skb_cow(skb, sizeof(*ipv6h) + LL_RESERVED_SPACE(dev)))
1423 goto out_free;
1424
1425 ipv6h = ipv6_hdr(skb);
1426 ipv6h->hop_limit--;
1427
1428 IP6CB(skb)->flags |= IP6SKB_FORWARDED;
1429
1430 return NF_HOOK(PF_INET6, NF_INET_FORWARD, skb, skb->dev, dev,
1431 ip6mr_forward2_finish);
1432
1433out_free:
1434 kfree_skb(skb);
1435 return 0;
1436}
1437
1438static int ip6mr_find_vif(struct net_device *dev)
1439{
1440 int ct;
1441 for (ct = maxvif - 1; ct >= 0; ct--) {
1442 if (vif6_table[ct].dev == dev)
1443 break;
1444 }
1445 return ct;
1446}
1447
1448static int ip6_mr_forward(struct sk_buff *skb, struct mfc6_cache *cache)
1449{
1450 int psend = -1;
1451 int vif, ct;
1452
1453 vif = cache->mf6c_parent;
1454 cache->mfc_un.res.pkt++;
1455 cache->mfc_un.res.bytes += skb->len;
1456
1457 /*
1458 * Wrong interface: drop packet and (maybe) send PIM assert.
1459 */
1460 if (vif6_table[vif].dev != skb->dev) {
1461 int true_vifi;
1462
1463 cache->mfc_un.res.wrong_if++;
1464 true_vifi = ip6mr_find_vif(skb->dev);
1465
1466 if (true_vifi >= 0 && mroute_do_assert &&
1467 /* pimsm uses asserts, when switching from RPT to SPT,
1468 so that we cannot check that packet arrived on an oif.
1469 It is bad, but otherwise we would need to move pretty
1470 large chunk of pimd to kernel. Ough... --ANK
1471 */
1472 (mroute_do_pim || cache->mfc_un.res.ttls[true_vifi] < 255) &&
1473 time_after(jiffies,
1474 cache->mfc_un.res.last_assert + MFC_ASSERT_THRESH)) {
1475 cache->mfc_un.res.last_assert = jiffies;
1476 ip6mr_cache_report(skb, true_vifi, MRT6MSG_WRONGMIF);
1477 }
1478 goto dont_forward;
1479 }
1480
1481 vif6_table[vif].pkt_in++;
1482 vif6_table[vif].bytes_in += skb->len;
1483
1484 /*
1485 * Forward the frame
1486 */
1487 for (ct = cache->mfc_un.res.maxvif - 1; ct >= cache->mfc_un.res.minvif; ct--) {
1488 if (ipv6_hdr(skb)->hop_limit > cache->mfc_un.res.ttls[ct]) {
1489 if (psend != -1) {
1490 struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC);
1491 if (skb2)
1492 ip6mr_forward2(skb2, cache, psend);
1493 }
1494 psend = ct;
1495 }
1496 }
1497 if (psend != -1) {
1498 ip6mr_forward2(skb, cache, psend);
1499 return 0;
1500 }
1501
1502dont_forward:
1503 kfree_skb(skb);
1504 return 0;
1505}
1506
1507
1508/*
1509 * Multicast packets for forwarding arrive here
1510 */
1511
1512int ip6_mr_input(struct sk_buff *skb)
1513{
1514 struct mfc6_cache *cache;
1515
1516 read_lock(&mrt_lock);
1517 cache = ip6mr_cache_find(&ipv6_hdr(skb)->saddr, &ipv6_hdr(skb)->daddr);
1518
1519 /*
1520 * No usable cache entry
1521 */
1522 if (cache == NULL) {
1523 int vif;
1524
1525 vif = ip6mr_find_vif(skb->dev);
1526 if (vif >= 0) {
1527 int err = ip6mr_cache_unresolved(vif, skb);
1528 read_unlock(&mrt_lock);
1529
1530 return err;
1531 }
1532 read_unlock(&mrt_lock);
1533 kfree_skb(skb);
1534 return -ENODEV;
1535 }
1536
1537 ip6_mr_forward(skb, cache);
1538
1539 read_unlock(&mrt_lock);
1540
1541 return 0;
1542}
1543
1544
1545static int
1546ip6mr_fill_mroute(struct sk_buff *skb, struct mfc6_cache *c, struct rtmsg *rtm)
1547{
1548 int ct;
1549 struct rtnexthop *nhp;
1550 struct net_device *dev = vif6_table[c->mf6c_parent].dev;
1551 u8 *b = skb_tail_pointer(skb);
1552 struct rtattr *mp_head;
1553
1554 if (dev)
1555 RTA_PUT(skb, RTA_IIF, 4, &dev->ifindex);
1556
1557 mp_head = (struct rtattr *)skb_put(skb, RTA_LENGTH(0));
1558
1559 for (ct = c->mfc_un.res.minvif; ct < c->mfc_un.res.maxvif; ct++) {
1560 if (c->mfc_un.res.ttls[ct] < 255) {
1561 if (skb_tailroom(skb) < RTA_ALIGN(RTA_ALIGN(sizeof(*nhp)) + 4))
1562 goto rtattr_failure;
1563 nhp = (struct rtnexthop *)skb_put(skb, RTA_ALIGN(sizeof(*nhp)));
1564 nhp->rtnh_flags = 0;
1565 nhp->rtnh_hops = c->mfc_un.res.ttls[ct];
1566 nhp->rtnh_ifindex = vif6_table[ct].dev->ifindex;
1567 nhp->rtnh_len = sizeof(*nhp);
1568 }
1569 }
1570 mp_head->rta_type = RTA_MULTIPATH;
1571 mp_head->rta_len = skb_tail_pointer(skb) - (u8 *)mp_head;
1572 rtm->rtm_type = RTN_MULTICAST;
1573 return 1;
1574
1575rtattr_failure:
1576 nlmsg_trim(skb, b);
1577 return -EMSGSIZE;
1578}
1579
1580int ip6mr_get_route(struct sk_buff *skb, struct rtmsg *rtm, int nowait)
1581{
1582 int err;
1583 struct mfc6_cache *cache;
1584 struct rt6_info *rt = (struct rt6_info *)skb->dst;
1585
1586 read_lock(&mrt_lock);
1587 cache = ip6mr_cache_find(&rt->rt6i_src.addr, &rt->rt6i_dst.addr);
1588
1589 if (!cache) {
1590 struct sk_buff *skb2;
1591 struct ipv6hdr *iph;
1592 struct net_device *dev;
1593 int vif;
1594
1595 if (nowait) {
1596 read_unlock(&mrt_lock);
1597 return -EAGAIN;
1598 }
1599
1600 dev = skb->dev;
1601 if (dev == NULL || (vif = ip6mr_find_vif(dev)) < 0) {
1602 read_unlock(&mrt_lock);
1603 return -ENODEV;
1604 }
1605
1606 /* really correct? */
1607 skb2 = alloc_skb(sizeof(struct ipv6hdr), GFP_ATOMIC);
1608 if (!skb2) {
1609 read_unlock(&mrt_lock);
1610 return -ENOMEM;
1611 }
1612
1613 skb_reset_transport_header(skb2);
1614
1615 skb_put(skb2, sizeof(struct ipv6hdr));
1616 skb_reset_network_header(skb2);
1617
1618 iph = ipv6_hdr(skb2);
1619 iph->version = 0;
1620 iph->priority = 0;
1621 iph->flow_lbl[0] = 0;
1622 iph->flow_lbl[1] = 0;
1623 iph->flow_lbl[2] = 0;
1624 iph->payload_len = 0;
1625 iph->nexthdr = IPPROTO_NONE;
1626 iph->hop_limit = 0;
1627 ipv6_addr_copy(&iph->saddr, &rt->rt6i_src.addr);
1628 ipv6_addr_copy(&iph->daddr, &rt->rt6i_dst.addr);
1629
1630 err = ip6mr_cache_unresolved(vif, skb2);
1631 read_unlock(&mrt_lock);
1632
1633 return err;
1634 }
1635
1636 if (!nowait && (rtm->rtm_flags&RTM_F_NOTIFY))
1637 cache->mfc_flags |= MFC_NOTIFY;
1638
1639 err = ip6mr_fill_mroute(skb, cache, rtm);
1640 read_unlock(&mrt_lock);
1641 return err;
1642}
1643
diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c
index bf2a686aa13d..06de9d0e1f6b 100644
--- a/net/ipv6/ipv6_sockglue.c
+++ b/net/ipv6/ipv6_sockglue.c
@@ -16,7 +16,6 @@
16 * 16 *
17 * FIXME: Make the setsockopt code POSIX compliant: That is 17 * FIXME: Make the setsockopt code POSIX compliant: That is
18 * 18 *
19 * o Return -EINVAL for setsockopt of short lengths
20 * o Truncate getsockopt returns 19 * o Truncate getsockopt returns
21 * o Return an optlen of the truncated length if need be 20 * o Return an optlen of the truncated length if need be
22 * 21 *
@@ -33,6 +32,7 @@
33#include <linux/sockios.h> 32#include <linux/sockios.h>
34#include <linux/net.h> 33#include <linux/net.h>
35#include <linux/in6.h> 34#include <linux/in6.h>
35#include <linux/mroute6.h>
36#include <linux/netdevice.h> 36#include <linux/netdevice.h>
37#include <linux/if_arp.h> 37#include <linux/if_arp.h>
38#include <linux/init.h> 38#include <linux/init.h>
@@ -57,118 +57,6 @@
57 57
58DEFINE_SNMP_STAT(struct ipstats_mib, ipv6_statistics) __read_mostly; 58DEFINE_SNMP_STAT(struct ipstats_mib, ipv6_statistics) __read_mostly;
59 59
60static struct inet6_protocol *ipv6_gso_pull_exthdrs(struct sk_buff *skb,
61 int proto)
62{
63 struct inet6_protocol *ops = NULL;
64
65 for (;;) {
66 struct ipv6_opt_hdr *opth;
67 int len;
68
69 if (proto != NEXTHDR_HOP) {
70 ops = rcu_dereference(inet6_protos[proto]);
71
72 if (unlikely(!ops))
73 break;
74
75 if (!(ops->flags & INET6_PROTO_GSO_EXTHDR))
76 break;
77 }
78
79 if (unlikely(!pskb_may_pull(skb, 8)))
80 break;
81
82 opth = (void *)skb->data;
83 len = opth->hdrlen * 8 + 8;
84
85 if (unlikely(!pskb_may_pull(skb, len)))
86 break;
87
88 proto = opth->nexthdr;
89 __skb_pull(skb, len);
90 }
91
92 return ops;
93}
94
95static int ipv6_gso_send_check(struct sk_buff *skb)
96{
97 struct ipv6hdr *ipv6h;
98 struct inet6_protocol *ops;
99 int err = -EINVAL;
100
101 if (unlikely(!pskb_may_pull(skb, sizeof(*ipv6h))))
102 goto out;
103
104 ipv6h = ipv6_hdr(skb);
105 __skb_pull(skb, sizeof(*ipv6h));
106 err = -EPROTONOSUPPORT;
107
108 rcu_read_lock();
109 ops = ipv6_gso_pull_exthdrs(skb, ipv6h->nexthdr);
110 if (likely(ops && ops->gso_send_check)) {
111 skb_reset_transport_header(skb);
112 err = ops->gso_send_check(skb);
113 }
114 rcu_read_unlock();
115
116out:
117 return err;
118}
119
120static struct sk_buff *ipv6_gso_segment(struct sk_buff *skb, int features)
121{
122 struct sk_buff *segs = ERR_PTR(-EINVAL);
123 struct ipv6hdr *ipv6h;
124 struct inet6_protocol *ops;
125
126 if (!(features & NETIF_F_V6_CSUM))
127 features &= ~NETIF_F_SG;
128
129 if (unlikely(skb_shinfo(skb)->gso_type &
130 ~(SKB_GSO_UDP |
131 SKB_GSO_DODGY |
132 SKB_GSO_TCP_ECN |
133 SKB_GSO_TCPV6 |
134 0)))
135 goto out;
136
137 if (unlikely(!pskb_may_pull(skb, sizeof(*ipv6h))))
138 goto out;
139
140 ipv6h = ipv6_hdr(skb);
141 __skb_pull(skb, sizeof(*ipv6h));
142 segs = ERR_PTR(-EPROTONOSUPPORT);
143
144 rcu_read_lock();
145 ops = ipv6_gso_pull_exthdrs(skb, ipv6h->nexthdr);
146 if (likely(ops && ops->gso_segment)) {
147 skb_reset_transport_header(skb);
148 segs = ops->gso_segment(skb, features);
149 }
150 rcu_read_unlock();
151
152 if (unlikely(IS_ERR(segs)))
153 goto out;
154
155 for (skb = segs; skb; skb = skb->next) {
156 ipv6h = ipv6_hdr(skb);
157 ipv6h->payload_len = htons(skb->len - skb->mac_len -
158 sizeof(*ipv6h));
159 }
160
161out:
162 return segs;
163}
164
165static struct packet_type ipv6_packet_type = {
166 .type = __constant_htons(ETH_P_IPV6),
167 .func = ipv6_rcv,
168 .gso_send_check = ipv6_gso_send_check,
169 .gso_segment = ipv6_gso_segment,
170};
171
172struct ip6_ra_chain *ip6_ra_chain; 60struct ip6_ra_chain *ip6_ra_chain;
173DEFINE_RWLOCK(ip6_ra_lock); 61DEFINE_RWLOCK(ip6_ra_lock);
174 62
@@ -215,25 +103,59 @@ int ip6_ra_control(struct sock *sk, int sel, void (*destructor)(struct sock *))
215 return 0; 103 return 0;
216} 104}
217 105
106static
107struct ipv6_txoptions *ipv6_update_options(struct sock *sk,
108 struct ipv6_txoptions *opt)
109{
110 if (inet_sk(sk)->is_icsk) {
111 if (opt &&
112 !((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE)) &&
113 inet_sk(sk)->daddr != LOOPBACK4_IPV6) {
114 struct inet_connection_sock *icsk = inet_csk(sk);
115 icsk->icsk_ext_hdr_len = opt->opt_flen + opt->opt_nflen;
116 icsk->icsk_sync_mss(sk, icsk->icsk_pmtu_cookie);
117 }
118 opt = xchg(&inet6_sk(sk)->opt, opt);
119 } else {
120 write_lock(&sk->sk_dst_lock);
121 opt = xchg(&inet6_sk(sk)->opt, opt);
122 write_unlock(&sk->sk_dst_lock);
123 }
124 sk_dst_reset(sk);
125
126 return opt;
127}
128
218static int do_ipv6_setsockopt(struct sock *sk, int level, int optname, 129static int do_ipv6_setsockopt(struct sock *sk, int level, int optname,
219 char __user *optval, int optlen) 130 char __user *optval, int optlen)
220{ 131{
221 struct ipv6_pinfo *np = inet6_sk(sk); 132 struct ipv6_pinfo *np = inet6_sk(sk);
133 struct net *net = sock_net(sk);
222 int val, valbool; 134 int val, valbool;
223 int retv = -ENOPROTOOPT; 135 int retv = -ENOPROTOOPT;
224 136
225 if (optval == NULL) 137 if (optval == NULL)
226 val=0; 138 val=0;
227 else if (get_user(val, (int __user *) optval)) 139 else {
228 return -EFAULT; 140 if (optlen >= sizeof(int)) {
141 if (get_user(val, (int __user *) optval))
142 return -EFAULT;
143 } else
144 val = 0;
145 }
229 146
230 valbool = (val!=0); 147 valbool = (val!=0);
231 148
149 if (ip6_mroute_opt(optname))
150 return ip6_mroute_setsockopt(sk, optname, optval, optlen);
151
232 lock_sock(sk); 152 lock_sock(sk);
233 153
234 switch (optname) { 154 switch (optname) {
235 155
236 case IPV6_ADDRFORM: 156 case IPV6_ADDRFORM:
157 if (optlen < sizeof(int))
158 goto e_inval;
237 if (val == PF_INET) { 159 if (val == PF_INET) {
238 struct ipv6_txoptions *opt; 160 struct ipv6_txoptions *opt;
239 struct sk_buff *pktopt; 161 struct sk_buff *pktopt;
@@ -266,10 +188,9 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname,
266 188
267 if (sk->sk_protocol == IPPROTO_TCP) { 189 if (sk->sk_protocol == IPPROTO_TCP) {
268 struct inet_connection_sock *icsk = inet_csk(sk); 190 struct inet_connection_sock *icsk = inet_csk(sk);
269
270 local_bh_disable(); 191 local_bh_disable();
271 sock_prot_inuse_add(sk->sk_prot, -1); 192 sock_prot_inuse_add(net, sk->sk_prot, -1);
272 sock_prot_inuse_add(&tcp_prot, 1); 193 sock_prot_inuse_add(net, &tcp_prot, 1);
273 local_bh_enable(); 194 local_bh_enable();
274 sk->sk_prot = &tcp_prot; 195 sk->sk_prot = &tcp_prot;
275 icsk->icsk_af_ops = &ipv4_specific; 196 icsk->icsk_af_ops = &ipv4_specific;
@@ -282,8 +203,8 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname,
282 if (sk->sk_protocol == IPPROTO_UDPLITE) 203 if (sk->sk_protocol == IPPROTO_UDPLITE)
283 prot = &udplite_prot; 204 prot = &udplite_prot;
284 local_bh_disable(); 205 local_bh_disable();
285 sock_prot_inuse_add(sk->sk_prot, -1); 206 sock_prot_inuse_add(net, sk->sk_prot, -1);
286 sock_prot_inuse_add(prot, 1); 207 sock_prot_inuse_add(net, prot, 1);
287 local_bh_enable(); 208 local_bh_enable();
288 sk->sk_prot = prot; 209 sk->sk_prot = prot;
289 sk->sk_socket->ops = &inet_dgram_ops; 210 sk->sk_socket->ops = &inet_dgram_ops;
@@ -309,63 +230,86 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname,
309 goto e_inval; 230 goto e_inval;
310 231
311 case IPV6_V6ONLY: 232 case IPV6_V6ONLY:
312 if (inet_sk(sk)->num) 233 if (optlen < sizeof(int) ||
234 inet_sk(sk)->num)
313 goto e_inval; 235 goto e_inval;
314 np->ipv6only = valbool; 236 np->ipv6only = valbool;
315 retv = 0; 237 retv = 0;
316 break; 238 break;
317 239
318 case IPV6_RECVPKTINFO: 240 case IPV6_RECVPKTINFO:
241 if (optlen < sizeof(int))
242 goto e_inval;
319 np->rxopt.bits.rxinfo = valbool; 243 np->rxopt.bits.rxinfo = valbool;
320 retv = 0; 244 retv = 0;
321 break; 245 break;
322 246
323 case IPV6_2292PKTINFO: 247 case IPV6_2292PKTINFO:
248 if (optlen < sizeof(int))
249 goto e_inval;
324 np->rxopt.bits.rxoinfo = valbool; 250 np->rxopt.bits.rxoinfo = valbool;
325 retv = 0; 251 retv = 0;
326 break; 252 break;
327 253
328 case IPV6_RECVHOPLIMIT: 254 case IPV6_RECVHOPLIMIT:
255 if (optlen < sizeof(int))
256 goto e_inval;
329 np->rxopt.bits.rxhlim = valbool; 257 np->rxopt.bits.rxhlim = valbool;
330 retv = 0; 258 retv = 0;
331 break; 259 break;
332 260
333 case IPV6_2292HOPLIMIT: 261 case IPV6_2292HOPLIMIT:
262 if (optlen < sizeof(int))
263 goto e_inval;
334 np->rxopt.bits.rxohlim = valbool; 264 np->rxopt.bits.rxohlim = valbool;
335 retv = 0; 265 retv = 0;
336 break; 266 break;
337 267
338 case IPV6_RECVRTHDR: 268 case IPV6_RECVRTHDR:
269 if (optlen < sizeof(int))
270 goto e_inval;
339 np->rxopt.bits.srcrt = valbool; 271 np->rxopt.bits.srcrt = valbool;
340 retv = 0; 272 retv = 0;
341 break; 273 break;
342 274
343 case IPV6_2292RTHDR: 275 case IPV6_2292RTHDR:
276 if (optlen < sizeof(int))
277 goto e_inval;
344 np->rxopt.bits.osrcrt = valbool; 278 np->rxopt.bits.osrcrt = valbool;
345 retv = 0; 279 retv = 0;
346 break; 280 break;
347 281
348 case IPV6_RECVHOPOPTS: 282 case IPV6_RECVHOPOPTS:
283 if (optlen < sizeof(int))
284 goto e_inval;
349 np->rxopt.bits.hopopts = valbool; 285 np->rxopt.bits.hopopts = valbool;
350 retv = 0; 286 retv = 0;
351 break; 287 break;
352 288
353 case IPV6_2292HOPOPTS: 289 case IPV6_2292HOPOPTS:
290 if (optlen < sizeof(int))
291 goto e_inval;
354 np->rxopt.bits.ohopopts = valbool; 292 np->rxopt.bits.ohopopts = valbool;
355 retv = 0; 293 retv = 0;
356 break; 294 break;
357 295
358 case IPV6_RECVDSTOPTS: 296 case IPV6_RECVDSTOPTS:
297 if (optlen < sizeof(int))
298 goto e_inval;
359 np->rxopt.bits.dstopts = valbool; 299 np->rxopt.bits.dstopts = valbool;
360 retv = 0; 300 retv = 0;
361 break; 301 break;
362 302
363 case IPV6_2292DSTOPTS: 303 case IPV6_2292DSTOPTS:
304 if (optlen < sizeof(int))
305 goto e_inval;
364 np->rxopt.bits.odstopts = valbool; 306 np->rxopt.bits.odstopts = valbool;
365 retv = 0; 307 retv = 0;
366 break; 308 break;
367 309
368 case IPV6_TCLASS: 310 case IPV6_TCLASS:
311 if (optlen < sizeof(int))
312 goto e_inval;
369 if (val < -1 || val > 0xff) 313 if (val < -1 || val > 0xff)
370 goto e_inval; 314 goto e_inval;
371 np->tclass = val; 315 np->tclass = val;
@@ -373,11 +317,15 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname,
373 break; 317 break;
374 318
375 case IPV6_RECVTCLASS: 319 case IPV6_RECVTCLASS:
320 if (optlen < sizeof(int))
321 goto e_inval;
376 np->rxopt.bits.rxtclass = valbool; 322 np->rxopt.bits.rxtclass = valbool;
377 retv = 0; 323 retv = 0;
378 break; 324 break;
379 325
380 case IPV6_FLOWINFO: 326 case IPV6_FLOWINFO:
327 if (optlen < sizeof(int))
328 goto e_inval;
381 np->rxopt.bits.rxflow = valbool; 329 np->rxopt.bits.rxflow = valbool;
382 retv = 0; 330 retv = 0;
383 break; 331 break;
@@ -396,9 +344,9 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname,
396 if (optname != IPV6_RTHDR && !capable(CAP_NET_RAW)) 344 if (optname != IPV6_RTHDR && !capable(CAP_NET_RAW))
397 break; 345 break;
398 346
399 retv = -EINVAL; 347 if (optlen < sizeof(struct ipv6_opt_hdr) ||
400 if (optlen & 0x7 || optlen > 8 * 255) 348 optlen & 0x7 || optlen > 8 * 255)
401 break; 349 goto e_inval;
402 350
403 opt = ipv6_renew_options(sk, np->opt, optname, 351 opt = ipv6_renew_options(sk, np->opt, optname,
404 (struct ipv6_opt_hdr __user *)optval, 352 (struct ipv6_opt_hdr __user *)optval,
@@ -426,25 +374,7 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname,
426 } 374 }
427 375
428 retv = 0; 376 retv = 0;
429 if (inet_sk(sk)->is_icsk) { 377 opt = ipv6_update_options(sk, opt);
430 if (opt) {
431 struct inet_connection_sock *icsk = inet_csk(sk);
432 if (!((1 << sk->sk_state) &
433 (TCPF_LISTEN | TCPF_CLOSE))
434 && inet_sk(sk)->daddr != LOOPBACK4_IPV6) {
435 icsk->icsk_ext_hdr_len =
436 opt->opt_flen + opt->opt_nflen;
437 icsk->icsk_sync_mss(sk, icsk->icsk_pmtu_cookie);
438 }
439 }
440 opt = xchg(&np->opt, opt);
441 sk_dst_reset(sk);
442 } else {
443 write_lock(&sk->sk_dst_lock);
444 opt = xchg(&np->opt, opt);
445 write_unlock(&sk->sk_dst_lock);
446 sk_dst_reset(sk);
447 }
448sticky_done: 378sticky_done:
449 if (opt) 379 if (opt)
450 sock_kfree_s(sk, opt, opt->tot_len); 380 sock_kfree_s(sk, opt, opt->tot_len);
@@ -490,32 +420,15 @@ sticky_done:
490 goto done; 420 goto done;
491update: 421update:
492 retv = 0; 422 retv = 0;
493 if (inet_sk(sk)->is_icsk) { 423 opt = ipv6_update_options(sk, opt);
494 if (opt) {
495 struct inet_connection_sock *icsk = inet_csk(sk);
496 if (!((1 << sk->sk_state) &
497 (TCPF_LISTEN | TCPF_CLOSE))
498 && inet_sk(sk)->daddr != LOOPBACK4_IPV6) {
499 icsk->icsk_ext_hdr_len =
500 opt->opt_flen + opt->opt_nflen;
501 icsk->icsk_sync_mss(sk, icsk->icsk_pmtu_cookie);
502 }
503 }
504 opt = xchg(&np->opt, opt);
505 sk_dst_reset(sk);
506 } else {
507 write_lock(&sk->sk_dst_lock);
508 opt = xchg(&np->opt, opt);
509 write_unlock(&sk->sk_dst_lock);
510 sk_dst_reset(sk);
511 }
512
513done: 424done:
514 if (opt) 425 if (opt)
515 sock_kfree_s(sk, opt, opt->tot_len); 426 sock_kfree_s(sk, opt, opt->tot_len);
516 break; 427 break;
517 } 428 }
518 case IPV6_UNICAST_HOPS: 429 case IPV6_UNICAST_HOPS:
430 if (optlen < sizeof(int))
431 goto e_inval;
519 if (val > 255 || val < -1) 432 if (val > 255 || val < -1)
520 goto e_inval; 433 goto e_inval;
521 np->hop_limit = val; 434 np->hop_limit = val;
@@ -525,6 +438,8 @@ done:
525 case IPV6_MULTICAST_HOPS: 438 case IPV6_MULTICAST_HOPS:
526 if (sk->sk_type == SOCK_STREAM) 439 if (sk->sk_type == SOCK_STREAM)
527 goto e_inval; 440 goto e_inval;
441 if (optlen < sizeof(int))
442 goto e_inval;
528 if (val > 255 || val < -1) 443 if (val > 255 || val < -1)
529 goto e_inval; 444 goto e_inval;
530 np->mcast_hops = val; 445 np->mcast_hops = val;
@@ -532,6 +447,8 @@ done:
532 break; 447 break;
533 448
534 case IPV6_MULTICAST_LOOP: 449 case IPV6_MULTICAST_LOOP:
450 if (optlen < sizeof(int))
451 goto e_inval;
535 np->mc_loop = valbool; 452 np->mc_loop = valbool;
536 retv = 0; 453 retv = 0;
537 break; 454 break;
@@ -539,12 +456,14 @@ done:
539 case IPV6_MULTICAST_IF: 456 case IPV6_MULTICAST_IF:
540 if (sk->sk_type == SOCK_STREAM) 457 if (sk->sk_type == SOCK_STREAM)
541 goto e_inval; 458 goto e_inval;
459 if (optlen < sizeof(int))
460 goto e_inval;
542 461
543 if (val) { 462 if (val) {
544 if (sk->sk_bound_dev_if && sk->sk_bound_dev_if != val) 463 if (sk->sk_bound_dev_if && sk->sk_bound_dev_if != val)
545 goto e_inval; 464 goto e_inval;
546 465
547 if (__dev_get_by_index(&init_net, val) == NULL) { 466 if (__dev_get_by_index(net, val) == NULL) {
548 retv = -ENODEV; 467 retv = -ENODEV;
549 break; 468 break;
550 } 469 }
@@ -557,6 +476,9 @@ done:
557 { 476 {
558 struct ipv6_mreq mreq; 477 struct ipv6_mreq mreq;
559 478
479 if (optlen < sizeof(struct ipv6_mreq))
480 goto e_inval;
481
560 retv = -EPROTO; 482 retv = -EPROTO;
561 if (inet_sk(sk)->is_icsk) 483 if (inet_sk(sk)->is_icsk)
562 break; 484 break;
@@ -576,7 +498,7 @@ done:
576 { 498 {
577 struct ipv6_mreq mreq; 499 struct ipv6_mreq mreq;
578 500
579 if (optlen != sizeof(struct ipv6_mreq)) 501 if (optlen < sizeof(struct ipv6_mreq))
580 goto e_inval; 502 goto e_inval;
581 503
582 retv = -EFAULT; 504 retv = -EFAULT;
@@ -595,6 +517,9 @@ done:
595 struct group_req greq; 517 struct group_req greq;
596 struct sockaddr_in6 *psin6; 518 struct sockaddr_in6 *psin6;
597 519
520 if (optlen < sizeof(struct group_req))
521 goto e_inval;
522
598 retv = -EFAULT; 523 retv = -EFAULT;
599 if (copy_from_user(&greq, optval, sizeof(struct group_req))) 524 if (copy_from_user(&greq, optval, sizeof(struct group_req)))
600 break; 525 break;
@@ -619,7 +544,7 @@ done:
619 struct group_source_req greqs; 544 struct group_source_req greqs;
620 int omode, add; 545 int omode, add;
621 546
622 if (optlen != sizeof(struct group_source_req)) 547 if (optlen < sizeof(struct group_source_req))
623 goto e_inval; 548 goto e_inval;
624 if (copy_from_user(&greqs, optval, sizeof(greqs))) { 549 if (copy_from_user(&greqs, optval, sizeof(greqs))) {
625 retv = -EFAULT; 550 retv = -EFAULT;
@@ -693,27 +618,37 @@ done:
693 break; 618 break;
694 } 619 }
695 case IPV6_ROUTER_ALERT: 620 case IPV6_ROUTER_ALERT:
621 if (optlen < sizeof(int))
622 goto e_inval;
696 retv = ip6_ra_control(sk, val, NULL); 623 retv = ip6_ra_control(sk, val, NULL);
697 break; 624 break;
698 case IPV6_MTU_DISCOVER: 625 case IPV6_MTU_DISCOVER:
626 if (optlen < sizeof(int))
627 goto e_inval;
699 if (val<0 || val>3) 628 if (val<0 || val>3)
700 goto e_inval; 629 goto e_inval;
701 np->pmtudisc = val; 630 np->pmtudisc = val;
702 retv = 0; 631 retv = 0;
703 break; 632 break;
704 case IPV6_MTU: 633 case IPV6_MTU:
634 if (optlen < sizeof(int))
635 goto e_inval;
705 if (val && val < IPV6_MIN_MTU) 636 if (val && val < IPV6_MIN_MTU)
706 goto e_inval; 637 goto e_inval;
707 np->frag_size = val; 638 np->frag_size = val;
708 retv = 0; 639 retv = 0;
709 break; 640 break;
710 case IPV6_RECVERR: 641 case IPV6_RECVERR:
642 if (optlen < sizeof(int))
643 goto e_inval;
711 np->recverr = valbool; 644 np->recverr = valbool;
712 if (!val) 645 if (!val)
713 skb_queue_purge(&sk->sk_error_queue); 646 skb_queue_purge(&sk->sk_error_queue);
714 retv = 0; 647 retv = 0;
715 break; 648 break;
716 case IPV6_FLOWINFO_SEND: 649 case IPV6_FLOWINFO_SEND:
650 if (optlen < sizeof(int))
651 goto e_inval;
717 np->sndflow = valbool; 652 np->sndflow = valbool;
718 retv = 0; 653 retv = 0;
719 break; 654 break;
@@ -728,7 +663,70 @@ done:
728 retv = xfrm_user_policy(sk, optname, optval, optlen); 663 retv = xfrm_user_policy(sk, optname, optval, optlen);
729 break; 664 break;
730 665
666 case IPV6_ADDR_PREFERENCES:
667 {
668 unsigned int pref = 0;
669 unsigned int prefmask = ~0;
670
671 if (optlen < sizeof(int))
672 goto e_inval;
673
674 retv = -EINVAL;
675
676 /* check PUBLIC/TMP/PUBTMP_DEFAULT conflicts */
677 switch (val & (IPV6_PREFER_SRC_PUBLIC|
678 IPV6_PREFER_SRC_TMP|
679 IPV6_PREFER_SRC_PUBTMP_DEFAULT)) {
680 case IPV6_PREFER_SRC_PUBLIC:
681 pref |= IPV6_PREFER_SRC_PUBLIC;
682 break;
683 case IPV6_PREFER_SRC_TMP:
684 pref |= IPV6_PREFER_SRC_TMP;
685 break;
686 case IPV6_PREFER_SRC_PUBTMP_DEFAULT:
687 break;
688 case 0:
689 goto pref_skip_pubtmp;
690 default:
691 goto e_inval;
692 }
693
694 prefmask &= ~(IPV6_PREFER_SRC_PUBLIC|
695 IPV6_PREFER_SRC_TMP);
696pref_skip_pubtmp:
697
698 /* check HOME/COA conflicts */
699 switch (val & (IPV6_PREFER_SRC_HOME|IPV6_PREFER_SRC_COA)) {
700 case IPV6_PREFER_SRC_HOME:
701 break;
702 case IPV6_PREFER_SRC_COA:
703 pref |= IPV6_PREFER_SRC_COA;
704 case 0:
705 goto pref_skip_coa;
706 default:
707 goto e_inval;
708 }
709
710 prefmask &= ~IPV6_PREFER_SRC_COA;
711pref_skip_coa:
712
713 /* check CGA/NONCGA conflicts */
714 switch (val & (IPV6_PREFER_SRC_CGA|IPV6_PREFER_SRC_NONCGA)) {
715 case IPV6_PREFER_SRC_CGA:
716 case IPV6_PREFER_SRC_NONCGA:
717 case 0:
718 break;
719 default:
720 goto e_inval;
721 }
722
723 np->srcprefs = (np->srcprefs & prefmask) | pref;
724 retv = 0;
725
726 break;
727 }
731 } 728 }
729
732 release_sock(sk); 730 release_sock(sk);
733 731
734 return retv; 732 return retv;
@@ -839,6 +837,9 @@ static int do_ipv6_getsockopt(struct sock *sk, int level, int optname,
839 int len; 837 int len;
840 int val; 838 int val;
841 839
840 if (ip6_mroute_opt(optname))
841 return ip6_mroute_getsockopt(sk, optname, optval, optlen);
842
842 if (get_user(len, optlen)) 843 if (get_user(len, optlen))
843 return -EFAULT; 844 return -EFAULT;
844 switch (optname) { 845 switch (optname) {
@@ -1015,9 +1016,7 @@ static int do_ipv6_getsockopt(struct sock *sk, int level, int optname,
1015 dst = sk_dst_get(sk); 1016 dst = sk_dst_get(sk);
1016 if (dst) { 1017 if (dst) {
1017 if (val < 0) 1018 if (val < 0)
1018 val = dst_metric(dst, RTAX_HOPLIMIT); 1019 val = ip6_dst_hoplimit(dst);
1019 if (val < 0)
1020 val = ipv6_get_hoplimit(dst->dev);
1021 dst_release(dst); 1020 dst_release(dst);
1022 } 1021 }
1023 if (val < 0) 1022 if (val < 0)
@@ -1045,6 +1044,24 @@ static int do_ipv6_getsockopt(struct sock *sk, int level, int optname,
1045 val = np->sndflow; 1044 val = np->sndflow;
1046 break; 1045 break;
1047 1046
1047 case IPV6_ADDR_PREFERENCES:
1048 val = 0;
1049
1050 if (np->srcprefs & IPV6_PREFER_SRC_TMP)
1051 val |= IPV6_PREFER_SRC_TMP;
1052 else if (np->srcprefs & IPV6_PREFER_SRC_PUBLIC)
1053 val |= IPV6_PREFER_SRC_PUBLIC;
1054 else {
1055 /* XXX: should we return system default? */
1056 val |= IPV6_PREFER_SRC_PUBTMP_DEFAULT;
1057 }
1058
1059 if (np->srcprefs & IPV6_PREFER_SRC_COA)
1060 val |= IPV6_PREFER_SRC_COA;
1061 else
1062 val |= IPV6_PREFER_SRC_HOME;
1063 break;
1064
1048 default: 1065 default:
1049 return -ENOPROTOOPT; 1066 return -ENOPROTOOPT;
1050 } 1067 }
@@ -1128,13 +1145,3 @@ int compat_ipv6_getsockopt(struct sock *sk, int level, int optname,
1128EXPORT_SYMBOL(compat_ipv6_getsockopt); 1145EXPORT_SYMBOL(compat_ipv6_getsockopt);
1129#endif 1146#endif
1130 1147
1131int __init ipv6_packet_init(void)
1132{
1133 dev_add_pack(&ipv6_packet_type);
1134 return 0;
1135}
1136
1137void ipv6_packet_cleanup(void)
1138{
1139 dev_remove_pack(&ipv6_packet_type);
1140}
diff --git a/net/ipv6/mcast.c b/net/ipv6/mcast.c
index ab228d1ea114..54f91efdae58 100644
--- a/net/ipv6/mcast.c
+++ b/net/ipv6/mcast.c
@@ -59,6 +59,7 @@
59#include <net/ndisc.h> 59#include <net/ndisc.h>
60#include <net/addrconf.h> 60#include <net/addrconf.h>
61#include <net/ip6_route.h> 61#include <net/ip6_route.h>
62#include <net/inet_common.h>
62 63
63#include <net/ip6_checksum.h> 64#include <net/ip6_checksum.h>
64 65
@@ -126,10 +127,6 @@ static struct in6_addr mld2_all_mcr = MLD2_ALL_MCR_INIT;
126/* Big mc list lock for all the sockets */ 127/* Big mc list lock for all the sockets */
127static DEFINE_RWLOCK(ipv6_sk_mc_lock); 128static DEFINE_RWLOCK(ipv6_sk_mc_lock);
128 129
129static struct socket *igmp6_socket;
130
131int __ipv6_dev_mc_dec(struct inet6_dev *idev, struct in6_addr *addr);
132
133static void igmp6_join_group(struct ifmcaddr6 *ma); 130static void igmp6_join_group(struct ifmcaddr6 *ma);
134static void igmp6_leave_group(struct ifmcaddr6 *ma); 131static void igmp6_leave_group(struct ifmcaddr6 *ma);
135static void igmp6_timer_handler(unsigned long data); 132static void igmp6_timer_handler(unsigned long data);
@@ -178,11 +175,12 @@ int sysctl_mld_max_msf __read_mostly = IPV6_MLD_MAX_MSF;
178 * socket join on multicast group 175 * socket join on multicast group
179 */ 176 */
180 177
181int ipv6_sock_mc_join(struct sock *sk, int ifindex, struct in6_addr *addr) 178int ipv6_sock_mc_join(struct sock *sk, int ifindex, const struct in6_addr *addr)
182{ 179{
183 struct net_device *dev = NULL; 180 struct net_device *dev = NULL;
184 struct ipv6_mc_socklist *mc_lst; 181 struct ipv6_mc_socklist *mc_lst;
185 struct ipv6_pinfo *np = inet6_sk(sk); 182 struct ipv6_pinfo *np = inet6_sk(sk);
183 struct net *net = sock_net(sk);
186 int err; 184 int err;
187 185
188 if (!ipv6_addr_is_multicast(addr)) 186 if (!ipv6_addr_is_multicast(addr))
@@ -208,14 +206,14 @@ int ipv6_sock_mc_join(struct sock *sk, int ifindex, struct in6_addr *addr)
208 206
209 if (ifindex == 0) { 207 if (ifindex == 0) {
210 struct rt6_info *rt; 208 struct rt6_info *rt;
211 rt = rt6_lookup(addr, NULL, 0, 0); 209 rt = rt6_lookup(net, addr, NULL, 0, 0);
212 if (rt) { 210 if (rt) {
213 dev = rt->rt6i_dev; 211 dev = rt->rt6i_dev;
214 dev_hold(dev); 212 dev_hold(dev);
215 dst_release(&rt->u.dst); 213 dst_release(&rt->u.dst);
216 } 214 }
217 } else 215 } else
218 dev = dev_get_by_index(&init_net, ifindex); 216 dev = dev_get_by_index(net, ifindex);
219 217
220 if (dev == NULL) { 218 if (dev == NULL) {
221 sock_kfree_s(sk, mc_lst, sizeof(*mc_lst)); 219 sock_kfree_s(sk, mc_lst, sizeof(*mc_lst));
@@ -252,10 +250,11 @@ int ipv6_sock_mc_join(struct sock *sk, int ifindex, struct in6_addr *addr)
252/* 250/*
253 * socket leave on multicast group 251 * socket leave on multicast group
254 */ 252 */
255int ipv6_sock_mc_drop(struct sock *sk, int ifindex, struct in6_addr *addr) 253int ipv6_sock_mc_drop(struct sock *sk, int ifindex, const struct in6_addr *addr)
256{ 254{
257 struct ipv6_pinfo *np = inet6_sk(sk); 255 struct ipv6_pinfo *np = inet6_sk(sk);
258 struct ipv6_mc_socklist *mc_lst, **lnk; 256 struct ipv6_mc_socklist *mc_lst, **lnk;
257 struct net *net = sock_net(sk);
259 258
260 write_lock_bh(&ipv6_sk_mc_lock); 259 write_lock_bh(&ipv6_sk_mc_lock);
261 for (lnk = &np->ipv6_mc_list; (mc_lst = *lnk) !=NULL ; lnk = &mc_lst->next) { 260 for (lnk = &np->ipv6_mc_list; (mc_lst = *lnk) !=NULL ; lnk = &mc_lst->next) {
@@ -266,7 +265,8 @@ int ipv6_sock_mc_drop(struct sock *sk, int ifindex, struct in6_addr *addr)
266 *lnk = mc_lst->next; 265 *lnk = mc_lst->next;
267 write_unlock_bh(&ipv6_sk_mc_lock); 266 write_unlock_bh(&ipv6_sk_mc_lock);
268 267
269 if ((dev = dev_get_by_index(&init_net, mc_lst->ifindex)) != NULL) { 268 dev = dev_get_by_index(net, mc_lst->ifindex);
269 if (dev != NULL) {
270 struct inet6_dev *idev = in6_dev_get(dev); 270 struct inet6_dev *idev = in6_dev_get(dev);
271 271
272 (void) ip6_mc_leave_src(sk, mc_lst, idev); 272 (void) ip6_mc_leave_src(sk, mc_lst, idev);
@@ -286,7 +286,9 @@ int ipv6_sock_mc_drop(struct sock *sk, int ifindex, struct in6_addr *addr)
286 return -EADDRNOTAVAIL; 286 return -EADDRNOTAVAIL;
287} 287}
288 288
289static struct inet6_dev *ip6_mc_find_dev(struct in6_addr *group, int ifindex) 289static struct inet6_dev *ip6_mc_find_dev(struct net *net,
290 struct in6_addr *group,
291 int ifindex)
290{ 292{
291 struct net_device *dev = NULL; 293 struct net_device *dev = NULL;
292 struct inet6_dev *idev = NULL; 294 struct inet6_dev *idev = NULL;
@@ -294,14 +296,14 @@ static struct inet6_dev *ip6_mc_find_dev(struct in6_addr *group, int ifindex)
294 if (ifindex == 0) { 296 if (ifindex == 0) {
295 struct rt6_info *rt; 297 struct rt6_info *rt;
296 298
297 rt = rt6_lookup(group, NULL, 0, 0); 299 rt = rt6_lookup(net, group, NULL, 0, 0);
298 if (rt) { 300 if (rt) {
299 dev = rt->rt6i_dev; 301 dev = rt->rt6i_dev;
300 dev_hold(dev); 302 dev_hold(dev);
301 dst_release(&rt->u.dst); 303 dst_release(&rt->u.dst);
302 } 304 }
303 } else 305 } else
304 dev = dev_get_by_index(&init_net, ifindex); 306 dev = dev_get_by_index(net, ifindex);
305 307
306 if (!dev) 308 if (!dev)
307 return NULL; 309 return NULL;
@@ -324,6 +326,7 @@ void ipv6_sock_mc_close(struct sock *sk)
324{ 326{
325 struct ipv6_pinfo *np = inet6_sk(sk); 327 struct ipv6_pinfo *np = inet6_sk(sk);
326 struct ipv6_mc_socklist *mc_lst; 328 struct ipv6_mc_socklist *mc_lst;
329 struct net *net = sock_net(sk);
327 330
328 write_lock_bh(&ipv6_sk_mc_lock); 331 write_lock_bh(&ipv6_sk_mc_lock);
329 while ((mc_lst = np->ipv6_mc_list) != NULL) { 332 while ((mc_lst = np->ipv6_mc_list) != NULL) {
@@ -332,7 +335,7 @@ void ipv6_sock_mc_close(struct sock *sk)
332 np->ipv6_mc_list = mc_lst->next; 335 np->ipv6_mc_list = mc_lst->next;
333 write_unlock_bh(&ipv6_sk_mc_lock); 336 write_unlock_bh(&ipv6_sk_mc_lock);
334 337
335 dev = dev_get_by_index(&init_net, mc_lst->ifindex); 338 dev = dev_get_by_index(net, mc_lst->ifindex);
336 if (dev) { 339 if (dev) {
337 struct inet6_dev *idev = in6_dev_get(dev); 340 struct inet6_dev *idev = in6_dev_get(dev);
338 341
@@ -361,6 +364,7 @@ int ip6_mc_source(int add, int omode, struct sock *sk,
361 struct inet6_dev *idev; 364 struct inet6_dev *idev;
362 struct ipv6_pinfo *inet6 = inet6_sk(sk); 365 struct ipv6_pinfo *inet6 = inet6_sk(sk);
363 struct ip6_sf_socklist *psl; 366 struct ip6_sf_socklist *psl;
367 struct net *net = sock_net(sk);
364 int i, j, rv; 368 int i, j, rv;
365 int leavegroup = 0; 369 int leavegroup = 0;
366 int pmclocked = 0; 370 int pmclocked = 0;
@@ -376,7 +380,7 @@ int ip6_mc_source(int add, int omode, struct sock *sk,
376 if (!ipv6_addr_is_multicast(group)) 380 if (!ipv6_addr_is_multicast(group))
377 return -EINVAL; 381 return -EINVAL;
378 382
379 idev = ip6_mc_find_dev(group, pgsr->gsr_interface); 383 idev = ip6_mc_find_dev(net, group, pgsr->gsr_interface);
380 if (!idev) 384 if (!idev)
381 return -ENODEV; 385 return -ENODEV;
382 dev = idev->dev; 386 dev = idev->dev;
@@ -500,6 +504,7 @@ int ip6_mc_msfilter(struct sock *sk, struct group_filter *gsf)
500 struct inet6_dev *idev; 504 struct inet6_dev *idev;
501 struct ipv6_pinfo *inet6 = inet6_sk(sk); 505 struct ipv6_pinfo *inet6 = inet6_sk(sk);
502 struct ip6_sf_socklist *newpsl, *psl; 506 struct ip6_sf_socklist *newpsl, *psl;
507 struct net *net = sock_net(sk);
503 int leavegroup = 0; 508 int leavegroup = 0;
504 int i, err; 509 int i, err;
505 510
@@ -511,7 +516,7 @@ int ip6_mc_msfilter(struct sock *sk, struct group_filter *gsf)
511 gsf->gf_fmode != MCAST_EXCLUDE) 516 gsf->gf_fmode != MCAST_EXCLUDE)
512 return -EINVAL; 517 return -EINVAL;
513 518
514 idev = ip6_mc_find_dev(group, gsf->gf_interface); 519 idev = ip6_mc_find_dev(net, group, gsf->gf_interface);
515 520
516 if (!idev) 521 if (!idev)
517 return -ENODEV; 522 return -ENODEV;
@@ -592,13 +597,14 @@ int ip6_mc_msfget(struct sock *sk, struct group_filter *gsf,
592 struct net_device *dev; 597 struct net_device *dev;
593 struct ipv6_pinfo *inet6 = inet6_sk(sk); 598 struct ipv6_pinfo *inet6 = inet6_sk(sk);
594 struct ip6_sf_socklist *psl; 599 struct ip6_sf_socklist *psl;
600 struct net *net = sock_net(sk);
595 601
596 group = &((struct sockaddr_in6 *)&gsf->gf_group)->sin6_addr; 602 group = &((struct sockaddr_in6 *)&gsf->gf_group)->sin6_addr;
597 603
598 if (!ipv6_addr_is_multicast(group)) 604 if (!ipv6_addr_is_multicast(group))
599 return -EINVAL; 605 return -EINVAL;
600 606
601 idev = ip6_mc_find_dev(group, gsf->gf_interface); 607 idev = ip6_mc_find_dev(net, group, gsf->gf_interface);
602 608
603 if (!idev) 609 if (!idev)
604 return -ENODEV; 610 return -ENODEV;
@@ -656,8 +662,8 @@ done:
656 return err; 662 return err;
657} 663}
658 664
659int inet6_mc_check(struct sock *sk, struct in6_addr *mc_addr, 665int inet6_mc_check(struct sock *sk, const struct in6_addr *mc_addr,
660 struct in6_addr *src_addr) 666 const struct in6_addr *src_addr)
661{ 667{
662 struct ipv6_pinfo *np = inet6_sk(sk); 668 struct ipv6_pinfo *np = inet6_sk(sk);
663 struct ipv6_mc_socklist *mc; 669 struct ipv6_mc_socklist *mc;
@@ -863,7 +869,7 @@ static void mld_clear_delrec(struct inet6_dev *idev)
863/* 869/*
864 * device multicast group inc (add if not found) 870 * device multicast group inc (add if not found)
865 */ 871 */
866int ipv6_dev_mc_inc(struct net_device *dev, struct in6_addr *addr) 872int ipv6_dev_mc_inc(struct net_device *dev, const struct in6_addr *addr)
867{ 873{
868 struct ifmcaddr6 *mc; 874 struct ifmcaddr6 *mc;
869 struct inet6_dev *idev; 875 struct inet6_dev *idev;
@@ -934,7 +940,7 @@ int ipv6_dev_mc_inc(struct net_device *dev, struct in6_addr *addr)
934/* 940/*
935 * device multicast group del 941 * device multicast group del
936 */ 942 */
937int __ipv6_dev_mc_dec(struct inet6_dev *idev, struct in6_addr *addr) 943int __ipv6_dev_mc_dec(struct inet6_dev *idev, const struct in6_addr *addr)
938{ 944{
939 struct ifmcaddr6 *ma, **map; 945 struct ifmcaddr6 *ma, **map;
940 946
@@ -959,7 +965,7 @@ int __ipv6_dev_mc_dec(struct inet6_dev *idev, struct in6_addr *addr)
959 return -ENOENT; 965 return -ENOENT;
960} 966}
961 967
962int ipv6_dev_mc_dec(struct net_device *dev, struct in6_addr *addr) 968int ipv6_dev_mc_dec(struct net_device *dev, const struct in6_addr *addr)
963{ 969{
964 struct inet6_dev *idev = in6_dev_get(dev); 970 struct inet6_dev *idev = in6_dev_get(dev);
965 int err; 971 int err;
@@ -1004,8 +1010,8 @@ int ipv6_is_mld(struct sk_buff *skb, int nexthdr)
1004/* 1010/*
1005 * check if the interface/address pair is valid 1011 * check if the interface/address pair is valid
1006 */ 1012 */
1007int ipv6_chk_mcast_addr(struct net_device *dev, struct in6_addr *group, 1013int ipv6_chk_mcast_addr(struct net_device *dev, const struct in6_addr *group,
1008 struct in6_addr *src_addr) 1014 const struct in6_addr *src_addr)
1009{ 1015{
1010 struct inet6_dev *idev; 1016 struct inet6_dev *idev;
1011 struct ifmcaddr6 *mc; 1017 struct ifmcaddr6 *mc;
@@ -1393,10 +1399,12 @@ mld_scount(struct ifmcaddr6 *pmc, int type, int gdeleted, int sdeleted)
1393 1399
1394static struct sk_buff *mld_newpack(struct net_device *dev, int size) 1400static struct sk_buff *mld_newpack(struct net_device *dev, int size)
1395{ 1401{
1396 struct sock *sk = igmp6_socket->sk; 1402 struct net *net = dev_net(dev);
1403 struct sock *sk = net->ipv6.igmp_sk;
1397 struct sk_buff *skb; 1404 struct sk_buff *skb;
1398 struct mld2_report *pmr; 1405 struct mld2_report *pmr;
1399 struct in6_addr addr_buf; 1406 struct in6_addr addr_buf;
1407 const struct in6_addr *saddr;
1400 int err; 1408 int err;
1401 u8 ra[8] = { IPPROTO_ICMPV6, 0, 1409 u8 ra[8] = { IPPROTO_ICMPV6, 0,
1402 IPV6_TLV_ROUTERALERT, 2, 0, 0, 1410 IPV6_TLV_ROUTERALERT, 2, 0, 0,
@@ -1415,10 +1423,11 @@ static struct sk_buff *mld_newpack(struct net_device *dev, int size)
1415 * use unspecified address as the source address 1423 * use unspecified address as the source address
1416 * when a valid link-local address is not available. 1424 * when a valid link-local address is not available.
1417 */ 1425 */
1418 memset(&addr_buf, 0, sizeof(addr_buf)); 1426 saddr = &in6addr_any;
1419 } 1427 } else
1428 saddr = &addr_buf;
1420 1429
1421 ip6_nd_hdr(sk, skb, dev, &addr_buf, &mld2_all_mcr, NEXTHDR_HOP, 0); 1430 ip6_nd_hdr(sk, skb, dev, saddr, &mld2_all_mcr, NEXTHDR_HOP, 0);
1422 1431
1423 memcpy(skb_put(skb, sizeof(ra)), ra, sizeof(ra)); 1432 memcpy(skb_put(skb, sizeof(ra)), ra, sizeof(ra));
1424 1433
@@ -1433,25 +1442,6 @@ static struct sk_buff *mld_newpack(struct net_device *dev, int size)
1433 return skb; 1442 return skb;
1434} 1443}
1435 1444
1436static inline int mld_dev_queue_xmit2(struct sk_buff *skb)
1437{
1438 struct net_device *dev = skb->dev;
1439 unsigned char ha[MAX_ADDR_LEN];
1440
1441 ndisc_mc_map(&ipv6_hdr(skb)->daddr, ha, dev, 1);
1442 if (dev_hard_header(skb, dev, ETH_P_IPV6, ha, NULL, skb->len) < 0) {
1443 kfree_skb(skb);
1444 return -EINVAL;
1445 }
1446 return dev_queue_xmit(skb);
1447}
1448
1449static inline int mld_dev_queue_xmit(struct sk_buff *skb)
1450{
1451 return NF_HOOK(PF_INET6, NF_INET_POST_ROUTING, skb, NULL, skb->dev,
1452 mld_dev_queue_xmit2);
1453}
1454
1455static void mld_sendpack(struct sk_buff *skb) 1445static void mld_sendpack(struct sk_buff *skb)
1456{ 1446{
1457 struct ipv6hdr *pip6 = ipv6_hdr(skb); 1447 struct ipv6hdr *pip6 = ipv6_hdr(skb);
@@ -1459,7 +1449,9 @@ static void mld_sendpack(struct sk_buff *skb)
1459 (struct mld2_report *)skb_transport_header(skb); 1449 (struct mld2_report *)skb_transport_header(skb);
1460 int payload_len, mldlen; 1450 int payload_len, mldlen;
1461 struct inet6_dev *idev = in6_dev_get(skb->dev); 1451 struct inet6_dev *idev = in6_dev_get(skb->dev);
1452 struct net *net = dev_net(skb->dev);
1462 int err; 1453 int err;
1454 struct flowi fl;
1463 1455
1464 IP6_INC_STATS(idev, IPSTATS_MIB_OUTREQUESTS); 1456 IP6_INC_STATS(idev, IPSTATS_MIB_OUTREQUESTS);
1465 payload_len = (skb->tail - skb->network_header) - sizeof(*pip6); 1457 payload_len = (skb->tail - skb->network_header) - sizeof(*pip6);
@@ -1469,8 +1461,25 @@ static void mld_sendpack(struct sk_buff *skb)
1469 pmr->csum = csum_ipv6_magic(&pip6->saddr, &pip6->daddr, mldlen, 1461 pmr->csum = csum_ipv6_magic(&pip6->saddr, &pip6->daddr, mldlen,
1470 IPPROTO_ICMPV6, csum_partial(skb_transport_header(skb), 1462 IPPROTO_ICMPV6, csum_partial(skb_transport_header(skb),
1471 mldlen, 0)); 1463 mldlen, 0));
1464
1465 skb->dst = icmp6_dst_alloc(skb->dev, NULL, &ipv6_hdr(skb)->daddr);
1466
1467 if (!skb->dst) {
1468 err = -ENOMEM;
1469 goto err_out;
1470 }
1471
1472 icmpv6_flow_init(net->ipv6.igmp_sk, &fl, ICMPV6_MLD2_REPORT,
1473 &ipv6_hdr(skb)->saddr, &ipv6_hdr(skb)->daddr,
1474 skb->dev->ifindex);
1475
1476 err = xfrm_lookup(&skb->dst, &fl, NULL, 0);
1477 if (err)
1478 goto err_out;
1479
1472 err = NF_HOOK(PF_INET6, NF_INET_LOCAL_OUT, skb, NULL, skb->dev, 1480 err = NF_HOOK(PF_INET6, NF_INET_LOCAL_OUT, skb, NULL, skb->dev,
1473 mld_dev_queue_xmit); 1481 dst_output);
1482out:
1474 if (!err) { 1483 if (!err) {
1475 ICMP6MSGOUT_INC_STATS_BH(idev, ICMPV6_MLD2_REPORT); 1484 ICMP6MSGOUT_INC_STATS_BH(idev, ICMPV6_MLD2_REPORT);
1476 ICMP6_INC_STATS_BH(idev, ICMP6_MIB_OUTMSGS); 1485 ICMP6_INC_STATS_BH(idev, ICMP6_MIB_OUTMSGS);
@@ -1480,6 +1489,11 @@ static void mld_sendpack(struct sk_buff *skb)
1480 1489
1481 if (likely(idev != NULL)) 1490 if (likely(idev != NULL))
1482 in6_dev_put(idev); 1491 in6_dev_put(idev);
1492 return;
1493
1494err_out:
1495 kfree_skb(skb);
1496 goto out;
1483} 1497}
1484 1498
1485static int grec_size(struct ifmcaddr6 *pmc, int type, int gdel, int sdel) 1499static int grec_size(struct ifmcaddr6 *pmc, int type, int gdel, int sdel)
@@ -1749,28 +1763,28 @@ static void mld_send_cr(struct inet6_dev *idev)
1749 1763
1750static void igmp6_send(struct in6_addr *addr, struct net_device *dev, int type) 1764static void igmp6_send(struct in6_addr *addr, struct net_device *dev, int type)
1751{ 1765{
1752 struct sock *sk = igmp6_socket->sk; 1766 struct net *net = dev_net(dev);
1767 struct sock *sk = net->ipv6.igmp_sk;
1753 struct inet6_dev *idev; 1768 struct inet6_dev *idev;
1754 struct sk_buff *skb; 1769 struct sk_buff *skb;
1755 struct icmp6hdr *hdr; 1770 struct icmp6hdr *hdr;
1756 struct in6_addr *snd_addr; 1771 const struct in6_addr *snd_addr, *saddr;
1757 struct in6_addr *addrp; 1772 struct in6_addr *addrp;
1758 struct in6_addr addr_buf; 1773 struct in6_addr addr_buf;
1759 struct in6_addr all_routers;
1760 int err, len, payload_len, full_len; 1774 int err, len, payload_len, full_len;
1761 u8 ra[8] = { IPPROTO_ICMPV6, 0, 1775 u8 ra[8] = { IPPROTO_ICMPV6, 0,
1762 IPV6_TLV_ROUTERALERT, 2, 0, 0, 1776 IPV6_TLV_ROUTERALERT, 2, 0, 0,
1763 IPV6_TLV_PADN, 0 }; 1777 IPV6_TLV_PADN, 0 };
1778 struct flowi fl;
1764 1779
1765 rcu_read_lock(); 1780 rcu_read_lock();
1766 IP6_INC_STATS(__in6_dev_get(dev), 1781 IP6_INC_STATS(__in6_dev_get(dev),
1767 IPSTATS_MIB_OUTREQUESTS); 1782 IPSTATS_MIB_OUTREQUESTS);
1768 rcu_read_unlock(); 1783 rcu_read_unlock();
1769 snd_addr = addr; 1784 if (type == ICMPV6_MGM_REDUCTION)
1770 if (type == ICMPV6_MGM_REDUCTION) { 1785 snd_addr = &in6addr_linklocal_allrouters;
1771 snd_addr = &all_routers; 1786 else
1772 ipv6_addr_all_routers(&all_routers); 1787 snd_addr = addr;
1773 }
1774 1788
1775 len = sizeof(struct icmp6hdr) + sizeof(struct in6_addr); 1789 len = sizeof(struct icmp6hdr) + sizeof(struct in6_addr);
1776 payload_len = len + sizeof(ra); 1790 payload_len = len + sizeof(ra);
@@ -1793,10 +1807,11 @@ static void igmp6_send(struct in6_addr *addr, struct net_device *dev, int type)
1793 * use unspecified address as the source address 1807 * use unspecified address as the source address
1794 * when a valid link-local address is not available. 1808 * when a valid link-local address is not available.
1795 */ 1809 */
1796 memset(&addr_buf, 0, sizeof(addr_buf)); 1810 saddr = &in6addr_any;
1797 } 1811 } else
1812 saddr = &addr_buf;
1798 1813
1799 ip6_nd_hdr(sk, skb, dev, &addr_buf, snd_addr, NEXTHDR_HOP, payload_len); 1814 ip6_nd_hdr(sk, skb, dev, saddr, snd_addr, NEXTHDR_HOP, payload_len);
1800 1815
1801 memcpy(skb_put(skb, sizeof(ra)), ra, sizeof(ra)); 1816 memcpy(skb_put(skb, sizeof(ra)), ra, sizeof(ra));
1802 1817
@@ -1807,14 +1822,29 @@ static void igmp6_send(struct in6_addr *addr, struct net_device *dev, int type)
1807 addrp = (struct in6_addr *) skb_put(skb, sizeof(struct in6_addr)); 1822 addrp = (struct in6_addr *) skb_put(skb, sizeof(struct in6_addr));
1808 ipv6_addr_copy(addrp, addr); 1823 ipv6_addr_copy(addrp, addr);
1809 1824
1810 hdr->icmp6_cksum = csum_ipv6_magic(&addr_buf, snd_addr, len, 1825 hdr->icmp6_cksum = csum_ipv6_magic(saddr, snd_addr, len,
1811 IPPROTO_ICMPV6, 1826 IPPROTO_ICMPV6,
1812 csum_partial((__u8 *) hdr, len, 0)); 1827 csum_partial((__u8 *) hdr, len, 0));
1813 1828
1814 idev = in6_dev_get(skb->dev); 1829 idev = in6_dev_get(skb->dev);
1815 1830
1831 skb->dst = icmp6_dst_alloc(skb->dev, NULL, &ipv6_hdr(skb)->daddr);
1832 if (!skb->dst) {
1833 err = -ENOMEM;
1834 goto err_out;
1835 }
1836
1837 icmpv6_flow_init(sk, &fl, type,
1838 &ipv6_hdr(skb)->saddr, &ipv6_hdr(skb)->daddr,
1839 skb->dev->ifindex);
1840
1841 err = xfrm_lookup(&skb->dst, &fl, NULL, 0);
1842 if (err)
1843 goto err_out;
1844
1816 err = NF_HOOK(PF_INET6, NF_INET_LOCAL_OUT, skb, NULL, skb->dev, 1845 err = NF_HOOK(PF_INET6, NF_INET_LOCAL_OUT, skb, NULL, skb->dev,
1817 mld_dev_queue_xmit); 1846 dst_output);
1847out:
1818 if (!err) { 1848 if (!err) {
1819 ICMP6MSGOUT_INC_STATS(idev, type); 1849 ICMP6MSGOUT_INC_STATS(idev, type);
1820 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS); 1850 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS);
@@ -1825,6 +1855,10 @@ static void igmp6_send(struct in6_addr *addr, struct net_device *dev, int type)
1825 if (likely(idev != NULL)) 1855 if (likely(idev != NULL))
1826 in6_dev_put(idev); 1856 in6_dev_put(idev);
1827 return; 1857 return;
1858
1859err_out:
1860 kfree_skb(skb);
1861 goto out;
1828} 1862}
1829 1863
1830static int ip6_mc_del1_src(struct ifmcaddr6 *pmc, int sfmode, 1864static int ip6_mc_del1_src(struct ifmcaddr6 *pmc, int sfmode,
@@ -2276,24 +2310,19 @@ void ipv6_mc_init_dev(struct inet6_dev *idev)
2276void ipv6_mc_destroy_dev(struct inet6_dev *idev) 2310void ipv6_mc_destroy_dev(struct inet6_dev *idev)
2277{ 2311{
2278 struct ifmcaddr6 *i; 2312 struct ifmcaddr6 *i;
2279 struct in6_addr maddr;
2280 2313
2281 /* Deactivate timers */ 2314 /* Deactivate timers */
2282 ipv6_mc_down(idev); 2315 ipv6_mc_down(idev);
2283 2316
2284 /* Delete all-nodes address. */ 2317 /* Delete all-nodes address. */
2285 ipv6_addr_all_nodes(&maddr);
2286
2287 /* We cannot call ipv6_dev_mc_dec() directly, our caller in 2318 /* We cannot call ipv6_dev_mc_dec() directly, our caller in
2288 * addrconf.c has NULL'd out dev->ip6_ptr so in6_dev_get() will 2319 * addrconf.c has NULL'd out dev->ip6_ptr so in6_dev_get() will
2289 * fail. 2320 * fail.
2290 */ 2321 */
2291 __ipv6_dev_mc_dec(idev, &maddr); 2322 __ipv6_dev_mc_dec(idev, &in6addr_linklocal_allnodes);
2292 2323
2293 if (idev->cnf.forwarding) { 2324 if (idev->cnf.forwarding)
2294 ipv6_addr_all_routers(&maddr); 2325 __ipv6_dev_mc_dec(idev, &in6addr_linklocal_allrouters);
2295 __ipv6_dev_mc_dec(idev, &maddr);
2296 }
2297 2326
2298 write_lock_bh(&idev->lock); 2327 write_lock_bh(&idev->lock);
2299 while ((i = idev->mc_list) != NULL) { 2328 while ((i = idev->mc_list) != NULL) {
@@ -2310,6 +2339,7 @@ void ipv6_mc_destroy_dev(struct inet6_dev *idev)
2310 2339
2311#ifdef CONFIG_PROC_FS 2340#ifdef CONFIG_PROC_FS
2312struct igmp6_mc_iter_state { 2341struct igmp6_mc_iter_state {
2342 struct seq_net_private p;
2313 struct net_device *dev; 2343 struct net_device *dev;
2314 struct inet6_dev *idev; 2344 struct inet6_dev *idev;
2315}; 2345};
@@ -2320,9 +2350,10 @@ static inline struct ifmcaddr6 *igmp6_mc_get_first(struct seq_file *seq)
2320{ 2350{
2321 struct ifmcaddr6 *im = NULL; 2351 struct ifmcaddr6 *im = NULL;
2322 struct igmp6_mc_iter_state *state = igmp6_mc_seq_private(seq); 2352 struct igmp6_mc_iter_state *state = igmp6_mc_seq_private(seq);
2353 struct net *net = seq_file_net(seq);
2323 2354
2324 state->idev = NULL; 2355 state->idev = NULL;
2325 for_each_netdev(&init_net, state->dev) { 2356 for_each_netdev(net, state->dev) {
2326 struct inet6_dev *idev; 2357 struct inet6_dev *idev;
2327 idev = in6_dev_get(state->dev); 2358 idev = in6_dev_get(state->dev);
2328 if (!idev) 2359 if (!idev)
@@ -2424,8 +2455,8 @@ static const struct seq_operations igmp6_mc_seq_ops = {
2424 2455
2425static int igmp6_mc_seq_open(struct inode *inode, struct file *file) 2456static int igmp6_mc_seq_open(struct inode *inode, struct file *file)
2426{ 2457{
2427 return seq_open_private(file, &igmp6_mc_seq_ops, 2458 return seq_open_net(inode, file, &igmp6_mc_seq_ops,
2428 sizeof(struct igmp6_mc_iter_state)); 2459 sizeof(struct igmp6_mc_iter_state));
2429} 2460}
2430 2461
2431static const struct file_operations igmp6_mc_seq_fops = { 2462static const struct file_operations igmp6_mc_seq_fops = {
@@ -2433,10 +2464,11 @@ static const struct file_operations igmp6_mc_seq_fops = {
2433 .open = igmp6_mc_seq_open, 2464 .open = igmp6_mc_seq_open,
2434 .read = seq_read, 2465 .read = seq_read,
2435 .llseek = seq_lseek, 2466 .llseek = seq_lseek,
2436 .release = seq_release_private, 2467 .release = seq_release_net,
2437}; 2468};
2438 2469
2439struct igmp6_mcf_iter_state { 2470struct igmp6_mcf_iter_state {
2471 struct seq_net_private p;
2440 struct net_device *dev; 2472 struct net_device *dev;
2441 struct inet6_dev *idev; 2473 struct inet6_dev *idev;
2442 struct ifmcaddr6 *im; 2474 struct ifmcaddr6 *im;
@@ -2449,10 +2481,11 @@ static inline struct ip6_sf_list *igmp6_mcf_get_first(struct seq_file *seq)
2449 struct ip6_sf_list *psf = NULL; 2481 struct ip6_sf_list *psf = NULL;
2450 struct ifmcaddr6 *im = NULL; 2482 struct ifmcaddr6 *im = NULL;
2451 struct igmp6_mcf_iter_state *state = igmp6_mcf_seq_private(seq); 2483 struct igmp6_mcf_iter_state *state = igmp6_mcf_seq_private(seq);
2484 struct net *net = seq_file_net(seq);
2452 2485
2453 state->idev = NULL; 2486 state->idev = NULL;
2454 state->im = NULL; 2487 state->im = NULL;
2455 for_each_netdev(&init_net, state->dev) { 2488 for_each_netdev(net, state->dev) {
2456 struct inet6_dev *idev; 2489 struct inet6_dev *idev;
2457 idev = in6_dev_get(state->dev); 2490 idev = in6_dev_get(state->dev);
2458 if (unlikely(idev == NULL)) 2491 if (unlikely(idev == NULL))
@@ -2584,8 +2617,8 @@ static const struct seq_operations igmp6_mcf_seq_ops = {
2584 2617
2585static int igmp6_mcf_seq_open(struct inode *inode, struct file *file) 2618static int igmp6_mcf_seq_open(struct inode *inode, struct file *file)
2586{ 2619{
2587 return seq_open_private(file, &igmp6_mcf_seq_ops, 2620 return seq_open_net(inode, file, &igmp6_mcf_seq_ops,
2588 sizeof(struct igmp6_mcf_iter_state)); 2621 sizeof(struct igmp6_mcf_iter_state));
2589} 2622}
2590 2623
2591static const struct file_operations igmp6_mcf_seq_fops = { 2624static const struct file_operations igmp6_mcf_seq_fops = {
@@ -2593,47 +2626,88 @@ static const struct file_operations igmp6_mcf_seq_fops = {
2593 .open = igmp6_mcf_seq_open, 2626 .open = igmp6_mcf_seq_open,
2594 .read = seq_read, 2627 .read = seq_read,
2595 .llseek = seq_lseek, 2628 .llseek = seq_lseek,
2596 .release = seq_release_private, 2629 .release = seq_release_net,
2597}; 2630};
2631
2632static int igmp6_proc_init(struct net *net)
2633{
2634 int err;
2635
2636 err = -ENOMEM;
2637 if (!proc_net_fops_create(net, "igmp6", S_IRUGO, &igmp6_mc_seq_fops))
2638 goto out;
2639 if (!proc_net_fops_create(net, "mcfilter6", S_IRUGO,
2640 &igmp6_mcf_seq_fops))
2641 goto out_proc_net_igmp6;
2642
2643 err = 0;
2644out:
2645 return err;
2646
2647out_proc_net_igmp6:
2648 proc_net_remove(net, "igmp6");
2649 goto out;
2650}
2651
2652static void igmp6_proc_exit(struct net *net)
2653{
2654 proc_net_remove(net, "mcfilter6");
2655 proc_net_remove(net, "igmp6");
2656}
2657#else
2658static int igmp6_proc_init(struct net *net)
2659{
2660 return 0;
2661}
2662static void igmp6_proc_exit(struct net *net)
2663{
2664 ;
2665}
2598#endif 2666#endif
2599 2667
2600int __init igmp6_init(struct net_proto_family *ops) 2668static int igmp6_net_init(struct net *net)
2601{ 2669{
2602 struct ipv6_pinfo *np;
2603 struct sock *sk;
2604 int err; 2670 int err;
2605 2671
2606 err = sock_create_kern(PF_INET6, SOCK_RAW, IPPROTO_ICMPV6, &igmp6_socket); 2672 err = inet_ctl_sock_create(&net->ipv6.igmp_sk, PF_INET6,
2673 SOCK_RAW, IPPROTO_ICMPV6, net);
2607 if (err < 0) { 2674 if (err < 0) {
2608 printk(KERN_ERR 2675 printk(KERN_ERR
2609 "Failed to initialize the IGMP6 control socket (err %d).\n", 2676 "Failed to initialize the IGMP6 control socket (err %d).\n",
2610 err); 2677 err);
2611 igmp6_socket = NULL; /* For safety. */ 2678 goto out;
2612 return err;
2613 } 2679 }
2614 2680
2615 sk = igmp6_socket->sk; 2681 inet6_sk(net->ipv6.igmp_sk)->hop_limit = 1;
2616 sk->sk_allocation = GFP_ATOMIC;
2617 sk->sk_prot->unhash(sk);
2618 2682
2619 np = inet6_sk(sk); 2683 err = igmp6_proc_init(net);
2620 np->hop_limit = 1; 2684 if (err)
2685 goto out_sock_create;
2686out:
2687 return err;
2621 2688
2622#ifdef CONFIG_PROC_FS 2689out_sock_create:
2623 proc_net_fops_create(&init_net, "igmp6", S_IRUGO, &igmp6_mc_seq_fops); 2690 inet_ctl_sock_destroy(net->ipv6.igmp_sk);
2624 proc_net_fops_create(&init_net, "mcfilter6", S_IRUGO, &igmp6_mcf_seq_fops); 2691 goto out;
2625#endif 2692}
2626 2693
2627 return 0; 2694static void igmp6_net_exit(struct net *net)
2695{
2696 inet_ctl_sock_destroy(net->ipv6.igmp_sk);
2697 igmp6_proc_exit(net);
2628} 2698}
2629 2699
2630void igmp6_cleanup(void) 2700static struct pernet_operations igmp6_net_ops = {
2701 .init = igmp6_net_init,
2702 .exit = igmp6_net_exit,
2703};
2704
2705int __init igmp6_init(void)
2631{ 2706{
2632 sock_release(igmp6_socket); 2707 return register_pernet_subsys(&igmp6_net_ops);
2633 igmp6_socket = NULL; /* for safety */ 2708}
2634 2709
2635#ifdef CONFIG_PROC_FS 2710void igmp6_cleanup(void)
2636 proc_net_remove(&init_net, "mcfilter6"); 2711{
2637 proc_net_remove(&init_net, "igmp6"); 2712 unregister_pernet_subsys(&igmp6_net_ops);
2638#endif
2639} 2713}
diff --git a/net/ipv6/mip6.c b/net/ipv6/mip6.c
index cd8a5bda13cd..ad1cc5bbf977 100644
--- a/net/ipv6/mip6.c
+++ b/net/ipv6/mip6.c
@@ -44,9 +44,9 @@ static inline void *mip6_padn(__u8 *data, __u8 padlen)
44 if (!data) 44 if (!data)
45 return NULL; 45 return NULL;
46 if (padlen == 1) { 46 if (padlen == 1) {
47 data[0] = MIP6_OPT_PAD_1; 47 data[0] = IPV6_TLV_PAD0;
48 } else if (padlen > 1) { 48 } else if (padlen > 1) {
49 data[0] = MIP6_OPT_PAD_N; 49 data[0] = IPV6_TLV_PADN;
50 data[1] = padlen - 2; 50 data[1] = padlen - 2;
51 if (padlen > 2) 51 if (padlen > 2)
52 memset(data+2, 0, data[1]); 52 memset(data+2, 0, data[1]);
@@ -304,13 +304,13 @@ static int mip6_destopt_offset(struct xfrm_state *x, struct sk_buff *skb,
304static int mip6_destopt_init_state(struct xfrm_state *x) 304static int mip6_destopt_init_state(struct xfrm_state *x)
305{ 305{
306 if (x->id.spi) { 306 if (x->id.spi) {
307 printk(KERN_INFO "%s: spi is not 0: %u\n", __FUNCTION__, 307 printk(KERN_INFO "%s: spi is not 0: %u\n", __func__,
308 x->id.spi); 308 x->id.spi);
309 return -EINVAL; 309 return -EINVAL;
310 } 310 }
311 if (x->props.mode != XFRM_MODE_ROUTEOPTIMIZATION) { 311 if (x->props.mode != XFRM_MODE_ROUTEOPTIMIZATION) {
312 printk(KERN_INFO "%s: state's mode is not %u: %u\n", 312 printk(KERN_INFO "%s: state's mode is not %u: %u\n",
313 __FUNCTION__, XFRM_MODE_ROUTEOPTIMIZATION, x->props.mode); 313 __func__, XFRM_MODE_ROUTEOPTIMIZATION, x->props.mode);
314 return -EINVAL; 314 return -EINVAL;
315 } 315 }
316 316
@@ -439,13 +439,13 @@ static int mip6_rthdr_offset(struct xfrm_state *x, struct sk_buff *skb,
439static int mip6_rthdr_init_state(struct xfrm_state *x) 439static int mip6_rthdr_init_state(struct xfrm_state *x)
440{ 440{
441 if (x->id.spi) { 441 if (x->id.spi) {
442 printk(KERN_INFO "%s: spi is not 0: %u\n", __FUNCTION__, 442 printk(KERN_INFO "%s: spi is not 0: %u\n", __func__,
443 x->id.spi); 443 x->id.spi);
444 return -EINVAL; 444 return -EINVAL;
445 } 445 }
446 if (x->props.mode != XFRM_MODE_ROUTEOPTIMIZATION) { 446 if (x->props.mode != XFRM_MODE_ROUTEOPTIMIZATION) {
447 printk(KERN_INFO "%s: state's mode is not %u: %u\n", 447 printk(KERN_INFO "%s: state's mode is not %u: %u\n",
448 __FUNCTION__, XFRM_MODE_ROUTEOPTIMIZATION, x->props.mode); 448 __func__, XFRM_MODE_ROUTEOPTIMIZATION, x->props.mode);
449 return -EINVAL; 449 return -EINVAL;
450 } 450 }
451 451
@@ -480,15 +480,15 @@ static int __init mip6_init(void)
480 printk(KERN_INFO "Mobile IPv6\n"); 480 printk(KERN_INFO "Mobile IPv6\n");
481 481
482 if (xfrm_register_type(&mip6_destopt_type, AF_INET6) < 0) { 482 if (xfrm_register_type(&mip6_destopt_type, AF_INET6) < 0) {
483 printk(KERN_INFO "%s: can't add xfrm type(destopt)\n", __FUNCTION__); 483 printk(KERN_INFO "%s: can't add xfrm type(destopt)\n", __func__);
484 goto mip6_destopt_xfrm_fail; 484 goto mip6_destopt_xfrm_fail;
485 } 485 }
486 if (xfrm_register_type(&mip6_rthdr_type, AF_INET6) < 0) { 486 if (xfrm_register_type(&mip6_rthdr_type, AF_INET6) < 0) {
487 printk(KERN_INFO "%s: can't add xfrm type(rthdr)\n", __FUNCTION__); 487 printk(KERN_INFO "%s: can't add xfrm type(rthdr)\n", __func__);
488 goto mip6_rthdr_xfrm_fail; 488 goto mip6_rthdr_xfrm_fail;
489 } 489 }
490 if (rawv6_mh_filter_register(mip6_mh_filter) < 0) { 490 if (rawv6_mh_filter_register(mip6_mh_filter) < 0) {
491 printk(KERN_INFO "%s: can't add rawv6 mh filter\n", __FUNCTION__); 491 printk(KERN_INFO "%s: can't add rawv6 mh filter\n", __func__);
492 goto mip6_rawv6_mh_fail; 492 goto mip6_rawv6_mh_fail;
493 } 493 }
494 494
@@ -506,11 +506,11 @@ static int __init mip6_init(void)
506static void __exit mip6_fini(void) 506static void __exit mip6_fini(void)
507{ 507{
508 if (rawv6_mh_filter_unregister(mip6_mh_filter) < 0) 508 if (rawv6_mh_filter_unregister(mip6_mh_filter) < 0)
509 printk(KERN_INFO "%s: can't remove rawv6 mh filter\n", __FUNCTION__); 509 printk(KERN_INFO "%s: can't remove rawv6 mh filter\n", __func__);
510 if (xfrm_unregister_type(&mip6_rthdr_type, AF_INET6) < 0) 510 if (xfrm_unregister_type(&mip6_rthdr_type, AF_INET6) < 0)
511 printk(KERN_INFO "%s: can't remove xfrm type(rthdr)\n", __FUNCTION__); 511 printk(KERN_INFO "%s: can't remove xfrm type(rthdr)\n", __func__);
512 if (xfrm_unregister_type(&mip6_destopt_type, AF_INET6) < 0) 512 if (xfrm_unregister_type(&mip6_destopt_type, AF_INET6) < 0)
513 printk(KERN_INFO "%s: can't remove xfrm type(destopt)\n", __FUNCTION__); 513 printk(KERN_INFO "%s: can't remove xfrm type(destopt)\n", __func__);
514} 514}
515 515
516module_init(mip6_init); 516module_init(mip6_init);
diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
index 452a2ac4eec8..2c74885f8355 100644
--- a/net/ipv6/ndisc.c
+++ b/net/ipv6/ndisc.c
@@ -84,13 +84,12 @@
84 84
85#include <net/flow.h> 85#include <net/flow.h>
86#include <net/ip6_checksum.h> 86#include <net/ip6_checksum.h>
87#include <net/inet_common.h>
87#include <linux/proc_fs.h> 88#include <linux/proc_fs.h>
88 89
89#include <linux/netfilter.h> 90#include <linux/netfilter.h>
90#include <linux/netfilter_ipv6.h> 91#include <linux/netfilter_ipv6.h>
91 92
92static struct socket *ndisc_socket;
93
94static u32 ndisc_hash(const void *pkey, const struct net_device *dev); 93static u32 ndisc_hash(const void *pkey, const struct net_device *dev);
95static int ndisc_constructor(struct neighbour *neigh); 94static int ndisc_constructor(struct neighbour *neigh);
96static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb); 95static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
@@ -270,7 +269,7 @@ static struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len,
270 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) { 269 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
271 ND_PRINTK2(KERN_WARNING 270 ND_PRINTK2(KERN_WARNING
272 "%s(): duplicated ND6 option found: type=%d\n", 271 "%s(): duplicated ND6 option found: type=%d\n",
273 __FUNCTION__, 272 __func__,
274 nd_opt->nd_opt_type); 273 nd_opt->nd_opt_type);
275 } else { 274 } else {
276 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt; 275 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
@@ -301,7 +300,7 @@ static struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len,
301 */ 300 */
302 ND_PRINTK2(KERN_NOTICE 301 ND_PRINTK2(KERN_NOTICE
303 "%s(): ignored unsupported option; type=%d, len=%d\n", 302 "%s(): ignored unsupported option; type=%d, len=%d\n",
304 __FUNCTION__, 303 __func__,
305 nd_opt->nd_opt_type, nd_opt->nd_opt_len); 304 nd_opt->nd_opt_type, nd_opt->nd_opt_len);
306 } 305 }
307 } 306 }
@@ -441,30 +440,17 @@ static void pndisc_destructor(struct pneigh_entry *n)
441/* 440/*
442 * Send a Neighbour Advertisement 441 * Send a Neighbour Advertisement
443 */ 442 */
444
445static inline void ndisc_flow_init(struct flowi *fl, u8 type,
446 struct in6_addr *saddr, struct in6_addr *daddr,
447 int oif)
448{
449 memset(fl, 0, sizeof(*fl));
450 ipv6_addr_copy(&fl->fl6_src, saddr);
451 ipv6_addr_copy(&fl->fl6_dst, daddr);
452 fl->proto = IPPROTO_ICMPV6;
453 fl->fl_icmp_type = type;
454 fl->fl_icmp_code = 0;
455 fl->oif = oif;
456 security_sk_classify_flow(ndisc_socket->sk, fl);
457}
458
459static void __ndisc_send(struct net_device *dev, 443static void __ndisc_send(struct net_device *dev,
460 struct neighbour *neigh, 444 struct neighbour *neigh,
461 struct in6_addr *daddr, struct in6_addr *saddr, 445 const struct in6_addr *daddr,
462 struct icmp6hdr *icmp6h, struct in6_addr *target, 446 const struct in6_addr *saddr,
447 struct icmp6hdr *icmp6h, const struct in6_addr *target,
463 int llinfo) 448 int llinfo)
464{ 449{
465 struct flowi fl; 450 struct flowi fl;
466 struct dst_entry *dst; 451 struct dst_entry *dst;
467 struct sock *sk = ndisc_socket->sk; 452 struct net *net = dev_net(dev);
453 struct sock *sk = net->ipv6.ndisc_sk;
468 struct sk_buff *skb; 454 struct sk_buff *skb;
469 struct icmp6hdr *hdr; 455 struct icmp6hdr *hdr;
470 struct inet6_dev *idev; 456 struct inet6_dev *idev;
@@ -474,10 +460,9 @@ static void __ndisc_send(struct net_device *dev,
474 460
475 type = icmp6h->icmp6_type; 461 type = icmp6h->icmp6_type;
476 462
477 ndisc_flow_init(&fl, type, saddr, daddr, 463 icmpv6_flow_init(sk, &fl, type, saddr, daddr, dev->ifindex);
478 dev->ifindex);
479 464
480 dst = ndisc_dst_alloc(dev, neigh, daddr, ip6_output); 465 dst = icmp6_dst_alloc(dev, neigh, daddr);
481 if (!dst) 466 if (!dst)
482 return; 467 return;
483 468
@@ -499,7 +484,7 @@ static void __ndisc_send(struct net_device *dev,
499 if (!skb) { 484 if (!skb) {
500 ND_PRINTK0(KERN_ERR 485 ND_PRINTK0(KERN_ERR
501 "ICMPv6 ND: %s() failed to allocate an skb.\n", 486 "ICMPv6 ND: %s() failed to allocate an skb.\n",
502 __FUNCTION__); 487 __func__);
503 dst_release(dst); 488 dst_release(dst);
504 return; 489 return;
505 } 490 }
@@ -545,25 +530,28 @@ static void __ndisc_send(struct net_device *dev,
545} 530}
546 531
547static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh, 532static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh,
548 struct in6_addr *daddr, struct in6_addr *solicited_addr, 533 const struct in6_addr *daddr,
549 int router, int solicited, int override, int inc_opt) 534 const struct in6_addr *solicited_addr,
535 int router, int solicited, int override, int inc_opt)
550{ 536{
551 struct in6_addr tmpaddr; 537 struct in6_addr tmpaddr;
552 struct inet6_ifaddr *ifp; 538 struct inet6_ifaddr *ifp;
553 struct in6_addr *src_addr; 539 const struct in6_addr *src_addr;
554 struct icmp6hdr icmp6h = { 540 struct icmp6hdr icmp6h = {
555 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT, 541 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
556 }; 542 };
557 543
558 /* for anycast or proxy, solicited_addr != src_addr */ 544 /* for anycast or proxy, solicited_addr != src_addr */
559 ifp = ipv6_get_ifaddr(&init_net, solicited_addr, dev, 1); 545 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
560 if (ifp) { 546 if (ifp) {
561 src_addr = solicited_addr; 547 src_addr = solicited_addr;
562 if (ifp->flags & IFA_F_OPTIMISTIC) 548 if (ifp->flags & IFA_F_OPTIMISTIC)
563 override = 0; 549 override = 0;
564 in6_ifa_put(ifp); 550 in6_ifa_put(ifp);
565 } else { 551 } else {
566 if (ipv6_dev_get_saddr(dev, daddr, &tmpaddr)) 552 if (ipv6_dev_get_saddr(dev, daddr,
553 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
554 &tmpaddr))
567 return; 555 return;
568 src_addr = &tmpaddr; 556 src_addr = &tmpaddr;
569 } 557 }
@@ -578,8 +566,8 @@ static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh,
578} 566}
579 567
580void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh, 568void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh,
581 struct in6_addr *solicit, 569 const struct in6_addr *solicit,
582 struct in6_addr *daddr, struct in6_addr *saddr) 570 const struct in6_addr *daddr, const struct in6_addr *saddr)
583{ 571{
584 struct in6_addr addr_buf; 572 struct in6_addr addr_buf;
585 struct icmp6hdr icmp6h = { 573 struct icmp6hdr icmp6h = {
@@ -598,8 +586,8 @@ void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh,
598 !ipv6_addr_any(saddr) ? ND_OPT_SOURCE_LL_ADDR : 0); 586 !ipv6_addr_any(saddr) ? ND_OPT_SOURCE_LL_ADDR : 0);
599} 587}
600 588
601void ndisc_send_rs(struct net_device *dev, struct in6_addr *saddr, 589void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
602 struct in6_addr *daddr) 590 const struct in6_addr *daddr)
603{ 591{
604 struct icmp6hdr icmp6h = { 592 struct icmp6hdr icmp6h = {
605 .icmp6_type = NDISC_ROUTER_SOLICITATION, 593 .icmp6_type = NDISC_ROUTER_SOLICITATION,
@@ -616,7 +604,7 @@ void ndisc_send_rs(struct net_device *dev, struct in6_addr *saddr,
616 * suppress the inclusion of the sllao. 604 * suppress the inclusion of the sllao.
617 */ 605 */
618 if (send_sllao) { 606 if (send_sllao) {
619 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(&init_net, saddr, 607 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
620 dev, 1); 608 dev, 1);
621 if (ifp) { 609 if (ifp) {
622 if (ifp->flags & IFA_F_OPTIMISTIC) { 610 if (ifp->flags & IFA_F_OPTIMISTIC) {
@@ -654,7 +642,7 @@ static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
654 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key; 642 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
655 int probes = atomic_read(&neigh->probes); 643 int probes = atomic_read(&neigh->probes);
656 644
657 if (skb && ipv6_chk_addr(&init_net, &ipv6_hdr(skb)->saddr, dev, 1)) 645 if (skb && ipv6_chk_addr(dev_net(dev), &ipv6_hdr(skb)->saddr, dev, 1))
658 saddr = &ipv6_hdr(skb)->saddr; 646 saddr = &ipv6_hdr(skb)->saddr;
659 647
660 if ((probes -= neigh->parms->ucast_probes) < 0) { 648 if ((probes -= neigh->parms->ucast_probes) < 0) {
@@ -662,7 +650,7 @@ static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
662 ND_PRINTK1(KERN_DEBUG 650 ND_PRINTK1(KERN_DEBUG
663 "%s(): trying to ucast probe in NUD_INVALID: " 651 "%s(): trying to ucast probe in NUD_INVALID: "
664 NIP6_FMT "\n", 652 NIP6_FMT "\n",
665 __FUNCTION__, 653 __func__,
666 NIP6(*target)); 654 NIP6(*target));
667 } 655 }
668 ndisc_send_ns(dev, neigh, target, target, saddr); 656 ndisc_send_ns(dev, neigh, target, target, saddr);
@@ -676,18 +664,19 @@ static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
676 } 664 }
677} 665}
678 666
679static struct pneigh_entry *pndisc_check_router(struct net_device *dev, 667static int pndisc_is_router(const void *pkey,
680 struct in6_addr *addr, int *is_router) 668 struct net_device *dev)
681{ 669{
682 struct pneigh_entry *n; 670 struct pneigh_entry *n;
671 int ret = -1;
683 672
684 read_lock_bh(&nd_tbl.lock); 673 read_lock_bh(&nd_tbl.lock);
685 n = __pneigh_lookup(&nd_tbl, &init_net, addr, dev); 674 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
686 if (n != NULL) 675 if (n)
687 *is_router = (n->flags & NTF_ROUTER); 676 ret = !!(n->flags & NTF_ROUTER);
688 read_unlock_bh(&nd_tbl.lock); 677 read_unlock_bh(&nd_tbl.lock);
689 678
690 return n; 679 return ret;
691} 680}
692 681
693static void ndisc_recv_ns(struct sk_buff *skb) 682static void ndisc_recv_ns(struct sk_buff *skb)
@@ -703,10 +692,9 @@ static void ndisc_recv_ns(struct sk_buff *skb)
703 struct inet6_ifaddr *ifp; 692 struct inet6_ifaddr *ifp;
704 struct inet6_dev *idev = NULL; 693 struct inet6_dev *idev = NULL;
705 struct neighbour *neigh; 694 struct neighbour *neigh;
706 struct pneigh_entry *pneigh = NULL;
707 int dad = ipv6_addr_any(saddr); 695 int dad = ipv6_addr_any(saddr);
708 int inc; 696 int inc;
709 int is_router = 0; 697 int is_router = -1;
710 698
711 if (ipv6_addr_is_multicast(&msg->target)) { 699 if (ipv6_addr_is_multicast(&msg->target)) {
712 ND_PRINTK2(KERN_WARNING 700 ND_PRINTK2(KERN_WARNING
@@ -756,7 +744,8 @@ static void ndisc_recv_ns(struct sk_buff *skb)
756 744
757 inc = ipv6_addr_is_multicast(daddr); 745 inc = ipv6_addr_is_multicast(daddr);
758 746
759 if ((ifp = ipv6_get_ifaddr(&init_net, &msg->target, dev, 1)) != NULL) { 747 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
748 if (ifp) {
760 749
761 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) { 750 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
762 if (dad) { 751 if (dad) {
@@ -801,11 +790,10 @@ static void ndisc_recv_ns(struct sk_buff *skb)
801 return; 790 return;
802 } 791 }
803 792
804 if (ipv6_chk_acast_addr(dev, &msg->target) || 793 if (ipv6_chk_acast_addr(dev_net(dev), dev, &msg->target) ||
805 (idev->cnf.forwarding && 794 (idev->cnf.forwarding &&
806 (ipv6_devconf.proxy_ndp || idev->cnf.proxy_ndp) && 795 (ipv6_devconf.proxy_ndp || idev->cnf.proxy_ndp) &&
807 (pneigh = pndisc_check_router(dev, &msg->target, 796 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
808 &is_router)) != NULL)) {
809 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) && 797 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
810 skb->pkt_type != PACKET_HOST && 798 skb->pkt_type != PACKET_HOST &&
811 inc != 0 && 799 inc != 0 &&
@@ -826,13 +814,11 @@ static void ndisc_recv_ns(struct sk_buff *skb)
826 goto out; 814 goto out;
827 } 815 }
828 816
829 is_router = !!(pneigh ? is_router : idev->cnf.forwarding); 817 if (is_router < 0)
818 is_router = !!idev->cnf.forwarding;
830 819
831 if (dad) { 820 if (dad) {
832 struct in6_addr maddr; 821 ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &msg->target,
833
834 ipv6_addr_all_nodes(&maddr);
835 ndisc_send_na(dev, NULL, &maddr, &msg->target,
836 is_router, 0, (ifp != NULL), 1); 822 is_router, 0, (ifp != NULL), 1);
837 goto out; 823 goto out;
838 } 824 }
@@ -914,7 +900,8 @@ static void ndisc_recv_na(struct sk_buff *skb)
914 return; 900 return;
915 } 901 }
916 } 902 }
917 if ((ifp = ipv6_get_ifaddr(&init_net, &msg->target, dev, 1))) { 903 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
904 if (ifp) {
918 if (ifp->flags & IFA_F_TENTATIVE) { 905 if (ifp->flags & IFA_F_TENTATIVE) {
919 addrconf_dad_failure(ifp); 906 addrconf_dad_failure(ifp);
920 return; 907 return;
@@ -945,7 +932,7 @@ static void ndisc_recv_na(struct sk_buff *skb)
945 */ 932 */
946 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) && 933 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
947 ipv6_devconf.forwarding && ipv6_devconf.proxy_ndp && 934 ipv6_devconf.forwarding && ipv6_devconf.proxy_ndp &&
948 pneigh_lookup(&nd_tbl, &init_net, &msg->target, dev, 0)) { 935 pneigh_lookup(&nd_tbl, dev_net(dev), &msg->target, dev, 0)) {
949 /* XXX: idev->cnf.prixy_ndp */ 936 /* XXX: idev->cnf.prixy_ndp */
950 goto out; 937 goto out;
951 } 938 }
@@ -1035,6 +1022,7 @@ static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1035 struct sk_buff *skb; 1022 struct sk_buff *skb;
1036 struct nlmsghdr *nlh; 1023 struct nlmsghdr *nlh;
1037 struct nduseroptmsg *ndmsg; 1024 struct nduseroptmsg *ndmsg;
1025 struct net *net = dev_net(ra->dev);
1038 int err; 1026 int err;
1039 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg) 1027 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1040 + (opt->nd_opt_len << 3)); 1028 + (opt->nd_opt_len << 3));
@@ -1064,7 +1052,7 @@ static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1064 &ipv6_hdr(ra)->saddr); 1052 &ipv6_hdr(ra)->saddr);
1065 nlmsg_end(skb, nlh); 1053 nlmsg_end(skb, nlh);
1066 1054
1067 err = rtnl_notify(skb, &init_net, 0, RTNLGRP_ND_USEROPT, NULL, 1055 err = rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL,
1068 GFP_ATOMIC); 1056 GFP_ATOMIC);
1069 if (err < 0) 1057 if (err < 0)
1070 goto errout; 1058 goto errout;
@@ -1075,7 +1063,7 @@ nla_put_failure:
1075 nlmsg_free(skb); 1063 nlmsg_free(skb);
1076 err = -EMSGSIZE; 1064 err = -EMSGSIZE;
1077errout: 1065errout:
1078 rtnl_set_sk_err(&init_net, RTNLGRP_ND_USEROPT, err); 1066 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
1079} 1067}
1080 1068
1081static void ndisc_router_discovery(struct sk_buff *skb) 1069static void ndisc_router_discovery(struct sk_buff *skb)
@@ -1104,6 +1092,14 @@ static void ndisc_router_discovery(struct sk_buff *skb)
1104 return; 1092 return;
1105 } 1093 }
1106 1094
1095#ifdef CONFIG_IPV6_NDISC_NODETYPE
1096 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
1097 ND_PRINTK2(KERN_WARNING
1098 "ICMPv6 RA: from host or unauthorized router\n");
1099 return;
1100 }
1101#endif
1102
1107 /* 1103 /*
1108 * set the RA_RECV flag in the interface 1104 * set the RA_RECV flag in the interface
1109 */ 1105 */
@@ -1127,6 +1123,12 @@ static void ndisc_router_discovery(struct sk_buff *skb)
1127 return; 1123 return;
1128 } 1124 }
1129 1125
1126#ifdef CONFIG_IPV6_NDISC_NODETYPE
1127 /* skip link-specific parameters from interior routers */
1128 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT)
1129 goto skip_linkparms;
1130#endif
1131
1130 if (in6_dev->if_flags & IF_RS_SENT) { 1132 if (in6_dev->if_flags & IF_RS_SENT) {
1131 /* 1133 /*
1132 * flag that an RA was received after an RS was sent 1134 * flag that an RA was received after an RS was sent
@@ -1178,7 +1180,7 @@ static void ndisc_router_discovery(struct sk_buff *skb)
1178 if (rt == NULL) { 1180 if (rt == NULL) {
1179 ND_PRINTK0(KERN_ERR 1181 ND_PRINTK0(KERN_ERR
1180 "ICMPv6 RA: %s() failed to add default route.\n", 1182 "ICMPv6 RA: %s() failed to add default route.\n",
1181 __FUNCTION__); 1183 __func__);
1182 in6_dev_put(in6_dev); 1184 in6_dev_put(in6_dev);
1183 return; 1185 return;
1184 } 1186 }
@@ -1187,7 +1189,7 @@ static void ndisc_router_discovery(struct sk_buff *skb)
1187 if (neigh == NULL) { 1189 if (neigh == NULL) {
1188 ND_PRINTK0(KERN_ERR 1190 ND_PRINTK0(KERN_ERR
1189 "ICMPv6 RA: %s() got default router without neighbour.\n", 1191 "ICMPv6 RA: %s() got default router without neighbour.\n",
1190 __FUNCTION__); 1192 __func__);
1191 dst_release(&rt->u.dst); 1193 dst_release(&rt->u.dst);
1192 in6_dev_put(in6_dev); 1194 in6_dev_put(in6_dev);
1193 return; 1195 return;
@@ -1241,6 +1243,10 @@ skip_defrtr:
1241 } 1243 }
1242 } 1244 }
1243 1245
1246#ifdef CONFIG_IPV6_NDISC_NODETYPE
1247skip_linkparms:
1248#endif
1249
1244 /* 1250 /*
1245 * Process options. 1251 * Process options.
1246 */ 1252 */
@@ -1272,7 +1278,13 @@ skip_defrtr:
1272 for (p = ndopts.nd_opts_ri; 1278 for (p = ndopts.nd_opts_ri;
1273 p; 1279 p;
1274 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) { 1280 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1275 if (((struct route_info *)p)->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen) 1281 struct route_info *ri = (struct route_info *)p;
1282#ifdef CONFIG_IPV6_NDISC_NODETYPE
1283 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1284 ri->prefix_len == 0)
1285 continue;
1286#endif
1287 if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1276 continue; 1288 continue;
1277 rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3, 1289 rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3,
1278 &ipv6_hdr(skb)->saddr); 1290 &ipv6_hdr(skb)->saddr);
@@ -1280,6 +1292,12 @@ skip_defrtr:
1280 } 1292 }
1281#endif 1293#endif
1282 1294
1295#ifdef CONFIG_IPV6_NDISC_NODETYPE
1296 /* skip link-specific ndopts from interior routers */
1297 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT)
1298 goto out;
1299#endif
1300
1283 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) { 1301 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1284 struct nd_opt_hdr *p; 1302 struct nd_opt_hdr *p;
1285 for (p = ndopts.nd_opts_pi; 1303 for (p = ndopts.nd_opts_pi;
@@ -1343,6 +1361,16 @@ static void ndisc_redirect_rcv(struct sk_buff *skb)
1343 int optlen; 1361 int optlen;
1344 u8 *lladdr = NULL; 1362 u8 *lladdr = NULL;
1345 1363
1364#ifdef CONFIG_IPV6_NDISC_NODETYPE
1365 switch (skb->ndisc_nodetype) {
1366 case NDISC_NODETYPE_HOST:
1367 case NDISC_NODETYPE_NODEFAULT:
1368 ND_PRINTK2(KERN_WARNING
1369 "ICMPv6 Redirect: from host or unauthorized router\n");
1370 return;
1371 }
1372#endif
1373
1346 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) { 1374 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1347 ND_PRINTK2(KERN_WARNING 1375 ND_PRINTK2(KERN_WARNING
1348 "ICMPv6 Redirect: source address is not link-local.\n"); 1376 "ICMPv6 Redirect: source address is not link-local.\n");
@@ -1418,15 +1446,16 @@ static void ndisc_redirect_rcv(struct sk_buff *skb)
1418} 1446}
1419 1447
1420void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh, 1448void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh,
1421 struct in6_addr *target) 1449 const struct in6_addr *target)
1422{ 1450{
1423 struct sock *sk = ndisc_socket->sk; 1451 struct net_device *dev = skb->dev;
1452 struct net *net = dev_net(dev);
1453 struct sock *sk = net->ipv6.ndisc_sk;
1424 int len = sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr); 1454 int len = sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr);
1425 struct sk_buff *buff; 1455 struct sk_buff *buff;
1426 struct icmp6hdr *icmph; 1456 struct icmp6hdr *icmph;
1427 struct in6_addr saddr_buf; 1457 struct in6_addr saddr_buf;
1428 struct in6_addr *addrp; 1458 struct in6_addr *addrp;
1429 struct net_device *dev;
1430 struct rt6_info *rt; 1459 struct rt6_info *rt;
1431 struct dst_entry *dst; 1460 struct dst_entry *dst;
1432 struct inet6_dev *idev; 1461 struct inet6_dev *idev;
@@ -1436,8 +1465,6 @@ void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh,
1436 int err; 1465 int err;
1437 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL; 1466 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL;
1438 1467
1439 dev = skb->dev;
1440
1441 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) { 1468 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1442 ND_PRINTK2(KERN_WARNING 1469 ND_PRINTK2(KERN_WARNING
1443 "ICMPv6 Redirect: no link-local address on %s\n", 1470 "ICMPv6 Redirect: no link-local address on %s\n",
@@ -1452,10 +1479,10 @@ void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh,
1452 return; 1479 return;
1453 } 1480 }
1454 1481
1455 ndisc_flow_init(&fl, NDISC_REDIRECT, &saddr_buf, &ipv6_hdr(skb)->saddr, 1482 icmpv6_flow_init(sk, &fl, NDISC_REDIRECT,
1456 dev->ifindex); 1483 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
1457 1484
1458 dst = ip6_route_output(NULL, &fl); 1485 dst = ip6_route_output(net, NULL, &fl);
1459 if (dst == NULL) 1486 if (dst == NULL)
1460 return; 1487 return;
1461 1488
@@ -1499,12 +1526,11 @@ void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh,
1499 if (buff == NULL) { 1526 if (buff == NULL) {
1500 ND_PRINTK0(KERN_ERR 1527 ND_PRINTK0(KERN_ERR
1501 "ICMPv6 Redirect: %s() failed to allocate an skb.\n", 1528 "ICMPv6 Redirect: %s() failed to allocate an skb.\n",
1502 __FUNCTION__); 1529 __func__);
1503 dst_release(dst); 1530 dst_release(dst);
1504 return; 1531 return;
1505 } 1532 }
1506 1533
1507
1508 skb_reserve(buff, LL_RESERVED_SPACE(dev)); 1534 skb_reserve(buff, LL_RESERVED_SPACE(dev));
1509 ip6_nd_hdr(sk, buff, dev, &saddr_buf, &ipv6_hdr(skb)->saddr, 1535 ip6_nd_hdr(sk, buff, dev, &saddr_buf, &ipv6_hdr(skb)->saddr,
1510 IPPROTO_ICMPV6, len); 1536 IPPROTO_ICMPV6, len);
@@ -1625,18 +1651,16 @@ int ndisc_rcv(struct sk_buff *skb)
1625static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr) 1651static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1626{ 1652{
1627 struct net_device *dev = ptr; 1653 struct net_device *dev = ptr;
1628 1654 struct net *net = dev_net(dev);
1629 if (dev->nd_net != &init_net)
1630 return NOTIFY_DONE;
1631 1655
1632 switch (event) { 1656 switch (event) {
1633 case NETDEV_CHANGEADDR: 1657 case NETDEV_CHANGEADDR:
1634 neigh_changeaddr(&nd_tbl, dev); 1658 neigh_changeaddr(&nd_tbl, dev);
1635 fib6_run_gc(~0UL); 1659 fib6_run_gc(~0UL, net);
1636 break; 1660 break;
1637 case NETDEV_DOWN: 1661 case NETDEV_DOWN:
1638 neigh_ifdown(&nd_tbl, dev); 1662 neigh_ifdown(&nd_tbl, dev);
1639 fib6_run_gc(~0UL); 1663 fib6_run_gc(~0UL, net);
1640 break; 1664 break;
1641 default: 1665 default:
1642 break; 1666 break;
@@ -1745,44 +1769,74 @@ static int ndisc_ifinfo_sysctl_strategy(ctl_table *ctl, int __user *name,
1745 1769
1746#endif 1770#endif
1747 1771
1748int __init ndisc_init(struct net_proto_family *ops) 1772static int ndisc_net_init(struct net *net)
1749{ 1773{
1750 struct ipv6_pinfo *np; 1774 struct ipv6_pinfo *np;
1751 struct sock *sk; 1775 struct sock *sk;
1752 int err; 1776 int err;
1753 1777
1754 err = sock_create_kern(PF_INET6, SOCK_RAW, IPPROTO_ICMPV6, &ndisc_socket); 1778 err = inet_ctl_sock_create(&sk, PF_INET6,
1779 SOCK_RAW, IPPROTO_ICMPV6, net);
1755 if (err < 0) { 1780 if (err < 0) {
1756 ND_PRINTK0(KERN_ERR 1781 ND_PRINTK0(KERN_ERR
1757 "ICMPv6 NDISC: Failed to initialize the control socket (err %d).\n", 1782 "ICMPv6 NDISC: Failed to initialize the control socket (err %d).\n",
1758 err); 1783 err);
1759 ndisc_socket = NULL; /* For safety. */
1760 return err; 1784 return err;
1761 } 1785 }
1762 1786
1763 sk = ndisc_socket->sk; 1787 net->ipv6.ndisc_sk = sk;
1788
1764 np = inet6_sk(sk); 1789 np = inet6_sk(sk);
1765 sk->sk_allocation = GFP_ATOMIC;
1766 np->hop_limit = 255; 1790 np->hop_limit = 255;
1767 /* Do not loopback ndisc messages */ 1791 /* Do not loopback ndisc messages */
1768 np->mc_loop = 0; 1792 np->mc_loop = 0;
1769 sk->sk_prot->unhash(sk);
1770 1793
1794 return 0;
1795}
1796
1797static void ndisc_net_exit(struct net *net)
1798{
1799 inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
1800}
1801
1802static struct pernet_operations ndisc_net_ops = {
1803 .init = ndisc_net_init,
1804 .exit = ndisc_net_exit,
1805};
1806
1807int __init ndisc_init(void)
1808{
1809 int err;
1810
1811 err = register_pernet_subsys(&ndisc_net_ops);
1812 if (err)
1813 return err;
1771 /* 1814 /*
1772 * Initialize the neighbour table 1815 * Initialize the neighbour table
1773 */ 1816 */
1774
1775 neigh_table_init(&nd_tbl); 1817 neigh_table_init(&nd_tbl);
1776 1818
1777#ifdef CONFIG_SYSCTL 1819#ifdef CONFIG_SYSCTL
1778 neigh_sysctl_register(NULL, &nd_tbl.parms, NET_IPV6, NET_IPV6_NEIGH, 1820 err = neigh_sysctl_register(NULL, &nd_tbl.parms, NET_IPV6,
1779 "ipv6", 1821 NET_IPV6_NEIGH, "ipv6",
1780 &ndisc_ifinfo_sysctl_change, 1822 &ndisc_ifinfo_sysctl_change,
1781 &ndisc_ifinfo_sysctl_strategy); 1823 &ndisc_ifinfo_sysctl_strategy);
1824 if (err)
1825 goto out_unregister_pernet;
1782#endif 1826#endif
1827 err = register_netdevice_notifier(&ndisc_netdev_notifier);
1828 if (err)
1829 goto out_unregister_sysctl;
1830out:
1831 return err;
1783 1832
1784 register_netdevice_notifier(&ndisc_netdev_notifier); 1833out_unregister_sysctl:
1785 return 0; 1834#ifdef CONFIG_SYSCTL
1835 neigh_sysctl_unregister(&nd_tbl.parms);
1836out_unregister_pernet:
1837#endif
1838 unregister_pernet_subsys(&ndisc_net_ops);
1839 goto out;
1786} 1840}
1787 1841
1788void ndisc_cleanup(void) 1842void ndisc_cleanup(void)
@@ -1792,6 +1846,5 @@ void ndisc_cleanup(void)
1792 neigh_sysctl_unregister(&nd_tbl.parms); 1846 neigh_sysctl_unregister(&nd_tbl.parms);
1793#endif 1847#endif
1794 neigh_table_clear(&nd_tbl); 1848 neigh_table_clear(&nd_tbl);
1795 sock_release(ndisc_socket); 1849 unregister_pernet_subsys(&ndisc_net_ops);
1796 ndisc_socket = NULL; /* For safety. */
1797} 1850}
diff --git a/net/ipv6/netfilter.c b/net/ipv6/netfilter.c
index 2e06724dc348..8c6c5e71f210 100644
--- a/net/ipv6/netfilter.c
+++ b/net/ipv6/netfilter.c
@@ -23,7 +23,7 @@ int ip6_route_me_harder(struct sk_buff *skb)
23 .saddr = iph->saddr, } }, 23 .saddr = iph->saddr, } },
24 }; 24 };
25 25
26 dst = ip6_route_output(skb->sk, &fl); 26 dst = ip6_route_output(&init_net, skb->sk, &fl);
27 27
28#ifdef CONFIG_XFRM 28#ifdef CONFIG_XFRM
29 if (!(IP6CB(skb)->flags & IP6SKB_XFRM_TRANSFORMED) && 29 if (!(IP6CB(skb)->flags & IP6SKB_XFRM_TRANSFORMED) &&
@@ -86,7 +86,7 @@ static int nf_ip6_reroute(struct sk_buff *skb,
86 86
87static int nf_ip6_route(struct dst_entry **dst, struct flowi *fl) 87static int nf_ip6_route(struct dst_entry **dst, struct flowi *fl)
88{ 88{
89 *dst = ip6_route_output(NULL, fl); 89 *dst = ip6_route_output(&init_net, NULL, fl);
90 return (*dst)->error; 90 return (*dst)->error;
91} 91}
92 92
@@ -121,16 +121,44 @@ __sum16 nf_ip6_checksum(struct sk_buff *skb, unsigned int hook,
121 } 121 }
122 return csum; 122 return csum;
123} 123}
124
125EXPORT_SYMBOL(nf_ip6_checksum); 124EXPORT_SYMBOL(nf_ip6_checksum);
126 125
126static __sum16 nf_ip6_checksum_partial(struct sk_buff *skb, unsigned int hook,
127 unsigned int dataoff, unsigned int len,
128 u_int8_t protocol)
129{
130 struct ipv6hdr *ip6h = ipv6_hdr(skb);
131 __wsum hsum;
132 __sum16 csum = 0;
133
134 switch (skb->ip_summed) {
135 case CHECKSUM_COMPLETE:
136 if (len == skb->len - dataoff)
137 return nf_ip6_checksum(skb, hook, dataoff, protocol);
138 /* fall through */
139 case CHECKSUM_NONE:
140 hsum = skb_checksum(skb, 0, dataoff, 0);
141 skb->csum = ~csum_unfold(csum_ipv6_magic(&ip6h->saddr,
142 &ip6h->daddr,
143 skb->len - dataoff,
144 protocol,
145 csum_sub(0, hsum)));
146 skb->ip_summed = CHECKSUM_NONE;
147 csum = __skb_checksum_complete_head(skb, dataoff + len);
148 if (!csum)
149 skb->ip_summed = CHECKSUM_UNNECESSARY;
150 }
151 return csum;
152};
153
127static const struct nf_afinfo nf_ip6_afinfo = { 154static const struct nf_afinfo nf_ip6_afinfo = {
128 .family = AF_INET6, 155 .family = AF_INET6,
129 .checksum = nf_ip6_checksum, 156 .checksum = nf_ip6_checksum,
130 .route = nf_ip6_route, 157 .checksum_partial = nf_ip6_checksum_partial,
131 .saveroute = nf_ip6_saveroute, 158 .route = nf_ip6_route,
132 .reroute = nf_ip6_reroute, 159 .saveroute = nf_ip6_saveroute,
133 .route_key_size = sizeof(struct ip6_rt_info), 160 .reroute = nf_ip6_reroute,
161 .route_key_size = sizeof(struct ip6_rt_info),
134}; 162};
135 163
136int __init ipv6_netfilter_init(void) 164int __init ipv6_netfilter_init(void)
diff --git a/net/ipv6/netfilter/ip6_queue.c b/net/ipv6/netfilter/ip6_queue.c
index 8d366f7f2a9a..92a36c9e5402 100644
--- a/net/ipv6/netfilter/ip6_queue.c
+++ b/net/ipv6/netfilter/ip6_queue.c
@@ -484,7 +484,7 @@ ipq_rcv_dev_event(struct notifier_block *this,
484{ 484{
485 struct net_device *dev = ptr; 485 struct net_device *dev = ptr;
486 486
487 if (dev->nd_net != &init_net) 487 if (dev_net(dev) != &init_net)
488 return NOTIFY_DONE; 488 return NOTIFY_DONE;
489 489
490 /* Drop any packets associated with the downed device */ 490 /* Drop any packets associated with the downed device */
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index bf9bb6e55bb5..0b4557e03431 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -55,7 +55,7 @@ MODULE_DESCRIPTION("IPv6 packet filter");
55do { \ 55do { \
56 if (!(x)) \ 56 if (!(x)) \
57 printk("IP_NF_ASSERT: %s:%s:%u\n", \ 57 printk("IP_NF_ASSERT: %s:%s:%u\n", \
58 __FUNCTION__, __FILE__, __LINE__); \ 58 __func__, __FILE__, __LINE__); \
59} while(0) 59} while(0)
60#else 60#else
61#define IP_NF_ASSERT(x) 61#define IP_NF_ASSERT(x)
@@ -325,7 +325,7 @@ static void trace_packet(struct sk_buff *skb,
325 struct ip6t_entry *e) 325 struct ip6t_entry *e)
326{ 326{
327 void *table_base; 327 void *table_base;
328 struct ip6t_entry *root; 328 const struct ip6t_entry *root;
329 char *hookname, *chainname, *comment; 329 char *hookname, *chainname, *comment;
330 unsigned int rulenum = 0; 330 unsigned int rulenum = 0;
331 331
@@ -952,7 +952,7 @@ static struct xt_counters *alloc_counters(struct xt_table *table)
952{ 952{
953 unsigned int countersize; 953 unsigned int countersize;
954 struct xt_counters *counters; 954 struct xt_counters *counters;
955 struct xt_table_info *private = table->private; 955 const struct xt_table_info *private = table->private;
956 956
957 /* We need atomic snapshot of counters: rest doesn't change 957 /* We need atomic snapshot of counters: rest doesn't change
958 (other than comefrom, which userspace doesn't care 958 (other than comefrom, which userspace doesn't care
@@ -979,9 +979,9 @@ copy_entries_to_user(unsigned int total_size,
979 unsigned int off, num; 979 unsigned int off, num;
980 struct ip6t_entry *e; 980 struct ip6t_entry *e;
981 struct xt_counters *counters; 981 struct xt_counters *counters;
982 struct xt_table_info *private = table->private; 982 const struct xt_table_info *private = table->private;
983 int ret = 0; 983 int ret = 0;
984 void *loc_cpu_entry; 984 const void *loc_cpu_entry;
985 985
986 counters = alloc_counters(table); 986 counters = alloc_counters(table);
987 if (IS_ERR(counters)) 987 if (IS_ERR(counters))
@@ -1001,8 +1001,8 @@ copy_entries_to_user(unsigned int total_size,
1001 /* ... then go back and fix counters and names */ 1001 /* ... then go back and fix counters and names */
1002 for (off = 0, num = 0; off < total_size; off += e->next_offset, num++){ 1002 for (off = 0, num = 0; off < total_size; off += e->next_offset, num++){
1003 unsigned int i; 1003 unsigned int i;
1004 struct ip6t_entry_match *m; 1004 const struct ip6t_entry_match *m;
1005 struct ip6t_entry_target *t; 1005 const struct ip6t_entry_target *t;
1006 1006
1007 e = (struct ip6t_entry *)(loc_cpu_entry + off); 1007 e = (struct ip6t_entry *)(loc_cpu_entry + off);
1008 if (copy_to_user(userptr + off 1008 if (copy_to_user(userptr + off
@@ -1142,7 +1142,7 @@ static int get_info(struct net *net, void __user *user, int *len, int compat)
1142 "ip6table_%s", name); 1142 "ip6table_%s", name);
1143 if (t && !IS_ERR(t)) { 1143 if (t && !IS_ERR(t)) {
1144 struct ip6t_getinfo info; 1144 struct ip6t_getinfo info;
1145 struct xt_table_info *private = t->private; 1145 const struct xt_table_info *private = t->private;
1146 1146
1147#ifdef CONFIG_COMPAT 1147#ifdef CONFIG_COMPAT
1148 if (compat) { 1148 if (compat) {
@@ -1206,7 +1206,7 @@ get_entries(struct net *net, struct ip6t_get_entries __user *uptr, int *len)
1206 else { 1206 else {
1207 duprintf("get_entries: I've got %u not %u!\n", 1207 duprintf("get_entries: I've got %u not %u!\n",
1208 private->size, get.size); 1208 private->size, get.size);
1209 ret = -EINVAL; 1209 ret = -EAGAIN;
1210 } 1210 }
1211 module_put(t->me); 1211 module_put(t->me);
1212 xt_table_unlock(t); 1212 xt_table_unlock(t);
@@ -1225,7 +1225,7 @@ __do_replace(struct net *net, const char *name, unsigned int valid_hooks,
1225 struct xt_table *t; 1225 struct xt_table *t;
1226 struct xt_table_info *oldinfo; 1226 struct xt_table_info *oldinfo;
1227 struct xt_counters *counters; 1227 struct xt_counters *counters;
1228 void *loc_cpu_old_entry; 1228 const void *loc_cpu_old_entry;
1229 1229
1230 ret = 0; 1230 ret = 0;
1231 counters = vmalloc_node(num_counters * sizeof(struct xt_counters), 1231 counters = vmalloc_node(num_counters * sizeof(struct xt_counters),
@@ -1369,9 +1369,9 @@ do_add_counters(struct net *net, void __user *user, unsigned int len,
1369 int size; 1369 int size;
1370 void *ptmp; 1370 void *ptmp;
1371 struct xt_table *t; 1371 struct xt_table *t;
1372 struct xt_table_info *private; 1372 const struct xt_table_info *private;
1373 int ret = 0; 1373 int ret = 0;
1374 void *loc_cpu_entry; 1374 const void *loc_cpu_entry;
1375#ifdef CONFIG_COMPAT 1375#ifdef CONFIG_COMPAT
1376 struct compat_xt_counters_info compat_tmp; 1376 struct compat_xt_counters_info compat_tmp;
1377 1377
@@ -1879,11 +1879,11 @@ compat_do_ip6t_set_ctl(struct sock *sk, int cmd, void __user *user,
1879 1879
1880 switch (cmd) { 1880 switch (cmd) {
1881 case IP6T_SO_SET_REPLACE: 1881 case IP6T_SO_SET_REPLACE:
1882 ret = compat_do_replace(sk->sk_net, user, len); 1882 ret = compat_do_replace(sock_net(sk), user, len);
1883 break; 1883 break;
1884 1884
1885 case IP6T_SO_SET_ADD_COUNTERS: 1885 case IP6T_SO_SET_ADD_COUNTERS:
1886 ret = do_add_counters(sk->sk_net, user, len, 1); 1886 ret = do_add_counters(sock_net(sk), user, len, 1);
1887 break; 1887 break;
1888 1888
1889 default: 1889 default:
@@ -1905,11 +1905,11 @@ compat_copy_entries_to_user(unsigned int total_size, struct xt_table *table,
1905 void __user *userptr) 1905 void __user *userptr)
1906{ 1906{
1907 struct xt_counters *counters; 1907 struct xt_counters *counters;
1908 struct xt_table_info *private = table->private; 1908 const struct xt_table_info *private = table->private;
1909 void __user *pos; 1909 void __user *pos;
1910 unsigned int size; 1910 unsigned int size;
1911 int ret = 0; 1911 int ret = 0;
1912 void *loc_cpu_entry; 1912 const void *loc_cpu_entry;
1913 unsigned int i = 0; 1913 unsigned int i = 0;
1914 1914
1915 counters = alloc_counters(table); 1915 counters = alloc_counters(table);
@@ -1956,7 +1956,7 @@ compat_get_entries(struct net *net, struct compat_ip6t_get_entries __user *uptr,
1956 xt_compat_lock(AF_INET6); 1956 xt_compat_lock(AF_INET6);
1957 t = xt_find_table_lock(net, AF_INET6, get.name); 1957 t = xt_find_table_lock(net, AF_INET6, get.name);
1958 if (t && !IS_ERR(t)) { 1958 if (t && !IS_ERR(t)) {
1959 struct xt_table_info *private = t->private; 1959 const struct xt_table_info *private = t->private;
1960 struct xt_table_info info; 1960 struct xt_table_info info;
1961 duprintf("t->private->number = %u\n", private->number); 1961 duprintf("t->private->number = %u\n", private->number);
1962 ret = compat_table_info(private, &info); 1962 ret = compat_table_info(private, &info);
@@ -1966,7 +1966,7 @@ compat_get_entries(struct net *net, struct compat_ip6t_get_entries __user *uptr,
1966 } else if (!ret) { 1966 } else if (!ret) {
1967 duprintf("compat_get_entries: I've got %u not %u!\n", 1967 duprintf("compat_get_entries: I've got %u not %u!\n",
1968 private->size, get.size); 1968 private->size, get.size);
1969 ret = -EINVAL; 1969 ret = -EAGAIN;
1970 } 1970 }
1971 xt_compat_flush_offsets(AF_INET6); 1971 xt_compat_flush_offsets(AF_INET6);
1972 module_put(t->me); 1972 module_put(t->me);
@@ -1990,10 +1990,10 @@ compat_do_ip6t_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
1990 1990
1991 switch (cmd) { 1991 switch (cmd) {
1992 case IP6T_SO_GET_INFO: 1992 case IP6T_SO_GET_INFO:
1993 ret = get_info(sk->sk_net, user, len, 1); 1993 ret = get_info(sock_net(sk), user, len, 1);
1994 break; 1994 break;
1995 case IP6T_SO_GET_ENTRIES: 1995 case IP6T_SO_GET_ENTRIES:
1996 ret = compat_get_entries(sk->sk_net, user, len); 1996 ret = compat_get_entries(sock_net(sk), user, len);
1997 break; 1997 break;
1998 default: 1998 default:
1999 ret = do_ip6t_get_ctl(sk, cmd, user, len); 1999 ret = do_ip6t_get_ctl(sk, cmd, user, len);
@@ -2012,11 +2012,11 @@ do_ip6t_set_ctl(struct sock *sk, int cmd, void __user *user, unsigned int len)
2012 2012
2013 switch (cmd) { 2013 switch (cmd) {
2014 case IP6T_SO_SET_REPLACE: 2014 case IP6T_SO_SET_REPLACE:
2015 ret = do_replace(sk->sk_net, user, len); 2015 ret = do_replace(sock_net(sk), user, len);
2016 break; 2016 break;
2017 2017
2018 case IP6T_SO_SET_ADD_COUNTERS: 2018 case IP6T_SO_SET_ADD_COUNTERS:
2019 ret = do_add_counters(sk->sk_net, user, len, 0); 2019 ret = do_add_counters(sock_net(sk), user, len, 0);
2020 break; 2020 break;
2021 2021
2022 default: 2022 default:
@@ -2037,11 +2037,11 @@ do_ip6t_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
2037 2037
2038 switch (cmd) { 2038 switch (cmd) {
2039 case IP6T_SO_GET_INFO: 2039 case IP6T_SO_GET_INFO:
2040 ret = get_info(sk->sk_net, user, len, 0); 2040 ret = get_info(sock_net(sk), user, len, 0);
2041 break; 2041 break;
2042 2042
2043 case IP6T_SO_GET_ENTRIES: 2043 case IP6T_SO_GET_ENTRIES:
2044 ret = get_entries(sk->sk_net, user, len); 2044 ret = get_entries(sock_net(sk), user, len);
2045 break; 2045 break;
2046 2046
2047 case IP6T_SO_GET_REVISION_MATCH: 2047 case IP6T_SO_GET_REVISION_MATCH:
@@ -2155,7 +2155,8 @@ icmp6_match(const struct sk_buff *skb,
2155 unsigned int protoff, 2155 unsigned int protoff,
2156 bool *hotdrop) 2156 bool *hotdrop)
2157{ 2157{
2158 struct icmp6hdr _icmph, *ic; 2158 const struct icmp6hdr *ic;
2159 struct icmp6hdr _icmph;
2159 const struct ip6t_icmp *icmpinfo = matchinfo; 2160 const struct ip6t_icmp *icmpinfo = matchinfo;
2160 2161
2161 /* Must not be a fragment. */ 2162 /* Must not be a fragment. */
diff --git a/net/ipv6/netfilter/ip6t_LOG.c b/net/ipv6/netfilter/ip6t_LOG.c
index 86a613810b69..3a2316974f83 100644
--- a/net/ipv6/netfilter/ip6t_LOG.c
+++ b/net/ipv6/netfilter/ip6t_LOG.c
@@ -363,11 +363,15 @@ static void dump_packet(const struct nf_loginfo *info,
363 if ((logflags & IP6T_LOG_UID) && recurse && skb->sk) { 363 if ((logflags & IP6T_LOG_UID) && recurse && skb->sk) {
364 read_lock_bh(&skb->sk->sk_callback_lock); 364 read_lock_bh(&skb->sk->sk_callback_lock);
365 if (skb->sk->sk_socket && skb->sk->sk_socket->file) 365 if (skb->sk->sk_socket && skb->sk->sk_socket->file)
366 printk("UID=%u GID=%u", 366 printk("UID=%u GID=%u ",
367 skb->sk->sk_socket->file->f_uid, 367 skb->sk->sk_socket->file->f_uid,
368 skb->sk->sk_socket->file->f_gid); 368 skb->sk->sk_socket->file->f_gid);
369 read_unlock_bh(&skb->sk->sk_callback_lock); 369 read_unlock_bh(&skb->sk->sk_callback_lock);
370 } 370 }
371
372 /* Max length: 16 "MARK=0xFFFFFFFF " */
373 if (!recurse && skb->mark)
374 printk("MARK=0x%x ", skb->mark);
371} 375}
372 376
373static struct nf_loginfo default_loginfo = { 377static struct nf_loginfo default_loginfo = {
diff --git a/net/ipv6/netfilter/ip6t_REJECT.c b/net/ipv6/netfilter/ip6t_REJECT.c
index b23baa635fe0..44c8d65a2431 100644
--- a/net/ipv6/netfilter/ip6t_REJECT.c
+++ b/net/ipv6/netfilter/ip6t_REJECT.c
@@ -41,7 +41,8 @@ static void send_reset(struct sk_buff *oldskb)
41 struct tcphdr otcph, *tcph; 41 struct tcphdr otcph, *tcph;
42 unsigned int otcplen, hh_len; 42 unsigned int otcplen, hh_len;
43 int tcphoff, needs_ack; 43 int tcphoff, needs_ack;
44 struct ipv6hdr *oip6h = ipv6_hdr(oldskb), *ip6h; 44 const struct ipv6hdr *oip6h = ipv6_hdr(oldskb);
45 struct ipv6hdr *ip6h;
45 struct dst_entry *dst = NULL; 46 struct dst_entry *dst = NULL;
46 u8 proto; 47 u8 proto;
47 struct flowi fl; 48 struct flowi fl;
@@ -93,7 +94,7 @@ static void send_reset(struct sk_buff *oldskb)
93 fl.fl_ip_sport = otcph.dest; 94 fl.fl_ip_sport = otcph.dest;
94 fl.fl_ip_dport = otcph.source; 95 fl.fl_ip_dport = otcph.source;
95 security_skb_classify_flow(oldskb, &fl); 96 security_skb_classify_flow(oldskb, &fl);
96 dst = ip6_route_output(NULL, &fl); 97 dst = ip6_route_output(&init_net, NULL, &fl);
97 if (dst == NULL) 98 if (dst == NULL)
98 return; 99 return;
99 if (dst->error || xfrm_lookup(&dst, &fl, NULL, 0)) 100 if (dst->error || xfrm_lookup(&dst, &fl, NULL, 0))
@@ -177,7 +178,7 @@ reject_tg6(struct sk_buff *skb, const struct net_device *in,
177{ 178{
178 const struct ip6t_reject_info *reject = targinfo; 179 const struct ip6t_reject_info *reject = targinfo;
179 180
180 pr_debug("%s: medium point\n", __FUNCTION__); 181 pr_debug("%s: medium point\n", __func__);
181 /* WARNING: This code causes reentry within ip6tables. 182 /* WARNING: This code causes reentry within ip6tables.
182 This means that the ip6tables jump stack is now crap. We 183 This means that the ip6tables jump stack is now crap. We
183 must return an absolute verdict. --RR */ 184 must return an absolute verdict. --RR */
diff --git a/net/ipv6/netfilter/ip6t_ipv6header.c b/net/ipv6/netfilter/ip6t_ipv6header.c
index 3a940171f829..317a8960a757 100644
--- a/net/ipv6/netfilter/ip6t_ipv6header.c
+++ b/net/ipv6/netfilter/ip6t_ipv6header.c
@@ -49,7 +49,8 @@ ipv6header_mt6(const struct sk_buff *skb, const struct net_device *in,
49 temp = 0; 49 temp = 0;
50 50
51 while (ip6t_ext_hdr(nexthdr)) { 51 while (ip6t_ext_hdr(nexthdr)) {
52 struct ipv6_opt_hdr _hdr, *hp; 52 const struct ipv6_opt_hdr *hp;
53 struct ipv6_opt_hdr _hdr;
53 int hdrlen; 54 int hdrlen;
54 55
55 /* Is there enough space for the next ext header? */ 56 /* Is there enough space for the next ext header? */
diff --git a/net/ipv6/netfilter/ip6t_rt.c b/net/ipv6/netfilter/ip6t_rt.c
index 12a9efe9886e..81aaf7aaaabf 100644
--- a/net/ipv6/netfilter/ip6t_rt.c
+++ b/net/ipv6/netfilter/ip6t_rt.c
@@ -110,7 +110,8 @@ rt_mt6(const struct sk_buff *skb, const struct net_device *in,
110 !!(rtinfo->invflags & IP6T_RT_INV_TYP))); 110 !!(rtinfo->invflags & IP6T_RT_INV_TYP)));
111 111
112 if (ret && (rtinfo->flags & IP6T_RT_RES)) { 112 if (ret && (rtinfo->flags & IP6T_RT_RES)) {
113 u_int32_t *rp, _reserved; 113 const u_int32_t *rp;
114 u_int32_t _reserved;
114 rp = skb_header_pointer(skb, 115 rp = skb_header_pointer(skb,
115 ptr + offsetof(struct rt0_hdr, 116 ptr + offsetof(struct rt0_hdr,
116 reserved), 117 reserved),
diff --git a/net/ipv6/netfilter/ip6table_filter.c b/net/ipv6/netfilter/ip6table_filter.c
index 2d9cd095a72c..f979e48b469b 100644
--- a/net/ipv6/netfilter/ip6table_filter.c
+++ b/net/ipv6/netfilter/ip6table_filter.c
@@ -54,7 +54,7 @@ static struct
54static struct xt_table packet_filter = { 54static struct xt_table packet_filter = {
55 .name = "filter", 55 .name = "filter",
56 .valid_hooks = FILTER_VALID_HOOKS, 56 .valid_hooks = FILTER_VALID_HOOKS,
57 .lock = RW_LOCK_UNLOCKED, 57 .lock = __RW_LOCK_UNLOCKED(packet_filter.lock),
58 .me = THIS_MODULE, 58 .me = THIS_MODULE,
59 .af = AF_INET6, 59 .af = AF_INET6,
60}; 60};
diff --git a/net/ipv6/netfilter/ip6table_mangle.c b/net/ipv6/netfilter/ip6table_mangle.c
index 035343a90ffe..27a5e8b48d93 100644
--- a/net/ipv6/netfilter/ip6table_mangle.c
+++ b/net/ipv6/netfilter/ip6table_mangle.c
@@ -60,7 +60,7 @@ static struct
60static struct xt_table packet_mangler = { 60static struct xt_table packet_mangler = {
61 .name = "mangle", 61 .name = "mangle",
62 .valid_hooks = MANGLE_VALID_HOOKS, 62 .valid_hooks = MANGLE_VALID_HOOKS,
63 .lock = RW_LOCK_UNLOCKED, 63 .lock = __RW_LOCK_UNLOCKED(packet_mangler.lock),
64 .me = THIS_MODULE, 64 .me = THIS_MODULE,
65 .af = AF_INET6, 65 .af = AF_INET6,
66}; 66};
diff --git a/net/ipv6/netfilter/ip6table_raw.c b/net/ipv6/netfilter/ip6table_raw.c
index 5cd84203abfe..92b91077ac29 100644
--- a/net/ipv6/netfilter/ip6table_raw.c
+++ b/net/ipv6/netfilter/ip6table_raw.c
@@ -38,7 +38,7 @@ static struct
38static struct xt_table packet_raw = { 38static struct xt_table packet_raw = {
39 .name = "raw", 39 .name = "raw",
40 .valid_hooks = RAW_VALID_HOOKS, 40 .valid_hooks = RAW_VALID_HOOKS,
41 .lock = RW_LOCK_UNLOCKED, 41 .lock = __RW_LOCK_UNLOCKED(packet_raw.lock),
42 .me = THIS_MODULE, 42 .me = THIS_MODULE,
43 .af = AF_INET6, 43 .af = AF_INET6,
44}; 44};
diff --git a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
index 3717bdf34f6e..85050c072abd 100644
--- a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
+++ b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
@@ -27,8 +27,8 @@
27#include <net/netfilter/nf_conntrack_l3proto.h> 27#include <net/netfilter/nf_conntrack_l3proto.h>
28#include <net/netfilter/nf_conntrack_core.h> 28#include <net/netfilter/nf_conntrack_core.h>
29 29
30static int ipv6_pkt_to_tuple(const struct sk_buff *skb, unsigned int nhoff, 30static bool ipv6_pkt_to_tuple(const struct sk_buff *skb, unsigned int nhoff,
31 struct nf_conntrack_tuple *tuple) 31 struct nf_conntrack_tuple *tuple)
32{ 32{
33 const u_int32_t *ap; 33 const u_int32_t *ap;
34 u_int32_t _addrs[8]; 34 u_int32_t _addrs[8];
@@ -36,21 +36,21 @@ static int ipv6_pkt_to_tuple(const struct sk_buff *skb, unsigned int nhoff,
36 ap = skb_header_pointer(skb, nhoff + offsetof(struct ipv6hdr, saddr), 36 ap = skb_header_pointer(skb, nhoff + offsetof(struct ipv6hdr, saddr),
37 sizeof(_addrs), _addrs); 37 sizeof(_addrs), _addrs);
38 if (ap == NULL) 38 if (ap == NULL)
39 return 0; 39 return false;
40 40
41 memcpy(tuple->src.u3.ip6, ap, sizeof(tuple->src.u3.ip6)); 41 memcpy(tuple->src.u3.ip6, ap, sizeof(tuple->src.u3.ip6));
42 memcpy(tuple->dst.u3.ip6, ap + 4, sizeof(tuple->dst.u3.ip6)); 42 memcpy(tuple->dst.u3.ip6, ap + 4, sizeof(tuple->dst.u3.ip6));
43 43
44 return 1; 44 return true;
45} 45}
46 46
47static int ipv6_invert_tuple(struct nf_conntrack_tuple *tuple, 47static bool ipv6_invert_tuple(struct nf_conntrack_tuple *tuple,
48 const struct nf_conntrack_tuple *orig) 48 const struct nf_conntrack_tuple *orig)
49{ 49{
50 memcpy(tuple->src.u3.ip6, orig->dst.u3.ip6, sizeof(tuple->src.u3.ip6)); 50 memcpy(tuple->src.u3.ip6, orig->dst.u3.ip6, sizeof(tuple->src.u3.ip6));
51 memcpy(tuple->dst.u3.ip6, orig->src.u3.ip6, sizeof(tuple->dst.u3.ip6)); 51 memcpy(tuple->dst.u3.ip6, orig->src.u3.ip6, sizeof(tuple->dst.u3.ip6));
52 52
53 return 1; 53 return true;
54} 54}
55 55
56static int ipv6_print_tuple(struct seq_file *s, 56static int ipv6_print_tuple(struct seq_file *s,
diff --git a/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c b/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
index 0897d0f4c4a2..ee713b03e9ec 100644
--- a/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
+++ b/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
@@ -28,21 +28,21 @@
28 28
29static unsigned long nf_ct_icmpv6_timeout __read_mostly = 30*HZ; 29static unsigned long nf_ct_icmpv6_timeout __read_mostly = 30*HZ;
30 30
31static int icmpv6_pkt_to_tuple(const struct sk_buff *skb, 31static bool icmpv6_pkt_to_tuple(const struct sk_buff *skb,
32 unsigned int dataoff, 32 unsigned int dataoff,
33 struct nf_conntrack_tuple *tuple) 33 struct nf_conntrack_tuple *tuple)
34{ 34{
35 const struct icmp6hdr *hp; 35 const struct icmp6hdr *hp;
36 struct icmp6hdr _hdr; 36 struct icmp6hdr _hdr;
37 37
38 hp = skb_header_pointer(skb, dataoff, sizeof(_hdr), &_hdr); 38 hp = skb_header_pointer(skb, dataoff, sizeof(_hdr), &_hdr);
39 if (hp == NULL) 39 if (hp == NULL)
40 return 0; 40 return false;
41 tuple->dst.u.icmp.type = hp->icmp6_type; 41 tuple->dst.u.icmp.type = hp->icmp6_type;
42 tuple->src.u.icmp.id = hp->icmp6_identifier; 42 tuple->src.u.icmp.id = hp->icmp6_identifier;
43 tuple->dst.u.icmp.code = hp->icmp6_code; 43 tuple->dst.u.icmp.code = hp->icmp6_code;
44 44
45 return 1; 45 return true;
46} 46}
47 47
48/* Add 1; spaces filled with 0. */ 48/* Add 1; spaces filled with 0. */
@@ -53,17 +53,17 @@ static const u_int8_t invmap[] = {
53 [ICMPV6_NI_REPLY - 128] = ICMPV6_NI_REPLY +1 53 [ICMPV6_NI_REPLY - 128] = ICMPV6_NI_REPLY +1
54}; 54};
55 55
56static int icmpv6_invert_tuple(struct nf_conntrack_tuple *tuple, 56static bool icmpv6_invert_tuple(struct nf_conntrack_tuple *tuple,
57 const struct nf_conntrack_tuple *orig) 57 const struct nf_conntrack_tuple *orig)
58{ 58{
59 int type = orig->dst.u.icmp.type - 128; 59 int type = orig->dst.u.icmp.type - 128;
60 if (type < 0 || type >= sizeof(invmap) || !invmap[type]) 60 if (type < 0 || type >= sizeof(invmap) || !invmap[type])
61 return 0; 61 return false;
62 62
63 tuple->src.u.icmp.id = orig->src.u.icmp.id; 63 tuple->src.u.icmp.id = orig->src.u.icmp.id;
64 tuple->dst.u.icmp.type = invmap[type] - 1; 64 tuple->dst.u.icmp.type = invmap[type] - 1;
65 tuple->dst.u.icmp.code = orig->dst.u.icmp.code; 65 tuple->dst.u.icmp.code = orig->dst.u.icmp.code;
66 return 1; 66 return true;
67} 67}
68 68
69/* Print out the per-protocol part of the tuple. */ 69/* Print out the per-protocol part of the tuple. */
@@ -102,9 +102,8 @@ static int icmpv6_packet(struct nf_conn *ct,
102} 102}
103 103
104/* Called when a new connection for this protocol found. */ 104/* Called when a new connection for this protocol found. */
105static int icmpv6_new(struct nf_conn *ct, 105static bool icmpv6_new(struct nf_conn *ct, const struct sk_buff *skb,
106 const struct sk_buff *skb, 106 unsigned int dataoff)
107 unsigned int dataoff)
108{ 107{
109 static const u_int8_t valid_new[] = { 108 static const u_int8_t valid_new[] = {
110 [ICMPV6_ECHO_REQUEST - 128] = 1, 109 [ICMPV6_ECHO_REQUEST - 128] = 1,
@@ -116,11 +115,11 @@ static int icmpv6_new(struct nf_conn *ct,
116 /* Can't create a new ICMPv6 `conn' with this. */ 115 /* Can't create a new ICMPv6 `conn' with this. */
117 pr_debug("icmpv6: can't create new conn with type %u\n", 116 pr_debug("icmpv6: can't create new conn with type %u\n",
118 type + 128); 117 type + 128);
119 NF_CT_DUMP_TUPLE(&ct->tuplehash[0].tuple); 118 nf_ct_dump_tuple_ipv6(&ct->tuplehash[0].tuple);
120 return 0; 119 return false;
121 } 120 }
122 atomic_set(&ct->proto.icmp.count, 0); 121 atomic_set(&ct->proto.icmp.count, 0);
123 return 1; 122 return true;
124} 123}
125 124
126static int 125static int
diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c
index 24c0d03095bf..2dccad48058c 100644
--- a/net/ipv6/netfilter/nf_conntrack_reasm.c
+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
@@ -103,8 +103,8 @@ struct ctl_table nf_ct_ipv6_sysctl_table[] = {
103}; 103};
104#endif 104#endif
105 105
106static unsigned int ip6qhashfn(__be32 id, struct in6_addr *saddr, 106static unsigned int ip6qhashfn(__be32 id, const struct in6_addr *saddr,
107 struct in6_addr *daddr) 107 const struct in6_addr *daddr)
108{ 108{
109 u32 a, b, c; 109 u32 a, b, c;
110 110
@@ -132,7 +132,7 @@ static unsigned int ip6qhashfn(__be32 id, struct in6_addr *saddr,
132 132
133static unsigned int nf_hashfn(struct inet_frag_queue *q) 133static unsigned int nf_hashfn(struct inet_frag_queue *q)
134{ 134{
135 struct nf_ct_frag6_queue *nq; 135 const struct nf_ct_frag6_queue *nq;
136 136
137 nq = container_of(q, struct nf_ct_frag6_queue, q); 137 nq = container_of(q, struct nf_ct_frag6_queue, q);
138 return ip6qhashfn(nq->id, &nq->saddr, &nq->daddr); 138 return ip6qhashfn(nq->id, &nq->saddr, &nq->daddr);
@@ -185,7 +185,7 @@ static void nf_ct_frag6_expire(unsigned long data)
185 185
186 spin_lock(&fq->q.lock); 186 spin_lock(&fq->q.lock);
187 187
188 if (fq->q.last_in & COMPLETE) 188 if (fq->q.last_in & INET_FRAG_COMPLETE)
189 goto out; 189 goto out;
190 190
191 fq_kill(fq); 191 fq_kill(fq);
@@ -222,12 +222,12 @@ oom:
222 222
223 223
224static int nf_ct_frag6_queue(struct nf_ct_frag6_queue *fq, struct sk_buff *skb, 224static int nf_ct_frag6_queue(struct nf_ct_frag6_queue *fq, struct sk_buff *skb,
225 struct frag_hdr *fhdr, int nhoff) 225 const struct frag_hdr *fhdr, int nhoff)
226{ 226{
227 struct sk_buff *prev, *next; 227 struct sk_buff *prev, *next;
228 int offset, end; 228 int offset, end;
229 229
230 if (fq->q.last_in & COMPLETE) { 230 if (fq->q.last_in & INET_FRAG_COMPLETE) {
231 pr_debug("Allready completed\n"); 231 pr_debug("Allready completed\n");
232 goto err; 232 goto err;
233 } 233 }
@@ -254,11 +254,11 @@ static int nf_ct_frag6_queue(struct nf_ct_frag6_queue *fq, struct sk_buff *skb,
254 * or have different end, the segment is corrupted. 254 * or have different end, the segment is corrupted.
255 */ 255 */
256 if (end < fq->q.len || 256 if (end < fq->q.len ||
257 ((fq->q.last_in & LAST_IN) && end != fq->q.len)) { 257 ((fq->q.last_in & INET_FRAG_LAST_IN) && end != fq->q.len)) {
258 pr_debug("already received last fragment\n"); 258 pr_debug("already received last fragment\n");
259 goto err; 259 goto err;
260 } 260 }
261 fq->q.last_in |= LAST_IN; 261 fq->q.last_in |= INET_FRAG_LAST_IN;
262 fq->q.len = end; 262 fq->q.len = end;
263 } else { 263 } else {
264 /* Check if the fragment is rounded to 8 bytes. 264 /* Check if the fragment is rounded to 8 bytes.
@@ -273,7 +273,7 @@ static int nf_ct_frag6_queue(struct nf_ct_frag6_queue *fq, struct sk_buff *skb,
273 } 273 }
274 if (end > fq->q.len) { 274 if (end > fq->q.len) {
275 /* Some bits beyond end -> corruption. */ 275 /* Some bits beyond end -> corruption. */
276 if (fq->q.last_in & LAST_IN) { 276 if (fq->q.last_in & INET_FRAG_LAST_IN) {
277 pr_debug("last packet already reached.\n"); 277 pr_debug("last packet already reached.\n");
278 goto err; 278 goto err;
279 } 279 }
@@ -385,7 +385,7 @@ static int nf_ct_frag6_queue(struct nf_ct_frag6_queue *fq, struct sk_buff *skb,
385 */ 385 */
386 if (offset == 0) { 386 if (offset == 0) {
387 fq->nhoffset = nhoff; 387 fq->nhoffset = nhoff;
388 fq->q.last_in |= FIRST_IN; 388 fq->q.last_in |= INET_FRAG_FIRST_IN;
389 } 389 }
390 write_lock(&nf_frags.lock); 390 write_lock(&nf_frags.lock);
391 list_move_tail(&fq->q.lru_list, &nf_init_frags.lru_list); 391 list_move_tail(&fq->q.lru_list, &nf_init_frags.lru_list);
@@ -647,7 +647,8 @@ struct sk_buff *nf_ct_frag6_gather(struct sk_buff *skb)
647 goto ret_orig; 647 goto ret_orig;
648 } 648 }
649 649
650 if (fq->q.last_in == (FIRST_IN|LAST_IN) && fq->q.meat == fq->q.len) { 650 if (fq->q.last_in == (INET_FRAG_FIRST_IN | INET_FRAG_LAST_IN) &&
651 fq->q.meat == fq->q.len) {
651 ret_skb = nf_ct_frag6_reasm(fq, dev); 652 ret_skb = nf_ct_frag6_reasm(fq, dev);
652 if (ret_skb == NULL) 653 if (ret_skb == NULL)
653 pr_debug("Can't reassemble fragmented packets\n"); 654 pr_debug("Can't reassemble fragmented packets\n");
diff --git a/net/ipv6/proc.c b/net/ipv6/proc.c
index 199ef379e501..ca8b82f96fe5 100644
--- a/net/ipv6/proc.c
+++ b/net/ipv6/proc.c
@@ -35,16 +35,18 @@ static struct proc_dir_entry *proc_net_devsnmp6;
35 35
36static int sockstat6_seq_show(struct seq_file *seq, void *v) 36static int sockstat6_seq_show(struct seq_file *seq, void *v)
37{ 37{
38 struct net *net = seq->private;
39
38 seq_printf(seq, "TCP6: inuse %d\n", 40 seq_printf(seq, "TCP6: inuse %d\n",
39 sock_prot_inuse_get(&tcpv6_prot)); 41 sock_prot_inuse_get(net, &tcpv6_prot));
40 seq_printf(seq, "UDP6: inuse %d\n", 42 seq_printf(seq, "UDP6: inuse %d\n",
41 sock_prot_inuse_get(&udpv6_prot)); 43 sock_prot_inuse_get(net, &udpv6_prot));
42 seq_printf(seq, "UDPLITE6: inuse %d\n", 44 seq_printf(seq, "UDPLITE6: inuse %d\n",
43 sock_prot_inuse_get(&udplitev6_prot)); 45 sock_prot_inuse_get(net, &udplitev6_prot));
44 seq_printf(seq, "RAW6: inuse %d\n", 46 seq_printf(seq, "RAW6: inuse %d\n",
45 sock_prot_inuse_get(&rawv6_prot)); 47 sock_prot_inuse_get(net, &rawv6_prot));
46 seq_printf(seq, "FRAG6: inuse %d memory %d\n", 48 seq_printf(seq, "FRAG6: inuse %d memory %d\n",
47 ip6_frag_nqueues(&init_net), ip6_frag_mem(&init_net)); 49 ip6_frag_nqueues(net), ip6_frag_mem(net));
48 return 0; 50 return 0;
49} 51}
50 52
@@ -183,7 +185,32 @@ static int snmp6_seq_show(struct seq_file *seq, void *v)
183 185
184static int sockstat6_seq_open(struct inode *inode, struct file *file) 186static int sockstat6_seq_open(struct inode *inode, struct file *file)
185{ 187{
186 return single_open(file, sockstat6_seq_show, NULL); 188 int err;
189 struct net *net;
190
191 err = -ENXIO;
192 net = get_proc_net(inode);
193 if (net == NULL)
194 goto err_net;
195
196 err = single_open(file, sockstat6_seq_show, net);
197 if (err < 0)
198 goto err_open;
199
200 return 0;
201
202err_open:
203 put_net(net);
204err_net:
205 return err;
206}
207
208static int sockstat6_seq_release(struct inode *inode, struct file *file)
209{
210 struct net *net = ((struct seq_file *)file->private_data)->private;
211
212 put_net(net);
213 return single_release(inode, file);
187} 214}
188 215
189static const struct file_operations sockstat6_seq_fops = { 216static const struct file_operations sockstat6_seq_fops = {
@@ -191,7 +218,7 @@ static const struct file_operations sockstat6_seq_fops = {
191 .open = sockstat6_seq_open, 218 .open = sockstat6_seq_open,
192 .read = seq_read, 219 .read = seq_read,
193 .llseek = seq_lseek, 220 .llseek = seq_lseek,
194 .release = single_release, 221 .release = sockstat6_seq_release,
195}; 222};
196 223
197static int snmp6_seq_open(struct inode *inode, struct file *file) 224static int snmp6_seq_open(struct inode *inode, struct file *file)
@@ -214,6 +241,9 @@ int snmp6_register_dev(struct inet6_dev *idev)
214 if (!idev || !idev->dev) 241 if (!idev || !idev->dev)
215 return -EINVAL; 242 return -EINVAL;
216 243
244 if (dev_net(idev->dev) != &init_net)
245 return 0;
246
217 if (!proc_net_devsnmp6) 247 if (!proc_net_devsnmp6)
218 return -ENOENT; 248 return -ENOENT;
219 249
@@ -240,27 +270,45 @@ int snmp6_unregister_dev(struct inet6_dev *idev)
240 return 0; 270 return 0;
241} 271}
242 272
273static int ipv6_proc_init_net(struct net *net)
274{
275 if (!proc_net_fops_create(net, "sockstat6", S_IRUGO,
276 &sockstat6_seq_fops))
277 return -ENOMEM;
278 return 0;
279}
280
281static void ipv6_proc_exit_net(struct net *net)
282{
283 proc_net_remove(net, "sockstat6");
284}
285
286static struct pernet_operations ipv6_proc_ops = {
287 .init = ipv6_proc_init_net,
288 .exit = ipv6_proc_exit_net,
289};
290
243int __init ipv6_misc_proc_init(void) 291int __init ipv6_misc_proc_init(void)
244{ 292{
245 int rc = 0; 293 int rc = 0;
246 294
295 if (register_pernet_subsys(&ipv6_proc_ops))
296 goto proc_net_fail;
297
247 if (!proc_net_fops_create(&init_net, "snmp6", S_IRUGO, &snmp6_seq_fops)) 298 if (!proc_net_fops_create(&init_net, "snmp6", S_IRUGO, &snmp6_seq_fops))
248 goto proc_snmp6_fail; 299 goto proc_snmp6_fail;
249 300
250 proc_net_devsnmp6 = proc_mkdir("dev_snmp6", init_net.proc_net); 301 proc_net_devsnmp6 = proc_mkdir("dev_snmp6", init_net.proc_net);
251 if (!proc_net_devsnmp6) 302 if (!proc_net_devsnmp6)
252 goto proc_dev_snmp6_fail; 303 goto proc_dev_snmp6_fail;
253
254 if (!proc_net_fops_create(&init_net, "sockstat6", S_IRUGO, &sockstat6_seq_fops))
255 goto proc_sockstat6_fail;
256out: 304out:
257 return rc; 305 return rc;
258 306
259proc_sockstat6_fail:
260 proc_net_remove(&init_net, "dev_snmp6");
261proc_dev_snmp6_fail: 307proc_dev_snmp6_fail:
262 proc_net_remove(&init_net, "snmp6"); 308 proc_net_remove(&init_net, "snmp6");
263proc_snmp6_fail: 309proc_snmp6_fail:
310 unregister_pernet_subsys(&ipv6_proc_ops);
311proc_net_fail:
264 rc = -ENOMEM; 312 rc = -ENOMEM;
265 goto out; 313 goto out;
266} 314}
@@ -270,5 +318,6 @@ void ipv6_misc_proc_exit(void)
270 proc_net_remove(&init_net, "sockstat6"); 318 proc_net_remove(&init_net, "sockstat6");
271 proc_net_remove(&init_net, "dev_snmp6"); 319 proc_net_remove(&init_net, "dev_snmp6");
272 proc_net_remove(&init_net, "snmp6"); 320 proc_net_remove(&init_net, "snmp6");
321 unregister_pernet_subsys(&ipv6_proc_ops);
273} 322}
274 323
diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c
index 8897ccf8086a..6193b124cbc7 100644
--- a/net/ipv6/raw.c
+++ b/net/ipv6/raw.c
@@ -53,6 +53,7 @@
53#if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE) 53#if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE)
54#include <net/mip6.h> 54#include <net/mip6.h>
55#endif 55#endif
56#include <linux/mroute6.h>
56 57
57#include <net/raw.h> 58#include <net/raw.h>
58#include <net/rawv6.h> 59#include <net/rawv6.h>
@@ -62,20 +63,9 @@
62#include <linux/seq_file.h> 63#include <linux/seq_file.h>
63 64
64static struct raw_hashinfo raw_v6_hashinfo = { 65static struct raw_hashinfo raw_v6_hashinfo = {
65 .lock = __RW_LOCK_UNLOCKED(), 66 .lock = __RW_LOCK_UNLOCKED(raw_v6_hashinfo.lock),
66}; 67};
67 68
68static void raw_v6_hash(struct sock *sk)
69{
70 raw_hash_sk(sk, &raw_v6_hashinfo);
71}
72
73static void raw_v6_unhash(struct sock *sk)
74{
75 raw_unhash_sk(sk, &raw_v6_hashinfo);
76}
77
78
79static struct sock *__raw_v6_lookup(struct net *net, struct sock *sk, 69static struct sock *__raw_v6_lookup(struct net *net, struct sock *sk,
80 unsigned short num, struct in6_addr *loc_addr, 70 unsigned short num, struct in6_addr *loc_addr,
81 struct in6_addr *rmt_addr, int dif) 71 struct in6_addr *rmt_addr, int dif)
@@ -87,7 +77,7 @@ static struct sock *__raw_v6_lookup(struct net *net, struct sock *sk,
87 if (inet_sk(sk)->num == num) { 77 if (inet_sk(sk)->num == num) {
88 struct ipv6_pinfo *np = inet6_sk(sk); 78 struct ipv6_pinfo *np = inet6_sk(sk);
89 79
90 if (sk->sk_net != net) 80 if (!net_eq(sock_net(sk), net))
91 continue; 81 continue;
92 82
93 if (!ipv6_addr_any(&np->daddr) && 83 if (!ipv6_addr_any(&np->daddr) &&
@@ -179,15 +169,10 @@ static int ipv6_raw_deliver(struct sk_buff *skb, int nexthdr)
179 read_lock(&raw_v6_hashinfo.lock); 169 read_lock(&raw_v6_hashinfo.lock);
180 sk = sk_head(&raw_v6_hashinfo.ht[hash]); 170 sk = sk_head(&raw_v6_hashinfo.ht[hash]);
181 171
182 /*
183 * The first socket found will be delivered after
184 * delivery to transport protocols.
185 */
186
187 if (sk == NULL) 172 if (sk == NULL)
188 goto out; 173 goto out;
189 174
190 net = skb->dev->nd_net; 175 net = dev_net(skb->dev);
191 sk = __raw_v6_lookup(net, sk, nexthdr, daddr, saddr, IP6CB(skb)->iif); 176 sk = __raw_v6_lookup(net, sk, nexthdr, daddr, saddr, IP6CB(skb)->iif);
192 177
193 while (sk) { 178 while (sk) {
@@ -291,7 +276,7 @@ static int rawv6_bind(struct sock *sk, struct sockaddr *uaddr, int addr_len)
291 if (!sk->sk_bound_dev_if) 276 if (!sk->sk_bound_dev_if)
292 goto out; 277 goto out;
293 278
294 dev = dev_get_by_index(sk->sk_net, sk->sk_bound_dev_if); 279 dev = dev_get_by_index(sock_net(sk), sk->sk_bound_dev_if);
295 if (!dev) { 280 if (!dev) {
296 err = -ENODEV; 281 err = -ENODEV;
297 goto out; 282 goto out;
@@ -304,7 +289,7 @@ static int rawv6_bind(struct sock *sk, struct sockaddr *uaddr, int addr_len)
304 v4addr = LOOPBACK4_IPV6; 289 v4addr = LOOPBACK4_IPV6;
305 if (!(addr_type & IPV6_ADDR_MULTICAST)) { 290 if (!(addr_type & IPV6_ADDR_MULTICAST)) {
306 err = -EADDRNOTAVAIL; 291 err = -EADDRNOTAVAIL;
307 if (!ipv6_chk_addr(sk->sk_net, &addr->sin6_addr, 292 if (!ipv6_chk_addr(sock_net(sk), &addr->sin6_addr,
308 dev, 0)) { 293 dev, 0)) {
309 if (dev) 294 if (dev)
310 dev_put(dev); 295 dev_put(dev);
@@ -372,9 +357,11 @@ void raw6_icmp_error(struct sk_buff *skb, int nexthdr,
372 read_lock(&raw_v6_hashinfo.lock); 357 read_lock(&raw_v6_hashinfo.lock);
373 sk = sk_head(&raw_v6_hashinfo.ht[hash]); 358 sk = sk_head(&raw_v6_hashinfo.ht[hash]);
374 if (sk != NULL) { 359 if (sk != NULL) {
375 saddr = &ipv6_hdr(skb)->saddr; 360 /* Note: ipv6_hdr(skb) != skb->data */
376 daddr = &ipv6_hdr(skb)->daddr; 361 struct ipv6hdr *ip6h = (struct ipv6hdr *)skb->data;
377 net = skb->dev->nd_net; 362 saddr = &ip6h->saddr;
363 daddr = &ip6h->daddr;
364 net = dev_net(skb->dev);
378 365
379 while ((sk = __raw_v6_lookup(net, sk, nexthdr, saddr, daddr, 366 while ((sk = __raw_v6_lookup(net, sk, nexthdr, saddr, daddr,
380 IP6CB(skb)->iif))) { 367 IP6CB(skb)->iif))) {
@@ -820,15 +807,6 @@ static int rawv6_sendmsg(struct kiocb *iocb, struct sock *sk,
820 fl.fl6_flowlabel = np->flow_label; 807 fl.fl6_flowlabel = np->flow_label;
821 } 808 }
822 809
823 if (ipv6_addr_any(daddr)) {
824 /*
825 * unspecified destination address
826 * treated as error... is this correct ?
827 */
828 fl6_sock_release(flowlabel);
829 return(-EINVAL);
830 }
831
832 if (fl.oif == 0) 810 if (fl.oif == 0)
833 fl.oif = sk->sk_bound_dev_if; 811 fl.oif = sk->sk_bound_dev_if;
834 812
@@ -861,7 +839,10 @@ static int rawv6_sendmsg(struct kiocb *iocb, struct sock *sk,
861 if (err) 839 if (err)
862 goto out; 840 goto out;
863 841
864 ipv6_addr_copy(&fl.fl6_dst, daddr); 842 if (!ipv6_addr_any(daddr))
843 ipv6_addr_copy(&fl.fl6_dst, daddr);
844 else
845 fl.fl6_dst.s6_addr[15] = 0x1; /* :: means loopback (BSD'ism) */
865 if (ipv6_addr_any(&fl.fl6_src) && !ipv6_addr_any(&np->saddr)) 846 if (ipv6_addr_any(&fl.fl6_src) && !ipv6_addr_any(&np->saddr))
866 ipv6_addr_copy(&fl.fl6_src, &np->saddr); 847 ipv6_addr_copy(&fl.fl6_src, &np->saddr);
867 848
@@ -896,9 +877,7 @@ static int rawv6_sendmsg(struct kiocb *iocb, struct sock *sk,
896 else 877 else
897 hlimit = np->hop_limit; 878 hlimit = np->hop_limit;
898 if (hlimit < 0) 879 if (hlimit < 0)
899 hlimit = dst_metric(dst, RTAX_HOPLIMIT); 880 hlimit = ip6_dst_hoplimit(dst);
900 if (hlimit < 0)
901 hlimit = ipv6_get_hoplimit(dst->dev);
902 } 881 }
903 882
904 if (tclass < 0) { 883 if (tclass < 0) {
@@ -1153,7 +1132,11 @@ static int rawv6_ioctl(struct sock *sk, int cmd, unsigned long arg)
1153 } 1132 }
1154 1133
1155 default: 1134 default:
1135#ifdef CONFIG_IPV6_MROUTE
1136 return ip6mr_ioctl(sk, cmd, (void __user *)arg);
1137#else
1156 return -ENOIOCTLCMD; 1138 return -ENOIOCTLCMD;
1139#endif
1157 } 1140 }
1158} 1141}
1159 1142
@@ -1161,7 +1144,7 @@ static void rawv6_close(struct sock *sk, long timeout)
1161{ 1144{
1162 if (inet_sk(sk)->num == IPPROTO_RAW) 1145 if (inet_sk(sk)->num == IPPROTO_RAW)
1163 ip6_ra_control(sk, -1, NULL); 1146 ip6_ra_control(sk, -1, NULL);
1164 1147 ip6mr_sk_done(sk);
1165 sk_common_release(sk); 1148 sk_common_release(sk);
1166} 1149}
1167 1150
@@ -1184,8 +1167,6 @@ static int rawv6_init_sk(struct sock *sk)
1184 return(0); 1167 return(0);
1185} 1168}
1186 1169
1187DEFINE_PROTO_INUSE(rawv6)
1188
1189struct proto rawv6_prot = { 1170struct proto rawv6_prot = {
1190 .name = "RAWv6", 1171 .name = "RAWv6",
1191 .owner = THIS_MODULE, 1172 .owner = THIS_MODULE,
@@ -1201,14 +1182,14 @@ struct proto rawv6_prot = {
1201 .recvmsg = rawv6_recvmsg, 1182 .recvmsg = rawv6_recvmsg,
1202 .bind = rawv6_bind, 1183 .bind = rawv6_bind,
1203 .backlog_rcv = rawv6_rcv_skb, 1184 .backlog_rcv = rawv6_rcv_skb,
1204 .hash = raw_v6_hash, 1185 .hash = raw_hash_sk,
1205 .unhash = raw_v6_unhash, 1186 .unhash = raw_unhash_sk,
1206 .obj_size = sizeof(struct raw6_sock), 1187 .obj_size = sizeof(struct raw6_sock),
1188 .h.raw_hash = &raw_v6_hashinfo,
1207#ifdef CONFIG_COMPAT 1189#ifdef CONFIG_COMPAT
1208 .compat_setsockopt = compat_rawv6_setsockopt, 1190 .compat_setsockopt = compat_rawv6_setsockopt,
1209 .compat_getsockopt = compat_rawv6_getsockopt, 1191 .compat_getsockopt = compat_rawv6_getsockopt,
1210#endif 1192#endif
1211 REF_PROTO_INUSE(rawv6)
1212}; 1193};
1213 1194
1214#ifdef CONFIG_PROC_FS 1195#ifdef CONFIG_PROC_FS
diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c
index f936d045a39d..7b247e3a16fe 100644
--- a/net/ipv6/reassembly.c
+++ b/net/ipv6/reassembly.c
@@ -202,7 +202,7 @@ static void ip6_frag_expire(unsigned long data)
202 202
203 spin_lock(&fq->q.lock); 203 spin_lock(&fq->q.lock);
204 204
205 if (fq->q.last_in & COMPLETE) 205 if (fq->q.last_in & INET_FRAG_COMPLETE)
206 goto out; 206 goto out;
207 207
208 fq_kill(fq); 208 fq_kill(fq);
@@ -217,7 +217,7 @@ static void ip6_frag_expire(unsigned long data)
217 rcu_read_unlock(); 217 rcu_read_unlock();
218 218
219 /* Don't send error if the first segment did not arrive. */ 219 /* Don't send error if the first segment did not arrive. */
220 if (!(fq->q.last_in&FIRST_IN) || !fq->q.fragments) 220 if (!(fq->q.last_in & INET_FRAG_FIRST_IN) || !fq->q.fragments)
221 goto out; 221 goto out;
222 222
223 /* 223 /*
@@ -265,7 +265,7 @@ static int ip6_frag_queue(struct frag_queue *fq, struct sk_buff *skb,
265 struct net_device *dev; 265 struct net_device *dev;
266 int offset, end; 266 int offset, end;
267 267
268 if (fq->q.last_in & COMPLETE) 268 if (fq->q.last_in & INET_FRAG_COMPLETE)
269 goto err; 269 goto err;
270 270
271 offset = ntohs(fhdr->frag_off) & ~0x7; 271 offset = ntohs(fhdr->frag_off) & ~0x7;
@@ -294,9 +294,9 @@ static int ip6_frag_queue(struct frag_queue *fq, struct sk_buff *skb,
294 * or have different end, the segment is corrupted. 294 * or have different end, the segment is corrupted.
295 */ 295 */
296 if (end < fq->q.len || 296 if (end < fq->q.len ||
297 ((fq->q.last_in & LAST_IN) && end != fq->q.len)) 297 ((fq->q.last_in & INET_FRAG_LAST_IN) && end != fq->q.len))
298 goto err; 298 goto err;
299 fq->q.last_in |= LAST_IN; 299 fq->q.last_in |= INET_FRAG_LAST_IN;
300 fq->q.len = end; 300 fq->q.len = end;
301 } else { 301 } else {
302 /* Check if the fragment is rounded to 8 bytes. 302 /* Check if the fragment is rounded to 8 bytes.
@@ -314,7 +314,7 @@ static int ip6_frag_queue(struct frag_queue *fq, struct sk_buff *skb,
314 } 314 }
315 if (end > fq->q.len) { 315 if (end > fq->q.len) {
316 /* Some bits beyond end -> corruption. */ 316 /* Some bits beyond end -> corruption. */
317 if (fq->q.last_in & LAST_IN) 317 if (fq->q.last_in & INET_FRAG_LAST_IN)
318 goto err; 318 goto err;
319 fq->q.len = end; 319 fq->q.len = end;
320 } 320 }
@@ -417,10 +417,11 @@ static int ip6_frag_queue(struct frag_queue *fq, struct sk_buff *skb,
417 */ 417 */
418 if (offset == 0) { 418 if (offset == 0) {
419 fq->nhoffset = nhoff; 419 fq->nhoffset = nhoff;
420 fq->q.last_in |= FIRST_IN; 420 fq->q.last_in |= INET_FRAG_FIRST_IN;
421 } 421 }
422 422
423 if (fq->q.last_in == (FIRST_IN | LAST_IN) && fq->q.meat == fq->q.len) 423 if (fq->q.last_in == (INET_FRAG_FIRST_IN | INET_FRAG_LAST_IN) &&
424 fq->q.meat == fq->q.len)
424 return ip6_frag_reasm(fq, prev, dev); 425 return ip6_frag_reasm(fq, prev, dev);
425 426
426 write_lock(&ip6_frags.lock); 427 write_lock(&ip6_frags.lock);
@@ -600,7 +601,7 @@ static int ipv6_frag_rcv(struct sk_buff *skb)
600 return 1; 601 return 1;
601 } 602 }
602 603
603 net = skb->dev->nd_net; 604 net = dev_net(skb->dev);
604 if (atomic_read(&net->ipv6.frags.mem) > net->ipv6.frags.high_thresh) 605 if (atomic_read(&net->ipv6.frags.mem) > net->ipv6.frags.high_thresh)
605 ip6_evictor(net, ip6_dst_idev(skb->dst)); 606 ip6_evictor(net, ip6_dst_idev(skb->dst));
606 607
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index e8b241cb60bc..210a079cfc6f 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -36,10 +36,12 @@
36#include <linux/route.h> 36#include <linux/route.h>
37#include <linux/netdevice.h> 37#include <linux/netdevice.h>
38#include <linux/in6.h> 38#include <linux/in6.h>
39#include <linux/mroute6.h>
39#include <linux/init.h> 40#include <linux/init.h>
40#include <linux/if_arp.h> 41#include <linux/if_arp.h>
41#include <linux/proc_fs.h> 42#include <linux/proc_fs.h>
42#include <linux/seq_file.h> 43#include <linux/seq_file.h>
44#include <linux/nsproxy.h>
43#include <net/net_namespace.h> 45#include <net/net_namespace.h>
44#include <net/snmp.h> 46#include <net/snmp.h>
45#include <net/ipv6.h> 47#include <net/ipv6.h>
@@ -87,14 +89,16 @@ static void ip6_link_failure(struct sk_buff *skb);
87static void ip6_rt_update_pmtu(struct dst_entry *dst, u32 mtu); 89static void ip6_rt_update_pmtu(struct dst_entry *dst, u32 mtu);
88 90
89#ifdef CONFIG_IPV6_ROUTE_INFO 91#ifdef CONFIG_IPV6_ROUTE_INFO
90static struct rt6_info *rt6_add_route_info(struct in6_addr *prefix, int prefixlen, 92static struct rt6_info *rt6_add_route_info(struct net *net,
93 struct in6_addr *prefix, int prefixlen,
91 struct in6_addr *gwaddr, int ifindex, 94 struct in6_addr *gwaddr, int ifindex,
92 unsigned pref); 95 unsigned pref);
93static struct rt6_info *rt6_get_route_info(struct in6_addr *prefix, int prefixlen, 96static struct rt6_info *rt6_get_route_info(struct net *net,
97 struct in6_addr *prefix, int prefixlen,
94 struct in6_addr *gwaddr, int ifindex); 98 struct in6_addr *gwaddr, int ifindex);
95#endif 99#endif
96 100
97static struct dst_ops ip6_dst_ops = { 101static struct dst_ops ip6_dst_ops_template = {
98 .family = AF_INET6, 102 .family = AF_INET6,
99 .protocol = __constant_htons(ETH_P_IPV6), 103 .protocol = __constant_htons(ETH_P_IPV6),
100 .gc = ip6_dst_gc, 104 .gc = ip6_dst_gc,
@@ -124,7 +128,7 @@ static struct dst_ops ip6_dst_blackhole_ops = {
124 .entries = ATOMIC_INIT(0), 128 .entries = ATOMIC_INIT(0),
125}; 129};
126 130
127struct rt6_info ip6_null_entry = { 131static struct rt6_info ip6_null_entry_template = {
128 .u = { 132 .u = {
129 .dst = { 133 .dst = {
130 .__refcnt = ATOMIC_INIT(1), 134 .__refcnt = ATOMIC_INIT(1),
@@ -134,8 +138,6 @@ struct rt6_info ip6_null_entry = {
134 .metrics = { [RTAX_HOPLIMIT - 1] = 255, }, 138 .metrics = { [RTAX_HOPLIMIT - 1] = 255, },
135 .input = ip6_pkt_discard, 139 .input = ip6_pkt_discard,
136 .output = ip6_pkt_discard_out, 140 .output = ip6_pkt_discard_out,
137 .ops = &ip6_dst_ops,
138 .path = (struct dst_entry*)&ip6_null_entry,
139 } 141 }
140 }, 142 },
141 .rt6i_flags = (RTF_REJECT | RTF_NONEXTHOP), 143 .rt6i_flags = (RTF_REJECT | RTF_NONEXTHOP),
@@ -148,7 +150,7 @@ struct rt6_info ip6_null_entry = {
148static int ip6_pkt_prohibit(struct sk_buff *skb); 150static int ip6_pkt_prohibit(struct sk_buff *skb);
149static int ip6_pkt_prohibit_out(struct sk_buff *skb); 151static int ip6_pkt_prohibit_out(struct sk_buff *skb);
150 152
151struct rt6_info ip6_prohibit_entry = { 153struct rt6_info ip6_prohibit_entry_template = {
152 .u = { 154 .u = {
153 .dst = { 155 .dst = {
154 .__refcnt = ATOMIC_INIT(1), 156 .__refcnt = ATOMIC_INIT(1),
@@ -158,8 +160,6 @@ struct rt6_info ip6_prohibit_entry = {
158 .metrics = { [RTAX_HOPLIMIT - 1] = 255, }, 160 .metrics = { [RTAX_HOPLIMIT - 1] = 255, },
159 .input = ip6_pkt_prohibit, 161 .input = ip6_pkt_prohibit,
160 .output = ip6_pkt_prohibit_out, 162 .output = ip6_pkt_prohibit_out,
161 .ops = &ip6_dst_ops,
162 .path = (struct dst_entry*)&ip6_prohibit_entry,
163 } 163 }
164 }, 164 },
165 .rt6i_flags = (RTF_REJECT | RTF_NONEXTHOP), 165 .rt6i_flags = (RTF_REJECT | RTF_NONEXTHOP),
@@ -167,7 +167,7 @@ struct rt6_info ip6_prohibit_entry = {
167 .rt6i_ref = ATOMIC_INIT(1), 167 .rt6i_ref = ATOMIC_INIT(1),
168}; 168};
169 169
170struct rt6_info ip6_blk_hole_entry = { 170static struct rt6_info ip6_blk_hole_entry_template = {
171 .u = { 171 .u = {
172 .dst = { 172 .dst = {
173 .__refcnt = ATOMIC_INIT(1), 173 .__refcnt = ATOMIC_INIT(1),
@@ -177,8 +177,6 @@ struct rt6_info ip6_blk_hole_entry = {
177 .metrics = { [RTAX_HOPLIMIT - 1] = 255, }, 177 .metrics = { [RTAX_HOPLIMIT - 1] = 255, },
178 .input = dst_discard, 178 .input = dst_discard,
179 .output = dst_discard, 179 .output = dst_discard,
180 .ops = &ip6_dst_ops,
181 .path = (struct dst_entry*)&ip6_blk_hole_entry,
182 } 180 }
183 }, 181 },
184 .rt6i_flags = (RTF_REJECT | RTF_NONEXTHOP), 182 .rt6i_flags = (RTF_REJECT | RTF_NONEXTHOP),
@@ -189,9 +187,9 @@ struct rt6_info ip6_blk_hole_entry = {
189#endif 187#endif
190 188
191/* allocate dst with ip6_dst_ops */ 189/* allocate dst with ip6_dst_ops */
192static __inline__ struct rt6_info *ip6_dst_alloc(void) 190static inline struct rt6_info *ip6_dst_alloc(struct dst_ops *ops)
193{ 191{
194 return (struct rt6_info *)dst_alloc(&ip6_dst_ops); 192 return (struct rt6_info *)dst_alloc(ops);
195} 193}
196 194
197static void ip6_dst_destroy(struct dst_entry *dst) 195static void ip6_dst_destroy(struct dst_entry *dst)
@@ -211,7 +209,7 @@ static void ip6_dst_ifdown(struct dst_entry *dst, struct net_device *dev,
211 struct rt6_info *rt = (struct rt6_info *)dst; 209 struct rt6_info *rt = (struct rt6_info *)dst;
212 struct inet6_dev *idev = rt->rt6i_idev; 210 struct inet6_dev *idev = rt->rt6i_idev;
213 struct net_device *loopback_dev = 211 struct net_device *loopback_dev =
214 dev->nd_net->loopback_dev; 212 dev_net(dev)->loopback_dev;
215 213
216 if (dev != loopback_dev && idev != NULL && idev->dev == dev) { 214 if (dev != loopback_dev && idev != NULL && idev->dev == dev) {
217 struct inet6_dev *loopback_idev = 215 struct inet6_dev *loopback_idev =
@@ -239,7 +237,8 @@ static inline int rt6_need_strict(struct in6_addr *daddr)
239 * Route lookup. Any table->tb6_lock is implied. 237 * Route lookup. Any table->tb6_lock is implied.
240 */ 238 */
241 239
242static __inline__ struct rt6_info *rt6_device_match(struct rt6_info *rt, 240static inline struct rt6_info *rt6_device_match(struct net *net,
241 struct rt6_info *rt,
243 int oif, 242 int oif,
244 int strict) 243 int strict)
245{ 244{
@@ -268,7 +267,7 @@ static __inline__ struct rt6_info *rt6_device_match(struct rt6_info *rt,
268 return local; 267 return local;
269 268
270 if (strict) 269 if (strict)
271 return &ip6_null_entry; 270 return net->ipv6.ip6_null_entry;
272 } 271 }
273 return rt; 272 return rt;
274} 273}
@@ -409,9 +408,10 @@ static struct rt6_info *find_rr_leaf(struct fib6_node *fn,
409static struct rt6_info *rt6_select(struct fib6_node *fn, int oif, int strict) 408static struct rt6_info *rt6_select(struct fib6_node *fn, int oif, int strict)
410{ 409{
411 struct rt6_info *match, *rt0; 410 struct rt6_info *match, *rt0;
411 struct net *net;
412 412
413 RT6_TRACE("%s(fn->leaf=%p, oif=%d)\n", 413 RT6_TRACE("%s(fn->leaf=%p, oif=%d)\n",
414 __FUNCTION__, fn->leaf, oif); 414 __func__, fn->leaf, oif);
415 415
416 rt0 = fn->rr_ptr; 416 rt0 = fn->rr_ptr;
417 if (!rt0) 417 if (!rt0)
@@ -432,15 +432,17 @@ static struct rt6_info *rt6_select(struct fib6_node *fn, int oif, int strict)
432 } 432 }
433 433
434 RT6_TRACE("%s() => %p\n", 434 RT6_TRACE("%s() => %p\n",
435 __FUNCTION__, match); 435 __func__, match);
436 436
437 return (match ? match : &ip6_null_entry); 437 net = dev_net(rt0->rt6i_dev);
438 return (match ? match : net->ipv6.ip6_null_entry);
438} 439}
439 440
440#ifdef CONFIG_IPV6_ROUTE_INFO 441#ifdef CONFIG_IPV6_ROUTE_INFO
441int rt6_route_rcv(struct net_device *dev, u8 *opt, int len, 442int rt6_route_rcv(struct net_device *dev, u8 *opt, int len,
442 struct in6_addr *gwaddr) 443 struct in6_addr *gwaddr)
443{ 444{
445 struct net *net = dev_net(dev);
444 struct route_info *rinfo = (struct route_info *) opt; 446 struct route_info *rinfo = (struct route_info *) opt;
445 struct in6_addr prefix_buf, *prefix; 447 struct in6_addr prefix_buf, *prefix;
446 unsigned int pref; 448 unsigned int pref;
@@ -488,7 +490,8 @@ int rt6_route_rcv(struct net_device *dev, u8 *opt, int len,
488 prefix = &prefix_buf; 490 prefix = &prefix_buf;
489 } 491 }
490 492
491 rt = rt6_get_route_info(prefix, rinfo->prefix_len, gwaddr, dev->ifindex); 493 rt = rt6_get_route_info(net, prefix, rinfo->prefix_len, gwaddr,
494 dev->ifindex);
492 495
493 if (rt && !lifetime) { 496 if (rt && !lifetime) {
494 ip6_del_rt(rt); 497 ip6_del_rt(rt);
@@ -496,7 +499,7 @@ int rt6_route_rcv(struct net_device *dev, u8 *opt, int len,
496 } 499 }
497 500
498 if (!rt && lifetime) 501 if (!rt && lifetime)
499 rt = rt6_add_route_info(prefix, rinfo->prefix_len, gwaddr, dev->ifindex, 502 rt = rt6_add_route_info(net, prefix, rinfo->prefix_len, gwaddr, dev->ifindex,
500 pref); 503 pref);
501 else if (rt) 504 else if (rt)
502 rt->rt6i_flags = RTF_ROUTEINFO | 505 rt->rt6i_flags = RTF_ROUTEINFO |
@@ -515,9 +518,9 @@ int rt6_route_rcv(struct net_device *dev, u8 *opt, int len,
515} 518}
516#endif 519#endif
517 520
518#define BACKTRACK(saddr) \ 521#define BACKTRACK(__net, saddr) \
519do { \ 522do { \
520 if (rt == &ip6_null_entry) { \ 523 if (rt == __net->ipv6.ip6_null_entry) { \
521 struct fib6_node *pn; \ 524 struct fib6_node *pn; \
522 while (1) { \ 525 while (1) { \
523 if (fn->fn_flags & RTN_TL_ROOT) \ 526 if (fn->fn_flags & RTN_TL_ROOT) \
@@ -533,7 +536,8 @@ do { \
533 } \ 536 } \
534} while(0) 537} while(0)
535 538
536static struct rt6_info *ip6_pol_route_lookup(struct fib6_table *table, 539static struct rt6_info *ip6_pol_route_lookup(struct net *net,
540 struct fib6_table *table,
537 struct flowi *fl, int flags) 541 struct flowi *fl, int flags)
538{ 542{
539 struct fib6_node *fn; 543 struct fib6_node *fn;
@@ -543,8 +547,8 @@ static struct rt6_info *ip6_pol_route_lookup(struct fib6_table *table,
543 fn = fib6_lookup(&table->tb6_root, &fl->fl6_dst, &fl->fl6_src); 547 fn = fib6_lookup(&table->tb6_root, &fl->fl6_dst, &fl->fl6_src);
544restart: 548restart:
545 rt = fn->leaf; 549 rt = fn->leaf;
546 rt = rt6_device_match(rt, fl->oif, flags); 550 rt = rt6_device_match(net, rt, fl->oif, flags);
547 BACKTRACK(&fl->fl6_src); 551 BACKTRACK(net, &fl->fl6_src);
548out: 552out:
549 dst_use(&rt->u.dst, jiffies); 553 dst_use(&rt->u.dst, jiffies);
550 read_unlock_bh(&table->tb6_lock); 554 read_unlock_bh(&table->tb6_lock);
@@ -552,8 +556,8 @@ out:
552 556
553} 557}
554 558
555struct rt6_info *rt6_lookup(struct in6_addr *daddr, struct in6_addr *saddr, 559struct rt6_info *rt6_lookup(struct net *net, const struct in6_addr *daddr,
556 int oif, int strict) 560 const struct in6_addr *saddr, int oif, int strict)
557{ 561{
558 struct flowi fl = { 562 struct flowi fl = {
559 .oif = oif, 563 .oif = oif,
@@ -571,7 +575,7 @@ struct rt6_info *rt6_lookup(struct in6_addr *daddr, struct in6_addr *saddr,
571 flags |= RT6_LOOKUP_F_HAS_SADDR; 575 flags |= RT6_LOOKUP_F_HAS_SADDR;
572 } 576 }
573 577
574 dst = fib6_rule_lookup(&fl, flags, ip6_pol_route_lookup); 578 dst = fib6_rule_lookup(net, &fl, flags, ip6_pol_route_lookup);
575 if (dst->error == 0) 579 if (dst->error == 0)
576 return (struct rt6_info *) dst; 580 return (struct rt6_info *) dst;
577 581
@@ -604,7 +608,7 @@ static int __ip6_ins_rt(struct rt6_info *rt, struct nl_info *info)
604int ip6_ins_rt(struct rt6_info *rt) 608int ip6_ins_rt(struct rt6_info *rt)
605{ 609{
606 struct nl_info info = { 610 struct nl_info info = {
607 .nl_net = &init_net, 611 .nl_net = dev_net(rt->rt6i_dev),
608 }; 612 };
609 return __ip6_ins_rt(rt, &info); 613 return __ip6_ins_rt(rt, &info);
610} 614}
@@ -660,8 +664,8 @@ static struct rt6_info *rt6_alloc_clone(struct rt6_info *ort, struct in6_addr *d
660 return rt; 664 return rt;
661} 665}
662 666
663static struct rt6_info *ip6_pol_route(struct fib6_table *table, int oif, 667static struct rt6_info *ip6_pol_route(struct net *net, struct fib6_table *table, int oif,
664 struct flowi *fl, int flags) 668 struct flowi *fl, int flags)
665{ 669{
666 struct fib6_node *fn; 670 struct fib6_node *fn;
667 struct rt6_info *rt, *nrt; 671 struct rt6_info *rt, *nrt;
@@ -680,8 +684,9 @@ restart_2:
680 684
681restart: 685restart:
682 rt = rt6_select(fn, oif, strict | reachable); 686 rt = rt6_select(fn, oif, strict | reachable);
683 BACKTRACK(&fl->fl6_src); 687
684 if (rt == &ip6_null_entry || 688 BACKTRACK(net, &fl->fl6_src);
689 if (rt == net->ipv6.ip6_null_entry ||
685 rt->rt6i_flags & RTF_CACHE) 690 rt->rt6i_flags & RTF_CACHE)
686 goto out; 691 goto out;
687 692
@@ -699,7 +704,7 @@ restart:
699 } 704 }
700 705
701 dst_release(&rt->u.dst); 706 dst_release(&rt->u.dst);
702 rt = nrt ? : &ip6_null_entry; 707 rt = nrt ? : net->ipv6.ip6_null_entry;
703 708
704 dst_hold(&rt->u.dst); 709 dst_hold(&rt->u.dst);
705 if (nrt) { 710 if (nrt) {
@@ -732,15 +737,16 @@ out2:
732 return rt; 737 return rt;
733} 738}
734 739
735static struct rt6_info *ip6_pol_route_input(struct fib6_table *table, 740static struct rt6_info *ip6_pol_route_input(struct net *net, struct fib6_table *table,
736 struct flowi *fl, int flags) 741 struct flowi *fl, int flags)
737{ 742{
738 return ip6_pol_route(table, fl->iif, fl, flags); 743 return ip6_pol_route(net, table, fl->iif, fl, flags);
739} 744}
740 745
741void ip6_route_input(struct sk_buff *skb) 746void ip6_route_input(struct sk_buff *skb)
742{ 747{
743 struct ipv6hdr *iph = ipv6_hdr(skb); 748 struct ipv6hdr *iph = ipv6_hdr(skb);
749 struct net *net = dev_net(skb->dev);
744 int flags = RT6_LOOKUP_F_HAS_SADDR; 750 int flags = RT6_LOOKUP_F_HAS_SADDR;
745 struct flowi fl = { 751 struct flowi fl = {
746 .iif = skb->dev->ifindex, 752 .iif = skb->dev->ifindex,
@@ -758,16 +764,17 @@ void ip6_route_input(struct sk_buff *skb)
758 if (rt6_need_strict(&iph->daddr)) 764 if (rt6_need_strict(&iph->daddr))
759 flags |= RT6_LOOKUP_F_IFACE; 765 flags |= RT6_LOOKUP_F_IFACE;
760 766
761 skb->dst = fib6_rule_lookup(&fl, flags, ip6_pol_route_input); 767 skb->dst = fib6_rule_lookup(net, &fl, flags, ip6_pol_route_input);
762} 768}
763 769
764static struct rt6_info *ip6_pol_route_output(struct fib6_table *table, 770static struct rt6_info *ip6_pol_route_output(struct net *net, struct fib6_table *table,
765 struct flowi *fl, int flags) 771 struct flowi *fl, int flags)
766{ 772{
767 return ip6_pol_route(table, fl->oif, fl, flags); 773 return ip6_pol_route(net, table, fl->oif, fl, flags);
768} 774}
769 775
770struct dst_entry * ip6_route_output(struct sock *sk, struct flowi *fl) 776struct dst_entry * ip6_route_output(struct net *net, struct sock *sk,
777 struct flowi *fl)
771{ 778{
772 int flags = 0; 779 int flags = 0;
773 780
@@ -776,8 +783,17 @@ struct dst_entry * ip6_route_output(struct sock *sk, struct flowi *fl)
776 783
777 if (!ipv6_addr_any(&fl->fl6_src)) 784 if (!ipv6_addr_any(&fl->fl6_src))
778 flags |= RT6_LOOKUP_F_HAS_SADDR; 785 flags |= RT6_LOOKUP_F_HAS_SADDR;
786 else if (sk) {
787 unsigned int prefs = inet6_sk(sk)->srcprefs;
788 if (prefs & IPV6_PREFER_SRC_TMP)
789 flags |= RT6_LOOKUP_F_SRCPREF_TMP;
790 if (prefs & IPV6_PREFER_SRC_PUBLIC)
791 flags |= RT6_LOOKUP_F_SRCPREF_PUBLIC;
792 if (prefs & IPV6_PREFER_SRC_COA)
793 flags |= RT6_LOOKUP_F_SRCPREF_COA;
794 }
779 795
780 return fib6_rule_lookup(fl, flags, ip6_pol_route_output); 796 return fib6_rule_lookup(net, fl, flags, ip6_pol_route_output);
781} 797}
782 798
783EXPORT_SYMBOL(ip6_route_output); 799EXPORT_SYMBOL(ip6_route_output);
@@ -886,12 +902,12 @@ static void ip6_rt_update_pmtu(struct dst_entry *dst, u32 mtu)
886 902
887static int ipv6_get_mtu(struct net_device *dev); 903static int ipv6_get_mtu(struct net_device *dev);
888 904
889static inline unsigned int ipv6_advmss(unsigned int mtu) 905static inline unsigned int ipv6_advmss(struct net *net, unsigned int mtu)
890{ 906{
891 mtu -= sizeof(struct ipv6hdr) + sizeof(struct tcphdr); 907 mtu -= sizeof(struct ipv6hdr) + sizeof(struct tcphdr);
892 908
893 if (mtu < init_net.ipv6.sysctl.ip6_rt_min_advmss) 909 if (mtu < net->ipv6.sysctl.ip6_rt_min_advmss)
894 mtu = init_net.ipv6.sysctl.ip6_rt_min_advmss; 910 mtu = net->ipv6.sysctl.ip6_rt_min_advmss;
895 911
896 /* 912 /*
897 * Maximal non-jumbo IPv6 payload is IPV6_MAXPLEN and 913 * Maximal non-jumbo IPv6 payload is IPV6_MAXPLEN and
@@ -904,21 +920,21 @@ static inline unsigned int ipv6_advmss(unsigned int mtu)
904 return mtu; 920 return mtu;
905} 921}
906 922
907static struct dst_entry *ndisc_dst_gc_list; 923static struct dst_entry *icmp6_dst_gc_list;
908static DEFINE_SPINLOCK(ndisc_lock); 924static DEFINE_SPINLOCK(icmp6_dst_lock);
909 925
910struct dst_entry *ndisc_dst_alloc(struct net_device *dev, 926struct dst_entry *icmp6_dst_alloc(struct net_device *dev,
911 struct neighbour *neigh, 927 struct neighbour *neigh,
912 struct in6_addr *addr, 928 const struct in6_addr *addr)
913 int (*output)(struct sk_buff *))
914{ 929{
915 struct rt6_info *rt; 930 struct rt6_info *rt;
916 struct inet6_dev *idev = in6_dev_get(dev); 931 struct inet6_dev *idev = in6_dev_get(dev);
932 struct net *net = dev_net(dev);
917 933
918 if (unlikely(idev == NULL)) 934 if (unlikely(idev == NULL))
919 return NULL; 935 return NULL;
920 936
921 rt = ip6_dst_alloc(); 937 rt = ip6_dst_alloc(net->ipv6.ip6_dst_ops);
922 if (unlikely(rt == NULL)) { 938 if (unlikely(rt == NULL)) {
923 in6_dev_put(idev); 939 in6_dev_put(idev);
924 goto out; 940 goto out;
@@ -936,8 +952,8 @@ struct dst_entry *ndisc_dst_alloc(struct net_device *dev,
936 atomic_set(&rt->u.dst.__refcnt, 1); 952 atomic_set(&rt->u.dst.__refcnt, 1);
937 rt->u.dst.metrics[RTAX_HOPLIMIT-1] = 255; 953 rt->u.dst.metrics[RTAX_HOPLIMIT-1] = 255;
938 rt->u.dst.metrics[RTAX_MTU-1] = ipv6_get_mtu(rt->rt6i_dev); 954 rt->u.dst.metrics[RTAX_MTU-1] = ipv6_get_mtu(rt->rt6i_dev);
939 rt->u.dst.metrics[RTAX_ADVMSS-1] = ipv6_advmss(dst_mtu(&rt->u.dst)); 955 rt->u.dst.metrics[RTAX_ADVMSS-1] = ipv6_advmss(net, dst_mtu(&rt->u.dst));
940 rt->u.dst.output = output; 956 rt->u.dst.output = ip6_output;
941 957
942#if 0 /* there's no chance to use these for ndisc */ 958#if 0 /* there's no chance to use these for ndisc */
943 rt->u.dst.flags = ipv6_addr_type(addr) & IPV6_ADDR_UNICAST 959 rt->u.dst.flags = ipv6_addr_type(addr) & IPV6_ADDR_UNICAST
@@ -947,18 +963,18 @@ struct dst_entry *ndisc_dst_alloc(struct net_device *dev,
947 rt->rt6i_dst.plen = 128; 963 rt->rt6i_dst.plen = 128;
948#endif 964#endif
949 965
950 spin_lock_bh(&ndisc_lock); 966 spin_lock_bh(&icmp6_dst_lock);
951 rt->u.dst.next = ndisc_dst_gc_list; 967 rt->u.dst.next = icmp6_dst_gc_list;
952 ndisc_dst_gc_list = &rt->u.dst; 968 icmp6_dst_gc_list = &rt->u.dst;
953 spin_unlock_bh(&ndisc_lock); 969 spin_unlock_bh(&icmp6_dst_lock);
954 970
955 fib6_force_start_gc(); 971 fib6_force_start_gc(net);
956 972
957out: 973out:
958 return &rt->u.dst; 974 return &rt->u.dst;
959} 975}
960 976
961int ndisc_dst_gc(int *more) 977int icmp6_dst_gc(int *more)
962{ 978{
963 struct dst_entry *dst, *next, **pprev; 979 struct dst_entry *dst, *next, **pprev;
964 int freed; 980 int freed;
@@ -966,8 +982,8 @@ int ndisc_dst_gc(int *more)
966 next = NULL; 982 next = NULL;
967 freed = 0; 983 freed = 0;
968 984
969 spin_lock_bh(&ndisc_lock); 985 spin_lock_bh(&icmp6_dst_lock);
970 pprev = &ndisc_dst_gc_list; 986 pprev = &icmp6_dst_gc_list;
971 987
972 while ((dst = *pprev) != NULL) { 988 while ((dst = *pprev) != NULL) {
973 if (!atomic_read(&dst->__refcnt)) { 989 if (!atomic_read(&dst->__refcnt)) {
@@ -980,30 +996,33 @@ int ndisc_dst_gc(int *more)
980 } 996 }
981 } 997 }
982 998
983 spin_unlock_bh(&ndisc_lock); 999 spin_unlock_bh(&icmp6_dst_lock);
984 1000
985 return freed; 1001 return freed;
986} 1002}
987 1003
988static int ip6_dst_gc(struct dst_ops *ops) 1004static int ip6_dst_gc(struct dst_ops *ops)
989{ 1005{
990 static unsigned expire = 30*HZ;
991 static unsigned long last_gc;
992 unsigned long now = jiffies; 1006 unsigned long now = jiffies;
993 1007 struct net *net = ops->dst_net;
994 if (time_after(last_gc + init_net.ipv6.sysctl.ip6_rt_gc_min_interval, now) && 1008 int rt_min_interval = net->ipv6.sysctl.ip6_rt_gc_min_interval;
995 atomic_read(&ip6_dst_ops.entries) <= init_net.ipv6.sysctl.ip6_rt_max_size) 1009 int rt_max_size = net->ipv6.sysctl.ip6_rt_max_size;
1010 int rt_elasticity = net->ipv6.sysctl.ip6_rt_gc_elasticity;
1011 int rt_gc_timeout = net->ipv6.sysctl.ip6_rt_gc_timeout;
1012 unsigned long rt_last_gc = net->ipv6.ip6_rt_last_gc;
1013
1014 if (time_after(rt_last_gc + rt_min_interval, now) &&
1015 atomic_read(&ops->entries) <= rt_max_size)
996 goto out; 1016 goto out;
997 1017
998 expire++; 1018 net->ipv6.ip6_rt_gc_expire++;
999 fib6_run_gc(expire); 1019 fib6_run_gc(net->ipv6.ip6_rt_gc_expire, net);
1000 last_gc = now; 1020 net->ipv6.ip6_rt_last_gc = now;
1001 if (atomic_read(&ip6_dst_ops.entries) < ip6_dst_ops.gc_thresh) 1021 if (atomic_read(&ops->entries) < ops->gc_thresh)
1002 expire = init_net.ipv6.sysctl.ip6_rt_gc_timeout>>1; 1022 net->ipv6.ip6_rt_gc_expire = rt_gc_timeout>>1;
1003
1004out: 1023out:
1005 expire -= expire>>init_net.ipv6.sysctl.ip6_rt_gc_elasticity; 1024 net->ipv6.ip6_rt_gc_expire -= net->ipv6.ip6_rt_gc_expire>>rt_elasticity;
1006 return (atomic_read(&ip6_dst_ops.entries) > init_net.ipv6.sysctl.ip6_rt_max_size); 1025 return (atomic_read(&ops->entries) > rt_max_size);
1007} 1026}
1008 1027
1009/* Clean host part of a prefix. Not necessary in radix tree, 1028/* Clean host part of a prefix. Not necessary in radix tree,
@@ -1025,15 +1044,17 @@ static int ipv6_get_mtu(struct net_device *dev)
1025 return mtu; 1044 return mtu;
1026} 1045}
1027 1046
1028int ipv6_get_hoplimit(struct net_device *dev) 1047int ip6_dst_hoplimit(struct dst_entry *dst)
1029{ 1048{
1030 int hoplimit = ipv6_devconf.hop_limit; 1049 int hoplimit = dst_metric(dst, RTAX_HOPLIMIT);
1031 struct inet6_dev *idev; 1050 if (hoplimit < 0) {
1032 1051 struct net_device *dev = dst->dev;
1033 idev = in6_dev_get(dev); 1052 struct inet6_dev *idev = in6_dev_get(dev);
1034 if (idev) { 1053 if (idev) {
1035 hoplimit = idev->cnf.hop_limit; 1054 hoplimit = idev->cnf.hop_limit;
1036 in6_dev_put(idev); 1055 in6_dev_put(idev);
1056 } else
1057 hoplimit = ipv6_devconf.hop_limit;
1037 } 1058 }
1038 return hoplimit; 1059 return hoplimit;
1039} 1060}
@@ -1045,6 +1066,7 @@ int ipv6_get_hoplimit(struct net_device *dev)
1045int ip6_route_add(struct fib6_config *cfg) 1066int ip6_route_add(struct fib6_config *cfg)
1046{ 1067{
1047 int err; 1068 int err;
1069 struct net *net = cfg->fc_nlinfo.nl_net;
1048 struct rt6_info *rt = NULL; 1070 struct rt6_info *rt = NULL;
1049 struct net_device *dev = NULL; 1071 struct net_device *dev = NULL;
1050 struct inet6_dev *idev = NULL; 1072 struct inet6_dev *idev = NULL;
@@ -1059,7 +1081,7 @@ int ip6_route_add(struct fib6_config *cfg)
1059#endif 1081#endif
1060 if (cfg->fc_ifindex) { 1082 if (cfg->fc_ifindex) {
1061 err = -ENODEV; 1083 err = -ENODEV;
1062 dev = dev_get_by_index(&init_net, cfg->fc_ifindex); 1084 dev = dev_get_by_index(net, cfg->fc_ifindex);
1063 if (!dev) 1085 if (!dev)
1064 goto out; 1086 goto out;
1065 idev = in6_dev_get(dev); 1087 idev = in6_dev_get(dev);
@@ -1070,13 +1092,13 @@ int ip6_route_add(struct fib6_config *cfg)
1070 if (cfg->fc_metric == 0) 1092 if (cfg->fc_metric == 0)
1071 cfg->fc_metric = IP6_RT_PRIO_USER; 1093 cfg->fc_metric = IP6_RT_PRIO_USER;
1072 1094
1073 table = fib6_new_table(cfg->fc_table); 1095 table = fib6_new_table(net, cfg->fc_table);
1074 if (table == NULL) { 1096 if (table == NULL) {
1075 err = -ENOBUFS; 1097 err = -ENOBUFS;
1076 goto out; 1098 goto out;
1077 } 1099 }
1078 1100
1079 rt = ip6_dst_alloc(); 1101 rt = ip6_dst_alloc(net->ipv6.ip6_dst_ops);
1080 1102
1081 if (rt == NULL) { 1103 if (rt == NULL) {
1082 err = -ENOMEM; 1104 err = -ENOMEM;
@@ -1117,12 +1139,12 @@ int ip6_route_add(struct fib6_config *cfg)
1117 if ((cfg->fc_flags & RTF_REJECT) || 1139 if ((cfg->fc_flags & RTF_REJECT) ||
1118 (dev && (dev->flags&IFF_LOOPBACK) && !(addr_type&IPV6_ADDR_LOOPBACK))) { 1140 (dev && (dev->flags&IFF_LOOPBACK) && !(addr_type&IPV6_ADDR_LOOPBACK))) {
1119 /* hold loopback dev/idev if we haven't done so. */ 1141 /* hold loopback dev/idev if we haven't done so. */
1120 if (dev != init_net.loopback_dev) { 1142 if (dev != net->loopback_dev) {
1121 if (dev) { 1143 if (dev) {
1122 dev_put(dev); 1144 dev_put(dev);
1123 in6_dev_put(idev); 1145 in6_dev_put(idev);
1124 } 1146 }
1125 dev = init_net.loopback_dev; 1147 dev = net->loopback_dev;
1126 dev_hold(dev); 1148 dev_hold(dev);
1127 idev = in6_dev_get(dev); 1149 idev = in6_dev_get(dev);
1128 if (!idev) { 1150 if (!idev) {
@@ -1159,7 +1181,7 @@ int ip6_route_add(struct fib6_config *cfg)
1159 if (!(gwa_type&IPV6_ADDR_UNICAST)) 1181 if (!(gwa_type&IPV6_ADDR_UNICAST))
1160 goto out; 1182 goto out;
1161 1183
1162 grt = rt6_lookup(gw_addr, NULL, cfg->fc_ifindex, 1); 1184 grt = rt6_lookup(net, gw_addr, NULL, cfg->fc_ifindex, 1);
1163 1185
1164 err = -EHOSTUNREACH; 1186 err = -EHOSTUNREACH;
1165 if (grt == NULL) 1187 if (grt == NULL)
@@ -1226,10 +1248,13 @@ install_route:
1226 if (!rt->u.dst.metrics[RTAX_MTU-1]) 1248 if (!rt->u.dst.metrics[RTAX_MTU-1])
1227 rt->u.dst.metrics[RTAX_MTU-1] = ipv6_get_mtu(dev); 1249 rt->u.dst.metrics[RTAX_MTU-1] = ipv6_get_mtu(dev);
1228 if (!rt->u.dst.metrics[RTAX_ADVMSS-1]) 1250 if (!rt->u.dst.metrics[RTAX_ADVMSS-1])
1229 rt->u.dst.metrics[RTAX_ADVMSS-1] = ipv6_advmss(dst_mtu(&rt->u.dst)); 1251 rt->u.dst.metrics[RTAX_ADVMSS-1] = ipv6_advmss(net, dst_mtu(&rt->u.dst));
1230 rt->u.dst.dev = dev; 1252 rt->u.dst.dev = dev;
1231 rt->rt6i_idev = idev; 1253 rt->rt6i_idev = idev;
1232 rt->rt6i_table = table; 1254 rt->rt6i_table = table;
1255
1256 cfg->fc_nlinfo.nl_net = dev_net(dev);
1257
1233 return __ip6_ins_rt(rt, &cfg->fc_nlinfo); 1258 return __ip6_ins_rt(rt, &cfg->fc_nlinfo);
1234 1259
1235out: 1260out:
@@ -1246,8 +1271,9 @@ static int __ip6_del_rt(struct rt6_info *rt, struct nl_info *info)
1246{ 1271{
1247 int err; 1272 int err;
1248 struct fib6_table *table; 1273 struct fib6_table *table;
1274 struct net *net = dev_net(rt->rt6i_dev);
1249 1275
1250 if (rt == &ip6_null_entry) 1276 if (rt == net->ipv6.ip6_null_entry)
1251 return -ENOENT; 1277 return -ENOENT;
1252 1278
1253 table = rt->rt6i_table; 1279 table = rt->rt6i_table;
@@ -1264,7 +1290,7 @@ static int __ip6_del_rt(struct rt6_info *rt, struct nl_info *info)
1264int ip6_del_rt(struct rt6_info *rt) 1290int ip6_del_rt(struct rt6_info *rt)
1265{ 1291{
1266 struct nl_info info = { 1292 struct nl_info info = {
1267 .nl_net = &init_net, 1293 .nl_net = dev_net(rt->rt6i_dev),
1268 }; 1294 };
1269 return __ip6_del_rt(rt, &info); 1295 return __ip6_del_rt(rt, &info);
1270} 1296}
@@ -1276,7 +1302,7 @@ static int ip6_route_del(struct fib6_config *cfg)
1276 struct rt6_info *rt; 1302 struct rt6_info *rt;
1277 int err = -ESRCH; 1303 int err = -ESRCH;
1278 1304
1279 table = fib6_get_table(cfg->fc_table); 1305 table = fib6_get_table(cfg->fc_nlinfo.nl_net, cfg->fc_table);
1280 if (table == NULL) 1306 if (table == NULL)
1281 return err; 1307 return err;
1282 1308
@@ -1316,7 +1342,8 @@ struct ip6rd_flowi {
1316 struct in6_addr gateway; 1342 struct in6_addr gateway;
1317}; 1343};
1318 1344
1319static struct rt6_info *__ip6_route_redirect(struct fib6_table *table, 1345static struct rt6_info *__ip6_route_redirect(struct net *net,
1346 struct fib6_table *table,
1320 struct flowi *fl, 1347 struct flowi *fl,
1321 int flags) 1348 int flags)
1322{ 1349{
@@ -1359,8 +1386,8 @@ restart:
1359 } 1386 }
1360 1387
1361 if (!rt) 1388 if (!rt)
1362 rt = &ip6_null_entry; 1389 rt = net->ipv6.ip6_null_entry;
1363 BACKTRACK(&fl->fl6_src); 1390 BACKTRACK(net, &fl->fl6_src);
1364out: 1391out:
1365 dst_hold(&rt->u.dst); 1392 dst_hold(&rt->u.dst);
1366 1393
@@ -1375,6 +1402,7 @@ static struct rt6_info *ip6_route_redirect(struct in6_addr *dest,
1375 struct net_device *dev) 1402 struct net_device *dev)
1376{ 1403{
1377 int flags = RT6_LOOKUP_F_HAS_SADDR; 1404 int flags = RT6_LOOKUP_F_HAS_SADDR;
1405 struct net *net = dev_net(dev);
1378 struct ip6rd_flowi rdfl = { 1406 struct ip6rd_flowi rdfl = {
1379 .fl = { 1407 .fl = {
1380 .oif = dev->ifindex, 1408 .oif = dev->ifindex,
@@ -1391,7 +1419,8 @@ static struct rt6_info *ip6_route_redirect(struct in6_addr *dest,
1391 if (rt6_need_strict(dest)) 1419 if (rt6_need_strict(dest))
1392 flags |= RT6_LOOKUP_F_IFACE; 1420 flags |= RT6_LOOKUP_F_IFACE;
1393 1421
1394 return (struct rt6_info *)fib6_rule_lookup((struct flowi *)&rdfl, flags, __ip6_route_redirect); 1422 return (struct rt6_info *)fib6_rule_lookup(net, (struct flowi *)&rdfl,
1423 flags, __ip6_route_redirect);
1395} 1424}
1396 1425
1397void rt6_redirect(struct in6_addr *dest, struct in6_addr *src, 1426void rt6_redirect(struct in6_addr *dest, struct in6_addr *src,
@@ -1400,10 +1429,11 @@ void rt6_redirect(struct in6_addr *dest, struct in6_addr *src,
1400{ 1429{
1401 struct rt6_info *rt, *nrt = NULL; 1430 struct rt6_info *rt, *nrt = NULL;
1402 struct netevent_redirect netevent; 1431 struct netevent_redirect netevent;
1432 struct net *net = dev_net(neigh->dev);
1403 1433
1404 rt = ip6_route_redirect(dest, src, saddr, neigh->dev); 1434 rt = ip6_route_redirect(dest, src, saddr, neigh->dev);
1405 1435
1406 if (rt == &ip6_null_entry) { 1436 if (rt == net->ipv6.ip6_null_entry) {
1407 if (net_ratelimit()) 1437 if (net_ratelimit())
1408 printk(KERN_DEBUG "rt6_redirect: source isn't a valid nexthop " 1438 printk(KERN_DEBUG "rt6_redirect: source isn't a valid nexthop "
1409 "for redirect target\n"); 1439 "for redirect target\n");
@@ -1448,7 +1478,8 @@ void rt6_redirect(struct in6_addr *dest, struct in6_addr *src,
1448 nrt->rt6i_nexthop = neigh_clone(neigh); 1478 nrt->rt6i_nexthop = neigh_clone(neigh);
1449 /* Reset pmtu, it may be better */ 1479 /* Reset pmtu, it may be better */
1450 nrt->u.dst.metrics[RTAX_MTU-1] = ipv6_get_mtu(neigh->dev); 1480 nrt->u.dst.metrics[RTAX_MTU-1] = ipv6_get_mtu(neigh->dev);
1451 nrt->u.dst.metrics[RTAX_ADVMSS-1] = ipv6_advmss(dst_mtu(&nrt->u.dst)); 1481 nrt->u.dst.metrics[RTAX_ADVMSS-1] = ipv6_advmss(dev_net(neigh->dev),
1482 dst_mtu(&nrt->u.dst));
1452 1483
1453 if (ip6_ins_rt(nrt)) 1484 if (ip6_ins_rt(nrt))
1454 goto out; 1485 goto out;
@@ -1476,9 +1507,10 @@ void rt6_pmtu_discovery(struct in6_addr *daddr, struct in6_addr *saddr,
1476 struct net_device *dev, u32 pmtu) 1507 struct net_device *dev, u32 pmtu)
1477{ 1508{
1478 struct rt6_info *rt, *nrt; 1509 struct rt6_info *rt, *nrt;
1510 struct net *net = dev_net(dev);
1479 int allfrag = 0; 1511 int allfrag = 0;
1480 1512
1481 rt = rt6_lookup(daddr, saddr, dev->ifindex, 0); 1513 rt = rt6_lookup(net, daddr, saddr, dev->ifindex, 0);
1482 if (rt == NULL) 1514 if (rt == NULL)
1483 return; 1515 return;
1484 1516
@@ -1511,7 +1543,7 @@ void rt6_pmtu_discovery(struct in6_addr *daddr, struct in6_addr *saddr,
1511 rt->u.dst.metrics[RTAX_MTU-1] = pmtu; 1543 rt->u.dst.metrics[RTAX_MTU-1] = pmtu;
1512 if (allfrag) 1544 if (allfrag)
1513 rt->u.dst.metrics[RTAX_FEATURES-1] |= RTAX_FEATURE_ALLFRAG; 1545 rt->u.dst.metrics[RTAX_FEATURES-1] |= RTAX_FEATURE_ALLFRAG;
1514 dst_set_expires(&rt->u.dst, init_net.ipv6.sysctl.ip6_rt_mtu_expires); 1546 dst_set_expires(&rt->u.dst, net->ipv6.sysctl.ip6_rt_mtu_expires);
1515 rt->rt6i_flags |= RTF_MODIFIED|RTF_EXPIRES; 1547 rt->rt6i_flags |= RTF_MODIFIED|RTF_EXPIRES;
1516 goto out; 1548 goto out;
1517 } 1549 }
@@ -1537,7 +1569,7 @@ void rt6_pmtu_discovery(struct in6_addr *daddr, struct in6_addr *saddr,
1537 * which is 10 mins. After 10 mins the decreased pmtu is expired 1569 * which is 10 mins. After 10 mins the decreased pmtu is expired
1538 * and detecting PMTU increase will be automatically happened. 1570 * and detecting PMTU increase will be automatically happened.
1539 */ 1571 */
1540 dst_set_expires(&nrt->u.dst, init_net.ipv6.sysctl.ip6_rt_mtu_expires); 1572 dst_set_expires(&nrt->u.dst, net->ipv6.sysctl.ip6_rt_mtu_expires);
1541 nrt->rt6i_flags |= RTF_DYNAMIC|RTF_EXPIRES; 1573 nrt->rt6i_flags |= RTF_DYNAMIC|RTF_EXPIRES;
1542 1574
1543 ip6_ins_rt(nrt); 1575 ip6_ins_rt(nrt);
@@ -1552,7 +1584,8 @@ out:
1552 1584
1553static struct rt6_info * ip6_rt_copy(struct rt6_info *ort) 1585static struct rt6_info * ip6_rt_copy(struct rt6_info *ort)
1554{ 1586{
1555 struct rt6_info *rt = ip6_dst_alloc(); 1587 struct net *net = dev_net(ort->rt6i_dev);
1588 struct rt6_info *rt = ip6_dst_alloc(net->ipv6.ip6_dst_ops);
1556 1589
1557 if (rt) { 1590 if (rt) {
1558 rt->u.dst.input = ort->u.dst.input; 1591 rt->u.dst.input = ort->u.dst.input;
@@ -1583,14 +1616,15 @@ static struct rt6_info * ip6_rt_copy(struct rt6_info *ort)
1583} 1616}
1584 1617
1585#ifdef CONFIG_IPV6_ROUTE_INFO 1618#ifdef CONFIG_IPV6_ROUTE_INFO
1586static struct rt6_info *rt6_get_route_info(struct in6_addr *prefix, int prefixlen, 1619static struct rt6_info *rt6_get_route_info(struct net *net,
1620 struct in6_addr *prefix, int prefixlen,
1587 struct in6_addr *gwaddr, int ifindex) 1621 struct in6_addr *gwaddr, int ifindex)
1588{ 1622{
1589 struct fib6_node *fn; 1623 struct fib6_node *fn;
1590 struct rt6_info *rt = NULL; 1624 struct rt6_info *rt = NULL;
1591 struct fib6_table *table; 1625 struct fib6_table *table;
1592 1626
1593 table = fib6_get_table(RT6_TABLE_INFO); 1627 table = fib6_get_table(net, RT6_TABLE_INFO);
1594 if (table == NULL) 1628 if (table == NULL)
1595 return NULL; 1629 return NULL;
1596 1630
@@ -1614,7 +1648,8 @@ out:
1614 return rt; 1648 return rt;
1615} 1649}
1616 1650
1617static struct rt6_info *rt6_add_route_info(struct in6_addr *prefix, int prefixlen, 1651static struct rt6_info *rt6_add_route_info(struct net *net,
1652 struct in6_addr *prefix, int prefixlen,
1618 struct in6_addr *gwaddr, int ifindex, 1653 struct in6_addr *gwaddr, int ifindex,
1619 unsigned pref) 1654 unsigned pref)
1620{ 1655{
@@ -1625,6 +1660,9 @@ static struct rt6_info *rt6_add_route_info(struct in6_addr *prefix, int prefixle
1625 .fc_dst_len = prefixlen, 1660 .fc_dst_len = prefixlen,
1626 .fc_flags = RTF_GATEWAY | RTF_ADDRCONF | RTF_ROUTEINFO | 1661 .fc_flags = RTF_GATEWAY | RTF_ADDRCONF | RTF_ROUTEINFO |
1627 RTF_UP | RTF_PREF(pref), 1662 RTF_UP | RTF_PREF(pref),
1663 .fc_nlinfo.pid = 0,
1664 .fc_nlinfo.nlh = NULL,
1665 .fc_nlinfo.nl_net = net,
1628 }; 1666 };
1629 1667
1630 ipv6_addr_copy(&cfg.fc_dst, prefix); 1668 ipv6_addr_copy(&cfg.fc_dst, prefix);
@@ -1636,7 +1674,7 @@ static struct rt6_info *rt6_add_route_info(struct in6_addr *prefix, int prefixle
1636 1674
1637 ip6_route_add(&cfg); 1675 ip6_route_add(&cfg);
1638 1676
1639 return rt6_get_route_info(prefix, prefixlen, gwaddr, ifindex); 1677 return rt6_get_route_info(net, prefix, prefixlen, gwaddr, ifindex);
1640} 1678}
1641#endif 1679#endif
1642 1680
@@ -1645,7 +1683,7 @@ struct rt6_info *rt6_get_dflt_router(struct in6_addr *addr, struct net_device *d
1645 struct rt6_info *rt; 1683 struct rt6_info *rt;
1646 struct fib6_table *table; 1684 struct fib6_table *table;
1647 1685
1648 table = fib6_get_table(RT6_TABLE_DFLT); 1686 table = fib6_get_table(dev_net(dev), RT6_TABLE_DFLT);
1649 if (table == NULL) 1687 if (table == NULL)
1650 return NULL; 1688 return NULL;
1651 1689
@@ -1662,8 +1700,6 @@ struct rt6_info *rt6_get_dflt_router(struct in6_addr *addr, struct net_device *d
1662 return rt; 1700 return rt;
1663} 1701}
1664 1702
1665EXPORT_SYMBOL(rt6_get_dflt_router);
1666
1667struct rt6_info *rt6_add_dflt_router(struct in6_addr *gwaddr, 1703struct rt6_info *rt6_add_dflt_router(struct in6_addr *gwaddr,
1668 struct net_device *dev, 1704 struct net_device *dev,
1669 unsigned int pref) 1705 unsigned int pref)
@@ -1674,6 +1710,9 @@ struct rt6_info *rt6_add_dflt_router(struct in6_addr *gwaddr,
1674 .fc_ifindex = dev->ifindex, 1710 .fc_ifindex = dev->ifindex,
1675 .fc_flags = RTF_GATEWAY | RTF_ADDRCONF | RTF_DEFAULT | 1711 .fc_flags = RTF_GATEWAY | RTF_ADDRCONF | RTF_DEFAULT |
1676 RTF_UP | RTF_EXPIRES | RTF_PREF(pref), 1712 RTF_UP | RTF_EXPIRES | RTF_PREF(pref),
1713 .fc_nlinfo.pid = 0,
1714 .fc_nlinfo.nlh = NULL,
1715 .fc_nlinfo.nl_net = dev_net(dev),
1677 }; 1716 };
1678 1717
1679 ipv6_addr_copy(&cfg.fc_gateway, gwaddr); 1718 ipv6_addr_copy(&cfg.fc_gateway, gwaddr);
@@ -1683,13 +1722,13 @@ struct rt6_info *rt6_add_dflt_router(struct in6_addr *gwaddr,
1683 return rt6_get_dflt_router(gwaddr, dev); 1722 return rt6_get_dflt_router(gwaddr, dev);
1684} 1723}
1685 1724
1686void rt6_purge_dflt_routers(void) 1725void rt6_purge_dflt_routers(struct net *net)
1687{ 1726{
1688 struct rt6_info *rt; 1727 struct rt6_info *rt;
1689 struct fib6_table *table; 1728 struct fib6_table *table;
1690 1729
1691 /* NOTE: Keep consistent with rt6_get_dflt_router */ 1730 /* NOTE: Keep consistent with rt6_get_dflt_router */
1692 table = fib6_get_table(RT6_TABLE_DFLT); 1731 table = fib6_get_table(net, RT6_TABLE_DFLT);
1693 if (table == NULL) 1732 if (table == NULL)
1694 return; 1733 return;
1695 1734
@@ -1706,7 +1745,8 @@ restart:
1706 read_unlock_bh(&table->tb6_lock); 1745 read_unlock_bh(&table->tb6_lock);
1707} 1746}
1708 1747
1709static void rtmsg_to_fib6_config(struct in6_rtmsg *rtmsg, 1748static void rtmsg_to_fib6_config(struct net *net,
1749 struct in6_rtmsg *rtmsg,
1710 struct fib6_config *cfg) 1750 struct fib6_config *cfg)
1711{ 1751{
1712 memset(cfg, 0, sizeof(*cfg)); 1752 memset(cfg, 0, sizeof(*cfg));
@@ -1719,14 +1759,14 @@ static void rtmsg_to_fib6_config(struct in6_rtmsg *rtmsg,
1719 cfg->fc_src_len = rtmsg->rtmsg_src_len; 1759 cfg->fc_src_len = rtmsg->rtmsg_src_len;
1720 cfg->fc_flags = rtmsg->rtmsg_flags; 1760 cfg->fc_flags = rtmsg->rtmsg_flags;
1721 1761
1722 cfg->fc_nlinfo.nl_net = &init_net; 1762 cfg->fc_nlinfo.nl_net = net;
1723 1763
1724 ipv6_addr_copy(&cfg->fc_dst, &rtmsg->rtmsg_dst); 1764 ipv6_addr_copy(&cfg->fc_dst, &rtmsg->rtmsg_dst);
1725 ipv6_addr_copy(&cfg->fc_src, &rtmsg->rtmsg_src); 1765 ipv6_addr_copy(&cfg->fc_src, &rtmsg->rtmsg_src);
1726 ipv6_addr_copy(&cfg->fc_gateway, &rtmsg->rtmsg_gateway); 1766 ipv6_addr_copy(&cfg->fc_gateway, &rtmsg->rtmsg_gateway);
1727} 1767}
1728 1768
1729int ipv6_route_ioctl(unsigned int cmd, void __user *arg) 1769int ipv6_route_ioctl(struct net *net, unsigned int cmd, void __user *arg)
1730{ 1770{
1731 struct fib6_config cfg; 1771 struct fib6_config cfg;
1732 struct in6_rtmsg rtmsg; 1772 struct in6_rtmsg rtmsg;
@@ -1742,7 +1782,7 @@ int ipv6_route_ioctl(unsigned int cmd, void __user *arg)
1742 if (err) 1782 if (err)
1743 return -EFAULT; 1783 return -EFAULT;
1744 1784
1745 rtmsg_to_fib6_config(&rtmsg, &cfg); 1785 rtmsg_to_fib6_config(net, &rtmsg, &cfg);
1746 1786
1747 rtnl_lock(); 1787 rtnl_lock();
1748 switch (cmd) { 1788 switch (cmd) {
@@ -1821,21 +1861,22 @@ struct rt6_info *addrconf_dst_alloc(struct inet6_dev *idev,
1821 const struct in6_addr *addr, 1861 const struct in6_addr *addr,
1822 int anycast) 1862 int anycast)
1823{ 1863{
1824 struct rt6_info *rt = ip6_dst_alloc(); 1864 struct net *net = dev_net(idev->dev);
1865 struct rt6_info *rt = ip6_dst_alloc(net->ipv6.ip6_dst_ops);
1825 1866
1826 if (rt == NULL) 1867 if (rt == NULL)
1827 return ERR_PTR(-ENOMEM); 1868 return ERR_PTR(-ENOMEM);
1828 1869
1829 dev_hold(init_net.loopback_dev); 1870 dev_hold(net->loopback_dev);
1830 in6_dev_hold(idev); 1871 in6_dev_hold(idev);
1831 1872
1832 rt->u.dst.flags = DST_HOST; 1873 rt->u.dst.flags = DST_HOST;
1833 rt->u.dst.input = ip6_input; 1874 rt->u.dst.input = ip6_input;
1834 rt->u.dst.output = ip6_output; 1875 rt->u.dst.output = ip6_output;
1835 rt->rt6i_dev = init_net.loopback_dev; 1876 rt->rt6i_dev = net->loopback_dev;
1836 rt->rt6i_idev = idev; 1877 rt->rt6i_idev = idev;
1837 rt->u.dst.metrics[RTAX_MTU-1] = ipv6_get_mtu(rt->rt6i_dev); 1878 rt->u.dst.metrics[RTAX_MTU-1] = ipv6_get_mtu(rt->rt6i_dev);
1838 rt->u.dst.metrics[RTAX_ADVMSS-1] = ipv6_advmss(dst_mtu(&rt->u.dst)); 1879 rt->u.dst.metrics[RTAX_ADVMSS-1] = ipv6_advmss(net, dst_mtu(&rt->u.dst));
1839 rt->u.dst.metrics[RTAX_HOPLIMIT-1] = -1; 1880 rt->u.dst.metrics[RTAX_HOPLIMIT-1] = -1;
1840 rt->u.dst.obsolete = -1; 1881 rt->u.dst.obsolete = -1;
1841 1882
@@ -1852,26 +1893,39 @@ struct rt6_info *addrconf_dst_alloc(struct inet6_dev *idev,
1852 1893
1853 ipv6_addr_copy(&rt->rt6i_dst.addr, addr); 1894 ipv6_addr_copy(&rt->rt6i_dst.addr, addr);
1854 rt->rt6i_dst.plen = 128; 1895 rt->rt6i_dst.plen = 128;
1855 rt->rt6i_table = fib6_get_table(RT6_TABLE_LOCAL); 1896 rt->rt6i_table = fib6_get_table(net, RT6_TABLE_LOCAL);
1856 1897
1857 atomic_set(&rt->u.dst.__refcnt, 1); 1898 atomic_set(&rt->u.dst.__refcnt, 1);
1858 1899
1859 return rt; 1900 return rt;
1860} 1901}
1861 1902
1903struct arg_dev_net {
1904 struct net_device *dev;
1905 struct net *net;
1906};
1907
1862static int fib6_ifdown(struct rt6_info *rt, void *arg) 1908static int fib6_ifdown(struct rt6_info *rt, void *arg)
1863{ 1909{
1864 if (((void*)rt->rt6i_dev == arg || arg == NULL) && 1910 struct net_device *dev = ((struct arg_dev_net *)arg)->dev;
1865 rt != &ip6_null_entry) { 1911 struct net *net = ((struct arg_dev_net *)arg)->net;
1912
1913 if (((void *)rt->rt6i_dev == dev || dev == NULL) &&
1914 rt != net->ipv6.ip6_null_entry) {
1866 RT6_TRACE("deleted by ifdown %p\n", rt); 1915 RT6_TRACE("deleted by ifdown %p\n", rt);
1867 return -1; 1916 return -1;
1868 } 1917 }
1869 return 0; 1918 return 0;
1870} 1919}
1871 1920
1872void rt6_ifdown(struct net_device *dev) 1921void rt6_ifdown(struct net *net, struct net_device *dev)
1873{ 1922{
1874 fib6_clean_all(fib6_ifdown, 0, dev); 1923 struct arg_dev_net adn = {
1924 .dev = dev,
1925 .net = net,
1926 };
1927
1928 fib6_clean_all(net, fib6_ifdown, 0, &adn);
1875} 1929}
1876 1930
1877struct rt6_mtu_change_arg 1931struct rt6_mtu_change_arg
@@ -1884,6 +1938,7 @@ static int rt6_mtu_change_route(struct rt6_info *rt, void *p_arg)
1884{ 1938{
1885 struct rt6_mtu_change_arg *arg = (struct rt6_mtu_change_arg *) p_arg; 1939 struct rt6_mtu_change_arg *arg = (struct rt6_mtu_change_arg *) p_arg;
1886 struct inet6_dev *idev; 1940 struct inet6_dev *idev;
1941 struct net *net = dev_net(arg->dev);
1887 1942
1888 /* In IPv6 pmtu discovery is not optional, 1943 /* In IPv6 pmtu discovery is not optional,
1889 so that RTAX_MTU lock cannot disable it. 1944 so that RTAX_MTU lock cannot disable it.
@@ -1915,7 +1970,7 @@ static int rt6_mtu_change_route(struct rt6_info *rt, void *p_arg)
1915 (dst_mtu(&rt->u.dst) < arg->mtu && 1970 (dst_mtu(&rt->u.dst) < arg->mtu &&
1916 dst_mtu(&rt->u.dst) == idev->cnf.mtu6))) { 1971 dst_mtu(&rt->u.dst) == idev->cnf.mtu6))) {
1917 rt->u.dst.metrics[RTAX_MTU-1] = arg->mtu; 1972 rt->u.dst.metrics[RTAX_MTU-1] = arg->mtu;
1918 rt->u.dst.metrics[RTAX_ADVMSS-1] = ipv6_advmss(arg->mtu); 1973 rt->u.dst.metrics[RTAX_ADVMSS-1] = ipv6_advmss(net, arg->mtu);
1919 } 1974 }
1920 return 0; 1975 return 0;
1921} 1976}
@@ -1927,7 +1982,7 @@ void rt6_mtu_change(struct net_device *dev, unsigned mtu)
1927 .mtu = mtu, 1982 .mtu = mtu,
1928 }; 1983 };
1929 1984
1930 fib6_clean_all(rt6_mtu_change_route, 0, &arg); 1985 fib6_clean_all(dev_net(dev), rt6_mtu_change_route, 0, &arg);
1931} 1986}
1932 1987
1933static const struct nla_policy rtm_ipv6_policy[RTA_MAX+1] = { 1988static const struct nla_policy rtm_ipv6_policy[RTA_MAX+1] = {
@@ -1964,7 +2019,7 @@ static int rtm_to_fib6_config(struct sk_buff *skb, struct nlmsghdr *nlh,
1964 2019
1965 cfg->fc_nlinfo.pid = NETLINK_CB(skb).pid; 2020 cfg->fc_nlinfo.pid = NETLINK_CB(skb).pid;
1966 cfg->fc_nlinfo.nlh = nlh; 2021 cfg->fc_nlinfo.nlh = nlh;
1967 cfg->fc_nlinfo.nl_net = skb->sk->sk_net; 2022 cfg->fc_nlinfo.nl_net = sock_net(skb->sk);
1968 2023
1969 if (tb[RTA_GATEWAY]) { 2024 if (tb[RTA_GATEWAY]) {
1970 nla_memcpy(&cfg->fc_gateway, tb[RTA_GATEWAY], 16); 2025 nla_memcpy(&cfg->fc_gateway, tb[RTA_GATEWAY], 16);
@@ -2010,13 +2065,9 @@ errout:
2010 2065
2011static int inet6_rtm_delroute(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg) 2066static int inet6_rtm_delroute(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg)
2012{ 2067{
2013 struct net *net = skb->sk->sk_net;
2014 struct fib6_config cfg; 2068 struct fib6_config cfg;
2015 int err; 2069 int err;
2016 2070
2017 if (net != &init_net)
2018 return -EINVAL;
2019
2020 err = rtm_to_fib6_config(skb, nlh, &cfg); 2071 err = rtm_to_fib6_config(skb, nlh, &cfg);
2021 if (err < 0) 2072 if (err < 0)
2022 return err; 2073 return err;
@@ -2026,13 +2077,9 @@ static int inet6_rtm_delroute(struct sk_buff *skb, struct nlmsghdr* nlh, void *a
2026 2077
2027static int inet6_rtm_newroute(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg) 2078static int inet6_rtm_newroute(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg)
2028{ 2079{
2029 struct net *net = skb->sk->sk_net;
2030 struct fib6_config cfg; 2080 struct fib6_config cfg;
2031 int err; 2081 int err;
2032 2082
2033 if (net != &init_net)
2034 return -EINVAL;
2035
2036 err = rtm_to_fib6_config(skb, nlh, &cfg); 2083 err = rtm_to_fib6_config(skb, nlh, &cfg);
2037 if (err < 0) 2084 if (err < 0)
2038 return err; 2085 return err;
@@ -2058,7 +2105,7 @@ static inline size_t rt6_nlmsg_size(void)
2058static int rt6_fill_node(struct sk_buff *skb, struct rt6_info *rt, 2105static int rt6_fill_node(struct sk_buff *skb, struct rt6_info *rt,
2059 struct in6_addr *dst, struct in6_addr *src, 2106 struct in6_addr *dst, struct in6_addr *src,
2060 int iif, int type, u32 pid, u32 seq, 2107 int iif, int type, u32 pid, u32 seq,
2061 int prefix, unsigned int flags) 2108 int prefix, int nowait, unsigned int flags)
2062{ 2109{
2063 struct rtmsg *rtm; 2110 struct rtmsg *rtm;
2064 struct nlmsghdr *nlh; 2111 struct nlmsghdr *nlh;
@@ -2118,11 +2165,27 @@ static int rt6_fill_node(struct sk_buff *skb, struct rt6_info *rt,
2118 } else if (rtm->rtm_src_len) 2165 } else if (rtm->rtm_src_len)
2119 NLA_PUT(skb, RTA_SRC, 16, &rt->rt6i_src.addr); 2166 NLA_PUT(skb, RTA_SRC, 16, &rt->rt6i_src.addr);
2120#endif 2167#endif
2121 if (iif) 2168 if (iif) {
2122 NLA_PUT_U32(skb, RTA_IIF, iif); 2169#ifdef CONFIG_IPV6_MROUTE
2123 else if (dst) { 2170 if (ipv6_addr_is_multicast(&rt->rt6i_dst.addr)) {
2171 int err = ip6mr_get_route(skb, rtm, nowait);
2172 if (err <= 0) {
2173 if (!nowait) {
2174 if (err == 0)
2175 return 0;
2176 goto nla_put_failure;
2177 } else {
2178 if (err == -EMSGSIZE)
2179 goto nla_put_failure;
2180 }
2181 }
2182 } else
2183#endif
2184 NLA_PUT_U32(skb, RTA_IIF, iif);
2185 } else if (dst) {
2124 struct in6_addr saddr_buf; 2186 struct in6_addr saddr_buf;
2125 if (ipv6_get_saddr(&rt->u.dst, dst, &saddr_buf) == 0) 2187 if (ipv6_dev_get_saddr(ip6_dst_idev(&rt->u.dst)->dev,
2188 dst, 0, &saddr_buf) == 0)
2126 NLA_PUT(skb, RTA_PREFSRC, 16, &saddr_buf); 2189 NLA_PUT(skb, RTA_PREFSRC, 16, &saddr_buf);
2127 } 2190 }
2128 2191
@@ -2162,12 +2225,12 @@ int rt6_dump_route(struct rt6_info *rt, void *p_arg)
2162 2225
2163 return rt6_fill_node(arg->skb, rt, NULL, NULL, 0, RTM_NEWROUTE, 2226 return rt6_fill_node(arg->skb, rt, NULL, NULL, 0, RTM_NEWROUTE,
2164 NETLINK_CB(arg->cb->skb).pid, arg->cb->nlh->nlmsg_seq, 2227 NETLINK_CB(arg->cb->skb).pid, arg->cb->nlh->nlmsg_seq,
2165 prefix, NLM_F_MULTI); 2228 prefix, 0, NLM_F_MULTI);
2166} 2229}
2167 2230
2168static int inet6_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr* nlh, void *arg) 2231static int inet6_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr* nlh, void *arg)
2169{ 2232{
2170 struct net *net = in_skb->sk->sk_net; 2233 struct net *net = sock_net(in_skb->sk);
2171 struct nlattr *tb[RTA_MAX+1]; 2234 struct nlattr *tb[RTA_MAX+1];
2172 struct rt6_info *rt; 2235 struct rt6_info *rt;
2173 struct sk_buff *skb; 2236 struct sk_buff *skb;
@@ -2175,9 +2238,6 @@ static int inet6_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr* nlh, void
2175 struct flowi fl; 2238 struct flowi fl;
2176 int err, iif = 0; 2239 int err, iif = 0;
2177 2240
2178 if (net != &init_net)
2179 return -EINVAL;
2180
2181 err = nlmsg_parse(nlh, sizeof(*rtm), tb, RTA_MAX, rtm_ipv6_policy); 2241 err = nlmsg_parse(nlh, sizeof(*rtm), tb, RTA_MAX, rtm_ipv6_policy);
2182 if (err < 0) 2242 if (err < 0)
2183 goto errout; 2243 goto errout;
@@ -2207,7 +2267,7 @@ static int inet6_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr* nlh, void
2207 2267
2208 if (iif) { 2268 if (iif) {
2209 struct net_device *dev; 2269 struct net_device *dev;
2210 dev = __dev_get_by_index(&init_net, iif); 2270 dev = __dev_get_by_index(net, iif);
2211 if (!dev) { 2271 if (!dev) {
2212 err = -ENODEV; 2272 err = -ENODEV;
2213 goto errout; 2273 goto errout;
@@ -2226,18 +2286,18 @@ static int inet6_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr* nlh, void
2226 skb_reset_mac_header(skb); 2286 skb_reset_mac_header(skb);
2227 skb_reserve(skb, MAX_HEADER + sizeof(struct ipv6hdr)); 2287 skb_reserve(skb, MAX_HEADER + sizeof(struct ipv6hdr));
2228 2288
2229 rt = (struct rt6_info*) ip6_route_output(NULL, &fl); 2289 rt = (struct rt6_info*) ip6_route_output(net, NULL, &fl);
2230 skb->dst = &rt->u.dst; 2290 skb->dst = &rt->u.dst;
2231 2291
2232 err = rt6_fill_node(skb, rt, &fl.fl6_dst, &fl.fl6_src, iif, 2292 err = rt6_fill_node(skb, rt, &fl.fl6_dst, &fl.fl6_src, iif,
2233 RTM_NEWROUTE, NETLINK_CB(in_skb).pid, 2293 RTM_NEWROUTE, NETLINK_CB(in_skb).pid,
2234 nlh->nlmsg_seq, 0, 0); 2294 nlh->nlmsg_seq, 0, 0, 0);
2235 if (err < 0) { 2295 if (err < 0) {
2236 kfree_skb(skb); 2296 kfree_skb(skb);
2237 goto errout; 2297 goto errout;
2238 } 2298 }
2239 2299
2240 err = rtnl_unicast(skb, &init_net, NETLINK_CB(in_skb).pid); 2300 err = rtnl_unicast(skb, net, NETLINK_CB(in_skb).pid);
2241errout: 2301errout:
2242 return err; 2302 return err;
2243} 2303}
@@ -2245,6 +2305,7 @@ errout:
2245void inet6_rt_notify(int event, struct rt6_info *rt, struct nl_info *info) 2305void inet6_rt_notify(int event, struct rt6_info *rt, struct nl_info *info)
2246{ 2306{
2247 struct sk_buff *skb; 2307 struct sk_buff *skb;
2308 struct net *net = info->nl_net;
2248 u32 seq; 2309 u32 seq;
2249 int err; 2310 int err;
2250 2311
@@ -2256,18 +2317,38 @@ void inet6_rt_notify(int event, struct rt6_info *rt, struct nl_info *info)
2256 goto errout; 2317 goto errout;
2257 2318
2258 err = rt6_fill_node(skb, rt, NULL, NULL, 0, 2319 err = rt6_fill_node(skb, rt, NULL, NULL, 0,
2259 event, info->pid, seq, 0, 0); 2320 event, info->pid, seq, 0, 0, 0);
2260 if (err < 0) { 2321 if (err < 0) {
2261 /* -EMSGSIZE implies BUG in rt6_nlmsg_size() */ 2322 /* -EMSGSIZE implies BUG in rt6_nlmsg_size() */
2262 WARN_ON(err == -EMSGSIZE); 2323 WARN_ON(err == -EMSGSIZE);
2263 kfree_skb(skb); 2324 kfree_skb(skb);
2264 goto errout; 2325 goto errout;
2265 } 2326 }
2266 err = rtnl_notify(skb, &init_net, info->pid, 2327 err = rtnl_notify(skb, net, info->pid, RTNLGRP_IPV6_ROUTE,
2267 RTNLGRP_IPV6_ROUTE, info->nlh, gfp_any()); 2328 info->nlh, gfp_any());
2268errout: 2329errout:
2269 if (err < 0) 2330 if (err < 0)
2270 rtnl_set_sk_err(&init_net, RTNLGRP_IPV6_ROUTE, err); 2331 rtnl_set_sk_err(net, RTNLGRP_IPV6_ROUTE, err);
2332}
2333
2334static int ip6_route_dev_notify(struct notifier_block *this,
2335 unsigned long event, void *data)
2336{
2337 struct net_device *dev = (struct net_device *)data;
2338 struct net *net = dev_net(dev);
2339
2340 if (event == NETDEV_REGISTER && (dev->flags & IFF_LOOPBACK)) {
2341 net->ipv6.ip6_null_entry->u.dst.dev = dev;
2342 net->ipv6.ip6_null_entry->rt6i_idev = in6_dev_get(dev);
2343#ifdef CONFIG_IPV6_MULTIPLE_TABLES
2344 net->ipv6.ip6_prohibit_entry->u.dst.dev = dev;
2345 net->ipv6.ip6_prohibit_entry->rt6i_idev = in6_dev_get(dev);
2346 net->ipv6.ip6_blk_hole_entry->u.dst.dev = dev;
2347 net->ipv6.ip6_blk_hole_entry->rt6i_idev = in6_dev_get(dev);
2348#endif
2349 }
2350
2351 return NOTIFY_OK;
2271} 2352}
2272 2353
2273/* 2354/*
@@ -2316,13 +2397,33 @@ static int rt6_info_route(struct rt6_info *rt, void *p_arg)
2316 2397
2317static int ipv6_route_show(struct seq_file *m, void *v) 2398static int ipv6_route_show(struct seq_file *m, void *v)
2318{ 2399{
2319 fib6_clean_all(rt6_info_route, 0, m); 2400 struct net *net = (struct net *)m->private;
2401 fib6_clean_all(net, rt6_info_route, 0, m);
2320 return 0; 2402 return 0;
2321} 2403}
2322 2404
2323static int ipv6_route_open(struct inode *inode, struct file *file) 2405static int ipv6_route_open(struct inode *inode, struct file *file)
2324{ 2406{
2325 return single_open(file, ipv6_route_show, NULL); 2407 int err;
2408 struct net *net = get_proc_net(inode);
2409 if (!net)
2410 return -ENXIO;
2411
2412 err = single_open(file, ipv6_route_show, net);
2413 if (err < 0) {
2414 put_net(net);
2415 return err;
2416 }
2417
2418 return 0;
2419}
2420
2421static int ipv6_route_release(struct inode *inode, struct file *file)
2422{
2423 struct seq_file *seq = file->private_data;
2424 struct net *net = seq->private;
2425 put_net(net);
2426 return single_release(inode, file);
2326} 2427}
2327 2428
2328static const struct file_operations ipv6_route_proc_fops = { 2429static const struct file_operations ipv6_route_proc_fops = {
@@ -2330,24 +2431,46 @@ static const struct file_operations ipv6_route_proc_fops = {
2330 .open = ipv6_route_open, 2431 .open = ipv6_route_open,
2331 .read = seq_read, 2432 .read = seq_read,
2332 .llseek = seq_lseek, 2433 .llseek = seq_lseek,
2333 .release = single_release, 2434 .release = ipv6_route_release,
2334}; 2435};
2335 2436
2336static int rt6_stats_seq_show(struct seq_file *seq, void *v) 2437static int rt6_stats_seq_show(struct seq_file *seq, void *v)
2337{ 2438{
2439 struct net *net = (struct net *)seq->private;
2338 seq_printf(seq, "%04x %04x %04x %04x %04x %04x %04x\n", 2440 seq_printf(seq, "%04x %04x %04x %04x %04x %04x %04x\n",
2339 rt6_stats.fib_nodes, rt6_stats.fib_route_nodes, 2441 net->ipv6.rt6_stats->fib_nodes,
2340 rt6_stats.fib_rt_alloc, rt6_stats.fib_rt_entries, 2442 net->ipv6.rt6_stats->fib_route_nodes,
2341 rt6_stats.fib_rt_cache, 2443 net->ipv6.rt6_stats->fib_rt_alloc,
2342 atomic_read(&ip6_dst_ops.entries), 2444 net->ipv6.rt6_stats->fib_rt_entries,
2343 rt6_stats.fib_discarded_routes); 2445 net->ipv6.rt6_stats->fib_rt_cache,
2446 atomic_read(&net->ipv6.ip6_dst_ops->entries),
2447 net->ipv6.rt6_stats->fib_discarded_routes);
2344 2448
2345 return 0; 2449 return 0;
2346} 2450}
2347 2451
2348static int rt6_stats_seq_open(struct inode *inode, struct file *file) 2452static int rt6_stats_seq_open(struct inode *inode, struct file *file)
2349{ 2453{
2350 return single_open(file, rt6_stats_seq_show, NULL); 2454 int err;
2455 struct net *net = get_proc_net(inode);
2456 if (!net)
2457 return -ENXIO;
2458
2459 err = single_open(file, rt6_stats_seq_show, net);
2460 if (err < 0) {
2461 put_net(net);
2462 return err;
2463 }
2464
2465 return 0;
2466}
2467
2468static int rt6_stats_seq_release(struct inode *inode, struct file *file)
2469{
2470 struct seq_file *seq = file->private_data;
2471 struct net *net = (struct net *)seq->private;
2472 put_net(net);
2473 return single_release(inode, file);
2351} 2474}
2352 2475
2353static const struct file_operations rt6_stats_seq_fops = { 2476static const struct file_operations rt6_stats_seq_fops = {
@@ -2355,42 +2478,8 @@ static const struct file_operations rt6_stats_seq_fops = {
2355 .open = rt6_stats_seq_open, 2478 .open = rt6_stats_seq_open,
2356 .read = seq_read, 2479 .read = seq_read,
2357 .llseek = seq_lseek, 2480 .llseek = seq_lseek,
2358 .release = single_release, 2481 .release = rt6_stats_seq_release,
2359}; 2482};
2360
2361static int ipv6_route_proc_init(struct net *net)
2362{
2363 int ret = -ENOMEM;
2364 if (!proc_net_fops_create(net, "ipv6_route",
2365 0, &ipv6_route_proc_fops))
2366 goto out;
2367
2368 if (!proc_net_fops_create(net, "rt6_stats",
2369 S_IRUGO, &rt6_stats_seq_fops))
2370 goto out_ipv6_route;
2371
2372 ret = 0;
2373out:
2374 return ret;
2375out_ipv6_route:
2376 proc_net_remove(net, "ipv6_route");
2377 goto out;
2378}
2379
2380static void ipv6_route_proc_fini(struct net *net)
2381{
2382 proc_net_remove(net, "ipv6_route");
2383 proc_net_remove(net, "rt6_stats");
2384}
2385#else
2386static inline int ipv6_route_proc_init(struct net *net)
2387{
2388 return 0;
2389}
2390static inline void ipv6_route_proc_fini(struct net *net)
2391{
2392 return ;
2393}
2394#endif /* CONFIG_PROC_FS */ 2483#endif /* CONFIG_PROC_FS */
2395 2484
2396#ifdef CONFIG_SYSCTL 2485#ifdef CONFIG_SYSCTL
@@ -2399,10 +2488,11 @@ static
2399int ipv6_sysctl_rtcache_flush(ctl_table *ctl, int write, struct file * filp, 2488int ipv6_sysctl_rtcache_flush(ctl_table *ctl, int write, struct file * filp,
2400 void __user *buffer, size_t *lenp, loff_t *ppos) 2489 void __user *buffer, size_t *lenp, loff_t *ppos)
2401{ 2490{
2402 int delay = init_net.ipv6.sysctl.flush_delay; 2491 struct net *net = current->nsproxy->net_ns;
2492 int delay = net->ipv6.sysctl.flush_delay;
2403 if (write) { 2493 if (write) {
2404 proc_dointvec(ctl, write, filp, buffer, lenp, ppos); 2494 proc_dointvec(ctl, write, filp, buffer, lenp, ppos);
2405 fib6_run_gc(delay <= 0 ? ~0UL : (unsigned long)delay); 2495 fib6_run_gc(delay <= 0 ? ~0UL : (unsigned long)delay, net);
2406 return 0; 2496 return 0;
2407 } else 2497 } else
2408 return -EINVAL; 2498 return -EINVAL;
@@ -2419,7 +2509,7 @@ ctl_table ipv6_route_table_template[] = {
2419 { 2509 {
2420 .ctl_name = NET_IPV6_ROUTE_GC_THRESH, 2510 .ctl_name = NET_IPV6_ROUTE_GC_THRESH,
2421 .procname = "gc_thresh", 2511 .procname = "gc_thresh",
2422 .data = &ip6_dst_ops.gc_thresh, 2512 .data = &ip6_dst_ops_template.gc_thresh,
2423 .maxlen = sizeof(int), 2513 .maxlen = sizeof(int),
2424 .mode = 0644, 2514 .mode = 0644,
2425 .proc_handler = &proc_dointvec, 2515 .proc_handler = &proc_dointvec,
@@ -2505,33 +2595,143 @@ struct ctl_table *ipv6_route_sysctl_init(struct net *net)
2505 table = kmemdup(ipv6_route_table_template, 2595 table = kmemdup(ipv6_route_table_template,
2506 sizeof(ipv6_route_table_template), 2596 sizeof(ipv6_route_table_template),
2507 GFP_KERNEL); 2597 GFP_KERNEL);
2598
2599 if (table) {
2600 table[0].data = &net->ipv6.sysctl.flush_delay;
2601 table[1].data = &net->ipv6.ip6_dst_ops->gc_thresh;
2602 table[2].data = &net->ipv6.sysctl.ip6_rt_max_size;
2603 table[3].data = &net->ipv6.sysctl.ip6_rt_gc_min_interval;
2604 table[4].data = &net->ipv6.sysctl.ip6_rt_gc_timeout;
2605 table[5].data = &net->ipv6.sysctl.ip6_rt_gc_interval;
2606 table[6].data = &net->ipv6.sysctl.ip6_rt_gc_elasticity;
2607 table[7].data = &net->ipv6.sysctl.ip6_rt_mtu_expires;
2608 table[8].data = &net->ipv6.sysctl.ip6_rt_min_advmss;
2609 }
2610
2508 return table; 2611 return table;
2509} 2612}
2510#endif 2613#endif
2511 2614
2615static int ip6_route_net_init(struct net *net)
2616{
2617 int ret = 0;
2618
2619 ret = -ENOMEM;
2620 net->ipv6.ip6_dst_ops = kmemdup(&ip6_dst_ops_template,
2621 sizeof(*net->ipv6.ip6_dst_ops),
2622 GFP_KERNEL);
2623 if (!net->ipv6.ip6_dst_ops)
2624 goto out;
2625 net->ipv6.ip6_dst_ops->dst_net = hold_net(net);
2626
2627 net->ipv6.ip6_null_entry = kmemdup(&ip6_null_entry_template,
2628 sizeof(*net->ipv6.ip6_null_entry),
2629 GFP_KERNEL);
2630 if (!net->ipv6.ip6_null_entry)
2631 goto out_ip6_dst_ops;
2632 net->ipv6.ip6_null_entry->u.dst.path =
2633 (struct dst_entry *)net->ipv6.ip6_null_entry;
2634 net->ipv6.ip6_null_entry->u.dst.ops = net->ipv6.ip6_dst_ops;
2635
2636#ifdef CONFIG_IPV6_MULTIPLE_TABLES
2637 net->ipv6.ip6_prohibit_entry = kmemdup(&ip6_prohibit_entry_template,
2638 sizeof(*net->ipv6.ip6_prohibit_entry),
2639 GFP_KERNEL);
2640 if (!net->ipv6.ip6_prohibit_entry) {
2641 kfree(net->ipv6.ip6_null_entry);
2642 goto out;
2643 }
2644 net->ipv6.ip6_prohibit_entry->u.dst.path =
2645 (struct dst_entry *)net->ipv6.ip6_prohibit_entry;
2646 net->ipv6.ip6_prohibit_entry->u.dst.ops = net->ipv6.ip6_dst_ops;
2647
2648 net->ipv6.ip6_blk_hole_entry = kmemdup(&ip6_blk_hole_entry_template,
2649 sizeof(*net->ipv6.ip6_blk_hole_entry),
2650 GFP_KERNEL);
2651 if (!net->ipv6.ip6_blk_hole_entry) {
2652 kfree(net->ipv6.ip6_null_entry);
2653 kfree(net->ipv6.ip6_prohibit_entry);
2654 goto out;
2655 }
2656 net->ipv6.ip6_blk_hole_entry->u.dst.path =
2657 (struct dst_entry *)net->ipv6.ip6_blk_hole_entry;
2658 net->ipv6.ip6_blk_hole_entry->u.dst.ops = net->ipv6.ip6_dst_ops;
2659#endif
2660
2661#ifdef CONFIG_PROC_FS
2662 proc_net_fops_create(net, "ipv6_route", 0, &ipv6_route_proc_fops);
2663 proc_net_fops_create(net, "rt6_stats", S_IRUGO, &rt6_stats_seq_fops);
2664#endif
2665 net->ipv6.ip6_rt_gc_expire = 30*HZ;
2666
2667 ret = 0;
2668out:
2669 return ret;
2670
2671out_ip6_dst_ops:
2672 release_net(net->ipv6.ip6_dst_ops->dst_net);
2673 kfree(net->ipv6.ip6_dst_ops);
2674 goto out;
2675}
2676
2677static void ip6_route_net_exit(struct net *net)
2678{
2679#ifdef CONFIG_PROC_FS
2680 proc_net_remove(net, "ipv6_route");
2681 proc_net_remove(net, "rt6_stats");
2682#endif
2683 kfree(net->ipv6.ip6_null_entry);
2684#ifdef CONFIG_IPV6_MULTIPLE_TABLES
2685 kfree(net->ipv6.ip6_prohibit_entry);
2686 kfree(net->ipv6.ip6_blk_hole_entry);
2687#endif
2688 release_net(net->ipv6.ip6_dst_ops->dst_net);
2689 kfree(net->ipv6.ip6_dst_ops);
2690}
2691
2692static struct pernet_operations ip6_route_net_ops = {
2693 .init = ip6_route_net_init,
2694 .exit = ip6_route_net_exit,
2695};
2696
2697static struct notifier_block ip6_route_dev_notifier = {
2698 .notifier_call = ip6_route_dev_notify,
2699 .priority = 0,
2700};
2701
2512int __init ip6_route_init(void) 2702int __init ip6_route_init(void)
2513{ 2703{
2514 int ret; 2704 int ret;
2515 2705
2516 ip6_dst_ops.kmem_cachep = 2706 ret = -ENOMEM;
2707 ip6_dst_ops_template.kmem_cachep =
2517 kmem_cache_create("ip6_dst_cache", sizeof(struct rt6_info), 0, 2708 kmem_cache_create("ip6_dst_cache", sizeof(struct rt6_info), 0,
2518 SLAB_HWCACHE_ALIGN, NULL); 2709 SLAB_HWCACHE_ALIGN, NULL);
2519 if (!ip6_dst_ops.kmem_cachep) 2710 if (!ip6_dst_ops_template.kmem_cachep)
2520 return -ENOMEM; 2711 goto out;;
2521
2522 ip6_dst_blackhole_ops.kmem_cachep = ip6_dst_ops.kmem_cachep;
2523 2712
2524 ret = fib6_init(); 2713 ret = register_pernet_subsys(&ip6_route_net_ops);
2525 if (ret) 2714 if (ret)
2526 goto out_kmem_cache; 2715 goto out_kmem_cache;
2527 2716
2528 ret = ipv6_route_proc_init(&init_net); 2717 /* Registering of the loopback is done before this portion of code,
2718 * the loopback reference in rt6_info will not be taken, do it
2719 * manually for init_net */
2720 init_net.ipv6.ip6_null_entry->u.dst.dev = init_net.loopback_dev;
2721 init_net.ipv6.ip6_null_entry->rt6i_idev = in6_dev_get(init_net.loopback_dev);
2722 #ifdef CONFIG_IPV6_MULTIPLE_TABLES
2723 init_net.ipv6.ip6_prohibit_entry->u.dst.dev = init_net.loopback_dev;
2724 init_net.ipv6.ip6_prohibit_entry->rt6i_idev = in6_dev_get(init_net.loopback_dev);
2725 init_net.ipv6.ip6_blk_hole_entry->u.dst.dev = init_net.loopback_dev;
2726 init_net.ipv6.ip6_blk_hole_entry->rt6i_idev = in6_dev_get(init_net.loopback_dev);
2727 #endif
2728 ret = fib6_init();
2529 if (ret) 2729 if (ret)
2530 goto out_fib6_init; 2730 goto out_register_subsys;
2531 2731
2532 ret = xfrm6_init(); 2732 ret = xfrm6_init();
2533 if (ret) 2733 if (ret)
2534 goto out_proc_init; 2734 goto out_fib6_init;
2535 2735
2536 ret = fib6_rules_init(); 2736 ret = fib6_rules_init();
2537 if (ret) 2737 if (ret)
@@ -2543,7 +2743,10 @@ int __init ip6_route_init(void)
2543 __rtnl_register(PF_INET6, RTM_GETROUTE, inet6_rtm_getroute, NULL)) 2743 __rtnl_register(PF_INET6, RTM_GETROUTE, inet6_rtm_getroute, NULL))
2544 goto fib6_rules_init; 2744 goto fib6_rules_init;
2545 2745
2546 ret = 0; 2746 ret = register_netdevice_notifier(&ip6_route_dev_notifier);
2747 if (ret)
2748 goto fib6_rules_init;
2749
2547out: 2750out:
2548 return ret; 2751 return ret;
2549 2752
@@ -2551,22 +2754,21 @@ fib6_rules_init:
2551 fib6_rules_cleanup(); 2754 fib6_rules_cleanup();
2552xfrm6_init: 2755xfrm6_init:
2553 xfrm6_fini(); 2756 xfrm6_fini();
2554out_proc_init:
2555 ipv6_route_proc_fini(&init_net);
2556out_fib6_init: 2757out_fib6_init:
2557 rt6_ifdown(NULL);
2558 fib6_gc_cleanup(); 2758 fib6_gc_cleanup();
2759out_register_subsys:
2760 unregister_pernet_subsys(&ip6_route_net_ops);
2559out_kmem_cache: 2761out_kmem_cache:
2560 kmem_cache_destroy(ip6_dst_ops.kmem_cachep); 2762 kmem_cache_destroy(ip6_dst_ops_template.kmem_cachep);
2561 goto out; 2763 goto out;
2562} 2764}
2563 2765
2564void ip6_route_cleanup(void) 2766void ip6_route_cleanup(void)
2565{ 2767{
2768 unregister_netdevice_notifier(&ip6_route_dev_notifier);
2566 fib6_rules_cleanup(); 2769 fib6_rules_cleanup();
2567 ipv6_route_proc_fini(&init_net);
2568 xfrm6_fini(); 2770 xfrm6_fini();
2569 rt6_ifdown(NULL);
2570 fib6_gc_cleanup(); 2771 fib6_gc_cleanup();
2571 kmem_cache_destroy(ip6_dst_ops.kmem_cachep); 2772 unregister_pernet_subsys(&ip6_route_net_ops);
2773 kmem_cache_destroy(ip6_dst_ops_template.kmem_cachep);
2572} 2774}
diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c
index 1656c003b989..4b2f1033994e 100644
--- a/net/ipv6/sit.c
+++ b/net/ipv6/sit.c
@@ -16,7 +16,7 @@
16 * Changes: 16 * Changes:
17 * Roger Venning <r.venning@telstra.com>: 6to4 support 17 * Roger Venning <r.venning@telstra.com>: 6to4 support
18 * Nate Thompson <nate@thebog.net>: 6to4 support 18 * Nate Thompson <nate@thebog.net>: 6to4 support
19 * Fred L. Templin <fltemplin@acm.org>: isatap support 19 * Fred Templin <fred.l.templin@boeing.com>: isatap support
20 */ 20 */
21 21
22#include <linux/module.h> 22#include <linux/module.h>
@@ -52,6 +52,8 @@
52#include <net/inet_ecn.h> 52#include <net/inet_ecn.h>
53#include <net/xfrm.h> 53#include <net/xfrm.h>
54#include <net/dsfield.h> 54#include <net/dsfield.h>
55#include <net/net_namespace.h>
56#include <net/netns/generic.h>
55 57
56/* 58/*
57 This version of net/ipv6/sit.c is cloned of net/ipv4/ip_gre.c 59 This version of net/ipv6/sit.c is cloned of net/ipv4/ip_gre.c
@@ -66,41 +68,47 @@ static int ipip6_fb_tunnel_init(struct net_device *dev);
66static int ipip6_tunnel_init(struct net_device *dev); 68static int ipip6_tunnel_init(struct net_device *dev);
67static void ipip6_tunnel_setup(struct net_device *dev); 69static void ipip6_tunnel_setup(struct net_device *dev);
68 70
69static struct net_device *ipip6_fb_tunnel_dev; 71static int sit_net_id;
72struct sit_net {
73 struct ip_tunnel *tunnels_r_l[HASH_SIZE];
74 struct ip_tunnel *tunnels_r[HASH_SIZE];
75 struct ip_tunnel *tunnels_l[HASH_SIZE];
76 struct ip_tunnel *tunnels_wc[1];
77 struct ip_tunnel **tunnels[4];
70 78
71static struct ip_tunnel *tunnels_r_l[HASH_SIZE]; 79 struct net_device *fb_tunnel_dev;
72static struct ip_tunnel *tunnels_r[HASH_SIZE]; 80};
73static struct ip_tunnel *tunnels_l[HASH_SIZE];
74static struct ip_tunnel *tunnels_wc[1];
75static struct ip_tunnel **tunnels[4] = { tunnels_wc, tunnels_l, tunnels_r, tunnels_r_l };
76 81
77static DEFINE_RWLOCK(ipip6_lock); 82static DEFINE_RWLOCK(ipip6_lock);
78 83
79static struct ip_tunnel * ipip6_tunnel_lookup(__be32 remote, __be32 local) 84static struct ip_tunnel * ipip6_tunnel_lookup(struct net *net,
85 __be32 remote, __be32 local)
80{ 86{
81 unsigned h0 = HASH(remote); 87 unsigned h0 = HASH(remote);
82 unsigned h1 = HASH(local); 88 unsigned h1 = HASH(local);
83 struct ip_tunnel *t; 89 struct ip_tunnel *t;
90 struct sit_net *sitn = net_generic(net, sit_net_id);
84 91
85 for (t = tunnels_r_l[h0^h1]; t; t = t->next) { 92 for (t = sitn->tunnels_r_l[h0^h1]; t; t = t->next) {
86 if (local == t->parms.iph.saddr && 93 if (local == t->parms.iph.saddr &&
87 remote == t->parms.iph.daddr && (t->dev->flags&IFF_UP)) 94 remote == t->parms.iph.daddr && (t->dev->flags&IFF_UP))
88 return t; 95 return t;
89 } 96 }
90 for (t = tunnels_r[h0]; t; t = t->next) { 97 for (t = sitn->tunnels_r[h0]; t; t = t->next) {
91 if (remote == t->parms.iph.daddr && (t->dev->flags&IFF_UP)) 98 if (remote == t->parms.iph.daddr && (t->dev->flags&IFF_UP))
92 return t; 99 return t;
93 } 100 }
94 for (t = tunnels_l[h1]; t; t = t->next) { 101 for (t = sitn->tunnels_l[h1]; t; t = t->next) {
95 if (local == t->parms.iph.saddr && (t->dev->flags&IFF_UP)) 102 if (local == t->parms.iph.saddr && (t->dev->flags&IFF_UP))
96 return t; 103 return t;
97 } 104 }
98 if ((t = tunnels_wc[0]) != NULL && (t->dev->flags&IFF_UP)) 105 if ((t = sitn->tunnels_wc[0]) != NULL && (t->dev->flags&IFF_UP))
99 return t; 106 return t;
100 return NULL; 107 return NULL;
101} 108}
102 109
103static struct ip_tunnel **__ipip6_bucket(struct ip_tunnel_parm *parms) 110static struct ip_tunnel **__ipip6_bucket(struct sit_net *sitn,
111 struct ip_tunnel_parm *parms)
104{ 112{
105 __be32 remote = parms->iph.daddr; 113 __be32 remote = parms->iph.daddr;
106 __be32 local = parms->iph.saddr; 114 __be32 local = parms->iph.saddr;
@@ -115,19 +123,20 @@ static struct ip_tunnel **__ipip6_bucket(struct ip_tunnel_parm *parms)
115 prio |= 1; 123 prio |= 1;
116 h ^= HASH(local); 124 h ^= HASH(local);
117 } 125 }
118 return &tunnels[prio][h]; 126 return &sitn->tunnels[prio][h];
119} 127}
120 128
121static inline struct ip_tunnel **ipip6_bucket(struct ip_tunnel *t) 129static inline struct ip_tunnel **ipip6_bucket(struct sit_net *sitn,
130 struct ip_tunnel *t)
122{ 131{
123 return __ipip6_bucket(&t->parms); 132 return __ipip6_bucket(sitn, &t->parms);
124} 133}
125 134
126static void ipip6_tunnel_unlink(struct ip_tunnel *t) 135static void ipip6_tunnel_unlink(struct sit_net *sitn, struct ip_tunnel *t)
127{ 136{
128 struct ip_tunnel **tp; 137 struct ip_tunnel **tp;
129 138
130 for (tp = ipip6_bucket(t); *tp; tp = &(*tp)->next) { 139 for (tp = ipip6_bucket(sitn, t); *tp; tp = &(*tp)->next) {
131 if (t == *tp) { 140 if (t == *tp) {
132 write_lock_bh(&ipip6_lock); 141 write_lock_bh(&ipip6_lock);
133 *tp = t->next; 142 *tp = t->next;
@@ -137,9 +146,9 @@ static void ipip6_tunnel_unlink(struct ip_tunnel *t)
137 } 146 }
138} 147}
139 148
140static void ipip6_tunnel_link(struct ip_tunnel *t) 149static void ipip6_tunnel_link(struct sit_net *sitn, struct ip_tunnel *t)
141{ 150{
142 struct ip_tunnel **tp = ipip6_bucket(t); 151 struct ip_tunnel **tp = ipip6_bucket(sitn, t);
143 152
144 t->next = *tp; 153 t->next = *tp;
145 write_lock_bh(&ipip6_lock); 154 write_lock_bh(&ipip6_lock);
@@ -147,15 +156,17 @@ static void ipip6_tunnel_link(struct ip_tunnel *t)
147 write_unlock_bh(&ipip6_lock); 156 write_unlock_bh(&ipip6_lock);
148} 157}
149 158
150static struct ip_tunnel * ipip6_tunnel_locate(struct ip_tunnel_parm *parms, int create) 159static struct ip_tunnel * ipip6_tunnel_locate(struct net *net,
160 struct ip_tunnel_parm *parms, int create)
151{ 161{
152 __be32 remote = parms->iph.daddr; 162 __be32 remote = parms->iph.daddr;
153 __be32 local = parms->iph.saddr; 163 __be32 local = parms->iph.saddr;
154 struct ip_tunnel *t, **tp, *nt; 164 struct ip_tunnel *t, **tp, *nt;
155 struct net_device *dev; 165 struct net_device *dev;
156 char name[IFNAMSIZ]; 166 char name[IFNAMSIZ];
167 struct sit_net *sitn = net_generic(net, sit_net_id);
157 168
158 for (tp = __ipip6_bucket(parms); (t = *tp) != NULL; tp = &t->next) { 169 for (tp = __ipip6_bucket(sitn, parms); (t = *tp) != NULL; tp = &t->next) {
159 if (local == t->parms.iph.saddr && remote == t->parms.iph.daddr) 170 if (local == t->parms.iph.saddr && remote == t->parms.iph.daddr)
160 return t; 171 return t;
161 } 172 }
@@ -171,6 +182,8 @@ static struct ip_tunnel * ipip6_tunnel_locate(struct ip_tunnel_parm *parms, int
171 if (dev == NULL) 182 if (dev == NULL)
172 return NULL; 183 return NULL;
173 184
185 dev_net_set(dev, net);
186
174 if (strchr(name, '%')) { 187 if (strchr(name, '%')) {
175 if (dev_alloc_name(dev, name) < 0) 188 if (dev_alloc_name(dev, name) < 0)
176 goto failed_free; 189 goto failed_free;
@@ -188,7 +201,7 @@ static struct ip_tunnel * ipip6_tunnel_locate(struct ip_tunnel_parm *parms, int
188 201
189 dev_hold(dev); 202 dev_hold(dev);
190 203
191 ipip6_tunnel_link(nt); 204 ipip6_tunnel_link(sitn, nt);
192 return nt; 205 return nt;
193 206
194failed_free: 207failed_free:
@@ -197,15 +210,192 @@ failed:
197 return NULL; 210 return NULL;
198} 211}
199 212
213static struct ip_tunnel_prl_entry *
214__ipip6_tunnel_locate_prl(struct ip_tunnel *t, __be32 addr)
215{
216 struct ip_tunnel_prl_entry *p = (struct ip_tunnel_prl_entry *)NULL;
217
218 for (p = t->prl; p; p = p->next)
219 if (p->addr == addr)
220 break;
221 return p;
222
223}
224
225static int ipip6_tunnel_get_prl(struct ip_tunnel *t, struct ip_tunnel_prl *a)
226{
227 struct ip_tunnel_prl *kp;
228 struct ip_tunnel_prl_entry *prl;
229 unsigned int cmax, c = 0, ca, len;
230 int ret = 0;
231
232 cmax = a->datalen / sizeof(*a);
233 if (cmax > 1 && a->addr != htonl(INADDR_ANY))
234 cmax = 1;
235
236 /* For simple GET or for root users,
237 * we try harder to allocate.
238 */
239 kp = (cmax <= 1 || capable(CAP_NET_ADMIN)) ?
240 kcalloc(cmax, sizeof(*kp), GFP_KERNEL) :
241 NULL;
242
243 read_lock(&ipip6_lock);
244
245 ca = t->prl_count < cmax ? t->prl_count : cmax;
246
247 if (!kp) {
248 /* We don't try hard to allocate much memory for
249 * non-root users.
250 * For root users, retry allocating enough memory for
251 * the answer.
252 */
253 kp = kcalloc(ca, sizeof(*kp), GFP_ATOMIC);
254 if (!kp) {
255 ret = -ENOMEM;
256 goto out;
257 }
258 }
259
260 c = 0;
261 for (prl = t->prl; prl; prl = prl->next) {
262 if (c > cmax)
263 break;
264 if (a->addr != htonl(INADDR_ANY) && prl->addr != a->addr)
265 continue;
266 kp[c].addr = prl->addr;
267 kp[c].flags = prl->flags;
268 c++;
269 if (a->addr != htonl(INADDR_ANY))
270 break;
271 }
272out:
273 read_unlock(&ipip6_lock);
274
275 len = sizeof(*kp) * c;
276 ret = len ? copy_to_user(a->data, kp, len) : 0;
277
278 kfree(kp);
279 if (ret)
280 return -EFAULT;
281
282 a->datalen = len;
283 return 0;
284}
285
286static int
287ipip6_tunnel_add_prl(struct ip_tunnel *t, struct ip_tunnel_prl *a, int chg)
288{
289 struct ip_tunnel_prl_entry *p;
290 int err = 0;
291
292 if (a->addr == htonl(INADDR_ANY))
293 return -EINVAL;
294
295 write_lock(&ipip6_lock);
296
297 for (p = t->prl; p; p = p->next) {
298 if (p->addr == a->addr) {
299 if (chg)
300 goto update;
301 err = -EEXIST;
302 goto out;
303 }
304 }
305
306 if (chg) {
307 err = -ENXIO;
308 goto out;
309 }
310
311 p = kzalloc(sizeof(struct ip_tunnel_prl_entry), GFP_KERNEL);
312 if (!p) {
313 err = -ENOBUFS;
314 goto out;
315 }
316
317 p->next = t->prl;
318 t->prl = p;
319 t->prl_count++;
320update:
321 p->addr = a->addr;
322 p->flags = a->flags;
323out:
324 write_unlock(&ipip6_lock);
325 return err;
326}
327
328static int
329ipip6_tunnel_del_prl(struct ip_tunnel *t, struct ip_tunnel_prl *a)
330{
331 struct ip_tunnel_prl_entry *x, **p;
332 int err = 0;
333
334 write_lock(&ipip6_lock);
335
336 if (a && a->addr != htonl(INADDR_ANY)) {
337 for (p = &t->prl; *p; p = &(*p)->next) {
338 if ((*p)->addr == a->addr) {
339 x = *p;
340 *p = x->next;
341 kfree(x);
342 t->prl_count--;
343 goto out;
344 }
345 }
346 err = -ENXIO;
347 } else {
348 while (t->prl) {
349 x = t->prl;
350 t->prl = t->prl->next;
351 kfree(x);
352 t->prl_count--;
353 }
354 }
355out:
356 write_unlock(&ipip6_lock);
357 return 0;
358}
359
360static int
361isatap_chksrc(struct sk_buff *skb, struct iphdr *iph, struct ip_tunnel *t)
362{
363 struct ip_tunnel_prl_entry *p;
364 int ok = 1;
365
366 read_lock(&ipip6_lock);
367 p = __ipip6_tunnel_locate_prl(t, iph->saddr);
368 if (p) {
369 if (p->flags & PRL_DEFAULT)
370 skb->ndisc_nodetype = NDISC_NODETYPE_DEFAULT;
371 else
372 skb->ndisc_nodetype = NDISC_NODETYPE_NODEFAULT;
373 } else {
374 struct in6_addr *addr6 = &ipv6_hdr(skb)->saddr;
375 if (ipv6_addr_is_isatap(addr6) &&
376 (addr6->s6_addr32[3] == iph->saddr) &&
377 ipv6_chk_prefix(addr6, t->dev))
378 skb->ndisc_nodetype = NDISC_NODETYPE_HOST;
379 else
380 ok = 0;
381 }
382 read_unlock(&ipip6_lock);
383 return ok;
384}
385
200static void ipip6_tunnel_uninit(struct net_device *dev) 386static void ipip6_tunnel_uninit(struct net_device *dev)
201{ 387{
202 if (dev == ipip6_fb_tunnel_dev) { 388 struct net *net = dev_net(dev);
389 struct sit_net *sitn = net_generic(net, sit_net_id);
390
391 if (dev == sitn->fb_tunnel_dev) {
203 write_lock_bh(&ipip6_lock); 392 write_lock_bh(&ipip6_lock);
204 tunnels_wc[0] = NULL; 393 sitn->tunnels_wc[0] = NULL;
205 write_unlock_bh(&ipip6_lock); 394 write_unlock_bh(&ipip6_lock);
206 dev_put(dev); 395 dev_put(dev);
207 } else { 396 } else {
208 ipip6_tunnel_unlink(netdev_priv(dev)); 397 ipip6_tunnel_unlink(sitn, netdev_priv(dev));
398 ipip6_tunnel_del_prl(netdev_priv(dev), NULL);
209 dev_put(dev); 399 dev_put(dev);
210 } 400 }
211} 401}
@@ -256,7 +446,7 @@ static int ipip6_err(struct sk_buff *skb, u32 info)
256 err = -ENOENT; 446 err = -ENOENT;
257 447
258 read_lock(&ipip6_lock); 448 read_lock(&ipip6_lock);
259 t = ipip6_tunnel_lookup(iph->daddr, iph->saddr); 449 t = ipip6_tunnel_lookup(dev_net(skb->dev), iph->daddr, iph->saddr);
260 if (t == NULL || t->parms.iph.daddr == 0) 450 if (t == NULL || t->parms.iph.daddr == 0)
261 goto out; 451 goto out;
262 452
@@ -339,11 +529,12 @@ out:
339 skb_reset_network_header(skb2); 529 skb_reset_network_header(skb2);
340 530
341 /* Try to guess incoming interface */ 531 /* Try to guess incoming interface */
342 rt6i = rt6_lookup(&iph6->saddr, NULL, NULL, 0); 532 rt6i = rt6_lookup(dev_net(skb->dev), &iph6->saddr, NULL, NULL, 0);
343 if (rt6i && rt6i->rt6i_dev) { 533 if (rt6i && rt6i->rt6i_dev) {
344 skb2->dev = rt6i->rt6i_dev; 534 skb2->dev = rt6i->rt6i_dev;
345 535
346 rt6i = rt6_lookup(&iph6->daddr, &iph6->saddr, NULL, 0); 536 rt6i = rt6_lookup(dev_net(skb->dev),
537 &iph6->daddr, &iph6->saddr, NULL, 0);
347 538
348 if (rt6i && rt6i->rt6i_dev && rt6i->rt6i_dev->type == ARPHRD_SIT) { 539 if (rt6i && rt6i->rt6i_dev && rt6i->rt6i_dev->type == ARPHRD_SIT) {
349 struct ip_tunnel *t = netdev_priv(rt6i->rt6i_dev); 540 struct ip_tunnel *t = netdev_priv(rt6i->rt6i_dev);
@@ -365,48 +556,6 @@ static inline void ipip6_ecn_decapsulate(struct iphdr *iph, struct sk_buff *skb)
365 IP6_ECN_set_ce(ipv6_hdr(skb)); 556 IP6_ECN_set_ce(ipv6_hdr(skb));
366} 557}
367 558
368/* ISATAP (RFC4214) - check source address */
369static int
370isatap_srcok(struct sk_buff *skb, struct iphdr *iph, struct net_device *dev)
371{
372 struct neighbour *neigh;
373 struct dst_entry *dst;
374 struct rt6_info *rt;
375 struct flowi fl;
376 struct in6_addr *addr6;
377 struct in6_addr rtr;
378 struct ipv6hdr *iph6;
379 int ok = 0;
380
381 /* from onlink default router */
382 ipv6_addr_set(&rtr, htonl(0xFE800000), 0, 0, 0);
383 ipv6_isatap_eui64(rtr.s6_addr + 8, iph->saddr);
384 if ((rt = rt6_get_dflt_router(&rtr, dev))) {
385 dst_release(&rt->u.dst);
386 return 1;
387 }
388
389 iph6 = ipv6_hdr(skb);
390 memset(&fl, 0, sizeof(fl));
391 fl.proto = iph6->nexthdr;
392 ipv6_addr_copy(&fl.fl6_dst, &iph6->saddr);
393 fl.oif = dev->ifindex;
394 security_skb_classify_flow(skb, &fl);
395
396 dst = ip6_route_output(NULL, &fl);
397 if (!dst->error && (dst->dev == dev) && (neigh = dst->neighbour)) {
398
399 addr6 = (struct in6_addr*)&neigh->primary_key;
400
401 /* from correct previous hop */
402 if (ipv6_addr_is_isatap(addr6) &&
403 (addr6->s6_addr32[3] == iph->saddr))
404 ok = 1;
405 }
406 dst_release(dst);
407 return ok;
408}
409
410static int ipip6_rcv(struct sk_buff *skb) 559static int ipip6_rcv(struct sk_buff *skb)
411{ 560{
412 struct iphdr *iph; 561 struct iphdr *iph;
@@ -418,7 +567,8 @@ static int ipip6_rcv(struct sk_buff *skb)
418 iph = ip_hdr(skb); 567 iph = ip_hdr(skb);
419 568
420 read_lock(&ipip6_lock); 569 read_lock(&ipip6_lock);
421 if ((tunnel = ipip6_tunnel_lookup(iph->saddr, iph->daddr)) != NULL) { 570 if ((tunnel = ipip6_tunnel_lookup(dev_net(skb->dev),
571 iph->saddr, iph->daddr)) != NULL) {
422 secpath_reset(skb); 572 secpath_reset(skb);
423 skb->mac_header = skb->network_header; 573 skb->mac_header = skb->network_header;
424 skb_reset_network_header(skb); 574 skb_reset_network_header(skb);
@@ -427,7 +577,7 @@ static int ipip6_rcv(struct sk_buff *skb)
427 skb->pkt_type = PACKET_HOST; 577 skb->pkt_type = PACKET_HOST;
428 578
429 if ((tunnel->dev->priv_flags & IFF_ISATAP) && 579 if ((tunnel->dev->priv_flags & IFF_ISATAP) &&
430 !isatap_srcok(skb, iph, tunnel->dev)) { 580 !isatap_chksrc(skb, iph, tunnel)) {
431 tunnel->stat.rx_errors++; 581 tunnel->stat.rx_errors++;
432 read_unlock(&ipip6_lock); 582 read_unlock(&ipip6_lock);
433 kfree_skb(skb); 583 kfree_skb(skb);
@@ -554,7 +704,7 @@ static int ipip6_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
554 .tos = RT_TOS(tos) } }, 704 .tos = RT_TOS(tos) } },
555 .oif = tunnel->parms.link, 705 .oif = tunnel->parms.link,
556 .proto = IPPROTO_IPV6 }; 706 .proto = IPPROTO_IPV6 };
557 if (ip_route_output_key(&init_net, &rt, &fl)) { 707 if (ip_route_output_key(dev_net(dev), &rt, &fl)) {
558 tunnel->stat.tx_carrier_errors++; 708 tunnel->stat.tx_carrier_errors++;
559 goto tx_error_icmp; 709 goto tx_error_icmp;
560 } 710 }
@@ -683,7 +833,7 @@ static void ipip6_tunnel_bind_dev(struct net_device *dev)
683 .oif = tunnel->parms.link, 833 .oif = tunnel->parms.link,
684 .proto = IPPROTO_IPV6 }; 834 .proto = IPPROTO_IPV6 };
685 struct rtable *rt; 835 struct rtable *rt;
686 if (!ip_route_output_key(&init_net, &rt, &fl)) { 836 if (!ip_route_output_key(dev_net(dev), &rt, &fl)) {
687 tdev = rt->u.dst.dev; 837 tdev = rt->u.dst.dev;
688 ip_rt_put(rt); 838 ip_rt_put(rt);
689 } 839 }
@@ -691,7 +841,7 @@ static void ipip6_tunnel_bind_dev(struct net_device *dev)
691 } 841 }
692 842
693 if (!tdev && tunnel->parms.link) 843 if (!tdev && tunnel->parms.link)
694 tdev = __dev_get_by_index(&init_net, tunnel->parms.link); 844 tdev = __dev_get_by_index(dev_net(dev), tunnel->parms.link);
695 845
696 if (tdev) { 846 if (tdev) {
697 dev->hard_header_len = tdev->hard_header_len + sizeof(struct iphdr); 847 dev->hard_header_len = tdev->hard_header_len + sizeof(struct iphdr);
@@ -707,17 +857,20 @@ ipip6_tunnel_ioctl (struct net_device *dev, struct ifreq *ifr, int cmd)
707{ 857{
708 int err = 0; 858 int err = 0;
709 struct ip_tunnel_parm p; 859 struct ip_tunnel_parm p;
860 struct ip_tunnel_prl prl;
710 struct ip_tunnel *t; 861 struct ip_tunnel *t;
862 struct net *net = dev_net(dev);
863 struct sit_net *sitn = net_generic(net, sit_net_id);
711 864
712 switch (cmd) { 865 switch (cmd) {
713 case SIOCGETTUNNEL: 866 case SIOCGETTUNNEL:
714 t = NULL; 867 t = NULL;
715 if (dev == ipip6_fb_tunnel_dev) { 868 if (dev == sitn->fb_tunnel_dev) {
716 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p))) { 869 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p))) {
717 err = -EFAULT; 870 err = -EFAULT;
718 break; 871 break;
719 } 872 }
720 t = ipip6_tunnel_locate(&p, 0); 873 t = ipip6_tunnel_locate(net, &p, 0);
721 } 874 }
722 if (t == NULL) 875 if (t == NULL)
723 t = netdev_priv(dev); 876 t = netdev_priv(dev);
@@ -743,9 +896,9 @@ ipip6_tunnel_ioctl (struct net_device *dev, struct ifreq *ifr, int cmd)
743 if (p.iph.ttl) 896 if (p.iph.ttl)
744 p.iph.frag_off |= htons(IP_DF); 897 p.iph.frag_off |= htons(IP_DF);
745 898
746 t = ipip6_tunnel_locate(&p, cmd == SIOCADDTUNNEL); 899 t = ipip6_tunnel_locate(net, &p, cmd == SIOCADDTUNNEL);
747 900
748 if (dev != ipip6_fb_tunnel_dev && cmd == SIOCCHGTUNNEL) { 901 if (dev != sitn->fb_tunnel_dev && cmd == SIOCCHGTUNNEL) {
749 if (t != NULL) { 902 if (t != NULL) {
750 if (t->dev != dev) { 903 if (t->dev != dev) {
751 err = -EEXIST; 904 err = -EEXIST;
@@ -758,12 +911,12 @@ ipip6_tunnel_ioctl (struct net_device *dev, struct ifreq *ifr, int cmd)
758 break; 911 break;
759 } 912 }
760 t = netdev_priv(dev); 913 t = netdev_priv(dev);
761 ipip6_tunnel_unlink(t); 914 ipip6_tunnel_unlink(sitn, t);
762 t->parms.iph.saddr = p.iph.saddr; 915 t->parms.iph.saddr = p.iph.saddr;
763 t->parms.iph.daddr = p.iph.daddr; 916 t->parms.iph.daddr = p.iph.daddr;
764 memcpy(dev->dev_addr, &p.iph.saddr, 4); 917 memcpy(dev->dev_addr, &p.iph.saddr, 4);
765 memcpy(dev->broadcast, &p.iph.daddr, 4); 918 memcpy(dev->broadcast, &p.iph.daddr, 4);
766 ipip6_tunnel_link(t); 919 ipip6_tunnel_link(sitn, t);
767 netdev_state_change(dev); 920 netdev_state_change(dev);
768 } 921 }
769 } 922 }
@@ -790,15 +943,15 @@ ipip6_tunnel_ioctl (struct net_device *dev, struct ifreq *ifr, int cmd)
790 if (!capable(CAP_NET_ADMIN)) 943 if (!capable(CAP_NET_ADMIN))
791 goto done; 944 goto done;
792 945
793 if (dev == ipip6_fb_tunnel_dev) { 946 if (dev == sitn->fb_tunnel_dev) {
794 err = -EFAULT; 947 err = -EFAULT;
795 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p))) 948 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p)))
796 goto done; 949 goto done;
797 err = -ENOENT; 950 err = -ENOENT;
798 if ((t = ipip6_tunnel_locate(&p, 0)) == NULL) 951 if ((t = ipip6_tunnel_locate(net, &p, 0)) == NULL)
799 goto done; 952 goto done;
800 err = -EPERM; 953 err = -EPERM;
801 if (t == netdev_priv(ipip6_fb_tunnel_dev)) 954 if (t == netdev_priv(sitn->fb_tunnel_dev))
802 goto done; 955 goto done;
803 dev = t->dev; 956 dev = t->dev;
804 } 957 }
@@ -806,6 +959,42 @@ ipip6_tunnel_ioctl (struct net_device *dev, struct ifreq *ifr, int cmd)
806 err = 0; 959 err = 0;
807 break; 960 break;
808 961
962 case SIOCGETPRL:
963 case SIOCADDPRL:
964 case SIOCDELPRL:
965 case SIOCCHGPRL:
966 err = -EPERM;
967 if (cmd != SIOCGETPRL && !capable(CAP_NET_ADMIN))
968 goto done;
969 err = -EINVAL;
970 if (dev == sitn->fb_tunnel_dev)
971 goto done;
972 err = -EFAULT;
973 if (copy_from_user(&prl, ifr->ifr_ifru.ifru_data, sizeof(prl)))
974 goto done;
975 err = -ENOENT;
976 if (!(t = netdev_priv(dev)))
977 goto done;
978
979 switch (cmd) {
980 case SIOCGETPRL:
981 err = ipip6_tunnel_get_prl(t, &prl);
982 if (!err && copy_to_user(ifr->ifr_ifru.ifru_data,
983 &prl, sizeof(prl)))
984 err = -EFAULT;
985 break;
986 case SIOCDELPRL:
987 err = ipip6_tunnel_del_prl(t, &prl);
988 break;
989 case SIOCADDPRL:
990 case SIOCCHGPRL:
991 err = ipip6_tunnel_add_prl(t, &prl, cmd == SIOCCHGPRL);
992 break;
993 }
994 if (cmd != SIOCGETPRL)
995 netdev_state_change(dev);
996 break;
997
809 default: 998 default:
810 err = -EINVAL; 999 err = -EINVAL;
811 } 1000 }
@@ -842,6 +1031,7 @@ static void ipip6_tunnel_setup(struct net_device *dev)
842 dev->flags = IFF_NOARP; 1031 dev->flags = IFF_NOARP;
843 dev->iflink = 0; 1032 dev->iflink = 0;
844 dev->addr_len = 4; 1033 dev->addr_len = 4;
1034 dev->features |= NETIF_F_NETNS_LOCAL;
845} 1035}
846 1036
847static int ipip6_tunnel_init(struct net_device *dev) 1037static int ipip6_tunnel_init(struct net_device *dev)
@@ -861,10 +1051,12 @@ static int ipip6_tunnel_init(struct net_device *dev)
861 return 0; 1051 return 0;
862} 1052}
863 1053
864static int __init ipip6_fb_tunnel_init(struct net_device *dev) 1054static int ipip6_fb_tunnel_init(struct net_device *dev)
865{ 1055{
866 struct ip_tunnel *tunnel = netdev_priv(dev); 1056 struct ip_tunnel *tunnel = netdev_priv(dev);
867 struct iphdr *iph = &tunnel->parms.iph; 1057 struct iphdr *iph = &tunnel->parms.iph;
1058 struct net *net = dev_net(dev);
1059 struct sit_net *sitn = net_generic(net, sit_net_id);
868 1060
869 tunnel->dev = dev; 1061 tunnel->dev = dev;
870 strcpy(tunnel->parms.name, dev->name); 1062 strcpy(tunnel->parms.name, dev->name);
@@ -875,7 +1067,7 @@ static int __init ipip6_fb_tunnel_init(struct net_device *dev)
875 iph->ttl = 64; 1067 iph->ttl = 64;
876 1068
877 dev_hold(dev); 1069 dev_hold(dev);
878 tunnels_wc[0] = tunnel; 1070 sitn->tunnels_wc[0] = tunnel;
879 return 0; 1071 return 0;
880} 1072}
881 1073
@@ -885,7 +1077,7 @@ static struct xfrm_tunnel sit_handler = {
885 .priority = 1, 1077 .priority = 1,
886}; 1078};
887 1079
888static void __exit sit_destroy_tunnels(void) 1080static void sit_destroy_tunnels(struct sit_net *sitn)
889{ 1081{
890 int prio; 1082 int prio;
891 1083
@@ -893,20 +1085,78 @@ static void __exit sit_destroy_tunnels(void)
893 int h; 1085 int h;
894 for (h = 0; h < HASH_SIZE; h++) { 1086 for (h = 0; h < HASH_SIZE; h++) {
895 struct ip_tunnel *t; 1087 struct ip_tunnel *t;
896 while ((t = tunnels[prio][h]) != NULL) 1088 while ((t = sitn->tunnels[prio][h]) != NULL)
897 unregister_netdevice(t->dev); 1089 unregister_netdevice(t->dev);
898 } 1090 }
899 } 1091 }
900} 1092}
901 1093
902static void __exit sit_cleanup(void) 1094static int sit_init_net(struct net *net)
903{ 1095{
904 xfrm4_tunnel_deregister(&sit_handler, AF_INET6); 1096 int err;
1097 struct sit_net *sitn;
1098
1099 err = -ENOMEM;
1100 sitn = kzalloc(sizeof(struct sit_net), GFP_KERNEL);
1101 if (sitn == NULL)
1102 goto err_alloc;
1103
1104 err = net_assign_generic(net, sit_net_id, sitn);
1105 if (err < 0)
1106 goto err_assign;
1107
1108 sitn->tunnels[0] = sitn->tunnels_wc;
1109 sitn->tunnels[1] = sitn->tunnels_l;
1110 sitn->tunnels[2] = sitn->tunnels_r;
1111 sitn->tunnels[3] = sitn->tunnels_r_l;
1112
1113 sitn->fb_tunnel_dev = alloc_netdev(sizeof(struct ip_tunnel), "sit0",
1114 ipip6_tunnel_setup);
1115 if (!sitn->fb_tunnel_dev) {
1116 err = -ENOMEM;
1117 goto err_alloc_dev;
1118 }
1119
1120 sitn->fb_tunnel_dev->init = ipip6_fb_tunnel_init;
1121 dev_net_set(sitn->fb_tunnel_dev, net);
1122
1123 if ((err = register_netdev(sitn->fb_tunnel_dev)))
1124 goto err_reg_dev;
905 1125
1126 return 0;
1127
1128err_reg_dev:
1129 free_netdev(sitn->fb_tunnel_dev);
1130err_alloc_dev:
1131 /* nothing */
1132err_assign:
1133 kfree(sitn);
1134err_alloc:
1135 return err;
1136}
1137
1138static void sit_exit_net(struct net *net)
1139{
1140 struct sit_net *sitn;
1141
1142 sitn = net_generic(net, sit_net_id);
906 rtnl_lock(); 1143 rtnl_lock();
907 sit_destroy_tunnels(); 1144 sit_destroy_tunnels(sitn);
908 unregister_netdevice(ipip6_fb_tunnel_dev); 1145 unregister_netdevice(sitn->fb_tunnel_dev);
909 rtnl_unlock(); 1146 rtnl_unlock();
1147 kfree(sitn);
1148}
1149
1150static struct pernet_operations sit_net_ops = {
1151 .init = sit_init_net,
1152 .exit = sit_exit_net,
1153};
1154
1155static void __exit sit_cleanup(void)
1156{
1157 xfrm4_tunnel_deregister(&sit_handler, AF_INET6);
1158
1159 unregister_pernet_gen_device(sit_net_id, &sit_net_ops);
910} 1160}
911 1161
912static int __init sit_init(void) 1162static int __init sit_init(void)
@@ -920,25 +1170,11 @@ static int __init sit_init(void)
920 return -EAGAIN; 1170 return -EAGAIN;
921 } 1171 }
922 1172
923 ipip6_fb_tunnel_dev = alloc_netdev(sizeof(struct ip_tunnel), "sit0", 1173 err = register_pernet_gen_device(&sit_net_id, &sit_net_ops);
924 ipip6_tunnel_setup); 1174 if (err < 0)
925 if (!ipip6_fb_tunnel_dev) { 1175 xfrm4_tunnel_deregister(&sit_handler, AF_INET6);
926 err = -ENOMEM;
927 goto err1;
928 }
929
930 ipip6_fb_tunnel_dev->init = ipip6_fb_tunnel_init;
931 1176
932 if ((err = register_netdev(ipip6_fb_tunnel_dev)))
933 goto err2;
934
935 out:
936 return err; 1177 return err;
937 err2:
938 free_netdev(ipip6_fb_tunnel_dev);
939 err1:
940 xfrm4_tunnel_deregister(&sit_handler, AF_INET6);
941 goto out;
942} 1178}
943 1179
944module_init(sit_init); 1180module_init(sit_init);
diff --git a/net/ipv6/syncookies.c b/net/ipv6/syncookies.c
new file mode 100644
index 000000000000..938ce4ecde55
--- /dev/null
+++ b/net/ipv6/syncookies.c
@@ -0,0 +1,279 @@
1/*
2 * IPv6 Syncookies implementation for the Linux kernel
3 *
4 * Authors:
5 * Glenn Griffin <ggriffin.kernel@gmail.com>
6 *
7 * Based on IPv4 implementation by Andi Kleen
8 * linux/net/ipv4/syncookies.c
9 *
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version
13 * 2 of the License, or (at your option) any later version.
14 *
15 */
16
17#include <linux/tcp.h>
18#include <linux/random.h>
19#include <linux/cryptohash.h>
20#include <linux/kernel.h>
21#include <net/ipv6.h>
22#include <net/tcp.h>
23
24extern int sysctl_tcp_syncookies;
25extern __u32 syncookie_secret[2][16-4+SHA_DIGEST_WORDS];
26
27#define COOKIEBITS 24 /* Upper bits store count */
28#define COOKIEMASK (((__u32)1 << COOKIEBITS) - 1)
29
30/*
31 * This table has to be sorted and terminated with (__u16)-1.
32 * XXX generate a better table.
33 * Unresolved Issues: HIPPI with a 64k MSS is not well supported.
34 *
35 * Taken directly from ipv4 implementation.
36 * Should this list be modified for ipv6 use or is it close enough?
37 * rfc 2460 8.3 suggests mss values 20 bytes less than ipv4 counterpart
38 */
39static __u16 const msstab[] = {
40 64 - 1,
41 256 - 1,
42 512 - 1,
43 536 - 1,
44 1024 - 1,
45 1440 - 1,
46 1460 - 1,
47 4312 - 1,
48 (__u16)-1
49};
50/* The number doesn't include the -1 terminator */
51#define NUM_MSS (ARRAY_SIZE(msstab) - 1)
52
53/*
54 * This (misnamed) value is the age of syncookie which is permitted.
55 * Its ideal value should be dependent on TCP_TIMEOUT_INIT and
56 * sysctl_tcp_retries1. It's a rather complicated formula (exponential
57 * backoff) to compute at runtime so it's currently hardcoded here.
58 */
59#define COUNTER_TRIES 4
60
61static inline struct sock *get_cookie_sock(struct sock *sk, struct sk_buff *skb,
62 struct request_sock *req,
63 struct dst_entry *dst)
64{
65 struct inet_connection_sock *icsk = inet_csk(sk);
66 struct sock *child;
67
68 child = icsk->icsk_af_ops->syn_recv_sock(sk, skb, req, dst);
69 if (child)
70 inet_csk_reqsk_queue_add(sk, req, child);
71 else
72 reqsk_free(req);
73
74 return child;
75}
76
77static DEFINE_PER_CPU(__u32, cookie_scratch)[16 + 5 + SHA_WORKSPACE_WORDS];
78
79static u32 cookie_hash(struct in6_addr *saddr, struct in6_addr *daddr,
80 __be16 sport, __be16 dport, u32 count, int c)
81{
82 __u32 *tmp = __get_cpu_var(cookie_scratch);
83
84 /*
85 * we have 320 bits of information to hash, copy in the remaining
86 * 192 bits required for sha_transform, from the syncookie_secret
87 * and overwrite the digest with the secret
88 */
89 memcpy(tmp + 10, syncookie_secret[c], 44);
90 memcpy(tmp, saddr, 16);
91 memcpy(tmp + 4, daddr, 16);
92 tmp[8] = ((__force u32)sport << 16) + (__force u32)dport;
93 tmp[9] = count;
94 sha_transform(tmp + 16, (__u8 *)tmp, tmp + 16 + 5);
95
96 return tmp[17];
97}
98
99static __u32 secure_tcp_syn_cookie(struct in6_addr *saddr, struct in6_addr *daddr,
100 __be16 sport, __be16 dport, __u32 sseq,
101 __u32 count, __u32 data)
102{
103 return (cookie_hash(saddr, daddr, sport, dport, 0, 0) +
104 sseq + (count << COOKIEBITS) +
105 ((cookie_hash(saddr, daddr, sport, dport, count, 1) + data)
106 & COOKIEMASK));
107}
108
109static __u32 check_tcp_syn_cookie(__u32 cookie, struct in6_addr *saddr,
110 struct in6_addr *daddr, __be16 sport,
111 __be16 dport, __u32 sseq, __u32 count,
112 __u32 maxdiff)
113{
114 __u32 diff;
115
116 cookie -= cookie_hash(saddr, daddr, sport, dport, 0, 0) + sseq;
117
118 diff = (count - (cookie >> COOKIEBITS)) & ((__u32) -1 >> COOKIEBITS);
119 if (diff >= maxdiff)
120 return (__u32)-1;
121
122 return (cookie -
123 cookie_hash(saddr, daddr, sport, dport, count - diff, 1))
124 & COOKIEMASK;
125}
126
127__u32 cookie_v6_init_sequence(struct sock *sk, struct sk_buff *skb, __u16 *mssp)
128{
129 struct ipv6hdr *iph = ipv6_hdr(skb);
130 const struct tcphdr *th = tcp_hdr(skb);
131 int mssind;
132 const __u16 mss = *mssp;
133
134 tcp_sk(sk)->last_synq_overflow = jiffies;
135
136 for (mssind = 0; mss > msstab[mssind + 1]; mssind++)
137 ;
138 *mssp = msstab[mssind] + 1;
139
140 NET_INC_STATS_BH(LINUX_MIB_SYNCOOKIESSENT);
141
142 return secure_tcp_syn_cookie(&iph->saddr, &iph->daddr, th->source,
143 th->dest, ntohl(th->seq),
144 jiffies / (HZ * 60), mssind);
145}
146
147static inline int cookie_check(struct sk_buff *skb, __u32 cookie)
148{
149 struct ipv6hdr *iph = ipv6_hdr(skb);
150 const struct tcphdr *th = tcp_hdr(skb);
151 __u32 seq = ntohl(th->seq) - 1;
152 __u32 mssind = check_tcp_syn_cookie(cookie, &iph->saddr, &iph->daddr,
153 th->source, th->dest, seq,
154 jiffies / (HZ * 60), COUNTER_TRIES);
155
156 return mssind < NUM_MSS ? msstab[mssind] + 1 : 0;
157}
158
159struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb)
160{
161 struct inet_request_sock *ireq;
162 struct inet6_request_sock *ireq6;
163 struct tcp_request_sock *treq;
164 struct ipv6_pinfo *np = inet6_sk(sk);
165 struct tcp_sock *tp = tcp_sk(sk);
166 const struct tcphdr *th = tcp_hdr(skb);
167 __u32 cookie = ntohl(th->ack_seq) - 1;
168 struct sock *ret = sk;
169 struct request_sock *req;
170 int mss;
171 struct dst_entry *dst;
172 __u8 rcv_wscale;
173 struct tcp_options_received tcp_opt;
174
175 if (!sysctl_tcp_syncookies || !th->ack)
176 goto out;
177
178 if (time_after(jiffies, tp->last_synq_overflow + TCP_TIMEOUT_INIT) ||
179 (mss = cookie_check(skb, cookie)) == 0) {
180 NET_INC_STATS_BH(LINUX_MIB_SYNCOOKIESFAILED);
181 goto out;
182 }
183
184 NET_INC_STATS_BH(LINUX_MIB_SYNCOOKIESRECV);
185
186 /* check for timestamp cookie support */
187 memset(&tcp_opt, 0, sizeof(tcp_opt));
188 tcp_parse_options(skb, &tcp_opt, 0);
189
190 if (tcp_opt.saw_tstamp)
191 cookie_check_timestamp(&tcp_opt);
192
193 ret = NULL;
194 req = inet6_reqsk_alloc(&tcp6_request_sock_ops);
195 if (!req)
196 goto out;
197
198 ireq = inet_rsk(req);
199 ireq6 = inet6_rsk(req);
200 treq = tcp_rsk(req);
201 ireq6->pktopts = NULL;
202
203 if (security_inet_conn_request(sk, skb, req)) {
204 reqsk_free(req);
205 goto out;
206 }
207
208 req->mss = mss;
209 ireq->rmt_port = th->source;
210 ipv6_addr_copy(&ireq6->rmt_addr, &ipv6_hdr(skb)->saddr);
211 ipv6_addr_copy(&ireq6->loc_addr, &ipv6_hdr(skb)->daddr);
212 if (ipv6_opt_accepted(sk, skb) ||
213 np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo ||
214 np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) {
215 atomic_inc(&skb->users);
216 ireq6->pktopts = skb;
217 }
218
219 ireq6->iif = sk->sk_bound_dev_if;
220 /* So that link locals have meaning */
221 if (!sk->sk_bound_dev_if &&
222 ipv6_addr_type(&ireq6->rmt_addr) & IPV6_ADDR_LINKLOCAL)
223 ireq6->iif = inet6_iif(skb);
224
225 req->expires = 0UL;
226 req->retrans = 0;
227 ireq->snd_wscale = tcp_opt.snd_wscale;
228 ireq->rcv_wscale = tcp_opt.rcv_wscale;
229 ireq->sack_ok = tcp_opt.sack_ok;
230 ireq->wscale_ok = tcp_opt.wscale_ok;
231 ireq->tstamp_ok = tcp_opt.saw_tstamp;
232 req->ts_recent = tcp_opt.saw_tstamp ? tcp_opt.rcv_tsval : 0;
233 treq->rcv_isn = ntohl(th->seq) - 1;
234 treq->snt_isn = cookie;
235
236 /*
237 * We need to lookup the dst_entry to get the correct window size.
238 * This is taken from tcp_v6_syn_recv_sock. Somebody please enlighten
239 * me if there is a preferred way.
240 */
241 {
242 struct in6_addr *final_p = NULL, final;
243 struct flowi fl;
244 memset(&fl, 0, sizeof(fl));
245 fl.proto = IPPROTO_TCP;
246 ipv6_addr_copy(&fl.fl6_dst, &ireq6->rmt_addr);
247 if (np->opt && np->opt->srcrt) {
248 struct rt0_hdr *rt0 = (struct rt0_hdr *) np->opt->srcrt;
249 ipv6_addr_copy(&final, &fl.fl6_dst);
250 ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
251 final_p = &final;
252 }
253 ipv6_addr_copy(&fl.fl6_src, &ireq6->loc_addr);
254 fl.oif = sk->sk_bound_dev_if;
255 fl.fl_ip_dport = inet_rsk(req)->rmt_port;
256 fl.fl_ip_sport = inet_sk(sk)->sport;
257 security_req_classify_flow(req, &fl);
258 if (ip6_dst_lookup(sk, &dst, &fl)) {
259 reqsk_free(req);
260 goto out;
261 }
262 if (final_p)
263 ipv6_addr_copy(&fl.fl6_dst, final_p);
264 if ((xfrm_lookup(&dst, &fl, sk, 0)) < 0)
265 goto out;
266 }
267
268 req->window_clamp = tp->window_clamp ? :dst_metric(dst, RTAX_WINDOW);
269 tcp_select_initial_window(tcp_full_space(sk), req->mss,
270 &req->rcv_wnd, &req->window_clamp,
271 ireq->wscale_ok, &rcv_wscale);
272
273 ireq->rcv_wscale = rcv_wscale;
274
275 ret = get_cookie_sock(sk, skb, req, dst);
276
277out: return ret;
278}
279
diff --git a/net/ipv6/sysctl_net_ipv6.c b/net/ipv6/sysctl_net_ipv6.c
index d6d3e68086f8..3804dcbbfab0 100644
--- a/net/ipv6/sysctl_net_ipv6.c
+++ b/net/ipv6/sysctl_net_ipv6.c
@@ -71,24 +71,11 @@ static int ipv6_sysctl_net_init(struct net *net)
71 ipv6_route_table = ipv6_route_sysctl_init(net); 71 ipv6_route_table = ipv6_route_sysctl_init(net);
72 if (!ipv6_route_table) 72 if (!ipv6_route_table)
73 goto out_ipv6_table; 73 goto out_ipv6_table;
74 ipv6_table[0].child = ipv6_route_table;
74 75
75 ipv6_icmp_table = ipv6_icmp_sysctl_init(net); 76 ipv6_icmp_table = ipv6_icmp_sysctl_init(net);
76 if (!ipv6_icmp_table) 77 if (!ipv6_icmp_table)
77 goto out_ipv6_route_table; 78 goto out_ipv6_route_table;
78
79 ipv6_route_table[0].data = &net->ipv6.sysctl.flush_delay;
80 /* ipv6_route_table[1].data will be handled when we have
81 routes per namespace */
82 ipv6_route_table[2].data = &net->ipv6.sysctl.ip6_rt_max_size;
83 ipv6_route_table[3].data = &net->ipv6.sysctl.ip6_rt_gc_min_interval;
84 ipv6_route_table[4].data = &net->ipv6.sysctl.ip6_rt_gc_timeout;
85 ipv6_route_table[5].data = &net->ipv6.sysctl.ip6_rt_gc_interval;
86 ipv6_route_table[6].data = &net->ipv6.sysctl.ip6_rt_gc_elasticity;
87 ipv6_route_table[7].data = &net->ipv6.sysctl.ip6_rt_mtu_expires;
88 ipv6_route_table[8].data = &net->ipv6.sysctl.ip6_rt_min_advmss;
89 ipv6_table[0].child = ipv6_route_table;
90
91 ipv6_icmp_table[0].data = &net->ipv6.sysctl.icmpv6_time;
92 ipv6_table[1].child = ipv6_icmp_table; 79 ipv6_table[1].child = ipv6_icmp_table;
93 80
94 ipv6_table[2].data = &net->ipv6.sysctl.bindv6only; 81 ipv6_table[2].data = &net->ipv6.sysctl.bindv6only;
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index 12750f2b05ab..715965f0fac0 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -60,6 +60,7 @@
60#include <net/dsfield.h> 60#include <net/dsfield.h>
61#include <net/timewait_sock.h> 61#include <net/timewait_sock.h>
62#include <net/netdma.h> 62#include <net/netdma.h>
63#include <net/inet_common.h>
63 64
64#include <asm/uaccess.h> 65#include <asm/uaccess.h>
65 66
@@ -69,9 +70,6 @@
69#include <linux/crypto.h> 70#include <linux/crypto.h>
70#include <linux/scatterlist.h> 71#include <linux/scatterlist.h>
71 72
72/* Socket used for sending RSTs and ACKs */
73static struct socket *tcp6_socket;
74
75static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb); 73static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb);
76static void tcp_v6_reqsk_send_ack(struct sk_buff *skb, struct request_sock *req); 74static void tcp_v6_reqsk_send_ack(struct sk_buff *skb, struct request_sock *req);
77static void tcp_v6_send_check(struct sock *sk, int len, 75static void tcp_v6_send_check(struct sock *sk, int len,
@@ -324,7 +322,7 @@ static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
324 struct tcp_sock *tp; 322 struct tcp_sock *tp;
325 __u32 seq; 323 __u32 seq;
326 324
327 sk = inet6_lookup(skb->dev->nd_net, &tcp_hashinfo, &hdr->daddr, 325 sk = inet6_lookup(dev_net(skb->dev), &tcp_hashinfo, &hdr->daddr,
328 th->dest, &hdr->saddr, th->source, skb->dev->ifindex); 326 th->dest, &hdr->saddr, th->source, skb->dev->ifindex);
329 327
330 if (sk == NULL) { 328 if (sk == NULL) {
@@ -455,8 +453,7 @@ out:
455} 453}
456 454
457 455
458static int tcp_v6_send_synack(struct sock *sk, struct request_sock *req, 456static int tcp_v6_send_synack(struct sock *sk, struct request_sock *req)
459 struct dst_entry *dst)
460{ 457{
461 struct inet6_request_sock *treq = inet6_rsk(req); 458 struct inet6_request_sock *treq = inet6_rsk(req);
462 struct ipv6_pinfo *np = inet6_sk(sk); 459 struct ipv6_pinfo *np = inet6_sk(sk);
@@ -464,6 +461,7 @@ static int tcp_v6_send_synack(struct sock *sk, struct request_sock *req,
464 struct ipv6_txoptions *opt = NULL; 461 struct ipv6_txoptions *opt = NULL;
465 struct in6_addr * final_p = NULL, final; 462 struct in6_addr * final_p = NULL, final;
466 struct flowi fl; 463 struct flowi fl;
464 struct dst_entry *dst;
467 int err = -1; 465 int err = -1;
468 466
469 memset(&fl, 0, sizeof(fl)); 467 memset(&fl, 0, sizeof(fl));
@@ -476,24 +474,22 @@ static int tcp_v6_send_synack(struct sock *sk, struct request_sock *req,
476 fl.fl_ip_sport = inet_sk(sk)->sport; 474 fl.fl_ip_sport = inet_sk(sk)->sport;
477 security_req_classify_flow(req, &fl); 475 security_req_classify_flow(req, &fl);
478 476
479 if (dst == NULL) { 477 opt = np->opt;
480 opt = np->opt; 478 if (opt && opt->srcrt) {
481 if (opt && opt->srcrt) { 479 struct rt0_hdr *rt0 = (struct rt0_hdr *) opt->srcrt;
482 struct rt0_hdr *rt0 = (struct rt0_hdr *) opt->srcrt; 480 ipv6_addr_copy(&final, &fl.fl6_dst);
483 ipv6_addr_copy(&final, &fl.fl6_dst); 481 ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
484 ipv6_addr_copy(&fl.fl6_dst, rt0->addr); 482 final_p = &final;
485 final_p = &final;
486 }
487
488 err = ip6_dst_lookup(sk, &dst, &fl);
489 if (err)
490 goto done;
491 if (final_p)
492 ipv6_addr_copy(&fl.fl6_dst, final_p);
493 if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0)
494 goto done;
495 } 483 }
496 484
485 err = ip6_dst_lookup(sk, &dst, &fl);
486 if (err)
487 goto done;
488 if (final_p)
489 ipv6_addr_copy(&fl.fl6_dst, final_p);
490 if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0)
491 goto done;
492
497 skb = tcp_make_synack(sk, dst, req); 493 skb = tcp_make_synack(sk, dst, req);
498 if (skb) { 494 if (skb) {
499 struct tcphdr *th = tcp_hdr(skb); 495 struct tcphdr *th = tcp_hdr(skb);
@@ -514,6 +510,20 @@ done:
514 return err; 510 return err;
515} 511}
516 512
513static inline void syn_flood_warning(struct sk_buff *skb)
514{
515#ifdef CONFIG_SYN_COOKIES
516 if (sysctl_tcp_syncookies)
517 printk(KERN_INFO
518 "TCPv6: Possible SYN flooding on port %d. "
519 "Sending cookies.\n", ntohs(tcp_hdr(skb)->dest));
520 else
521#endif
522 printk(KERN_INFO
523 "TCPv6: Possible SYN flooding on port %d. "
524 "Dropping request.\n", ntohs(tcp_hdr(skb)->dest));
525}
526
517static void tcp_v6_reqsk_destructor(struct request_sock *req) 527static void tcp_v6_reqsk_destructor(struct request_sock *req)
518{ 528{
519 if (inet6_rsk(req)->pktopts) 529 if (inet6_rsk(req)->pktopts)
@@ -533,7 +543,7 @@ static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk,
533 return NULL; 543 return NULL;
534 544
535 for (i = 0; i < tp->md5sig_info->entries6; i++) { 545 for (i = 0; i < tp->md5sig_info->entries6; i++) {
536 if (ipv6_addr_cmp(&tp->md5sig_info->keys6[i].addr, addr) == 0) 546 if (ipv6_addr_equal(&tp->md5sig_info->keys6[i].addr, addr))
537 return &tp->md5sig_info->keys6[i].base; 547 return &tp->md5sig_info->keys6[i].base;
538 } 548 }
539 return NULL; 549 return NULL;
@@ -622,7 +632,7 @@ static int tcp_v6_md5_do_del(struct sock *sk, struct in6_addr *peer)
622 int i; 632 int i;
623 633
624 for (i = 0; i < tp->md5sig_info->entries6; i++) { 634 for (i = 0; i < tp->md5sig_info->entries6; i++) {
625 if (ipv6_addr_cmp(&tp->md5sig_info->keys6[i].addr, peer) == 0) { 635 if (ipv6_addr_equal(&tp->md5sig_info->keys6[i].addr, peer)) {
626 /* Free the key */ 636 /* Free the key */
627 kfree(tp->md5sig_info->keys6[i].base.key); 637 kfree(tp->md5sig_info->keys6[i].base.key);
628 tp->md5sig_info->entries6--; 638 tp->md5sig_info->entries6--;
@@ -741,7 +751,7 @@ static int tcp_v6_do_calc_md5_hash(char *md5_hash, struct tcp_md5sig_key *key,
741 751
742 hp = tcp_get_md5sig_pool(); 752 hp = tcp_get_md5sig_pool();
743 if (!hp) { 753 if (!hp) {
744 printk(KERN_WARNING "%s(): hash pool not found...\n", __FUNCTION__); 754 printk(KERN_WARNING "%s(): hash pool not found...\n", __func__);
745 goto clear_hash_noput; 755 goto clear_hash_noput;
746 } 756 }
747 bp = &hp->md5_blk.ip6; 757 bp = &hp->md5_blk.ip6;
@@ -781,17 +791,17 @@ static int tcp_v6_do_calc_md5_hash(char *md5_hash, struct tcp_md5sig_key *key,
781 /* Now store the hash into the packet */ 791 /* Now store the hash into the packet */
782 err = crypto_hash_init(desc); 792 err = crypto_hash_init(desc);
783 if (err) { 793 if (err) {
784 printk(KERN_WARNING "%s(): hash_init failed\n", __FUNCTION__); 794 printk(KERN_WARNING "%s(): hash_init failed\n", __func__);
785 goto clear_hash; 795 goto clear_hash;
786 } 796 }
787 err = crypto_hash_update(desc, sg, nbytes); 797 err = crypto_hash_update(desc, sg, nbytes);
788 if (err) { 798 if (err) {
789 printk(KERN_WARNING "%s(): hash_update failed\n", __FUNCTION__); 799 printk(KERN_WARNING "%s(): hash_update failed\n", __func__);
790 goto clear_hash; 800 goto clear_hash;
791 } 801 }
792 err = crypto_hash_final(desc, md5_hash); 802 err = crypto_hash_final(desc, md5_hash);
793 if (err) { 803 if (err) {
794 printk(KERN_WARNING "%s(): hash_final failed\n", __FUNCTION__); 804 printk(KERN_WARNING "%s(): hash_final failed\n", __func__);
795 goto clear_hash; 805 goto clear_hash;
796 } 806 }
797 807
@@ -917,7 +927,7 @@ done_opts:
917} 927}
918#endif 928#endif
919 929
920static struct request_sock_ops tcp6_request_sock_ops __read_mostly = { 930struct request_sock_ops tcp6_request_sock_ops __read_mostly = {
921 .family = AF_INET6, 931 .family = AF_INET6,
922 .obj_size = sizeof(struct tcp6_request_sock), 932 .obj_size = sizeof(struct tcp6_request_sock),
923 .rtx_syn_ack = tcp_v6_send_synack, 933 .rtx_syn_ack = tcp_v6_send_synack,
@@ -979,6 +989,8 @@ static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb)
979 struct tcphdr *th = tcp_hdr(skb), *t1; 989 struct tcphdr *th = tcp_hdr(skb), *t1;
980 struct sk_buff *buff; 990 struct sk_buff *buff;
981 struct flowi fl; 991 struct flowi fl;
992 struct net *net = dev_net(skb->dst->dev);
993 struct sock *ctl_sk = net->ipv6.tcp_sk;
982 unsigned int tot_len = sizeof(*th); 994 unsigned int tot_len = sizeof(*th);
983#ifdef CONFIG_TCP_MD5SIG 995#ifdef CONFIG_TCP_MD5SIG
984 struct tcp_md5sig_key *key; 996 struct tcp_md5sig_key *key;
@@ -1059,11 +1071,14 @@ static void tcp_v6_send_reset(struct sock *sk, struct sk_buff *skb)
1059 fl.fl_ip_sport = t1->source; 1071 fl.fl_ip_sport = t1->source;
1060 security_skb_classify_flow(skb, &fl); 1072 security_skb_classify_flow(skb, &fl);
1061 1073
1062 /* sk = NULL, but it is safe for now. RST socket required. */ 1074 /* Pass a socket to ip6_dst_lookup either it is for RST
1063 if (!ip6_dst_lookup(NULL, &buff->dst, &fl)) { 1075 * Underlying function will use this to retrieve the network
1076 * namespace
1077 */
1078 if (!ip6_dst_lookup(ctl_sk, &buff->dst, &fl)) {
1064 1079
1065 if (xfrm_lookup(&buff->dst, &fl, NULL, 0) >= 0) { 1080 if (xfrm_lookup(&buff->dst, &fl, NULL, 0) >= 0) {
1066 ip6_xmit(tcp6_socket->sk, buff, &fl, NULL, 0); 1081 ip6_xmit(ctl_sk, buff, &fl, NULL, 0);
1067 TCP_INC_STATS_BH(TCP_MIB_OUTSEGS); 1082 TCP_INC_STATS_BH(TCP_MIB_OUTSEGS);
1068 TCP_INC_STATS_BH(TCP_MIB_OUTRSTS); 1083 TCP_INC_STATS_BH(TCP_MIB_OUTRSTS);
1069 return; 1084 return;
@@ -1079,6 +1094,8 @@ static void tcp_v6_send_ack(struct tcp_timewait_sock *tw,
1079 struct tcphdr *th = tcp_hdr(skb), *t1; 1094 struct tcphdr *th = tcp_hdr(skb), *t1;
1080 struct sk_buff *buff; 1095 struct sk_buff *buff;
1081 struct flowi fl; 1096 struct flowi fl;
1097 struct net *net = dev_net(skb->dev);
1098 struct sock *ctl_sk = net->ipv6.tcp_sk;
1082 unsigned int tot_len = sizeof(struct tcphdr); 1099 unsigned int tot_len = sizeof(struct tcphdr);
1083 __be32 *topt; 1100 __be32 *topt;
1084#ifdef CONFIG_TCP_MD5SIG 1101#ifdef CONFIG_TCP_MD5SIG
@@ -1160,9 +1177,9 @@ static void tcp_v6_send_ack(struct tcp_timewait_sock *tw,
1160 fl.fl_ip_sport = t1->source; 1177 fl.fl_ip_sport = t1->source;
1161 security_skb_classify_flow(skb, &fl); 1178 security_skb_classify_flow(skb, &fl);
1162 1179
1163 if (!ip6_dst_lookup(NULL, &buff->dst, &fl)) { 1180 if (!ip6_dst_lookup(ctl_sk, &buff->dst, &fl)) {
1164 if (xfrm_lookup(&buff->dst, &fl, NULL, 0) >= 0) { 1181 if (xfrm_lookup(&buff->dst, &fl, NULL, 0) >= 0) {
1165 ip6_xmit(tcp6_socket->sk, buff, &fl, NULL, 0); 1182 ip6_xmit(ctl_sk, buff, &fl, NULL, 0);
1166 TCP_INC_STATS_BH(TCP_MIB_OUTSEGS); 1183 TCP_INC_STATS_BH(TCP_MIB_OUTSEGS);
1167 return; 1184 return;
1168 } 1185 }
@@ -1202,7 +1219,7 @@ static struct sock *tcp_v6_hnd_req(struct sock *sk,struct sk_buff *skb)
1202 if (req) 1219 if (req)
1203 return tcp_check_req(sk, skb, req, prev); 1220 return tcp_check_req(sk, skb, req, prev);
1204 1221
1205 nsk = __inet6_lookup_established(sk->sk_net, &tcp_hashinfo, 1222 nsk = __inet6_lookup_established(sock_net(sk), &tcp_hashinfo,
1206 &ipv6_hdr(skb)->saddr, th->source, 1223 &ipv6_hdr(skb)->saddr, th->source,
1207 &ipv6_hdr(skb)->daddr, ntohs(th->dest), inet6_iif(skb)); 1224 &ipv6_hdr(skb)->daddr, ntohs(th->dest), inet6_iif(skb));
1208 1225
@@ -1215,9 +1232,9 @@ static struct sock *tcp_v6_hnd_req(struct sock *sk,struct sk_buff *skb)
1215 return NULL; 1232 return NULL;
1216 } 1233 }
1217 1234
1218#if 0 /*def CONFIG_SYN_COOKIES*/ 1235#ifdef CONFIG_SYN_COOKIES
1219 if (!th->rst && !th->syn && th->ack) 1236 if (!th->rst && !th->syn && th->ack)
1220 sk = cookie_v6_check(sk, skb, &(IPCB(skb)->opt)); 1237 sk = cookie_v6_check(sk, skb);
1221#endif 1238#endif
1222 return sk; 1239 return sk;
1223} 1240}
@@ -1233,6 +1250,11 @@ static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
1233 struct tcp_sock *tp = tcp_sk(sk); 1250 struct tcp_sock *tp = tcp_sk(sk);
1234 struct request_sock *req = NULL; 1251 struct request_sock *req = NULL;
1235 __u32 isn = TCP_SKB_CB(skb)->when; 1252 __u32 isn = TCP_SKB_CB(skb)->when;
1253#ifdef CONFIG_SYN_COOKIES
1254 int want_cookie = 0;
1255#else
1256#define want_cookie 0
1257#endif
1236 1258
1237 if (skb->protocol == htons(ETH_P_IP)) 1259 if (skb->protocol == htons(ETH_P_IP))
1238 return tcp_v4_conn_request(sk, skb); 1260 return tcp_v4_conn_request(sk, skb);
@@ -1240,12 +1262,14 @@ static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
1240 if (!ipv6_unicast_destination(skb)) 1262 if (!ipv6_unicast_destination(skb))
1241 goto drop; 1263 goto drop;
1242 1264
1243 /*
1244 * There are no SYN attacks on IPv6, yet...
1245 */
1246 if (inet_csk_reqsk_queue_is_full(sk) && !isn) { 1265 if (inet_csk_reqsk_queue_is_full(sk) && !isn) {
1247 if (net_ratelimit()) 1266 if (net_ratelimit())
1248 printk(KERN_INFO "TCPv6: dropping request, synflood is possible\n"); 1267 syn_flood_warning(skb);
1268#ifdef CONFIG_SYN_COOKIES
1269 if (sysctl_tcp_syncookies)
1270 want_cookie = 1;
1271 else
1272#endif
1249 goto drop; 1273 goto drop;
1250 } 1274 }
1251 1275
@@ -1266,39 +1290,50 @@ static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
1266 1290
1267 tcp_parse_options(skb, &tmp_opt, 0); 1291 tcp_parse_options(skb, &tmp_opt, 0);
1268 1292
1293 if (want_cookie && !tmp_opt.saw_tstamp)
1294 tcp_clear_options(&tmp_opt);
1295
1269 tmp_opt.tstamp_ok = tmp_opt.saw_tstamp; 1296 tmp_opt.tstamp_ok = tmp_opt.saw_tstamp;
1270 tcp_openreq_init(req, &tmp_opt, skb); 1297 tcp_openreq_init(req, &tmp_opt, skb);
1271 1298
1272 treq = inet6_rsk(req); 1299 treq = inet6_rsk(req);
1273 ipv6_addr_copy(&treq->rmt_addr, &ipv6_hdr(skb)->saddr); 1300 ipv6_addr_copy(&treq->rmt_addr, &ipv6_hdr(skb)->saddr);
1274 ipv6_addr_copy(&treq->loc_addr, &ipv6_hdr(skb)->daddr); 1301 ipv6_addr_copy(&treq->loc_addr, &ipv6_hdr(skb)->daddr);
1275 TCP_ECN_create_request(req, tcp_hdr(skb));
1276 treq->pktopts = NULL; 1302 treq->pktopts = NULL;
1277 if (ipv6_opt_accepted(sk, skb) || 1303 if (!want_cookie)
1278 np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo || 1304 TCP_ECN_create_request(req, tcp_hdr(skb));
1279 np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) { 1305
1280 atomic_inc(&skb->users); 1306 if (want_cookie) {
1281 treq->pktopts = skb; 1307 isn = cookie_v6_init_sequence(sk, skb, &req->mss);
1282 } 1308 req->cookie_ts = tmp_opt.tstamp_ok;
1283 treq->iif = sk->sk_bound_dev_if; 1309 } else if (!isn) {
1310 if (ipv6_opt_accepted(sk, skb) ||
1311 np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo ||
1312 np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) {
1313 atomic_inc(&skb->users);
1314 treq->pktopts = skb;
1315 }
1316 treq->iif = sk->sk_bound_dev_if;
1284 1317
1285 /* So that link locals have meaning */ 1318 /* So that link locals have meaning */
1286 if (!sk->sk_bound_dev_if && 1319 if (!sk->sk_bound_dev_if &&
1287 ipv6_addr_type(&treq->rmt_addr) & IPV6_ADDR_LINKLOCAL) 1320 ipv6_addr_type(&treq->rmt_addr) & IPV6_ADDR_LINKLOCAL)
1288 treq->iif = inet6_iif(skb); 1321 treq->iif = inet6_iif(skb);
1289 1322
1290 if (isn == 0)
1291 isn = tcp_v6_init_sequence(skb); 1323 isn = tcp_v6_init_sequence(skb);
1324 }
1292 1325
1293 tcp_rsk(req)->snt_isn = isn; 1326 tcp_rsk(req)->snt_isn = isn;
1294 1327
1295 security_inet_conn_request(sk, skb, req); 1328 security_inet_conn_request(sk, skb, req);
1296 1329
1297 if (tcp_v6_send_synack(sk, req, NULL)) 1330 if (tcp_v6_send_synack(sk, req))
1298 goto drop; 1331 goto drop;
1299 1332
1300 inet6_csk_reqsk_queue_hash_add(sk, req, TCP_TIMEOUT_INIT); 1333 if (!want_cookie) {
1301 return 0; 1334 inet6_csk_reqsk_queue_hash_add(sk, req, TCP_TIMEOUT_INIT);
1335 return 0;
1336 }
1302 1337
1303drop: 1338drop:
1304 if (req) 1339 if (req)
@@ -1499,7 +1534,7 @@ static struct sock * tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
1499#endif 1534#endif
1500 1535
1501 __inet6_hash(newsk); 1536 __inet6_hash(newsk);
1502 inet_inherit_port(sk, newsk); 1537 __inet_inherit_port(sk, newsk);
1503 1538
1504 return newsk; 1539 return newsk;
1505 1540
@@ -1704,7 +1739,7 @@ static int tcp_v6_rcv(struct sk_buff *skb)
1704 TCP_SKB_CB(skb)->flags = ipv6_get_dsfield(ipv6_hdr(skb)); 1739 TCP_SKB_CB(skb)->flags = ipv6_get_dsfield(ipv6_hdr(skb));
1705 TCP_SKB_CB(skb)->sacked = 0; 1740 TCP_SKB_CB(skb)->sacked = 0;
1706 1741
1707 sk = __inet6_lookup(skb->dev->nd_net, &tcp_hashinfo, 1742 sk = __inet6_lookup(dev_net(skb->dev), &tcp_hashinfo,
1708 &ipv6_hdr(skb)->saddr, th->source, 1743 &ipv6_hdr(skb)->saddr, th->source,
1709 &ipv6_hdr(skb)->daddr, ntohs(th->dest), 1744 &ipv6_hdr(skb)->daddr, ntohs(th->dest),
1710 inet6_iif(skb)); 1745 inet6_iif(skb));
@@ -1787,7 +1822,7 @@ do_time_wait:
1787 { 1822 {
1788 struct sock *sk2; 1823 struct sock *sk2;
1789 1824
1790 sk2 = inet6_lookup_listener(skb->dev->nd_net, &tcp_hashinfo, 1825 sk2 = inet6_lookup_listener(dev_net(skb->dev), &tcp_hashinfo,
1791 &ipv6_hdr(skb)->daddr, 1826 &ipv6_hdr(skb)->daddr,
1792 ntohs(th->dest), inet6_iif(skb)); 1827 ntohs(th->dest), inet6_iif(skb));
1793 if (sk2 != NULL) { 1828 if (sk2 != NULL) {
@@ -2085,28 +2120,28 @@ out:
2085 return 0; 2120 return 0;
2086} 2121}
2087 2122
2088static struct file_operations tcp6_seq_fops;
2089static struct tcp_seq_afinfo tcp6_seq_afinfo = { 2123static struct tcp_seq_afinfo tcp6_seq_afinfo = {
2090 .owner = THIS_MODULE,
2091 .name = "tcp6", 2124 .name = "tcp6",
2092 .family = AF_INET6, 2125 .family = AF_INET6,
2093 .seq_show = tcp6_seq_show, 2126 .seq_fops = {
2094 .seq_fops = &tcp6_seq_fops, 2127 .owner = THIS_MODULE,
2128 },
2129 .seq_ops = {
2130 .show = tcp6_seq_show,
2131 },
2095}; 2132};
2096 2133
2097int __init tcp6_proc_init(void) 2134int tcp6_proc_init(struct net *net)
2098{ 2135{
2099 return tcp_proc_register(&tcp6_seq_afinfo); 2136 return tcp_proc_register(net, &tcp6_seq_afinfo);
2100} 2137}
2101 2138
2102void tcp6_proc_exit(void) 2139void tcp6_proc_exit(struct net *net)
2103{ 2140{
2104 tcp_proc_unregister(&tcp6_seq_afinfo); 2141 tcp_proc_unregister(net, &tcp6_seq_afinfo);
2105} 2142}
2106#endif 2143#endif
2107 2144
2108DEFINE_PROTO_INUSE(tcpv6)
2109
2110struct proto tcpv6_prot = { 2145struct proto tcpv6_prot = {
2111 .name = "TCPv6", 2146 .name = "TCPv6",
2112 .owner = THIS_MODULE, 2147 .owner = THIS_MODULE,
@@ -2137,12 +2172,11 @@ struct proto tcpv6_prot = {
2137 .obj_size = sizeof(struct tcp6_sock), 2172 .obj_size = sizeof(struct tcp6_sock),
2138 .twsk_prot = &tcp6_timewait_sock_ops, 2173 .twsk_prot = &tcp6_timewait_sock_ops,
2139 .rsk_prot = &tcp6_request_sock_ops, 2174 .rsk_prot = &tcp6_request_sock_ops,
2140 .hashinfo = &tcp_hashinfo, 2175 .h.hashinfo = &tcp_hashinfo,
2141#ifdef CONFIG_COMPAT 2176#ifdef CONFIG_COMPAT
2142 .compat_setsockopt = compat_tcp_setsockopt, 2177 .compat_setsockopt = compat_tcp_setsockopt,
2143 .compat_getsockopt = compat_tcp_getsockopt, 2178 .compat_getsockopt = compat_tcp_getsockopt,
2144#endif 2179#endif
2145 REF_PROTO_INUSE(tcpv6)
2146}; 2180};
2147 2181
2148static struct inet6_protocol tcpv6_protocol = { 2182static struct inet6_protocol tcpv6_protocol = {
@@ -2164,6 +2198,22 @@ static struct inet_protosw tcpv6_protosw = {
2164 INET_PROTOSW_ICSK, 2198 INET_PROTOSW_ICSK,
2165}; 2199};
2166 2200
2201static int tcpv6_net_init(struct net *net)
2202{
2203 return inet_ctl_sock_create(&net->ipv6.tcp_sk, PF_INET6,
2204 SOCK_RAW, IPPROTO_TCP, net);
2205}
2206
2207static void tcpv6_net_exit(struct net *net)
2208{
2209 inet_ctl_sock_destroy(net->ipv6.tcp_sk);
2210}
2211
2212static struct pernet_operations tcpv6_net_ops = {
2213 .init = tcpv6_net_init,
2214 .exit = tcpv6_net_exit,
2215};
2216
2167int __init tcpv6_init(void) 2217int __init tcpv6_init(void)
2168{ 2218{
2169 int ret; 2219 int ret;
@@ -2177,8 +2227,7 @@ int __init tcpv6_init(void)
2177 if (ret) 2227 if (ret)
2178 goto out_tcpv6_protocol; 2228 goto out_tcpv6_protocol;
2179 2229
2180 ret = inet_csk_ctl_sock_create(&tcp6_socket, PF_INET6, 2230 ret = register_pernet_subsys(&tcpv6_net_ops);
2181 SOCK_RAW, IPPROTO_TCP);
2182 if (ret) 2231 if (ret)
2183 goto out_tcpv6_protosw; 2232 goto out_tcpv6_protosw;
2184out: 2233out:
@@ -2193,7 +2242,7 @@ out_tcpv6_protosw:
2193 2242
2194void tcpv6_exit(void) 2243void tcpv6_exit(void)
2195{ 2244{
2196 sock_release(tcp6_socket); 2245 unregister_pernet_subsys(&tcpv6_net_ops);
2197 inet6_unregister_protosw(&tcpv6_protosw); 2246 inet6_unregister_protosw(&tcpv6_protosw);
2198 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP); 2247 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);
2199} 2248}
diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
index 53739de829db..1fd784f3e2ec 100644
--- a/net/ipv6/udp.c
+++ b/net/ipv6/udp.c
@@ -51,9 +51,9 @@
51#include <linux/seq_file.h> 51#include <linux/seq_file.h>
52#include "udp_impl.h" 52#include "udp_impl.h"
53 53
54static inline int udp_v6_get_port(struct sock *sk, unsigned short snum) 54int udp_v6_get_port(struct sock *sk, unsigned short snum)
55{ 55{
56 return udp_get_port(sk, snum, ipv6_rcv_saddr_equal); 56 return udp_lib_get_port(sk, snum, ipv6_rcv_saddr_equal);
57} 57}
58 58
59static struct sock *__udp6_lib_lookup(struct net *net, 59static struct sock *__udp6_lib_lookup(struct net *net,
@@ -70,7 +70,7 @@ static struct sock *__udp6_lib_lookup(struct net *net,
70 sk_for_each(sk, node, &udptable[hnum & (UDP_HTABLE_SIZE - 1)]) { 70 sk_for_each(sk, node, &udptable[hnum & (UDP_HTABLE_SIZE - 1)]) {
71 struct inet_sock *inet = inet_sk(sk); 71 struct inet_sock *inet = inet_sk(sk);
72 72
73 if (sk->sk_net == net && sk->sk_hash == hnum && 73 if (net_eq(sock_net(sk), net) && sk->sk_hash == hnum &&
74 sk->sk_family == PF_INET6) { 74 sk->sk_family == PF_INET6) {
75 struct ipv6_pinfo *np = inet6_sk(sk); 75 struct ipv6_pinfo *np = inet6_sk(sk);
76 int score = 0; 76 int score = 0;
@@ -235,7 +235,7 @@ void __udp6_lib_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
235 struct sock *sk; 235 struct sock *sk;
236 int err; 236 int err;
237 237
238 sk = __udp6_lib_lookup(skb->dev->nd_net, daddr, uh->dest, 238 sk = __udp6_lib_lookup(dev_net(skb->dev), daddr, uh->dest,
239 saddr, uh->source, inet6_iif(skb), udptable); 239 saddr, uh->source, inet6_iif(skb), udptable);
240 if (sk == NULL) 240 if (sk == NULL)
241 return; 241 return;
@@ -323,6 +323,9 @@ static struct sock *udp_v6_mcast_next(struct sock *sk,
323 sk_for_each_from(s, node) { 323 sk_for_each_from(s, node) {
324 struct inet_sock *inet = inet_sk(s); 324 struct inet_sock *inet = inet_sk(s);
325 325
326 if (sock_net(s) != sock_net(sk))
327 continue;
328
326 if (s->sk_hash == num && s->sk_family == PF_INET6) { 329 if (s->sk_hash == num && s->sk_family == PF_INET6) {
327 struct ipv6_pinfo *np = inet6_sk(s); 330 struct ipv6_pinfo *np = inet6_sk(s);
328 if (inet->dport) { 331 if (inet->dport) {
@@ -480,7 +483,7 @@ int __udp6_lib_rcv(struct sk_buff *skb, struct hlist_head udptable[],
480 * check socket cache ... must talk to Alan about his plans 483 * check socket cache ... must talk to Alan about his plans
481 * for sock caches... i'll skip this for now. 484 * for sock caches... i'll skip this for now.
482 */ 485 */
483 sk = __udp6_lib_lookup(skb->dev->nd_net, saddr, uh->source, 486 sk = __udp6_lib_lookup(dev_net(skb->dev), saddr, uh->source,
484 daddr, uh->dest, inet6_iif(skb), udptable); 487 daddr, uh->dest, inet6_iif(skb), udptable);
485 488
486 if (sk == NULL) { 489 if (sk == NULL) {
@@ -749,7 +752,10 @@ do_udp_sendmsg:
749 opt = ipv6_fixup_options(&opt_space, opt); 752 opt = ipv6_fixup_options(&opt_space, opt);
750 753
751 fl.proto = sk->sk_protocol; 754 fl.proto = sk->sk_protocol;
752 ipv6_addr_copy(&fl.fl6_dst, daddr); 755 if (!ipv6_addr_any(daddr))
756 ipv6_addr_copy(&fl.fl6_dst, daddr);
757 else
758 fl.fl6_dst.s6_addr[15] = 0x1; /* :: means loopback (BSD'ism) */
753 if (ipv6_addr_any(&fl.fl6_src) && !ipv6_addr_any(&np->saddr)) 759 if (ipv6_addr_any(&fl.fl6_src) && !ipv6_addr_any(&np->saddr))
754 ipv6_addr_copy(&fl.fl6_src, &np->saddr); 760 ipv6_addr_copy(&fl.fl6_src, &np->saddr);
755 fl.fl_ip_sport = inet->sport; 761 fl.fl_ip_sport = inet->sport;
@@ -789,9 +795,7 @@ do_udp_sendmsg:
789 else 795 else
790 hlimit = np->hop_limit; 796 hlimit = np->hop_limit;
791 if (hlimit < 0) 797 if (hlimit < 0)
792 hlimit = dst_metric(dst, RTAX_HOPLIMIT); 798 hlimit = ip6_dst_hoplimit(dst);
793 if (hlimit < 0)
794 hlimit = ipv6_get_hoplimit(dst->dev);
795 } 799 }
796 800
797 if (tclass < 0) { 801 if (tclass < 0) {
@@ -976,30 +980,30 @@ int udp6_seq_show(struct seq_file *seq, void *v)
976 return 0; 980 return 0;
977} 981}
978 982
979static struct file_operations udp6_seq_fops;
980static struct udp_seq_afinfo udp6_seq_afinfo = { 983static struct udp_seq_afinfo udp6_seq_afinfo = {
981 .owner = THIS_MODULE,
982 .name = "udp6", 984 .name = "udp6",
983 .family = AF_INET6, 985 .family = AF_INET6,
984 .hashtable = udp_hash, 986 .hashtable = udp_hash,
985 .seq_show = udp6_seq_show, 987 .seq_fops = {
986 .seq_fops = &udp6_seq_fops, 988 .owner = THIS_MODULE,
989 },
990 .seq_ops = {
991 .show = udp6_seq_show,
992 },
987}; 993};
988 994
989int __init udp6_proc_init(void) 995int udp6_proc_init(struct net *net)
990{ 996{
991 return udp_proc_register(&udp6_seq_afinfo); 997 return udp_proc_register(net, &udp6_seq_afinfo);
992} 998}
993 999
994void udp6_proc_exit(void) { 1000void udp6_proc_exit(struct net *net) {
995 udp_proc_unregister(&udp6_seq_afinfo); 1001 udp_proc_unregister(net, &udp6_seq_afinfo);
996} 1002}
997#endif /* CONFIG_PROC_FS */ 1003#endif /* CONFIG_PROC_FS */
998 1004
999/* ------------------------------------------------------------------------ */ 1005/* ------------------------------------------------------------------------ */
1000 1006
1001DEFINE_PROTO_INUSE(udpv6)
1002
1003struct proto udpv6_prot = { 1007struct proto udpv6_prot = {
1004 .name = "UDPv6", 1008 .name = "UDPv6",
1005 .owner = THIS_MODULE, 1009 .owner = THIS_MODULE,
@@ -1021,11 +1025,11 @@ struct proto udpv6_prot = {
1021 .sysctl_wmem = &sysctl_udp_wmem_min, 1025 .sysctl_wmem = &sysctl_udp_wmem_min,
1022 .sysctl_rmem = &sysctl_udp_rmem_min, 1026 .sysctl_rmem = &sysctl_udp_rmem_min,
1023 .obj_size = sizeof(struct udp6_sock), 1027 .obj_size = sizeof(struct udp6_sock),
1028 .h.udp_hash = udp_hash,
1024#ifdef CONFIG_COMPAT 1029#ifdef CONFIG_COMPAT
1025 .compat_setsockopt = compat_udpv6_setsockopt, 1030 .compat_setsockopt = compat_udpv6_setsockopt,
1026 .compat_getsockopt = compat_udpv6_getsockopt, 1031 .compat_getsockopt = compat_udpv6_getsockopt,
1027#endif 1032#endif
1028 REF_PROTO_INUSE(udpv6)
1029}; 1033};
1030 1034
1031static struct inet_protosw udpv6_protosw = { 1035static struct inet_protosw udpv6_protosw = {
diff --git a/net/ipv6/udp_impl.h b/net/ipv6/udp_impl.h
index 21be3a83e7bc..321b81a4d418 100644
--- a/net/ipv6/udp_impl.h
+++ b/net/ipv6/udp_impl.h
@@ -11,6 +11,8 @@ extern int __udp6_lib_rcv(struct sk_buff *, struct hlist_head [], int );
11extern void __udp6_lib_err(struct sk_buff *, struct inet6_skb_parm *, 11extern void __udp6_lib_err(struct sk_buff *, struct inet6_skb_parm *,
12 int , int , int , __be32 , struct hlist_head []); 12 int , int , int , __be32 , struct hlist_head []);
13 13
14extern int udp_v6_get_port(struct sock *sk, unsigned short snum);
15
14extern int udpv6_getsockopt(struct sock *sk, int level, int optname, 16extern int udpv6_getsockopt(struct sock *sk, int level, int optname,
15 char __user *optval, int __user *optlen); 17 char __user *optval, int __user *optlen);
16extern int udpv6_setsockopt(struct sock *sk, int level, int optname, 18extern int udpv6_setsockopt(struct sock *sk, int level, int optname,
diff --git a/net/ipv6/udplite.c b/net/ipv6/udplite.c
index 87d4202522ee..491efd00a866 100644
--- a/net/ipv6/udplite.c
+++ b/net/ipv6/udplite.c
@@ -35,13 +35,6 @@ static struct inet6_protocol udplitev6_protocol = {
35 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL, 35 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
36}; 36};
37 37
38static int udplite_v6_get_port(struct sock *sk, unsigned short snum)
39{
40 return udplite_get_port(sk, snum, ipv6_rcv_saddr_equal);
41}
42
43DEFINE_PROTO_INUSE(udplitev6)
44
45struct proto udplitev6_prot = { 38struct proto udplitev6_prot = {
46 .name = "UDPLITEv6", 39 .name = "UDPLITEv6",
47 .owner = THIS_MODULE, 40 .owner = THIS_MODULE,
@@ -58,13 +51,13 @@ struct proto udplitev6_prot = {
58 .backlog_rcv = udpv6_queue_rcv_skb, 51 .backlog_rcv = udpv6_queue_rcv_skb,
59 .hash = udp_lib_hash, 52 .hash = udp_lib_hash,
60 .unhash = udp_lib_unhash, 53 .unhash = udp_lib_unhash,
61 .get_port = udplite_v6_get_port, 54 .get_port = udp_v6_get_port,
62 .obj_size = sizeof(struct udp6_sock), 55 .obj_size = sizeof(struct udp6_sock),
56 .h.udp_hash = udplite_hash,
63#ifdef CONFIG_COMPAT 57#ifdef CONFIG_COMPAT
64 .compat_setsockopt = compat_udpv6_setsockopt, 58 .compat_setsockopt = compat_udpv6_setsockopt,
65 .compat_getsockopt = compat_udpv6_getsockopt, 59 .compat_getsockopt = compat_udpv6_getsockopt,
66#endif 60#endif
67 REF_PROTO_INUSE(udplitev6)
68}; 61};
69 62
70static struct inet_protosw udplite6_protosw = { 63static struct inet_protosw udplite6_protosw = {
@@ -103,23 +96,40 @@ void udplitev6_exit(void)
103} 96}
104 97
105#ifdef CONFIG_PROC_FS 98#ifdef CONFIG_PROC_FS
106static struct file_operations udplite6_seq_fops;
107static struct udp_seq_afinfo udplite6_seq_afinfo = { 99static struct udp_seq_afinfo udplite6_seq_afinfo = {
108 .owner = THIS_MODULE,
109 .name = "udplite6", 100 .name = "udplite6",
110 .family = AF_INET6, 101 .family = AF_INET6,
111 .hashtable = udplite_hash, 102 .hashtable = udplite_hash,
112 .seq_show = udp6_seq_show, 103 .seq_fops = {
113 .seq_fops = &udplite6_seq_fops, 104 .owner = THIS_MODULE,
105 },
106 .seq_ops = {
107 .show = udp6_seq_show,
108 },
109};
110
111static int udplite6_proc_init_net(struct net *net)
112{
113 return udp_proc_register(net, &udplite6_seq_afinfo);
114}
115
116static void udplite6_proc_exit_net(struct net *net)
117{
118 udp_proc_unregister(net, &udplite6_seq_afinfo);
119}
120
121static struct pernet_operations udplite6_net_ops = {
122 .init = udplite6_proc_init_net,
123 .exit = udplite6_proc_exit_net,
114}; 124};
115 125
116int __init udplite6_proc_init(void) 126int __init udplite6_proc_init(void)
117{ 127{
118 return udp_proc_register(&udplite6_seq_afinfo); 128 return register_pernet_subsys(&udplite6_net_ops);
119} 129}
120 130
121void udplite6_proc_exit(void) 131void udplite6_proc_exit(void)
122{ 132{
123 udp_proc_unregister(&udplite6_seq_afinfo); 133 unregister_pernet_subsys(&udplite6_net_ops);
124} 134}
125#endif 135#endif
diff --git a/net/ipv6/xfrm6_input.c b/net/ipv6/xfrm6_input.c
index a4714d76ae6b..a71c7ddcb41e 100644
--- a/net/ipv6/xfrm6_input.c
+++ b/net/ipv6/xfrm6_input.c
@@ -59,9 +59,6 @@ int xfrm6_input_addr(struct sk_buff *skb, xfrm_address_t *daddr,
59 xfrm_address_t *saddr, u8 proto) 59 xfrm_address_t *saddr, u8 proto)
60{ 60{
61 struct xfrm_state *x = NULL; 61 struct xfrm_state *x = NULL;
62 int wildcard = 0;
63 xfrm_address_t *xany;
64 int nh = 0;
65 int i = 0; 62 int i = 0;
66 63
67 /* Allocate new secpath or COW existing one. */ 64 /* Allocate new secpath or COW existing one. */
@@ -83,10 +80,9 @@ int xfrm6_input_addr(struct sk_buff *skb, xfrm_address_t *daddr,
83 goto drop; 80 goto drop;
84 } 81 }
85 82
86 xany = (xfrm_address_t *)&in6addr_any;
87
88 for (i = 0; i < 3; i++) { 83 for (i = 0; i < 3; i++) {
89 xfrm_address_t *dst, *src; 84 xfrm_address_t *dst, *src;
85
90 switch (i) { 86 switch (i) {
91 case 0: 87 case 0:
92 dst = daddr; 88 dst = daddr;
@@ -94,16 +90,13 @@ int xfrm6_input_addr(struct sk_buff *skb, xfrm_address_t *daddr,
94 break; 90 break;
95 case 1: 91 case 1:
96 /* lookup state with wild-card source address */ 92 /* lookup state with wild-card source address */
97 wildcard = 1;
98 dst = daddr; 93 dst = daddr;
99 src = xany; 94 src = (xfrm_address_t *)&in6addr_any;
100 break; 95 break;
101 case 2:
102 default: 96 default:
103 /* lookup state with wild-card addresses */ 97 /* lookup state with wild-card addresses */
104 wildcard = 1; /* XXX */ 98 dst = (xfrm_address_t *)&in6addr_any;
105 dst = xany; 99 src = (xfrm_address_t *)&in6addr_any;
106 src = xany;
107 break; 100 break;
108 } 101 }
109 102
@@ -113,39 +106,19 @@ int xfrm6_input_addr(struct sk_buff *skb, xfrm_address_t *daddr,
113 106
114 spin_lock(&x->lock); 107 spin_lock(&x->lock);
115 108
116 if (wildcard) { 109 if ((!i || (x->props.flags & XFRM_STATE_WILDRECV)) &&
117 if ((x->props.flags & XFRM_STATE_WILDRECV) == 0) { 110 likely(x->km.state == XFRM_STATE_VALID) &&
118 spin_unlock(&x->lock); 111 !xfrm_state_check_expire(x)) {
119 xfrm_state_put(x);
120 x = NULL;
121 continue;
122 }
123 }
124
125 if (unlikely(x->km.state != XFRM_STATE_VALID)) {
126 spin_unlock(&x->lock); 112 spin_unlock(&x->lock);
127 xfrm_state_put(x); 113 if (x->type->input(x, skb) > 0) {
128 x = NULL; 114 /* found a valid state */
129 continue; 115 break;
130 } 116 }
131 if (xfrm_state_check_expire(x)) { 117 } else
132 spin_unlock(&x->lock); 118 spin_unlock(&x->lock);
133 xfrm_state_put(x);
134 x = NULL;
135 continue;
136 }
137
138 spin_unlock(&x->lock);
139
140 nh = x->type->input(x, skb);
141 if (nh <= 0) {
142 xfrm_state_put(x);
143 x = NULL;
144 continue;
145 }
146 119
147 /* Found a state */ 120 xfrm_state_put(x);
148 break; 121 x = NULL;
149 } 122 }
150 123
151 if (!x) { 124 if (!x) {
diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c
index 7d20199ee1f3..8f1e0543b3c4 100644
--- a/net/ipv6/xfrm6_policy.c
+++ b/net/ipv6/xfrm6_policy.c
@@ -38,7 +38,7 @@ static struct dst_entry *xfrm6_dst_lookup(int tos, xfrm_address_t *saddr,
38 if (saddr) 38 if (saddr)
39 memcpy(&fl.fl6_src, saddr, sizeof(fl.fl6_src)); 39 memcpy(&fl.fl6_src, saddr, sizeof(fl.fl6_src));
40 40
41 dst = ip6_route_output(NULL, &fl); 41 dst = ip6_route_output(&init_net, NULL, &fl);
42 42
43 err = dst->error; 43 err = dst->error;
44 if (dst->error) { 44 if (dst->error) {
@@ -57,8 +57,9 @@ static int xfrm6_get_saddr(xfrm_address_t *saddr, xfrm_address_t *daddr)
57 if (IS_ERR(dst)) 57 if (IS_ERR(dst))
58 return -EHOSTUNREACH; 58 return -EHOSTUNREACH;
59 59
60 ipv6_get_saddr(dst, (struct in6_addr *)&daddr->a6, 60 ipv6_dev_get_saddr(ip6_dst_idev(dst)->dev,
61 (struct in6_addr *)&saddr->a6); 61 (struct in6_addr *)&daddr->a6, 0,
62 (struct in6_addr *)&saddr->a6);
62 dst_release(dst); 63 dst_release(dst);
63 return 0; 64 return 0;
64} 65}
@@ -246,7 +247,7 @@ static void xfrm6_dst_ifdown(struct dst_entry *dst, struct net_device *dev,
246 xdst = (struct xfrm_dst *)dst; 247 xdst = (struct xfrm_dst *)dst;
247 if (xdst->u.rt6.rt6i_idev->dev == dev) { 248 if (xdst->u.rt6.rt6i_idev->dev == dev) {
248 struct inet6_dev *loopback_idev = 249 struct inet6_dev *loopback_idev =
249 in6_dev_get(dev->nd_net->loopback_dev); 250 in6_dev_get(dev_net(dev)->loopback_dev);
250 BUG_ON(!loopback_idev); 251 BUG_ON(!loopback_idev);
251 252
252 do { 253 do {
diff --git a/net/ipv6/xfrm6_state.c b/net/ipv6/xfrm6_state.c
index ff1e1db8e236..89884a4f23aa 100644
--- a/net/ipv6/xfrm6_state.c
+++ b/net/ipv6/xfrm6_state.c
@@ -49,125 +49,102 @@ __xfrm6_init_tempsel(struct xfrm_state *x, struct flowi *fl,
49 x->props.family = AF_INET6; 49 x->props.family = AF_INET6;
50} 50}
51 51
52/* distribution counting sort function for xfrm_state and xfrm_tmpl */
52static int 53static int
53__xfrm6_state_sort(struct xfrm_state **dst, struct xfrm_state **src, int n) 54__xfrm6_sort(void **dst, void **src, int n, int (*cmp)(void *p), int maxclass)
54{ 55{
55 int i; 56 int i;
56 int j = 0; 57 int class[XFRM_MAX_DEPTH];
58 int count[maxclass];
57 59
58 /* Rule 1: select IPsec transport except AH */ 60 memset(count, 0, sizeof(count));
59 for (i = 0; i < n; i++) {
60 if (src[i]->props.mode == XFRM_MODE_TRANSPORT &&
61 src[i]->id.proto != IPPROTO_AH) {
62 dst[j++] = src[i];
63 src[i] = NULL;
64 }
65 }
66 if (j == n)
67 goto end;
68 61
69 /* Rule 2: select MIPv6 RO or inbound trigger */
70#if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE)
71 for (i = 0; i < n; i++) { 62 for (i = 0; i < n; i++) {
72 if (src[i] && 63 int c;
73 (src[i]->props.mode == XFRM_MODE_ROUTEOPTIMIZATION || 64 class[i] = c = cmp(src[i]);
74 src[i]->props.mode == XFRM_MODE_IN_TRIGGER)) { 65 count[c]++;
75 dst[j++] = src[i];
76 src[i] = NULL;
77 }
78 } 66 }
79 if (j == n)
80 goto end;
81#endif
82 67
83 /* Rule 3: select IPsec transport AH */ 68 for (i = 2; i < maxclass; i++)
84 for (i = 0; i < n; i++) { 69 count[i] += count[i - 1];
85 if (src[i] &&
86 src[i]->props.mode == XFRM_MODE_TRANSPORT &&
87 src[i]->id.proto == IPPROTO_AH) {
88 dst[j++] = src[i];
89 src[i] = NULL;
90 }
91 }
92 if (j == n)
93 goto end;
94 70
95 /* Rule 4: select IPsec tunnel */
96 for (i = 0; i < n; i++) { 71 for (i = 0; i < n; i++) {
97 if (src[i] && 72 dst[count[class[i] - 1]++] = src[i];
98 (src[i]->props.mode == XFRM_MODE_TUNNEL || 73 src[i] = 0;
99 src[i]->props.mode == XFRM_MODE_BEET)) {
100 dst[j++] = src[i];
101 src[i] = NULL;
102 }
103 } 74 }
104 if (likely(j == n))
105 goto end;
106 75
107 /* Final rule */
108 for (i = 0; i < n; i++) {
109 if (src[i]) {
110 dst[j++] = src[i];
111 src[i] = NULL;
112 }
113 }
114
115 end:
116 return 0; 76 return 0;
117} 77}
118 78
119static int 79/*
120__xfrm6_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n) 80 * Rule for xfrm_state:
81 *
82 * rule 1: select IPsec transport except AH
83 * rule 2: select MIPv6 RO or inbound trigger
84 * rule 3: select IPsec transport AH
85 * rule 4: select IPsec tunnel
86 * rule 5: others
87 */
88static int __xfrm6_state_sort_cmp(void *p)
121{ 89{
122 int i; 90 struct xfrm_state *v = p;
123 int j = 0; 91
124 92 switch (v->props.mode) {
125 /* Rule 1: select IPsec transport */ 93 case XFRM_MODE_TRANSPORT:
126 for (i = 0; i < n; i++) { 94 if (v->id.proto != IPPROTO_AH)
127 if (src[i]->mode == XFRM_MODE_TRANSPORT) { 95 return 1;
128 dst[j++] = src[i]; 96 else
129 src[i] = NULL; 97 return 3;
130 }
131 }
132 if (j == n)
133 goto end;
134
135 /* Rule 2: select MIPv6 RO or inbound trigger */
136#if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE) 98#if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE)
137 for (i = 0; i < n; i++) { 99 case XFRM_MODE_ROUTEOPTIMIZATION:
138 if (src[i] && 100 case XFRM_MODE_IN_TRIGGER:
139 (src[i]->mode == XFRM_MODE_ROUTEOPTIMIZATION || 101 return 2;
140 src[i]->mode == XFRM_MODE_IN_TRIGGER)) {
141 dst[j++] = src[i];
142 src[i] = NULL;
143 }
144 }
145 if (j == n)
146 goto end;
147#endif 102#endif
148 103 case XFRM_MODE_TUNNEL:
149 /* Rule 3: select IPsec tunnel */ 104 case XFRM_MODE_BEET:
150 for (i = 0; i < n; i++) { 105 return 4;
151 if (src[i] &&
152 (src[i]->mode == XFRM_MODE_TUNNEL ||
153 src[i]->mode == XFRM_MODE_BEET)) {
154 dst[j++] = src[i];
155 src[i] = NULL;
156 }
157 } 106 }
158 if (likely(j == n)) 107 return 5;
159 goto end; 108}
160 109
161 /* Final rule */ 110static int
162 for (i = 0; i < n; i++) { 111__xfrm6_state_sort(struct xfrm_state **dst, struct xfrm_state **src, int n)
163 if (src[i]) { 112{
164 dst[j++] = src[i]; 113 return __xfrm6_sort((void **)dst, (void **)src, n,
165 src[i] = NULL; 114 __xfrm6_state_sort_cmp, 6);
166 } 115}
116
117/*
118 * Rule for xfrm_tmpl:
119 *
120 * rule 1: select IPsec transport
121 * rule 2: select MIPv6 RO or inbound trigger
122 * rule 3: select IPsec tunnel
123 * rule 4: others
124 */
125static int __xfrm6_tmpl_sort_cmp(void *p)
126{
127 struct xfrm_tmpl *v = p;
128 switch (v->mode) {
129 case XFRM_MODE_TRANSPORT:
130 return 1;
131#if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE)
132 case XFRM_MODE_ROUTEOPTIMIZATION:
133 case XFRM_MODE_IN_TRIGGER:
134 return 2;
135#endif
136 case XFRM_MODE_TUNNEL:
137 case XFRM_MODE_BEET:
138 return 3;
167 } 139 }
140 return 4;
141}
168 142
169 end: 143static int
170 return 0; 144__xfrm6_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n)
145{
146 return __xfrm6_sort((void **)dst, (void **)src, n,
147 __xfrm6_tmpl_sort_cmp, 5);
171} 148}
172 149
173int xfrm6_extract_header(struct sk_buff *skb) 150int xfrm6_extract_header(struct sk_buff *skb)
diff --git a/net/ipv6/xfrm6_tunnel.c b/net/ipv6/xfrm6_tunnel.c
index 639fe8a6ff1e..c2b278138604 100644
--- a/net/ipv6/xfrm6_tunnel.c
+++ b/net/ipv6/xfrm6_tunnel.c
@@ -140,12 +140,26 @@ __be32 xfrm6_tunnel_spi_lookup(xfrm_address_t *saddr)
140 140
141EXPORT_SYMBOL(xfrm6_tunnel_spi_lookup); 141EXPORT_SYMBOL(xfrm6_tunnel_spi_lookup);
142 142
143static int __xfrm6_tunnel_spi_check(u32 spi)
144{
145 struct xfrm6_tunnel_spi *x6spi;
146 int index = xfrm6_tunnel_spi_hash_byspi(spi);
147 struct hlist_node *pos;
148
149 hlist_for_each_entry(x6spi, pos,
150 &xfrm6_tunnel_spi_byspi[index],
151 list_byspi) {
152 if (x6spi->spi == spi)
153 return -1;
154 }
155 return index;
156}
157
143static u32 __xfrm6_tunnel_alloc_spi(xfrm_address_t *saddr) 158static u32 __xfrm6_tunnel_alloc_spi(xfrm_address_t *saddr)
144{ 159{
145 u32 spi; 160 u32 spi;
146 struct xfrm6_tunnel_spi *x6spi; 161 struct xfrm6_tunnel_spi *x6spi;
147 struct hlist_node *pos; 162 int index;
148 unsigned index;
149 163
150 if (xfrm6_tunnel_spi < XFRM6_TUNNEL_SPI_MIN || 164 if (xfrm6_tunnel_spi < XFRM6_TUNNEL_SPI_MIN ||
151 xfrm6_tunnel_spi >= XFRM6_TUNNEL_SPI_MAX) 165 xfrm6_tunnel_spi >= XFRM6_TUNNEL_SPI_MAX)
@@ -154,32 +168,19 @@ static u32 __xfrm6_tunnel_alloc_spi(xfrm_address_t *saddr)
154 xfrm6_tunnel_spi++; 168 xfrm6_tunnel_spi++;
155 169
156 for (spi = xfrm6_tunnel_spi; spi <= XFRM6_TUNNEL_SPI_MAX; spi++) { 170 for (spi = xfrm6_tunnel_spi; spi <= XFRM6_TUNNEL_SPI_MAX; spi++) {
157 index = xfrm6_tunnel_spi_hash_byspi(spi); 171 index = __xfrm6_tunnel_spi_check(spi);
158 hlist_for_each_entry(x6spi, pos, 172 if (index >= 0)
159 &xfrm6_tunnel_spi_byspi[index], 173 goto alloc_spi;
160 list_byspi) {
161 if (x6spi->spi == spi)
162 goto try_next_1;
163 }
164 xfrm6_tunnel_spi = spi;
165 goto alloc_spi;
166try_next_1:;
167 } 174 }
168 for (spi = XFRM6_TUNNEL_SPI_MIN; spi < xfrm6_tunnel_spi; spi++) { 175 for (spi = XFRM6_TUNNEL_SPI_MIN; spi < xfrm6_tunnel_spi; spi++) {
169 index = xfrm6_tunnel_spi_hash_byspi(spi); 176 index = __xfrm6_tunnel_spi_check(spi);
170 hlist_for_each_entry(x6spi, pos, 177 if (index >= 0)
171 &xfrm6_tunnel_spi_byspi[index], 178 goto alloc_spi;
172 list_byspi) {
173 if (x6spi->spi == spi)
174 goto try_next_2;
175 }
176 xfrm6_tunnel_spi = spi;
177 goto alloc_spi;
178try_next_2:;
179 } 179 }
180 spi = 0; 180 spi = 0;
181 goto out; 181 goto out;
182alloc_spi: 182alloc_spi:
183 xfrm6_tunnel_spi = spi;
183 x6spi = kmem_cache_alloc(xfrm6_tunnel_spi_kmem, GFP_ATOMIC); 184 x6spi = kmem_cache_alloc(xfrm6_tunnel_spi_kmem, GFP_ATOMIC);
184 if (!x6spi) 185 if (!x6spi)
185 goto out; 186 goto out;
generated by cgit v1.2.2 (git 2.25.0) at 2025-02-13 21:29:01 -0500