diff options
author | David S. Miller <davem@davemloft.net> | 2018-10-23 05:33:29 +0300 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2018-10-23 05:33:29 +0300 |
commit | de46e92af4461decff2288a1e97e47cd9e82f783 (patch) | |
tree | 266dc6ae02e10fac338a693a94b7372375ba1af9 | |
parent | 8df591f35e9651b955d21f43828f54c106cf4807 (diff) | |
parent | 6371a71f3a3b2bc47880dd76c2f176495802d0df (diff) | |
download | linux-de46e92af4461decff2288a1e97e47cd9e82f783.tar.xz |
Merge branch 'net-Add-support-for-dumping-addresses-for-a-specific-device'
David Ahern says:
====================
net: Add support for dumping addresses for a specific device
Use the recently added kernel side filter infrastructure to add support
for dumping addresses only for a specific device.
Patch 1 creates an IPv4 version similar to IPv6's in6_dump_addrs function.
Patch 2 simplifies in6_dump_addrs by moving index tracking of IP
addresses from inet6_dump_addr to in6_dump_addrs.
Patches 3 and 4 use the device-based address dump helpers to limit a
dump to just the addresses on a specific device.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | net/ipv4/devinet.c | 77 | ||||
-rw-r--r-- | net/ipv6/addrconf.c | 43 |
2 files changed, 85 insertions, 35 deletions
diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c index d122ebbe5980..63d5b58fbfdb 100644 --- a/net/ipv4/devinet.c +++ b/net/ipv4/devinet.c @@ -109,6 +109,7 @@ struct inet_fill_args { int event; unsigned int flags; int netnsid; + int ifindex; }; #define IN4_ADDR_HSIZE_SHIFT 8 @@ -1663,8 +1664,9 @@ nla_put_failure: static int inet_valid_dump_ifaddr_req(const struct nlmsghdr *nlh, struct inet_fill_args *fillargs, struct net **tgt_net, struct sock *sk, - struct netlink_ext_ack *extack) + struct netlink_callback *cb) { + struct netlink_ext_ack *extack = cb->extack; struct nlattr *tb[IFA_MAX+1]; struct ifaddrmsg *ifm; int err, i; @@ -1679,9 +1681,11 @@ static int inet_valid_dump_ifaddr_req(const struct nlmsghdr *nlh, NL_SET_ERR_MSG(extack, "ipv4: Invalid values in header for address dump request"); return -EINVAL; } - if (ifm->ifa_index) { - NL_SET_ERR_MSG(extack, "ipv4: Filter by device index not supported for address dump"); - return -EINVAL; + + fillargs->ifindex = ifm->ifa_index; + if (fillargs->ifindex) { + cb->answer_flags |= NLM_F_DUMP_FILTERED; + fillargs->flags |= NLM_F_DUMP_FILTERED; } err = nlmsg_parse_strict(nlh, sizeof(*ifm), tb, IFA_MAX, @@ -1713,6 +1717,32 @@ static int inet_valid_dump_ifaddr_req(const struct nlmsghdr *nlh, return 0; } +static int in_dev_dump_addr(struct in_device *in_dev, struct sk_buff *skb, + struct netlink_callback *cb, int s_ip_idx, + struct inet_fill_args *fillargs) +{ + struct in_ifaddr *ifa; + int ip_idx = 0; + int err; + + for (ifa = in_dev->ifa_list; ifa; ifa = ifa->ifa_next, ip_idx++) { + if (ip_idx < s_ip_idx) + continue; + + err = inet_fill_ifaddr(skb, ifa, fillargs); + if (err < 0) + goto done; + + nl_dump_check_consistent(cb, nlmsg_hdr(skb)); + } + err = 0; + +done: + cb->args[2] = ip_idx; + + return err; +} + static int inet_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb) { const struct nlmsghdr *nlh = cb->nlh; @@ -1727,23 +1757,34 @@ static int inet_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb) struct net *tgt_net = net; int h, s_h; int idx, s_idx; - int ip_idx, s_ip_idx; + int s_ip_idx; struct net_device *dev; struct in_device *in_dev; - struct in_ifaddr *ifa; struct hlist_head *head; + int err; s_h = cb->args[0]; s_idx = idx = cb->args[1]; - s_ip_idx = ip_idx = cb->args[2]; + s_ip_idx = cb->args[2]; if (cb->strict_check) { - int err; - err = inet_valid_dump_ifaddr_req(nlh, &fillargs, &tgt_net, - skb->sk, cb->extack); + skb->sk, cb); if (err < 0) return err; + + if (fillargs.ifindex) { + dev = __dev_get_by_index(tgt_net, fillargs.ifindex); + if (!dev) + return -ENODEV; + + in_dev = __in_dev_get_rtnl(dev); + if (in_dev) { + err = in_dev_dump_addr(in_dev, skb, cb, s_ip_idx, + &fillargs); + } + goto put_tgt_net; + } } for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) { @@ -1761,15 +1802,11 @@ static int inet_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb) if (!in_dev) goto cont; - for (ifa = in_dev->ifa_list, ip_idx = 0; ifa; - ifa = ifa->ifa_next, ip_idx++) { - if (ip_idx < s_ip_idx) - continue; - if (inet_fill_ifaddr(skb, ifa, &fillargs) < 0) { - rcu_read_unlock(); - goto done; - } - nl_dump_check_consistent(cb, nlmsg_hdr(skb)); + err = in_dev_dump_addr(in_dev, skb, cb, s_ip_idx, + &fillargs); + if (err < 0) { + rcu_read_unlock(); + goto done; } cont: idx++; @@ -1780,7 +1817,7 @@ cont: done: cb->args[0] = h; cb->args[1] = idx; - cb->args[2] = ip_idx; +put_tgt_net: if (fillargs.netnsid >= 0) put_net(tgt_net); diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c index e39c284e2954..45b84dd5c4eb 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c @@ -4821,6 +4821,7 @@ struct inet6_fill_args { int event; unsigned int flags; int netnsid; + int ifindex; enum addr_type_t type; }; @@ -4955,14 +4956,13 @@ static int inet6_fill_ifacaddr(struct sk_buff *skb, struct ifacaddr6 *ifaca, /* called with rcu_read_lock() */ static int in6_dump_addrs(struct inet6_dev *idev, struct sk_buff *skb, - struct netlink_callback *cb, - int s_ip_idx, int *p_ip_idx, + struct netlink_callback *cb, int s_ip_idx, struct inet6_fill_args *fillargs) { struct ifmcaddr6 *ifmca; struct ifacaddr6 *ifaca; + int ip_idx = 0; int err = 1; - int ip_idx = *p_ip_idx; read_lock_bh(&idev->lock); switch (fillargs->type) { @@ -5012,15 +5012,16 @@ next: break; } read_unlock_bh(&idev->lock); - *p_ip_idx = ip_idx; + cb->args[2] = ip_idx; return err; } static int inet6_valid_dump_ifaddr_req(const struct nlmsghdr *nlh, struct inet6_fill_args *fillargs, struct net **tgt_net, struct sock *sk, - struct netlink_ext_ack *extack) + struct netlink_callback *cb) { + struct netlink_ext_ack *extack = cb->extack; struct nlattr *tb[IFA_MAX+1]; struct ifaddrmsg *ifm; int err, i; @@ -5035,9 +5036,11 @@ static int inet6_valid_dump_ifaddr_req(const struct nlmsghdr *nlh, NL_SET_ERR_MSG_MOD(extack, "Invalid values in header for address dump request"); return -EINVAL; } - if (ifm->ifa_index) { - NL_SET_ERR_MSG_MOD(extack, "Filter by device index not supported for address dump"); - return -EINVAL; + + fillargs->ifindex = ifm->ifa_index; + if (fillargs->ifindex) { + cb->answer_flags |= NLM_F_DUMP_FILTERED; + fillargs->flags |= NLM_F_DUMP_FILTERED; } err = nlmsg_parse_strict(nlh, sizeof(*ifm), tb, IFA_MAX, @@ -5081,24 +5084,35 @@ static int inet6_dump_addr(struct sk_buff *skb, struct netlink_callback *cb, }; struct net *net = sock_net(skb->sk); struct net *tgt_net = net; + int idx, s_idx, s_ip_idx; int h, s_h; - int idx, ip_idx; - int s_idx, s_ip_idx; struct net_device *dev; struct inet6_dev *idev; struct hlist_head *head; s_h = cb->args[0]; s_idx = idx = cb->args[1]; - s_ip_idx = ip_idx = cb->args[2]; + s_ip_idx = cb->args[2]; if (cb->strict_check) { int err; err = inet6_valid_dump_ifaddr_req(nlh, &fillargs, &tgt_net, - skb->sk, cb->extack); + skb->sk, cb); if (err < 0) return err; + + if (fillargs.ifindex) { + dev = __dev_get_by_index(tgt_net, fillargs.ifindex); + if (!dev) + return -ENODEV; + idev = __in6_dev_get(dev); + if (idev) { + err = in6_dump_addrs(idev, skb, cb, s_ip_idx, + &fillargs); + } + goto put_tgt_net; + } } rcu_read_lock(); @@ -5111,12 +5125,11 @@ static int inet6_dump_addr(struct sk_buff *skb, struct netlink_callback *cb, goto cont; if (h > s_h || idx > s_idx) s_ip_idx = 0; - ip_idx = 0; idev = __in6_dev_get(dev); if (!idev) goto cont; - if (in6_dump_addrs(idev, skb, cb, s_ip_idx, &ip_idx, + if (in6_dump_addrs(idev, skb, cb, s_ip_idx, &fillargs) < 0) goto done; cont: @@ -5127,7 +5140,7 @@ done: rcu_read_unlock(); cb->args[0] = h; cb->args[1] = idx; - cb->args[2] = ip_idx; +put_tgt_net: if (fillargs.netnsid >= 0) put_net(tgt_net); |