1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * inet_diag.c Module for monitoring INET transport protocols sockets.
4 *
5 * Authors: Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>
6 */
7
8#include <linux/kernel.h>
9#include <linux/module.h>
10#include <linux/types.h>
11#include <linux/fcntl.h>
12#include <linux/random.h>
13#include <linux/slab.h>
14#include <linux/cache.h>
15#include <linux/init.h>
16#include <linux/time.h>
17
18#include <net/icmp.h>
19#include <net/tcp.h>
20#include <net/ipv6.h>
21#include <net/inet_common.h>
22#include <net/inet_connection_sock.h>
23#include <net/inet_hashtables.h>
24#include <net/inet_timewait_sock.h>
25#include <net/inet6_hashtables.h>
26#include <net/bpf_sk_storage.h>
27#include <net/netlink.h>
28
29#include <linux/inet.h>
30#include <linux/stddef.h>
31
32#include <linux/inet_diag.h>
33#include <linux/sock_diag.h>
34
35static const struct inet_diag_handler __rcu **inet_diag_table;
36
37struct inet_diag_entry {
38 const __be32 *saddr;
39 const __be32 *daddr;
40 u16 sport;
41 u16 dport;
42 u16 family;
43 u16 userlocks;
44 u32 ifindex;
45 u32 mark;
46#ifdef CONFIG_SOCK_CGROUP_DATA
47 u64 cgroup_id;
48#endif
49};
50
51static const struct inet_diag_handler *inet_diag_lock_handler(int proto)
52{
53 const struct inet_diag_handler *handler;
54
55 if (proto < 0 || proto >= IPPROTO_MAX)
56 return NULL;
57
58 if (!READ_ONCE(inet_diag_table[proto]))
59 sock_load_diag_module(AF_INET, protocol: proto);
60
61 rcu_read_lock();
62 handler = rcu_dereference(inet_diag_table[proto]);
63 if (handler && !try_module_get(module: handler->owner))
64 handler = NULL;
65 rcu_read_unlock();
66
67 return handler;
68}
69
70static void inet_diag_unlock_handler(const struct inet_diag_handler *handler)
71{
72 module_put(module: handler->owner);
73}
74
75void inet_diag_msg_common_fill(struct inet_diag_msg *r, struct sock *sk)
76{
77 r->idiag_family = sk->sk_family;
78
79 r->id.idiag_sport = htons(sk->sk_num);
80 r->id.idiag_dport = sk->sk_dport;
81 r->id.idiag_if = sk->sk_bound_dev_if;
82 sock_diag_save_cookie(sk, cookie: r->id.idiag_cookie);
83
84#if IS_ENABLED(CONFIG_IPV6)
85 if (sk->sk_family == AF_INET6) {
86 *(struct in6_addr *)r->id.idiag_src = sk->sk_v6_rcv_saddr;
87 *(struct in6_addr *)r->id.idiag_dst = sk->sk_v6_daddr;
88 } else
89#endif
90 {
91 memset(&r->id.idiag_src, 0, sizeof(r->id.idiag_src));
92 memset(&r->id.idiag_dst, 0, sizeof(r->id.idiag_dst));
93
94 r->id.idiag_src[0] = sk->sk_rcv_saddr;
95 r->id.idiag_dst[0] = sk->sk_daddr;
96 }
97}
98EXPORT_SYMBOL_GPL(inet_diag_msg_common_fill);
99
100static size_t inet_sk_attr_size(struct sock *sk,
101 const struct inet_diag_req_v2 *req,
102 bool net_admin)
103{
104 const struct inet_diag_handler *handler;
105 size_t aux = 0;
106
107 rcu_read_lock();
108 handler = rcu_dereference(inet_diag_table[req->sdiag_protocol]);
109 DEBUG_NET_WARN_ON_ONCE(!handler);
110 if (handler && handler->idiag_get_aux_size)
111 aux = handler->idiag_get_aux_size(sk, net_admin);
112 rcu_read_unlock();
113
114 return nla_total_size(payload: sizeof(struct tcp_info))
115 + nla_total_size(payload: sizeof(struct inet_diag_msg))
116 + inet_diag_msg_attrs_size()
117 + nla_total_size(payload: sizeof(struct inet_diag_meminfo))
118 + nla_total_size(payload: SK_MEMINFO_VARS * sizeof(u32))
119 + nla_total_size(TCP_CA_NAME_MAX)
120 + nla_total_size(payload: sizeof(struct tcpvegas_info))
121 + aux
122 + 64;
123}
124
125int inet_diag_msg_attrs_fill(struct sock *sk, struct sk_buff *skb,
126 struct inet_diag_msg *r, int ext,
127 struct user_namespace *user_ns,
128 bool net_admin)
129{
130 const struct inet_sock *inet = inet_sk(sk);
131 struct inet_diag_sockopt inet_sockopt;
132
133 if (nla_put_u8(skb, attrtype: INET_DIAG_SHUTDOWN, value: sk->sk_shutdown))
134 goto errout;
135
136 /* IPv6 dual-stack sockets use inet->tos for IPv4 connections,
137 * hence this needs to be included regardless of socket family.
138 */
139 if (ext & (1 << (INET_DIAG_TOS - 1)))
140 if (nla_put_u8(skb, attrtype: INET_DIAG_TOS, READ_ONCE(inet->tos)) < 0)
141 goto errout;
142
143#if IS_ENABLED(CONFIG_IPV6)
144 if (r->idiag_family == AF_INET6) {
145 if (ext & (1 << (INET_DIAG_TCLASS - 1)))
146 if (nla_put_u8(skb, attrtype: INET_DIAG_TCLASS,
147 value: inet6_sk(sk: sk)->tclass) < 0)
148 goto errout;
149
150 if (((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE)) &&
151 nla_put_u8(skb, attrtype: INET_DIAG_SKV6ONLY, ipv6_only_sock(sk)))
152 goto errout;
153 }
154#endif
155
156 if (net_admin && nla_put_u32(skb, attrtype: INET_DIAG_MARK, READ_ONCE(sk->sk_mark)))
157 goto errout;
158
159 if (ext & (1 << (INET_DIAG_CLASS_ID - 1)) ||
160 ext & (1 << (INET_DIAG_TCLASS - 1))) {
161 u32 classid = 0;
162
163#ifdef CONFIG_SOCK_CGROUP_DATA
164 classid = sock_cgroup_classid(skcd: &sk->sk_cgrp_data);
165#endif
166 /* Fallback to socket priority if class id isn't set.
167 * Classful qdiscs use it as direct reference to class.
168 * For cgroup2 classid is always zero.
169 */
170 if (!classid)
171 classid = READ_ONCE(sk->sk_priority);
172
173 if (nla_put_u32(skb, attrtype: INET_DIAG_CLASS_ID, value: classid))
174 goto errout;
175 }
176
177#ifdef CONFIG_SOCK_CGROUP_DATA
178 if (nla_put_u64_64bit(skb, attrtype: INET_DIAG_CGROUP_ID,
179 value: cgroup_id(cgrp: sock_cgroup_ptr(skcd: &sk->sk_cgrp_data)),
180 padattr: INET_DIAG_PAD))
181 goto errout;
182#endif
183
184 r->idiag_uid = from_kuid_munged(to: user_ns, uid: sock_i_uid(sk));
185 r->idiag_inode = sock_i_ino(sk);
186
187 memset(&inet_sockopt, 0, sizeof(inet_sockopt));
188 inet_sockopt.recverr = inet_test_bit(RECVERR, sk);
189 inet_sockopt.is_icsk = inet_test_bit(IS_ICSK, sk);
190 inet_sockopt.freebind = inet_test_bit(FREEBIND, sk);
191 inet_sockopt.hdrincl = inet_test_bit(HDRINCL, sk);
192 inet_sockopt.mc_loop = inet_test_bit(MC_LOOP, sk);
193 inet_sockopt.transparent = inet_test_bit(TRANSPARENT, sk);
194 inet_sockopt.mc_all = inet_test_bit(MC_ALL, sk);
195 inet_sockopt.nodefrag = inet_test_bit(NODEFRAG, sk);
196 inet_sockopt.bind_address_no_port = inet_test_bit(BIND_ADDRESS_NO_PORT, sk);
197 inet_sockopt.recverr_rfc4884 = inet_test_bit(RECVERR_RFC4884, sk);
198 inet_sockopt.defer_connect = inet_test_bit(DEFER_CONNECT, sk);
199 if (nla_put(skb, attrtype: INET_DIAG_SOCKOPT, attrlen: sizeof(inet_sockopt),
200 data: &inet_sockopt))
201 goto errout;
202
203 return 0;
204errout:
205 return 1;
206}
207EXPORT_SYMBOL_GPL(inet_diag_msg_attrs_fill);
208
209static int inet_diag_parse_attrs(const struct nlmsghdr *nlh, int hdrlen,
210 struct nlattr **req_nlas)
211{
212 struct nlattr *nla;
213 int remaining;
214
215 nlmsg_for_each_attr(nla, nlh, hdrlen, remaining) {
216 int type = nla_type(nla);
217
218 if (type == INET_DIAG_REQ_PROTOCOL && nla_len(nla) != sizeof(u32))
219 return -EINVAL;
220
221 if (type < __INET_DIAG_REQ_MAX)
222 req_nlas[type] = nla;
223 }
224 return 0;
225}
226
227static int inet_diag_get_protocol(const struct inet_diag_req_v2 *req,
228 const struct inet_diag_dump_data *data)
229{
230 if (data->req_nlas[INET_DIAG_REQ_PROTOCOL])
231 return nla_get_u32(nla: data->req_nlas[INET_DIAG_REQ_PROTOCOL]);
232 return req->sdiag_protocol;
233}
234
235#define MAX_DUMP_ALLOC_SIZE (KMALLOC_MAX_SIZE - SKB_DATA_ALIGN(sizeof(struct skb_shared_info)))
236
237int inet_sk_diag_fill(struct sock *sk, struct inet_connection_sock *icsk,
238 struct sk_buff *skb, struct netlink_callback *cb,
239 const struct inet_diag_req_v2 *req,
240 u16 nlmsg_flags, bool net_admin)
241{
242 const struct tcp_congestion_ops *ca_ops;
243 const struct inet_diag_handler *handler;
244 struct inet_diag_dump_data *cb_data;
245 int ext = req->idiag_ext;
246 struct inet_diag_msg *r;
247 struct nlmsghdr *nlh;
248 struct nlattr *attr;
249 void *info = NULL;
250 int protocol;
251
252 cb_data = cb->data;
253 protocol = inet_diag_get_protocol(req, data: cb_data);
254
255 /* inet_diag_lock_handler() made sure inet_diag_table[] is stable. */
256 handler = rcu_dereference_protected(inet_diag_table[protocol], 1);
257 DEBUG_NET_WARN_ON_ONCE(!handler);
258 if (!handler)
259 return -ENXIO;
260
261 nlh = nlmsg_put(skb, NETLINK_CB(cb->skb).portid, seq: cb->nlh->nlmsg_seq,
262 type: cb->nlh->nlmsg_type, payload: sizeof(*r), flags: nlmsg_flags);
263 if (!nlh)
264 return -EMSGSIZE;
265
266 r = nlmsg_data(nlh);
267 BUG_ON(!sk_fullsock(sk));
268
269 inet_diag_msg_common_fill(r, sk);
270 r->idiag_state = sk->sk_state;
271 r->idiag_timer = 0;
272 r->idiag_retrans = 0;
273 r->idiag_expires = 0;
274
275 if (inet_diag_msg_attrs_fill(sk, skb, r, ext,
276 sk_user_ns(NETLINK_CB(cb->skb).sk),
277 net_admin))
278 goto errout;
279
280 if (ext & (1 << (INET_DIAG_MEMINFO - 1))) {
281 struct inet_diag_meminfo minfo = {
282 .idiag_rmem = sk_rmem_alloc_get(sk),
283 .idiag_wmem = READ_ONCE(sk->sk_wmem_queued),
284 .idiag_fmem = sk_forward_alloc_get(sk),
285 .idiag_tmem = sk_wmem_alloc_get(sk),
286 };
287
288 if (nla_put(skb, attrtype: INET_DIAG_MEMINFO, attrlen: sizeof(minfo), data: &minfo) < 0)
289 goto errout;
290 }
291
292 if (ext & (1 << (INET_DIAG_SKMEMINFO - 1)))
293 if (sock_diag_put_meminfo(sk, skb, attr: INET_DIAG_SKMEMINFO))
294 goto errout;
295
296 /*
297 * RAW sockets might have user-defined protocols assigned,
298 * so report the one supplied on socket creation.
299 */
300 if (sk->sk_type == SOCK_RAW) {
301 if (nla_put_u8(skb, attrtype: INET_DIAG_PROTOCOL, value: sk->sk_protocol))
302 goto errout;
303 }
304
305 if (!icsk) {
306 handler->idiag_get_info(sk, r, NULL);
307 goto out;
308 }
309
310 if (icsk->icsk_pending == ICSK_TIME_RETRANS ||
311 icsk->icsk_pending == ICSK_TIME_REO_TIMEOUT ||
312 icsk->icsk_pending == ICSK_TIME_LOSS_PROBE) {
313 r->idiag_timer = 1;
314 r->idiag_retrans = icsk->icsk_retransmits;
315 r->idiag_expires =
316 jiffies_delta_to_msecs(delta: icsk->icsk_timeout - jiffies);
317 } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
318 r->idiag_timer = 4;
319 r->idiag_retrans = icsk->icsk_probes_out;
320 r->idiag_expires =
321 jiffies_delta_to_msecs(delta: icsk->icsk_timeout - jiffies);
322 } else if (timer_pending(timer: &sk->sk_timer)) {
323 r->idiag_timer = 2;
324 r->idiag_retrans = icsk->icsk_probes_out;
325 r->idiag_expires =
326 jiffies_delta_to_msecs(delta: sk->sk_timer.expires - jiffies);
327 }
328
329 if ((ext & (1 << (INET_DIAG_INFO - 1))) && handler->idiag_info_size) {
330 attr = nla_reserve_64bit(skb, attrtype: INET_DIAG_INFO,
331 attrlen: handler->idiag_info_size,
332 padattr: INET_DIAG_PAD);
333 if (!attr)
334 goto errout;
335
336 info = nla_data(nla: attr);
337 }
338
339 if (ext & (1 << (INET_DIAG_CONG - 1))) {
340 int err = 0;
341
342 rcu_read_lock();
343 ca_ops = READ_ONCE(icsk->icsk_ca_ops);
344 if (ca_ops)
345 err = nla_put_string(skb, attrtype: INET_DIAG_CONG, str: ca_ops->name);
346 rcu_read_unlock();
347 if (err < 0)
348 goto errout;
349 }
350
351 handler->idiag_get_info(sk, r, info);
352
353 if (ext & (1 << (INET_DIAG_INFO - 1)) && handler->idiag_get_aux)
354 if (handler->idiag_get_aux(sk, net_admin, skb) < 0)
355 goto errout;
356
357 if (sk->sk_state < TCP_TIME_WAIT) {
358 union tcp_cc_info info;
359 size_t sz = 0;
360 int attr;
361
362 rcu_read_lock();
363 ca_ops = READ_ONCE(icsk->icsk_ca_ops);
364 if (ca_ops && ca_ops->get_info)
365 sz = ca_ops->get_info(sk, ext, &attr, &info);
366 rcu_read_unlock();
367 if (sz && nla_put(skb, attrtype: attr, attrlen: sz, data: &info) < 0)
368 goto errout;
369 }
370
371 /* Keep it at the end for potential retry with a larger skb,
372 * or else do best-effort fitting, which is only done for the
373 * first_nlmsg.
374 */
375 if (cb_data->bpf_stg_diag) {
376 bool first_nlmsg = ((unsigned char *)nlh == skb->data);
377 unsigned int prev_min_dump_alloc;
378 unsigned int total_nla_size = 0;
379 unsigned int msg_len;
380 int err;
381
382 msg_len = skb_tail_pointer(skb) - (unsigned char *)nlh;
383 err = bpf_sk_storage_diag_put(diag: cb_data->bpf_stg_diag, sk, skb,
384 stg_array_type: INET_DIAG_SK_BPF_STORAGES,
385 res_diag_size: &total_nla_size);
386
387 if (!err)
388 goto out;
389
390 total_nla_size += msg_len;
391 prev_min_dump_alloc = cb->min_dump_alloc;
392 if (total_nla_size > prev_min_dump_alloc)
393 cb->min_dump_alloc = min_t(u32, total_nla_size,
394 MAX_DUMP_ALLOC_SIZE);
395
396 if (!first_nlmsg)
397 goto errout;
398
399 if (cb->min_dump_alloc > prev_min_dump_alloc)
400 /* Retry with pskb_expand_head() with
401 * __GFP_DIRECT_RECLAIM
402 */
403 goto errout;
404
405 WARN_ON_ONCE(total_nla_size <= prev_min_dump_alloc);
406
407 /* Send what we have for this sk
408 * and move on to the next sk in the following
409 * dump()
410 */
411 }
412
413out:
414 nlmsg_end(skb, nlh);
415 return 0;
416
417errout:
418 nlmsg_cancel(skb, nlh);
419 return -EMSGSIZE;
420}
421EXPORT_SYMBOL_GPL(inet_sk_diag_fill);
422
423static int inet_twsk_diag_fill(struct sock *sk,
424 struct sk_buff *skb,
425 struct netlink_callback *cb,
426 u16 nlmsg_flags, bool net_admin)
427{
428 struct inet_timewait_sock *tw = inet_twsk(sk);
429 struct inet_diag_msg *r;
430 struct nlmsghdr *nlh;
431 long tmo;
432
433 nlh = nlmsg_put(skb, NETLINK_CB(cb->skb).portid,
434 seq: cb->nlh->nlmsg_seq, type: cb->nlh->nlmsg_type,
435 payload: sizeof(*r), flags: nlmsg_flags);
436 if (!nlh)
437 return -EMSGSIZE;
438
439 r = nlmsg_data(nlh);
440 BUG_ON(tw->tw_state != TCP_TIME_WAIT);
441
442 inet_diag_msg_common_fill(r, sk);
443 r->idiag_retrans = 0;
444
445 r->idiag_state = tw->tw_substate;
446 r->idiag_timer = 3;
447 tmo = tw->tw_timer.expires - jiffies;
448 r->idiag_expires = jiffies_delta_to_msecs(delta: tmo);
449 r->idiag_rqueue = 0;
450 r->idiag_wqueue = 0;
451 r->idiag_uid = 0;
452 r->idiag_inode = 0;
453
454 if (net_admin && nla_put_u32(skb, attrtype: INET_DIAG_MARK,
455 value: tw->tw_mark)) {
456 nlmsg_cancel(skb, nlh);
457 return -EMSGSIZE;
458 }
459
460 nlmsg_end(skb, nlh);
461 return 0;
462}
463
464static int inet_req_diag_fill(struct sock *sk, struct sk_buff *skb,
465 struct netlink_callback *cb,
466 u16 nlmsg_flags, bool net_admin)
467{
468 struct request_sock *reqsk = inet_reqsk(sk);
469 struct inet_diag_msg *r;
470 struct nlmsghdr *nlh;
471 long tmo;
472
473 nlh = nlmsg_put(skb, NETLINK_CB(cb->skb).portid, seq: cb->nlh->nlmsg_seq,
474 type: cb->nlh->nlmsg_type, payload: sizeof(*r), flags: nlmsg_flags);
475 if (!nlh)
476 return -EMSGSIZE;
477
478 r = nlmsg_data(nlh);
479 inet_diag_msg_common_fill(r, sk);
480 r->idiag_state = TCP_SYN_RECV;
481 r->idiag_timer = 1;
482 r->idiag_retrans = reqsk->num_retrans;
483
484 BUILD_BUG_ON(offsetof(struct inet_request_sock, ir_cookie) !=
485 offsetof(struct sock, sk_cookie));
486
487 tmo = inet_reqsk(sk)->rsk_timer.expires - jiffies;
488 r->idiag_expires = jiffies_delta_to_msecs(delta: tmo);
489 r->idiag_rqueue = 0;
490 r->idiag_wqueue = 0;
491 r->idiag_uid = 0;
492 r->idiag_inode = 0;
493
494 if (net_admin && nla_put_u32(skb, attrtype: INET_DIAG_MARK,
495 value: inet_rsk(sk: reqsk)->ir_mark)) {
496 nlmsg_cancel(skb, nlh);
497 return -EMSGSIZE;
498 }
499
500 nlmsg_end(skb, nlh);
501 return 0;
502}
503
504static int sk_diag_fill(struct sock *sk, struct sk_buff *skb,
505 struct netlink_callback *cb,
506 const struct inet_diag_req_v2 *r,
507 u16 nlmsg_flags, bool net_admin)
508{
509 if (sk->sk_state == TCP_TIME_WAIT)
510 return inet_twsk_diag_fill(sk, skb, cb, nlmsg_flags, net_admin);
511
512 if (sk->sk_state == TCP_NEW_SYN_RECV)
513 return inet_req_diag_fill(sk, skb, cb, nlmsg_flags, net_admin);
514
515 return inet_sk_diag_fill(sk, inet_csk(sk), skb, cb, r, nlmsg_flags,
516 net_admin);
517}
518
519struct sock *inet_diag_find_one_icsk(struct net *net,
520 struct inet_hashinfo *hashinfo,
521 const struct inet_diag_req_v2 *req)
522{
523 struct sock *sk;
524
525 rcu_read_lock();
526 if (req->sdiag_family == AF_INET)
527 sk = inet_lookup(net, hashinfo, NULL, doff: 0, saddr: req->id.idiag_dst[0],
528 sport: req->id.idiag_dport, daddr: req->id.idiag_src[0],
529 dport: req->id.idiag_sport, dif: req->id.idiag_if);
530#if IS_ENABLED(CONFIG_IPV6)
531 else if (req->sdiag_family == AF_INET6) {
532 if (ipv6_addr_v4mapped(a: (struct in6_addr *)req->id.idiag_dst) &&
533 ipv6_addr_v4mapped(a: (struct in6_addr *)req->id.idiag_src))
534 sk = inet_lookup(net, hashinfo, NULL, doff: 0, saddr: req->id.idiag_dst[3],
535 sport: req->id.idiag_dport, daddr: req->id.idiag_src[3],
536 dport: req->id.idiag_sport, dif: req->id.idiag_if);
537 else
538 sk = inet6_lookup(net, hashinfo, NULL, doff: 0,
539 saddr: (struct in6_addr *)req->id.idiag_dst,
540 sport: req->id.idiag_dport,
541 daddr: (struct in6_addr *)req->id.idiag_src,
542 dport: req->id.idiag_sport,
543 dif: req->id.idiag_if);
544 }
545#endif
546 else {
547 rcu_read_unlock();
548 return ERR_PTR(error: -EINVAL);
549 }
550 rcu_read_unlock();
551 if (!sk)
552 return ERR_PTR(error: -ENOENT);
553
554 if (sock_diag_check_cookie(sk, cookie: req->id.idiag_cookie)) {
555 sock_gen_put(sk);
556 return ERR_PTR(error: -ENOENT);
557 }
558
559 return sk;
560}
561EXPORT_SYMBOL_GPL(inet_diag_find_one_icsk);
562
563int inet_diag_dump_one_icsk(struct inet_hashinfo *hashinfo,
564 struct netlink_callback *cb,
565 const struct inet_diag_req_v2 *req)
566{
567 struct sk_buff *in_skb = cb->skb;
568 bool net_admin = netlink_net_capable(skb: in_skb, CAP_NET_ADMIN);
569 struct net *net = sock_net(sk: in_skb->sk);
570 struct sk_buff *rep;
571 struct sock *sk;
572 int err;
573
574 sk = inet_diag_find_one_icsk(net, hashinfo, req);
575 if (IS_ERR(ptr: sk))
576 return PTR_ERR(ptr: sk);
577
578 rep = nlmsg_new(payload: inet_sk_attr_size(sk, req, net_admin), GFP_KERNEL);
579 if (!rep) {
580 err = -ENOMEM;
581 goto out;
582 }
583
584 err = sk_diag_fill(sk, skb: rep, cb, r: req, nlmsg_flags: 0, net_admin);
585 if (err < 0) {
586 WARN_ON(err == -EMSGSIZE);
587 nlmsg_free(skb: rep);
588 goto out;
589 }
590 err = nlmsg_unicast(sk: net->diag_nlsk, skb: rep, NETLINK_CB(in_skb).portid);
591
592out:
593 if (sk)
594 sock_gen_put(sk);
595
596 return err;
597}
598EXPORT_SYMBOL_GPL(inet_diag_dump_one_icsk);
599
600static int inet_diag_cmd_exact(int cmd, struct sk_buff *in_skb,
601 const struct nlmsghdr *nlh,
602 int hdrlen,
603 const struct inet_diag_req_v2 *req)
604{
605 const struct inet_diag_handler *handler;
606 struct inet_diag_dump_data dump_data;
607 int err, protocol;
608
609 memset(&dump_data, 0, sizeof(dump_data));
610 err = inet_diag_parse_attrs(nlh, hdrlen, req_nlas: dump_data.req_nlas);
611 if (err)
612 return err;
613
614 protocol = inet_diag_get_protocol(req, data: &dump_data);
615
616 handler = inet_diag_lock_handler(proto: protocol);
617 if (!handler)
618 return -ENOENT;
619
620 if (cmd == SOCK_DIAG_BY_FAMILY) {
621 struct netlink_callback cb = {
622 .nlh = nlh,
623 .skb = in_skb,
624 .data = &dump_data,
625 };
626 err = handler->dump_one(&cb, req);
627 } else if (cmd == SOCK_DESTROY && handler->destroy) {
628 err = handler->destroy(in_skb, req);
629 } else {
630 err = -EOPNOTSUPP;
631 }
632 inet_diag_unlock_handler(handler);
633
634 return err;
635}
636
637static int bitstring_match(const __be32 *a1, const __be32 *a2, int bits)
638{
639 int words = bits >> 5;
640
641 bits &= 0x1f;
642
643 if (words) {
644 if (memcmp(p: a1, q: a2, size: words << 2))
645 return 0;
646 }
647 if (bits) {
648 __be32 w1, w2;
649 __be32 mask;
650
651 w1 = a1[words];
652 w2 = a2[words];
653
654 mask = htonl((0xffffffff) << (32 - bits));
655
656 if ((w1 ^ w2) & mask)
657 return 0;
658 }
659
660 return 1;
661}
662
663static int inet_diag_bc_run(const struct nlattr *_bc,
664 const struct inet_diag_entry *entry)
665{
666 const void *bc = nla_data(nla: _bc);
667 int len = nla_len(nla: _bc);
668
669 while (len > 0) {
670 int yes = 1;
671 const struct inet_diag_bc_op *op = bc;
672
673 switch (op->code) {
674 case INET_DIAG_BC_NOP:
675 break;
676 case INET_DIAG_BC_JMP:
677 yes = 0;
678 break;
679 case INET_DIAG_BC_S_EQ:
680 yes = entry->sport == op[1].no;
681 break;
682 case INET_DIAG_BC_S_GE:
683 yes = entry->sport >= op[1].no;
684 break;
685 case INET_DIAG_BC_S_LE:
686 yes = entry->sport <= op[1].no;
687 break;
688 case INET_DIAG_BC_D_EQ:
689 yes = entry->dport == op[1].no;
690 break;
691 case INET_DIAG_BC_D_GE:
692 yes = entry->dport >= op[1].no;
693 break;
694 case INET_DIAG_BC_D_LE:
695 yes = entry->dport <= op[1].no;
696 break;
697 case INET_DIAG_BC_AUTO:
698 yes = !(entry->userlocks & SOCK_BINDPORT_LOCK);
699 break;
700 case INET_DIAG_BC_S_COND:
701 case INET_DIAG_BC_D_COND: {
702 const struct inet_diag_hostcond *cond;
703 const __be32 *addr;
704
705 cond = (const struct inet_diag_hostcond *)(op + 1);
706 if (cond->port != -1 &&
707 cond->port != (op->code == INET_DIAG_BC_S_COND ?
708 entry->sport : entry->dport)) {
709 yes = 0;
710 break;
711 }
712
713 if (op->code == INET_DIAG_BC_S_COND)
714 addr = entry->saddr;
715 else
716 addr = entry->daddr;
717
718 if (cond->family != AF_UNSPEC &&
719 cond->family != entry->family) {
720 if (entry->family == AF_INET6 &&
721 cond->family == AF_INET) {
722 if (addr[0] == 0 && addr[1] == 0 &&
723 addr[2] == htonl(0xffff) &&
724 bitstring_match(a1: addr + 3,
725 a2: cond->addr,
726 bits: cond->prefix_len))
727 break;
728 }
729 yes = 0;
730 break;
731 }
732
733 if (cond->prefix_len == 0)
734 break;
735 if (bitstring_match(a1: addr, a2: cond->addr,
736 bits: cond->prefix_len))
737 break;
738 yes = 0;
739 break;
740 }
741 case INET_DIAG_BC_DEV_COND: {
742 u32 ifindex;
743
744 ifindex = *((const u32 *)(op + 1));
745 if (ifindex != entry->ifindex)
746 yes = 0;
747 break;
748 }
749 case INET_DIAG_BC_MARK_COND: {
750 struct inet_diag_markcond *cond;
751
752 cond = (struct inet_diag_markcond *)(op + 1);
753 if ((entry->mark & cond->mask) != cond->mark)
754 yes = 0;
755 break;
756 }
757#ifdef CONFIG_SOCK_CGROUP_DATA
758 case INET_DIAG_BC_CGROUP_COND: {
759 u64 cgroup_id;
760
761 cgroup_id = get_unaligned((const u64 *)(op + 1));
762 if (cgroup_id != entry->cgroup_id)
763 yes = 0;
764 break;
765 }
766#endif
767 }
768
769 if (yes) {
770 len -= op->yes;
771 bc += op->yes;
772 } else {
773 len -= op->no;
774 bc += op->no;
775 }
776 }
777 return len == 0;
778}
779
780/* This helper is available for all sockets (ESTABLISH, TIMEWAIT, SYN_RECV)
781 */
782static void entry_fill_addrs(struct inet_diag_entry *entry,
783 const struct sock *sk)
784{
785#if IS_ENABLED(CONFIG_IPV6)
786 if (sk->sk_family == AF_INET6) {
787 entry->saddr = sk->sk_v6_rcv_saddr.s6_addr32;
788 entry->daddr = sk->sk_v6_daddr.s6_addr32;
789 } else
790#endif
791 {
792 entry->saddr = &sk->sk_rcv_saddr;
793 entry->daddr = &sk->sk_daddr;
794 }
795}
796
797int inet_diag_bc_sk(const struct nlattr *bc, struct sock *sk)
798{
799 struct inet_sock *inet = inet_sk(sk);
800 struct inet_diag_entry entry;
801
802 if (!bc)
803 return 1;
804
805 entry.family = sk->sk_family;
806 entry_fill_addrs(entry: &entry, sk);
807 entry.sport = inet->inet_num;
808 entry.dport = ntohs(inet->inet_dport);
809 entry.ifindex = sk->sk_bound_dev_if;
810 entry.userlocks = sk_fullsock(sk) ? sk->sk_userlocks : 0;
811 if (sk_fullsock(sk))
812 entry.mark = READ_ONCE(sk->sk_mark);
813 else if (sk->sk_state == TCP_NEW_SYN_RECV)
814 entry.mark = inet_rsk(sk: inet_reqsk(sk))->ir_mark;
815 else if (sk->sk_state == TCP_TIME_WAIT)
816 entry.mark = inet_twsk(sk)->tw_mark;
817 else
818 entry.mark = 0;
819#ifdef CONFIG_SOCK_CGROUP_DATA
820 entry.cgroup_id = sk_fullsock(sk) ?
821 cgroup_id(cgrp: sock_cgroup_ptr(skcd: &sk->sk_cgrp_data)) : 0;
822#endif
823
824 return inet_diag_bc_run(bc: bc, entry: &entry);
825}
826EXPORT_SYMBOL_GPL(inet_diag_bc_sk);
827
828static int valid_cc(const void *bc, int len, int cc)
829{
830 while (len >= 0) {
831 const struct inet_diag_bc_op *op = bc;
832
833 if (cc > len)
834 return 0;
835 if (cc == len)
836 return 1;
837 if (op->yes < 4 || op->yes & 3)
838 return 0;
839 len -= op->yes;
840 bc += op->yes;
841 }
842 return 0;
843}
844
845/* data is u32 ifindex */
846static bool valid_devcond(const struct inet_diag_bc_op *op, int len,
847 int *min_len)
848{
849 /* Check ifindex space. */
850 *min_len += sizeof(u32);
851 if (len < *min_len)
852 return false;
853
854 return true;
855}
856/* Validate an inet_diag_hostcond. */
857static bool valid_hostcond(const struct inet_diag_bc_op *op, int len,
858 int *min_len)
859{
860 struct inet_diag_hostcond *cond;
861 int addr_len;
862
863 /* Check hostcond space. */
864 *min_len += sizeof(struct inet_diag_hostcond);
865 if (len < *min_len)
866 return false;
867 cond = (struct inet_diag_hostcond *)(op + 1);
868
869 /* Check address family and address length. */
870 switch (cond->family) {
871 case AF_UNSPEC:
872 addr_len = 0;
873 break;
874 case AF_INET:
875 addr_len = sizeof(struct in_addr);
876 break;
877 case AF_INET6:
878 addr_len = sizeof(struct in6_addr);
879 break;
880 default:
881 return false;
882 }
883 *min_len += addr_len;
884 if (len < *min_len)
885 return false;
886
887 /* Check prefix length (in bits) vs address length (in bytes). */
888 if (cond->prefix_len > 8 * addr_len)
889 return false;
890
891 return true;
892}
893
894/* Validate a port comparison operator. */
895static bool valid_port_comparison(const struct inet_diag_bc_op *op,
896 int len, int *min_len)
897{
898 /* Port comparisons put the port in a follow-on inet_diag_bc_op. */
899 *min_len += sizeof(struct inet_diag_bc_op);
900 if (len < *min_len)
901 return false;
902 return true;
903}
904
905static bool valid_markcond(const struct inet_diag_bc_op *op, int len,
906 int *min_len)
907{
908 *min_len += sizeof(struct inet_diag_markcond);
909 return len >= *min_len;
910}
911
912#ifdef CONFIG_SOCK_CGROUP_DATA
913static bool valid_cgroupcond(const struct inet_diag_bc_op *op, int len,
914 int *min_len)
915{
916 *min_len += sizeof(u64);
917 return len >= *min_len;
918}
919#endif
920
921static int inet_diag_bc_audit(const struct nlattr *attr,
922 const struct sk_buff *skb)
923{
924 bool net_admin = netlink_net_capable(skb, CAP_NET_ADMIN);
925 const void *bytecode, *bc;
926 int bytecode_len, len;
927
928 if (!attr || nla_len(nla: attr) < sizeof(struct inet_diag_bc_op))
929 return -EINVAL;
930
931 bytecode = bc = nla_data(nla: attr);
932 len = bytecode_len = nla_len(nla: attr);
933
934 while (len > 0) {
935 int min_len = sizeof(struct inet_diag_bc_op);
936 const struct inet_diag_bc_op *op = bc;
937
938 switch (op->code) {
939 case INET_DIAG_BC_S_COND:
940 case INET_DIAG_BC_D_COND:
941 if (!valid_hostcond(op: bc, len, min_len: &min_len))
942 return -EINVAL;
943 break;
944 case INET_DIAG_BC_DEV_COND:
945 if (!valid_devcond(op: bc, len, min_len: &min_len))
946 return -EINVAL;
947 break;
948 case INET_DIAG_BC_S_EQ:
949 case INET_DIAG_BC_S_GE:
950 case INET_DIAG_BC_S_LE:
951 case INET_DIAG_BC_D_EQ:
952 case INET_DIAG_BC_D_GE:
953 case INET_DIAG_BC_D_LE:
954 if (!valid_port_comparison(op: bc, len, min_len: &min_len))
955 return -EINVAL;
956 break;
957 case INET_DIAG_BC_MARK_COND:
958 if (!net_admin)
959 return -EPERM;
960 if (!valid_markcond(op: bc, len, min_len: &min_len))
961 return -EINVAL;
962 break;
963#ifdef CONFIG_SOCK_CGROUP_DATA
964 case INET_DIAG_BC_CGROUP_COND:
965 if (!valid_cgroupcond(op: bc, len, min_len: &min_len))
966 return -EINVAL;
967 break;
968#endif
969 case INET_DIAG_BC_AUTO:
970 case INET_DIAG_BC_JMP:
971 case INET_DIAG_BC_NOP:
972 break;
973 default:
974 return -EINVAL;
975 }
976
977 if (op->code != INET_DIAG_BC_NOP) {
978 if (op->no < min_len || op->no > len + 4 || op->no & 3)
979 return -EINVAL;
980 if (op->no < len &&
981 !valid_cc(bc: bytecode, len: bytecode_len, cc: len - op->no))
982 return -EINVAL;
983 }
984
985 if (op->yes < min_len || op->yes > len + 4 || op->yes & 3)
986 return -EINVAL;
987 bc += op->yes;
988 len -= op->yes;
989 }
990 return len == 0 ? 0 : -EINVAL;
991}
992
993static void twsk_build_assert(void)
994{
995 BUILD_BUG_ON(offsetof(struct inet_timewait_sock, tw_family) !=
996 offsetof(struct sock, sk_family));
997
998 BUILD_BUG_ON(offsetof(struct inet_timewait_sock, tw_num) !=
999 offsetof(struct inet_sock, inet_num));
1000
1001 BUILD_BUG_ON(offsetof(struct inet_timewait_sock, tw_dport) !=
1002 offsetof(struct inet_sock, inet_dport));
1003
1004 BUILD_BUG_ON(offsetof(struct inet_timewait_sock, tw_rcv_saddr) !=
1005 offsetof(struct inet_sock, inet_rcv_saddr));
1006
1007 BUILD_BUG_ON(offsetof(struct inet_timewait_sock, tw_daddr) !=
1008 offsetof(struct inet_sock, inet_daddr));
1009
1010#if IS_ENABLED(CONFIG_IPV6)
1011 BUILD_BUG_ON(offsetof(struct inet_timewait_sock, tw_v6_rcv_saddr) !=
1012 offsetof(struct sock, sk_v6_rcv_saddr));
1013
1014 BUILD_BUG_ON(offsetof(struct inet_timewait_sock, tw_v6_daddr) !=
1015 offsetof(struct sock, sk_v6_daddr));
1016#endif
1017}
1018
1019void inet_diag_dump_icsk(struct inet_hashinfo *hashinfo, struct sk_buff *skb,
1020 struct netlink_callback *cb,
1021 const struct inet_diag_req_v2 *r)
1022{
1023 bool net_admin = netlink_net_capable(skb: cb->skb, CAP_NET_ADMIN);
1024 struct inet_diag_dump_data *cb_data = cb->data;
1025 struct net *net = sock_net(sk: skb->sk);
1026 u32 idiag_states = r->idiag_states;
1027 int i, num, s_i, s_num;
1028 struct nlattr *bc;
1029 struct sock *sk;
1030
1031 bc = cb_data->inet_diag_nla_bc;
1032 if (idiag_states & TCPF_SYN_RECV)
1033 idiag_states |= TCPF_NEW_SYN_RECV;
1034 s_i = cb->args[1];
1035 s_num = num = cb->args[2];
1036
1037 if (cb->args[0] == 0) {
1038 if (!(idiag_states & TCPF_LISTEN) || r->id.idiag_dport)
1039 goto skip_listen_ht;
1040
1041 for (i = s_i; i <= hashinfo->lhash2_mask; i++) {
1042 struct inet_listen_hashbucket *ilb;
1043 struct hlist_nulls_node *node;
1044
1045 num = 0;
1046 ilb = &hashinfo->lhash2[i];
1047
1048 if (hlist_nulls_empty(h: &ilb->nulls_head)) {
1049 s_num = 0;
1050 continue;
1051 }
1052 spin_lock(lock: &ilb->lock);
1053 sk_nulls_for_each(sk, node, &ilb->nulls_head) {
1054 struct inet_sock *inet = inet_sk(sk);
1055
1056 if (!net_eq(net1: sock_net(sk), net2: net))
1057 continue;
1058
1059 if (num < s_num) {
1060 num++;
1061 continue;
1062 }
1063
1064 if (r->sdiag_family != AF_UNSPEC &&
1065 sk->sk_family != r->sdiag_family)
1066 goto next_listen;
1067
1068 if (r->id.idiag_sport != inet->inet_sport &&
1069 r->id.idiag_sport)
1070 goto next_listen;
1071
1072 if (!inet_diag_bc_sk(bc, sk))
1073 goto next_listen;
1074
1075 if (inet_sk_diag_fill(sk, inet_csk(sk), skb,
1076 cb, r, NLM_F_MULTI,
1077 net_admin) < 0) {
1078 spin_unlock(lock: &ilb->lock);
1079 goto done;
1080 }
1081
1082next_listen:
1083 ++num;
1084 }
1085 spin_unlock(lock: &ilb->lock);
1086
1087 s_num = 0;
1088 }
1089skip_listen_ht:
1090 cb->args[0] = 1;
1091 s_i = num = s_num = 0;
1092 }
1093
1094/* Process a maximum of SKARR_SZ sockets at a time when walking hash buckets
1095 * with bh disabled.
1096 */
1097#define SKARR_SZ 16
1098
1099 /* Dump bound but inactive (not listening, connecting, etc.) sockets */
1100 if (cb->args[0] == 1) {
1101 if (!(idiag_states & TCPF_BOUND_INACTIVE))
1102 goto skip_bind_ht;
1103
1104 for (i = s_i; i < hashinfo->bhash_size; i++) {
1105 struct inet_bind_hashbucket *ibb;
1106 struct inet_bind2_bucket *tb2;
1107 struct sock *sk_arr[SKARR_SZ];
1108 int num_arr[SKARR_SZ];
1109 int idx, accum, res;
1110
1111resume_bind_walk:
1112 num = 0;
1113 accum = 0;
1114 ibb = &hashinfo->bhash2[i];
1115
1116 if (hlist_empty(h: &ibb->chain)) {
1117 s_num = 0;
1118 continue;
1119 }
1120 spin_lock_bh(lock: &ibb->lock);
1121 inet_bind_bucket_for_each(tb2, &ibb->chain) {
1122 if (!net_eq(net1: ib2_net(ib: tb2), net2: net))
1123 continue;
1124
1125 sk_for_each_bound(sk, &tb2->owners) {
1126 struct inet_sock *inet = inet_sk(sk);
1127
1128 if (num < s_num)
1129 goto next_bind;
1130
1131 if (sk->sk_state != TCP_CLOSE ||
1132 !inet->inet_num)
1133 goto next_bind;
1134
1135 if (r->sdiag_family != AF_UNSPEC &&
1136 r->sdiag_family != sk->sk_family)
1137 goto next_bind;
1138
1139 if (!inet_diag_bc_sk(bc, sk))
1140 goto next_bind;
1141
1142 sock_hold(sk);
1143 num_arr[accum] = num;
1144 sk_arr[accum] = sk;
1145 if (++accum == SKARR_SZ)
1146 goto pause_bind_walk;
1147next_bind:
1148 num++;
1149 }
1150 }
1151pause_bind_walk:
1152 spin_unlock_bh(lock: &ibb->lock);
1153
1154 res = 0;
1155 for (idx = 0; idx < accum; idx++) {
1156 if (res >= 0) {
1157 res = inet_sk_diag_fill(sk_arr[idx],
1158 NULL, skb, cb,
1159 r, NLM_F_MULTI,
1160 net_admin);
1161 if (res < 0)
1162 num = num_arr[idx];
1163 }
1164 sock_put(sk: sk_arr[idx]);
1165 }
1166 if (res < 0)
1167 goto done;
1168
1169 cond_resched();
1170
1171 if (accum == SKARR_SZ) {
1172 s_num = num + 1;
1173 goto resume_bind_walk;
1174 }
1175
1176 s_num = 0;
1177 }
1178skip_bind_ht:
1179 cb->args[0] = 2;
1180 s_i = num = s_num = 0;
1181 }
1182
1183 if (!(idiag_states & ~TCPF_LISTEN))
1184 goto out;
1185
1186 for (i = s_i; i <= hashinfo->ehash_mask; i++) {
1187 struct inet_ehash_bucket *head = &hashinfo->ehash[i];
1188 spinlock_t *lock = inet_ehash_lockp(hashinfo, hash: i);
1189 struct hlist_nulls_node *node;
1190 struct sock *sk_arr[SKARR_SZ];
1191 int num_arr[SKARR_SZ];
1192 int idx, accum, res;
1193
1194 if (hlist_nulls_empty(h: &head->chain))
1195 continue;
1196
1197 if (i > s_i)
1198 s_num = 0;
1199
1200next_chunk:
1201 num = 0;
1202 accum = 0;
1203 spin_lock_bh(lock);
1204 sk_nulls_for_each(sk, node, &head->chain) {
1205 int state;
1206
1207 if (!net_eq(net1: sock_net(sk), net2: net))
1208 continue;
1209 if (num < s_num)
1210 goto next_normal;
1211 state = (sk->sk_state == TCP_TIME_WAIT) ?
1212 inet_twsk(sk)->tw_substate : sk->sk_state;
1213 if (!(idiag_states & (1 << state)))
1214 goto next_normal;
1215 if (r->sdiag_family != AF_UNSPEC &&
1216 sk->sk_family != r->sdiag_family)
1217 goto next_normal;
1218 if (r->id.idiag_sport != htons(sk->sk_num) &&
1219 r->id.idiag_sport)
1220 goto next_normal;
1221 if (r->id.idiag_dport != sk->sk_dport &&
1222 r->id.idiag_dport)
1223 goto next_normal;
1224 twsk_build_assert();
1225
1226 if (!inet_diag_bc_sk(bc, sk))
1227 goto next_normal;
1228
1229 if (!refcount_inc_not_zero(r: &sk->sk_refcnt))
1230 goto next_normal;
1231
1232 num_arr[accum] = num;
1233 sk_arr[accum] = sk;
1234 if (++accum == SKARR_SZ)
1235 break;
1236next_normal:
1237 ++num;
1238 }
1239 spin_unlock_bh(lock);
1240 res = 0;
1241 for (idx = 0; idx < accum; idx++) {
1242 if (res >= 0) {
1243 res = sk_diag_fill(sk: sk_arr[idx], skb, cb, r,
1244 NLM_F_MULTI, net_admin);
1245 if (res < 0)
1246 num = num_arr[idx];
1247 }
1248 sock_gen_put(sk: sk_arr[idx]);
1249 }
1250 if (res < 0)
1251 break;
1252 cond_resched();
1253 if (accum == SKARR_SZ) {
1254 s_num = num + 1;
1255 goto next_chunk;
1256 }
1257 }
1258
1259done:
1260 cb->args[1] = i;
1261 cb->args[2] = num;
1262out:
1263 ;
1264}
1265EXPORT_SYMBOL_GPL(inet_diag_dump_icsk);
1266
1267static int __inet_diag_dump(struct sk_buff *skb, struct netlink_callback *cb,
1268 const struct inet_diag_req_v2 *r)
1269{
1270 struct inet_diag_dump_data *cb_data = cb->data;
1271 const struct inet_diag_handler *handler;
1272 u32 prev_min_dump_alloc;
1273 int protocol, err = 0;
1274
1275 protocol = inet_diag_get_protocol(req: r, data: cb_data);
1276
1277again:
1278 prev_min_dump_alloc = cb->min_dump_alloc;
1279 handler = inet_diag_lock_handler(proto: protocol);
1280 if (handler) {
1281 handler->dump(skb, cb, r);
1282 inet_diag_unlock_handler(handler);
1283 } else {
1284 err = -ENOENT;
1285 }
1286 /* The skb is not large enough to fit one sk info and
1287 * inet_sk_diag_fill() has requested for a larger skb.
1288 */
1289 if (!skb->len && cb->min_dump_alloc > prev_min_dump_alloc) {
1290 err = pskb_expand_head(skb, nhead: 0, ntail: cb->min_dump_alloc, GFP_KERNEL);
1291 if (!err)
1292 goto again;
1293 }
1294
1295 return err ? : skb->len;
1296}
1297
1298static int inet_diag_dump(struct sk_buff *skb, struct netlink_callback *cb)
1299{
1300 return __inet_diag_dump(skb, cb, r: nlmsg_data(nlh: cb->nlh));
1301}
1302
1303static int __inet_diag_dump_start(struct netlink_callback *cb, int hdrlen)
1304{
1305 const struct nlmsghdr *nlh = cb->nlh;
1306 struct inet_diag_dump_data *cb_data;
1307 struct sk_buff *skb = cb->skb;
1308 struct nlattr *nla;
1309 int err;
1310
1311 cb_data = kzalloc(size: sizeof(*cb_data), GFP_KERNEL);
1312 if (!cb_data)
1313 return -ENOMEM;
1314
1315 err = inet_diag_parse_attrs(nlh, hdrlen, req_nlas: cb_data->req_nlas);
1316 if (err) {
1317 kfree(objp: cb_data);
1318 return err;
1319 }
1320 nla = cb_data->inet_diag_nla_bc;
1321 if (nla) {
1322 err = inet_diag_bc_audit(attr: nla, skb);
1323 if (err) {
1324 kfree(objp: cb_data);
1325 return err;
1326 }
1327 }
1328
1329 nla = cb_data->inet_diag_nla_bpf_stgs;
1330 if (nla) {
1331 struct bpf_sk_storage_diag *bpf_stg_diag;
1332
1333 bpf_stg_diag = bpf_sk_storage_diag_alloc(nla_stgs: nla);
1334 if (IS_ERR(ptr: bpf_stg_diag)) {
1335 kfree(objp: cb_data);
1336 return PTR_ERR(ptr: bpf_stg_diag);
1337 }
1338 cb_data->bpf_stg_diag = bpf_stg_diag;
1339 }
1340
1341 cb->data = cb_data;
1342 return 0;
1343}
1344
1345static int inet_diag_dump_start(struct netlink_callback *cb)
1346{
1347 return __inet_diag_dump_start(cb, hdrlen: sizeof(struct inet_diag_req_v2));
1348}
1349
1350static int inet_diag_dump_start_compat(struct netlink_callback *cb)
1351{
1352 return __inet_diag_dump_start(cb, hdrlen: sizeof(struct inet_diag_req));
1353}
1354
1355static int inet_diag_dump_done(struct netlink_callback *cb)
1356{
1357 struct inet_diag_dump_data *cb_data = cb->data;
1358
1359 bpf_sk_storage_diag_free(diag: cb_data->bpf_stg_diag);
1360 kfree(objp: cb->data);
1361
1362 return 0;
1363}
1364
1365static int inet_diag_type2proto(int type)
1366{
1367 switch (type) {
1368 case TCPDIAG_GETSOCK:
1369 return IPPROTO_TCP;
1370 case DCCPDIAG_GETSOCK:
1371 return IPPROTO_DCCP;
1372 default:
1373 return 0;
1374 }
1375}
1376
1377static int inet_diag_dump_compat(struct sk_buff *skb,
1378 struct netlink_callback *cb)
1379{
1380 struct inet_diag_req *rc = nlmsg_data(nlh: cb->nlh);
1381 struct inet_diag_req_v2 req;
1382
1383 req.sdiag_family = AF_UNSPEC; /* compatibility */
1384 req.sdiag_protocol = inet_diag_type2proto(type: cb->nlh->nlmsg_type);
1385 req.idiag_ext = rc->idiag_ext;
1386 req.idiag_states = rc->idiag_states;
1387 req.id = rc->id;
1388
1389 return __inet_diag_dump(skb, cb, r: &req);
1390}
1391
1392static int inet_diag_get_exact_compat(struct sk_buff *in_skb,
1393 const struct nlmsghdr *nlh)
1394{
1395 struct inet_diag_req *rc = nlmsg_data(nlh);
1396 struct inet_diag_req_v2 req;
1397
1398 req.sdiag_family = rc->idiag_family;
1399 req.sdiag_protocol = inet_diag_type2proto(type: nlh->nlmsg_type);
1400 req.idiag_ext = rc->idiag_ext;
1401 req.idiag_states = rc->idiag_states;
1402 req.id = rc->id;
1403
1404 return inet_diag_cmd_exact(SOCK_DIAG_BY_FAMILY, in_skb, nlh,
1405 hdrlen: sizeof(struct inet_diag_req), req: &req);
1406}
1407
1408static int inet_diag_rcv_msg_compat(struct sk_buff *skb, struct nlmsghdr *nlh)
1409{
1410 int hdrlen = sizeof(struct inet_diag_req);
1411 struct net *net = sock_net(sk: skb->sk);
1412
1413 if (nlh->nlmsg_type >= INET_DIAG_GETSOCK_MAX ||
1414 nlmsg_len(nlh) < hdrlen)
1415 return -EINVAL;
1416
1417 if (nlh->nlmsg_flags & NLM_F_DUMP) {
1418 struct netlink_dump_control c = {
1419 .start = inet_diag_dump_start_compat,
1420 .done = inet_diag_dump_done,
1421 .dump = inet_diag_dump_compat,
1422 };
1423 return netlink_dump_start(ssk: net->diag_nlsk, skb, nlh, control: &c);
1424 }
1425
1426 return inet_diag_get_exact_compat(in_skb: skb, nlh);
1427}
1428
1429static int inet_diag_handler_cmd(struct sk_buff *skb, struct nlmsghdr *h)
1430{
1431 int hdrlen = sizeof(struct inet_diag_req_v2);
1432 struct net *net = sock_net(sk: skb->sk);
1433
1434 if (nlmsg_len(nlh: h) < hdrlen)
1435 return -EINVAL;
1436
1437 if (h->nlmsg_type == SOCK_DIAG_BY_FAMILY &&
1438 h->nlmsg_flags & NLM_F_DUMP) {
1439 struct netlink_dump_control c = {
1440 .start = inet_diag_dump_start,
1441 .done = inet_diag_dump_done,
1442 .dump = inet_diag_dump,
1443 };
1444 return netlink_dump_start(ssk: net->diag_nlsk, skb, nlh: h, control: &c);
1445 }
1446
1447 return inet_diag_cmd_exact(cmd: h->nlmsg_type, in_skb: skb, nlh: h, hdrlen,
1448 req: nlmsg_data(nlh: h));
1449}
1450
1451static
1452int inet_diag_handler_get_info(struct sk_buff *skb, struct sock *sk)
1453{
1454 const struct inet_diag_handler *handler;
1455 struct nlmsghdr *nlh;
1456 struct nlattr *attr;
1457 struct inet_diag_msg *r;
1458 void *info = NULL;
1459 int err = 0;
1460
1461 nlh = nlmsg_put(skb, portid: 0, seq: 0, SOCK_DIAG_BY_FAMILY, payload: sizeof(*r), flags: 0);
1462 if (!nlh)
1463 return -ENOMEM;
1464
1465 r = nlmsg_data(nlh);
1466 memset(r, 0, sizeof(*r));
1467 inet_diag_msg_common_fill(r, sk);
1468 if (sk->sk_type == SOCK_DGRAM || sk->sk_type == SOCK_STREAM)
1469 r->id.idiag_sport = inet_sk(sk)->inet_sport;
1470 r->idiag_state = sk->sk_state;
1471
1472 if ((err = nla_put_u8(skb, attrtype: INET_DIAG_PROTOCOL, value: sk->sk_protocol))) {
1473 nlmsg_cancel(skb, nlh);
1474 return err;
1475 }
1476
1477 handler = inet_diag_lock_handler(proto: sk->sk_protocol);
1478 if (!handler) {
1479 nlmsg_cancel(skb, nlh);
1480 return -ENOENT;
1481 }
1482
1483 attr = handler->idiag_info_size
1484 ? nla_reserve_64bit(skb, attrtype: INET_DIAG_INFO,
1485 attrlen: handler->idiag_info_size,
1486 padattr: INET_DIAG_PAD)
1487 : NULL;
1488 if (attr)
1489 info = nla_data(nla: attr);
1490
1491 handler->idiag_get_info(sk, r, info);
1492 inet_diag_unlock_handler(handler);
1493
1494 nlmsg_end(skb, nlh);
1495 return 0;
1496}
1497
1498static const struct sock_diag_handler inet_diag_handler = {
1499 .owner = THIS_MODULE,
1500 .family = AF_INET,
1501 .dump = inet_diag_handler_cmd,
1502 .get_info = inet_diag_handler_get_info,
1503 .destroy = inet_diag_handler_cmd,
1504};
1505
1506static const struct sock_diag_handler inet6_diag_handler = {
1507 .owner = THIS_MODULE,
1508 .family = AF_INET6,
1509 .dump = inet_diag_handler_cmd,
1510 .get_info = inet_diag_handler_get_info,
1511 .destroy = inet_diag_handler_cmd,
1512};
1513
1514int inet_diag_register(const struct inet_diag_handler *h)
1515{
1516 const __u16 type = h->idiag_type;
1517
1518 if (type >= IPPROTO_MAX)
1519 return -EINVAL;
1520
1521 return !cmpxchg((const struct inet_diag_handler **)&inet_diag_table[type],
1522 NULL, h) ? 0 : -EEXIST;
1523}
1524EXPORT_SYMBOL_GPL(inet_diag_register);
1525
1526void inet_diag_unregister(const struct inet_diag_handler *h)
1527{
1528 const __u16 type = h->idiag_type;
1529
1530 if (type >= IPPROTO_MAX)
1531 return;
1532
1533 xchg((const struct inet_diag_handler **)&inet_diag_table[type],
1534 NULL);
1535}
1536EXPORT_SYMBOL_GPL(inet_diag_unregister);
1537
1538static const struct sock_diag_inet_compat inet_diag_compat = {
1539 .owner = THIS_MODULE,
1540 .fn = inet_diag_rcv_msg_compat,
1541};
1542
1543static int __init inet_diag_init(void)
1544{
1545 const int inet_diag_table_size = (IPPROTO_MAX *
1546 sizeof(struct inet_diag_handler *));
1547 int err = -ENOMEM;
1548
1549 inet_diag_table = kzalloc(size: inet_diag_table_size, GFP_KERNEL);
1550 if (!inet_diag_table)
1551 goto out;
1552
1553 err = sock_diag_register(h: &inet_diag_handler);
1554 if (err)
1555 goto out_free_nl;
1556
1557 err = sock_diag_register(h: &inet6_diag_handler);
1558 if (err)
1559 goto out_free_inet;
1560
1561 sock_diag_register_inet_compat(ptr: &inet_diag_compat);
1562out:
1563 return err;
1564
1565out_free_inet:
1566 sock_diag_unregister(h: &inet_diag_handler);
1567out_free_nl:
1568 kfree(objp: inet_diag_table);
1569 goto out;
1570}
1571
1572static void __exit inet_diag_exit(void)
1573{
1574 sock_diag_unregister(h: &inet6_diag_handler);
1575 sock_diag_unregister(h: &inet_diag_handler);
1576 sock_diag_unregister_inet_compat(ptr: &inet_diag_compat);
1577 kfree(objp: inet_diag_table);
1578}
1579
1580module_init(inet_diag_init);
1581module_exit(inet_diag_exit);
1582MODULE_LICENSE("GPL");
1583MODULE_DESCRIPTION("INET/INET6: socket monitoring via SOCK_DIAG");
1584MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_NETLINK, NETLINK_SOCK_DIAG, 2 /* AF_INET */);
1585MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_NETLINK, NETLINK_SOCK_DIAG, 10 /* AF_INET6 */);
1586

source code of linux/net/ipv4/inet_diag.c