1 | // SPDX-License-Identifier: GPL-2.0-or-later |
2 | /* |
3 | * inet_diag.c Module for monitoring INET transport protocols sockets. |
4 | * |
5 | * Authors: Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru> |
6 | */ |
7 | |
8 | #include <linux/kernel.h> |
9 | #include <linux/module.h> |
10 | #include <linux/types.h> |
11 | #include <linux/fcntl.h> |
12 | #include <linux/random.h> |
13 | #include <linux/slab.h> |
14 | #include <linux/cache.h> |
15 | #include <linux/init.h> |
16 | #include <linux/time.h> |
17 | |
18 | #include <net/icmp.h> |
19 | #include <net/tcp.h> |
20 | #include <net/ipv6.h> |
21 | #include <net/inet_common.h> |
22 | #include <net/inet_connection_sock.h> |
23 | #include <net/inet_hashtables.h> |
24 | #include <net/inet_timewait_sock.h> |
25 | #include <net/inet6_hashtables.h> |
26 | #include <net/bpf_sk_storage.h> |
27 | #include <net/netlink.h> |
28 | |
29 | #include <linux/inet.h> |
30 | #include <linux/stddef.h> |
31 | |
32 | #include <linux/inet_diag.h> |
33 | #include <linux/sock_diag.h> |
34 | |
35 | static const struct inet_diag_handler __rcu **inet_diag_table; |
36 | |
37 | struct inet_diag_entry { |
38 | const __be32 *saddr; |
39 | const __be32 *daddr; |
40 | u16 sport; |
41 | u16 dport; |
42 | u16 family; |
43 | u16 userlocks; |
44 | u32 ifindex; |
45 | u32 mark; |
46 | #ifdef CONFIG_SOCK_CGROUP_DATA |
47 | u64 cgroup_id; |
48 | #endif |
49 | }; |
50 | |
51 | static const struct inet_diag_handler *inet_diag_lock_handler(int proto) |
52 | { |
53 | const struct inet_diag_handler *handler; |
54 | |
55 | if (proto < 0 || proto >= IPPROTO_MAX) |
56 | return NULL; |
57 | |
58 | if (!READ_ONCE(inet_diag_table[proto])) |
59 | sock_load_diag_module(AF_INET, protocol: proto); |
60 | |
61 | rcu_read_lock(); |
62 | handler = rcu_dereference(inet_diag_table[proto]); |
63 | if (handler && !try_module_get(module: handler->owner)) |
64 | handler = NULL; |
65 | rcu_read_unlock(); |
66 | |
67 | return handler; |
68 | } |
69 | |
70 | static void inet_diag_unlock_handler(const struct inet_diag_handler *handler) |
71 | { |
72 | module_put(module: handler->owner); |
73 | } |
74 | |
75 | void inet_diag_msg_common_fill(struct inet_diag_msg *r, struct sock *sk) |
76 | { |
77 | r->idiag_family = sk->sk_family; |
78 | |
79 | r->id.idiag_sport = htons(sk->sk_num); |
80 | r->id.idiag_dport = sk->sk_dport; |
81 | r->id.idiag_if = sk->sk_bound_dev_if; |
82 | sock_diag_save_cookie(sk, cookie: r->id.idiag_cookie); |
83 | |
84 | #if IS_ENABLED(CONFIG_IPV6) |
85 | if (sk->sk_family == AF_INET6) { |
86 | *(struct in6_addr *)r->id.idiag_src = sk->sk_v6_rcv_saddr; |
87 | *(struct in6_addr *)r->id.idiag_dst = sk->sk_v6_daddr; |
88 | } else |
89 | #endif |
90 | { |
91 | memset(&r->id.idiag_src, 0, sizeof(r->id.idiag_src)); |
92 | memset(&r->id.idiag_dst, 0, sizeof(r->id.idiag_dst)); |
93 | |
94 | r->id.idiag_src[0] = sk->sk_rcv_saddr; |
95 | r->id.idiag_dst[0] = sk->sk_daddr; |
96 | } |
97 | } |
98 | EXPORT_SYMBOL_GPL(inet_diag_msg_common_fill); |
99 | |
100 | static size_t inet_sk_attr_size(struct sock *sk, |
101 | const struct inet_diag_req_v2 *req, |
102 | bool net_admin) |
103 | { |
104 | const struct inet_diag_handler *handler; |
105 | size_t aux = 0; |
106 | |
107 | rcu_read_lock(); |
108 | handler = rcu_dereference(inet_diag_table[req->sdiag_protocol]); |
109 | DEBUG_NET_WARN_ON_ONCE(!handler); |
110 | if (handler && handler->idiag_get_aux_size) |
111 | aux = handler->idiag_get_aux_size(sk, net_admin); |
112 | rcu_read_unlock(); |
113 | |
114 | return nla_total_size(payload: sizeof(struct tcp_info)) |
115 | + nla_total_size(payload: sizeof(struct inet_diag_msg)) |
116 | + inet_diag_msg_attrs_size() |
117 | + nla_total_size(payload: sizeof(struct inet_diag_meminfo)) |
118 | + nla_total_size(payload: SK_MEMINFO_VARS * sizeof(u32)) |
119 | + nla_total_size(TCP_CA_NAME_MAX) |
120 | + nla_total_size(payload: sizeof(struct tcpvegas_info)) |
121 | + aux |
122 | + 64; |
123 | } |
124 | |
125 | int inet_diag_msg_attrs_fill(struct sock *sk, struct sk_buff *skb, |
126 | struct inet_diag_msg *r, int ext, |
127 | struct user_namespace *user_ns, |
128 | bool net_admin) |
129 | { |
130 | const struct inet_sock *inet = inet_sk(sk); |
131 | struct inet_diag_sockopt inet_sockopt; |
132 | |
133 | if (nla_put_u8(skb, attrtype: INET_DIAG_SHUTDOWN, value: sk->sk_shutdown)) |
134 | goto errout; |
135 | |
136 | /* IPv6 dual-stack sockets use inet->tos for IPv4 connections, |
137 | * hence this needs to be included regardless of socket family. |
138 | */ |
139 | if (ext & (1 << (INET_DIAG_TOS - 1))) |
140 | if (nla_put_u8(skb, attrtype: INET_DIAG_TOS, READ_ONCE(inet->tos)) < 0) |
141 | goto errout; |
142 | |
143 | #if IS_ENABLED(CONFIG_IPV6) |
144 | if (r->idiag_family == AF_INET6) { |
145 | if (ext & (1 << (INET_DIAG_TCLASS - 1))) |
146 | if (nla_put_u8(skb, attrtype: INET_DIAG_TCLASS, |
147 | value: inet6_sk(sk: sk)->tclass) < 0) |
148 | goto errout; |
149 | |
150 | if (((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE)) && |
151 | nla_put_u8(skb, attrtype: INET_DIAG_SKV6ONLY, ipv6_only_sock(sk))) |
152 | goto errout; |
153 | } |
154 | #endif |
155 | |
156 | if (net_admin && nla_put_u32(skb, attrtype: INET_DIAG_MARK, READ_ONCE(sk->sk_mark))) |
157 | goto errout; |
158 | |
159 | if (ext & (1 << (INET_DIAG_CLASS_ID - 1)) || |
160 | ext & (1 << (INET_DIAG_TCLASS - 1))) { |
161 | u32 classid = 0; |
162 | |
163 | #ifdef CONFIG_SOCK_CGROUP_DATA |
164 | classid = sock_cgroup_classid(skcd: &sk->sk_cgrp_data); |
165 | #endif |
166 | /* Fallback to socket priority if class id isn't set. |
167 | * Classful qdiscs use it as direct reference to class. |
168 | * For cgroup2 classid is always zero. |
169 | */ |
170 | if (!classid) |
171 | classid = READ_ONCE(sk->sk_priority); |
172 | |
173 | if (nla_put_u32(skb, attrtype: INET_DIAG_CLASS_ID, value: classid)) |
174 | goto errout; |
175 | } |
176 | |
177 | #ifdef CONFIG_SOCK_CGROUP_DATA |
178 | if (nla_put_u64_64bit(skb, attrtype: INET_DIAG_CGROUP_ID, |
179 | value: cgroup_id(cgrp: sock_cgroup_ptr(skcd: &sk->sk_cgrp_data)), |
180 | padattr: INET_DIAG_PAD)) |
181 | goto errout; |
182 | #endif |
183 | |
184 | r->idiag_uid = from_kuid_munged(to: user_ns, uid: sock_i_uid(sk)); |
185 | r->idiag_inode = sock_i_ino(sk); |
186 | |
187 | memset(&inet_sockopt, 0, sizeof(inet_sockopt)); |
188 | inet_sockopt.recverr = inet_test_bit(RECVERR, sk); |
189 | inet_sockopt.is_icsk = inet_test_bit(IS_ICSK, sk); |
190 | inet_sockopt.freebind = inet_test_bit(FREEBIND, sk); |
191 | inet_sockopt.hdrincl = inet_test_bit(HDRINCL, sk); |
192 | inet_sockopt.mc_loop = inet_test_bit(MC_LOOP, sk); |
193 | inet_sockopt.transparent = inet_test_bit(TRANSPARENT, sk); |
194 | inet_sockopt.mc_all = inet_test_bit(MC_ALL, sk); |
195 | inet_sockopt.nodefrag = inet_test_bit(NODEFRAG, sk); |
196 | inet_sockopt.bind_address_no_port = inet_test_bit(BIND_ADDRESS_NO_PORT, sk); |
197 | inet_sockopt.recverr_rfc4884 = inet_test_bit(RECVERR_RFC4884, sk); |
198 | inet_sockopt.defer_connect = inet_test_bit(DEFER_CONNECT, sk); |
199 | if (nla_put(skb, attrtype: INET_DIAG_SOCKOPT, attrlen: sizeof(inet_sockopt), |
200 | data: &inet_sockopt)) |
201 | goto errout; |
202 | |
203 | return 0; |
204 | errout: |
205 | return 1; |
206 | } |
207 | EXPORT_SYMBOL_GPL(inet_diag_msg_attrs_fill); |
208 | |
209 | static int inet_diag_parse_attrs(const struct nlmsghdr *nlh, int hdrlen, |
210 | struct nlattr **req_nlas) |
211 | { |
212 | struct nlattr *nla; |
213 | int remaining; |
214 | |
215 | nlmsg_for_each_attr(nla, nlh, hdrlen, remaining) { |
216 | int type = nla_type(nla); |
217 | |
218 | if (type == INET_DIAG_REQ_PROTOCOL && nla_len(nla) != sizeof(u32)) |
219 | return -EINVAL; |
220 | |
221 | if (type < __INET_DIAG_REQ_MAX) |
222 | req_nlas[type] = nla; |
223 | } |
224 | return 0; |
225 | } |
226 | |
227 | static int inet_diag_get_protocol(const struct inet_diag_req_v2 *req, |
228 | const struct inet_diag_dump_data *data) |
229 | { |
230 | if (data->req_nlas[INET_DIAG_REQ_PROTOCOL]) |
231 | return nla_get_u32(nla: data->req_nlas[INET_DIAG_REQ_PROTOCOL]); |
232 | return req->sdiag_protocol; |
233 | } |
234 | |
235 | #define MAX_DUMP_ALLOC_SIZE (KMALLOC_MAX_SIZE - SKB_DATA_ALIGN(sizeof(struct skb_shared_info))) |
236 | |
237 | int inet_sk_diag_fill(struct sock *sk, struct inet_connection_sock *icsk, |
238 | struct sk_buff *skb, struct netlink_callback *cb, |
239 | const struct inet_diag_req_v2 *req, |
240 | u16 nlmsg_flags, bool net_admin) |
241 | { |
242 | const struct tcp_congestion_ops *ca_ops; |
243 | const struct inet_diag_handler *handler; |
244 | struct inet_diag_dump_data *cb_data; |
245 | int ext = req->idiag_ext; |
246 | struct inet_diag_msg *r; |
247 | struct nlmsghdr *nlh; |
248 | struct nlattr *attr; |
249 | void *info = NULL; |
250 | int protocol; |
251 | |
252 | cb_data = cb->data; |
253 | protocol = inet_diag_get_protocol(req, data: cb_data); |
254 | |
255 | /* inet_diag_lock_handler() made sure inet_diag_table[] is stable. */ |
256 | handler = rcu_dereference_protected(inet_diag_table[protocol], 1); |
257 | DEBUG_NET_WARN_ON_ONCE(!handler); |
258 | if (!handler) |
259 | return -ENXIO; |
260 | |
261 | nlh = nlmsg_put(skb, NETLINK_CB(cb->skb).portid, seq: cb->nlh->nlmsg_seq, |
262 | type: cb->nlh->nlmsg_type, payload: sizeof(*r), flags: nlmsg_flags); |
263 | if (!nlh) |
264 | return -EMSGSIZE; |
265 | |
266 | r = nlmsg_data(nlh); |
267 | BUG_ON(!sk_fullsock(sk)); |
268 | |
269 | inet_diag_msg_common_fill(r, sk); |
270 | r->idiag_state = sk->sk_state; |
271 | r->idiag_timer = 0; |
272 | r->idiag_retrans = 0; |
273 | r->idiag_expires = 0; |
274 | |
275 | if (inet_diag_msg_attrs_fill(sk, skb, r, ext, |
276 | sk_user_ns(NETLINK_CB(cb->skb).sk), |
277 | net_admin)) |
278 | goto errout; |
279 | |
280 | if (ext & (1 << (INET_DIAG_MEMINFO - 1))) { |
281 | struct inet_diag_meminfo minfo = { |
282 | .idiag_rmem = sk_rmem_alloc_get(sk), |
283 | .idiag_wmem = READ_ONCE(sk->sk_wmem_queued), |
284 | .idiag_fmem = sk_forward_alloc_get(sk), |
285 | .idiag_tmem = sk_wmem_alloc_get(sk), |
286 | }; |
287 | |
288 | if (nla_put(skb, attrtype: INET_DIAG_MEMINFO, attrlen: sizeof(minfo), data: &minfo) < 0) |
289 | goto errout; |
290 | } |
291 | |
292 | if (ext & (1 << (INET_DIAG_SKMEMINFO - 1))) |
293 | if (sock_diag_put_meminfo(sk, skb, attr: INET_DIAG_SKMEMINFO)) |
294 | goto errout; |
295 | |
296 | /* |
297 | * RAW sockets might have user-defined protocols assigned, |
298 | * so report the one supplied on socket creation. |
299 | */ |
300 | if (sk->sk_type == SOCK_RAW) { |
301 | if (nla_put_u8(skb, attrtype: INET_DIAG_PROTOCOL, value: sk->sk_protocol)) |
302 | goto errout; |
303 | } |
304 | |
305 | if (!icsk) { |
306 | handler->idiag_get_info(sk, r, NULL); |
307 | goto out; |
308 | } |
309 | |
310 | if (icsk->icsk_pending == ICSK_TIME_RETRANS || |
311 | icsk->icsk_pending == ICSK_TIME_REO_TIMEOUT || |
312 | icsk->icsk_pending == ICSK_TIME_LOSS_PROBE) { |
313 | r->idiag_timer = 1; |
314 | r->idiag_retrans = icsk->icsk_retransmits; |
315 | r->idiag_expires = |
316 | jiffies_delta_to_msecs(delta: icsk->icsk_timeout - jiffies); |
317 | } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) { |
318 | r->idiag_timer = 4; |
319 | r->idiag_retrans = icsk->icsk_probes_out; |
320 | r->idiag_expires = |
321 | jiffies_delta_to_msecs(delta: icsk->icsk_timeout - jiffies); |
322 | } else if (timer_pending(timer: &sk->sk_timer)) { |
323 | r->idiag_timer = 2; |
324 | r->idiag_retrans = icsk->icsk_probes_out; |
325 | r->idiag_expires = |
326 | jiffies_delta_to_msecs(delta: sk->sk_timer.expires - jiffies); |
327 | } |
328 | |
329 | if ((ext & (1 << (INET_DIAG_INFO - 1))) && handler->idiag_info_size) { |
330 | attr = nla_reserve_64bit(skb, attrtype: INET_DIAG_INFO, |
331 | attrlen: handler->idiag_info_size, |
332 | padattr: INET_DIAG_PAD); |
333 | if (!attr) |
334 | goto errout; |
335 | |
336 | info = nla_data(nla: attr); |
337 | } |
338 | |
339 | if (ext & (1 << (INET_DIAG_CONG - 1))) { |
340 | int err = 0; |
341 | |
342 | rcu_read_lock(); |
343 | ca_ops = READ_ONCE(icsk->icsk_ca_ops); |
344 | if (ca_ops) |
345 | err = nla_put_string(skb, attrtype: INET_DIAG_CONG, str: ca_ops->name); |
346 | rcu_read_unlock(); |
347 | if (err < 0) |
348 | goto errout; |
349 | } |
350 | |
351 | handler->idiag_get_info(sk, r, info); |
352 | |
353 | if (ext & (1 << (INET_DIAG_INFO - 1)) && handler->idiag_get_aux) |
354 | if (handler->idiag_get_aux(sk, net_admin, skb) < 0) |
355 | goto errout; |
356 | |
357 | if (sk->sk_state < TCP_TIME_WAIT) { |
358 | union tcp_cc_info info; |
359 | size_t sz = 0; |
360 | int attr; |
361 | |
362 | rcu_read_lock(); |
363 | ca_ops = READ_ONCE(icsk->icsk_ca_ops); |
364 | if (ca_ops && ca_ops->get_info) |
365 | sz = ca_ops->get_info(sk, ext, &attr, &info); |
366 | rcu_read_unlock(); |
367 | if (sz && nla_put(skb, attrtype: attr, attrlen: sz, data: &info) < 0) |
368 | goto errout; |
369 | } |
370 | |
371 | /* Keep it at the end for potential retry with a larger skb, |
372 | * or else do best-effort fitting, which is only done for the |
373 | * first_nlmsg. |
374 | */ |
375 | if (cb_data->bpf_stg_diag) { |
376 | bool first_nlmsg = ((unsigned char *)nlh == skb->data); |
377 | unsigned int prev_min_dump_alloc; |
378 | unsigned int total_nla_size = 0; |
379 | unsigned int msg_len; |
380 | int err; |
381 | |
382 | msg_len = skb_tail_pointer(skb) - (unsigned char *)nlh; |
383 | err = bpf_sk_storage_diag_put(diag: cb_data->bpf_stg_diag, sk, skb, |
384 | stg_array_type: INET_DIAG_SK_BPF_STORAGES, |
385 | res_diag_size: &total_nla_size); |
386 | |
387 | if (!err) |
388 | goto out; |
389 | |
390 | total_nla_size += msg_len; |
391 | prev_min_dump_alloc = cb->min_dump_alloc; |
392 | if (total_nla_size > prev_min_dump_alloc) |
393 | cb->min_dump_alloc = min_t(u32, total_nla_size, |
394 | MAX_DUMP_ALLOC_SIZE); |
395 | |
396 | if (!first_nlmsg) |
397 | goto errout; |
398 | |
399 | if (cb->min_dump_alloc > prev_min_dump_alloc) |
400 | /* Retry with pskb_expand_head() with |
401 | * __GFP_DIRECT_RECLAIM |
402 | */ |
403 | goto errout; |
404 | |
405 | WARN_ON_ONCE(total_nla_size <= prev_min_dump_alloc); |
406 | |
407 | /* Send what we have for this sk |
408 | * and move on to the next sk in the following |
409 | * dump() |
410 | */ |
411 | } |
412 | |
413 | out: |
414 | nlmsg_end(skb, nlh); |
415 | return 0; |
416 | |
417 | errout: |
418 | nlmsg_cancel(skb, nlh); |
419 | return -EMSGSIZE; |
420 | } |
421 | EXPORT_SYMBOL_GPL(inet_sk_diag_fill); |
422 | |
423 | static int inet_twsk_diag_fill(struct sock *sk, |
424 | struct sk_buff *skb, |
425 | struct netlink_callback *cb, |
426 | u16 nlmsg_flags, bool net_admin) |
427 | { |
428 | struct inet_timewait_sock *tw = inet_twsk(sk); |
429 | struct inet_diag_msg *r; |
430 | struct nlmsghdr *nlh; |
431 | long tmo; |
432 | |
433 | nlh = nlmsg_put(skb, NETLINK_CB(cb->skb).portid, |
434 | seq: cb->nlh->nlmsg_seq, type: cb->nlh->nlmsg_type, |
435 | payload: sizeof(*r), flags: nlmsg_flags); |
436 | if (!nlh) |
437 | return -EMSGSIZE; |
438 | |
439 | r = nlmsg_data(nlh); |
440 | BUG_ON(tw->tw_state != TCP_TIME_WAIT); |
441 | |
442 | inet_diag_msg_common_fill(r, sk); |
443 | r->idiag_retrans = 0; |
444 | |
445 | r->idiag_state = tw->tw_substate; |
446 | r->idiag_timer = 3; |
447 | tmo = tw->tw_timer.expires - jiffies; |
448 | r->idiag_expires = jiffies_delta_to_msecs(delta: tmo); |
449 | r->idiag_rqueue = 0; |
450 | r->idiag_wqueue = 0; |
451 | r->idiag_uid = 0; |
452 | r->idiag_inode = 0; |
453 | |
454 | if (net_admin && nla_put_u32(skb, attrtype: INET_DIAG_MARK, |
455 | value: tw->tw_mark)) { |
456 | nlmsg_cancel(skb, nlh); |
457 | return -EMSGSIZE; |
458 | } |
459 | |
460 | nlmsg_end(skb, nlh); |
461 | return 0; |
462 | } |
463 | |
464 | static int inet_req_diag_fill(struct sock *sk, struct sk_buff *skb, |
465 | struct netlink_callback *cb, |
466 | u16 nlmsg_flags, bool net_admin) |
467 | { |
468 | struct request_sock *reqsk = inet_reqsk(sk); |
469 | struct inet_diag_msg *r; |
470 | struct nlmsghdr *nlh; |
471 | long tmo; |
472 | |
473 | nlh = nlmsg_put(skb, NETLINK_CB(cb->skb).portid, seq: cb->nlh->nlmsg_seq, |
474 | type: cb->nlh->nlmsg_type, payload: sizeof(*r), flags: nlmsg_flags); |
475 | if (!nlh) |
476 | return -EMSGSIZE; |
477 | |
478 | r = nlmsg_data(nlh); |
479 | inet_diag_msg_common_fill(r, sk); |
480 | r->idiag_state = TCP_SYN_RECV; |
481 | r->idiag_timer = 1; |
482 | r->idiag_retrans = reqsk->num_retrans; |
483 | |
484 | BUILD_BUG_ON(offsetof(struct inet_request_sock, ir_cookie) != |
485 | offsetof(struct sock, sk_cookie)); |
486 | |
487 | tmo = inet_reqsk(sk)->rsk_timer.expires - jiffies; |
488 | r->idiag_expires = jiffies_delta_to_msecs(delta: tmo); |
489 | r->idiag_rqueue = 0; |
490 | r->idiag_wqueue = 0; |
491 | r->idiag_uid = 0; |
492 | r->idiag_inode = 0; |
493 | |
494 | if (net_admin && nla_put_u32(skb, attrtype: INET_DIAG_MARK, |
495 | value: inet_rsk(sk: reqsk)->ir_mark)) { |
496 | nlmsg_cancel(skb, nlh); |
497 | return -EMSGSIZE; |
498 | } |
499 | |
500 | nlmsg_end(skb, nlh); |
501 | return 0; |
502 | } |
503 | |
504 | static int sk_diag_fill(struct sock *sk, struct sk_buff *skb, |
505 | struct netlink_callback *cb, |
506 | const struct inet_diag_req_v2 *r, |
507 | u16 nlmsg_flags, bool net_admin) |
508 | { |
509 | if (sk->sk_state == TCP_TIME_WAIT) |
510 | return inet_twsk_diag_fill(sk, skb, cb, nlmsg_flags, net_admin); |
511 | |
512 | if (sk->sk_state == TCP_NEW_SYN_RECV) |
513 | return inet_req_diag_fill(sk, skb, cb, nlmsg_flags, net_admin); |
514 | |
515 | return inet_sk_diag_fill(sk, inet_csk(sk), skb, cb, r, nlmsg_flags, |
516 | net_admin); |
517 | } |
518 | |
519 | struct sock *inet_diag_find_one_icsk(struct net *net, |
520 | struct inet_hashinfo *hashinfo, |
521 | const struct inet_diag_req_v2 *req) |
522 | { |
523 | struct sock *sk; |
524 | |
525 | rcu_read_lock(); |
526 | if (req->sdiag_family == AF_INET) |
527 | sk = inet_lookup(net, hashinfo, NULL, doff: 0, saddr: req->id.idiag_dst[0], |
528 | sport: req->id.idiag_dport, daddr: req->id.idiag_src[0], |
529 | dport: req->id.idiag_sport, dif: req->id.idiag_if); |
530 | #if IS_ENABLED(CONFIG_IPV6) |
531 | else if (req->sdiag_family == AF_INET6) { |
532 | if (ipv6_addr_v4mapped(a: (struct in6_addr *)req->id.idiag_dst) && |
533 | ipv6_addr_v4mapped(a: (struct in6_addr *)req->id.idiag_src)) |
534 | sk = inet_lookup(net, hashinfo, NULL, doff: 0, saddr: req->id.idiag_dst[3], |
535 | sport: req->id.idiag_dport, daddr: req->id.idiag_src[3], |
536 | dport: req->id.idiag_sport, dif: req->id.idiag_if); |
537 | else |
538 | sk = inet6_lookup(net, hashinfo, NULL, doff: 0, |
539 | saddr: (struct in6_addr *)req->id.idiag_dst, |
540 | sport: req->id.idiag_dport, |
541 | daddr: (struct in6_addr *)req->id.idiag_src, |
542 | dport: req->id.idiag_sport, |
543 | dif: req->id.idiag_if); |
544 | } |
545 | #endif |
546 | else { |
547 | rcu_read_unlock(); |
548 | return ERR_PTR(error: -EINVAL); |
549 | } |
550 | rcu_read_unlock(); |
551 | if (!sk) |
552 | return ERR_PTR(error: -ENOENT); |
553 | |
554 | if (sock_diag_check_cookie(sk, cookie: req->id.idiag_cookie)) { |
555 | sock_gen_put(sk); |
556 | return ERR_PTR(error: -ENOENT); |
557 | } |
558 | |
559 | return sk; |
560 | } |
561 | EXPORT_SYMBOL_GPL(inet_diag_find_one_icsk); |
562 | |
563 | int inet_diag_dump_one_icsk(struct inet_hashinfo *hashinfo, |
564 | struct netlink_callback *cb, |
565 | const struct inet_diag_req_v2 *req) |
566 | { |
567 | struct sk_buff *in_skb = cb->skb; |
568 | bool net_admin = netlink_net_capable(skb: in_skb, CAP_NET_ADMIN); |
569 | struct net *net = sock_net(sk: in_skb->sk); |
570 | struct sk_buff *rep; |
571 | struct sock *sk; |
572 | int err; |
573 | |
574 | sk = inet_diag_find_one_icsk(net, hashinfo, req); |
575 | if (IS_ERR(ptr: sk)) |
576 | return PTR_ERR(ptr: sk); |
577 | |
578 | rep = nlmsg_new(payload: inet_sk_attr_size(sk, req, net_admin), GFP_KERNEL); |
579 | if (!rep) { |
580 | err = -ENOMEM; |
581 | goto out; |
582 | } |
583 | |
584 | err = sk_diag_fill(sk, skb: rep, cb, r: req, nlmsg_flags: 0, net_admin); |
585 | if (err < 0) { |
586 | WARN_ON(err == -EMSGSIZE); |
587 | nlmsg_free(skb: rep); |
588 | goto out; |
589 | } |
590 | err = nlmsg_unicast(sk: net->diag_nlsk, skb: rep, NETLINK_CB(in_skb).portid); |
591 | |
592 | out: |
593 | if (sk) |
594 | sock_gen_put(sk); |
595 | |
596 | return err; |
597 | } |
598 | EXPORT_SYMBOL_GPL(inet_diag_dump_one_icsk); |
599 | |
600 | static int inet_diag_cmd_exact(int cmd, struct sk_buff *in_skb, |
601 | const struct nlmsghdr *nlh, |
602 | int hdrlen, |
603 | const struct inet_diag_req_v2 *req) |
604 | { |
605 | const struct inet_diag_handler *handler; |
606 | struct inet_diag_dump_data dump_data; |
607 | int err, protocol; |
608 | |
609 | memset(&dump_data, 0, sizeof(dump_data)); |
610 | err = inet_diag_parse_attrs(nlh, hdrlen, req_nlas: dump_data.req_nlas); |
611 | if (err) |
612 | return err; |
613 | |
614 | protocol = inet_diag_get_protocol(req, data: &dump_data); |
615 | |
616 | handler = inet_diag_lock_handler(proto: protocol); |
617 | if (!handler) |
618 | return -ENOENT; |
619 | |
620 | if (cmd == SOCK_DIAG_BY_FAMILY) { |
621 | struct netlink_callback cb = { |
622 | .nlh = nlh, |
623 | .skb = in_skb, |
624 | .data = &dump_data, |
625 | }; |
626 | err = handler->dump_one(&cb, req); |
627 | } else if (cmd == SOCK_DESTROY && handler->destroy) { |
628 | err = handler->destroy(in_skb, req); |
629 | } else { |
630 | err = -EOPNOTSUPP; |
631 | } |
632 | inet_diag_unlock_handler(handler); |
633 | |
634 | return err; |
635 | } |
636 | |
637 | static int bitstring_match(const __be32 *a1, const __be32 *a2, int bits) |
638 | { |
639 | int words = bits >> 5; |
640 | |
641 | bits &= 0x1f; |
642 | |
643 | if (words) { |
644 | if (memcmp(p: a1, q: a2, size: words << 2)) |
645 | return 0; |
646 | } |
647 | if (bits) { |
648 | __be32 w1, w2; |
649 | __be32 mask; |
650 | |
651 | w1 = a1[words]; |
652 | w2 = a2[words]; |
653 | |
654 | mask = htonl((0xffffffff) << (32 - bits)); |
655 | |
656 | if ((w1 ^ w2) & mask) |
657 | return 0; |
658 | } |
659 | |
660 | return 1; |
661 | } |
662 | |
663 | static int inet_diag_bc_run(const struct nlattr *_bc, |
664 | const struct inet_diag_entry *entry) |
665 | { |
666 | const void *bc = nla_data(nla: _bc); |
667 | int len = nla_len(nla: _bc); |
668 | |
669 | while (len > 0) { |
670 | int yes = 1; |
671 | const struct inet_diag_bc_op *op = bc; |
672 | |
673 | switch (op->code) { |
674 | case INET_DIAG_BC_NOP: |
675 | break; |
676 | case INET_DIAG_BC_JMP: |
677 | yes = 0; |
678 | break; |
679 | case INET_DIAG_BC_S_EQ: |
680 | yes = entry->sport == op[1].no; |
681 | break; |
682 | case INET_DIAG_BC_S_GE: |
683 | yes = entry->sport >= op[1].no; |
684 | break; |
685 | case INET_DIAG_BC_S_LE: |
686 | yes = entry->sport <= op[1].no; |
687 | break; |
688 | case INET_DIAG_BC_D_EQ: |
689 | yes = entry->dport == op[1].no; |
690 | break; |
691 | case INET_DIAG_BC_D_GE: |
692 | yes = entry->dport >= op[1].no; |
693 | break; |
694 | case INET_DIAG_BC_D_LE: |
695 | yes = entry->dport <= op[1].no; |
696 | break; |
697 | case INET_DIAG_BC_AUTO: |
698 | yes = !(entry->userlocks & SOCK_BINDPORT_LOCK); |
699 | break; |
700 | case INET_DIAG_BC_S_COND: |
701 | case INET_DIAG_BC_D_COND: { |
702 | const struct inet_diag_hostcond *cond; |
703 | const __be32 *addr; |
704 | |
705 | cond = (const struct inet_diag_hostcond *)(op + 1); |
706 | if (cond->port != -1 && |
707 | cond->port != (op->code == INET_DIAG_BC_S_COND ? |
708 | entry->sport : entry->dport)) { |
709 | yes = 0; |
710 | break; |
711 | } |
712 | |
713 | if (op->code == INET_DIAG_BC_S_COND) |
714 | addr = entry->saddr; |
715 | else |
716 | addr = entry->daddr; |
717 | |
718 | if (cond->family != AF_UNSPEC && |
719 | cond->family != entry->family) { |
720 | if (entry->family == AF_INET6 && |
721 | cond->family == AF_INET) { |
722 | if (addr[0] == 0 && addr[1] == 0 && |
723 | addr[2] == htonl(0xffff) && |
724 | bitstring_match(a1: addr + 3, |
725 | a2: cond->addr, |
726 | bits: cond->prefix_len)) |
727 | break; |
728 | } |
729 | yes = 0; |
730 | break; |
731 | } |
732 | |
733 | if (cond->prefix_len == 0) |
734 | break; |
735 | if (bitstring_match(a1: addr, a2: cond->addr, |
736 | bits: cond->prefix_len)) |
737 | break; |
738 | yes = 0; |
739 | break; |
740 | } |
741 | case INET_DIAG_BC_DEV_COND: { |
742 | u32 ifindex; |
743 | |
744 | ifindex = *((const u32 *)(op + 1)); |
745 | if (ifindex != entry->ifindex) |
746 | yes = 0; |
747 | break; |
748 | } |
749 | case INET_DIAG_BC_MARK_COND: { |
750 | struct inet_diag_markcond *cond; |
751 | |
752 | cond = (struct inet_diag_markcond *)(op + 1); |
753 | if ((entry->mark & cond->mask) != cond->mark) |
754 | yes = 0; |
755 | break; |
756 | } |
757 | #ifdef CONFIG_SOCK_CGROUP_DATA |
758 | case INET_DIAG_BC_CGROUP_COND: { |
759 | u64 cgroup_id; |
760 | |
761 | cgroup_id = get_unaligned((const u64 *)(op + 1)); |
762 | if (cgroup_id != entry->cgroup_id) |
763 | yes = 0; |
764 | break; |
765 | } |
766 | #endif |
767 | } |
768 | |
769 | if (yes) { |
770 | len -= op->yes; |
771 | bc += op->yes; |
772 | } else { |
773 | len -= op->no; |
774 | bc += op->no; |
775 | } |
776 | } |
777 | return len == 0; |
778 | } |
779 | |
780 | /* This helper is available for all sockets (ESTABLISH, TIMEWAIT, SYN_RECV) |
781 | */ |
782 | static void entry_fill_addrs(struct inet_diag_entry *entry, |
783 | const struct sock *sk) |
784 | { |
785 | #if IS_ENABLED(CONFIG_IPV6) |
786 | if (sk->sk_family == AF_INET6) { |
787 | entry->saddr = sk->sk_v6_rcv_saddr.s6_addr32; |
788 | entry->daddr = sk->sk_v6_daddr.s6_addr32; |
789 | } else |
790 | #endif |
791 | { |
792 | entry->saddr = &sk->sk_rcv_saddr; |
793 | entry->daddr = &sk->sk_daddr; |
794 | } |
795 | } |
796 | |
797 | int inet_diag_bc_sk(const struct nlattr *bc, struct sock *sk) |
798 | { |
799 | struct inet_sock *inet = inet_sk(sk); |
800 | struct inet_diag_entry entry; |
801 | |
802 | if (!bc) |
803 | return 1; |
804 | |
805 | entry.family = sk->sk_family; |
806 | entry_fill_addrs(entry: &entry, sk); |
807 | entry.sport = inet->inet_num; |
808 | entry.dport = ntohs(inet->inet_dport); |
809 | entry.ifindex = sk->sk_bound_dev_if; |
810 | entry.userlocks = sk_fullsock(sk) ? sk->sk_userlocks : 0; |
811 | if (sk_fullsock(sk)) |
812 | entry.mark = READ_ONCE(sk->sk_mark); |
813 | else if (sk->sk_state == TCP_NEW_SYN_RECV) |
814 | entry.mark = inet_rsk(sk: inet_reqsk(sk))->ir_mark; |
815 | else if (sk->sk_state == TCP_TIME_WAIT) |
816 | entry.mark = inet_twsk(sk)->tw_mark; |
817 | else |
818 | entry.mark = 0; |
819 | #ifdef CONFIG_SOCK_CGROUP_DATA |
820 | entry.cgroup_id = sk_fullsock(sk) ? |
821 | cgroup_id(cgrp: sock_cgroup_ptr(skcd: &sk->sk_cgrp_data)) : 0; |
822 | #endif |
823 | |
824 | return inet_diag_bc_run(bc: bc, entry: &entry); |
825 | } |
826 | EXPORT_SYMBOL_GPL(inet_diag_bc_sk); |
827 | |
828 | static int valid_cc(const void *bc, int len, int cc) |
829 | { |
830 | while (len >= 0) { |
831 | const struct inet_diag_bc_op *op = bc; |
832 | |
833 | if (cc > len) |
834 | return 0; |
835 | if (cc == len) |
836 | return 1; |
837 | if (op->yes < 4 || op->yes & 3) |
838 | return 0; |
839 | len -= op->yes; |
840 | bc += op->yes; |
841 | } |
842 | return 0; |
843 | } |
844 | |
845 | /* data is u32 ifindex */ |
846 | static bool valid_devcond(const struct inet_diag_bc_op *op, int len, |
847 | int *min_len) |
848 | { |
849 | /* Check ifindex space. */ |
850 | *min_len += sizeof(u32); |
851 | if (len < *min_len) |
852 | return false; |
853 | |
854 | return true; |
855 | } |
856 | /* Validate an inet_diag_hostcond. */ |
857 | static bool valid_hostcond(const struct inet_diag_bc_op *op, int len, |
858 | int *min_len) |
859 | { |
860 | struct inet_diag_hostcond *cond; |
861 | int addr_len; |
862 | |
863 | /* Check hostcond space. */ |
864 | *min_len += sizeof(struct inet_diag_hostcond); |
865 | if (len < *min_len) |
866 | return false; |
867 | cond = (struct inet_diag_hostcond *)(op + 1); |
868 | |
869 | /* Check address family and address length. */ |
870 | switch (cond->family) { |
871 | case AF_UNSPEC: |
872 | addr_len = 0; |
873 | break; |
874 | case AF_INET: |
875 | addr_len = sizeof(struct in_addr); |
876 | break; |
877 | case AF_INET6: |
878 | addr_len = sizeof(struct in6_addr); |
879 | break; |
880 | default: |
881 | return false; |
882 | } |
883 | *min_len += addr_len; |
884 | if (len < *min_len) |
885 | return false; |
886 | |
887 | /* Check prefix length (in bits) vs address length (in bytes). */ |
888 | if (cond->prefix_len > 8 * addr_len) |
889 | return false; |
890 | |
891 | return true; |
892 | } |
893 | |
894 | /* Validate a port comparison operator. */ |
895 | static bool valid_port_comparison(const struct inet_diag_bc_op *op, |
896 | int len, int *min_len) |
897 | { |
898 | /* Port comparisons put the port in a follow-on inet_diag_bc_op. */ |
899 | *min_len += sizeof(struct inet_diag_bc_op); |
900 | if (len < *min_len) |
901 | return false; |
902 | return true; |
903 | } |
904 | |
905 | static bool valid_markcond(const struct inet_diag_bc_op *op, int len, |
906 | int *min_len) |
907 | { |
908 | *min_len += sizeof(struct inet_diag_markcond); |
909 | return len >= *min_len; |
910 | } |
911 | |
912 | #ifdef CONFIG_SOCK_CGROUP_DATA |
913 | static bool valid_cgroupcond(const struct inet_diag_bc_op *op, int len, |
914 | int *min_len) |
915 | { |
916 | *min_len += sizeof(u64); |
917 | return len >= *min_len; |
918 | } |
919 | #endif |
920 | |
921 | static int inet_diag_bc_audit(const struct nlattr *attr, |
922 | const struct sk_buff *skb) |
923 | { |
924 | bool net_admin = netlink_net_capable(skb, CAP_NET_ADMIN); |
925 | const void *bytecode, *bc; |
926 | int bytecode_len, len; |
927 | |
928 | if (!attr || nla_len(nla: attr) < sizeof(struct inet_diag_bc_op)) |
929 | return -EINVAL; |
930 | |
931 | bytecode = bc = nla_data(nla: attr); |
932 | len = bytecode_len = nla_len(nla: attr); |
933 | |
934 | while (len > 0) { |
935 | int min_len = sizeof(struct inet_diag_bc_op); |
936 | const struct inet_diag_bc_op *op = bc; |
937 | |
938 | switch (op->code) { |
939 | case INET_DIAG_BC_S_COND: |
940 | case INET_DIAG_BC_D_COND: |
941 | if (!valid_hostcond(op: bc, len, min_len: &min_len)) |
942 | return -EINVAL; |
943 | break; |
944 | case INET_DIAG_BC_DEV_COND: |
945 | if (!valid_devcond(op: bc, len, min_len: &min_len)) |
946 | return -EINVAL; |
947 | break; |
948 | case INET_DIAG_BC_S_EQ: |
949 | case INET_DIAG_BC_S_GE: |
950 | case INET_DIAG_BC_S_LE: |
951 | case INET_DIAG_BC_D_EQ: |
952 | case INET_DIAG_BC_D_GE: |
953 | case INET_DIAG_BC_D_LE: |
954 | if (!valid_port_comparison(op: bc, len, min_len: &min_len)) |
955 | return -EINVAL; |
956 | break; |
957 | case INET_DIAG_BC_MARK_COND: |
958 | if (!net_admin) |
959 | return -EPERM; |
960 | if (!valid_markcond(op: bc, len, min_len: &min_len)) |
961 | return -EINVAL; |
962 | break; |
963 | #ifdef CONFIG_SOCK_CGROUP_DATA |
964 | case INET_DIAG_BC_CGROUP_COND: |
965 | if (!valid_cgroupcond(op: bc, len, min_len: &min_len)) |
966 | return -EINVAL; |
967 | break; |
968 | #endif |
969 | case INET_DIAG_BC_AUTO: |
970 | case INET_DIAG_BC_JMP: |
971 | case INET_DIAG_BC_NOP: |
972 | break; |
973 | default: |
974 | return -EINVAL; |
975 | } |
976 | |
977 | if (op->code != INET_DIAG_BC_NOP) { |
978 | if (op->no < min_len || op->no > len + 4 || op->no & 3) |
979 | return -EINVAL; |
980 | if (op->no < len && |
981 | !valid_cc(bc: bytecode, len: bytecode_len, cc: len - op->no)) |
982 | return -EINVAL; |
983 | } |
984 | |
985 | if (op->yes < min_len || op->yes > len + 4 || op->yes & 3) |
986 | return -EINVAL; |
987 | bc += op->yes; |
988 | len -= op->yes; |
989 | } |
990 | return len == 0 ? 0 : -EINVAL; |
991 | } |
992 | |
993 | static void twsk_build_assert(void) |
994 | { |
995 | BUILD_BUG_ON(offsetof(struct inet_timewait_sock, tw_family) != |
996 | offsetof(struct sock, sk_family)); |
997 | |
998 | BUILD_BUG_ON(offsetof(struct inet_timewait_sock, tw_num) != |
999 | offsetof(struct inet_sock, inet_num)); |
1000 | |
1001 | BUILD_BUG_ON(offsetof(struct inet_timewait_sock, tw_dport) != |
1002 | offsetof(struct inet_sock, inet_dport)); |
1003 | |
1004 | BUILD_BUG_ON(offsetof(struct inet_timewait_sock, tw_rcv_saddr) != |
1005 | offsetof(struct inet_sock, inet_rcv_saddr)); |
1006 | |
1007 | BUILD_BUG_ON(offsetof(struct inet_timewait_sock, tw_daddr) != |
1008 | offsetof(struct inet_sock, inet_daddr)); |
1009 | |
1010 | #if IS_ENABLED(CONFIG_IPV6) |
1011 | BUILD_BUG_ON(offsetof(struct inet_timewait_sock, tw_v6_rcv_saddr) != |
1012 | offsetof(struct sock, sk_v6_rcv_saddr)); |
1013 | |
1014 | BUILD_BUG_ON(offsetof(struct inet_timewait_sock, tw_v6_daddr) != |
1015 | offsetof(struct sock, sk_v6_daddr)); |
1016 | #endif |
1017 | } |
1018 | |
1019 | void inet_diag_dump_icsk(struct inet_hashinfo *hashinfo, struct sk_buff *skb, |
1020 | struct netlink_callback *cb, |
1021 | const struct inet_diag_req_v2 *r) |
1022 | { |
1023 | bool net_admin = netlink_net_capable(skb: cb->skb, CAP_NET_ADMIN); |
1024 | struct inet_diag_dump_data *cb_data = cb->data; |
1025 | struct net *net = sock_net(sk: skb->sk); |
1026 | u32 idiag_states = r->idiag_states; |
1027 | int i, num, s_i, s_num; |
1028 | struct nlattr *bc; |
1029 | struct sock *sk; |
1030 | |
1031 | bc = cb_data->inet_diag_nla_bc; |
1032 | if (idiag_states & TCPF_SYN_RECV) |
1033 | idiag_states |= TCPF_NEW_SYN_RECV; |
1034 | s_i = cb->args[1]; |
1035 | s_num = num = cb->args[2]; |
1036 | |
1037 | if (cb->args[0] == 0) { |
1038 | if (!(idiag_states & TCPF_LISTEN) || r->id.idiag_dport) |
1039 | goto skip_listen_ht; |
1040 | |
1041 | for (i = s_i; i <= hashinfo->lhash2_mask; i++) { |
1042 | struct inet_listen_hashbucket *ilb; |
1043 | struct hlist_nulls_node *node; |
1044 | |
1045 | num = 0; |
1046 | ilb = &hashinfo->lhash2[i]; |
1047 | |
1048 | if (hlist_nulls_empty(h: &ilb->nulls_head)) { |
1049 | s_num = 0; |
1050 | continue; |
1051 | } |
1052 | spin_lock(lock: &ilb->lock); |
1053 | sk_nulls_for_each(sk, node, &ilb->nulls_head) { |
1054 | struct inet_sock *inet = inet_sk(sk); |
1055 | |
1056 | if (!net_eq(net1: sock_net(sk), net2: net)) |
1057 | continue; |
1058 | |
1059 | if (num < s_num) { |
1060 | num++; |
1061 | continue; |
1062 | } |
1063 | |
1064 | if (r->sdiag_family != AF_UNSPEC && |
1065 | sk->sk_family != r->sdiag_family) |
1066 | goto next_listen; |
1067 | |
1068 | if (r->id.idiag_sport != inet->inet_sport && |
1069 | r->id.idiag_sport) |
1070 | goto next_listen; |
1071 | |
1072 | if (!inet_diag_bc_sk(bc, sk)) |
1073 | goto next_listen; |
1074 | |
1075 | if (inet_sk_diag_fill(sk, inet_csk(sk), skb, |
1076 | cb, r, NLM_F_MULTI, |
1077 | net_admin) < 0) { |
1078 | spin_unlock(lock: &ilb->lock); |
1079 | goto done; |
1080 | } |
1081 | |
1082 | next_listen: |
1083 | ++num; |
1084 | } |
1085 | spin_unlock(lock: &ilb->lock); |
1086 | |
1087 | s_num = 0; |
1088 | } |
1089 | skip_listen_ht: |
1090 | cb->args[0] = 1; |
1091 | s_i = num = s_num = 0; |
1092 | } |
1093 | |
1094 | /* Process a maximum of SKARR_SZ sockets at a time when walking hash buckets |
1095 | * with bh disabled. |
1096 | */ |
1097 | #define SKARR_SZ 16 |
1098 | |
1099 | /* Dump bound but inactive (not listening, connecting, etc.) sockets */ |
1100 | if (cb->args[0] == 1) { |
1101 | if (!(idiag_states & TCPF_BOUND_INACTIVE)) |
1102 | goto skip_bind_ht; |
1103 | |
1104 | for (i = s_i; i < hashinfo->bhash_size; i++) { |
1105 | struct inet_bind_hashbucket *ibb; |
1106 | struct inet_bind2_bucket *tb2; |
1107 | struct sock *sk_arr[SKARR_SZ]; |
1108 | int num_arr[SKARR_SZ]; |
1109 | int idx, accum, res; |
1110 | |
1111 | resume_bind_walk: |
1112 | num = 0; |
1113 | accum = 0; |
1114 | ibb = &hashinfo->bhash2[i]; |
1115 | |
1116 | if (hlist_empty(h: &ibb->chain)) { |
1117 | s_num = 0; |
1118 | continue; |
1119 | } |
1120 | spin_lock_bh(lock: &ibb->lock); |
1121 | inet_bind_bucket_for_each(tb2, &ibb->chain) { |
1122 | if (!net_eq(net1: ib2_net(ib: tb2), net2: net)) |
1123 | continue; |
1124 | |
1125 | sk_for_each_bound(sk, &tb2->owners) { |
1126 | struct inet_sock *inet = inet_sk(sk); |
1127 | |
1128 | if (num < s_num) |
1129 | goto next_bind; |
1130 | |
1131 | if (sk->sk_state != TCP_CLOSE || |
1132 | !inet->inet_num) |
1133 | goto next_bind; |
1134 | |
1135 | if (r->sdiag_family != AF_UNSPEC && |
1136 | r->sdiag_family != sk->sk_family) |
1137 | goto next_bind; |
1138 | |
1139 | if (!inet_diag_bc_sk(bc, sk)) |
1140 | goto next_bind; |
1141 | |
1142 | sock_hold(sk); |
1143 | num_arr[accum] = num; |
1144 | sk_arr[accum] = sk; |
1145 | if (++accum == SKARR_SZ) |
1146 | goto pause_bind_walk; |
1147 | next_bind: |
1148 | num++; |
1149 | } |
1150 | } |
1151 | pause_bind_walk: |
1152 | spin_unlock_bh(lock: &ibb->lock); |
1153 | |
1154 | res = 0; |
1155 | for (idx = 0; idx < accum; idx++) { |
1156 | if (res >= 0) { |
1157 | res = inet_sk_diag_fill(sk_arr[idx], |
1158 | NULL, skb, cb, |
1159 | r, NLM_F_MULTI, |
1160 | net_admin); |
1161 | if (res < 0) |
1162 | num = num_arr[idx]; |
1163 | } |
1164 | sock_put(sk: sk_arr[idx]); |
1165 | } |
1166 | if (res < 0) |
1167 | goto done; |
1168 | |
1169 | cond_resched(); |
1170 | |
1171 | if (accum == SKARR_SZ) { |
1172 | s_num = num + 1; |
1173 | goto resume_bind_walk; |
1174 | } |
1175 | |
1176 | s_num = 0; |
1177 | } |
1178 | skip_bind_ht: |
1179 | cb->args[0] = 2; |
1180 | s_i = num = s_num = 0; |
1181 | } |
1182 | |
1183 | if (!(idiag_states & ~TCPF_LISTEN)) |
1184 | goto out; |
1185 | |
1186 | for (i = s_i; i <= hashinfo->ehash_mask; i++) { |
1187 | struct inet_ehash_bucket *head = &hashinfo->ehash[i]; |
1188 | spinlock_t *lock = inet_ehash_lockp(hashinfo, hash: i); |
1189 | struct hlist_nulls_node *node; |
1190 | struct sock *sk_arr[SKARR_SZ]; |
1191 | int num_arr[SKARR_SZ]; |
1192 | int idx, accum, res; |
1193 | |
1194 | if (hlist_nulls_empty(h: &head->chain)) |
1195 | continue; |
1196 | |
1197 | if (i > s_i) |
1198 | s_num = 0; |
1199 | |
1200 | next_chunk: |
1201 | num = 0; |
1202 | accum = 0; |
1203 | spin_lock_bh(lock); |
1204 | sk_nulls_for_each(sk, node, &head->chain) { |
1205 | int state; |
1206 | |
1207 | if (!net_eq(net1: sock_net(sk), net2: net)) |
1208 | continue; |
1209 | if (num < s_num) |
1210 | goto next_normal; |
1211 | state = (sk->sk_state == TCP_TIME_WAIT) ? |
1212 | inet_twsk(sk)->tw_substate : sk->sk_state; |
1213 | if (!(idiag_states & (1 << state))) |
1214 | goto next_normal; |
1215 | if (r->sdiag_family != AF_UNSPEC && |
1216 | sk->sk_family != r->sdiag_family) |
1217 | goto next_normal; |
1218 | if (r->id.idiag_sport != htons(sk->sk_num) && |
1219 | r->id.idiag_sport) |
1220 | goto next_normal; |
1221 | if (r->id.idiag_dport != sk->sk_dport && |
1222 | r->id.idiag_dport) |
1223 | goto next_normal; |
1224 | twsk_build_assert(); |
1225 | |
1226 | if (!inet_diag_bc_sk(bc, sk)) |
1227 | goto next_normal; |
1228 | |
1229 | if (!refcount_inc_not_zero(r: &sk->sk_refcnt)) |
1230 | goto next_normal; |
1231 | |
1232 | num_arr[accum] = num; |
1233 | sk_arr[accum] = sk; |
1234 | if (++accum == SKARR_SZ) |
1235 | break; |
1236 | next_normal: |
1237 | ++num; |
1238 | } |
1239 | spin_unlock_bh(lock); |
1240 | res = 0; |
1241 | for (idx = 0; idx < accum; idx++) { |
1242 | if (res >= 0) { |
1243 | res = sk_diag_fill(sk: sk_arr[idx], skb, cb, r, |
1244 | NLM_F_MULTI, net_admin); |
1245 | if (res < 0) |
1246 | num = num_arr[idx]; |
1247 | } |
1248 | sock_gen_put(sk: sk_arr[idx]); |
1249 | } |
1250 | if (res < 0) |
1251 | break; |
1252 | cond_resched(); |
1253 | if (accum == SKARR_SZ) { |
1254 | s_num = num + 1; |
1255 | goto next_chunk; |
1256 | } |
1257 | } |
1258 | |
1259 | done: |
1260 | cb->args[1] = i; |
1261 | cb->args[2] = num; |
1262 | out: |
1263 | ; |
1264 | } |
1265 | EXPORT_SYMBOL_GPL(inet_diag_dump_icsk); |
1266 | |
1267 | static int __inet_diag_dump(struct sk_buff *skb, struct netlink_callback *cb, |
1268 | const struct inet_diag_req_v2 *r) |
1269 | { |
1270 | struct inet_diag_dump_data *cb_data = cb->data; |
1271 | const struct inet_diag_handler *handler; |
1272 | u32 prev_min_dump_alloc; |
1273 | int protocol, err = 0; |
1274 | |
1275 | protocol = inet_diag_get_protocol(req: r, data: cb_data); |
1276 | |
1277 | again: |
1278 | prev_min_dump_alloc = cb->min_dump_alloc; |
1279 | handler = inet_diag_lock_handler(proto: protocol); |
1280 | if (handler) { |
1281 | handler->dump(skb, cb, r); |
1282 | inet_diag_unlock_handler(handler); |
1283 | } else { |
1284 | err = -ENOENT; |
1285 | } |
1286 | /* The skb is not large enough to fit one sk info and |
1287 | * inet_sk_diag_fill() has requested for a larger skb. |
1288 | */ |
1289 | if (!skb->len && cb->min_dump_alloc > prev_min_dump_alloc) { |
1290 | err = pskb_expand_head(skb, nhead: 0, ntail: cb->min_dump_alloc, GFP_KERNEL); |
1291 | if (!err) |
1292 | goto again; |
1293 | } |
1294 | |
1295 | return err ? : skb->len; |
1296 | } |
1297 | |
1298 | static int inet_diag_dump(struct sk_buff *skb, struct netlink_callback *cb) |
1299 | { |
1300 | return __inet_diag_dump(skb, cb, r: nlmsg_data(nlh: cb->nlh)); |
1301 | } |
1302 | |
1303 | static int __inet_diag_dump_start(struct netlink_callback *cb, int hdrlen) |
1304 | { |
1305 | const struct nlmsghdr *nlh = cb->nlh; |
1306 | struct inet_diag_dump_data *cb_data; |
1307 | struct sk_buff *skb = cb->skb; |
1308 | struct nlattr *nla; |
1309 | int err; |
1310 | |
1311 | cb_data = kzalloc(size: sizeof(*cb_data), GFP_KERNEL); |
1312 | if (!cb_data) |
1313 | return -ENOMEM; |
1314 | |
1315 | err = inet_diag_parse_attrs(nlh, hdrlen, req_nlas: cb_data->req_nlas); |
1316 | if (err) { |
1317 | kfree(objp: cb_data); |
1318 | return err; |
1319 | } |
1320 | nla = cb_data->inet_diag_nla_bc; |
1321 | if (nla) { |
1322 | err = inet_diag_bc_audit(attr: nla, skb); |
1323 | if (err) { |
1324 | kfree(objp: cb_data); |
1325 | return err; |
1326 | } |
1327 | } |
1328 | |
1329 | nla = cb_data->inet_diag_nla_bpf_stgs; |
1330 | if (nla) { |
1331 | struct bpf_sk_storage_diag *bpf_stg_diag; |
1332 | |
1333 | bpf_stg_diag = bpf_sk_storage_diag_alloc(nla_stgs: nla); |
1334 | if (IS_ERR(ptr: bpf_stg_diag)) { |
1335 | kfree(objp: cb_data); |
1336 | return PTR_ERR(ptr: bpf_stg_diag); |
1337 | } |
1338 | cb_data->bpf_stg_diag = bpf_stg_diag; |
1339 | } |
1340 | |
1341 | cb->data = cb_data; |
1342 | return 0; |
1343 | } |
1344 | |
1345 | static int inet_diag_dump_start(struct netlink_callback *cb) |
1346 | { |
1347 | return __inet_diag_dump_start(cb, hdrlen: sizeof(struct inet_diag_req_v2)); |
1348 | } |
1349 | |
1350 | static int inet_diag_dump_start_compat(struct netlink_callback *cb) |
1351 | { |
1352 | return __inet_diag_dump_start(cb, hdrlen: sizeof(struct inet_diag_req)); |
1353 | } |
1354 | |
1355 | static int inet_diag_dump_done(struct netlink_callback *cb) |
1356 | { |
1357 | struct inet_diag_dump_data *cb_data = cb->data; |
1358 | |
1359 | bpf_sk_storage_diag_free(diag: cb_data->bpf_stg_diag); |
1360 | kfree(objp: cb->data); |
1361 | |
1362 | return 0; |
1363 | } |
1364 | |
1365 | static int inet_diag_type2proto(int type) |
1366 | { |
1367 | switch (type) { |
1368 | case TCPDIAG_GETSOCK: |
1369 | return IPPROTO_TCP; |
1370 | case DCCPDIAG_GETSOCK: |
1371 | return IPPROTO_DCCP; |
1372 | default: |
1373 | return 0; |
1374 | } |
1375 | } |
1376 | |
1377 | static int inet_diag_dump_compat(struct sk_buff *skb, |
1378 | struct netlink_callback *cb) |
1379 | { |
1380 | struct inet_diag_req *rc = nlmsg_data(nlh: cb->nlh); |
1381 | struct inet_diag_req_v2 req; |
1382 | |
1383 | req.sdiag_family = AF_UNSPEC; /* compatibility */ |
1384 | req.sdiag_protocol = inet_diag_type2proto(type: cb->nlh->nlmsg_type); |
1385 | req.idiag_ext = rc->idiag_ext; |
1386 | req.idiag_states = rc->idiag_states; |
1387 | req.id = rc->id; |
1388 | |
1389 | return __inet_diag_dump(skb, cb, r: &req); |
1390 | } |
1391 | |
1392 | static int inet_diag_get_exact_compat(struct sk_buff *in_skb, |
1393 | const struct nlmsghdr *nlh) |
1394 | { |
1395 | struct inet_diag_req *rc = nlmsg_data(nlh); |
1396 | struct inet_diag_req_v2 req; |
1397 | |
1398 | req.sdiag_family = rc->idiag_family; |
1399 | req.sdiag_protocol = inet_diag_type2proto(type: nlh->nlmsg_type); |
1400 | req.idiag_ext = rc->idiag_ext; |
1401 | req.idiag_states = rc->idiag_states; |
1402 | req.id = rc->id; |
1403 | |
1404 | return inet_diag_cmd_exact(SOCK_DIAG_BY_FAMILY, in_skb, nlh, |
1405 | hdrlen: sizeof(struct inet_diag_req), req: &req); |
1406 | } |
1407 | |
1408 | static int inet_diag_rcv_msg_compat(struct sk_buff *skb, struct nlmsghdr *nlh) |
1409 | { |
1410 | int hdrlen = sizeof(struct inet_diag_req); |
1411 | struct net *net = sock_net(sk: skb->sk); |
1412 | |
1413 | if (nlh->nlmsg_type >= INET_DIAG_GETSOCK_MAX || |
1414 | nlmsg_len(nlh) < hdrlen) |
1415 | return -EINVAL; |
1416 | |
1417 | if (nlh->nlmsg_flags & NLM_F_DUMP) { |
1418 | struct netlink_dump_control c = { |
1419 | .start = inet_diag_dump_start_compat, |
1420 | .done = inet_diag_dump_done, |
1421 | .dump = inet_diag_dump_compat, |
1422 | }; |
1423 | return netlink_dump_start(ssk: net->diag_nlsk, skb, nlh, control: &c); |
1424 | } |
1425 | |
1426 | return inet_diag_get_exact_compat(in_skb: skb, nlh); |
1427 | } |
1428 | |
1429 | static int inet_diag_handler_cmd(struct sk_buff *skb, struct nlmsghdr *h) |
1430 | { |
1431 | int hdrlen = sizeof(struct inet_diag_req_v2); |
1432 | struct net *net = sock_net(sk: skb->sk); |
1433 | |
1434 | if (nlmsg_len(nlh: h) < hdrlen) |
1435 | return -EINVAL; |
1436 | |
1437 | if (h->nlmsg_type == SOCK_DIAG_BY_FAMILY && |
1438 | h->nlmsg_flags & NLM_F_DUMP) { |
1439 | struct netlink_dump_control c = { |
1440 | .start = inet_diag_dump_start, |
1441 | .done = inet_diag_dump_done, |
1442 | .dump = inet_diag_dump, |
1443 | }; |
1444 | return netlink_dump_start(ssk: net->diag_nlsk, skb, nlh: h, control: &c); |
1445 | } |
1446 | |
1447 | return inet_diag_cmd_exact(cmd: h->nlmsg_type, in_skb: skb, nlh: h, hdrlen, |
1448 | req: nlmsg_data(nlh: h)); |
1449 | } |
1450 | |
1451 | static |
1452 | int inet_diag_handler_get_info(struct sk_buff *skb, struct sock *sk) |
1453 | { |
1454 | const struct inet_diag_handler *handler; |
1455 | struct nlmsghdr *nlh; |
1456 | struct nlattr *attr; |
1457 | struct inet_diag_msg *r; |
1458 | void *info = NULL; |
1459 | int err = 0; |
1460 | |
1461 | nlh = nlmsg_put(skb, portid: 0, seq: 0, SOCK_DIAG_BY_FAMILY, payload: sizeof(*r), flags: 0); |
1462 | if (!nlh) |
1463 | return -ENOMEM; |
1464 | |
1465 | r = nlmsg_data(nlh); |
1466 | memset(r, 0, sizeof(*r)); |
1467 | inet_diag_msg_common_fill(r, sk); |
1468 | if (sk->sk_type == SOCK_DGRAM || sk->sk_type == SOCK_STREAM) |
1469 | r->id.idiag_sport = inet_sk(sk)->inet_sport; |
1470 | r->idiag_state = sk->sk_state; |
1471 | |
1472 | if ((err = nla_put_u8(skb, attrtype: INET_DIAG_PROTOCOL, value: sk->sk_protocol))) { |
1473 | nlmsg_cancel(skb, nlh); |
1474 | return err; |
1475 | } |
1476 | |
1477 | handler = inet_diag_lock_handler(proto: sk->sk_protocol); |
1478 | if (!handler) { |
1479 | nlmsg_cancel(skb, nlh); |
1480 | return -ENOENT; |
1481 | } |
1482 | |
1483 | attr = handler->idiag_info_size |
1484 | ? nla_reserve_64bit(skb, attrtype: INET_DIAG_INFO, |
1485 | attrlen: handler->idiag_info_size, |
1486 | padattr: INET_DIAG_PAD) |
1487 | : NULL; |
1488 | if (attr) |
1489 | info = nla_data(nla: attr); |
1490 | |
1491 | handler->idiag_get_info(sk, r, info); |
1492 | inet_diag_unlock_handler(handler); |
1493 | |
1494 | nlmsg_end(skb, nlh); |
1495 | return 0; |
1496 | } |
1497 | |
1498 | static const struct sock_diag_handler inet_diag_handler = { |
1499 | .owner = THIS_MODULE, |
1500 | .family = AF_INET, |
1501 | .dump = inet_diag_handler_cmd, |
1502 | .get_info = inet_diag_handler_get_info, |
1503 | .destroy = inet_diag_handler_cmd, |
1504 | }; |
1505 | |
1506 | static const struct sock_diag_handler inet6_diag_handler = { |
1507 | .owner = THIS_MODULE, |
1508 | .family = AF_INET6, |
1509 | .dump = inet_diag_handler_cmd, |
1510 | .get_info = inet_diag_handler_get_info, |
1511 | .destroy = inet_diag_handler_cmd, |
1512 | }; |
1513 | |
1514 | int inet_diag_register(const struct inet_diag_handler *h) |
1515 | { |
1516 | const __u16 type = h->idiag_type; |
1517 | |
1518 | if (type >= IPPROTO_MAX) |
1519 | return -EINVAL; |
1520 | |
1521 | return !cmpxchg((const struct inet_diag_handler **)&inet_diag_table[type], |
1522 | NULL, h) ? 0 : -EEXIST; |
1523 | } |
1524 | EXPORT_SYMBOL_GPL(inet_diag_register); |
1525 | |
1526 | void inet_diag_unregister(const struct inet_diag_handler *h) |
1527 | { |
1528 | const __u16 type = h->idiag_type; |
1529 | |
1530 | if (type >= IPPROTO_MAX) |
1531 | return; |
1532 | |
1533 | xchg((const struct inet_diag_handler **)&inet_diag_table[type], |
1534 | NULL); |
1535 | } |
1536 | EXPORT_SYMBOL_GPL(inet_diag_unregister); |
1537 | |
1538 | static const struct sock_diag_inet_compat inet_diag_compat = { |
1539 | .owner = THIS_MODULE, |
1540 | .fn = inet_diag_rcv_msg_compat, |
1541 | }; |
1542 | |
1543 | static int __init inet_diag_init(void) |
1544 | { |
1545 | const int inet_diag_table_size = (IPPROTO_MAX * |
1546 | sizeof(struct inet_diag_handler *)); |
1547 | int err = -ENOMEM; |
1548 | |
1549 | inet_diag_table = kzalloc(size: inet_diag_table_size, GFP_KERNEL); |
1550 | if (!inet_diag_table) |
1551 | goto out; |
1552 | |
1553 | err = sock_diag_register(h: &inet_diag_handler); |
1554 | if (err) |
1555 | goto out_free_nl; |
1556 | |
1557 | err = sock_diag_register(h: &inet6_diag_handler); |
1558 | if (err) |
1559 | goto out_free_inet; |
1560 | |
1561 | sock_diag_register_inet_compat(ptr: &inet_diag_compat); |
1562 | out: |
1563 | return err; |
1564 | |
1565 | out_free_inet: |
1566 | sock_diag_unregister(h: &inet_diag_handler); |
1567 | out_free_nl: |
1568 | kfree(objp: inet_diag_table); |
1569 | goto out; |
1570 | } |
1571 | |
1572 | static void __exit inet_diag_exit(void) |
1573 | { |
1574 | sock_diag_unregister(h: &inet6_diag_handler); |
1575 | sock_diag_unregister(h: &inet_diag_handler); |
1576 | sock_diag_unregister_inet_compat(ptr: &inet_diag_compat); |
1577 | kfree(objp: inet_diag_table); |
1578 | } |
1579 | |
1580 | module_init(inet_diag_init); |
1581 | module_exit(inet_diag_exit); |
1582 | MODULE_LICENSE("GPL" ); |
1583 | MODULE_DESCRIPTION("INET/INET6: socket monitoring via SOCK_DIAG" ); |
1584 | MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_NETLINK, NETLINK_SOCK_DIAG, 2 /* AF_INET */); |
1585 | MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_NETLINK, NETLINK_SOCK_DIAG, 10 /* AF_INET6 */); |
1586 | |