1 | // SPDX-License-Identifier: GPL-2.0-or-later |
2 | /* |
3 | * INET An implementation of the TCP/IP protocol suite for the LINUX |
4 | * operating system. INET is implemented using the BSD Socket |
5 | * interface as the means of communication with the user level. |
6 | * |
7 | * RAW - implementation of IP "raw" sockets. |
8 | * |
9 | * Authors: Ross Biro |
10 | * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG> |
11 | * |
12 | * Fixes: |
13 | * Alan Cox : verify_area() fixed up |
14 | * Alan Cox : ICMP error handling |
15 | * Alan Cox : EMSGSIZE if you send too big a packet |
16 | * Alan Cox : Now uses generic datagrams and shared |
17 | * skbuff library. No more peek crashes, |
18 | * no more backlogs |
19 | * Alan Cox : Checks sk->broadcast. |
20 | * Alan Cox : Uses skb_free_datagram/skb_copy_datagram |
21 | * Alan Cox : Raw passes ip options too |
22 | * Alan Cox : Setsocketopt added |
23 | * Alan Cox : Fixed error return for broadcasts |
24 | * Alan Cox : Removed wake_up calls |
25 | * Alan Cox : Use ttl/tos |
26 | * Alan Cox : Cleaned up old debugging |
27 | * Alan Cox : Use new kernel side addresses |
28 | * Arnt Gulbrandsen : Fixed MSG_DONTROUTE in raw sockets. |
29 | * Alan Cox : BSD style RAW socket demultiplexing. |
30 | * Alan Cox : Beginnings of mrouted support. |
31 | * Alan Cox : Added IP_HDRINCL option. |
32 | * Alan Cox : Skip broadcast check if BSDism set. |
33 | * David S. Miller : New socket lookup architecture. |
34 | */ |
35 | |
36 | #include <linux/types.h> |
37 | #include <linux/atomic.h> |
38 | #include <asm/byteorder.h> |
39 | #include <asm/current.h> |
40 | #include <linux/uaccess.h> |
41 | #include <asm/ioctls.h> |
42 | #include <linux/stddef.h> |
43 | #include <linux/slab.h> |
44 | #include <linux/errno.h> |
45 | #include <linux/kernel.h> |
46 | #include <linux/export.h> |
47 | #include <linux/spinlock.h> |
48 | #include <linux/sockios.h> |
49 | #include <linux/socket.h> |
50 | #include <linux/in.h> |
51 | #include <linux/mroute.h> |
52 | #include <linux/netdevice.h> |
53 | #include <linux/in_route.h> |
54 | #include <linux/route.h> |
55 | #include <linux/skbuff.h> |
56 | #include <linux/igmp.h> |
57 | #include <net/net_namespace.h> |
58 | #include <net/dst.h> |
59 | #include <net/sock.h> |
60 | #include <linux/ip.h> |
61 | #include <linux/net.h> |
62 | #include <net/ip.h> |
63 | #include <net/icmp.h> |
64 | #include <net/udp.h> |
65 | #include <net/raw.h> |
66 | #include <net/snmp.h> |
67 | #include <net/tcp_states.h> |
68 | #include <net/inet_common.h> |
69 | #include <net/checksum.h> |
70 | #include <net/xfrm.h> |
71 | #include <linux/rtnetlink.h> |
72 | #include <linux/proc_fs.h> |
73 | #include <linux/seq_file.h> |
74 | #include <linux/netfilter.h> |
75 | #include <linux/netfilter_ipv4.h> |
76 | #include <linux/compat.h> |
77 | #include <linux/uio.h> |
78 | |
79 | struct raw_frag_vec { |
80 | struct msghdr *msg; |
81 | union { |
82 | struct icmphdr icmph; |
83 | char c[1]; |
84 | } hdr; |
85 | int hlen; |
86 | }; |
87 | |
88 | struct raw_hashinfo raw_v4_hashinfo; |
89 | EXPORT_SYMBOL_GPL(raw_v4_hashinfo); |
90 | |
91 | int raw_hash_sk(struct sock *sk) |
92 | { |
93 | struct raw_hashinfo *h = sk->sk_prot->h.raw_hash; |
94 | struct hlist_head *hlist; |
95 | |
96 | hlist = &h->ht[raw_hashfunc(net: sock_net(sk), inet_sk(sk)->inet_num)]; |
97 | |
98 | spin_lock(lock: &h->lock); |
99 | sk_add_node_rcu(sk, list: hlist); |
100 | sock_set_flag(sk, flag: SOCK_RCU_FREE); |
101 | spin_unlock(lock: &h->lock); |
102 | sock_prot_inuse_add(net: sock_net(sk), prot: sk->sk_prot, val: 1); |
103 | |
104 | return 0; |
105 | } |
106 | EXPORT_SYMBOL_GPL(raw_hash_sk); |
107 | |
108 | void raw_unhash_sk(struct sock *sk) |
109 | { |
110 | struct raw_hashinfo *h = sk->sk_prot->h.raw_hash; |
111 | |
112 | spin_lock(lock: &h->lock); |
113 | if (sk_del_node_init_rcu(sk)) |
114 | sock_prot_inuse_add(net: sock_net(sk), prot: sk->sk_prot, val: -1); |
115 | spin_unlock(lock: &h->lock); |
116 | } |
117 | EXPORT_SYMBOL_GPL(raw_unhash_sk); |
118 | |
119 | bool raw_v4_match(struct net *net, const struct sock *sk, unsigned short num, |
120 | __be32 raddr, __be32 laddr, int dif, int sdif) |
121 | { |
122 | const struct inet_sock *inet = inet_sk(sk); |
123 | |
124 | if (net_eq(net1: sock_net(sk), net2: net) && inet->inet_num == num && |
125 | !(inet->inet_daddr && inet->inet_daddr != raddr) && |
126 | !(inet->inet_rcv_saddr && inet->inet_rcv_saddr != laddr) && |
127 | raw_sk_bound_dev_eq(net, bound_dev_if: sk->sk_bound_dev_if, dif, sdif)) |
128 | return true; |
129 | return false; |
130 | } |
131 | EXPORT_SYMBOL_GPL(raw_v4_match); |
132 | |
133 | /* |
134 | * 0 - deliver |
135 | * 1 - block |
136 | */ |
137 | static int icmp_filter(const struct sock *sk, const struct sk_buff *skb) |
138 | { |
139 | struct icmphdr _hdr; |
140 | const struct icmphdr *hdr; |
141 | |
142 | hdr = skb_header_pointer(skb, offset: skb_transport_offset(skb), |
143 | len: sizeof(_hdr), buffer: &_hdr); |
144 | if (!hdr) |
145 | return 1; |
146 | |
147 | if (hdr->type < 32) { |
148 | __u32 data = raw_sk(sk)->filter.data; |
149 | |
150 | return ((1U << hdr->type) & data) != 0; |
151 | } |
152 | |
153 | /* Do not block unknown ICMP types */ |
154 | return 0; |
155 | } |
156 | |
157 | /* IP input processing comes here for RAW socket delivery. |
158 | * Caller owns SKB, so we must make clones. |
159 | * |
160 | * RFC 1122: SHOULD pass TOS value up to the transport layer. |
161 | * -> It does. And not only TOS, but all IP header. |
162 | */ |
163 | static int raw_v4_input(struct net *net, struct sk_buff *skb, |
164 | const struct iphdr *iph, int hash) |
165 | { |
166 | int sdif = inet_sdif(skb); |
167 | struct hlist_head *hlist; |
168 | int dif = inet_iif(skb); |
169 | int delivered = 0; |
170 | struct sock *sk; |
171 | |
172 | hlist = &raw_v4_hashinfo.ht[hash]; |
173 | rcu_read_lock(); |
174 | sk_for_each_rcu(sk, hlist) { |
175 | if (!raw_v4_match(net, sk, iph->protocol, |
176 | iph->saddr, iph->daddr, dif, sdif)) |
177 | continue; |
178 | |
179 | if (atomic_read(v: &sk->sk_rmem_alloc) >= |
180 | READ_ONCE(sk->sk_rcvbuf)) { |
181 | atomic_inc(v: &sk->sk_drops); |
182 | continue; |
183 | } |
184 | |
185 | delivered = 1; |
186 | if ((iph->protocol != IPPROTO_ICMP || !icmp_filter(sk, skb)) && |
187 | ip_mc_sf_allow(sk, local: iph->daddr, rmt: iph->saddr, |
188 | dif: skb->dev->ifindex, sdif)) { |
189 | struct sk_buff *clone = skb_clone(skb, GFP_ATOMIC); |
190 | |
191 | /* Not releasing hash table! */ |
192 | if (clone) |
193 | raw_rcv(sk, clone); |
194 | } |
195 | } |
196 | rcu_read_unlock(); |
197 | return delivered; |
198 | } |
199 | |
200 | int raw_local_deliver(struct sk_buff *skb, int protocol) |
201 | { |
202 | struct net *net = dev_net(dev: skb->dev); |
203 | |
204 | return raw_v4_input(net, skb, iph: ip_hdr(skb), |
205 | hash: raw_hashfunc(net, proto: protocol)); |
206 | } |
207 | |
208 | static void raw_err(struct sock *sk, struct sk_buff *skb, u32 info) |
209 | { |
210 | struct inet_sock *inet = inet_sk(sk); |
211 | const int type = icmp_hdr(skb)->type; |
212 | const int code = icmp_hdr(skb)->code; |
213 | int harderr = 0; |
214 | bool recverr; |
215 | int err = 0; |
216 | |
217 | if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED) |
218 | ipv4_sk_update_pmtu(skb, sk, mtu: info); |
219 | else if (type == ICMP_REDIRECT) { |
220 | ipv4_sk_redirect(skb, sk); |
221 | return; |
222 | } |
223 | |
224 | /* Report error on raw socket, if: |
225 | 1. User requested ip_recverr. |
226 | 2. Socket is connected (otherwise the error indication |
227 | is useless without ip_recverr and error is hard. |
228 | */ |
229 | recverr = inet_test_bit(RECVERR, sk); |
230 | if (!recverr && sk->sk_state != TCP_ESTABLISHED) |
231 | return; |
232 | |
233 | switch (type) { |
234 | default: |
235 | case ICMP_TIME_EXCEEDED: |
236 | err = EHOSTUNREACH; |
237 | break; |
238 | case ICMP_SOURCE_QUENCH: |
239 | return; |
240 | case ICMP_PARAMETERPROB: |
241 | err = EPROTO; |
242 | harderr = 1; |
243 | break; |
244 | case ICMP_DEST_UNREACH: |
245 | err = EHOSTUNREACH; |
246 | if (code > NR_ICMP_UNREACH) |
247 | break; |
248 | if (code == ICMP_FRAG_NEEDED) { |
249 | harderr = READ_ONCE(inet->pmtudisc) != IP_PMTUDISC_DONT; |
250 | err = EMSGSIZE; |
251 | } else { |
252 | err = icmp_err_convert[code].errno; |
253 | harderr = icmp_err_convert[code].fatal; |
254 | } |
255 | } |
256 | |
257 | if (recverr) { |
258 | const struct iphdr *iph = (const struct iphdr *)skb->data; |
259 | u8 *payload = skb->data + (iph->ihl << 2); |
260 | |
261 | if (inet_test_bit(HDRINCL, sk)) |
262 | payload = skb->data; |
263 | ip_icmp_error(sk, skb, err, port: 0, info, payload); |
264 | } |
265 | |
266 | if (recverr || harderr) { |
267 | sk->sk_err = err; |
268 | sk_error_report(sk); |
269 | } |
270 | } |
271 | |
272 | void raw_icmp_error(struct sk_buff *skb, int protocol, u32 info) |
273 | { |
274 | struct net *net = dev_net(dev: skb->dev); |
275 | int dif = skb->dev->ifindex; |
276 | int sdif = inet_sdif(skb); |
277 | struct hlist_head *hlist; |
278 | const struct iphdr *iph; |
279 | struct sock *sk; |
280 | int hash; |
281 | |
282 | hash = raw_hashfunc(net, proto: protocol); |
283 | hlist = &raw_v4_hashinfo.ht[hash]; |
284 | |
285 | rcu_read_lock(); |
286 | sk_for_each_rcu(sk, hlist) { |
287 | iph = (const struct iphdr *)skb->data; |
288 | if (!raw_v4_match(net, sk, iph->protocol, |
289 | iph->daddr, iph->saddr, dif, sdif)) |
290 | continue; |
291 | raw_err(sk, skb, info); |
292 | } |
293 | rcu_read_unlock(); |
294 | } |
295 | |
296 | static int raw_rcv_skb(struct sock *sk, struct sk_buff *skb) |
297 | { |
298 | enum skb_drop_reason reason; |
299 | |
300 | /* Charge it to the socket. */ |
301 | |
302 | ipv4_pktinfo_prepare(sk, skb, drop_dst: true); |
303 | if (sock_queue_rcv_skb_reason(sk, skb, reason: &reason) < 0) { |
304 | kfree_skb_reason(skb, reason); |
305 | return NET_RX_DROP; |
306 | } |
307 | |
308 | return NET_RX_SUCCESS; |
309 | } |
310 | |
311 | int raw_rcv(struct sock *sk, struct sk_buff *skb) |
312 | { |
313 | if (!xfrm4_policy_check(sk, dir: XFRM_POLICY_IN, skb)) { |
314 | atomic_inc(v: &sk->sk_drops); |
315 | kfree_skb_reason(skb, reason: SKB_DROP_REASON_XFRM_POLICY); |
316 | return NET_RX_DROP; |
317 | } |
318 | nf_reset_ct(skb); |
319 | |
320 | skb_push(skb, len: -skb_network_offset(skb)); |
321 | |
322 | raw_rcv_skb(sk, skb); |
323 | return 0; |
324 | } |
325 | |
326 | static int raw_send_hdrinc(struct sock *sk, struct flowi4 *fl4, |
327 | struct msghdr *msg, size_t length, |
328 | struct rtable **rtp, unsigned int flags, |
329 | const struct sockcm_cookie *sockc) |
330 | { |
331 | struct inet_sock *inet = inet_sk(sk); |
332 | struct net *net = sock_net(sk); |
333 | struct iphdr *iph; |
334 | struct sk_buff *skb; |
335 | unsigned int iphlen; |
336 | int err; |
337 | struct rtable *rt = *rtp; |
338 | int hlen, tlen; |
339 | |
340 | if (length > rt->dst.dev->mtu) { |
341 | ip_local_error(sk, EMSGSIZE, daddr: fl4->daddr, dport: inet->inet_dport, |
342 | info: rt->dst.dev->mtu); |
343 | return -EMSGSIZE; |
344 | } |
345 | if (length < sizeof(struct iphdr)) |
346 | return -EINVAL; |
347 | |
348 | if (flags&MSG_PROBE) |
349 | goto out; |
350 | |
351 | hlen = LL_RESERVED_SPACE(rt->dst.dev); |
352 | tlen = rt->dst.dev->needed_tailroom; |
353 | skb = sock_alloc_send_skb(sk, |
354 | size: length + hlen + tlen + 15, |
355 | noblock: flags & MSG_DONTWAIT, errcode: &err); |
356 | if (!skb) |
357 | goto error; |
358 | skb_reserve(skb, len: hlen); |
359 | |
360 | skb->protocol = htons(ETH_P_IP); |
361 | skb->priority = READ_ONCE(sk->sk_priority); |
362 | skb->mark = sockc->mark; |
363 | skb->tstamp = sockc->transmit_time; |
364 | skb_dst_set(skb, dst: &rt->dst); |
365 | *rtp = NULL; |
366 | |
367 | skb_reset_network_header(skb); |
368 | iph = ip_hdr(skb); |
369 | skb_put(skb, len: length); |
370 | |
371 | skb->ip_summed = CHECKSUM_NONE; |
372 | |
373 | skb_setup_tx_timestamp(skb, tsflags: sockc->tsflags); |
374 | |
375 | if (flags & MSG_CONFIRM) |
376 | skb_set_dst_pending_confirm(skb, val: 1); |
377 | |
378 | skb->transport_header = skb->network_header; |
379 | err = -EFAULT; |
380 | if (memcpy_from_msg(data: iph, msg, len: length)) |
381 | goto error_free; |
382 | |
383 | iphlen = iph->ihl * 4; |
384 | |
385 | /* |
386 | * We don't want to modify the ip header, but we do need to |
387 | * be sure that it won't cause problems later along the network |
388 | * stack. Specifically we want to make sure that iph->ihl is a |
389 | * sane value. If ihl points beyond the length of the buffer passed |
390 | * in, reject the frame as invalid |
391 | */ |
392 | err = -EINVAL; |
393 | if (iphlen > length) |
394 | goto error_free; |
395 | |
396 | if (iphlen >= sizeof(*iph)) { |
397 | if (!iph->saddr) |
398 | iph->saddr = fl4->saddr; |
399 | iph->check = 0; |
400 | iph->tot_len = htons(length); |
401 | if (!iph->id) |
402 | ip_select_ident(net, skb, NULL); |
403 | |
404 | iph->check = ip_fast_csum(iph: (unsigned char *)iph, ihl: iph->ihl); |
405 | skb->transport_header += iphlen; |
406 | if (iph->protocol == IPPROTO_ICMP && |
407 | length >= iphlen + sizeof(struct icmphdr)) |
408 | icmp_out_count(net, type: ((struct icmphdr *) |
409 | skb_transport_header(skb))->type); |
410 | } |
411 | |
412 | err = NF_HOOK(pf: NFPROTO_IPV4, hook: NF_INET_LOCAL_OUT, |
413 | net, sk, skb, NULL, out: rt->dst.dev, |
414 | okfn: dst_output); |
415 | if (err > 0) |
416 | err = net_xmit_errno(err); |
417 | if (err) |
418 | goto error; |
419 | out: |
420 | return 0; |
421 | |
422 | error_free: |
423 | kfree_skb(skb); |
424 | error: |
425 | IP_INC_STATS(net, IPSTATS_MIB_OUTDISCARDS); |
426 | if (err == -ENOBUFS && !inet_test_bit(RECVERR, sk)) |
427 | err = 0; |
428 | return err; |
429 | } |
430 | |
431 | static int raw_probe_proto_opt(struct raw_frag_vec *rfv, struct flowi4 *fl4) |
432 | { |
433 | int err; |
434 | |
435 | if (fl4->flowi4_proto != IPPROTO_ICMP) |
436 | return 0; |
437 | |
438 | /* We only need the first two bytes. */ |
439 | rfv->hlen = 2; |
440 | |
441 | err = memcpy_from_msg(data: rfv->hdr.c, msg: rfv->msg, len: rfv->hlen); |
442 | if (err) |
443 | return err; |
444 | |
445 | fl4->fl4_icmp_type = rfv->hdr.icmph.type; |
446 | fl4->fl4_icmp_code = rfv->hdr.icmph.code; |
447 | |
448 | return 0; |
449 | } |
450 | |
451 | static int raw_getfrag(void *from, char *to, int offset, int len, int odd, |
452 | struct sk_buff *skb) |
453 | { |
454 | struct raw_frag_vec *rfv = from; |
455 | |
456 | if (offset < rfv->hlen) { |
457 | int copy = min(rfv->hlen - offset, len); |
458 | |
459 | if (skb->ip_summed == CHECKSUM_PARTIAL) |
460 | memcpy(to, rfv->hdr.c + offset, copy); |
461 | else |
462 | skb->csum = csum_block_add( |
463 | csum: skb->csum, |
464 | csum2: csum_partial_copy_nocheck(src: rfv->hdr.c + offset, |
465 | dst: to, len: copy), |
466 | offset: odd); |
467 | |
468 | odd = 0; |
469 | offset += copy; |
470 | to += copy; |
471 | len -= copy; |
472 | |
473 | if (!len) |
474 | return 0; |
475 | } |
476 | |
477 | offset -= rfv->hlen; |
478 | |
479 | return ip_generic_getfrag(from: rfv->msg, to, offset, len, odd, skb); |
480 | } |
481 | |
482 | static int raw_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) |
483 | { |
484 | struct inet_sock *inet = inet_sk(sk); |
485 | struct net *net = sock_net(sk); |
486 | struct ipcm_cookie ipc; |
487 | struct rtable *rt = NULL; |
488 | struct flowi4 fl4; |
489 | u8 tos, scope; |
490 | int free = 0; |
491 | __be32 daddr; |
492 | __be32 saddr; |
493 | int uc_index, err; |
494 | struct ip_options_data opt_copy; |
495 | struct raw_frag_vec rfv; |
496 | int hdrincl; |
497 | |
498 | err = -EMSGSIZE; |
499 | if (len > 0xFFFF) |
500 | goto out; |
501 | |
502 | hdrincl = inet_test_bit(HDRINCL, sk); |
503 | |
504 | /* |
505 | * Check the flags. |
506 | */ |
507 | |
508 | err = -EOPNOTSUPP; |
509 | if (msg->msg_flags & MSG_OOB) /* Mirror BSD error message */ |
510 | goto out; /* compatibility */ |
511 | |
512 | /* |
513 | * Get and verify the address. |
514 | */ |
515 | |
516 | if (msg->msg_namelen) { |
517 | DECLARE_SOCKADDR(struct sockaddr_in *, usin, msg->msg_name); |
518 | err = -EINVAL; |
519 | if (msg->msg_namelen < sizeof(*usin)) |
520 | goto out; |
521 | if (usin->sin_family != AF_INET) { |
522 | pr_info_once("%s: %s forgot to set AF_INET. Fix it!\n" , |
523 | __func__, current->comm); |
524 | err = -EAFNOSUPPORT; |
525 | if (usin->sin_family) |
526 | goto out; |
527 | } |
528 | daddr = usin->sin_addr.s_addr; |
529 | /* ANK: I did not forget to get protocol from port field. |
530 | * I just do not know, who uses this weirdness. |
531 | * IP_HDRINCL is much more convenient. |
532 | */ |
533 | } else { |
534 | err = -EDESTADDRREQ; |
535 | if (sk->sk_state != TCP_ESTABLISHED) |
536 | goto out; |
537 | daddr = inet->inet_daddr; |
538 | } |
539 | |
540 | ipcm_init_sk(ipcm: &ipc, inet); |
541 | /* Keep backward compat */ |
542 | if (hdrincl) |
543 | ipc.protocol = IPPROTO_RAW; |
544 | |
545 | if (msg->msg_controllen) { |
546 | err = ip_cmsg_send(sk, msg, ipc: &ipc, allow_ipv6: false); |
547 | if (unlikely(err)) { |
548 | kfree(objp: ipc.opt); |
549 | goto out; |
550 | } |
551 | if (ipc.opt) |
552 | free = 1; |
553 | } |
554 | |
555 | saddr = ipc.addr; |
556 | ipc.addr = daddr; |
557 | |
558 | if (!ipc.opt) { |
559 | struct ip_options_rcu *inet_opt; |
560 | |
561 | rcu_read_lock(); |
562 | inet_opt = rcu_dereference(inet->inet_opt); |
563 | if (inet_opt) { |
564 | memcpy(&opt_copy, inet_opt, |
565 | sizeof(*inet_opt) + inet_opt->opt.optlen); |
566 | ipc.opt = &opt_copy.opt; |
567 | } |
568 | rcu_read_unlock(); |
569 | } |
570 | |
571 | if (ipc.opt) { |
572 | err = -EINVAL; |
573 | /* Linux does not mangle headers on raw sockets, |
574 | * so that IP options + IP_HDRINCL is non-sense. |
575 | */ |
576 | if (hdrincl) |
577 | goto done; |
578 | if (ipc.opt->opt.srr) { |
579 | if (!daddr) |
580 | goto done; |
581 | daddr = ipc.opt->opt.faddr; |
582 | } |
583 | } |
584 | tos = get_rttos(ipc: &ipc, inet); |
585 | scope = ip_sendmsg_scope(inet, ipc: &ipc, msg); |
586 | |
587 | uc_index = READ_ONCE(inet->uc_index); |
588 | if (ipv4_is_multicast(addr: daddr)) { |
589 | if (!ipc.oif || netif_index_is_l3_master(net: sock_net(sk), ifindex: ipc.oif)) |
590 | ipc.oif = READ_ONCE(inet->mc_index); |
591 | if (!saddr) |
592 | saddr = READ_ONCE(inet->mc_addr); |
593 | } else if (!ipc.oif) { |
594 | ipc.oif = uc_index; |
595 | } else if (ipv4_is_lbcast(addr: daddr) && uc_index) { |
596 | /* oif is set, packet is to local broadcast |
597 | * and uc_index is set. oif is most likely set |
598 | * by sk_bound_dev_if. If uc_index != oif check if the |
599 | * oif is an L3 master and uc_index is an L3 slave. |
600 | * If so, we want to allow the send using the uc_index. |
601 | */ |
602 | if (ipc.oif != uc_index && |
603 | ipc.oif == l3mdev_master_ifindex_by_index(net: sock_net(sk), |
604 | ifindex: uc_index)) { |
605 | ipc.oif = uc_index; |
606 | } |
607 | } |
608 | |
609 | flowi4_init_output(fl4: &fl4, oif: ipc.oif, mark: ipc.sockc.mark, tos, scope, |
610 | proto: hdrincl ? ipc.protocol : sk->sk_protocol, |
611 | flags: inet_sk_flowi_flags(sk) | |
612 | (hdrincl ? FLOWI_FLAG_KNOWN_NH : 0), |
613 | daddr, saddr, dport: 0, sport: 0, uid: sk->sk_uid); |
614 | |
615 | if (!hdrincl) { |
616 | rfv.msg = msg; |
617 | rfv.hlen = 0; |
618 | |
619 | err = raw_probe_proto_opt(rfv: &rfv, fl4: &fl4); |
620 | if (err) |
621 | goto done; |
622 | } |
623 | |
624 | security_sk_classify_flow(sk, flic: flowi4_to_flowi_common(fl4: &fl4)); |
625 | rt = ip_route_output_flow(net, flp: &fl4, sk); |
626 | if (IS_ERR(ptr: rt)) { |
627 | err = PTR_ERR(ptr: rt); |
628 | rt = NULL; |
629 | goto done; |
630 | } |
631 | |
632 | err = -EACCES; |
633 | if (rt->rt_flags & RTCF_BROADCAST && !sock_flag(sk, flag: SOCK_BROADCAST)) |
634 | goto done; |
635 | |
636 | if (msg->msg_flags & MSG_CONFIRM) |
637 | goto do_confirm; |
638 | back_from_confirm: |
639 | |
640 | if (hdrincl) |
641 | err = raw_send_hdrinc(sk, fl4: &fl4, msg, length: len, |
642 | rtp: &rt, flags: msg->msg_flags, sockc: &ipc.sockc); |
643 | |
644 | else { |
645 | if (!ipc.addr) |
646 | ipc.addr = fl4.daddr; |
647 | lock_sock(sk); |
648 | err = ip_append_data(sk, fl4: &fl4, getfrag: raw_getfrag, |
649 | from: &rfv, len, protolen: 0, |
650 | ipc: &ipc, rt: &rt, flags: msg->msg_flags); |
651 | if (err) |
652 | ip_flush_pending_frames(sk); |
653 | else if (!(msg->msg_flags & MSG_MORE)) { |
654 | err = ip_push_pending_frames(sk, fl4: &fl4); |
655 | if (err == -ENOBUFS && !inet_test_bit(RECVERR, sk)) |
656 | err = 0; |
657 | } |
658 | release_sock(sk); |
659 | } |
660 | done: |
661 | if (free) |
662 | kfree(objp: ipc.opt); |
663 | ip_rt_put(rt); |
664 | |
665 | out: |
666 | if (err < 0) |
667 | return err; |
668 | return len; |
669 | |
670 | do_confirm: |
671 | if (msg->msg_flags & MSG_PROBE) |
672 | dst_confirm_neigh(dst: &rt->dst, daddr: &fl4.daddr); |
673 | if (!(msg->msg_flags & MSG_PROBE) || len) |
674 | goto back_from_confirm; |
675 | err = 0; |
676 | goto done; |
677 | } |
678 | |
679 | static void raw_close(struct sock *sk, long timeout) |
680 | { |
681 | /* |
682 | * Raw sockets may have direct kernel references. Kill them. |
683 | */ |
684 | ip_ra_control(sk, on: 0, NULL); |
685 | |
686 | sk_common_release(sk); |
687 | } |
688 | |
689 | static void raw_destroy(struct sock *sk) |
690 | { |
691 | lock_sock(sk); |
692 | ip_flush_pending_frames(sk); |
693 | release_sock(sk); |
694 | } |
695 | |
696 | /* This gets rid of all the nasties in af_inet. -DaveM */ |
697 | static int raw_bind(struct sock *sk, struct sockaddr *uaddr, int addr_len) |
698 | { |
699 | struct inet_sock *inet = inet_sk(sk); |
700 | struct sockaddr_in *addr = (struct sockaddr_in *) uaddr; |
701 | struct net *net = sock_net(sk); |
702 | u32 tb_id = RT_TABLE_LOCAL; |
703 | int ret = -EINVAL; |
704 | int chk_addr_ret; |
705 | |
706 | lock_sock(sk); |
707 | if (sk->sk_state != TCP_CLOSE || addr_len < sizeof(struct sockaddr_in)) |
708 | goto out; |
709 | |
710 | if (sk->sk_bound_dev_if) |
711 | tb_id = l3mdev_fib_table_by_index(net, |
712 | ifindex: sk->sk_bound_dev_if) ? : tb_id; |
713 | |
714 | chk_addr_ret = inet_addr_type_table(net, addr: addr->sin_addr.s_addr, tb_id); |
715 | |
716 | ret = -EADDRNOTAVAIL; |
717 | if (!inet_addr_valid_or_nonlocal(net, inet, addr: addr->sin_addr.s_addr, |
718 | addr_type: chk_addr_ret)) |
719 | goto out; |
720 | |
721 | inet->inet_rcv_saddr = inet->inet_saddr = addr->sin_addr.s_addr; |
722 | if (chk_addr_ret == RTN_MULTICAST || chk_addr_ret == RTN_BROADCAST) |
723 | inet->inet_saddr = 0; /* Use device */ |
724 | sk_dst_reset(sk); |
725 | ret = 0; |
726 | out: |
727 | release_sock(sk); |
728 | return ret; |
729 | } |
730 | |
731 | /* |
732 | * This should be easy, if there is something there |
733 | * we return it, otherwise we block. |
734 | */ |
735 | |
736 | static int raw_recvmsg(struct sock *sk, struct msghdr *msg, size_t len, |
737 | int flags, int *addr_len) |
738 | { |
739 | struct inet_sock *inet = inet_sk(sk); |
740 | size_t copied = 0; |
741 | int err = -EOPNOTSUPP; |
742 | DECLARE_SOCKADDR(struct sockaddr_in *, sin, msg->msg_name); |
743 | struct sk_buff *skb; |
744 | |
745 | if (flags & MSG_OOB) |
746 | goto out; |
747 | |
748 | if (flags & MSG_ERRQUEUE) { |
749 | err = ip_recv_error(sk, msg, len, addr_len); |
750 | goto out; |
751 | } |
752 | |
753 | skb = skb_recv_datagram(sk, flags, err: &err); |
754 | if (!skb) |
755 | goto out; |
756 | |
757 | copied = skb->len; |
758 | if (len < copied) { |
759 | msg->msg_flags |= MSG_TRUNC; |
760 | copied = len; |
761 | } |
762 | |
763 | err = skb_copy_datagram_msg(from: skb, offset: 0, msg, size: copied); |
764 | if (err) |
765 | goto done; |
766 | |
767 | sock_recv_cmsgs(msg, sk, skb); |
768 | |
769 | /* Copy the address. */ |
770 | if (sin) { |
771 | sin->sin_family = AF_INET; |
772 | sin->sin_addr.s_addr = ip_hdr(skb)->saddr; |
773 | sin->sin_port = 0; |
774 | memset(&sin->sin_zero, 0, sizeof(sin->sin_zero)); |
775 | *addr_len = sizeof(*sin); |
776 | } |
777 | if (inet_cmsg_flags(inet)) |
778 | ip_cmsg_recv(msg, skb); |
779 | if (flags & MSG_TRUNC) |
780 | copied = skb->len; |
781 | done: |
782 | skb_free_datagram(sk, skb); |
783 | out: |
784 | if (err) |
785 | return err; |
786 | return copied; |
787 | } |
788 | |
789 | static int raw_sk_init(struct sock *sk) |
790 | { |
791 | struct raw_sock *rp = raw_sk(sk); |
792 | |
793 | if (inet_sk(sk)->inet_num == IPPROTO_ICMP) |
794 | memset(&rp->filter, 0, sizeof(rp->filter)); |
795 | return 0; |
796 | } |
797 | |
798 | static int raw_seticmpfilter(struct sock *sk, sockptr_t optval, int optlen) |
799 | { |
800 | if (optlen > sizeof(struct icmp_filter)) |
801 | optlen = sizeof(struct icmp_filter); |
802 | if (copy_from_sockptr(dst: &raw_sk(sk)->filter, src: optval, size: optlen)) |
803 | return -EFAULT; |
804 | return 0; |
805 | } |
806 | |
807 | static int raw_geticmpfilter(struct sock *sk, char __user *optval, int __user *optlen) |
808 | { |
809 | int len, ret = -EFAULT; |
810 | |
811 | if (get_user(len, optlen)) |
812 | goto out; |
813 | ret = -EINVAL; |
814 | if (len < 0) |
815 | goto out; |
816 | if (len > sizeof(struct icmp_filter)) |
817 | len = sizeof(struct icmp_filter); |
818 | ret = -EFAULT; |
819 | if (put_user(len, optlen) || |
820 | copy_to_user(to: optval, from: &raw_sk(sk)->filter, n: len)) |
821 | goto out; |
822 | ret = 0; |
823 | out: return ret; |
824 | } |
825 | |
826 | static int do_raw_setsockopt(struct sock *sk, int optname, |
827 | sockptr_t optval, unsigned int optlen) |
828 | { |
829 | if (optname == ICMP_FILTER) { |
830 | if (inet_sk(sk)->inet_num != IPPROTO_ICMP) |
831 | return -EOPNOTSUPP; |
832 | else |
833 | return raw_seticmpfilter(sk, optval, optlen); |
834 | } |
835 | return -ENOPROTOOPT; |
836 | } |
837 | |
838 | static int raw_setsockopt(struct sock *sk, int level, int optname, |
839 | sockptr_t optval, unsigned int optlen) |
840 | { |
841 | if (level != SOL_RAW) |
842 | return ip_setsockopt(sk, level, optname, optval, optlen); |
843 | return do_raw_setsockopt(sk, optname, optval, optlen); |
844 | } |
845 | |
846 | static int do_raw_getsockopt(struct sock *sk, int optname, |
847 | char __user *optval, int __user *optlen) |
848 | { |
849 | if (optname == ICMP_FILTER) { |
850 | if (inet_sk(sk)->inet_num != IPPROTO_ICMP) |
851 | return -EOPNOTSUPP; |
852 | else |
853 | return raw_geticmpfilter(sk, optval, optlen); |
854 | } |
855 | return -ENOPROTOOPT; |
856 | } |
857 | |
858 | static int raw_getsockopt(struct sock *sk, int level, int optname, |
859 | char __user *optval, int __user *optlen) |
860 | { |
861 | if (level != SOL_RAW) |
862 | return ip_getsockopt(sk, level, optname, optval, optlen); |
863 | return do_raw_getsockopt(sk, optname, optval, optlen); |
864 | } |
865 | |
866 | static int raw_ioctl(struct sock *sk, int cmd, int *karg) |
867 | { |
868 | switch (cmd) { |
869 | case SIOCOUTQ: { |
870 | *karg = sk_wmem_alloc_get(sk); |
871 | return 0; |
872 | } |
873 | case SIOCINQ: { |
874 | struct sk_buff *skb; |
875 | |
876 | spin_lock_bh(lock: &sk->sk_receive_queue.lock); |
877 | skb = skb_peek(list_: &sk->sk_receive_queue); |
878 | if (skb) |
879 | *karg = skb->len; |
880 | else |
881 | *karg = 0; |
882 | spin_unlock_bh(lock: &sk->sk_receive_queue.lock); |
883 | return 0; |
884 | } |
885 | |
886 | default: |
887 | #ifdef CONFIG_IP_MROUTE |
888 | return ipmr_ioctl(sk, cmd, arg: karg); |
889 | #else |
890 | return -ENOIOCTLCMD; |
891 | #endif |
892 | } |
893 | } |
894 | |
895 | #ifdef CONFIG_COMPAT |
896 | static int compat_raw_ioctl(struct sock *sk, unsigned int cmd, unsigned long arg) |
897 | { |
898 | switch (cmd) { |
899 | case SIOCOUTQ: |
900 | case SIOCINQ: |
901 | return -ENOIOCTLCMD; |
902 | default: |
903 | #ifdef CONFIG_IP_MROUTE |
904 | return ipmr_compat_ioctl(sk, cmd, arg: compat_ptr(uptr: arg)); |
905 | #else |
906 | return -ENOIOCTLCMD; |
907 | #endif |
908 | } |
909 | } |
910 | #endif |
911 | |
912 | int raw_abort(struct sock *sk, int err) |
913 | { |
914 | lock_sock(sk); |
915 | |
916 | sk->sk_err = err; |
917 | sk_error_report(sk); |
918 | __udp_disconnect(sk, flags: 0); |
919 | |
920 | release_sock(sk); |
921 | |
922 | return 0; |
923 | } |
924 | EXPORT_SYMBOL_GPL(raw_abort); |
925 | |
926 | struct proto raw_prot = { |
927 | .name = "RAW" , |
928 | .owner = THIS_MODULE, |
929 | .close = raw_close, |
930 | .destroy = raw_destroy, |
931 | .connect = ip4_datagram_connect, |
932 | .disconnect = __udp_disconnect, |
933 | .ioctl = raw_ioctl, |
934 | .init = raw_sk_init, |
935 | .setsockopt = raw_setsockopt, |
936 | .getsockopt = raw_getsockopt, |
937 | .sendmsg = raw_sendmsg, |
938 | .recvmsg = raw_recvmsg, |
939 | .bind = raw_bind, |
940 | .backlog_rcv = raw_rcv_skb, |
941 | .release_cb = ip4_datagram_release_cb, |
942 | .hash = raw_hash_sk, |
943 | .unhash = raw_unhash_sk, |
944 | .obj_size = sizeof(struct raw_sock), |
945 | .useroffset = offsetof(struct raw_sock, filter), |
946 | .usersize = sizeof_field(struct raw_sock, filter), |
947 | .h.raw_hash = &raw_v4_hashinfo, |
948 | #ifdef CONFIG_COMPAT |
949 | .compat_ioctl = compat_raw_ioctl, |
950 | #endif |
951 | .diag_destroy = raw_abort, |
952 | }; |
953 | |
954 | #ifdef CONFIG_PROC_FS |
955 | static struct sock *raw_get_first(struct seq_file *seq, int bucket) |
956 | { |
957 | struct raw_hashinfo *h = pde_data(inode: file_inode(f: seq->file)); |
958 | struct raw_iter_state *state = raw_seq_private(seq); |
959 | struct hlist_head *hlist; |
960 | struct sock *sk; |
961 | |
962 | for (state->bucket = bucket; state->bucket < RAW_HTABLE_SIZE; |
963 | ++state->bucket) { |
964 | hlist = &h->ht[state->bucket]; |
965 | sk_for_each(sk, hlist) { |
966 | if (sock_net(sk) == seq_file_net(seq)) |
967 | return sk; |
968 | } |
969 | } |
970 | return NULL; |
971 | } |
972 | |
973 | static struct sock *raw_get_next(struct seq_file *seq, struct sock *sk) |
974 | { |
975 | struct raw_iter_state *state = raw_seq_private(seq); |
976 | |
977 | do { |
978 | sk = sk_next(sk); |
979 | } while (sk && sock_net(sk) != seq_file_net(seq)); |
980 | |
981 | if (!sk) |
982 | return raw_get_first(seq, bucket: state->bucket + 1); |
983 | return sk; |
984 | } |
985 | |
986 | static struct sock *raw_get_idx(struct seq_file *seq, loff_t pos) |
987 | { |
988 | struct sock *sk = raw_get_first(seq, bucket: 0); |
989 | |
990 | if (sk) |
991 | while (pos && (sk = raw_get_next(seq, sk)) != NULL) |
992 | --pos; |
993 | return pos ? NULL : sk; |
994 | } |
995 | |
996 | void *raw_seq_start(struct seq_file *seq, loff_t *pos) |
997 | __acquires(&h->lock) |
998 | { |
999 | struct raw_hashinfo *h = pde_data(inode: file_inode(f: seq->file)); |
1000 | |
1001 | spin_lock(lock: &h->lock); |
1002 | |
1003 | return *pos ? raw_get_idx(seq, pos: *pos - 1) : SEQ_START_TOKEN; |
1004 | } |
1005 | EXPORT_SYMBOL_GPL(raw_seq_start); |
1006 | |
1007 | void *raw_seq_next(struct seq_file *seq, void *v, loff_t *pos) |
1008 | { |
1009 | struct sock *sk; |
1010 | |
1011 | if (v == SEQ_START_TOKEN) |
1012 | sk = raw_get_first(seq, bucket: 0); |
1013 | else |
1014 | sk = raw_get_next(seq, sk: v); |
1015 | ++*pos; |
1016 | return sk; |
1017 | } |
1018 | EXPORT_SYMBOL_GPL(raw_seq_next); |
1019 | |
1020 | void raw_seq_stop(struct seq_file *seq, void *v) |
1021 | __releases(&h->lock) |
1022 | { |
1023 | struct raw_hashinfo *h = pde_data(inode: file_inode(f: seq->file)); |
1024 | |
1025 | spin_unlock(lock: &h->lock); |
1026 | } |
1027 | EXPORT_SYMBOL_GPL(raw_seq_stop); |
1028 | |
1029 | static void raw_sock_seq_show(struct seq_file *seq, struct sock *sp, int i) |
1030 | { |
1031 | struct inet_sock *inet = inet_sk(sp); |
1032 | __be32 dest = inet->inet_daddr, |
1033 | src = inet->inet_rcv_saddr; |
1034 | __u16 destp = 0, |
1035 | srcp = inet->inet_num; |
1036 | |
1037 | seq_printf(m: seq, fmt: "%4d: %08X:%04X %08X:%04X" |
1038 | " %02X %08X:%08X %02X:%08lX %08X %5u %8d %lu %d %pK %u\n" , |
1039 | i, src, srcp, dest, destp, sp->sk_state, |
1040 | sk_wmem_alloc_get(sk: sp), |
1041 | sk_rmem_alloc_get(sk: sp), |
1042 | 0, 0L, 0, |
1043 | from_kuid_munged(to: seq_user_ns(seq), uid: sock_i_uid(sk: sp)), |
1044 | 0, sock_i_ino(sk: sp), |
1045 | refcount_read(r: &sp->sk_refcnt), sp, atomic_read(v: &sp->sk_drops)); |
1046 | } |
1047 | |
1048 | static int raw_seq_show(struct seq_file *seq, void *v) |
1049 | { |
1050 | if (v == SEQ_START_TOKEN) |
1051 | seq_printf(m: seq, fmt: " sl local_address rem_address st tx_queue " |
1052 | "rx_queue tr tm->when retrnsmt uid timeout " |
1053 | "inode ref pointer drops\n" ); |
1054 | else |
1055 | raw_sock_seq_show(seq, sp: v, i: raw_seq_private(seq)->bucket); |
1056 | return 0; |
1057 | } |
1058 | |
1059 | static const struct seq_operations raw_seq_ops = { |
1060 | .start = raw_seq_start, |
1061 | .next = raw_seq_next, |
1062 | .stop = raw_seq_stop, |
1063 | .show = raw_seq_show, |
1064 | }; |
1065 | |
1066 | static __net_init int raw_init_net(struct net *net) |
1067 | { |
1068 | if (!proc_create_net_data(name: "raw" , mode: 0444, parent: net->proc_net, ops: &raw_seq_ops, |
1069 | state_size: sizeof(struct raw_iter_state), data: &raw_v4_hashinfo)) |
1070 | return -ENOMEM; |
1071 | |
1072 | return 0; |
1073 | } |
1074 | |
1075 | static __net_exit void raw_exit_net(struct net *net) |
1076 | { |
1077 | remove_proc_entry("raw" , net->proc_net); |
1078 | } |
1079 | |
1080 | static __net_initdata struct pernet_operations raw_net_ops = { |
1081 | .init = raw_init_net, |
1082 | .exit = raw_exit_net, |
1083 | }; |
1084 | |
1085 | int __init raw_proc_init(void) |
1086 | { |
1087 | |
1088 | return register_pernet_subsys(&raw_net_ops); |
1089 | } |
1090 | |
1091 | void __init raw_proc_exit(void) |
1092 | { |
1093 | unregister_pernet_subsys(&raw_net_ops); |
1094 | } |
1095 | #endif /* CONFIG_PROC_FS */ |
1096 | |
1097 | static void raw_sysctl_init_net(struct net *net) |
1098 | { |
1099 | #ifdef CONFIG_NET_L3_MASTER_DEV |
1100 | net->ipv4.sysctl_raw_l3mdev_accept = 1; |
1101 | #endif |
1102 | } |
1103 | |
1104 | static int __net_init raw_sysctl_init(struct net *net) |
1105 | { |
1106 | raw_sysctl_init_net(net); |
1107 | return 0; |
1108 | } |
1109 | |
1110 | static struct pernet_operations __net_initdata raw_sysctl_ops = { |
1111 | .init = raw_sysctl_init, |
1112 | }; |
1113 | |
1114 | void __init raw_init(void) |
1115 | { |
1116 | raw_sysctl_init_net(net: &init_net); |
1117 | if (register_pernet_subsys(&raw_sysctl_ops)) |
1118 | panic(fmt: "RAW: failed to init sysctl parameters.\n" ); |
1119 | } |
1120 | |