1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * INET An implementation of the TCP/IP protocol suite for the LINUX 4 * operating system. INET is implemented using the BSD Socket 5 * interface as the means of communication with the user level. 6 * 7 * RAW - implementation of IP "raw" sockets. 8 * 9 * Authors: Ross Biro 10 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG> 11 * 12 * Fixes: 13 * Alan Cox : verify_area() fixed up 14 * Alan Cox : ICMP error handling 15 * Alan Cox : EMSGSIZE if you send too big a packet 16 * Alan Cox : Now uses generic datagrams and shared 17 * skbuff library. No more peek crashes, 18 * no more backlogs 19 * Alan Cox : Checks sk->broadcast. 20 * Alan Cox : Uses skb_free_datagram/skb_copy_datagram 21 * Alan Cox : Raw passes ip options too 22 * Alan Cox : Setsocketopt added 23 * Alan Cox : Fixed error return for broadcasts 24 * Alan Cox : Removed wake_up calls 25 * Alan Cox : Use ttl/tos 26 * Alan Cox : Cleaned up old debugging 27 * Alan Cox : Use new kernel side addresses 28 * Arnt Gulbrandsen : Fixed MSG_DONTROUTE in raw sockets. 29 * Alan Cox : BSD style RAW socket demultiplexing. 30 * Alan Cox : Beginnings of mrouted support. 31 * Alan Cox : Added IP_HDRINCL option. 32 * Alan Cox : Skip broadcast check if BSDism set. 33 * David S. Miller : New socket lookup architecture. 34 */ 35 36 #include <linux/types.h> 37 #include <linux/atomic.h> 38 #include <asm/byteorder.h> 39 #include <asm/current.h> 40 #include <linux/uaccess.h> 41 #include <asm/ioctls.h> 42 #include <linux/stddef.h> 43 #include <linux/slab.h> 44 #include <linux/errno.h> 45 #include <linux/kernel.h> 46 #include <linux/export.h> 47 #include <linux/spinlock.h> 48 #include <linux/sockios.h> 49 #include <linux/socket.h> 50 #include <linux/in.h> 51 #include <linux/mroute.h> 52 #include <linux/netdevice.h> 53 #include <linux/in_route.h> 54 #include <linux/route.h> 55 #include <linux/skbuff.h> 56 #include <linux/igmp.h> 57 #include <net/net_namespace.h> 58 #include <net/dst.h> 59 #include <net/sock.h> 60 #include <linux/ip.h> 61 #include <linux/net.h> 62 #include <net/ip.h> 63 #include <net/icmp.h> 64 #include <net/udp.h> 65 #include <net/raw.h> 66 #include <net/snmp.h> 67 #include <net/tcp_states.h> 68 #include <net/inet_common.h> 69 #include <net/checksum.h> 70 #include <net/xfrm.h> 71 #include <linux/rtnetlink.h> 72 #include <linux/proc_fs.h> 73 #include <linux/seq_file.h> 74 #include <linux/netfilter.h> 75 #include <linux/netfilter_ipv4.h> 76 #include <linux/compat.h> 77 #include <linux/uio.h> 78 79 struct raw_frag_vec { 80 struct msghdr *msg; 81 union { 82 struct icmphdr icmph; 83 char c[1]; 84 } hdr; 85 int hlen; 86 }; 87 88 struct raw_hashinfo raw_v4_hashinfo; 89 EXPORT_SYMBOL_GPL(raw_v4_hashinfo); 90 raw_hash_sk(struct sock * sk)91 int raw_hash_sk(struct sock *sk) 92 { 93 struct raw_hashinfo *h = sk->sk_prot->h.raw_hash; 94 struct hlist_head *hlist; 95 96 hlist = &h->ht[raw_hashfunc(sock_net(sk), inet_sk(sk)->inet_num)]; 97 98 spin_lock(&h->lock); 99 sk_add_node_rcu(sk, hlist); 100 sock_set_flag(sk, SOCK_RCU_FREE); 101 spin_unlock(&h->lock); 102 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1); 103 104 return 0; 105 } 106 EXPORT_SYMBOL_GPL(raw_hash_sk); 107 raw_unhash_sk(struct sock * sk)108 void raw_unhash_sk(struct sock *sk) 109 { 110 struct raw_hashinfo *h = sk->sk_prot->h.raw_hash; 111 112 spin_lock(&h->lock); 113 if (sk_del_node_init_rcu(sk)) 114 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, -1); 115 spin_unlock(&h->lock); 116 } 117 EXPORT_SYMBOL_GPL(raw_unhash_sk); 118 raw_v4_match(struct net * net,const struct sock * sk,unsigned short num,__be32 raddr,__be32 laddr,int dif,int sdif)119 bool raw_v4_match(struct net *net, const struct sock *sk, unsigned short num, 120 __be32 raddr, __be32 laddr, int dif, int sdif) 121 { 122 const struct inet_sock *inet = inet_sk(sk); 123 124 if (net_eq(sock_net(sk), net) && inet->inet_num == num && 125 !(inet->inet_daddr && inet->inet_daddr != raddr) && 126 !(inet->inet_rcv_saddr && inet->inet_rcv_saddr != laddr) && 127 raw_sk_bound_dev_eq(net, sk->sk_bound_dev_if, dif, sdif)) 128 return true; 129 return false; 130 } 131 EXPORT_SYMBOL_GPL(raw_v4_match); 132 133 /* 134 * 0 - deliver 135 * 1 - block 136 */ icmp_filter(const struct sock * sk,const struct sk_buff * skb)137 static int icmp_filter(const struct sock *sk, const struct sk_buff *skb) 138 { 139 struct icmphdr _hdr; 140 const struct icmphdr *hdr; 141 142 hdr = skb_header_pointer(skb, skb_transport_offset(skb), 143 sizeof(_hdr), &_hdr); 144 if (!hdr) 145 return 1; 146 147 if (hdr->type < 32) { 148 __u32 data = raw_sk(sk)->filter.data; 149 150 return ((1U << hdr->type) & data) != 0; 151 } 152 153 /* Do not block unknown ICMP types */ 154 return 0; 155 } 156 157 /* IP input processing comes here for RAW socket delivery. 158 * Caller owns SKB, so we must make clones. 159 * 160 * RFC 1122: SHOULD pass TOS value up to the transport layer. 161 * -> It does. And not only TOS, but all IP header. 162 */ raw_v4_input(struct net * net,struct sk_buff * skb,const struct iphdr * iph,int hash)163 static int raw_v4_input(struct net *net, struct sk_buff *skb, 164 const struct iphdr *iph, int hash) 165 { 166 int sdif = inet_sdif(skb); 167 struct hlist_head *hlist; 168 int dif = inet_iif(skb); 169 int delivered = 0; 170 struct sock *sk; 171 172 hlist = &raw_v4_hashinfo.ht[hash]; 173 rcu_read_lock(); 174 sk_for_each_rcu(sk, hlist) { 175 if (!raw_v4_match(net, sk, iph->protocol, 176 iph->saddr, iph->daddr, dif, sdif)) 177 continue; 178 179 if (atomic_read(&sk->sk_rmem_alloc) >= 180 READ_ONCE(sk->sk_rcvbuf)) { 181 atomic_inc(&sk->sk_drops); 182 continue; 183 } 184 185 delivered = 1; 186 if ((iph->protocol != IPPROTO_ICMP || !icmp_filter(sk, skb)) && 187 ip_mc_sf_allow(sk, iph->daddr, iph->saddr, 188 skb->dev->ifindex, sdif)) { 189 struct sk_buff *clone = skb_clone(skb, GFP_ATOMIC); 190 191 /* Not releasing hash table! */ 192 if (clone) 193 raw_rcv(sk, clone); 194 } 195 } 196 rcu_read_unlock(); 197 return delivered; 198 } 199 raw_local_deliver(struct sk_buff * skb,int protocol)200 int raw_local_deliver(struct sk_buff *skb, int protocol) 201 { 202 struct net *net = dev_net(skb->dev); 203 204 return raw_v4_input(net, skb, ip_hdr(skb), 205 raw_hashfunc(net, protocol)); 206 } 207 raw_err(struct sock * sk,struct sk_buff * skb,u32 info)208 static void raw_err(struct sock *sk, struct sk_buff *skb, u32 info) 209 { 210 struct inet_sock *inet = inet_sk(sk); 211 const int type = icmp_hdr(skb)->type; 212 const int code = icmp_hdr(skb)->code; 213 int harderr = 0; 214 bool recverr; 215 int err = 0; 216 217 if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED) 218 ipv4_sk_update_pmtu(skb, sk, info); 219 else if (type == ICMP_REDIRECT) { 220 ipv4_sk_redirect(skb, sk); 221 return; 222 } 223 224 /* Report error on raw socket, if: 225 1. User requested ip_recverr. 226 2. Socket is connected (otherwise the error indication 227 is useless without ip_recverr and error is hard. 228 */ 229 recverr = inet_test_bit(RECVERR, sk); 230 if (!recverr && sk->sk_state != TCP_ESTABLISHED) 231 return; 232 233 switch (type) { 234 default: 235 case ICMP_TIME_EXCEEDED: 236 err = EHOSTUNREACH; 237 break; 238 case ICMP_SOURCE_QUENCH: 239 return; 240 case ICMP_PARAMETERPROB: 241 err = EPROTO; 242 harderr = 1; 243 break; 244 case ICMP_DEST_UNREACH: 245 err = EHOSTUNREACH; 246 if (code > NR_ICMP_UNREACH) 247 break; 248 if (code == ICMP_FRAG_NEEDED) { 249 harderr = READ_ONCE(inet->pmtudisc) != IP_PMTUDISC_DONT; 250 err = EMSGSIZE; 251 } else { 252 err = icmp_err_convert[code].errno; 253 harderr = icmp_err_convert[code].fatal; 254 } 255 } 256 257 if (recverr) { 258 const struct iphdr *iph = (const struct iphdr *)skb->data; 259 u8 *payload = skb->data + (iph->ihl << 2); 260 261 if (inet_test_bit(HDRINCL, sk)) 262 payload = skb->data; 263 ip_icmp_error(sk, skb, err, 0, info, payload); 264 } 265 266 if (recverr || harderr) { 267 sk->sk_err = err; 268 sk_error_report(sk); 269 } 270 } 271 raw_icmp_error(struct sk_buff * skb,int protocol,u32 info)272 void raw_icmp_error(struct sk_buff *skb, int protocol, u32 info) 273 { 274 struct net *net = dev_net(skb->dev); 275 int dif = skb->dev->ifindex; 276 int sdif = inet_sdif(skb); 277 struct hlist_head *hlist; 278 const struct iphdr *iph; 279 struct sock *sk; 280 int hash; 281 282 hash = raw_hashfunc(net, protocol); 283 hlist = &raw_v4_hashinfo.ht[hash]; 284 285 rcu_read_lock(); 286 sk_for_each_rcu(sk, hlist) { 287 iph = (const struct iphdr *)skb->data; 288 if (!raw_v4_match(net, sk, iph->protocol, 289 iph->daddr, iph->saddr, dif, sdif)) 290 continue; 291 raw_err(sk, skb, info); 292 } 293 rcu_read_unlock(); 294 } 295 raw_rcv_skb(struct sock * sk,struct sk_buff * skb)296 static int raw_rcv_skb(struct sock *sk, struct sk_buff *skb) 297 { 298 enum skb_drop_reason reason; 299 300 /* Charge it to the socket. */ 301 302 ipv4_pktinfo_prepare(sk, skb, true); 303 if (sock_queue_rcv_skb_reason(sk, skb, &reason) < 0) { 304 sk_skb_reason_drop(sk, skb, reason); 305 return NET_RX_DROP; 306 } 307 308 return NET_RX_SUCCESS; 309 } 310 raw_rcv(struct sock * sk,struct sk_buff * skb)311 int raw_rcv(struct sock *sk, struct sk_buff *skb) 312 { 313 if (!xfrm4_policy_check(sk, XFRM_POLICY_IN, skb)) { 314 atomic_inc(&sk->sk_drops); 315 sk_skb_reason_drop(sk, skb, SKB_DROP_REASON_XFRM_POLICY); 316 return NET_RX_DROP; 317 } 318 nf_reset_ct(skb); 319 320 skb_push(skb, -skb_network_offset(skb)); 321 322 raw_rcv_skb(sk, skb); 323 return 0; 324 } 325 raw_send_hdrinc(struct sock * sk,struct flowi4 * fl4,struct msghdr * msg,size_t length,struct rtable ** rtp,unsigned int flags,const struct sockcm_cookie * sockc)326 static int raw_send_hdrinc(struct sock *sk, struct flowi4 *fl4, 327 struct msghdr *msg, size_t length, 328 struct rtable **rtp, unsigned int flags, 329 const struct sockcm_cookie *sockc) 330 { 331 struct inet_sock *inet = inet_sk(sk); 332 struct net *net = sock_net(sk); 333 struct iphdr *iph; 334 struct sk_buff *skb; 335 unsigned int iphlen; 336 int err; 337 struct rtable *rt = *rtp; 338 int hlen, tlen; 339 340 if (length > rt->dst.dev->mtu) { 341 ip_local_error(sk, EMSGSIZE, fl4->daddr, inet->inet_dport, 342 rt->dst.dev->mtu); 343 return -EMSGSIZE; 344 } 345 if (length < sizeof(struct iphdr)) 346 return -EINVAL; 347 348 if (flags&MSG_PROBE) 349 goto out; 350 351 hlen = LL_RESERVED_SPACE(rt->dst.dev); 352 tlen = rt->dst.dev->needed_tailroom; 353 skb = sock_alloc_send_skb(sk, 354 length + hlen + tlen + 15, 355 flags & MSG_DONTWAIT, &err); 356 if (!skb) 357 goto error; 358 skb_reserve(skb, hlen); 359 360 skb->protocol = htons(ETH_P_IP); 361 skb->priority = READ_ONCE(sk->sk_priority); 362 skb->mark = sockc->mark; 363 skb_set_delivery_type_by_clockid(skb, sockc->transmit_time, sk->sk_clockid); 364 skb_dst_set(skb, &rt->dst); 365 *rtp = NULL; 366 367 skb_reset_network_header(skb); 368 iph = ip_hdr(skb); 369 skb_put(skb, length); 370 371 skb->ip_summed = CHECKSUM_NONE; 372 373 skb_setup_tx_timestamp(skb, sockc->tsflags); 374 375 if (flags & MSG_CONFIRM) 376 skb_set_dst_pending_confirm(skb, 1); 377 378 skb->transport_header = skb->network_header; 379 err = -EFAULT; 380 if (memcpy_from_msg(iph, msg, length)) 381 goto error_free; 382 383 iphlen = iph->ihl * 4; 384 385 /* 386 * We don't want to modify the ip header, but we do need to 387 * be sure that it won't cause problems later along the network 388 * stack. Specifically we want to make sure that iph->ihl is a 389 * sane value. If ihl points beyond the length of the buffer passed 390 * in, reject the frame as invalid 391 */ 392 err = -EINVAL; 393 if (iphlen > length) 394 goto error_free; 395 396 if (iphlen >= sizeof(*iph)) { 397 if (!iph->saddr) 398 iph->saddr = fl4->saddr; 399 iph->check = 0; 400 iph->tot_len = htons(length); 401 if (!iph->id) 402 ip_select_ident(net, skb, NULL); 403 404 iph->check = ip_fast_csum((unsigned char *)iph, iph->ihl); 405 skb->transport_header += iphlen; 406 if (iph->protocol == IPPROTO_ICMP && 407 length >= iphlen + sizeof(struct icmphdr)) 408 icmp_out_count(net, ((struct icmphdr *) 409 skb_transport_header(skb))->type); 410 } 411 412 err = NF_HOOK(NFPROTO_IPV4, NF_INET_LOCAL_OUT, 413 net, sk, skb, NULL, rt->dst.dev, 414 dst_output); 415 if (err > 0) 416 err = net_xmit_errno(err); 417 if (err) 418 goto error; 419 out: 420 return 0; 421 422 error_free: 423 kfree_skb(skb); 424 error: 425 IP_INC_STATS(net, IPSTATS_MIB_OUTDISCARDS); 426 if (err == -ENOBUFS && !inet_test_bit(RECVERR, sk)) 427 err = 0; 428 return err; 429 } 430 raw_probe_proto_opt(struct raw_frag_vec * rfv,struct flowi4 * fl4)431 static int raw_probe_proto_opt(struct raw_frag_vec *rfv, struct flowi4 *fl4) 432 { 433 int err; 434 435 if (fl4->flowi4_proto != IPPROTO_ICMP) 436 return 0; 437 438 /* We only need the first two bytes. */ 439 rfv->hlen = 2; 440 441 err = memcpy_from_msg(rfv->hdr.c, rfv->msg, rfv->hlen); 442 if (err) 443 return err; 444 445 fl4->fl4_icmp_type = rfv->hdr.icmph.type; 446 fl4->fl4_icmp_code = rfv->hdr.icmph.code; 447 448 return 0; 449 } 450 raw_getfrag(void * from,char * to,int offset,int len,int odd,struct sk_buff * skb)451 static int raw_getfrag(void *from, char *to, int offset, int len, int odd, 452 struct sk_buff *skb) 453 { 454 struct raw_frag_vec *rfv = from; 455 456 if (offset < rfv->hlen) { 457 int copy = min(rfv->hlen - offset, len); 458 459 if (skb->ip_summed == CHECKSUM_PARTIAL) 460 memcpy(to, rfv->hdr.c + offset, copy); 461 else 462 skb->csum = csum_block_add( 463 skb->csum, 464 csum_partial_copy_nocheck(rfv->hdr.c + offset, 465 to, copy), 466 odd); 467 468 odd = 0; 469 offset += copy; 470 to += copy; 471 len -= copy; 472 473 if (!len) 474 return 0; 475 } 476 477 offset -= rfv->hlen; 478 479 return ip_generic_getfrag(rfv->msg, to, offset, len, odd, skb); 480 } 481 raw_sendmsg(struct sock * sk,struct msghdr * msg,size_t len)482 static int raw_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) 483 { 484 struct inet_sock *inet = inet_sk(sk); 485 struct net *net = sock_net(sk); 486 struct ipcm_cookie ipc; 487 struct rtable *rt = NULL; 488 struct flowi4 fl4; 489 u8 tos, scope; 490 int free = 0; 491 __be32 daddr; 492 __be32 saddr; 493 int uc_index, err; 494 struct ip_options_data opt_copy; 495 struct raw_frag_vec rfv; 496 int hdrincl; 497 498 err = -EMSGSIZE; 499 if (len > 0xFFFF) 500 goto out; 501 502 hdrincl = inet_test_bit(HDRINCL, sk); 503 504 /* 505 * Check the flags. 506 */ 507 508 err = -EOPNOTSUPP; 509 if (msg->msg_flags & MSG_OOB) /* Mirror BSD error message */ 510 goto out; /* compatibility */ 511 512 /* 513 * Get and verify the address. 514 */ 515 516 if (msg->msg_namelen) { 517 DECLARE_SOCKADDR(struct sockaddr_in *, usin, msg->msg_name); 518 err = -EINVAL; 519 if (msg->msg_namelen < sizeof(*usin)) 520 goto out; 521 if (usin->sin_family != AF_INET) { 522 pr_info_once("%s: %s forgot to set AF_INET. Fix it!\n", 523 __func__, current->comm); 524 err = -EAFNOSUPPORT; 525 if (usin->sin_family) 526 goto out; 527 } 528 daddr = usin->sin_addr.s_addr; 529 /* ANK: I did not forget to get protocol from port field. 530 * I just do not know, who uses this weirdness. 531 * IP_HDRINCL is much more convenient. 532 */ 533 } else { 534 err = -EDESTADDRREQ; 535 if (sk->sk_state != TCP_ESTABLISHED) 536 goto out; 537 daddr = inet->inet_daddr; 538 } 539 540 ipcm_init_sk(&ipc, inet); 541 /* Keep backward compat */ 542 if (hdrincl) 543 ipc.protocol = IPPROTO_RAW; 544 545 if (msg->msg_controllen) { 546 err = ip_cmsg_send(sk, msg, &ipc, false); 547 if (unlikely(err)) { 548 kfree(ipc.opt); 549 goto out; 550 } 551 if (ipc.opt) 552 free = 1; 553 } 554 555 saddr = ipc.addr; 556 ipc.addr = daddr; 557 558 if (!ipc.opt) { 559 struct ip_options_rcu *inet_opt; 560 561 rcu_read_lock(); 562 inet_opt = rcu_dereference(inet->inet_opt); 563 if (inet_opt) { 564 memcpy(&opt_copy, inet_opt, 565 sizeof(*inet_opt) + inet_opt->opt.optlen); 566 ipc.opt = &opt_copy.opt; 567 } 568 rcu_read_unlock(); 569 } 570 571 if (ipc.opt) { 572 err = -EINVAL; 573 /* Linux does not mangle headers on raw sockets, 574 * so that IP options + IP_HDRINCL is non-sense. 575 */ 576 if (hdrincl) 577 goto done; 578 if (ipc.opt->opt.srr) { 579 if (!daddr) 580 goto done; 581 daddr = ipc.opt->opt.faddr; 582 } 583 } 584 tos = get_rttos(&ipc, inet); 585 scope = ip_sendmsg_scope(inet, &ipc, msg); 586 587 uc_index = READ_ONCE(inet->uc_index); 588 if (ipv4_is_multicast(daddr)) { 589 if (!ipc.oif || netif_index_is_l3_master(sock_net(sk), ipc.oif)) 590 ipc.oif = READ_ONCE(inet->mc_index); 591 if (!saddr) 592 saddr = READ_ONCE(inet->mc_addr); 593 } else if (!ipc.oif) { 594 ipc.oif = uc_index; 595 } else if (ipv4_is_lbcast(daddr) && uc_index) { 596 /* oif is set, packet is to local broadcast 597 * and uc_index is set. oif is most likely set 598 * by sk_bound_dev_if. If uc_index != oif check if the 599 * oif is an L3 master and uc_index is an L3 slave. 600 * If so, we want to allow the send using the uc_index. 601 */ 602 if (ipc.oif != uc_index && 603 ipc.oif == l3mdev_master_ifindex_by_index(sock_net(sk), 604 uc_index)) { 605 ipc.oif = uc_index; 606 } 607 } 608 609 flowi4_init_output(&fl4, ipc.oif, ipc.sockc.mark, tos, scope, 610 hdrincl ? ipc.protocol : sk->sk_protocol, 611 inet_sk_flowi_flags(sk) | 612 (hdrincl ? FLOWI_FLAG_KNOWN_NH : 0), 613 daddr, saddr, 0, 0, sk->sk_uid); 614 615 fl4.fl4_icmp_type = 0; 616 fl4.fl4_icmp_code = 0; 617 618 if (!hdrincl) { 619 rfv.msg = msg; 620 rfv.hlen = 0; 621 622 err = raw_probe_proto_opt(&rfv, &fl4); 623 if (err) 624 goto done; 625 } 626 627 security_sk_classify_flow(sk, flowi4_to_flowi_common(&fl4)); 628 rt = ip_route_output_flow(net, &fl4, sk); 629 if (IS_ERR(rt)) { 630 err = PTR_ERR(rt); 631 rt = NULL; 632 goto done; 633 } 634 635 err = -EACCES; 636 if (rt->rt_flags & RTCF_BROADCAST && !sock_flag(sk, SOCK_BROADCAST)) 637 goto done; 638 639 if (msg->msg_flags & MSG_CONFIRM) 640 goto do_confirm; 641 back_from_confirm: 642 643 if (hdrincl) 644 err = raw_send_hdrinc(sk, &fl4, msg, len, 645 &rt, msg->msg_flags, &ipc.sockc); 646 647 else { 648 if (!ipc.addr) 649 ipc.addr = fl4.daddr; 650 lock_sock(sk); 651 err = ip_append_data(sk, &fl4, raw_getfrag, 652 &rfv, len, 0, 653 &ipc, &rt, msg->msg_flags); 654 if (err) 655 ip_flush_pending_frames(sk); 656 else if (!(msg->msg_flags & MSG_MORE)) { 657 err = ip_push_pending_frames(sk, &fl4); 658 if (err == -ENOBUFS && !inet_test_bit(RECVERR, sk)) 659 err = 0; 660 } 661 release_sock(sk); 662 } 663 done: 664 if (free) 665 kfree(ipc.opt); 666 ip_rt_put(rt); 667 668 out: 669 if (err < 0) 670 return err; 671 return len; 672 673 do_confirm: 674 if (msg->msg_flags & MSG_PROBE) 675 dst_confirm_neigh(&rt->dst, &fl4.daddr); 676 if (!(msg->msg_flags & MSG_PROBE) || len) 677 goto back_from_confirm; 678 err = 0; 679 goto done; 680 } 681 raw_close(struct sock * sk,long timeout)682 static void raw_close(struct sock *sk, long timeout) 683 { 684 /* 685 * Raw sockets may have direct kernel references. Kill them. 686 */ 687 ip_ra_control(sk, 0, NULL); 688 689 sk_common_release(sk); 690 } 691 raw_destroy(struct sock * sk)692 static void raw_destroy(struct sock *sk) 693 { 694 lock_sock(sk); 695 ip_flush_pending_frames(sk); 696 release_sock(sk); 697 } 698 699 /* This gets rid of all the nasties in af_inet. -DaveM */ raw_bind(struct sock * sk,struct sockaddr * uaddr,int addr_len)700 static int raw_bind(struct sock *sk, struct sockaddr *uaddr, int addr_len) 701 { 702 struct inet_sock *inet = inet_sk(sk); 703 struct sockaddr_in *addr = (struct sockaddr_in *) uaddr; 704 struct net *net = sock_net(sk); 705 u32 tb_id = RT_TABLE_LOCAL; 706 int ret = -EINVAL; 707 int chk_addr_ret; 708 709 lock_sock(sk); 710 if (sk->sk_state != TCP_CLOSE || addr_len < sizeof(struct sockaddr_in)) 711 goto out; 712 713 if (sk->sk_bound_dev_if) 714 tb_id = l3mdev_fib_table_by_index(net, 715 sk->sk_bound_dev_if) ? : tb_id; 716 717 chk_addr_ret = inet_addr_type_table(net, addr->sin_addr.s_addr, tb_id); 718 719 ret = -EADDRNOTAVAIL; 720 if (!inet_addr_valid_or_nonlocal(net, inet, addr->sin_addr.s_addr, 721 chk_addr_ret)) 722 goto out; 723 724 inet->inet_rcv_saddr = inet->inet_saddr = addr->sin_addr.s_addr; 725 if (chk_addr_ret == RTN_MULTICAST || chk_addr_ret == RTN_BROADCAST) 726 inet->inet_saddr = 0; /* Use device */ 727 sk_dst_reset(sk); 728 ret = 0; 729 out: 730 release_sock(sk); 731 return ret; 732 } 733 734 /* 735 * This should be easy, if there is something there 736 * we return it, otherwise we block. 737 */ 738 raw_recvmsg(struct sock * sk,struct msghdr * msg,size_t len,int flags,int * addr_len)739 static int raw_recvmsg(struct sock *sk, struct msghdr *msg, size_t len, 740 int flags, int *addr_len) 741 { 742 struct inet_sock *inet = inet_sk(sk); 743 size_t copied = 0; 744 int err = -EOPNOTSUPP; 745 DECLARE_SOCKADDR(struct sockaddr_in *, sin, msg->msg_name); 746 struct sk_buff *skb; 747 748 if (flags & MSG_OOB) 749 goto out; 750 751 if (flags & MSG_ERRQUEUE) { 752 err = ip_recv_error(sk, msg, len, addr_len); 753 goto out; 754 } 755 756 skb = skb_recv_datagram(sk, flags, &err); 757 if (!skb) 758 goto out; 759 760 copied = skb->len; 761 if (len < copied) { 762 msg->msg_flags |= MSG_TRUNC; 763 copied = len; 764 } 765 766 err = skb_copy_datagram_msg(skb, 0, msg, copied); 767 if (err) 768 goto done; 769 770 sock_recv_cmsgs(msg, sk, skb); 771 772 /* Copy the address. */ 773 if (sin) { 774 sin->sin_family = AF_INET; 775 sin->sin_addr.s_addr = ip_hdr(skb)->saddr; 776 sin->sin_port = 0; 777 memset(&sin->sin_zero, 0, sizeof(sin->sin_zero)); 778 *addr_len = sizeof(*sin); 779 } 780 if (inet_cmsg_flags(inet)) 781 ip_cmsg_recv(msg, skb); 782 if (flags & MSG_TRUNC) 783 copied = skb->len; 784 done: 785 skb_free_datagram(sk, skb); 786 out: 787 if (err) 788 return err; 789 return copied; 790 } 791 raw_sk_init(struct sock * sk)792 static int raw_sk_init(struct sock *sk) 793 { 794 struct raw_sock *rp = raw_sk(sk); 795 796 if (inet_sk(sk)->inet_num == IPPROTO_ICMP) 797 memset(&rp->filter, 0, sizeof(rp->filter)); 798 return 0; 799 } 800 raw_seticmpfilter(struct sock * sk,sockptr_t optval,int optlen)801 static int raw_seticmpfilter(struct sock *sk, sockptr_t optval, int optlen) 802 { 803 if (optlen > sizeof(struct icmp_filter)) 804 optlen = sizeof(struct icmp_filter); 805 if (copy_from_sockptr(&raw_sk(sk)->filter, optval, optlen)) 806 return -EFAULT; 807 return 0; 808 } 809 raw_geticmpfilter(struct sock * sk,char __user * optval,int __user * optlen)810 static int raw_geticmpfilter(struct sock *sk, char __user *optval, int __user *optlen) 811 { 812 int len, ret = -EFAULT; 813 814 if (get_user(len, optlen)) 815 goto out; 816 ret = -EINVAL; 817 if (len < 0) 818 goto out; 819 if (len > sizeof(struct icmp_filter)) 820 len = sizeof(struct icmp_filter); 821 ret = -EFAULT; 822 if (put_user(len, optlen) || 823 copy_to_user(optval, &raw_sk(sk)->filter, len)) 824 goto out; 825 ret = 0; 826 out: return ret; 827 } 828 do_raw_setsockopt(struct sock * sk,int optname,sockptr_t optval,unsigned int optlen)829 static int do_raw_setsockopt(struct sock *sk, int optname, 830 sockptr_t optval, unsigned int optlen) 831 { 832 if (optname == ICMP_FILTER) { 833 if (inet_sk(sk)->inet_num != IPPROTO_ICMP) 834 return -EOPNOTSUPP; 835 else 836 return raw_seticmpfilter(sk, optval, optlen); 837 } 838 return -ENOPROTOOPT; 839 } 840 raw_setsockopt(struct sock * sk,int level,int optname,sockptr_t optval,unsigned int optlen)841 static int raw_setsockopt(struct sock *sk, int level, int optname, 842 sockptr_t optval, unsigned int optlen) 843 { 844 if (level != SOL_RAW) 845 return ip_setsockopt(sk, level, optname, optval, optlen); 846 return do_raw_setsockopt(sk, optname, optval, optlen); 847 } 848 do_raw_getsockopt(struct sock * sk,int optname,char __user * optval,int __user * optlen)849 static int do_raw_getsockopt(struct sock *sk, int optname, 850 char __user *optval, int __user *optlen) 851 { 852 if (optname == ICMP_FILTER) { 853 if (inet_sk(sk)->inet_num != IPPROTO_ICMP) 854 return -EOPNOTSUPP; 855 else 856 return raw_geticmpfilter(sk, optval, optlen); 857 } 858 return -ENOPROTOOPT; 859 } 860 raw_getsockopt(struct sock * sk,int level,int optname,char __user * optval,int __user * optlen)861 static int raw_getsockopt(struct sock *sk, int level, int optname, 862 char __user *optval, int __user *optlen) 863 { 864 if (level != SOL_RAW) 865 return ip_getsockopt(sk, level, optname, optval, optlen); 866 return do_raw_getsockopt(sk, optname, optval, optlen); 867 } 868 raw_ioctl(struct sock * sk,int cmd,int * karg)869 static int raw_ioctl(struct sock *sk, int cmd, int *karg) 870 { 871 switch (cmd) { 872 case SIOCOUTQ: { 873 *karg = sk_wmem_alloc_get(sk); 874 return 0; 875 } 876 case SIOCINQ: { 877 struct sk_buff *skb; 878 879 spin_lock_bh(&sk->sk_receive_queue.lock); 880 skb = skb_peek(&sk->sk_receive_queue); 881 if (skb) 882 *karg = skb->len; 883 else 884 *karg = 0; 885 spin_unlock_bh(&sk->sk_receive_queue.lock); 886 return 0; 887 } 888 889 default: 890 #ifdef CONFIG_IP_MROUTE 891 return ipmr_ioctl(sk, cmd, karg); 892 #else 893 return -ENOIOCTLCMD; 894 #endif 895 } 896 } 897 898 #ifdef CONFIG_COMPAT compat_raw_ioctl(struct sock * sk,unsigned int cmd,unsigned long arg)899 static int compat_raw_ioctl(struct sock *sk, unsigned int cmd, unsigned long arg) 900 { 901 switch (cmd) { 902 case SIOCOUTQ: 903 case SIOCINQ: 904 return -ENOIOCTLCMD; 905 default: 906 #ifdef CONFIG_IP_MROUTE 907 return ipmr_compat_ioctl(sk, cmd, compat_ptr(arg)); 908 #else 909 return -ENOIOCTLCMD; 910 #endif 911 } 912 } 913 #endif 914 raw_abort(struct sock * sk,int err)915 int raw_abort(struct sock *sk, int err) 916 { 917 lock_sock(sk); 918 919 sk->sk_err = err; 920 sk_error_report(sk); 921 __udp_disconnect(sk, 0); 922 923 release_sock(sk); 924 925 return 0; 926 } 927 EXPORT_SYMBOL_GPL(raw_abort); 928 929 struct proto raw_prot = { 930 .name = "RAW", 931 .owner = THIS_MODULE, 932 .close = raw_close, 933 .destroy = raw_destroy, 934 .connect = ip4_datagram_connect, 935 .disconnect = __udp_disconnect, 936 .ioctl = raw_ioctl, 937 .init = raw_sk_init, 938 .setsockopt = raw_setsockopt, 939 .getsockopt = raw_getsockopt, 940 .sendmsg = raw_sendmsg, 941 .recvmsg = raw_recvmsg, 942 .bind = raw_bind, 943 .backlog_rcv = raw_rcv_skb, 944 .release_cb = ip4_datagram_release_cb, 945 .hash = raw_hash_sk, 946 .unhash = raw_unhash_sk, 947 .obj_size = sizeof(struct raw_sock), 948 .useroffset = offsetof(struct raw_sock, filter), 949 .usersize = sizeof_field(struct raw_sock, filter), 950 .h.raw_hash = &raw_v4_hashinfo, 951 #ifdef CONFIG_COMPAT 952 .compat_ioctl = compat_raw_ioctl, 953 #endif 954 .diag_destroy = raw_abort, 955 }; 956 957 #ifdef CONFIG_PROC_FS raw_get_first(struct seq_file * seq,int bucket)958 static struct sock *raw_get_first(struct seq_file *seq, int bucket) 959 { 960 struct raw_hashinfo *h = pde_data(file_inode(seq->file)); 961 struct raw_iter_state *state = raw_seq_private(seq); 962 struct hlist_head *hlist; 963 struct sock *sk; 964 965 for (state->bucket = bucket; state->bucket < RAW_HTABLE_SIZE; 966 ++state->bucket) { 967 hlist = &h->ht[state->bucket]; 968 sk_for_each(sk, hlist) { 969 if (sock_net(sk) == seq_file_net(seq)) 970 return sk; 971 } 972 } 973 return NULL; 974 } 975 raw_get_next(struct seq_file * seq,struct sock * sk)976 static struct sock *raw_get_next(struct seq_file *seq, struct sock *sk) 977 { 978 struct raw_iter_state *state = raw_seq_private(seq); 979 980 do { 981 sk = sk_next(sk); 982 } while (sk && sock_net(sk) != seq_file_net(seq)); 983 984 if (!sk) 985 return raw_get_first(seq, state->bucket + 1); 986 return sk; 987 } 988 raw_get_idx(struct seq_file * seq,loff_t pos)989 static struct sock *raw_get_idx(struct seq_file *seq, loff_t pos) 990 { 991 struct sock *sk = raw_get_first(seq, 0); 992 993 if (sk) 994 while (pos && (sk = raw_get_next(seq, sk)) != NULL) 995 --pos; 996 return pos ? NULL : sk; 997 } 998 raw_seq_start(struct seq_file * seq,loff_t * pos)999 void *raw_seq_start(struct seq_file *seq, loff_t *pos) 1000 __acquires(&h->lock) 1001 { 1002 struct raw_hashinfo *h = pde_data(file_inode(seq->file)); 1003 1004 spin_lock(&h->lock); 1005 1006 return *pos ? raw_get_idx(seq, *pos - 1) : SEQ_START_TOKEN; 1007 } 1008 EXPORT_SYMBOL_GPL(raw_seq_start); 1009 raw_seq_next(struct seq_file * seq,void * v,loff_t * pos)1010 void *raw_seq_next(struct seq_file *seq, void *v, loff_t *pos) 1011 { 1012 struct sock *sk; 1013 1014 if (v == SEQ_START_TOKEN) 1015 sk = raw_get_first(seq, 0); 1016 else 1017 sk = raw_get_next(seq, v); 1018 ++*pos; 1019 return sk; 1020 } 1021 EXPORT_SYMBOL_GPL(raw_seq_next); 1022 raw_seq_stop(struct seq_file * seq,void * v)1023 void raw_seq_stop(struct seq_file *seq, void *v) 1024 __releases(&h->lock) 1025 { 1026 struct raw_hashinfo *h = pde_data(file_inode(seq->file)); 1027 1028 spin_unlock(&h->lock); 1029 } 1030 EXPORT_SYMBOL_GPL(raw_seq_stop); 1031 raw_sock_seq_show(struct seq_file * seq,struct sock * sp,int i)1032 static void raw_sock_seq_show(struct seq_file *seq, struct sock *sp, int i) 1033 { 1034 struct inet_sock *inet = inet_sk(sp); 1035 __be32 dest = inet->inet_daddr, 1036 src = inet->inet_rcv_saddr; 1037 __u16 destp = 0, 1038 srcp = inet->inet_num; 1039 1040 seq_printf(seq, "%4d: %08X:%04X %08X:%04X" 1041 " %02X %08X:%08X %02X:%08lX %08X %5u %8d %lu %d %pK %u\n", 1042 i, src, srcp, dest, destp, sp->sk_state, 1043 sk_wmem_alloc_get(sp), 1044 sk_rmem_alloc_get(sp), 1045 0, 0L, 0, 1046 from_kuid_munged(seq_user_ns(seq), sock_i_uid(sp)), 1047 0, sock_i_ino(sp), 1048 refcount_read(&sp->sk_refcnt), sp, atomic_read(&sp->sk_drops)); 1049 } 1050 raw_seq_show(struct seq_file * seq,void * v)1051 static int raw_seq_show(struct seq_file *seq, void *v) 1052 { 1053 if (v == SEQ_START_TOKEN) 1054 seq_printf(seq, " sl local_address rem_address st tx_queue " 1055 "rx_queue tr tm->when retrnsmt uid timeout " 1056 "inode ref pointer drops\n"); 1057 else 1058 raw_sock_seq_show(seq, v, raw_seq_private(seq)->bucket); 1059 return 0; 1060 } 1061 1062 static const struct seq_operations raw_seq_ops = { 1063 .start = raw_seq_start, 1064 .next = raw_seq_next, 1065 .stop = raw_seq_stop, 1066 .show = raw_seq_show, 1067 }; 1068 raw_init_net(struct net * net)1069 static __net_init int raw_init_net(struct net *net) 1070 { 1071 if (!proc_create_net_data("raw", 0444, net->proc_net, &raw_seq_ops, 1072 sizeof(struct raw_iter_state), &raw_v4_hashinfo)) 1073 return -ENOMEM; 1074 1075 return 0; 1076 } 1077 raw_exit_net(struct net * net)1078 static __net_exit void raw_exit_net(struct net *net) 1079 { 1080 remove_proc_entry("raw", net->proc_net); 1081 } 1082 1083 static __net_initdata struct pernet_operations raw_net_ops = { 1084 .init = raw_init_net, 1085 .exit = raw_exit_net, 1086 }; 1087 raw_proc_init(void)1088 int __init raw_proc_init(void) 1089 { 1090 1091 return register_pernet_subsys(&raw_net_ops); 1092 } 1093 raw_proc_exit(void)1094 void __init raw_proc_exit(void) 1095 { 1096 unregister_pernet_subsys(&raw_net_ops); 1097 } 1098 #endif /* CONFIG_PROC_FS */ 1099 raw_sysctl_init_net(struct net * net)1100 static void raw_sysctl_init_net(struct net *net) 1101 { 1102 #ifdef CONFIG_NET_L3_MASTER_DEV 1103 net->ipv4.sysctl_raw_l3mdev_accept = 1; 1104 #endif 1105 } 1106 raw_sysctl_init(struct net * net)1107 static int __net_init raw_sysctl_init(struct net *net) 1108 { 1109 raw_sysctl_init_net(net); 1110 return 0; 1111 } 1112 1113 static struct pernet_operations __net_initdata raw_sysctl_ops = { 1114 .init = raw_sysctl_init, 1115 }; 1116 raw_init(void)1117 void __init raw_init(void) 1118 { 1119 raw_sysctl_init_net(&init_net); 1120 if (register_pernet_subsys(&raw_sysctl_ops)) 1121 panic("RAW: failed to init sysctl parameters.\n"); 1122 } 1123