1/* 2 * INET An implementation of the TCP/IP protocol suite for the LINUX 3 * operating system. INET is implemented using the BSD Socket 4 * interface as the means of communication with the user level. 5 * 6 * The User Datagram Protocol (UDP). 7 * 8 * Authors: Ross Biro 9 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG> 10 * Arnt Gulbrandsen, <agulbra@nvg.unit.no> 11 * Alan Cox, <alan@lxorguk.ukuu.org.uk> 12 * Hirokazu Takahashi, <taka@valinux.co.jp> 13 * 14 * Fixes: 15 * Alan Cox : verify_area() calls 16 * Alan Cox : stopped close while in use off icmp 17 * messages. Not a fix but a botch that 18 * for udp at least is 'valid'. 19 * Alan Cox : Fixed icmp handling properly 20 * Alan Cox : Correct error for oversized datagrams 21 * Alan Cox : Tidied select() semantics. 22 * Alan Cox : udp_err() fixed properly, also now 23 * select and read wake correctly on errors 24 * Alan Cox : udp_send verify_area moved to avoid mem leak 25 * Alan Cox : UDP can count its memory 26 * Alan Cox : send to an unknown connection causes 27 * an ECONNREFUSED off the icmp, but 28 * does NOT close. 29 * Alan Cox : Switched to new sk_buff handlers. No more backlog! 30 * Alan Cox : Using generic datagram code. Even smaller and the PEEK 31 * bug no longer crashes it. 32 * Fred Van Kempen : Net2e support for sk->broadcast. 33 * Alan Cox : Uses skb_free_datagram 34 * Alan Cox : Added get/set sockopt support. 35 * Alan Cox : Broadcasting without option set returns EACCES. 36 * Alan Cox : No wakeup calls. Instead we now use the callbacks. 37 * Alan Cox : Use ip_tos and ip_ttl 38 * Alan Cox : SNMP Mibs 39 * Alan Cox : MSG_DONTROUTE, and 0.0.0.0 support. 40 * Matt Dillon : UDP length checks. 41 * Alan Cox : Smarter af_inet used properly. 42 * Alan Cox : Use new kernel side addressing. 43 * Alan Cox : Incorrect return on truncated datagram receive. 44 * Arnt Gulbrandsen : New udp_send and stuff 45 * Alan Cox : Cache last socket 46 * Alan Cox : Route cache 47 * Jon Peatfield : Minor efficiency fix to sendto(). 48 * Mike Shaver : RFC1122 checks. 49 * Alan Cox : Nonblocking error fix. 50 * Willy Konynenberg : Transparent proxying support. 51 * Mike McLagan : Routing by source 52 * David S. Miller : New socket lookup architecture. 53 * Last socket cache retained as it 54 * does have a high hit rate. 55 * Olaf Kirch : Don't linearise iovec on sendmsg. 56 * Andi Kleen : Some cleanups, cache destination entry 57 * for connect. 58 * Vitaly E. Lavrov : Transparent proxy revived after year coma. 59 * Melvin Smith : Check msg_name not msg_namelen in sendto(), 60 * return ENOTCONN for unconnected sockets (POSIX) 61 * Janos Farkas : don't deliver multi/broadcasts to a different 62 * bound-to-device socket 63 * Hirokazu Takahashi : HW checksumming for outgoing UDP 64 * datagrams. 65 * Hirokazu Takahashi : sendfile() on UDP works now. 66 * Arnaldo C. Melo : convert /proc/net/udp to seq_file 67 * YOSHIFUJI Hideaki @USAGI and: Support IPV6_V6ONLY socket option, which 68 * Alexey Kuznetsov: allow both IPv4 and IPv6 sockets to bind 69 * a single port at the same time. 70 * Derek Atkins <derek@ihtfp.com>: Add Encapulation Support 71 * James Chapman : Add L2TP encapsulation type. 72 * 73 * 74 * This program is free software; you can redistribute it and/or 75 * modify it under the terms of the GNU General Public License 76 * as published by the Free Software Foundation; either version 77 * 2 of the License, or (at your option) any later version. 78 */ 79 80#define pr_fmt(fmt) "UDP: " fmt 81 82#include <asm/uaccess.h> 83#include <asm/ioctls.h> 84#include <linux/bootmem.h> 85#include <linux/highmem.h> 86#include <linux/swap.h> 87#include <linux/types.h> 88#include <linux/fcntl.h> 89#include <linux/module.h> 90#include <linux/socket.h> 91#include <linux/sockios.h> 92#include <linux/igmp.h> 93#include <linux/in.h> 94#include <linux/errno.h> 95#include <linux/timer.h> 96#include <linux/mm.h> 97#include <linux/inet.h> 98#include <linux/netdevice.h> 99#include <linux/slab.h> 100#include <net/tcp_states.h> 101#include <linux/skbuff.h> 102#include <linux/netdevice.h> 103#include <linux/proc_fs.h> 104#include <linux/seq_file.h> 105#include <net/net_namespace.h> 106#include <net/icmp.h> 107#include <net/inet_hashtables.h> 108#include <net/route.h> 109#include <net/checksum.h> 110#include <net/xfrm.h> 111#include <trace/events/udp.h> 112#include <linux/static_key.h> 113#include <trace/events/skb.h> 114#include <net/busy_poll.h> 115#include "udp_impl.h" 116 117struct udp_table udp_table __read_mostly; 118EXPORT_SYMBOL(udp_table); 119 120long sysctl_udp_mem[3] __read_mostly; 121EXPORT_SYMBOL(sysctl_udp_mem); 122 123int sysctl_udp_rmem_min __read_mostly; 124EXPORT_SYMBOL(sysctl_udp_rmem_min); 125 126int sysctl_udp_wmem_min __read_mostly; 127EXPORT_SYMBOL(sysctl_udp_wmem_min); 128 129atomic_long_t udp_memory_allocated; 130EXPORT_SYMBOL(udp_memory_allocated); 131 132#define MAX_UDP_PORTS 65536 133#define PORTS_PER_CHAIN (MAX_UDP_PORTS / UDP_HTABLE_SIZE_MIN) 134 135static int udp_lib_lport_inuse(struct net *net, __u16 num, 136 const struct udp_hslot *hslot, 137 unsigned long *bitmap, 138 struct sock *sk, 139 int (*saddr_comp)(const struct sock *sk1, 140 const struct sock *sk2), 141 unsigned int log) 142{ 143 struct sock *sk2; 144 struct hlist_nulls_node *node; 145 kuid_t uid = sock_i_uid(sk); 146 147 sk_nulls_for_each(sk2, node, &hslot->head) 148 if (net_eq(sock_net(sk2), net) && 149 sk2 != sk && 150 (bitmap || udp_sk(sk2)->udp_port_hash == num) && 151 (!sk2->sk_reuse || !sk->sk_reuse) && 152 (!sk2->sk_bound_dev_if || !sk->sk_bound_dev_if || 153 sk2->sk_bound_dev_if == sk->sk_bound_dev_if) && 154 (!sk2->sk_reuseport || !sk->sk_reuseport || 155 !uid_eq(uid, sock_i_uid(sk2))) && 156 (*saddr_comp)(sk, sk2)) { 157 if (bitmap) 158 __set_bit(udp_sk(sk2)->udp_port_hash >> log, 159 bitmap); 160 else 161 return 1; 162 } 163 return 0; 164} 165 166/* 167 * Note: we still hold spinlock of primary hash chain, so no other writer 168 * can insert/delete a socket with local_port == num 169 */ 170static int udp_lib_lport_inuse2(struct net *net, __u16 num, 171 struct udp_hslot *hslot2, 172 struct sock *sk, 173 int (*saddr_comp)(const struct sock *sk1, 174 const struct sock *sk2)) 175{ 176 struct sock *sk2; 177 struct hlist_nulls_node *node; 178 kuid_t uid = sock_i_uid(sk); 179 int res = 0; 180 181 spin_lock(&hslot2->lock); 182 udp_portaddr_for_each_entry(sk2, node, &hslot2->head) 183 if (net_eq(sock_net(sk2), net) && 184 sk2 != sk && 185 (udp_sk(sk2)->udp_port_hash == num) && 186 (!sk2->sk_reuse || !sk->sk_reuse) && 187 (!sk2->sk_bound_dev_if || !sk->sk_bound_dev_if || 188 sk2->sk_bound_dev_if == sk->sk_bound_dev_if) && 189 (!sk2->sk_reuseport || !sk->sk_reuseport || 190 !uid_eq(uid, sock_i_uid(sk2))) && 191 (*saddr_comp)(sk, sk2)) { 192 res = 1; 193 break; 194 } 195 spin_unlock(&hslot2->lock); 196 return res; 197} 198 199/** 200 * udp_lib_get_port - UDP/-Lite port lookup for IPv4 and IPv6 201 * 202 * @sk: socket struct in question 203 * @snum: port number to look up 204 * @saddr_comp: AF-dependent comparison of bound local IP addresses 205 * @hash2_nulladdr: AF-dependent hash value in secondary hash chains, 206 * with NULL address 207 */ 208int udp_lib_get_port(struct sock *sk, unsigned short snum, 209 int (*saddr_comp)(const struct sock *sk1, 210 const struct sock *sk2), 211 unsigned int hash2_nulladdr) 212{ 213 struct udp_hslot *hslot, *hslot2; 214 struct udp_table *udptable = sk->sk_prot->h.udp_table; 215 int error = 1; 216 struct net *net = sock_net(sk); 217 218 if (!snum) { 219 int low, high, remaining; 220 unsigned int rand; 221 unsigned short first, last; 222 DECLARE_BITMAP(bitmap, PORTS_PER_CHAIN); 223 224 inet_get_local_port_range(net, &low, &high); 225 remaining = (high - low) + 1; 226 227 rand = prandom_u32(); 228 first = reciprocal_scale(rand, remaining) + low; 229 /* 230 * force rand to be an odd multiple of UDP_HTABLE_SIZE 231 */ 232 rand = (rand | 1) * (udptable->mask + 1); 233 last = first + udptable->mask + 1; 234 do { 235 hslot = udp_hashslot(udptable, net, first); 236 bitmap_zero(bitmap, PORTS_PER_CHAIN); 237 spin_lock_bh(&hslot->lock); 238 udp_lib_lport_inuse(net, snum, hslot, bitmap, sk, 239 saddr_comp, udptable->log); 240 241 snum = first; 242 /* 243 * Iterate on all possible values of snum for this hash. 244 * Using steps of an odd multiple of UDP_HTABLE_SIZE 245 * give us randomization and full range coverage. 246 */ 247 do { 248 if (low <= snum && snum <= high && 249 !test_bit(snum >> udptable->log, bitmap) && 250 !inet_is_local_reserved_port(net, snum)) 251 goto found; 252 snum += rand; 253 } while (snum != first); 254 spin_unlock_bh(&hslot->lock); 255 } while (++first != last); 256 goto fail; 257 } else { 258 hslot = udp_hashslot(udptable, net, snum); 259 spin_lock_bh(&hslot->lock); 260 if (hslot->count > 10) { 261 int exist; 262 unsigned int slot2 = udp_sk(sk)->udp_portaddr_hash ^ snum; 263 264 slot2 &= udptable->mask; 265 hash2_nulladdr &= udptable->mask; 266 267 hslot2 = udp_hashslot2(udptable, slot2); 268 if (hslot->count < hslot2->count) 269 goto scan_primary_hash; 270 271 exist = udp_lib_lport_inuse2(net, snum, hslot2, 272 sk, saddr_comp); 273 if (!exist && (hash2_nulladdr != slot2)) { 274 hslot2 = udp_hashslot2(udptable, hash2_nulladdr); 275 exist = udp_lib_lport_inuse2(net, snum, hslot2, 276 sk, saddr_comp); 277 } 278 if (exist) 279 goto fail_unlock; 280 else 281 goto found; 282 } 283scan_primary_hash: 284 if (udp_lib_lport_inuse(net, snum, hslot, NULL, sk, 285 saddr_comp, 0)) 286 goto fail_unlock; 287 } 288found: 289 inet_sk(sk)->inet_num = snum; 290 udp_sk(sk)->udp_port_hash = snum; 291 udp_sk(sk)->udp_portaddr_hash ^= snum; 292 if (sk_unhashed(sk)) { 293 sk_nulls_add_node_rcu(sk, &hslot->head); 294 hslot->count++; 295 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1); 296 297 hslot2 = udp_hashslot2(udptable, udp_sk(sk)->udp_portaddr_hash); 298 spin_lock(&hslot2->lock); 299 hlist_nulls_add_head_rcu(&udp_sk(sk)->udp_portaddr_node, 300 &hslot2->head); 301 hslot2->count++; 302 spin_unlock(&hslot2->lock); 303 } 304 error = 0; 305fail_unlock: 306 spin_unlock_bh(&hslot->lock); 307fail: 308 return error; 309} 310EXPORT_SYMBOL(udp_lib_get_port); 311 312static int ipv4_rcv_saddr_equal(const struct sock *sk1, const struct sock *sk2) 313{ 314 struct inet_sock *inet1 = inet_sk(sk1), *inet2 = inet_sk(sk2); 315 316 return (!ipv6_only_sock(sk2) && 317 (!inet1->inet_rcv_saddr || !inet2->inet_rcv_saddr || 318 inet1->inet_rcv_saddr == inet2->inet_rcv_saddr)); 319} 320 321static unsigned int udp4_portaddr_hash(struct net *net, __be32 saddr, 322 unsigned int port) 323{ 324 return jhash_1word((__force u32)saddr, net_hash_mix(net)) ^ port; 325} 326 327int udp_v4_get_port(struct sock *sk, unsigned short snum) 328{ 329 unsigned int hash2_nulladdr = 330 udp4_portaddr_hash(sock_net(sk), htonl(INADDR_ANY), snum); 331 unsigned int hash2_partial = 332 udp4_portaddr_hash(sock_net(sk), inet_sk(sk)->inet_rcv_saddr, 0); 333 334 /* precompute partial secondary hash */ 335 udp_sk(sk)->udp_portaddr_hash = hash2_partial; 336 return udp_lib_get_port(sk, snum, ipv4_rcv_saddr_equal, hash2_nulladdr); 337} 338 339static inline int compute_score(struct sock *sk, struct net *net, __be32 saddr, 340 unsigned short hnum, 341 __be16 sport, __be32 daddr, __be16 dport, int dif) 342{ 343 int score = -1; 344 345 if (net_eq(sock_net(sk), net) && udp_sk(sk)->udp_port_hash == hnum && 346 !ipv6_only_sock(sk)) { 347 struct inet_sock *inet = inet_sk(sk); 348 349 score = (sk->sk_family == PF_INET ? 2 : 1); 350 if (inet->inet_rcv_saddr) { 351 if (inet->inet_rcv_saddr != daddr) 352 return -1; 353 score += 4; 354 } 355 if (inet->inet_daddr) { 356 if (inet->inet_daddr != saddr) 357 return -1; 358 score += 4; 359 } 360 if (inet->inet_dport) { 361 if (inet->inet_dport != sport) 362 return -1; 363 score += 4; 364 } 365 if (sk->sk_bound_dev_if) { 366 if (sk->sk_bound_dev_if != dif) 367 return -1; 368 score += 4; 369 } 370 } 371 return score; 372} 373 374/* 375 * In this second variant, we check (daddr, dport) matches (inet_rcv_sadd, inet_num) 376 */ 377static inline int compute_score2(struct sock *sk, struct net *net, 378 __be32 saddr, __be16 sport, 379 __be32 daddr, unsigned int hnum, int dif) 380{ 381 int score = -1; 382 383 if (net_eq(sock_net(sk), net) && !ipv6_only_sock(sk)) { 384 struct inet_sock *inet = inet_sk(sk); 385 386 if (inet->inet_rcv_saddr != daddr) 387 return -1; 388 if (inet->inet_num != hnum) 389 return -1; 390 391 score = (sk->sk_family == PF_INET ? 2 : 1); 392 if (inet->inet_daddr) { 393 if (inet->inet_daddr != saddr) 394 return -1; 395 score += 4; 396 } 397 if (inet->inet_dport) { 398 if (inet->inet_dport != sport) 399 return -1; 400 score += 4; 401 } 402 if (sk->sk_bound_dev_if) { 403 if (sk->sk_bound_dev_if != dif) 404 return -1; 405 score += 4; 406 } 407 } 408 return score; 409} 410 411static unsigned int udp_ehashfn(struct net *net, const __be32 laddr, 412 const __u16 lport, const __be32 faddr, 413 const __be16 fport) 414{ 415 static u32 udp_ehash_secret __read_mostly; 416 417 net_get_random_once(&udp_ehash_secret, sizeof(udp_ehash_secret)); 418 419 return __inet_ehashfn(laddr, lport, faddr, fport, 420 udp_ehash_secret + net_hash_mix(net)); 421} 422 423 424/* called with read_rcu_lock() */ 425static struct sock *udp4_lib_lookup2(struct net *net, 426 __be32 saddr, __be16 sport, 427 __be32 daddr, unsigned int hnum, int dif, 428 struct udp_hslot *hslot2, unsigned int slot2) 429{ 430 struct sock *sk, *result; 431 struct hlist_nulls_node *node; 432 int score, badness, matches = 0, reuseport = 0; 433 u32 hash = 0; 434 435begin: 436 result = NULL; 437 badness = 0; 438 udp_portaddr_for_each_entry_rcu(sk, node, &hslot2->head) { 439 score = compute_score2(sk, net, saddr, sport, 440 daddr, hnum, dif); 441 if (score > badness) { 442 result = sk; 443 badness = score; 444 reuseport = sk->sk_reuseport; 445 if (reuseport) { 446 hash = udp_ehashfn(net, daddr, hnum, 447 saddr, sport); 448 matches = 1; 449 } 450 } else if (score == badness && reuseport) { 451 matches++; 452 if (reciprocal_scale(hash, matches) == 0) 453 result = sk; 454 hash = next_pseudo_random32(hash); 455 } 456 } 457 /* 458 * if the nulls value we got at the end of this lookup is 459 * not the expected one, we must restart lookup. 460 * We probably met an item that was moved to another chain. 461 */ 462 if (get_nulls_value(node) != slot2) 463 goto begin; 464 if (result) { 465 if (unlikely(!atomic_inc_not_zero_hint(&result->sk_refcnt, 2))) 466 result = NULL; 467 else if (unlikely(compute_score2(result, net, saddr, sport, 468 daddr, hnum, dif) < badness)) { 469 sock_put(result); 470 goto begin; 471 } 472 } 473 return result; 474} 475 476/* UDP is nearly always wildcards out the wazoo, it makes no sense to try 477 * harder than this. -DaveM 478 */ 479struct sock *__udp4_lib_lookup(struct net *net, __be32 saddr, 480 __be16 sport, __be32 daddr, __be16 dport, 481 int dif, struct udp_table *udptable) 482{ 483 struct sock *sk, *result; 484 struct hlist_nulls_node *node; 485 unsigned short hnum = ntohs(dport); 486 unsigned int hash2, slot2, slot = udp_hashfn(net, hnum, udptable->mask); 487 struct udp_hslot *hslot2, *hslot = &udptable->hash[slot]; 488 int score, badness, matches = 0, reuseport = 0; 489 u32 hash = 0; 490 491 rcu_read_lock(); 492 if (hslot->count > 10) { 493 hash2 = udp4_portaddr_hash(net, daddr, hnum); 494 slot2 = hash2 & udptable->mask; 495 hslot2 = &udptable->hash2[slot2]; 496 if (hslot->count < hslot2->count) 497 goto begin; 498 499 result = udp4_lib_lookup2(net, saddr, sport, 500 daddr, hnum, dif, 501 hslot2, slot2); 502 if (!result) { 503 hash2 = udp4_portaddr_hash(net, htonl(INADDR_ANY), hnum); 504 slot2 = hash2 & udptable->mask; 505 hslot2 = &udptable->hash2[slot2]; 506 if (hslot->count < hslot2->count) 507 goto begin; 508 509 result = udp4_lib_lookup2(net, saddr, sport, 510 htonl(INADDR_ANY), hnum, dif, 511 hslot2, slot2); 512 } 513 rcu_read_unlock(); 514 return result; 515 } 516begin: 517 result = NULL; 518 badness = 0; 519 sk_nulls_for_each_rcu(sk, node, &hslot->head) { 520 score = compute_score(sk, net, saddr, hnum, sport, 521 daddr, dport, dif); 522 if (score > badness) { 523 result = sk; 524 badness = score; 525 reuseport = sk->sk_reuseport; 526 if (reuseport) { 527 hash = udp_ehashfn(net, daddr, hnum, 528 saddr, sport); 529 matches = 1; 530 } 531 } else if (score == badness && reuseport) { 532 matches++; 533 if (reciprocal_scale(hash, matches) == 0) 534 result = sk; 535 hash = next_pseudo_random32(hash); 536 } 537 } 538 /* 539 * if the nulls value we got at the end of this lookup is 540 * not the expected one, we must restart lookup. 541 * We probably met an item that was moved to another chain. 542 */ 543 if (get_nulls_value(node) != slot) 544 goto begin; 545 546 if (result) { 547 if (unlikely(!atomic_inc_not_zero_hint(&result->sk_refcnt, 2))) 548 result = NULL; 549 else if (unlikely(compute_score(result, net, saddr, hnum, sport, 550 daddr, dport, dif) < badness)) { 551 sock_put(result); 552 goto begin; 553 } 554 } 555 rcu_read_unlock(); 556 return result; 557} 558EXPORT_SYMBOL_GPL(__udp4_lib_lookup); 559 560static inline struct sock *__udp4_lib_lookup_skb(struct sk_buff *skb, 561 __be16 sport, __be16 dport, 562 struct udp_table *udptable) 563{ 564 const struct iphdr *iph = ip_hdr(skb); 565 566 return __udp4_lib_lookup(dev_net(skb_dst(skb)->dev), iph->saddr, sport, 567 iph->daddr, dport, inet_iif(skb), 568 udptable); 569} 570 571struct sock *udp4_lib_lookup(struct net *net, __be32 saddr, __be16 sport, 572 __be32 daddr, __be16 dport, int dif) 573{ 574 return __udp4_lib_lookup(net, saddr, sport, daddr, dport, dif, &udp_table); 575} 576EXPORT_SYMBOL_GPL(udp4_lib_lookup); 577 578static inline bool __udp_is_mcast_sock(struct net *net, struct sock *sk, 579 __be16 loc_port, __be32 loc_addr, 580 __be16 rmt_port, __be32 rmt_addr, 581 int dif, unsigned short hnum) 582{ 583 struct inet_sock *inet = inet_sk(sk); 584 585 if (!net_eq(sock_net(sk), net) || 586 udp_sk(sk)->udp_port_hash != hnum || 587 (inet->inet_daddr && inet->inet_daddr != rmt_addr) || 588 (inet->inet_dport != rmt_port && inet->inet_dport) || 589 (inet->inet_rcv_saddr && inet->inet_rcv_saddr != loc_addr) || 590 ipv6_only_sock(sk) || 591 (sk->sk_bound_dev_if && sk->sk_bound_dev_if != dif)) 592 return false; 593 if (!ip_mc_sf_allow(sk, loc_addr, rmt_addr, dif)) 594 return false; 595 return true; 596} 597 598/* 599 * This routine is called by the ICMP module when it gets some 600 * sort of error condition. If err < 0 then the socket should 601 * be closed and the error returned to the user. If err > 0 602 * it's just the icmp type << 8 | icmp code. 603 * Header points to the ip header of the error packet. We move 604 * on past this. Then (as it used to claim before adjustment) 605 * header points to the first 8 bytes of the udp header. We need 606 * to find the appropriate port. 607 */ 608 609void __udp4_lib_err(struct sk_buff *skb, u32 info, struct udp_table *udptable) 610{ 611 struct inet_sock *inet; 612 const struct iphdr *iph = (const struct iphdr *)skb->data; 613 struct udphdr *uh = (struct udphdr *)(skb->data+(iph->ihl<<2)); 614 const int type = icmp_hdr(skb)->type; 615 const int code = icmp_hdr(skb)->code; 616 struct sock *sk; 617 int harderr; 618 int err; 619 struct net *net = dev_net(skb->dev); 620 621 sk = __udp4_lib_lookup(net, iph->daddr, uh->dest, 622 iph->saddr, uh->source, skb->dev->ifindex, udptable); 623 if (sk == NULL) { 624 ICMP_INC_STATS_BH(net, ICMP_MIB_INERRORS); 625 return; /* No socket for error */ 626 } 627 628 err = 0; 629 harderr = 0; 630 inet = inet_sk(sk); 631 632 switch (type) { 633 default: 634 case ICMP_TIME_EXCEEDED: 635 err = EHOSTUNREACH; 636 break; 637 case ICMP_SOURCE_QUENCH: 638 goto out; 639 case ICMP_PARAMETERPROB: 640 err = EPROTO; 641 harderr = 1; 642 break; 643 case ICMP_DEST_UNREACH: 644 if (code == ICMP_FRAG_NEEDED) { /* Path MTU discovery */ 645 ipv4_sk_update_pmtu(skb, sk, info); 646 if (inet->pmtudisc != IP_PMTUDISC_DONT) { 647 err = EMSGSIZE; 648 harderr = 1; 649 break; 650 } 651 goto out; 652 } 653 err = EHOSTUNREACH; 654 if (code <= NR_ICMP_UNREACH) { 655 harderr = icmp_err_convert[code].fatal; 656 err = icmp_err_convert[code].errno; 657 } 658 break; 659 case ICMP_REDIRECT: 660 ipv4_sk_redirect(skb, sk); 661 goto out; 662 } 663 664 /* 665 * RFC1122: OK. Passes ICMP errors back to application, as per 666 * 4.1.3.3. 667 */ 668 if (!inet->recverr) { 669 if (!harderr || sk->sk_state != TCP_ESTABLISHED) 670 goto out; 671 } else 672 ip_icmp_error(sk, skb, err, uh->dest, info, (u8 *)(uh+1)); 673 674 sk->sk_err = err; 675 sk->sk_error_report(sk); 676out: 677 sock_put(sk); 678} 679 680void udp_err(struct sk_buff *skb, u32 info) 681{ 682 __udp4_lib_err(skb, info, &udp_table); 683} 684 685/* 686 * Throw away all pending data and cancel the corking. Socket is locked. 687 */ 688void udp_flush_pending_frames(struct sock *sk) 689{ 690 struct udp_sock *up = udp_sk(sk); 691 692 if (up->pending) { 693 up->len = 0; 694 up->pending = 0; 695 ip_flush_pending_frames(sk); 696 } 697} 698EXPORT_SYMBOL(udp_flush_pending_frames); 699 700/** 701 * udp4_hwcsum - handle outgoing HW checksumming 702 * @skb: sk_buff containing the filled-in UDP header 703 * (checksum field must be zeroed out) 704 * @src: source IP address 705 * @dst: destination IP address 706 */ 707void udp4_hwcsum(struct sk_buff *skb, __be32 src, __be32 dst) 708{ 709 struct udphdr *uh = udp_hdr(skb); 710 int offset = skb_transport_offset(skb); 711 int len = skb->len - offset; 712 int hlen = len; 713 __wsum csum = 0; 714 715 if (!skb_has_frag_list(skb)) { 716 /* 717 * Only one fragment on the socket. 718 */ 719 skb->csum_start = skb_transport_header(skb) - skb->head; 720 skb->csum_offset = offsetof(struct udphdr, check); 721 uh->check = ~csum_tcpudp_magic(src, dst, len, 722 IPPROTO_UDP, 0); 723 } else { 724 struct sk_buff *frags; 725 726 /* 727 * HW-checksum won't work as there are two or more 728 * fragments on the socket so that all csums of sk_buffs 729 * should be together 730 */ 731 skb_walk_frags(skb, frags) { 732 csum = csum_add(csum, frags->csum); 733 hlen -= frags->len; 734 } 735 736 csum = skb_checksum(skb, offset, hlen, csum); 737 skb->ip_summed = CHECKSUM_NONE; 738 739 uh->check = csum_tcpudp_magic(src, dst, len, IPPROTO_UDP, csum); 740 if (uh->check == 0) 741 uh->check = CSUM_MANGLED_0; 742 } 743} 744EXPORT_SYMBOL_GPL(udp4_hwcsum); 745 746/* Function to set UDP checksum for an IPv4 UDP packet. This is intended 747 * for the simple case like when setting the checksum for a UDP tunnel. 748 */ 749void udp_set_csum(bool nocheck, struct sk_buff *skb, 750 __be32 saddr, __be32 daddr, int len) 751{ 752 struct udphdr *uh = udp_hdr(skb); 753 754 if (nocheck) 755 uh->check = 0; 756 else if (skb_is_gso(skb)) 757 uh->check = ~udp_v4_check(len, saddr, daddr, 0); 758 else if (skb_dst(skb) && skb_dst(skb)->dev && 759 (skb_dst(skb)->dev->features & NETIF_F_V4_CSUM)) { 760 761 BUG_ON(skb->ip_summed == CHECKSUM_PARTIAL); 762 763 skb->ip_summed = CHECKSUM_PARTIAL; 764 skb->csum_start = skb_transport_header(skb) - skb->head; 765 skb->csum_offset = offsetof(struct udphdr, check); 766 uh->check = ~udp_v4_check(len, saddr, daddr, 0); 767 } else { 768 __wsum csum; 769 770 BUG_ON(skb->ip_summed == CHECKSUM_PARTIAL); 771 772 uh->check = 0; 773 csum = skb_checksum(skb, 0, len, 0); 774 uh->check = udp_v4_check(len, saddr, daddr, csum); 775 if (uh->check == 0) 776 uh->check = CSUM_MANGLED_0; 777 778 skb->ip_summed = CHECKSUM_UNNECESSARY; 779 } 780} 781EXPORT_SYMBOL(udp_set_csum); 782 783static int udp_send_skb(struct sk_buff *skb, struct flowi4 *fl4) 784{ 785 struct sock *sk = skb->sk; 786 struct inet_sock *inet = inet_sk(sk); 787 struct udphdr *uh; 788 int err = 0; 789 int is_udplite = IS_UDPLITE(sk); 790 int offset = skb_transport_offset(skb); 791 int len = skb->len - offset; 792 __wsum csum = 0; 793 794 /* 795 * Create a UDP header 796 */ 797 uh = udp_hdr(skb); 798 uh->source = inet->inet_sport; 799 uh->dest = fl4->fl4_dport; 800 uh->len = htons(len); 801 uh->check = 0; 802 803 if (is_udplite) /* UDP-Lite */ 804 csum = udplite_csum(skb); 805 806 else if (sk->sk_no_check_tx) { /* UDP csum disabled */ 807 808 skb->ip_summed = CHECKSUM_NONE; 809 goto send; 810 811 } else if (skb->ip_summed == CHECKSUM_PARTIAL) { /* UDP hardware csum */ 812 813 udp4_hwcsum(skb, fl4->saddr, fl4->daddr); 814 goto send; 815 816 } else 817 csum = udp_csum(skb); 818 819 /* add protocol-dependent pseudo-header */ 820 uh->check = csum_tcpudp_magic(fl4->saddr, fl4->daddr, len, 821 sk->sk_protocol, csum); 822 if (uh->check == 0) 823 uh->check = CSUM_MANGLED_0; 824 825send: 826 err = ip_send_skb(sock_net(sk), skb); 827 if (err) { 828 if (err == -ENOBUFS && !inet->recverr) { 829 UDP_INC_STATS_USER(sock_net(sk), 830 UDP_MIB_SNDBUFERRORS, is_udplite); 831 err = 0; 832 } 833 } else 834 UDP_INC_STATS_USER(sock_net(sk), 835 UDP_MIB_OUTDATAGRAMS, is_udplite); 836 return err; 837} 838 839/* 840 * Push out all pending data as one UDP datagram. Socket is locked. 841 */ 842int udp_push_pending_frames(struct sock *sk) 843{ 844 struct udp_sock *up = udp_sk(sk); 845 struct inet_sock *inet = inet_sk(sk); 846 struct flowi4 *fl4 = &inet->cork.fl.u.ip4; 847 struct sk_buff *skb; 848 int err = 0; 849 850 skb = ip_finish_skb(sk, fl4); 851 if (!skb) 852 goto out; 853 854 err = udp_send_skb(skb, fl4); 855 856out: 857 up->len = 0; 858 up->pending = 0; 859 return err; 860} 861EXPORT_SYMBOL(udp_push_pending_frames); 862 863int udp_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, 864 size_t len) 865{ 866 struct inet_sock *inet = inet_sk(sk); 867 struct udp_sock *up = udp_sk(sk); 868 struct flowi4 fl4_stack; 869 struct flowi4 *fl4; 870 int ulen = len; 871 struct ipcm_cookie ipc; 872 struct rtable *rt = NULL; 873 int free = 0; 874 int connected = 0; 875 __be32 daddr, faddr, saddr; 876 __be16 dport; 877 u8 tos; 878 int err, is_udplite = IS_UDPLITE(sk); 879 int corkreq = up->corkflag || msg->msg_flags&MSG_MORE; 880 int (*getfrag)(void *, char *, int, int, int, struct sk_buff *); 881 struct sk_buff *skb; 882 struct ip_options_data opt_copy; 883 884 if (len > 0xFFFF) 885 return -EMSGSIZE; 886 887 /* 888 * Check the flags. 889 */ 890 891 if (msg->msg_flags & MSG_OOB) /* Mirror BSD error message compatibility */ 892 return -EOPNOTSUPP; 893 894 ipc.opt = NULL; 895 ipc.tx_flags = 0; 896 ipc.ttl = 0; 897 ipc.tos = -1; 898 899 getfrag = is_udplite ? udplite_getfrag : ip_generic_getfrag; 900 901 fl4 = &inet->cork.fl.u.ip4; 902 if (up->pending) { 903 /* 904 * There are pending frames. 905 * The socket lock must be held while it's corked. 906 */ 907 lock_sock(sk); 908 if (likely(up->pending)) { 909 if (unlikely(up->pending != AF_INET)) { 910 release_sock(sk); 911 return -EINVAL; 912 } 913 goto do_append_data; 914 } 915 release_sock(sk); 916 } 917 ulen += sizeof(struct udphdr); 918 919 /* 920 * Get and verify the address. 921 */ 922 if (msg->msg_name) { 923 DECLARE_SOCKADDR(struct sockaddr_in *, usin, msg->msg_name); 924 if (msg->msg_namelen < sizeof(*usin)) 925 return -EINVAL; 926 if (usin->sin_family != AF_INET) { 927 if (usin->sin_family != AF_UNSPEC) 928 return -EAFNOSUPPORT; 929 } 930 931 daddr = usin->sin_addr.s_addr; 932 dport = usin->sin_port; 933 if (dport == 0) 934 return -EINVAL; 935 } else { 936 if (sk->sk_state != TCP_ESTABLISHED) 937 return -EDESTADDRREQ; 938 daddr = inet->inet_daddr; 939 dport = inet->inet_dport; 940 /* Open fast path for connected socket. 941 Route will not be used, if at least one option is set. 942 */ 943 connected = 1; 944 } 945 ipc.addr = inet->inet_saddr; 946 947 ipc.oif = sk->sk_bound_dev_if; 948 949 sock_tx_timestamp(sk, &ipc.tx_flags); 950 951 if (msg->msg_controllen) { 952 err = ip_cmsg_send(sock_net(sk), msg, &ipc, 953 sk->sk_family == AF_INET6); 954 if (err) 955 return err; 956 if (ipc.opt) 957 free = 1; 958 connected = 0; 959 } 960 if (!ipc.opt) { 961 struct ip_options_rcu *inet_opt; 962 963 rcu_read_lock(); 964 inet_opt = rcu_dereference(inet->inet_opt); 965 if (inet_opt) { 966 memcpy(&opt_copy, inet_opt, 967 sizeof(*inet_opt) + inet_opt->opt.optlen); 968 ipc.opt = &opt_copy.opt; 969 } 970 rcu_read_unlock(); 971 } 972 973 saddr = ipc.addr; 974 ipc.addr = faddr = daddr; 975 976 if (ipc.opt && ipc.opt->opt.srr) { 977 if (!daddr) 978 return -EINVAL; 979 faddr = ipc.opt->opt.faddr; 980 connected = 0; 981 } 982 tos = get_rttos(&ipc, inet); 983 if (sock_flag(sk, SOCK_LOCALROUTE) || 984 (msg->msg_flags & MSG_DONTROUTE) || 985 (ipc.opt && ipc.opt->opt.is_strictroute)) { 986 tos |= RTO_ONLINK; 987 connected = 0; 988 } 989 990 if (ipv4_is_multicast(daddr)) { 991 if (!ipc.oif) 992 ipc.oif = inet->mc_index; 993 if (!saddr) 994 saddr = inet->mc_addr; 995 connected = 0; 996 } else if (!ipc.oif) 997 ipc.oif = inet->uc_index; 998 999 if (connected) 1000 rt = (struct rtable *)sk_dst_check(sk, 0); 1001 1002 if (rt == NULL) { 1003 struct net *net = sock_net(sk); 1004 1005 fl4 = &fl4_stack; 1006 flowi4_init_output(fl4, ipc.oif, sk->sk_mark, tos, 1007 RT_SCOPE_UNIVERSE, sk->sk_protocol, 1008 inet_sk_flowi_flags(sk), 1009 faddr, saddr, dport, inet->inet_sport, 1010 sock_i_uid(sk)); 1011 1012 security_sk_classify_flow(sk, flowi4_to_flowi(fl4)); 1013 rt = ip_route_output_flow(net, fl4, sk); 1014 if (IS_ERR(rt)) { 1015 err = PTR_ERR(rt); 1016 rt = NULL; 1017 if (err == -ENETUNREACH) 1018 IP_INC_STATS(net, IPSTATS_MIB_OUTNOROUTES); 1019 goto out; 1020 } 1021 1022 err = -EACCES; 1023 if ((rt->rt_flags & RTCF_BROADCAST) && 1024 !sock_flag(sk, SOCK_BROADCAST)) 1025 goto out; 1026 if (connected) 1027 sk_dst_set(sk, dst_clone(&rt->dst)); 1028 } 1029 1030 if (msg->msg_flags&MSG_CONFIRM) 1031 goto do_confirm; 1032back_from_confirm: 1033 1034 saddr = fl4->saddr; 1035 if (!ipc.addr) 1036 daddr = ipc.addr = fl4->daddr; 1037 1038 /* Lockless fast path for the non-corking case. */ 1039 if (!corkreq) { 1040 skb = ip_make_skb(sk, fl4, getfrag, msg->msg_iov, ulen, 1041 sizeof(struct udphdr), &ipc, &rt, 1042 msg->msg_flags); 1043 err = PTR_ERR(skb); 1044 if (!IS_ERR_OR_NULL(skb)) 1045 err = udp_send_skb(skb, fl4); 1046 goto out; 1047 } 1048 1049 lock_sock(sk); 1050 if (unlikely(up->pending)) { 1051 /* The socket is already corked while preparing it. */ 1052 /* ... which is an evident application bug. --ANK */ 1053 release_sock(sk); 1054 1055 LIMIT_NETDEBUG(KERN_DEBUG pr_fmt("cork app bug 2\n")); 1056 err = -EINVAL; 1057 goto out; 1058 } 1059 /* 1060 * Now cork the socket to pend data. 1061 */ 1062 fl4 = &inet->cork.fl.u.ip4; 1063 fl4->daddr = daddr; 1064 fl4->saddr = saddr; 1065 fl4->fl4_dport = dport; 1066 fl4->fl4_sport = inet->inet_sport; 1067 up->pending = AF_INET; 1068 1069do_append_data: 1070 up->len += ulen; 1071 err = ip_append_data(sk, fl4, getfrag, msg->msg_iov, ulen, 1072 sizeof(struct udphdr), &ipc, &rt, 1073 corkreq ? msg->msg_flags|MSG_MORE : msg->msg_flags); 1074 if (err) 1075 udp_flush_pending_frames(sk); 1076 else if (!corkreq) 1077 err = udp_push_pending_frames(sk); 1078 else if (unlikely(skb_queue_empty(&sk->sk_write_queue))) 1079 up->pending = 0; 1080 release_sock(sk); 1081 1082out: 1083 ip_rt_put(rt); 1084 if (free) 1085 kfree(ipc.opt); 1086 if (!err) 1087 return len; 1088 /* 1089 * ENOBUFS = no kernel mem, SOCK_NOSPACE = no sndbuf space. Reporting 1090 * ENOBUFS might not be good (it's not tunable per se), but otherwise 1091 * we don't have a good statistic (IpOutDiscards but it can be too many 1092 * things). We could add another new stat but at least for now that 1093 * seems like overkill. 1094 */ 1095 if (err == -ENOBUFS || test_bit(SOCK_NOSPACE, &sk->sk_socket->flags)) { 1096 UDP_INC_STATS_USER(sock_net(sk), 1097 UDP_MIB_SNDBUFERRORS, is_udplite); 1098 } 1099 return err; 1100 1101do_confirm: 1102 dst_confirm(&rt->dst); 1103 if (!(msg->msg_flags&MSG_PROBE) || len) 1104 goto back_from_confirm; 1105 err = 0; 1106 goto out; 1107} 1108EXPORT_SYMBOL(udp_sendmsg); 1109 1110int udp_sendpage(struct sock *sk, struct page *page, int offset, 1111 size_t size, int flags) 1112{ 1113 struct inet_sock *inet = inet_sk(sk); 1114 struct udp_sock *up = udp_sk(sk); 1115 int ret; 1116 1117 if (flags & MSG_SENDPAGE_NOTLAST) 1118 flags |= MSG_MORE; 1119 1120 if (!up->pending) { 1121 struct msghdr msg = { .msg_flags = flags|MSG_MORE }; 1122 1123 /* Call udp_sendmsg to specify destination address which 1124 * sendpage interface can't pass. 1125 * This will succeed only when the socket is connected. 1126 */ 1127 ret = udp_sendmsg(NULL, sk, &msg, 0); 1128 if (ret < 0) 1129 return ret; 1130 } 1131 1132 lock_sock(sk); 1133 1134 if (unlikely(!up->pending)) { 1135 release_sock(sk); 1136 1137 LIMIT_NETDEBUG(KERN_DEBUG pr_fmt("udp cork app bug 3\n")); 1138 return -EINVAL; 1139 } 1140 1141 ret = ip_append_page(sk, &inet->cork.fl.u.ip4, 1142 page, offset, size, flags); 1143 if (ret == -EOPNOTSUPP) { 1144 release_sock(sk); 1145 return sock_no_sendpage(sk->sk_socket, page, offset, 1146 size, flags); 1147 } 1148 if (ret < 0) { 1149 udp_flush_pending_frames(sk); 1150 goto out; 1151 } 1152 1153 up->len += size; 1154 if (!(up->corkflag || (flags&MSG_MORE))) 1155 ret = udp_push_pending_frames(sk); 1156 if (!ret) 1157 ret = size; 1158out: 1159 release_sock(sk); 1160 return ret; 1161} 1162 1163 1164/** 1165 * first_packet_length - return length of first packet in receive queue 1166 * @sk: socket 1167 * 1168 * Drops all bad checksum frames, until a valid one is found. 1169 * Returns the length of found skb, or 0 if none is found. 1170 */ 1171static unsigned int first_packet_length(struct sock *sk) 1172{ 1173 struct sk_buff_head list_kill, *rcvq = &sk->sk_receive_queue; 1174 struct sk_buff *skb; 1175 unsigned int res; 1176 1177 __skb_queue_head_init(&list_kill); 1178 1179 spin_lock_bh(&rcvq->lock); 1180 while ((skb = skb_peek(rcvq)) != NULL && 1181 udp_lib_checksum_complete(skb)) { 1182 UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_CSUMERRORS, 1183 IS_UDPLITE(sk)); 1184 UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS, 1185 IS_UDPLITE(sk)); 1186 atomic_inc(&sk->sk_drops); 1187 __skb_unlink(skb, rcvq); 1188 __skb_queue_tail(&list_kill, skb); 1189 } 1190 res = skb ? skb->len : 0; 1191 spin_unlock_bh(&rcvq->lock); 1192 1193 if (!skb_queue_empty(&list_kill)) { 1194 bool slow = lock_sock_fast(sk); 1195 1196 __skb_queue_purge(&list_kill); 1197 sk_mem_reclaim_partial(sk); 1198 unlock_sock_fast(sk, slow); 1199 } 1200 return res; 1201} 1202 1203/* 1204 * IOCTL requests applicable to the UDP protocol 1205 */ 1206 1207int udp_ioctl(struct sock *sk, int cmd, unsigned long arg) 1208{ 1209 switch (cmd) { 1210 case SIOCOUTQ: 1211 { 1212 int amount = sk_wmem_alloc_get(sk); 1213 1214 return put_user(amount, (int __user *)arg); 1215 } 1216 1217 case SIOCINQ: 1218 { 1219 unsigned int amount = first_packet_length(sk); 1220 1221 if (amount) 1222 /* 1223 * We will only return the amount 1224 * of this packet since that is all 1225 * that will be read. 1226 */ 1227 amount -= sizeof(struct udphdr); 1228 1229 return put_user(amount, (int __user *)arg); 1230 } 1231 1232 default: 1233 return -ENOIOCTLCMD; 1234 } 1235 1236 return 0; 1237} 1238EXPORT_SYMBOL(udp_ioctl); 1239 1240/* 1241 * This should be easy, if there is something there we 1242 * return it, otherwise we block. 1243 */ 1244 1245int udp_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, 1246 size_t len, int noblock, int flags, int *addr_len) 1247{ 1248 struct inet_sock *inet = inet_sk(sk); 1249 DECLARE_SOCKADDR(struct sockaddr_in *, sin, msg->msg_name); 1250 struct sk_buff *skb; 1251 unsigned int ulen, copied; 1252 int peeked, off = 0; 1253 int err; 1254 int is_udplite = IS_UDPLITE(sk); 1255 bool slow; 1256 1257 if (flags & MSG_ERRQUEUE) 1258 return ip_recv_error(sk, msg, len, addr_len); 1259 1260try_again: 1261 skb = __skb_recv_datagram(sk, flags | (noblock ? MSG_DONTWAIT : 0), 1262 &peeked, &off, &err); 1263 if (!skb) 1264 goto out; 1265 1266 ulen = skb->len - sizeof(struct udphdr); 1267 copied = len; 1268 if (copied > ulen) 1269 copied = ulen; 1270 else if (copied < ulen) 1271 msg->msg_flags |= MSG_TRUNC; 1272 1273 /* 1274 * If checksum is needed at all, try to do it while copying the 1275 * data. If the data is truncated, or if we only want a partial 1276 * coverage checksum (UDP-Lite), do it before the copy. 1277 */ 1278 1279 if (copied < ulen || UDP_SKB_CB(skb)->partial_cov) { 1280 if (udp_lib_checksum_complete(skb)) 1281 goto csum_copy_err; 1282 } 1283 1284 if (skb_csum_unnecessary(skb)) 1285 err = skb_copy_datagram_iovec(skb, sizeof(struct udphdr), 1286 msg->msg_iov, copied); 1287 else { 1288 err = skb_copy_and_csum_datagram_iovec(skb, 1289 sizeof(struct udphdr), 1290 msg->msg_iov); 1291 1292 if (err == -EINVAL) 1293 goto csum_copy_err; 1294 } 1295 1296 if (unlikely(err)) { 1297 trace_kfree_skb(skb, udp_recvmsg); 1298 if (!peeked) { 1299 atomic_inc(&sk->sk_drops); 1300 UDP_INC_STATS_USER(sock_net(sk), 1301 UDP_MIB_INERRORS, is_udplite); 1302 } 1303 goto out_free; 1304 } 1305 1306 if (!peeked) 1307 UDP_INC_STATS_USER(sock_net(sk), 1308 UDP_MIB_INDATAGRAMS, is_udplite); 1309 1310 sock_recv_ts_and_drops(msg, sk, skb); 1311 1312 /* Copy the address. */ 1313 if (sin) { 1314 sin->sin_family = AF_INET; 1315 sin->sin_port = udp_hdr(skb)->source; 1316 sin->sin_addr.s_addr = ip_hdr(skb)->saddr; 1317 memset(sin->sin_zero, 0, sizeof(sin->sin_zero)); 1318 *addr_len = sizeof(*sin); 1319 } 1320 if (inet->cmsg_flags) 1321 ip_cmsg_recv(msg, skb); 1322 1323 err = copied; 1324 if (flags & MSG_TRUNC) 1325 err = ulen; 1326 1327out_free: 1328 skb_free_datagram_locked(sk, skb); 1329out: 1330 return err; 1331 1332csum_copy_err: 1333 slow = lock_sock_fast(sk); 1334 if (!skb_kill_datagram(sk, skb, flags)) { 1335 UDP_INC_STATS_USER(sock_net(sk), UDP_MIB_CSUMERRORS, is_udplite); 1336 UDP_INC_STATS_USER(sock_net(sk), UDP_MIB_INERRORS, is_udplite); 1337 } 1338 unlock_sock_fast(sk, slow); 1339 1340 if (noblock) 1341 return -EAGAIN; 1342 1343 /* starting over for a new packet */ 1344 msg->msg_flags &= ~MSG_TRUNC; 1345 goto try_again; 1346} 1347 1348 1349int udp_disconnect(struct sock *sk, int flags) 1350{ 1351 struct inet_sock *inet = inet_sk(sk); 1352 /* 1353 * 1003.1g - break association. 1354 */ 1355 1356 sk->sk_state = TCP_CLOSE; 1357 inet->inet_daddr = 0; 1358 inet->inet_dport = 0; 1359 sock_rps_reset_rxhash(sk); 1360 sk->sk_bound_dev_if = 0; 1361 if (!(sk->sk_userlocks & SOCK_BINDADDR_LOCK)) 1362 inet_reset_saddr(sk); 1363 1364 if (!(sk->sk_userlocks & SOCK_BINDPORT_LOCK)) { 1365 sk->sk_prot->unhash(sk); 1366 inet->inet_sport = 0; 1367 } 1368 sk_dst_reset(sk); 1369 return 0; 1370} 1371EXPORT_SYMBOL(udp_disconnect); 1372 1373void udp_lib_unhash(struct sock *sk) 1374{ 1375 if (sk_hashed(sk)) { 1376 struct udp_table *udptable = sk->sk_prot->h.udp_table; 1377 struct udp_hslot *hslot, *hslot2; 1378 1379 hslot = udp_hashslot(udptable, sock_net(sk), 1380 udp_sk(sk)->udp_port_hash); 1381 hslot2 = udp_hashslot2(udptable, udp_sk(sk)->udp_portaddr_hash); 1382 1383 spin_lock_bh(&hslot->lock); 1384 if (sk_nulls_del_node_init_rcu(sk)) { 1385 hslot->count--; 1386 inet_sk(sk)->inet_num = 0; 1387 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, -1); 1388 1389 spin_lock(&hslot2->lock); 1390 hlist_nulls_del_init_rcu(&udp_sk(sk)->udp_portaddr_node); 1391 hslot2->count--; 1392 spin_unlock(&hslot2->lock); 1393 } 1394 spin_unlock_bh(&hslot->lock); 1395 } 1396} 1397EXPORT_SYMBOL(udp_lib_unhash); 1398 1399/* 1400 * inet_rcv_saddr was changed, we must rehash secondary hash 1401 */ 1402void udp_lib_rehash(struct sock *sk, u16 newhash) 1403{ 1404 if (sk_hashed(sk)) { 1405 struct udp_table *udptable = sk->sk_prot->h.udp_table; 1406 struct udp_hslot *hslot, *hslot2, *nhslot2; 1407 1408 hslot2 = udp_hashslot2(udptable, udp_sk(sk)->udp_portaddr_hash); 1409 nhslot2 = udp_hashslot2(udptable, newhash); 1410 udp_sk(sk)->udp_portaddr_hash = newhash; 1411 if (hslot2 != nhslot2) { 1412 hslot = udp_hashslot(udptable, sock_net(sk), 1413 udp_sk(sk)->udp_port_hash); 1414 /* we must lock primary chain too */ 1415 spin_lock_bh(&hslot->lock); 1416 1417 spin_lock(&hslot2->lock); 1418 hlist_nulls_del_init_rcu(&udp_sk(sk)->udp_portaddr_node); 1419 hslot2->count--; 1420 spin_unlock(&hslot2->lock); 1421 1422 spin_lock(&nhslot2->lock); 1423 hlist_nulls_add_head_rcu(&udp_sk(sk)->udp_portaddr_node, 1424 &nhslot2->head); 1425 nhslot2->count++; 1426 spin_unlock(&nhslot2->lock); 1427 1428 spin_unlock_bh(&hslot->lock); 1429 } 1430 } 1431} 1432EXPORT_SYMBOL(udp_lib_rehash); 1433 1434static void udp_v4_rehash(struct sock *sk) 1435{ 1436 u16 new_hash = udp4_portaddr_hash(sock_net(sk), 1437 inet_sk(sk)->inet_rcv_saddr, 1438 inet_sk(sk)->inet_num); 1439 udp_lib_rehash(sk, new_hash); 1440} 1441 1442static int __udp_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) 1443{ 1444 int rc; 1445 1446 if (inet_sk(sk)->inet_daddr) { 1447 sock_rps_save_rxhash(sk, skb); 1448 sk_mark_napi_id(sk, skb); 1449 } 1450 1451 rc = sock_queue_rcv_skb(sk, skb); 1452 if (rc < 0) { 1453 int is_udplite = IS_UDPLITE(sk); 1454 1455 /* Note that an ENOMEM error is charged twice */ 1456 if (rc == -ENOMEM) 1457 UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_RCVBUFERRORS, 1458 is_udplite); 1459 UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS, is_udplite); 1460 kfree_skb(skb); 1461 trace_udp_fail_queue_rcv_skb(rc, sk); 1462 return -1; 1463 } 1464 1465 return 0; 1466 1467} 1468 1469static struct static_key udp_encap_needed __read_mostly; 1470void udp_encap_enable(void) 1471{ 1472 if (!static_key_enabled(&udp_encap_needed)) 1473 static_key_slow_inc(&udp_encap_needed); 1474} 1475EXPORT_SYMBOL(udp_encap_enable); 1476 1477/* returns: 1478 * -1: error 1479 * 0: success 1480 * >0: "udp encap" protocol resubmission 1481 * 1482 * Note that in the success and error cases, the skb is assumed to 1483 * have either been requeued or freed. 1484 */ 1485int udp_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) 1486{ 1487 struct udp_sock *up = udp_sk(sk); 1488 int rc; 1489 int is_udplite = IS_UDPLITE(sk); 1490 1491 /* 1492 * Charge it to the socket, dropping if the queue is full. 1493 */ 1494 if (!xfrm4_policy_check(sk, XFRM_POLICY_IN, skb)) 1495 goto drop; 1496 nf_reset(skb); 1497 1498 if (static_key_false(&udp_encap_needed) && up->encap_type) { 1499 int (*encap_rcv)(struct sock *sk, struct sk_buff *skb); 1500 1501 /* 1502 * This is an encapsulation socket so pass the skb to 1503 * the socket's udp_encap_rcv() hook. Otherwise, just 1504 * fall through and pass this up the UDP socket. 1505 * up->encap_rcv() returns the following value: 1506 * =0 if skb was successfully passed to the encap 1507 * handler or was discarded by it. 1508 * >0 if skb should be passed on to UDP. 1509 * <0 if skb should be resubmitted as proto -N 1510 */ 1511 1512 /* if we're overly short, let UDP handle it */ 1513 encap_rcv = ACCESS_ONCE(up->encap_rcv); 1514 if (skb->len > sizeof(struct udphdr) && encap_rcv != NULL) { 1515 int ret; 1516 1517 /* Verify checksum before giving to encap */ 1518 if (udp_lib_checksum_complete(skb)) 1519 goto csum_error; 1520 1521 ret = encap_rcv(sk, skb); 1522 if (ret <= 0) { 1523 UDP_INC_STATS_BH(sock_net(sk), 1524 UDP_MIB_INDATAGRAMS, 1525 is_udplite); 1526 return -ret; 1527 } 1528 } 1529 1530 /* FALLTHROUGH -- it's a UDP Packet */ 1531 } 1532 1533 /* 1534 * UDP-Lite specific tests, ignored on UDP sockets 1535 */ 1536 if ((is_udplite & UDPLITE_RECV_CC) && UDP_SKB_CB(skb)->partial_cov) { 1537 1538 /* 1539 * MIB statistics other than incrementing the error count are 1540 * disabled for the following two types of errors: these depend 1541 * on the application settings, not on the functioning of the 1542 * protocol stack as such. 1543 * 1544 * RFC 3828 here recommends (sec 3.3): "There should also be a 1545 * way ... to ... at least let the receiving application block 1546 * delivery of packets with coverage values less than a value 1547 * provided by the application." 1548 */ 1549 if (up->pcrlen == 0) { /* full coverage was set */ 1550 LIMIT_NETDEBUG(KERN_WARNING "UDPLite: partial coverage %d while full coverage %d requested\n", 1551 UDP_SKB_CB(skb)->cscov, skb->len); 1552 goto drop; 1553 } 1554 /* The next case involves violating the min. coverage requested 1555 * by the receiver. This is subtle: if receiver wants x and x is 1556 * greater than the buffersize/MTU then receiver will complain 1557 * that it wants x while sender emits packets of smaller size y. 1558 * Therefore the above ...()->partial_cov statement is essential. 1559 */ 1560 if (UDP_SKB_CB(skb)->cscov < up->pcrlen) { 1561 LIMIT_NETDEBUG(KERN_WARNING "UDPLite: coverage %d too small, need min %d\n", 1562 UDP_SKB_CB(skb)->cscov, up->pcrlen); 1563 goto drop; 1564 } 1565 } 1566 1567 if (rcu_access_pointer(sk->sk_filter) && 1568 udp_lib_checksum_complete(skb)) 1569 goto csum_error; 1570 1571 1572 if (sk_rcvqueues_full(sk, sk->sk_rcvbuf)) { 1573 UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_RCVBUFERRORS, 1574 is_udplite); 1575 goto drop; 1576 } 1577 1578 rc = 0; 1579 1580 ipv4_pktinfo_prepare(sk, skb); 1581 bh_lock_sock(sk); 1582 if (!sock_owned_by_user(sk)) 1583 rc = __udp_queue_rcv_skb(sk, skb); 1584 else if (sk_add_backlog(sk, skb, sk->sk_rcvbuf)) { 1585 bh_unlock_sock(sk); 1586 goto drop; 1587 } 1588 bh_unlock_sock(sk); 1589 1590 return rc; 1591 1592csum_error: 1593 UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_CSUMERRORS, is_udplite); 1594drop: 1595 UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS, is_udplite); 1596 atomic_inc(&sk->sk_drops); 1597 kfree_skb(skb); 1598 return -1; 1599} 1600 1601 1602static void flush_stack(struct sock **stack, unsigned int count, 1603 struct sk_buff *skb, unsigned int final) 1604{ 1605 unsigned int i; 1606 struct sk_buff *skb1 = NULL; 1607 struct sock *sk; 1608 1609 for (i = 0; i < count; i++) { 1610 sk = stack[i]; 1611 if (likely(skb1 == NULL)) 1612 skb1 = (i == final) ? skb : skb_clone(skb, GFP_ATOMIC); 1613 1614 if (!skb1) { 1615 atomic_inc(&sk->sk_drops); 1616 UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_RCVBUFERRORS, 1617 IS_UDPLITE(sk)); 1618 UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS, 1619 IS_UDPLITE(sk)); 1620 } 1621 1622 if (skb1 && udp_queue_rcv_skb(sk, skb1) <= 0) 1623 skb1 = NULL; 1624 1625 sock_put(sk); 1626 } 1627 if (unlikely(skb1)) 1628 kfree_skb(skb1); 1629} 1630 1631/* For TCP sockets, sk_rx_dst is protected by socket lock 1632 * For UDP, we use xchg() to guard against concurrent changes. 1633 */ 1634static void udp_sk_rx_dst_set(struct sock *sk, struct dst_entry *dst) 1635{ 1636 struct dst_entry *old; 1637 1638 dst_hold(dst); 1639 old = xchg(&sk->sk_rx_dst, dst); 1640 dst_release(old); 1641} 1642 1643/* 1644 * Multicasts and broadcasts go to each listener. 1645 * 1646 * Note: called only from the BH handler context. 1647 */ 1648static int __udp4_lib_mcast_deliver(struct net *net, struct sk_buff *skb, 1649 struct udphdr *uh, 1650 __be32 saddr, __be32 daddr, 1651 struct udp_table *udptable) 1652{ 1653 struct sock *sk, *stack[256 / sizeof(struct sock *)]; 1654 struct hlist_nulls_node *node; 1655 unsigned short hnum = ntohs(uh->dest); 1656 struct udp_hslot *hslot = udp_hashslot(udptable, net, hnum); 1657 int dif = skb->dev->ifindex; 1658 unsigned int count = 0, offset = offsetof(typeof(*sk), sk_nulls_node); 1659 unsigned int hash2 = 0, hash2_any = 0, use_hash2 = (hslot->count > 10); 1660 1661 if (use_hash2) { 1662 hash2_any = udp4_portaddr_hash(net, htonl(INADDR_ANY), hnum) & 1663 udp_table.mask; 1664 hash2 = udp4_portaddr_hash(net, daddr, hnum) & udp_table.mask; 1665start_lookup: 1666 hslot = &udp_table.hash2[hash2]; 1667 offset = offsetof(typeof(*sk), __sk_common.skc_portaddr_node); 1668 } 1669 1670 spin_lock(&hslot->lock); 1671 sk_nulls_for_each_entry_offset(sk, node, &hslot->head, offset) { 1672 if (__udp_is_mcast_sock(net, sk, 1673 uh->dest, daddr, 1674 uh->source, saddr, 1675 dif, hnum)) { 1676 if (unlikely(count == ARRAY_SIZE(stack))) { 1677 flush_stack(stack, count, skb, ~0); 1678 count = 0; 1679 } 1680 stack[count++] = sk; 1681 sock_hold(sk); 1682 } 1683 } 1684 1685 spin_unlock(&hslot->lock); 1686 1687 /* Also lookup *:port if we are using hash2 and haven't done so yet. */ 1688 if (use_hash2 && hash2 != hash2_any) { 1689 hash2 = hash2_any; 1690 goto start_lookup; 1691 } 1692 1693 /* 1694 * do the slow work with no lock held 1695 */ 1696 if (count) { 1697 flush_stack(stack, count, skb, count - 1); 1698 } else { 1699 kfree_skb(skb); 1700 } 1701 return 0; 1702} 1703 1704/* Initialize UDP checksum. If exited with zero value (success), 1705 * CHECKSUM_UNNECESSARY means, that no more checks are required. 1706 * Otherwise, csum completion requires chacksumming packet body, 1707 * including udp header and folding it to skb->csum. 1708 */ 1709static inline int udp4_csum_init(struct sk_buff *skb, struct udphdr *uh, 1710 int proto) 1711{ 1712 int err; 1713 1714 UDP_SKB_CB(skb)->partial_cov = 0; 1715 UDP_SKB_CB(skb)->cscov = skb->len; 1716 1717 if (proto == IPPROTO_UDPLITE) { 1718 err = udplite_checksum_init(skb, uh); 1719 if (err) 1720 return err; 1721 } 1722 1723 return skb_checksum_init_zero_check(skb, proto, uh->check, 1724 inet_compute_pseudo); 1725} 1726 1727/* 1728 * All we need to do is get the socket, and then do a checksum. 1729 */ 1730 1731int __udp4_lib_rcv(struct sk_buff *skb, struct udp_table *udptable, 1732 int proto) 1733{ 1734 struct sock *sk; 1735 struct udphdr *uh; 1736 unsigned short ulen; 1737 struct rtable *rt = skb_rtable(skb); 1738 __be32 saddr, daddr; 1739 struct net *net = dev_net(skb->dev); 1740 1741 /* 1742 * Validate the packet. 1743 */ 1744 if (!pskb_may_pull(skb, sizeof(struct udphdr))) 1745 goto drop; /* No space for header. */ 1746 1747 uh = udp_hdr(skb); 1748 ulen = ntohs(uh->len); 1749 saddr = ip_hdr(skb)->saddr; 1750 daddr = ip_hdr(skb)->daddr; 1751 1752 if (ulen > skb->len) 1753 goto short_packet; 1754 1755 if (proto == IPPROTO_UDP) { 1756 /* UDP validates ulen. */ 1757 if (ulen < sizeof(*uh) || pskb_trim_rcsum(skb, ulen)) 1758 goto short_packet; 1759 uh = udp_hdr(skb); 1760 } 1761 1762 if (udp4_csum_init(skb, uh, proto)) 1763 goto csum_error; 1764 1765 sk = skb_steal_sock(skb); 1766 if (sk) { 1767 struct dst_entry *dst = skb_dst(skb); 1768 int ret; 1769 1770 if (unlikely(sk->sk_rx_dst != dst)) 1771 udp_sk_rx_dst_set(sk, dst); 1772 1773 ret = udp_queue_rcv_skb(sk, skb); 1774 sock_put(sk); 1775 /* a return value > 0 means to resubmit the input, but 1776 * it wants the return to be -protocol, or 0 1777 */ 1778 if (ret > 0) 1779 return -ret; 1780 return 0; 1781 } else { 1782 if (rt->rt_flags & (RTCF_BROADCAST|RTCF_MULTICAST)) 1783 return __udp4_lib_mcast_deliver(net, skb, uh, 1784 saddr, daddr, udptable); 1785 1786 sk = __udp4_lib_lookup_skb(skb, uh->source, uh->dest, udptable); 1787 } 1788 1789 if (sk != NULL) { 1790 int ret; 1791 1792 if (udp_sk(sk)->convert_csum && uh->check && !IS_UDPLITE(sk)) 1793 skb_checksum_try_convert(skb, IPPROTO_UDP, uh->check, 1794 inet_compute_pseudo); 1795 1796 ret = udp_queue_rcv_skb(sk, skb); 1797 sock_put(sk); 1798 1799 /* a return value > 0 means to resubmit the input, but 1800 * it wants the return to be -protocol, or 0 1801 */ 1802 if (ret > 0) 1803 return -ret; 1804 return 0; 1805 } 1806 1807 if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) 1808 goto drop; 1809 nf_reset(skb); 1810 1811 /* No socket. Drop packet silently, if checksum is wrong */ 1812 if (udp_lib_checksum_complete(skb)) 1813 goto csum_error; 1814 1815 UDP_INC_STATS_BH(net, UDP_MIB_NOPORTS, proto == IPPROTO_UDPLITE); 1816 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0); 1817 1818 /* 1819 * Hmm. We got an UDP packet to a port to which we 1820 * don't wanna listen. Ignore it. 1821 */ 1822 kfree_skb(skb); 1823 return 0; 1824 1825short_packet: 1826 LIMIT_NETDEBUG(KERN_DEBUG "UDP%s: short packet: From %pI4:%u %d/%d to %pI4:%u\n", 1827 proto == IPPROTO_UDPLITE ? "Lite" : "", 1828 &saddr, ntohs(uh->source), 1829 ulen, skb->len, 1830 &daddr, ntohs(uh->dest)); 1831 goto drop; 1832 1833csum_error: 1834 /* 1835 * RFC1122: OK. Discards the bad packet silently (as far as 1836 * the network is concerned, anyway) as per 4.1.3.4 (MUST). 1837 */ 1838 LIMIT_NETDEBUG(KERN_DEBUG "UDP%s: bad checksum. From %pI4:%u to %pI4:%u ulen %d\n", 1839 proto == IPPROTO_UDPLITE ? "Lite" : "", 1840 &saddr, ntohs(uh->source), &daddr, ntohs(uh->dest), 1841 ulen); 1842 UDP_INC_STATS_BH(net, UDP_MIB_CSUMERRORS, proto == IPPROTO_UDPLITE); 1843drop: 1844 UDP_INC_STATS_BH(net, UDP_MIB_INERRORS, proto == IPPROTO_UDPLITE); 1845 kfree_skb(skb); 1846 return 0; 1847} 1848 1849/* We can only early demux multicast if there is a single matching socket. 1850 * If more than one socket found returns NULL 1851 */ 1852static struct sock *__udp4_lib_mcast_demux_lookup(struct net *net, 1853 __be16 loc_port, __be32 loc_addr, 1854 __be16 rmt_port, __be32 rmt_addr, 1855 int dif) 1856{ 1857 struct sock *sk, *result; 1858 struct hlist_nulls_node *node; 1859 unsigned short hnum = ntohs(loc_port); 1860 unsigned int count, slot = udp_hashfn(net, hnum, udp_table.mask); 1861 struct udp_hslot *hslot = &udp_table.hash[slot]; 1862 1863 /* Do not bother scanning a too big list */ 1864 if (hslot->count > 10) 1865 return NULL; 1866 1867 rcu_read_lock(); 1868begin: 1869 count = 0; 1870 result = NULL; 1871 sk_nulls_for_each_rcu(sk, node, &hslot->head) { 1872 if (__udp_is_mcast_sock(net, sk, 1873 loc_port, loc_addr, 1874 rmt_port, rmt_addr, 1875 dif, hnum)) { 1876 result = sk; 1877 ++count; 1878 } 1879 } 1880 /* 1881 * if the nulls value we got at the end of this lookup is 1882 * not the expected one, we must restart lookup. 1883 * We probably met an item that was moved to another chain. 1884 */ 1885 if (get_nulls_value(node) != slot) 1886 goto begin; 1887 1888 if (result) { 1889 if (count != 1 || 1890 unlikely(!atomic_inc_not_zero_hint(&result->sk_refcnt, 2))) 1891 result = NULL; 1892 else if (unlikely(!__udp_is_mcast_sock(net, result, 1893 loc_port, loc_addr, 1894 rmt_port, rmt_addr, 1895 dif, hnum))) { 1896 sock_put(result); 1897 result = NULL; 1898 } 1899 } 1900 rcu_read_unlock(); 1901 return result; 1902} 1903 1904/* For unicast we should only early demux connected sockets or we can 1905 * break forwarding setups. The chains here can be long so only check 1906 * if the first socket is an exact match and if not move on. 1907 */ 1908static struct sock *__udp4_lib_demux_lookup(struct net *net, 1909 __be16 loc_port, __be32 loc_addr, 1910 __be16 rmt_port, __be32 rmt_addr, 1911 int dif) 1912{ 1913 struct sock *sk, *result; 1914 struct hlist_nulls_node *node; 1915 unsigned short hnum = ntohs(loc_port); 1916 unsigned int hash2 = udp4_portaddr_hash(net, loc_addr, hnum); 1917 unsigned int slot2 = hash2 & udp_table.mask; 1918 struct udp_hslot *hslot2 = &udp_table.hash2[slot2]; 1919 INET_ADDR_COOKIE(acookie, rmt_addr, loc_addr); 1920 const __portpair ports = INET_COMBINED_PORTS(rmt_port, hnum); 1921 1922 rcu_read_lock(); 1923 result = NULL; 1924 udp_portaddr_for_each_entry_rcu(sk, node, &hslot2->head) { 1925 if (INET_MATCH(sk, net, acookie, 1926 rmt_addr, loc_addr, ports, dif)) 1927 result = sk; 1928 /* Only check first socket in chain */ 1929 break; 1930 } 1931 1932 if (result) { 1933 if (unlikely(!atomic_inc_not_zero_hint(&result->sk_refcnt, 2))) 1934 result = NULL; 1935 else if (unlikely(!INET_MATCH(sk, net, acookie, 1936 rmt_addr, loc_addr, 1937 ports, dif))) { 1938 sock_put(result); 1939 result = NULL; 1940 } 1941 } 1942 rcu_read_unlock(); 1943 return result; 1944} 1945 1946void udp_v4_early_demux(struct sk_buff *skb) 1947{ 1948 struct net *net = dev_net(skb->dev); 1949 const struct iphdr *iph; 1950 const struct udphdr *uh; 1951 struct sock *sk; 1952 struct dst_entry *dst; 1953 int dif = skb->dev->ifindex; 1954 1955 /* validate the packet */ 1956 if (!pskb_may_pull(skb, skb_transport_offset(skb) + sizeof(struct udphdr))) 1957 return; 1958 1959 iph = ip_hdr(skb); 1960 uh = udp_hdr(skb); 1961 1962 if (skb->pkt_type == PACKET_BROADCAST || 1963 skb->pkt_type == PACKET_MULTICAST) 1964 sk = __udp4_lib_mcast_demux_lookup(net, uh->dest, iph->daddr, 1965 uh->source, iph->saddr, dif); 1966 else if (skb->pkt_type == PACKET_HOST) 1967 sk = __udp4_lib_demux_lookup(net, uh->dest, iph->daddr, 1968 uh->source, iph->saddr, dif); 1969 else 1970 return; 1971 1972 if (!sk) 1973 return; 1974 1975 skb->sk = sk; 1976 skb->destructor = sock_efree; 1977 dst = sk->sk_rx_dst; 1978 1979 if (dst) 1980 dst = dst_check(dst, 0); 1981 if (dst) 1982 skb_dst_set_noref(skb, dst); 1983} 1984 1985int udp_rcv(struct sk_buff *skb) 1986{ 1987 return __udp4_lib_rcv(skb, &udp_table, IPPROTO_UDP); 1988} 1989 1990void udp_destroy_sock(struct sock *sk) 1991{ 1992 struct udp_sock *up = udp_sk(sk); 1993 bool slow = lock_sock_fast(sk); 1994 udp_flush_pending_frames(sk); 1995 unlock_sock_fast(sk, slow); 1996 if (static_key_false(&udp_encap_needed) && up->encap_type) { 1997 void (*encap_destroy)(struct sock *sk); 1998 encap_destroy = ACCESS_ONCE(up->encap_destroy); 1999 if (encap_destroy) 2000 encap_destroy(sk); 2001 } 2002} 2003 2004/* 2005 * Socket option code for UDP 2006 */ 2007int udp_lib_setsockopt(struct sock *sk, int level, int optname, 2008 char __user *optval, unsigned int optlen, 2009 int (*push_pending_frames)(struct sock *)) 2010{ 2011 struct udp_sock *up = udp_sk(sk); 2012 int val, valbool; 2013 int err = 0; 2014 int is_udplite = IS_UDPLITE(sk); 2015 2016 if (optlen < sizeof(int)) 2017 return -EINVAL; 2018 2019 if (get_user(val, (int __user *)optval)) 2020 return -EFAULT; 2021 2022 valbool = val ? 1 : 0; 2023 2024 switch (optname) { 2025 case UDP_CORK: 2026 if (val != 0) { 2027 up->corkflag = 1; 2028 } else { 2029 up->corkflag = 0; 2030 lock_sock(sk); 2031 (*push_pending_frames)(sk); 2032 release_sock(sk); 2033 } 2034 break; 2035 2036 case UDP_ENCAP: 2037 switch (val) { 2038 case 0: 2039 case UDP_ENCAP_ESPINUDP: 2040 case UDP_ENCAP_ESPINUDP_NON_IKE: 2041 up->encap_rcv = xfrm4_udp_encap_rcv; 2042 /* FALLTHROUGH */ 2043 case UDP_ENCAP_L2TPINUDP: 2044 up->encap_type = val; 2045 udp_encap_enable(); 2046 break; 2047 default: 2048 err = -ENOPROTOOPT; 2049 break; 2050 } 2051 break; 2052 2053 case UDP_NO_CHECK6_TX: 2054 up->no_check6_tx = valbool; 2055 break; 2056 2057 case UDP_NO_CHECK6_RX: 2058 up->no_check6_rx = valbool; 2059 break; 2060 2061 /* 2062 * UDP-Lite's partial checksum coverage (RFC 3828). 2063 */ 2064 /* The sender sets actual checksum coverage length via this option. 2065 * The case coverage > packet length is handled by send module. */ 2066 case UDPLITE_SEND_CSCOV: 2067 if (!is_udplite) /* Disable the option on UDP sockets */ 2068 return -ENOPROTOOPT; 2069 if (val != 0 && val < 8) /* Illegal coverage: use default (8) */ 2070 val = 8; 2071 else if (val > USHRT_MAX) 2072 val = USHRT_MAX; 2073 up->pcslen = val; 2074 up->pcflag |= UDPLITE_SEND_CC; 2075 break; 2076 2077 /* The receiver specifies a minimum checksum coverage value. To make 2078 * sense, this should be set to at least 8 (as done below). If zero is 2079 * used, this again means full checksum coverage. */ 2080 case UDPLITE_RECV_CSCOV: 2081 if (!is_udplite) /* Disable the option on UDP sockets */ 2082 return -ENOPROTOOPT; 2083 if (val != 0 && val < 8) /* Avoid silly minimal values. */ 2084 val = 8; 2085 else if (val > USHRT_MAX) 2086 val = USHRT_MAX; 2087 up->pcrlen = val; 2088 up->pcflag |= UDPLITE_RECV_CC; 2089 break; 2090 2091 default: 2092 err = -ENOPROTOOPT; 2093 break; 2094 } 2095 2096 return err; 2097} 2098EXPORT_SYMBOL(udp_lib_setsockopt); 2099 2100int udp_setsockopt(struct sock *sk, int level, int optname, 2101 char __user *optval, unsigned int optlen) 2102{ 2103 if (level == SOL_UDP || level == SOL_UDPLITE) 2104 return udp_lib_setsockopt(sk, level, optname, optval, optlen, 2105 udp_push_pending_frames); 2106 return ip_setsockopt(sk, level, optname, optval, optlen); 2107} 2108 2109#ifdef CONFIG_COMPAT 2110int compat_udp_setsockopt(struct sock *sk, int level, int optname, 2111 char __user *optval, unsigned int optlen) 2112{ 2113 if (level == SOL_UDP || level == SOL_UDPLITE) 2114 return udp_lib_setsockopt(sk, level, optname, optval, optlen, 2115 udp_push_pending_frames); 2116 return compat_ip_setsockopt(sk, level, optname, optval, optlen); 2117} 2118#endif 2119 2120int udp_lib_getsockopt(struct sock *sk, int level, int optname, 2121 char __user *optval, int __user *optlen) 2122{ 2123 struct udp_sock *up = udp_sk(sk); 2124 int val, len; 2125 2126 if (get_user(len, optlen)) 2127 return -EFAULT; 2128 2129 len = min_t(unsigned int, len, sizeof(int)); 2130 2131 if (len < 0) 2132 return -EINVAL; 2133 2134 switch (optname) { 2135 case UDP_CORK: 2136 val = up->corkflag; 2137 break; 2138 2139 case UDP_ENCAP: 2140 val = up->encap_type; 2141 break; 2142 2143 case UDP_NO_CHECK6_TX: 2144 val = up->no_check6_tx; 2145 break; 2146 2147 case UDP_NO_CHECK6_RX: 2148 val = up->no_check6_rx; 2149 break; 2150 2151 /* The following two cannot be changed on UDP sockets, the return is 2152 * always 0 (which corresponds to the full checksum coverage of UDP). */ 2153 case UDPLITE_SEND_CSCOV: 2154 val = up->pcslen; 2155 break; 2156 2157 case UDPLITE_RECV_CSCOV: 2158 val = up->pcrlen; 2159 break; 2160 2161 default: 2162 return -ENOPROTOOPT; 2163 } 2164 2165 if (put_user(len, optlen)) 2166 return -EFAULT; 2167 if (copy_to_user(optval, &val, len)) 2168 return -EFAULT; 2169 return 0; 2170} 2171EXPORT_SYMBOL(udp_lib_getsockopt); 2172 2173int udp_getsockopt(struct sock *sk, int level, int optname, 2174 char __user *optval, int __user *optlen) 2175{ 2176 if (level == SOL_UDP || level == SOL_UDPLITE) 2177 return udp_lib_getsockopt(sk, level, optname, optval, optlen); 2178 return ip_getsockopt(sk, level, optname, optval, optlen); 2179} 2180 2181#ifdef CONFIG_COMPAT 2182int compat_udp_getsockopt(struct sock *sk, int level, int optname, 2183 char __user *optval, int __user *optlen) 2184{ 2185 if (level == SOL_UDP || level == SOL_UDPLITE) 2186 return udp_lib_getsockopt(sk, level, optname, optval, optlen); 2187 return compat_ip_getsockopt(sk, level, optname, optval, optlen); 2188} 2189#endif 2190/** 2191 * udp_poll - wait for a UDP event. 2192 * @file - file struct 2193 * @sock - socket 2194 * @wait - poll table 2195 * 2196 * This is same as datagram poll, except for the special case of 2197 * blocking sockets. If application is using a blocking fd 2198 * and a packet with checksum error is in the queue; 2199 * then it could get return from select indicating data available 2200 * but then block when reading it. Add special case code 2201 * to work around these arguably broken applications. 2202 */ 2203unsigned int udp_poll(struct file *file, struct socket *sock, poll_table *wait) 2204{ 2205 unsigned int mask = datagram_poll(file, sock, wait); 2206 struct sock *sk = sock->sk; 2207 2208 sock_rps_record_flow(sk); 2209 2210 /* Check for false positives due to checksum errors */ 2211 if ((mask & POLLRDNORM) && !(file->f_flags & O_NONBLOCK) && 2212 !(sk->sk_shutdown & RCV_SHUTDOWN) && !first_packet_length(sk)) 2213 mask &= ~(POLLIN | POLLRDNORM); 2214 2215 return mask; 2216 2217} 2218EXPORT_SYMBOL(udp_poll); 2219 2220struct proto udp_prot = { 2221 .name = "UDP", 2222 .owner = THIS_MODULE, 2223 .close = udp_lib_close, 2224 .connect = ip4_datagram_connect, 2225 .disconnect = udp_disconnect, 2226 .ioctl = udp_ioctl, 2227 .destroy = udp_destroy_sock, 2228 .setsockopt = udp_setsockopt, 2229 .getsockopt = udp_getsockopt, 2230 .sendmsg = udp_sendmsg, 2231 .recvmsg = udp_recvmsg, 2232 .sendpage = udp_sendpage, 2233 .backlog_rcv = __udp_queue_rcv_skb, 2234 .release_cb = ip4_datagram_release_cb, 2235 .hash = udp_lib_hash, 2236 .unhash = udp_lib_unhash, 2237 .rehash = udp_v4_rehash, 2238 .get_port = udp_v4_get_port, 2239 .memory_allocated = &udp_memory_allocated, 2240 .sysctl_mem = sysctl_udp_mem, 2241 .sysctl_wmem = &sysctl_udp_wmem_min, 2242 .sysctl_rmem = &sysctl_udp_rmem_min, 2243 .obj_size = sizeof(struct udp_sock), 2244 .slab_flags = SLAB_DESTROY_BY_RCU, 2245 .h.udp_table = &udp_table, 2246#ifdef CONFIG_COMPAT 2247 .compat_setsockopt = compat_udp_setsockopt, 2248 .compat_getsockopt = compat_udp_getsockopt, 2249#endif 2250 .clear_sk = sk_prot_clear_portaddr_nulls, 2251}; 2252EXPORT_SYMBOL(udp_prot); 2253 2254/* ------------------------------------------------------------------------ */ 2255#ifdef CONFIG_PROC_FS 2256 2257static struct sock *udp_get_first(struct seq_file *seq, int start) 2258{ 2259 struct sock *sk; 2260 struct udp_iter_state *state = seq->private; 2261 struct net *net = seq_file_net(seq); 2262 2263 for (state->bucket = start; state->bucket <= state->udp_table->mask; 2264 ++state->bucket) { 2265 struct hlist_nulls_node *node; 2266 struct udp_hslot *hslot = &state->udp_table->hash[state->bucket]; 2267 2268 if (hlist_nulls_empty(&hslot->head)) 2269 continue; 2270 2271 spin_lock_bh(&hslot->lock); 2272 sk_nulls_for_each(sk, node, &hslot->head) { 2273 if (!net_eq(sock_net(sk), net)) 2274 continue; 2275 if (sk->sk_family == state->family) 2276 goto found; 2277 } 2278 spin_unlock_bh(&hslot->lock); 2279 } 2280 sk = NULL; 2281found: 2282 return sk; 2283} 2284 2285static struct sock *udp_get_next(struct seq_file *seq, struct sock *sk) 2286{ 2287 struct udp_iter_state *state = seq->private; 2288 struct net *net = seq_file_net(seq); 2289 2290 do { 2291 sk = sk_nulls_next(sk); 2292 } while (sk && (!net_eq(sock_net(sk), net) || sk->sk_family != state->family)); 2293 2294 if (!sk) { 2295 if (state->bucket <= state->udp_table->mask) 2296 spin_unlock_bh(&state->udp_table->hash[state->bucket].lock); 2297 return udp_get_first(seq, state->bucket + 1); 2298 } 2299 return sk; 2300} 2301 2302static struct sock *udp_get_idx(struct seq_file *seq, loff_t pos) 2303{ 2304 struct sock *sk = udp_get_first(seq, 0); 2305 2306 if (sk) 2307 while (pos && (sk = udp_get_next(seq, sk)) != NULL) 2308 --pos; 2309 return pos ? NULL : sk; 2310} 2311 2312static void *udp_seq_start(struct seq_file *seq, loff_t *pos) 2313{ 2314 struct udp_iter_state *state = seq->private; 2315 state->bucket = MAX_UDP_PORTS; 2316 2317 return *pos ? udp_get_idx(seq, *pos-1) : SEQ_START_TOKEN; 2318} 2319 2320static void *udp_seq_next(struct seq_file *seq, void *v, loff_t *pos) 2321{ 2322 struct sock *sk; 2323 2324 if (v == SEQ_START_TOKEN) 2325 sk = udp_get_idx(seq, 0); 2326 else 2327 sk = udp_get_next(seq, v); 2328 2329 ++*pos; 2330 return sk; 2331} 2332 2333static void udp_seq_stop(struct seq_file *seq, void *v) 2334{ 2335 struct udp_iter_state *state = seq->private; 2336 2337 if (state->bucket <= state->udp_table->mask) 2338 spin_unlock_bh(&state->udp_table->hash[state->bucket].lock); 2339} 2340 2341int udp_seq_open(struct inode *inode, struct file *file) 2342{ 2343 struct udp_seq_afinfo *afinfo = PDE_DATA(inode); 2344 struct udp_iter_state *s; 2345 int err; 2346 2347 err = seq_open_net(inode, file, &afinfo->seq_ops, 2348 sizeof(struct udp_iter_state)); 2349 if (err < 0) 2350 return err; 2351 2352 s = ((struct seq_file *)file->private_data)->private; 2353 s->family = afinfo->family; 2354 s->udp_table = afinfo->udp_table; 2355 return err; 2356} 2357EXPORT_SYMBOL(udp_seq_open); 2358 2359/* ------------------------------------------------------------------------ */ 2360int udp_proc_register(struct net *net, struct udp_seq_afinfo *afinfo) 2361{ 2362 struct proc_dir_entry *p; 2363 int rc = 0; 2364 2365 afinfo->seq_ops.start = udp_seq_start; 2366 afinfo->seq_ops.next = udp_seq_next; 2367 afinfo->seq_ops.stop = udp_seq_stop; 2368 2369 p = proc_create_data(afinfo->name, S_IRUGO, net->proc_net, 2370 afinfo->seq_fops, afinfo); 2371 if (!p) 2372 rc = -ENOMEM; 2373 return rc; 2374} 2375EXPORT_SYMBOL(udp_proc_register); 2376 2377void udp_proc_unregister(struct net *net, struct udp_seq_afinfo *afinfo) 2378{ 2379 remove_proc_entry(afinfo->name, net->proc_net); 2380} 2381EXPORT_SYMBOL(udp_proc_unregister); 2382 2383/* ------------------------------------------------------------------------ */ 2384static void udp4_format_sock(struct sock *sp, struct seq_file *f, 2385 int bucket) 2386{ 2387 struct inet_sock *inet = inet_sk(sp); 2388 __be32 dest = inet->inet_daddr; 2389 __be32 src = inet->inet_rcv_saddr; 2390 __u16 destp = ntohs(inet->inet_dport); 2391 __u16 srcp = ntohs(inet->inet_sport); 2392 2393 seq_printf(f, "%5d: %08X:%04X %08X:%04X" 2394 " %02X %08X:%08X %02X:%08lX %08X %5u %8d %lu %d %pK %d", 2395 bucket, src, srcp, dest, destp, sp->sk_state, 2396 sk_wmem_alloc_get(sp), 2397 sk_rmem_alloc_get(sp), 2398 0, 0L, 0, 2399 from_kuid_munged(seq_user_ns(f), sock_i_uid(sp)), 2400 0, sock_i_ino(sp), 2401 atomic_read(&sp->sk_refcnt), sp, 2402 atomic_read(&sp->sk_drops)); 2403} 2404 2405int udp4_seq_show(struct seq_file *seq, void *v) 2406{ 2407 seq_setwidth(seq, 127); 2408 if (v == SEQ_START_TOKEN) 2409 seq_puts(seq, " sl local_address rem_address st tx_queue " 2410 "rx_queue tr tm->when retrnsmt uid timeout " 2411 "inode ref pointer drops"); 2412 else { 2413 struct udp_iter_state *state = seq->private; 2414 2415 udp4_format_sock(v, seq, state->bucket); 2416 } 2417 seq_pad(seq, '\n'); 2418 return 0; 2419} 2420 2421static const struct file_operations udp_afinfo_seq_fops = { 2422 .owner = THIS_MODULE, 2423 .open = udp_seq_open, 2424 .read = seq_read, 2425 .llseek = seq_lseek, 2426 .release = seq_release_net 2427}; 2428 2429/* ------------------------------------------------------------------------ */ 2430static struct udp_seq_afinfo udp4_seq_afinfo = { 2431 .name = "udp", 2432 .family = AF_INET, 2433 .udp_table = &udp_table, 2434 .seq_fops = &udp_afinfo_seq_fops, 2435 .seq_ops = { 2436 .show = udp4_seq_show, 2437 }, 2438}; 2439 2440static int __net_init udp4_proc_init_net(struct net *net) 2441{ 2442 return udp_proc_register(net, &udp4_seq_afinfo); 2443} 2444 2445static void __net_exit udp4_proc_exit_net(struct net *net) 2446{ 2447 udp_proc_unregister(net, &udp4_seq_afinfo); 2448} 2449 2450static struct pernet_operations udp4_net_ops = { 2451 .init = udp4_proc_init_net, 2452 .exit = udp4_proc_exit_net, 2453}; 2454 2455int __init udp4_proc_init(void) 2456{ 2457 return register_pernet_subsys(&udp4_net_ops); 2458} 2459 2460void udp4_proc_exit(void) 2461{ 2462 unregister_pernet_subsys(&udp4_net_ops); 2463} 2464#endif /* CONFIG_PROC_FS */ 2465 2466static __initdata unsigned long uhash_entries; 2467static int __init set_uhash_entries(char *str) 2468{ 2469 ssize_t ret; 2470 2471 if (!str) 2472 return 0; 2473 2474 ret = kstrtoul(str, 0, &uhash_entries); 2475 if (ret) 2476 return 0; 2477 2478 if (uhash_entries && uhash_entries < UDP_HTABLE_SIZE_MIN) 2479 uhash_entries = UDP_HTABLE_SIZE_MIN; 2480 return 1; 2481} 2482__setup("uhash_entries=", set_uhash_entries); 2483 2484void __init udp_table_init(struct udp_table *table, const char *name) 2485{ 2486 unsigned int i; 2487 2488 table->hash = alloc_large_system_hash(name, 2489 2 * sizeof(struct udp_hslot), 2490 uhash_entries, 2491 21, /* one slot per 2 MB */ 2492 0, 2493 &table->log, 2494 &table->mask, 2495 UDP_HTABLE_SIZE_MIN, 2496 64 * 1024); 2497 2498 table->hash2 = table->hash + (table->mask + 1); 2499 for (i = 0; i <= table->mask; i++) { 2500 INIT_HLIST_NULLS_HEAD(&table->hash[i].head, i); 2501 table->hash[i].count = 0; 2502 spin_lock_init(&table->hash[i].lock); 2503 } 2504 for (i = 0; i <= table->mask; i++) { 2505 INIT_HLIST_NULLS_HEAD(&table->hash2[i].head, i); 2506 table->hash2[i].count = 0; 2507 spin_lock_init(&table->hash2[i].lock); 2508 } 2509} 2510 2511void __init udp_init(void) 2512{ 2513 unsigned long limit; 2514 2515 udp_table_init(&udp_table, "UDP"); 2516 limit = nr_free_buffer_pages() / 8; 2517 limit = max(limit, 128UL); 2518 sysctl_udp_mem[0] = limit / 4 * 3; 2519 sysctl_udp_mem[1] = limit; 2520 sysctl_udp_mem[2] = sysctl_udp_mem[0] * 2; 2521 2522 sysctl_udp_rmem_min = SK_MEM_QUANTUM; 2523 sysctl_udp_wmem_min = SK_MEM_QUANTUM; 2524} 2525