xref: /openbmc/linux/net/ipv4/udp.c (revision e868d61272caa648214046a096e5a6bfc068dc8c)
1 /*
2  * INET		An implementation of the TCP/IP protocol suite for the LINUX
3  *		operating system.  INET is implemented using the  BSD Socket
4  *		interface as the means of communication with the user level.
5  *
6  *		The User Datagram Protocol (UDP).
7  *
8  * Version:	$Id: udp.c,v 1.102 2002/02/01 22:01:04 davem Exp $
9  *
10  * Authors:	Ross Biro
11  *		Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
12  *		Arnt Gulbrandsen, <agulbra@nvg.unit.no>
13  *		Alan Cox, <Alan.Cox@linux.org>
14  *		Hirokazu Takahashi, <taka@valinux.co.jp>
15  *
16  * Fixes:
17  *		Alan Cox	:	verify_area() calls
18  *		Alan Cox	: 	stopped close while in use off icmp
19  *					messages. Not a fix but a botch that
20  *					for udp at least is 'valid'.
21  *		Alan Cox	:	Fixed icmp handling properly
22  *		Alan Cox	: 	Correct error for oversized datagrams
23  *		Alan Cox	:	Tidied select() semantics.
24  *		Alan Cox	:	udp_err() fixed properly, also now
25  *					select and read wake correctly on errors
26  *		Alan Cox	:	udp_send verify_area moved to avoid mem leak
27  *		Alan Cox	:	UDP can count its memory
28  *		Alan Cox	:	send to an unknown connection causes
29  *					an ECONNREFUSED off the icmp, but
30  *					does NOT close.
31  *		Alan Cox	:	Switched to new sk_buff handlers. No more backlog!
32  *		Alan Cox	:	Using generic datagram code. Even smaller and the PEEK
33  *					bug no longer crashes it.
34  *		Fred Van Kempen	: 	Net2e support for sk->broadcast.
35  *		Alan Cox	:	Uses skb_free_datagram
36  *		Alan Cox	:	Added get/set sockopt support.
37  *		Alan Cox	:	Broadcasting without option set returns EACCES.
38  *		Alan Cox	:	No wakeup calls. Instead we now use the callbacks.
39  *		Alan Cox	:	Use ip_tos and ip_ttl
40  *		Alan Cox	:	SNMP Mibs
41  *		Alan Cox	:	MSG_DONTROUTE, and 0.0.0.0 support.
42  *		Matt Dillon	:	UDP length checks.
43  *		Alan Cox	:	Smarter af_inet used properly.
44  *		Alan Cox	:	Use new kernel side addressing.
45  *		Alan Cox	:	Incorrect return on truncated datagram receive.
46  *	Arnt Gulbrandsen 	:	New udp_send and stuff
47  *		Alan Cox	:	Cache last socket
48  *		Alan Cox	:	Route cache
49  *		Jon Peatfield	:	Minor efficiency fix to sendto().
50  *		Mike Shaver	:	RFC1122 checks.
51  *		Alan Cox	:	Nonblocking error fix.
52  *	Willy Konynenberg	:	Transparent proxying support.
53  *		Mike McLagan	:	Routing by source
54  *		David S. Miller	:	New socket lookup architecture.
55  *					Last socket cache retained as it
56  *					does have a high hit rate.
57  *		Olaf Kirch	:	Don't linearise iovec on sendmsg.
58  *		Andi Kleen	:	Some cleanups, cache destination entry
59  *					for connect.
60  *	Vitaly E. Lavrov	:	Transparent proxy revived after year coma.
61  *		Melvin Smith	:	Check msg_name not msg_namelen in sendto(),
62  *					return ENOTCONN for unconnected sockets (POSIX)
63  *		Janos Farkas	:	don't deliver multi/broadcasts to a different
64  *					bound-to-device socket
65  *	Hirokazu Takahashi	:	HW checksumming for outgoing UDP
66  *					datagrams.
67  *	Hirokazu Takahashi	:	sendfile() on UDP works now.
68  *		Arnaldo C. Melo :	convert /proc/net/udp to seq_file
69  *	YOSHIFUJI Hideaki @USAGI and:	Support IPV6_V6ONLY socket option, which
70  *	Alexey Kuznetsov:		allow both IPv4 and IPv6 sockets to bind
71  *					a single port at the same time.
72  *	Derek Atkins <derek@ihtfp.com>: Add Encapulation Support
73  *
74  *
75  *		This program is free software; you can redistribute it and/or
76  *		modify it under the terms of the GNU General Public License
77  *		as published by the Free Software Foundation; either version
78  *		2 of the License, or (at your option) any later version.
79  */
80 
81 #include <asm/system.h>
82 #include <asm/uaccess.h>
83 #include <asm/ioctls.h>
84 #include <linux/types.h>
85 #include <linux/fcntl.h>
86 #include <linux/module.h>
87 #include <linux/socket.h>
88 #include <linux/sockios.h>
89 #include <linux/igmp.h>
90 #include <linux/in.h>
91 #include <linux/errno.h>
92 #include <linux/timer.h>
93 #include <linux/mm.h>
94 #include <linux/inet.h>
95 #include <linux/netdevice.h>
96 #include <net/tcp_states.h>
97 #include <linux/skbuff.h>
98 #include <linux/proc_fs.h>
99 #include <linux/seq_file.h>
100 #include <net/icmp.h>
101 #include <net/route.h>
102 #include <net/checksum.h>
103 #include <net/xfrm.h>
104 #include "udp_impl.h"
105 
106 /*
107  *	Snmp MIB for the UDP layer
108  */
109 
110 DEFINE_SNMP_STAT(struct udp_mib, udp_statistics) __read_mostly;
111 
112 struct hlist_head udp_hash[UDP_HTABLE_SIZE];
113 DEFINE_RWLOCK(udp_hash_lock);
114 
115 static int udp_port_rover;
116 
117 /*
118  * Note about this hash function :
119  * Typical use is probably daddr = 0, only dport is going to vary hash
120  */
121 static inline unsigned int udp_hash_port(__u16 port)
122 {
123 	return port;
124 }
125 
126 static inline int __udp_lib_port_inuse(unsigned int hash, int port,
127 				       const struct sock *this_sk,
128 				       struct hlist_head udptable[],
129 				       const struct udp_get_port_ops *ops)
130 {
131 	struct sock *sk;
132 	struct hlist_node *node;
133 	struct inet_sock *inet;
134 
135 	sk_for_each(sk, node, &udptable[hash & (UDP_HTABLE_SIZE - 1)]) {
136 		if (sk->sk_hash != hash)
137 			continue;
138 		inet = inet_sk(sk);
139 		if (inet->num != port)
140 			continue;
141 		if (this_sk) {
142 			if (ops->saddr_cmp(sk, this_sk))
143 				return 1;
144 		} else if (ops->saddr_any(sk))
145 			return 1;
146 	}
147 	return 0;
148 }
149 
150 /**
151  *  __udp_lib_get_port  -  UDP/-Lite port lookup for IPv4 and IPv6
152  *
153  *  @sk:          socket struct in question
154  *  @snum:        port number to look up
155  *  @udptable:    hash list table, must be of UDP_HTABLE_SIZE
156  *  @port_rover:  pointer to record of last unallocated port
157  *  @ops:         AF-dependent address operations
158  */
159 int __udp_lib_get_port(struct sock *sk, unsigned short snum,
160 		       struct hlist_head udptable[], int *port_rover,
161 		       const struct udp_get_port_ops *ops)
162 {
163 	struct hlist_node *node;
164 	struct hlist_head *head;
165 	struct sock *sk2;
166 	unsigned int hash;
167 	int    error = 1;
168 
169 	write_lock_bh(&udp_hash_lock);
170 	if (snum == 0) {
171 		int best_size_so_far, best, result, i;
172 
173 		if (*port_rover > sysctl_local_port_range[1] ||
174 		    *port_rover < sysctl_local_port_range[0])
175 			*port_rover = sysctl_local_port_range[0];
176 		best_size_so_far = 32767;
177 		best = result = *port_rover;
178 		for (i = 0; i < UDP_HTABLE_SIZE; i++, result++) {
179 			int size;
180 
181 			hash = ops->hash_port_and_rcv_saddr(result, sk);
182 			head = &udptable[hash & (UDP_HTABLE_SIZE - 1)];
183 			if (hlist_empty(head)) {
184 				if (result > sysctl_local_port_range[1])
185 					result = sysctl_local_port_range[0] +
186 						((result - sysctl_local_port_range[0]) &
187 						 (UDP_HTABLE_SIZE - 1));
188 				goto gotit;
189 			}
190 			size = 0;
191 			sk_for_each(sk2, node, head) {
192 				if (++size >= best_size_so_far)
193 					goto next;
194 			}
195 			best_size_so_far = size;
196 			best = result;
197 		next:
198 			;
199 		}
200 		result = best;
201 		for (i = 0; i < (1 << 16) / UDP_HTABLE_SIZE;
202 		     i++, result += UDP_HTABLE_SIZE) {
203 			if (result > sysctl_local_port_range[1])
204 				result = sysctl_local_port_range[0]
205 					+ ((result - sysctl_local_port_range[0]) &
206 					   (UDP_HTABLE_SIZE - 1));
207 			hash = udp_hash_port(result);
208 			if (__udp_lib_port_inuse(hash, result,
209 						 NULL, udptable, ops))
210 				continue;
211 			if (ops->saddr_any(sk))
212 				break;
213 
214 			hash = ops->hash_port_and_rcv_saddr(result, sk);
215 			if (! __udp_lib_port_inuse(hash, result,
216 						   sk, udptable, ops))
217 				break;
218 		}
219 		if (i >= (1 << 16) / UDP_HTABLE_SIZE)
220 			goto fail;
221 gotit:
222 		*port_rover = snum = result;
223 	} else {
224 		hash = udp_hash_port(snum);
225 		head = &udptable[hash & (UDP_HTABLE_SIZE - 1)];
226 
227 		sk_for_each(sk2, node, head)
228 			if (sk2->sk_hash == hash &&
229 			    sk2 != sk &&
230 			    inet_sk(sk2)->num == snum &&
231 			    (!sk2->sk_reuse || !sk->sk_reuse) &&
232 			    (!sk2->sk_bound_dev_if || !sk->sk_bound_dev_if ||
233 			     sk2->sk_bound_dev_if == sk->sk_bound_dev_if) &&
234 			    ops->saddr_cmp(sk, sk2))
235 				goto fail;
236 
237 		if (!ops->saddr_any(sk)) {
238 			hash = ops->hash_port_and_rcv_saddr(snum, sk);
239 			head = &udptable[hash & (UDP_HTABLE_SIZE - 1)];
240 
241 			sk_for_each(sk2, node, head)
242 				if (sk2->sk_hash == hash &&
243 				    sk2 != sk &&
244 				    inet_sk(sk2)->num == snum &&
245 				    (!sk2->sk_reuse || !sk->sk_reuse) &&
246 				    (!sk2->sk_bound_dev_if ||
247 				     !sk->sk_bound_dev_if ||
248 				     sk2->sk_bound_dev_if ==
249 				     sk->sk_bound_dev_if) &&
250 				    ops->saddr_cmp(sk, sk2))
251 					goto fail;
252 		}
253 	}
254 	inet_sk(sk)->num = snum;
255 	sk->sk_hash = hash;
256 	if (sk_unhashed(sk)) {
257 		head = &udptable[hash & (UDP_HTABLE_SIZE - 1)];
258 		sk_add_node(sk, head);
259 		sock_prot_inc_use(sk->sk_prot);
260 	}
261 	error = 0;
262 fail:
263 	write_unlock_bh(&udp_hash_lock);
264 	return error;
265 }
266 
267 int udp_get_port(struct sock *sk, unsigned short snum,
268 		 const struct udp_get_port_ops *ops)
269 {
270 	return  __udp_lib_get_port(sk, snum, udp_hash, &udp_port_rover, ops);
271 }
272 
273 static int ipv4_rcv_saddr_equal(const struct sock *sk1, const struct sock *sk2)
274 {
275 	struct inet_sock *inet1 = inet_sk(sk1), *inet2 = inet_sk(sk2);
276 
277 	return 	( !ipv6_only_sock(sk2)  &&
278 		  (!inet1->rcv_saddr || !inet2->rcv_saddr ||
279 		   inet1->rcv_saddr == inet2->rcv_saddr      ));
280 }
281 
282 static int ipv4_rcv_saddr_any(const struct sock *sk)
283 {
284 	return !inet_sk(sk)->rcv_saddr;
285 }
286 
287 static inline unsigned int ipv4_hash_port_and_addr(__u16 port, __be32 addr)
288 {
289 	addr ^= addr >> 16;
290 	addr ^= addr >> 8;
291 	return port ^ addr;
292 }
293 
294 static unsigned int ipv4_hash_port_and_rcv_saddr(__u16 port,
295 						 const struct sock *sk)
296 {
297 	return ipv4_hash_port_and_addr(port, inet_sk(sk)->rcv_saddr);
298 }
299 
300 const struct udp_get_port_ops udp_ipv4_ops = {
301 	.saddr_cmp = ipv4_rcv_saddr_equal,
302 	.saddr_any = ipv4_rcv_saddr_any,
303 	.hash_port_and_rcv_saddr = ipv4_hash_port_and_rcv_saddr,
304 };
305 
306 static inline int udp_v4_get_port(struct sock *sk, unsigned short snum)
307 {
308 	return udp_get_port(sk, snum, &udp_ipv4_ops);
309 }
310 
311 /* UDP is nearly always wildcards out the wazoo, it makes no sense to try
312  * harder than this. -DaveM
313  */
314 static struct sock *__udp4_lib_lookup(__be32 saddr, __be16 sport,
315 				      __be32 daddr, __be16 dport,
316 				      int dif, struct hlist_head udptable[])
317 {
318 	struct sock *sk, *result = NULL;
319 	struct hlist_node *node;
320 	unsigned int hash, hashwild;
321 	int score, best = -1, hport = ntohs(dport);
322 
323 	hash = ipv4_hash_port_and_addr(hport, daddr);
324 	hashwild = udp_hash_port(hport);
325 
326 	read_lock(&udp_hash_lock);
327 
328 lookup:
329 
330 	sk_for_each(sk, node, &udptable[hash & (UDP_HTABLE_SIZE - 1)]) {
331 		struct inet_sock *inet = inet_sk(sk);
332 
333 		if (sk->sk_hash != hash || ipv6_only_sock(sk) ||
334 			inet->num != hport)
335 			continue;
336 
337 		score = (sk->sk_family == PF_INET ? 1 : 0);
338 		if (inet->rcv_saddr) {
339 			if (inet->rcv_saddr != daddr)
340 				continue;
341 			score+=2;
342 		}
343 		if (inet->daddr) {
344 			if (inet->daddr != saddr)
345 				continue;
346 			score+=2;
347 		}
348 		if (inet->dport) {
349 			if (inet->dport != sport)
350 				continue;
351 			score+=2;
352 		}
353 		if (sk->sk_bound_dev_if) {
354 			if (sk->sk_bound_dev_if != dif)
355 				continue;
356 			score+=2;
357 		}
358 		if (score == 9) {
359 			result = sk;
360 			goto found;
361 		} else if (score > best) {
362 			result = sk;
363 			best = score;
364 		}
365 	}
366 
367 	if (hash != hashwild) {
368 		hash = hashwild;
369 		goto lookup;
370 	}
371 found:
372 	if (result)
373 		sock_hold(result);
374 	read_unlock(&udp_hash_lock);
375 	return result;
376 }
377 
378 static inline struct sock *udp_v4_mcast_next(struct sock *sk, unsigned int hnum,
379 					     int hport, __be32 loc_addr,
380 					     __be16 rmt_port, __be32 rmt_addr,
381 					     int dif)
382 {
383 	struct hlist_node *node;
384 	struct sock *s = sk;
385 
386 	sk_for_each_from(s, node) {
387 		struct inet_sock *inet = inet_sk(s);
388 
389 		if (s->sk_hash != hnum					||
390 		    inet->num != hport					||
391 		    (inet->daddr && inet->daddr != rmt_addr)		||
392 		    (inet->dport != rmt_port && inet->dport)		||
393 		    (inet->rcv_saddr && inet->rcv_saddr != loc_addr)	||
394 		    ipv6_only_sock(s)					||
395 		    (s->sk_bound_dev_if && s->sk_bound_dev_if != dif))
396 			continue;
397 		if (!ip_mc_sf_allow(s, loc_addr, rmt_addr, dif))
398 			continue;
399 		goto found;
400 	}
401 	s = NULL;
402 found:
403 	return s;
404 }
405 
406 /*
407  * This routine is called by the ICMP module when it gets some
408  * sort of error condition.  If err < 0 then the socket should
409  * be closed and the error returned to the user.  If err > 0
410  * it's just the icmp type << 8 | icmp code.
411  * Header points to the ip header of the error packet. We move
412  * on past this. Then (as it used to claim before adjustment)
413  * header points to the first 8 bytes of the udp header.  We need
414  * to find the appropriate port.
415  */
416 
417 void __udp4_lib_err(struct sk_buff *skb, u32 info, struct hlist_head udptable[])
418 {
419 	struct inet_sock *inet;
420 	struct iphdr *iph = (struct iphdr*)skb->data;
421 	struct udphdr *uh = (struct udphdr*)(skb->data+(iph->ihl<<2));
422 	const int type = icmp_hdr(skb)->type;
423 	const int code = icmp_hdr(skb)->code;
424 	struct sock *sk;
425 	int harderr;
426 	int err;
427 
428 	sk = __udp4_lib_lookup(iph->daddr, uh->dest, iph->saddr, uh->source,
429 			       skb->dev->ifindex, udptable		    );
430 	if (sk == NULL) {
431 		ICMP_INC_STATS_BH(ICMP_MIB_INERRORS);
432 		return;	/* No socket for error */
433 	}
434 
435 	err = 0;
436 	harderr = 0;
437 	inet = inet_sk(sk);
438 
439 	switch (type) {
440 	default:
441 	case ICMP_TIME_EXCEEDED:
442 		err = EHOSTUNREACH;
443 		break;
444 	case ICMP_SOURCE_QUENCH:
445 		goto out;
446 	case ICMP_PARAMETERPROB:
447 		err = EPROTO;
448 		harderr = 1;
449 		break;
450 	case ICMP_DEST_UNREACH:
451 		if (code == ICMP_FRAG_NEEDED) { /* Path MTU discovery */
452 			if (inet->pmtudisc != IP_PMTUDISC_DONT) {
453 				err = EMSGSIZE;
454 				harderr = 1;
455 				break;
456 			}
457 			goto out;
458 		}
459 		err = EHOSTUNREACH;
460 		if (code <= NR_ICMP_UNREACH) {
461 			harderr = icmp_err_convert[code].fatal;
462 			err = icmp_err_convert[code].errno;
463 		}
464 		break;
465 	}
466 
467 	/*
468 	 *      RFC1122: OK.  Passes ICMP errors back to application, as per
469 	 *	4.1.3.3.
470 	 */
471 	if (!inet->recverr) {
472 		if (!harderr || sk->sk_state != TCP_ESTABLISHED)
473 			goto out;
474 	} else {
475 		ip_icmp_error(sk, skb, err, uh->dest, info, (u8*)(uh+1));
476 	}
477 	sk->sk_err = err;
478 	sk->sk_error_report(sk);
479 out:
480 	sock_put(sk);
481 }
482 
483 void udp_err(struct sk_buff *skb, u32 info)
484 {
485 	return __udp4_lib_err(skb, info, udp_hash);
486 }
487 
488 /*
489  * Throw away all pending data and cancel the corking. Socket is locked.
490  */
491 static void udp_flush_pending_frames(struct sock *sk)
492 {
493 	struct udp_sock *up = udp_sk(sk);
494 
495 	if (up->pending) {
496 		up->len = 0;
497 		up->pending = 0;
498 		ip_flush_pending_frames(sk);
499 	}
500 }
501 
502 /**
503  * 	udp4_hwcsum_outgoing  -  handle outgoing HW checksumming
504  * 	@sk: 	socket we are sending on
505  * 	@skb: 	sk_buff containing the filled-in UDP header
506  * 	        (checksum field must be zeroed out)
507  */
508 static void udp4_hwcsum_outgoing(struct sock *sk, struct sk_buff *skb,
509 				 __be32 src, __be32 dst, int len      )
510 {
511 	unsigned int offset;
512 	struct udphdr *uh = udp_hdr(skb);
513 	__wsum csum = 0;
514 
515 	if (skb_queue_len(&sk->sk_write_queue) == 1) {
516 		/*
517 		 * Only one fragment on the socket.
518 		 */
519 		skb->csum_start = skb_transport_header(skb) - skb->head;
520 		skb->csum_offset = offsetof(struct udphdr, check);
521 		uh->check = ~csum_tcpudp_magic(src, dst, len, IPPROTO_UDP, 0);
522 	} else {
523 		/*
524 		 * HW-checksum won't work as there are two or more
525 		 * fragments on the socket so that all csums of sk_buffs
526 		 * should be together
527 		 */
528 		offset = skb_transport_offset(skb);
529 		skb->csum = skb_checksum(skb, offset, skb->len - offset, 0);
530 
531 		skb->ip_summed = CHECKSUM_NONE;
532 
533 		skb_queue_walk(&sk->sk_write_queue, skb) {
534 			csum = csum_add(csum, skb->csum);
535 		}
536 
537 		uh->check = csum_tcpudp_magic(src, dst, len, IPPROTO_UDP, csum);
538 		if (uh->check == 0)
539 			uh->check = CSUM_MANGLED_0;
540 	}
541 }
542 
543 /*
544  * Push out all pending data as one UDP datagram. Socket is locked.
545  */
546 static int udp_push_pending_frames(struct sock *sk)
547 {
548 	struct udp_sock  *up = udp_sk(sk);
549 	struct inet_sock *inet = inet_sk(sk);
550 	struct flowi *fl = &inet->cork.fl;
551 	struct sk_buff *skb;
552 	struct udphdr *uh;
553 	int err = 0;
554 	__wsum csum = 0;
555 
556 	/* Grab the skbuff where UDP header space exists. */
557 	if ((skb = skb_peek(&sk->sk_write_queue)) == NULL)
558 		goto out;
559 
560 	/*
561 	 * Create a UDP header
562 	 */
563 	uh = udp_hdr(skb);
564 	uh->source = fl->fl_ip_sport;
565 	uh->dest = fl->fl_ip_dport;
566 	uh->len = htons(up->len);
567 	uh->check = 0;
568 
569 	if (up->pcflag)  				 /*     UDP-Lite      */
570 		csum  = udplite_csum_outgoing(sk, skb);
571 
572 	else if (sk->sk_no_check == UDP_CSUM_NOXMIT) {   /* UDP csum disabled */
573 
574 		skb->ip_summed = CHECKSUM_NONE;
575 		goto send;
576 
577 	} else if (skb->ip_summed == CHECKSUM_PARTIAL) { /* UDP hardware csum */
578 
579 		udp4_hwcsum_outgoing(sk, skb, fl->fl4_src,fl->fl4_dst, up->len);
580 		goto send;
581 
582 	} else						 /*   `normal' UDP    */
583 		csum = udp_csum_outgoing(sk, skb);
584 
585 	/* add protocol-dependent pseudo-header */
586 	uh->check = csum_tcpudp_magic(fl->fl4_src, fl->fl4_dst, up->len,
587 				      sk->sk_protocol, csum             );
588 	if (uh->check == 0)
589 		uh->check = CSUM_MANGLED_0;
590 
591 send:
592 	err = ip_push_pending_frames(sk);
593 out:
594 	up->len = 0;
595 	up->pending = 0;
596 	return err;
597 }
598 
599 int udp_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
600 		size_t len)
601 {
602 	struct inet_sock *inet = inet_sk(sk);
603 	struct udp_sock *up = udp_sk(sk);
604 	int ulen = len;
605 	struct ipcm_cookie ipc;
606 	struct rtable *rt = NULL;
607 	int free = 0;
608 	int connected = 0;
609 	__be32 daddr, faddr, saddr;
610 	__be16 dport;
611 	u8  tos;
612 	int err, is_udplite = up->pcflag;
613 	int corkreq = up->corkflag || msg->msg_flags&MSG_MORE;
614 	int (*getfrag)(void *, char *, int, int, int, struct sk_buff *);
615 
616 	if (len > 0xFFFF)
617 		return -EMSGSIZE;
618 
619 	/*
620 	 *	Check the flags.
621 	 */
622 
623 	if (msg->msg_flags&MSG_OOB)	/* Mirror BSD error message compatibility */
624 		return -EOPNOTSUPP;
625 
626 	ipc.opt = NULL;
627 
628 	if (up->pending) {
629 		/*
630 		 * There are pending frames.
631 		 * The socket lock must be held while it's corked.
632 		 */
633 		lock_sock(sk);
634 		if (likely(up->pending)) {
635 			if (unlikely(up->pending != AF_INET)) {
636 				release_sock(sk);
637 				return -EINVAL;
638 			}
639 			goto do_append_data;
640 		}
641 		release_sock(sk);
642 	}
643 	ulen += sizeof(struct udphdr);
644 
645 	/*
646 	 *	Get and verify the address.
647 	 */
648 	if (msg->msg_name) {
649 		struct sockaddr_in * usin = (struct sockaddr_in*)msg->msg_name;
650 		if (msg->msg_namelen < sizeof(*usin))
651 			return -EINVAL;
652 		if (usin->sin_family != AF_INET) {
653 			if (usin->sin_family != AF_UNSPEC)
654 				return -EAFNOSUPPORT;
655 		}
656 
657 		daddr = usin->sin_addr.s_addr;
658 		dport = usin->sin_port;
659 		if (dport == 0)
660 			return -EINVAL;
661 	} else {
662 		if (sk->sk_state != TCP_ESTABLISHED)
663 			return -EDESTADDRREQ;
664 		daddr = inet->daddr;
665 		dport = inet->dport;
666 		/* Open fast path for connected socket.
667 		   Route will not be used, if at least one option is set.
668 		 */
669 		connected = 1;
670 	}
671 	ipc.addr = inet->saddr;
672 
673 	ipc.oif = sk->sk_bound_dev_if;
674 	if (msg->msg_controllen) {
675 		err = ip_cmsg_send(msg, &ipc);
676 		if (err)
677 			return err;
678 		if (ipc.opt)
679 			free = 1;
680 		connected = 0;
681 	}
682 	if (!ipc.opt)
683 		ipc.opt = inet->opt;
684 
685 	saddr = ipc.addr;
686 	ipc.addr = faddr = daddr;
687 
688 	if (ipc.opt && ipc.opt->srr) {
689 		if (!daddr)
690 			return -EINVAL;
691 		faddr = ipc.opt->faddr;
692 		connected = 0;
693 	}
694 	tos = RT_TOS(inet->tos);
695 	if (sock_flag(sk, SOCK_LOCALROUTE) ||
696 	    (msg->msg_flags & MSG_DONTROUTE) ||
697 	    (ipc.opt && ipc.opt->is_strictroute)) {
698 		tos |= RTO_ONLINK;
699 		connected = 0;
700 	}
701 
702 	if (MULTICAST(daddr)) {
703 		if (!ipc.oif)
704 			ipc.oif = inet->mc_index;
705 		if (!saddr)
706 			saddr = inet->mc_addr;
707 		connected = 0;
708 	}
709 
710 	if (connected)
711 		rt = (struct rtable*)sk_dst_check(sk, 0);
712 
713 	if (rt == NULL) {
714 		struct flowi fl = { .oif = ipc.oif,
715 				    .nl_u = { .ip4_u =
716 					      { .daddr = faddr,
717 						.saddr = saddr,
718 						.tos = tos } },
719 				    .proto = sk->sk_protocol,
720 				    .uli_u = { .ports =
721 					       { .sport = inet->sport,
722 						 .dport = dport } } };
723 		security_sk_classify_flow(sk, &fl);
724 		err = ip_route_output_flow(&rt, &fl, sk, 1);
725 		if (err)
726 			goto out;
727 
728 		err = -EACCES;
729 		if ((rt->rt_flags & RTCF_BROADCAST) &&
730 		    !sock_flag(sk, SOCK_BROADCAST))
731 			goto out;
732 		if (connected)
733 			sk_dst_set(sk, dst_clone(&rt->u.dst));
734 	}
735 
736 	if (msg->msg_flags&MSG_CONFIRM)
737 		goto do_confirm;
738 back_from_confirm:
739 
740 	saddr = rt->rt_src;
741 	if (!ipc.addr)
742 		daddr = ipc.addr = rt->rt_dst;
743 
744 	lock_sock(sk);
745 	if (unlikely(up->pending)) {
746 		/* The socket is already corked while preparing it. */
747 		/* ... which is an evident application bug. --ANK */
748 		release_sock(sk);
749 
750 		LIMIT_NETDEBUG(KERN_DEBUG "udp cork app bug 2\n");
751 		err = -EINVAL;
752 		goto out;
753 	}
754 	/*
755 	 *	Now cork the socket to pend data.
756 	 */
757 	inet->cork.fl.fl4_dst = daddr;
758 	inet->cork.fl.fl_ip_dport = dport;
759 	inet->cork.fl.fl4_src = saddr;
760 	inet->cork.fl.fl_ip_sport = inet->sport;
761 	up->pending = AF_INET;
762 
763 do_append_data:
764 	up->len += ulen;
765 	getfrag  =  is_udplite ?  udplite_getfrag : ip_generic_getfrag;
766 	err = ip_append_data(sk, getfrag, msg->msg_iov, ulen,
767 			sizeof(struct udphdr), &ipc, rt,
768 			corkreq ? msg->msg_flags|MSG_MORE : msg->msg_flags);
769 	if (err)
770 		udp_flush_pending_frames(sk);
771 	else if (!corkreq)
772 		err = udp_push_pending_frames(sk);
773 	else if (unlikely(skb_queue_empty(&sk->sk_write_queue)))
774 		up->pending = 0;
775 	release_sock(sk);
776 
777 out:
778 	ip_rt_put(rt);
779 	if (free)
780 		kfree(ipc.opt);
781 	if (!err) {
782 		UDP_INC_STATS_USER(UDP_MIB_OUTDATAGRAMS, is_udplite);
783 		return len;
784 	}
785 	/*
786 	 * ENOBUFS = no kernel mem, SOCK_NOSPACE = no sndbuf space.  Reporting
787 	 * ENOBUFS might not be good (it's not tunable per se), but otherwise
788 	 * we don't have a good statistic (IpOutDiscards but it can be too many
789 	 * things).  We could add another new stat but at least for now that
790 	 * seems like overkill.
791 	 */
792 	if (err == -ENOBUFS || test_bit(SOCK_NOSPACE, &sk->sk_socket->flags)) {
793 		UDP_INC_STATS_USER(UDP_MIB_SNDBUFERRORS, is_udplite);
794 	}
795 	return err;
796 
797 do_confirm:
798 	dst_confirm(&rt->u.dst);
799 	if (!(msg->msg_flags&MSG_PROBE) || len)
800 		goto back_from_confirm;
801 	err = 0;
802 	goto out;
803 }
804 
805 int udp_sendpage(struct sock *sk, struct page *page, int offset,
806 		 size_t size, int flags)
807 {
808 	struct udp_sock *up = udp_sk(sk);
809 	int ret;
810 
811 	if (!up->pending) {
812 		struct msghdr msg = {	.msg_flags = flags|MSG_MORE };
813 
814 		/* Call udp_sendmsg to specify destination address which
815 		 * sendpage interface can't pass.
816 		 * This will succeed only when the socket is connected.
817 		 */
818 		ret = udp_sendmsg(NULL, sk, &msg, 0);
819 		if (ret < 0)
820 			return ret;
821 	}
822 
823 	lock_sock(sk);
824 
825 	if (unlikely(!up->pending)) {
826 		release_sock(sk);
827 
828 		LIMIT_NETDEBUG(KERN_DEBUG "udp cork app bug 3\n");
829 		return -EINVAL;
830 	}
831 
832 	ret = ip_append_page(sk, page, offset, size, flags);
833 	if (ret == -EOPNOTSUPP) {
834 		release_sock(sk);
835 		return sock_no_sendpage(sk->sk_socket, page, offset,
836 					size, flags);
837 	}
838 	if (ret < 0) {
839 		udp_flush_pending_frames(sk);
840 		goto out;
841 	}
842 
843 	up->len += size;
844 	if (!(up->corkflag || (flags&MSG_MORE)))
845 		ret = udp_push_pending_frames(sk);
846 	if (!ret)
847 		ret = size;
848 out:
849 	release_sock(sk);
850 	return ret;
851 }
852 
853 /*
854  *	IOCTL requests applicable to the UDP protocol
855  */
856 
857 int udp_ioctl(struct sock *sk, int cmd, unsigned long arg)
858 {
859 	switch (cmd) {
860 	case SIOCOUTQ:
861 	{
862 		int amount = atomic_read(&sk->sk_wmem_alloc);
863 		return put_user(amount, (int __user *)arg);
864 	}
865 
866 	case SIOCINQ:
867 	{
868 		struct sk_buff *skb;
869 		unsigned long amount;
870 
871 		amount = 0;
872 		spin_lock_bh(&sk->sk_receive_queue.lock);
873 		skb = skb_peek(&sk->sk_receive_queue);
874 		if (skb != NULL) {
875 			/*
876 			 * We will only return the amount
877 			 * of this packet since that is all
878 			 * that will be read.
879 			 */
880 			amount = skb->len - sizeof(struct udphdr);
881 		}
882 		spin_unlock_bh(&sk->sk_receive_queue.lock);
883 		return put_user(amount, (int __user *)arg);
884 	}
885 
886 	default:
887 		return -ENOIOCTLCMD;
888 	}
889 
890 	return 0;
891 }
892 
893 /*
894  * 	This should be easy, if there is something there we
895  * 	return it, otherwise we block.
896  */
897 
898 int udp_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
899 		size_t len, int noblock, int flags, int *addr_len)
900 {
901 	struct inet_sock *inet = inet_sk(sk);
902 	struct sockaddr_in *sin = (struct sockaddr_in *)msg->msg_name;
903 	struct sk_buff *skb;
904 	unsigned int ulen, copied;
905 	int err;
906 	int is_udplite = IS_UDPLITE(sk);
907 
908 	/*
909 	 *	Check any passed addresses
910 	 */
911 	if (addr_len)
912 		*addr_len=sizeof(*sin);
913 
914 	if (flags & MSG_ERRQUEUE)
915 		return ip_recv_error(sk, msg, len);
916 
917 try_again:
918 	skb = skb_recv_datagram(sk, flags, noblock, &err);
919 	if (!skb)
920 		goto out;
921 
922 	ulen = skb->len - sizeof(struct udphdr);
923 	copied = len;
924 	if (copied > ulen)
925 		copied = ulen;
926 	else if (copied < ulen)
927 		msg->msg_flags |= MSG_TRUNC;
928 
929 	/*
930 	 * If checksum is needed at all, try to do it while copying the
931 	 * data.  If the data is truncated, or if we only want a partial
932 	 * coverage checksum (UDP-Lite), do it before the copy.
933 	 */
934 
935 	if (copied < ulen || UDP_SKB_CB(skb)->partial_cov) {
936 		if (udp_lib_checksum_complete(skb))
937 			goto csum_copy_err;
938 	}
939 
940 	if (skb_csum_unnecessary(skb))
941 		err = skb_copy_datagram_iovec(skb, sizeof(struct udphdr),
942 					      msg->msg_iov, copied       );
943 	else {
944 		err = skb_copy_and_csum_datagram_iovec(skb, sizeof(struct udphdr), msg->msg_iov);
945 
946 		if (err == -EINVAL)
947 			goto csum_copy_err;
948 	}
949 
950 	if (err)
951 		goto out_free;
952 
953 	sock_recv_timestamp(msg, sk, skb);
954 
955 	/* Copy the address. */
956 	if (sin)
957 	{
958 		sin->sin_family = AF_INET;
959 		sin->sin_port = udp_hdr(skb)->source;
960 		sin->sin_addr.s_addr = ip_hdr(skb)->saddr;
961 		memset(sin->sin_zero, 0, sizeof(sin->sin_zero));
962 	}
963 	if (inet->cmsg_flags)
964 		ip_cmsg_recv(msg, skb);
965 
966 	err = copied;
967 	if (flags & MSG_TRUNC)
968 		err = ulen;
969 
970 out_free:
971 	skb_free_datagram(sk, skb);
972 out:
973 	return err;
974 
975 csum_copy_err:
976 	UDP_INC_STATS_BH(UDP_MIB_INERRORS, is_udplite);
977 
978 	skb_kill_datagram(sk, skb, flags);
979 
980 	if (noblock)
981 		return -EAGAIN;
982 	goto try_again;
983 }
984 
985 
986 int udp_disconnect(struct sock *sk, int flags)
987 {
988 	struct inet_sock *inet = inet_sk(sk);
989 	/*
990 	 *	1003.1g - break association.
991 	 */
992 
993 	sk->sk_state = TCP_CLOSE;
994 	inet->daddr = 0;
995 	inet->dport = 0;
996 	sk->sk_bound_dev_if = 0;
997 	if (!(sk->sk_userlocks & SOCK_BINDADDR_LOCK))
998 		inet_reset_saddr(sk);
999 
1000 	if (!(sk->sk_userlocks & SOCK_BINDPORT_LOCK)) {
1001 		sk->sk_prot->unhash(sk);
1002 		inet->sport = 0;
1003 	}
1004 	sk_dst_reset(sk);
1005 	return 0;
1006 }
1007 
1008 /* return:
1009  * 	1  if the UDP system should process it
1010  *	0  if we should drop this packet
1011  * 	-1 if it should get processed by xfrm4_rcv_encap
1012  */
1013 static int udp_encap_rcv(struct sock * sk, struct sk_buff *skb)
1014 {
1015 #ifndef CONFIG_XFRM
1016 	return 1;
1017 #else
1018 	struct udp_sock *up = udp_sk(sk);
1019 	struct udphdr *uh;
1020 	struct iphdr *iph;
1021 	int iphlen, len;
1022 
1023 	__u8 *udpdata;
1024 	__be32 *udpdata32;
1025 	__u16 encap_type = up->encap_type;
1026 
1027 	/* if we're overly short, let UDP handle it */
1028 	len = skb->len - sizeof(struct udphdr);
1029 	if (len <= 0)
1030 		return 1;
1031 
1032 	/* if this is not encapsulated socket, then just return now */
1033 	if (!encap_type)
1034 		return 1;
1035 
1036 	/* If this is a paged skb, make sure we pull up
1037 	 * whatever data we need to look at. */
1038 	if (!pskb_may_pull(skb, sizeof(struct udphdr) + min(len, 8)))
1039 		return 1;
1040 
1041 	/* Now we can get the pointers */
1042 	uh = udp_hdr(skb);
1043 	udpdata = (__u8 *)uh + sizeof(struct udphdr);
1044 	udpdata32 = (__be32 *)udpdata;
1045 
1046 	switch (encap_type) {
1047 	default:
1048 	case UDP_ENCAP_ESPINUDP:
1049 		/* Check if this is a keepalive packet.  If so, eat it. */
1050 		if (len == 1 && udpdata[0] == 0xff) {
1051 			return 0;
1052 		} else if (len > sizeof(struct ip_esp_hdr) && udpdata32[0] != 0) {
1053 			/* ESP Packet without Non-ESP header */
1054 			len = sizeof(struct udphdr);
1055 		} else
1056 			/* Must be an IKE packet.. pass it through */
1057 			return 1;
1058 		break;
1059 	case UDP_ENCAP_ESPINUDP_NON_IKE:
1060 		/* Check if this is a keepalive packet.  If so, eat it. */
1061 		if (len == 1 && udpdata[0] == 0xff) {
1062 			return 0;
1063 		} else if (len > 2 * sizeof(u32) + sizeof(struct ip_esp_hdr) &&
1064 			   udpdata32[0] == 0 && udpdata32[1] == 0) {
1065 
1066 			/* ESP Packet with Non-IKE marker */
1067 			len = sizeof(struct udphdr) + 2 * sizeof(u32);
1068 		} else
1069 			/* Must be an IKE packet.. pass it through */
1070 			return 1;
1071 		break;
1072 	}
1073 
1074 	/* At this point we are sure that this is an ESPinUDP packet,
1075 	 * so we need to remove 'len' bytes from the packet (the UDP
1076 	 * header and optional ESP marker bytes) and then modify the
1077 	 * protocol to ESP, and then call into the transform receiver.
1078 	 */
1079 	if (skb_cloned(skb) && pskb_expand_head(skb, 0, 0, GFP_ATOMIC))
1080 		return 0;
1081 
1082 	/* Now we can update and verify the packet length... */
1083 	iph = ip_hdr(skb);
1084 	iphlen = iph->ihl << 2;
1085 	iph->tot_len = htons(ntohs(iph->tot_len) - len);
1086 	if (skb->len < iphlen + len) {
1087 		/* packet is too small!?! */
1088 		return 0;
1089 	}
1090 
1091 	/* pull the data buffer up to the ESP header and set the
1092 	 * transport header to point to ESP.  Keep UDP on the stack
1093 	 * for later.
1094 	 */
1095 	__skb_pull(skb, len);
1096 	skb_reset_transport_header(skb);
1097 
1098 	/* modify the protocol (it's ESP!) */
1099 	iph->protocol = IPPROTO_ESP;
1100 
1101 	/* and let the caller know to send this into the ESP processor... */
1102 	return -1;
1103 #endif
1104 }
1105 
1106 /* returns:
1107  *  -1: error
1108  *   0: success
1109  *  >0: "udp encap" protocol resubmission
1110  *
1111  * Note that in the success and error cases, the skb is assumed to
1112  * have either been requeued or freed.
1113  */
1114 int udp_queue_rcv_skb(struct sock * sk, struct sk_buff *skb)
1115 {
1116 	struct udp_sock *up = udp_sk(sk);
1117 	int rc;
1118 
1119 	/*
1120 	 *	Charge it to the socket, dropping if the queue is full.
1121 	 */
1122 	if (!xfrm4_policy_check(sk, XFRM_POLICY_IN, skb))
1123 		goto drop;
1124 	nf_reset(skb);
1125 
1126 	if (up->encap_type) {
1127 		/*
1128 		 * This is an encapsulation socket, so let's see if this is
1129 		 * an encapsulated packet.
1130 		 * If it's a keepalive packet, then just eat it.
1131 		 * If it's an encapsulateed packet, then pass it to the
1132 		 * IPsec xfrm input and return the response
1133 		 * appropriately.  Otherwise, just fall through and
1134 		 * pass this up the UDP socket.
1135 		 */
1136 		int ret;
1137 
1138 		ret = udp_encap_rcv(sk, skb);
1139 		if (ret == 0) {
1140 			/* Eat the packet .. */
1141 			kfree_skb(skb);
1142 			return 0;
1143 		}
1144 		if (ret < 0) {
1145 			/* process the ESP packet */
1146 			ret = xfrm4_rcv_encap(skb, up->encap_type);
1147 			UDP_INC_STATS_BH(UDP_MIB_INDATAGRAMS, up->pcflag);
1148 			return -ret;
1149 		}
1150 		/* FALLTHROUGH -- it's a UDP Packet */
1151 	}
1152 
1153 	/*
1154 	 * 	UDP-Lite specific tests, ignored on UDP sockets
1155 	 */
1156 	if ((up->pcflag & UDPLITE_RECV_CC)  &&  UDP_SKB_CB(skb)->partial_cov) {
1157 
1158 		/*
1159 		 * MIB statistics other than incrementing the error count are
1160 		 * disabled for the following two types of errors: these depend
1161 		 * on the application settings, not on the functioning of the
1162 		 * protocol stack as such.
1163 		 *
1164 		 * RFC 3828 here recommends (sec 3.3): "There should also be a
1165 		 * way ... to ... at least let the receiving application block
1166 		 * delivery of packets with coverage values less than a value
1167 		 * provided by the application."
1168 		 */
1169 		if (up->pcrlen == 0) {          /* full coverage was set  */
1170 			LIMIT_NETDEBUG(KERN_WARNING "UDPLITE: partial coverage "
1171 				"%d while full coverage %d requested\n",
1172 				UDP_SKB_CB(skb)->cscov, skb->len);
1173 			goto drop;
1174 		}
1175 		/* The next case involves violating the min. coverage requested
1176 		 * by the receiver. This is subtle: if receiver wants x and x is
1177 		 * greater than the buffersize/MTU then receiver will complain
1178 		 * that it wants x while sender emits packets of smaller size y.
1179 		 * Therefore the above ...()->partial_cov statement is essential.
1180 		 */
1181 		if (UDP_SKB_CB(skb)->cscov  <  up->pcrlen) {
1182 			LIMIT_NETDEBUG(KERN_WARNING
1183 				"UDPLITE: coverage %d too small, need min %d\n",
1184 				UDP_SKB_CB(skb)->cscov, up->pcrlen);
1185 			goto drop;
1186 		}
1187 	}
1188 
1189 	if (sk->sk_filter) {
1190 		if (udp_lib_checksum_complete(skb))
1191 			goto drop;
1192 	}
1193 
1194 	if ((rc = sock_queue_rcv_skb(sk,skb)) < 0) {
1195 		/* Note that an ENOMEM error is charged twice */
1196 		if (rc == -ENOMEM)
1197 			UDP_INC_STATS_BH(UDP_MIB_RCVBUFERRORS, up->pcflag);
1198 		goto drop;
1199 	}
1200 
1201 	UDP_INC_STATS_BH(UDP_MIB_INDATAGRAMS, up->pcflag);
1202 	return 0;
1203 
1204 drop:
1205 	UDP_INC_STATS_BH(UDP_MIB_INERRORS, up->pcflag);
1206 	kfree_skb(skb);
1207 	return -1;
1208 }
1209 
1210 /*
1211  *	Multicasts and broadcasts go to each listener.
1212  *
1213  *	Note: called only from the BH handler context,
1214  *	so we don't need to lock the hashes.
1215  */
1216 static int __udp4_lib_mcast_deliver(struct sk_buff *skb,
1217 				    struct udphdr  *uh,
1218 				    __be32 saddr, __be32 daddr,
1219 				    struct hlist_head udptable[])
1220 {
1221 	struct sock *sk, *skw, *sknext;
1222 	int dif;
1223 	int hport = ntohs(uh->dest);
1224 	unsigned int hash = ipv4_hash_port_and_addr(hport, daddr);
1225 	unsigned int hashwild = udp_hash_port(hport);
1226 
1227 	dif = skb->dev->ifindex;
1228 
1229 	read_lock(&udp_hash_lock);
1230 
1231 	sk = sk_head(&udptable[hash & (UDP_HTABLE_SIZE - 1)]);
1232 	skw = sk_head(&udptable[hashwild & (UDP_HTABLE_SIZE - 1)]);
1233 
1234 	sk = udp_v4_mcast_next(sk, hash, hport, daddr, uh->source, saddr, dif);
1235 	if (!sk) {
1236 		hash = hashwild;
1237 		sk = udp_v4_mcast_next(skw, hash, hport, daddr, uh->source,
1238 			saddr, dif);
1239 	}
1240 	if (sk) {
1241 		do {
1242 			struct sk_buff *skb1 = skb;
1243 			sknext = udp_v4_mcast_next(sk_next(sk), hash, hport,
1244 						daddr, uh->source, saddr, dif);
1245 			if (!sknext && hash != hashwild) {
1246 				hash = hashwild;
1247 				sknext = udp_v4_mcast_next(skw, hash, hport,
1248 					daddr, uh->source, saddr, dif);
1249 			}
1250 			if (sknext)
1251 				skb1 = skb_clone(skb, GFP_ATOMIC);
1252 
1253 			if (skb1) {
1254 				int ret = udp_queue_rcv_skb(sk, skb1);
1255 				if (ret > 0)
1256 					/*
1257 					 * we should probably re-process
1258 					 * instead of dropping packets here.
1259 					 */
1260 					kfree_skb(skb1);
1261 			}
1262 			sk = sknext;
1263 		} while (sknext);
1264 	} else
1265 		kfree_skb(skb);
1266 	read_unlock(&udp_hash_lock);
1267 	return 0;
1268 }
1269 
1270 /* Initialize UDP checksum. If exited with zero value (success),
1271  * CHECKSUM_UNNECESSARY means, that no more checks are required.
1272  * Otherwise, csum completion requires chacksumming packet body,
1273  * including udp header and folding it to skb->csum.
1274  */
1275 static inline int udp4_csum_init(struct sk_buff *skb, struct udphdr *uh,
1276 				 int proto)
1277 {
1278 	const struct iphdr *iph;
1279 	int err;
1280 
1281 	UDP_SKB_CB(skb)->partial_cov = 0;
1282 	UDP_SKB_CB(skb)->cscov = skb->len;
1283 
1284 	if (proto == IPPROTO_UDPLITE) {
1285 		err = udplite_checksum_init(skb, uh);
1286 		if (err)
1287 			return err;
1288 	}
1289 
1290 	iph = ip_hdr(skb);
1291 	if (uh->check == 0) {
1292 		skb->ip_summed = CHECKSUM_UNNECESSARY;
1293 	} else if (skb->ip_summed == CHECKSUM_COMPLETE) {
1294 	       if (!csum_tcpudp_magic(iph->saddr, iph->daddr, skb->len,
1295 				      proto, skb->csum))
1296 			skb->ip_summed = CHECKSUM_UNNECESSARY;
1297 	}
1298 	if (!skb_csum_unnecessary(skb))
1299 		skb->csum = csum_tcpudp_nofold(iph->saddr, iph->daddr,
1300 					       skb->len, proto, 0);
1301 	/* Probably, we should checksum udp header (it should be in cache
1302 	 * in any case) and data in tiny packets (< rx copybreak).
1303 	 */
1304 
1305 	return 0;
1306 }
1307 
1308 /*
1309  *	All we need to do is get the socket, and then do a checksum.
1310  */
1311 
1312 int __udp4_lib_rcv(struct sk_buff *skb, struct hlist_head udptable[],
1313 		   int proto)
1314 {
1315 	struct sock *sk;
1316 	struct udphdr *uh = udp_hdr(skb);
1317 	unsigned short ulen;
1318 	struct rtable *rt = (struct rtable*)skb->dst;
1319 	__be32 saddr = ip_hdr(skb)->saddr;
1320 	__be32 daddr = ip_hdr(skb)->daddr;
1321 
1322 	/*
1323 	 *  Validate the packet.
1324 	 */
1325 	if (!pskb_may_pull(skb, sizeof(struct udphdr)))
1326 		goto drop;		/* No space for header. */
1327 
1328 	ulen = ntohs(uh->len);
1329 	if (ulen > skb->len)
1330 		goto short_packet;
1331 
1332 	if (proto == IPPROTO_UDP) {
1333 		/* UDP validates ulen. */
1334 		if (ulen < sizeof(*uh) || pskb_trim_rcsum(skb, ulen))
1335 			goto short_packet;
1336 		uh = udp_hdr(skb);
1337 	}
1338 
1339 	if (udp4_csum_init(skb, uh, proto))
1340 		goto csum_error;
1341 
1342 	if (rt->rt_flags & (RTCF_BROADCAST|RTCF_MULTICAST))
1343 		return __udp4_lib_mcast_deliver(skb, uh, saddr, daddr, udptable);
1344 
1345 	sk = __udp4_lib_lookup(saddr, uh->source, daddr, uh->dest,
1346 			       skb->dev->ifindex, udptable);
1347 
1348 	if (sk != NULL) {
1349 		int ret = udp_queue_rcv_skb(sk, skb);
1350 		sock_put(sk);
1351 
1352 		/* a return value > 0 means to resubmit the input, but
1353 		 * it wants the return to be -protocol, or 0
1354 		 */
1355 		if (ret > 0)
1356 			return -ret;
1357 		return 0;
1358 	}
1359 
1360 	if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb))
1361 		goto drop;
1362 	nf_reset(skb);
1363 
1364 	/* No socket. Drop packet silently, if checksum is wrong */
1365 	if (udp_lib_checksum_complete(skb))
1366 		goto csum_error;
1367 
1368 	UDP_INC_STATS_BH(UDP_MIB_NOPORTS, proto == IPPROTO_UDPLITE);
1369 	icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0);
1370 
1371 	/*
1372 	 * Hmm.  We got an UDP packet to a port to which we
1373 	 * don't wanna listen.  Ignore it.
1374 	 */
1375 	kfree_skb(skb);
1376 	return 0;
1377 
1378 short_packet:
1379 	LIMIT_NETDEBUG(KERN_DEBUG "UDP%s: short packet: From %u.%u.%u.%u:%u %d/%d to %u.%u.%u.%u:%u\n",
1380 		       proto == IPPROTO_UDPLITE ? "-Lite" : "",
1381 		       NIPQUAD(saddr),
1382 		       ntohs(uh->source),
1383 		       ulen,
1384 		       skb->len,
1385 		       NIPQUAD(daddr),
1386 		       ntohs(uh->dest));
1387 	goto drop;
1388 
1389 csum_error:
1390 	/*
1391 	 * RFC1122: OK.  Discards the bad packet silently (as far as
1392 	 * the network is concerned, anyway) as per 4.1.3.4 (MUST).
1393 	 */
1394 	LIMIT_NETDEBUG(KERN_DEBUG "UDP%s: bad checksum. From %d.%d.%d.%d:%d to %d.%d.%d.%d:%d ulen %d\n",
1395 		       proto == IPPROTO_UDPLITE ? "-Lite" : "",
1396 		       NIPQUAD(saddr),
1397 		       ntohs(uh->source),
1398 		       NIPQUAD(daddr),
1399 		       ntohs(uh->dest),
1400 		       ulen);
1401 drop:
1402 	UDP_INC_STATS_BH(UDP_MIB_INERRORS, proto == IPPROTO_UDPLITE);
1403 	kfree_skb(skb);
1404 	return 0;
1405 }
1406 
1407 int udp_rcv(struct sk_buff *skb)
1408 {
1409 	return __udp4_lib_rcv(skb, udp_hash, IPPROTO_UDP);
1410 }
1411 
1412 int udp_destroy_sock(struct sock *sk)
1413 {
1414 	lock_sock(sk);
1415 	udp_flush_pending_frames(sk);
1416 	release_sock(sk);
1417 	return 0;
1418 }
1419 
1420 /*
1421  *	Socket option code for UDP
1422  */
1423 int udp_lib_setsockopt(struct sock *sk, int level, int optname,
1424 		       char __user *optval, int optlen,
1425 		       int (*push_pending_frames)(struct sock *))
1426 {
1427 	struct udp_sock *up = udp_sk(sk);
1428 	int val;
1429 	int err = 0;
1430 
1431 	if (optlen<sizeof(int))
1432 		return -EINVAL;
1433 
1434 	if (get_user(val, (int __user *)optval))
1435 		return -EFAULT;
1436 
1437 	switch (optname) {
1438 	case UDP_CORK:
1439 		if (val != 0) {
1440 			up->corkflag = 1;
1441 		} else {
1442 			up->corkflag = 0;
1443 			lock_sock(sk);
1444 			(*push_pending_frames)(sk);
1445 			release_sock(sk);
1446 		}
1447 		break;
1448 
1449 	case UDP_ENCAP:
1450 		switch (val) {
1451 		case 0:
1452 		case UDP_ENCAP_ESPINUDP:
1453 		case UDP_ENCAP_ESPINUDP_NON_IKE:
1454 			up->encap_type = val;
1455 			break;
1456 		default:
1457 			err = -ENOPROTOOPT;
1458 			break;
1459 		}
1460 		break;
1461 
1462 	/*
1463 	 * 	UDP-Lite's partial checksum coverage (RFC 3828).
1464 	 */
1465 	/* The sender sets actual checksum coverage length via this option.
1466 	 * The case coverage > packet length is handled by send module. */
1467 	case UDPLITE_SEND_CSCOV:
1468 		if (!up->pcflag)         /* Disable the option on UDP sockets */
1469 			return -ENOPROTOOPT;
1470 		if (val != 0 && val < 8) /* Illegal coverage: use default (8) */
1471 			val = 8;
1472 		up->pcslen = val;
1473 		up->pcflag |= UDPLITE_SEND_CC;
1474 		break;
1475 
1476 	/* The receiver specifies a minimum checksum coverage value. To make
1477 	 * sense, this should be set to at least 8 (as done below). If zero is
1478 	 * used, this again means full checksum coverage.                     */
1479 	case UDPLITE_RECV_CSCOV:
1480 		if (!up->pcflag)         /* Disable the option on UDP sockets */
1481 			return -ENOPROTOOPT;
1482 		if (val != 0 && val < 8) /* Avoid silly minimal values.       */
1483 			val = 8;
1484 		up->pcrlen = val;
1485 		up->pcflag |= UDPLITE_RECV_CC;
1486 		break;
1487 
1488 	default:
1489 		err = -ENOPROTOOPT;
1490 		break;
1491 	}
1492 
1493 	return err;
1494 }
1495 
1496 int udp_setsockopt(struct sock *sk, int level, int optname,
1497 		   char __user *optval, int optlen)
1498 {
1499 	if (level == SOL_UDP  ||  level == SOL_UDPLITE)
1500 		return udp_lib_setsockopt(sk, level, optname, optval, optlen,
1501 					  udp_push_pending_frames);
1502 	return ip_setsockopt(sk, level, optname, optval, optlen);
1503 }
1504 
1505 #ifdef CONFIG_COMPAT
1506 int compat_udp_setsockopt(struct sock *sk, int level, int optname,
1507 			  char __user *optval, int optlen)
1508 {
1509 	if (level == SOL_UDP  ||  level == SOL_UDPLITE)
1510 		return udp_lib_setsockopt(sk, level, optname, optval, optlen,
1511 					  udp_push_pending_frames);
1512 	return compat_ip_setsockopt(sk, level, optname, optval, optlen);
1513 }
1514 #endif
1515 
1516 int udp_lib_getsockopt(struct sock *sk, int level, int optname,
1517 		       char __user *optval, int __user *optlen)
1518 {
1519 	struct udp_sock *up = udp_sk(sk);
1520 	int val, len;
1521 
1522 	if (get_user(len,optlen))
1523 		return -EFAULT;
1524 
1525 	len = min_t(unsigned int, len, sizeof(int));
1526 
1527 	if (len < 0)
1528 		return -EINVAL;
1529 
1530 	switch (optname) {
1531 	case UDP_CORK:
1532 		val = up->corkflag;
1533 		break;
1534 
1535 	case UDP_ENCAP:
1536 		val = up->encap_type;
1537 		break;
1538 
1539 	/* The following two cannot be changed on UDP sockets, the return is
1540 	 * always 0 (which corresponds to the full checksum coverage of UDP). */
1541 	case UDPLITE_SEND_CSCOV:
1542 		val = up->pcslen;
1543 		break;
1544 
1545 	case UDPLITE_RECV_CSCOV:
1546 		val = up->pcrlen;
1547 		break;
1548 
1549 	default:
1550 		return -ENOPROTOOPT;
1551 	}
1552 
1553 	if (put_user(len, optlen))
1554 		return -EFAULT;
1555 	if (copy_to_user(optval, &val,len))
1556 		return -EFAULT;
1557 	return 0;
1558 }
1559 
1560 int udp_getsockopt(struct sock *sk, int level, int optname,
1561 		   char __user *optval, int __user *optlen)
1562 {
1563 	if (level == SOL_UDP  ||  level == SOL_UDPLITE)
1564 		return udp_lib_getsockopt(sk, level, optname, optval, optlen);
1565 	return ip_getsockopt(sk, level, optname, optval, optlen);
1566 }
1567 
1568 #ifdef CONFIG_COMPAT
1569 int compat_udp_getsockopt(struct sock *sk, int level, int optname,
1570 				 char __user *optval, int __user *optlen)
1571 {
1572 	if (level == SOL_UDP  ||  level == SOL_UDPLITE)
1573 		return udp_lib_getsockopt(sk, level, optname, optval, optlen);
1574 	return compat_ip_getsockopt(sk, level, optname, optval, optlen);
1575 }
1576 #endif
1577 /**
1578  * 	udp_poll - wait for a UDP event.
1579  *	@file - file struct
1580  *	@sock - socket
1581  *	@wait - poll table
1582  *
1583  *	This is same as datagram poll, except for the special case of
1584  *	blocking sockets. If application is using a blocking fd
1585  *	and a packet with checksum error is in the queue;
1586  *	then it could get return from select indicating data available
1587  *	but then block when reading it. Add special case code
1588  *	to work around these arguably broken applications.
1589  */
1590 unsigned int udp_poll(struct file *file, struct socket *sock, poll_table *wait)
1591 {
1592 	unsigned int mask = datagram_poll(file, sock, wait);
1593 	struct sock *sk = sock->sk;
1594 	int 	is_lite = IS_UDPLITE(sk);
1595 
1596 	/* Check for false positives due to checksum errors */
1597 	if ( (mask & POLLRDNORM) &&
1598 	     !(file->f_flags & O_NONBLOCK) &&
1599 	     !(sk->sk_shutdown & RCV_SHUTDOWN)){
1600 		struct sk_buff_head *rcvq = &sk->sk_receive_queue;
1601 		struct sk_buff *skb;
1602 
1603 		spin_lock_bh(&rcvq->lock);
1604 		while ((skb = skb_peek(rcvq)) != NULL &&
1605 		       udp_lib_checksum_complete(skb)) {
1606 			UDP_INC_STATS_BH(UDP_MIB_INERRORS, is_lite);
1607 			__skb_unlink(skb, rcvq);
1608 			kfree_skb(skb);
1609 		}
1610 		spin_unlock_bh(&rcvq->lock);
1611 
1612 		/* nothing to see, move along */
1613 		if (skb == NULL)
1614 			mask &= ~(POLLIN | POLLRDNORM);
1615 	}
1616 
1617 	return mask;
1618 
1619 }
1620 
1621 struct proto udp_prot = {
1622 	.name		   = "UDP",
1623 	.owner		   = THIS_MODULE,
1624 	.close		   = udp_lib_close,
1625 	.connect	   = ip4_datagram_connect,
1626 	.disconnect	   = udp_disconnect,
1627 	.ioctl		   = udp_ioctl,
1628 	.destroy	   = udp_destroy_sock,
1629 	.setsockopt	   = udp_setsockopt,
1630 	.getsockopt	   = udp_getsockopt,
1631 	.sendmsg	   = udp_sendmsg,
1632 	.recvmsg	   = udp_recvmsg,
1633 	.sendpage	   = udp_sendpage,
1634 	.backlog_rcv	   = udp_queue_rcv_skb,
1635 	.hash		   = udp_lib_hash,
1636 	.unhash		   = udp_lib_unhash,
1637 	.get_port	   = udp_v4_get_port,
1638 	.obj_size	   = sizeof(struct udp_sock),
1639 #ifdef CONFIG_COMPAT
1640 	.compat_setsockopt = compat_udp_setsockopt,
1641 	.compat_getsockopt = compat_udp_getsockopt,
1642 #endif
1643 };
1644 
1645 /* ------------------------------------------------------------------------ */
1646 #ifdef CONFIG_PROC_FS
1647 
1648 static struct sock *udp_get_first(struct seq_file *seq)
1649 {
1650 	struct sock *sk;
1651 	struct udp_iter_state *state = seq->private;
1652 
1653 	for (state->bucket = 0; state->bucket < UDP_HTABLE_SIZE; ++state->bucket) {
1654 		struct hlist_node *node;
1655 		sk_for_each(sk, node, state->hashtable + state->bucket) {
1656 			if (sk->sk_family == state->family)
1657 				goto found;
1658 		}
1659 	}
1660 	sk = NULL;
1661 found:
1662 	return sk;
1663 }
1664 
1665 static struct sock *udp_get_next(struct seq_file *seq, struct sock *sk)
1666 {
1667 	struct udp_iter_state *state = seq->private;
1668 
1669 	do {
1670 		sk = sk_next(sk);
1671 try_again:
1672 		;
1673 	} while (sk && sk->sk_family != state->family);
1674 
1675 	if (!sk && ++state->bucket < UDP_HTABLE_SIZE) {
1676 		sk = sk_head(state->hashtable + state->bucket);
1677 		goto try_again;
1678 	}
1679 	return sk;
1680 }
1681 
1682 static struct sock *udp_get_idx(struct seq_file *seq, loff_t pos)
1683 {
1684 	struct sock *sk = udp_get_first(seq);
1685 
1686 	if (sk)
1687 		while (pos && (sk = udp_get_next(seq, sk)) != NULL)
1688 			--pos;
1689 	return pos ? NULL : sk;
1690 }
1691 
1692 static void *udp_seq_start(struct seq_file *seq, loff_t *pos)
1693 {
1694 	read_lock(&udp_hash_lock);
1695 	return *pos ? udp_get_idx(seq, *pos-1) : (void *)1;
1696 }
1697 
1698 static void *udp_seq_next(struct seq_file *seq, void *v, loff_t *pos)
1699 {
1700 	struct sock *sk;
1701 
1702 	if (v == (void *)1)
1703 		sk = udp_get_idx(seq, 0);
1704 	else
1705 		sk = udp_get_next(seq, v);
1706 
1707 	++*pos;
1708 	return sk;
1709 }
1710 
1711 static void udp_seq_stop(struct seq_file *seq, void *v)
1712 {
1713 	read_unlock(&udp_hash_lock);
1714 }
1715 
1716 static int udp_seq_open(struct inode *inode, struct file *file)
1717 {
1718 	struct udp_seq_afinfo *afinfo = PDE(inode)->data;
1719 	struct seq_file *seq;
1720 	int rc = -ENOMEM;
1721 	struct udp_iter_state *s = kzalloc(sizeof(*s), GFP_KERNEL);
1722 
1723 	if (!s)
1724 		goto out;
1725 	s->family		= afinfo->family;
1726 	s->hashtable		= afinfo->hashtable;
1727 	s->seq_ops.start	= udp_seq_start;
1728 	s->seq_ops.next		= udp_seq_next;
1729 	s->seq_ops.show		= afinfo->seq_show;
1730 	s->seq_ops.stop		= udp_seq_stop;
1731 
1732 	rc = seq_open(file, &s->seq_ops);
1733 	if (rc)
1734 		goto out_kfree;
1735 
1736 	seq	     = file->private_data;
1737 	seq->private = s;
1738 out:
1739 	return rc;
1740 out_kfree:
1741 	kfree(s);
1742 	goto out;
1743 }
1744 
1745 /* ------------------------------------------------------------------------ */
1746 int udp_proc_register(struct udp_seq_afinfo *afinfo)
1747 {
1748 	struct proc_dir_entry *p;
1749 	int rc = 0;
1750 
1751 	if (!afinfo)
1752 		return -EINVAL;
1753 	afinfo->seq_fops->owner		= afinfo->owner;
1754 	afinfo->seq_fops->open		= udp_seq_open;
1755 	afinfo->seq_fops->read		= seq_read;
1756 	afinfo->seq_fops->llseek	= seq_lseek;
1757 	afinfo->seq_fops->release	= seq_release_private;
1758 
1759 	p = proc_net_fops_create(afinfo->name, S_IRUGO, afinfo->seq_fops);
1760 	if (p)
1761 		p->data = afinfo;
1762 	else
1763 		rc = -ENOMEM;
1764 	return rc;
1765 }
1766 
1767 void udp_proc_unregister(struct udp_seq_afinfo *afinfo)
1768 {
1769 	if (!afinfo)
1770 		return;
1771 	proc_net_remove(afinfo->name);
1772 	memset(afinfo->seq_fops, 0, sizeof(*afinfo->seq_fops));
1773 }
1774 
1775 /* ------------------------------------------------------------------------ */
1776 static void udp4_format_sock(struct sock *sp, char *tmpbuf, int bucket)
1777 {
1778 	struct inet_sock *inet = inet_sk(sp);
1779 	__be32 dest = inet->daddr;
1780 	__be32 src  = inet->rcv_saddr;
1781 	__u16 destp	  = ntohs(inet->dport);
1782 	__u16 srcp	  = ntohs(inet->sport);
1783 
1784 	sprintf(tmpbuf, "%4d: %08X:%04X %08X:%04X"
1785 		" %02X %08X:%08X %02X:%08lX %08X %5d %8d %lu %d %p",
1786 		bucket, src, srcp, dest, destp, sp->sk_state,
1787 		atomic_read(&sp->sk_wmem_alloc),
1788 		atomic_read(&sp->sk_rmem_alloc),
1789 		0, 0L, 0, sock_i_uid(sp), 0, sock_i_ino(sp),
1790 		atomic_read(&sp->sk_refcnt), sp);
1791 }
1792 
1793 int udp4_seq_show(struct seq_file *seq, void *v)
1794 {
1795 	if (v == SEQ_START_TOKEN)
1796 		seq_printf(seq, "%-127s\n",
1797 			   "  sl  local_address rem_address   st tx_queue "
1798 			   "rx_queue tr tm->when retrnsmt   uid  timeout "
1799 			   "inode");
1800 	else {
1801 		char tmpbuf[129];
1802 		struct udp_iter_state *state = seq->private;
1803 
1804 		udp4_format_sock(v, tmpbuf, state->bucket);
1805 		seq_printf(seq, "%-127s\n", tmpbuf);
1806 	}
1807 	return 0;
1808 }
1809 
1810 /* ------------------------------------------------------------------------ */
1811 static struct file_operations udp4_seq_fops;
1812 static struct udp_seq_afinfo udp4_seq_afinfo = {
1813 	.owner		= THIS_MODULE,
1814 	.name		= "udp",
1815 	.family		= AF_INET,
1816 	.hashtable	= udp_hash,
1817 	.seq_show	= udp4_seq_show,
1818 	.seq_fops	= &udp4_seq_fops,
1819 };
1820 
1821 int __init udp4_proc_init(void)
1822 {
1823 	return udp_proc_register(&udp4_seq_afinfo);
1824 }
1825 
1826 void udp4_proc_exit(void)
1827 {
1828 	udp_proc_unregister(&udp4_seq_afinfo);
1829 }
1830 #endif /* CONFIG_PROC_FS */
1831 
1832 EXPORT_SYMBOL(udp_disconnect);
1833 EXPORT_SYMBOL(udp_hash);
1834 EXPORT_SYMBOL(udp_hash_lock);
1835 EXPORT_SYMBOL(udp_ioctl);
1836 EXPORT_SYMBOL(udp_get_port);
1837 EXPORT_SYMBOL(udp_prot);
1838 EXPORT_SYMBOL(udp_sendmsg);
1839 EXPORT_SYMBOL(udp_lib_getsockopt);
1840 EXPORT_SYMBOL(udp_lib_setsockopt);
1841 EXPORT_SYMBOL(udp_poll);
1842 
1843 #ifdef CONFIG_PROC_FS
1844 EXPORT_SYMBOL(udp_proc_register);
1845 EXPORT_SYMBOL(udp_proc_unregister);
1846 #endif
1847