1 /* 2 * INET An implementation of the TCP/IP protocol suite for the LINUX 3 * operating system. INET is implemented using the BSD Socket 4 * interface as the means of communication with the user level. 5 * 6 * The User Datagram Protocol (UDP). 7 * 8 * Version: $Id: udp.c,v 1.102 2002/02/01 22:01:04 davem Exp $ 9 * 10 * Authors: Ross Biro 11 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG> 12 * Arnt Gulbrandsen, <agulbra@nvg.unit.no> 13 * Alan Cox, <Alan.Cox@linux.org> 14 * Hirokazu Takahashi, <taka@valinux.co.jp> 15 * 16 * Fixes: 17 * Alan Cox : verify_area() calls 18 * Alan Cox : stopped close while in use off icmp 19 * messages. Not a fix but a botch that 20 * for udp at least is 'valid'. 21 * Alan Cox : Fixed icmp handling properly 22 * Alan Cox : Correct error for oversized datagrams 23 * Alan Cox : Tidied select() semantics. 24 * Alan Cox : udp_err() fixed properly, also now 25 * select and read wake correctly on errors 26 * Alan Cox : udp_send verify_area moved to avoid mem leak 27 * Alan Cox : UDP can count its memory 28 * Alan Cox : send to an unknown connection causes 29 * an ECONNREFUSED off the icmp, but 30 * does NOT close. 31 * Alan Cox : Switched to new sk_buff handlers. No more backlog! 32 * Alan Cox : Using generic datagram code. Even smaller and the PEEK 33 * bug no longer crashes it. 34 * Fred Van Kempen : Net2e support for sk->broadcast. 35 * Alan Cox : Uses skb_free_datagram 36 * Alan Cox : Added get/set sockopt support. 37 * Alan Cox : Broadcasting without option set returns EACCES. 38 * Alan Cox : No wakeup calls. Instead we now use the callbacks. 39 * Alan Cox : Use ip_tos and ip_ttl 40 * Alan Cox : SNMP Mibs 41 * Alan Cox : MSG_DONTROUTE, and 0.0.0.0 support. 42 * Matt Dillon : UDP length checks. 43 * Alan Cox : Smarter af_inet used properly. 44 * Alan Cox : Use new kernel side addressing. 45 * Alan Cox : Incorrect return on truncated datagram receive. 46 * Arnt Gulbrandsen : New udp_send and stuff 47 * Alan Cox : Cache last socket 48 * Alan Cox : Route cache 49 * Jon Peatfield : Minor efficiency fix to sendto(). 50 * Mike Shaver : RFC1122 checks. 51 * Alan Cox : Nonblocking error fix. 52 * Willy Konynenberg : Transparent proxying support. 53 * Mike McLagan : Routing by source 54 * David S. Miller : New socket lookup architecture. 55 * Last socket cache retained as it 56 * does have a high hit rate. 57 * Olaf Kirch : Don't linearise iovec on sendmsg. 58 * Andi Kleen : Some cleanups, cache destination entry 59 * for connect. 60 * Vitaly E. Lavrov : Transparent proxy revived after year coma. 61 * Melvin Smith : Check msg_name not msg_namelen in sendto(), 62 * return ENOTCONN for unconnected sockets (POSIX) 63 * Janos Farkas : don't deliver multi/broadcasts to a different 64 * bound-to-device socket 65 * Hirokazu Takahashi : HW checksumming for outgoing UDP 66 * datagrams. 67 * Hirokazu Takahashi : sendfile() on UDP works now. 68 * Arnaldo C. Melo : convert /proc/net/udp to seq_file 69 * YOSHIFUJI Hideaki @USAGI and: Support IPV6_V6ONLY socket option, which 70 * Alexey Kuznetsov: allow both IPv4 and IPv6 sockets to bind 71 * a single port at the same time. 72 * Derek Atkins <derek@ihtfp.com>: Add Encapulation Support 73 * 74 * 75 * This program is free software; you can redistribute it and/or 76 * modify it under the terms of the GNU General Public License 77 * as published by the Free Software Foundation; either version 78 * 2 of the License, or (at your option) any later version. 79 */ 80 81 #include <asm/system.h> 82 #include <asm/uaccess.h> 83 #include <asm/ioctls.h> 84 #include <linux/types.h> 85 #include <linux/fcntl.h> 86 #include <linux/module.h> 87 #include <linux/socket.h> 88 #include <linux/sockios.h> 89 #include <linux/igmp.h> 90 #include <linux/in.h> 91 #include <linux/errno.h> 92 #include <linux/timer.h> 93 #include <linux/mm.h> 94 #include <linux/inet.h> 95 #include <linux/netdevice.h> 96 #include <net/tcp_states.h> 97 #include <linux/skbuff.h> 98 #include <linux/proc_fs.h> 99 #include <linux/seq_file.h> 100 #include <net/icmp.h> 101 #include <net/route.h> 102 #include <net/checksum.h> 103 #include <net/xfrm.h> 104 #include "udp_impl.h" 105 106 /* 107 * Snmp MIB for the UDP layer 108 */ 109 110 DEFINE_SNMP_STAT(struct udp_mib, udp_statistics) __read_mostly; 111 112 struct hlist_head udp_hash[UDP_HTABLE_SIZE]; 113 DEFINE_RWLOCK(udp_hash_lock); 114 115 static int udp_port_rover; 116 117 /* 118 * Note about this hash function : 119 * Typical use is probably daddr = 0, only dport is going to vary hash 120 */ 121 static inline unsigned int udp_hash_port(__u16 port) 122 { 123 return port; 124 } 125 126 static inline int __udp_lib_port_inuse(unsigned int hash, int port, 127 const struct sock *this_sk, 128 struct hlist_head udptable[], 129 const struct udp_get_port_ops *ops) 130 { 131 struct sock *sk; 132 struct hlist_node *node; 133 struct inet_sock *inet; 134 135 sk_for_each(sk, node, &udptable[hash & (UDP_HTABLE_SIZE - 1)]) { 136 if (sk->sk_hash != hash) 137 continue; 138 inet = inet_sk(sk); 139 if (inet->num != port) 140 continue; 141 if (this_sk) { 142 if (ops->saddr_cmp(sk, this_sk)) 143 return 1; 144 } else if (ops->saddr_any(sk)) 145 return 1; 146 } 147 return 0; 148 } 149 150 /** 151 * __udp_lib_get_port - UDP/-Lite port lookup for IPv4 and IPv6 152 * 153 * @sk: socket struct in question 154 * @snum: port number to look up 155 * @udptable: hash list table, must be of UDP_HTABLE_SIZE 156 * @port_rover: pointer to record of last unallocated port 157 * @ops: AF-dependent address operations 158 */ 159 int __udp_lib_get_port(struct sock *sk, unsigned short snum, 160 struct hlist_head udptable[], int *port_rover, 161 const struct udp_get_port_ops *ops) 162 { 163 struct hlist_node *node; 164 struct hlist_head *head; 165 struct sock *sk2; 166 unsigned int hash; 167 int error = 1; 168 169 write_lock_bh(&udp_hash_lock); 170 if (snum == 0) { 171 int best_size_so_far, best, result, i; 172 173 if (*port_rover > sysctl_local_port_range[1] || 174 *port_rover < sysctl_local_port_range[0]) 175 *port_rover = sysctl_local_port_range[0]; 176 best_size_so_far = 32767; 177 best = result = *port_rover; 178 for (i = 0; i < UDP_HTABLE_SIZE; i++, result++) { 179 int size; 180 181 hash = ops->hash_port_and_rcv_saddr(result, sk); 182 head = &udptable[hash & (UDP_HTABLE_SIZE - 1)]; 183 if (hlist_empty(head)) { 184 if (result > sysctl_local_port_range[1]) 185 result = sysctl_local_port_range[0] + 186 ((result - sysctl_local_port_range[0]) & 187 (UDP_HTABLE_SIZE - 1)); 188 goto gotit; 189 } 190 size = 0; 191 sk_for_each(sk2, node, head) { 192 if (++size >= best_size_so_far) 193 goto next; 194 } 195 best_size_so_far = size; 196 best = result; 197 next: 198 ; 199 } 200 result = best; 201 for (i = 0; i < (1 << 16) / UDP_HTABLE_SIZE; 202 i++, result += UDP_HTABLE_SIZE) { 203 if (result > sysctl_local_port_range[1]) 204 result = sysctl_local_port_range[0] 205 + ((result - sysctl_local_port_range[0]) & 206 (UDP_HTABLE_SIZE - 1)); 207 hash = udp_hash_port(result); 208 if (__udp_lib_port_inuse(hash, result, 209 NULL, udptable, ops)) 210 continue; 211 if (ops->saddr_any(sk)) 212 break; 213 214 hash = ops->hash_port_and_rcv_saddr(result, sk); 215 if (! __udp_lib_port_inuse(hash, result, 216 sk, udptable, ops)) 217 break; 218 } 219 if (i >= (1 << 16) / UDP_HTABLE_SIZE) 220 goto fail; 221 gotit: 222 *port_rover = snum = result; 223 } else { 224 hash = udp_hash_port(snum); 225 head = &udptable[hash & (UDP_HTABLE_SIZE - 1)]; 226 227 sk_for_each(sk2, node, head) 228 if (sk2->sk_hash == hash && 229 sk2 != sk && 230 inet_sk(sk2)->num == snum && 231 (!sk2->sk_reuse || !sk->sk_reuse) && 232 (!sk2->sk_bound_dev_if || !sk->sk_bound_dev_if || 233 sk2->sk_bound_dev_if == sk->sk_bound_dev_if) && 234 ops->saddr_cmp(sk, sk2)) 235 goto fail; 236 237 if (!ops->saddr_any(sk)) { 238 hash = ops->hash_port_and_rcv_saddr(snum, sk); 239 head = &udptable[hash & (UDP_HTABLE_SIZE - 1)]; 240 241 sk_for_each(sk2, node, head) 242 if (sk2->sk_hash == hash && 243 sk2 != sk && 244 inet_sk(sk2)->num == snum && 245 (!sk2->sk_reuse || !sk->sk_reuse) && 246 (!sk2->sk_bound_dev_if || 247 !sk->sk_bound_dev_if || 248 sk2->sk_bound_dev_if == 249 sk->sk_bound_dev_if) && 250 ops->saddr_cmp(sk, sk2)) 251 goto fail; 252 } 253 } 254 inet_sk(sk)->num = snum; 255 sk->sk_hash = hash; 256 if (sk_unhashed(sk)) { 257 head = &udptable[hash & (UDP_HTABLE_SIZE - 1)]; 258 sk_add_node(sk, head); 259 sock_prot_inc_use(sk->sk_prot); 260 } 261 error = 0; 262 fail: 263 write_unlock_bh(&udp_hash_lock); 264 return error; 265 } 266 267 int udp_get_port(struct sock *sk, unsigned short snum, 268 const struct udp_get_port_ops *ops) 269 { 270 return __udp_lib_get_port(sk, snum, udp_hash, &udp_port_rover, ops); 271 } 272 273 static int ipv4_rcv_saddr_equal(const struct sock *sk1, const struct sock *sk2) 274 { 275 struct inet_sock *inet1 = inet_sk(sk1), *inet2 = inet_sk(sk2); 276 277 return ( !ipv6_only_sock(sk2) && 278 (!inet1->rcv_saddr || !inet2->rcv_saddr || 279 inet1->rcv_saddr == inet2->rcv_saddr )); 280 } 281 282 static int ipv4_rcv_saddr_any(const struct sock *sk) 283 { 284 return !inet_sk(sk)->rcv_saddr; 285 } 286 287 static inline unsigned int ipv4_hash_port_and_addr(__u16 port, __be32 addr) 288 { 289 addr ^= addr >> 16; 290 addr ^= addr >> 8; 291 return port ^ addr; 292 } 293 294 static unsigned int ipv4_hash_port_and_rcv_saddr(__u16 port, 295 const struct sock *sk) 296 { 297 return ipv4_hash_port_and_addr(port, inet_sk(sk)->rcv_saddr); 298 } 299 300 const struct udp_get_port_ops udp_ipv4_ops = { 301 .saddr_cmp = ipv4_rcv_saddr_equal, 302 .saddr_any = ipv4_rcv_saddr_any, 303 .hash_port_and_rcv_saddr = ipv4_hash_port_and_rcv_saddr, 304 }; 305 306 static inline int udp_v4_get_port(struct sock *sk, unsigned short snum) 307 { 308 return udp_get_port(sk, snum, &udp_ipv4_ops); 309 } 310 311 /* UDP is nearly always wildcards out the wazoo, it makes no sense to try 312 * harder than this. -DaveM 313 */ 314 static struct sock *__udp4_lib_lookup(__be32 saddr, __be16 sport, 315 __be32 daddr, __be16 dport, 316 int dif, struct hlist_head udptable[]) 317 { 318 struct sock *sk, *result = NULL; 319 struct hlist_node *node; 320 unsigned int hash, hashwild; 321 int score, best = -1, hport = ntohs(dport); 322 323 hash = ipv4_hash_port_and_addr(hport, daddr); 324 hashwild = udp_hash_port(hport); 325 326 read_lock(&udp_hash_lock); 327 328 lookup: 329 330 sk_for_each(sk, node, &udptable[hash & (UDP_HTABLE_SIZE - 1)]) { 331 struct inet_sock *inet = inet_sk(sk); 332 333 if (sk->sk_hash != hash || ipv6_only_sock(sk) || 334 inet->num != hport) 335 continue; 336 337 score = (sk->sk_family == PF_INET ? 1 : 0); 338 if (inet->rcv_saddr) { 339 if (inet->rcv_saddr != daddr) 340 continue; 341 score+=2; 342 } 343 if (inet->daddr) { 344 if (inet->daddr != saddr) 345 continue; 346 score+=2; 347 } 348 if (inet->dport) { 349 if (inet->dport != sport) 350 continue; 351 score+=2; 352 } 353 if (sk->sk_bound_dev_if) { 354 if (sk->sk_bound_dev_if != dif) 355 continue; 356 score+=2; 357 } 358 if (score == 9) { 359 result = sk; 360 goto found; 361 } else if (score > best) { 362 result = sk; 363 best = score; 364 } 365 } 366 367 if (hash != hashwild) { 368 hash = hashwild; 369 goto lookup; 370 } 371 found: 372 if (result) 373 sock_hold(result); 374 read_unlock(&udp_hash_lock); 375 return result; 376 } 377 378 static inline struct sock *udp_v4_mcast_next(struct sock *sk, unsigned int hnum, 379 int hport, __be32 loc_addr, 380 __be16 rmt_port, __be32 rmt_addr, 381 int dif) 382 { 383 struct hlist_node *node; 384 struct sock *s = sk; 385 386 sk_for_each_from(s, node) { 387 struct inet_sock *inet = inet_sk(s); 388 389 if (s->sk_hash != hnum || 390 inet->num != hport || 391 (inet->daddr && inet->daddr != rmt_addr) || 392 (inet->dport != rmt_port && inet->dport) || 393 (inet->rcv_saddr && inet->rcv_saddr != loc_addr) || 394 ipv6_only_sock(s) || 395 (s->sk_bound_dev_if && s->sk_bound_dev_if != dif)) 396 continue; 397 if (!ip_mc_sf_allow(s, loc_addr, rmt_addr, dif)) 398 continue; 399 goto found; 400 } 401 s = NULL; 402 found: 403 return s; 404 } 405 406 /* 407 * This routine is called by the ICMP module when it gets some 408 * sort of error condition. If err < 0 then the socket should 409 * be closed and the error returned to the user. If err > 0 410 * it's just the icmp type << 8 | icmp code. 411 * Header points to the ip header of the error packet. We move 412 * on past this. Then (as it used to claim before adjustment) 413 * header points to the first 8 bytes of the udp header. We need 414 * to find the appropriate port. 415 */ 416 417 void __udp4_lib_err(struct sk_buff *skb, u32 info, struct hlist_head udptable[]) 418 { 419 struct inet_sock *inet; 420 struct iphdr *iph = (struct iphdr*)skb->data; 421 struct udphdr *uh = (struct udphdr*)(skb->data+(iph->ihl<<2)); 422 const int type = icmp_hdr(skb)->type; 423 const int code = icmp_hdr(skb)->code; 424 struct sock *sk; 425 int harderr; 426 int err; 427 428 sk = __udp4_lib_lookup(iph->daddr, uh->dest, iph->saddr, uh->source, 429 skb->dev->ifindex, udptable ); 430 if (sk == NULL) { 431 ICMP_INC_STATS_BH(ICMP_MIB_INERRORS); 432 return; /* No socket for error */ 433 } 434 435 err = 0; 436 harderr = 0; 437 inet = inet_sk(sk); 438 439 switch (type) { 440 default: 441 case ICMP_TIME_EXCEEDED: 442 err = EHOSTUNREACH; 443 break; 444 case ICMP_SOURCE_QUENCH: 445 goto out; 446 case ICMP_PARAMETERPROB: 447 err = EPROTO; 448 harderr = 1; 449 break; 450 case ICMP_DEST_UNREACH: 451 if (code == ICMP_FRAG_NEEDED) { /* Path MTU discovery */ 452 if (inet->pmtudisc != IP_PMTUDISC_DONT) { 453 err = EMSGSIZE; 454 harderr = 1; 455 break; 456 } 457 goto out; 458 } 459 err = EHOSTUNREACH; 460 if (code <= NR_ICMP_UNREACH) { 461 harderr = icmp_err_convert[code].fatal; 462 err = icmp_err_convert[code].errno; 463 } 464 break; 465 } 466 467 /* 468 * RFC1122: OK. Passes ICMP errors back to application, as per 469 * 4.1.3.3. 470 */ 471 if (!inet->recverr) { 472 if (!harderr || sk->sk_state != TCP_ESTABLISHED) 473 goto out; 474 } else { 475 ip_icmp_error(sk, skb, err, uh->dest, info, (u8*)(uh+1)); 476 } 477 sk->sk_err = err; 478 sk->sk_error_report(sk); 479 out: 480 sock_put(sk); 481 } 482 483 void udp_err(struct sk_buff *skb, u32 info) 484 { 485 return __udp4_lib_err(skb, info, udp_hash); 486 } 487 488 /* 489 * Throw away all pending data and cancel the corking. Socket is locked. 490 */ 491 static void udp_flush_pending_frames(struct sock *sk) 492 { 493 struct udp_sock *up = udp_sk(sk); 494 495 if (up->pending) { 496 up->len = 0; 497 up->pending = 0; 498 ip_flush_pending_frames(sk); 499 } 500 } 501 502 /** 503 * udp4_hwcsum_outgoing - handle outgoing HW checksumming 504 * @sk: socket we are sending on 505 * @skb: sk_buff containing the filled-in UDP header 506 * (checksum field must be zeroed out) 507 */ 508 static void udp4_hwcsum_outgoing(struct sock *sk, struct sk_buff *skb, 509 __be32 src, __be32 dst, int len ) 510 { 511 unsigned int offset; 512 struct udphdr *uh = udp_hdr(skb); 513 __wsum csum = 0; 514 515 if (skb_queue_len(&sk->sk_write_queue) == 1) { 516 /* 517 * Only one fragment on the socket. 518 */ 519 skb->csum_start = skb_transport_header(skb) - skb->head; 520 skb->csum_offset = offsetof(struct udphdr, check); 521 uh->check = ~csum_tcpudp_magic(src, dst, len, IPPROTO_UDP, 0); 522 } else { 523 /* 524 * HW-checksum won't work as there are two or more 525 * fragments on the socket so that all csums of sk_buffs 526 * should be together 527 */ 528 offset = skb_transport_offset(skb); 529 skb->csum = skb_checksum(skb, offset, skb->len - offset, 0); 530 531 skb->ip_summed = CHECKSUM_NONE; 532 533 skb_queue_walk(&sk->sk_write_queue, skb) { 534 csum = csum_add(csum, skb->csum); 535 } 536 537 uh->check = csum_tcpudp_magic(src, dst, len, IPPROTO_UDP, csum); 538 if (uh->check == 0) 539 uh->check = CSUM_MANGLED_0; 540 } 541 } 542 543 /* 544 * Push out all pending data as one UDP datagram. Socket is locked. 545 */ 546 static int udp_push_pending_frames(struct sock *sk) 547 { 548 struct udp_sock *up = udp_sk(sk); 549 struct inet_sock *inet = inet_sk(sk); 550 struct flowi *fl = &inet->cork.fl; 551 struct sk_buff *skb; 552 struct udphdr *uh; 553 int err = 0; 554 __wsum csum = 0; 555 556 /* Grab the skbuff where UDP header space exists. */ 557 if ((skb = skb_peek(&sk->sk_write_queue)) == NULL) 558 goto out; 559 560 /* 561 * Create a UDP header 562 */ 563 uh = udp_hdr(skb); 564 uh->source = fl->fl_ip_sport; 565 uh->dest = fl->fl_ip_dport; 566 uh->len = htons(up->len); 567 uh->check = 0; 568 569 if (up->pcflag) /* UDP-Lite */ 570 csum = udplite_csum_outgoing(sk, skb); 571 572 else if (sk->sk_no_check == UDP_CSUM_NOXMIT) { /* UDP csum disabled */ 573 574 skb->ip_summed = CHECKSUM_NONE; 575 goto send; 576 577 } else if (skb->ip_summed == CHECKSUM_PARTIAL) { /* UDP hardware csum */ 578 579 udp4_hwcsum_outgoing(sk, skb, fl->fl4_src,fl->fl4_dst, up->len); 580 goto send; 581 582 } else /* `normal' UDP */ 583 csum = udp_csum_outgoing(sk, skb); 584 585 /* add protocol-dependent pseudo-header */ 586 uh->check = csum_tcpudp_magic(fl->fl4_src, fl->fl4_dst, up->len, 587 sk->sk_protocol, csum ); 588 if (uh->check == 0) 589 uh->check = CSUM_MANGLED_0; 590 591 send: 592 err = ip_push_pending_frames(sk); 593 out: 594 up->len = 0; 595 up->pending = 0; 596 return err; 597 } 598 599 int udp_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, 600 size_t len) 601 { 602 struct inet_sock *inet = inet_sk(sk); 603 struct udp_sock *up = udp_sk(sk); 604 int ulen = len; 605 struct ipcm_cookie ipc; 606 struct rtable *rt = NULL; 607 int free = 0; 608 int connected = 0; 609 __be32 daddr, faddr, saddr; 610 __be16 dport; 611 u8 tos; 612 int err, is_udplite = up->pcflag; 613 int corkreq = up->corkflag || msg->msg_flags&MSG_MORE; 614 int (*getfrag)(void *, char *, int, int, int, struct sk_buff *); 615 616 if (len > 0xFFFF) 617 return -EMSGSIZE; 618 619 /* 620 * Check the flags. 621 */ 622 623 if (msg->msg_flags&MSG_OOB) /* Mirror BSD error message compatibility */ 624 return -EOPNOTSUPP; 625 626 ipc.opt = NULL; 627 628 if (up->pending) { 629 /* 630 * There are pending frames. 631 * The socket lock must be held while it's corked. 632 */ 633 lock_sock(sk); 634 if (likely(up->pending)) { 635 if (unlikely(up->pending != AF_INET)) { 636 release_sock(sk); 637 return -EINVAL; 638 } 639 goto do_append_data; 640 } 641 release_sock(sk); 642 } 643 ulen += sizeof(struct udphdr); 644 645 /* 646 * Get and verify the address. 647 */ 648 if (msg->msg_name) { 649 struct sockaddr_in * usin = (struct sockaddr_in*)msg->msg_name; 650 if (msg->msg_namelen < sizeof(*usin)) 651 return -EINVAL; 652 if (usin->sin_family != AF_INET) { 653 if (usin->sin_family != AF_UNSPEC) 654 return -EAFNOSUPPORT; 655 } 656 657 daddr = usin->sin_addr.s_addr; 658 dport = usin->sin_port; 659 if (dport == 0) 660 return -EINVAL; 661 } else { 662 if (sk->sk_state != TCP_ESTABLISHED) 663 return -EDESTADDRREQ; 664 daddr = inet->daddr; 665 dport = inet->dport; 666 /* Open fast path for connected socket. 667 Route will not be used, if at least one option is set. 668 */ 669 connected = 1; 670 } 671 ipc.addr = inet->saddr; 672 673 ipc.oif = sk->sk_bound_dev_if; 674 if (msg->msg_controllen) { 675 err = ip_cmsg_send(msg, &ipc); 676 if (err) 677 return err; 678 if (ipc.opt) 679 free = 1; 680 connected = 0; 681 } 682 if (!ipc.opt) 683 ipc.opt = inet->opt; 684 685 saddr = ipc.addr; 686 ipc.addr = faddr = daddr; 687 688 if (ipc.opt && ipc.opt->srr) { 689 if (!daddr) 690 return -EINVAL; 691 faddr = ipc.opt->faddr; 692 connected = 0; 693 } 694 tos = RT_TOS(inet->tos); 695 if (sock_flag(sk, SOCK_LOCALROUTE) || 696 (msg->msg_flags & MSG_DONTROUTE) || 697 (ipc.opt && ipc.opt->is_strictroute)) { 698 tos |= RTO_ONLINK; 699 connected = 0; 700 } 701 702 if (MULTICAST(daddr)) { 703 if (!ipc.oif) 704 ipc.oif = inet->mc_index; 705 if (!saddr) 706 saddr = inet->mc_addr; 707 connected = 0; 708 } 709 710 if (connected) 711 rt = (struct rtable*)sk_dst_check(sk, 0); 712 713 if (rt == NULL) { 714 struct flowi fl = { .oif = ipc.oif, 715 .nl_u = { .ip4_u = 716 { .daddr = faddr, 717 .saddr = saddr, 718 .tos = tos } }, 719 .proto = sk->sk_protocol, 720 .uli_u = { .ports = 721 { .sport = inet->sport, 722 .dport = dport } } }; 723 security_sk_classify_flow(sk, &fl); 724 err = ip_route_output_flow(&rt, &fl, sk, 1); 725 if (err) 726 goto out; 727 728 err = -EACCES; 729 if ((rt->rt_flags & RTCF_BROADCAST) && 730 !sock_flag(sk, SOCK_BROADCAST)) 731 goto out; 732 if (connected) 733 sk_dst_set(sk, dst_clone(&rt->u.dst)); 734 } 735 736 if (msg->msg_flags&MSG_CONFIRM) 737 goto do_confirm; 738 back_from_confirm: 739 740 saddr = rt->rt_src; 741 if (!ipc.addr) 742 daddr = ipc.addr = rt->rt_dst; 743 744 lock_sock(sk); 745 if (unlikely(up->pending)) { 746 /* The socket is already corked while preparing it. */ 747 /* ... which is an evident application bug. --ANK */ 748 release_sock(sk); 749 750 LIMIT_NETDEBUG(KERN_DEBUG "udp cork app bug 2\n"); 751 err = -EINVAL; 752 goto out; 753 } 754 /* 755 * Now cork the socket to pend data. 756 */ 757 inet->cork.fl.fl4_dst = daddr; 758 inet->cork.fl.fl_ip_dport = dport; 759 inet->cork.fl.fl4_src = saddr; 760 inet->cork.fl.fl_ip_sport = inet->sport; 761 up->pending = AF_INET; 762 763 do_append_data: 764 up->len += ulen; 765 getfrag = is_udplite ? udplite_getfrag : ip_generic_getfrag; 766 err = ip_append_data(sk, getfrag, msg->msg_iov, ulen, 767 sizeof(struct udphdr), &ipc, rt, 768 corkreq ? msg->msg_flags|MSG_MORE : msg->msg_flags); 769 if (err) 770 udp_flush_pending_frames(sk); 771 else if (!corkreq) 772 err = udp_push_pending_frames(sk); 773 else if (unlikely(skb_queue_empty(&sk->sk_write_queue))) 774 up->pending = 0; 775 release_sock(sk); 776 777 out: 778 ip_rt_put(rt); 779 if (free) 780 kfree(ipc.opt); 781 if (!err) { 782 UDP_INC_STATS_USER(UDP_MIB_OUTDATAGRAMS, is_udplite); 783 return len; 784 } 785 /* 786 * ENOBUFS = no kernel mem, SOCK_NOSPACE = no sndbuf space. Reporting 787 * ENOBUFS might not be good (it's not tunable per se), but otherwise 788 * we don't have a good statistic (IpOutDiscards but it can be too many 789 * things). We could add another new stat but at least for now that 790 * seems like overkill. 791 */ 792 if (err == -ENOBUFS || test_bit(SOCK_NOSPACE, &sk->sk_socket->flags)) { 793 UDP_INC_STATS_USER(UDP_MIB_SNDBUFERRORS, is_udplite); 794 } 795 return err; 796 797 do_confirm: 798 dst_confirm(&rt->u.dst); 799 if (!(msg->msg_flags&MSG_PROBE) || len) 800 goto back_from_confirm; 801 err = 0; 802 goto out; 803 } 804 805 int udp_sendpage(struct sock *sk, struct page *page, int offset, 806 size_t size, int flags) 807 { 808 struct udp_sock *up = udp_sk(sk); 809 int ret; 810 811 if (!up->pending) { 812 struct msghdr msg = { .msg_flags = flags|MSG_MORE }; 813 814 /* Call udp_sendmsg to specify destination address which 815 * sendpage interface can't pass. 816 * This will succeed only when the socket is connected. 817 */ 818 ret = udp_sendmsg(NULL, sk, &msg, 0); 819 if (ret < 0) 820 return ret; 821 } 822 823 lock_sock(sk); 824 825 if (unlikely(!up->pending)) { 826 release_sock(sk); 827 828 LIMIT_NETDEBUG(KERN_DEBUG "udp cork app bug 3\n"); 829 return -EINVAL; 830 } 831 832 ret = ip_append_page(sk, page, offset, size, flags); 833 if (ret == -EOPNOTSUPP) { 834 release_sock(sk); 835 return sock_no_sendpage(sk->sk_socket, page, offset, 836 size, flags); 837 } 838 if (ret < 0) { 839 udp_flush_pending_frames(sk); 840 goto out; 841 } 842 843 up->len += size; 844 if (!(up->corkflag || (flags&MSG_MORE))) 845 ret = udp_push_pending_frames(sk); 846 if (!ret) 847 ret = size; 848 out: 849 release_sock(sk); 850 return ret; 851 } 852 853 /* 854 * IOCTL requests applicable to the UDP protocol 855 */ 856 857 int udp_ioctl(struct sock *sk, int cmd, unsigned long arg) 858 { 859 switch (cmd) { 860 case SIOCOUTQ: 861 { 862 int amount = atomic_read(&sk->sk_wmem_alloc); 863 return put_user(amount, (int __user *)arg); 864 } 865 866 case SIOCINQ: 867 { 868 struct sk_buff *skb; 869 unsigned long amount; 870 871 amount = 0; 872 spin_lock_bh(&sk->sk_receive_queue.lock); 873 skb = skb_peek(&sk->sk_receive_queue); 874 if (skb != NULL) { 875 /* 876 * We will only return the amount 877 * of this packet since that is all 878 * that will be read. 879 */ 880 amount = skb->len - sizeof(struct udphdr); 881 } 882 spin_unlock_bh(&sk->sk_receive_queue.lock); 883 return put_user(amount, (int __user *)arg); 884 } 885 886 default: 887 return -ENOIOCTLCMD; 888 } 889 890 return 0; 891 } 892 893 /* 894 * This should be easy, if there is something there we 895 * return it, otherwise we block. 896 */ 897 898 int udp_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, 899 size_t len, int noblock, int flags, int *addr_len) 900 { 901 struct inet_sock *inet = inet_sk(sk); 902 struct sockaddr_in *sin = (struct sockaddr_in *)msg->msg_name; 903 struct sk_buff *skb; 904 unsigned int ulen, copied; 905 int err; 906 int is_udplite = IS_UDPLITE(sk); 907 908 /* 909 * Check any passed addresses 910 */ 911 if (addr_len) 912 *addr_len=sizeof(*sin); 913 914 if (flags & MSG_ERRQUEUE) 915 return ip_recv_error(sk, msg, len); 916 917 try_again: 918 skb = skb_recv_datagram(sk, flags, noblock, &err); 919 if (!skb) 920 goto out; 921 922 ulen = skb->len - sizeof(struct udphdr); 923 copied = len; 924 if (copied > ulen) 925 copied = ulen; 926 else if (copied < ulen) 927 msg->msg_flags |= MSG_TRUNC; 928 929 /* 930 * If checksum is needed at all, try to do it while copying the 931 * data. If the data is truncated, or if we only want a partial 932 * coverage checksum (UDP-Lite), do it before the copy. 933 */ 934 935 if (copied < ulen || UDP_SKB_CB(skb)->partial_cov) { 936 if (udp_lib_checksum_complete(skb)) 937 goto csum_copy_err; 938 } 939 940 if (skb_csum_unnecessary(skb)) 941 err = skb_copy_datagram_iovec(skb, sizeof(struct udphdr), 942 msg->msg_iov, copied ); 943 else { 944 err = skb_copy_and_csum_datagram_iovec(skb, sizeof(struct udphdr), msg->msg_iov); 945 946 if (err == -EINVAL) 947 goto csum_copy_err; 948 } 949 950 if (err) 951 goto out_free; 952 953 sock_recv_timestamp(msg, sk, skb); 954 955 /* Copy the address. */ 956 if (sin) 957 { 958 sin->sin_family = AF_INET; 959 sin->sin_port = udp_hdr(skb)->source; 960 sin->sin_addr.s_addr = ip_hdr(skb)->saddr; 961 memset(sin->sin_zero, 0, sizeof(sin->sin_zero)); 962 } 963 if (inet->cmsg_flags) 964 ip_cmsg_recv(msg, skb); 965 966 err = copied; 967 if (flags & MSG_TRUNC) 968 err = ulen; 969 970 out_free: 971 skb_free_datagram(sk, skb); 972 out: 973 return err; 974 975 csum_copy_err: 976 UDP_INC_STATS_BH(UDP_MIB_INERRORS, is_udplite); 977 978 skb_kill_datagram(sk, skb, flags); 979 980 if (noblock) 981 return -EAGAIN; 982 goto try_again; 983 } 984 985 986 int udp_disconnect(struct sock *sk, int flags) 987 { 988 struct inet_sock *inet = inet_sk(sk); 989 /* 990 * 1003.1g - break association. 991 */ 992 993 sk->sk_state = TCP_CLOSE; 994 inet->daddr = 0; 995 inet->dport = 0; 996 sk->sk_bound_dev_if = 0; 997 if (!(sk->sk_userlocks & SOCK_BINDADDR_LOCK)) 998 inet_reset_saddr(sk); 999 1000 if (!(sk->sk_userlocks & SOCK_BINDPORT_LOCK)) { 1001 sk->sk_prot->unhash(sk); 1002 inet->sport = 0; 1003 } 1004 sk_dst_reset(sk); 1005 return 0; 1006 } 1007 1008 /* return: 1009 * 1 if the UDP system should process it 1010 * 0 if we should drop this packet 1011 * -1 if it should get processed by xfrm4_rcv_encap 1012 */ 1013 static int udp_encap_rcv(struct sock * sk, struct sk_buff *skb) 1014 { 1015 #ifndef CONFIG_XFRM 1016 return 1; 1017 #else 1018 struct udp_sock *up = udp_sk(sk); 1019 struct udphdr *uh; 1020 struct iphdr *iph; 1021 int iphlen, len; 1022 1023 __u8 *udpdata; 1024 __be32 *udpdata32; 1025 __u16 encap_type = up->encap_type; 1026 1027 /* if we're overly short, let UDP handle it */ 1028 len = skb->len - sizeof(struct udphdr); 1029 if (len <= 0) 1030 return 1; 1031 1032 /* if this is not encapsulated socket, then just return now */ 1033 if (!encap_type) 1034 return 1; 1035 1036 /* If this is a paged skb, make sure we pull up 1037 * whatever data we need to look at. */ 1038 if (!pskb_may_pull(skb, sizeof(struct udphdr) + min(len, 8))) 1039 return 1; 1040 1041 /* Now we can get the pointers */ 1042 uh = udp_hdr(skb); 1043 udpdata = (__u8 *)uh + sizeof(struct udphdr); 1044 udpdata32 = (__be32 *)udpdata; 1045 1046 switch (encap_type) { 1047 default: 1048 case UDP_ENCAP_ESPINUDP: 1049 /* Check if this is a keepalive packet. If so, eat it. */ 1050 if (len == 1 && udpdata[0] == 0xff) { 1051 return 0; 1052 } else if (len > sizeof(struct ip_esp_hdr) && udpdata32[0] != 0) { 1053 /* ESP Packet without Non-ESP header */ 1054 len = sizeof(struct udphdr); 1055 } else 1056 /* Must be an IKE packet.. pass it through */ 1057 return 1; 1058 break; 1059 case UDP_ENCAP_ESPINUDP_NON_IKE: 1060 /* Check if this is a keepalive packet. If so, eat it. */ 1061 if (len == 1 && udpdata[0] == 0xff) { 1062 return 0; 1063 } else if (len > 2 * sizeof(u32) + sizeof(struct ip_esp_hdr) && 1064 udpdata32[0] == 0 && udpdata32[1] == 0) { 1065 1066 /* ESP Packet with Non-IKE marker */ 1067 len = sizeof(struct udphdr) + 2 * sizeof(u32); 1068 } else 1069 /* Must be an IKE packet.. pass it through */ 1070 return 1; 1071 break; 1072 } 1073 1074 /* At this point we are sure that this is an ESPinUDP packet, 1075 * so we need to remove 'len' bytes from the packet (the UDP 1076 * header and optional ESP marker bytes) and then modify the 1077 * protocol to ESP, and then call into the transform receiver. 1078 */ 1079 if (skb_cloned(skb) && pskb_expand_head(skb, 0, 0, GFP_ATOMIC)) 1080 return 0; 1081 1082 /* Now we can update and verify the packet length... */ 1083 iph = ip_hdr(skb); 1084 iphlen = iph->ihl << 2; 1085 iph->tot_len = htons(ntohs(iph->tot_len) - len); 1086 if (skb->len < iphlen + len) { 1087 /* packet is too small!?! */ 1088 return 0; 1089 } 1090 1091 /* pull the data buffer up to the ESP header and set the 1092 * transport header to point to ESP. Keep UDP on the stack 1093 * for later. 1094 */ 1095 __skb_pull(skb, len); 1096 skb_reset_transport_header(skb); 1097 1098 /* modify the protocol (it's ESP!) */ 1099 iph->protocol = IPPROTO_ESP; 1100 1101 /* and let the caller know to send this into the ESP processor... */ 1102 return -1; 1103 #endif 1104 } 1105 1106 /* returns: 1107 * -1: error 1108 * 0: success 1109 * >0: "udp encap" protocol resubmission 1110 * 1111 * Note that in the success and error cases, the skb is assumed to 1112 * have either been requeued or freed. 1113 */ 1114 int udp_queue_rcv_skb(struct sock * sk, struct sk_buff *skb) 1115 { 1116 struct udp_sock *up = udp_sk(sk); 1117 int rc; 1118 1119 /* 1120 * Charge it to the socket, dropping if the queue is full. 1121 */ 1122 if (!xfrm4_policy_check(sk, XFRM_POLICY_IN, skb)) 1123 goto drop; 1124 nf_reset(skb); 1125 1126 if (up->encap_type) { 1127 /* 1128 * This is an encapsulation socket, so let's see if this is 1129 * an encapsulated packet. 1130 * If it's a keepalive packet, then just eat it. 1131 * If it's an encapsulateed packet, then pass it to the 1132 * IPsec xfrm input and return the response 1133 * appropriately. Otherwise, just fall through and 1134 * pass this up the UDP socket. 1135 */ 1136 int ret; 1137 1138 ret = udp_encap_rcv(sk, skb); 1139 if (ret == 0) { 1140 /* Eat the packet .. */ 1141 kfree_skb(skb); 1142 return 0; 1143 } 1144 if (ret < 0) { 1145 /* process the ESP packet */ 1146 ret = xfrm4_rcv_encap(skb, up->encap_type); 1147 UDP_INC_STATS_BH(UDP_MIB_INDATAGRAMS, up->pcflag); 1148 return -ret; 1149 } 1150 /* FALLTHROUGH -- it's a UDP Packet */ 1151 } 1152 1153 /* 1154 * UDP-Lite specific tests, ignored on UDP sockets 1155 */ 1156 if ((up->pcflag & UDPLITE_RECV_CC) && UDP_SKB_CB(skb)->partial_cov) { 1157 1158 /* 1159 * MIB statistics other than incrementing the error count are 1160 * disabled for the following two types of errors: these depend 1161 * on the application settings, not on the functioning of the 1162 * protocol stack as such. 1163 * 1164 * RFC 3828 here recommends (sec 3.3): "There should also be a 1165 * way ... to ... at least let the receiving application block 1166 * delivery of packets with coverage values less than a value 1167 * provided by the application." 1168 */ 1169 if (up->pcrlen == 0) { /* full coverage was set */ 1170 LIMIT_NETDEBUG(KERN_WARNING "UDPLITE: partial coverage " 1171 "%d while full coverage %d requested\n", 1172 UDP_SKB_CB(skb)->cscov, skb->len); 1173 goto drop; 1174 } 1175 /* The next case involves violating the min. coverage requested 1176 * by the receiver. This is subtle: if receiver wants x and x is 1177 * greater than the buffersize/MTU then receiver will complain 1178 * that it wants x while sender emits packets of smaller size y. 1179 * Therefore the above ...()->partial_cov statement is essential. 1180 */ 1181 if (UDP_SKB_CB(skb)->cscov < up->pcrlen) { 1182 LIMIT_NETDEBUG(KERN_WARNING 1183 "UDPLITE: coverage %d too small, need min %d\n", 1184 UDP_SKB_CB(skb)->cscov, up->pcrlen); 1185 goto drop; 1186 } 1187 } 1188 1189 if (sk->sk_filter) { 1190 if (udp_lib_checksum_complete(skb)) 1191 goto drop; 1192 } 1193 1194 if ((rc = sock_queue_rcv_skb(sk,skb)) < 0) { 1195 /* Note that an ENOMEM error is charged twice */ 1196 if (rc == -ENOMEM) 1197 UDP_INC_STATS_BH(UDP_MIB_RCVBUFERRORS, up->pcflag); 1198 goto drop; 1199 } 1200 1201 UDP_INC_STATS_BH(UDP_MIB_INDATAGRAMS, up->pcflag); 1202 return 0; 1203 1204 drop: 1205 UDP_INC_STATS_BH(UDP_MIB_INERRORS, up->pcflag); 1206 kfree_skb(skb); 1207 return -1; 1208 } 1209 1210 /* 1211 * Multicasts and broadcasts go to each listener. 1212 * 1213 * Note: called only from the BH handler context, 1214 * so we don't need to lock the hashes. 1215 */ 1216 static int __udp4_lib_mcast_deliver(struct sk_buff *skb, 1217 struct udphdr *uh, 1218 __be32 saddr, __be32 daddr, 1219 struct hlist_head udptable[]) 1220 { 1221 struct sock *sk, *skw, *sknext; 1222 int dif; 1223 int hport = ntohs(uh->dest); 1224 unsigned int hash = ipv4_hash_port_and_addr(hport, daddr); 1225 unsigned int hashwild = udp_hash_port(hport); 1226 1227 dif = skb->dev->ifindex; 1228 1229 read_lock(&udp_hash_lock); 1230 1231 sk = sk_head(&udptable[hash & (UDP_HTABLE_SIZE - 1)]); 1232 skw = sk_head(&udptable[hashwild & (UDP_HTABLE_SIZE - 1)]); 1233 1234 sk = udp_v4_mcast_next(sk, hash, hport, daddr, uh->source, saddr, dif); 1235 if (!sk) { 1236 hash = hashwild; 1237 sk = udp_v4_mcast_next(skw, hash, hport, daddr, uh->source, 1238 saddr, dif); 1239 } 1240 if (sk) { 1241 do { 1242 struct sk_buff *skb1 = skb; 1243 sknext = udp_v4_mcast_next(sk_next(sk), hash, hport, 1244 daddr, uh->source, saddr, dif); 1245 if (!sknext && hash != hashwild) { 1246 hash = hashwild; 1247 sknext = udp_v4_mcast_next(skw, hash, hport, 1248 daddr, uh->source, saddr, dif); 1249 } 1250 if (sknext) 1251 skb1 = skb_clone(skb, GFP_ATOMIC); 1252 1253 if (skb1) { 1254 int ret = udp_queue_rcv_skb(sk, skb1); 1255 if (ret > 0) 1256 /* 1257 * we should probably re-process 1258 * instead of dropping packets here. 1259 */ 1260 kfree_skb(skb1); 1261 } 1262 sk = sknext; 1263 } while (sknext); 1264 } else 1265 kfree_skb(skb); 1266 read_unlock(&udp_hash_lock); 1267 return 0; 1268 } 1269 1270 /* Initialize UDP checksum. If exited with zero value (success), 1271 * CHECKSUM_UNNECESSARY means, that no more checks are required. 1272 * Otherwise, csum completion requires chacksumming packet body, 1273 * including udp header and folding it to skb->csum. 1274 */ 1275 static inline int udp4_csum_init(struct sk_buff *skb, struct udphdr *uh, 1276 int proto) 1277 { 1278 const struct iphdr *iph; 1279 int err; 1280 1281 UDP_SKB_CB(skb)->partial_cov = 0; 1282 UDP_SKB_CB(skb)->cscov = skb->len; 1283 1284 if (proto == IPPROTO_UDPLITE) { 1285 err = udplite_checksum_init(skb, uh); 1286 if (err) 1287 return err; 1288 } 1289 1290 iph = ip_hdr(skb); 1291 if (uh->check == 0) { 1292 skb->ip_summed = CHECKSUM_UNNECESSARY; 1293 } else if (skb->ip_summed == CHECKSUM_COMPLETE) { 1294 if (!csum_tcpudp_magic(iph->saddr, iph->daddr, skb->len, 1295 proto, skb->csum)) 1296 skb->ip_summed = CHECKSUM_UNNECESSARY; 1297 } 1298 if (!skb_csum_unnecessary(skb)) 1299 skb->csum = csum_tcpudp_nofold(iph->saddr, iph->daddr, 1300 skb->len, proto, 0); 1301 /* Probably, we should checksum udp header (it should be in cache 1302 * in any case) and data in tiny packets (< rx copybreak). 1303 */ 1304 1305 return 0; 1306 } 1307 1308 /* 1309 * All we need to do is get the socket, and then do a checksum. 1310 */ 1311 1312 int __udp4_lib_rcv(struct sk_buff *skb, struct hlist_head udptable[], 1313 int proto) 1314 { 1315 struct sock *sk; 1316 struct udphdr *uh = udp_hdr(skb); 1317 unsigned short ulen; 1318 struct rtable *rt = (struct rtable*)skb->dst; 1319 __be32 saddr = ip_hdr(skb)->saddr; 1320 __be32 daddr = ip_hdr(skb)->daddr; 1321 1322 /* 1323 * Validate the packet. 1324 */ 1325 if (!pskb_may_pull(skb, sizeof(struct udphdr))) 1326 goto drop; /* No space for header. */ 1327 1328 ulen = ntohs(uh->len); 1329 if (ulen > skb->len) 1330 goto short_packet; 1331 1332 if (proto == IPPROTO_UDP) { 1333 /* UDP validates ulen. */ 1334 if (ulen < sizeof(*uh) || pskb_trim_rcsum(skb, ulen)) 1335 goto short_packet; 1336 uh = udp_hdr(skb); 1337 } 1338 1339 if (udp4_csum_init(skb, uh, proto)) 1340 goto csum_error; 1341 1342 if (rt->rt_flags & (RTCF_BROADCAST|RTCF_MULTICAST)) 1343 return __udp4_lib_mcast_deliver(skb, uh, saddr, daddr, udptable); 1344 1345 sk = __udp4_lib_lookup(saddr, uh->source, daddr, uh->dest, 1346 skb->dev->ifindex, udptable); 1347 1348 if (sk != NULL) { 1349 int ret = udp_queue_rcv_skb(sk, skb); 1350 sock_put(sk); 1351 1352 /* a return value > 0 means to resubmit the input, but 1353 * it wants the return to be -protocol, or 0 1354 */ 1355 if (ret > 0) 1356 return -ret; 1357 return 0; 1358 } 1359 1360 if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) 1361 goto drop; 1362 nf_reset(skb); 1363 1364 /* No socket. Drop packet silently, if checksum is wrong */ 1365 if (udp_lib_checksum_complete(skb)) 1366 goto csum_error; 1367 1368 UDP_INC_STATS_BH(UDP_MIB_NOPORTS, proto == IPPROTO_UDPLITE); 1369 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0); 1370 1371 /* 1372 * Hmm. We got an UDP packet to a port to which we 1373 * don't wanna listen. Ignore it. 1374 */ 1375 kfree_skb(skb); 1376 return 0; 1377 1378 short_packet: 1379 LIMIT_NETDEBUG(KERN_DEBUG "UDP%s: short packet: From %u.%u.%u.%u:%u %d/%d to %u.%u.%u.%u:%u\n", 1380 proto == IPPROTO_UDPLITE ? "-Lite" : "", 1381 NIPQUAD(saddr), 1382 ntohs(uh->source), 1383 ulen, 1384 skb->len, 1385 NIPQUAD(daddr), 1386 ntohs(uh->dest)); 1387 goto drop; 1388 1389 csum_error: 1390 /* 1391 * RFC1122: OK. Discards the bad packet silently (as far as 1392 * the network is concerned, anyway) as per 4.1.3.4 (MUST). 1393 */ 1394 LIMIT_NETDEBUG(KERN_DEBUG "UDP%s: bad checksum. From %d.%d.%d.%d:%d to %d.%d.%d.%d:%d ulen %d\n", 1395 proto == IPPROTO_UDPLITE ? "-Lite" : "", 1396 NIPQUAD(saddr), 1397 ntohs(uh->source), 1398 NIPQUAD(daddr), 1399 ntohs(uh->dest), 1400 ulen); 1401 drop: 1402 UDP_INC_STATS_BH(UDP_MIB_INERRORS, proto == IPPROTO_UDPLITE); 1403 kfree_skb(skb); 1404 return 0; 1405 } 1406 1407 int udp_rcv(struct sk_buff *skb) 1408 { 1409 return __udp4_lib_rcv(skb, udp_hash, IPPROTO_UDP); 1410 } 1411 1412 int udp_destroy_sock(struct sock *sk) 1413 { 1414 lock_sock(sk); 1415 udp_flush_pending_frames(sk); 1416 release_sock(sk); 1417 return 0; 1418 } 1419 1420 /* 1421 * Socket option code for UDP 1422 */ 1423 int udp_lib_setsockopt(struct sock *sk, int level, int optname, 1424 char __user *optval, int optlen, 1425 int (*push_pending_frames)(struct sock *)) 1426 { 1427 struct udp_sock *up = udp_sk(sk); 1428 int val; 1429 int err = 0; 1430 1431 if (optlen<sizeof(int)) 1432 return -EINVAL; 1433 1434 if (get_user(val, (int __user *)optval)) 1435 return -EFAULT; 1436 1437 switch (optname) { 1438 case UDP_CORK: 1439 if (val != 0) { 1440 up->corkflag = 1; 1441 } else { 1442 up->corkflag = 0; 1443 lock_sock(sk); 1444 (*push_pending_frames)(sk); 1445 release_sock(sk); 1446 } 1447 break; 1448 1449 case UDP_ENCAP: 1450 switch (val) { 1451 case 0: 1452 case UDP_ENCAP_ESPINUDP: 1453 case UDP_ENCAP_ESPINUDP_NON_IKE: 1454 up->encap_type = val; 1455 break; 1456 default: 1457 err = -ENOPROTOOPT; 1458 break; 1459 } 1460 break; 1461 1462 /* 1463 * UDP-Lite's partial checksum coverage (RFC 3828). 1464 */ 1465 /* The sender sets actual checksum coverage length via this option. 1466 * The case coverage > packet length is handled by send module. */ 1467 case UDPLITE_SEND_CSCOV: 1468 if (!up->pcflag) /* Disable the option on UDP sockets */ 1469 return -ENOPROTOOPT; 1470 if (val != 0 && val < 8) /* Illegal coverage: use default (8) */ 1471 val = 8; 1472 up->pcslen = val; 1473 up->pcflag |= UDPLITE_SEND_CC; 1474 break; 1475 1476 /* The receiver specifies a minimum checksum coverage value. To make 1477 * sense, this should be set to at least 8 (as done below). If zero is 1478 * used, this again means full checksum coverage. */ 1479 case UDPLITE_RECV_CSCOV: 1480 if (!up->pcflag) /* Disable the option on UDP sockets */ 1481 return -ENOPROTOOPT; 1482 if (val != 0 && val < 8) /* Avoid silly minimal values. */ 1483 val = 8; 1484 up->pcrlen = val; 1485 up->pcflag |= UDPLITE_RECV_CC; 1486 break; 1487 1488 default: 1489 err = -ENOPROTOOPT; 1490 break; 1491 } 1492 1493 return err; 1494 } 1495 1496 int udp_setsockopt(struct sock *sk, int level, int optname, 1497 char __user *optval, int optlen) 1498 { 1499 if (level == SOL_UDP || level == SOL_UDPLITE) 1500 return udp_lib_setsockopt(sk, level, optname, optval, optlen, 1501 udp_push_pending_frames); 1502 return ip_setsockopt(sk, level, optname, optval, optlen); 1503 } 1504 1505 #ifdef CONFIG_COMPAT 1506 int compat_udp_setsockopt(struct sock *sk, int level, int optname, 1507 char __user *optval, int optlen) 1508 { 1509 if (level == SOL_UDP || level == SOL_UDPLITE) 1510 return udp_lib_setsockopt(sk, level, optname, optval, optlen, 1511 udp_push_pending_frames); 1512 return compat_ip_setsockopt(sk, level, optname, optval, optlen); 1513 } 1514 #endif 1515 1516 int udp_lib_getsockopt(struct sock *sk, int level, int optname, 1517 char __user *optval, int __user *optlen) 1518 { 1519 struct udp_sock *up = udp_sk(sk); 1520 int val, len; 1521 1522 if (get_user(len,optlen)) 1523 return -EFAULT; 1524 1525 len = min_t(unsigned int, len, sizeof(int)); 1526 1527 if (len < 0) 1528 return -EINVAL; 1529 1530 switch (optname) { 1531 case UDP_CORK: 1532 val = up->corkflag; 1533 break; 1534 1535 case UDP_ENCAP: 1536 val = up->encap_type; 1537 break; 1538 1539 /* The following two cannot be changed on UDP sockets, the return is 1540 * always 0 (which corresponds to the full checksum coverage of UDP). */ 1541 case UDPLITE_SEND_CSCOV: 1542 val = up->pcslen; 1543 break; 1544 1545 case UDPLITE_RECV_CSCOV: 1546 val = up->pcrlen; 1547 break; 1548 1549 default: 1550 return -ENOPROTOOPT; 1551 } 1552 1553 if (put_user(len, optlen)) 1554 return -EFAULT; 1555 if (copy_to_user(optval, &val,len)) 1556 return -EFAULT; 1557 return 0; 1558 } 1559 1560 int udp_getsockopt(struct sock *sk, int level, int optname, 1561 char __user *optval, int __user *optlen) 1562 { 1563 if (level == SOL_UDP || level == SOL_UDPLITE) 1564 return udp_lib_getsockopt(sk, level, optname, optval, optlen); 1565 return ip_getsockopt(sk, level, optname, optval, optlen); 1566 } 1567 1568 #ifdef CONFIG_COMPAT 1569 int compat_udp_getsockopt(struct sock *sk, int level, int optname, 1570 char __user *optval, int __user *optlen) 1571 { 1572 if (level == SOL_UDP || level == SOL_UDPLITE) 1573 return udp_lib_getsockopt(sk, level, optname, optval, optlen); 1574 return compat_ip_getsockopt(sk, level, optname, optval, optlen); 1575 } 1576 #endif 1577 /** 1578 * udp_poll - wait for a UDP event. 1579 * @file - file struct 1580 * @sock - socket 1581 * @wait - poll table 1582 * 1583 * This is same as datagram poll, except for the special case of 1584 * blocking sockets. If application is using a blocking fd 1585 * and a packet with checksum error is in the queue; 1586 * then it could get return from select indicating data available 1587 * but then block when reading it. Add special case code 1588 * to work around these arguably broken applications. 1589 */ 1590 unsigned int udp_poll(struct file *file, struct socket *sock, poll_table *wait) 1591 { 1592 unsigned int mask = datagram_poll(file, sock, wait); 1593 struct sock *sk = sock->sk; 1594 int is_lite = IS_UDPLITE(sk); 1595 1596 /* Check for false positives due to checksum errors */ 1597 if ( (mask & POLLRDNORM) && 1598 !(file->f_flags & O_NONBLOCK) && 1599 !(sk->sk_shutdown & RCV_SHUTDOWN)){ 1600 struct sk_buff_head *rcvq = &sk->sk_receive_queue; 1601 struct sk_buff *skb; 1602 1603 spin_lock_bh(&rcvq->lock); 1604 while ((skb = skb_peek(rcvq)) != NULL && 1605 udp_lib_checksum_complete(skb)) { 1606 UDP_INC_STATS_BH(UDP_MIB_INERRORS, is_lite); 1607 __skb_unlink(skb, rcvq); 1608 kfree_skb(skb); 1609 } 1610 spin_unlock_bh(&rcvq->lock); 1611 1612 /* nothing to see, move along */ 1613 if (skb == NULL) 1614 mask &= ~(POLLIN | POLLRDNORM); 1615 } 1616 1617 return mask; 1618 1619 } 1620 1621 struct proto udp_prot = { 1622 .name = "UDP", 1623 .owner = THIS_MODULE, 1624 .close = udp_lib_close, 1625 .connect = ip4_datagram_connect, 1626 .disconnect = udp_disconnect, 1627 .ioctl = udp_ioctl, 1628 .destroy = udp_destroy_sock, 1629 .setsockopt = udp_setsockopt, 1630 .getsockopt = udp_getsockopt, 1631 .sendmsg = udp_sendmsg, 1632 .recvmsg = udp_recvmsg, 1633 .sendpage = udp_sendpage, 1634 .backlog_rcv = udp_queue_rcv_skb, 1635 .hash = udp_lib_hash, 1636 .unhash = udp_lib_unhash, 1637 .get_port = udp_v4_get_port, 1638 .obj_size = sizeof(struct udp_sock), 1639 #ifdef CONFIG_COMPAT 1640 .compat_setsockopt = compat_udp_setsockopt, 1641 .compat_getsockopt = compat_udp_getsockopt, 1642 #endif 1643 }; 1644 1645 /* ------------------------------------------------------------------------ */ 1646 #ifdef CONFIG_PROC_FS 1647 1648 static struct sock *udp_get_first(struct seq_file *seq) 1649 { 1650 struct sock *sk; 1651 struct udp_iter_state *state = seq->private; 1652 1653 for (state->bucket = 0; state->bucket < UDP_HTABLE_SIZE; ++state->bucket) { 1654 struct hlist_node *node; 1655 sk_for_each(sk, node, state->hashtable + state->bucket) { 1656 if (sk->sk_family == state->family) 1657 goto found; 1658 } 1659 } 1660 sk = NULL; 1661 found: 1662 return sk; 1663 } 1664 1665 static struct sock *udp_get_next(struct seq_file *seq, struct sock *sk) 1666 { 1667 struct udp_iter_state *state = seq->private; 1668 1669 do { 1670 sk = sk_next(sk); 1671 try_again: 1672 ; 1673 } while (sk && sk->sk_family != state->family); 1674 1675 if (!sk && ++state->bucket < UDP_HTABLE_SIZE) { 1676 sk = sk_head(state->hashtable + state->bucket); 1677 goto try_again; 1678 } 1679 return sk; 1680 } 1681 1682 static struct sock *udp_get_idx(struct seq_file *seq, loff_t pos) 1683 { 1684 struct sock *sk = udp_get_first(seq); 1685 1686 if (sk) 1687 while (pos && (sk = udp_get_next(seq, sk)) != NULL) 1688 --pos; 1689 return pos ? NULL : sk; 1690 } 1691 1692 static void *udp_seq_start(struct seq_file *seq, loff_t *pos) 1693 { 1694 read_lock(&udp_hash_lock); 1695 return *pos ? udp_get_idx(seq, *pos-1) : (void *)1; 1696 } 1697 1698 static void *udp_seq_next(struct seq_file *seq, void *v, loff_t *pos) 1699 { 1700 struct sock *sk; 1701 1702 if (v == (void *)1) 1703 sk = udp_get_idx(seq, 0); 1704 else 1705 sk = udp_get_next(seq, v); 1706 1707 ++*pos; 1708 return sk; 1709 } 1710 1711 static void udp_seq_stop(struct seq_file *seq, void *v) 1712 { 1713 read_unlock(&udp_hash_lock); 1714 } 1715 1716 static int udp_seq_open(struct inode *inode, struct file *file) 1717 { 1718 struct udp_seq_afinfo *afinfo = PDE(inode)->data; 1719 struct seq_file *seq; 1720 int rc = -ENOMEM; 1721 struct udp_iter_state *s = kzalloc(sizeof(*s), GFP_KERNEL); 1722 1723 if (!s) 1724 goto out; 1725 s->family = afinfo->family; 1726 s->hashtable = afinfo->hashtable; 1727 s->seq_ops.start = udp_seq_start; 1728 s->seq_ops.next = udp_seq_next; 1729 s->seq_ops.show = afinfo->seq_show; 1730 s->seq_ops.stop = udp_seq_stop; 1731 1732 rc = seq_open(file, &s->seq_ops); 1733 if (rc) 1734 goto out_kfree; 1735 1736 seq = file->private_data; 1737 seq->private = s; 1738 out: 1739 return rc; 1740 out_kfree: 1741 kfree(s); 1742 goto out; 1743 } 1744 1745 /* ------------------------------------------------------------------------ */ 1746 int udp_proc_register(struct udp_seq_afinfo *afinfo) 1747 { 1748 struct proc_dir_entry *p; 1749 int rc = 0; 1750 1751 if (!afinfo) 1752 return -EINVAL; 1753 afinfo->seq_fops->owner = afinfo->owner; 1754 afinfo->seq_fops->open = udp_seq_open; 1755 afinfo->seq_fops->read = seq_read; 1756 afinfo->seq_fops->llseek = seq_lseek; 1757 afinfo->seq_fops->release = seq_release_private; 1758 1759 p = proc_net_fops_create(afinfo->name, S_IRUGO, afinfo->seq_fops); 1760 if (p) 1761 p->data = afinfo; 1762 else 1763 rc = -ENOMEM; 1764 return rc; 1765 } 1766 1767 void udp_proc_unregister(struct udp_seq_afinfo *afinfo) 1768 { 1769 if (!afinfo) 1770 return; 1771 proc_net_remove(afinfo->name); 1772 memset(afinfo->seq_fops, 0, sizeof(*afinfo->seq_fops)); 1773 } 1774 1775 /* ------------------------------------------------------------------------ */ 1776 static void udp4_format_sock(struct sock *sp, char *tmpbuf, int bucket) 1777 { 1778 struct inet_sock *inet = inet_sk(sp); 1779 __be32 dest = inet->daddr; 1780 __be32 src = inet->rcv_saddr; 1781 __u16 destp = ntohs(inet->dport); 1782 __u16 srcp = ntohs(inet->sport); 1783 1784 sprintf(tmpbuf, "%4d: %08X:%04X %08X:%04X" 1785 " %02X %08X:%08X %02X:%08lX %08X %5d %8d %lu %d %p", 1786 bucket, src, srcp, dest, destp, sp->sk_state, 1787 atomic_read(&sp->sk_wmem_alloc), 1788 atomic_read(&sp->sk_rmem_alloc), 1789 0, 0L, 0, sock_i_uid(sp), 0, sock_i_ino(sp), 1790 atomic_read(&sp->sk_refcnt), sp); 1791 } 1792 1793 int udp4_seq_show(struct seq_file *seq, void *v) 1794 { 1795 if (v == SEQ_START_TOKEN) 1796 seq_printf(seq, "%-127s\n", 1797 " sl local_address rem_address st tx_queue " 1798 "rx_queue tr tm->when retrnsmt uid timeout " 1799 "inode"); 1800 else { 1801 char tmpbuf[129]; 1802 struct udp_iter_state *state = seq->private; 1803 1804 udp4_format_sock(v, tmpbuf, state->bucket); 1805 seq_printf(seq, "%-127s\n", tmpbuf); 1806 } 1807 return 0; 1808 } 1809 1810 /* ------------------------------------------------------------------------ */ 1811 static struct file_operations udp4_seq_fops; 1812 static struct udp_seq_afinfo udp4_seq_afinfo = { 1813 .owner = THIS_MODULE, 1814 .name = "udp", 1815 .family = AF_INET, 1816 .hashtable = udp_hash, 1817 .seq_show = udp4_seq_show, 1818 .seq_fops = &udp4_seq_fops, 1819 }; 1820 1821 int __init udp4_proc_init(void) 1822 { 1823 return udp_proc_register(&udp4_seq_afinfo); 1824 } 1825 1826 void udp4_proc_exit(void) 1827 { 1828 udp_proc_unregister(&udp4_seq_afinfo); 1829 } 1830 #endif /* CONFIG_PROC_FS */ 1831 1832 EXPORT_SYMBOL(udp_disconnect); 1833 EXPORT_SYMBOL(udp_hash); 1834 EXPORT_SYMBOL(udp_hash_lock); 1835 EXPORT_SYMBOL(udp_ioctl); 1836 EXPORT_SYMBOL(udp_get_port); 1837 EXPORT_SYMBOL(udp_prot); 1838 EXPORT_SYMBOL(udp_sendmsg); 1839 EXPORT_SYMBOL(udp_lib_getsockopt); 1840 EXPORT_SYMBOL(udp_lib_setsockopt); 1841 EXPORT_SYMBOL(udp_poll); 1842 1843 #ifdef CONFIG_PROC_FS 1844 EXPORT_SYMBOL(udp_proc_register); 1845 EXPORT_SYMBOL(udp_proc_unregister); 1846 #endif 1847