1 /* 2 * INET An implementation of the TCP/IP protocol suite for the LINUX 3 * operating system. INET is implemented using the BSD Socket 4 * interface as the means of communication with the user level. 5 * 6 * The User Datagram Protocol (UDP). 7 * 8 * Authors: Ross Biro 9 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG> 10 * Arnt Gulbrandsen, <agulbra@nvg.unit.no> 11 * Alan Cox, <alan@lxorguk.ukuu.org.uk> 12 * Hirokazu Takahashi, <taka@valinux.co.jp> 13 * 14 * Fixes: 15 * Alan Cox : verify_area() calls 16 * Alan Cox : stopped close while in use off icmp 17 * messages. Not a fix but a botch that 18 * for udp at least is 'valid'. 19 * Alan Cox : Fixed icmp handling properly 20 * Alan Cox : Correct error for oversized datagrams 21 * Alan Cox : Tidied select() semantics. 22 * Alan Cox : udp_err() fixed properly, also now 23 * select and read wake correctly on errors 24 * Alan Cox : udp_send verify_area moved to avoid mem leak 25 * Alan Cox : UDP can count its memory 26 * Alan Cox : send to an unknown connection causes 27 * an ECONNREFUSED off the icmp, but 28 * does NOT close. 29 * Alan Cox : Switched to new sk_buff handlers. No more backlog! 30 * Alan Cox : Using generic datagram code. Even smaller and the PEEK 31 * bug no longer crashes it. 32 * Fred Van Kempen : Net2e support for sk->broadcast. 33 * Alan Cox : Uses skb_free_datagram 34 * Alan Cox : Added get/set sockopt support. 35 * Alan Cox : Broadcasting without option set returns EACCES. 36 * Alan Cox : No wakeup calls. Instead we now use the callbacks. 37 * Alan Cox : Use ip_tos and ip_ttl 38 * Alan Cox : SNMP Mibs 39 * Alan Cox : MSG_DONTROUTE, and 0.0.0.0 support. 40 * Matt Dillon : UDP length checks. 41 * Alan Cox : Smarter af_inet used properly. 42 * Alan Cox : Use new kernel side addressing. 43 * Alan Cox : Incorrect return on truncated datagram receive. 44 * Arnt Gulbrandsen : New udp_send and stuff 45 * Alan Cox : Cache last socket 46 * Alan Cox : Route cache 47 * Jon Peatfield : Minor efficiency fix to sendto(). 48 * Mike Shaver : RFC1122 checks. 49 * Alan Cox : Nonblocking error fix. 50 * Willy Konynenberg : Transparent proxying support. 51 * Mike McLagan : Routing by source 52 * David S. Miller : New socket lookup architecture. 53 * Last socket cache retained as it 54 * does have a high hit rate. 55 * Olaf Kirch : Don't linearise iovec on sendmsg. 56 * Andi Kleen : Some cleanups, cache destination entry 57 * for connect. 58 * Vitaly E. Lavrov : Transparent proxy revived after year coma. 59 * Melvin Smith : Check msg_name not msg_namelen in sendto(), 60 * return ENOTCONN for unconnected sockets (POSIX) 61 * Janos Farkas : don't deliver multi/broadcasts to a different 62 * bound-to-device socket 63 * Hirokazu Takahashi : HW checksumming for outgoing UDP 64 * datagrams. 65 * Hirokazu Takahashi : sendfile() on UDP works now. 66 * Arnaldo C. Melo : convert /proc/net/udp to seq_file 67 * YOSHIFUJI Hideaki @USAGI and: Support IPV6_V6ONLY socket option, which 68 * Alexey Kuznetsov: allow both IPv4 and IPv6 sockets to bind 69 * a single port at the same time. 70 * Derek Atkins <derek@ihtfp.com>: Add Encapulation Support 71 * James Chapman : Add L2TP encapsulation type. 72 * 73 * 74 * This program is free software; you can redistribute it and/or 75 * modify it under the terms of the GNU General Public License 76 * as published by the Free Software Foundation; either version 77 * 2 of the License, or (at your option) any later version. 78 */ 79 80 #define pr_fmt(fmt) "UDP: " fmt 81 82 #include <asm/uaccess.h> 83 #include <asm/ioctls.h> 84 #include <linux/bootmem.h> 85 #include <linux/highmem.h> 86 #include <linux/swap.h> 87 #include <linux/types.h> 88 #include <linux/fcntl.h> 89 #include <linux/module.h> 90 #include <linux/socket.h> 91 #include <linux/sockios.h> 92 #include <linux/igmp.h> 93 #include <linux/in.h> 94 #include <linux/errno.h> 95 #include <linux/timer.h> 96 #include <linux/mm.h> 97 #include <linux/inet.h> 98 #include <linux/netdevice.h> 99 #include <linux/slab.h> 100 #include <net/tcp_states.h> 101 #include <linux/skbuff.h> 102 #include <linux/proc_fs.h> 103 #include <linux/seq_file.h> 104 #include <net/net_namespace.h> 105 #include <net/icmp.h> 106 #include <net/inet_hashtables.h> 107 #include <net/route.h> 108 #include <net/checksum.h> 109 #include <net/xfrm.h> 110 #include <trace/events/udp.h> 111 #include <linux/static_key.h> 112 #include <trace/events/skb.h> 113 #include <net/busy_poll.h> 114 #include "udp_impl.h" 115 116 struct udp_table udp_table __read_mostly; 117 EXPORT_SYMBOL(udp_table); 118 119 long sysctl_udp_mem[3] __read_mostly; 120 EXPORT_SYMBOL(sysctl_udp_mem); 121 122 int sysctl_udp_rmem_min __read_mostly; 123 EXPORT_SYMBOL(sysctl_udp_rmem_min); 124 125 int sysctl_udp_wmem_min __read_mostly; 126 EXPORT_SYMBOL(sysctl_udp_wmem_min); 127 128 atomic_long_t udp_memory_allocated; 129 EXPORT_SYMBOL(udp_memory_allocated); 130 131 #define MAX_UDP_PORTS 65536 132 #define PORTS_PER_CHAIN (MAX_UDP_PORTS / UDP_HTABLE_SIZE_MIN) 133 134 static int udp_lib_lport_inuse(struct net *net, __u16 num, 135 const struct udp_hslot *hslot, 136 unsigned long *bitmap, 137 struct sock *sk, 138 int (*saddr_comp)(const struct sock *sk1, 139 const struct sock *sk2), 140 unsigned int log) 141 { 142 struct sock *sk2; 143 struct hlist_nulls_node *node; 144 kuid_t uid = sock_i_uid(sk); 145 146 sk_nulls_for_each(sk2, node, &hslot->head) 147 if (net_eq(sock_net(sk2), net) && 148 sk2 != sk && 149 (bitmap || udp_sk(sk2)->udp_port_hash == num) && 150 (!sk2->sk_reuse || !sk->sk_reuse) && 151 (!sk2->sk_bound_dev_if || !sk->sk_bound_dev_if || 152 sk2->sk_bound_dev_if == sk->sk_bound_dev_if) && 153 (!sk2->sk_reuseport || !sk->sk_reuseport || 154 !uid_eq(uid, sock_i_uid(sk2))) && 155 (*saddr_comp)(sk, sk2)) { 156 if (bitmap) 157 __set_bit(udp_sk(sk2)->udp_port_hash >> log, 158 bitmap); 159 else 160 return 1; 161 } 162 return 0; 163 } 164 165 /* 166 * Note: we still hold spinlock of primary hash chain, so no other writer 167 * can insert/delete a socket with local_port == num 168 */ 169 static int udp_lib_lport_inuse2(struct net *net, __u16 num, 170 struct udp_hslot *hslot2, 171 struct sock *sk, 172 int (*saddr_comp)(const struct sock *sk1, 173 const struct sock *sk2)) 174 { 175 struct sock *sk2; 176 struct hlist_nulls_node *node; 177 kuid_t uid = sock_i_uid(sk); 178 int res = 0; 179 180 spin_lock(&hslot2->lock); 181 udp_portaddr_for_each_entry(sk2, node, &hslot2->head) 182 if (net_eq(sock_net(sk2), net) && 183 sk2 != sk && 184 (udp_sk(sk2)->udp_port_hash == num) && 185 (!sk2->sk_reuse || !sk->sk_reuse) && 186 (!sk2->sk_bound_dev_if || !sk->sk_bound_dev_if || 187 sk2->sk_bound_dev_if == sk->sk_bound_dev_if) && 188 (!sk2->sk_reuseport || !sk->sk_reuseport || 189 !uid_eq(uid, sock_i_uid(sk2))) && 190 (*saddr_comp)(sk, sk2)) { 191 res = 1; 192 break; 193 } 194 spin_unlock(&hslot2->lock); 195 return res; 196 } 197 198 /** 199 * udp_lib_get_port - UDP/-Lite port lookup for IPv4 and IPv6 200 * 201 * @sk: socket struct in question 202 * @snum: port number to look up 203 * @saddr_comp: AF-dependent comparison of bound local IP addresses 204 * @hash2_nulladdr: AF-dependent hash value in secondary hash chains, 205 * with NULL address 206 */ 207 int udp_lib_get_port(struct sock *sk, unsigned short snum, 208 int (*saddr_comp)(const struct sock *sk1, 209 const struct sock *sk2), 210 unsigned int hash2_nulladdr) 211 { 212 struct udp_hslot *hslot, *hslot2; 213 struct udp_table *udptable = sk->sk_prot->h.udp_table; 214 int error = 1; 215 struct net *net = sock_net(sk); 216 217 if (!snum) { 218 int low, high, remaining; 219 unsigned int rand; 220 unsigned short first, last; 221 DECLARE_BITMAP(bitmap, PORTS_PER_CHAIN); 222 223 inet_get_local_port_range(net, &low, &high); 224 remaining = (high - low) + 1; 225 226 rand = prandom_u32(); 227 first = (((u64)rand * remaining) >> 32) + low; 228 /* 229 * force rand to be an odd multiple of UDP_HTABLE_SIZE 230 */ 231 rand = (rand | 1) * (udptable->mask + 1); 232 last = first + udptable->mask + 1; 233 do { 234 hslot = udp_hashslot(udptable, net, first); 235 bitmap_zero(bitmap, PORTS_PER_CHAIN); 236 spin_lock_bh(&hslot->lock); 237 udp_lib_lport_inuse(net, snum, hslot, bitmap, sk, 238 saddr_comp, udptable->log); 239 240 snum = first; 241 /* 242 * Iterate on all possible values of snum for this hash. 243 * Using steps of an odd multiple of UDP_HTABLE_SIZE 244 * give us randomization and full range coverage. 245 */ 246 do { 247 if (low <= snum && snum <= high && 248 !test_bit(snum >> udptable->log, bitmap) && 249 !inet_is_local_reserved_port(net, snum)) 250 goto found; 251 snum += rand; 252 } while (snum != first); 253 spin_unlock_bh(&hslot->lock); 254 } while (++first != last); 255 goto fail; 256 } else { 257 hslot = udp_hashslot(udptable, net, snum); 258 spin_lock_bh(&hslot->lock); 259 if (hslot->count > 10) { 260 int exist; 261 unsigned int slot2 = udp_sk(sk)->udp_portaddr_hash ^ snum; 262 263 slot2 &= udptable->mask; 264 hash2_nulladdr &= udptable->mask; 265 266 hslot2 = udp_hashslot2(udptable, slot2); 267 if (hslot->count < hslot2->count) 268 goto scan_primary_hash; 269 270 exist = udp_lib_lport_inuse2(net, snum, hslot2, 271 sk, saddr_comp); 272 if (!exist && (hash2_nulladdr != slot2)) { 273 hslot2 = udp_hashslot2(udptable, hash2_nulladdr); 274 exist = udp_lib_lport_inuse2(net, snum, hslot2, 275 sk, saddr_comp); 276 } 277 if (exist) 278 goto fail_unlock; 279 else 280 goto found; 281 } 282 scan_primary_hash: 283 if (udp_lib_lport_inuse(net, snum, hslot, NULL, sk, 284 saddr_comp, 0)) 285 goto fail_unlock; 286 } 287 found: 288 inet_sk(sk)->inet_num = snum; 289 udp_sk(sk)->udp_port_hash = snum; 290 udp_sk(sk)->udp_portaddr_hash ^= snum; 291 if (sk_unhashed(sk)) { 292 sk_nulls_add_node_rcu(sk, &hslot->head); 293 hslot->count++; 294 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1); 295 296 hslot2 = udp_hashslot2(udptable, udp_sk(sk)->udp_portaddr_hash); 297 spin_lock(&hslot2->lock); 298 hlist_nulls_add_head_rcu(&udp_sk(sk)->udp_portaddr_node, 299 &hslot2->head); 300 hslot2->count++; 301 spin_unlock(&hslot2->lock); 302 } 303 error = 0; 304 fail_unlock: 305 spin_unlock_bh(&hslot->lock); 306 fail: 307 return error; 308 } 309 EXPORT_SYMBOL(udp_lib_get_port); 310 311 static int ipv4_rcv_saddr_equal(const struct sock *sk1, const struct sock *sk2) 312 { 313 struct inet_sock *inet1 = inet_sk(sk1), *inet2 = inet_sk(sk2); 314 315 return (!ipv6_only_sock(sk2) && 316 (!inet1->inet_rcv_saddr || !inet2->inet_rcv_saddr || 317 inet1->inet_rcv_saddr == inet2->inet_rcv_saddr)); 318 } 319 320 static unsigned int udp4_portaddr_hash(struct net *net, __be32 saddr, 321 unsigned int port) 322 { 323 return jhash_1word((__force u32)saddr, net_hash_mix(net)) ^ port; 324 } 325 326 int udp_v4_get_port(struct sock *sk, unsigned short snum) 327 { 328 unsigned int hash2_nulladdr = 329 udp4_portaddr_hash(sock_net(sk), htonl(INADDR_ANY), snum); 330 unsigned int hash2_partial = 331 udp4_portaddr_hash(sock_net(sk), inet_sk(sk)->inet_rcv_saddr, 0); 332 333 /* precompute partial secondary hash */ 334 udp_sk(sk)->udp_portaddr_hash = hash2_partial; 335 return udp_lib_get_port(sk, snum, ipv4_rcv_saddr_equal, hash2_nulladdr); 336 } 337 338 static inline int compute_score(struct sock *sk, struct net *net, __be32 saddr, 339 unsigned short hnum, 340 __be16 sport, __be32 daddr, __be16 dport, int dif) 341 { 342 int score = -1; 343 344 if (net_eq(sock_net(sk), net) && udp_sk(sk)->udp_port_hash == hnum && 345 !ipv6_only_sock(sk)) { 346 struct inet_sock *inet = inet_sk(sk); 347 348 score = (sk->sk_family == PF_INET ? 2 : 1); 349 if (inet->inet_rcv_saddr) { 350 if (inet->inet_rcv_saddr != daddr) 351 return -1; 352 score += 4; 353 } 354 if (inet->inet_daddr) { 355 if (inet->inet_daddr != saddr) 356 return -1; 357 score += 4; 358 } 359 if (inet->inet_dport) { 360 if (inet->inet_dport != sport) 361 return -1; 362 score += 4; 363 } 364 if (sk->sk_bound_dev_if) { 365 if (sk->sk_bound_dev_if != dif) 366 return -1; 367 score += 4; 368 } 369 } 370 return score; 371 } 372 373 /* 374 * In this second variant, we check (daddr, dport) matches (inet_rcv_sadd, inet_num) 375 */ 376 static inline int compute_score2(struct sock *sk, struct net *net, 377 __be32 saddr, __be16 sport, 378 __be32 daddr, unsigned int hnum, int dif) 379 { 380 int score = -1; 381 382 if (net_eq(sock_net(sk), net) && !ipv6_only_sock(sk)) { 383 struct inet_sock *inet = inet_sk(sk); 384 385 if (inet->inet_rcv_saddr != daddr) 386 return -1; 387 if (inet->inet_num != hnum) 388 return -1; 389 390 score = (sk->sk_family == PF_INET ? 2 : 1); 391 if (inet->inet_daddr) { 392 if (inet->inet_daddr != saddr) 393 return -1; 394 score += 4; 395 } 396 if (inet->inet_dport) { 397 if (inet->inet_dport != sport) 398 return -1; 399 score += 4; 400 } 401 if (sk->sk_bound_dev_if) { 402 if (sk->sk_bound_dev_if != dif) 403 return -1; 404 score += 4; 405 } 406 } 407 return score; 408 } 409 410 static unsigned int udp_ehashfn(struct net *net, const __be32 laddr, 411 const __u16 lport, const __be32 faddr, 412 const __be16 fport) 413 { 414 static u32 udp_ehash_secret __read_mostly; 415 416 net_get_random_once(&udp_ehash_secret, sizeof(udp_ehash_secret)); 417 418 return __inet_ehashfn(laddr, lport, faddr, fport, 419 udp_ehash_secret + net_hash_mix(net)); 420 } 421 422 423 /* called with read_rcu_lock() */ 424 static struct sock *udp4_lib_lookup2(struct net *net, 425 __be32 saddr, __be16 sport, 426 __be32 daddr, unsigned int hnum, int dif, 427 struct udp_hslot *hslot2, unsigned int slot2) 428 { 429 struct sock *sk, *result; 430 struct hlist_nulls_node *node; 431 int score, badness, matches = 0, reuseport = 0; 432 u32 hash = 0; 433 434 begin: 435 result = NULL; 436 badness = 0; 437 udp_portaddr_for_each_entry_rcu(sk, node, &hslot2->head) { 438 score = compute_score2(sk, net, saddr, sport, 439 daddr, hnum, dif); 440 if (score > badness) { 441 result = sk; 442 badness = score; 443 reuseport = sk->sk_reuseport; 444 if (reuseport) { 445 hash = udp_ehashfn(net, daddr, hnum, 446 saddr, sport); 447 matches = 1; 448 } 449 } else if (score == badness && reuseport) { 450 matches++; 451 if (((u64)hash * matches) >> 32 == 0) 452 result = sk; 453 hash = next_pseudo_random32(hash); 454 } 455 } 456 /* 457 * if the nulls value we got at the end of this lookup is 458 * not the expected one, we must restart lookup. 459 * We probably met an item that was moved to another chain. 460 */ 461 if (get_nulls_value(node) != slot2) 462 goto begin; 463 if (result) { 464 if (unlikely(!atomic_inc_not_zero_hint(&result->sk_refcnt, 2))) 465 result = NULL; 466 else if (unlikely(compute_score2(result, net, saddr, sport, 467 daddr, hnum, dif) < badness)) { 468 sock_put(result); 469 goto begin; 470 } 471 } 472 return result; 473 } 474 475 /* UDP is nearly always wildcards out the wazoo, it makes no sense to try 476 * harder than this. -DaveM 477 */ 478 struct sock *__udp4_lib_lookup(struct net *net, __be32 saddr, 479 __be16 sport, __be32 daddr, __be16 dport, 480 int dif, struct udp_table *udptable) 481 { 482 struct sock *sk, *result; 483 struct hlist_nulls_node *node; 484 unsigned short hnum = ntohs(dport); 485 unsigned int hash2, slot2, slot = udp_hashfn(net, hnum, udptable->mask); 486 struct udp_hslot *hslot2, *hslot = &udptable->hash[slot]; 487 int score, badness, matches = 0, reuseport = 0; 488 u32 hash = 0; 489 490 rcu_read_lock(); 491 if (hslot->count > 10) { 492 hash2 = udp4_portaddr_hash(net, daddr, hnum); 493 slot2 = hash2 & udptable->mask; 494 hslot2 = &udptable->hash2[slot2]; 495 if (hslot->count < hslot2->count) 496 goto begin; 497 498 result = udp4_lib_lookup2(net, saddr, sport, 499 daddr, hnum, dif, 500 hslot2, slot2); 501 if (!result) { 502 hash2 = udp4_portaddr_hash(net, htonl(INADDR_ANY), hnum); 503 slot2 = hash2 & udptable->mask; 504 hslot2 = &udptable->hash2[slot2]; 505 if (hslot->count < hslot2->count) 506 goto begin; 507 508 result = udp4_lib_lookup2(net, saddr, sport, 509 htonl(INADDR_ANY), hnum, dif, 510 hslot2, slot2); 511 } 512 rcu_read_unlock(); 513 return result; 514 } 515 begin: 516 result = NULL; 517 badness = 0; 518 sk_nulls_for_each_rcu(sk, node, &hslot->head) { 519 score = compute_score(sk, net, saddr, hnum, sport, 520 daddr, dport, dif); 521 if (score > badness) { 522 result = sk; 523 badness = score; 524 reuseport = sk->sk_reuseport; 525 if (reuseport) { 526 hash = udp_ehashfn(net, daddr, hnum, 527 saddr, sport); 528 matches = 1; 529 } 530 } else if (score == badness && reuseport) { 531 matches++; 532 if (((u64)hash * matches) >> 32 == 0) 533 result = sk; 534 hash = next_pseudo_random32(hash); 535 } 536 } 537 /* 538 * if the nulls value we got at the end of this lookup is 539 * not the expected one, we must restart lookup. 540 * We probably met an item that was moved to another chain. 541 */ 542 if (get_nulls_value(node) != slot) 543 goto begin; 544 545 if (result) { 546 if (unlikely(!atomic_inc_not_zero_hint(&result->sk_refcnt, 2))) 547 result = NULL; 548 else if (unlikely(compute_score(result, net, saddr, hnum, sport, 549 daddr, dport, dif) < badness)) { 550 sock_put(result); 551 goto begin; 552 } 553 } 554 rcu_read_unlock(); 555 return result; 556 } 557 EXPORT_SYMBOL_GPL(__udp4_lib_lookup); 558 559 static inline struct sock *__udp4_lib_lookup_skb(struct sk_buff *skb, 560 __be16 sport, __be16 dport, 561 struct udp_table *udptable) 562 { 563 const struct iphdr *iph = ip_hdr(skb); 564 565 return __udp4_lib_lookup(dev_net(skb_dst(skb)->dev), iph->saddr, sport, 566 iph->daddr, dport, inet_iif(skb), 567 udptable); 568 } 569 570 struct sock *udp4_lib_lookup(struct net *net, __be32 saddr, __be16 sport, 571 __be32 daddr, __be16 dport, int dif) 572 { 573 return __udp4_lib_lookup(net, saddr, sport, daddr, dport, dif, &udp_table); 574 } 575 EXPORT_SYMBOL_GPL(udp4_lib_lookup); 576 577 static inline bool __udp_is_mcast_sock(struct net *net, struct sock *sk, 578 __be16 loc_port, __be32 loc_addr, 579 __be16 rmt_port, __be32 rmt_addr, 580 int dif, unsigned short hnum) 581 { 582 struct inet_sock *inet = inet_sk(sk); 583 584 if (!net_eq(sock_net(sk), net) || 585 udp_sk(sk)->udp_port_hash != hnum || 586 (inet->inet_daddr && inet->inet_daddr != rmt_addr) || 587 (inet->inet_dport != rmt_port && inet->inet_dport) || 588 (inet->inet_rcv_saddr && inet->inet_rcv_saddr != loc_addr) || 589 ipv6_only_sock(sk) || 590 (sk->sk_bound_dev_if && sk->sk_bound_dev_if != dif)) 591 return false; 592 if (!ip_mc_sf_allow(sk, loc_addr, rmt_addr, dif)) 593 return false; 594 return true; 595 } 596 597 /* 598 * This routine is called by the ICMP module when it gets some 599 * sort of error condition. If err < 0 then the socket should 600 * be closed and the error returned to the user. If err > 0 601 * it's just the icmp type << 8 | icmp code. 602 * Header points to the ip header of the error packet. We move 603 * on past this. Then (as it used to claim before adjustment) 604 * header points to the first 8 bytes of the udp header. We need 605 * to find the appropriate port. 606 */ 607 608 void __udp4_lib_err(struct sk_buff *skb, u32 info, struct udp_table *udptable) 609 { 610 struct inet_sock *inet; 611 const struct iphdr *iph = (const struct iphdr *)skb->data; 612 struct udphdr *uh = (struct udphdr *)(skb->data+(iph->ihl<<2)); 613 const int type = icmp_hdr(skb)->type; 614 const int code = icmp_hdr(skb)->code; 615 struct sock *sk; 616 int harderr; 617 int err; 618 struct net *net = dev_net(skb->dev); 619 620 sk = __udp4_lib_lookup(net, iph->daddr, uh->dest, 621 iph->saddr, uh->source, skb->dev->ifindex, udptable); 622 if (sk == NULL) { 623 ICMP_INC_STATS_BH(net, ICMP_MIB_INERRORS); 624 return; /* No socket for error */ 625 } 626 627 err = 0; 628 harderr = 0; 629 inet = inet_sk(sk); 630 631 switch (type) { 632 default: 633 case ICMP_TIME_EXCEEDED: 634 err = EHOSTUNREACH; 635 break; 636 case ICMP_SOURCE_QUENCH: 637 goto out; 638 case ICMP_PARAMETERPROB: 639 err = EPROTO; 640 harderr = 1; 641 break; 642 case ICMP_DEST_UNREACH: 643 if (code == ICMP_FRAG_NEEDED) { /* Path MTU discovery */ 644 ipv4_sk_update_pmtu(skb, sk, info); 645 if (inet->pmtudisc != IP_PMTUDISC_DONT) { 646 err = EMSGSIZE; 647 harderr = 1; 648 break; 649 } 650 goto out; 651 } 652 err = EHOSTUNREACH; 653 if (code <= NR_ICMP_UNREACH) { 654 harderr = icmp_err_convert[code].fatal; 655 err = icmp_err_convert[code].errno; 656 } 657 break; 658 case ICMP_REDIRECT: 659 ipv4_sk_redirect(skb, sk); 660 goto out; 661 } 662 663 /* 664 * RFC1122: OK. Passes ICMP errors back to application, as per 665 * 4.1.3.3. 666 */ 667 if (!inet->recverr) { 668 if (!harderr || sk->sk_state != TCP_ESTABLISHED) 669 goto out; 670 } else 671 ip_icmp_error(sk, skb, err, uh->dest, info, (u8 *)(uh+1)); 672 673 sk->sk_err = err; 674 sk->sk_error_report(sk); 675 out: 676 sock_put(sk); 677 } 678 679 void udp_err(struct sk_buff *skb, u32 info) 680 { 681 __udp4_lib_err(skb, info, &udp_table); 682 } 683 684 /* 685 * Throw away all pending data and cancel the corking. Socket is locked. 686 */ 687 void udp_flush_pending_frames(struct sock *sk) 688 { 689 struct udp_sock *up = udp_sk(sk); 690 691 if (up->pending) { 692 up->len = 0; 693 up->pending = 0; 694 ip_flush_pending_frames(sk); 695 } 696 } 697 EXPORT_SYMBOL(udp_flush_pending_frames); 698 699 /** 700 * udp4_hwcsum - handle outgoing HW checksumming 701 * @skb: sk_buff containing the filled-in UDP header 702 * (checksum field must be zeroed out) 703 * @src: source IP address 704 * @dst: destination IP address 705 */ 706 void udp4_hwcsum(struct sk_buff *skb, __be32 src, __be32 dst) 707 { 708 struct udphdr *uh = udp_hdr(skb); 709 int offset = skb_transport_offset(skb); 710 int len = skb->len - offset; 711 int hlen = len; 712 __wsum csum = 0; 713 714 if (!skb_has_frag_list(skb)) { 715 /* 716 * Only one fragment on the socket. 717 */ 718 skb->csum_start = skb_transport_header(skb) - skb->head; 719 skb->csum_offset = offsetof(struct udphdr, check); 720 uh->check = ~csum_tcpudp_magic(src, dst, len, 721 IPPROTO_UDP, 0); 722 } else { 723 struct sk_buff *frags; 724 725 /* 726 * HW-checksum won't work as there are two or more 727 * fragments on the socket so that all csums of sk_buffs 728 * should be together 729 */ 730 skb_walk_frags(skb, frags) { 731 csum = csum_add(csum, frags->csum); 732 hlen -= frags->len; 733 } 734 735 csum = skb_checksum(skb, offset, hlen, csum); 736 skb->ip_summed = CHECKSUM_NONE; 737 738 uh->check = csum_tcpudp_magic(src, dst, len, IPPROTO_UDP, csum); 739 if (uh->check == 0) 740 uh->check = CSUM_MANGLED_0; 741 } 742 } 743 EXPORT_SYMBOL_GPL(udp4_hwcsum); 744 745 /* Function to set UDP checksum for an IPv4 UDP packet. This is intended 746 * for the simple case like when setting the checksum for a UDP tunnel. 747 */ 748 void udp_set_csum(bool nocheck, struct sk_buff *skb, 749 __be32 saddr, __be32 daddr, int len) 750 { 751 struct udphdr *uh = udp_hdr(skb); 752 753 if (nocheck) 754 uh->check = 0; 755 else if (skb_is_gso(skb)) 756 uh->check = ~udp_v4_check(len, saddr, daddr, 0); 757 else if (skb_dst(skb) && skb_dst(skb)->dev && 758 (skb_dst(skb)->dev->features & NETIF_F_V4_CSUM)) { 759 760 BUG_ON(skb->ip_summed == CHECKSUM_PARTIAL); 761 762 skb->ip_summed = CHECKSUM_PARTIAL; 763 skb->csum_start = skb_transport_header(skb) - skb->head; 764 skb->csum_offset = offsetof(struct udphdr, check); 765 uh->check = ~udp_v4_check(len, saddr, daddr, 0); 766 } else { 767 __wsum csum; 768 769 BUG_ON(skb->ip_summed == CHECKSUM_PARTIAL); 770 771 uh->check = 0; 772 csum = skb_checksum(skb, 0, len, 0); 773 uh->check = udp_v4_check(len, saddr, daddr, csum); 774 if (uh->check == 0) 775 uh->check = CSUM_MANGLED_0; 776 777 skb->ip_summed = CHECKSUM_UNNECESSARY; 778 } 779 } 780 EXPORT_SYMBOL(udp_set_csum); 781 782 static int udp_send_skb(struct sk_buff *skb, struct flowi4 *fl4) 783 { 784 struct sock *sk = skb->sk; 785 struct inet_sock *inet = inet_sk(sk); 786 struct udphdr *uh; 787 int err = 0; 788 int is_udplite = IS_UDPLITE(sk); 789 int offset = skb_transport_offset(skb); 790 int len = skb->len - offset; 791 __wsum csum = 0; 792 793 /* 794 * Create a UDP header 795 */ 796 uh = udp_hdr(skb); 797 uh->source = inet->inet_sport; 798 uh->dest = fl4->fl4_dport; 799 uh->len = htons(len); 800 uh->check = 0; 801 802 if (is_udplite) /* UDP-Lite */ 803 csum = udplite_csum(skb); 804 805 else if (sk->sk_no_check_tx) { /* UDP csum disabled */ 806 807 skb->ip_summed = CHECKSUM_NONE; 808 goto send; 809 810 } else if (skb->ip_summed == CHECKSUM_PARTIAL) { /* UDP hardware csum */ 811 812 udp4_hwcsum(skb, fl4->saddr, fl4->daddr); 813 goto send; 814 815 } else 816 csum = udp_csum(skb); 817 818 /* add protocol-dependent pseudo-header */ 819 uh->check = csum_tcpudp_magic(fl4->saddr, fl4->daddr, len, 820 sk->sk_protocol, csum); 821 if (uh->check == 0) 822 uh->check = CSUM_MANGLED_0; 823 824 send: 825 err = ip_send_skb(sock_net(sk), skb); 826 if (err) { 827 if (err == -ENOBUFS && !inet->recverr) { 828 UDP_INC_STATS_USER(sock_net(sk), 829 UDP_MIB_SNDBUFERRORS, is_udplite); 830 err = 0; 831 } 832 } else 833 UDP_INC_STATS_USER(sock_net(sk), 834 UDP_MIB_OUTDATAGRAMS, is_udplite); 835 return err; 836 } 837 838 /* 839 * Push out all pending data as one UDP datagram. Socket is locked. 840 */ 841 int udp_push_pending_frames(struct sock *sk) 842 { 843 struct udp_sock *up = udp_sk(sk); 844 struct inet_sock *inet = inet_sk(sk); 845 struct flowi4 *fl4 = &inet->cork.fl.u.ip4; 846 struct sk_buff *skb; 847 int err = 0; 848 849 skb = ip_finish_skb(sk, fl4); 850 if (!skb) 851 goto out; 852 853 err = udp_send_skb(skb, fl4); 854 855 out: 856 up->len = 0; 857 up->pending = 0; 858 return err; 859 } 860 EXPORT_SYMBOL(udp_push_pending_frames); 861 862 int udp_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, 863 size_t len) 864 { 865 struct inet_sock *inet = inet_sk(sk); 866 struct udp_sock *up = udp_sk(sk); 867 struct flowi4 fl4_stack; 868 struct flowi4 *fl4; 869 int ulen = len; 870 struct ipcm_cookie ipc; 871 struct rtable *rt = NULL; 872 int free = 0; 873 int connected = 0; 874 __be32 daddr, faddr, saddr; 875 __be16 dport; 876 u8 tos; 877 int err, is_udplite = IS_UDPLITE(sk); 878 int corkreq = up->corkflag || msg->msg_flags&MSG_MORE; 879 int (*getfrag)(void *, char *, int, int, int, struct sk_buff *); 880 struct sk_buff *skb; 881 struct ip_options_data opt_copy; 882 883 if (len > 0xFFFF) 884 return -EMSGSIZE; 885 886 /* 887 * Check the flags. 888 */ 889 890 if (msg->msg_flags & MSG_OOB) /* Mirror BSD error message compatibility */ 891 return -EOPNOTSUPP; 892 893 ipc.opt = NULL; 894 ipc.tx_flags = 0; 895 ipc.ttl = 0; 896 ipc.tos = -1; 897 898 getfrag = is_udplite ? udplite_getfrag : ip_generic_getfrag; 899 900 fl4 = &inet->cork.fl.u.ip4; 901 if (up->pending) { 902 /* 903 * There are pending frames. 904 * The socket lock must be held while it's corked. 905 */ 906 lock_sock(sk); 907 if (likely(up->pending)) { 908 if (unlikely(up->pending != AF_INET)) { 909 release_sock(sk); 910 return -EINVAL; 911 } 912 goto do_append_data; 913 } 914 release_sock(sk); 915 } 916 ulen += sizeof(struct udphdr); 917 918 /* 919 * Get and verify the address. 920 */ 921 if (msg->msg_name) { 922 DECLARE_SOCKADDR(struct sockaddr_in *, usin, msg->msg_name); 923 if (msg->msg_namelen < sizeof(*usin)) 924 return -EINVAL; 925 if (usin->sin_family != AF_INET) { 926 if (usin->sin_family != AF_UNSPEC) 927 return -EAFNOSUPPORT; 928 } 929 930 daddr = usin->sin_addr.s_addr; 931 dport = usin->sin_port; 932 if (dport == 0) 933 return -EINVAL; 934 } else { 935 if (sk->sk_state != TCP_ESTABLISHED) 936 return -EDESTADDRREQ; 937 daddr = inet->inet_daddr; 938 dport = inet->inet_dport; 939 /* Open fast path for connected socket. 940 Route will not be used, if at least one option is set. 941 */ 942 connected = 1; 943 } 944 ipc.addr = inet->inet_saddr; 945 946 ipc.oif = sk->sk_bound_dev_if; 947 948 sock_tx_timestamp(sk, &ipc.tx_flags); 949 950 if (msg->msg_controllen) { 951 err = ip_cmsg_send(sock_net(sk), msg, &ipc, 952 sk->sk_family == AF_INET6); 953 if (err) 954 return err; 955 if (ipc.opt) 956 free = 1; 957 connected = 0; 958 } 959 if (!ipc.opt) { 960 struct ip_options_rcu *inet_opt; 961 962 rcu_read_lock(); 963 inet_opt = rcu_dereference(inet->inet_opt); 964 if (inet_opt) { 965 memcpy(&opt_copy, inet_opt, 966 sizeof(*inet_opt) + inet_opt->opt.optlen); 967 ipc.opt = &opt_copy.opt; 968 } 969 rcu_read_unlock(); 970 } 971 972 saddr = ipc.addr; 973 ipc.addr = faddr = daddr; 974 975 if (ipc.opt && ipc.opt->opt.srr) { 976 if (!daddr) 977 return -EINVAL; 978 faddr = ipc.opt->opt.faddr; 979 connected = 0; 980 } 981 tos = get_rttos(&ipc, inet); 982 if (sock_flag(sk, SOCK_LOCALROUTE) || 983 (msg->msg_flags & MSG_DONTROUTE) || 984 (ipc.opt && ipc.opt->opt.is_strictroute)) { 985 tos |= RTO_ONLINK; 986 connected = 0; 987 } 988 989 if (ipv4_is_multicast(daddr)) { 990 if (!ipc.oif) 991 ipc.oif = inet->mc_index; 992 if (!saddr) 993 saddr = inet->mc_addr; 994 connected = 0; 995 } else if (!ipc.oif) 996 ipc.oif = inet->uc_index; 997 998 if (connected) 999 rt = (struct rtable *)sk_dst_check(sk, 0); 1000 1001 if (rt == NULL) { 1002 struct net *net = sock_net(sk); 1003 1004 fl4 = &fl4_stack; 1005 flowi4_init_output(fl4, ipc.oif, sk->sk_mark, tos, 1006 RT_SCOPE_UNIVERSE, sk->sk_protocol, 1007 inet_sk_flowi_flags(sk), 1008 faddr, saddr, dport, inet->inet_sport); 1009 1010 security_sk_classify_flow(sk, flowi4_to_flowi(fl4)); 1011 rt = ip_route_output_flow(net, fl4, sk); 1012 if (IS_ERR(rt)) { 1013 err = PTR_ERR(rt); 1014 rt = NULL; 1015 if (err == -ENETUNREACH) 1016 IP_INC_STATS(net, IPSTATS_MIB_OUTNOROUTES); 1017 goto out; 1018 } 1019 1020 err = -EACCES; 1021 if ((rt->rt_flags & RTCF_BROADCAST) && 1022 !sock_flag(sk, SOCK_BROADCAST)) 1023 goto out; 1024 if (connected) 1025 sk_dst_set(sk, dst_clone(&rt->dst)); 1026 } 1027 1028 if (msg->msg_flags&MSG_CONFIRM) 1029 goto do_confirm; 1030 back_from_confirm: 1031 1032 saddr = fl4->saddr; 1033 if (!ipc.addr) 1034 daddr = ipc.addr = fl4->daddr; 1035 1036 /* Lockless fast path for the non-corking case. */ 1037 if (!corkreq) { 1038 skb = ip_make_skb(sk, fl4, getfrag, msg->msg_iov, ulen, 1039 sizeof(struct udphdr), &ipc, &rt, 1040 msg->msg_flags); 1041 err = PTR_ERR(skb); 1042 if (!IS_ERR_OR_NULL(skb)) 1043 err = udp_send_skb(skb, fl4); 1044 goto out; 1045 } 1046 1047 lock_sock(sk); 1048 if (unlikely(up->pending)) { 1049 /* The socket is already corked while preparing it. */ 1050 /* ... which is an evident application bug. --ANK */ 1051 release_sock(sk); 1052 1053 LIMIT_NETDEBUG(KERN_DEBUG pr_fmt("cork app bug 2\n")); 1054 err = -EINVAL; 1055 goto out; 1056 } 1057 /* 1058 * Now cork the socket to pend data. 1059 */ 1060 fl4 = &inet->cork.fl.u.ip4; 1061 fl4->daddr = daddr; 1062 fl4->saddr = saddr; 1063 fl4->fl4_dport = dport; 1064 fl4->fl4_sport = inet->inet_sport; 1065 up->pending = AF_INET; 1066 1067 do_append_data: 1068 up->len += ulen; 1069 err = ip_append_data(sk, fl4, getfrag, msg->msg_iov, ulen, 1070 sizeof(struct udphdr), &ipc, &rt, 1071 corkreq ? msg->msg_flags|MSG_MORE : msg->msg_flags); 1072 if (err) 1073 udp_flush_pending_frames(sk); 1074 else if (!corkreq) 1075 err = udp_push_pending_frames(sk); 1076 else if (unlikely(skb_queue_empty(&sk->sk_write_queue))) 1077 up->pending = 0; 1078 release_sock(sk); 1079 1080 out: 1081 ip_rt_put(rt); 1082 if (free) 1083 kfree(ipc.opt); 1084 if (!err) 1085 return len; 1086 /* 1087 * ENOBUFS = no kernel mem, SOCK_NOSPACE = no sndbuf space. Reporting 1088 * ENOBUFS might not be good (it's not tunable per se), but otherwise 1089 * we don't have a good statistic (IpOutDiscards but it can be too many 1090 * things). We could add another new stat but at least for now that 1091 * seems like overkill. 1092 */ 1093 if (err == -ENOBUFS || test_bit(SOCK_NOSPACE, &sk->sk_socket->flags)) { 1094 UDP_INC_STATS_USER(sock_net(sk), 1095 UDP_MIB_SNDBUFERRORS, is_udplite); 1096 } 1097 return err; 1098 1099 do_confirm: 1100 dst_confirm(&rt->dst); 1101 if (!(msg->msg_flags&MSG_PROBE) || len) 1102 goto back_from_confirm; 1103 err = 0; 1104 goto out; 1105 } 1106 EXPORT_SYMBOL(udp_sendmsg); 1107 1108 int udp_sendpage(struct sock *sk, struct page *page, int offset, 1109 size_t size, int flags) 1110 { 1111 struct inet_sock *inet = inet_sk(sk); 1112 struct udp_sock *up = udp_sk(sk); 1113 int ret; 1114 1115 if (flags & MSG_SENDPAGE_NOTLAST) 1116 flags |= MSG_MORE; 1117 1118 if (!up->pending) { 1119 struct msghdr msg = { .msg_flags = flags|MSG_MORE }; 1120 1121 /* Call udp_sendmsg to specify destination address which 1122 * sendpage interface can't pass. 1123 * This will succeed only when the socket is connected. 1124 */ 1125 ret = udp_sendmsg(NULL, sk, &msg, 0); 1126 if (ret < 0) 1127 return ret; 1128 } 1129 1130 lock_sock(sk); 1131 1132 if (unlikely(!up->pending)) { 1133 release_sock(sk); 1134 1135 LIMIT_NETDEBUG(KERN_DEBUG pr_fmt("udp cork app bug 3\n")); 1136 return -EINVAL; 1137 } 1138 1139 ret = ip_append_page(sk, &inet->cork.fl.u.ip4, 1140 page, offset, size, flags); 1141 if (ret == -EOPNOTSUPP) { 1142 release_sock(sk); 1143 return sock_no_sendpage(sk->sk_socket, page, offset, 1144 size, flags); 1145 } 1146 if (ret < 0) { 1147 udp_flush_pending_frames(sk); 1148 goto out; 1149 } 1150 1151 up->len += size; 1152 if (!(up->corkflag || (flags&MSG_MORE))) 1153 ret = udp_push_pending_frames(sk); 1154 if (!ret) 1155 ret = size; 1156 out: 1157 release_sock(sk); 1158 return ret; 1159 } 1160 1161 1162 /** 1163 * first_packet_length - return length of first packet in receive queue 1164 * @sk: socket 1165 * 1166 * Drops all bad checksum frames, until a valid one is found. 1167 * Returns the length of found skb, or 0 if none is found. 1168 */ 1169 static unsigned int first_packet_length(struct sock *sk) 1170 { 1171 struct sk_buff_head list_kill, *rcvq = &sk->sk_receive_queue; 1172 struct sk_buff *skb; 1173 unsigned int res; 1174 1175 __skb_queue_head_init(&list_kill); 1176 1177 spin_lock_bh(&rcvq->lock); 1178 while ((skb = skb_peek(rcvq)) != NULL && 1179 udp_lib_checksum_complete(skb)) { 1180 UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_CSUMERRORS, 1181 IS_UDPLITE(sk)); 1182 UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS, 1183 IS_UDPLITE(sk)); 1184 atomic_inc(&sk->sk_drops); 1185 __skb_unlink(skb, rcvq); 1186 __skb_queue_tail(&list_kill, skb); 1187 } 1188 res = skb ? skb->len : 0; 1189 spin_unlock_bh(&rcvq->lock); 1190 1191 if (!skb_queue_empty(&list_kill)) { 1192 bool slow = lock_sock_fast(sk); 1193 1194 __skb_queue_purge(&list_kill); 1195 sk_mem_reclaim_partial(sk); 1196 unlock_sock_fast(sk, slow); 1197 } 1198 return res; 1199 } 1200 1201 /* 1202 * IOCTL requests applicable to the UDP protocol 1203 */ 1204 1205 int udp_ioctl(struct sock *sk, int cmd, unsigned long arg) 1206 { 1207 switch (cmd) { 1208 case SIOCOUTQ: 1209 { 1210 int amount = sk_wmem_alloc_get(sk); 1211 1212 return put_user(amount, (int __user *)arg); 1213 } 1214 1215 case SIOCINQ: 1216 { 1217 unsigned int amount = first_packet_length(sk); 1218 1219 if (amount) 1220 /* 1221 * We will only return the amount 1222 * of this packet since that is all 1223 * that will be read. 1224 */ 1225 amount -= sizeof(struct udphdr); 1226 1227 return put_user(amount, (int __user *)arg); 1228 } 1229 1230 default: 1231 return -ENOIOCTLCMD; 1232 } 1233 1234 return 0; 1235 } 1236 EXPORT_SYMBOL(udp_ioctl); 1237 1238 /* 1239 * This should be easy, if there is something there we 1240 * return it, otherwise we block. 1241 */ 1242 1243 int udp_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, 1244 size_t len, int noblock, int flags, int *addr_len) 1245 { 1246 struct inet_sock *inet = inet_sk(sk); 1247 DECLARE_SOCKADDR(struct sockaddr_in *, sin, msg->msg_name); 1248 struct sk_buff *skb; 1249 unsigned int ulen, copied; 1250 int peeked, off = 0; 1251 int err; 1252 int is_udplite = IS_UDPLITE(sk); 1253 bool slow; 1254 1255 if (flags & MSG_ERRQUEUE) 1256 return ip_recv_error(sk, msg, len, addr_len); 1257 1258 try_again: 1259 skb = __skb_recv_datagram(sk, flags | (noblock ? MSG_DONTWAIT : 0), 1260 &peeked, &off, &err); 1261 if (!skb) 1262 goto out; 1263 1264 ulen = skb->len - sizeof(struct udphdr); 1265 copied = len; 1266 if (copied > ulen) 1267 copied = ulen; 1268 else if (copied < ulen) 1269 msg->msg_flags |= MSG_TRUNC; 1270 1271 /* 1272 * If checksum is needed at all, try to do it while copying the 1273 * data. If the data is truncated, or if we only want a partial 1274 * coverage checksum (UDP-Lite), do it before the copy. 1275 */ 1276 1277 if (copied < ulen || UDP_SKB_CB(skb)->partial_cov) { 1278 if (udp_lib_checksum_complete(skb)) 1279 goto csum_copy_err; 1280 } 1281 1282 if (skb_csum_unnecessary(skb)) 1283 err = skb_copy_datagram_iovec(skb, sizeof(struct udphdr), 1284 msg->msg_iov, copied); 1285 else { 1286 err = skb_copy_and_csum_datagram_iovec(skb, 1287 sizeof(struct udphdr), 1288 msg->msg_iov); 1289 1290 if (err == -EINVAL) 1291 goto csum_copy_err; 1292 } 1293 1294 if (unlikely(err)) { 1295 trace_kfree_skb(skb, udp_recvmsg); 1296 if (!peeked) { 1297 atomic_inc(&sk->sk_drops); 1298 UDP_INC_STATS_USER(sock_net(sk), 1299 UDP_MIB_INERRORS, is_udplite); 1300 } 1301 goto out_free; 1302 } 1303 1304 if (!peeked) 1305 UDP_INC_STATS_USER(sock_net(sk), 1306 UDP_MIB_INDATAGRAMS, is_udplite); 1307 1308 sock_recv_ts_and_drops(msg, sk, skb); 1309 1310 /* Copy the address. */ 1311 if (sin) { 1312 sin->sin_family = AF_INET; 1313 sin->sin_port = udp_hdr(skb)->source; 1314 sin->sin_addr.s_addr = ip_hdr(skb)->saddr; 1315 memset(sin->sin_zero, 0, sizeof(sin->sin_zero)); 1316 *addr_len = sizeof(*sin); 1317 } 1318 if (inet->cmsg_flags) 1319 ip_cmsg_recv(msg, skb); 1320 1321 err = copied; 1322 if (flags & MSG_TRUNC) 1323 err = ulen; 1324 1325 out_free: 1326 skb_free_datagram_locked(sk, skb); 1327 out: 1328 return err; 1329 1330 csum_copy_err: 1331 slow = lock_sock_fast(sk); 1332 if (!skb_kill_datagram(sk, skb, flags)) { 1333 UDP_INC_STATS_USER(sock_net(sk), UDP_MIB_CSUMERRORS, is_udplite); 1334 UDP_INC_STATS_USER(sock_net(sk), UDP_MIB_INERRORS, is_udplite); 1335 } 1336 unlock_sock_fast(sk, slow); 1337 1338 if (noblock) 1339 return -EAGAIN; 1340 1341 /* starting over for a new packet */ 1342 msg->msg_flags &= ~MSG_TRUNC; 1343 goto try_again; 1344 } 1345 1346 1347 int udp_disconnect(struct sock *sk, int flags) 1348 { 1349 struct inet_sock *inet = inet_sk(sk); 1350 /* 1351 * 1003.1g - break association. 1352 */ 1353 1354 sk->sk_state = TCP_CLOSE; 1355 inet->inet_daddr = 0; 1356 inet->inet_dport = 0; 1357 sock_rps_reset_rxhash(sk); 1358 sk->sk_bound_dev_if = 0; 1359 if (!(sk->sk_userlocks & SOCK_BINDADDR_LOCK)) 1360 inet_reset_saddr(sk); 1361 1362 if (!(sk->sk_userlocks & SOCK_BINDPORT_LOCK)) { 1363 sk->sk_prot->unhash(sk); 1364 inet->inet_sport = 0; 1365 } 1366 sk_dst_reset(sk); 1367 return 0; 1368 } 1369 EXPORT_SYMBOL(udp_disconnect); 1370 1371 void udp_lib_unhash(struct sock *sk) 1372 { 1373 if (sk_hashed(sk)) { 1374 struct udp_table *udptable = sk->sk_prot->h.udp_table; 1375 struct udp_hslot *hslot, *hslot2; 1376 1377 hslot = udp_hashslot(udptable, sock_net(sk), 1378 udp_sk(sk)->udp_port_hash); 1379 hslot2 = udp_hashslot2(udptable, udp_sk(sk)->udp_portaddr_hash); 1380 1381 spin_lock_bh(&hslot->lock); 1382 if (sk_nulls_del_node_init_rcu(sk)) { 1383 hslot->count--; 1384 inet_sk(sk)->inet_num = 0; 1385 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, -1); 1386 1387 spin_lock(&hslot2->lock); 1388 hlist_nulls_del_init_rcu(&udp_sk(sk)->udp_portaddr_node); 1389 hslot2->count--; 1390 spin_unlock(&hslot2->lock); 1391 } 1392 spin_unlock_bh(&hslot->lock); 1393 } 1394 } 1395 EXPORT_SYMBOL(udp_lib_unhash); 1396 1397 /* 1398 * inet_rcv_saddr was changed, we must rehash secondary hash 1399 */ 1400 void udp_lib_rehash(struct sock *sk, u16 newhash) 1401 { 1402 if (sk_hashed(sk)) { 1403 struct udp_table *udptable = sk->sk_prot->h.udp_table; 1404 struct udp_hslot *hslot, *hslot2, *nhslot2; 1405 1406 hslot2 = udp_hashslot2(udptable, udp_sk(sk)->udp_portaddr_hash); 1407 nhslot2 = udp_hashslot2(udptable, newhash); 1408 udp_sk(sk)->udp_portaddr_hash = newhash; 1409 if (hslot2 != nhslot2) { 1410 hslot = udp_hashslot(udptable, sock_net(sk), 1411 udp_sk(sk)->udp_port_hash); 1412 /* we must lock primary chain too */ 1413 spin_lock_bh(&hslot->lock); 1414 1415 spin_lock(&hslot2->lock); 1416 hlist_nulls_del_init_rcu(&udp_sk(sk)->udp_portaddr_node); 1417 hslot2->count--; 1418 spin_unlock(&hslot2->lock); 1419 1420 spin_lock(&nhslot2->lock); 1421 hlist_nulls_add_head_rcu(&udp_sk(sk)->udp_portaddr_node, 1422 &nhslot2->head); 1423 nhslot2->count++; 1424 spin_unlock(&nhslot2->lock); 1425 1426 spin_unlock_bh(&hslot->lock); 1427 } 1428 } 1429 } 1430 EXPORT_SYMBOL(udp_lib_rehash); 1431 1432 static void udp_v4_rehash(struct sock *sk) 1433 { 1434 u16 new_hash = udp4_portaddr_hash(sock_net(sk), 1435 inet_sk(sk)->inet_rcv_saddr, 1436 inet_sk(sk)->inet_num); 1437 udp_lib_rehash(sk, new_hash); 1438 } 1439 1440 static int __udp_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) 1441 { 1442 int rc; 1443 1444 if (inet_sk(sk)->inet_daddr) { 1445 sock_rps_save_rxhash(sk, skb); 1446 sk_mark_napi_id(sk, skb); 1447 } 1448 1449 rc = sock_queue_rcv_skb(sk, skb); 1450 if (rc < 0) { 1451 int is_udplite = IS_UDPLITE(sk); 1452 1453 /* Note that an ENOMEM error is charged twice */ 1454 if (rc == -ENOMEM) 1455 UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_RCVBUFERRORS, 1456 is_udplite); 1457 UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS, is_udplite); 1458 kfree_skb(skb); 1459 trace_udp_fail_queue_rcv_skb(rc, sk); 1460 return -1; 1461 } 1462 1463 return 0; 1464 1465 } 1466 1467 static struct static_key udp_encap_needed __read_mostly; 1468 void udp_encap_enable(void) 1469 { 1470 if (!static_key_enabled(&udp_encap_needed)) 1471 static_key_slow_inc(&udp_encap_needed); 1472 } 1473 EXPORT_SYMBOL(udp_encap_enable); 1474 1475 /* returns: 1476 * -1: error 1477 * 0: success 1478 * >0: "udp encap" protocol resubmission 1479 * 1480 * Note that in the success and error cases, the skb is assumed to 1481 * have either been requeued or freed. 1482 */ 1483 int udp_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) 1484 { 1485 struct udp_sock *up = udp_sk(sk); 1486 int rc; 1487 int is_udplite = IS_UDPLITE(sk); 1488 1489 /* 1490 * Charge it to the socket, dropping if the queue is full. 1491 */ 1492 if (!xfrm4_policy_check(sk, XFRM_POLICY_IN, skb)) 1493 goto drop; 1494 nf_reset(skb); 1495 1496 if (static_key_false(&udp_encap_needed) && up->encap_type) { 1497 int (*encap_rcv)(struct sock *sk, struct sk_buff *skb); 1498 1499 /* 1500 * This is an encapsulation socket so pass the skb to 1501 * the socket's udp_encap_rcv() hook. Otherwise, just 1502 * fall through and pass this up the UDP socket. 1503 * up->encap_rcv() returns the following value: 1504 * =0 if skb was successfully passed to the encap 1505 * handler or was discarded by it. 1506 * >0 if skb should be passed on to UDP. 1507 * <0 if skb should be resubmitted as proto -N 1508 */ 1509 1510 /* if we're overly short, let UDP handle it */ 1511 encap_rcv = ACCESS_ONCE(up->encap_rcv); 1512 if (skb->len > sizeof(struct udphdr) && encap_rcv != NULL) { 1513 int ret; 1514 1515 /* Verify checksum before giving to encap */ 1516 if (udp_lib_checksum_complete(skb)) 1517 goto csum_error; 1518 1519 ret = encap_rcv(sk, skb); 1520 if (ret <= 0) { 1521 UDP_INC_STATS_BH(sock_net(sk), 1522 UDP_MIB_INDATAGRAMS, 1523 is_udplite); 1524 return -ret; 1525 } 1526 } 1527 1528 /* FALLTHROUGH -- it's a UDP Packet */ 1529 } 1530 1531 /* 1532 * UDP-Lite specific tests, ignored on UDP sockets 1533 */ 1534 if ((is_udplite & UDPLITE_RECV_CC) && UDP_SKB_CB(skb)->partial_cov) { 1535 1536 /* 1537 * MIB statistics other than incrementing the error count are 1538 * disabled for the following two types of errors: these depend 1539 * on the application settings, not on the functioning of the 1540 * protocol stack as such. 1541 * 1542 * RFC 3828 here recommends (sec 3.3): "There should also be a 1543 * way ... to ... at least let the receiving application block 1544 * delivery of packets with coverage values less than a value 1545 * provided by the application." 1546 */ 1547 if (up->pcrlen == 0) { /* full coverage was set */ 1548 LIMIT_NETDEBUG(KERN_WARNING "UDPLite: partial coverage %d while full coverage %d requested\n", 1549 UDP_SKB_CB(skb)->cscov, skb->len); 1550 goto drop; 1551 } 1552 /* The next case involves violating the min. coverage requested 1553 * by the receiver. This is subtle: if receiver wants x and x is 1554 * greater than the buffersize/MTU then receiver will complain 1555 * that it wants x while sender emits packets of smaller size y. 1556 * Therefore the above ...()->partial_cov statement is essential. 1557 */ 1558 if (UDP_SKB_CB(skb)->cscov < up->pcrlen) { 1559 LIMIT_NETDEBUG(KERN_WARNING "UDPLite: coverage %d too small, need min %d\n", 1560 UDP_SKB_CB(skb)->cscov, up->pcrlen); 1561 goto drop; 1562 } 1563 } 1564 1565 if (rcu_access_pointer(sk->sk_filter) && 1566 udp_lib_checksum_complete(skb)) 1567 goto csum_error; 1568 1569 1570 if (sk_rcvqueues_full(sk, sk->sk_rcvbuf)) { 1571 UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_RCVBUFERRORS, 1572 is_udplite); 1573 goto drop; 1574 } 1575 1576 rc = 0; 1577 1578 ipv4_pktinfo_prepare(sk, skb); 1579 bh_lock_sock(sk); 1580 if (!sock_owned_by_user(sk)) 1581 rc = __udp_queue_rcv_skb(sk, skb); 1582 else if (sk_add_backlog(sk, skb, sk->sk_rcvbuf)) { 1583 bh_unlock_sock(sk); 1584 goto drop; 1585 } 1586 bh_unlock_sock(sk); 1587 1588 return rc; 1589 1590 csum_error: 1591 UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_CSUMERRORS, is_udplite); 1592 drop: 1593 UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS, is_udplite); 1594 atomic_inc(&sk->sk_drops); 1595 kfree_skb(skb); 1596 return -1; 1597 } 1598 1599 1600 static void flush_stack(struct sock **stack, unsigned int count, 1601 struct sk_buff *skb, unsigned int final) 1602 { 1603 unsigned int i; 1604 struct sk_buff *skb1 = NULL; 1605 struct sock *sk; 1606 1607 for (i = 0; i < count; i++) { 1608 sk = stack[i]; 1609 if (likely(skb1 == NULL)) 1610 skb1 = (i == final) ? skb : skb_clone(skb, GFP_ATOMIC); 1611 1612 if (!skb1) { 1613 atomic_inc(&sk->sk_drops); 1614 UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_RCVBUFERRORS, 1615 IS_UDPLITE(sk)); 1616 UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS, 1617 IS_UDPLITE(sk)); 1618 } 1619 1620 if (skb1 && udp_queue_rcv_skb(sk, skb1) <= 0) 1621 skb1 = NULL; 1622 1623 sock_put(sk); 1624 } 1625 if (unlikely(skb1)) 1626 kfree_skb(skb1); 1627 } 1628 1629 /* For TCP sockets, sk_rx_dst is protected by socket lock 1630 * For UDP, we use xchg() to guard against concurrent changes. 1631 */ 1632 static void udp_sk_rx_dst_set(struct sock *sk, struct dst_entry *dst) 1633 { 1634 struct dst_entry *old; 1635 1636 dst_hold(dst); 1637 old = xchg(&sk->sk_rx_dst, dst); 1638 dst_release(old); 1639 } 1640 1641 /* 1642 * Multicasts and broadcasts go to each listener. 1643 * 1644 * Note: called only from the BH handler context. 1645 */ 1646 static int __udp4_lib_mcast_deliver(struct net *net, struct sk_buff *skb, 1647 struct udphdr *uh, 1648 __be32 saddr, __be32 daddr, 1649 struct udp_table *udptable) 1650 { 1651 struct sock *sk, *stack[256 / sizeof(struct sock *)]; 1652 struct hlist_nulls_node *node; 1653 unsigned short hnum = ntohs(uh->dest); 1654 struct udp_hslot *hslot = udp_hashslot(udptable, net, hnum); 1655 int dif = skb->dev->ifindex; 1656 unsigned int count = 0, offset = offsetof(typeof(*sk), sk_nulls_node); 1657 unsigned int hash2 = 0, hash2_any = 0, use_hash2 = (hslot->count > 10); 1658 1659 if (use_hash2) { 1660 hash2_any = udp4_portaddr_hash(net, htonl(INADDR_ANY), hnum) & 1661 udp_table.mask; 1662 hash2 = udp4_portaddr_hash(net, daddr, hnum) & udp_table.mask; 1663 start_lookup: 1664 hslot = &udp_table.hash2[hash2]; 1665 offset = offsetof(typeof(*sk), __sk_common.skc_portaddr_node); 1666 } 1667 1668 spin_lock(&hslot->lock); 1669 sk_nulls_for_each_entry_offset(sk, node, &hslot->head, offset) { 1670 if (__udp_is_mcast_sock(net, sk, 1671 uh->dest, daddr, 1672 uh->source, saddr, 1673 dif, hnum)) { 1674 if (unlikely(count == ARRAY_SIZE(stack))) { 1675 flush_stack(stack, count, skb, ~0); 1676 count = 0; 1677 } 1678 stack[count++] = sk; 1679 sock_hold(sk); 1680 } 1681 } 1682 1683 spin_unlock(&hslot->lock); 1684 1685 /* Also lookup *:port if we are using hash2 and haven't done so yet. */ 1686 if (use_hash2 && hash2 != hash2_any) { 1687 hash2 = hash2_any; 1688 goto start_lookup; 1689 } 1690 1691 /* 1692 * do the slow work with no lock held 1693 */ 1694 if (count) { 1695 flush_stack(stack, count, skb, count - 1); 1696 } else { 1697 kfree_skb(skb); 1698 } 1699 return 0; 1700 } 1701 1702 /* Initialize UDP checksum. If exited with zero value (success), 1703 * CHECKSUM_UNNECESSARY means, that no more checks are required. 1704 * Otherwise, csum completion requires chacksumming packet body, 1705 * including udp header and folding it to skb->csum. 1706 */ 1707 static inline int udp4_csum_init(struct sk_buff *skb, struct udphdr *uh, 1708 int proto) 1709 { 1710 int err; 1711 1712 UDP_SKB_CB(skb)->partial_cov = 0; 1713 UDP_SKB_CB(skb)->cscov = skb->len; 1714 1715 if (proto == IPPROTO_UDPLITE) { 1716 err = udplite_checksum_init(skb, uh); 1717 if (err) 1718 return err; 1719 } 1720 1721 return skb_checksum_init_zero_check(skb, proto, uh->check, 1722 inet_compute_pseudo); 1723 } 1724 1725 /* 1726 * All we need to do is get the socket, and then do a checksum. 1727 */ 1728 1729 int __udp4_lib_rcv(struct sk_buff *skb, struct udp_table *udptable, 1730 int proto) 1731 { 1732 struct sock *sk; 1733 struct udphdr *uh; 1734 unsigned short ulen; 1735 struct rtable *rt = skb_rtable(skb); 1736 __be32 saddr, daddr; 1737 struct net *net = dev_net(skb->dev); 1738 1739 /* 1740 * Validate the packet. 1741 */ 1742 if (!pskb_may_pull(skb, sizeof(struct udphdr))) 1743 goto drop; /* No space for header. */ 1744 1745 uh = udp_hdr(skb); 1746 ulen = ntohs(uh->len); 1747 saddr = ip_hdr(skb)->saddr; 1748 daddr = ip_hdr(skb)->daddr; 1749 1750 if (ulen > skb->len) 1751 goto short_packet; 1752 1753 if (proto == IPPROTO_UDP) { 1754 /* UDP validates ulen. */ 1755 if (ulen < sizeof(*uh) || pskb_trim_rcsum(skb, ulen)) 1756 goto short_packet; 1757 uh = udp_hdr(skb); 1758 } 1759 1760 if (udp4_csum_init(skb, uh, proto)) 1761 goto csum_error; 1762 1763 sk = skb_steal_sock(skb); 1764 if (sk) { 1765 struct dst_entry *dst = skb_dst(skb); 1766 int ret; 1767 1768 if (unlikely(sk->sk_rx_dst != dst)) 1769 udp_sk_rx_dst_set(sk, dst); 1770 1771 ret = udp_queue_rcv_skb(sk, skb); 1772 sock_put(sk); 1773 /* a return value > 0 means to resubmit the input, but 1774 * it wants the return to be -protocol, or 0 1775 */ 1776 if (ret > 0) 1777 return -ret; 1778 return 0; 1779 } else { 1780 if (rt->rt_flags & (RTCF_BROADCAST|RTCF_MULTICAST)) 1781 return __udp4_lib_mcast_deliver(net, skb, uh, 1782 saddr, daddr, udptable); 1783 1784 sk = __udp4_lib_lookup_skb(skb, uh->source, uh->dest, udptable); 1785 } 1786 1787 if (sk != NULL) { 1788 int ret; 1789 1790 ret = udp_queue_rcv_skb(sk, skb); 1791 sock_put(sk); 1792 1793 /* a return value > 0 means to resubmit the input, but 1794 * it wants the return to be -protocol, or 0 1795 */ 1796 if (ret > 0) 1797 return -ret; 1798 return 0; 1799 } 1800 1801 if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) 1802 goto drop; 1803 nf_reset(skb); 1804 1805 /* No socket. Drop packet silently, if checksum is wrong */ 1806 if (udp_lib_checksum_complete(skb)) 1807 goto csum_error; 1808 1809 UDP_INC_STATS_BH(net, UDP_MIB_NOPORTS, proto == IPPROTO_UDPLITE); 1810 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0); 1811 1812 /* 1813 * Hmm. We got an UDP packet to a port to which we 1814 * don't wanna listen. Ignore it. 1815 */ 1816 kfree_skb(skb); 1817 return 0; 1818 1819 short_packet: 1820 LIMIT_NETDEBUG(KERN_DEBUG "UDP%s: short packet: From %pI4:%u %d/%d to %pI4:%u\n", 1821 proto == IPPROTO_UDPLITE ? "Lite" : "", 1822 &saddr, ntohs(uh->source), 1823 ulen, skb->len, 1824 &daddr, ntohs(uh->dest)); 1825 goto drop; 1826 1827 csum_error: 1828 /* 1829 * RFC1122: OK. Discards the bad packet silently (as far as 1830 * the network is concerned, anyway) as per 4.1.3.4 (MUST). 1831 */ 1832 LIMIT_NETDEBUG(KERN_DEBUG "UDP%s: bad checksum. From %pI4:%u to %pI4:%u ulen %d\n", 1833 proto == IPPROTO_UDPLITE ? "Lite" : "", 1834 &saddr, ntohs(uh->source), &daddr, ntohs(uh->dest), 1835 ulen); 1836 UDP_INC_STATS_BH(net, UDP_MIB_CSUMERRORS, proto == IPPROTO_UDPLITE); 1837 drop: 1838 UDP_INC_STATS_BH(net, UDP_MIB_INERRORS, proto == IPPROTO_UDPLITE); 1839 kfree_skb(skb); 1840 return 0; 1841 } 1842 1843 /* We can only early demux multicast if there is a single matching socket. 1844 * If more than one socket found returns NULL 1845 */ 1846 static struct sock *__udp4_lib_mcast_demux_lookup(struct net *net, 1847 __be16 loc_port, __be32 loc_addr, 1848 __be16 rmt_port, __be32 rmt_addr, 1849 int dif) 1850 { 1851 struct sock *sk, *result; 1852 struct hlist_nulls_node *node; 1853 unsigned short hnum = ntohs(loc_port); 1854 unsigned int count, slot = udp_hashfn(net, hnum, udp_table.mask); 1855 struct udp_hslot *hslot = &udp_table.hash[slot]; 1856 1857 /* Do not bother scanning a too big list */ 1858 if (hslot->count > 10) 1859 return NULL; 1860 1861 rcu_read_lock(); 1862 begin: 1863 count = 0; 1864 result = NULL; 1865 sk_nulls_for_each_rcu(sk, node, &hslot->head) { 1866 if (__udp_is_mcast_sock(net, sk, 1867 loc_port, loc_addr, 1868 rmt_port, rmt_addr, 1869 dif, hnum)) { 1870 result = sk; 1871 ++count; 1872 } 1873 } 1874 /* 1875 * if the nulls value we got at the end of this lookup is 1876 * not the expected one, we must restart lookup. 1877 * We probably met an item that was moved to another chain. 1878 */ 1879 if (get_nulls_value(node) != slot) 1880 goto begin; 1881 1882 if (result) { 1883 if (count != 1 || 1884 unlikely(!atomic_inc_not_zero_hint(&result->sk_refcnt, 2))) 1885 result = NULL; 1886 else if (unlikely(!__udp_is_mcast_sock(net, result, 1887 loc_port, loc_addr, 1888 rmt_port, rmt_addr, 1889 dif, hnum))) { 1890 sock_put(result); 1891 result = NULL; 1892 } 1893 } 1894 rcu_read_unlock(); 1895 return result; 1896 } 1897 1898 /* For unicast we should only early demux connected sockets or we can 1899 * break forwarding setups. The chains here can be long so only check 1900 * if the first socket is an exact match and if not move on. 1901 */ 1902 static struct sock *__udp4_lib_demux_lookup(struct net *net, 1903 __be16 loc_port, __be32 loc_addr, 1904 __be16 rmt_port, __be32 rmt_addr, 1905 int dif) 1906 { 1907 struct sock *sk, *result; 1908 struct hlist_nulls_node *node; 1909 unsigned short hnum = ntohs(loc_port); 1910 unsigned int hash2 = udp4_portaddr_hash(net, loc_addr, hnum); 1911 unsigned int slot2 = hash2 & udp_table.mask; 1912 struct udp_hslot *hslot2 = &udp_table.hash2[slot2]; 1913 INET_ADDR_COOKIE(acookie, rmt_addr, loc_addr); 1914 const __portpair ports = INET_COMBINED_PORTS(rmt_port, hnum); 1915 1916 rcu_read_lock(); 1917 result = NULL; 1918 udp_portaddr_for_each_entry_rcu(sk, node, &hslot2->head) { 1919 if (INET_MATCH(sk, net, acookie, 1920 rmt_addr, loc_addr, ports, dif)) 1921 result = sk; 1922 /* Only check first socket in chain */ 1923 break; 1924 } 1925 1926 if (result) { 1927 if (unlikely(!atomic_inc_not_zero_hint(&result->sk_refcnt, 2))) 1928 result = NULL; 1929 else if (unlikely(!INET_MATCH(sk, net, acookie, 1930 rmt_addr, loc_addr, 1931 ports, dif))) { 1932 sock_put(result); 1933 result = NULL; 1934 } 1935 } 1936 rcu_read_unlock(); 1937 return result; 1938 } 1939 1940 void udp_v4_early_demux(struct sk_buff *skb) 1941 { 1942 struct net *net = dev_net(skb->dev); 1943 const struct iphdr *iph; 1944 const struct udphdr *uh; 1945 struct sock *sk; 1946 struct dst_entry *dst; 1947 int dif = skb->dev->ifindex; 1948 1949 /* validate the packet */ 1950 if (!pskb_may_pull(skb, skb_transport_offset(skb) + sizeof(struct udphdr))) 1951 return; 1952 1953 iph = ip_hdr(skb); 1954 uh = udp_hdr(skb); 1955 1956 if (skb->pkt_type == PACKET_BROADCAST || 1957 skb->pkt_type == PACKET_MULTICAST) 1958 sk = __udp4_lib_mcast_demux_lookup(net, uh->dest, iph->daddr, 1959 uh->source, iph->saddr, dif); 1960 else if (skb->pkt_type == PACKET_HOST) 1961 sk = __udp4_lib_demux_lookup(net, uh->dest, iph->daddr, 1962 uh->source, iph->saddr, dif); 1963 else 1964 return; 1965 1966 if (!sk) 1967 return; 1968 1969 skb->sk = sk; 1970 skb->destructor = sock_edemux; 1971 dst = sk->sk_rx_dst; 1972 1973 if (dst) 1974 dst = dst_check(dst, 0); 1975 if (dst) 1976 skb_dst_set_noref(skb, dst); 1977 } 1978 1979 int udp_rcv(struct sk_buff *skb) 1980 { 1981 return __udp4_lib_rcv(skb, &udp_table, IPPROTO_UDP); 1982 } 1983 1984 void udp_destroy_sock(struct sock *sk) 1985 { 1986 struct udp_sock *up = udp_sk(sk); 1987 bool slow = lock_sock_fast(sk); 1988 udp_flush_pending_frames(sk); 1989 unlock_sock_fast(sk, slow); 1990 if (static_key_false(&udp_encap_needed) && up->encap_type) { 1991 void (*encap_destroy)(struct sock *sk); 1992 encap_destroy = ACCESS_ONCE(up->encap_destroy); 1993 if (encap_destroy) 1994 encap_destroy(sk); 1995 } 1996 } 1997 1998 /* 1999 * Socket option code for UDP 2000 */ 2001 int udp_lib_setsockopt(struct sock *sk, int level, int optname, 2002 char __user *optval, unsigned int optlen, 2003 int (*push_pending_frames)(struct sock *)) 2004 { 2005 struct udp_sock *up = udp_sk(sk); 2006 int val, valbool; 2007 int err = 0; 2008 int is_udplite = IS_UDPLITE(sk); 2009 2010 if (optlen < sizeof(int)) 2011 return -EINVAL; 2012 2013 if (get_user(val, (int __user *)optval)) 2014 return -EFAULT; 2015 2016 valbool = val ? 1 : 0; 2017 2018 switch (optname) { 2019 case UDP_CORK: 2020 if (val != 0) { 2021 up->corkflag = 1; 2022 } else { 2023 up->corkflag = 0; 2024 lock_sock(sk); 2025 (*push_pending_frames)(sk); 2026 release_sock(sk); 2027 } 2028 break; 2029 2030 case UDP_ENCAP: 2031 switch (val) { 2032 case 0: 2033 case UDP_ENCAP_ESPINUDP: 2034 case UDP_ENCAP_ESPINUDP_NON_IKE: 2035 up->encap_rcv = xfrm4_udp_encap_rcv; 2036 /* FALLTHROUGH */ 2037 case UDP_ENCAP_L2TPINUDP: 2038 up->encap_type = val; 2039 udp_encap_enable(); 2040 break; 2041 default: 2042 err = -ENOPROTOOPT; 2043 break; 2044 } 2045 break; 2046 2047 case UDP_NO_CHECK6_TX: 2048 up->no_check6_tx = valbool; 2049 break; 2050 2051 case UDP_NO_CHECK6_RX: 2052 up->no_check6_rx = valbool; 2053 break; 2054 2055 /* 2056 * UDP-Lite's partial checksum coverage (RFC 3828). 2057 */ 2058 /* The sender sets actual checksum coverage length via this option. 2059 * The case coverage > packet length is handled by send module. */ 2060 case UDPLITE_SEND_CSCOV: 2061 if (!is_udplite) /* Disable the option on UDP sockets */ 2062 return -ENOPROTOOPT; 2063 if (val != 0 && val < 8) /* Illegal coverage: use default (8) */ 2064 val = 8; 2065 else if (val > USHRT_MAX) 2066 val = USHRT_MAX; 2067 up->pcslen = val; 2068 up->pcflag |= UDPLITE_SEND_CC; 2069 break; 2070 2071 /* The receiver specifies a minimum checksum coverage value. To make 2072 * sense, this should be set to at least 8 (as done below). If zero is 2073 * used, this again means full checksum coverage. */ 2074 case UDPLITE_RECV_CSCOV: 2075 if (!is_udplite) /* Disable the option on UDP sockets */ 2076 return -ENOPROTOOPT; 2077 if (val != 0 && val < 8) /* Avoid silly minimal values. */ 2078 val = 8; 2079 else if (val > USHRT_MAX) 2080 val = USHRT_MAX; 2081 up->pcrlen = val; 2082 up->pcflag |= UDPLITE_RECV_CC; 2083 break; 2084 2085 default: 2086 err = -ENOPROTOOPT; 2087 break; 2088 } 2089 2090 return err; 2091 } 2092 EXPORT_SYMBOL(udp_lib_setsockopt); 2093 2094 int udp_setsockopt(struct sock *sk, int level, int optname, 2095 char __user *optval, unsigned int optlen) 2096 { 2097 if (level == SOL_UDP || level == SOL_UDPLITE) 2098 return udp_lib_setsockopt(sk, level, optname, optval, optlen, 2099 udp_push_pending_frames); 2100 return ip_setsockopt(sk, level, optname, optval, optlen); 2101 } 2102 2103 #ifdef CONFIG_COMPAT 2104 int compat_udp_setsockopt(struct sock *sk, int level, int optname, 2105 char __user *optval, unsigned int optlen) 2106 { 2107 if (level == SOL_UDP || level == SOL_UDPLITE) 2108 return udp_lib_setsockopt(sk, level, optname, optval, optlen, 2109 udp_push_pending_frames); 2110 return compat_ip_setsockopt(sk, level, optname, optval, optlen); 2111 } 2112 #endif 2113 2114 int udp_lib_getsockopt(struct sock *sk, int level, int optname, 2115 char __user *optval, int __user *optlen) 2116 { 2117 struct udp_sock *up = udp_sk(sk); 2118 int val, len; 2119 2120 if (get_user(len, optlen)) 2121 return -EFAULT; 2122 2123 len = min_t(unsigned int, len, sizeof(int)); 2124 2125 if (len < 0) 2126 return -EINVAL; 2127 2128 switch (optname) { 2129 case UDP_CORK: 2130 val = up->corkflag; 2131 break; 2132 2133 case UDP_ENCAP: 2134 val = up->encap_type; 2135 break; 2136 2137 case UDP_NO_CHECK6_TX: 2138 val = up->no_check6_tx; 2139 break; 2140 2141 case UDP_NO_CHECK6_RX: 2142 val = up->no_check6_rx; 2143 break; 2144 2145 /* The following two cannot be changed on UDP sockets, the return is 2146 * always 0 (which corresponds to the full checksum coverage of UDP). */ 2147 case UDPLITE_SEND_CSCOV: 2148 val = up->pcslen; 2149 break; 2150 2151 case UDPLITE_RECV_CSCOV: 2152 val = up->pcrlen; 2153 break; 2154 2155 default: 2156 return -ENOPROTOOPT; 2157 } 2158 2159 if (put_user(len, optlen)) 2160 return -EFAULT; 2161 if (copy_to_user(optval, &val, len)) 2162 return -EFAULT; 2163 return 0; 2164 } 2165 EXPORT_SYMBOL(udp_lib_getsockopt); 2166 2167 int udp_getsockopt(struct sock *sk, int level, int optname, 2168 char __user *optval, int __user *optlen) 2169 { 2170 if (level == SOL_UDP || level == SOL_UDPLITE) 2171 return udp_lib_getsockopt(sk, level, optname, optval, optlen); 2172 return ip_getsockopt(sk, level, optname, optval, optlen); 2173 } 2174 2175 #ifdef CONFIG_COMPAT 2176 int compat_udp_getsockopt(struct sock *sk, int level, int optname, 2177 char __user *optval, int __user *optlen) 2178 { 2179 if (level == SOL_UDP || level == SOL_UDPLITE) 2180 return udp_lib_getsockopt(sk, level, optname, optval, optlen); 2181 return compat_ip_getsockopt(sk, level, optname, optval, optlen); 2182 } 2183 #endif 2184 /** 2185 * udp_poll - wait for a UDP event. 2186 * @file - file struct 2187 * @sock - socket 2188 * @wait - poll table 2189 * 2190 * This is same as datagram poll, except for the special case of 2191 * blocking sockets. If application is using a blocking fd 2192 * and a packet with checksum error is in the queue; 2193 * then it could get return from select indicating data available 2194 * but then block when reading it. Add special case code 2195 * to work around these arguably broken applications. 2196 */ 2197 unsigned int udp_poll(struct file *file, struct socket *sock, poll_table *wait) 2198 { 2199 unsigned int mask = datagram_poll(file, sock, wait); 2200 struct sock *sk = sock->sk; 2201 2202 sock_rps_record_flow(sk); 2203 2204 /* Check for false positives due to checksum errors */ 2205 if ((mask & POLLRDNORM) && !(file->f_flags & O_NONBLOCK) && 2206 !(sk->sk_shutdown & RCV_SHUTDOWN) && !first_packet_length(sk)) 2207 mask &= ~(POLLIN | POLLRDNORM); 2208 2209 return mask; 2210 2211 } 2212 EXPORT_SYMBOL(udp_poll); 2213 2214 struct proto udp_prot = { 2215 .name = "UDP", 2216 .owner = THIS_MODULE, 2217 .close = udp_lib_close, 2218 .connect = ip4_datagram_connect, 2219 .disconnect = udp_disconnect, 2220 .ioctl = udp_ioctl, 2221 .destroy = udp_destroy_sock, 2222 .setsockopt = udp_setsockopt, 2223 .getsockopt = udp_getsockopt, 2224 .sendmsg = udp_sendmsg, 2225 .recvmsg = udp_recvmsg, 2226 .sendpage = udp_sendpage, 2227 .backlog_rcv = __udp_queue_rcv_skb, 2228 .release_cb = ip4_datagram_release_cb, 2229 .hash = udp_lib_hash, 2230 .unhash = udp_lib_unhash, 2231 .rehash = udp_v4_rehash, 2232 .get_port = udp_v4_get_port, 2233 .memory_allocated = &udp_memory_allocated, 2234 .sysctl_mem = sysctl_udp_mem, 2235 .sysctl_wmem = &sysctl_udp_wmem_min, 2236 .sysctl_rmem = &sysctl_udp_rmem_min, 2237 .obj_size = sizeof(struct udp_sock), 2238 .slab_flags = SLAB_DESTROY_BY_RCU, 2239 .h.udp_table = &udp_table, 2240 #ifdef CONFIG_COMPAT 2241 .compat_setsockopt = compat_udp_setsockopt, 2242 .compat_getsockopt = compat_udp_getsockopt, 2243 #endif 2244 .clear_sk = sk_prot_clear_portaddr_nulls, 2245 }; 2246 EXPORT_SYMBOL(udp_prot); 2247 2248 /* ------------------------------------------------------------------------ */ 2249 #ifdef CONFIG_PROC_FS 2250 2251 static struct sock *udp_get_first(struct seq_file *seq, int start) 2252 { 2253 struct sock *sk; 2254 struct udp_iter_state *state = seq->private; 2255 struct net *net = seq_file_net(seq); 2256 2257 for (state->bucket = start; state->bucket <= state->udp_table->mask; 2258 ++state->bucket) { 2259 struct hlist_nulls_node *node; 2260 struct udp_hslot *hslot = &state->udp_table->hash[state->bucket]; 2261 2262 if (hlist_nulls_empty(&hslot->head)) 2263 continue; 2264 2265 spin_lock_bh(&hslot->lock); 2266 sk_nulls_for_each(sk, node, &hslot->head) { 2267 if (!net_eq(sock_net(sk), net)) 2268 continue; 2269 if (sk->sk_family == state->family) 2270 goto found; 2271 } 2272 spin_unlock_bh(&hslot->lock); 2273 } 2274 sk = NULL; 2275 found: 2276 return sk; 2277 } 2278 2279 static struct sock *udp_get_next(struct seq_file *seq, struct sock *sk) 2280 { 2281 struct udp_iter_state *state = seq->private; 2282 struct net *net = seq_file_net(seq); 2283 2284 do { 2285 sk = sk_nulls_next(sk); 2286 } while (sk && (!net_eq(sock_net(sk), net) || sk->sk_family != state->family)); 2287 2288 if (!sk) { 2289 if (state->bucket <= state->udp_table->mask) 2290 spin_unlock_bh(&state->udp_table->hash[state->bucket].lock); 2291 return udp_get_first(seq, state->bucket + 1); 2292 } 2293 return sk; 2294 } 2295 2296 static struct sock *udp_get_idx(struct seq_file *seq, loff_t pos) 2297 { 2298 struct sock *sk = udp_get_first(seq, 0); 2299 2300 if (sk) 2301 while (pos && (sk = udp_get_next(seq, sk)) != NULL) 2302 --pos; 2303 return pos ? NULL : sk; 2304 } 2305 2306 static void *udp_seq_start(struct seq_file *seq, loff_t *pos) 2307 { 2308 struct udp_iter_state *state = seq->private; 2309 state->bucket = MAX_UDP_PORTS; 2310 2311 return *pos ? udp_get_idx(seq, *pos-1) : SEQ_START_TOKEN; 2312 } 2313 2314 static void *udp_seq_next(struct seq_file *seq, void *v, loff_t *pos) 2315 { 2316 struct sock *sk; 2317 2318 if (v == SEQ_START_TOKEN) 2319 sk = udp_get_idx(seq, 0); 2320 else 2321 sk = udp_get_next(seq, v); 2322 2323 ++*pos; 2324 return sk; 2325 } 2326 2327 static void udp_seq_stop(struct seq_file *seq, void *v) 2328 { 2329 struct udp_iter_state *state = seq->private; 2330 2331 if (state->bucket <= state->udp_table->mask) 2332 spin_unlock_bh(&state->udp_table->hash[state->bucket].lock); 2333 } 2334 2335 int udp_seq_open(struct inode *inode, struct file *file) 2336 { 2337 struct udp_seq_afinfo *afinfo = PDE_DATA(inode); 2338 struct udp_iter_state *s; 2339 int err; 2340 2341 err = seq_open_net(inode, file, &afinfo->seq_ops, 2342 sizeof(struct udp_iter_state)); 2343 if (err < 0) 2344 return err; 2345 2346 s = ((struct seq_file *)file->private_data)->private; 2347 s->family = afinfo->family; 2348 s->udp_table = afinfo->udp_table; 2349 return err; 2350 } 2351 EXPORT_SYMBOL(udp_seq_open); 2352 2353 /* ------------------------------------------------------------------------ */ 2354 int udp_proc_register(struct net *net, struct udp_seq_afinfo *afinfo) 2355 { 2356 struct proc_dir_entry *p; 2357 int rc = 0; 2358 2359 afinfo->seq_ops.start = udp_seq_start; 2360 afinfo->seq_ops.next = udp_seq_next; 2361 afinfo->seq_ops.stop = udp_seq_stop; 2362 2363 p = proc_create_data(afinfo->name, S_IRUGO, net->proc_net, 2364 afinfo->seq_fops, afinfo); 2365 if (!p) 2366 rc = -ENOMEM; 2367 return rc; 2368 } 2369 EXPORT_SYMBOL(udp_proc_register); 2370 2371 void udp_proc_unregister(struct net *net, struct udp_seq_afinfo *afinfo) 2372 { 2373 remove_proc_entry(afinfo->name, net->proc_net); 2374 } 2375 EXPORT_SYMBOL(udp_proc_unregister); 2376 2377 /* ------------------------------------------------------------------------ */ 2378 static void udp4_format_sock(struct sock *sp, struct seq_file *f, 2379 int bucket) 2380 { 2381 struct inet_sock *inet = inet_sk(sp); 2382 __be32 dest = inet->inet_daddr; 2383 __be32 src = inet->inet_rcv_saddr; 2384 __u16 destp = ntohs(inet->inet_dport); 2385 __u16 srcp = ntohs(inet->inet_sport); 2386 2387 seq_printf(f, "%5d: %08X:%04X %08X:%04X" 2388 " %02X %08X:%08X %02X:%08lX %08X %5u %8d %lu %d %pK %d", 2389 bucket, src, srcp, dest, destp, sp->sk_state, 2390 sk_wmem_alloc_get(sp), 2391 sk_rmem_alloc_get(sp), 2392 0, 0L, 0, 2393 from_kuid_munged(seq_user_ns(f), sock_i_uid(sp)), 2394 0, sock_i_ino(sp), 2395 atomic_read(&sp->sk_refcnt), sp, 2396 atomic_read(&sp->sk_drops)); 2397 } 2398 2399 int udp4_seq_show(struct seq_file *seq, void *v) 2400 { 2401 seq_setwidth(seq, 127); 2402 if (v == SEQ_START_TOKEN) 2403 seq_puts(seq, " sl local_address rem_address st tx_queue " 2404 "rx_queue tr tm->when retrnsmt uid timeout " 2405 "inode ref pointer drops"); 2406 else { 2407 struct udp_iter_state *state = seq->private; 2408 2409 udp4_format_sock(v, seq, state->bucket); 2410 } 2411 seq_pad(seq, '\n'); 2412 return 0; 2413 } 2414 2415 static const struct file_operations udp_afinfo_seq_fops = { 2416 .owner = THIS_MODULE, 2417 .open = udp_seq_open, 2418 .read = seq_read, 2419 .llseek = seq_lseek, 2420 .release = seq_release_net 2421 }; 2422 2423 /* ------------------------------------------------------------------------ */ 2424 static struct udp_seq_afinfo udp4_seq_afinfo = { 2425 .name = "udp", 2426 .family = AF_INET, 2427 .udp_table = &udp_table, 2428 .seq_fops = &udp_afinfo_seq_fops, 2429 .seq_ops = { 2430 .show = udp4_seq_show, 2431 }, 2432 }; 2433 2434 static int __net_init udp4_proc_init_net(struct net *net) 2435 { 2436 return udp_proc_register(net, &udp4_seq_afinfo); 2437 } 2438 2439 static void __net_exit udp4_proc_exit_net(struct net *net) 2440 { 2441 udp_proc_unregister(net, &udp4_seq_afinfo); 2442 } 2443 2444 static struct pernet_operations udp4_net_ops = { 2445 .init = udp4_proc_init_net, 2446 .exit = udp4_proc_exit_net, 2447 }; 2448 2449 int __init udp4_proc_init(void) 2450 { 2451 return register_pernet_subsys(&udp4_net_ops); 2452 } 2453 2454 void udp4_proc_exit(void) 2455 { 2456 unregister_pernet_subsys(&udp4_net_ops); 2457 } 2458 #endif /* CONFIG_PROC_FS */ 2459 2460 static __initdata unsigned long uhash_entries; 2461 static int __init set_uhash_entries(char *str) 2462 { 2463 ssize_t ret; 2464 2465 if (!str) 2466 return 0; 2467 2468 ret = kstrtoul(str, 0, &uhash_entries); 2469 if (ret) 2470 return 0; 2471 2472 if (uhash_entries && uhash_entries < UDP_HTABLE_SIZE_MIN) 2473 uhash_entries = UDP_HTABLE_SIZE_MIN; 2474 return 1; 2475 } 2476 __setup("uhash_entries=", set_uhash_entries); 2477 2478 void __init udp_table_init(struct udp_table *table, const char *name) 2479 { 2480 unsigned int i; 2481 2482 table->hash = alloc_large_system_hash(name, 2483 2 * sizeof(struct udp_hslot), 2484 uhash_entries, 2485 21, /* one slot per 2 MB */ 2486 0, 2487 &table->log, 2488 &table->mask, 2489 UDP_HTABLE_SIZE_MIN, 2490 64 * 1024); 2491 2492 table->hash2 = table->hash + (table->mask + 1); 2493 for (i = 0; i <= table->mask; i++) { 2494 INIT_HLIST_NULLS_HEAD(&table->hash[i].head, i); 2495 table->hash[i].count = 0; 2496 spin_lock_init(&table->hash[i].lock); 2497 } 2498 for (i = 0; i <= table->mask; i++) { 2499 INIT_HLIST_NULLS_HEAD(&table->hash2[i].head, i); 2500 table->hash2[i].count = 0; 2501 spin_lock_init(&table->hash2[i].lock); 2502 } 2503 } 2504 2505 void __init udp_init(void) 2506 { 2507 unsigned long limit; 2508 2509 udp_table_init(&udp_table, "UDP"); 2510 limit = nr_free_buffer_pages() / 8; 2511 limit = max(limit, 128UL); 2512 sysctl_udp_mem[0] = limit / 4 * 3; 2513 sysctl_udp_mem[1] = limit; 2514 sysctl_udp_mem[2] = sysctl_udp_mem[0] * 2; 2515 2516 sysctl_udp_rmem_min = SK_MEM_QUANTUM; 2517 sysctl_udp_wmem_min = SK_MEM_QUANTUM; 2518 } 2519