1 /* 2 * UDP over IPv6 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * 8 * Based on linux/ipv4/udp.c 9 * 10 * Fixes: 11 * Hideaki YOSHIFUJI : sin6_scope_id support 12 * YOSHIFUJI Hideaki @USAGI and: Support IPV6_V6ONLY socket option, which 13 * Alexey Kuznetsov allow both IPv4 and IPv6 sockets to bind 14 * a single port at the same time. 15 * Kazunori MIYAZAWA @USAGI: change process style to use ip6_append_data 16 * YOSHIFUJI Hideaki @USAGI: convert /proc/net/udp6 to seq_file. 17 * 18 * This program is free software; you can redistribute it and/or 19 * modify it under the terms of the GNU General Public License 20 * as published by the Free Software Foundation; either version 21 * 2 of the License, or (at your option) any later version. 22 */ 23 24 #include <linux/errno.h> 25 #include <linux/types.h> 26 #include <linux/socket.h> 27 #include <linux/sockios.h> 28 #include <linux/net.h> 29 #include <linux/in6.h> 30 #include <linux/netdevice.h> 31 #include <linux/if_arp.h> 32 #include <linux/ipv6.h> 33 #include <linux/icmpv6.h> 34 #include <linux/init.h> 35 #include <linux/module.h> 36 #include <linux/skbuff.h> 37 #include <linux/slab.h> 38 #include <asm/uaccess.h> 39 40 #include <net/ndisc.h> 41 #include <net/protocol.h> 42 #include <net/transp_v6.h> 43 #include <net/ip6_route.h> 44 #include <net/raw.h> 45 #include <net/tcp_states.h> 46 #include <net/ip6_checksum.h> 47 #include <net/xfrm.h> 48 49 #include <linux/proc_fs.h> 50 #include <linux/seq_file.h> 51 #include "udp_impl.h" 52 53 int ipv6_rcv_saddr_equal(const struct sock *sk, const struct sock *sk2) 54 { 55 const struct in6_addr *sk_rcv_saddr6 = &inet6_sk(sk)->rcv_saddr; 56 const struct in6_addr *sk2_rcv_saddr6 = inet6_rcv_saddr(sk2); 57 __be32 sk1_rcv_saddr = sk_rcv_saddr(sk); 58 __be32 sk2_rcv_saddr = sk_rcv_saddr(sk2); 59 int sk_ipv6only = ipv6_only_sock(sk); 60 int sk2_ipv6only = inet_v6_ipv6only(sk2); 61 int addr_type = ipv6_addr_type(sk_rcv_saddr6); 62 int addr_type2 = sk2_rcv_saddr6 ? ipv6_addr_type(sk2_rcv_saddr6) : IPV6_ADDR_MAPPED; 63 64 /* if both are mapped, treat as IPv4 */ 65 if (addr_type == IPV6_ADDR_MAPPED && addr_type2 == IPV6_ADDR_MAPPED) 66 return (!sk2_ipv6only && 67 (!sk1_rcv_saddr || !sk2_rcv_saddr || 68 sk1_rcv_saddr == sk2_rcv_saddr)); 69 70 if (addr_type2 == IPV6_ADDR_ANY && 71 !(sk2_ipv6only && addr_type == IPV6_ADDR_MAPPED)) 72 return 1; 73 74 if (addr_type == IPV6_ADDR_ANY && 75 !(sk_ipv6only && addr_type2 == IPV6_ADDR_MAPPED)) 76 return 1; 77 78 if (sk2_rcv_saddr6 && 79 ipv6_addr_equal(sk_rcv_saddr6, sk2_rcv_saddr6)) 80 return 1; 81 82 return 0; 83 } 84 85 static unsigned int udp6_portaddr_hash(struct net *net, 86 const struct in6_addr *addr6, 87 unsigned int port) 88 { 89 unsigned int hash, mix = net_hash_mix(net); 90 91 if (ipv6_addr_any(addr6)) 92 hash = jhash_1word(0, mix); 93 else if (ipv6_addr_v4mapped(addr6)) 94 hash = jhash_1word((__force u32)addr6->s6_addr32[3], mix); 95 else 96 hash = jhash2((__force u32 *)addr6->s6_addr32, 4, mix); 97 98 return hash ^ port; 99 } 100 101 102 int udp_v6_get_port(struct sock *sk, unsigned short snum) 103 { 104 unsigned int hash2_nulladdr = 105 udp6_portaddr_hash(sock_net(sk), &in6addr_any, snum); 106 unsigned int hash2_partial = 107 udp6_portaddr_hash(sock_net(sk), &inet6_sk(sk)->rcv_saddr, 0); 108 109 /* precompute partial secondary hash */ 110 udp_sk(sk)->udp_portaddr_hash = hash2_partial; 111 return udp_lib_get_port(sk, snum, ipv6_rcv_saddr_equal, hash2_nulladdr); 112 } 113 114 static void udp_v6_rehash(struct sock *sk) 115 { 116 u16 new_hash = udp6_portaddr_hash(sock_net(sk), 117 &inet6_sk(sk)->rcv_saddr, 118 inet_sk(sk)->inet_num); 119 120 udp_lib_rehash(sk, new_hash); 121 } 122 123 static inline int compute_score(struct sock *sk, struct net *net, 124 unsigned short hnum, 125 const struct in6_addr *saddr, __be16 sport, 126 const struct in6_addr *daddr, __be16 dport, 127 int dif) 128 { 129 int score = -1; 130 131 if (net_eq(sock_net(sk), net) && udp_sk(sk)->udp_port_hash == hnum && 132 sk->sk_family == PF_INET6) { 133 struct ipv6_pinfo *np = inet6_sk(sk); 134 struct inet_sock *inet = inet_sk(sk); 135 136 score = 0; 137 if (inet->inet_dport) { 138 if (inet->inet_dport != sport) 139 return -1; 140 score++; 141 } 142 if (!ipv6_addr_any(&np->rcv_saddr)) { 143 if (!ipv6_addr_equal(&np->rcv_saddr, daddr)) 144 return -1; 145 score++; 146 } 147 if (!ipv6_addr_any(&np->daddr)) { 148 if (!ipv6_addr_equal(&np->daddr, saddr)) 149 return -1; 150 score++; 151 } 152 if (sk->sk_bound_dev_if) { 153 if (sk->sk_bound_dev_if != dif) 154 return -1; 155 score++; 156 } 157 } 158 return score; 159 } 160 161 #define SCORE2_MAX (1 + 1 + 1) 162 static inline int compute_score2(struct sock *sk, struct net *net, 163 const struct in6_addr *saddr, __be16 sport, 164 const struct in6_addr *daddr, unsigned short hnum, 165 int dif) 166 { 167 int score = -1; 168 169 if (net_eq(sock_net(sk), net) && udp_sk(sk)->udp_port_hash == hnum && 170 sk->sk_family == PF_INET6) { 171 struct ipv6_pinfo *np = inet6_sk(sk); 172 struct inet_sock *inet = inet_sk(sk); 173 174 if (!ipv6_addr_equal(&np->rcv_saddr, daddr)) 175 return -1; 176 score = 0; 177 if (inet->inet_dport) { 178 if (inet->inet_dport != sport) 179 return -1; 180 score++; 181 } 182 if (!ipv6_addr_any(&np->daddr)) { 183 if (!ipv6_addr_equal(&np->daddr, saddr)) 184 return -1; 185 score++; 186 } 187 if (sk->sk_bound_dev_if) { 188 if (sk->sk_bound_dev_if != dif) 189 return -1; 190 score++; 191 } 192 } 193 return score; 194 } 195 196 197 /* called with read_rcu_lock() */ 198 static struct sock *udp6_lib_lookup2(struct net *net, 199 const struct in6_addr *saddr, __be16 sport, 200 const struct in6_addr *daddr, unsigned int hnum, int dif, 201 struct udp_hslot *hslot2, unsigned int slot2) 202 { 203 struct sock *sk, *result; 204 struct hlist_nulls_node *node; 205 int score, badness; 206 207 begin: 208 result = NULL; 209 badness = -1; 210 udp_portaddr_for_each_entry_rcu(sk, node, &hslot2->head) { 211 score = compute_score2(sk, net, saddr, sport, 212 daddr, hnum, dif); 213 if (score > badness) { 214 result = sk; 215 badness = score; 216 if (score == SCORE2_MAX) 217 goto exact_match; 218 } 219 } 220 /* 221 * if the nulls value we got at the end of this lookup is 222 * not the expected one, we must restart lookup. 223 * We probably met an item that was moved to another chain. 224 */ 225 if (get_nulls_value(node) != slot2) 226 goto begin; 227 228 if (result) { 229 exact_match: 230 if (unlikely(!atomic_inc_not_zero_hint(&result->sk_refcnt, 2))) 231 result = NULL; 232 else if (unlikely(compute_score2(result, net, saddr, sport, 233 daddr, hnum, dif) < badness)) { 234 sock_put(result); 235 goto begin; 236 } 237 } 238 return result; 239 } 240 241 struct sock *__udp6_lib_lookup(struct net *net, 242 const struct in6_addr *saddr, __be16 sport, 243 const struct in6_addr *daddr, __be16 dport, 244 int dif, struct udp_table *udptable) 245 { 246 struct sock *sk, *result; 247 struct hlist_nulls_node *node; 248 unsigned short hnum = ntohs(dport); 249 unsigned int hash2, slot2, slot = udp_hashfn(net, hnum, udptable->mask); 250 struct udp_hslot *hslot2, *hslot = &udptable->hash[slot]; 251 int score, badness; 252 253 rcu_read_lock(); 254 if (hslot->count > 10) { 255 hash2 = udp6_portaddr_hash(net, daddr, hnum); 256 slot2 = hash2 & udptable->mask; 257 hslot2 = &udptable->hash2[slot2]; 258 if (hslot->count < hslot2->count) 259 goto begin; 260 261 result = udp6_lib_lookup2(net, saddr, sport, 262 daddr, hnum, dif, 263 hslot2, slot2); 264 if (!result) { 265 hash2 = udp6_portaddr_hash(net, &in6addr_any, hnum); 266 slot2 = hash2 & udptable->mask; 267 hslot2 = &udptable->hash2[slot2]; 268 if (hslot->count < hslot2->count) 269 goto begin; 270 271 result = udp6_lib_lookup2(net, saddr, sport, 272 &in6addr_any, hnum, dif, 273 hslot2, slot2); 274 } 275 rcu_read_unlock(); 276 return result; 277 } 278 begin: 279 result = NULL; 280 badness = -1; 281 sk_nulls_for_each_rcu(sk, node, &hslot->head) { 282 score = compute_score(sk, net, hnum, saddr, sport, daddr, dport, dif); 283 if (score > badness) { 284 result = sk; 285 badness = score; 286 } 287 } 288 /* 289 * if the nulls value we got at the end of this lookup is 290 * not the expected one, we must restart lookup. 291 * We probably met an item that was moved to another chain. 292 */ 293 if (get_nulls_value(node) != slot) 294 goto begin; 295 296 if (result) { 297 if (unlikely(!atomic_inc_not_zero_hint(&result->sk_refcnt, 2))) 298 result = NULL; 299 else if (unlikely(compute_score(result, net, hnum, saddr, sport, 300 daddr, dport, dif) < badness)) { 301 sock_put(result); 302 goto begin; 303 } 304 } 305 rcu_read_unlock(); 306 return result; 307 } 308 EXPORT_SYMBOL_GPL(__udp6_lib_lookup); 309 310 static struct sock *__udp6_lib_lookup_skb(struct sk_buff *skb, 311 __be16 sport, __be16 dport, 312 struct udp_table *udptable) 313 { 314 struct sock *sk; 315 const struct ipv6hdr *iph = ipv6_hdr(skb); 316 317 if (unlikely(sk = skb_steal_sock(skb))) 318 return sk; 319 return __udp6_lib_lookup(dev_net(skb_dst(skb)->dev), &iph->saddr, sport, 320 &iph->daddr, dport, inet6_iif(skb), 321 udptable); 322 } 323 324 struct sock *udp6_lib_lookup(struct net *net, const struct in6_addr *saddr, __be16 sport, 325 const struct in6_addr *daddr, __be16 dport, int dif) 326 { 327 return __udp6_lib_lookup(net, saddr, sport, daddr, dport, dif, &udp_table); 328 } 329 EXPORT_SYMBOL_GPL(udp6_lib_lookup); 330 331 332 /* 333 * This should be easy, if there is something there we 334 * return it, otherwise we block. 335 */ 336 337 int udpv6_recvmsg(struct kiocb *iocb, struct sock *sk, 338 struct msghdr *msg, size_t len, 339 int noblock, int flags, int *addr_len) 340 { 341 struct ipv6_pinfo *np = inet6_sk(sk); 342 struct inet_sock *inet = inet_sk(sk); 343 struct sk_buff *skb; 344 unsigned int ulen, copied; 345 int peeked, off = 0; 346 int err; 347 int is_udplite = IS_UDPLITE(sk); 348 int is_udp4; 349 bool slow; 350 351 if (addr_len) 352 *addr_len = sizeof(struct sockaddr_in6); 353 354 if (flags & MSG_ERRQUEUE) 355 return ipv6_recv_error(sk, msg, len); 356 357 if (np->rxpmtu && np->rxopt.bits.rxpmtu) 358 return ipv6_recv_rxpmtu(sk, msg, len); 359 360 try_again: 361 skb = __skb_recv_datagram(sk, flags | (noblock ? MSG_DONTWAIT : 0), 362 &peeked, &off, &err); 363 if (!skb) 364 goto out; 365 366 ulen = skb->len - sizeof(struct udphdr); 367 copied = len; 368 if (copied > ulen) 369 copied = ulen; 370 else if (copied < ulen) 371 msg->msg_flags |= MSG_TRUNC; 372 373 is_udp4 = (skb->protocol == htons(ETH_P_IP)); 374 375 /* 376 * If checksum is needed at all, try to do it while copying the 377 * data. If the data is truncated, or if we only want a partial 378 * coverage checksum (UDP-Lite), do it before the copy. 379 */ 380 381 if (copied < ulen || UDP_SKB_CB(skb)->partial_cov) { 382 if (udp_lib_checksum_complete(skb)) 383 goto csum_copy_err; 384 } 385 386 if (skb_csum_unnecessary(skb)) 387 err = skb_copy_datagram_iovec(skb, sizeof(struct udphdr), 388 msg->msg_iov, copied ); 389 else { 390 err = skb_copy_and_csum_datagram_iovec(skb, sizeof(struct udphdr), msg->msg_iov); 391 if (err == -EINVAL) 392 goto csum_copy_err; 393 } 394 if (err) 395 goto out_free; 396 397 if (!peeked) { 398 if (is_udp4) 399 UDP_INC_STATS_USER(sock_net(sk), 400 UDP_MIB_INDATAGRAMS, is_udplite); 401 else 402 UDP6_INC_STATS_USER(sock_net(sk), 403 UDP_MIB_INDATAGRAMS, is_udplite); 404 } 405 406 sock_recv_ts_and_drops(msg, sk, skb); 407 408 /* Copy the address. */ 409 if (msg->msg_name) { 410 struct sockaddr_in6 *sin6; 411 412 sin6 = (struct sockaddr_in6 *) msg->msg_name; 413 sin6->sin6_family = AF_INET6; 414 sin6->sin6_port = udp_hdr(skb)->source; 415 sin6->sin6_flowinfo = 0; 416 sin6->sin6_scope_id = 0; 417 418 if (is_udp4) 419 ipv6_addr_set_v4mapped(ip_hdr(skb)->saddr, 420 &sin6->sin6_addr); 421 else { 422 sin6->sin6_addr = ipv6_hdr(skb)->saddr; 423 if (ipv6_addr_type(&sin6->sin6_addr) & IPV6_ADDR_LINKLOCAL) 424 sin6->sin6_scope_id = IP6CB(skb)->iif; 425 } 426 427 } 428 if (is_udp4) { 429 if (inet->cmsg_flags) 430 ip_cmsg_recv(msg, skb); 431 } else { 432 if (np->rxopt.all) 433 datagram_recv_ctl(sk, msg, skb); 434 } 435 436 err = copied; 437 if (flags & MSG_TRUNC) 438 err = ulen; 439 440 out_free: 441 skb_free_datagram_locked(sk, skb); 442 out: 443 return err; 444 445 csum_copy_err: 446 slow = lock_sock_fast(sk); 447 if (!skb_kill_datagram(sk, skb, flags)) { 448 if (is_udp4) 449 UDP_INC_STATS_USER(sock_net(sk), 450 UDP_MIB_INERRORS, is_udplite); 451 else 452 UDP6_INC_STATS_USER(sock_net(sk), 453 UDP_MIB_INERRORS, is_udplite); 454 } 455 unlock_sock_fast(sk, slow); 456 457 if (noblock) 458 return -EAGAIN; 459 460 /* starting over for a new packet */ 461 msg->msg_flags &= ~MSG_TRUNC; 462 goto try_again; 463 } 464 465 void __udp6_lib_err(struct sk_buff *skb, struct inet6_skb_parm *opt, 466 u8 type, u8 code, int offset, __be32 info, 467 struct udp_table *udptable) 468 { 469 struct ipv6_pinfo *np; 470 const struct ipv6hdr *hdr = (const struct ipv6hdr *)skb->data; 471 const struct in6_addr *saddr = &hdr->saddr; 472 const struct in6_addr *daddr = &hdr->daddr; 473 struct udphdr *uh = (struct udphdr*)(skb->data+offset); 474 struct sock *sk; 475 int err; 476 477 sk = __udp6_lib_lookup(dev_net(skb->dev), daddr, uh->dest, 478 saddr, uh->source, inet6_iif(skb), udptable); 479 if (sk == NULL) 480 return; 481 482 np = inet6_sk(sk); 483 484 if (!icmpv6_err_convert(type, code, &err) && !np->recverr) 485 goto out; 486 487 if (sk->sk_state != TCP_ESTABLISHED && !np->recverr) 488 goto out; 489 490 if (np->recverr) 491 ipv6_icmp_error(sk, skb, err, uh->dest, ntohl(info), (u8 *)(uh+1)); 492 493 sk->sk_err = err; 494 sk->sk_error_report(sk); 495 out: 496 sock_put(sk); 497 } 498 499 static int __udpv6_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) 500 { 501 int rc; 502 503 if (!ipv6_addr_any(&inet6_sk(sk)->daddr)) 504 sock_rps_save_rxhash(sk, skb); 505 506 rc = sock_queue_rcv_skb(sk, skb); 507 if (rc < 0) { 508 int is_udplite = IS_UDPLITE(sk); 509 510 /* Note that an ENOMEM error is charged twice */ 511 if (rc == -ENOMEM) 512 UDP6_INC_STATS_BH(sock_net(sk), 513 UDP_MIB_RCVBUFERRORS, is_udplite); 514 UDP6_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS, is_udplite); 515 kfree_skb(skb); 516 return -1; 517 } 518 return 0; 519 } 520 521 static __inline__ void udpv6_err(struct sk_buff *skb, 522 struct inet6_skb_parm *opt, u8 type, 523 u8 code, int offset, __be32 info ) 524 { 525 __udp6_lib_err(skb, opt, type, code, offset, info, &udp_table); 526 } 527 528 static struct static_key udpv6_encap_needed __read_mostly; 529 void udpv6_encap_enable(void) 530 { 531 if (!static_key_enabled(&udpv6_encap_needed)) 532 static_key_slow_inc(&udpv6_encap_needed); 533 } 534 EXPORT_SYMBOL(udpv6_encap_enable); 535 536 int udpv6_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) 537 { 538 struct udp_sock *up = udp_sk(sk); 539 int rc; 540 int is_udplite = IS_UDPLITE(sk); 541 542 if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb)) 543 goto drop; 544 545 if (static_key_false(&udpv6_encap_needed) && up->encap_type) { 546 int (*encap_rcv)(struct sock *sk, struct sk_buff *skb); 547 548 /* 549 * This is an encapsulation socket so pass the skb to 550 * the socket's udp_encap_rcv() hook. Otherwise, just 551 * fall through and pass this up the UDP socket. 552 * up->encap_rcv() returns the following value: 553 * =0 if skb was successfully passed to the encap 554 * handler or was discarded by it. 555 * >0 if skb should be passed on to UDP. 556 * <0 if skb should be resubmitted as proto -N 557 */ 558 559 /* if we're overly short, let UDP handle it */ 560 encap_rcv = ACCESS_ONCE(up->encap_rcv); 561 if (skb->len > sizeof(struct udphdr) && encap_rcv != NULL) { 562 int ret; 563 564 ret = encap_rcv(sk, skb); 565 if (ret <= 0) { 566 UDP_INC_STATS_BH(sock_net(sk), 567 UDP_MIB_INDATAGRAMS, 568 is_udplite); 569 return -ret; 570 } 571 } 572 573 /* FALLTHROUGH -- it's a UDP Packet */ 574 } 575 576 /* 577 * UDP-Lite specific tests, ignored on UDP sockets (see net/ipv4/udp.c). 578 */ 579 if ((is_udplite & UDPLITE_RECV_CC) && UDP_SKB_CB(skb)->partial_cov) { 580 581 if (up->pcrlen == 0) { /* full coverage was set */ 582 LIMIT_NETDEBUG(KERN_WARNING "UDPLITE6: partial coverage" 583 " %d while full coverage %d requested\n", 584 UDP_SKB_CB(skb)->cscov, skb->len); 585 goto drop; 586 } 587 if (UDP_SKB_CB(skb)->cscov < up->pcrlen) { 588 LIMIT_NETDEBUG(KERN_WARNING "UDPLITE6: coverage %d " 589 "too small, need min %d\n", 590 UDP_SKB_CB(skb)->cscov, up->pcrlen); 591 goto drop; 592 } 593 } 594 595 if (rcu_access_pointer(sk->sk_filter)) { 596 if (udp_lib_checksum_complete(skb)) 597 goto drop; 598 } 599 600 if (sk_rcvqueues_full(sk, skb, sk->sk_rcvbuf)) 601 goto drop; 602 603 skb_dst_drop(skb); 604 605 bh_lock_sock(sk); 606 rc = 0; 607 if (!sock_owned_by_user(sk)) 608 rc = __udpv6_queue_rcv_skb(sk, skb); 609 else if (sk_add_backlog(sk, skb, sk->sk_rcvbuf)) { 610 bh_unlock_sock(sk); 611 goto drop; 612 } 613 bh_unlock_sock(sk); 614 615 return rc; 616 drop: 617 UDP6_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS, is_udplite); 618 atomic_inc(&sk->sk_drops); 619 kfree_skb(skb); 620 return -1; 621 } 622 623 static struct sock *udp_v6_mcast_next(struct net *net, struct sock *sk, 624 __be16 loc_port, const struct in6_addr *loc_addr, 625 __be16 rmt_port, const struct in6_addr *rmt_addr, 626 int dif) 627 { 628 struct hlist_nulls_node *node; 629 struct sock *s = sk; 630 unsigned short num = ntohs(loc_port); 631 632 sk_nulls_for_each_from(s, node) { 633 struct inet_sock *inet = inet_sk(s); 634 635 if (!net_eq(sock_net(s), net)) 636 continue; 637 638 if (udp_sk(s)->udp_port_hash == num && 639 s->sk_family == PF_INET6) { 640 struct ipv6_pinfo *np = inet6_sk(s); 641 if (inet->inet_dport) { 642 if (inet->inet_dport != rmt_port) 643 continue; 644 } 645 if (!ipv6_addr_any(&np->daddr) && 646 !ipv6_addr_equal(&np->daddr, rmt_addr)) 647 continue; 648 649 if (s->sk_bound_dev_if && s->sk_bound_dev_if != dif) 650 continue; 651 652 if (!ipv6_addr_any(&np->rcv_saddr)) { 653 if (!ipv6_addr_equal(&np->rcv_saddr, loc_addr)) 654 continue; 655 } 656 if (!inet6_mc_check(s, loc_addr, rmt_addr)) 657 continue; 658 return s; 659 } 660 } 661 return NULL; 662 } 663 664 static void flush_stack(struct sock **stack, unsigned int count, 665 struct sk_buff *skb, unsigned int final) 666 { 667 struct sk_buff *skb1 = NULL; 668 struct sock *sk; 669 unsigned int i; 670 671 for (i = 0; i < count; i++) { 672 sk = stack[i]; 673 if (likely(skb1 == NULL)) 674 skb1 = (i == final) ? skb : skb_clone(skb, GFP_ATOMIC); 675 if (!skb1) { 676 atomic_inc(&sk->sk_drops); 677 UDP6_INC_STATS_BH(sock_net(sk), UDP_MIB_RCVBUFERRORS, 678 IS_UDPLITE(sk)); 679 UDP6_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS, 680 IS_UDPLITE(sk)); 681 } 682 683 if (skb1 && udpv6_queue_rcv_skb(sk, skb1) <= 0) 684 skb1 = NULL; 685 } 686 if (unlikely(skb1)) 687 kfree_skb(skb1); 688 } 689 /* 690 * Note: called only from the BH handler context, 691 * so we don't need to lock the hashes. 692 */ 693 static int __udp6_lib_mcast_deliver(struct net *net, struct sk_buff *skb, 694 const struct in6_addr *saddr, const struct in6_addr *daddr, 695 struct udp_table *udptable) 696 { 697 struct sock *sk, *stack[256 / sizeof(struct sock *)]; 698 const struct udphdr *uh = udp_hdr(skb); 699 struct udp_hslot *hslot = udp_hashslot(udptable, net, ntohs(uh->dest)); 700 int dif; 701 unsigned int i, count = 0; 702 703 spin_lock(&hslot->lock); 704 sk = sk_nulls_head(&hslot->head); 705 dif = inet6_iif(skb); 706 sk = udp_v6_mcast_next(net, sk, uh->dest, daddr, uh->source, saddr, dif); 707 while (sk) { 708 stack[count++] = sk; 709 sk = udp_v6_mcast_next(net, sk_nulls_next(sk), uh->dest, daddr, 710 uh->source, saddr, dif); 711 if (unlikely(count == ARRAY_SIZE(stack))) { 712 if (!sk) 713 break; 714 flush_stack(stack, count, skb, ~0); 715 count = 0; 716 } 717 } 718 /* 719 * before releasing the lock, we must take reference on sockets 720 */ 721 for (i = 0; i < count; i++) 722 sock_hold(stack[i]); 723 724 spin_unlock(&hslot->lock); 725 726 if (count) { 727 flush_stack(stack, count, skb, count - 1); 728 729 for (i = 0; i < count; i++) 730 sock_put(stack[i]); 731 } else { 732 kfree_skb(skb); 733 } 734 return 0; 735 } 736 737 static inline int udp6_csum_init(struct sk_buff *skb, struct udphdr *uh, 738 int proto) 739 { 740 int err; 741 742 UDP_SKB_CB(skb)->partial_cov = 0; 743 UDP_SKB_CB(skb)->cscov = skb->len; 744 745 if (proto == IPPROTO_UDPLITE) { 746 err = udplite_checksum_init(skb, uh); 747 if (err) 748 return err; 749 } 750 751 if (uh->check == 0) { 752 /* RFC 2460 section 8.1 says that we SHOULD log 753 this error. Well, it is reasonable. 754 */ 755 LIMIT_NETDEBUG(KERN_INFO "IPv6: udp checksum is 0\n"); 756 return 1; 757 } 758 if (skb->ip_summed == CHECKSUM_COMPLETE && 759 !csum_ipv6_magic(&ipv6_hdr(skb)->saddr, &ipv6_hdr(skb)->daddr, 760 skb->len, proto, skb->csum)) 761 skb->ip_summed = CHECKSUM_UNNECESSARY; 762 763 if (!skb_csum_unnecessary(skb)) 764 skb->csum = ~csum_unfold(csum_ipv6_magic(&ipv6_hdr(skb)->saddr, 765 &ipv6_hdr(skb)->daddr, 766 skb->len, proto, 0)); 767 768 return 0; 769 } 770 771 int __udp6_lib_rcv(struct sk_buff *skb, struct udp_table *udptable, 772 int proto) 773 { 774 struct net *net = dev_net(skb->dev); 775 struct sock *sk; 776 struct udphdr *uh; 777 const struct in6_addr *saddr, *daddr; 778 u32 ulen = 0; 779 780 if (!pskb_may_pull(skb, sizeof(struct udphdr))) 781 goto discard; 782 783 saddr = &ipv6_hdr(skb)->saddr; 784 daddr = &ipv6_hdr(skb)->daddr; 785 uh = udp_hdr(skb); 786 787 ulen = ntohs(uh->len); 788 if (ulen > skb->len) 789 goto short_packet; 790 791 if (proto == IPPROTO_UDP) { 792 /* UDP validates ulen. */ 793 794 /* Check for jumbo payload */ 795 if (ulen == 0) 796 ulen = skb->len; 797 798 if (ulen < sizeof(*uh)) 799 goto short_packet; 800 801 if (ulen < skb->len) { 802 if (pskb_trim_rcsum(skb, ulen)) 803 goto short_packet; 804 saddr = &ipv6_hdr(skb)->saddr; 805 daddr = &ipv6_hdr(skb)->daddr; 806 uh = udp_hdr(skb); 807 } 808 } 809 810 if (udp6_csum_init(skb, uh, proto)) 811 goto discard; 812 813 /* 814 * Multicast receive code 815 */ 816 if (ipv6_addr_is_multicast(daddr)) 817 return __udp6_lib_mcast_deliver(net, skb, 818 saddr, daddr, udptable); 819 820 /* Unicast */ 821 822 /* 823 * check socket cache ... must talk to Alan about his plans 824 * for sock caches... i'll skip this for now. 825 */ 826 sk = __udp6_lib_lookup_skb(skb, uh->source, uh->dest, udptable); 827 if (sk != NULL) { 828 int ret = udpv6_queue_rcv_skb(sk, skb); 829 sock_put(sk); 830 831 /* a return value > 0 means to resubmit the input, but 832 * it wants the return to be -protocol, or 0 833 */ 834 if (ret > 0) 835 return -ret; 836 837 return 0; 838 } 839 840 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) 841 goto discard; 842 843 if (udp_lib_checksum_complete(skb)) 844 goto discard; 845 846 UDP6_INC_STATS_BH(net, UDP_MIB_NOPORTS, proto == IPPROTO_UDPLITE); 847 icmpv6_send(skb, ICMPV6_DEST_UNREACH, ICMPV6_PORT_UNREACH, 0); 848 849 kfree_skb(skb); 850 return 0; 851 852 short_packet: 853 LIMIT_NETDEBUG(KERN_DEBUG "UDP%sv6: short packet: From [%pI6c]:%u %d/%d to [%pI6c]:%u\n", 854 proto == IPPROTO_UDPLITE ? "-Lite" : "", 855 saddr, 856 ntohs(uh->source), 857 ulen, 858 skb->len, 859 daddr, 860 ntohs(uh->dest)); 861 862 discard: 863 UDP6_INC_STATS_BH(net, UDP_MIB_INERRORS, proto == IPPROTO_UDPLITE); 864 kfree_skb(skb); 865 return 0; 866 } 867 868 static __inline__ int udpv6_rcv(struct sk_buff *skb) 869 { 870 return __udp6_lib_rcv(skb, &udp_table, IPPROTO_UDP); 871 } 872 873 /* 874 * Throw away all pending data and cancel the corking. Socket is locked. 875 */ 876 static void udp_v6_flush_pending_frames(struct sock *sk) 877 { 878 struct udp_sock *up = udp_sk(sk); 879 880 if (up->pending == AF_INET) 881 udp_flush_pending_frames(sk); 882 else if (up->pending) { 883 up->len = 0; 884 up->pending = 0; 885 ip6_flush_pending_frames(sk); 886 } 887 } 888 889 /** 890 * udp6_hwcsum_outgoing - handle outgoing HW checksumming 891 * @sk: socket we are sending on 892 * @skb: sk_buff containing the filled-in UDP header 893 * (checksum field must be zeroed out) 894 */ 895 static void udp6_hwcsum_outgoing(struct sock *sk, struct sk_buff *skb, 896 const struct in6_addr *saddr, 897 const struct in6_addr *daddr, int len) 898 { 899 unsigned int offset; 900 struct udphdr *uh = udp_hdr(skb); 901 __wsum csum = 0; 902 903 if (skb_queue_len(&sk->sk_write_queue) == 1) { 904 /* Only one fragment on the socket. */ 905 skb->csum_start = skb_transport_header(skb) - skb->head; 906 skb->csum_offset = offsetof(struct udphdr, check); 907 uh->check = ~csum_ipv6_magic(saddr, daddr, len, IPPROTO_UDP, 0); 908 } else { 909 /* 910 * HW-checksum won't work as there are two or more 911 * fragments on the socket so that all csums of sk_buffs 912 * should be together 913 */ 914 offset = skb_transport_offset(skb); 915 skb->csum = skb_checksum(skb, offset, skb->len - offset, 0); 916 917 skb->ip_summed = CHECKSUM_NONE; 918 919 skb_queue_walk(&sk->sk_write_queue, skb) { 920 csum = csum_add(csum, skb->csum); 921 } 922 923 uh->check = csum_ipv6_magic(saddr, daddr, len, IPPROTO_UDP, 924 csum); 925 if (uh->check == 0) 926 uh->check = CSUM_MANGLED_0; 927 } 928 } 929 930 /* 931 * Sending 932 */ 933 934 static int udp_v6_push_pending_frames(struct sock *sk) 935 { 936 struct sk_buff *skb; 937 struct udphdr *uh; 938 struct udp_sock *up = udp_sk(sk); 939 struct inet_sock *inet = inet_sk(sk); 940 struct flowi6 *fl6 = &inet->cork.fl.u.ip6; 941 int err = 0; 942 int is_udplite = IS_UDPLITE(sk); 943 __wsum csum = 0; 944 945 /* Grab the skbuff where UDP header space exists. */ 946 if ((skb = skb_peek(&sk->sk_write_queue)) == NULL) 947 goto out; 948 949 /* 950 * Create a UDP header 951 */ 952 uh = udp_hdr(skb); 953 uh->source = fl6->fl6_sport; 954 uh->dest = fl6->fl6_dport; 955 uh->len = htons(up->len); 956 uh->check = 0; 957 958 if (is_udplite) 959 csum = udplite_csum_outgoing(sk, skb); 960 else if (skb->ip_summed == CHECKSUM_PARTIAL) { /* UDP hardware csum */ 961 udp6_hwcsum_outgoing(sk, skb, &fl6->saddr, &fl6->daddr, 962 up->len); 963 goto send; 964 } else 965 csum = udp_csum_outgoing(sk, skb); 966 967 /* add protocol-dependent pseudo-header */ 968 uh->check = csum_ipv6_magic(&fl6->saddr, &fl6->daddr, 969 up->len, fl6->flowi6_proto, csum); 970 if (uh->check == 0) 971 uh->check = CSUM_MANGLED_0; 972 973 send: 974 err = ip6_push_pending_frames(sk); 975 if (err) { 976 if (err == -ENOBUFS && !inet6_sk(sk)->recverr) { 977 UDP6_INC_STATS_USER(sock_net(sk), 978 UDP_MIB_SNDBUFERRORS, is_udplite); 979 err = 0; 980 } 981 } else 982 UDP6_INC_STATS_USER(sock_net(sk), 983 UDP_MIB_OUTDATAGRAMS, is_udplite); 984 out: 985 up->len = 0; 986 up->pending = 0; 987 return err; 988 } 989 990 int udpv6_sendmsg(struct kiocb *iocb, struct sock *sk, 991 struct msghdr *msg, size_t len) 992 { 993 struct ipv6_txoptions opt_space; 994 struct udp_sock *up = udp_sk(sk); 995 struct inet_sock *inet = inet_sk(sk); 996 struct ipv6_pinfo *np = inet6_sk(sk); 997 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *) msg->msg_name; 998 struct in6_addr *daddr, *final_p, final; 999 struct ipv6_txoptions *opt = NULL; 1000 struct ip6_flowlabel *flowlabel = NULL; 1001 struct flowi6 fl6; 1002 struct dst_entry *dst; 1003 int addr_len = msg->msg_namelen; 1004 int ulen = len; 1005 int hlimit = -1; 1006 int tclass = -1; 1007 int dontfrag = -1; 1008 int corkreq = up->corkflag || msg->msg_flags&MSG_MORE; 1009 int err; 1010 int connected = 0; 1011 int is_udplite = IS_UDPLITE(sk); 1012 int (*getfrag)(void *, char *, int, int, int, struct sk_buff *); 1013 1014 /* destination address check */ 1015 if (sin6) { 1016 if (addr_len < offsetof(struct sockaddr, sa_data)) 1017 return -EINVAL; 1018 1019 switch (sin6->sin6_family) { 1020 case AF_INET6: 1021 if (addr_len < SIN6_LEN_RFC2133) 1022 return -EINVAL; 1023 daddr = &sin6->sin6_addr; 1024 break; 1025 case AF_INET: 1026 goto do_udp_sendmsg; 1027 case AF_UNSPEC: 1028 msg->msg_name = sin6 = NULL; 1029 msg->msg_namelen = addr_len = 0; 1030 daddr = NULL; 1031 break; 1032 default: 1033 return -EINVAL; 1034 } 1035 } else if (!up->pending) { 1036 if (sk->sk_state != TCP_ESTABLISHED) 1037 return -EDESTADDRREQ; 1038 daddr = &np->daddr; 1039 } else 1040 daddr = NULL; 1041 1042 if (daddr) { 1043 if (ipv6_addr_v4mapped(daddr)) { 1044 struct sockaddr_in sin; 1045 sin.sin_family = AF_INET; 1046 sin.sin_port = sin6 ? sin6->sin6_port : inet->inet_dport; 1047 sin.sin_addr.s_addr = daddr->s6_addr32[3]; 1048 msg->msg_name = &sin; 1049 msg->msg_namelen = sizeof(sin); 1050 do_udp_sendmsg: 1051 if (__ipv6_only_sock(sk)) 1052 return -ENETUNREACH; 1053 return udp_sendmsg(iocb, sk, msg, len); 1054 } 1055 } 1056 1057 if (up->pending == AF_INET) 1058 return udp_sendmsg(iocb, sk, msg, len); 1059 1060 /* Rough check on arithmetic overflow, 1061 better check is made in ip6_append_data(). 1062 */ 1063 if (len > INT_MAX - sizeof(struct udphdr)) 1064 return -EMSGSIZE; 1065 1066 if (up->pending) { 1067 /* 1068 * There are pending frames. 1069 * The socket lock must be held while it's corked. 1070 */ 1071 lock_sock(sk); 1072 if (likely(up->pending)) { 1073 if (unlikely(up->pending != AF_INET6)) { 1074 release_sock(sk); 1075 return -EAFNOSUPPORT; 1076 } 1077 dst = NULL; 1078 goto do_append_data; 1079 } 1080 release_sock(sk); 1081 } 1082 ulen += sizeof(struct udphdr); 1083 1084 memset(&fl6, 0, sizeof(fl6)); 1085 1086 if (sin6) { 1087 if (sin6->sin6_port == 0) 1088 return -EINVAL; 1089 1090 fl6.fl6_dport = sin6->sin6_port; 1091 daddr = &sin6->sin6_addr; 1092 1093 if (np->sndflow) { 1094 fl6.flowlabel = sin6->sin6_flowinfo&IPV6_FLOWINFO_MASK; 1095 if (fl6.flowlabel&IPV6_FLOWLABEL_MASK) { 1096 flowlabel = fl6_sock_lookup(sk, fl6.flowlabel); 1097 if (flowlabel == NULL) 1098 return -EINVAL; 1099 daddr = &flowlabel->dst; 1100 } 1101 } 1102 1103 /* 1104 * Otherwise it will be difficult to maintain 1105 * sk->sk_dst_cache. 1106 */ 1107 if (sk->sk_state == TCP_ESTABLISHED && 1108 ipv6_addr_equal(daddr, &np->daddr)) 1109 daddr = &np->daddr; 1110 1111 if (addr_len >= sizeof(struct sockaddr_in6) && 1112 sin6->sin6_scope_id && 1113 ipv6_addr_type(daddr)&IPV6_ADDR_LINKLOCAL) 1114 fl6.flowi6_oif = sin6->sin6_scope_id; 1115 } else { 1116 if (sk->sk_state != TCP_ESTABLISHED) 1117 return -EDESTADDRREQ; 1118 1119 fl6.fl6_dport = inet->inet_dport; 1120 daddr = &np->daddr; 1121 fl6.flowlabel = np->flow_label; 1122 connected = 1; 1123 } 1124 1125 if (!fl6.flowi6_oif) 1126 fl6.flowi6_oif = sk->sk_bound_dev_if; 1127 1128 if (!fl6.flowi6_oif) 1129 fl6.flowi6_oif = np->sticky_pktinfo.ipi6_ifindex; 1130 1131 fl6.flowi6_mark = sk->sk_mark; 1132 1133 if (msg->msg_controllen) { 1134 opt = &opt_space; 1135 memset(opt, 0, sizeof(struct ipv6_txoptions)); 1136 opt->tot_len = sizeof(*opt); 1137 1138 err = datagram_send_ctl(sock_net(sk), sk, msg, &fl6, opt, 1139 &hlimit, &tclass, &dontfrag); 1140 if (err < 0) { 1141 fl6_sock_release(flowlabel); 1142 return err; 1143 } 1144 if ((fl6.flowlabel&IPV6_FLOWLABEL_MASK) && !flowlabel) { 1145 flowlabel = fl6_sock_lookup(sk, fl6.flowlabel); 1146 if (flowlabel == NULL) 1147 return -EINVAL; 1148 } 1149 if (!(opt->opt_nflen|opt->opt_flen)) 1150 opt = NULL; 1151 connected = 0; 1152 } 1153 if (opt == NULL) 1154 opt = np->opt; 1155 if (flowlabel) 1156 opt = fl6_merge_options(&opt_space, flowlabel, opt); 1157 opt = ipv6_fixup_options(&opt_space, opt); 1158 1159 fl6.flowi6_proto = sk->sk_protocol; 1160 if (!ipv6_addr_any(daddr)) 1161 fl6.daddr = *daddr; 1162 else 1163 fl6.daddr.s6_addr[15] = 0x1; /* :: means loopback (BSD'ism) */ 1164 if (ipv6_addr_any(&fl6.saddr) && !ipv6_addr_any(&np->saddr)) 1165 fl6.saddr = np->saddr; 1166 fl6.fl6_sport = inet->inet_sport; 1167 1168 final_p = fl6_update_dst(&fl6, opt, &final); 1169 if (final_p) 1170 connected = 0; 1171 1172 if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr)) { 1173 fl6.flowi6_oif = np->mcast_oif; 1174 connected = 0; 1175 } else if (!fl6.flowi6_oif) 1176 fl6.flowi6_oif = np->ucast_oif; 1177 1178 security_sk_classify_flow(sk, flowi6_to_flowi(&fl6)); 1179 1180 dst = ip6_sk_dst_lookup_flow(sk, &fl6, final_p, true); 1181 if (IS_ERR(dst)) { 1182 err = PTR_ERR(dst); 1183 dst = NULL; 1184 goto out; 1185 } 1186 1187 if (hlimit < 0) { 1188 if (ipv6_addr_is_multicast(&fl6.daddr)) 1189 hlimit = np->mcast_hops; 1190 else 1191 hlimit = np->hop_limit; 1192 if (hlimit < 0) 1193 hlimit = ip6_dst_hoplimit(dst); 1194 } 1195 1196 if (tclass < 0) 1197 tclass = np->tclass; 1198 1199 if (dontfrag < 0) 1200 dontfrag = np->dontfrag; 1201 1202 if (msg->msg_flags&MSG_CONFIRM) 1203 goto do_confirm; 1204 back_from_confirm: 1205 1206 lock_sock(sk); 1207 if (unlikely(up->pending)) { 1208 /* The socket is already corked while preparing it. */ 1209 /* ... which is an evident application bug. --ANK */ 1210 release_sock(sk); 1211 1212 LIMIT_NETDEBUG(KERN_DEBUG "udp cork app bug 2\n"); 1213 err = -EINVAL; 1214 goto out; 1215 } 1216 1217 up->pending = AF_INET6; 1218 1219 do_append_data: 1220 up->len += ulen; 1221 getfrag = is_udplite ? udplite_getfrag : ip_generic_getfrag; 1222 err = ip6_append_data(sk, getfrag, msg->msg_iov, ulen, 1223 sizeof(struct udphdr), hlimit, tclass, opt, &fl6, 1224 (struct rt6_info*)dst, 1225 corkreq ? msg->msg_flags|MSG_MORE : msg->msg_flags, dontfrag); 1226 if (err) 1227 udp_v6_flush_pending_frames(sk); 1228 else if (!corkreq) 1229 err = udp_v6_push_pending_frames(sk); 1230 else if (unlikely(skb_queue_empty(&sk->sk_write_queue))) 1231 up->pending = 0; 1232 1233 if (dst) { 1234 if (connected) { 1235 ip6_dst_store(sk, dst, 1236 ipv6_addr_equal(&fl6.daddr, &np->daddr) ? 1237 &np->daddr : NULL, 1238 #ifdef CONFIG_IPV6_SUBTREES 1239 ipv6_addr_equal(&fl6.saddr, &np->saddr) ? 1240 &np->saddr : 1241 #endif 1242 NULL); 1243 } else { 1244 dst_release(dst); 1245 } 1246 dst = NULL; 1247 } 1248 1249 if (err > 0) 1250 err = np->recverr ? net_xmit_errno(err) : 0; 1251 release_sock(sk); 1252 out: 1253 dst_release(dst); 1254 fl6_sock_release(flowlabel); 1255 if (!err) 1256 return len; 1257 /* 1258 * ENOBUFS = no kernel mem, SOCK_NOSPACE = no sndbuf space. Reporting 1259 * ENOBUFS might not be good (it's not tunable per se), but otherwise 1260 * we don't have a good statistic (IpOutDiscards but it can be too many 1261 * things). We could add another new stat but at least for now that 1262 * seems like overkill. 1263 */ 1264 if (err == -ENOBUFS || test_bit(SOCK_NOSPACE, &sk->sk_socket->flags)) { 1265 UDP6_INC_STATS_USER(sock_net(sk), 1266 UDP_MIB_SNDBUFERRORS, is_udplite); 1267 } 1268 return err; 1269 1270 do_confirm: 1271 dst_confirm(dst); 1272 if (!(msg->msg_flags&MSG_PROBE) || len) 1273 goto back_from_confirm; 1274 err = 0; 1275 goto out; 1276 } 1277 1278 void udpv6_destroy_sock(struct sock *sk) 1279 { 1280 lock_sock(sk); 1281 udp_v6_flush_pending_frames(sk); 1282 release_sock(sk); 1283 1284 inet6_destroy_sock(sk); 1285 } 1286 1287 /* 1288 * Socket option code for UDP 1289 */ 1290 int udpv6_setsockopt(struct sock *sk, int level, int optname, 1291 char __user *optval, unsigned int optlen) 1292 { 1293 if (level == SOL_UDP || level == SOL_UDPLITE) 1294 return udp_lib_setsockopt(sk, level, optname, optval, optlen, 1295 udp_v6_push_pending_frames); 1296 return ipv6_setsockopt(sk, level, optname, optval, optlen); 1297 } 1298 1299 #ifdef CONFIG_COMPAT 1300 int compat_udpv6_setsockopt(struct sock *sk, int level, int optname, 1301 char __user *optval, unsigned int optlen) 1302 { 1303 if (level == SOL_UDP || level == SOL_UDPLITE) 1304 return udp_lib_setsockopt(sk, level, optname, optval, optlen, 1305 udp_v6_push_pending_frames); 1306 return compat_ipv6_setsockopt(sk, level, optname, optval, optlen); 1307 } 1308 #endif 1309 1310 int udpv6_getsockopt(struct sock *sk, int level, int optname, 1311 char __user *optval, int __user *optlen) 1312 { 1313 if (level == SOL_UDP || level == SOL_UDPLITE) 1314 return udp_lib_getsockopt(sk, level, optname, optval, optlen); 1315 return ipv6_getsockopt(sk, level, optname, optval, optlen); 1316 } 1317 1318 #ifdef CONFIG_COMPAT 1319 int compat_udpv6_getsockopt(struct sock *sk, int level, int optname, 1320 char __user *optval, int __user *optlen) 1321 { 1322 if (level == SOL_UDP || level == SOL_UDPLITE) 1323 return udp_lib_getsockopt(sk, level, optname, optval, optlen); 1324 return compat_ipv6_getsockopt(sk, level, optname, optval, optlen); 1325 } 1326 #endif 1327 1328 static int udp6_ufo_send_check(struct sk_buff *skb) 1329 { 1330 const struct ipv6hdr *ipv6h; 1331 struct udphdr *uh; 1332 1333 if (!pskb_may_pull(skb, sizeof(*uh))) 1334 return -EINVAL; 1335 1336 ipv6h = ipv6_hdr(skb); 1337 uh = udp_hdr(skb); 1338 1339 uh->check = ~csum_ipv6_magic(&ipv6h->saddr, &ipv6h->daddr, skb->len, 1340 IPPROTO_UDP, 0); 1341 skb->csum_start = skb_transport_header(skb) - skb->head; 1342 skb->csum_offset = offsetof(struct udphdr, check); 1343 skb->ip_summed = CHECKSUM_PARTIAL; 1344 return 0; 1345 } 1346 1347 static struct sk_buff *udp6_ufo_fragment(struct sk_buff *skb, 1348 netdev_features_t features) 1349 { 1350 struct sk_buff *segs = ERR_PTR(-EINVAL); 1351 unsigned int mss; 1352 unsigned int unfrag_ip6hlen, unfrag_len; 1353 struct frag_hdr *fptr; 1354 u8 *mac_start, *prevhdr; 1355 u8 nexthdr; 1356 u8 frag_hdr_sz = sizeof(struct frag_hdr); 1357 int offset; 1358 __wsum csum; 1359 1360 mss = skb_shinfo(skb)->gso_size; 1361 if (unlikely(skb->len <= mss)) 1362 goto out; 1363 1364 if (skb_gso_ok(skb, features | NETIF_F_GSO_ROBUST)) { 1365 /* Packet is from an untrusted source, reset gso_segs. */ 1366 int type = skb_shinfo(skb)->gso_type; 1367 1368 if (unlikely(type & ~(SKB_GSO_UDP | SKB_GSO_DODGY) || 1369 !(type & (SKB_GSO_UDP)))) 1370 goto out; 1371 1372 skb_shinfo(skb)->gso_segs = DIV_ROUND_UP(skb->len, mss); 1373 1374 segs = NULL; 1375 goto out; 1376 } 1377 1378 /* Do software UFO. Complete and fill in the UDP checksum as HW cannot 1379 * do checksum of UDP packets sent as multiple IP fragments. 1380 */ 1381 offset = skb_checksum_start_offset(skb); 1382 csum = skb_checksum(skb, offset, skb->len - offset, 0); 1383 offset += skb->csum_offset; 1384 *(__sum16 *)(skb->data + offset) = csum_fold(csum); 1385 skb->ip_summed = CHECKSUM_NONE; 1386 1387 /* Check if there is enough headroom to insert fragment header. */ 1388 if ((skb_mac_header(skb) < skb->head + frag_hdr_sz) && 1389 pskb_expand_head(skb, frag_hdr_sz, 0, GFP_ATOMIC)) 1390 goto out; 1391 1392 /* Find the unfragmentable header and shift it left by frag_hdr_sz 1393 * bytes to insert fragment header. 1394 */ 1395 unfrag_ip6hlen = ip6_find_1stfragopt(skb, &prevhdr); 1396 nexthdr = *prevhdr; 1397 *prevhdr = NEXTHDR_FRAGMENT; 1398 unfrag_len = skb_network_header(skb) - skb_mac_header(skb) + 1399 unfrag_ip6hlen; 1400 mac_start = skb_mac_header(skb); 1401 memmove(mac_start-frag_hdr_sz, mac_start, unfrag_len); 1402 1403 skb->mac_header -= frag_hdr_sz; 1404 skb->network_header -= frag_hdr_sz; 1405 1406 fptr = (struct frag_hdr *)(skb_network_header(skb) + unfrag_ip6hlen); 1407 fptr->nexthdr = nexthdr; 1408 fptr->reserved = 0; 1409 ipv6_select_ident(fptr, (struct rt6_info *)skb_dst(skb)); 1410 1411 /* Fragment the skb. ipv6 header and the remaining fields of the 1412 * fragment header are updated in ipv6_gso_segment() 1413 */ 1414 segs = skb_segment(skb, features); 1415 1416 out: 1417 return segs; 1418 } 1419 1420 static const struct inet6_protocol udpv6_protocol = { 1421 .handler = udpv6_rcv, 1422 .err_handler = udpv6_err, 1423 .gso_send_check = udp6_ufo_send_check, 1424 .gso_segment = udp6_ufo_fragment, 1425 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL, 1426 }; 1427 1428 /* ------------------------------------------------------------------------ */ 1429 #ifdef CONFIG_PROC_FS 1430 1431 static void udp6_sock_seq_show(struct seq_file *seq, struct sock *sp, int bucket) 1432 { 1433 struct inet_sock *inet = inet_sk(sp); 1434 struct ipv6_pinfo *np = inet6_sk(sp); 1435 const struct in6_addr *dest, *src; 1436 __u16 destp, srcp; 1437 1438 dest = &np->daddr; 1439 src = &np->rcv_saddr; 1440 destp = ntohs(inet->inet_dport); 1441 srcp = ntohs(inet->inet_sport); 1442 seq_printf(seq, 1443 "%5d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X " 1444 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %lu %d %pK %d\n", 1445 bucket, 1446 src->s6_addr32[0], src->s6_addr32[1], 1447 src->s6_addr32[2], src->s6_addr32[3], srcp, 1448 dest->s6_addr32[0], dest->s6_addr32[1], 1449 dest->s6_addr32[2], dest->s6_addr32[3], destp, 1450 sp->sk_state, 1451 sk_wmem_alloc_get(sp), 1452 sk_rmem_alloc_get(sp), 1453 0, 0L, 0, 1454 sock_i_uid(sp), 0, 1455 sock_i_ino(sp), 1456 atomic_read(&sp->sk_refcnt), sp, 1457 atomic_read(&sp->sk_drops)); 1458 } 1459 1460 int udp6_seq_show(struct seq_file *seq, void *v) 1461 { 1462 if (v == SEQ_START_TOKEN) 1463 seq_printf(seq, 1464 " sl " 1465 "local_address " 1466 "remote_address " 1467 "st tx_queue rx_queue tr tm->when retrnsmt" 1468 " uid timeout inode ref pointer drops\n"); 1469 else 1470 udp6_sock_seq_show(seq, v, ((struct udp_iter_state *)seq->private)->bucket); 1471 return 0; 1472 } 1473 1474 static const struct file_operations udp6_afinfo_seq_fops = { 1475 .owner = THIS_MODULE, 1476 .open = udp_seq_open, 1477 .read = seq_read, 1478 .llseek = seq_lseek, 1479 .release = seq_release_net 1480 }; 1481 1482 static struct udp_seq_afinfo udp6_seq_afinfo = { 1483 .name = "udp6", 1484 .family = AF_INET6, 1485 .udp_table = &udp_table, 1486 .seq_fops = &udp6_afinfo_seq_fops, 1487 .seq_ops = { 1488 .show = udp6_seq_show, 1489 }, 1490 }; 1491 1492 int __net_init udp6_proc_init(struct net *net) 1493 { 1494 return udp_proc_register(net, &udp6_seq_afinfo); 1495 } 1496 1497 void udp6_proc_exit(struct net *net) { 1498 udp_proc_unregister(net, &udp6_seq_afinfo); 1499 } 1500 #endif /* CONFIG_PROC_FS */ 1501 1502 /* ------------------------------------------------------------------------ */ 1503 1504 struct proto udpv6_prot = { 1505 .name = "UDPv6", 1506 .owner = THIS_MODULE, 1507 .close = udp_lib_close, 1508 .connect = ip6_datagram_connect, 1509 .disconnect = udp_disconnect, 1510 .ioctl = udp_ioctl, 1511 .destroy = udpv6_destroy_sock, 1512 .setsockopt = udpv6_setsockopt, 1513 .getsockopt = udpv6_getsockopt, 1514 .sendmsg = udpv6_sendmsg, 1515 .recvmsg = udpv6_recvmsg, 1516 .backlog_rcv = __udpv6_queue_rcv_skb, 1517 .hash = udp_lib_hash, 1518 .unhash = udp_lib_unhash, 1519 .rehash = udp_v6_rehash, 1520 .get_port = udp_v6_get_port, 1521 .memory_allocated = &udp_memory_allocated, 1522 .sysctl_mem = sysctl_udp_mem, 1523 .sysctl_wmem = &sysctl_udp_wmem_min, 1524 .sysctl_rmem = &sysctl_udp_rmem_min, 1525 .obj_size = sizeof(struct udp6_sock), 1526 .slab_flags = SLAB_DESTROY_BY_RCU, 1527 .h.udp_table = &udp_table, 1528 #ifdef CONFIG_COMPAT 1529 .compat_setsockopt = compat_udpv6_setsockopt, 1530 .compat_getsockopt = compat_udpv6_getsockopt, 1531 #endif 1532 .clear_sk = sk_prot_clear_portaddr_nulls, 1533 }; 1534 1535 static struct inet_protosw udpv6_protosw = { 1536 .type = SOCK_DGRAM, 1537 .protocol = IPPROTO_UDP, 1538 .prot = &udpv6_prot, 1539 .ops = &inet6_dgram_ops, 1540 .no_check = UDP_CSUM_DEFAULT, 1541 .flags = INET_PROTOSW_PERMANENT, 1542 }; 1543 1544 1545 int __init udpv6_init(void) 1546 { 1547 int ret; 1548 1549 ret = inet6_add_protocol(&udpv6_protocol, IPPROTO_UDP); 1550 if (ret) 1551 goto out; 1552 1553 ret = inet6_register_protosw(&udpv6_protosw); 1554 if (ret) 1555 goto out_udpv6_protocol; 1556 out: 1557 return ret; 1558 1559 out_udpv6_protocol: 1560 inet6_del_protocol(&udpv6_protocol, IPPROTO_UDP); 1561 goto out; 1562 } 1563 1564 void udpv6_exit(void) 1565 { 1566 inet6_unregister_protosw(&udpv6_protosw); 1567 inet6_del_protocol(&udpv6_protocol, IPPROTO_UDP); 1568 } 1569