1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * inet_diag.c Module for monitoring INET transport protocols sockets.
4 *
5 * Authors: Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>
6 */
7
8#include <linux/kernel.h>
9#include <linux/module.h>
10#include <linux/types.h>
11#include <linux/fcntl.h>
12#include <linux/random.h>
13#include <linux/slab.h>
14#include <linux/cache.h>
15#include <linux/init.h>
16#include <linux/time.h>
17
18#include <net/icmp.h>
19#include <net/tcp.h>
20#include <net/ipv6.h>
21#include <net/inet_common.h>
22#include <net/inet_connection_sock.h>
23#include <net/inet_hashtables.h>
24#include <net/inet_timewait_sock.h>
25#include <net/inet6_hashtables.h>
26#include <net/bpf_sk_storage.h>
27#include <net/netlink.h>
28
29#include <linux/inet.h>
30#include <linux/stddef.h>
31
32#include <linux/inet_diag.h>
33#include <linux/sock_diag.h>
34
35static const struct inet_diag_handler **inet_diag_table;
36
37struct inet_diag_entry {
38 const __be32 *saddr;
39 const __be32 *daddr;
40 u16 sport;
41 u16 dport;
42 u16 family;
43 u16 userlocks;
44 u32 ifindex;
45 u32 mark;
46#ifdef CONFIG_SOCK_CGROUP_DATA
47 u64 cgroup_id;
48#endif
49};
50
51static DEFINE_MUTEX(inet_diag_table_mutex);
52
53static const struct inet_diag_handler *inet_diag_lock_handler(int proto)
54{
55 if (proto < 0 || proto >= IPPROTO_MAX) {
56 mutex_lock(&inet_diag_table_mutex);
57 return ERR_PTR(error: -ENOENT);
58 }
59
60 if (!inet_diag_table[proto])
61 sock_load_diag_module(AF_INET, protocol: proto);
62
63 mutex_lock(&inet_diag_table_mutex);
64 if (!inet_diag_table[proto])
65 return ERR_PTR(error: -ENOENT);
66
67 return inet_diag_table[proto];
68}
69
70static void inet_diag_unlock_handler(const struct inet_diag_handler *handler)
71{
72 mutex_unlock(lock: &inet_diag_table_mutex);
73}
74
75void inet_diag_msg_common_fill(struct inet_diag_msg *r, struct sock *sk)
76{
77 r->idiag_family = sk->sk_family;
78
79 r->id.idiag_sport = htons(sk->sk_num);
80 r->id.idiag_dport = sk->sk_dport;
81 r->id.idiag_if = sk->sk_bound_dev_if;
82 sock_diag_save_cookie(sk, cookie: r->id.idiag_cookie);
83
84#if IS_ENABLED(CONFIG_IPV6)
85 if (sk->sk_family == AF_INET6) {
86 *(struct in6_addr *)r->id.idiag_src = sk->sk_v6_rcv_saddr;
87 *(struct in6_addr *)r->id.idiag_dst = sk->sk_v6_daddr;
88 } else
89#endif
90 {
91 memset(&r->id.idiag_src, 0, sizeof(r->id.idiag_src));
92 memset(&r->id.idiag_dst, 0, sizeof(r->id.idiag_dst));
93
94 r->id.idiag_src[0] = sk->sk_rcv_saddr;
95 r->id.idiag_dst[0] = sk->sk_daddr;
96 }
97}
98EXPORT_SYMBOL_GPL(inet_diag_msg_common_fill);
99
100static size_t inet_sk_attr_size(struct sock *sk,
101 const struct inet_diag_req_v2 *req,
102 bool net_admin)
103{
104 const struct inet_diag_handler *handler;
105 size_t aux = 0;
106
107 handler = inet_diag_table[req->sdiag_protocol];
108 if (handler && handler->idiag_get_aux_size)
109 aux = handler->idiag_get_aux_size(sk, net_admin);
110
111 return nla_total_size(payload: sizeof(struct tcp_info))
112 + nla_total_size(payload: sizeof(struct inet_diag_msg))
113 + inet_diag_msg_attrs_size()
114 + nla_total_size(payload: sizeof(struct inet_diag_meminfo))
115 + nla_total_size(payload: SK_MEMINFO_VARS * sizeof(u32))
116 + nla_total_size(TCP_CA_NAME_MAX)
117 + nla_total_size(payload: sizeof(struct tcpvegas_info))
118 + aux
119 + 64;
120}
121
122int inet_diag_msg_attrs_fill(struct sock *sk, struct sk_buff *skb,
123 struct inet_diag_msg *r, int ext,
124 struct user_namespace *user_ns,
125 bool net_admin)
126{
127 const struct inet_sock *inet = inet_sk(sk);
128 struct inet_diag_sockopt inet_sockopt;
129
130 if (nla_put_u8(skb, attrtype: INET_DIAG_SHUTDOWN, value: sk->sk_shutdown))
131 goto errout;
132
133 /* IPv6 dual-stack sockets use inet->tos for IPv4 connections,
134 * hence this needs to be included regardless of socket family.
135 */
136 if (ext & (1 << (INET_DIAG_TOS - 1)))
137 if (nla_put_u8(skb, attrtype: INET_DIAG_TOS, READ_ONCE(inet->tos)) < 0)
138 goto errout;
139
140#if IS_ENABLED(CONFIG_IPV6)
141 if (r->idiag_family == AF_INET6) {
142 if (ext & (1 << (INET_DIAG_TCLASS - 1)))
143 if (nla_put_u8(skb, attrtype: INET_DIAG_TCLASS,
144 value: inet6_sk(sk: sk)->tclass) < 0)
145 goto errout;
146
147 if (((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE)) &&
148 nla_put_u8(skb, attrtype: INET_DIAG_SKV6ONLY, ipv6_only_sock(sk)))
149 goto errout;
150 }
151#endif
152
153 if (net_admin && nla_put_u32(skb, attrtype: INET_DIAG_MARK, READ_ONCE(sk->sk_mark)))
154 goto errout;
155
156 if (ext & (1 << (INET_DIAG_CLASS_ID - 1)) ||
157 ext & (1 << (INET_DIAG_TCLASS - 1))) {
158 u32 classid = 0;
159
160#ifdef CONFIG_SOCK_CGROUP_DATA
161 classid = sock_cgroup_classid(skcd: &sk->sk_cgrp_data);
162#endif
163 /* Fallback to socket priority if class id isn't set.
164 * Classful qdiscs use it as direct reference to class.
165 * For cgroup2 classid is always zero.
166 */
167 if (!classid)
168 classid = READ_ONCE(sk->sk_priority);
169
170 if (nla_put_u32(skb, attrtype: INET_DIAG_CLASS_ID, value: classid))
171 goto errout;
172 }
173
174#ifdef CONFIG_SOCK_CGROUP_DATA
175 if (nla_put_u64_64bit(skb, attrtype: INET_DIAG_CGROUP_ID,
176 value: cgroup_id(cgrp: sock_cgroup_ptr(skcd: &sk->sk_cgrp_data)),
177 padattr: INET_DIAG_PAD))
178 goto errout;
179#endif
180
181 r->idiag_uid = from_kuid_munged(to: user_ns, uid: sock_i_uid(sk));
182 r->idiag_inode = sock_i_ino(sk);
183
184 memset(&inet_sockopt, 0, sizeof(inet_sockopt));
185 inet_sockopt.recverr = inet_test_bit(RECVERR, sk);
186 inet_sockopt.is_icsk = inet_test_bit(IS_ICSK, sk);
187 inet_sockopt.freebind = inet_test_bit(FREEBIND, sk);
188 inet_sockopt.hdrincl = inet_test_bit(HDRINCL, sk);
189 inet_sockopt.mc_loop = inet_test_bit(MC_LOOP, sk);
190 inet_sockopt.transparent = inet_test_bit(TRANSPARENT, sk);
191 inet_sockopt.mc_all = inet_test_bit(MC_ALL, sk);
192 inet_sockopt.nodefrag = inet_test_bit(NODEFRAG, sk);
193 inet_sockopt.bind_address_no_port = inet_test_bit(BIND_ADDRESS_NO_PORT, sk);
194 inet_sockopt.recverr_rfc4884 = inet_test_bit(RECVERR_RFC4884, sk);
195 inet_sockopt.defer_connect = inet_test_bit(DEFER_CONNECT, sk);
196 if (nla_put(skb, attrtype: INET_DIAG_SOCKOPT, attrlen: sizeof(inet_sockopt),
197 data: &inet_sockopt))
198 goto errout;
199
200 return 0;
201errout:
202 return 1;
203}
204EXPORT_SYMBOL_GPL(inet_diag_msg_attrs_fill);
205
206static int inet_diag_parse_attrs(const struct nlmsghdr *nlh, int hdrlen,
207 struct nlattr **req_nlas)
208{
209 struct nlattr *nla;
210 int remaining;
211
212 nlmsg_for_each_attr(nla, nlh, hdrlen, remaining) {
213 int type = nla_type(nla);
214
215 if (type == INET_DIAG_REQ_PROTOCOL && nla_len(nla) != sizeof(u32))
216 return -EINVAL;
217
218 if (type < __INET_DIAG_REQ_MAX)
219 req_nlas[type] = nla;
220 }
221 return 0;
222}
223
224static int inet_diag_get_protocol(const struct inet_diag_req_v2 *req,
225 const struct inet_diag_dump_data *data)
226{
227 if (data->req_nlas[INET_DIAG_REQ_PROTOCOL])
228 return nla_get_u32(nla: data->req_nlas[INET_DIAG_REQ_PROTOCOL]);
229 return req->sdiag_protocol;
230}
231
232#define MAX_DUMP_ALLOC_SIZE (KMALLOC_MAX_SIZE - SKB_DATA_ALIGN(sizeof(struct skb_shared_info)))
233
234int inet_sk_diag_fill(struct sock *sk, struct inet_connection_sock *icsk,
235 struct sk_buff *skb, struct netlink_callback *cb,
236 const struct inet_diag_req_v2 *req,
237 u16 nlmsg_flags, bool net_admin)
238{
239 const struct tcp_congestion_ops *ca_ops;
240 const struct inet_diag_handler *handler;
241 struct inet_diag_dump_data *cb_data;
242 int ext = req->idiag_ext;
243 struct inet_diag_msg *r;
244 struct nlmsghdr *nlh;
245 struct nlattr *attr;
246 void *info = NULL;
247
248 cb_data = cb->data;
249 handler = inet_diag_table[inet_diag_get_protocol(req, data: cb_data)];
250 BUG_ON(!handler);
251
252 nlh = nlmsg_put(skb, NETLINK_CB(cb->skb).portid, seq: cb->nlh->nlmsg_seq,
253 type: cb->nlh->nlmsg_type, payload: sizeof(*r), flags: nlmsg_flags);
254 if (!nlh)
255 return -EMSGSIZE;
256
257 r = nlmsg_data(nlh);
258 BUG_ON(!sk_fullsock(sk));
259
260 inet_diag_msg_common_fill(r, sk);
261 r->idiag_state = sk->sk_state;
262 r->idiag_timer = 0;
263 r->idiag_retrans = 0;
264 r->idiag_expires = 0;
265
266 if (inet_diag_msg_attrs_fill(sk, skb, r, ext,
267 sk_user_ns(NETLINK_CB(cb->skb).sk),
268 net_admin))
269 goto errout;
270
271 if (ext & (1 << (INET_DIAG_MEMINFO - 1))) {
272 struct inet_diag_meminfo minfo = {
273 .idiag_rmem = sk_rmem_alloc_get(sk),
274 .idiag_wmem = READ_ONCE(sk->sk_wmem_queued),
275 .idiag_fmem = sk_forward_alloc_get(sk),
276 .idiag_tmem = sk_wmem_alloc_get(sk),
277 };
278
279 if (nla_put(skb, attrtype: INET_DIAG_MEMINFO, attrlen: sizeof(minfo), data: &minfo) < 0)
280 goto errout;
281 }
282
283 if (ext & (1 << (INET_DIAG_SKMEMINFO - 1)))
284 if (sock_diag_put_meminfo(sk, skb, attr: INET_DIAG_SKMEMINFO))
285 goto errout;
286
287 /*
288 * RAW sockets might have user-defined protocols assigned,
289 * so report the one supplied on socket creation.
290 */
291 if (sk->sk_type == SOCK_RAW) {
292 if (nla_put_u8(skb, attrtype: INET_DIAG_PROTOCOL, value: sk->sk_protocol))
293 goto errout;
294 }
295
296 if (!icsk) {
297 handler->idiag_get_info(sk, r, NULL);
298 goto out;
299 }
300
301 if (icsk->icsk_pending == ICSK_TIME_RETRANS ||
302 icsk->icsk_pending == ICSK_TIME_REO_TIMEOUT ||
303 icsk->icsk_pending == ICSK_TIME_LOSS_PROBE) {
304 r->idiag_timer = 1;
305 r->idiag_retrans = icsk->icsk_retransmits;
306 r->idiag_expires =
307 jiffies_delta_to_msecs(delta: icsk->icsk_timeout - jiffies);
308 } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
309 r->idiag_timer = 4;
310 r->idiag_retrans = icsk->icsk_probes_out;
311 r->idiag_expires =
312 jiffies_delta_to_msecs(delta: icsk->icsk_timeout - jiffies);
313 } else if (timer_pending(timer: &sk->sk_timer)) {
314 r->idiag_timer = 2;
315 r->idiag_retrans = icsk->icsk_probes_out;
316 r->idiag_expires =
317 jiffies_delta_to_msecs(delta: sk->sk_timer.expires - jiffies);
318 }
319
320 if ((ext & (1 << (INET_DIAG_INFO - 1))) && handler->idiag_info_size) {
321 attr = nla_reserve_64bit(skb, attrtype: INET_DIAG_INFO,
322 attrlen: handler->idiag_info_size,
323 padattr: INET_DIAG_PAD);
324 if (!attr)
325 goto errout;
326
327 info = nla_data(nla: attr);
328 }
329
330 if (ext & (1 << (INET_DIAG_CONG - 1))) {
331 int err = 0;
332
333 rcu_read_lock();
334 ca_ops = READ_ONCE(icsk->icsk_ca_ops);
335 if (ca_ops)
336 err = nla_put_string(skb, attrtype: INET_DIAG_CONG, str: ca_ops->name);
337 rcu_read_unlock();
338 if (err < 0)
339 goto errout;
340 }
341
342 handler->idiag_get_info(sk, r, info);
343
344 if (ext & (1 << (INET_DIAG_INFO - 1)) && handler->idiag_get_aux)
345 if (handler->idiag_get_aux(sk, net_admin, skb) < 0)
346 goto errout;
347
348 if (sk->sk_state < TCP_TIME_WAIT) {
349 union tcp_cc_info info;
350 size_t sz = 0;
351 int attr;
352
353 rcu_read_lock();
354 ca_ops = READ_ONCE(icsk->icsk_ca_ops);
355 if (ca_ops && ca_ops->get_info)
356 sz = ca_ops->get_info(sk, ext, &attr, &info);
357 rcu_read_unlock();
358 if (sz && nla_put(skb, attrtype: attr, attrlen: sz, data: &info) < 0)
359 goto errout;
360 }
361
362 /* Keep it at the end for potential retry with a larger skb,
363 * or else do best-effort fitting, which is only done for the
364 * first_nlmsg.
365 */
366 if (cb_data->bpf_stg_diag) {
367 bool first_nlmsg = ((unsigned char *)nlh == skb->data);
368 unsigned int prev_min_dump_alloc;
369 unsigned int total_nla_size = 0;
370 unsigned int msg_len;
371 int err;
372
373 msg_len = skb_tail_pointer(skb) - (unsigned char *)nlh;
374 err = bpf_sk_storage_diag_put(diag: cb_data->bpf_stg_diag, sk, skb,
375 stg_array_type: INET_DIAG_SK_BPF_STORAGES,
376 res_diag_size: &total_nla_size);
377
378 if (!err)
379 goto out;
380
381 total_nla_size += msg_len;
382 prev_min_dump_alloc = cb->min_dump_alloc;
383 if (total_nla_size > prev_min_dump_alloc)
384 cb->min_dump_alloc = min_t(u32, total_nla_size,
385 MAX_DUMP_ALLOC_SIZE);
386
387 if (!first_nlmsg)
388 goto errout;
389
390 if (cb->min_dump_alloc > prev_min_dump_alloc)
391 /* Retry with pskb_expand_head() with
392 * __GFP_DIRECT_RECLAIM
393 */
394 goto errout;
395
396 WARN_ON_ONCE(total_nla_size <= prev_min_dump_alloc);
397
398 /* Send what we have for this sk
399 * and move on to the next sk in the following
400 * dump()
401 */
402 }
403
404out:
405 nlmsg_end(skb, nlh);
406 return 0;
407
408errout:
409 nlmsg_cancel(skb, nlh);
410 return -EMSGSIZE;
411}
412EXPORT_SYMBOL_GPL(inet_sk_diag_fill);
413
414static int inet_twsk_diag_fill(struct sock *sk,
415 struct sk_buff *skb,
416 struct netlink_callback *cb,
417 u16 nlmsg_flags, bool net_admin)
418{
419 struct inet_timewait_sock *tw = inet_twsk(sk);
420 struct inet_diag_msg *r;
421 struct nlmsghdr *nlh;
422 long tmo;
423
424 nlh = nlmsg_put(skb, NETLINK_CB(cb->skb).portid,
425 seq: cb->nlh->nlmsg_seq, type: cb->nlh->nlmsg_type,
426 payload: sizeof(*r), flags: nlmsg_flags);
427 if (!nlh)
428 return -EMSGSIZE;
429
430 r = nlmsg_data(nlh);
431 BUG_ON(tw->tw_state != TCP_TIME_WAIT);
432
433 inet_diag_msg_common_fill(r, sk);
434 r->idiag_retrans = 0;
435
436 r->idiag_state = tw->tw_substate;
437 r->idiag_timer = 3;
438 tmo = tw->tw_timer.expires - jiffies;
439 r->idiag_expires = jiffies_delta_to_msecs(delta: tmo);
440 r->idiag_rqueue = 0;
441 r->idiag_wqueue = 0;
442 r->idiag_uid = 0;
443 r->idiag_inode = 0;
444
445 if (net_admin && nla_put_u32(skb, attrtype: INET_DIAG_MARK,
446 value: tw->tw_mark)) {
447 nlmsg_cancel(skb, nlh);
448 return -EMSGSIZE;
449 }
450
451 nlmsg_end(skb, nlh);
452 return 0;
453}
454
455static int inet_req_diag_fill(struct sock *sk, struct sk_buff *skb,
456 struct netlink_callback *cb,
457 u16 nlmsg_flags, bool net_admin)
458{
459 struct request_sock *reqsk = inet_reqsk(sk);
460 struct inet_diag_msg *r;
461 struct nlmsghdr *nlh;
462 long tmo;
463
464 nlh = nlmsg_put(skb, NETLINK_CB(cb->skb).portid, seq: cb->nlh->nlmsg_seq,
465 type: cb->nlh->nlmsg_type, payload: sizeof(*r), flags: nlmsg_flags);
466 if (!nlh)
467 return -EMSGSIZE;
468
469 r = nlmsg_data(nlh);
470 inet_diag_msg_common_fill(r, sk);
471 r->idiag_state = TCP_SYN_RECV;
472 r->idiag_timer = 1;
473 r->idiag_retrans = reqsk->num_retrans;
474
475 BUILD_BUG_ON(offsetof(struct inet_request_sock, ir_cookie) !=
476 offsetof(struct sock, sk_cookie));
477
478 tmo = inet_reqsk(sk)->rsk_timer.expires - jiffies;
479 r->idiag_expires = jiffies_delta_to_msecs(delta: tmo);
480 r->idiag_rqueue = 0;
481 r->idiag_wqueue = 0;
482 r->idiag_uid = 0;
483 r->idiag_inode = 0;
484
485 if (net_admin && nla_put_u32(skb, attrtype: INET_DIAG_MARK,
486 value: inet_rsk(sk: reqsk)->ir_mark)) {
487 nlmsg_cancel(skb, nlh);
488 return -EMSGSIZE;
489 }
490
491 nlmsg_end(skb, nlh);
492 return 0;
493}
494
495static int sk_diag_fill(struct sock *sk, struct sk_buff *skb,
496 struct netlink_callback *cb,
497 const struct inet_diag_req_v2 *r,
498 u16 nlmsg_flags, bool net_admin)
499{
500 if (sk->sk_state == TCP_TIME_WAIT)
501 return inet_twsk_diag_fill(sk, skb, cb, nlmsg_flags, net_admin);
502
503 if (sk->sk_state == TCP_NEW_SYN_RECV)
504 return inet_req_diag_fill(sk, skb, cb, nlmsg_flags, net_admin);
505
506 return inet_sk_diag_fill(sk, inet_csk(sk), skb, cb, r, nlmsg_flags,
507 net_admin);
508}
509
510struct sock *inet_diag_find_one_icsk(struct net *net,
511 struct inet_hashinfo *hashinfo,
512 const struct inet_diag_req_v2 *req)
513{
514 struct sock *sk;
515
516 rcu_read_lock();
517 if (req->sdiag_family == AF_INET)
518 sk = inet_lookup(net, hashinfo, NULL, doff: 0, saddr: req->id.idiag_dst[0],
519 sport: req->id.idiag_dport, daddr: req->id.idiag_src[0],
520 dport: req->id.idiag_sport, dif: req->id.idiag_if);
521#if IS_ENABLED(CONFIG_IPV6)
522 else if (req->sdiag_family == AF_INET6) {
523 if (ipv6_addr_v4mapped(a: (struct in6_addr *)req->id.idiag_dst) &&
524 ipv6_addr_v4mapped(a: (struct in6_addr *)req->id.idiag_src))
525 sk = inet_lookup(net, hashinfo, NULL, doff: 0, saddr: req->id.idiag_dst[3],
526 sport: req->id.idiag_dport, daddr: req->id.idiag_src[3],
527 dport: req->id.idiag_sport, dif: req->id.idiag_if);
528 else
529 sk = inet6_lookup(net, hashinfo, NULL, doff: 0,
530 saddr: (struct in6_addr *)req->id.idiag_dst,
531 sport: req->id.idiag_dport,
532 daddr: (struct in6_addr *)req->id.idiag_src,
533 dport: req->id.idiag_sport,
534 dif: req->id.idiag_if);
535 }
536#endif
537 else {
538 rcu_read_unlock();
539 return ERR_PTR(error: -EINVAL);
540 }
541 rcu_read_unlock();
542 if (!sk)
543 return ERR_PTR(error: -ENOENT);
544
545 if (sock_diag_check_cookie(sk, cookie: req->id.idiag_cookie)) {
546 sock_gen_put(sk);
547 return ERR_PTR(error: -ENOENT);
548 }
549
550 return sk;
551}
552EXPORT_SYMBOL_GPL(inet_diag_find_one_icsk);
553
554int inet_diag_dump_one_icsk(struct inet_hashinfo *hashinfo,
555 struct netlink_callback *cb,
556 const struct inet_diag_req_v2 *req)
557{
558 struct sk_buff *in_skb = cb->skb;
559 bool net_admin = netlink_net_capable(skb: in_skb, CAP_NET_ADMIN);
560 struct net *net = sock_net(sk: in_skb->sk);
561 struct sk_buff *rep;
562 struct sock *sk;
563 int err;
564
565 sk = inet_diag_find_one_icsk(net, hashinfo, req);
566 if (IS_ERR(ptr: sk))
567 return PTR_ERR(ptr: sk);
568
569 rep = nlmsg_new(payload: inet_sk_attr_size(sk, req, net_admin), GFP_KERNEL);
570 if (!rep) {
571 err = -ENOMEM;
572 goto out;
573 }
574
575 err = sk_diag_fill(sk, skb: rep, cb, r: req, nlmsg_flags: 0, net_admin);
576 if (err < 0) {
577 WARN_ON(err == -EMSGSIZE);
578 nlmsg_free(skb: rep);
579 goto out;
580 }
581 err = nlmsg_unicast(sk: net->diag_nlsk, skb: rep, NETLINK_CB(in_skb).portid);
582
583out:
584 if (sk)
585 sock_gen_put(sk);
586
587 return err;
588}
589EXPORT_SYMBOL_GPL(inet_diag_dump_one_icsk);
590
591static int inet_diag_cmd_exact(int cmd, struct sk_buff *in_skb,
592 const struct nlmsghdr *nlh,
593 int hdrlen,
594 const struct inet_diag_req_v2 *req)
595{
596 const struct inet_diag_handler *handler;
597 struct inet_diag_dump_data dump_data;
598 int err, protocol;
599
600 memset(&dump_data, 0, sizeof(dump_data));
601 err = inet_diag_parse_attrs(nlh, hdrlen, req_nlas: dump_data.req_nlas);
602 if (err)
603 return err;
604
605 protocol = inet_diag_get_protocol(req, data: &dump_data);
606
607 handler = inet_diag_lock_handler(proto: protocol);
608 if (IS_ERR(ptr: handler)) {
609 err = PTR_ERR(ptr: handler);
610 } else if (cmd == SOCK_DIAG_BY_FAMILY) {
611 struct netlink_callback cb = {
612 .nlh = nlh,
613 .skb = in_skb,
614 .data = &dump_data,
615 };
616 err = handler->dump_one(&cb, req);
617 } else if (cmd == SOCK_DESTROY && handler->destroy) {
618 err = handler->destroy(in_skb, req);
619 } else {
620 err = -EOPNOTSUPP;
621 }
622 inet_diag_unlock_handler(handler);
623
624 return err;
625}
626
627static int bitstring_match(const __be32 *a1, const __be32 *a2, int bits)
628{
629 int words = bits >> 5;
630
631 bits &= 0x1f;
632
633 if (words) {
634 if (memcmp(p: a1, q: a2, size: words << 2))
635 return 0;
636 }
637 if (bits) {
638 __be32 w1, w2;
639 __be32 mask;
640
641 w1 = a1[words];
642 w2 = a2[words];
643
644 mask = htonl((0xffffffff) << (32 - bits));
645
646 if ((w1 ^ w2) & mask)
647 return 0;
648 }
649
650 return 1;
651}
652
653static int inet_diag_bc_run(const struct nlattr *_bc,
654 const struct inet_diag_entry *entry)
655{
656 const void *bc = nla_data(nla: _bc);
657 int len = nla_len(nla: _bc);
658
659 while (len > 0) {
660 int yes = 1;
661 const struct inet_diag_bc_op *op = bc;
662
663 switch (op->code) {
664 case INET_DIAG_BC_NOP:
665 break;
666 case INET_DIAG_BC_JMP:
667 yes = 0;
668 break;
669 case INET_DIAG_BC_S_EQ:
670 yes = entry->sport == op[1].no;
671 break;
672 case INET_DIAG_BC_S_GE:
673 yes = entry->sport >= op[1].no;
674 break;
675 case INET_DIAG_BC_S_LE:
676 yes = entry->sport <= op[1].no;
677 break;
678 case INET_DIAG_BC_D_EQ:
679 yes = entry->dport == op[1].no;
680 break;
681 case INET_DIAG_BC_D_GE:
682 yes = entry->dport >= op[1].no;
683 break;
684 case INET_DIAG_BC_D_LE:
685 yes = entry->dport <= op[1].no;
686 break;
687 case INET_DIAG_BC_AUTO:
688 yes = !(entry->userlocks & SOCK_BINDPORT_LOCK);
689 break;
690 case INET_DIAG_BC_S_COND:
691 case INET_DIAG_BC_D_COND: {
692 const struct inet_diag_hostcond *cond;
693 const __be32 *addr;
694
695 cond = (const struct inet_diag_hostcond *)(op + 1);
696 if (cond->port != -1 &&
697 cond->port != (op->code == INET_DIAG_BC_S_COND ?
698 entry->sport : entry->dport)) {
699 yes = 0;
700 break;
701 }
702
703 if (op->code == INET_DIAG_BC_S_COND)
704 addr = entry->saddr;
705 else
706 addr = entry->daddr;
707
708 if (cond->family != AF_UNSPEC &&
709 cond->family != entry->family) {
710 if (entry->family == AF_INET6 &&
711 cond->family == AF_INET) {
712 if (addr[0] == 0 && addr[1] == 0 &&
713 addr[2] == htonl(0xffff) &&
714 bitstring_match(a1: addr + 3,
715 a2: cond->addr,
716 bits: cond->prefix_len))
717 break;
718 }
719 yes = 0;
720 break;
721 }
722
723 if (cond->prefix_len == 0)
724 break;
725 if (bitstring_match(a1: addr, a2: cond->addr,
726 bits: cond->prefix_len))
727 break;
728 yes = 0;
729 break;
730 }
731 case INET_DIAG_BC_DEV_COND: {
732 u32 ifindex;
733
734 ifindex = *((const u32 *)(op + 1));
735 if (ifindex != entry->ifindex)
736 yes = 0;
737 break;
738 }
739 case INET_DIAG_BC_MARK_COND: {
740 struct inet_diag_markcond *cond;
741
742 cond = (struct inet_diag_markcond *)(op + 1);
743 if ((entry->mark & cond->mask) != cond->mark)
744 yes = 0;
745 break;
746 }
747#ifdef CONFIG_SOCK_CGROUP_DATA
748 case INET_DIAG_BC_CGROUP_COND: {
749 u64 cgroup_id;
750
751 cgroup_id = get_unaligned((const u64 *)(op + 1));
752 if (cgroup_id != entry->cgroup_id)
753 yes = 0;
754 break;
755 }
756#endif
757 }
758
759 if (yes) {
760 len -= op->yes;
761 bc += op->yes;
762 } else {
763 len -= op->no;
764 bc += op->no;
765 }
766 }
767 return len == 0;
768}
769
770/* This helper is available for all sockets (ESTABLISH, TIMEWAIT, SYN_RECV)
771 */
772static void entry_fill_addrs(struct inet_diag_entry *entry,
773 const struct sock *sk)
774{
775#if IS_ENABLED(CONFIG_IPV6)
776 if (sk->sk_family == AF_INET6) {
777 entry->saddr = sk->sk_v6_rcv_saddr.s6_addr32;
778 entry->daddr = sk->sk_v6_daddr.s6_addr32;
779 } else
780#endif
781 {
782 entry->saddr = &sk->sk_rcv_saddr;
783 entry->daddr = &sk->sk_daddr;
784 }
785}
786
787int inet_diag_bc_sk(const struct nlattr *bc, struct sock *sk)
788{
789 struct inet_sock *inet = inet_sk(sk);
790 struct inet_diag_entry entry;
791
792 if (!bc)
793 return 1;
794
795 entry.family = sk->sk_family;
796 entry_fill_addrs(entry: &entry, sk);
797 entry.sport = inet->inet_num;
798 entry.dport = ntohs(inet->inet_dport);
799 entry.ifindex = sk->sk_bound_dev_if;
800 entry.userlocks = sk_fullsock(sk) ? sk->sk_userlocks : 0;
801 if (sk_fullsock(sk))
802 entry.mark = READ_ONCE(sk->sk_mark);
803 else if (sk->sk_state == TCP_NEW_SYN_RECV)
804 entry.mark = inet_rsk(sk: inet_reqsk(sk))->ir_mark;
805 else if (sk->sk_state == TCP_TIME_WAIT)
806 entry.mark = inet_twsk(sk)->tw_mark;
807 else
808 entry.mark = 0;
809#ifdef CONFIG_SOCK_CGROUP_DATA
810 entry.cgroup_id = sk_fullsock(sk) ?
811 cgroup_id(cgrp: sock_cgroup_ptr(skcd: &sk->sk_cgrp_data)) : 0;
812#endif
813
814 return inet_diag_bc_run(bc: bc, entry: &entry);
815}
816EXPORT_SYMBOL_GPL(inet_diag_bc_sk);
817
818static int valid_cc(const void *bc, int len, int cc)
819{
820 while (len >= 0) {
821 const struct inet_diag_bc_op *op = bc;
822
823 if (cc > len)
824 return 0;
825 if (cc == len)
826 return 1;
827 if (op->yes < 4 || op->yes & 3)
828 return 0;
829 len -= op->yes;
830 bc += op->yes;
831 }
832 return 0;
833}
834
835/* data is u32 ifindex */
836static bool valid_devcond(const struct inet_diag_bc_op *op, int len,
837 int *min_len)
838{
839 /* Check ifindex space. */
840 *min_len += sizeof(u32);
841 if (len < *min_len)
842 return false;
843
844 return true;
845}
846/* Validate an inet_diag_hostcond. */
847static bool valid_hostcond(const struct inet_diag_bc_op *op, int len,
848 int *min_len)
849{
850 struct inet_diag_hostcond *cond;
851 int addr_len;
852
853 /* Check hostcond space. */
854 *min_len += sizeof(struct inet_diag_hostcond);
855 if (len < *min_len)
856 return false;
857 cond = (struct inet_diag_hostcond *)(op + 1);
858
859 /* Check address family and address length. */
860 switch (cond->family) {
861 case AF_UNSPEC:
862 addr_len = 0;
863 break;
864 case AF_INET:
865 addr_len = sizeof(struct in_addr);
866 break;
867 case AF_INET6:
868 addr_len = sizeof(struct in6_addr);
869 break;
870 default:
871 return false;
872 }
873 *min_len += addr_len;
874 if (len < *min_len)
875 return false;
876
877 /* Check prefix length (in bits) vs address length (in bytes). */
878 if (cond->prefix_len > 8 * addr_len)
879 return false;
880
881 return true;
882}
883
884/* Validate a port comparison operator. */
885static bool valid_port_comparison(const struct inet_diag_bc_op *op,
886 int len, int *min_len)
887{
888 /* Port comparisons put the port in a follow-on inet_diag_bc_op. */
889 *min_len += sizeof(struct inet_diag_bc_op);
890 if (len < *min_len)
891 return false;
892 return true;
893}
894
895static bool valid_markcond(const struct inet_diag_bc_op *op, int len,
896 int *min_len)
897{
898 *min_len += sizeof(struct inet_diag_markcond);
899 return len >= *min_len;
900}
901
902#ifdef CONFIG_SOCK_CGROUP_DATA
903static bool valid_cgroupcond(const struct inet_diag_bc_op *op, int len,
904 int *min_len)
905{
906 *min_len += sizeof(u64);
907 return len >= *min_len;
908}
909#endif
910
911static int inet_diag_bc_audit(const struct nlattr *attr,
912 const struct sk_buff *skb)
913{
914 bool net_admin = netlink_net_capable(skb, CAP_NET_ADMIN);
915 const void *bytecode, *bc;
916 int bytecode_len, len;
917
918 if (!attr || nla_len(nla: attr) < sizeof(struct inet_diag_bc_op))
919 return -EINVAL;
920
921 bytecode = bc = nla_data(nla: attr);
922 len = bytecode_len = nla_len(nla: attr);
923
924 while (len > 0) {
925 int min_len = sizeof(struct inet_diag_bc_op);
926 const struct inet_diag_bc_op *op = bc;
927
928 switch (op->code) {
929 case INET_DIAG_BC_S_COND:
930 case INET_DIAG_BC_D_COND:
931 if (!valid_hostcond(op: bc, len, min_len: &min_len))
932 return -EINVAL;
933 break;
934 case INET_DIAG_BC_DEV_COND:
935 if (!valid_devcond(op: bc, len, min_len: &min_len))
936 return -EINVAL;
937 break;
938 case INET_DIAG_BC_S_EQ:
939 case INET_DIAG_BC_S_GE:
940 case INET_DIAG_BC_S_LE:
941 case INET_DIAG_BC_D_EQ:
942 case INET_DIAG_BC_D_GE:
943 case INET_DIAG_BC_D_LE:
944 if (!valid_port_comparison(op: bc, len, min_len: &min_len))
945 return -EINVAL;
946 break;
947 case INET_DIAG_BC_MARK_COND:
948 if (!net_admin)
949 return -EPERM;
950 if (!valid_markcond(op: bc, len, min_len: &min_len))
951 return -EINVAL;
952 break;
953#ifdef CONFIG_SOCK_CGROUP_DATA
954 case INET_DIAG_BC_CGROUP_COND:
955 if (!valid_cgroupcond(op: bc, len, min_len: &min_len))
956 return -EINVAL;
957 break;
958#endif
959 case INET_DIAG_BC_AUTO:
960 case INET_DIAG_BC_JMP:
961 case INET_DIAG_BC_NOP:
962 break;
963 default:
964 return -EINVAL;
965 }
966
967 if (op->code != INET_DIAG_BC_NOP) {
968 if (op->no < min_len || op->no > len + 4 || op->no & 3)
969 return -EINVAL;
970 if (op->no < len &&
971 !valid_cc(bc: bytecode, len: bytecode_len, cc: len - op->no))
972 return -EINVAL;
973 }
974
975 if (op->yes < min_len || op->yes > len + 4 || op->yes & 3)
976 return -EINVAL;
977 bc += op->yes;
978 len -= op->yes;
979 }
980 return len == 0 ? 0 : -EINVAL;
981}
982
983static void twsk_build_assert(void)
984{
985 BUILD_BUG_ON(offsetof(struct inet_timewait_sock, tw_family) !=
986 offsetof(struct sock, sk_family));
987
988 BUILD_BUG_ON(offsetof(struct inet_timewait_sock, tw_num) !=
989 offsetof(struct inet_sock, inet_num));
990
991 BUILD_BUG_ON(offsetof(struct inet_timewait_sock, tw_dport) !=
992 offsetof(struct inet_sock, inet_dport));
993
994 BUILD_BUG_ON(offsetof(struct inet_timewait_sock, tw_rcv_saddr) !=
995 offsetof(struct inet_sock, inet_rcv_saddr));
996
997 BUILD_BUG_ON(offsetof(struct inet_timewait_sock, tw_daddr) !=
998 offsetof(struct inet_sock, inet_daddr));
999
1000#if IS_ENABLED(CONFIG_IPV6)
1001 BUILD_BUG_ON(offsetof(struct inet_timewait_sock, tw_v6_rcv_saddr) !=
1002 offsetof(struct sock, sk_v6_rcv_saddr));
1003
1004 BUILD_BUG_ON(offsetof(struct inet_timewait_sock, tw_v6_daddr) !=
1005 offsetof(struct sock, sk_v6_daddr));
1006#endif
1007}
1008
1009void inet_diag_dump_icsk(struct inet_hashinfo *hashinfo, struct sk_buff *skb,
1010 struct netlink_callback *cb,
1011 const struct inet_diag_req_v2 *r)
1012{
1013 bool net_admin = netlink_net_capable(skb: cb->skb, CAP_NET_ADMIN);
1014 struct inet_diag_dump_data *cb_data = cb->data;
1015 struct net *net = sock_net(sk: skb->sk);
1016 u32 idiag_states = r->idiag_states;
1017 int i, num, s_i, s_num;
1018 struct nlattr *bc;
1019 struct sock *sk;
1020
1021 bc = cb_data->inet_diag_nla_bc;
1022 if (idiag_states & TCPF_SYN_RECV)
1023 idiag_states |= TCPF_NEW_SYN_RECV;
1024 s_i = cb->args[1];
1025 s_num = num = cb->args[2];
1026
1027 if (cb->args[0] == 0) {
1028 if (!(idiag_states & TCPF_LISTEN) || r->id.idiag_dport)
1029 goto skip_listen_ht;
1030
1031 for (i = s_i; i <= hashinfo->lhash2_mask; i++) {
1032 struct inet_listen_hashbucket *ilb;
1033 struct hlist_nulls_node *node;
1034
1035 num = 0;
1036 ilb = &hashinfo->lhash2[i];
1037
1038 spin_lock(lock: &ilb->lock);
1039 sk_nulls_for_each(sk, node, &ilb->nulls_head) {
1040 struct inet_sock *inet = inet_sk(sk);
1041
1042 if (!net_eq(net1: sock_net(sk), net2: net))
1043 continue;
1044
1045 if (num < s_num) {
1046 num++;
1047 continue;
1048 }
1049
1050 if (r->sdiag_family != AF_UNSPEC &&
1051 sk->sk_family != r->sdiag_family)
1052 goto next_listen;
1053
1054 if (r->id.idiag_sport != inet->inet_sport &&
1055 r->id.idiag_sport)
1056 goto next_listen;
1057
1058 if (!inet_diag_bc_sk(bc, sk))
1059 goto next_listen;
1060
1061 if (inet_sk_diag_fill(sk, inet_csk(sk), skb,
1062 cb, r, NLM_F_MULTI,
1063 net_admin) < 0) {
1064 spin_unlock(lock: &ilb->lock);
1065 goto done;
1066 }
1067
1068next_listen:
1069 ++num;
1070 }
1071 spin_unlock(lock: &ilb->lock);
1072
1073 s_num = 0;
1074 }
1075skip_listen_ht:
1076 cb->args[0] = 1;
1077 s_i = num = s_num = 0;
1078 }
1079
1080 if (!(idiag_states & ~TCPF_LISTEN))
1081 goto out;
1082
1083#define SKARR_SZ 16
1084 for (i = s_i; i <= hashinfo->ehash_mask; i++) {
1085 struct inet_ehash_bucket *head = &hashinfo->ehash[i];
1086 spinlock_t *lock = inet_ehash_lockp(hashinfo, hash: i);
1087 struct hlist_nulls_node *node;
1088 struct sock *sk_arr[SKARR_SZ];
1089 int num_arr[SKARR_SZ];
1090 int idx, accum, res;
1091
1092 if (hlist_nulls_empty(h: &head->chain))
1093 continue;
1094
1095 if (i > s_i)
1096 s_num = 0;
1097
1098next_chunk:
1099 num = 0;
1100 accum = 0;
1101 spin_lock_bh(lock);
1102 sk_nulls_for_each(sk, node, &head->chain) {
1103 int state;
1104
1105 if (!net_eq(net1: sock_net(sk), net2: net))
1106 continue;
1107 if (num < s_num)
1108 goto next_normal;
1109 state = (sk->sk_state == TCP_TIME_WAIT) ?
1110 inet_twsk(sk)->tw_substate : sk->sk_state;
1111 if (!(idiag_states & (1 << state)))
1112 goto next_normal;
1113 if (r->sdiag_family != AF_UNSPEC &&
1114 sk->sk_family != r->sdiag_family)
1115 goto next_normal;
1116 if (r->id.idiag_sport != htons(sk->sk_num) &&
1117 r->id.idiag_sport)
1118 goto next_normal;
1119 if (r->id.idiag_dport != sk->sk_dport &&
1120 r->id.idiag_dport)
1121 goto next_normal;
1122 twsk_build_assert();
1123
1124 if (!inet_diag_bc_sk(bc, sk))
1125 goto next_normal;
1126
1127 if (!refcount_inc_not_zero(r: &sk->sk_refcnt))
1128 goto next_normal;
1129
1130 num_arr[accum] = num;
1131 sk_arr[accum] = sk;
1132 if (++accum == SKARR_SZ)
1133 break;
1134next_normal:
1135 ++num;
1136 }
1137 spin_unlock_bh(lock);
1138 res = 0;
1139 for (idx = 0; idx < accum; idx++) {
1140 if (res >= 0) {
1141 res = sk_diag_fill(sk: sk_arr[idx], skb, cb, r,
1142 NLM_F_MULTI, net_admin);
1143 if (res < 0)
1144 num = num_arr[idx];
1145 }
1146 sock_gen_put(sk: sk_arr[idx]);
1147 }
1148 if (res < 0)
1149 break;
1150 cond_resched();
1151 if (accum == SKARR_SZ) {
1152 s_num = num + 1;
1153 goto next_chunk;
1154 }
1155 }
1156
1157done:
1158 cb->args[1] = i;
1159 cb->args[2] = num;
1160out:
1161 ;
1162}
1163EXPORT_SYMBOL_GPL(inet_diag_dump_icsk);
1164
1165static int __inet_diag_dump(struct sk_buff *skb, struct netlink_callback *cb,
1166 const struct inet_diag_req_v2 *r)
1167{
1168 struct inet_diag_dump_data *cb_data = cb->data;
1169 const struct inet_diag_handler *handler;
1170 u32 prev_min_dump_alloc;
1171 int protocol, err = 0;
1172
1173 protocol = inet_diag_get_protocol(req: r, data: cb_data);
1174
1175again:
1176 prev_min_dump_alloc = cb->min_dump_alloc;
1177 handler = inet_diag_lock_handler(proto: protocol);
1178 if (!IS_ERR(ptr: handler))
1179 handler->dump(skb, cb, r);
1180 else
1181 err = PTR_ERR(ptr: handler);
1182 inet_diag_unlock_handler(handler);
1183
1184 /* The skb is not large enough to fit one sk info and
1185 * inet_sk_diag_fill() has requested for a larger skb.
1186 */
1187 if (!skb->len && cb->min_dump_alloc > prev_min_dump_alloc) {
1188 err = pskb_expand_head(skb, nhead: 0, ntail: cb->min_dump_alloc, GFP_KERNEL);
1189 if (!err)
1190 goto again;
1191 }
1192
1193 return err ? : skb->len;
1194}
1195
1196static int inet_diag_dump(struct sk_buff *skb, struct netlink_callback *cb)
1197{
1198 return __inet_diag_dump(skb, cb, r: nlmsg_data(nlh: cb->nlh));
1199}
1200
1201static int __inet_diag_dump_start(struct netlink_callback *cb, int hdrlen)
1202{
1203 const struct nlmsghdr *nlh = cb->nlh;
1204 struct inet_diag_dump_data *cb_data;
1205 struct sk_buff *skb = cb->skb;
1206 struct nlattr *nla;
1207 int err;
1208
1209 cb_data = kzalloc(size: sizeof(*cb_data), GFP_KERNEL);
1210 if (!cb_data)
1211 return -ENOMEM;
1212
1213 err = inet_diag_parse_attrs(nlh, hdrlen, req_nlas: cb_data->req_nlas);
1214 if (err) {
1215 kfree(objp: cb_data);
1216 return err;
1217 }
1218 nla = cb_data->inet_diag_nla_bc;
1219 if (nla) {
1220 err = inet_diag_bc_audit(attr: nla, skb);
1221 if (err) {
1222 kfree(objp: cb_data);
1223 return err;
1224 }
1225 }
1226
1227 nla = cb_data->inet_diag_nla_bpf_stgs;
1228 if (nla) {
1229 struct bpf_sk_storage_diag *bpf_stg_diag;
1230
1231 bpf_stg_diag = bpf_sk_storage_diag_alloc(nla_stgs: nla);
1232 if (IS_ERR(ptr: bpf_stg_diag)) {
1233 kfree(objp: cb_data);
1234 return PTR_ERR(ptr: bpf_stg_diag);
1235 }
1236 cb_data->bpf_stg_diag = bpf_stg_diag;
1237 }
1238
1239 cb->data = cb_data;
1240 return 0;
1241}
1242
1243static int inet_diag_dump_start(struct netlink_callback *cb)
1244{
1245 return __inet_diag_dump_start(cb, hdrlen: sizeof(struct inet_diag_req_v2));
1246}
1247
1248static int inet_diag_dump_start_compat(struct netlink_callback *cb)
1249{
1250 return __inet_diag_dump_start(cb, hdrlen: sizeof(struct inet_diag_req));
1251}
1252
1253static int inet_diag_dump_done(struct netlink_callback *cb)
1254{
1255 struct inet_diag_dump_data *cb_data = cb->data;
1256
1257 bpf_sk_storage_diag_free(diag: cb_data->bpf_stg_diag);
1258 kfree(objp: cb->data);
1259
1260 return 0;
1261}
1262
1263static int inet_diag_type2proto(int type)
1264{
1265 switch (type) {
1266 case TCPDIAG_GETSOCK:
1267 return IPPROTO_TCP;
1268 case DCCPDIAG_GETSOCK:
1269 return IPPROTO_DCCP;
1270 default:
1271 return 0;
1272 }
1273}
1274
1275static int inet_diag_dump_compat(struct sk_buff *skb,
1276 struct netlink_callback *cb)
1277{
1278 struct inet_diag_req *rc = nlmsg_data(nlh: cb->nlh);
1279 struct inet_diag_req_v2 req;
1280
1281 req.sdiag_family = AF_UNSPEC; /* compatibility */
1282 req.sdiag_protocol = inet_diag_type2proto(type: cb->nlh->nlmsg_type);
1283 req.idiag_ext = rc->idiag_ext;
1284 req.idiag_states = rc->idiag_states;
1285 req.id = rc->id;
1286
1287 return __inet_diag_dump(skb, cb, r: &req);
1288}
1289
1290static int inet_diag_get_exact_compat(struct sk_buff *in_skb,
1291 const struct nlmsghdr *nlh)
1292{
1293 struct inet_diag_req *rc = nlmsg_data(nlh);
1294 struct inet_diag_req_v2 req;
1295
1296 req.sdiag_family = rc->idiag_family;
1297 req.sdiag_protocol = inet_diag_type2proto(type: nlh->nlmsg_type);
1298 req.idiag_ext = rc->idiag_ext;
1299 req.idiag_states = rc->idiag_states;
1300 req.id = rc->id;
1301
1302 return inet_diag_cmd_exact(SOCK_DIAG_BY_FAMILY, in_skb, nlh,
1303 hdrlen: sizeof(struct inet_diag_req), req: &req);
1304}
1305
1306static int inet_diag_rcv_msg_compat(struct sk_buff *skb, struct nlmsghdr *nlh)
1307{
1308 int hdrlen = sizeof(struct inet_diag_req);
1309 struct net *net = sock_net(sk: skb->sk);
1310
1311 if (nlh->nlmsg_type >= INET_DIAG_GETSOCK_MAX ||
1312 nlmsg_len(nlh) < hdrlen)
1313 return -EINVAL;
1314
1315 if (nlh->nlmsg_flags & NLM_F_DUMP) {
1316 struct netlink_dump_control c = {
1317 .start = inet_diag_dump_start_compat,
1318 .done = inet_diag_dump_done,
1319 .dump = inet_diag_dump_compat,
1320 };
1321 return netlink_dump_start(ssk: net->diag_nlsk, skb, nlh, control: &c);
1322 }
1323
1324 return inet_diag_get_exact_compat(in_skb: skb, nlh);
1325}
1326
1327static int inet_diag_handler_cmd(struct sk_buff *skb, struct nlmsghdr *h)
1328{
1329 int hdrlen = sizeof(struct inet_diag_req_v2);
1330 struct net *net = sock_net(sk: skb->sk);
1331
1332 if (nlmsg_len(nlh: h) < hdrlen)
1333 return -EINVAL;
1334
1335 if (h->nlmsg_type == SOCK_DIAG_BY_FAMILY &&
1336 h->nlmsg_flags & NLM_F_DUMP) {
1337 struct netlink_dump_control c = {
1338 .start = inet_diag_dump_start,
1339 .done = inet_diag_dump_done,
1340 .dump = inet_diag_dump,
1341 };
1342 return netlink_dump_start(ssk: net->diag_nlsk, skb, nlh: h, control: &c);
1343 }
1344
1345 return inet_diag_cmd_exact(cmd: h->nlmsg_type, in_skb: skb, nlh: h, hdrlen,
1346 req: nlmsg_data(nlh: h));
1347}
1348
1349static
1350int inet_diag_handler_get_info(struct sk_buff *skb, struct sock *sk)
1351{
1352 const struct inet_diag_handler *handler;
1353 struct nlmsghdr *nlh;
1354 struct nlattr *attr;
1355 struct inet_diag_msg *r;
1356 void *info = NULL;
1357 int err = 0;
1358
1359 nlh = nlmsg_put(skb, portid: 0, seq: 0, SOCK_DIAG_BY_FAMILY, payload: sizeof(*r), flags: 0);
1360 if (!nlh)
1361 return -ENOMEM;
1362
1363 r = nlmsg_data(nlh);
1364 memset(r, 0, sizeof(*r));
1365 inet_diag_msg_common_fill(r, sk);
1366 if (sk->sk_type == SOCK_DGRAM || sk->sk_type == SOCK_STREAM)
1367 r->id.idiag_sport = inet_sk(sk)->inet_sport;
1368 r->idiag_state = sk->sk_state;
1369
1370 if ((err = nla_put_u8(skb, attrtype: INET_DIAG_PROTOCOL, value: sk->sk_protocol))) {
1371 nlmsg_cancel(skb, nlh);
1372 return err;
1373 }
1374
1375 handler = inet_diag_lock_handler(proto: sk->sk_protocol);
1376 if (IS_ERR(ptr: handler)) {
1377 inet_diag_unlock_handler(handler);
1378 nlmsg_cancel(skb, nlh);
1379 return PTR_ERR(ptr: handler);
1380 }
1381
1382 attr = handler->idiag_info_size
1383 ? nla_reserve_64bit(skb, attrtype: INET_DIAG_INFO,
1384 attrlen: handler->idiag_info_size,
1385 padattr: INET_DIAG_PAD)
1386 : NULL;
1387 if (attr)
1388 info = nla_data(nla: attr);
1389
1390 handler->idiag_get_info(sk, r, info);
1391 inet_diag_unlock_handler(handler);
1392
1393 nlmsg_end(skb, nlh);
1394 return 0;
1395}
1396
1397static const struct sock_diag_handler inet_diag_handler = {
1398 .family = AF_INET,
1399 .dump = inet_diag_handler_cmd,
1400 .get_info = inet_diag_handler_get_info,
1401 .destroy = inet_diag_handler_cmd,
1402};
1403
1404static const struct sock_diag_handler inet6_diag_handler = {
1405 .family = AF_INET6,
1406 .dump = inet_diag_handler_cmd,
1407 .get_info = inet_diag_handler_get_info,
1408 .destroy = inet_diag_handler_cmd,
1409};
1410
1411int inet_diag_register(const struct inet_diag_handler *h)
1412{
1413 const __u16 type = h->idiag_type;
1414 int err = -EINVAL;
1415
1416 if (type >= IPPROTO_MAX)
1417 goto out;
1418
1419 mutex_lock(&inet_diag_table_mutex);
1420 err = -EEXIST;
1421 if (!inet_diag_table[type]) {
1422 inet_diag_table[type] = h;
1423 err = 0;
1424 }
1425 mutex_unlock(lock: &inet_diag_table_mutex);
1426out:
1427 return err;
1428}
1429EXPORT_SYMBOL_GPL(inet_diag_register);
1430
1431void inet_diag_unregister(const struct inet_diag_handler *h)
1432{
1433 const __u16 type = h->idiag_type;
1434
1435 if (type >= IPPROTO_MAX)
1436 return;
1437
1438 mutex_lock(&inet_diag_table_mutex);
1439 inet_diag_table[type] = NULL;
1440 mutex_unlock(lock: &inet_diag_table_mutex);
1441}
1442EXPORT_SYMBOL_GPL(inet_diag_unregister);
1443
1444static int __init inet_diag_init(void)
1445{
1446 const int inet_diag_table_size = (IPPROTO_MAX *
1447 sizeof(struct inet_diag_handler *));
1448 int err = -ENOMEM;
1449
1450 inet_diag_table = kzalloc(size: inet_diag_table_size, GFP_KERNEL);
1451 if (!inet_diag_table)
1452 goto out;
1453
1454 err = sock_diag_register(h: &inet_diag_handler);
1455 if (err)
1456 goto out_free_nl;
1457
1458 err = sock_diag_register(h: &inet6_diag_handler);
1459 if (err)
1460 goto out_free_inet;
1461
1462 sock_diag_register_inet_compat(fn: inet_diag_rcv_msg_compat);
1463out:
1464 return err;
1465
1466out_free_inet:
1467 sock_diag_unregister(h: &inet_diag_handler);
1468out_free_nl:
1469 kfree(objp: inet_diag_table);
1470 goto out;
1471}
1472
1473static void __exit inet_diag_exit(void)
1474{
1475 sock_diag_unregister(h: &inet6_diag_handler);
1476 sock_diag_unregister(h: &inet_diag_handler);
1477 sock_diag_unregister_inet_compat(fn: inet_diag_rcv_msg_compat);
1478 kfree(objp: inet_diag_table);
1479}
1480
1481module_init(inet_diag_init);
1482module_exit(inet_diag_exit);
1483MODULE_LICENSE("GPL");
1484MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_NETLINK, NETLINK_SOCK_DIAG, 2 /* AF_INET */);
1485MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_NETLINK, NETLINK_SOCK_DIAG, 10 /* AF_INET6 */);
1486

source code of linux/net/ipv4/inet_diag.c