1/*
2 * inet_diag.c Module for monitoring INET transport protocols sockets.
3 *
4 * Authors: Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
10 */
11
12#include <linux/kernel.h>
13#include <linux/module.h>
14#include <linux/types.h>
15#include <linux/fcntl.h>
16#include <linux/random.h>
17#include <linux/slab.h>
18#include <linux/cache.h>
19#include <linux/init.h>
20#include <linux/time.h>
21
22#include <net/icmp.h>
23#include <net/tcp.h>
24#include <net/ipv6.h>
25#include <net/inet_common.h>
26#include <net/inet_connection_sock.h>
27#include <net/inet_hashtables.h>
28#include <net/inet_timewait_sock.h>
29#include <net/inet6_hashtables.h>
30#include <net/netlink.h>
31
32#include <linux/inet.h>
33#include <linux/stddef.h>
34
35#include <linux/inet_diag.h>
36#include <linux/sock_diag.h>
37
38static const struct inet_diag_handler **inet_diag_table;
39
40struct inet_diag_entry {
41 const __be32 *saddr;
42 const __be32 *daddr;
43 u16 sport;
44 u16 dport;
45 u16 family;
46 u16 userlocks;
47 u32 ifindex;
48 u32 mark;
49};
50
51static DEFINE_MUTEX(inet_diag_table_mutex);
52
53static const struct inet_diag_handler *inet_diag_lock_handler(int proto)
54{
55 if (!inet_diag_table[proto])
56 sock_load_diag_module(AF_INET, proto);
57
58 mutex_lock(&inet_diag_table_mutex);
59 if (!inet_diag_table[proto])
60 return ERR_PTR(-ENOENT);
61
62 return inet_diag_table[proto];
63}
64
65static void inet_diag_unlock_handler(const struct inet_diag_handler *handler)
66{
67 mutex_unlock(&inet_diag_table_mutex);
68}
69
70void inet_diag_msg_common_fill(struct inet_diag_msg *r, struct sock *sk)
71{
72 r->idiag_family = sk->sk_family;
73
74 r->id.idiag_sport = htons(sk->sk_num);
75 r->id.idiag_dport = sk->sk_dport;
76 r->id.idiag_if = sk->sk_bound_dev_if;
77 sock_diag_save_cookie(sk, r->id.idiag_cookie);
78
79#if IS_ENABLED(CONFIG_IPV6)
80 if (sk->sk_family == AF_INET6) {
81 *(struct in6_addr *)r->id.idiag_src = sk->sk_v6_rcv_saddr;
82 *(struct in6_addr *)r->id.idiag_dst = sk->sk_v6_daddr;
83 } else
84#endif
85 {
86 memset(&r->id.idiag_src, 0, sizeof(r->id.idiag_src));
87 memset(&r->id.idiag_dst, 0, sizeof(r->id.idiag_dst));
88
89 r->id.idiag_src[0] = sk->sk_rcv_saddr;
90 r->id.idiag_dst[0] = sk->sk_daddr;
91 }
92}
93EXPORT_SYMBOL_GPL(inet_diag_msg_common_fill);
94
95static size_t inet_sk_attr_size(struct sock *sk,
96 const struct inet_diag_req_v2 *req,
97 bool net_admin)
98{
99 const struct inet_diag_handler *handler;
100 size_t aux = 0;
101
102 handler = inet_diag_table[req->sdiag_protocol];
103 if (handler && handler->idiag_get_aux_size)
104 aux = handler->idiag_get_aux_size(sk, net_admin);
105
106 return nla_total_size(sizeof(struct tcp_info))
107 + nla_total_size(1) /* INET_DIAG_SHUTDOWN */
108 + nla_total_size(1) /* INET_DIAG_TOS */
109 + nla_total_size(1) /* INET_DIAG_TCLASS */
110 + nla_total_size(4) /* INET_DIAG_MARK */
111 + nla_total_size(4) /* INET_DIAG_CLASS_ID */
112 + nla_total_size(sizeof(struct inet_diag_meminfo))
113 + nla_total_size(sizeof(struct inet_diag_msg))
114 + nla_total_size(SK_MEMINFO_VARS * sizeof(u32))
115 + nla_total_size(TCP_CA_NAME_MAX)
116 + nla_total_size(sizeof(struct tcpvegas_info))
117 + aux
118 + 64;
119}
120
121int inet_diag_msg_attrs_fill(struct sock *sk, struct sk_buff *skb,
122 struct inet_diag_msg *r, int ext,
123 struct user_namespace *user_ns,
124 bool net_admin)
125{
126 const struct inet_sock *inet = inet_sk(sk);
127
128 if (nla_put_u8(skb, INET_DIAG_SHUTDOWN, sk->sk_shutdown))
129 goto errout;
130
131 /* IPv6 dual-stack sockets use inet->tos for IPv4 connections,
132 * hence this needs to be included regardless of socket family.
133 */
134 if (ext & (1 << (INET_DIAG_TOS - 1)))
135 if (nla_put_u8(skb, INET_DIAG_TOS, inet->tos) < 0)
136 goto errout;
137
138#if IS_ENABLED(CONFIG_IPV6)
139 if (r->idiag_family == AF_INET6) {
140 if (ext & (1 << (INET_DIAG_TCLASS - 1)))
141 if (nla_put_u8(skb, INET_DIAG_TCLASS,
142 inet6_sk(sk)->tclass) < 0)
143 goto errout;
144
145 if (((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE)) &&
146 nla_put_u8(skb, INET_DIAG_SKV6ONLY, ipv6_only_sock(sk)))
147 goto errout;
148 }
149#endif
150
151 if (net_admin && nla_put_u32(skb, INET_DIAG_MARK, sk->sk_mark))
152 goto errout;
153
154 r->idiag_uid = from_kuid_munged(user_ns, sock_i_uid(sk));
155 r->idiag_inode = sock_i_ino(sk);
156
157 return 0;
158errout:
159 return 1;
160}
161EXPORT_SYMBOL_GPL(inet_diag_msg_attrs_fill);
162
163int inet_sk_diag_fill(struct sock *sk, struct inet_connection_sock *icsk,
164 struct sk_buff *skb, const struct inet_diag_req_v2 *req,
165 struct user_namespace *user_ns,
166 u32 portid, u32 seq, u16 nlmsg_flags,
167 const struct nlmsghdr *unlh,
168 bool net_admin)
169{
170 const struct tcp_congestion_ops *ca_ops;
171 const struct inet_diag_handler *handler;
172 int ext = req->idiag_ext;
173 struct inet_diag_msg *r;
174 struct nlmsghdr *nlh;
175 struct nlattr *attr;
176 void *info = NULL;
177
178 handler = inet_diag_table[req->sdiag_protocol];
179 BUG_ON(!handler);
180
181 nlh = nlmsg_put(skb, portid, seq, unlh->nlmsg_type, sizeof(*r),
182 nlmsg_flags);
183 if (!nlh)
184 return -EMSGSIZE;
185
186 r = nlmsg_data(nlh);
187 BUG_ON(!sk_fullsock(sk));
188
189 inet_diag_msg_common_fill(r, sk);
190 r->idiag_state = sk->sk_state;
191 r->idiag_timer = 0;
192 r->idiag_retrans = 0;
193
194 if (inet_diag_msg_attrs_fill(sk, skb, r, ext, user_ns, net_admin))
195 goto errout;
196
197 if (ext & (1 << (INET_DIAG_MEMINFO - 1))) {
198 struct inet_diag_meminfo minfo = {
199 .idiag_rmem = sk_rmem_alloc_get(sk),
200 .idiag_wmem = sk->sk_wmem_queued,
201 .idiag_fmem = sk->sk_forward_alloc,
202 .idiag_tmem = sk_wmem_alloc_get(sk),
203 };
204
205 if (nla_put(skb, INET_DIAG_MEMINFO, sizeof(minfo), &minfo) < 0)
206 goto errout;
207 }
208
209 if (ext & (1 << (INET_DIAG_SKMEMINFO - 1)))
210 if (sock_diag_put_meminfo(sk, skb, INET_DIAG_SKMEMINFO))
211 goto errout;
212
213 /*
214 * RAW sockets might have user-defined protocols assigned,
215 * so report the one supplied on socket creation.
216 */
217 if (sk->sk_type == SOCK_RAW) {
218 if (nla_put_u8(skb, INET_DIAG_PROTOCOL, sk->sk_protocol))
219 goto errout;
220 }
221
222 if (!icsk) {
223 handler->idiag_get_info(sk, r, NULL);
224 goto out;
225 }
226
227 if (icsk->icsk_pending == ICSK_TIME_RETRANS ||
228 icsk->icsk_pending == ICSK_TIME_REO_TIMEOUT ||
229 icsk->icsk_pending == ICSK_TIME_LOSS_PROBE) {
230 r->idiag_timer = 1;
231 r->idiag_retrans = icsk->icsk_retransmits;
232 r->idiag_expires =
233 jiffies_to_msecs(icsk->icsk_timeout - jiffies);
234 } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
235 r->idiag_timer = 4;
236 r->idiag_retrans = icsk->icsk_probes_out;
237 r->idiag_expires =
238 jiffies_to_msecs(icsk->icsk_timeout - jiffies);
239 } else if (timer_pending(&sk->sk_timer)) {
240 r->idiag_timer = 2;
241 r->idiag_retrans = icsk->icsk_probes_out;
242 r->idiag_expires =
243 jiffies_to_msecs(sk->sk_timer.expires - jiffies);
244 } else {
245 r->idiag_timer = 0;
246 r->idiag_expires = 0;
247 }
248
249 if ((ext & (1 << (INET_DIAG_INFO - 1))) && handler->idiag_info_size) {
250 attr = nla_reserve_64bit(skb, INET_DIAG_INFO,
251 handler->idiag_info_size,
252 INET_DIAG_PAD);
253 if (!attr)
254 goto errout;
255
256 info = nla_data(attr);
257 }
258
259 if (ext & (1 << (INET_DIAG_CONG - 1))) {
260 int err = 0;
261
262 rcu_read_lock();
263 ca_ops = READ_ONCE(icsk->icsk_ca_ops);
264 if (ca_ops)
265 err = nla_put_string(skb, INET_DIAG_CONG, ca_ops->name);
266 rcu_read_unlock();
267 if (err < 0)
268 goto errout;
269 }
270
271 handler->idiag_get_info(sk, r, info);
272
273 if (ext & (1 << (INET_DIAG_INFO - 1)) && handler->idiag_get_aux)
274 if (handler->idiag_get_aux(sk, net_admin, skb) < 0)
275 goto errout;
276
277 if (sk->sk_state < TCP_TIME_WAIT) {
278 union tcp_cc_info info;
279 size_t sz = 0;
280 int attr;
281
282 rcu_read_lock();
283 ca_ops = READ_ONCE(icsk->icsk_ca_ops);
284 if (ca_ops && ca_ops->get_info)
285 sz = ca_ops->get_info(sk, ext, &attr, &info);
286 rcu_read_unlock();
287 if (sz && nla_put(skb, attr, sz, &info) < 0)
288 goto errout;
289 }
290
291 if (ext & (1 << (INET_DIAG_CLASS_ID - 1)) ||
292 ext & (1 << (INET_DIAG_TCLASS - 1))) {
293 u32 classid = 0;
294
295#ifdef CONFIG_SOCK_CGROUP_DATA
296 classid = sock_cgroup_classid(&sk->sk_cgrp_data);
297#endif
298 /* Fallback to socket priority if class id isn't set.
299 * Classful qdiscs use it as direct reference to class.
300 * For cgroup2 classid is always zero.
301 */
302 if (!classid)
303 classid = sk->sk_priority;
304
305 if (nla_put_u32(skb, INET_DIAG_CLASS_ID, classid))
306 goto errout;
307 }
308
309out:
310 nlmsg_end(skb, nlh);
311 return 0;
312
313errout:
314 nlmsg_cancel(skb, nlh);
315 return -EMSGSIZE;
316}
317EXPORT_SYMBOL_GPL(inet_sk_diag_fill);
318
319static int inet_csk_diag_fill(struct sock *sk,
320 struct sk_buff *skb,
321 const struct inet_diag_req_v2 *req,
322 struct user_namespace *user_ns,
323 u32 portid, u32 seq, u16 nlmsg_flags,
324 const struct nlmsghdr *unlh,
325 bool net_admin)
326{
327 return inet_sk_diag_fill(sk, inet_csk(sk), skb, req, user_ns,
328 portid, seq, nlmsg_flags, unlh, net_admin);
329}
330
331static int inet_twsk_diag_fill(struct sock *sk,
332 struct sk_buff *skb,
333 u32 portid, u32 seq, u16 nlmsg_flags,
334 const struct nlmsghdr *unlh)
335{
336 struct inet_timewait_sock *tw = inet_twsk(sk);
337 struct inet_diag_msg *r;
338 struct nlmsghdr *nlh;
339 long tmo;
340
341 nlh = nlmsg_put(skb, portid, seq, unlh->nlmsg_type, sizeof(*r),
342 nlmsg_flags);
343 if (!nlh)
344 return -EMSGSIZE;
345
346 r = nlmsg_data(nlh);
347 BUG_ON(tw->tw_state != TCP_TIME_WAIT);
348
349 tmo = tw->tw_timer.expires - jiffies;
350 if (tmo < 0)
351 tmo = 0;
352
353 inet_diag_msg_common_fill(r, sk);
354 r->idiag_retrans = 0;
355
356 r->idiag_state = tw->tw_substate;
357 r->idiag_timer = 3;
358 r->idiag_expires = jiffies_to_msecs(tmo);
359 r->idiag_rqueue = 0;
360 r->idiag_wqueue = 0;
361 r->idiag_uid = 0;
362 r->idiag_inode = 0;
363
364 nlmsg_end(skb, nlh);
365 return 0;
366}
367
368static int inet_req_diag_fill(struct sock *sk, struct sk_buff *skb,
369 u32 portid, u32 seq, u16 nlmsg_flags,
370 const struct nlmsghdr *unlh, bool net_admin)
371{
372 struct request_sock *reqsk = inet_reqsk(sk);
373 struct inet_diag_msg *r;
374 struct nlmsghdr *nlh;
375 long tmo;
376
377 nlh = nlmsg_put(skb, portid, seq, unlh->nlmsg_type, sizeof(*r),
378 nlmsg_flags);
379 if (!nlh)
380 return -EMSGSIZE;
381
382 r = nlmsg_data(nlh);
383 inet_diag_msg_common_fill(r, sk);
384 r->idiag_state = TCP_SYN_RECV;
385 r->idiag_timer = 1;
386 r->idiag_retrans = reqsk->num_retrans;
387
388 BUILD_BUG_ON(offsetof(struct inet_request_sock, ir_cookie) !=
389 offsetof(struct sock, sk_cookie));
390
391 tmo = inet_reqsk(sk)->rsk_timer.expires - jiffies;
392 r->idiag_expires = (tmo >= 0) ? jiffies_to_msecs(tmo) : 0;
393 r->idiag_rqueue = 0;
394 r->idiag_wqueue = 0;
395 r->idiag_uid = 0;
396 r->idiag_inode = 0;
397
398 if (net_admin && nla_put_u32(skb, INET_DIAG_MARK,
399 inet_rsk(reqsk)->ir_mark))
400 return -EMSGSIZE;
401
402 nlmsg_end(skb, nlh);
403 return 0;
404}
405
406static int sk_diag_fill(struct sock *sk, struct sk_buff *skb,
407 const struct inet_diag_req_v2 *r,
408 struct user_namespace *user_ns,
409 u32 portid, u32 seq, u16 nlmsg_flags,
410 const struct nlmsghdr *unlh, bool net_admin)
411{
412 if (sk->sk_state == TCP_TIME_WAIT)
413 return inet_twsk_diag_fill(sk, skb, portid, seq,
414 nlmsg_flags, unlh);
415
416 if (sk->sk_state == TCP_NEW_SYN_RECV)
417 return inet_req_diag_fill(sk, skb, portid, seq,
418 nlmsg_flags, unlh, net_admin);
419
420 return inet_csk_diag_fill(sk, skb, r, user_ns, portid, seq,
421 nlmsg_flags, unlh, net_admin);
422}
423
424struct sock *inet_diag_find_one_icsk(struct net *net,
425 struct inet_hashinfo *hashinfo,
426 const struct inet_diag_req_v2 *req)
427{
428 struct sock *sk;
429
430 rcu_read_lock();
431 if (req->sdiag_family == AF_INET)
432 sk = inet_lookup(net, hashinfo, NULL, 0, req->id.idiag_dst[0],
433 req->id.idiag_dport, req->id.idiag_src[0],
434 req->id.idiag_sport, req->id.idiag_if);
435#if IS_ENABLED(CONFIG_IPV6)
436 else if (req->sdiag_family == AF_INET6) {
437 if (ipv6_addr_v4mapped((struct in6_addr *)req->id.idiag_dst) &&
438 ipv6_addr_v4mapped((struct in6_addr *)req->id.idiag_src))
439 sk = inet_lookup(net, hashinfo, NULL, 0, req->id.idiag_dst[3],
440 req->id.idiag_dport, req->id.idiag_src[3],
441 req->id.idiag_sport, req->id.idiag_if);
442 else
443 sk = inet6_lookup(net, hashinfo, NULL, 0,
444 (struct in6_addr *)req->id.idiag_dst,
445 req->id.idiag_dport,
446 (struct in6_addr *)req->id.idiag_src,
447 req->id.idiag_sport,
448 req->id.idiag_if);
449 }
450#endif
451 else {
452 rcu_read_unlock();
453 return ERR_PTR(-EINVAL);
454 }
455 rcu_read_unlock();
456 if (!sk)
457 return ERR_PTR(-ENOENT);
458
459 if (sock_diag_check_cookie(sk, req->id.idiag_cookie)) {
460 sock_gen_put(sk);
461 return ERR_PTR(-ENOENT);
462 }
463
464 return sk;
465}
466EXPORT_SYMBOL_GPL(inet_diag_find_one_icsk);
467
468int inet_diag_dump_one_icsk(struct inet_hashinfo *hashinfo,
469 struct sk_buff *in_skb,
470 const struct nlmsghdr *nlh,
471 const struct inet_diag_req_v2 *req)
472{
473 bool net_admin = netlink_net_capable(in_skb, CAP_NET_ADMIN);
474 struct net *net = sock_net(in_skb->sk);
475 struct sk_buff *rep;
476 struct sock *sk;
477 int err;
478
479 sk = inet_diag_find_one_icsk(net, hashinfo, req);
480 if (IS_ERR(sk))
481 return PTR_ERR(sk);
482
483 rep = nlmsg_new(inet_sk_attr_size(sk, req, net_admin), GFP_KERNEL);
484 if (!rep) {
485 err = -ENOMEM;
486 goto out;
487 }
488
489 err = sk_diag_fill(sk, rep, req,
490 sk_user_ns(NETLINK_CB(in_skb).sk),
491 NETLINK_CB(in_skb).portid,
492 nlh->nlmsg_seq, 0, nlh, net_admin);
493 if (err < 0) {
494 WARN_ON(err == -EMSGSIZE);
495 nlmsg_free(rep);
496 goto out;
497 }
498 err = netlink_unicast(net->diag_nlsk, rep, NETLINK_CB(in_skb).portid,
499 MSG_DONTWAIT);
500 if (err > 0)
501 err = 0;
502
503out:
504 if (sk)
505 sock_gen_put(sk);
506
507 return err;
508}
509EXPORT_SYMBOL_GPL(inet_diag_dump_one_icsk);
510
511static int inet_diag_cmd_exact(int cmd, struct sk_buff *in_skb,
512 const struct nlmsghdr *nlh,
513 const struct inet_diag_req_v2 *req)
514{
515 const struct inet_diag_handler *handler;
516 int err;
517
518 handler = inet_diag_lock_handler(req->sdiag_protocol);
519 if (IS_ERR(handler))
520 err = PTR_ERR(handler);
521 else if (cmd == SOCK_DIAG_BY_FAMILY)
522 err = handler->dump_one(in_skb, nlh, req);
523 else if (cmd == SOCK_DESTROY && handler->destroy)
524 err = handler->destroy(in_skb, req);
525 else
526 err = -EOPNOTSUPP;
527 inet_diag_unlock_handler(handler);
528
529 return err;
530}
531
532static int bitstring_match(const __be32 *a1, const __be32 *a2, int bits)
533{
534 int words = bits >> 5;
535
536 bits &= 0x1f;
537
538 if (words) {
539 if (memcmp(a1, a2, words << 2))
540 return 0;
541 }
542 if (bits) {
543 __be32 w1, w2;
544 __be32 mask;
545
546 w1 = a1[words];
547 w2 = a2[words];
548
549 mask = htonl((0xffffffff) << (32 - bits));
550
551 if ((w1 ^ w2) & mask)
552 return 0;
553 }
554
555 return 1;
556}
557
558static int inet_diag_bc_run(const struct nlattr *_bc,
559 const struct inet_diag_entry *entry)
560{
561 const void *bc = nla_data(_bc);
562 int len = nla_len(_bc);
563
564 while (len > 0) {
565 int yes = 1;
566 const struct inet_diag_bc_op *op = bc;
567
568 switch (op->code) {
569 case INET_DIAG_BC_NOP:
570 break;
571 case INET_DIAG_BC_JMP:
572 yes = 0;
573 break;
574 case INET_DIAG_BC_S_EQ:
575 yes = entry->sport == op[1].no;
576 break;
577 case INET_DIAG_BC_S_GE:
578 yes = entry->sport >= op[1].no;
579 break;
580 case INET_DIAG_BC_S_LE:
581 yes = entry->sport <= op[1].no;
582 break;
583 case INET_DIAG_BC_D_EQ:
584 yes = entry->dport == op[1].no;
585 break;
586 case INET_DIAG_BC_D_GE:
587 yes = entry->dport >= op[1].no;
588 break;
589 case INET_DIAG_BC_D_LE:
590 yes = entry->dport <= op[1].no;
591 break;
592 case INET_DIAG_BC_AUTO:
593 yes = !(entry->userlocks & SOCK_BINDPORT_LOCK);
594 break;
595 case INET_DIAG_BC_S_COND:
596 case INET_DIAG_BC_D_COND: {
597 const struct inet_diag_hostcond *cond;
598 const __be32 *addr;
599
600 cond = (const struct inet_diag_hostcond *)(op + 1);
601 if (cond->port != -1 &&
602 cond->port != (op->code == INET_DIAG_BC_S_COND ?
603 entry->sport : entry->dport)) {
604 yes = 0;
605 break;
606 }
607
608 if (op->code == INET_DIAG_BC_S_COND)
609 addr = entry->saddr;
610 else
611 addr = entry->daddr;
612
613 if (cond->family != AF_UNSPEC &&
614 cond->family != entry->family) {
615 if (entry->family == AF_INET6 &&
616 cond->family == AF_INET) {
617 if (addr[0] == 0 && addr[1] == 0 &&
618 addr[2] == htonl(0xffff) &&
619 bitstring_match(addr + 3,
620 cond->addr,
621 cond->prefix_len))
622 break;
623 }
624 yes = 0;
625 break;
626 }
627
628 if (cond->prefix_len == 0)
629 break;
630 if (bitstring_match(addr, cond->addr,
631 cond->prefix_len))
632 break;
633 yes = 0;
634 break;
635 }
636 case INET_DIAG_BC_DEV_COND: {
637 u32 ifindex;
638
639 ifindex = *((const u32 *)(op + 1));
640 if (ifindex != entry->ifindex)
641 yes = 0;
642 break;
643 }
644 case INET_DIAG_BC_MARK_COND: {
645 struct inet_diag_markcond *cond;
646
647 cond = (struct inet_diag_markcond *)(op + 1);
648 if ((entry->mark & cond->mask) != cond->mark)
649 yes = 0;
650 break;
651 }
652 }
653
654 if (yes) {
655 len -= op->yes;
656 bc += op->yes;
657 } else {
658 len -= op->no;
659 bc += op->no;
660 }
661 }
662 return len == 0;
663}
664
665/* This helper is available for all sockets (ESTABLISH, TIMEWAIT, SYN_RECV)
666 */
667static void entry_fill_addrs(struct inet_diag_entry *entry,
668 const struct sock *sk)
669{
670#if IS_ENABLED(CONFIG_IPV6)
671 if (sk->sk_family == AF_INET6) {
672 entry->saddr = sk->sk_v6_rcv_saddr.s6_addr32;
673 entry->daddr = sk->sk_v6_daddr.s6_addr32;
674 } else
675#endif
676 {
677 entry->saddr = &sk->sk_rcv_saddr;
678 entry->daddr = &sk->sk_daddr;
679 }
680}
681
682int inet_diag_bc_sk(const struct nlattr *bc, struct sock *sk)
683{
684 struct inet_sock *inet = inet_sk(sk);
685 struct inet_diag_entry entry;
686
687 if (!bc)
688 return 1;
689
690 entry.family = sk->sk_family;
691 entry_fill_addrs(&entry, sk);
692 entry.sport = inet->inet_num;
693 entry.dport = ntohs(inet->inet_dport);
694 entry.ifindex = sk->sk_bound_dev_if;
695 entry.userlocks = sk_fullsock(sk) ? sk->sk_userlocks : 0;
696 if (sk_fullsock(sk))
697 entry.mark = sk->sk_mark;
698 else if (sk->sk_state == TCP_NEW_SYN_RECV)
699 entry.mark = inet_rsk(inet_reqsk(sk))->ir_mark;
700 else
701 entry.mark = 0;
702
703 return inet_diag_bc_run(bc, &entry);
704}
705EXPORT_SYMBOL_GPL(inet_diag_bc_sk);
706
707static int valid_cc(const void *bc, int len, int cc)
708{
709 while (len >= 0) {
710 const struct inet_diag_bc_op *op = bc;
711
712 if (cc > len)
713 return 0;
714 if (cc == len)
715 return 1;
716 if (op->yes < 4 || op->yes & 3)
717 return 0;
718 len -= op->yes;
719 bc += op->yes;
720 }
721 return 0;
722}
723
724/* data is u32 ifindex */
725static bool valid_devcond(const struct inet_diag_bc_op *op, int len,
726 int *min_len)
727{
728 /* Check ifindex space. */
729 *min_len += sizeof(u32);
730 if (len < *min_len)
731 return false;
732
733 return true;
734}
735/* Validate an inet_diag_hostcond. */
736static bool valid_hostcond(const struct inet_diag_bc_op *op, int len,
737 int *min_len)
738{
739 struct inet_diag_hostcond *cond;
740 int addr_len;
741
742 /* Check hostcond space. */
743 *min_len += sizeof(struct inet_diag_hostcond);
744 if (len < *min_len)
745 return false;
746 cond = (struct inet_diag_hostcond *)(op + 1);
747
748 /* Check address family and address length. */
749 switch (cond->family) {
750 case AF_UNSPEC:
751 addr_len = 0;
752 break;
753 case AF_INET:
754 addr_len = sizeof(struct in_addr);
755 break;
756 case AF_INET6:
757 addr_len = sizeof(struct in6_addr);
758 break;
759 default:
760 return false;
761 }
762 *min_len += addr_len;
763 if (len < *min_len)
764 return false;
765
766 /* Check prefix length (in bits) vs address length (in bytes). */
767 if (cond->prefix_len > 8 * addr_len)
768 return false;
769
770 return true;
771}
772
773/* Validate a port comparison operator. */
774static bool valid_port_comparison(const struct inet_diag_bc_op *op,
775 int len, int *min_len)
776{
777 /* Port comparisons put the port in a follow-on inet_diag_bc_op. */
778 *min_len += sizeof(struct inet_diag_bc_op);
779 if (len < *min_len)
780 return false;
781 return true;
782}
783
784static bool valid_markcond(const struct inet_diag_bc_op *op, int len,
785 int *min_len)
786{
787 *min_len += sizeof(struct inet_diag_markcond);
788 return len >= *min_len;
789}
790
791static int inet_diag_bc_audit(const struct nlattr *attr,
792 const struct sk_buff *skb)
793{
794 bool net_admin = netlink_net_capable(skb, CAP_NET_ADMIN);
795 const void *bytecode, *bc;
796 int bytecode_len, len;
797
798 if (!attr || nla_len(attr) < sizeof(struct inet_diag_bc_op))
799 return -EINVAL;
800
801 bytecode = bc = nla_data(attr);
802 len = bytecode_len = nla_len(attr);
803
804 while (len > 0) {
805 int min_len = sizeof(struct inet_diag_bc_op);
806 const struct inet_diag_bc_op *op = bc;
807
808 switch (op->code) {
809 case INET_DIAG_BC_S_COND:
810 case INET_DIAG_BC_D_COND:
811 if (!valid_hostcond(bc, len, &min_len))
812 return -EINVAL;
813 break;
814 case INET_DIAG_BC_DEV_COND:
815 if (!valid_devcond(bc, len, &min_len))
816 return -EINVAL;
817 break;
818 case INET_DIAG_BC_S_EQ:
819 case INET_DIAG_BC_S_GE:
820 case INET_DIAG_BC_S_LE:
821 case INET_DIAG_BC_D_EQ:
822 case INET_DIAG_BC_D_GE:
823 case INET_DIAG_BC_D_LE:
824 if (!valid_port_comparison(bc, len, &min_len))
825 return -EINVAL;
826 break;
827 case INET_DIAG_BC_MARK_COND:
828 if (!net_admin)
829 return -EPERM;
830 if (!valid_markcond(bc, len, &min_len))
831 return -EINVAL;
832 break;
833 case INET_DIAG_BC_AUTO:
834 case INET_DIAG_BC_JMP:
835 case INET_DIAG_BC_NOP:
836 break;
837 default:
838 return -EINVAL;
839 }
840
841 if (op->code != INET_DIAG_BC_NOP) {
842 if (op->no < min_len || op->no > len + 4 || op->no & 3)
843 return -EINVAL;
844 if (op->no < len &&
845 !valid_cc(bytecode, bytecode_len, len - op->no))
846 return -EINVAL;
847 }
848
849 if (op->yes < min_len || op->yes > len + 4 || op->yes & 3)
850 return -EINVAL;
851 bc += op->yes;
852 len -= op->yes;
853 }
854 return len == 0 ? 0 : -EINVAL;
855}
856
857static int inet_csk_diag_dump(struct sock *sk,
858 struct sk_buff *skb,
859 struct netlink_callback *cb,
860 const struct inet_diag_req_v2 *r,
861 const struct nlattr *bc,
862 bool net_admin)
863{
864 if (!inet_diag_bc_sk(bc, sk))
865 return 0;
866
867 return inet_csk_diag_fill(sk, skb, r,
868 sk_user_ns(NETLINK_CB(cb->skb).sk),
869 NETLINK_CB(cb->skb).portid,
870 cb->nlh->nlmsg_seq, NLM_F_MULTI, cb->nlh,
871 net_admin);
872}
873
874static void twsk_build_assert(void)
875{
876 BUILD_BUG_ON(offsetof(struct inet_timewait_sock, tw_family) !=
877 offsetof(struct sock, sk_family));
878
879 BUILD_BUG_ON(offsetof(struct inet_timewait_sock, tw_num) !=
880 offsetof(struct inet_sock, inet_num));
881
882 BUILD_BUG_ON(offsetof(struct inet_timewait_sock, tw_dport) !=
883 offsetof(struct inet_sock, inet_dport));
884
885 BUILD_BUG_ON(offsetof(struct inet_timewait_sock, tw_rcv_saddr) !=
886 offsetof(struct inet_sock, inet_rcv_saddr));
887
888 BUILD_BUG_ON(offsetof(struct inet_timewait_sock, tw_daddr) !=
889 offsetof(struct inet_sock, inet_daddr));
890
891#if IS_ENABLED(CONFIG_IPV6)
892 BUILD_BUG_ON(offsetof(struct inet_timewait_sock, tw_v6_rcv_saddr) !=
893 offsetof(struct sock, sk_v6_rcv_saddr));
894
895 BUILD_BUG_ON(offsetof(struct inet_timewait_sock, tw_v6_daddr) !=
896 offsetof(struct sock, sk_v6_daddr));
897#endif
898}
899
900void inet_diag_dump_icsk(struct inet_hashinfo *hashinfo, struct sk_buff *skb,
901 struct netlink_callback *cb,
902 const struct inet_diag_req_v2 *r, struct nlattr *bc)
903{
904 bool net_admin = netlink_net_capable(cb->skb, CAP_NET_ADMIN);
905 struct net *net = sock_net(skb->sk);
906 u32 idiag_states = r->idiag_states;
907 int i, num, s_i, s_num;
908 struct sock *sk;
909
910 if (idiag_states & TCPF_SYN_RECV)
911 idiag_states |= TCPF_NEW_SYN_RECV;
912 s_i = cb->args[1];
913 s_num = num = cb->args[2];
914
915 if (cb->args[0] == 0) {
916 if (!(idiag_states & TCPF_LISTEN) || r->id.idiag_dport)
917 goto skip_listen_ht;
918
919 for (i = s_i; i < INET_LHTABLE_SIZE; i++) {
920 struct inet_listen_hashbucket *ilb;
921
922 num = 0;
923 ilb = &hashinfo->listening_hash[i];
924 spin_lock(&ilb->lock);
925 sk_for_each(sk, &ilb->head) {
926 struct inet_sock *inet = inet_sk(sk);
927
928 if (!net_eq(sock_net(sk), net))
929 continue;
930
931 if (num < s_num) {
932 num++;
933 continue;
934 }
935
936 if (r->sdiag_family != AF_UNSPEC &&
937 sk->sk_family != r->sdiag_family)
938 goto next_listen;
939
940 if (r->id.idiag_sport != inet->inet_sport &&
941 r->id.idiag_sport)
942 goto next_listen;
943
944 if (inet_csk_diag_dump(sk, skb, cb, r,
945 bc, net_admin) < 0) {
946 spin_unlock(&ilb->lock);
947 goto done;
948 }
949
950next_listen:
951 ++num;
952 }
953 spin_unlock(&ilb->lock);
954
955 s_num = 0;
956 }
957skip_listen_ht:
958 cb->args[0] = 1;
959 s_i = num = s_num = 0;
960 }
961
962 if (!(idiag_states & ~TCPF_LISTEN))
963 goto out;
964
965#define SKARR_SZ 16
966 for (i = s_i; i <= hashinfo->ehash_mask; i++) {
967 struct inet_ehash_bucket *head = &hashinfo->ehash[i];
968 spinlock_t *lock = inet_ehash_lockp(hashinfo, i);
969 struct hlist_nulls_node *node;
970 struct sock *sk_arr[SKARR_SZ];
971 int num_arr[SKARR_SZ];
972 int idx, accum, res;
973
974 if (hlist_nulls_empty(&head->chain))
975 continue;
976
977 if (i > s_i)
978 s_num = 0;
979
980next_chunk:
981 num = 0;
982 accum = 0;
983 spin_lock_bh(lock);
984 sk_nulls_for_each(sk, node, &head->chain) {
985 int state;
986
987 if (!net_eq(sock_net(sk), net))
988 continue;
989 if (num < s_num)
990 goto next_normal;
991 state = (sk->sk_state == TCP_TIME_WAIT) ?
992 inet_twsk(sk)->tw_substate : sk->sk_state;
993 if (!(idiag_states & (1 << state)))
994 goto next_normal;
995 if (r->sdiag_family != AF_UNSPEC &&
996 sk->sk_family != r->sdiag_family)
997 goto next_normal;
998 if (r->id.idiag_sport != htons(sk->sk_num) &&
999 r->id.idiag_sport)
1000 goto next_normal;
1001 if (r->id.idiag_dport != sk->sk_dport &&
1002 r->id.idiag_dport)
1003 goto next_normal;
1004 twsk_build_assert();
1005
1006 if (!inet_diag_bc_sk(bc, sk))
1007 goto next_normal;
1008
1009 if (!refcount_inc_not_zero(&sk->sk_refcnt))
1010 goto next_normal;
1011
1012 num_arr[accum] = num;
1013 sk_arr[accum] = sk;
1014 if (++accum == SKARR_SZ)
1015 break;
1016next_normal:
1017 ++num;
1018 }
1019 spin_unlock_bh(lock);
1020 res = 0;
1021 for (idx = 0; idx < accum; idx++) {
1022 if (res >= 0) {
1023 res = sk_diag_fill(sk_arr[idx], skb, r,
1024 sk_user_ns(NETLINK_CB(cb->skb).sk),
1025 NETLINK_CB(cb->skb).portid,
1026 cb->nlh->nlmsg_seq, NLM_F_MULTI,
1027 cb->nlh, net_admin);
1028 if (res < 0)
1029 num = num_arr[idx];
1030 }
1031 sock_gen_put(sk_arr[idx]);
1032 }
1033 if (res < 0)
1034 break;
1035 cond_resched();
1036 if (accum == SKARR_SZ) {
1037 s_num = num + 1;
1038 goto next_chunk;
1039 }
1040 }
1041
1042done:
1043 cb->args[1] = i;
1044 cb->args[2] = num;
1045out:
1046 ;
1047}
1048EXPORT_SYMBOL_GPL(inet_diag_dump_icsk);
1049
1050static int __inet_diag_dump(struct sk_buff *skb, struct netlink_callback *cb,
1051 const struct inet_diag_req_v2 *r,
1052 struct nlattr *bc)
1053{
1054 const struct inet_diag_handler *handler;
1055 int err = 0;
1056
1057 handler = inet_diag_lock_handler(r->sdiag_protocol);
1058 if (!IS_ERR(handler))
1059 handler->dump(skb, cb, r, bc);
1060 else
1061 err = PTR_ERR(handler);
1062 inet_diag_unlock_handler(handler);
1063
1064 return err ? : skb->len;
1065}
1066
1067static int inet_diag_dump(struct sk_buff *skb, struct netlink_callback *cb)
1068{
1069 int hdrlen = sizeof(struct inet_diag_req_v2);
1070 struct nlattr *bc = NULL;
1071
1072 if (nlmsg_attrlen(cb->nlh, hdrlen))
1073 bc = nlmsg_find_attr(cb->nlh, hdrlen, INET_DIAG_REQ_BYTECODE);
1074
1075 return __inet_diag_dump(skb, cb, nlmsg_data(cb->nlh), bc);
1076}
1077
1078static int inet_diag_type2proto(int type)
1079{
1080 switch (type) {
1081 case TCPDIAG_GETSOCK:
1082 return IPPROTO_TCP;
1083 case DCCPDIAG_GETSOCK:
1084 return IPPROTO_DCCP;
1085 default:
1086 return 0;
1087 }
1088}
1089
1090static int inet_diag_dump_compat(struct sk_buff *skb,
1091 struct netlink_callback *cb)
1092{
1093 struct inet_diag_req *rc = nlmsg_data(cb->nlh);
1094 int hdrlen = sizeof(struct inet_diag_req);
1095 struct inet_diag_req_v2 req;
1096 struct nlattr *bc = NULL;
1097
1098 req.sdiag_family = AF_UNSPEC; /* compatibility */
1099 req.sdiag_protocol = inet_diag_type2proto(cb->nlh->nlmsg_type);
1100 req.idiag_ext = rc->idiag_ext;
1101 req.idiag_states = rc->idiag_states;
1102 req.id = rc->id;
1103
1104 if (nlmsg_attrlen(cb->nlh, hdrlen))
1105 bc = nlmsg_find_attr(cb->nlh, hdrlen, INET_DIAG_REQ_BYTECODE);
1106
1107 return __inet_diag_dump(skb, cb, &req, bc);
1108}
1109
1110static int inet_diag_get_exact_compat(struct sk_buff *in_skb,
1111 const struct nlmsghdr *nlh)
1112{
1113 struct inet_diag_req *rc = nlmsg_data(nlh);
1114 struct inet_diag_req_v2 req;
1115
1116 req.sdiag_family = rc->idiag_family;
1117 req.sdiag_protocol = inet_diag_type2proto(nlh->nlmsg_type);
1118 req.idiag_ext = rc->idiag_ext;
1119 req.idiag_states = rc->idiag_states;
1120 req.id = rc->id;
1121
1122 return inet_diag_cmd_exact(SOCK_DIAG_BY_FAMILY, in_skb, nlh, &req);
1123}
1124
1125static int inet_diag_rcv_msg_compat(struct sk_buff *skb, struct nlmsghdr *nlh)
1126{
1127 int hdrlen = sizeof(struct inet_diag_req);
1128 struct net *net = sock_net(skb->sk);
1129
1130 if (nlh->nlmsg_type >= INET_DIAG_GETSOCK_MAX ||
1131 nlmsg_len(nlh) < hdrlen)
1132 return -EINVAL;
1133
1134 if (nlh->nlmsg_flags & NLM_F_DUMP) {
1135 if (nlmsg_attrlen(nlh, hdrlen)) {
1136 struct nlattr *attr;
1137 int err;
1138
1139 attr = nlmsg_find_attr(nlh, hdrlen,
1140 INET_DIAG_REQ_BYTECODE);
1141 err = inet_diag_bc_audit(attr, skb);
1142 if (err)
1143 return err;
1144 }
1145 {
1146 struct netlink_dump_control c = {
1147 .dump = inet_diag_dump_compat,
1148 };
1149 return netlink_dump_start(net->diag_nlsk, skb, nlh, &c);
1150 }
1151 }
1152
1153 return inet_diag_get_exact_compat(skb, nlh);
1154}
1155
1156static int inet_diag_handler_cmd(struct sk_buff *skb, struct nlmsghdr *h)
1157{
1158 int hdrlen = sizeof(struct inet_diag_req_v2);
1159 struct net *net = sock_net(skb->sk);
1160
1161 if (nlmsg_len(h) < hdrlen)
1162 return -EINVAL;
1163
1164 if (h->nlmsg_type == SOCK_DIAG_BY_FAMILY &&
1165 h->nlmsg_flags & NLM_F_DUMP) {
1166 if (nlmsg_attrlen(h, hdrlen)) {
1167 struct nlattr *attr;
1168 int err;
1169
1170 attr = nlmsg_find_attr(h, hdrlen,
1171 INET_DIAG_REQ_BYTECODE);
1172 err = inet_diag_bc_audit(attr, skb);
1173 if (err)
1174 return err;
1175 }
1176 {
1177 struct netlink_dump_control c = {
1178 .dump = inet_diag_dump,
1179 };
1180 return netlink_dump_start(net->diag_nlsk, skb, h, &c);
1181 }
1182 }
1183
1184 return inet_diag_cmd_exact(h->nlmsg_type, skb, h, nlmsg_data(h));
1185}
1186
1187static
1188int inet_diag_handler_get_info(struct sk_buff *skb, struct sock *sk)
1189{
1190 const struct inet_diag_handler *handler;
1191 struct nlmsghdr *nlh;
1192 struct nlattr *attr;
1193 struct inet_diag_msg *r;
1194 void *info = NULL;
1195 int err = 0;
1196
1197 nlh = nlmsg_put(skb, 0, 0, SOCK_DIAG_BY_FAMILY, sizeof(*r), 0);
1198 if (!nlh)
1199 return -ENOMEM;
1200
1201 r = nlmsg_data(nlh);
1202 memset(r, 0, sizeof(*r));
1203 inet_diag_msg_common_fill(r, sk);
1204 if (sk->sk_type == SOCK_DGRAM || sk->sk_type == SOCK_STREAM)
1205 r->id.idiag_sport = inet_sk(sk)->inet_sport;
1206 r->idiag_state = sk->sk_state;
1207
1208 if ((err = nla_put_u8(skb, INET_DIAG_PROTOCOL, sk->sk_protocol))) {
1209 nlmsg_cancel(skb, nlh);
1210 return err;
1211 }
1212
1213 handler = inet_diag_lock_handler(sk->sk_protocol);
1214 if (IS_ERR(handler)) {
1215 inet_diag_unlock_handler(handler);
1216 nlmsg_cancel(skb, nlh);
1217 return PTR_ERR(handler);
1218 }
1219
1220 attr = handler->idiag_info_size
1221 ? nla_reserve_64bit(skb, INET_DIAG_INFO,
1222 handler->idiag_info_size,
1223 INET_DIAG_PAD)
1224 : NULL;
1225 if (attr)
1226 info = nla_data(attr);
1227
1228 handler->idiag_get_info(sk, r, info);
1229 inet_diag_unlock_handler(handler);
1230
1231 nlmsg_end(skb, nlh);
1232 return 0;
1233}
1234
1235static const struct sock_diag_handler inet_diag_handler = {
1236 .family = AF_INET,
1237 .dump = inet_diag_handler_cmd,
1238 .get_info = inet_diag_handler_get_info,
1239 .destroy = inet_diag_handler_cmd,
1240};
1241
1242static const struct sock_diag_handler inet6_diag_handler = {
1243 .family = AF_INET6,
1244 .dump = inet_diag_handler_cmd,
1245 .get_info = inet_diag_handler_get_info,
1246 .destroy = inet_diag_handler_cmd,
1247};
1248
1249int inet_diag_register(const struct inet_diag_handler *h)
1250{
1251 const __u16 type = h->idiag_type;
1252 int err = -EINVAL;
1253
1254 if (type >= IPPROTO_MAX)
1255 goto out;
1256
1257 mutex_lock(&inet_diag_table_mutex);
1258 err = -EEXIST;
1259 if (!inet_diag_table[type]) {
1260 inet_diag_table[type] = h;
1261 err = 0;
1262 }
1263 mutex_unlock(&inet_diag_table_mutex);
1264out:
1265 return err;
1266}
1267EXPORT_SYMBOL_GPL(inet_diag_register);
1268
1269void inet_diag_unregister(const struct inet_diag_handler *h)
1270{
1271 const __u16 type = h->idiag_type;
1272
1273 if (type >= IPPROTO_MAX)
1274 return;
1275
1276 mutex_lock(&inet_diag_table_mutex);
1277 inet_diag_table[type] = NULL;
1278 mutex_unlock(&inet_diag_table_mutex);
1279}
1280EXPORT_SYMBOL_GPL(inet_diag_unregister);
1281
1282static int __init inet_diag_init(void)
1283{
1284 const int inet_diag_table_size = (IPPROTO_MAX *
1285 sizeof(struct inet_diag_handler *));
1286 int err = -ENOMEM;
1287
1288 inet_diag_table = kzalloc(inet_diag_table_size, GFP_KERNEL);
1289 if (!inet_diag_table)
1290 goto out;
1291
1292 err = sock_diag_register(&inet_diag_handler);
1293 if (err)
1294 goto out_free_nl;
1295
1296 err = sock_diag_register(&inet6_diag_handler);
1297 if (err)
1298 goto out_free_inet;
1299
1300 sock_diag_register_inet_compat(inet_diag_rcv_msg_compat);
1301out:
1302 return err;
1303
1304out_free_inet:
1305 sock_diag_unregister(&inet_diag_handler);
1306out_free_nl:
1307 kfree(inet_diag_table);
1308 goto out;
1309}
1310
1311static void __exit inet_diag_exit(void)
1312{
1313 sock_diag_unregister(&inet6_diag_handler);
1314 sock_diag_unregister(&inet_diag_handler);
1315 sock_diag_unregister_inet_compat(inet_diag_rcv_msg_compat);
1316 kfree(inet_diag_table);
1317}
1318
1319module_init(inet_diag_init);
1320module_exit(inet_diag_exit);
1321MODULE_LICENSE("GPL");
1322MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_NETLINK, NETLINK_SOCK_DIAG, 2 /* AF_INET */);
1323MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_NETLINK, NETLINK_SOCK_DIAG, 10 /* AF_INET6 */);
1324