1/*
2 * INET An implementation of the TCP/IP protocol suite for the LINUX
3 * operating system. INET is implemented using the BSD Socket
4 * interface as the means of communication with the user level.
5 *
6 * RAW - implementation of IP "raw" sockets.
7 *
8 * Authors: Ross Biro
9 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
10 *
11 * Fixes:
12 * Alan Cox : verify_area() fixed up
13 * Alan Cox : ICMP error handling
14 * Alan Cox : EMSGSIZE if you send too big a packet
15 * Alan Cox : Now uses generic datagrams and shared
16 * skbuff library. No more peek crashes,
17 * no more backlogs
18 * Alan Cox : Checks sk->broadcast.
19 * Alan Cox : Uses skb_free_datagram/skb_copy_datagram
20 * Alan Cox : Raw passes ip options too
21 * Alan Cox : Setsocketopt added
22 * Alan Cox : Fixed error return for broadcasts
23 * Alan Cox : Removed wake_up calls
24 * Alan Cox : Use ttl/tos
25 * Alan Cox : Cleaned up old debugging
26 * Alan Cox : Use new kernel side addresses
27 * Arnt Gulbrandsen : Fixed MSG_DONTROUTE in raw sockets.
28 * Alan Cox : BSD style RAW socket demultiplexing.
29 * Alan Cox : Beginnings of mrouted support.
30 * Alan Cox : Added IP_HDRINCL option.
31 * Alan Cox : Skip broadcast check if BSDism set.
32 * David S. Miller : New socket lookup architecture.
33 *
34 * This program is free software; you can redistribute it and/or
35 * modify it under the terms of the GNU General Public License
36 * as published by the Free Software Foundation; either version
37 * 2 of the License, or (at your option) any later version.
38 */
39
40#include <linux/types.h>
41#include <linux/atomic.h>
42#include <asm/byteorder.h>
43#include <asm/current.h>
44#include <linux/uaccess.h>
45#include <asm/ioctls.h>
46#include <linux/stddef.h>
47#include <linux/slab.h>
48#include <linux/errno.h>
49#include <linux/kernel.h>
50#include <linux/export.h>
51#include <linux/spinlock.h>
52#include <linux/sockios.h>
53#include <linux/socket.h>
54#include <linux/in.h>
55#include <linux/mroute.h>
56#include <linux/netdevice.h>
57#include <linux/in_route.h>
58#include <linux/route.h>
59#include <linux/skbuff.h>
60#include <linux/igmp.h>
61#include <net/net_namespace.h>
62#include <net/dst.h>
63#include <net/sock.h>
64#include <linux/ip.h>
65#include <linux/net.h>
66#include <net/ip.h>
67#include <net/icmp.h>
68#include <net/udp.h>
69#include <net/raw.h>
70#include <net/snmp.h>
71#include <net/tcp_states.h>
72#include <net/inet_common.h>
73#include <net/checksum.h>
74#include <net/xfrm.h>
75#include <linux/rtnetlink.h>
76#include <linux/proc_fs.h>
77#include <linux/seq_file.h>
78#include <linux/netfilter.h>
79#include <linux/netfilter_ipv4.h>
80#include <linux/compat.h>
81#include <linux/uio.h>
82
83struct raw_frag_vec {
84 struct msghdr *msg;
85 union {
86 struct icmphdr icmph;
87 char c[1];
88 } hdr;
89 int hlen;
90};
91
92struct raw_hashinfo raw_v4_hashinfo = {
93 .lock = __RW_LOCK_UNLOCKED(raw_v4_hashinfo.lock),
94};
95EXPORT_SYMBOL_GPL(raw_v4_hashinfo);
96
97int raw_hash_sk(struct sock *sk)
98{
99 struct raw_hashinfo *h = sk->sk_prot->h.raw_hash;
100 struct hlist_head *head;
101
102 head = &h->ht[inet_sk(sk)->inet_num & (RAW_HTABLE_SIZE - 1)];
103
104 write_lock_bh(&h->lock);
105 sk_add_node(sk, head);
106 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1);
107 write_unlock_bh(&h->lock);
108
109 return 0;
110}
111EXPORT_SYMBOL_GPL(raw_hash_sk);
112
113void raw_unhash_sk(struct sock *sk)
114{
115 struct raw_hashinfo *h = sk->sk_prot->h.raw_hash;
116
117 write_lock_bh(&h->lock);
118 if (sk_del_node_init(sk))
119 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, -1);
120 write_unlock_bh(&h->lock);
121}
122EXPORT_SYMBOL_GPL(raw_unhash_sk);
123
124struct sock *__raw_v4_lookup(struct net *net, struct sock *sk,
125 unsigned short num, __be32 raddr, __be32 laddr,
126 int dif, int sdif)
127{
128 sk_for_each_from(sk) {
129 struct inet_sock *inet = inet_sk(sk);
130
131 if (net_eq(sock_net(sk), net) && inet->inet_num == num &&
132 !(inet->inet_daddr && inet->inet_daddr != raddr) &&
133 !(inet->inet_rcv_saddr && inet->inet_rcv_saddr != laddr) &&
134 raw_sk_bound_dev_eq(net, sk->sk_bound_dev_if, dif, sdif))
135 goto found; /* gotcha */
136 }
137 sk = NULL;
138found:
139 return sk;
140}
141EXPORT_SYMBOL_GPL(__raw_v4_lookup);
142
143/*
144 * 0 - deliver
145 * 1 - block
146 */
147static int icmp_filter(const struct sock *sk, const struct sk_buff *skb)
148{
149 struct icmphdr _hdr;
150 const struct icmphdr *hdr;
151
152 hdr = skb_header_pointer(skb, skb_transport_offset(skb),
153 sizeof(_hdr), &_hdr);
154 if (!hdr)
155 return 1;
156
157 if (hdr->type < 32) {
158 __u32 data = raw_sk(sk)->filter.data;
159
160 return ((1U << hdr->type) & data) != 0;
161 }
162
163 /* Do not block unknown ICMP types */
164 return 0;
165}
166
167/* IP input processing comes here for RAW socket delivery.
168 * Caller owns SKB, so we must make clones.
169 *
170 * RFC 1122: SHOULD pass TOS value up to the transport layer.
171 * -> It does. And not only TOS, but all IP header.
172 */
173static int raw_v4_input(struct sk_buff *skb, const struct iphdr *iph, int hash)
174{
175 int sdif = inet_sdif(skb);
176 struct sock *sk;
177 struct hlist_head *head;
178 int delivered = 0;
179 struct net *net;
180
181 read_lock(&raw_v4_hashinfo.lock);
182 head = &raw_v4_hashinfo.ht[hash];
183 if (hlist_empty(head))
184 goto out;
185
186 net = dev_net(skb->dev);
187 sk = __raw_v4_lookup(net, __sk_head(head), iph->protocol,
188 iph->saddr, iph->daddr,
189 skb->dev->ifindex, sdif);
190
191 while (sk) {
192 delivered = 1;
193 if ((iph->protocol != IPPROTO_ICMP || !icmp_filter(sk, skb)) &&
194 ip_mc_sf_allow(sk, iph->daddr, iph->saddr,
195 skb->dev->ifindex, sdif)) {
196 struct sk_buff *clone = skb_clone(skb, GFP_ATOMIC);
197
198 /* Not releasing hash table! */
199 if (clone)
200 raw_rcv(sk, clone);
201 }
202 sk = __raw_v4_lookup(net, sk_next(sk), iph->protocol,
203 iph->saddr, iph->daddr,
204 skb->dev->ifindex, sdif);
205 }
206out:
207 read_unlock(&raw_v4_hashinfo.lock);
208 return delivered;
209}
210
211int raw_local_deliver(struct sk_buff *skb, int protocol)
212{
213 int hash;
214 struct sock *raw_sk;
215
216 hash = protocol & (RAW_HTABLE_SIZE - 1);
217 raw_sk = sk_head(&raw_v4_hashinfo.ht[hash]);
218
219 /* If there maybe a raw socket we must check - if not we
220 * don't care less
221 */
222 if (raw_sk && !raw_v4_input(skb, ip_hdr(skb), hash))
223 raw_sk = NULL;
224
225 return raw_sk != NULL;
226
227}
228
229static void raw_err(struct sock *sk, struct sk_buff *skb, u32 info)
230{
231 struct inet_sock *inet = inet_sk(sk);
232 const int type = icmp_hdr(skb)->type;
233 const int code = icmp_hdr(skb)->code;
234 int err = 0;
235 int harderr = 0;
236
237 if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED)
238 ipv4_sk_update_pmtu(skb, sk, info);
239 else if (type == ICMP_REDIRECT) {
240 ipv4_sk_redirect(skb, sk);
241 return;
242 }
243
244 /* Report error on raw socket, if:
245 1. User requested ip_recverr.
246 2. Socket is connected (otherwise the error indication
247 is useless without ip_recverr and error is hard.
248 */
249 if (!inet->recverr && sk->sk_state != TCP_ESTABLISHED)
250 return;
251
252 switch (type) {
253 default:
254 case ICMP_TIME_EXCEEDED:
255 err = EHOSTUNREACH;
256 break;
257 case ICMP_SOURCE_QUENCH:
258 return;
259 case ICMP_PARAMETERPROB:
260 err = EPROTO;
261 harderr = 1;
262 break;
263 case ICMP_DEST_UNREACH:
264 err = EHOSTUNREACH;
265 if (code > NR_ICMP_UNREACH)
266 break;
267 err = icmp_err_convert[code].errno;
268 harderr = icmp_err_convert[code].fatal;
269 if (code == ICMP_FRAG_NEEDED) {
270 harderr = inet->pmtudisc != IP_PMTUDISC_DONT;
271 err = EMSGSIZE;
272 }
273 }
274
275 if (inet->recverr) {
276 const struct iphdr *iph = (const struct iphdr *)skb->data;
277 u8 *payload = skb->data + (iph->ihl << 2);
278
279 if (inet->hdrincl)
280 payload = skb->data;
281 ip_icmp_error(sk, skb, err, 0, info, payload);
282 }
283
284 if (inet->recverr || harderr) {
285 sk->sk_err = err;
286 sk->sk_error_report(sk);
287 }
288}
289
290void raw_icmp_error(struct sk_buff *skb, int protocol, u32 info)
291{
292 int hash;
293 struct sock *raw_sk;
294 const struct iphdr *iph;
295 struct net *net;
296
297 hash = protocol & (RAW_HTABLE_SIZE - 1);
298
299 read_lock(&raw_v4_hashinfo.lock);
300 raw_sk = sk_head(&raw_v4_hashinfo.ht[hash]);
301 if (raw_sk) {
302 int dif = skb->dev->ifindex;
303 int sdif = inet_sdif(skb);
304
305 iph = (const struct iphdr *)skb->data;
306 net = dev_net(skb->dev);
307
308 while ((raw_sk = __raw_v4_lookup(net, raw_sk, protocol,
309 iph->daddr, iph->saddr,
310 dif, sdif)) != NULL) {
311 raw_err(raw_sk, skb, info);
312 raw_sk = sk_next(raw_sk);
313 iph = (const struct iphdr *)skb->data;
314 }
315 }
316 read_unlock(&raw_v4_hashinfo.lock);
317}
318
319static int raw_rcv_skb(struct sock *sk, struct sk_buff *skb)
320{
321 /* Charge it to the socket. */
322
323 ipv4_pktinfo_prepare(sk, skb);
324 if (sock_queue_rcv_skb(sk, skb) < 0) {
325 kfree_skb(skb);
326 return NET_RX_DROP;
327 }
328
329 return NET_RX_SUCCESS;
330}
331
332int raw_rcv(struct sock *sk, struct sk_buff *skb)
333{
334 if (!xfrm4_policy_check(sk, XFRM_POLICY_IN, skb)) {
335 atomic_inc(&sk->sk_drops);
336 kfree_skb(skb);
337 return NET_RX_DROP;
338 }
339 nf_reset(skb);
340
341 skb_push(skb, skb->data - skb_network_header(skb));
342
343 raw_rcv_skb(sk, skb);
344 return 0;
345}
346
347static int raw_send_hdrinc(struct sock *sk, struct flowi4 *fl4,
348 struct msghdr *msg, size_t length,
349 struct rtable **rtp, unsigned int flags,
350 const struct sockcm_cookie *sockc)
351{
352 struct inet_sock *inet = inet_sk(sk);
353 struct net *net = sock_net(sk);
354 struct iphdr *iph;
355 struct sk_buff *skb;
356 unsigned int iphlen;
357 int err;
358 struct rtable *rt = *rtp;
359 int hlen, tlen;
360
361 if (length > rt->dst.dev->mtu) {
362 ip_local_error(sk, EMSGSIZE, fl4->daddr, inet->inet_dport,
363 rt->dst.dev->mtu);
364 return -EMSGSIZE;
365 }
366 if (length < sizeof(struct iphdr))
367 return -EINVAL;
368
369 if (flags&MSG_PROBE)
370 goto out;
371
372 hlen = LL_RESERVED_SPACE(rt->dst.dev);
373 tlen = rt->dst.dev->needed_tailroom;
374 skb = sock_alloc_send_skb(sk,
375 length + hlen + tlen + 15,
376 flags & MSG_DONTWAIT, &err);
377 if (!skb)
378 goto error;
379 skb_reserve(skb, hlen);
380
381 skb->priority = sk->sk_priority;
382 skb->mark = sk->sk_mark;
383 skb->tstamp = sockc->transmit_time;
384 skb_dst_set(skb, &rt->dst);
385 *rtp = NULL;
386
387 skb_reset_network_header(skb);
388 iph = ip_hdr(skb);
389 skb_put(skb, length);
390
391 skb->ip_summed = CHECKSUM_NONE;
392
393 skb_setup_tx_timestamp(skb, sockc->tsflags);
394
395 if (flags & MSG_CONFIRM)
396 skb_set_dst_pending_confirm(skb, 1);
397
398 skb->transport_header = skb->network_header;
399 err = -EFAULT;
400 if (memcpy_from_msg(iph, msg, length))
401 goto error_free;
402
403 iphlen = iph->ihl * 4;
404
405 /*
406 * We don't want to modify the ip header, but we do need to
407 * be sure that it won't cause problems later along the network
408 * stack. Specifically we want to make sure that iph->ihl is a
409 * sane value. If ihl points beyond the length of the buffer passed
410 * in, reject the frame as invalid
411 */
412 err = -EINVAL;
413 if (iphlen > length)
414 goto error_free;
415
416 if (iphlen >= sizeof(*iph)) {
417 if (!iph->saddr)
418 iph->saddr = fl4->saddr;
419 iph->check = 0;
420 iph->tot_len = htons(length);
421 if (!iph->id)
422 ip_select_ident(net, skb, NULL);
423
424 iph->check = ip_fast_csum((unsigned char *)iph, iph->ihl);
425 skb->transport_header += iphlen;
426 if (iph->protocol == IPPROTO_ICMP &&
427 length >= iphlen + sizeof(struct icmphdr))
428 icmp_out_count(net, ((struct icmphdr *)
429 skb_transport_header(skb))->type);
430 }
431
432 err = NF_HOOK(NFPROTO_IPV4, NF_INET_LOCAL_OUT,
433 net, sk, skb, NULL, rt->dst.dev,
434 dst_output);
435 if (err > 0)
436 err = net_xmit_errno(err);
437 if (err)
438 goto error;
439out:
440 return 0;
441
442error_free:
443 kfree_skb(skb);
444error:
445 IP_INC_STATS(net, IPSTATS_MIB_OUTDISCARDS);
446 if (err == -ENOBUFS && !inet->recverr)
447 err = 0;
448 return err;
449}
450
451static int raw_probe_proto_opt(struct raw_frag_vec *rfv, struct flowi4 *fl4)
452{
453 int err;
454
455 if (fl4->flowi4_proto != IPPROTO_ICMP)
456 return 0;
457
458 /* We only need the first two bytes. */
459 rfv->hlen = 2;
460
461 err = memcpy_from_msg(rfv->hdr.c, rfv->msg, rfv->hlen);
462 if (err)
463 return err;
464
465 fl4->fl4_icmp_type = rfv->hdr.icmph.type;
466 fl4->fl4_icmp_code = rfv->hdr.icmph.code;
467
468 return 0;
469}
470
471static int raw_getfrag(void *from, char *to, int offset, int len, int odd,
472 struct sk_buff *skb)
473{
474 struct raw_frag_vec *rfv = from;
475
476 if (offset < rfv->hlen) {
477 int copy = min(rfv->hlen - offset, len);
478
479 if (skb->ip_summed == CHECKSUM_PARTIAL)
480 memcpy(to, rfv->hdr.c + offset, copy);
481 else
482 skb->csum = csum_block_add(
483 skb->csum,
484 csum_partial_copy_nocheck(rfv->hdr.c + offset,
485 to, copy, 0),
486 odd);
487
488 odd = 0;
489 offset += copy;
490 to += copy;
491 len -= copy;
492
493 if (!len)
494 return 0;
495 }
496
497 offset -= rfv->hlen;
498
499 return ip_generic_getfrag(rfv->msg, to, offset, len, odd, skb);
500}
501
502static int raw_sendmsg(struct sock *sk, struct msghdr *msg, size_t len)
503{
504 struct inet_sock *inet = inet_sk(sk);
505 struct net *net = sock_net(sk);
506 struct ipcm_cookie ipc;
507 struct rtable *rt = NULL;
508 struct flowi4 fl4;
509 int free = 0;
510 __be32 daddr;
511 __be32 saddr;
512 u8 tos;
513 int err;
514 struct ip_options_data opt_copy;
515 struct raw_frag_vec rfv;
516 int hdrincl;
517
518 err = -EMSGSIZE;
519 if (len > 0xFFFF)
520 goto out;
521
522 /* hdrincl should be READ_ONCE(inet->hdrincl)
523 * but READ_ONCE() doesn't work with bit fields.
524 * Doing this indirectly yields the same result.
525 */
526 hdrincl = inet->hdrincl;
527 hdrincl = READ_ONCE(hdrincl);
528 /*
529 * Check the flags.
530 */
531
532 err = -EOPNOTSUPP;
533 if (msg->msg_flags & MSG_OOB) /* Mirror BSD error message */
534 goto out; /* compatibility */
535
536 /*
537 * Get and verify the address.
538 */
539
540 if (msg->msg_namelen) {
541 DECLARE_SOCKADDR(struct sockaddr_in *, usin, msg->msg_name);
542 err = -EINVAL;
543 if (msg->msg_namelen < sizeof(*usin))
544 goto out;
545 if (usin->sin_family != AF_INET) {
546 pr_info_once("%s: %s forgot to set AF_INET. Fix it!\n",
547 __func__, current->comm);
548 err = -EAFNOSUPPORT;
549 if (usin->sin_family)
550 goto out;
551 }
552 daddr = usin->sin_addr.s_addr;
553 /* ANK: I did not forget to get protocol from port field.
554 * I just do not know, who uses this weirdness.
555 * IP_HDRINCL is much more convenient.
556 */
557 } else {
558 err = -EDESTADDRREQ;
559 if (sk->sk_state != TCP_ESTABLISHED)
560 goto out;
561 daddr = inet->inet_daddr;
562 }
563
564 ipcm_init_sk(&ipc, inet);
565
566 if (msg->msg_controllen) {
567 err = ip_cmsg_send(sk, msg, &ipc, false);
568 if (unlikely(err)) {
569 kfree(ipc.opt);
570 goto out;
571 }
572 if (ipc.opt)
573 free = 1;
574 }
575
576 saddr = ipc.addr;
577 ipc.addr = daddr;
578
579 if (!ipc.opt) {
580 struct ip_options_rcu *inet_opt;
581
582 rcu_read_lock();
583 inet_opt = rcu_dereference(inet->inet_opt);
584 if (inet_opt) {
585 memcpy(&opt_copy, inet_opt,
586 sizeof(*inet_opt) + inet_opt->opt.optlen);
587 ipc.opt = &opt_copy.opt;
588 }
589 rcu_read_unlock();
590 }
591
592 if (ipc.opt) {
593 err = -EINVAL;
594 /* Linux does not mangle headers on raw sockets,
595 * so that IP options + IP_HDRINCL is non-sense.
596 */
597 if (hdrincl)
598 goto done;
599 if (ipc.opt->opt.srr) {
600 if (!daddr)
601 goto done;
602 daddr = ipc.opt->opt.faddr;
603 }
604 }
605 tos = get_rtconn_flags(&ipc, sk);
606 if (msg->msg_flags & MSG_DONTROUTE)
607 tos |= RTO_ONLINK;
608
609 if (ipv4_is_multicast(daddr)) {
610 if (!ipc.oif || netif_index_is_l3_master(sock_net(sk), ipc.oif))
611 ipc.oif = inet->mc_index;
612 if (!saddr)
613 saddr = inet->mc_addr;
614 } else if (!ipc.oif) {
615 ipc.oif = inet->uc_index;
616 } else if (ipv4_is_lbcast(daddr) && inet->uc_index) {
617 /* oif is set, packet is to local broadcast and
618 * and uc_index is set. oif is most likely set
619 * by sk_bound_dev_if. If uc_index != oif check if the
620 * oif is an L3 master and uc_index is an L3 slave.
621 * If so, we want to allow the send using the uc_index.
622 */
623 if (ipc.oif != inet->uc_index &&
624 ipc.oif == l3mdev_master_ifindex_by_index(sock_net(sk),
625 inet->uc_index)) {
626 ipc.oif = inet->uc_index;
627 }
628 }
629
630 flowi4_init_output(&fl4, ipc.oif, sk->sk_mark, tos,
631 RT_SCOPE_UNIVERSE,
632 hdrincl ? IPPROTO_RAW : sk->sk_protocol,
633 inet_sk_flowi_flags(sk) |
634 (hdrincl ? FLOWI_FLAG_KNOWN_NH : 0),
635 daddr, saddr, 0, 0, sk->sk_uid);
636
637 if (!hdrincl) {
638 rfv.msg = msg;
639 rfv.hlen = 0;
640
641 err = raw_probe_proto_opt(&rfv, &fl4);
642 if (err)
643 goto done;
644 }
645
646 security_sk_classify_flow(sk, flowi4_to_flowi(&fl4));
647 rt = ip_route_output_flow(net, &fl4, sk);
648 if (IS_ERR(rt)) {
649 err = PTR_ERR(rt);
650 rt = NULL;
651 goto done;
652 }
653
654 err = -EACCES;
655 if (rt->rt_flags & RTCF_BROADCAST && !sock_flag(sk, SOCK_BROADCAST))
656 goto done;
657
658 if (msg->msg_flags & MSG_CONFIRM)
659 goto do_confirm;
660back_from_confirm:
661
662 if (hdrincl)
663 err = raw_send_hdrinc(sk, &fl4, msg, len,
664 &rt, msg->msg_flags, &ipc.sockc);
665
666 else {
667 if (!ipc.addr)
668 ipc.addr = fl4.daddr;
669 lock_sock(sk);
670 err = ip_append_data(sk, &fl4, raw_getfrag,
671 &rfv, len, 0,
672 &ipc, &rt, msg->msg_flags);
673 if (err)
674 ip_flush_pending_frames(sk);
675 else if (!(msg->msg_flags & MSG_MORE)) {
676 err = ip_push_pending_frames(sk, &fl4);
677 if (err == -ENOBUFS && !inet->recverr)
678 err = 0;
679 }
680 release_sock(sk);
681 }
682done:
683 if (free)
684 kfree(ipc.opt);
685 ip_rt_put(rt);
686
687out:
688 if (err < 0)
689 return err;
690 return len;
691
692do_confirm:
693 if (msg->msg_flags & MSG_PROBE)
694 dst_confirm_neigh(&rt->dst, &fl4.daddr);
695 if (!(msg->msg_flags & MSG_PROBE) || len)
696 goto back_from_confirm;
697 err = 0;
698 goto done;
699}
700
701static void raw_close(struct sock *sk, long timeout)
702{
703 /*
704 * Raw sockets may have direct kernel references. Kill them.
705 */
706 ip_ra_control(sk, 0, NULL);
707
708 sk_common_release(sk);
709}
710
711static void raw_destroy(struct sock *sk)
712{
713 lock_sock(sk);
714 ip_flush_pending_frames(sk);
715 release_sock(sk);
716}
717
718/* This gets rid of all the nasties in af_inet. -DaveM */
719static int raw_bind(struct sock *sk, struct sockaddr *uaddr, int addr_len)
720{
721 struct inet_sock *inet = inet_sk(sk);
722 struct sockaddr_in *addr = (struct sockaddr_in *) uaddr;
723 u32 tb_id = RT_TABLE_LOCAL;
724 int ret = -EINVAL;
725 int chk_addr_ret;
726
727 if (sk->sk_state != TCP_CLOSE || addr_len < sizeof(struct sockaddr_in))
728 goto out;
729
730 if (sk->sk_bound_dev_if)
731 tb_id = l3mdev_fib_table_by_index(sock_net(sk),
732 sk->sk_bound_dev_if) ? : tb_id;
733
734 chk_addr_ret = inet_addr_type_table(sock_net(sk), addr->sin_addr.s_addr,
735 tb_id);
736
737 ret = -EADDRNOTAVAIL;
738 if (addr->sin_addr.s_addr && chk_addr_ret != RTN_LOCAL &&
739 chk_addr_ret != RTN_MULTICAST && chk_addr_ret != RTN_BROADCAST)
740 goto out;
741 inet->inet_rcv_saddr = inet->inet_saddr = addr->sin_addr.s_addr;
742 if (chk_addr_ret == RTN_MULTICAST || chk_addr_ret == RTN_BROADCAST)
743 inet->inet_saddr = 0; /* Use device */
744 sk_dst_reset(sk);
745 ret = 0;
746out: return ret;
747}
748
749/*
750 * This should be easy, if there is something there
751 * we return it, otherwise we block.
752 */
753
754static int raw_recvmsg(struct sock *sk, struct msghdr *msg, size_t len,
755 int noblock, int flags, int *addr_len)
756{
757 struct inet_sock *inet = inet_sk(sk);
758 size_t copied = 0;
759 int err = -EOPNOTSUPP;
760 DECLARE_SOCKADDR(struct sockaddr_in *, sin, msg->msg_name);
761 struct sk_buff *skb;
762
763 if (flags & MSG_OOB)
764 goto out;
765
766 if (flags & MSG_ERRQUEUE) {
767 err = ip_recv_error(sk, msg, len, addr_len);
768 goto out;
769 }
770
771 skb = skb_recv_datagram(sk, flags, noblock, &err);
772 if (!skb)
773 goto out;
774
775 copied = skb->len;
776 if (len < copied) {
777 msg->msg_flags |= MSG_TRUNC;
778 copied = len;
779 }
780
781 err = skb_copy_datagram_msg(skb, 0, msg, copied);
782 if (err)
783 goto done;
784
785 sock_recv_ts_and_drops(msg, sk, skb);
786
787 /* Copy the address. */
788 if (sin) {
789 sin->sin_family = AF_INET;
790 sin->sin_addr.s_addr = ip_hdr(skb)->saddr;
791 sin->sin_port = 0;
792 memset(&sin->sin_zero, 0, sizeof(sin->sin_zero));
793 *addr_len = sizeof(*sin);
794 }
795 if (inet->cmsg_flags)
796 ip_cmsg_recv(msg, skb);
797 if (flags & MSG_TRUNC)
798 copied = skb->len;
799done:
800 skb_free_datagram(sk, skb);
801out:
802 if (err)
803 return err;
804 return copied;
805}
806
807static int raw_sk_init(struct sock *sk)
808{
809 struct raw_sock *rp = raw_sk(sk);
810
811 if (inet_sk(sk)->inet_num == IPPROTO_ICMP)
812 memset(&rp->filter, 0, sizeof(rp->filter));
813 return 0;
814}
815
816static int raw_seticmpfilter(struct sock *sk, char __user *optval, int optlen)
817{
818 if (optlen > sizeof(struct icmp_filter))
819 optlen = sizeof(struct icmp_filter);
820 if (copy_from_user(&raw_sk(sk)->filter, optval, optlen))
821 return -EFAULT;
822 return 0;
823}
824
825static int raw_geticmpfilter(struct sock *sk, char __user *optval, int __user *optlen)
826{
827 int len, ret = -EFAULT;
828
829 if (get_user(len, optlen))
830 goto out;
831 ret = -EINVAL;
832 if (len < 0)
833 goto out;
834 if (len > sizeof(struct icmp_filter))
835 len = sizeof(struct icmp_filter);
836 ret = -EFAULT;
837 if (put_user(len, optlen) ||
838 copy_to_user(optval, &raw_sk(sk)->filter, len))
839 goto out;
840 ret = 0;
841out: return ret;
842}
843
844static int do_raw_setsockopt(struct sock *sk, int level, int optname,
845 char __user *optval, unsigned int optlen)
846{
847 if (optname == ICMP_FILTER) {
848 if (inet_sk(sk)->inet_num != IPPROTO_ICMP)
849 return -EOPNOTSUPP;
850 else
851 return raw_seticmpfilter(sk, optval, optlen);
852 }
853 return -ENOPROTOOPT;
854}
855
856static int raw_setsockopt(struct sock *sk, int level, int optname,
857 char __user *optval, unsigned int optlen)
858{
859 if (level != SOL_RAW)
860 return ip_setsockopt(sk, level, optname, optval, optlen);
861 return do_raw_setsockopt(sk, level, optname, optval, optlen);
862}
863
864#ifdef CONFIG_COMPAT
865static int compat_raw_setsockopt(struct sock *sk, int level, int optname,
866 char __user *optval, unsigned int optlen)
867{
868 if (level != SOL_RAW)
869 return compat_ip_setsockopt(sk, level, optname, optval, optlen);
870 return do_raw_setsockopt(sk, level, optname, optval, optlen);
871}
872#endif
873
874static int do_raw_getsockopt(struct sock *sk, int level, int optname,
875 char __user *optval, int __user *optlen)
876{
877 if (optname == ICMP_FILTER) {
878 if (inet_sk(sk)->inet_num != IPPROTO_ICMP)
879 return -EOPNOTSUPP;
880 else
881 return raw_geticmpfilter(sk, optval, optlen);
882 }
883 return -ENOPROTOOPT;
884}
885
886static int raw_getsockopt(struct sock *sk, int level, int optname,
887 char __user *optval, int __user *optlen)
888{
889 if (level != SOL_RAW)
890 return ip_getsockopt(sk, level, optname, optval, optlen);
891 return do_raw_getsockopt(sk, level, optname, optval, optlen);
892}
893
894#ifdef CONFIG_COMPAT
895static int compat_raw_getsockopt(struct sock *sk, int level, int optname,
896 char __user *optval, int __user *optlen)
897{
898 if (level != SOL_RAW)
899 return compat_ip_getsockopt(sk, level, optname, optval, optlen);
900 return do_raw_getsockopt(sk, level, optname, optval, optlen);
901}
902#endif
903
904static int raw_ioctl(struct sock *sk, int cmd, unsigned long arg)
905{
906 switch (cmd) {
907 case SIOCOUTQ: {
908 int amount = sk_wmem_alloc_get(sk);
909
910 return put_user(amount, (int __user *)arg);
911 }
912 case SIOCINQ: {
913 struct sk_buff *skb;
914 int amount = 0;
915
916 spin_lock_bh(&sk->sk_receive_queue.lock);
917 skb = skb_peek(&sk->sk_receive_queue);
918 if (skb)
919 amount = skb->len;
920 spin_unlock_bh(&sk->sk_receive_queue.lock);
921 return put_user(amount, (int __user *)arg);
922 }
923
924 default:
925#ifdef CONFIG_IP_MROUTE
926 return ipmr_ioctl(sk, cmd, (void __user *)arg);
927#else
928 return -ENOIOCTLCMD;
929#endif
930 }
931}
932
933#ifdef CONFIG_COMPAT
934static int compat_raw_ioctl(struct sock *sk, unsigned int cmd, unsigned long arg)
935{
936 switch (cmd) {
937 case SIOCOUTQ:
938 case SIOCINQ:
939 return -ENOIOCTLCMD;
940 default:
941#ifdef CONFIG_IP_MROUTE
942 return ipmr_compat_ioctl(sk, cmd, compat_ptr(arg));
943#else
944 return -ENOIOCTLCMD;
945#endif
946 }
947}
948#endif
949
950int raw_abort(struct sock *sk, int err)
951{
952 lock_sock(sk);
953
954 sk->sk_err = err;
955 sk->sk_error_report(sk);
956 __udp_disconnect(sk, 0);
957
958 release_sock(sk);
959
960 return 0;
961}
962EXPORT_SYMBOL_GPL(raw_abort);
963
964struct proto raw_prot = {
965 .name = "RAW",
966 .owner = THIS_MODULE,
967 .close = raw_close,
968 .destroy = raw_destroy,
969 .connect = ip4_datagram_connect,
970 .disconnect = __udp_disconnect,
971 .ioctl = raw_ioctl,
972 .init = raw_sk_init,
973 .setsockopt = raw_setsockopt,
974 .getsockopt = raw_getsockopt,
975 .sendmsg = raw_sendmsg,
976 .recvmsg = raw_recvmsg,
977 .bind = raw_bind,
978 .backlog_rcv = raw_rcv_skb,
979 .release_cb = ip4_datagram_release_cb,
980 .hash = raw_hash_sk,
981 .unhash = raw_unhash_sk,
982 .obj_size = sizeof(struct raw_sock),
983 .useroffset = offsetof(struct raw_sock, filter),
984 .usersize = sizeof_field(struct raw_sock, filter),
985 .h.raw_hash = &raw_v4_hashinfo,
986#ifdef CONFIG_COMPAT
987 .compat_setsockopt = compat_raw_setsockopt,
988 .compat_getsockopt = compat_raw_getsockopt,
989 .compat_ioctl = compat_raw_ioctl,
990#endif
991 .diag_destroy = raw_abort,
992};
993
994#ifdef CONFIG_PROC_FS
995static struct sock *raw_get_first(struct seq_file *seq)
996{
997 struct sock *sk;
998 struct raw_hashinfo *h = PDE_DATA(file_inode(seq->file));
999 struct raw_iter_state *state = raw_seq_private(seq);
1000
1001 for (state->bucket = 0; state->bucket < RAW_HTABLE_SIZE;
1002 ++state->bucket) {
1003 sk_for_each(sk, &h->ht[state->bucket])
1004 if (sock_net(sk) == seq_file_net(seq))
1005 goto found;
1006 }
1007 sk = NULL;
1008found:
1009 return sk;
1010}
1011
1012static struct sock *raw_get_next(struct seq_file *seq, struct sock *sk)
1013{
1014 struct raw_hashinfo *h = PDE_DATA(file_inode(seq->file));
1015 struct raw_iter_state *state = raw_seq_private(seq);
1016
1017 do {
1018 sk = sk_next(sk);
1019try_again:
1020 ;
1021 } while (sk && sock_net(sk) != seq_file_net(seq));
1022
1023 if (!sk && ++state->bucket < RAW_HTABLE_SIZE) {
1024 sk = sk_head(&h->ht[state->bucket]);
1025 goto try_again;
1026 }
1027 return sk;
1028}
1029
1030static struct sock *raw_get_idx(struct seq_file *seq, loff_t pos)
1031{
1032 struct sock *sk = raw_get_first(seq);
1033
1034 if (sk)
1035 while (pos && (sk = raw_get_next(seq, sk)) != NULL)
1036 --pos;
1037 return pos ? NULL : sk;
1038}
1039
1040void *raw_seq_start(struct seq_file *seq, loff_t *pos)
1041{
1042 struct raw_hashinfo *h = PDE_DATA(file_inode(seq->file));
1043
1044 read_lock(&h->lock);
1045 return *pos ? raw_get_idx(seq, *pos - 1) : SEQ_START_TOKEN;
1046}
1047EXPORT_SYMBOL_GPL(raw_seq_start);
1048
1049void *raw_seq_next(struct seq_file *seq, void *v, loff_t *pos)
1050{
1051 struct sock *sk;
1052
1053 if (v == SEQ_START_TOKEN)
1054 sk = raw_get_first(seq);
1055 else
1056 sk = raw_get_next(seq, v);
1057 ++*pos;
1058 return sk;
1059}
1060EXPORT_SYMBOL_GPL(raw_seq_next);
1061
1062void raw_seq_stop(struct seq_file *seq, void *v)
1063{
1064 struct raw_hashinfo *h = PDE_DATA(file_inode(seq->file));
1065
1066 read_unlock(&h->lock);
1067}
1068EXPORT_SYMBOL_GPL(raw_seq_stop);
1069
1070static void raw_sock_seq_show(struct seq_file *seq, struct sock *sp, int i)
1071{
1072 struct inet_sock *inet = inet_sk(sp);
1073 __be32 dest = inet->inet_daddr,
1074 src = inet->inet_rcv_saddr;
1075 __u16 destp = 0,
1076 srcp = inet->inet_num;
1077
1078 seq_printf(seq, "%4d: %08X:%04X %08X:%04X"
1079 " %02X %08X:%08X %02X:%08lX %08X %5u %8d %lu %d %pK %d\n",
1080 i, src, srcp, dest, destp, sp->sk_state,
1081 sk_wmem_alloc_get(sp),
1082 sk_rmem_alloc_get(sp),
1083 0, 0L, 0,
1084 from_kuid_munged(seq_user_ns(seq), sock_i_uid(sp)),
1085 0, sock_i_ino(sp),
1086 refcount_read(&sp->sk_refcnt), sp, atomic_read(&sp->sk_drops));
1087}
1088
1089static int raw_seq_show(struct seq_file *seq, void *v)
1090{
1091 if (v == SEQ_START_TOKEN)
1092 seq_printf(seq, " sl local_address rem_address st tx_queue "
1093 "rx_queue tr tm->when retrnsmt uid timeout "
1094 "inode ref pointer drops\n");
1095 else
1096 raw_sock_seq_show(seq, v, raw_seq_private(seq)->bucket);
1097 return 0;
1098}
1099
1100static const struct seq_operations raw_seq_ops = {
1101 .start = raw_seq_start,
1102 .next = raw_seq_next,
1103 .stop = raw_seq_stop,
1104 .show = raw_seq_show,
1105};
1106
1107static __net_init int raw_init_net(struct net *net)
1108{
1109 if (!proc_create_net_data("raw", 0444, net->proc_net, &raw_seq_ops,
1110 sizeof(struct raw_iter_state), &raw_v4_hashinfo))
1111 return -ENOMEM;
1112
1113 return 0;
1114}
1115
1116static __net_exit void raw_exit_net(struct net *net)
1117{
1118 remove_proc_entry("raw", net->proc_net);
1119}
1120
1121static __net_initdata struct pernet_operations raw_net_ops = {
1122 .init = raw_init_net,
1123 .exit = raw_exit_net,
1124};
1125
1126int __init raw_proc_init(void)
1127{
1128 return register_pernet_subsys(&raw_net_ops);
1129}
1130
1131void __init raw_proc_exit(void)
1132{
1133 unregister_pernet_subsys(&raw_net_ops);
1134}
1135#endif /* CONFIG_PROC_FS */
1136
1137static void raw_sysctl_init_net(struct net *net)
1138{
1139#ifdef CONFIG_NET_L3_MASTER_DEV
1140 net->ipv4.sysctl_raw_l3mdev_accept = 1;
1141#endif
1142}
1143
1144static int __net_init raw_sysctl_init(struct net *net)
1145{
1146 raw_sysctl_init_net(net);
1147 return 0;
1148}
1149
1150static struct pernet_operations __net_initdata raw_sysctl_ops = {
1151 .init = raw_sysctl_init,
1152};
1153
1154void __init raw_init(void)
1155{
1156 raw_sysctl_init_net(&init_net);
1157 if (register_pernet_subsys(&raw_sysctl_ops))
1158 panic("RAW: failed to init sysctl parameters.\n");
1159}
1160