This source file includes following definitions.
- ping_hashfn
- ping_hashslot
- ping_get_port
- ping_hash
- ping_unhash
- ping_lookup
- inet_get_ping_group_range_net
- ping_init_sock
- ping_close
- ping_check_bind_addr
- ping_set_saddr
- ping_clear_saddr
- ping_bind
- ping_supported
- ping_err
- ping_getfrag
- ping_v4_push_pending_frames
- ping_common_sendmsg
- ping_v4_sendmsg
- ping_recvmsg
- ping_queue_rcv_skb
- ping_rcv
- ping_get_first
- ping_get_next
- ping_get_idx
- ping_seq_start
- ping_v4_seq_start
- ping_seq_next
- ping_seq_stop
- ping_v4_format_sock
- ping_v4_seq_show
- ping_v4_proc_init_net
- ping_v4_proc_exit_net
- ping_proc_init
- ping_proc_exit
- ping_init
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18 #include <linux/uaccess.h>
19 #include <linux/types.h>
20 #include <linux/fcntl.h>
21 #include <linux/socket.h>
22 #include <linux/sockios.h>
23 #include <linux/in.h>
24 #include <linux/errno.h>
25 #include <linux/timer.h>
26 #include <linux/mm.h>
27 #include <linux/inet.h>
28 #include <linux/netdevice.h>
29 #include <net/snmp.h>
30 #include <net/ip.h>
31 #include <net/icmp.h>
32 #include <net/protocol.h>
33 #include <linux/skbuff.h>
34 #include <linux/proc_fs.h>
35 #include <linux/export.h>
36 #include <net/sock.h>
37 #include <net/ping.h>
38 #include <net/udp.h>
39 #include <net/route.h>
40 #include <net/inet_common.h>
41 #include <net/checksum.h>
42
43 #if IS_ENABLED(CONFIG_IPV6)
44 #include <linux/in6.h>
45 #include <linux/icmpv6.h>
46 #include <net/addrconf.h>
47 #include <net/ipv6.h>
48 #include <net/transp_v6.h>
49 #endif
50
51 struct ping_table {
52 struct hlist_nulls_head hash[PING_HTABLE_SIZE];
53 rwlock_t lock;
54 };
55
56 static struct ping_table ping_table;
57 struct pingv6_ops pingv6_ops;
58 EXPORT_SYMBOL_GPL(pingv6_ops);
59
60 static u16 ping_port_rover;
61
62 static inline u32 ping_hashfn(const struct net *net, u32 num, u32 mask)
63 {
64 u32 res = (num + net_hash_mix(net)) & mask;
65
66 pr_debug("hash(%u) = %u\n", num, res);
67 return res;
68 }
69 EXPORT_SYMBOL_GPL(ping_hash);
70
71 static inline struct hlist_nulls_head *ping_hashslot(struct ping_table *table,
72 struct net *net, unsigned int num)
73 {
74 return &table->hash[ping_hashfn(net, num, PING_HTABLE_MASK)];
75 }
76
77 int ping_get_port(struct sock *sk, unsigned short ident)
78 {
79 struct hlist_nulls_node *node;
80 struct hlist_nulls_head *hlist;
81 struct inet_sock *isk, *isk2;
82 struct sock *sk2 = NULL;
83
84 isk = inet_sk(sk);
85 write_lock_bh(&ping_table.lock);
86 if (ident == 0) {
87 u32 i;
88 u16 result = ping_port_rover + 1;
89
90 for (i = 0; i < (1L << 16); i++, result++) {
91 if (!result)
92 result++;
93 hlist = ping_hashslot(&ping_table, sock_net(sk),
94 result);
95 ping_portaddr_for_each_entry(sk2, node, hlist) {
96 isk2 = inet_sk(sk2);
97
98 if (isk2->inet_num == result)
99 goto next_port;
100 }
101
102
103 ping_port_rover = ident = result;
104 break;
105 next_port:
106 ;
107 }
108 if (i >= (1L << 16))
109 goto fail;
110 } else {
111 hlist = ping_hashslot(&ping_table, sock_net(sk), ident);
112 ping_portaddr_for_each_entry(sk2, node, hlist) {
113 isk2 = inet_sk(sk2);
114
115
116
117
118
119 if ((isk2->inet_num == ident) &&
120 (sk2 != sk) &&
121 (!sk2->sk_reuse || !sk->sk_reuse))
122 goto fail;
123 }
124 }
125
126 pr_debug("found port/ident = %d\n", ident);
127 isk->inet_num = ident;
128 if (sk_unhashed(sk)) {
129 pr_debug("was not hashed\n");
130 sock_hold(sk);
131 hlist_nulls_add_head(&sk->sk_nulls_node, hlist);
132 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1);
133 }
134 write_unlock_bh(&ping_table.lock);
135 return 0;
136
137 fail:
138 write_unlock_bh(&ping_table.lock);
139 return 1;
140 }
141 EXPORT_SYMBOL_GPL(ping_get_port);
142
143 int ping_hash(struct sock *sk)
144 {
145 pr_debug("ping_hash(sk->port=%u)\n", inet_sk(sk)->inet_num);
146 BUG();
147
148 return 0;
149 }
150
151 void ping_unhash(struct sock *sk)
152 {
153 struct inet_sock *isk = inet_sk(sk);
154
155 pr_debug("ping_unhash(isk=%p,isk->num=%u)\n", isk, isk->inet_num);
156 write_lock_bh(&ping_table.lock);
157 if (sk_hashed(sk)) {
158 hlist_nulls_del(&sk->sk_nulls_node);
159 sk_nulls_node_init(&sk->sk_nulls_node);
160 sock_put(sk);
161 isk->inet_num = 0;
162 isk->inet_sport = 0;
163 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, -1);
164 }
165 write_unlock_bh(&ping_table.lock);
166 }
167 EXPORT_SYMBOL_GPL(ping_unhash);
168
169 static struct sock *ping_lookup(struct net *net, struct sk_buff *skb, u16 ident)
170 {
171 struct hlist_nulls_head *hslot = ping_hashslot(&ping_table, net, ident);
172 struct sock *sk = NULL;
173 struct inet_sock *isk;
174 struct hlist_nulls_node *hnode;
175 int dif = skb->dev->ifindex;
176
177 if (skb->protocol == htons(ETH_P_IP)) {
178 pr_debug("try to find: num = %d, daddr = %pI4, dif = %d\n",
179 (int)ident, &ip_hdr(skb)->daddr, dif);
180 #if IS_ENABLED(CONFIG_IPV6)
181 } else if (skb->protocol == htons(ETH_P_IPV6)) {
182 pr_debug("try to find: num = %d, daddr = %pI6c, dif = %d\n",
183 (int)ident, &ipv6_hdr(skb)->daddr, dif);
184 #endif
185 }
186
187 read_lock_bh(&ping_table.lock);
188
189 ping_portaddr_for_each_entry(sk, hnode, hslot) {
190 isk = inet_sk(sk);
191
192 pr_debug("iterate\n");
193 if (isk->inet_num != ident)
194 continue;
195
196 if (skb->protocol == htons(ETH_P_IP) &&
197 sk->sk_family == AF_INET) {
198 pr_debug("found: %p: num=%d, daddr=%pI4, dif=%d\n", sk,
199 (int) isk->inet_num, &isk->inet_rcv_saddr,
200 sk->sk_bound_dev_if);
201
202 if (isk->inet_rcv_saddr &&
203 isk->inet_rcv_saddr != ip_hdr(skb)->daddr)
204 continue;
205 #if IS_ENABLED(CONFIG_IPV6)
206 } else if (skb->protocol == htons(ETH_P_IPV6) &&
207 sk->sk_family == AF_INET6) {
208
209 pr_debug("found: %p: num=%d, daddr=%pI6c, dif=%d\n", sk,
210 (int) isk->inet_num,
211 &sk->sk_v6_rcv_saddr,
212 sk->sk_bound_dev_if);
213
214 if (!ipv6_addr_any(&sk->sk_v6_rcv_saddr) &&
215 !ipv6_addr_equal(&sk->sk_v6_rcv_saddr,
216 &ipv6_hdr(skb)->daddr))
217 continue;
218 #endif
219 } else {
220 continue;
221 }
222
223 if (sk->sk_bound_dev_if && sk->sk_bound_dev_if != dif)
224 continue;
225
226 sock_hold(sk);
227 goto exit;
228 }
229
230 sk = NULL;
231 exit:
232 read_unlock_bh(&ping_table.lock);
233
234 return sk;
235 }
236
237 static void inet_get_ping_group_range_net(struct net *net, kgid_t *low,
238 kgid_t *high)
239 {
240 kgid_t *data = net->ipv4.ping_group_range.range;
241 unsigned int seq;
242
243 do {
244 seq = read_seqbegin(&net->ipv4.ping_group_range.lock);
245
246 *low = data[0];
247 *high = data[1];
248 } while (read_seqretry(&net->ipv4.ping_group_range.lock, seq));
249 }
250
251
252 int ping_init_sock(struct sock *sk)
253 {
254 struct net *net = sock_net(sk);
255 kgid_t group = current_egid();
256 struct group_info *group_info;
257 int i;
258 kgid_t low, high;
259 int ret = 0;
260
261 if (sk->sk_family == AF_INET6)
262 sk->sk_ipv6only = 1;
263
264 inet_get_ping_group_range_net(net, &low, &high);
265 if (gid_lte(low, group) && gid_lte(group, high))
266 return 0;
267
268 group_info = get_current_groups();
269 for (i = 0; i < group_info->ngroups; i++) {
270 kgid_t gid = group_info->gid[i];
271
272 if (gid_lte(low, gid) && gid_lte(gid, high))
273 goto out_release_group;
274 }
275
276 ret = -EACCES;
277
278 out_release_group:
279 put_group_info(group_info);
280 return ret;
281 }
282 EXPORT_SYMBOL_GPL(ping_init_sock);
283
284 void ping_close(struct sock *sk, long timeout)
285 {
286 pr_debug("ping_close(sk=%p,sk->num=%u)\n",
287 inet_sk(sk), inet_sk(sk)->inet_num);
288 pr_debug("isk->refcnt = %d\n", refcount_read(&sk->sk_refcnt));
289
290 sk_common_release(sk);
291 }
292 EXPORT_SYMBOL_GPL(ping_close);
293
294
295 static int ping_check_bind_addr(struct sock *sk, struct inet_sock *isk,
296 struct sockaddr *uaddr, int addr_len) {
297 struct net *net = sock_net(sk);
298 if (sk->sk_family == AF_INET) {
299 struct sockaddr_in *addr = (struct sockaddr_in *) uaddr;
300 int chk_addr_ret;
301
302 if (addr_len < sizeof(*addr))
303 return -EINVAL;
304
305 if (addr->sin_family != AF_INET &&
306 !(addr->sin_family == AF_UNSPEC &&
307 addr->sin_addr.s_addr == htonl(INADDR_ANY)))
308 return -EAFNOSUPPORT;
309
310 pr_debug("ping_check_bind_addr(sk=%p,addr=%pI4,port=%d)\n",
311 sk, &addr->sin_addr.s_addr, ntohs(addr->sin_port));
312
313 chk_addr_ret = inet_addr_type(net, addr->sin_addr.s_addr);
314
315 if (addr->sin_addr.s_addr == htonl(INADDR_ANY))
316 chk_addr_ret = RTN_LOCAL;
317
318 if ((!inet_can_nonlocal_bind(net, isk) &&
319 chk_addr_ret != RTN_LOCAL) ||
320 chk_addr_ret == RTN_MULTICAST ||
321 chk_addr_ret == RTN_BROADCAST)
322 return -EADDRNOTAVAIL;
323
324 #if IS_ENABLED(CONFIG_IPV6)
325 } else if (sk->sk_family == AF_INET6) {
326 struct sockaddr_in6 *addr = (struct sockaddr_in6 *) uaddr;
327 int addr_type, scoped, has_addr;
328 struct net_device *dev = NULL;
329
330 if (addr_len < sizeof(*addr))
331 return -EINVAL;
332
333 if (addr->sin6_family != AF_INET6)
334 return -EAFNOSUPPORT;
335
336 pr_debug("ping_check_bind_addr(sk=%p,addr=%pI6c,port=%d)\n",
337 sk, addr->sin6_addr.s6_addr, ntohs(addr->sin6_port));
338
339 addr_type = ipv6_addr_type(&addr->sin6_addr);
340 scoped = __ipv6_addr_needs_scope_id(addr_type);
341 if ((addr_type != IPV6_ADDR_ANY &&
342 !(addr_type & IPV6_ADDR_UNICAST)) ||
343 (scoped && !addr->sin6_scope_id))
344 return -EINVAL;
345
346 rcu_read_lock();
347 if (addr->sin6_scope_id) {
348 dev = dev_get_by_index_rcu(net, addr->sin6_scope_id);
349 if (!dev) {
350 rcu_read_unlock();
351 return -ENODEV;
352 }
353 }
354 has_addr = pingv6_ops.ipv6_chk_addr(net, &addr->sin6_addr, dev,
355 scoped);
356 rcu_read_unlock();
357
358 if (!(ipv6_can_nonlocal_bind(net, isk) || has_addr ||
359 addr_type == IPV6_ADDR_ANY))
360 return -EADDRNOTAVAIL;
361
362 if (scoped)
363 sk->sk_bound_dev_if = addr->sin6_scope_id;
364 #endif
365 } else {
366 return -EAFNOSUPPORT;
367 }
368 return 0;
369 }
370
371 static void ping_set_saddr(struct sock *sk, struct sockaddr *saddr)
372 {
373 if (saddr->sa_family == AF_INET) {
374 struct inet_sock *isk = inet_sk(sk);
375 struct sockaddr_in *addr = (struct sockaddr_in *) saddr;
376 isk->inet_rcv_saddr = isk->inet_saddr = addr->sin_addr.s_addr;
377 #if IS_ENABLED(CONFIG_IPV6)
378 } else if (saddr->sa_family == AF_INET6) {
379 struct sockaddr_in6 *addr = (struct sockaddr_in6 *) saddr;
380 struct ipv6_pinfo *np = inet6_sk(sk);
381 sk->sk_v6_rcv_saddr = np->saddr = addr->sin6_addr;
382 #endif
383 }
384 }
385
386 static void ping_clear_saddr(struct sock *sk, int dif)
387 {
388 sk->sk_bound_dev_if = dif;
389 if (sk->sk_family == AF_INET) {
390 struct inet_sock *isk = inet_sk(sk);
391 isk->inet_rcv_saddr = isk->inet_saddr = 0;
392 #if IS_ENABLED(CONFIG_IPV6)
393 } else if (sk->sk_family == AF_INET6) {
394 struct ipv6_pinfo *np = inet6_sk(sk);
395 memset(&sk->sk_v6_rcv_saddr, 0, sizeof(sk->sk_v6_rcv_saddr));
396 memset(&np->saddr, 0, sizeof(np->saddr));
397 #endif
398 }
399 }
400
401
402
403
404
405 int ping_bind(struct sock *sk, struct sockaddr *uaddr, int addr_len)
406 {
407 struct inet_sock *isk = inet_sk(sk);
408 unsigned short snum;
409 int err;
410 int dif = sk->sk_bound_dev_if;
411
412 err = ping_check_bind_addr(sk, isk, uaddr, addr_len);
413 if (err)
414 return err;
415
416 lock_sock(sk);
417
418 err = -EINVAL;
419 if (isk->inet_num != 0)
420 goto out;
421
422 err = -EADDRINUSE;
423 ping_set_saddr(sk, uaddr);
424 snum = ntohs(((struct sockaddr_in *)uaddr)->sin_port);
425 if (ping_get_port(sk, snum) != 0) {
426 ping_clear_saddr(sk, dif);
427 goto out;
428 }
429
430 pr_debug("after bind(): num = %hu, dif = %d\n",
431 isk->inet_num,
432 sk->sk_bound_dev_if);
433
434 err = 0;
435 if (sk->sk_family == AF_INET && isk->inet_rcv_saddr)
436 sk->sk_userlocks |= SOCK_BINDADDR_LOCK;
437 #if IS_ENABLED(CONFIG_IPV6)
438 if (sk->sk_family == AF_INET6 && !ipv6_addr_any(&sk->sk_v6_rcv_saddr))
439 sk->sk_userlocks |= SOCK_BINDADDR_LOCK;
440 #endif
441
442 if (snum)
443 sk->sk_userlocks |= SOCK_BINDPORT_LOCK;
444 isk->inet_sport = htons(isk->inet_num);
445 isk->inet_daddr = 0;
446 isk->inet_dport = 0;
447
448 #if IS_ENABLED(CONFIG_IPV6)
449 if (sk->sk_family == AF_INET6)
450 memset(&sk->sk_v6_daddr, 0, sizeof(sk->sk_v6_daddr));
451 #endif
452
453 sk_dst_reset(sk);
454 out:
455 release_sock(sk);
456 pr_debug("ping_v4_bind -> %d\n", err);
457 return err;
458 }
459 EXPORT_SYMBOL_GPL(ping_bind);
460
461
462
463
464
465 static inline int ping_supported(int family, int type, int code)
466 {
467 return (family == AF_INET && type == ICMP_ECHO && code == 0) ||
468 (family == AF_INET6 && type == ICMPV6_ECHO_REQUEST && code == 0);
469 }
470
471
472
473
474
475
476 void ping_err(struct sk_buff *skb, int offset, u32 info)
477 {
478 int family;
479 struct icmphdr *icmph;
480 struct inet_sock *inet_sock;
481 int type;
482 int code;
483 struct net *net = dev_net(skb->dev);
484 struct sock *sk;
485 int harderr;
486 int err;
487
488 if (skb->protocol == htons(ETH_P_IP)) {
489 family = AF_INET;
490 type = icmp_hdr(skb)->type;
491 code = icmp_hdr(skb)->code;
492 icmph = (struct icmphdr *)(skb->data + offset);
493 } else if (skb->protocol == htons(ETH_P_IPV6)) {
494 family = AF_INET6;
495 type = icmp6_hdr(skb)->icmp6_type;
496 code = icmp6_hdr(skb)->icmp6_code;
497 icmph = (struct icmphdr *) (skb->data + offset);
498 } else {
499 BUG();
500 }
501
502
503
504 if (!ping_supported(family, icmph->type, icmph->code))
505 return;
506
507 pr_debug("ping_err(proto=0x%x,type=%d,code=%d,id=%04x,seq=%04x)\n",
508 skb->protocol, type, code, ntohs(icmph->un.echo.id),
509 ntohs(icmph->un.echo.sequence));
510
511 sk = ping_lookup(net, skb, ntohs(icmph->un.echo.id));
512 if (!sk) {
513 pr_debug("no socket, dropping\n");
514 return;
515 }
516 pr_debug("err on socket %p\n", sk);
517
518 err = 0;
519 harderr = 0;
520 inet_sock = inet_sk(sk);
521
522 if (skb->protocol == htons(ETH_P_IP)) {
523 switch (type) {
524 default:
525 case ICMP_TIME_EXCEEDED:
526 err = EHOSTUNREACH;
527 break;
528 case ICMP_SOURCE_QUENCH:
529
530
531
532 err = EREMOTEIO;
533 break;
534 case ICMP_PARAMETERPROB:
535 err = EPROTO;
536 harderr = 1;
537 break;
538 case ICMP_DEST_UNREACH:
539 if (code == ICMP_FRAG_NEEDED) {
540 ipv4_sk_update_pmtu(skb, sk, info);
541 if (inet_sock->pmtudisc != IP_PMTUDISC_DONT) {
542 err = EMSGSIZE;
543 harderr = 1;
544 break;
545 }
546 goto out;
547 }
548 err = EHOSTUNREACH;
549 if (code <= NR_ICMP_UNREACH) {
550 harderr = icmp_err_convert[code].fatal;
551 err = icmp_err_convert[code].errno;
552 }
553 break;
554 case ICMP_REDIRECT:
555
556 ipv4_sk_redirect(skb, sk);
557 err = EREMOTEIO;
558 break;
559 }
560 #if IS_ENABLED(CONFIG_IPV6)
561 } else if (skb->protocol == htons(ETH_P_IPV6)) {
562 harderr = pingv6_ops.icmpv6_err_convert(type, code, &err);
563 #endif
564 }
565
566
567
568
569
570 if ((family == AF_INET && !inet_sock->recverr) ||
571 (family == AF_INET6 && !inet6_sk(sk)->recverr)) {
572 if (!harderr || sk->sk_state != TCP_ESTABLISHED)
573 goto out;
574 } else {
575 if (family == AF_INET) {
576 ip_icmp_error(sk, skb, err, 0 ,
577 info, (u8 *)icmph);
578 #if IS_ENABLED(CONFIG_IPV6)
579 } else if (family == AF_INET6) {
580 pingv6_ops.ipv6_icmp_error(sk, skb, err, 0,
581 info, (u8 *)icmph);
582 #endif
583 }
584 }
585 sk->sk_err = err;
586 sk->sk_error_report(sk);
587 out:
588 sock_put(sk);
589 }
590 EXPORT_SYMBOL_GPL(ping_err);
591
592
593
594
595
596
597 int ping_getfrag(void *from, char *to,
598 int offset, int fraglen, int odd, struct sk_buff *skb)
599 {
600 struct pingfakehdr *pfh = (struct pingfakehdr *)from;
601
602 if (offset == 0) {
603 fraglen -= sizeof(struct icmphdr);
604 if (fraglen < 0)
605 BUG();
606 if (!csum_and_copy_from_iter_full(to + sizeof(struct icmphdr),
607 fraglen, &pfh->wcheck,
608 &pfh->msg->msg_iter))
609 return -EFAULT;
610 } else if (offset < sizeof(struct icmphdr)) {
611 BUG();
612 } else {
613 if (!csum_and_copy_from_iter_full(to, fraglen, &pfh->wcheck,
614 &pfh->msg->msg_iter))
615 return -EFAULT;
616 }
617
618 #if IS_ENABLED(CONFIG_IPV6)
619
620
621
622
623 if (pfh->family == AF_INET6) {
624 skb->csum = pfh->wcheck;
625 skb->ip_summed = CHECKSUM_NONE;
626 pfh->wcheck = 0;
627 }
628 #endif
629
630 return 0;
631 }
632 EXPORT_SYMBOL_GPL(ping_getfrag);
633
634 static int ping_v4_push_pending_frames(struct sock *sk, struct pingfakehdr *pfh,
635 struct flowi4 *fl4)
636 {
637 struct sk_buff *skb = skb_peek(&sk->sk_write_queue);
638
639 if (!skb)
640 return 0;
641 pfh->wcheck = csum_partial((char *)&pfh->icmph,
642 sizeof(struct icmphdr), pfh->wcheck);
643 pfh->icmph.checksum = csum_fold(pfh->wcheck);
644 memcpy(icmp_hdr(skb), &pfh->icmph, sizeof(struct icmphdr));
645 skb->ip_summed = CHECKSUM_NONE;
646 return ip_push_pending_frames(sk, fl4);
647 }
648
649 int ping_common_sendmsg(int family, struct msghdr *msg, size_t len,
650 void *user_icmph, size_t icmph_len) {
651 u8 type, code;
652
653 if (len > 0xFFFF)
654 return -EMSGSIZE;
655
656
657 if (len < icmph_len)
658 return -EINVAL;
659
660
661
662
663
664
665 if (msg->msg_flags & MSG_OOB)
666 return -EOPNOTSUPP;
667
668
669
670
671
672 if (memcpy_from_msg(user_icmph, msg, icmph_len))
673 return -EFAULT;
674
675 if (family == AF_INET) {
676 type = ((struct icmphdr *) user_icmph)->type;
677 code = ((struct icmphdr *) user_icmph)->code;
678 #if IS_ENABLED(CONFIG_IPV6)
679 } else if (family == AF_INET6) {
680 type = ((struct icmp6hdr *) user_icmph)->icmp6_type;
681 code = ((struct icmp6hdr *) user_icmph)->icmp6_code;
682 #endif
683 } else {
684 BUG();
685 }
686
687 if (!ping_supported(family, type, code))
688 return -EINVAL;
689
690 return 0;
691 }
692 EXPORT_SYMBOL_GPL(ping_common_sendmsg);
693
694 static int ping_v4_sendmsg(struct sock *sk, struct msghdr *msg, size_t len)
695 {
696 struct net *net = sock_net(sk);
697 struct flowi4 fl4;
698 struct inet_sock *inet = inet_sk(sk);
699 struct ipcm_cookie ipc;
700 struct icmphdr user_icmph;
701 struct pingfakehdr pfh;
702 struct rtable *rt = NULL;
703 struct ip_options_data opt_copy;
704 int free = 0;
705 __be32 saddr, daddr, faddr;
706 u8 tos;
707 int err;
708
709 pr_debug("ping_v4_sendmsg(sk=%p,sk->num=%u)\n", inet, inet->inet_num);
710
711 err = ping_common_sendmsg(AF_INET, msg, len, &user_icmph,
712 sizeof(user_icmph));
713 if (err)
714 return err;
715
716
717
718
719
720 if (msg->msg_name) {
721 DECLARE_SOCKADDR(struct sockaddr_in *, usin, msg->msg_name);
722 if (msg->msg_namelen < sizeof(*usin))
723 return -EINVAL;
724 if (usin->sin_family != AF_INET)
725 return -EAFNOSUPPORT;
726 daddr = usin->sin_addr.s_addr;
727
728 } else {
729 if (sk->sk_state != TCP_ESTABLISHED)
730 return -EDESTADDRREQ;
731 daddr = inet->inet_daddr;
732
733 }
734
735 ipcm_init_sk(&ipc, inet);
736
737 if (msg->msg_controllen) {
738 err = ip_cmsg_send(sk, msg, &ipc, false);
739 if (unlikely(err)) {
740 kfree(ipc.opt);
741 return err;
742 }
743 if (ipc.opt)
744 free = 1;
745 }
746 if (!ipc.opt) {
747 struct ip_options_rcu *inet_opt;
748
749 rcu_read_lock();
750 inet_opt = rcu_dereference(inet->inet_opt);
751 if (inet_opt) {
752 memcpy(&opt_copy, inet_opt,
753 sizeof(*inet_opt) + inet_opt->opt.optlen);
754 ipc.opt = &opt_copy.opt;
755 }
756 rcu_read_unlock();
757 }
758
759 saddr = ipc.addr;
760 ipc.addr = faddr = daddr;
761
762 if (ipc.opt && ipc.opt->opt.srr) {
763 if (!daddr) {
764 err = -EINVAL;
765 goto out_free;
766 }
767 faddr = ipc.opt->opt.faddr;
768 }
769 tos = get_rttos(&ipc, inet);
770 if (sock_flag(sk, SOCK_LOCALROUTE) ||
771 (msg->msg_flags & MSG_DONTROUTE) ||
772 (ipc.opt && ipc.opt->opt.is_strictroute)) {
773 tos |= RTO_ONLINK;
774 }
775
776 if (ipv4_is_multicast(daddr)) {
777 if (!ipc.oif || netif_index_is_l3_master(sock_net(sk), ipc.oif))
778 ipc.oif = inet->mc_index;
779 if (!saddr)
780 saddr = inet->mc_addr;
781 } else if (!ipc.oif)
782 ipc.oif = inet->uc_index;
783
784 flowi4_init_output(&fl4, ipc.oif, ipc.sockc.mark, tos,
785 RT_SCOPE_UNIVERSE, sk->sk_protocol,
786 inet_sk_flowi_flags(sk), faddr, saddr, 0, 0,
787 sk->sk_uid);
788
789 security_sk_classify_flow(sk, flowi4_to_flowi(&fl4));
790 rt = ip_route_output_flow(net, &fl4, sk);
791 if (IS_ERR(rt)) {
792 err = PTR_ERR(rt);
793 rt = NULL;
794 if (err == -ENETUNREACH)
795 IP_INC_STATS(net, IPSTATS_MIB_OUTNOROUTES);
796 goto out;
797 }
798
799 err = -EACCES;
800 if ((rt->rt_flags & RTCF_BROADCAST) &&
801 !sock_flag(sk, SOCK_BROADCAST))
802 goto out;
803
804 if (msg->msg_flags & MSG_CONFIRM)
805 goto do_confirm;
806 back_from_confirm:
807
808 if (!ipc.addr)
809 ipc.addr = fl4.daddr;
810
811 lock_sock(sk);
812
813 pfh.icmph.type = user_icmph.type;
814 pfh.icmph.code = user_icmph.code;
815 pfh.icmph.checksum = 0;
816 pfh.icmph.un.echo.id = inet->inet_sport;
817 pfh.icmph.un.echo.sequence = user_icmph.un.echo.sequence;
818 pfh.msg = msg;
819 pfh.wcheck = 0;
820 pfh.family = AF_INET;
821
822 err = ip_append_data(sk, &fl4, ping_getfrag, &pfh, len,
823 0, &ipc, &rt, msg->msg_flags);
824 if (err)
825 ip_flush_pending_frames(sk);
826 else
827 err = ping_v4_push_pending_frames(sk, &pfh, &fl4);
828 release_sock(sk);
829
830 out:
831 ip_rt_put(rt);
832 out_free:
833 if (free)
834 kfree(ipc.opt);
835 if (!err) {
836 icmp_out_count(sock_net(sk), user_icmph.type);
837 return len;
838 }
839 return err;
840
841 do_confirm:
842 if (msg->msg_flags & MSG_PROBE)
843 dst_confirm_neigh(&rt->dst, &fl4.daddr);
844 if (!(msg->msg_flags & MSG_PROBE) || len)
845 goto back_from_confirm;
846 err = 0;
847 goto out;
848 }
849
850 int ping_recvmsg(struct sock *sk, struct msghdr *msg, size_t len, int noblock,
851 int flags, int *addr_len)
852 {
853 struct inet_sock *isk = inet_sk(sk);
854 int family = sk->sk_family;
855 struct sk_buff *skb;
856 int copied, err;
857
858 pr_debug("ping_recvmsg(sk=%p,sk->num=%u)\n", isk, isk->inet_num);
859
860 err = -EOPNOTSUPP;
861 if (flags & MSG_OOB)
862 goto out;
863
864 if (flags & MSG_ERRQUEUE)
865 return inet_recv_error(sk, msg, len, addr_len);
866
867 skb = skb_recv_datagram(sk, flags, noblock, &err);
868 if (!skb)
869 goto out;
870
871 copied = skb->len;
872 if (copied > len) {
873 msg->msg_flags |= MSG_TRUNC;
874 copied = len;
875 }
876
877
878 err = skb_copy_datagram_msg(skb, 0, msg, copied);
879 if (err)
880 goto done;
881
882 sock_recv_timestamp(msg, sk, skb);
883
884
885 if (family == AF_INET) {
886 DECLARE_SOCKADDR(struct sockaddr_in *, sin, msg->msg_name);
887
888 if (sin) {
889 sin->sin_family = AF_INET;
890 sin->sin_port = 0 ;
891 sin->sin_addr.s_addr = ip_hdr(skb)->saddr;
892 memset(sin->sin_zero, 0, sizeof(sin->sin_zero));
893 *addr_len = sizeof(*sin);
894 }
895
896 if (isk->cmsg_flags)
897 ip_cmsg_recv(msg, skb);
898
899 #if IS_ENABLED(CONFIG_IPV6)
900 } else if (family == AF_INET6) {
901 struct ipv6_pinfo *np = inet6_sk(sk);
902 struct ipv6hdr *ip6 = ipv6_hdr(skb);
903 DECLARE_SOCKADDR(struct sockaddr_in6 *, sin6, msg->msg_name);
904
905 if (sin6) {
906 sin6->sin6_family = AF_INET6;
907 sin6->sin6_port = 0;
908 sin6->sin6_addr = ip6->saddr;
909 sin6->sin6_flowinfo = 0;
910 if (np->sndflow)
911 sin6->sin6_flowinfo = ip6_flowinfo(ip6);
912 sin6->sin6_scope_id =
913 ipv6_iface_scope_id(&sin6->sin6_addr,
914 inet6_iif(skb));
915 *addr_len = sizeof(*sin6);
916 }
917
918 if (inet6_sk(sk)->rxopt.all)
919 pingv6_ops.ip6_datagram_recv_common_ctl(sk, msg, skb);
920 if (skb->protocol == htons(ETH_P_IPV6) &&
921 inet6_sk(sk)->rxopt.all)
922 pingv6_ops.ip6_datagram_recv_specific_ctl(sk, msg, skb);
923 else if (skb->protocol == htons(ETH_P_IP) && isk->cmsg_flags)
924 ip_cmsg_recv(msg, skb);
925 #endif
926 } else {
927 BUG();
928 }
929
930 err = copied;
931
932 done:
933 skb_free_datagram(sk, skb);
934 out:
935 pr_debug("ping_recvmsg -> %d\n", err);
936 return err;
937 }
938 EXPORT_SYMBOL_GPL(ping_recvmsg);
939
940 int ping_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
941 {
942 pr_debug("ping_queue_rcv_skb(sk=%p,sk->num=%d,skb=%p)\n",
943 inet_sk(sk), inet_sk(sk)->inet_num, skb);
944 if (sock_queue_rcv_skb(sk, skb) < 0) {
945 kfree_skb(skb);
946 pr_debug("ping_queue_rcv_skb -> failed\n");
947 return -1;
948 }
949 return 0;
950 }
951 EXPORT_SYMBOL_GPL(ping_queue_rcv_skb);
952
953
954
955
956
957
958 bool ping_rcv(struct sk_buff *skb)
959 {
960 struct sock *sk;
961 struct net *net = dev_net(skb->dev);
962 struct icmphdr *icmph = icmp_hdr(skb);
963
964
965
966 pr_debug("ping_rcv(skb=%p,id=%04x,seq=%04x)\n",
967 skb, ntohs(icmph->un.echo.id), ntohs(icmph->un.echo.sequence));
968
969
970 skb_push(skb, skb->data - (u8 *)icmph);
971
972 sk = ping_lookup(net, skb, ntohs(icmph->un.echo.id));
973 if (sk) {
974 struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC);
975
976 pr_debug("rcv on socket %p\n", sk);
977 if (skb2)
978 ping_queue_rcv_skb(sk, skb2);
979 sock_put(sk);
980 return true;
981 }
982 pr_debug("no socket, dropping\n");
983
984 return false;
985 }
986 EXPORT_SYMBOL_GPL(ping_rcv);
987
988 struct proto ping_prot = {
989 .name = "PING",
990 .owner = THIS_MODULE,
991 .init = ping_init_sock,
992 .close = ping_close,
993 .connect = ip4_datagram_connect,
994 .disconnect = __udp_disconnect,
995 .setsockopt = ip_setsockopt,
996 .getsockopt = ip_getsockopt,
997 .sendmsg = ping_v4_sendmsg,
998 .recvmsg = ping_recvmsg,
999 .bind = ping_bind,
1000 .backlog_rcv = ping_queue_rcv_skb,
1001 .release_cb = ip4_datagram_release_cb,
1002 .hash = ping_hash,
1003 .unhash = ping_unhash,
1004 .get_port = ping_get_port,
1005 .obj_size = sizeof(struct inet_sock),
1006 };
1007 EXPORT_SYMBOL(ping_prot);
1008
1009 #ifdef CONFIG_PROC_FS
1010
1011 static struct sock *ping_get_first(struct seq_file *seq, int start)
1012 {
1013 struct sock *sk;
1014 struct ping_iter_state *state = seq->private;
1015 struct net *net = seq_file_net(seq);
1016
1017 for (state->bucket = start; state->bucket < PING_HTABLE_SIZE;
1018 ++state->bucket) {
1019 struct hlist_nulls_node *node;
1020 struct hlist_nulls_head *hslot;
1021
1022 hslot = &ping_table.hash[state->bucket];
1023
1024 if (hlist_nulls_empty(hslot))
1025 continue;
1026
1027 sk_nulls_for_each(sk, node, hslot) {
1028 if (net_eq(sock_net(sk), net) &&
1029 sk->sk_family == state->family)
1030 goto found;
1031 }
1032 }
1033 sk = NULL;
1034 found:
1035 return sk;
1036 }
1037
1038 static struct sock *ping_get_next(struct seq_file *seq, struct sock *sk)
1039 {
1040 struct ping_iter_state *state = seq->private;
1041 struct net *net = seq_file_net(seq);
1042
1043 do {
1044 sk = sk_nulls_next(sk);
1045 } while (sk && (!net_eq(sock_net(sk), net)));
1046
1047 if (!sk)
1048 return ping_get_first(seq, state->bucket + 1);
1049 return sk;
1050 }
1051
1052 static struct sock *ping_get_idx(struct seq_file *seq, loff_t pos)
1053 {
1054 struct sock *sk = ping_get_first(seq, 0);
1055
1056 if (sk)
1057 while (pos && (sk = ping_get_next(seq, sk)) != NULL)
1058 --pos;
1059 return pos ? NULL : sk;
1060 }
1061
1062 void *ping_seq_start(struct seq_file *seq, loff_t *pos, sa_family_t family)
1063 __acquires(ping_table.lock)
1064 {
1065 struct ping_iter_state *state = seq->private;
1066 state->bucket = 0;
1067 state->family = family;
1068
1069 read_lock_bh(&ping_table.lock);
1070
1071 return *pos ? ping_get_idx(seq, *pos-1) : SEQ_START_TOKEN;
1072 }
1073 EXPORT_SYMBOL_GPL(ping_seq_start);
1074
1075 static void *ping_v4_seq_start(struct seq_file *seq, loff_t *pos)
1076 {
1077 return ping_seq_start(seq, pos, AF_INET);
1078 }
1079
1080 void *ping_seq_next(struct seq_file *seq, void *v, loff_t *pos)
1081 {
1082 struct sock *sk;
1083
1084 if (v == SEQ_START_TOKEN)
1085 sk = ping_get_idx(seq, 0);
1086 else
1087 sk = ping_get_next(seq, v);
1088
1089 ++*pos;
1090 return sk;
1091 }
1092 EXPORT_SYMBOL_GPL(ping_seq_next);
1093
1094 void ping_seq_stop(struct seq_file *seq, void *v)
1095 __releases(ping_table.lock)
1096 {
1097 read_unlock_bh(&ping_table.lock);
1098 }
1099 EXPORT_SYMBOL_GPL(ping_seq_stop);
1100
1101 static void ping_v4_format_sock(struct sock *sp, struct seq_file *f,
1102 int bucket)
1103 {
1104 struct inet_sock *inet = inet_sk(sp);
1105 __be32 dest = inet->inet_daddr;
1106 __be32 src = inet->inet_rcv_saddr;
1107 __u16 destp = ntohs(inet->inet_dport);
1108 __u16 srcp = ntohs(inet->inet_sport);
1109
1110 seq_printf(f, "%5d: %08X:%04X %08X:%04X"
1111 " %02X %08X:%08X %02X:%08lX %08X %5u %8d %lu %d %pK %u",
1112 bucket, src, srcp, dest, destp, sp->sk_state,
1113 sk_wmem_alloc_get(sp),
1114 sk_rmem_alloc_get(sp),
1115 0, 0L, 0,
1116 from_kuid_munged(seq_user_ns(f), sock_i_uid(sp)),
1117 0, sock_i_ino(sp),
1118 refcount_read(&sp->sk_refcnt), sp,
1119 atomic_read(&sp->sk_drops));
1120 }
1121
1122 static int ping_v4_seq_show(struct seq_file *seq, void *v)
1123 {
1124 seq_setwidth(seq, 127);
1125 if (v == SEQ_START_TOKEN)
1126 seq_puts(seq, " sl local_address rem_address st tx_queue "
1127 "rx_queue tr tm->when retrnsmt uid timeout "
1128 "inode ref pointer drops");
1129 else {
1130 struct ping_iter_state *state = seq->private;
1131
1132 ping_v4_format_sock(v, seq, state->bucket);
1133 }
1134 seq_pad(seq, '\n');
1135 return 0;
1136 }
1137
1138 static const struct seq_operations ping_v4_seq_ops = {
1139 .start = ping_v4_seq_start,
1140 .show = ping_v4_seq_show,
1141 .next = ping_seq_next,
1142 .stop = ping_seq_stop,
1143 };
1144
1145 static int __net_init ping_v4_proc_init_net(struct net *net)
1146 {
1147 if (!proc_create_net("icmp", 0444, net->proc_net, &ping_v4_seq_ops,
1148 sizeof(struct ping_iter_state)))
1149 return -ENOMEM;
1150 return 0;
1151 }
1152
1153 static void __net_exit ping_v4_proc_exit_net(struct net *net)
1154 {
1155 remove_proc_entry("icmp", net->proc_net);
1156 }
1157
1158 static struct pernet_operations ping_v4_net_ops = {
1159 .init = ping_v4_proc_init_net,
1160 .exit = ping_v4_proc_exit_net,
1161 };
1162
1163 int __init ping_proc_init(void)
1164 {
1165 return register_pernet_subsys(&ping_v4_net_ops);
1166 }
1167
1168 void ping_proc_exit(void)
1169 {
1170 unregister_pernet_subsys(&ping_v4_net_ops);
1171 }
1172
1173 #endif
1174
1175 void __init ping_init(void)
1176 {
1177 int i;
1178
1179 for (i = 0; i < PING_HTABLE_SIZE; i++)
1180 INIT_HLIST_NULLS_HEAD(&ping_table.hash[i], i);
1181 rwlock_init(&ping_table.lock);
1182 }