1 /* 2 * INET An implementation of the TCP/IP protocol suite for the LINUX 3 * operating system. INET is implemented using the BSD Socket 4 * interface as the means of communication with the user level. 5 * 6 * PACKET - implements raw packet sockets. 7 * 8 * Version: $Id: af_packet.c,v 1.61 2002/02/08 03:57:19 davem Exp $ 9 * 10 * Authors: Ross Biro 11 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG> 12 * Alan Cox, <gw4pts@gw4pts.ampr.org> 13 * 14 * Fixes: 15 * Alan Cox : verify_area() now used correctly 16 * Alan Cox : new skbuff lists, look ma no backlogs! 17 * Alan Cox : tidied skbuff lists. 18 * Alan Cox : Now uses generic datagram routines I 19 * added. Also fixed the peek/read crash 20 * from all old Linux datagram code. 21 * Alan Cox : Uses the improved datagram code. 22 * Alan Cox : Added NULL's for socket options. 23 * Alan Cox : Re-commented the code. 24 * Alan Cox : Use new kernel side addressing 25 * Rob Janssen : Correct MTU usage. 26 * Dave Platt : Counter leaks caused by incorrect 27 * interrupt locking and some slightly 28 * dubious gcc output. Can you read 29 * compiler: it said _VOLATILE_ 30 * Richard Kooijman : Timestamp fixes. 31 * Alan Cox : New buffers. Use sk->mac.raw. 32 * Alan Cox : sendmsg/recvmsg support. 33 * Alan Cox : Protocol setting support 34 * Alexey Kuznetsov : Untied from IPv4 stack. 35 * Cyrus Durgin : Fixed kerneld for kmod. 36 * Michal Ostrowski : Module initialization cleanup. 37 * Ulises Alonso : Frame number limit removal and 38 * packet_set_ring memory leak. 39 * Eric Biederman : Allow for > 8 byte hardware addresses. 40 * The convention is that longer addresses 41 * will simply extend the hardware address 42 * byte arrays at the end of sockaddr_ll 43 * and packet_mreq. 44 * 45 * This program is free software; you can redistribute it and/or 46 * modify it under the terms of the GNU General Public License 47 * as published by the Free Software Foundation; either version 48 * 2 of the License, or (at your option) any later version. 49 * 50 */ 51 52 #include <linux/types.h> 53 #include <linux/mm.h> 54 #include <linux/capability.h> 55 #include <linux/fcntl.h> 56 #include <linux/socket.h> 57 #include <linux/in.h> 58 #include <linux/inet.h> 59 #include <linux/netdevice.h> 60 #include <linux/if_packet.h> 61 #include <linux/wireless.h> 62 #include <linux/kernel.h> 63 #include <linux/kmod.h> 64 #include <net/ip.h> 65 #include <net/protocol.h> 66 #include <linux/skbuff.h> 67 #include <net/sock.h> 68 #include <linux/errno.h> 69 #include <linux/timer.h> 70 #include <asm/system.h> 71 #include <asm/uaccess.h> 72 #include <asm/ioctls.h> 73 #include <asm/page.h> 74 #include <asm/cacheflush.h> 75 #include <asm/io.h> 76 #include <linux/proc_fs.h> 77 #include <linux/seq_file.h> 78 #include <linux/poll.h> 79 #include <linux/module.h> 80 #include <linux/init.h> 81 82 #ifdef CONFIG_INET 83 #include <net/inet_common.h> 84 #endif 85 86 #define CONFIG_SOCK_PACKET 1 87 88 /* 89 Proposed replacement for SIOC{ADD,DEL}MULTI and 90 IFF_PROMISC, IFF_ALLMULTI flags. 91 92 It is more expensive, but I believe, 93 it is really correct solution: reentereble, safe and fault tolerant. 94 95 IFF_PROMISC/IFF_ALLMULTI/SIOC{ADD/DEL}MULTI are faked by keeping 96 reference count and global flag, so that real status is 97 (gflag|(count != 0)), so that we can use obsolete faulty interface 98 not harming clever users. 99 */ 100 #define CONFIG_PACKET_MULTICAST 1 101 102 /* 103 Assumptions: 104 - if device has no dev->hard_header routine, it adds and removes ll header 105 inside itself. In this case ll header is invisible outside of device, 106 but higher levels still should reserve dev->hard_header_len. 107 Some devices are enough clever to reallocate skb, when header 108 will not fit to reserved space (tunnel), another ones are silly 109 (PPP). 110 - packet socket receives packets with pulled ll header, 111 so that SOCK_RAW should push it back. 112 113 On receive: 114 ----------- 115 116 Incoming, dev->hard_header!=NULL 117 mac_header -> ll header 118 data -> data 119 120 Outgoing, dev->hard_header!=NULL 121 mac_header -> ll header 122 data -> ll header 123 124 Incoming, dev->hard_header==NULL 125 mac_header -> UNKNOWN position. It is very likely, that it points to ll 126 header. PPP makes it, that is wrong, because introduce 127 assymetry between rx and tx paths. 128 data -> data 129 130 Outgoing, dev->hard_header==NULL 131 mac_header -> data. ll header is still not built! 132 data -> data 133 134 Resume 135 If dev->hard_header==NULL we are unlikely to restore sensible ll header. 136 137 138 On transmit: 139 ------------ 140 141 dev->hard_header != NULL 142 mac_header -> ll header 143 data -> ll header 144 145 dev->hard_header == NULL (ll header is added by device, we cannot control it) 146 mac_header -> data 147 data -> data 148 149 We should set nh.raw on output to correct posistion, 150 packet classifier depends on it. 151 */ 152 153 /* List of all packet sockets. */ 154 static HLIST_HEAD(packet_sklist); 155 static DEFINE_RWLOCK(packet_sklist_lock); 156 157 static atomic_t packet_socks_nr; 158 159 160 /* Private packet socket structures. */ 161 162 #ifdef CONFIG_PACKET_MULTICAST 163 struct packet_mclist 164 { 165 struct packet_mclist *next; 166 int ifindex; 167 int count; 168 unsigned short type; 169 unsigned short alen; 170 unsigned char addr[MAX_ADDR_LEN]; 171 }; 172 /* identical to struct packet_mreq except it has 173 * a longer address field. 174 */ 175 struct packet_mreq_max 176 { 177 int mr_ifindex; 178 unsigned short mr_type; 179 unsigned short mr_alen; 180 unsigned char mr_address[MAX_ADDR_LEN]; 181 }; 182 #endif 183 #ifdef CONFIG_PACKET_MMAP 184 static int packet_set_ring(struct sock *sk, struct tpacket_req *req, int closing); 185 #endif 186 187 static void packet_flush_mclist(struct sock *sk); 188 189 struct packet_sock { 190 /* struct sock has to be the first member of packet_sock */ 191 struct sock sk; 192 struct tpacket_stats stats; 193 #ifdef CONFIG_PACKET_MMAP 194 char * *pg_vec; 195 unsigned int head; 196 unsigned int frames_per_block; 197 unsigned int frame_size; 198 unsigned int frame_max; 199 int copy_thresh; 200 #endif 201 struct packet_type prot_hook; 202 spinlock_t bind_lock; 203 unsigned int running:1, /* prot_hook is attached*/ 204 auxdata:1, 205 origdev:1; 206 int ifindex; /* bound device */ 207 __be16 num; 208 #ifdef CONFIG_PACKET_MULTICAST 209 struct packet_mclist *mclist; 210 #endif 211 #ifdef CONFIG_PACKET_MMAP 212 atomic_t mapped; 213 unsigned int pg_vec_order; 214 unsigned int pg_vec_pages; 215 unsigned int pg_vec_len; 216 #endif 217 }; 218 219 struct packet_skb_cb { 220 unsigned int origlen; 221 union { 222 struct sockaddr_pkt pkt; 223 struct sockaddr_ll ll; 224 } sa; 225 }; 226 227 #define PACKET_SKB_CB(__skb) ((struct packet_skb_cb *)((__skb)->cb)) 228 229 #ifdef CONFIG_PACKET_MMAP 230 231 static inline struct tpacket_hdr *packet_lookup_frame(struct packet_sock *po, unsigned int position) 232 { 233 unsigned int pg_vec_pos, frame_offset; 234 235 pg_vec_pos = position / po->frames_per_block; 236 frame_offset = position % po->frames_per_block; 237 238 return (struct tpacket_hdr *)(po->pg_vec[pg_vec_pos] + (frame_offset * po->frame_size)); 239 } 240 #endif 241 242 static inline struct packet_sock *pkt_sk(struct sock *sk) 243 { 244 return (struct packet_sock *)sk; 245 } 246 247 static void packet_sock_destruct(struct sock *sk) 248 { 249 BUG_TRAP(!atomic_read(&sk->sk_rmem_alloc)); 250 BUG_TRAP(!atomic_read(&sk->sk_wmem_alloc)); 251 252 if (!sock_flag(sk, SOCK_DEAD)) { 253 printk("Attempt to release alive packet socket: %p\n", sk); 254 return; 255 } 256 257 atomic_dec(&packet_socks_nr); 258 #ifdef PACKET_REFCNT_DEBUG 259 printk(KERN_DEBUG "PACKET socket %p is free, %d are alive\n", sk, atomic_read(&packet_socks_nr)); 260 #endif 261 } 262 263 264 static const struct proto_ops packet_ops; 265 266 #ifdef CONFIG_SOCK_PACKET 267 static const struct proto_ops packet_ops_spkt; 268 269 static int packet_rcv_spkt(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt, struct net_device *orig_dev) 270 { 271 struct sock *sk; 272 struct sockaddr_pkt *spkt; 273 274 /* 275 * When we registered the protocol we saved the socket in the data 276 * field for just this event. 277 */ 278 279 sk = pt->af_packet_priv; 280 281 /* 282 * Yank back the headers [hope the device set this 283 * right or kerboom...] 284 * 285 * Incoming packets have ll header pulled, 286 * push it back. 287 * 288 * For outgoing ones skb->data == skb_mac_header(skb) 289 * so that this procedure is noop. 290 */ 291 292 if (skb->pkt_type == PACKET_LOOPBACK) 293 goto out; 294 295 if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL) 296 goto oom; 297 298 /* drop any routing info */ 299 dst_release(skb->dst); 300 skb->dst = NULL; 301 302 /* drop conntrack reference */ 303 nf_reset(skb); 304 305 spkt = &PACKET_SKB_CB(skb)->sa.pkt; 306 307 skb_push(skb, skb->data - skb_mac_header(skb)); 308 309 /* 310 * The SOCK_PACKET socket receives _all_ frames. 311 */ 312 313 spkt->spkt_family = dev->type; 314 strlcpy(spkt->spkt_device, dev->name, sizeof(spkt->spkt_device)); 315 spkt->spkt_protocol = skb->protocol; 316 317 /* 318 * Charge the memory to the socket. This is done specifically 319 * to prevent sockets using all the memory up. 320 */ 321 322 if (sock_queue_rcv_skb(sk,skb) == 0) 323 return 0; 324 325 out: 326 kfree_skb(skb); 327 oom: 328 return 0; 329 } 330 331 332 /* 333 * Output a raw packet to a device layer. This bypasses all the other 334 * protocol layers and you must therefore supply it with a complete frame 335 */ 336 337 static int packet_sendmsg_spkt(struct kiocb *iocb, struct socket *sock, 338 struct msghdr *msg, size_t len) 339 { 340 struct sock *sk = sock->sk; 341 struct sockaddr_pkt *saddr=(struct sockaddr_pkt *)msg->msg_name; 342 struct sk_buff *skb; 343 struct net_device *dev; 344 __be16 proto=0; 345 int err; 346 347 /* 348 * Get and verify the address. 349 */ 350 351 if (saddr) 352 { 353 if (msg->msg_namelen < sizeof(struct sockaddr)) 354 return(-EINVAL); 355 if (msg->msg_namelen==sizeof(struct sockaddr_pkt)) 356 proto=saddr->spkt_protocol; 357 } 358 else 359 return(-ENOTCONN); /* SOCK_PACKET must be sent giving an address */ 360 361 /* 362 * Find the device first to size check it 363 */ 364 365 saddr->spkt_device[13] = 0; 366 dev = dev_get_by_name(saddr->spkt_device); 367 err = -ENODEV; 368 if (dev == NULL) 369 goto out_unlock; 370 371 err = -ENETDOWN; 372 if (!(dev->flags & IFF_UP)) 373 goto out_unlock; 374 375 /* 376 * You may not queue a frame bigger than the mtu. This is the lowest level 377 * raw protocol and you must do your own fragmentation at this level. 378 */ 379 380 err = -EMSGSIZE; 381 if (len > dev->mtu + dev->hard_header_len) 382 goto out_unlock; 383 384 err = -ENOBUFS; 385 skb = sock_wmalloc(sk, len + LL_RESERVED_SPACE(dev), 0, GFP_KERNEL); 386 387 /* 388 * If the write buffer is full, then tough. At this level the user gets to 389 * deal with the problem - do your own algorithmic backoffs. That's far 390 * more flexible. 391 */ 392 393 if (skb == NULL) 394 goto out_unlock; 395 396 /* 397 * Fill it in 398 */ 399 400 /* FIXME: Save some space for broken drivers that write a 401 * hard header at transmission time by themselves. PPP is the 402 * notable one here. This should really be fixed at the driver level. 403 */ 404 skb_reserve(skb, LL_RESERVED_SPACE(dev)); 405 skb_reset_network_header(skb); 406 407 /* Try to align data part correctly */ 408 if (dev->hard_header) { 409 skb->data -= dev->hard_header_len; 410 skb->tail -= dev->hard_header_len; 411 if (len < dev->hard_header_len) 412 skb_reset_network_header(skb); 413 } 414 415 /* Returns -EFAULT on error */ 416 err = memcpy_fromiovec(skb_put(skb,len), msg->msg_iov, len); 417 skb->protocol = proto; 418 skb->dev = dev; 419 skb->priority = sk->sk_priority; 420 if (err) 421 goto out_free; 422 423 /* 424 * Now send it 425 */ 426 427 dev_queue_xmit(skb); 428 dev_put(dev); 429 return(len); 430 431 out_free: 432 kfree_skb(skb); 433 out_unlock: 434 if (dev) 435 dev_put(dev); 436 return err; 437 } 438 #endif 439 440 static inline unsigned int run_filter(struct sk_buff *skb, struct sock *sk, 441 unsigned int res) 442 { 443 struct sk_filter *filter; 444 445 rcu_read_lock_bh(); 446 filter = rcu_dereference(sk->sk_filter); 447 if (filter != NULL) 448 res = sk_run_filter(skb, filter->insns, filter->len); 449 rcu_read_unlock_bh(); 450 451 return res; 452 } 453 454 /* 455 This function makes lazy skb cloning in hope that most of packets 456 are discarded by BPF. 457 458 Note tricky part: we DO mangle shared skb! skb->data, skb->len 459 and skb->cb are mangled. It works because (and until) packets 460 falling here are owned by current CPU. Output packets are cloned 461 by dev_queue_xmit_nit(), input packets are processed by net_bh 462 sequencially, so that if we return skb to original state on exit, 463 we will not harm anyone. 464 */ 465 466 static int packet_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt, struct net_device *orig_dev) 467 { 468 struct sock *sk; 469 struct sockaddr_ll *sll; 470 struct packet_sock *po; 471 u8 * skb_head = skb->data; 472 int skb_len = skb->len; 473 unsigned int snaplen, res; 474 475 if (skb->pkt_type == PACKET_LOOPBACK) 476 goto drop; 477 478 sk = pt->af_packet_priv; 479 po = pkt_sk(sk); 480 481 skb->dev = dev; 482 483 if (dev->hard_header) { 484 /* The device has an explicit notion of ll header, 485 exported to higher levels. 486 487 Otherwise, the device hides datails of it frame 488 structure, so that corresponding packet head 489 never delivered to user. 490 */ 491 if (sk->sk_type != SOCK_DGRAM) 492 skb_push(skb, skb->data - skb_mac_header(skb)); 493 else if (skb->pkt_type == PACKET_OUTGOING) { 494 /* Special case: outgoing packets have ll header at head */ 495 skb_pull(skb, skb_network_offset(skb)); 496 } 497 } 498 499 snaplen = skb->len; 500 501 res = run_filter(skb, sk, snaplen); 502 if (!res) 503 goto drop_n_restore; 504 if (snaplen > res) 505 snaplen = res; 506 507 if (atomic_read(&sk->sk_rmem_alloc) + skb->truesize >= 508 (unsigned)sk->sk_rcvbuf) 509 goto drop_n_acct; 510 511 if (skb_shared(skb)) { 512 struct sk_buff *nskb = skb_clone(skb, GFP_ATOMIC); 513 if (nskb == NULL) 514 goto drop_n_acct; 515 516 if (skb_head != skb->data) { 517 skb->data = skb_head; 518 skb->len = skb_len; 519 } 520 kfree_skb(skb); 521 skb = nskb; 522 } 523 524 BUILD_BUG_ON(sizeof(*PACKET_SKB_CB(skb)) + MAX_ADDR_LEN - 8 > 525 sizeof(skb->cb)); 526 527 sll = &PACKET_SKB_CB(skb)->sa.ll; 528 sll->sll_family = AF_PACKET; 529 sll->sll_hatype = dev->type; 530 sll->sll_protocol = skb->protocol; 531 sll->sll_pkttype = skb->pkt_type; 532 if (unlikely(po->origdev) && skb->pkt_type == PACKET_HOST) 533 sll->sll_ifindex = orig_dev->ifindex; 534 else 535 sll->sll_ifindex = dev->ifindex; 536 sll->sll_halen = 0; 537 538 if (dev->hard_header_parse) 539 sll->sll_halen = dev->hard_header_parse(skb, sll->sll_addr); 540 541 PACKET_SKB_CB(skb)->origlen = skb->len; 542 543 if (pskb_trim(skb, snaplen)) 544 goto drop_n_acct; 545 546 skb_set_owner_r(skb, sk); 547 skb->dev = NULL; 548 dst_release(skb->dst); 549 skb->dst = NULL; 550 551 /* drop conntrack reference */ 552 nf_reset(skb); 553 554 spin_lock(&sk->sk_receive_queue.lock); 555 po->stats.tp_packets++; 556 __skb_queue_tail(&sk->sk_receive_queue, skb); 557 spin_unlock(&sk->sk_receive_queue.lock); 558 sk->sk_data_ready(sk, skb->len); 559 return 0; 560 561 drop_n_acct: 562 spin_lock(&sk->sk_receive_queue.lock); 563 po->stats.tp_drops++; 564 spin_unlock(&sk->sk_receive_queue.lock); 565 566 drop_n_restore: 567 if (skb_head != skb->data && skb_shared(skb)) { 568 skb->data = skb_head; 569 skb->len = skb_len; 570 } 571 drop: 572 kfree_skb(skb); 573 return 0; 574 } 575 576 #ifdef CONFIG_PACKET_MMAP 577 static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt, struct net_device *orig_dev) 578 { 579 struct sock *sk; 580 struct packet_sock *po; 581 struct sockaddr_ll *sll; 582 struct tpacket_hdr *h; 583 u8 * skb_head = skb->data; 584 int skb_len = skb->len; 585 unsigned int snaplen, res; 586 unsigned long status = TP_STATUS_LOSING|TP_STATUS_USER; 587 unsigned short macoff, netoff; 588 struct sk_buff *copy_skb = NULL; 589 struct timeval tv; 590 591 if (skb->pkt_type == PACKET_LOOPBACK) 592 goto drop; 593 594 sk = pt->af_packet_priv; 595 po = pkt_sk(sk); 596 597 if (dev->hard_header) { 598 if (sk->sk_type != SOCK_DGRAM) 599 skb_push(skb, skb->data - skb_mac_header(skb)); 600 else if (skb->pkt_type == PACKET_OUTGOING) { 601 /* Special case: outgoing packets have ll header at head */ 602 skb_pull(skb, skb_network_offset(skb)); 603 } 604 } 605 606 if (skb->ip_summed == CHECKSUM_PARTIAL) 607 status |= TP_STATUS_CSUMNOTREADY; 608 609 snaplen = skb->len; 610 611 res = run_filter(skb, sk, snaplen); 612 if (!res) 613 goto drop_n_restore; 614 if (snaplen > res) 615 snaplen = res; 616 617 if (sk->sk_type == SOCK_DGRAM) { 618 macoff = netoff = TPACKET_ALIGN(TPACKET_HDRLEN) + 16; 619 } else { 620 unsigned maclen = skb_network_offset(skb); 621 netoff = TPACKET_ALIGN(TPACKET_HDRLEN + (maclen < 16 ? 16 : maclen)); 622 macoff = netoff - maclen; 623 } 624 625 if (macoff + snaplen > po->frame_size) { 626 if (po->copy_thresh && 627 atomic_read(&sk->sk_rmem_alloc) + skb->truesize < 628 (unsigned)sk->sk_rcvbuf) { 629 if (skb_shared(skb)) { 630 copy_skb = skb_clone(skb, GFP_ATOMIC); 631 } else { 632 copy_skb = skb_get(skb); 633 skb_head = skb->data; 634 } 635 if (copy_skb) 636 skb_set_owner_r(copy_skb, sk); 637 } 638 snaplen = po->frame_size - macoff; 639 if ((int)snaplen < 0) 640 snaplen = 0; 641 } 642 643 spin_lock(&sk->sk_receive_queue.lock); 644 h = packet_lookup_frame(po, po->head); 645 646 if (h->tp_status) 647 goto ring_is_full; 648 po->head = po->head != po->frame_max ? po->head+1 : 0; 649 po->stats.tp_packets++; 650 if (copy_skb) { 651 status |= TP_STATUS_COPY; 652 __skb_queue_tail(&sk->sk_receive_queue, copy_skb); 653 } 654 if (!po->stats.tp_drops) 655 status &= ~TP_STATUS_LOSING; 656 spin_unlock(&sk->sk_receive_queue.lock); 657 658 skb_copy_bits(skb, 0, (u8*)h + macoff, snaplen); 659 660 h->tp_len = skb->len; 661 h->tp_snaplen = snaplen; 662 h->tp_mac = macoff; 663 h->tp_net = netoff; 664 if (skb->tstamp.tv64 == 0) { 665 __net_timestamp(skb); 666 sock_enable_timestamp(sk); 667 } 668 tv = ktime_to_timeval(skb->tstamp); 669 h->tp_sec = tv.tv_sec; 670 h->tp_usec = tv.tv_usec; 671 672 sll = (struct sockaddr_ll*)((u8*)h + TPACKET_ALIGN(sizeof(*h))); 673 sll->sll_halen = 0; 674 if (dev->hard_header_parse) 675 sll->sll_halen = dev->hard_header_parse(skb, sll->sll_addr); 676 sll->sll_family = AF_PACKET; 677 sll->sll_hatype = dev->type; 678 sll->sll_protocol = skb->protocol; 679 sll->sll_pkttype = skb->pkt_type; 680 if (unlikely(po->origdev) && skb->pkt_type == PACKET_HOST) 681 sll->sll_ifindex = orig_dev->ifindex; 682 else 683 sll->sll_ifindex = dev->ifindex; 684 685 h->tp_status = status; 686 smp_mb(); 687 688 { 689 struct page *p_start, *p_end; 690 u8 *h_end = (u8 *)h + macoff + snaplen - 1; 691 692 p_start = virt_to_page(h); 693 p_end = virt_to_page(h_end); 694 while (p_start <= p_end) { 695 flush_dcache_page(p_start); 696 p_start++; 697 } 698 } 699 700 sk->sk_data_ready(sk, 0); 701 702 drop_n_restore: 703 if (skb_head != skb->data && skb_shared(skb)) { 704 skb->data = skb_head; 705 skb->len = skb_len; 706 } 707 drop: 708 kfree_skb(skb); 709 return 0; 710 711 ring_is_full: 712 po->stats.tp_drops++; 713 spin_unlock(&sk->sk_receive_queue.lock); 714 715 sk->sk_data_ready(sk, 0); 716 if (copy_skb) 717 kfree_skb(copy_skb); 718 goto drop_n_restore; 719 } 720 721 #endif 722 723 724 static int packet_sendmsg(struct kiocb *iocb, struct socket *sock, 725 struct msghdr *msg, size_t len) 726 { 727 struct sock *sk = sock->sk; 728 struct sockaddr_ll *saddr=(struct sockaddr_ll *)msg->msg_name; 729 struct sk_buff *skb; 730 struct net_device *dev; 731 __be16 proto; 732 unsigned char *addr; 733 int ifindex, err, reserve = 0; 734 735 /* 736 * Get and verify the address. 737 */ 738 739 if (saddr == NULL) { 740 struct packet_sock *po = pkt_sk(sk); 741 742 ifindex = po->ifindex; 743 proto = po->num; 744 addr = NULL; 745 } else { 746 err = -EINVAL; 747 if (msg->msg_namelen < sizeof(struct sockaddr_ll)) 748 goto out; 749 if (msg->msg_namelen < (saddr->sll_halen + offsetof(struct sockaddr_ll, sll_addr))) 750 goto out; 751 ifindex = saddr->sll_ifindex; 752 proto = saddr->sll_protocol; 753 addr = saddr->sll_addr; 754 } 755 756 757 dev = dev_get_by_index(ifindex); 758 err = -ENXIO; 759 if (dev == NULL) 760 goto out_unlock; 761 if (sock->type == SOCK_RAW) 762 reserve = dev->hard_header_len; 763 764 err = -ENETDOWN; 765 if (!(dev->flags & IFF_UP)) 766 goto out_unlock; 767 768 err = -EMSGSIZE; 769 if (len > dev->mtu+reserve) 770 goto out_unlock; 771 772 skb = sock_alloc_send_skb(sk, len + LL_RESERVED_SPACE(dev), 773 msg->msg_flags & MSG_DONTWAIT, &err); 774 if (skb==NULL) 775 goto out_unlock; 776 777 skb_reserve(skb, LL_RESERVED_SPACE(dev)); 778 skb_reset_network_header(skb); 779 780 if (dev->hard_header) { 781 int res; 782 err = -EINVAL; 783 res = dev->hard_header(skb, dev, ntohs(proto), addr, NULL, len); 784 if (sock->type != SOCK_DGRAM) { 785 skb_reset_tail_pointer(skb); 786 skb->len = 0; 787 } else if (res < 0) 788 goto out_free; 789 } 790 791 /* Returns -EFAULT on error */ 792 err = memcpy_fromiovec(skb_put(skb,len), msg->msg_iov, len); 793 if (err) 794 goto out_free; 795 796 skb->protocol = proto; 797 skb->dev = dev; 798 skb->priority = sk->sk_priority; 799 800 /* 801 * Now send it 802 */ 803 804 err = dev_queue_xmit(skb); 805 if (err > 0 && (err = net_xmit_errno(err)) != 0) 806 goto out_unlock; 807 808 dev_put(dev); 809 810 return(len); 811 812 out_free: 813 kfree_skb(skb); 814 out_unlock: 815 if (dev) 816 dev_put(dev); 817 out: 818 return err; 819 } 820 821 /* 822 * Close a PACKET socket. This is fairly simple. We immediately go 823 * to 'closed' state and remove our protocol entry in the device list. 824 */ 825 826 static int packet_release(struct socket *sock) 827 { 828 struct sock *sk = sock->sk; 829 struct packet_sock *po; 830 831 if (!sk) 832 return 0; 833 834 po = pkt_sk(sk); 835 836 write_lock_bh(&packet_sklist_lock); 837 sk_del_node_init(sk); 838 write_unlock_bh(&packet_sklist_lock); 839 840 /* 841 * Unhook packet receive handler. 842 */ 843 844 if (po->running) { 845 /* 846 * Remove the protocol hook 847 */ 848 dev_remove_pack(&po->prot_hook); 849 po->running = 0; 850 po->num = 0; 851 __sock_put(sk); 852 } 853 854 #ifdef CONFIG_PACKET_MULTICAST 855 packet_flush_mclist(sk); 856 #endif 857 858 #ifdef CONFIG_PACKET_MMAP 859 if (po->pg_vec) { 860 struct tpacket_req req; 861 memset(&req, 0, sizeof(req)); 862 packet_set_ring(sk, &req, 1); 863 } 864 #endif 865 866 /* 867 * Now the socket is dead. No more input will appear. 868 */ 869 870 sock_orphan(sk); 871 sock->sk = NULL; 872 873 /* Purge queues */ 874 875 skb_queue_purge(&sk->sk_receive_queue); 876 877 sock_put(sk); 878 return 0; 879 } 880 881 /* 882 * Attach a packet hook. 883 */ 884 885 static int packet_do_bind(struct sock *sk, struct net_device *dev, __be16 protocol) 886 { 887 struct packet_sock *po = pkt_sk(sk); 888 /* 889 * Detach an existing hook if present. 890 */ 891 892 lock_sock(sk); 893 894 spin_lock(&po->bind_lock); 895 if (po->running) { 896 __sock_put(sk); 897 po->running = 0; 898 po->num = 0; 899 spin_unlock(&po->bind_lock); 900 dev_remove_pack(&po->prot_hook); 901 spin_lock(&po->bind_lock); 902 } 903 904 po->num = protocol; 905 po->prot_hook.type = protocol; 906 po->prot_hook.dev = dev; 907 908 po->ifindex = dev ? dev->ifindex : 0; 909 910 if (protocol == 0) 911 goto out_unlock; 912 913 if (dev) { 914 if (dev->flags&IFF_UP) { 915 dev_add_pack(&po->prot_hook); 916 sock_hold(sk); 917 po->running = 1; 918 } else { 919 sk->sk_err = ENETDOWN; 920 if (!sock_flag(sk, SOCK_DEAD)) 921 sk->sk_error_report(sk); 922 } 923 } else { 924 dev_add_pack(&po->prot_hook); 925 sock_hold(sk); 926 po->running = 1; 927 } 928 929 out_unlock: 930 spin_unlock(&po->bind_lock); 931 release_sock(sk); 932 return 0; 933 } 934 935 /* 936 * Bind a packet socket to a device 937 */ 938 939 #ifdef CONFIG_SOCK_PACKET 940 941 static int packet_bind_spkt(struct socket *sock, struct sockaddr *uaddr, int addr_len) 942 { 943 struct sock *sk=sock->sk; 944 char name[15]; 945 struct net_device *dev; 946 int err = -ENODEV; 947 948 /* 949 * Check legality 950 */ 951 952 if (addr_len != sizeof(struct sockaddr)) 953 return -EINVAL; 954 strlcpy(name,uaddr->sa_data,sizeof(name)); 955 956 dev = dev_get_by_name(name); 957 if (dev) { 958 err = packet_do_bind(sk, dev, pkt_sk(sk)->num); 959 dev_put(dev); 960 } 961 return err; 962 } 963 #endif 964 965 static int packet_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len) 966 { 967 struct sockaddr_ll *sll = (struct sockaddr_ll*)uaddr; 968 struct sock *sk=sock->sk; 969 struct net_device *dev = NULL; 970 int err; 971 972 973 /* 974 * Check legality 975 */ 976 977 if (addr_len < sizeof(struct sockaddr_ll)) 978 return -EINVAL; 979 if (sll->sll_family != AF_PACKET) 980 return -EINVAL; 981 982 if (sll->sll_ifindex) { 983 err = -ENODEV; 984 dev = dev_get_by_index(sll->sll_ifindex); 985 if (dev == NULL) 986 goto out; 987 } 988 err = packet_do_bind(sk, dev, sll->sll_protocol ? : pkt_sk(sk)->num); 989 if (dev) 990 dev_put(dev); 991 992 out: 993 return err; 994 } 995 996 static struct proto packet_proto = { 997 .name = "PACKET", 998 .owner = THIS_MODULE, 999 .obj_size = sizeof(struct packet_sock), 1000 }; 1001 1002 /* 1003 * Create a packet of type SOCK_PACKET. 1004 */ 1005 1006 static int packet_create(struct socket *sock, int protocol) 1007 { 1008 struct sock *sk; 1009 struct packet_sock *po; 1010 __be16 proto = (__force __be16)protocol; /* weird, but documented */ 1011 int err; 1012 1013 if (!capable(CAP_NET_RAW)) 1014 return -EPERM; 1015 if (sock->type != SOCK_DGRAM && sock->type != SOCK_RAW 1016 #ifdef CONFIG_SOCK_PACKET 1017 && sock->type != SOCK_PACKET 1018 #endif 1019 ) 1020 return -ESOCKTNOSUPPORT; 1021 1022 sock->state = SS_UNCONNECTED; 1023 1024 err = -ENOBUFS; 1025 sk = sk_alloc(PF_PACKET, GFP_KERNEL, &packet_proto, 1); 1026 if (sk == NULL) 1027 goto out; 1028 1029 sock->ops = &packet_ops; 1030 #ifdef CONFIG_SOCK_PACKET 1031 if (sock->type == SOCK_PACKET) 1032 sock->ops = &packet_ops_spkt; 1033 #endif 1034 sock_init_data(sock, sk); 1035 1036 po = pkt_sk(sk); 1037 sk->sk_family = PF_PACKET; 1038 po->num = proto; 1039 1040 sk->sk_destruct = packet_sock_destruct; 1041 atomic_inc(&packet_socks_nr); 1042 1043 /* 1044 * Attach a protocol block 1045 */ 1046 1047 spin_lock_init(&po->bind_lock); 1048 po->prot_hook.func = packet_rcv; 1049 #ifdef CONFIG_SOCK_PACKET 1050 if (sock->type == SOCK_PACKET) 1051 po->prot_hook.func = packet_rcv_spkt; 1052 #endif 1053 po->prot_hook.af_packet_priv = sk; 1054 1055 if (proto) { 1056 po->prot_hook.type = proto; 1057 dev_add_pack(&po->prot_hook); 1058 sock_hold(sk); 1059 po->running = 1; 1060 } 1061 1062 write_lock_bh(&packet_sklist_lock); 1063 sk_add_node(sk, &packet_sklist); 1064 write_unlock_bh(&packet_sklist_lock); 1065 return(0); 1066 out: 1067 return err; 1068 } 1069 1070 /* 1071 * Pull a packet from our receive queue and hand it to the user. 1072 * If necessary we block. 1073 */ 1074 1075 static int packet_recvmsg(struct kiocb *iocb, struct socket *sock, 1076 struct msghdr *msg, size_t len, int flags) 1077 { 1078 struct sock *sk = sock->sk; 1079 struct sk_buff *skb; 1080 int copied, err; 1081 struct sockaddr_ll *sll; 1082 1083 err = -EINVAL; 1084 if (flags & ~(MSG_PEEK|MSG_DONTWAIT|MSG_TRUNC|MSG_CMSG_COMPAT)) 1085 goto out; 1086 1087 #if 0 1088 /* What error should we return now? EUNATTACH? */ 1089 if (pkt_sk(sk)->ifindex < 0) 1090 return -ENODEV; 1091 #endif 1092 1093 /* 1094 * Call the generic datagram receiver. This handles all sorts 1095 * of horrible races and re-entrancy so we can forget about it 1096 * in the protocol layers. 1097 * 1098 * Now it will return ENETDOWN, if device have just gone down, 1099 * but then it will block. 1100 */ 1101 1102 skb=skb_recv_datagram(sk,flags,flags&MSG_DONTWAIT,&err); 1103 1104 /* 1105 * An error occurred so return it. Because skb_recv_datagram() 1106 * handles the blocking we don't see and worry about blocking 1107 * retries. 1108 */ 1109 1110 if (skb == NULL) 1111 goto out; 1112 1113 /* 1114 * If the address length field is there to be filled in, we fill 1115 * it in now. 1116 */ 1117 1118 sll = &PACKET_SKB_CB(skb)->sa.ll; 1119 if (sock->type == SOCK_PACKET) 1120 msg->msg_namelen = sizeof(struct sockaddr_pkt); 1121 else 1122 msg->msg_namelen = sll->sll_halen + offsetof(struct sockaddr_ll, sll_addr); 1123 1124 /* 1125 * You lose any data beyond the buffer you gave. If it worries a 1126 * user program they can ask the device for its MTU anyway. 1127 */ 1128 1129 copied = skb->len; 1130 if (copied > len) 1131 { 1132 copied=len; 1133 msg->msg_flags|=MSG_TRUNC; 1134 } 1135 1136 err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); 1137 if (err) 1138 goto out_free; 1139 1140 sock_recv_timestamp(msg, sk, skb); 1141 1142 if (msg->msg_name) 1143 memcpy(msg->msg_name, &PACKET_SKB_CB(skb)->sa, 1144 msg->msg_namelen); 1145 1146 if (pkt_sk(sk)->auxdata) { 1147 struct tpacket_auxdata aux; 1148 1149 aux.tp_status = TP_STATUS_USER; 1150 if (skb->ip_summed == CHECKSUM_PARTIAL) 1151 aux.tp_status |= TP_STATUS_CSUMNOTREADY; 1152 aux.tp_len = PACKET_SKB_CB(skb)->origlen; 1153 aux.tp_snaplen = skb->len; 1154 aux.tp_mac = 0; 1155 aux.tp_net = skb_network_offset(skb); 1156 1157 put_cmsg(msg, SOL_PACKET, PACKET_AUXDATA, sizeof(aux), &aux); 1158 } 1159 1160 /* 1161 * Free or return the buffer as appropriate. Again this 1162 * hides all the races and re-entrancy issues from us. 1163 */ 1164 err = (flags&MSG_TRUNC) ? skb->len : copied; 1165 1166 out_free: 1167 skb_free_datagram(sk, skb); 1168 out: 1169 return err; 1170 } 1171 1172 #ifdef CONFIG_SOCK_PACKET 1173 static int packet_getname_spkt(struct socket *sock, struct sockaddr *uaddr, 1174 int *uaddr_len, int peer) 1175 { 1176 struct net_device *dev; 1177 struct sock *sk = sock->sk; 1178 1179 if (peer) 1180 return -EOPNOTSUPP; 1181 1182 uaddr->sa_family = AF_PACKET; 1183 dev = dev_get_by_index(pkt_sk(sk)->ifindex); 1184 if (dev) { 1185 strlcpy(uaddr->sa_data, dev->name, 15); 1186 dev_put(dev); 1187 } else 1188 memset(uaddr->sa_data, 0, 14); 1189 *uaddr_len = sizeof(*uaddr); 1190 1191 return 0; 1192 } 1193 #endif 1194 1195 static int packet_getname(struct socket *sock, struct sockaddr *uaddr, 1196 int *uaddr_len, int peer) 1197 { 1198 struct net_device *dev; 1199 struct sock *sk = sock->sk; 1200 struct packet_sock *po = pkt_sk(sk); 1201 struct sockaddr_ll *sll = (struct sockaddr_ll*)uaddr; 1202 1203 if (peer) 1204 return -EOPNOTSUPP; 1205 1206 sll->sll_family = AF_PACKET; 1207 sll->sll_ifindex = po->ifindex; 1208 sll->sll_protocol = po->num; 1209 dev = dev_get_by_index(po->ifindex); 1210 if (dev) { 1211 sll->sll_hatype = dev->type; 1212 sll->sll_halen = dev->addr_len; 1213 memcpy(sll->sll_addr, dev->dev_addr, dev->addr_len); 1214 dev_put(dev); 1215 } else { 1216 sll->sll_hatype = 0; /* Bad: we have no ARPHRD_UNSPEC */ 1217 sll->sll_halen = 0; 1218 } 1219 *uaddr_len = offsetof(struct sockaddr_ll, sll_addr) + sll->sll_halen; 1220 1221 return 0; 1222 } 1223 1224 #ifdef CONFIG_PACKET_MULTICAST 1225 static void packet_dev_mc(struct net_device *dev, struct packet_mclist *i, int what) 1226 { 1227 switch (i->type) { 1228 case PACKET_MR_MULTICAST: 1229 if (what > 0) 1230 dev_mc_add(dev, i->addr, i->alen, 0); 1231 else 1232 dev_mc_delete(dev, i->addr, i->alen, 0); 1233 break; 1234 case PACKET_MR_PROMISC: 1235 dev_set_promiscuity(dev, what); 1236 break; 1237 case PACKET_MR_ALLMULTI: 1238 dev_set_allmulti(dev, what); 1239 break; 1240 default:; 1241 } 1242 } 1243 1244 static void packet_dev_mclist(struct net_device *dev, struct packet_mclist *i, int what) 1245 { 1246 for ( ; i; i=i->next) { 1247 if (i->ifindex == dev->ifindex) 1248 packet_dev_mc(dev, i, what); 1249 } 1250 } 1251 1252 static int packet_mc_add(struct sock *sk, struct packet_mreq_max *mreq) 1253 { 1254 struct packet_sock *po = pkt_sk(sk); 1255 struct packet_mclist *ml, *i; 1256 struct net_device *dev; 1257 int err; 1258 1259 rtnl_lock(); 1260 1261 err = -ENODEV; 1262 dev = __dev_get_by_index(mreq->mr_ifindex); 1263 if (!dev) 1264 goto done; 1265 1266 err = -EINVAL; 1267 if (mreq->mr_alen > dev->addr_len) 1268 goto done; 1269 1270 err = -ENOBUFS; 1271 i = kmalloc(sizeof(*i), GFP_KERNEL); 1272 if (i == NULL) 1273 goto done; 1274 1275 err = 0; 1276 for (ml = po->mclist; ml; ml = ml->next) { 1277 if (ml->ifindex == mreq->mr_ifindex && 1278 ml->type == mreq->mr_type && 1279 ml->alen == mreq->mr_alen && 1280 memcmp(ml->addr, mreq->mr_address, ml->alen) == 0) { 1281 ml->count++; 1282 /* Free the new element ... */ 1283 kfree(i); 1284 goto done; 1285 } 1286 } 1287 1288 i->type = mreq->mr_type; 1289 i->ifindex = mreq->mr_ifindex; 1290 i->alen = mreq->mr_alen; 1291 memcpy(i->addr, mreq->mr_address, i->alen); 1292 i->count = 1; 1293 i->next = po->mclist; 1294 po->mclist = i; 1295 packet_dev_mc(dev, i, +1); 1296 1297 done: 1298 rtnl_unlock(); 1299 return err; 1300 } 1301 1302 static int packet_mc_drop(struct sock *sk, struct packet_mreq_max *mreq) 1303 { 1304 struct packet_mclist *ml, **mlp; 1305 1306 rtnl_lock(); 1307 1308 for (mlp = &pkt_sk(sk)->mclist; (ml = *mlp) != NULL; mlp = &ml->next) { 1309 if (ml->ifindex == mreq->mr_ifindex && 1310 ml->type == mreq->mr_type && 1311 ml->alen == mreq->mr_alen && 1312 memcmp(ml->addr, mreq->mr_address, ml->alen) == 0) { 1313 if (--ml->count == 0) { 1314 struct net_device *dev; 1315 *mlp = ml->next; 1316 dev = dev_get_by_index(ml->ifindex); 1317 if (dev) { 1318 packet_dev_mc(dev, ml, -1); 1319 dev_put(dev); 1320 } 1321 kfree(ml); 1322 } 1323 rtnl_unlock(); 1324 return 0; 1325 } 1326 } 1327 rtnl_unlock(); 1328 return -EADDRNOTAVAIL; 1329 } 1330 1331 static void packet_flush_mclist(struct sock *sk) 1332 { 1333 struct packet_sock *po = pkt_sk(sk); 1334 struct packet_mclist *ml; 1335 1336 if (!po->mclist) 1337 return; 1338 1339 rtnl_lock(); 1340 while ((ml = po->mclist) != NULL) { 1341 struct net_device *dev; 1342 1343 po->mclist = ml->next; 1344 if ((dev = dev_get_by_index(ml->ifindex)) != NULL) { 1345 packet_dev_mc(dev, ml, -1); 1346 dev_put(dev); 1347 } 1348 kfree(ml); 1349 } 1350 rtnl_unlock(); 1351 } 1352 #endif 1353 1354 static int 1355 packet_setsockopt(struct socket *sock, int level, int optname, char __user *optval, int optlen) 1356 { 1357 struct sock *sk = sock->sk; 1358 struct packet_sock *po = pkt_sk(sk); 1359 int ret; 1360 1361 if (level != SOL_PACKET) 1362 return -ENOPROTOOPT; 1363 1364 switch(optname) { 1365 #ifdef CONFIG_PACKET_MULTICAST 1366 case PACKET_ADD_MEMBERSHIP: 1367 case PACKET_DROP_MEMBERSHIP: 1368 { 1369 struct packet_mreq_max mreq; 1370 int len = optlen; 1371 memset(&mreq, 0, sizeof(mreq)); 1372 if (len < sizeof(struct packet_mreq)) 1373 return -EINVAL; 1374 if (len > sizeof(mreq)) 1375 len = sizeof(mreq); 1376 if (copy_from_user(&mreq,optval,len)) 1377 return -EFAULT; 1378 if (len < (mreq.mr_alen + offsetof(struct packet_mreq, mr_address))) 1379 return -EINVAL; 1380 if (optname == PACKET_ADD_MEMBERSHIP) 1381 ret = packet_mc_add(sk, &mreq); 1382 else 1383 ret = packet_mc_drop(sk, &mreq); 1384 return ret; 1385 } 1386 #endif 1387 #ifdef CONFIG_PACKET_MMAP 1388 case PACKET_RX_RING: 1389 { 1390 struct tpacket_req req; 1391 1392 if (optlen<sizeof(req)) 1393 return -EINVAL; 1394 if (copy_from_user(&req,optval,sizeof(req))) 1395 return -EFAULT; 1396 return packet_set_ring(sk, &req, 0); 1397 } 1398 case PACKET_COPY_THRESH: 1399 { 1400 int val; 1401 1402 if (optlen!=sizeof(val)) 1403 return -EINVAL; 1404 if (copy_from_user(&val,optval,sizeof(val))) 1405 return -EFAULT; 1406 1407 pkt_sk(sk)->copy_thresh = val; 1408 return 0; 1409 } 1410 #endif 1411 case PACKET_AUXDATA: 1412 { 1413 int val; 1414 1415 if (optlen < sizeof(val)) 1416 return -EINVAL; 1417 if (copy_from_user(&val, optval, sizeof(val))) 1418 return -EFAULT; 1419 1420 po->auxdata = !!val; 1421 return 0; 1422 } 1423 case PACKET_ORIGDEV: 1424 { 1425 int val; 1426 1427 if (optlen < sizeof(val)) 1428 return -EINVAL; 1429 if (copy_from_user(&val, optval, sizeof(val))) 1430 return -EFAULT; 1431 1432 po->origdev = !!val; 1433 return 0; 1434 } 1435 default: 1436 return -ENOPROTOOPT; 1437 } 1438 } 1439 1440 static int packet_getsockopt(struct socket *sock, int level, int optname, 1441 char __user *optval, int __user *optlen) 1442 { 1443 int len; 1444 int val; 1445 struct sock *sk = sock->sk; 1446 struct packet_sock *po = pkt_sk(sk); 1447 void *data; 1448 struct tpacket_stats st; 1449 1450 if (level != SOL_PACKET) 1451 return -ENOPROTOOPT; 1452 1453 if (get_user(len, optlen)) 1454 return -EFAULT; 1455 1456 if (len < 0) 1457 return -EINVAL; 1458 1459 switch(optname) { 1460 case PACKET_STATISTICS: 1461 if (len > sizeof(struct tpacket_stats)) 1462 len = sizeof(struct tpacket_stats); 1463 spin_lock_bh(&sk->sk_receive_queue.lock); 1464 st = po->stats; 1465 memset(&po->stats, 0, sizeof(st)); 1466 spin_unlock_bh(&sk->sk_receive_queue.lock); 1467 st.tp_packets += st.tp_drops; 1468 1469 data = &st; 1470 break; 1471 case PACKET_AUXDATA: 1472 if (len > sizeof(int)) 1473 len = sizeof(int); 1474 val = po->auxdata; 1475 1476 data = &val; 1477 break; 1478 case PACKET_ORIGDEV: 1479 if (len > sizeof(int)) 1480 len = sizeof(int); 1481 val = po->origdev; 1482 1483 data = &val; 1484 break; 1485 default: 1486 return -ENOPROTOOPT; 1487 } 1488 1489 if (put_user(len, optlen)) 1490 return -EFAULT; 1491 if (copy_to_user(optval, data, len)) 1492 return -EFAULT; 1493 return 0; 1494 } 1495 1496 1497 static int packet_notifier(struct notifier_block *this, unsigned long msg, void *data) 1498 { 1499 struct sock *sk; 1500 struct hlist_node *node; 1501 struct net_device *dev = data; 1502 1503 read_lock(&packet_sklist_lock); 1504 sk_for_each(sk, node, &packet_sklist) { 1505 struct packet_sock *po = pkt_sk(sk); 1506 1507 switch (msg) { 1508 case NETDEV_UNREGISTER: 1509 #ifdef CONFIG_PACKET_MULTICAST 1510 if (po->mclist) 1511 packet_dev_mclist(dev, po->mclist, -1); 1512 // fallthrough 1513 #endif 1514 case NETDEV_DOWN: 1515 if (dev->ifindex == po->ifindex) { 1516 spin_lock(&po->bind_lock); 1517 if (po->running) { 1518 __dev_remove_pack(&po->prot_hook); 1519 __sock_put(sk); 1520 po->running = 0; 1521 sk->sk_err = ENETDOWN; 1522 if (!sock_flag(sk, SOCK_DEAD)) 1523 sk->sk_error_report(sk); 1524 } 1525 if (msg == NETDEV_UNREGISTER) { 1526 po->ifindex = -1; 1527 po->prot_hook.dev = NULL; 1528 } 1529 spin_unlock(&po->bind_lock); 1530 } 1531 break; 1532 case NETDEV_UP: 1533 spin_lock(&po->bind_lock); 1534 if (dev->ifindex == po->ifindex && po->num && 1535 !po->running) { 1536 dev_add_pack(&po->prot_hook); 1537 sock_hold(sk); 1538 po->running = 1; 1539 } 1540 spin_unlock(&po->bind_lock); 1541 break; 1542 } 1543 } 1544 read_unlock(&packet_sklist_lock); 1545 return NOTIFY_DONE; 1546 } 1547 1548 1549 static int packet_ioctl(struct socket *sock, unsigned int cmd, 1550 unsigned long arg) 1551 { 1552 struct sock *sk = sock->sk; 1553 1554 switch(cmd) { 1555 case SIOCOUTQ: 1556 { 1557 int amount = atomic_read(&sk->sk_wmem_alloc); 1558 return put_user(amount, (int __user *)arg); 1559 } 1560 case SIOCINQ: 1561 { 1562 struct sk_buff *skb; 1563 int amount = 0; 1564 1565 spin_lock_bh(&sk->sk_receive_queue.lock); 1566 skb = skb_peek(&sk->sk_receive_queue); 1567 if (skb) 1568 amount = skb->len; 1569 spin_unlock_bh(&sk->sk_receive_queue.lock); 1570 return put_user(amount, (int __user *)arg); 1571 } 1572 case SIOCGSTAMP: 1573 return sock_get_timestamp(sk, (struct timeval __user *)arg); 1574 case SIOCGSTAMPNS: 1575 return sock_get_timestampns(sk, (struct timespec __user *)arg); 1576 1577 #ifdef CONFIG_INET 1578 case SIOCADDRT: 1579 case SIOCDELRT: 1580 case SIOCDARP: 1581 case SIOCGARP: 1582 case SIOCSARP: 1583 case SIOCGIFADDR: 1584 case SIOCSIFADDR: 1585 case SIOCGIFBRDADDR: 1586 case SIOCSIFBRDADDR: 1587 case SIOCGIFNETMASK: 1588 case SIOCSIFNETMASK: 1589 case SIOCGIFDSTADDR: 1590 case SIOCSIFDSTADDR: 1591 case SIOCSIFFLAGS: 1592 return inet_dgram_ops.ioctl(sock, cmd, arg); 1593 #endif 1594 1595 default: 1596 return -ENOIOCTLCMD; 1597 } 1598 return 0; 1599 } 1600 1601 #ifndef CONFIG_PACKET_MMAP 1602 #define packet_mmap sock_no_mmap 1603 #define packet_poll datagram_poll 1604 #else 1605 1606 static unsigned int packet_poll(struct file * file, struct socket *sock, 1607 poll_table *wait) 1608 { 1609 struct sock *sk = sock->sk; 1610 struct packet_sock *po = pkt_sk(sk); 1611 unsigned int mask = datagram_poll(file, sock, wait); 1612 1613 spin_lock_bh(&sk->sk_receive_queue.lock); 1614 if (po->pg_vec) { 1615 unsigned last = po->head ? po->head-1 : po->frame_max; 1616 struct tpacket_hdr *h; 1617 1618 h = packet_lookup_frame(po, last); 1619 1620 if (h->tp_status) 1621 mask |= POLLIN | POLLRDNORM; 1622 } 1623 spin_unlock_bh(&sk->sk_receive_queue.lock); 1624 return mask; 1625 } 1626 1627 1628 /* Dirty? Well, I still did not learn better way to account 1629 * for user mmaps. 1630 */ 1631 1632 static void packet_mm_open(struct vm_area_struct *vma) 1633 { 1634 struct file *file = vma->vm_file; 1635 struct socket * sock = file->private_data; 1636 struct sock *sk = sock->sk; 1637 1638 if (sk) 1639 atomic_inc(&pkt_sk(sk)->mapped); 1640 } 1641 1642 static void packet_mm_close(struct vm_area_struct *vma) 1643 { 1644 struct file *file = vma->vm_file; 1645 struct socket * sock = file->private_data; 1646 struct sock *sk = sock->sk; 1647 1648 if (sk) 1649 atomic_dec(&pkt_sk(sk)->mapped); 1650 } 1651 1652 static struct vm_operations_struct packet_mmap_ops = { 1653 .open = packet_mm_open, 1654 .close =packet_mm_close, 1655 }; 1656 1657 static inline struct page *pg_vec_endpage(char *one_pg_vec, unsigned int order) 1658 { 1659 return virt_to_page(one_pg_vec + (PAGE_SIZE << order) - 1); 1660 } 1661 1662 static void free_pg_vec(char **pg_vec, unsigned int order, unsigned int len) 1663 { 1664 int i; 1665 1666 for (i = 0; i < len; i++) { 1667 if (likely(pg_vec[i])) 1668 free_pages((unsigned long) pg_vec[i], order); 1669 } 1670 kfree(pg_vec); 1671 } 1672 1673 static inline char *alloc_one_pg_vec_page(unsigned long order) 1674 { 1675 return (char *) __get_free_pages(GFP_KERNEL | __GFP_COMP | __GFP_ZERO, 1676 order); 1677 } 1678 1679 static char **alloc_pg_vec(struct tpacket_req *req, int order) 1680 { 1681 unsigned int block_nr = req->tp_block_nr; 1682 char **pg_vec; 1683 int i; 1684 1685 pg_vec = kzalloc(block_nr * sizeof(char *), GFP_KERNEL); 1686 if (unlikely(!pg_vec)) 1687 goto out; 1688 1689 for (i = 0; i < block_nr; i++) { 1690 pg_vec[i] = alloc_one_pg_vec_page(order); 1691 if (unlikely(!pg_vec[i])) 1692 goto out_free_pgvec; 1693 } 1694 1695 out: 1696 return pg_vec; 1697 1698 out_free_pgvec: 1699 free_pg_vec(pg_vec, order, block_nr); 1700 pg_vec = NULL; 1701 goto out; 1702 } 1703 1704 static int packet_set_ring(struct sock *sk, struct tpacket_req *req, int closing) 1705 { 1706 char **pg_vec = NULL; 1707 struct packet_sock *po = pkt_sk(sk); 1708 int was_running, order = 0; 1709 __be16 num; 1710 int err = 0; 1711 1712 if (req->tp_block_nr) { 1713 int i, l; 1714 1715 /* Sanity tests and some calculations */ 1716 1717 if (unlikely(po->pg_vec)) 1718 return -EBUSY; 1719 1720 if (unlikely((int)req->tp_block_size <= 0)) 1721 return -EINVAL; 1722 if (unlikely(req->tp_block_size & (PAGE_SIZE - 1))) 1723 return -EINVAL; 1724 if (unlikely(req->tp_frame_size < TPACKET_HDRLEN)) 1725 return -EINVAL; 1726 if (unlikely(req->tp_frame_size & (TPACKET_ALIGNMENT - 1))) 1727 return -EINVAL; 1728 1729 po->frames_per_block = req->tp_block_size/req->tp_frame_size; 1730 if (unlikely(po->frames_per_block <= 0)) 1731 return -EINVAL; 1732 if (unlikely((po->frames_per_block * req->tp_block_nr) != 1733 req->tp_frame_nr)) 1734 return -EINVAL; 1735 1736 err = -ENOMEM; 1737 order = get_order(req->tp_block_size); 1738 pg_vec = alloc_pg_vec(req, order); 1739 if (unlikely(!pg_vec)) 1740 goto out; 1741 1742 l = 0; 1743 for (i = 0; i < req->tp_block_nr; i++) { 1744 char *ptr = pg_vec[i]; 1745 struct tpacket_hdr *header; 1746 int k; 1747 1748 for (k = 0; k < po->frames_per_block; k++) { 1749 header = (struct tpacket_hdr *) ptr; 1750 header->tp_status = TP_STATUS_KERNEL; 1751 ptr += req->tp_frame_size; 1752 } 1753 } 1754 /* Done */ 1755 } else { 1756 if (unlikely(req->tp_frame_nr)) 1757 return -EINVAL; 1758 } 1759 1760 lock_sock(sk); 1761 1762 /* Detach socket from network */ 1763 spin_lock(&po->bind_lock); 1764 was_running = po->running; 1765 num = po->num; 1766 if (was_running) { 1767 __dev_remove_pack(&po->prot_hook); 1768 po->num = 0; 1769 po->running = 0; 1770 __sock_put(sk); 1771 } 1772 spin_unlock(&po->bind_lock); 1773 1774 synchronize_net(); 1775 1776 err = -EBUSY; 1777 if (closing || atomic_read(&po->mapped) == 0) { 1778 err = 0; 1779 #define XC(a, b) ({ __typeof__ ((a)) __t; __t = (a); (a) = (b); __t; }) 1780 1781 spin_lock_bh(&sk->sk_receive_queue.lock); 1782 pg_vec = XC(po->pg_vec, pg_vec); 1783 po->frame_max = (req->tp_frame_nr - 1); 1784 po->head = 0; 1785 po->frame_size = req->tp_frame_size; 1786 spin_unlock_bh(&sk->sk_receive_queue.lock); 1787 1788 order = XC(po->pg_vec_order, order); 1789 req->tp_block_nr = XC(po->pg_vec_len, req->tp_block_nr); 1790 1791 po->pg_vec_pages = req->tp_block_size/PAGE_SIZE; 1792 po->prot_hook.func = po->pg_vec ? tpacket_rcv : packet_rcv; 1793 skb_queue_purge(&sk->sk_receive_queue); 1794 #undef XC 1795 if (atomic_read(&po->mapped)) 1796 printk(KERN_DEBUG "packet_mmap: vma is busy: %d\n", atomic_read(&po->mapped)); 1797 } 1798 1799 spin_lock(&po->bind_lock); 1800 if (was_running && !po->running) { 1801 sock_hold(sk); 1802 po->running = 1; 1803 po->num = num; 1804 dev_add_pack(&po->prot_hook); 1805 } 1806 spin_unlock(&po->bind_lock); 1807 1808 release_sock(sk); 1809 1810 if (pg_vec) 1811 free_pg_vec(pg_vec, order, req->tp_block_nr); 1812 out: 1813 return err; 1814 } 1815 1816 static int packet_mmap(struct file *file, struct socket *sock, struct vm_area_struct *vma) 1817 { 1818 struct sock *sk = sock->sk; 1819 struct packet_sock *po = pkt_sk(sk); 1820 unsigned long size; 1821 unsigned long start; 1822 int err = -EINVAL; 1823 int i; 1824 1825 if (vma->vm_pgoff) 1826 return -EINVAL; 1827 1828 size = vma->vm_end - vma->vm_start; 1829 1830 lock_sock(sk); 1831 if (po->pg_vec == NULL) 1832 goto out; 1833 if (size != po->pg_vec_len*po->pg_vec_pages*PAGE_SIZE) 1834 goto out; 1835 1836 start = vma->vm_start; 1837 for (i = 0; i < po->pg_vec_len; i++) { 1838 struct page *page = virt_to_page(po->pg_vec[i]); 1839 int pg_num; 1840 1841 for (pg_num = 0; pg_num < po->pg_vec_pages; pg_num++, page++) { 1842 err = vm_insert_page(vma, start, page); 1843 if (unlikely(err)) 1844 goto out; 1845 start += PAGE_SIZE; 1846 } 1847 } 1848 atomic_inc(&po->mapped); 1849 vma->vm_ops = &packet_mmap_ops; 1850 err = 0; 1851 1852 out: 1853 release_sock(sk); 1854 return err; 1855 } 1856 #endif 1857 1858 1859 #ifdef CONFIG_SOCK_PACKET 1860 static const struct proto_ops packet_ops_spkt = { 1861 .family = PF_PACKET, 1862 .owner = THIS_MODULE, 1863 .release = packet_release, 1864 .bind = packet_bind_spkt, 1865 .connect = sock_no_connect, 1866 .socketpair = sock_no_socketpair, 1867 .accept = sock_no_accept, 1868 .getname = packet_getname_spkt, 1869 .poll = datagram_poll, 1870 .ioctl = packet_ioctl, 1871 .listen = sock_no_listen, 1872 .shutdown = sock_no_shutdown, 1873 .setsockopt = sock_no_setsockopt, 1874 .getsockopt = sock_no_getsockopt, 1875 .sendmsg = packet_sendmsg_spkt, 1876 .recvmsg = packet_recvmsg, 1877 .mmap = sock_no_mmap, 1878 .sendpage = sock_no_sendpage, 1879 }; 1880 #endif 1881 1882 static const struct proto_ops packet_ops = { 1883 .family = PF_PACKET, 1884 .owner = THIS_MODULE, 1885 .release = packet_release, 1886 .bind = packet_bind, 1887 .connect = sock_no_connect, 1888 .socketpair = sock_no_socketpair, 1889 .accept = sock_no_accept, 1890 .getname = packet_getname, 1891 .poll = packet_poll, 1892 .ioctl = packet_ioctl, 1893 .listen = sock_no_listen, 1894 .shutdown = sock_no_shutdown, 1895 .setsockopt = packet_setsockopt, 1896 .getsockopt = packet_getsockopt, 1897 .sendmsg = packet_sendmsg, 1898 .recvmsg = packet_recvmsg, 1899 .mmap = packet_mmap, 1900 .sendpage = sock_no_sendpage, 1901 }; 1902 1903 static struct net_proto_family packet_family_ops = { 1904 .family = PF_PACKET, 1905 .create = packet_create, 1906 .owner = THIS_MODULE, 1907 }; 1908 1909 static struct notifier_block packet_netdev_notifier = { 1910 .notifier_call =packet_notifier, 1911 }; 1912 1913 #ifdef CONFIG_PROC_FS 1914 static inline struct sock *packet_seq_idx(loff_t off) 1915 { 1916 struct sock *s; 1917 struct hlist_node *node; 1918 1919 sk_for_each(s, node, &packet_sklist) { 1920 if (!off--) 1921 return s; 1922 } 1923 return NULL; 1924 } 1925 1926 static void *packet_seq_start(struct seq_file *seq, loff_t *pos) 1927 { 1928 read_lock(&packet_sklist_lock); 1929 return *pos ? packet_seq_idx(*pos - 1) : SEQ_START_TOKEN; 1930 } 1931 1932 static void *packet_seq_next(struct seq_file *seq, void *v, loff_t *pos) 1933 { 1934 ++*pos; 1935 return (v == SEQ_START_TOKEN) 1936 ? sk_head(&packet_sklist) 1937 : sk_next((struct sock*)v) ; 1938 } 1939 1940 static void packet_seq_stop(struct seq_file *seq, void *v) 1941 { 1942 read_unlock(&packet_sklist_lock); 1943 } 1944 1945 static int packet_seq_show(struct seq_file *seq, void *v) 1946 { 1947 if (v == SEQ_START_TOKEN) 1948 seq_puts(seq, "sk RefCnt Type Proto Iface R Rmem User Inode\n"); 1949 else { 1950 struct sock *s = v; 1951 const struct packet_sock *po = pkt_sk(s); 1952 1953 seq_printf(seq, 1954 "%p %-6d %-4d %04x %-5d %1d %-6u %-6u %-6lu\n", 1955 s, 1956 atomic_read(&s->sk_refcnt), 1957 s->sk_type, 1958 ntohs(po->num), 1959 po->ifindex, 1960 po->running, 1961 atomic_read(&s->sk_rmem_alloc), 1962 sock_i_uid(s), 1963 sock_i_ino(s) ); 1964 } 1965 1966 return 0; 1967 } 1968 1969 static struct seq_operations packet_seq_ops = { 1970 .start = packet_seq_start, 1971 .next = packet_seq_next, 1972 .stop = packet_seq_stop, 1973 .show = packet_seq_show, 1974 }; 1975 1976 static int packet_seq_open(struct inode *inode, struct file *file) 1977 { 1978 return seq_open(file, &packet_seq_ops); 1979 } 1980 1981 static const struct file_operations packet_seq_fops = { 1982 .owner = THIS_MODULE, 1983 .open = packet_seq_open, 1984 .read = seq_read, 1985 .llseek = seq_lseek, 1986 .release = seq_release, 1987 }; 1988 1989 #endif 1990 1991 static void __exit packet_exit(void) 1992 { 1993 proc_net_remove("packet"); 1994 unregister_netdevice_notifier(&packet_netdev_notifier); 1995 sock_unregister(PF_PACKET); 1996 proto_unregister(&packet_proto); 1997 } 1998 1999 static int __init packet_init(void) 2000 { 2001 int rc = proto_register(&packet_proto, 0); 2002 2003 if (rc != 0) 2004 goto out; 2005 2006 sock_register(&packet_family_ops); 2007 register_netdevice_notifier(&packet_netdev_notifier); 2008 proc_net_fops_create("packet", 0, &packet_seq_fops); 2009 out: 2010 return rc; 2011 } 2012 2013 module_init(packet_init); 2014 module_exit(packet_exit); 2015 MODULE_LICENSE("GPL"); 2016 MODULE_ALIAS_NETPROTO(PF_PACKET); 2017