search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
KEYS: add missing permission check for request_key() destination
[linux/fpc-iii.git] / net / ipv6 / inet6_connection_sock.c
blobc3f50bbf6746e954e48ae776d26ae593f3d83e1a
1 /*
2 * INET An implementation of the TCP/IP protocol suite for the LINUX
3 * operating system. INET is implemented using the BSD Socket
4 * interface as the means of communication with the user level.
5 *
6 * Support for INET6 connection oriented protocols.
7 *
8 * Authors: See the TCPv6 sources
9 *
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version
13 * 2 of the License, or(at your option) any later version.
14 */
15
16 #include <linux/module.h>
17 #include <linux/in6.h>
18 #include <linux/ipv6.h>
19 #include <linux/jhash.h>
20 #include <linux/slab.h>
21
22 #include <net/addrconf.h>
23 #include <net/inet_connection_sock.h>
24 #include <net/inet_ecn.h>
25 #include <net/inet_hashtables.h>
26 #include <net/ip6_route.h>
27 #include <net/sock.h>
28 #include <net/inet6_connection_sock.h>
29
30 int inet6_csk_bind_conflict(const struct sock *sk,
31 const struct inet_bind_bucket *tb, bool relax)
32 {
33 const struct sock *sk2;
34 int reuse = sk->sk_reuse;
35 int reuseport = sk->sk_reuseport;
36 kuid_t uid = sock_i_uid((struct sock *)sk);
37
38 /* We must walk the whole port owner list in this case. -DaveM */
39 /*
40 * See comment in inet_csk_bind_conflict about sock lookup
41 * vs net namespaces issues.
42 */
43 sk_for_each_bound(sk2, &tb->owners) {
44 if (sk != sk2 &&
45 (!sk->sk_bound_dev_if ||
46 !sk2->sk_bound_dev_if ||
47 sk->sk_bound_dev_if == sk2->sk_bound_dev_if)) {
48 if ((!reuse || !sk2->sk_reuse ||
49 sk2->sk_state == TCP_LISTEN) &&
50 (!reuseport || !sk2->sk_reuseport ||
51 (sk2->sk_state != TCP_TIME_WAIT &&
52 !uid_eq(uid,
53 sock_i_uid((struct sock *)sk2))))) {
54 if (ipv6_rcv_saddr_equal(sk, sk2))
55 break;
56 }
57 if (!relax && reuse && sk2->sk_reuse &&
58 sk2->sk_state != TCP_LISTEN &&
59 ipv6_rcv_saddr_equal(sk, sk2))
60 break;
61 }
62 }
63
64 return sk2 != NULL;
65 }
66
67 EXPORT_SYMBOL_GPL(inet6_csk_bind_conflict);
68
69 struct dst_entry *inet6_csk_route_req(struct sock *sk,
70 struct flowi6 *fl6,
71 const struct request_sock *req)
72 {
73 struct inet_request_sock *ireq = inet_rsk(req);
74 struct ipv6_pinfo *np = inet6_sk(sk);
75 struct in6_addr *final_p, final;
76 struct dst_entry *dst;
77
78 memset(fl6, 0, sizeof(*fl6));
79 fl6->flowi6_proto = IPPROTO_TCP;
80 fl6->daddr = ireq->ir_v6_rmt_addr;
81 rcu_read_lock();
82 final_p = fl6_update_dst(fl6, rcu_dereference(np->opt), &final);
83 rcu_read_unlock();
84 fl6->saddr = ireq->ir_v6_loc_addr;
85 fl6->flowi6_oif = ireq->ir_iif;
86 fl6->flowi6_mark = ireq->ir_mark;
87 fl6->fl6_dport = ireq->ir_rmt_port;
88 fl6->fl6_sport = htons(ireq->ir_num);
89 security_req_classify_flow(req, flowi6_to_flowi(fl6));
90
91 dst = ip6_dst_lookup_flow(sk, fl6, final_p);
92 if (IS_ERR(dst))
93 return NULL;
94
95 return dst;
96 }
97
98 /*
99 * request_sock (formerly open request) hash tables.
100 */
101 static u32 inet6_synq_hash(const struct in6_addr *raddr, const __be16 rport,
102 const u32 rnd, const u32 synq_hsize)
103 {
104 u32 c;
105
106 c = jhash_3words((__force u32)raddr->s6_addr32[0],
107 (__force u32)raddr->s6_addr32[1],
108 (__force u32)raddr->s6_addr32[2],
109 rnd);
110
111 c = jhash_2words((__force u32)raddr->s6_addr32[3],
112 (__force u32)rport,
113 c);
114
115 return c & (synq_hsize - 1);
116 }
117
118 struct request_sock *inet6_csk_search_req(const struct sock *sk,
119 struct request_sock ***prevp,
120 const __be16 rport,
121 const struct in6_addr *raddr,
122 const struct in6_addr *laddr,
123 const int iif)
124 {
125 const struct inet_connection_sock *icsk = inet_csk(sk);
126 struct listen_sock *lopt = icsk->icsk_accept_queue.listen_opt;
127 struct request_sock *req, **prev;
128
129 for (prev = &lopt->syn_table[inet6_synq_hash(raddr, rport,
130 lopt->hash_rnd,
131 lopt->nr_table_entries)];
132 (req = *prev) != NULL;
133 prev = &req->dl_next) {
134 const struct inet_request_sock *ireq = inet_rsk(req);
135
136 if (ireq->ir_rmt_port == rport &&
137 req->rsk_ops->family == AF_INET6 &&
138 ipv6_addr_equal(&ireq->ir_v6_rmt_addr, raddr) &&
139 ipv6_addr_equal(&ireq->ir_v6_loc_addr, laddr) &&
140 (!ireq->ir_iif || ireq->ir_iif == iif)) {
141 WARN_ON(req->sk != NULL);
142 *prevp = prev;
143 return req;
144 }
145 }
146
147 return NULL;
148 }
149
150 EXPORT_SYMBOL_GPL(inet6_csk_search_req);
151
152 void inet6_csk_reqsk_queue_hash_add(struct sock *sk,
153 struct request_sock *req,
154 const unsigned long timeout)
155 {
156 struct inet_connection_sock *icsk = inet_csk(sk);
157 struct listen_sock *lopt = icsk->icsk_accept_queue.listen_opt;
158 const u32 h = inet6_synq_hash(&inet_rsk(req)->ir_v6_rmt_addr,
159 inet_rsk(req)->ir_rmt_port,
160 lopt->hash_rnd, lopt->nr_table_entries);
161
162 reqsk_queue_hash_req(&icsk->icsk_accept_queue, h, req, timeout);
163 inet_csk_reqsk_queue_added(sk, timeout);
164 }
165
166 EXPORT_SYMBOL_GPL(inet6_csk_reqsk_queue_hash_add);
167
168 void inet6_csk_addr2sockaddr(struct sock *sk, struct sockaddr * uaddr)
169 {
170 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *) uaddr;
171
172 sin6->sin6_family = AF_INET6;
173 sin6->sin6_addr = sk->sk_v6_daddr;
174 sin6->sin6_port = inet_sk(sk)->inet_dport;
175 /* We do not store received flowlabel for TCP */
176 sin6->sin6_flowinfo = 0;
177 sin6->sin6_scope_id = ipv6_iface_scope_id(&sin6->sin6_addr,
178 sk->sk_bound_dev_if);
179 }
180
181 EXPORT_SYMBOL_GPL(inet6_csk_addr2sockaddr);
182
183 static inline
184 void __inet6_csk_dst_store(struct sock *sk, struct dst_entry *dst,
185 const struct in6_addr *daddr,
186 const struct in6_addr *saddr)
187 {
188 __ip6_dst_store(sk, dst, daddr, saddr);
189 }
190
191 static inline
192 struct dst_entry *__inet6_csk_dst_check(struct sock *sk, u32 cookie)
193 {
194 return __sk_dst_check(sk, cookie);
195 }
196
197 static struct dst_entry *inet6_csk_route_socket(struct sock *sk,
198 struct flowi6 *fl6)
199 {
200 struct inet_sock *inet = inet_sk(sk);
201 struct ipv6_pinfo *np = inet6_sk(sk);
202 struct in6_addr *final_p, final;
203 struct dst_entry *dst;
204
205 memset(fl6, 0, sizeof(*fl6));
206 fl6->flowi6_proto = sk->sk_protocol;
207 fl6->daddr = sk->sk_v6_daddr;
208 fl6->saddr = np->saddr;
209 fl6->flowlabel = np->flow_label;
210 IP6_ECN_flow_xmit(sk, fl6->flowlabel);
211 fl6->flowi6_oif = sk->sk_bound_dev_if;
212 fl6->flowi6_mark = sk->sk_mark;
213 fl6->fl6_sport = inet->inet_sport;
214 fl6->fl6_dport = inet->inet_dport;
215 security_sk_classify_flow(sk, flowi6_to_flowi(fl6));
216
217 rcu_read_lock();
218 final_p = fl6_update_dst(fl6, rcu_dereference(np->opt), &final);
219 rcu_read_unlock();
220
221 dst = __inet6_csk_dst_check(sk, np->dst_cookie);
222 if (!dst) {
223 dst = ip6_dst_lookup_flow(sk, fl6, final_p);
224
225 if (!IS_ERR(dst))
226 __inet6_csk_dst_store(sk, dst, NULL, NULL);
227 }
228 return dst;
229 }
230
231 int inet6_csk_xmit(struct sock *sk, struct sk_buff *skb, struct flowi *fl_unused)
232 {
233 struct ipv6_pinfo *np = inet6_sk(sk);
234 struct flowi6 fl6;
235 struct dst_entry *dst;
236 int res;
237
238 dst = inet6_csk_route_socket(sk, &fl6);
239 if (IS_ERR(dst)) {
240 sk->sk_err_soft = -PTR_ERR(dst);
241 sk->sk_route_caps = 0;
242 kfree_skb(skb);
243 return PTR_ERR(dst);
244 }
245
246 rcu_read_lock();
247 skb_dst_set_noref(skb, dst);
248
249 /* Restore final destination back after routing done */
250 fl6.daddr = sk->sk_v6_daddr;
251
252 res = ip6_xmit(sk, skb, &fl6, rcu_dereference(np->opt),
253 np->tclass);
254 rcu_read_unlock();
255 return res;
256 }
257 EXPORT_SYMBOL_GPL(inet6_csk_xmit);
258
259 struct dst_entry *inet6_csk_update_pmtu(struct sock *sk, u32 mtu)
260 {
261 struct flowi6 fl6;
262 struct dst_entry *dst = inet6_csk_route_socket(sk, &fl6);
263
264 if (IS_ERR(dst))
265 return NULL;
266 dst->ops->update_pmtu(dst, sk, NULL, mtu);
267
268 dst = inet6_csk_route_socket(sk, &fl6);
269 return IS_ERR(dst) ? NULL : dst;
270 }
271 EXPORT_SYMBOL_GPL(inet6_csk_update_pmtu);
Linux with added FPC-III support