mirror of
https://github.com/rd-stuffs/msm-4.14.git
synced 2025-02-20 11:45:48 +08:00
dc1d03db8d
* refs/heads/tmp-c680586:
dm: Restore reverted changes
Linux 4.14.114
kernel/sysctl.c: fix out-of-bounds access when setting file-max
Revert "locking/lockdep: Add debug_locks check in __lock_downgrade()"
i2c-hid: properly terminate i2c_hid_dmi_desc_override_table[] array
xfs: hold xfs_buf locked between shortform->leaf conversion and the addition of an attribute
xfs: add the ability to join a held buffer to a defer_ops
iomap: report collisions between directio and buffered writes to userspace
tools include: Adopt linux/bits.h
percpu: stop printing kernel addresses
ALSA: info: Fix racy addition/deletion of nodes
mm/vmstat.c: fix /proc/vmstat format for CONFIG_DEBUG_TLBFLUSH=y CONFIG_SMP=n
device_cgroup: fix RCU imbalance in error case
sched/fair: Limit sched_cfs_period_timer() loop to avoid hard lockup
Revert "kbuild: use -Oz instead of -Os when using clang"
net: IP6 defrag: use rbtrees in nf_conntrack_reasm.c
net: IP6 defrag: use rbtrees for IPv6 defrag
ipv6: remove dependency of nf_defrag_ipv6 on ipv6 module
net: IP defrag: encapsulate rbtree defrag code into callable functions
ipv6: frags: fix a lockdep false positive
tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is incomplete
modpost: file2alias: check prototype of handler
modpost: file2alias: go back to simple devtable lookup
mmc: sdhci: Handle auto-command errors
mmc: sdhci: Rename SDHCI_ACMD12_ERR and SDHCI_INT_ACMD12ERR
mmc: sdhci: Fix data command CRC error handling
crypto: crypto4xx - properly set IV after de- and encrypt
x86/speculation: Prevent deadlock on ssb_state::lock
perf/x86: Fix incorrect PEBS_REGS
x86/cpu/bugs: Use __initconst for 'const' init data
perf/x86/amd: Add event map for AMD Family 17h
mac80211: do not call driver wake_tx_queue op during reconfig
rt2x00: do not increment sequence number while re-transmitting
kprobes: Fix error check when reusing optimized probes
kprobes: Mark ftrace mcount handler functions nokprobe
x86/kprobes: Verify stack frame on kretprobe
arm64: futex: Restore oldval initialization to work around buggy compilers
crypto: x86/poly1305 - fix overflow during partial reduction
coredump: fix race condition between mmget_not_zero()/get_task_mm() and core dumping
Revert "svm: Fix AVIC incomplete IPI emulation"
Revert "scsi: fcoe: clear FC_RP_STARTED flags when receiving a LOGO"
scsi: core: set result when the command cannot be dispatched
ALSA: core: Fix card races between register and disconnect
ALSA: hda/realtek - add two more pin configuration sets to quirk table
staging: comedi: ni_usb6501: Fix possible double-free of ->usb_rx_buf
staging: comedi: ni_usb6501: Fix use of uninitialized mutex
staging: comedi: vmk80xx: Fix possible double-free of ->usb_rx_buf
staging: comedi: vmk80xx: Fix use of uninitialized semaphore
io: accel: kxcjk1013: restore the range after resume.
iio: core: fix a possible circular locking dependency
iio: adc: at91: disable adc channel interrupt in timeout case
iio: Fix scan mask selection
iio: dac: mcp4725: add missing powerdown bits in store eeprom
iio: ad_sigma_delta: select channel when reading register
iio: cros_ec: Fix the maths for gyro scale calculation
iio/gyro/bmg160: Use millidegrees for temperature scale
iio: gyro: mpu3050: fix chip ID reading
staging: iio: ad7192: Fix ad7193 channel address
Staging: iio: meter: fixed typo
KVM: x86: svm: make sure NMI is injected after nmi_singlestep
KVM: x86: Don't clear EFER during SMM transitions for 32-bit vCPU
CIFS: keep FileInfo handle live during oplock break
net: thunderx: don't allow jumbo frames with XDP
net: thunderx: raise XDP MTU to 1508
ipv4: ensure rcu_read_lock() in ipv4_link_failure()
ipv4: recompile ip options in ipv4_link_failure
vhost: reject zero size iova range
team: set slave to promisc if team is already in promisc mode
tcp: tcp_grow_window() needs to respect tcp_space()
net: fou: do not use guehdr after iptunnel_pull_offloads in gue_udp_recv
net: bridge: multicast: use rcu to access port list from br_multicast_start_querier
net: bridge: fix per-port af_packet sockets
net: atm: Fix potential Spectre v1 vulnerabilities
bonding: fix event handling for stacked bonds
ANDROID: cuttlefish_defconfig: Enable CONFIG_XFRM_STATISTICS
Linux 4.14.113
appletalk: Fix compile regression
mm: hide incomplete nr_indirectly_reclaimable in sysfs
net: stmmac: Set dma ring length before enabling the DMA
bpf: Fix selftests are changes for CVE 2019-7308
bpf: fix sanitation rewrite in case of non-pointers
bpf: do not restore dst_reg when cur_state is freed
bpf: fix inner map masking to prevent oob under speculation
bpf: fix sanitation of alu op with pointer / scalar type from different paths
bpf: prevent out of bounds speculation on pointer arithmetic
bpf: fix check_map_access smin_value test when pointer contains offset
bpf: restrict unknown scalars of mixed signed bounds for unprivileged
bpf: restrict stack pointer arithmetic for unprivileged
bpf: restrict map value pointer arithmetic for unprivileged
bpf: enable access to ax register also from verifier rewrite
bpf: move tmp variable into ax register in interpreter
bpf: move {prev_,}insn_idx into verifier env
bpf: fix stack state printing in verifier log
bpf: fix verifier NULL pointer dereference
bpf: fix verifier memory leaks
bpf: reduce verifier memory consumption
dm: disable CRYPTO_TFM_REQ_MAY_SLEEP to fix a GFP_KERNEL recursion deadlock
bpf: fix use after free in bpf_evict_inode
include/linux/swap.h: use offsetof() instead of custom __swapoffset macro
lib/div64.c: off by one in shift
appletalk: Fix use-after-free in atalk_proc_exit
drm/amdkfd: use init_mqd function to allocate object for hid_mqd (CI)
ARM: 8839/1: kprobe: make patch_lock a raw_spinlock_t
drm/nouveau/volt/gf117: fix speedo readout register
coresight: cpu-debug: Support for CA73 CPUs
Revert "ACPI / EC: Remove old CLEAR_ON_RESUME quirk"
crypto: axis - fix for recursive locking from bottom half
drm/panel: panel-innolux: set display off in innolux_panel_unprepare
lkdtm: Add tests for NULL pointer dereference
lkdtm: Print real addresses
soc/tegra: pmc: Drop locking from tegra_powergate_is_powered()
iommu/dmar: Fix buffer overflow during PCI bus notification
crypto: sha512/arm - fix crash bug in Thumb2 build
crypto: sha256/arm - fix crash bug in Thumb2 build
kernel: hung_task.c: disable on suspend
cifs: fallback to older infolevels on findfirst queryinfo retry
compiler.h: update definition of unreachable()
KVM: nVMX: restore host state in nested_vmx_vmexit for VMFail
ACPI / SBS: Fix GPE storm on recent MacBookPro's
usbip: fix vhci_hcd controller counting
ARM: samsung: Limit SAMSUNG_PM_CHECK config option to non-Exynos platforms
HID: i2c-hid: override HID descriptors for certain devices
media: au0828: cannot kfree dev before usb disconnect
powerpc/pseries: Remove prrn_work workqueue
serial: uartps: console_setup() can't be placed to init section
netfilter: xt_cgroup: shrink size of v2 path
f2fs: fix to do sanity check with current segment number
9p locks: add mount option for lock retry interval
9p: do not trust pdu content for stat item size
rsi: improve kernel thread handling to fix kernel panic
gpio: pxa: handle corner case of unprobed device
ext4: prohibit fstrim in norecovery mode
fix incorrect error code mapping for OBJECTID_NOT_FOUND
x86/hw_breakpoints: Make default case in hw_breakpoint_arch_parse() return an error
iommu/vt-d: Check capability before disabling protected memory
drm/nouveau/debugfs: Fix check of pm_runtime_get_sync failure
x86/cpu/cyrix: Use correct macros for Cyrix calls on Geode processors
x86/hpet: Prevent potential NULL pointer dereference
irqchip/mbigen: Don't clear eventid when freeing an MSI
perf tests: Fix a memory leak in test__perf_evsel__tp_sched_test()
perf tests: Fix memory leak by expr__find_other() in test__expr()
perf tests: Fix a memory leak of cpu_map object in the openat_syscall_event_on_all_cpus test
perf evsel: Free evsel->counts in perf_evsel__exit()
perf hist: Add missing map__put() in error case
perf top: Fix error handling in cmd_top()
perf build-id: Fix memory leak in print_sdt_events()
perf config: Fix a memory leak in collect_config()
perf config: Fix an error in the config template documentation
perf list: Don't forget to drop the reference to the allocated thread_map
tools/power turbostat: return the exit status of a command
x86/mm: Don't leak kernel addresses
scsi: iscsi: flush running unbind operations when removing a session
thermal/intel_powerclamp: fix truncated kthread name
thermal/int340x_thermal: fix mode setting
thermal/int340x_thermal: Add additional UUIDs
thermal: bcm2835: Fix crash in bcm2835_thermal_debugfs
thermal/intel_powerclamp: fix __percpu declaration of worker_data
ALSA: opl3: fix mismatch between snd_opl3_drum_switch definition and declaration
mmc: davinci: remove extraneous __init annotation
IB/mlx4: Fix race condition between catas error reset and aliasguid flows
auxdisplay: hd44780: Fix memory leak on ->remove()
ALSA: sb8: add a check for request_region
ALSA: echoaudio: add a check for ioremap_nocache
ext4: report real fs size after failed resize
ext4: add missing brelse() in add_new_gdb_meta_bg()
perf/core: Restore mmap record type correctly
arc: hsdk_defconfig: Enable CONFIG_BLK_DEV_RAM
ARC: u-boot args: check that magic number is correct
ANDROID: cuttlefish_defconfig: Enable L2TP/PPTP
ANDROID: Makefile: Properly resolve 4.14.112 merge
Make arm64 serial port config compatible with crosvm
Linux 4.14.112
arm64: dts: rockchip: Fix vcc_host1_5v GPIO polarity on rk3328-rock64
arm64: dts: rockchip: fix vcc_host1_5v pin assign on rk3328-rock64
dm table: propagate BDI_CAP_STABLE_WRITES to fix sporadic checksum errors
PCI: Add function 1 DMA alias quirk for Marvell 9170 SATA controller
x86/perf/amd: Remove need to check "running" bit in NMI handler
x86/perf/amd: Resolve NMI latency issues for active PMCs
x86/perf/amd: Resolve race condition when disabling PMC
xtensa: fix return_address
sched/fair: Do not re-read ->h_load_next during hierarchical load calculation
xen: Prevent buffer overflow in privcmd ioctl
arm64: backtrace: Don't bother trying to unwind the userspace stack
arm64: dts: rockchip: fix rk3328 rgmii high tx error rate
arm64: futex: Fix FUTEX_WAKE_OP atomic ops with non-zero result value
ARM: dts: at91: Fix typo in ISC_D0 on PC9
ARM: dts: am335x-evm: Correct the regulators for the audio codec
ARM: dts: am335x-evmsk: Correct the regulators for the audio codec
virtio: Honour 'may_reduce_num' in vring_create_virtqueue
genirq: Initialize request_mutex if CONFIG_SPARSE_IRQ=n
genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent()
block: fix the return errno for direct IO
block: do not leak memory in bio_copy_user_iov()
btrfs: prop: fix vanished compression property after failed set
btrfs: prop: fix zstd compression parameter validation
Btrfs: do not allow trimming when a fs is mounted with the nologreplay option
ASoC: fsl_esai: fix channel swap issue when stream starts
include/linux/bitrev.h: fix constant bitrev
drm/udl: add a release method and delay modeset teardown
alarmtimer: Return correct remaining time
parisc: regs_return_value() should return gpr28
parisc: Detect QEMU earlier in boot process
arm64: dts: rockchip: fix rk3328 sdmmc0 write errors
hv_netvsc: Fix unwanted wakeup after tx_disable
ip6_tunnel: Match to ARPHRD_TUNNEL6 for dev type
ALSA: seq: Fix OOB-reads from strlcpy
net: ethtool: not call vzalloc for zero sized memory request
netns: provide pure entropy for net_hash_mix()
net/sched: act_sample: fix divide by zero in the traffic path
bnxt_en: Reset device on RX buffer errors.
bnxt_en: Improve RX consumer index validity check.
nfp: validate the return code from dev_queue_xmit()
net/mlx5e: Add a lock on tir list
net/mlx5e: Fix error handling when refreshing TIRs
vrf: check accept_source_route on the original netdevice
tcp: Ensure DCTCP reacts to losses
sctp: initialize _pad of sockaddr_in before copying to user memory
qmi_wwan: add Olicard 600
openvswitch: fix flow actions reallocation
net/sched: fix ->get helper of the matchall cls
net: rds: force to destroy connection if t_sock is NULL in rds_tcp_kill_sock().
net/mlx5: Decrease default mr cache size
net-gro: Fix GRO flush when receiving a GSO packet.
kcm: switch order of device registration to fix a crash
ipv6: sit: reset ip header pointer in ipip6_rcv
ipv6: Fix dangling pointer when ipv6 fragment
tty: ldisc: add sysctl to prevent autoloading of ldiscs
tty: mark Siemens R3964 line discipline as BROKEN
arm64: kaslr: Reserve size of ARM64_MEMSTART_ALIGN in linear region
stating: ccree: revert "staging: ccree: fix leak of import() after init()"
lib/string.c: implement a basic bcmp
x86/vdso: Drop implicit common-page-size linker flag
x86: vdso: Use $LD instead of $CC to link
kbuild: clang: choose GCC_TOOLCHAIN_DIR not on LD
powerpc/tm: Limit TM code inside PPC_TRANSACTIONAL_MEM
drm/i915/gvt: do not let pin count of shadow mm go negative
x86/power: Make restore_processor_context() sane
x86/power/32: Move SYSENTER MSR restoration to fix_processor_context()
x86/power/64: Use struct desc_ptr for the IDT in struct saved_context
x86/power: Fix some ordering bugs in __restore_processor_context()
net: sfp: move sfp_register_socket call from sfp_remove to sfp_probe
Revert "CHROMIUM: dm: boot time specification of dm="
Revert "ANDROID: dm: do_mounts_dm: Rebase on top of 4.9"
Revert "ANDROID: dm: do_mounts_dm: fix dm_substitute_devices()"
Revert "ANDROID: dm: do_mounts_dm: Update init/do_mounts_dm.c to the latest ChromiumOS version."
sched/fair: remove printk while schedule is in progress
ANDROID: Makefile: Add '-fsplit-lto-unit' to cfi-clang-flags
ANDROID: cfi: Remove unused variable in ptr_to_check_fn
ANDROID: cuttlefish_defconfig: Enable CONFIG_FUSE_FS
Conflicts:
arch/arm64/kernel/traps.c
drivers/mmc/host/sdhci.c
drivers/mmc/host/sdhci.h
drivers/tty/Kconfig
kernel/sched/fair.c
Change-Id: Ic4c01204f58cdb536e2cab04e4f1a2451977f6a3
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
505 lines
15 KiB
C
505 lines
15 KiB
C
/*
|
|
* INET An implementation of the TCP/IP protocol suite for the LINUX
|
|
* operating system. INET is implemented using the BSD Socket
|
|
* interface as the means of communication with the user level.
|
|
*
|
|
* The Internet Protocol (IP) module.
|
|
*
|
|
* Authors: Ross Biro
|
|
* Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
|
|
* Donald Becker, <becker@super.org>
|
|
* Alan Cox, <alan@lxorguk.ukuu.org.uk>
|
|
* Richard Underwood
|
|
* Stefan Becker, <stefanb@yello.ping.de>
|
|
* Jorge Cwik, <jorge@laser.satlink.net>
|
|
* Arnt Gulbrandsen, <agulbra@nvg.unit.no>
|
|
*
|
|
*
|
|
* Fixes:
|
|
* Alan Cox : Commented a couple of minor bits of surplus code
|
|
* Alan Cox : Undefining IP_FORWARD doesn't include the code
|
|
* (just stops a compiler warning).
|
|
* Alan Cox : Frames with >=MAX_ROUTE record routes, strict routes or loose routes
|
|
* are junked rather than corrupting things.
|
|
* Alan Cox : Frames to bad broadcast subnets are dumped
|
|
* We used to process them non broadcast and
|
|
* boy could that cause havoc.
|
|
* Alan Cox : ip_forward sets the free flag on the
|
|
* new frame it queues. Still crap because
|
|
* it copies the frame but at least it
|
|
* doesn't eat memory too.
|
|
* Alan Cox : Generic queue code and memory fixes.
|
|
* Fred Van Kempen : IP fragment support (borrowed from NET2E)
|
|
* Gerhard Koerting: Forward fragmented frames correctly.
|
|
* Gerhard Koerting: Fixes to my fix of the above 8-).
|
|
* Gerhard Koerting: IP interface addressing fix.
|
|
* Linus Torvalds : More robustness checks
|
|
* Alan Cox : Even more checks: Still not as robust as it ought to be
|
|
* Alan Cox : Save IP header pointer for later
|
|
* Alan Cox : ip option setting
|
|
* Alan Cox : Use ip_tos/ip_ttl settings
|
|
* Alan Cox : Fragmentation bogosity removed
|
|
* (Thanks to Mark.Bush@prg.ox.ac.uk)
|
|
* Dmitry Gorodchanin : Send of a raw packet crash fix.
|
|
* Alan Cox : Silly ip bug when an overlength
|
|
* fragment turns up. Now frees the
|
|
* queue.
|
|
* Linus Torvalds/ : Memory leakage on fragmentation
|
|
* Alan Cox : handling.
|
|
* Gerhard Koerting: Forwarding uses IP priority hints
|
|
* Teemu Rantanen : Fragment problems.
|
|
* Alan Cox : General cleanup, comments and reformat
|
|
* Alan Cox : SNMP statistics
|
|
* Alan Cox : BSD address rule semantics. Also see
|
|
* UDP as there is a nasty checksum issue
|
|
* if you do things the wrong way.
|
|
* Alan Cox : Always defrag, moved IP_FORWARD to the config.in file
|
|
* Alan Cox : IP options adjust sk->priority.
|
|
* Pedro Roque : Fix mtu/length error in ip_forward.
|
|
* Alan Cox : Avoid ip_chk_addr when possible.
|
|
* Richard Underwood : IP multicasting.
|
|
* Alan Cox : Cleaned up multicast handlers.
|
|
* Alan Cox : RAW sockets demultiplex in the BSD style.
|
|
* Gunther Mayer : Fix the SNMP reporting typo
|
|
* Alan Cox : Always in group 224.0.0.1
|
|
* Pauline Middelink : Fast ip_checksum update when forwarding
|
|
* Masquerading support.
|
|
* Alan Cox : Multicast loopback error for 224.0.0.1
|
|
* Alan Cox : IP_MULTICAST_LOOP option.
|
|
* Alan Cox : Use notifiers.
|
|
* Bjorn Ekwall : Removed ip_csum (from slhc.c too)
|
|
* Bjorn Ekwall : Moved ip_fast_csum to ip.h (inline!)
|
|
* Stefan Becker : Send out ICMP HOST REDIRECT
|
|
* Arnt Gulbrandsen : ip_build_xmit
|
|
* Alan Cox : Per socket routing cache
|
|
* Alan Cox : Fixed routing cache, added header cache.
|
|
* Alan Cox : Loopback didn't work right in original ip_build_xmit - fixed it.
|
|
* Alan Cox : Only send ICMP_REDIRECT if src/dest are the same net.
|
|
* Alan Cox : Incoming IP option handling.
|
|
* Alan Cox : Set saddr on raw output frames as per BSD.
|
|
* Alan Cox : Stopped broadcast source route explosions.
|
|
* Alan Cox : Can disable source routing
|
|
* Takeshi Sone : Masquerading didn't work.
|
|
* Dave Bonn,Alan Cox : Faster IP forwarding whenever possible.
|
|
* Alan Cox : Memory leaks, tramples, misc debugging.
|
|
* Alan Cox : Fixed multicast (by popular demand 8))
|
|
* Alan Cox : Fixed forwarding (by even more popular demand 8))
|
|
* Alan Cox : Fixed SNMP statistics [I think]
|
|
* Gerhard Koerting : IP fragmentation forwarding fix
|
|
* Alan Cox : Device lock against page fault.
|
|
* Alan Cox : IP_HDRINCL facility.
|
|
* Werner Almesberger : Zero fragment bug
|
|
* Alan Cox : RAW IP frame length bug
|
|
* Alan Cox : Outgoing firewall on build_xmit
|
|
* A.N.Kuznetsov : IP_OPTIONS support throughout the kernel
|
|
* Alan Cox : Multicast routing hooks
|
|
* Jos Vos : Do accounting *before* call_in_firewall
|
|
* Willy Konynenberg : Transparent proxying support
|
|
*
|
|
*
|
|
*
|
|
* To Fix:
|
|
* IP fragmentation wants rewriting cleanly. The RFC815 algorithm is much more efficient
|
|
* and could be made very efficient with the addition of some virtual memory hacks to permit
|
|
* the allocation of a buffer that can then be 'grown' by twiddling page tables.
|
|
* Output fragmentation wants updating along with the buffer management to use a single
|
|
* interleaved copy algorithm so that fragmenting has a one copy overhead. Actual packet
|
|
* output should probably do its own fragmentation at the UDP/RAW layer. TCP shouldn't cause
|
|
* fragmentation anyway.
|
|
*
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU General Public License
|
|
* as published by the Free Software Foundation; either version
|
|
* 2 of the License, or (at your option) any later version.
|
|
*/
|
|
|
|
#define pr_fmt(fmt) "IPv4: " fmt
|
|
|
|
#include <linux/module.h>
|
|
#include <linux/types.h>
|
|
#include <linux/kernel.h>
|
|
#include <linux/string.h>
|
|
#include <linux/errno.h>
|
|
#include <linux/slab.h>
|
|
|
|
#include <linux/net.h>
|
|
#include <linux/socket.h>
|
|
#include <linux/sockios.h>
|
|
#include <linux/in.h>
|
|
#include <linux/inet.h>
|
|
#include <linux/inetdevice.h>
|
|
#include <linux/netdevice.h>
|
|
#include <linux/etherdevice.h>
|
|
|
|
#include <net/snmp.h>
|
|
#include <net/ip.h>
|
|
#include <net/protocol.h>
|
|
#include <net/route.h>
|
|
#include <linux/skbuff.h>
|
|
#include <net/sock.h>
|
|
#include <net/arp.h>
|
|
#include <net/icmp.h>
|
|
#include <net/raw.h>
|
|
#include <net/checksum.h>
|
|
#include <net/inet_ecn.h>
|
|
#include <linux/netfilter_ipv4.h>
|
|
#include <net/xfrm.h>
|
|
#include <linux/mroute.h>
|
|
#include <linux/netlink.h>
|
|
#include <net/dst_metadata.h>
|
|
|
|
/*
|
|
* Process Router Attention IP option (RFC 2113)
|
|
*/
|
|
bool ip_call_ra_chain(struct sk_buff *skb)
|
|
{
|
|
struct ip_ra_chain *ra;
|
|
u8 protocol = ip_hdr(skb)->protocol;
|
|
struct sock *last = NULL;
|
|
struct net_device *dev = skb->dev;
|
|
struct net *net = dev_net(dev);
|
|
|
|
for (ra = rcu_dereference(ip_ra_chain); ra; ra = rcu_dereference(ra->next)) {
|
|
struct sock *sk = ra->sk;
|
|
|
|
/* If socket is bound to an interface, only report
|
|
* the packet if it came from that interface.
|
|
*/
|
|
if (sk && inet_sk(sk)->inet_num == protocol &&
|
|
(!sk->sk_bound_dev_if ||
|
|
sk->sk_bound_dev_if == dev->ifindex) &&
|
|
net_eq(sock_net(sk), net)) {
|
|
if (ip_is_fragment(ip_hdr(skb))) {
|
|
if (ip_defrag(net, skb, IP_DEFRAG_CALL_RA_CHAIN))
|
|
return true;
|
|
}
|
|
if (last) {
|
|
struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC);
|
|
if (skb2)
|
|
raw_rcv(last, skb2);
|
|
}
|
|
last = sk;
|
|
}
|
|
}
|
|
|
|
if (last) {
|
|
raw_rcv(last, skb);
|
|
return true;
|
|
}
|
|
return false;
|
|
}
|
|
|
|
void ip_protocol_deliver_rcu(struct net *net, struct sk_buff *skb, int protocol)
|
|
{
|
|
const struct net_protocol *ipprot;
|
|
int raw, ret;
|
|
|
|
resubmit:
|
|
raw = raw_local_deliver(skb, protocol);
|
|
|
|
ipprot = rcu_dereference(inet_protos[protocol]);
|
|
if (ipprot) {
|
|
if (!ipprot->no_policy) {
|
|
if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) {
|
|
kfree_skb(skb);
|
|
return;
|
|
}
|
|
nf_reset(skb);
|
|
}
|
|
ret = ipprot->handler(skb);
|
|
if (ret < 0) {
|
|
protocol = -ret;
|
|
goto resubmit;
|
|
}
|
|
__IP_INC_STATS(net, IPSTATS_MIB_INDELIVERS);
|
|
} else {
|
|
if (!raw) {
|
|
if (xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) {
|
|
__IP_INC_STATS(net, IPSTATS_MIB_INUNKNOWNPROTOS);
|
|
icmp_send(skb, ICMP_DEST_UNREACH,
|
|
ICMP_PROT_UNREACH, 0);
|
|
}
|
|
kfree_skb(skb);
|
|
} else {
|
|
__IP_INC_STATS(net, IPSTATS_MIB_INDELIVERS);
|
|
consume_skb(skb);
|
|
}
|
|
}
|
|
}
|
|
|
|
static int ip_local_deliver_finish(struct net *net, struct sock *sk, struct sk_buff *skb)
|
|
{
|
|
__skb_pull(skb, skb_network_header_len(skb));
|
|
|
|
rcu_read_lock();
|
|
ip_protocol_deliver_rcu(net, skb, ip_hdr(skb)->protocol);
|
|
rcu_read_unlock();
|
|
|
|
return 0;
|
|
}
|
|
|
|
/*
|
|
* Deliver IP Packets to the higher protocol layers.
|
|
*/
|
|
int ip_local_deliver(struct sk_buff *skb)
|
|
{
|
|
/*
|
|
* Reassemble IP fragments.
|
|
*/
|
|
struct net *net = dev_net(skb->dev);
|
|
|
|
if (ip_is_fragment(ip_hdr(skb))) {
|
|
if (ip_defrag(net, skb, IP_DEFRAG_LOCAL_DELIVER))
|
|
return 0;
|
|
}
|
|
|
|
return NF_HOOK(NFPROTO_IPV4, NF_INET_LOCAL_IN,
|
|
net, NULL, skb, skb->dev, NULL,
|
|
ip_local_deliver_finish);
|
|
}
|
|
|
|
static inline bool ip_rcv_options(struct sk_buff *skb, struct net_device *dev)
|
|
{
|
|
struct ip_options *opt;
|
|
const struct iphdr *iph;
|
|
|
|
/* It looks as overkill, because not all
|
|
IP options require packet mangling.
|
|
But it is the easiest for now, especially taking
|
|
into account that combination of IP options
|
|
and running sniffer is extremely rare condition.
|
|
--ANK (980813)
|
|
*/
|
|
if (skb_cow(skb, skb_headroom(skb))) {
|
|
__IP_INC_STATS(dev_net(dev), IPSTATS_MIB_INDISCARDS);
|
|
goto drop;
|
|
}
|
|
|
|
iph = ip_hdr(skb);
|
|
opt = &(IPCB(skb)->opt);
|
|
opt->optlen = iph->ihl*4 - sizeof(struct iphdr);
|
|
|
|
if (ip_options_compile(dev_net(dev), opt, skb)) {
|
|
__IP_INC_STATS(dev_net(dev), IPSTATS_MIB_INHDRERRORS);
|
|
goto drop;
|
|
}
|
|
|
|
if (unlikely(opt->srr)) {
|
|
struct in_device *in_dev = __in_dev_get_rcu(dev);
|
|
|
|
if (in_dev) {
|
|
if (!IN_DEV_SOURCE_ROUTE(in_dev)) {
|
|
if (IN_DEV_LOG_MARTIANS(in_dev))
|
|
net_info_ratelimited("source route option %pI4 -> %pI4\n",
|
|
&iph->saddr,
|
|
&iph->daddr);
|
|
goto drop;
|
|
}
|
|
}
|
|
|
|
if (ip_options_rcv_srr(skb, dev))
|
|
goto drop;
|
|
}
|
|
|
|
return false;
|
|
drop:
|
|
return true;
|
|
}
|
|
|
|
static int ip_rcv_finish(struct net *net, struct sock *sk, struct sk_buff *skb)
|
|
{
|
|
const struct iphdr *iph = ip_hdr(skb);
|
|
int (*edemux)(struct sk_buff *skb);
|
|
struct net_device *dev = skb->dev;
|
|
struct rtable *rt;
|
|
int err;
|
|
|
|
/* if ingress device is enslaved to an L3 master device pass the
|
|
* skb to its handler for processing
|
|
*/
|
|
skb = l3mdev_ip_rcv(skb);
|
|
if (!skb)
|
|
return NET_RX_SUCCESS;
|
|
|
|
if (net->ipv4.sysctl_ip_early_demux &&
|
|
!skb_dst(skb) &&
|
|
!skb->sk &&
|
|
!ip_is_fragment(iph)) {
|
|
const struct net_protocol *ipprot;
|
|
int protocol = iph->protocol;
|
|
|
|
ipprot = rcu_dereference(inet_protos[protocol]);
|
|
if (ipprot && (edemux = READ_ONCE(ipprot->early_demux))) {
|
|
err = edemux(skb);
|
|
if (unlikely(err))
|
|
goto drop_error;
|
|
/* must reload iph, skb->head might have changed */
|
|
iph = ip_hdr(skb);
|
|
}
|
|
}
|
|
|
|
/*
|
|
* Initialise the virtual path cache for the packet. It describes
|
|
* how the packet travels inside Linux networking.
|
|
*/
|
|
if (!skb_valid_dst(skb)) {
|
|
err = ip_route_input_noref(skb, iph->daddr, iph->saddr,
|
|
iph->tos, dev);
|
|
if (unlikely(err))
|
|
goto drop_error;
|
|
}
|
|
|
|
#ifdef CONFIG_IP_ROUTE_CLASSID
|
|
if (unlikely(skb_dst(skb)->tclassid)) {
|
|
struct ip_rt_acct *st = this_cpu_ptr(ip_rt_acct);
|
|
u32 idx = skb_dst(skb)->tclassid;
|
|
st[idx&0xFF].o_packets++;
|
|
st[idx&0xFF].o_bytes += skb->len;
|
|
st[(idx>>16)&0xFF].i_packets++;
|
|
st[(idx>>16)&0xFF].i_bytes += skb->len;
|
|
}
|
|
#endif
|
|
|
|
if (iph->ihl > 5 && ip_rcv_options(skb, dev))
|
|
goto drop;
|
|
|
|
rt = skb_rtable(skb);
|
|
if (rt->rt_type == RTN_MULTICAST) {
|
|
__IP_UPD_PO_STATS(net, IPSTATS_MIB_INMCAST, skb->len);
|
|
} else if (rt->rt_type == RTN_BROADCAST) {
|
|
__IP_UPD_PO_STATS(net, IPSTATS_MIB_INBCAST, skb->len);
|
|
} else if (skb->pkt_type == PACKET_BROADCAST ||
|
|
skb->pkt_type == PACKET_MULTICAST) {
|
|
struct in_device *in_dev = __in_dev_get_rcu(dev);
|
|
|
|
/* RFC 1122 3.3.6:
|
|
*
|
|
* When a host sends a datagram to a link-layer broadcast
|
|
* address, the IP destination address MUST be a legal IP
|
|
* broadcast or IP multicast address.
|
|
*
|
|
* A host SHOULD silently discard a datagram that is received
|
|
* via a link-layer broadcast (see Section 2.4) but does not
|
|
* specify an IP multicast or broadcast destination address.
|
|
*
|
|
* This doesn't explicitly say L2 *broadcast*, but broadcast is
|
|
* in a way a form of multicast and the most common use case for
|
|
* this is 802.11 protecting against cross-station spoofing (the
|
|
* so-called "hole-196" attack) so do it for both.
|
|
*/
|
|
if (in_dev &&
|
|
IN_DEV_ORCONF(in_dev, DROP_UNICAST_IN_L2_MULTICAST))
|
|
goto drop;
|
|
}
|
|
|
|
return dst_input(skb);
|
|
|
|
drop:
|
|
kfree_skb(skb);
|
|
return NET_RX_DROP;
|
|
|
|
drop_error:
|
|
if (err == -EXDEV)
|
|
__NET_INC_STATS(net, LINUX_MIB_IPRPFILTER);
|
|
goto drop;
|
|
}
|
|
|
|
/*
|
|
* Main IP Receive routine.
|
|
*/
|
|
int ip_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt, struct net_device *orig_dev)
|
|
{
|
|
const struct iphdr *iph;
|
|
struct net *net;
|
|
u32 len;
|
|
|
|
/* When the interface is in promisc. mode, drop all the crap
|
|
* that it receives, do not try to analyse it.
|
|
*/
|
|
if (skb->pkt_type == PACKET_OTHERHOST)
|
|
goto drop;
|
|
|
|
|
|
net = dev_net(dev);
|
|
__IP_UPD_PO_STATS(net, IPSTATS_MIB_IN, skb->len);
|
|
|
|
skb = skb_share_check(skb, GFP_ATOMIC);
|
|
if (!skb) {
|
|
__IP_INC_STATS(net, IPSTATS_MIB_INDISCARDS);
|
|
goto out;
|
|
}
|
|
|
|
if (!pskb_may_pull(skb, sizeof(struct iphdr)))
|
|
goto inhdr_error;
|
|
|
|
iph = ip_hdr(skb);
|
|
|
|
/*
|
|
* RFC1122: 3.2.1.2 MUST silently discard any IP frame that fails the checksum.
|
|
*
|
|
* Is the datagram acceptable?
|
|
*
|
|
* 1. Length at least the size of an ip header
|
|
* 2. Version of 4
|
|
* 3. Checksums correctly. [Speed optimisation for later, skip loopback checksums]
|
|
* 4. Doesn't have a bogus length
|
|
*/
|
|
|
|
if (iph->ihl < 5 || iph->version != 4)
|
|
goto inhdr_error;
|
|
|
|
BUILD_BUG_ON(IPSTATS_MIB_ECT1PKTS != IPSTATS_MIB_NOECTPKTS + INET_ECN_ECT_1);
|
|
BUILD_BUG_ON(IPSTATS_MIB_ECT0PKTS != IPSTATS_MIB_NOECTPKTS + INET_ECN_ECT_0);
|
|
BUILD_BUG_ON(IPSTATS_MIB_CEPKTS != IPSTATS_MIB_NOECTPKTS + INET_ECN_CE);
|
|
__IP_ADD_STATS(net,
|
|
IPSTATS_MIB_NOECTPKTS + (iph->tos & INET_ECN_MASK),
|
|
max_t(unsigned short, 1, skb_shinfo(skb)->gso_segs));
|
|
|
|
if (!pskb_may_pull(skb, iph->ihl*4))
|
|
goto inhdr_error;
|
|
|
|
iph = ip_hdr(skb);
|
|
|
|
if (unlikely(ip_fast_csum((u8 *)iph, iph->ihl)))
|
|
goto csum_error;
|
|
|
|
len = ntohs(iph->tot_len);
|
|
if (skb->len < len) {
|
|
__IP_INC_STATS(net, IPSTATS_MIB_INTRUNCATEDPKTS);
|
|
goto drop;
|
|
} else if (len < (iph->ihl*4))
|
|
goto inhdr_error;
|
|
|
|
/* Our transport medium may have padded the buffer out. Now we know it
|
|
* is IP we can trim to the true length of the frame.
|
|
* Note this now means skb->len holds ntohs(iph->tot_len).
|
|
*/
|
|
if (pskb_trim_rcsum(skb, len)) {
|
|
__IP_INC_STATS(net, IPSTATS_MIB_INDISCARDS);
|
|
goto drop;
|
|
}
|
|
|
|
iph = ip_hdr(skb);
|
|
skb->transport_header = skb->network_header + iph->ihl*4;
|
|
|
|
/* Remove any debris in the socket control block */
|
|
memset(IPCB(skb), 0, sizeof(struct inet_skb_parm));
|
|
IPCB(skb)->iif = skb->skb_iif;
|
|
|
|
/* Must drop socket now because of tproxy. */
|
|
skb_orphan(skb);
|
|
|
|
return NF_HOOK(NFPROTO_IPV4, NF_INET_PRE_ROUTING,
|
|
net, NULL, skb, dev, NULL,
|
|
ip_rcv_finish);
|
|
|
|
csum_error:
|
|
__IP_INC_STATS(net, IPSTATS_MIB_CSUMERRORS);
|
|
inhdr_error:
|
|
__IP_INC_STATS(net, IPSTATS_MIB_INHDRERRORS);
|
|
drop:
|
|
kfree_skb(skb);
|
|
out:
|
|
return NET_RX_DROP;
|
|
}
|