LXR linux/net/ipv4/inet

   1/*
   2 * INET         An implementation of the TCP/IP protocol suite for the LINUX
   3 *              operating system.  INET is implemented using the BSD Socket
   4 *              interface as the means of communication with the user level.
   5 *
   6 *              Generic INET transport hashtables
   7 *
   8 * Authors:     Lotsa people, from code originally in tcp
   9 *
  10 *      This program is free software; you can redistribute it and/or
  11 *      modify it under the terms of the GNU General Public License
  12 *      as published by the Free Software Foundation; either version
  13 *      2 of the License, or (at your option) any later version.
  14 */
  15
  16#include <linux/module.h>
  17#include <linux/random.h>
  18#include <linux/sched.h>
  19#include <linux/slab.h>
  20#include <linux/wait.h>
  21
  22#include <net/inet_connection_sock.h>
  23#include <net/inet_hashtables.h>
  24#include <net/secure_seq.h>
  25#include <net/ip.h>
  26
  27static unsigned int inet_ehashfn(struct net *net, const __be32 laddr,
  28                                 const __u16 lport, const __be32 faddr,
  29                                 const __be16 fport)
  30{
  31        static u32 inet_ehash_secret __read_mostly;
  32
  33        net_get_random_once(&inet_ehash_secret, sizeof(inet_ehash_secret));
  34
  35        return __inet_ehashfn(laddr, lport, faddr, fport,
  36                              inet_ehash_secret + net_hash_mix(net));
  37}
  38
  39
  40static unsigned int inet_sk_ehashfn(const struct sock *sk)
  41{
  42        const struct inet_sock *inet = inet_sk(sk);
  43        const __be32 laddr = inet->inet_rcv_saddr;
  44        const __u16 lport = inet->inet_num;
  45        const __be32 faddr = inet->inet_daddr;
  46        const __be16 fport = inet->inet_dport;
  47        struct net *net = sock_net(sk);
  48
  49        return inet_ehashfn(net, laddr, lport, faddr, fport);
  50}
  51
  52/*
  53 * Allocate and initialize a new local port bind bucket.
  54 * The bindhash mutex for snum's hash chain must be held here.
  55 */
  56struct inet_bind_bucket *inet_bind_bucket_create(struct kmem_cache *cachep,
  57                                                 struct net *net,
  58                                                 struct inet_bind_hashbucket *head,
  59                                                 const unsigned short snum)
  60{
  61        struct inet_bind_bucket *tb = kmem_cache_alloc(cachep, GFP_ATOMIC);
  62
  63        if (tb != NULL) {
  64                write_pnet(&tb->ib_net, net);
  65                tb->port      = snum;
  66                tb->fastreuse = 0;
  67                tb->fastreuseport = 0;
  68                tb->num_owners = 0;
  69                INIT_HLIST_HEAD(&tb->owners);
  70                hlist_add_head(&tb->node, &head->chain);
  71        }
  72        return tb;
  73}
  74
  75/*
  76 * Caller must hold hashbucket lock for this tb with local BH disabled
  77 */
  78void inet_bind_bucket_destroy(struct kmem_cache *cachep, struct inet_bind_bucket *tb)
  79{
  80        if (hlist_empty(&tb->owners)) {
  81                __hlist_del(&tb->node);
  82                kmem_cache_free(cachep, tb);
  83        }
  84}
  85
  86void inet_bind_hash(struct sock *sk, struct inet_bind_bucket *tb,
  87                    const unsigned short snum)
  88{
  89        struct inet_hashinfo *hashinfo = sk->sk_prot->h.hashinfo;
  90
  91        atomic_inc(&hashinfo->bsockets);
  92
  93        inet_sk(sk)->inet_num = snum;
  94        sk_add_bind_node(sk, &tb->owners);
  95        tb->num_owners++;
  96        inet_csk(sk)->icsk_bind_hash = tb;
  97}
  98
  99/*
 100 * Get rid of any references to a local port held by the given sock.
 101 */
 102static void __inet_put_port(struct sock *sk)
 103{
 104        struct inet_hashinfo *hashinfo = sk->sk_prot->h.hashinfo;
 105        const int bhash = inet_bhashfn(sock_net(sk), inet_sk(sk)->inet_num,
 106                        hashinfo->bhash_size);
 107        struct inet_bind_hashbucket *head = &hashinfo->bhash[bhash];
 108        struct inet_bind_bucket *tb;
 109
 110        atomic_dec(&hashinfo->bsockets);
 111
 112        spin_lock(&head->lock);
 113        tb = inet_csk(sk)->icsk_bind_hash;
 114        __sk_del_bind_node(sk);
 115        tb->num_owners--;
 116        inet_csk(sk)->icsk_bind_hash = NULL;
 117        inet_sk(sk)->inet_num = 0;
 118        inet_bind_bucket_destroy(hashinfo->bind_bucket_cachep, tb);
 119        spin_unlock(&head->lock);
 120}
 121
 122void inet_put_port(struct sock *sk)
 123{
 124        local_bh_disable();
 125        __inet_put_port(sk);
 126        local_bh_enable();
 127}
 128EXPORT_SYMBOL(inet_put_port);
 129
 130int __inet_inherit_port(struct sock *sk, struct sock *child)
 131{
 132        struct inet_hashinfo *table = sk->sk_prot->h.hashinfo;
 133        unsigned short port = inet_sk(child)->inet_num;
 134        const int bhash = inet_bhashfn(sock_net(sk), port,
 135                        table->bhash_size);
 136        struct inet_bind_hashbucket *head = &table->bhash[bhash];
 137        struct inet_bind_bucket *tb;
 138
 139        spin_lock(&head->lock);
 140        tb = inet_csk(sk)->icsk_bind_hash;
 141        if (tb->port != port) {
 142                /* NOTE: using tproxy and redirecting skbs to a proxy
 143                 * on a different listener port breaks the assumption
 144                 * that the listener socket's icsk_bind_hash is the same
 145                 * as that of the child socket. We have to look up or
 146                 * create a new bind bucket for the child here. */
 147                inet_bind_bucket_for_each(tb, &head->chain) {
 148                        if (net_eq(ib_net(tb), sock_net(sk)) &&
 149                            tb->port == port)
 150                                break;
 151                }
 152                if (!tb) {
 153                        tb = inet_bind_bucket_create(table->bind_bucket_cachep,
 154                                                     sock_net(sk), head, port);
 155                        if (!tb) {
 156                                spin_unlock(&head->lock);
 157                                return -ENOMEM;
 158                        }
 159                }
 160        }
 161        inet_bind_hash(child, tb, port);
 162        spin_unlock(&head->lock);
 163
 164        return 0;
 165}
 166EXPORT_SYMBOL_GPL(__inet_inherit_port);
 167
 168static inline int compute_score(struct sock *sk, struct net *net,
 169                                const unsigned short hnum, const __be32 daddr,
 170                                const int dif)
 171{
 172        int score = -1;
 173        struct inet_sock *inet = inet_sk(sk);
 174
 175        if (net_eq(sock_net(sk), net) && inet->inet_num == hnum &&
 176                        !ipv6_only_sock(sk)) {
 177                __be32 rcv_saddr = inet->inet_rcv_saddr;
 178                score = sk->sk_family == PF_INET ? 2 : 1;
 179                if (rcv_saddr) {
 180                        if (rcv_saddr != daddr)
 181                                return -1;
 182                        score += 4;
 183                }
 184                if (sk->sk_bound_dev_if) {
 185                        if (sk->sk_bound_dev_if != dif)
 186                                return -1;
 187                        score += 4;
 188                }
 189        }
 190        return score;
 191}
 192
 193/*
 194 * Don't inline this cruft. Here are some nice properties to exploit here. The
 195 * BSD API does not allow a listening sock to specify the remote port nor the
 196 * remote address for the connection. So always assume those are both
 197 * wildcarded during the search since they can never be otherwise.
 198 */
 199
 200
 201struct sock *__inet_lookup_listener(struct net *net,
 202                                    struct inet_hashinfo *hashinfo,
 203                                    const __be32 saddr, __be16 sport,
 204                                    const __be32 daddr, const unsigned short hnum,
 205                                    const int dif)
 206{
 207        struct sock *sk, *result;
 208        struct hlist_nulls_node *node;
 209        unsigned int hash = inet_lhashfn(net, hnum);
 210        struct inet_listen_hashbucket *ilb = &hashinfo->listening_hash[hash];
 211        int score, hiscore, matches = 0, reuseport = 0;
 212        u32 phash = 0;
 213
 214        rcu_read_lock();
 215begin:
 216        result = NULL;
 217        hiscore = 0;
 218        sk_nulls_for_each_rcu(sk, node, &ilb->head) {
 219                score = compute_score(sk, net, hnum, daddr, dif);
 220                if (score > hiscore) {
 221                        result = sk;
 222                        hiscore = score;
 223                        reuseport = sk->sk_reuseport;
 224                        if (reuseport) {
 225                                phash = inet_ehashfn(net, daddr, hnum,
 226                                                     saddr, sport);
 227                                matches = 1;
 228                        }
 229                } else if (score == hiscore && reuseport) {
 230                        matches++;
 231                        if (reciprocal_scale(phash, matches) == 0)
 232                                result = sk;
 233                        phash = next_pseudo_random32(phash);
 234                }
 235        }
 236        /*
 237         * if the nulls value we got at the end of this lookup is
 238         * not the expected one, we must restart lookup.
 239         * We probably met an item that was moved to another chain.
 240         */
 241        if (get_nulls_value(node) != hash + LISTENING_NULLS_BASE)
 242                goto begin;
 243        if (result) {
 244                if (unlikely(!atomic_inc_not_zero(&result->sk_refcnt)))
 245                        result = NULL;
 246                else if (unlikely(compute_score(result, net, hnum, daddr,
 247                                  dif) < hiscore)) {
 248                        sock_put(result);
 249                        goto begin;
 250                }
 251        }
 252        rcu_read_unlock();
 253        return result;
 254}
 255EXPORT_SYMBOL_GPL(__inet_lookup_listener);
 256
 257/* All sockets share common refcount, but have different destructors */
 258void sock_gen_put(struct sock *sk)
 259{
 260        if (!atomic_dec_and_test(&sk->sk_refcnt))
 261                return;
 262
 263        if (sk->sk_state == TCP_TIME_WAIT)
 264                inet_twsk_free(inet_twsk(sk));
 265        else
 266                sk_free(sk);
 267}
 268EXPORT_SYMBOL_GPL(sock_gen_put);
 269
 270struct sock *__inet_lookup_established(struct net *net,
 271                                  struct inet_hashinfo *hashinfo,
 272                                  const __be32 saddr, const __be16 sport,
 273                                  const __be32 daddr, const u16 hnum,
 274                                  const int dif)
 275{
 276        INET_ADDR_COOKIE(acookie, saddr, daddr)
 277        const __portpair ports = INET_COMBINED_PORTS(sport, hnum);
 278        struct sock *sk;
 279        const struct hlist_nulls_node *node;
 280        /* Optimize here for direct hit, only listening connections can
 281         * have wildcards anyways.
 282         */
 283        unsigned int hash = inet_ehashfn(net, daddr, hnum, saddr, sport);
 284        unsigned int slot = hash & hashinfo->ehash_mask;
 285        struct inet_ehash_bucket *head = &hashinfo->ehash[slot];
 286
 287        rcu_read_lock();
 288begin:
 289        sk_nulls_for_each_rcu(sk, node, &head->chain) {
 290                if (sk->sk_hash != hash)
 291                        continue;
 292                if (likely(INET_MATCH(sk, net, acookie,
 293                                      saddr, daddr, ports, dif))) {
 294                        if (unlikely(!atomic_inc_not_zero(&sk->sk_refcnt)))
 295                                goto out;
 296                        if (unlikely(!INET_MATCH(sk, net, acookie,
 297                                                 saddr, daddr, ports, dif))) {
 298                                sock_gen_put(sk);
 299                                goto begin;
 300                        }
 301                        goto found;
 302                }
 303        }
 304        /*
 305         * if the nulls value we got at the end of this lookup is
 306         * not the expected one, we must restart lookup.
 307         * We probably met an item that was moved to another chain.
 308         */
 309        if (get_nulls_value(node) != slot)
 310                goto begin;
 311out:
 312        sk = NULL;
 313found:
 314        rcu_read_unlock();
 315        return sk;
 316}
 317EXPORT_SYMBOL_GPL(__inet_lookup_established);
 318
 319/* called with local bh disabled */
 320static int __inet_check_established(struct inet_timewait_death_row *death_row,
 321                                    struct sock *sk, __u16 lport,
 322                                    struct inet_timewait_sock **twp)
 323{
 324        struct inet_hashinfo *hinfo = death_row->hashinfo;
 325        struct inet_sock *inet = inet_sk(sk);
 326        __be32 daddr = inet->inet_rcv_saddr;
 327        __be32 saddr = inet->inet_daddr;
 328        int dif = sk->sk_bound_dev_if;
 329        INET_ADDR_COOKIE(acookie, saddr, daddr)
 330        const __portpair ports = INET_COMBINED_PORTS(inet->inet_dport, lport);
 331        struct net *net = sock_net(sk);
 332        unsigned int hash = inet_ehashfn(net, daddr, lport,
 333                                         saddr, inet->inet_dport);
 334        struct inet_ehash_bucket *head = inet_ehash_bucket(hinfo, hash);
 335        spinlock_t *lock = inet_ehash_lockp(hinfo, hash);
 336        struct sock *sk2;
 337        const struct hlist_nulls_node *node;
 338        struct inet_timewait_sock *tw = NULL;
 339        int twrefcnt = 0;
 340
 341        spin_lock(lock);
 342
 343        sk_nulls_for_each(sk2, node, &head->chain) {
 344                if (sk2->sk_hash != hash)
 345                        continue;
 346
 347                if (likely(INET_MATCH(sk2, net, acookie,
 348                                         saddr, daddr, ports, dif))) {
 349                        if (sk2->sk_state == TCP_TIME_WAIT) {
 350                                tw = inet_twsk(sk2);
 351                                if (twsk_unique(sk, sk2, twp))
 352                                        break;
 353                        }
 354                        goto not_unique;
 355                }
 356        }
 357
 358        /* Must record num and sport now. Otherwise we will see
 359         * in hash table socket with a funny identity.
 360         */
 361        inet->inet_num = lport;
 362        inet->inet_sport = htons(lport);
 363        sk->sk_hash = hash;
 364        WARN_ON(!sk_unhashed(sk));
 365        __sk_nulls_add_node_rcu(sk, &head->chain);
 366        if (tw) {
 367                twrefcnt = inet_twsk_unhash(tw);
 368                NET_INC_STATS_BH(net, LINUX_MIB_TIMEWAITRECYCLED);
 369        }
 370        spin_unlock(lock);
 371        if (twrefcnt)
 372                inet_twsk_put(tw);
 373        sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1);
 374
 375        if (twp) {
 376                *twp = tw;
 377        } else if (tw) {
 378                /* Silly. Should hash-dance instead... */
 379                inet_twsk_deschedule(tw, death_row);
 380
 381                inet_twsk_put(tw);
 382        }
 383        return 0;
 384
 385not_unique:
 386        spin_unlock(lock);
 387        return -EADDRNOTAVAIL;
 388}
 389
 390static inline u32 inet_sk_port_offset(const struct sock *sk)
 391{
 392        const struct inet_sock *inet = inet_sk(sk);
 393        return secure_ipv4_port_ephemeral(inet->inet_rcv_saddr,
 394                                          inet->inet_daddr,
 395                                          inet->inet_dport);
 396}
 397
 398int __inet_hash_nolisten(struct sock *sk, struct inet_timewait_sock *tw)
 399{
 400        struct inet_hashinfo *hashinfo = sk->sk_prot->h.hashinfo;
 401        struct hlist_nulls_head *list;
 402        spinlock_t *lock;
 403        struct inet_ehash_bucket *head;
 404        int twrefcnt = 0;
 405
 406        WARN_ON(!sk_unhashed(sk));
 407
 408        sk->sk_hash = inet_sk_ehashfn(sk);
 409        head = inet_ehash_bucket(hashinfo, sk->sk_hash);
 410        list = &head->chain;
 411        lock = inet_ehash_lockp(hashinfo, sk->sk_hash);
 412
 413        spin_lock(lock);
 414        __sk_nulls_add_node_rcu(sk, list);
 415        if (tw) {
 416                WARN_ON(sk->sk_hash != tw->tw_hash);
 417                twrefcnt = inet_twsk_unhash(tw);
 418        }
 419        spin_unlock(lock);
 420        sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1);
 421        return twrefcnt;
 422}
 423EXPORT_SYMBOL_GPL(__inet_hash_nolisten);
 424
 425static void __inet_hash(struct sock *sk)
 426{
 427        struct inet_hashinfo *hashinfo = sk->sk_prot->h.hashinfo;
 428        struct inet_listen_hashbucket *ilb;
 429
 430        if (sk->sk_state != TCP_LISTEN) {
 431                __inet_hash_nolisten(sk, NULL);
 432                return;
 433        }
 434
 435        WARN_ON(!sk_unhashed(sk));
 436        ilb = &hashinfo->listening_hash[inet_sk_listen_hashfn(sk)];
 437
 438        spin_lock(&ilb->lock);
 439        __sk_nulls_add_node_rcu(sk, &ilb->head);
 440        sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1);
 441        spin_unlock(&ilb->lock);
 442}
 443
 444void inet_hash(struct sock *sk)
 445{
 446        if (sk->sk_state != TCP_CLOSE) {
 447                local_bh_disable();
 448                __inet_hash(sk);
 449                local_bh_enable();
 450        }
 451}
 452EXPORT_SYMBOL_GPL(inet_hash);
 453
 454void inet_unhash(struct sock *sk)
 455{
 456        struct inet_hashinfo *hashinfo = sk->sk_prot->h.hashinfo;
 457        spinlock_t *lock;
 458        int done;
 459
 460        if (sk_unhashed(sk))
 461                return;
 462
 463        if (sk->sk_state == TCP_LISTEN)
 464                lock = &hashinfo->listening_hash[inet_sk_listen_hashfn(sk)].lock;
 465        else
 466                lock = inet_ehash_lockp(hashinfo, sk->sk_hash);
 467
 468        spin_lock_bh(lock);
 469        done = __sk_nulls_del_node_init_rcu(sk);
 470        if (done)
 471                sock_prot_inuse_add(sock_net(sk), sk->sk_prot, -1);
 472        spin_unlock_bh(lock);
 473}
 474EXPORT_SYMBOL_GPL(inet_unhash);
 475
 476int __inet_hash_connect(struct inet_timewait_death_row *death_row,
 477                struct sock *sk, u32 port_offset,
 478                int (*check_established)(struct inet_timewait_death_row *,
 479                        struct sock *, __u16, struct inet_timewait_sock **),
 480                int (*hash)(struct sock *sk, struct inet_timewait_sock *twp))
 481{
 482        struct inet_hashinfo *hinfo = death_row->hashinfo;
 483        const unsigned short snum = inet_sk(sk)->inet_num;
 484        struct inet_bind_hashbucket *head;
 485        struct inet_bind_bucket *tb;
 486        int ret;
 487        struct net *net = sock_net(sk);
 488        int twrefcnt = 1;
 489
 490        if (!snum) {
 491                int i, remaining, low, high, port;
 492                static u32 hint;
 493                u32 offset = hint + port_offset;
 494                struct inet_timewait_sock *tw = NULL;
 495
 496                inet_get_local_port_range(net, &low, &high);
 497                remaining = (high - low) + 1;
 498
 499                /* By starting with offset being an even number,
 500                 * we tend to leave about 50% of ports for other uses,
 501                 * like bind(0).
 502                 */
 503                offset &= ~1;
 504
 505                for (i = 0; i < remaining; i++) {
 506                        port = low + (i + offset) % remaining;
 507                        if (inet_is_reserved_local_port(port))
 508                                continue;
 509                        head = &hinfo->bhash[inet_bhashfn(net, port,
 510                                        hinfo->bhash_size)];
 511                        spin_lock_bh(&head->lock);
 512
 513                        /* Does not bother with rcv_saddr checks,
 514                         * because the established check is already
 515                         * unique enough.
 516                         */
 517                        inet_bind_bucket_for_each(tb, &head->chain) {
 518                                if (net_eq(ib_net(tb), net) &&
 519                                    tb->port == port) {
 520                                        if (tb->fastreuse >= 0 ||
 521                                            tb->fastreuseport >= 0)
 522                                                goto next_port;
 523                                        WARN_ON(hlist_empty(&tb->owners));
 524                                        if (!check_established(death_row, sk,
 525                                                                port, &tw))
 526                                                goto ok;
 527                                        goto next_port;
 528                                }
 529                        }
 530
 531                        tb = inet_bind_bucket_create(hinfo->bind_bucket_cachep,
 532                                        net, head, port);
 533                        if (!tb) {
 534                                spin_unlock_bh(&head->lock);
 535                                break;
 536                        }
 537                        tb->fastreuse = -1;
 538                        tb->fastreuseport = -1;
 539                        goto ok;
 540
 541                next_port:
 542                        spin_unlock_bh(&head->lock);
 543                        cond_resched();
 544                }
 545
 546                return -EADDRNOTAVAIL;
 547
 548ok:
 549                hint += (i + 2) & ~1;
 550
 551                /* Head lock still held and bh's disabled */
 552                inet_bind_hash(sk, tb, port);
 553                if (sk_unhashed(sk)) {
 554                        inet_sk(sk)->inet_sport = htons(port);
 555                        twrefcnt += hash(sk, tw);
 556                }
 557                if (tw)
 558                        twrefcnt += inet_twsk_bind_unhash(tw, hinfo);
 559                spin_unlock(&head->lock);
 560
 561                if (tw) {
 562                        inet_twsk_deschedule(tw, death_row);
 563                        while (twrefcnt) {
 564                                twrefcnt--;
 565                                inet_twsk_put(tw);
 566                        }
 567                }
 568
 569                ret = 0;
 570                goto out;
 571        }
 572
 573        head = &hinfo->bhash[inet_bhashfn(net, snum, hinfo->bhash_size)];
 574        tb  = inet_csk(sk)->icsk_bind_hash;
 575        spin_lock_bh(&head->lock);
 576        if (sk_head(&tb->owners) == sk && !sk->sk_bind_node.next) {
 577                hash(sk, NULL);
 578                spin_unlock_bh(&head->lock);
 579                return 0;
 580        } else {
 581                spin_unlock(&head->lock);
 582                /* No definite answer... Walk to established hash table */
 583                ret = check_established(death_row, sk, snum, NULL);
 584out:
 585                local_bh_enable();
 586                return ret;
 587        }
 588}
 589
 590/*
 591 * Bind a port for a connect operation and hash it.
 592 */
 593int inet_hash_connect(struct inet_timewait_death_row *death_row,
 594                      struct sock *sk)
 595{
 596        return __inet_hash_connect(death_row, sk, inet_sk_port_offset(sk),
 597                        __inet_check_established, __inet_hash_nolisten);
 598}
 599EXPORT_SYMBOL_GPL(inet_hash_connect);
 600
 601void inet_hashinfo_init(struct inet_hashinfo *h)
 602{
 603        int i;
 604
 605        atomic_set(&h->bsockets, 0);
 606        for (i = 0; i < INET_LHTABLE_SIZE; i++) {
 607                spin_lock_init(&h->listening_hash[i].lock);
 608                INIT_HLIST_NULLS_HEAD(&h->listening_hash[i].head,
 609                                      i + LISTENING_NULLS_BASE);
 610                }
 611}
 612EXPORT_SYMBOL_GPL(inet_hashinfo_init);
 613