2 * INET An implementation of the TCP/IP protocol suite for the LINUX
3 * operating system. INET is implemented using the BSD Socket
4 * interface as the means of communication with the user level.
6 * PACKET - implements raw packet sockets.
9 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
10 * Alan Cox, <gw4pts@gw4pts.ampr.org>
13 * Alan Cox : verify_area() now used correctly
14 * Alan Cox : new skbuff lists, look ma no backlogs!
15 * Alan Cox : tidied skbuff lists.
16 * Alan Cox : Now uses generic datagram routines I
17 * added. Also fixed the peek/read crash
18 * from all old Linux datagram code.
19 * Alan Cox : Uses the improved datagram code.
20 * Alan Cox : Added NULL's for socket options.
21 * Alan Cox : Re-commented the code.
22 * Alan Cox : Use new kernel side addressing
23 * Rob Janssen : Correct MTU usage.
24 * Dave Platt : Counter leaks caused by incorrect
25 * interrupt locking and some slightly
26 * dubious gcc output. Can you read
27 * compiler: it said _VOLATILE_
28 * Richard Kooijman : Timestamp fixes.
29 * Alan Cox : New buffers. Use sk->mac.raw.
30 * Alan Cox : sendmsg/recvmsg support.
31 * Alan Cox : Protocol setting support
32 * Alexey Kuznetsov : Untied from IPv4 stack.
33 * Cyrus Durgin : Fixed kerneld for kmod.
34 * Michal Ostrowski : Module initialization cleanup.
35 * Ulises Alonso : Frame number limit removal and
36 * packet_set_ring memory leak.
37 * Eric Biederman : Allow for > 8 byte hardware addresses.
38 * The convention is that longer addresses
39 * will simply extend the hardware address
40 * byte arrays at the end of sockaddr_ll
42 * Johann Baudy : Added TX RING.
43 * Chetan Loke : Implemented TPACKET_V3 block abstraction
45 * Copyright (C) 2011, <lokec@ccs.neu.edu>
48 * This program is free software; you can redistribute it and/or
49 * modify it under the terms of the GNU General Public License
50 * as published by the Free Software Foundation; either version
51 * 2 of the License, or (at your option) any later version.
55 #include <linux/types.h>
57 #include <linux/capability.h>
58 #include <linux/fcntl.h>
59 #include <linux/socket.h>
61 #include <linux/inet.h>
62 #include <linux/netdevice.h>
63 #include <linux/if_packet.h>
64 #include <linux/wireless.h>
65 #include <linux/kernel.h>
66 #include <linux/kmod.h>
67 #include <linux/slab.h>
68 #include <linux/vmalloc.h>
69 #include <net/net_namespace.h>
71 #include <net/protocol.h>
72 #include <linux/skbuff.h>
74 #include <linux/errno.h>
75 #include <linux/timer.h>
76 #include <asm/uaccess.h>
77 #include <asm/ioctls.h>
79 #include <asm/cacheflush.h>
81 #include <linux/proc_fs.h>
82 #include <linux/seq_file.h>
83 #include <linux/poll.h>
84 #include <linux/module.h>
85 #include <linux/init.h>
86 #include <linux/mutex.h>
87 #include <linux/if_vlan.h>
88 #include <linux/virtio_net.h>
89 #include <linux/errqueue.h>
90 #include <linux/net_tstamp.h>
91 #include <linux/percpu.h>
93 #include <net/inet_common.h>
100 - if device has no dev->hard_header routine, it adds and removes ll header
101 inside itself. In this case ll header is invisible outside of device,
102 but higher levels still should reserve dev->hard_header_len.
103 Some devices are enough clever to reallocate skb, when header
104 will not fit to reserved space (tunnel), another ones are silly
106 - packet socket receives packets with pulled ll header,
107 so that SOCK_RAW should push it back.
112 Incoming, dev->hard_header!=NULL
113 mac_header -> ll header
116 Outgoing, dev->hard_header!=NULL
117 mac_header -> ll header
120 Incoming, dev->hard_header==NULL
121 mac_header -> UNKNOWN position. It is very likely, that it points to ll
122 header. PPP makes it, that is wrong, because introduce
123 assymetry between rx and tx paths.
126 Outgoing, dev->hard_header==NULL
127 mac_header -> data. ll header is still not built!
131 If dev->hard_header==NULL we are unlikely to restore sensible ll header.
137 dev->hard_header != NULL
138 mac_header -> ll header
141 dev->hard_header == NULL (ll header is added by device, we cannot control it)
145 We should set nh.raw on output to correct posistion,
146 packet classifier depends on it.
149 /* Private packet socket structures. */
151 /* identical to struct packet_mreq except it has
152 * a longer address field.
154 struct packet_mreq_max {
156 unsigned short mr_type;
157 unsigned short mr_alen;
158 unsigned char mr_address[MAX_ADDR_LEN];
162 struct tpacket_hdr *h1;
163 struct tpacket2_hdr *h2;
164 struct tpacket3_hdr *h3;
168 static int packet_set_ring(struct sock *sk, union tpacket_req_u *req_u,
169 int closing, int tx_ring);
171 #define V3_ALIGNMENT (8)
173 #define BLK_HDR_LEN (ALIGN(sizeof(struct tpacket_block_desc), V3_ALIGNMENT))
175 #define BLK_PLUS_PRIV(sz_of_priv) \
176 (BLK_HDR_LEN + ALIGN((sz_of_priv), V3_ALIGNMENT))
178 #define PGV_FROM_VMALLOC 1
180 #define BLOCK_STATUS(x) ((x)->hdr.bh1.block_status)
181 #define BLOCK_NUM_PKTS(x) ((x)->hdr.bh1.num_pkts)
182 #define BLOCK_O2FP(x) ((x)->hdr.bh1.offset_to_first_pkt)
183 #define BLOCK_LEN(x) ((x)->hdr.bh1.blk_len)
184 #define BLOCK_SNUM(x) ((x)->hdr.bh1.seq_num)
185 #define BLOCK_O2PRIV(x) ((x)->offset_to_priv)
186 #define BLOCK_PRIV(x) ((void *)((char *)(x) + BLOCK_O2PRIV(x)))
189 static int tpacket_snd(struct packet_sock *po, struct msghdr *msg);
190 static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev,
191 struct packet_type *pt, struct net_device *orig_dev);
193 static void *packet_previous_frame(struct packet_sock *po,
194 struct packet_ring_buffer *rb,
196 static void packet_increment_head(struct packet_ring_buffer *buff);
197 static int prb_curr_blk_in_use(struct tpacket_kbdq_core *,
198 struct tpacket_block_desc *);
199 static void *prb_dispatch_next_block(struct tpacket_kbdq_core *,
200 struct packet_sock *);
201 static void prb_retire_current_block(struct tpacket_kbdq_core *,
202 struct packet_sock *, unsigned int status);
203 static int prb_queue_frozen(struct tpacket_kbdq_core *);
204 static void prb_open_block(struct tpacket_kbdq_core *,
205 struct tpacket_block_desc *);
206 static void prb_retire_rx_blk_timer_expired(unsigned long);
207 static void _prb_refresh_rx_retire_blk_timer(struct tpacket_kbdq_core *);
208 static void prb_init_blk_timer(struct packet_sock *,
209 struct tpacket_kbdq_core *,
210 void (*func) (unsigned long));
211 static void prb_fill_rxhash(struct tpacket_kbdq_core *, struct tpacket3_hdr *);
212 static void prb_clear_rxhash(struct tpacket_kbdq_core *,
213 struct tpacket3_hdr *);
214 static void prb_fill_vlan_info(struct tpacket_kbdq_core *,
215 struct tpacket3_hdr *);
216 static void packet_flush_mclist(struct sock *sk);
218 struct packet_skb_cb {
220 struct sockaddr_pkt pkt;
222 /* Trick: alias skb original length with
223 * ll.sll_family and ll.protocol in order
226 unsigned int origlen;
227 struct sockaddr_ll ll;
232 #define PACKET_SKB_CB(__skb) ((struct packet_skb_cb *)((__skb)->cb))
234 #define GET_PBDQC_FROM_RB(x) ((struct tpacket_kbdq_core *)(&(x)->prb_bdqc))
235 #define GET_PBLOCK_DESC(x, bid) \
236 ((struct tpacket_block_desc *)((x)->pkbdq[(bid)].buffer))
237 #define GET_CURR_PBLOCK_DESC_FROM_CORE(x) \
238 ((struct tpacket_block_desc *)((x)->pkbdq[(x)->kactive_blk_num].buffer))
239 #define GET_NEXT_PRB_BLK_NUM(x) \
240 (((x)->kactive_blk_num < ((x)->knum_blocks-1)) ? \
241 ((x)->kactive_blk_num+1) : 0)
243 static void __fanout_unlink(struct sock *sk, struct packet_sock *po);
244 static void __fanout_link(struct sock *sk, struct packet_sock *po);
246 static int packet_direct_xmit(struct sk_buff *skb)
248 struct net_device *dev = skb->dev;
249 netdev_features_t features;
250 struct netdev_queue *txq;
251 int ret = NETDEV_TX_BUSY;
253 if (unlikely(!netif_running(dev) ||
254 !netif_carrier_ok(dev)))
257 features = netif_skb_features(skb);
258 if (skb_needs_linearize(skb, features) &&
259 __skb_linearize(skb))
262 txq = skb_get_tx_queue(dev, skb);
266 HARD_TX_LOCK(dev, txq, smp_processor_id());
267 if (!netif_xmit_frozen_or_drv_stopped(txq))
268 ret = netdev_start_xmit(skb, dev, txq, false);
269 HARD_TX_UNLOCK(dev, txq);
273 if (!dev_xmit_complete(ret))
278 atomic_long_inc(&dev->tx_dropped);
280 return NET_XMIT_DROP;
283 static struct net_device *packet_cached_dev_get(struct packet_sock *po)
285 struct net_device *dev;
288 dev = rcu_dereference(po->cached_dev);
296 static void packet_cached_dev_assign(struct packet_sock *po,
297 struct net_device *dev)
299 rcu_assign_pointer(po->cached_dev, dev);
302 static void packet_cached_dev_reset(struct packet_sock *po)
304 RCU_INIT_POINTER(po->cached_dev, NULL);
307 static bool packet_use_direct_xmit(const struct packet_sock *po)
309 return po->xmit == packet_direct_xmit;
312 static u16 __packet_pick_tx_queue(struct net_device *dev, struct sk_buff *skb)
314 return (u16) raw_smp_processor_id() % dev->real_num_tx_queues;
317 static void packet_pick_tx_queue(struct net_device *dev, struct sk_buff *skb)
319 const struct net_device_ops *ops = dev->netdev_ops;
322 if (ops->ndo_select_queue) {
323 queue_index = ops->ndo_select_queue(dev, skb, NULL,
324 __packet_pick_tx_queue);
325 queue_index = netdev_cap_txqueue(dev, queue_index);
327 queue_index = __packet_pick_tx_queue(dev, skb);
330 skb_set_queue_mapping(skb, queue_index);
333 /* register_prot_hook must be invoked with the po->bind_lock held,
334 * or from a context in which asynchronous accesses to the packet
335 * socket is not possible (packet_create()).
337 static void register_prot_hook(struct sock *sk)
339 struct packet_sock *po = pkt_sk(sk);
343 __fanout_link(sk, po);
345 dev_add_pack(&po->prot_hook);
352 /* {,__}unregister_prot_hook() must be invoked with the po->bind_lock
353 * held. If the sync parameter is true, we will temporarily drop
354 * the po->bind_lock and do a synchronize_net to make sure no
355 * asynchronous packet processing paths still refer to the elements
356 * of po->prot_hook. If the sync parameter is false, it is the
357 * callers responsibility to take care of this.
359 static void __unregister_prot_hook(struct sock *sk, bool sync)
361 struct packet_sock *po = pkt_sk(sk);
366 __fanout_unlink(sk, po);
368 __dev_remove_pack(&po->prot_hook);
373 spin_unlock(&po->bind_lock);
375 spin_lock(&po->bind_lock);
379 static void unregister_prot_hook(struct sock *sk, bool sync)
381 struct packet_sock *po = pkt_sk(sk);
384 __unregister_prot_hook(sk, sync);
387 static inline struct page * __pure pgv_to_page(void *addr)
389 if (is_vmalloc_addr(addr))
390 return vmalloc_to_page(addr);
391 return virt_to_page(addr);
394 static void __packet_set_status(struct packet_sock *po, void *frame, int status)
396 union tpacket_uhdr h;
399 switch (po->tp_version) {
401 h.h1->tp_status = status;
402 flush_dcache_page(pgv_to_page(&h.h1->tp_status));
405 h.h2->tp_status = status;
406 flush_dcache_page(pgv_to_page(&h.h2->tp_status));
410 WARN(1, "TPACKET version not supported.\n");
417 static int __packet_get_status(struct packet_sock *po, void *frame)
419 union tpacket_uhdr h;
424 switch (po->tp_version) {
426 flush_dcache_page(pgv_to_page(&h.h1->tp_status));
427 return h.h1->tp_status;
429 flush_dcache_page(pgv_to_page(&h.h2->tp_status));
430 return h.h2->tp_status;
433 WARN(1, "TPACKET version not supported.\n");
439 static __u32 tpacket_get_timestamp(struct sk_buff *skb, struct timespec *ts,
442 struct skb_shared_hwtstamps *shhwtstamps = skb_hwtstamps(skb);
445 (flags & SOF_TIMESTAMPING_RAW_HARDWARE) &&
446 ktime_to_timespec_cond(shhwtstamps->hwtstamp, ts))
447 return TP_STATUS_TS_RAW_HARDWARE;
449 if (ktime_to_timespec_cond(skb->tstamp, ts))
450 return TP_STATUS_TS_SOFTWARE;
455 static __u32 __packet_set_timestamp(struct packet_sock *po, void *frame,
458 union tpacket_uhdr h;
462 if (!(ts_status = tpacket_get_timestamp(skb, &ts, po->tp_tstamp)))
466 switch (po->tp_version) {
468 h.h1->tp_sec = ts.tv_sec;
469 h.h1->tp_usec = ts.tv_nsec / NSEC_PER_USEC;
472 h.h2->tp_sec = ts.tv_sec;
473 h.h2->tp_nsec = ts.tv_nsec;
477 WARN(1, "TPACKET version not supported.\n");
481 /* one flush is safe, as both fields always lie on the same cacheline */
482 flush_dcache_page(pgv_to_page(&h.h1->tp_sec));
488 static void *packet_lookup_frame(struct packet_sock *po,
489 struct packet_ring_buffer *rb,
490 unsigned int position,
493 unsigned int pg_vec_pos, frame_offset;
494 union tpacket_uhdr h;
496 pg_vec_pos = position / rb->frames_per_block;
497 frame_offset = position % rb->frames_per_block;
499 h.raw = rb->pg_vec[pg_vec_pos].buffer +
500 (frame_offset * rb->frame_size);
502 if (status != __packet_get_status(po, h.raw))
508 static void *packet_current_frame(struct packet_sock *po,
509 struct packet_ring_buffer *rb,
512 return packet_lookup_frame(po, rb, rb->head, status);
515 static void prb_del_retire_blk_timer(struct tpacket_kbdq_core *pkc)
517 del_timer_sync(&pkc->retire_blk_timer);
520 static void prb_shutdown_retire_blk_timer(struct packet_sock *po,
522 struct sk_buff_head *rb_queue)
524 struct tpacket_kbdq_core *pkc;
526 pkc = tx_ring ? GET_PBDQC_FROM_RB(&po->tx_ring) :
527 GET_PBDQC_FROM_RB(&po->rx_ring);
529 spin_lock_bh(&rb_queue->lock);
530 pkc->delete_blk_timer = 1;
531 spin_unlock_bh(&rb_queue->lock);
533 prb_del_retire_blk_timer(pkc);
536 static void prb_init_blk_timer(struct packet_sock *po,
537 struct tpacket_kbdq_core *pkc,
538 void (*func) (unsigned long))
540 init_timer(&pkc->retire_blk_timer);
541 pkc->retire_blk_timer.data = (long)po;
542 pkc->retire_blk_timer.function = func;
543 pkc->retire_blk_timer.expires = jiffies;
546 static void prb_setup_retire_blk_timer(struct packet_sock *po, int tx_ring)
548 struct tpacket_kbdq_core *pkc;
553 pkc = tx_ring ? GET_PBDQC_FROM_RB(&po->tx_ring) :
554 GET_PBDQC_FROM_RB(&po->rx_ring);
555 prb_init_blk_timer(po, pkc, prb_retire_rx_blk_timer_expired);
558 static int prb_calc_retire_blk_tmo(struct packet_sock *po,
559 int blk_size_in_bytes)
561 struct net_device *dev;
562 unsigned int mbits = 0, msec = 0, div = 0, tmo = 0;
563 struct ethtool_cmd ecmd;
568 dev = __dev_get_by_index(sock_net(&po->sk), po->ifindex);
569 if (unlikely(!dev)) {
571 return DEFAULT_PRB_RETIRE_TOV;
573 err = __ethtool_get_settings(dev, &ecmd);
574 speed = ethtool_cmd_speed(&ecmd);
578 * If the link speed is so slow you don't really
579 * need to worry about perf anyways
581 if (speed < SPEED_1000 || speed == SPEED_UNKNOWN) {
582 return DEFAULT_PRB_RETIRE_TOV;
589 mbits = (blk_size_in_bytes * 8) / (1024 * 1024);
601 static void prb_init_ft_ops(struct tpacket_kbdq_core *p1,
602 union tpacket_req_u *req_u)
604 p1->feature_req_word = req_u->req3.tp_feature_req_word;
607 static void init_prb_bdqc(struct packet_sock *po,
608 struct packet_ring_buffer *rb,
610 union tpacket_req_u *req_u, int tx_ring)
612 struct tpacket_kbdq_core *p1 = GET_PBDQC_FROM_RB(rb);
613 struct tpacket_block_desc *pbd;
615 memset(p1, 0x0, sizeof(*p1));
617 p1->knxt_seq_num = 1;
619 pbd = (struct tpacket_block_desc *)pg_vec[0].buffer;
620 p1->pkblk_start = pg_vec[0].buffer;
621 p1->kblk_size = req_u->req3.tp_block_size;
622 p1->knum_blocks = req_u->req3.tp_block_nr;
623 p1->hdrlen = po->tp_hdrlen;
624 p1->version = po->tp_version;
625 p1->last_kactive_blk_num = 0;
626 po->stats.stats3.tp_freeze_q_cnt = 0;
627 if (req_u->req3.tp_retire_blk_tov)
628 p1->retire_blk_tov = req_u->req3.tp_retire_blk_tov;
630 p1->retire_blk_tov = prb_calc_retire_blk_tmo(po,
631 req_u->req3.tp_block_size);
632 p1->tov_in_jiffies = msecs_to_jiffies(p1->retire_blk_tov);
633 p1->blk_sizeof_priv = req_u->req3.tp_sizeof_priv;
635 p1->max_frame_len = p1->kblk_size - BLK_PLUS_PRIV(p1->blk_sizeof_priv);
636 prb_init_ft_ops(p1, req_u);
637 prb_setup_retire_blk_timer(po, tx_ring);
638 prb_open_block(p1, pbd);
641 /* Do NOT update the last_blk_num first.
642 * Assumes sk_buff_head lock is held.
644 static void _prb_refresh_rx_retire_blk_timer(struct tpacket_kbdq_core *pkc)
646 mod_timer(&pkc->retire_blk_timer,
647 jiffies + pkc->tov_in_jiffies);
648 pkc->last_kactive_blk_num = pkc->kactive_blk_num;
653 * 1) We refresh the timer only when we open a block.
654 * By doing this we don't waste cycles refreshing the timer
655 * on packet-by-packet basis.
657 * With a 1MB block-size, on a 1Gbps line, it will take
658 * i) ~8 ms to fill a block + ii) memcpy etc.
659 * In this cut we are not accounting for the memcpy time.
661 * So, if the user sets the 'tmo' to 10ms then the timer
662 * will never fire while the block is still getting filled
663 * (which is what we want). However, the user could choose
664 * to close a block early and that's fine.
666 * But when the timer does fire, we check whether or not to refresh it.
667 * Since the tmo granularity is in msecs, it is not too expensive
668 * to refresh the timer, lets say every '8' msecs.
669 * Either the user can set the 'tmo' or we can derive it based on
670 * a) line-speed and b) block-size.
671 * prb_calc_retire_blk_tmo() calculates the tmo.
674 static void prb_retire_rx_blk_timer_expired(unsigned long data)
676 struct packet_sock *po = (struct packet_sock *)data;
677 struct tpacket_kbdq_core *pkc = GET_PBDQC_FROM_RB(&po->rx_ring);
679 struct tpacket_block_desc *pbd;
681 spin_lock(&po->sk.sk_receive_queue.lock);
683 frozen = prb_queue_frozen(pkc);
684 pbd = GET_CURR_PBLOCK_DESC_FROM_CORE(pkc);
686 if (unlikely(pkc->delete_blk_timer))
689 /* We only need to plug the race when the block is partially filled.
691 * lock(); increment BLOCK_NUM_PKTS; unlock()
692 * copy_bits() is in progress ...
693 * timer fires on other cpu:
694 * we can't retire the current block because copy_bits
698 if (BLOCK_NUM_PKTS(pbd)) {
699 while (atomic_read(&pkc->blk_fill_in_prog)) {
700 /* Waiting for skb_copy_bits to finish... */
705 if (pkc->last_kactive_blk_num == pkc->kactive_blk_num) {
707 prb_retire_current_block(pkc, po, TP_STATUS_BLK_TMO);
708 if (!prb_dispatch_next_block(pkc, po))
713 /* Case 1. Queue was frozen because user-space was
716 if (prb_curr_blk_in_use(pkc, pbd)) {
718 * Ok, user-space is still behind.
719 * So just refresh the timer.
723 /* Case 2. queue was frozen,user-space caught up,
724 * now the link went idle && the timer fired.
725 * We don't have a block to close.So we open this
726 * block and restart the timer.
727 * opening a block thaws the queue,restarts timer
728 * Thawing/timer-refresh is a side effect.
730 prb_open_block(pkc, pbd);
737 _prb_refresh_rx_retire_blk_timer(pkc);
740 spin_unlock(&po->sk.sk_receive_queue.lock);
743 static void prb_flush_block(struct tpacket_kbdq_core *pkc1,
744 struct tpacket_block_desc *pbd1, __u32 status)
746 /* Flush everything minus the block header */
748 #if ARCH_IMPLEMENTS_FLUSH_DCACHE_PAGE == 1
753 /* Skip the block header(we know header WILL fit in 4K) */
756 end = (u8 *)PAGE_ALIGN((unsigned long)pkc1->pkblk_end);
757 for (; start < end; start += PAGE_SIZE)
758 flush_dcache_page(pgv_to_page(start));
763 /* Now update the block status. */
765 BLOCK_STATUS(pbd1) = status;
767 /* Flush the block header */
769 #if ARCH_IMPLEMENTS_FLUSH_DCACHE_PAGE == 1
771 flush_dcache_page(pgv_to_page(start));
781 * 2) Increment active_blk_num
783 * Note:We DONT refresh the timer on purpose.
784 * Because almost always the next block will be opened.
786 static void prb_close_block(struct tpacket_kbdq_core *pkc1,
787 struct tpacket_block_desc *pbd1,
788 struct packet_sock *po, unsigned int stat)
790 __u32 status = TP_STATUS_USER | stat;
792 struct tpacket3_hdr *last_pkt;
793 struct tpacket_hdr_v1 *h1 = &pbd1->hdr.bh1;
794 struct sock *sk = &po->sk;
796 if (po->stats.stats3.tp_drops)
797 status |= TP_STATUS_LOSING;
799 last_pkt = (struct tpacket3_hdr *)pkc1->prev;
800 last_pkt->tp_next_offset = 0;
802 /* Get the ts of the last pkt */
803 if (BLOCK_NUM_PKTS(pbd1)) {
804 h1->ts_last_pkt.ts_sec = last_pkt->tp_sec;
805 h1->ts_last_pkt.ts_nsec = last_pkt->tp_nsec;
807 /* Ok, we tmo'd - so get the current time */
810 h1->ts_last_pkt.ts_sec = ts.tv_sec;
811 h1->ts_last_pkt.ts_nsec = ts.tv_nsec;
816 /* Flush the block */
817 prb_flush_block(pkc1, pbd1, status);
819 sk->sk_data_ready(sk);
821 pkc1->kactive_blk_num = GET_NEXT_PRB_BLK_NUM(pkc1);
824 static void prb_thaw_queue(struct tpacket_kbdq_core *pkc)
826 pkc->reset_pending_on_curr_blk = 0;
830 * Side effect of opening a block:
832 * 1) prb_queue is thawed.
833 * 2) retire_blk_timer is refreshed.
836 static void prb_open_block(struct tpacket_kbdq_core *pkc1,
837 struct tpacket_block_desc *pbd1)
840 struct tpacket_hdr_v1 *h1 = &pbd1->hdr.bh1;
844 /* We could have just memset this but we will lose the
845 * flexibility of making the priv area sticky
848 BLOCK_SNUM(pbd1) = pkc1->knxt_seq_num++;
849 BLOCK_NUM_PKTS(pbd1) = 0;
850 BLOCK_LEN(pbd1) = BLK_PLUS_PRIV(pkc1->blk_sizeof_priv);
854 h1->ts_first_pkt.ts_sec = ts.tv_sec;
855 h1->ts_first_pkt.ts_nsec = ts.tv_nsec;
857 pkc1->pkblk_start = (char *)pbd1;
858 pkc1->nxt_offset = pkc1->pkblk_start + BLK_PLUS_PRIV(pkc1->blk_sizeof_priv);
860 BLOCK_O2FP(pbd1) = (__u32)BLK_PLUS_PRIV(pkc1->blk_sizeof_priv);
861 BLOCK_O2PRIV(pbd1) = BLK_HDR_LEN;
863 pbd1->version = pkc1->version;
864 pkc1->prev = pkc1->nxt_offset;
865 pkc1->pkblk_end = pkc1->pkblk_start + pkc1->kblk_size;
867 prb_thaw_queue(pkc1);
868 _prb_refresh_rx_retire_blk_timer(pkc1);
874 * Queue freeze logic:
875 * 1) Assume tp_block_nr = 8 blocks.
876 * 2) At time 't0', user opens Rx ring.
877 * 3) Some time past 't0', kernel starts filling blocks starting from 0 .. 7
878 * 4) user-space is either sleeping or processing block '0'.
879 * 5) tpacket_rcv is currently filling block '7', since there is no space left,
880 * it will close block-7,loop around and try to fill block '0'.
882 * __packet_lookup_frame_in_block
883 * prb_retire_current_block()
884 * prb_dispatch_next_block()
885 * |->(BLOCK_STATUS == USER) evaluates to true
886 * 5.1) Since block-0 is currently in-use, we just freeze the queue.
887 * 6) Now there are two cases:
888 * 6.1) Link goes idle right after the queue is frozen.
889 * But remember, the last open_block() refreshed the timer.
890 * When this timer expires,it will refresh itself so that we can
891 * re-open block-0 in near future.
892 * 6.2) Link is busy and keeps on receiving packets. This is a simple
893 * case and __packet_lookup_frame_in_block will check if block-0
894 * is free and can now be re-used.
896 static void prb_freeze_queue(struct tpacket_kbdq_core *pkc,
897 struct packet_sock *po)
899 pkc->reset_pending_on_curr_blk = 1;
900 po->stats.stats3.tp_freeze_q_cnt++;
903 #define TOTAL_PKT_LEN_INCL_ALIGN(length) (ALIGN((length), V3_ALIGNMENT))
906 * If the next block is free then we will dispatch it
907 * and return a good offset.
908 * Else, we will freeze the queue.
909 * So, caller must check the return value.
911 static void *prb_dispatch_next_block(struct tpacket_kbdq_core *pkc,
912 struct packet_sock *po)
914 struct tpacket_block_desc *pbd;
918 /* 1. Get current block num */
919 pbd = GET_CURR_PBLOCK_DESC_FROM_CORE(pkc);
921 /* 2. If this block is currently in_use then freeze the queue */
922 if (TP_STATUS_USER & BLOCK_STATUS(pbd)) {
923 prb_freeze_queue(pkc, po);
929 * open this block and return the offset where the first packet
930 * needs to get stored.
932 prb_open_block(pkc, pbd);
933 return (void *)pkc->nxt_offset;
936 static void prb_retire_current_block(struct tpacket_kbdq_core *pkc,
937 struct packet_sock *po, unsigned int status)
939 struct tpacket_block_desc *pbd = GET_CURR_PBLOCK_DESC_FROM_CORE(pkc);
941 /* retire/close the current block */
942 if (likely(TP_STATUS_KERNEL == BLOCK_STATUS(pbd))) {
944 * Plug the case where copy_bits() is in progress on
945 * cpu-0 and tpacket_rcv() got invoked on cpu-1, didn't
946 * have space to copy the pkt in the current block and
947 * called prb_retire_current_block()
949 * We don't need to worry about the TMO case because
950 * the timer-handler already handled this case.
952 if (!(status & TP_STATUS_BLK_TMO)) {
953 while (atomic_read(&pkc->blk_fill_in_prog)) {
954 /* Waiting for skb_copy_bits to finish... */
958 prb_close_block(pkc, pbd, po, status);
963 static int prb_curr_blk_in_use(struct tpacket_kbdq_core *pkc,
964 struct tpacket_block_desc *pbd)
966 return TP_STATUS_USER & BLOCK_STATUS(pbd);
969 static int prb_queue_frozen(struct tpacket_kbdq_core *pkc)
971 return pkc->reset_pending_on_curr_blk;
974 static void prb_clear_blk_fill_status(struct packet_ring_buffer *rb)
976 struct tpacket_kbdq_core *pkc = GET_PBDQC_FROM_RB(rb);
977 atomic_dec(&pkc->blk_fill_in_prog);
980 static void prb_fill_rxhash(struct tpacket_kbdq_core *pkc,
981 struct tpacket3_hdr *ppd)
983 ppd->hv1.tp_rxhash = skb_get_hash(pkc->skb);
986 static void prb_clear_rxhash(struct tpacket_kbdq_core *pkc,
987 struct tpacket3_hdr *ppd)
989 ppd->hv1.tp_rxhash = 0;
992 static void prb_fill_vlan_info(struct tpacket_kbdq_core *pkc,
993 struct tpacket3_hdr *ppd)
995 if (skb_vlan_tag_present(pkc->skb)) {
996 ppd->hv1.tp_vlan_tci = skb_vlan_tag_get(pkc->skb);
997 ppd->hv1.tp_vlan_tpid = ntohs(pkc->skb->vlan_proto);
998 ppd->tp_status = TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID;
1000 ppd->hv1.tp_vlan_tci = 0;
1001 ppd->hv1.tp_vlan_tpid = 0;
1002 ppd->tp_status = TP_STATUS_AVAILABLE;
1006 static void prb_run_all_ft_ops(struct tpacket_kbdq_core *pkc,
1007 struct tpacket3_hdr *ppd)
1009 ppd->hv1.tp_padding = 0;
1010 prb_fill_vlan_info(pkc, ppd);
1012 if (pkc->feature_req_word & TP_FT_REQ_FILL_RXHASH)
1013 prb_fill_rxhash(pkc, ppd);
1015 prb_clear_rxhash(pkc, ppd);
1018 static void prb_fill_curr_block(char *curr,
1019 struct tpacket_kbdq_core *pkc,
1020 struct tpacket_block_desc *pbd,
1023 struct tpacket3_hdr *ppd;
1025 ppd = (struct tpacket3_hdr *)curr;
1026 ppd->tp_next_offset = TOTAL_PKT_LEN_INCL_ALIGN(len);
1028 pkc->nxt_offset += TOTAL_PKT_LEN_INCL_ALIGN(len);
1029 BLOCK_LEN(pbd) += TOTAL_PKT_LEN_INCL_ALIGN(len);
1030 BLOCK_NUM_PKTS(pbd) += 1;
1031 atomic_inc(&pkc->blk_fill_in_prog);
1032 prb_run_all_ft_ops(pkc, ppd);
1035 /* Assumes caller has the sk->rx_queue.lock */
1036 static void *__packet_lookup_frame_in_block(struct packet_sock *po,
1037 struct sk_buff *skb,
1042 struct tpacket_kbdq_core *pkc;
1043 struct tpacket_block_desc *pbd;
1046 pkc = GET_PBDQC_FROM_RB(&po->rx_ring);
1047 pbd = GET_CURR_PBLOCK_DESC_FROM_CORE(pkc);
1049 /* Queue is frozen when user space is lagging behind */
1050 if (prb_queue_frozen(pkc)) {
1052 * Check if that last block which caused the queue to freeze,
1053 * is still in_use by user-space.
1055 if (prb_curr_blk_in_use(pkc, pbd)) {
1056 /* Can't record this packet */
1060 * Ok, the block was released by user-space.
1061 * Now let's open that block.
1062 * opening a block also thaws the queue.
1063 * Thawing is a side effect.
1065 prb_open_block(pkc, pbd);
1070 curr = pkc->nxt_offset;
1072 end = (char *)pbd + pkc->kblk_size;
1074 /* first try the current block */
1075 if (curr+TOTAL_PKT_LEN_INCL_ALIGN(len) < end) {
1076 prb_fill_curr_block(curr, pkc, pbd, len);
1077 return (void *)curr;
1080 /* Ok, close the current block */
1081 prb_retire_current_block(pkc, po, 0);
1083 /* Now, try to dispatch the next block */
1084 curr = (char *)prb_dispatch_next_block(pkc, po);
1086 pbd = GET_CURR_PBLOCK_DESC_FROM_CORE(pkc);
1087 prb_fill_curr_block(curr, pkc, pbd, len);
1088 return (void *)curr;
1092 * No free blocks are available.user_space hasn't caught up yet.
1093 * Queue was just frozen and now this packet will get dropped.
1098 static void *packet_current_rx_frame(struct packet_sock *po,
1099 struct sk_buff *skb,
1100 int status, unsigned int len)
1103 switch (po->tp_version) {
1106 curr = packet_lookup_frame(po, &po->rx_ring,
1107 po->rx_ring.head, status);
1110 return __packet_lookup_frame_in_block(po, skb, status, len);
1112 WARN(1, "TPACKET version not supported\n");
1118 static void *prb_lookup_block(struct packet_sock *po,
1119 struct packet_ring_buffer *rb,
1123 struct tpacket_kbdq_core *pkc = GET_PBDQC_FROM_RB(rb);
1124 struct tpacket_block_desc *pbd = GET_PBLOCK_DESC(pkc, idx);
1126 if (status != BLOCK_STATUS(pbd))
1131 static int prb_previous_blk_num(struct packet_ring_buffer *rb)
1134 if (rb->prb_bdqc.kactive_blk_num)
1135 prev = rb->prb_bdqc.kactive_blk_num-1;
1137 prev = rb->prb_bdqc.knum_blocks-1;
1141 /* Assumes caller has held the rx_queue.lock */
1142 static void *__prb_previous_block(struct packet_sock *po,
1143 struct packet_ring_buffer *rb,
1146 unsigned int previous = prb_previous_blk_num(rb);
1147 return prb_lookup_block(po, rb, previous, status);
1150 static void *packet_previous_rx_frame(struct packet_sock *po,
1151 struct packet_ring_buffer *rb,
1154 if (po->tp_version <= TPACKET_V2)
1155 return packet_previous_frame(po, rb, status);
1157 return __prb_previous_block(po, rb, status);
1160 static void packet_increment_rx_head(struct packet_sock *po,
1161 struct packet_ring_buffer *rb)
1163 switch (po->tp_version) {
1166 return packet_increment_head(rb);
1169 WARN(1, "TPACKET version not supported.\n");
1175 static void *packet_previous_frame(struct packet_sock *po,
1176 struct packet_ring_buffer *rb,
1179 unsigned int previous = rb->head ? rb->head - 1 : rb->frame_max;
1180 return packet_lookup_frame(po, rb, previous, status);
1183 static void packet_increment_head(struct packet_ring_buffer *buff)
1185 buff->head = buff->head != buff->frame_max ? buff->head+1 : 0;
1188 static void packet_inc_pending(struct packet_ring_buffer *rb)
1190 this_cpu_inc(*rb->pending_refcnt);
1193 static void packet_dec_pending(struct packet_ring_buffer *rb)
1195 this_cpu_dec(*rb->pending_refcnt);
1198 static unsigned int packet_read_pending(const struct packet_ring_buffer *rb)
1200 unsigned int refcnt = 0;
1203 /* We don't use pending refcount in rx_ring. */
1204 if (rb->pending_refcnt == NULL)
1207 for_each_possible_cpu(cpu)
1208 refcnt += *per_cpu_ptr(rb->pending_refcnt, cpu);
1213 static int packet_alloc_pending(struct packet_sock *po)
1215 po->rx_ring.pending_refcnt = NULL;
1217 po->tx_ring.pending_refcnt = alloc_percpu(unsigned int);
1218 if (unlikely(po->tx_ring.pending_refcnt == NULL))
1224 static void packet_free_pending(struct packet_sock *po)
1226 free_percpu(po->tx_ring.pending_refcnt);
1229 static bool packet_rcv_has_room(struct packet_sock *po, struct sk_buff *skb)
1231 struct sock *sk = &po->sk;
1234 if (po->prot_hook.func != tpacket_rcv)
1235 return (atomic_read(&sk->sk_rmem_alloc) + skb->truesize)
1238 spin_lock(&sk->sk_receive_queue.lock);
1239 if (po->tp_version == TPACKET_V3)
1240 has_room = prb_lookup_block(po, &po->rx_ring,
1241 po->rx_ring.prb_bdqc.kactive_blk_num,
1244 has_room = packet_lookup_frame(po, &po->rx_ring,
1247 spin_unlock(&sk->sk_receive_queue.lock);
1252 static void packet_sock_destruct(struct sock *sk)
1254 skb_queue_purge(&sk->sk_error_queue);
1256 WARN_ON(atomic_read(&sk->sk_rmem_alloc));
1257 WARN_ON(atomic_read(&sk->sk_wmem_alloc));
1259 if (!sock_flag(sk, SOCK_DEAD)) {
1260 pr_err("Attempt to release alive packet socket: %p\n", sk);
1264 sk_refcnt_debug_dec(sk);
1267 static int fanout_rr_next(struct packet_fanout *f, unsigned int num)
1269 int x = atomic_read(&f->rr_cur) + 1;
1277 static unsigned int fanout_demux_hash(struct packet_fanout *f,
1278 struct sk_buff *skb,
1281 return reciprocal_scale(skb_get_hash(skb), num);
1284 static unsigned int fanout_demux_lb(struct packet_fanout *f,
1285 struct sk_buff *skb,
1290 cur = atomic_read(&f->rr_cur);
1291 while ((old = atomic_cmpxchg(&f->rr_cur, cur,
1292 fanout_rr_next(f, num))) != cur)
1297 static unsigned int fanout_demux_cpu(struct packet_fanout *f,
1298 struct sk_buff *skb,
1301 return smp_processor_id() % num;
1304 static unsigned int fanout_demux_rnd(struct packet_fanout *f,
1305 struct sk_buff *skb,
1308 return prandom_u32_max(num);
1311 static unsigned int fanout_demux_rollover(struct packet_fanout *f,
1312 struct sk_buff *skb,
1313 unsigned int idx, unsigned int skip,
1318 i = j = min_t(int, f->next[idx], num - 1);
1320 if (i != skip && packet_rcv_has_room(pkt_sk(f->arr[i]), skb)) {
1332 static unsigned int fanout_demux_qm(struct packet_fanout *f,
1333 struct sk_buff *skb,
1336 return skb_get_queue_mapping(skb) % num;
1339 static bool fanout_has_flag(struct packet_fanout *f, u16 flag)
1341 return f->flags & (flag >> 8);
1344 static int packet_rcv_fanout(struct sk_buff *skb, struct net_device *dev,
1345 struct packet_type *pt, struct net_device *orig_dev)
1347 struct packet_fanout *f = pt->af_packet_priv;
1348 unsigned int num = f->num_members;
1349 struct packet_sock *po;
1352 if (!net_eq(dev_net(dev), read_pnet(&f->net)) ||
1359 case PACKET_FANOUT_HASH:
1361 if (fanout_has_flag(f, PACKET_FANOUT_FLAG_DEFRAG)) {
1362 skb = ip_check_defrag(skb, IP_DEFRAG_AF_PACKET);
1366 idx = fanout_demux_hash(f, skb, num);
1368 case PACKET_FANOUT_LB:
1369 idx = fanout_demux_lb(f, skb, num);
1371 case PACKET_FANOUT_CPU:
1372 idx = fanout_demux_cpu(f, skb, num);
1374 case PACKET_FANOUT_RND:
1375 idx = fanout_demux_rnd(f, skb, num);
1377 case PACKET_FANOUT_QM:
1378 idx = fanout_demux_qm(f, skb, num);
1380 case PACKET_FANOUT_ROLLOVER:
1381 idx = fanout_demux_rollover(f, skb, 0, (unsigned int) -1, num);
1385 po = pkt_sk(f->arr[idx]);
1386 if (fanout_has_flag(f, PACKET_FANOUT_FLAG_ROLLOVER) &&
1387 unlikely(!packet_rcv_has_room(po, skb))) {
1388 idx = fanout_demux_rollover(f, skb, idx, idx, num);
1389 po = pkt_sk(f->arr[idx]);
1392 return po->prot_hook.func(skb, dev, &po->prot_hook, orig_dev);
1395 DEFINE_MUTEX(fanout_mutex);
1396 EXPORT_SYMBOL_GPL(fanout_mutex);
1397 static LIST_HEAD(fanout_list);
1399 static void __fanout_link(struct sock *sk, struct packet_sock *po)
1401 struct packet_fanout *f = po->fanout;
1403 spin_lock(&f->lock);
1404 f->arr[f->num_members] = sk;
1407 spin_unlock(&f->lock);
1410 static void __fanout_unlink(struct sock *sk, struct packet_sock *po)
1412 struct packet_fanout *f = po->fanout;
1415 spin_lock(&f->lock);
1416 for (i = 0; i < f->num_members; i++) {
1417 if (f->arr[i] == sk)
1420 BUG_ON(i >= f->num_members);
1421 f->arr[i] = f->arr[f->num_members - 1];
1423 spin_unlock(&f->lock);
1426 static bool match_fanout_group(struct packet_type *ptype, struct sock *sk)
1428 if (ptype->af_packet_priv == (void *)((struct packet_sock *)sk)->fanout)
1434 static int fanout_add(struct sock *sk, u16 id, u16 type_flags)
1436 struct packet_sock *po = pkt_sk(sk);
1437 struct packet_fanout *f, *match;
1438 u8 type = type_flags & 0xff;
1439 u8 flags = type_flags >> 8;
1443 case PACKET_FANOUT_ROLLOVER:
1444 if (type_flags & PACKET_FANOUT_FLAG_ROLLOVER)
1446 case PACKET_FANOUT_HASH:
1447 case PACKET_FANOUT_LB:
1448 case PACKET_FANOUT_CPU:
1449 case PACKET_FANOUT_RND:
1450 case PACKET_FANOUT_QM:
1462 mutex_lock(&fanout_mutex);
1464 list_for_each_entry(f, &fanout_list, list) {
1466 read_pnet(&f->net) == sock_net(sk)) {
1472 if (match && match->flags != flags)
1476 match = kzalloc(sizeof(*match), GFP_KERNEL);
1479 write_pnet(&match->net, sock_net(sk));
1482 match->flags = flags;
1483 atomic_set(&match->rr_cur, 0);
1484 INIT_LIST_HEAD(&match->list);
1485 spin_lock_init(&match->lock);
1486 atomic_set(&match->sk_ref, 0);
1487 match->prot_hook.type = po->prot_hook.type;
1488 match->prot_hook.dev = po->prot_hook.dev;
1489 match->prot_hook.func = packet_rcv_fanout;
1490 match->prot_hook.af_packet_priv = match;
1491 match->prot_hook.id_match = match_fanout_group;
1492 dev_add_pack(&match->prot_hook);
1493 list_add(&match->list, &fanout_list);
1496 if (match->type == type &&
1497 match->prot_hook.type == po->prot_hook.type &&
1498 match->prot_hook.dev == po->prot_hook.dev) {
1500 if (atomic_read(&match->sk_ref) < PACKET_FANOUT_MAX) {
1501 __dev_remove_pack(&po->prot_hook);
1503 atomic_inc(&match->sk_ref);
1504 __fanout_link(sk, po);
1509 mutex_unlock(&fanout_mutex);
1513 static void fanout_release(struct sock *sk)
1515 struct packet_sock *po = pkt_sk(sk);
1516 struct packet_fanout *f;
1522 mutex_lock(&fanout_mutex);
1525 if (atomic_dec_and_test(&f->sk_ref)) {
1527 dev_remove_pack(&f->prot_hook);
1530 mutex_unlock(&fanout_mutex);
1533 static const struct proto_ops packet_ops;
1535 static const struct proto_ops packet_ops_spkt;
1537 static int packet_rcv_spkt(struct sk_buff *skb, struct net_device *dev,
1538 struct packet_type *pt, struct net_device *orig_dev)
1541 struct sockaddr_pkt *spkt;
1544 * When we registered the protocol we saved the socket in the data
1545 * field for just this event.
1548 sk = pt->af_packet_priv;
1551 * Yank back the headers [hope the device set this
1552 * right or kerboom...]
1554 * Incoming packets have ll header pulled,
1557 * For outgoing ones skb->data == skb_mac_header(skb)
1558 * so that this procedure is noop.
1561 if (skb->pkt_type == PACKET_LOOPBACK)
1564 if (!net_eq(dev_net(dev), sock_net(sk)))
1567 skb = skb_share_check(skb, GFP_ATOMIC);
1571 /* drop any routing info */
1574 /* drop conntrack reference */
1577 spkt = &PACKET_SKB_CB(skb)->sa.pkt;
1579 skb_push(skb, skb->data - skb_mac_header(skb));
1582 * The SOCK_PACKET socket receives _all_ frames.
1585 spkt->spkt_family = dev->type;
1586 strlcpy(spkt->spkt_device, dev->name, sizeof(spkt->spkt_device));
1587 spkt->spkt_protocol = skb->protocol;
1590 * Charge the memory to the socket. This is done specifically
1591 * to prevent sockets using all the memory up.
1594 if (sock_queue_rcv_skb(sk, skb) == 0)
1605 * Output a raw packet to a device layer. This bypasses all the other
1606 * protocol layers and you must therefore supply it with a complete frame
1609 static int packet_sendmsg_spkt(struct kiocb *iocb, struct socket *sock,
1610 struct msghdr *msg, size_t len)
1612 struct sock *sk = sock->sk;
1613 DECLARE_SOCKADDR(struct sockaddr_pkt *, saddr, msg->msg_name);
1614 struct sk_buff *skb = NULL;
1615 struct net_device *dev;
1621 * Get and verify the address.
1625 if (msg->msg_namelen < sizeof(struct sockaddr))
1627 if (msg->msg_namelen == sizeof(struct sockaddr_pkt))
1628 proto = saddr->spkt_protocol;
1630 return -ENOTCONN; /* SOCK_PACKET must be sent giving an address */
1633 * Find the device first to size check it
1636 saddr->spkt_device[sizeof(saddr->spkt_device) - 1] = 0;
1639 dev = dev_get_by_name_rcu(sock_net(sk), saddr->spkt_device);
1645 if (!(dev->flags & IFF_UP))
1649 * You may not queue a frame bigger than the mtu. This is the lowest level
1650 * raw protocol and you must do your own fragmentation at this level.
1653 if (unlikely(sock_flag(sk, SOCK_NOFCS))) {
1654 if (!netif_supports_nofcs(dev)) {
1655 err = -EPROTONOSUPPORT;
1658 extra_len = 4; /* We're doing our own CRC */
1662 if (len > dev->mtu + dev->hard_header_len + VLAN_HLEN + extra_len)
1666 size_t reserved = LL_RESERVED_SPACE(dev);
1667 int tlen = dev->needed_tailroom;
1668 unsigned int hhlen = dev->header_ops ? dev->hard_header_len : 0;
1671 skb = sock_wmalloc(sk, len + reserved + tlen, 0, GFP_KERNEL);
1674 /* FIXME: Save some space for broken drivers that write a hard
1675 * header at transmission time by themselves. PPP is the notable
1676 * one here. This should really be fixed at the driver level.
1678 skb_reserve(skb, reserved);
1679 skb_reset_network_header(skb);
1681 /* Try to align data part correctly */
1686 skb_reset_network_header(skb);
1688 err = memcpy_from_msg(skb_put(skb, len), msg, len);
1694 if (len > (dev->mtu + dev->hard_header_len + extra_len)) {
1695 /* Earlier code assumed this would be a VLAN pkt,
1696 * double-check this now that we have the actual
1699 struct ethhdr *ehdr;
1700 skb_reset_mac_header(skb);
1701 ehdr = eth_hdr(skb);
1702 if (ehdr->h_proto != htons(ETH_P_8021Q)) {
1708 skb->protocol = proto;
1710 skb->priority = sk->sk_priority;
1711 skb->mark = sk->sk_mark;
1713 sock_tx_timestamp(sk, &skb_shinfo(skb)->tx_flags);
1715 if (unlikely(extra_len == 4))
1718 skb_probe_transport_header(skb, 0);
1720 dev_queue_xmit(skb);
1731 static unsigned int run_filter(const struct sk_buff *skb,
1732 const struct sock *sk,
1735 struct sk_filter *filter;
1738 filter = rcu_dereference(sk->sk_filter);
1740 res = SK_RUN_FILTER(filter, skb);
1747 * This function makes lazy skb cloning in hope that most of packets
1748 * are discarded by BPF.
1750 * Note tricky part: we DO mangle shared skb! skb->data, skb->len
1751 * and skb->cb are mangled. It works because (and until) packets
1752 * falling here are owned by current CPU. Output packets are cloned
1753 * by dev_queue_xmit_nit(), input packets are processed by net_bh
1754 * sequencially, so that if we return skb to original state on exit,
1755 * we will not harm anyone.
1758 static int packet_rcv(struct sk_buff *skb, struct net_device *dev,
1759 struct packet_type *pt, struct net_device *orig_dev)
1762 struct sockaddr_ll *sll;
1763 struct packet_sock *po;
1764 u8 *skb_head = skb->data;
1765 int skb_len = skb->len;
1766 unsigned int snaplen, res;
1768 if (skb->pkt_type == PACKET_LOOPBACK)
1771 sk = pt->af_packet_priv;
1774 if (!net_eq(dev_net(dev), sock_net(sk)))
1779 if (dev->header_ops) {
1780 /* The device has an explicit notion of ll header,
1781 * exported to higher levels.
1783 * Otherwise, the device hides details of its frame
1784 * structure, so that corresponding packet head is
1785 * never delivered to user.
1787 if (sk->sk_type != SOCK_DGRAM)
1788 skb_push(skb, skb->data - skb_mac_header(skb));
1789 else if (skb->pkt_type == PACKET_OUTGOING) {
1790 /* Special case: outgoing packets have ll header at head */
1791 skb_pull(skb, skb_network_offset(skb));
1797 res = run_filter(skb, sk, snaplen);
1799 goto drop_n_restore;
1803 if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf)
1806 if (skb_shared(skb)) {
1807 struct sk_buff *nskb = skb_clone(skb, GFP_ATOMIC);
1811 if (skb_head != skb->data) {
1812 skb->data = skb_head;
1819 sock_skb_cb_check_size(sizeof(*PACKET_SKB_CB(skb)) + MAX_ADDR_LEN - 8);
1821 sll = &PACKET_SKB_CB(skb)->sa.ll;
1822 sll->sll_hatype = dev->type;
1823 sll->sll_pkttype = skb->pkt_type;
1824 if (unlikely(po->origdev))
1825 sll->sll_ifindex = orig_dev->ifindex;
1827 sll->sll_ifindex = dev->ifindex;
1829 sll->sll_halen = dev_parse_header(skb, sll->sll_addr);
1831 /* sll->sll_family and sll->sll_protocol are set in packet_recvmsg().
1832 * Use their space for storing the original skb length.
1834 PACKET_SKB_CB(skb)->sa.origlen = skb->len;
1836 if (pskb_trim(skb, snaplen))
1839 skb_set_owner_r(skb, sk);
1843 /* drop conntrack reference */
1846 spin_lock(&sk->sk_receive_queue.lock);
1847 po->stats.stats1.tp_packets++;
1848 skb->dropcount = atomic_read(&sk->sk_drops);
1849 __skb_queue_tail(&sk->sk_receive_queue, skb);
1850 spin_unlock(&sk->sk_receive_queue.lock);
1851 sk->sk_data_ready(sk);
1855 spin_lock(&sk->sk_receive_queue.lock);
1856 po->stats.stats1.tp_drops++;
1857 atomic_inc(&sk->sk_drops);
1858 spin_unlock(&sk->sk_receive_queue.lock);
1861 if (skb_head != skb->data && skb_shared(skb)) {
1862 skb->data = skb_head;
1870 static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev,
1871 struct packet_type *pt, struct net_device *orig_dev)
1874 struct packet_sock *po;
1875 struct sockaddr_ll *sll;
1876 union tpacket_uhdr h;
1877 u8 *skb_head = skb->data;
1878 int skb_len = skb->len;
1879 unsigned int snaplen, res;
1880 unsigned long status = TP_STATUS_USER;
1881 unsigned short macoff, netoff, hdrlen;
1882 struct sk_buff *copy_skb = NULL;
1886 /* struct tpacket{2,3}_hdr is aligned to a multiple of TPACKET_ALIGNMENT.
1887 * We may add members to them until current aligned size without forcing
1888 * userspace to call getsockopt(..., PACKET_HDRLEN, ...).
1890 BUILD_BUG_ON(TPACKET_ALIGN(sizeof(*h.h2)) != 32);
1891 BUILD_BUG_ON(TPACKET_ALIGN(sizeof(*h.h3)) != 48);
1893 if (skb->pkt_type == PACKET_LOOPBACK)
1896 sk = pt->af_packet_priv;
1899 if (!net_eq(dev_net(dev), sock_net(sk)))
1902 if (dev->header_ops) {
1903 if (sk->sk_type != SOCK_DGRAM)
1904 skb_push(skb, skb->data - skb_mac_header(skb));
1905 else if (skb->pkt_type == PACKET_OUTGOING) {
1906 /* Special case: outgoing packets have ll header at head */
1907 skb_pull(skb, skb_network_offset(skb));
1911 if (skb->ip_summed == CHECKSUM_PARTIAL)
1912 status |= TP_STATUS_CSUMNOTREADY;
1916 res = run_filter(skb, sk, snaplen);
1918 goto drop_n_restore;
1922 if (sk->sk_type == SOCK_DGRAM) {
1923 macoff = netoff = TPACKET_ALIGN(po->tp_hdrlen) + 16 +
1926 unsigned int maclen = skb_network_offset(skb);
1927 netoff = TPACKET_ALIGN(po->tp_hdrlen +
1928 (maclen < 16 ? 16 : maclen)) +
1930 macoff = netoff - maclen;
1932 if (po->tp_version <= TPACKET_V2) {
1933 if (macoff + snaplen > po->rx_ring.frame_size) {
1934 if (po->copy_thresh &&
1935 atomic_read(&sk->sk_rmem_alloc) < sk->sk_rcvbuf) {
1936 if (skb_shared(skb)) {
1937 copy_skb = skb_clone(skb, GFP_ATOMIC);
1939 copy_skb = skb_get(skb);
1940 skb_head = skb->data;
1943 skb_set_owner_r(copy_skb, sk);
1945 snaplen = po->rx_ring.frame_size - macoff;
1946 if ((int)snaplen < 0)
1949 } else if (unlikely(macoff + snaplen >
1950 GET_PBDQC_FROM_RB(&po->rx_ring)->max_frame_len)) {
1953 nval = GET_PBDQC_FROM_RB(&po->rx_ring)->max_frame_len - macoff;
1954 pr_err_once("tpacket_rcv: packet too big, clamped from %u to %u. macoff=%u\n",
1955 snaplen, nval, macoff);
1957 if (unlikely((int)snaplen < 0)) {
1959 macoff = GET_PBDQC_FROM_RB(&po->rx_ring)->max_frame_len;
1962 spin_lock(&sk->sk_receive_queue.lock);
1963 h.raw = packet_current_rx_frame(po, skb,
1964 TP_STATUS_KERNEL, (macoff+snaplen));
1967 if (po->tp_version <= TPACKET_V2) {
1968 packet_increment_rx_head(po, &po->rx_ring);
1970 * LOSING will be reported till you read the stats,
1971 * because it's COR - Clear On Read.
1972 * Anyways, moving it for V1/V2 only as V3 doesn't need this
1975 if (po->stats.stats1.tp_drops)
1976 status |= TP_STATUS_LOSING;
1978 po->stats.stats1.tp_packets++;
1980 status |= TP_STATUS_COPY;
1981 __skb_queue_tail(&sk->sk_receive_queue, copy_skb);
1983 spin_unlock(&sk->sk_receive_queue.lock);
1985 skb_copy_bits(skb, 0, h.raw + macoff, snaplen);
1987 if (!(ts_status = tpacket_get_timestamp(skb, &ts, po->tp_tstamp)))
1988 getnstimeofday(&ts);
1990 status |= ts_status;
1992 switch (po->tp_version) {
1994 h.h1->tp_len = skb->len;
1995 h.h1->tp_snaplen = snaplen;
1996 h.h1->tp_mac = macoff;
1997 h.h1->tp_net = netoff;
1998 h.h1->tp_sec = ts.tv_sec;
1999 h.h1->tp_usec = ts.tv_nsec / NSEC_PER_USEC;
2000 hdrlen = sizeof(*h.h1);
2003 h.h2->tp_len = skb->len;
2004 h.h2->tp_snaplen = snaplen;
2005 h.h2->tp_mac = macoff;
2006 h.h2->tp_net = netoff;
2007 h.h2->tp_sec = ts.tv_sec;
2008 h.h2->tp_nsec = ts.tv_nsec;
2009 if (skb_vlan_tag_present(skb)) {
2010 h.h2->tp_vlan_tci = skb_vlan_tag_get(skb);
2011 h.h2->tp_vlan_tpid = ntohs(skb->vlan_proto);
2012 status |= TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID;
2014 h.h2->tp_vlan_tci = 0;
2015 h.h2->tp_vlan_tpid = 0;
2017 memset(h.h2->tp_padding, 0, sizeof(h.h2->tp_padding));
2018 hdrlen = sizeof(*h.h2);
2021 /* tp_nxt_offset,vlan are already populated above.
2022 * So DONT clear those fields here
2024 h.h3->tp_status |= status;
2025 h.h3->tp_len = skb->len;
2026 h.h3->tp_snaplen = snaplen;
2027 h.h3->tp_mac = macoff;
2028 h.h3->tp_net = netoff;
2029 h.h3->tp_sec = ts.tv_sec;
2030 h.h3->tp_nsec = ts.tv_nsec;
2031 memset(h.h3->tp_padding, 0, sizeof(h.h3->tp_padding));
2032 hdrlen = sizeof(*h.h3);
2038 sll = h.raw + TPACKET_ALIGN(hdrlen);
2039 sll->sll_halen = dev_parse_header(skb, sll->sll_addr);
2040 sll->sll_family = AF_PACKET;
2041 sll->sll_hatype = dev->type;
2042 sll->sll_protocol = skb->protocol;
2043 sll->sll_pkttype = skb->pkt_type;
2044 if (unlikely(po->origdev))
2045 sll->sll_ifindex = orig_dev->ifindex;
2047 sll->sll_ifindex = dev->ifindex;
2051 #if ARCH_IMPLEMENTS_FLUSH_DCACHE_PAGE == 1
2052 if (po->tp_version <= TPACKET_V2) {
2055 end = (u8 *) PAGE_ALIGN((unsigned long) h.raw +
2058 for (start = h.raw; start < end; start += PAGE_SIZE)
2059 flush_dcache_page(pgv_to_page(start));
2064 if (po->tp_version <= TPACKET_V2) {
2065 __packet_set_status(po, h.raw, status);
2066 sk->sk_data_ready(sk);
2068 prb_clear_blk_fill_status(&po->rx_ring);
2072 if (skb_head != skb->data && skb_shared(skb)) {
2073 skb->data = skb_head;
2081 po->stats.stats1.tp_drops++;
2082 spin_unlock(&sk->sk_receive_queue.lock);
2084 sk->sk_data_ready(sk);
2085 kfree_skb(copy_skb);
2086 goto drop_n_restore;
2089 static void tpacket_destruct_skb(struct sk_buff *skb)
2091 struct packet_sock *po = pkt_sk(skb->sk);
2093 if (likely(po->tx_ring.pg_vec)) {
2097 ph = skb_shinfo(skb)->destructor_arg;
2098 packet_dec_pending(&po->tx_ring);
2100 ts = __packet_set_timestamp(po, ph, skb);
2101 __packet_set_status(po, ph, TP_STATUS_AVAILABLE | ts);
2107 static bool ll_header_truncated(const struct net_device *dev, int len)
2109 /* net device doesn't like empty head */
2110 if (unlikely(len <= dev->hard_header_len)) {
2111 net_warn_ratelimited("%s: packet size is too short (%d <= %d)\n",
2112 current->comm, len, dev->hard_header_len);
2119 static int tpacket_fill_skb(struct packet_sock *po, struct sk_buff *skb,
2120 void *frame, struct net_device *dev, int size_max,
2121 __be16 proto, unsigned char *addr, int hlen)
2123 union tpacket_uhdr ph;
2124 int to_write, offset, len, tp_len, nr_frags, len_max;
2125 struct socket *sock = po->sk.sk_socket;
2132 skb->protocol = proto;
2134 skb->priority = po->sk.sk_priority;
2135 skb->mark = po->sk.sk_mark;
2136 sock_tx_timestamp(&po->sk, &skb_shinfo(skb)->tx_flags);
2137 skb_shinfo(skb)->destructor_arg = ph.raw;
2139 switch (po->tp_version) {
2141 tp_len = ph.h2->tp_len;
2144 tp_len = ph.h1->tp_len;
2147 if (unlikely(tp_len > size_max)) {
2148 pr_err("packet size is too long (%d > %d)\n", tp_len, size_max);
2152 skb_reserve(skb, hlen);
2153 skb_reset_network_header(skb);
2155 if (!packet_use_direct_xmit(po))
2156 skb_probe_transport_header(skb, 0);
2157 if (unlikely(po->tp_tx_has_off)) {
2158 int off_min, off_max, off;
2159 off_min = po->tp_hdrlen - sizeof(struct sockaddr_ll);
2160 off_max = po->tx_ring.frame_size - tp_len;
2161 if (sock->type == SOCK_DGRAM) {
2162 switch (po->tp_version) {
2164 off = ph.h2->tp_net;
2167 off = ph.h1->tp_net;
2171 switch (po->tp_version) {
2173 off = ph.h2->tp_mac;
2176 off = ph.h1->tp_mac;
2180 if (unlikely((off < off_min) || (off_max < off)))
2182 data = ph.raw + off;
2184 data = ph.raw + po->tp_hdrlen - sizeof(struct sockaddr_ll);
2188 if (sock->type == SOCK_DGRAM) {
2189 err = dev_hard_header(skb, dev, ntohs(proto), addr,
2191 if (unlikely(err < 0))
2193 } else if (dev->hard_header_len) {
2194 if (ll_header_truncated(dev, tp_len))
2197 skb_push(skb, dev->hard_header_len);
2198 err = skb_store_bits(skb, 0, data,
2199 dev->hard_header_len);
2203 data += dev->hard_header_len;
2204 to_write -= dev->hard_header_len;
2207 offset = offset_in_page(data);
2208 len_max = PAGE_SIZE - offset;
2209 len = ((to_write > len_max) ? len_max : to_write);
2211 skb->data_len = to_write;
2212 skb->len += to_write;
2213 skb->truesize += to_write;
2214 atomic_add(to_write, &po->sk.sk_wmem_alloc);
2216 while (likely(to_write)) {
2217 nr_frags = skb_shinfo(skb)->nr_frags;
2219 if (unlikely(nr_frags >= MAX_SKB_FRAGS)) {
2220 pr_err("Packet exceed the number of skb frags(%lu)\n",
2225 page = pgv_to_page(data);
2227 flush_dcache_page(page);
2229 skb_fill_page_desc(skb, nr_frags, page, offset, len);
2232 len_max = PAGE_SIZE;
2233 len = ((to_write > len_max) ? len_max : to_write);
2239 static int tpacket_snd(struct packet_sock *po, struct msghdr *msg)
2241 struct sk_buff *skb;
2242 struct net_device *dev;
2244 int err, reserve = 0;
2246 DECLARE_SOCKADDR(struct sockaddr_ll *, saddr, msg->msg_name);
2247 bool need_wait = !(msg->msg_flags & MSG_DONTWAIT);
2248 int tp_len, size_max;
2249 unsigned char *addr;
2251 int status = TP_STATUS_AVAILABLE;
2254 mutex_lock(&po->pg_vec_lock);
2256 if (likely(saddr == NULL)) {
2257 dev = packet_cached_dev_get(po);
2262 if (msg->msg_namelen < sizeof(struct sockaddr_ll))
2264 if (msg->msg_namelen < (saddr->sll_halen
2265 + offsetof(struct sockaddr_ll,
2268 proto = saddr->sll_protocol;
2269 addr = saddr->sll_addr;
2270 dev = dev_get_by_index(sock_net(&po->sk), saddr->sll_ifindex);
2274 if (unlikely(dev == NULL))
2277 if (unlikely(!(dev->flags & IFF_UP)))
2280 reserve = dev->hard_header_len + VLAN_HLEN;
2281 size_max = po->tx_ring.frame_size
2282 - (po->tp_hdrlen - sizeof(struct sockaddr_ll));
2284 if (size_max > dev->mtu + reserve)
2285 size_max = dev->mtu + reserve;
2288 ph = packet_current_frame(po, &po->tx_ring,
2289 TP_STATUS_SEND_REQUEST);
2290 if (unlikely(ph == NULL)) {
2291 if (need_wait && need_resched())
2296 status = TP_STATUS_SEND_REQUEST;
2297 hlen = LL_RESERVED_SPACE(dev);
2298 tlen = dev->needed_tailroom;
2299 skb = sock_alloc_send_skb(&po->sk,
2300 hlen + tlen + sizeof(struct sockaddr_ll),
2303 if (unlikely(skb == NULL))
2306 tp_len = tpacket_fill_skb(po, skb, ph, dev, size_max, proto,
2308 if (tp_len > dev->mtu + dev->hard_header_len) {
2309 struct ethhdr *ehdr;
2310 /* Earlier code assumed this would be a VLAN pkt,
2311 * double-check this now that we have the actual
2315 skb_reset_mac_header(skb);
2316 ehdr = eth_hdr(skb);
2317 if (ehdr->h_proto != htons(ETH_P_8021Q))
2320 if (unlikely(tp_len < 0)) {
2322 __packet_set_status(po, ph,
2323 TP_STATUS_AVAILABLE);
2324 packet_increment_head(&po->tx_ring);
2328 status = TP_STATUS_WRONG_FORMAT;
2334 packet_pick_tx_queue(dev, skb);
2336 skb->destructor = tpacket_destruct_skb;
2337 __packet_set_status(po, ph, TP_STATUS_SENDING);
2338 packet_inc_pending(&po->tx_ring);
2340 status = TP_STATUS_SEND_REQUEST;
2341 err = po->xmit(skb);
2342 if (unlikely(err > 0)) {
2343 err = net_xmit_errno(err);
2344 if (err && __packet_get_status(po, ph) ==
2345 TP_STATUS_AVAILABLE) {
2346 /* skb was destructed already */
2351 * skb was dropped but not destructed yet;
2352 * let's treat it like congestion or err < 0
2356 packet_increment_head(&po->tx_ring);
2358 } while (likely((ph != NULL) ||
2359 /* Note: packet_read_pending() might be slow if we have
2360 * to call it as it's per_cpu variable, but in fast-path
2361 * we already short-circuit the loop with the first
2362 * condition, and luckily don't have to go that path
2365 (need_wait && packet_read_pending(&po->tx_ring))));
2371 __packet_set_status(po, ph, status);
2376 mutex_unlock(&po->pg_vec_lock);
2380 static struct sk_buff *packet_alloc_skb(struct sock *sk, size_t prepad,
2381 size_t reserve, size_t len,
2382 size_t linear, int noblock,
2385 struct sk_buff *skb;
2387 /* Under a page? Don't bother with paged skb. */
2388 if (prepad + len < PAGE_SIZE || !linear)
2391 skb = sock_alloc_send_pskb(sk, prepad + linear, len - linear, noblock,
2396 skb_reserve(skb, reserve);
2397 skb_put(skb, linear);
2398 skb->data_len = len - linear;
2399 skb->len += len - linear;
2404 static int packet_snd(struct socket *sock, struct msghdr *msg, size_t len)
2406 struct sock *sk = sock->sk;
2407 DECLARE_SOCKADDR(struct sockaddr_ll *, saddr, msg->msg_name);
2408 struct sk_buff *skb;
2409 struct net_device *dev;
2411 unsigned char *addr;
2412 int err, reserve = 0;
2413 struct virtio_net_hdr vnet_hdr = { 0 };
2416 struct packet_sock *po = pkt_sk(sk);
2417 unsigned short gso_type = 0;
2423 * Get and verify the address.
2426 if (likely(saddr == NULL)) {
2427 dev = packet_cached_dev_get(po);
2432 if (msg->msg_namelen < sizeof(struct sockaddr_ll))
2434 if (msg->msg_namelen < (saddr->sll_halen + offsetof(struct sockaddr_ll, sll_addr)))
2436 proto = saddr->sll_protocol;
2437 addr = saddr->sll_addr;
2438 dev = dev_get_by_index(sock_net(sk), saddr->sll_ifindex);
2442 if (unlikely(dev == NULL))
2445 if (unlikely(!(dev->flags & IFF_UP)))
2448 if (sock->type == SOCK_RAW)
2449 reserve = dev->hard_header_len;
2450 if (po->has_vnet_hdr) {
2451 vnet_hdr_len = sizeof(vnet_hdr);
2454 if (len < vnet_hdr_len)
2457 len -= vnet_hdr_len;
2460 n = copy_from_iter(&vnet_hdr, vnet_hdr_len, &msg->msg_iter);
2461 if (n != vnet_hdr_len)
2464 if ((vnet_hdr.flags & VIRTIO_NET_HDR_F_NEEDS_CSUM) &&
2465 (__virtio16_to_cpu(false, vnet_hdr.csum_start) +
2466 __virtio16_to_cpu(false, vnet_hdr.csum_offset) + 2 >
2467 __virtio16_to_cpu(false, vnet_hdr.hdr_len)))
2468 vnet_hdr.hdr_len = __cpu_to_virtio16(false,
2469 __virtio16_to_cpu(false, vnet_hdr.csum_start) +
2470 __virtio16_to_cpu(false, vnet_hdr.csum_offset) + 2);
2473 if (__virtio16_to_cpu(false, vnet_hdr.hdr_len) > len)
2476 if (vnet_hdr.gso_type != VIRTIO_NET_HDR_GSO_NONE) {
2477 switch (vnet_hdr.gso_type & ~VIRTIO_NET_HDR_GSO_ECN) {
2478 case VIRTIO_NET_HDR_GSO_TCPV4:
2479 gso_type = SKB_GSO_TCPV4;
2481 case VIRTIO_NET_HDR_GSO_TCPV6:
2482 gso_type = SKB_GSO_TCPV6;
2484 case VIRTIO_NET_HDR_GSO_UDP:
2485 gso_type = SKB_GSO_UDP;
2491 if (vnet_hdr.gso_type & VIRTIO_NET_HDR_GSO_ECN)
2492 gso_type |= SKB_GSO_TCP_ECN;
2494 if (vnet_hdr.gso_size == 0)
2500 if (unlikely(sock_flag(sk, SOCK_NOFCS))) {
2501 if (!netif_supports_nofcs(dev)) {
2502 err = -EPROTONOSUPPORT;
2505 extra_len = 4; /* We're doing our own CRC */
2509 if (!gso_type && (len > dev->mtu + reserve + VLAN_HLEN + extra_len))
2513 hlen = LL_RESERVED_SPACE(dev);
2514 tlen = dev->needed_tailroom;
2515 skb = packet_alloc_skb(sk, hlen + tlen, hlen, len,
2516 __virtio16_to_cpu(false, vnet_hdr.hdr_len),
2517 msg->msg_flags & MSG_DONTWAIT, &err);
2521 skb_set_network_header(skb, reserve);
2524 if (sock->type == SOCK_DGRAM) {
2525 offset = dev_hard_header(skb, dev, ntohs(proto), addr, NULL, len);
2526 if (unlikely(offset < 0))
2529 if (ll_header_truncated(dev, len))
2533 /* Returns -EFAULT on error */
2534 err = skb_copy_datagram_from_iter(skb, offset, &msg->msg_iter, len);
2538 sock_tx_timestamp(sk, &skb_shinfo(skb)->tx_flags);
2540 if (!gso_type && (len > dev->mtu + reserve + extra_len)) {
2541 /* Earlier code assumed this would be a VLAN pkt,
2542 * double-check this now that we have the actual
2545 struct ethhdr *ehdr;
2546 skb_reset_mac_header(skb);
2547 ehdr = eth_hdr(skb);
2548 if (ehdr->h_proto != htons(ETH_P_8021Q)) {
2554 skb->protocol = proto;
2556 skb->priority = sk->sk_priority;
2557 skb->mark = sk->sk_mark;
2559 packet_pick_tx_queue(dev, skb);
2561 if (po->has_vnet_hdr) {
2562 if (vnet_hdr.flags & VIRTIO_NET_HDR_F_NEEDS_CSUM) {
2563 u16 s = __virtio16_to_cpu(false, vnet_hdr.csum_start);
2564 u16 o = __virtio16_to_cpu(false, vnet_hdr.csum_offset);
2565 if (!skb_partial_csum_set(skb, s, o)) {
2571 skb_shinfo(skb)->gso_size =
2572 __virtio16_to_cpu(false, vnet_hdr.gso_size);
2573 skb_shinfo(skb)->gso_type = gso_type;
2575 /* Header must be checked, and gso_segs computed. */
2576 skb_shinfo(skb)->gso_type |= SKB_GSO_DODGY;
2577 skb_shinfo(skb)->gso_segs = 0;
2579 len += vnet_hdr_len;
2582 if (!packet_use_direct_xmit(po))
2583 skb_probe_transport_header(skb, reserve);
2584 if (unlikely(extra_len == 4))
2587 err = po->xmit(skb);
2588 if (err > 0 && (err = net_xmit_errno(err)) != 0)
2604 static int packet_sendmsg(struct kiocb *iocb, struct socket *sock,
2605 struct msghdr *msg, size_t len)
2607 struct sock *sk = sock->sk;
2608 struct packet_sock *po = pkt_sk(sk);
2610 if (po->tx_ring.pg_vec)
2611 return tpacket_snd(po, msg);
2613 return packet_snd(sock, msg, len);
2617 * Close a PACKET socket. This is fairly simple. We immediately go
2618 * to 'closed' state and remove our protocol entry in the device list.
2621 static int packet_release(struct socket *sock)
2623 struct sock *sk = sock->sk;
2624 struct packet_sock *po;
2626 union tpacket_req_u req_u;
2634 mutex_lock(&net->packet.sklist_lock);
2635 sk_del_node_init_rcu(sk);
2636 mutex_unlock(&net->packet.sklist_lock);
2639 sock_prot_inuse_add(net, sk->sk_prot, -1);
2642 spin_lock(&po->bind_lock);
2643 unregister_prot_hook(sk, false);
2644 packet_cached_dev_reset(po);
2646 if (po->prot_hook.dev) {
2647 dev_put(po->prot_hook.dev);
2648 po->prot_hook.dev = NULL;
2650 spin_unlock(&po->bind_lock);
2652 packet_flush_mclist(sk);
2654 if (po->rx_ring.pg_vec) {
2655 memset(&req_u, 0, sizeof(req_u));
2656 packet_set_ring(sk, &req_u, 1, 0);
2659 if (po->tx_ring.pg_vec) {
2660 memset(&req_u, 0, sizeof(req_u));
2661 packet_set_ring(sk, &req_u, 1, 1);
2668 * Now the socket is dead. No more input will appear.
2675 skb_queue_purge(&sk->sk_receive_queue);
2676 packet_free_pending(po);
2677 sk_refcnt_debug_release(sk);
2684 * Attach a packet hook.
2687 static int packet_do_bind(struct sock *sk, struct net_device *dev, __be16 proto)
2689 struct packet_sock *po = pkt_sk(sk);
2690 const struct net_device *dev_curr;
2702 spin_lock(&po->bind_lock);
2704 proto_curr = po->prot_hook.type;
2705 dev_curr = po->prot_hook.dev;
2707 need_rehook = proto_curr != proto || dev_curr != dev;
2710 unregister_prot_hook(sk, true);
2713 po->prot_hook.type = proto;
2715 if (po->prot_hook.dev)
2716 dev_put(po->prot_hook.dev);
2718 po->prot_hook.dev = dev;
2720 po->ifindex = dev ? dev->ifindex : 0;
2721 packet_cached_dev_assign(po, dev);
2724 if (proto == 0 || !need_rehook)
2727 if (!dev || (dev->flags & IFF_UP)) {
2728 register_prot_hook(sk);
2730 sk->sk_err = ENETDOWN;
2731 if (!sock_flag(sk, SOCK_DEAD))
2732 sk->sk_error_report(sk);
2736 spin_unlock(&po->bind_lock);
2742 * Bind a packet socket to a device
2745 static int packet_bind_spkt(struct socket *sock, struct sockaddr *uaddr,
2748 struct sock *sk = sock->sk;
2750 struct net_device *dev;
2757 if (addr_len != sizeof(struct sockaddr))
2759 strlcpy(name, uaddr->sa_data, sizeof(name));
2761 dev = dev_get_by_name(sock_net(sk), name);
2763 err = packet_do_bind(sk, dev, pkt_sk(sk)->num);
2767 static int packet_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
2769 struct sockaddr_ll *sll = (struct sockaddr_ll *)uaddr;
2770 struct sock *sk = sock->sk;
2771 struct net_device *dev = NULL;
2779 if (addr_len < sizeof(struct sockaddr_ll))
2781 if (sll->sll_family != AF_PACKET)
2784 if (sll->sll_ifindex) {
2786 dev = dev_get_by_index(sock_net(sk), sll->sll_ifindex);
2790 err = packet_do_bind(sk, dev, sll->sll_protocol ? : pkt_sk(sk)->num);
2796 static struct proto packet_proto = {
2798 .owner = THIS_MODULE,
2799 .obj_size = sizeof(struct packet_sock),
2803 * Create a packet of type SOCK_PACKET.
2806 static int packet_create(struct net *net, struct socket *sock, int protocol,
2810 struct packet_sock *po;
2811 __be16 proto = (__force __be16)protocol; /* weird, but documented */
2814 if (!ns_capable(net->user_ns, CAP_NET_RAW))
2816 if (sock->type != SOCK_DGRAM && sock->type != SOCK_RAW &&
2817 sock->type != SOCK_PACKET)
2818 return -ESOCKTNOSUPPORT;
2820 sock->state = SS_UNCONNECTED;
2823 sk = sk_alloc(net, PF_PACKET, GFP_KERNEL, &packet_proto);
2827 sock->ops = &packet_ops;
2828 if (sock->type == SOCK_PACKET)
2829 sock->ops = &packet_ops_spkt;
2831 sock_init_data(sock, sk);
2834 sk->sk_family = PF_PACKET;
2836 po->xmit = dev_queue_xmit;
2838 err = packet_alloc_pending(po);
2842 packet_cached_dev_reset(po);
2844 sk->sk_destruct = packet_sock_destruct;
2845 sk_refcnt_debug_inc(sk);
2848 * Attach a protocol block
2851 spin_lock_init(&po->bind_lock);
2852 mutex_init(&po->pg_vec_lock);
2853 po->prot_hook.func = packet_rcv;
2855 if (sock->type == SOCK_PACKET)
2856 po->prot_hook.func = packet_rcv_spkt;
2858 po->prot_hook.af_packet_priv = sk;
2861 po->prot_hook.type = proto;
2862 register_prot_hook(sk);
2865 mutex_lock(&net->packet.sklist_lock);
2866 sk_add_node_rcu(sk, &net->packet.sklist);
2867 mutex_unlock(&net->packet.sklist_lock);
2870 sock_prot_inuse_add(net, &packet_proto, 1);
2881 * Pull a packet from our receive queue and hand it to the user.
2882 * If necessary we block.
2885 static int packet_recvmsg(struct kiocb *iocb, struct socket *sock,
2886 struct msghdr *msg, size_t len, int flags)
2888 struct sock *sk = sock->sk;
2889 struct sk_buff *skb;
2891 int vnet_hdr_len = 0;
2892 unsigned int origlen = 0;
2895 if (flags & ~(MSG_PEEK|MSG_DONTWAIT|MSG_TRUNC|MSG_CMSG_COMPAT|MSG_ERRQUEUE))
2899 /* What error should we return now? EUNATTACH? */
2900 if (pkt_sk(sk)->ifindex < 0)
2904 if (flags & MSG_ERRQUEUE) {
2905 err = sock_recv_errqueue(sk, msg, len,
2906 SOL_PACKET, PACKET_TX_TIMESTAMP);
2911 * Call the generic datagram receiver. This handles all sorts
2912 * of horrible races and re-entrancy so we can forget about it
2913 * in the protocol layers.
2915 * Now it will return ENETDOWN, if device have just gone down,
2916 * but then it will block.
2919 skb = skb_recv_datagram(sk, flags, flags & MSG_DONTWAIT, &err);
2922 * An error occurred so return it. Because skb_recv_datagram()
2923 * handles the blocking we don't see and worry about blocking
2930 if (pkt_sk(sk)->has_vnet_hdr) {
2931 struct virtio_net_hdr vnet_hdr = { 0 };
2934 vnet_hdr_len = sizeof(vnet_hdr);
2935 if (len < vnet_hdr_len)
2938 len -= vnet_hdr_len;
2940 if (skb_is_gso(skb)) {
2941 struct skb_shared_info *sinfo = skb_shinfo(skb);
2943 /* This is a hint as to how much should be linear. */
2945 __cpu_to_virtio16(false, skb_headlen(skb));
2947 __cpu_to_virtio16(false, sinfo->gso_size);
2948 if (sinfo->gso_type & SKB_GSO_TCPV4)
2949 vnet_hdr.gso_type = VIRTIO_NET_HDR_GSO_TCPV4;
2950 else if (sinfo->gso_type & SKB_GSO_TCPV6)
2951 vnet_hdr.gso_type = VIRTIO_NET_HDR_GSO_TCPV6;
2952 else if (sinfo->gso_type & SKB_GSO_UDP)
2953 vnet_hdr.gso_type = VIRTIO_NET_HDR_GSO_UDP;
2954 else if (sinfo->gso_type & SKB_GSO_FCOE)
2958 if (sinfo->gso_type & SKB_GSO_TCP_ECN)
2959 vnet_hdr.gso_type |= VIRTIO_NET_HDR_GSO_ECN;
2961 vnet_hdr.gso_type = VIRTIO_NET_HDR_GSO_NONE;
2963 if (skb->ip_summed == CHECKSUM_PARTIAL) {
2964 vnet_hdr.flags = VIRTIO_NET_HDR_F_NEEDS_CSUM;
2965 vnet_hdr.csum_start = __cpu_to_virtio16(false,
2966 skb_checksum_start_offset(skb));
2967 vnet_hdr.csum_offset = __cpu_to_virtio16(false,
2969 } else if (skb->ip_summed == CHECKSUM_UNNECESSARY) {
2970 vnet_hdr.flags = VIRTIO_NET_HDR_F_DATA_VALID;
2971 } /* else everything is zero */
2973 err = memcpy_to_msg(msg, (void *)&vnet_hdr, vnet_hdr_len);
2978 /* You lose any data beyond the buffer you gave. If it worries
2979 * a user program they can ask the device for its MTU
2985 msg->msg_flags |= MSG_TRUNC;
2988 err = skb_copy_datagram_msg(skb, 0, msg, copied);
2992 if (sock->type != SOCK_PACKET) {
2993 struct sockaddr_ll *sll = &PACKET_SKB_CB(skb)->sa.ll;
2995 /* Original length was stored in sockaddr_ll fields */
2996 origlen = PACKET_SKB_CB(skb)->sa.origlen;
2997 sll->sll_family = AF_PACKET;
2998 sll->sll_protocol = skb->protocol;
3001 sock_recv_ts_and_drops(msg, sk, skb);
3003 if (msg->msg_name) {
3004 /* If the address length field is there to be filled
3005 * in, we fill it in now.
3007 if (sock->type == SOCK_PACKET) {
3008 __sockaddr_check_size(sizeof(struct sockaddr_pkt));
3009 msg->msg_namelen = sizeof(struct sockaddr_pkt);
3011 struct sockaddr_ll *sll = &PACKET_SKB_CB(skb)->sa.ll;
3013 msg->msg_namelen = sll->sll_halen +
3014 offsetof(struct sockaddr_ll, sll_addr);
3016 memcpy(msg->msg_name, &PACKET_SKB_CB(skb)->sa,
3020 if (pkt_sk(sk)->auxdata) {
3021 struct tpacket_auxdata aux;
3023 aux.tp_status = TP_STATUS_USER;
3024 if (skb->ip_summed == CHECKSUM_PARTIAL)
3025 aux.tp_status |= TP_STATUS_CSUMNOTREADY;
3026 aux.tp_len = origlen;
3027 aux.tp_snaplen = skb->len;
3029 aux.tp_net = skb_network_offset(skb);
3030 if (skb_vlan_tag_present(skb)) {
3031 aux.tp_vlan_tci = skb_vlan_tag_get(skb);
3032 aux.tp_vlan_tpid = ntohs(skb->vlan_proto);
3033 aux.tp_status |= TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID;
3035 aux.tp_vlan_tci = 0;
3036 aux.tp_vlan_tpid = 0;
3038 put_cmsg(msg, SOL_PACKET, PACKET_AUXDATA, sizeof(aux), &aux);
3042 * Free or return the buffer as appropriate. Again this
3043 * hides all the races and re-entrancy issues from us.
3045 err = vnet_hdr_len + ((flags&MSG_TRUNC) ? skb->len : copied);
3048 skb_free_datagram(sk, skb);
3053 static int packet_getname_spkt(struct socket *sock, struct sockaddr *uaddr,
3054 int *uaddr_len, int peer)
3056 struct net_device *dev;
3057 struct sock *sk = sock->sk;
3062 uaddr->sa_family = AF_PACKET;
3063 memset(uaddr->sa_data, 0, sizeof(uaddr->sa_data));
3065 dev = dev_get_by_index_rcu(sock_net(sk), pkt_sk(sk)->ifindex);
3067 strlcpy(uaddr->sa_data, dev->name, sizeof(uaddr->sa_data));
3069 *uaddr_len = sizeof(*uaddr);
3074 static int packet_getname(struct socket *sock, struct sockaddr *uaddr,
3075 int *uaddr_len, int peer)
3077 struct net_device *dev;
3078 struct sock *sk = sock->sk;
3079 struct packet_sock *po = pkt_sk(sk);
3080 DECLARE_SOCKADDR(struct sockaddr_ll *, sll, uaddr);
3085 sll->sll_family = AF_PACKET;
3086 sll->sll_ifindex = po->ifindex;
3087 sll->sll_protocol = po->num;
3088 sll->sll_pkttype = 0;
3090 dev = dev_get_by_index_rcu(sock_net(sk), po->ifindex);
3092 sll->sll_hatype = dev->type;
3093 sll->sll_halen = dev->addr_len;
3094 memcpy(sll->sll_addr, dev->dev_addr, dev->addr_len);
3096 sll->sll_hatype = 0; /* Bad: we have no ARPHRD_UNSPEC */
3100 *uaddr_len = offsetof(struct sockaddr_ll, sll_addr) + sll->sll_halen;
3105 static int packet_dev_mc(struct net_device *dev, struct packet_mclist *i,
3109 case PACKET_MR_MULTICAST:
3110 if (i->alen != dev->addr_len)
3113 return dev_mc_add(dev, i->addr);
3115 return dev_mc_del(dev, i->addr);
3117 case PACKET_MR_PROMISC:
3118 return dev_set_promiscuity(dev, what);
3119 case PACKET_MR_ALLMULTI:
3120 return dev_set_allmulti(dev, what);
3121 case PACKET_MR_UNICAST:
3122 if (i->alen != dev->addr_len)
3125 return dev_uc_add(dev, i->addr);
3127 return dev_uc_del(dev, i->addr);
3135 static void packet_dev_mclist(struct net_device *dev, struct packet_mclist *i, int what)
3137 for ( ; i; i = i->next) {
3138 if (i->ifindex == dev->ifindex)
3139 packet_dev_mc(dev, i, what);
3143 static int packet_mc_add(struct sock *sk, struct packet_mreq_max *mreq)
3145 struct packet_sock *po = pkt_sk(sk);
3146 struct packet_mclist *ml, *i;
3147 struct net_device *dev;
3153 dev = __dev_get_by_index(sock_net(sk), mreq->mr_ifindex);
3158 if (mreq->mr_alen > dev->addr_len)
3162 i = kmalloc(sizeof(*i), GFP_KERNEL);
3167 for (ml = po->mclist; ml; ml = ml->next) {
3168 if (ml->ifindex == mreq->mr_ifindex &&
3169 ml->type == mreq->mr_type &&
3170 ml->alen == mreq->mr_alen &&
3171 memcmp(ml->addr, mreq->mr_address, ml->alen) == 0) {
3173 /* Free the new element ... */
3179 i->type = mreq->mr_type;
3180 i->ifindex = mreq->mr_ifindex;
3181 i->alen = mreq->mr_alen;
3182 memcpy(i->addr, mreq->mr_address, i->alen);
3184 i->next = po->mclist;
3186 err = packet_dev_mc(dev, i, 1);
3188 po->mclist = i->next;
3197 static int packet_mc_drop(struct sock *sk, struct packet_mreq_max *mreq)
3199 struct packet_mclist *ml, **mlp;
3203 for (mlp = &pkt_sk(sk)->mclist; (ml = *mlp) != NULL; mlp = &ml->next) {
3204 if (ml->ifindex == mreq->mr_ifindex &&
3205 ml->type == mreq->mr_type &&
3206 ml->alen == mreq->mr_alen &&
3207 memcmp(ml->addr, mreq->mr_address, ml->alen) == 0) {
3208 if (--ml->count == 0) {
3209 struct net_device *dev;
3211 dev = __dev_get_by_index(sock_net(sk), ml->ifindex);
3213 packet_dev_mc(dev, ml, -1);
3221 return -EADDRNOTAVAIL;
3224 static void packet_flush_mclist(struct sock *sk)
3226 struct packet_sock *po = pkt_sk(sk);
3227 struct packet_mclist *ml;
3233 while ((ml = po->mclist) != NULL) {
3234 struct net_device *dev;
3236 po->mclist = ml->next;
3237 dev = __dev_get_by_index(sock_net(sk), ml->ifindex);
3239 packet_dev_mc(dev, ml, -1);
3246 packet_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
3248 struct sock *sk = sock->sk;
3249 struct packet_sock *po = pkt_sk(sk);
3252 if (level != SOL_PACKET)
3253 return -ENOPROTOOPT;
3256 case PACKET_ADD_MEMBERSHIP:
3257 case PACKET_DROP_MEMBERSHIP:
3259 struct packet_mreq_max mreq;
3261 memset(&mreq, 0, sizeof(mreq));
3262 if (len < sizeof(struct packet_mreq))
3264 if (len > sizeof(mreq))
3266 if (copy_from_user(&mreq, optval, len))
3268 if (len < (mreq.mr_alen + offsetof(struct packet_mreq, mr_address)))
3270 if (optname == PACKET_ADD_MEMBERSHIP)
3271 ret = packet_mc_add(sk, &mreq);
3273 ret = packet_mc_drop(sk, &mreq);
3277 case PACKET_RX_RING:
3278 case PACKET_TX_RING:
3280 union tpacket_req_u req_u;
3283 switch (po->tp_version) {
3286 len = sizeof(req_u.req);
3290 len = sizeof(req_u.req3);
3295 if (pkt_sk(sk)->has_vnet_hdr)
3297 if (copy_from_user(&req_u.req, optval, len))
3299 return packet_set_ring(sk, &req_u, 0,
3300 optname == PACKET_TX_RING);
3302 case PACKET_COPY_THRESH:
3306 if (optlen != sizeof(val))
3308 if (copy_from_user(&val, optval, sizeof(val)))
3311 pkt_sk(sk)->copy_thresh = val;
3314 case PACKET_VERSION:
3318 if (optlen != sizeof(val))
3320 if (po->rx_ring.pg_vec || po->tx_ring.pg_vec)
3322 if (copy_from_user(&val, optval, sizeof(val)))
3328 po->tp_version = val;
3334 case PACKET_RESERVE:
3338 if (optlen != sizeof(val))
3340 if (po->rx_ring.pg_vec || po->tx_ring.pg_vec)
3342 if (copy_from_user(&val, optval, sizeof(val)))
3344 po->tp_reserve = val;
3351 if (optlen != sizeof(val))
3353 if (po->rx_ring.pg_vec || po->tx_ring.pg_vec)
3355 if (copy_from_user(&val, optval, sizeof(val)))
3357 po->tp_loss = !!val;
3360 case PACKET_AUXDATA:
3364 if (optlen < sizeof(val))
3366 if (copy_from_user(&val, optval, sizeof(val)))
3369 po->auxdata = !!val;
3372 case PACKET_ORIGDEV:
3376 if (optlen < sizeof(val))
3378 if (copy_from_user(&val, optval, sizeof(val)))
3381 po->origdev = !!val;
3384 case PACKET_VNET_HDR:
3388 if (sock->type != SOCK_RAW)
3390 if (po->rx_ring.pg_vec || po->tx_ring.pg_vec)
3392 if (optlen < sizeof(val))
3394 if (copy_from_user(&val, optval, sizeof(val)))
3397 po->has_vnet_hdr = !!val;
3400 case PACKET_TIMESTAMP:
3404 if (optlen != sizeof(val))
3406 if (copy_from_user(&val, optval, sizeof(val)))
3409 po->tp_tstamp = val;
3416 if (optlen != sizeof(val))
3418 if (copy_from_user(&val, optval, sizeof(val)))
3421 return fanout_add(sk, val & 0xffff, val >> 16);
3423 case PACKET_TX_HAS_OFF:
3427 if (optlen != sizeof(val))
3429 if (po->rx_ring.pg_vec || po->tx_ring.pg_vec)
3431 if (copy_from_user(&val, optval, sizeof(val)))
3433 po->tp_tx_has_off = !!val;
3436 case PACKET_QDISC_BYPASS:
3440 if (optlen != sizeof(val))
3442 if (copy_from_user(&val, optval, sizeof(val)))
3445 po->xmit = val ? packet_direct_xmit : dev_queue_xmit;
3449 return -ENOPROTOOPT;
3453 static int packet_getsockopt(struct socket *sock, int level, int optname,
3454 char __user *optval, int __user *optlen)
3457 int val, lv = sizeof(val);
3458 struct sock *sk = sock->sk;
3459 struct packet_sock *po = pkt_sk(sk);
3461 union tpacket_stats_u st;
3463 if (level != SOL_PACKET)
3464 return -ENOPROTOOPT;
3466 if (get_user(len, optlen))
3473 case PACKET_STATISTICS:
3474 spin_lock_bh(&sk->sk_receive_queue.lock);
3475 memcpy(&st, &po->stats, sizeof(st));
3476 memset(&po->stats, 0, sizeof(po->stats));
3477 spin_unlock_bh(&sk->sk_receive_queue.lock);
3479 if (po->tp_version == TPACKET_V3) {
3480 lv = sizeof(struct tpacket_stats_v3);
3481 st.stats3.tp_packets += st.stats3.tp_drops;
3484 lv = sizeof(struct tpacket_stats);
3485 st.stats1.tp_packets += st.stats1.tp_drops;
3490 case PACKET_AUXDATA:
3493 case PACKET_ORIGDEV:
3496 case PACKET_VNET_HDR:
3497 val = po->has_vnet_hdr;
3499 case PACKET_VERSION:
3500 val = po->tp_version;
3503 if (len > sizeof(int))
3505 if (copy_from_user(&val, optval, len))
3509 val = sizeof(struct tpacket_hdr);
3512 val = sizeof(struct tpacket2_hdr);
3515 val = sizeof(struct tpacket3_hdr);
3521 case PACKET_RESERVE:
3522 val = po->tp_reserve;
3527 case PACKET_TIMESTAMP:
3528 val = po->tp_tstamp;
3532 ((u32)po->fanout->id |
3533 ((u32)po->fanout->type << 16) |
3534 ((u32)po->fanout->flags << 24)) :
3537 case PACKET_TX_HAS_OFF:
3538 val = po->tp_tx_has_off;
3540 case PACKET_QDISC_BYPASS:
3541 val = packet_use_direct_xmit(po);
3544 return -ENOPROTOOPT;
3549 if (put_user(len, optlen))
3551 if (copy_to_user(optval, data, len))
3557 static int packet_notifier(struct notifier_block *this,
3558 unsigned long msg, void *ptr)
3561 struct net_device *dev = netdev_notifier_info_to_dev(ptr);
3562 struct net *net = dev_net(dev);
3565 sk_for_each_rcu(sk, &net->packet.sklist) {
3566 struct packet_sock *po = pkt_sk(sk);
3569 case NETDEV_UNREGISTER:
3571 packet_dev_mclist(dev, po->mclist, -1);
3575 if (dev->ifindex == po->ifindex) {
3576 spin_lock(&po->bind_lock);
3578 __unregister_prot_hook(sk, false);
3579 sk->sk_err = ENETDOWN;
3580 if (!sock_flag(sk, SOCK_DEAD))
3581 sk->sk_error_report(sk);
3583 if (msg == NETDEV_UNREGISTER) {
3584 packet_cached_dev_reset(po);
3586 if (po->prot_hook.dev)
3587 dev_put(po->prot_hook.dev);
3588 po->prot_hook.dev = NULL;
3590 spin_unlock(&po->bind_lock);
3594 if (dev->ifindex == po->ifindex) {
3595 spin_lock(&po->bind_lock);
3597 register_prot_hook(sk);
3598 spin_unlock(&po->bind_lock);
3608 static int packet_ioctl(struct socket *sock, unsigned int cmd,
3611 struct sock *sk = sock->sk;
3616 int amount = sk_wmem_alloc_get(sk);
3618 return put_user(amount, (int __user *)arg);
3622 struct sk_buff *skb;
3625 spin_lock_bh(&sk->sk_receive_queue.lock);
3626 skb = skb_peek(&sk->sk_receive_queue);
3629 spin_unlock_bh(&sk->sk_receive_queue.lock);
3630 return put_user(amount, (int __user *)arg);
3633 return sock_get_timestamp(sk, (struct timeval __user *)arg);
3635 return sock_get_timestampns(sk, (struct timespec __user *)arg);
3645 case SIOCGIFBRDADDR:
3646 case SIOCSIFBRDADDR:
3647 case SIOCGIFNETMASK:
3648 case SIOCSIFNETMASK:
3649 case SIOCGIFDSTADDR:
3650 case SIOCSIFDSTADDR:
3652 return inet_dgram_ops.ioctl(sock, cmd, arg);
3656 return -ENOIOCTLCMD;
3661 static unsigned int packet_poll(struct file *file, struct socket *sock,
3664 struct sock *sk = sock->sk;
3665 struct packet_sock *po = pkt_sk(sk);
3666 unsigned int mask = datagram_poll(file, sock, wait);
3668 spin_lock_bh(&sk->sk_receive_queue.lock);
3669 if (po->rx_ring.pg_vec) {
3670 if (!packet_previous_rx_frame(po, &po->rx_ring,
3672 mask |= POLLIN | POLLRDNORM;
3674 spin_unlock_bh(&sk->sk_receive_queue.lock);
3675 spin_lock_bh(&sk->sk_write_queue.lock);
3676 if (po->tx_ring.pg_vec) {
3677 if (packet_current_frame(po, &po->tx_ring, TP_STATUS_AVAILABLE))
3678 mask |= POLLOUT | POLLWRNORM;
3680 spin_unlock_bh(&sk->sk_write_queue.lock);
3685 /* Dirty? Well, I still did not learn better way to account
3689 static void packet_mm_open(struct vm_area_struct *vma)
3691 struct file *file = vma->vm_file;
3692 struct socket *sock = file->private_data;
3693 struct sock *sk = sock->sk;
3696 atomic_inc(&pkt_sk(sk)->mapped);
3699 static void packet_mm_close(struct vm_area_struct *vma)
3701 struct file *file = vma->vm_file;
3702 struct socket *sock = file->private_data;
3703 struct sock *sk = sock->sk;
3706 atomic_dec(&pkt_sk(sk)->mapped);
3709 static const struct vm_operations_struct packet_mmap_ops = {
3710 .open = packet_mm_open,
3711 .close = packet_mm_close,
3714 static void free_pg_vec(struct pgv *pg_vec, unsigned int order,
3719 for (i = 0; i < len; i++) {
3720 if (likely(pg_vec[i].buffer)) {
3721 if (is_vmalloc_addr(pg_vec[i].buffer))
3722 vfree(pg_vec[i].buffer);
3724 free_pages((unsigned long)pg_vec[i].buffer,
3726 pg_vec[i].buffer = NULL;
3732 static char *alloc_one_pg_vec_page(unsigned long order)
3735 gfp_t gfp_flags = GFP_KERNEL | __GFP_COMP |
3736 __GFP_ZERO | __GFP_NOWARN | __GFP_NORETRY;
3738 buffer = (char *) __get_free_pages(gfp_flags, order);
3742 /* __get_free_pages failed, fall back to vmalloc */
3743 buffer = vzalloc((1 << order) * PAGE_SIZE);
3747 /* vmalloc failed, lets dig into swap here */
3748 gfp_flags &= ~__GFP_NORETRY;
3749 buffer = (char *) __get_free_pages(gfp_flags, order);
3753 /* complete and utter failure */
3757 static struct pgv *alloc_pg_vec(struct tpacket_req *req, int order)
3759 unsigned int block_nr = req->tp_block_nr;
3763 pg_vec = kcalloc(block_nr, sizeof(struct pgv), GFP_KERNEL);
3764 if (unlikely(!pg_vec))
3767 for (i = 0; i < block_nr; i++) {
3768 pg_vec[i].buffer = alloc_one_pg_vec_page(order);
3769 if (unlikely(!pg_vec[i].buffer))
3770 goto out_free_pgvec;
3777 free_pg_vec(pg_vec, order, block_nr);
3782 static int packet_set_ring(struct sock *sk, union tpacket_req_u *req_u,
3783 int closing, int tx_ring)
3785 struct pgv *pg_vec = NULL;
3786 struct packet_sock *po = pkt_sk(sk);
3787 int was_running, order = 0;
3788 struct packet_ring_buffer *rb;
3789 struct sk_buff_head *rb_queue;
3792 /* Added to avoid minimal code churn */
3793 struct tpacket_req *req = &req_u->req;
3795 /* Opening a Tx-ring is NOT supported in TPACKET_V3 */
3796 if (!closing && tx_ring && (po->tp_version > TPACKET_V2)) {
3797 WARN(1, "Tx-ring is not supported.\n");
3801 rb = tx_ring ? &po->tx_ring : &po->rx_ring;
3802 rb_queue = tx_ring ? &sk->sk_write_queue : &sk->sk_receive_queue;
3806 if (atomic_read(&po->mapped))
3808 if (packet_read_pending(rb))
3812 if (req->tp_block_nr) {
3813 /* Sanity tests and some calculations */
3815 if (unlikely(rb->pg_vec))
3818 switch (po->tp_version) {
3820 po->tp_hdrlen = TPACKET_HDRLEN;
3823 po->tp_hdrlen = TPACKET2_HDRLEN;
3826 po->tp_hdrlen = TPACKET3_HDRLEN;
3831 if (unlikely((int)req->tp_block_size <= 0))
3833 if (unlikely(req->tp_block_size & (PAGE_SIZE - 1)))
3835 if (po->tp_version >= TPACKET_V3 &&
3836 (int)(req->tp_block_size -
3837 BLK_PLUS_PRIV(req_u->req3.tp_sizeof_priv)) <= 0)
3839 if (unlikely(req->tp_frame_size < po->tp_hdrlen +
3842 if (unlikely(req->tp_frame_size & (TPACKET_ALIGNMENT - 1)))
3845 rb->frames_per_block = req->tp_block_size/req->tp_frame_size;
3846 if (unlikely(rb->frames_per_block <= 0))
3848 if (unlikely((rb->frames_per_block * req->tp_block_nr) !=
3853 order = get_order(req->tp_block_size);
3854 pg_vec = alloc_pg_vec(req, order);
3855 if (unlikely(!pg_vec))
3857 switch (po->tp_version) {
3859 /* Transmit path is not supported. We checked
3860 * it above but just being paranoid
3863 init_prb_bdqc(po, rb, pg_vec, req_u, tx_ring);
3872 if (unlikely(req->tp_frame_nr))
3878 /* Detach socket from network */
3879 spin_lock(&po->bind_lock);
3880 was_running = po->running;
3884 __unregister_prot_hook(sk, false);
3886 spin_unlock(&po->bind_lock);
3891 mutex_lock(&po->pg_vec_lock);
3892 if (closing || atomic_read(&po->mapped) == 0) {
3894 spin_lock_bh(&rb_queue->lock);
3895 swap(rb->pg_vec, pg_vec);
3896 rb->frame_max = (req->tp_frame_nr - 1);
3898 rb->frame_size = req->tp_frame_size;
3899 spin_unlock_bh(&rb_queue->lock);
3901 swap(rb->pg_vec_order, order);
3902 swap(rb->pg_vec_len, req->tp_block_nr);
3904 rb->pg_vec_pages = req->tp_block_size/PAGE_SIZE;
3905 po->prot_hook.func = (po->rx_ring.pg_vec) ?
3906 tpacket_rcv : packet_rcv;
3907 skb_queue_purge(rb_queue);
3908 if (atomic_read(&po->mapped))
3909 pr_err("packet_mmap: vma is busy: %d\n",
3910 atomic_read(&po->mapped));
3912 mutex_unlock(&po->pg_vec_lock);
3914 spin_lock(&po->bind_lock);
3917 register_prot_hook(sk);
3919 spin_unlock(&po->bind_lock);
3920 if (closing && (po->tp_version > TPACKET_V2)) {
3921 /* Because we don't support block-based V3 on tx-ring */
3923 prb_shutdown_retire_blk_timer(po, tx_ring, rb_queue);
3928 free_pg_vec(pg_vec, order, req->tp_block_nr);
3933 static int packet_mmap(struct file *file, struct socket *sock,
3934 struct vm_area_struct *vma)
3936 struct sock *sk = sock->sk;
3937 struct packet_sock *po = pkt_sk(sk);
3938 unsigned long size, expected_size;
3939 struct packet_ring_buffer *rb;
3940 unsigned long start;
3947 mutex_lock(&po->pg_vec_lock);
3950 for (rb = &po->rx_ring; rb <= &po->tx_ring; rb++) {
3952 expected_size += rb->pg_vec_len
3958 if (expected_size == 0)
3961 size = vma->vm_end - vma->vm_start;
3962 if (size != expected_size)
3965 start = vma->vm_start;
3966 for (rb = &po->rx_ring; rb <= &po->tx_ring; rb++) {
3967 if (rb->pg_vec == NULL)
3970 for (i = 0; i < rb->pg_vec_len; i++) {
3972 void *kaddr = rb->pg_vec[i].buffer;
3975 for (pg_num = 0; pg_num < rb->pg_vec_pages; pg_num++) {
3976 page = pgv_to_page(kaddr);
3977 err = vm_insert_page(vma, start, page);
3986 atomic_inc(&po->mapped);
3987 vma->vm_ops = &packet_mmap_ops;
3991 mutex_unlock(&po->pg_vec_lock);
3995 static const struct proto_ops packet_ops_spkt = {
3996 .family = PF_PACKET,
3997 .owner = THIS_MODULE,
3998 .release = packet_release,
3999 .bind = packet_bind_spkt,
4000 .connect = sock_no_connect,
4001 .socketpair = sock_no_socketpair,
4002 .accept = sock_no_accept,
4003 .getname = packet_getname_spkt,
4004 .poll = datagram_poll,
4005 .ioctl = packet_ioctl,
4006 .listen = sock_no_listen,
4007 .shutdown = sock_no_shutdown,
4008 .setsockopt = sock_no_setsockopt,
4009 .getsockopt = sock_no_getsockopt,
4010 .sendmsg = packet_sendmsg_spkt,
4011 .recvmsg = packet_recvmsg,
4012 .mmap = sock_no_mmap,
4013 .sendpage = sock_no_sendpage,
4016 static const struct proto_ops packet_ops = {
4017 .family = PF_PACKET,
4018 .owner = THIS_MODULE,
4019 .release = packet_release,
4020 .bind = packet_bind,
4021 .connect = sock_no_connect,
4022 .socketpair = sock_no_socketpair,
4023 .accept = sock_no_accept,
4024 .getname = packet_getname,
4025 .poll = packet_poll,
4026 .ioctl = packet_ioctl,
4027 .listen = sock_no_listen,
4028 .shutdown = sock_no_shutdown,
4029 .setsockopt = packet_setsockopt,
4030 .getsockopt = packet_getsockopt,
4031 .sendmsg = packet_sendmsg,
4032 .recvmsg = packet_recvmsg,
4033 .mmap = packet_mmap,
4034 .sendpage = sock_no_sendpage,
4037 static const struct net_proto_family packet_family_ops = {
4038 .family = PF_PACKET,
4039 .create = packet_create,
4040 .owner = THIS_MODULE,
4043 static struct notifier_block packet_netdev_notifier = {
4044 .notifier_call = packet_notifier,
4047 #ifdef CONFIG_PROC_FS
4049 static void *packet_seq_start(struct seq_file *seq, loff_t *pos)
4052 struct net *net = seq_file_net(seq);
4055 return seq_hlist_start_head_rcu(&net->packet.sklist, *pos);
4058 static void *packet_seq_next(struct seq_file *seq, void *v, loff_t *pos)
4060 struct net *net = seq_file_net(seq);
4061 return seq_hlist_next_rcu(v, &net->packet.sklist, pos);
4064 static void packet_seq_stop(struct seq_file *seq, void *v)
4070 static int packet_seq_show(struct seq_file *seq, void *v)
4072 if (v == SEQ_START_TOKEN)
4073 seq_puts(seq, "sk RefCnt Type Proto Iface R Rmem User Inode\n");
4075 struct sock *s = sk_entry(v);
4076 const struct packet_sock *po = pkt_sk(s);
4079 "%pK %-6d %-4d %04x %-5d %1d %-6u %-6u %-6lu\n",
4081 atomic_read(&s->sk_refcnt),
4086 atomic_read(&s->sk_rmem_alloc),
4087 from_kuid_munged(seq_user_ns(seq), sock_i_uid(s)),
4094 static const struct seq_operations packet_seq_ops = {
4095 .start = packet_seq_start,
4096 .next = packet_seq_next,
4097 .stop = packet_seq_stop,
4098 .show = packet_seq_show,
4101 static int packet_seq_open(struct inode *inode, struct file *file)
4103 return seq_open_net(inode, file, &packet_seq_ops,
4104 sizeof(struct seq_net_private));
4107 static const struct file_operations packet_seq_fops = {
4108 .owner = THIS_MODULE,
4109 .open = packet_seq_open,
4111 .llseek = seq_lseek,
4112 .release = seq_release_net,
4117 static int __net_init packet_net_init(struct net *net)
4119 mutex_init(&net->packet.sklist_lock);
4120 INIT_HLIST_HEAD(&net->packet.sklist);
4122 if (!proc_create("packet", 0, net->proc_net, &packet_seq_fops))
4128 static void __net_exit packet_net_exit(struct net *net)
4130 remove_proc_entry("packet", net->proc_net);
4133 static struct pernet_operations packet_net_ops = {
4134 .init = packet_net_init,
4135 .exit = packet_net_exit,
4139 static void __exit packet_exit(void)
4141 unregister_netdevice_notifier(&packet_netdev_notifier);
4142 unregister_pernet_subsys(&packet_net_ops);
4143 sock_unregister(PF_PACKET);
4144 proto_unregister(&packet_proto);
4147 static int __init packet_init(void)
4149 int rc = proto_register(&packet_proto, 0);
4154 sock_register(&packet_family_ops);
4155 register_pernet_subsys(&packet_net_ops);
4156 register_netdevice_notifier(&packet_netdev_notifier);
4161 module_init(packet_init);
4162 module_exit(packet_exit);
4163 MODULE_LICENSE("GPL");
4164 MODULE_ALIAS_NETPROTO(PF_PACKET);