/* route_me_harder function, used by iptable_nat, iptable_mangle + ip_queue */
int ip_route_me_harder(struct sk_buff *skb, unsigned addr_type)
{
struct net *net = dev_net(skb_dst(skb)->dev);
const struct iphdr *iph = ip_hdr(skb);
struct rtable *rt;
struct flowi4 fl4 = {};
__be32 saddr = iph->saddr;
__u8 flags = skb->sk ? inet_sk_flowi_flags(skb->sk) : 0;
unsigned int hh_len;
if (addr_type == RTN_UNSPEC)
addr_type = inet_addr_type(net, saddr);
if (addr_type == RTN_LOCAL || addr_type == RTN_UNICAST)
flags |= FLOWI_FLAG_ANYSRC;
else
saddr = 0;
/* some non-standard hacks like ipt_REJECT.c:send_reset() can cause
* packets with foreign saddr to appear on the NF_INET_LOCAL_OUT hook.
*/
fl4.daddr = iph->daddr;
fl4.saddr = saddr;
fl4.flowi4_tos = RT_TOS(iph->tos);
fl4.flowi4_oif = skb->sk ? skb->sk->sk_bound_dev_if : 0;
fl4.flowi4_mark = skb->mark;
fl4.flowi4_flags = flags;
rt = ip_route_output_key(net, &fl4);
if (IS_ERR(rt))
return -1;
/* Drop old route. */
skb_dst_drop(skb);
skb_dst_set(skb, &rt->dst);
if (skb_dst(skb)->error)
return -1;
#ifdef CONFIG_XFRM
if (!(IPCB(skb)->flags & IPSKB_XFRM_TRANSFORMED) &&
xfrm_decode_session(skb, flowi4_to_flowi(&fl4), AF_INET) == 0) {
struct dst_entry *dst = skb_dst(skb);
skb_dst_set(skb, NULL);
dst = xfrm_lookup(net, dst, flowi4_to_flowi(&fl4), skb->sk, 0);
if (IS_ERR(dst))
return -1;
skb_dst_set(skb, dst);
}
#endif
/* Change in oif may mean change in hh_len. */
hh_len = skb_dst(skb)->dev->hard_header_len;
if (skb_headroom(skb) < hh_len &&
pskb_expand_head(skb, HH_DATA_ALIGN(hh_len - skb_headroom(skb)),
0, GFP_ATOMIC))
return -1;
return 0;
}
/*
This will route a SYN-ACK, i.e., the response to a request to open a
new connection.
*/
struct dst_entry *serval_ipv4_req_route(struct sock *sk,
struct request_sock *rsk,
int protocol,
u32 saddr,
u32 daddr)
{
struct rtable *rt;
struct ip_options *opt = NULL; /* inet_rsk(req)->opt; */
struct flowi fl;
serval_flow_init_output(&fl, sk->sk_bound_dev_if, sk->sk_mark,
RT_CONN_FLAGS(sk), 0, protocol,
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,28))
inet_sk_flowi_flags(sk),
#else
0,
#endif
daddr, saddr, 0, 0);
serval_security_req_classify_flow(rsk, &fl);
rt = serval_ip_route_output_flow(sock_net(sk), &fl, sk, 0);
if (!rt)
goto no_route;
if (opt && opt->is_strictroute && rt->rt_dst != rt->rt_gateway)
goto route_err;
return route_dst(rt);
route_err:
ip_rt_put(rt);
no_route:
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,25))
IP_INC_STATS_BH(sock_net(sk), IPSTATS_MIB_OUTNOROUTES);
#else
IP_INC_STATS(IPSTATS_MIB_OUTNOROUTES);
#endif
return NULL;
}
static int raw_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
size_t len)
{
struct inet_sock *inet = inet_sk(sk);
struct ipcm_cookie ipc;
struct rtable *rt = NULL;
struct flowi4 fl4;
int free = 0;
__be32 daddr;
__be32 saddr;
u8 tos;
int err;
struct ip_options_data opt_copy;
err = -EMSGSIZE;
if (len > 0xFFFF)
goto out;
/*
* Check the flags.
*/
err = -EOPNOTSUPP;
if (msg->msg_flags & MSG_OOB) /* Mirror BSD error message */
goto out; /* compatibility */
/*
* Get and verify the address.
*/
if (msg->msg_namelen) {
struct sockaddr_in *usin = (struct sockaddr_in *)msg->msg_name;
err = -EINVAL;
if (msg->msg_namelen < sizeof(*usin))
goto out;
if (usin->sin_family != AF_INET) {
pr_info_once("%s: %s forgot to set AF_INET. Fix it!\n",
__func__, current->comm);
err = -EAFNOSUPPORT;
if (usin->sin_family)
goto out;
}
daddr = usin->sin_addr.s_addr;
/* ANK: I did not forget to get protocol from port field.
* I just do not know, who uses this weirdness.
* IP_HDRINCL is much more convenient.
*/
} else {
err = -EDESTADDRREQ;
if (sk->sk_state != TCP_ESTABLISHED)
goto out;
daddr = inet->inet_daddr;
}
ipc.addr = inet->inet_saddr;
ipc.opt = NULL;
ipc.tx_flags = 0;
ipc.oif = sk->sk_bound_dev_if;
if (msg->msg_controllen) {
err = ip_cmsg_send(sock_net(sk), msg, &ipc);
if (err)
goto out;
if (ipc.opt)
free = 1;
}
saddr = ipc.addr;
ipc.addr = daddr;
if (!ipc.opt) {
struct ip_options_rcu *inet_opt;
rcu_read_lock();
inet_opt = rcu_dereference(inet->inet_opt);
if (inet_opt) {
memcpy(&opt_copy, inet_opt,
sizeof(*inet_opt) + inet_opt->opt.optlen);
ipc.opt = &opt_copy.opt;
}
rcu_read_unlock();
}
if (ipc.opt) {
err = -EINVAL;
/* Linux does not mangle headers on raw sockets,
* so that IP options + IP_HDRINCL is non-sense.
*/
if (inet->hdrincl)
goto done;
if (ipc.opt->opt.srr) {
if (!daddr)
goto done;
daddr = ipc.opt->opt.faddr;
}
}
tos = RT_CONN_FLAGS(sk);
if (msg->msg_flags & MSG_DONTROUTE)
tos |= RTO_ONLINK;
if (ipv4_is_multicast(daddr)) {
if (!ipc.oif)
ipc.oif = inet->mc_index;
if (!saddr)
saddr = inet->mc_addr;
} else if (!ipc.oif)
ipc.oif = inet->uc_index;
flowi4_init_output(&fl4, ipc.oif, sk->sk_mark, tos,
RT_SCOPE_UNIVERSE,
inet->hdrincl ? IPPROTO_RAW : sk->sk_protocol,
inet_sk_flowi_flags(sk) | FLOWI_FLAG_CAN_SLEEP |
(inet->hdrincl ? FLOWI_FLAG_KNOWN_NH : 0),
daddr, saddr, 0, 0,
sock_i_uid(sk));
if (!inet->hdrincl) {
err = raw_probe_proto_opt(&fl4, msg);
if (err)
goto done;
}
security_sk_classify_flow(sk, flowi4_to_flowi(&fl4));
rt = ip_route_output_flow(sock_net(sk), &fl4, sk);
if (IS_ERR(rt)) {
err = PTR_ERR(rt);
rt = NULL;
goto done;
}
err = -EACCES;
if (rt->rt_flags & RTCF_BROADCAST && !sock_flag(sk, SOCK_BROADCAST))
goto done;
if (msg->msg_flags & MSG_CONFIRM)
goto do_confirm;
back_from_confirm:
if (inet->hdrincl)
err = raw_send_hdrinc(sk, &fl4, msg->msg_iov, len,
&rt, msg->msg_flags);
else {
if (!ipc.addr)
ipc.addr = fl4.daddr;
lock_sock(sk);
err = ip_append_data(sk, &fl4, ip_generic_getfrag,
msg->msg_iov, len, 0,
&ipc, &rt, msg->msg_flags);
if (err)
ip_flush_pending_frames(sk);
else if (!(msg->msg_flags & MSG_MORE)) {
err = ip_push_pending_frames(sk, &fl4);
if (err == -ENOBUFS && !inet->recverr)
err = 0;
}
release_sock(sk);
}
done:
if (free)
kfree(ipc.opt);
ip_rt_put(rt);
out:
if (err < 0)
return err;
return len;
do_confirm:
dst_confirm(&rt->dst);
if (!(msg->msg_flags & MSG_PROBE) || len)
goto back_from_confirm;
err = 0;
goto done;
}
/* route_me_harder function, used by iptable_nat, iptable_mangle + ip_queue */
int ip_route_me_harder(struct sk_buff *skb, unsigned addr_type)
{
struct net *net = dev_net(skb_dst(skb)->dev);
const struct iphdr *iph = ip_hdr(skb);
struct rtable *rt;
struct flowi fl = {};
unsigned long orefdst;
unsigned int hh_len;
unsigned int type;
type = inet_addr_type(net, iph->saddr);
if (skb->sk && inet_sk(skb->sk)->transparent)
type = RTN_LOCAL;
if (addr_type == RTN_UNSPEC)
addr_type = type;
/* some non-standard hacks like ipt_REJECT.c:send_reset() can cause
* packets with foreign saddr to appear on the NF_INET_LOCAL_OUT hook.
*/
if (addr_type == RTN_LOCAL) {
fl.fl4_dst = iph->daddr;
if (type == RTN_LOCAL)
fl.fl4_src = iph->saddr;
fl.fl4_tos = RT_TOS(iph->tos);
fl.oif = skb->sk ? skb->sk->sk_bound_dev_if : 0;
fl.mark = skb->mark;
fl.flags = skb->sk ? inet_sk_flowi_flags(skb->sk) : 0;
if (ip_route_output_key(net, &rt, &fl) != 0)
return -1;
/* Drop old route. */
skb_dst_drop(skb);
skb_dst_set(skb, &rt->dst);
} else {
/* non-local src, find valid iif to satisfy
* rp-filter when calling ip_route_input. */
fl.fl4_dst = iph->saddr;
if (ip_route_output_key(net, &rt, &fl) != 0)
return -1;
orefdst = skb->_skb_refdst;
if (ip_route_input(skb, iph->daddr, iph->saddr,
RT_TOS(iph->tos), rt->dst.dev) != 0) {
dst_release(&rt->dst);
return -1;
}
dst_release(&rt->dst);
refdst_drop(orefdst);
}
if (skb_dst(skb)->error)
return -1;
#ifdef CONFIG_XFRM
if (!(IPCB(skb)->flags & IPSKB_XFRM_TRANSFORMED) &&
xfrm_decode_session(skb, &fl, AF_INET) == 0) {
struct dst_entry *dst = skb_dst(skb);
skb_dst_set(skb, NULL);
if (xfrm_lookup(net, &dst, &fl, skb->sk, 0))
return -1;
skb_dst_set(skb, dst);
}
#endif
/* Change in oif may mean change in hh_len. */
hh_len = skb_dst(skb)->dev->hard_header_len;
if (skb_headroom(skb) < hh_len &&
pskb_expand_head(skb, hh_len - skb_headroom(skb), 0, GFP_ATOMIC))
return -1;
return 0;
}
static int
mptp_sendmsg(struct kiocb *iocb, struct socket *sock,
struct msghdr *msg, size_t len)
{
int err;
uint16_t dport;
__be32 daddr;
__be32 saddr;
uint16_t sport;
struct sk_buff *skb;
struct sock *sk;
struct inet_sock *isk;
struct mptp_sock *ssk;
struct mptphdr *shdr;
int connected = 0;
int totlen;
struct rtable *rt = NULL;
int dests = 0;
int i;
struct sockaddr_mptp *mptp_addr = NULL;
int ret = 0;
if (unlikely(sock == NULL)) {
log_error("Sock is NULL\n");
err = -EINVAL;
goto out;
}
sk = sock->sk;
if (unlikely(sk == NULL)) {
log_error("Sock->sk is NULL\n");
err = -EINVAL;
goto out;
}
isk = inet_sk(sk);
ssk = mptp_sk(sk);
sport = ssk->src;
saddr = isk->inet_saddr;
if (sport == 0) {
sport = get_next_free_port();
if (unlikely(sport == 0)) {
log_error("No free ports\n");
err = -ENOMEM;
goto out;
}
}
if (msg->msg_name) {
mptp_addr = (struct sockaddr_mptp *)msg->msg_name;
if (unlikely
(msg->msg_namelen <
sizeof(*mptp_addr) +
mptp_addr->count * sizeof(struct mptp_dest)
|| mptp_addr->count <= 0)) {
log_error
("Invalid size for msg_name (size=%u, addr_count=%u)\n",
msg->msg_namelen, mptp_addr->count);
err = -EINVAL;
goto out;
}
dests = mptp_addr->count;
} else {
BUG();
if (unlikely(!ssk->dst || !isk->inet_daddr)) {
log_error("No destination port/address\n");
err = -EDESTADDRREQ;
goto out;
}
dport = ssk->dst;
daddr = isk->inet_daddr;
log_debug
("Got from socket destination port=%u and address=%u\n",
dport, daddr);
connected = 1;
}
if (msg->msg_iovlen < dests)
dests = msg->msg_iovlen;
for (i = 0; i < dests; i++) {
struct mptp_dest *dest = &mptp_addr->dests[i];
struct iovec *iov = &msg->msg_iov[i];
char *payload;
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 39)
struct flowi fl = {};
#endif
dport = ntohs(dest->port);
if (unlikely(dport == 0 || dport >= MAX_MPTP_PORT)) {
log_error("Invalid value for destination port(%u)\n",
dport);
err = -EINVAL;
goto out;
}
daddr = dest->addr;
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 39)
fl.u.ip4.saddr = saddr;
fl.u.ip4.daddr = daddr;
fl.flowi_proto = sk->sk_protocol;
fl.flowi_flags = inet_sk_flowi_flags(sk);
#endif
log_debug
("Received from user space destination port=%u and address=%u\n",
dport, daddr);
len = iov->iov_len;
totlen = len + sizeof(struct mptphdr) + sizeof(struct iphdr);
skb =
sock_alloc_send_skb(sk, totlen,
msg->msg_flags & MSG_DONTWAIT, &err);
if (unlikely(!skb)) {
log_error("sock_alloc_send_skb failed\n");
goto out;
}
log_debug("Allocated %u bytes for skb (payload size=%u)\n",
totlen, len);
skb_reset_network_header(skb);
skb_reserve(skb, sizeof(struct iphdr));
log_debug("Reseted network header\n");
skb_reset_transport_header(skb);
skb_put(skb, sizeof(struct mptphdr));
log_debug("Reseted transport header\n");
shdr = (struct mptphdr *)skb_transport_header(skb);
shdr->dst = htons(dport);
shdr->src = htons(sport);
shdr->len = htons(len + sizeof(struct mptphdr));
payload = skb_put(skb, len);
log_debug("payload=%p\n", payload);
err =
skb_copy_datagram_from_iovec(skb, sizeof(struct mptphdr),
iov, 0, len);
if (unlikely(err)) {
log_error("skb_copy_datagram_from_iovec failed\n");
goto out_free;
}
log_debug("Copied %u bytes into the skb\n", len);
if (connected)
rt = (struct rtable *)__sk_dst_check(sk, 0);
if (rt == NULL) {
log_debug("rt == NULL\n");
#if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 39)
struct flowi fl = {.fl4_dst = daddr,
.proto = sk->sk_protocol,
.flags = inet_sk_flowi_flags(sk),
};
err =
ip_route_output_flow(sock_net(sk), &rt, &fl, sk, 0);
if (unlikely(err)) {
log_error("Route lookup failed\n");
goto out_free;
}
#else
rt = ip_route_output_flow(sock_net(sk), &fl.u.ip4, sk);
log_debug("rt = %p\n", rt);
if (IS_ERR(rt)) {
log_error("Route lookup failed\n");
goto out_free;
}
#endif
#if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 36)
sk_dst_set(sk, dst_clone(&rt->u.dst));
#else
sk_dst_set(sk, dst_clone(&rt->dst));
#endif
}
log_debug("rt != NULL\n");
skb->local_df = 1;
#if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 39)
err = ip_queue_xmit(skb);
#else
err = ip_queue_xmit(skb, &fl);
#endif
if (likely(!err)) {
log_debug("Sent %u bytes on wire\n", len);
ret += len;
dest->bytes = len;
} else {
log_error("ip_queue_xmit failed\n");
dest->bytes = -1;
}
}
return ret;
out_free:
kfree(skb);
out:
return err;
}
int serval_ipv4_xmit(struct sk_buff *skb)
{
struct sock *sk = skb->sk;
int err = 0;
#if defined(OS_LINUX_KERNEL)
/*
This is pretty much a copy paste from ip_queue_xmit
(ip_output.c), but which modifications that take into
account Serval specific stuff.
It will route the packet according to the IP stack's routing
table and output for standard IP output processing.
*/
struct iphdr *iph;
struct rtable *rt;
struct inet_sock *inet = inet_sk(sk);
struct ip_options *opt = NULL; /*inet->inet_opt; */
int ifindex;
/*
The SAL has dirtied the control block that IP expects to be
zeroed out.
We need to make sure it is initialized again. Otherwise, there
might be stack corruptions when IP functions try to read the
IPCB. (This happens in, e.g., icmp_send when reading ip options.)
*/
memset(IPCB(skb), 0, sizeof(struct inet_skb_parm));
/*
* Skip all of this if the packet is already routed,
*/
rcu_read_lock();
rt = skb_rtable(skb);
if (rt != NULL) {
LOG_PKT("Packet already routed\n");
goto packet_routed;
}
/* Make sure we can route this packet. */
rt = (struct rtable *)__sk_dst_check(sk, 0);
if (skb->dev) {
ifindex = skb->dev->ifindex;
} else {
ifindex = sk->sk_bound_dev_if;
}
if (rt == NULL) {
struct flowi fl;
serval_flow_init_output(&fl, ifindex,
sk->sk_mark,
RT_CONN_FLAGS(sk), 0,
skb->protocol,
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,28))
inet_sk_flowi_flags(sk),
#else
0,
#endif
inet->inet_daddr,
inet->inet_saddr,
0, 0);
serval_security_sk_classify_flow(sk, &fl);
rt = serval_ip_route_output_flow(sock_net(sk), &fl, sk, 0);
if (!rt) {
LOG_DBG("No route!\n");
err = -EHOSTUNREACH;
rcu_read_unlock();
goto drop;
}
/* Setup the socket to use this route in the future */
sk_setup_caps(sk, route_dst(rt));
} else {
LOG_PKT("Using route already associated with socket\n");
}
#if defined(ENABLE_DEBUG)
{
char src[18], dst[18];
LOG_PKT("Route found %s -> %s %s\n",
inet_ntop(AF_INET, &rt->rt_src,
src, sizeof(src)),
inet_ntop(AF_INET, &rt->rt_dst,
dst, sizeof(dst)),
route_dst(rt)->dev ?
route_dst(rt)->dev->name : "(null)");
}
#endif
#if (LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 35))
skb_dst_set(skb, dst_clone(route_dst(rt)));
#else
skb_dst_set_noref(skb, route_dst(rt));
#endif
packet_routed:
if (opt && opt->is_strictroute && rt->rt_dst != rt->rt_gateway) {
err = -EHOSTUNREACH;
rcu_read_unlock();
LOG_DBG("dest is not gateway!\n");
goto drop;
}
/* OK, we know where to send it, allocate and build IP header. */
skb_push(skb, sizeof(struct iphdr) + (opt ? opt->optlen : 0));
skb_reset_network_header(skb);
iph = ip_hdr(skb);
*((__be16 *)iph) = htons((4 << 12) | (5 << 8) | (inet->tos & 0xff));
if (ip_dont_fragment(sk, route_dst(rt)) && !skb->local_df)
iph->frag_off = htons(IP_DF);
else
iph->frag_off = 0;
iph->ttl = ip_select_ttl(inet, route_dst(rt));
iph->protocol = skb->protocol;
iph->saddr = rt->rt_src;
iph->daddr = rt->rt_dst;
if (opt && opt->optlen) {
LOG_WARN("IP options not implemented\n");
/* For some reason, enabling the code below gives the
* error: "Unknown symbol ip_options_build (err 0)"
* when loading the serval.ko module. Seems the
* ip_options_build function is not exported.
*/
/*
iph->ihl += opt->optlen >> 2;
ip_options_build(skb, opt, inet->inet_daddr, rt, 0);
*/
}
ip_select_ident_more(iph, route_dst(rt), sk,
(skb_shinfo(skb)->gso_segs ?: 1) - 1);
skb->priority = sk->sk_priority;
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,25))
skb->mark = sk->sk_mark;
#endif
err = serval_ip_local_out(skb);
rcu_read_unlock();
#else
/*
FIXME: We should not rely on an outgoing interface here.
Instead, we should route the packet like we do in the
kernel. But, we currently do not have an IP routing table
for userlevel.
*/
if (!skb->dev)
skb->dev = __dev_get_by_index(sock_net(sk),
sk->sk_bound_dev_if);
if (!skb->dev) {
LOG_ERR("no output device set in skb!\n");
err = -ENODEV;
goto drop;
}
err = serval_ipv4_fill_in_hdr(sk, skb, inet_sk(sk)->inet_saddr,
inet_sk(sk)->inet_daddr);
if (err < 0) {
LOG_ERR("hdr failed\n");
goto drop;
}
/* Transmit */
err = serval_ip_local_out(skb);
#endif /* OS_LINUX_KERNEL */
out:
if (err < 0) {
LOG_ERR("xmit failed: %d\n", err);
}
return err;
drop:
LOG_DBG("Dropping skb!\n");
FREE_SKB(skb);
goto out;
}
