int ip_cmsg_send(struct net *net, struct msghdr *msg, struct ipcm_cookie *ipc)
{
int err;
struct cmsghdr *cmsg;
for (cmsg = CMSG_FIRSTHDR(msg); cmsg; cmsg = CMSG_NXTHDR(msg, cmsg)) {
if (!CMSG_OK(msg, cmsg))
return -EINVAL;
if (cmsg->cmsg_level != SOL_IP)
continue;
switch (cmsg->cmsg_type) {
case IP_RETOPTS:
err = cmsg->cmsg_len - CMSG_ALIGN(sizeof(struct cmsghdr));
err = ip_options_get(net, &ipc->opt, CMSG_DATA(cmsg),
err < 40 ? err : 40);
if (err)
return err;
break;
case IP_PKTINFO:
{
struct in_pktinfo *info;
if (cmsg->cmsg_len != CMSG_LEN(sizeof(struct in_pktinfo)))
return -EINVAL;
info = (struct in_pktinfo *)CMSG_DATA(cmsg);
ipc->oif = info->ipi_ifindex;
ipc->addr = info->ipi_spec_dst.s_addr;
break;
}
default:
return -EINVAL;
}
}
return 0;
}
struct cmsghdr *
__cmsg_nxthdr (struct msghdr *mhdr, struct cmsghdr *cmsg)
{
if ((size_t) cmsg->cmsg_len < sizeof (struct cmsghdr))
/* The kernel header does this so there may be a reason. */
return NULL;
cmsg = (struct cmsghdr *) ((unsigned char *) cmsg
+ CMSG_ALIGN (cmsg->cmsg_len));
if ((unsigned char *) (cmsg + 1) > ((unsigned char *) mhdr->msg_control
+ mhdr->msg_controllen)
|| ((unsigned char *) cmsg + CMSG_ALIGN (cmsg->cmsg_len)
> ((unsigned char *) mhdr->msg_control + mhdr->msg_controllen)))
/* No more entries. */
return NULL;
return cmsg;
}
cmsghdr* cmsg_nxthdr(msghdr* msg, cmsghdr* cmsg) {
cmsghdr* ptr;
ptr = reinterpret_cast<cmsghdr*>(reinterpret_cast<char*>(cmsg) + CMSG_ALIGN(cmsg->cmsg_len));
size_t len = reinterpret_cast<char*>(ptr+1) - reinterpret_cast<char*>(msg->msg_control);
if (len > msg->msg_controllen) {
return NULL;
}
return ptr;
}
/*
* The function __cmsg_nxthd() is missing in Android 4.4, but the Android NDK
* header files in the version we are using are referencing it and we use it in
* our code, this functions was added in version 5.0. To make IoTivity
* dynamically loadable at load time on Android KitKat 4.4 add this functions
* as a weak symbol, so it will be used if the c lib does not provide it, like
* on Android < 5.0 This code was taken from these two resources:
* https://raw.githubusercontent.com/android/platform_bionic/master/libc/bionic/__cmsg_nxthdr.cpp
* https://github.com/android/platform_bionic/commit/ff64831b0965c16c95c9f81a148f30a6ef3a6c64
*/
struct cmsghdr* __attribute__((weak)) __cmsg_nxthdr(struct msghdr* msg, struct cmsghdr* cmsg)
{
struct cmsghdr* ptr;
ptr = (struct cmsghdr*)(((unsigned char*) cmsg) + CMSG_ALIGN(cmsg->cmsg_len));
size_t len = (unsigned long)((char*)(ptr+1) - (char*) msg->msg_control);
if (len > msg->msg_controllen) {
return NULL;
}
return ptr;
}
/*
* Adjust for a truncated SCM_RIGHTS control message.
* This means closing any file descriptors that aren't present
* in the returned buffer.
* m is the mbuf holding the (already externalized) SCM_RIGHTS message.
*/
static void
free_rights(struct mbuf *m)
{
struct cmsghdr *cm;
int *fdv;
unsigned int nfds, i;
KASSERT(sizeof(*cm) <= m->m_len);
cm = mtod(m, struct cmsghdr *);
KASSERT(CMSG_ALIGN(sizeof(*cm)) <= cm->cmsg_len);
KASSERT(cm->cmsg_len <= m->m_len);
nfds = (cm->cmsg_len - CMSG_ALIGN(sizeof(*cm))) / sizeof(int);
fdv = (int *)CMSG_DATA(cm);
for (i = 0; i < nfds; i++)
if (fd_getfile(fdv[i]) != NULL)
(void)fd_close(fdv[i]);
}
inline struct cmsghdr * fixed_uclibc_cmsg_nxthdr(void *__ctl, __kernel_size_t __size,
struct cmsghdr *__cmsg)
{
struct cmsghdr * __ptr;
__ptr = (struct cmsghdr*)(((unsigned char *) __cmsg) + CMSG_ALIGN(__cmsg->cmsg_len));
if ((unsigned long)((char*)(__ptr+1) - (char *) __ctl) > __size)
return (struct cmsghdr *)0;
return __ptr;
}
static struct cmsghdr *__cmsg_nxthdr_fix(void *__ctl, size_t __size,
struct cmsghdr *__cmsg)
{
struct cmsghdr *__ptr;
__ptr = (struct cmsghdr *) (((unsigned char *) __cmsg) +
CMSG_ALIGN(__cmsg->cmsg_len));
if ((unsigned long) ((char *) (__ptr + 1) - (char *) __ctl) > __size)
return NULL;
return __ptr;
}
int main(int argc, char *argv[])
{
fprintf(stdout, "CMSG_ALIGN:%ld\n", (long)CMSG_ALIGN(sizeof(int)));
fprintf(stdout, "CMSG_SPACE:%ld\n", (long)CMSG_SPACE(sizeof(int)));
fprintf(stdout, "CMSG_LEN:%ld\n", (long)CMSG_LEN(sizeof(int)));
fprintf(stdout, "sizeof cmsg :%ld\n", (long)sizeof(struct cmsghdr));
#if 0
#define CMSG_ALIGN(len) ( ((len)+sizeof(long)-1) & ~(sizeof(long)-1) )
#define CMSG_SPACE(len) (CMSG_ALIGN(sizeof(struct cmsghdr)) + CMSG_ALIGN(len))
#define CMSG_LEN(len) (CMSG_ALIGN(sizeof(struct cmsghdr)) + (len))
#endif
return 0;
}
static int scm_fp_copy(struct cmsghdr *cmsg, struct scm_fp_list **fplp)
{
int *fdp = (int*)CMSG_DATA(cmsg);
struct scm_fp_list *fpl = *fplp;
struct file **fpp;
int i, num;
num = (cmsg->cmsg_len - CMSG_ALIGN(sizeof(struct cmsghdr)))/sizeof(int);
if (num <= 0)
return 0;
if (num > SCM_MAX_FD)
return -EINVAL;
if (!fpl)
{
fpl = kmalloc(sizeof(struct scm_fp_list), GFP_KERNEL);
if (!fpl)
return -ENOMEM;
*fplp = fpl;
fpl->count = 0;
fpl->max = SCM_MAX_FD;
fpl->user = NULL;
}
fpp = &fpl->fp[fpl->count];
if (fpl->count + num > fpl->max)
return -EINVAL;
/*
* Verify the descriptors and increment the usage count.
*/
for (i=0; i< num; i++)
{
int fd = fdp[i];
struct file *file;
if (fd < 0 || !(file = fget_raw(fd)))
return -EBADF;
*fpp++ = file;
fpl->count++;
}
if (!fpl->user)
fpl->user = get_uid(current_user());
return num;
}
/**
* Put a portion of ancillary data into msg ancillary data buffer.
*
* man cmsg says: Use CMSG_FIRSTHDR() on the msghdr to get the first
* control message and CMSG_NEXTHDR() to get all subsequent ones. In
* each control message, initialize cmsg_len (with CMSG_LEN()), the
* other cmsghdr header fields, and the data portion using
* CMSG_DATA(). Finally, the msg_controllen field of the msghdr
* should be set to the sum of the CMSG_SPACE() of the length of all
* control messages in the buffer.
*/
void ci_put_cmsg(struct cmsg_state *cmsg_state,
int level, int type, socklen_t len, const void* data)
{
int data_space, data_len = len;
/* Calls to CMSG_FIRSTHDR and CMSG_NEXTHDR already check that there
* is enough space for the cmsghdr itself, so just need to check
* that it is != NULL here
*/
if( cmsg_state->msg->msg_flags & MSG_CTRUNC )
return;
if( cmsg_state->cm == NULL ) {
cmsg_state->msg->msg_flags |= MSG_CTRUNC;
return;
}
data_space = ((unsigned char*)cmsg_state->msg->msg_control +
cmsg_state->msg->msg_controllen) -
(unsigned char*)CMSG_DATA(cmsg_state->cm);
if( data_space < 0 ) {
cmsg_state->msg->msg_flags |= MSG_CTRUNC;
return;
}
if( data_len > data_space ) {
cmsg_state->msg->msg_flags |= MSG_CTRUNC;
data_len = data_space;
}
cmsg_state->cm->cmsg_len = CMSG_LEN(data_len);
cmsg_state->cm->cmsg_level = level;
cmsg_state->cm->cmsg_type = type;
memcpy(CMSG_DATA(cmsg_state->cm), data, data_len);
cmsg_state->cmsg_bytes_used += CMSG_SPACE(data_len);
if( cmsg_state->msg->msg_flags & MSG_CTRUNC )
return;
#if !defined(NEED_A_WORKAROUND_FOR_GLIBC_BUG_13500) || defined(__KERNEL__)
cmsg_state->cm = CMSG_NXTHDR(cmsg_state->msg, cmsg_state->cm);
#else
/* space has been already checked so just updating ptr */
cmsg_state->cm = (struct cmsghdr*)(((char*)(cmsg_state->cm))
+ (CMSG_ALIGN(cmsg_state->cm->cmsg_len)));
#endif
}
static int
__msgwrite (int sock, void *data, size_t cnt)
{
#ifndef SCM_CREDENTIALS
/* We cannot implement this reliably. */
__set_errno (ENOSYS);
return -1;
#else
struct iovec iov;
struct msghdr msg;
struct cmsghdr *cmsg = &cm.cmsg;
struct ucred cred;
int len;
/* XXX I'm not sure, if gete?id() is always correct, or if we should use
get?id(). But since keyserv needs geteuid(), we have no other chance.
It would be much better, if the kernel could pass both to the server. */
cred.pid = __getpid ();
cred.uid = __geteuid ();
cred.gid = __getegid ();
memcpy (CMSG_DATA(cmsg), &cred, sizeof (struct ucred));
cmsg->cmsg_level = SOL_SOCKET;
cmsg->cmsg_type = SCM_CREDENTIALS;
cmsg->cmsg_len = sizeof(*cmsg) + sizeof(struct ucred);
iov.iov_base = data;
iov.iov_len = cnt;
msg.msg_iov = &iov;
msg.msg_iovlen = 1;
msg.msg_name = NULL;
msg.msg_namelen = 0;
msg.msg_control = cmsg;
msg.msg_controllen = CMSG_ALIGN(cmsg->cmsg_len);
msg.msg_flags = 0;
restart:
len = sendmsg (sock, &msg, 0);
if (len >= 0)
return len;
if (errno == EINTR)
goto restart;
return -1;
#endif
}
ssize_t
DaemonSocketPDU::Receive(int aFd)
{
struct iovec iv;
memset(&iv, 0, sizeof(iv));
iv.iov_base = GetData(0);
iv.iov_len = GetAvailableSpace();
uint8_t cmsgbuf[CMSG_SPACE(sizeof(int)* MAX_NFDS)];
struct msghdr msg;
memset(&msg, 0, sizeof(msg));
msg.msg_iov = &iv;
msg.msg_iovlen = 1;
msg.msg_control = cmsgbuf;
msg.msg_controllen = sizeof(cmsgbuf);
ssize_t res = TEMP_FAILURE_RETRY(recvmsg(aFd, &msg, MSG_NOSIGNAL));
if (res < 0) {
MOZ_ASSERT(errno != EBADF); /* internal error */
OnError("recvmsg", errno);
return -1;
}
if (msg.msg_flags & (MSG_CTRUNC | MSG_OOB | MSG_ERRQUEUE)) {
return -1;
}
SetRange(0, res);
struct cmsghdr* chdr = CMSG_FIRSTHDR(&msg);
for (; chdr; chdr = CMSG_NXTHDR(&msg, chdr)) {
if (NS_WARN_IF(!CMSGHDR_CONTAINS_FD(chdr))) {
continue;
}
// Retrieve sent file descriptors.
size_t fdCount = (chdr->cmsg_len - CMSG_ALIGN(sizeof(struct cmsghdr))) / sizeof(int);
for (size_t i = 0; i < fdCount; i++) {
int* receivedFd = static_cast<int*>(CMSG_DATA(chdr)) + i;
mReceivedFds.AppendElement(*receivedFd);
}
}
return res;
}
static int scm_fp_copy(struct cmsghdr *cmsg, struct scm_fp_list **fplp)
{
int *fdp = (int*)CMSG_DATA(cmsg);
struct scm_fp_list *fpl = *fplp;
struct file **fpp;
int i, num;
num = (cmsg->cmsg_len - CMSG_ALIGN(sizeof(struct cmsghdr)))/sizeof(int);
if (num <= 0)
return 0;
if (num > SCM_MAX_FD)
return -EINVAL;
if (!fpl)
{
fpl = kmalloc(sizeof(struct scm_fp_list), GFP_KERNEL);
if (!fpl)
return -ENOMEM;
*fplp = fpl;
fpl->count = 0;
<<<<<<< HEAD
static int
udp_output(struct inpcb *inp, struct mbuf *m, struct sockaddr *addr,
struct mbuf *control, struct thread *td)
{
struct udpiphdr *ui;
int len = m->m_pkthdr.len;
struct in_addr faddr, laddr;
struct cmsghdr *cm;
struct inpcbinfo *pcbinfo;
struct sockaddr_in *sin, src;
int cscov_partial = 0;
int error = 0;
int ipflags;
u_short fport, lport;
int unlock_udbinfo;
u_char tos;
uint8_t pr;
uint16_t cscov = 0;
/*
* udp_output() may need to temporarily bind or connect the current
* inpcb. As such, we don't know up front whether we will need the
* pcbinfo lock or not. Do any work to decide what is needed up
* front before acquiring any locks.
*/
if (len + sizeof(struct udpiphdr) > IP_MAXPACKET) {
if (control)
m_freem(control);
m_freem(m);
return (EMSGSIZE);
}
src.sin_family = 0;
INP_RLOCK(inp);
tos = inp->inp_ip_tos;
if (control != NULL) {
/*
* XXX: Currently, we assume all the optional information is
* stored in a single mbuf.
*/
if (control->m_next) {
INP_RUNLOCK(inp);
m_freem(control);
m_freem(m);
return (EINVAL);
}
for (; control->m_len > 0;
control->m_data += CMSG_ALIGN(cm->cmsg_len),
control->m_len -= CMSG_ALIGN(cm->cmsg_len)) {
cm = mtod(control, struct cmsghdr *);
if (control->m_len < sizeof(*cm) || cm->cmsg_len == 0
|| cm->cmsg_len > control->m_len) {
error = EINVAL;
break;
}
if (cm->cmsg_level != IPPROTO_IP)
continue;
switch (cm->cmsg_type) {
case IP_SENDSRCADDR:
if (cm->cmsg_len !=
CMSG_LEN(sizeof(struct in_addr))) {
error = EINVAL;
break;
}
bzero(&src, sizeof(src));
src.sin_family = AF_INET;
src.sin_len = sizeof(src);
src.sin_port = inp->inp_lport;
src.sin_addr =
*(struct in_addr *)CMSG_DATA(cm);
break;
case IP_TOS:
if (cm->cmsg_len != CMSG_LEN(sizeof(u_char))) {
error = EINVAL;
break;
}
tos = *(u_char *)CMSG_DATA(cm);
break;
default:
error = ENOPROTOOPT;
break;
}
if (error)
break;
}
m_freem(control);
}
if (error) {
INP_RUNLOCK(inp);
m_freem(m);
return (error);
}
/*
* Depending on whether or not the application has bound or connected
* the socket, we may have to do varying levels of work. The optimal
* case is for a connected UDP socket, as a global lock isn't
* required at all.
*
* In order to decide which we need, we require stability of the
* inpcb binding, which we ensure by acquiring a read lock on the
* inpcb. This doesn't strictly follow the lock order, so we play
* the trylock and retry game; note that we may end up with more
* conservative locks than required the second time around, so later
* assertions have to accept that. Further analysis of the number of
* misses under contention is required.
*
* XXXRW: Check that hash locking update here is correct.
*/
pr = inp->inp_socket->so_proto->pr_protocol;
pcbinfo = get_inpcbinfo(pr);
sin = (struct sockaddr_in *)addr;
if (sin != NULL &&
(inp->inp_laddr.s_addr == INADDR_ANY && inp->inp_lport == 0)) {
INP_RUNLOCK(inp);
INP_WLOCK(inp);
INP_HASH_WLOCK(pcbinfo);
unlock_udbinfo = UH_WLOCKED;
} else if ((sin != NULL && (
(sin->sin_addr.s_addr == INADDR_ANY) ||
(sin->sin_addr.s_addr == INADDR_BROADCAST) ||
(inp->inp_laddr.s_addr == INADDR_ANY) ||
(inp->inp_lport == 0))) ||
(src.sin_family == AF_INET)) {
INP_HASH_RLOCK(pcbinfo);
unlock_udbinfo = UH_RLOCKED;
} else
unlock_udbinfo = UH_UNLOCKED;
/*
* If the IP_SENDSRCADDR control message was specified, override the
* source address for this datagram. Its use is invalidated if the
* address thus specified is incomplete or clobbers other inpcbs.
*/
laddr = inp->inp_laddr;
lport = inp->inp_lport;
if (src.sin_family == AF_INET) {
INP_HASH_LOCK_ASSERT(pcbinfo);
if ((lport == 0) ||
(laddr.s_addr == INADDR_ANY &&
src.sin_addr.s_addr == INADDR_ANY)) {
error = EINVAL;
goto release;
}
error = in_pcbbind_setup(inp, (struct sockaddr *)&src,
&laddr.s_addr, &lport, td->td_ucred);
if (error)
goto release;
}
/*
* If a UDP socket has been connected, then a local address/port will
* have been selected and bound.
*
* If a UDP socket has not been connected to, then an explicit
* destination address must be used, in which case a local
* address/port may not have been selected and bound.
*/
if (sin != NULL) {
INP_LOCK_ASSERT(inp);
if (inp->inp_faddr.s_addr != INADDR_ANY) {
error = EISCONN;
goto release;
}
/*
* Jail may rewrite the destination address, so let it do
* that before we use it.
*/
error = prison_remote_ip4(td->td_ucred, &sin->sin_addr);
if (error)
goto release;
/*
* If a local address or port hasn't yet been selected, or if
* the destination address needs to be rewritten due to using
* a special INADDR_ constant, invoke in_pcbconnect_setup()
* to do the heavy lifting. Once a port is selected, we
* commit the binding back to the socket; we also commit the
* binding of the address if in jail.
*
* If we already have a valid binding and we're not
* requesting a destination address rewrite, use a fast path.
*/
if (inp->inp_laddr.s_addr == INADDR_ANY ||
inp->inp_lport == 0 ||
sin->sin_addr.s_addr == INADDR_ANY ||
sin->sin_addr.s_addr == INADDR_BROADCAST) {
INP_HASH_LOCK_ASSERT(pcbinfo);
error = in_pcbconnect_setup(inp, addr, &laddr.s_addr,
&lport, &faddr.s_addr, &fport, NULL,
td->td_ucred);
if (error)
goto release;
/*
* XXXRW: Why not commit the port if the address is
* !INADDR_ANY?
*/
/* Commit the local port if newly assigned. */
if (inp->inp_laddr.s_addr == INADDR_ANY &&
inp->inp_lport == 0) {
INP_WLOCK_ASSERT(inp);
INP_HASH_WLOCK_ASSERT(pcbinfo);
/*
* Remember addr if jailed, to prevent
* rebinding.
*/
if (prison_flag(td->td_ucred, PR_IP4))
inp->inp_laddr = laddr;
inp->inp_lport = lport;
if (in_pcbinshash(inp) != 0) {
inp->inp_lport = 0;
error = EAGAIN;
goto release;
}
inp->inp_flags |= INP_ANONPORT;
}
} else {
faddr = sin->sin_addr;
fport = sin->sin_port;
}
} else {
INP_LOCK_ASSERT(inp);
faddr = inp->inp_faddr;
fport = inp->inp_fport;
if (faddr.s_addr == INADDR_ANY) {
error = ENOTCONN;
goto release;
}
}
/*
* Calculate data length and get a mbuf for UDP, IP, and possible
* link-layer headers. Immediate slide the data pointer back forward
* since we won't use that space at this layer.
*/
M_PREPEND(m, sizeof(struct udpiphdr) + max_linkhdr, M_NOWAIT);
if (m == NULL) {
error = ENOBUFS;
goto release;
}
m->m_data += max_linkhdr;
m->m_len -= max_linkhdr;
m->m_pkthdr.len -= max_linkhdr;
/*
* Fill in mbuf with extended UDP header and addresses and length put
* into network format.
*/
ui = mtod(m, struct udpiphdr *);
bzero(ui->ui_x1, sizeof(ui->ui_x1)); /* XXX still needed? */
ui->ui_pr = pr;
ui->ui_src = laddr;
ui->ui_dst = faddr;
ui->ui_sport = lport;
ui->ui_dport = fport;
ui->ui_ulen = htons((u_short)len + sizeof(struct udphdr));
if (pr == IPPROTO_UDPLITE) {
struct udpcb *up;
uint16_t plen;
up = intoudpcb(inp);
cscov = up->u_txcslen;
plen = (u_short)len + sizeof(struct udphdr);
if (cscov >= plen)
cscov = 0;
ui->ui_len = htons(plen);
ui->ui_ulen = htons(cscov);
/*
* For UDP-Lite, checksum coverage length of zero means
* the entire UDPLite packet is covered by the checksum.
*/
cscov_partial = (cscov == 0) ? 0 : 1;
} else
ui->ui_v = IPVERSION << 4;
/*
* Set the Don't Fragment bit in the IP header.
*/
if (inp->inp_flags & INP_DONTFRAG) {
struct ip *ip;
ip = (struct ip *)&ui->ui_i;
ip->ip_off |= htons(IP_DF);
}
ipflags = 0;
if (inp->inp_socket->so_options & SO_DONTROUTE)
ipflags |= IP_ROUTETOIF;
if (inp->inp_socket->so_options & SO_BROADCAST)
ipflags |= IP_ALLOWBROADCAST;
if (inp->inp_flags & INP_ONESBCAST)
ipflags |= IP_SENDONES;
#ifdef MAC
mac_inpcb_create_mbuf(inp, m);
#endif
/*
* Set up checksum and output datagram.
*/
ui->ui_sum = 0;
if (cscov_partial) {
if (inp->inp_flags & INP_ONESBCAST)
faddr.s_addr = INADDR_BROADCAST;
if ((ui->ui_sum = in_cksum(m, sizeof(struct ip) + cscov)) == 0)
ui->ui_sum = 0xffff;
} else if (V_udp_cksum || !cscov_partial) {
if (inp->inp_flags & INP_ONESBCAST)
faddr.s_addr = INADDR_BROADCAST;
ui->ui_sum = in_pseudo(ui->ui_src.s_addr, faddr.s_addr,
htons((u_short)len + sizeof(struct udphdr) + pr));
m->m_pkthdr.csum_flags = CSUM_UDP;
m->m_pkthdr.csum_data = offsetof(struct udphdr, uh_sum);
}
((struct ip *)ui)->ip_len = htons(sizeof(struct udpiphdr) + len);
((struct ip *)ui)->ip_ttl = inp->inp_ip_ttl; /* XXX */
((struct ip *)ui)->ip_tos = tos; /* XXX */
UDPSTAT_INC(udps_opackets);
if (unlock_udbinfo == UH_WLOCKED)
INP_HASH_WUNLOCK(pcbinfo);
else if (unlock_udbinfo == UH_RLOCKED)
INP_HASH_RUNLOCK(pcbinfo);
UDP_PROBE(send, NULL, inp, &ui->ui_i, inp, &ui->ui_u);
error = ip_output(m, inp->inp_options, NULL, ipflags,
inp->inp_moptions, inp);
if (unlock_udbinfo == UH_WLOCKED)
INP_WUNLOCK(inp);
else
INP_RUNLOCK(inp);
return (error);
release:
if (unlock_udbinfo == UH_WLOCKED) {
INP_HASH_WUNLOCK(pcbinfo);
INP_WUNLOCK(inp);
} else if (unlock_udbinfo == UH_RLOCKED) {
INP_HASH_RUNLOCK(pcbinfo);
INP_RUNLOCK(inp);
} else
INP_RUNLOCK(inp);
m_freem(m);
return (error);
}
/* There is a lot of hair here because the alignment rules (and
* thus placement) of cmsg headers and length are different for
* 32-bit apps. -DaveM
*/
int cmsghdr_from_user_compat_to_kern(struct msghdr *kmsg, struct sock *sk,
unsigned char *stackbuf, int stackbuf_size)
{
struct compat_cmsghdr __user *ucmsg;
struct cmsghdr *kcmsg, *kcmsg_base;
compat_size_t ucmlen;
__kernel_size_t kcmlen, tmp;
int err = -EFAULT;
kcmlen = 0;
kcmsg_base = kcmsg = (struct cmsghdr *)stackbuf;
ucmsg = CMSG_COMPAT_FIRSTHDR(kmsg);
while (ucmsg != NULL) {
if (get_user(ucmlen, &ucmsg->cmsg_len))
return -EFAULT;
/* Catch bogons. */
if (!CMSG_COMPAT_OK(ucmlen, ucmsg, kmsg))
return -EINVAL;
tmp = ((ucmlen - CMSG_COMPAT_ALIGN(sizeof(*ucmsg))) +
CMSG_ALIGN(sizeof(struct cmsghdr)));
tmp = CMSG_ALIGN(tmp);
kcmlen += tmp;
ucmsg = cmsg_compat_nxthdr(kmsg, ucmsg, ucmlen);
}
if (kcmlen == 0)
return -EINVAL;
/* The kcmlen holds the 64-bit version of the control length.
* It may not be modified as we do not stick it into the kmsg
* until we have successfully copied over all of the data
* from the user.
*/
if (kcmlen > stackbuf_size)
kcmsg_base = kcmsg = sock_kmalloc(sk, kcmlen, GFP_KERNEL);
if (kcmsg == NULL)
return -ENOBUFS;
/* Now copy them over neatly. */
memset(kcmsg, 0, kcmlen);
ucmsg = CMSG_COMPAT_FIRSTHDR(kmsg);
while (ucmsg != NULL) {
if (__get_user(ucmlen, &ucmsg->cmsg_len))
goto Efault;
if (!CMSG_COMPAT_OK(ucmlen, ucmsg, kmsg))
goto Einval;
tmp = ((ucmlen - CMSG_COMPAT_ALIGN(sizeof(*ucmsg))) +
CMSG_ALIGN(sizeof(struct cmsghdr)));
if ((char *)kcmsg_base + kcmlen - (char *)kcmsg < CMSG_ALIGN(tmp))
goto Einval;
kcmsg->cmsg_len = tmp;
tmp = CMSG_ALIGN(tmp);
if (__get_user(kcmsg->cmsg_level, &ucmsg->cmsg_level) ||
__get_user(kcmsg->cmsg_type, &ucmsg->cmsg_type) ||
copy_from_user(CMSG_DATA(kcmsg),
CMSG_COMPAT_DATA(ucmsg),
(ucmlen - CMSG_COMPAT_ALIGN(sizeof(*ucmsg)))))
goto Efault;
/* Advance. */
kcmsg = (struct cmsghdr *)((char *)kcmsg + tmp);
ucmsg = cmsg_compat_nxthdr(kmsg, ucmsg, ucmlen);
}
/* Ok, looks like we made it. Hook it up and return success. */
kmsg->msg_control = kcmsg_base;
kmsg->msg_controllen = kcmlen;
return 0;
Einval:
err = -EINVAL;
Efault:
if (kcmsg_base != (struct cmsghdr *)stackbuf)
sock_kfree_s(sk, kcmsg_base, kcmlen);
return err;
}
int ip_cmsg_send(struct sock *sk, struct msghdr *msg, struct ipcm_cookie *ipc,
bool allow_ipv6)
{
int err, val;
struct cmsghdr *cmsg;
struct net *net = sock_net(sk);
for_each_cmsghdr(cmsg, msg) {
if (!CMSG_OK(msg, cmsg))
return -EINVAL;
#if IS_ENABLED(CONFIG_IPV6)
if (allow_ipv6 &&
cmsg->cmsg_level == SOL_IPV6 &&
cmsg->cmsg_type == IPV6_PKTINFO) {
struct in6_pktinfo *src_info;
if (cmsg->cmsg_len < CMSG_LEN(sizeof(*src_info)))
return -EINVAL;
src_info = (struct in6_pktinfo *)CMSG_DATA(cmsg);
if (!ipv6_addr_v4mapped(&src_info->ipi6_addr))
return -EINVAL;
ipc->oif = src_info->ipi6_ifindex;
ipc->addr = src_info->ipi6_addr.s6_addr32[3];
continue;
}
#endif
if (cmsg->cmsg_level == SOL_SOCKET) {
err = __sock_cmsg_send(sk, msg, cmsg, &ipc->sockc);
if (err)
return err;
continue;
}
if (cmsg->cmsg_level != SOL_IP)
continue;
switch (cmsg->cmsg_type) {
case IP_RETOPTS:
err = cmsg->cmsg_len - CMSG_ALIGN(sizeof(struct cmsghdr));
/* Our caller is responsible for freeing ipc->opt */
err = ip_options_get(net, &ipc->opt, CMSG_DATA(cmsg),
err < 40 ? err : 40);
if (err)
return err;
break;
case IP_PKTINFO:
{
struct in_pktinfo *info;
if (cmsg->cmsg_len != CMSG_LEN(sizeof(struct in_pktinfo)))
return -EINVAL;
info = (struct in_pktinfo *)CMSG_DATA(cmsg);
ipc->oif = info->ipi_ifindex;
ipc->addr = info->ipi_spec_dst.s_addr;
break;
}
case IP_TTL:
if (cmsg->cmsg_len != CMSG_LEN(sizeof(int)))
return -EINVAL;
val = *(int *)CMSG_DATA(cmsg);
if (val < 1 || val > 255)
return -EINVAL;
ipc->ttl = val;
break;
case IP_TOS:
if (cmsg->cmsg_len != CMSG_LEN(sizeof(int)))
return -EINVAL;
val = *(int *)CMSG_DATA(cmsg);
if (val < 0 || val > 255)
return -EINVAL;
ipc->tos = val;
ipc->priority = rt_tos2priority(ipc->tos);
break;
default:
return -EINVAL;
}
}
return 0;
}
static struct ip6_flowlabel *
fl_create(struct net *net, struct sock *sk, struct in6_flowlabel_req *freq,
char __user *optval, int optlen, int *err_p)
{
struct ip6_flowlabel *fl = NULL;
int olen;
int addr_type;
int err;
olen = optlen - CMSG_ALIGN(sizeof(*freq));
err = -EINVAL;
if (olen > 64 * 1024)
goto done;
err = -ENOMEM;
fl = kzalloc(sizeof(*fl), GFP_KERNEL);
if (fl == NULL)
goto done;
if (olen > 0) {
struct msghdr msg;
struct flowi6 flowi6;
int junk;
err = -ENOMEM;
fl->opt = kmalloc(sizeof(*fl->opt) + olen, GFP_KERNEL);
if (fl->opt == NULL)
goto done;
memset(fl->opt, 0, sizeof(*fl->opt));
fl->opt->tot_len = sizeof(*fl->opt) + olen;
err = -EFAULT;
if (copy_from_user(fl->opt+1, optval+CMSG_ALIGN(sizeof(*freq)), olen))
goto done;
msg.msg_controllen = olen;
msg.msg_control = (void*)(fl->opt+1);
memset(&flowi6, 0, sizeof(flowi6));
err = datagram_send_ctl(net, sk, &msg, &flowi6, fl->opt, &junk,
&junk, &junk);
if (err)
goto done;
err = -EINVAL;
if (fl->opt->opt_flen)
goto done;
if (fl->opt->opt_nflen == 0) {
kfree(fl->opt);
fl->opt = NULL;
}
}
fl->fl_net = hold_net(net);
fl->expires = jiffies;
err = fl6_renew(fl, freq->flr_linger, freq->flr_expires);
if (err)
goto done;
fl->share = freq->flr_share;
addr_type = ipv6_addr_type(&freq->flr_dst);
if ((addr_type & IPV6_ADDR_MAPPED) ||
addr_type == IPV6_ADDR_ANY) {
err = -EINVAL;
goto done;
}
fl->dst = freq->flr_dst;
atomic_set(&fl->users, 1);
switch (fl->share) {
case IPV6_FL_S_EXCL:
case IPV6_FL_S_ANY:
break;
case IPV6_FL_S_PROCESS:
fl->owner = current->pid;
break;
case IPV6_FL_S_USER:
fl->owner = current_euid();
break;
default:
err = -EINVAL;
goto done;
}
return fl;
done:
fl_free(fl);
*err_p = err;
return NULL;
}
static bool_t
rendezvous_request (SVCXPRT *xprt, struct rpc_msg *errmsg)
{
int sock;
struct unix_rendezvous *r;
struct sockaddr_un addr;
struct sockaddr_in in_addr;
socklen_t len;
r = (struct unix_rendezvous *) xprt->xp_p1;
again:
len = sizeof (struct sockaddr_un);
if ((sock = accept (xprt->xp_sock, (struct sockaddr *) &addr, &len)) < 0)
{
if (errno == EINTR)
goto again;
if (errno == EMFILE)
{
struct timespec ts = { .tv_sec = 0, .tv_nsec = 50000000 };
__nanosleep(&ts , NULL);
}
return FALSE;
}
/*
* make a new transporter (re-uses xprt)
*/
memset (&in_addr, '\0', sizeof (in_addr));
in_addr.sin_family = AF_UNIX;
xprt = makefd_xprt (sock, r->sendsize, r->recvsize);
memcpy (&xprt->xp_raddr, &in_addr, sizeof (in_addr));
xprt->xp_addrlen = len;
return FALSE; /* there is never an rpc msg to be processed */
}
static enum xprt_stat
rendezvous_stat (SVCXPRT *xprt)
{
return XPRT_IDLE;
}
static void
svcunix_destroy (SVCXPRT *xprt)
{
struct unix_conn *cd = (struct unix_conn *) xprt->xp_p1;
xprt_unregister (xprt);
__close (xprt->xp_sock);
if (xprt->xp_port != 0)
{
/* a rendezvouser socket */
xprt->xp_port = 0;
}
else
{
/* an actual connection socket */
XDR_DESTROY (&(cd->xdrs));
}
mem_free ((caddr_t) cd, sizeof (struct unix_conn));
mem_free ((caddr_t) xprt, sizeof (SVCXPRT));
}
#ifdef SCM_CREDENTIALS
struct cmessage {
struct cmsghdr cmsg;
struct ucred cmcred;
/* hack to make sure we have enough memory */
char dummy[(CMSG_ALIGN (sizeof (struct ucred)) - sizeof (struct ucred) + sizeof (long))];
};
/* XXX This is not thread safe, but since the main functions in svc.c
and the rpcgen generated *_svc functions for the daemon are also not
thread safe and uses static global variables, it doesn't matter. */
static struct cmessage cm;
#endif
static int
__msgread (int sock, void *data, size_t cnt)
{
struct iovec iov;
struct msghdr msg;
int len;
iov.iov_base = data;
iov.iov_len = cnt;
msg.msg_iov = &iov;
msg.msg_iovlen = 1;
msg.msg_name = NULL;
msg.msg_namelen = 0;
#ifdef SCM_CREDENTIALS
msg.msg_control = (caddr_t) &cm;
msg.msg_controllen = sizeof (struct cmessage);
#endif
msg.msg_flags = 0;
#ifdef SO_PASSCRED
{
int on = 1;
if (__setsockopt (sock, SOL_SOCKET, SO_PASSCRED, &on, sizeof (on)))
return -1;
}
#endif
restart:
len = __recvmsg (sock, &msg, 0);
if (len >= 0)
{
if (msg.msg_flags & MSG_CTRUNC || len == 0)
return 0;
else
return len;
}
if (errno == EINTR)
goto restart;
return -1;
}
static int
__msgwrite (int sock, void *data, size_t cnt)
{
#ifndef SCM_CREDENTIALS
/* We cannot implement this reliably. */
__set_errno (ENOSYS);
return -1;
#else
struct iovec iov;
struct msghdr msg;
struct cmsghdr *cmsg = &cm.cmsg;
struct ucred cred;
int len;
/* XXX I'm not sure, if gete?id() is always correct, or if we should use
get?id(). But since keyserv needs geteuid(), we have no other chance.
It would be much better, if the kernel could pass both to the server. */
cred.pid = __getpid ();
cred.uid = __geteuid ();
cred.gid = __getegid ();
memcpy (CMSG_DATA(cmsg), &cred, sizeof (struct ucred));
cmsg->cmsg_level = SOL_SOCKET;
cmsg->cmsg_type = SCM_CREDENTIALS;
cmsg->cmsg_len = sizeof(*cmsg) + sizeof(struct ucred);
iov.iov_base = data;
iov.iov_len = cnt;
msg.msg_iov = &iov;
msg.msg_iovlen = 1;
msg.msg_name = NULL;
msg.msg_namelen = 0;
msg.msg_control = cmsg;
msg.msg_controllen = CMSG_ALIGN(cmsg->cmsg_len);
msg.msg_flags = 0;
restart:
len = __sendmsg (sock, &msg, 0);
if (len >= 0)
return len;
if (errno == EINTR)
goto restart;
return -1;
#endif
}
/*
* extract control messages from the sendmsg() control buffer
*/
static int rxrpc_sendmsg_cmsg(struct rxrpc_sock *rx, struct msghdr *msg,
unsigned long *user_call_ID,
enum rxrpc_command *command,
u32 *abort_code,
bool server)
{
struct cmsghdr *cmsg;
int len;
*command = RXRPC_CMD_SEND_DATA;
if (msg->msg_controllen == 0)
return -EINVAL;
for (cmsg = CMSG_FIRSTHDR(msg); cmsg; cmsg = CMSG_NXTHDR(msg, cmsg)) {
if (!CMSG_OK(msg, cmsg))
return -EINVAL;
len = cmsg->cmsg_len - CMSG_ALIGN(sizeof(struct cmsghdr));
_debug("CMSG %d, %d, %d",
cmsg->cmsg_level, cmsg->cmsg_type, len);
if (cmsg->cmsg_level != SOL_RXRPC)
continue;
switch (cmsg->cmsg_type) {
case RXRPC_USER_CALL_ID:
if (msg->msg_flags & MSG_CMSG_COMPAT) {
if (len != sizeof(u32))
return -EINVAL;
*user_call_ID = *(u32 *) CMSG_DATA(cmsg);
} else {
if (len != sizeof(unsigned long))
return -EINVAL;
*user_call_ID = *(unsigned long *)
CMSG_DATA(cmsg);
}
_debug("User Call ID %lx", *user_call_ID);
break;
case RXRPC_ABORT:
if (*command != RXRPC_CMD_SEND_DATA)
return -EINVAL;
*command = RXRPC_CMD_SEND_ABORT;
if (len != sizeof(*abort_code))
return -EINVAL;
*abort_code = *(unsigned int *) CMSG_DATA(cmsg);
_debug("Abort %x", *abort_code);
if (*abort_code == 0)
return -EINVAL;
break;
case RXRPC_ACCEPT:
if (*command != RXRPC_CMD_SEND_DATA)
return -EINVAL;
*command = RXRPC_CMD_ACCEPT;
if (len != 0)
return -EINVAL;
if (!server)
return -EISCONN;
break;
default:
return -EINVAL;
}
}
_leave(" = 0");
return 0;
}
static int
do_sys_sendmsg_so(struct lwp *l, int s, struct socket *so, file_t *fp,
struct msghdr *mp, int flags, register_t *retsize)
{
struct iovec aiov[UIO_SMALLIOV], *iov = aiov, *tiov, *ktriov = NULL;
struct mbuf *to, *control;
struct uio auio;
size_t len, iovsz;
int i, error;
ktrkuser("msghdr", mp, sizeof *mp);
/* If the caller passed us stuff in mbufs, we must free them. */
to = (mp->msg_flags & MSG_NAMEMBUF) ? mp->msg_name : NULL;
control = (mp->msg_flags & MSG_CONTROLMBUF) ? mp->msg_control : NULL;
iovsz = mp->msg_iovlen * sizeof(struct iovec);
if (mp->msg_flags & MSG_IOVUSRSPACE) {
if ((unsigned int)mp->msg_iovlen > UIO_SMALLIOV) {
if ((unsigned int)mp->msg_iovlen > IOV_MAX) {
error = EMSGSIZE;
goto bad;
}
iov = kmem_alloc(iovsz, KM_SLEEP);
}
if (mp->msg_iovlen != 0) {
error = copyin(mp->msg_iov, iov, iovsz);
if (error)
goto bad;
}
mp->msg_iov = iov;
}
auio.uio_iov = mp->msg_iov;
auio.uio_iovcnt = mp->msg_iovlen;
auio.uio_rw = UIO_WRITE;
auio.uio_offset = 0; /* XXX */
auio.uio_resid = 0;
KASSERT(l == curlwp);
auio.uio_vmspace = l->l_proc->p_vmspace;
for (i = 0, tiov = mp->msg_iov; i < mp->msg_iovlen; i++, tiov++) {
/*
* Writes return ssize_t because -1 is returned on error.
* Therefore, we must restrict the length to SSIZE_MAX to
* avoid garbage return values.
*/
auio.uio_resid += tiov->iov_len;
if (tiov->iov_len > SSIZE_MAX || auio.uio_resid > SSIZE_MAX) {
error = EINVAL;
goto bad;
}
}
if (mp->msg_name && to == NULL) {
error = sockargs(&to, mp->msg_name, mp->msg_namelen,
MT_SONAME);
if (error)
goto bad;
}
if (mp->msg_control) {
if (mp->msg_controllen < CMSG_ALIGN(sizeof(struct cmsghdr))) {
error = EINVAL;
goto bad;
}
if (control == NULL) {
error = sockargs(&control, mp->msg_control,
mp->msg_controllen, MT_CONTROL);
if (error)
goto bad;
}
}
if (ktrpoint(KTR_GENIO) && iovsz > 0) {
ktriov = kmem_alloc(iovsz, KM_SLEEP);
memcpy(ktriov, auio.uio_iov, iovsz);
}
if (mp->msg_name)
MCLAIM(to, so->so_mowner);
if (mp->msg_control)
MCLAIM(control, so->so_mowner);
len = auio.uio_resid;
error = (*so->so_send)(so, to, &auio, NULL, control, flags, l);
/* Protocol is responsible for freeing 'control' */
control = NULL;
if (error) {
if (auio.uio_resid != len && (error == ERESTART ||
error == EINTR || error == EWOULDBLOCK))
error = 0;
if (error == EPIPE && (fp->f_flag & FNOSIGPIPE) == 0 &&
(flags & MSG_NOSIGNAL) == 0) {
mutex_enter(proc_lock);
psignal(l->l_proc, SIGPIPE);
mutex_exit(proc_lock);
}
}
if (error == 0)
*retsize = len - auio.uio_resid;
bad:
if (ktriov != NULL) {
ktrgeniov(s, UIO_WRITE, ktriov, *retsize, error);
kmem_free(ktriov, iovsz);
}
if (iov != aiov)
kmem_free(iov, iovsz);
if (to)
m_freem(to);
if (control)
m_freem(control);
return error;
}
int
sendit(struct proc *p, int s, struct msghdr *mp, int flags, register_t *retsize)
{
struct file *fp;
struct uio auio;
struct iovec *iov;
int i;
struct mbuf *to, *control;
size_t len;
int error;
#ifdef KTRACE
struct iovec *ktriov = NULL;
#endif
to = NULL;
if ((error = getsock(p->p_fd, s, &fp)) != 0)
return (error);
auio.uio_iov = mp->msg_iov;
auio.uio_iovcnt = mp->msg_iovlen;
auio.uio_segflg = UIO_USERSPACE;
auio.uio_rw = UIO_WRITE;
auio.uio_procp = p;
auio.uio_offset = 0; /* XXX */
auio.uio_resid = 0;
iov = mp->msg_iov;
for (i = 0; i < mp->msg_iovlen; i++, iov++) {
/* Don't allow sum > SSIZE_MAX */
if (iov->iov_len > SSIZE_MAX ||
(auio.uio_resid += iov->iov_len) > SSIZE_MAX) {
error = EINVAL;
goto bad;
}
}
if (mp->msg_name) {
error = sockargs(&to, mp->msg_name, mp->msg_namelen,
MT_SONAME);
if (error)
goto bad;
#ifdef KTRACE
if (KTRPOINT(p, KTR_STRUCT))
ktrsockaddr(p, mtod(to, caddr_t), mp->msg_namelen);
#endif
}
if (mp->msg_control) {
if (mp->msg_controllen < CMSG_ALIGN(sizeof(struct cmsghdr))) {
error = EINVAL;
goto bad;
}
error = sockargs(&control, mp->msg_control,
mp->msg_controllen, MT_CONTROL);
if (error)
goto bad;
} else
control = 0;
#ifdef KTRACE
if (KTRPOINT(p, KTR_GENIO)) {
int iovlen = auio.uio_iovcnt * sizeof (struct iovec);
ktriov = malloc(iovlen, M_TEMP, M_WAITOK);
bcopy(auio.uio_iov, ktriov, iovlen);
}
#endif
len = auio.uio_resid;
error = sosend(fp->f_data, to, &auio, NULL, control, flags);
if (error) {
if (auio.uio_resid != len && (error == ERESTART ||
error == EINTR || error == EWOULDBLOCK))
error = 0;
if (error == EPIPE && (flags & MSG_NOSIGNAL) == 0)
ptsignal(p, SIGPIPE, STHREAD);
}
if (error == 0) {
*retsize = len - auio.uio_resid;
fp->f_wxfer++;
fp->f_wbytes += *retsize;
}
#ifdef KTRACE
if (ktriov != NULL) {
if (error == 0)
ktrgenio(p, s, UIO_WRITE, ktriov, *retsize);
free(ktriov, M_TEMP);
}
#endif
bad:
FRELE(fp, p);
if (to)
m_freem(to);
return (error);
}
int main(int argc, char *argv[])
{
int ch, hold, packlen;
u_char *packet;
char *target;
struct addrinfo hints, *ai;
int gai;
struct sockaddr_in6 firsthop;
int socket_errno = 0;
struct icmp6_filter filter;
int err;
#ifdef __linux__
int csum_offset, sz_opt;
#endif
static uint32_t scope_id = 0;
#ifdef ANDROID
android_check_security();
#endif
limit_capabilities();
#ifdef USE_IDN
setlocale(LC_ALL, "");
#endif
icmp_sock = socket(AF_INET6, SOCK_DGRAM, IPPROTO_ICMPV6);
if (icmp_sock < 0) {
enable_capability_raw();
icmp_sock = socket(AF_INET6, SOCK_RAW, IPPROTO_ICMPV6);
socket_errno = errno;
disable_capability_raw();
using_ping_socket = 0;
}
source.sin6_family = AF_INET6;
memset(&firsthop, 0, sizeof(firsthop));
firsthop.sin6_family = AF_INET6;
preload = 1;
while ((ch = getopt(argc, argv, COMMON_OPTSTR "F:N:")) != EOF) {
switch(ch) {
case 'F':
flowlabel = hextoui(optarg);
if (errno || (flowlabel & ~IPV6_FLOWINFO_FLOWLABEL)) {
fprintf(stderr, "ping: Invalid flowinfo %s\n", optarg);
exit(2);
}
options |= F_FLOWINFO;
break;
case 'Q':
tclass = hextoui(optarg);
if (errno || (tclass & ~0xff)) {
fprintf(stderr, "ping: Invalid tclass %s\n", optarg);
exit(2);
}
options |= F_TCLASS;
break;
case 'I':
if (strchr(optarg, ':')) {
char *p, *addr = strdup(optarg);
if (!addr) {
fprintf(stderr, "ping: out of memory\n");
exit(2);
}
p = strchr(addr, SCOPE_DELIMITER);
if (p) {
*p = '\0';
device = optarg + (p - addr) + 1;
}
if (inet_pton(AF_INET6, addr, (char*)&source.sin6_addr) <= 0) {
fprintf(stderr, "ping: invalid source address %s\n", optarg);
exit(2);
}
options |= F_STRICTSOURCE;
free(addr);
} else {
device = optarg;
}
break;
case 'M':
if (strcmp(optarg, "do") == 0)
pmtudisc = IPV6_PMTUDISC_DO;
else if (strcmp(optarg, "dont") == 0)
pmtudisc = IPV6_PMTUDISC_DONT;
else if (strcmp(optarg, "want") == 0)
pmtudisc = IPV6_PMTUDISC_WANT;
else {
fprintf(stderr, "ping: wrong value for -M: do, dont, want are valid ones.\n");
exit(2);
}
break;
case 'V':
printf("ping6 utility, iputils-%s\n", SNAPSHOT);
exit(0);
case 'N':
if (using_ping_socket) {
fprintf(stderr, "ping: -N requires raw socket permissions\n");
exit(2);
}
if (niquery_option_handler(optarg) < 0) {
usage();
break;
}
break;
COMMON_OPTIONS
common_options(ch);
break;
default:
usage();
}
}
argc -= optind;
argv += optind;
#ifdef ENABLE_PING6_RTHDR
while (argc > 1) {
struct in6_addr *addr;
if (srcrt == NULL) {
int space;
fprintf(stderr, "ping6: Warning: "
"Source routing is deprecated by RFC5095.\n");
#ifdef ENABLE_PING6_RTHDR_RFC3542
space = inet6_rth_space(IPV6_RTHDR_TYPE_0, argc - 1);
#else
space = inet6_srcrt_space(IPV6_SRCRT_TYPE_0, argc - 1);
#endif
if (space == 0) {
fprintf(stderr, "srcrt_space failed\n");
exit(2);
}
#ifdef ENABLE_PING6_RTHDR_RFC3542
if (cmsglen + CMSG_SPACE(space) > sizeof(cmsgbuf)) {
fprintf(stderr, "no room for options\n");
exit(2);
}
#else
if (space + cmsglen > sizeof(cmsgbuf)) {
fprintf(stderr, "no room for options\n");
exit(2);
}
#endif
srcrt = (struct cmsghdr*)(cmsgbuf+cmsglen);
#ifdef ENABLE_PING6_RTHDR_RFC3542
memset(srcrt, 0, CMSG_SPACE(0));
srcrt->cmsg_len = CMSG_LEN(space);
srcrt->cmsg_level = IPPROTO_IPV6;
srcrt->cmsg_type = IPV6_RTHDR;
inet6_rth_init(CMSG_DATA(srcrt), space, IPV6_RTHDR_TYPE_0, argc - 1);
cmsglen += CMSG_SPACE(space);
#else
cmsglen += CMSG_ALIGN(space);
inet6_srcrt_init(srcrt, IPV6_SRCRT_TYPE_0);
#endif
}
target = *argv;
memset(&hints, 0, sizeof(hints));
hints.ai_family = AF_INET6;
#ifdef USE_IDN
hints.ai_flags = AI_IDN;
#endif
gai = getaddrinfo(target, NULL, &hints, &ai);
if (gai) {
fprintf(stderr, "unknown host\n");
exit(2);
}
addr = &((struct sockaddr_in6 *)(ai->ai_addr))->sin6_addr;
#ifdef ENABLE_PING6_RTHDR_RFC3542
inet6_rth_add(CMSG_DATA(srcrt), addr);
#else
inet6_srcrt_add(srcrt, addr);
#endif
if (IN6_IS_ADDR_UNSPECIFIED(&firsthop.sin6_addr)) {
memcpy(&firsthop.sin6_addr, addr, 16);
#ifdef HAVE_SIN6_SCOPEID
firsthop.sin6_scope_id = ((struct sockaddr_in6 *)(ai->ai_addr))->sin6_scope_id;
/* Verify scope_id is the same as previous nodes */
if (firsthop.sin6_scope_id && scope_id && firsthop.sin6_scope_id != scope_id) {
fprintf(stderr, "scope discrepancy among the nodes\n");
exit(2);
} else if (!scope_id) {
scope_id = firsthop.sin6_scope_id;
}
#endif
}
freeaddrinfo(ai);
argv++;
argc--;
}
#endif
if (niquery_is_enabled()) {
niquery_init_nonce();
if (!niquery_is_subject_valid()) {
ni_subject = &whereto.sin6_addr;
ni_subject_len = sizeof(whereto.sin6_addr);
ni_subject_type = NI_SUBJ_IPV6;
}
}
if (argc > 1) {
#ifndef ENABLE_PING6_RTHDR
fprintf(stderr, "ping6: Source routing is deprecated by RFC5095.\n");
#endif
usage();
} else if (argc == 1) {
target = *argv;
} else {
if (ni_query < 0 && ni_subject_type != NI_SUBJ_NAME)
usage();
target = ni_group;
}
memset(&hints, 0, sizeof(hints));
hints.ai_family = AF_INET6;
#ifdef USE_IDN
hints.ai_flags = AI_IDN;
#endif
gai = getaddrinfo(target, NULL, &hints, &ai);
if (gai) {
fprintf(stderr, "unknown host\n");
exit(2);
}
memcpy(&whereto, ai->ai_addr, sizeof(whereto));
whereto.sin6_port = htons(IPPROTO_ICMPV6);
if (memchr(target, ':', strlen(target)))
options |= F_NUMERIC;
freeaddrinfo(ai);
if (IN6_IS_ADDR_UNSPECIFIED(&firsthop.sin6_addr)) {
memcpy(&firsthop.sin6_addr, &whereto.sin6_addr, 16);
#ifdef HAVE_SIN6_SCOPEID
firsthop.sin6_scope_id = whereto.sin6_scope_id;
/* Verify scope_id is the same as intermediate nodes */
if (firsthop.sin6_scope_id && scope_id && firsthop.sin6_scope_id != scope_id) {
fprintf(stderr, "scope discrepancy among the nodes\n");
exit(2);
} else if (!scope_id) {
scope_id = firsthop.sin6_scope_id;
}
#endif
}
hostname = target;
if (IN6_IS_ADDR_UNSPECIFIED(&source.sin6_addr)) {
socklen_t alen;
int probe_fd = socket(AF_INET6, SOCK_DGRAM, 0);
if (probe_fd < 0) {
perror("socket");
exit(2);
}
if (device) {
#if defined(IPV6_RECVPKTINFO) || defined(HAVE_SIN6_SCOPEID)
unsigned int iface = if_name2index(device);
#endif
#ifdef IPV6_RECVPKTINFO
struct in6_pktinfo ipi;
memset(&ipi, 0, sizeof(ipi));
ipi.ipi6_ifindex = iface;
#endif
#ifdef HAVE_SIN6_SCOPEID
if (IN6_IS_ADDR_LINKLOCAL(&firsthop.sin6_addr) ||
IN6_IS_ADDR_MC_LINKLOCAL(&firsthop.sin6_addr))
firsthop.sin6_scope_id = iface;
#endif
enable_capability_raw();
if (
#ifdef IPV6_RECVPKTINFO
setsockopt(probe_fd, IPPROTO_IPV6, IPV6_PKTINFO, &ipi, sizeof(ipi)) == -1 &&
#endif
setsockopt(probe_fd, SOL_SOCKET, SO_BINDTODEVICE, device, strlen(device)+1) == -1) {
perror("setsockopt(SO_BINDTODEVICE)");
exit(2);
}
disable_capability_raw();
}
firsthop.sin6_port = htons(1025);
if (connect(probe_fd, (struct sockaddr*)&firsthop, sizeof(firsthop)) == -1) {
perror("connect");
exit(2);
}
alen = sizeof(source);
if (getsockname(probe_fd, (struct sockaddr*)&source, &alen) == -1) {
perror("getsockname");
exit(2);
}
source.sin6_port = 0;
close(probe_fd);
#ifndef WITHOUT_IFADDRS
if (device) {
struct ifaddrs *ifa0, *ifa;
if (getifaddrs(&ifa0)) {
perror("getifaddrs");
exit(2);
}
for (ifa = ifa0; ifa; ifa = ifa->ifa_next) {
if (!ifa->ifa_addr || ifa->ifa_addr->sa_family != AF_INET6)
continue;
if (!strncmp(ifa->ifa_name, device, sizeof(device) - 1) &&
IN6_ARE_ADDR_EQUAL(&((struct sockaddr_in6 *)ifa->ifa_addr)->sin6_addr,
&source.sin6_addr))
break;
}
if (!ifa)
fprintf(stderr, "ping6: Warning: source address might be selected on device other than %s.\n", device);
freeifaddrs(ifa0);
}
#endif
}
#ifdef HAVE_SIN6_SCOPEID
else if (device && (IN6_IS_ADDR_LINKLOCAL(&source.sin6_addr) ||
IN6_IS_ADDR_MC_LINKLOCAL(&source.sin6_addr)))
source.sin6_scope_id = if_name2index(device);
#endif
if (icmp_sock < 0) {
errno = socket_errno;
perror("ping: icmp open socket");
exit(2);
}
if (device) {
struct cmsghdr *cmsg;
struct in6_pktinfo *ipi;
cmsg = (struct cmsghdr*)(cmsgbuf+cmsglen);
cmsglen += CMSG_SPACE(sizeof(*ipi));
cmsg->cmsg_len = CMSG_LEN(sizeof(*ipi));
cmsg->cmsg_level = SOL_IPV6;
cmsg->cmsg_type = IPV6_PKTINFO;
ipi = (struct in6_pktinfo*)CMSG_DATA(cmsg);
memset(ipi, 0, sizeof(*ipi));
ipi->ipi6_ifindex = if_name2index(device);
}
if ((whereto.sin6_addr.s6_addr16[0]&htons(0xff00)) == htons (0xff00)) {
if (uid) {
if (interval < 1000) {
fprintf(stderr, "ping: multicast ping with too short interval.\n");
exit(2);
}
if (pmtudisc >= 0 && pmtudisc != IPV6_PMTUDISC_DO) {
fprintf(stderr, "ping: multicast ping does not fragment.\n");
exit(2);
}
}
if (pmtudisc < 0)
pmtudisc = IPV6_PMTUDISC_DO;
}
if (pmtudisc >= 0) {
if (setsockopt(icmp_sock, SOL_IPV6, IPV6_MTU_DISCOVER, &pmtudisc, sizeof(pmtudisc)) == -1) {
perror("ping: IPV6_MTU_DISCOVER");
exit(2);
}
}
if ((options&F_STRICTSOURCE) &&
bind(icmp_sock, (struct sockaddr*)&source, sizeof(source)) == -1) {
perror("ping: bind icmp socket");
exit(2);
}
if (datalen >= sizeof(struct timeval) && (ni_query < 0)) {
/* can we time transfer */
timing = 1;
}
packlen = datalen + 8 + 4096 + 40 + 8; /* 4096 for rthdr */
if (!(packet = (u_char *)malloc((u_int)packlen))) {
fprintf(stderr, "ping: out of memory.\n");
exit(2);
}
working_recverr = 1;
hold = 1;
if (setsockopt(icmp_sock, SOL_IPV6, IPV6_RECVERR, (char *)&hold, sizeof(hold))) {
fprintf(stderr, "WARNING: your kernel is veeery old. No problems.\n");
working_recverr = 0;
}
/* Estimate memory eaten by single packet. It is rough estimate.
* Actually, for small datalen's it depends on kernel side a lot. */
hold = datalen+8;
hold += ((hold+511)/512)*(40+16+64+160);
sock_setbufs(icmp_sock, hold);
if (!using_ping_socket) {
#ifdef __linux__
csum_offset = 2;
sz_opt = sizeof(int);
err = setsockopt(icmp_sock, SOL_RAW, IPV6_CHECKSUM,
&csum_offset, sz_opt);
if (err < 0) {
/* checksum should be enabled by default and setting
* this option might fail anyway.
*/
fprintf(stderr, "setsockopt(RAW_CHECKSUM) failed"
" - try to continue.");
}
#endif
/*
* select icmp echo reply as icmp type to receive
*/
ICMP6_FILTER_SETBLOCKALL(&filter);
if (!working_recverr) {
ICMP6_FILTER_SETPASS(ICMP6_DST_UNREACH, &filter);
ICMP6_FILTER_SETPASS(ICMP6_PACKET_TOO_BIG, &filter);
ICMP6_FILTER_SETPASS(ICMP6_TIME_EXCEEDED, &filter);
ICMP6_FILTER_SETPASS(ICMP6_PARAM_PROB, &filter);
}
if (niquery_is_enabled())
ICMP6_FILTER_SETPASS(ICMPV6_NI_REPLY, &filter);
else
ICMP6_FILTER_SETPASS(ICMP6_ECHO_REPLY, &filter);
err = setsockopt(icmp_sock, IPPROTO_ICMPV6, ICMP6_FILTER,
&filter, sizeof(struct icmp6_filter));
if (err < 0) {
perror("setsockopt(ICMP6_FILTER)");
exit(2);
}
}
if (options & F_NOLOOP) {
int loop = 0;
if (setsockopt(icmp_sock, IPPROTO_IPV6, IPV6_MULTICAST_LOOP,
&loop, sizeof(loop)) == -1) {
perror ("can't disable multicast loopback");
exit(2);
}
}
if (options & F_TTL) {
if (setsockopt(icmp_sock, IPPROTO_IPV6, IPV6_MULTICAST_HOPS,
&ttl, sizeof(ttl)) == -1) {
perror ("can't set multicast hop limit");
exit(2);
}
if (setsockopt(icmp_sock, IPPROTO_IPV6, IPV6_UNICAST_HOPS,
&ttl, sizeof(ttl)) == -1) {
perror ("can't set unicast hop limit");
exit(2);
}
}
if (1) {
int on = 1;
if (
#ifdef IPV6_RECVHOPLIMIT
setsockopt(icmp_sock, IPPROTO_IPV6, IPV6_RECVHOPLIMIT,
&on, sizeof(on)) == -1 &&
setsockopt(icmp_sock, IPPROTO_IPV6, IPV6_2292HOPLIMIT,
&on, sizeof(on)) == -1
#else
setsockopt(icmp_sock, IPPROTO_IPV6, IPV6_HOPLIMIT,
&on, sizeof(on)) == -1
#endif
){
perror ("can't receive hop limit");
exit(2);
}
}
if (options & F_TCLASS) {
#ifdef IPV6_TCLASS
if (setsockopt(icmp_sock, IPPROTO_IPV6, IPV6_TCLASS,
&tclass, sizeof(tclass)) == -1) {
perror ("setsockopt(IPV6_TCLASS)");
exit(2);
}
#else
fprintf(stderr, "Traffic class is not supported.\n");
#endif
}
if (options&F_FLOWINFO) {
#ifdef IPV6_FLOWINFO_SEND
int on = 1;
#endif
#ifdef IPV6_FLOWLABEL_MGR
char freq_buf[CMSG_ALIGN(sizeof(struct in6_flowlabel_req)) + cmsglen];
struct in6_flowlabel_req *freq = (struct in6_flowlabel_req *)freq_buf;
int freq_len = sizeof(*freq);
#ifdef ENABLE_PING6_RTHDR
if (srcrt)
freq_len = CMSG_ALIGN(sizeof(*freq)) + srcrt->cmsg_len;
#endif
memset(freq, 0, sizeof(*freq));
freq->flr_label = htonl(flowlabel & IPV6_FLOWINFO_FLOWLABEL);
freq->flr_action = IPV6_FL_A_GET;
freq->flr_flags = IPV6_FL_F_CREATE;
freq->flr_share = IPV6_FL_S_EXCL;
memcpy(&freq->flr_dst, &whereto.sin6_addr, 16);
#ifdef ENABLE_PING6_RTHDR
if (srcrt)
memcpy(freq_buf + CMSG_ALIGN(sizeof(*freq)), srcrt, srcrt->cmsg_len);
#endif
if (setsockopt(icmp_sock, IPPROTO_IPV6, IPV6_FLOWLABEL_MGR,
freq, freq_len) == -1) {
perror ("can't set flowlabel");
exit(2);
}
flowlabel = freq->flr_label;
#ifdef ENABLE_PING6_RTHDR
if (srcrt) {
cmsglen = (char*)srcrt - (char*)cmsgbuf;
srcrt = NULL;
}
#endif
#else
fprintf(stderr, "Flow labels are not supported.\n");
exit(2);
#endif
#ifdef IPV6_FLOWINFO_SEND
whereto.sin6_flowinfo = flowlabel;
if (setsockopt(icmp_sock, IPPROTO_IPV6, IPV6_FLOWINFO_SEND,
&on, sizeof(on)) == -1) {
perror ("can't send flowinfo");
exit(2);
}
#else
fprintf(stderr, "Flowinfo is not supported.\n");
exit(2);
#endif
}
printf("PING %s(%s) ", hostname, pr_addr(&whereto.sin6_addr));
if (flowlabel)
printf(", flow 0x%05x, ", (unsigned)ntohl(flowlabel));
if (device || (options&F_STRICTSOURCE)) {
printf("from %s %s: ",
pr_addr_n(&source.sin6_addr), device ? : "");
}
