Loading...
1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * INET An implementation of the TCP/IP protocol suite for the LINUX
4 * operating system. INET is implemented using the BSD Socket
5 * interface as the means of communication with the user level.
6 *
7 * Generic INET6 transport hashtables
8 *
9 * Authors: Lotsa people, from code originally in tcp, generalised here
10 * by Arnaldo Carvalho de Melo <acme@mandriva.com>
11 */
12
13#include <linux/module.h>
14#include <linux/random.h>
15
16#include <net/addrconf.h>
17#include <net/inet_connection_sock.h>
18#include <net/inet_hashtables.h>
19#include <net/inet6_hashtables.h>
20#include <net/secure_seq.h>
21#include <net/ip.h>
22#include <net/sock_reuseport.h>
23
24extern struct inet_hashinfo tcp_hashinfo;
25
26u32 inet6_ehashfn(const struct net *net,
27 const struct in6_addr *laddr, const u16 lport,
28 const struct in6_addr *faddr, const __be16 fport)
29{
30 static u32 inet6_ehash_secret __read_mostly;
31 static u32 ipv6_hash_secret __read_mostly;
32
33 u32 lhash, fhash;
34
35 net_get_random_once(&inet6_ehash_secret, sizeof(inet6_ehash_secret));
36 net_get_random_once(&ipv6_hash_secret, sizeof(ipv6_hash_secret));
37
38 lhash = (__force u32)laddr->s6_addr32[3];
39 fhash = __ipv6_addr_jhash(faddr, ipv6_hash_secret);
40
41 return __inet6_ehashfn(lhash, lport, fhash, fport,
42 inet6_ehash_secret + net_hash_mix(net));
43}
44
45/*
46 * Sockets in TCP_CLOSE state are _always_ taken out of the hash, so
47 * we need not check it for TCP lookups anymore, thanks Alexey. -DaveM
48 *
49 * The sockhash lock must be held as a reader here.
50 */
51struct sock *__inet6_lookup_established(struct net *net,
52 struct inet_hashinfo *hashinfo,
53 const struct in6_addr *saddr,
54 const __be16 sport,
55 const struct in6_addr *daddr,
56 const u16 hnum,
57 const int dif, const int sdif)
58{
59 struct sock *sk;
60 const struct hlist_nulls_node *node;
61 const __portpair ports = INET_COMBINED_PORTS(sport, hnum);
62 /* Optimize here for direct hit, only listening connections can
63 * have wildcards anyways.
64 */
65 unsigned int hash = inet6_ehashfn(net, daddr, hnum, saddr, sport);
66 unsigned int slot = hash & hashinfo->ehash_mask;
67 struct inet_ehash_bucket *head = &hashinfo->ehash[slot];
68
69
70begin:
71 sk_nulls_for_each_rcu(sk, node, &head->chain) {
72 if (sk->sk_hash != hash)
73 continue;
74 if (!INET6_MATCH(sk, net, saddr, daddr, ports, dif, sdif))
75 continue;
76 if (unlikely(!refcount_inc_not_zero(&sk->sk_refcnt)))
77 goto out;
78
79 if (unlikely(!INET6_MATCH(sk, net, saddr, daddr, ports, dif, sdif))) {
80 sock_gen_put(sk);
81 goto begin;
82 }
83 goto found;
84 }
85 if (get_nulls_value(node) != slot)
86 goto begin;
87out:
88 sk = NULL;
89found:
90 return sk;
91}
92EXPORT_SYMBOL(__inet6_lookup_established);
93
94static inline int compute_score(struct sock *sk, struct net *net,
95 const unsigned short hnum,
96 const struct in6_addr *daddr,
97 const int dif, const int sdif, bool exact_dif)
98{
99 int score = -1;
100
101 if (net_eq(sock_net(sk), net) && inet_sk(sk)->inet_num == hnum &&
102 sk->sk_family == PF_INET6) {
103 if (!ipv6_addr_equal(&sk->sk_v6_rcv_saddr, daddr))
104 return -1;
105
106 if (!inet_sk_bound_dev_eq(net, sk->sk_bound_dev_if, dif, sdif))
107 return -1;
108
109 score = 1;
110 if (READ_ONCE(sk->sk_incoming_cpu) == raw_smp_processor_id())
111 score++;
112 }
113 return score;
114}
115
116static inline struct sock *lookup_reuseport(struct net *net, struct sock *sk,
117 struct sk_buff *skb, int doff,
118 const struct in6_addr *saddr,
119 __be16 sport,
120 const struct in6_addr *daddr,
121 unsigned short hnum)
122{
123 struct sock *reuse_sk = NULL;
124 u32 phash;
125
126 if (sk->sk_reuseport) {
127 phash = inet6_ehashfn(net, daddr, hnum, saddr, sport);
128 reuse_sk = reuseport_select_sock(sk, phash, skb, doff);
129 }
130 return reuse_sk;
131}
132
133/* called with rcu_read_lock() */
134static struct sock *inet6_lhash2_lookup(struct net *net,
135 struct inet_listen_hashbucket *ilb2,
136 struct sk_buff *skb, int doff,
137 const struct in6_addr *saddr,
138 const __be16 sport, const struct in6_addr *daddr,
139 const unsigned short hnum, const int dif, const int sdif)
140{
141 bool exact_dif = inet6_exact_dif_match(net, skb);
142 struct inet_connection_sock *icsk;
143 struct sock *sk, *result = NULL;
144 int score, hiscore = 0;
145
146 inet_lhash2_for_each_icsk_rcu(icsk, &ilb2->head) {
147 sk = (struct sock *)icsk;
148 score = compute_score(sk, net, hnum, daddr, dif, sdif,
149 exact_dif);
150 if (score > hiscore) {
151 result = lookup_reuseport(net, sk, skb, doff,
152 saddr, sport, daddr, hnum);
153 if (result)
154 return result;
155
156 result = sk;
157 hiscore = score;
158 }
159 }
160
161 return result;
162}
163
164static inline struct sock *inet6_lookup_run_bpf(struct net *net,
165 struct inet_hashinfo *hashinfo,
166 struct sk_buff *skb, int doff,
167 const struct in6_addr *saddr,
168 const __be16 sport,
169 const struct in6_addr *daddr,
170 const u16 hnum)
171{
172 struct sock *sk, *reuse_sk;
173 bool no_reuseport;
174
175 if (hashinfo != &tcp_hashinfo)
176 return NULL; /* only TCP is supported */
177
178 no_reuseport = bpf_sk_lookup_run_v6(net, IPPROTO_TCP,
179 saddr, sport, daddr, hnum, &sk);
180 if (no_reuseport || IS_ERR_OR_NULL(sk))
181 return sk;
182
183 reuse_sk = lookup_reuseport(net, sk, skb, doff, saddr, sport, daddr, hnum);
184 if (reuse_sk)
185 sk = reuse_sk;
186 return sk;
187}
188
189struct sock *inet6_lookup_listener(struct net *net,
190 struct inet_hashinfo *hashinfo,
191 struct sk_buff *skb, int doff,
192 const struct in6_addr *saddr,
193 const __be16 sport, const struct in6_addr *daddr,
194 const unsigned short hnum, const int dif, const int sdif)
195{
196 struct inet_listen_hashbucket *ilb2;
197 struct sock *result = NULL;
198 unsigned int hash2;
199
200 /* Lookup redirect from BPF */
201 if (static_branch_unlikely(&bpf_sk_lookup_enabled)) {
202 result = inet6_lookup_run_bpf(net, hashinfo, skb, doff,
203 saddr, sport, daddr, hnum);
204 if (result)
205 goto done;
206 }
207
208 hash2 = ipv6_portaddr_hash(net, daddr, hnum);
209 ilb2 = inet_lhash2_bucket(hashinfo, hash2);
210
211 result = inet6_lhash2_lookup(net, ilb2, skb, doff,
212 saddr, sport, daddr, hnum,
213 dif, sdif);
214 if (result)
215 goto done;
216
217 /* Lookup lhash2 with in6addr_any */
218 hash2 = ipv6_portaddr_hash(net, &in6addr_any, hnum);
219 ilb2 = inet_lhash2_bucket(hashinfo, hash2);
220
221 result = inet6_lhash2_lookup(net, ilb2, skb, doff,
222 saddr, sport, &in6addr_any, hnum,
223 dif, sdif);
224done:
225 if (IS_ERR(result))
226 return NULL;
227 return result;
228}
229EXPORT_SYMBOL_GPL(inet6_lookup_listener);
230
231struct sock *inet6_lookup(struct net *net, struct inet_hashinfo *hashinfo,
232 struct sk_buff *skb, int doff,
233 const struct in6_addr *saddr, const __be16 sport,
234 const struct in6_addr *daddr, const __be16 dport,
235 const int dif)
236{
237 struct sock *sk;
238 bool refcounted;
239
240 sk = __inet6_lookup(net, hashinfo, skb, doff, saddr, sport, daddr,
241 ntohs(dport), dif, 0, &refcounted);
242 if (sk && !refcounted && !refcount_inc_not_zero(&sk->sk_refcnt))
243 sk = NULL;
244 return sk;
245}
246EXPORT_SYMBOL_GPL(inet6_lookup);
247
248static int __inet6_check_established(struct inet_timewait_death_row *death_row,
249 struct sock *sk, const __u16 lport,
250 struct inet_timewait_sock **twp)
251{
252 struct inet_hashinfo *hinfo = death_row->hashinfo;
253 struct inet_sock *inet = inet_sk(sk);
254 const struct in6_addr *daddr = &sk->sk_v6_rcv_saddr;
255 const struct in6_addr *saddr = &sk->sk_v6_daddr;
256 const int dif = sk->sk_bound_dev_if;
257 struct net *net = sock_net(sk);
258 const int sdif = l3mdev_master_ifindex_by_index(net, dif);
259 const __portpair ports = INET_COMBINED_PORTS(inet->inet_dport, lport);
260 const unsigned int hash = inet6_ehashfn(net, daddr, lport, saddr,
261 inet->inet_dport);
262 struct inet_ehash_bucket *head = inet_ehash_bucket(hinfo, hash);
263 spinlock_t *lock = inet_ehash_lockp(hinfo, hash);
264 struct sock *sk2;
265 const struct hlist_nulls_node *node;
266 struct inet_timewait_sock *tw = NULL;
267
268 spin_lock(lock);
269
270 sk_nulls_for_each(sk2, node, &head->chain) {
271 if (sk2->sk_hash != hash)
272 continue;
273
274 if (likely(INET6_MATCH(sk2, net, saddr, daddr, ports,
275 dif, sdif))) {
276 if (sk2->sk_state == TCP_TIME_WAIT) {
277 tw = inet_twsk(sk2);
278 if (twsk_unique(sk, sk2, twp))
279 break;
280 }
281 goto not_unique;
282 }
283 }
284
285 /* Must record num and sport now. Otherwise we will see
286 * in hash table socket with a funny identity.
287 */
288 inet->inet_num = lport;
289 inet->inet_sport = htons(lport);
290 sk->sk_hash = hash;
291 WARN_ON(!sk_unhashed(sk));
292 __sk_nulls_add_node_rcu(sk, &head->chain);
293 if (tw) {
294 sk_nulls_del_node_init_rcu((struct sock *)tw);
295 __NET_INC_STATS(net, LINUX_MIB_TIMEWAITRECYCLED);
296 }
297 spin_unlock(lock);
298 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1);
299
300 if (twp) {
301 *twp = tw;
302 } else if (tw) {
303 /* Silly. Should hash-dance instead... */
304 inet_twsk_deschedule_put(tw);
305 }
306 return 0;
307
308not_unique:
309 spin_unlock(lock);
310 return -EADDRNOTAVAIL;
311}
312
313static u32 inet6_sk_port_offset(const struct sock *sk)
314{
315 const struct inet_sock *inet = inet_sk(sk);
316
317 return secure_ipv6_port_ephemeral(sk->sk_v6_rcv_saddr.s6_addr32,
318 sk->sk_v6_daddr.s6_addr32,
319 inet->inet_dport);
320}
321
322int inet6_hash_connect(struct inet_timewait_death_row *death_row,
323 struct sock *sk)
324{
325 u32 port_offset = 0;
326
327 if (!inet_sk(sk)->inet_num)
328 port_offset = inet6_sk_port_offset(sk);
329 return __inet_hash_connect(death_row, sk, port_offset,
330 __inet6_check_established);
331}
332EXPORT_SYMBOL_GPL(inet6_hash_connect);
333
334int inet6_hash(struct sock *sk)
335{
336 int err = 0;
337
338 if (sk->sk_state != TCP_CLOSE) {
339 local_bh_disable();
340 err = __inet_hash(sk, NULL);
341 local_bh_enable();
342 }
343
344 return err;
345}
346EXPORT_SYMBOL_GPL(inet6_hash);
1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * INET An implementation of the TCP/IP protocol suite for the LINUX
4 * operating system. INET is implemented using the BSD Socket
5 * interface as the means of communication with the user level.
6 *
7 * Generic INET6 transport hashtables
8 *
9 * Authors: Lotsa people, from code originally in tcp, generalised here
10 * by Arnaldo Carvalho de Melo <acme@mandriva.com>
11 */
12
13#include <linux/module.h>
14#include <linux/random.h>
15
16#include <net/addrconf.h>
17#include <net/inet_connection_sock.h>
18#include <net/inet_hashtables.h>
19#include <net/inet6_hashtables.h>
20#include <net/secure_seq.h>
21#include <net/ip.h>
22#include <net/sock_reuseport.h>
23
24u32 inet6_ehashfn(const struct net *net,
25 const struct in6_addr *laddr, const u16 lport,
26 const struct in6_addr *faddr, const __be16 fport)
27{
28 static u32 inet6_ehash_secret __read_mostly;
29 static u32 ipv6_hash_secret __read_mostly;
30
31 u32 lhash, fhash;
32
33 net_get_random_once(&inet6_ehash_secret, sizeof(inet6_ehash_secret));
34 net_get_random_once(&ipv6_hash_secret, sizeof(ipv6_hash_secret));
35
36 lhash = (__force u32)laddr->s6_addr32[3];
37 fhash = __ipv6_addr_jhash(faddr, ipv6_hash_secret);
38
39 return __inet6_ehashfn(lhash, lport, fhash, fport,
40 inet6_ehash_secret + net_hash_mix(net));
41}
42
43/*
44 * Sockets in TCP_CLOSE state are _always_ taken out of the hash, so
45 * we need not check it for TCP lookups anymore, thanks Alexey. -DaveM
46 *
47 * The sockhash lock must be held as a reader here.
48 */
49struct sock *__inet6_lookup_established(struct net *net,
50 struct inet_hashinfo *hashinfo,
51 const struct in6_addr *saddr,
52 const __be16 sport,
53 const struct in6_addr *daddr,
54 const u16 hnum,
55 const int dif, const int sdif)
56{
57 struct sock *sk;
58 const struct hlist_nulls_node *node;
59 const __portpair ports = INET_COMBINED_PORTS(sport, hnum);
60 /* Optimize here for direct hit, only listening connections can
61 * have wildcards anyways.
62 */
63 unsigned int hash = inet6_ehashfn(net, daddr, hnum, saddr, sport);
64 unsigned int slot = hash & hashinfo->ehash_mask;
65 struct inet_ehash_bucket *head = &hashinfo->ehash[slot];
66
67
68begin:
69 sk_nulls_for_each_rcu(sk, node, &head->chain) {
70 if (sk->sk_hash != hash)
71 continue;
72 if (!INET6_MATCH(sk, net, saddr, daddr, ports, dif, sdif))
73 continue;
74 if (unlikely(!refcount_inc_not_zero(&sk->sk_refcnt)))
75 goto out;
76
77 if (unlikely(!INET6_MATCH(sk, net, saddr, daddr, ports, dif, sdif))) {
78 sock_gen_put(sk);
79 goto begin;
80 }
81 goto found;
82 }
83 if (get_nulls_value(node) != slot)
84 goto begin;
85out:
86 sk = NULL;
87found:
88 return sk;
89}
90EXPORT_SYMBOL(__inet6_lookup_established);
91
92static inline int compute_score(struct sock *sk, struct net *net,
93 const unsigned short hnum,
94 const struct in6_addr *daddr,
95 const int dif, const int sdif, bool exact_dif)
96{
97 int score = -1;
98
99 if (net_eq(sock_net(sk), net) && inet_sk(sk)->inet_num == hnum &&
100 sk->sk_family == PF_INET6) {
101 if (!ipv6_addr_equal(&sk->sk_v6_rcv_saddr, daddr))
102 return -1;
103
104 if (!inet_sk_bound_dev_eq(net, sk->sk_bound_dev_if, dif, sdif))
105 return -1;
106
107 score = 1;
108 if (READ_ONCE(sk->sk_incoming_cpu) == raw_smp_processor_id())
109 score++;
110 }
111 return score;
112}
113
114/* called with rcu_read_lock() */
115static struct sock *inet6_lhash2_lookup(struct net *net,
116 struct inet_listen_hashbucket *ilb2,
117 struct sk_buff *skb, int doff,
118 const struct in6_addr *saddr,
119 const __be16 sport, const struct in6_addr *daddr,
120 const unsigned short hnum, const int dif, const int sdif)
121{
122 bool exact_dif = inet6_exact_dif_match(net, skb);
123 struct inet_connection_sock *icsk;
124 struct sock *sk, *result = NULL;
125 int score, hiscore = 0;
126 u32 phash = 0;
127
128 inet_lhash2_for_each_icsk_rcu(icsk, &ilb2->head) {
129 sk = (struct sock *)icsk;
130 score = compute_score(sk, net, hnum, daddr, dif, sdif,
131 exact_dif);
132 if (score > hiscore) {
133 if (sk->sk_reuseport) {
134 phash = inet6_ehashfn(net, daddr, hnum,
135 saddr, sport);
136 result = reuseport_select_sock(sk, phash,
137 skb, doff);
138 if (result)
139 return result;
140 }
141 result = sk;
142 hiscore = score;
143 }
144 }
145
146 return result;
147}
148
149struct sock *inet6_lookup_listener(struct net *net,
150 struct inet_hashinfo *hashinfo,
151 struct sk_buff *skb, int doff,
152 const struct in6_addr *saddr,
153 const __be16 sport, const struct in6_addr *daddr,
154 const unsigned short hnum, const int dif, const int sdif)
155{
156 struct inet_listen_hashbucket *ilb2;
157 struct sock *result = NULL;
158 unsigned int hash2;
159
160 hash2 = ipv6_portaddr_hash(net, daddr, hnum);
161 ilb2 = inet_lhash2_bucket(hashinfo, hash2);
162
163 result = inet6_lhash2_lookup(net, ilb2, skb, doff,
164 saddr, sport, daddr, hnum,
165 dif, sdif);
166 if (result)
167 goto done;
168
169 /* Lookup lhash2 with in6addr_any */
170 hash2 = ipv6_portaddr_hash(net, &in6addr_any, hnum);
171 ilb2 = inet_lhash2_bucket(hashinfo, hash2);
172
173 result = inet6_lhash2_lookup(net, ilb2, skb, doff,
174 saddr, sport, &in6addr_any, hnum,
175 dif, sdif);
176done:
177 if (IS_ERR(result))
178 return NULL;
179 return result;
180}
181EXPORT_SYMBOL_GPL(inet6_lookup_listener);
182
183struct sock *inet6_lookup(struct net *net, struct inet_hashinfo *hashinfo,
184 struct sk_buff *skb, int doff,
185 const struct in6_addr *saddr, const __be16 sport,
186 const struct in6_addr *daddr, const __be16 dport,
187 const int dif)
188{
189 struct sock *sk;
190 bool refcounted;
191
192 sk = __inet6_lookup(net, hashinfo, skb, doff, saddr, sport, daddr,
193 ntohs(dport), dif, 0, &refcounted);
194 if (sk && !refcounted && !refcount_inc_not_zero(&sk->sk_refcnt))
195 sk = NULL;
196 return sk;
197}
198EXPORT_SYMBOL_GPL(inet6_lookup);
199
200static int __inet6_check_established(struct inet_timewait_death_row *death_row,
201 struct sock *sk, const __u16 lport,
202 struct inet_timewait_sock **twp)
203{
204 struct inet_hashinfo *hinfo = death_row->hashinfo;
205 struct inet_sock *inet = inet_sk(sk);
206 const struct in6_addr *daddr = &sk->sk_v6_rcv_saddr;
207 const struct in6_addr *saddr = &sk->sk_v6_daddr;
208 const int dif = sk->sk_bound_dev_if;
209 struct net *net = sock_net(sk);
210 const int sdif = l3mdev_master_ifindex_by_index(net, dif);
211 const __portpair ports = INET_COMBINED_PORTS(inet->inet_dport, lport);
212 const unsigned int hash = inet6_ehashfn(net, daddr, lport, saddr,
213 inet->inet_dport);
214 struct inet_ehash_bucket *head = inet_ehash_bucket(hinfo, hash);
215 spinlock_t *lock = inet_ehash_lockp(hinfo, hash);
216 struct sock *sk2;
217 const struct hlist_nulls_node *node;
218 struct inet_timewait_sock *tw = NULL;
219
220 spin_lock(lock);
221
222 sk_nulls_for_each(sk2, node, &head->chain) {
223 if (sk2->sk_hash != hash)
224 continue;
225
226 if (likely(INET6_MATCH(sk2, net, saddr, daddr, ports,
227 dif, sdif))) {
228 if (sk2->sk_state == TCP_TIME_WAIT) {
229 tw = inet_twsk(sk2);
230 if (twsk_unique(sk, sk2, twp))
231 break;
232 }
233 goto not_unique;
234 }
235 }
236
237 /* Must record num and sport now. Otherwise we will see
238 * in hash table socket with a funny identity.
239 */
240 inet->inet_num = lport;
241 inet->inet_sport = htons(lport);
242 sk->sk_hash = hash;
243 WARN_ON(!sk_unhashed(sk));
244 __sk_nulls_add_node_rcu(sk, &head->chain);
245 if (tw) {
246 sk_nulls_del_node_init_rcu((struct sock *)tw);
247 __NET_INC_STATS(net, LINUX_MIB_TIMEWAITRECYCLED);
248 }
249 spin_unlock(lock);
250 sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1);
251
252 if (twp) {
253 *twp = tw;
254 } else if (tw) {
255 /* Silly. Should hash-dance instead... */
256 inet_twsk_deschedule_put(tw);
257 }
258 return 0;
259
260not_unique:
261 spin_unlock(lock);
262 return -EADDRNOTAVAIL;
263}
264
265static u32 inet6_sk_port_offset(const struct sock *sk)
266{
267 const struct inet_sock *inet = inet_sk(sk);
268
269 return secure_ipv6_port_ephemeral(sk->sk_v6_rcv_saddr.s6_addr32,
270 sk->sk_v6_daddr.s6_addr32,
271 inet->inet_dport);
272}
273
274int inet6_hash_connect(struct inet_timewait_death_row *death_row,
275 struct sock *sk)
276{
277 u32 port_offset = 0;
278
279 if (!inet_sk(sk)->inet_num)
280 port_offset = inet6_sk_port_offset(sk);
281 return __inet_hash_connect(death_row, sk, port_offset,
282 __inet6_check_established);
283}
284EXPORT_SYMBOL_GPL(inet6_hash_connect);
285
286int inet6_hash(struct sock *sk)
287{
288 int err = 0;
289
290 if (sk->sk_state != TCP_CLOSE) {
291 local_bh_disable();
292 err = __inet_hash(sk, NULL);
293 local_bh_enable();
294 }
295
296 return err;
297}
298EXPORT_SYMBOL_GPL(inet6_hash);