net: packet socket packet_lookup_frame fix
[linux-2.6.git] / net / packet / af_packet.c
1 /*
2  * INET         An implementation of the TCP/IP protocol suite for the LINUX
3  *              operating system.  INET is implemented using the  BSD Socket
4  *              interface as the means of communication with the user level.
5  *
6  *              PACKET - implements raw packet sockets.
7  *
8  * Authors:     Ross Biro
9  *              Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
10  *              Alan Cox, <gw4pts@gw4pts.ampr.org>
11  *
12  * Fixes:
13  *              Alan Cox        :       verify_area() now used correctly
14  *              Alan Cox        :       new skbuff lists, look ma no backlogs!
15  *              Alan Cox        :       tidied skbuff lists.
16  *              Alan Cox        :       Now uses generic datagram routines I
17  *                                      added. Also fixed the peek/read crash
18  *                                      from all old Linux datagram code.
19  *              Alan Cox        :       Uses the improved datagram code.
20  *              Alan Cox        :       Added NULL's for socket options.
21  *              Alan Cox        :       Re-commented the code.
22  *              Alan Cox        :       Use new kernel side addressing
23  *              Rob Janssen     :       Correct MTU usage.
24  *              Dave Platt      :       Counter leaks caused by incorrect
25  *                                      interrupt locking and some slightly
26  *                                      dubious gcc output. Can you read
27  *                                      compiler: it said _VOLATILE_
28  *      Richard Kooijman        :       Timestamp fixes.
29  *              Alan Cox        :       New buffers. Use sk->mac.raw.
30  *              Alan Cox        :       sendmsg/recvmsg support.
31  *              Alan Cox        :       Protocol setting support
32  *      Alexey Kuznetsov        :       Untied from IPv4 stack.
33  *      Cyrus Durgin            :       Fixed kerneld for kmod.
34  *      Michal Ostrowski        :       Module initialization cleanup.
35  *         Ulises Alonso        :       Frame number limit removal and
36  *                                      packet_set_ring memory leak.
37  *              Eric Biederman  :       Allow for > 8 byte hardware addresses.
38  *                                      The convention is that longer addresses
39  *                                      will simply extend the hardware address
40  *                                      byte arrays at the end of sockaddr_ll
41  *                                      and packet_mreq.
42  *
43  *              This program is free software; you can redistribute it and/or
44  *              modify it under the terms of the GNU General Public License
45  *              as published by the Free Software Foundation; either version
46  *              2 of the License, or (at your option) any later version.
47  *
48  */
49
50 #include <linux/types.h>
51 #include <linux/mm.h>
52 #include <linux/capability.h>
53 #include <linux/fcntl.h>
54 #include <linux/socket.h>
55 #include <linux/in.h>
56 #include <linux/inet.h>
57 #include <linux/netdevice.h>
58 #include <linux/if_packet.h>
59 #include <linux/wireless.h>
60 #include <linux/kernel.h>
61 #include <linux/kmod.h>
62 #include <net/net_namespace.h>
63 #include <net/ip.h>
64 #include <net/protocol.h>
65 #include <linux/skbuff.h>
66 #include <net/sock.h>
67 #include <linux/errno.h>
68 #include <linux/timer.h>
69 #include <asm/system.h>
70 #include <asm/uaccess.h>
71 #include <asm/ioctls.h>
72 #include <asm/page.h>
73 #include <asm/cacheflush.h>
74 #include <asm/io.h>
75 #include <linux/proc_fs.h>
76 #include <linux/seq_file.h>
77 #include <linux/poll.h>
78 #include <linux/module.h>
79 #include <linux/init.h>
80 #include <linux/mutex.h>
81
82 #ifdef CONFIG_INET
83 #include <net/inet_common.h>
84 #endif
85
86 /*
87    Assumptions:
88    - if device has no dev->hard_header routine, it adds and removes ll header
89      inside itself. In this case ll header is invisible outside of device,
90      but higher levels still should reserve dev->hard_header_len.
91      Some devices are enough clever to reallocate skb, when header
92      will not fit to reserved space (tunnel), another ones are silly
93      (PPP).
94    - packet socket receives packets with pulled ll header,
95      so that SOCK_RAW should push it back.
96
97 On receive:
98 -----------
99
100 Incoming, dev->hard_header!=NULL
101    mac_header -> ll header
102    data       -> data
103
104 Outgoing, dev->hard_header!=NULL
105    mac_header -> ll header
106    data       -> ll header
107
108 Incoming, dev->hard_header==NULL
109    mac_header -> UNKNOWN position. It is very likely, that it points to ll
110                  header.  PPP makes it, that is wrong, because introduce
111                  assymetry between rx and tx paths.
112    data       -> data
113
114 Outgoing, dev->hard_header==NULL
115    mac_header -> data. ll header is still not built!
116    data       -> data
117
118 Resume
119   If dev->hard_header==NULL we are unlikely to restore sensible ll header.
120
121
122 On transmit:
123 ------------
124
125 dev->hard_header != NULL
126    mac_header -> ll header
127    data       -> ll header
128
129 dev->hard_header == NULL (ll header is added by device, we cannot control it)
130    mac_header -> data
131    data       -> data
132
133    We should set nh.raw on output to correct posistion,
134    packet classifier depends on it.
135  */
136
137 /* Private packet socket structures. */
138
139 struct packet_mclist
140 {
141         struct packet_mclist    *next;
142         int                     ifindex;
143         int                     count;
144         unsigned short          type;
145         unsigned short          alen;
146         unsigned char           addr[MAX_ADDR_LEN];
147 };
148 /* identical to struct packet_mreq except it has
149  * a longer address field.
150  */
151 struct packet_mreq_max
152 {
153         int             mr_ifindex;
154         unsigned short  mr_type;
155         unsigned short  mr_alen;
156         unsigned char   mr_address[MAX_ADDR_LEN];
157 };
158
159 #ifdef CONFIG_PACKET_MMAP
160 static int packet_set_ring(struct sock *sk, struct tpacket_req *req, int closing);
161 #endif
162
163 static void packet_flush_mclist(struct sock *sk);
164
165 struct packet_sock {
166         /* struct sock has to be the first member of packet_sock */
167         struct sock             sk;
168         struct tpacket_stats    stats;
169 #ifdef CONFIG_PACKET_MMAP
170         char *                  *pg_vec;
171         unsigned int            head;
172         unsigned int            frames_per_block;
173         unsigned int            frame_size;
174         unsigned int            frame_max;
175         int                     copy_thresh;
176 #endif
177         struct packet_type      prot_hook;
178         spinlock_t              bind_lock;
179         struct mutex            pg_vec_lock;
180         unsigned int            running:1,      /* prot_hook is attached*/
181                                 auxdata:1,
182                                 origdev:1;
183         int                     ifindex;        /* bound device         */
184         __be16                  num;
185         struct packet_mclist    *mclist;
186 #ifdef CONFIG_PACKET_MMAP
187         atomic_t                mapped;
188         unsigned int            pg_vec_order;
189         unsigned int            pg_vec_pages;
190         unsigned int            pg_vec_len;
191         enum tpacket_versions   tp_version;
192         unsigned int            tp_hdrlen;
193         unsigned int            tp_reserve;
194 #endif
195 };
196
197 struct packet_skb_cb {
198         unsigned int origlen;
199         union {
200                 struct sockaddr_pkt pkt;
201                 struct sockaddr_ll ll;
202         } sa;
203 };
204
205 #define PACKET_SKB_CB(__skb)    ((struct packet_skb_cb *)((__skb)->cb))
206
207 #ifdef CONFIG_PACKET_MMAP
208
209 static void *packet_lookup_frame(struct packet_sock *po, unsigned int position,
210                                  int status)
211 {
212         unsigned int pg_vec_pos, frame_offset;
213         union {
214                 struct tpacket_hdr *h1;
215                 struct tpacket2_hdr *h2;
216                 void *raw;
217         } h;
218
219         pg_vec_pos = position / po->frames_per_block;
220         frame_offset = position % po->frames_per_block;
221
222         h.raw = po->pg_vec[pg_vec_pos] + (frame_offset * po->frame_size);
223         switch (po->tp_version) {
224         case TPACKET_V1:
225                 if (status != (h.h1->tp_status ? TP_STATUS_USER :
226                                                 TP_STATUS_KERNEL))
227                         return NULL;
228                 break;
229         case TPACKET_V2:
230                 if (status != (h.h2->tp_status ? TP_STATUS_USER :
231                                                 TP_STATUS_KERNEL))
232                         return NULL;
233                 break;
234         }
235         return h.raw;
236 }
237
238 static void __packet_set_status(struct packet_sock *po, void *frame, int status)
239 {
240         union {
241                 struct tpacket_hdr *h1;
242                 struct tpacket2_hdr *h2;
243                 void *raw;
244         } h;
245
246         h.raw = frame;
247         switch (po->tp_version) {
248         case TPACKET_V1:
249                 h.h1->tp_status = status;
250                 break;
251         case TPACKET_V2:
252                 h.h2->tp_status = status;
253                 break;
254         }
255 }
256 #endif
257
258 static inline struct packet_sock *pkt_sk(struct sock *sk)
259 {
260         return (struct packet_sock *)sk;
261 }
262
263 static void packet_sock_destruct(struct sock *sk)
264 {
265         WARN_ON(atomic_read(&sk->sk_rmem_alloc));
266         WARN_ON(atomic_read(&sk->sk_wmem_alloc));
267
268         if (!sock_flag(sk, SOCK_DEAD)) {
269                 printk("Attempt to release alive packet socket: %p\n", sk);
270                 return;
271         }
272
273         sk_refcnt_debug_dec(sk);
274 }
275
276
277 static const struct proto_ops packet_ops;
278
279 static const struct proto_ops packet_ops_spkt;
280
281 static int packet_rcv_spkt(struct sk_buff *skb, struct net_device *dev,  struct packet_type *pt, struct net_device *orig_dev)
282 {
283         struct sock *sk;
284         struct sockaddr_pkt *spkt;
285
286         /*
287          *      When we registered the protocol we saved the socket in the data
288          *      field for just this event.
289          */
290
291         sk = pt->af_packet_priv;
292
293         /*
294          *      Yank back the headers [hope the device set this
295          *      right or kerboom...]
296          *
297          *      Incoming packets have ll header pulled,
298          *      push it back.
299          *
300          *      For outgoing ones skb->data == skb_mac_header(skb)
301          *      so that this procedure is noop.
302          */
303
304         if (skb->pkt_type == PACKET_LOOPBACK)
305                 goto out;
306
307         if (dev_net(dev) != sock_net(sk))
308                 goto out;
309
310         if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL)
311                 goto oom;
312
313         /* drop any routing info */
314         dst_release(skb->dst);
315         skb->dst = NULL;
316
317         /* drop conntrack reference */
318         nf_reset(skb);
319
320         spkt = &PACKET_SKB_CB(skb)->sa.pkt;
321
322         skb_push(skb, skb->data - skb_mac_header(skb));
323
324         /*
325          *      The SOCK_PACKET socket receives _all_ frames.
326          */
327
328         spkt->spkt_family = dev->type;
329         strlcpy(spkt->spkt_device, dev->name, sizeof(spkt->spkt_device));
330         spkt->spkt_protocol = skb->protocol;
331
332         /*
333          *      Charge the memory to the socket. This is done specifically
334          *      to prevent sockets using all the memory up.
335          */
336
337         if (sock_queue_rcv_skb(sk,skb) == 0)
338                 return 0;
339
340 out:
341         kfree_skb(skb);
342 oom:
343         return 0;
344 }
345
346
347 /*
348  *      Output a raw packet to a device layer. This bypasses all the other
349  *      protocol layers and you must therefore supply it with a complete frame
350  */
351
352 static int packet_sendmsg_spkt(struct kiocb *iocb, struct socket *sock,
353                                struct msghdr *msg, size_t len)
354 {
355         struct sock *sk = sock->sk;
356         struct sockaddr_pkt *saddr=(struct sockaddr_pkt *)msg->msg_name;
357         struct sk_buff *skb;
358         struct net_device *dev;
359         __be16 proto=0;
360         int err;
361
362         /*
363          *      Get and verify the address.
364          */
365
366         if (saddr)
367         {
368                 if (msg->msg_namelen < sizeof(struct sockaddr))
369                         return(-EINVAL);
370                 if (msg->msg_namelen==sizeof(struct sockaddr_pkt))
371                         proto=saddr->spkt_protocol;
372         }
373         else
374                 return(-ENOTCONN);      /* SOCK_PACKET must be sent giving an address */
375
376         /*
377          *      Find the device first to size check it
378          */
379
380         saddr->spkt_device[13] = 0;
381         dev = dev_get_by_name(sock_net(sk), saddr->spkt_device);
382         err = -ENODEV;
383         if (dev == NULL)
384                 goto out_unlock;
385
386         err = -ENETDOWN;
387         if (!(dev->flags & IFF_UP))
388                 goto out_unlock;
389
390         /*
391          *      You may not queue a frame bigger than the mtu. This is the lowest level
392          *      raw protocol and you must do your own fragmentation at this level.
393          */
394
395         err = -EMSGSIZE;
396         if (len > dev->mtu + dev->hard_header_len)
397                 goto out_unlock;
398
399         err = -ENOBUFS;
400         skb = sock_wmalloc(sk, len + LL_RESERVED_SPACE(dev), 0, GFP_KERNEL);
401
402         /*
403          *      If the write buffer is full, then tough. At this level the user gets to
404          *      deal with the problem - do your own algorithmic backoffs. That's far
405          *      more flexible.
406          */
407
408         if (skb == NULL)
409                 goto out_unlock;
410
411         /*
412          *      Fill it in
413          */
414
415         /* FIXME: Save some space for broken drivers that write a
416          * hard header at transmission time by themselves. PPP is the
417          * notable one here. This should really be fixed at the driver level.
418          */
419         skb_reserve(skb, LL_RESERVED_SPACE(dev));
420         skb_reset_network_header(skb);
421
422         /* Try to align data part correctly */
423         if (dev->header_ops) {
424                 skb->data -= dev->hard_header_len;
425                 skb->tail -= dev->hard_header_len;
426                 if (len < dev->hard_header_len)
427                         skb_reset_network_header(skb);
428         }
429
430         /* Returns -EFAULT on error */
431         err = memcpy_fromiovec(skb_put(skb,len), msg->msg_iov, len);
432         skb->protocol = proto;
433         skb->dev = dev;
434         skb->priority = sk->sk_priority;
435         if (err)
436                 goto out_free;
437
438         /*
439          *      Now send it
440          */
441
442         dev_queue_xmit(skb);
443         dev_put(dev);
444         return(len);
445
446 out_free:
447         kfree_skb(skb);
448 out_unlock:
449         if (dev)
450                 dev_put(dev);
451         return err;
452 }
453
454 static inline unsigned int run_filter(struct sk_buff *skb, struct sock *sk,
455                                       unsigned int res)
456 {
457         struct sk_filter *filter;
458
459         rcu_read_lock_bh();
460         filter = rcu_dereference(sk->sk_filter);
461         if (filter != NULL)
462                 res = sk_run_filter(skb, filter->insns, filter->len);
463         rcu_read_unlock_bh();
464
465         return res;
466 }
467
468 /*
469    This function makes lazy skb cloning in hope that most of packets
470    are discarded by BPF.
471
472    Note tricky part: we DO mangle shared skb! skb->data, skb->len
473    and skb->cb are mangled. It works because (and until) packets
474    falling here are owned by current CPU. Output packets are cloned
475    by dev_queue_xmit_nit(), input packets are processed by net_bh
476    sequencially, so that if we return skb to original state on exit,
477    we will not harm anyone.
478  */
479
480 static int packet_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt, struct net_device *orig_dev)
481 {
482         struct sock *sk;
483         struct sockaddr_ll *sll;
484         struct packet_sock *po;
485         u8 * skb_head = skb->data;
486         int skb_len = skb->len;
487         unsigned int snaplen, res;
488
489         if (skb->pkt_type == PACKET_LOOPBACK)
490                 goto drop;
491
492         sk = pt->af_packet_priv;
493         po = pkt_sk(sk);
494
495         if (dev_net(dev) != sock_net(sk))
496                 goto drop;
497
498         skb->dev = dev;
499
500         if (dev->header_ops) {
501                 /* The device has an explicit notion of ll header,
502                    exported to higher levels.
503
504                    Otherwise, the device hides datails of it frame
505                    structure, so that corresponding packet head
506                    never delivered to user.
507                  */
508                 if (sk->sk_type != SOCK_DGRAM)
509                         skb_push(skb, skb->data - skb_mac_header(skb));
510                 else if (skb->pkt_type == PACKET_OUTGOING) {
511                         /* Special case: outgoing packets have ll header at head */
512                         skb_pull(skb, skb_network_offset(skb));
513                 }
514         }
515
516         snaplen = skb->len;
517
518         res = run_filter(skb, sk, snaplen);
519         if (!res)
520                 goto drop_n_restore;
521         if (snaplen > res)
522                 snaplen = res;
523
524         if (atomic_read(&sk->sk_rmem_alloc) + skb->truesize >=
525             (unsigned)sk->sk_rcvbuf)
526                 goto drop_n_acct;
527
528         if (skb_shared(skb)) {
529                 struct sk_buff *nskb = skb_clone(skb, GFP_ATOMIC);
530                 if (nskb == NULL)
531                         goto drop_n_acct;
532
533                 if (skb_head != skb->data) {
534                         skb->data = skb_head;
535                         skb->len = skb_len;
536                 }
537                 kfree_skb(skb);
538                 skb = nskb;
539         }
540
541         BUILD_BUG_ON(sizeof(*PACKET_SKB_CB(skb)) + MAX_ADDR_LEN - 8 >
542                      sizeof(skb->cb));
543
544         sll = &PACKET_SKB_CB(skb)->sa.ll;
545         sll->sll_family = AF_PACKET;
546         sll->sll_hatype = dev->type;
547         sll->sll_protocol = skb->protocol;
548         sll->sll_pkttype = skb->pkt_type;
549         if (unlikely(po->origdev))
550                 sll->sll_ifindex = orig_dev->ifindex;
551         else
552                 sll->sll_ifindex = dev->ifindex;
553
554         sll->sll_halen = dev_parse_header(skb, sll->sll_addr);
555
556         PACKET_SKB_CB(skb)->origlen = skb->len;
557
558         if (pskb_trim(skb, snaplen))
559                 goto drop_n_acct;
560
561         skb_set_owner_r(skb, sk);
562         skb->dev = NULL;
563         dst_release(skb->dst);
564         skb->dst = NULL;
565
566         /* drop conntrack reference */
567         nf_reset(skb);
568
569         spin_lock(&sk->sk_receive_queue.lock);
570         po->stats.tp_packets++;
571         __skb_queue_tail(&sk->sk_receive_queue, skb);
572         spin_unlock(&sk->sk_receive_queue.lock);
573         sk->sk_data_ready(sk, skb->len);
574         return 0;
575
576 drop_n_acct:
577         spin_lock(&sk->sk_receive_queue.lock);
578         po->stats.tp_drops++;
579         spin_unlock(&sk->sk_receive_queue.lock);
580
581 drop_n_restore:
582         if (skb_head != skb->data && skb_shared(skb)) {
583                 skb->data = skb_head;
584                 skb->len = skb_len;
585         }
586 drop:
587         kfree_skb(skb);
588         return 0;
589 }
590
591 #ifdef CONFIG_PACKET_MMAP
592 static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt, struct net_device *orig_dev)
593 {
594         struct sock *sk;
595         struct packet_sock *po;
596         struct sockaddr_ll *sll;
597         union {
598                 struct tpacket_hdr *h1;
599                 struct tpacket2_hdr *h2;
600                 void *raw;
601         } h;
602         u8 * skb_head = skb->data;
603         int skb_len = skb->len;
604         unsigned int snaplen, res;
605         unsigned long status = TP_STATUS_LOSING|TP_STATUS_USER;
606         unsigned short macoff, netoff, hdrlen;
607         struct sk_buff *copy_skb = NULL;
608         struct timeval tv;
609         struct timespec ts;
610
611         if (skb->pkt_type == PACKET_LOOPBACK)
612                 goto drop;
613
614         sk = pt->af_packet_priv;
615         po = pkt_sk(sk);
616
617         if (dev_net(dev) != sock_net(sk))
618                 goto drop;
619
620         if (dev->header_ops) {
621                 if (sk->sk_type != SOCK_DGRAM)
622                         skb_push(skb, skb->data - skb_mac_header(skb));
623                 else if (skb->pkt_type == PACKET_OUTGOING) {
624                         /* Special case: outgoing packets have ll header at head */
625                         skb_pull(skb, skb_network_offset(skb));
626                 }
627         }
628
629         if (skb->ip_summed == CHECKSUM_PARTIAL)
630                 status |= TP_STATUS_CSUMNOTREADY;
631
632         snaplen = skb->len;
633
634         res = run_filter(skb, sk, snaplen);
635         if (!res)
636                 goto drop_n_restore;
637         if (snaplen > res)
638                 snaplen = res;
639
640         if (sk->sk_type == SOCK_DGRAM) {
641                 macoff = netoff = TPACKET_ALIGN(po->tp_hdrlen) + 16 +
642                                   po->tp_reserve;
643         } else {
644                 unsigned maclen = skb_network_offset(skb);
645                 netoff = TPACKET_ALIGN(po->tp_hdrlen +
646                                        (maclen < 16 ? 16 : maclen)) +
647                         po->tp_reserve;
648                 macoff = netoff - maclen;
649         }
650
651         if (macoff + snaplen > po->frame_size) {
652                 if (po->copy_thresh &&
653                     atomic_read(&sk->sk_rmem_alloc) + skb->truesize <
654                     (unsigned)sk->sk_rcvbuf) {
655                         if (skb_shared(skb)) {
656                                 copy_skb = skb_clone(skb, GFP_ATOMIC);
657                         } else {
658                                 copy_skb = skb_get(skb);
659                                 skb_head = skb->data;
660                         }
661                         if (copy_skb)
662                                 skb_set_owner_r(copy_skb, sk);
663                 }
664                 snaplen = po->frame_size - macoff;
665                 if ((int)snaplen < 0)
666                         snaplen = 0;
667         }
668
669         spin_lock(&sk->sk_receive_queue.lock);
670         h.raw = packet_lookup_frame(po, po->head, TP_STATUS_KERNEL);
671         if (!h.raw)
672                 goto ring_is_full;
673         po->head = po->head != po->frame_max ? po->head+1 : 0;
674         po->stats.tp_packets++;
675         if (copy_skb) {
676                 status |= TP_STATUS_COPY;
677                 __skb_queue_tail(&sk->sk_receive_queue, copy_skb);
678         }
679         if (!po->stats.tp_drops)
680                 status &= ~TP_STATUS_LOSING;
681         spin_unlock(&sk->sk_receive_queue.lock);
682
683         skb_copy_bits(skb, 0, h.raw + macoff, snaplen);
684
685         switch (po->tp_version) {
686         case TPACKET_V1:
687                 h.h1->tp_len = skb->len;
688                 h.h1->tp_snaplen = snaplen;
689                 h.h1->tp_mac = macoff;
690                 h.h1->tp_net = netoff;
691                 if (skb->tstamp.tv64)
692                         tv = ktime_to_timeval(skb->tstamp);
693                 else
694                         do_gettimeofday(&tv);
695                 h.h1->tp_sec = tv.tv_sec;
696                 h.h1->tp_usec = tv.tv_usec;
697                 hdrlen = sizeof(*h.h1);
698                 break;
699         case TPACKET_V2:
700                 h.h2->tp_len = skb->len;
701                 h.h2->tp_snaplen = snaplen;
702                 h.h2->tp_mac = macoff;
703                 h.h2->tp_net = netoff;
704                 if (skb->tstamp.tv64)
705                         ts = ktime_to_timespec(skb->tstamp);
706                 else
707                         getnstimeofday(&ts);
708                 h.h2->tp_sec = ts.tv_sec;
709                 h.h2->tp_nsec = ts.tv_nsec;
710                 h.h2->tp_vlan_tci = skb->vlan_tci;
711                 hdrlen = sizeof(*h.h2);
712                 break;
713         default:
714                 BUG();
715         }
716
717         sll = h.raw + TPACKET_ALIGN(hdrlen);
718         sll->sll_halen = dev_parse_header(skb, sll->sll_addr);
719         sll->sll_family = AF_PACKET;
720         sll->sll_hatype = dev->type;
721         sll->sll_protocol = skb->protocol;
722         sll->sll_pkttype = skb->pkt_type;
723         if (unlikely(po->origdev))
724                 sll->sll_ifindex = orig_dev->ifindex;
725         else
726                 sll->sll_ifindex = dev->ifindex;
727
728         __packet_set_status(po, h.raw, status);
729         smp_mb();
730
731         {
732                 struct page *p_start, *p_end;
733                 u8 *h_end = h.raw + macoff + snaplen - 1;
734
735                 p_start = virt_to_page(h.raw);
736                 p_end = virt_to_page(h_end);
737                 while (p_start <= p_end) {
738                         flush_dcache_page(p_start);
739                         p_start++;
740                 }
741         }
742
743         sk->sk_data_ready(sk, 0);
744
745 drop_n_restore:
746         if (skb_head != skb->data && skb_shared(skb)) {
747                 skb->data = skb_head;
748                 skb->len = skb_len;
749         }
750 drop:
751         kfree_skb(skb);
752         return 0;
753
754 ring_is_full:
755         po->stats.tp_drops++;
756         spin_unlock(&sk->sk_receive_queue.lock);
757
758         sk->sk_data_ready(sk, 0);
759         if (copy_skb)
760                 kfree_skb(copy_skb);
761         goto drop_n_restore;
762 }
763
764 #endif
765
766
767 static int packet_sendmsg(struct kiocb *iocb, struct socket *sock,
768                           struct msghdr *msg, size_t len)
769 {
770         struct sock *sk = sock->sk;
771         struct sockaddr_ll *saddr=(struct sockaddr_ll *)msg->msg_name;
772         struct sk_buff *skb;
773         struct net_device *dev;
774         __be16 proto;
775         unsigned char *addr;
776         int ifindex, err, reserve = 0;
777
778         /*
779          *      Get and verify the address.
780          */
781
782         if (saddr == NULL) {
783                 struct packet_sock *po = pkt_sk(sk);
784
785                 ifindex = po->ifindex;
786                 proto   = po->num;
787                 addr    = NULL;
788         } else {
789                 err = -EINVAL;
790                 if (msg->msg_namelen < sizeof(struct sockaddr_ll))
791                         goto out;
792                 if (msg->msg_namelen < (saddr->sll_halen + offsetof(struct sockaddr_ll, sll_addr)))
793                         goto out;
794                 ifindex = saddr->sll_ifindex;
795                 proto   = saddr->sll_protocol;
796                 addr    = saddr->sll_addr;
797         }
798
799
800         dev = dev_get_by_index(sock_net(sk), ifindex);
801         err = -ENXIO;
802         if (dev == NULL)
803                 goto out_unlock;
804         if (sock->type == SOCK_RAW)
805                 reserve = dev->hard_header_len;
806
807         err = -ENETDOWN;
808         if (!(dev->flags & IFF_UP))
809                 goto out_unlock;
810
811         err = -EMSGSIZE;
812         if (len > dev->mtu+reserve)
813                 goto out_unlock;
814
815         skb = sock_alloc_send_skb(sk, len + LL_ALLOCATED_SPACE(dev),
816                                 msg->msg_flags & MSG_DONTWAIT, &err);
817         if (skb==NULL)
818                 goto out_unlock;
819
820         skb_reserve(skb, LL_RESERVED_SPACE(dev));
821         skb_reset_network_header(skb);
822
823         err = -EINVAL;
824         if (sock->type == SOCK_DGRAM &&
825             dev_hard_header(skb, dev, ntohs(proto), addr, NULL, len) < 0)
826                 goto out_free;
827
828         /* Returns -EFAULT on error */
829         err = memcpy_fromiovec(skb_put(skb,len), msg->msg_iov, len);
830         if (err)
831                 goto out_free;
832
833         skb->protocol = proto;
834         skb->dev = dev;
835         skb->priority = sk->sk_priority;
836
837         /*
838          *      Now send it
839          */
840
841         err = dev_queue_xmit(skb);
842         if (err > 0 && (err = net_xmit_errno(err)) != 0)
843                 goto out_unlock;
844
845         dev_put(dev);
846
847         return(len);
848
849 out_free:
850         kfree_skb(skb);
851 out_unlock:
852         if (dev)
853                 dev_put(dev);
854 out:
855         return err;
856 }
857
858 /*
859  *      Close a PACKET socket. This is fairly simple. We immediately go
860  *      to 'closed' state and remove our protocol entry in the device list.
861  */
862
863 static int packet_release(struct socket *sock)
864 {
865         struct sock *sk = sock->sk;
866         struct packet_sock *po;
867         struct net *net;
868
869         if (!sk)
870                 return 0;
871
872         net = sock_net(sk);
873         po = pkt_sk(sk);
874
875         write_lock_bh(&net->packet.sklist_lock);
876         sk_del_node_init(sk);
877         sock_prot_inuse_add(net, sk->sk_prot, -1);
878         write_unlock_bh(&net->packet.sklist_lock);
879
880         /*
881          *      Unhook packet receive handler.
882          */
883
884         if (po->running) {
885                 /*
886                  *      Remove the protocol hook
887                  */
888                 dev_remove_pack(&po->prot_hook);
889                 po->running = 0;
890                 po->num = 0;
891                 __sock_put(sk);
892         }
893
894         packet_flush_mclist(sk);
895
896 #ifdef CONFIG_PACKET_MMAP
897         if (po->pg_vec) {
898                 struct tpacket_req req;
899                 memset(&req, 0, sizeof(req));
900                 packet_set_ring(sk, &req, 1);
901         }
902 #endif
903
904         /*
905          *      Now the socket is dead. No more input will appear.
906          */
907
908         sock_orphan(sk);
909         sock->sk = NULL;
910
911         /* Purge queues */
912
913         skb_queue_purge(&sk->sk_receive_queue);
914         sk_refcnt_debug_release(sk);
915
916         sock_put(sk);
917         return 0;
918 }
919
920 /*
921  *      Attach a packet hook.
922  */
923
924 static int packet_do_bind(struct sock *sk, struct net_device *dev, __be16 protocol)
925 {
926         struct packet_sock *po = pkt_sk(sk);
927         /*
928          *      Detach an existing hook if present.
929          */
930
931         lock_sock(sk);
932
933         spin_lock(&po->bind_lock);
934         if (po->running) {
935                 __sock_put(sk);
936                 po->running = 0;
937                 po->num = 0;
938                 spin_unlock(&po->bind_lock);
939                 dev_remove_pack(&po->prot_hook);
940                 spin_lock(&po->bind_lock);
941         }
942
943         po->num = protocol;
944         po->prot_hook.type = protocol;
945         po->prot_hook.dev = dev;
946
947         po->ifindex = dev ? dev->ifindex : 0;
948
949         if (protocol == 0)
950                 goto out_unlock;
951
952         if (!dev || (dev->flags & IFF_UP)) {
953                 dev_add_pack(&po->prot_hook);
954                 sock_hold(sk);
955                 po->running = 1;
956         } else {
957                 sk->sk_err = ENETDOWN;
958                 if (!sock_flag(sk, SOCK_DEAD))
959                         sk->sk_error_report(sk);
960         }
961
962 out_unlock:
963         spin_unlock(&po->bind_lock);
964         release_sock(sk);
965         return 0;
966 }
967
968 /*
969  *      Bind a packet socket to a device
970  */
971
972 static int packet_bind_spkt(struct socket *sock, struct sockaddr *uaddr, int addr_len)
973 {
974         struct sock *sk=sock->sk;
975         char name[15];
976         struct net_device *dev;
977         int err = -ENODEV;
978
979         /*
980          *      Check legality
981          */
982
983         if (addr_len != sizeof(struct sockaddr))
984                 return -EINVAL;
985         strlcpy(name,uaddr->sa_data,sizeof(name));
986
987         dev = dev_get_by_name(sock_net(sk), name);
988         if (dev) {
989                 err = packet_do_bind(sk, dev, pkt_sk(sk)->num);
990                 dev_put(dev);
991         }
992         return err;
993 }
994
995 static int packet_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
996 {
997         struct sockaddr_ll *sll = (struct sockaddr_ll*)uaddr;
998         struct sock *sk=sock->sk;
999         struct net_device *dev = NULL;
1000         int err;
1001
1002
1003         /*
1004          *      Check legality
1005          */
1006
1007         if (addr_len < sizeof(struct sockaddr_ll))
1008                 return -EINVAL;
1009         if (sll->sll_family != AF_PACKET)
1010                 return -EINVAL;
1011
1012         if (sll->sll_ifindex) {
1013                 err = -ENODEV;
1014                 dev = dev_get_by_index(sock_net(sk), sll->sll_ifindex);
1015                 if (dev == NULL)
1016                         goto out;
1017         }
1018         err = packet_do_bind(sk, dev, sll->sll_protocol ? : pkt_sk(sk)->num);
1019         if (dev)
1020                 dev_put(dev);
1021
1022 out:
1023         return err;
1024 }
1025
1026 static struct proto packet_proto = {
1027         .name     = "PACKET",
1028         .owner    = THIS_MODULE,
1029         .obj_size = sizeof(struct packet_sock),
1030 };
1031
1032 /*
1033  *      Create a packet of type SOCK_PACKET.
1034  */
1035
1036 static int packet_create(struct net *net, struct socket *sock, int protocol)
1037 {
1038         struct sock *sk;
1039         struct packet_sock *po;
1040         __be16 proto = (__force __be16)protocol; /* weird, but documented */
1041         int err;
1042
1043         if (!capable(CAP_NET_RAW))
1044                 return -EPERM;
1045         if (sock->type != SOCK_DGRAM && sock->type != SOCK_RAW &&
1046             sock->type != SOCK_PACKET)
1047                 return -ESOCKTNOSUPPORT;
1048
1049         sock->state = SS_UNCONNECTED;
1050
1051         err = -ENOBUFS;
1052         sk = sk_alloc(net, PF_PACKET, GFP_KERNEL, &packet_proto);
1053         if (sk == NULL)
1054                 goto out;
1055
1056         sock->ops = &packet_ops;
1057         if (sock->type == SOCK_PACKET)
1058                 sock->ops = &packet_ops_spkt;
1059
1060         sock_init_data(sock, sk);
1061
1062         po = pkt_sk(sk);
1063         sk->sk_family = PF_PACKET;
1064         po->num = proto;
1065
1066         sk->sk_destruct = packet_sock_destruct;
1067         sk_refcnt_debug_inc(sk);
1068
1069         /*
1070          *      Attach a protocol block
1071          */
1072
1073         spin_lock_init(&po->bind_lock);
1074         mutex_init(&po->pg_vec_lock);
1075         po->prot_hook.func = packet_rcv;
1076
1077         if (sock->type == SOCK_PACKET)
1078                 po->prot_hook.func = packet_rcv_spkt;
1079
1080         po->prot_hook.af_packet_priv = sk;
1081
1082         if (proto) {
1083                 po->prot_hook.type = proto;
1084                 dev_add_pack(&po->prot_hook);
1085                 sock_hold(sk);
1086                 po->running = 1;
1087         }
1088
1089         write_lock_bh(&net->packet.sklist_lock);
1090         sk_add_node(sk, &net->packet.sklist);
1091         sock_prot_inuse_add(net, &packet_proto, 1);
1092         write_unlock_bh(&net->packet.sklist_lock);
1093         return(0);
1094 out:
1095         return err;
1096 }
1097
1098 /*
1099  *      Pull a packet from our receive queue and hand it to the user.
1100  *      If necessary we block.
1101  */
1102
1103 static int packet_recvmsg(struct kiocb *iocb, struct socket *sock,
1104                           struct msghdr *msg, size_t len, int flags)
1105 {
1106         struct sock *sk = sock->sk;
1107         struct sk_buff *skb;
1108         int copied, err;
1109         struct sockaddr_ll *sll;
1110
1111         err = -EINVAL;
1112         if (flags & ~(MSG_PEEK|MSG_DONTWAIT|MSG_TRUNC|MSG_CMSG_COMPAT))
1113                 goto out;
1114
1115 #if 0
1116         /* What error should we return now? EUNATTACH? */
1117         if (pkt_sk(sk)->ifindex < 0)
1118                 return -ENODEV;
1119 #endif
1120
1121         /*
1122          *      Call the generic datagram receiver. This handles all sorts
1123          *      of horrible races and re-entrancy so we can forget about it
1124          *      in the protocol layers.
1125          *
1126          *      Now it will return ENETDOWN, if device have just gone down,
1127          *      but then it will block.
1128          */
1129
1130         skb=skb_recv_datagram(sk,flags,flags&MSG_DONTWAIT,&err);
1131
1132         /*
1133          *      An error occurred so return it. Because skb_recv_datagram()
1134          *      handles the blocking we don't see and worry about blocking
1135          *      retries.
1136          */
1137
1138         if (skb == NULL)
1139                 goto out;
1140
1141         /*
1142          *      If the address length field is there to be filled in, we fill
1143          *      it in now.
1144          */
1145
1146         sll = &PACKET_SKB_CB(skb)->sa.ll;
1147         if (sock->type == SOCK_PACKET)
1148                 msg->msg_namelen = sizeof(struct sockaddr_pkt);
1149         else
1150                 msg->msg_namelen = sll->sll_halen + offsetof(struct sockaddr_ll, sll_addr);
1151
1152         /*
1153          *      You lose any data beyond the buffer you gave. If it worries a
1154          *      user program they can ask the device for its MTU anyway.
1155          */
1156
1157         copied = skb->len;
1158         if (copied > len)
1159         {
1160                 copied=len;
1161                 msg->msg_flags|=MSG_TRUNC;
1162         }
1163
1164         err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
1165         if (err)
1166                 goto out_free;
1167
1168         sock_recv_timestamp(msg, sk, skb);
1169
1170         if (msg->msg_name)
1171                 memcpy(msg->msg_name, &PACKET_SKB_CB(skb)->sa,
1172                        msg->msg_namelen);
1173
1174         if (pkt_sk(sk)->auxdata) {
1175                 struct tpacket_auxdata aux;
1176
1177                 aux.tp_status = TP_STATUS_USER;
1178                 if (skb->ip_summed == CHECKSUM_PARTIAL)
1179                         aux.tp_status |= TP_STATUS_CSUMNOTREADY;
1180                 aux.tp_len = PACKET_SKB_CB(skb)->origlen;
1181                 aux.tp_snaplen = skb->len;
1182                 aux.tp_mac = 0;
1183                 aux.tp_net = skb_network_offset(skb);
1184                 aux.tp_vlan_tci = skb->vlan_tci;
1185
1186                 put_cmsg(msg, SOL_PACKET, PACKET_AUXDATA, sizeof(aux), &aux);
1187         }
1188
1189         /*
1190          *      Free or return the buffer as appropriate. Again this
1191          *      hides all the races and re-entrancy issues from us.
1192          */
1193         err = (flags&MSG_TRUNC) ? skb->len : copied;
1194
1195 out_free:
1196         skb_free_datagram(sk, skb);
1197 out:
1198         return err;
1199 }
1200
1201 static int packet_getname_spkt(struct socket *sock, struct sockaddr *uaddr,
1202                                int *uaddr_len, int peer)
1203 {
1204         struct net_device *dev;
1205         struct sock *sk = sock->sk;
1206
1207         if (peer)
1208                 return -EOPNOTSUPP;
1209
1210         uaddr->sa_family = AF_PACKET;
1211         dev = dev_get_by_index(sock_net(sk), pkt_sk(sk)->ifindex);
1212         if (dev) {
1213                 strlcpy(uaddr->sa_data, dev->name, 15);
1214                 dev_put(dev);
1215         } else
1216                 memset(uaddr->sa_data, 0, 14);
1217         *uaddr_len = sizeof(*uaddr);
1218
1219         return 0;
1220 }
1221
1222 static int packet_getname(struct socket *sock, struct sockaddr *uaddr,
1223                           int *uaddr_len, int peer)
1224 {
1225         struct net_device *dev;
1226         struct sock *sk = sock->sk;
1227         struct packet_sock *po = pkt_sk(sk);
1228         struct sockaddr_ll *sll = (struct sockaddr_ll*)uaddr;
1229
1230         if (peer)
1231                 return -EOPNOTSUPP;
1232
1233         sll->sll_family = AF_PACKET;
1234         sll->sll_ifindex = po->ifindex;
1235         sll->sll_protocol = po->num;
1236         dev = dev_get_by_index(sock_net(sk), po->ifindex);
1237         if (dev) {
1238                 sll->sll_hatype = dev->type;
1239                 sll->sll_halen = dev->addr_len;
1240                 memcpy(sll->sll_addr, dev->dev_addr, dev->addr_len);
1241                 dev_put(dev);
1242         } else {
1243                 sll->sll_hatype = 0;    /* Bad: we have no ARPHRD_UNSPEC */
1244                 sll->sll_halen = 0;
1245         }
1246         *uaddr_len = offsetof(struct sockaddr_ll, sll_addr) + sll->sll_halen;
1247
1248         return 0;
1249 }
1250
1251 static int packet_dev_mc(struct net_device *dev, struct packet_mclist *i,
1252                          int what)
1253 {
1254         switch (i->type) {
1255         case PACKET_MR_MULTICAST:
1256                 if (what > 0)
1257                         dev_mc_add(dev, i->addr, i->alen, 0);
1258                 else
1259                         dev_mc_delete(dev, i->addr, i->alen, 0);
1260                 break;
1261         case PACKET_MR_PROMISC:
1262                 return dev_set_promiscuity(dev, what);
1263                 break;
1264         case PACKET_MR_ALLMULTI:
1265                 return dev_set_allmulti(dev, what);
1266                 break;
1267         default:;
1268         }
1269         return 0;
1270 }
1271
1272 static void packet_dev_mclist(struct net_device *dev, struct packet_mclist *i, int what)
1273 {
1274         for ( ; i; i=i->next) {
1275                 if (i->ifindex == dev->ifindex)
1276                         packet_dev_mc(dev, i, what);
1277         }
1278 }
1279
1280 static int packet_mc_add(struct sock *sk, struct packet_mreq_max *mreq)
1281 {
1282         struct packet_sock *po = pkt_sk(sk);
1283         struct packet_mclist *ml, *i;
1284         struct net_device *dev;
1285         int err;
1286
1287         rtnl_lock();
1288
1289         err = -ENODEV;
1290         dev = __dev_get_by_index(sock_net(sk), mreq->mr_ifindex);
1291         if (!dev)
1292                 goto done;
1293
1294         err = -EINVAL;
1295         if (mreq->mr_alen > dev->addr_len)
1296                 goto done;
1297
1298         err = -ENOBUFS;
1299         i = kmalloc(sizeof(*i), GFP_KERNEL);
1300         if (i == NULL)
1301                 goto done;
1302
1303         err = 0;
1304         for (ml = po->mclist; ml; ml = ml->next) {
1305                 if (ml->ifindex == mreq->mr_ifindex &&
1306                     ml->type == mreq->mr_type &&
1307                     ml->alen == mreq->mr_alen &&
1308                     memcmp(ml->addr, mreq->mr_address, ml->alen) == 0) {
1309                         ml->count++;
1310                         /* Free the new element ... */
1311                         kfree(i);
1312                         goto done;
1313                 }
1314         }
1315
1316         i->type = mreq->mr_type;
1317         i->ifindex = mreq->mr_ifindex;
1318         i->alen = mreq->mr_alen;
1319         memcpy(i->addr, mreq->mr_address, i->alen);
1320         i->count = 1;
1321         i->next = po->mclist;
1322         po->mclist = i;
1323         err = packet_dev_mc(dev, i, 1);
1324         if (err) {
1325                 po->mclist = i->next;
1326                 kfree(i);
1327         }
1328
1329 done:
1330         rtnl_unlock();
1331         return err;
1332 }
1333
1334 static int packet_mc_drop(struct sock *sk, struct packet_mreq_max *mreq)
1335 {
1336         struct packet_mclist *ml, **mlp;
1337
1338         rtnl_lock();
1339
1340         for (mlp = &pkt_sk(sk)->mclist; (ml = *mlp) != NULL; mlp = &ml->next) {
1341                 if (ml->ifindex == mreq->mr_ifindex &&
1342                     ml->type == mreq->mr_type &&
1343                     ml->alen == mreq->mr_alen &&
1344                     memcmp(ml->addr, mreq->mr_address, ml->alen) == 0) {
1345                         if (--ml->count == 0) {
1346                                 struct net_device *dev;
1347                                 *mlp = ml->next;
1348                                 dev = dev_get_by_index(sock_net(sk), ml->ifindex);
1349                                 if (dev) {
1350                                         packet_dev_mc(dev, ml, -1);
1351                                         dev_put(dev);
1352                                 }
1353                                 kfree(ml);
1354                         }
1355                         rtnl_unlock();
1356                         return 0;
1357                 }
1358         }
1359         rtnl_unlock();
1360         return -EADDRNOTAVAIL;
1361 }
1362
1363 static void packet_flush_mclist(struct sock *sk)
1364 {
1365         struct packet_sock *po = pkt_sk(sk);
1366         struct packet_mclist *ml;
1367
1368         if (!po->mclist)
1369                 return;
1370
1371         rtnl_lock();
1372         while ((ml = po->mclist) != NULL) {
1373                 struct net_device *dev;
1374
1375                 po->mclist = ml->next;
1376                 if ((dev = dev_get_by_index(sock_net(sk), ml->ifindex)) != NULL) {
1377                         packet_dev_mc(dev, ml, -1);
1378                         dev_put(dev);
1379                 }
1380                 kfree(ml);
1381         }
1382         rtnl_unlock();
1383 }
1384
1385 static int
1386 packet_setsockopt(struct socket *sock, int level, int optname, char __user *optval, int optlen)
1387 {
1388         struct sock *sk = sock->sk;
1389         struct packet_sock *po = pkt_sk(sk);
1390         int ret;
1391
1392         if (level != SOL_PACKET)
1393                 return -ENOPROTOOPT;
1394
1395         switch(optname) {
1396         case PACKET_ADD_MEMBERSHIP:
1397         case PACKET_DROP_MEMBERSHIP:
1398         {
1399                 struct packet_mreq_max mreq;
1400                 int len = optlen;
1401                 memset(&mreq, 0, sizeof(mreq));
1402                 if (len < sizeof(struct packet_mreq))
1403                         return -EINVAL;
1404                 if (len > sizeof(mreq))
1405                         len = sizeof(mreq);
1406                 if (copy_from_user(&mreq,optval,len))
1407                         return -EFAULT;
1408                 if (len < (mreq.mr_alen + offsetof(struct packet_mreq, mr_address)))
1409                         return -EINVAL;
1410                 if (optname == PACKET_ADD_MEMBERSHIP)
1411                         ret = packet_mc_add(sk, &mreq);
1412                 else
1413                         ret = packet_mc_drop(sk, &mreq);
1414                 return ret;
1415         }
1416
1417 #ifdef CONFIG_PACKET_MMAP
1418         case PACKET_RX_RING:
1419         {
1420                 struct tpacket_req req;
1421
1422                 if (optlen<sizeof(req))
1423                         return -EINVAL;
1424                 if (copy_from_user(&req,optval,sizeof(req)))
1425                         return -EFAULT;
1426                 return packet_set_ring(sk, &req, 0);
1427         }
1428         case PACKET_COPY_THRESH:
1429         {
1430                 int val;
1431
1432                 if (optlen!=sizeof(val))
1433                         return -EINVAL;
1434                 if (copy_from_user(&val,optval,sizeof(val)))
1435                         return -EFAULT;
1436
1437                 pkt_sk(sk)->copy_thresh = val;
1438                 return 0;
1439         }
1440         case PACKET_VERSION:
1441         {
1442                 int val;
1443
1444                 if (optlen != sizeof(val))
1445                         return -EINVAL;
1446                 if (po->pg_vec)
1447                         return -EBUSY;
1448                 if (copy_from_user(&val, optval, sizeof(val)))
1449                         return -EFAULT;
1450                 switch (val) {
1451                 case TPACKET_V1:
1452                 case TPACKET_V2:
1453                         po->tp_version = val;
1454                         return 0;
1455                 default:
1456                         return -EINVAL;
1457                 }
1458         }
1459         case PACKET_RESERVE:
1460         {
1461                 unsigned int val;
1462
1463                 if (optlen != sizeof(val))
1464                         return -EINVAL;
1465                 if (po->pg_vec)
1466                         return -EBUSY;
1467                 if (copy_from_user(&val, optval, sizeof(val)))
1468                         return -EFAULT;
1469                 po->tp_reserve = val;
1470                 return 0;
1471         }
1472 #endif
1473         case PACKET_AUXDATA:
1474         {
1475                 int val;
1476
1477                 if (optlen < sizeof(val))
1478                         return -EINVAL;
1479                 if (copy_from_user(&val, optval, sizeof(val)))
1480                         return -EFAULT;
1481
1482                 po->auxdata = !!val;
1483                 return 0;
1484         }
1485         case PACKET_ORIGDEV:
1486         {
1487                 int val;
1488
1489                 if (optlen < sizeof(val))
1490                         return -EINVAL;
1491                 if (copy_from_user(&val, optval, sizeof(val)))
1492                         return -EFAULT;
1493
1494                 po->origdev = !!val;
1495                 return 0;
1496         }
1497         default:
1498                 return -ENOPROTOOPT;
1499         }
1500 }
1501
1502 static int packet_getsockopt(struct socket *sock, int level, int optname,
1503                              char __user *optval, int __user *optlen)
1504 {
1505         int len;
1506         int val;
1507         struct sock *sk = sock->sk;
1508         struct packet_sock *po = pkt_sk(sk);
1509         void *data;
1510         struct tpacket_stats st;
1511
1512         if (level != SOL_PACKET)
1513                 return -ENOPROTOOPT;
1514
1515         if (get_user(len, optlen))
1516                 return -EFAULT;
1517
1518         if (len < 0)
1519                 return -EINVAL;
1520
1521         switch(optname) {
1522         case PACKET_STATISTICS:
1523                 if (len > sizeof(struct tpacket_stats))
1524                         len = sizeof(struct tpacket_stats);
1525                 spin_lock_bh(&sk->sk_receive_queue.lock);
1526                 st = po->stats;
1527                 memset(&po->stats, 0, sizeof(st));
1528                 spin_unlock_bh(&sk->sk_receive_queue.lock);
1529                 st.tp_packets += st.tp_drops;
1530
1531                 data = &st;
1532                 break;
1533         case PACKET_AUXDATA:
1534                 if (len > sizeof(int))
1535                         len = sizeof(int);
1536                 val = po->auxdata;
1537
1538                 data = &val;
1539                 break;
1540         case PACKET_ORIGDEV:
1541                 if (len > sizeof(int))
1542                         len = sizeof(int);
1543                 val = po->origdev;
1544
1545                 data = &val;
1546                 break;
1547 #ifdef CONFIG_PACKET_MMAP
1548         case PACKET_VERSION:
1549                 if (len > sizeof(int))
1550                         len = sizeof(int);
1551                 val = po->tp_version;
1552                 data = &val;
1553                 break;
1554         case PACKET_HDRLEN:
1555                 if (len > sizeof(int))
1556                         len = sizeof(int);
1557                 if (copy_from_user(&val, optval, len))
1558                         return -EFAULT;
1559                 switch (val) {
1560                 case TPACKET_V1:
1561                         val = sizeof(struct tpacket_hdr);
1562                         break;
1563                 case TPACKET_V2:
1564                         val = sizeof(struct tpacket2_hdr);
1565                         break;
1566                 default:
1567                         return -EINVAL;
1568                 }
1569                 data = &val;
1570                 break;
1571         case PACKET_RESERVE:
1572                 if (len > sizeof(unsigned int))
1573                         len = sizeof(unsigned int);
1574                 val = po->tp_reserve;
1575                 data = &val;
1576                 break;
1577 #endif
1578         default:
1579                 return -ENOPROTOOPT;
1580         }
1581
1582         if (put_user(len, optlen))
1583                 return -EFAULT;
1584         if (copy_to_user(optval, data, len))
1585                 return -EFAULT;
1586         return 0;
1587 }
1588
1589
1590 static int packet_notifier(struct notifier_block *this, unsigned long msg, void *data)
1591 {
1592         struct sock *sk;
1593         struct hlist_node *node;
1594         struct net_device *dev = data;
1595         struct net *net = dev_net(dev);
1596
1597         read_lock(&net->packet.sklist_lock);
1598         sk_for_each(sk, node, &net->packet.sklist) {
1599                 struct packet_sock *po = pkt_sk(sk);
1600
1601                 switch (msg) {
1602                 case NETDEV_UNREGISTER:
1603                         if (po->mclist)
1604                                 packet_dev_mclist(dev, po->mclist, -1);
1605                         /* fallthrough */
1606
1607                 case NETDEV_DOWN:
1608                         if (dev->ifindex == po->ifindex) {
1609                                 spin_lock(&po->bind_lock);
1610                                 if (po->running) {
1611                                         __dev_remove_pack(&po->prot_hook);
1612                                         __sock_put(sk);
1613                                         po->running = 0;
1614                                         sk->sk_err = ENETDOWN;
1615                                         if (!sock_flag(sk, SOCK_DEAD))
1616                                                 sk->sk_error_report(sk);
1617                                 }
1618                                 if (msg == NETDEV_UNREGISTER) {
1619                                         po->ifindex = -1;
1620                                         po->prot_hook.dev = NULL;
1621                                 }
1622                                 spin_unlock(&po->bind_lock);
1623                         }
1624                         break;
1625                 case NETDEV_UP:
1626                         spin_lock(&po->bind_lock);
1627                         if (dev->ifindex == po->ifindex && po->num &&
1628                             !po->running) {
1629                                 dev_add_pack(&po->prot_hook);
1630                                 sock_hold(sk);
1631                                 po->running = 1;
1632                         }
1633                         spin_unlock(&po->bind_lock);
1634                         break;
1635                 }
1636         }
1637         read_unlock(&net->packet.sklist_lock);
1638         return NOTIFY_DONE;
1639 }
1640
1641
1642 static int packet_ioctl(struct socket *sock, unsigned int cmd,
1643                         unsigned long arg)
1644 {
1645         struct sock *sk = sock->sk;
1646
1647         switch(cmd) {
1648                 case SIOCOUTQ:
1649                 {
1650                         int amount = atomic_read(&sk->sk_wmem_alloc);
1651                         return put_user(amount, (int __user *)arg);
1652                 }
1653                 case SIOCINQ:
1654                 {
1655                         struct sk_buff *skb;
1656                         int amount = 0;
1657
1658                         spin_lock_bh(&sk->sk_receive_queue.lock);
1659                         skb = skb_peek(&sk->sk_receive_queue);
1660                         if (skb)
1661                                 amount = skb->len;
1662                         spin_unlock_bh(&sk->sk_receive_queue.lock);
1663                         return put_user(amount, (int __user *)arg);
1664                 }
1665                 case SIOCGSTAMP:
1666                         return sock_get_timestamp(sk, (struct timeval __user *)arg);
1667                 case SIOCGSTAMPNS:
1668                         return sock_get_timestampns(sk, (struct timespec __user *)arg);
1669
1670 #ifdef CONFIG_INET
1671                 case SIOCADDRT:
1672                 case SIOCDELRT:
1673                 case SIOCDARP:
1674                 case SIOCGARP:
1675                 case SIOCSARP:
1676                 case SIOCGIFADDR:
1677                 case SIOCSIFADDR:
1678                 case SIOCGIFBRDADDR:
1679                 case SIOCSIFBRDADDR:
1680                 case SIOCGIFNETMASK:
1681                 case SIOCSIFNETMASK:
1682                 case SIOCGIFDSTADDR:
1683                 case SIOCSIFDSTADDR:
1684                 case SIOCSIFFLAGS:
1685                         if (!net_eq(sock_net(sk), &init_net))
1686                                 return -ENOIOCTLCMD;
1687                         return inet_dgram_ops.ioctl(sock, cmd, arg);
1688 #endif
1689
1690                 default:
1691                         return -ENOIOCTLCMD;
1692         }
1693         return 0;
1694 }
1695
1696 #ifndef CONFIG_PACKET_MMAP
1697 #define packet_mmap sock_no_mmap
1698 #define packet_poll datagram_poll
1699 #else
1700
1701 static unsigned int packet_poll(struct file * file, struct socket *sock,
1702                                 poll_table *wait)
1703 {
1704         struct sock *sk = sock->sk;
1705         struct packet_sock *po = pkt_sk(sk);
1706         unsigned int mask = datagram_poll(file, sock, wait);
1707
1708         spin_lock_bh(&sk->sk_receive_queue.lock);
1709         if (po->pg_vec) {
1710                 unsigned last = po->head ? po->head-1 : po->frame_max;
1711
1712                 if (packet_lookup_frame(po, last, TP_STATUS_USER))
1713                         mask |= POLLIN | POLLRDNORM;
1714         }
1715         spin_unlock_bh(&sk->sk_receive_queue.lock);
1716         return mask;
1717 }
1718
1719
1720 /* Dirty? Well, I still did not learn better way to account
1721  * for user mmaps.
1722  */
1723
1724 static void packet_mm_open(struct vm_area_struct *vma)
1725 {
1726         struct file *file = vma->vm_file;
1727         struct socket * sock = file->private_data;
1728         struct sock *sk = sock->sk;
1729
1730         if (sk)
1731                 atomic_inc(&pkt_sk(sk)->mapped);
1732 }
1733
1734 static void packet_mm_close(struct vm_area_struct *vma)
1735 {
1736         struct file *file = vma->vm_file;
1737         struct socket * sock = file->private_data;
1738         struct sock *sk = sock->sk;
1739
1740         if (sk)
1741                 atomic_dec(&pkt_sk(sk)->mapped);
1742 }
1743
1744 static struct vm_operations_struct packet_mmap_ops = {
1745         .open = packet_mm_open,
1746         .close =packet_mm_close,
1747 };
1748
1749 static void free_pg_vec(char **pg_vec, unsigned int order, unsigned int len)
1750 {
1751         int i;
1752
1753         for (i = 0; i < len; i++) {
1754                 if (likely(pg_vec[i]))
1755                         free_pages((unsigned long) pg_vec[i], order);
1756         }
1757         kfree(pg_vec);
1758 }
1759
1760 static inline char *alloc_one_pg_vec_page(unsigned long order)
1761 {
1762         return (char *) __get_free_pages(GFP_KERNEL | __GFP_COMP | __GFP_ZERO,
1763                                          order);
1764 }
1765
1766 static char **alloc_pg_vec(struct tpacket_req *req, int order)
1767 {
1768         unsigned int block_nr = req->tp_block_nr;
1769         char **pg_vec;
1770         int i;
1771
1772         pg_vec = kzalloc(block_nr * sizeof(char *), GFP_KERNEL);
1773         if (unlikely(!pg_vec))
1774                 goto out;
1775
1776         for (i = 0; i < block_nr; i++) {
1777                 pg_vec[i] = alloc_one_pg_vec_page(order);
1778                 if (unlikely(!pg_vec[i]))
1779                         goto out_free_pgvec;
1780         }
1781
1782 out:
1783         return pg_vec;
1784
1785 out_free_pgvec:
1786         free_pg_vec(pg_vec, order, block_nr);
1787         pg_vec = NULL;
1788         goto out;
1789 }
1790
1791 static int packet_set_ring(struct sock *sk, struct tpacket_req *req, int closing)
1792 {
1793         char **pg_vec = NULL;
1794         struct packet_sock *po = pkt_sk(sk);
1795         int was_running, order = 0;
1796         __be16 num;
1797         int err = 0;
1798
1799         if (req->tp_block_nr) {
1800                 int i;
1801
1802                 /* Sanity tests and some calculations */
1803
1804                 if (unlikely(po->pg_vec))
1805                         return -EBUSY;
1806
1807                 switch (po->tp_version) {
1808                 case TPACKET_V1:
1809                         po->tp_hdrlen = TPACKET_HDRLEN;
1810                         break;
1811                 case TPACKET_V2:
1812                         po->tp_hdrlen = TPACKET2_HDRLEN;
1813                         break;
1814                 }
1815
1816                 if (unlikely((int)req->tp_block_size <= 0))
1817                         return -EINVAL;
1818                 if (unlikely(req->tp_block_size & (PAGE_SIZE - 1)))
1819                         return -EINVAL;
1820                 if (unlikely(req->tp_frame_size < po->tp_hdrlen +
1821                                                   po->tp_reserve))
1822                         return -EINVAL;
1823                 if (unlikely(req->tp_frame_size & (TPACKET_ALIGNMENT - 1)))
1824                         return -EINVAL;
1825
1826                 po->frames_per_block = req->tp_block_size/req->tp_frame_size;
1827                 if (unlikely(po->frames_per_block <= 0))
1828                         return -EINVAL;
1829                 if (unlikely((po->frames_per_block * req->tp_block_nr) !=
1830                              req->tp_frame_nr))
1831                         return -EINVAL;
1832
1833                 err = -ENOMEM;
1834                 order = get_order(req->tp_block_size);
1835                 pg_vec = alloc_pg_vec(req, order);
1836                 if (unlikely(!pg_vec))
1837                         goto out;
1838
1839                 for (i = 0; i < req->tp_block_nr; i++) {
1840                         void *ptr = pg_vec[i];
1841                         int k;
1842
1843                         for (k = 0; k < po->frames_per_block; k++) {
1844                                 __packet_set_status(po, ptr, TP_STATUS_KERNEL);
1845                                 ptr += req->tp_frame_size;
1846                         }
1847                 }
1848                 /* Done */
1849         } else {
1850                 if (unlikely(req->tp_frame_nr))
1851                         return -EINVAL;
1852         }
1853
1854         lock_sock(sk);
1855
1856         /* Detach socket from network */
1857         spin_lock(&po->bind_lock);
1858         was_running = po->running;
1859         num = po->num;
1860         if (was_running) {
1861                 __dev_remove_pack(&po->prot_hook);
1862                 po->num = 0;
1863                 po->running = 0;
1864                 __sock_put(sk);
1865         }
1866         spin_unlock(&po->bind_lock);
1867
1868         synchronize_net();
1869
1870         err = -EBUSY;
1871         mutex_lock(&po->pg_vec_lock);
1872         if (closing || atomic_read(&po->mapped) == 0) {
1873                 err = 0;
1874 #define XC(a, b) ({ __typeof__ ((a)) __t; __t = (a); (a) = (b); __t; })
1875
1876                 spin_lock_bh(&sk->sk_receive_queue.lock);
1877                 pg_vec = XC(po->pg_vec, pg_vec);
1878                 po->frame_max = (req->tp_frame_nr - 1);
1879                 po->head = 0;
1880                 po->frame_size = req->tp_frame_size;
1881                 spin_unlock_bh(&sk->sk_receive_queue.lock);
1882
1883                 order = XC(po->pg_vec_order, order);
1884                 req->tp_block_nr = XC(po->pg_vec_len, req->tp_block_nr);
1885
1886                 po->pg_vec_pages = req->tp_block_size/PAGE_SIZE;
1887                 po->prot_hook.func = po->pg_vec ? tpacket_rcv : packet_rcv;
1888                 skb_queue_purge(&sk->sk_receive_queue);
1889 #undef XC
1890                 if (atomic_read(&po->mapped))
1891                         printk(KERN_DEBUG "packet_mmap: vma is busy: %d\n", atomic_read(&po->mapped));
1892         }
1893         mutex_unlock(&po->pg_vec_lock);
1894
1895         spin_lock(&po->bind_lock);
1896         if (was_running && !po->running) {
1897                 sock_hold(sk);
1898                 po->running = 1;
1899                 po->num = num;
1900                 dev_add_pack(&po->prot_hook);
1901         }
1902         spin_unlock(&po->bind_lock);
1903
1904         release_sock(sk);
1905
1906         if (pg_vec)
1907                 free_pg_vec(pg_vec, order, req->tp_block_nr);
1908 out:
1909         return err;
1910 }
1911
1912 static int packet_mmap(struct file *file, struct socket *sock, struct vm_area_struct *vma)
1913 {
1914         struct sock *sk = sock->sk;
1915         struct packet_sock *po = pkt_sk(sk);
1916         unsigned long size;
1917         unsigned long start;
1918         int err = -EINVAL;
1919         int i;
1920
1921         if (vma->vm_pgoff)
1922                 return -EINVAL;
1923
1924         size = vma->vm_end - vma->vm_start;
1925
1926         mutex_lock(&po->pg_vec_lock);
1927         if (po->pg_vec == NULL)
1928                 goto out;
1929         if (size != po->pg_vec_len*po->pg_vec_pages*PAGE_SIZE)
1930                 goto out;
1931
1932         start = vma->vm_start;
1933         for (i = 0; i < po->pg_vec_len; i++) {
1934                 struct page *page = virt_to_page(po->pg_vec[i]);
1935                 int pg_num;
1936
1937                 for (pg_num = 0; pg_num < po->pg_vec_pages; pg_num++, page++) {
1938                         err = vm_insert_page(vma, start, page);
1939                         if (unlikely(err))
1940                                 goto out;
1941                         start += PAGE_SIZE;
1942                 }
1943         }
1944         atomic_inc(&po->mapped);
1945         vma->vm_ops = &packet_mmap_ops;
1946         err = 0;
1947
1948 out:
1949         mutex_unlock(&po->pg_vec_lock);
1950         return err;
1951 }
1952 #endif
1953
1954
1955 static const struct proto_ops packet_ops_spkt = {
1956         .family =       PF_PACKET,
1957         .owner =        THIS_MODULE,
1958         .release =      packet_release,
1959         .bind =         packet_bind_spkt,
1960         .connect =      sock_no_connect,
1961         .socketpair =   sock_no_socketpair,
1962         .accept =       sock_no_accept,
1963         .getname =      packet_getname_spkt,
1964         .poll =         datagram_poll,
1965         .ioctl =        packet_ioctl,
1966         .listen =       sock_no_listen,
1967         .shutdown =     sock_no_shutdown,
1968         .setsockopt =   sock_no_setsockopt,
1969         .getsockopt =   sock_no_getsockopt,
1970         .sendmsg =      packet_sendmsg_spkt,
1971         .recvmsg =      packet_recvmsg,
1972         .mmap =         sock_no_mmap,
1973         .sendpage =     sock_no_sendpage,
1974 };
1975
1976 static const struct proto_ops packet_ops = {
1977         .family =       PF_PACKET,
1978         .owner =        THIS_MODULE,
1979         .release =      packet_release,
1980         .bind =         packet_bind,
1981         .connect =      sock_no_connect,
1982         .socketpair =   sock_no_socketpair,
1983         .accept =       sock_no_accept,
1984         .getname =      packet_getname,
1985         .poll =         packet_poll,
1986         .ioctl =        packet_ioctl,
1987         .listen =       sock_no_listen,
1988         .shutdown =     sock_no_shutdown,
1989         .setsockopt =   packet_setsockopt,
1990         .getsockopt =   packet_getsockopt,
1991         .sendmsg =      packet_sendmsg,
1992         .recvmsg =      packet_recvmsg,
1993         .mmap =         packet_mmap,
1994         .sendpage =     sock_no_sendpage,
1995 };
1996
1997 static struct net_proto_family packet_family_ops = {
1998         .family =       PF_PACKET,
1999         .create =       packet_create,
2000         .owner  =       THIS_MODULE,
2001 };
2002
2003 static struct notifier_block packet_netdev_notifier = {
2004         .notifier_call =packet_notifier,
2005 };
2006
2007 #ifdef CONFIG_PROC_FS
2008 static inline struct sock *packet_seq_idx(struct net *net, loff_t off)
2009 {
2010         struct sock *s;
2011         struct hlist_node *node;
2012
2013         sk_for_each(s, node, &net->packet.sklist) {
2014                 if (!off--)
2015                         return s;
2016         }
2017         return NULL;
2018 }
2019
2020 static void *packet_seq_start(struct seq_file *seq, loff_t *pos)
2021         __acquires(seq_file_net(seq)->packet.sklist_lock)
2022 {
2023         struct net *net = seq_file_net(seq);
2024         read_lock(&net->packet.sklist_lock);
2025         return *pos ? packet_seq_idx(net, *pos - 1) : SEQ_START_TOKEN;
2026 }
2027
2028 static void *packet_seq_next(struct seq_file *seq, void *v, loff_t *pos)
2029 {
2030         struct net *net = seq_file_net(seq);
2031         ++*pos;
2032         return  (v == SEQ_START_TOKEN)
2033                 ? sk_head(&net->packet.sklist)
2034                 : sk_next((struct sock*)v) ;
2035 }
2036
2037 static void packet_seq_stop(struct seq_file *seq, void *v)
2038         __releases(seq_file_net(seq)->packet.sklist_lock)
2039 {
2040         struct net *net = seq_file_net(seq);
2041         read_unlock(&net->packet.sklist_lock);
2042 }
2043
2044 static int packet_seq_show(struct seq_file *seq, void *v)
2045 {
2046         if (v == SEQ_START_TOKEN)
2047                 seq_puts(seq, "sk       RefCnt Type Proto  Iface R Rmem   User   Inode\n");
2048         else {
2049                 struct sock *s = v;
2050                 const struct packet_sock *po = pkt_sk(s);
2051
2052                 seq_printf(seq,
2053                            "%p %-6d %-4d %04x   %-5d %1d %-6u %-6u %-6lu\n",
2054                            s,
2055                            atomic_read(&s->sk_refcnt),
2056                            s->sk_type,
2057                            ntohs(po->num),
2058                            po->ifindex,
2059                            po->running,
2060                            atomic_read(&s->sk_rmem_alloc),
2061                            sock_i_uid(s),
2062                            sock_i_ino(s) );
2063         }
2064
2065         return 0;
2066 }
2067
2068 static const struct seq_operations packet_seq_ops = {
2069         .start  = packet_seq_start,
2070         .next   = packet_seq_next,
2071         .stop   = packet_seq_stop,
2072         .show   = packet_seq_show,
2073 };
2074
2075 static int packet_seq_open(struct inode *inode, struct file *file)
2076 {
2077         return seq_open_net(inode, file, &packet_seq_ops,
2078                             sizeof(struct seq_net_private));
2079 }
2080
2081 static const struct file_operations packet_seq_fops = {
2082         .owner          = THIS_MODULE,
2083         .open           = packet_seq_open,
2084         .read           = seq_read,
2085         .llseek         = seq_lseek,
2086         .release        = seq_release_net,
2087 };
2088
2089 #endif
2090
2091 static int packet_net_init(struct net *net)
2092 {
2093         rwlock_init(&net->packet.sklist_lock);
2094         INIT_HLIST_HEAD(&net->packet.sklist);
2095
2096         if (!proc_net_fops_create(net, "packet", 0, &packet_seq_fops))
2097                 return -ENOMEM;
2098
2099         return 0;
2100 }
2101
2102 static void packet_net_exit(struct net *net)
2103 {
2104         proc_net_remove(net, "packet");
2105 }
2106
2107 static struct pernet_operations packet_net_ops = {
2108         .init = packet_net_init,
2109         .exit = packet_net_exit,
2110 };
2111
2112
2113 static void __exit packet_exit(void)
2114 {
2115         unregister_netdevice_notifier(&packet_netdev_notifier);
2116         unregister_pernet_subsys(&packet_net_ops);
2117         sock_unregister(PF_PACKET);
2118         proto_unregister(&packet_proto);
2119 }
2120
2121 static int __init packet_init(void)
2122 {
2123         int rc = proto_register(&packet_proto, 0);
2124
2125         if (rc != 0)
2126                 goto out;
2127
2128         sock_register(&packet_family_ops);
2129         register_pernet_subsys(&packet_net_ops);
2130         register_netdevice_notifier(&packet_netdev_notifier);
2131 out:
2132         return rc;
2133 }
2134
2135 module_init(packet_init);
2136 module_exit(packet_exit);
2137 MODULE_LICENSE("GPL");
2138 MODULE_ALIAS_NETPROTO(PF_PACKET);