1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /* Peer event handling, typically ICMP messages.
3 *
4 * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
5 * Written by David Howells (dhowells@redhat.com)
6 */
7
8 #include <linux/module.h>
9 #include <linux/net.h>
10 #include <linux/skbuff.h>
11 #include <linux/errqueue.h>
12 #include <linux/udp.h>
13 #include <linux/in.h>
14 #include <linux/in6.h>
15 #include <linux/icmp.h>
16 #include <net/sock.h>
17 #include <net/af_rxrpc.h>
18 #include <net/ip.h>
19 #include <net/icmp.h>
20 #include "ar-internal.h"
21
22 static void rxrpc_adjust_mtu(struct rxrpc_peer *, unsigned int);
23 static void rxrpc_store_error(struct rxrpc_peer *, struct sock_exterr_skb *);
24 static void rxrpc_distribute_error(struct rxrpc_peer *, int,
25 enum rxrpc_call_completion);
26
27 /*
28 * Find the peer associated with an ICMPv4 packet.
29 */
rxrpc_lookup_peer_icmp_rcu(struct rxrpc_local * local,struct sk_buff * skb,unsigned int udp_offset,unsigned int * info,struct sockaddr_rxrpc * srx)30 static struct rxrpc_peer *rxrpc_lookup_peer_icmp_rcu(struct rxrpc_local *local,
31 struct sk_buff *skb,
32 unsigned int udp_offset,
33 unsigned int *info,
34 struct sockaddr_rxrpc *srx)
35 {
36 struct iphdr *ip, *ip0 = ip_hdr(skb);
37 struct icmphdr *icmp = icmp_hdr(skb);
38 struct udphdr *udp = (struct udphdr *)(skb->data + udp_offset);
39
40 _enter("%u,%u,%u", ip0->protocol, icmp->type, icmp->code);
41
42 switch (icmp->type) {
43 case ICMP_DEST_UNREACH:
44 *info = ntohs(icmp->un.frag.mtu);
45 fallthrough;
46 case ICMP_TIME_EXCEEDED:
47 case ICMP_PARAMETERPROB:
48 ip = (struct iphdr *)((void *)icmp + 8);
49 break;
50 default:
51 return NULL;
52 }
53
54 memset(srx, 0, sizeof(*srx));
55 srx->transport_type = local->srx.transport_type;
56 srx->transport_len = local->srx.transport_len;
57 srx->transport.family = local->srx.transport.family;
58
59 /* Can we see an ICMP4 packet on an ICMP6 listening socket? and vice
60 * versa?
61 */
62 switch (srx->transport.family) {
63 case AF_INET:
64 srx->transport_len = sizeof(srx->transport.sin);
65 srx->transport.family = AF_INET;
66 srx->transport.sin.sin_port = udp->dest;
67 memcpy(&srx->transport.sin.sin_addr, &ip->daddr,
68 sizeof(struct in_addr));
69 break;
70
71 #ifdef CONFIG_AF_RXRPC_IPV6
72 case AF_INET6:
73 srx->transport_len = sizeof(srx->transport.sin);
74 srx->transport.family = AF_INET;
75 srx->transport.sin.sin_port = udp->dest;
76 memcpy(&srx->transport.sin.sin_addr, &ip->daddr,
77 sizeof(struct in_addr));
78 break;
79 #endif
80
81 default:
82 WARN_ON_ONCE(1);
83 return NULL;
84 }
85
86 _net("ICMP {%pISp}", &srx->transport);
87 return rxrpc_lookup_peer_rcu(local, srx);
88 }
89
90 #ifdef CONFIG_AF_RXRPC_IPV6
91 /*
92 * Find the peer associated with an ICMPv6 packet.
93 */
rxrpc_lookup_peer_icmp6_rcu(struct rxrpc_local * local,struct sk_buff * skb,unsigned int udp_offset,unsigned int * info,struct sockaddr_rxrpc * srx)94 static struct rxrpc_peer *rxrpc_lookup_peer_icmp6_rcu(struct rxrpc_local *local,
95 struct sk_buff *skb,
96 unsigned int udp_offset,
97 unsigned int *info,
98 struct sockaddr_rxrpc *srx)
99 {
100 struct icmp6hdr *icmp = icmp6_hdr(skb);
101 struct ipv6hdr *ip, *ip0 = ipv6_hdr(skb);
102 struct udphdr *udp = (struct udphdr *)(skb->data + udp_offset);
103
104 _enter("%u,%u,%u", ip0->nexthdr, icmp->icmp6_type, icmp->icmp6_code);
105
106 switch (icmp->icmp6_type) {
107 case ICMPV6_DEST_UNREACH:
108 *info = ntohl(icmp->icmp6_mtu);
109 fallthrough;
110 case ICMPV6_PKT_TOOBIG:
111 case ICMPV6_TIME_EXCEED:
112 case ICMPV6_PARAMPROB:
113 ip = (struct ipv6hdr *)((void *)icmp + 8);
114 break;
115 default:
116 return NULL;
117 }
118
119 memset(srx, 0, sizeof(*srx));
120 srx->transport_type = local->srx.transport_type;
121 srx->transport_len = local->srx.transport_len;
122 srx->transport.family = local->srx.transport.family;
123
124 /* Can we see an ICMP4 packet on an ICMP6 listening socket? and vice
125 * versa?
126 */
127 switch (srx->transport.family) {
128 case AF_INET:
129 _net("Rx ICMP6 on v4 sock");
130 srx->transport_len = sizeof(srx->transport.sin);
131 srx->transport.family = AF_INET;
132 srx->transport.sin.sin_port = udp->dest;
133 memcpy(&srx->transport.sin.sin_addr,
134 &ip->daddr.s6_addr32[3], sizeof(struct in_addr));
135 break;
136 case AF_INET6:
137 _net("Rx ICMP6");
138 srx->transport.sin.sin_port = udp->dest;
139 memcpy(&srx->transport.sin6.sin6_addr, &ip->daddr,
140 sizeof(struct in6_addr));
141 break;
142 default:
143 WARN_ON_ONCE(1);
144 return NULL;
145 }
146
147 _net("ICMP {%pISp}", &srx->transport);
148 return rxrpc_lookup_peer_rcu(local, srx);
149 }
150 #endif /* CONFIG_AF_RXRPC_IPV6 */
151
152 /*
153 * Handle an error received on the local endpoint as a tunnel.
154 */
rxrpc_encap_err_rcv(struct sock * sk,struct sk_buff * skb,unsigned int udp_offset)155 void rxrpc_encap_err_rcv(struct sock *sk, struct sk_buff *skb,
156 unsigned int udp_offset)
157 {
158 struct sock_extended_err ee;
159 struct sockaddr_rxrpc srx;
160 struct rxrpc_local *local;
161 struct rxrpc_peer *peer;
162 unsigned int info = 0;
163 int err;
164 u8 version = ip_hdr(skb)->version;
165 u8 type = icmp_hdr(skb)->type;
166 u8 code = icmp_hdr(skb)->code;
167
168 rcu_read_lock();
169 local = rcu_dereference_sk_user_data(sk);
170 if (unlikely(!local)) {
171 rcu_read_unlock();
172 return;
173 }
174
175 rxrpc_new_skb(skb, rxrpc_skb_received);
176
177 switch (ip_hdr(skb)->version) {
178 case IPVERSION:
179 peer = rxrpc_lookup_peer_icmp_rcu(local, skb, udp_offset,
180 &info, &srx);
181 break;
182 #ifdef CONFIG_AF_RXRPC_IPV6
183 case 6:
184 peer = rxrpc_lookup_peer_icmp6_rcu(local, skb, udp_offset,
185 &info, &srx);
186 break;
187 #endif
188 default:
189 rcu_read_unlock();
190 return;
191 }
192
193 if (peer && !rxrpc_get_peer_maybe(peer))
194 peer = NULL;
195 if (!peer) {
196 rcu_read_unlock();
197 return;
198 }
199
200 memset(&ee, 0, sizeof(ee));
201
202 switch (version) {
203 case IPVERSION:
204 switch (type) {
205 case ICMP_DEST_UNREACH:
206 switch (code) {
207 case ICMP_FRAG_NEEDED:
208 rxrpc_adjust_mtu(peer, info);
209 rcu_read_unlock();
210 rxrpc_put_peer(peer);
211 return;
212 default:
213 break;
214 }
215
216 err = EHOSTUNREACH;
217 if (code <= NR_ICMP_UNREACH) {
218 /* Might want to do something different with
219 * non-fatal errors
220 */
221 //harderr = icmp_err_convert[code].fatal;
222 err = icmp_err_convert[code].errno;
223 }
224 break;
225
226 case ICMP_TIME_EXCEEDED:
227 err = EHOSTUNREACH;
228 break;
229 default:
230 err = EPROTO;
231 break;
232 }
233
234 ee.ee_origin = SO_EE_ORIGIN_ICMP;
235 ee.ee_type = type;
236 ee.ee_code = code;
237 ee.ee_errno = err;
238 break;
239
240 #ifdef CONFIG_AF_RXRPC_IPV6
241 case 6:
242 switch (type) {
243 case ICMPV6_PKT_TOOBIG:
244 rxrpc_adjust_mtu(peer, info);
245 rcu_read_unlock();
246 rxrpc_put_peer(peer);
247 return;
248 }
249
250 icmpv6_err_convert(type, code, &err);
251
252 if (err == EACCES)
253 err = EHOSTUNREACH;
254
255 ee.ee_origin = SO_EE_ORIGIN_ICMP6;
256 ee.ee_type = type;
257 ee.ee_code = code;
258 ee.ee_errno = err;
259 break;
260 #endif
261 }
262
263 trace_rxrpc_rx_icmp(peer, &ee, &srx);
264
265 rxrpc_distribute_error(peer, err, RXRPC_CALL_NETWORK_ERROR);
266 rcu_read_unlock();
267 rxrpc_put_peer(peer);
268 }
269
270 /*
271 * Find the peer associated with a local error.
272 */
rxrpc_lookup_peer_local_rcu(struct rxrpc_local * local,const struct sk_buff * skb,struct sockaddr_rxrpc * srx)273 static struct rxrpc_peer *rxrpc_lookup_peer_local_rcu(struct rxrpc_local *local,
274 const struct sk_buff *skb,
275 struct sockaddr_rxrpc *srx)
276 {
277 struct sock_exterr_skb *serr = SKB_EXT_ERR(skb);
278
279 _enter("");
280
281 memset(srx, 0, sizeof(*srx));
282 srx->transport_type = local->srx.transport_type;
283 srx->transport_len = local->srx.transport_len;
284 srx->transport.family = local->srx.transport.family;
285
286 switch (srx->transport.family) {
287 case AF_INET:
288 srx->transport_len = sizeof(srx->transport.sin);
289 srx->transport.family = AF_INET;
290 srx->transport.sin.sin_port = serr->port;
291 switch (serr->ee.ee_origin) {
292 case SO_EE_ORIGIN_ICMP:
293 _net("Rx ICMP");
294 memcpy(&srx->transport.sin.sin_addr,
295 skb_network_header(skb) + serr->addr_offset,
296 sizeof(struct in_addr));
297 break;
298 case SO_EE_ORIGIN_ICMP6:
299 _net("Rx ICMP6 on v4 sock");
300 memcpy(&srx->transport.sin.sin_addr,
301 skb_network_header(skb) + serr->addr_offset + 12,
302 sizeof(struct in_addr));
303 break;
304 default:
305 memcpy(&srx->transport.sin.sin_addr, &ip_hdr(skb)->saddr,
306 sizeof(struct in_addr));
307 break;
308 }
309 break;
310
311 #ifdef CONFIG_AF_RXRPC_IPV6
312 case AF_INET6:
313 switch (serr->ee.ee_origin) {
314 case SO_EE_ORIGIN_ICMP6:
315 _net("Rx ICMP6");
316 srx->transport.sin6.sin6_port = serr->port;
317 memcpy(&srx->transport.sin6.sin6_addr,
318 skb_network_header(skb) + serr->addr_offset,
319 sizeof(struct in6_addr));
320 break;
321 case SO_EE_ORIGIN_ICMP:
322 _net("Rx ICMP on v6 sock");
323 srx->transport_len = sizeof(srx->transport.sin);
324 srx->transport.family = AF_INET;
325 srx->transport.sin.sin_port = serr->port;
326 memcpy(&srx->transport.sin.sin_addr,
327 skb_network_header(skb) + serr->addr_offset,
328 sizeof(struct in_addr));
329 break;
330 default:
331 memcpy(&srx->transport.sin6.sin6_addr,
332 &ipv6_hdr(skb)->saddr,
333 sizeof(struct in6_addr));
334 break;
335 }
336 break;
337 #endif
338
339 default:
340 BUG();
341 }
342
343 return rxrpc_lookup_peer_rcu(local, srx);
344 }
345
346 /*
347 * Handle an MTU/fragmentation problem.
348 */
rxrpc_adjust_mtu(struct rxrpc_peer * peer,unsigned int mtu)349 static void rxrpc_adjust_mtu(struct rxrpc_peer *peer, unsigned int mtu)
350 {
351 _net("Rx ICMP Fragmentation Needed (%d)", mtu);
352
353 /* wind down the local interface MTU */
354 if (mtu > 0 && peer->if_mtu == 65535 && mtu < peer->if_mtu) {
355 peer->if_mtu = mtu;
356 _net("I/F MTU %u", mtu);
357 }
358
359 if (mtu == 0) {
360 /* they didn't give us a size, estimate one */
361 mtu = peer->if_mtu;
362 if (mtu > 1500) {
363 mtu >>= 1;
364 if (mtu < 1500)
365 mtu = 1500;
366 } else {
367 mtu -= 100;
368 if (mtu < peer->hdrsize)
369 mtu = peer->hdrsize + 4;
370 }
371 }
372
373 if (mtu < peer->mtu) {
374 spin_lock_bh(&peer->lock);
375 peer->mtu = mtu;
376 peer->maxdata = peer->mtu - peer->hdrsize;
377 spin_unlock_bh(&peer->lock);
378 _net("Net MTU %u (maxdata %u)",
379 peer->mtu, peer->maxdata);
380 }
381 }
382
383 /*
384 * Handle an error received on the local endpoint.
385 */
rxrpc_error_report(struct sock * sk)386 void rxrpc_error_report(struct sock *sk)
387 {
388 struct sock_exterr_skb *serr;
389 struct sockaddr_rxrpc srx;
390 struct rxrpc_local *local;
391 struct rxrpc_peer *peer = NULL;
392 struct sk_buff *skb;
393
394 rcu_read_lock();
395 local = rcu_dereference_sk_user_data(sk);
396 if (unlikely(!local)) {
397 rcu_read_unlock();
398 return;
399 }
400 _enter("%p{%d}", sk, local->debug_id);
401
402 /* Clear the outstanding error value on the socket so that it doesn't
403 * cause kernel_sendmsg() to return it later.
404 */
405 sock_error(sk);
406
407 skb = sock_dequeue_err_skb(sk);
408 if (!skb) {
409 rcu_read_unlock();
410 _leave("UDP socket errqueue empty");
411 return;
412 }
413 rxrpc_new_skb(skb, rxrpc_skb_received);
414 serr = SKB_EXT_ERR(skb);
415
416 if (serr->ee.ee_origin == SO_EE_ORIGIN_LOCAL) {
417 peer = rxrpc_lookup_peer_local_rcu(local, skb, &srx);
418 if (peer && !rxrpc_get_peer_maybe(peer))
419 peer = NULL;
420 if (peer) {
421 trace_rxrpc_rx_icmp(peer, &serr->ee, &srx);
422 rxrpc_store_error(peer, serr);
423 }
424 }
425
426 rcu_read_unlock();
427 rxrpc_free_skb(skb, rxrpc_skb_freed);
428 rxrpc_put_peer(peer);
429 _leave("");
430 }
431
432 /*
433 * Map an error report to error codes on the peer record.
434 */
rxrpc_store_error(struct rxrpc_peer * peer,struct sock_exterr_skb * serr)435 static void rxrpc_store_error(struct rxrpc_peer *peer,
436 struct sock_exterr_skb *serr)
437 {
438 enum rxrpc_call_completion compl = RXRPC_CALL_NETWORK_ERROR;
439 struct sock_extended_err *ee;
440 int err;
441
442 _enter("");
443
444 ee = &serr->ee;
445
446 err = ee->ee_errno;
447
448 switch (ee->ee_origin) {
449 case SO_EE_ORIGIN_ICMP:
450 switch (ee->ee_type) {
451 case ICMP_DEST_UNREACH:
452 switch (ee->ee_code) {
453 case ICMP_NET_UNREACH:
454 _net("Rx Received ICMP Network Unreachable");
455 break;
456 case ICMP_HOST_UNREACH:
457 _net("Rx Received ICMP Host Unreachable");
458 break;
459 case ICMP_PORT_UNREACH:
460 _net("Rx Received ICMP Port Unreachable");
461 break;
462 case ICMP_NET_UNKNOWN:
463 _net("Rx Received ICMP Unknown Network");
464 break;
465 case ICMP_HOST_UNKNOWN:
466 _net("Rx Received ICMP Unknown Host");
467 break;
468 default:
469 _net("Rx Received ICMP DestUnreach code=%u",
470 ee->ee_code);
471 break;
472 }
473 break;
474
475 case ICMP_TIME_EXCEEDED:
476 _net("Rx Received ICMP TTL Exceeded");
477 break;
478
479 default:
480 _proto("Rx Received ICMP error { type=%u code=%u }",
481 ee->ee_type, ee->ee_code);
482 break;
483 }
484 break;
485
486 case SO_EE_ORIGIN_NONE:
487 case SO_EE_ORIGIN_LOCAL:
488 _proto("Rx Received local error { error=%d }", err);
489 compl = RXRPC_CALL_LOCAL_ERROR;
490 break;
491
492 case SO_EE_ORIGIN_ICMP6:
493 if (err == EACCES)
494 err = EHOSTUNREACH;
495 fallthrough;
496 default:
497 _proto("Rx Received error report { orig=%u }", ee->ee_origin);
498 break;
499 }
500
501 rxrpc_distribute_error(peer, err, compl);
502 }
503
504 /*
505 * Distribute an error that occurred on a peer.
506 */
rxrpc_distribute_error(struct rxrpc_peer * peer,int error,enum rxrpc_call_completion compl)507 static void rxrpc_distribute_error(struct rxrpc_peer *peer, int error,
508 enum rxrpc_call_completion compl)
509 {
510 struct rxrpc_call *call;
511
512 hlist_for_each_entry_rcu(call, &peer->error_targets, error_link) {
513 rxrpc_see_call(call);
514 rxrpc_set_call_completion(call, compl, 0, -error);
515 }
516 }
517
518 /*
519 * Perform keep-alive pings.
520 */
rxrpc_peer_keepalive_dispatch(struct rxrpc_net * rxnet,struct list_head * collector,time64_t base,u8 cursor)521 static void rxrpc_peer_keepalive_dispatch(struct rxrpc_net *rxnet,
522 struct list_head *collector,
523 time64_t base,
524 u8 cursor)
525 {
526 struct rxrpc_peer *peer;
527 const u8 mask = ARRAY_SIZE(rxnet->peer_keepalive) - 1;
528 time64_t keepalive_at;
529 int slot;
530
531 spin_lock_bh(&rxnet->peer_hash_lock);
532
533 while (!list_empty(collector)) {
534 peer = list_entry(collector->next,
535 struct rxrpc_peer, keepalive_link);
536
537 list_del_init(&peer->keepalive_link);
538 if (!rxrpc_get_peer_maybe(peer))
539 continue;
540
541 if (__rxrpc_use_local(peer->local)) {
542 spin_unlock_bh(&rxnet->peer_hash_lock);
543
544 keepalive_at = peer->last_tx_at + RXRPC_KEEPALIVE_TIME;
545 slot = keepalive_at - base;
546 _debug("%02x peer %u t=%d {%pISp}",
547 cursor, peer->debug_id, slot, &peer->srx.transport);
548
549 if (keepalive_at <= base ||
550 keepalive_at > base + RXRPC_KEEPALIVE_TIME) {
551 rxrpc_send_keepalive(peer);
552 slot = RXRPC_KEEPALIVE_TIME;
553 }
554
555 /* A transmission to this peer occurred since last we
556 * examined it so put it into the appropriate future
557 * bucket.
558 */
559 slot += cursor;
560 slot &= mask;
561 spin_lock_bh(&rxnet->peer_hash_lock);
562 list_add_tail(&peer->keepalive_link,
563 &rxnet->peer_keepalive[slot & mask]);
564 rxrpc_unuse_local(peer->local);
565 }
566 rxrpc_put_peer_locked(peer);
567 }
568
569 spin_unlock_bh(&rxnet->peer_hash_lock);
570 }
571
572 /*
573 * Perform keep-alive pings with VERSION packets to keep any NAT alive.
574 */
rxrpc_peer_keepalive_worker(struct work_struct * work)575 void rxrpc_peer_keepalive_worker(struct work_struct *work)
576 {
577 struct rxrpc_net *rxnet =
578 container_of(work, struct rxrpc_net, peer_keepalive_work);
579 const u8 mask = ARRAY_SIZE(rxnet->peer_keepalive) - 1;
580 time64_t base, now, delay;
581 u8 cursor, stop;
582 LIST_HEAD(collector);
583
584 now = ktime_get_seconds();
585 base = rxnet->peer_keepalive_base;
586 cursor = rxnet->peer_keepalive_cursor;
587 _enter("%lld,%u", base - now, cursor);
588
589 if (!rxnet->live)
590 return;
591
592 /* Remove to a temporary list all the peers that are currently lodged
593 * in expired buckets plus all new peers.
594 *
595 * Everything in the bucket at the cursor is processed this
596 * second; the bucket at cursor + 1 goes at now + 1s and so
597 * on...
598 */
599 spin_lock_bh(&rxnet->peer_hash_lock);
600 list_splice_init(&rxnet->peer_keepalive_new, &collector);
601
602 stop = cursor + ARRAY_SIZE(rxnet->peer_keepalive);
603 while (base <= now && (s8)(cursor - stop) < 0) {
604 list_splice_tail_init(&rxnet->peer_keepalive[cursor & mask],
605 &collector);
606 base++;
607 cursor++;
608 }
609
610 base = now;
611 spin_unlock_bh(&rxnet->peer_hash_lock);
612
613 rxnet->peer_keepalive_base = base;
614 rxnet->peer_keepalive_cursor = cursor;
615 rxrpc_peer_keepalive_dispatch(rxnet, &collector, base, cursor);
616 ASSERT(list_empty(&collector));
617
618 /* Schedule the timer for the next occupied timeslot. */
619 cursor = rxnet->peer_keepalive_cursor;
620 stop = cursor + RXRPC_KEEPALIVE_TIME - 1;
621 for (; (s8)(cursor - stop) < 0; cursor++) {
622 if (!list_empty(&rxnet->peer_keepalive[cursor & mask]))
623 break;
624 base++;
625 }
626
627 now = ktime_get_seconds();
628 delay = base - now;
629 if (delay < 1)
630 delay = 1;
631 delay *= HZ;
632 if (rxnet->live)
633 timer_reduce(&rxnet->peer_keepalive_timer, jiffies + delay);
634
635 _leave("");
636 }
637