1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /* Peer event handling, typically ICMP messages.
3 *
4 * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
5 * Written by David Howells (dhowells@redhat.com)
6 */
7
8 #include <linux/module.h>
9 #include <linux/net.h>
10 #include <linux/skbuff.h>
11 #include <linux/errqueue.h>
12 #include <linux/udp.h>
13 #include <linux/in.h>
14 #include <linux/in6.h>
15 #include <linux/icmp.h>
16 #include <net/sock.h>
17 #include <net/af_rxrpc.h>
18 #include <net/ip.h>
19 #include "ar-internal.h"
20
21 static void rxrpc_store_error(struct rxrpc_peer *, struct sock_exterr_skb *);
22 static void rxrpc_distribute_error(struct rxrpc_peer *, int,
23 enum rxrpc_call_completion);
24
25 /*
26 * Find the peer associated with an ICMP packet.
27 */
rxrpc_lookup_peer_icmp_rcu(struct rxrpc_local * local,const struct sk_buff * skb,struct sockaddr_rxrpc * srx)28 static struct rxrpc_peer *rxrpc_lookup_peer_icmp_rcu(struct rxrpc_local *local,
29 const struct sk_buff *skb,
30 struct sockaddr_rxrpc *srx)
31 {
32 struct sock_exterr_skb *serr = SKB_EXT_ERR(skb);
33
34 _enter("");
35
36 memset(srx, 0, sizeof(*srx));
37 srx->transport_type = local->srx.transport_type;
38 srx->transport_len = local->srx.transport_len;
39 srx->transport.family = local->srx.transport.family;
40
41 /* Can we see an ICMP4 packet on an ICMP6 listening socket? and vice
42 * versa?
43 */
44 switch (srx->transport.family) {
45 case AF_INET:
46 srx->transport_len = sizeof(srx->transport.sin);
47 srx->transport.family = AF_INET;
48 srx->transport.sin.sin_port = serr->port;
49 switch (serr->ee.ee_origin) {
50 case SO_EE_ORIGIN_ICMP:
51 _net("Rx ICMP");
52 memcpy(&srx->transport.sin.sin_addr,
53 skb_network_header(skb) + serr->addr_offset,
54 sizeof(struct in_addr));
55 break;
56 case SO_EE_ORIGIN_ICMP6:
57 _net("Rx ICMP6 on v4 sock");
58 memcpy(&srx->transport.sin.sin_addr,
59 skb_network_header(skb) + serr->addr_offset + 12,
60 sizeof(struct in_addr));
61 break;
62 default:
63 memcpy(&srx->transport.sin.sin_addr, &ip_hdr(skb)->saddr,
64 sizeof(struct in_addr));
65 break;
66 }
67 break;
68
69 #ifdef CONFIG_AF_RXRPC_IPV6
70 case AF_INET6:
71 switch (serr->ee.ee_origin) {
72 case SO_EE_ORIGIN_ICMP6:
73 _net("Rx ICMP6");
74 srx->transport.sin6.sin6_port = serr->port;
75 memcpy(&srx->transport.sin6.sin6_addr,
76 skb_network_header(skb) + serr->addr_offset,
77 sizeof(struct in6_addr));
78 break;
79 case SO_EE_ORIGIN_ICMP:
80 _net("Rx ICMP on v6 sock");
81 srx->transport_len = sizeof(srx->transport.sin);
82 srx->transport.family = AF_INET;
83 srx->transport.sin.sin_port = serr->port;
84 memcpy(&srx->transport.sin.sin_addr,
85 skb_network_header(skb) + serr->addr_offset,
86 sizeof(struct in_addr));
87 break;
88 default:
89 memcpy(&srx->transport.sin6.sin6_addr,
90 &ipv6_hdr(skb)->saddr,
91 sizeof(struct in6_addr));
92 break;
93 }
94 break;
95 #endif
96
97 default:
98 BUG();
99 }
100
101 return rxrpc_lookup_peer_rcu(local, srx);
102 }
103
104 /*
105 * Handle an MTU/fragmentation problem.
106 */
rxrpc_adjust_mtu(struct rxrpc_peer * peer,struct sock_exterr_skb * serr)107 static void rxrpc_adjust_mtu(struct rxrpc_peer *peer, struct sock_exterr_skb *serr)
108 {
109 u32 mtu = serr->ee.ee_info;
110
111 _net("Rx ICMP Fragmentation Needed (%d)", mtu);
112
113 /* wind down the local interface MTU */
114 if (mtu > 0 && peer->if_mtu == 65535 && mtu < peer->if_mtu) {
115 peer->if_mtu = mtu;
116 _net("I/F MTU %u", mtu);
117 }
118
119 if (mtu == 0) {
120 /* they didn't give us a size, estimate one */
121 mtu = peer->if_mtu;
122 if (mtu > 1500) {
123 mtu >>= 1;
124 if (mtu < 1500)
125 mtu = 1500;
126 } else {
127 mtu -= 100;
128 if (mtu < peer->hdrsize)
129 mtu = peer->hdrsize + 4;
130 }
131 }
132
133 if (mtu < peer->mtu) {
134 spin_lock_bh(&peer->lock);
135 peer->mtu = mtu;
136 peer->maxdata = peer->mtu - peer->hdrsize;
137 spin_unlock_bh(&peer->lock);
138 _net("Net MTU %u (maxdata %u)",
139 peer->mtu, peer->maxdata);
140 }
141 }
142
143 /*
144 * Handle an error received on the local endpoint.
145 */
rxrpc_error_report(struct sock * sk)146 void rxrpc_error_report(struct sock *sk)
147 {
148 struct sock_exterr_skb *serr;
149 struct sockaddr_rxrpc srx;
150 struct rxrpc_local *local;
151 struct rxrpc_peer *peer;
152 struct sk_buff *skb;
153
154 rcu_read_lock();
155 local = rcu_dereference_sk_user_data(sk);
156 if (unlikely(!local)) {
157 rcu_read_unlock();
158 return;
159 }
160 _enter("%p{%d}", sk, local->debug_id);
161
162 /* Clear the outstanding error value on the socket so that it doesn't
163 * cause kernel_sendmsg() to return it later.
164 */
165 sock_error(sk);
166
167 skb = sock_dequeue_err_skb(sk);
168 if (!skb) {
169 rcu_read_unlock();
170 _leave("UDP socket errqueue empty");
171 return;
172 }
173 rxrpc_new_skb(skb, rxrpc_skb_received);
174 serr = SKB_EXT_ERR(skb);
175 if (!skb->len && serr->ee.ee_origin == SO_EE_ORIGIN_TIMESTAMPING) {
176 _leave("UDP empty message");
177 rcu_read_unlock();
178 rxrpc_free_skb(skb, rxrpc_skb_freed);
179 return;
180 }
181
182 peer = rxrpc_lookup_peer_icmp_rcu(local, skb, &srx);
183 if (peer && !rxrpc_get_peer_maybe(peer))
184 peer = NULL;
185 if (!peer) {
186 rcu_read_unlock();
187 rxrpc_free_skb(skb, rxrpc_skb_freed);
188 _leave(" [no peer]");
189 return;
190 }
191
192 trace_rxrpc_rx_icmp(peer, &serr->ee, &srx);
193
194 if ((serr->ee.ee_origin == SO_EE_ORIGIN_ICMP &&
195 serr->ee.ee_type == ICMP_DEST_UNREACH &&
196 serr->ee.ee_code == ICMP_FRAG_NEEDED)) {
197 rxrpc_adjust_mtu(peer, serr);
198 rcu_read_unlock();
199 rxrpc_free_skb(skb, rxrpc_skb_freed);
200 rxrpc_put_peer(peer);
201 _leave(" [MTU update]");
202 return;
203 }
204
205 rxrpc_store_error(peer, serr);
206 rcu_read_unlock();
207 rxrpc_free_skb(skb, rxrpc_skb_freed);
208 rxrpc_put_peer(peer);
209
210 _leave("");
211 }
212
213 /*
214 * Map an error report to error codes on the peer record.
215 */
rxrpc_store_error(struct rxrpc_peer * peer,struct sock_exterr_skb * serr)216 static void rxrpc_store_error(struct rxrpc_peer *peer,
217 struct sock_exterr_skb *serr)
218 {
219 enum rxrpc_call_completion compl = RXRPC_CALL_NETWORK_ERROR;
220 struct sock_extended_err *ee;
221 int err;
222
223 _enter("");
224
225 ee = &serr->ee;
226
227 err = ee->ee_errno;
228
229 switch (ee->ee_origin) {
230 case SO_EE_ORIGIN_ICMP:
231 switch (ee->ee_type) {
232 case ICMP_DEST_UNREACH:
233 switch (ee->ee_code) {
234 case ICMP_NET_UNREACH:
235 _net("Rx Received ICMP Network Unreachable");
236 break;
237 case ICMP_HOST_UNREACH:
238 _net("Rx Received ICMP Host Unreachable");
239 break;
240 case ICMP_PORT_UNREACH:
241 _net("Rx Received ICMP Port Unreachable");
242 break;
243 case ICMP_NET_UNKNOWN:
244 _net("Rx Received ICMP Unknown Network");
245 break;
246 case ICMP_HOST_UNKNOWN:
247 _net("Rx Received ICMP Unknown Host");
248 break;
249 default:
250 _net("Rx Received ICMP DestUnreach code=%u",
251 ee->ee_code);
252 break;
253 }
254 break;
255
256 case ICMP_TIME_EXCEEDED:
257 _net("Rx Received ICMP TTL Exceeded");
258 break;
259
260 default:
261 _proto("Rx Received ICMP error { type=%u code=%u }",
262 ee->ee_type, ee->ee_code);
263 break;
264 }
265 break;
266
267 case SO_EE_ORIGIN_NONE:
268 case SO_EE_ORIGIN_LOCAL:
269 _proto("Rx Received local error { error=%d }", err);
270 compl = RXRPC_CALL_LOCAL_ERROR;
271 break;
272
273 case SO_EE_ORIGIN_ICMP6:
274 default:
275 _proto("Rx Received error report { orig=%u }", ee->ee_origin);
276 break;
277 }
278
279 rxrpc_distribute_error(peer, err, compl);
280 }
281
282 /*
283 * Distribute an error that occurred on a peer.
284 */
rxrpc_distribute_error(struct rxrpc_peer * peer,int error,enum rxrpc_call_completion compl)285 static void rxrpc_distribute_error(struct rxrpc_peer *peer, int error,
286 enum rxrpc_call_completion compl)
287 {
288 struct rxrpc_call *call;
289
290 hlist_for_each_entry_rcu(call, &peer->error_targets, error_link) {
291 rxrpc_see_call(call);
292 if (call->state < RXRPC_CALL_COMPLETE &&
293 rxrpc_set_call_completion(call, compl, 0, -error))
294 rxrpc_notify_socket(call);
295 }
296 }
297
298 /*
299 * Perform keep-alive pings.
300 */
rxrpc_peer_keepalive_dispatch(struct rxrpc_net * rxnet,struct list_head * collector,time64_t base,u8 cursor)301 static void rxrpc_peer_keepalive_dispatch(struct rxrpc_net *rxnet,
302 struct list_head *collector,
303 time64_t base,
304 u8 cursor)
305 {
306 struct rxrpc_peer *peer;
307 const u8 mask = ARRAY_SIZE(rxnet->peer_keepalive) - 1;
308 time64_t keepalive_at;
309 int slot;
310
311 spin_lock_bh(&rxnet->peer_hash_lock);
312
313 while (!list_empty(collector)) {
314 peer = list_entry(collector->next,
315 struct rxrpc_peer, keepalive_link);
316
317 list_del_init(&peer->keepalive_link);
318 if (!rxrpc_get_peer_maybe(peer))
319 continue;
320
321 if (__rxrpc_use_local(peer->local)) {
322 spin_unlock_bh(&rxnet->peer_hash_lock);
323
324 keepalive_at = peer->last_tx_at + RXRPC_KEEPALIVE_TIME;
325 slot = keepalive_at - base;
326 _debug("%02x peer %u t=%d {%pISp}",
327 cursor, peer->debug_id, slot, &peer->srx.transport);
328
329 if (keepalive_at <= base ||
330 keepalive_at > base + RXRPC_KEEPALIVE_TIME) {
331 rxrpc_send_keepalive(peer);
332 slot = RXRPC_KEEPALIVE_TIME;
333 }
334
335 /* A transmission to this peer occurred since last we
336 * examined it so put it into the appropriate future
337 * bucket.
338 */
339 slot += cursor;
340 slot &= mask;
341 spin_lock_bh(&rxnet->peer_hash_lock);
342 list_add_tail(&peer->keepalive_link,
343 &rxnet->peer_keepalive[slot & mask]);
344 rxrpc_unuse_local(peer->local);
345 }
346 rxrpc_put_peer_locked(peer);
347 }
348
349 spin_unlock_bh(&rxnet->peer_hash_lock);
350 }
351
352 /*
353 * Perform keep-alive pings with VERSION packets to keep any NAT alive.
354 */
rxrpc_peer_keepalive_worker(struct work_struct * work)355 void rxrpc_peer_keepalive_worker(struct work_struct *work)
356 {
357 struct rxrpc_net *rxnet =
358 container_of(work, struct rxrpc_net, peer_keepalive_work);
359 const u8 mask = ARRAY_SIZE(rxnet->peer_keepalive) - 1;
360 time64_t base, now, delay;
361 u8 cursor, stop;
362 LIST_HEAD(collector);
363
364 now = ktime_get_seconds();
365 base = rxnet->peer_keepalive_base;
366 cursor = rxnet->peer_keepalive_cursor;
367 _enter("%lld,%u", base - now, cursor);
368
369 if (!rxnet->live)
370 return;
371
372 /* Remove to a temporary list all the peers that are currently lodged
373 * in expired buckets plus all new peers.
374 *
375 * Everything in the bucket at the cursor is processed this
376 * second; the bucket at cursor + 1 goes at now + 1s and so
377 * on...
378 */
379 spin_lock_bh(&rxnet->peer_hash_lock);
380 list_splice_init(&rxnet->peer_keepalive_new, &collector);
381
382 stop = cursor + ARRAY_SIZE(rxnet->peer_keepalive);
383 while (base <= now && (s8)(cursor - stop) < 0) {
384 list_splice_tail_init(&rxnet->peer_keepalive[cursor & mask],
385 &collector);
386 base++;
387 cursor++;
388 }
389
390 base = now;
391 spin_unlock_bh(&rxnet->peer_hash_lock);
392
393 rxnet->peer_keepalive_base = base;
394 rxnet->peer_keepalive_cursor = cursor;
395 rxrpc_peer_keepalive_dispatch(rxnet, &collector, base, cursor);
396 ASSERT(list_empty(&collector));
397
398 /* Schedule the timer for the next occupied timeslot. */
399 cursor = rxnet->peer_keepalive_cursor;
400 stop = cursor + RXRPC_KEEPALIVE_TIME - 1;
401 for (; (s8)(cursor - stop) < 0; cursor++) {
402 if (!list_empty(&rxnet->peer_keepalive[cursor & mask]))
403 break;
404 base++;
405 }
406
407 now = ktime_get_seconds();
408 delay = base - now;
409 if (delay < 1)
410 delay = 1;
411 delay *= HZ;
412 if (rxnet->live)
413 timer_reduce(&rxnet->peer_keepalive_timer, jiffies + delay);
414
415 _leave("");
416 }
417