1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /* Peer event handling, typically ICMP messages.
3  *
4  * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
5  * Written by David Howells (dhowells@redhat.com)
6  */
7 
8 #include <linux/module.h>
9 #include <linux/net.h>
10 #include <linux/skbuff.h>
11 #include <linux/errqueue.h>
12 #include <linux/udp.h>
13 #include <linux/in.h>
14 #include <linux/in6.h>
15 #include <linux/icmp.h>
16 #include <net/sock.h>
17 #include <net/af_rxrpc.h>
18 #include <net/ip.h>
19 #include "ar-internal.h"
20 
21 static void rxrpc_store_error(struct rxrpc_peer *, struct sock_exterr_skb *);
22 static void rxrpc_distribute_error(struct rxrpc_peer *, int,
23 				   enum rxrpc_call_completion);
24 
25 /*
26  * Find the peer associated with an ICMP packet.
27  */
rxrpc_lookup_peer_icmp_rcu(struct rxrpc_local * local,const struct sk_buff * skb,struct sockaddr_rxrpc * srx)28 static struct rxrpc_peer *rxrpc_lookup_peer_icmp_rcu(struct rxrpc_local *local,
29 						     const struct sk_buff *skb,
30 						     struct sockaddr_rxrpc *srx)
31 {
32 	struct sock_exterr_skb *serr = SKB_EXT_ERR(skb);
33 
34 	_enter("");
35 
36 	memset(srx, 0, sizeof(*srx));
37 	srx->transport_type = local->srx.transport_type;
38 	srx->transport_len = local->srx.transport_len;
39 	srx->transport.family = local->srx.transport.family;
40 
41 	/* Can we see an ICMP4 packet on an ICMP6 listening socket?  and vice
42 	 * versa?
43 	 */
44 	switch (srx->transport.family) {
45 	case AF_INET:
46 		srx->transport_len = sizeof(srx->transport.sin);
47 		srx->transport.family = AF_INET;
48 		srx->transport.sin.sin_port = serr->port;
49 		switch (serr->ee.ee_origin) {
50 		case SO_EE_ORIGIN_ICMP:
51 			_net("Rx ICMP");
52 			memcpy(&srx->transport.sin.sin_addr,
53 			       skb_network_header(skb) + serr->addr_offset,
54 			       sizeof(struct in_addr));
55 			break;
56 		case SO_EE_ORIGIN_ICMP6:
57 			_net("Rx ICMP6 on v4 sock");
58 			memcpy(&srx->transport.sin.sin_addr,
59 			       skb_network_header(skb) + serr->addr_offset + 12,
60 			       sizeof(struct in_addr));
61 			break;
62 		default:
63 			memcpy(&srx->transport.sin.sin_addr, &ip_hdr(skb)->saddr,
64 			       sizeof(struct in_addr));
65 			break;
66 		}
67 		break;
68 
69 #ifdef CONFIG_AF_RXRPC_IPV6
70 	case AF_INET6:
71 		switch (serr->ee.ee_origin) {
72 		case SO_EE_ORIGIN_ICMP6:
73 			_net("Rx ICMP6");
74 			srx->transport.sin6.sin6_port = serr->port;
75 			memcpy(&srx->transport.sin6.sin6_addr,
76 			       skb_network_header(skb) + serr->addr_offset,
77 			       sizeof(struct in6_addr));
78 			break;
79 		case SO_EE_ORIGIN_ICMP:
80 			_net("Rx ICMP on v6 sock");
81 			srx->transport_len = sizeof(srx->transport.sin);
82 			srx->transport.family = AF_INET;
83 			srx->transport.sin.sin_port = serr->port;
84 			memcpy(&srx->transport.sin.sin_addr,
85 			       skb_network_header(skb) + serr->addr_offset,
86 			       sizeof(struct in_addr));
87 			break;
88 		default:
89 			memcpy(&srx->transport.sin6.sin6_addr,
90 			       &ipv6_hdr(skb)->saddr,
91 			       sizeof(struct in6_addr));
92 			break;
93 		}
94 		break;
95 #endif
96 
97 	default:
98 		BUG();
99 	}
100 
101 	return rxrpc_lookup_peer_rcu(local, srx);
102 }
103 
104 /*
105  * Handle an MTU/fragmentation problem.
106  */
rxrpc_adjust_mtu(struct rxrpc_peer * peer,struct sock_exterr_skb * serr)107 static void rxrpc_adjust_mtu(struct rxrpc_peer *peer, struct sock_exterr_skb *serr)
108 {
109 	u32 mtu = serr->ee.ee_info;
110 
111 	_net("Rx ICMP Fragmentation Needed (%d)", mtu);
112 
113 	/* wind down the local interface MTU */
114 	if (mtu > 0 && peer->if_mtu == 65535 && mtu < peer->if_mtu) {
115 		peer->if_mtu = mtu;
116 		_net("I/F MTU %u", mtu);
117 	}
118 
119 	if (mtu == 0) {
120 		/* they didn't give us a size, estimate one */
121 		mtu = peer->if_mtu;
122 		if (mtu > 1500) {
123 			mtu >>= 1;
124 			if (mtu < 1500)
125 				mtu = 1500;
126 		} else {
127 			mtu -= 100;
128 			if (mtu < peer->hdrsize)
129 				mtu = peer->hdrsize + 4;
130 		}
131 	}
132 
133 	if (mtu < peer->mtu) {
134 		spin_lock_bh(&peer->lock);
135 		peer->mtu = mtu;
136 		peer->maxdata = peer->mtu - peer->hdrsize;
137 		spin_unlock_bh(&peer->lock);
138 		_net("Net MTU %u (maxdata %u)",
139 		     peer->mtu, peer->maxdata);
140 	}
141 }
142 
143 /*
144  * Handle an error received on the local endpoint.
145  */
rxrpc_error_report(struct sock * sk)146 void rxrpc_error_report(struct sock *sk)
147 {
148 	struct sock_exterr_skb *serr;
149 	struct sockaddr_rxrpc srx;
150 	struct rxrpc_local *local;
151 	struct rxrpc_peer *peer;
152 	struct sk_buff *skb;
153 
154 	rcu_read_lock();
155 	local = rcu_dereference_sk_user_data(sk);
156 	if (unlikely(!local)) {
157 		rcu_read_unlock();
158 		return;
159 	}
160 	_enter("%p{%d}", sk, local->debug_id);
161 
162 	/* Clear the outstanding error value on the socket so that it doesn't
163 	 * cause kernel_sendmsg() to return it later.
164 	 */
165 	sock_error(sk);
166 
167 	skb = sock_dequeue_err_skb(sk);
168 	if (!skb) {
169 		rcu_read_unlock();
170 		_leave("UDP socket errqueue empty");
171 		return;
172 	}
173 	rxrpc_new_skb(skb, rxrpc_skb_received);
174 	serr = SKB_EXT_ERR(skb);
175 	if (!skb->len && serr->ee.ee_origin == SO_EE_ORIGIN_TIMESTAMPING) {
176 		_leave("UDP empty message");
177 		rcu_read_unlock();
178 		rxrpc_free_skb(skb, rxrpc_skb_freed);
179 		return;
180 	}
181 
182 	peer = rxrpc_lookup_peer_icmp_rcu(local, skb, &srx);
183 	if (peer && !rxrpc_get_peer_maybe(peer))
184 		peer = NULL;
185 	if (!peer) {
186 		rcu_read_unlock();
187 		rxrpc_free_skb(skb, rxrpc_skb_freed);
188 		_leave(" [no peer]");
189 		return;
190 	}
191 
192 	trace_rxrpc_rx_icmp(peer, &serr->ee, &srx);
193 
194 	if ((serr->ee.ee_origin == SO_EE_ORIGIN_ICMP &&
195 	     serr->ee.ee_type == ICMP_DEST_UNREACH &&
196 	     serr->ee.ee_code == ICMP_FRAG_NEEDED)) {
197 		rxrpc_adjust_mtu(peer, serr);
198 		rcu_read_unlock();
199 		rxrpc_free_skb(skb, rxrpc_skb_freed);
200 		rxrpc_put_peer(peer);
201 		_leave(" [MTU update]");
202 		return;
203 	}
204 
205 	rxrpc_store_error(peer, serr);
206 	rcu_read_unlock();
207 	rxrpc_free_skb(skb, rxrpc_skb_freed);
208 	rxrpc_put_peer(peer);
209 
210 	_leave("");
211 }
212 
213 /*
214  * Map an error report to error codes on the peer record.
215  */
rxrpc_store_error(struct rxrpc_peer * peer,struct sock_exterr_skb * serr)216 static void rxrpc_store_error(struct rxrpc_peer *peer,
217 			      struct sock_exterr_skb *serr)
218 {
219 	enum rxrpc_call_completion compl = RXRPC_CALL_NETWORK_ERROR;
220 	struct sock_extended_err *ee;
221 	int err;
222 
223 	_enter("");
224 
225 	ee = &serr->ee;
226 
227 	err = ee->ee_errno;
228 
229 	switch (ee->ee_origin) {
230 	case SO_EE_ORIGIN_ICMP:
231 		switch (ee->ee_type) {
232 		case ICMP_DEST_UNREACH:
233 			switch (ee->ee_code) {
234 			case ICMP_NET_UNREACH:
235 				_net("Rx Received ICMP Network Unreachable");
236 				break;
237 			case ICMP_HOST_UNREACH:
238 				_net("Rx Received ICMP Host Unreachable");
239 				break;
240 			case ICMP_PORT_UNREACH:
241 				_net("Rx Received ICMP Port Unreachable");
242 				break;
243 			case ICMP_NET_UNKNOWN:
244 				_net("Rx Received ICMP Unknown Network");
245 				break;
246 			case ICMP_HOST_UNKNOWN:
247 				_net("Rx Received ICMP Unknown Host");
248 				break;
249 			default:
250 				_net("Rx Received ICMP DestUnreach code=%u",
251 				     ee->ee_code);
252 				break;
253 			}
254 			break;
255 
256 		case ICMP_TIME_EXCEEDED:
257 			_net("Rx Received ICMP TTL Exceeded");
258 			break;
259 
260 		default:
261 			_proto("Rx Received ICMP error { type=%u code=%u }",
262 			       ee->ee_type, ee->ee_code);
263 			break;
264 		}
265 		break;
266 
267 	case SO_EE_ORIGIN_NONE:
268 	case SO_EE_ORIGIN_LOCAL:
269 		_proto("Rx Received local error { error=%d }", err);
270 		compl = RXRPC_CALL_LOCAL_ERROR;
271 		break;
272 
273 	case SO_EE_ORIGIN_ICMP6:
274 		if (err == EACCES)
275 			err = EHOSTUNREACH;
276 		fallthrough;
277 	default:
278 		_proto("Rx Received error report { orig=%u }", ee->ee_origin);
279 		break;
280 	}
281 
282 	rxrpc_distribute_error(peer, err, compl);
283 }
284 
285 /*
286  * Distribute an error that occurred on a peer.
287  */
rxrpc_distribute_error(struct rxrpc_peer * peer,int error,enum rxrpc_call_completion compl)288 static void rxrpc_distribute_error(struct rxrpc_peer *peer, int error,
289 				   enum rxrpc_call_completion compl)
290 {
291 	struct rxrpc_call *call;
292 
293 	hlist_for_each_entry_rcu(call, &peer->error_targets, error_link) {
294 		rxrpc_see_call(call);
295 		rxrpc_set_call_completion(call, compl, 0, -error);
296 	}
297 }
298 
299 /*
300  * Perform keep-alive pings.
301  */
rxrpc_peer_keepalive_dispatch(struct rxrpc_net * rxnet,struct list_head * collector,time64_t base,u8 cursor)302 static void rxrpc_peer_keepalive_dispatch(struct rxrpc_net *rxnet,
303 					  struct list_head *collector,
304 					  time64_t base,
305 					  u8 cursor)
306 {
307 	struct rxrpc_peer *peer;
308 	const u8 mask = ARRAY_SIZE(rxnet->peer_keepalive) - 1;
309 	time64_t keepalive_at;
310 	int slot;
311 
312 	spin_lock_bh(&rxnet->peer_hash_lock);
313 
314 	while (!list_empty(collector)) {
315 		peer = list_entry(collector->next,
316 				  struct rxrpc_peer, keepalive_link);
317 
318 		list_del_init(&peer->keepalive_link);
319 		if (!rxrpc_get_peer_maybe(peer))
320 			continue;
321 
322 		if (__rxrpc_use_local(peer->local)) {
323 			spin_unlock_bh(&rxnet->peer_hash_lock);
324 
325 			keepalive_at = peer->last_tx_at + RXRPC_KEEPALIVE_TIME;
326 			slot = keepalive_at - base;
327 			_debug("%02x peer %u t=%d {%pISp}",
328 			       cursor, peer->debug_id, slot, &peer->srx.transport);
329 
330 			if (keepalive_at <= base ||
331 			    keepalive_at > base + RXRPC_KEEPALIVE_TIME) {
332 				rxrpc_send_keepalive(peer);
333 				slot = RXRPC_KEEPALIVE_TIME;
334 			}
335 
336 			/* A transmission to this peer occurred since last we
337 			 * examined it so put it into the appropriate future
338 			 * bucket.
339 			 */
340 			slot += cursor;
341 			slot &= mask;
342 			spin_lock_bh(&rxnet->peer_hash_lock);
343 			list_add_tail(&peer->keepalive_link,
344 				      &rxnet->peer_keepalive[slot & mask]);
345 			rxrpc_unuse_local(peer->local);
346 		}
347 		rxrpc_put_peer_locked(peer);
348 	}
349 
350 	spin_unlock_bh(&rxnet->peer_hash_lock);
351 }
352 
353 /*
354  * Perform keep-alive pings with VERSION packets to keep any NAT alive.
355  */
rxrpc_peer_keepalive_worker(struct work_struct * work)356 void rxrpc_peer_keepalive_worker(struct work_struct *work)
357 {
358 	struct rxrpc_net *rxnet =
359 		container_of(work, struct rxrpc_net, peer_keepalive_work);
360 	const u8 mask = ARRAY_SIZE(rxnet->peer_keepalive) - 1;
361 	time64_t base, now, delay;
362 	u8 cursor, stop;
363 	LIST_HEAD(collector);
364 
365 	now = ktime_get_seconds();
366 	base = rxnet->peer_keepalive_base;
367 	cursor = rxnet->peer_keepalive_cursor;
368 	_enter("%lld,%u", base - now, cursor);
369 
370 	if (!rxnet->live)
371 		return;
372 
373 	/* Remove to a temporary list all the peers that are currently lodged
374 	 * in expired buckets plus all new peers.
375 	 *
376 	 * Everything in the bucket at the cursor is processed this
377 	 * second; the bucket at cursor + 1 goes at now + 1s and so
378 	 * on...
379 	 */
380 	spin_lock_bh(&rxnet->peer_hash_lock);
381 	list_splice_init(&rxnet->peer_keepalive_new, &collector);
382 
383 	stop = cursor + ARRAY_SIZE(rxnet->peer_keepalive);
384 	while (base <= now && (s8)(cursor - stop) < 0) {
385 		list_splice_tail_init(&rxnet->peer_keepalive[cursor & mask],
386 				      &collector);
387 		base++;
388 		cursor++;
389 	}
390 
391 	base = now;
392 	spin_unlock_bh(&rxnet->peer_hash_lock);
393 
394 	rxnet->peer_keepalive_base = base;
395 	rxnet->peer_keepalive_cursor = cursor;
396 	rxrpc_peer_keepalive_dispatch(rxnet, &collector, base, cursor);
397 	ASSERT(list_empty(&collector));
398 
399 	/* Schedule the timer for the next occupied timeslot. */
400 	cursor = rxnet->peer_keepalive_cursor;
401 	stop = cursor + RXRPC_KEEPALIVE_TIME - 1;
402 	for (; (s8)(cursor - stop) < 0; cursor++) {
403 		if (!list_empty(&rxnet->peer_keepalive[cursor & mask]))
404 			break;
405 		base++;
406 	}
407 
408 	now = ktime_get_seconds();
409 	delay = base - now;
410 	if (delay < 1)
411 		delay = 1;
412 	delay *= HZ;
413 	if (rxnet->live)
414 		timer_reduce(&rxnet->peer_keepalive_timer, jiffies + delay);
415 
416 	_leave("");
417 }
418