]> err.no Git - linux-2.6/blob - net/packet/af_packet.c
[PATCH] ieee80211_geo.c: remove frivolous BUG_ON's
[linux-2.6] / net / packet / af_packet.c
1 /*
2  * INET         An implementation of the TCP/IP protocol suite for the LINUX
3  *              operating system.  INET is implemented using the  BSD Socket
4  *              interface as the means of communication with the user level.
5  *
6  *              PACKET - implements raw packet sockets.
7  *
8  * Version:     $Id: af_packet.c,v 1.61 2002/02/08 03:57:19 davem Exp $
9  *
10  * Authors:     Ross Biro
11  *              Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
12  *              Alan Cox, <gw4pts@gw4pts.ampr.org>
13  *
14  * Fixes:       
15  *              Alan Cox        :       verify_area() now used correctly
16  *              Alan Cox        :       new skbuff lists, look ma no backlogs!
17  *              Alan Cox        :       tidied skbuff lists.
18  *              Alan Cox        :       Now uses generic datagram routines I
19  *                                      added. Also fixed the peek/read crash
20  *                                      from all old Linux datagram code.
21  *              Alan Cox        :       Uses the improved datagram code.
22  *              Alan Cox        :       Added NULL's for socket options.
23  *              Alan Cox        :       Re-commented the code.
24  *              Alan Cox        :       Use new kernel side addressing
25  *              Rob Janssen     :       Correct MTU usage.
26  *              Dave Platt      :       Counter leaks caused by incorrect
27  *                                      interrupt locking and some slightly
28  *                                      dubious gcc output. Can you read
29  *                                      compiler: it said _VOLATILE_
30  *      Richard Kooijman        :       Timestamp fixes.
31  *              Alan Cox        :       New buffers. Use sk->mac.raw.
32  *              Alan Cox        :       sendmsg/recvmsg support.
33  *              Alan Cox        :       Protocol setting support
34  *      Alexey Kuznetsov        :       Untied from IPv4 stack.
35  *      Cyrus Durgin            :       Fixed kerneld for kmod.
36  *      Michal Ostrowski        :       Module initialization cleanup.
37  *         Ulises Alonso        :       Frame number limit removal and 
38  *                                      packet_set_ring memory leak.
39  *              Eric Biederman  :       Allow for > 8 byte hardware addresses.
40  *                                      The convention is that longer addresses
41  *                                      will simply extend the hardware address
42  *                                      byte arrays at the end of sockaddr_ll 
43  *                                      and packet_mreq.
44  *
45  *              This program is free software; you can redistribute it and/or
46  *              modify it under the terms of the GNU General Public License
47  *              as published by the Free Software Foundation; either version
48  *              2 of the License, or (at your option) any later version.
49  *
50  */
51  
52 #include <linux/config.h>
53 #include <linux/types.h>
54 #include <linux/sched.h>
55 #include <linux/mm.h>
56 #include <linux/capability.h>
57 #include <linux/fcntl.h>
58 #include <linux/socket.h>
59 #include <linux/in.h>
60 #include <linux/inet.h>
61 #include <linux/netdevice.h>
62 #include <linux/if_packet.h>
63 #include <linux/wireless.h>
64 #include <linux/kmod.h>
65 #include <net/ip.h>
66 #include <net/protocol.h>
67 #include <linux/skbuff.h>
68 #include <net/sock.h>
69 #include <linux/errno.h>
70 #include <linux/timer.h>
71 #include <asm/system.h>
72 #include <asm/uaccess.h>
73 #include <asm/ioctls.h>
74 #include <asm/page.h>
75 #include <asm/io.h>
76 #include <linux/proc_fs.h>
77 #include <linux/seq_file.h>
78 #include <linux/poll.h>
79 #include <linux/module.h>
80 #include <linux/init.h>
81
82 #ifdef CONFIG_INET
83 #include <net/inet_common.h>
84 #endif
85
86 #define CONFIG_SOCK_PACKET      1
87
88 /*
89    Proposed replacement for SIOC{ADD,DEL}MULTI and
90    IFF_PROMISC, IFF_ALLMULTI flags.
91
92    It is more expensive, but I believe,
93    it is really correct solution: reentereble, safe and fault tolerant.
94
95    IFF_PROMISC/IFF_ALLMULTI/SIOC{ADD/DEL}MULTI are faked by keeping
96    reference count and global flag, so that real status is
97    (gflag|(count != 0)), so that we can use obsolete faulty interface
98    not harming clever users.
99  */
100 #define CONFIG_PACKET_MULTICAST 1
101
102 /*
103    Assumptions:
104    - if device has no dev->hard_header routine, it adds and removes ll header
105      inside itself. In this case ll header is invisible outside of device,
106      but higher levels still should reserve dev->hard_header_len.
107      Some devices are enough clever to reallocate skb, when header
108      will not fit to reserved space (tunnel), another ones are silly
109      (PPP).
110    - packet socket receives packets with pulled ll header,
111      so that SOCK_RAW should push it back.
112
113 On receive:
114 -----------
115
116 Incoming, dev->hard_header!=NULL
117    mac.raw -> ll header
118    data    -> data
119
120 Outgoing, dev->hard_header!=NULL
121    mac.raw -> ll header
122    data    -> ll header
123
124 Incoming, dev->hard_header==NULL
125    mac.raw -> UNKNOWN position. It is very likely, that it points to ll header.
126               PPP makes it, that is wrong, because introduce assymetry
127               between rx and tx paths.
128    data    -> data
129
130 Outgoing, dev->hard_header==NULL
131    mac.raw -> data. ll header is still not built!
132    data    -> data
133
134 Resume
135   If dev->hard_header==NULL we are unlikely to restore sensible ll header.
136
137
138 On transmit:
139 ------------
140
141 dev->hard_header != NULL
142    mac.raw -> ll header
143    data    -> ll header
144
145 dev->hard_header == NULL (ll header is added by device, we cannot control it)
146    mac.raw -> data
147    data -> data
148
149    We should set nh.raw on output to correct posistion,
150    packet classifier depends on it.
151  */
152
153 /* List of all packet sockets. */
154 static HLIST_HEAD(packet_sklist);
155 static DEFINE_RWLOCK(packet_sklist_lock);
156
157 static atomic_t packet_socks_nr;
158
159
160 /* Private packet socket structures. */
161
162 #ifdef CONFIG_PACKET_MULTICAST
163 struct packet_mclist
164 {
165         struct packet_mclist    *next;
166         int                     ifindex;
167         int                     count;
168         unsigned short          type;
169         unsigned short          alen;
170         unsigned char           addr[MAX_ADDR_LEN];
171 };
172 /* identical to struct packet_mreq except it has
173  * a longer address field.
174  */
175 struct packet_mreq_max
176 {
177         int             mr_ifindex;
178         unsigned short  mr_type;
179         unsigned short  mr_alen;
180         unsigned char   mr_address[MAX_ADDR_LEN];
181 };
182 #endif
183 #ifdef CONFIG_PACKET_MMAP
184 static int packet_set_ring(struct sock *sk, struct tpacket_req *req, int closing);
185 #endif
186
187 static void packet_flush_mclist(struct sock *sk);
188
189 struct packet_sock {
190         /* struct sock has to be the first member of packet_sock */
191         struct sock             sk;
192         struct tpacket_stats    stats;
193 #ifdef CONFIG_PACKET_MMAP
194         char *                  *pg_vec;
195         unsigned int            head;
196         unsigned int            frames_per_block;
197         unsigned int            frame_size;
198         unsigned int            frame_max;
199         int                     copy_thresh;
200 #endif
201         struct packet_type      prot_hook;
202         spinlock_t              bind_lock;
203         char                    running;        /* prot_hook is attached*/
204         int                     ifindex;        /* bound device         */
205         unsigned short          num;
206 #ifdef CONFIG_PACKET_MULTICAST
207         struct packet_mclist    *mclist;
208 #endif
209 #ifdef CONFIG_PACKET_MMAP
210         atomic_t                mapped;
211         unsigned int            pg_vec_order;
212         unsigned int            pg_vec_pages;
213         unsigned int            pg_vec_len;
214 #endif
215 };
216
217 #ifdef CONFIG_PACKET_MMAP
218
219 static inline char *packet_lookup_frame(struct packet_sock *po, unsigned int position)
220 {
221         unsigned int pg_vec_pos, frame_offset;
222         char *frame;
223
224         pg_vec_pos = position / po->frames_per_block;
225         frame_offset = position % po->frames_per_block;
226
227         frame = po->pg_vec[pg_vec_pos] + (frame_offset * po->frame_size);
228         
229         return frame;
230 }
231 #endif
232
233 static inline struct packet_sock *pkt_sk(struct sock *sk)
234 {
235         return (struct packet_sock *)sk;
236 }
237
238 static void packet_sock_destruct(struct sock *sk)
239 {
240         BUG_TRAP(!atomic_read(&sk->sk_rmem_alloc));
241         BUG_TRAP(!atomic_read(&sk->sk_wmem_alloc));
242
243         if (!sock_flag(sk, SOCK_DEAD)) {
244                 printk("Attempt to release alive packet socket: %p\n", sk);
245                 return;
246         }
247
248         atomic_dec(&packet_socks_nr);
249 #ifdef PACKET_REFCNT_DEBUG
250         printk(KERN_DEBUG "PACKET socket %p is free, %d are alive\n", sk, atomic_read(&packet_socks_nr));
251 #endif
252 }
253
254
255 static const struct proto_ops packet_ops;
256
257 #ifdef CONFIG_SOCK_PACKET
258 static const struct proto_ops packet_ops_spkt;
259
260 static int packet_rcv_spkt(struct sk_buff *skb, struct net_device *dev,  struct packet_type *pt, struct net_device *orig_dev)
261 {
262         struct sock *sk;
263         struct sockaddr_pkt *spkt;
264
265         /*
266          *      When we registered the protocol we saved the socket in the data
267          *      field for just this event.
268          */
269
270         sk = pt->af_packet_priv;
271         
272         /*
273          *      Yank back the headers [hope the device set this
274          *      right or kerboom...]
275          *
276          *      Incoming packets have ll header pulled,
277          *      push it back.
278          *
279          *      For outgoing ones skb->data == skb->mac.raw
280          *      so that this procedure is noop.
281          */
282
283         if (skb->pkt_type == PACKET_LOOPBACK)
284                 goto out;
285
286         if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL)
287                 goto oom;
288
289         /* drop any routing info */
290         dst_release(skb->dst);
291         skb->dst = NULL;
292
293         /* drop conntrack reference */
294         nf_reset(skb);
295
296         spkt = (struct sockaddr_pkt*)skb->cb;
297
298         skb_push(skb, skb->data-skb->mac.raw);
299
300         /*
301          *      The SOCK_PACKET socket receives _all_ frames.
302          */
303
304         spkt->spkt_family = dev->type;
305         strlcpy(spkt->spkt_device, dev->name, sizeof(spkt->spkt_device));
306         spkt->spkt_protocol = skb->protocol;
307
308         /*
309          *      Charge the memory to the socket. This is done specifically
310          *      to prevent sockets using all the memory up.
311          */
312
313         if (sock_queue_rcv_skb(sk,skb) == 0)
314                 return 0;
315
316 out:
317         kfree_skb(skb);
318 oom:
319         return 0;
320 }
321
322
323 /*
324  *      Output a raw packet to a device layer. This bypasses all the other
325  *      protocol layers and you must therefore supply it with a complete frame
326  */
327  
328 static int packet_sendmsg_spkt(struct kiocb *iocb, struct socket *sock,
329                                struct msghdr *msg, size_t len)
330 {
331         struct sock *sk = sock->sk;
332         struct sockaddr_pkt *saddr=(struct sockaddr_pkt *)msg->msg_name;
333         struct sk_buff *skb;
334         struct net_device *dev;
335         unsigned short proto=0;
336         int err;
337         
338         /*
339          *      Get and verify the address. 
340          */
341
342         if (saddr)
343         {
344                 if (msg->msg_namelen < sizeof(struct sockaddr))
345                         return(-EINVAL);
346                 if (msg->msg_namelen==sizeof(struct sockaddr_pkt))
347                         proto=saddr->spkt_protocol;
348         }
349         else
350                 return(-ENOTCONN);      /* SOCK_PACKET must be sent giving an address */
351
352         /*
353          *      Find the device first to size check it 
354          */
355
356         saddr->spkt_device[13] = 0;
357         dev = dev_get_by_name(saddr->spkt_device);
358         err = -ENODEV;
359         if (dev == NULL)
360                 goto out_unlock;
361         
362         /*
363          *      You may not queue a frame bigger than the mtu. This is the lowest level
364          *      raw protocol and you must do your own fragmentation at this level.
365          */
366          
367         err = -EMSGSIZE;
368         if (len > dev->mtu + dev->hard_header_len)
369                 goto out_unlock;
370
371         err = -ENOBUFS;
372         skb = sock_wmalloc(sk, len + LL_RESERVED_SPACE(dev), 0, GFP_KERNEL);
373
374         /*
375          *      If the write buffer is full, then tough. At this level the user gets to
376          *      deal with the problem - do your own algorithmic backoffs. That's far
377          *      more flexible.
378          */
379          
380         if (skb == NULL) 
381                 goto out_unlock;
382
383         /*
384          *      Fill it in 
385          */
386          
387         /* FIXME: Save some space for broken drivers that write a
388          * hard header at transmission time by themselves. PPP is the
389          * notable one here. This should really be fixed at the driver level.
390          */
391         skb_reserve(skb, LL_RESERVED_SPACE(dev));
392         skb->nh.raw = skb->data;
393
394         /* Try to align data part correctly */
395         if (dev->hard_header) {
396                 skb->data -= dev->hard_header_len;
397                 skb->tail -= dev->hard_header_len;
398                 if (len < dev->hard_header_len)
399                         skb->nh.raw = skb->data;
400         }
401
402         /* Returns -EFAULT on error */
403         err = memcpy_fromiovec(skb_put(skb,len), msg->msg_iov, len);
404         skb->protocol = proto;
405         skb->dev = dev;
406         skb->priority = sk->sk_priority;
407         if (err)
408                 goto out_free;
409
410         err = -ENETDOWN;
411         if (!(dev->flags & IFF_UP))
412                 goto out_free;
413
414         /*
415          *      Now send it
416          */
417
418         dev_queue_xmit(skb);
419         dev_put(dev);
420         return(len);
421
422 out_free:
423         kfree_skb(skb);
424 out_unlock:
425         if (dev)
426                 dev_put(dev);
427         return err;
428 }
429 #endif
430
431 static inline unsigned run_filter(struct sk_buff *skb, struct sock *sk, unsigned res)
432 {
433         struct sk_filter *filter;
434
435         bh_lock_sock(sk);
436         filter = sk->sk_filter;
437         /*
438          * Our caller already checked that filter != NULL but we need to
439          * verify that under bh_lock_sock() to be safe
440          */
441         if (likely(filter != NULL))
442                 res = sk_run_filter(skb, filter->insns, filter->len);
443         bh_unlock_sock(sk);
444
445         return res;
446 }
447
448 /*
449    This function makes lazy skb cloning in hope that most of packets
450    are discarded by BPF.
451
452    Note tricky part: we DO mangle shared skb! skb->data, skb->len
453    and skb->cb are mangled. It works because (and until) packets
454    falling here are owned by current CPU. Output packets are cloned
455    by dev_queue_xmit_nit(), input packets are processed by net_bh
456    sequencially, so that if we return skb to original state on exit,
457    we will not harm anyone.
458  */
459
460 static int packet_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt, struct net_device *orig_dev)
461 {
462         struct sock *sk;
463         struct sockaddr_ll *sll;
464         struct packet_sock *po;
465         u8 * skb_head = skb->data;
466         int skb_len = skb->len;
467         unsigned snaplen;
468
469         if (skb->pkt_type == PACKET_LOOPBACK)
470                 goto drop;
471
472         sk = pt->af_packet_priv;
473         po = pkt_sk(sk);
474
475         skb->dev = dev;
476
477         if (dev->hard_header) {
478                 /* The device has an explicit notion of ll header,
479                    exported to higher levels.
480
481                    Otherwise, the device hides datails of it frame
482                    structure, so that corresponding packet head
483                    never delivered to user.
484                  */
485                 if (sk->sk_type != SOCK_DGRAM)
486                         skb_push(skb, skb->data - skb->mac.raw);
487                 else if (skb->pkt_type == PACKET_OUTGOING) {
488                         /* Special case: outgoing packets have ll header at head */
489                         skb_pull(skb, skb->nh.raw - skb->data);
490                 }
491         }
492
493         snaplen = skb->len;
494
495         if (sk->sk_filter) {
496                 unsigned res = run_filter(skb, sk, snaplen);
497                 if (res == 0)
498                         goto drop_n_restore;
499                 if (snaplen > res)
500                         snaplen = res;
501         }
502
503         if (atomic_read(&sk->sk_rmem_alloc) + skb->truesize >=
504             (unsigned)sk->sk_rcvbuf)
505                 goto drop_n_acct;
506
507         if (skb_shared(skb)) {
508                 struct sk_buff *nskb = skb_clone(skb, GFP_ATOMIC);
509                 if (nskb == NULL)
510                         goto drop_n_acct;
511
512                 if (skb_head != skb->data) {
513                         skb->data = skb_head;
514                         skb->len = skb_len;
515                 }
516                 kfree_skb(skb);
517                 skb = nskb;
518         }
519
520         sll = (struct sockaddr_ll*)skb->cb;
521         sll->sll_family = AF_PACKET;
522         sll->sll_hatype = dev->type;
523         sll->sll_protocol = skb->protocol;
524         sll->sll_pkttype = skb->pkt_type;
525         sll->sll_ifindex = dev->ifindex;
526         sll->sll_halen = 0;
527
528         if (dev->hard_header_parse)
529                 sll->sll_halen = dev->hard_header_parse(skb, sll->sll_addr);
530
531         if (pskb_trim(skb, snaplen))
532                 goto drop_n_acct;
533
534         skb_set_owner_r(skb, sk);
535         skb->dev = NULL;
536         dst_release(skb->dst);
537         skb->dst = NULL;
538
539         /* drop conntrack reference */
540         nf_reset(skb);
541
542         spin_lock(&sk->sk_receive_queue.lock);
543         po->stats.tp_packets++;
544         __skb_queue_tail(&sk->sk_receive_queue, skb);
545         spin_unlock(&sk->sk_receive_queue.lock);
546         sk->sk_data_ready(sk, skb->len);
547         return 0;
548
549 drop_n_acct:
550         spin_lock(&sk->sk_receive_queue.lock);
551         po->stats.tp_drops++;
552         spin_unlock(&sk->sk_receive_queue.lock);
553
554 drop_n_restore:
555         if (skb_head != skb->data && skb_shared(skb)) {
556                 skb->data = skb_head;
557                 skb->len = skb_len;
558         }
559 drop:
560         kfree_skb(skb);
561         return 0;
562 }
563
564 #ifdef CONFIG_PACKET_MMAP
565 static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt, struct net_device *orig_dev)
566 {
567         struct sock *sk;
568         struct packet_sock *po;
569         struct sockaddr_ll *sll;
570         struct tpacket_hdr *h;
571         u8 * skb_head = skb->data;
572         int skb_len = skb->len;
573         unsigned snaplen;
574         unsigned long status = TP_STATUS_LOSING|TP_STATUS_USER;
575         unsigned short macoff, netoff;
576         struct sk_buff *copy_skb = NULL;
577
578         if (skb->pkt_type == PACKET_LOOPBACK)
579                 goto drop;
580
581         sk = pt->af_packet_priv;
582         po = pkt_sk(sk);
583
584         if (dev->hard_header) {
585                 if (sk->sk_type != SOCK_DGRAM)
586                         skb_push(skb, skb->data - skb->mac.raw);
587                 else if (skb->pkt_type == PACKET_OUTGOING) {
588                         /* Special case: outgoing packets have ll header at head */
589                         skb_pull(skb, skb->nh.raw - skb->data);
590                         if (skb->ip_summed == CHECKSUM_HW)
591                                 status |= TP_STATUS_CSUMNOTREADY;
592                 }
593         }
594
595         snaplen = skb->len;
596
597         if (sk->sk_filter) {
598                 unsigned res = run_filter(skb, sk, snaplen);
599                 if (res == 0)
600                         goto drop_n_restore;
601                 if (snaplen > res)
602                         snaplen = res;
603         }
604
605         if (sk->sk_type == SOCK_DGRAM) {
606                 macoff = netoff = TPACKET_ALIGN(TPACKET_HDRLEN) + 16;
607         } else {
608                 unsigned maclen = skb->nh.raw - skb->data;
609                 netoff = TPACKET_ALIGN(TPACKET_HDRLEN + (maclen < 16 ? 16 : maclen));
610                 macoff = netoff - maclen;
611         }
612
613         if (macoff + snaplen > po->frame_size) {
614                 if (po->copy_thresh &&
615                     atomic_read(&sk->sk_rmem_alloc) + skb->truesize <
616                     (unsigned)sk->sk_rcvbuf) {
617                         if (skb_shared(skb)) {
618                                 copy_skb = skb_clone(skb, GFP_ATOMIC);
619                         } else {
620                                 copy_skb = skb_get(skb);
621                                 skb_head = skb->data;
622                         }
623                         if (copy_skb)
624                                 skb_set_owner_r(copy_skb, sk);
625                 }
626                 snaplen = po->frame_size - macoff;
627                 if ((int)snaplen < 0)
628                         snaplen = 0;
629         }
630         if (snaplen > skb->len-skb->data_len)
631                 snaplen = skb->len-skb->data_len;
632
633         spin_lock(&sk->sk_receive_queue.lock);
634         h = (struct tpacket_hdr *)packet_lookup_frame(po, po->head);
635         
636         if (h->tp_status)
637                 goto ring_is_full;
638         po->head = po->head != po->frame_max ? po->head+1 : 0;
639         po->stats.tp_packets++;
640         if (copy_skb) {
641                 status |= TP_STATUS_COPY;
642                 __skb_queue_tail(&sk->sk_receive_queue, copy_skb);
643         }
644         if (!po->stats.tp_drops)
645                 status &= ~TP_STATUS_LOSING;
646         spin_unlock(&sk->sk_receive_queue.lock);
647
648         memcpy((u8*)h + macoff, skb->data, snaplen);
649
650         h->tp_len = skb->len;
651         h->tp_snaplen = snaplen;
652         h->tp_mac = macoff;
653         h->tp_net = netoff;
654         if (skb->tstamp.off_sec == 0) { 
655                 __net_timestamp(skb);
656                 sock_enable_timestamp(sk);
657         }
658         h->tp_sec = skb->tstamp.off_sec;
659         h->tp_usec = skb->tstamp.off_usec;
660
661         sll = (struct sockaddr_ll*)((u8*)h + TPACKET_ALIGN(sizeof(*h)));
662         sll->sll_halen = 0;
663         if (dev->hard_header_parse)
664                 sll->sll_halen = dev->hard_header_parse(skb, sll->sll_addr);
665         sll->sll_family = AF_PACKET;
666         sll->sll_hatype = dev->type;
667         sll->sll_protocol = skb->protocol;
668         sll->sll_pkttype = skb->pkt_type;
669         sll->sll_ifindex = dev->ifindex;
670
671         h->tp_status = status;
672         mb();
673
674         {
675                 struct page *p_start, *p_end;
676                 u8 *h_end = (u8 *)h + macoff + snaplen - 1;
677
678                 p_start = virt_to_page(h);
679                 p_end = virt_to_page(h_end);
680                 while (p_start <= p_end) {
681                         flush_dcache_page(p_start);
682                         p_start++;
683                 }
684         }
685
686         sk->sk_data_ready(sk, 0);
687
688 drop_n_restore:
689         if (skb_head != skb->data && skb_shared(skb)) {
690                 skb->data = skb_head;
691                 skb->len = skb_len;
692         }
693 drop:
694         kfree_skb(skb);
695         return 0;
696
697 ring_is_full:
698         po->stats.tp_drops++;
699         spin_unlock(&sk->sk_receive_queue.lock);
700
701         sk->sk_data_ready(sk, 0);
702         if (copy_skb)
703                 kfree_skb(copy_skb);
704         goto drop_n_restore;
705 }
706
707 #endif
708
709
710 static int packet_sendmsg(struct kiocb *iocb, struct socket *sock,
711                           struct msghdr *msg, size_t len)
712 {
713         struct sock *sk = sock->sk;
714         struct sockaddr_ll *saddr=(struct sockaddr_ll *)msg->msg_name;
715         struct sk_buff *skb;
716         struct net_device *dev;
717         unsigned short proto;
718         unsigned char *addr;
719         int ifindex, err, reserve = 0;
720
721         /*
722          *      Get and verify the address. 
723          */
724          
725         if (saddr == NULL) {
726                 struct packet_sock *po = pkt_sk(sk);
727
728                 ifindex = po->ifindex;
729                 proto   = po->num;
730                 addr    = NULL;
731         } else {
732                 err = -EINVAL;
733                 if (msg->msg_namelen < sizeof(struct sockaddr_ll))
734                         goto out;
735                 if (msg->msg_namelen < (saddr->sll_halen + offsetof(struct sockaddr_ll, sll_addr)))
736                         goto out;
737                 ifindex = saddr->sll_ifindex;
738                 proto   = saddr->sll_protocol;
739                 addr    = saddr->sll_addr;
740         }
741
742
743         dev = dev_get_by_index(ifindex);
744         err = -ENXIO;
745         if (dev == NULL)
746                 goto out_unlock;
747         if (sock->type == SOCK_RAW)
748                 reserve = dev->hard_header_len;
749
750         err = -EMSGSIZE;
751         if (len > dev->mtu+reserve)
752                 goto out_unlock;
753
754         skb = sock_alloc_send_skb(sk, len + LL_RESERVED_SPACE(dev),
755                                 msg->msg_flags & MSG_DONTWAIT, &err);
756         if (skb==NULL)
757                 goto out_unlock;
758
759         skb_reserve(skb, LL_RESERVED_SPACE(dev));
760         skb->nh.raw = skb->data;
761
762         if (dev->hard_header) {
763                 int res;
764                 err = -EINVAL;
765                 res = dev->hard_header(skb, dev, ntohs(proto), addr, NULL, len);
766                 if (sock->type != SOCK_DGRAM) {
767                         skb->tail = skb->data;
768                         skb->len = 0;
769                 } else if (res < 0)
770                         goto out_free;
771         }
772
773         /* Returns -EFAULT on error */
774         err = memcpy_fromiovec(skb_put(skb,len), msg->msg_iov, len);
775         if (err)
776                 goto out_free;
777
778         skb->protocol = proto;
779         skb->dev = dev;
780         skb->priority = sk->sk_priority;
781
782         err = -ENETDOWN;
783         if (!(dev->flags & IFF_UP))
784                 goto out_free;
785
786         /*
787          *      Now send it
788          */
789
790         err = dev_queue_xmit(skb);
791         if (err > 0 && (err = net_xmit_errno(err)) != 0)
792                 goto out_unlock;
793
794         dev_put(dev);
795
796         return(len);
797
798 out_free:
799         kfree_skb(skb);
800 out_unlock:
801         if (dev)
802                 dev_put(dev);
803 out:
804         return err;
805 }
806
807 /*
808  *      Close a PACKET socket. This is fairly simple. We immediately go
809  *      to 'closed' state and remove our protocol entry in the device list.
810  */
811
812 static int packet_release(struct socket *sock)
813 {
814         struct sock *sk = sock->sk;
815         struct packet_sock *po;
816
817         if (!sk)
818                 return 0;
819
820         po = pkt_sk(sk);
821
822         write_lock_bh(&packet_sklist_lock);
823         sk_del_node_init(sk);
824         write_unlock_bh(&packet_sklist_lock);
825
826         /*
827          *      Unhook packet receive handler.
828          */
829
830         if (po->running) {
831                 /*
832                  *      Remove the protocol hook
833                  */
834                 dev_remove_pack(&po->prot_hook);
835                 po->running = 0;
836                 po->num = 0;
837                 __sock_put(sk);
838         }
839
840 #ifdef CONFIG_PACKET_MULTICAST
841         packet_flush_mclist(sk);
842 #endif
843
844 #ifdef CONFIG_PACKET_MMAP
845         if (po->pg_vec) {
846                 struct tpacket_req req;
847                 memset(&req, 0, sizeof(req));
848                 packet_set_ring(sk, &req, 1);
849         }
850 #endif
851
852         /*
853          *      Now the socket is dead. No more input will appear.
854          */
855
856         sock_orphan(sk);
857         sock->sk = NULL;
858
859         /* Purge queues */
860
861         skb_queue_purge(&sk->sk_receive_queue);
862
863         sock_put(sk);
864         return 0;
865 }
866
867 /*
868  *      Attach a packet hook.
869  */
870
871 static int packet_do_bind(struct sock *sk, struct net_device *dev, int protocol)
872 {
873         struct packet_sock *po = pkt_sk(sk);
874         /*
875          *      Detach an existing hook if present.
876          */
877
878         lock_sock(sk);
879
880         spin_lock(&po->bind_lock);
881         if (po->running) {
882                 __sock_put(sk);
883                 po->running = 0;
884                 po->num = 0;
885                 spin_unlock(&po->bind_lock);
886                 dev_remove_pack(&po->prot_hook);
887                 spin_lock(&po->bind_lock);
888         }
889
890         po->num = protocol;
891         po->prot_hook.type = protocol;
892         po->prot_hook.dev = dev;
893
894         po->ifindex = dev ? dev->ifindex : 0;
895
896         if (protocol == 0)
897                 goto out_unlock;
898
899         if (dev) {
900                 if (dev->flags&IFF_UP) {
901                         dev_add_pack(&po->prot_hook);
902                         sock_hold(sk);
903                         po->running = 1;
904                 } else {
905                         sk->sk_err = ENETDOWN;
906                         if (!sock_flag(sk, SOCK_DEAD))
907                                 sk->sk_error_report(sk);
908                 }
909         } else {
910                 dev_add_pack(&po->prot_hook);
911                 sock_hold(sk);
912                 po->running = 1;
913         }
914
915 out_unlock:
916         spin_unlock(&po->bind_lock);
917         release_sock(sk);
918         return 0;
919 }
920
921 /*
922  *      Bind a packet socket to a device
923  */
924
925 #ifdef CONFIG_SOCK_PACKET
926
927 static int packet_bind_spkt(struct socket *sock, struct sockaddr *uaddr, int addr_len)
928 {
929         struct sock *sk=sock->sk;
930         char name[15];
931         struct net_device *dev;
932         int err = -ENODEV;
933         
934         /*
935          *      Check legality
936          */
937          
938         if (addr_len != sizeof(struct sockaddr))
939                 return -EINVAL;
940         strlcpy(name,uaddr->sa_data,sizeof(name));
941
942         dev = dev_get_by_name(name);
943         if (dev) {
944                 err = packet_do_bind(sk, dev, pkt_sk(sk)->num);
945                 dev_put(dev);
946         }
947         return err;
948 }
949 #endif
950
951 static int packet_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
952 {
953         struct sockaddr_ll *sll = (struct sockaddr_ll*)uaddr;
954         struct sock *sk=sock->sk;
955         struct net_device *dev = NULL;
956         int err;
957
958
959         /*
960          *      Check legality
961          */
962          
963         if (addr_len < sizeof(struct sockaddr_ll))
964                 return -EINVAL;
965         if (sll->sll_family != AF_PACKET)
966                 return -EINVAL;
967
968         if (sll->sll_ifindex) {
969                 err = -ENODEV;
970                 dev = dev_get_by_index(sll->sll_ifindex);
971                 if (dev == NULL)
972                         goto out;
973         }
974         err = packet_do_bind(sk, dev, sll->sll_protocol ? : pkt_sk(sk)->num);
975         if (dev)
976                 dev_put(dev);
977
978 out:
979         return err;
980 }
981
982 static struct proto packet_proto = {
983         .name     = "PACKET",
984         .owner    = THIS_MODULE,
985         .obj_size = sizeof(struct packet_sock),
986 };
987
988 /*
989  *      Create a packet of type SOCK_PACKET. 
990  */
991
992 static int packet_create(struct socket *sock, int protocol)
993 {
994         struct sock *sk;
995         struct packet_sock *po;
996         int err;
997
998         if (!capable(CAP_NET_RAW))
999                 return -EPERM;
1000         if (sock->type != SOCK_DGRAM && sock->type != SOCK_RAW
1001 #ifdef CONFIG_SOCK_PACKET
1002             && sock->type != SOCK_PACKET
1003 #endif
1004             )
1005                 return -ESOCKTNOSUPPORT;
1006
1007         sock->state = SS_UNCONNECTED;
1008
1009         err = -ENOBUFS;
1010         sk = sk_alloc(PF_PACKET, GFP_KERNEL, &packet_proto, 1);
1011         if (sk == NULL)
1012                 goto out;
1013
1014         sock->ops = &packet_ops;
1015 #ifdef CONFIG_SOCK_PACKET
1016         if (sock->type == SOCK_PACKET)
1017                 sock->ops = &packet_ops_spkt;
1018 #endif
1019         sock_init_data(sock, sk);
1020
1021         po = pkt_sk(sk);
1022         sk->sk_family = PF_PACKET;
1023         po->num = protocol;
1024
1025         sk->sk_destruct = packet_sock_destruct;
1026         atomic_inc(&packet_socks_nr);
1027
1028         /*
1029          *      Attach a protocol block
1030          */
1031
1032         spin_lock_init(&po->bind_lock);
1033         po->prot_hook.func = packet_rcv;
1034 #ifdef CONFIG_SOCK_PACKET
1035         if (sock->type == SOCK_PACKET)
1036                 po->prot_hook.func = packet_rcv_spkt;
1037 #endif
1038         po->prot_hook.af_packet_priv = sk;
1039
1040         if (protocol) {
1041                 po->prot_hook.type = protocol;
1042                 dev_add_pack(&po->prot_hook);
1043                 sock_hold(sk);
1044                 po->running = 1;
1045         }
1046
1047         write_lock_bh(&packet_sklist_lock);
1048         sk_add_node(sk, &packet_sklist);
1049         write_unlock_bh(&packet_sklist_lock);
1050         return(0);
1051 out:
1052         return err;
1053 }
1054
1055 /*
1056  *      Pull a packet from our receive queue and hand it to the user.
1057  *      If necessary we block.
1058  */
1059
1060 static int packet_recvmsg(struct kiocb *iocb, struct socket *sock,
1061                           struct msghdr *msg, size_t len, int flags)
1062 {
1063         struct sock *sk = sock->sk;
1064         struct sk_buff *skb;
1065         int copied, err;
1066         struct sockaddr_ll *sll;
1067
1068         err = -EINVAL;
1069         if (flags & ~(MSG_PEEK|MSG_DONTWAIT|MSG_TRUNC|MSG_CMSG_COMPAT))
1070                 goto out;
1071
1072 #if 0
1073         /* What error should we return now? EUNATTACH? */
1074         if (pkt_sk(sk)->ifindex < 0)
1075                 return -ENODEV;
1076 #endif
1077
1078         /*
1079          *      Call the generic datagram receiver. This handles all sorts
1080          *      of horrible races and re-entrancy so we can forget about it
1081          *      in the protocol layers.
1082          *
1083          *      Now it will return ENETDOWN, if device have just gone down,
1084          *      but then it will block.
1085          */
1086
1087         skb=skb_recv_datagram(sk,flags,flags&MSG_DONTWAIT,&err);
1088
1089         /*
1090          *      An error occurred so return it. Because skb_recv_datagram() 
1091          *      handles the blocking we don't see and worry about blocking
1092          *      retries.
1093          */
1094
1095         if (skb == NULL)
1096                 goto out;
1097
1098         /*
1099          *      If the address length field is there to be filled in, we fill
1100          *      it in now.
1101          */
1102
1103         sll = (struct sockaddr_ll*)skb->cb;
1104         if (sock->type == SOCK_PACKET)
1105                 msg->msg_namelen = sizeof(struct sockaddr_pkt);
1106         else
1107                 msg->msg_namelen = sll->sll_halen + offsetof(struct sockaddr_ll, sll_addr);
1108
1109         /*
1110          *      You lose any data beyond the buffer you gave. If it worries a
1111          *      user program they can ask the device for its MTU anyway.
1112          */
1113
1114         copied = skb->len;
1115         if (copied > len)
1116         {
1117                 copied=len;
1118                 msg->msg_flags|=MSG_TRUNC;
1119         }
1120
1121         err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
1122         if (err)
1123                 goto out_free;
1124
1125         sock_recv_timestamp(msg, sk, skb);
1126
1127         if (msg->msg_name)
1128                 memcpy(msg->msg_name, skb->cb, msg->msg_namelen);
1129
1130         /*
1131          *      Free or return the buffer as appropriate. Again this
1132          *      hides all the races and re-entrancy issues from us.
1133          */
1134         err = (flags&MSG_TRUNC) ? skb->len : copied;
1135
1136 out_free:
1137         skb_free_datagram(sk, skb);
1138 out:
1139         return err;
1140 }
1141
1142 #ifdef CONFIG_SOCK_PACKET
1143 static int packet_getname_spkt(struct socket *sock, struct sockaddr *uaddr,
1144                                int *uaddr_len, int peer)
1145 {
1146         struct net_device *dev;
1147         struct sock *sk = sock->sk;
1148
1149         if (peer)
1150                 return -EOPNOTSUPP;
1151
1152         uaddr->sa_family = AF_PACKET;
1153         dev = dev_get_by_index(pkt_sk(sk)->ifindex);
1154         if (dev) {
1155                 strlcpy(uaddr->sa_data, dev->name, 15);
1156                 dev_put(dev);
1157         } else
1158                 memset(uaddr->sa_data, 0, 14);
1159         *uaddr_len = sizeof(*uaddr);
1160
1161         return 0;
1162 }
1163 #endif
1164
1165 static int packet_getname(struct socket *sock, struct sockaddr *uaddr,
1166                           int *uaddr_len, int peer)
1167 {
1168         struct net_device *dev;
1169         struct sock *sk = sock->sk;
1170         struct packet_sock *po = pkt_sk(sk);
1171         struct sockaddr_ll *sll = (struct sockaddr_ll*)uaddr;
1172
1173         if (peer)
1174                 return -EOPNOTSUPP;
1175
1176         sll->sll_family = AF_PACKET;
1177         sll->sll_ifindex = po->ifindex;
1178         sll->sll_protocol = po->num;
1179         dev = dev_get_by_index(po->ifindex);
1180         if (dev) {
1181                 sll->sll_hatype = dev->type;
1182                 sll->sll_halen = dev->addr_len;
1183                 memcpy(sll->sll_addr, dev->dev_addr, dev->addr_len);
1184                 dev_put(dev);
1185         } else {
1186                 sll->sll_hatype = 0;    /* Bad: we have no ARPHRD_UNSPEC */
1187                 sll->sll_halen = 0;
1188         }
1189         *uaddr_len = offsetof(struct sockaddr_ll, sll_addr) + sll->sll_halen;
1190
1191         return 0;
1192 }
1193
1194 #ifdef CONFIG_PACKET_MULTICAST
1195 static void packet_dev_mc(struct net_device *dev, struct packet_mclist *i, int what)
1196 {
1197         switch (i->type) {
1198         case PACKET_MR_MULTICAST:
1199                 if (what > 0)
1200                         dev_mc_add(dev, i->addr, i->alen, 0);
1201                 else
1202                         dev_mc_delete(dev, i->addr, i->alen, 0);
1203                 break;
1204         case PACKET_MR_PROMISC:
1205                 dev_set_promiscuity(dev, what);
1206                 break;
1207         case PACKET_MR_ALLMULTI:
1208                 dev_set_allmulti(dev, what);
1209                 break;
1210         default:;
1211         }
1212 }
1213
1214 static void packet_dev_mclist(struct net_device *dev, struct packet_mclist *i, int what)
1215 {
1216         for ( ; i; i=i->next) {
1217                 if (i->ifindex == dev->ifindex)
1218                         packet_dev_mc(dev, i, what);
1219         }
1220 }
1221
1222 static int packet_mc_add(struct sock *sk, struct packet_mreq_max *mreq)
1223 {
1224         struct packet_sock *po = pkt_sk(sk);
1225         struct packet_mclist *ml, *i;
1226         struct net_device *dev;
1227         int err;
1228
1229         rtnl_lock();
1230
1231         err = -ENODEV;
1232         dev = __dev_get_by_index(mreq->mr_ifindex);
1233         if (!dev)
1234                 goto done;
1235
1236         err = -EINVAL;
1237         if (mreq->mr_alen > dev->addr_len)
1238                 goto done;
1239
1240         err = -ENOBUFS;
1241         i = kmalloc(sizeof(*i), GFP_KERNEL);
1242         if (i == NULL)
1243                 goto done;
1244
1245         err = 0;
1246         for (ml = po->mclist; ml; ml = ml->next) {
1247                 if (ml->ifindex == mreq->mr_ifindex &&
1248                     ml->type == mreq->mr_type &&
1249                     ml->alen == mreq->mr_alen &&
1250                     memcmp(ml->addr, mreq->mr_address, ml->alen) == 0) {
1251                         ml->count++;
1252                         /* Free the new element ... */
1253                         kfree(i);
1254                         goto done;
1255                 }
1256         }
1257
1258         i->type = mreq->mr_type;
1259         i->ifindex = mreq->mr_ifindex;
1260         i->alen = mreq->mr_alen;
1261         memcpy(i->addr, mreq->mr_address, i->alen);
1262         i->count = 1;
1263         i->next = po->mclist;
1264         po->mclist = i;
1265         packet_dev_mc(dev, i, +1);
1266
1267 done:
1268         rtnl_unlock();
1269         return err;
1270 }
1271
1272 static int packet_mc_drop(struct sock *sk, struct packet_mreq_max *mreq)
1273 {
1274         struct packet_mclist *ml, **mlp;
1275
1276         rtnl_lock();
1277
1278         for (mlp = &pkt_sk(sk)->mclist; (ml = *mlp) != NULL; mlp = &ml->next) {
1279                 if (ml->ifindex == mreq->mr_ifindex &&
1280                     ml->type == mreq->mr_type &&
1281                     ml->alen == mreq->mr_alen &&
1282                     memcmp(ml->addr, mreq->mr_address, ml->alen) == 0) {
1283                         if (--ml->count == 0) {
1284                                 struct net_device *dev;
1285                                 *mlp = ml->next;
1286                                 dev = dev_get_by_index(ml->ifindex);
1287                                 if (dev) {
1288                                         packet_dev_mc(dev, ml, -1);
1289                                         dev_put(dev);
1290                                 }
1291                                 kfree(ml);
1292                         }
1293                         rtnl_unlock();
1294                         return 0;
1295                 }
1296         }
1297         rtnl_unlock();
1298         return -EADDRNOTAVAIL;
1299 }
1300
1301 static void packet_flush_mclist(struct sock *sk)
1302 {
1303         struct packet_sock *po = pkt_sk(sk);
1304         struct packet_mclist *ml;
1305
1306         if (!po->mclist)
1307                 return;
1308
1309         rtnl_lock();
1310         while ((ml = po->mclist) != NULL) {
1311                 struct net_device *dev;
1312
1313                 po->mclist = ml->next;
1314                 if ((dev = dev_get_by_index(ml->ifindex)) != NULL) {
1315                         packet_dev_mc(dev, ml, -1);
1316                         dev_put(dev);
1317                 }
1318                 kfree(ml);
1319         }
1320         rtnl_unlock();
1321 }
1322 #endif
1323
1324 static int
1325 packet_setsockopt(struct socket *sock, int level, int optname, char __user *optval, int optlen)
1326 {
1327         struct sock *sk = sock->sk;
1328         int ret;
1329
1330         if (level != SOL_PACKET)
1331                 return -ENOPROTOOPT;
1332
1333         switch(optname) {
1334 #ifdef CONFIG_PACKET_MULTICAST
1335         case PACKET_ADD_MEMBERSHIP:     
1336         case PACKET_DROP_MEMBERSHIP:
1337         {
1338                 struct packet_mreq_max mreq;
1339                 int len = optlen;
1340                 memset(&mreq, 0, sizeof(mreq));
1341                 if (len < sizeof(struct packet_mreq))
1342                         return -EINVAL;
1343                 if (len > sizeof(mreq))
1344                         len = sizeof(mreq);
1345                 if (copy_from_user(&mreq,optval,len))
1346                         return -EFAULT;
1347                 if (len < (mreq.mr_alen + offsetof(struct packet_mreq, mr_address)))
1348                         return -EINVAL;
1349                 if (optname == PACKET_ADD_MEMBERSHIP)
1350                         ret = packet_mc_add(sk, &mreq);
1351                 else
1352                         ret = packet_mc_drop(sk, &mreq);
1353                 return ret;
1354         }
1355 #endif
1356 #ifdef CONFIG_PACKET_MMAP
1357         case PACKET_RX_RING:
1358         {
1359                 struct tpacket_req req;
1360
1361                 if (optlen<sizeof(req))
1362                         return -EINVAL;
1363                 if (copy_from_user(&req,optval,sizeof(req)))
1364                         return -EFAULT;
1365                 return packet_set_ring(sk, &req, 0);
1366         }
1367         case PACKET_COPY_THRESH:
1368         {
1369                 int val;
1370
1371                 if (optlen!=sizeof(val))
1372                         return -EINVAL;
1373                 if (copy_from_user(&val,optval,sizeof(val)))
1374                         return -EFAULT;
1375
1376                 pkt_sk(sk)->copy_thresh = val;
1377                 return 0;
1378         }
1379 #endif
1380         default:
1381                 return -ENOPROTOOPT;
1382         }
1383 }
1384
1385 static int packet_getsockopt(struct socket *sock, int level, int optname,
1386                              char __user *optval, int __user *optlen)
1387 {
1388         int len;
1389         struct sock *sk = sock->sk;
1390         struct packet_sock *po = pkt_sk(sk);
1391
1392         if (level != SOL_PACKET)
1393                 return -ENOPROTOOPT;
1394
1395         if (get_user(len, optlen))
1396                 return -EFAULT;
1397
1398         if (len < 0)
1399                 return -EINVAL;
1400                 
1401         switch(optname) {
1402         case PACKET_STATISTICS:
1403         {
1404                 struct tpacket_stats st;
1405
1406                 if (len > sizeof(struct tpacket_stats))
1407                         len = sizeof(struct tpacket_stats);
1408                 spin_lock_bh(&sk->sk_receive_queue.lock);
1409                 st = po->stats;
1410                 memset(&po->stats, 0, sizeof(st));
1411                 spin_unlock_bh(&sk->sk_receive_queue.lock);
1412                 st.tp_packets += st.tp_drops;
1413
1414                 if (copy_to_user(optval, &st, len))
1415                         return -EFAULT;
1416                 break;
1417         }
1418         default:
1419                 return -ENOPROTOOPT;
1420         }
1421
1422         if (put_user(len, optlen))
1423                 return -EFAULT;
1424         return 0;
1425 }
1426
1427
1428 static int packet_notifier(struct notifier_block *this, unsigned long msg, void *data)
1429 {
1430         struct sock *sk;
1431         struct hlist_node *node;
1432         struct net_device *dev = (struct net_device*)data;
1433
1434         read_lock(&packet_sklist_lock);
1435         sk_for_each(sk, node, &packet_sklist) {
1436                 struct packet_sock *po = pkt_sk(sk);
1437
1438                 switch (msg) {
1439                 case NETDEV_UNREGISTER:
1440 #ifdef CONFIG_PACKET_MULTICAST
1441                         if (po->mclist)
1442                                 packet_dev_mclist(dev, po->mclist, -1);
1443                         // fallthrough
1444 #endif
1445                 case NETDEV_DOWN:
1446                         if (dev->ifindex == po->ifindex) {
1447                                 spin_lock(&po->bind_lock);
1448                                 if (po->running) {
1449                                         __dev_remove_pack(&po->prot_hook);
1450                                         __sock_put(sk);
1451                                         po->running = 0;
1452                                         sk->sk_err = ENETDOWN;
1453                                         if (!sock_flag(sk, SOCK_DEAD))
1454                                                 sk->sk_error_report(sk);
1455                                 }
1456                                 if (msg == NETDEV_UNREGISTER) {
1457                                         po->ifindex = -1;
1458                                         po->prot_hook.dev = NULL;
1459                                 }
1460                                 spin_unlock(&po->bind_lock);
1461                         }
1462                         break;
1463                 case NETDEV_UP:
1464                         spin_lock(&po->bind_lock);
1465                         if (dev->ifindex == po->ifindex && po->num &&
1466                             !po->running) {
1467                                 dev_add_pack(&po->prot_hook);
1468                                 sock_hold(sk);
1469                                 po->running = 1;
1470                         }
1471                         spin_unlock(&po->bind_lock);
1472                         break;
1473                 }
1474         }
1475         read_unlock(&packet_sklist_lock);
1476         return NOTIFY_DONE;
1477 }
1478
1479
1480 static int packet_ioctl(struct socket *sock, unsigned int cmd,
1481                         unsigned long arg)
1482 {
1483         struct sock *sk = sock->sk;
1484
1485         switch(cmd) {
1486                 case SIOCOUTQ:
1487                 {
1488                         int amount = atomic_read(&sk->sk_wmem_alloc);
1489                         return put_user(amount, (int __user *)arg);
1490                 }
1491                 case SIOCINQ:
1492                 {
1493                         struct sk_buff *skb;
1494                         int amount = 0;
1495
1496                         spin_lock_bh(&sk->sk_receive_queue.lock);
1497                         skb = skb_peek(&sk->sk_receive_queue);
1498                         if (skb)
1499                                 amount = skb->len;
1500                         spin_unlock_bh(&sk->sk_receive_queue.lock);
1501                         return put_user(amount, (int __user *)arg);
1502                 }
1503                 case SIOCGSTAMP:
1504                         return sock_get_timestamp(sk, (struct timeval __user *)arg);
1505                         
1506 #ifdef CONFIG_INET
1507                 case SIOCADDRT:
1508                 case SIOCDELRT:
1509                 case SIOCDARP:
1510                 case SIOCGARP:
1511                 case SIOCSARP:
1512                 case SIOCGIFADDR:
1513                 case SIOCSIFADDR:
1514                 case SIOCGIFBRDADDR:
1515                 case SIOCSIFBRDADDR:
1516                 case SIOCGIFNETMASK:
1517                 case SIOCSIFNETMASK:
1518                 case SIOCGIFDSTADDR:
1519                 case SIOCSIFDSTADDR:
1520                 case SIOCSIFFLAGS:
1521                         return inet_dgram_ops.ioctl(sock, cmd, arg);
1522 #endif
1523
1524                 default:
1525                         return -ENOIOCTLCMD;
1526         }
1527         return 0;
1528 }
1529
1530 #ifndef CONFIG_PACKET_MMAP
1531 #define packet_mmap sock_no_mmap
1532 #define packet_poll datagram_poll
1533 #else
1534
1535 static unsigned int packet_poll(struct file * file, struct socket *sock,
1536                                 poll_table *wait)
1537 {
1538         struct sock *sk = sock->sk;
1539         struct packet_sock *po = pkt_sk(sk);
1540         unsigned int mask = datagram_poll(file, sock, wait);
1541
1542         spin_lock_bh(&sk->sk_receive_queue.lock);
1543         if (po->pg_vec) {
1544                 unsigned last = po->head ? po->head-1 : po->frame_max;
1545                 struct tpacket_hdr *h;
1546
1547                 h = (struct tpacket_hdr *)packet_lookup_frame(po, last);
1548
1549                 if (h->tp_status)
1550                         mask |= POLLIN | POLLRDNORM;
1551         }
1552         spin_unlock_bh(&sk->sk_receive_queue.lock);
1553         return mask;
1554 }
1555
1556
1557 /* Dirty? Well, I still did not learn better way to account
1558  * for user mmaps.
1559  */
1560
1561 static void packet_mm_open(struct vm_area_struct *vma)
1562 {
1563         struct file *file = vma->vm_file;
1564         struct socket * sock = file->private_data;
1565         struct sock *sk = sock->sk;
1566         
1567         if (sk)
1568                 atomic_inc(&pkt_sk(sk)->mapped);
1569 }
1570
1571 static void packet_mm_close(struct vm_area_struct *vma)
1572 {
1573         struct file *file = vma->vm_file;
1574         struct socket * sock = file->private_data;
1575         struct sock *sk = sock->sk;
1576         
1577         if (sk)
1578                 atomic_dec(&pkt_sk(sk)->mapped);
1579 }
1580
1581 static struct vm_operations_struct packet_mmap_ops = {
1582         .open = packet_mm_open,
1583         .close =packet_mm_close,
1584 };
1585
1586 static inline struct page *pg_vec_endpage(char *one_pg_vec, unsigned int order)
1587 {
1588         return virt_to_page(one_pg_vec + (PAGE_SIZE << order) - 1);
1589 }
1590
1591 static void free_pg_vec(char **pg_vec, unsigned int order, unsigned int len)
1592 {
1593         int i;
1594
1595         for (i = 0; i < len; i++) {
1596                 if (likely(pg_vec[i]))
1597                         free_pages((unsigned long) pg_vec[i], order);
1598         }
1599         kfree(pg_vec);
1600 }
1601
1602 static inline char *alloc_one_pg_vec_page(unsigned long order)
1603 {
1604         return (char *) __get_free_pages(GFP_KERNEL | __GFP_COMP | __GFP_ZERO,
1605                                          order);
1606 }
1607
1608 static char **alloc_pg_vec(struct tpacket_req *req, int order)
1609 {
1610         unsigned int block_nr = req->tp_block_nr;
1611         char **pg_vec;
1612         int i;
1613
1614         pg_vec = kzalloc(block_nr * sizeof(char *), GFP_KERNEL);
1615         if (unlikely(!pg_vec))
1616                 goto out;
1617
1618         for (i = 0; i < block_nr; i++) {
1619                 pg_vec[i] = alloc_one_pg_vec_page(order);
1620                 if (unlikely(!pg_vec[i]))
1621                         goto out_free_pgvec;
1622         }
1623
1624 out:
1625         return pg_vec;
1626
1627 out_free_pgvec:
1628         free_pg_vec(pg_vec, order, block_nr);
1629         pg_vec = NULL;
1630         goto out;
1631 }
1632
1633 static int packet_set_ring(struct sock *sk, struct tpacket_req *req, int closing)
1634 {
1635         char **pg_vec = NULL;
1636         struct packet_sock *po = pkt_sk(sk);
1637         int was_running, num, order = 0;
1638         int err = 0;
1639         
1640         if (req->tp_block_nr) {
1641                 int i, l;
1642
1643                 /* Sanity tests and some calculations */
1644
1645                 if (unlikely(po->pg_vec))
1646                         return -EBUSY;
1647
1648                 if (unlikely((int)req->tp_block_size <= 0))
1649                         return -EINVAL;
1650                 if (unlikely(req->tp_block_size & (PAGE_SIZE - 1)))
1651                         return -EINVAL;
1652                 if (unlikely(req->tp_frame_size < TPACKET_HDRLEN))
1653                         return -EINVAL;
1654                 if (unlikely(req->tp_frame_size & (TPACKET_ALIGNMENT - 1)))
1655                         return -EINVAL;
1656
1657                 po->frames_per_block = req->tp_block_size/req->tp_frame_size;
1658                 if (unlikely(po->frames_per_block <= 0))
1659                         return -EINVAL;
1660                 if (unlikely((po->frames_per_block * req->tp_block_nr) !=
1661                              req->tp_frame_nr))
1662                         return -EINVAL;
1663
1664                 err = -ENOMEM;
1665                 order = get_order(req->tp_block_size);
1666                 pg_vec = alloc_pg_vec(req, order);
1667                 if (unlikely(!pg_vec))
1668                         goto out;
1669
1670                 l = 0;
1671                 for (i = 0; i < req->tp_block_nr; i++) {
1672                         char *ptr = pg_vec[i];
1673                         struct tpacket_hdr *header;
1674                         int k;
1675
1676                         for (k = 0; k < po->frames_per_block; k++) {
1677                                 header = (struct tpacket_hdr *) ptr;
1678                                 header->tp_status = TP_STATUS_KERNEL;
1679                                 ptr += req->tp_frame_size;
1680                         }
1681                 }
1682                 /* Done */
1683         } else {
1684                 if (unlikely(req->tp_frame_nr))
1685                         return -EINVAL;
1686         }
1687
1688         lock_sock(sk);
1689
1690         /* Detach socket from network */
1691         spin_lock(&po->bind_lock);
1692         was_running = po->running;
1693         num = po->num;
1694         if (was_running) {
1695                 __dev_remove_pack(&po->prot_hook);
1696                 po->num = 0;
1697                 po->running = 0;
1698                 __sock_put(sk);
1699         }
1700         spin_unlock(&po->bind_lock);
1701                 
1702         synchronize_net();
1703
1704         err = -EBUSY;
1705         if (closing || atomic_read(&po->mapped) == 0) {
1706                 err = 0;
1707 #define XC(a, b) ({ __typeof__ ((a)) __t; __t = (a); (a) = (b); __t; })
1708
1709                 spin_lock_bh(&sk->sk_receive_queue.lock);
1710                 pg_vec = XC(po->pg_vec, pg_vec);
1711                 po->frame_max = (req->tp_frame_nr - 1);
1712                 po->head = 0;
1713                 po->frame_size = req->tp_frame_size;
1714                 spin_unlock_bh(&sk->sk_receive_queue.lock);
1715
1716                 order = XC(po->pg_vec_order, order);
1717                 req->tp_block_nr = XC(po->pg_vec_len, req->tp_block_nr);
1718
1719                 po->pg_vec_pages = req->tp_block_size/PAGE_SIZE;
1720                 po->prot_hook.func = po->pg_vec ? tpacket_rcv : packet_rcv;
1721                 skb_queue_purge(&sk->sk_receive_queue);
1722 #undef XC
1723                 if (atomic_read(&po->mapped))
1724                         printk(KERN_DEBUG "packet_mmap: vma is busy: %d\n", atomic_read(&po->mapped));
1725         }
1726
1727         spin_lock(&po->bind_lock);
1728         if (was_running && !po->running) {
1729                 sock_hold(sk);
1730                 po->running = 1;
1731                 po->num = num;
1732                 dev_add_pack(&po->prot_hook);
1733         }
1734         spin_unlock(&po->bind_lock);
1735
1736         release_sock(sk);
1737
1738         if (pg_vec)
1739                 free_pg_vec(pg_vec, order, req->tp_block_nr);
1740 out:
1741         return err;
1742 }
1743
1744 static int packet_mmap(struct file *file, struct socket *sock, struct vm_area_struct *vma)
1745 {
1746         struct sock *sk = sock->sk;
1747         struct packet_sock *po = pkt_sk(sk);
1748         unsigned long size;
1749         unsigned long start;
1750         int err = -EINVAL;
1751         int i;
1752
1753         if (vma->vm_pgoff)
1754                 return -EINVAL;
1755
1756         size = vma->vm_end - vma->vm_start;
1757
1758         lock_sock(sk);
1759         if (po->pg_vec == NULL)
1760                 goto out;
1761         if (size != po->pg_vec_len*po->pg_vec_pages*PAGE_SIZE)
1762                 goto out;
1763
1764         start = vma->vm_start;
1765         for (i = 0; i < po->pg_vec_len; i++) {
1766                 struct page *page = virt_to_page(po->pg_vec[i]);
1767                 int pg_num;
1768
1769                 for (pg_num = 0; pg_num < po->pg_vec_pages; pg_num++, page++) {
1770                         err = vm_insert_page(vma, start, page);
1771                         if (unlikely(err))
1772                                 goto out;
1773                         start += PAGE_SIZE;
1774                 }
1775         }
1776         atomic_inc(&po->mapped);
1777         vma->vm_ops = &packet_mmap_ops;
1778         err = 0;
1779
1780 out:
1781         release_sock(sk);
1782         return err;
1783 }
1784 #endif
1785
1786
1787 #ifdef CONFIG_SOCK_PACKET
1788 static const struct proto_ops packet_ops_spkt = {
1789         .family =       PF_PACKET,
1790         .owner =        THIS_MODULE,
1791         .release =      packet_release,
1792         .bind =         packet_bind_spkt,
1793         .connect =      sock_no_connect,
1794         .socketpair =   sock_no_socketpair,
1795         .accept =       sock_no_accept,
1796         .getname =      packet_getname_spkt,
1797         .poll =         datagram_poll,
1798         .ioctl =        packet_ioctl,
1799         .listen =       sock_no_listen,
1800         .shutdown =     sock_no_shutdown,
1801         .setsockopt =   sock_no_setsockopt,
1802         .getsockopt =   sock_no_getsockopt,
1803         .sendmsg =      packet_sendmsg_spkt,
1804         .recvmsg =      packet_recvmsg,
1805         .mmap =         sock_no_mmap,
1806         .sendpage =     sock_no_sendpage,
1807 };
1808 #endif
1809
1810 static const struct proto_ops packet_ops = {
1811         .family =       PF_PACKET,
1812         .owner =        THIS_MODULE,
1813         .release =      packet_release,
1814         .bind =         packet_bind,
1815         .connect =      sock_no_connect,
1816         .socketpair =   sock_no_socketpair,
1817         .accept =       sock_no_accept,
1818         .getname =      packet_getname, 
1819         .poll =         packet_poll,
1820         .ioctl =        packet_ioctl,
1821         .listen =       sock_no_listen,
1822         .shutdown =     sock_no_shutdown,
1823         .setsockopt =   packet_setsockopt,
1824         .getsockopt =   packet_getsockopt,
1825         .sendmsg =      packet_sendmsg,
1826         .recvmsg =      packet_recvmsg,
1827         .mmap =         packet_mmap,
1828         .sendpage =     sock_no_sendpage,
1829 };
1830
1831 static struct net_proto_family packet_family_ops = {
1832         .family =       PF_PACKET,
1833         .create =       packet_create,
1834         .owner  =       THIS_MODULE,
1835 };
1836
1837 static struct notifier_block packet_netdev_notifier = {
1838         .notifier_call =packet_notifier,
1839 };
1840
1841 #ifdef CONFIG_PROC_FS
1842 static inline struct sock *packet_seq_idx(loff_t off)
1843 {
1844         struct sock *s;
1845         struct hlist_node *node;
1846
1847         sk_for_each(s, node, &packet_sklist) {
1848                 if (!off--)
1849                         return s;
1850         }
1851         return NULL;
1852 }
1853
1854 static void *packet_seq_start(struct seq_file *seq, loff_t *pos)
1855 {
1856         read_lock(&packet_sklist_lock);
1857         return *pos ? packet_seq_idx(*pos - 1) : SEQ_START_TOKEN;
1858 }
1859
1860 static void *packet_seq_next(struct seq_file *seq, void *v, loff_t *pos)
1861 {
1862         ++*pos;
1863         return  (v == SEQ_START_TOKEN) 
1864                 ? sk_head(&packet_sklist) 
1865                 : sk_next((struct sock*)v) ;
1866 }
1867
1868 static void packet_seq_stop(struct seq_file *seq, void *v)
1869 {
1870         read_unlock(&packet_sklist_lock);               
1871 }
1872
1873 static int packet_seq_show(struct seq_file *seq, void *v) 
1874 {
1875         if (v == SEQ_START_TOKEN)
1876                 seq_puts(seq, "sk       RefCnt Type Proto  Iface R Rmem   User   Inode\n");
1877         else {
1878                 struct sock *s = v;
1879                 const struct packet_sock *po = pkt_sk(s);
1880
1881                 seq_printf(seq,
1882                            "%p %-6d %-4d %04x   %-5d %1d %-6u %-6u %-6lu\n",
1883                            s,
1884                            atomic_read(&s->sk_refcnt),
1885                            s->sk_type,
1886                            ntohs(po->num),
1887                            po->ifindex,
1888                            po->running,
1889                            atomic_read(&s->sk_rmem_alloc),
1890                            sock_i_uid(s),
1891                            sock_i_ino(s) );
1892         }
1893
1894         return 0;
1895 }
1896
1897 static struct seq_operations packet_seq_ops = {
1898         .start  = packet_seq_start,
1899         .next   = packet_seq_next,
1900         .stop   = packet_seq_stop,
1901         .show   = packet_seq_show,
1902 };
1903
1904 static int packet_seq_open(struct inode *inode, struct file *file)
1905 {
1906         return seq_open(file, &packet_seq_ops);
1907 }
1908
1909 static struct file_operations packet_seq_fops = {
1910         .owner          = THIS_MODULE,
1911         .open           = packet_seq_open,
1912         .read           = seq_read,
1913         .llseek         = seq_lseek,
1914         .release        = seq_release,
1915 };
1916
1917 #endif
1918
1919 static void __exit packet_exit(void)
1920 {
1921         proc_net_remove("packet");
1922         unregister_netdevice_notifier(&packet_netdev_notifier);
1923         sock_unregister(PF_PACKET);
1924         proto_unregister(&packet_proto);
1925 }
1926
1927 static int __init packet_init(void)
1928 {
1929         int rc = proto_register(&packet_proto, 0);
1930
1931         if (rc != 0)
1932                 goto out;
1933
1934         sock_register(&packet_family_ops);
1935         register_netdevice_notifier(&packet_netdev_notifier);
1936         proc_net_fops_create("packet", 0, &packet_seq_fops);
1937 out:
1938         return rc;
1939 }
1940
1941 module_init(packet_init);
1942 module_exit(packet_exit);
1943 MODULE_LICENSE("GPL");
1944 MODULE_ALIAS_NETPROTO(PF_PACKET);