| yuezonghe | 824eb0c | 2024-06-27 02:32:26 -0700 | [diff] [blame] | 1 | #ifndef __NET_FRAG_H__ |
| 2 | #define __NET_FRAG_H__ |
| 3 | |
| 4 | struct netns_frags { |
| 5 | int nqueues; |
| 6 | atomic_t mem; |
| 7 | struct list_head lru_list; |
| 8 | spinlock_t lru_lock; //hub:CVE-2014-0100 |
| 9 | |
| 10 | /* sysctls */ |
| 11 | int timeout; |
| 12 | int high_thresh; |
| 13 | int low_thresh; |
| 14 | }; |
| 15 | |
| 16 | struct inet_frag_queue { |
| 17 | struct hlist_node list; |
| 18 | struct netns_frags *net; |
| 19 | struct list_head lru_list; /* lru list member */ |
| 20 | spinlock_t lock; |
| 21 | atomic_t refcnt; |
| 22 | struct timer_list timer; /* when will this queue expire? */ |
| 23 | struct sk_buff *fragments; /* list of received fragments */ |
| 24 | struct sk_buff *fragments_tail; |
| 25 | ktime_t stamp; |
| 26 | int len; /* total length of orig datagram */ |
| 27 | int meat; |
| 28 | __u8 last_in; /* first/last segment arrived? */ |
| 29 | |
| 30 | #define INET_FRAG_COMPLETE 4 |
| 31 | #define INET_FRAG_FIRST_IN 2 |
| 32 | #define INET_FRAG_LAST_IN 1 |
| 33 | }; |
| 34 | |
| 35 | #define INETFRAGS_HASHSZ 64 |
| 36 | |
| 37 | /* averaged: |
| 38 | * max_depth = default ipfrag_high_thresh / INETFRAGS_HASHSZ / |
| 39 | * rounded up (SKB_TRUELEN(0) + sizeof(struct ipq or |
| 40 | * struct frag_queue)) |
| 41 | */ |
| 42 | #define INETFRAGS_MAXDEPTH 128 |
| 43 | |
| 44 | struct inet_frags { |
| 45 | struct hlist_head hash[INETFRAGS_HASHSZ]; |
| 46 | rwlock_t lock; |
| 47 | u32 rnd; |
| 48 | int qsize; |
| 49 | int secret_interval; |
| 50 | struct timer_list secret_timer; |
| 51 | |
| 52 | unsigned int (*hashfn)(struct inet_frag_queue *); |
| 53 | void (*constructor)(struct inet_frag_queue *q, |
| 54 | void *arg); |
| 55 | void (*destructor)(struct inet_frag_queue *); |
| 56 | void (*skb_free)(struct sk_buff *); |
| 57 | int (*match)(struct inet_frag_queue *q, |
| 58 | void *arg); |
| 59 | void (*frag_expire)(unsigned long data); |
| 60 | }; |
| 61 | |
| 62 | void inet_frags_init(struct inet_frags *); |
| 63 | void inet_frags_fini(struct inet_frags *); |
| 64 | |
| 65 | void inet_frags_init_net(struct netns_frags *nf); |
| 66 | void inet_frags_exit_net(struct netns_frags *nf, struct inet_frags *f); |
| 67 | |
| 68 | void inet_frag_kill(struct inet_frag_queue *q, struct inet_frags *f); |
| 69 | void inet_frag_destroy(struct inet_frag_queue *q, |
| 70 | struct inet_frags *f, int *work); |
| 71 | int inet_frag_evictor(struct netns_frags *nf, struct inet_frags *f); |
| 72 | struct inet_frag_queue *inet_frag_find(struct netns_frags *nf, |
| 73 | struct inet_frags *f, void *key, unsigned int hash) |
| 74 | __releases(&f->lock); |
| 75 | void inet_frag_maybe_warn_overflow(struct inet_frag_queue *q, |
| 76 | const char *prefix); |
| 77 | |
| 78 | static inline void inet_frag_put(struct inet_frag_queue *q, struct inet_frags *f) |
| 79 | { |
| 80 | if (atomic_dec_and_test(&q->refcnt)) |
| 81 | inet_frag_destroy(q, f, NULL); |
| 82 | } |
| 83 | |
| 84 | //hub:CVE-2014-0100 |
| 85 | static inline void inet_frag_lru_move(struct inet_frag_queue* q) |
| 86 | { |
| 87 | spin_lock(&q->net->lru_lock); |
| 88 | list_move_tail(&q->lru_list, &q->net->lru_list); |
| 89 | spin_unlock(&q->net->lru_lock); |
| 90 | } |
| 91 | |
| 92 | static inline void inet_frag_lru_del(struct inet_frag_queue *q) |
| 93 | { |
| 94 | spin_lock(&q->net->lru_lock); |
| 95 | list_del(&q->lru_list); |
| 96 | spin_unlock(&q->net->lru_lock); |
| 97 | } |
| 98 | |
| 99 | static inline void inet_frag_lru_add(struct netns_frags *nf, struct inet_frag_queue *q) |
| 100 | { |
| 101 | spin_lock(&nf->lru_lock); |
| 102 | list_add_tail(&q->lru_list, &nf->lru_list); |
| 103 | spin_unlock(&nf->lru_lock); |
| 104 | } |
| 105 | |
| 106 | #endif |