/*
 * netsniff-ng - the packet sniffing beast
 * Copyright 2011 Daniel Borkmann.
 * Subject to the GPL, version 2.
 */

#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#include <string.h>
#include <errno.h>
#include <time.h>
#include <unistd.h>
#include <netdb.h>
#include <netinet/in.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <sys/select.h>

#include "xmalloc.h"
#include "xutils.h"
#include "die.h"

extern int print_stun_probe(char *server, int sport, int tport);

#define BINDING_REQUEST               0x0001
#define BINDING_RESPONSE              0x0101

#define MAPPED_ADDRESS                0x0001

#define TIMEOUT                       5000
#define REQUEST_LEN                   20

#define ID_COOKIE_FIELD               htonl(((int) 'a' << 24) + \
					    ((int) 'c' << 16) + \
					    ((int) 'd' <<  8) + \
					     (int) 'c')

struct stun_header {
	uint16_t type;
	uint16_t len;
	uint32_t magic_cookie; 
	uint32_t transid[3];
};

struct stun_attrib {
	uint16_t type;
	uint16_t len;
	uint8_t *value;
};

struct stun_mapped_addr {
	uint8_t none;
	uint8_t family;
	uint16_t port;
	uint32_t ip;
};

static int stun_test(const char *server_ip, int server_port,
		     int tun_port)
{
	int ret, sock;
	uint8_t pkt[256];
	uint8_t rpkt[256];
	size_t len, off, max;
	struct in_addr in;
	struct timeval timeout;
	struct stun_header *hdr, *rhdr;
	struct stun_attrib *attr;
	struct stun_mapped_addr *addr;
	struct sockaddr_in saddr, daddr;
	fd_set fdset;

	if (!server_ip)
		return -EINVAL;

	sock = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP);
	if (sock < 0)
		panic("Cannot obtain socket!\n");

	set_reuseaddr(sock);

	saddr.sin_family = PF_INET;
	saddr.sin_port = htons(tun_port);
	saddr.sin_addr.s_addr = INADDR_ANY;

	ret = bind(sock, (struct sockaddr *) &saddr, sizeof(saddr));
	if (ret)
		panic("Cannot bind udp socket!\n");

	len = REQUEST_LEN;
	hdr = (struct stun_header *) pkt;
	hdr->type = htons(BINDING_REQUEST);
	hdr->len = 0;
	hdr->magic_cookie = ID_COOKIE_FIELD;
	hdr->transid[0] = htonl(rand());
	hdr->transid[1] = htonl(rand());
	hdr->transid[2] = htonl(rand());

	daddr.sin_family = PF_INET;
	daddr.sin_port = htons(server_port);
	daddr.sin_addr.s_addr = inet_addr(server_ip);

	ret = sendto(sock, pkt, len, 0, (struct sockaddr *) &daddr,
		     sizeof(daddr));
	if (ret != len) {
		printf("Error sending request (%s)!\n", strerror(errno));
		return -EIO;
	}

	timeout.tv_sec = TIMEOUT / 1000;
	timeout.tv_usec = (TIMEOUT % 1000) * 1000;

	FD_ZERO(&fdset);
	FD_SET(sock, &fdset);

	ret = select(sock + 1, &fdset, NULL, NULL, &timeout);
	if (ret <= 0) {
		printf("STUN server timeout!\n");
		return -EIO;
	}

	memset(rpkt, 0, sizeof(rpkt));
	len = read(sock, rpkt, sizeof(rpkt));

	close(sock);

	if (len < REQUEST_LEN) {
		printf("Bad STUN response (%s)!\n", strerror(errno));
		return -EIO;
	}

	rhdr = (struct stun_header *) rpkt;
	if (ntohs(rhdr->type) != BINDING_RESPONSE) {
		printf("Wrong STUN response type!\n");
		return -EIO;
	}

	if (rhdr->len == 0) {
		printf("No attributes in STUN response!\n");
		return -EIO;
	}

	if (rhdr->magic_cookie != hdr->magic_cookie ||
	    rhdr->transid[0] != hdr->transid[0] ||
	    rhdr->transid[1] != hdr->transid[1] ||
	    rhdr->transid[2] != hdr->transid[2]) {
		printf("Got wrong STUN transaction id!\n");
		return -EIO;
	}

	off = REQUEST_LEN;
	max = ntohs(rhdr->len) + REQUEST_LEN;

	while (off + 8 < max) {
		attr = (struct stun_attrib *) (rpkt + off);
		if (ntohs(attr->type) != MAPPED_ADDRESS)
			goto next;

		addr = (struct stun_mapped_addr *) (rpkt + off + 4);
		if (addr->family != 0x1)
			break;

		in.s_addr = addr->ip;
		printf("Public mapping %s:%u!\n",
		       inet_ntoa(in), ntohs(addr->port));
		break;
next:
		off += 4;
		off += ntohs(attr->len);
	}

	return 0;
}

int print_stun_probe(char *server, int sport, int tport)
{
	char *address;
	struct hostent *hp;

	printf("STUN on %s:%u\n", server, sport);

	srand(time(NULL));
	hp = gethostbyname(server);
	if (!hp)
		return -EIO;
	address = inet_ntoa(*(struct in_addr *) hp->h_addr_list[0]);
	return stun_test(address, sport, tport);
}
ption><option value='9'>9</option><option value='10'>10</option><option value='15'>15</option><option value='20'>20</option><option value='25'>25</option><option value='30'>30</option><option value='35'>35</option><option value='40'>40</option></select></td></tr><tr><td class='label'>space:</td><td class='ctrl'><select name='ignorews' onchange='this.form.submit();'><option value='0' selected='selected'>include</option><option value='1'>ignore</option></select></td></tr><tr><td class='label'>mode:</td><td class='ctrl'><select name='dt' onchange='this.form.submit();'><option value='0' selected='selected'>unified</option><option value='1'>ssdiff</option><option value='2'>stat only</option></select></td></tr><tr><td/><td class='ctrl'><noscript><input type='submit' value='reload'/></noscript></td></tr></table></form></div><table summary='commit info' class='commit-info'>
<tr><th>author</th><td>Dexuan Cui &lt;decui@microsoft.com&gt;</td><td class='right'>2017-01-28 11:46:02 -0700</td></tr>
<tr><th>committer</th><td>Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;</td><td class='right'>2017-01-31 10:59:48 +0100</td></tr>
<tr><th>commit</th><td colspan='2' class='oid'><a href='/cgit.cgi/linux/net-next.git/commit/include/rdma/iw_portmap.h?h=nds-private-remove&amp;id=433e19cf33d34bb6751c874a9c00980552fe508c'>433e19cf33d34bb6751c874a9c00980552fe508c</a> (<a href='/cgit.cgi/linux/net-next.git/patch/include/rdma/iw_portmap.h?id=433e19cf33d34bb6751c874a9c00980552fe508c'>patch</a>)</td></tr>
<tr><th>tree</th><td colspan='2' class='oid'><a href='/cgit.cgi/linux/net-next.git/tree/?h=nds-private-remove&amp;id=433e19cf33d34bb6751c874a9c00980552fe508c'>ce6547ef2987fbb289fa28f03536328a42781651</a> /<a href='/cgit.cgi/linux/net-next.git/tree/include/rdma/iw_portmap.h?h=nds-private-remove&amp;id=433e19cf33d34bb6751c874a9c00980552fe508c'>include/rdma/iw_portmap.h</a></td></tr>
<tr><th>parent</th><td colspan='2' class='oid'><a href='/cgit.cgi/linux/net-next.git/commit/include/rdma/iw_portmap.h?h=nds-private-remove&amp;id=191e885a2e130e639bb0c8ee350d7047294f2ce6'>191e885a2e130e639bb0c8ee350d7047294f2ce6</a> (<a href='/cgit.cgi/linux/net-next.git/diff/include/rdma/iw_portmap.h?h=nds-private-remove&amp;id=433e19cf33d34bb6751c874a9c00980552fe508c&amp;id2=191e885a2e130e639bb0c8ee350d7047294f2ce6'>diff</a>)</td></tr></table>
<div class='commit-subject'>Drivers: hv: vmbus: finally fix hv_need_to_signal_on_read()</div><div class='commit-msg'>Commit a389fcfd2cb5 ("Drivers: hv: vmbus: Fix signaling logic in
hv_need_to_signal_on_read()")
added the proper mb(), but removed the test "prev_write_sz &lt; pending_sz"
when making the signal decision.

As a result, the guest can signal the host unnecessarily,
and then the host can throttle the guest because the host
thinks the guest is buggy or malicious; finally the user
running stress test can perceive intermittent freeze of
the guest.

This patch brings back the test, and properly handles the
in-place consumption APIs used by NetVSC (see get_next_pkt_raw(),
put_pkt_raw() and commit_rd_index()).

Fixes: a389fcfd2cb5 ("Drivers: hv: vmbus: Fix signaling logic in
hv_need_to_signal_on_read()")

Signed-off-by: Dexuan Cui &lt;decui@microsoft.com&gt;
Reported-by: Rolf Neugebauer &lt;rolf.neugebauer@docker.com&gt;
Tested-by: Rolf Neugebauer &lt;rolf.neugebauer@docker.com&gt;
Cc: "K. Y. Srinivasan" &lt;kys@microsoft.com&gt;
Cc: Haiyang Zhang &lt;haiyangz@microsoft.com&gt;
Cc: Stephen Hemminger &lt;sthemmin@microsoft.com&gt;
Cc: &lt;stable@vger.kernel.org&gt;
Signed-off-by: K. Y. Srinivasan &lt;kys@microsoft.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</div><div class='diffstat-header'><a href='/cgit.cgi/linux/net-next.git/diff/?h=nds-private-remove&amp;id=433e19cf33d34bb6751c874a9c00980552fe508c'>Diffstat</a> (limited to 'include/rdma/iw_portmap.h')</div><table summary='diffstat' class='diffstat'>