1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * DCCP over IPv6
4 * Linux INET6 implementation
5 *
6 * Based on net/dccp6/ipv6.c
7 *
8 * Arnaldo Carvalho de Melo <acme@ghostprotocols.net>
9 */
10
11 #include <linux/module.h>
12 #include <linux/random.h>
13 #include <linux/slab.h>
14 #include <linux/xfrm.h>
15 #include <linux/string.h>
16
17 #include <net/addrconf.h>
18 #include <net/inet_common.h>
19 #include <net/inet_hashtables.h>
20 #include <net/inet_sock.h>
21 #include <net/inet6_connection_sock.h>
22 #include <net/inet6_hashtables.h>
23 #include <net/ip6_route.h>
24 #include <net/ipv6.h>
25 #include <net/protocol.h>
26 #include <net/transp_v6.h>
27 #include <net/ip6_checksum.h>
28 #include <net/xfrm.h>
29 #include <net/secure_seq.h>
30 #include <net/netns/generic.h>
31 #include <net/sock.h>
32
33 #include "dccp.h"
34 #include "ipv6.h"
35 #include "feat.h"
36
37 struct dccp_v6_pernet {
38 struct sock *v6_ctl_sk;
39 };
40
41 static unsigned int dccp_v6_pernet_id __read_mostly;
42
43 /* The per-net v6_ctl_sk is used for sending RSTs and ACKs */
44
45 static const struct inet_connection_sock_af_ops dccp_ipv6_mapped;
46 static const struct inet_connection_sock_af_ops dccp_ipv6_af_ops;
47
48 /* add pseudo-header to DCCP checksum stored in skb->csum */
dccp_v6_csum_finish(struct sk_buff * skb,const struct in6_addr * saddr,const struct in6_addr * daddr)49 static inline __sum16 dccp_v6_csum_finish(struct sk_buff *skb,
50 const struct in6_addr *saddr,
51 const struct in6_addr *daddr)
52 {
53 return csum_ipv6_magic(saddr, daddr, skb->len, IPPROTO_DCCP, skb->csum);
54 }
55
dccp_v6_send_check(struct sock * sk,struct sk_buff * skb)56 static inline void dccp_v6_send_check(struct sock *sk, struct sk_buff *skb)
57 {
58 struct ipv6_pinfo *np = inet6_sk(sk);
59 struct dccp_hdr *dh = dccp_hdr(skb);
60
61 dccp_csum_outgoing(skb);
62 dh->dccph_checksum = dccp_v6_csum_finish(skb, &np->saddr, &sk->sk_v6_daddr);
63 }
64
dccp_v6_init_sequence(struct sk_buff * skb)65 static inline __u64 dccp_v6_init_sequence(struct sk_buff *skb)
66 {
67 return secure_dccpv6_sequence_number(ipv6_hdr(skb)->daddr.s6_addr32,
68 ipv6_hdr(skb)->saddr.s6_addr32,
69 dccp_hdr(skb)->dccph_dport,
70 dccp_hdr(skb)->dccph_sport );
71
72 }
73
dccp_v6_err(struct sk_buff * skb,struct inet6_skb_parm * opt,u8 type,u8 code,int offset,__be32 info)74 static int dccp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
75 u8 type, u8 code, int offset, __be32 info)
76 {
77 const struct ipv6hdr *hdr;
78 const struct dccp_hdr *dh;
79 struct dccp_sock *dp;
80 struct ipv6_pinfo *np;
81 struct sock *sk;
82 int err;
83 __u64 seq;
84 struct net *net = dev_net(skb->dev);
85
86 if (!pskb_may_pull(skb, offset + sizeof(*dh)))
87 return -EINVAL;
88 dh = (struct dccp_hdr *)(skb->data + offset);
89 if (!pskb_may_pull(skb, offset + __dccp_basic_hdr_len(dh)))
90 return -EINVAL;
91 hdr = (const struct ipv6hdr *)skb->data;
92 dh = (struct dccp_hdr *)(skb->data + offset);
93
94 sk = __inet6_lookup_established(net, &dccp_hashinfo,
95 &hdr->daddr, dh->dccph_dport,
96 &hdr->saddr, ntohs(dh->dccph_sport),
97 inet6_iif(skb), 0);
98
99 if (!sk) {
100 __ICMP6_INC_STATS(net, __in6_dev_get(skb->dev),
101 ICMP6_MIB_INERRORS);
102 return -ENOENT;
103 }
104
105 if (sk->sk_state == DCCP_TIME_WAIT) {
106 inet_twsk_put(inet_twsk(sk));
107 return 0;
108 }
109 seq = dccp_hdr_seq(dh);
110 if (sk->sk_state == DCCP_NEW_SYN_RECV) {
111 dccp_req_err(sk, seq);
112 return 0;
113 }
114
115 bh_lock_sock(sk);
116 if (sock_owned_by_user(sk))
117 __NET_INC_STATS(net, LINUX_MIB_LOCKDROPPEDICMPS);
118
119 if (sk->sk_state == DCCP_CLOSED)
120 goto out;
121
122 dp = dccp_sk(sk);
123 if ((1 << sk->sk_state) & ~(DCCPF_REQUESTING | DCCPF_LISTEN) &&
124 !between48(seq, dp->dccps_awl, dp->dccps_awh)) {
125 __NET_INC_STATS(net, LINUX_MIB_OUTOFWINDOWICMPS);
126 goto out;
127 }
128
129 np = inet6_sk(sk);
130
131 if (type == NDISC_REDIRECT) {
132 if (!sock_owned_by_user(sk)) {
133 struct dst_entry *dst = __sk_dst_check(sk, np->dst_cookie);
134
135 if (dst)
136 dst->ops->redirect(dst, sk, skb);
137 }
138 goto out;
139 }
140
141 if (type == ICMPV6_PKT_TOOBIG) {
142 struct dst_entry *dst = NULL;
143
144 if (!ip6_sk_accept_pmtu(sk))
145 goto out;
146
147 if (sock_owned_by_user(sk))
148 goto out;
149 if ((1 << sk->sk_state) & (DCCPF_LISTEN | DCCPF_CLOSED))
150 goto out;
151
152 dst = inet6_csk_update_pmtu(sk, ntohl(info));
153 if (!dst)
154 goto out;
155
156 if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst))
157 dccp_sync_mss(sk, dst_mtu(dst));
158 goto out;
159 }
160
161 icmpv6_err_convert(type, code, &err);
162
163 /* Might be for an request_sock */
164 switch (sk->sk_state) {
165 case DCCP_REQUESTING:
166 case DCCP_RESPOND: /* Cannot happen.
167 It can, it SYNs are crossed. --ANK */
168 if (!sock_owned_by_user(sk)) {
169 __DCCP_INC_STATS(DCCP_MIB_ATTEMPTFAILS);
170 sk->sk_err = err;
171 /*
172 * Wake people up to see the error
173 * (see connect in sock.c)
174 */
175 sk_error_report(sk);
176 dccp_done(sk);
177 } else {
178 WRITE_ONCE(sk->sk_err_soft, err);
179 }
180 goto out;
181 }
182
183 if (!sock_owned_by_user(sk) && np->recverr) {
184 sk->sk_err = err;
185 sk_error_report(sk);
186 } else {
187 WRITE_ONCE(sk->sk_err_soft, err);
188 }
189 out:
190 bh_unlock_sock(sk);
191 sock_put(sk);
192 return 0;
193 }
194
195
dccp_v6_send_response(const struct sock * sk,struct request_sock * req)196 static int dccp_v6_send_response(const struct sock *sk, struct request_sock *req)
197 {
198 struct inet_request_sock *ireq = inet_rsk(req);
199 struct ipv6_pinfo *np = inet6_sk(sk);
200 struct sk_buff *skb;
201 struct in6_addr *final_p, final;
202 struct flowi6 fl6;
203 int err = -1;
204 struct dst_entry *dst;
205
206 memset(&fl6, 0, sizeof(fl6));
207 fl6.flowi6_proto = IPPROTO_DCCP;
208 fl6.daddr = ireq->ir_v6_rmt_addr;
209 fl6.saddr = ireq->ir_v6_loc_addr;
210 fl6.flowlabel = 0;
211 fl6.flowi6_oif = ireq->ir_iif;
212 fl6.fl6_dport = ireq->ir_rmt_port;
213 fl6.fl6_sport = htons(ireq->ir_num);
214 security_req_classify_flow(req, flowi6_to_flowi_common(&fl6));
215
216
217 rcu_read_lock();
218 final_p = fl6_update_dst(&fl6, rcu_dereference(np->opt), &final);
219 rcu_read_unlock();
220
221 dst = ip6_dst_lookup_flow(sock_net(sk), sk, &fl6, final_p);
222 if (IS_ERR(dst)) {
223 err = PTR_ERR(dst);
224 dst = NULL;
225 goto done;
226 }
227
228 skb = dccp_make_response(sk, dst, req);
229 if (skb != NULL) {
230 struct dccp_hdr *dh = dccp_hdr(skb);
231 struct ipv6_txoptions *opt;
232
233 dh->dccph_checksum = dccp_v6_csum_finish(skb,
234 &ireq->ir_v6_loc_addr,
235 &ireq->ir_v6_rmt_addr);
236 fl6.daddr = ireq->ir_v6_rmt_addr;
237 rcu_read_lock();
238 opt = ireq->ipv6_opt;
239 if (!opt)
240 opt = rcu_dereference(np->opt);
241 err = ip6_xmit(sk, skb, &fl6, READ_ONCE(sk->sk_mark), opt,
242 np->tclass, sk->sk_priority);
243 rcu_read_unlock();
244 err = net_xmit_eval(err);
245 }
246
247 done:
248 dst_release(dst);
249 return err;
250 }
251
dccp_v6_reqsk_destructor(struct request_sock * req)252 static void dccp_v6_reqsk_destructor(struct request_sock *req)
253 {
254 dccp_feat_list_purge(&dccp_rsk(req)->dreq_featneg);
255 kfree(inet_rsk(req)->ipv6_opt);
256 kfree_skb(inet_rsk(req)->pktopts);
257 }
258
dccp_v6_ctl_send_reset(const struct sock * sk,struct sk_buff * rxskb)259 static void dccp_v6_ctl_send_reset(const struct sock *sk, struct sk_buff *rxskb)
260 {
261 const struct ipv6hdr *rxip6h;
262 struct sk_buff *skb;
263 struct flowi6 fl6;
264 struct net *net = dev_net(skb_dst(rxskb)->dev);
265 struct dccp_v6_pernet *pn;
266 struct sock *ctl_sk;
267 struct dst_entry *dst;
268
269 if (dccp_hdr(rxskb)->dccph_type == DCCP_PKT_RESET)
270 return;
271
272 if (!ipv6_unicast_destination(rxskb))
273 return;
274
275 pn = net_generic(net, dccp_v6_pernet_id);
276 ctl_sk = pn->v6_ctl_sk;
277 skb = dccp_ctl_make_reset(ctl_sk, rxskb);
278 if (skb == NULL)
279 return;
280
281 rxip6h = ipv6_hdr(rxskb);
282 dccp_hdr(skb)->dccph_checksum = dccp_v6_csum_finish(skb, &rxip6h->saddr,
283 &rxip6h->daddr);
284
285 memset(&fl6, 0, sizeof(fl6));
286 fl6.daddr = rxip6h->saddr;
287 fl6.saddr = rxip6h->daddr;
288
289 fl6.flowi6_proto = IPPROTO_DCCP;
290 fl6.flowi6_oif = inet6_iif(rxskb);
291 fl6.fl6_dport = dccp_hdr(skb)->dccph_dport;
292 fl6.fl6_sport = dccp_hdr(skb)->dccph_sport;
293 security_skb_classify_flow(rxskb, flowi6_to_flowi_common(&fl6));
294
295 /* sk = NULL, but it is safe for now. RST socket required. */
296 dst = ip6_dst_lookup_flow(sock_net(ctl_sk), ctl_sk, &fl6, NULL);
297 if (!IS_ERR(dst)) {
298 skb_dst_set(skb, dst);
299 ip6_xmit(ctl_sk, skb, &fl6, 0, NULL, 0, 0);
300 DCCP_INC_STATS(DCCP_MIB_OUTSEGS);
301 DCCP_INC_STATS(DCCP_MIB_OUTRSTS);
302 return;
303 }
304
305 kfree_skb(skb);
306 }
307
308 static struct request_sock_ops dccp6_request_sock_ops = {
309 .family = AF_INET6,
310 .obj_size = sizeof(struct dccp6_request_sock),
311 .rtx_syn_ack = dccp_v6_send_response,
312 .send_ack = dccp_reqsk_send_ack,
313 .destructor = dccp_v6_reqsk_destructor,
314 .send_reset = dccp_v6_ctl_send_reset,
315 .syn_ack_timeout = dccp_syn_ack_timeout,
316 };
317
dccp_v6_conn_request(struct sock * sk,struct sk_buff * skb)318 static int dccp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
319 {
320 struct request_sock *req;
321 struct dccp_request_sock *dreq;
322 struct inet_request_sock *ireq;
323 struct ipv6_pinfo *np = inet6_sk(sk);
324 const __be32 service = dccp_hdr_request(skb)->dccph_req_service;
325 struct dccp_skb_cb *dcb = DCCP_SKB_CB(skb);
326
327 if (skb->protocol == htons(ETH_P_IP))
328 return dccp_v4_conn_request(sk, skb);
329
330 if (!ipv6_unicast_destination(skb))
331 return 0; /* discard, don't send a reset here */
332
333 if (ipv6_addr_v4mapped(&ipv6_hdr(skb)->saddr)) {
334 __IP6_INC_STATS(sock_net(sk), NULL, IPSTATS_MIB_INHDRERRORS);
335 return 0;
336 }
337
338 if (dccp_bad_service_code(sk, service)) {
339 dcb->dccpd_reset_code = DCCP_RESET_CODE_BAD_SERVICE_CODE;
340 goto drop;
341 }
342 /*
343 * There are no SYN attacks on IPv6, yet...
344 */
345 dcb->dccpd_reset_code = DCCP_RESET_CODE_TOO_BUSY;
346 if (inet_csk_reqsk_queue_is_full(sk))
347 goto drop;
348
349 if (sk_acceptq_is_full(sk))
350 goto drop;
351
352 req = inet_reqsk_alloc(&dccp6_request_sock_ops, sk, true);
353 if (req == NULL)
354 goto drop;
355
356 if (dccp_reqsk_init(req, dccp_sk(sk), skb))
357 goto drop_and_free;
358
359 dreq = dccp_rsk(req);
360 if (dccp_parse_options(sk, dreq, skb))
361 goto drop_and_free;
362
363 ireq = inet_rsk(req);
364 ireq->ir_v6_rmt_addr = ipv6_hdr(skb)->saddr;
365 ireq->ir_v6_loc_addr = ipv6_hdr(skb)->daddr;
366 ireq->ireq_family = AF_INET6;
367 ireq->ir_mark = inet_request_mark(sk, skb);
368
369 if (security_inet_conn_request(sk, skb, req))
370 goto drop_and_free;
371
372 if (ipv6_opt_accepted(sk, skb, IP6CB(skb)) ||
373 np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo ||
374 np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) {
375 refcount_inc(&skb->users);
376 ireq->pktopts = skb;
377 }
378 ireq->ir_iif = READ_ONCE(sk->sk_bound_dev_if);
379
380 /* So that link locals have meaning */
381 if (!ireq->ir_iif &&
382 ipv6_addr_type(&ireq->ir_v6_rmt_addr) & IPV6_ADDR_LINKLOCAL)
383 ireq->ir_iif = inet6_iif(skb);
384
385 /*
386 * Step 3: Process LISTEN state
387 *
388 * Set S.ISR, S.GSR, S.SWL, S.SWH from packet or Init Cookie
389 *
390 * Setting S.SWL/S.SWH to is deferred to dccp_create_openreq_child().
391 */
392 dreq->dreq_isr = dcb->dccpd_seq;
393 dreq->dreq_gsr = dreq->dreq_isr;
394 dreq->dreq_iss = dccp_v6_init_sequence(skb);
395 dreq->dreq_gss = dreq->dreq_iss;
396 dreq->dreq_service = service;
397
398 if (dccp_v6_send_response(sk, req))
399 goto drop_and_free;
400
401 if (unlikely(!inet_csk_reqsk_queue_hash_add(sk, req, DCCP_TIMEOUT_INIT)))
402 reqsk_free(req);
403 else
404 reqsk_put(req);
405
406 return 0;
407
408 drop_and_free:
409 reqsk_free(req);
410 drop:
411 __DCCP_INC_STATS(DCCP_MIB_ATTEMPTFAILS);
412 return -1;
413 }
414
dccp_v6_request_recv_sock(const struct sock * sk,struct sk_buff * skb,struct request_sock * req,struct dst_entry * dst,struct request_sock * req_unhash,bool * own_req)415 static struct sock *dccp_v6_request_recv_sock(const struct sock *sk,
416 struct sk_buff *skb,
417 struct request_sock *req,
418 struct dst_entry *dst,
419 struct request_sock *req_unhash,
420 bool *own_req)
421 {
422 struct inet_request_sock *ireq = inet_rsk(req);
423 struct ipv6_pinfo *newnp;
424 const struct ipv6_pinfo *np = inet6_sk(sk);
425 struct ipv6_txoptions *opt;
426 struct inet_sock *newinet;
427 struct dccp6_sock *newdp6;
428 struct sock *newsk;
429
430 if (skb->protocol == htons(ETH_P_IP)) {
431 /*
432 * v6 mapped
433 */
434 newsk = dccp_v4_request_recv_sock(sk, skb, req, dst,
435 req_unhash, own_req);
436 if (newsk == NULL)
437 return NULL;
438
439 newdp6 = (struct dccp6_sock *)newsk;
440 newinet = inet_sk(newsk);
441 newinet->pinet6 = &newdp6->inet6;
442 newnp = inet6_sk(newsk);
443
444 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
445
446 newnp->saddr = newsk->sk_v6_rcv_saddr;
447
448 inet_csk(newsk)->icsk_af_ops = &dccp_ipv6_mapped;
449 newsk->sk_backlog_rcv = dccp_v4_do_rcv;
450 newnp->pktoptions = NULL;
451 newnp->opt = NULL;
452 newnp->ipv6_mc_list = NULL;
453 newnp->ipv6_ac_list = NULL;
454 newnp->ipv6_fl_list = NULL;
455 newnp->mcast_oif = inet_iif(skb);
456 newnp->mcast_hops = ip_hdr(skb)->ttl;
457
458 /*
459 * No need to charge this sock to the relevant IPv6 refcnt debug socks count
460 * here, dccp_create_openreq_child now does this for us, see the comment in
461 * that function for the gory details. -acme
462 */
463
464 /* It is tricky place. Until this moment IPv4 tcp
465 worked with IPv6 icsk.icsk_af_ops.
466 Sync it now.
467 */
468 dccp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie);
469
470 return newsk;
471 }
472
473
474 if (sk_acceptq_is_full(sk))
475 goto out_overflow;
476
477 if (!dst) {
478 struct flowi6 fl6;
479
480 dst = inet6_csk_route_req(sk, &fl6, req, IPPROTO_DCCP);
481 if (!dst)
482 goto out;
483 }
484
485 newsk = dccp_create_openreq_child(sk, req, skb);
486 if (newsk == NULL)
487 goto out_nonewsk;
488
489 /*
490 * No need to charge this sock to the relevant IPv6 refcnt debug socks
491 * count here, dccp_create_openreq_child now does this for us, see the
492 * comment in that function for the gory details. -acme
493 */
494
495 ip6_dst_store(newsk, dst, NULL, NULL);
496 newsk->sk_route_caps = dst->dev->features & ~(NETIF_F_IP_CSUM |
497 NETIF_F_TSO);
498 newdp6 = (struct dccp6_sock *)newsk;
499 newinet = inet_sk(newsk);
500 newinet->pinet6 = &newdp6->inet6;
501 newnp = inet6_sk(newsk);
502
503 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
504
505 newsk->sk_v6_daddr = ireq->ir_v6_rmt_addr;
506 newnp->saddr = ireq->ir_v6_loc_addr;
507 newsk->sk_v6_rcv_saddr = ireq->ir_v6_loc_addr;
508 newsk->sk_bound_dev_if = ireq->ir_iif;
509
510 /* Now IPv6 options...
511
512 First: no IPv4 options.
513 */
514 newinet->inet_opt = NULL;
515
516 /* Clone RX bits */
517 newnp->rxopt.all = np->rxopt.all;
518
519 newnp->ipv6_mc_list = NULL;
520 newnp->ipv6_ac_list = NULL;
521 newnp->ipv6_fl_list = NULL;
522 newnp->pktoptions = NULL;
523 newnp->opt = NULL;
524 newnp->mcast_oif = inet6_iif(skb);
525 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
526
527 /*
528 * Clone native IPv6 options from listening socket (if any)
529 *
530 * Yes, keeping reference count would be much more clever, but we make
531 * one more one thing there: reattach optmem to newsk.
532 */
533 opt = ireq->ipv6_opt;
534 if (!opt)
535 opt = rcu_dereference(np->opt);
536 if (opt) {
537 opt = ipv6_dup_options(newsk, opt);
538 RCU_INIT_POINTER(newnp->opt, opt);
539 }
540 inet_csk(newsk)->icsk_ext_hdr_len = 0;
541 if (opt)
542 inet_csk(newsk)->icsk_ext_hdr_len = opt->opt_nflen +
543 opt->opt_flen;
544
545 dccp_sync_mss(newsk, dst_mtu(dst));
546
547 newinet->inet_daddr = newinet->inet_saddr = LOOPBACK4_IPV6;
548 newinet->inet_rcv_saddr = LOOPBACK4_IPV6;
549
550 if (__inet_inherit_port(sk, newsk) < 0) {
551 inet_csk_prepare_forced_close(newsk);
552 dccp_done(newsk);
553 goto out;
554 }
555 *own_req = inet_ehash_nolisten(newsk, req_to_sk(req_unhash), NULL);
556 /* Clone pktoptions received with SYN, if we own the req */
557 if (*own_req && ireq->pktopts) {
558 newnp->pktoptions = skb_clone_and_charge_r(ireq->pktopts, newsk);
559 consume_skb(ireq->pktopts);
560 ireq->pktopts = NULL;
561 }
562
563 return newsk;
564
565 out_overflow:
566 __NET_INC_STATS(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS);
567 out_nonewsk:
568 dst_release(dst);
569 out:
570 __NET_INC_STATS(sock_net(sk), LINUX_MIB_LISTENDROPS);
571 return NULL;
572 }
573
574 /* The socket must have it's spinlock held when we get
575 * here.
576 *
577 * We have a potential double-lock case here, so even when
578 * doing backlog processing we use the BH locking scheme.
579 * This is because we cannot sleep with the original spinlock
580 * held.
581 */
dccp_v6_do_rcv(struct sock * sk,struct sk_buff * skb)582 static int dccp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
583 {
584 struct ipv6_pinfo *np = inet6_sk(sk);
585 struct sk_buff *opt_skb = NULL;
586
587 /* Imagine: socket is IPv6. IPv4 packet arrives,
588 goes to IPv4 receive handler and backlogged.
589 From backlog it always goes here. Kerboom...
590 Fortunately, dccp_rcv_established and rcv_established
591 handle them correctly, but it is not case with
592 dccp_v6_hnd_req and dccp_v6_ctl_send_reset(). --ANK
593 */
594
595 if (skb->protocol == htons(ETH_P_IP))
596 return dccp_v4_do_rcv(sk, skb);
597
598 if (sk_filter(sk, skb))
599 goto discard;
600
601 /*
602 * socket locking is here for SMP purposes as backlog rcv is currently
603 * called with bh processing disabled.
604 */
605
606 /* Do Stevens' IPV6_PKTOPTIONS.
607
608 Yes, guys, it is the only place in our code, where we
609 may make it not affecting IPv4.
610 The rest of code is protocol independent,
611 and I do not like idea to uglify IPv4.
612
613 Actually, all the idea behind IPV6_PKTOPTIONS
614 looks not very well thought. For now we latch
615 options, received in the last packet, enqueued
616 by tcp. Feel free to propose better solution.
617 --ANK (980728)
618 */
619 if (np->rxopt.all)
620 opt_skb = skb_clone_and_charge_r(skb, sk);
621
622 if (sk->sk_state == DCCP_OPEN) { /* Fast path */
623 if (dccp_rcv_established(sk, skb, dccp_hdr(skb), skb->len))
624 goto reset;
625 if (opt_skb)
626 goto ipv6_pktoptions;
627 return 0;
628 }
629
630 /*
631 * Step 3: Process LISTEN state
632 * If S.state == LISTEN,
633 * If P.type == Request or P contains a valid Init Cookie option,
634 * (* Must scan the packet's options to check for Init
635 * Cookies. Only Init Cookies are processed here,
636 * however; other options are processed in Step 8. This
637 * scan need only be performed if the endpoint uses Init
638 * Cookies *)
639 * (* Generate a new socket and switch to that socket *)
640 * Set S := new socket for this port pair
641 * S.state = RESPOND
642 * Choose S.ISS (initial seqno) or set from Init Cookies
643 * Initialize S.GAR := S.ISS
644 * Set S.ISR, S.GSR, S.SWL, S.SWH from packet or Init Cookies
645 * Continue with S.state == RESPOND
646 * (* A Response packet will be generated in Step 11 *)
647 * Otherwise,
648 * Generate Reset(No Connection) unless P.type == Reset
649 * Drop packet and return
650 *
651 * NOTE: the check for the packet types is done in
652 * dccp_rcv_state_process
653 */
654
655 if (dccp_rcv_state_process(sk, skb, dccp_hdr(skb), skb->len))
656 goto reset;
657 if (opt_skb)
658 goto ipv6_pktoptions;
659 return 0;
660
661 reset:
662 dccp_v6_ctl_send_reset(sk, skb);
663 discard:
664 if (opt_skb != NULL)
665 __kfree_skb(opt_skb);
666 kfree_skb(skb);
667 return 0;
668
669 /* Handling IPV6_PKTOPTIONS skb the similar
670 * way it's done for net/ipv6/tcp_ipv6.c
671 */
672 ipv6_pktoptions:
673 if (!((1 << sk->sk_state) & (DCCPF_CLOSED | DCCPF_LISTEN))) {
674 if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo)
675 np->mcast_oif = inet6_iif(opt_skb);
676 if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim)
677 np->mcast_hops = ipv6_hdr(opt_skb)->hop_limit;
678 if (np->rxopt.bits.rxflow || np->rxopt.bits.rxtclass)
679 np->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(opt_skb));
680 if (np->repflow)
681 np->flow_label = ip6_flowlabel(ipv6_hdr(opt_skb));
682 if (ipv6_opt_accepted(sk, opt_skb,
683 &DCCP_SKB_CB(opt_skb)->header.h6)) {
684 memmove(IP6CB(opt_skb),
685 &DCCP_SKB_CB(opt_skb)->header.h6,
686 sizeof(struct inet6_skb_parm));
687 opt_skb = xchg(&np->pktoptions, opt_skb);
688 } else {
689 __kfree_skb(opt_skb);
690 opt_skb = xchg(&np->pktoptions, NULL);
691 }
692 }
693
694 kfree_skb(opt_skb);
695 return 0;
696 }
697
dccp_v6_rcv(struct sk_buff * skb)698 static int dccp_v6_rcv(struct sk_buff *skb)
699 {
700 const struct dccp_hdr *dh;
701 bool refcounted;
702 struct sock *sk;
703 int min_cov;
704
705 /* Step 1: Check header basics */
706
707 if (dccp_invalid_packet(skb))
708 goto discard_it;
709
710 /* Step 1: If header checksum is incorrect, drop packet and return. */
711 if (dccp_v6_csum_finish(skb, &ipv6_hdr(skb)->saddr,
712 &ipv6_hdr(skb)->daddr)) {
713 DCCP_WARN("dropped packet with invalid checksum\n");
714 goto discard_it;
715 }
716
717 dh = dccp_hdr(skb);
718
719 DCCP_SKB_CB(skb)->dccpd_seq = dccp_hdr_seq(dh);
720 DCCP_SKB_CB(skb)->dccpd_type = dh->dccph_type;
721
722 if (dccp_packet_without_ack(skb))
723 DCCP_SKB_CB(skb)->dccpd_ack_seq = DCCP_PKT_WITHOUT_ACK_SEQ;
724 else
725 DCCP_SKB_CB(skb)->dccpd_ack_seq = dccp_hdr_ack_seq(skb);
726
727 lookup:
728 sk = __inet6_lookup_skb(&dccp_hashinfo, skb, __dccp_hdr_len(dh),
729 dh->dccph_sport, dh->dccph_dport,
730 inet6_iif(skb), 0, &refcounted);
731 if (!sk) {
732 dccp_pr_debug("failed to look up flow ID in table and "
733 "get corresponding socket\n");
734 goto no_dccp_socket;
735 }
736
737 /*
738 * Step 2:
739 * ... or S.state == TIMEWAIT,
740 * Generate Reset(No Connection) unless P.type == Reset
741 * Drop packet and return
742 */
743 if (sk->sk_state == DCCP_TIME_WAIT) {
744 dccp_pr_debug("sk->sk_state == DCCP_TIME_WAIT: do_time_wait\n");
745 inet_twsk_put(inet_twsk(sk));
746 goto no_dccp_socket;
747 }
748
749 if (sk->sk_state == DCCP_NEW_SYN_RECV) {
750 struct request_sock *req = inet_reqsk(sk);
751 struct sock *nsk;
752
753 sk = req->rsk_listener;
754 if (unlikely(sk->sk_state != DCCP_LISTEN)) {
755 inet_csk_reqsk_queue_drop_and_put(sk, req);
756 goto lookup;
757 }
758 sock_hold(sk);
759 refcounted = true;
760 nsk = dccp_check_req(sk, skb, req);
761 if (!nsk) {
762 reqsk_put(req);
763 goto discard_and_relse;
764 }
765 if (nsk == sk) {
766 reqsk_put(req);
767 } else if (dccp_child_process(sk, nsk, skb)) {
768 dccp_v6_ctl_send_reset(sk, skb);
769 goto discard_and_relse;
770 } else {
771 sock_put(sk);
772 return 0;
773 }
774 }
775 /*
776 * RFC 4340, sec. 9.2.1: Minimum Checksum Coverage
777 * o if MinCsCov = 0, only packets with CsCov = 0 are accepted
778 * o if MinCsCov > 0, also accept packets with CsCov >= MinCsCov
779 */
780 min_cov = dccp_sk(sk)->dccps_pcrlen;
781 if (dh->dccph_cscov && (min_cov == 0 || dh->dccph_cscov < min_cov)) {
782 dccp_pr_debug("Packet CsCov %d does not satisfy MinCsCov %d\n",
783 dh->dccph_cscov, min_cov);
784 /* FIXME: send Data Dropped option (see also dccp_v4_rcv) */
785 goto discard_and_relse;
786 }
787
788 if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb))
789 goto discard_and_relse;
790 nf_reset_ct(skb);
791
792 return __sk_receive_skb(sk, skb, 1, dh->dccph_doff * 4,
793 refcounted) ? -1 : 0;
794
795 no_dccp_socket:
796 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb))
797 goto discard_it;
798 /*
799 * Step 2:
800 * If no socket ...
801 * Generate Reset(No Connection) unless P.type == Reset
802 * Drop packet and return
803 */
804 if (dh->dccph_type != DCCP_PKT_RESET) {
805 DCCP_SKB_CB(skb)->dccpd_reset_code =
806 DCCP_RESET_CODE_NO_CONNECTION;
807 dccp_v6_ctl_send_reset(sk, skb);
808 }
809
810 discard_it:
811 kfree_skb(skb);
812 return 0;
813
814 discard_and_relse:
815 if (refcounted)
816 sock_put(sk);
817 goto discard_it;
818 }
819
dccp_v6_connect(struct sock * sk,struct sockaddr * uaddr,int addr_len)820 static int dccp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
821 int addr_len)
822 {
823 struct sockaddr_in6 *usin = (struct sockaddr_in6 *)uaddr;
824 struct inet_connection_sock *icsk = inet_csk(sk);
825 struct inet_sock *inet = inet_sk(sk);
826 struct ipv6_pinfo *np = inet6_sk(sk);
827 struct dccp_sock *dp = dccp_sk(sk);
828 struct in6_addr *saddr = NULL, *final_p, final;
829 struct ipv6_txoptions *opt;
830 struct flowi6 fl6;
831 struct dst_entry *dst;
832 int addr_type;
833 int err;
834
835 dp->dccps_role = DCCP_ROLE_CLIENT;
836
837 if (addr_len < SIN6_LEN_RFC2133)
838 return -EINVAL;
839
840 if (usin->sin6_family != AF_INET6)
841 return -EAFNOSUPPORT;
842
843 memset(&fl6, 0, sizeof(fl6));
844
845 if (np->sndflow) {
846 fl6.flowlabel = usin->sin6_flowinfo & IPV6_FLOWINFO_MASK;
847 IP6_ECN_flow_init(fl6.flowlabel);
848 if (fl6.flowlabel & IPV6_FLOWLABEL_MASK) {
849 struct ip6_flowlabel *flowlabel;
850 flowlabel = fl6_sock_lookup(sk, fl6.flowlabel);
851 if (IS_ERR(flowlabel))
852 return -EINVAL;
853 fl6_sock_release(flowlabel);
854 }
855 }
856 /*
857 * connect() to INADDR_ANY means loopback (BSD'ism).
858 */
859 if (ipv6_addr_any(&usin->sin6_addr))
860 usin->sin6_addr.s6_addr[15] = 1;
861
862 addr_type = ipv6_addr_type(&usin->sin6_addr);
863
864 if (addr_type & IPV6_ADDR_MULTICAST)
865 return -ENETUNREACH;
866
867 if (addr_type & IPV6_ADDR_LINKLOCAL) {
868 if (addr_len >= sizeof(struct sockaddr_in6) &&
869 usin->sin6_scope_id) {
870 /* If interface is set while binding, indices
871 * must coincide.
872 */
873 if (sk->sk_bound_dev_if &&
874 sk->sk_bound_dev_if != usin->sin6_scope_id)
875 return -EINVAL;
876
877 sk->sk_bound_dev_if = usin->sin6_scope_id;
878 }
879
880 /* Connect to link-local address requires an interface */
881 if (!sk->sk_bound_dev_if)
882 return -EINVAL;
883 }
884
885 sk->sk_v6_daddr = usin->sin6_addr;
886 np->flow_label = fl6.flowlabel;
887
888 /*
889 * DCCP over IPv4
890 */
891 if (addr_type == IPV6_ADDR_MAPPED) {
892 u32 exthdrlen = icsk->icsk_ext_hdr_len;
893 struct sockaddr_in sin;
894
895 SOCK_DEBUG(sk, "connect: ipv4 mapped\n");
896
897 if (ipv6_only_sock(sk))
898 return -ENETUNREACH;
899
900 sin.sin_family = AF_INET;
901 sin.sin_port = usin->sin6_port;
902 sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3];
903
904 icsk->icsk_af_ops = &dccp_ipv6_mapped;
905 sk->sk_backlog_rcv = dccp_v4_do_rcv;
906
907 err = dccp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin));
908 if (err) {
909 icsk->icsk_ext_hdr_len = exthdrlen;
910 icsk->icsk_af_ops = &dccp_ipv6_af_ops;
911 sk->sk_backlog_rcv = dccp_v6_do_rcv;
912 goto failure;
913 }
914 np->saddr = sk->sk_v6_rcv_saddr;
915 return err;
916 }
917
918 if (!ipv6_addr_any(&sk->sk_v6_rcv_saddr))
919 saddr = &sk->sk_v6_rcv_saddr;
920
921 fl6.flowi6_proto = IPPROTO_DCCP;
922 fl6.daddr = sk->sk_v6_daddr;
923 fl6.saddr = saddr ? *saddr : np->saddr;
924 fl6.flowi6_oif = sk->sk_bound_dev_if;
925 fl6.fl6_dport = usin->sin6_port;
926 fl6.fl6_sport = inet->inet_sport;
927 security_sk_classify_flow(sk, flowi6_to_flowi_common(&fl6));
928
929 opt = rcu_dereference_protected(np->opt, lockdep_sock_is_held(sk));
930 final_p = fl6_update_dst(&fl6, opt, &final);
931
932 dst = ip6_dst_lookup_flow(sock_net(sk), sk, &fl6, final_p);
933 if (IS_ERR(dst)) {
934 err = PTR_ERR(dst);
935 goto failure;
936 }
937
938 if (saddr == NULL) {
939 saddr = &fl6.saddr;
940
941 err = inet_bhash2_update_saddr(sk, saddr, AF_INET6);
942 if (err)
943 goto failure;
944 }
945
946 /* set the source address */
947 np->saddr = *saddr;
948 inet->inet_rcv_saddr = LOOPBACK4_IPV6;
949
950 ip6_dst_store(sk, dst, NULL, NULL);
951
952 icsk->icsk_ext_hdr_len = 0;
953 if (opt)
954 icsk->icsk_ext_hdr_len = opt->opt_flen + opt->opt_nflen;
955
956 inet->inet_dport = usin->sin6_port;
957
958 dccp_set_state(sk, DCCP_REQUESTING);
959 err = inet6_hash_connect(&dccp_death_row, sk);
960 if (err)
961 goto late_failure;
962
963 dp->dccps_iss = secure_dccpv6_sequence_number(np->saddr.s6_addr32,
964 sk->sk_v6_daddr.s6_addr32,
965 inet->inet_sport,
966 inet->inet_dport);
967 err = dccp_connect(sk);
968 if (err)
969 goto late_failure;
970
971 return 0;
972
973 late_failure:
974 dccp_set_state(sk, DCCP_CLOSED);
975 inet_bhash2_reset_saddr(sk);
976 __sk_dst_reset(sk);
977 failure:
978 inet->inet_dport = 0;
979 sk->sk_route_caps = 0;
980 return err;
981 }
982
983 static const struct inet_connection_sock_af_ops dccp_ipv6_af_ops = {
984 .queue_xmit = inet6_csk_xmit,
985 .send_check = dccp_v6_send_check,
986 .rebuild_header = inet6_sk_rebuild_header,
987 .conn_request = dccp_v6_conn_request,
988 .syn_recv_sock = dccp_v6_request_recv_sock,
989 .net_header_len = sizeof(struct ipv6hdr),
990 .setsockopt = ipv6_setsockopt,
991 .getsockopt = ipv6_getsockopt,
992 .addr2sockaddr = inet6_csk_addr2sockaddr,
993 .sockaddr_len = sizeof(struct sockaddr_in6),
994 };
995
996 /*
997 * DCCP over IPv4 via INET6 API
998 */
999 static const struct inet_connection_sock_af_ops dccp_ipv6_mapped = {
1000 .queue_xmit = ip_queue_xmit,
1001 .send_check = dccp_v4_send_check,
1002 .rebuild_header = inet_sk_rebuild_header,
1003 .conn_request = dccp_v6_conn_request,
1004 .syn_recv_sock = dccp_v6_request_recv_sock,
1005 .net_header_len = sizeof(struct iphdr),
1006 .setsockopt = ipv6_setsockopt,
1007 .getsockopt = ipv6_getsockopt,
1008 .addr2sockaddr = inet6_csk_addr2sockaddr,
1009 .sockaddr_len = sizeof(struct sockaddr_in6),
1010 };
1011
dccp_v6_sk_destruct(struct sock * sk)1012 static void dccp_v6_sk_destruct(struct sock *sk)
1013 {
1014 dccp_destruct_common(sk);
1015 inet6_sock_destruct(sk);
1016 }
1017
1018 /* NOTE: A lot of things set to zero explicitly by call to
1019 * sk_alloc() so need not be done here.
1020 */
dccp_v6_init_sock(struct sock * sk)1021 static int dccp_v6_init_sock(struct sock *sk)
1022 {
1023 static __u8 dccp_v6_ctl_sock_initialized;
1024 int err = dccp_init_sock(sk, dccp_v6_ctl_sock_initialized);
1025
1026 if (err == 0) {
1027 if (unlikely(!dccp_v6_ctl_sock_initialized))
1028 dccp_v6_ctl_sock_initialized = 1;
1029 inet_csk(sk)->icsk_af_ops = &dccp_ipv6_af_ops;
1030 sk->sk_destruct = dccp_v6_sk_destruct;
1031 }
1032
1033 return err;
1034 }
1035
1036 static struct timewait_sock_ops dccp6_timewait_sock_ops = {
1037 .twsk_obj_size = sizeof(struct dccp6_timewait_sock),
1038 };
1039
1040 static struct proto dccp_v6_prot = {
1041 .name = "DCCPv6",
1042 .owner = THIS_MODULE,
1043 .close = dccp_close,
1044 .connect = dccp_v6_connect,
1045 .disconnect = dccp_disconnect,
1046 .ioctl = dccp_ioctl,
1047 .init = dccp_v6_init_sock,
1048 .setsockopt = dccp_setsockopt,
1049 .getsockopt = dccp_getsockopt,
1050 .sendmsg = dccp_sendmsg,
1051 .recvmsg = dccp_recvmsg,
1052 .backlog_rcv = dccp_v6_do_rcv,
1053 .hash = inet6_hash,
1054 .unhash = inet_unhash,
1055 .accept = inet_csk_accept,
1056 .get_port = inet_csk_get_port,
1057 .shutdown = dccp_shutdown,
1058 .destroy = dccp_destroy_sock,
1059 .orphan_count = &dccp_orphan_count,
1060 .max_header = MAX_DCCP_HEADER,
1061 .obj_size = sizeof(struct dccp6_sock),
1062 .ipv6_pinfo_offset = offsetof(struct dccp6_sock, inet6),
1063 .slab_flags = SLAB_TYPESAFE_BY_RCU,
1064 .rsk_prot = &dccp6_request_sock_ops,
1065 .twsk_prot = &dccp6_timewait_sock_ops,
1066 .h.hashinfo = &dccp_hashinfo,
1067 };
1068
1069 static const struct inet6_protocol dccp_v6_protocol = {
1070 .handler = dccp_v6_rcv,
1071 .err_handler = dccp_v6_err,
1072 .flags = INET6_PROTO_NOPOLICY | INET6_PROTO_FINAL,
1073 };
1074
1075 static const struct proto_ops inet6_dccp_ops = {
1076 .family = PF_INET6,
1077 .owner = THIS_MODULE,
1078 .release = inet6_release,
1079 .bind = inet6_bind,
1080 .connect = inet_stream_connect,
1081 .socketpair = sock_no_socketpair,
1082 .accept = inet_accept,
1083 .getname = inet6_getname,
1084 .poll = dccp_poll,
1085 .ioctl = inet6_ioctl,
1086 .gettstamp = sock_gettstamp,
1087 .listen = inet_dccp_listen,
1088 .shutdown = inet_shutdown,
1089 .setsockopt = sock_common_setsockopt,
1090 .getsockopt = sock_common_getsockopt,
1091 .sendmsg = inet_sendmsg,
1092 .recvmsg = sock_common_recvmsg,
1093 .mmap = sock_no_mmap,
1094 #ifdef CONFIG_COMPAT
1095 .compat_ioctl = inet6_compat_ioctl,
1096 #endif
1097 };
1098
1099 static struct inet_protosw dccp_v6_protosw = {
1100 .type = SOCK_DCCP,
1101 .protocol = IPPROTO_DCCP,
1102 .prot = &dccp_v6_prot,
1103 .ops = &inet6_dccp_ops,
1104 .flags = INET_PROTOSW_ICSK,
1105 };
1106
dccp_v6_init_net(struct net * net)1107 static int __net_init dccp_v6_init_net(struct net *net)
1108 {
1109 struct dccp_v6_pernet *pn = net_generic(net, dccp_v6_pernet_id);
1110
1111 if (dccp_hashinfo.bhash == NULL)
1112 return -ESOCKTNOSUPPORT;
1113
1114 return inet_ctl_sock_create(&pn->v6_ctl_sk, PF_INET6,
1115 SOCK_DCCP, IPPROTO_DCCP, net);
1116 }
1117
dccp_v6_exit_net(struct net * net)1118 static void __net_exit dccp_v6_exit_net(struct net *net)
1119 {
1120 struct dccp_v6_pernet *pn = net_generic(net, dccp_v6_pernet_id);
1121
1122 inet_ctl_sock_destroy(pn->v6_ctl_sk);
1123 }
1124
1125 static struct pernet_operations dccp_v6_ops = {
1126 .init = dccp_v6_init_net,
1127 .exit = dccp_v6_exit_net,
1128 .id = &dccp_v6_pernet_id,
1129 .size = sizeof(struct dccp_v6_pernet),
1130 };
1131
dccp_v6_init(void)1132 static int __init dccp_v6_init(void)
1133 {
1134 int err = proto_register(&dccp_v6_prot, 1);
1135
1136 if (err)
1137 goto out;
1138
1139 inet6_register_protosw(&dccp_v6_protosw);
1140
1141 err = register_pernet_subsys(&dccp_v6_ops);
1142 if (err)
1143 goto out_destroy_ctl_sock;
1144
1145 err = inet6_add_protocol(&dccp_v6_protocol, IPPROTO_DCCP);
1146 if (err)
1147 goto out_unregister_proto;
1148
1149 out:
1150 return err;
1151 out_unregister_proto:
1152 unregister_pernet_subsys(&dccp_v6_ops);
1153 out_destroy_ctl_sock:
1154 inet6_unregister_protosw(&dccp_v6_protosw);
1155 proto_unregister(&dccp_v6_prot);
1156 goto out;
1157 }
1158
dccp_v6_exit(void)1159 static void __exit dccp_v6_exit(void)
1160 {
1161 inet6_del_protocol(&dccp_v6_protocol, IPPROTO_DCCP);
1162 unregister_pernet_subsys(&dccp_v6_ops);
1163 inet6_unregister_protosw(&dccp_v6_protosw);
1164 proto_unregister(&dccp_v6_prot);
1165 }
1166
1167 module_init(dccp_v6_init);
1168 module_exit(dccp_v6_exit);
1169
1170 /*
1171 * __stringify doesn't likes enums, so use SOCK_DCCP (6) and IPPROTO_DCCP (33)
1172 * values directly, Also cover the case where the protocol is not specified,
1173 * i.e. net-pf-PF_INET6-proto-0-type-SOCK_DCCP
1174 */
1175 MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_INET6, 33, 6);
1176 MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_INET6, 0, 6);
1177 MODULE_LICENSE("GPL");
1178 MODULE_AUTHOR("Arnaldo Carvalho de Melo <acme@mandriva.com>");
1179 MODULE_DESCRIPTION("DCCPv6 - Datagram Congestion Controlled Protocol");
1180