1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * DCCP connection tracking protocol helper
4 *
5 * Copyright (c) 2005, 2006, 2008 Patrick McHardy <kaber@trash.net>
6 */
7 #include <linux/kernel.h>
8 #include <linux/init.h>
9 #include <linux/sysctl.h>
10 #include <linux/spinlock.h>
11 #include <linux/skbuff.h>
12 #include <linux/dccp.h>
13 #include <linux/slab.h>
14
15 #include <net/net_namespace.h>
16 #include <net/netns/generic.h>
17
18 #include <linux/netfilter/nfnetlink_conntrack.h>
19 #include <net/netfilter/nf_conntrack.h>
20 #include <net/netfilter/nf_conntrack_l4proto.h>
21 #include <net/netfilter/nf_conntrack_ecache.h>
22 #include <net/netfilter/nf_conntrack_timeout.h>
23 #include <net/netfilter/nf_log.h>
24
25 /* Timeouts are based on values from RFC4340:
26 *
27 * - REQUEST:
28 *
29 * 8.1.2. Client Request
30 *
31 * A client MAY give up on its DCCP-Requests after some time
32 * (3 minutes, for example).
33 *
34 * - RESPOND:
35 *
36 * 8.1.3. Server Response
37 *
38 * It MAY also leave the RESPOND state for CLOSED after a timeout of
39 * not less than 4MSL (8 minutes);
40 *
41 * - PARTOPEN:
42 *
43 * 8.1.5. Handshake Completion
44 *
45 * If the client remains in PARTOPEN for more than 4MSL (8 minutes),
46 * it SHOULD reset the connection with Reset Code 2, "Aborted".
47 *
48 * - OPEN:
49 *
50 * The DCCP timestamp overflows after 11.9 hours. If the connection
51 * stays idle this long the sequence number won't be recognized
52 * as valid anymore.
53 *
54 * - CLOSEREQ/CLOSING:
55 *
56 * 8.3. Termination
57 *
58 * The retransmission timer should initially be set to go off in two
59 * round-trip times and should back off to not less than once every
60 * 64 seconds ...
61 *
62 * - TIMEWAIT:
63 *
64 * 4.3. States
65 *
66 * A server or client socket remains in this state for 2MSL (4 minutes)
67 * after the connection has been town down, ...
68 */
69
70 #define DCCP_MSL (2 * 60 * HZ)
71
72 #ifdef CONFIG_NF_CONNTRACK_PROCFS
73 static const char * const dccp_state_names[] = {
74 [CT_DCCP_NONE] = "NONE",
75 [CT_DCCP_REQUEST] = "REQUEST",
76 [CT_DCCP_RESPOND] = "RESPOND",
77 [CT_DCCP_PARTOPEN] = "PARTOPEN",
78 [CT_DCCP_OPEN] = "OPEN",
79 [CT_DCCP_CLOSEREQ] = "CLOSEREQ",
80 [CT_DCCP_CLOSING] = "CLOSING",
81 [CT_DCCP_TIMEWAIT] = "TIMEWAIT",
82 [CT_DCCP_IGNORE] = "IGNORE",
83 [CT_DCCP_INVALID] = "INVALID",
84 };
85 #endif
86
87 #define sNO CT_DCCP_NONE
88 #define sRQ CT_DCCP_REQUEST
89 #define sRS CT_DCCP_RESPOND
90 #define sPO CT_DCCP_PARTOPEN
91 #define sOP CT_DCCP_OPEN
92 #define sCR CT_DCCP_CLOSEREQ
93 #define sCG CT_DCCP_CLOSING
94 #define sTW CT_DCCP_TIMEWAIT
95 #define sIG CT_DCCP_IGNORE
96 #define sIV CT_DCCP_INVALID
97
98 /*
99 * DCCP state transition table
100 *
101 * The assumption is the same as for TCP tracking:
102 *
103 * We are the man in the middle. All the packets go through us but might
104 * get lost in transit to the destination. It is assumed that the destination
105 * can't receive segments we haven't seen.
106 *
107 * The following states exist:
108 *
109 * NONE: Initial state, expecting Request
110 * REQUEST: Request seen, waiting for Response from server
111 * RESPOND: Response from server seen, waiting for Ack from client
112 * PARTOPEN: Ack after Response seen, waiting for packet other than Response,
113 * Reset or Sync from server
114 * OPEN: Packet other than Response, Reset or Sync seen
115 * CLOSEREQ: CloseReq from server seen, expecting Close from client
116 * CLOSING: Close seen, expecting Reset
117 * TIMEWAIT: Reset seen
118 * IGNORE: Not determinable whether packet is valid
119 *
120 * Some states exist only on one side of the connection: REQUEST, RESPOND,
121 * PARTOPEN, CLOSEREQ. For the other side these states are equivalent to
122 * the one it was in before.
123 *
124 * Packets are marked as ignored (sIG) if we don't know if they're valid
125 * (for example a reincarnation of a connection we didn't notice is dead
126 * already) and the server may send back a connection closing Reset or a
127 * Response. They're also used for Sync/SyncAck packets, which we don't
128 * care about.
129 */
130 static const u_int8_t
131 dccp_state_table[CT_DCCP_ROLE_MAX + 1][DCCP_PKT_SYNCACK + 1][CT_DCCP_MAX + 1] = {
132 [CT_DCCP_ROLE_CLIENT] = {
133 [DCCP_PKT_REQUEST] = {
134 /*
135 * sNO -> sRQ Regular Request
136 * sRQ -> sRQ Retransmitted Request or reincarnation
137 * sRS -> sRS Retransmitted Request (apparently Response
138 * got lost after we saw it) or reincarnation
139 * sPO -> sIG Ignore, conntrack might be out of sync
140 * sOP -> sIG Ignore, conntrack might be out of sync
141 * sCR -> sIG Ignore, conntrack might be out of sync
142 * sCG -> sIG Ignore, conntrack might be out of sync
143 * sTW -> sRQ Reincarnation
144 *
145 * sNO, sRQ, sRS, sPO. sOP, sCR, sCG, sTW, */
146 sRQ, sRQ, sRS, sIG, sIG, sIG, sIG, sRQ,
147 },
148 [DCCP_PKT_RESPONSE] = {
149 /*
150 * sNO -> sIV Invalid
151 * sRQ -> sIG Ignore, might be response to ignored Request
152 * sRS -> sIG Ignore, might be response to ignored Request
153 * sPO -> sIG Ignore, might be response to ignored Request
154 * sOP -> sIG Ignore, might be response to ignored Request
155 * sCR -> sIG Ignore, might be response to ignored Request
156 * sCG -> sIG Ignore, might be response to ignored Request
157 * sTW -> sIV Invalid, reincarnation in reverse direction
158 * goes through sRQ
159 *
160 * sNO, sRQ, sRS, sPO, sOP, sCR, sCG, sTW */
161 sIV, sIG, sIG, sIG, sIG, sIG, sIG, sIV,
162 },
163 [DCCP_PKT_ACK] = {
164 /*
165 * sNO -> sIV No connection
166 * sRQ -> sIV No connection
167 * sRS -> sPO Ack for Response, move to PARTOPEN (8.1.5.)
168 * sPO -> sPO Retransmitted Ack for Response, remain in PARTOPEN
169 * sOP -> sOP Regular ACK, remain in OPEN
170 * sCR -> sCR Ack in CLOSEREQ MAY be processed (8.3.)
171 * sCG -> sCG Ack in CLOSING MAY be processed (8.3.)
172 * sTW -> sIV
173 *
174 * sNO, sRQ, sRS, sPO, sOP, sCR, sCG, sTW */
175 sIV, sIV, sPO, sPO, sOP, sCR, sCG, sIV
176 },
177 [DCCP_PKT_DATA] = {
178 /*
179 * sNO -> sIV No connection
180 * sRQ -> sIV No connection
181 * sRS -> sIV No connection
182 * sPO -> sIV MUST use DataAck in PARTOPEN state (8.1.5.)
183 * sOP -> sOP Regular Data packet
184 * sCR -> sCR Data in CLOSEREQ MAY be processed (8.3.)
185 * sCG -> sCG Data in CLOSING MAY be processed (8.3.)
186 * sTW -> sIV
187 *
188 * sNO, sRQ, sRS, sPO, sOP, sCR, sCG, sTW */
189 sIV, sIV, sIV, sIV, sOP, sCR, sCG, sIV,
190 },
191 [DCCP_PKT_DATAACK] = {
192 /*
193 * sNO -> sIV No connection
194 * sRQ -> sIV No connection
195 * sRS -> sPO Ack for Response, move to PARTOPEN (8.1.5.)
196 * sPO -> sPO Remain in PARTOPEN state
197 * sOP -> sOP Regular DataAck packet in OPEN state
198 * sCR -> sCR DataAck in CLOSEREQ MAY be processed (8.3.)
199 * sCG -> sCG DataAck in CLOSING MAY be processed (8.3.)
200 * sTW -> sIV
201 *
202 * sNO, sRQ, sRS, sPO, sOP, sCR, sCG, sTW */
203 sIV, sIV, sPO, sPO, sOP, sCR, sCG, sIV
204 },
205 [DCCP_PKT_CLOSEREQ] = {
206 /*
207 * CLOSEREQ may only be sent by the server.
208 *
209 * sNO, sRQ, sRS, sPO, sOP, sCR, sCG, sTW */
210 sIV, sIV, sIV, sIV, sIV, sIV, sIV, sIV
211 },
212 [DCCP_PKT_CLOSE] = {
213 /*
214 * sNO -> sIV No connection
215 * sRQ -> sIV No connection
216 * sRS -> sIV No connection
217 * sPO -> sCG Client-initiated close
218 * sOP -> sCG Client-initiated close
219 * sCR -> sCG Close in response to CloseReq (8.3.)
220 * sCG -> sCG Retransmit
221 * sTW -> sIV Late retransmit, already in TIME_WAIT
222 *
223 * sNO, sRQ, sRS, sPO, sOP, sCR, sCG, sTW */
224 sIV, sIV, sIV, sCG, sCG, sCG, sIV, sIV
225 },
226 [DCCP_PKT_RESET] = {
227 /*
228 * sNO -> sIV No connection
229 * sRQ -> sTW Sync received or timeout, SHOULD send Reset (8.1.1.)
230 * sRS -> sTW Response received without Request
231 * sPO -> sTW Timeout, SHOULD send Reset (8.1.5.)
232 * sOP -> sTW Connection reset
233 * sCR -> sTW Connection reset
234 * sCG -> sTW Connection reset
235 * sTW -> sIG Ignore (don't refresh timer)
236 *
237 * sNO, sRQ, sRS, sPO, sOP, sCR, sCG, sTW */
238 sIV, sTW, sTW, sTW, sTW, sTW, sTW, sIG
239 },
240 [DCCP_PKT_SYNC] = {
241 /*
242 * We currently ignore Sync packets
243 *
244 * sNO, sRQ, sRS, sPO, sOP, sCR, sCG, sTW */
245 sIV, sIG, sIG, sIG, sIG, sIG, sIG, sIG,
246 },
247 [DCCP_PKT_SYNCACK] = {
248 /*
249 * We currently ignore SyncAck packets
250 *
251 * sNO, sRQ, sRS, sPO, sOP, sCR, sCG, sTW */
252 sIV, sIG, sIG, sIG, sIG, sIG, sIG, sIG,
253 },
254 },
255 [CT_DCCP_ROLE_SERVER] = {
256 [DCCP_PKT_REQUEST] = {
257 /*
258 * sNO -> sIV Invalid
259 * sRQ -> sIG Ignore, conntrack might be out of sync
260 * sRS -> sIG Ignore, conntrack might be out of sync
261 * sPO -> sIG Ignore, conntrack might be out of sync
262 * sOP -> sIG Ignore, conntrack might be out of sync
263 * sCR -> sIG Ignore, conntrack might be out of sync
264 * sCG -> sIG Ignore, conntrack might be out of sync
265 * sTW -> sRQ Reincarnation, must reverse roles
266 *
267 * sNO, sRQ, sRS, sPO, sOP, sCR, sCG, sTW */
268 sIV, sIG, sIG, sIG, sIG, sIG, sIG, sRQ
269 },
270 [DCCP_PKT_RESPONSE] = {
271 /*
272 * sNO -> sIV Response without Request
273 * sRQ -> sRS Response to clients Request
274 * sRS -> sRS Retransmitted Response (8.1.3. SHOULD NOT)
275 * sPO -> sIG Response to an ignored Request or late retransmit
276 * sOP -> sIG Ignore, might be response to ignored Request
277 * sCR -> sIG Ignore, might be response to ignored Request
278 * sCG -> sIG Ignore, might be response to ignored Request
279 * sTW -> sIV Invalid, Request from client in sTW moves to sRQ
280 *
281 * sNO, sRQ, sRS, sPO, sOP, sCR, sCG, sTW */
282 sIV, sRS, sRS, sIG, sIG, sIG, sIG, sIV
283 },
284 [DCCP_PKT_ACK] = {
285 /*
286 * sNO -> sIV No connection
287 * sRQ -> sIV No connection
288 * sRS -> sIV No connection
289 * sPO -> sOP Enter OPEN state (8.1.5.)
290 * sOP -> sOP Regular Ack in OPEN state
291 * sCR -> sIV Waiting for Close from client
292 * sCG -> sCG Ack in CLOSING MAY be processed (8.3.)
293 * sTW -> sIV
294 *
295 * sNO, sRQ, sRS, sPO, sOP, sCR, sCG, sTW */
296 sIV, sIV, sIV, sOP, sOP, sIV, sCG, sIV
297 },
298 [DCCP_PKT_DATA] = {
299 /*
300 * sNO -> sIV No connection
301 * sRQ -> sIV No connection
302 * sRS -> sIV No connection
303 * sPO -> sOP Enter OPEN state (8.1.5.)
304 * sOP -> sOP Regular Data packet in OPEN state
305 * sCR -> sIV Waiting for Close from client
306 * sCG -> sCG Data in CLOSING MAY be processed (8.3.)
307 * sTW -> sIV
308 *
309 * sNO, sRQ, sRS, sPO, sOP, sCR, sCG, sTW */
310 sIV, sIV, sIV, sOP, sOP, sIV, sCG, sIV
311 },
312 [DCCP_PKT_DATAACK] = {
313 /*
314 * sNO -> sIV No connection
315 * sRQ -> sIV No connection
316 * sRS -> sIV No connection
317 * sPO -> sOP Enter OPEN state (8.1.5.)
318 * sOP -> sOP Regular DataAck in OPEN state
319 * sCR -> sIV Waiting for Close from client
320 * sCG -> sCG Data in CLOSING MAY be processed (8.3.)
321 * sTW -> sIV
322 *
323 * sNO, sRQ, sRS, sPO, sOP, sCR, sCG, sTW */
324 sIV, sIV, sIV, sOP, sOP, sIV, sCG, sIV
325 },
326 [DCCP_PKT_CLOSEREQ] = {
327 /*
328 * sNO -> sIV No connection
329 * sRQ -> sIV No connection
330 * sRS -> sIV No connection
331 * sPO -> sOP -> sCR Move directly to CLOSEREQ (8.1.5.)
332 * sOP -> sCR CloseReq in OPEN state
333 * sCR -> sCR Retransmit
334 * sCG -> sCR Simultaneous close, client sends another Close
335 * sTW -> sIV Already closed
336 *
337 * sNO, sRQ, sRS, sPO, sOP, sCR, sCG, sTW */
338 sIV, sIV, sIV, sCR, sCR, sCR, sCR, sIV
339 },
340 [DCCP_PKT_CLOSE] = {
341 /*
342 * sNO -> sIV No connection
343 * sRQ -> sIV No connection
344 * sRS -> sIV No connection
345 * sPO -> sOP -> sCG Move direcly to CLOSING
346 * sOP -> sCG Move to CLOSING
347 * sCR -> sIV Close after CloseReq is invalid
348 * sCG -> sCG Retransmit
349 * sTW -> sIV Already closed
350 *
351 * sNO, sRQ, sRS, sPO, sOP, sCR, sCG, sTW */
352 sIV, sIV, sIV, sCG, sCG, sIV, sCG, sIV
353 },
354 [DCCP_PKT_RESET] = {
355 /*
356 * sNO -> sIV No connection
357 * sRQ -> sTW Reset in response to Request
358 * sRS -> sTW Timeout, SHOULD send Reset (8.1.3.)
359 * sPO -> sTW Timeout, SHOULD send Reset (8.1.3.)
360 * sOP -> sTW
361 * sCR -> sTW
362 * sCG -> sTW
363 * sTW -> sIG Ignore (don't refresh timer)
364 *
365 * sNO, sRQ, sRS, sPO, sOP, sCR, sCG, sTW, sTW */
366 sIV, sTW, sTW, sTW, sTW, sTW, sTW, sTW, sIG
367 },
368 [DCCP_PKT_SYNC] = {
369 /*
370 * We currently ignore Sync packets
371 *
372 * sNO, sRQ, sRS, sPO, sOP, sCR, sCG, sTW */
373 sIV, sIG, sIG, sIG, sIG, sIG, sIG, sIG,
374 },
375 [DCCP_PKT_SYNCACK] = {
376 /*
377 * We currently ignore SyncAck packets
378 *
379 * sNO, sRQ, sRS, sPO, sOP, sCR, sCG, sTW */
380 sIV, sIG, sIG, sIG, sIG, sIG, sIG, sIG,
381 },
382 },
383 };
384
385 static noinline bool
dccp_new(struct nf_conn * ct,const struct sk_buff * skb,const struct dccp_hdr * dh,const struct nf_hook_state * hook_state)386 dccp_new(struct nf_conn *ct, const struct sk_buff *skb,
387 const struct dccp_hdr *dh,
388 const struct nf_hook_state *hook_state)
389 {
390 struct net *net = nf_ct_net(ct);
391 struct nf_dccp_net *dn;
392 const char *msg;
393 u_int8_t state;
394
395 state = dccp_state_table[CT_DCCP_ROLE_CLIENT][dh->dccph_type][CT_DCCP_NONE];
396 switch (state) {
397 default:
398 dn = nf_dccp_pernet(net);
399 if (dn->dccp_loose == 0) {
400 msg = "not picking up existing connection ";
401 goto out_invalid;
402 }
403 break;
404 case CT_DCCP_REQUEST:
405 break;
406 case CT_DCCP_INVALID:
407 msg = "invalid state transition ";
408 goto out_invalid;
409 }
410
411 ct->proto.dccp.role[IP_CT_DIR_ORIGINAL] = CT_DCCP_ROLE_CLIENT;
412 ct->proto.dccp.role[IP_CT_DIR_REPLY] = CT_DCCP_ROLE_SERVER;
413 ct->proto.dccp.state = CT_DCCP_NONE;
414 ct->proto.dccp.last_pkt = DCCP_PKT_REQUEST;
415 ct->proto.dccp.last_dir = IP_CT_DIR_ORIGINAL;
416 ct->proto.dccp.handshake_seq = 0;
417 return true;
418
419 out_invalid:
420 nf_ct_l4proto_log_invalid(skb, ct, hook_state, "%s", msg);
421 return false;
422 }
423
dccp_ack_seq(const struct dccp_hdr * dh)424 static u64 dccp_ack_seq(const struct dccp_hdr *dh)
425 {
426 const struct dccp_hdr_ack_bits *dhack;
427
428 dhack = (void *)dh + __dccp_basic_hdr_len(dh);
429 return ((u64)ntohs(dhack->dccph_ack_nr_high) << 32) +
430 ntohl(dhack->dccph_ack_nr_low);
431 }
432
dccp_error(const struct dccp_hdr * dh,struct sk_buff * skb,unsigned int dataoff,const struct nf_hook_state * state)433 static bool dccp_error(const struct dccp_hdr *dh,
434 struct sk_buff *skb, unsigned int dataoff,
435 const struct nf_hook_state *state)
436 {
437 static const unsigned long require_seq48 = 1 << DCCP_PKT_REQUEST |
438 1 << DCCP_PKT_RESPONSE |
439 1 << DCCP_PKT_CLOSEREQ |
440 1 << DCCP_PKT_CLOSE |
441 1 << DCCP_PKT_RESET |
442 1 << DCCP_PKT_SYNC |
443 1 << DCCP_PKT_SYNCACK;
444 unsigned int dccp_len = skb->len - dataoff;
445 unsigned int cscov;
446 const char *msg;
447 u8 type;
448
449 BUILD_BUG_ON(DCCP_PKT_INVALID >= BITS_PER_LONG);
450
451 if (dh->dccph_doff * 4 < sizeof(struct dccp_hdr) ||
452 dh->dccph_doff * 4 > dccp_len) {
453 msg = "nf_ct_dccp: truncated/malformed packet ";
454 goto out_invalid;
455 }
456
457 cscov = dccp_len;
458 if (dh->dccph_cscov) {
459 cscov = (dh->dccph_cscov - 1) * 4;
460 if (cscov > dccp_len) {
461 msg = "nf_ct_dccp: bad checksum coverage ";
462 goto out_invalid;
463 }
464 }
465
466 if (state->hook == NF_INET_PRE_ROUTING &&
467 state->net->ct.sysctl_checksum &&
468 nf_checksum_partial(skb, state->hook, dataoff, cscov,
469 IPPROTO_DCCP, state->pf)) {
470 msg = "nf_ct_dccp: bad checksum ";
471 goto out_invalid;
472 }
473
474 type = dh->dccph_type;
475 if (type >= DCCP_PKT_INVALID) {
476 msg = "nf_ct_dccp: reserved packet type ";
477 goto out_invalid;
478 }
479
480 if (test_bit(type, &require_seq48) && !dh->dccph_x) {
481 msg = "nf_ct_dccp: type lacks 48bit sequence numbers";
482 goto out_invalid;
483 }
484
485 return false;
486 out_invalid:
487 nf_l4proto_log_invalid(skb, state, IPPROTO_DCCP, "%s", msg);
488 return true;
489 }
490
491 struct nf_conntrack_dccp_buf {
492 struct dccp_hdr dh; /* generic header part */
493 struct dccp_hdr_ext ext; /* optional depending dh->dccph_x */
494 union { /* depends on header type */
495 struct dccp_hdr_ack_bits ack;
496 struct dccp_hdr_request req;
497 struct dccp_hdr_response response;
498 struct dccp_hdr_reset rst;
499 } u;
500 };
501
502 static struct dccp_hdr *
dccp_header_pointer(const struct sk_buff * skb,int offset,const struct dccp_hdr * dh,struct nf_conntrack_dccp_buf * buf)503 dccp_header_pointer(const struct sk_buff *skb, int offset, const struct dccp_hdr *dh,
504 struct nf_conntrack_dccp_buf *buf)
505 {
506 unsigned int hdrlen = __dccp_hdr_len(dh);
507
508 if (hdrlen > sizeof(*buf))
509 return NULL;
510
511 return skb_header_pointer(skb, offset, hdrlen, buf);
512 }
513
nf_conntrack_dccp_packet(struct nf_conn * ct,struct sk_buff * skb,unsigned int dataoff,enum ip_conntrack_info ctinfo,const struct nf_hook_state * state)514 int nf_conntrack_dccp_packet(struct nf_conn *ct, struct sk_buff *skb,
515 unsigned int dataoff,
516 enum ip_conntrack_info ctinfo,
517 const struct nf_hook_state *state)
518 {
519 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
520 struct nf_conntrack_dccp_buf _dh;
521 u_int8_t type, old_state, new_state;
522 enum ct_dccp_roles role;
523 unsigned int *timeouts;
524 struct dccp_hdr *dh;
525
526 dh = skb_header_pointer(skb, dataoff, sizeof(*dh), &_dh.dh);
527 if (!dh)
528 return NF_DROP;
529
530 if (dccp_error(dh, skb, dataoff, state))
531 return -NF_ACCEPT;
532
533 /* pull again, including possible 48 bit sequences and subtype header */
534 dh = dccp_header_pointer(skb, dataoff, dh, &_dh);
535 if (!dh)
536 return NF_DROP;
537
538 type = dh->dccph_type;
539 if (!nf_ct_is_confirmed(ct) && !dccp_new(ct, skb, dh, state))
540 return -NF_ACCEPT;
541
542 if (type == DCCP_PKT_RESET &&
543 !test_bit(IPS_SEEN_REPLY_BIT, &ct->status)) {
544 /* Tear down connection immediately if only reply is a RESET */
545 nf_ct_kill_acct(ct, ctinfo, skb);
546 return NF_ACCEPT;
547 }
548
549 spin_lock_bh(&ct->lock);
550
551 role = ct->proto.dccp.role[dir];
552 old_state = ct->proto.dccp.state;
553 new_state = dccp_state_table[role][type][old_state];
554
555 switch (new_state) {
556 case CT_DCCP_REQUEST:
557 if (old_state == CT_DCCP_TIMEWAIT &&
558 role == CT_DCCP_ROLE_SERVER) {
559 /* Reincarnation in the reverse direction: reopen and
560 * reverse client/server roles. */
561 ct->proto.dccp.role[dir] = CT_DCCP_ROLE_CLIENT;
562 ct->proto.dccp.role[!dir] = CT_DCCP_ROLE_SERVER;
563 }
564 break;
565 case CT_DCCP_RESPOND:
566 if (old_state == CT_DCCP_REQUEST)
567 ct->proto.dccp.handshake_seq = dccp_hdr_seq(dh);
568 break;
569 case CT_DCCP_PARTOPEN:
570 if (old_state == CT_DCCP_RESPOND &&
571 type == DCCP_PKT_ACK &&
572 dccp_ack_seq(dh) == ct->proto.dccp.handshake_seq)
573 set_bit(IPS_ASSURED_BIT, &ct->status);
574 break;
575 case CT_DCCP_IGNORE:
576 /*
577 * Connection tracking might be out of sync, so we ignore
578 * packets that might establish a new connection and resync
579 * if the server responds with a valid Response.
580 */
581 if (ct->proto.dccp.last_dir == !dir &&
582 ct->proto.dccp.last_pkt == DCCP_PKT_REQUEST &&
583 type == DCCP_PKT_RESPONSE) {
584 ct->proto.dccp.role[!dir] = CT_DCCP_ROLE_CLIENT;
585 ct->proto.dccp.role[dir] = CT_DCCP_ROLE_SERVER;
586 ct->proto.dccp.handshake_seq = dccp_hdr_seq(dh);
587 new_state = CT_DCCP_RESPOND;
588 break;
589 }
590 ct->proto.dccp.last_dir = dir;
591 ct->proto.dccp.last_pkt = type;
592
593 spin_unlock_bh(&ct->lock);
594 nf_ct_l4proto_log_invalid(skb, ct, state, "%s", "invalid packet");
595 return NF_ACCEPT;
596 case CT_DCCP_INVALID:
597 spin_unlock_bh(&ct->lock);
598 nf_ct_l4proto_log_invalid(skb, ct, state, "%s", "invalid state transition");
599 return -NF_ACCEPT;
600 }
601
602 ct->proto.dccp.last_dir = dir;
603 ct->proto.dccp.last_pkt = type;
604 ct->proto.dccp.state = new_state;
605 spin_unlock_bh(&ct->lock);
606
607 if (new_state != old_state)
608 nf_conntrack_event_cache(IPCT_PROTOINFO, ct);
609
610 timeouts = nf_ct_timeout_lookup(ct);
611 if (!timeouts)
612 timeouts = nf_dccp_pernet(nf_ct_net(ct))->dccp_timeout;
613 nf_ct_refresh_acct(ct, ctinfo, skb, timeouts[new_state]);
614
615 return NF_ACCEPT;
616 }
617
dccp_can_early_drop(const struct nf_conn * ct)618 static bool dccp_can_early_drop(const struct nf_conn *ct)
619 {
620 switch (ct->proto.dccp.state) {
621 case CT_DCCP_CLOSEREQ:
622 case CT_DCCP_CLOSING:
623 case CT_DCCP_TIMEWAIT:
624 return true;
625 default:
626 break;
627 }
628
629 return false;
630 }
631
632 #ifdef CONFIG_NF_CONNTRACK_PROCFS
dccp_print_conntrack(struct seq_file * s,struct nf_conn * ct)633 static void dccp_print_conntrack(struct seq_file *s, struct nf_conn *ct)
634 {
635 seq_printf(s, "%s ", dccp_state_names[ct->proto.dccp.state]);
636 }
637 #endif
638
639 #if IS_ENABLED(CONFIG_NF_CT_NETLINK)
dccp_to_nlattr(struct sk_buff * skb,struct nlattr * nla,struct nf_conn * ct,bool destroy)640 static int dccp_to_nlattr(struct sk_buff *skb, struct nlattr *nla,
641 struct nf_conn *ct, bool destroy)
642 {
643 struct nlattr *nest_parms;
644
645 spin_lock_bh(&ct->lock);
646 nest_parms = nla_nest_start(skb, CTA_PROTOINFO_DCCP);
647 if (!nest_parms)
648 goto nla_put_failure;
649 if (nla_put_u8(skb, CTA_PROTOINFO_DCCP_STATE, ct->proto.dccp.state))
650 goto nla_put_failure;
651
652 if (destroy)
653 goto skip_state;
654
655 if (nla_put_u8(skb, CTA_PROTOINFO_DCCP_ROLE,
656 ct->proto.dccp.role[IP_CT_DIR_ORIGINAL]) ||
657 nla_put_be64(skb, CTA_PROTOINFO_DCCP_HANDSHAKE_SEQ,
658 cpu_to_be64(ct->proto.dccp.handshake_seq),
659 CTA_PROTOINFO_DCCP_PAD))
660 goto nla_put_failure;
661 skip_state:
662 nla_nest_end(skb, nest_parms);
663 spin_unlock_bh(&ct->lock);
664
665 return 0;
666
667 nla_put_failure:
668 spin_unlock_bh(&ct->lock);
669 return -1;
670 }
671
672 static const struct nla_policy dccp_nla_policy[CTA_PROTOINFO_DCCP_MAX + 1] = {
673 [CTA_PROTOINFO_DCCP_STATE] = { .type = NLA_U8 },
674 [CTA_PROTOINFO_DCCP_ROLE] = { .type = NLA_U8 },
675 [CTA_PROTOINFO_DCCP_HANDSHAKE_SEQ] = { .type = NLA_U64 },
676 [CTA_PROTOINFO_DCCP_PAD] = { .type = NLA_UNSPEC },
677 };
678
679 #define DCCP_NLATTR_SIZE ( \
680 NLA_ALIGN(NLA_HDRLEN + 1) + \
681 NLA_ALIGN(NLA_HDRLEN + 1) + \
682 NLA_ALIGN(NLA_HDRLEN + sizeof(u64)) + \
683 NLA_ALIGN(NLA_HDRLEN + 0))
684
nlattr_to_dccp(struct nlattr * cda[],struct nf_conn * ct)685 static int nlattr_to_dccp(struct nlattr *cda[], struct nf_conn *ct)
686 {
687 struct nlattr *attr = cda[CTA_PROTOINFO_DCCP];
688 struct nlattr *tb[CTA_PROTOINFO_DCCP_MAX + 1];
689 int err;
690
691 if (!attr)
692 return 0;
693
694 err = nla_parse_nested_deprecated(tb, CTA_PROTOINFO_DCCP_MAX, attr,
695 dccp_nla_policy, NULL);
696 if (err < 0)
697 return err;
698
699 if (!tb[CTA_PROTOINFO_DCCP_STATE] ||
700 !tb[CTA_PROTOINFO_DCCP_ROLE] ||
701 nla_get_u8(tb[CTA_PROTOINFO_DCCP_ROLE]) > CT_DCCP_ROLE_MAX ||
702 nla_get_u8(tb[CTA_PROTOINFO_DCCP_STATE]) >= CT_DCCP_IGNORE) {
703 return -EINVAL;
704 }
705
706 spin_lock_bh(&ct->lock);
707 ct->proto.dccp.state = nla_get_u8(tb[CTA_PROTOINFO_DCCP_STATE]);
708 if (nla_get_u8(tb[CTA_PROTOINFO_DCCP_ROLE]) == CT_DCCP_ROLE_CLIENT) {
709 ct->proto.dccp.role[IP_CT_DIR_ORIGINAL] = CT_DCCP_ROLE_CLIENT;
710 ct->proto.dccp.role[IP_CT_DIR_REPLY] = CT_DCCP_ROLE_SERVER;
711 } else {
712 ct->proto.dccp.role[IP_CT_DIR_ORIGINAL] = CT_DCCP_ROLE_SERVER;
713 ct->proto.dccp.role[IP_CT_DIR_REPLY] = CT_DCCP_ROLE_CLIENT;
714 }
715 if (tb[CTA_PROTOINFO_DCCP_HANDSHAKE_SEQ]) {
716 ct->proto.dccp.handshake_seq =
717 be64_to_cpu(nla_get_be64(tb[CTA_PROTOINFO_DCCP_HANDSHAKE_SEQ]));
718 }
719 spin_unlock_bh(&ct->lock);
720 return 0;
721 }
722 #endif
723
724 #ifdef CONFIG_NF_CONNTRACK_TIMEOUT
725
726 #include <linux/netfilter/nfnetlink.h>
727 #include <linux/netfilter/nfnetlink_cttimeout.h>
728
dccp_timeout_nlattr_to_obj(struct nlattr * tb[],struct net * net,void * data)729 static int dccp_timeout_nlattr_to_obj(struct nlattr *tb[],
730 struct net *net, void *data)
731 {
732 struct nf_dccp_net *dn = nf_dccp_pernet(net);
733 unsigned int *timeouts = data;
734 int i;
735
736 if (!timeouts)
737 timeouts = dn->dccp_timeout;
738
739 /* set default DCCP timeouts. */
740 for (i=0; i<CT_DCCP_MAX; i++)
741 timeouts[i] = dn->dccp_timeout[i];
742
743 /* there's a 1:1 mapping between attributes and protocol states. */
744 for (i=CTA_TIMEOUT_DCCP_UNSPEC+1; i<CTA_TIMEOUT_DCCP_MAX+1; i++) {
745 if (tb[i]) {
746 timeouts[i] = ntohl(nla_get_be32(tb[i])) * HZ;
747 }
748 }
749
750 timeouts[CTA_TIMEOUT_DCCP_UNSPEC] = timeouts[CTA_TIMEOUT_DCCP_REQUEST];
751 return 0;
752 }
753
754 static int
dccp_timeout_obj_to_nlattr(struct sk_buff * skb,const void * data)755 dccp_timeout_obj_to_nlattr(struct sk_buff *skb, const void *data)
756 {
757 const unsigned int *timeouts = data;
758 int i;
759
760 for (i=CTA_TIMEOUT_DCCP_UNSPEC+1; i<CTA_TIMEOUT_DCCP_MAX+1; i++) {
761 if (nla_put_be32(skb, i, htonl(timeouts[i] / HZ)))
762 goto nla_put_failure;
763 }
764 return 0;
765
766 nla_put_failure:
767 return -ENOSPC;
768 }
769
770 static const struct nla_policy
771 dccp_timeout_nla_policy[CTA_TIMEOUT_DCCP_MAX+1] = {
772 [CTA_TIMEOUT_DCCP_REQUEST] = { .type = NLA_U32 },
773 [CTA_TIMEOUT_DCCP_RESPOND] = { .type = NLA_U32 },
774 [CTA_TIMEOUT_DCCP_PARTOPEN] = { .type = NLA_U32 },
775 [CTA_TIMEOUT_DCCP_OPEN] = { .type = NLA_U32 },
776 [CTA_TIMEOUT_DCCP_CLOSEREQ] = { .type = NLA_U32 },
777 [CTA_TIMEOUT_DCCP_CLOSING] = { .type = NLA_U32 },
778 [CTA_TIMEOUT_DCCP_TIMEWAIT] = { .type = NLA_U32 },
779 };
780 #endif /* CONFIG_NF_CONNTRACK_TIMEOUT */
781
nf_conntrack_dccp_init_net(struct net * net)782 void nf_conntrack_dccp_init_net(struct net *net)
783 {
784 struct nf_dccp_net *dn = nf_dccp_pernet(net);
785
786 /* default values */
787 dn->dccp_loose = 1;
788 dn->dccp_timeout[CT_DCCP_REQUEST] = 2 * DCCP_MSL;
789 dn->dccp_timeout[CT_DCCP_RESPOND] = 4 * DCCP_MSL;
790 dn->dccp_timeout[CT_DCCP_PARTOPEN] = 4 * DCCP_MSL;
791 dn->dccp_timeout[CT_DCCP_OPEN] = 12 * 3600 * HZ;
792 dn->dccp_timeout[CT_DCCP_CLOSEREQ] = 64 * HZ;
793 dn->dccp_timeout[CT_DCCP_CLOSING] = 64 * HZ;
794 dn->dccp_timeout[CT_DCCP_TIMEWAIT] = 2 * DCCP_MSL;
795
796 /* timeouts[0] is unused, make it same as SYN_SENT so
797 * ->timeouts[0] contains 'new' timeout, like udp or icmp.
798 */
799 dn->dccp_timeout[CT_DCCP_NONE] = dn->dccp_timeout[CT_DCCP_REQUEST];
800 }
801
802 const struct nf_conntrack_l4proto nf_conntrack_l4proto_dccp = {
803 .l4proto = IPPROTO_DCCP,
804 .can_early_drop = dccp_can_early_drop,
805 #ifdef CONFIG_NF_CONNTRACK_PROCFS
806 .print_conntrack = dccp_print_conntrack,
807 #endif
808 #if IS_ENABLED(CONFIG_NF_CT_NETLINK)
809 .nlattr_size = DCCP_NLATTR_SIZE,
810 .to_nlattr = dccp_to_nlattr,
811 .from_nlattr = nlattr_to_dccp,
812 .tuple_to_nlattr = nf_ct_port_tuple_to_nlattr,
813 .nlattr_tuple_size = nf_ct_port_nlattr_tuple_size,
814 .nlattr_to_tuple = nf_ct_port_nlattr_to_tuple,
815 .nla_policy = nf_ct_port_nla_policy,
816 #endif
817 #ifdef CONFIG_NF_CONNTRACK_TIMEOUT
818 .ctnl_timeout = {
819 .nlattr_to_obj = dccp_timeout_nlattr_to_obj,
820 .obj_to_nlattr = dccp_timeout_obj_to_nlattr,
821 .nlattr_max = CTA_TIMEOUT_DCCP_MAX,
822 .obj_size = sizeof(unsigned int) * CT_DCCP_MAX,
823 .nla_policy = dccp_timeout_nla_policy,
824 },
825 #endif /* CONFIG_NF_CONNTRACK_TIMEOUT */
826 };
827