xref: /openbmc/linux/net/dccp/ipv4.c (revision d5cb9783536a41df9f9cba5b0a1d78047ed787f7)
1 /*
2  *  net/dccp/ipv4.c
3  *
4  *  An implementation of the DCCP protocol
5  *  Arnaldo Carvalho de Melo <acme@conectiva.com.br>
6  *
7  *	This program is free software; you can redistribute it and/or
8  *	modify it under the terms of the GNU General Public License
9  *	as published by the Free Software Foundation; either version
10  *	2 of the License, or (at your option) any later version.
11  */
12 
13 #include <linux/config.h>
14 #include <linux/dccp.h>
15 #include <linux/icmp.h>
16 #include <linux/module.h>
17 #include <linux/skbuff.h>
18 #include <linux/random.h>
19 
20 #include <net/icmp.h>
21 #include <net/inet_hashtables.h>
22 #include <net/sock.h>
23 #include <net/tcp_states.h>
24 #include <net/xfrm.h>
25 
26 #include "ackvec.h"
27 #include "ccid.h"
28 #include "dccp.h"
29 
30 struct inet_hashinfo __cacheline_aligned dccp_hashinfo = {
31 	.lhash_lock	= RW_LOCK_UNLOCKED,
32 	.lhash_users	= ATOMIC_INIT(0),
33 	.lhash_wait = __WAIT_QUEUE_HEAD_INITIALIZER(dccp_hashinfo.lhash_wait),
34 	.portalloc_lock	= SPIN_LOCK_UNLOCKED,
35 	.port_rover	= 1024 - 1,
36 };
37 
38 EXPORT_SYMBOL_GPL(dccp_hashinfo);
39 
40 static int dccp_v4_get_port(struct sock *sk, const unsigned short snum)
41 {
42 	return inet_csk_get_port(&dccp_hashinfo, sk, snum);
43 }
44 
45 static void dccp_v4_hash(struct sock *sk)
46 {
47 	inet_hash(&dccp_hashinfo, sk);
48 }
49 
50 static void dccp_v4_unhash(struct sock *sk)
51 {
52 	inet_unhash(&dccp_hashinfo, sk);
53 }
54 
55 /* called with local bh disabled */
56 static int __dccp_v4_check_established(struct sock *sk, const __u16 lport,
57 				      struct inet_timewait_sock **twp)
58 {
59 	struct inet_sock *inet = inet_sk(sk);
60 	const u32 daddr = inet->rcv_saddr;
61 	const u32 saddr = inet->daddr;
62 	const int dif = sk->sk_bound_dev_if;
63 	INET_ADDR_COOKIE(acookie, saddr, daddr)
64 	const __u32 ports = INET_COMBINED_PORTS(inet->dport, lport);
65 	unsigned int hash = inet_ehashfn(daddr, lport, saddr, inet->dport);
66 	struct inet_ehash_bucket *head = inet_ehash_bucket(&dccp_hashinfo, hash);
67 	const struct sock *sk2;
68 	const struct hlist_node *node;
69 	struct inet_timewait_sock *tw;
70 
71 	prefetch(head->chain.first);
72 	write_lock(&head->lock);
73 
74 	/* Check TIME-WAIT sockets first. */
75 	sk_for_each(sk2, node, &(head + dccp_hashinfo.ehash_size)->chain) {
76 		tw = inet_twsk(sk2);
77 
78 		if (INET_TW_MATCH(sk2, hash, acookie, saddr, daddr, ports, dif))
79 			goto not_unique;
80 	}
81 	tw = NULL;
82 
83 	/* And established part... */
84 	sk_for_each(sk2, node, &head->chain) {
85 		if (INET_MATCH(sk2, hash, acookie, saddr, daddr, ports, dif))
86 			goto not_unique;
87 	}
88 
89 	/* Must record num and sport now. Otherwise we will see
90 	 * in hash table socket with a funny identity. */
91 	inet->num = lport;
92 	inet->sport = htons(lport);
93 	sk->sk_hash = hash;
94 	BUG_TRAP(sk_unhashed(sk));
95 	__sk_add_node(sk, &head->chain);
96 	sock_prot_inc_use(sk->sk_prot);
97 	write_unlock(&head->lock);
98 
99 	if (twp != NULL) {
100 		*twp = tw;
101 		NET_INC_STATS_BH(LINUX_MIB_TIMEWAITRECYCLED);
102 	} else if (tw != NULL) {
103 		/* Silly. Should hash-dance instead... */
104 		inet_twsk_deschedule(tw, &dccp_death_row);
105 		NET_INC_STATS_BH(LINUX_MIB_TIMEWAITRECYCLED);
106 
107 		inet_twsk_put(tw);
108 	}
109 
110 	return 0;
111 
112 not_unique:
113 	write_unlock(&head->lock);
114 	return -EADDRNOTAVAIL;
115 }
116 
117 /*
118  * Bind a port for a connect operation and hash it.
119  */
120 static int dccp_v4_hash_connect(struct sock *sk)
121 {
122 	const unsigned short snum = inet_sk(sk)->num;
123  	struct inet_bind_hashbucket *head;
124  	struct inet_bind_bucket *tb;
125 	int ret;
126 
127  	if (snum == 0) {
128  		int rover;
129  		int low = sysctl_local_port_range[0];
130  		int high = sysctl_local_port_range[1];
131  		int remaining = (high - low) + 1;
132 		struct hlist_node *node;
133  		struct inet_timewait_sock *tw = NULL;
134 
135  		local_bh_disable();
136 
137  		/* TODO. Actually it is not so bad idea to remove
138  		 * dccp_hashinfo.portalloc_lock before next submission to
139 		 * Linus.
140  		 * As soon as we touch this place at all it is time to think.
141  		 *
142  		 * Now it protects single _advisory_ variable
143 		 * dccp_hashinfo.port_rover, hence it is mostly useless.
144  		 * Code will work nicely if we just delete it, but
145  		 * I am afraid in contented case it will work not better or
146  		 * even worse: another cpu just will hit the same bucket
147  		 * and spin there.
148  		 * So some cpu salt could remove both contention and
149  		 * memory pingpong. Any ideas how to do this in a nice way?
150  		 */
151  		spin_lock(&dccp_hashinfo.portalloc_lock);
152  		rover = dccp_hashinfo.port_rover;
153 
154  		do {
155  			rover++;
156  			if ((rover < low) || (rover > high))
157  				rover = low;
158  			head = &dccp_hashinfo.bhash[inet_bhashfn(rover,
159 						    dccp_hashinfo.bhash_size)];
160  			spin_lock(&head->lock);
161 
162  			/* Does not bother with rcv_saddr checks,
163  			 * because the established check is already
164  			 * unique enough.
165  			 */
166 			inet_bind_bucket_for_each(tb, node, &head->chain) {
167  				if (tb->port == rover) {
168  					BUG_TRAP(!hlist_empty(&tb->owners));
169  					if (tb->fastreuse >= 0)
170  						goto next_port;
171  					if (!__dccp_v4_check_established(sk,
172 									 rover,
173 									 &tw))
174  						goto ok;
175  					goto next_port;
176  				}
177  			}
178 
179  			tb = inet_bind_bucket_create(dccp_hashinfo.bind_bucket_cachep,
180 						     head, rover);
181  			if (tb == NULL) {
182  				spin_unlock(&head->lock);
183  				break;
184  			}
185  			tb->fastreuse = -1;
186  			goto ok;
187 
188  		next_port:
189  			spin_unlock(&head->lock);
190  		} while (--remaining > 0);
191  		dccp_hashinfo.port_rover = rover;
192  		spin_unlock(&dccp_hashinfo.portalloc_lock);
193 
194  		local_bh_enable();
195 
196  		return -EADDRNOTAVAIL;
197 
198 ok:
199  		/* All locks still held and bhs disabled */
200  		dccp_hashinfo.port_rover = rover;
201  		spin_unlock(&dccp_hashinfo.portalloc_lock);
202 
203  		inet_bind_hash(sk, tb, rover);
204 		if (sk_unhashed(sk)) {
205  			inet_sk(sk)->sport = htons(rover);
206  			__inet_hash(&dccp_hashinfo, sk, 0);
207  		}
208  		spin_unlock(&head->lock);
209 
210  		if (tw != NULL) {
211  			inet_twsk_deschedule(tw, &dccp_death_row);
212  			inet_twsk_put(tw);
213  		}
214 
215 		ret = 0;
216 		goto out;
217  	}
218 
219  	head = &dccp_hashinfo.bhash[inet_bhashfn(snum,
220 						 dccp_hashinfo.bhash_size)];
221  	tb   = inet_csk(sk)->icsk_bind_hash;
222 	spin_lock_bh(&head->lock);
223 	if (sk_head(&tb->owners) == sk && sk->sk_bind_node.next == NULL) {
224 		__inet_hash(&dccp_hashinfo, sk, 0);
225 		spin_unlock_bh(&head->lock);
226 		return 0;
227 	} else {
228 		spin_unlock(&head->lock);
229 		/* No definite answer... Walk to established hash table */
230 		ret = __dccp_v4_check_established(sk, snum, NULL);
231 out:
232 		local_bh_enable();
233 		return ret;
234 	}
235 }
236 
237 static int dccp_v4_connect(struct sock *sk, struct sockaddr *uaddr,
238 			   int addr_len)
239 {
240 	struct inet_sock *inet = inet_sk(sk);
241 	struct dccp_sock *dp = dccp_sk(sk);
242 	const struct sockaddr_in *usin = (struct sockaddr_in *)uaddr;
243 	struct rtable *rt;
244 	u32 daddr, nexthop;
245 	int tmp;
246 	int err;
247 
248 	dp->dccps_role = DCCP_ROLE_CLIENT;
249 
250 	if (dccp_service_not_initialized(sk))
251 		return -EPROTO;
252 
253 	if (addr_len < sizeof(struct sockaddr_in))
254 		return -EINVAL;
255 
256 	if (usin->sin_family != AF_INET)
257 		return -EAFNOSUPPORT;
258 
259 	nexthop = daddr = usin->sin_addr.s_addr;
260 	if (inet->opt != NULL && inet->opt->srr) {
261 		if (daddr == 0)
262 			return -EINVAL;
263 		nexthop = inet->opt->faddr;
264 	}
265 
266 	tmp = ip_route_connect(&rt, nexthop, inet->saddr,
267 			       RT_CONN_FLAGS(sk), sk->sk_bound_dev_if,
268 			       IPPROTO_DCCP,
269 			       inet->sport, usin->sin_port, sk);
270 	if (tmp < 0)
271 		return tmp;
272 
273 	if (rt->rt_flags & (RTCF_MULTICAST | RTCF_BROADCAST)) {
274 		ip_rt_put(rt);
275 		return -ENETUNREACH;
276 	}
277 
278 	if (inet->opt == NULL || !inet->opt->srr)
279 		daddr = rt->rt_dst;
280 
281 	if (inet->saddr == 0)
282 		inet->saddr = rt->rt_src;
283 	inet->rcv_saddr = inet->saddr;
284 
285 	inet->dport = usin->sin_port;
286 	inet->daddr = daddr;
287 
288 	dp->dccps_ext_header_len = 0;
289 	if (inet->opt != NULL)
290 		dp->dccps_ext_header_len = inet->opt->optlen;
291 	/*
292 	 * Socket identity is still unknown (sport may be zero).
293 	 * However we set state to DCCP_REQUESTING and not releasing socket
294 	 * lock select source port, enter ourselves into the hash tables and
295 	 * complete initialization after this.
296 	 */
297 	dccp_set_state(sk, DCCP_REQUESTING);
298 	err = dccp_v4_hash_connect(sk);
299 	if (err != 0)
300 		goto failure;
301 
302 	err = ip_route_newports(&rt, inet->sport, inet->dport, sk);
303 	if (err != 0)
304 		goto failure;
305 
306 	/* OK, now commit destination to socket.  */
307 	sk_setup_caps(sk, &rt->u.dst);
308 
309 	dp->dccps_gar =
310 		dp->dccps_iss = secure_dccp_sequence_number(inet->saddr,
311 							    inet->daddr,
312 							    inet->sport,
313 							    usin->sin_port);
314 	dccp_update_gss(sk, dp->dccps_iss);
315 
316 	/*
317 	 * SWL and AWL are initially adjusted so that they are not less than
318 	 * the initial Sequence Numbers received and sent, respectively:
319 	 *	SWL := max(GSR + 1 - floor(W/4), ISR),
320 	 *	AWL := max(GSS - W' + 1, ISS).
321 	 * These adjustments MUST be applied only at the beginning of the
322 	 * connection.
323 	 */
324 	dccp_set_seqno(&dp->dccps_awl, max48(dp->dccps_awl, dp->dccps_iss));
325 
326 	inet->id = dp->dccps_iss ^ jiffies;
327 
328 	err = dccp_connect(sk);
329 	rt = NULL;
330 	if (err != 0)
331 		goto failure;
332 out:
333 	return err;
334 failure:
335 	/*
336 	 * This unhashes the socket and releases the local port, if necessary.
337 	 */
338 	dccp_set_state(sk, DCCP_CLOSED);
339 	ip_rt_put(rt);
340 	sk->sk_route_caps = 0;
341 	inet->dport = 0;
342 	goto out;
343 }
344 
345 /*
346  * This routine does path mtu discovery as defined in RFC1191.
347  */
348 static inline void dccp_do_pmtu_discovery(struct sock *sk,
349 					  const struct iphdr *iph,
350 					  u32 mtu)
351 {
352 	struct dst_entry *dst;
353 	const struct inet_sock *inet = inet_sk(sk);
354 	const struct dccp_sock *dp = dccp_sk(sk);
355 
356 	/* We are not interested in DCCP_LISTEN and request_socks (RESPONSEs
357 	 * send out by Linux are always < 576bytes so they should go through
358 	 * unfragmented).
359 	 */
360 	if (sk->sk_state == DCCP_LISTEN)
361 		return;
362 
363 	/* We don't check in the destentry if pmtu discovery is forbidden
364 	 * on this route. We just assume that no packet_to_big packets
365 	 * are send back when pmtu discovery is not active.
366      	 * There is a small race when the user changes this flag in the
367 	 * route, but I think that's acceptable.
368 	 */
369 	if ((dst = __sk_dst_check(sk, 0)) == NULL)
370 		return;
371 
372 	dst->ops->update_pmtu(dst, mtu);
373 
374 	/* Something is about to be wrong... Remember soft error
375 	 * for the case, if this connection will not able to recover.
376 	 */
377 	if (mtu < dst_mtu(dst) && ip_dont_fragment(sk, dst))
378 		sk->sk_err_soft = EMSGSIZE;
379 
380 	mtu = dst_mtu(dst);
381 
382 	if (inet->pmtudisc != IP_PMTUDISC_DONT &&
383 	    dp->dccps_pmtu_cookie > mtu) {
384 		dccp_sync_mss(sk, mtu);
385 
386 		/*
387 		 * From: draft-ietf-dccp-spec-11.txt
388 		 *
389 		 *	DCCP-Sync packets are the best choice for upward
390 		 *	probing, since DCCP-Sync probes do not risk application
391 		 *	data loss.
392 		 */
393 		dccp_send_sync(sk, dp->dccps_gsr, DCCP_PKT_SYNC);
394 	} /* else let the usual retransmit timer handle it */
395 }
396 
397 static void dccp_v4_ctl_send_ack(struct sk_buff *rxskb)
398 {
399 	int err;
400 	struct dccp_hdr *rxdh = dccp_hdr(rxskb), *dh;
401 	const int dccp_hdr_ack_len = sizeof(struct dccp_hdr) +
402 				     sizeof(struct dccp_hdr_ext) +
403 				     sizeof(struct dccp_hdr_ack_bits);
404 	struct sk_buff *skb;
405 
406 	if (((struct rtable *)rxskb->dst)->rt_type != RTN_LOCAL)
407 		return;
408 
409 	skb = alloc_skb(MAX_DCCP_HEADER + 15, GFP_ATOMIC);
410 	if (skb == NULL)
411 		return;
412 
413 	/* Reserve space for headers. */
414 	skb_reserve(skb, MAX_DCCP_HEADER);
415 
416 	skb->dst = dst_clone(rxskb->dst);
417 
418 	skb->h.raw = skb_push(skb, dccp_hdr_ack_len);
419 	dh = dccp_hdr(skb);
420 	memset(dh, 0, dccp_hdr_ack_len);
421 
422 	/* Build DCCP header and checksum it. */
423 	dh->dccph_type	   = DCCP_PKT_ACK;
424 	dh->dccph_sport	   = rxdh->dccph_dport;
425 	dh->dccph_dport	   = rxdh->dccph_sport;
426 	dh->dccph_doff	   = dccp_hdr_ack_len / 4;
427 	dh->dccph_x	   = 1;
428 
429 	dccp_hdr_set_seq(dh, DCCP_SKB_CB(rxskb)->dccpd_ack_seq);
430 	dccp_hdr_set_ack(dccp_hdr_ack_bits(skb),
431 			 DCCP_SKB_CB(rxskb)->dccpd_seq);
432 
433 	bh_lock_sock(dccp_ctl_socket->sk);
434 	err = ip_build_and_send_pkt(skb, dccp_ctl_socket->sk,
435 				    rxskb->nh.iph->daddr,
436 				    rxskb->nh.iph->saddr, NULL);
437 	bh_unlock_sock(dccp_ctl_socket->sk);
438 
439 	if (err == NET_XMIT_CN || err == 0) {
440 		DCCP_INC_STATS_BH(DCCP_MIB_OUTSEGS);
441 		DCCP_INC_STATS_BH(DCCP_MIB_OUTRSTS);
442 	}
443 }
444 
445 static void dccp_v4_reqsk_send_ack(struct sk_buff *skb,
446 				   struct request_sock *req)
447 {
448 	dccp_v4_ctl_send_ack(skb);
449 }
450 
451 static int dccp_v4_send_response(struct sock *sk, struct request_sock *req,
452 				 struct dst_entry *dst)
453 {
454 	int err = -1;
455 	struct sk_buff *skb;
456 
457 	/* First, grab a route. */
458 
459 	if (dst == NULL && (dst = inet_csk_route_req(sk, req)) == NULL)
460 		goto out;
461 
462 	skb = dccp_make_response(sk, dst, req);
463 	if (skb != NULL) {
464 		const struct inet_request_sock *ireq = inet_rsk(req);
465 
466 		memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt));
467 		err = ip_build_and_send_pkt(skb, sk, ireq->loc_addr,
468 					    ireq->rmt_addr,
469 					    ireq->opt);
470 		if (err == NET_XMIT_CN)
471 			err = 0;
472 	}
473 
474 out:
475 	dst_release(dst);
476 	return err;
477 }
478 
479 /*
480  * This routine is called by the ICMP module when it gets some sort of error
481  * condition. If err < 0 then the socket should be closed and the error
482  * returned to the user. If err > 0 it's just the icmp type << 8 | icmp code.
483  * After adjustment header points to the first 8 bytes of the tcp header. We
484  * need to find the appropriate port.
485  *
486  * The locking strategy used here is very "optimistic". When someone else
487  * accesses the socket the ICMP is just dropped and for some paths there is no
488  * check at all. A more general error queue to queue errors for later handling
489  * is probably better.
490  */
491 void dccp_v4_err(struct sk_buff *skb, u32 info)
492 {
493 	const struct iphdr *iph = (struct iphdr *)skb->data;
494 	const struct dccp_hdr *dh = (struct dccp_hdr *)(skb->data +
495 							(iph->ihl << 2));
496 	struct dccp_sock *dp;
497 	struct inet_sock *inet;
498 	const int type = skb->h.icmph->type;
499 	const int code = skb->h.icmph->code;
500 	struct sock *sk;
501 	__u64 seq;
502 	int err;
503 
504 	if (skb->len < (iph->ihl << 2) + 8) {
505 		ICMP_INC_STATS_BH(ICMP_MIB_INERRORS);
506 		return;
507 	}
508 
509 	sk = inet_lookup(&dccp_hashinfo, iph->daddr, dh->dccph_dport,
510 			 iph->saddr, dh->dccph_sport, inet_iif(skb));
511 	if (sk == NULL) {
512 		ICMP_INC_STATS_BH(ICMP_MIB_INERRORS);
513 		return;
514 	}
515 
516 	if (sk->sk_state == DCCP_TIME_WAIT) {
517 		inet_twsk_put((struct inet_timewait_sock *)sk);
518 		return;
519 	}
520 
521 	bh_lock_sock(sk);
522 	/* If too many ICMPs get dropped on busy
523 	 * servers this needs to be solved differently.
524 	 */
525 	if (sock_owned_by_user(sk))
526 		NET_INC_STATS_BH(LINUX_MIB_LOCKDROPPEDICMPS);
527 
528 	if (sk->sk_state == DCCP_CLOSED)
529 		goto out;
530 
531 	dp = dccp_sk(sk);
532 	seq = dccp_hdr_seq(skb);
533 	if (sk->sk_state != DCCP_LISTEN &&
534 	    !between48(seq, dp->dccps_swl, dp->dccps_swh)) {
535 		NET_INC_STATS(LINUX_MIB_OUTOFWINDOWICMPS);
536 		goto out;
537 	}
538 
539 	switch (type) {
540 	case ICMP_SOURCE_QUENCH:
541 		/* Just silently ignore these. */
542 		goto out;
543 	case ICMP_PARAMETERPROB:
544 		err = EPROTO;
545 		break;
546 	case ICMP_DEST_UNREACH:
547 		if (code > NR_ICMP_UNREACH)
548 			goto out;
549 
550 		if (code == ICMP_FRAG_NEEDED) { /* PMTU discovery (RFC1191) */
551 			if (!sock_owned_by_user(sk))
552 				dccp_do_pmtu_discovery(sk, iph, info);
553 			goto out;
554 		}
555 
556 		err = icmp_err_convert[code].errno;
557 		break;
558 	case ICMP_TIME_EXCEEDED:
559 		err = EHOSTUNREACH;
560 		break;
561 	default:
562 		goto out;
563 	}
564 
565 	switch (sk->sk_state) {
566 		struct request_sock *req , **prev;
567 	case DCCP_LISTEN:
568 		if (sock_owned_by_user(sk))
569 			goto out;
570 		req = inet_csk_search_req(sk, &prev, dh->dccph_dport,
571 					  iph->daddr, iph->saddr);
572 		if (!req)
573 			goto out;
574 
575 		/*
576 		 * ICMPs are not backlogged, hence we cannot get an established
577 		 * socket here.
578 		 */
579 		BUG_TRAP(!req->sk);
580 
581 		if (seq != dccp_rsk(req)->dreq_iss) {
582 			NET_INC_STATS_BH(LINUX_MIB_OUTOFWINDOWICMPS);
583 			goto out;
584 		}
585 		/*
586 		 * Still in RESPOND, just remove it silently.
587 		 * There is no good way to pass the error to the newly
588 		 * created socket, and POSIX does not want network
589 		 * errors returned from accept().
590 		 */
591 		inet_csk_reqsk_queue_drop(sk, req, prev);
592 		goto out;
593 
594 	case DCCP_REQUESTING:
595 	case DCCP_RESPOND:
596 		if (!sock_owned_by_user(sk)) {
597 			DCCP_INC_STATS_BH(DCCP_MIB_ATTEMPTFAILS);
598 			sk->sk_err = err;
599 
600 			sk->sk_error_report(sk);
601 
602 			dccp_done(sk);
603 		} else
604 			sk->sk_err_soft = err;
605 		goto out;
606 	}
607 
608 	/* If we've already connected we will keep trying
609 	 * until we time out, or the user gives up.
610 	 *
611 	 * rfc1122 4.2.3.9 allows to consider as hard errors
612 	 * only PROTO_UNREACH and PORT_UNREACH (well, FRAG_FAILED too,
613 	 * but it is obsoleted by pmtu discovery).
614 	 *
615 	 * Note, that in modern internet, where routing is unreliable
616 	 * and in each dark corner broken firewalls sit, sending random
617 	 * errors ordered by their masters even this two messages finally lose
618 	 * their original sense (even Linux sends invalid PORT_UNREACHs)
619 	 *
620 	 * Now we are in compliance with RFCs.
621 	 *							--ANK (980905)
622 	 */
623 
624 	inet = inet_sk(sk);
625 	if (!sock_owned_by_user(sk) && inet->recverr) {
626 		sk->sk_err = err;
627 		sk->sk_error_report(sk);
628 	} else /* Only an error on timeout */
629 		sk->sk_err_soft = err;
630 out:
631 	bh_unlock_sock(sk);
632 	sock_put(sk);
633 }
634 
635 int dccp_v4_send_reset(struct sock *sk, enum dccp_reset_codes code)
636 {
637 	struct sk_buff *skb;
638 	/*
639 	 * FIXME: what if rebuild_header fails?
640 	 * Should we be doing a rebuild_header here?
641 	 */
642 	int err = inet_sk_rebuild_header(sk);
643 
644 	if (err != 0)
645 		return err;
646 
647 	skb = dccp_make_reset(sk, sk->sk_dst_cache, code);
648 	if (skb != NULL) {
649 		const struct inet_sock *inet = inet_sk(sk);
650 
651 		memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt));
652 		err = ip_build_and_send_pkt(skb, sk,
653 					    inet->saddr, inet->daddr, NULL);
654 		if (err == NET_XMIT_CN)
655 			err = 0;
656 	}
657 
658 	return err;
659 }
660 
661 static inline u64 dccp_v4_init_sequence(const struct sock *sk,
662 					const struct sk_buff *skb)
663 {
664 	return secure_dccp_sequence_number(skb->nh.iph->daddr,
665 					   skb->nh.iph->saddr,
666 					   dccp_hdr(skb)->dccph_dport,
667 					   dccp_hdr(skb)->dccph_sport);
668 }
669 
670 static inline int dccp_bad_service_code(const struct sock *sk,
671 					const __u32 service)
672 {
673 	const struct dccp_sock *dp = dccp_sk(sk);
674 
675 	if (dp->dccps_service == service)
676 		return 0;
677 	return !dccp_list_has_service(dp->dccps_service_list, service);
678 }
679 
680 int dccp_v4_conn_request(struct sock *sk, struct sk_buff *skb)
681 {
682 	struct inet_request_sock *ireq;
683 	struct dccp_sock dp;
684 	struct request_sock *req;
685 	struct dccp_request_sock *dreq;
686 	const __u32 saddr = skb->nh.iph->saddr;
687 	const __u32 daddr = skb->nh.iph->daddr;
688  	const __u32 service = dccp_hdr_request(skb)->dccph_req_service;
689 	struct dccp_skb_cb *dcb = DCCP_SKB_CB(skb);
690 	__u8 reset_code = DCCP_RESET_CODE_TOO_BUSY;
691 	struct dst_entry *dst = NULL;
692 
693 	/* Never answer to DCCP_PKT_REQUESTs send to broadcast or multicast */
694 	if (((struct rtable *)skb->dst)->rt_flags &
695 	    (RTCF_BROADCAST | RTCF_MULTICAST)) {
696 		reset_code = DCCP_RESET_CODE_NO_CONNECTION;
697 		goto drop;
698 	}
699 
700 	if (dccp_bad_service_code(sk, service)) {
701 		reset_code = DCCP_RESET_CODE_BAD_SERVICE_CODE;
702 		goto drop;
703  	}
704 	/*
705 	 * TW buckets are converted to open requests without
706 	 * limitations, they conserve resources and peer is
707 	 * evidently real one.
708 	 */
709 	if (inet_csk_reqsk_queue_is_full(sk))
710 		goto drop;
711 
712 	/*
713 	 * Accept backlog is full. If we have already queued enough
714 	 * of warm entries in syn queue, drop request. It is better than
715 	 * clogging syn queue with openreqs with exponentially increasing
716 	 * timeout.
717 	 */
718 	if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1)
719 		goto drop;
720 
721 	req = reqsk_alloc(sk->sk_prot->rsk_prot);
722 	if (req == NULL)
723 		goto drop;
724 
725 	/* FIXME: process options */
726 
727 	dccp_openreq_init(req, &dp, skb);
728 
729 	ireq = inet_rsk(req);
730 	ireq->loc_addr = daddr;
731 	ireq->rmt_addr = saddr;
732 	/* FIXME: Merge Aristeu's option parsing code when ready */
733 	req->rcv_wnd	= 100; /* Fake, option parsing will get the
734 				  right value */
735 	ireq->opt	= NULL;
736 
737 	/*
738 	 * Step 3: Process LISTEN state
739 	 *
740 	 * Set S.ISR, S.GSR, S.SWL, S.SWH from packet or Init Cookie
741 	 *
742 	 * In fact we defer setting S.GSR, S.SWL, S.SWH to
743 	 * dccp_create_openreq_child.
744 	 */
745 	dreq = dccp_rsk(req);
746 	dreq->dreq_isr	   = dcb->dccpd_seq;
747 	dreq->dreq_iss	   = dccp_v4_init_sequence(sk, skb);
748 	dreq->dreq_service = service;
749 
750 	if (dccp_v4_send_response(sk, req, dst))
751 		goto drop_and_free;
752 
753 	inet_csk_reqsk_queue_hash_add(sk, req, DCCP_TIMEOUT_INIT);
754 	return 0;
755 
756 drop_and_free:
757 	/*
758 	 * FIXME: should be reqsk_free after implementing req->rsk_ops
759 	 */
760 	__reqsk_free(req);
761 drop:
762 	DCCP_INC_STATS_BH(DCCP_MIB_ATTEMPTFAILS);
763 	dcb->dccpd_reset_code = reset_code;
764 	return -1;
765 }
766 
767 /*
768  * The three way handshake has completed - we got a valid ACK or DATAACK -
769  * now create the new socket.
770  *
771  * This is the equivalent of TCP's tcp_v4_syn_recv_sock
772  */
773 struct sock *dccp_v4_request_recv_sock(struct sock *sk, struct sk_buff *skb,
774 				       struct request_sock *req,
775 				       struct dst_entry *dst)
776 {
777 	struct inet_request_sock *ireq;
778 	struct inet_sock *newinet;
779 	struct dccp_sock *newdp;
780 	struct sock *newsk;
781 
782 	if (sk_acceptq_is_full(sk))
783 		goto exit_overflow;
784 
785 	if (dst == NULL && (dst = inet_csk_route_req(sk, req)) == NULL)
786 		goto exit;
787 
788 	newsk = dccp_create_openreq_child(sk, req, skb);
789 	if (newsk == NULL)
790 		goto exit;
791 
792 	sk_setup_caps(newsk, dst);
793 
794 	newdp		   = dccp_sk(newsk);
795 	newinet		   = inet_sk(newsk);
796 	ireq		   = inet_rsk(req);
797 	newinet->daddr	   = ireq->rmt_addr;
798 	newinet->rcv_saddr = ireq->loc_addr;
799 	newinet->saddr	   = ireq->loc_addr;
800 	newinet->opt	   = ireq->opt;
801 	ireq->opt	   = NULL;
802 	newinet->mc_index  = inet_iif(skb);
803 	newinet->mc_ttl	   = skb->nh.iph->ttl;
804 	newinet->id	   = jiffies;
805 
806 	dccp_sync_mss(newsk, dst_mtu(dst));
807 
808 	__inet_hash(&dccp_hashinfo, newsk, 0);
809 	__inet_inherit_port(&dccp_hashinfo, sk, newsk);
810 
811 	return newsk;
812 
813 exit_overflow:
814 	NET_INC_STATS_BH(LINUX_MIB_LISTENOVERFLOWS);
815 exit:
816 	NET_INC_STATS_BH(LINUX_MIB_LISTENDROPS);
817 	dst_release(dst);
818 	return NULL;
819 }
820 
821 static struct sock *dccp_v4_hnd_req(struct sock *sk, struct sk_buff *skb)
822 {
823 	const struct dccp_hdr *dh = dccp_hdr(skb);
824 	const struct iphdr *iph = skb->nh.iph;
825 	struct sock *nsk;
826 	struct request_sock **prev;
827 	/* Find possible connection requests. */
828 	struct request_sock *req = inet_csk_search_req(sk, &prev,
829 						       dh->dccph_sport,
830 						       iph->saddr, iph->daddr);
831 	if (req != NULL)
832 		return dccp_check_req(sk, skb, req, prev);
833 
834 	nsk = __inet_lookup_established(&dccp_hashinfo,
835 					iph->saddr, dh->dccph_sport,
836 					iph->daddr, ntohs(dh->dccph_dport),
837 					inet_iif(skb));
838 	if (nsk != NULL) {
839 		if (nsk->sk_state != DCCP_TIME_WAIT) {
840 			bh_lock_sock(nsk);
841 			return nsk;
842 		}
843 		inet_twsk_put((struct inet_timewait_sock *)nsk);
844 		return NULL;
845 	}
846 
847 	return sk;
848 }
849 
850 int dccp_v4_checksum(const struct sk_buff *skb, const u32 saddr,
851 		     const u32 daddr)
852 {
853 	const struct dccp_hdr* dh = dccp_hdr(skb);
854 	int checksum_len;
855 	u32 tmp;
856 
857 	if (dh->dccph_cscov == 0)
858 		checksum_len = skb->len;
859 	else {
860 		checksum_len = (dh->dccph_cscov + dh->dccph_x) * sizeof(u32);
861 		checksum_len = checksum_len < skb->len ? checksum_len :
862 							 skb->len;
863 	}
864 
865 	tmp = csum_partial((unsigned char *)dh, checksum_len, 0);
866 	return csum_tcpudp_magic(saddr, daddr, checksum_len,
867 				 IPPROTO_DCCP, tmp);
868 }
869 
870 static int dccp_v4_verify_checksum(struct sk_buff *skb,
871 				   const u32 saddr, const u32 daddr)
872 {
873 	struct dccp_hdr *dh = dccp_hdr(skb);
874 	int checksum_len;
875 	u32 tmp;
876 
877 	if (dh->dccph_cscov == 0)
878 		checksum_len = skb->len;
879 	else {
880 		checksum_len = (dh->dccph_cscov + dh->dccph_x) * sizeof(u32);
881 		checksum_len = checksum_len < skb->len ? checksum_len :
882 							 skb->len;
883 	}
884 	tmp = csum_partial((unsigned char *)dh, checksum_len, 0);
885 	return csum_tcpudp_magic(saddr, daddr, checksum_len,
886 				 IPPROTO_DCCP, tmp) == 0 ? 0 : -1;
887 }
888 
889 static struct dst_entry* dccp_v4_route_skb(struct sock *sk,
890 					   struct sk_buff *skb)
891 {
892 	struct rtable *rt;
893 	struct flowi fl = { .oif = ((struct rtable *)skb->dst)->rt_iif,
894 			    .nl_u = { .ip4_u =
895 				      { .daddr = skb->nh.iph->saddr,
896 					.saddr = skb->nh.iph->daddr,
897 					.tos = RT_CONN_FLAGS(sk) } },
898 			    .proto = sk->sk_protocol,
899 			    .uli_u = { .ports =
900 				       { .sport = dccp_hdr(skb)->dccph_dport,
901 					 .dport = dccp_hdr(skb)->dccph_sport }
902 			   	     }
903 			  };
904 
905 	if (ip_route_output_flow(&rt, &fl, sk, 0)) {
906 		IP_INC_STATS_BH(IPSTATS_MIB_OUTNOROUTES);
907 		return NULL;
908 	}
909 
910 	return &rt->u.dst;
911 }
912 
913 static void dccp_v4_ctl_send_reset(struct sk_buff *rxskb)
914 {
915 	int err;
916 	struct dccp_hdr *rxdh = dccp_hdr(rxskb), *dh;
917 	const int dccp_hdr_reset_len = sizeof(struct dccp_hdr) +
918 				       sizeof(struct dccp_hdr_ext) +
919 				       sizeof(struct dccp_hdr_reset);
920 	struct sk_buff *skb;
921 	struct dst_entry *dst;
922 	u64 seqno;
923 
924 	/* Never send a reset in response to a reset. */
925 	if (rxdh->dccph_type == DCCP_PKT_RESET)
926 		return;
927 
928 	if (((struct rtable *)rxskb->dst)->rt_type != RTN_LOCAL)
929 		return;
930 
931 	dst = dccp_v4_route_skb(dccp_ctl_socket->sk, rxskb);
932 	if (dst == NULL)
933 		return;
934 
935 	skb = alloc_skb(MAX_DCCP_HEADER + 15, GFP_ATOMIC);
936 	if (skb == NULL)
937 		goto out;
938 
939 	/* Reserve space for headers. */
940 	skb_reserve(skb, MAX_DCCP_HEADER);
941 	skb->dst = dst_clone(dst);
942 
943 	skb->h.raw = skb_push(skb, dccp_hdr_reset_len);
944 	dh = dccp_hdr(skb);
945 	memset(dh, 0, dccp_hdr_reset_len);
946 
947 	/* Build DCCP header and checksum it. */
948 	dh->dccph_type	   = DCCP_PKT_RESET;
949 	dh->dccph_sport	   = rxdh->dccph_dport;
950 	dh->dccph_dport	   = rxdh->dccph_sport;
951 	dh->dccph_doff	   = dccp_hdr_reset_len / 4;
952 	dh->dccph_x	   = 1;
953 	dccp_hdr_reset(skb)->dccph_reset_code =
954 				DCCP_SKB_CB(rxskb)->dccpd_reset_code;
955 
956 	/* See "8.3.1. Abnormal Termination" in draft-ietf-dccp-spec-11 */
957 	seqno = 0;
958 	if (DCCP_SKB_CB(rxskb)->dccpd_ack_seq != DCCP_PKT_WITHOUT_ACK_SEQ)
959 		dccp_set_seqno(&seqno, DCCP_SKB_CB(rxskb)->dccpd_ack_seq + 1);
960 
961 	dccp_hdr_set_seq(dh, seqno);
962 	dccp_hdr_set_ack(dccp_hdr_ack_bits(skb),
963 			 DCCP_SKB_CB(rxskb)->dccpd_seq);
964 
965 	dh->dccph_checksum = dccp_v4_checksum(skb, rxskb->nh.iph->saddr,
966 					      rxskb->nh.iph->daddr);
967 
968 	bh_lock_sock(dccp_ctl_socket->sk);
969 	err = ip_build_and_send_pkt(skb, dccp_ctl_socket->sk,
970 				    rxskb->nh.iph->daddr,
971 				    rxskb->nh.iph->saddr, NULL);
972 	bh_unlock_sock(dccp_ctl_socket->sk);
973 
974 	if (err == NET_XMIT_CN || err == 0) {
975 		DCCP_INC_STATS_BH(DCCP_MIB_OUTSEGS);
976 		DCCP_INC_STATS_BH(DCCP_MIB_OUTRSTS);
977 	}
978 out:
979 	 dst_release(dst);
980 }
981 
982 int dccp_v4_do_rcv(struct sock *sk, struct sk_buff *skb)
983 {
984 	struct dccp_hdr *dh = dccp_hdr(skb);
985 
986 	if (sk->sk_state == DCCP_OPEN) { /* Fast path */
987 		if (dccp_rcv_established(sk, skb, dh, skb->len))
988 			goto reset;
989 		return 0;
990 	}
991 
992 	/*
993 	 *  Step 3: Process LISTEN state
994 	 *     If S.state == LISTEN,
995 	 *	  If P.type == Request or P contains a valid Init Cookie
996 	 *	  	option,
997 	 *	     * Must scan the packet's options to check for an Init
998 	 *		Cookie.  Only the Init Cookie is processed here,
999 	 *		however; other options are processed in Step 8.  This
1000 	 *		scan need only be performed if the endpoint uses Init
1001 	 *		Cookies *
1002 	 *	     * Generate a new socket and switch to that socket *
1003 	 *	     Set S := new socket for this port pair
1004 	 *	     S.state = RESPOND
1005 	 *	     Choose S.ISS (initial seqno) or set from Init Cookie
1006 	 *	     Set S.ISR, S.GSR, S.SWL, S.SWH from packet or Init Cookie
1007 	 *	     Continue with S.state == RESPOND
1008 	 *	     * A Response packet will be generated in Step 11 *
1009 	 *	  Otherwise,
1010 	 *	     Generate Reset(No Connection) unless P.type == Reset
1011 	 *	     Drop packet and return
1012 	 *
1013 	 * NOTE: the check for the packet types is done in
1014 	 *	 dccp_rcv_state_process
1015 	 */
1016 	if (sk->sk_state == DCCP_LISTEN) {
1017 		struct sock *nsk = dccp_v4_hnd_req(sk, skb);
1018 
1019 		if (nsk == NULL)
1020 			goto discard;
1021 
1022 		if (nsk != sk) {
1023 			if (dccp_child_process(sk, nsk, skb))
1024 				goto reset;
1025 			return 0;
1026 		}
1027 	}
1028 
1029 	if (dccp_rcv_state_process(sk, skb, dh, skb->len))
1030 		goto reset;
1031 	return 0;
1032 
1033 reset:
1034 	dccp_v4_ctl_send_reset(skb);
1035 discard:
1036 	kfree_skb(skb);
1037 	return 0;
1038 }
1039 
1040 static inline int dccp_invalid_packet(struct sk_buff *skb)
1041 {
1042 	const struct dccp_hdr *dh;
1043 
1044 	if (skb->pkt_type != PACKET_HOST)
1045 		return 1;
1046 
1047 	if (!pskb_may_pull(skb, sizeof(struct dccp_hdr))) {
1048 		LIMIT_NETDEBUG(KERN_WARNING "DCCP: pskb_may_pull failed\n");
1049 		return 1;
1050 	}
1051 
1052 	dh = dccp_hdr(skb);
1053 
1054 	/* If the packet type is not understood, drop packet and return */
1055 	if (dh->dccph_type >= DCCP_PKT_INVALID) {
1056 		LIMIT_NETDEBUG(KERN_WARNING "DCCP: invalid packet type\n");
1057 		return 1;
1058 	}
1059 
1060 	/*
1061 	 * If P.Data Offset is too small for packet type, or too large for
1062 	 * packet, drop packet and return
1063 	 */
1064 	if (dh->dccph_doff < dccp_hdr_len(skb) / sizeof(u32)) {
1065 		LIMIT_NETDEBUG(KERN_WARNING "DCCP: P.Data Offset(%u) "
1066 					    "too small 1\n",
1067 			       dh->dccph_doff);
1068 		return 1;
1069 	}
1070 
1071 	if (!pskb_may_pull(skb, dh->dccph_doff * sizeof(u32))) {
1072 		LIMIT_NETDEBUG(KERN_WARNING "DCCP: P.Data Offset(%u) "
1073 					    "too small 2\n",
1074 			       dh->dccph_doff);
1075 		return 1;
1076 	}
1077 
1078 	dh = dccp_hdr(skb);
1079 
1080 	/*
1081 	 * If P.type is not Data, Ack, or DataAck and P.X == 0 (the packet
1082 	 * has short sequence numbers), drop packet and return
1083 	 */
1084 	if (dh->dccph_x == 0 &&
1085 	    dh->dccph_type != DCCP_PKT_DATA &&
1086 	    dh->dccph_type != DCCP_PKT_ACK &&
1087 	    dh->dccph_type != DCCP_PKT_DATAACK) {
1088 		LIMIT_NETDEBUG(KERN_WARNING "DCCP: P.type (%s) not Data, Ack "
1089 					    "nor DataAck and P.X == 0\n",
1090 			       dccp_packet_name(dh->dccph_type));
1091 		return 1;
1092 	}
1093 
1094 	/* If the header checksum is incorrect, drop packet and return */
1095 	if (dccp_v4_verify_checksum(skb, skb->nh.iph->saddr,
1096 				    skb->nh.iph->daddr) < 0) {
1097 		LIMIT_NETDEBUG(KERN_WARNING "DCCP: header checksum is "
1098 					    "incorrect\n");
1099 		return 1;
1100 	}
1101 
1102 	return 0;
1103 }
1104 
1105 /* this is called when real data arrives */
1106 int dccp_v4_rcv(struct sk_buff *skb)
1107 {
1108 	const struct dccp_hdr *dh;
1109 	struct sock *sk;
1110 	int rc;
1111 
1112 	/* Step 1: Check header basics: */
1113 
1114 	if (dccp_invalid_packet(skb))
1115 		goto discard_it;
1116 
1117 	dh = dccp_hdr(skb);
1118 
1119 	DCCP_SKB_CB(skb)->dccpd_seq  = dccp_hdr_seq(skb);
1120 	DCCP_SKB_CB(skb)->dccpd_type = dh->dccph_type;
1121 
1122 	dccp_pr_debug("%8.8s "
1123 		      "src=%u.%u.%u.%u@%-5d "
1124 		      "dst=%u.%u.%u.%u@%-5d seq=%llu",
1125 		      dccp_packet_name(dh->dccph_type),
1126 		      NIPQUAD(skb->nh.iph->saddr), ntohs(dh->dccph_sport),
1127 		      NIPQUAD(skb->nh.iph->daddr), ntohs(dh->dccph_dport),
1128 		      (unsigned long long) DCCP_SKB_CB(skb)->dccpd_seq);
1129 
1130 	if (dccp_packet_without_ack(skb)) {
1131 		DCCP_SKB_CB(skb)->dccpd_ack_seq = DCCP_PKT_WITHOUT_ACK_SEQ;
1132 		dccp_pr_debug_cat("\n");
1133 	} else {
1134 		DCCP_SKB_CB(skb)->dccpd_ack_seq = dccp_hdr_ack_seq(skb);
1135 		dccp_pr_debug_cat(", ack=%llu\n",
1136 				  (unsigned long long)
1137 				  DCCP_SKB_CB(skb)->dccpd_ack_seq);
1138 	}
1139 
1140 	/* Step 2:
1141 	 * 	Look up flow ID in table and get corresponding socket */
1142 	sk = __inet_lookup(&dccp_hashinfo,
1143 			   skb->nh.iph->saddr, dh->dccph_sport,
1144 			   skb->nh.iph->daddr, ntohs(dh->dccph_dport),
1145 			   inet_iif(skb));
1146 
1147 	/*
1148 	 * Step 2:
1149 	 * 	If no socket ...
1150 	 *		Generate Reset(No Connection) unless P.type == Reset
1151 	 *		Drop packet and return
1152 	 */
1153 	if (sk == NULL) {
1154 		dccp_pr_debug("failed to look up flow ID in table and "
1155 			      "get corresponding socket\n");
1156 		goto no_dccp_socket;
1157 	}
1158 
1159 	/*
1160 	 * Step 2:
1161 	 * 	... or S.state == TIMEWAIT,
1162 	 *		Generate Reset(No Connection) unless P.type == Reset
1163 	 *		Drop packet and return
1164 	 */
1165 
1166 	if (sk->sk_state == DCCP_TIME_WAIT) {
1167 		dccp_pr_debug("sk->sk_state == DCCP_TIME_WAIT: "
1168 			      "do_time_wait\n");
1169                 goto do_time_wait;
1170 	}
1171 
1172 	if (!xfrm4_policy_check(sk, XFRM_POLICY_IN, skb)) {
1173 		dccp_pr_debug("xfrm4_policy_check failed\n");
1174 		goto discard_and_relse;
1175 	}
1176 
1177         if (sk_filter(sk, skb, 0)) {
1178 		dccp_pr_debug("sk_filter failed\n");
1179                 goto discard_and_relse;
1180 	}
1181 
1182 	skb->dev = NULL;
1183 
1184 	bh_lock_sock(sk);
1185 	rc = 0;
1186 	if (!sock_owned_by_user(sk))
1187 		rc = dccp_v4_do_rcv(sk, skb);
1188 	else
1189 		sk_add_backlog(sk, skb);
1190 	bh_unlock_sock(sk);
1191 
1192 	sock_put(sk);
1193 	return rc;
1194 
1195 no_dccp_socket:
1196 	if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb))
1197 		goto discard_it;
1198 	/*
1199 	 * Step 2:
1200 	 *		Generate Reset(No Connection) unless P.type == Reset
1201 	 *		Drop packet and return
1202 	 */
1203 	if (dh->dccph_type != DCCP_PKT_RESET) {
1204 		DCCP_SKB_CB(skb)->dccpd_reset_code =
1205 					DCCP_RESET_CODE_NO_CONNECTION;
1206 		dccp_v4_ctl_send_reset(skb);
1207 	}
1208 
1209 discard_it:
1210 	/* Discard frame. */
1211 	kfree_skb(skb);
1212 	return 0;
1213 
1214 discard_and_relse:
1215 	sock_put(sk);
1216 	goto discard_it;
1217 
1218 do_time_wait:
1219 	inet_twsk_put((struct inet_timewait_sock *)sk);
1220 	goto no_dccp_socket;
1221 }
1222 
1223 static int dccp_v4_init_sock(struct sock *sk)
1224 {
1225 	struct dccp_sock *dp = dccp_sk(sk);
1226 	static int dccp_ctl_socket_init = 1;
1227 
1228 	dccp_options_init(&dp->dccps_options);
1229 	do_gettimeofday(&dp->dccps_epoch);
1230 
1231 	if (dp->dccps_options.dccpo_send_ack_vector) {
1232 		dp->dccps_hc_rx_ackvec = dccp_ackvec_alloc(DCCP_MAX_ACKVEC_LEN,
1233 							   GFP_KERNEL);
1234 		if (dp->dccps_hc_rx_ackvec == NULL)
1235 			return -ENOMEM;
1236 	}
1237 
1238 	/*
1239 	 * FIXME: We're hardcoding the CCID, and doing this at this point makes
1240 	 * the listening (master) sock get CCID control blocks, which is not
1241 	 * necessary, but for now, to not mess with the test userspace apps,
1242 	 * lets leave it here, later the real solution is to do this in a
1243 	 * setsockopt(CCIDs-I-want/accept). -acme
1244 	 */
1245 	if (likely(!dccp_ctl_socket_init)) {
1246 		dp->dccps_hc_rx_ccid = ccid_init(dp->dccps_options.dccpo_rx_ccid,
1247 						 sk);
1248 		dp->dccps_hc_tx_ccid = ccid_init(dp->dccps_options.dccpo_tx_ccid,
1249 						 sk);
1250 	    	if (dp->dccps_hc_rx_ccid == NULL ||
1251 		    dp->dccps_hc_tx_ccid == NULL) {
1252 			ccid_exit(dp->dccps_hc_rx_ccid, sk);
1253 			ccid_exit(dp->dccps_hc_tx_ccid, sk);
1254 			if (dp->dccps_options.dccpo_send_ack_vector) {
1255 				dccp_ackvec_free(dp->dccps_hc_rx_ackvec);
1256 				dp->dccps_hc_rx_ackvec = NULL;
1257 			}
1258 			dp->dccps_hc_rx_ccid = dp->dccps_hc_tx_ccid = NULL;
1259 			return -ENOMEM;
1260 		}
1261 	} else
1262 		dccp_ctl_socket_init = 0;
1263 
1264 	dccp_init_xmit_timers(sk);
1265 	inet_csk(sk)->icsk_rto = DCCP_TIMEOUT_INIT;
1266 	sk->sk_state = DCCP_CLOSED;
1267 	sk->sk_write_space = dccp_write_space;
1268 	dp->dccps_mss_cache = 536;
1269 	dp->dccps_role = DCCP_ROLE_UNDEFINED;
1270 	dp->dccps_service = DCCP_SERVICE_INVALID_VALUE;
1271 
1272 	return 0;
1273 }
1274 
1275 static int dccp_v4_destroy_sock(struct sock *sk)
1276 {
1277 	struct dccp_sock *dp = dccp_sk(sk);
1278 
1279 	/*
1280 	 * DCCP doesn't use sk_qrite_queue, just sk_send_head
1281 	 * for retransmissions
1282 	 */
1283 	if (sk->sk_send_head != NULL) {
1284 		kfree_skb(sk->sk_send_head);
1285 		sk->sk_send_head = NULL;
1286 	}
1287 
1288 	/* Clean up a referenced DCCP bind bucket. */
1289 	if (inet_csk(sk)->icsk_bind_hash != NULL)
1290 		inet_put_port(&dccp_hashinfo, sk);
1291 
1292 	if (dp->dccps_service_list != NULL) {
1293 		kfree(dp->dccps_service_list);
1294 		dp->dccps_service_list = NULL;
1295 	}
1296 
1297 	ccid_hc_rx_exit(dp->dccps_hc_rx_ccid, sk);
1298 	ccid_hc_tx_exit(dp->dccps_hc_tx_ccid, sk);
1299 	if (dp->dccps_options.dccpo_send_ack_vector) {
1300 		dccp_ackvec_free(dp->dccps_hc_rx_ackvec);
1301 		dp->dccps_hc_rx_ackvec = NULL;
1302 	}
1303 	ccid_exit(dp->dccps_hc_rx_ccid, sk);
1304 	ccid_exit(dp->dccps_hc_tx_ccid, sk);
1305 	dp->dccps_hc_rx_ccid = dp->dccps_hc_tx_ccid = NULL;
1306 
1307 	return 0;
1308 }
1309 
1310 static void dccp_v4_reqsk_destructor(struct request_sock *req)
1311 {
1312 	kfree(inet_rsk(req)->opt);
1313 }
1314 
1315 static struct request_sock_ops dccp_request_sock_ops = {
1316 	.family		= PF_INET,
1317 	.obj_size	= sizeof(struct dccp_request_sock),
1318 	.rtx_syn_ack	= dccp_v4_send_response,
1319 	.send_ack	= dccp_v4_reqsk_send_ack,
1320 	.destructor	= dccp_v4_reqsk_destructor,
1321 	.send_reset	= dccp_v4_ctl_send_reset,
1322 };
1323 
1324 struct proto dccp_v4_prot = {
1325 	.name			= "DCCP",
1326 	.owner			= THIS_MODULE,
1327 	.close			= dccp_close,
1328 	.connect		= dccp_v4_connect,
1329 	.disconnect		= dccp_disconnect,
1330 	.ioctl			= dccp_ioctl,
1331 	.init			= dccp_v4_init_sock,
1332 	.setsockopt		= dccp_setsockopt,
1333 	.getsockopt		= dccp_getsockopt,
1334 	.sendmsg		= dccp_sendmsg,
1335 	.recvmsg		= dccp_recvmsg,
1336 	.backlog_rcv		= dccp_v4_do_rcv,
1337 	.hash			= dccp_v4_hash,
1338 	.unhash			= dccp_v4_unhash,
1339 	.accept			= inet_csk_accept,
1340 	.get_port		= dccp_v4_get_port,
1341 	.shutdown		= dccp_shutdown,
1342 	.destroy		= dccp_v4_destroy_sock,
1343 	.orphan_count		= &dccp_orphan_count,
1344 	.max_header		= MAX_DCCP_HEADER,
1345 	.obj_size		= sizeof(struct dccp_sock),
1346 	.rsk_prot		= &dccp_request_sock_ops,
1347 	.twsk_obj_size		= sizeof(struct inet_timewait_sock),
1348 };
1349