1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * DCCP over IPv6 4 * Linux INET6 implementation 5 * 6 * Based on net/dccp6/ipv6.c 7 * 8 * Arnaldo Carvalho de Melo <acme@ghostprotocols.net> 9 */ 10 11 #include <linux/module.h> 12 #include <linux/random.h> 13 #include <linux/slab.h> 14 #include <linux/xfrm.h> 15 #include <linux/string.h> 16 17 #include <net/addrconf.h> 18 #include <net/inet_common.h> 19 #include <net/inet_hashtables.h> 20 #include <net/inet_sock.h> 21 #include <net/inet6_connection_sock.h> 22 #include <net/inet6_hashtables.h> 23 #include <net/ip6_route.h> 24 #include <net/ipv6.h> 25 #include <net/protocol.h> 26 #include <net/transp_v6.h> 27 #include <net/ip6_checksum.h> 28 #include <net/xfrm.h> 29 #include <net/secure_seq.h> 30 #include <net/netns/generic.h> 31 #include <net/sock.h> 32 33 #include "dccp.h" 34 #include "ipv6.h" 35 #include "feat.h" 36 37 struct dccp_v6_pernet { 38 struct sock *v6_ctl_sk; 39 }; 40 41 static unsigned int dccp_v6_pernet_id __read_mostly; 42 43 /* The per-net v6_ctl_sk is used for sending RSTs and ACKs */ 44 45 static const struct inet_connection_sock_af_ops dccp_ipv6_mapped; 46 static const struct inet_connection_sock_af_ops dccp_ipv6_af_ops; 47 48 /* add pseudo-header to DCCP checksum stored in skb->csum */ 49 static inline __sum16 dccp_v6_csum_finish(struct sk_buff *skb, 50 const struct in6_addr *saddr, 51 const struct in6_addr *daddr) 52 { 53 return csum_ipv6_magic(saddr, daddr, skb->len, IPPROTO_DCCP, skb->csum); 54 } 55 56 static inline void dccp_v6_send_check(struct sock *sk, struct sk_buff *skb) 57 { 58 struct ipv6_pinfo *np = inet6_sk(sk); 59 struct dccp_hdr *dh = dccp_hdr(skb); 60 61 dccp_csum_outgoing(skb); 62 dh->dccph_checksum = dccp_v6_csum_finish(skb, &np->saddr, &sk->sk_v6_daddr); 63 } 64 65 static inline __u64 dccp_v6_init_sequence(struct sk_buff *skb) 66 { 67 return secure_dccpv6_sequence_number(ipv6_hdr(skb)->daddr.s6_addr32, 68 ipv6_hdr(skb)->saddr.s6_addr32, 69 dccp_hdr(skb)->dccph_dport, 70 dccp_hdr(skb)->dccph_sport ); 71 72 } 73 74 static int dccp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, 75 u8 type, u8 code, int offset, __be32 info) 76 { 77 const struct ipv6hdr *hdr; 78 const struct dccp_hdr *dh; 79 struct dccp_sock *dp; 80 struct ipv6_pinfo *np; 81 struct sock *sk; 82 int err; 83 __u64 seq; 84 struct net *net = dev_net(skb->dev); 85 86 if (!pskb_may_pull(skb, offset + sizeof(*dh))) 87 return -EINVAL; 88 dh = (struct dccp_hdr *)(skb->data + offset); 89 if (!pskb_may_pull(skb, offset + __dccp_basic_hdr_len(dh))) 90 return -EINVAL; 91 hdr = (const struct ipv6hdr *)skb->data; 92 dh = (struct dccp_hdr *)(skb->data + offset); 93 94 sk = __inet6_lookup_established(net, &dccp_hashinfo, 95 &hdr->daddr, dh->dccph_dport, 96 &hdr->saddr, ntohs(dh->dccph_sport), 97 inet6_iif(skb), 0); 98 99 if (!sk) { 100 __ICMP6_INC_STATS(net, __in6_dev_get(skb->dev), 101 ICMP6_MIB_INERRORS); 102 return -ENOENT; 103 } 104 105 if (sk->sk_state == DCCP_TIME_WAIT) { 106 inet_twsk_put(inet_twsk(sk)); 107 return 0; 108 } 109 seq = dccp_hdr_seq(dh); 110 if (sk->sk_state == DCCP_NEW_SYN_RECV) { 111 dccp_req_err(sk, seq); 112 return 0; 113 } 114 115 bh_lock_sock(sk); 116 if (sock_owned_by_user(sk)) 117 __NET_INC_STATS(net, LINUX_MIB_LOCKDROPPEDICMPS); 118 119 if (sk->sk_state == DCCP_CLOSED) 120 goto out; 121 122 dp = dccp_sk(sk); 123 if ((1 << sk->sk_state) & ~(DCCPF_REQUESTING | DCCPF_LISTEN) && 124 !between48(seq, dp->dccps_awl, dp->dccps_awh)) { 125 __NET_INC_STATS(net, LINUX_MIB_OUTOFWINDOWICMPS); 126 goto out; 127 } 128 129 np = inet6_sk(sk); 130 131 if (type == NDISC_REDIRECT) { 132 if (!sock_owned_by_user(sk)) { 133 struct dst_entry *dst = __sk_dst_check(sk, np->dst_cookie); 134 135 if (dst) 136 dst->ops->redirect(dst, sk, skb); 137 } 138 goto out; 139 } 140 141 if (type == ICMPV6_PKT_TOOBIG) { 142 struct dst_entry *dst = NULL; 143 144 if (!ip6_sk_accept_pmtu(sk)) 145 goto out; 146 147 if (sock_owned_by_user(sk)) 148 goto out; 149 if ((1 << sk->sk_state) & (DCCPF_LISTEN | DCCPF_CLOSED)) 150 goto out; 151 152 dst = inet6_csk_update_pmtu(sk, ntohl(info)); 153 if (!dst) 154 goto out; 155 156 if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) 157 dccp_sync_mss(sk, dst_mtu(dst)); 158 goto out; 159 } 160 161 icmpv6_err_convert(type, code, &err); 162 163 /* Might be for an request_sock */ 164 switch (sk->sk_state) { 165 case DCCP_REQUESTING: 166 case DCCP_RESPOND: /* Cannot happen. 167 It can, it SYNs are crossed. --ANK */ 168 if (!sock_owned_by_user(sk)) { 169 __DCCP_INC_STATS(DCCP_MIB_ATTEMPTFAILS); 170 sk->sk_err = err; 171 /* 172 * Wake people up to see the error 173 * (see connect in sock.c) 174 */ 175 sk_error_report(sk); 176 dccp_done(sk); 177 } else { 178 WRITE_ONCE(sk->sk_err_soft, err); 179 } 180 goto out; 181 } 182 183 if (!sock_owned_by_user(sk) && np->recverr) { 184 sk->sk_err = err; 185 sk_error_report(sk); 186 } else { 187 WRITE_ONCE(sk->sk_err_soft, err); 188 } 189 out: 190 bh_unlock_sock(sk); 191 sock_put(sk); 192 return 0; 193 } 194 195 196 static int dccp_v6_send_response(const struct sock *sk, struct request_sock *req) 197 { 198 struct inet_request_sock *ireq = inet_rsk(req); 199 struct ipv6_pinfo *np = inet6_sk(sk); 200 struct sk_buff *skb; 201 struct in6_addr *final_p, final; 202 struct flowi6 fl6; 203 int err = -1; 204 struct dst_entry *dst; 205 206 memset(&fl6, 0, sizeof(fl6)); 207 fl6.flowi6_proto = IPPROTO_DCCP; 208 fl6.daddr = ireq->ir_v6_rmt_addr; 209 fl6.saddr = ireq->ir_v6_loc_addr; 210 fl6.flowlabel = 0; 211 fl6.flowi6_oif = ireq->ir_iif; 212 fl6.fl6_dport = ireq->ir_rmt_port; 213 fl6.fl6_sport = htons(ireq->ir_num); 214 security_req_classify_flow(req, flowi6_to_flowi_common(&fl6)); 215 216 217 rcu_read_lock(); 218 final_p = fl6_update_dst(&fl6, rcu_dereference(np->opt), &final); 219 rcu_read_unlock(); 220 221 dst = ip6_dst_lookup_flow(sock_net(sk), sk, &fl6, final_p); 222 if (IS_ERR(dst)) { 223 err = PTR_ERR(dst); 224 dst = NULL; 225 goto done; 226 } 227 228 skb = dccp_make_response(sk, dst, req); 229 if (skb != NULL) { 230 struct dccp_hdr *dh = dccp_hdr(skb); 231 struct ipv6_txoptions *opt; 232 233 dh->dccph_checksum = dccp_v6_csum_finish(skb, 234 &ireq->ir_v6_loc_addr, 235 &ireq->ir_v6_rmt_addr); 236 fl6.daddr = ireq->ir_v6_rmt_addr; 237 rcu_read_lock(); 238 opt = ireq->ipv6_opt; 239 if (!opt) 240 opt = rcu_dereference(np->opt); 241 err = ip6_xmit(sk, skb, &fl6, READ_ONCE(sk->sk_mark), opt, 242 np->tclass, sk->sk_priority); 243 rcu_read_unlock(); 244 err = net_xmit_eval(err); 245 } 246 247 done: 248 dst_release(dst); 249 return err; 250 } 251 252 static void dccp_v6_reqsk_destructor(struct request_sock *req) 253 { 254 dccp_feat_list_purge(&dccp_rsk(req)->dreq_featneg); 255 kfree(inet_rsk(req)->ipv6_opt); 256 kfree_skb(inet_rsk(req)->pktopts); 257 } 258 259 static void dccp_v6_ctl_send_reset(const struct sock *sk, struct sk_buff *rxskb) 260 { 261 const struct ipv6hdr *rxip6h; 262 struct sk_buff *skb; 263 struct flowi6 fl6; 264 struct net *net = dev_net(skb_dst(rxskb)->dev); 265 struct dccp_v6_pernet *pn; 266 struct sock *ctl_sk; 267 struct dst_entry *dst; 268 269 if (dccp_hdr(rxskb)->dccph_type == DCCP_PKT_RESET) 270 return; 271 272 if (!ipv6_unicast_destination(rxskb)) 273 return; 274 275 pn = net_generic(net, dccp_v6_pernet_id); 276 ctl_sk = pn->v6_ctl_sk; 277 skb = dccp_ctl_make_reset(ctl_sk, rxskb); 278 if (skb == NULL) 279 return; 280 281 rxip6h = ipv6_hdr(rxskb); 282 dccp_hdr(skb)->dccph_checksum = dccp_v6_csum_finish(skb, &rxip6h->saddr, 283 &rxip6h->daddr); 284 285 memset(&fl6, 0, sizeof(fl6)); 286 fl6.daddr = rxip6h->saddr; 287 fl6.saddr = rxip6h->daddr; 288 289 fl6.flowi6_proto = IPPROTO_DCCP; 290 fl6.flowi6_oif = inet6_iif(rxskb); 291 fl6.fl6_dport = dccp_hdr(skb)->dccph_dport; 292 fl6.fl6_sport = dccp_hdr(skb)->dccph_sport; 293 security_skb_classify_flow(rxskb, flowi6_to_flowi_common(&fl6)); 294 295 /* sk = NULL, but it is safe for now. RST socket required. */ 296 dst = ip6_dst_lookup_flow(sock_net(ctl_sk), ctl_sk, &fl6, NULL); 297 if (!IS_ERR(dst)) { 298 skb_dst_set(skb, dst); 299 ip6_xmit(ctl_sk, skb, &fl6, 0, NULL, 0, 0); 300 DCCP_INC_STATS(DCCP_MIB_OUTSEGS); 301 DCCP_INC_STATS(DCCP_MIB_OUTRSTS); 302 return; 303 } 304 305 kfree_skb(skb); 306 } 307 308 static struct request_sock_ops dccp6_request_sock_ops = { 309 .family = AF_INET6, 310 .obj_size = sizeof(struct dccp6_request_sock), 311 .rtx_syn_ack = dccp_v6_send_response, 312 .send_ack = dccp_reqsk_send_ack, 313 .destructor = dccp_v6_reqsk_destructor, 314 .send_reset = dccp_v6_ctl_send_reset, 315 .syn_ack_timeout = dccp_syn_ack_timeout, 316 }; 317 318 static int dccp_v6_conn_request(struct sock *sk, struct sk_buff *skb) 319 { 320 struct request_sock *req; 321 struct dccp_request_sock *dreq; 322 struct inet_request_sock *ireq; 323 struct ipv6_pinfo *np = inet6_sk(sk); 324 const __be32 service = dccp_hdr_request(skb)->dccph_req_service; 325 struct dccp_skb_cb *dcb = DCCP_SKB_CB(skb); 326 327 if (skb->protocol == htons(ETH_P_IP)) 328 return dccp_v4_conn_request(sk, skb); 329 330 if (!ipv6_unicast_destination(skb)) 331 return 0; /* discard, don't send a reset here */ 332 333 if (ipv6_addr_v4mapped(&ipv6_hdr(skb)->saddr)) { 334 __IP6_INC_STATS(sock_net(sk), NULL, IPSTATS_MIB_INHDRERRORS); 335 return 0; 336 } 337 338 if (dccp_bad_service_code(sk, service)) { 339 dcb->dccpd_reset_code = DCCP_RESET_CODE_BAD_SERVICE_CODE; 340 goto drop; 341 } 342 /* 343 * There are no SYN attacks on IPv6, yet... 344 */ 345 dcb->dccpd_reset_code = DCCP_RESET_CODE_TOO_BUSY; 346 if (inet_csk_reqsk_queue_is_full(sk)) 347 goto drop; 348 349 if (sk_acceptq_is_full(sk)) 350 goto drop; 351 352 req = inet_reqsk_alloc(&dccp6_request_sock_ops, sk, true); 353 if (req == NULL) 354 goto drop; 355 356 if (dccp_reqsk_init(req, dccp_sk(sk), skb)) 357 goto drop_and_free; 358 359 dreq = dccp_rsk(req); 360 if (dccp_parse_options(sk, dreq, skb)) 361 goto drop_and_free; 362 363 ireq = inet_rsk(req); 364 ireq->ir_v6_rmt_addr = ipv6_hdr(skb)->saddr; 365 ireq->ir_v6_loc_addr = ipv6_hdr(skb)->daddr; 366 ireq->ireq_family = AF_INET6; 367 ireq->ir_mark = inet_request_mark(sk, skb); 368 369 if (security_inet_conn_request(sk, skb, req)) 370 goto drop_and_free; 371 372 if (ipv6_opt_accepted(sk, skb, IP6CB(skb)) || 373 np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo || 374 np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) { 375 refcount_inc(&skb->users); 376 ireq->pktopts = skb; 377 } 378 ireq->ir_iif = READ_ONCE(sk->sk_bound_dev_if); 379 380 /* So that link locals have meaning */ 381 if (!ireq->ir_iif && 382 ipv6_addr_type(&ireq->ir_v6_rmt_addr) & IPV6_ADDR_LINKLOCAL) 383 ireq->ir_iif = inet6_iif(skb); 384 385 /* 386 * Step 3: Process LISTEN state 387 * 388 * Set S.ISR, S.GSR, S.SWL, S.SWH from packet or Init Cookie 389 * 390 * Setting S.SWL/S.SWH to is deferred to dccp_create_openreq_child(). 391 */ 392 dreq->dreq_isr = dcb->dccpd_seq; 393 dreq->dreq_gsr = dreq->dreq_isr; 394 dreq->dreq_iss = dccp_v6_init_sequence(skb); 395 dreq->dreq_gss = dreq->dreq_iss; 396 dreq->dreq_service = service; 397 398 if (dccp_v6_send_response(sk, req)) 399 goto drop_and_free; 400 401 if (unlikely(!inet_csk_reqsk_queue_hash_add(sk, req, DCCP_TIMEOUT_INIT))) 402 reqsk_free(req); 403 else 404 reqsk_put(req); 405 406 return 0; 407 408 drop_and_free: 409 reqsk_free(req); 410 drop: 411 __DCCP_INC_STATS(DCCP_MIB_ATTEMPTFAILS); 412 return -1; 413 } 414 415 static struct sock *dccp_v6_request_recv_sock(const struct sock *sk, 416 struct sk_buff *skb, 417 struct request_sock *req, 418 struct dst_entry *dst, 419 struct request_sock *req_unhash, 420 bool *own_req) 421 { 422 struct inet_request_sock *ireq = inet_rsk(req); 423 struct ipv6_pinfo *newnp; 424 const struct ipv6_pinfo *np = inet6_sk(sk); 425 struct ipv6_txoptions *opt; 426 struct inet_sock *newinet; 427 struct dccp6_sock *newdp6; 428 struct sock *newsk; 429 430 if (skb->protocol == htons(ETH_P_IP)) { 431 /* 432 * v6 mapped 433 */ 434 newsk = dccp_v4_request_recv_sock(sk, skb, req, dst, 435 req_unhash, own_req); 436 if (newsk == NULL) 437 return NULL; 438 439 newdp6 = (struct dccp6_sock *)newsk; 440 newinet = inet_sk(newsk); 441 newinet->pinet6 = &newdp6->inet6; 442 newnp = inet6_sk(newsk); 443 444 memcpy(newnp, np, sizeof(struct ipv6_pinfo)); 445 446 newnp->saddr = newsk->sk_v6_rcv_saddr; 447 448 inet_csk(newsk)->icsk_af_ops = &dccp_ipv6_mapped; 449 newsk->sk_backlog_rcv = dccp_v4_do_rcv; 450 newnp->pktoptions = NULL; 451 newnp->opt = NULL; 452 newnp->ipv6_mc_list = NULL; 453 newnp->ipv6_ac_list = NULL; 454 newnp->ipv6_fl_list = NULL; 455 newnp->mcast_oif = inet_iif(skb); 456 newnp->mcast_hops = ip_hdr(skb)->ttl; 457 458 /* 459 * No need to charge this sock to the relevant IPv6 refcnt debug socks count 460 * here, dccp_create_openreq_child now does this for us, see the comment in 461 * that function for the gory details. -acme 462 */ 463 464 /* It is tricky place. Until this moment IPv4 tcp 465 worked with IPv6 icsk.icsk_af_ops. 466 Sync it now. 467 */ 468 dccp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie); 469 470 return newsk; 471 } 472 473 474 if (sk_acceptq_is_full(sk)) 475 goto out_overflow; 476 477 if (!dst) { 478 struct flowi6 fl6; 479 480 dst = inet6_csk_route_req(sk, &fl6, req, IPPROTO_DCCP); 481 if (!dst) 482 goto out; 483 } 484 485 newsk = dccp_create_openreq_child(sk, req, skb); 486 if (newsk == NULL) 487 goto out_nonewsk; 488 489 /* 490 * No need to charge this sock to the relevant IPv6 refcnt debug socks 491 * count here, dccp_create_openreq_child now does this for us, see the 492 * comment in that function for the gory details. -acme 493 */ 494 495 ip6_dst_store(newsk, dst, NULL, NULL); 496 newsk->sk_route_caps = dst->dev->features & ~(NETIF_F_IP_CSUM | 497 NETIF_F_TSO); 498 newdp6 = (struct dccp6_sock *)newsk; 499 newinet = inet_sk(newsk); 500 newinet->pinet6 = &newdp6->inet6; 501 newnp = inet6_sk(newsk); 502 503 memcpy(newnp, np, sizeof(struct ipv6_pinfo)); 504 505 newsk->sk_v6_daddr = ireq->ir_v6_rmt_addr; 506 newnp->saddr = ireq->ir_v6_loc_addr; 507 newsk->sk_v6_rcv_saddr = ireq->ir_v6_loc_addr; 508 newsk->sk_bound_dev_if = ireq->ir_iif; 509 510 /* Now IPv6 options... 511 512 First: no IPv4 options. 513 */ 514 newinet->inet_opt = NULL; 515 516 /* Clone RX bits */ 517 newnp->rxopt.all = np->rxopt.all; 518 519 newnp->ipv6_mc_list = NULL; 520 newnp->ipv6_ac_list = NULL; 521 newnp->ipv6_fl_list = NULL; 522 newnp->pktoptions = NULL; 523 newnp->opt = NULL; 524 newnp->mcast_oif = inet6_iif(skb); 525 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit; 526 527 /* 528 * Clone native IPv6 options from listening socket (if any) 529 * 530 * Yes, keeping reference count would be much more clever, but we make 531 * one more one thing there: reattach optmem to newsk. 532 */ 533 opt = ireq->ipv6_opt; 534 if (!opt) 535 opt = rcu_dereference(np->opt); 536 if (opt) { 537 opt = ipv6_dup_options(newsk, opt); 538 RCU_INIT_POINTER(newnp->opt, opt); 539 } 540 inet_csk(newsk)->icsk_ext_hdr_len = 0; 541 if (opt) 542 inet_csk(newsk)->icsk_ext_hdr_len = opt->opt_nflen + 543 opt->opt_flen; 544 545 dccp_sync_mss(newsk, dst_mtu(dst)); 546 547 newinet->inet_daddr = newinet->inet_saddr = LOOPBACK4_IPV6; 548 newinet->inet_rcv_saddr = LOOPBACK4_IPV6; 549 550 if (__inet_inherit_port(sk, newsk) < 0) { 551 inet_csk_prepare_forced_close(newsk); 552 dccp_done(newsk); 553 goto out; 554 } 555 *own_req = inet_ehash_nolisten(newsk, req_to_sk(req_unhash), NULL); 556 /* Clone pktoptions received with SYN, if we own the req */ 557 if (*own_req && ireq->pktopts) { 558 newnp->pktoptions = skb_clone_and_charge_r(ireq->pktopts, newsk); 559 consume_skb(ireq->pktopts); 560 ireq->pktopts = NULL; 561 } 562 563 return newsk; 564 565 out_overflow: 566 __NET_INC_STATS(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS); 567 out_nonewsk: 568 dst_release(dst); 569 out: 570 __NET_INC_STATS(sock_net(sk), LINUX_MIB_LISTENDROPS); 571 return NULL; 572 } 573 574 /* The socket must have it's spinlock held when we get 575 * here. 576 * 577 * We have a potential double-lock case here, so even when 578 * doing backlog processing we use the BH locking scheme. 579 * This is because we cannot sleep with the original spinlock 580 * held. 581 */ 582 static int dccp_v6_do_rcv(struct sock *sk, struct sk_buff *skb) 583 { 584 struct ipv6_pinfo *np = inet6_sk(sk); 585 struct sk_buff *opt_skb = NULL; 586 587 /* Imagine: socket is IPv6. IPv4 packet arrives, 588 goes to IPv4 receive handler and backlogged. 589 From backlog it always goes here. Kerboom... 590 Fortunately, dccp_rcv_established and rcv_established 591 handle them correctly, but it is not case with 592 dccp_v6_hnd_req and dccp_v6_ctl_send_reset(). --ANK 593 */ 594 595 if (skb->protocol == htons(ETH_P_IP)) 596 return dccp_v4_do_rcv(sk, skb); 597 598 if (sk_filter(sk, skb)) 599 goto discard; 600 601 /* 602 * socket locking is here for SMP purposes as backlog rcv is currently 603 * called with bh processing disabled. 604 */ 605 606 /* Do Stevens' IPV6_PKTOPTIONS. 607 608 Yes, guys, it is the only place in our code, where we 609 may make it not affecting IPv4. 610 The rest of code is protocol independent, 611 and I do not like idea to uglify IPv4. 612 613 Actually, all the idea behind IPV6_PKTOPTIONS 614 looks not very well thought. For now we latch 615 options, received in the last packet, enqueued 616 by tcp. Feel free to propose better solution. 617 --ANK (980728) 618 */ 619 if (np->rxopt.all) 620 opt_skb = skb_clone_and_charge_r(skb, sk); 621 622 if (sk->sk_state == DCCP_OPEN) { /* Fast path */ 623 if (dccp_rcv_established(sk, skb, dccp_hdr(skb), skb->len)) 624 goto reset; 625 if (opt_skb) 626 goto ipv6_pktoptions; 627 return 0; 628 } 629 630 /* 631 * Step 3: Process LISTEN state 632 * If S.state == LISTEN, 633 * If P.type == Request or P contains a valid Init Cookie option, 634 * (* Must scan the packet's options to check for Init 635 * Cookies. Only Init Cookies are processed here, 636 * however; other options are processed in Step 8. This 637 * scan need only be performed if the endpoint uses Init 638 * Cookies *) 639 * (* Generate a new socket and switch to that socket *) 640 * Set S := new socket for this port pair 641 * S.state = RESPOND 642 * Choose S.ISS (initial seqno) or set from Init Cookies 643 * Initialize S.GAR := S.ISS 644 * Set S.ISR, S.GSR, S.SWL, S.SWH from packet or Init Cookies 645 * Continue with S.state == RESPOND 646 * (* A Response packet will be generated in Step 11 *) 647 * Otherwise, 648 * Generate Reset(No Connection) unless P.type == Reset 649 * Drop packet and return 650 * 651 * NOTE: the check for the packet types is done in 652 * dccp_rcv_state_process 653 */ 654 655 if (dccp_rcv_state_process(sk, skb, dccp_hdr(skb), skb->len)) 656 goto reset; 657 if (opt_skb) 658 goto ipv6_pktoptions; 659 return 0; 660 661 reset: 662 dccp_v6_ctl_send_reset(sk, skb); 663 discard: 664 if (opt_skb != NULL) 665 __kfree_skb(opt_skb); 666 kfree_skb(skb); 667 return 0; 668 669 /* Handling IPV6_PKTOPTIONS skb the similar 670 * way it's done for net/ipv6/tcp_ipv6.c 671 */ 672 ipv6_pktoptions: 673 if (!((1 << sk->sk_state) & (DCCPF_CLOSED | DCCPF_LISTEN))) { 674 if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo) 675 np->mcast_oif = inet6_iif(opt_skb); 676 if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) 677 np->mcast_hops = ipv6_hdr(opt_skb)->hop_limit; 678 if (np->rxopt.bits.rxflow || np->rxopt.bits.rxtclass) 679 np->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(opt_skb)); 680 if (np->repflow) 681 np->flow_label = ip6_flowlabel(ipv6_hdr(opt_skb)); 682 if (ipv6_opt_accepted(sk, opt_skb, 683 &DCCP_SKB_CB(opt_skb)->header.h6)) { 684 memmove(IP6CB(opt_skb), 685 &DCCP_SKB_CB(opt_skb)->header.h6, 686 sizeof(struct inet6_skb_parm)); 687 opt_skb = xchg(&np->pktoptions, opt_skb); 688 } else { 689 __kfree_skb(opt_skb); 690 opt_skb = xchg(&np->pktoptions, NULL); 691 } 692 } 693 694 kfree_skb(opt_skb); 695 return 0; 696 } 697 698 static int dccp_v6_rcv(struct sk_buff *skb) 699 { 700 const struct dccp_hdr *dh; 701 bool refcounted; 702 struct sock *sk; 703 int min_cov; 704 705 /* Step 1: Check header basics */ 706 707 if (dccp_invalid_packet(skb)) 708 goto discard_it; 709 710 /* Step 1: If header checksum is incorrect, drop packet and return. */ 711 if (dccp_v6_csum_finish(skb, &ipv6_hdr(skb)->saddr, 712 &ipv6_hdr(skb)->daddr)) { 713 DCCP_WARN("dropped packet with invalid checksum\n"); 714 goto discard_it; 715 } 716 717 dh = dccp_hdr(skb); 718 719 DCCP_SKB_CB(skb)->dccpd_seq = dccp_hdr_seq(dh); 720 DCCP_SKB_CB(skb)->dccpd_type = dh->dccph_type; 721 722 if (dccp_packet_without_ack(skb)) 723 DCCP_SKB_CB(skb)->dccpd_ack_seq = DCCP_PKT_WITHOUT_ACK_SEQ; 724 else 725 DCCP_SKB_CB(skb)->dccpd_ack_seq = dccp_hdr_ack_seq(skb); 726 727 lookup: 728 sk = __inet6_lookup_skb(&dccp_hashinfo, skb, __dccp_hdr_len(dh), 729 dh->dccph_sport, dh->dccph_dport, 730 inet6_iif(skb), 0, &refcounted); 731 if (!sk) { 732 dccp_pr_debug("failed to look up flow ID in table and " 733 "get corresponding socket\n"); 734 goto no_dccp_socket; 735 } 736 737 /* 738 * Step 2: 739 * ... or S.state == TIMEWAIT, 740 * Generate Reset(No Connection) unless P.type == Reset 741 * Drop packet and return 742 */ 743 if (sk->sk_state == DCCP_TIME_WAIT) { 744 dccp_pr_debug("sk->sk_state == DCCP_TIME_WAIT: do_time_wait\n"); 745 inet_twsk_put(inet_twsk(sk)); 746 goto no_dccp_socket; 747 } 748 749 if (sk->sk_state == DCCP_NEW_SYN_RECV) { 750 struct request_sock *req = inet_reqsk(sk); 751 struct sock *nsk; 752 753 sk = req->rsk_listener; 754 if (unlikely(sk->sk_state != DCCP_LISTEN)) { 755 inet_csk_reqsk_queue_drop_and_put(sk, req); 756 goto lookup; 757 } 758 sock_hold(sk); 759 refcounted = true; 760 nsk = dccp_check_req(sk, skb, req); 761 if (!nsk) { 762 reqsk_put(req); 763 goto discard_and_relse; 764 } 765 if (nsk == sk) { 766 reqsk_put(req); 767 } else if (dccp_child_process(sk, nsk, skb)) { 768 dccp_v6_ctl_send_reset(sk, skb); 769 goto discard_and_relse; 770 } else { 771 sock_put(sk); 772 return 0; 773 } 774 } 775 /* 776 * RFC 4340, sec. 9.2.1: Minimum Checksum Coverage 777 * o if MinCsCov = 0, only packets with CsCov = 0 are accepted 778 * o if MinCsCov > 0, also accept packets with CsCov >= MinCsCov 779 */ 780 min_cov = dccp_sk(sk)->dccps_pcrlen; 781 if (dh->dccph_cscov && (min_cov == 0 || dh->dccph_cscov < min_cov)) { 782 dccp_pr_debug("Packet CsCov %d does not satisfy MinCsCov %d\n", 783 dh->dccph_cscov, min_cov); 784 /* FIXME: send Data Dropped option (see also dccp_v4_rcv) */ 785 goto discard_and_relse; 786 } 787 788 if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb)) 789 goto discard_and_relse; 790 nf_reset_ct(skb); 791 792 return __sk_receive_skb(sk, skb, 1, dh->dccph_doff * 4, 793 refcounted) ? -1 : 0; 794 795 no_dccp_socket: 796 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) 797 goto discard_it; 798 /* 799 * Step 2: 800 * If no socket ... 801 * Generate Reset(No Connection) unless P.type == Reset 802 * Drop packet and return 803 */ 804 if (dh->dccph_type != DCCP_PKT_RESET) { 805 DCCP_SKB_CB(skb)->dccpd_reset_code = 806 DCCP_RESET_CODE_NO_CONNECTION; 807 dccp_v6_ctl_send_reset(sk, skb); 808 } 809 810 discard_it: 811 kfree_skb(skb); 812 return 0; 813 814 discard_and_relse: 815 if (refcounted) 816 sock_put(sk); 817 goto discard_it; 818 } 819 820 static int dccp_v6_connect(struct sock *sk, struct sockaddr *uaddr, 821 int addr_len) 822 { 823 struct sockaddr_in6 *usin = (struct sockaddr_in6 *)uaddr; 824 struct inet_connection_sock *icsk = inet_csk(sk); 825 struct inet_sock *inet = inet_sk(sk); 826 struct ipv6_pinfo *np = inet6_sk(sk); 827 struct dccp_sock *dp = dccp_sk(sk); 828 struct in6_addr *saddr = NULL, *final_p, final; 829 struct ipv6_txoptions *opt; 830 struct flowi6 fl6; 831 struct dst_entry *dst; 832 int addr_type; 833 int err; 834 835 dp->dccps_role = DCCP_ROLE_CLIENT; 836 837 if (addr_len < SIN6_LEN_RFC2133) 838 return -EINVAL; 839 840 if (usin->sin6_family != AF_INET6) 841 return -EAFNOSUPPORT; 842 843 memset(&fl6, 0, sizeof(fl6)); 844 845 if (np->sndflow) { 846 fl6.flowlabel = usin->sin6_flowinfo & IPV6_FLOWINFO_MASK; 847 IP6_ECN_flow_init(fl6.flowlabel); 848 if (fl6.flowlabel & IPV6_FLOWLABEL_MASK) { 849 struct ip6_flowlabel *flowlabel; 850 flowlabel = fl6_sock_lookup(sk, fl6.flowlabel); 851 if (IS_ERR(flowlabel)) 852 return -EINVAL; 853 fl6_sock_release(flowlabel); 854 } 855 } 856 /* 857 * connect() to INADDR_ANY means loopback (BSD'ism). 858 */ 859 if (ipv6_addr_any(&usin->sin6_addr)) 860 usin->sin6_addr.s6_addr[15] = 1; 861 862 addr_type = ipv6_addr_type(&usin->sin6_addr); 863 864 if (addr_type & IPV6_ADDR_MULTICAST) 865 return -ENETUNREACH; 866 867 if (addr_type & IPV6_ADDR_LINKLOCAL) { 868 if (addr_len >= sizeof(struct sockaddr_in6) && 869 usin->sin6_scope_id) { 870 /* If interface is set while binding, indices 871 * must coincide. 872 */ 873 if (sk->sk_bound_dev_if && 874 sk->sk_bound_dev_if != usin->sin6_scope_id) 875 return -EINVAL; 876 877 sk->sk_bound_dev_if = usin->sin6_scope_id; 878 } 879 880 /* Connect to link-local address requires an interface */ 881 if (!sk->sk_bound_dev_if) 882 return -EINVAL; 883 } 884 885 sk->sk_v6_daddr = usin->sin6_addr; 886 np->flow_label = fl6.flowlabel; 887 888 /* 889 * DCCP over IPv4 890 */ 891 if (addr_type == IPV6_ADDR_MAPPED) { 892 u32 exthdrlen = icsk->icsk_ext_hdr_len; 893 struct sockaddr_in sin; 894 895 SOCK_DEBUG(sk, "connect: ipv4 mapped\n"); 896 897 if (ipv6_only_sock(sk)) 898 return -ENETUNREACH; 899 900 sin.sin_family = AF_INET; 901 sin.sin_port = usin->sin6_port; 902 sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3]; 903 904 icsk->icsk_af_ops = &dccp_ipv6_mapped; 905 sk->sk_backlog_rcv = dccp_v4_do_rcv; 906 907 err = dccp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin)); 908 if (err) { 909 icsk->icsk_ext_hdr_len = exthdrlen; 910 icsk->icsk_af_ops = &dccp_ipv6_af_ops; 911 sk->sk_backlog_rcv = dccp_v6_do_rcv; 912 goto failure; 913 } 914 np->saddr = sk->sk_v6_rcv_saddr; 915 return err; 916 } 917 918 if (!ipv6_addr_any(&sk->sk_v6_rcv_saddr)) 919 saddr = &sk->sk_v6_rcv_saddr; 920 921 fl6.flowi6_proto = IPPROTO_DCCP; 922 fl6.daddr = sk->sk_v6_daddr; 923 fl6.saddr = saddr ? *saddr : np->saddr; 924 fl6.flowi6_oif = sk->sk_bound_dev_if; 925 fl6.fl6_dport = usin->sin6_port; 926 fl6.fl6_sport = inet->inet_sport; 927 security_sk_classify_flow(sk, flowi6_to_flowi_common(&fl6)); 928 929 opt = rcu_dereference_protected(np->opt, lockdep_sock_is_held(sk)); 930 final_p = fl6_update_dst(&fl6, opt, &final); 931 932 dst = ip6_dst_lookup_flow(sock_net(sk), sk, &fl6, final_p); 933 if (IS_ERR(dst)) { 934 err = PTR_ERR(dst); 935 goto failure; 936 } 937 938 if (saddr == NULL) { 939 saddr = &fl6.saddr; 940 941 err = inet_bhash2_update_saddr(sk, saddr, AF_INET6); 942 if (err) 943 goto failure; 944 } 945 946 /* set the source address */ 947 np->saddr = *saddr; 948 inet->inet_rcv_saddr = LOOPBACK4_IPV6; 949 950 ip6_dst_store(sk, dst, NULL, NULL); 951 952 icsk->icsk_ext_hdr_len = 0; 953 if (opt) 954 icsk->icsk_ext_hdr_len = opt->opt_flen + opt->opt_nflen; 955 956 inet->inet_dport = usin->sin6_port; 957 958 dccp_set_state(sk, DCCP_REQUESTING); 959 err = inet6_hash_connect(&dccp_death_row, sk); 960 if (err) 961 goto late_failure; 962 963 dp->dccps_iss = secure_dccpv6_sequence_number(np->saddr.s6_addr32, 964 sk->sk_v6_daddr.s6_addr32, 965 inet->inet_sport, 966 inet->inet_dport); 967 err = dccp_connect(sk); 968 if (err) 969 goto late_failure; 970 971 return 0; 972 973 late_failure: 974 dccp_set_state(sk, DCCP_CLOSED); 975 inet_bhash2_reset_saddr(sk); 976 __sk_dst_reset(sk); 977 failure: 978 inet->inet_dport = 0; 979 sk->sk_route_caps = 0; 980 return err; 981 } 982 983 static const struct inet_connection_sock_af_ops dccp_ipv6_af_ops = { 984 .queue_xmit = inet6_csk_xmit, 985 .send_check = dccp_v6_send_check, 986 .rebuild_header = inet6_sk_rebuild_header, 987 .conn_request = dccp_v6_conn_request, 988 .syn_recv_sock = dccp_v6_request_recv_sock, 989 .net_header_len = sizeof(struct ipv6hdr), 990 .setsockopt = ipv6_setsockopt, 991 .getsockopt = ipv6_getsockopt, 992 .addr2sockaddr = inet6_csk_addr2sockaddr, 993 .sockaddr_len = sizeof(struct sockaddr_in6), 994 }; 995 996 /* 997 * DCCP over IPv4 via INET6 API 998 */ 999 static const struct inet_connection_sock_af_ops dccp_ipv6_mapped = { 1000 .queue_xmit = ip_queue_xmit, 1001 .send_check = dccp_v4_send_check, 1002 .rebuild_header = inet_sk_rebuild_header, 1003 .conn_request = dccp_v6_conn_request, 1004 .syn_recv_sock = dccp_v6_request_recv_sock, 1005 .net_header_len = sizeof(struct iphdr), 1006 .setsockopt = ipv6_setsockopt, 1007 .getsockopt = ipv6_getsockopt, 1008 .addr2sockaddr = inet6_csk_addr2sockaddr, 1009 .sockaddr_len = sizeof(struct sockaddr_in6), 1010 }; 1011 1012 static void dccp_v6_sk_destruct(struct sock *sk) 1013 { 1014 dccp_destruct_common(sk); 1015 inet6_sock_destruct(sk); 1016 } 1017 1018 /* NOTE: A lot of things set to zero explicitly by call to 1019 * sk_alloc() so need not be done here. 1020 */ 1021 static int dccp_v6_init_sock(struct sock *sk) 1022 { 1023 static __u8 dccp_v6_ctl_sock_initialized; 1024 int err = dccp_init_sock(sk, dccp_v6_ctl_sock_initialized); 1025 1026 if (err == 0) { 1027 if (unlikely(!dccp_v6_ctl_sock_initialized)) 1028 dccp_v6_ctl_sock_initialized = 1; 1029 inet_csk(sk)->icsk_af_ops = &dccp_ipv6_af_ops; 1030 sk->sk_destruct = dccp_v6_sk_destruct; 1031 } 1032 1033 return err; 1034 } 1035 1036 static struct timewait_sock_ops dccp6_timewait_sock_ops = { 1037 .twsk_obj_size = sizeof(struct dccp6_timewait_sock), 1038 }; 1039 1040 static struct proto dccp_v6_prot = { 1041 .name = "DCCPv6", 1042 .owner = THIS_MODULE, 1043 .close = dccp_close, 1044 .connect = dccp_v6_connect, 1045 .disconnect = dccp_disconnect, 1046 .ioctl = dccp_ioctl, 1047 .init = dccp_v6_init_sock, 1048 .setsockopt = dccp_setsockopt, 1049 .getsockopt = dccp_getsockopt, 1050 .sendmsg = dccp_sendmsg, 1051 .recvmsg = dccp_recvmsg, 1052 .backlog_rcv = dccp_v6_do_rcv, 1053 .hash = inet6_hash, 1054 .unhash = inet_unhash, 1055 .accept = inet_csk_accept, 1056 .get_port = inet_csk_get_port, 1057 .shutdown = dccp_shutdown, 1058 .destroy = dccp_destroy_sock, 1059 .orphan_count = &dccp_orphan_count, 1060 .max_header = MAX_DCCP_HEADER, 1061 .obj_size = sizeof(struct dccp6_sock), 1062 .ipv6_pinfo_offset = offsetof(struct dccp6_sock, inet6), 1063 .slab_flags = SLAB_TYPESAFE_BY_RCU, 1064 .rsk_prot = &dccp6_request_sock_ops, 1065 .twsk_prot = &dccp6_timewait_sock_ops, 1066 .h.hashinfo = &dccp_hashinfo, 1067 }; 1068 1069 static const struct inet6_protocol dccp_v6_protocol = { 1070 .handler = dccp_v6_rcv, 1071 .err_handler = dccp_v6_err, 1072 .flags = INET6_PROTO_NOPOLICY | INET6_PROTO_FINAL, 1073 }; 1074 1075 static const struct proto_ops inet6_dccp_ops = { 1076 .family = PF_INET6, 1077 .owner = THIS_MODULE, 1078 .release = inet6_release, 1079 .bind = inet6_bind, 1080 .connect = inet_stream_connect, 1081 .socketpair = sock_no_socketpair, 1082 .accept = inet_accept, 1083 .getname = inet6_getname, 1084 .poll = dccp_poll, 1085 .ioctl = inet6_ioctl, 1086 .gettstamp = sock_gettstamp, 1087 .listen = inet_dccp_listen, 1088 .shutdown = inet_shutdown, 1089 .setsockopt = sock_common_setsockopt, 1090 .getsockopt = sock_common_getsockopt, 1091 .sendmsg = inet_sendmsg, 1092 .recvmsg = sock_common_recvmsg, 1093 .mmap = sock_no_mmap, 1094 #ifdef CONFIG_COMPAT 1095 .compat_ioctl = inet6_compat_ioctl, 1096 #endif 1097 }; 1098 1099 static struct inet_protosw dccp_v6_protosw = { 1100 .type = SOCK_DCCP, 1101 .protocol = IPPROTO_DCCP, 1102 .prot = &dccp_v6_prot, 1103 .ops = &inet6_dccp_ops, 1104 .flags = INET_PROTOSW_ICSK, 1105 }; 1106 1107 static int __net_init dccp_v6_init_net(struct net *net) 1108 { 1109 struct dccp_v6_pernet *pn = net_generic(net, dccp_v6_pernet_id); 1110 1111 if (dccp_hashinfo.bhash == NULL) 1112 return -ESOCKTNOSUPPORT; 1113 1114 return inet_ctl_sock_create(&pn->v6_ctl_sk, PF_INET6, 1115 SOCK_DCCP, IPPROTO_DCCP, net); 1116 } 1117 1118 static void __net_exit dccp_v6_exit_net(struct net *net) 1119 { 1120 struct dccp_v6_pernet *pn = net_generic(net, dccp_v6_pernet_id); 1121 1122 inet_ctl_sock_destroy(pn->v6_ctl_sk); 1123 } 1124 1125 static struct pernet_operations dccp_v6_ops = { 1126 .init = dccp_v6_init_net, 1127 .exit = dccp_v6_exit_net, 1128 .id = &dccp_v6_pernet_id, 1129 .size = sizeof(struct dccp_v6_pernet), 1130 }; 1131 1132 static int __init dccp_v6_init(void) 1133 { 1134 int err = proto_register(&dccp_v6_prot, 1); 1135 1136 if (err) 1137 goto out; 1138 1139 inet6_register_protosw(&dccp_v6_protosw); 1140 1141 err = register_pernet_subsys(&dccp_v6_ops); 1142 if (err) 1143 goto out_destroy_ctl_sock; 1144 1145 err = inet6_add_protocol(&dccp_v6_protocol, IPPROTO_DCCP); 1146 if (err) 1147 goto out_unregister_proto; 1148 1149 out: 1150 return err; 1151 out_unregister_proto: 1152 unregister_pernet_subsys(&dccp_v6_ops); 1153 out_destroy_ctl_sock: 1154 inet6_unregister_protosw(&dccp_v6_protosw); 1155 proto_unregister(&dccp_v6_prot); 1156 goto out; 1157 } 1158 1159 static void __exit dccp_v6_exit(void) 1160 { 1161 inet6_del_protocol(&dccp_v6_protocol, IPPROTO_DCCP); 1162 unregister_pernet_subsys(&dccp_v6_ops); 1163 inet6_unregister_protosw(&dccp_v6_protosw); 1164 proto_unregister(&dccp_v6_prot); 1165 } 1166 1167 module_init(dccp_v6_init); 1168 module_exit(dccp_v6_exit); 1169 1170 /* 1171 * __stringify doesn't likes enums, so use SOCK_DCCP (6) and IPPROTO_DCCP (33) 1172 * values directly, Also cover the case where the protocol is not specified, 1173 * i.e. net-pf-PF_INET6-proto-0-type-SOCK_DCCP 1174 */ 1175 MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_INET6, 33, 6); 1176 MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_INET6, 0, 6); 1177 MODULE_LICENSE("GPL"); 1178 MODULE_AUTHOR("Arnaldo Carvalho de Melo <acme@mandriva.com>"); 1179 MODULE_DESCRIPTION("DCCPv6 - Datagram Congestion Controlled Protocol"); 1180