1 /* 2 * DCCP over IPv6 3 * Linux INET6 implementation 4 * 5 * Based on net/dccp6/ipv6.c 6 * 7 * Arnaldo Carvalho de Melo <acme@ghostprotocols.net> 8 * 9 * This program is free software; you can redistribute it and/or 10 * modify it under the terms of the GNU General Public License 11 * as published by the Free Software Foundation; either version 12 * 2 of the License, or (at your option) any later version. 13 */ 14 15 #include <linux/module.h> 16 #include <linux/random.h> 17 #include <linux/xfrm.h> 18 19 #include <net/addrconf.h> 20 #include <net/inet_common.h> 21 #include <net/inet_hashtables.h> 22 #include <net/inet_sock.h> 23 #include <net/inet6_connection_sock.h> 24 #include <net/inet6_hashtables.h> 25 #include <net/ip6_route.h> 26 #include <net/ipv6.h> 27 #include <net/protocol.h> 28 #include <net/transp_v6.h> 29 #include <net/ip6_checksum.h> 30 #include <net/xfrm.h> 31 32 #include "dccp.h" 33 #include "ipv6.h" 34 #include "feat.h" 35 36 /* The per-net dccp.v6_ctl_sk is used for sending RSTs and ACKs */ 37 38 static struct inet_connection_sock_af_ops dccp_ipv6_mapped; 39 static struct inet_connection_sock_af_ops dccp_ipv6_af_ops; 40 41 static void dccp_v6_hash(struct sock *sk) 42 { 43 if (sk->sk_state != DCCP_CLOSED) { 44 if (inet_csk(sk)->icsk_af_ops == &dccp_ipv6_mapped) { 45 inet_hash(sk); 46 return; 47 } 48 local_bh_disable(); 49 __inet6_hash(sk); 50 local_bh_enable(); 51 } 52 } 53 54 /* add pseudo-header to DCCP checksum stored in skb->csum */ 55 static inline __sum16 dccp_v6_csum_finish(struct sk_buff *skb, 56 struct in6_addr *saddr, 57 struct in6_addr *daddr) 58 { 59 return csum_ipv6_magic(saddr, daddr, skb->len, IPPROTO_DCCP, skb->csum); 60 } 61 62 static inline void dccp_v6_send_check(struct sock *sk, int unused_value, 63 struct sk_buff *skb) 64 { 65 struct ipv6_pinfo *np = inet6_sk(sk); 66 struct dccp_hdr *dh = dccp_hdr(skb); 67 68 dccp_csum_outgoing(skb); 69 dh->dccph_checksum = dccp_v6_csum_finish(skb, &np->saddr, &np->daddr); 70 } 71 72 static inline __u32 secure_dccpv6_sequence_number(__be32 *saddr, __be32 *daddr, 73 __be16 sport, __be16 dport ) 74 { 75 return secure_tcpv6_sequence_number(saddr, daddr, sport, dport); 76 } 77 78 static inline __u32 dccp_v6_init_sequence(struct sk_buff *skb) 79 { 80 return secure_dccpv6_sequence_number(ipv6_hdr(skb)->daddr.s6_addr32, 81 ipv6_hdr(skb)->saddr.s6_addr32, 82 dccp_hdr(skb)->dccph_dport, 83 dccp_hdr(skb)->dccph_sport ); 84 85 } 86 87 static void dccp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, 88 int type, int code, int offset, __be32 info) 89 { 90 struct ipv6hdr *hdr = (struct ipv6hdr *)skb->data; 91 const struct dccp_hdr *dh = (struct dccp_hdr *)(skb->data + offset); 92 struct ipv6_pinfo *np; 93 struct sock *sk; 94 int err; 95 __u64 seq; 96 97 sk = inet6_lookup(dev_net(skb->dev), &dccp_hashinfo, 98 &hdr->daddr, dh->dccph_dport, 99 &hdr->saddr, dh->dccph_sport, inet6_iif(skb)); 100 101 if (sk == NULL) { 102 ICMP6_INC_STATS_BH(__in6_dev_get(skb->dev), ICMP6_MIB_INERRORS); 103 return; 104 } 105 106 if (sk->sk_state == DCCP_TIME_WAIT) { 107 inet_twsk_put(inet_twsk(sk)); 108 return; 109 } 110 111 bh_lock_sock(sk); 112 if (sock_owned_by_user(sk)) 113 NET_INC_STATS_BH(LINUX_MIB_LOCKDROPPEDICMPS); 114 115 if (sk->sk_state == DCCP_CLOSED) 116 goto out; 117 118 np = inet6_sk(sk); 119 120 if (type == ICMPV6_PKT_TOOBIG) { 121 struct dst_entry *dst = NULL; 122 123 if (sock_owned_by_user(sk)) 124 goto out; 125 if ((1 << sk->sk_state) & (DCCPF_LISTEN | DCCPF_CLOSED)) 126 goto out; 127 128 /* icmp should have updated the destination cache entry */ 129 dst = __sk_dst_check(sk, np->dst_cookie); 130 if (dst == NULL) { 131 struct inet_sock *inet = inet_sk(sk); 132 struct flowi fl; 133 134 /* BUGGG_FUTURE: Again, it is not clear how 135 to handle rthdr case. Ignore this complexity 136 for now. 137 */ 138 memset(&fl, 0, sizeof(fl)); 139 fl.proto = IPPROTO_DCCP; 140 ipv6_addr_copy(&fl.fl6_dst, &np->daddr); 141 ipv6_addr_copy(&fl.fl6_src, &np->saddr); 142 fl.oif = sk->sk_bound_dev_if; 143 fl.fl_ip_dport = inet->dport; 144 fl.fl_ip_sport = inet->sport; 145 security_sk_classify_flow(sk, &fl); 146 147 err = ip6_dst_lookup(sk, &dst, &fl); 148 if (err) { 149 sk->sk_err_soft = -err; 150 goto out; 151 } 152 153 err = xfrm_lookup(&dst, &fl, sk, 0); 154 if (err < 0) { 155 sk->sk_err_soft = -err; 156 goto out; 157 } 158 } else 159 dst_hold(dst); 160 161 if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) { 162 dccp_sync_mss(sk, dst_mtu(dst)); 163 } /* else let the usual retransmit timer handle it */ 164 dst_release(dst); 165 goto out; 166 } 167 168 icmpv6_err_convert(type, code, &err); 169 170 seq = dccp_hdr_seq(dh); 171 /* Might be for an request_sock */ 172 switch (sk->sk_state) { 173 struct request_sock *req, **prev; 174 case DCCP_LISTEN: 175 if (sock_owned_by_user(sk)) 176 goto out; 177 178 req = inet6_csk_search_req(sk, &prev, dh->dccph_dport, 179 &hdr->daddr, &hdr->saddr, 180 inet6_iif(skb)); 181 if (req == NULL) 182 goto out; 183 184 /* 185 * ICMPs are not backlogged, hence we cannot get an established 186 * socket here. 187 */ 188 BUG_TRAP(req->sk == NULL); 189 190 if (seq != dccp_rsk(req)->dreq_iss) { 191 NET_INC_STATS_BH(LINUX_MIB_OUTOFWINDOWICMPS); 192 goto out; 193 } 194 195 inet_csk_reqsk_queue_drop(sk, req, prev); 196 goto out; 197 198 case DCCP_REQUESTING: 199 case DCCP_RESPOND: /* Cannot happen. 200 It can, it SYNs are crossed. --ANK */ 201 if (!sock_owned_by_user(sk)) { 202 DCCP_INC_STATS_BH(DCCP_MIB_ATTEMPTFAILS); 203 sk->sk_err = err; 204 /* 205 * Wake people up to see the error 206 * (see connect in sock.c) 207 */ 208 sk->sk_error_report(sk); 209 dccp_done(sk); 210 } else 211 sk->sk_err_soft = err; 212 goto out; 213 } 214 215 if (!sock_owned_by_user(sk) && np->recverr) { 216 sk->sk_err = err; 217 sk->sk_error_report(sk); 218 } else 219 sk->sk_err_soft = err; 220 221 out: 222 bh_unlock_sock(sk); 223 sock_put(sk); 224 } 225 226 227 static int dccp_v6_send_response(struct sock *sk, struct request_sock *req) 228 { 229 struct inet6_request_sock *ireq6 = inet6_rsk(req); 230 struct ipv6_pinfo *np = inet6_sk(sk); 231 struct sk_buff *skb; 232 struct ipv6_txoptions *opt = NULL; 233 struct in6_addr *final_p = NULL, final; 234 struct flowi fl; 235 int err = -1; 236 struct dst_entry *dst; 237 238 memset(&fl, 0, sizeof(fl)); 239 fl.proto = IPPROTO_DCCP; 240 ipv6_addr_copy(&fl.fl6_dst, &ireq6->rmt_addr); 241 ipv6_addr_copy(&fl.fl6_src, &ireq6->loc_addr); 242 fl.fl6_flowlabel = 0; 243 fl.oif = ireq6->iif; 244 fl.fl_ip_dport = inet_rsk(req)->rmt_port; 245 fl.fl_ip_sport = inet_sk(sk)->sport; 246 security_req_classify_flow(req, &fl); 247 248 opt = np->opt; 249 250 if (opt != NULL && opt->srcrt != NULL) { 251 const struct rt0_hdr *rt0 = (struct rt0_hdr *)opt->srcrt; 252 253 ipv6_addr_copy(&final, &fl.fl6_dst); 254 ipv6_addr_copy(&fl.fl6_dst, rt0->addr); 255 final_p = &final; 256 } 257 258 err = ip6_dst_lookup(sk, &dst, &fl); 259 if (err) 260 goto done; 261 262 if (final_p) 263 ipv6_addr_copy(&fl.fl6_dst, final_p); 264 265 err = xfrm_lookup(&dst, &fl, sk, 0); 266 if (err < 0) 267 goto done; 268 269 skb = dccp_make_response(sk, dst, req); 270 if (skb != NULL) { 271 struct dccp_hdr *dh = dccp_hdr(skb); 272 273 dh->dccph_checksum = dccp_v6_csum_finish(skb, 274 &ireq6->loc_addr, 275 &ireq6->rmt_addr); 276 ipv6_addr_copy(&fl.fl6_dst, &ireq6->rmt_addr); 277 err = ip6_xmit(sk, skb, &fl, opt, 0); 278 err = net_xmit_eval(err); 279 } 280 281 done: 282 if (opt != NULL && opt != np->opt) 283 sock_kfree_s(sk, opt, opt->tot_len); 284 dst_release(dst); 285 return err; 286 } 287 288 static void dccp_v6_reqsk_destructor(struct request_sock *req) 289 { 290 if (inet6_rsk(req)->pktopts != NULL) 291 kfree_skb(inet6_rsk(req)->pktopts); 292 } 293 294 static void dccp_v6_ctl_send_reset(struct sock *sk, struct sk_buff *rxskb) 295 { 296 struct ipv6hdr *rxip6h; 297 struct sk_buff *skb; 298 struct flowi fl; 299 struct net *net = dev_net(rxskb->dst->dev); 300 struct sock *ctl_sk = net->dccp.v6_ctl_sk; 301 302 if (dccp_hdr(rxskb)->dccph_type == DCCP_PKT_RESET) 303 return; 304 305 if (!ipv6_unicast_destination(rxskb)) 306 return; 307 308 skb = dccp_ctl_make_reset(ctl_sk, rxskb); 309 if (skb == NULL) 310 return; 311 312 rxip6h = ipv6_hdr(rxskb); 313 dccp_hdr(skb)->dccph_checksum = dccp_v6_csum_finish(skb, &rxip6h->saddr, 314 &rxip6h->daddr); 315 316 memset(&fl, 0, sizeof(fl)); 317 ipv6_addr_copy(&fl.fl6_dst, &rxip6h->saddr); 318 ipv6_addr_copy(&fl.fl6_src, &rxip6h->daddr); 319 320 fl.proto = IPPROTO_DCCP; 321 fl.oif = inet6_iif(rxskb); 322 fl.fl_ip_dport = dccp_hdr(skb)->dccph_dport; 323 fl.fl_ip_sport = dccp_hdr(skb)->dccph_sport; 324 security_skb_classify_flow(rxskb, &fl); 325 326 /* sk = NULL, but it is safe for now. RST socket required. */ 327 if (!ip6_dst_lookup(ctl_sk, &skb->dst, &fl)) { 328 if (xfrm_lookup(&skb->dst, &fl, NULL, 0) >= 0) { 329 ip6_xmit(ctl_sk, skb, &fl, NULL, 0); 330 DCCP_INC_STATS_BH(DCCP_MIB_OUTSEGS); 331 DCCP_INC_STATS_BH(DCCP_MIB_OUTRSTS); 332 return; 333 } 334 } 335 336 kfree_skb(skb); 337 } 338 339 static struct request_sock_ops dccp6_request_sock_ops = { 340 .family = AF_INET6, 341 .obj_size = sizeof(struct dccp6_request_sock), 342 .rtx_syn_ack = dccp_v6_send_response, 343 .send_ack = dccp_reqsk_send_ack, 344 .destructor = dccp_v6_reqsk_destructor, 345 .send_reset = dccp_v6_ctl_send_reset, 346 }; 347 348 static struct sock *dccp_v6_hnd_req(struct sock *sk,struct sk_buff *skb) 349 { 350 const struct dccp_hdr *dh = dccp_hdr(skb); 351 const struct ipv6hdr *iph = ipv6_hdr(skb); 352 struct sock *nsk; 353 struct request_sock **prev; 354 /* Find possible connection requests. */ 355 struct request_sock *req = inet6_csk_search_req(sk, &prev, 356 dh->dccph_sport, 357 &iph->saddr, 358 &iph->daddr, 359 inet6_iif(skb)); 360 if (req != NULL) 361 return dccp_check_req(sk, skb, req, prev); 362 363 nsk = __inet6_lookup_established(sock_net(sk), &dccp_hashinfo, 364 &iph->saddr, dh->dccph_sport, 365 &iph->daddr, ntohs(dh->dccph_dport), 366 inet6_iif(skb)); 367 if (nsk != NULL) { 368 if (nsk->sk_state != DCCP_TIME_WAIT) { 369 bh_lock_sock(nsk); 370 return nsk; 371 } 372 inet_twsk_put(inet_twsk(nsk)); 373 return NULL; 374 } 375 376 return sk; 377 } 378 379 static int dccp_v6_conn_request(struct sock *sk, struct sk_buff *skb) 380 { 381 struct request_sock *req; 382 struct dccp_request_sock *dreq; 383 struct inet6_request_sock *ireq6; 384 struct ipv6_pinfo *np = inet6_sk(sk); 385 const __be32 service = dccp_hdr_request(skb)->dccph_req_service; 386 struct dccp_skb_cb *dcb = DCCP_SKB_CB(skb); 387 388 if (skb->protocol == htons(ETH_P_IP)) 389 return dccp_v4_conn_request(sk, skb); 390 391 if (!ipv6_unicast_destination(skb)) 392 return 0; /* discard, don't send a reset here */ 393 394 if (dccp_bad_service_code(sk, service)) { 395 dcb->dccpd_reset_code = DCCP_RESET_CODE_BAD_SERVICE_CODE; 396 goto drop; 397 } 398 /* 399 * There are no SYN attacks on IPv6, yet... 400 */ 401 dcb->dccpd_reset_code = DCCP_RESET_CODE_TOO_BUSY; 402 if (inet_csk_reqsk_queue_is_full(sk)) 403 goto drop; 404 405 if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1) 406 goto drop; 407 408 req = inet6_reqsk_alloc(&dccp6_request_sock_ops); 409 if (req == NULL) 410 goto drop; 411 412 dccp_reqsk_init(req, skb); 413 414 dreq = dccp_rsk(req); 415 if (dccp_parse_options(sk, dreq, skb)) 416 goto drop_and_free; 417 418 if (security_inet_conn_request(sk, skb, req)) 419 goto drop_and_free; 420 421 ireq6 = inet6_rsk(req); 422 ipv6_addr_copy(&ireq6->rmt_addr, &ipv6_hdr(skb)->saddr); 423 ipv6_addr_copy(&ireq6->loc_addr, &ipv6_hdr(skb)->daddr); 424 ireq6->pktopts = NULL; 425 426 if (ipv6_opt_accepted(sk, skb) || 427 np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo || 428 np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) { 429 atomic_inc(&skb->users); 430 ireq6->pktopts = skb; 431 } 432 ireq6->iif = sk->sk_bound_dev_if; 433 434 /* So that link locals have meaning */ 435 if (!sk->sk_bound_dev_if && 436 ipv6_addr_type(&ireq6->rmt_addr) & IPV6_ADDR_LINKLOCAL) 437 ireq6->iif = inet6_iif(skb); 438 439 /* 440 * Step 3: Process LISTEN state 441 * 442 * Set S.ISR, S.GSR, S.SWL, S.SWH from packet or Init Cookie 443 * 444 * In fact we defer setting S.GSR, S.SWL, S.SWH to 445 * dccp_create_openreq_child. 446 */ 447 dreq->dreq_isr = dcb->dccpd_seq; 448 dreq->dreq_iss = dccp_v6_init_sequence(skb); 449 dreq->dreq_service = service; 450 451 if (dccp_v6_send_response(sk, req)) 452 goto drop_and_free; 453 454 inet6_csk_reqsk_queue_hash_add(sk, req, DCCP_TIMEOUT_INIT); 455 return 0; 456 457 drop_and_free: 458 reqsk_free(req); 459 drop: 460 DCCP_INC_STATS_BH(DCCP_MIB_ATTEMPTFAILS); 461 return -1; 462 } 463 464 static struct sock *dccp_v6_request_recv_sock(struct sock *sk, 465 struct sk_buff *skb, 466 struct request_sock *req, 467 struct dst_entry *dst) 468 { 469 struct inet6_request_sock *ireq6 = inet6_rsk(req); 470 struct ipv6_pinfo *newnp, *np = inet6_sk(sk); 471 struct inet_sock *newinet; 472 struct dccp_sock *newdp; 473 struct dccp6_sock *newdp6; 474 struct sock *newsk; 475 struct ipv6_txoptions *opt; 476 477 if (skb->protocol == htons(ETH_P_IP)) { 478 /* 479 * v6 mapped 480 */ 481 newsk = dccp_v4_request_recv_sock(sk, skb, req, dst); 482 if (newsk == NULL) 483 return NULL; 484 485 newdp6 = (struct dccp6_sock *)newsk; 486 newdp = dccp_sk(newsk); 487 newinet = inet_sk(newsk); 488 newinet->pinet6 = &newdp6->inet6; 489 newnp = inet6_sk(newsk); 490 491 memcpy(newnp, np, sizeof(struct ipv6_pinfo)); 492 493 ipv6_addr_set(&newnp->daddr, 0, 0, htonl(0x0000FFFF), 494 newinet->daddr); 495 496 ipv6_addr_set(&newnp->saddr, 0, 0, htonl(0x0000FFFF), 497 newinet->saddr); 498 499 ipv6_addr_copy(&newnp->rcv_saddr, &newnp->saddr); 500 501 inet_csk(newsk)->icsk_af_ops = &dccp_ipv6_mapped; 502 newsk->sk_backlog_rcv = dccp_v4_do_rcv; 503 newnp->pktoptions = NULL; 504 newnp->opt = NULL; 505 newnp->mcast_oif = inet6_iif(skb); 506 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit; 507 508 /* 509 * No need to charge this sock to the relevant IPv6 refcnt debug socks count 510 * here, dccp_create_openreq_child now does this for us, see the comment in 511 * that function for the gory details. -acme 512 */ 513 514 /* It is tricky place. Until this moment IPv4 tcp 515 worked with IPv6 icsk.icsk_af_ops. 516 Sync it now. 517 */ 518 dccp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie); 519 520 return newsk; 521 } 522 523 opt = np->opt; 524 525 if (sk_acceptq_is_full(sk)) 526 goto out_overflow; 527 528 if (dst == NULL) { 529 struct in6_addr *final_p = NULL, final; 530 struct flowi fl; 531 532 memset(&fl, 0, sizeof(fl)); 533 fl.proto = IPPROTO_DCCP; 534 ipv6_addr_copy(&fl.fl6_dst, &ireq6->rmt_addr); 535 if (opt != NULL && opt->srcrt != NULL) { 536 const struct rt0_hdr *rt0 = (struct rt0_hdr *)opt->srcrt; 537 538 ipv6_addr_copy(&final, &fl.fl6_dst); 539 ipv6_addr_copy(&fl.fl6_dst, rt0->addr); 540 final_p = &final; 541 } 542 ipv6_addr_copy(&fl.fl6_src, &ireq6->loc_addr); 543 fl.oif = sk->sk_bound_dev_if; 544 fl.fl_ip_dport = inet_rsk(req)->rmt_port; 545 fl.fl_ip_sport = inet_sk(sk)->sport; 546 security_sk_classify_flow(sk, &fl); 547 548 if (ip6_dst_lookup(sk, &dst, &fl)) 549 goto out; 550 551 if (final_p) 552 ipv6_addr_copy(&fl.fl6_dst, final_p); 553 554 if ((xfrm_lookup(&dst, &fl, sk, 0)) < 0) 555 goto out; 556 } 557 558 newsk = dccp_create_openreq_child(sk, req, skb); 559 if (newsk == NULL) 560 goto out; 561 562 /* 563 * No need to charge this sock to the relevant IPv6 refcnt debug socks 564 * count here, dccp_create_openreq_child now does this for us, see the 565 * comment in that function for the gory details. -acme 566 */ 567 568 __ip6_dst_store(newsk, dst, NULL, NULL); 569 newsk->sk_route_caps = dst->dev->features & ~(NETIF_F_IP_CSUM | 570 NETIF_F_TSO); 571 newdp6 = (struct dccp6_sock *)newsk; 572 newinet = inet_sk(newsk); 573 newinet->pinet6 = &newdp6->inet6; 574 newdp = dccp_sk(newsk); 575 newnp = inet6_sk(newsk); 576 577 memcpy(newnp, np, sizeof(struct ipv6_pinfo)); 578 579 ipv6_addr_copy(&newnp->daddr, &ireq6->rmt_addr); 580 ipv6_addr_copy(&newnp->saddr, &ireq6->loc_addr); 581 ipv6_addr_copy(&newnp->rcv_saddr, &ireq6->loc_addr); 582 newsk->sk_bound_dev_if = ireq6->iif; 583 584 /* Now IPv6 options... 585 586 First: no IPv4 options. 587 */ 588 newinet->opt = NULL; 589 590 /* Clone RX bits */ 591 newnp->rxopt.all = np->rxopt.all; 592 593 /* Clone pktoptions received with SYN */ 594 newnp->pktoptions = NULL; 595 if (ireq6->pktopts != NULL) { 596 newnp->pktoptions = skb_clone(ireq6->pktopts, GFP_ATOMIC); 597 kfree_skb(ireq6->pktopts); 598 ireq6->pktopts = NULL; 599 if (newnp->pktoptions) 600 skb_set_owner_r(newnp->pktoptions, newsk); 601 } 602 newnp->opt = NULL; 603 newnp->mcast_oif = inet6_iif(skb); 604 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit; 605 606 /* 607 * Clone native IPv6 options from listening socket (if any) 608 * 609 * Yes, keeping reference count would be much more clever, but we make 610 * one more one thing there: reattach optmem to newsk. 611 */ 612 if (opt != NULL) { 613 newnp->opt = ipv6_dup_options(newsk, opt); 614 if (opt != np->opt) 615 sock_kfree_s(sk, opt, opt->tot_len); 616 } 617 618 inet_csk(newsk)->icsk_ext_hdr_len = 0; 619 if (newnp->opt != NULL) 620 inet_csk(newsk)->icsk_ext_hdr_len = (newnp->opt->opt_nflen + 621 newnp->opt->opt_flen); 622 623 dccp_sync_mss(newsk, dst_mtu(dst)); 624 625 newinet->daddr = newinet->saddr = newinet->rcv_saddr = LOOPBACK4_IPV6; 626 627 __inet6_hash(newsk); 628 __inet_inherit_port(sk, newsk); 629 630 return newsk; 631 632 out_overflow: 633 NET_INC_STATS_BH(LINUX_MIB_LISTENOVERFLOWS); 634 out: 635 NET_INC_STATS_BH(LINUX_MIB_LISTENDROPS); 636 if (opt != NULL && opt != np->opt) 637 sock_kfree_s(sk, opt, opt->tot_len); 638 dst_release(dst); 639 return NULL; 640 } 641 642 /* The socket must have it's spinlock held when we get 643 * here. 644 * 645 * We have a potential double-lock case here, so even when 646 * doing backlog processing we use the BH locking scheme. 647 * This is because we cannot sleep with the original spinlock 648 * held. 649 */ 650 static int dccp_v6_do_rcv(struct sock *sk, struct sk_buff *skb) 651 { 652 struct ipv6_pinfo *np = inet6_sk(sk); 653 struct sk_buff *opt_skb = NULL; 654 655 /* Imagine: socket is IPv6. IPv4 packet arrives, 656 goes to IPv4 receive handler and backlogged. 657 From backlog it always goes here. Kerboom... 658 Fortunately, dccp_rcv_established and rcv_established 659 handle them correctly, but it is not case with 660 dccp_v6_hnd_req and dccp_v6_ctl_send_reset(). --ANK 661 */ 662 663 if (skb->protocol == htons(ETH_P_IP)) 664 return dccp_v4_do_rcv(sk, skb); 665 666 if (sk_filter(sk, skb)) 667 goto discard; 668 669 /* 670 * socket locking is here for SMP purposes as backlog rcv is currently 671 * called with bh processing disabled. 672 */ 673 674 /* Do Stevens' IPV6_PKTOPTIONS. 675 676 Yes, guys, it is the only place in our code, where we 677 may make it not affecting IPv4. 678 The rest of code is protocol independent, 679 and I do not like idea to uglify IPv4. 680 681 Actually, all the idea behind IPV6_PKTOPTIONS 682 looks not very well thought. For now we latch 683 options, received in the last packet, enqueued 684 by tcp. Feel free to propose better solution. 685 --ANK (980728) 686 */ 687 if (np->rxopt.all) 688 /* 689 * FIXME: Add handling of IPV6_PKTOPTIONS skb. See the comments below 690 * (wrt ipv6_pktopions) and net/ipv6/tcp_ipv6.c for an example. 691 */ 692 opt_skb = skb_clone(skb, GFP_ATOMIC); 693 694 if (sk->sk_state == DCCP_OPEN) { /* Fast path */ 695 if (dccp_rcv_established(sk, skb, dccp_hdr(skb), skb->len)) 696 goto reset; 697 if (opt_skb) { 698 /* XXX This is where we would goto ipv6_pktoptions. */ 699 __kfree_skb(opt_skb); 700 } 701 return 0; 702 } 703 704 /* 705 * Step 3: Process LISTEN state 706 * If S.state == LISTEN, 707 * If P.type == Request or P contains a valid Init Cookie option, 708 * (* Must scan the packet's options to check for Init 709 * Cookies. Only Init Cookies are processed here, 710 * however; other options are processed in Step 8. This 711 * scan need only be performed if the endpoint uses Init 712 * Cookies *) 713 * (* Generate a new socket and switch to that socket *) 714 * Set S := new socket for this port pair 715 * S.state = RESPOND 716 * Choose S.ISS (initial seqno) or set from Init Cookies 717 * Initialize S.GAR := S.ISS 718 * Set S.ISR, S.GSR, S.SWL, S.SWH from packet or Init Cookies 719 * Continue with S.state == RESPOND 720 * (* A Response packet will be generated in Step 11 *) 721 * Otherwise, 722 * Generate Reset(No Connection) unless P.type == Reset 723 * Drop packet and return 724 * 725 * NOTE: the check for the packet types is done in 726 * dccp_rcv_state_process 727 */ 728 if (sk->sk_state == DCCP_LISTEN) { 729 struct sock *nsk = dccp_v6_hnd_req(sk, skb); 730 731 if (nsk == NULL) 732 goto discard; 733 /* 734 * Queue it on the new socket if the new socket is active, 735 * otherwise we just shortcircuit this and continue with 736 * the new socket.. 737 */ 738 if (nsk != sk) { 739 if (dccp_child_process(sk, nsk, skb)) 740 goto reset; 741 if (opt_skb != NULL) 742 __kfree_skb(opt_skb); 743 return 0; 744 } 745 } 746 747 if (dccp_rcv_state_process(sk, skb, dccp_hdr(skb), skb->len)) 748 goto reset; 749 if (opt_skb) { 750 /* XXX This is where we would goto ipv6_pktoptions. */ 751 __kfree_skb(opt_skb); 752 } 753 return 0; 754 755 reset: 756 dccp_v6_ctl_send_reset(sk, skb); 757 discard: 758 if (opt_skb != NULL) 759 __kfree_skb(opt_skb); 760 kfree_skb(skb); 761 return 0; 762 } 763 764 static int dccp_v6_rcv(struct sk_buff *skb) 765 { 766 const struct dccp_hdr *dh; 767 struct sock *sk; 768 int min_cov; 769 770 /* Step 1: Check header basics */ 771 772 if (dccp_invalid_packet(skb)) 773 goto discard_it; 774 775 /* Step 1: If header checksum is incorrect, drop packet and return. */ 776 if (dccp_v6_csum_finish(skb, &ipv6_hdr(skb)->saddr, 777 &ipv6_hdr(skb)->daddr)) { 778 DCCP_WARN("dropped packet with invalid checksum\n"); 779 goto discard_it; 780 } 781 782 dh = dccp_hdr(skb); 783 784 DCCP_SKB_CB(skb)->dccpd_seq = dccp_hdr_seq(dh); 785 DCCP_SKB_CB(skb)->dccpd_type = dh->dccph_type; 786 787 if (dccp_packet_without_ack(skb)) 788 DCCP_SKB_CB(skb)->dccpd_ack_seq = DCCP_PKT_WITHOUT_ACK_SEQ; 789 else 790 DCCP_SKB_CB(skb)->dccpd_ack_seq = dccp_hdr_ack_seq(skb); 791 792 /* Step 2: 793 * Look up flow ID in table and get corresponding socket */ 794 sk = __inet6_lookup(dev_net(skb->dst->dev), &dccp_hashinfo, 795 &ipv6_hdr(skb)->saddr, dh->dccph_sport, 796 &ipv6_hdr(skb)->daddr, ntohs(dh->dccph_dport), 797 inet6_iif(skb)); 798 /* 799 * Step 2: 800 * If no socket ... 801 */ 802 if (sk == NULL) { 803 dccp_pr_debug("failed to look up flow ID in table and " 804 "get corresponding socket\n"); 805 goto no_dccp_socket; 806 } 807 808 /* 809 * Step 2: 810 * ... or S.state == TIMEWAIT, 811 * Generate Reset(No Connection) unless P.type == Reset 812 * Drop packet and return 813 */ 814 if (sk->sk_state == DCCP_TIME_WAIT) { 815 dccp_pr_debug("sk->sk_state == DCCP_TIME_WAIT: do_time_wait\n"); 816 inet_twsk_put(inet_twsk(sk)); 817 goto no_dccp_socket; 818 } 819 820 /* 821 * RFC 4340, sec. 9.2.1: Minimum Checksum Coverage 822 * o if MinCsCov = 0, only packets with CsCov = 0 are accepted 823 * o if MinCsCov > 0, also accept packets with CsCov >= MinCsCov 824 */ 825 min_cov = dccp_sk(sk)->dccps_pcrlen; 826 if (dh->dccph_cscov && (min_cov == 0 || dh->dccph_cscov < min_cov)) { 827 dccp_pr_debug("Packet CsCov %d does not satisfy MinCsCov %d\n", 828 dh->dccph_cscov, min_cov); 829 /* FIXME: send Data Dropped option (see also dccp_v4_rcv) */ 830 goto discard_and_relse; 831 } 832 833 if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb)) 834 goto discard_and_relse; 835 836 return sk_receive_skb(sk, skb, 1) ? -1 : 0; 837 838 no_dccp_socket: 839 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) 840 goto discard_it; 841 /* 842 * Step 2: 843 * If no socket ... 844 * Generate Reset(No Connection) unless P.type == Reset 845 * Drop packet and return 846 */ 847 if (dh->dccph_type != DCCP_PKT_RESET) { 848 DCCP_SKB_CB(skb)->dccpd_reset_code = 849 DCCP_RESET_CODE_NO_CONNECTION; 850 dccp_v6_ctl_send_reset(sk, skb); 851 } 852 853 discard_it: 854 kfree_skb(skb); 855 return 0; 856 857 discard_and_relse: 858 sock_put(sk); 859 goto discard_it; 860 } 861 862 static int dccp_v6_connect(struct sock *sk, struct sockaddr *uaddr, 863 int addr_len) 864 { 865 struct sockaddr_in6 *usin = (struct sockaddr_in6 *)uaddr; 866 struct inet_connection_sock *icsk = inet_csk(sk); 867 struct inet_sock *inet = inet_sk(sk); 868 struct ipv6_pinfo *np = inet6_sk(sk); 869 struct dccp_sock *dp = dccp_sk(sk); 870 struct in6_addr *saddr = NULL, *final_p = NULL, final; 871 struct flowi fl; 872 struct dst_entry *dst; 873 int addr_type; 874 int err; 875 876 dp->dccps_role = DCCP_ROLE_CLIENT; 877 878 if (addr_len < SIN6_LEN_RFC2133) 879 return -EINVAL; 880 881 if (usin->sin6_family != AF_INET6) 882 return -EAFNOSUPPORT; 883 884 memset(&fl, 0, sizeof(fl)); 885 886 if (np->sndflow) { 887 fl.fl6_flowlabel = usin->sin6_flowinfo & IPV6_FLOWINFO_MASK; 888 IP6_ECN_flow_init(fl.fl6_flowlabel); 889 if (fl.fl6_flowlabel & IPV6_FLOWLABEL_MASK) { 890 struct ip6_flowlabel *flowlabel; 891 flowlabel = fl6_sock_lookup(sk, fl.fl6_flowlabel); 892 if (flowlabel == NULL) 893 return -EINVAL; 894 ipv6_addr_copy(&usin->sin6_addr, &flowlabel->dst); 895 fl6_sock_release(flowlabel); 896 } 897 } 898 /* 899 * connect() to INADDR_ANY means loopback (BSD'ism). 900 */ 901 if (ipv6_addr_any(&usin->sin6_addr)) 902 usin->sin6_addr.s6_addr[15] = 1; 903 904 addr_type = ipv6_addr_type(&usin->sin6_addr); 905 906 if (addr_type & IPV6_ADDR_MULTICAST) 907 return -ENETUNREACH; 908 909 if (addr_type & IPV6_ADDR_LINKLOCAL) { 910 if (addr_len >= sizeof(struct sockaddr_in6) && 911 usin->sin6_scope_id) { 912 /* If interface is set while binding, indices 913 * must coincide. 914 */ 915 if (sk->sk_bound_dev_if && 916 sk->sk_bound_dev_if != usin->sin6_scope_id) 917 return -EINVAL; 918 919 sk->sk_bound_dev_if = usin->sin6_scope_id; 920 } 921 922 /* Connect to link-local address requires an interface */ 923 if (!sk->sk_bound_dev_if) 924 return -EINVAL; 925 } 926 927 ipv6_addr_copy(&np->daddr, &usin->sin6_addr); 928 np->flow_label = fl.fl6_flowlabel; 929 930 /* 931 * DCCP over IPv4 932 */ 933 if (addr_type == IPV6_ADDR_MAPPED) { 934 u32 exthdrlen = icsk->icsk_ext_hdr_len; 935 struct sockaddr_in sin; 936 937 SOCK_DEBUG(sk, "connect: ipv4 mapped\n"); 938 939 if (__ipv6_only_sock(sk)) 940 return -ENETUNREACH; 941 942 sin.sin_family = AF_INET; 943 sin.sin_port = usin->sin6_port; 944 sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3]; 945 946 icsk->icsk_af_ops = &dccp_ipv6_mapped; 947 sk->sk_backlog_rcv = dccp_v4_do_rcv; 948 949 err = dccp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin)); 950 if (err) { 951 icsk->icsk_ext_hdr_len = exthdrlen; 952 icsk->icsk_af_ops = &dccp_ipv6_af_ops; 953 sk->sk_backlog_rcv = dccp_v6_do_rcv; 954 goto failure; 955 } else { 956 ipv6_addr_set(&np->saddr, 0, 0, htonl(0x0000FFFF), 957 inet->saddr); 958 ipv6_addr_set(&np->rcv_saddr, 0, 0, htonl(0x0000FFFF), 959 inet->rcv_saddr); 960 } 961 962 return err; 963 } 964 965 if (!ipv6_addr_any(&np->rcv_saddr)) 966 saddr = &np->rcv_saddr; 967 968 fl.proto = IPPROTO_DCCP; 969 ipv6_addr_copy(&fl.fl6_dst, &np->daddr); 970 ipv6_addr_copy(&fl.fl6_src, saddr ? saddr : &np->saddr); 971 fl.oif = sk->sk_bound_dev_if; 972 fl.fl_ip_dport = usin->sin6_port; 973 fl.fl_ip_sport = inet->sport; 974 security_sk_classify_flow(sk, &fl); 975 976 if (np->opt != NULL && np->opt->srcrt != NULL) { 977 const struct rt0_hdr *rt0 = (struct rt0_hdr *)np->opt->srcrt; 978 979 ipv6_addr_copy(&final, &fl.fl6_dst); 980 ipv6_addr_copy(&fl.fl6_dst, rt0->addr); 981 final_p = &final; 982 } 983 984 err = ip6_dst_lookup(sk, &dst, &fl); 985 if (err) 986 goto failure; 987 988 if (final_p) 989 ipv6_addr_copy(&fl.fl6_dst, final_p); 990 991 err = __xfrm_lookup(&dst, &fl, sk, XFRM_LOOKUP_WAIT); 992 if (err < 0) { 993 if (err == -EREMOTE) 994 err = ip6_dst_blackhole(sk, &dst, &fl); 995 if (err < 0) 996 goto failure; 997 } 998 999 if (saddr == NULL) { 1000 saddr = &fl.fl6_src; 1001 ipv6_addr_copy(&np->rcv_saddr, saddr); 1002 } 1003 1004 /* set the source address */ 1005 ipv6_addr_copy(&np->saddr, saddr); 1006 inet->rcv_saddr = LOOPBACK4_IPV6; 1007 1008 __ip6_dst_store(sk, dst, NULL, NULL); 1009 1010 icsk->icsk_ext_hdr_len = 0; 1011 if (np->opt != NULL) 1012 icsk->icsk_ext_hdr_len = (np->opt->opt_flen + 1013 np->opt->opt_nflen); 1014 1015 inet->dport = usin->sin6_port; 1016 1017 dccp_set_state(sk, DCCP_REQUESTING); 1018 err = inet6_hash_connect(&dccp_death_row, sk); 1019 if (err) 1020 goto late_failure; 1021 1022 dp->dccps_iss = secure_dccpv6_sequence_number(np->saddr.s6_addr32, 1023 np->daddr.s6_addr32, 1024 inet->sport, inet->dport); 1025 err = dccp_connect(sk); 1026 if (err) 1027 goto late_failure; 1028 1029 return 0; 1030 1031 late_failure: 1032 dccp_set_state(sk, DCCP_CLOSED); 1033 __sk_dst_reset(sk); 1034 failure: 1035 inet->dport = 0; 1036 sk->sk_route_caps = 0; 1037 return err; 1038 } 1039 1040 static struct inet_connection_sock_af_ops dccp_ipv6_af_ops = { 1041 .queue_xmit = inet6_csk_xmit, 1042 .send_check = dccp_v6_send_check, 1043 .rebuild_header = inet6_sk_rebuild_header, 1044 .conn_request = dccp_v6_conn_request, 1045 .syn_recv_sock = dccp_v6_request_recv_sock, 1046 .net_header_len = sizeof(struct ipv6hdr), 1047 .setsockopt = ipv6_setsockopt, 1048 .getsockopt = ipv6_getsockopt, 1049 .addr2sockaddr = inet6_csk_addr2sockaddr, 1050 .sockaddr_len = sizeof(struct sockaddr_in6), 1051 .bind_conflict = inet6_csk_bind_conflict, 1052 #ifdef CONFIG_COMPAT 1053 .compat_setsockopt = compat_ipv6_setsockopt, 1054 .compat_getsockopt = compat_ipv6_getsockopt, 1055 #endif 1056 }; 1057 1058 /* 1059 * DCCP over IPv4 via INET6 API 1060 */ 1061 static struct inet_connection_sock_af_ops dccp_ipv6_mapped = { 1062 .queue_xmit = ip_queue_xmit, 1063 .send_check = dccp_v4_send_check, 1064 .rebuild_header = inet_sk_rebuild_header, 1065 .conn_request = dccp_v6_conn_request, 1066 .syn_recv_sock = dccp_v6_request_recv_sock, 1067 .net_header_len = sizeof(struct iphdr), 1068 .setsockopt = ipv6_setsockopt, 1069 .getsockopt = ipv6_getsockopt, 1070 .addr2sockaddr = inet6_csk_addr2sockaddr, 1071 .sockaddr_len = sizeof(struct sockaddr_in6), 1072 #ifdef CONFIG_COMPAT 1073 .compat_setsockopt = compat_ipv6_setsockopt, 1074 .compat_getsockopt = compat_ipv6_getsockopt, 1075 #endif 1076 }; 1077 1078 /* NOTE: A lot of things set to zero explicitly by call to 1079 * sk_alloc() so need not be done here. 1080 */ 1081 static int dccp_v6_init_sock(struct sock *sk) 1082 { 1083 static __u8 dccp_v6_ctl_sock_initialized; 1084 int err = dccp_init_sock(sk, dccp_v6_ctl_sock_initialized); 1085 1086 if (err == 0) { 1087 if (unlikely(!dccp_v6_ctl_sock_initialized)) 1088 dccp_v6_ctl_sock_initialized = 1; 1089 inet_csk(sk)->icsk_af_ops = &dccp_ipv6_af_ops; 1090 } 1091 1092 return err; 1093 } 1094 1095 static int dccp_v6_destroy_sock(struct sock *sk) 1096 { 1097 dccp_destroy_sock(sk); 1098 return inet6_destroy_sock(sk); 1099 } 1100 1101 static struct timewait_sock_ops dccp6_timewait_sock_ops = { 1102 .twsk_obj_size = sizeof(struct dccp6_timewait_sock), 1103 }; 1104 1105 static struct proto dccp_v6_prot = { 1106 .name = "DCCPv6", 1107 .owner = THIS_MODULE, 1108 .close = dccp_close, 1109 .connect = dccp_v6_connect, 1110 .disconnect = dccp_disconnect, 1111 .ioctl = dccp_ioctl, 1112 .init = dccp_v6_init_sock, 1113 .setsockopt = dccp_setsockopt, 1114 .getsockopt = dccp_getsockopt, 1115 .sendmsg = dccp_sendmsg, 1116 .recvmsg = dccp_recvmsg, 1117 .backlog_rcv = dccp_v6_do_rcv, 1118 .hash = dccp_v6_hash, 1119 .unhash = inet_unhash, 1120 .accept = inet_csk_accept, 1121 .get_port = inet_csk_get_port, 1122 .shutdown = dccp_shutdown, 1123 .destroy = dccp_v6_destroy_sock, 1124 .orphan_count = &dccp_orphan_count, 1125 .max_header = MAX_DCCP_HEADER, 1126 .obj_size = sizeof(struct dccp6_sock), 1127 .rsk_prot = &dccp6_request_sock_ops, 1128 .twsk_prot = &dccp6_timewait_sock_ops, 1129 .h.hashinfo = &dccp_hashinfo, 1130 #ifdef CONFIG_COMPAT 1131 .compat_setsockopt = compat_dccp_setsockopt, 1132 .compat_getsockopt = compat_dccp_getsockopt, 1133 #endif 1134 }; 1135 1136 static struct inet6_protocol dccp_v6_protocol = { 1137 .handler = dccp_v6_rcv, 1138 .err_handler = dccp_v6_err, 1139 .flags = INET6_PROTO_NOPOLICY | INET6_PROTO_FINAL, 1140 }; 1141 1142 static struct proto_ops inet6_dccp_ops = { 1143 .family = PF_INET6, 1144 .owner = THIS_MODULE, 1145 .release = inet6_release, 1146 .bind = inet6_bind, 1147 .connect = inet_stream_connect, 1148 .socketpair = sock_no_socketpair, 1149 .accept = inet_accept, 1150 .getname = inet6_getname, 1151 .poll = dccp_poll, 1152 .ioctl = inet6_ioctl, 1153 .listen = inet_dccp_listen, 1154 .shutdown = inet_shutdown, 1155 .setsockopt = sock_common_setsockopt, 1156 .getsockopt = sock_common_getsockopt, 1157 .sendmsg = inet_sendmsg, 1158 .recvmsg = sock_common_recvmsg, 1159 .mmap = sock_no_mmap, 1160 .sendpage = sock_no_sendpage, 1161 #ifdef CONFIG_COMPAT 1162 .compat_setsockopt = compat_sock_common_setsockopt, 1163 .compat_getsockopt = compat_sock_common_getsockopt, 1164 #endif 1165 }; 1166 1167 static struct inet_protosw dccp_v6_protosw = { 1168 .type = SOCK_DCCP, 1169 .protocol = IPPROTO_DCCP, 1170 .prot = &dccp_v6_prot, 1171 .ops = &inet6_dccp_ops, 1172 .capability = -1, 1173 .flags = INET_PROTOSW_ICSK, 1174 }; 1175 1176 static int dccp_v6_init_net(struct net *net) 1177 { 1178 int err; 1179 1180 err = inet_ctl_sock_create(&net->dccp.v6_ctl_sk, PF_INET6, 1181 SOCK_DCCP, IPPROTO_DCCP, net); 1182 return err; 1183 } 1184 1185 static void dccp_v6_exit_net(struct net *net) 1186 { 1187 inet_ctl_sock_destroy(net->dccp.v6_ctl_sk); 1188 } 1189 1190 static struct pernet_operations dccp_v6_ops = { 1191 .init = dccp_v6_init_net, 1192 .exit = dccp_v6_exit_net, 1193 }; 1194 1195 static int __init dccp_v6_init(void) 1196 { 1197 int err = proto_register(&dccp_v6_prot, 1); 1198 1199 if (err != 0) 1200 goto out; 1201 1202 err = inet6_add_protocol(&dccp_v6_protocol, IPPROTO_DCCP); 1203 if (err != 0) 1204 goto out_unregister_proto; 1205 1206 inet6_register_protosw(&dccp_v6_protosw); 1207 1208 err = register_pernet_subsys(&dccp_v6_ops); 1209 if (err != 0) 1210 goto out_destroy_ctl_sock; 1211 out: 1212 return err; 1213 1214 out_destroy_ctl_sock: 1215 inet6_del_protocol(&dccp_v6_protocol, IPPROTO_DCCP); 1216 inet6_unregister_protosw(&dccp_v6_protosw); 1217 out_unregister_proto: 1218 proto_unregister(&dccp_v6_prot); 1219 goto out; 1220 } 1221 1222 static void __exit dccp_v6_exit(void) 1223 { 1224 unregister_pernet_subsys(&dccp_v6_ops); 1225 inet6_del_protocol(&dccp_v6_protocol, IPPROTO_DCCP); 1226 inet6_unregister_protosw(&dccp_v6_protosw); 1227 proto_unregister(&dccp_v6_prot); 1228 } 1229 1230 module_init(dccp_v6_init); 1231 module_exit(dccp_v6_exit); 1232 1233 /* 1234 * __stringify doesn't likes enums, so use SOCK_DCCP (6) and IPPROTO_DCCP (33) 1235 * values directly, Also cover the case where the protocol is not specified, 1236 * i.e. net-pf-PF_INET6-proto-0-type-SOCK_DCCP 1237 */ 1238 MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_INET6, 33, 6); 1239 MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_INET6, 0, 6); 1240 MODULE_LICENSE("GPL"); 1241 MODULE_AUTHOR("Arnaldo Carvalho de Melo <acme@mandriva.com>"); 1242 MODULE_DESCRIPTION("DCCPv6 - Datagram Congestion Controlled Protocol"); 1243