1 /*
2 * DCCP over IPv6
3 * Linux INET6 implementation
4 *
5 * Based on net/dccp6/ipv6.c
6 *
7 * Arnaldo Carvalho de Melo <acme@ghostprotocols.net>
8 *
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License
11 * as published by the Free Software Foundation; either version
12 * 2 of the License, or (at your option) any later version.
13 */
14
15 #include <linux/module.h>
16 #include <linux/random.h>
17 #include <linux/xfrm.h>
18
19 #include <net/addrconf.h>
20 #include <net/inet_common.h>
21 #include <net/inet_hashtables.h>
22 #include <net/inet_sock.h>
23 #include <net/inet6_connection_sock.h>
24 #include <net/inet6_hashtables.h>
25 #include <net/ip6_route.h>
26 #include <net/ipv6.h>
27 #include <net/protocol.h>
28 #include <net/transp_v6.h>
29 #include <net/ip6_checksum.h>
30 #include <net/xfrm.h>
31
32 #include "dccp.h"
33 #include "ipv6.h"
34 #include "feat.h"
35
36 /* Socket used for sending RSTs and ACKs */
37 static struct socket *dccp_v6_ctl_socket;
38
39 static struct inet_connection_sock_af_ops dccp_ipv6_mapped;
40 static struct inet_connection_sock_af_ops dccp_ipv6_af_ops;
41
42 static void dccp_v6_hash(struct sock *sk)
43 {
44 if (sk->sk_state != DCCP_CLOSED) {
45 if (inet_csk(sk)->icsk_af_ops == &dccp_ipv6_mapped) {
46 inet_hash(sk);
47 return;
48 }
49 local_bh_disable();
50 __inet6_hash(sk);
51 local_bh_enable();
52 }
53 }
54
55 /* add pseudo-header to DCCP checksum stored in skb->csum */
56 static inline __sum16 dccp_v6_csum_finish(struct sk_buff *skb,
57 struct in6_addr *saddr,
58 struct in6_addr *daddr)
59 {
60 return csum_ipv6_magic(saddr, daddr, skb->len, IPPROTO_DCCP, skb->csum);
61 }
62
63 static inline void dccp_v6_send_check(struct sock *sk, int unused_value,
64 struct sk_buff *skb)
65 {
66 struct ipv6_pinfo *np = inet6_sk(sk);
67 struct dccp_hdr *dh = dccp_hdr(skb);
68
69 dccp_csum_outgoing(skb);
70 dh->dccph_checksum = dccp_v6_csum_finish(skb, &np->saddr, &np->daddr);
71 }
72
73 static inline __u32 secure_dccpv6_sequence_number(__be32 *saddr, __be32 *daddr,
74 __be16 sport, __be16 dport )
75 {
76 return secure_tcpv6_sequence_number(saddr, daddr, sport, dport);
77 }
78
79 static inline __u32 dccp_v6_init_sequence(struct sk_buff *skb)
80 {
81 return secure_dccpv6_sequence_number(ipv6_hdr(skb)->daddr.s6_addr32,
82 ipv6_hdr(skb)->saddr.s6_addr32,
83 dccp_hdr(skb)->dccph_dport,
84 dccp_hdr(skb)->dccph_sport );
85
86 }
87
88 static void dccp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
89 int type, int code, int offset, __be32 info)
90 {
91 struct ipv6hdr *hdr = (struct ipv6hdr *)skb->data;
92 const struct dccp_hdr *dh = (struct dccp_hdr *)(skb->data + offset);
93 struct ipv6_pinfo *np;
94 struct sock *sk;
95 int err;
96 __u64 seq;
97
98 sk = inet6_lookup(&init_net, &dccp_hashinfo, &hdr->daddr, dh->dccph_dport,
99 &hdr->saddr, dh->dccph_sport, inet6_iif(skb));
100
101 if (sk == NULL) {
102 ICMP6_INC_STATS_BH(__in6_dev_get(skb->dev), ICMP6_MIB_INERRORS);
103 return;
104 }
105
106 if (sk->sk_state == DCCP_TIME_WAIT) {
107 inet_twsk_put(inet_twsk(sk));
108 return;
109 }
110
111 bh_lock_sock(sk);
112 if (sock_owned_by_user(sk))
113 NET_INC_STATS_BH(LINUX_MIB_LOCKDROPPEDICMPS);
114
115 if (sk->sk_state == DCCP_CLOSED)
116 goto out;
117
118 np = inet6_sk(sk);
119
120 if (type == ICMPV6_PKT_TOOBIG) {
121 struct dst_entry *dst = NULL;
122
123 if (sock_owned_by_user(sk))
124 goto out;
125 if ((1 << sk->sk_state) & (DCCPF_LISTEN | DCCPF_CLOSED))
126 goto out;
127
128 /* icmp should have updated the destination cache entry */
129 dst = __sk_dst_check(sk, np->dst_cookie);
130 if (dst == NULL) {
131 struct inet_sock *inet = inet_sk(sk);
132 struct flowi fl;
133
134 /* BUGGG_FUTURE: Again, it is not clear how
135 to handle rthdr case. Ignore this complexity
136 for now.
137 */
138 memset(&fl, 0, sizeof(fl));
139 fl.proto = IPPROTO_DCCP;
140 ipv6_addr_copy(&fl.fl6_dst, &np->daddr);
141 ipv6_addr_copy(&fl.fl6_src, &np->saddr);
142 fl.oif = sk->sk_bound_dev_if;
143 fl.fl_ip_dport = inet->dport;
144 fl.fl_ip_sport = inet->sport;
145 security_sk_classify_flow(sk, &fl);
146
147 err = ip6_dst_lookup(sk, &dst, &fl);
148 if (err) {
149 sk->sk_err_soft = -err;
150 goto out;
151 }
152
153 err = xfrm_lookup(&dst, &fl, sk, 0);
154 if (err < 0) {
155 sk->sk_err_soft = -err;
156 goto out;
157 }
158 } else
159 dst_hold(dst);
160
161 if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) {
162 dccp_sync_mss(sk, dst_mtu(dst));
163 } /* else let the usual retransmit timer handle it */
164 dst_release(dst);
165 goto out;
166 }
167
168 icmpv6_err_convert(type, code, &err);
169
170 seq = dccp_hdr_seq(dh);
171 /* Might be for an request_sock */
172 switch (sk->sk_state) {
173 struct request_sock *req, **prev;
174 case DCCP_LISTEN:
175 if (sock_owned_by_user(sk))
176 goto out;
177
178 req = inet6_csk_search_req(sk, &prev, dh->dccph_dport,
179 &hdr->daddr, &hdr->saddr,
180 inet6_iif(skb));
181 if (req == NULL)
182 goto out;
183
184 /*
185 * ICMPs are not backlogged, hence we cannot get an established
186 * socket here.
187 */
188 BUG_TRAP(req->sk == NULL);
189
190 if (seq != dccp_rsk(req)->dreq_iss) {
191 NET_INC_STATS_BH(LINUX_MIB_OUTOFWINDOWICMPS);
192 goto out;
193 }
194
195 inet_csk_reqsk_queue_drop(sk, req, prev);
196 goto out;
197
198 case DCCP_REQUESTING:
199 case DCCP_RESPOND: /* Cannot happen.
200 It can, it SYNs are crossed. --ANK */
201 if (!sock_owned_by_user(sk)) {
202 DCCP_INC_STATS_BH(DCCP_MIB_ATTEMPTFAILS);
203 sk->sk_err = err;
204 /*
205 * Wake people up to see the error
206 * (see connect in sock.c)
207 */
208 sk->sk_error_report(sk);
209 dccp_done(sk);
210 } else
211 sk->sk_err_soft = err;
212 goto out;
213 }
214
215 if (!sock_owned_by_user(sk) && np->recverr) {
216 sk->sk_err = err;
217 sk->sk_error_report(sk);
218 } else
219 sk->sk_err_soft = err;
220
221 out:
222 bh_unlock_sock(sk);
223 sock_put(sk);
224 }
225
226
227 static int dccp_v6_send_response(struct sock *sk, struct request_sock *req,
228 struct dst_entry *dst)
229 {
230 struct inet6_request_sock *ireq6 = inet6_rsk(req);
231 struct ipv6_pinfo *np = inet6_sk(sk);
232 struct sk_buff *skb;
233 struct ipv6_txoptions *opt = NULL;
234 struct in6_addr *final_p = NULL, final;
235 struct flowi fl;
236 int err = -1;
237
238 memset(&fl, 0, sizeof(fl));
239 fl.proto = IPPROTO_DCCP;
240 ipv6_addr_copy(&fl.fl6_dst, &ireq6->rmt_addr);
241 ipv6_addr_copy(&fl.fl6_src, &ireq6->loc_addr);
242 fl.fl6_flowlabel = 0;
243 fl.oif = ireq6->iif;
244 fl.fl_ip_dport = inet_rsk(req)->rmt_port;
245 fl.fl_ip_sport = inet_sk(sk)->sport;
246 security_req_classify_flow(req, &fl);
247
248 if (dst == NULL) {
249 opt = np->opt;
250
251 if (opt != NULL && opt->srcrt != NULL) {
252 const struct rt0_hdr *rt0 = (struct rt0_hdr *)opt->srcrt;
253
254 ipv6_addr_copy(&final, &fl.fl6_dst);
255 ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
256 final_p = &final;
257 }
258
259 err = ip6_dst_lookup(sk, &dst, &fl);
260 if (err)
261 goto done;
262
263 if (final_p)
264 ipv6_addr_copy(&fl.fl6_dst, final_p);
265
266 err = xfrm_lookup(&dst, &fl, sk, 0);
267 if (err < 0)
268 goto done;
269 }
270
271 skb = dccp_make_response(sk, dst, req);
272 if (skb != NULL) {
273 struct dccp_hdr *dh = dccp_hdr(skb);
274
275 dh->dccph_checksum = dccp_v6_csum_finish(skb,
276 &ireq6->loc_addr,
277 &ireq6->rmt_addr);
278 ipv6_addr_copy(&fl.fl6_dst, &ireq6->rmt_addr);
279 err = ip6_xmit(sk, skb, &fl, opt, 0);
280 err = net_xmit_eval(err);
281 }
282
283 done:
284 if (opt != NULL && opt != np->opt)
285 sock_kfree_s(sk, opt, opt->tot_len);
286 dst_release(dst);
287 return err;
288 }
289
290 static void dccp_v6_reqsk_destructor(struct request_sock *req)
291 {
292 if (inet6_rsk(req)->pktopts != NULL)
293 kfree_skb(inet6_rsk(req)->pktopts);
294 }
295
296 static void dccp_v6_ctl_send_reset(struct sock *sk, struct sk_buff *rxskb)
297 {
298 struct ipv6hdr *rxip6h;
299 struct sk_buff *skb;
300 struct flowi fl;
301
302 if (dccp_hdr(rxskb)->dccph_type == DCCP_PKT_RESET)
303 return;
304
305 if (!ipv6_unicast_destination(rxskb))
306 return;
307
308 skb = dccp_ctl_make_reset(dccp_v6_ctl_socket, rxskb);
309 if (skb == NULL)
310 return;
311
312 rxip6h = ipv6_hdr(rxskb);
313 dccp_hdr(skb)->dccph_checksum = dccp_v6_csum_finish(skb, &rxip6h->saddr,
314 &rxip6h->daddr);
315
316 memset(&fl, 0, sizeof(fl));
317 ipv6_addr_copy(&fl.fl6_dst, &rxip6h->saddr);
318 ipv6_addr_copy(&fl.fl6_src, &rxip6h->daddr);
319
320 fl.proto = IPPROTO_DCCP;
321 fl.oif = inet6_iif(rxskb);
322 fl.fl_ip_dport = dccp_hdr(skb)->dccph_dport;
323 fl.fl_ip_sport = dccp_hdr(skb)->dccph_sport;
324 security_skb_classify_flow(rxskb, &fl);
325
326 /* sk = NULL, but it is safe for now. RST socket required. */
327 if (!ip6_dst_lookup(NULL, &skb->dst, &fl)) {
328 if (xfrm_lookup(&skb->dst, &fl, NULL, 0) >= 0) {
329 ip6_xmit(dccp_v6_ctl_socket->sk, skb, &fl, NULL, 0);
330 DCCP_INC_STATS_BH(DCCP_MIB_OUTSEGS);
331 DCCP_INC_STATS_BH(DCCP_MIB_OUTRSTS);
332 return;
333 }
334 }
335
336 kfree_skb(skb);
337 }
338
339 static struct request_sock_ops dccp6_request_sock_ops = {
340 .family = AF_INET6,
341 .obj_size = sizeof(struct dccp6_request_sock),
342 .rtx_syn_ack = dccp_v6_send_response,
343 .send_ack = dccp_reqsk_send_ack,
344 .destructor = dccp_v6_reqsk_destructor,
345 .send_reset = dccp_v6_ctl_send_reset,
346 };
347
348 static struct sock *dccp_v6_hnd_req(struct sock *sk,struct sk_buff *skb)
349 {
350 const struct dccp_hdr *dh = dccp_hdr(skb);
351 const struct ipv6hdr *iph = ipv6_hdr(skb);
352 struct sock *nsk;
353 struct request_sock **prev;
354 /* Find possible connection requests. */
355 struct request_sock *req = inet6_csk_search_req(sk, &prev,
356 dh->dccph_sport,
357 &iph->saddr,
358 &iph->daddr,
359 inet6_iif(skb));
360 if (req != NULL)
361 return dccp_check_req(sk, skb, req, prev);
362
363 nsk = __inet6_lookup_established(&init_net, &dccp_hashinfo,
364 &iph->saddr, dh->dccph_sport,
365 &iph->daddr, ntohs(dh->dccph_dport),
366 inet6_iif(skb));
367 if (nsk != NULL) {
368 if (nsk->sk_state != DCCP_TIME_WAIT) {
369 bh_lock_sock(nsk);
370 return nsk;
371 }
372 inet_twsk_put(inet_twsk(nsk));
373 return NULL;
374 }
375
376 return sk;
377 }
378
379 static int dccp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
380 {
381 struct request_sock *req;
382 struct dccp_request_sock *dreq;
383 struct inet6_request_sock *ireq6;
384 struct ipv6_pinfo *np = inet6_sk(sk);
385 const __be32 service = dccp_hdr_request(skb)->dccph_req_service;
386 struct dccp_skb_cb *dcb = DCCP_SKB_CB(skb);
387
388 if (skb->protocol == htons(ETH_P_IP))
389 return dccp_v4_conn_request(sk, skb);
390
391 if (!ipv6_unicast_destination(skb))
392 return 0; /* discard, don't send a reset here */
393
394 if (dccp_bad_service_code(sk, service)) {
395 dcb->dccpd_reset_code = DCCP_RESET_CODE_BAD_SERVICE_CODE;
396 goto drop;
397 }
398 /*
399 * There are no SYN attacks on IPv6, yet...
400 */
401 dcb->dccpd_reset_code = DCCP_RESET_CODE_TOO_BUSY;
402 if (inet_csk_reqsk_queue_is_full(sk))
403 goto drop;
404
405 if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1)
406 goto drop;
407
408 req = inet6_reqsk_alloc(&dccp6_request_sock_ops);
409 if (req == NULL)
410 goto drop;
411
412 dccp_reqsk_init(req, skb);
413
414 dreq = dccp_rsk(req);
415 if (dccp_parse_options(sk, dreq, skb))
416 goto drop_and_free;
417
418 if (security_inet_conn_request(sk, skb, req))
419 goto drop_and_free;
420
421 ireq6 = inet6_rsk(req);
422 ipv6_addr_copy(&ireq6->rmt_addr, &ipv6_hdr(skb)->saddr);
423 ipv6_addr_copy(&ireq6->loc_addr, &ipv6_hdr(skb)->daddr);
424 ireq6->pktopts = NULL;
425
426 if (ipv6_opt_accepted(sk, skb) ||
427 np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo ||
428 np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) {
429 atomic_inc(&skb->users);
430 ireq6->pktopts = skb;
431 }
432 ireq6->iif = sk->sk_bound_dev_if;
433
434 /* So that link locals have meaning */
435 if (!sk->sk_bound_dev_if &&
436 ipv6_addr_type(&ireq6->rmt_addr) & IPV6_ADDR_LINKLOCAL)
437 ireq6->iif = inet6_iif(skb);
438
439 /*
440 * Step 3: Process LISTEN state
441 *
442 * Set S.ISR, S.GSR, S.SWL, S.SWH from packet or Init Cookie
443 *
444 * In fact we defer setting S.GSR, S.SWL, S.SWH to
445 * dccp_create_openreq_child.
446 */
447 dreq->dreq_isr = dcb->dccpd_seq;
448 dreq->dreq_iss = dccp_v6_init_sequence(skb);
449 dreq->dreq_service = service;
450
451 if (dccp_v6_send_response(sk, req, NULL))
452 goto drop_and_free;
453
454 inet6_csk_reqsk_queue_hash_add(sk, req, DCCP_TIMEOUT_INIT);
455 return 0;
456
457 drop_and_free:
458 reqsk_free(req);
459 drop:
460 DCCP_INC_STATS_BH(DCCP_MIB_ATTEMPTFAILS);
461 return -1;
462 }
463
464 static struct sock *dccp_v6_request_recv_sock(struct sock *sk,
465 struct sk_buff *skb,
466 struct request_sock *req,
467 struct dst_entry *dst)
468 {
469 struct inet6_request_sock *ireq6 = inet6_rsk(req);
470 struct ipv6_pinfo *newnp, *np = inet6_sk(sk);
471 struct inet_sock *newinet;
472 struct dccp_sock *newdp;
473 struct dccp6_sock *newdp6;
474 struct sock *newsk;
475 struct ipv6_txoptions *opt;
476
477 if (skb->protocol == htons(ETH_P_IP)) {
478 /*
479 * v6 mapped
480 */
481 newsk = dccp_v4_request_recv_sock(sk, skb, req, dst);
482 if (newsk == NULL)
483 return NULL;
484
485 newdp6 = (struct dccp6_sock *)newsk;
486 newdp = dccp_sk(newsk);
487 newinet = inet_sk(newsk);
488 newinet->pinet6 = &newdp6->inet6;
489 newnp = inet6_sk(newsk);
490
491 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
492
493 ipv6_addr_set(&newnp->daddr, 0, 0, htonl(0x0000FFFF),
494 newinet->daddr);
495
496 ipv6_addr_set(&newnp->saddr, 0, 0, htonl(0x0000FFFF),
497 newinet->saddr);
498
499 ipv6_addr_copy(&newnp->rcv_saddr, &newnp->saddr);
500
501 inet_csk(newsk)->icsk_af_ops = &dccp_ipv6_mapped;
502 newsk->sk_backlog_rcv = dccp_v4_do_rcv;
503 newnp->pktoptions = NULL;
504 newnp->opt = NULL;
505 newnp->mcast_oif = inet6_iif(skb);
506 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
507
508 /*
509 * No need to charge this sock to the relevant IPv6 refcnt debug socks count
510 * here, dccp_create_openreq_child now does this for us, see the comment in
511 * that function for the gory details. -acme
512 */
513
514 /* It is tricky place. Until this moment IPv4 tcp
515 worked with IPv6 icsk.icsk_af_ops.
516 Sync it now.
517 */
518 dccp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie);
519
520 return newsk;
521 }
522
523 opt = np->opt;
524
525 if (sk_acceptq_is_full(sk))
526 goto out_overflow;
527
528 if (dst == NULL) {
529 struct in6_addr *final_p = NULL, final;
530 struct flowi fl;
531
532 memset(&fl, 0, sizeof(fl));
533 fl.proto = IPPROTO_DCCP;
534 ipv6_addr_copy(&fl.fl6_dst, &ireq6->rmt_addr);
535 if (opt != NULL && opt->srcrt != NULL) {
536 const struct rt0_hdr *rt0 = (struct rt0_hdr *)opt->srcrt;
537
538 ipv6_addr_copy(&final, &fl.fl6_dst);
539 ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
540 final_p = &final;
541 }
542 ipv6_addr_copy(&fl.fl6_src, &ireq6->loc_addr);
543 fl.oif = sk->sk_bound_dev_if;
544 fl.fl_ip_dport = inet_rsk(req)->rmt_port;
545 fl.fl_ip_sport = inet_sk(sk)->sport;
546 security_sk_classify_flow(sk, &fl);
547
548 if (ip6_dst_lookup(sk, &dst, &fl))
549 goto out;
550
551 if (final_p)
552 ipv6_addr_copy(&fl.fl6_dst, final_p);
553
554 if ((xfrm_lookup(&dst, &fl, sk, 0)) < 0)
555 goto out;
556 }
557
558 newsk = dccp_create_openreq_child(sk, req, skb);
559 if (newsk == NULL)
560 goto out;
561
562 /*
563 * No need to charge this sock to the relevant IPv6 refcnt debug socks
564 * count here, dccp_create_openreq_child now does this for us, see the
565 * comment in that function for the gory details. -acme
566 */
567
568 __ip6_dst_store(newsk, dst, NULL, NULL);
569 newsk->sk_route_caps = dst->dev->features & ~(NETIF_F_IP_CSUM |
570 NETIF_F_TSO);
571 newdp6 = (struct dccp6_sock *)newsk;
572 newinet = inet_sk(newsk);
573 newinet->pinet6 = &newdp6->inet6;
574 newdp = dccp_sk(newsk);
575 newnp = inet6_sk(newsk);
576
577 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
578
579 ipv6_addr_copy(&newnp->daddr, &ireq6->rmt_addr);
580 ipv6_addr_copy(&newnp->saddr, &ireq6->loc_addr);
581 ipv6_addr_copy(&newnp->rcv_saddr, &ireq6->loc_addr);
582 newsk->sk_bound_dev_if = ireq6->iif;
583
584 /* Now IPv6 options...
585
586 First: no IPv4 options.
587 */
588 newinet->opt = NULL;
589
590 /* Clone RX bits */
591 newnp->rxopt.all = np->rxopt.all;
592
593 /* Clone pktoptions received with SYN */
594 newnp->pktoptions = NULL;
595 if (ireq6->pktopts != NULL) {
596 newnp->pktoptions = skb_clone(ireq6->pktopts, GFP_ATOMIC);
597 kfree_skb(ireq6->pktopts);
598 ireq6->pktopts = NULL;
599 if (newnp->pktoptions)
600 skb_set_owner_r(newnp->pktoptions, newsk);
601 }
602 newnp->opt = NULL;
603 newnp->mcast_oif = inet6_iif(skb);
604 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
605
606 /*
607 * Clone native IPv6 options from listening socket (if any)
608 *
609 * Yes, keeping reference count would be much more clever, but we make
610 * one more one thing there: reattach optmem to newsk.
611 */
612 if (opt != NULL) {
613 newnp->opt = ipv6_dup_options(newsk, opt);
614 if (opt != np->opt)
615 sock_kfree_s(sk, opt, opt->tot_len);
616 }
617
618 inet_csk(newsk)->icsk_ext_hdr_len = 0;
619 if (newnp->opt != NULL)
620 inet_csk(newsk)->icsk_ext_hdr_len = (newnp->opt->opt_nflen +
621 newnp->opt->opt_flen);
622
623 dccp_sync_mss(newsk, dst_mtu(dst));
624
625 newinet->daddr = newinet->saddr = newinet->rcv_saddr = LOOPBACK4_IPV6;
626
627 __inet6_hash(newsk);
628 inet_inherit_port(sk, newsk);
629
630 return newsk;
631
632 out_overflow:
633 NET_INC_STATS_BH(LINUX_MIB_LISTENOVERFLOWS);
634 out:
635 NET_INC_STATS_BH(LINUX_MIB_LISTENDROPS);
636 if (opt != NULL && opt != np->opt)
637 sock_kfree_s(sk, opt, opt->tot_len);
638 dst_release(dst);
639 return NULL;
640 }
641
642 /* The socket must have it's spinlock held when we get
643 * here.
644 *
645 * We have a potential double-lock case here, so even when
646 * doing backlog processing we use the BH locking scheme.
647 * This is because we cannot sleep with the original spinlock
648 * held.
649 */
650 static int dccp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
651 {
652 struct ipv6_pinfo *np = inet6_sk(sk);
653 struct sk_buff *opt_skb = NULL;
654
655 /* Imagine: socket is IPv6. IPv4 packet arrives,
656 goes to IPv4 receive handler and backlogged.
657 From backlog it always goes here. Kerboom...
658 Fortunately, dccp_rcv_established and rcv_established
659 handle them correctly, but it is not case with
660 dccp_v6_hnd_req and dccp_v6_ctl_send_reset(). --ANK
661 */
662
663 if (skb->protocol == htons(ETH_P_IP))
664 return dccp_v4_do_rcv(sk, skb);
665
666 if (sk_filter(sk, skb))
667 goto discard;
668
669 /*
670 * socket locking is here for SMP purposes as backlog rcv is currently
671 * called with bh processing disabled.
672 */
673
674 /* Do Stevens' IPV6_PKTOPTIONS.
675
676 Yes, guys, it is the only place in our code, where we
677 may make it not affecting IPv4.
678 The rest of code is protocol independent,
679 and I do not like idea to uglify IPv4.
680
681 Actually, all the idea behind IPV6_PKTOPTIONS
682 looks not very well thought. For now we latch
683 options, received in the last packet, enqueued
684 by tcp. Feel free to propose better solution.
685 --ANK (980728)
686 */
687 if (np->rxopt.all)
688 /*
689 * FIXME: Add handling of IPV6_PKTOPTIONS skb. See the comments below
690 * (wrt ipv6_pktopions) and net/ipv6/tcp_ipv6.c for an example.
691 */
692 opt_skb = skb_clone(skb, GFP_ATOMIC);
693
694 if (sk->sk_state == DCCP_OPEN) { /* Fast path */
695 if (dccp_rcv_established(sk, skb, dccp_hdr(skb), skb->len))
696 goto reset;
697 if (opt_skb) {
698 /* XXX This is where we would goto ipv6_pktoptions. */
699 __kfree_skb(opt_skb);
700 }
701 return 0;
702 }
703
704 /*
705 * Step 3: Process LISTEN state
706 * If S.state == LISTEN,
707 * If P.type == Request or P contains a valid Init Cookie option,
708 * (* Must scan the packet's options to check for Init
709 * Cookies. Only Init Cookies are processed here,
710 * however; other options are processed in Step 8. This
711 * scan need only be performed if the endpoint uses Init
712 * Cookies *)
713 * (* Generate a new socket and switch to that socket *)
714 * Set S := new socket for this port pair
715 * S.state = RESPOND
716 * Choose S.ISS (initial seqno) or set from Init Cookies
717 * Initialize S.GAR := S.ISS
718 * Set S.ISR, S.GSR, S.SWL, S.SWH from packet or Init Cookies
719 * Continue with S.state == RESPOND
720 * (* A Response packet will be generated in Step 11 *)
721 * Otherwise,
722 * Generate Reset(No Connection) unless P.type == Reset
723 * Drop packet and return
724 *
725 * NOTE: the check for the packet types is done in
726 * dccp_rcv_state_process
727 */
728 if (sk->sk_state == DCCP_LISTEN) {
729 struct sock *nsk = dccp_v6_hnd_req(sk, skb);
730
731 if (nsk == NULL)
732 goto discard;
733 /*
734 * Queue it on the new socket if the new socket is active,
735 * otherwise we just shortcircuit this and continue with
736 * the new socket..
737 */
738 if (nsk != sk) {
739 if (dccp_child_process(sk, nsk, skb))
740 goto reset;
741 if (opt_skb != NULL)
742 __kfree_skb(opt_skb);
743 return 0;
744 }
745 }
746
747 if (dccp_rcv_state_process(sk, skb, dccp_hdr(skb), skb->len))
748 goto reset;
749 if (opt_skb) {
750 /* XXX This is where we would goto ipv6_pktoptions. */
751 __kfree_skb(opt_skb);
752 }
753 return 0;
754
755 reset:
756 dccp_v6_ctl_send_reset(sk, skb);
757 discard:
758 if (opt_skb != NULL)
759 __kfree_skb(opt_skb);
760 kfree_skb(skb);
761 return 0;
762 }
763
764 static int dccp_v6_rcv(struct sk_buff *skb)
765 {
766 const struct dccp_hdr *dh;
767 struct sock *sk;
768 int min_cov;
769
770 /* Step 1: Check header basics */
771
772 if (dccp_invalid_packet(skb))
773 goto discard_it;
774
775 /* Step 1: If header checksum is incorrect, drop packet and return. */
776 if (dccp_v6_csum_finish(skb, &ipv6_hdr(skb)->saddr,
777 &ipv6_hdr(skb)->daddr)) {
778 DCCP_WARN("dropped packet with invalid checksum\n");
779 goto discard_it;
780 }
781
782 dh = dccp_hdr(skb);
783
784 DCCP_SKB_CB(skb)->dccpd_seq = dccp_hdr_seq(dh);
785 DCCP_SKB_CB(skb)->dccpd_type = dh->dccph_type;
786
787 if (dccp_packet_without_ack(skb))
788 DCCP_SKB_CB(skb)->dccpd_ack_seq = DCCP_PKT_WITHOUT_ACK_SEQ;
789 else
790 DCCP_SKB_CB(skb)->dccpd_ack_seq = dccp_hdr_ack_seq(skb);
791
792 /* Step 2:
793 * Look up flow ID in table and get corresponding socket */
794 sk = __inet6_lookup(&init_net, &dccp_hashinfo, &ipv6_hdr(skb)->saddr,
795 dh->dccph_sport,
796 &ipv6_hdr(skb)->daddr, ntohs(dh->dccph_dport),
797 inet6_iif(skb));
798 /*
799 * Step 2:
800 * If no socket ...
801 */
802 if (sk == NULL) {
803 dccp_pr_debug("failed to look up flow ID in table and "
804 "get corresponding socket\n");
805 goto no_dccp_socket;
806 }
807
808 /*
809 * Step 2:
810 * ... or S.state == TIMEWAIT,
811 * Generate Reset(No Connection) unless P.type == Reset
812 * Drop packet and return
813 */
814 if (sk->sk_state == DCCP_TIME_WAIT) {
815 dccp_pr_debug("sk->sk_state == DCCP_TIME_WAIT: do_time_wait\n");
816 inet_twsk_put(inet_twsk(sk));
817 goto no_dccp_socket;
818 }
819
820 /*
821 * RFC 4340, sec. 9.2.1: Minimum Checksum Coverage
822 * o if MinCsCov = 0, only packets with CsCov = 0 are accepted
823 * o if MinCsCov > 0, also accept packets with CsCov >= MinCsCov
824 */
825 min_cov = dccp_sk(sk)->dccps_pcrlen;
826 if (dh->dccph_cscov && (min_cov == 0 || dh->dccph_cscov < min_cov)) {
827 dccp_pr_debug("Packet CsCov %d does not satisfy MinCsCov %d\n",
828 dh->dccph_cscov, min_cov);
829 /* FIXME: send Data Dropped option (see also dccp_v4_rcv) */
830 goto discard_and_relse;
831 }
832
833 if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb))
834 goto discard_and_relse;
835
836 return sk_receive_skb(sk, skb, 1) ? -1 : 0;
837
838 no_dccp_socket:
839 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb))
840 goto discard_it;
841 /*
842 * Step 2:
843 * If no socket ...
844 * Generate Reset(No Connection) unless P.type == Reset
845 * Drop packet and return
846 */
847 if (dh->dccph_type != DCCP_PKT_RESET) {
848 DCCP_SKB_CB(skb)->dccpd_reset_code =
849 DCCP_RESET_CODE_NO_CONNECTION;
850 dccp_v6_ctl_send_reset(sk, skb);
851 }
852
853 discard_it:
854 kfree_skb(skb);
855 return 0;
856
857 discard_and_relse:
858 sock_put(sk);
859 goto discard_it;
860 }
861
862 static int dccp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
863 int addr_len)
864 {
865 struct sockaddr_in6 *usin = (struct sockaddr_in6 *)uaddr;
866 struct inet_connection_sock *icsk = inet_csk(sk);
867 struct inet_sock *inet = inet_sk(sk);
868 struct ipv6_pinfo *np = inet6_sk(sk);
869 struct dccp_sock *dp = dccp_sk(sk);
870 struct in6_addr *saddr = NULL, *final_p = NULL, final;
871 struct flowi fl;
872 struct dst_entry *dst;
873 int addr_type;
874 int err;
875
876 dp->dccps_role = DCCP_ROLE_CLIENT;
877
878 if (addr_len < SIN6_LEN_RFC2133)
879 return -EINVAL;
880
881 if (usin->sin6_family != AF_INET6)
882 return -EAFNOSUPPORT;
883
884 memset(&fl, 0, sizeof(fl));
885
886 if (np->sndflow) {
887 fl.fl6_flowlabel = usin->sin6_flowinfo & IPV6_FLOWINFO_MASK;
888 IP6_ECN_flow_init(fl.fl6_flowlabel);
889 if (fl.fl6_flowlabel & IPV6_FLOWLABEL_MASK) {
890 struct ip6_flowlabel *flowlabel;
891 flowlabel = fl6_sock_lookup(sk, fl.fl6_flowlabel);
892 if (flowlabel == NULL)
893 return -EINVAL;
894 ipv6_addr_copy(&usin->sin6_addr, &flowlabel->dst);
895 fl6_sock_release(flowlabel);
896 }
897 }
898 /*
899 * connect() to INADDR_ANY means loopback (BSD'ism).
900 */
901 if (ipv6_addr_any(&usin->sin6_addr))
902 usin->sin6_addr.s6_addr[15] = 1;
903
904 addr_type = ipv6_addr_type(&usin->sin6_addr);
905
906 if (addr_type & IPV6_ADDR_MULTICAST)
907 return -ENETUNREACH;
908
909 if (addr_type & IPV6_ADDR_LINKLOCAL) {
910 if (addr_len >= sizeof(struct sockaddr_in6) &&
911 usin->sin6_scope_id) {
912 /* If interface is set while binding, indices
913 * must coincide.
914 */
915 if (sk->sk_bound_dev_if &&
916 sk->sk_bound_dev_if != usin->sin6_scope_id)
917 return -EINVAL;
918
919 sk->sk_bound_dev_if = usin->sin6_scope_id;
920 }
921
922 /* Connect to link-local address requires an interface */
923 if (!sk->sk_bound_dev_if)
924 return -EINVAL;
925 }
926
927 ipv6_addr_copy(&np->daddr, &usin->sin6_addr);
928 np->flow_label = fl.fl6_flowlabel;
929
930 /*
931 * DCCP over IPv4
932 */
933 if (addr_type == IPV6_ADDR_MAPPED) {
934 u32 exthdrlen = icsk->icsk_ext_hdr_len;
935 struct sockaddr_in sin;
936
937 SOCK_DEBUG(sk, "connect: ipv4 mapped\n");
938
939 if (__ipv6_only_sock(sk))
940 return -ENETUNREACH;
941
942 sin.sin_family = AF_INET;
943 sin.sin_port = usin->sin6_port;
944 sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3];
945
946 icsk->icsk_af_ops = &dccp_ipv6_mapped;
947 sk->sk_backlog_rcv = dccp_v4_do_rcv;
948
949 err = dccp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin));
950 if (err) {
951 icsk->icsk_ext_hdr_len = exthdrlen;
952 icsk->icsk_af_ops = &dccp_ipv6_af_ops;
953 sk->sk_backlog_rcv = dccp_v6_do_rcv;
954 goto failure;
955 } else {
956 ipv6_addr_set(&np->saddr, 0, 0, htonl(0x0000FFFF),
957 inet->saddr);
958 ipv6_addr_set(&np->rcv_saddr, 0, 0, htonl(0x0000FFFF),
959 inet->rcv_saddr);
960 }
961
962 return err;
963 }
964
965 if (!ipv6_addr_any(&np->rcv_saddr))
966 saddr = &np->rcv_saddr;
967
968 fl.proto = IPPROTO_DCCP;
969 ipv6_addr_copy(&fl.fl6_dst, &np->daddr);
970 ipv6_addr_copy(&fl.fl6_src, saddr ? saddr : &np->saddr);
971 fl.oif = sk->sk_bound_dev_if;
972 fl.fl_ip_dport = usin->sin6_port;
973 fl.fl_ip_sport = inet->sport;
974 security_sk_classify_flow(sk, &fl);
975
976 if (np->opt != NULL && np->opt->srcrt != NULL) {
977 const struct rt0_hdr *rt0 = (struct rt0_hdr *)np->opt->srcrt;
978
979 ipv6_addr_copy(&final, &fl.fl6_dst);
980 ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
981 final_p = &final;
982 }
983
984 err = ip6_dst_lookup(sk, &dst, &fl);
985 if (err)
986 goto failure;
987
988 if (final_p)
989 ipv6_addr_copy(&fl.fl6_dst, final_p);
990
991 err = __xfrm_lookup(&dst, &fl, sk, XFRM_LOOKUP_WAIT);
992 if (err < 0) {
993 if (err == -EREMOTE)
994 err = ip6_dst_blackhole(sk, &dst, &fl);
995 if (err < 0)
996 goto failure;
997 }
998
999 if (saddr == NULL) {
1000 saddr = &fl.fl6_src;
1001 ipv6_addr_copy(&np->rcv_saddr, saddr);
1002 }
1003
1004 /* set the source address */
1005 ipv6_addr_copy(&np->saddr, saddr);
1006 inet->rcv_saddr = LOOPBACK4_IPV6;
1007
1008 __ip6_dst_store(sk, dst, NULL, NULL);
1009
1010 icsk->icsk_ext_hdr_len = 0;
1011 if (np->opt != NULL)
1012 icsk->icsk_ext_hdr_len = (np->opt->opt_flen +
1013 np->opt->opt_nflen);
1014
1015 inet->dport = usin->sin6_port;
1016
1017 dccp_set_state(sk, DCCP_REQUESTING);
1018 err = inet6_hash_connect(&dccp_death_row, sk);
1019 if (err)
1020 goto late_failure;
1021
1022 dp->dccps_iss = secure_dccpv6_sequence_number(np->saddr.s6_addr32,
1023 np->daddr.s6_addr32,
1024 inet->sport, inet->dport);
1025 err = dccp_connect(sk);
1026 if (err)
1027 goto late_failure;
1028
1029 return 0;
1030
1031 late_failure:
1032 dccp_set_state(sk, DCCP_CLOSED);
1033 __sk_dst_reset(sk);
1034 failure:
1035 inet->dport = 0;
1036 sk->sk_route_caps = 0;
1037 return err;
1038 }
1039
1040 static struct inet_connection_sock_af_ops dccp_ipv6_af_ops = {
1041 .queue_xmit = inet6_csk_xmit,
1042 .send_check = dccp_v6_send_check,
1043 .rebuild_header = inet6_sk_rebuild_header,
1044 .conn_request = dccp_v6_conn_request,
1045 .syn_recv_sock = dccp_v6_request_recv_sock,
1046 .net_header_len = sizeof(struct ipv6hdr),
1047 .setsockopt = ipv6_setsockopt,
1048 .getsockopt = ipv6_getsockopt,
1049 .addr2sockaddr = inet6_csk_addr2sockaddr,
1050 .sockaddr_len = sizeof(struct sockaddr_in6),
1051 .bind_conflict = inet6_csk_bind_conflict,
1052 #ifdef CONFIG_COMPAT
1053 .compat_setsockopt = compat_ipv6_setsockopt,
1054 .compat_getsockopt = compat_ipv6_getsockopt,
1055 #endif
1056 };
1057
1058 /*
1059 * DCCP over IPv4 via INET6 API
1060 */
1061 static struct inet_connection_sock_af_ops dccp_ipv6_mapped = {
1062 .queue_xmit = ip_queue_xmit,
1063 .send_check = dccp_v4_send_check,
1064 .rebuild_header = inet_sk_rebuild_header,
1065 .conn_request = dccp_v6_conn_request,
1066 .syn_recv_sock = dccp_v6_request_recv_sock,
1067 .net_header_len = sizeof(struct iphdr),
1068 .setsockopt = ipv6_setsockopt,
1069 .getsockopt = ipv6_getsockopt,
1070 .addr2sockaddr = inet6_csk_addr2sockaddr,
1071 .sockaddr_len = sizeof(struct sockaddr_in6),
1072 #ifdef CONFIG_COMPAT
1073 .compat_setsockopt = compat_ipv6_setsockopt,
1074 .compat_getsockopt = compat_ipv6_getsockopt,
1075 #endif
1076 };
1077
1078 /* NOTE: A lot of things set to zero explicitly by call to
1079 * sk_alloc() so need not be done here.
1080 */
1081 static int dccp_v6_init_sock(struct sock *sk)
1082 {
1083 static __u8 dccp_v6_ctl_sock_initialized;
1084 int err = dccp_init_sock(sk, dccp_v6_ctl_sock_initialized);
1085
1086 if (err == 0) {
1087 if (unlikely(!dccp_v6_ctl_sock_initialized))
1088 dccp_v6_ctl_sock_initialized = 1;
1089 inet_csk(sk)->icsk_af_ops = &dccp_ipv6_af_ops;
1090 }
1091
1092 return err;
1093 }
1094
1095 static int dccp_v6_destroy_sock(struct sock *sk)
1096 {
1097 dccp_destroy_sock(sk);
1098 return inet6_destroy_sock(sk);
1099 }
1100
1101 static struct timewait_sock_ops dccp6_timewait_sock_ops = {
1102 .twsk_obj_size = sizeof(struct dccp6_timewait_sock),
1103 };
1104
1105 DEFINE_PROTO_INUSE(dccp_v6)
1106
1107 static struct proto dccp_v6_prot = {
1108 .name = "DCCPv6",
1109 .owner = THIS_MODULE,
1110 .close = dccp_close,
1111 .connect = dccp_v6_connect,
1112 .disconnect = dccp_disconnect,
1113 .ioctl = dccp_ioctl,
1114 .init = dccp_v6_init_sock,
1115 .setsockopt = dccp_setsockopt,
1116 .getsockopt = dccp_getsockopt,
1117 .sendmsg = dccp_sendmsg,
1118 .recvmsg = dccp_recvmsg,
1119 .backlog_rcv = dccp_v6_do_rcv,
1120 .hash = dccp_v6_hash,
1121 .unhash = inet_unhash,
1122 .accept = inet_csk_accept,
1123 .get_port = inet_csk_get_port,
1124 .shutdown = dccp_shutdown,
1125 .destroy = dccp_v6_destroy_sock,
1126 .orphan_count = &dccp_orphan_count,
1127 .max_header = MAX_DCCP_HEADER,
1128 .obj_size = sizeof(struct dccp6_sock),
1129 .rsk_prot = &dccp6_request_sock_ops,
1130 .twsk_prot = &dccp6_timewait_sock_ops,
1131 .hashinfo = &dccp_hashinfo,
1132 #ifdef CONFIG_COMPAT
1133 .compat_setsockopt = compat_dccp_setsockopt,
1134 .compat_getsockopt = compat_dccp_getsockopt,
1135 #endif
1136 REF_PROTO_INUSE(dccp_v6)
1137 };
1138
1139 static struct inet6_protocol dccp_v6_protocol = {
1140 .handler = dccp_v6_rcv,
1141 .err_handler = dccp_v6_err,
1142 .flags = INET6_PROTO_NOPOLICY | INET6_PROTO_FINAL,
1143 };
1144
1145 static struct proto_ops inet6_dccp_ops = {
1146 .family = PF_INET6,
1147 .owner = THIS_MODULE,
1148 .release = inet6_release,
1149 .bind = inet6_bind,
1150 .connect = inet_stream_connect,
1151 .socketpair = sock_no_socketpair,
1152 .accept = inet_accept,
1153 .getname = inet6_getname,
1154 .poll = dccp_poll,
1155 .ioctl = inet6_ioctl,
1156 .listen = inet_dccp_listen,
1157 .shutdown = inet_shutdown,
1158 .setsockopt = sock_common_setsockopt,
1159 .getsockopt = sock_common_getsockopt,
1160 .sendmsg = inet_sendmsg,
1161 .recvmsg = sock_common_recvmsg,
1162 .mmap = sock_no_mmap,
1163 .sendpage = sock_no_sendpage,
1164 #ifdef CONFIG_COMPAT
1165 .compat_setsockopt = compat_sock_common_setsockopt,
1166 .compat_getsockopt = compat_sock_common_getsockopt,
1167 #endif
1168 };
1169
1170 static struct inet_protosw dccp_v6_protosw = {
1171 .type = SOCK_DCCP,
1172 .protocol = IPPROTO_DCCP,
1173 .prot = &dccp_v6_prot,
1174 .ops = &inet6_dccp_ops,
1175 .capability = -1,
1176 .flags = INET_PROTOSW_ICSK,
1177 };
1178
1179 static int __init dccp_v6_init(void)
1180 {
1181 int err = proto_register(&dccp_v6_prot, 1);
1182
1183 if (err != 0)
1184 goto out;
1185
1186 err = inet6_add_protocol(&dccp_v6_protocol, IPPROTO_DCCP);
1187 if (err != 0)
1188 goto out_unregister_proto;
1189
1190 inet6_register_protosw(&dccp_v6_protosw);
1191
1192 err = inet_csk_ctl_sock_create(&dccp_v6_ctl_socket, PF_INET6,
1193 SOCK_DCCP, IPPROTO_DCCP);
1194 if (err != 0)
1195 goto out_unregister_protosw;
1196 out:
1197 return err;
1198 out_unregister_protosw:
1199 inet6_del_protocol(&dccp_v6_protocol, IPPROTO_DCCP);
1200 inet6_unregister_protosw(&dccp_v6_protosw);
1201 out_unregister_proto:
1202 proto_unregister(&dccp_v6_prot);
1203 goto out;
1204 }
1205
1206 static void __exit dccp_v6_exit(void)
1207 {
1208 inet6_del_protocol(&dccp_v6_protocol, IPPROTO_DCCP);
1209 inet6_unregister_protosw(&dccp_v6_protosw);
1210 proto_unregister(&dccp_v6_prot);
1211 }
1212
1213 module_init(dccp_v6_init);
1214 module_exit(dccp_v6_exit);
1215
1216 /*
1217 * __stringify doesn't likes enums, so use SOCK_DCCP (6) and IPPROTO_DCCP (33)
1218 * values directly, Also cover the case where the protocol is not specified,
1219 * i.e. net-pf-PF_INET6-proto-0-type-SOCK_DCCP
1220 */
1221 MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_INET6, 33, 6);
1222 MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_INET6, 0, 6);
1223 MODULE_LICENSE("GPL");
1224 MODULE_AUTHOR("Arnaldo Carvalho de Melo <acme@mandriva.com>");
1225 MODULE_DESCRIPTION("DCCPv6 - Datagram Congestion Controlled Protocol");
1226
|
This page was automatically generated by the
LXR engine.
|