ipv4.c 28 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
/*
 *  net/dccp/ipv4.c
 *
 *  An implementation of the DCCP protocol
 *  Arnaldo Carvalho de Melo <acme@conectiva.com.br>
 *
 *	This program is free software; you can redistribute it and/or
 *	modify it under the terms of the GNU General Public License
 *	as published by the Free Software Foundation; either version
 *	2 of the License, or (at your option) any later version.
 */

#include <linux/dccp.h>
#include <linux/icmp.h>
15
#include <linux/slab.h>
16
17
18
19
20
#include <linux/module.h>
#include <linux/skbuff.h>
#include <linux/random.h>

#include <net/icmp.h>
21
#include <net/inet_common.h>
22
#include <net/inet_hashtables.h>
23
#include <net/inet_sock.h>
24
#include <net/protocol.h>
25
#include <net/sock.h>
26
#include <net/timewait_sock.h>
27
28
29
#include <net/tcp_states.h>
#include <net/xfrm.h>

30
#include "ackvec.h"
31
32
#include "ccid.h"
#include "dccp.h"
33
#include "feat.h"
34

35
/*
36
 * The per-net dccp.v4_ctl_sk socket is used for responding to
37
38
39
40
 * the Out-of-the-blue (OOTB) packets. A control sock will be created
 * for this socket at the initialization time.
 */

41
int dccp_v4_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len)
42
43
44
45
{
	struct inet_sock *inet = inet_sk(sk);
	struct dccp_sock *dp = dccp_sk(sk);
	const struct sockaddr_in *usin = (struct sockaddr_in *)uaddr;
46
	__be16 orig_sport, orig_dport;
47
	struct rtable *rt;
48
	__be32 daddr, nexthop;
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
	int err;

	dp->dccps_role = DCCP_ROLE_CLIENT;

	if (addr_len < sizeof(struct sockaddr_in))
		return -EINVAL;

	if (usin->sin_family != AF_INET)
		return -EAFNOSUPPORT;

	nexthop = daddr = usin->sin_addr.s_addr;
	if (inet->opt != NULL && inet->opt->srr) {
		if (daddr == 0)
			return -EINVAL;
		nexthop = inet->opt->faddr;
	}

66
67
	orig_sport = inet->inet_sport;
	orig_dport = usin->sin_port;
68
69
70
71
72
73
	rt = ip_route_connect(nexthop, inet->inet_saddr,
			      RT_CONN_FLAGS(sk), sk->sk_bound_dev_if,
			      IPPROTO_DCCP,
			      orig_sport, orig_dport, sk, true);
	if (IS_ERR(rt))
		return PTR_ERR(rt);
74
75
76
77
78
79
80
81
82

	if (rt->rt_flags & (RTCF_MULTICAST | RTCF_BROADCAST)) {
		ip_rt_put(rt);
		return -ENETUNREACH;
	}

	if (inet->opt == NULL || !inet->opt->srr)
		daddr = rt->rt_dst;

83
84
85
	if (inet->inet_saddr == 0)
		inet->inet_saddr = rt->rt_src;
	inet->inet_rcv_saddr = inet->inet_saddr;
86

87
88
	inet->inet_dport = usin->sin_port;
	inet->inet_daddr = daddr;
89

90
	inet_csk(sk)->icsk_ext_hdr_len = 0;
91
	if (inet->opt != NULL)
92
		inet_csk(sk)->icsk_ext_hdr_len = inet->opt->optlen;
93
94
95
96
97
98
99
	/*
	 * Socket identity is still unknown (sport may be zero).
	 * However we set state to DCCP_REQUESTING and not releasing socket
	 * lock select source port, enter ourselves into the hash tables and
	 * complete initialization after this.
	 */
	dccp_set_state(sk, DCCP_REQUESTING);
100
	err = inet_hash_connect(&dccp_death_row, sk);
101
102
103
	if (err != 0)
		goto failure;

104
105
106
107
108
	rt = ip_route_newports(rt, IPPROTO_DCCP,
			       orig_sport, orig_dport,
			       inet->inet_sport, inet->inet_dport, sk);
	if (IS_ERR(rt)) {
		rt = NULL;
109
		goto failure;
110
	}
111
	/* OK, now commit destination to socket.  */
112
	sk_setup_caps(sk, &rt->dst);
113

114
115
116
117
118
	dp->dccps_iss = secure_dccp_sequence_number(inet->inet_saddr,
						    inet->inet_daddr,
						    inet->inet_sport,
						    inet->inet_dport);
	inet->inet_id = dp->dccps_iss ^ jiffies;
119
120
121
122
123
124
125
126

	err = dccp_connect(sk);
	rt = NULL;
	if (err != 0)
		goto failure;
out:
	return err;
failure:
127
128
129
	/*
	 * This unhashes the socket and releases the local port, if necessary.
	 */
130
131
132
	dccp_set_state(sk, DCCP_CLOSED);
	ip_rt_put(rt);
	sk->sk_route_caps = 0;
133
	inet->inet_dport = 0;
134
135
136
	goto out;
}

137
138
EXPORT_SYMBOL_GPL(dccp_v4_connect);

139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
/*
 * This routine does path mtu discovery as defined in RFC1191.
 */
static inline void dccp_do_pmtu_discovery(struct sock *sk,
					  const struct iphdr *iph,
					  u32 mtu)
{
	struct dst_entry *dst;
	const struct inet_sock *inet = inet_sk(sk);
	const struct dccp_sock *dp = dccp_sk(sk);

	/* We are not interested in DCCP_LISTEN and request_socks (RESPONSEs
	 * send out by Linux are always < 576bytes so they should go through
	 * unfragmented).
	 */
	if (sk->sk_state == DCCP_LISTEN)
		return;

	/* We don't check in the destentry if pmtu discovery is forbidden
	 * on this route. We just assume that no packet_to_big packets
	 * are send back when pmtu discovery is not active.
160
	 * There is a small race when the user changes this flag in the
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
	 * route, but I think that's acceptable.
	 */
	if ((dst = __sk_dst_check(sk, 0)) == NULL)
		return;

	dst->ops->update_pmtu(dst, mtu);

	/* Something is about to be wrong... Remember soft error
	 * for the case, if this connection will not able to recover.
	 */
	if (mtu < dst_mtu(dst) && ip_dont_fragment(sk, dst))
		sk->sk_err_soft = EMSGSIZE;

	mtu = dst_mtu(dst);

	if (inet->pmtudisc != IP_PMTUDISC_DONT &&
177
	    inet_csk(sk)->icsk_pmtu_cookie > mtu) {
178
179
180
		dccp_sync_mss(sk, mtu);

		/*
181
		 * From RFC 4340, sec. 14.1:
182
		 *
183
184
185
		 *	DCCP-Sync packets are the best choice for upward
		 *	probing, since DCCP-Sync probes do not risk application
		 *	data loss.
186
		 */
187
		dccp_send_sync(sk, dp->dccps_gsr, DCCP_PKT_SYNC);
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
	} /* else let the usual retransmit timer handle it */
}

/*
 * This routine is called by the ICMP module when it gets some sort of error
 * condition. If err < 0 then the socket should be closed and the error
 * returned to the user. If err > 0 it's just the icmp type << 8 | icmp code.
 * After adjustment header points to the first 8 bytes of the tcp header. We
 * need to find the appropriate port.
 *
 * The locking strategy used here is very "optimistic". When someone else
 * accesses the socket the ICMP is just dropped and for some paths there is no
 * check at all. A more general error queue to queue errors for later handling
 * is probably better.
 */
203
static void dccp_v4_err(struct sk_buff *skb, u32 info)
204
205
{
	const struct iphdr *iph = (struct iphdr *)skb->data;
206
207
	const u8 offset = iph->ihl << 2;
	const struct dccp_hdr *dh = (struct dccp_hdr *)(skb->data + offset);
208
209
	struct dccp_sock *dp;
	struct inet_sock *inet;
210
211
	const int type = icmp_hdr(skb)->type;
	const int code = icmp_hdr(skb)->code;
212
213
214
	struct sock *sk;
	__u64 seq;
	int err;
215
	struct net *net = dev_net(skb->dev);
216

217
218
	if (skb->len < offset + sizeof(*dh) ||
	    skb->len < offset + __dccp_basic_hdr_len(dh)) {
219
		ICMP_INC_STATS_BH(net, ICMP_MIB_INERRORS);
220
221
222
		return;
	}

223
	sk = inet_lookup(net, &dccp_hashinfo,
224
225
			iph->daddr, dh->dccph_dport,
			iph->saddr, dh->dccph_sport, inet_iif(skb));
226
	if (sk == NULL) {
227
		ICMP_INC_STATS_BH(net, ICMP_MIB_INERRORS);
228
229
230
231
		return;
	}

	if (sk->sk_state == DCCP_TIME_WAIT) {
232
		inet_twsk_put(inet_twsk(sk));
233
234
235
236
237
238
239
240
		return;
	}

	bh_lock_sock(sk);
	/* If too many ICMPs get dropped on busy
	 * servers this needs to be solved differently.
	 */
	if (sock_owned_by_user(sk))
241
		NET_INC_STATS_BH(net, LINUX_MIB_LOCKDROPPEDICMPS);
242
243
244
245
246

	if (sk->sk_state == DCCP_CLOSED)
		goto out;

	dp = dccp_sk(sk);
247
	seq = dccp_hdr_seq(dh);
248
	if ((1 << sk->sk_state) & ~(DCCPF_REQUESTING | DCCPF_LISTEN) &&
249
	    !between48(seq, dp->dccps_awl, dp->dccps_awh)) {
250
		NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
		goto out;
	}

	switch (type) {
	case ICMP_SOURCE_QUENCH:
		/* Just silently ignore these. */
		goto out;
	case ICMP_PARAMETERPROB:
		err = EPROTO;
		break;
	case ICMP_DEST_UNREACH:
		if (code > NR_ICMP_UNREACH)
			goto out;

		if (code == ICMP_FRAG_NEEDED) { /* PMTU discovery (RFC1191) */
			if (!sock_owned_by_user(sk))
				dccp_do_pmtu_discovery(sk, iph, info);
			goto out;
		}

		err = icmp_err_convert[code].errno;
		break;
	case ICMP_TIME_EXCEEDED:
		err = EHOSTUNREACH;
		break;
	default:
		goto out;
	}

	switch (sk->sk_state) {
		struct request_sock *req , **prev;
	case DCCP_LISTEN:
		if (sock_owned_by_user(sk))
			goto out;
		req = inet_csk_search_req(sk, &prev, dh->dccph_dport,
					  iph->daddr, iph->saddr);
		if (!req)
			goto out;

		/*
		 * ICMPs are not backlogged, hence we cannot get an established
		 * socket here.
		 */
294
		WARN_ON(req->sk);
295
296

		if (seq != dccp_rsk(req)->dreq_iss) {
297
			NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
			goto out;
		}
		/*
		 * Still in RESPOND, just remove it silently.
		 * There is no good way to pass the error to the newly
		 * created socket, and POSIX does not want network
		 * errors returned from accept().
		 */
		inet_csk_reqsk_queue_drop(sk, req, prev);
		goto out;

	case DCCP_REQUESTING:
	case DCCP_RESPOND:
		if (!sock_owned_by_user(sk)) {
			DCCP_INC_STATS_BH(DCCP_MIB_ATTEMPTFAILS);
			sk->sk_err = err;

			sk->sk_error_report(sk);

			dccp_done(sk);
		} else
			sk->sk_err_soft = err;
		goto out;
	}

	/* If we've already connected we will keep trying
	 * until we time out, or the user gives up.
	 *
	 * rfc1122 4.2.3.9 allows to consider as hard errors
	 * only PROTO_UNREACH and PORT_UNREACH (well, FRAG_FAILED too,
	 * but it is obsoleted by pmtu discovery).
	 *
	 * Note, that in modern internet, where routing is unreliable
	 * and in each dark corner broken firewalls sit, sending random
	 * errors ordered by their masters even this two messages finally lose
	 * their original sense (even Linux sends invalid PORT_UNREACHs)
	 *
	 * Now we are in compliance with RFCs.
	 *							--ANK (980905)
	 */

	inet = inet_sk(sk);
	if (!sock_owned_by_user(sk) && inet->recverr) {
		sk->sk_err = err;
		sk->sk_error_report(sk);
	} else /* Only an error on timeout */
		sk->sk_err_soft = err;
out:
	bh_unlock_sock(sk);
	sock_put(sk);
}

350
static inline __sum16 dccp_v4_csum_finish(struct sk_buff *skb,
351
352
353
354
355
				      __be32 src, __be32 dst)
{
	return csum_tcpudp_magic(src, dst, skb->len, IPPROTO_DCCP, skb->csum);
}

356
void dccp_v4_send_check(struct sock *sk, struct sk_buff *skb)
357
358
359
360
{
	const struct inet_sock *inet = inet_sk(sk);
	struct dccp_hdr *dh = dccp_hdr(skb);

361
	dccp_csum_outgoing(skb);
362
363
364
	dh->dccph_checksum = dccp_v4_csum_finish(skb,
						 inet->inet_saddr,
						 inet->inet_daddr);
365
366
}

367
368
EXPORT_SYMBOL_GPL(dccp_v4_send_check);

369
static inline u64 dccp_v4_init_sequence(const struct sk_buff *skb)
370
{
371
372
	return secure_dccp_sequence_number(ip_hdr(skb)->daddr,
					   ip_hdr(skb)->saddr,
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
					   dccp_hdr(skb)->dccph_dport,
					   dccp_hdr(skb)->dccph_sport);
}

/*
 * The three way handshake has completed - we got a valid ACK or DATAACK -
 * now create the new socket.
 *
 * This is the equivalent of TCP's tcp_v4_syn_recv_sock
 */
struct sock *dccp_v4_request_recv_sock(struct sock *sk, struct sk_buff *skb,
				       struct request_sock *req,
				       struct dst_entry *dst)
{
	struct inet_request_sock *ireq;
	struct inet_sock *newinet;
	struct sock *newsk;

	if (sk_acceptq_is_full(sk))
		goto exit_overflow;

	if (dst == NULL && (dst = inet_csk_route_req(sk, req)) == NULL)
		goto exit;

	newsk = dccp_create_openreq_child(sk, req, skb);
	if (newsk == NULL)
399
		goto exit_nonewsk;
400
401
402
403
404

	sk_setup_caps(newsk, dst);

	newinet		   = inet_sk(newsk);
	ireq		   = inet_rsk(req);
405
406
407
	newinet->inet_daddr	= ireq->rmt_addr;
	newinet->inet_rcv_saddr = ireq->loc_addr;
	newinet->inet_saddr	= ireq->loc_addr;
408
409
410
	newinet->opt	   = ireq->opt;
	ireq->opt	   = NULL;
	newinet->mc_index  = inet_iif(skb);
411
	newinet->mc_ttl	   = ip_hdr(skb)->ttl;
412
	newinet->inet_id   = jiffies;
413
414
415

	dccp_sync_mss(newsk, dst_mtu(dst));

416
417
418
419
	if (__inet_inherit_port(sk, newsk) < 0) {
		sock_put(newsk);
		goto exit;
	}
420
	__inet_hash_nolisten(newsk, NULL);
421
422
423
424

	return newsk;

exit_overflow:
425
	NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS);
426
427
exit_nonewsk:
	dst_release(dst);
428
exit:
429
	NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS);
430
431
432
	return NULL;
}

433
434
EXPORT_SYMBOL_GPL(dccp_v4_request_recv_sock);

435
436
437
static struct sock *dccp_v4_hnd_req(struct sock *sk, struct sk_buff *skb)
{
	const struct dccp_hdr *dh = dccp_hdr(skb);
438
	const struct iphdr *iph = ip_hdr(skb);
439
440
441
442
443
444
445
446
447
	struct sock *nsk;
	struct request_sock **prev;
	/* Find possible connection requests. */
	struct request_sock *req = inet_csk_search_req(sk, &prev,
						       dh->dccph_sport,
						       iph->saddr, iph->daddr);
	if (req != NULL)
		return dccp_check_req(sk, skb, req, prev);

448
	nsk = inet_lookup_established(sock_net(sk), &dccp_hashinfo,
449
450
451
				      iph->saddr, dh->dccph_sport,
				      iph->daddr, dh->dccph_dport,
				      inet_iif(skb));
452
453
454
455
456
	if (nsk != NULL) {
		if (nsk->sk_state != DCCP_TIME_WAIT) {
			bh_lock_sock(nsk);
			return nsk;
		}
457
		inet_twsk_put(inet_twsk(nsk));
458
459
460
461
462
463
		return NULL;
	}

	return sk;
}

464
static struct dst_entry* dccp_v4_route_skb(struct net *net, struct sock *sk,
465
466
467
					   struct sk_buff *skb)
{
	struct rtable *rt;
Eric Dumazet's avatar
Eric Dumazet committed
468
	struct flowi fl = { .oif = skb_rtable(skb)->rt_iif,
469
470
471
			    .fl4_dst = ip_hdr(skb)->saddr,
			    .fl4_src = ip_hdr(skb)->daddr,
			    .fl4_tos = RT_CONN_FLAGS(sk),
472
			    .proto = sk->sk_protocol,
473
474
			    .fl_ip_sport = dccp_hdr(skb)->dccph_dport,
			    .fl_ip_dport = dccp_hdr(skb)->dccph_sport
475
			  };
476

477
	security_skb_classify_flow(skb, &fl);
478
479
	rt = ip_route_output_flow(net, &fl, sk);
	if (IS_ERR(rt)) {
480
		IP_INC_STATS_BH(net, IPSTATS_MIB_OUTNOROUTES);
481
482
483
		return NULL;
	}

484
	return &rt->dst;
485
486
}

487
488
static int dccp_v4_send_response(struct sock *sk, struct request_sock *req,
				 struct request_values *rv_unused)
489
490
491
{
	int err = -1;
	struct sk_buff *skb;
492
	struct dst_entry *dst;
493

494
495
	dst = inet_csk_route_req(sk, req);
	if (dst == NULL)
496
497
498
499
500
501
502
		goto out;

	skb = dccp_make_response(sk, dst, req);
	if (skb != NULL) {
		const struct inet_request_sock *ireq = inet_rsk(req);
		struct dccp_hdr *dh = dccp_hdr(skb);

503
504
		dh->dccph_checksum = dccp_v4_csum_finish(skb, ireq->loc_addr,
							      ireq->rmt_addr);
505
506
507
		err = ip_build_and_send_pkt(skb, sk, ireq->loc_addr,
					    ireq->rmt_addr,
					    ireq->opt);
508
		err = net_xmit_eval(err);
509
510
511
512
513
514
515
	}

out:
	dst_release(dst);
	return err;
}

516
static void dccp_v4_ctl_send_reset(struct sock *sk, struct sk_buff *rxskb)
517
518
{
	int err;
519
	const struct iphdr *rxiph;
520
521
	struct sk_buff *skb;
	struct dst_entry *dst;
Eric Dumazet's avatar
Eric Dumazet committed
522
	struct net *net = dev_net(skb_dst(rxskb)->dev);
523
	struct sock *ctl_sk = net->dccp.v4_ctl_sk;
524
525

	/* Never send a reset in response to a reset. */
526
	if (dccp_hdr(rxskb)->dccph_type == DCCP_PKT_RESET)
527
528
		return;

Eric Dumazet's avatar
Eric Dumazet committed
529
	if (skb_rtable(rxskb)->rt_type != RTN_LOCAL)
530
531
		return;

532
	dst = dccp_v4_route_skb(net, ctl_sk, rxskb);
533
534
535
	if (dst == NULL)
		return;

536
	skb = dccp_ctl_make_reset(ctl_sk, rxskb);
537
538
539
	if (skb == NULL)
		goto out;

540
	rxiph = ip_hdr(rxskb);
541
542
	dccp_hdr(skb)->dccph_checksum = dccp_v4_csum_finish(skb, rxiph->saddr,
								 rxiph->daddr);
Eric Dumazet's avatar
Eric Dumazet committed
543
	skb_dst_set(skb, dst_clone(dst));
544

545
546
	bh_lock_sock(ctl_sk);
	err = ip_build_and_send_pkt(skb, ctl_sk,
547
				    rxiph->daddr, rxiph->saddr, NULL);
548
	bh_unlock_sock(ctl_sk);
549

550
	if (net_xmit_eval(err) == 0) {
551
552
553
554
555
556
557
		DCCP_INC_STATS_BH(DCCP_MIB_OUTSEGS);
		DCCP_INC_STATS_BH(DCCP_MIB_OUTRSTS);
	}
out:
	 dst_release(dst);
}

558
559
static void dccp_v4_reqsk_destructor(struct request_sock *req)
{
560
	dccp_feat_list_purge(&dccp_rsk(req)->dreq_featneg);
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
	kfree(inet_rsk(req)->opt);
}

static struct request_sock_ops dccp_request_sock_ops __read_mostly = {
	.family		= PF_INET,
	.obj_size	= sizeof(struct dccp_request_sock),
	.rtx_syn_ack	= dccp_v4_send_response,
	.send_ack	= dccp_reqsk_send_ack,
	.destructor	= dccp_v4_reqsk_destructor,
	.send_reset	= dccp_v4_ctl_send_reset,
};

int dccp_v4_conn_request(struct sock *sk, struct sk_buff *skb)
{
	struct inet_request_sock *ireq;
	struct request_sock *req;
	struct dccp_request_sock *dreq;
578
	const __be32 service = dccp_hdr_request(skb)->dccph_req_service;
579
580
581
	struct dccp_skb_cb *dcb = DCCP_SKB_CB(skb);

	/* Never answer to DCCP_PKT_REQUESTs send to broadcast or multicast */
Eric Dumazet's avatar
Eric Dumazet committed
582
	if (skb_rtable(skb)->rt_flags & (RTCF_BROADCAST | RTCF_MULTICAST))
583
		return 0;	/* discard, don't send a reset here */
584
585

	if (dccp_bad_service_code(sk, service)) {
586
		dcb->dccpd_reset_code = DCCP_RESET_CODE_BAD_SERVICE_CODE;
587
		goto drop;
588
	}
589
590
591
592
593
	/*
	 * TW buckets are converted to open requests without
	 * limitations, they conserve resources and peer is
	 * evidently real one.
	 */
594
	dcb->dccpd_reset_code = DCCP_RESET_CODE_TOO_BUSY;
595
596
597
598
599
600
601
602
603
604
605
606
	if (inet_csk_reqsk_queue_is_full(sk))
		goto drop;

	/*
	 * Accept backlog is full. If we have already queued enough
	 * of warm entries in syn queue, drop request. It is better than
	 * clogging syn queue with openreqs with exponentially increasing
	 * timeout.
	 */
	if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1)
		goto drop;

607
	req = inet_reqsk_alloc(&dccp_request_sock_ops);
608
609
610
	if (req == NULL)
		goto drop;

611
612
	if (dccp_reqsk_init(req, dccp_sk(sk), skb))
		goto drop_and_free;
613

614
615
616
617
	dreq = dccp_rsk(req);
	if (dccp_parse_options(sk, dreq, skb))
		goto drop_and_free;

618
619
620
621
	if (security_inet_conn_request(sk, skb, req))
		goto drop_and_free;

	ireq = inet_rsk(req);
622
623
	ireq->loc_addr = ip_hdr(skb)->daddr;
	ireq->rmt_addr = ip_hdr(skb)->saddr;
624

625
	/*
626
627
628
629
630
631
632
633
	 * Step 3: Process LISTEN state
	 *
	 * Set S.ISR, S.GSR, S.SWL, S.SWH from packet or Init Cookie
	 *
	 * In fact we defer setting S.GSR, S.SWL, S.SWH to
	 * dccp_create_openreq_child.
	 */
	dreq->dreq_isr	   = dcb->dccpd_seq;
634
	dreq->dreq_iss	   = dccp_v4_init_sequence(skb);
635
636
	dreq->dreq_service = service;

637
	if (dccp_v4_send_response(sk, req, NULL))
638
639
640
641
642
643
644
645
646
647
648
649
650
651
		goto drop_and_free;

	inet_csk_reqsk_queue_hash_add(sk, req, DCCP_TIMEOUT_INIT);
	return 0;

drop_and_free:
	reqsk_free(req);
drop:
	DCCP_INC_STATS_BH(DCCP_MIB_ATTEMPTFAILS);
	return -1;
}

EXPORT_SYMBOL_GPL(dccp_v4_conn_request);

652
653
654
655
656
657
658
659
660
661
662
663
int dccp_v4_do_rcv(struct sock *sk, struct sk_buff *skb)
{
	struct dccp_hdr *dh = dccp_hdr(skb);

	if (sk->sk_state == DCCP_OPEN) { /* Fast path */
		if (dccp_rcv_established(sk, skb, dh, skb->len))
			goto reset;
		return 0;
	}

	/*
	 *  Step 3: Process LISTEN state
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
	 *	 If P.type == Request or P contains a valid Init Cookie option,
	 *	      (* Must scan the packet's options to check for Init
	 *		 Cookies.  Only Init Cookies are processed here,
	 *		 however; other options are processed in Step 8.  This
	 *		 scan need only be performed if the endpoint uses Init
	 *		 Cookies *)
	 *	      (* Generate a new socket and switch to that socket *)
	 *	      Set S := new socket for this port pair
	 *	      S.state = RESPOND
	 *	      Choose S.ISS (initial seqno) or set from Init Cookies
	 *	      Initialize S.GAR := S.ISS
	 *	      Set S.ISR, S.GSR, S.SWL, S.SWH from packet or Init Cookies
	 *	      Continue with S.state == RESPOND
	 *	      (* A Response packet will be generated in Step 11 *)
	 *	 Otherwise,
	 *	      Generate Reset(No Connection) unless P.type == Reset
	 *	      Drop packet and return
681
	 *
682
683
	 * NOTE: the check for the packet types is done in
	 *	 dccp_rcv_state_process
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
	 */
	if (sk->sk_state == DCCP_LISTEN) {
		struct sock *nsk = dccp_v4_hnd_req(sk, skb);

		if (nsk == NULL)
			goto discard;

		if (nsk != sk) {
			if (dccp_child_process(sk, nsk, skb))
				goto reset;
			return 0;
		}
	}

	if (dccp_rcv_state_process(sk, skb, dh, skb->len))
		goto reset;
	return 0;

reset:
703
	dccp_v4_ctl_send_reset(sk, skb);
704
705
706
707
708
discard:
	kfree_skb(skb);
	return 0;
}

709
710
EXPORT_SYMBOL_GPL(dccp_v4_do_rcv);

711
712
713
714
715
/**
 *	dccp_invalid_packet  -  check for malformed packets
 *	Implements RFC 4340, 8.5:  Step 1: Check header basics
 *	Packets that fail these checks are ignored and do not receive Resets.
 */
716
int dccp_invalid_packet(struct sk_buff *skb)
717
718
{
	const struct dccp_hdr *dh;
719
	unsigned int cscov;
720
721
722
723

	if (skb->pkt_type != PACKET_HOST)
		return 1;

724
	/* If the packet is shorter than 12 bytes, drop packet and return */
725
	if (!pskb_may_pull(skb, sizeof(struct dccp_hdr))) {
726
		DCCP_WARN("pskb_may_pull failed\n");
727
728
729
730
731
		return 1;
	}

	dh = dccp_hdr(skb);

732
	/* If P.type is not understood, drop packet and return */
733
	if (dh->dccph_type >= DCCP_PKT_INVALID) {
734
		DCCP_WARN("invalid packet type\n");
735
736
737
738
		return 1;
	}

	/*
739
	 * If P.Data Offset is too small for packet type, drop packet and return
740
741
	 */
	if (dh->dccph_doff < dccp_hdr_len(skb) / sizeof(u32)) {
742
		DCCP_WARN("P.Data Offset(%u) too small\n", dh->dccph_doff);
743
744
		return 1;
	}
745
746
747
	/*
	 * If P.Data Offset is too too large for packet, drop packet and return
	 */
748
	if (!pskb_may_pull(skb, dh->dccph_doff * sizeof(u32))) {
749
		DCCP_WARN("P.Data Offset(%u) too large\n", dh->dccph_doff);
750
751
752
753
754
755
756
		return 1;
	}

	/*
	 * If P.type is not Data, Ack, or DataAck and P.X == 0 (the packet
	 * has short sequence numbers), drop packet and return
	 */
757
758
	if ((dh->dccph_type < DCCP_PKT_DATA    ||
	    dh->dccph_type > DCCP_PKT_DATAACK) && dh->dccph_x == 0)  {
759
760
		DCCP_WARN("P.type (%s) not Data || [Data]Ack, while P.X == 0\n",
			  dccp_packet_name(dh->dccph_type));
761
762
763
		return 1;
	}

764
765
766
767
768
769
	/*
	 * If P.CsCov is too large for the packet size, drop packet and return.
	 * This must come _before_ checksumming (not as RFC 4340 suggests).
	 */
	cscov = dccp_csum_coverage(skb);
	if (cscov > skb->len) {
770
771
		DCCP_WARN("P.CsCov %u exceeds packet length %d\n",
			  dh->dccph_cscov, skb->len);
772
773
774
775
776
777
778
		return 1;
	}

	/* If header checksum is incorrect, drop packet and return.
	 * (This step is completed in the AF-dependent functions.) */
	skb->csum = skb_checksum(skb, 0, cscov, 0);

779
780
781
	return 0;
}

782
783
EXPORT_SYMBOL_GPL(dccp_invalid_packet);

784
/* this is called when real data arrives */
785
static int dccp_v4_rcv(struct sk_buff *skb)
786
787
{
	const struct dccp_hdr *dh;
788
	const struct iphdr *iph;
789
	struct sock *sk;
790
	int min_cov;
791

792
	/* Step 1: Check header basics */
793
794
795
796

	if (dccp_invalid_packet(skb))
		goto discard_it;

797
	iph = ip_hdr(skb);
798
	/* Step 1: If header checksum is incorrect, drop packet and return */
799
	if (dccp_v4_csum_finish(skb, iph->saddr, iph->daddr)) {
800
		DCCP_WARN("dropped packet with invalid checksum\n");
801
802
803
		goto discard_it;
	}

804
805
	dh = dccp_hdr(skb);

806
	DCCP_SKB_CB(skb)->dccpd_seq  = dccp_hdr_seq(dh);
807
808
	DCCP_SKB_CB(skb)->dccpd_type = dh->dccph_type;

809
	dccp_pr_debug("%8.8s src=%pI4@%-5d dst=%pI4@%-5d seq=%llu",
810
		      dccp_packet_name(dh->dccph_type),
811
812
		      &iph->saddr, ntohs(dh->dccph_sport),
		      &iph->daddr, ntohs(dh->dccph_dport),
813
		      (unsigned long long) DCCP_SKB_CB(skb)->dccpd_seq);
814
815
816
817
818
819

	if (dccp_packet_without_ack(skb)) {
		DCCP_SKB_CB(skb)->dccpd_ack_seq = DCCP_PKT_WITHOUT_ACK_SEQ;
		dccp_pr_debug_cat("\n");
	} else {
		DCCP_SKB_CB(skb)->dccpd_ack_seq = dccp_hdr_ack_seq(skb);
820
		dccp_pr_debug_cat(", ack=%llu\n", (unsigned long long)
821
				  DCCP_SKB_CB(skb)->dccpd_ack_seq);
822
823
824
	}

	/* Step 2:
825
	 *	Look up flow ID in table and get corresponding socket */
826
827
	sk = __inet_lookup_skb(&dccp_hashinfo, skb,
			       dh->dccph_sport, dh->dccph_dport);
828
	/*
829
	 * Step 2:
830
	 *	If no socket ...
831
832
833
834
835
836
837
	 */
	if (sk == NULL) {
		dccp_pr_debug("failed to look up flow ID in table and "
			      "get corresponding socket\n");
		goto no_dccp_socket;
	}

838
	/*
839
	 * Step 2:
840
	 *	... or S.state == TIMEWAIT,
841
842
843
844
	 *		Generate Reset(No Connection) unless P.type == Reset
	 *		Drop packet and return
	 */
	if (sk->sk_state == DCCP_TIME_WAIT) {
845
846
847
		dccp_pr_debug("sk->sk_state == DCCP_TIME_WAIT: do_time_wait\n");
		inet_twsk_put(inet_twsk(sk));
		goto no_dccp_socket;
848
849
	}

850
851
	/*
	 * RFC 4340, sec. 9.2.1: Minimum Checksum Coverage
852
853
	 *	o if MinCsCov = 0, only packets with CsCov = 0 are accepted
	 *	o if MinCsCov > 0, also accept packets with CsCov >= MinCsCov
854
855
856
857
858
859
860
861
862
863
864
	 */
	min_cov = dccp_sk(sk)->dccps_pcrlen;
	if (dh->dccph_cscov && (min_cov == 0 || dh->dccph_cscov < min_cov))  {
		dccp_pr_debug("Packet CsCov %d does not satisfy MinCsCov %d\n",
			      dh->dccph_cscov, min_cov);
		/* FIXME: "Such packets SHOULD be reported using Data Dropped
		 *         options (Section 11.7) with Drop Code 0, Protocol
		 *         Constraints."                                     */
		goto discard_and_relse;
	}

865
	if (!xfrm4_policy_check(sk, XFRM_POLICY_IN, skb))
866
		goto discard_and_relse;
867
	nf_reset(skb);
868

869
	return sk_receive_skb(sk, skb, 1);
870
871
872
873
874
875

no_dccp_socket:
	if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb))
		goto discard_it;
	/*
	 * Step 2:
876
	 *	If no socket ...
877
878
879
880
	 *		Generate Reset(No Connection) unless P.type == Reset
	 *		Drop packet and return
	 */
	if (dh->dccph_type != DCCP_PKT_RESET) {
881
882
		DCCP_SKB_CB(skb)->dccpd_reset_code =
					DCCP_RESET_CODE_NO_CONNECTION;
883
		dccp_v4_ctl_send_reset(sk, skb);
884
885
886
887
888
889
890
891
892
893
894
	}

discard_it:
	kfree_skb(skb);
	return 0;

discard_and_relse:
	sock_put(sk);
	goto discard_it;
}

895
static const struct inet_connection_sock_af_ops dccp_ipv4_af_ops = {
896
897
898
899
900
901
902
903
904
905
	.queue_xmit	   = ip_queue_xmit,
	.send_check	   = dccp_v4_send_check,
	.rebuild_header	   = inet_sk_rebuild_header,
	.conn_request	   = dccp_v4_conn_request,
	.syn_recv_sock	   = dccp_v4_request_recv_sock,
	.net_header_len	   = sizeof(struct iphdr),
	.setsockopt	   = ip_setsockopt,
	.getsockopt	   = ip_getsockopt,
	.addr2sockaddr	   = inet_csk_addr2sockaddr,
	.sockaddr_len	   = sizeof(struct sockaddr_in),
906
	.bind_conflict	   = inet_csk_bind_conflict,
907
#ifdef CONFIG_COMPAT
908
909
	.compat_setsockopt = compat_ip_setsockopt,
	.compat_getsockopt = compat_ip_getsockopt,
910
#endif
911
912
};

913
static int dccp_v4_init_sock(struct sock *sk)
914
{
915
916
	static __u8 dccp_v4_ctl_sock_initialized;
	int err = dccp_init_sock(sk, dccp_v4_ctl_sock_initialized);
917

918
919
920
	if (err == 0) {
		if (unlikely(!dccp_v4_ctl_sock_initialized))
			dccp_v4_ctl_sock_initialized = 1;
921
		inet_csk(sk)->icsk_af_ops = &dccp_ipv4_af_ops;
922
923
	}

924
	return err;
925
926
}

927
928
929
930
static struct timewait_sock_ops dccp_timewait_sock_ops = {
	.twsk_obj_size	= sizeof(struct inet_timewait_sock),
};

931
static struct proto dccp_v4_prot = {
932
933
934
935
936
937
938
939
940
941
942
943
	.name			= "DCCP",
	.owner			= THIS_MODULE,
	.close			= dccp_close,
	.connect		= dccp_v4_connect,
	.disconnect		= dccp_disconnect,
	.ioctl			= dccp_ioctl,
	.init			= dccp_v4_init_sock,
	.setsockopt		= dccp_setsockopt,
	.getsockopt		= dccp_getsockopt,
	.sendmsg		= dccp_sendmsg,
	.recvmsg		= dccp_recvmsg,
	.backlog_rcv		= dccp_v4_do_rcv,
944
945
	.hash			= inet_hash,
	.unhash			= inet_unhash,
946
	.accept			= inet_csk_accept,
947
	.get_port		= inet_csk_get_port,
948
	.shutdown		= dccp_shutdown,
949
	.destroy		= dccp_destroy_sock,
950
951
952
	.orphan_count		= &dccp_orphan_count,
	.max_header		= MAX_DCCP_HEADER,
	.obj_size		= sizeof(struct dccp_sock),
953
	.slab_flags		= SLAB_DESTROY_BY_RCU,
954
	.rsk_prot		= &dccp_request_sock_ops,
955
	.twsk_prot		= &dccp_timewait_sock_ops,
956
	.h.hashinfo		= &dccp_hashinfo,
957
958
959
960
#ifdef CONFIG_COMPAT
	.compat_setsockopt	= compat_dccp_setsockopt,
	.compat_getsockopt	= compat_dccp_getsockopt,
#endif
961
};
962

963
static const struct net_protocol dccp_v4_protocol = {
964
965
966
	.handler	= dccp_v4_rcv,
	.err_handler	= dccp_v4_err,
	.no_policy	= 1,
967
	.netns_ok	= 1,
968
969
970
};

static const struct proto_ops inet_dccp_ops = {
971
972
973
974
975
976
977
978
	.family		   = PF_INET,
	.owner		   = THIS_MODULE,
	.release	   = inet_release,
	.bind		   = inet_bind,
	.connect	   = inet_stream_connect,
	.socketpair	   = sock_no_socketpair,
	.accept		   = inet_accept,
	.getname	   = inet_getname,
979
	/* FIXME: work on tcp_poll to rename it to inet_csk_poll */
980
981
	.poll		   = dccp_poll,
	.ioctl		   = inet_ioctl,
982
	/* FIXME: work on inet_listen to rename it to sock_common_listen */
983
984
985
986
987
988
989
990
	.listen		   = inet_dccp_listen,
	.shutdown	   = inet_shutdown,
	.setsockopt	   = sock_common_setsockopt,
	.getsockopt	   = sock_common_getsockopt,
	.sendmsg	   = inet_sendmsg,
	.recvmsg	   = sock_common_recvmsg,
	.mmap		   = sock_no_mmap,
	.sendpage	   = sock_no_sendpage,
991
#ifdef CONFIG_COMPAT
992
993
	.compat_setsockopt = compat_sock_common_setsockopt,
	.compat_getsockopt = compat_sock_common_getsockopt,
994
#endif
995
996
997
998
999
1000
1001
1002
1003
1004
1005
};

static struct inet_protosw dccp_v4_protosw = {
	.type		= SOCK_DCCP,
	.protocol	= IPPROTO_DCCP,
	.prot		= &dccp_v4_prot,
	.ops		= &inet_dccp_ops,
	.no_check	= 0,
	.flags		= INET_PROTOSW_ICSK,
};

1006
static int __net_init dccp_v4_init_net(struct net *net)
1007
{
1008
1009
	if (dccp_hashinfo.bhash == NULL)
		return -ESOCKTNOSUPPORT;
1010

1011
1012
	return inet_ctl_sock_create(&net->dccp.v4_ctl_sk, PF_INET,
				    SOCK_DCCP, IPPROTO_DCCP, net);
1013
1014
}

1015
static void __net_exit dccp_v4_exit_net(struct net *net)
1016
{
1017
	inet_ctl_sock_destroy(net->dccp.v4_ctl_sk);
1018
1019
1020
1021
1022
1023
1024
}

static struct pernet_operations dccp_v4_ops = {
	.init	= dccp_v4_init_net,
	.exit	= dccp_v4_exit_net,
};

1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
static int __init dccp_v4_init(void)
{
	int err = proto_register(&dccp_v4_prot, 1);

	if (err != 0)
		goto out;

	err = inet_add_protocol(&dccp_v4_protocol, IPPROTO_DCCP);
	if (err != 0)
		goto out_proto_unregister;

	inet_register_protosw(&dccp_v4_protosw);

1038
1039
1040
	err = register_pernet_subsys(&dccp_v4_ops);
	if (err)
		goto out_destroy_ctl_sock;
1041
1042
out:
	return err;
1043
out_destroy_ctl_sock:
1044
1045
1046
1047
1048
1049
1050
1051
1052
	inet_unregister_protosw(&dccp_v4_protosw);
	inet_del_protocol(&dccp_v4_protocol, IPPROTO_DCCP);
out_proto_unregister:
	proto_unregister(&dccp_v4_prot);
	goto out;
}

static void __exit dccp_v4_exit(void)
{
1053
	unregister_pernet_subsys(&dccp_v4_ops);
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
	inet_unregister_protosw(&dccp_v4_protosw);
	inet_del_protocol(&dccp_v4_protocol, IPPROTO_DCCP);
	proto_unregister(&dccp_v4_prot);
}

module_init(dccp_v4_init);
module_exit(dccp_v4_exit);

/*
 * __stringify doesn't likes enums, so use SOCK_DCCP (6) and IPPROTO_DCCP (33)
 * values directly, Also cover the case where the protocol is not specified,
 * i.e. net-pf-PF_INET-proto-0-type-SOCK_DCCP
 */
1067
1068
MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_INET, 33, 6);
MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_INET, 0, 6);
1069
1070
1071
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Arnaldo Carvalho de Melo <acme@mandriva.com>");
MODULE_DESCRIPTION("DCCP - Datagram Congestion Controlled Protocol");