LXR linux/net/dccp/ipv6.c

   1/*
   2 *      DCCP over IPv6
   3 *      Linux INET6 implementation
   4 *
   5 *      Based on net/dccp6/ipv6.c
   6 *
   7 *      Arnaldo Carvalho de Melo <acme@ghostprotocols.net>
   8 *
   9 *      This program is free software; you can redistribute it and/or
  10 *      modify it under the terms of the GNU General Public License
  11 *      as published by the Free Software Foundation; either version
  12 *      2 of the License, or (at your option) any later version.
  13 */
  14
  15#include <linux/module.h>
  16#include <linux/random.h>
  17#include <linux/slab.h>
  18#include <linux/xfrm.h>
  19
  20#include <net/addrconf.h>
  21#include <net/inet_common.h>
  22#include <net/inet_hashtables.h>
  23#include <net/inet_sock.h>
  24#include <net/inet6_connection_sock.h>
  25#include <net/inet6_hashtables.h>
  26#include <net/ip6_route.h>
  27#include <net/ipv6.h>
  28#include <net/protocol.h>
  29#include <net/transp_v6.h>
  30#include <net/ip6_checksum.h>
  31#include <net/xfrm.h>
  32#include <net/secure_seq.h>
  33
  34#include "dccp.h"
  35#include "ipv6.h"
  36#include "feat.h"
  37
  38/* The per-net dccp.v6_ctl_sk is used for sending RSTs and ACKs */
  39
  40static const struct inet_connection_sock_af_ops dccp_ipv6_mapped;
  41static const struct inet_connection_sock_af_ops dccp_ipv6_af_ops;
  42
  43/* add pseudo-header to DCCP checksum stored in skb->csum */
  44static inline __sum16 dccp_v6_csum_finish(struct sk_buff *skb,
  45                                      const struct in6_addr *saddr,
  46                                      const struct in6_addr *daddr)
  47{
  48        return csum_ipv6_magic(saddr, daddr, skb->len, IPPROTO_DCCP, skb->csum);
  49}
  50
  51static inline void dccp_v6_send_check(struct sock *sk, struct sk_buff *skb)
  52{
  53        struct ipv6_pinfo *np = inet6_sk(sk);
  54        struct dccp_hdr *dh = dccp_hdr(skb);
  55
  56        dccp_csum_outgoing(skb);
  57        dh->dccph_checksum = dccp_v6_csum_finish(skb, &np->saddr, &sk->sk_v6_daddr);
  58}
  59
  60static inline __u64 dccp_v6_init_sequence(struct sk_buff *skb)
  61{
  62        return secure_dccpv6_sequence_number(ipv6_hdr(skb)->daddr.s6_addr32,
  63                                             ipv6_hdr(skb)->saddr.s6_addr32,
  64                                             dccp_hdr(skb)->dccph_dport,
  65                                             dccp_hdr(skb)->dccph_sport     );
  66
  67}
  68
  69static void dccp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
  70                        u8 type, u8 code, int offset, __be32 info)
  71{
  72        const struct ipv6hdr *hdr = (const struct ipv6hdr *)skb->data;
  73        const struct dccp_hdr *dh;
  74        struct dccp_sock *dp;
  75        struct ipv6_pinfo *np;
  76        struct sock *sk;
  77        int err;
  78        __u64 seq;
  79        struct net *net = dev_net(skb->dev);
  80
  81        /* Only need dccph_dport & dccph_sport which are the first
  82         * 4 bytes in dccp header.
  83         * Our caller (icmpv6_notify()) already pulled 8 bytes for us.
  84         */
  85        BUILD_BUG_ON(offsetofend(struct dccp_hdr, dccph_sport) > 8);
  86        BUILD_BUG_ON(offsetofend(struct dccp_hdr, dccph_dport) > 8);
  87        dh = (struct dccp_hdr *)(skb->data + offset);
  88
  89        sk = __inet6_lookup_established(net, &dccp_hashinfo,
  90                                        &hdr->daddr, dh->dccph_dport,
  91                                        &hdr->saddr, ntohs(dh->dccph_sport),
  92                                        inet6_iif(skb));
  93
  94        if (!sk) {
  95                __ICMP6_INC_STATS(net, __in6_dev_get(skb->dev),
  96                                  ICMP6_MIB_INERRORS);
  97                return;
  98        }
  99
 100        if (sk->sk_state == DCCP_TIME_WAIT) {
 101                inet_twsk_put(inet_twsk(sk));
 102                return;
 103        }
 104        seq = dccp_hdr_seq(dh);
 105        if (sk->sk_state == DCCP_NEW_SYN_RECV)
 106                return dccp_req_err(sk, seq);
 107
 108        bh_lock_sock(sk);
 109        if (sock_owned_by_user(sk))
 110                __NET_INC_STATS(net, LINUX_MIB_LOCKDROPPEDICMPS);
 111
 112        if (sk->sk_state == DCCP_CLOSED)
 113                goto out;
 114
 115        dp = dccp_sk(sk);
 116        if ((1 << sk->sk_state) & ~(DCCPF_REQUESTING | DCCPF_LISTEN) &&
 117            !between48(seq, dp->dccps_awl, dp->dccps_awh)) {
 118                __NET_INC_STATS(net, LINUX_MIB_OUTOFWINDOWICMPS);
 119                goto out;
 120        }
 121
 122        np = inet6_sk(sk);
 123
 124        if (type == NDISC_REDIRECT) {
 125                if (!sock_owned_by_user(sk)) {
 126                        struct dst_entry *dst = __sk_dst_check(sk, np->dst_cookie);
 127
 128                        if (dst)
 129                                dst->ops->redirect(dst, sk, skb);
 130                }
 131                goto out;
 132        }
 133
 134        if (type == ICMPV6_PKT_TOOBIG) {
 135                struct dst_entry *dst = NULL;
 136
 137                if (!ip6_sk_accept_pmtu(sk))
 138                        goto out;
 139
 140                if (sock_owned_by_user(sk))
 141                        goto out;
 142                if ((1 << sk->sk_state) & (DCCPF_LISTEN | DCCPF_CLOSED))
 143                        goto out;
 144
 145                dst = inet6_csk_update_pmtu(sk, ntohl(info));
 146                if (!dst)
 147                        goto out;
 148
 149                if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst))
 150                        dccp_sync_mss(sk, dst_mtu(dst));
 151                goto out;
 152        }
 153
 154        icmpv6_err_convert(type, code, &err);
 155
 156        /* Might be for an request_sock */
 157        switch (sk->sk_state) {
 158        case DCCP_REQUESTING:
 159        case DCCP_RESPOND:  /* Cannot happen.
 160                               It can, it SYNs are crossed. --ANK */
 161                if (!sock_owned_by_user(sk)) {
 162                        __DCCP_INC_STATS(DCCP_MIB_ATTEMPTFAILS);
 163                        sk->sk_err = err;
 164                        /*
 165                         * Wake people up to see the error
 166                         * (see connect in sock.c)
 167                         */
 168                        sk->sk_error_report(sk);
 169                        dccp_done(sk);
 170                } else
 171                        sk->sk_err_soft = err;
 172                goto out;
 173        }
 174
 175        if (!sock_owned_by_user(sk) && np->recverr) {
 176                sk->sk_err = err;
 177                sk->sk_error_report(sk);
 178        } else
 179                sk->sk_err_soft = err;
 180
 181out:
 182        bh_unlock_sock(sk);
 183        sock_put(sk);
 184}
 185
 186
 187static int dccp_v6_send_response(const struct sock *sk, struct request_sock *req)
 188{
 189        struct inet_request_sock *ireq = inet_rsk(req);
 190        struct ipv6_pinfo *np = inet6_sk(sk);
 191        struct sk_buff *skb;
 192        struct in6_addr *final_p, final;
 193        struct flowi6 fl6;
 194        int err = -1;
 195        struct dst_entry *dst;
 196
 197        memset(&fl6, 0, sizeof(fl6));
 198        fl6.flowi6_proto = IPPROTO_DCCP;
 199        fl6.daddr = ireq->ir_v6_rmt_addr;
 200        fl6.saddr = ireq->ir_v6_loc_addr;
 201        fl6.flowlabel = 0;
 202        fl6.flowi6_oif = ireq->ir_iif;
 203        fl6.fl6_dport = ireq->ir_rmt_port;
 204        fl6.fl6_sport = htons(ireq->ir_num);
 205        security_req_classify_flow(req, flowi6_to_flowi(&fl6));
 206
 207
 208        rcu_read_lock();
 209        final_p = fl6_update_dst(&fl6, rcu_dereference(np->opt), &final);
 210        rcu_read_unlock();
 211
 212        dst = ip6_dst_lookup_flow(sk, &fl6, final_p);
 213        if (IS_ERR(dst)) {
 214                err = PTR_ERR(dst);
 215                dst = NULL;
 216                goto done;
 217        }
 218
 219        skb = dccp_make_response(sk, dst, req);
 220        if (skb != NULL) {
 221                struct dccp_hdr *dh = dccp_hdr(skb);
 222                struct ipv6_txoptions *opt;
 223
 224                dh->dccph_checksum = dccp_v6_csum_finish(skb,
 225                                                         &ireq->ir_v6_loc_addr,
 226                                                         &ireq->ir_v6_rmt_addr);
 227                fl6.daddr = ireq->ir_v6_rmt_addr;
 228                rcu_read_lock();
 229                opt = ireq->ipv6_opt;
 230                if (!opt)
 231                        opt = rcu_dereference(np->opt);
 232                err = ip6_xmit(sk, skb, &fl6, sk->sk_mark, opt, np->tclass);
 233                rcu_read_unlock();
 234                err = net_xmit_eval(err);
 235        }
 236
 237done:
 238        dst_release(dst);
 239        return err;
 240}
 241
 242static void dccp_v6_reqsk_destructor(struct request_sock *req)
 243{
 244        dccp_feat_list_purge(&dccp_rsk(req)->dreq_featneg);
 245        kfree(inet_rsk(req)->ipv6_opt);
 246        kfree_skb(inet_rsk(req)->pktopts);
 247}
 248
 249static void dccp_v6_ctl_send_reset(const struct sock *sk, struct sk_buff *rxskb)
 250{
 251        const struct ipv6hdr *rxip6h;
 252        struct sk_buff *skb;
 253        struct flowi6 fl6;
 254        struct net *net = dev_net(skb_dst(rxskb)->dev);
 255        struct sock *ctl_sk = net->dccp.v6_ctl_sk;
 256        struct dst_entry *dst;
 257
 258        if (dccp_hdr(rxskb)->dccph_type == DCCP_PKT_RESET)
 259                return;
 260
 261        if (!ipv6_unicast_destination(rxskb))
 262                return;
 263
 264        skb = dccp_ctl_make_reset(ctl_sk, rxskb);
 265        if (skb == NULL)
 266                return;
 267
 268        rxip6h = ipv6_hdr(rxskb);
 269        dccp_hdr(skb)->dccph_checksum = dccp_v6_csum_finish(skb, &rxip6h->saddr,
 270                                                            &rxip6h->daddr);
 271
 272        memset(&fl6, 0, sizeof(fl6));
 273        fl6.daddr = rxip6h->saddr;
 274        fl6.saddr = rxip6h->daddr;
 275
 276        fl6.flowi6_proto = IPPROTO_DCCP;
 277        fl6.flowi6_oif = inet6_iif(rxskb);
 278        fl6.fl6_dport = dccp_hdr(skb)->dccph_dport;
 279        fl6.fl6_sport = dccp_hdr(skb)->dccph_sport;
 280        security_skb_classify_flow(rxskb, flowi6_to_flowi(&fl6));
 281
 282        /* sk = NULL, but it is safe for now. RST socket required. */
 283        dst = ip6_dst_lookup_flow(ctl_sk, &fl6, NULL);
 284        if (!IS_ERR(dst)) {
 285                skb_dst_set(skb, dst);
 286                ip6_xmit(ctl_sk, skb, &fl6, 0, NULL, 0);
 287                DCCP_INC_STATS(DCCP_MIB_OUTSEGS);
 288                DCCP_INC_STATS(DCCP_MIB_OUTRSTS);
 289                return;
 290        }
 291
 292        kfree_skb(skb);
 293}
 294
 295static struct request_sock_ops dccp6_request_sock_ops = {
 296        .family         = AF_INET6,
 297        .obj_size       = sizeof(struct dccp6_request_sock),
 298        .rtx_syn_ack    = dccp_v6_send_response,
 299        .send_ack       = dccp_reqsk_send_ack,
 300        .destructor     = dccp_v6_reqsk_destructor,
 301        .send_reset     = dccp_v6_ctl_send_reset,
 302        .syn_ack_timeout = dccp_syn_ack_timeout,
 303};
 304
 305static int dccp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
 306{
 307        struct request_sock *req;
 308        struct dccp_request_sock *dreq;
 309        struct inet_request_sock *ireq;
 310        struct ipv6_pinfo *np = inet6_sk(sk);
 311        const __be32 service = dccp_hdr_request(skb)->dccph_req_service;
 312        struct dccp_skb_cb *dcb = DCCP_SKB_CB(skb);
 313
 314        if (skb->protocol == htons(ETH_P_IP))
 315                return dccp_v4_conn_request(sk, skb);
 316
 317        if (!ipv6_unicast_destination(skb))
 318                return 0;       /* discard, don't send a reset here */
 319
 320        if (dccp_bad_service_code(sk, service)) {
 321                dcb->dccpd_reset_code = DCCP_RESET_CODE_BAD_SERVICE_CODE;
 322                goto drop;
 323        }
 324        /*
 325         * There are no SYN attacks on IPv6, yet...
 326         */
 327        dcb->dccpd_reset_code = DCCP_RESET_CODE_TOO_BUSY;
 328        if (inet_csk_reqsk_queue_is_full(sk))
 329                goto drop;
 330
 331        if (sk_acceptq_is_full(sk))
 332                goto drop;
 333
 334        req = inet_reqsk_alloc(&dccp6_request_sock_ops, sk, true);
 335        if (req == NULL)
 336                goto drop;
 337
 338        if (dccp_reqsk_init(req, dccp_sk(sk), skb))
 339                goto drop_and_free;
 340
 341        dreq = dccp_rsk(req);
 342        if (dccp_parse_options(sk, dreq, skb))
 343                goto drop_and_free;
 344
 345        if (security_inet_conn_request(sk, skb, req))
 346                goto drop_and_free;
 347
 348        ireq = inet_rsk(req);
 349        ireq->ir_v6_rmt_addr = ipv6_hdr(skb)->saddr;
 350        ireq->ir_v6_loc_addr = ipv6_hdr(skb)->daddr;
 351        ireq->ireq_family = AF_INET6;
 352
 353        if (ipv6_opt_accepted(sk, skb, IP6CB(skb)) ||
 354            np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo ||
 355            np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) {
 356                refcount_inc(&skb->users);
 357                ireq->pktopts = skb;
 358        }
 359        ireq->ir_iif = sk->sk_bound_dev_if;
 360
 361        /* So that link locals have meaning */
 362        if (!sk->sk_bound_dev_if &&
 363            ipv6_addr_type(&ireq->ir_v6_rmt_addr) & IPV6_ADDR_LINKLOCAL)
 364                ireq->ir_iif = inet6_iif(skb);
 365
 366        /*
 367         * Step 3: Process LISTEN state
 368         *
 369         *   Set S.ISR, S.GSR, S.SWL, S.SWH from packet or Init Cookie
 370         *
 371         * Setting S.SWL/S.SWH to is deferred to dccp_create_openreq_child().
 372         */
 373        dreq->dreq_isr     = dcb->dccpd_seq;
 374        dreq->dreq_gsr     = dreq->dreq_isr;
 375        dreq->dreq_iss     = dccp_v6_init_sequence(skb);
 376        dreq->dreq_gss     = dreq->dreq_iss;
 377        dreq->dreq_service = service;
 378
 379        if (dccp_v6_send_response(sk, req))
 380                goto drop_and_free;
 381
 382        inet_csk_reqsk_queue_hash_add(sk, req, DCCP_TIMEOUT_INIT);
 383        reqsk_put(req);
 384        return 0;
 385
 386drop_and_free:
 387        reqsk_free(req);
 388drop:
 389        __DCCP_INC_STATS(DCCP_MIB_ATTEMPTFAILS);
 390        return -1;
 391}
 392
 393static struct sock *dccp_v6_request_recv_sock(const struct sock *sk,
 394                                              struct sk_buff *skb,
 395                                              struct request_sock *req,
 396                                              struct dst_entry *dst,
 397                                              struct request_sock *req_unhash,
 398                                              bool *own_req)
 399{
 400        struct inet_request_sock *ireq = inet_rsk(req);
 401        struct ipv6_pinfo *newnp;
 402        const struct ipv6_pinfo *np = inet6_sk(sk);
 403        struct ipv6_txoptions *opt;
 404        struct inet_sock *newinet;
 405        struct dccp6_sock *newdp6;
 406        struct sock *newsk;
 407
 408        if (skb->protocol == htons(ETH_P_IP)) {
 409                /*
 410                 *      v6 mapped
 411                 */
 412                newsk = dccp_v4_request_recv_sock(sk, skb, req, dst,
 413                                                  req_unhash, own_req);
 414                if (newsk == NULL)
 415                        return NULL;
 416
 417                newdp6 = (struct dccp6_sock *)newsk;
 418                newinet = inet_sk(newsk);
 419                newinet->pinet6 = &newdp6->inet6;
 420                newnp = inet6_sk(newsk);
 421
 422                memcpy(newnp, np, sizeof(struct ipv6_pinfo));
 423
 424                newnp->saddr = newsk->sk_v6_rcv_saddr;
 425
 426                inet_csk(newsk)->icsk_af_ops = &dccp_ipv6_mapped;
 427                newsk->sk_backlog_rcv = dccp_v4_do_rcv;
 428                newnp->pktoptions  = NULL;
 429                newnp->opt         = NULL;
 430                newnp->ipv6_mc_list = NULL;
 431                newnp->ipv6_ac_list = NULL;
 432                newnp->ipv6_fl_list = NULL;
 433                newnp->mcast_oif   = inet6_iif(skb);
 434                newnp->mcast_hops  = ipv6_hdr(skb)->hop_limit;
 435
 436                /*
 437                 * No need to charge this sock to the relevant IPv6 refcnt debug socks count
 438                 * here, dccp_create_openreq_child now does this for us, see the comment in
 439                 * that function for the gory details. -acme
 440                 */
 441
 442                /* It is tricky place. Until this moment IPv4 tcp
 443                   worked with IPv6 icsk.icsk_af_ops.
 444                   Sync it now.
 445                 */
 446                dccp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie);
 447
 448                return newsk;
 449        }
 450
 451
 452        if (sk_acceptq_is_full(sk))
 453                goto out_overflow;
 454
 455        if (!dst) {
 456                struct flowi6 fl6;
 457
 458                dst = inet6_csk_route_req(sk, &fl6, req, IPPROTO_DCCP);
 459                if (!dst)
 460                        goto out;
 461        }
 462
 463        newsk = dccp_create_openreq_child(sk, req, skb);
 464        if (newsk == NULL)
 465                goto out_nonewsk;
 466
 467        /*
 468         * No need to charge this sock to the relevant IPv6 refcnt debug socks
 469         * count here, dccp_create_openreq_child now does this for us, see the
 470         * comment in that function for the gory details. -acme
 471         */
 472
 473        ip6_dst_store(newsk, dst, NULL, NULL);
 474        newsk->sk_route_caps = dst->dev->features & ~(NETIF_F_IP_CSUM |
 475                                                      NETIF_F_TSO);
 476        newdp6 = (struct dccp6_sock *)newsk;
 477        newinet = inet_sk(newsk);
 478        newinet->pinet6 = &newdp6->inet6;
 479        newnp = inet6_sk(newsk);
 480
 481        memcpy(newnp, np, sizeof(struct ipv6_pinfo));
 482
 483        newsk->sk_v6_daddr      = ireq->ir_v6_rmt_addr;
 484        newnp->saddr            = ireq->ir_v6_loc_addr;
 485        newsk->sk_v6_rcv_saddr  = ireq->ir_v6_loc_addr;
 486        newsk->sk_bound_dev_if  = ireq->ir_iif;
 487
 488        /* Now IPv6 options...
 489
 490           First: no IPv4 options.
 491         */
 492        newinet->inet_opt = NULL;
 493
 494        /* Clone RX bits */
 495        newnp->rxopt.all = np->rxopt.all;
 496
 497        newnp->ipv6_mc_list = NULL;
 498        newnp->ipv6_ac_list = NULL;
 499        newnp->ipv6_fl_list = NULL;
 500        newnp->pktoptions = NULL;
 501        newnp->opt        = NULL;
 502        newnp->mcast_oif  = inet6_iif(skb);
 503        newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
 504
 505        /*
 506         * Clone native IPv6 options from listening socket (if any)
 507         *
 508         * Yes, keeping reference count would be much more clever, but we make
 509         * one more one thing there: reattach optmem to newsk.
 510         */
 511        opt = ireq->ipv6_opt;
 512        if (!opt)
 513                opt = rcu_dereference(np->opt);
 514        if (opt) {
 515                opt = ipv6_dup_options(newsk, opt);
 516                RCU_INIT_POINTER(newnp->opt, opt);
 517        }
 518        inet_csk(newsk)->icsk_ext_hdr_len = 0;
 519        if (opt)
 520                inet_csk(newsk)->icsk_ext_hdr_len = opt->opt_nflen +
 521                                                    opt->opt_flen;
 522
 523        dccp_sync_mss(newsk, dst_mtu(dst));
 524
 525        newinet->inet_daddr = newinet->inet_saddr = LOOPBACK4_IPV6;
 526        newinet->inet_rcv_saddr = LOOPBACK4_IPV6;
 527
 528        if (__inet_inherit_port(sk, newsk) < 0) {
 529                inet_csk_prepare_forced_close(newsk);
 530                dccp_done(newsk);
 531                goto out;
 532        }
 533        *own_req = inet_ehash_nolisten(newsk, req_to_sk(req_unhash));
 534        /* Clone pktoptions received with SYN, if we own the req */
 535        if (*own_req && ireq->pktopts) {
 536                newnp->pktoptions = skb_clone(ireq->pktopts, GFP_ATOMIC);
 537                consume_skb(ireq->pktopts);
 538                ireq->pktopts = NULL;
 539                if (newnp->pktoptions)
 540                        skb_set_owner_r(newnp->pktoptions, newsk);
 541        }
 542
 543        return newsk;
 544
 545out_overflow:
 546        __NET_INC_STATS(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS);
 547out_nonewsk:
 548        dst_release(dst);
 549out:
 550        __NET_INC_STATS(sock_net(sk), LINUX_MIB_LISTENDROPS);
 551        return NULL;
 552}
 553
 554/* The socket must have it's spinlock held when we get
 555 * here.
 556 *
 557 * We have a potential double-lock case here, so even when
 558 * doing backlog processing we use the BH locking scheme.
 559 * This is because we cannot sleep with the original spinlock
 560 * held.
 561 */
 562static int dccp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
 563{
 564        struct ipv6_pinfo *np = inet6_sk(sk);
 565        struct sk_buff *opt_skb = NULL;
 566
 567        /* Imagine: socket is IPv6. IPv4 packet arrives,
 568           goes to IPv4 receive handler and backlogged.
 569           From backlog it always goes here. Kerboom...
 570           Fortunately, dccp_rcv_established and rcv_established
 571           handle them correctly, but it is not case with
 572           dccp_v6_hnd_req and dccp_v6_ctl_send_reset().   --ANK
 573         */
 574
 575        if (skb->protocol == htons(ETH_P_IP))
 576                return dccp_v4_do_rcv(sk, skb);
 577
 578        if (sk_filter(sk, skb))
 579                goto discard;
 580
 581        /*
 582         * socket locking is here for SMP purposes as backlog rcv is currently
 583         * called with bh processing disabled.
 584         */
 585
 586        /* Do Stevens' IPV6_PKTOPTIONS.
 587
 588           Yes, guys, it is the only place in our code, where we
 589           may make it not affecting IPv4.
 590           The rest of code is protocol independent,
 591           and I do not like idea to uglify IPv4.
 592
 593           Actually, all the idea behind IPV6_PKTOPTIONS
 594           looks not very well thought. For now we latch
 595           options, received in the last packet, enqueued
 596           by tcp. Feel free to propose better solution.
 597                                               --ANK (980728)
 598         */
 599        if (np->rxopt.all)
 600        /*
 601         * FIXME: Add handling of IPV6_PKTOPTIONS skb. See the comments below
 602         *        (wrt ipv6_pktopions) and net/ipv6/tcp_ipv6.c for an example.
 603         */
 604                opt_skb = skb_clone(skb, GFP_ATOMIC);
 605
 606        if (sk->sk_state == DCCP_OPEN) { /* Fast path */
 607                if (dccp_rcv_established(sk, skb, dccp_hdr(skb), skb->len))
 608                        goto reset;
 609                if (opt_skb) {
 610                        /* XXX This is where we would goto ipv6_pktoptions. */
 611                        __kfree_skb(opt_skb);
 612                }
 613                return 0;
 614        }
 615
 616        /*
 617         *  Step 3: Process LISTEN state
 618         *     If S.state == LISTEN,
 619         *       If P.type == Request or P contains a valid Init Cookie option,
 620         *            (* Must scan the packet's options to check for Init
 621         *               Cookies.  Only Init Cookies are processed here,
 622         *               however; other options are processed in Step 8.  This
 623         *               scan need only be performed if the endpoint uses Init
 624         *               Cookies *)
 625         *            (* Generate a new socket and switch to that socket *)
 626         *            Set S := new socket for this port pair
 627         *            S.state = RESPOND
 628         *            Choose S.ISS (initial seqno) or set from Init Cookies
 629         *            Initialize S.GAR := S.ISS
 630         *            Set S.ISR, S.GSR, S.SWL, S.SWH from packet or Init Cookies
 631         *            Continue with S.state == RESPOND
 632         *            (* A Response packet will be generated in Step 11 *)
 633         *       Otherwise,
 634         *            Generate Reset(No Connection) unless P.type == Reset
 635         *            Drop packet and return
 636         *
 637         * NOTE: the check for the packet types is done in
 638         *       dccp_rcv_state_process
 639         */
 640
 641        if (dccp_rcv_state_process(sk, skb, dccp_hdr(skb), skb->len))
 642                goto reset;
 643        if (opt_skb) {
 644                /* XXX This is where we would goto ipv6_pktoptions. */
 645                __kfree_skb(opt_skb);
 646        }
 647        return 0;
 648
 649reset:
 650        dccp_v6_ctl_send_reset(sk, skb);
 651discard:
 652        if (opt_skb != NULL)
 653                __kfree_skb(opt_skb);
 654        kfree_skb(skb);
 655        return 0;
 656}
 657
 658static int dccp_v6_rcv(struct sk_buff *skb)
 659{
 660        const struct dccp_hdr *dh;
 661        bool refcounted;
 662        struct sock *sk;
 663        int min_cov;
 664
 665        /* Step 1: Check header basics */
 666
 667        if (dccp_invalid_packet(skb))
 668                goto discard_it;
 669
 670        /* Step 1: If header checksum is incorrect, drop packet and return. */
 671        if (dccp_v6_csum_finish(skb, &ipv6_hdr(skb)->saddr,
 672                                     &ipv6_hdr(skb)->daddr)) {
 673                DCCP_WARN("dropped packet with invalid checksum\n");
 674                goto discard_it;
 675        }
 676
 677        dh = dccp_hdr(skb);
 678
 679        DCCP_SKB_CB(skb)->dccpd_seq  = dccp_hdr_seq(dh);
 680        DCCP_SKB_CB(skb)->dccpd_type = dh->dccph_type;
 681
 682        if (dccp_packet_without_ack(skb))
 683                DCCP_SKB_CB(skb)->dccpd_ack_seq = DCCP_PKT_WITHOUT_ACK_SEQ;
 684        else
 685                DCCP_SKB_CB(skb)->dccpd_ack_seq = dccp_hdr_ack_seq(skb);
 686
 687lookup:
 688        sk = __inet6_lookup_skb(&dccp_hashinfo, skb, __dccp_hdr_len(dh),
 689                                dh->dccph_sport, dh->dccph_dport,
 690                                inet6_iif(skb), &refcounted);
 691        if (!sk) {
 692                dccp_pr_debug("failed to look up flow ID in table and "
 693                              "get corresponding socket\n");
 694                goto no_dccp_socket;
 695        }
 696
 697        /*
 698         * Step 2:
 699         *      ... or S.state == TIMEWAIT,
 700         *              Generate Reset(No Connection) unless P.type == Reset
 701         *              Drop packet and return
 702         */
 703        if (sk->sk_state == DCCP_TIME_WAIT) {
 704                dccp_pr_debug("sk->sk_state == DCCP_TIME_WAIT: do_time_wait\n");
 705                inet_twsk_put(inet_twsk(sk));
 706                goto no_dccp_socket;
 707        }
 708
 709        if (sk->sk_state == DCCP_NEW_SYN_RECV) {
 710                struct request_sock *req = inet_reqsk(sk);
 711                struct sock *nsk;
 712
 713                sk = req->rsk_listener;
 714                if (unlikely(sk->sk_state != DCCP_LISTEN)) {
 715                        inet_csk_reqsk_queue_drop_and_put(sk, req);
 716                        goto lookup;
 717                }
 718                sock_hold(sk);
 719                refcounted = true;
 720                nsk = dccp_check_req(sk, skb, req);
 721                if (!nsk) {
 722                        reqsk_put(req);
 723                        goto discard_and_relse;
 724                }
 725                if (nsk == sk) {
 726                        reqsk_put(req);
 727                } else if (dccp_child_process(sk, nsk, skb)) {
 728                        dccp_v6_ctl_send_reset(sk, skb);
 729                        goto discard_and_relse;
 730                } else {
 731                        sock_put(sk);
 732                        return 0;
 733                }
 734        }
 735        /*
 736         * RFC 4340, sec. 9.2.1: Minimum Checksum Coverage
 737         *      o if MinCsCov = 0, only packets with CsCov = 0 are accepted
 738         *      o if MinCsCov > 0, also accept packets with CsCov >= MinCsCov
 739         */
 740        min_cov = dccp_sk(sk)->dccps_pcrlen;
 741        if (dh->dccph_cscov  &&  (min_cov == 0 || dh->dccph_cscov < min_cov))  {
 742                dccp_pr_debug("Packet CsCov %d does not satisfy MinCsCov %d\n",
 743                              dh->dccph_cscov, min_cov);
 744                /* FIXME: send Data Dropped option (see also dccp_v4_rcv) */
 745                goto discard_and_relse;
 746        }
 747
 748        if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb))
 749                goto discard_and_relse;
 750
 751        return __sk_receive_skb(sk, skb, 1, dh->dccph_doff * 4,
 752                                refcounted) ? -1 : 0;
 753
 754no_dccp_socket:
 755        if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb))
 756                goto discard_it;
 757        /*
 758         * Step 2:
 759         *      If no socket ...
 760         *              Generate Reset(No Connection) unless P.type == Reset
 761         *              Drop packet and return
 762         */
 763        if (dh->dccph_type != DCCP_PKT_RESET) {
 764                DCCP_SKB_CB(skb)->dccpd_reset_code =
 765                                        DCCP_RESET_CODE_NO_CONNECTION;
 766                dccp_v6_ctl_send_reset(sk, skb);
 767        }
 768
 769discard_it:
 770        kfree_skb(skb);
 771        return 0;
 772
 773discard_and_relse:
 774        if (refcounted)
 775                sock_put(sk);
 776        goto discard_it;
 777}
 778
 779static int dccp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
 780                           int addr_len)
 781{
 782        struct sockaddr_in6 *usin = (struct sockaddr_in6 *)uaddr;
 783        struct inet_connection_sock *icsk = inet_csk(sk);
 784        struct inet_sock *inet = inet_sk(sk);
 785        struct ipv6_pinfo *np = inet6_sk(sk);
 786        struct dccp_sock *dp = dccp_sk(sk);
 787        struct in6_addr *saddr = NULL, *final_p, final;
 788        struct ipv6_txoptions *opt;
 789        struct flowi6 fl6;
 790        struct dst_entry *dst;
 791        int addr_type;
 792        int err;
 793
 794        dp->dccps_role = DCCP_ROLE_CLIENT;
 795
 796        if (addr_len < SIN6_LEN_RFC2133)
 797                return -EINVAL;
 798
 799        if (usin->sin6_family != AF_INET6)
 800                return -EAFNOSUPPORT;
 801
 802        memset(&fl6, 0, sizeof(fl6));
 803
 804        if (np->sndflow) {
 805                fl6.flowlabel = usin->sin6_flowinfo & IPV6_FLOWINFO_MASK;
 806                IP6_ECN_flow_init(fl6.flowlabel);
 807                if (fl6.flowlabel & IPV6_FLOWLABEL_MASK) {
 808                        struct ip6_flowlabel *flowlabel;
 809                        flowlabel = fl6_sock_lookup(sk, fl6.flowlabel);
 810                        if (flowlabel == NULL)
 811                                return -EINVAL;
 812                        fl6_sock_release(flowlabel);
 813                }
 814        }
 815        /*
 816         * connect() to INADDR_ANY means loopback (BSD'ism).
 817         */
 818        if (ipv6_addr_any(&usin->sin6_addr))
 819                usin->sin6_addr.s6_addr[15] = 1;
 820
 821        addr_type = ipv6_addr_type(&usin->sin6_addr);
 822
 823        if (addr_type & IPV6_ADDR_MULTICAST)
 824                return -ENETUNREACH;
 825
 826        if (addr_type & IPV6_ADDR_LINKLOCAL) {
 827                if (addr_len >= sizeof(struct sockaddr_in6) &&
 828                    usin->sin6_scope_id) {
 829                        /* If interface is set while binding, indices
 830                         * must coincide.
 831                         */
 832                        if (sk->sk_bound_dev_if &&
 833                            sk->sk_bound_dev_if != usin->sin6_scope_id)
 834                                return -EINVAL;
 835
 836                        sk->sk_bound_dev_if = usin->sin6_scope_id;
 837                }
 838
 839                /* Connect to link-local address requires an interface */
 840                if (!sk->sk_bound_dev_if)
 841                        return -EINVAL;
 842        }
 843
 844        sk->sk_v6_daddr = usin->sin6_addr;
 845        np->flow_label = fl6.flowlabel;
 846
 847        /*
 848         * DCCP over IPv4
 849         */
 850        if (addr_type == IPV6_ADDR_MAPPED) {
 851                u32 exthdrlen = icsk->icsk_ext_hdr_len;
 852                struct sockaddr_in sin;
 853
 854                SOCK_DEBUG(sk, "connect: ipv4 mapped\n");
 855
 856                if (__ipv6_only_sock(sk))
 857                        return -ENETUNREACH;
 858
 859                sin.sin_family = AF_INET;
 860                sin.sin_port = usin->sin6_port;
 861                sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3];
 862
 863                icsk->icsk_af_ops = &dccp_ipv6_mapped;
 864                sk->sk_backlog_rcv = dccp_v4_do_rcv;
 865
 866                err = dccp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin));
 867                if (err) {
 868                        icsk->icsk_ext_hdr_len = exthdrlen;
 869                        icsk->icsk_af_ops = &dccp_ipv6_af_ops;
 870                        sk->sk_backlog_rcv = dccp_v6_do_rcv;
 871                        goto failure;
 872                }
 873                np->saddr = sk->sk_v6_rcv_saddr;
 874                return err;
 875        }
 876
 877        if (!ipv6_addr_any(&sk->sk_v6_rcv_saddr))
 878                saddr = &sk->sk_v6_rcv_saddr;
 879
 880        fl6.flowi6_proto = IPPROTO_DCCP;
 881        fl6.daddr = sk->sk_v6_daddr;
 882        fl6.saddr = saddr ? *saddr : np->saddr;
 883        fl6.flowi6_oif = sk->sk_bound_dev_if;
 884        fl6.fl6_dport = usin->sin6_port;
 885        fl6.fl6_sport = inet->inet_sport;
 886        security_sk_classify_flow(sk, flowi6_to_flowi(&fl6));
 887
 888        opt = rcu_dereference_protected(np->opt, lockdep_sock_is_held(sk));
 889        final_p = fl6_update_dst(&fl6, opt, &final);
 890
 891        dst = ip6_dst_lookup_flow(sk, &fl6, final_p);
 892        if (IS_ERR(dst)) {
 893                err = PTR_ERR(dst);
 894                goto failure;
 895        }
 896
 897        if (saddr == NULL) {
 898                saddr = &fl6.saddr;
 899                sk->sk_v6_rcv_saddr = *saddr;
 900        }
 901
 902        /* set the source address */
 903        np->saddr = *saddr;
 904        inet->inet_rcv_saddr = LOOPBACK4_IPV6;
 905
 906        ip6_dst_store(sk, dst, NULL, NULL);
 907
 908        icsk->icsk_ext_hdr_len = 0;
 909        if (opt)
 910                icsk->icsk_ext_hdr_len = opt->opt_flen + opt->opt_nflen;
 911
 912        inet->inet_dport = usin->sin6_port;
 913
 914        dccp_set_state(sk, DCCP_REQUESTING);
 915        err = inet6_hash_connect(&dccp_death_row, sk);
 916        if (err)
 917                goto late_failure;
 918
 919        dp->dccps_iss = secure_dccpv6_sequence_number(np->saddr.s6_addr32,
 920                                                      sk->sk_v6_daddr.s6_addr32,
 921                                                      inet->inet_sport,
 922                                                      inet->inet_dport);
 923        err = dccp_connect(sk);
 924        if (err)
 925                goto late_failure;
 926
 927        return 0;
 928
 929late_failure:
 930        dccp_set_state(sk, DCCP_CLOSED);
 931        __sk_dst_reset(sk);
 932failure:
 933        inet->inet_dport = 0;
 934        sk->sk_route_caps = 0;
 935        return err;
 936}
 937
 938static const struct inet_connection_sock_af_ops dccp_ipv6_af_ops = {
 939        .queue_xmit        = inet6_csk_xmit,
 940        .send_check        = dccp_v6_send_check,
 941        .rebuild_header    = inet6_sk_rebuild_header,
 942        .conn_request      = dccp_v6_conn_request,
 943        .syn_recv_sock     = dccp_v6_request_recv_sock,
 944        .net_header_len    = sizeof(struct ipv6hdr),
 945        .setsockopt        = ipv6_setsockopt,
 946        .getsockopt        = ipv6_getsockopt,
 947        .addr2sockaddr     = inet6_csk_addr2sockaddr,
 948        .sockaddr_len      = sizeof(struct sockaddr_in6),
 949#ifdef CONFIG_COMPAT
 950        .compat_setsockopt = compat_ipv6_setsockopt,
 951        .compat_getsockopt = compat_ipv6_getsockopt,
 952#endif
 953};
 954
 955/*
 956 *      DCCP over IPv4 via INET6 API
 957 */
 958static const struct inet_connection_sock_af_ops dccp_ipv6_mapped = {
 959        .queue_xmit        = ip_queue_xmit,
 960        .send_check        = dccp_v4_send_check,
 961        .rebuild_header    = inet_sk_rebuild_header,
 962        .conn_request      = dccp_v6_conn_request,
 963        .syn_recv_sock     = dccp_v6_request_recv_sock,
 964        .net_header_len    = sizeof(struct iphdr),
 965        .setsockopt        = ipv6_setsockopt,
 966        .getsockopt        = ipv6_getsockopt,
 967        .addr2sockaddr     = inet6_csk_addr2sockaddr,
 968        .sockaddr_len      = sizeof(struct sockaddr_in6),
 969#ifdef CONFIG_COMPAT
 970        .compat_setsockopt = compat_ipv6_setsockopt,
 971        .compat_getsockopt = compat_ipv6_getsockopt,
 972#endif
 973};
 974
 975/* NOTE: A lot of things set to zero explicitly by call to
 976 *       sk_alloc() so need not be done here.
 977 */
 978static int dccp_v6_init_sock(struct sock *sk)
 979{
 980        static __u8 dccp_v6_ctl_sock_initialized;
 981        int err = dccp_init_sock(sk, dccp_v6_ctl_sock_initialized);
 982
 983        if (err == 0) {
 984                if (unlikely(!dccp_v6_ctl_sock_initialized))
 985                        dccp_v6_ctl_sock_initialized = 1;
 986                inet_csk(sk)->icsk_af_ops = &dccp_ipv6_af_ops;
 987        }
 988
 989        return err;
 990}
 991
 992static void dccp_v6_destroy_sock(struct sock *sk)
 993{
 994        dccp_destroy_sock(sk);
 995        inet6_destroy_sock(sk);
 996}
 997
 998static struct timewait_sock_ops dccp6_timewait_sock_ops = {
 999        .twsk_obj_size  = sizeof(struct dccp6_timewait_sock),
1000};

1001
1002static struct proto dccp_v6_prot = {
1003        .name              = "DCCPv6",
1004        .owner             = THIS_MODULE,
1005        .close             = dccp_close,
1006        .connect           = dccp_v6_connect,
1007        .disconnect        = dccp_disconnect,
1008        .ioctl             = dccp_ioctl,
1009        .init              = dccp_v6_init_sock,
1010        .setsockopt        = dccp_setsockopt,
1011        .getsockopt        = dccp_getsockopt,
1012        .sendmsg           = dccp_sendmsg,
1013        .recvmsg           = dccp_recvmsg,
1014        .backlog_rcv       = dccp_v6_do_rcv,
1015        .hash              = inet6_hash,
1016        .unhash            = inet_unhash,
1017        .accept            = inet_csk_accept,
1018        .get_port          = inet_csk_get_port,
1019        .shutdown          = dccp_shutdown,
1020        .destroy           = dccp_v6_destroy_sock,
1021        .orphan_count      = &dccp_orphan_count,
1022        .max_header        = MAX_DCCP_HEADER,
1023        .obj_size          = sizeof(struct dccp6_sock),
1024        .slab_flags        = SLAB_TYPESAFE_BY_RCU,
1025        .rsk_prot          = &dccp6_request_sock_ops,
1026        .twsk_prot         = &dccp6_timewait_sock_ops,
1027        .h.hashinfo        = &dccp_hashinfo,
1028#ifdef CONFIG_COMPAT
1029        .compat_setsockopt = compat_dccp_setsockopt,
1030        .compat_getsockopt = compat_dccp_getsockopt,
1031#endif
1032};
1033
1034static const struct inet6_protocol dccp_v6_protocol = {
1035        .handler        = dccp_v6_rcv,
1036        .err_handler    = dccp_v6_err,
1037        .flags          = INET6_PROTO_NOPOLICY | INET6_PROTO_FINAL,
1038};
1039
1040static const struct proto_ops inet6_dccp_ops = {
1041        .family            = PF_INET6,
1042        .owner             = THIS_MODULE,
1043        .release           = inet6_release,
1044        .bind              = inet6_bind,
1045        .connect           = inet_stream_connect,
1046        .socketpair        = sock_no_socketpair,
1047        .accept            = inet_accept,
1048        .getname           = inet6_getname,
1049        .poll              = dccp_poll,
1050        .ioctl             = inet6_ioctl,
1051        .listen            = inet_dccp_listen,
1052        .shutdown          = inet_shutdown,
1053        .setsockopt        = sock_common_setsockopt,
1054        .getsockopt        = sock_common_getsockopt,
1055        .sendmsg           = inet_sendmsg,
1056        .recvmsg           = sock_common_recvmsg,
1057        .mmap              = sock_no_mmap,
1058        .sendpage          = sock_no_sendpage,
1059#ifdef CONFIG_COMPAT
1060        .compat_setsockopt = compat_sock_common_setsockopt,
1061        .compat_getsockopt = compat_sock_common_getsockopt,
1062#endif
1063};
1064
1065static struct inet_protosw dccp_v6_protosw = {
1066        .type           = SOCK_DCCP,
1067        .protocol       = IPPROTO_DCCP,
1068        .prot           = &dccp_v6_prot,
1069        .ops            = &inet6_dccp_ops,
1070        .flags          = INET_PROTOSW_ICSK,
1071};
1072
1073static int __net_init dccp_v6_init_net(struct net *net)
1074{
1075        if (dccp_hashinfo.bhash == NULL)
1076                return -ESOCKTNOSUPPORT;
1077
1078        return inet_ctl_sock_create(&net->dccp.v6_ctl_sk, PF_INET6,
1079                                    SOCK_DCCP, IPPROTO_DCCP, net);
1080}
1081
1082static void __net_exit dccp_v6_exit_net(struct net *net)
1083{
1084        inet_ctl_sock_destroy(net->dccp.v6_ctl_sk);
1085}
1086
1087static void __net_exit dccp_v6_exit_batch(struct list_head *net_exit_list)
1088{
1089        inet_twsk_purge(&dccp_hashinfo, AF_INET6);
1090}
1091
1092static struct pernet_operations dccp_v6_ops = {
1093        .init   = dccp_v6_init_net,
1094        .exit   = dccp_v6_exit_net,
1095        .exit_batch = dccp_v6_exit_batch,
1096};
1097
1098static int __init dccp_v6_init(void)
1099{
1100        int err = proto_register(&dccp_v6_prot, 1);
1101
1102        if (err)
1103                goto out;
1104
1105        inet6_register_protosw(&dccp_v6_protosw);
1106
1107        err = register_pernet_subsys(&dccp_v6_ops);
1108        if (err)
1109                goto out_destroy_ctl_sock;
1110
1111        err = inet6_add_protocol(&dccp_v6_protocol, IPPROTO_DCCP);
1112        if (err)
1113                goto out_unregister_proto;
1114
1115out:
1116        return err;
1117out_unregister_proto:
1118        unregister_pernet_subsys(&dccp_v6_ops);
1119out_destroy_ctl_sock:
1120        inet6_unregister_protosw(&dccp_v6_protosw);
1121        proto_unregister(&dccp_v6_prot);
1122        goto out;
1123}
1124
1125static void __exit dccp_v6_exit(void)
1126{
1127        inet6_del_protocol(&dccp_v6_protocol, IPPROTO_DCCP);
1128        unregister_pernet_subsys(&dccp_v6_ops);
1129        inet6_unregister_protosw(&dccp_v6_protosw);
1130        proto_unregister(&dccp_v6_prot);
1131}
1132
1133module_init(dccp_v6_init);
1134module_exit(dccp_v6_exit);
1135
1136/*
1137 * __stringify doesn't likes enums, so use SOCK_DCCP (6) and IPPROTO_DCCP (33)
1138 * values directly, Also cover the case where the protocol is not specified,
1139 * i.e. net-pf-PF_INET6-proto-0-type-SOCK_DCCP
1140 */
1141MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_INET6, 33, 6);
1142MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_INET6, 0, 6);
1143MODULE_LICENSE("GPL");
1144MODULE_AUTHOR("Arnaldo Carvalho de Melo <acme@mandriva.com>");
1145MODULE_DESCRIPTION("DCCPv6 - Datagram Congestion Controlled Protocol");
1146