LXR linux/net/dccp/ipv6.c

   1/*
   2 *      DCCP over IPv6
   3 *      Linux INET6 implementation
   4 *
   5 *      Based on net/dccp6/ipv6.c
   6 *
   7 *      Arnaldo Carvalho de Melo <acme@ghostprotocols.net>
   8 *
   9 *      This program is free software; you can redistribute it and/or
  10 *      modify it under the terms of the GNU General Public License
  11 *      as published by the Free Software Foundation; either version
  12 *      2 of the License, or (at your option) any later version.
  13 */
  14
  15#include <linux/module.h>
  16#include <linux/random.h>
  17#include <linux/slab.h>
  18#include <linux/xfrm.h>
  19#include <linux/string.h>
  20
  21#include <net/addrconf.h>
  22#include <net/inet_common.h>
  23#include <net/inet_hashtables.h>
  24#include <net/inet_sock.h>
  25#include <net/inet6_connection_sock.h>
  26#include <net/inet6_hashtables.h>
  27#include <net/ip6_route.h>
  28#include <net/ipv6.h>
  29#include <net/protocol.h>
  30#include <net/transp_v6.h>
  31#include <net/ip6_checksum.h>
  32#include <net/xfrm.h>
  33#include <net/secure_seq.h>
  34#include <net/sock.h>
  35
  36#include "dccp.h"
  37#include "ipv6.h"
  38#include "feat.h"
  39
  40/* The per-net dccp.v6_ctl_sk is used for sending RSTs and ACKs */
  41
  42static const struct inet_connection_sock_af_ops dccp_ipv6_mapped;
  43static const struct inet_connection_sock_af_ops dccp_ipv6_af_ops;
  44
  45/* add pseudo-header to DCCP checksum stored in skb->csum */
  46static inline __sum16 dccp_v6_csum_finish(struct sk_buff *skb,
  47                                      const struct in6_addr *saddr,
  48                                      const struct in6_addr *daddr)
  49{
  50        return csum_ipv6_magic(saddr, daddr, skb->len, IPPROTO_DCCP, skb->csum);
  51}
  52
  53static inline void dccp_v6_send_check(struct sock *sk, struct sk_buff *skb)
  54{
  55        struct ipv6_pinfo *np = inet6_sk(sk);
  56        struct dccp_hdr *dh = dccp_hdr(skb);
  57
  58        dccp_csum_outgoing(skb);
  59        dh->dccph_checksum = dccp_v6_csum_finish(skb, &np->saddr, &sk->sk_v6_daddr);
  60}
  61
  62static inline __u64 dccp_v6_init_sequence(struct sk_buff *skb)
  63{
  64        return secure_dccpv6_sequence_number(ipv6_hdr(skb)->daddr.s6_addr32,
  65                                             ipv6_hdr(skb)->saddr.s6_addr32,
  66                                             dccp_hdr(skb)->dccph_dport,
  67                                             dccp_hdr(skb)->dccph_sport     );
  68
  69}
  70
  71static void dccp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
  72                        u8 type, u8 code, int offset, __be32 info)
  73{
  74        const struct ipv6hdr *hdr = (const struct ipv6hdr *)skb->data;
  75        const struct dccp_hdr *dh;
  76        struct dccp_sock *dp;
  77        struct ipv6_pinfo *np;
  78        struct sock *sk;
  79        int err;
  80        __u64 seq;
  81        struct net *net = dev_net(skb->dev);
  82
  83        /* Only need dccph_dport & dccph_sport which are the first
  84         * 4 bytes in dccp header.
  85         * Our caller (icmpv6_notify()) already pulled 8 bytes for us.
  86         */
  87        BUILD_BUG_ON(offsetofend(struct dccp_hdr, dccph_sport) > 8);
  88        BUILD_BUG_ON(offsetofend(struct dccp_hdr, dccph_dport) > 8);
  89        dh = (struct dccp_hdr *)(skb->data + offset);
  90
  91        sk = __inet6_lookup_established(net, &dccp_hashinfo,
  92                                        &hdr->daddr, dh->dccph_dport,
  93                                        &hdr->saddr, ntohs(dh->dccph_sport),
  94                                        inet6_iif(skb), 0);
  95
  96        if (!sk) {
  97                __ICMP6_INC_STATS(net, __in6_dev_get(skb->dev),
  98                                  ICMP6_MIB_INERRORS);
  99                return;
 100        }
 101
 102        if (sk->sk_state == DCCP_TIME_WAIT) {
 103                inet_twsk_put(inet_twsk(sk));
 104                return;
 105        }
 106        seq = dccp_hdr_seq(dh);
 107        if (sk->sk_state == DCCP_NEW_SYN_RECV)
 108                return dccp_req_err(sk, seq);
 109
 110        bh_lock_sock(sk);
 111        if (sock_owned_by_user(sk))
 112                __NET_INC_STATS(net, LINUX_MIB_LOCKDROPPEDICMPS);
 113
 114        if (sk->sk_state == DCCP_CLOSED)
 115                goto out;
 116
 117        dp = dccp_sk(sk);
 118        if ((1 << sk->sk_state) & ~(DCCPF_REQUESTING | DCCPF_LISTEN) &&
 119            !between48(seq, dp->dccps_awl, dp->dccps_awh)) {
 120                __NET_INC_STATS(net, LINUX_MIB_OUTOFWINDOWICMPS);
 121                goto out;
 122        }
 123
 124        np = inet6_sk(sk);
 125
 126        if (type == NDISC_REDIRECT) {
 127                if (!sock_owned_by_user(sk)) {
 128                        struct dst_entry *dst = __sk_dst_check(sk, np->dst_cookie);
 129
 130                        if (dst)
 131                                dst->ops->redirect(dst, sk, skb);
 132                }
 133                goto out;
 134        }
 135
 136        if (type == ICMPV6_PKT_TOOBIG) {
 137                struct dst_entry *dst = NULL;
 138
 139                if (!ip6_sk_accept_pmtu(sk))
 140                        goto out;
 141
 142                if (sock_owned_by_user(sk))
 143                        goto out;
 144                if ((1 << sk->sk_state) & (DCCPF_LISTEN | DCCPF_CLOSED))
 145                        goto out;
 146
 147                dst = inet6_csk_update_pmtu(sk, ntohl(info));
 148                if (!dst)
 149                        goto out;
 150
 151                if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst))
 152                        dccp_sync_mss(sk, dst_mtu(dst));
 153                goto out;
 154        }
 155
 156        icmpv6_err_convert(type, code, &err);
 157
 158        /* Might be for an request_sock */
 159        switch (sk->sk_state) {
 160        case DCCP_REQUESTING:
 161        case DCCP_RESPOND:  /* Cannot happen.
 162                               It can, it SYNs are crossed. --ANK */
 163                if (!sock_owned_by_user(sk)) {
 164                        __DCCP_INC_STATS(DCCP_MIB_ATTEMPTFAILS);
 165                        sk->sk_err = err;
 166                        /*
 167                         * Wake people up to see the error
 168                         * (see connect in sock.c)
 169                         */
 170                        sk->sk_error_report(sk);
 171                        dccp_done(sk);
 172                } else
 173                        sk->sk_err_soft = err;
 174                goto out;
 175        }
 176
 177        if (!sock_owned_by_user(sk) && np->recverr) {
 178                sk->sk_err = err;
 179                sk->sk_error_report(sk);
 180        } else
 181                sk->sk_err_soft = err;
 182
 183out:
 184        bh_unlock_sock(sk);
 185        sock_put(sk);
 186}
 187
 188
 189static int dccp_v6_send_response(const struct sock *sk, struct request_sock *req)
 190{
 191        struct inet_request_sock *ireq = inet_rsk(req);
 192        struct ipv6_pinfo *np = inet6_sk(sk);
 193        struct sk_buff *skb;
 194        struct in6_addr *final_p, final;
 195        struct flowi6 fl6;
 196        int err = -1;
 197        struct dst_entry *dst;
 198
 199        memset(&fl6, 0, sizeof(fl6));
 200        fl6.flowi6_proto = IPPROTO_DCCP;
 201        fl6.daddr = ireq->ir_v6_rmt_addr;
 202        fl6.saddr = ireq->ir_v6_loc_addr;
 203        fl6.flowlabel = 0;
 204        fl6.flowi6_oif = ireq->ir_iif;
 205        fl6.fl6_dport = ireq->ir_rmt_port;
 206        fl6.fl6_sport = htons(ireq->ir_num);
 207        security_req_classify_flow(req, flowi6_to_flowi(&fl6));
 208
 209
 210        rcu_read_lock();
 211        final_p = fl6_update_dst(&fl6, rcu_dereference(np->opt), &final);
 212        rcu_read_unlock();
 213
 214        dst = ip6_dst_lookup_flow(sk, &fl6, final_p);
 215        if (IS_ERR(dst)) {
 216                err = PTR_ERR(dst);
 217                dst = NULL;
 218                goto done;
 219        }
 220
 221        skb = dccp_make_response(sk, dst, req);
 222        if (skb != NULL) {
 223                struct dccp_hdr *dh = dccp_hdr(skb);
 224                struct ipv6_txoptions *opt;
 225
 226                dh->dccph_checksum = dccp_v6_csum_finish(skb,
 227                                                         &ireq->ir_v6_loc_addr,
 228                                                         &ireq->ir_v6_rmt_addr);
 229                fl6.daddr = ireq->ir_v6_rmt_addr;
 230                rcu_read_lock();
 231                opt = ireq->ipv6_opt;
 232                if (!opt)
 233                        opt = rcu_dereference(np->opt);
 234                err = ip6_xmit(sk, skb, &fl6, sk->sk_mark, opt, np->tclass);
 235                rcu_read_unlock();
 236                err = net_xmit_eval(err);
 237        }
 238
 239done:
 240        dst_release(dst);
 241        return err;
 242}
 243
 244static void dccp_v6_reqsk_destructor(struct request_sock *req)
 245{
 246        dccp_feat_list_purge(&dccp_rsk(req)->dreq_featneg);
 247        kfree(inet_rsk(req)->ipv6_opt);
 248        kfree_skb(inet_rsk(req)->pktopts);
 249}
 250
 251static void dccp_v6_ctl_send_reset(const struct sock *sk, struct sk_buff *rxskb)
 252{
 253        const struct ipv6hdr *rxip6h;
 254        struct sk_buff *skb;
 255        struct flowi6 fl6;
 256        struct net *net = dev_net(skb_dst(rxskb)->dev);
 257        struct sock *ctl_sk = net->dccp.v6_ctl_sk;
 258        struct dst_entry *dst;
 259
 260        if (dccp_hdr(rxskb)->dccph_type == DCCP_PKT_RESET)
 261                return;
 262
 263        if (!ipv6_unicast_destination(rxskb))
 264                return;
 265
 266        skb = dccp_ctl_make_reset(ctl_sk, rxskb);
 267        if (skb == NULL)
 268                return;
 269
 270        rxip6h = ipv6_hdr(rxskb);
 271        dccp_hdr(skb)->dccph_checksum = dccp_v6_csum_finish(skb, &rxip6h->saddr,
 272                                                            &rxip6h->daddr);
 273
 274        memset(&fl6, 0, sizeof(fl6));
 275        fl6.daddr = rxip6h->saddr;
 276        fl6.saddr = rxip6h->daddr;
 277
 278        fl6.flowi6_proto = IPPROTO_DCCP;
 279        fl6.flowi6_oif = inet6_iif(rxskb);
 280        fl6.fl6_dport = dccp_hdr(skb)->dccph_dport;
 281        fl6.fl6_sport = dccp_hdr(skb)->dccph_sport;
 282        security_skb_classify_flow(rxskb, flowi6_to_flowi(&fl6));
 283
 284        /* sk = NULL, but it is safe for now. RST socket required. */
 285        dst = ip6_dst_lookup_flow(ctl_sk, &fl6, NULL);
 286        if (!IS_ERR(dst)) {
 287                skb_dst_set(skb, dst);
 288                ip6_xmit(ctl_sk, skb, &fl6, 0, NULL, 0);
 289                DCCP_INC_STATS(DCCP_MIB_OUTSEGS);
 290                DCCP_INC_STATS(DCCP_MIB_OUTRSTS);
 291                return;
 292        }
 293
 294        kfree_skb(skb);
 295}
 296
 297static struct request_sock_ops dccp6_request_sock_ops = {
 298        .family         = AF_INET6,
 299        .obj_size       = sizeof(struct dccp6_request_sock),
 300        .rtx_syn_ack    = dccp_v6_send_response,
 301        .send_ack       = dccp_reqsk_send_ack,
 302        .destructor     = dccp_v6_reqsk_destructor,
 303        .send_reset     = dccp_v6_ctl_send_reset,
 304        .syn_ack_timeout = dccp_syn_ack_timeout,
 305};
 306
 307static int dccp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
 308{
 309        struct request_sock *req;
 310        struct dccp_request_sock *dreq;
 311        struct inet_request_sock *ireq;
 312        struct ipv6_pinfo *np = inet6_sk(sk);
 313        const __be32 service = dccp_hdr_request(skb)->dccph_req_service;
 314        struct dccp_skb_cb *dcb = DCCP_SKB_CB(skb);
 315
 316        if (skb->protocol == htons(ETH_P_IP))
 317                return dccp_v4_conn_request(sk, skb);
 318
 319        if (!ipv6_unicast_destination(skb))
 320                return 0;       /* discard, don't send a reset here */
 321
 322        if (dccp_bad_service_code(sk, service)) {
 323                dcb->dccpd_reset_code = DCCP_RESET_CODE_BAD_SERVICE_CODE;
 324                goto drop;
 325        }
 326        /*
 327         * There are no SYN attacks on IPv6, yet...
 328         */
 329        dcb->dccpd_reset_code = DCCP_RESET_CODE_TOO_BUSY;
 330        if (inet_csk_reqsk_queue_is_full(sk))
 331                goto drop;
 332
 333        if (sk_acceptq_is_full(sk))
 334                goto drop;
 335
 336        req = inet_reqsk_alloc(&dccp6_request_sock_ops, sk, true);
 337        if (req == NULL)
 338                goto drop;
 339
 340        if (dccp_reqsk_init(req, dccp_sk(sk), skb))
 341                goto drop_and_free;
 342
 343        dreq = dccp_rsk(req);
 344        if (dccp_parse_options(sk, dreq, skb))
 345                goto drop_and_free;
 346
 347        if (security_inet_conn_request(sk, skb, req))
 348                goto drop_and_free;
 349
 350        ireq = inet_rsk(req);
 351        ireq->ir_v6_rmt_addr = ipv6_hdr(skb)->saddr;
 352        ireq->ir_v6_loc_addr = ipv6_hdr(skb)->daddr;
 353        ireq->ireq_family = AF_INET6;
 354
 355        if (ipv6_opt_accepted(sk, skb, IP6CB(skb)) ||
 356            np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo ||
 357            np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) {
 358                refcount_inc(&skb->users);
 359                ireq->pktopts = skb;
 360        }
 361        ireq->ir_iif = sk->sk_bound_dev_if;
 362
 363        /* So that link locals have meaning */
 364        if (!sk->sk_bound_dev_if &&
 365            ipv6_addr_type(&ireq->ir_v6_rmt_addr) & IPV6_ADDR_LINKLOCAL)
 366                ireq->ir_iif = inet6_iif(skb);
 367
 368        /*
 369         * Step 3: Process LISTEN state
 370         *
 371         *   Set S.ISR, S.GSR, S.SWL, S.SWH from packet or Init Cookie
 372         *
 373         * Setting S.SWL/S.SWH to is deferred to dccp_create_openreq_child().
 374         */
 375        dreq->dreq_isr     = dcb->dccpd_seq;
 376        dreq->dreq_gsr     = dreq->dreq_isr;
 377        dreq->dreq_iss     = dccp_v6_init_sequence(skb);
 378        dreq->dreq_gss     = dreq->dreq_iss;
 379        dreq->dreq_service = service;
 380
 381        if (dccp_v6_send_response(sk, req))
 382                goto drop_and_free;
 383
 384        inet_csk_reqsk_queue_hash_add(sk, req, DCCP_TIMEOUT_INIT);
 385        reqsk_put(req);
 386        return 0;
 387
 388drop_and_free:
 389        reqsk_free(req);
 390drop:
 391        __DCCP_INC_STATS(DCCP_MIB_ATTEMPTFAILS);
 392        return -1;
 393}
 394
 395static struct sock *dccp_v6_request_recv_sock(const struct sock *sk,
 396                                              struct sk_buff *skb,
 397                                              struct request_sock *req,
 398                                              struct dst_entry *dst,
 399                                              struct request_sock *req_unhash,
 400                                              bool *own_req)
 401{
 402        struct inet_request_sock *ireq = inet_rsk(req);
 403        struct ipv6_pinfo *newnp;
 404        const struct ipv6_pinfo *np = inet6_sk(sk);
 405        struct ipv6_txoptions *opt;
 406        struct inet_sock *newinet;
 407        struct dccp6_sock *newdp6;
 408        struct sock *newsk;
 409
 410        if (skb->protocol == htons(ETH_P_IP)) {
 411                /*
 412                 *      v6 mapped
 413                 */
 414                newsk = dccp_v4_request_recv_sock(sk, skb, req, dst,
 415                                                  req_unhash, own_req);
 416                if (newsk == NULL)
 417                        return NULL;
 418
 419                newdp6 = (struct dccp6_sock *)newsk;
 420                newinet = inet_sk(newsk);
 421                newinet->pinet6 = &newdp6->inet6;
 422                newnp = inet6_sk(newsk);
 423
 424                memcpy(newnp, np, sizeof(struct ipv6_pinfo));
 425
 426                newnp->saddr = newsk->sk_v6_rcv_saddr;
 427
 428                inet_csk(newsk)->icsk_af_ops = &dccp_ipv6_mapped;
 429                newsk->sk_backlog_rcv = dccp_v4_do_rcv;
 430                newnp->pktoptions  = NULL;
 431                newnp->opt         = NULL;
 432                newnp->ipv6_mc_list = NULL;
 433                newnp->ipv6_ac_list = NULL;
 434                newnp->ipv6_fl_list = NULL;
 435                newnp->mcast_oif   = inet6_iif(skb);
 436                newnp->mcast_hops  = ipv6_hdr(skb)->hop_limit;
 437
 438                /*
 439                 * No need to charge this sock to the relevant IPv6 refcnt debug socks count
 440                 * here, dccp_create_openreq_child now does this for us, see the comment in
 441                 * that function for the gory details. -acme
 442                 */
 443
 444                /* It is tricky place. Until this moment IPv4 tcp
 445                   worked with IPv6 icsk.icsk_af_ops.
 446                   Sync it now.
 447                 */
 448                dccp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie);
 449
 450                return newsk;
 451        }
 452
 453
 454        if (sk_acceptq_is_full(sk))
 455                goto out_overflow;
 456
 457        if (!dst) {
 458                struct flowi6 fl6;
 459
 460                dst = inet6_csk_route_req(sk, &fl6, req, IPPROTO_DCCP);
 461                if (!dst)
 462                        goto out;
 463        }
 464
 465        newsk = dccp_create_openreq_child(sk, req, skb);
 466        if (newsk == NULL)
 467                goto out_nonewsk;
 468
 469        /*
 470         * No need to charge this sock to the relevant IPv6 refcnt debug socks
 471         * count here, dccp_create_openreq_child now does this for us, see the
 472         * comment in that function for the gory details. -acme
 473         */
 474
 475        ip6_dst_store(newsk, dst, NULL, NULL);
 476        newsk->sk_route_caps = dst->dev->features & ~(NETIF_F_IP_CSUM |
 477                                                      NETIF_F_TSO);
 478        newdp6 = (struct dccp6_sock *)newsk;
 479        newinet = inet_sk(newsk);
 480        newinet->pinet6 = &newdp6->inet6;
 481        newnp = inet6_sk(newsk);
 482
 483        memcpy(newnp, np, sizeof(struct ipv6_pinfo));
 484
 485        newsk->sk_v6_daddr      = ireq->ir_v6_rmt_addr;
 486        newnp->saddr            = ireq->ir_v6_loc_addr;
 487        newsk->sk_v6_rcv_saddr  = ireq->ir_v6_loc_addr;
 488        newsk->sk_bound_dev_if  = ireq->ir_iif;
 489
 490        /* Now IPv6 options...
 491
 492           First: no IPv4 options.
 493         */
 494        newinet->inet_opt = NULL;
 495
 496        /* Clone RX bits */
 497        newnp->rxopt.all = np->rxopt.all;
 498
 499        newnp->ipv6_mc_list = NULL;
 500        newnp->ipv6_ac_list = NULL;
 501        newnp->ipv6_fl_list = NULL;
 502        newnp->pktoptions = NULL;
 503        newnp->opt        = NULL;
 504        newnp->mcast_oif  = inet6_iif(skb);
 505        newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
 506
 507        /*
 508         * Clone native IPv6 options from listening socket (if any)
 509         *
 510         * Yes, keeping reference count would be much more clever, but we make
 511         * one more one thing there: reattach optmem to newsk.
 512         */
 513        opt = ireq->ipv6_opt;
 514        if (!opt)
 515                opt = rcu_dereference(np->opt);
 516        if (opt) {
 517                opt = ipv6_dup_options(newsk, opt);
 518                RCU_INIT_POINTER(newnp->opt, opt);
 519        }
 520        inet_csk(newsk)->icsk_ext_hdr_len = 0;
 521        if (opt)
 522                inet_csk(newsk)->icsk_ext_hdr_len = opt->opt_nflen +
 523                                                    opt->opt_flen;
 524
 525        dccp_sync_mss(newsk, dst_mtu(dst));
 526
 527        newinet->inet_daddr = newinet->inet_saddr = LOOPBACK4_IPV6;
 528        newinet->inet_rcv_saddr = LOOPBACK4_IPV6;
 529
 530        if (__inet_inherit_port(sk, newsk) < 0) {
 531                inet_csk_prepare_forced_close(newsk);
 532                dccp_done(newsk);
 533                goto out;
 534        }
 535        *own_req = inet_ehash_nolisten(newsk, req_to_sk(req_unhash));
 536        /* Clone pktoptions received with SYN, if we own the req */
 537        if (*own_req && ireq->pktopts) {
 538                newnp->pktoptions = skb_clone(ireq->pktopts, GFP_ATOMIC);
 539                consume_skb(ireq->pktopts);
 540                ireq->pktopts = NULL;
 541                if (newnp->pktoptions)
 542                        skb_set_owner_r(newnp->pktoptions, newsk);
 543        }
 544
 545        return newsk;
 546
 547out_overflow:
 548        __NET_INC_STATS(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS);
 549out_nonewsk:
 550        dst_release(dst);
 551out:
 552        __NET_INC_STATS(sock_net(sk), LINUX_MIB_LISTENDROPS);
 553        return NULL;
 554}
 555
 556/* The socket must have it's spinlock held when we get
 557 * here.
 558 *
 559 * We have a potential double-lock case here, so even when
 560 * doing backlog processing we use the BH locking scheme.
 561 * This is because we cannot sleep with the original spinlock
 562 * held.
 563 */
 564static int dccp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
 565{
 566        struct ipv6_pinfo *np = inet6_sk(sk);
 567        struct sk_buff *opt_skb = NULL;
 568
 569        /* Imagine: socket is IPv6. IPv4 packet arrives,
 570           goes to IPv4 receive handler and backlogged.
 571           From backlog it always goes here. Kerboom...
 572           Fortunately, dccp_rcv_established and rcv_established
 573           handle them correctly, but it is not case with
 574           dccp_v6_hnd_req and dccp_v6_ctl_send_reset().   --ANK
 575         */
 576
 577        if (skb->protocol == htons(ETH_P_IP))
 578                return dccp_v4_do_rcv(sk, skb);
 579
 580        if (sk_filter(sk, skb))
 581                goto discard;
 582
 583        /*
 584         * socket locking is here for SMP purposes as backlog rcv is currently
 585         * called with bh processing disabled.
 586         */
 587
 588        /* Do Stevens' IPV6_PKTOPTIONS.
 589
 590           Yes, guys, it is the only place in our code, where we
 591           may make it not affecting IPv4.
 592           The rest of code is protocol independent,
 593           and I do not like idea to uglify IPv4.
 594
 595           Actually, all the idea behind IPV6_PKTOPTIONS
 596           looks not very well thought. For now we latch
 597           options, received in the last packet, enqueued
 598           by tcp. Feel free to propose better solution.
 599                                               --ANK (980728)
 600         */
 601        if (np->rxopt.all)
 602                opt_skb = skb_clone(skb, GFP_ATOMIC);
 603
 604        if (sk->sk_state == DCCP_OPEN) { /* Fast path */
 605                if (dccp_rcv_established(sk, skb, dccp_hdr(skb), skb->len))
 606                        goto reset;
 607                if (opt_skb)
 608                        goto ipv6_pktoptions;
 609                return 0;
 610        }
 611
 612        /*
 613         *  Step 3: Process LISTEN state
 614         *     If S.state == LISTEN,
 615         *       If P.type == Request or P contains a valid Init Cookie option,
 616         *            (* Must scan the packet's options to check for Init
 617         *               Cookies.  Only Init Cookies are processed here,
 618         *               however; other options are processed in Step 8.  This
 619         *               scan need only be performed if the endpoint uses Init
 620         *               Cookies *)
 621         *            (* Generate a new socket and switch to that socket *)
 622         *            Set S := new socket for this port pair
 623         *            S.state = RESPOND
 624         *            Choose S.ISS (initial seqno) or set from Init Cookies
 625         *            Initialize S.GAR := S.ISS
 626         *            Set S.ISR, S.GSR, S.SWL, S.SWH from packet or Init Cookies
 627         *            Continue with S.state == RESPOND
 628         *            (* A Response packet will be generated in Step 11 *)
 629         *       Otherwise,
 630         *            Generate Reset(No Connection) unless P.type == Reset
 631         *            Drop packet and return
 632         *
 633         * NOTE: the check for the packet types is done in
 634         *       dccp_rcv_state_process
 635         */
 636
 637        if (dccp_rcv_state_process(sk, skb, dccp_hdr(skb), skb->len))
 638                goto reset;
 639        if (opt_skb)
 640                goto ipv6_pktoptions;
 641        return 0;
 642
 643reset:
 644        dccp_v6_ctl_send_reset(sk, skb);
 645discard:
 646        if (opt_skb != NULL)
 647                __kfree_skb(opt_skb);
 648        kfree_skb(skb);
 649        return 0;
 650
 651/* Handling IPV6_PKTOPTIONS skb the similar
 652 * way it's done for net/ipv6/tcp_ipv6.c
 653 */
 654ipv6_pktoptions:
 655        if (!((1 << sk->sk_state) & (DCCPF_CLOSED | DCCPF_LISTEN))) {
 656                if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo)
 657                        np->mcast_oif = inet6_iif(opt_skb);
 658                if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim)
 659                        np->mcast_hops = ipv6_hdr(opt_skb)->hop_limit;
 660                if (np->rxopt.bits.rxflow || np->rxopt.bits.rxtclass)
 661                        np->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(opt_skb));
 662                if (np->repflow)
 663                        np->flow_label = ip6_flowlabel(ipv6_hdr(opt_skb));
 664                if (ipv6_opt_accepted(sk, opt_skb,
 665                                      &DCCP_SKB_CB(opt_skb)->header.h6)) {
 666                        skb_set_owner_r(opt_skb, sk);
 667                        memmove(IP6CB(opt_skb),
 668                                &DCCP_SKB_CB(opt_skb)->header.h6,
 669                                sizeof(struct inet6_skb_parm));
 670                        opt_skb = xchg(&np->pktoptions, opt_skb);
 671                } else {
 672                        __kfree_skb(opt_skb);
 673                        opt_skb = xchg(&np->pktoptions, NULL);
 674                }
 675        }
 676
 677        kfree_skb(opt_skb);
 678        return 0;
 679}
 680
 681static int dccp_v6_rcv(struct sk_buff *skb)
 682{
 683        const struct dccp_hdr *dh;
 684        bool refcounted;
 685        struct sock *sk;
 686        int min_cov;
 687
 688        /* Step 1: Check header basics */
 689
 690        if (dccp_invalid_packet(skb))
 691                goto discard_it;
 692
 693        /* Step 1: If header checksum is incorrect, drop packet and return. */
 694        if (dccp_v6_csum_finish(skb, &ipv6_hdr(skb)->saddr,
 695                                     &ipv6_hdr(skb)->daddr)) {
 696                DCCP_WARN("dropped packet with invalid checksum\n");
 697                goto discard_it;
 698        }
 699
 700        dh = dccp_hdr(skb);
 701
 702        DCCP_SKB_CB(skb)->dccpd_seq  = dccp_hdr_seq(dh);
 703        DCCP_SKB_CB(skb)->dccpd_type = dh->dccph_type;
 704
 705        if (dccp_packet_without_ack(skb))
 706                DCCP_SKB_CB(skb)->dccpd_ack_seq = DCCP_PKT_WITHOUT_ACK_SEQ;
 707        else
 708                DCCP_SKB_CB(skb)->dccpd_ack_seq = dccp_hdr_ack_seq(skb);
 709
 710lookup:
 711        sk = __inet6_lookup_skb(&dccp_hashinfo, skb, __dccp_hdr_len(dh),
 712                                dh->dccph_sport, dh->dccph_dport,
 713                                inet6_iif(skb), 0, &refcounted);
 714        if (!sk) {
 715                dccp_pr_debug("failed to look up flow ID in table and "
 716                              "get corresponding socket\n");
 717                goto no_dccp_socket;
 718        }
 719
 720        /*
 721         * Step 2:
 722         *      ... or S.state == TIMEWAIT,
 723         *              Generate Reset(No Connection) unless P.type == Reset
 724         *              Drop packet and return
 725         */
 726        if (sk->sk_state == DCCP_TIME_WAIT) {
 727                dccp_pr_debug("sk->sk_state == DCCP_TIME_WAIT: do_time_wait\n");
 728                inet_twsk_put(inet_twsk(sk));
 729                goto no_dccp_socket;
 730        }
 731
 732        if (sk->sk_state == DCCP_NEW_SYN_RECV) {
 733                struct request_sock *req = inet_reqsk(sk);
 734                struct sock *nsk;
 735
 736                sk = req->rsk_listener;
 737                if (unlikely(sk->sk_state != DCCP_LISTEN)) {
 738                        inet_csk_reqsk_queue_drop_and_put(sk, req);
 739                        goto lookup;
 740                }
 741                sock_hold(sk);
 742                refcounted = true;
 743                nsk = dccp_check_req(sk, skb, req);
 744                if (!nsk) {
 745                        reqsk_put(req);
 746                        goto discard_and_relse;
 747                }
 748                if (nsk == sk) {
 749                        reqsk_put(req);
 750                } else if (dccp_child_process(sk, nsk, skb)) {
 751                        dccp_v6_ctl_send_reset(sk, skb);
 752                        goto discard_and_relse;
 753                } else {
 754                        sock_put(sk);
 755                        return 0;
 756                }
 757        }
 758        /*
 759         * RFC 4340, sec. 9.2.1: Minimum Checksum Coverage
 760         *      o if MinCsCov = 0, only packets with CsCov = 0 are accepted
 761         *      o if MinCsCov > 0, also accept packets with CsCov >= MinCsCov
 762         */
 763        min_cov = dccp_sk(sk)->dccps_pcrlen;
 764        if (dh->dccph_cscov  &&  (min_cov == 0 || dh->dccph_cscov < min_cov))  {
 765                dccp_pr_debug("Packet CsCov %d does not satisfy MinCsCov %d\n",
 766                              dh->dccph_cscov, min_cov);
 767                /* FIXME: send Data Dropped option (see also dccp_v4_rcv) */
 768                goto discard_and_relse;
 769        }
 770
 771        if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb))
 772                goto discard_and_relse;
 773
 774        return __sk_receive_skb(sk, skb, 1, dh->dccph_doff * 4,
 775                                refcounted) ? -1 : 0;
 776
 777no_dccp_socket:
 778        if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb))
 779                goto discard_it;
 780        /*
 781         * Step 2:
 782         *      If no socket ...
 783         *              Generate Reset(No Connection) unless P.type == Reset
 784         *              Drop packet and return
 785         */
 786        if (dh->dccph_type != DCCP_PKT_RESET) {
 787                DCCP_SKB_CB(skb)->dccpd_reset_code =
 788                                        DCCP_RESET_CODE_NO_CONNECTION;
 789                dccp_v6_ctl_send_reset(sk, skb);
 790        }
 791
 792discard_it:
 793        kfree_skb(skb);
 794        return 0;
 795
 796discard_and_relse:
 797        if (refcounted)
 798                sock_put(sk);
 799        goto discard_it;
 800}
 801
 802static int dccp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
 803                           int addr_len)
 804{
 805        struct sockaddr_in6 *usin = (struct sockaddr_in6 *)uaddr;
 806        struct inet_connection_sock *icsk = inet_csk(sk);
 807        struct inet_sock *inet = inet_sk(sk);
 808        struct ipv6_pinfo *np = inet6_sk(sk);
 809        struct dccp_sock *dp = dccp_sk(sk);
 810        struct in6_addr *saddr = NULL, *final_p, final;
 811        struct ipv6_txoptions *opt;
 812        struct flowi6 fl6;
 813        struct dst_entry *dst;
 814        int addr_type;
 815        int err;
 816
 817        dp->dccps_role = DCCP_ROLE_CLIENT;
 818
 819        if (addr_len < SIN6_LEN_RFC2133)
 820                return -EINVAL;
 821
 822        if (usin->sin6_family != AF_INET6)
 823                return -EAFNOSUPPORT;
 824
 825        memset(&fl6, 0, sizeof(fl6));
 826
 827        if (np->sndflow) {
 828                fl6.flowlabel = usin->sin6_flowinfo & IPV6_FLOWINFO_MASK;
 829                IP6_ECN_flow_init(fl6.flowlabel);
 830                if (fl6.flowlabel & IPV6_FLOWLABEL_MASK) {
 831                        struct ip6_flowlabel *flowlabel;
 832                        flowlabel = fl6_sock_lookup(sk, fl6.flowlabel);
 833                        if (flowlabel == NULL)
 834                                return -EINVAL;
 835                        fl6_sock_release(flowlabel);
 836                }
 837        }
 838        /*
 839         * connect() to INADDR_ANY means loopback (BSD'ism).
 840         */
 841        if (ipv6_addr_any(&usin->sin6_addr))
 842                usin->sin6_addr.s6_addr[15] = 1;
 843
 844        addr_type = ipv6_addr_type(&usin->sin6_addr);
 845
 846        if (addr_type & IPV6_ADDR_MULTICAST)
 847                return -ENETUNREACH;
 848
 849        if (addr_type & IPV6_ADDR_LINKLOCAL) {
 850                if (addr_len >= sizeof(struct sockaddr_in6) &&
 851                    usin->sin6_scope_id) {
 852                        /* If interface is set while binding, indices
 853                         * must coincide.
 854                         */
 855                        if (sk->sk_bound_dev_if &&
 856                            sk->sk_bound_dev_if != usin->sin6_scope_id)
 857                                return -EINVAL;
 858
 859                        sk->sk_bound_dev_if = usin->sin6_scope_id;
 860                }
 861
 862                /* Connect to link-local address requires an interface */
 863                if (!sk->sk_bound_dev_if)
 864                        return -EINVAL;
 865        }
 866
 867        sk->sk_v6_daddr = usin->sin6_addr;
 868        np->flow_label = fl6.flowlabel;
 869
 870        /*
 871         * DCCP over IPv4
 872         */
 873        if (addr_type == IPV6_ADDR_MAPPED) {
 874                u32 exthdrlen = icsk->icsk_ext_hdr_len;
 875                struct sockaddr_in sin;
 876
 877                SOCK_DEBUG(sk, "connect: ipv4 mapped\n");
 878
 879                if (__ipv6_only_sock(sk))
 880                        return -ENETUNREACH;
 881
 882                sin.sin_family = AF_INET;
 883                sin.sin_port = usin->sin6_port;
 884                sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3];
 885
 886                icsk->icsk_af_ops = &dccp_ipv6_mapped;
 887                sk->sk_backlog_rcv = dccp_v4_do_rcv;
 888
 889                err = dccp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin));
 890                if (err) {
 891                        icsk->icsk_ext_hdr_len = exthdrlen;
 892                        icsk->icsk_af_ops = &dccp_ipv6_af_ops;
 893                        sk->sk_backlog_rcv = dccp_v6_do_rcv;
 894                        goto failure;
 895                }
 896                np->saddr = sk->sk_v6_rcv_saddr;
 897                return err;
 898        }
 899
 900        if (!ipv6_addr_any(&sk->sk_v6_rcv_saddr))
 901                saddr = &sk->sk_v6_rcv_saddr;
 902
 903        fl6.flowi6_proto = IPPROTO_DCCP;
 904        fl6.daddr = sk->sk_v6_daddr;
 905        fl6.saddr = saddr ? *saddr : np->saddr;
 906        fl6.flowi6_oif = sk->sk_bound_dev_if;
 907        fl6.fl6_dport = usin->sin6_port;
 908        fl6.fl6_sport = inet->inet_sport;
 909        security_sk_classify_flow(sk, flowi6_to_flowi(&fl6));
 910
 911        opt = rcu_dereference_protected(np->opt, lockdep_sock_is_held(sk));
 912        final_p = fl6_update_dst(&fl6, opt, &final);
 913
 914        dst = ip6_dst_lookup_flow(sk, &fl6, final_p);
 915        if (IS_ERR(dst)) {
 916                err = PTR_ERR(dst);
 917                goto failure;
 918        }
 919
 920        if (saddr == NULL) {
 921                saddr = &fl6.saddr;
 922                sk->sk_v6_rcv_saddr = *saddr;
 923        }
 924
 925        /* set the source address */
 926        np->saddr = *saddr;
 927        inet->inet_rcv_saddr = LOOPBACK4_IPV6;
 928
 929        ip6_dst_store(sk, dst, NULL, NULL);
 930
 931        icsk->icsk_ext_hdr_len = 0;
 932        if (opt)
 933                icsk->icsk_ext_hdr_len = opt->opt_flen + opt->opt_nflen;
 934
 935        inet->inet_dport = usin->sin6_port;
 936
 937        dccp_set_state(sk, DCCP_REQUESTING);
 938        err = inet6_hash_connect(&dccp_death_row, sk);
 939        if (err)
 940                goto late_failure;
 941
 942        dp->dccps_iss = secure_dccpv6_sequence_number(np->saddr.s6_addr32,
 943                                                      sk->sk_v6_daddr.s6_addr32,
 944                                                      inet->inet_sport,
 945                                                      inet->inet_dport);
 946        err = dccp_connect(sk);
 947        if (err)
 948                goto late_failure;
 949
 950        return 0;
 951
 952late_failure:
 953        dccp_set_state(sk, DCCP_CLOSED);
 954        __sk_dst_reset(sk);
 955failure:
 956        inet->inet_dport = 0;
 957        sk->sk_route_caps = 0;
 958        return err;
 959}
 960
 961static const struct inet_connection_sock_af_ops dccp_ipv6_af_ops = {
 962        .queue_xmit        = inet6_csk_xmit,
 963        .send_check        = dccp_v6_send_check,
 964        .rebuild_header    = inet6_sk_rebuild_header,
 965        .conn_request      = dccp_v6_conn_request,
 966        .syn_recv_sock     = dccp_v6_request_recv_sock,
 967        .net_header_len    = sizeof(struct ipv6hdr),
 968        .setsockopt        = ipv6_setsockopt,
 969        .getsockopt        = ipv6_getsockopt,
 970        .addr2sockaddr     = inet6_csk_addr2sockaddr,
 971        .sockaddr_len      = sizeof(struct sockaddr_in6),
 972#ifdef CONFIG_COMPAT
 973        .compat_setsockopt = compat_ipv6_setsockopt,
 974        .compat_getsockopt = compat_ipv6_getsockopt,
 975#endif
 976};
 977
 978/*
 979 *      DCCP over IPv4 via INET6 API
 980 */
 981static const struct inet_connection_sock_af_ops dccp_ipv6_mapped = {
 982        .queue_xmit        = ip_queue_xmit,
 983        .send_check        = dccp_v4_send_check,
 984        .rebuild_header    = inet_sk_rebuild_header,
 985        .conn_request      = dccp_v6_conn_request,
 986        .syn_recv_sock     = dccp_v6_request_recv_sock,
 987        .net_header_len    = sizeof(struct iphdr),
 988        .setsockopt        = ipv6_setsockopt,
 989        .getsockopt        = ipv6_getsockopt,
 990        .addr2sockaddr     = inet6_csk_addr2sockaddr,
 991        .sockaddr_len      = sizeof(struct sockaddr_in6),
 992#ifdef CONFIG_COMPAT
 993        .compat_setsockopt = compat_ipv6_setsockopt,
 994        .compat_getsockopt = compat_ipv6_getsockopt,
 995#endif
 996};
 997
 998/* NOTE: A lot of things set to zero explicitly by call to
 999 *       sk_alloc() so need not be done here.
1000 */

1001static int dccp_v6_init_sock(struct sock *sk)
1002{
1003        static __u8 dccp_v6_ctl_sock_initialized;
1004        int err = dccp_init_sock(sk, dccp_v6_ctl_sock_initialized);
1005
1006        if (err == 0) {
1007                if (unlikely(!dccp_v6_ctl_sock_initialized))
1008                        dccp_v6_ctl_sock_initialized = 1;
1009                inet_csk(sk)->icsk_af_ops = &dccp_ipv6_af_ops;
1010        }
1011
1012        return err;
1013}
1014
1015static void dccp_v6_destroy_sock(struct sock *sk)
1016{
1017        dccp_destroy_sock(sk);
1018        inet6_destroy_sock(sk);
1019}
1020
1021static struct timewait_sock_ops dccp6_timewait_sock_ops = {
1022        .twsk_obj_size  = sizeof(struct dccp6_timewait_sock),
1023};
1024
1025static struct proto dccp_v6_prot = {
1026        .name              = "DCCPv6",
1027        .owner             = THIS_MODULE,
1028        .close             = dccp_close,
1029        .connect           = dccp_v6_connect,
1030        .disconnect        = dccp_disconnect,
1031        .ioctl             = dccp_ioctl,
1032        .init              = dccp_v6_init_sock,
1033        .setsockopt        = dccp_setsockopt,
1034        .getsockopt        = dccp_getsockopt,
1035        .sendmsg           = dccp_sendmsg,
1036        .recvmsg           = dccp_recvmsg,
1037        .backlog_rcv       = dccp_v6_do_rcv,
1038        .hash              = inet6_hash,
1039        .unhash            = inet_unhash,
1040        .accept            = inet_csk_accept,
1041        .get_port          = inet_csk_get_port,
1042        .shutdown          = dccp_shutdown,
1043        .destroy           = dccp_v6_destroy_sock,
1044        .orphan_count      = &dccp_orphan_count,
1045        .max_header        = MAX_DCCP_HEADER,
1046        .obj_size          = sizeof(struct dccp6_sock),
1047        .slab_flags        = SLAB_TYPESAFE_BY_RCU,
1048        .rsk_prot          = &dccp6_request_sock_ops,
1049        .twsk_prot         = &dccp6_timewait_sock_ops,
1050        .h.hashinfo        = &dccp_hashinfo,
1051#ifdef CONFIG_COMPAT
1052        .compat_setsockopt = compat_dccp_setsockopt,
1053        .compat_getsockopt = compat_dccp_getsockopt,
1054#endif
1055};
1056
1057static const struct inet6_protocol dccp_v6_protocol = {
1058        .handler        = dccp_v6_rcv,
1059        .err_handler    = dccp_v6_err,
1060        .flags          = INET6_PROTO_NOPOLICY | INET6_PROTO_FINAL,
1061};
1062
1063static const struct proto_ops inet6_dccp_ops = {
1064        .family            = PF_INET6,
1065        .owner             = THIS_MODULE,
1066        .release           = inet6_release,
1067        .bind              = inet6_bind,
1068        .connect           = inet_stream_connect,
1069        .socketpair        = sock_no_socketpair,
1070        .accept            = inet_accept,
1071        .getname           = inet6_getname,
1072        .poll              = dccp_poll,
1073        .ioctl             = inet6_ioctl,
1074        .listen            = inet_dccp_listen,
1075        .shutdown          = inet_shutdown,
1076        .setsockopt        = sock_common_setsockopt,
1077        .getsockopt        = sock_common_getsockopt,
1078        .sendmsg           = inet_sendmsg,
1079        .recvmsg           = sock_common_recvmsg,
1080        .mmap              = sock_no_mmap,
1081        .sendpage          = sock_no_sendpage,
1082#ifdef CONFIG_COMPAT
1083        .compat_setsockopt = compat_sock_common_setsockopt,
1084        .compat_getsockopt = compat_sock_common_getsockopt,
1085#endif
1086};
1087
1088static struct inet_protosw dccp_v6_protosw = {
1089        .type           = SOCK_DCCP,
1090        .protocol       = IPPROTO_DCCP,
1091        .prot           = &dccp_v6_prot,
1092        .ops            = &inet6_dccp_ops,
1093        .flags          = INET_PROTOSW_ICSK,
1094};
1095
1096static int __net_init dccp_v6_init_net(struct net *net)
1097{
1098        if (dccp_hashinfo.bhash == NULL)
1099                return -ESOCKTNOSUPPORT;
1100
1101        return inet_ctl_sock_create(&net->dccp.v6_ctl_sk, PF_INET6,
1102                                    SOCK_DCCP, IPPROTO_DCCP, net);
1103}
1104
1105static void __net_exit dccp_v6_exit_net(struct net *net)
1106{
1107        inet_ctl_sock_destroy(net->dccp.v6_ctl_sk);
1108}
1109
1110static void __net_exit dccp_v6_exit_batch(struct list_head *net_exit_list)
1111{
1112        inet_twsk_purge(&dccp_hashinfo, AF_INET6);
1113}
1114
1115static struct pernet_operations dccp_v6_ops = {
1116        .init   = dccp_v6_init_net,
1117        .exit   = dccp_v6_exit_net,
1118        .exit_batch = dccp_v6_exit_batch,
1119};
1120
1121static int __init dccp_v6_init(void)
1122{
1123        int err = proto_register(&dccp_v6_prot, 1);
1124
1125        if (err)
1126                goto out;
1127
1128        inet6_register_protosw(&dccp_v6_protosw);
1129
1130        err = register_pernet_subsys(&dccp_v6_ops);
1131        if (err)
1132                goto out_destroy_ctl_sock;
1133
1134        err = inet6_add_protocol(&dccp_v6_protocol, IPPROTO_DCCP);
1135        if (err)
1136                goto out_unregister_proto;
1137
1138out:
1139        return err;
1140out_unregister_proto:
1141        unregister_pernet_subsys(&dccp_v6_ops);
1142out_destroy_ctl_sock:
1143        inet6_unregister_protosw(&dccp_v6_protosw);
1144        proto_unregister(&dccp_v6_prot);
1145        goto out;
1146}
1147
1148static void __exit dccp_v6_exit(void)
1149{
1150        inet6_del_protocol(&dccp_v6_protocol, IPPROTO_DCCP);
1151        unregister_pernet_subsys(&dccp_v6_ops);
1152        inet6_unregister_protosw(&dccp_v6_protosw);
1153        proto_unregister(&dccp_v6_prot);
1154}
1155
1156module_init(dccp_v6_init);
1157module_exit(dccp_v6_exit);
1158
1159/*
1160 * __stringify doesn't likes enums, so use SOCK_DCCP (6) and IPPROTO_DCCP (33)
1161 * values directly, Also cover the case where the protocol is not specified,
1162 * i.e. net-pf-PF_INET6-proto-0-type-SOCK_DCCP
1163 */
1164MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_INET6, 33, 6);
1165MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_INET6, 0, 6);
1166MODULE_LICENSE("GPL");
1167MODULE_AUTHOR("Arnaldo Carvalho de Melo <acme@mandriva.com>");
1168MODULE_DESCRIPTION("DCCPv6 - Datagram Congestion Controlled Protocol");
1169