LXR linux/net/dccp/input.c

   1// SPDX-License-Identifier: GPL-2.0-or-later
   2/*
   3 *  net/dccp/input.c
   4 *
   5 *  An implementation of the DCCP protocol
   6 *  Arnaldo Carvalho de Melo <acme@conectiva.com.br>
   7 */
   8
   9#include <linux/dccp.h>
  10#include <linux/skbuff.h>
  11#include <linux/slab.h>
  12
  13#include <net/sock.h>
  14
  15#include "ackvec.h"
  16#include "ccid.h"
  17#include "dccp.h"
  18
  19/* rate-limit for syncs in reply to sequence-invalid packets; RFC 4340, 7.5.4 */
  20int sysctl_dccp_sync_ratelimit  __read_mostly = HZ / 8;
  21
  22static void dccp_enqueue_skb(struct sock *sk, struct sk_buff *skb)
  23{
  24        __skb_pull(skb, dccp_hdr(skb)->dccph_doff * 4);
  25        __skb_queue_tail(&sk->sk_receive_queue, skb);
  26        skb_set_owner_r(skb, sk);
  27        sk->sk_data_ready(sk);
  28}
  29
  30static void dccp_fin(struct sock *sk, struct sk_buff *skb)
  31{
  32        /*
  33         * On receiving Close/CloseReq, both RD/WR shutdown are performed.
  34         * RFC 4340, 8.3 says that we MAY send further Data/DataAcks after
  35         * receiving the closing segment, but there is no guarantee that such
  36         * data will be processed at all.
  37         */
  38        sk->sk_shutdown = SHUTDOWN_MASK;
  39        sock_set_flag(sk, SOCK_DONE);
  40        dccp_enqueue_skb(sk, skb);
  41}
  42
  43static int dccp_rcv_close(struct sock *sk, struct sk_buff *skb)
  44{
  45        int queued = 0;
  46
  47        switch (sk->sk_state) {
  48        /*
  49         * We ignore Close when received in one of the following states:
  50         *  - CLOSED            (may be a late or duplicate packet)
  51         *  - PASSIVE_CLOSEREQ  (the peer has sent a CloseReq earlier)
  52         *  - RESPOND           (already handled by dccp_check_req)
  53         */
  54        case DCCP_CLOSING:
  55                /*
  56                 * Simultaneous-close: receiving a Close after sending one. This
  57                 * can happen if both client and server perform active-close and
  58                 * will result in an endless ping-pong of crossing and retrans-
  59                 * mitted Close packets, which only terminates when one of the
  60                 * nodes times out (min. 64 seconds). Quicker convergence can be
  61                 * achieved when one of the nodes acts as tie-breaker.
  62                 * This is ok as both ends are done with data transfer and each
  63                 * end is just waiting for the other to acknowledge termination.
  64                 */
  65                if (dccp_sk(sk)->dccps_role != DCCP_ROLE_CLIENT)
  66                        break;
  67                /* fall through */
  68        case DCCP_REQUESTING:
  69        case DCCP_ACTIVE_CLOSEREQ:
  70                dccp_send_reset(sk, DCCP_RESET_CODE_CLOSED);
  71                dccp_done(sk);
  72                break;
  73        case DCCP_OPEN:
  74        case DCCP_PARTOPEN:
  75                /* Give waiting application a chance to read pending data */
  76                queued = 1;
  77                dccp_fin(sk, skb);
  78                dccp_set_state(sk, DCCP_PASSIVE_CLOSE);
  79                /* fall through */
  80        case DCCP_PASSIVE_CLOSE:
  81                /*
  82                 * Retransmitted Close: we have already enqueued the first one.
  83                 */
  84                sk_wake_async(sk, SOCK_WAKE_WAITD, POLL_HUP);
  85        }
  86        return queued;
  87}
  88
  89static int dccp_rcv_closereq(struct sock *sk, struct sk_buff *skb)
  90{
  91        int queued = 0;
  92
  93        /*
  94         *   Step 7: Check for unexpected packet types
  95         *      If (S.is_server and P.type == CloseReq)
  96         *        Send Sync packet acknowledging P.seqno
  97         *        Drop packet and return
  98         */
  99        if (dccp_sk(sk)->dccps_role != DCCP_ROLE_CLIENT) {
 100                dccp_send_sync(sk, DCCP_SKB_CB(skb)->dccpd_seq, DCCP_PKT_SYNC);
 101                return queued;
 102        }
 103
 104        /* Step 13: process relevant Client states < CLOSEREQ */
 105        switch (sk->sk_state) {
 106        case DCCP_REQUESTING:
 107                dccp_send_close(sk, 0);
 108                dccp_set_state(sk, DCCP_CLOSING);
 109                break;
 110        case DCCP_OPEN:
 111        case DCCP_PARTOPEN:
 112                /* Give waiting application a chance to read pending data */
 113                queued = 1;
 114                dccp_fin(sk, skb);
 115                dccp_set_state(sk, DCCP_PASSIVE_CLOSEREQ);
 116                /* fall through */
 117        case DCCP_PASSIVE_CLOSEREQ:
 118                sk_wake_async(sk, SOCK_WAKE_WAITD, POLL_HUP);
 119        }
 120        return queued;
 121}
 122
 123static u16 dccp_reset_code_convert(const u8 code)
 124{
 125        static const u16 error_code[] = {
 126        [DCCP_RESET_CODE_CLOSED]             = 0,       /* normal termination */
 127        [DCCP_RESET_CODE_UNSPECIFIED]        = 0,       /* nothing known */
 128        [DCCP_RESET_CODE_ABORTED]            = ECONNRESET,
 129
 130        [DCCP_RESET_CODE_NO_CONNECTION]      = ECONNREFUSED,
 131        [DCCP_RESET_CODE_CONNECTION_REFUSED] = ECONNREFUSED,
 132        [DCCP_RESET_CODE_TOO_BUSY]           = EUSERS,
 133        [DCCP_RESET_CODE_AGGRESSION_PENALTY] = EDQUOT,
 134
 135        [DCCP_RESET_CODE_PACKET_ERROR]       = ENOMSG,
 136        [DCCP_RESET_CODE_BAD_INIT_COOKIE]    = EBADR,
 137        [DCCP_RESET_CODE_BAD_SERVICE_CODE]   = EBADRQC,
 138        [DCCP_RESET_CODE_OPTION_ERROR]       = EILSEQ,
 139        [DCCP_RESET_CODE_MANDATORY_ERROR]    = EOPNOTSUPP,
 140        };
 141
 142        return code >= DCCP_MAX_RESET_CODES ? 0 : error_code[code];
 143}
 144
 145static void dccp_rcv_reset(struct sock *sk, struct sk_buff *skb)
 146{
 147        u16 err = dccp_reset_code_convert(dccp_hdr_reset(skb)->dccph_reset_code);
 148
 149        sk->sk_err = err;
 150
 151        /* Queue the equivalent of TCP fin so that dccp_recvmsg exits the loop */
 152        dccp_fin(sk, skb);
 153
 154        if (err && !sock_flag(sk, SOCK_DEAD))
 155                sk_wake_async(sk, SOCK_WAKE_IO, POLL_ERR);
 156        dccp_time_wait(sk, DCCP_TIME_WAIT, 0);
 157}
 158
 159static void dccp_handle_ackvec_processing(struct sock *sk, struct sk_buff *skb)
 160{
 161        struct dccp_ackvec *av = dccp_sk(sk)->dccps_hc_rx_ackvec;
 162
 163        if (av == NULL)
 164                return;
 165        if (DCCP_SKB_CB(skb)->dccpd_ack_seq != DCCP_PKT_WITHOUT_ACK_SEQ)
 166                dccp_ackvec_clear_state(av, DCCP_SKB_CB(skb)->dccpd_ack_seq);
 167        dccp_ackvec_input(av, skb);
 168}
 169
 170static void dccp_deliver_input_to_ccids(struct sock *sk, struct sk_buff *skb)
 171{
 172        const struct dccp_sock *dp = dccp_sk(sk);
 173
 174        /* Don't deliver to RX CCID when node has shut down read end. */
 175        if (!(sk->sk_shutdown & RCV_SHUTDOWN))
 176                ccid_hc_rx_packet_recv(dp->dccps_hc_rx_ccid, sk, skb);
 177        /*
 178         * Until the TX queue has been drained, we can not honour SHUT_WR, since
 179         * we need received feedback as input to adjust congestion control.
 180         */
 181        if (sk->sk_write_queue.qlen > 0 || !(sk->sk_shutdown & SEND_SHUTDOWN))
 182                ccid_hc_tx_packet_recv(dp->dccps_hc_tx_ccid, sk, skb);
 183}
 184
 185static int dccp_check_seqno(struct sock *sk, struct sk_buff *skb)
 186{
 187        const struct dccp_hdr *dh = dccp_hdr(skb);
 188        struct dccp_sock *dp = dccp_sk(sk);
 189        u64 lswl, lawl, seqno = DCCP_SKB_CB(skb)->dccpd_seq,
 190                        ackno = DCCP_SKB_CB(skb)->dccpd_ack_seq;
 191
 192        /*
 193         *   Step 5: Prepare sequence numbers for Sync
 194         *     If P.type == Sync or P.type == SyncAck,
 195         *        If S.AWL <= P.ackno <= S.AWH and P.seqno >= S.SWL,
 196         *           / * P is valid, so update sequence number variables
 197         *               accordingly.  After this update, P will pass the tests
 198         *               in Step 6.  A SyncAck is generated if necessary in
 199         *               Step 15 * /
 200         *           Update S.GSR, S.SWL, S.SWH
 201         *        Otherwise,
 202         *           Drop packet and return
 203         */
 204        if (dh->dccph_type == DCCP_PKT_SYNC ||
 205            dh->dccph_type == DCCP_PKT_SYNCACK) {
 206                if (between48(ackno, dp->dccps_awl, dp->dccps_awh) &&
 207                    dccp_delta_seqno(dp->dccps_swl, seqno) >= 0)
 208                        dccp_update_gsr(sk, seqno);
 209                else
 210                        return -1;
 211        }
 212
 213        /*
 214         *   Step 6: Check sequence numbers
 215         *      Let LSWL = S.SWL and LAWL = S.AWL
 216         *      If P.type == CloseReq or P.type == Close or P.type == Reset,
 217         *        LSWL := S.GSR + 1, LAWL := S.GAR
 218         *      If LSWL <= P.seqno <= S.SWH
 219         *           and (P.ackno does not exist or LAWL <= P.ackno <= S.AWH),
 220         *        Update S.GSR, S.SWL, S.SWH
 221         *        If P.type != Sync,
 222         *           Update S.GAR
 223         */
 224        lswl = dp->dccps_swl;
 225        lawl = dp->dccps_awl;
 226
 227        if (dh->dccph_type == DCCP_PKT_CLOSEREQ ||
 228            dh->dccph_type == DCCP_PKT_CLOSE ||
 229            dh->dccph_type == DCCP_PKT_RESET) {
 230                lswl = ADD48(dp->dccps_gsr, 1);
 231                lawl = dp->dccps_gar;
 232        }
 233
 234        if (between48(seqno, lswl, dp->dccps_swh) &&
 235            (ackno == DCCP_PKT_WITHOUT_ACK_SEQ ||
 236             between48(ackno, lawl, dp->dccps_awh))) {
 237                dccp_update_gsr(sk, seqno);
 238
 239                if (dh->dccph_type != DCCP_PKT_SYNC &&
 240                    ackno != DCCP_PKT_WITHOUT_ACK_SEQ &&
 241                    after48(ackno, dp->dccps_gar))
 242                        dp->dccps_gar = ackno;
 243        } else {
 244                unsigned long now = jiffies;
 245                /*
 246                 *   Step 6: Check sequence numbers
 247                 *      Otherwise,
 248                 *         If P.type == Reset,
 249                 *            Send Sync packet acknowledging S.GSR
 250                 *         Otherwise,
 251                 *            Send Sync packet acknowledging P.seqno
 252                 *      Drop packet and return
 253                 *
 254                 *   These Syncs are rate-limited as per RFC 4340, 7.5.4:
 255                 *   at most 1 / (dccp_sync_rate_limit * HZ) Syncs per second.
 256                 */
 257                if (time_before(now, (dp->dccps_rate_last +
 258                                      sysctl_dccp_sync_ratelimit)))
 259                        return -1;
 260
 261                DCCP_WARN("Step 6 failed for %s packet, "
 262                          "(LSWL(%llu) <= P.seqno(%llu) <= S.SWH(%llu)) and "
 263                          "(P.ackno %s or LAWL(%llu) <= P.ackno(%llu) <= S.AWH(%llu), "
 264                          "sending SYNC...\n",  dccp_packet_name(dh->dccph_type),
 265                          (unsigned long long) lswl, (unsigned long long) seqno,
 266                          (unsigned long long) dp->dccps_swh,
 267                          (ackno == DCCP_PKT_WITHOUT_ACK_SEQ) ? "doesn't exist"
 268                                                              : "exists",
 269                          (unsigned long long) lawl, (unsigned long long) ackno,
 270                          (unsigned long long) dp->dccps_awh);
 271
 272                dp->dccps_rate_last = now;
 273
 274                if (dh->dccph_type == DCCP_PKT_RESET)
 275                        seqno = dp->dccps_gsr;
 276                dccp_send_sync(sk, seqno, DCCP_PKT_SYNC);
 277                return -1;
 278        }
 279
 280        return 0;
 281}
 282
 283static int __dccp_rcv_established(struct sock *sk, struct sk_buff *skb,
 284                                  const struct dccp_hdr *dh, const unsigned int len)
 285{
 286        struct dccp_sock *dp = dccp_sk(sk);
 287
 288        switch (dccp_hdr(skb)->dccph_type) {
 289        case DCCP_PKT_DATAACK:
 290        case DCCP_PKT_DATA:
 291                /*
 292                 * FIXME: schedule DATA_DROPPED (RFC 4340, 11.7.2) if and when
 293                 * - sk_shutdown == RCV_SHUTDOWN, use Code 1, "Not Listening"
 294                 * - sk_receive_queue is full, use Code 2, "Receive Buffer"
 295                 */
 296                dccp_enqueue_skb(sk, skb);
 297                return 0;
 298        case DCCP_PKT_ACK:
 299                goto discard;
 300        case DCCP_PKT_RESET:
 301                /*
 302                 *  Step 9: Process Reset
 303                 *      If P.type == Reset,
 304                 *              Tear down connection
 305                 *              S.state := TIMEWAIT
 306                 *              Set TIMEWAIT timer
 307                 *              Drop packet and return
 308                 */
 309                dccp_rcv_reset(sk, skb);
 310                return 0;
 311        case DCCP_PKT_CLOSEREQ:
 312                if (dccp_rcv_closereq(sk, skb))
 313                        return 0;
 314                goto discard;
 315        case DCCP_PKT_CLOSE:
 316                if (dccp_rcv_close(sk, skb))
 317                        return 0;
 318                goto discard;
 319        case DCCP_PKT_REQUEST:
 320                /* Step 7
 321                 *   or (S.is_server and P.type == Response)
 322                 *   or (S.is_client and P.type == Request)
 323                 *   or (S.state >= OPEN and P.type == Request
 324                 *      and P.seqno >= S.OSR)
 325                 *    or (S.state >= OPEN and P.type == Response
 326                 *      and P.seqno >= S.OSR)
 327                 *    or (S.state == RESPOND and P.type == Data),
 328                 *  Send Sync packet acknowledging P.seqno
 329                 *  Drop packet and return
 330                 */
 331                if (dp->dccps_role != DCCP_ROLE_LISTEN)
 332                        goto send_sync;
 333                goto check_seq;
 334        case DCCP_PKT_RESPONSE:
 335                if (dp->dccps_role != DCCP_ROLE_CLIENT)
 336                        goto send_sync;
 337check_seq:
 338                if (dccp_delta_seqno(dp->dccps_osr,
 339                                     DCCP_SKB_CB(skb)->dccpd_seq) >= 0) {
 340send_sync:
 341                        dccp_send_sync(sk, DCCP_SKB_CB(skb)->dccpd_seq,
 342                                       DCCP_PKT_SYNC);
 343                }
 344                break;
 345        case DCCP_PKT_SYNC:
 346                dccp_send_sync(sk, DCCP_SKB_CB(skb)->dccpd_seq,
 347                               DCCP_PKT_SYNCACK);
 348                /*
 349                 * From RFC 4340, sec. 5.7
 350                 *
 351                 * As with DCCP-Ack packets, DCCP-Sync and DCCP-SyncAck packets
 352                 * MAY have non-zero-length application data areas, whose
 353                 * contents receivers MUST ignore.
 354                 */
 355                goto discard;
 356        }
 357
 358        DCCP_INC_STATS(DCCP_MIB_INERRS);
 359discard:
 360        __kfree_skb(skb);
 361        return 0;
 362}
 363
 364int dccp_rcv_established(struct sock *sk, struct sk_buff *skb,
 365                         const struct dccp_hdr *dh, const unsigned int len)
 366{
 367        if (dccp_check_seqno(sk, skb))
 368                goto discard;
 369
 370        if (dccp_parse_options(sk, NULL, skb))
 371                return 1;
 372
 373        dccp_handle_ackvec_processing(sk, skb);
 374        dccp_deliver_input_to_ccids(sk, skb);
 375
 376        return __dccp_rcv_established(sk, skb, dh, len);
 377discard:
 378        __kfree_skb(skb);
 379        return 0;
 380}
 381
 382EXPORT_SYMBOL_GPL(dccp_rcv_established);
 383
 384static int dccp_rcv_request_sent_state_process(struct sock *sk,
 385                                               struct sk_buff *skb,
 386                                               const struct dccp_hdr *dh,
 387                                               const unsigned int len)
 388{
 389        /*
 390         *  Step 4: Prepare sequence numbers in REQUEST
 391         *     If S.state == REQUEST,
 392         *        If (P.type == Response or P.type == Reset)
 393         *              and S.AWL <= P.ackno <= S.AWH,
 394         *           / * Set sequence number variables corresponding to the
 395         *              other endpoint, so P will pass the tests in Step 6 * /
 396         *           Set S.GSR, S.ISR, S.SWL, S.SWH
 397         *           / * Response processing continues in Step 10; Reset
 398         *              processing continues in Step 9 * /
 399        */
 400        if (dh->dccph_type == DCCP_PKT_RESPONSE) {
 401                const struct inet_connection_sock *icsk = inet_csk(sk);
 402                struct dccp_sock *dp = dccp_sk(sk);
 403                long tstamp = dccp_timestamp();
 404
 405                if (!between48(DCCP_SKB_CB(skb)->dccpd_ack_seq,
 406                               dp->dccps_awl, dp->dccps_awh)) {
 407                        dccp_pr_debug("invalid ackno: S.AWL=%llu, "
 408                                      "P.ackno=%llu, S.AWH=%llu\n",
 409                                      (unsigned long long)dp->dccps_awl,
 410                           (unsigned long long)DCCP_SKB_CB(skb)->dccpd_ack_seq,
 411                                      (unsigned long long)dp->dccps_awh);
 412                        goto out_invalid_packet;
 413                }
 414
 415                /*
 416                 * If option processing (Step 8) failed, return 1 here so that
 417                 * dccp_v4_do_rcv() sends a Reset. The Reset code depends on
 418                 * the option type and is set in dccp_parse_options().
 419                 */
 420                if (dccp_parse_options(sk, NULL, skb))
 421                        return 1;
 422
 423                /* Obtain usec RTT sample from SYN exchange (used by TFRC). */
 424                if (likely(dp->dccps_options_received.dccpor_timestamp_echo))
 425                        dp->dccps_syn_rtt = dccp_sample_rtt(sk, 10 * (tstamp -
 426                            dp->dccps_options_received.dccpor_timestamp_echo));
 427
 428                /* Stop the REQUEST timer */
 429                inet_csk_clear_xmit_timer(sk, ICSK_TIME_RETRANS);
 430                WARN_ON(sk->sk_send_head == NULL);
 431                kfree_skb(sk->sk_send_head);
 432                sk->sk_send_head = NULL;
 433
 434                /*
 435                 * Set ISR, GSR from packet. ISS was set in dccp_v{4,6}_connect
 436                 * and GSS in dccp_transmit_skb(). Setting AWL/AWH and SWL/SWH
 437                 * is done as part of activating the feature values below, since
 438                 * these settings depend on the local/remote Sequence Window
 439                 * features, which were undefined or not confirmed until now.
 440                 */
 441                dp->dccps_gsr = dp->dccps_isr = DCCP_SKB_CB(skb)->dccpd_seq;
 442
 443                dccp_sync_mss(sk, icsk->icsk_pmtu_cookie);
 444
 445                /*
 446                 *    Step 10: Process REQUEST state (second part)
 447                 *       If S.state == REQUEST,
 448                 *        / * If we get here, P is a valid Response from the
 449                 *            server (see Step 4), and we should move to
 450                 *            PARTOPEN state. PARTOPEN means send an Ack,
 451                 *            don't send Data packets, retransmit Acks
 452                 *            periodically, and always include any Init Cookie
 453                 *            from the Response * /
 454                 *        S.state := PARTOPEN
 455                 *        Set PARTOPEN timer
 456                 *        Continue with S.state == PARTOPEN
 457                 *        / * Step 12 will send the Ack completing the
 458                 *            three-way handshake * /
 459                 */
 460                dccp_set_state(sk, DCCP_PARTOPEN);
 461
 462                /*
 463                 * If feature negotiation was successful, activate features now;
 464                 * an activation failure means that this host could not activate
 465                 * one ore more features (e.g. insufficient memory), which would
 466                 * leave at least one feature in an undefined state.
 467                 */
 468                if (dccp_feat_activate_values(sk, &dp->dccps_featneg))
 469                        goto unable_to_proceed;
 470
 471                /* Make sure socket is routed, for correct metrics. */
 472                icsk->icsk_af_ops->rebuild_header(sk);
 473
 474                if (!sock_flag(sk, SOCK_DEAD)) {
 475                        sk->sk_state_change(sk);
 476                        sk_wake_async(sk, SOCK_WAKE_IO, POLL_OUT);
 477                }
 478
 479                if (sk->sk_write_pending || inet_csk_in_pingpong_mode(sk) ||
 480                    icsk->icsk_accept_queue.rskq_defer_accept) {
 481                        /* Save one ACK. Data will be ready after
 482                         * several ticks, if write_pending is set.
 483                         *
 484                         * It may be deleted, but with this feature tcpdumps
 485                         * look so _wonderfully_ clever, that I was not able
 486                         * to stand against the temptation 8)     --ANK
 487                         */
 488                        /*
 489                         * OK, in DCCP we can as well do a similar trick, its
 490                         * even in the draft, but there is no need for us to
 491                         * schedule an ack here, as dccp_sendmsg does this for
 492                         * us, also stated in the draft. -acme
 493                         */
 494                        __kfree_skb(skb);
 495                        return 0;
 496                }
 497                dccp_send_ack(sk);
 498                return -1;
 499        }
 500
 501out_invalid_packet:
 502        /* dccp_v4_do_rcv will send a reset */
 503        DCCP_SKB_CB(skb)->dccpd_reset_code = DCCP_RESET_CODE_PACKET_ERROR;
 504        return 1;
 505
 506unable_to_proceed:
 507        DCCP_SKB_CB(skb)->dccpd_reset_code = DCCP_RESET_CODE_ABORTED;
 508        /*
 509         * We mark this socket as no longer usable, so that the loop in
 510         * dccp_sendmsg() terminates and the application gets notified.
 511         */
 512        dccp_set_state(sk, DCCP_CLOSED);
 513        sk->sk_err = ECOMM;
 514        return 1;
 515}
 516
 517static int dccp_rcv_respond_partopen_state_process(struct sock *sk,
 518                                                   struct sk_buff *skb,
 519                                                   const struct dccp_hdr *dh,
 520                                                   const unsigned int len)
 521{
 522        struct dccp_sock *dp = dccp_sk(sk);
 523        u32 sample = dp->dccps_options_received.dccpor_timestamp_echo;
 524        int queued = 0;
 525
 526        switch (dh->dccph_type) {
 527        case DCCP_PKT_RESET:
 528                inet_csk_clear_xmit_timer(sk, ICSK_TIME_DACK);
 529                break;
 530        case DCCP_PKT_DATA:
 531                if (sk->sk_state == DCCP_RESPOND)
 532                        break;
 533                /* fall through */
 534        case DCCP_PKT_DATAACK:
 535        case DCCP_PKT_ACK:
 536                /*
 537                 * FIXME: we should be resetting the PARTOPEN (DELACK) timer
 538                 * here but only if we haven't used the DELACK timer for
 539                 * something else, like sending a delayed ack for a TIMESTAMP
 540                 * echo, etc, for now were not clearing it, sending an extra
 541                 * ACK when there is nothing else to do in DELACK is not a big
 542                 * deal after all.
 543                 */
 544
 545                /* Stop the PARTOPEN timer */
 546                if (sk->sk_state == DCCP_PARTOPEN)
 547                        inet_csk_clear_xmit_timer(sk, ICSK_TIME_DACK);
 548
 549                /* Obtain usec RTT sample from SYN exchange (used by TFRC). */
 550                if (likely(sample)) {
 551                        long delta = dccp_timestamp() - sample;
 552
 553                        dp->dccps_syn_rtt = dccp_sample_rtt(sk, 10 * delta);
 554                }
 555
 556                dp->dccps_osr = DCCP_SKB_CB(skb)->dccpd_seq;
 557                dccp_set_state(sk, DCCP_OPEN);
 558
 559                if (dh->dccph_type == DCCP_PKT_DATAACK ||
 560                    dh->dccph_type == DCCP_PKT_DATA) {
 561                        __dccp_rcv_established(sk, skb, dh, len);
 562                        queued = 1; /* packet was queued
 563                                       (by __dccp_rcv_established) */
 564                }
 565                break;
 566        }
 567
 568        return queued;
 569}
 570
 571int dccp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
 572                           struct dccp_hdr *dh, unsigned int len)
 573{
 574        struct dccp_sock *dp = dccp_sk(sk);
 575        struct dccp_skb_cb *dcb = DCCP_SKB_CB(skb);
 576        const int old_state = sk->sk_state;
 577        bool acceptable;
 578        int queued = 0;
 579
 580        /*
 581         *  Step 3: Process LISTEN state
 582         *
 583         *     If S.state == LISTEN,
 584         *       If P.type == Request or P contains a valid Init Cookie option,
 585         *            (* Must scan the packet's options to check for Init
 586         *               Cookies.  Only Init Cookies are processed here,
 587         *               however; other options are processed in Step 8.  This
 588         *               scan need only be performed if the endpoint uses Init
 589         *               Cookies *)
 590         *            (* Generate a new socket and switch to that socket *)
 591         *            Set S := new socket for this port pair
 592         *            S.state = RESPOND
 593         *            Choose S.ISS (initial seqno) or set from Init Cookies
 594         *            Initialize S.GAR := S.ISS
 595         *            Set S.ISR, S.GSR, S.SWL, S.SWH from packet or Init
 596         *            Cookies Continue with S.state == RESPOND
 597         *            (* A Response packet will be generated in Step 11 *)
 598         *       Otherwise,
 599         *            Generate Reset(No Connection) unless P.type == Reset
 600         *            Drop packet and return
 601         */
 602        if (sk->sk_state == DCCP_LISTEN) {
 603                if (dh->dccph_type == DCCP_PKT_REQUEST) {
 604                        /* It is possible that we process SYN packets from backlog,
 605                         * so we need to make sure to disable BH and RCU right there.
 606                         */
 607                        rcu_read_lock();
 608                        local_bh_disable();
 609                        acceptable = inet_csk(sk)->icsk_af_ops->conn_request(sk, skb) >= 0;
 610                        local_bh_enable();
 611                        rcu_read_unlock();
 612                        if (!acceptable)
 613                                return 1;
 614                        consume_skb(skb);
 615                        return 0;
 616                }
 617                if (dh->dccph_type == DCCP_PKT_RESET)
 618                        goto discard;
 619
 620                /* Caller (dccp_v4_do_rcv) will send Reset */
 621                dcb->dccpd_reset_code = DCCP_RESET_CODE_NO_CONNECTION;
 622                return 1;
 623        } else if (sk->sk_state == DCCP_CLOSED) {
 624                dcb->dccpd_reset_code = DCCP_RESET_CODE_NO_CONNECTION;
 625                return 1;
 626        }
 627
 628        /* Step 6: Check sequence numbers (omitted in LISTEN/REQUEST state) */
 629        if (sk->sk_state != DCCP_REQUESTING && dccp_check_seqno(sk, skb))
 630                goto discard;
 631
 632        /*
 633         *   Step 7: Check for unexpected packet types
 634         *      If (S.is_server and P.type == Response)
 635         *          or (S.is_client and P.type == Request)
 636         *          or (S.state == RESPOND and P.type == Data),
 637         *        Send Sync packet acknowledging P.seqno
 638         *        Drop packet and return
 639         */
 640        if ((dp->dccps_role != DCCP_ROLE_CLIENT &&
 641             dh->dccph_type == DCCP_PKT_RESPONSE) ||
 642            (dp->dccps_role == DCCP_ROLE_CLIENT &&
 643             dh->dccph_type == DCCP_PKT_REQUEST) ||
 644            (sk->sk_state == DCCP_RESPOND && dh->dccph_type == DCCP_PKT_DATA)) {
 645                dccp_send_sync(sk, dcb->dccpd_seq, DCCP_PKT_SYNC);
 646                goto discard;
 647        }
 648
 649        /*  Step 8: Process options */
 650        if (dccp_parse_options(sk, NULL, skb))
 651                return 1;
 652
 653        /*
 654         *  Step 9: Process Reset
 655         *      If P.type == Reset,
 656         *              Tear down connection
 657         *              S.state := TIMEWAIT
 658         *              Set TIMEWAIT timer
 659         *              Drop packet and return
 660         */
 661        if (dh->dccph_type == DCCP_PKT_RESET) {
 662                dccp_rcv_reset(sk, skb);
 663                return 0;
 664        } else if (dh->dccph_type == DCCP_PKT_CLOSEREQ) {       /* Step 13 */
 665                if (dccp_rcv_closereq(sk, skb))
 666                        return 0;
 667                goto discard;
 668        } else if (dh->dccph_type == DCCP_PKT_CLOSE) {          /* Step 14 */
 669                if (dccp_rcv_close(sk, skb))
 670                        return 0;
 671                goto discard;
 672        }
 673
 674        switch (sk->sk_state) {
 675        case DCCP_REQUESTING:
 676                queued = dccp_rcv_request_sent_state_process(sk, skb, dh, len);
 677                if (queued >= 0)
 678                        return queued;
 679
 680                __kfree_skb(skb);
 681                return 0;
 682
 683        case DCCP_PARTOPEN:
 684                /* Step 8: if using Ack Vectors, mark packet acknowledgeable */
 685                dccp_handle_ackvec_processing(sk, skb);
 686                dccp_deliver_input_to_ccids(sk, skb);
 687                /* fall through */
 688        case DCCP_RESPOND:
 689                queued = dccp_rcv_respond_partopen_state_process(sk, skb,
 690                                                                 dh, len);
 691                break;
 692        }
 693
 694        if (dh->dccph_type == DCCP_PKT_ACK ||
 695            dh->dccph_type == DCCP_PKT_DATAACK) {
 696                switch (old_state) {
 697                case DCCP_PARTOPEN:
 698                        sk->sk_state_change(sk);
 699                        sk_wake_async(sk, SOCK_WAKE_IO, POLL_OUT);
 700                        break;
 701                }
 702        } else if (unlikely(dh->dccph_type == DCCP_PKT_SYNC)) {
 703                dccp_send_sync(sk, dcb->dccpd_seq, DCCP_PKT_SYNCACK);
 704                goto discard;
 705        }
 706
 707        if (!queued) {
 708discard:
 709                __kfree_skb(skb);
 710        }
 711        return 0;
 712}
 713
 714EXPORT_SYMBOL_GPL(dccp_rcv_state_process);
 715
 716/**
 717 *  dccp_sample_rtt  -  Validate and finalise computation of RTT sample
 718 *  @delta:     number of microseconds between packet and acknowledgment
 719 *
 720 *  The routine is kept generic to work in different contexts. It should be
 721 *  called immediately when the ACK used for the RTT sample arrives.
 722 */
 723u32 dccp_sample_rtt(struct sock *sk, long delta)
 724{
 725        /* dccpor_elapsed_time is either zeroed out or set and > 0 */
 726        delta -= dccp_sk(sk)->dccps_options_received.dccpor_elapsed_time * 10;
 727
 728        if (unlikely(delta <= 0)) {
 729                DCCP_WARN("unusable RTT sample %ld, using min\n", delta);
 730                return DCCP_SANE_RTT_MIN;
 731        }
 732        if (unlikely(delta > DCCP_SANE_RTT_MAX)) {
 733                DCCP_WARN("RTT sample %ld too large, using max\n", delta);
 734                return DCCP_SANE_RTT_MAX;
 735        }
 736
 737        return delta;
 738}
 739