1 /*
2 * DCCP over IPv6
3 * Linux INET6 implementation
4 *
5 * Based on net/dccp6/ipv6.c
6 *
7 * Arnaldo Carvalho de Melo <acme@ghostprotocols.net>
8 *
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License
11 * as published by the Free Software Foundation; either version
12 * 2 of the License, or (at your option) any later version.
13 */
14
15 #include <linux/module.h>
16 #include <linux/random.h>
17 #include <linux/slab.h>
18 #include <linux/xfrm.h>
19
20 #include <net/addrconf.h>
21 #include <net/inet_common.h>
22 #include <net/inet_hashtables.h>
23 #include <net/inet_sock.h>
24 #include <net/inet6_connection_sock.h>
25 #include <net/inet6_hashtables.h>
26 #include <net/ip6_route.h>
27 #include <net/ipv6.h>
28 #include <net/protocol.h>
29 #include <net/transp_v6.h>
30 #include <net/ip6_checksum.h>
31 #include <net/xfrm.h>
32 #include <net/secure_seq.h>
33
34 #include "dccp.h"
35 #include "ipv6.h"
36 #include "feat.h"
37
38 /* The per-net dccp.v6_ctl_sk is used for sending RSTs and ACKs */
39
40 static const struct inet_connection_sock_af_ops dccp_ipv6_mapped;
41 static const struct inet_connection_sock_af_ops dccp_ipv6_af_ops;
42
dccp_v6_hash(struct sock * sk)43 static void dccp_v6_hash(struct sock *sk)
44 {
45 if (sk->sk_state != DCCP_CLOSED) {
46 if (inet_csk(sk)->icsk_af_ops == &dccp_ipv6_mapped) {
47 inet_hash(sk);
48 return;
49 }
50 local_bh_disable();
51 __inet6_hash(sk, NULL);
52 local_bh_enable();
53 }
54 }
55
56 /* add pseudo-header to DCCP checksum stored in skb->csum */
dccp_v6_csum_finish(struct sk_buff * skb,const struct in6_addr * saddr,const struct in6_addr * daddr)57 static inline __sum16 dccp_v6_csum_finish(struct sk_buff *skb,
58 const struct in6_addr *saddr,
59 const struct in6_addr *daddr)
60 {
61 return csum_ipv6_magic(saddr, daddr, skb->len, IPPROTO_DCCP, skb->csum);
62 }
63
dccp_v6_send_check(struct sock * sk,struct sk_buff * skb)64 static inline void dccp_v6_send_check(struct sock *sk, struct sk_buff *skb)
65 {
66 struct ipv6_pinfo *np = inet6_sk(sk);
67 struct dccp_hdr *dh = dccp_hdr(skb);
68
69 dccp_csum_outgoing(skb);
70 dh->dccph_checksum = dccp_v6_csum_finish(skb, &np->saddr, &sk->sk_v6_daddr);
71 }
72
dccp_v6_init_sequence(struct sk_buff * skb)73 static inline __u64 dccp_v6_init_sequence(struct sk_buff *skb)
74 {
75 return secure_dccpv6_sequence_number(ipv6_hdr(skb)->daddr.s6_addr32,
76 ipv6_hdr(skb)->saddr.s6_addr32,
77 dccp_hdr(skb)->dccph_dport,
78 dccp_hdr(skb)->dccph_sport );
79
80 }
81
dccp_v6_err(struct sk_buff * skb,struct inet6_skb_parm * opt,u8 type,u8 code,int offset,__be32 info)82 static void dccp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
83 u8 type, u8 code, int offset, __be32 info)
84 {
85 const struct ipv6hdr *hdr = (const struct ipv6hdr *)skb->data;
86 const struct dccp_hdr *dh = (struct dccp_hdr *)(skb->data + offset);
87 struct dccp_sock *dp;
88 struct ipv6_pinfo *np;
89 struct sock *sk;
90 int err;
91 __u64 seq;
92 struct net *net = dev_net(skb->dev);
93
94 if (skb->len < offset + sizeof(*dh) ||
95 skb->len < offset + __dccp_basic_hdr_len(dh)) {
96 ICMP6_INC_STATS_BH(net, __in6_dev_get(skb->dev),
97 ICMP6_MIB_INERRORS);
98 return;
99 }
100
101 sk = inet6_lookup(net, &dccp_hashinfo,
102 &hdr->daddr, dh->dccph_dport,
103 &hdr->saddr, dh->dccph_sport, inet6_iif(skb));
104
105 if (sk == NULL) {
106 ICMP6_INC_STATS_BH(net, __in6_dev_get(skb->dev),
107 ICMP6_MIB_INERRORS);
108 return;
109 }
110
111 if (sk->sk_state == DCCP_TIME_WAIT) {
112 inet_twsk_put(inet_twsk(sk));
113 return;
114 }
115
116 bh_lock_sock(sk);
117 if (sock_owned_by_user(sk))
118 NET_INC_STATS_BH(net, LINUX_MIB_LOCKDROPPEDICMPS);
119
120 if (sk->sk_state == DCCP_CLOSED)
121 goto out;
122
123 dp = dccp_sk(sk);
124 seq = dccp_hdr_seq(dh);
125 if ((1 << sk->sk_state) & ~(DCCPF_REQUESTING | DCCPF_LISTEN) &&
126 !between48(seq, dp->dccps_awl, dp->dccps_awh)) {
127 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
128 goto out;
129 }
130
131 np = inet6_sk(sk);
132
133 if (type == NDISC_REDIRECT) {
134 if (!sock_owned_by_user(sk)) {
135 struct dst_entry *dst = __sk_dst_check(sk, np->dst_cookie);
136
137 if (dst)
138 dst->ops->redirect(dst, sk, skb);
139 }
140 goto out;
141 }
142
143 if (type == ICMPV6_PKT_TOOBIG) {
144 struct dst_entry *dst = NULL;
145
146 if (!ip6_sk_accept_pmtu(sk))
147 goto out;
148
149 if (sock_owned_by_user(sk))
150 goto out;
151 if ((1 << sk->sk_state) & (DCCPF_LISTEN | DCCPF_CLOSED))
152 goto out;
153
154 dst = inet6_csk_update_pmtu(sk, ntohl(info));
155 if (!dst)
156 goto out;
157
158 if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst))
159 dccp_sync_mss(sk, dst_mtu(dst));
160 goto out;
161 }
162
163 icmpv6_err_convert(type, code, &err);
164
165 /* Might be for an request_sock */
166 switch (sk->sk_state) {
167 struct request_sock *req, **prev;
168 case DCCP_LISTEN:
169 if (sock_owned_by_user(sk))
170 goto out;
171
172 req = inet6_csk_search_req(sk, &prev, dh->dccph_dport,
173 &hdr->daddr, &hdr->saddr,
174 inet6_iif(skb));
175 if (req == NULL)
176 goto out;
177
178 /*
179 * ICMPs are not backlogged, hence we cannot get an established
180 * socket here.
181 */
182 WARN_ON(req->sk != NULL);
183
184 if (!between48(seq, dccp_rsk(req)->dreq_iss,
185 dccp_rsk(req)->dreq_gss)) {
186 NET_INC_STATS_BH(net, LINUX_MIB_OUTOFWINDOWICMPS);
187 goto out;
188 }
189
190 inet_csk_reqsk_queue_drop(sk, req, prev);
191 goto out;
192
193 case DCCP_REQUESTING:
194 case DCCP_RESPOND: /* Cannot happen.
195 It can, it SYNs are crossed. --ANK */
196 if (!sock_owned_by_user(sk)) {
197 DCCP_INC_STATS_BH(DCCP_MIB_ATTEMPTFAILS);
198 sk->sk_err = err;
199 /*
200 * Wake people up to see the error
201 * (see connect in sock.c)
202 */
203 sk->sk_error_report(sk);
204 dccp_done(sk);
205 } else
206 sk->sk_err_soft = err;
207 goto out;
208 }
209
210 if (!sock_owned_by_user(sk) && np->recverr) {
211 sk->sk_err = err;
212 sk->sk_error_report(sk);
213 } else
214 sk->sk_err_soft = err;
215
216 out:
217 bh_unlock_sock(sk);
218 sock_put(sk);
219 }
220
221
dccp_v6_send_response(struct sock * sk,struct request_sock * req)222 static int dccp_v6_send_response(struct sock *sk, struct request_sock *req)
223 {
224 struct inet_request_sock *ireq = inet_rsk(req);
225 struct ipv6_pinfo *np = inet6_sk(sk);
226 struct sk_buff *skb;
227 struct in6_addr *final_p, final;
228 struct flowi6 fl6;
229 int err = -1;
230 struct dst_entry *dst;
231
232 memset(&fl6, 0, sizeof(fl6));
233 fl6.flowi6_proto = IPPROTO_DCCP;
234 fl6.daddr = ireq->ir_v6_rmt_addr;
235 fl6.saddr = ireq->ir_v6_loc_addr;
236 fl6.flowlabel = 0;
237 fl6.flowi6_oif = ireq->ir_iif;
238 fl6.fl6_dport = ireq->ir_rmt_port;
239 fl6.fl6_sport = htons(ireq->ir_num);
240 security_req_classify_flow(req, flowi6_to_flowi(&fl6));
241
242
243 rcu_read_lock();
244 final_p = fl6_update_dst(&fl6, rcu_dereference(np->opt), &final);
245 rcu_read_unlock();
246
247 dst = ip6_dst_lookup_flow(sk, &fl6, final_p);
248 if (IS_ERR(dst)) {
249 err = PTR_ERR(dst);
250 dst = NULL;
251 goto done;
252 }
253
254 skb = dccp_make_response(sk, dst, req);
255 if (skb != NULL) {
256 struct dccp_hdr *dh = dccp_hdr(skb);
257
258 dh->dccph_checksum = dccp_v6_csum_finish(skb,
259 &ireq->ir_v6_loc_addr,
260 &ireq->ir_v6_rmt_addr);
261 fl6.daddr = ireq->ir_v6_rmt_addr;
262 rcu_read_lock();
263 err = ip6_xmit(sk, skb, &fl6, rcu_dereference(np->opt),
264 np->tclass);
265 rcu_read_unlock();
266 err = net_xmit_eval(err);
267 }
268
269 done:
270 dst_release(dst);
271 return err;
272 }
273
dccp_v6_reqsk_destructor(struct request_sock * req)274 static void dccp_v6_reqsk_destructor(struct request_sock *req)
275 {
276 dccp_feat_list_purge(&dccp_rsk(req)->dreq_featneg);
277 kfree_skb(inet_rsk(req)->pktopts);
278 }
279
dccp_v6_ctl_send_reset(struct sock * sk,struct sk_buff * rxskb)280 static void dccp_v6_ctl_send_reset(struct sock *sk, struct sk_buff *rxskb)
281 {
282 const struct ipv6hdr *rxip6h;
283 struct sk_buff *skb;
284 struct flowi6 fl6;
285 struct net *net = dev_net(skb_dst(rxskb)->dev);
286 struct sock *ctl_sk = net->dccp.v6_ctl_sk;
287 struct dst_entry *dst;
288
289 if (dccp_hdr(rxskb)->dccph_type == DCCP_PKT_RESET)
290 return;
291
292 if (!ipv6_unicast_destination(rxskb))
293 return;
294
295 skb = dccp_ctl_make_reset(ctl_sk, rxskb);
296 if (skb == NULL)
297 return;
298
299 rxip6h = ipv6_hdr(rxskb);
300 dccp_hdr(skb)->dccph_checksum = dccp_v6_csum_finish(skb, &rxip6h->saddr,
301 &rxip6h->daddr);
302
303 memset(&fl6, 0, sizeof(fl6));
304 fl6.daddr = rxip6h->saddr;
305 fl6.saddr = rxip6h->daddr;
306
307 fl6.flowi6_proto = IPPROTO_DCCP;
308 fl6.flowi6_oif = inet6_iif(rxskb);
309 fl6.fl6_dport = dccp_hdr(skb)->dccph_dport;
310 fl6.fl6_sport = dccp_hdr(skb)->dccph_sport;
311 security_skb_classify_flow(rxskb, flowi6_to_flowi(&fl6));
312
313 /* sk = NULL, but it is safe for now. RST socket required. */
314 dst = ip6_dst_lookup_flow(ctl_sk, &fl6, NULL);
315 if (!IS_ERR(dst)) {
316 skb_dst_set(skb, dst);
317 ip6_xmit(ctl_sk, skb, &fl6, NULL, 0);
318 DCCP_INC_STATS_BH(DCCP_MIB_OUTSEGS);
319 DCCP_INC_STATS_BH(DCCP_MIB_OUTRSTS);
320 return;
321 }
322
323 kfree_skb(skb);
324 }
325
326 static struct request_sock_ops dccp6_request_sock_ops = {
327 .family = AF_INET6,
328 .obj_size = sizeof(struct dccp6_request_sock),
329 .rtx_syn_ack = dccp_v6_send_response,
330 .send_ack = dccp_reqsk_send_ack,
331 .destructor = dccp_v6_reqsk_destructor,
332 .send_reset = dccp_v6_ctl_send_reset,
333 .syn_ack_timeout = dccp_syn_ack_timeout,
334 };
335
dccp_v6_hnd_req(struct sock * sk,struct sk_buff * skb)336 static struct sock *dccp_v6_hnd_req(struct sock *sk,struct sk_buff *skb)
337 {
338 const struct dccp_hdr *dh = dccp_hdr(skb);
339 const struct ipv6hdr *iph = ipv6_hdr(skb);
340 struct sock *nsk;
341 struct request_sock **prev;
342 /* Find possible connection requests. */
343 struct request_sock *req = inet6_csk_search_req(sk, &prev,
344 dh->dccph_sport,
345 &iph->saddr,
346 &iph->daddr,
347 inet6_iif(skb));
348 if (req != NULL)
349 return dccp_check_req(sk, skb, req, prev);
350
351 nsk = __inet6_lookup_established(sock_net(sk), &dccp_hashinfo,
352 &iph->saddr, dh->dccph_sport,
353 &iph->daddr, ntohs(dh->dccph_dport),
354 inet6_iif(skb));
355 if (nsk != NULL) {
356 if (nsk->sk_state != DCCP_TIME_WAIT) {
357 bh_lock_sock(nsk);
358 return nsk;
359 }
360 inet_twsk_put(inet_twsk(nsk));
361 return NULL;
362 }
363
364 return sk;
365 }
366
dccp_v6_conn_request(struct sock * sk,struct sk_buff * skb)367 static int dccp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
368 {
369 struct request_sock *req;
370 struct dccp_request_sock *dreq;
371 struct inet_request_sock *ireq;
372 struct ipv6_pinfo *np = inet6_sk(sk);
373 const __be32 service = dccp_hdr_request(skb)->dccph_req_service;
374 struct dccp_skb_cb *dcb = DCCP_SKB_CB(skb);
375
376 if (skb->protocol == htons(ETH_P_IP))
377 return dccp_v4_conn_request(sk, skb);
378
379 if (!ipv6_unicast_destination(skb))
380 return 0; /* discard, don't send a reset here */
381
382 if (dccp_bad_service_code(sk, service)) {
383 dcb->dccpd_reset_code = DCCP_RESET_CODE_BAD_SERVICE_CODE;
384 goto drop;
385 }
386 /*
387 * There are no SYN attacks on IPv6, yet...
388 */
389 dcb->dccpd_reset_code = DCCP_RESET_CODE_TOO_BUSY;
390 if (inet_csk_reqsk_queue_is_full(sk))
391 goto drop;
392
393 if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1)
394 goto drop;
395
396 req = inet_reqsk_alloc(&dccp6_request_sock_ops);
397 if (req == NULL)
398 goto drop;
399
400 if (dccp_reqsk_init(req, dccp_sk(sk), skb))
401 goto drop_and_free;
402
403 dreq = dccp_rsk(req);
404 if (dccp_parse_options(sk, dreq, skb))
405 goto drop_and_free;
406
407 if (security_inet_conn_request(sk, skb, req))
408 goto drop_and_free;
409
410 ireq = inet_rsk(req);
411 ireq->ir_v6_rmt_addr = ipv6_hdr(skb)->saddr;
412 ireq->ir_v6_loc_addr = ipv6_hdr(skb)->daddr;
413
414 if (ipv6_opt_accepted(sk, skb, IP6CB(skb)) ||
415 np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo ||
416 np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) {
417 atomic_inc(&skb->users);
418 ireq->pktopts = skb;
419 }
420 ireq->ir_iif = sk->sk_bound_dev_if;
421
422 /* So that link locals have meaning */
423 if (!sk->sk_bound_dev_if &&
424 ipv6_addr_type(&ireq->ir_v6_rmt_addr) & IPV6_ADDR_LINKLOCAL)
425 ireq->ir_iif = inet6_iif(skb);
426
427 /*
428 * Step 3: Process LISTEN state
429 *
430 * Set S.ISR, S.GSR, S.SWL, S.SWH from packet or Init Cookie
431 *
432 * Setting S.SWL/S.SWH to is deferred to dccp_create_openreq_child().
433 */
434 dreq->dreq_isr = dcb->dccpd_seq;
435 dreq->dreq_gsr = dreq->dreq_isr;
436 dreq->dreq_iss = dccp_v6_init_sequence(skb);
437 dreq->dreq_gss = dreq->dreq_iss;
438 dreq->dreq_service = service;
439
440 if (dccp_v6_send_response(sk, req))
441 goto drop_and_free;
442
443 inet6_csk_reqsk_queue_hash_add(sk, req, DCCP_TIMEOUT_INIT);
444 return 0;
445
446 drop_and_free:
447 reqsk_free(req);
448 drop:
449 DCCP_INC_STATS_BH(DCCP_MIB_ATTEMPTFAILS);
450 return -1;
451 }
452
dccp_v6_request_recv_sock(struct sock * sk,struct sk_buff * skb,struct request_sock * req,struct dst_entry * dst)453 static struct sock *dccp_v6_request_recv_sock(struct sock *sk,
454 struct sk_buff *skb,
455 struct request_sock *req,
456 struct dst_entry *dst)
457 {
458 struct inet_request_sock *ireq = inet_rsk(req);
459 struct ipv6_pinfo *newnp, *np = inet6_sk(sk);
460 struct ipv6_txoptions *opt;
461 struct inet_sock *newinet;
462 struct dccp6_sock *newdp6;
463 struct sock *newsk;
464
465 if (skb->protocol == htons(ETH_P_IP)) {
466 /*
467 * v6 mapped
468 */
469 newsk = dccp_v4_request_recv_sock(sk, skb, req, dst);
470 if (newsk == NULL)
471 return NULL;
472
473 newdp6 = (struct dccp6_sock *)newsk;
474 newinet = inet_sk(newsk);
475 newinet->pinet6 = &newdp6->inet6;
476 newnp = inet6_sk(newsk);
477
478 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
479
480 ipv6_addr_set_v4mapped(newinet->inet_daddr, &newsk->sk_v6_daddr);
481
482 ipv6_addr_set_v4mapped(newinet->inet_saddr, &newnp->saddr);
483
484 newsk->sk_v6_rcv_saddr = newnp->saddr;
485
486 inet_csk(newsk)->icsk_af_ops = &dccp_ipv6_mapped;
487 newsk->sk_backlog_rcv = dccp_v4_do_rcv;
488 newnp->pktoptions = NULL;
489 newnp->opt = NULL;
490 newnp->ipv6_mc_list = NULL;
491 newnp->ipv6_ac_list = NULL;
492 newnp->ipv6_fl_list = NULL;
493 newnp->mcast_oif = inet6_iif(skb);
494 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
495
496 /*
497 * No need to charge this sock to the relevant IPv6 refcnt debug socks count
498 * here, dccp_create_openreq_child now does this for us, see the comment in
499 * that function for the gory details. -acme
500 */
501
502 /* It is tricky place. Until this moment IPv4 tcp
503 worked with IPv6 icsk.icsk_af_ops.
504 Sync it now.
505 */
506 dccp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie);
507
508 return newsk;
509 }
510
511
512 if (sk_acceptq_is_full(sk))
513 goto out_overflow;
514
515 if (dst == NULL) {
516 struct in6_addr *final_p, final;
517 struct flowi6 fl6;
518
519 memset(&fl6, 0, sizeof(fl6));
520 fl6.flowi6_proto = IPPROTO_DCCP;
521 fl6.daddr = ireq->ir_v6_rmt_addr;
522 final_p = fl6_update_dst(&fl6, np->opt, &final);
523 fl6.saddr = ireq->ir_v6_loc_addr;
524 fl6.flowi6_oif = sk->sk_bound_dev_if;
525 fl6.fl6_dport = ireq->ir_rmt_port;
526 fl6.fl6_sport = htons(ireq->ir_num);
527 security_sk_classify_flow(sk, flowi6_to_flowi(&fl6));
528
529 dst = ip6_dst_lookup_flow(sk, &fl6, final_p);
530 if (IS_ERR(dst))
531 goto out;
532 }
533
534 newsk = dccp_create_openreq_child(sk, req, skb);
535 if (newsk == NULL)
536 goto out_nonewsk;
537
538 /*
539 * No need to charge this sock to the relevant IPv6 refcnt debug socks
540 * count here, dccp_create_openreq_child now does this for us, see the
541 * comment in that function for the gory details. -acme
542 */
543
544 __ip6_dst_store(newsk, dst, NULL, NULL);
545 newsk->sk_route_caps = dst->dev->features & ~(NETIF_F_IP_CSUM |
546 NETIF_F_TSO);
547 newdp6 = (struct dccp6_sock *)newsk;
548 newinet = inet_sk(newsk);
549 newinet->pinet6 = &newdp6->inet6;
550 newnp = inet6_sk(newsk);
551
552 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
553
554 newsk->sk_v6_daddr = ireq->ir_v6_rmt_addr;
555 newnp->saddr = ireq->ir_v6_loc_addr;
556 newsk->sk_v6_rcv_saddr = ireq->ir_v6_loc_addr;
557 newsk->sk_bound_dev_if = ireq->ir_iif;
558
559 /* Now IPv6 options...
560
561 First: no IPv4 options.
562 */
563 newinet->inet_opt = NULL;
564
565 /* Clone RX bits */
566 newnp->rxopt.all = np->rxopt.all;
567
568 newnp->ipv6_mc_list = NULL;
569 newnp->ipv6_ac_list = NULL;
570 newnp->ipv6_fl_list = NULL;
571
572 /* Clone pktoptions received with SYN */
573 newnp->pktoptions = NULL;
574 if (ireq->pktopts != NULL) {
575 newnp->pktoptions = skb_clone(ireq->pktopts, GFP_ATOMIC);
576 consume_skb(ireq->pktopts);
577 ireq->pktopts = NULL;
578 if (newnp->pktoptions)
579 skb_set_owner_r(newnp->pktoptions, newsk);
580 }
581 newnp->opt = NULL;
582 newnp->mcast_oif = inet6_iif(skb);
583 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
584
585 /*
586 * Clone native IPv6 options from listening socket (if any)
587 *
588 * Yes, keeping reference count would be much more clever, but we make
589 * one more one thing there: reattach optmem to newsk.
590 */
591 opt = rcu_dereference(np->opt);
592 if (opt) {
593 opt = ipv6_dup_options(newsk, opt);
594 RCU_INIT_POINTER(newnp->opt, opt);
595 }
596 inet_csk(newsk)->icsk_ext_hdr_len = 0;
597 if (opt)
598 inet_csk(newsk)->icsk_ext_hdr_len = opt->opt_nflen +
599 opt->opt_flen;
600
601 dccp_sync_mss(newsk, dst_mtu(dst));
602
603 newinet->inet_daddr = newinet->inet_saddr = LOOPBACK4_IPV6;
604 newinet->inet_rcv_saddr = LOOPBACK4_IPV6;
605
606 if (__inet_inherit_port(sk, newsk) < 0) {
607 inet_csk_prepare_forced_close(newsk);
608 dccp_done(newsk);
609 goto out;
610 }
611 __inet6_hash(newsk, NULL);
612
613 return newsk;
614
615 out_overflow:
616 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS);
617 out_nonewsk:
618 dst_release(dst);
619 out:
620 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS);
621 return NULL;
622 }
623
624 /* The socket must have it's spinlock held when we get
625 * here.
626 *
627 * We have a potential double-lock case here, so even when
628 * doing backlog processing we use the BH locking scheme.
629 * This is because we cannot sleep with the original spinlock
630 * held.
631 */
dccp_v6_do_rcv(struct sock * sk,struct sk_buff * skb)632 static int dccp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
633 {
634 struct ipv6_pinfo *np = inet6_sk(sk);
635 struct sk_buff *opt_skb = NULL;
636
637 /* Imagine: socket is IPv6. IPv4 packet arrives,
638 goes to IPv4 receive handler and backlogged.
639 From backlog it always goes here. Kerboom...
640 Fortunately, dccp_rcv_established and rcv_established
641 handle them correctly, but it is not case with
642 dccp_v6_hnd_req and dccp_v6_ctl_send_reset(). --ANK
643 */
644
645 if (skb->protocol == htons(ETH_P_IP))
646 return dccp_v4_do_rcv(sk, skb);
647
648 if (sk_filter(sk, skb))
649 goto discard;
650
651 /*
652 * socket locking is here for SMP purposes as backlog rcv is currently
653 * called with bh processing disabled.
654 */
655
656 /* Do Stevens' IPV6_PKTOPTIONS.
657
658 Yes, guys, it is the only place in our code, where we
659 may make it not affecting IPv4.
660 The rest of code is protocol independent,
661 and I do not like idea to uglify IPv4.
662
663 Actually, all the idea behind IPV6_PKTOPTIONS
664 looks not very well thought. For now we latch
665 options, received in the last packet, enqueued
666 by tcp. Feel free to propose better solution.
667 --ANK (980728)
668 */
669 if (np->rxopt.all)
670 /*
671 * FIXME: Add handling of IPV6_PKTOPTIONS skb. See the comments below
672 * (wrt ipv6_pktopions) and net/ipv6/tcp_ipv6.c for an example.
673 */
674 opt_skb = skb_clone(skb, GFP_ATOMIC);
675
676 if (sk->sk_state == DCCP_OPEN) { /* Fast path */
677 if (dccp_rcv_established(sk, skb, dccp_hdr(skb), skb->len))
678 goto reset;
679 if (opt_skb) {
680 /* XXX This is where we would goto ipv6_pktoptions. */
681 __kfree_skb(opt_skb);
682 }
683 return 0;
684 }
685
686 /*
687 * Step 3: Process LISTEN state
688 * If S.state == LISTEN,
689 * If P.type == Request or P contains a valid Init Cookie option,
690 * (* Must scan the packet's options to check for Init
691 * Cookies. Only Init Cookies are processed here,
692 * however; other options are processed in Step 8. This
693 * scan need only be performed if the endpoint uses Init
694 * Cookies *)
695 * (* Generate a new socket and switch to that socket *)
696 * Set S := new socket for this port pair
697 * S.state = RESPOND
698 * Choose S.ISS (initial seqno) or set from Init Cookies
699 * Initialize S.GAR := S.ISS
700 * Set S.ISR, S.GSR, S.SWL, S.SWH from packet or Init Cookies
701 * Continue with S.state == RESPOND
702 * (* A Response packet will be generated in Step 11 *)
703 * Otherwise,
704 * Generate Reset(No Connection) unless P.type == Reset
705 * Drop packet and return
706 *
707 * NOTE: the check for the packet types is done in
708 * dccp_rcv_state_process
709 */
710 if (sk->sk_state == DCCP_LISTEN) {
711 struct sock *nsk = dccp_v6_hnd_req(sk, skb);
712
713 if (nsk == NULL)
714 goto discard;
715 /*
716 * Queue it on the new socket if the new socket is active,
717 * otherwise we just shortcircuit this and continue with
718 * the new socket..
719 */
720 if (nsk != sk) {
721 if (dccp_child_process(sk, nsk, skb))
722 goto reset;
723 if (opt_skb != NULL)
724 __kfree_skb(opt_skb);
725 return 0;
726 }
727 }
728
729 if (dccp_rcv_state_process(sk, skb, dccp_hdr(skb), skb->len))
730 goto reset;
731 if (opt_skb) {
732 /* XXX This is where we would goto ipv6_pktoptions. */
733 __kfree_skb(opt_skb);
734 }
735 return 0;
736
737 reset:
738 dccp_v6_ctl_send_reset(sk, skb);
739 discard:
740 if (opt_skb != NULL)
741 __kfree_skb(opt_skb);
742 kfree_skb(skb);
743 return 0;
744 }
745
dccp_v6_rcv(struct sk_buff * skb)746 static int dccp_v6_rcv(struct sk_buff *skb)
747 {
748 const struct dccp_hdr *dh;
749 struct sock *sk;
750 int min_cov;
751
752 /* Step 1: Check header basics */
753
754 if (dccp_invalid_packet(skb))
755 goto discard_it;
756
757 /* Step 1: If header checksum is incorrect, drop packet and return. */
758 if (dccp_v6_csum_finish(skb, &ipv6_hdr(skb)->saddr,
759 &ipv6_hdr(skb)->daddr)) {
760 DCCP_WARN("dropped packet with invalid checksum\n");
761 goto discard_it;
762 }
763
764 dh = dccp_hdr(skb);
765
766 DCCP_SKB_CB(skb)->dccpd_seq = dccp_hdr_seq(dh);
767 DCCP_SKB_CB(skb)->dccpd_type = dh->dccph_type;
768
769 if (dccp_packet_without_ack(skb))
770 DCCP_SKB_CB(skb)->dccpd_ack_seq = DCCP_PKT_WITHOUT_ACK_SEQ;
771 else
772 DCCP_SKB_CB(skb)->dccpd_ack_seq = dccp_hdr_ack_seq(skb);
773
774 /* Step 2:
775 * Look up flow ID in table and get corresponding socket */
776 sk = __inet6_lookup_skb(&dccp_hashinfo, skb,
777 dh->dccph_sport, dh->dccph_dport,
778 inet6_iif(skb));
779 /*
780 * Step 2:
781 * If no socket ...
782 */
783 if (sk == NULL) {
784 dccp_pr_debug("failed to look up flow ID in table and "
785 "get corresponding socket\n");
786 goto no_dccp_socket;
787 }
788
789 /*
790 * Step 2:
791 * ... or S.state == TIMEWAIT,
792 * Generate Reset(No Connection) unless P.type == Reset
793 * Drop packet and return
794 */
795 if (sk->sk_state == DCCP_TIME_WAIT) {
796 dccp_pr_debug("sk->sk_state == DCCP_TIME_WAIT: do_time_wait\n");
797 inet_twsk_put(inet_twsk(sk));
798 goto no_dccp_socket;
799 }
800
801 /*
802 * RFC 4340, sec. 9.2.1: Minimum Checksum Coverage
803 * o if MinCsCov = 0, only packets with CsCov = 0 are accepted
804 * o if MinCsCov > 0, also accept packets with CsCov >= MinCsCov
805 */
806 min_cov = dccp_sk(sk)->dccps_pcrlen;
807 if (dh->dccph_cscov && (min_cov == 0 || dh->dccph_cscov < min_cov)) {
808 dccp_pr_debug("Packet CsCov %d does not satisfy MinCsCov %d\n",
809 dh->dccph_cscov, min_cov);
810 /* FIXME: send Data Dropped option (see also dccp_v4_rcv) */
811 goto discard_and_relse;
812 }
813
814 if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb))
815 goto discard_and_relse;
816
817 return sk_receive_skb(sk, skb, 1) ? -1 : 0;
818
819 no_dccp_socket:
820 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb))
821 goto discard_it;
822 /*
823 * Step 2:
824 * If no socket ...
825 * Generate Reset(No Connection) unless P.type == Reset
826 * Drop packet and return
827 */
828 if (dh->dccph_type != DCCP_PKT_RESET) {
829 DCCP_SKB_CB(skb)->dccpd_reset_code =
830 DCCP_RESET_CODE_NO_CONNECTION;
831 dccp_v6_ctl_send_reset(sk, skb);
832 }
833
834 discard_it:
835 kfree_skb(skb);
836 return 0;
837
838 discard_and_relse:
839 sock_put(sk);
840 goto discard_it;
841 }
842
dccp_v6_connect(struct sock * sk,struct sockaddr * uaddr,int addr_len)843 static int dccp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
844 int addr_len)
845 {
846 struct sockaddr_in6 *usin = (struct sockaddr_in6 *)uaddr;
847 struct inet_connection_sock *icsk = inet_csk(sk);
848 struct inet_sock *inet = inet_sk(sk);
849 struct ipv6_pinfo *np = inet6_sk(sk);
850 struct dccp_sock *dp = dccp_sk(sk);
851 struct in6_addr *saddr = NULL, *final_p, final;
852 struct ipv6_txoptions *opt;
853 struct flowi6 fl6;
854 struct dst_entry *dst;
855 int addr_type;
856 int err;
857
858 dp->dccps_role = DCCP_ROLE_CLIENT;
859
860 if (addr_len < SIN6_LEN_RFC2133)
861 return -EINVAL;
862
863 if (usin->sin6_family != AF_INET6)
864 return -EAFNOSUPPORT;
865
866 memset(&fl6, 0, sizeof(fl6));
867
868 if (np->sndflow) {
869 fl6.flowlabel = usin->sin6_flowinfo & IPV6_FLOWINFO_MASK;
870 IP6_ECN_flow_init(fl6.flowlabel);
871 if (fl6.flowlabel & IPV6_FLOWLABEL_MASK) {
872 struct ip6_flowlabel *flowlabel;
873 flowlabel = fl6_sock_lookup(sk, fl6.flowlabel);
874 if (flowlabel == NULL)
875 return -EINVAL;
876 fl6_sock_release(flowlabel);
877 }
878 }
879 /*
880 * connect() to INADDR_ANY means loopback (BSD'ism).
881 */
882 if (ipv6_addr_any(&usin->sin6_addr))
883 usin->sin6_addr.s6_addr[15] = 1;
884
885 addr_type = ipv6_addr_type(&usin->sin6_addr);
886
887 if (addr_type & IPV6_ADDR_MULTICAST)
888 return -ENETUNREACH;
889
890 if (addr_type & IPV6_ADDR_LINKLOCAL) {
891 if (addr_len >= sizeof(struct sockaddr_in6) &&
892 usin->sin6_scope_id) {
893 /* If interface is set while binding, indices
894 * must coincide.
895 */
896 if (sk->sk_bound_dev_if &&
897 sk->sk_bound_dev_if != usin->sin6_scope_id)
898 return -EINVAL;
899
900 sk->sk_bound_dev_if = usin->sin6_scope_id;
901 }
902
903 /* Connect to link-local address requires an interface */
904 if (!sk->sk_bound_dev_if)
905 return -EINVAL;
906 }
907
908 sk->sk_v6_daddr = usin->sin6_addr;
909 np->flow_label = fl6.flowlabel;
910
911 /*
912 * DCCP over IPv4
913 */
914 if (addr_type == IPV6_ADDR_MAPPED) {
915 u32 exthdrlen = icsk->icsk_ext_hdr_len;
916 struct sockaddr_in sin;
917
918 SOCK_DEBUG(sk, "connect: ipv4 mapped\n");
919
920 if (__ipv6_only_sock(sk))
921 return -ENETUNREACH;
922
923 sin.sin_family = AF_INET;
924 sin.sin_port = usin->sin6_port;
925 sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3];
926
927 icsk->icsk_af_ops = &dccp_ipv6_mapped;
928 sk->sk_backlog_rcv = dccp_v4_do_rcv;
929
930 err = dccp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin));
931 if (err) {
932 icsk->icsk_ext_hdr_len = exthdrlen;
933 icsk->icsk_af_ops = &dccp_ipv6_af_ops;
934 sk->sk_backlog_rcv = dccp_v6_do_rcv;
935 goto failure;
936 }
937 ipv6_addr_set_v4mapped(inet->inet_saddr, &np->saddr);
938 ipv6_addr_set_v4mapped(inet->inet_rcv_saddr, &sk->sk_v6_rcv_saddr);
939
940 return err;
941 }
942
943 if (!ipv6_addr_any(&sk->sk_v6_rcv_saddr))
944 saddr = &sk->sk_v6_rcv_saddr;
945
946 fl6.flowi6_proto = IPPROTO_DCCP;
947 fl6.daddr = sk->sk_v6_daddr;
948 fl6.saddr = saddr ? *saddr : np->saddr;
949 fl6.flowi6_oif = sk->sk_bound_dev_if;
950 fl6.fl6_dport = usin->sin6_port;
951 fl6.fl6_sport = inet->inet_sport;
952 security_sk_classify_flow(sk, flowi6_to_flowi(&fl6));
953
954 opt = rcu_dereference_protected(np->opt, sock_owned_by_user(sk));
955 final_p = fl6_update_dst(&fl6, opt, &final);
956
957 dst = ip6_dst_lookup_flow(sk, &fl6, final_p);
958 if (IS_ERR(dst)) {
959 err = PTR_ERR(dst);
960 goto failure;
961 }
962
963 if (saddr == NULL) {
964 saddr = &fl6.saddr;
965 sk->sk_v6_rcv_saddr = *saddr;
966 }
967
968 /* set the source address */
969 np->saddr = *saddr;
970 inet->inet_rcv_saddr = LOOPBACK4_IPV6;
971
972 __ip6_dst_store(sk, dst, NULL, NULL);
973
974 icsk->icsk_ext_hdr_len = 0;
975 if (opt)
976 icsk->icsk_ext_hdr_len = opt->opt_flen + opt->opt_nflen;
977
978 inet->inet_dport = usin->sin6_port;
979
980 dccp_set_state(sk, DCCP_REQUESTING);
981 err = inet6_hash_connect(&dccp_death_row, sk);
982 if (err)
983 goto late_failure;
984
985 dp->dccps_iss = secure_dccpv6_sequence_number(np->saddr.s6_addr32,
986 sk->sk_v6_daddr.s6_addr32,
987 inet->inet_sport,
988 inet->inet_dport);
989 err = dccp_connect(sk);
990 if (err)
991 goto late_failure;
992
993 return 0;
994
995 late_failure:
996 dccp_set_state(sk, DCCP_CLOSED);
997 __sk_dst_reset(sk);
998 failure:
999 inet->inet_dport = 0;
1000 sk->sk_route_caps = 0;
1001 return err;
1002 }
1003
1004 static const struct inet_connection_sock_af_ops dccp_ipv6_af_ops = {
1005 .queue_xmit = inet6_csk_xmit,
1006 .send_check = dccp_v6_send_check,
1007 .rebuild_header = inet6_sk_rebuild_header,
1008 .conn_request = dccp_v6_conn_request,
1009 .syn_recv_sock = dccp_v6_request_recv_sock,
1010 .net_header_len = sizeof(struct ipv6hdr),
1011 .setsockopt = ipv6_setsockopt,
1012 .getsockopt = ipv6_getsockopt,
1013 .addr2sockaddr = inet6_csk_addr2sockaddr,
1014 .sockaddr_len = sizeof(struct sockaddr_in6),
1015 .bind_conflict = inet6_csk_bind_conflict,
1016 #ifdef CONFIG_COMPAT
1017 .compat_setsockopt = compat_ipv6_setsockopt,
1018 .compat_getsockopt = compat_ipv6_getsockopt,
1019 #endif
1020 };
1021
1022 /*
1023 * DCCP over IPv4 via INET6 API
1024 */
1025 static const struct inet_connection_sock_af_ops dccp_ipv6_mapped = {
1026 .queue_xmit = ip_queue_xmit,
1027 .send_check = dccp_v4_send_check,
1028 .rebuild_header = inet_sk_rebuild_header,
1029 .conn_request = dccp_v6_conn_request,
1030 .syn_recv_sock = dccp_v6_request_recv_sock,
1031 .net_header_len = sizeof(struct iphdr),
1032 .setsockopt = ipv6_setsockopt,
1033 .getsockopt = ipv6_getsockopt,
1034 .addr2sockaddr = inet6_csk_addr2sockaddr,
1035 .sockaddr_len = sizeof(struct sockaddr_in6),
1036 #ifdef CONFIG_COMPAT
1037 .compat_setsockopt = compat_ipv6_setsockopt,
1038 .compat_getsockopt = compat_ipv6_getsockopt,
1039 #endif
1040 };
1041
1042 /* NOTE: A lot of things set to zero explicitly by call to
1043 * sk_alloc() so need not be done here.
1044 */
dccp_v6_init_sock(struct sock * sk)1045 static int dccp_v6_init_sock(struct sock *sk)
1046 {
1047 static __u8 dccp_v6_ctl_sock_initialized;
1048 int err = dccp_init_sock(sk, dccp_v6_ctl_sock_initialized);
1049
1050 if (err == 0) {
1051 if (unlikely(!dccp_v6_ctl_sock_initialized))
1052 dccp_v6_ctl_sock_initialized = 1;
1053 inet_csk(sk)->icsk_af_ops = &dccp_ipv6_af_ops;
1054 }
1055
1056 return err;
1057 }
1058
dccp_v6_destroy_sock(struct sock * sk)1059 static void dccp_v6_destroy_sock(struct sock *sk)
1060 {
1061 dccp_destroy_sock(sk);
1062 inet6_destroy_sock(sk);
1063 }
1064
1065 static struct timewait_sock_ops dccp6_timewait_sock_ops = {
1066 .twsk_obj_size = sizeof(struct dccp6_timewait_sock),
1067 };
1068
1069 static struct proto dccp_v6_prot = {
1070 .name = "DCCPv6",
1071 .owner = THIS_MODULE,
1072 .close = dccp_close,
1073 .connect = dccp_v6_connect,
1074 .disconnect = dccp_disconnect,
1075 .ioctl = dccp_ioctl,
1076 .init = dccp_v6_init_sock,
1077 .setsockopt = dccp_setsockopt,
1078 .getsockopt = dccp_getsockopt,
1079 .sendmsg = dccp_sendmsg,
1080 .recvmsg = dccp_recvmsg,
1081 .backlog_rcv = dccp_v6_do_rcv,
1082 .hash = dccp_v6_hash,
1083 .unhash = inet_unhash,
1084 .accept = inet_csk_accept,
1085 .get_port = inet_csk_get_port,
1086 .shutdown = dccp_shutdown,
1087 .destroy = dccp_v6_destroy_sock,
1088 .orphan_count = &dccp_orphan_count,
1089 .max_header = MAX_DCCP_HEADER,
1090 .obj_size = sizeof(struct dccp6_sock),
1091 .slab_flags = SLAB_DESTROY_BY_RCU,
1092 .rsk_prot = &dccp6_request_sock_ops,
1093 .twsk_prot = &dccp6_timewait_sock_ops,
1094 .h.hashinfo = &dccp_hashinfo,
1095 #ifdef CONFIG_COMPAT
1096 .compat_setsockopt = compat_dccp_setsockopt,
1097 .compat_getsockopt = compat_dccp_getsockopt,
1098 #endif
1099 };
1100
1101 static const struct inet6_protocol dccp_v6_protocol = {
1102 .handler = dccp_v6_rcv,
1103 .err_handler = dccp_v6_err,
1104 .flags = INET6_PROTO_NOPOLICY | INET6_PROTO_FINAL,
1105 };
1106
1107 static const struct proto_ops inet6_dccp_ops = {
1108 .family = PF_INET6,
1109 .owner = THIS_MODULE,
1110 .release = inet6_release,
1111 .bind = inet6_bind,
1112 .connect = inet_stream_connect,
1113 .socketpair = sock_no_socketpair,
1114 .accept = inet_accept,
1115 .getname = inet6_getname,
1116 .poll = dccp_poll,
1117 .ioctl = inet6_ioctl,
1118 .listen = inet_dccp_listen,
1119 .shutdown = inet_shutdown,
1120 .setsockopt = sock_common_setsockopt,
1121 .getsockopt = sock_common_getsockopt,
1122 .sendmsg = inet_sendmsg,
1123 .recvmsg = sock_common_recvmsg,
1124 .mmap = sock_no_mmap,
1125 .sendpage = sock_no_sendpage,
1126 #ifdef CONFIG_COMPAT
1127 .compat_setsockopt = compat_sock_common_setsockopt,
1128 .compat_getsockopt = compat_sock_common_getsockopt,
1129 #endif
1130 };
1131
1132 static struct inet_protosw dccp_v6_protosw = {
1133 .type = SOCK_DCCP,
1134 .protocol = IPPROTO_DCCP,
1135 .prot = &dccp_v6_prot,
1136 .ops = &inet6_dccp_ops,
1137 .flags = INET_PROTOSW_ICSK,
1138 };
1139
dccp_v6_init_net(struct net * net)1140 static int __net_init dccp_v6_init_net(struct net *net)
1141 {
1142 if (dccp_hashinfo.bhash == NULL)
1143 return -ESOCKTNOSUPPORT;
1144
1145 return inet_ctl_sock_create(&net->dccp.v6_ctl_sk, PF_INET6,
1146 SOCK_DCCP, IPPROTO_DCCP, net);
1147 }
1148
dccp_v6_exit_net(struct net * net)1149 static void __net_exit dccp_v6_exit_net(struct net *net)
1150 {
1151 inet_ctl_sock_destroy(net->dccp.v6_ctl_sk);
1152 }
1153
1154 static struct pernet_operations dccp_v6_ops = {
1155 .init = dccp_v6_init_net,
1156 .exit = dccp_v6_exit_net,
1157 };
1158
dccp_v6_init(void)1159 static int __init dccp_v6_init(void)
1160 {
1161 int err = proto_register(&dccp_v6_prot, 1);
1162
1163 if (err != 0)
1164 goto out;
1165
1166 err = inet6_add_protocol(&dccp_v6_protocol, IPPROTO_DCCP);
1167 if (err != 0)
1168 goto out_unregister_proto;
1169
1170 inet6_register_protosw(&dccp_v6_protosw);
1171
1172 err = register_pernet_subsys(&dccp_v6_ops);
1173 if (err != 0)
1174 goto out_destroy_ctl_sock;
1175 out:
1176 return err;
1177
1178 out_destroy_ctl_sock:
1179 inet6_del_protocol(&dccp_v6_protocol, IPPROTO_DCCP);
1180 inet6_unregister_protosw(&dccp_v6_protosw);
1181 out_unregister_proto:
1182 proto_unregister(&dccp_v6_prot);
1183 goto out;
1184 }
1185
dccp_v6_exit(void)1186 static void __exit dccp_v6_exit(void)
1187 {
1188 unregister_pernet_subsys(&dccp_v6_ops);
1189 inet6_del_protocol(&dccp_v6_protocol, IPPROTO_DCCP);
1190 inet6_unregister_protosw(&dccp_v6_protosw);
1191 proto_unregister(&dccp_v6_prot);
1192 }
1193
1194 module_init(dccp_v6_init);
1195 module_exit(dccp_v6_exit);
1196
1197 /*
1198 * __stringify doesn't likes enums, so use SOCK_DCCP (6) and IPPROTO_DCCP (33)
1199 * values directly, Also cover the case where the protocol is not specified,
1200 * i.e. net-pf-PF_INET6-proto-0-type-SOCK_DCCP
1201 */
1202 MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_INET6, 33, 6);
1203 MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_INET6, 0, 6);
1204 MODULE_LICENSE("GPL");
1205 MODULE_AUTHOR("Arnaldo Carvalho de Melo <acme@mandriva.com>");
1206 MODULE_DESCRIPTION("DCCPv6 - Datagram Congestion Controlled Protocol");
1207