1// SPDX-License-Identifier: GPL-2.0-or-later 2/* 3 * DCCP over IPv6 4 * Linux INET6 implementation 5 * 6 * Based on net/dccp6/ipv6.c 7 * 8 * Arnaldo Carvalho de Melo <acme@ghostprotocols.net> 9 */ 10 11#include <linux/module.h> 12#include <linux/random.h> 13#include <linux/slab.h> 14#include <linux/xfrm.h> 15#include <linux/string.h> 16 17#include <net/addrconf.h> 18#include <net/inet_common.h> 19#include <net/inet_hashtables.h> 20#include <net/inet_sock.h> 21#include <net/inet6_connection_sock.h> 22#include <net/inet6_hashtables.h> 23#include <net/ip6_route.h> 24#include <net/ipv6.h> 25#include <net/protocol.h> 26#include <net/transp_v6.h> 27#include <net/ip6_checksum.h> 28#include <net/xfrm.h> 29#include <net/secure_seq.h> 30#include <net/sock.h> 31 32#include "dccp.h" 33#include "ipv6.h" 34#include "feat.h" 35 36/* The per-net dccp.v6_ctl_sk is used for sending RSTs and ACKs */ 37 38static const struct inet_connection_sock_af_ops dccp_ipv6_mapped; 39static const struct inet_connection_sock_af_ops dccp_ipv6_af_ops; 40 41/* add pseudo-header to DCCP checksum stored in skb->csum */ 42static inline __sum16 dccp_v6_csum_finish(struct sk_buff *skb, 43 const struct in6_addr *saddr, 44 const struct in6_addr *daddr) 45{ 46 return csum_ipv6_magic(saddr, daddr, skb->len, IPPROTO_DCCP, skb->csum); 47} 48 49static inline void dccp_v6_send_check(struct sock *sk, struct sk_buff *skb) 50{ 51 struct ipv6_pinfo *np = inet6_sk(sk); 52 struct dccp_hdr *dh = dccp_hdr(skb); 53 54 dccp_csum_outgoing(skb); 55 dh->dccph_checksum = dccp_v6_csum_finish(skb, &np->saddr, &sk->sk_v6_daddr); 56} 57 58static inline __u64 dccp_v6_init_sequence(struct sk_buff *skb) 59{ 60 return secure_dccpv6_sequence_number(ipv6_hdr(skb)->daddr.s6_addr32, 61 ipv6_hdr(skb)->saddr.s6_addr32, 62 dccp_hdr(skb)->dccph_dport, 63 dccp_hdr(skb)->dccph_sport ); 64 65} 66 67static int dccp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, 68 u8 type, u8 code, int offset, __be32 info) 69{ 70 const struct ipv6hdr *hdr; 71 const struct dccp_hdr *dh; 72 struct dccp_sock *dp; 73 struct ipv6_pinfo *np; 74 struct sock *sk; 75 int err; 76 __u64 seq; 77 struct net *net = dev_net(skb->dev); 78 79 if (!pskb_may_pull(skb, offset + sizeof(*dh))) 80 return -EINVAL; 81 dh = (struct dccp_hdr *)(skb->data + offset); 82 if (!pskb_may_pull(skb, offset + __dccp_basic_hdr_len(dh))) 83 return -EINVAL; 84 hdr = (const struct ipv6hdr *)skb->data; 85 dh = (struct dccp_hdr *)(skb->data + offset); 86 87 sk = __inet6_lookup_established(net, &dccp_hashinfo, 88 &hdr->daddr, dh->dccph_dport, 89 &hdr->saddr, ntohs(dh->dccph_sport), 90 inet6_iif(skb), 0); 91 92 if (!sk) { 93 __ICMP6_INC_STATS(net, __in6_dev_get(skb->dev), 94 ICMP6_MIB_INERRORS); 95 return -ENOENT; 96 } 97 98 if (sk->sk_state == DCCP_TIME_WAIT) { 99 inet_twsk_put(inet_twsk(sk)); 100 return 0; 101 } 102 seq = dccp_hdr_seq(dh); 103 if (sk->sk_state == DCCP_NEW_SYN_RECV) { 104 dccp_req_err(sk, seq); 105 return 0; 106 } 107 108 bh_lock_sock(sk); 109 if (sock_owned_by_user(sk)) 110 __NET_INC_STATS(net, LINUX_MIB_LOCKDROPPEDICMPS); 111 112 if (sk->sk_state == DCCP_CLOSED) 113 goto out; 114 115 dp = dccp_sk(sk); 116 if ((1 << sk->sk_state) & ~(DCCPF_REQUESTING | DCCPF_LISTEN) && 117 !between48(seq, dp->dccps_awl, dp->dccps_awh)) { 118 __NET_INC_STATS(net, LINUX_MIB_OUTOFWINDOWICMPS); 119 goto out; 120 } 121 122 np = inet6_sk(sk); 123 124 if (type == NDISC_REDIRECT) { 125 if (!sock_owned_by_user(sk)) { 126 struct dst_entry *dst = __sk_dst_check(sk, np->dst_cookie); 127 128 if (dst) 129 dst->ops->redirect(dst, sk, skb); 130 } 131 goto out; 132 } 133 134 if (type == ICMPV6_PKT_TOOBIG) { 135 struct dst_entry *dst = NULL; 136 137 if (!ip6_sk_accept_pmtu(sk)) 138 goto out; 139 140 if (sock_owned_by_user(sk)) 141 goto out; 142 if ((1 << sk->sk_state) & (DCCPF_LISTEN | DCCPF_CLOSED)) 143 goto out; 144 145 dst = inet6_csk_update_pmtu(sk, ntohl(info)); 146 if (!dst) 147 goto out; 148 149 if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) 150 dccp_sync_mss(sk, dst_mtu(dst)); 151 goto out; 152 } 153 154 icmpv6_err_convert(type, code, &err); 155 156 /* Might be for an request_sock */ 157 switch (sk->sk_state) { 158 case DCCP_REQUESTING: 159 case DCCP_RESPOND: /* Cannot happen. 160 It can, it SYNs are crossed. --ANK */ 161 if (!sock_owned_by_user(sk)) { 162 __DCCP_INC_STATS(DCCP_MIB_ATTEMPTFAILS); 163 sk->sk_err = err; 164 /* 165 * Wake people up to see the error 166 * (see connect in sock.c) 167 */ 168 sk->sk_error_report(sk); 169 dccp_done(sk); 170 } else 171 sk->sk_err_soft = err; 172 goto out; 173 } 174 175 if (!sock_owned_by_user(sk) && np->recverr) { 176 sk->sk_err = err; 177 sk->sk_error_report(sk); 178 } else 179 sk->sk_err_soft = err; 180 181out: 182 bh_unlock_sock(sk); 183 sock_put(sk); 184 return 0; 185} 186 187 188static int dccp_v6_send_response(const struct sock *sk, struct request_sock *req) 189{ 190 struct inet_request_sock *ireq = inet_rsk(req); 191 struct ipv6_pinfo *np = inet6_sk(sk); 192 struct sk_buff *skb; 193 struct in6_addr *final_p, final; 194 struct flowi6 fl6; 195 int err = -1; 196 struct dst_entry *dst; 197 198 memset(&fl6, 0, sizeof(fl6)); 199 fl6.flowi6_proto = IPPROTO_DCCP; 200 fl6.daddr = ireq->ir_v6_rmt_addr; 201 fl6.saddr = ireq->ir_v6_loc_addr; 202 fl6.flowlabel = 0; 203 fl6.flowi6_oif = ireq->ir_iif; 204 fl6.fl6_dport = ireq->ir_rmt_port; 205 fl6.fl6_sport = htons(ireq->ir_num); 206 security_req_classify_flow(req, flowi6_to_flowi_common(&fl6)); 207 208 209 rcu_read_lock(); 210 final_p = fl6_update_dst(&fl6, rcu_dereference(np->opt), &final); 211 rcu_read_unlock(); 212 213 dst = ip6_dst_lookup_flow(sock_net(sk), sk, &fl6, final_p); 214 if (IS_ERR(dst)) { 215 err = PTR_ERR(dst); 216 dst = NULL; 217 goto done; 218 } 219 220 skb = dccp_make_response(sk, dst, req); 221 if (skb != NULL) { 222 struct dccp_hdr *dh = dccp_hdr(skb); 223 struct ipv6_txoptions *opt; 224 225 dh->dccph_checksum = dccp_v6_csum_finish(skb, 226 &ireq->ir_v6_loc_addr, 227 &ireq->ir_v6_rmt_addr); 228 fl6.daddr = ireq->ir_v6_rmt_addr; 229 rcu_read_lock(); 230 opt = ireq->ipv6_opt; 231 if (!opt) 232 opt = rcu_dereference(np->opt); 233 err = ip6_xmit(sk, skb, &fl6, sk->sk_mark, opt, np->tclass, 234 sk->sk_priority); 235 rcu_read_unlock(); 236 err = net_xmit_eval(err); 237 } 238 239done: 240 dst_release(dst); 241 return err; 242} 243 244static void dccp_v6_reqsk_destructor(struct request_sock *req) 245{ 246 dccp_feat_list_purge(&dccp_rsk(req)->dreq_featneg); 247 kfree(inet_rsk(req)->ipv6_opt); 248 kfree_skb(inet_rsk(req)->pktopts); 249} 250 251static void dccp_v6_ctl_send_reset(const struct sock *sk, struct sk_buff *rxskb) 252{ 253 const struct ipv6hdr *rxip6h; 254 struct sk_buff *skb; 255 struct flowi6 fl6; 256 struct net *net = dev_net(skb_dst(rxskb)->dev); 257 struct sock *ctl_sk = net->dccp.v6_ctl_sk; 258 struct dst_entry *dst; 259 260 if (dccp_hdr(rxskb)->dccph_type == DCCP_PKT_RESET) 261 return; 262 263 if (!ipv6_unicast_destination(rxskb)) 264 return; 265 266 skb = dccp_ctl_make_reset(ctl_sk, rxskb); 267 if (skb == NULL) 268 return; 269 270 rxip6h = ipv6_hdr(rxskb); 271 dccp_hdr(skb)->dccph_checksum = dccp_v6_csum_finish(skb, &rxip6h->saddr, 272 &rxip6h->daddr); 273 274 memset(&fl6, 0, sizeof(fl6)); 275 fl6.daddr = rxip6h->saddr; 276 fl6.saddr = rxip6h->daddr; 277 278 fl6.flowi6_proto = IPPROTO_DCCP; 279 fl6.flowi6_oif = inet6_iif(rxskb); 280 fl6.fl6_dport = dccp_hdr(skb)->dccph_dport; 281 fl6.fl6_sport = dccp_hdr(skb)->dccph_sport; 282 security_skb_classify_flow(rxskb, flowi6_to_flowi_common(&fl6)); 283 284 /* sk = NULL, but it is safe for now. RST socket required. */ 285 dst = ip6_dst_lookup_flow(sock_net(ctl_sk), ctl_sk, &fl6, NULL); 286 if (!IS_ERR(dst)) { 287 skb_dst_set(skb, dst); 288 ip6_xmit(ctl_sk, skb, &fl6, 0, NULL, 0, 0); 289 DCCP_INC_STATS(DCCP_MIB_OUTSEGS); 290 DCCP_INC_STATS(DCCP_MIB_OUTRSTS); 291 return; 292 } 293 294 kfree_skb(skb); 295} 296 297static struct request_sock_ops dccp6_request_sock_ops = { 298 .family = AF_INET6, 299 .obj_size = sizeof(struct dccp6_request_sock), 300 .rtx_syn_ack = dccp_v6_send_response, 301 .send_ack = dccp_reqsk_send_ack, 302 .destructor = dccp_v6_reqsk_destructor, 303 .send_reset = dccp_v6_ctl_send_reset, 304 .syn_ack_timeout = dccp_syn_ack_timeout, 305}; 306 307static int dccp_v6_conn_request(struct sock *sk, struct sk_buff *skb) 308{ 309 struct request_sock *req; 310 struct dccp_request_sock *dreq; 311 struct inet_request_sock *ireq; 312 struct ipv6_pinfo *np = inet6_sk(sk); 313 const __be32 service = dccp_hdr_request(skb)->dccph_req_service; 314 struct dccp_skb_cb *dcb = DCCP_SKB_CB(skb); 315 316 if (skb->protocol == htons(ETH_P_IP)) 317 return dccp_v4_conn_request(sk, skb); 318 319 if (!ipv6_unicast_destination(skb)) 320 return 0; /* discard, don't send a reset here */ 321 322 if (ipv6_addr_v4mapped(&ipv6_hdr(skb)->saddr)) { 323 __IP6_INC_STATS(sock_net(sk), NULL, IPSTATS_MIB_INHDRERRORS); 324 return 0; 325 } 326 327 if (dccp_bad_service_code(sk, service)) { 328 dcb->dccpd_reset_code = DCCP_RESET_CODE_BAD_SERVICE_CODE; 329 goto drop; 330 } 331 /* 332 * There are no SYN attacks on IPv6, yet... 333 */ 334 dcb->dccpd_reset_code = DCCP_RESET_CODE_TOO_BUSY; 335 if (inet_csk_reqsk_queue_is_full(sk)) 336 goto drop; 337 338 if (sk_acceptq_is_full(sk)) 339 goto drop; 340 341 req = inet_reqsk_alloc(&dccp6_request_sock_ops, sk, true); 342 if (req == NULL) 343 goto drop; 344 345 if (dccp_reqsk_init(req, dccp_sk(sk), skb)) 346 goto drop_and_free; 347 348 dreq = dccp_rsk(req); 349 if (dccp_parse_options(sk, dreq, skb)) 350 goto drop_and_free; 351 352 ireq = inet_rsk(req); 353 ireq->ir_v6_rmt_addr = ipv6_hdr(skb)->saddr; 354 ireq->ir_v6_loc_addr = ipv6_hdr(skb)->daddr; 355 ireq->ireq_family = AF_INET6; 356 ireq->ir_mark = inet_request_mark(sk, skb); 357 358 if (security_inet_conn_request(sk, skb, req)) 359 goto drop_and_free; 360 361 if (ipv6_opt_accepted(sk, skb, IP6CB(skb)) || 362 np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo || 363 np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) { 364 refcount_inc(&skb->users); 365 ireq->pktopts = skb; 366 } 367 ireq->ir_iif = sk->sk_bound_dev_if; 368 369 /* So that link locals have meaning */ 370 if (!sk->sk_bound_dev_if && 371 ipv6_addr_type(&ireq->ir_v6_rmt_addr) & IPV6_ADDR_LINKLOCAL) 372 ireq->ir_iif = inet6_iif(skb); 373 374 /* 375 * Step 3: Process LISTEN state 376 * 377 * Set S.ISR, S.GSR, S.SWL, S.SWH from packet or Init Cookie 378 * 379 * Setting S.SWL/S.SWH to is deferred to dccp_create_openreq_child(). 380 */ 381 dreq->dreq_isr = dcb->dccpd_seq; 382 dreq->dreq_gsr = dreq->dreq_isr; 383 dreq->dreq_iss = dccp_v6_init_sequence(skb); 384 dreq->dreq_gss = dreq->dreq_iss; 385 dreq->dreq_service = service; 386 387 if (dccp_v6_send_response(sk, req)) 388 goto drop_and_free; 389 390 inet_csk_reqsk_queue_hash_add(sk, req, DCCP_TIMEOUT_INIT); 391 reqsk_put(req); 392 return 0; 393 394drop_and_free: 395 reqsk_free(req); 396drop: 397 __DCCP_INC_STATS(DCCP_MIB_ATTEMPTFAILS); 398 return -1; 399} 400 401static struct sock *dccp_v6_request_recv_sock(const struct sock *sk, 402 struct sk_buff *skb, 403 struct request_sock *req, 404 struct dst_entry *dst, 405 struct request_sock *req_unhash, 406 bool *own_req) 407{ 408 struct inet_request_sock *ireq = inet_rsk(req); 409 struct ipv6_pinfo *newnp; 410 const struct ipv6_pinfo *np = inet6_sk(sk); 411 struct ipv6_txoptions *opt; 412 struct inet_sock *newinet; 413 struct dccp6_sock *newdp6; 414 struct sock *newsk; 415 416 if (skb->protocol == htons(ETH_P_IP)) { 417 /* 418 * v6 mapped 419 */ 420 newsk = dccp_v4_request_recv_sock(sk, skb, req, dst, 421 req_unhash, own_req); 422 if (newsk == NULL) 423 return NULL; 424 425 newdp6 = (struct dccp6_sock *)newsk; 426 newinet = inet_sk(newsk); 427 newinet->pinet6 = &newdp6->inet6; 428 newnp = inet6_sk(newsk); 429 430 memcpy(newnp, np, sizeof(struct ipv6_pinfo)); 431 432 newnp->saddr = newsk->sk_v6_rcv_saddr; 433 434 inet_csk(newsk)->icsk_af_ops = &dccp_ipv6_mapped; 435 newsk->sk_backlog_rcv = dccp_v4_do_rcv; 436 newnp->pktoptions = NULL; 437 newnp->opt = NULL; 438 newnp->ipv6_mc_list = NULL; 439 newnp->ipv6_ac_list = NULL; 440 newnp->ipv6_fl_list = NULL; 441 newnp->mcast_oif = inet_iif(skb); 442 newnp->mcast_hops = ip_hdr(skb)->ttl; 443 444 /* 445 * No need to charge this sock to the relevant IPv6 refcnt debug socks count 446 * here, dccp_create_openreq_child now does this for us, see the comment in 447 * that function for the gory details. -acme 448 */ 449 450 /* It is tricky place. Until this moment IPv4 tcp 451 worked with IPv6 icsk.icsk_af_ops. 452 Sync it now. 453 */ 454 dccp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie); 455 456 return newsk; 457 } 458 459 460 if (sk_acceptq_is_full(sk)) 461 goto out_overflow; 462 463 if (!dst) { 464 struct flowi6 fl6; 465 466 dst = inet6_csk_route_req(sk, &fl6, req, IPPROTO_DCCP); 467 if (!dst) 468 goto out; 469 } 470 471 newsk = dccp_create_openreq_child(sk, req, skb); 472 if (newsk == NULL) 473 goto out_nonewsk; 474 475 /* 476 * No need to charge this sock to the relevant IPv6 refcnt debug socks 477 * count here, dccp_create_openreq_child now does this for us, see the 478 * comment in that function for the gory details. -acme 479 */ 480 481 ip6_dst_store(newsk, dst, NULL, NULL); 482 newsk->sk_route_caps = dst->dev->features & ~(NETIF_F_IP_CSUM | 483 NETIF_F_TSO); 484 newdp6 = (struct dccp6_sock *)newsk; 485 newinet = inet_sk(newsk); 486 newinet->pinet6 = &newdp6->inet6; 487 newnp = inet6_sk(newsk); 488 489 memcpy(newnp, np, sizeof(struct ipv6_pinfo)); 490 491 newsk->sk_v6_daddr = ireq->ir_v6_rmt_addr; 492 newnp->saddr = ireq->ir_v6_loc_addr; 493 newsk->sk_v6_rcv_saddr = ireq->ir_v6_loc_addr; 494 newsk->sk_bound_dev_if = ireq->ir_iif; 495 496 /* Now IPv6 options... 497 498 First: no IPv4 options. 499 */ 500 newinet->inet_opt = NULL; 501 502 /* Clone RX bits */ 503 newnp->rxopt.all = np->rxopt.all; 504 505 newnp->ipv6_mc_list = NULL; 506 newnp->ipv6_ac_list = NULL; 507 newnp->ipv6_fl_list = NULL; 508 newnp->pktoptions = NULL; 509 newnp->opt = NULL; 510 newnp->mcast_oif = inet6_iif(skb); 511 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit; 512 513 /* 514 * Clone native IPv6 options from listening socket (if any) 515 * 516 * Yes, keeping reference count would be much more clever, but we make 517 * one more one thing there: reattach optmem to newsk. 518 */ 519 opt = ireq->ipv6_opt; 520 if (!opt) 521 opt = rcu_dereference(np->opt); 522 if (opt) { 523 opt = ipv6_dup_options(newsk, opt); 524 RCU_INIT_POINTER(newnp->opt, opt); 525 } 526 inet_csk(newsk)->icsk_ext_hdr_len = 0; 527 if (opt) 528 inet_csk(newsk)->icsk_ext_hdr_len = opt->opt_nflen + 529 opt->opt_flen; 530 531 dccp_sync_mss(newsk, dst_mtu(dst)); 532 533 newinet->inet_daddr = newinet->inet_saddr = LOOPBACK4_IPV6; 534 newinet->inet_rcv_saddr = LOOPBACK4_IPV6; 535 536 if (__inet_inherit_port(sk, newsk) < 0) { 537 inet_csk_prepare_forced_close(newsk); 538 dccp_done(newsk); 539 goto out; 540 } 541 *own_req = inet_ehash_nolisten(newsk, req_to_sk(req_unhash), NULL); 542 /* Clone pktoptions received with SYN, if we own the req */ 543 if (*own_req && ireq->pktopts) { 544 newnp->pktoptions = skb_clone_and_charge_r(ireq->pktopts, newsk); 545 consume_skb(ireq->pktopts); 546 ireq->pktopts = NULL; 547 } 548 549 return newsk; 550 551out_overflow: 552 __NET_INC_STATS(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS); 553out_nonewsk: 554 dst_release(dst); 555out: 556 __NET_INC_STATS(sock_net(sk), LINUX_MIB_LISTENDROPS); 557 return NULL; 558} 559 560/* The socket must have it's spinlock held when we get 561 * here. 562 * 563 * We have a potential double-lock case here, so even when 564 * doing backlog processing we use the BH locking scheme. 565 * This is because we cannot sleep with the original spinlock 566 * held. 567 */ 568static int dccp_v6_do_rcv(struct sock *sk, struct sk_buff *skb) 569{ 570 struct ipv6_pinfo *np = inet6_sk(sk); 571 struct sk_buff *opt_skb = NULL; 572 573 /* Imagine: socket is IPv6. IPv4 packet arrives, 574 goes to IPv4 receive handler and backlogged. 575 From backlog it always goes here. Kerboom... 576 Fortunately, dccp_rcv_established and rcv_established 577 handle them correctly, but it is not case with 578 dccp_v6_hnd_req and dccp_v6_ctl_send_reset(). --ANK 579 */ 580 581 if (skb->protocol == htons(ETH_P_IP)) 582 return dccp_v4_do_rcv(sk, skb); 583 584 if (sk_filter(sk, skb)) 585 goto discard; 586 587 /* 588 * socket locking is here for SMP purposes as backlog rcv is currently 589 * called with bh processing disabled. 590 */ 591 592 /* Do Stevens' IPV6_PKTOPTIONS. 593 594 Yes, guys, it is the only place in our code, where we 595 may make it not affecting IPv4. 596 The rest of code is protocol independent, 597 and I do not like idea to uglify IPv4. 598 599 Actually, all the idea behind IPV6_PKTOPTIONS 600 looks not very well thought. For now we latch 601 options, received in the last packet, enqueued 602 by tcp. Feel free to propose better solution. 603 --ANK (980728) 604 */ 605 if (np->rxopt.all) 606 opt_skb = skb_clone_and_charge_r(skb, sk); 607 608 if (sk->sk_state == DCCP_OPEN) { /* Fast path */ 609 if (dccp_rcv_established(sk, skb, dccp_hdr(skb), skb->len)) 610 goto reset; 611 if (opt_skb) 612 goto ipv6_pktoptions; 613 return 0; 614 } 615 616 /* 617 * Step 3: Process LISTEN state 618 * If S.state == LISTEN, 619 * If P.type == Request or P contains a valid Init Cookie option, 620 * (* Must scan the packet's options to check for Init 621 * Cookies. Only Init Cookies are processed here, 622 * however; other options are processed in Step 8. This 623 * scan need only be performed if the endpoint uses Init 624 * Cookies *) 625 * (* Generate a new socket and switch to that socket *) 626 * Set S := new socket for this port pair 627 * S.state = RESPOND 628 * Choose S.ISS (initial seqno) or set from Init Cookies 629 * Initialize S.GAR := S.ISS 630 * Set S.ISR, S.GSR, S.SWL, S.SWH from packet or Init Cookies 631 * Continue with S.state == RESPOND 632 * (* A Response packet will be generated in Step 11 *) 633 * Otherwise, 634 * Generate Reset(No Connection) unless P.type == Reset 635 * Drop packet and return 636 * 637 * NOTE: the check for the packet types is done in 638 * dccp_rcv_state_process 639 */ 640 641 if (dccp_rcv_state_process(sk, skb, dccp_hdr(skb), skb->len)) 642 goto reset; 643 if (opt_skb) 644 goto ipv6_pktoptions; 645 return 0; 646 647reset: 648 dccp_v6_ctl_send_reset(sk, skb); 649discard: 650 if (opt_skb != NULL) 651 __kfree_skb(opt_skb); 652 kfree_skb(skb); 653 return 0; 654 655/* Handling IPV6_PKTOPTIONS skb the similar 656 * way it's done for net/ipv6/tcp_ipv6.c 657 */ 658ipv6_pktoptions: 659 if (!((1 << sk->sk_state) & (DCCPF_CLOSED | DCCPF_LISTEN))) { 660 if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo) 661 np->mcast_oif = inet6_iif(opt_skb); 662 if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) 663 np->mcast_hops = ipv6_hdr(opt_skb)->hop_limit; 664 if (np->rxopt.bits.rxflow || np->rxopt.bits.rxtclass) 665 np->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(opt_skb)); 666 if (np->repflow) 667 np->flow_label = ip6_flowlabel(ipv6_hdr(opt_skb)); 668 if (ipv6_opt_accepted(sk, opt_skb, 669 &DCCP_SKB_CB(opt_skb)->header.h6)) { 670 memmove(IP6CB(opt_skb), 671 &DCCP_SKB_CB(opt_skb)->header.h6, 672 sizeof(struct inet6_skb_parm)); 673 opt_skb = xchg(&np->pktoptions, opt_skb); 674 } else { 675 __kfree_skb(opt_skb); 676 opt_skb = xchg(&np->pktoptions, NULL); 677 } 678 } 679 680 kfree_skb(opt_skb); 681 return 0; 682} 683 684static int dccp_v6_rcv(struct sk_buff *skb) 685{ 686 const struct dccp_hdr *dh; 687 bool refcounted; 688 struct sock *sk; 689 int min_cov; 690 691 /* Step 1: Check header basics */ 692 693 if (dccp_invalid_packet(skb)) 694 goto discard_it; 695 696 /* Step 1: If header checksum is incorrect, drop packet and return. */ 697 if (dccp_v6_csum_finish(skb, &ipv6_hdr(skb)->saddr, 698 &ipv6_hdr(skb)->daddr)) { 699 DCCP_WARN("dropped packet with invalid checksum\n"); 700 goto discard_it; 701 } 702 703 dh = dccp_hdr(skb); 704 705 DCCP_SKB_CB(skb)->dccpd_seq = dccp_hdr_seq(dh); 706 DCCP_SKB_CB(skb)->dccpd_type = dh->dccph_type; 707 708 if (dccp_packet_without_ack(skb)) 709 DCCP_SKB_CB(skb)->dccpd_ack_seq = DCCP_PKT_WITHOUT_ACK_SEQ; 710 else 711 DCCP_SKB_CB(skb)->dccpd_ack_seq = dccp_hdr_ack_seq(skb); 712 713lookup: 714 sk = __inet6_lookup_skb(&dccp_hashinfo, skb, __dccp_hdr_len(dh), 715 dh->dccph_sport, dh->dccph_dport, 716 inet6_iif(skb), 0, &refcounted); 717 if (!sk) { 718 dccp_pr_debug("failed to look up flow ID in table and " 719 "get corresponding socket\n"); 720 goto no_dccp_socket; 721 } 722 723 /* 724 * Step 2: 725 * ... or S.state == TIMEWAIT, 726 * Generate Reset(No Connection) unless P.type == Reset 727 * Drop packet and return 728 */ 729 if (sk->sk_state == DCCP_TIME_WAIT) { 730 dccp_pr_debug("sk->sk_state == DCCP_TIME_WAIT: do_time_wait\n"); 731 inet_twsk_put(inet_twsk(sk)); 732 goto no_dccp_socket; 733 } 734 735 if (sk->sk_state == DCCP_NEW_SYN_RECV) { 736 struct request_sock *req = inet_reqsk(sk); 737 struct sock *nsk; 738 739 sk = req->rsk_listener; 740 if (unlikely(sk->sk_state != DCCP_LISTEN)) { 741 inet_csk_reqsk_queue_drop_and_put(sk, req); 742 goto lookup; 743 } 744 sock_hold(sk); 745 refcounted = true; 746 nsk = dccp_check_req(sk, skb, req); 747 if (!nsk) { 748 reqsk_put(req); 749 goto discard_and_relse; 750 } 751 if (nsk == sk) { 752 reqsk_put(req); 753 } else if (dccp_child_process(sk, nsk, skb)) { 754 dccp_v6_ctl_send_reset(sk, skb); 755 goto discard_and_relse; 756 } else { 757 sock_put(sk); 758 return 0; 759 } 760 } 761 /* 762 * RFC 4340, sec. 9.2.1: Minimum Checksum Coverage 763 * o if MinCsCov = 0, only packets with CsCov = 0 are accepted 764 * o if MinCsCov > 0, also accept packets with CsCov >= MinCsCov 765 */ 766 min_cov = dccp_sk(sk)->dccps_pcrlen; 767 if (dh->dccph_cscov && (min_cov == 0 || dh->dccph_cscov < min_cov)) { 768 dccp_pr_debug("Packet CsCov %d does not satisfy MinCsCov %d\n", 769 dh->dccph_cscov, min_cov); 770 /* FIXME: send Data Dropped option (see also dccp_v4_rcv) */ 771 goto discard_and_relse; 772 } 773 774 if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb)) 775 goto discard_and_relse; 776 777 return __sk_receive_skb(sk, skb, 1, dh->dccph_doff * 4, 778 refcounted) ? -1 : 0; 779 780no_dccp_socket: 781 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) 782 goto discard_it; 783 /* 784 * Step 2: 785 * If no socket ... 786 * Generate Reset(No Connection) unless P.type == Reset 787 * Drop packet and return 788 */ 789 if (dh->dccph_type != DCCP_PKT_RESET) { 790 DCCP_SKB_CB(skb)->dccpd_reset_code = 791 DCCP_RESET_CODE_NO_CONNECTION; 792 dccp_v6_ctl_send_reset(sk, skb); 793 } 794 795discard_it: 796 kfree_skb(skb); 797 return 0; 798 799discard_and_relse: 800 if (refcounted) 801 sock_put(sk); 802 goto discard_it; 803} 804 805static int dccp_v6_connect(struct sock *sk, struct sockaddr *uaddr, 806 int addr_len) 807{ 808 struct sockaddr_in6 *usin = (struct sockaddr_in6 *)uaddr; 809 struct inet_connection_sock *icsk = inet_csk(sk); 810 struct inet_sock *inet = inet_sk(sk); 811 struct ipv6_pinfo *np = inet6_sk(sk); 812 struct dccp_sock *dp = dccp_sk(sk); 813 struct in6_addr *saddr = NULL, *final_p, final; 814 struct ipv6_txoptions *opt; 815 struct flowi6 fl6; 816 struct dst_entry *dst; 817 int addr_type; 818 int err; 819 820 dp->dccps_role = DCCP_ROLE_CLIENT; 821 822 if (addr_len < SIN6_LEN_RFC2133) 823 return -EINVAL; 824 825 if (usin->sin6_family != AF_INET6) 826 return -EAFNOSUPPORT; 827 828 memset(&fl6, 0, sizeof(fl6)); 829 830 if (np->sndflow) { 831 fl6.flowlabel = usin->sin6_flowinfo & IPV6_FLOWINFO_MASK; 832 IP6_ECN_flow_init(fl6.flowlabel); 833 if (fl6.flowlabel & IPV6_FLOWLABEL_MASK) { 834 struct ip6_flowlabel *flowlabel; 835 flowlabel = fl6_sock_lookup(sk, fl6.flowlabel); 836 if (IS_ERR(flowlabel)) 837 return -EINVAL; 838 fl6_sock_release(flowlabel); 839 } 840 } 841 /* 842 * connect() to INADDR_ANY means loopback (BSD'ism). 843 */ 844 if (ipv6_addr_any(&usin->sin6_addr)) 845 usin->sin6_addr.s6_addr[15] = 1; 846 847 addr_type = ipv6_addr_type(&usin->sin6_addr); 848 849 if (addr_type & IPV6_ADDR_MULTICAST) 850 return -ENETUNREACH; 851 852 if (addr_type & IPV6_ADDR_LINKLOCAL) { 853 if (addr_len >= sizeof(struct sockaddr_in6) && 854 usin->sin6_scope_id) { 855 /* If interface is set while binding, indices 856 * must coincide. 857 */ 858 if (sk->sk_bound_dev_if && 859 sk->sk_bound_dev_if != usin->sin6_scope_id) 860 return -EINVAL; 861 862 sk->sk_bound_dev_if = usin->sin6_scope_id; 863 } 864 865 /* Connect to link-local address requires an interface */ 866 if (!sk->sk_bound_dev_if) 867 return -EINVAL; 868 } 869 870 sk->sk_v6_daddr = usin->sin6_addr; 871 np->flow_label = fl6.flowlabel; 872 873 /* 874 * DCCP over IPv4 875 */ 876 if (addr_type == IPV6_ADDR_MAPPED) { 877 u32 exthdrlen = icsk->icsk_ext_hdr_len; 878 struct sockaddr_in sin; 879 880 SOCK_DEBUG(sk, "connect: ipv4 mapped\n"); 881 882 if (__ipv6_only_sock(sk)) 883 return -ENETUNREACH; 884 885 sin.sin_family = AF_INET; 886 sin.sin_port = usin->sin6_port; 887 sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3]; 888 889 icsk->icsk_af_ops = &dccp_ipv6_mapped; 890 sk->sk_backlog_rcv = dccp_v4_do_rcv; 891 892 err = dccp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin)); 893 if (err) { 894 icsk->icsk_ext_hdr_len = exthdrlen; 895 icsk->icsk_af_ops = &dccp_ipv6_af_ops; 896 sk->sk_backlog_rcv = dccp_v6_do_rcv; 897 goto failure; 898 } 899 np->saddr = sk->sk_v6_rcv_saddr; 900 return err; 901 } 902 903 if (!ipv6_addr_any(&sk->sk_v6_rcv_saddr)) 904 saddr = &sk->sk_v6_rcv_saddr; 905 906 fl6.flowi6_proto = IPPROTO_DCCP; 907 fl6.daddr = sk->sk_v6_daddr; 908 fl6.saddr = saddr ? *saddr : np->saddr; 909 fl6.flowi6_oif = sk->sk_bound_dev_if; 910 fl6.fl6_dport = usin->sin6_port; 911 fl6.fl6_sport = inet->inet_sport; 912 security_sk_classify_flow(sk, flowi6_to_flowi_common(&fl6)); 913 914 opt = rcu_dereference_protected(np->opt, lockdep_sock_is_held(sk)); 915 final_p = fl6_update_dst(&fl6, opt, &final); 916 917 dst = ip6_dst_lookup_flow(sock_net(sk), sk, &fl6, final_p); 918 if (IS_ERR(dst)) { 919 err = PTR_ERR(dst); 920 goto failure; 921 } 922 923 if (saddr == NULL) { 924 saddr = &fl6.saddr; 925 sk->sk_v6_rcv_saddr = *saddr; 926 } 927 928 /* set the source address */ 929 np->saddr = *saddr; 930 inet->inet_rcv_saddr = LOOPBACK4_IPV6; 931 932 ip6_dst_store(sk, dst, NULL, NULL); 933 934 icsk->icsk_ext_hdr_len = 0; 935 if (opt) 936 icsk->icsk_ext_hdr_len = opt->opt_flen + opt->opt_nflen; 937 938 inet->inet_dport = usin->sin6_port; 939 940 dccp_set_state(sk, DCCP_REQUESTING); 941 err = inet6_hash_connect(&dccp_death_row, sk); 942 if (err) 943 goto late_failure; 944 945 dp->dccps_iss = secure_dccpv6_sequence_number(np->saddr.s6_addr32, 946 sk->sk_v6_daddr.s6_addr32, 947 inet->inet_sport, 948 inet->inet_dport); 949 err = dccp_connect(sk); 950 if (err) 951 goto late_failure; 952 953 return 0; 954 955late_failure: 956 dccp_set_state(sk, DCCP_CLOSED); 957 if (!(sk->sk_userlocks & SOCK_BINDADDR_LOCK)) 958 inet_reset_saddr(sk); 959 __sk_dst_reset(sk); 960failure: 961 inet->inet_dport = 0; 962 sk->sk_route_caps = 0; 963 return err; 964} 965 966static const struct inet_connection_sock_af_ops dccp_ipv6_af_ops = { 967 .queue_xmit = inet6_csk_xmit, 968 .send_check = dccp_v6_send_check, 969 .rebuild_header = inet6_sk_rebuild_header, 970 .conn_request = dccp_v6_conn_request, 971 .syn_recv_sock = dccp_v6_request_recv_sock, 972 .net_header_len = sizeof(struct ipv6hdr), 973 .setsockopt = ipv6_setsockopt, 974 .getsockopt = ipv6_getsockopt, 975 .addr2sockaddr = inet6_csk_addr2sockaddr, 976 .sockaddr_len = sizeof(struct sockaddr_in6), 977}; 978 979/* 980 * DCCP over IPv4 via INET6 API 981 */ 982static const struct inet_connection_sock_af_ops dccp_ipv6_mapped = { 983 .queue_xmit = ip_queue_xmit, 984 .send_check = dccp_v4_send_check, 985 .rebuild_header = inet_sk_rebuild_header, 986 .conn_request = dccp_v6_conn_request, 987 .syn_recv_sock = dccp_v6_request_recv_sock, 988 .net_header_len = sizeof(struct iphdr), 989 .setsockopt = ipv6_setsockopt, 990 .getsockopt = ipv6_getsockopt, 991 .addr2sockaddr = inet6_csk_addr2sockaddr, 992 .sockaddr_len = sizeof(struct sockaddr_in6), 993}; 994 995static void dccp_v6_sk_destruct(struct sock *sk) 996{ 997 dccp_destruct_common(sk); 998 inet6_sock_destruct(sk); 999} 1000 1001/* NOTE: A lot of things set to zero explicitly by call to 1002 * sk_alloc() so need not be done here. 1003 */ 1004static int dccp_v6_init_sock(struct sock *sk) 1005{ 1006 static __u8 dccp_v6_ctl_sock_initialized; 1007 int err = dccp_init_sock(sk, dccp_v6_ctl_sock_initialized); 1008 1009 if (err == 0) { 1010 if (unlikely(!dccp_v6_ctl_sock_initialized)) 1011 dccp_v6_ctl_sock_initialized = 1; 1012 inet_csk(sk)->icsk_af_ops = &dccp_ipv6_af_ops; 1013 sk->sk_destruct = dccp_v6_sk_destruct; 1014 } 1015 1016 return err; 1017} 1018 1019static struct timewait_sock_ops dccp6_timewait_sock_ops = { 1020 .twsk_obj_size = sizeof(struct dccp6_timewait_sock), 1021}; 1022 1023static struct proto dccp_v6_prot = { 1024 .name = "DCCPv6", 1025 .owner = THIS_MODULE, 1026 .close = dccp_close, 1027 .connect = dccp_v6_connect, 1028 .disconnect = dccp_disconnect, 1029 .ioctl = dccp_ioctl, 1030 .init = dccp_v6_init_sock, 1031 .setsockopt = dccp_setsockopt, 1032 .getsockopt = dccp_getsockopt, 1033 .sendmsg = dccp_sendmsg, 1034 .recvmsg = dccp_recvmsg, 1035 .backlog_rcv = dccp_v6_do_rcv, 1036 .hash = inet6_hash, 1037 .unhash = inet_unhash, 1038 .accept = inet_csk_accept, 1039 .get_port = inet_csk_get_port, 1040 .shutdown = dccp_shutdown, 1041 .destroy = dccp_destroy_sock, 1042 .orphan_count = &dccp_orphan_count, 1043 .max_header = MAX_DCCP_HEADER, 1044 .obj_size = sizeof(struct dccp6_sock), 1045 .slab_flags = SLAB_TYPESAFE_BY_RCU, 1046 .rsk_prot = &dccp6_request_sock_ops, 1047 .twsk_prot = &dccp6_timewait_sock_ops, 1048 .h.hashinfo = &dccp_hashinfo, 1049}; 1050 1051static const struct inet6_protocol dccp_v6_protocol = { 1052 .handler = dccp_v6_rcv, 1053 .err_handler = dccp_v6_err, 1054 .flags = INET6_PROTO_NOPOLICY | INET6_PROTO_FINAL, 1055}; 1056 1057static const struct proto_ops inet6_dccp_ops = { 1058 .family = PF_INET6, 1059 .owner = THIS_MODULE, 1060 .release = inet6_release, 1061 .bind = inet6_bind, 1062 .connect = inet_stream_connect, 1063 .socketpair = sock_no_socketpair, 1064 .accept = inet_accept, 1065 .getname = inet6_getname, 1066 .poll = dccp_poll, 1067 .ioctl = inet6_ioctl, 1068 .gettstamp = sock_gettstamp, 1069 .listen = inet_dccp_listen, 1070 .shutdown = inet_shutdown, 1071 .setsockopt = sock_common_setsockopt, 1072 .getsockopt = sock_common_getsockopt, 1073 .sendmsg = inet_sendmsg, 1074 .recvmsg = sock_common_recvmsg, 1075 .mmap = sock_no_mmap, 1076 .sendpage = sock_no_sendpage, 1077#ifdef CONFIG_COMPAT 1078 .compat_ioctl = inet6_compat_ioctl, 1079#endif 1080}; 1081 1082static struct inet_protosw dccp_v6_protosw = { 1083 .type = SOCK_DCCP, 1084 .protocol = IPPROTO_DCCP, 1085 .prot = &dccp_v6_prot, 1086 .ops = &inet6_dccp_ops, 1087 .flags = INET_PROTOSW_ICSK, 1088}; 1089 1090static int __net_init dccp_v6_init_net(struct net *net) 1091{ 1092 if (dccp_hashinfo.bhash == NULL) 1093 return -ESOCKTNOSUPPORT; 1094 1095 return inet_ctl_sock_create(&net->dccp.v6_ctl_sk, PF_INET6, 1096 SOCK_DCCP, IPPROTO_DCCP, net); 1097} 1098 1099static void __net_exit dccp_v6_exit_net(struct net *net) 1100{ 1101 inet_ctl_sock_destroy(net->dccp.v6_ctl_sk); 1102} 1103 1104static void __net_exit dccp_v6_exit_batch(struct list_head *net_exit_list) 1105{ 1106 inet_twsk_purge(&dccp_hashinfo, AF_INET6); 1107} 1108 1109static struct pernet_operations dccp_v6_ops = { 1110 .init = dccp_v6_init_net, 1111 .exit = dccp_v6_exit_net, 1112 .exit_batch = dccp_v6_exit_batch, 1113}; 1114 1115static int __init dccp_v6_init(void) 1116{ 1117 int err = proto_register(&dccp_v6_prot, 1); 1118 1119 if (err) 1120 goto out; 1121 1122 inet6_register_protosw(&dccp_v6_protosw); 1123 1124 err = register_pernet_subsys(&dccp_v6_ops); 1125 if (err) 1126 goto out_destroy_ctl_sock; 1127 1128 err = inet6_add_protocol(&dccp_v6_protocol, IPPROTO_DCCP); 1129 if (err) 1130 goto out_unregister_proto; 1131 1132out: 1133 return err; 1134out_unregister_proto: 1135 unregister_pernet_subsys(&dccp_v6_ops); 1136out_destroy_ctl_sock: 1137 inet6_unregister_protosw(&dccp_v6_protosw); 1138 proto_unregister(&dccp_v6_prot); 1139 goto out; 1140} 1141 1142static void __exit dccp_v6_exit(void) 1143{ 1144 inet6_del_protocol(&dccp_v6_protocol, IPPROTO_DCCP); 1145 unregister_pernet_subsys(&dccp_v6_ops); 1146 inet6_unregister_protosw(&dccp_v6_protosw); 1147 proto_unregister(&dccp_v6_prot); 1148} 1149 1150module_init(dccp_v6_init); 1151module_exit(dccp_v6_exit); 1152 1153/* 1154 * __stringify doesn't likes enums, so use SOCK_DCCP (6) and IPPROTO_DCCP (33) 1155 * values directly, Also cover the case where the protocol is not specified, 1156 * i.e. net-pf-PF_INET6-proto-0-type-SOCK_DCCP 1157 */ 1158MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_INET6, 33, 6); 1159MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_INET6, 0, 6); 1160MODULE_LICENSE("GPL"); 1161MODULE_AUTHOR("Arnaldo Carvalho de Melo <acme@mandriva.com>"); 1162MODULE_DESCRIPTION("DCCPv6 - Datagram Congestion Controlled Protocol"); 1163