projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
[DCCP]: dccp_v(4|6)_ctl_socket is leaked.
[deliverable/linux.git] / net / dccp / ipv6.c
1 /*
2 * DCCP over IPv6
3 * Linux INET6 implementation
4 *
5 * Based on net/dccp6/ipv6.c
6 *
7 * Arnaldo Carvalho de Melo <acme@ghostprotocols.net>
8 *
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License
11 * as published by the Free Software Foundation; either version
12 * 2 of the License, or (at your option) any later version.
13 */
14
15 #include <linux/module.h>
16 #include <linux/random.h>
17 #include <linux/xfrm.h>
18
19 #include <net/addrconf.h>
20 #include <net/inet_common.h>
21 #include <net/inet_hashtables.h>
22 #include <net/inet_sock.h>
23 #include <net/inet6_connection_sock.h>
24 #include <net/inet6_hashtables.h>
25 #include <net/ip6_route.h>
26 #include <net/ipv6.h>
27 #include <net/protocol.h>
28 #include <net/transp_v6.h>
29 #include <net/ip6_checksum.h>
30 #include <net/xfrm.h>
31
32 #include "dccp.h"
33 #include "ipv6.h"
34 #include "feat.h"
35
36 /* Socket used for sending RSTs and ACKs */
37 static struct sock *dccp_v6_ctl_sk;
38
39 static struct inet_connection_sock_af_ops dccp_ipv6_mapped;
40 static struct inet_connection_sock_af_ops dccp_ipv6_af_ops;
41
42 static void dccp_v6_hash(struct sock *sk)
43 {
44 if (sk->sk_state != DCCP_CLOSED) {
45 if (inet_csk(sk)->icsk_af_ops == &dccp_ipv6_mapped) {
46 inet_hash(sk);
47 return;
48 }
49 local_bh_disable();
50 __inet6_hash(sk);
51 local_bh_enable();
52 }
53 }
54
55 /* add pseudo-header to DCCP checksum stored in skb->csum */
56 static inline __sum16 dccp_v6_csum_finish(struct sk_buff *skb,
57 struct in6_addr *saddr,
58 struct in6_addr *daddr)
59 {
60 return csum_ipv6_magic(saddr, daddr, skb->len, IPPROTO_DCCP, skb->csum);
61 }
62
63 static inline void dccp_v6_send_check(struct sock *sk, int unused_value,
64 struct sk_buff *skb)
65 {
66 struct ipv6_pinfo *np = inet6_sk(sk);
67 struct dccp_hdr *dh = dccp_hdr(skb);
68
69 dccp_csum_outgoing(skb);
70 dh->dccph_checksum = dccp_v6_csum_finish(skb, &np->saddr, &np->daddr);
71 }
72
73 static inline __u32 secure_dccpv6_sequence_number(__be32 *saddr, __be32 *daddr,
74 __be16 sport, __be16 dport )
75 {
76 return secure_tcpv6_sequence_number(saddr, daddr, sport, dport);
77 }
78
79 static inline __u32 dccp_v6_init_sequence(struct sk_buff *skb)
80 {
81 return secure_dccpv6_sequence_number(ipv6_hdr(skb)->daddr.s6_addr32,
82 ipv6_hdr(skb)->saddr.s6_addr32,
83 dccp_hdr(skb)->dccph_dport,
84 dccp_hdr(skb)->dccph_sport );
85
86 }
87
88 static void dccp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
89 int type, int code, int offset, __be32 info)
90 {
91 struct ipv6hdr *hdr = (struct ipv6hdr *)skb->data;
92 const struct dccp_hdr *dh = (struct dccp_hdr *)(skb->data + offset);
93 struct ipv6_pinfo *np;
94 struct sock *sk;
95 int err;
96 __u64 seq;
97
98 sk = inet6_lookup(&init_net, &dccp_hashinfo, &hdr->daddr, dh->dccph_dport,
99 &hdr->saddr, dh->dccph_sport, inet6_iif(skb));
100
101 if (sk == NULL) {
102 ICMP6_INC_STATS_BH(__in6_dev_get(skb->dev), ICMP6_MIB_INERRORS);
103 return;
104 }
105
106 if (sk->sk_state == DCCP_TIME_WAIT) {
107 inet_twsk_put(inet_twsk(sk));
108 return;
109 }
110
111 bh_lock_sock(sk);
112 if (sock_owned_by_user(sk))
113 NET_INC_STATS_BH(LINUX_MIB_LOCKDROPPEDICMPS);
114
115 if (sk->sk_state == DCCP_CLOSED)
116 goto out;
117
118 np = inet6_sk(sk);
119
120 if (type == ICMPV6_PKT_TOOBIG) {
121 struct dst_entry *dst = NULL;
122
123 if (sock_owned_by_user(sk))
124 goto out;
125 if ((1 << sk->sk_state) & (DCCPF_LISTEN | DCCPF_CLOSED))
126 goto out;
127
128 /* icmp should have updated the destination cache entry */
129 dst = __sk_dst_check(sk, np->dst_cookie);
130 if (dst == NULL) {
131 struct inet_sock *inet = inet_sk(sk);
132 struct flowi fl;
133
134 /* BUGGG_FUTURE: Again, it is not clear how
135 to handle rthdr case. Ignore this complexity
136 for now.
137 */
138 memset(&fl, 0, sizeof(fl));
139 fl.proto = IPPROTO_DCCP;
140 ipv6_addr_copy(&fl.fl6_dst, &np->daddr);
141 ipv6_addr_copy(&fl.fl6_src, &np->saddr);
142 fl.oif = sk->sk_bound_dev_if;
143 fl.fl_ip_dport = inet->dport;
144 fl.fl_ip_sport = inet->sport;
145 security_sk_classify_flow(sk, &fl);
146
147 err = ip6_dst_lookup(sk, &dst, &fl);
148 if (err) {
149 sk->sk_err_soft = -err;
150 goto out;
151 }
152
153 err = xfrm_lookup(&dst, &fl, sk, 0);
154 if (err < 0) {
155 sk->sk_err_soft = -err;
156 goto out;
157 }
158 } else
159 dst_hold(dst);
160
161 if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) {
162 dccp_sync_mss(sk, dst_mtu(dst));
163 } /* else let the usual retransmit timer handle it */
164 dst_release(dst);
165 goto out;
166 }
167
168 icmpv6_err_convert(type, code, &err);
169
170 seq = dccp_hdr_seq(dh);
171 /* Might be for an request_sock */
172 switch (sk->sk_state) {
173 struct request_sock *req, **prev;
174 case DCCP_LISTEN:
175 if (sock_owned_by_user(sk))
176 goto out;
177
178 req = inet6_csk_search_req(sk, &prev, dh->dccph_dport,
179 &hdr->daddr, &hdr->saddr,
180 inet6_iif(skb));
181 if (req == NULL)
182 goto out;
183
184 /*
185 * ICMPs are not backlogged, hence we cannot get an established
186 * socket here.
187 */
188 BUG_TRAP(req->sk == NULL);
189
190 if (seq != dccp_rsk(req)->dreq_iss) {
191 NET_INC_STATS_BH(LINUX_MIB_OUTOFWINDOWICMPS);
192 goto out;
193 }
194
195 inet_csk_reqsk_queue_drop(sk, req, prev);
196 goto out;
197
198 case DCCP_REQUESTING:
199 case DCCP_RESPOND: /* Cannot happen.
200 It can, it SYNs are crossed. --ANK */
201 if (!sock_owned_by_user(sk)) {
202 DCCP_INC_STATS_BH(DCCP_MIB_ATTEMPTFAILS);
203 sk->sk_err = err;
204 /*
205 * Wake people up to see the error
206 * (see connect in sock.c)
207 */
208 sk->sk_error_report(sk);
209 dccp_done(sk);
210 } else
211 sk->sk_err_soft = err;
212 goto out;
213 }
214
215 if (!sock_owned_by_user(sk) && np->recverr) {
216 sk->sk_err = err;
217 sk->sk_error_report(sk);
218 } else
219 sk->sk_err_soft = err;
220
221 out:
222 bh_unlock_sock(sk);
223 sock_put(sk);
224 }
225
226
227 static int dccp_v6_send_response(struct sock *sk, struct request_sock *req)
228 {
229 struct inet6_request_sock *ireq6 = inet6_rsk(req);
230 struct ipv6_pinfo *np = inet6_sk(sk);
231 struct sk_buff *skb;
232 struct ipv6_txoptions *opt = NULL;
233 struct in6_addr *final_p = NULL, final;
234 struct flowi fl;
235 int err = -1;
236 struct dst_entry *dst;
237
238 memset(&fl, 0, sizeof(fl));
239 fl.proto = IPPROTO_DCCP;
240 ipv6_addr_copy(&fl.fl6_dst, &ireq6->rmt_addr);
241 ipv6_addr_copy(&fl.fl6_src, &ireq6->loc_addr);
242 fl.fl6_flowlabel = 0;
243 fl.oif = ireq6->iif;
244 fl.fl_ip_dport = inet_rsk(req)->rmt_port;
245 fl.fl_ip_sport = inet_sk(sk)->sport;
246 security_req_classify_flow(req, &fl);
247
248 opt = np->opt;
249
250 if (opt != NULL && opt->srcrt != NULL) {
251 const struct rt0_hdr *rt0 = (struct rt0_hdr *)opt->srcrt;
252
253 ipv6_addr_copy(&final, &fl.fl6_dst);
254 ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
255 final_p = &final;
256 }
257
258 err = ip6_dst_lookup(sk, &dst, &fl);
259 if (err)
260 goto done;
261
262 if (final_p)
263 ipv6_addr_copy(&fl.fl6_dst, final_p);
264
265 err = xfrm_lookup(&dst, &fl, sk, 0);
266 if (err < 0)
267 goto done;
268
269 skb = dccp_make_response(sk, dst, req);
270 if (skb != NULL) {
271 struct dccp_hdr *dh = dccp_hdr(skb);
272
273 dh->dccph_checksum = dccp_v6_csum_finish(skb,
274 &ireq6->loc_addr,
275 &ireq6->rmt_addr);
276 ipv6_addr_copy(&fl.fl6_dst, &ireq6->rmt_addr);
277 err = ip6_xmit(sk, skb, &fl, opt, 0);
278 err = net_xmit_eval(err);
279 }
280
281 done:
282 if (opt != NULL && opt != np->opt)
283 sock_kfree_s(sk, opt, opt->tot_len);
284 dst_release(dst);
285 return err;
286 }
287
288 static void dccp_v6_reqsk_destructor(struct request_sock *req)
289 {
290 if (inet6_rsk(req)->pktopts != NULL)
291 kfree_skb(inet6_rsk(req)->pktopts);
292 }
293
294 static void dccp_v6_ctl_send_reset(struct sock *sk, struct sk_buff *rxskb)
295 {
296 struct ipv6hdr *rxip6h;
297 struct sk_buff *skb;
298 struct flowi fl;
299
300 if (dccp_hdr(rxskb)->dccph_type == DCCP_PKT_RESET)
301 return;
302
303 if (!ipv6_unicast_destination(rxskb))
304 return;
305
306 skb = dccp_ctl_make_reset(dccp_v6_ctl_sk, rxskb);
307 if (skb == NULL)
308 return;
309
310 rxip6h = ipv6_hdr(rxskb);
311 dccp_hdr(skb)->dccph_checksum = dccp_v6_csum_finish(skb, &rxip6h->saddr,
312 &rxip6h->daddr);
313
314 memset(&fl, 0, sizeof(fl));
315 ipv6_addr_copy(&fl.fl6_dst, &rxip6h->saddr);
316 ipv6_addr_copy(&fl.fl6_src, &rxip6h->daddr);
317
318 fl.proto = IPPROTO_DCCP;
319 fl.oif = inet6_iif(rxskb);
320 fl.fl_ip_dport = dccp_hdr(skb)->dccph_dport;
321 fl.fl_ip_sport = dccp_hdr(skb)->dccph_sport;
322 security_skb_classify_flow(rxskb, &fl);
323
324 /* sk = NULL, but it is safe for now. RST socket required. */
325 if (!ip6_dst_lookup(NULL, &skb->dst, &fl)) {
326 if (xfrm_lookup(&skb->dst, &fl, NULL, 0) >= 0) {
327 ip6_xmit(dccp_v6_ctl_sk, skb, &fl, NULL, 0);
328 DCCP_INC_STATS_BH(DCCP_MIB_OUTSEGS);
329 DCCP_INC_STATS_BH(DCCP_MIB_OUTRSTS);
330 return;
331 }
332 }
333
334 kfree_skb(skb);
335 }
336
337 static struct request_sock_ops dccp6_request_sock_ops = {
338 .family = AF_INET6,
339 .obj_size = sizeof(struct dccp6_request_sock),
340 .rtx_syn_ack = dccp_v6_send_response,
341 .send_ack = dccp_reqsk_send_ack,
342 .destructor = dccp_v6_reqsk_destructor,
343 .send_reset = dccp_v6_ctl_send_reset,
344 };
345
346 static struct sock *dccp_v6_hnd_req(struct sock *sk,struct sk_buff *skb)
347 {
348 const struct dccp_hdr *dh = dccp_hdr(skb);
349 const struct ipv6hdr *iph = ipv6_hdr(skb);
350 struct sock *nsk;
351 struct request_sock **prev;
352 /* Find possible connection requests. */
353 struct request_sock *req = inet6_csk_search_req(sk, &prev,
354 dh->dccph_sport,
355 &iph->saddr,
356 &iph->daddr,
357 inet6_iif(skb));
358 if (req != NULL)
359 return dccp_check_req(sk, skb, req, prev);
360
361 nsk = __inet6_lookup_established(&init_net, &dccp_hashinfo,
362 &iph->saddr, dh->dccph_sport,
363 &iph->daddr, ntohs(dh->dccph_dport),
364 inet6_iif(skb));
365 if (nsk != NULL) {
366 if (nsk->sk_state != DCCP_TIME_WAIT) {
367 bh_lock_sock(nsk);
368 return nsk;
369 }
370 inet_twsk_put(inet_twsk(nsk));
371 return NULL;
372 }
373
374 return sk;
375 }
376
377 static int dccp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
378 {
379 struct request_sock *req;
380 struct dccp_request_sock *dreq;
381 struct inet6_request_sock *ireq6;
382 struct ipv6_pinfo *np = inet6_sk(sk);
383 const __be32 service = dccp_hdr_request(skb)->dccph_req_service;
384 struct dccp_skb_cb *dcb = DCCP_SKB_CB(skb);
385
386 if (skb->protocol == htons(ETH_P_IP))
387 return dccp_v4_conn_request(sk, skb);
388
389 if (!ipv6_unicast_destination(skb))
390 return 0; /* discard, don't send a reset here */
391
392 if (dccp_bad_service_code(sk, service)) {
393 dcb->dccpd_reset_code = DCCP_RESET_CODE_BAD_SERVICE_CODE;
394 goto drop;
395 }
396 /*
397 * There are no SYN attacks on IPv6, yet...
398 */
399 dcb->dccpd_reset_code = DCCP_RESET_CODE_TOO_BUSY;
400 if (inet_csk_reqsk_queue_is_full(sk))
401 goto drop;
402
403 if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1)
404 goto drop;
405
406 req = inet6_reqsk_alloc(&dccp6_request_sock_ops);
407 if (req == NULL)
408 goto drop;
409
410 dccp_reqsk_init(req, skb);
411
412 dreq = dccp_rsk(req);
413 if (dccp_parse_options(sk, dreq, skb))
414 goto drop_and_free;
415
416 if (security_inet_conn_request(sk, skb, req))
417 goto drop_and_free;
418
419 ireq6 = inet6_rsk(req);
420 ipv6_addr_copy(&ireq6->rmt_addr, &ipv6_hdr(skb)->saddr);
421 ipv6_addr_copy(&ireq6->loc_addr, &ipv6_hdr(skb)->daddr);
422 ireq6->pktopts = NULL;
423
424 if (ipv6_opt_accepted(sk, skb) ||
425 np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo ||
426 np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) {
427 atomic_inc(&skb->users);
428 ireq6->pktopts = skb;
429 }
430 ireq6->iif = sk->sk_bound_dev_if;
431
432 /* So that link locals have meaning */
433 if (!sk->sk_bound_dev_if &&
434 ipv6_addr_type(&ireq6->rmt_addr) & IPV6_ADDR_LINKLOCAL)
435 ireq6->iif = inet6_iif(skb);
436
437 /*
438 * Step 3: Process LISTEN state
439 *
440 * Set S.ISR, S.GSR, S.SWL, S.SWH from packet or Init Cookie
441 *
442 * In fact we defer setting S.GSR, S.SWL, S.SWH to
443 * dccp_create_openreq_child.
444 */
445 dreq->dreq_isr = dcb->dccpd_seq;
446 dreq->dreq_iss = dccp_v6_init_sequence(skb);
447 dreq->dreq_service = service;
448
449 if (dccp_v6_send_response(sk, req))
450 goto drop_and_free;
451
452 inet6_csk_reqsk_queue_hash_add(sk, req, DCCP_TIMEOUT_INIT);
453 return 0;
454
455 drop_and_free:
456 reqsk_free(req);
457 drop:
458 DCCP_INC_STATS_BH(DCCP_MIB_ATTEMPTFAILS);
459 return -1;
460 }
461
462 static struct sock *dccp_v6_request_recv_sock(struct sock *sk,
463 struct sk_buff *skb,
464 struct request_sock *req,
465 struct dst_entry *dst)
466 {
467 struct inet6_request_sock *ireq6 = inet6_rsk(req);
468 struct ipv6_pinfo *newnp, *np = inet6_sk(sk);
469 struct inet_sock *newinet;
470 struct dccp_sock *newdp;
471 struct dccp6_sock *newdp6;
472 struct sock *newsk;
473 struct ipv6_txoptions *opt;
474
475 if (skb->protocol == htons(ETH_P_IP)) {
476 /*
477 * v6 mapped
478 */
479 newsk = dccp_v4_request_recv_sock(sk, skb, req, dst);
480 if (newsk == NULL)
481 return NULL;
482
483 newdp6 = (struct dccp6_sock *)newsk;
484 newdp = dccp_sk(newsk);
485 newinet = inet_sk(newsk);
486 newinet->pinet6 = &newdp6->inet6;
487 newnp = inet6_sk(newsk);
488
489 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
490
491 ipv6_addr_set(&newnp->daddr, 0, 0, htonl(0x0000FFFF),
492 newinet->daddr);
493
494 ipv6_addr_set(&newnp->saddr, 0, 0, htonl(0x0000FFFF),
495 newinet->saddr);
496
497 ipv6_addr_copy(&newnp->rcv_saddr, &newnp->saddr);
498
499 inet_csk(newsk)->icsk_af_ops = &dccp_ipv6_mapped;
500 newsk->sk_backlog_rcv = dccp_v4_do_rcv;
501 newnp->pktoptions = NULL;
502 newnp->opt = NULL;
503 newnp->mcast_oif = inet6_iif(skb);
504 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
505
506 /*
507 * No need to charge this sock to the relevant IPv6 refcnt debug socks count
508 * here, dccp_create_openreq_child now does this for us, see the comment in
509 * that function for the gory details. -acme
510 */
511
512 /* It is tricky place. Until this moment IPv4 tcp
513 worked with IPv6 icsk.icsk_af_ops.
514 Sync it now.
515 */
516 dccp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie);
517
518 return newsk;
519 }
520
521 opt = np->opt;
522
523 if (sk_acceptq_is_full(sk))
524 goto out_overflow;
525
526 if (dst == NULL) {
527 struct in6_addr *final_p = NULL, final;
528 struct flowi fl;
529
530 memset(&fl, 0, sizeof(fl));
531 fl.proto = IPPROTO_DCCP;
532 ipv6_addr_copy(&fl.fl6_dst, &ireq6->rmt_addr);
533 if (opt != NULL && opt->srcrt != NULL) {
534 const struct rt0_hdr *rt0 = (struct rt0_hdr *)opt->srcrt;
535
536 ipv6_addr_copy(&final, &fl.fl6_dst);
537 ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
538 final_p = &final;
539 }
540 ipv6_addr_copy(&fl.fl6_src, &ireq6->loc_addr);
541 fl.oif = sk->sk_bound_dev_if;
542 fl.fl_ip_dport = inet_rsk(req)->rmt_port;
543 fl.fl_ip_sport = inet_sk(sk)->sport;
544 security_sk_classify_flow(sk, &fl);
545
546 if (ip6_dst_lookup(sk, &dst, &fl))
547 goto out;
548
549 if (final_p)
550 ipv6_addr_copy(&fl.fl6_dst, final_p);
551
552 if ((xfrm_lookup(&dst, &fl, sk, 0)) < 0)
553 goto out;
554 }
555
556 newsk = dccp_create_openreq_child(sk, req, skb);
557 if (newsk == NULL)
558 goto out;
559
560 /*
561 * No need to charge this sock to the relevant IPv6 refcnt debug socks
562 * count here, dccp_create_openreq_child now does this for us, see the
563 * comment in that function for the gory details. -acme
564 */
565
566 __ip6_dst_store(newsk, dst, NULL, NULL);
567 newsk->sk_route_caps = dst->dev->features & ~(NETIF_F_IP_CSUM |
568 NETIF_F_TSO);
569 newdp6 = (struct dccp6_sock *)newsk;
570 newinet = inet_sk(newsk);
571 newinet->pinet6 = &newdp6->inet6;
572 newdp = dccp_sk(newsk);
573 newnp = inet6_sk(newsk);
574
575 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
576
577 ipv6_addr_copy(&newnp->daddr, &ireq6->rmt_addr);
578 ipv6_addr_copy(&newnp->saddr, &ireq6->loc_addr);
579 ipv6_addr_copy(&newnp->rcv_saddr, &ireq6->loc_addr);
580 newsk->sk_bound_dev_if = ireq6->iif;
581
582 /* Now IPv6 options...
583
584 First: no IPv4 options.
585 */
586 newinet->opt = NULL;
587
588 /* Clone RX bits */
589 newnp->rxopt.all = np->rxopt.all;
590
591 /* Clone pktoptions received with SYN */
592 newnp->pktoptions = NULL;
593 if (ireq6->pktopts != NULL) {
594 newnp->pktoptions = skb_clone(ireq6->pktopts, GFP_ATOMIC);
595 kfree_skb(ireq6->pktopts);
596 ireq6->pktopts = NULL;
597 if (newnp->pktoptions)
598 skb_set_owner_r(newnp->pktoptions, newsk);
599 }
600 newnp->opt = NULL;
601 newnp->mcast_oif = inet6_iif(skb);
602 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
603
604 /*
605 * Clone native IPv6 options from listening socket (if any)
606 *
607 * Yes, keeping reference count would be much more clever, but we make
608 * one more one thing there: reattach optmem to newsk.
609 */
610 if (opt != NULL) {
611 newnp->opt = ipv6_dup_options(newsk, opt);
612 if (opt != np->opt)
613 sock_kfree_s(sk, opt, opt->tot_len);
614 }
615
616 inet_csk(newsk)->icsk_ext_hdr_len = 0;
617 if (newnp->opt != NULL)
618 inet_csk(newsk)->icsk_ext_hdr_len = (newnp->opt->opt_nflen +
619 newnp->opt->opt_flen);
620
621 dccp_sync_mss(newsk, dst_mtu(dst));
622
623 newinet->daddr = newinet->saddr = newinet->rcv_saddr = LOOPBACK4_IPV6;
624
625 __inet6_hash(newsk);
626 inet_inherit_port(sk, newsk);
627
628 return newsk;
629
630 out_overflow:
631 NET_INC_STATS_BH(LINUX_MIB_LISTENOVERFLOWS);
632 out:
633 NET_INC_STATS_BH(LINUX_MIB_LISTENDROPS);
634 if (opt != NULL && opt != np->opt)
635 sock_kfree_s(sk, opt, opt->tot_len);
636 dst_release(dst);
637 return NULL;
638 }
639
640 /* The socket must have it's spinlock held when we get
641 * here.
642 *
643 * We have a potential double-lock case here, so even when
644 * doing backlog processing we use the BH locking scheme.
645 * This is because we cannot sleep with the original spinlock
646 * held.
647 */
648 static int dccp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
649 {
650 struct ipv6_pinfo *np = inet6_sk(sk);
651 struct sk_buff *opt_skb = NULL;
652
653 /* Imagine: socket is IPv6. IPv4 packet arrives,
654 goes to IPv4 receive handler and backlogged.
655 From backlog it always goes here. Kerboom...
656 Fortunately, dccp_rcv_established and rcv_established
657 handle them correctly, but it is not case with
658 dccp_v6_hnd_req and dccp_v6_ctl_send_reset(). --ANK
659 */
660
661 if (skb->protocol == htons(ETH_P_IP))
662 return dccp_v4_do_rcv(sk, skb);
663
664 if (sk_filter(sk, skb))
665 goto discard;
666
667 /*
668 * socket locking is here for SMP purposes as backlog rcv is currently
669 * called with bh processing disabled.
670 */
671
672 /* Do Stevens' IPV6_PKTOPTIONS.
673
674 Yes, guys, it is the only place in our code, where we
675 may make it not affecting IPv4.
676 The rest of code is protocol independent,
677 and I do not like idea to uglify IPv4.
678
679 Actually, all the idea behind IPV6_PKTOPTIONS
680 looks not very well thought. For now we latch
681 options, received in the last packet, enqueued
682 by tcp. Feel free to propose better solution.
683 --ANK (980728)
684 */
685 if (np->rxopt.all)
686 /*
687 * FIXME: Add handling of IPV6_PKTOPTIONS skb. See the comments below
688 * (wrt ipv6_pktopions) and net/ipv6/tcp_ipv6.c for an example.
689 */
690 opt_skb = skb_clone(skb, GFP_ATOMIC);
691
692 if (sk->sk_state == DCCP_OPEN) { /* Fast path */
693 if (dccp_rcv_established(sk, skb, dccp_hdr(skb), skb->len))
694 goto reset;
695 if (opt_skb) {
696 /* XXX This is where we would goto ipv6_pktoptions. */
697 __kfree_skb(opt_skb);
698 }
699 return 0;
700 }
701
702 /*
703 * Step 3: Process LISTEN state
704 * If S.state == LISTEN,
705 * If P.type == Request or P contains a valid Init Cookie option,
706 * (* Must scan the packet's options to check for Init
707 * Cookies. Only Init Cookies are processed here,
708 * however; other options are processed in Step 8. This
709 * scan need only be performed if the endpoint uses Init
710 * Cookies *)
711 * (* Generate a new socket and switch to that socket *)
712 * Set S := new socket for this port pair
713 * S.state = RESPOND
714 * Choose S.ISS (initial seqno) or set from Init Cookies
715 * Initialize S.GAR := S.ISS
716 * Set S.ISR, S.GSR, S.SWL, S.SWH from packet or Init Cookies
717 * Continue with S.state == RESPOND
718 * (* A Response packet will be generated in Step 11 *)
719 * Otherwise,
720 * Generate Reset(No Connection) unless P.type == Reset
721 * Drop packet and return
722 *
723 * NOTE: the check for the packet types is done in
724 * dccp_rcv_state_process
725 */
726 if (sk->sk_state == DCCP_LISTEN) {
727 struct sock *nsk = dccp_v6_hnd_req(sk, skb);
728
729 if (nsk == NULL)
730 goto discard;
731 /*
732 * Queue it on the new socket if the new socket is active,
733 * otherwise we just shortcircuit this and continue with
734 * the new socket..
735 */
736 if (nsk != sk) {
737 if (dccp_child_process(sk, nsk, skb))
738 goto reset;
739 if (opt_skb != NULL)
740 __kfree_skb(opt_skb);
741 return 0;
742 }
743 }
744
745 if (dccp_rcv_state_process(sk, skb, dccp_hdr(skb), skb->len))
746 goto reset;
747 if (opt_skb) {
748 /* XXX This is where we would goto ipv6_pktoptions. */
749 __kfree_skb(opt_skb);
750 }
751 return 0;
752
753 reset:
754 dccp_v6_ctl_send_reset(sk, skb);
755 discard:
756 if (opt_skb != NULL)
757 __kfree_skb(opt_skb);
758 kfree_skb(skb);
759 return 0;
760 }
761
762 static int dccp_v6_rcv(struct sk_buff *skb)
763 {
764 const struct dccp_hdr *dh;
765 struct sock *sk;
766 int min_cov;
767
768 /* Step 1: Check header basics */
769
770 if (dccp_invalid_packet(skb))
771 goto discard_it;
772
773 /* Step 1: If header checksum is incorrect, drop packet and return. */
774 if (dccp_v6_csum_finish(skb, &ipv6_hdr(skb)->saddr,
775 &ipv6_hdr(skb)->daddr)) {
776 DCCP_WARN("dropped packet with invalid checksum\n");
777 goto discard_it;
778 }
779
780 dh = dccp_hdr(skb);
781
782 DCCP_SKB_CB(skb)->dccpd_seq = dccp_hdr_seq(dh);
783 DCCP_SKB_CB(skb)->dccpd_type = dh->dccph_type;
784
785 if (dccp_packet_without_ack(skb))
786 DCCP_SKB_CB(skb)->dccpd_ack_seq = DCCP_PKT_WITHOUT_ACK_SEQ;
787 else
788 DCCP_SKB_CB(skb)->dccpd_ack_seq = dccp_hdr_ack_seq(skb);
789
790 /* Step 2:
791 * Look up flow ID in table and get corresponding socket */
792 sk = __inet6_lookup(&init_net, &dccp_hashinfo, &ipv6_hdr(skb)->saddr,
793 dh->dccph_sport,
794 &ipv6_hdr(skb)->daddr, ntohs(dh->dccph_dport),
795 inet6_iif(skb));
796 /*
797 * Step 2:
798 * If no socket ...
799 */
800 if (sk == NULL) {
801 dccp_pr_debug("failed to look up flow ID in table and "
802 "get corresponding socket\n");
803 goto no_dccp_socket;
804 }
805
806 /*
807 * Step 2:
808 * ... or S.state == TIMEWAIT,
809 * Generate Reset(No Connection) unless P.type == Reset
810 * Drop packet and return
811 */
812 if (sk->sk_state == DCCP_TIME_WAIT) {
813 dccp_pr_debug("sk->sk_state == DCCP_TIME_WAIT: do_time_wait\n");
814 inet_twsk_put(inet_twsk(sk));
815 goto no_dccp_socket;
816 }
817
818 /*
819 * RFC 4340, sec. 9.2.1: Minimum Checksum Coverage
820 * o if MinCsCov = 0, only packets with CsCov = 0 are accepted
821 * o if MinCsCov > 0, also accept packets with CsCov >= MinCsCov
822 */
823 min_cov = dccp_sk(sk)->dccps_pcrlen;
824 if (dh->dccph_cscov && (min_cov == 0 || dh->dccph_cscov < min_cov)) {
825 dccp_pr_debug("Packet CsCov %d does not satisfy MinCsCov %d\n",
826 dh->dccph_cscov, min_cov);
827 /* FIXME: send Data Dropped option (see also dccp_v4_rcv) */
828 goto discard_and_relse;
829 }
830
831 if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb))
832 goto discard_and_relse;
833
834 return sk_receive_skb(sk, skb, 1) ? -1 : 0;
835
836 no_dccp_socket:
837 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb))
838 goto discard_it;
839 /*
840 * Step 2:
841 * If no socket ...
842 * Generate Reset(No Connection) unless P.type == Reset
843 * Drop packet and return
844 */
845 if (dh->dccph_type != DCCP_PKT_RESET) {
846 DCCP_SKB_CB(skb)->dccpd_reset_code =
847 DCCP_RESET_CODE_NO_CONNECTION;
848 dccp_v6_ctl_send_reset(sk, skb);
849 }
850
851 discard_it:
852 kfree_skb(skb);
853 return 0;
854
855 discard_and_relse:
856 sock_put(sk);
857 goto discard_it;
858 }
859
860 static int dccp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
861 int addr_len)
862 {
863 struct sockaddr_in6 *usin = (struct sockaddr_in6 *)uaddr;
864 struct inet_connection_sock *icsk = inet_csk(sk);
865 struct inet_sock *inet = inet_sk(sk);
866 struct ipv6_pinfo *np = inet6_sk(sk);
867 struct dccp_sock *dp = dccp_sk(sk);
868 struct in6_addr *saddr = NULL, *final_p = NULL, final;
869 struct flowi fl;
870 struct dst_entry *dst;
871 int addr_type;
872 int err;
873
874 dp->dccps_role = DCCP_ROLE_CLIENT;
875
876 if (addr_len < SIN6_LEN_RFC2133)
877 return -EINVAL;
878
879 if (usin->sin6_family != AF_INET6)
880 return -EAFNOSUPPORT;
881
882 memset(&fl, 0, sizeof(fl));
883
884 if (np->sndflow) {
885 fl.fl6_flowlabel = usin->sin6_flowinfo & IPV6_FLOWINFO_MASK;
886 IP6_ECN_flow_init(fl.fl6_flowlabel);
887 if (fl.fl6_flowlabel & IPV6_FLOWLABEL_MASK) {
888 struct ip6_flowlabel *flowlabel;
889 flowlabel = fl6_sock_lookup(sk, fl.fl6_flowlabel);
890 if (flowlabel == NULL)
891 return -EINVAL;
892 ipv6_addr_copy(&usin->sin6_addr, &flowlabel->dst);
893 fl6_sock_release(flowlabel);
894 }
895 }
896 /*
897 * connect() to INADDR_ANY means loopback (BSD'ism).
898 */
899 if (ipv6_addr_any(&usin->sin6_addr))
900 usin->sin6_addr.s6_addr[15] = 1;
901
902 addr_type = ipv6_addr_type(&usin->sin6_addr);
903
904 if (addr_type & IPV6_ADDR_MULTICAST)
905 return -ENETUNREACH;
906
907 if (addr_type & IPV6_ADDR_LINKLOCAL) {
908 if (addr_len >= sizeof(struct sockaddr_in6) &&
909 usin->sin6_scope_id) {
910 /* If interface is set while binding, indices
911 * must coincide.
912 */
913 if (sk->sk_bound_dev_if &&
914 sk->sk_bound_dev_if != usin->sin6_scope_id)
915 return -EINVAL;
916
917 sk->sk_bound_dev_if = usin->sin6_scope_id;
918 }
919
920 /* Connect to link-local address requires an interface */
921 if (!sk->sk_bound_dev_if)
922 return -EINVAL;
923 }
924
925 ipv6_addr_copy(&np->daddr, &usin->sin6_addr);
926 np->flow_label = fl.fl6_flowlabel;
927
928 /*
929 * DCCP over IPv4
930 */
931 if (addr_type == IPV6_ADDR_MAPPED) {
932 u32 exthdrlen = icsk->icsk_ext_hdr_len;
933 struct sockaddr_in sin;
934
935 SOCK_DEBUG(sk, "connect: ipv4 mapped\n");
936
937 if (__ipv6_only_sock(sk))
938 return -ENETUNREACH;
939
940 sin.sin_family = AF_INET;
941 sin.sin_port = usin->sin6_port;
942 sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3];
943
944 icsk->icsk_af_ops = &dccp_ipv6_mapped;
945 sk->sk_backlog_rcv = dccp_v4_do_rcv;
946
947 err = dccp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin));
948 if (err) {
949 icsk->icsk_ext_hdr_len = exthdrlen;
950 icsk->icsk_af_ops = &dccp_ipv6_af_ops;
951 sk->sk_backlog_rcv = dccp_v6_do_rcv;
952 goto failure;
953 } else {
954 ipv6_addr_set(&np->saddr, 0, 0, htonl(0x0000FFFF),
955 inet->saddr);
956 ipv6_addr_set(&np->rcv_saddr, 0, 0, htonl(0x0000FFFF),
957 inet->rcv_saddr);
958 }
959
960 return err;
961 }
962
963 if (!ipv6_addr_any(&np->rcv_saddr))
964 saddr = &np->rcv_saddr;
965
966 fl.proto = IPPROTO_DCCP;
967 ipv6_addr_copy(&fl.fl6_dst, &np->daddr);
968 ipv6_addr_copy(&fl.fl6_src, saddr ? saddr : &np->saddr);
969 fl.oif = sk->sk_bound_dev_if;
970 fl.fl_ip_dport = usin->sin6_port;
971 fl.fl_ip_sport = inet->sport;
972 security_sk_classify_flow(sk, &fl);
973
974 if (np->opt != NULL && np->opt->srcrt != NULL) {
975 const struct rt0_hdr *rt0 = (struct rt0_hdr *)np->opt->srcrt;
976
977 ipv6_addr_copy(&final, &fl.fl6_dst);
978 ipv6_addr_copy(&fl.fl6_dst, rt0->addr);
979 final_p = &final;
980 }
981
982 err = ip6_dst_lookup(sk, &dst, &fl);
983 if (err)
984 goto failure;
985
986 if (final_p)
987 ipv6_addr_copy(&fl.fl6_dst, final_p);
988
989 err = __xfrm_lookup(&dst, &fl, sk, XFRM_LOOKUP_WAIT);
990 if (err < 0) {
991 if (err == -EREMOTE)
992 err = ip6_dst_blackhole(sk, &dst, &fl);
993 if (err < 0)
994 goto failure;
995 }
996
997 if (saddr == NULL) {
998 saddr = &fl.fl6_src;
999 ipv6_addr_copy(&np->rcv_saddr, saddr);
1000 }
1001
1002 /* set the source address */
1003 ipv6_addr_copy(&np->saddr, saddr);
1004 inet->rcv_saddr = LOOPBACK4_IPV6;
1005
1006 __ip6_dst_store(sk, dst, NULL, NULL);
1007
1008 icsk->icsk_ext_hdr_len = 0;
1009 if (np->opt != NULL)
1010 icsk->icsk_ext_hdr_len = (np->opt->opt_flen +
1011 np->opt->opt_nflen);
1012
1013 inet->dport = usin->sin6_port;
1014
1015 dccp_set_state(sk, DCCP_REQUESTING);
1016 err = inet6_hash_connect(&dccp_death_row, sk);
1017 if (err)
1018 goto late_failure;
1019
1020 dp->dccps_iss = secure_dccpv6_sequence_number(np->saddr.s6_addr32,
1021 np->daddr.s6_addr32,
1022 inet->sport, inet->dport);
1023 err = dccp_connect(sk);
1024 if (err)
1025 goto late_failure;
1026
1027 return 0;
1028
1029 late_failure:
1030 dccp_set_state(sk, DCCP_CLOSED);
1031 __sk_dst_reset(sk);
1032 failure:
1033 inet->dport = 0;
1034 sk->sk_route_caps = 0;
1035 return err;
1036 }
1037
1038 static struct inet_connection_sock_af_ops dccp_ipv6_af_ops = {
1039 .queue_xmit = inet6_csk_xmit,
1040 .send_check = dccp_v6_send_check,
1041 .rebuild_header = inet6_sk_rebuild_header,
1042 .conn_request = dccp_v6_conn_request,
1043 .syn_recv_sock = dccp_v6_request_recv_sock,
1044 .net_header_len = sizeof(struct ipv6hdr),
1045 .setsockopt = ipv6_setsockopt,
1046 .getsockopt = ipv6_getsockopt,
1047 .addr2sockaddr = inet6_csk_addr2sockaddr,
1048 .sockaddr_len = sizeof(struct sockaddr_in6),
1049 .bind_conflict = inet6_csk_bind_conflict,
1050 #ifdef CONFIG_COMPAT
1051 .compat_setsockopt = compat_ipv6_setsockopt,
1052 .compat_getsockopt = compat_ipv6_getsockopt,
1053 #endif
1054 };
1055
1056 /*
1057 * DCCP over IPv4 via INET6 API
1058 */
1059 static struct inet_connection_sock_af_ops dccp_ipv6_mapped = {
1060 .queue_xmit = ip_queue_xmit,
1061 .send_check = dccp_v4_send_check,
1062 .rebuild_header = inet_sk_rebuild_header,
1063 .conn_request = dccp_v6_conn_request,
1064 .syn_recv_sock = dccp_v6_request_recv_sock,
1065 .net_header_len = sizeof(struct iphdr),
1066 .setsockopt = ipv6_setsockopt,
1067 .getsockopt = ipv6_getsockopt,
1068 .addr2sockaddr = inet6_csk_addr2sockaddr,
1069 .sockaddr_len = sizeof(struct sockaddr_in6),
1070 #ifdef CONFIG_COMPAT
1071 .compat_setsockopt = compat_ipv6_setsockopt,
1072 .compat_getsockopt = compat_ipv6_getsockopt,
1073 #endif
1074 };
1075
1076 /* NOTE: A lot of things set to zero explicitly by call to
1077 * sk_alloc() so need not be done here.
1078 */
1079 static int dccp_v6_init_sock(struct sock *sk)
1080 {
1081 static __u8 dccp_v6_ctl_sock_initialized;
1082 int err = dccp_init_sock(sk, dccp_v6_ctl_sock_initialized);
1083
1084 if (err == 0) {
1085 if (unlikely(!dccp_v6_ctl_sock_initialized))
1086 dccp_v6_ctl_sock_initialized = 1;
1087 inet_csk(sk)->icsk_af_ops = &dccp_ipv6_af_ops;
1088 }
1089
1090 return err;
1091 }
1092
1093 static int dccp_v6_destroy_sock(struct sock *sk)
1094 {
1095 dccp_destroy_sock(sk);
1096 return inet6_destroy_sock(sk);
1097 }
1098
1099 static struct timewait_sock_ops dccp6_timewait_sock_ops = {
1100 .twsk_obj_size = sizeof(struct dccp6_timewait_sock),
1101 };
1102
1103 static struct proto dccp_v6_prot = {
1104 .name = "DCCPv6",
1105 .owner = THIS_MODULE,
1106 .close = dccp_close,
1107 .connect = dccp_v6_connect,
1108 .disconnect = dccp_disconnect,
1109 .ioctl = dccp_ioctl,
1110 .init = dccp_v6_init_sock,
1111 .setsockopt = dccp_setsockopt,
1112 .getsockopt = dccp_getsockopt,
1113 .sendmsg = dccp_sendmsg,
1114 .recvmsg = dccp_recvmsg,
1115 .backlog_rcv = dccp_v6_do_rcv,
1116 .hash = dccp_v6_hash,
1117 .unhash = inet_unhash,
1118 .accept = inet_csk_accept,
1119 .get_port = inet_csk_get_port,
1120 .shutdown = dccp_shutdown,
1121 .destroy = dccp_v6_destroy_sock,
1122 .orphan_count = &dccp_orphan_count,
1123 .max_header = MAX_DCCP_HEADER,
1124 .obj_size = sizeof(struct dccp6_sock),
1125 .rsk_prot = &dccp6_request_sock_ops,
1126 .twsk_prot = &dccp6_timewait_sock_ops,
1127 .h.hashinfo = &dccp_hashinfo,
1128 #ifdef CONFIG_COMPAT
1129 .compat_setsockopt = compat_dccp_setsockopt,
1130 .compat_getsockopt = compat_dccp_getsockopt,
1131 #endif
1132 };
1133
1134 static struct inet6_protocol dccp_v6_protocol = {
1135 .handler = dccp_v6_rcv,
1136 .err_handler = dccp_v6_err,
1137 .flags = INET6_PROTO_NOPOLICY | INET6_PROTO_FINAL,
1138 };
1139
1140 static struct proto_ops inet6_dccp_ops = {
1141 .family = PF_INET6,
1142 .owner = THIS_MODULE,
1143 .release = inet6_release,
1144 .bind = inet6_bind,
1145 .connect = inet_stream_connect,
1146 .socketpair = sock_no_socketpair,
1147 .accept = inet_accept,
1148 .getname = inet6_getname,
1149 .poll = dccp_poll,
1150 .ioctl = inet6_ioctl,
1151 .listen = inet_dccp_listen,
1152 .shutdown = inet_shutdown,
1153 .setsockopt = sock_common_setsockopt,
1154 .getsockopt = sock_common_getsockopt,
1155 .sendmsg = inet_sendmsg,
1156 .recvmsg = sock_common_recvmsg,
1157 .mmap = sock_no_mmap,
1158 .sendpage = sock_no_sendpage,
1159 #ifdef CONFIG_COMPAT
1160 .compat_setsockopt = compat_sock_common_setsockopt,
1161 .compat_getsockopt = compat_sock_common_getsockopt,
1162 #endif
1163 };
1164
1165 static struct inet_protosw dccp_v6_protosw = {
1166 .type = SOCK_DCCP,
1167 .protocol = IPPROTO_DCCP,
1168 .prot = &dccp_v6_prot,
1169 .ops = &inet6_dccp_ops,
1170 .capability = -1,
1171 .flags = INET_PROTOSW_ICSK,
1172 };
1173
1174 static int __init dccp_v6_init(void)
1175 {
1176 struct socket *socket;
1177 int err = proto_register(&dccp_v6_prot, 1);
1178
1179 if (err != 0)
1180 goto out;
1181
1182 err = inet6_add_protocol(&dccp_v6_protocol, IPPROTO_DCCP);
1183 if (err != 0)
1184 goto out_unregister_proto;
1185
1186 inet6_register_protosw(&dccp_v6_protosw);
1187
1188 err = inet_csk_ctl_sock_create(&socket, PF_INET6,
1189 SOCK_DCCP, IPPROTO_DCCP);
1190 if (err != 0)
1191 goto out_unregister_protosw;
1192 dccp_v6_ctl_sk = socket->sk;
1193 out:
1194 return err;
1195 out_unregister_protosw:
1196 inet6_del_protocol(&dccp_v6_protocol, IPPROTO_DCCP);
1197 inet6_unregister_protosw(&dccp_v6_protosw);
1198 out_unregister_proto:
1199 proto_unregister(&dccp_v6_prot);
1200 goto out;
1201 }
1202
1203 static void __exit dccp_v6_exit(void)
1204 {
1205 sock_release(dccp_v6_ctl_sk->sk_socket);
1206 inet6_del_protocol(&dccp_v6_protocol, IPPROTO_DCCP);
1207 inet6_unregister_protosw(&dccp_v6_protosw);
1208 proto_unregister(&dccp_v6_prot);
1209 }
1210
1211 module_init(dccp_v6_init);
1212 module_exit(dccp_v6_exit);
1213
1214 /*
1215 * __stringify doesn't likes enums, so use SOCK_DCCP (6) and IPPROTO_DCCP (33)
1216 * values directly, Also cover the case where the protocol is not specified,
1217 * i.e. net-pf-PF_INET6-proto-0-type-SOCK_DCCP
1218 */
1219 MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_INET6, 33, 6);
1220 MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_INET6, 0, 6);
1221 MODULE_LICENSE("GPL");
1222 MODULE_AUTHOR("Arnaldo Carvalho de Melo <acme@mandriva.com>");
1223 MODULE_DESCRIPTION("DCCPv6 - Datagram Congestion Controlled Protocol");
Linux kernel - Deliverables
This page took 0.130869 seconds and 5 git commands to generate.