1 | // SPDX-License-Identifier: GPL-2.0-or-later |
2 | /* |
3 | * net/dccp/input.c |
4 | * |
5 | * An implementation of the DCCP protocol |
6 | * Arnaldo Carvalho de Melo <acme@conectiva.com.br> |
7 | */ |
8 | |
9 | #include <linux/dccp.h> |
10 | #include <linux/skbuff.h> |
11 | #include <linux/slab.h> |
12 | |
13 | #include <net/sock.h> |
14 | |
15 | #include "ackvec.h" |
16 | #include "ccid.h" |
17 | #include "dccp.h" |
18 | |
19 | /* rate-limit for syncs in reply to sequence-invalid packets; RFC 4340, 7.5.4 */ |
20 | int sysctl_dccp_sync_ratelimit __read_mostly = HZ / 8; |
21 | |
22 | static void dccp_enqueue_skb(struct sock *sk, struct sk_buff *skb) |
23 | { |
24 | __skb_pull(skb, len: dccp_hdr(skb)->dccph_doff * 4); |
25 | __skb_queue_tail(list: &sk->sk_receive_queue, newsk: skb); |
26 | skb_set_owner_r(skb, sk); |
27 | sk->sk_data_ready(sk); |
28 | } |
29 | |
30 | static void dccp_fin(struct sock *sk, struct sk_buff *skb) |
31 | { |
32 | /* |
33 | * On receiving Close/CloseReq, both RD/WR shutdown are performed. |
34 | * RFC 4340, 8.3 says that we MAY send further Data/DataAcks after |
35 | * receiving the closing segment, but there is no guarantee that such |
36 | * data will be processed at all. |
37 | */ |
38 | sk->sk_shutdown = SHUTDOWN_MASK; |
39 | sock_set_flag(sk, flag: SOCK_DONE); |
40 | dccp_enqueue_skb(sk, skb); |
41 | } |
42 | |
43 | static int dccp_rcv_close(struct sock *sk, struct sk_buff *skb) |
44 | { |
45 | int queued = 0; |
46 | |
47 | switch (sk->sk_state) { |
48 | /* |
49 | * We ignore Close when received in one of the following states: |
50 | * - CLOSED (may be a late or duplicate packet) |
51 | * - PASSIVE_CLOSEREQ (the peer has sent a CloseReq earlier) |
52 | * - RESPOND (already handled by dccp_check_req) |
53 | */ |
54 | case DCCP_CLOSING: |
55 | /* |
56 | * Simultaneous-close: receiving a Close after sending one. This |
57 | * can happen if both client and server perform active-close and |
58 | * will result in an endless ping-pong of crossing and retrans- |
59 | * mitted Close packets, which only terminates when one of the |
60 | * nodes times out (min. 64 seconds). Quicker convergence can be |
61 | * achieved when one of the nodes acts as tie-breaker. |
62 | * This is ok as both ends are done with data transfer and each |
63 | * end is just waiting for the other to acknowledge termination. |
64 | */ |
65 | if (dccp_sk(sk)->dccps_role != DCCP_ROLE_CLIENT) |
66 | break; |
67 | fallthrough; |
68 | case DCCP_REQUESTING: |
69 | case DCCP_ACTIVE_CLOSEREQ: |
70 | dccp_send_reset(sk, code: DCCP_RESET_CODE_CLOSED); |
71 | dccp_done(sk); |
72 | break; |
73 | case DCCP_OPEN: |
74 | case DCCP_PARTOPEN: |
75 | /* Give waiting application a chance to read pending data */ |
76 | queued = 1; |
77 | dccp_fin(sk, skb); |
78 | dccp_set_state(sk, state: DCCP_PASSIVE_CLOSE); |
79 | fallthrough; |
80 | case DCCP_PASSIVE_CLOSE: |
81 | /* |
82 | * Retransmitted Close: we have already enqueued the first one. |
83 | */ |
84 | sk_wake_async(sk, how: SOCK_WAKE_WAITD, POLL_HUP); |
85 | } |
86 | return queued; |
87 | } |
88 | |
89 | static int dccp_rcv_closereq(struct sock *sk, struct sk_buff *skb) |
90 | { |
91 | int queued = 0; |
92 | |
93 | /* |
94 | * Step 7: Check for unexpected packet types |
95 | * If (S.is_server and P.type == CloseReq) |
96 | * Send Sync packet acknowledging P.seqno |
97 | * Drop packet and return |
98 | */ |
99 | if (dccp_sk(sk)->dccps_role != DCCP_ROLE_CLIENT) { |
100 | dccp_send_sync(sk, DCCP_SKB_CB(skb)->dccpd_seq, pkt_type: DCCP_PKT_SYNC); |
101 | return queued; |
102 | } |
103 | |
104 | /* Step 13: process relevant Client states < CLOSEREQ */ |
105 | switch (sk->sk_state) { |
106 | case DCCP_REQUESTING: |
107 | dccp_send_close(sk, active: 0); |
108 | dccp_set_state(sk, state: DCCP_CLOSING); |
109 | break; |
110 | case DCCP_OPEN: |
111 | case DCCP_PARTOPEN: |
112 | /* Give waiting application a chance to read pending data */ |
113 | queued = 1; |
114 | dccp_fin(sk, skb); |
115 | dccp_set_state(sk, state: DCCP_PASSIVE_CLOSEREQ); |
116 | fallthrough; |
117 | case DCCP_PASSIVE_CLOSEREQ: |
118 | sk_wake_async(sk, how: SOCK_WAKE_WAITD, POLL_HUP); |
119 | } |
120 | return queued; |
121 | } |
122 | |
123 | static u16 dccp_reset_code_convert(const u8 code) |
124 | { |
125 | static const u16 error_code[] = { |
126 | [DCCP_RESET_CODE_CLOSED] = 0, /* normal termination */ |
127 | [DCCP_RESET_CODE_UNSPECIFIED] = 0, /* nothing known */ |
128 | [DCCP_RESET_CODE_ABORTED] = ECONNRESET, |
129 | |
130 | [DCCP_RESET_CODE_NO_CONNECTION] = ECONNREFUSED, |
131 | [DCCP_RESET_CODE_CONNECTION_REFUSED] = ECONNREFUSED, |
132 | [DCCP_RESET_CODE_TOO_BUSY] = EUSERS, |
133 | [DCCP_RESET_CODE_AGGRESSION_PENALTY] = EDQUOT, |
134 | |
135 | [DCCP_RESET_CODE_PACKET_ERROR] = ENOMSG, |
136 | [DCCP_RESET_CODE_BAD_INIT_COOKIE] = EBADR, |
137 | [DCCP_RESET_CODE_BAD_SERVICE_CODE] = EBADRQC, |
138 | [DCCP_RESET_CODE_OPTION_ERROR] = EILSEQ, |
139 | [DCCP_RESET_CODE_MANDATORY_ERROR] = EOPNOTSUPP, |
140 | }; |
141 | |
142 | return code >= DCCP_MAX_RESET_CODES ? 0 : error_code[code]; |
143 | } |
144 | |
145 | static void dccp_rcv_reset(struct sock *sk, struct sk_buff *skb) |
146 | { |
147 | u16 err = dccp_reset_code_convert(code: dccp_hdr_reset(skb)->dccph_reset_code); |
148 | |
149 | sk->sk_err = err; |
150 | |
151 | /* Queue the equivalent of TCP fin so that dccp_recvmsg exits the loop */ |
152 | dccp_fin(sk, skb); |
153 | |
154 | if (err && !sock_flag(sk, flag: SOCK_DEAD)) |
155 | sk_wake_async(sk, how: SOCK_WAKE_IO, POLL_ERR); |
156 | dccp_time_wait(sk, state: DCCP_TIME_WAIT, timeo: 0); |
157 | } |
158 | |
159 | static void dccp_handle_ackvec_processing(struct sock *sk, struct sk_buff *skb) |
160 | { |
161 | struct dccp_ackvec *av = dccp_sk(sk)->dccps_hc_rx_ackvec; |
162 | |
163 | if (av == NULL) |
164 | return; |
165 | if (DCCP_SKB_CB(skb)->dccpd_ack_seq != DCCP_PKT_WITHOUT_ACK_SEQ) |
166 | dccp_ackvec_clear_state(av, DCCP_SKB_CB(skb)->dccpd_ack_seq); |
167 | dccp_ackvec_input(av, skb); |
168 | } |
169 | |
170 | static void dccp_deliver_input_to_ccids(struct sock *sk, struct sk_buff *skb) |
171 | { |
172 | const struct dccp_sock *dp = dccp_sk(sk); |
173 | |
174 | /* Don't deliver to RX CCID when node has shut down read end. */ |
175 | if (!(sk->sk_shutdown & RCV_SHUTDOWN)) |
176 | ccid_hc_rx_packet_recv(ccid: dp->dccps_hc_rx_ccid, sk, skb); |
177 | /* |
178 | * Until the TX queue has been drained, we can not honour SHUT_WR, since |
179 | * we need received feedback as input to adjust congestion control. |
180 | */ |
181 | if (sk->sk_write_queue.qlen > 0 || !(sk->sk_shutdown & SEND_SHUTDOWN)) |
182 | ccid_hc_tx_packet_recv(ccid: dp->dccps_hc_tx_ccid, sk, skb); |
183 | } |
184 | |
185 | static int dccp_check_seqno(struct sock *sk, struct sk_buff *skb) |
186 | { |
187 | const struct dccp_hdr *dh = dccp_hdr(skb); |
188 | struct dccp_sock *dp = dccp_sk(sk); |
189 | u64 lswl, lawl, seqno = DCCP_SKB_CB(skb)->dccpd_seq, |
190 | ackno = DCCP_SKB_CB(skb)->dccpd_ack_seq; |
191 | |
192 | /* |
193 | * Step 5: Prepare sequence numbers for Sync |
194 | * If P.type == Sync or P.type == SyncAck, |
195 | * If S.AWL <= P.ackno <= S.AWH and P.seqno >= S.SWL, |
196 | * / * P is valid, so update sequence number variables |
197 | * accordingly. After this update, P will pass the tests |
198 | * in Step 6. A SyncAck is generated if necessary in |
199 | * Step 15 * / |
200 | * Update S.GSR, S.SWL, S.SWH |
201 | * Otherwise, |
202 | * Drop packet and return |
203 | */ |
204 | if (dh->dccph_type == DCCP_PKT_SYNC || |
205 | dh->dccph_type == DCCP_PKT_SYNCACK) { |
206 | if (between48(seq1: ackno, seq2: dp->dccps_awl, seq3: dp->dccps_awh) && |
207 | dccp_delta_seqno(seqno1: dp->dccps_swl, seqno2: seqno) >= 0) |
208 | dccp_update_gsr(sk, seq: seqno); |
209 | else |
210 | return -1; |
211 | } |
212 | |
213 | /* |
214 | * Step 6: Check sequence numbers |
215 | * Let LSWL = S.SWL and LAWL = S.AWL |
216 | * If P.type == CloseReq or P.type == Close or P.type == Reset, |
217 | * LSWL := S.GSR + 1, LAWL := S.GAR |
218 | * If LSWL <= P.seqno <= S.SWH |
219 | * and (P.ackno does not exist or LAWL <= P.ackno <= S.AWH), |
220 | * Update S.GSR, S.SWL, S.SWH |
221 | * If P.type != Sync, |
222 | * Update S.GAR |
223 | */ |
224 | lswl = dp->dccps_swl; |
225 | lawl = dp->dccps_awl; |
226 | |
227 | if (dh->dccph_type == DCCP_PKT_CLOSEREQ || |
228 | dh->dccph_type == DCCP_PKT_CLOSE || |
229 | dh->dccph_type == DCCP_PKT_RESET) { |
230 | lswl = ADD48(dp->dccps_gsr, 1); |
231 | lawl = dp->dccps_gar; |
232 | } |
233 | |
234 | if (between48(seq1: seqno, seq2: lswl, seq3: dp->dccps_swh) && |
235 | (ackno == DCCP_PKT_WITHOUT_ACK_SEQ || |
236 | between48(seq1: ackno, seq2: lawl, seq3: dp->dccps_awh))) { |
237 | dccp_update_gsr(sk, seq: seqno); |
238 | |
239 | if (dh->dccph_type != DCCP_PKT_SYNC && |
240 | ackno != DCCP_PKT_WITHOUT_ACK_SEQ && |
241 | after48(ackno, dp->dccps_gar)) |
242 | dp->dccps_gar = ackno; |
243 | } else { |
244 | unsigned long now = jiffies; |
245 | /* |
246 | * Step 6: Check sequence numbers |
247 | * Otherwise, |
248 | * If P.type == Reset, |
249 | * Send Sync packet acknowledging S.GSR |
250 | * Otherwise, |
251 | * Send Sync packet acknowledging P.seqno |
252 | * Drop packet and return |
253 | * |
254 | * These Syncs are rate-limited as per RFC 4340, 7.5.4: |
255 | * at most 1 / (dccp_sync_rate_limit * HZ) Syncs per second. |
256 | */ |
257 | if (time_before(now, (dp->dccps_rate_last + |
258 | sysctl_dccp_sync_ratelimit))) |
259 | return -1; |
260 | |
261 | DCCP_WARN("Step 6 failed for %s packet, " |
262 | "(LSWL(%llu) <= P.seqno(%llu) <= S.SWH(%llu)) and " |
263 | "(P.ackno %s or LAWL(%llu) <= P.ackno(%llu) <= S.AWH(%llu), " |
264 | "sending SYNC...\n" , dccp_packet_name(dh->dccph_type), |
265 | (unsigned long long) lswl, (unsigned long long) seqno, |
266 | (unsigned long long) dp->dccps_swh, |
267 | (ackno == DCCP_PKT_WITHOUT_ACK_SEQ) ? "doesn't exist" |
268 | : "exists" , |
269 | (unsigned long long) lawl, (unsigned long long) ackno, |
270 | (unsigned long long) dp->dccps_awh); |
271 | |
272 | dp->dccps_rate_last = now; |
273 | |
274 | if (dh->dccph_type == DCCP_PKT_RESET) |
275 | seqno = dp->dccps_gsr; |
276 | dccp_send_sync(sk, seq: seqno, pkt_type: DCCP_PKT_SYNC); |
277 | return -1; |
278 | } |
279 | |
280 | return 0; |
281 | } |
282 | |
283 | static int __dccp_rcv_established(struct sock *sk, struct sk_buff *skb, |
284 | const struct dccp_hdr *dh, const unsigned int len) |
285 | { |
286 | struct dccp_sock *dp = dccp_sk(sk); |
287 | |
288 | switch (dccp_hdr(skb)->dccph_type) { |
289 | case DCCP_PKT_DATAACK: |
290 | case DCCP_PKT_DATA: |
291 | /* |
292 | * FIXME: schedule DATA_DROPPED (RFC 4340, 11.7.2) if and when |
293 | * - sk_shutdown == RCV_SHUTDOWN, use Code 1, "Not Listening" |
294 | * - sk_receive_queue is full, use Code 2, "Receive Buffer" |
295 | */ |
296 | dccp_enqueue_skb(sk, skb); |
297 | return 0; |
298 | case DCCP_PKT_ACK: |
299 | goto discard; |
300 | case DCCP_PKT_RESET: |
301 | /* |
302 | * Step 9: Process Reset |
303 | * If P.type == Reset, |
304 | * Tear down connection |
305 | * S.state := TIMEWAIT |
306 | * Set TIMEWAIT timer |
307 | * Drop packet and return |
308 | */ |
309 | dccp_rcv_reset(sk, skb); |
310 | return 0; |
311 | case DCCP_PKT_CLOSEREQ: |
312 | if (dccp_rcv_closereq(sk, skb)) |
313 | return 0; |
314 | goto discard; |
315 | case DCCP_PKT_CLOSE: |
316 | if (dccp_rcv_close(sk, skb)) |
317 | return 0; |
318 | goto discard; |
319 | case DCCP_PKT_REQUEST: |
320 | /* Step 7 |
321 | * or (S.is_server and P.type == Response) |
322 | * or (S.is_client and P.type == Request) |
323 | * or (S.state >= OPEN and P.type == Request |
324 | * and P.seqno >= S.OSR) |
325 | * or (S.state >= OPEN and P.type == Response |
326 | * and P.seqno >= S.OSR) |
327 | * or (S.state == RESPOND and P.type == Data), |
328 | * Send Sync packet acknowledging P.seqno |
329 | * Drop packet and return |
330 | */ |
331 | if (dp->dccps_role != DCCP_ROLE_LISTEN) |
332 | goto send_sync; |
333 | goto check_seq; |
334 | case DCCP_PKT_RESPONSE: |
335 | if (dp->dccps_role != DCCP_ROLE_CLIENT) |
336 | goto send_sync; |
337 | check_seq: |
338 | if (dccp_delta_seqno(seqno1: dp->dccps_osr, |
339 | DCCP_SKB_CB(skb)->dccpd_seq) >= 0) { |
340 | send_sync: |
341 | dccp_send_sync(sk, DCCP_SKB_CB(skb)->dccpd_seq, |
342 | pkt_type: DCCP_PKT_SYNC); |
343 | } |
344 | break; |
345 | case DCCP_PKT_SYNC: |
346 | dccp_send_sync(sk, DCCP_SKB_CB(skb)->dccpd_seq, |
347 | pkt_type: DCCP_PKT_SYNCACK); |
348 | /* |
349 | * From RFC 4340, sec. 5.7 |
350 | * |
351 | * As with DCCP-Ack packets, DCCP-Sync and DCCP-SyncAck packets |
352 | * MAY have non-zero-length application data areas, whose |
353 | * contents receivers MUST ignore. |
354 | */ |
355 | goto discard; |
356 | } |
357 | |
358 | DCCP_INC_STATS(DCCP_MIB_INERRS); |
359 | discard: |
360 | __kfree_skb(skb); |
361 | return 0; |
362 | } |
363 | |
364 | int dccp_rcv_established(struct sock *sk, struct sk_buff *skb, |
365 | const struct dccp_hdr *dh, const unsigned int len) |
366 | { |
367 | if (dccp_check_seqno(sk, skb)) |
368 | goto discard; |
369 | |
370 | if (dccp_parse_options(sk, NULL, skb)) |
371 | return 1; |
372 | |
373 | dccp_handle_ackvec_processing(sk, skb); |
374 | dccp_deliver_input_to_ccids(sk, skb); |
375 | |
376 | return __dccp_rcv_established(sk, skb, dh, len); |
377 | discard: |
378 | __kfree_skb(skb); |
379 | return 0; |
380 | } |
381 | |
382 | EXPORT_SYMBOL_GPL(dccp_rcv_established); |
383 | |
384 | static int dccp_rcv_request_sent_state_process(struct sock *sk, |
385 | struct sk_buff *skb, |
386 | const struct dccp_hdr *dh, |
387 | const unsigned int len) |
388 | { |
389 | /* |
390 | * Step 4: Prepare sequence numbers in REQUEST |
391 | * If S.state == REQUEST, |
392 | * If (P.type == Response or P.type == Reset) |
393 | * and S.AWL <= P.ackno <= S.AWH, |
394 | * / * Set sequence number variables corresponding to the |
395 | * other endpoint, so P will pass the tests in Step 6 * / |
396 | * Set S.GSR, S.ISR, S.SWL, S.SWH |
397 | * / * Response processing continues in Step 10; Reset |
398 | * processing continues in Step 9 * / |
399 | */ |
400 | if (dh->dccph_type == DCCP_PKT_RESPONSE) { |
401 | const struct inet_connection_sock *icsk = inet_csk(sk); |
402 | struct dccp_sock *dp = dccp_sk(sk); |
403 | long tstamp = dccp_timestamp(); |
404 | |
405 | if (!between48(DCCP_SKB_CB(skb)->dccpd_ack_seq, |
406 | seq2: dp->dccps_awl, seq3: dp->dccps_awh)) { |
407 | dccp_pr_debug("invalid ackno: S.AWL=%llu, " |
408 | "P.ackno=%llu, S.AWH=%llu\n" , |
409 | (unsigned long long)dp->dccps_awl, |
410 | (unsigned long long)DCCP_SKB_CB(skb)->dccpd_ack_seq, |
411 | (unsigned long long)dp->dccps_awh); |
412 | goto out_invalid_packet; |
413 | } |
414 | |
415 | /* |
416 | * If option processing (Step 8) failed, return 1 here so that |
417 | * dccp_v4_do_rcv() sends a Reset. The Reset code depends on |
418 | * the option type and is set in dccp_parse_options(). |
419 | */ |
420 | if (dccp_parse_options(sk, NULL, skb)) |
421 | return 1; |
422 | |
423 | /* Obtain usec RTT sample from SYN exchange (used by TFRC). */ |
424 | if (likely(dp->dccps_options_received.dccpor_timestamp_echo)) |
425 | dp->dccps_syn_rtt = dccp_sample_rtt(sk, delta: 10 * (tstamp - |
426 | dp->dccps_options_received.dccpor_timestamp_echo)); |
427 | |
428 | /* Stop the REQUEST timer */ |
429 | inet_csk_clear_xmit_timer(sk, ICSK_TIME_RETRANS); |
430 | WARN_ON(sk->sk_send_head == NULL); |
431 | kfree_skb(skb: sk->sk_send_head); |
432 | sk->sk_send_head = NULL; |
433 | |
434 | /* |
435 | * Set ISR, GSR from packet. ISS was set in dccp_v{4,6}_connect |
436 | * and GSS in dccp_transmit_skb(). Setting AWL/AWH and SWL/SWH |
437 | * is done as part of activating the feature values below, since |
438 | * these settings depend on the local/remote Sequence Window |
439 | * features, which were undefined or not confirmed until now. |
440 | */ |
441 | dp->dccps_gsr = dp->dccps_isr = DCCP_SKB_CB(skb)->dccpd_seq; |
442 | |
443 | dccp_sync_mss(sk, pmtu: icsk->icsk_pmtu_cookie); |
444 | |
445 | /* |
446 | * Step 10: Process REQUEST state (second part) |
447 | * If S.state == REQUEST, |
448 | * / * If we get here, P is a valid Response from the |
449 | * server (see Step 4), and we should move to |
450 | * PARTOPEN state. PARTOPEN means send an Ack, |
451 | * don't send Data packets, retransmit Acks |
452 | * periodically, and always include any Init Cookie |
453 | * from the Response * / |
454 | * S.state := PARTOPEN |
455 | * Set PARTOPEN timer |
456 | * Continue with S.state == PARTOPEN |
457 | * / * Step 12 will send the Ack completing the |
458 | * three-way handshake * / |
459 | */ |
460 | dccp_set_state(sk, state: DCCP_PARTOPEN); |
461 | |
462 | /* |
463 | * If feature negotiation was successful, activate features now; |
464 | * an activation failure means that this host could not activate |
465 | * one ore more features (e.g. insufficient memory), which would |
466 | * leave at least one feature in an undefined state. |
467 | */ |
468 | if (dccp_feat_activate_values(sk, fn: &dp->dccps_featneg)) |
469 | goto unable_to_proceed; |
470 | |
471 | /* Make sure socket is routed, for correct metrics. */ |
472 | icsk->icsk_af_ops->rebuild_header(sk); |
473 | |
474 | if (!sock_flag(sk, flag: SOCK_DEAD)) { |
475 | sk->sk_state_change(sk); |
476 | sk_wake_async(sk, how: SOCK_WAKE_IO, POLL_OUT); |
477 | } |
478 | |
479 | if (sk->sk_write_pending || inet_csk_in_pingpong_mode(sk) || |
480 | icsk->icsk_accept_queue.rskq_defer_accept) { |
481 | /* Save one ACK. Data will be ready after |
482 | * several ticks, if write_pending is set. |
483 | * |
484 | * It may be deleted, but with this feature tcpdumps |
485 | * look so _wonderfully_ clever, that I was not able |
486 | * to stand against the temptation 8) --ANK |
487 | */ |
488 | /* |
489 | * OK, in DCCP we can as well do a similar trick, its |
490 | * even in the draft, but there is no need for us to |
491 | * schedule an ack here, as dccp_sendmsg does this for |
492 | * us, also stated in the draft. -acme |
493 | */ |
494 | __kfree_skb(skb); |
495 | return 0; |
496 | } |
497 | dccp_send_ack(sk); |
498 | return -1; |
499 | } |
500 | |
501 | out_invalid_packet: |
502 | /* dccp_v4_do_rcv will send a reset */ |
503 | DCCP_SKB_CB(skb)->dccpd_reset_code = DCCP_RESET_CODE_PACKET_ERROR; |
504 | return 1; |
505 | |
506 | unable_to_proceed: |
507 | DCCP_SKB_CB(skb)->dccpd_reset_code = DCCP_RESET_CODE_ABORTED; |
508 | /* |
509 | * We mark this socket as no longer usable, so that the loop in |
510 | * dccp_sendmsg() terminates and the application gets notified. |
511 | */ |
512 | dccp_set_state(sk, state: DCCP_CLOSED); |
513 | sk->sk_err = ECOMM; |
514 | return 1; |
515 | } |
516 | |
517 | static int dccp_rcv_respond_partopen_state_process(struct sock *sk, |
518 | struct sk_buff *skb, |
519 | const struct dccp_hdr *dh, |
520 | const unsigned int len) |
521 | { |
522 | struct dccp_sock *dp = dccp_sk(sk); |
523 | u32 sample = dp->dccps_options_received.dccpor_timestamp_echo; |
524 | int queued = 0; |
525 | |
526 | switch (dh->dccph_type) { |
527 | case DCCP_PKT_RESET: |
528 | inet_csk_clear_xmit_timer(sk, ICSK_TIME_DACK); |
529 | break; |
530 | case DCCP_PKT_DATA: |
531 | if (sk->sk_state == DCCP_RESPOND) |
532 | break; |
533 | fallthrough; |
534 | case DCCP_PKT_DATAACK: |
535 | case DCCP_PKT_ACK: |
536 | /* |
537 | * FIXME: we should be resetting the PARTOPEN (DELACK) timer |
538 | * here but only if we haven't used the DELACK timer for |
539 | * something else, like sending a delayed ack for a TIMESTAMP |
540 | * echo, etc, for now were not clearing it, sending an extra |
541 | * ACK when there is nothing else to do in DELACK is not a big |
542 | * deal after all. |
543 | */ |
544 | |
545 | /* Stop the PARTOPEN timer */ |
546 | if (sk->sk_state == DCCP_PARTOPEN) |
547 | inet_csk_clear_xmit_timer(sk, ICSK_TIME_DACK); |
548 | |
549 | /* Obtain usec RTT sample from SYN exchange (used by TFRC). */ |
550 | if (likely(sample)) { |
551 | long delta = dccp_timestamp() - sample; |
552 | |
553 | dp->dccps_syn_rtt = dccp_sample_rtt(sk, delta: 10 * delta); |
554 | } |
555 | |
556 | dp->dccps_osr = DCCP_SKB_CB(skb)->dccpd_seq; |
557 | dccp_set_state(sk, state: DCCP_OPEN); |
558 | |
559 | if (dh->dccph_type == DCCP_PKT_DATAACK || |
560 | dh->dccph_type == DCCP_PKT_DATA) { |
561 | __dccp_rcv_established(sk, skb, dh, len); |
562 | queued = 1; /* packet was queued |
563 | (by __dccp_rcv_established) */ |
564 | } |
565 | break; |
566 | } |
567 | |
568 | return queued; |
569 | } |
570 | |
571 | int dccp_rcv_state_process(struct sock *sk, struct sk_buff *skb, |
572 | struct dccp_hdr *dh, unsigned int len) |
573 | { |
574 | struct dccp_sock *dp = dccp_sk(sk); |
575 | struct dccp_skb_cb *dcb = DCCP_SKB_CB(skb); |
576 | const int old_state = sk->sk_state; |
577 | bool acceptable; |
578 | int queued = 0; |
579 | |
580 | /* |
581 | * Step 3: Process LISTEN state |
582 | * |
583 | * If S.state == LISTEN, |
584 | * If P.type == Request or P contains a valid Init Cookie option, |
585 | * (* Must scan the packet's options to check for Init |
586 | * Cookies. Only Init Cookies are processed here, |
587 | * however; other options are processed in Step 8. This |
588 | * scan need only be performed if the endpoint uses Init |
589 | * Cookies *) |
590 | * (* Generate a new socket and switch to that socket *) |
591 | * Set S := new socket for this port pair |
592 | * S.state = RESPOND |
593 | * Choose S.ISS (initial seqno) or set from Init Cookies |
594 | * Initialize S.GAR := S.ISS |
595 | * Set S.ISR, S.GSR, S.SWL, S.SWH from packet or Init |
596 | * Cookies Continue with S.state == RESPOND |
597 | * (* A Response packet will be generated in Step 11 *) |
598 | * Otherwise, |
599 | * Generate Reset(No Connection) unless P.type == Reset |
600 | * Drop packet and return |
601 | */ |
602 | if (sk->sk_state == DCCP_LISTEN) { |
603 | if (dh->dccph_type == DCCP_PKT_REQUEST) { |
604 | /* It is possible that we process SYN packets from backlog, |
605 | * so we need to make sure to disable BH and RCU right there. |
606 | */ |
607 | rcu_read_lock(); |
608 | local_bh_disable(); |
609 | acceptable = inet_csk(sk)->icsk_af_ops->conn_request(sk, skb) >= 0; |
610 | local_bh_enable(); |
611 | rcu_read_unlock(); |
612 | if (!acceptable) |
613 | return 1; |
614 | consume_skb(skb); |
615 | return 0; |
616 | } |
617 | if (dh->dccph_type == DCCP_PKT_RESET) |
618 | goto discard; |
619 | |
620 | /* Caller (dccp_v4_do_rcv) will send Reset */ |
621 | dcb->dccpd_reset_code = DCCP_RESET_CODE_NO_CONNECTION; |
622 | return 1; |
623 | } else if (sk->sk_state == DCCP_CLOSED) { |
624 | dcb->dccpd_reset_code = DCCP_RESET_CODE_NO_CONNECTION; |
625 | return 1; |
626 | } |
627 | |
628 | /* Step 6: Check sequence numbers (omitted in LISTEN/REQUEST state) */ |
629 | if (sk->sk_state != DCCP_REQUESTING && dccp_check_seqno(sk, skb)) |
630 | goto discard; |
631 | |
632 | /* |
633 | * Step 7: Check for unexpected packet types |
634 | * If (S.is_server and P.type == Response) |
635 | * or (S.is_client and P.type == Request) |
636 | * or (S.state == RESPOND and P.type == Data), |
637 | * Send Sync packet acknowledging P.seqno |
638 | * Drop packet and return |
639 | */ |
640 | if ((dp->dccps_role != DCCP_ROLE_CLIENT && |
641 | dh->dccph_type == DCCP_PKT_RESPONSE) || |
642 | (dp->dccps_role == DCCP_ROLE_CLIENT && |
643 | dh->dccph_type == DCCP_PKT_REQUEST) || |
644 | (sk->sk_state == DCCP_RESPOND && dh->dccph_type == DCCP_PKT_DATA)) { |
645 | dccp_send_sync(sk, seq: dcb->dccpd_seq, pkt_type: DCCP_PKT_SYNC); |
646 | goto discard; |
647 | } |
648 | |
649 | /* Step 8: Process options */ |
650 | if (dccp_parse_options(sk, NULL, skb)) |
651 | return 1; |
652 | |
653 | /* |
654 | * Step 9: Process Reset |
655 | * If P.type == Reset, |
656 | * Tear down connection |
657 | * S.state := TIMEWAIT |
658 | * Set TIMEWAIT timer |
659 | * Drop packet and return |
660 | */ |
661 | if (dh->dccph_type == DCCP_PKT_RESET) { |
662 | dccp_rcv_reset(sk, skb); |
663 | return 0; |
664 | } else if (dh->dccph_type == DCCP_PKT_CLOSEREQ) { /* Step 13 */ |
665 | if (dccp_rcv_closereq(sk, skb)) |
666 | return 0; |
667 | goto discard; |
668 | } else if (dh->dccph_type == DCCP_PKT_CLOSE) { /* Step 14 */ |
669 | if (dccp_rcv_close(sk, skb)) |
670 | return 0; |
671 | goto discard; |
672 | } |
673 | |
674 | switch (sk->sk_state) { |
675 | case DCCP_REQUESTING: |
676 | queued = dccp_rcv_request_sent_state_process(sk, skb, dh, len); |
677 | if (queued >= 0) |
678 | return queued; |
679 | |
680 | __kfree_skb(skb); |
681 | return 0; |
682 | |
683 | case DCCP_PARTOPEN: |
684 | /* Step 8: if using Ack Vectors, mark packet acknowledgeable */ |
685 | dccp_handle_ackvec_processing(sk, skb); |
686 | dccp_deliver_input_to_ccids(sk, skb); |
687 | fallthrough; |
688 | case DCCP_RESPOND: |
689 | queued = dccp_rcv_respond_partopen_state_process(sk, skb, |
690 | dh, len); |
691 | break; |
692 | } |
693 | |
694 | if (dh->dccph_type == DCCP_PKT_ACK || |
695 | dh->dccph_type == DCCP_PKT_DATAACK) { |
696 | switch (old_state) { |
697 | case DCCP_PARTOPEN: |
698 | sk->sk_state_change(sk); |
699 | sk_wake_async(sk, how: SOCK_WAKE_IO, POLL_OUT); |
700 | break; |
701 | } |
702 | } else if (unlikely(dh->dccph_type == DCCP_PKT_SYNC)) { |
703 | dccp_send_sync(sk, seq: dcb->dccpd_seq, pkt_type: DCCP_PKT_SYNCACK); |
704 | goto discard; |
705 | } |
706 | |
707 | if (!queued) { |
708 | discard: |
709 | __kfree_skb(skb); |
710 | } |
711 | return 0; |
712 | } |
713 | |
714 | EXPORT_SYMBOL_GPL(dccp_rcv_state_process); |
715 | |
716 | /** |
717 | * dccp_sample_rtt - Validate and finalise computation of RTT sample |
718 | * @sk: socket structure |
719 | * @delta: number of microseconds between packet and acknowledgment |
720 | * |
721 | * The routine is kept generic to work in different contexts. It should be |
722 | * called immediately when the ACK used for the RTT sample arrives. |
723 | */ |
724 | u32 dccp_sample_rtt(struct sock *sk, long delta) |
725 | { |
726 | /* dccpor_elapsed_time is either zeroed out or set and > 0 */ |
727 | delta -= dccp_sk(sk)->dccps_options_received.dccpor_elapsed_time * 10; |
728 | |
729 | if (unlikely(delta <= 0)) { |
730 | DCCP_WARN("unusable RTT sample %ld, using min\n" , delta); |
731 | return DCCP_SANE_RTT_MIN; |
732 | } |
733 | if (unlikely(delta > DCCP_SANE_RTT_MAX)) { |
734 | DCCP_WARN("RTT sample %ld too large, using max\n" , delta); |
735 | return DCCP_SANE_RTT_MAX; |
736 | } |
737 | |
738 | return delta; |
739 | } |
740 | |