net/dccp/proto.c

0001 // SPDX-License-Identifier: GPL-2.0-only
0002 /*
0003  *  net/dccp/proto.c
0004  *
0005  *  An implementation of the DCCP protocol
0006  *  Arnaldo Carvalho de Melo <acme@conectiva.com.br>
0007  */
0008
0009 #include <linux/dccp.h>
0010 #include <linux/module.h>
0011 #include <linux/types.h>
0012 #include <linux/sched.h>
0013 #include <linux/kernel.h>
0014 #include <linux/skbuff.h>
0015 #include <linux/netdevice.h>
0016 #include <linux/in.h>
0017 #include <linux/if_arp.h>
0018 #include <linux/init.h>
0019 #include <linux/random.h>
0020 #include <linux/slab.h>
0021 #include <net/checksum.h>
0022
0023 #include <net/inet_sock.h>
0024 #include <net/inet_common.h>
0025 #include <net/sock.h>
0026 #include <net/xfrm.h>
0027
0028 #include <asm/ioctls.h>
0029 #include <linux/spinlock.h>
0030 #include <linux/timer.h>
0031 #include <linux/delay.h>
0032 #include <linux/poll.h>
0033
0034 #include "ccid.h"
0035 #include "dccp.h"
0036 #include "feat.h"
0037
0038 #define CREATE_TRACE_POINTS
0039 #include "trace.h"
0040
0041 DEFINE_SNMP_STAT(struct dccp_mib, dccp_statistics) __read_mostly;
0042
0043 EXPORT_SYMBOL_GPL(dccp_statistics);
0044
0045 DEFINE_PER_CPU(unsigned int, dccp_orphan_count);
0046 EXPORT_PER_CPU_SYMBOL_GPL(dccp_orphan_count);
0047
0048 struct inet_hashinfo dccp_hashinfo;
0049 EXPORT_SYMBOL_GPL(dccp_hashinfo);
0050
0051 /* the maximum queue length for tx in packets. 0 is no limit */
0052 int sysctl_dccp_tx_qlen __read_mostly = 5;
0053
0054 #ifdef CONFIG_IP_DCCP_DEBUG
0055 static const char *dccp_state_name(const int state)
0056 {
0057     static const char *const dccp_state_names[] = {
0058     [DCCP_OPEN]     = "OPEN",
0059     [DCCP_REQUESTING]   = "REQUESTING",
0060     [DCCP_PARTOPEN]     = "PARTOPEN",
0061     [DCCP_LISTEN]       = "LISTEN",
0062     [DCCP_RESPOND]      = "RESPOND",
0063     [DCCP_CLOSING]      = "CLOSING",
0064     [DCCP_ACTIVE_CLOSEREQ]  = "CLOSEREQ",
0065     [DCCP_PASSIVE_CLOSE]    = "PASSIVE_CLOSE",
0066     [DCCP_PASSIVE_CLOSEREQ] = "PASSIVE_CLOSEREQ",
0067     [DCCP_TIME_WAIT]    = "TIME_WAIT",
0068     [DCCP_CLOSED]       = "CLOSED",
0069     };
0070
0071     if (state >= DCCP_MAX_STATES)
0072         return "INVALID STATE!";
0073     else
0074         return dccp_state_names[state];
0075 }
0076 #endif
0077
0078 void dccp_set_state(struct sock *sk, const int state)
0079 {
0080     const int oldstate = sk->sk_state;
0081
0082     dccp_pr_debug("%s(%p)  %s  -->  %s\n", dccp_role(sk), sk,
0083               dccp_state_name(oldstate), dccp_state_name(state));
0084     WARN_ON(state == oldstate);
0085
0086     switch (state) {
0087     case DCCP_OPEN:
0088         if (oldstate != DCCP_OPEN)
0089             DCCP_INC_STATS(DCCP_MIB_CURRESTAB);
0090         /* Client retransmits all Confirm options until entering OPEN */
0091         if (oldstate == DCCP_PARTOPEN)
0092             dccp_feat_list_purge(&dccp_sk(sk)->dccps_featneg);
0093         break;
0094
0095     case DCCP_CLOSED:
0096         if (oldstate == DCCP_OPEN || oldstate == DCCP_ACTIVE_CLOSEREQ ||
0097             oldstate == DCCP_CLOSING)
0098             DCCP_INC_STATS(DCCP_MIB_ESTABRESETS);
0099
0100         sk->sk_prot->unhash(sk);
0101         if (inet_csk(sk)->icsk_bind_hash != NULL &&
0102             !(sk->sk_userlocks & SOCK_BINDPORT_LOCK))
0103             inet_put_port(sk);
0104         fallthrough;
0105     default:
0106         if (oldstate == DCCP_OPEN)
0107             DCCP_DEC_STATS(DCCP_MIB_CURRESTAB);
0108     }
0109
0110     /* Change state AFTER socket is unhashed to avoid closed
0111      * socket sitting in hash tables.
0112      */
0113     inet_sk_set_state(sk, state);
0114 }
0115
0116 EXPORT_SYMBOL_GPL(dccp_set_state);
0117
0118 static void dccp_finish_passive_close(struct sock *sk)
0119 {
0120     switch (sk->sk_state) {
0121     case DCCP_PASSIVE_CLOSE:
0122         /* Node (client or server) has received Close packet. */
0123         dccp_send_reset(sk, DCCP_RESET_CODE_CLOSED);
0124         dccp_set_state(sk, DCCP_CLOSED);
0125         break;
0126     case DCCP_PASSIVE_CLOSEREQ:
0127         /*
0128          * Client received CloseReq. We set the `active' flag so that
0129          * dccp_send_close() retransmits the Close as per RFC 4340, 8.3.
0130          */
0131         dccp_send_close(sk, 1);
0132         dccp_set_state(sk, DCCP_CLOSING);
0133     }
0134 }
0135
0136 void dccp_done(struct sock *sk)
0137 {
0138     dccp_set_state(sk, DCCP_CLOSED);
0139     dccp_clear_xmit_timers(sk);
0140
0141     sk->sk_shutdown = SHUTDOWN_MASK;
0142
0143     if (!sock_flag(sk, SOCK_DEAD))
0144         sk->sk_state_change(sk);
0145     else
0146         inet_csk_destroy_sock(sk);
0147 }
0148
0149 EXPORT_SYMBOL_GPL(dccp_done);
0150
0151 const char *dccp_packet_name(const int type)
0152 {
0153     static const char *const dccp_packet_names[] = {
0154         [DCCP_PKT_REQUEST]  = "REQUEST",
0155         [DCCP_PKT_RESPONSE] = "RESPONSE",
0156         [DCCP_PKT_DATA]     = "DATA",
0157         [DCCP_PKT_ACK]      = "ACK",
0158         [DCCP_PKT_DATAACK]  = "DATAACK",
0159         [DCCP_PKT_CLOSEREQ] = "CLOSEREQ",
0160         [DCCP_PKT_CLOSE]    = "CLOSE",
0161         [DCCP_PKT_RESET]    = "RESET",
0162         [DCCP_PKT_SYNC]     = "SYNC",
0163         [DCCP_PKT_SYNCACK]  = "SYNCACK",
0164     };
0165
0166     if (type >= DCCP_NR_PKT_TYPES)
0167         return "INVALID";
0168     else
0169         return dccp_packet_names[type];
0170 }
0171
0172 EXPORT_SYMBOL_GPL(dccp_packet_name);
0173
0174 static void dccp_sk_destruct(struct sock *sk)
0175 {
0176     struct dccp_sock *dp = dccp_sk(sk);
0177
0178     ccid_hc_tx_delete(dp->dccps_hc_tx_ccid, sk);
0179     dp->dccps_hc_tx_ccid = NULL;
0180     inet_sock_destruct(sk);
0181 }
0182
0183 int dccp_init_sock(struct sock *sk, const __u8 ctl_sock_initialized)
0184 {
0185     struct dccp_sock *dp = dccp_sk(sk);
0186     struct inet_connection_sock *icsk = inet_csk(sk);
0187
0188     icsk->icsk_rto      = DCCP_TIMEOUT_INIT;
0189     icsk->icsk_syn_retries  = sysctl_dccp_request_retries;
0190     sk->sk_state        = DCCP_CLOSED;
0191     sk->sk_write_space  = dccp_write_space;
0192     sk->sk_destruct     = dccp_sk_destruct;
0193     icsk->icsk_sync_mss = dccp_sync_mss;
0194     dp->dccps_mss_cache = 536;
0195     dp->dccps_rate_last = jiffies;
0196     dp->dccps_role      = DCCP_ROLE_UNDEFINED;
0197     dp->dccps_service   = DCCP_SERVICE_CODE_IS_ABSENT;
0198     dp->dccps_tx_qlen   = sysctl_dccp_tx_qlen;
0199
0200     dccp_init_xmit_timers(sk);
0201
0202     INIT_LIST_HEAD(&dp->dccps_featneg);
0203     /* control socket doesn't need feat nego */
0204     if (likely(ctl_sock_initialized))
0205         return dccp_feat_init(sk);
0206     return 0;
0207 }
0208
0209 EXPORT_SYMBOL_GPL(dccp_init_sock);
0210
0211 void dccp_destroy_sock(struct sock *sk)
0212 {
0213     struct dccp_sock *dp = dccp_sk(sk);
0214
0215     __skb_queue_purge(&sk->sk_write_queue);
0216     if (sk->sk_send_head != NULL) {
0217         kfree_skb(sk->sk_send_head);
0218         sk->sk_send_head = NULL;
0219     }
0220
0221     /* Clean up a referenced DCCP bind bucket. */
0222     if (inet_csk(sk)->icsk_bind_hash != NULL)
0223         inet_put_port(sk);
0224
0225     kfree(dp->dccps_service_list);
0226     dp->dccps_service_list = NULL;
0227
0228     if (dp->dccps_hc_rx_ackvec != NULL) {
0229         dccp_ackvec_free(dp->dccps_hc_rx_ackvec);
0230         dp->dccps_hc_rx_ackvec = NULL;
0231     }
0232     ccid_hc_rx_delete(dp->dccps_hc_rx_ccid, sk);
0233     dp->dccps_hc_rx_ccid = NULL;
0234
0235     /* clean up feature negotiation state */
0236     dccp_feat_list_purge(&dp->dccps_featneg);
0237 }
0238
0239 EXPORT_SYMBOL_GPL(dccp_destroy_sock);
0240
0241 static inline int dccp_need_reset(int state)
0242 {
0243     return state != DCCP_CLOSED && state != DCCP_LISTEN &&
0244            state != DCCP_REQUESTING;
0245 }
0246
0247 int dccp_disconnect(struct sock *sk, int flags)
0248 {
0249     struct inet_connection_sock *icsk = inet_csk(sk);
0250     struct inet_sock *inet = inet_sk(sk);
0251     struct dccp_sock *dp = dccp_sk(sk);
0252     const int old_state = sk->sk_state;
0253
0254     if (old_state != DCCP_CLOSED)
0255         dccp_set_state(sk, DCCP_CLOSED);
0256
0257     /*
0258      * This corresponds to the ABORT function of RFC793, sec. 3.8
0259      * TCP uses a RST segment, DCCP a Reset packet with Code 2, "Aborted".
0260      */
0261     if (old_state == DCCP_LISTEN) {
0262         inet_csk_listen_stop(sk);
0263     } else if (dccp_need_reset(old_state)) {
0264         dccp_send_reset(sk, DCCP_RESET_CODE_ABORTED);
0265         sk->sk_err = ECONNRESET;
0266     } else if (old_state == DCCP_REQUESTING)
0267         sk->sk_err = ECONNRESET;
0268
0269     dccp_clear_xmit_timers(sk);
0270     ccid_hc_rx_delete(dp->dccps_hc_rx_ccid, sk);
0271     dp->dccps_hc_rx_ccid = NULL;
0272
0273     __skb_queue_purge(&sk->sk_receive_queue);
0274     __skb_queue_purge(&sk->sk_write_queue);
0275     if (sk->sk_send_head != NULL) {
0276         __kfree_skb(sk->sk_send_head);
0277         sk->sk_send_head = NULL;
0278     }
0279
0280     inet->inet_dport = 0;
0281
0282     if (!(sk->sk_userlocks & SOCK_BINDADDR_LOCK))
0283         inet_reset_saddr(sk);
0284
0285     sk->sk_shutdown = 0;
0286     sock_reset_flag(sk, SOCK_DONE);
0287
0288     icsk->icsk_backoff = 0;
0289     inet_csk_delack_init(sk);
0290     __sk_dst_reset(sk);
0291
0292     WARN_ON(inet->inet_num && !icsk->icsk_bind_hash);
0293
0294     sk_error_report(sk);
0295     return 0;
0296 }
0297
0298 EXPORT_SYMBOL_GPL(dccp_disconnect);
0299
0300 /*
0301  *  Wait for a DCCP event.
0302  *
0303  *  Note that we don't need to lock the socket, as the upper poll layers
0304  *  take care of normal races (between the test and the event) and we don't
0305  *  go look at any of the socket buffers directly.
0306  */
0307 __poll_t dccp_poll(struct file *file, struct socket *sock,
0308                poll_table *wait)
0309 {
0310     __poll_t mask;
0311     struct sock *sk = sock->sk;
0312
0313     sock_poll_wait(file, sock, wait);
0314     if (sk->sk_state == DCCP_LISTEN)
0315         return inet_csk_listen_poll(sk);
0316
0317     /* Socket is not locked. We are protected from async events
0318        by poll logic and correct handling of state changes
0319        made by another threads is impossible in any case.
0320      */
0321
0322     mask = 0;
0323     if (sk->sk_err)
0324         mask = EPOLLERR;
0325
0326     if (sk->sk_shutdown == SHUTDOWN_MASK || sk->sk_state == DCCP_CLOSED)
0327         mask |= EPOLLHUP;
0328     if (sk->sk_shutdown & RCV_SHUTDOWN)
0329         mask |= EPOLLIN | EPOLLRDNORM | EPOLLRDHUP;
0330
0331     /* Connected? */
0332     if ((1 << sk->sk_state) & ~(DCCPF_REQUESTING | DCCPF_RESPOND)) {
0333         if (atomic_read(&sk->sk_rmem_alloc) > 0)
0334             mask |= EPOLLIN | EPOLLRDNORM;
0335
0336         if (!(sk->sk_shutdown & SEND_SHUTDOWN)) {
0337             if (sk_stream_is_writeable(sk)) {
0338                 mask |= EPOLLOUT | EPOLLWRNORM;
0339             } else {  /* send SIGIO later */
0340                 sk_set_bit(SOCKWQ_ASYNC_NOSPACE, sk);
0341                 set_bit(SOCK_NOSPACE, &sk->sk_socket->flags);
0342
0343                 /* Race breaker. If space is freed after
0344                  * wspace test but before the flags are set,
0345                  * IO signal will be lost.
0346                  */
0347                 if (sk_stream_is_writeable(sk))
0348                     mask |= EPOLLOUT | EPOLLWRNORM;
0349             }
0350         }
0351     }
0352     return mask;
0353 }
0354
0355 EXPORT_SYMBOL_GPL(dccp_poll);
0356
0357 int dccp_ioctl(struct sock *sk, int cmd, unsigned long arg)
0358 {
0359     int rc = -ENOTCONN;
0360
0361     lock_sock(sk);
0362
0363     if (sk->sk_state == DCCP_LISTEN)
0364         goto out;
0365
0366     switch (cmd) {
0367     case SIOCOUTQ: {
0368         int amount = sk_wmem_alloc_get(sk);
0369         /* Using sk_wmem_alloc here because sk_wmem_queued is not used by DCCP and
0370          * always 0, comparably to UDP.
0371          */
0372
0373         rc = put_user(amount, (int __user *)arg);
0374     }
0375         break;
0376     case SIOCINQ: {
0377         struct sk_buff *skb;
0378         unsigned long amount = 0;
0379
0380         skb = skb_peek(&sk->sk_receive_queue);
0381         if (skb != NULL) {
0382             /*
0383              * We will only return the amount of this packet since
0384              * that is all that will be read.
0385              */
0386             amount = skb->len;
0387         }
0388         rc = put_user(amount, (int __user *)arg);
0389     }
0390         break;
0391     default:
0392         rc = -ENOIOCTLCMD;
0393         break;
0394     }
0395 out:
0396     release_sock(sk);
0397     return rc;
0398 }
0399
0400 EXPORT_SYMBOL_GPL(dccp_ioctl);
0401
0402 static int dccp_setsockopt_service(struct sock *sk, const __be32 service,
0403                    sockptr_t optval, unsigned int optlen)
0404 {
0405     struct dccp_sock *dp = dccp_sk(sk);
0406     struct dccp_service_list *sl = NULL;
0407
0408     if (service == DCCP_SERVICE_INVALID_VALUE ||
0409         optlen > DCCP_SERVICE_LIST_MAX_LEN * sizeof(u32))
0410         return -EINVAL;
0411
0412     if (optlen > sizeof(service)) {
0413         sl = kmalloc(optlen, GFP_KERNEL);
0414         if (sl == NULL)
0415             return -ENOMEM;
0416
0417         sl->dccpsl_nr = optlen / sizeof(u32) - 1;
0418         if (copy_from_sockptr_offset(sl->dccpsl_list, optval,
0419                 sizeof(service), optlen - sizeof(service)) ||
0420             dccp_list_has_service(sl, DCCP_SERVICE_INVALID_VALUE)) {
0421             kfree(sl);
0422             return -EFAULT;
0423         }
0424     }
0425
0426     lock_sock(sk);
0427     dp->dccps_service = service;
0428
0429     kfree(dp->dccps_service_list);
0430
0431     dp->dccps_service_list = sl;
0432     release_sock(sk);
0433     return 0;
0434 }
0435
0436 static int dccp_setsockopt_cscov(struct sock *sk, int cscov, bool rx)
0437 {
0438     u8 *list, len;
0439     int i, rc;
0440
0441     if (cscov < 0 || cscov > 15)
0442         return -EINVAL;
0443     /*
0444      * Populate a list of permissible values, in the range cscov...15. This
0445      * is necessary since feature negotiation of single values only works if
0446      * both sides incidentally choose the same value. Since the list starts
0447      * lowest-value first, negotiation will pick the smallest shared value.
0448      */
0449     if (cscov == 0)
0450         return 0;
0451     len = 16 - cscov;
0452
0453     list = kmalloc(len, GFP_KERNEL);
0454     if (list == NULL)
0455         return -ENOBUFS;
0456
0457     for (i = 0; i < len; i++)
0458         list[i] = cscov++;
0459
0460     rc = dccp_feat_register_sp(sk, DCCPF_MIN_CSUM_COVER, rx, list, len);
0461
0462     if (rc == 0) {
0463         if (rx)
0464             dccp_sk(sk)->dccps_pcrlen = cscov;
0465         else
0466             dccp_sk(sk)->dccps_pcslen = cscov;
0467     }
0468     kfree(list);
0469     return rc;
0470 }
0471
0472 static int dccp_setsockopt_ccid(struct sock *sk, int type,
0473                 sockptr_t optval, unsigned int optlen)
0474 {
0475     u8 *val;
0476     int rc = 0;
0477
0478     if (optlen < 1 || optlen > DCCP_FEAT_MAX_SP_VALS)
0479         return -EINVAL;
0480
0481     val = memdup_sockptr(optval, optlen);
0482     if (IS_ERR(val))
0483         return PTR_ERR(val);
0484
0485     lock_sock(sk);
0486     if (type == DCCP_SOCKOPT_TX_CCID || type == DCCP_SOCKOPT_CCID)
0487         rc = dccp_feat_register_sp(sk, DCCPF_CCID, 1, val, optlen);
0488
0489     if (!rc && (type == DCCP_SOCKOPT_RX_CCID || type == DCCP_SOCKOPT_CCID))
0490         rc = dccp_feat_register_sp(sk, DCCPF_CCID, 0, val, optlen);
0491     release_sock(sk);
0492
0493     kfree(val);
0494     return rc;
0495 }
0496
0497 static int do_dccp_setsockopt(struct sock *sk, int level, int optname,
0498         sockptr_t optval, unsigned int optlen)
0499 {
0500     struct dccp_sock *dp = dccp_sk(sk);
0501     int val, err = 0;
0502
0503     switch (optname) {
0504     case DCCP_SOCKOPT_PACKET_SIZE:
0505         DCCP_WARN("sockopt(PACKET_SIZE) is deprecated: fix your app\n");
0506         return 0;
0507     case DCCP_SOCKOPT_CHANGE_L:
0508     case DCCP_SOCKOPT_CHANGE_R:
0509         DCCP_WARN("sockopt(CHANGE_L/R) is deprecated: fix your app\n");
0510         return 0;
0511     case DCCP_SOCKOPT_CCID:
0512     case DCCP_SOCKOPT_RX_CCID:
0513     case DCCP_SOCKOPT_TX_CCID:
0514         return dccp_setsockopt_ccid(sk, optname, optval, optlen);
0515     }
0516
0517     if (optlen < (int)sizeof(int))
0518         return -EINVAL;
0519
0520     if (copy_from_sockptr(&val, optval, sizeof(int)))
0521         return -EFAULT;
0522
0523     if (optname == DCCP_SOCKOPT_SERVICE)
0524         return dccp_setsockopt_service(sk, val, optval, optlen);
0525
0526     lock_sock(sk);
0527     switch (optname) {
0528     case DCCP_SOCKOPT_SERVER_TIMEWAIT:
0529         if (dp->dccps_role != DCCP_ROLE_SERVER)
0530             err = -EOPNOTSUPP;
0531         else
0532             dp->dccps_server_timewait = (val != 0);
0533         break;
0534     case DCCP_SOCKOPT_SEND_CSCOV:
0535         err = dccp_setsockopt_cscov(sk, val, false);
0536         break;
0537     case DCCP_SOCKOPT_RECV_CSCOV:
0538         err = dccp_setsockopt_cscov(sk, val, true);
0539         break;
0540     case DCCP_SOCKOPT_QPOLICY_ID:
0541         if (sk->sk_state != DCCP_CLOSED)
0542             err = -EISCONN;
0543         else if (val < 0 || val >= DCCPQ_POLICY_MAX)
0544             err = -EINVAL;
0545         else
0546             dp->dccps_qpolicy = val;
0547         break;
0548     case DCCP_SOCKOPT_QPOLICY_TXQLEN:
0549         if (val < 0)
0550             err = -EINVAL;
0551         else
0552             dp->dccps_tx_qlen = val;
0553         break;
0554     default:
0555         err = -ENOPROTOOPT;
0556         break;
0557     }
0558     release_sock(sk);
0559
0560     return err;
0561 }
0562
0563 int dccp_setsockopt(struct sock *sk, int level, int optname, sockptr_t optval,
0564             unsigned int optlen)
0565 {
0566     if (level != SOL_DCCP)
0567         return inet_csk(sk)->icsk_af_ops->setsockopt(sk, level,
0568                                  optname, optval,
0569                                  optlen);
0570     return do_dccp_setsockopt(sk, level, optname, optval, optlen);
0571 }
0572
0573 EXPORT_SYMBOL_GPL(dccp_setsockopt);
0574
0575 static int dccp_getsockopt_service(struct sock *sk, int len,
0576                    __be32 __user *optval,
0577                    int __user *optlen)
0578 {
0579     const struct dccp_sock *dp = dccp_sk(sk);
0580     const struct dccp_service_list *sl;
0581     int err = -ENOENT, slen = 0, total_len = sizeof(u32);
0582
0583     lock_sock(sk);
0584     if ((sl = dp->dccps_service_list) != NULL) {
0585         slen = sl->dccpsl_nr * sizeof(u32);
0586         total_len += slen;
0587     }
0588
0589     err = -EINVAL;
0590     if (total_len > len)
0591         goto out;
0592
0593     err = 0;
0594     if (put_user(total_len, optlen) ||
0595         put_user(dp->dccps_service, optval) ||
0596         (sl != NULL && copy_to_user(optval + 1, sl->dccpsl_list, slen)))
0597         err = -EFAULT;
0598 out:
0599     release_sock(sk);
0600     return err;
0601 }
0602
0603 static int do_dccp_getsockopt(struct sock *sk, int level, int optname,
0604             char __user *optval, int __user *optlen)
0605 {
0606     struct dccp_sock *dp;
0607     int val, len;
0608
0609     if (get_user(len, optlen))
0610         return -EFAULT;
0611
0612     if (len < (int)sizeof(int))
0613         return -EINVAL;
0614
0615     dp = dccp_sk(sk);
0616
0617     switch (optname) {
0618     case DCCP_SOCKOPT_PACKET_SIZE:
0619         DCCP_WARN("sockopt(PACKET_SIZE) is deprecated: fix your app\n");
0620         return 0;
0621     case DCCP_SOCKOPT_SERVICE:
0622         return dccp_getsockopt_service(sk, len,
0623                            (__be32 __user *)optval, optlen);
0624     case DCCP_SOCKOPT_GET_CUR_MPS:
0625         val = dp->dccps_mss_cache;
0626         break;
0627     case DCCP_SOCKOPT_AVAILABLE_CCIDS:
0628         return ccid_getsockopt_builtin_ccids(sk, len, optval, optlen);
0629     case DCCP_SOCKOPT_TX_CCID:
0630         val = ccid_get_current_tx_ccid(dp);
0631         if (val < 0)
0632             return -ENOPROTOOPT;
0633         break;
0634     case DCCP_SOCKOPT_RX_CCID:
0635         val = ccid_get_current_rx_ccid(dp);
0636         if (val < 0)
0637             return -ENOPROTOOPT;
0638         break;
0639     case DCCP_SOCKOPT_SERVER_TIMEWAIT:
0640         val = dp->dccps_server_timewait;
0641         break;
0642     case DCCP_SOCKOPT_SEND_CSCOV:
0643         val = dp->dccps_pcslen;
0644         break;
0645     case DCCP_SOCKOPT_RECV_CSCOV:
0646         val = dp->dccps_pcrlen;
0647         break;
0648     case DCCP_SOCKOPT_QPOLICY_ID:
0649         val = dp->dccps_qpolicy;
0650         break;
0651     case DCCP_SOCKOPT_QPOLICY_TXQLEN:
0652         val = dp->dccps_tx_qlen;
0653         break;
0654     case 128 ... 191:
0655         return ccid_hc_rx_getsockopt(dp->dccps_hc_rx_ccid, sk, optname,
0656                          len, (u32 __user *)optval, optlen);
0657     case 192 ... 255:
0658         return ccid_hc_tx_getsockopt(dp->dccps_hc_tx_ccid, sk, optname,
0659                          len, (u32 __user *)optval, optlen);
0660     default:
0661         return -ENOPROTOOPT;
0662     }
0663
0664     len = sizeof(val);
0665     if (put_user(len, optlen) || copy_to_user(optval, &val, len))
0666         return -EFAULT;
0667
0668     return 0;
0669 }
0670
0671 int dccp_getsockopt(struct sock *sk, int level, int optname,
0672             char __user *optval, int __user *optlen)
0673 {
0674     if (level != SOL_DCCP)
0675         return inet_csk(sk)->icsk_af_ops->getsockopt(sk, level,
0676                                  optname, optval,
0677                                  optlen);
0678     return do_dccp_getsockopt(sk, level, optname, optval, optlen);
0679 }
0680
0681 EXPORT_SYMBOL_GPL(dccp_getsockopt);
0682
0683 static int dccp_msghdr_parse(struct msghdr *msg, struct sk_buff *skb)
0684 {
0685     struct cmsghdr *cmsg;
0686
0687     /*
0688      * Assign an (opaque) qpolicy priority value to skb->priority.
0689      *
0690      * We are overloading this skb field for use with the qpolicy subystem.
0691      * The skb->priority is normally used for the SO_PRIORITY option, which
0692      * is initialised from sk_priority. Since the assignment of sk_priority
0693      * to skb->priority happens later (on layer 3), we overload this field
0694      * for use with queueing priorities as long as the skb is on layer 4.
0695      * The default priority value (if nothing is set) is 0.
0696      */
0697     skb->priority = 0;
0698
0699     for_each_cmsghdr(cmsg, msg) {
0700         if (!CMSG_OK(msg, cmsg))
0701             return -EINVAL;
0702
0703         if (cmsg->cmsg_level != SOL_DCCP)
0704             continue;
0705
0706         if (cmsg->cmsg_type <= DCCP_SCM_QPOLICY_MAX &&
0707             !dccp_qpolicy_param_ok(skb->sk, cmsg->cmsg_type))
0708             return -EINVAL;
0709
0710         switch (cmsg->cmsg_type) {
0711         case DCCP_SCM_PRIORITY:
0712             if (cmsg->cmsg_len != CMSG_LEN(sizeof(__u32)))
0713                 return -EINVAL;
0714             skb->priority = *(__u32 *)CMSG_DATA(cmsg);
0715             break;
0716         default:
0717             return -EINVAL;
0718         }
0719     }
0720     return 0;
0721 }
0722
0723 int dccp_sendmsg(struct sock *sk, struct msghdr *msg, size_t len)
0724 {
0725     const struct dccp_sock *dp = dccp_sk(sk);
0726     const int flags = msg->msg_flags;
0727     const int noblock = flags & MSG_DONTWAIT;
0728     struct sk_buff *skb;
0729     int rc, size;
0730     long timeo;
0731
0732     trace_dccp_probe(sk, len);
0733
0734     if (len > dp->dccps_mss_cache)
0735         return -EMSGSIZE;
0736
0737     lock_sock(sk);
0738
0739     timeo = sock_sndtimeo(sk, noblock);
0740
0741     /*
0742      * We have to use sk_stream_wait_connect here to set sk_write_pending,
0743      * so that the trick in dccp_rcv_request_sent_state_process.
0744      */
0745     /* Wait for a connection to finish. */
0746     if ((1 << sk->sk_state) & ~(DCCPF_OPEN | DCCPF_PARTOPEN))
0747         if ((rc = sk_stream_wait_connect(sk, &timeo)) != 0)
0748             goto out_release;
0749
0750     size = sk->sk_prot->max_header + len;
0751     release_sock(sk);
0752     skb = sock_alloc_send_skb(sk, size, noblock, &rc);
0753     lock_sock(sk);
0754     if (skb == NULL)
0755         goto out_release;
0756
0757     if (dccp_qpolicy_full(sk)) {
0758         rc = -EAGAIN;
0759         goto out_discard;
0760     }
0761
0762     if (sk->sk_state == DCCP_CLOSED) {
0763         rc = -ENOTCONN;
0764         goto out_discard;
0765     }
0766
0767     skb_reserve(skb, sk->sk_prot->max_header);
0768     rc = memcpy_from_msg(skb_put(skb, len), msg, len);
0769     if (rc != 0)
0770         goto out_discard;
0771
0772     rc = dccp_msghdr_parse(msg, skb);
0773     if (rc != 0)
0774         goto out_discard;
0775
0776     dccp_qpolicy_push(sk, skb);
0777     /*
0778      * The xmit_timer is set if the TX CCID is rate-based and will expire
0779      * when congestion control permits to release further packets into the
0780      * network. Window-based CCIDs do not use this timer.
0781      */
0782     if (!timer_pending(&dp->dccps_xmit_timer))
0783         dccp_write_xmit(sk);
0784 out_release:
0785     release_sock(sk);
0786     return rc ? : len;
0787 out_discard:
0788     kfree_skb(skb);
0789     goto out_release;
0790 }
0791
0792 EXPORT_SYMBOL_GPL(dccp_sendmsg);
0793
0794 int dccp_recvmsg(struct sock *sk, struct msghdr *msg, size_t len, int flags,
0795          int *addr_len)
0796 {
0797     const struct dccp_hdr *dh;
0798     long timeo;
0799
0800     lock_sock(sk);
0801
0802     if (sk->sk_state == DCCP_LISTEN) {
0803         len = -ENOTCONN;
0804         goto out;
0805     }
0806
0807     timeo = sock_rcvtimeo(sk, flags & MSG_DONTWAIT);
0808
0809     do {
0810         struct sk_buff *skb = skb_peek(&sk->sk_receive_queue);
0811
0812         if (skb == NULL)
0813             goto verify_sock_status;
0814
0815         dh = dccp_hdr(skb);
0816
0817         switch (dh->dccph_type) {
0818         case DCCP_PKT_DATA:
0819         case DCCP_PKT_DATAACK:
0820             goto found_ok_skb;
0821
0822         case DCCP_PKT_CLOSE:
0823         case DCCP_PKT_CLOSEREQ:
0824             if (!(flags & MSG_PEEK))
0825                 dccp_finish_passive_close(sk);
0826             fallthrough;
0827         case DCCP_PKT_RESET:
0828             dccp_pr_debug("found fin (%s) ok!\n",
0829                       dccp_packet_name(dh->dccph_type));
0830             len = 0;
0831             goto found_fin_ok;
0832         default:
0833             dccp_pr_debug("packet_type=%s\n",
0834                       dccp_packet_name(dh->dccph_type));
0835             sk_eat_skb(sk, skb);
0836         }
0837 verify_sock_status:
0838         if (sock_flag(sk, SOCK_DONE)) {
0839             len = 0;
0840             break;
0841         }
0842
0843         if (sk->sk_err) {
0844             len = sock_error(sk);
0845             break;
0846         }
0847
0848         if (sk->sk_shutdown & RCV_SHUTDOWN) {
0849             len = 0;
0850             break;
0851         }
0852
0853         if (sk->sk_state == DCCP_CLOSED) {
0854             if (!sock_flag(sk, SOCK_DONE)) {
0855                 /* This occurs when user tries to read
0856                  * from never connected socket.
0857                  */
0858                 len = -ENOTCONN;
0859                 break;
0860             }
0861             len = 0;
0862             break;
0863         }
0864
0865         if (!timeo) {
0866             len = -EAGAIN;
0867             break;
0868         }
0869
0870         if (signal_pending(current)) {
0871             len = sock_intr_errno(timeo);
0872             break;
0873         }
0874
0875         sk_wait_data(sk, &timeo, NULL);
0876         continue;
0877     found_ok_skb:
0878         if (len > skb->len)
0879             len = skb->len;
0880         else if (len < skb->len)
0881             msg->msg_flags |= MSG_TRUNC;
0882
0883         if (skb_copy_datagram_msg(skb, 0, msg, len)) {
0884             /* Exception. Bailout! */
0885             len = -EFAULT;
0886             break;
0887         }
0888         if (flags & MSG_TRUNC)
0889             len = skb->len;
0890     found_fin_ok:
0891         if (!(flags & MSG_PEEK))
0892             sk_eat_skb(sk, skb);
0893         break;
0894     } while (1);
0895 out:
0896     release_sock(sk);
0897     return len;
0898 }
0899
0900 EXPORT_SYMBOL_GPL(dccp_recvmsg);
0901
0902 int inet_dccp_listen(struct socket *sock, int backlog)
0903 {
0904     struct sock *sk = sock->sk;
0905     unsigned char old_state;
0906     int err;
0907
0908     lock_sock(sk);
0909
0910     err = -EINVAL;
0911     if (sock->state != SS_UNCONNECTED || sock->type != SOCK_DCCP)
0912         goto out;
0913
0914     old_state = sk->sk_state;
0915     if (!((1 << old_state) & (DCCPF_CLOSED | DCCPF_LISTEN)))
0916         goto out;
0917
0918     WRITE_ONCE(sk->sk_max_ack_backlog, backlog);
0919     /* Really, if the socket is already in listen state
0920      * we can only allow the backlog to be adjusted.
0921      */
0922     if (old_state != DCCP_LISTEN) {
0923         struct dccp_sock *dp = dccp_sk(sk);
0924
0925         dp->dccps_role = DCCP_ROLE_LISTEN;
0926
0927         /* do not start to listen if feature negotiation setup fails */
0928         if (dccp_feat_finalise_settings(dp)) {
0929             err = -EPROTO;
0930             goto out;
0931         }
0932
0933         err = inet_csk_listen_start(sk);
0934         if (err)
0935             goto out;
0936     }
0937     err = 0;
0938
0939 out:
0940     release_sock(sk);
0941     return err;
0942 }
0943
0944 EXPORT_SYMBOL_GPL(inet_dccp_listen);
0945
0946 static void dccp_terminate_connection(struct sock *sk)
0947 {
0948     u8 next_state = DCCP_CLOSED;
0949
0950     switch (sk->sk_state) {
0951     case DCCP_PASSIVE_CLOSE:
0952     case DCCP_PASSIVE_CLOSEREQ:
0953         dccp_finish_passive_close(sk);
0954         break;
0955     case DCCP_PARTOPEN:
0956         dccp_pr_debug("Stop PARTOPEN timer (%p)\n", sk);
0957         inet_csk_clear_xmit_timer(sk, ICSK_TIME_DACK);
0958         fallthrough;
0959     case DCCP_OPEN:
0960         dccp_send_close(sk, 1);
0961
0962         if (dccp_sk(sk)->dccps_role == DCCP_ROLE_SERVER &&
0963             !dccp_sk(sk)->dccps_server_timewait)
0964             next_state = DCCP_ACTIVE_CLOSEREQ;
0965         else
0966             next_state = DCCP_CLOSING;
0967         fallthrough;
0968     default:
0969         dccp_set_state(sk, next_state);
0970     }
0971 }
0972
0973 void dccp_close(struct sock *sk, long timeout)
0974 {
0975     struct dccp_sock *dp = dccp_sk(sk);
0976     struct sk_buff *skb;
0977     u32 data_was_unread = 0;
0978     int state;
0979
0980     lock_sock(sk);
0981
0982     sk->sk_shutdown = SHUTDOWN_MASK;
0983
0984     if (sk->sk_state == DCCP_LISTEN) {
0985         dccp_set_state(sk, DCCP_CLOSED);
0986
0987         /* Special case. */
0988         inet_csk_listen_stop(sk);
0989
0990         goto adjudge_to_death;
0991     }
0992
0993     sk_stop_timer(sk, &dp->dccps_xmit_timer);
0994
0995     /*
0996      * We need to flush the recv. buffs.  We do this only on the
0997      * descriptor close, not protocol-sourced closes, because the
0998       *reader process may not have drained the data yet!
0999      */
1000     while ((skb = __skb_dequeue(&sk->sk_receive_queue)) != NULL) {
1001         data_was_unread += skb->len;
1002         __kfree_skb(skb);
1003     }
1004
1005     /* If socket has been already reset kill it. */
1006     if (sk->sk_state == DCCP_CLOSED)
1007         goto adjudge_to_death;
1008
1009     if (data_was_unread) {
1010         /* Unread data was tossed, send an appropriate Reset Code */
1011         DCCP_WARN("ABORT with %u bytes unread\n", data_was_unread);
1012         dccp_send_reset(sk, DCCP_RESET_CODE_ABORTED);
1013         dccp_set_state(sk, DCCP_CLOSED);
1014     } else if (sock_flag(sk, SOCK_LINGER) && !sk->sk_lingertime) {
1015         /* Check zero linger _after_ checking for unread data. */
1016         sk->sk_prot->disconnect(sk, 0);
1017     } else if (sk->sk_state != DCCP_CLOSED) {
1018         /*
1019          * Normal connection termination. May need to wait if there are
1020          * still packets in the TX queue that are delayed by the CCID.
1021          */
1022         dccp_flush_write_queue(sk, &timeout);
1023         dccp_terminate_connection(sk);
1024     }
1025
1026     /*
1027      * Flush write queue. This may be necessary in several cases:
1028      * - we have been closed by the peer but still have application data;
1029      * - abortive termination (unread data or zero linger time),
1030      * - normal termination but queue could not be flushed within time limit
1031      */
1032     __skb_queue_purge(&sk->sk_write_queue);
1033
1034     sk_stream_wait_close(sk, timeout);
1035
1036 adjudge_to_death:
1037     state = sk->sk_state;
1038     sock_hold(sk);
1039     sock_orphan(sk);
1040
1041     /*
1042      * It is the last release_sock in its life. It will remove backlog.
1043      */
1044     release_sock(sk);
1045     /*
1046      * Now socket is owned by kernel and we acquire BH lock
1047      * to finish close. No need to check for user refs.
1048      */
1049     local_bh_disable();
1050     bh_lock_sock(sk);
1051     WARN_ON(sock_owned_by_user(sk));
1052
1053     this_cpu_inc(dccp_orphan_count);
1054
1055     /* Have we already been destroyed by a softirq or backlog? */
1056     if (state != DCCP_CLOSED && sk->sk_state == DCCP_CLOSED)
1057         goto out;
1058
1059     if (sk->sk_state == DCCP_CLOSED)
1060         inet_csk_destroy_sock(sk);
1061
1062     /* Otherwise, socket is reprieved until protocol close. */
1063
1064 out:
1065     bh_unlock_sock(sk);
1066     local_bh_enable();
1067     sock_put(sk);
1068 }
1069
1070 EXPORT_SYMBOL_GPL(dccp_close);
1071
1072 void dccp_shutdown(struct sock *sk, int how)
1073 {
1074     dccp_pr_debug("called shutdown(%x)\n", how);
1075 }
1076
1077 EXPORT_SYMBOL_GPL(dccp_shutdown);
1078
1079 static inline int __init dccp_mib_init(void)
1080 {
1081     dccp_statistics = alloc_percpu(struct dccp_mib);
1082     if (!dccp_statistics)
1083         return -ENOMEM;
1084     return 0;
1085 }
1086
1087 static inline void dccp_mib_exit(void)
1088 {
1089     free_percpu(dccp_statistics);
1090 }
1091
1092 static int thash_entries;
1093 module_param(thash_entries, int, 0444);
1094 MODULE_PARM_DESC(thash_entries, "Number of ehash buckets");
1095
1096 #ifdef CONFIG_IP_DCCP_DEBUG
1097 bool dccp_debug;
1098 module_param(dccp_debug, bool, 0644);
1099 MODULE_PARM_DESC(dccp_debug, "Enable debug messages");
1100
1101 EXPORT_SYMBOL_GPL(dccp_debug);
1102 #endif
1103
1104 static int __init dccp_init(void)
1105 {
1106     unsigned long goal;
1107     unsigned long nr_pages = totalram_pages();
1108     int ehash_order, bhash_order, i;
1109     int rc;
1110
1111     BUILD_BUG_ON(sizeof(struct dccp_skb_cb) >
1112              sizeof_field(struct sk_buff, cb));
1113     rc = inet_hashinfo2_init_mod(&dccp_hashinfo);
1114     if (rc)
1115         goto out_fail;
1116     rc = -ENOBUFS;
1117     dccp_hashinfo.bind_bucket_cachep =
1118         kmem_cache_create("dccp_bind_bucket",
1119                   sizeof(struct inet_bind_bucket), 0,
1120                   SLAB_HWCACHE_ALIGN | SLAB_ACCOUNT, NULL);
1121     if (!dccp_hashinfo.bind_bucket_cachep)
1122         goto out_free_hashinfo2;
1123
1124     /*
1125      * Size and allocate the main established and bind bucket
1126      * hash tables.
1127      *
1128      * The methodology is similar to that of the buffer cache.
1129      */
1130     if (nr_pages >= (128 * 1024))
1131         goal = nr_pages >> (21 - PAGE_SHIFT);
1132     else
1133         goal = nr_pages >> (23 - PAGE_SHIFT);
1134
1135     if (thash_entries)
1136         goal = (thash_entries *
1137             sizeof(struct inet_ehash_bucket)) >> PAGE_SHIFT;
1138     for (ehash_order = 0; (1UL << ehash_order) < goal; ehash_order++)
1139         ;
1140     do {
1141         unsigned long hash_size = (1UL << ehash_order) * PAGE_SIZE /
1142                     sizeof(struct inet_ehash_bucket);
1143
1144         while (hash_size & (hash_size - 1))
1145             hash_size--;
1146         dccp_hashinfo.ehash_mask = hash_size - 1;
1147         dccp_hashinfo.ehash = (struct inet_ehash_bucket *)
1148             __get_free_pages(GFP_ATOMIC|__GFP_NOWARN, ehash_order);
1149     } while (!dccp_hashinfo.ehash && --ehash_order > 0);
1150
1151     if (!dccp_hashinfo.ehash) {
1152         DCCP_CRIT("Failed to allocate DCCP established hash table");
1153         goto out_free_bind_bucket_cachep;
1154     }
1155
1156     for (i = 0; i <= dccp_hashinfo.ehash_mask; i++)
1157         INIT_HLIST_NULLS_HEAD(&dccp_hashinfo.ehash[i].chain, i);
1158
1159     if (inet_ehash_locks_alloc(&dccp_hashinfo))
1160             goto out_free_dccp_ehash;
1161
1162     bhash_order = ehash_order;
1163
1164     do {
1165         dccp_hashinfo.bhash_size = (1UL << bhash_order) * PAGE_SIZE /
1166                     sizeof(struct inet_bind_hashbucket);
1167         if ((dccp_hashinfo.bhash_size > (64 * 1024)) &&
1168             bhash_order > 0)
1169             continue;
1170         dccp_hashinfo.bhash = (struct inet_bind_hashbucket *)
1171             __get_free_pages(GFP_ATOMIC|__GFP_NOWARN, bhash_order);
1172     } while (!dccp_hashinfo.bhash && --bhash_order >= 0);
1173
1174     if (!dccp_hashinfo.bhash) {
1175         DCCP_CRIT("Failed to allocate DCCP bind hash table");
1176         goto out_free_dccp_locks;
1177     }
1178
1179     for (i = 0; i < dccp_hashinfo.bhash_size; i++) {
1180         spin_lock_init(&dccp_hashinfo.bhash[i].lock);
1181         INIT_HLIST_HEAD(&dccp_hashinfo.bhash[i].chain);
1182     }
1183
1184     rc = dccp_mib_init();
1185     if (rc)
1186         goto out_free_dccp_bhash;
1187
1188     rc = dccp_ackvec_init();
1189     if (rc)
1190         goto out_free_dccp_mib;
1191
1192     rc = dccp_sysctl_init();
1193     if (rc)
1194         goto out_ackvec_exit;
1195
1196     rc = ccid_initialize_builtins();
1197     if (rc)
1198         goto out_sysctl_exit;
1199
1200     dccp_timestamping_init();
1201
1202     return 0;
1203
1204 out_sysctl_exit:
1205     dccp_sysctl_exit();
1206 out_ackvec_exit:
1207     dccp_ackvec_exit();
1208 out_free_dccp_mib:
1209     dccp_mib_exit();
1210 out_free_dccp_bhash:
1211     free_pages((unsigned long)dccp_hashinfo.bhash, bhash_order);
1212 out_free_dccp_locks:
1213     inet_ehash_locks_free(&dccp_hashinfo);
1214 out_free_dccp_ehash:
1215     free_pages((unsigned long)dccp_hashinfo.ehash, ehash_order);
1216 out_free_bind_bucket_cachep:
1217     kmem_cache_destroy(dccp_hashinfo.bind_bucket_cachep);
1218 out_free_hashinfo2:
1219     inet_hashinfo2_free_mod(&dccp_hashinfo);
1220 out_fail:
1221     dccp_hashinfo.bhash = NULL;
1222     dccp_hashinfo.ehash = NULL;
1223     dccp_hashinfo.bind_bucket_cachep = NULL;
1224     return rc;
1225 }
1226
1227 static void __exit dccp_fini(void)
1228 {
1229     ccid_cleanup_builtins();
1230     dccp_mib_exit();
1231     free_pages((unsigned long)dccp_hashinfo.bhash,
1232            get_order(dccp_hashinfo.bhash_size *
1233                  sizeof(struct inet_bind_hashbucket)));
1234     free_pages((unsigned long)dccp_hashinfo.ehash,
1235            get_order((dccp_hashinfo.ehash_mask + 1) *
1236                  sizeof(struct inet_ehash_bucket)));
1237     inet_ehash_locks_free(&dccp_hashinfo);
1238     kmem_cache_destroy(dccp_hashinfo.bind_bucket_cachep);
1239     dccp_ackvec_exit();
1240     dccp_sysctl_exit();
1241     inet_hashinfo2_free_mod(&dccp_hashinfo);
1242 }
1243
1244 module_init(dccp_init);
1245 module_exit(dccp_fini);
1246
1247 MODULE_LICENSE("GPL");
1248 MODULE_AUTHOR("Arnaldo Carvalho de Melo <acme@conectiva.com.br>");
1249 MODULE_DESCRIPTION("DCCP - Datagram Congestion Controlled Protocol");