linux/net/netfilter/nf_conntrack_proto_dccp.c
<<
>>
Prefs
   1// SPDX-License-Identifier: GPL-2.0-only
   2/*
   3 * DCCP connection tracking protocol helper
   4 *
   5 * Copyright (c) 2005, 2006, 2008 Patrick McHardy <kaber@trash.net>
   6 */
   7#include <linux/kernel.h>
   8#include <linux/init.h>
   9#include <linux/sysctl.h>
  10#include <linux/spinlock.h>
  11#include <linux/skbuff.h>
  12#include <linux/dccp.h>
  13#include <linux/slab.h>
  14
  15#include <net/net_namespace.h>
  16#include <net/netns/generic.h>
  17
  18#include <linux/netfilter/nfnetlink_conntrack.h>
  19#include <net/netfilter/nf_conntrack.h>
  20#include <net/netfilter/nf_conntrack_l4proto.h>
  21#include <net/netfilter/nf_conntrack_ecache.h>
  22#include <net/netfilter/nf_conntrack_timeout.h>
  23#include <net/netfilter/nf_log.h>
  24
  25/* Timeouts are based on values from RFC4340:
  26 *
  27 * - REQUEST:
  28 *
  29 *   8.1.2. Client Request
  30 *
  31 *   A client MAY give up on its DCCP-Requests after some time
  32 *   (3 minutes, for example).
  33 *
  34 * - RESPOND:
  35 *
  36 *   8.1.3. Server Response
  37 *
  38 *   It MAY also leave the RESPOND state for CLOSED after a timeout of
  39 *   not less than 4MSL (8 minutes);
  40 *
  41 * - PARTOPEN:
  42 *
  43 *   8.1.5. Handshake Completion
  44 *
  45 *   If the client remains in PARTOPEN for more than 4MSL (8 minutes),
  46 *   it SHOULD reset the connection with Reset Code 2, "Aborted".
  47 *
  48 * - OPEN:
  49 *
  50 *   The DCCP timestamp overflows after 11.9 hours. If the connection
  51 *   stays idle this long the sequence number won't be recognized
  52 *   as valid anymore.
  53 *
  54 * - CLOSEREQ/CLOSING:
  55 *
  56 *   8.3. Termination
  57 *
  58 *   The retransmission timer should initially be set to go off in two
  59 *   round-trip times and should back off to not less than once every
  60 *   64 seconds ...
  61 *
  62 * - TIMEWAIT:
  63 *
  64 *   4.3. States
  65 *
  66 *   A server or client socket remains in this state for 2MSL (4 minutes)
  67 *   after the connection has been town down, ...
  68 */
  69
  70#define DCCP_MSL (2 * 60 * HZ)
  71
  72static const char * const dccp_state_names[] = {
  73        [CT_DCCP_NONE]          = "NONE",
  74        [CT_DCCP_REQUEST]       = "REQUEST",
  75        [CT_DCCP_RESPOND]       = "RESPOND",
  76        [CT_DCCP_PARTOPEN]      = "PARTOPEN",
  77        [CT_DCCP_OPEN]          = "OPEN",
  78        [CT_DCCP_CLOSEREQ]      = "CLOSEREQ",
  79        [CT_DCCP_CLOSING]       = "CLOSING",
  80        [CT_DCCP_TIMEWAIT]      = "TIMEWAIT",
  81        [CT_DCCP_IGNORE]        = "IGNORE",
  82        [CT_DCCP_INVALID]       = "INVALID",
  83};
  84
  85#define sNO     CT_DCCP_NONE
  86#define sRQ     CT_DCCP_REQUEST
  87#define sRS     CT_DCCP_RESPOND
  88#define sPO     CT_DCCP_PARTOPEN
  89#define sOP     CT_DCCP_OPEN
  90#define sCR     CT_DCCP_CLOSEREQ
  91#define sCG     CT_DCCP_CLOSING
  92#define sTW     CT_DCCP_TIMEWAIT
  93#define sIG     CT_DCCP_IGNORE
  94#define sIV     CT_DCCP_INVALID
  95
  96/*
  97 * DCCP state transition table
  98 *
  99 * The assumption is the same as for TCP tracking:
 100 *
 101 * We are the man in the middle. All the packets go through us but might
 102 * get lost in transit to the destination. It is assumed that the destination
 103 * can't receive segments we haven't seen.
 104 *
 105 * The following states exist:
 106 *
 107 * NONE:        Initial state, expecting Request
 108 * REQUEST:     Request seen, waiting for Response from server
 109 * RESPOND:     Response from server seen, waiting for Ack from client
 110 * PARTOPEN:    Ack after Response seen, waiting for packet other than Response,
 111 *              Reset or Sync from server
 112 * OPEN:        Packet other than Response, Reset or Sync seen
 113 * CLOSEREQ:    CloseReq from server seen, expecting Close from client
 114 * CLOSING:     Close seen, expecting Reset
 115 * TIMEWAIT:    Reset seen
 116 * IGNORE:      Not determinable whether packet is valid
 117 *
 118 * Some states exist only on one side of the connection: REQUEST, RESPOND,
 119 * PARTOPEN, CLOSEREQ. For the other side these states are equivalent to
 120 * the one it was in before.
 121 *
 122 * Packets are marked as ignored (sIG) if we don't know if they're valid
 123 * (for example a reincarnation of a connection we didn't notice is dead
 124 * already) and the server may send back a connection closing Reset or a
 125 * Response. They're also used for Sync/SyncAck packets, which we don't
 126 * care about.
 127 */
 128static const u_int8_t
 129dccp_state_table[CT_DCCP_ROLE_MAX + 1][DCCP_PKT_SYNCACK + 1][CT_DCCP_MAX + 1] = {
 130        [CT_DCCP_ROLE_CLIENT] = {
 131                [DCCP_PKT_REQUEST] = {
 132                /*
 133                 * sNO -> sRQ           Regular Request
 134                 * sRQ -> sRQ           Retransmitted Request or reincarnation
 135                 * sRS -> sRS           Retransmitted Request (apparently Response
 136                 *                      got lost after we saw it) or reincarnation
 137                 * sPO -> sIG           Ignore, conntrack might be out of sync
 138                 * sOP -> sIG           Ignore, conntrack might be out of sync
 139                 * sCR -> sIG           Ignore, conntrack might be out of sync
 140                 * sCG -> sIG           Ignore, conntrack might be out of sync
 141                 * sTW -> sRQ           Reincarnation
 142                 *
 143                 *      sNO, sRQ, sRS, sPO. sOP, sCR, sCG, sTW, */
 144                        sRQ, sRQ, sRS, sIG, sIG, sIG, sIG, sRQ,
 145                },
 146                [DCCP_PKT_RESPONSE] = {
 147                /*
 148                 * sNO -> sIV           Invalid
 149                 * sRQ -> sIG           Ignore, might be response to ignored Request
 150                 * sRS -> sIG           Ignore, might be response to ignored Request
 151                 * sPO -> sIG           Ignore, might be response to ignored Request
 152                 * sOP -> sIG           Ignore, might be response to ignored Request
 153                 * sCR -> sIG           Ignore, might be response to ignored Request
 154                 * sCG -> sIG           Ignore, might be response to ignored Request
 155                 * sTW -> sIV           Invalid, reincarnation in reverse direction
 156                 *                      goes through sRQ
 157                 *
 158                 *      sNO, sRQ, sRS, sPO, sOP, sCR, sCG, sTW */
 159                        sIV, sIG, sIG, sIG, sIG, sIG, sIG, sIV,
 160                },
 161                [DCCP_PKT_ACK] = {
 162                /*
 163                 * sNO -> sIV           No connection
 164                 * sRQ -> sIV           No connection
 165                 * sRS -> sPO           Ack for Response, move to PARTOPEN (8.1.5.)
 166                 * sPO -> sPO           Retransmitted Ack for Response, remain in PARTOPEN
 167                 * sOP -> sOP           Regular ACK, remain in OPEN
 168                 * sCR -> sCR           Ack in CLOSEREQ MAY be processed (8.3.)
 169                 * sCG -> sCG           Ack in CLOSING MAY be processed (8.3.)
 170                 * sTW -> sIV
 171                 *
 172                 *      sNO, sRQ, sRS, sPO, sOP, sCR, sCG, sTW */
 173                        sIV, sIV, sPO, sPO, sOP, sCR, sCG, sIV
 174                },
 175                [DCCP_PKT_DATA] = {
 176                /*
 177                 * sNO -> sIV           No connection
 178                 * sRQ -> sIV           No connection
 179                 * sRS -> sIV           No connection
 180                 * sPO -> sIV           MUST use DataAck in PARTOPEN state (8.1.5.)
 181                 * sOP -> sOP           Regular Data packet
 182                 * sCR -> sCR           Data in CLOSEREQ MAY be processed (8.3.)
 183                 * sCG -> sCG           Data in CLOSING MAY be processed (8.3.)
 184                 * sTW -> sIV
 185                 *
 186                 *      sNO, sRQ, sRS, sPO, sOP, sCR, sCG, sTW */
 187                        sIV, sIV, sIV, sIV, sOP, sCR, sCG, sIV,
 188                },
 189                [DCCP_PKT_DATAACK] = {
 190                /*
 191                 * sNO -> sIV           No connection
 192                 * sRQ -> sIV           No connection
 193                 * sRS -> sPO           Ack for Response, move to PARTOPEN (8.1.5.)
 194                 * sPO -> sPO           Remain in PARTOPEN state
 195                 * sOP -> sOP           Regular DataAck packet in OPEN state
 196                 * sCR -> sCR           DataAck in CLOSEREQ MAY be processed (8.3.)
 197                 * sCG -> sCG           DataAck in CLOSING MAY be processed (8.3.)
 198                 * sTW -> sIV
 199                 *
 200                 *      sNO, sRQ, sRS, sPO, sOP, sCR, sCG, sTW */
 201                        sIV, sIV, sPO, sPO, sOP, sCR, sCG, sIV
 202                },
 203                [DCCP_PKT_CLOSEREQ] = {
 204                /*
 205                 * CLOSEREQ may only be sent by the server.
 206                 *
 207                 *      sNO, sRQ, sRS, sPO, sOP, sCR, sCG, sTW */
 208                        sIV, sIV, sIV, sIV, sIV, sIV, sIV, sIV
 209                },
 210                [DCCP_PKT_CLOSE] = {
 211                /*
 212                 * sNO -> sIV           No connection
 213                 * sRQ -> sIV           No connection
 214                 * sRS -> sIV           No connection
 215                 * sPO -> sCG           Client-initiated close
 216                 * sOP -> sCG           Client-initiated close
 217                 * sCR -> sCG           Close in response to CloseReq (8.3.)
 218                 * sCG -> sCG           Retransmit
 219                 * sTW -> sIV           Late retransmit, already in TIME_WAIT
 220                 *
 221                 *      sNO, sRQ, sRS, sPO, sOP, sCR, sCG, sTW */
 222                        sIV, sIV, sIV, sCG, sCG, sCG, sIV, sIV
 223                },
 224                [DCCP_PKT_RESET] = {
 225                /*
 226                 * sNO -> sIV           No connection
 227                 * sRQ -> sTW           Sync received or timeout, SHOULD send Reset (8.1.1.)
 228                 * sRS -> sTW           Response received without Request
 229                 * sPO -> sTW           Timeout, SHOULD send Reset (8.1.5.)
 230                 * sOP -> sTW           Connection reset
 231                 * sCR -> sTW           Connection reset
 232                 * sCG -> sTW           Connection reset
 233                 * sTW -> sIG           Ignore (don't refresh timer)
 234                 *
 235                 *      sNO, sRQ, sRS, sPO, sOP, sCR, sCG, sTW */
 236                        sIV, sTW, sTW, sTW, sTW, sTW, sTW, sIG
 237                },
 238                [DCCP_PKT_SYNC] = {
 239                /*
 240                 * We currently ignore Sync packets
 241                 *
 242                 *      sNO, sRQ, sRS, sPO, sOP, sCR, sCG, sTW */
 243                        sIV, sIG, sIG, sIG, sIG, sIG, sIG, sIG,
 244                },
 245                [DCCP_PKT_SYNCACK] = {
 246                /*
 247                 * We currently ignore SyncAck packets
 248                 *
 249                 *      sNO, sRQ, sRS, sPO, sOP, sCR, sCG, sTW */
 250                        sIV, sIG, sIG, sIG, sIG, sIG, sIG, sIG,
 251                },
 252        },
 253        [CT_DCCP_ROLE_SERVER] = {
 254                [DCCP_PKT_REQUEST] = {
 255                /*
 256                 * sNO -> sIV           Invalid
 257                 * sRQ -> sIG           Ignore, conntrack might be out of sync
 258                 * sRS -> sIG           Ignore, conntrack might be out of sync
 259                 * sPO -> sIG           Ignore, conntrack might be out of sync
 260                 * sOP -> sIG           Ignore, conntrack might be out of sync
 261                 * sCR -> sIG           Ignore, conntrack might be out of sync
 262                 * sCG -> sIG           Ignore, conntrack might be out of sync
 263                 * sTW -> sRQ           Reincarnation, must reverse roles
 264                 *
 265                 *      sNO, sRQ, sRS, sPO, sOP, sCR, sCG, sTW */
 266                        sIV, sIG, sIG, sIG, sIG, sIG, sIG, sRQ
 267                },
 268                [DCCP_PKT_RESPONSE] = {
 269                /*
 270                 * sNO -> sIV           Response without Request
 271                 * sRQ -> sRS           Response to clients Request
 272                 * sRS -> sRS           Retransmitted Response (8.1.3. SHOULD NOT)
 273                 * sPO -> sIG           Response to an ignored Request or late retransmit
 274                 * sOP -> sIG           Ignore, might be response to ignored Request
 275                 * sCR -> sIG           Ignore, might be response to ignored Request
 276                 * sCG -> sIG           Ignore, might be response to ignored Request
 277                 * sTW -> sIV           Invalid, Request from client in sTW moves to sRQ
 278                 *
 279                 *      sNO, sRQ, sRS, sPO, sOP, sCR, sCG, sTW */
 280                        sIV, sRS, sRS, sIG, sIG, sIG, sIG, sIV
 281                },
 282                [DCCP_PKT_ACK] = {
 283                /*
 284                 * sNO -> sIV           No connection
 285                 * sRQ -> sIV           No connection
 286                 * sRS -> sIV           No connection
 287                 * sPO -> sOP           Enter OPEN state (8.1.5.)
 288                 * sOP -> sOP           Regular Ack in OPEN state
 289                 * sCR -> sIV           Waiting for Close from client
 290                 * sCG -> sCG           Ack in CLOSING MAY be processed (8.3.)
 291                 * sTW -> sIV
 292                 *
 293                 *      sNO, sRQ, sRS, sPO, sOP, sCR, sCG, sTW */
 294                        sIV, sIV, sIV, sOP, sOP, sIV, sCG, sIV
 295                },
 296                [DCCP_PKT_DATA] = {
 297                /*
 298                 * sNO -> sIV           No connection
 299                 * sRQ -> sIV           No connection
 300                 * sRS -> sIV           No connection
 301                 * sPO -> sOP           Enter OPEN state (8.1.5.)
 302                 * sOP -> sOP           Regular Data packet in OPEN state
 303                 * sCR -> sIV           Waiting for Close from client
 304                 * sCG -> sCG           Data in CLOSING MAY be processed (8.3.)
 305                 * sTW -> sIV
 306                 *
 307                 *      sNO, sRQ, sRS, sPO, sOP, sCR, sCG, sTW */
 308                        sIV, sIV, sIV, sOP, sOP, sIV, sCG, sIV
 309                },
 310                [DCCP_PKT_DATAACK] = {
 311                /*
 312                 * sNO -> sIV           No connection
 313                 * sRQ -> sIV           No connection
 314                 * sRS -> sIV           No connection
 315                 * sPO -> sOP           Enter OPEN state (8.1.5.)
 316                 * sOP -> sOP           Regular DataAck in OPEN state
 317                 * sCR -> sIV           Waiting for Close from client
 318                 * sCG -> sCG           Data in CLOSING MAY be processed (8.3.)
 319                 * sTW -> sIV
 320                 *
 321                 *      sNO, sRQ, sRS, sPO, sOP, sCR, sCG, sTW */
 322                        sIV, sIV, sIV, sOP, sOP, sIV, sCG, sIV
 323                },
 324                [DCCP_PKT_CLOSEREQ] = {
 325                /*
 326                 * sNO -> sIV           No connection
 327                 * sRQ -> sIV           No connection
 328                 * sRS -> sIV           No connection
 329                 * sPO -> sOP -> sCR    Move directly to CLOSEREQ (8.1.5.)
 330                 * sOP -> sCR           CloseReq in OPEN state
 331                 * sCR -> sCR           Retransmit
 332                 * sCG -> sCR           Simultaneous close, client sends another Close
 333                 * sTW -> sIV           Already closed
 334                 *
 335                 *      sNO, sRQ, sRS, sPO, sOP, sCR, sCG, sTW */
 336                        sIV, sIV, sIV, sCR, sCR, sCR, sCR, sIV
 337                },
 338                [DCCP_PKT_CLOSE] = {
 339                /*
 340                 * sNO -> sIV           No connection
 341                 * sRQ -> sIV           No connection
 342                 * sRS -> sIV           No connection
 343                 * sPO -> sOP -> sCG    Move direcly to CLOSING
 344                 * sOP -> sCG           Move to CLOSING
 345                 * sCR -> sIV           Close after CloseReq is invalid
 346                 * sCG -> sCG           Retransmit
 347                 * sTW -> sIV           Already closed
 348                 *
 349                 *      sNO, sRQ, sRS, sPO, sOP, sCR, sCG, sTW */
 350                        sIV, sIV, sIV, sCG, sCG, sIV, sCG, sIV
 351                },
 352                [DCCP_PKT_RESET] = {
 353                /*
 354                 * sNO -> sIV           No connection
 355                 * sRQ -> sTW           Reset in response to Request
 356                 * sRS -> sTW           Timeout, SHOULD send Reset (8.1.3.)
 357                 * sPO -> sTW           Timeout, SHOULD send Reset (8.1.3.)
 358                 * sOP -> sTW
 359                 * sCR -> sTW
 360                 * sCG -> sTW
 361                 * sTW -> sIG           Ignore (don't refresh timer)
 362                 *
 363                 *      sNO, sRQ, sRS, sPO, sOP, sCR, sCG, sTW, sTW */
 364                        sIV, sTW, sTW, sTW, sTW, sTW, sTW, sTW, sIG
 365                },
 366                [DCCP_PKT_SYNC] = {
 367                /*
 368                 * We currently ignore Sync packets
 369                 *
 370                 *      sNO, sRQ, sRS, sPO, sOP, sCR, sCG, sTW */
 371                        sIV, sIG, sIG, sIG, sIG, sIG, sIG, sIG,
 372                },
 373                [DCCP_PKT_SYNCACK] = {
 374                /*
 375                 * We currently ignore SyncAck packets
 376                 *
 377                 *      sNO, sRQ, sRS, sPO, sOP, sCR, sCG, sTW */
 378                        sIV, sIG, sIG, sIG, sIG, sIG, sIG, sIG,
 379                },
 380        },
 381};
 382
 383static noinline bool
 384dccp_new(struct nf_conn *ct, const struct sk_buff *skb,
 385         const struct dccp_hdr *dh,
 386         const struct nf_hook_state *hook_state)
 387{
 388        struct net *net = nf_ct_net(ct);
 389        struct nf_dccp_net *dn;
 390        const char *msg;
 391        u_int8_t state;
 392
 393        state = dccp_state_table[CT_DCCP_ROLE_CLIENT][dh->dccph_type][CT_DCCP_NONE];
 394        switch (state) {
 395        default:
 396                dn = nf_dccp_pernet(net);
 397                if (dn->dccp_loose == 0) {
 398                        msg = "not picking up existing connection ";
 399                        goto out_invalid;
 400                }
 401                break;
 402        case CT_DCCP_REQUEST:
 403                break;
 404        case CT_DCCP_INVALID:
 405                msg = "invalid state transition ";
 406                goto out_invalid;
 407        }
 408
 409        ct->proto.dccp.role[IP_CT_DIR_ORIGINAL] = CT_DCCP_ROLE_CLIENT;
 410        ct->proto.dccp.role[IP_CT_DIR_REPLY] = CT_DCCP_ROLE_SERVER;
 411        ct->proto.dccp.state = CT_DCCP_NONE;
 412        ct->proto.dccp.last_pkt = DCCP_PKT_REQUEST;
 413        ct->proto.dccp.last_dir = IP_CT_DIR_ORIGINAL;
 414        ct->proto.dccp.handshake_seq = 0;
 415        return true;
 416
 417out_invalid:
 418        nf_ct_l4proto_log_invalid(skb, ct, hook_state, "%s", msg);
 419        return false;
 420}
 421
 422static u64 dccp_ack_seq(const struct dccp_hdr *dh)
 423{
 424        const struct dccp_hdr_ack_bits *dhack;
 425
 426        dhack = (void *)dh + __dccp_basic_hdr_len(dh);
 427        return ((u64)ntohs(dhack->dccph_ack_nr_high) << 32) +
 428                     ntohl(dhack->dccph_ack_nr_low);
 429}
 430
 431static bool dccp_error(const struct dccp_hdr *dh,
 432                       struct sk_buff *skb, unsigned int dataoff,
 433                       const struct nf_hook_state *state)
 434{
 435        unsigned int dccp_len = skb->len - dataoff;
 436        unsigned int cscov;
 437        const char *msg;
 438
 439        if (dh->dccph_doff * 4 < sizeof(struct dccp_hdr) ||
 440            dh->dccph_doff * 4 > dccp_len) {
 441                msg = "nf_ct_dccp: truncated/malformed packet ";
 442                goto out_invalid;
 443        }
 444
 445        cscov = dccp_len;
 446        if (dh->dccph_cscov) {
 447                cscov = (dh->dccph_cscov - 1) * 4;
 448                if (cscov > dccp_len) {
 449                        msg = "nf_ct_dccp: bad checksum coverage ";
 450                        goto out_invalid;
 451                }
 452        }
 453
 454        if (state->hook == NF_INET_PRE_ROUTING &&
 455            state->net->ct.sysctl_checksum &&
 456            nf_checksum_partial(skb, state->hook, dataoff, cscov,
 457                                IPPROTO_DCCP, state->pf)) {
 458                msg = "nf_ct_dccp: bad checksum ";
 459                goto out_invalid;
 460        }
 461
 462        if (dh->dccph_type >= DCCP_PKT_INVALID) {
 463                msg = "nf_ct_dccp: reserved packet type ";
 464                goto out_invalid;
 465        }
 466        return false;
 467out_invalid:
 468        nf_l4proto_log_invalid(skb, state, IPPROTO_DCCP, "%s", msg);
 469        return true;
 470}
 471
 472int nf_conntrack_dccp_packet(struct nf_conn *ct, struct sk_buff *skb,
 473                             unsigned int dataoff,
 474                             enum ip_conntrack_info ctinfo,
 475                             const struct nf_hook_state *state)
 476{
 477        enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
 478        struct dccp_hdr _dh, *dh;
 479        u_int8_t type, old_state, new_state;
 480        enum ct_dccp_roles role;
 481        unsigned int *timeouts;
 482
 483        dh = skb_header_pointer(skb, dataoff, sizeof(_dh), &_dh);
 484        if (!dh)
 485                return NF_DROP;
 486
 487        if (dccp_error(dh, skb, dataoff, state))
 488                return -NF_ACCEPT;
 489
 490        type = dh->dccph_type;
 491        if (!nf_ct_is_confirmed(ct) && !dccp_new(ct, skb, dh, state))
 492                return -NF_ACCEPT;
 493
 494        if (type == DCCP_PKT_RESET &&
 495            !test_bit(IPS_SEEN_REPLY_BIT, &ct->status)) {
 496                /* Tear down connection immediately if only reply is a RESET */
 497                nf_ct_kill_acct(ct, ctinfo, skb);
 498                return NF_ACCEPT;
 499        }
 500
 501        spin_lock_bh(&ct->lock);
 502
 503        role = ct->proto.dccp.role[dir];
 504        old_state = ct->proto.dccp.state;
 505        new_state = dccp_state_table[role][type][old_state];
 506
 507        switch (new_state) {
 508        case CT_DCCP_REQUEST:
 509                if (old_state == CT_DCCP_TIMEWAIT &&
 510                    role == CT_DCCP_ROLE_SERVER) {
 511                        /* Reincarnation in the reverse direction: reopen and
 512                         * reverse client/server roles. */
 513                        ct->proto.dccp.role[dir] = CT_DCCP_ROLE_CLIENT;
 514                        ct->proto.dccp.role[!dir] = CT_DCCP_ROLE_SERVER;
 515                }
 516                break;
 517        case CT_DCCP_RESPOND:
 518                if (old_state == CT_DCCP_REQUEST)
 519                        ct->proto.dccp.handshake_seq = dccp_hdr_seq(dh);
 520                break;
 521        case CT_DCCP_PARTOPEN:
 522                if (old_state == CT_DCCP_RESPOND &&
 523                    type == DCCP_PKT_ACK &&
 524                    dccp_ack_seq(dh) == ct->proto.dccp.handshake_seq)
 525                        set_bit(IPS_ASSURED_BIT, &ct->status);
 526                break;
 527        case CT_DCCP_IGNORE:
 528                /*
 529                 * Connection tracking might be out of sync, so we ignore
 530                 * packets that might establish a new connection and resync
 531                 * if the server responds with a valid Response.
 532                 */
 533                if (ct->proto.dccp.last_dir == !dir &&
 534                    ct->proto.dccp.last_pkt == DCCP_PKT_REQUEST &&
 535                    type == DCCP_PKT_RESPONSE) {
 536                        ct->proto.dccp.role[!dir] = CT_DCCP_ROLE_CLIENT;
 537                        ct->proto.dccp.role[dir] = CT_DCCP_ROLE_SERVER;
 538                        ct->proto.dccp.handshake_seq = dccp_hdr_seq(dh);
 539                        new_state = CT_DCCP_RESPOND;
 540                        break;
 541                }
 542                ct->proto.dccp.last_dir = dir;
 543                ct->proto.dccp.last_pkt = type;
 544
 545                spin_unlock_bh(&ct->lock);
 546                nf_ct_l4proto_log_invalid(skb, ct, state, "%s", "invalid packet");
 547                return NF_ACCEPT;
 548        case CT_DCCP_INVALID:
 549                spin_unlock_bh(&ct->lock);
 550                nf_ct_l4proto_log_invalid(skb, ct, state, "%s", "invalid state transition");
 551                return -NF_ACCEPT;
 552        }
 553
 554        ct->proto.dccp.last_dir = dir;
 555        ct->proto.dccp.last_pkt = type;
 556        ct->proto.dccp.state = new_state;
 557        spin_unlock_bh(&ct->lock);
 558
 559        if (new_state != old_state)
 560                nf_conntrack_event_cache(IPCT_PROTOINFO, ct);
 561
 562        timeouts = nf_ct_timeout_lookup(ct);
 563        if (!timeouts)
 564                timeouts = nf_dccp_pernet(nf_ct_net(ct))->dccp_timeout;
 565        nf_ct_refresh_acct(ct, ctinfo, skb, timeouts[new_state]);
 566
 567        return NF_ACCEPT;
 568}
 569
 570static bool dccp_can_early_drop(const struct nf_conn *ct)
 571{
 572        switch (ct->proto.dccp.state) {
 573        case CT_DCCP_CLOSEREQ:
 574        case CT_DCCP_CLOSING:
 575        case CT_DCCP_TIMEWAIT:
 576                return true;
 577        default:
 578                break;
 579        }
 580
 581        return false;
 582}
 583
 584#ifdef CONFIG_NF_CONNTRACK_PROCFS
 585static void dccp_print_conntrack(struct seq_file *s, struct nf_conn *ct)
 586{
 587        seq_printf(s, "%s ", dccp_state_names[ct->proto.dccp.state]);
 588}
 589#endif
 590
 591#if IS_ENABLED(CONFIG_NF_CT_NETLINK)
 592static int dccp_to_nlattr(struct sk_buff *skb, struct nlattr *nla,
 593                          struct nf_conn *ct, bool destroy)
 594{
 595        struct nlattr *nest_parms;
 596
 597        spin_lock_bh(&ct->lock);
 598        nest_parms = nla_nest_start(skb, CTA_PROTOINFO_DCCP);
 599        if (!nest_parms)
 600                goto nla_put_failure;
 601        if (nla_put_u8(skb, CTA_PROTOINFO_DCCP_STATE, ct->proto.dccp.state))
 602                goto nla_put_failure;
 603
 604        if (destroy)
 605                goto skip_state;
 606
 607        if (nla_put_u8(skb, CTA_PROTOINFO_DCCP_ROLE,
 608                       ct->proto.dccp.role[IP_CT_DIR_ORIGINAL]) ||
 609            nla_put_be64(skb, CTA_PROTOINFO_DCCP_HANDSHAKE_SEQ,
 610                         cpu_to_be64(ct->proto.dccp.handshake_seq),
 611                         CTA_PROTOINFO_DCCP_PAD))
 612                goto nla_put_failure;
 613skip_state:
 614        nla_nest_end(skb, nest_parms);
 615        spin_unlock_bh(&ct->lock);
 616
 617        return 0;
 618
 619nla_put_failure:
 620        spin_unlock_bh(&ct->lock);
 621        return -1;
 622}
 623
 624static const struct nla_policy dccp_nla_policy[CTA_PROTOINFO_DCCP_MAX + 1] = {
 625        [CTA_PROTOINFO_DCCP_STATE]      = { .type = NLA_U8 },
 626        [CTA_PROTOINFO_DCCP_ROLE]       = { .type = NLA_U8 },
 627        [CTA_PROTOINFO_DCCP_HANDSHAKE_SEQ] = { .type = NLA_U64 },
 628        [CTA_PROTOINFO_DCCP_PAD]        = { .type = NLA_UNSPEC },
 629};
 630
 631#define DCCP_NLATTR_SIZE ( \
 632        NLA_ALIGN(NLA_HDRLEN + 1) + \
 633        NLA_ALIGN(NLA_HDRLEN + 1) + \
 634        NLA_ALIGN(NLA_HDRLEN + sizeof(u64)) + \
 635        NLA_ALIGN(NLA_HDRLEN + 0))
 636
 637static int nlattr_to_dccp(struct nlattr *cda[], struct nf_conn *ct)
 638{
 639        struct nlattr *attr = cda[CTA_PROTOINFO_DCCP];
 640        struct nlattr *tb[CTA_PROTOINFO_DCCP_MAX + 1];
 641        int err;
 642
 643        if (!attr)
 644                return 0;
 645
 646        err = nla_parse_nested_deprecated(tb, CTA_PROTOINFO_DCCP_MAX, attr,
 647                                          dccp_nla_policy, NULL);
 648        if (err < 0)
 649                return err;
 650
 651        if (!tb[CTA_PROTOINFO_DCCP_STATE] ||
 652            !tb[CTA_PROTOINFO_DCCP_ROLE] ||
 653            nla_get_u8(tb[CTA_PROTOINFO_DCCP_ROLE]) > CT_DCCP_ROLE_MAX ||
 654            nla_get_u8(tb[CTA_PROTOINFO_DCCP_STATE]) >= CT_DCCP_IGNORE) {
 655                return -EINVAL;
 656        }
 657
 658        spin_lock_bh(&ct->lock);
 659        ct->proto.dccp.state = nla_get_u8(tb[CTA_PROTOINFO_DCCP_STATE]);
 660        if (nla_get_u8(tb[CTA_PROTOINFO_DCCP_ROLE]) == CT_DCCP_ROLE_CLIENT) {
 661                ct->proto.dccp.role[IP_CT_DIR_ORIGINAL] = CT_DCCP_ROLE_CLIENT;
 662                ct->proto.dccp.role[IP_CT_DIR_REPLY] = CT_DCCP_ROLE_SERVER;
 663        } else {
 664                ct->proto.dccp.role[IP_CT_DIR_ORIGINAL] = CT_DCCP_ROLE_SERVER;
 665                ct->proto.dccp.role[IP_CT_DIR_REPLY] = CT_DCCP_ROLE_CLIENT;
 666        }
 667        if (tb[CTA_PROTOINFO_DCCP_HANDSHAKE_SEQ]) {
 668                ct->proto.dccp.handshake_seq =
 669                be64_to_cpu(nla_get_be64(tb[CTA_PROTOINFO_DCCP_HANDSHAKE_SEQ]));
 670        }
 671        spin_unlock_bh(&ct->lock);
 672        return 0;
 673}
 674#endif
 675
 676#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
 677
 678#include <linux/netfilter/nfnetlink.h>
 679#include <linux/netfilter/nfnetlink_cttimeout.h>
 680
 681static int dccp_timeout_nlattr_to_obj(struct nlattr *tb[],
 682                                      struct net *net, void *data)
 683{
 684        struct nf_dccp_net *dn = nf_dccp_pernet(net);
 685        unsigned int *timeouts = data;
 686        int i;
 687
 688        if (!timeouts)
 689                 timeouts = dn->dccp_timeout;
 690
 691        /* set default DCCP timeouts. */
 692        for (i=0; i<CT_DCCP_MAX; i++)
 693                timeouts[i] = dn->dccp_timeout[i];
 694
 695        /* there's a 1:1 mapping between attributes and protocol states. */
 696        for (i=CTA_TIMEOUT_DCCP_UNSPEC+1; i<CTA_TIMEOUT_DCCP_MAX+1; i++) {
 697                if (tb[i]) {
 698                        timeouts[i] = ntohl(nla_get_be32(tb[i])) * HZ;
 699                }
 700        }
 701
 702        timeouts[CTA_TIMEOUT_DCCP_UNSPEC] = timeouts[CTA_TIMEOUT_DCCP_REQUEST];
 703        return 0;
 704}
 705
 706static int
 707dccp_timeout_obj_to_nlattr(struct sk_buff *skb, const void *data)
 708{
 709        const unsigned int *timeouts = data;
 710        int i;
 711
 712        for (i=CTA_TIMEOUT_DCCP_UNSPEC+1; i<CTA_TIMEOUT_DCCP_MAX+1; i++) {
 713                if (nla_put_be32(skb, i, htonl(timeouts[i] / HZ)))
 714                        goto nla_put_failure;
 715        }
 716        return 0;
 717
 718nla_put_failure:
 719        return -ENOSPC;
 720}
 721
 722static const struct nla_policy
 723dccp_timeout_nla_policy[CTA_TIMEOUT_DCCP_MAX+1] = {
 724        [CTA_TIMEOUT_DCCP_REQUEST]      = { .type = NLA_U32 },
 725        [CTA_TIMEOUT_DCCP_RESPOND]      = { .type = NLA_U32 },
 726        [CTA_TIMEOUT_DCCP_PARTOPEN]     = { .type = NLA_U32 },
 727        [CTA_TIMEOUT_DCCP_OPEN]         = { .type = NLA_U32 },
 728        [CTA_TIMEOUT_DCCP_CLOSEREQ]     = { .type = NLA_U32 },
 729        [CTA_TIMEOUT_DCCP_CLOSING]      = { .type = NLA_U32 },
 730        [CTA_TIMEOUT_DCCP_TIMEWAIT]     = { .type = NLA_U32 },
 731};
 732#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */
 733
 734void nf_conntrack_dccp_init_net(struct net *net)
 735{
 736        struct nf_dccp_net *dn = nf_dccp_pernet(net);
 737
 738        /* default values */
 739        dn->dccp_loose = 1;
 740        dn->dccp_timeout[CT_DCCP_REQUEST]       = 2 * DCCP_MSL;
 741        dn->dccp_timeout[CT_DCCP_RESPOND]       = 4 * DCCP_MSL;
 742        dn->dccp_timeout[CT_DCCP_PARTOPEN]      = 4 * DCCP_MSL;
 743        dn->dccp_timeout[CT_DCCP_OPEN]          = 12 * 3600 * HZ;
 744        dn->dccp_timeout[CT_DCCP_CLOSEREQ]      = 64 * HZ;
 745        dn->dccp_timeout[CT_DCCP_CLOSING]       = 64 * HZ;
 746        dn->dccp_timeout[CT_DCCP_TIMEWAIT]      = 2 * DCCP_MSL;
 747
 748        /* timeouts[0] is unused, make it same as SYN_SENT so
 749         * ->timeouts[0] contains 'new' timeout, like udp or icmp.
 750         */
 751        dn->dccp_timeout[CT_DCCP_NONE] = dn->dccp_timeout[CT_DCCP_REQUEST];
 752}
 753
 754const struct nf_conntrack_l4proto nf_conntrack_l4proto_dccp = {
 755        .l4proto                = IPPROTO_DCCP,
 756        .can_early_drop         = dccp_can_early_drop,
 757#ifdef CONFIG_NF_CONNTRACK_PROCFS
 758        .print_conntrack        = dccp_print_conntrack,
 759#endif
 760#if IS_ENABLED(CONFIG_NF_CT_NETLINK)
 761        .nlattr_size            = DCCP_NLATTR_SIZE,
 762        .to_nlattr              = dccp_to_nlattr,
 763        .from_nlattr            = nlattr_to_dccp,
 764        .tuple_to_nlattr        = nf_ct_port_tuple_to_nlattr,
 765        .nlattr_tuple_size      = nf_ct_port_nlattr_tuple_size,
 766        .nlattr_to_tuple        = nf_ct_port_nlattr_to_tuple,
 767        .nla_policy             = nf_ct_port_nla_policy,
 768#endif
 769#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
 770        .ctnl_timeout           = {
 771                .nlattr_to_obj  = dccp_timeout_nlattr_to_obj,
 772                .obj_to_nlattr  = dccp_timeout_obj_to_nlattr,
 773                .nlattr_max     = CTA_TIMEOUT_DCCP_MAX,
 774                .obj_size       = sizeof(unsigned int) * CT_DCCP_MAX,
 775                .nla_policy     = dccp_timeout_nla_policy,
 776        },
 777#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */
 778};
 779