Skip to content
Navigation Menu
Toggle navigation
Sign in
In this repository
All GitHub Enterprise
↵
Jump to
↵
No suggested jump to results
In this repository
All GitHub Enterprise
↵
Jump to
↵
In this organization
All GitHub Enterprise
↵
Jump to
↵
In this repository
All GitHub Enterprise
↵
Jump to
↵
Sign in
Reseting focus
You signed in with another tab or window.
Reload
to refresh your session.
You signed out in another tab or window.
Reload
to refresh your session.
You switched accounts on another tab or window.
Reload
to refresh your session.
Dismiss alert
{{ message }}
mariux64
/
linux
Public
Notifications
You must be signed in to change notification settings
Fork
0
Star
0
Code
Issues
2
Pull requests
0
Actions
Projects
0
Wiki
Security
Insights
Additional navigation options
Code
Issues
Pull requests
Actions
Projects
Wiki
Security
Insights
Files
98dafac
Documentation
arch
block
certs
crypto
drivers
firmware
fs
include
init
ipc
kernel
lib
mm
net
6lowpan
802
8021q
9p
appletalk
atm
ax25
batman-adv
bluetooth
bridge
caif
can
ceph
core
dcb
dccp
decnet
dns_resolver
dsa
ethernet
hsr
ieee802154
ipv4
ipv6
ipx
irda
iucv
kcm
key
l2tp
l3mdev
lapb
llc
mac80211
mac802154
mpls
ncsi
netfilter
netlabel
netlink
netrom
nfc
openvswitch
packet
phonet
qrtr
rds
rfkill
rose
rxrpc
Kconfig
Makefile
af_rxrpc.c
ar-internal.h
call_accept.c
call_event.c
call_object.c
conn_client.c
conn_event.c
conn_object.c
conn_service.c
input.c
insecure.c
key.c
local_event.c
local_object.c
misc.c
output.c
peer_event.c
peer_object.c
proc.c
recvmsg.c
rxkad.c
security.c
sendmsg.c
skbuff.c
sysctl.c
utils.c
sched
sctp
strparser
sunrpc
switchdev
tipc
unix
vmw_vsock
wimax
wireless
x25
xfrm
Kconfig
Makefile
compat.c
socket.c
sysctl_net.c
samples
scripts
security
sound
tools
usr
virt
.cocciconfig
.get_maintainer.ignore
.gitignore
.mailmap
COPYING
CREDITS
Kbuild
Kconfig
MAINTAINERS
Makefile
README
REPORTING-BUGS
Breadcrumbs
linux
/
net
/
rxrpc
/
input.c
Copy path
Blame
Blame
Latest commit
History
History
953 lines (818 loc) · 24.2 KB
Breadcrumbs
linux
/
net
/
rxrpc
/
input.c
Top
File metadata and controls
Code
Blame
953 lines (818 loc) · 24.2 KB
Raw
/* RxRPC packet reception * * Copyright (C) 2007, 2016 Red Hat, Inc. All Rights Reserved. * Written by David Howells (dhowells@redhat.com) * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version * 2 of the License, or (at your option) any later version. */ #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt #include <linux/module.h> #include <linux/net.h> #include <linux/skbuff.h> #include <linux/errqueue.h> #include <linux/udp.h> #include <linux/in.h> #include <linux/in6.h> #include <linux/icmp.h> #include <linux/gfp.h> #include <net/sock.h> #include <net/af_rxrpc.h> #include <net/ip.h> #include <net/udp.h> #include <net/net_namespace.h> #include "ar-internal.h" static void rxrpc_proto_abort(const char *why, struct rxrpc_call *call, rxrpc_seq_t seq) { if (rxrpc_abort_call(why, call, seq, RX_PROTOCOL_ERROR, EBADMSG)) { set_bit(RXRPC_CALL_EV_ABORT, &call->events); rxrpc_queue_call(call); } } /* * Ping the other end to fill our RTT cache and to retrieve the rwind * and MTU parameters. */ static void rxrpc_send_ping(struct rxrpc_call *call, struct sk_buff *skb, int skew) { struct rxrpc_skb_priv *sp = rxrpc_skb(skb); ktime_t now = skb->tstamp; if (call->peer->rtt_usage < 3 || ktime_before(ktime_add_ms(call->peer->rtt_last_req, 1000), now)) rxrpc_propose_ACK(call, RXRPC_ACK_PING, skew, sp->hdr.serial, true, true); } /* * Apply a hard ACK by advancing the Tx window. */ static void rxrpc_rotate_tx_window(struct rxrpc_call *call, rxrpc_seq_t to) { struct sk_buff *skb, *list = NULL; int ix; spin_lock(&call->lock); while (before(call->tx_hard_ack, to)) { call->tx_hard_ack++; ix = call->tx_hard_ack & RXRPC_RXTX_BUFF_MASK; skb = call->rxtx_buffer[ix]; rxrpc_see_skb(skb, rxrpc_skb_tx_rotated); call->rxtx_buffer[ix] = NULL; call->rxtx_annotations[ix] = 0; skb->next = list; list = skb; } spin_unlock(&call->lock); trace_rxrpc_transmit(call, rxrpc_transmit_rotate); wake_up(&call->waitq); while (list) { skb = list; list = skb->next; skb->next = NULL; rxrpc_free_skb(skb, rxrpc_skb_tx_freed); } } /* * End the transmission phase of a call. * * This occurs when we get an ACKALL packet, the first DATA packet of a reply, * or a final ACK packet. */ static bool rxrpc_end_tx_phase(struct rxrpc_call *call, const char *abort_why) { _enter(""); switch (call->state) { case RXRPC_CALL_CLIENT_RECV_REPLY: return true; case RXRPC_CALL_CLIENT_AWAIT_REPLY: case RXRPC_CALL_SERVER_AWAIT_ACK: break; default: rxrpc_proto_abort(abort_why, call, call->tx_top); return false; } rxrpc_rotate_tx_window(call, call->tx_top); write_lock(&call->state_lock); switch (call->state) { default: break; case RXRPC_CALL_CLIENT_AWAIT_REPLY: call->tx_phase = false; call->state = RXRPC_CALL_CLIENT_RECV_REPLY; break; case RXRPC_CALL_SERVER_AWAIT_ACK: __rxrpc_call_completed(call); rxrpc_notify_socket(call); break; } write_unlock(&call->state_lock); trace_rxrpc_transmit(call, rxrpc_transmit_end); _leave(" = ok"); return true; } /* * Scan a jumbo packet to validate its structure and to work out how many * subpackets it contains. * * A jumbo packet is a collection of consecutive packets glued together with * little headers between that indicate how to change the initial header for * each subpacket. * * RXRPC_JUMBO_PACKET must be set on all but the last subpacket - and all but * the last are RXRPC_JUMBO_DATALEN in size. The last subpacket may be of any * size. */ static bool rxrpc_validate_jumbo(struct sk_buff *skb) { struct rxrpc_skb_priv *sp = rxrpc_skb(skb); unsigned int offset = sp->offset; unsigned int len = skb->len; int nr_jumbo = 1; u8 flags = sp->hdr.flags; do { nr_jumbo++; if (len - offset < RXRPC_JUMBO_SUBPKTLEN) goto protocol_error; if (flags & RXRPC_LAST_PACKET) goto protocol_error; offset += RXRPC_JUMBO_DATALEN; if (skb_copy_bits(skb, offset, &flags, 1) < 0) goto protocol_error; offset += sizeof(struct rxrpc_jumbo_header); } while (flags & RXRPC_JUMBO_PACKET); sp->nr_jumbo = nr_jumbo; return true; protocol_error: return false; } /* * Handle reception of a duplicate packet. * * We have to take care to avoid an attack here whereby we're given a series of * jumbograms, each with a sequence number one before the preceding one and * filled up to maximum UDP size. If they never send us the first packet in * the sequence, they can cause us to have to hold on to around 2MiB of kernel * space until the call times out. * * We limit the space usage by only accepting three duplicate jumbo packets per * call. After that, we tell the other side we're no longer accepting jumbos * (that information is encoded in the ACK packet). */ static void rxrpc_input_dup_data(struct rxrpc_call *call, rxrpc_seq_t seq, u8 annotation, bool *_jumbo_bad) { /* Discard normal packets that are duplicates. */ if (annotation == 0) return; /* Skip jumbo subpackets that are duplicates. When we've had three or * more partially duplicate jumbo packets, we refuse to take any more * jumbos for this call. */ if (!*_jumbo_bad) { call->nr_jumbo_bad++; *_jumbo_bad = true; } } /* * Process a DATA packet, adding the packet to the Rx ring. */ static void rxrpc_input_data(struct rxrpc_call *call, struct sk_buff *skb, u16 skew) { struct rxrpc_skb_priv *sp = rxrpc_skb(skb); unsigned int offset = sp->offset; unsigned int ix; rxrpc_serial_t serial = sp->hdr.serial, ack_serial = 0; rxrpc_seq_t seq = sp->hdr.seq, hard_ack; bool immediate_ack = false, jumbo_bad = false, queued; u16 len; u8 ack = 0, flags, annotation = 0; _enter("{%u,%u},{%u,%u}", call->rx_hard_ack, call->rx_top, skb->len, seq); _proto("Rx DATA %%%u { #%u f=%02x }", sp->hdr.serial, seq, sp->hdr.flags); if (call->state >= RXRPC_CALL_COMPLETE) return; /* Received data implicitly ACKs all of the request packets we sent * when we're acting as a client. */ if (call->state == RXRPC_CALL_CLIENT_AWAIT_REPLY && !rxrpc_end_tx_phase(call, "ETD")) return; call->ackr_prev_seq = seq; hard_ack = READ_ONCE(call->rx_hard_ack); if (after(seq, hard_ack + call->rx_winsize)) { ack = RXRPC_ACK_EXCEEDS_WINDOW; ack_serial = serial; goto ack; } flags = sp->hdr.flags; if (flags & RXRPC_JUMBO_PACKET) { if (call->nr_jumbo_bad > 3) { ack = RXRPC_ACK_NOSPACE; ack_serial = serial; goto ack; } annotation = 1; } next_subpacket: queued = false; ix = seq & RXRPC_RXTX_BUFF_MASK; len = skb->len; if (flags & RXRPC_JUMBO_PACKET) len = RXRPC_JUMBO_DATALEN; if (flags & RXRPC_LAST_PACKET) { if (test_bit(RXRPC_CALL_RX_LAST, &call->flags) && seq != call->rx_top) return rxrpc_proto_abort("LSN", call, seq); } else { if (test_bit(RXRPC_CALL_RX_LAST, &call->flags) && after_eq(seq, call->rx_top)) return rxrpc_proto_abort("LSA", call, seq); } if (before_eq(seq, hard_ack)) { ack = RXRPC_ACK_DUPLICATE; ack_serial = serial; goto skip; } if (flags & RXRPC_REQUEST_ACK && !ack) { ack = RXRPC_ACK_REQUESTED; ack_serial = serial; } if (call->rxtx_buffer[ix]) { rxrpc_input_dup_data(call, seq, annotation, &jumbo_bad); if (ack != RXRPC_ACK_DUPLICATE) { ack = RXRPC_ACK_DUPLICATE; ack_serial = serial; } immediate_ack = true; goto skip; } /* Queue the packet. We use a couple of memory barriers here as need * to make sure that rx_top is perceived to be set after the buffer * pointer and that the buffer pointer is set after the annotation and * the skb data. * * Barriers against rxrpc_recvmsg_data() and rxrpc_rotate_rx_window() * and also rxrpc_fill_out_ack(). */ rxrpc_get_skb(skb, rxrpc_skb_rx_got); call->rxtx_annotations[ix] = annotation; smp_wmb(); call->rxtx_buffer[ix] = skb; if (after(seq, call->rx_top)) smp_store_release(&call->rx_top, seq); if (flags & RXRPC_LAST_PACKET) { set_bit(RXRPC_CALL_RX_LAST, &call->flags); trace_rxrpc_receive(call, rxrpc_receive_queue_last, serial, seq); } else { trace_rxrpc_receive(call, rxrpc_receive_queue, serial, seq); } queued = true; if (after_eq(seq, call->rx_expect_next)) { if (after(seq, call->rx_expect_next)) { _net("OOS %u > %u", seq, call->rx_expect_next); ack = RXRPC_ACK_OUT_OF_SEQUENCE; ack_serial = serial; } call->rx_expect_next = seq + 1; } skip: offset += len; if (flags & RXRPC_JUMBO_PACKET) { if (skb_copy_bits(skb, offset, &flags, 1) < 0) return rxrpc_proto_abort("XJF", call, seq); offset += sizeof(struct rxrpc_jumbo_header); seq++; serial++; annotation++; if (flags & RXRPC_JUMBO_PACKET) annotation |= RXRPC_RX_ANNO_JLAST; if (after(seq, hard_ack + call->rx_winsize)) { ack = RXRPC_ACK_EXCEEDS_WINDOW; ack_serial = serial; if (!jumbo_bad) { call->nr_jumbo_bad++; jumbo_bad = true; } goto ack; } _proto("Rx DATA Jumbo %%%u", serial); goto next_subpacket; } if (queued && flags & RXRPC_LAST_PACKET && !ack) { ack = RXRPC_ACK_DELAY; ack_serial = serial; } ack: if (ack) rxrpc_propose_ACK(call, ack, skew, ack_serial, immediate_ack, true); if (sp->hdr.seq == READ_ONCE(call->rx_hard_ack) + 1) rxrpc_notify_socket(call); _leave(" [queued]"); } /* * Process a requested ACK. */ static void rxrpc_input_requested_ack(struct rxrpc_call *call, ktime_t resp_time, rxrpc_serial_t orig_serial, rxrpc_serial_t ack_serial) { struct rxrpc_skb_priv *sp; struct sk_buff *skb; ktime_t sent_at; int ix; for (ix = 0; ix < RXRPC_RXTX_BUFF_SIZE; ix++) { skb = call->rxtx_buffer[ix]; if (!skb) continue; sp = rxrpc_skb(skb); if (sp->hdr.serial != orig_serial) continue; smp_rmb(); sent_at = skb->tstamp; goto found; } return; found: rxrpc_peer_add_rtt(call, rxrpc_rtt_rx_requested_ack, orig_serial, ack_serial, sent_at, resp_time); } /* * Process a ping response. */ static void rxrpc_input_ping_response(struct rxrpc_call *call, ktime_t resp_time, rxrpc_serial_t orig_serial, rxrpc_serial_t ack_serial) { rxrpc_serial_t ping_serial; ktime_t ping_time; ping_time = call->ackr_ping_time; smp_rmb(); ping_serial = call->ackr_ping; if (!test_bit(RXRPC_CALL_PINGING, &call->flags) || before(orig_serial, ping_serial)) return; clear_bit(RXRPC_CALL_PINGING, &call->flags); if (after(orig_serial, ping_serial)) return; rxrpc_peer_add_rtt(call, rxrpc_rtt_rx_ping_response, orig_serial, ack_serial, ping_time, resp_time); } /* * Process the extra information that may be appended to an ACK packet */ static void rxrpc_input_ackinfo(struct rxrpc_call *call, struct sk_buff *skb, struct rxrpc_ackinfo *ackinfo) { struct rxrpc_skb_priv *sp = rxrpc_skb(skb); struct rxrpc_peer *peer; unsigned int mtu; u32 rwind = ntohl(ackinfo->rwind); _proto("Rx ACK %%%u Info { rx=%u max=%u rwin=%u jm=%u }", sp->hdr.serial, ntohl(ackinfo->rxMTU), ntohl(ackinfo->maxMTU), rwind, ntohl(ackinfo->jumbo_max)); if (rwind > RXRPC_RXTX_BUFF_SIZE - 1) rwind = RXRPC_RXTX_BUFF_SIZE - 1; call->tx_winsize = rwind; mtu = min(ntohl(ackinfo->rxMTU), ntohl(ackinfo->maxMTU)); peer = call->peer; if (mtu < peer->maxdata) { spin_lock_bh(&peer->lock); peer->maxdata = mtu; peer->mtu = mtu + peer->hdrsize; spin_unlock_bh(&peer->lock); _net("Net MTU %u (maxdata %u)", peer->mtu, peer->maxdata); } } /* * Process individual soft ACKs. * * Each ACK in the array corresponds to one packet and can be either an ACK or * a NAK. If we get find an explicitly NAK'd packet we resend immediately; * packets that lie beyond the end of the ACK list are scheduled for resend by * the timer on the basis that the peer might just not have processed them at * the time the ACK was sent. */ static void rxrpc_input_soft_acks(struct rxrpc_call *call, u8 *acks, rxrpc_seq_t seq, int nr_acks) { bool resend = false; int ix; u8 annotation, anno_type; for (; nr_acks > 0; nr_acks--, seq++) { ix = seq & RXRPC_RXTX_BUFF_MASK; annotation = call->rxtx_annotations[ix]; anno_type = annotation & RXRPC_TX_ANNO_MASK; annotation &= ~RXRPC_TX_ANNO_MASK; switch (*acks++) { case RXRPC_ACK_TYPE_ACK: if (anno_type == RXRPC_TX_ANNO_ACK) continue; call->rxtx_annotations[ix] = RXRPC_TX_ANNO_ACK | annotation; break; case RXRPC_ACK_TYPE_NACK: if (anno_type == RXRPC_TX_ANNO_NAK) continue; call->rxtx_annotations[ix] = RXRPC_TX_ANNO_NAK | annotation; resend = true; break; default: return rxrpc_proto_abort("SFT", call, 0); } } if (resend && !test_and_set_bit(RXRPC_CALL_EV_RESEND, &call->events)) rxrpc_queue_call(call); } /* * Process an ACK packet. * * ack.firstPacket is the sequence number of the first soft-ACK'd/NAK'd packet * in the ACK array. Anything before that is hard-ACK'd and may be discarded. * * A hard-ACK means that a packet has been processed and may be discarded; a * soft-ACK means that the packet may be discarded and retransmission * requested. A phase is complete when all packets are hard-ACK'd. */ static void rxrpc_input_ack(struct rxrpc_call *call, struct sk_buff *skb, u16 skew) { struct rxrpc_skb_priv *sp = rxrpc_skb(skb); union { struct rxrpc_ackpacket ack; struct rxrpc_ackinfo info; u8 acks[RXRPC_MAXACKS]; } buf; rxrpc_serial_t acked_serial; rxrpc_seq_t first_soft_ack, hard_ack; int nr_acks, offset; _enter(""); if (skb_copy_bits(skb, sp->offset, &buf.ack, sizeof(buf.ack)) < 0) { _debug("extraction failure"); return rxrpc_proto_abort("XAK", call, 0); } sp->offset += sizeof(buf.ack); acked_serial = ntohl(buf.ack.serial); first_soft_ack = ntohl(buf.ack.firstPacket); hard_ack = first_soft_ack - 1; nr_acks = buf.ack.nAcks; trace_rxrpc_rx_ack(call, first_soft_ack, buf.ack.reason, nr_acks); _proto("Rx ACK %%%u { m=%hu f=#%u p=#%u s=%%%u r=%s n=%u }", sp->hdr.serial, ntohs(buf.ack.maxSkew), first_soft_ack, ntohl(buf.ack.previousPacket), acked_serial, rxrpc_acks(buf.ack.reason), buf.ack.nAcks); if (buf.ack.reason == RXRPC_ACK_PING_RESPONSE) rxrpc_input_ping_response(call, skb->tstamp, acked_serial, sp->hdr.serial); if (buf.ack.reason == RXRPC_ACK_REQUESTED) rxrpc_input_requested_ack(call, skb->tstamp, acked_serial, sp->hdr.serial); if (buf.ack.reason == RXRPC_ACK_PING) { _proto("Rx ACK %%%u PING Request", sp->hdr.serial); rxrpc_propose_ACK(call, RXRPC_ACK_PING_RESPONSE, skew, sp->hdr.serial, true, true); } else if (sp->hdr.flags & RXRPC_REQUEST_ACK) { rxrpc_propose_ACK(call, RXRPC_ACK_REQUESTED, skew, sp->hdr.serial, true, true); } offset = sp->offset + nr_acks + 3; if (skb->len >= offset + sizeof(buf.info)) { if (skb_copy_bits(skb, offset, &buf.info, sizeof(buf.info)) < 0) return rxrpc_proto_abort("XAI", call, 0); rxrpc_input_ackinfo(call, skb, &buf.info); } if (first_soft_ack == 0) return rxrpc_proto_abort("AK0", call, 0); /* Ignore ACKs unless we are or have just been transmitting. */ switch (call->state) { case RXRPC_CALL_CLIENT_SEND_REQUEST: case RXRPC_CALL_CLIENT_AWAIT_REPLY: case RXRPC_CALL_SERVER_SEND_REPLY: case RXRPC_CALL_SERVER_AWAIT_ACK: break; default: return; } /* Discard any out-of-order or duplicate ACKs. */ if (before_eq(sp->hdr.serial, call->acks_latest)) { _debug("discard ACK %d <= %d", sp->hdr.serial, call->acks_latest); return; } call->acks_latest = sp->hdr.serial; if (test_bit(RXRPC_CALL_TX_LAST, &call->flags) && hard_ack == call->tx_top) { rxrpc_end_tx_phase(call, "ETA"); return; } if (before(hard_ack, call->tx_hard_ack) || after(hard_ack, call->tx_top)) return rxrpc_proto_abort("AKW", call, 0); if (after(hard_ack, call->tx_hard_ack)) rxrpc_rotate_tx_window(call, hard_ack); if (after(first_soft_ack, call->tx_top)) return; if (nr_acks > call->tx_top - first_soft_ack + 1) nr_acks = first_soft_ack - call->tx_top + 1; if (skb_copy_bits(skb, sp->offset, buf.acks, nr_acks) < 0) return rxrpc_proto_abort("XSA", call, 0); rxrpc_input_soft_acks(call, buf.acks, first_soft_ack, nr_acks); } /* * Process an ACKALL packet. */ static void rxrpc_input_ackall(struct rxrpc_call *call, struct sk_buff *skb) { struct rxrpc_skb_priv *sp = rxrpc_skb(skb); _proto("Rx ACKALL %%%u", sp->hdr.serial); rxrpc_end_tx_phase(call, "ETL"); } /* * Process an ABORT packet. */ static void rxrpc_input_abort(struct rxrpc_call *call, struct sk_buff *skb) { struct rxrpc_skb_priv *sp = rxrpc_skb(skb); __be32 wtmp; u32 abort_code = RX_CALL_DEAD; _enter(""); if (skb->len >= 4 && skb_copy_bits(skb, sp->offset, &wtmp, sizeof(wtmp)) >= 0) abort_code = ntohl(wtmp); _proto("Rx ABORT %%%u { %x }", sp->hdr.serial, abort_code); if (rxrpc_set_call_completion(call, RXRPC_CALL_REMOTELY_ABORTED, abort_code, ECONNABORTED)) rxrpc_notify_socket(call); } /* * Process an incoming call packet. */ static void rxrpc_input_call_packet(struct rxrpc_call *call, struct sk_buff *skb, u16 skew) { struct rxrpc_skb_priv *sp = rxrpc_skb(skb); _enter("%p,%p", call, skb); switch (sp->hdr.type) { case RXRPC_PACKET_TYPE_DATA: rxrpc_input_data(call, skb, skew); break; case RXRPC_PACKET_TYPE_ACK: rxrpc_input_ack(call, skb, skew); break; case RXRPC_PACKET_TYPE_BUSY: _proto("Rx BUSY %%%u", sp->hdr.serial); /* Just ignore BUSY packets from the server; the retry and * lifespan timers will take care of business. BUSY packets * from the client don't make sense. */ break; case RXRPC_PACKET_TYPE_ABORT: rxrpc_input_abort(call, skb); break; case RXRPC_PACKET_TYPE_ACKALL: rxrpc_input_ackall(call, skb); break; default: _proto("Rx %s %%%u", rxrpc_pkts[sp->hdr.type], sp->hdr.serial); break; } _leave(""); } /* * post connection-level events to the connection * - this includes challenges, responses, some aborts and call terminal packet * retransmission. */ static void rxrpc_post_packet_to_conn(struct rxrpc_connection *conn, struct sk_buff *skb) { _enter("%p,%p", conn, skb); skb_queue_tail(&conn->rx_queue, skb); rxrpc_queue_conn(conn); } /* * post endpoint-level events to the local endpoint * - this includes debug and version messages */ static void rxrpc_post_packet_to_local(struct rxrpc_local *local, struct sk_buff *skb) { _enter("%p,%p", local, skb); skb_queue_tail(&local->event_queue, skb); rxrpc_queue_local(local); } /* * put a packet up for transport-level abort */ static void rxrpc_reject_packet(struct rxrpc_local *local, struct sk_buff *skb) { CHECK_SLAB_OKAY(&local->usage); skb_queue_tail(&local->reject_queue, skb); rxrpc_queue_local(local); } /* * Extract the wire header from a packet and translate the byte order. */ static noinline int rxrpc_extract_header(struct rxrpc_skb_priv *sp, struct sk_buff *skb) { struct rxrpc_wire_header whdr; /* dig out the RxRPC connection details */ if (skb_copy_bits(skb, 0, &whdr, sizeof(whdr)) < 0) return -EBADMSG; memset(sp, 0, sizeof(*sp)); sp->hdr.epoch = ntohl(whdr.epoch); sp->hdr.cid = ntohl(whdr.cid); sp->hdr.callNumber = ntohl(whdr.callNumber); sp->hdr.seq = ntohl(whdr.seq); sp->hdr.serial = ntohl(whdr.serial); sp->hdr.flags = whdr.flags; sp->hdr.type = whdr.type; sp->hdr.userStatus = whdr.userStatus; sp->hdr.securityIndex = whdr.securityIndex; sp->hdr._rsvd = ntohs(whdr._rsvd); sp->hdr.serviceId = ntohs(whdr.serviceId); sp->offset = sizeof(whdr); return 0; } /* * handle data received on the local endpoint * - may be called in interrupt context * * The socket is locked by the caller and this prevents the socket from being * shut down and the local endpoint from going away, thus sk_user_data will not * be cleared until this function returns. */ void rxrpc_data_ready(struct sock *udp_sk) { struct rxrpc_connection *conn; struct rxrpc_channel *chan; struct rxrpc_call *call; struct rxrpc_skb_priv *sp; struct rxrpc_local *local = udp_sk->sk_user_data; struct sk_buff *skb; unsigned int channel; int ret, skew; _enter("%p", udp_sk); ASSERT(!irqs_disabled()); skb = skb_recv_datagram(udp_sk, 0, 1, &ret); if (!skb) { if (ret == -EAGAIN) return; _debug("UDP socket error %d", ret); return; } rxrpc_new_skb(skb, rxrpc_skb_rx_received); _net("recv skb %p", skb); /* we'll probably need to checksum it (didn't call sock_recvmsg) */ if (skb_checksum_complete(skb)) { rxrpc_free_skb(skb, rxrpc_skb_rx_freed); __UDP_INC_STATS(&init_net, UDP_MIB_INERRORS, 0); _leave(" [CSUM failed]"); return; } __UDP_INC_STATS(&init_net, UDP_MIB_INDATAGRAMS, 0); /* The socket buffer we have is owned by UDP, with UDP's data all over * it, but we really want our own data there. */ skb_orphan(skb); sp = rxrpc_skb(skb); if (IS_ENABLED(CONFIG_AF_RXRPC_INJECT_LOSS)) { static int lose; if ((lose++ & 7) == 7) { rxrpc_lose_skb(skb, rxrpc_skb_rx_lost); return; } } _net("Rx UDP packet from %08x:%04hu", ntohl(ip_hdr(skb)->saddr), ntohs(udp_hdr(skb)->source)); /* dig out the RxRPC connection details */ if (rxrpc_extract_header(sp, skb) < 0) goto bad_message; trace_rxrpc_rx_packet(sp); _net("Rx RxRPC %s ep=%x call=%x:%x", sp->hdr.flags & RXRPC_CLIENT_INITIATED ? "ToServer" : "ToClient", sp->hdr.epoch, sp->hdr.cid, sp->hdr.callNumber); if (sp->hdr.type >= RXRPC_N_PACKET_TYPES || !((RXRPC_SUPPORTED_PACKET_TYPES >> sp->hdr.type) & 1)) { _proto("Rx Bad Packet Type %u", sp->hdr.type); goto bad_message; } switch (sp->hdr.type) { case RXRPC_PACKET_TYPE_VERSION: rxrpc_post_packet_to_local(local, skb); goto out; case RXRPC_PACKET_TYPE_BUSY: if (sp->hdr.flags & RXRPC_CLIENT_INITIATED) goto discard; case RXRPC_PACKET_TYPE_DATA: if (sp->hdr.callNumber == 0) goto bad_message; if (sp->hdr.flags & RXRPC_JUMBO_PACKET && !rxrpc_validate_jumbo(skb)) goto bad_message; break; } rcu_read_lock(); conn = rxrpc_find_connection_rcu(local, skb); if (conn) { if (sp->hdr.securityIndex != conn->security_ix) goto wrong_security; if (sp->hdr.callNumber == 0) { /* Connection-level packet */ _debug("CONN %p {%d}", conn, conn->debug_id); rxrpc_post_packet_to_conn(conn, skb); goto out_unlock; } /* Note the serial number skew here */ skew = (int)sp->hdr.serial - (int)conn->hi_serial; if (skew >= 0) { if (skew > 0) conn->hi_serial = sp->hdr.serial; } else { skew = -skew; skew = min(skew, 65535); } /* Call-bound packets are routed by connection channel. */ channel = sp->hdr.cid & RXRPC_CHANNELMASK; chan = &conn->channels[channel]; /* Ignore really old calls */ if (sp->hdr.callNumber < chan->last_call) goto discard_unlock; if (sp->hdr.callNumber == chan->last_call) { /* For the previous service call, if completed successfully, we * discard all further packets. */ if (rxrpc_conn_is_service(conn) && (chan->last_type == RXRPC_PACKET_TYPE_ACK || sp->hdr.type == RXRPC_PACKET_TYPE_ABORT)) goto discard_unlock; /* But otherwise we need to retransmit the final packet from * data cached in the connection record. */ rxrpc_post_packet_to_conn(conn, skb); goto out_unlock; } call = rcu_dereference(chan->call); } else { skew = 0; call = NULL; } if (!call || atomic_read(&call->usage) == 0) { if (!(sp->hdr.type & RXRPC_CLIENT_INITIATED) || sp->hdr.callNumber == 0 || sp->hdr.type != RXRPC_PACKET_TYPE_DATA) goto bad_message_unlock; if (sp->hdr.seq != 1) goto discard_unlock; call = rxrpc_new_incoming_call(local, conn, skb); if (!call) { rcu_read_unlock(); goto reject_packet; } rxrpc_send_ping(call, skb, skew); } rxrpc_input_call_packet(call, skb, skew); goto discard_unlock; discard_unlock: rcu_read_unlock(); discard: rxrpc_free_skb(skb, rxrpc_skb_rx_freed); out: trace_rxrpc_rx_done(0, 0); return; out_unlock: rcu_read_unlock(); goto out; wrong_security: rcu_read_unlock(); trace_rxrpc_abort("SEC", sp->hdr.cid, sp->hdr.callNumber, sp->hdr.seq, RXKADINCONSISTENCY, EBADMSG); skb->priority = RXKADINCONSISTENCY; goto post_abort; bad_message_unlock: rcu_read_unlock(); bad_message: trace_rxrpc_abort("BAD", sp->hdr.cid, sp->hdr.callNumber, sp->hdr.seq, RX_PROTOCOL_ERROR, EBADMSG); skb->priority = RX_PROTOCOL_ERROR; post_abort: skb->mark = RXRPC_SKB_MARK_LOCAL_ABORT; reject_packet: trace_rxrpc_rx_done(skb->mark, skb->priority); rxrpc_reject_packet(local, skb); _leave(" [badmsg]"); }
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
You can’t perform that action at this time.