]> git.proxmox.com Git - mirror_ubuntu-jammy-kernel.git/blob - net/dccp/options.c
projects / mirror_ubuntu-jammy-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
[mirror_ubuntu-jammy-kernel.git] / net / dccp / options.c
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * net/dccp/options.c
4 *
5 * An implementation of the DCCP protocol
6 * Copyright (c) 2005 Aristeu Sergio Rozanski Filho <aris@cathedrallabs.org>
7 * Copyright (c) 2005 Arnaldo Carvalho de Melo <acme@ghostprotocols.net>
8 * Copyright (c) 2005 Ian McDonald <ian.mcdonald@jandi.co.nz>
9 */
10 #include <linux/dccp.h>
11 #include <linux/module.h>
12 #include <linux/types.h>
13 #include <asm/unaligned.h>
14 #include <linux/kernel.h>
15 #include <linux/skbuff.h>
16
17 #include "ackvec.h"
18 #include "ccid.h"
19 #include "dccp.h"
20 #include "feat.h"
21
22 u64 dccp_decode_value_var(const u8 *bf, const u8 len)
23 {
24 u64 value = 0;
25
26 if (len >= DCCP_OPTVAL_MAXLEN)
27 value += ((u64)*bf++) << 40;
28 if (len > 4)
29 value += ((u64)*bf++) << 32;
30 if (len > 3)
31 value += ((u64)*bf++) << 24;
32 if (len > 2)
33 value += ((u64)*bf++) << 16;
34 if (len > 1)
35 value += ((u64)*bf++) << 8;
36 if (len > 0)
37 value += *bf;
38
39 return value;
40 }
41
42 /**
43 * dccp_parse_options - Parse DCCP options present in @skb
44 * @sk: client|server|listening dccp socket (when @dreq != NULL)
45 * @dreq: request socket to use during connection setup, or NULL
46 */
47 int dccp_parse_options(struct sock *sk, struct dccp_request_sock *dreq,
48 struct sk_buff *skb)
49 {
50 struct dccp_sock *dp = dccp_sk(sk);
51 const struct dccp_hdr *dh = dccp_hdr(skb);
52 const u8 pkt_type = DCCP_SKB_CB(skb)->dccpd_type;
53 unsigned char *options = (unsigned char *)dh + dccp_hdr_len(skb);
54 unsigned char *opt_ptr = options;
55 const unsigned char *opt_end = (unsigned char *)dh +
56 (dh->dccph_doff * 4);
57 struct dccp_options_received *opt_recv = &dp->dccps_options_received;
58 unsigned char opt, len;
59 unsigned char *uninitialized_var(value);
60 u32 elapsed_time;
61 __be32 opt_val;
62 int rc;
63 int mandatory = 0;
64
65 memset(opt_recv, 0, sizeof(*opt_recv));
66
67 opt = len = 0;
68 while (opt_ptr != opt_end) {
69 opt = *opt_ptr++;
70 len = 0;
71 value = NULL;
72
73 /* Check if this isn't a single byte option */
74 if (opt > DCCPO_MAX_RESERVED) {
75 if (opt_ptr == opt_end)
76 goto out_nonsensical_length;
77
78 len = *opt_ptr++;
79 if (len < 2)
80 goto out_nonsensical_length;
81 /*
82 * Remove the type and len fields, leaving
83 * just the value size
84 */
85 len -= 2;
86 value = opt_ptr;
87 opt_ptr += len;
88
89 if (opt_ptr > opt_end)
90 goto out_nonsensical_length;
91 }
92
93 /*
94 * CCID-specific options are ignored during connection setup, as
95 * negotiation may still be in progress (see RFC 4340, 10.3).
96 * The same applies to Ack Vectors, as these depend on the CCID.
97 */
98 if (dreq != NULL && (opt >= DCCPO_MIN_RX_CCID_SPECIFIC ||
99 opt == DCCPO_ACK_VECTOR_0 || opt == DCCPO_ACK_VECTOR_1))
100 goto ignore_option;
101
102 switch (opt) {
103 case DCCPO_PADDING:
104 break;
105 case DCCPO_MANDATORY:
106 if (mandatory)
107 goto out_invalid_option;
108 if (pkt_type != DCCP_PKT_DATA)
109 mandatory = 1;
110 break;
111 case DCCPO_NDP_COUNT:
112 if (len > 6)
113 goto out_invalid_option;
114
115 opt_recv->dccpor_ndp = dccp_decode_value_var(value, len);
116 dccp_pr_debug("%s opt: NDP count=%llu\n", dccp_role(sk),
117 (unsigned long long)opt_recv->dccpor_ndp);
118 break;
119 case DCCPO_CHANGE_L ... DCCPO_CONFIRM_R:
120 if (pkt_type == DCCP_PKT_DATA) /* RFC 4340, 6 */
121 break;
122 if (len == 0)
123 goto out_invalid_option;
124 rc = dccp_feat_parse_options(sk, dreq, mandatory, opt,
125 *value, value + 1, len - 1);
126 if (rc)
127 goto out_featneg_failed;
128 break;
129 case DCCPO_TIMESTAMP:
130 if (len != 4)
131 goto out_invalid_option;
132 /*
133 * RFC 4340 13.1: "The precise time corresponding to
134 * Timestamp Value zero is not specified". We use
135 * zero to indicate absence of a meaningful timestamp.
136 */
137 opt_val = get_unaligned((__be32 *)value);
138 if (unlikely(opt_val == 0)) {
139 DCCP_WARN("Timestamp with zero value\n");
140 break;
141 }
142
143 if (dreq != NULL) {
144 dreq->dreq_timestamp_echo = ntohl(opt_val);
145 dreq->dreq_timestamp_time = dccp_timestamp();
146 } else {
147 opt_recv->dccpor_timestamp =
148 dp->dccps_timestamp_echo = ntohl(opt_val);
149 dp->dccps_timestamp_time = dccp_timestamp();
150 }
151 dccp_pr_debug("%s rx opt: TIMESTAMP=%u, ackno=%llu\n",
152 dccp_role(sk), ntohl(opt_val),
153 (unsigned long long)
154 DCCP_SKB_CB(skb)->dccpd_ack_seq);
155 /* schedule an Ack in case this sender is quiescent */
156 inet_csk_schedule_ack(sk);
157 break;
158 case DCCPO_TIMESTAMP_ECHO:
159 if (len != 4 && len != 6 && len != 8)
160 goto out_invalid_option;
161
162 opt_val = get_unaligned((__be32 *)value);
163 opt_recv->dccpor_timestamp_echo = ntohl(opt_val);
164
165 dccp_pr_debug("%s rx opt: TIMESTAMP_ECHO=%u, len=%d, "
166 "ackno=%llu", dccp_role(sk),
167 opt_recv->dccpor_timestamp_echo,
168 len + 2,
169 (unsigned long long)
170 DCCP_SKB_CB(skb)->dccpd_ack_seq);
171
172 value += 4;
173
174 if (len == 4) { /* no elapsed time included */
175 dccp_pr_debug_cat("\n");
176 break;
177 }
178
179 if (len == 6) { /* 2-byte elapsed time */
180 __be16 opt_val2 = get_unaligned((__be16 *)value);
181 elapsed_time = ntohs(opt_val2);
182 } else { /* 4-byte elapsed time */
183 opt_val = get_unaligned((__be32 *)value);
184 elapsed_time = ntohl(opt_val);
185 }
186
187 dccp_pr_debug_cat(", ELAPSED_TIME=%u\n", elapsed_time);
188
189 /* Give precedence to the biggest ELAPSED_TIME */
190 if (elapsed_time > opt_recv->dccpor_elapsed_time)
191 opt_recv->dccpor_elapsed_time = elapsed_time;
192 break;
193 case DCCPO_ELAPSED_TIME:
194 if (dccp_packet_without_ack(skb)) /* RFC 4340, 13.2 */
195 break;
196
197 if (len == 2) {
198 __be16 opt_val2 = get_unaligned((__be16 *)value);
199 elapsed_time = ntohs(opt_val2);
200 } else if (len == 4) {
201 opt_val = get_unaligned((__be32 *)value);
202 elapsed_time = ntohl(opt_val);
203 } else {
204 goto out_invalid_option;
205 }
206
207 if (elapsed_time > opt_recv->dccpor_elapsed_time)
208 opt_recv->dccpor_elapsed_time = elapsed_time;
209
210 dccp_pr_debug("%s rx opt: ELAPSED_TIME=%d\n",
211 dccp_role(sk), elapsed_time);
212 break;
213 case DCCPO_MIN_RX_CCID_SPECIFIC ... DCCPO_MAX_RX_CCID_SPECIFIC:
214 if (ccid_hc_rx_parse_options(dp->dccps_hc_rx_ccid, sk,
215 pkt_type, opt, value, len))
216 goto out_invalid_option;
217 break;
218 case DCCPO_ACK_VECTOR_0:
219 case DCCPO_ACK_VECTOR_1:
220 if (dccp_packet_without_ack(skb)) /* RFC 4340, 11.4 */
221 break;
222 /*
223 * Ack vectors are processed by the TX CCID if it is
224 * interested. The RX CCID need not parse Ack Vectors,
225 * since it is only interested in clearing old state.
226 */
227 /* fall through */
228 case DCCPO_MIN_TX_CCID_SPECIFIC ... DCCPO_MAX_TX_CCID_SPECIFIC:
229 if (ccid_hc_tx_parse_options(dp->dccps_hc_tx_ccid, sk,
230 pkt_type, opt, value, len))
231 goto out_invalid_option;
232 break;
233 default:
234 DCCP_CRIT("DCCP(%p): option %d(len=%d) not "
235 "implemented, ignoring", sk, opt, len);
236 break;
237 }
238 ignore_option:
239 if (opt != DCCPO_MANDATORY)
240 mandatory = 0;
241 }
242
243 /* mandatory was the last byte in option list -> reset connection */
244 if (mandatory)
245 goto out_invalid_option;
246
247 out_nonsensical_length:
248 /* RFC 4340, 5.8: ignore option and all remaining option space */
249 return 0;
250
251 out_invalid_option:
252 DCCP_INC_STATS(DCCP_MIB_INVALIDOPT);
253 rc = DCCP_RESET_CODE_OPTION_ERROR;
254 out_featneg_failed:
255 DCCP_WARN("DCCP(%p): Option %d (len=%d) error=%u\n", sk, opt, len, rc);
256 DCCP_SKB_CB(skb)->dccpd_reset_code = rc;
257 DCCP_SKB_CB(skb)->dccpd_reset_data[0] = opt;
258 DCCP_SKB_CB(skb)->dccpd_reset_data[1] = len > 0 ? value[0] : 0;
259 DCCP_SKB_CB(skb)->dccpd_reset_data[2] = len > 1 ? value[1] : 0;
260 return -1;
261 }
262
263 EXPORT_SYMBOL_GPL(dccp_parse_options);
264
265 void dccp_encode_value_var(const u64 value, u8 *to, const u8 len)
266 {
267 if (len >= DCCP_OPTVAL_MAXLEN)
268 *to++ = (value & 0xFF0000000000ull) >> 40;
269 if (len > 4)
270 *to++ = (value & 0xFF00000000ull) >> 32;
271 if (len > 3)
272 *to++ = (value & 0xFF000000) >> 24;
273 if (len > 2)
274 *to++ = (value & 0xFF0000) >> 16;
275 if (len > 1)
276 *to++ = (value & 0xFF00) >> 8;
277 if (len > 0)
278 *to++ = (value & 0xFF);
279 }
280
281 static inline u8 dccp_ndp_len(const u64 ndp)
282 {
283 if (likely(ndp <= 0xFF))
284 return 1;
285 return likely(ndp <= USHRT_MAX) ? 2 : (ndp <= UINT_MAX ? 4 : 6);
286 }
287
288 int dccp_insert_option(struct sk_buff *skb, const unsigned char option,
289 const void *value, const unsigned char len)
290 {
291 unsigned char *to;
292
293 if (DCCP_SKB_CB(skb)->dccpd_opt_len + len + 2 > DCCP_MAX_OPT_LEN)
294 return -1;
295
296 DCCP_SKB_CB(skb)->dccpd_opt_len += len + 2;
297
298 to = skb_push(skb, len + 2);
299 *to++ = option;
300 *to++ = len + 2;
301
302 memcpy(to, value, len);
303 return 0;
304 }
305
306 EXPORT_SYMBOL_GPL(dccp_insert_option);
307
308 static int dccp_insert_option_ndp(struct sock *sk, struct sk_buff *skb)
309 {
310 struct dccp_sock *dp = dccp_sk(sk);
311 u64 ndp = dp->dccps_ndp_count;
312
313 if (dccp_non_data_packet(skb))
314 ++dp->dccps_ndp_count;
315 else
316 dp->dccps_ndp_count = 0;
317
318 if (ndp > 0) {
319 unsigned char *ptr;
320 const int ndp_len = dccp_ndp_len(ndp);
321 const int len = ndp_len + 2;
322
323 if (DCCP_SKB_CB(skb)->dccpd_opt_len + len > DCCP_MAX_OPT_LEN)
324 return -1;
325
326 DCCP_SKB_CB(skb)->dccpd_opt_len += len;
327
328 ptr = skb_push(skb, len);
329 *ptr++ = DCCPO_NDP_COUNT;
330 *ptr++ = len;
331 dccp_encode_value_var(ndp, ptr, ndp_len);
332 }
333
334 return 0;
335 }
336
337 static inline int dccp_elapsed_time_len(const u32 elapsed_time)
338 {
339 return elapsed_time == 0 ? 0 : elapsed_time <= 0xFFFF ? 2 : 4;
340 }
341
342 static int dccp_insert_option_timestamp(struct sk_buff *skb)
343 {
344 __be32 now = htonl(dccp_timestamp());
345 /* yes this will overflow but that is the point as we want a
346 * 10 usec 32 bit timer which mean it wraps every 11.9 hours */
347
348 return dccp_insert_option(skb, DCCPO_TIMESTAMP, &now, sizeof(now));
349 }
350
351 static int dccp_insert_option_timestamp_echo(struct dccp_sock *dp,
352 struct dccp_request_sock *dreq,
353 struct sk_buff *skb)
354 {
355 __be32 tstamp_echo;
356 unsigned char *to;
357 u32 elapsed_time, elapsed_time_len, len;
358
359 if (dreq != NULL) {
360 elapsed_time = dccp_timestamp() - dreq->dreq_timestamp_time;
361 tstamp_echo = htonl(dreq->dreq_timestamp_echo);
362 dreq->dreq_timestamp_echo = 0;
363 } else {
364 elapsed_time = dccp_timestamp() - dp->dccps_timestamp_time;
365 tstamp_echo = htonl(dp->dccps_timestamp_echo);
366 dp->dccps_timestamp_echo = 0;
367 }
368
369 elapsed_time_len = dccp_elapsed_time_len(elapsed_time);
370 len = 6 + elapsed_time_len;
371
372 if (DCCP_SKB_CB(skb)->dccpd_opt_len + len > DCCP_MAX_OPT_LEN)
373 return -1;
374
375 DCCP_SKB_CB(skb)->dccpd_opt_len += len;
376
377 to = skb_push(skb, len);
378 *to++ = DCCPO_TIMESTAMP_ECHO;
379 *to++ = len;
380
381 memcpy(to, &tstamp_echo, 4);
382 to += 4;
383
384 if (elapsed_time_len == 2) {
385 const __be16 var16 = htons((u16)elapsed_time);
386 memcpy(to, &var16, 2);
387 } else if (elapsed_time_len == 4) {
388 const __be32 var32 = htonl(elapsed_time);
389 memcpy(to, &var32, 4);
390 }
391
392 return 0;
393 }
394
395 static int dccp_insert_option_ackvec(struct sock *sk, struct sk_buff *skb)
396 {
397 struct dccp_sock *dp = dccp_sk(sk);
398 struct dccp_ackvec *av = dp->dccps_hc_rx_ackvec;
399 struct dccp_skb_cb *dcb = DCCP_SKB_CB(skb);
400 const u16 buflen = dccp_ackvec_buflen(av);
401 /* Figure out how many options do we need to represent the ackvec */
402 const u8 nr_opts = DIV_ROUND_UP(buflen, DCCP_SINGLE_OPT_MAXLEN);
403 u16 len = buflen + 2 * nr_opts;
404 u8 i, nonce = 0;
405 const unsigned char *tail, *from;
406 unsigned char *to;
407
408 if (dcb->dccpd_opt_len + len > DCCP_MAX_OPT_LEN) {
409 DCCP_WARN("Lacking space for %u bytes on %s packet\n", len,
410 dccp_packet_name(dcb->dccpd_type));
411 return -1;
412 }
413 /*
414 * Since Ack Vectors are variable-length, we can not always predict
415 * their size. To catch exception cases where the space is running out
416 * on the skb, a separate Sync is scheduled to carry the Ack Vector.
417 */
418 if (len > DCCPAV_MIN_OPTLEN &&
419 len + dcb->dccpd_opt_len + skb->len > dp->dccps_mss_cache) {
420 DCCP_WARN("No space left for Ack Vector (%u) on skb (%u+%u), "
421 "MPS=%u ==> reduce payload size?\n", len, skb->len,
422 dcb->dccpd_opt_len, dp->dccps_mss_cache);
423 dp->dccps_sync_scheduled = 1;
424 return 0;
425 }
426 dcb->dccpd_opt_len += len;
427
428 to = skb_push(skb, len);
429 len = buflen;
430 from = av->av_buf + av->av_buf_head;
431 tail = av->av_buf + DCCPAV_MAX_ACKVEC_LEN;
432
433 for (i = 0; i < nr_opts; ++i) {
434 int copylen = len;
435
436 if (len > DCCP_SINGLE_OPT_MAXLEN)
437 copylen = DCCP_SINGLE_OPT_MAXLEN;
438
439 /*
440 * RFC 4340, 12.2: Encode the Nonce Echo for this Ack Vector via
441 * its type; ack_nonce is the sum of all individual buf_nonce's.
442 */
443 nonce ^= av->av_buf_nonce[i];
444
445 *to++ = DCCPO_ACK_VECTOR_0 + av->av_buf_nonce[i];
446 *to++ = copylen + 2;
447
448 /* Check if buf_head wraps */
449 if (from + copylen > tail) {
450 const u16 tailsize = tail - from;
451
452 memcpy(to, from, tailsize);
453 to += tailsize;
454 len -= tailsize;
455 copylen -= tailsize;
456 from = av->av_buf;
457 }
458
459 memcpy(to, from, copylen);
460 from += copylen;
461 to += copylen;
462 len -= copylen;
463 }
464 /*
465 * Each sent Ack Vector is recorded in the list, as per A.2 of RFC 4340.
466 */
467 if (dccp_ackvec_update_records(av, dcb->dccpd_seq, nonce))
468 return -ENOBUFS;
469 return 0;
470 }
471
472 /**
473 * dccp_insert_option_mandatory - Mandatory option (5.8.2)
474 * Note that since we are using skb_push, this function needs to be called
475 * _after_ inserting the option it is supposed to influence (stack order).
476 */
477 int dccp_insert_option_mandatory(struct sk_buff *skb)
478 {
479 if (DCCP_SKB_CB(skb)->dccpd_opt_len >= DCCP_MAX_OPT_LEN)
480 return -1;
481
482 DCCP_SKB_CB(skb)->dccpd_opt_len++;
483 *(u8 *)skb_push(skb, 1) = DCCPO_MANDATORY;
484 return 0;
485 }
486
487 /**
488 * dccp_insert_fn_opt - Insert single Feature-Negotiation option into @skb
489 * @type: %DCCPO_CHANGE_L, %DCCPO_CHANGE_R, %DCCPO_CONFIRM_L, %DCCPO_CONFIRM_R
490 * @feat: one out of %dccp_feature_numbers
491 * @val: NN value or SP array (preferred element first) to copy
492 * @len: true length of @val in bytes (excluding first element repetition)
493 * @repeat_first: whether to copy the first element of @val twice
494 *
495 * The last argument is used to construct Confirm options, where the preferred
496 * value and the preference list appear separately (RFC 4340, 6.3.1). Preference
497 * lists are kept such that the preferred entry is always first, so we only need
498 * to copy twice, and avoid the overhead of cloning into a bigger array.
499 */
500 int dccp_insert_fn_opt(struct sk_buff *skb, u8 type, u8 feat,
501 u8 *val, u8 len, bool repeat_first)
502 {
503 u8 tot_len, *to;
504
505 /* take the `Feature' field and possible repetition into account */
506 if (len > (DCCP_SINGLE_OPT_MAXLEN - 2)) {
507 DCCP_WARN("length %u for feature %u too large\n", len, feat);
508 return -1;
509 }
510
511 if (unlikely(val == NULL || len == 0))
512 len = repeat_first = false;
513 tot_len = 3 + repeat_first + len;
514
515 if (DCCP_SKB_CB(skb)->dccpd_opt_len + tot_len > DCCP_MAX_OPT_LEN) {
516 DCCP_WARN("packet too small for feature %d option!\n", feat);
517 return -1;
518 }
519 DCCP_SKB_CB(skb)->dccpd_opt_len += tot_len;
520
521 to = skb_push(skb, tot_len);
522 *to++ = type;
523 *to++ = tot_len;
524 *to++ = feat;
525
526 if (repeat_first)
527 *to++ = *val;
528 if (len)
529 memcpy(to, val, len);
530 return 0;
531 }
532
533 /* The length of all options needs to be a multiple of 4 (5.8) */
534 static void dccp_insert_option_padding(struct sk_buff *skb)
535 {
536 int padding = DCCP_SKB_CB(skb)->dccpd_opt_len % 4;
537
538 if (padding != 0) {
539 padding = 4 - padding;
540 memset(skb_push(skb, padding), 0, padding);
541 DCCP_SKB_CB(skb)->dccpd_opt_len += padding;
542 }
543 }
544
545 int dccp_insert_options(struct sock *sk, struct sk_buff *skb)
546 {
547 struct dccp_sock *dp = dccp_sk(sk);
548
549 DCCP_SKB_CB(skb)->dccpd_opt_len = 0;
550
551 if (dp->dccps_send_ndp_count && dccp_insert_option_ndp(sk, skb))
552 return -1;
553
554 if (DCCP_SKB_CB(skb)->dccpd_type != DCCP_PKT_DATA) {
555
556 /* Feature Negotiation */
557 if (dccp_feat_insert_opts(dp, NULL, skb))
558 return -1;
559
560 if (DCCP_SKB_CB(skb)->dccpd_type == DCCP_PKT_REQUEST) {
561 /*
562 * Obtain RTT sample from Request/Response exchange.
563 * This is currently used for TFRC initialisation.
564 */
565 if (dccp_insert_option_timestamp(skb))
566 return -1;
567
568 } else if (dccp_ackvec_pending(sk) &&
569 dccp_insert_option_ackvec(sk, skb)) {
570 return -1;
571 }
572 }
573
574 if (dp->dccps_hc_rx_insert_options) {
575 if (ccid_hc_rx_insert_options(dp->dccps_hc_rx_ccid, sk, skb))
576 return -1;
577 dp->dccps_hc_rx_insert_options = 0;
578 }
579
580 if (dp->dccps_timestamp_echo != 0 &&
581 dccp_insert_option_timestamp_echo(dp, NULL, skb))
582 return -1;
583
584 dccp_insert_option_padding(skb);
585 return 0;
586 }
587
588 int dccp_insert_options_rsk(struct dccp_request_sock *dreq, struct sk_buff *skb)
589 {
590 DCCP_SKB_CB(skb)->dccpd_opt_len = 0;
591
592 if (dccp_feat_insert_opts(NULL, dreq, skb))
593 return -1;
594
595 /* Obtain RTT sample from Response/Ack exchange (used by TFRC). */
596 if (dccp_insert_option_timestamp(skb))
597 return -1;
598
599 if (dreq->dreq_timestamp_echo != 0 &&
600 dccp_insert_option_timestamp_echo(NULL, dreq, skb))
601 return -1;
602
603 dccp_insert_option_padding(skb);
604 return 0;
605 }
Ubuntu Jammy Linux kernel mirror