1 /* RxRPC packet reception
3 * Copyright (C) 2007, 2016 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
12 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
14 #include <linux/module.h>
15 #include <linux/net.h>
16 #include <linux/skbuff.h>
17 #include <linux/errqueue.h>
18 #include <linux/udp.h>
20 #include <linux/in6.h>
21 #include <linux/icmp.h>
22 #include <linux/gfp.h>
24 #include <net/af_rxrpc.h>
27 #include <net/net_namespace.h>
28 #include "ar-internal.h"
30 static void rxrpc_proto_abort(const char *why
,
31 struct rxrpc_call
*call
, rxrpc_seq_t seq
)
33 if (rxrpc_abort_call(why
, call
, seq
, RX_PROTOCOL_ERROR
, EBADMSG
)) {
34 set_bit(RXRPC_CALL_EV_ABORT
, &call
->events
);
35 rxrpc_queue_call(call
);
40 * Ping the other end to fill our RTT cache and to retrieve the rwind
43 static void rxrpc_send_ping(struct rxrpc_call
*call
, struct sk_buff
*skb
,
46 struct rxrpc_skb_priv
*sp
= rxrpc_skb(skb
);
48 rxrpc_propose_ACK(call
, RXRPC_ACK_PING
, skew
, sp
->hdr
.serial
,
53 * Apply a hard ACK by advancing the Tx window.
55 static void rxrpc_rotate_tx_window(struct rxrpc_call
*call
, rxrpc_seq_t to
)
57 struct sk_buff
*skb
, *list
= NULL
;
60 spin_lock(&call
->lock
);
62 while (before(call
->tx_hard_ack
, to
)) {
64 ix
= call
->tx_hard_ack
& RXRPC_RXTX_BUFF_MASK
;
65 skb
= call
->rxtx_buffer
[ix
];
66 rxrpc_see_skb(skb
, rxrpc_skb_tx_rotated
);
67 call
->rxtx_buffer
[ix
] = NULL
;
68 call
->rxtx_annotations
[ix
] = 0;
73 spin_unlock(&call
->lock
);
75 trace_rxrpc_transmit(call
, rxrpc_transmit_rotate
);
76 wake_up(&call
->waitq
);
82 rxrpc_free_skb(skb
, rxrpc_skb_tx_freed
);
87 * End the transmission phase of a call.
89 * This occurs when we get an ACKALL packet, the first DATA packet of a reply,
90 * or a final ACK packet.
92 static bool rxrpc_end_tx_phase(struct rxrpc_call
*call
, const char *abort_why
)
96 switch (call
->state
) {
97 case RXRPC_CALL_CLIENT_RECV_REPLY
:
99 case RXRPC_CALL_CLIENT_AWAIT_REPLY
:
100 case RXRPC_CALL_SERVER_AWAIT_ACK
:
103 rxrpc_proto_abort(abort_why
, call
, call
->tx_top
);
107 rxrpc_rotate_tx_window(call
, call
->tx_top
);
109 write_lock(&call
->state_lock
);
111 switch (call
->state
) {
114 case RXRPC_CALL_CLIENT_AWAIT_REPLY
:
115 call
->tx_phase
= false;
116 call
->state
= RXRPC_CALL_CLIENT_RECV_REPLY
;
118 case RXRPC_CALL_SERVER_AWAIT_ACK
:
119 __rxrpc_call_completed(call
);
120 rxrpc_notify_socket(call
);
124 write_unlock(&call
->state_lock
);
125 trace_rxrpc_transmit(call
, rxrpc_transmit_end
);
131 * Scan a jumbo packet to validate its structure and to work out how many
132 * subpackets it contains.
134 * A jumbo packet is a collection of consecutive packets glued together with
135 * little headers between that indicate how to change the initial header for
138 * RXRPC_JUMBO_PACKET must be set on all but the last subpacket - and all but
139 * the last are RXRPC_JUMBO_DATALEN in size. The last subpacket may be of any
142 static bool rxrpc_validate_jumbo(struct sk_buff
*skb
)
144 struct rxrpc_skb_priv
*sp
= rxrpc_skb(skb
);
145 unsigned int offset
= sp
->offset
;
146 unsigned int len
= skb
->len
;
148 u8 flags
= sp
->hdr
.flags
;
152 if (len
- offset
< RXRPC_JUMBO_SUBPKTLEN
)
154 if (flags
& RXRPC_LAST_PACKET
)
156 offset
+= RXRPC_JUMBO_DATALEN
;
157 if (skb_copy_bits(skb
, offset
, &flags
, 1) < 0)
159 offset
+= sizeof(struct rxrpc_jumbo_header
);
160 } while (flags
& RXRPC_JUMBO_PACKET
);
162 sp
->nr_jumbo
= nr_jumbo
;
170 * Handle reception of a duplicate packet.
172 * We have to take care to avoid an attack here whereby we're given a series of
173 * jumbograms, each with a sequence number one before the preceding one and
174 * filled up to maximum UDP size. If they never send us the first packet in
175 * the sequence, they can cause us to have to hold on to around 2MiB of kernel
176 * space until the call times out.
178 * We limit the space usage by only accepting three duplicate jumbo packets per
179 * call. After that, we tell the other side we're no longer accepting jumbos
180 * (that information is encoded in the ACK packet).
182 static void rxrpc_input_dup_data(struct rxrpc_call
*call
, rxrpc_seq_t seq
,
183 u8 annotation
, bool *_jumbo_bad
)
185 /* Discard normal packets that are duplicates. */
189 /* Skip jumbo subpackets that are duplicates. When we've had three or
190 * more partially duplicate jumbo packets, we refuse to take any more
191 * jumbos for this call.
194 call
->nr_jumbo_bad
++;
200 * Process a DATA packet, adding the packet to the Rx ring.
202 static void rxrpc_input_data(struct rxrpc_call
*call
, struct sk_buff
*skb
,
205 struct rxrpc_skb_priv
*sp
= rxrpc_skb(skb
);
206 unsigned int offset
= sp
->offset
;
208 rxrpc_serial_t serial
= sp
->hdr
.serial
, ack_serial
= 0;
209 rxrpc_seq_t seq
= sp
->hdr
.seq
, hard_ack
;
210 bool immediate_ack
= false, jumbo_bad
= false, queued
;
212 u8 ack
= 0, flags
, annotation
= 0;
214 _enter("{%u,%u},{%u,%u}",
215 call
->rx_hard_ack
, call
->rx_top
, skb
->len
, seq
);
217 _proto("Rx DATA %%%u { #%u f=%02x }",
218 sp
->hdr
.serial
, seq
, sp
->hdr
.flags
);
220 if (call
->state
>= RXRPC_CALL_COMPLETE
)
223 /* Received data implicitly ACKs all of the request packets we sent
224 * when we're acting as a client.
226 if (call
->state
== RXRPC_CALL_CLIENT_AWAIT_REPLY
&&
227 !rxrpc_end_tx_phase(call
, "ETD"))
230 call
->ackr_prev_seq
= seq
;
232 hard_ack
= READ_ONCE(call
->rx_hard_ack
);
233 if (after(seq
, hard_ack
+ call
->rx_winsize
)) {
234 ack
= RXRPC_ACK_EXCEEDS_WINDOW
;
239 flags
= sp
->hdr
.flags
;
240 if (flags
& RXRPC_JUMBO_PACKET
) {
241 if (call
->nr_jumbo_bad
> 3) {
242 ack
= RXRPC_ACK_NOSPACE
;
251 ix
= seq
& RXRPC_RXTX_BUFF_MASK
;
253 if (flags
& RXRPC_JUMBO_PACKET
)
254 len
= RXRPC_JUMBO_DATALEN
;
256 if (flags
& RXRPC_LAST_PACKET
) {
257 if (test_bit(RXRPC_CALL_RX_LAST
, &call
->flags
) &&
259 return rxrpc_proto_abort("LSN", call
, seq
);
261 if (test_bit(RXRPC_CALL_RX_LAST
, &call
->flags
) &&
262 after_eq(seq
, call
->rx_top
))
263 return rxrpc_proto_abort("LSA", call
, seq
);
266 if (before_eq(seq
, hard_ack
)) {
267 ack
= RXRPC_ACK_DUPLICATE
;
272 if (flags
& RXRPC_REQUEST_ACK
&& !ack
) {
273 ack
= RXRPC_ACK_REQUESTED
;
277 if (call
->rxtx_buffer
[ix
]) {
278 rxrpc_input_dup_data(call
, seq
, annotation
, &jumbo_bad
);
279 if (ack
!= RXRPC_ACK_DUPLICATE
) {
280 ack
= RXRPC_ACK_DUPLICATE
;
283 immediate_ack
= true;
287 /* Queue the packet. We use a couple of memory barriers here as need
288 * to make sure that rx_top is perceived to be set after the buffer
289 * pointer and that the buffer pointer is set after the annotation and
292 * Barriers against rxrpc_recvmsg_data() and rxrpc_rotate_rx_window()
293 * and also rxrpc_fill_out_ack().
295 rxrpc_get_skb(skb
, rxrpc_skb_rx_got
);
296 call
->rxtx_annotations
[ix
] = annotation
;
298 call
->rxtx_buffer
[ix
] = skb
;
299 if (after(seq
, call
->rx_top
))
300 smp_store_release(&call
->rx_top
, seq
);
301 if (flags
& RXRPC_LAST_PACKET
) {
302 set_bit(RXRPC_CALL_RX_LAST
, &call
->flags
);
303 trace_rxrpc_receive(call
, rxrpc_receive_queue_last
, serial
, seq
);
305 trace_rxrpc_receive(call
, rxrpc_receive_queue
, serial
, seq
);
309 if (after_eq(seq
, call
->rx_expect_next
)) {
310 if (after(seq
, call
->rx_expect_next
)) {
311 _net("OOS %u > %u", seq
, call
->rx_expect_next
);
312 ack
= RXRPC_ACK_OUT_OF_SEQUENCE
;
315 call
->rx_expect_next
= seq
+ 1;
320 if (flags
& RXRPC_JUMBO_PACKET
) {
321 if (skb_copy_bits(skb
, offset
, &flags
, 1) < 0)
322 return rxrpc_proto_abort("XJF", call
, seq
);
323 offset
+= sizeof(struct rxrpc_jumbo_header
);
327 if (flags
& RXRPC_JUMBO_PACKET
)
328 annotation
|= RXRPC_RX_ANNO_JLAST
;
329 if (after(seq
, hard_ack
+ call
->rx_winsize
)) {
330 ack
= RXRPC_ACK_EXCEEDS_WINDOW
;
333 call
->nr_jumbo_bad
++;
339 _proto("Rx DATA Jumbo %%%u", serial
);
343 if (queued
&& flags
& RXRPC_LAST_PACKET
&& !ack
) {
344 ack
= RXRPC_ACK_DELAY
;
350 rxrpc_propose_ACK(call
, ack
, skew
, ack_serial
,
351 immediate_ack
, true);
353 if (sp
->hdr
.seq
== READ_ONCE(call
->rx_hard_ack
) + 1)
354 rxrpc_notify_socket(call
);
359 * Process a requested ACK.
361 static void rxrpc_input_requested_ack(struct rxrpc_call
*call
,
363 rxrpc_serial_t orig_serial
,
364 rxrpc_serial_t ack_serial
)
366 struct rxrpc_skb_priv
*sp
;
371 for (ix
= 0; ix
< RXRPC_RXTX_BUFF_SIZE
; ix
++) {
372 skb
= call
->rxtx_buffer
[ix
];
377 if (sp
->hdr
.serial
!= orig_serial
)
380 sent_at
= skb
->tstamp
;
386 rxrpc_peer_add_rtt(call
, rxrpc_rtt_rx_requested_ack
,
387 orig_serial
, ack_serial
, sent_at
, resp_time
);
391 * Process a ping response.
393 static void rxrpc_input_ping_response(struct rxrpc_call
*call
,
395 rxrpc_serial_t orig_serial
,
396 rxrpc_serial_t ack_serial
)
398 rxrpc_serial_t ping_serial
;
401 ping_time
= call
->ackr_ping_time
;
403 ping_serial
= call
->ackr_ping
;
405 if (!test_bit(RXRPC_CALL_PINGING
, &call
->flags
) ||
406 before(orig_serial
, ping_serial
))
408 clear_bit(RXRPC_CALL_PINGING
, &call
->flags
);
409 if (after(orig_serial
, ping_serial
))
412 rxrpc_peer_add_rtt(call
, rxrpc_rtt_rx_ping_response
,
413 orig_serial
, ack_serial
, ping_time
, resp_time
);
417 * Process the extra information that may be appended to an ACK packet
419 static void rxrpc_input_ackinfo(struct rxrpc_call
*call
, struct sk_buff
*skb
,
420 struct rxrpc_ackinfo
*ackinfo
)
422 struct rxrpc_skb_priv
*sp
= rxrpc_skb(skb
);
423 struct rxrpc_peer
*peer
;
425 u32 rwind
= ntohl(ackinfo
->rwind
);
427 _proto("Rx ACK %%%u Info { rx=%u max=%u rwin=%u jm=%u }",
429 ntohl(ackinfo
->rxMTU
), ntohl(ackinfo
->maxMTU
),
430 rwind
, ntohl(ackinfo
->jumbo_max
));
432 if (rwind
> RXRPC_RXTX_BUFF_SIZE
- 1)
433 rwind
= RXRPC_RXTX_BUFF_SIZE
- 1;
434 call
->tx_winsize
= rwind
;
436 mtu
= min(ntohl(ackinfo
->rxMTU
), ntohl(ackinfo
->maxMTU
));
439 if (mtu
< peer
->maxdata
) {
440 spin_lock_bh(&peer
->lock
);
442 peer
->mtu
= mtu
+ peer
->hdrsize
;
443 spin_unlock_bh(&peer
->lock
);
444 _net("Net MTU %u (maxdata %u)", peer
->mtu
, peer
->maxdata
);
449 * Process individual soft ACKs.
451 * Each ACK in the array corresponds to one packet and can be either an ACK or
452 * a NAK. If we get find an explicitly NAK'd packet we resend immediately;
453 * packets that lie beyond the end of the ACK list are scheduled for resend by
454 * the timer on the basis that the peer might just not have processed them at
455 * the time the ACK was sent.
457 static void rxrpc_input_soft_acks(struct rxrpc_call
*call
, u8
*acks
,
458 rxrpc_seq_t seq
, int nr_acks
)
462 u8 annotation
, anno_type
;
464 for (; nr_acks
> 0; nr_acks
--, seq
++) {
465 ix
= seq
& RXRPC_RXTX_BUFF_MASK
;
466 annotation
= call
->rxtx_annotations
[ix
];
467 anno_type
= annotation
& RXRPC_TX_ANNO_MASK
;
468 annotation
&= ~RXRPC_TX_ANNO_MASK
;
470 case RXRPC_ACK_TYPE_ACK
:
471 if (anno_type
== RXRPC_TX_ANNO_ACK
)
473 call
->rxtx_annotations
[ix
] =
474 RXRPC_TX_ANNO_ACK
| annotation
;
476 case RXRPC_ACK_TYPE_NACK
:
477 if (anno_type
== RXRPC_TX_ANNO_NAK
)
479 call
->rxtx_annotations
[ix
] =
480 RXRPC_TX_ANNO_NAK
| annotation
;
484 return rxrpc_proto_abort("SFT", call
, 0);
489 !test_and_set_bit(RXRPC_CALL_EV_RESEND
, &call
->events
))
490 rxrpc_queue_call(call
);
494 * Process an ACK packet.
496 * ack.firstPacket is the sequence number of the first soft-ACK'd/NAK'd packet
497 * in the ACK array. Anything before that is hard-ACK'd and may be discarded.
499 * A hard-ACK means that a packet has been processed and may be discarded; a
500 * soft-ACK means that the packet may be discarded and retransmission
501 * requested. A phase is complete when all packets are hard-ACK'd.
503 static void rxrpc_input_ack(struct rxrpc_call
*call
, struct sk_buff
*skb
,
506 struct rxrpc_skb_priv
*sp
= rxrpc_skb(skb
);
508 struct rxrpc_ackpacket ack
;
509 struct rxrpc_ackinfo info
;
510 u8 acks
[RXRPC_MAXACKS
];
512 rxrpc_serial_t acked_serial
;
513 rxrpc_seq_t first_soft_ack
, hard_ack
;
518 if (skb_copy_bits(skb
, sp
->offset
, &buf
.ack
, sizeof(buf
.ack
)) < 0) {
519 _debug("extraction failure");
520 return rxrpc_proto_abort("XAK", call
, 0);
522 sp
->offset
+= sizeof(buf
.ack
);
524 acked_serial
= ntohl(buf
.ack
.serial
);
525 first_soft_ack
= ntohl(buf
.ack
.firstPacket
);
526 hard_ack
= first_soft_ack
- 1;
527 nr_acks
= buf
.ack
.nAcks
;
529 trace_rxrpc_rx_ack(call
, first_soft_ack
, buf
.ack
.reason
, nr_acks
);
531 _proto("Rx ACK %%%u { m=%hu f=#%u p=#%u s=%%%u r=%s n=%u }",
533 ntohs(buf
.ack
.maxSkew
),
535 ntohl(buf
.ack
.previousPacket
),
537 rxrpc_acks(buf
.ack
.reason
),
540 if (buf
.ack
.reason
== RXRPC_ACK_PING_RESPONSE
)
541 rxrpc_input_ping_response(call
, skb
->tstamp
, acked_serial
,
543 if (buf
.ack
.reason
== RXRPC_ACK_REQUESTED
)
544 rxrpc_input_requested_ack(call
, skb
->tstamp
, acked_serial
,
547 if (buf
.ack
.reason
== RXRPC_ACK_PING
) {
548 _proto("Rx ACK %%%u PING Request", sp
->hdr
.serial
);
549 rxrpc_propose_ACK(call
, RXRPC_ACK_PING_RESPONSE
,
550 skew
, sp
->hdr
.serial
, true, true);
551 } else if (sp
->hdr
.flags
& RXRPC_REQUEST_ACK
) {
552 rxrpc_propose_ACK(call
, RXRPC_ACK_REQUESTED
,
553 skew
, sp
->hdr
.serial
, true, true);
556 offset
= sp
->offset
+ nr_acks
+ 3;
557 if (skb
->len
>= offset
+ sizeof(buf
.info
)) {
558 if (skb_copy_bits(skb
, offset
, &buf
.info
, sizeof(buf
.info
)) < 0)
559 return rxrpc_proto_abort("XAI", call
, 0);
560 rxrpc_input_ackinfo(call
, skb
, &buf
.info
);
563 if (first_soft_ack
== 0)
564 return rxrpc_proto_abort("AK0", call
, 0);
566 /* Ignore ACKs unless we are or have just been transmitting. */
567 switch (call
->state
) {
568 case RXRPC_CALL_CLIENT_SEND_REQUEST
:
569 case RXRPC_CALL_CLIENT_AWAIT_REPLY
:
570 case RXRPC_CALL_SERVER_SEND_REPLY
:
571 case RXRPC_CALL_SERVER_AWAIT_ACK
:
577 /* Discard any out-of-order or duplicate ACKs. */
578 if ((int)sp
->hdr
.serial
- (int)call
->acks_latest
<= 0) {
579 _debug("discard ACK %d <= %d",
580 sp
->hdr
.serial
, call
->acks_latest
);
583 call
->acks_latest
= sp
->hdr
.serial
;
585 if (test_bit(RXRPC_CALL_TX_LAST
, &call
->flags
) &&
586 hard_ack
== call
->tx_top
) {
587 rxrpc_end_tx_phase(call
, "ETA");
591 if (before(hard_ack
, call
->tx_hard_ack
) ||
592 after(hard_ack
, call
->tx_top
))
593 return rxrpc_proto_abort("AKW", call
, 0);
595 if (after(hard_ack
, call
->tx_hard_ack
))
596 rxrpc_rotate_tx_window(call
, hard_ack
);
598 if (after(first_soft_ack
, call
->tx_top
))
601 if (nr_acks
> call
->tx_top
- first_soft_ack
+ 1)
602 nr_acks
= first_soft_ack
- call
->tx_top
+ 1;
603 if (skb_copy_bits(skb
, sp
->offset
, buf
.acks
, nr_acks
) < 0)
604 return rxrpc_proto_abort("XSA", call
, 0);
605 rxrpc_input_soft_acks(call
, buf
.acks
, first_soft_ack
, nr_acks
);
609 * Process an ACKALL packet.
611 static void rxrpc_input_ackall(struct rxrpc_call
*call
, struct sk_buff
*skb
)
613 struct rxrpc_skb_priv
*sp
= rxrpc_skb(skb
);
615 _proto("Rx ACKALL %%%u", sp
->hdr
.serial
);
617 rxrpc_end_tx_phase(call
, "ETL");
621 * Process an ABORT packet.
623 static void rxrpc_input_abort(struct rxrpc_call
*call
, struct sk_buff
*skb
)
625 struct rxrpc_skb_priv
*sp
= rxrpc_skb(skb
);
627 u32 abort_code
= RX_CALL_DEAD
;
632 skb_copy_bits(skb
, sp
->offset
, &wtmp
, sizeof(wtmp
)) >= 0)
633 abort_code
= ntohl(wtmp
);
635 _proto("Rx ABORT %%%u { %x }", sp
->hdr
.serial
, abort_code
);
637 if (rxrpc_set_call_completion(call
, RXRPC_CALL_REMOTELY_ABORTED
,
638 abort_code
, ECONNABORTED
))
639 rxrpc_notify_socket(call
);
643 * Process an incoming call packet.
645 static void rxrpc_input_call_packet(struct rxrpc_call
*call
,
646 struct sk_buff
*skb
, u16 skew
)
648 struct rxrpc_skb_priv
*sp
= rxrpc_skb(skb
);
650 _enter("%p,%p", call
, skb
);
652 switch (sp
->hdr
.type
) {
653 case RXRPC_PACKET_TYPE_DATA
:
654 rxrpc_input_data(call
, skb
, skew
);
657 case RXRPC_PACKET_TYPE_ACK
:
658 rxrpc_input_ack(call
, skb
, skew
);
661 case RXRPC_PACKET_TYPE_BUSY
:
662 _proto("Rx BUSY %%%u", sp
->hdr
.serial
);
664 /* Just ignore BUSY packets from the server; the retry and
665 * lifespan timers will take care of business. BUSY packets
666 * from the client don't make sense.
670 case RXRPC_PACKET_TYPE_ABORT
:
671 rxrpc_input_abort(call
, skb
);
674 case RXRPC_PACKET_TYPE_ACKALL
:
675 rxrpc_input_ackall(call
, skb
);
679 _proto("Rx %s %%%u", rxrpc_pkts
[sp
->hdr
.type
], sp
->hdr
.serial
);
687 * post connection-level events to the connection
688 * - this includes challenges, responses, some aborts and call terminal packet
691 static void rxrpc_post_packet_to_conn(struct rxrpc_connection
*conn
,
694 _enter("%p,%p", conn
, skb
);
696 skb_queue_tail(&conn
->rx_queue
, skb
);
697 rxrpc_queue_conn(conn
);
701 * post endpoint-level events to the local endpoint
702 * - this includes debug and version messages
704 static void rxrpc_post_packet_to_local(struct rxrpc_local
*local
,
707 _enter("%p,%p", local
, skb
);
709 skb_queue_tail(&local
->event_queue
, skb
);
710 rxrpc_queue_local(local
);
714 * put a packet up for transport-level abort
716 static void rxrpc_reject_packet(struct rxrpc_local
*local
, struct sk_buff
*skb
)
718 CHECK_SLAB_OKAY(&local
->usage
);
720 skb_queue_tail(&local
->reject_queue
, skb
);
721 rxrpc_queue_local(local
);
725 * Extract the wire header from a packet and translate the byte order.
728 int rxrpc_extract_header(struct rxrpc_skb_priv
*sp
, struct sk_buff
*skb
)
730 struct rxrpc_wire_header whdr
;
732 /* dig out the RxRPC connection details */
733 if (skb_copy_bits(skb
, 0, &whdr
, sizeof(whdr
)) < 0)
736 memset(sp
, 0, sizeof(*sp
));
737 sp
->hdr
.epoch
= ntohl(whdr
.epoch
);
738 sp
->hdr
.cid
= ntohl(whdr
.cid
);
739 sp
->hdr
.callNumber
= ntohl(whdr
.callNumber
);
740 sp
->hdr
.seq
= ntohl(whdr
.seq
);
741 sp
->hdr
.serial
= ntohl(whdr
.serial
);
742 sp
->hdr
.flags
= whdr
.flags
;
743 sp
->hdr
.type
= whdr
.type
;
744 sp
->hdr
.userStatus
= whdr
.userStatus
;
745 sp
->hdr
.securityIndex
= whdr
.securityIndex
;
746 sp
->hdr
._rsvd
= ntohs(whdr
._rsvd
);
747 sp
->hdr
.serviceId
= ntohs(whdr
.serviceId
);
748 sp
->offset
= sizeof(whdr
);
753 * handle data received on the local endpoint
754 * - may be called in interrupt context
756 * The socket is locked by the caller and this prevents the socket from being
757 * shut down and the local endpoint from going away, thus sk_user_data will not
758 * be cleared until this function returns.
760 void rxrpc_data_ready(struct sock
*udp_sk
)
762 struct rxrpc_connection
*conn
;
763 struct rxrpc_channel
*chan
;
764 struct rxrpc_call
*call
;
765 struct rxrpc_skb_priv
*sp
;
766 struct rxrpc_local
*local
= udp_sk
->sk_user_data
;
768 unsigned int channel
;
771 _enter("%p", udp_sk
);
773 ASSERT(!irqs_disabled());
775 skb
= skb_recv_datagram(udp_sk
, 0, 1, &ret
);
779 _debug("UDP socket error %d", ret
);
783 rxrpc_new_skb(skb
, rxrpc_skb_rx_received
);
785 _net("recv skb %p", skb
);
787 /* we'll probably need to checksum it (didn't call sock_recvmsg) */
788 if (skb_checksum_complete(skb
)) {
789 rxrpc_free_skb(skb
, rxrpc_skb_rx_freed
);
790 __UDP_INC_STATS(&init_net
, UDP_MIB_INERRORS
, 0);
791 _leave(" [CSUM failed]");
795 __UDP_INC_STATS(&init_net
, UDP_MIB_INDATAGRAMS
, 0);
797 /* The socket buffer we have is owned by UDP, with UDP's data all over
798 * it, but we really want our own data there.
803 if (IS_ENABLED(CONFIG_AF_RXRPC_INJECT_LOSS
)) {
805 if ((lose
++ & 7) == 7) {
806 rxrpc_lose_skb(skb
, rxrpc_skb_rx_lost
);
811 _net("Rx UDP packet from %08x:%04hu",
812 ntohl(ip_hdr(skb
)->saddr
), ntohs(udp_hdr(skb
)->source
));
814 /* dig out the RxRPC connection details */
815 if (rxrpc_extract_header(sp
, skb
) < 0)
817 trace_rxrpc_rx_packet(sp
);
819 _net("Rx RxRPC %s ep=%x call=%x:%x",
820 sp
->hdr
.flags
& RXRPC_CLIENT_INITIATED
? "ToServer" : "ToClient",
821 sp
->hdr
.epoch
, sp
->hdr
.cid
, sp
->hdr
.callNumber
);
823 if (sp
->hdr
.type
>= RXRPC_N_PACKET_TYPES
||
824 !((RXRPC_SUPPORTED_PACKET_TYPES
>> sp
->hdr
.type
) & 1)) {
825 _proto("Rx Bad Packet Type %u", sp
->hdr
.type
);
829 switch (sp
->hdr
.type
) {
830 case RXRPC_PACKET_TYPE_VERSION
:
831 rxrpc_post_packet_to_local(local
, skb
);
834 case RXRPC_PACKET_TYPE_BUSY
:
835 if (sp
->hdr
.flags
& RXRPC_CLIENT_INITIATED
)
838 case RXRPC_PACKET_TYPE_DATA
:
839 if (sp
->hdr
.callNumber
== 0)
841 if (sp
->hdr
.flags
& RXRPC_JUMBO_PACKET
&&
842 !rxrpc_validate_jumbo(skb
))
849 conn
= rxrpc_find_connection_rcu(local
, skb
);
851 if (sp
->hdr
.securityIndex
!= conn
->security_ix
)
854 if (sp
->hdr
.callNumber
== 0) {
855 /* Connection-level packet */
856 _debug("CONN %p {%d}", conn
, conn
->debug_id
);
857 rxrpc_post_packet_to_conn(conn
, skb
);
861 /* Note the serial number skew here */
862 skew
= (int)sp
->hdr
.serial
- (int)conn
->hi_serial
;
865 conn
->hi_serial
= sp
->hdr
.serial
;
868 skew
= min(skew
, 65535);
871 /* Call-bound packets are routed by connection channel. */
872 channel
= sp
->hdr
.cid
& RXRPC_CHANNELMASK
;
873 chan
= &conn
->channels
[channel
];
875 /* Ignore really old calls */
876 if (sp
->hdr
.callNumber
< chan
->last_call
)
879 if (sp
->hdr
.callNumber
== chan
->last_call
) {
880 /* For the previous service call, if completed successfully, we
881 * discard all further packets.
883 if (rxrpc_conn_is_service(conn
) &&
884 (chan
->last_type
== RXRPC_PACKET_TYPE_ACK
||
885 sp
->hdr
.type
== RXRPC_PACKET_TYPE_ABORT
))
888 /* But otherwise we need to retransmit the final packet from
889 * data cached in the connection record.
891 rxrpc_post_packet_to_conn(conn
, skb
);
895 call
= rcu_dereference(chan
->call
);
901 if (!call
|| atomic_read(&call
->usage
) == 0) {
902 if (!(sp
->hdr
.type
& RXRPC_CLIENT_INITIATED
) ||
903 sp
->hdr
.callNumber
== 0 ||
904 sp
->hdr
.type
!= RXRPC_PACKET_TYPE_DATA
)
905 goto bad_message_unlock
;
906 if (sp
->hdr
.seq
!= 1)
908 call
= rxrpc_new_incoming_call(local
, conn
, skb
);
913 rxrpc_send_ping(call
, skb
, skew
);
916 rxrpc_input_call_packet(call
, skb
, skew
);
922 rxrpc_free_skb(skb
, rxrpc_skb_rx_freed
);
924 trace_rxrpc_rx_done(0, 0);
933 trace_rxrpc_abort("SEC", sp
->hdr
.cid
, sp
->hdr
.callNumber
, sp
->hdr
.seq
,
934 RXKADINCONSISTENCY
, EBADMSG
);
935 skb
->priority
= RXKADINCONSISTENCY
;
941 trace_rxrpc_abort("BAD", sp
->hdr
.cid
, sp
->hdr
.callNumber
, sp
->hdr
.seq
,
942 RX_PROTOCOL_ERROR
, EBADMSG
);
943 skb
->priority
= RX_PROTOCOL_ERROR
;
945 skb
->mark
= RXRPC_SKB_MARK_LOCAL_ABORT
;
947 trace_rxrpc_rx_done(skb
->mark
, skb
->priority
);
948 rxrpc_reject_packet(local
, skb
);