/net/netfilter/nf_conntrack_proto_dccp.c

https://bitbucket.org/abioy/linux · C · 896 lines · 542 code · 70 blank · 284 comment · 54 complexity · 879115b12a14435050f7da1504a17416 MD5 · raw file 

    

  1. /*
    2. 

  2.  * DCCP connection tracking protocol helper
    3. 

  3.  *
    4. 

  4.  * Copyright (c) 2005, 2006, 2008 Patrick McHardy <kaber@trash.net>
    5. 

  5.  *
    6. 

  6.  * This program is free software; you can redistribute it and/or modify
    7. 

  7.  * it under the terms of the GNU General Public License version 2 as
    8. 

  8.  * published by the Free Software Foundation.
    9. 

  9.  *
    10. 

  10.  */
    11. 

  11. #include <linux/kernel.h>
    12. 

  12. #include <linux/module.h>
    13. 

  13. #include <linux/init.h>
    14. 

  14. #include <linux/sysctl.h>
    15. 

  15. #include <linux/spinlock.h>
    16. 

  16. #include <linux/skbuff.h>
    17. 

  17. #include <linux/dccp.h>
    18. 

  18. #include <linux/slab.h>
    19. 

  19. 

  20. #include <net/net_namespace.h>
    21. 

  21. #include <net/netns/generic.h>
    22. 

  22. 

  23. #include <linux/netfilter/nfnetlink_conntrack.h>
    24. 

  24. #include <net/netfilter/nf_conntrack.h>
    25. 

  25. #include <net/netfilter/nf_conntrack_l4proto.h>
    26. 

  26. #include <net/netfilter/nf_conntrack_ecache.h>
    27. 

  27. #include <net/netfilter/nf_log.h>
    28. 

  28. 

  29. /* Timeouts are based on values from RFC4340:
    30. 

  30.  *
    31. 

  31.  * - REQUEST:
    32. 

  32.  *
    33. 

  33.  *   8.1.2. Client Request
    34. 

  34.  *
    35. 

  35.  *   A client MAY give up on its DCCP-Requests after some time
    36. 

  36.  *   (3 minutes, for example).
    37. 

  37.  *
    38. 

  38.  * - RESPOND:
    39. 

  39.  *
    40. 

  40.  *   8.1.3. Server Response
    41. 

  41.  *
    42. 

  42.  *   It MAY also leave the RESPOND state for CLOSED after a timeout of
    43. 

  43.  *   not less than 4MSL (8 minutes);
    44. 

  44.  *
    45. 

  45.  * - PARTOPEN:
    46. 

  46.  *
    47. 

  47.  *   8.1.5. Handshake Completion
    48. 

  48.  *
    49. 

  49.  *   If the client remains in PARTOPEN for more than 4MSL (8 minutes),
    50. 

  50.  *   it SHOULD reset the connection with Reset Code 2, "Aborted".
    51. 

  51.  *
    52. 

  52.  * - OPEN:
    53. 

  53.  *
    54. 

  54.  *   The DCCP timestamp overflows after 11.9 hours. If the connection
    55. 

  55.  *   stays idle this long the sequence number won't be recognized
    56. 

  56.  *   as valid anymore.
    57. 

  57.  *
    58. 

  58.  * - CLOSEREQ/CLOSING:
    59. 

  59.  *
    60. 

  60.  *   8.3. Termination
    61. 

  61.  *
    62. 

  62.  *   The retransmission timer should initially be set to go off in two
    63. 

  63.  *   round-trip times and should back off to not less than once every
    64. 

  64.  *   64 seconds ...
    65. 

  65.  *
    66. 

  66.  * - TIMEWAIT:
    67. 

  67.  *
    68. 

  68.  *   4.3. States
    69. 

  69.  *
    70. 

  70.  *   A server or client socket remains in this state for 2MSL (4 minutes)
    71. 

  71.  *   after the connection has been town down, ...
    72. 

  72.  */
    73. 

  73. 

  74. #define DCCP_MSL (2 * 60 * HZ)
    75. 

  75. 

  76. static const char * const dccp_state_names[] = {
    77. 

  77. 	[CT_DCCP_NONE]		= "NONE",
    78. 

  78. 	[CT_DCCP_REQUEST]	= "REQUEST",
    79. 

  79. 	[CT_DCCP_RESPOND]	= "RESPOND",
    80. 

  80. 	[CT_DCCP_PARTOPEN]	= "PARTOPEN",
    81. 

  81. 	[CT_DCCP_OPEN]		= "OPEN",
    82. 

  82. 	[CT_DCCP_CLOSEREQ]	= "CLOSEREQ",
    83. 

  83. 	[CT_DCCP_CLOSING]	= "CLOSING",
    84. 

  84. 	[CT_DCCP_TIMEWAIT]	= "TIMEWAIT",
    85. 

  85. 	[CT_DCCP_IGNORE]	= "IGNORE",
    86. 

  86. 	[CT_DCCP_INVALID]	= "INVALID",
    87. 

  87. };
    88. 

  88. 

  89. #define sNO	CT_DCCP_NONE
    90. 

  90. #define sRQ	CT_DCCP_REQUEST
    91. 

  91. #define sRS	CT_DCCP_RESPOND
    92. 

  92. #define sPO	CT_DCCP_PARTOPEN
    93. 

  93. #define sOP	CT_DCCP_OPEN
    94. 

  94. #define sCR	CT_DCCP_CLOSEREQ
    95. 

  95. #define sCG	CT_DCCP_CLOSING
    96. 

  96. #define sTW	CT_DCCP_TIMEWAIT
    97. 

  97. #define sIG	CT_DCCP_IGNORE
    98. 

  98. #define sIV	CT_DCCP_INVALID
    99. 

  99. 

  100. /*
    101. 

  101.  * DCCP state transistion table
    102. 

  102.  *
    103. 

  103.  * The assumption is the same as for TCP tracking:
    104. 

  104.  *
    105. 

  105.  * We are the man in the middle. All the packets go through us but might
    106. 

  106.  * get lost in transit to the destination. It is assumed that the destination
    107. 

  107.  * can't receive segments we haven't seen.
    108. 

  108.  *
    109. 

  109.  * The following states exist:
    110. 

  110.  *
    111. 

  111.  * NONE:	Initial state, expecting Request
    112. 

  112.  * REQUEST:	Request seen, waiting for Response from server
    113. 

  113.  * RESPOND:	Response from server seen, waiting for Ack from client
    114. 

  114.  * PARTOPEN:	Ack after Response seen, waiting for packet other than Response,
    115. 

  115.  * 		Reset or Sync from server
    116. 

  116.  * OPEN:	Packet other than Response, Reset or Sync seen
    117. 

  117.  * CLOSEREQ:	CloseReq from server seen, expecting Close from client
    118. 

  118.  * CLOSING:	Close seen, expecting Reset
    119. 

  119.  * TIMEWAIT:	Reset seen
    120. 

  120.  * IGNORE:	Not determinable whether packet is valid
    121. 

  121.  *
    122. 

  122.  * Some states exist only on one side of the connection: REQUEST, RESPOND,
    123. 

  123.  * PARTOPEN, CLOSEREQ. For the other side these states are equivalent to
    124. 

  124.  * the one it was in before.
    125. 

  125.  *
    126. 

  126.  * Packets are marked as ignored (sIG) if we don't know if they're valid
    127. 

  127.  * (for example a reincarnation of a connection we didn't notice is dead
    128. 

  128.  * already) and the server may send back a connection closing Reset or a
    129. 

  129.  * Response. They're also used for Sync/SyncAck packets, which we don't
    130. 

  130.  * care about.
    131. 

  131.  */
    132. 

  132. static const u_int8_t
    133. 

  133. dccp_state_table[CT_DCCP_ROLE_MAX + 1][DCCP_PKT_SYNCACK + 1][CT_DCCP_MAX + 1] = {
    134. 

  134. 	[CT_DCCP_ROLE_CLIENT] = {
    135. 

  135. 		[DCCP_PKT_REQUEST] = {
    136. 

  136. 		/*
    137. 

  137. 		 * sNO -> sRQ		Regular Request
    138. 

  138. 		 * sRQ -> sRQ		Retransmitted Request or reincarnation
    139. 

  139. 		 * sRS -> sRS		Retransmitted Request (apparently Response
    140. 

  140. 		 * 			got lost after we saw it) or reincarnation
    141. 

  141. 		 * sPO -> sIG		Ignore, conntrack might be out of sync
    142. 

  142. 		 * sOP -> sIG		Ignore, conntrack might be out of sync
    143. 

  143. 		 * sCR -> sIG		Ignore, conntrack might be out of sync
    144. 

  144. 		 * sCG -> sIG		Ignore, conntrack might be out of sync
    145. 

  145. 		 * sTW -> sRQ		Reincarnation
    146. 

  146. 		 *
    147. 

  147. 		 *	sNO, sRQ, sRS, sPO. sOP, sCR, sCG, sTW, */
    148. 

  148. 			sRQ, sRQ, sRS, sIG, sIG, sIG, sIG, sRQ,
    149. 

  149. 		},
    150. 

  150. 		[DCCP_PKT_RESPONSE] = {
    151. 

  151. 		/*
    152. 

  152. 		 * sNO -> sIV		Invalid
    153. 

  153. 		 * sRQ -> sIG		Ignore, might be response to ignored Request
    154. 

  154. 		 * sRS -> sIG		Ignore, might be response to ignored Request
    155. 

  155. 		 * sPO -> sIG		Ignore, might be response to ignored Request
    156. 

  156. 		 * sOP -> sIG		Ignore, might be response to ignored Request
    157. 

  157. 		 * sCR -> sIG		Ignore, might be response to ignored Request
    158. 

  158. 		 * sCG -> sIG		Ignore, might be response to ignored Request
    159. 

  159. 		 * sTW -> sIV		Invalid, reincarnation in reverse direction
    160. 

  160. 		 *			goes through sRQ
    161. 

  161. 		 *
    162. 

  162. 		 *	sNO, sRQ, sRS, sPO, sOP, sCR, sCG, sTW */
    163. 

  163. 			sIV, sIG, sIG, sIG, sIG, sIG, sIG, sIV,
    164. 

  164. 		},
    165. 

  165. 		[DCCP_PKT_ACK] = {
    166. 

  166. 		/*
    167. 

  167. 		 * sNO -> sIV		No connection
    168. 

  168. 		 * sRQ -> sIV		No connection
    169. 

  169. 		 * sRS -> sPO		Ack for Response, move to PARTOPEN (8.1.5.)
    170. 

  170. 		 * sPO -> sPO		Retransmitted Ack for Response, remain in PARTOPEN
    171. 

  171. 		 * sOP -> sOP		Regular ACK, remain in OPEN
    172. 

  172. 		 * sCR -> sCR		Ack in CLOSEREQ MAY be processed (8.3.)
    173. 

  173. 		 * sCG -> sCG		Ack in CLOSING MAY be processed (8.3.)
    174. 

  174. 		 * sTW -> sIV
    175. 

  175. 		 *
    176. 

  176. 		 *	sNO, sRQ, sRS, sPO, sOP, sCR, sCG, sTW */
    177. 

  177. 			sIV, sIV, sPO, sPO, sOP, sCR, sCG, sIV
    178. 

  178. 		},
    179. 

  179. 		[DCCP_PKT_DATA] = {
    180. 

  180. 		/*
    181. 

  181. 		 * sNO -> sIV		No connection
    182. 

  182. 		 * sRQ -> sIV		No connection
    183. 

  183. 		 * sRS -> sIV		No connection
    184. 

  184. 		 * sPO -> sIV		MUST use DataAck in PARTOPEN state (8.1.5.)
    185. 

  185. 		 * sOP -> sOP		Regular Data packet
    186. 

  186. 		 * sCR -> sCR		Data in CLOSEREQ MAY be processed (8.3.)
    187. 

  187. 		 * sCG -> sCG		Data in CLOSING MAY be processed (8.3.)
    188. 

  188. 		 * sTW -> sIV
    189. 

  189. 		 *
    190. 

  190. 		 *	sNO, sRQ, sRS, sPO, sOP, sCR, sCG, sTW */
    191. 

  191. 			sIV, sIV, sIV, sIV, sOP, sCR, sCG, sIV,
    192. 

  192. 		},
    193. 

  193. 		[DCCP_PKT_DATAACK] = {
    194. 

  194. 		/*
    195. 

  195. 		 * sNO -> sIV		No connection
    196. 

  196. 		 * sRQ -> sIV		No connection
    197. 

  197. 		 * sRS -> sPO		Ack for Response, move to PARTOPEN (8.1.5.)
    198. 

  198. 		 * sPO -> sPO		Remain in PARTOPEN state
    199. 

  199. 		 * sOP -> sOP		Regular DataAck packet in OPEN state
    200. 

  200. 		 * sCR -> sCR		DataAck in CLOSEREQ MAY be processed (8.3.)
    201. 

  201. 		 * sCG -> sCG		DataAck in CLOSING MAY be processed (8.3.)
    202. 

  202. 		 * sTW -> sIV
    203. 

  203. 		 *
    204. 

  204. 		 *	sNO, sRQ, sRS, sPO, sOP, sCR, sCG, sTW */
    205. 

  205. 			sIV, sIV, sPO, sPO, sOP, sCR, sCG, sIV
    206. 

  206. 		},
    207. 

  207. 		[DCCP_PKT_CLOSEREQ] = {
    208. 

  208. 		/*
    209. 

  209. 		 * CLOSEREQ may only be sent by the server.
    210. 

  210. 		 *
    211. 

  211. 		 *	sNO, sRQ, sRS, sPO, sOP, sCR, sCG, sTW */
    212. 

  212. 			sIV, sIV, sIV, sIV, sIV, sIV, sIV, sIV
    213. 

  213. 		},
    214. 

  214. 		[DCCP_PKT_CLOSE] = {
    215. 

  215. 		/*
    216. 

  216. 		 * sNO -> sIV		No connection
    217. 

  217. 		 * sRQ -> sIV		No connection
    218. 

  218. 		 * sRS -> sIV		No connection
    219. 

  219. 		 * sPO -> sCG		Client-initiated close
    220. 

  220. 		 * sOP -> sCG		Client-initiated close
    221. 

  221. 		 * sCR -> sCG		Close in response to CloseReq (8.3.)
    222. 

  222. 		 * sCG -> sCG		Retransmit
    223. 

  223. 		 * sTW -> sIV		Late retransmit, already in TIME_WAIT
    224. 

  224. 		 *
    225. 

  225. 		 *	sNO, sRQ, sRS, sPO, sOP, sCR, sCG, sTW */
    226. 

  226. 			sIV, sIV, sIV, sCG, sCG, sCG, sIV, sIV
    227. 

  227. 		},
    228. 

  228. 		[DCCP_PKT_RESET] = {
    229. 

  229. 		/*
    230. 

  230. 		 * sNO -> sIV		No connection
    231. 

  231. 		 * sRQ -> sTW		Sync received or timeout, SHOULD send Reset (8.1.1.)
    232. 

  232. 		 * sRS -> sTW		Response received without Request
    233. 

  233. 		 * sPO -> sTW		Timeout, SHOULD send Reset (8.1.5.)
    234. 

  234. 		 * sOP -> sTW		Connection reset
    235. 

  235. 		 * sCR -> sTW		Connection reset
    236. 

  236. 		 * sCG -> sTW		Connection reset
    237. 

  237. 		 * sTW -> sIG		Ignore (don't refresh timer)
    238. 

  238. 		 *
    239. 

  239. 		 *	sNO, sRQ, sRS, sPO, sOP, sCR, sCG, sTW */
    240. 

  240. 			sIV, sTW, sTW, sTW, sTW, sTW, sTW, sIG
    241. 

  241. 		},
    242. 

  242. 		[DCCP_PKT_SYNC] = {
    243. 

  243. 		/*
    244. 

  244. 		 * We currently ignore Sync packets
    245. 

  245. 		 *
    246. 

  246. 		 *	sNO, sRQ, sRS, sPO, sOP, sCR, sCG, sTW */
    247. 

  247. 			sIG, sIG, sIG, sIG, sIG, sIG, sIG, sIG,
    248. 

  248. 		},
    249. 

  249. 		[DCCP_PKT_SYNCACK] = {
    250. 

  250. 		/*
    251. 

  251. 		 * We currently ignore SyncAck packets
    252. 

  252. 		 *
    253. 

  253. 		 *	sNO, sRQ, sRS, sPO, sOP, sCR, sCG, sTW */
    254. 

  254. 			sIG, sIG, sIG, sIG, sIG, sIG, sIG, sIG,
    255. 

  255. 		},
    256. 

  256. 	},
    257. 

  257. 	[CT_DCCP_ROLE_SERVER] = {
    258. 

  258. 		[DCCP_PKT_REQUEST] = {
    259. 

  259. 		/*
    260. 

  260. 		 * sNO -> sIV		Invalid
    261. 

  261. 		 * sRQ -> sIG		Ignore, conntrack might be out of sync
    262. 

  262. 		 * sRS -> sIG		Ignore, conntrack might be out of sync
    263. 

  263. 		 * sPO -> sIG		Ignore, conntrack might be out of sync
    264. 

  264. 		 * sOP -> sIG		Ignore, conntrack might be out of sync
    265. 

  265. 		 * sCR -> sIG		Ignore, conntrack might be out of sync
    266. 

  266. 		 * sCG -> sIG		Ignore, conntrack might be out of sync
    267. 

  267. 		 * sTW -> sRQ		Reincarnation, must reverse roles
    268. 

  268. 		 *
    269. 

  269. 		 *	sNO, sRQ, sRS, sPO, sOP, sCR, sCG, sTW */
    270. 

  270. 			sIV, sIG, sIG, sIG, sIG, sIG, sIG, sRQ
    271. 

  271. 		},
    272. 

  272. 		[DCCP_PKT_RESPONSE] = {
    273. 

  273. 		/*
    274. 

  274. 		 * sNO -> sIV		Response without Request
    275. 

  275. 		 * sRQ -> sRS		Response to clients Request
    276. 

  276. 		 * sRS -> sRS		Retransmitted Response (8.1.3. SHOULD NOT)
    277. 

  277. 		 * sPO -> sIG		Response to an ignored Request or late retransmit
    278. 

  278. 		 * sOP -> sIG		Ignore, might be response to ignored Request
    279. 

  279. 		 * sCR -> sIG		Ignore, might be response to ignored Request
    280. 

  280. 		 * sCG -> sIG		Ignore, might be response to ignored Request
    281. 

  281. 		 * sTW -> sIV		Invalid, Request from client in sTW moves to sRQ
    282. 

  282. 		 *
    283. 

  283. 		 *	sNO, sRQ, sRS, sPO, sOP, sCR, sCG, sTW */
    284. 

  284. 			sIV, sRS, sRS, sIG, sIG, sIG, sIG, sIV
    285. 

  285. 		},
    286. 

  286. 		[DCCP_PKT_ACK] = {
    287. 

  287. 		/*
    288. 

  288. 		 * sNO -> sIV		No connection
    289. 

  289. 		 * sRQ -> sIV		No connection
    290. 

  290. 		 * sRS -> sIV		No connection
    291. 

  291. 		 * sPO -> sOP		Enter OPEN state (8.1.5.)
    292. 

  292. 		 * sOP -> sOP		Regular Ack in OPEN state
    293. 

  293. 		 * sCR -> sIV		Waiting for Close from client
    294. 

  294. 		 * sCG -> sCG		Ack in CLOSING MAY be processed (8.3.)
    295. 

  295. 		 * sTW -> sIV
    296. 

  296. 		 *
    297. 

  297. 		 *	sNO, sRQ, sRS, sPO, sOP, sCR, sCG, sTW */
    298. 

  298. 			sIV, sIV, sIV, sOP, sOP, sIV, sCG, sIV
    299. 

  299. 		},
    300. 

  300. 		[DCCP_PKT_DATA] = {
    301. 

  301. 		/*
    302. 

  302. 		 * sNO -> sIV		No connection
    303. 

  303. 		 * sRQ -> sIV		No connection
    304. 

  304. 		 * sRS -> sIV		No connection
    305. 

  305. 		 * sPO -> sOP		Enter OPEN state (8.1.5.)
    306. 

  306. 		 * sOP -> sOP		Regular Data packet in OPEN state
    307. 

  307. 		 * sCR -> sIV		Waiting for Close from client
    308. 

  308. 		 * sCG -> sCG		Data in CLOSING MAY be processed (8.3.)
    309. 

  309. 		 * sTW -> sIV
    310. 

  310. 		 *
    311. 

  311. 		 *	sNO, sRQ, sRS, sPO, sOP, sCR, sCG, sTW */
    312. 

  312. 			sIV, sIV, sIV, sOP, sOP, sIV, sCG, sIV
    313. 

  313. 		},
    314. 

  314. 		[DCCP_PKT_DATAACK] = {
    315. 

  315. 		/*
    316. 

  316. 		 * sNO -> sIV		No connection
    317. 

  317. 		 * sRQ -> sIV		No connection
    318. 

  318. 		 * sRS -> sIV		No connection
    319. 

  319. 		 * sPO -> sOP		Enter OPEN state (8.1.5.)
    320. 

  320. 		 * sOP -> sOP		Regular DataAck in OPEN state
    321. 

  321. 		 * sCR -> sIV		Waiting for Close from client
    322. 

  322. 		 * sCG -> sCG		Data in CLOSING MAY be processed (8.3.)
    323. 

  323. 		 * sTW -> sIV
    324. 

  324. 		 *
    325. 

  325. 		 *	sNO, sRQ, sRS, sPO, sOP, sCR, sCG, sTW */
    326. 

  326. 			sIV, sIV, sIV, sOP, sOP, sIV, sCG, sIV
    327. 

  327. 		},
    328. 

  328. 		[DCCP_PKT_CLOSEREQ] = {
    329. 

  329. 		/*
    330. 

  330. 		 * sNO -> sIV		No connection
    331. 

  331. 		 * sRQ -> sIV		No connection
    332. 

  332. 		 * sRS -> sIV		No connection
    333. 

  333. 		 * sPO -> sOP -> sCR	Move directly to CLOSEREQ (8.1.5.)
    334. 

  334. 		 * sOP -> sCR		CloseReq in OPEN state
    335. 

  335. 		 * sCR -> sCR		Retransmit
    336. 

  336. 		 * sCG -> sCR		Simultaneous close, client sends another Close
    337. 

  337. 		 * sTW -> sIV		Already closed
    338. 

  338. 		 *
    339. 

  339. 		 *	sNO, sRQ, sRS, sPO, sOP, sCR, sCG, sTW */
    340. 

  340. 			sIV, sIV, sIV, sCR, sCR, sCR, sCR, sIV
    341. 

  341. 		},
    342. 

  342. 		[DCCP_PKT_CLOSE] = {
    343. 

  343. 		/*
    344. 

  344. 		 * sNO -> sIV		No connection
    345. 

  345. 		 * sRQ -> sIV		No connection
    346. 

  346. 		 * sRS -> sIV		No connection
    347. 

  347. 		 * sPO -> sOP -> sCG	Move direcly to CLOSING
    348. 

  348. 		 * sOP -> sCG		Move to CLOSING
    349. 

  349. 		 * sCR -> sIV		Close after CloseReq is invalid
    350. 

  350. 		 * sCG -> sCG		Retransmit
    351. 

  351. 		 * sTW -> sIV		Already closed
    352. 

  352. 		 *
    353. 

  353. 		 *	sNO, sRQ, sRS, sPO, sOP, sCR, sCG, sTW */
    354. 

  354. 			sIV, sIV, sIV, sCG, sCG, sIV, sCG, sIV
    355. 

  355. 		},
    356. 

  356. 		[DCCP_PKT_RESET] = {
    357. 

  357. 		/*
    358. 

  358. 		 * sNO -> sIV		No connection
    359. 

  359. 		 * sRQ -> sTW		Reset in response to Request
    360. 

  360. 		 * sRS -> sTW		Timeout, SHOULD send Reset (8.1.3.)
    361. 

  361. 		 * sPO -> sTW		Timeout, SHOULD send Reset (8.1.3.)
    362. 

  362. 		 * sOP -> sTW
    363. 

  363. 		 * sCR -> sTW
    364. 

  364. 		 * sCG -> sTW
    365. 

  365. 		 * sTW -> sIG		Ignore (don't refresh timer)
    366. 

  366. 		 *
    367. 

  367. 		 *	sNO, sRQ, sRS, sPO, sOP, sCR, sCG, sTW, sTW */
    368. 

  368. 			sIV, sTW, sTW, sTW, sTW, sTW, sTW, sTW, sIG
    369. 

  369. 		},
    370. 

  370. 		[DCCP_PKT_SYNC] = {
    371. 

  371. 		/*
    372. 

  372. 		 * We currently ignore Sync packets
    373. 

  373. 		 *
    374. 

  374. 		 *	sNO, sRQ, sRS, sPO, sOP, sCR, sCG, sTW */
    375. 

  375. 			sIG, sIG, sIG, sIG, sIG, sIG, sIG, sIG,
    376. 

  376. 		},
    377. 

  377. 		[DCCP_PKT_SYNCACK] = {
    378. 

  378. 		/*
    379. 

  379. 		 * We currently ignore SyncAck packets
    380. 

  380. 		 *
    381. 

  381. 		 *	sNO, sRQ, sRS, sPO, sOP, sCR, sCG, sTW */
    382. 

  382. 			sIG, sIG, sIG, sIG, sIG, sIG, sIG, sIG,
    383. 

  383. 		},
    384. 

  384. 	},
    385. 

  385. };
    386. 

  386. 

  387. /* this module per-net specifics */
    388. 

  388. static int dccp_net_id __read_mostly;
    389. 

  389. struct dccp_net {
    390. 

  390. 	int dccp_loose;
    391. 

  391. 	unsigned int dccp_timeout[CT_DCCP_MAX + 1];
    392. 

  392. #ifdef CONFIG_SYSCTL
    393. 

  393. 	struct ctl_table_header *sysctl_header;
    394. 

  394. 	struct ctl_table *sysctl_table;
    395. 

  395. #endif
    396. 

  396. };
    397. 

  397. 

  398. static inline struct dccp_net *dccp_pernet(struct net *net)
    399. 

  399. {
    400. 

  400. 	return net_generic(net, dccp_net_id);
    401. 

  401. }
    402. 

  402. 

  403. static bool dccp_pkt_to_tuple(const struct sk_buff *skb, unsigned int dataoff,
    404. 

  404. 			      struct nf_conntrack_tuple *tuple)
    405. 

  405. {
    406. 

  406. 	struct dccp_hdr _hdr, *dh;
    407. 

  407. 

  408. 	dh = skb_header_pointer(skb, dataoff, sizeof(_hdr), &_hdr);
    409. 

  409. 	if (dh == NULL)
    410. 

  410. 		return false;
    411. 

  411. 

  412. 	tuple->src.u.dccp.port = dh->dccph_sport;
    413. 

  413. 	tuple->dst.u.dccp.port = dh->dccph_dport;
    414. 

  414. 	return true;
    415. 

  415. }
    416. 

  416. 

  417. static bool dccp_invert_tuple(struct nf_conntrack_tuple *inv,
    418. 

  418. 			      const struct nf_conntrack_tuple *tuple)
    419. 

  419. {
    420. 

  420. 	inv->src.u.dccp.port = tuple->dst.u.dccp.port;
    421. 

  421. 	inv->dst.u.dccp.port = tuple->src.u.dccp.port;
    422. 

  422. 	return true;
    423. 

  423. }
    424. 

  424. 

  425. static bool dccp_new(struct nf_conn *ct, const struct sk_buff *skb,
    426. 

  426. 		     unsigned int dataoff)
    427. 

  427. {
    428. 

  428. 	struct net *net = nf_ct_net(ct);
    429. 

  429. 	struct dccp_net *dn;
    430. 

  430. 	struct dccp_hdr _dh, *dh;
    431. 

  431. 	const char *msg;
    432. 

  432. 	u_int8_t state;
    433. 

  433. 

  434. 	dh = skb_header_pointer(skb, dataoff, sizeof(_dh), &dh);
    435. 

  435. 	BUG_ON(dh == NULL);
    436. 

  436. 

  437. 	state = dccp_state_table[CT_DCCP_ROLE_CLIENT][dh->dccph_type][CT_DCCP_NONE];
    438. 

  438. 	switch (state) {
    439. 

  439. 	default:
    440. 

  440. 		dn = dccp_pernet(net);
    441. 

  441. 		if (dn->dccp_loose == 0) {
    442. 

  442. 			msg = "nf_ct_dccp: not picking up existing connection ";
    443. 

  443. 			goto out_invalid;
    444. 

  444. 		}
    445. 

  445. 	case CT_DCCP_REQUEST:
    446. 

  446. 		break;
    447. 

  447. 	case CT_DCCP_INVALID:
    448. 

  448. 		msg = "nf_ct_dccp: invalid state transition ";
    449. 

  449. 		goto out_invalid;
    450. 

  450. 	}
    451. 

  451. 

  452. 	ct->proto.dccp.role[IP_CT_DIR_ORIGINAL] = CT_DCCP_ROLE_CLIENT;
    453. 

  453. 	ct->proto.dccp.role[IP_CT_DIR_REPLY] = CT_DCCP_ROLE_SERVER;
    454. 

  454. 	ct->proto.dccp.state = CT_DCCP_NONE;
    455. 

  455. 	return true;
    456. 

  456. 

  457. out_invalid:
    458. 

  458. 	if (LOG_INVALID(net, IPPROTO_DCCP))
    459. 

  459. 		nf_log_packet(nf_ct_l3num(ct), 0, skb, NULL, NULL, NULL, msg);
    460. 

  460. 	return false;
    461. 

  461. }
    462. 

  462. 

  463. static u64 dccp_ack_seq(const struct dccp_hdr *dh)
    464. 

  464. {
    465. 

  465. 	const struct dccp_hdr_ack_bits *dhack;
    466. 

  466. 

  467. 	dhack = (void *)dh + __dccp_basic_hdr_len(dh);
    468. 

  468. 	return ((u64)ntohs(dhack->dccph_ack_nr_high) << 32) +
    469. 

  469. 		     ntohl(dhack->dccph_ack_nr_low);
    470. 

  470. }
    471. 

  471. 

  472. static int dccp_packet(struct nf_conn *ct, const struct sk_buff *skb,
    473. 

  473. 		       unsigned int dataoff, enum ip_conntrack_info ctinfo,
    474. 

  474. 		       u_int8_t pf, unsigned int hooknum)
    475. 

  475. {
    476. 

  476. 	struct net *net = nf_ct_net(ct);
    477. 

  477. 	struct dccp_net *dn;
    478. 

  478. 	enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
    479. 

  479. 	struct dccp_hdr _dh, *dh;
    480. 

  480. 	u_int8_t type, old_state, new_state;
    481. 

  481. 	enum ct_dccp_roles role;
    482. 

  482. 

  483. 	dh = skb_header_pointer(skb, dataoff, sizeof(_dh), &dh);
    484. 

  484. 	BUG_ON(dh == NULL);
    485. 

  485. 	type = dh->dccph_type;
    486. 

  486. 

  487. 	if (type == DCCP_PKT_RESET &&
    488. 

  488. 	    !test_bit(IPS_SEEN_REPLY_BIT, &ct->status)) {
    489. 

  489. 		/* Tear down connection immediately if only reply is a RESET */
    490. 

  490. 		nf_ct_kill_acct(ct, ctinfo, skb);
    491. 

  491. 		return NF_ACCEPT;
    492. 

  492. 	}
    493. 

  493. 

  494. 	spin_lock_bh(&ct->lock);
    495. 

  495. 

  496. 	role = ct->proto.dccp.role[dir];
    497. 

  497. 	old_state = ct->proto.dccp.state;
    498. 

  498. 	new_state = dccp_state_table[role][type][old_state];
    499. 

  499. 

  500. 	switch (new_state) {
    501. 

  501. 	case CT_DCCP_REQUEST:
    502. 

  502. 		if (old_state == CT_DCCP_TIMEWAIT &&
    503. 

  503. 		    role == CT_DCCP_ROLE_SERVER) {
    504. 

  504. 			/* Reincarnation in the reverse direction: reopen and
    505. 

  505. 			 * reverse client/server roles. */
    506. 

  506. 			ct->proto.dccp.role[dir] = CT_DCCP_ROLE_CLIENT;
    507. 

  507. 			ct->proto.dccp.role[!dir] = CT_DCCP_ROLE_SERVER;
    508. 

  508. 		}
    509. 

  509. 		break;
    510. 

  510. 	case CT_DCCP_RESPOND:
    511. 

  511. 		if (old_state == CT_DCCP_REQUEST)
    512. 

  512. 			ct->proto.dccp.handshake_seq = dccp_hdr_seq(dh);
    513. 

  513. 		break;
    514. 

  514. 	case CT_DCCP_PARTOPEN:
    515. 

  515. 		if (old_state == CT_DCCP_RESPOND &&
    516. 

  516. 		    type == DCCP_PKT_ACK &&
    517. 

  517. 		    dccp_ack_seq(dh) == ct->proto.dccp.handshake_seq)
    518. 

  518. 			set_bit(IPS_ASSURED_BIT, &ct->status);
    519. 

  519. 		break;
    520. 

  520. 	case CT_DCCP_IGNORE:
    521. 

  521. 		/*
    522. 

  522. 		 * Connection tracking might be out of sync, so we ignore
    523. 

  523. 		 * packets that might establish a new connection and resync
    524. 

  524. 		 * if the server responds with a valid Response.
    525. 

  525. 		 */
    526. 

  526. 		if (ct->proto.dccp.last_dir == !dir &&
    527. 

  527. 		    ct->proto.dccp.last_pkt == DCCP_PKT_REQUEST &&
    528. 

  528. 		    type == DCCP_PKT_RESPONSE) {
    529. 

  529. 			ct->proto.dccp.role[!dir] = CT_DCCP_ROLE_CLIENT;
    530. 

  530. 			ct->proto.dccp.role[dir] = CT_DCCP_ROLE_SERVER;
    531. 

  531. 			ct->proto.dccp.handshake_seq = dccp_hdr_seq(dh);
    532. 

  532. 			new_state = CT_DCCP_RESPOND;
    533. 

  533. 			break;
    534. 

  534. 		}
    535. 

  535. 		ct->proto.dccp.last_dir = dir;
    536. 

  536. 		ct->proto.dccp.last_pkt = type;
    537. 

  537. 

  538. 		spin_unlock_bh(&ct->lock);
    539. 

  539. 		if (LOG_INVALID(net, IPPROTO_DCCP))
    540. 

  540. 			nf_log_packet(pf, 0, skb, NULL, NULL, NULL,
    541. 

  541. 				      "nf_ct_dccp: invalid packet ignored ");
    542. 

  542. 		return NF_ACCEPT;
    543. 

  543. 	case CT_DCCP_INVALID:
    544. 

  544. 		spin_unlock_bh(&ct->lock);
    545. 

  545. 		if (LOG_INVALID(net, IPPROTO_DCCP))
    546. 

  546. 			nf_log_packet(pf, 0, skb, NULL, NULL, NULL,
    547. 

  547. 				      "nf_ct_dccp: invalid state transition ");
    548. 

  548. 		return -NF_ACCEPT;
    549. 

  549. 	}
    550. 

  550. 

  551. 	ct->proto.dccp.last_dir = dir;
    552. 

  552. 	ct->proto.dccp.last_pkt = type;
    553. 

  553. 	ct->proto.dccp.state = new_state;
    554. 

  554. 	spin_unlock_bh(&ct->lock);
    555. 

  555. 

  556. 	if (new_state != old_state)
    557. 

  557. 		nf_conntrack_event_cache(IPCT_PROTOINFO, ct);
    558. 

  558. 

  559. 	dn = dccp_pernet(net);
    560. 

  560. 	nf_ct_refresh_acct(ct, ctinfo, skb, dn->dccp_timeout[new_state]);
    561. 

  561. 

  562. 	return NF_ACCEPT;
    563. 

  563. }
    564. 

  564. 

  565. static int dccp_error(struct net *net, struct nf_conn *tmpl,
    566. 

  566. 		      struct sk_buff *skb, unsigned int dataoff,
    567. 

  567. 		      enum ip_conntrack_info *ctinfo,
    568. 

  568. 		      u_int8_t pf, unsigned int hooknum)
    569. 

  569. {
    570. 

  570. 	struct dccp_hdr _dh, *dh;
    571. 

  571. 	unsigned int dccp_len = skb->len - dataoff;
    572. 

  572. 	unsigned int cscov;
    573. 

  573. 	const char *msg;
    574. 

  574. 

  575. 	dh = skb_header_pointer(skb, dataoff, sizeof(_dh), &dh);
    576. 

  576. 	if (dh == NULL) {
    577. 

  577. 		msg = "nf_ct_dccp: short packet ";
    578. 

  578. 		goto out_invalid;
    579. 

  579. 	}
    580. 

  580. 

  581. 	if (dh->dccph_doff * 4 < sizeof(struct dccp_hdr) ||
    582. 

  582. 	    dh->dccph_doff * 4 > dccp_len) {
    583. 

  583. 		msg = "nf_ct_dccp: truncated/malformed packet ";
    584. 

  584. 		goto out_invalid;
    585. 

  585. 	}
    586. 

  586. 

  587. 	cscov = dccp_len;
    588. 

  588. 	if (dh->dccph_cscov) {
    589. 

  589. 		cscov = (dh->dccph_cscov - 1) * 4;
    590. 

  590. 		if (cscov > dccp_len) {
    591. 

  591. 			msg = "nf_ct_dccp: bad checksum coverage ";
    592. 

  592. 			goto out_invalid;
    593. 

  593. 		}
    594. 

  594. 	}
    595. 

  595. 

  596. 	if (net->ct.sysctl_checksum && hooknum == NF_INET_PRE_ROUTING &&
    597. 

  597. 	    nf_checksum_partial(skb, hooknum, dataoff, cscov, IPPROTO_DCCP,
    598. 

  598. 				pf)) {
    599. 

  599. 		msg = "nf_ct_dccp: bad checksum ";
    600. 

  600. 		goto out_invalid;
    601. 

  601. 	}
    602. 

  602. 

  603. 	if (dh->dccph_type >= DCCP_PKT_INVALID) {
    604. 

  604. 		msg = "nf_ct_dccp: reserved packet type ";
    605. 

  605. 		goto out_invalid;
    606. 

  606. 	}
    607. 

  607. 

  608. 	return NF_ACCEPT;
    609. 

  609. 

  610. out_invalid:
    611. 

  611. 	if (LOG_INVALID(net, IPPROTO_DCCP))
    612. 

  612. 		nf_log_packet(pf, 0, skb, NULL, NULL, NULL, msg);
    613. 

  613. 	return -NF_ACCEPT;
    614. 

  614. }
    615. 

  615. 

  616. static int dccp_print_tuple(struct seq_file *s,
    617. 

  617. 			    const struct nf_conntrack_tuple *tuple)
    618. 

  618. {
    619. 

  619. 	return seq_printf(s, "sport=%hu dport=%hu ",
    620. 

  620. 			  ntohs(tuple->src.u.dccp.port),
    621. 

  621. 			  ntohs(tuple->dst.u.dccp.port));
    622. 

  622. }
    623. 

  623. 

  624. static int dccp_print_conntrack(struct seq_file *s, struct nf_conn *ct)
    625. 

  625. {
    626. 

  626. 	return seq_printf(s, "%s ", dccp_state_names[ct->proto.dccp.state]);
    627. 

  627. }
    628. 

  628. 

  629. #if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE)
    630. 

  630. static int dccp_to_nlattr(struct sk_buff *skb, struct nlattr *nla,
    631. 

  631. 			  struct nf_conn *ct)
    632. 

  632. {
    633. 

  633. 	struct nlattr *nest_parms;
    634. 

  634. 

  635. 	spin_lock_bh(&ct->lock);
    636. 

  636. 	nest_parms = nla_nest_start(skb, CTA_PROTOINFO_DCCP | NLA_F_NESTED);
    637. 

  637. 	if (!nest_parms)
    638. 

  638. 		goto nla_put_failure;
    639. 

  639. 	NLA_PUT_U8(skb, CTA_PROTOINFO_DCCP_STATE, ct->proto.dccp.state);
    640. 

  640. 	NLA_PUT_U8(skb, CTA_PROTOINFO_DCCP_ROLE,
    641. 

  641. 		   ct->proto.dccp.role[IP_CT_DIR_ORIGINAL]);
    642. 

  642. 	NLA_PUT_BE64(skb, CTA_PROTOINFO_DCCP_HANDSHAKE_SEQ,
    643. 

  643. 		     cpu_to_be64(ct->proto.dccp.handshake_seq));
    644. 

  644. 	nla_nest_end(skb, nest_parms);
    645. 

  645. 	spin_unlock_bh(&ct->lock);
    646. 

  646. 	return 0;
    647. 

  647. 

  648. nla_put_failure:
    649. 

  649. 	spin_unlock_bh(&ct->lock);
    650. 

  650. 	return -1;
    651. 

  651. }
    652. 

  652. 

  653. static const struct nla_policy dccp_nla_policy[CTA_PROTOINFO_DCCP_MAX + 1] = {
    654. 

  654. 	[CTA_PROTOINFO_DCCP_STATE]	= { .type = NLA_U8 },
    655. 

  655. 	[CTA_PROTOINFO_DCCP_ROLE]	= { .type = NLA_U8 },
    656. 

  656. 	[CTA_PROTOINFO_DCCP_HANDSHAKE_SEQ] = { .type = NLA_U64 },
    657. 

  657. };
    658. 

  658. 

  659. static int nlattr_to_dccp(struct nlattr *cda[], struct nf_conn *ct)
    660. 

  660. {
    661. 

  661. 	struct nlattr *attr = cda[CTA_PROTOINFO_DCCP];
    662. 

  662. 	struct nlattr *tb[CTA_PROTOINFO_DCCP_MAX + 1];
    663. 

  663. 	int err;
    664. 

  664. 

  665. 	if (!attr)
    666. 

  666. 		return 0;
    667. 

  667. 

  668. 	err = nla_parse_nested(tb, CTA_PROTOINFO_DCCP_MAX, attr,
    669. 

  669. 			       dccp_nla_policy);
    670. 

  670. 	if (err < 0)
    671. 

  671. 		return err;
    672. 

  672. 

  673. 	if (!tb[CTA_PROTOINFO_DCCP_STATE] ||
    674. 

  674. 	    !tb[CTA_PROTOINFO_DCCP_ROLE] ||
    675. 

  675. 	    nla_get_u8(tb[CTA_PROTOINFO_DCCP_ROLE]) > CT_DCCP_ROLE_MAX ||
    676. 

  676. 	    nla_get_u8(tb[CTA_PROTOINFO_DCCP_STATE]) >= CT_DCCP_IGNORE) {
    677. 

  677. 		return -EINVAL;
    678. 

  678. 	}
    679. 

  679. 

  680. 	spin_lock_bh(&ct->lock);
    681. 

  681. 	ct->proto.dccp.state = nla_get_u8(tb[CTA_PROTOINFO_DCCP_STATE]);
    682. 

  682. 	if (nla_get_u8(tb[CTA_PROTOINFO_DCCP_ROLE]) == CT_DCCP_ROLE_CLIENT) {
    683. 

  683. 		ct->proto.dccp.role[IP_CT_DIR_ORIGINAL] = CT_DCCP_ROLE_CLIENT;
    684. 

  684. 		ct->proto.dccp.role[IP_CT_DIR_REPLY] = CT_DCCP_ROLE_SERVER;
    685. 

  685. 	} else {
    686. 

  686. 		ct->proto.dccp.role[IP_CT_DIR_ORIGINAL] = CT_DCCP_ROLE_SERVER;
    687. 

  687. 		ct->proto.dccp.role[IP_CT_DIR_REPLY] = CT_DCCP_ROLE_CLIENT;
    688. 

  688. 	}
    689. 

  689. 	if (tb[CTA_PROTOINFO_DCCP_HANDSHAKE_SEQ]) {
    690. 

  690. 		ct->proto.dccp.handshake_seq =
    691. 

  691. 		be64_to_cpu(nla_get_be64(tb[CTA_PROTOINFO_DCCP_HANDSHAKE_SEQ]));
    692. 

  692. 	}
    693. 

  693. 	spin_unlock_bh(&ct->lock);
    694. 

  694. 	return 0;
    695. 

  695. }
    696. 

  696. 

  697. static int dccp_nlattr_size(void)
    698. 

  698. {
    699. 

  699. 	return nla_total_size(0)	/* CTA_PROTOINFO_DCCP */
    700. 

  700. 		+ nla_policy_len(dccp_nla_policy, CTA_PROTOINFO_DCCP_MAX + 1);
    701. 

  701. }
    702. 

  702. #endif
    703. 

  703. 

  704. #ifdef CONFIG_SYSCTL
    705. 

  705. /* template, data assigned later */
    706. 

  706. static struct ctl_table dccp_sysctl_table[] = {
    707. 

  707. 	{
    708. 

  708. 		.procname	= "nf_conntrack_dccp_timeout_request",
    709. 

  709. 		.maxlen		= sizeof(unsigned int),
    710. 

  710. 		.mode		= 0644,
    711. 

  711. 		.proc_handler	= proc_dointvec_jiffies,
    712. 

  712. 	},
    713. 

  713. 	{
    714. 

  714. 		.procname	= "nf_conntrack_dccp_timeout_respond",
    715. 

  715. 		.maxlen		= sizeof(unsigned int),
    716. 

  716. 		.mode		= 0644,
    717. 

  717. 		.proc_handler	= proc_dointvec_jiffies,
    718. 

  718. 	},
    719. 

  719. 	{
    720. 

  720. 		.procname	= "nf_conntrack_dccp_timeout_partopen",
    721. 

  721. 		.maxlen		= sizeof(unsigned int),
    722. 

  722. 		.mode		= 0644,
    723. 

  723. 		.proc_handler	= proc_dointvec_jiffies,
    724. 

  724. 	},
    725. 

  725. 	{
    726. 

  726. 		.procname	= "nf_conntrack_dccp_timeout_open",
    727. 

  727. 		.maxlen		= sizeof(unsigned int),
    728. 

  728. 		.mode		= 0644,
    729. 

  729. 		.proc_handler	= proc_dointvec_jiffies,
    730. 

  730. 	},
    731. 

  731. 	{
    732. 

  732. 		.procname	= "nf_conntrack_dccp_timeout_closereq",
    733. 

  733. 		.maxlen		= sizeof(unsigned int),
    734. 

  734. 		.mode		= 0644,
    735. 

  735. 		.proc_handler	= proc_dointvec_jiffies,
    736. 

  736. 	},
    737. 

  737. 	{
    738. 

  738. 		.procname	= "nf_conntrack_dccp_timeout_closing",
    739. 

  739. 		.maxlen		= sizeof(unsigned int),
    740. 

  740. 		.mode		= 0644,
    741. 

  741. 		.proc_handler	= proc_dointvec_jiffies,
    742. 

  742. 	},
    743. 

  743. 	{
    744. 

  744. 		.procname	= "nf_conntrack_dccp_timeout_timewait",
    745. 

  745. 		.maxlen		= sizeof(unsigned int),
    746. 

  746. 		.mode		= 0644,
    747. 

  747. 		.proc_handler	= proc_dointvec_jiffies,
    748. 

  748. 	},
    749. 

  749. 	{
    750. 

  750. 		.procname	= "nf_conntrack_dccp_loose",
    751. 

  751. 		.maxlen		= sizeof(int),
    752. 

  752. 		.mode		= 0644,
    753. 

  753. 		.proc_handler	= proc_dointvec,
    754. 

  754. 	},
    755. 

  755. 	{ }
    756. 

  756. };
    757. 

  757. #endif /* CONFIG_SYSCTL */
    758. 

  758. 

  759. static struct nf_conntrack_l4proto dccp_proto4 __read_mostly = {
    760. 

  760. 	.l3proto		= AF_INET,
    761. 

  761. 	.l4proto		= IPPROTO_DCCP,
    762. 

  762. 	.name			= "dccp",
    763. 

  763. 	.pkt_to_tuple		= dccp_pkt_to_tuple,
    764. 

  764. 	.invert_tuple		= dccp_invert_tuple,
    765. 

  765. 	.new			= dccp_new,
    766. 

  766. 	.packet			= dccp_packet,
    767. 

  767. 	.error			= dccp_error,
    768. 

  768. 	.print_tuple		= dccp_print_tuple,
    769. 

  769. 	.print_conntrack	= dccp_print_conntrack,
    770. 

  770. #if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE)
    771. 

  771. 	.to_nlattr		= dccp_to_nlattr,
    772. 

  772. 	.nlattr_size		= dccp_nlattr_size,
    773. 

  773. 	.from_nlattr		= nlattr_to_dccp,
    774. 

  774. 	.tuple_to_nlattr	= nf_ct_port_tuple_to_nlattr,
    775. 

  775. 	.nlattr_tuple_size	= nf_ct_port_nlattr_tuple_size,
    776. 

  776. 	.nlattr_to_tuple	= nf_ct_port_nlattr_to_tuple,
    777. 

  777. 	.nla_policy		= nf_ct_port_nla_policy,
    778. 

  778. #endif
    779. 

  779. };
    780. 

  780. 

  781. static struct nf_conntrack_l4proto dccp_proto6 __read_mostly = {
    782. 

  782. 	.l3proto		= AF_INET6,
    783. 

  783. 	.l4proto		= IPPROTO_DCCP,
    784. 

  784. 	.name			= "dccp",
    785. 

  785. 	.pkt_to_tuple		= dccp_pkt_to_tuple,
    786. 

  786. 	.invert_tuple		= dccp_invert_tuple,
    787. 

  787. 	.new			= dccp_new,
    788. 

  788. 	.packet			= dccp_packet,
    789. 

  789. 	.error			= dccp_error,
    790. 

  790. 	.print_tuple		= dccp_print_tuple,
    791. 

  791. 	.print_conntrack	= dccp_print_conntrack,
    792. 

  792. #if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE)
    793. 

  793. 	.to_nlattr		= dccp_to_nlattr,
    794. 

  794. 	.nlattr_size		= dccp_nlattr_size,
    795. 

  795. 	.from_nlattr		= nlattr_to_dccp,
    796. 

  796. 	.tuple_to_nlattr	= nf_ct_port_tuple_to_nlattr,
    797. 

  797. 	.nlattr_tuple_size	= nf_ct_port_nlattr_tuple_size,
    798. 

  798. 	.nlattr_to_tuple	= nf_ct_port_nlattr_to_tuple,
    799. 

  799. 	.nla_policy		= nf_ct_port_nla_policy,
    800. 

  800. #endif
    801. 

  801. };
    802. 

  802. 

  803. static __net_init int dccp_net_init(struct net *net)
    804. 

  804. {
    805. 

  805. 	struct dccp_net *dn = dccp_pernet(net);
    806. 

  806. 

  807. 	/* default values */
    808. 

  808. 	dn->dccp_loose = 1;
    809. 

  809. 	dn->dccp_timeout[CT_DCCP_REQUEST]	= 2 * DCCP_MSL;
    810. 

  810. 	dn->dccp_timeout[CT_DCCP_RESPOND]	= 4 * DCCP_MSL;
    811. 

  811. 	dn->dccp_timeout[CT_DCCP_PARTOPEN]	= 4 * DCCP_MSL;
    812. 

  812. 	dn->dccp_timeout[CT_DCCP_OPEN]		= 12 * 3600 * HZ;
    813. 

  813. 	dn->dccp_timeout[CT_DCCP_CLOSEREQ]	= 64 * HZ;
    814. 

  814. 	dn->dccp_timeout[CT_DCCP_CLOSING]	= 64 * HZ;
    815. 

  815. 	dn->dccp_timeout[CT_DCCP_TIMEWAIT]	= 2 * DCCP_MSL;
    816. 

  816. 

  817. #ifdef CONFIG_SYSCTL
    818. 

  818. 	dn->sysctl_table = kmemdup(dccp_sysctl_table,
    819. 

  819. 			sizeof(dccp_sysctl_table), GFP_KERNEL);
    820. 

  820. 	if (!dn->sysctl_table)
    821. 

  821. 		return -ENOMEM;
    822. 

  822. 

  823. 	dn->sysctl_table[0].data = &dn->dccp_timeout[CT_DCCP_REQUEST];
    824. 

  824. 	dn->sysctl_table[1].data = &dn->dccp_timeout[CT_DCCP_RESPOND];
    825. 

  825. 	dn->sysctl_table[2].data = &dn->dccp_timeout[CT_DCCP_PARTOPEN];
    826. 

  826. 	dn->sysctl_table[3].data = &dn->dccp_timeout[CT_DCCP_OPEN];
    827. 

  827. 	dn->sysctl_table[4].data = &dn->dccp_timeout[CT_DCCP_CLOSEREQ];
    828. 

  828. 	dn->sysctl_table[5].data = &dn->dccp_timeout[CT_DCCP_CLOSING];
    829. 

  829. 	dn->sysctl_table[6].data = &dn->dccp_timeout[CT_DCCP_TIMEWAIT];
    830. 

  830. 	dn->sysctl_table[7].data = &dn->dccp_loose;
    831. 

  831. 

  832. 	dn->sysctl_header = register_net_sysctl_table(net,
    833. 

  833. 			nf_net_netfilter_sysctl_path, dn->sysctl_table);
    834. 

  834. 	if (!dn->sysctl_header) {
    835. 

  835. 		kfree(dn->sysctl_table);
    836. 

  836. 		return -ENOMEM;
    837. 

  837. 	}
    838. 

  838. #endif
    839. 

  839. 

  840. 	return 0;
    841. 

  841. }
    842. 

  842. 

  843. static __net_exit void dccp_net_exit(struct net *net)
    844. 

  844. {
    845. 

  845. 	struct dccp_net *dn = dccp_pernet(net);
    846. 

  846. #ifdef CONFIG_SYSCTL
    847. 

  847. 	unregister_net_sysctl_table(dn->sysctl_header);
    848. 

  848. 	kfree(dn->sysctl_table);
    849. 

  849. #endif
    850. 

  850. }
    851. 

  851. 

  852. static struct pernet_operations dccp_net_ops = {
    853. 

  853. 	.init = dccp_net_init,
    854. 

  854. 	.exit = dccp_net_exit,
    855. 

  855. 	.id   = &dccp_net_id,
    856. 

  856. 	.size = sizeof(struct dccp_net),
    857. 

  857. };
    858. 

  858. 

  859. static int __init nf_conntrack_proto_dccp_init(void)
    860. 

  860. {
    861. 

  861. 	int err;
    862. 

  862. 

  863. 	err = register_pernet_subsys(&dccp_net_ops);
    864. 

  864. 	if (err < 0)
    865. 

  865. 		goto err1;
    866. 

  866. 

  867. 	err = nf_conntrack_l4proto_register(&dccp_proto4);
    868. 

  868. 	if (err < 0)
    869. 

  869. 		goto err2;
    870. 

  870. 

  871. 	err = nf_conntrack_l4proto_register(&dccp_proto6);
    872. 

  872. 	if (err < 0)
    873. 

  873. 		goto err3;
    874. 

  874. 	return 0;
    875. 

  875. 

  876. err3:
    877. 

  877. 	nf_conntrack_l4proto_unregister(&dccp_proto4);
    878. 

  878. err2:
    879. 

  879. 	unregister_pernet_subsys(&dccp_net_ops);
    880. 

  880. err1:
    881. 

  881. 	return err;
    882. 

  882. }
    883. 

  883. 

  884. static void __exit nf_conntrack_proto_dccp_fini(void)
    885. 

  885. {
    886. 

  886. 	unregister_pernet_subsys(&dccp_net_ops);
    887. 

  887. 	nf_conntrack_l4proto_unregister(&dccp_proto6);
    888. 

  888. 	nf_conntrack_l4proto_unregister(&dccp_proto4);
    889. 

  889. }
    890. 

  890. 

  891. module_init(nf_conntrack_proto_dccp_init);
    892. 

  892. module_exit(nf_conntrack_proto_dccp_fini);
    893. 

  893. 

  894. MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>");
    895. 

  895. MODULE_DESCRIPTION("DCCP connection tracking protocol helper");
    896. 

  896. MODULE_LICENSE("GPL");
    897.