1/* RxRPC packet reception 2 * 3 * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version 9 * 2 of the License, or (at your option) any later version. 10 */ 11 12#include <linux/module.h> 13#include <linux/net.h> 14#include <linux/skbuff.h> 15#include <linux/errqueue.h> 16#include <linux/udp.h> 17#include <linux/in.h> 18#include <linux/in6.h> 19#include <linux/icmp.h> 20#include <net/sock.h> 21#include <net/af_rxrpc.h> 22#include <net/ip.h> 23#include "ar-internal.h" 24 25unsigned long rxrpc_ack_timeout = 1; 26 27const char *rxrpc_pkts[] = { 28 "?00", 29 "DATA", "ACK", "BUSY", "ABORT", "ACKALL", "CHALL", "RESP", "DEBUG", 30 "?09", "?10", "?11", "?12", "?13", "?14", "?15" 31}; 32 33/* 34 * queue a packet for recvmsg to pass to userspace 35 * - the caller must hold a lock on call->lock 36 * - must not be called with interrupts disabled (sk_filter() disables BH's) 37 * - eats the packet whether successful or not 38 * - there must be just one reference to the packet, which the caller passes to 39 * this function 40 */ 41int rxrpc_queue_rcv_skb(struct rxrpc_call *call, struct sk_buff *skb, 42 bool force, bool terminal) 43{ 44 struct rxrpc_skb_priv *sp; 45 struct rxrpc_sock *rx = call->socket; 46 struct sock *sk; 47 int skb_len, ret; 48 49 _enter(",,%d,%d", force, terminal); 50 51 ASSERT(!irqs_disabled()); 52 53 sp = rxrpc_skb(skb); 54 ASSERTCMP(sp->call, ==, call); 55 56 /* if we've already posted the terminal message for a call, then we 57 * don't post any more */ 58 if (test_bit(RXRPC_CALL_TERMINAL_MSG, &call->flags)) { 59 _debug("already terminated"); 60 ASSERTCMP(call->state, >=, RXRPC_CALL_COMPLETE); 61 skb->destructor = NULL; 62 sp->call = NULL; 63 rxrpc_put_call(call); 64 rxrpc_free_skb(skb); 65 return 0; 66 } 67 68 sk = &rx->sk; 69 70 if (!force) { 71 /* cast skb->rcvbuf to unsigned... It's pointless, but 72 * reduces number of warnings when compiling with -W 73 * --ANK */ 74// ret = -ENOBUFS; 75// if (atomic_read(&sk->sk_rmem_alloc) + skb->truesize >= 76// (unsigned) sk->sk_rcvbuf) 77// goto out; 78 79 ret = sk_filter(sk, skb); 80 if (ret < 0) 81 goto out; 82 } 83 84 spin_lock_bh(&sk->sk_receive_queue.lock); 85 if (!test_bit(RXRPC_CALL_TERMINAL_MSG, &call->flags) && 86 !test_bit(RXRPC_CALL_RELEASED, &call->flags) && 87 call->socket->sk.sk_state != RXRPC_CLOSE) { 88 skb->destructor = rxrpc_packet_destructor; 89 skb->dev = NULL; 90 skb->sk = sk; 91 atomic_add(skb->truesize, &sk->sk_rmem_alloc); 92 93 if (terminal) { 94 _debug("<<<< TERMINAL MESSAGE >>>>"); 95 set_bit(RXRPC_CALL_TERMINAL_MSG, &call->flags); 96 } 97 98 /* allow interception by a kernel service */ 99 if (rx->interceptor) { 100 rx->interceptor(sk, call->user_call_ID, skb); 101 spin_unlock_bh(&sk->sk_receive_queue.lock); 102 } else { 103 104 /* Cache the SKB length before we tack it onto the 105 * receive queue. Once it is added it no longer 106 * belongs to us and may be freed by other threads of 107 * control pulling packets from the queue */ 108 skb_len = skb->len; 109 110 _net("post skb %p", skb); 111 __skb_queue_tail(&sk->sk_receive_queue, skb); 112 spin_unlock_bh(&sk->sk_receive_queue.lock); 113 114 if (!sock_flag(sk, SOCK_DEAD)) 115 sk->sk_data_ready(sk, skb_len); 116 } 117 skb = NULL; 118 } else { 119 spin_unlock_bh(&sk->sk_receive_queue.lock); 120 } 121 ret = 0; 122 123out: 124 /* release the socket buffer */ 125 if (skb) { 126 skb->destructor = NULL; 127 sp->call = NULL; 128 rxrpc_put_call(call); 129 rxrpc_free_skb(skb); 130 } 131 132 _leave(" = %d", ret); 133 return ret; 134} 135 136/* 137 * process a DATA packet, posting the packet to the appropriate queue 138 * - eats the packet if successful 139 */ 140static int rxrpc_fast_process_data(struct rxrpc_call *call, 141 struct sk_buff *skb, u32 seq) 142{ 143 struct rxrpc_skb_priv *sp; 144 bool terminal; 145 int ret, ackbit, ack; 146 147 _enter("{%u,%u},,{%u}", call->rx_data_post, call->rx_first_oos, seq); 148 149 sp = rxrpc_skb(skb); 150 ASSERTCMP(sp->call, ==, NULL); 151 152 spin_lock(&call->lock); 153 154 if (call->state > RXRPC_CALL_COMPLETE) 155 goto discard; 156 157 ASSERTCMP(call->rx_data_expect, >=, call->rx_data_post); 158 ASSERTCMP(call->rx_data_post, >=, call->rx_data_recv); 159 ASSERTCMP(call->rx_data_recv, >=, call->rx_data_eaten); 160 161 if (seq < call->rx_data_post) { 162 _debug("dup #%u [-%u]", seq, call->rx_data_post); 163 ack = RXRPC_ACK_DUPLICATE; 164 ret = -ENOBUFS; 165 goto discard_and_ack; 166 } 167 168 /* we may already have the packet in the out of sequence queue */ 169 ackbit = seq - (call->rx_data_eaten + 1); 170 ASSERTCMP(ackbit, >=, 0); 171 if (__test_and_set_bit(ackbit, call->ackr_window)) { 172 _debug("dup oos #%u [%u,%u]", 173 seq, call->rx_data_eaten, call->rx_data_post); 174 ack = RXRPC_ACK_DUPLICATE; 175 goto discard_and_ack; 176 } 177 178 if (seq >= call->ackr_win_top) { 179 _debug("exceed #%u [%u]", seq, call->ackr_win_top); 180 __clear_bit(ackbit, call->ackr_window); 181 ack = RXRPC_ACK_EXCEEDS_WINDOW; 182 goto discard_and_ack; 183 } 184 185 if (seq == call->rx_data_expect) { 186 clear_bit(RXRPC_CALL_EXPECT_OOS, &call->flags); 187 call->rx_data_expect++; 188 } else if (seq > call->rx_data_expect) { 189 _debug("oos #%u [%u]", seq, call->rx_data_expect); 190 call->rx_data_expect = seq + 1; 191 if (test_and_set_bit(RXRPC_CALL_EXPECT_OOS, &call->flags)) { 192 ack = RXRPC_ACK_OUT_OF_SEQUENCE; 193 goto enqueue_and_ack; 194 } 195 goto enqueue_packet; 196 } 197 198 if (seq != call->rx_data_post) { 199 _debug("ahead #%u [%u]", seq, call->rx_data_post); 200 goto enqueue_packet; 201 } 202 203 if (test_bit(RXRPC_CALL_RCVD_LAST, &call->flags)) 204 goto protocol_error; 205 206 /* if the packet need security things doing to it, then it goes down 207 * the slow path */ 208 if (call->conn->security) 209 goto enqueue_packet; 210 211 sp->call = call; 212 rxrpc_get_call(call); 213 terminal = ((sp->hdr.flags & RXRPC_LAST_PACKET) && 214 !(sp->hdr.flags & RXRPC_CLIENT_INITIATED)); 215 ret = rxrpc_queue_rcv_skb(call, skb, false, terminal); 216 if (ret < 0) { 217 if (ret == -ENOMEM || ret == -ENOBUFS) { 218 __clear_bit(ackbit, call->ackr_window); 219 ack = RXRPC_ACK_NOSPACE; 220 goto discard_and_ack; 221 } 222 goto out; 223 } 224 225 skb = NULL; 226 227 _debug("post #%u", seq); 228 ASSERTCMP(call->rx_data_post, ==, seq); 229 call->rx_data_post++; 230 231 if (sp->hdr.flags & RXRPC_LAST_PACKET) 232 set_bit(RXRPC_CALL_RCVD_LAST, &call->flags); 233 234 /* if we've reached an out of sequence packet then we need to drain 235 * that queue into the socket Rx queue now */ 236 if (call->rx_data_post == call->rx_first_oos) { 237 _debug("drain rx oos now"); 238 read_lock(&call->state_lock); 239 if (call->state < RXRPC_CALL_COMPLETE && 240 !test_and_set_bit(RXRPC_CALL_DRAIN_RX_OOS, &call->events)) 241 rxrpc_queue_call(call); 242 read_unlock(&call->state_lock); 243 } 244 245 spin_unlock(&call->lock); 246 atomic_inc(&call->ackr_not_idle); 247 rxrpc_propose_ACK(call, RXRPC_ACK_DELAY, sp->hdr.serial, false); 248 _leave(" = 0 [posted]"); 249 return 0; 250 251protocol_error: 252 ret = -EBADMSG; 253out: 254 spin_unlock(&call->lock); 255 _leave(" = %d", ret); 256 return ret; 257 258discard_and_ack: 259 _debug("discard and ACK packet %p", skb); 260 __rxrpc_propose_ACK(call, ack, sp->hdr.serial, true); 261discard: 262 spin_unlock(&call->lock); 263 rxrpc_free_skb(skb); 264 _leave(" = 0 [discarded]"); 265 return 0; 266 267enqueue_and_ack: 268 __rxrpc_propose_ACK(call, ack, sp->hdr.serial, true); 269enqueue_packet: 270 _net("defer skb %p", skb); 271 spin_unlock(&call->lock); 272 skb_queue_tail(&call->rx_queue, skb); 273 atomic_inc(&call->ackr_not_idle); 274 read_lock(&call->state_lock); 275 if (call->state < RXRPC_CALL_DEAD) 276 rxrpc_queue_call(call); 277 read_unlock(&call->state_lock); 278 _leave(" = 0 [queued]"); 279 return 0; 280} 281 282/* 283 * assume an implicit ACKALL of the transmission phase of a client socket upon 284 * reception of the first reply packet 285 */ 286static void rxrpc_assume_implicit_ackall(struct rxrpc_call *call, u32 serial) 287{ 288 write_lock_bh(&call->state_lock); 289 290 switch (call->state) { 291 case RXRPC_CALL_CLIENT_AWAIT_REPLY: 292 call->state = RXRPC_CALL_CLIENT_RECV_REPLY; 293 call->acks_latest = serial; 294 295 _debug("implicit ACKALL %%%u", call->acks_latest); 296 set_bit(RXRPC_CALL_RCVD_ACKALL, &call->events); 297 write_unlock_bh(&call->state_lock); 298 299 if (try_to_del_timer_sync(&call->resend_timer) >= 0) { 300 clear_bit(RXRPC_CALL_RESEND_TIMER, &call->events); 301 clear_bit(RXRPC_CALL_RESEND, &call->events); 302 clear_bit(RXRPC_CALL_RUN_RTIMER, &call->flags); 303 } 304 break; 305 306 default: 307 write_unlock_bh(&call->state_lock); 308 break; 309 } 310} 311 312/* 313 * post an incoming packet to the nominated call to deal with 314 * - must get rid of the sk_buff, either by freeing it or by queuing it 315 */ 316void rxrpc_fast_process_packet(struct rxrpc_call *call, struct sk_buff *skb) 317{ 318 struct rxrpc_skb_priv *sp = rxrpc_skb(skb); 319 __be32 _abort_code; 320 u32 serial, hi_serial, seq, abort_code; 321 322 _enter("%p,%p", call, skb); 323 324 ASSERT(!irqs_disabled()); 325 326 327 /* track the latest serial number on this connection for ACK packet 328 * information */ 329 serial = ntohl(sp->hdr.serial); 330 hi_serial = atomic_read(&call->conn->hi_serial); 331 while (serial > hi_serial) 332 hi_serial = atomic_cmpxchg(&call->conn->hi_serial, hi_serial, 333 serial); 334 335 /* request ACK generation for any ACK or DATA packet that requests 336 * it */ 337 if (sp->hdr.flags & RXRPC_REQUEST_ACK) { 338 _proto("ACK Requested on %%%u", serial); 339 rxrpc_propose_ACK(call, RXRPC_ACK_REQUESTED, sp->hdr.serial, 340 !(sp->hdr.flags & RXRPC_MORE_PACKETS)); 341 } 342 343 switch (sp->hdr.type) { 344 case RXRPC_PACKET_TYPE_ABORT: 345 _debug("abort"); 346 347 if (skb_copy_bits(skb, 0, &_abort_code, 348 sizeof(_abort_code)) < 0) 349 goto protocol_error; 350 351 abort_code = ntohl(_abort_code); 352 _proto("Rx ABORT %%%u { %x }", serial, abort_code); 353 354 write_lock_bh(&call->state_lock); 355 if (call->state < RXRPC_CALL_COMPLETE) { 356 call->state = RXRPC_CALL_REMOTELY_ABORTED; 357 call->abort_code = abort_code; 358 set_bit(RXRPC_CALL_RCVD_ABORT, &call->events); 359 rxrpc_queue_call(call); 360 } 361 goto free_packet_unlock; 362 363 case RXRPC_PACKET_TYPE_BUSY: 364 _proto("Rx BUSY %%%u", serial); 365 366 if (call->conn->out_clientflag) 367 goto protocol_error; 368 369 write_lock_bh(&call->state_lock); 370 switch (call->state) { 371 case RXRPC_CALL_CLIENT_SEND_REQUEST: 372 call->state = RXRPC_CALL_SERVER_BUSY; 373 set_bit(RXRPC_CALL_RCVD_BUSY, &call->events); 374 rxrpc_queue_call(call); 375 case RXRPC_CALL_SERVER_BUSY: 376 goto free_packet_unlock; 377 default: 378 goto protocol_error_locked; 379 } 380 381 default: 382 _proto("Rx %s %%%u", rxrpc_pkts[sp->hdr.type], serial); 383 goto protocol_error; 384 385 case RXRPC_PACKET_TYPE_DATA: 386 seq = ntohl(sp->hdr.seq); 387 388 _proto("Rx DATA %%%u { #%u }", serial, seq); 389 390 if (seq == 0) 391 goto protocol_error; 392 393 call->ackr_prev_seq = sp->hdr.seq; 394 395 /* received data implicitly ACKs all of the request packets we 396 * sent when we're acting as a client */ 397 if (call->state == RXRPC_CALL_CLIENT_AWAIT_REPLY) 398 rxrpc_assume_implicit_ackall(call, serial); 399 400 switch (rxrpc_fast_process_data(call, skb, seq)) { 401 case 0: 402 skb = NULL; 403 goto done; 404 405 default: 406 BUG(); 407 408 /* data packet received beyond the last packet */ 409 case -EBADMSG: 410 goto protocol_error; 411 } 412 413 case RXRPC_PACKET_TYPE_ACK: 414 /* ACK processing is done in process context */ 415 read_lock_bh(&call->state_lock); 416 if (call->state < RXRPC_CALL_DEAD) { 417 skb_queue_tail(&call->rx_queue, skb); 418 rxrpc_queue_call(call); 419 skb = NULL; 420 } 421 read_unlock_bh(&call->state_lock); 422 goto free_packet; 423 } 424 425protocol_error: 426 _debug("protocol error"); 427 write_lock_bh(&call->state_lock); 428protocol_error_locked: 429 if (call->state <= RXRPC_CALL_COMPLETE) { 430 call->state = RXRPC_CALL_LOCALLY_ABORTED; 431 call->abort_code = RX_PROTOCOL_ERROR; 432 set_bit(RXRPC_CALL_ABORT, &call->events); 433 rxrpc_queue_call(call); 434 } 435free_packet_unlock: 436 write_unlock_bh(&call->state_lock); 437free_packet: 438 rxrpc_free_skb(skb); 439done: 440 _leave(""); 441} 442 443/* 444 * split up a jumbo data packet 445 */ 446static void rxrpc_process_jumbo_packet(struct rxrpc_call *call, 447 struct sk_buff *jumbo) 448{ 449 struct rxrpc_jumbo_header jhdr; 450 struct rxrpc_skb_priv *sp; 451 struct sk_buff *part; 452 453 _enter(",{%u,%u}", jumbo->data_len, jumbo->len); 454 455 sp = rxrpc_skb(jumbo); 456 457 do { 458 sp->hdr.flags &= ~RXRPC_JUMBO_PACKET; 459 460 /* make a clone to represent the first subpacket in what's left 461 * of the jumbo packet */ 462 part = skb_clone(jumbo, GFP_ATOMIC); 463 if (!part) { 464 /* simply ditch the tail in the event of ENOMEM */ 465 pskb_trim(jumbo, RXRPC_JUMBO_DATALEN); 466 break; 467 } 468 rxrpc_new_skb(part); 469 470 pskb_trim(part, RXRPC_JUMBO_DATALEN); 471 472 if (!pskb_pull(jumbo, RXRPC_JUMBO_DATALEN)) 473 goto protocol_error; 474 475 if (skb_copy_bits(jumbo, 0, &jhdr, sizeof(jhdr)) < 0) 476 goto protocol_error; 477 if (!pskb_pull(jumbo, sizeof(jhdr))) 478 BUG(); 479 480 sp->hdr.seq = htonl(ntohl(sp->hdr.seq) + 1); 481 sp->hdr.serial = htonl(ntohl(sp->hdr.serial) + 1); 482 sp->hdr.flags = jhdr.flags; 483 sp->hdr._rsvd = jhdr._rsvd; 484 485 _proto("Rx DATA Jumbo %%%u", ntohl(sp->hdr.serial) - 1); 486 487 rxrpc_fast_process_packet(call, part); 488 part = NULL; 489 490 } while (sp->hdr.flags & RXRPC_JUMBO_PACKET); 491 492 rxrpc_fast_process_packet(call, jumbo); 493 _leave(""); 494 return; 495 496protocol_error: 497 _debug("protocol error"); 498 rxrpc_free_skb(part); 499 rxrpc_free_skb(jumbo); 500 write_lock_bh(&call->state_lock); 501 if (call->state <= RXRPC_CALL_COMPLETE) { 502 call->state = RXRPC_CALL_LOCALLY_ABORTED; 503 call->abort_code = RX_PROTOCOL_ERROR; 504 set_bit(RXRPC_CALL_ABORT, &call->events); 505 rxrpc_queue_call(call); 506 } 507 write_unlock_bh(&call->state_lock); 508 _leave(""); 509} 510 511/* 512 * post an incoming packet to the appropriate call/socket to deal with 513 * - must get rid of the sk_buff, either by freeing it or by queuing it 514 */ 515static void rxrpc_post_packet_to_call(struct rxrpc_connection *conn, 516 struct sk_buff *skb) 517{ 518 struct rxrpc_skb_priv *sp; 519 struct rxrpc_call *call; 520 struct rb_node *p; 521 __be32 call_id; 522 523 _enter("%p,%p", conn, skb); 524 525 read_lock_bh(&conn->lock); 526 527 sp = rxrpc_skb(skb); 528 529 /* look at extant calls by channel number first */ 530 call = conn->channels[ntohl(sp->hdr.cid) & RXRPC_CHANNELMASK]; 531 if (!call || call->call_id != sp->hdr.callNumber) 532 goto call_not_extant; 533 534 _debug("extant call [%d]", call->state); 535 ASSERTCMP(call->conn, ==, conn); 536 537 read_lock(&call->state_lock); 538 switch (call->state) { 539 case RXRPC_CALL_LOCALLY_ABORTED: 540 if (!test_and_set_bit(RXRPC_CALL_ABORT, &call->events)) 541 rxrpc_queue_call(call); 542 case RXRPC_CALL_REMOTELY_ABORTED: 543 case RXRPC_CALL_NETWORK_ERROR: 544 case RXRPC_CALL_DEAD: 545 goto free_unlock; 546 default: 547 break; 548 } 549 550 read_unlock(&call->state_lock); 551 rxrpc_get_call(call); 552 read_unlock_bh(&conn->lock); 553 554 if (sp->hdr.type == RXRPC_PACKET_TYPE_DATA && 555 sp->hdr.flags & RXRPC_JUMBO_PACKET) 556 rxrpc_process_jumbo_packet(call, skb); 557 else 558 rxrpc_fast_process_packet(call, skb); 559 560 rxrpc_put_call(call); 561 goto done; 562 563call_not_extant: 564 /* search the completed calls in case what we're dealing with is 565 * there */ 566 _debug("call not extant"); 567 568 call_id = sp->hdr.callNumber; 569 p = conn->calls.rb_node; 570 while (p) { 571 call = rb_entry(p, struct rxrpc_call, conn_node); 572 573 if (call_id < call->call_id) 574 p = p->rb_left; 575 else if (call_id > call->call_id) 576 p = p->rb_right; 577 else 578 goto found_completed_call; 579 } 580 581dead_call: 582 /* it's a either a really old call that we no longer remember or its a 583 * new incoming call */ 584 read_unlock_bh(&conn->lock); 585 586 if (sp->hdr.flags & RXRPC_CLIENT_INITIATED && 587 sp->hdr.seq == __constant_cpu_to_be32(1)) { 588 _debug("incoming call"); 589 skb_queue_tail(&conn->trans->local->accept_queue, skb); 590 rxrpc_queue_work(&conn->trans->local->acceptor); 591 goto done; 592 } 593 594 _debug("dead call"); 595 skb->priority = RX_CALL_DEAD; 596 rxrpc_reject_packet(conn->trans->local, skb); 597 goto done; 598 599 /* resend last packet of a completed call 600 * - client calls may have been aborted or ACK'd 601 * - server calls may have been aborted 602 */ 603found_completed_call: 604 _debug("completed call"); 605 606 if (atomic_read(&call->usage) == 0) 607 goto dead_call; 608 609 /* synchronise any state changes */ 610 read_lock(&call->state_lock); 611 ASSERTIFCMP(call->state != RXRPC_CALL_CLIENT_FINAL_ACK, 612 call->state, >=, RXRPC_CALL_COMPLETE); 613 614 if (call->state == RXRPC_CALL_LOCALLY_ABORTED || 615 call->state == RXRPC_CALL_REMOTELY_ABORTED || 616 call->state == RXRPC_CALL_DEAD) { 617 read_unlock(&call->state_lock); 618 goto dead_call; 619 } 620 621 if (call->conn->in_clientflag) { 622 read_unlock(&call->state_lock); 623 goto dead_call; /* complete server call */ 624 } 625 626 _debug("final ack again"); 627 rxrpc_get_call(call); 628 set_bit(RXRPC_CALL_ACK_FINAL, &call->events); 629 rxrpc_queue_call(call); 630 631free_unlock: 632 read_unlock(&call->state_lock); 633 read_unlock_bh(&conn->lock); 634 rxrpc_free_skb(skb); 635done: 636 _leave(""); 637} 638 639/* 640 * post connection-level events to the connection 641 * - this includes challenges, responses and some aborts 642 */ 643static void rxrpc_post_packet_to_conn(struct rxrpc_connection *conn, 644 struct sk_buff *skb) 645{ 646 _enter("%p,%p", conn, skb); 647 648 atomic_inc(&conn->usage); 649 skb_queue_tail(&conn->rx_queue, skb); 650 rxrpc_queue_conn(conn); 651} 652 653/* 654 * handle data received on the local endpoint 655 * - may be called in interrupt context 656 */ 657void rxrpc_data_ready(struct sock *sk, int count) 658{ 659 struct rxrpc_connection *conn; 660 struct rxrpc_transport *trans; 661 struct rxrpc_skb_priv *sp; 662 struct rxrpc_local *local; 663 struct rxrpc_peer *peer; 664 struct sk_buff *skb; 665 int ret; 666 667 _enter("%p, %d", sk, count); 668 669 ASSERT(!irqs_disabled()); 670 671 read_lock_bh(&rxrpc_local_lock); 672 local = sk->sk_user_data; 673 if (local && atomic_read(&local->usage) > 0) 674 rxrpc_get_local(local); 675 else 676 local = NULL; 677 read_unlock_bh(&rxrpc_local_lock); 678 if (!local) { 679 _leave(" [local dead]"); 680 return; 681 } 682 683 skb = skb_recv_datagram(sk, 0, 1, &ret); 684 if (!skb) { 685 rxrpc_put_local(local); 686 if (ret == -EAGAIN) 687 return; 688 _debug("UDP socket error %d", ret); 689 return; 690 } 691 692 rxrpc_new_skb(skb); 693 694 _net("recv skb %p", skb); 695 696 /* we'll probably need to checksum it (didn't call sock_recvmsg) */ 697 if (skb_checksum_complete(skb)) { 698 rxrpc_free_skb(skb); 699 rxrpc_put_local(local); 700 _leave(" [CSUM failed]"); 701 return; 702 } 703 704 /* the socket buffer we have is owned by UDP, with UDP's data all over 705 * it, but we really want our own */ 706 skb_orphan(skb); 707 sp = rxrpc_skb(skb); 708 memset(sp, 0, sizeof(*sp)); 709 710 _net("Rx UDP packet from %08x:%04hu", 711 ntohl(ip_hdr(skb)->saddr), ntohs(udp_hdr(skb)->source)); 712 713 /* dig out the RxRPC connection details */ 714 if (skb_copy_bits(skb, sizeof(struct udphdr), &sp->hdr, 715 sizeof(sp->hdr)) < 0) 716 goto bad_message; 717 if (!pskb_pull(skb, sizeof(struct udphdr) + sizeof(sp->hdr))) 718 BUG(); 719 720 _net("Rx RxRPC %s ep=%x call=%x:%x", 721 sp->hdr.flags & RXRPC_CLIENT_INITIATED ? "ToServer" : "ToClient", 722 ntohl(sp->hdr.epoch), 723 ntohl(sp->hdr.cid), 724 ntohl(sp->hdr.callNumber)); 725 726 if (sp->hdr.type == 0 || sp->hdr.type >= RXRPC_N_PACKET_TYPES) { 727 _proto("Rx Bad Packet Type %u", sp->hdr.type); 728 goto bad_message; 729 } 730 731 if (sp->hdr.type == RXRPC_PACKET_TYPE_DATA && 732 (sp->hdr.callNumber == 0 || sp->hdr.seq == 0)) 733 goto bad_message; 734 735 peer = rxrpc_find_peer(local, ip_hdr(skb)->saddr, udp_hdr(skb)->source); 736 if (IS_ERR(peer)) 737 goto cant_route_call; 738 739 trans = rxrpc_find_transport(local, peer); 740 rxrpc_put_peer(peer); 741 if (!trans) 742 goto cant_route_call; 743 744 conn = rxrpc_find_connection(trans, &sp->hdr); 745 rxrpc_put_transport(trans); 746 if (!conn) 747 goto cant_route_call; 748 749 _debug("CONN %p {%d}", conn, conn->debug_id); 750 751 if (sp->hdr.callNumber == 0) 752 rxrpc_post_packet_to_conn(conn, skb); 753 else 754 rxrpc_post_packet_to_call(conn, skb); 755 rxrpc_put_connection(conn); 756 rxrpc_put_local(local); 757 return; 758 759cant_route_call: 760 _debug("can't route call"); 761 if (sp->hdr.flags & RXRPC_CLIENT_INITIATED && 762 sp->hdr.type == RXRPC_PACKET_TYPE_DATA) { 763 if (sp->hdr.seq == __constant_cpu_to_be32(1)) { 764 _debug("first packet"); 765 skb_queue_tail(&local->accept_queue, skb); 766 rxrpc_queue_work(&local->acceptor); 767 rxrpc_put_local(local); 768 _leave(" [incoming]"); 769 return; 770 } 771 skb->priority = RX_INVALID_OPERATION; 772 } else { 773 skb->priority = RX_CALL_DEAD; 774 } 775 776 _debug("reject"); 777 rxrpc_reject_packet(local, skb); 778 rxrpc_put_local(local); 779 _leave(" [no call]"); 780 return; 781 782bad_message: 783 skb->priority = RX_PROTOCOL_ERROR; 784 rxrpc_reject_packet(local, skb); 785 rxrpc_put_local(local); 786 _leave(" [badmsg]"); 787} 788