Commit 17926a79 authored by David Howells's avatar David Howells Committed by David S. Miller

[AF_RXRPC]: Provide secure RxRPC sockets for use by userspace and kernel both

Provide AF_RXRPC sockets that can be used to talk to AFS servers, or serve
answers to AFS clients.  KerberosIV security is fully supported.  The patches
and some example test programs can be found in:

	http://people.redhat.com/~dhowells/rxrpc/

This will eventually replace the old implementation of kernel-only RxRPC
currently resident in net/rxrpc/.
Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent e19dff1f
This diff is collapsed.
/* RxRPC key type
*
* Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
* Written by David Howells (dhowells@redhat.com)
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version
* 2 of the License, or (at your option) any later version.
*/
#ifndef _KEYS_RXRPC_TYPE_H
#define _KEYS_RXRPC_TYPE_H
#include <linux/key.h>
/*
* key type for AF_RXRPC keys
*/
extern struct key_type key_type_rxrpc;
#endif /* _KEYS_USER_TYPE_H */
...@@ -24,7 +24,7 @@ ...@@ -24,7 +24,7 @@
struct poll_table_struct; struct poll_table_struct;
struct inode; struct inode;
#define NPROTO 33 /* should be enough for now.. */ #define NPROTO 34 /* should be enough for now.. */
#define SYS_SOCKET 1 /* sys_socket(2) */ #define SYS_SOCKET 1 /* sys_socket(2) */
#define SYS_BIND 2 /* sys_bind(2) */ #define SYS_BIND 2 /* sys_bind(2) */
......
/* AF_RXRPC parameters
*
* Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
* Written by David Howells (dhowells@redhat.com)
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version
* 2 of the License, or (at your option) any later version.
*/
#ifndef _LINUX_RXRPC_H
#define _LINUX_RXRPC_H
#include <linux/in.h>
#include <linux/in6.h>
/*
* RxRPC socket address
*/
struct sockaddr_rxrpc {
sa_family_t srx_family; /* address family */
u16 srx_service; /* service desired */
u16 transport_type; /* type of transport socket (SOCK_DGRAM) */
u16 transport_len; /* length of transport address */
union {
sa_family_t family; /* transport address family */
struct sockaddr_in sin; /* IPv4 transport address */
struct sockaddr_in6 sin6; /* IPv6 transport address */
} transport;
};
/*
* RxRPC socket options
*/
#define RXRPC_SECURITY_KEY 1 /* [clnt] set client security key */
#define RXRPC_SECURITY_KEYRING 2 /* [srvr] set ring of server security keys */
#define RXRPC_EXCLUSIVE_CONNECTION 3 /* [clnt] use exclusive RxRPC connection */
#define RXRPC_MIN_SECURITY_LEVEL 4 /* minimum security level */
/*
* RxRPC control messages
* - terminal messages mean that a user call ID tag can be recycled
*/
#define RXRPC_USER_CALL_ID 1 /* user call ID specifier */
#define RXRPC_ABORT 2 /* abort request / notification [terminal] */
#define RXRPC_ACK 3 /* [Server] RPC op final ACK received [terminal] */
#define RXRPC_NET_ERROR 5 /* network error received [terminal] */
#define RXRPC_BUSY 6 /* server busy received [terminal] */
#define RXRPC_LOCAL_ERROR 7 /* local error generated [terminal] */
#define RXRPC_NEW_CALL 8 /* [Server] new incoming call notification */
#define RXRPC_ACCEPT 9 /* [Server] accept request */
/*
* RxRPC security levels
*/
#define RXRPC_SECURITY_PLAIN 0 /* plain secure-checksummed packets only */
#define RXRPC_SECURITY_AUTH 1 /* authenticated packets */
#define RXRPC_SECURITY_ENCRYPT 2 /* encrypted packets */
#endif /* _LINUX_RXRPC_H */
...@@ -188,7 +188,8 @@ struct ucred { ...@@ -188,7 +188,8 @@ struct ucred {
#define AF_TIPC 30 /* TIPC sockets */ #define AF_TIPC 30 /* TIPC sockets */
#define AF_BLUETOOTH 31 /* Bluetooth sockets */ #define AF_BLUETOOTH 31 /* Bluetooth sockets */
#define AF_IUCV 32 /* IUCV sockets */ #define AF_IUCV 32 /* IUCV sockets */
#define AF_MAX 33 /* For now.. */ #define AF_RXRPC 33 /* RxRPC sockets */
#define AF_MAX 34 /* For now.. */
/* Protocol families, same as address families. */ /* Protocol families, same as address families. */
#define PF_UNSPEC AF_UNSPEC #define PF_UNSPEC AF_UNSPEC
...@@ -222,6 +223,7 @@ struct ucred { ...@@ -222,6 +223,7 @@ struct ucred {
#define PF_TIPC AF_TIPC #define PF_TIPC AF_TIPC
#define PF_BLUETOOTH AF_BLUETOOTH #define PF_BLUETOOTH AF_BLUETOOTH
#define PF_IUCV AF_IUCV #define PF_IUCV AF_IUCV
#define PF_RXRPC AF_RXRPC
#define PF_MAX AF_MAX #define PF_MAX AF_MAX
/* Maximum queue length specifiable by listen. */ /* Maximum queue length specifiable by listen. */
...@@ -284,6 +286,7 @@ struct ucred { ...@@ -284,6 +286,7 @@ struct ucred {
#define SOL_DCCP 269 #define SOL_DCCP 269
#define SOL_NETLINK 270 #define SOL_NETLINK 270
#define SOL_TIPC 271 #define SOL_TIPC 271
#define SOL_RXRPC 272
/* IPX options */ /* IPX options */
#define IPX_TYPE 1 #define IPX_TYPE 1
......
/* RxRPC definitions
*
* Copyright (C) 2006 Red Hat, Inc. All Rights Reserved.
* Written by David Howells (dhowells@redhat.com)
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version
* 2 of the License, or (at your option) any later version.
*/
#ifndef _NET_RXRPC_H
#define _NET_RXRPC_H
#include <linux/rxrpc.h>
#endif /* _NET_RXRPC_H */
...@@ -33,7 +33,8 @@ struct rxrpc_header ...@@ -33,7 +33,8 @@ struct rxrpc_header
#define RXRPC_MAXCALLS 4 /* max active calls per conn */ #define RXRPC_MAXCALLS 4 /* max active calls per conn */
#define RXRPC_CHANNELMASK (RXRPC_MAXCALLS-1) /* mask for channel ID */ #define RXRPC_CHANNELMASK (RXRPC_MAXCALLS-1) /* mask for channel ID */
#define RXRPC_CIDMASK (~RXRPC_CHANNELMASK) /* mask for connection ID */ #define RXRPC_CIDMASK (~RXRPC_CHANNELMASK) /* mask for connection ID */
#define RXRPC_CIDSHIFT 2 /* shift for connection ID */ #define RXRPC_CIDSHIFT ilog2(RXRPC_MAXCALLS) /* shift for connection ID */
#define RXRPC_CID_INC (1 << RXRPC_CIDSHIFT) /* connection ID increment */
__be32 callNumber; /* call ID (0 for connection-level packets) */ __be32 callNumber; /* call ID (0 for connection-level packets) */
#define RXRPC_PROCESS_MAXCALLS (1<<2) /* maximum number of active calls per conn (power of 2) */ #define RXRPC_PROCESS_MAXCALLS (1<<2) /* maximum number of active calls per conn (power of 2) */
...@@ -62,7 +63,10 @@ struct rxrpc_header ...@@ -62,7 +63,10 @@ struct rxrpc_header
uint8_t userStatus; /* app-layer defined status */ uint8_t userStatus; /* app-layer defined status */
uint8_t securityIndex; /* security protocol ID */ uint8_t securityIndex; /* security protocol ID */
__be16 _rsvd; /* reserved (used by kerberos security as cksum) */ union {
__be16 _rsvd; /* reserved */
__be16 cksum; /* kerberos security checksum */
};
__be16 serviceId; /* service ID */ __be16 serviceId; /* service ID */
} __attribute__((packed)); } __attribute__((packed));
...@@ -124,4 +128,81 @@ struct rxrpc_ackpacket ...@@ -124,4 +128,81 @@ struct rxrpc_ackpacket
} __attribute__((packed)); } __attribute__((packed));
/*
* ACK packets can have a further piece of information tagged on the end
*/
struct rxrpc_ackinfo {
__be32 rxMTU; /* maximum Rx MTU size (bytes) [AFS 3.3] */
__be32 maxMTU; /* maximum interface MTU size (bytes) [AFS 3.3] */
__be32 rwind; /* Rx window size (packets) [AFS 3.4] */
__be32 jumbo_max; /* max packets to stick into a jumbo packet [AFS 3.5] */
};
/*****************************************************************************/
/*
* Kerberos security type-2 challenge packet
*/
struct rxkad_challenge {
__be32 version; /* version of this challenge type */
__be32 nonce; /* encrypted random number */
__be32 min_level; /* minimum security level */
__be32 __padding; /* padding to 8-byte boundary */
} __attribute__((packed));
/*****************************************************************************/
/*
* Kerberos security type-2 response packet
*/
struct rxkad_response {
__be32 version; /* version of this reponse type */
__be32 __pad;
/* encrypted bit of the response */
struct {
__be32 epoch; /* current epoch */
__be32 cid; /* parent connection ID */
__be32 checksum; /* checksum */
__be32 securityIndex; /* security type */
__be32 call_id[4]; /* encrypted call IDs */
__be32 inc_nonce; /* challenge nonce + 1 */
__be32 level; /* desired level */
} encrypted;
__be32 kvno; /* Kerberos key version number */
__be32 ticket_len; /* Kerberos ticket length */
} __attribute__((packed));
/*****************************************************************************/
/*
* RxRPC-level abort codes
*/
#define RX_CALL_DEAD -1 /* call/conn has been inactive and is shut down */
#define RX_INVALID_OPERATION -2 /* invalid operation requested / attempted */
#define RX_CALL_TIMEOUT -3 /* call timeout exceeded */
#define RX_EOF -4 /* unexpected end of data on read op */
#define RX_PROTOCOL_ERROR -5 /* low-level protocol error */
#define RX_USER_ABORT -6 /* generic user abort */
#define RX_ADDRINUSE -7 /* UDP port in use */
#define RX_DEBUGI_BADTYPE -8 /* bad debugging packet type */
/*
* Rx kerberos security abort codes
* - unfortunately we have no generalised security abort codes to say things
* like "unsupported security", so we have to use these instead and hope the
* other side understands
*/
#define RXKADINCONSISTENCY 19270400 /* security module structure inconsistent */
#define RXKADPACKETSHORT 19270401 /* packet too short for security challenge */
#define RXKADLEVELFAIL 19270402 /* security level negotiation failed */
#define RXKADTICKETLEN 19270403 /* ticket length too short or too long */
#define RXKADOUTOFSEQUENCE 19270404 /* packet had bad sequence number */
#define RXKADNOAUTH 19270405 /* caller not authorised */
#define RXKADBADKEY 19270406 /* illegal key: bad parity or weak */
#define RXKADBADTICKET 19270407 /* security object was passed a bad ticket */
#define RXKADUNKNOWNKEY 19270408 /* ticket contained unknown key version number */
#define RXKADEXPIRED 19270409 /* authentication expired */
#define RXKADSEALEDINCON 19270410 /* sealed data inconsistent */
#define RXKADDATALEN 19270411 /* user data too long */
#define RXKADILLEGALLEVEL 19270412 /* caller not authorised to use encrypted conns */
#endif /* _LINUX_RXRPC_PACKET_H */ #endif /* _LINUX_RXRPC_PACKET_H */
...@@ -212,6 +212,7 @@ endmenu ...@@ -212,6 +212,7 @@ endmenu
source "net/ax25/Kconfig" source "net/ax25/Kconfig"
source "net/irda/Kconfig" source "net/irda/Kconfig"
source "net/bluetooth/Kconfig" source "net/bluetooth/Kconfig"
source "net/rxrpc/Kconfig"
config FIB_RULES config FIB_RULES
bool bool
......
...@@ -38,6 +38,7 @@ obj-$(CONFIG_IRDA) += irda/ ...@@ -38,6 +38,7 @@ obj-$(CONFIG_IRDA) += irda/
obj-$(CONFIG_BT) += bluetooth/ obj-$(CONFIG_BT) += bluetooth/
obj-$(CONFIG_SUNRPC) += sunrpc/ obj-$(CONFIG_SUNRPC) += sunrpc/
obj-$(CONFIG_RXRPC) += rxrpc/ obj-$(CONFIG_RXRPC) += rxrpc/
obj-$(CONFIG_AF_RXRPC) += rxrpc/
obj-$(CONFIG_ATM) += atm/ obj-$(CONFIG_ATM) += atm/
obj-$(CONFIG_DECNET) += decnet/ obj-$(CONFIG_DECNET) += decnet/
obj-$(CONFIG_ECONET) += econet/ obj-$(CONFIG_ECONET) += econet/
......
...@@ -154,7 +154,8 @@ static const char *af_family_key_strings[AF_MAX+1] = { ...@@ -154,7 +154,8 @@ static const char *af_family_key_strings[AF_MAX+1] = {
"sk_lock-21" , "sk_lock-AF_SNA" , "sk_lock-AF_IRDA" , "sk_lock-21" , "sk_lock-AF_SNA" , "sk_lock-AF_IRDA" ,
"sk_lock-AF_PPPOX" , "sk_lock-AF_WANPIPE" , "sk_lock-AF_LLC" , "sk_lock-AF_PPPOX" , "sk_lock-AF_WANPIPE" , "sk_lock-AF_LLC" ,
"sk_lock-27" , "sk_lock-28" , "sk_lock-29" , "sk_lock-27" , "sk_lock-28" , "sk_lock-29" ,
"sk_lock-AF_TIPC" , "sk_lock-AF_BLUETOOTH", "sk_lock-AF_MAX" "sk_lock-AF_TIPC" , "sk_lock-AF_BLUETOOTH", "sk_lock-IUCV" ,
"sk_lock-AF_RXRPC" , "sk_lock-AF_MAX"
}; };
static const char *af_family_slock_key_strings[AF_MAX+1] = { static const char *af_family_slock_key_strings[AF_MAX+1] = {
"slock-AF_UNSPEC", "slock-AF_UNIX" , "slock-AF_INET" , "slock-AF_UNSPEC", "slock-AF_UNIX" , "slock-AF_INET" ,
...@@ -167,7 +168,8 @@ static const char *af_family_slock_key_strings[AF_MAX+1] = { ...@@ -167,7 +168,8 @@ static const char *af_family_slock_key_strings[AF_MAX+1] = {
"slock-21" , "slock-AF_SNA" , "slock-AF_IRDA" , "slock-21" , "slock-AF_SNA" , "slock-AF_IRDA" ,
"slock-AF_PPPOX" , "slock-AF_WANPIPE" , "slock-AF_LLC" , "slock-AF_PPPOX" , "slock-AF_WANPIPE" , "slock-AF_LLC" ,
"slock-27" , "slock-28" , "slock-29" , "slock-27" , "slock-28" , "slock-29" ,
"slock-AF_TIPC" , "slock-AF_BLUETOOTH", "slock-AF_MAX" "slock-AF_TIPC" , "slock-AF_BLUETOOTH", "slock-AF_IUCV" ,
"slock-AF_RXRPC" , "slock-AF_MAX"
}; };
#endif #endif
......
#
# RxRPC session sockets
#
config AF_RXRPC
tristate "RxRPC session sockets"
depends on EXPERIMENTAL
help
Say Y or M here to include support for RxRPC session sockets (just
the transport part, not the presentation part: (un)marshalling is
left to the application).
These are used for AFS kernel filesystem and userspace utilities.
This module at the moment only supports client operations and is
currently incomplete.
See Documentation/networking/rxrpc.txt.
config AF_RXRPC_DEBUG
bool "RxRPC dynamic debugging"
depends on AF_RXRPC
help
Say Y here to make runtime controllable debugging messages appear.
See Documentation/networking/rxrpc.txt.
config RXKAD
tristate "RxRPC Kerberos security"
depends on AF_RXRPC && KEYS
help
Provide kerberos 4 and AFS kaserver security handling for AF_RXRPC
through the use of the key retention service.
See Documentation/networking/rxrpc.txt.
...@@ -4,6 +4,35 @@ ...@@ -4,6 +4,35 @@
#CFLAGS += -finstrument-functions #CFLAGS += -finstrument-functions
af-rxrpc-objs := \
af_rxrpc.o \
ar-accept.o \
ar-ack.o \
ar-call.o \
ar-connection.o \
ar-connevent.o \
ar-error.o \
ar-input.o \
ar-key.o \
ar-local.o \
ar-output.o \
ar-peer.o \
ar-recvmsg.o \
ar-security.o \
ar-skbuff.o \
ar-transport.o
ifeq ($(CONFIG_PROC_FS),y)
af-rxrpc-objs += ar-proc.o
endif
obj-$(CONFIG_AF_RXRPC) += af-rxrpc.o
obj-$(CONFIG_RXKAD) += rxkad.o
#
# obsolete RxRPC interface, still used by fs/afs/
#
rxrpc-objs := \ rxrpc-objs := \
call.o \ call.o \
connection.o \ connection.o \
...@@ -22,4 +51,4 @@ ifeq ($(CONFIG_SYSCTL),y) ...@@ -22,4 +51,4 @@ ifeq ($(CONFIG_SYSCTL),y)
rxrpc-objs += sysctl.o rxrpc-objs += sysctl.o
endif endif
obj-$(CONFIG_RXRPC) := rxrpc.o obj-$(CONFIG_RXRPC) += rxrpc.o
This diff is collapsed.
/* incoming call handling
*
* Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
* Written by David Howells (dhowells@redhat.com)
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version
* 2 of the License, or (at your option) any later version.
*/
#include <linux/module.h>
#include <linux/net.h>
#include <linux/skbuff.h>
#include <linux/errqueue.h>
#include <linux/udp.h>
#include <linux/in.h>
#include <linux/in6.h>
#include <linux/icmp.h>
#include <net/sock.h>
#include <net/af_rxrpc.h>
#include <net/ip.h>
#include "ar-internal.h"
/*
* generate a connection-level abort
*/
static int rxrpc_busy(struct rxrpc_local *local, struct sockaddr_rxrpc *srx,
struct rxrpc_header *hdr)
{
struct msghdr msg;
struct kvec iov[1];
size_t len;
int ret;
_enter("%d,,", local->debug_id);
msg.msg_name = &srx->transport.sin;
msg.msg_namelen = sizeof(srx->transport.sin);
msg.msg_control = NULL;
msg.msg_controllen = 0;
msg.msg_flags = 0;
hdr->seq = 0;
hdr->type = RXRPC_PACKET_TYPE_BUSY;
hdr->flags = 0;
hdr->userStatus = 0;
hdr->_rsvd = 0;
iov[0].iov_base = hdr;
iov[0].iov_len = sizeof(*hdr);
len = iov[0].iov_len;
hdr->serial = htonl(1);
_proto("Tx BUSY %%%u", ntohl(hdr->serial));
ret = kernel_sendmsg(local->socket, &msg, iov, 1, len);
if (ret < 0) {
_leave(" = -EAGAIN [sendmsg failed: %d]", ret);
return -EAGAIN;
}
_leave(" = 0");
return 0;
}
/*
* accept an incoming call that needs peer, transport and/or connection setting
* up
*/
static int rxrpc_accept_incoming_call(struct rxrpc_local *local,
struct rxrpc_sock *rx,
struct sk_buff *skb,
struct sockaddr_rxrpc *srx)
{
struct rxrpc_connection *conn;
struct rxrpc_transport *trans;
struct rxrpc_skb_priv *sp, *nsp;
struct rxrpc_peer *peer;
struct rxrpc_call *call;
struct sk_buff *notification;
int ret;
_enter("");
sp = rxrpc_skb(skb);
/* get a notification message to send to the server app */
notification = alloc_skb(0, GFP_NOFS);
rxrpc_new_skb(notification);
notification->mark = RXRPC_SKB_MARK_NEW_CALL;
peer = rxrpc_get_peer(srx, GFP_NOIO);
if (IS_ERR(peer)) {
_debug("no peer");
ret = -EBUSY;
goto error;
}
trans = rxrpc_get_transport(local, peer, GFP_NOIO);
rxrpc_put_peer(peer);
if (!trans) {
_debug("no trans");
ret = -EBUSY;
goto error;
}
conn = rxrpc_incoming_connection(trans, &sp->hdr, GFP_NOIO);
rxrpc_put_transport(trans);
if (IS_ERR(conn)) {
_debug("no conn");
ret = PTR_ERR(conn);
goto error;
}
call = rxrpc_incoming_call(rx, conn, &sp->hdr, GFP_NOIO);
rxrpc_put_connection(conn);
if (IS_ERR(call)) {
_debug("no call");
ret = PTR_ERR(call);
goto error;
}
/* attach the call to the socket */
read_lock_bh(&local->services_lock);
if (rx->sk.sk_state == RXRPC_CLOSE)
goto invalid_service;
write_lock(&rx->call_lock);
if (!test_and_set_bit(RXRPC_CALL_INIT_ACCEPT, &call->flags)) {
rxrpc_get_call(call);
spin_lock(&call->conn->state_lock);
if (sp->hdr.securityIndex > 0 &&
call->conn->state == RXRPC_CONN_SERVER_UNSECURED) {
_debug("await conn sec");
list_add_tail(&call->accept_link, &rx->secureq);
call->conn->state = RXRPC_CONN_SERVER_CHALLENGING;
atomic_inc(&call->conn->usage);
set_bit(RXRPC_CONN_CHALLENGE, &call->conn->events);
schedule_work(&call->conn->processor);
} else {
_debug("conn ready");
call->state = RXRPC_CALL_SERVER_ACCEPTING;
list_add_tail(&call->accept_link, &rx->acceptq);
rxrpc_get_call(call);
nsp = rxrpc_skb(notification);
nsp->call = call;
ASSERTCMP(atomic_read(&call->usage), >=, 3);
_debug("notify");
spin_lock(&call->lock);
ret = rxrpc_queue_rcv_skb(call, notification, true,
false);
spin_unlock(&call->lock);
notification = NULL;
if (ret < 0)
BUG();
}
spin_unlock(&call->conn->state_lock);
_debug("queued");
}
write_unlock(&rx->call_lock);
_debug("process");
rxrpc_fast_process_packet(call, skb);
_debug("done");
read_unlock_bh(&local->services_lock);
rxrpc_free_skb(notification);
rxrpc_put_call(call);
_leave(" = 0");
return 0;
invalid_service:
_debug("invalid");
read_unlock_bh(&local->services_lock);
read_lock_bh(&call->state_lock);
if (!test_bit(RXRPC_CALL_RELEASE, &call->flags) &&
!test_and_set_bit(RXRPC_CALL_RELEASE, &call->events)) {
rxrpc_get_call(call);
schedule_work(&call->processor);
}
read_unlock_bh(&call->state_lock);
rxrpc_put_call(call);
ret = -ECONNREFUSED;
error:
rxrpc_free_skb(notification);
_leave(" = %d", ret);
return ret;
}
/*
* accept incoming calls that need peer, transport and/or connection setting up
* - the packets we get are all incoming client DATA packets that have seq == 1
*/
void rxrpc_accept_incoming_calls(struct work_struct *work)
{
struct rxrpc_local *local =
container_of(work, struct rxrpc_local, acceptor);
struct rxrpc_skb_priv *sp;
struct sockaddr_rxrpc srx;
struct rxrpc_sock *rx;
struct sk_buff *skb;
__be16 service_id;
int ret;
_enter("%d", local->debug_id);
read_lock_bh(&rxrpc_local_lock);
if (atomic_read(&local->usage) > 0)
rxrpc_get_local(local);
else
local = NULL;
read_unlock_bh(&rxrpc_local_lock);
if (!local) {
_leave(" [local dead]");
return;
}
process_next_packet:
skb = skb_dequeue(&local->accept_queue);
if (!skb) {
rxrpc_put_local(local);
_leave("\n");
return;
}
_net("incoming call skb %p", skb);
sp = rxrpc_skb(skb);
/* determine the remote address */
memset(&srx, 0, sizeof(srx));
srx.srx_family = AF_RXRPC;
srx.transport.family = local->srx.transport.family;
srx.transport_type = local->srx.transport_type;
switch (srx.transport.family) {
case AF_INET:
srx.transport_len = sizeof(struct sockaddr_in);
srx.transport.sin.sin_port = udp_hdr(skb)->source;
srx.transport.sin.sin_addr.s_addr = ip_hdr(skb)->saddr;
break;
default:
goto busy;
}
/* get the socket providing the service */
service_id = sp->hdr.serviceId;
read_lock_bh(&local->services_lock);
list_for_each_entry(rx, &local->services, listen_link) {
if (rx->service_id == service_id &&
rx->sk.sk_state != RXRPC_CLOSE)
goto found_service;
}
read_unlock_bh(&local->services_lock);
goto invalid_service;
found_service:
_debug("found service %hd", ntohs(rx->service_id));
if (sk_acceptq_is_full(&rx->sk))
goto backlog_full;
sk_acceptq_added(&rx->sk);
sock_hold(&rx->sk);
read_unlock_bh(&local->services_lock);
ret = rxrpc_accept_incoming_call(local, rx, skb, &srx);
if (ret < 0)
sk_acceptq_removed(&rx->sk);
sock_put(&rx->sk);
switch (ret) {
case -ECONNRESET: /* old calls are ignored */
case -ECONNABORTED: /* aborted calls are reaborted or ignored */
case 0:
goto process_next_packet;
case -ECONNREFUSED:
goto invalid_service;
case -EBUSY:
goto busy;
case -EKEYREJECTED:
goto security_mismatch;
default:
BUG();
}
backlog_full:
read_unlock_bh(&local->services_lock);
busy:
rxrpc_busy(local, &srx, &sp->hdr);
rxrpc_free_skb(skb);
goto process_next_packet;
invalid_service:
skb->priority = RX_INVALID_OPERATION;
rxrpc_reject_packet(local, skb);
goto process_next_packet;
/* can't change connection security type mid-flow */
security_mismatch:
skb->priority = RX_PROTOCOL_ERROR;
rxrpc_reject_packet(local, skb);
goto process_next_packet;
}
/*
* handle acceptance of a call by userspace
* - assign the user call ID to the call at the front of the queue
*/
int rxrpc_accept_call(struct rxrpc_sock *rx, unsigned long user_call_ID)
{
struct rxrpc_call *call;
struct rb_node *parent, **pp;
int ret;
_enter(",%lx", user_call_ID);
ASSERT(!irqs_disabled());
write_lock(&rx->call_lock);
ret = -ENODATA;
if (list_empty(&rx->acceptq))
goto out;
/* check the user ID isn't already in use */
ret = -EBADSLT;
pp = &rx->calls.rb_node;
parent = NULL;
while (*pp) {
parent = *pp;