Line data Source code
1 : // SPDX-License-Identifier: GPL-2.0-or-later
2 : /* QUIC kernel implementation
3 : * (C) Copyright Red Hat Corp. 2023
4 : *
5 : * This file is part of the QUIC kernel implementation
6 : *
7 : * Initialization/cleanup for QUIC protocol support.
8 : *
9 : * Written or modified by:
10 : * Xin Long <lucien.xin@gmail.com>
11 : */
12 :
13 : #include <net/proto_memory.h>
14 :
15 : #include "socket.h"
16 :
17 8295330 : static bool quic_frame_copy_from_iter_full(void *addr, size_t bytes, struct iov_iter *i)
18 : {
19 8295330 : size_t copied = _copy_from_iter(addr, bytes, i);
20 :
21 8295330 : if (likely(copied == bytes))
22 : return true;
23 0 : iov_iter_revert(i, copied);
24 0 : return false;
25 : }
26 :
27 : /* rfc9000#section-19.3:
28 : *
29 : * ACK or ACK_ECN Frame {
30 : * Type (i) = 0x02..0x03,
31 : * Largest Acknowledged (i),
32 : * ACK Delay (i),
33 : * ACK Range Count (i),
34 : * First ACK Range (i),
35 : * ACK Range (..) ...,
36 : * [ECN Counts (..)],
37 : * }
38 : *
39 : * ACK Range {
40 : * Gap (i),
41 : * ACK Range Length (i),
42 : * }
43 : *
44 : * ECN Counts {
45 : * ECT0 Count (i),
46 : * ECT1 Count (i),
47 : * ECN-CE Count (i),
48 : * }
49 : *
50 : * Receivers send ACK or ACK_ECN frames to inform senders of packets they have received and
51 : * processed. The ACK frame contains one or more ACK Ranges. ACK Ranges identify acknowledged
52 : * packets. If ACK_ECN frames also contain the cumulative count of QUIC packets with associated
53 : * ECN marks received on the connection up until this point.
54 : */
55 378481 : static struct quic_frame *quic_frame_ack_create(struct sock *sk, void *data, u8 type)
56 : {
57 378481 : struct quic_gap_ack_block gabs[QUIC_PN_MAX_GABS];
58 378481 : u64 largest, smallest, range, delay, *ecn_count;
59 378481 : struct quic_outqueue *outq = quic_outq(sk);
60 378481 : u8 *p, level = *((u8 *)data);
61 378481 : struct quic_pnspace *space;
62 378481 : u32 frame_len, num_gabs, i;
63 378481 : struct quic_frame *frame;
64 :
65 378481 : space = quic_pnspace(sk, level);
66 : /* If ECN counts are present, use ACK_ECN frame type. */
67 378481 : type += quic_pnspace_has_ecn_count(space);
68 : /* Collect gap-based ACK blocks from the PN space. */
69 378481 : num_gabs = quic_pnspace_num_gabs(space, gabs);
70 :
71 : /* Determine the Largest Acknowledged and First ACK Range. */
72 378481 : largest = space->max_pn_seen;
73 378481 : smallest = space->min_pn_seen;
74 378481 : if (num_gabs)
75 23920 : smallest = space->base_pn + gabs[num_gabs - 1].end;
76 378481 : range = largest - smallest; /* rfc9000#section-19.3.1: smallest = largest - ack_range. */
77 : /* Calculate ACK Delay, adjusted by the ACK delay exponent. */
78 378481 : delay = jiffies_to_usecs(jiffies) - space->max_pn_time;
79 378481 : delay >>= outq->ack_delay_exponent;
80 :
81 : /* Estimate the maximum frame length: type + 4 * varints + ranges + ECN Counts. */
82 378481 : frame_len = 1 + quic_var_len(largest) + quic_var_len(delay) + quic_var_len(num_gabs) +
83 378481 : quic_var_len(range) + sizeof(struct quic_gap_ack_block) * num_gabs +
84 : sizeof(*ecn_count) * QUIC_ECN_MAX;
85 378481 : frame = quic_frame_alloc(frame_len, NULL, GFP_ATOMIC);
86 378481 : if (!frame)
87 : return NULL;
88 378481 : p = quic_put_var(frame->data, type);
89 378481 : p = quic_put_var(p, largest); /* Largest Acknowledged. */
90 378481 : p = quic_put_var(p, delay); /* ACK Delay. */
91 378481 : p = quic_put_var(p, num_gabs); /* ACK Count. */
92 378481 : p = quic_put_var(p, range); /* First ACK Range. */
93 :
94 378481 : if (num_gabs) { /* Encode additional ACK Ranges and Gaps if present. */
95 304909 : for (i = num_gabs - 1; i > 0; i--) {
96 280989 : p = quic_put_var(p, gabs[i].end - gabs[i].start); /* Gap. */
97 : /* ACK Range Length. */
98 280989 : p = quic_put_var(p, gabs[i].start - gabs[i - 1].end - 2);
99 : }
100 : /* Final gap and range. */
101 23920 : p = quic_put_var(p, gabs[0].end - gabs[0].start); /* Gap. */
102 23920 : largest = gabs[0].start - 1 + space->base_pn - 1;
103 23920 : range = largest - space->min_pn_seen;
104 23920 : p = quic_put_var(p, range); /* ACK Range Length. */
105 : }
106 378481 : if (type == QUIC_FRAME_ACK_ECN) {
107 353509 : ecn_count = space->ecn_count[QUIC_ECN_LOCAL];
108 353509 : p = quic_put_var(p, ecn_count[QUIC_ECN_ECT0]); /* ECT0 Count. */
109 353509 : p = quic_put_var(p, ecn_count[QUIC_ECN_ECT1]); /* ECT1 Count. */
110 353509 : p = quic_put_var(p, ecn_count[QUIC_ECN_CE]); /* ECN-CE Count. */
111 : }
112 : /* Finalize frame metadata. */
113 378481 : frame->type = type;
114 378481 : frame->len = (u16)(p - frame->data);
115 378481 : frame->size = frame->len;
116 378481 : frame->level = level;
117 :
118 378481 : return frame;
119 : }
120 :
121 : /* rfc9000#section-19.2:
122 : *
123 : * PING Frame {
124 : * Type (i) = 0x01,
125 : * }
126 : *
127 : * Endpoints can use PING frames to verify that their peers are still alive or to check
128 : * reachability to the peer.
129 : *
130 : * It is also used for PMTUD probing. When probe size is provided, it fills the rest of the
131 : * frame with zeros and sets the padding flag.
132 : */
133 201 : static struct quic_frame *quic_frame_ping_create(struct sock *sk, void *data, u8 type)
134 : {
135 201 : struct quic_packet *packet = quic_packet(sk);
136 201 : struct quic_probeinfo *info = data;
137 201 : struct quic_frame *frame;
138 201 : u32 frame_len = 1;
139 :
140 : /* If a probe size is specified and larger than the overhead, request padding to reach
141 : * that total size.
142 : */
143 201 : if (info->size > packet->overhead)
144 193 : frame_len = info->size - packet->overhead;
145 :
146 201 : frame = quic_frame_alloc(frame_len, NULL, GFP_ATOMIC);
147 201 : if (!frame)
148 : return NULL;
149 :
150 201 : frame->level = info->level;
151 201 : quic_put_var(frame->data, type);
152 201 : if (frame_len > 1) {
153 193 : memset(frame->data + 1, 0, frame_len - 1);
154 193 : frame->padding = 1;
155 : }
156 :
157 : return frame;
158 : }
159 :
160 : /* rfc9000#section-19.1:
161 : *
162 : * PADDING Frame {
163 : * Type (i) = 0x00,
164 : * }
165 : *
166 : * A PADDING frame (type=0x00) has no semantic value. PADDING frames can be used to increase
167 : * the size of a packet.
168 : */
169 0 : static struct quic_frame *quic_frame_padding_create(struct sock *sk, void *data, u8 type)
170 : {
171 0 : struct quic_frame *frame;
172 0 : u32 *frame_len = data;
173 :
174 0 : frame = quic_frame_alloc(*frame_len + 1, NULL, GFP_ATOMIC);
175 0 : if (!frame)
176 : return NULL;
177 0 : quic_put_var(frame->data, type);
178 0 : memset(frame->data + 1, 0, *frame_len);
179 :
180 0 : return frame;
181 : }
182 :
183 : /* rfc9000#section-19.7:
184 : *
185 : *
186 : * NEW_TOKEN Frame {
187 : * Type (i) = 0x07,
188 : * Token Length (i),
189 : * Token (..),
190 : * }
191 : *
192 : * The NEW_TOKEN frame is used by servers to provide address validation tokens to clients.
193 : * These tokens can be used by clients to skip address validation in future connections.
194 : */
195 427 : static struct quic_frame *quic_frame_new_token_create(struct sock *sk, void *data, u8 type)
196 : {
197 427 : struct quic_crypto *crypto = quic_crypto(sk, QUIC_CRYPTO_INITIAL);
198 427 : struct quic_conn_id_set *id_set = quic_source(sk);
199 427 : struct quic_path_group *paths = quic_paths(sk);
200 427 : struct quic_outqueue *outq = quic_outq(sk);
201 427 : u8 *p, buf[QUIC_FRAME_BUF_LARGE];
202 427 : struct quic_frame *frame;
203 427 : u32 tlen;
204 :
205 : /* Write token flags into buffer: QUIC_TOKEN_FLAG_REGULAR means regular token. */
206 427 : quic_put_int(buf, QUIC_TOKEN_FLAG_REGULAR, 1);
207 : /* Generate the token into buf; includes client's address and connection ID. */
208 427 : if (quic_crypto_generate_token(crypto, quic_path_daddr(paths, 0), sizeof(union quic_addr),
209 : quic_conn_id_active(id_set), buf, &tlen))
210 : return NULL;
211 :
212 427 : frame = quic_frame_alloc(tlen + 1 + quic_var_len(tlen), NULL, GFP_KERNEL);
213 427 : if (!frame)
214 : return NULL;
215 427 : p = quic_put_var(frame->data, type);
216 427 : p = quic_put_var(p, tlen);
217 427 : p = quic_put_data(p, buf, tlen);
218 427 : frame->len = (u16)(p - frame->data);
219 427 : frame->size = frame->len;
220 427 : outq->token_pending = 1; /* Mark token pending until it gets ACKed. */
221 :
222 427 : return frame;
223 : }
224 :
225 8291836 : static struct quic_frame_frag *quic_frame_frag_alloc(u16 size)
226 : {
227 8291836 : struct quic_frame_frag *frag;
228 :
229 8291836 : frag = kzalloc(sizeof(*frag) + size, GFP_KERNEL);
230 8291836 : if (frag)
231 8291836 : frag->size = size;
232 :
233 8291836 : return frag;
234 : }
235 :
236 : /* rfc9000#section-19.8:
237 : *
238 : * STREAM Frame {
239 : * Type (i) = 0x08..0x0f,
240 : * Stream ID (i),
241 : * [Offset (i)],
242 : * [Length (i)],
243 : * Stream Data (..),
244 : * }
245 : *
246 : * STREAM frames implicitly create a stream and carry stream data. The Type field in the STREAM
247 : * frame takes the form 0b00001XXX (or the set of values from 0x08 to 0x0f). The three low-order
248 : * bits of the frame type determine the fields that are present in the frame: The OFF bit
249 : * (0x04); The LEN bit (0x02); The FIN bit (0x01).
250 : */
251 6330005 : static struct quic_frame *quic_frame_stream_create(struct sock *sk, void *data, u8 type)
252 : {
253 6330005 : u32 msg_len, max_frame_len, hlen = 1;
254 6330005 : struct quic_msginfo *info = data;
255 6330005 : struct quic_frame_frag *frag;
256 6330005 : struct quic_stream *stream;
257 6330005 : struct quic_frame *frame;
258 6330005 : u8 *p, nodelay = 0;
259 6330005 : u64 wspace;
260 :
261 6330005 : stream = info->stream;
262 : /* Estimate header length: type (1 byte) + varint stream ID. */
263 6330005 : hlen += quic_var_len(stream->id);
264 : /* If there is a non-zero offset, include it and set OFF bit. */
265 6330005 : if (stream->send.bytes) {
266 6312245 : type |= QUIC_STREAM_BIT_OFF;
267 6312245 : hlen += quic_var_len(stream->send.bytes); /* varint Offset. */
268 : }
269 : /* To make things simple, always include length field, so set LEN bit. */
270 6330005 : type |= QUIC_STREAM_BIT_LEN;
271 6330005 : max_frame_len = quic_packet_max_payload(quic_packet(sk)); /* MSS. */
272 6330005 : hlen += quic_var_len(max_frame_len); /* varint Length. */
273 :
274 6330005 : msg_len = iov_iter_count(info->msg); /* Total message length from user space. */
275 6330005 : wspace = quic_outq_wspace(sk, stream); /* Flow control limit. */
276 :
277 : /* Trim msg_len to respect flow control and MSS constraints. */
278 6330005 : if ((u64)msg_len <= wspace) { /* All data fits in flow control limit. */
279 6238342 : if (msg_len <= max_frame_len - hlen) { /* Fits in MSS. */
280 : /* If message fits fully, include FIN bit if requested. */
281 2117766 : if (info->flags & MSG_STREAM_FIN)
282 17623 : type |= QUIC_STREAM_BIT_FIN;
283 : } else { /* Limit to MSS and mark as nodelay. */
284 : nodelay = 1;
285 : msg_len = max_frame_len - hlen;
286 : }
287 : } else { /* Limit to flow control limit. */
288 91663 : msg_len = wspace;
289 91663 : if (msg_len > max_frame_len - hlen) { /* Limit to MSS and mark as nodelay. */
290 82416 : nodelay = 1;
291 82416 : msg_len = max_frame_len - hlen;
292 : }
293 : }
294 :
295 6330005 : frame = quic_frame_alloc(hlen, NULL, GFP_KERNEL);
296 6330005 : if (!frame)
297 : return NULL;
298 6330005 : frame->stream = stream;
299 :
300 6330005 : if (msg_len) { /* Allocate and attach frame fragment for the payload. */
301 6330005 : frag = quic_frame_frag_alloc(msg_len);
302 6330005 : if (!frag) {
303 0 : quic_frame_put(frame);
304 0 : return NULL;
305 : }
306 : /* Copy user data into the frame fragment. */
307 6330005 : if (!quic_frame_copy_from_iter_full(frag->data, msg_len, info->msg)) {
308 0 : quic_frame_put(frame);
309 0 : kfree(frag);
310 0 : return NULL;
311 : }
312 6330005 : frame->flist = frag;
313 : }
314 :
315 : /* Encode STREAM frame header. */
316 6330005 : p = quic_put_var(frame->data, type);
317 6330005 : p = quic_put_var(p, stream->id);
318 6330005 : if (type & QUIC_STREAM_BIT_OFF)
319 6312245 : p = quic_put_var(p, stream->send.bytes);
320 6330005 : p = quic_put_var(p, msg_len);
321 :
322 : /* Finalize frame metadata. */
323 6330005 : frame->type = type;
324 6330005 : frame->size = (u16)(p - frame->data);
325 6330005 : frame->bytes = (u16)msg_len;
326 6330005 : frame->len = frame->size + frame->bytes;
327 6330005 : frame->nodelay = nodelay;
328 :
329 6330005 : return frame;
330 : }
331 :
332 : /* rfc9000#section-19.20:
333 : *
334 : * HANDSHAKE_DONE Frame {
335 : * Type (i) = 0x1e,
336 : * }
337 : *
338 : * The server uses a HANDSHAKE_DONE frame (type=0x1e) to signal confirmation of the handshake to
339 : * the client.
340 : */
341 419 : static struct quic_frame *quic_frame_handshake_done_create(struct sock *sk, void *data, u8 type)
342 : {
343 419 : u8 *p, buf[QUIC_FRAME_BUF_SMALL];
344 419 : struct quic_frame *frame;
345 419 : u32 frame_len;
346 :
347 419 : p = quic_put_var(buf, type);
348 419 : frame_len = (u32)(p - buf);
349 :
350 419 : frame = quic_frame_alloc(frame_len, NULL, GFP_KERNEL);
351 419 : if (!frame)
352 : return NULL;
353 419 : quic_put_data(frame->data, buf, frame_len);
354 :
355 419 : return frame;
356 : }
357 :
358 : /* rfc9000#section-19.6:
359 : *
360 : * CRYPTO Frame {
361 : * Type (i) = 0x06,
362 : * Offset (i),
363 : * Length (i),
364 : * Crypto Data (..),
365 : * }
366 : *
367 : * A CRYPTO frame (type=0x06) is used to transmit cryptographic handshake messages. It can be
368 : * sent in all packet types except 0-RTT. The CRYPTO frame offers the cryptographic protocol an
369 : * in-order stream of bytes. CRYPTO frames are functionally identical to STREAM frames, except
370 : * that they do not bear a stream identifier.
371 : */
372 3486 : static struct quic_frame *quic_frame_crypto_create(struct sock *sk, void *data, u8 type)
373 : {
374 3486 : u32 msg_len, max_frame_len, wspace, hlen = 1;
375 3486 : struct quic_msginfo *info = data;
376 3486 : struct quic_crypto *crypto;
377 3486 : struct quic_frame *frame;
378 3486 : u64 offset;
379 3486 : u8 *p;
380 :
381 3486 : max_frame_len = quic_packet_max_payload(quic_packet(sk)); /* MSS. */
382 3486 : crypto = quic_crypto(sk, info->level);
383 3486 : msg_len = iov_iter_count(info->msg);
384 3486 : wspace = sk_stream_wspace(sk);
385 :
386 3486 : offset = crypto->send_offset;
387 3486 : hlen += quic_var_len(offset);
388 3486 : hlen += quic_var_len(max_frame_len);
389 : /* Trim msg_len to respect socket sndbuf and MSS constraints. */
390 3486 : if (msg_len > wspace)
391 : msg_len = wspace;
392 3486 : if (msg_len > max_frame_len - hlen)
393 : msg_len = max_frame_len - hlen;
394 :
395 3486 : frame = quic_frame_alloc(msg_len + hlen, NULL, GFP_KERNEL);
396 3486 : if (!frame)
397 : return NULL;
398 3486 : p = quic_put_var(frame->data, type);
399 3486 : p = quic_put_var(p, offset);
400 3486 : p = quic_put_var(p, msg_len);
401 3486 : if (!quic_frame_copy_from_iter_full(p, msg_len, info->msg)) {
402 0 : quic_frame_put(frame);
403 0 : return NULL;
404 : }
405 3486 : p += msg_len;
406 :
407 3486 : frame->bytes = (u16)msg_len;
408 3486 : frame->len = (u16)(p - frame->data);
409 3486 : frame->size = frame->len;
410 3486 : frame->level = info->level;
411 :
412 3486 : return frame;
413 : }
414 :
415 : /* rfc9000#section-19.16:
416 : *
417 : * RETIRE_CONNECTION_ID Frame {
418 : * Type (i) = 0x19,
419 : * Sequence Number (i),
420 : * }
421 : *
422 : * An endpoint sends a RETIRE_CONNECTION_ID frame (type=0x19) to indicate that it will no longer
423 : * use a connection ID that was issued by its peer.
424 : */
425 157 : static struct quic_frame *quic_frame_retire_conn_id_create(struct sock *sk, void *data, u8 type)
426 : {
427 157 : struct quic_conn_id_set *id_set = quic_dest(sk);
428 157 : struct quic_connection_id_info info = {};
429 157 : u8 *p, buf[QUIC_FRAME_BUF_SMALL];
430 157 : struct quic_conn_id *active;
431 157 : struct quic_frame *frame;
432 157 : u64 *seqno = data; /* Sequence number to retire. */
433 157 : u32 frame_len;
434 :
435 157 : p = quic_put_var(buf, type);
436 157 : p = quic_put_var(p, *seqno);
437 157 : frame_len = (u32)(p - buf);
438 :
439 157 : frame = quic_frame_alloc(frame_len, NULL, GFP_ATOMIC);
440 157 : if (!frame)
441 : return NULL;
442 157 : quic_put_data(frame->data, buf, frame_len);
443 : /* Remove the specified connection ID from the destination CID set. */
444 157 : quic_conn_id_remove(id_set, *seqno);
445 :
446 : /* Notify the QUIC stack that a CID has been retired. */
447 157 : info.dest = 1;
448 157 : info.prior_to = quic_conn_id_first_number(id_set);
449 157 : active = quic_conn_id_active(id_set);
450 157 : info.active = quic_conn_id_number(active);
451 157 : quic_inq_event_recv(sk, QUIC_EVENT_CONNECTION_ID, &info);
452 :
453 157 : return frame;
454 : }
455 :
456 : /* rfc9000#section-19.15:
457 : *
458 : * NEW_CONNECTION_ID Frame {
459 : * Type (i) = 0x18,
460 : * Sequence Number (i),
461 : * Retire Prior To (i),
462 : * Length (8),
463 : * Connection ID (8..160),
464 : * Stateless Reset Token (128),
465 : * }
466 : *
467 : * An endpoint sends a NEW_CONNECTION_ID frame (type=0x18) to provide its peer with alternative
468 : * connection IDs that can be used to break linkability when migrating connections.
469 : */
470 5843 : static struct quic_frame *quic_frame_new_conn_id_create(struct sock *sk, void *data, u8 type)
471 : {
472 5843 : struct quic_crypto *crypto = quic_crypto(sk, QUIC_CRYPTO_INITIAL);
473 5843 : u8 *p, buf[QUIC_FRAME_BUF_LARGE], token[QUIC_CONN_ID_TOKEN_LEN];
474 5843 : struct quic_conn_id_set *id_set = quic_source(sk);
475 5843 : struct quic_conn_id scid = {};
476 5843 : u64 seqno, *prior = data; /* Retire Prior To. */
477 5843 : struct quic_frame *frame;
478 5843 : u32 frame_len;
479 5843 : int err;
480 :
481 : /* Compute the next sequence number for the new connection ID. */
482 5843 : seqno = quic_conn_id_last_number(id_set) + 1;
483 :
484 5843 : p = quic_put_var(buf, type);
485 5843 : p = quic_put_var(p, seqno);
486 5843 : p = quic_put_var(p, *prior);
487 : /* Generate value for the new source connection ID (SCID). */
488 5843 : quic_conn_id_generate(&scid);
489 5843 : p = quic_put_var(p, scid.len);
490 5843 : p = quic_put_data(p, scid.data, scid.len);
491 : /* rfc9000#section-10.3:
492 : *
493 : * A stateless reset token is specific to a connection ID. An endpoint issues a
494 : * stateless reset token by including the value in the Stateless Reset Token field
495 : * of a NEW_CONNECTION_ID frame.
496 : */
497 5843 : if (quic_crypto_generate_stateless_reset_token(crypto, scid.data, scid.len,
498 : token, QUIC_CONN_ID_TOKEN_LEN))
499 : return NULL;
500 5843 : p = quic_put_data(p, token, QUIC_CONN_ID_TOKEN_LEN);
501 5843 : frame_len = (u32)(p - buf);
502 :
503 5843 : frame = quic_frame_alloc(frame_len, NULL, GFP_ATOMIC);
504 5843 : if (!frame)
505 : return NULL;
506 5843 : quic_put_data(frame->data, buf, frame_len);
507 :
508 : /* Register the new SCID in the connection ID set with the new sequence number. */
509 5843 : err = quic_conn_id_add(id_set, &scid, seqno, sk);
510 5843 : if (err) {
511 0 : quic_frame_put(frame);
512 0 : return NULL;
513 : }
514 :
515 : return frame;
516 : }
517 :
518 : /* rfc9000#section-19.18:
519 : *
520 : * PATH_RESPONSE Frame {
521 : * Type (i) = 0x1b,
522 : * Data (64),
523 : * }
524 : *
525 : * A PATH_RESPONSE frame (type=0x1b) is sent in response to a PATH_CHALLENGE frame.
526 : */
527 285 : static struct quic_frame *quic_frame_path_response_create(struct sock *sk, void *data, u8 type)
528 : {
529 285 : u8 *p, buf[QUIC_FRAME_BUF_SMALL], *entropy = data;
530 285 : struct quic_frame *frame;
531 285 : u32 frame_len;
532 :
533 285 : p = quic_put_var(buf, type);
534 285 : p = quic_put_data(p, entropy, QUIC_PATH_ENTROPY_LEN);
535 285 : frame_len = (u32)(p - buf);
536 :
537 285 : frame = quic_frame_alloc(frame_len, NULL, GFP_ATOMIC);
538 285 : if (!frame)
539 : return NULL;
540 285 : quic_put_data(frame->data, buf, frame_len);
541 :
542 285 : return frame;
543 : }
544 :
545 : /* rfc9000#section-19.17:
546 : *
547 : * PATH_CHALLENGE Frame {
548 : * Type (i) = 0x1a,
549 : * Data (64),
550 : * }
551 : *
552 : * Endpoints can use PATH_CHALLENGE frames (type=0x1a) to check reachability to the peer and for
553 : * path validation during connection migration.
554 : */
555 1812 : static struct quic_frame *quic_frame_path_challenge_create(struct sock *sk, void *data, u8 type)
556 : {
557 1812 : u8 *p, *entropy, buf[QUIC_FRAME_BUF_SMALL];
558 1812 : struct quic_frame *frame;
559 1812 : u32 frame_len;
560 :
561 1812 : entropy = quic_paths(sk)->entropy;
562 1812 : get_random_bytes(entropy, QUIC_PATH_ENTROPY_LEN); /* Generate new entropy each time. */
563 :
564 1804 : p = quic_put_var(buf, type);
565 1811 : p = quic_put_data(p, entropy, QUIC_PATH_ENTROPY_LEN);
566 1806 : frame_len = (u32)(p - buf);
567 :
568 1806 : frame = quic_frame_alloc(frame_len, NULL, GFP_ATOMIC);
569 1835 : if (!frame)
570 : return NULL;
571 1835 : quic_put_data(frame->data, buf, frame_len);
572 :
573 1835 : return frame;
574 : }
575 :
576 : /* rfc9000#section-19.4:
577 : *
578 : * RESET_STREAM Frame {
579 : * Type (i) = 0x04,
580 : * Stream ID (i),
581 : * Application Protocol Error Code (i),
582 : * Final Size (i),
583 : * }
584 : *
585 : * An endpoint uses a RESET_STREAM frame (type=0x04) to abruptly terminate the sending part of a
586 : * stream.
587 : */
588 24 : static struct quic_frame *quic_frame_reset_stream_create(struct sock *sk, void *data, u8 type)
589 : {
590 24 : struct quic_stream_table *streams = quic_streams(sk);
591 24 : struct quic_errinfo *info = data; /* Error info. */
592 24 : u8 *p, buf[QUIC_FRAME_BUF_LARGE];
593 24 : struct quic_stream *stream;
594 24 : struct quic_frame *frame;
595 24 : u32 frame_len;
596 :
597 24 : stream = quic_stream_find(streams, info->stream_id);
598 24 : WARN_ON(!stream);
599 :
600 24 : p = quic_put_var(buf, type);
601 24 : p = quic_put_var(p, info->stream_id);
602 24 : p = quic_put_var(p, info->errcode);
603 24 : p = quic_put_var(p, stream->send.bytes);
604 24 : frame_len = (u32)(p - buf);
605 :
606 24 : frame = quic_frame_alloc(frame_len, NULL, GFP_ATOMIC);
607 24 : if (!frame)
608 : return NULL;
609 24 : quic_put_data(frame->data, buf, frame_len);
610 24 : stream->send.errcode = info->errcode; /* Update stream send error code. */
611 24 : frame->stream = stream;
612 :
613 : /* Clear active stream ID if this stream was active. */
614 24 : if (streams->send.active_stream_id == stream->id)
615 4 : streams->send.active_stream_id = -1;
616 :
617 : return frame;
618 : }
619 :
620 : /* rfc9000#section-19.5:
621 : *
622 : * STOP_SENDING Frame {
623 : * Type (i) = 0x05,
624 : * Stream ID (i),
625 : * Application Protocol Error Code (i),
626 : * }
627 : *
628 : * An endpoint uses a STOP_SENDING frame (type=0x05) to communicate that incoming data is being
629 : * discarded on receipt per application request. STOP_SENDING requests that a peer cease
630 : * transmission on a stream.
631 : */
632 8 : static struct quic_frame *quic_frame_stop_sending_create(struct sock *sk, void *data, u8 type)
633 : {
634 8 : struct quic_stream_table *streams = quic_streams(sk);
635 8 : struct quic_errinfo *info = data; /* Error info. */
636 8 : u8 *p, buf[QUIC_FRAME_BUF_SMALL];
637 8 : struct quic_stream *stream;
638 8 : struct quic_frame *frame;
639 8 : u32 frame_len;
640 :
641 8 : stream = quic_stream_find(streams, info->stream_id);
642 8 : WARN_ON(!stream);
643 :
644 8 : p = quic_put_var(buf, type);
645 8 : p = quic_put_var(p, info->stream_id);
646 8 : p = quic_put_var(p, info->errcode);
647 8 : frame_len = (u32)(p - buf);
648 :
649 8 : frame = quic_frame_alloc(frame_len, NULL, GFP_KERNEL);
650 8 : if (!frame)
651 : return NULL;
652 8 : quic_put_data(frame->data, buf, frame_len);
653 8 : stream->send.stop_sent = 1; /* Mark stop sent until it gets ACKed. */
654 8 : frame->stream = stream;
655 :
656 8 : return frame;
657 : }
658 :
659 : /* rfc9000#section-19.9:
660 : *
661 : * MAX_DATA Frame {
662 : * Type (i) = 0x10,
663 : * Maximum Data (i),
664 : * }
665 : *
666 : * A MAX_DATA frame (type=0x10) is used in flow control to inform the peer of the maximum amount
667 : * of data that can be sent on the connection as a whole.
668 : */
669 60670 : static struct quic_frame *quic_frame_max_data_create(struct sock *sk, void *data, u8 type)
670 : {
671 60670 : u8 *p, buf[QUIC_FRAME_BUF_SMALL];
672 60670 : struct quic_inqueue *inq = data;
673 60670 : struct quic_frame *frame;
674 60670 : u32 frame_len;
675 :
676 60670 : p = quic_put_var(buf, type);
677 60670 : p = quic_put_var(p, inq->max_bytes);
678 60670 : frame_len = (u32)(p - buf);
679 :
680 60670 : frame = quic_frame_alloc(frame_len, NULL, GFP_ATOMIC);
681 60670 : if (!frame)
682 : return NULL;
683 60670 : quic_put_data(frame->data, buf, frame_len);
684 :
685 60670 : return frame;
686 : }
687 :
688 : /* rfc9000#section-19.10:
689 : *
690 : * MAX_STREAM_DATA Frame {
691 : * Type (i) = 0x11,
692 : * Stream ID (i),
693 : * Maximum Stream Data (i),
694 : * }
695 : *
696 : * A MAX_STREAM_DATA frame (type=0x11) is used in flow control to inform a peer of the maximum
697 : * amount of data that can be sent on a stream.
698 : */
699 110213 : static struct quic_frame *quic_frame_max_stream_data_create(struct sock *sk, void *data, u8 type)
700 : {
701 110213 : struct quic_stream *stream = data;
702 110213 : u8 *p, buf[QUIC_FRAME_BUF_SMALL];
703 110213 : struct quic_frame *frame;
704 110213 : u32 frame_len;
705 :
706 110213 : p = quic_put_var(buf, type);
707 110213 : p = quic_put_var(p, stream->id);
708 110213 : p = quic_put_var(p, stream->recv.max_bytes);
709 110213 : frame_len = (u32)(p - buf);
710 :
711 110213 : frame = quic_frame_alloc(frame_len, NULL, GFP_ATOMIC);
712 110213 : if (!frame)
713 : return NULL;
714 110213 : quic_put_data(frame->data, buf, frame_len);
715 :
716 110213 : return frame;
717 : }
718 :
719 : /* rfc9000#section-19.11:
720 : *
721 : * MAX_STREAMS (_UNI or _BIDI) Frame {
722 : * Type (i) = 0x12..0x13,
723 : * Maximum Streams (i),
724 : * }
725 : *
726 : * A MAX_STREAMS frame (type=0x12 or 0x13) informs the peer of the cumulative number of streams
727 : * of a given type it is permitted to open. A MAX_STREAMS_BIDI frame applies to bidirectional
728 : * streams, and a MAX_STREAMS_UNI frame applies to unidirectional streams.
729 : */
730 142 : static struct quic_frame *quic_frame_max_streams_uni_create(struct sock *sk, void *data, u8 type)
731 : {
732 142 : u8 *p, buf[QUIC_FRAME_BUF_SMALL];
733 142 : struct quic_frame *frame;
734 142 : u64 *max = data;
735 142 : u32 frame_len;
736 :
737 142 : p = quic_put_var(buf, type);
738 142 : p = quic_put_var(p, *max);
739 142 : frame_len = (u32)(p - buf);
740 :
741 142 : frame = quic_frame_alloc(frame_len, NULL, GFP_ATOMIC);
742 142 : if (!frame)
743 : return NULL;
744 142 : quic_put_data(frame->data, buf, frame_len);
745 :
746 142 : return frame;
747 : }
748 :
749 : /* Similar to quic_frame_max_streams_uni_create(). */
750 691 : static struct quic_frame *quic_frame_max_streams_bidi_create(struct sock *sk, void *data, u8 type)
751 : {
752 691 : u8 *p, buf[QUIC_FRAME_BUF_SMALL];
753 691 : struct quic_frame *frame;
754 691 : u64 *max = data;
755 691 : u32 frame_len;
756 :
757 691 : p = quic_put_var(buf, type);
758 691 : p = quic_put_var(p, *max);
759 691 : frame_len = (u32)(p - buf);
760 :
761 691 : frame = quic_frame_alloc(frame_len, NULL, GFP_ATOMIC);
762 691 : if (!frame)
763 : return NULL;
764 691 : quic_put_data(frame->data, buf, frame_len);
765 :
766 691 : return frame;
767 : }
768 :
769 : /* rfc9000#section-19.19:
770 : *
771 : * CONNECTION_CLOSE or CONNECTION_CLOSE_APP Frame {
772 : * Type (i) = 0x1c..0x1d,
773 : * Error Code (i),
774 : * [Frame Type (i)],
775 : * Reason Phrase Length (i),
776 : * Reason Phrase (..),
777 : * }
778 : *
779 : * An endpoint sends a CONNECTION_CLOSE or CONNECTION_CLOSE_APP frame to notify its peer that
780 : * the connection is being closed. The CONNECTION_CLOSE frame is used to signal errors at only
781 : * the QUIC layer, or the absence of errors (with the NO_ERROR code). The CONNECTION_CLOSE_APP
782 : * is used to signal an error with the application that uses QUIC.
783 : */
784 617 : static struct quic_frame *quic_frame_connection_close_create(struct sock *sk, void *data, u8 type)
785 : {
786 617 : u8 *p, buf[QUIC_FRAME_BUF_LARGE], *phrase, *level = data;
787 617 : struct quic_outqueue *outq = quic_outq(sk);
788 617 : u32 frame_len, phrase_len = 0;
789 617 : struct quic_frame *frame;
790 :
791 617 : p = quic_put_var(buf, type);
792 617 : p = quic_put_var(p, outq->close_errcode);
793 :
794 617 : if (type == QUIC_FRAME_CONNECTION_CLOSE)
795 1 : p = quic_put_var(p, outq->close_frame);
796 :
797 617 : phrase = outq->close_phrase;
798 617 : if (phrase)
799 8 : phrase_len = strlen(phrase);
800 617 : p = quic_put_var(p, phrase_len);
801 617 : p = quic_put_data(p, phrase, phrase_len);
802 :
803 617 : frame_len = (u32)(p - buf);
804 :
805 617 : frame = quic_frame_alloc(frame_len, NULL, GFP_ATOMIC);
806 617 : if (!frame)
807 : return NULL;
808 617 : if (type == QUIC_FRAME_CONNECTION_CLOSE)
809 1 : QUIC_INC_STATS(sock_net(sk), QUIC_MIB_FRM_OUTCLOSES);
810 617 : frame->level = *level;
811 617 : quic_put_data(frame->data, buf, frame_len);
812 :
813 617 : return frame;
814 : }
815 :
816 : /* rfc9000#section-19.12:
817 : *
818 : * DATA_BLOCKED Frame {
819 : * Type (i) = 0x14,
820 : * Maximum Data (i),
821 : * }
822 : *
823 : * A sender SHOULD send a DATA_BLOCKED frame (type=0x14) when it wishes to send data but is
824 : * unable to do so due to connection-level flow control.
825 : */
826 0 : static struct quic_frame *quic_frame_data_blocked_create(struct sock *sk, void *data, u8 type)
827 : {
828 0 : struct quic_outqueue *outq = data;
829 0 : u8 *p, buf[QUIC_FRAME_BUF_SMALL];
830 0 : struct quic_frame *frame;
831 0 : u32 frame_len;
832 :
833 0 : p = quic_put_var(buf, type);
834 0 : p = quic_put_var(p, outq->max_bytes);
835 0 : frame_len = (u32)(p - buf);
836 :
837 0 : frame = quic_frame_alloc(frame_len, NULL, GFP_KERNEL);
838 0 : if (!frame)
839 : return NULL;
840 0 : quic_put_data(frame->data, buf, frame_len);
841 :
842 0 : return frame;
843 : }
844 :
845 : /* rfc9000#section-19.13:
846 : *
847 : * STREAM_DATA_BLOCKED Frame {
848 : * Type (i) = 0x15,
849 : * Stream ID (i),
850 : * Maximum Stream Data (i),
851 : * }
852 : *
853 : * A sender SHOULD send a STREAM_DATA_BLOCKED frame (type=0x15) when it wishes to send data but
854 : * is unable to do so due to stream-level flow control. This frame is analogous to DATA_BLOCKED.
855 : */
856 0 : static struct quic_frame *quic_frame_stream_data_blocked_create(struct sock *sk,
857 : void *data, u8 type)
858 : {
859 0 : struct quic_stream *stream = data;
860 0 : u8 *p, buf[QUIC_FRAME_BUF_SMALL];
861 0 : struct quic_frame *frame;
862 0 : u32 frame_len;
863 :
864 0 : p = quic_put_var(buf, type);
865 0 : p = quic_put_var(p, stream->id);
866 0 : p = quic_put_var(p, stream->send.max_bytes);
867 0 : frame_len = (u32)(p - buf);
868 :
869 0 : frame = quic_frame_alloc(frame_len, NULL, GFP_KERNEL);
870 0 : if (!frame)
871 : return NULL;
872 0 : quic_put_data(frame->data, buf, frame_len);
873 0 : frame->stream = stream;
874 :
875 0 : return frame;
876 : }
877 :
878 : /* rfc9000#section-19.14:
879 : *
880 : * STREAMS_BLOCKED (_UNI or _BIDI) Frame {
881 : * Type (i) = 0x16..0x17,
882 : * Maximum Streams (i),
883 : * }
884 : *
885 : * A sender SHOULD send a STREAMS_BLOCKED frame when it wishes to open a stream but is unable to
886 : * do so due to the maximum stream limit set by its peer. A STREAMS_BLOCKED_BIDI frame is used
887 : * to indicate reaching the bidirectional stream limit, and a STREAMS_BLOCKED_UNI frame is used
888 : * to indicate reaching the unidirectional stream limit.
889 : */
890 0 : static struct quic_frame *quic_frame_streams_blocked_uni_create(struct sock *sk,
891 : void *data, u8 type)
892 : {
893 0 : struct quic_stream_table *streams = quic_streams(sk);
894 0 : u8 *p, buf[QUIC_FRAME_BUF_SMALL];
895 0 : struct quic_frame *frame;
896 0 : s64 *max = data;
897 0 : u32 frame_len;
898 :
899 0 : p = quic_put_var(buf, type);
900 0 : p = quic_put_var(p, quic_stream_id_to_streams(*max));
901 0 : frame_len = (u32)(p - buf);
902 :
903 0 : frame = quic_frame_alloc(frame_len, NULL, GFP_KERNEL);
904 0 : if (!frame)
905 : return NULL;
906 0 : quic_put_data(frame->data, buf, frame_len);
907 0 : streams->send.uni_blocked = 1;
908 :
909 0 : return frame;
910 : }
911 :
912 : /* Similar to quic_frame_streams_blocked_uni_create(). */
913 0 : static struct quic_frame *quic_frame_streams_blocked_bidi_create(struct sock *sk,
914 : void *data, u8 type)
915 : {
916 0 : struct quic_stream_table *streams = quic_streams(sk);
917 0 : u8 *p, buf[QUIC_FRAME_BUF_SMALL];
918 0 : struct quic_frame *frame;
919 0 : s64 *max = data;
920 0 : u32 frame_len;
921 :
922 0 : p = quic_put_var(buf, type);
923 0 : p = quic_put_var(p, quic_stream_id_to_streams(*max));
924 0 : frame_len = (u32)(p - buf);
925 :
926 0 : frame = quic_frame_alloc(frame_len, NULL, GFP_KERNEL);
927 0 : if (!frame)
928 : return NULL;
929 0 : quic_put_data(frame->data, buf, frame_len);
930 0 : streams->send.bidi_blocked = 1;
931 :
932 0 : return frame;
933 : }
934 :
935 3544 : static int quic_frame_crypto_process(struct sock *sk, struct quic_frame *frame, u8 type)
936 : {
937 3544 : struct quic_frame *nframe;
938 3544 : u32 len = frame->len;
939 3544 : u8 *p = frame->data;
940 3544 : u64 offset, length;
941 3544 : int err;
942 :
943 3544 : if (!quic_get_var(&p, &len, &offset))
944 : return -EINVAL;
945 3544 : if (!quic_get_var(&p, &len, &length) || length > len)
946 : return -EINVAL;
947 :
948 : /* Allocate a new frame for the crypto payload. Avoid copying: reuse the existing
949 : * buffer by pointing to 'p' and holding the skb.
950 : */
951 3544 : nframe = quic_frame_alloc(length, p, GFP_ATOMIC);
952 3544 : if (!nframe)
953 : return -ENOMEM;
954 3544 : nframe->skb = skb_get(frame->skb);
955 :
956 3544 : nframe->offset = offset;
957 3544 : nframe->level = frame->level;
958 :
959 : /* Submit the CRYPTO frame to the inqueue for reassembly and processing. */
960 3544 : err = quic_inq_handshake_recv(sk, nframe);
961 3544 : if (err) {
962 0 : frame->errcode = nframe->errcode; /* Propagate error reason. */
963 0 : quic_frame_put(nframe);
964 0 : return err;
965 : }
966 3544 : len -= length;
967 : /* Return number of bytes consumed from the original frame. */
968 3544 : return (int)(frame->len - len);
969 : }
970 :
971 6370862 : static int quic_frame_stream_process(struct sock *sk, struct quic_frame *frame, u8 type)
972 : {
973 6370862 : struct quic_stream_table *streams = quic_streams(sk);
974 6370862 : u64 stream_id, payload_len, offset = 0;
975 6370862 : struct quic_stream *stream;
976 6370862 : struct quic_frame *nframe;
977 6370862 : u32 len = frame->len;
978 6370862 : u8 *p = frame->data;
979 6370862 : int err;
980 :
981 6370862 : if (!quic_get_var(&p, &len, &stream_id))
982 : return -EINVAL;
983 6370862 : if (type & QUIC_STREAM_BIT_OFF) {
984 6352909 : if (!quic_get_var(&p, &len, &offset))
985 : return -EINVAL;
986 : }
987 :
988 6370862 : payload_len = len;
989 6370862 : if (type & QUIC_STREAM_BIT_LEN) {
990 6328573 : if (!quic_get_var(&p, &len, &payload_len) || payload_len > len)
991 : return -EINVAL;
992 : }
993 :
994 : /* Look up the stream for receiving data (may create it if valid). */
995 6370862 : stream = quic_stream_recv_get(streams, (s64)stream_id, quic_is_serv(sk));
996 6370862 : if (IS_ERR(stream)) {
997 : /* rfc9000#section-4.6:
998 : *
999 : * An endpoint that receives a frame with a stream ID exceeding the limit it
1000 : * has sent MUST treat this as a connection error of type STREAM_LIMIT_ERROR.
1001 : *
1002 : * rfc9000#section-19.8:
1003 : *
1004 : * An endpoint MUST terminate the connection with error STREAM_STATE_ERROR if
1005 : * it receives a STREAM frame for a locally initiated stream that has not yet
1006 : * been created, or for a send-only stream.
1007 : */
1008 40 : err = PTR_ERR(stream);
1009 40 : if (err == -EAGAIN)
1010 0 : frame->errcode = QUIC_TRANSPORT_ERROR_STREAM_LIMIT;
1011 40 : else if (err != -ENOSTR)
1012 0 : frame->errcode = QUIC_TRANSPORT_ERROR_STREAM_STATE;
1013 40 : goto out; /* If stream is already released, skip processing. */
1014 : }
1015 :
1016 6370822 : if (stream->recv.state >= QUIC_STREAM_RECV_STATE_RECVD)
1017 223 : goto out; /* Skip if stream has already received all data or a reset. */
1018 :
1019 : /* Follows the same processing logic as quic_frame_crypto_process(). */
1020 6370599 : nframe = quic_frame_alloc(payload_len, p, GFP_ATOMIC);
1021 6370599 : if (!nframe)
1022 : return -ENOMEM;
1023 6370599 : nframe->skb = skb_get(frame->skb);
1024 :
1025 6370599 : nframe->offset = offset;
1026 6370599 : nframe->stream = stream;
1027 6370599 : nframe->stream_fin = (type & QUIC_STREAM_BIT_FIN);
1028 6370599 : nframe->level = frame->level;
1029 :
1030 6370599 : err = quic_inq_stream_recv(sk, nframe);
1031 6370599 : if (err) {
1032 0 : frame->errcode = nframe->errcode;
1033 0 : quic_frame_put(nframe);
1034 0 : return err;
1035 : }
1036 :
1037 6370599 : out:
1038 6370862 : len -= payload_len;
1039 6370862 : return (int)(frame->len - len);
1040 : }
1041 :
1042 384187 : static int quic_frame_ack_process(struct sock *sk, struct quic_frame *frame, u8 type)
1043 : {
1044 384187 : u64 largest, smallest, range, delay, count, gap, i, ecn_count[QUIC_ECN_MAX];
1045 384187 : u8 *p = frame->data, level = frame->level;
1046 384187 : struct quic_inqueue *inq = quic_inq(sk);
1047 384187 : struct quic_cong *cong = quic_cong(sk);
1048 384187 : struct quic_pnspace *space;
1049 384187 : u32 len = frame->len;
1050 :
1051 768374 : if (!quic_get_var(&p, &len, &largest) ||
1052 768374 : !quic_get_var(&p, &len, &delay) ||
1053 1152513 : !quic_get_var(&p, &len, &count) || count > QUIC_PN_MAX_GABS ||
1054 384139 : !quic_get_var(&p, &len, &range))
1055 48 : return -EINVAL;
1056 :
1057 384139 : space = quic_pnspace(sk, level);
1058 384139 : if ((s64)largest >= space->next_pn) {
1059 : /* rfc9000#section-13.1:
1060 : *
1061 : * An endpoint SHOULD treat receipt of an acknowledgment for a packet it did
1062 : * not send as a connection error of type PROTOCOL_VIOLATION, if it is able to
1063 : * detect the condition.
1064 : */
1065 0 : frame->errcode = QUIC_TRANSPORT_ERROR_PROTOCOL_VIOLATION;
1066 0 : return -EINVAL;
1067 : }
1068 :
1069 384139 : smallest = largest - range; /* rfc9000#section-19.3.1: smallest = largest - ack_range. */
1070 : /* Calculate ACK Delay, adjusted by the ACK delay exponent. */
1071 384139 : delay <<= inq->ack_delay_exponent;
1072 : /* ACK transmitted packets within [smallest, largest] range. */
1073 384139 : quic_outq_transmitted_sack(sk, level, (s64)largest, (s64)smallest, (s64)largest, delay);
1074 :
1075 810419 : for (i = 0; i < count; i++) {
1076 84280 : if (!quic_get_var(&p, &len, &gap) ||
1077 42140 : !quic_get_var(&p, &len, &range))
1078 0 : return -EINVAL;
1079 : /* rfc9000#section-19.3.1:
1080 : *
1081 : * smallest = largest - ack_range;
1082 : * argest = previous_smallest - gap - 2.
1083 : */
1084 42140 : largest = smallest - gap - 2;
1085 42140 : smallest = largest - range;
1086 42140 : quic_outq_transmitted_sack(sk, level, (s64)largest, (s64)smallest, -1, 0);
1087 : }
1088 :
1089 384140 : if (type == QUIC_FRAME_ACK_ECN) {
1090 765472 : if (!quic_get_var(&p, &len, &ecn_count[QUIC_ECN_ECT0]) ||
1091 765472 : !quic_get_var(&p, &len, &ecn_count[QUIC_ECN_ECT1]) ||
1092 382736 : !quic_get_var(&p, &len, &ecn_count[QUIC_ECN_CE]))
1093 0 : return -EINVAL;
1094 : /* If the ECN-CE counter reported by the peer has increased, this could be a
1095 : * new congestion event.
1096 : */
1097 382736 : if (quic_pnspace_set_ecn_count(space, ecn_count)) {
1098 0 : quic_cong_on_process_ecn(cong);
1099 0 : quic_outq_sync_window(sk, cong->window);
1100 : }
1101 : }
1102 :
1103 384140 : return (int)(frame->len - len);
1104 : }
1105 :
1106 5334 : static int quic_frame_new_conn_id_process(struct sock *sk, struct quic_frame *frame, u8 type)
1107 : {
1108 5334 : struct quic_conn_id_set *id_set = quic_dest(sk);
1109 5334 : u64 seqno, prior, length, first;
1110 5334 : u8 *p = frame->data, *token;
1111 5334 : struct quic_conn_id dcid;
1112 5334 : u32 len = frame->len;
1113 5334 : int err;
1114 :
1115 10668 : if (!quic_get_var(&p, &len, &seqno) ||
1116 10668 : !quic_get_var(&p, &len, &prior) ||
1117 5334 : !quic_get_var(&p, &len, &length) ||
1118 5334 : !length || length > QUIC_CONN_ID_MAX_LEN || length + QUIC_CONN_ID_TOKEN_LEN > len)
1119 0 : return -EINVAL;
1120 :
1121 10668 : memcpy(dcid.data, p, length);
1122 5334 : dcid.len = (u8)length;
1123 5334 : token = p + length;
1124 :
1125 5334 : if (prior > seqno) {
1126 : /* rfc9000#section-19.15:
1127 : *
1128 : * The value in the Retire Prior To field MUST be less than or equal to the value in
1129 : * the Sequence Number field. Receiving a value in the Retire Prior To field that is
1130 : * greater than that in the Sequence Number field MUST be treated as a connection
1131 : * error of type FRAME_ENCODING_ERROR.
1132 : */
1133 0 : frame->errcode = QUIC_TRANSPORT_ERROR_FRAME_ENCODING;
1134 0 : return -EINVAL;
1135 : }
1136 :
1137 5334 : first = quic_conn_id_first_number(id_set);
1138 5334 : if (seqno < first) /* This seqno was already used, skip processing. */
1139 3 : goto out;
1140 5331 : if (prior < first)
1141 30 : prior = first;
1142 5331 : if (seqno - prior + 1 > id_set->max_count) {
1143 : /* rfc9000#section-5.1.1:
1144 : *
1145 : * After processing a NEW_CONNECTION_ID frame and adding and retiring active
1146 : * connection IDs, if the number of active connection IDs exceeds the value
1147 : * advertised in its active_connection_id_limit transport parameter, an endpoint
1148 : * MUST close the connection with an error of type CONNECTION_ID_LIMIT_ERROR.
1149 : */
1150 0 : frame->errcode = QUIC_TRANSPORT_ERROR_CONNECTION_ID_LIMIT;
1151 0 : return -EINVAL;
1152 : }
1153 :
1154 5331 : err = quic_conn_id_add(id_set, &dcid, seqno, token);
1155 5331 : if (err)
1156 : return err;
1157 :
1158 5331 : if (prior > first) {
1159 : /* rfc9000#section-19.15:
1160 : *
1161 : * An endpoint that receives a NEW_CONNECTION_ID frame with a sequence number
1162 : * smaller than the Retire Prior To field of a previously received NEW_CONNECTION_ID
1163 : * frame MUST send a corresponding RETIRE_CONNECTION_ID frame that retires the newly
1164 : * received connection ID, unless it has already done so for that sequence number.
1165 : */
1166 77 : if (quic_outq_transmit_retire_conn_id(sk, prior, frame->path, true))
1167 : return -ENOMEM;
1168 : }
1169 :
1170 : /* If path migration is pending due to missing connection IDs, trigger probing on the
1171 : * alternate path to continue the migration.
1172 : */
1173 5331 : if (quic_path_alt_state(quic_paths(sk), QUIC_PATH_ALT_PENDING))
1174 0 : quic_outq_probe_path_alt(sk, true);
1175 :
1176 5331 : out:
1177 5334 : len -= (length + QUIC_CONN_ID_TOKEN_LEN);
1178 5334 : return (int)(frame->len - len);
1179 : }
1180 :
1181 128 : static int quic_frame_retire_conn_id_process(struct sock *sk, struct quic_frame *frame, u8 type)
1182 : {
1183 128 : struct quic_conn_id_set *id_set = quic_source(sk);
1184 128 : struct quic_connection_id_info info = {};
1185 128 : struct quic_conn_id *active;
1186 128 : u64 seqno, last, first;
1187 128 : u32 len = frame->len;
1188 128 : u8 *p = frame->data;
1189 :
1190 128 : if (!quic_get_var(&p, &len, &seqno))
1191 : return -EINVAL;
1192 :
1193 128 : first = quic_conn_id_first_number(id_set);
1194 128 : last = quic_conn_id_last_number(id_set);
1195 128 : if (seqno >= first) {
1196 118 : if (seqno >= last) {
1197 : /* rfc9000#section-19.16:
1198 : *
1199 : * Receipt of a RETIRE_CONNECTION_ID frame containing a sequence number
1200 : * greater than any previously sent to the peer MUST be treated as a
1201 : * connection error of type PROTOCOL_VIOLATION.
1202 : */
1203 0 : frame->errcode = QUIC_TRANSPORT_ERROR_PROTOCOL_VIOLATION;
1204 0 : return -EINVAL;
1205 : }
1206 :
1207 : /* Notify application of connection IDs change. */
1208 118 : quic_conn_id_remove(id_set, seqno);
1209 118 : first = quic_conn_id_first_number(id_set);
1210 118 : info.prior_to = first;
1211 118 : active = quic_conn_id_active(id_set);
1212 118 : info.active = quic_conn_id_number(active);
1213 118 : quic_inq_event_recv(sk, QUIC_EVENT_CONNECTION_ID, &info);
1214 : }
1215 :
1216 : /* rfc9000#section-5.1.2:
1217 : *
1218 : * Sending a RETIRE_CONNECTION_ID frame indicates that the connection ID will not be
1219 : * used again and requests that the peer replace it with a new connection ID using a
1220 : * NEW_CONNECTION_ID frame.
1221 : */
1222 128 : if (quic_outq_transmit_new_conn_id(sk, first, frame->path, true))
1223 : return -ENOMEM;
1224 128 : return (int)(frame->len - len);
1225 : }
1226 :
1227 467 : static int quic_frame_new_token_process(struct sock *sk, struct quic_frame *frame, u8 type)
1228 : {
1229 467 : struct quic_data *token = quic_token(sk);
1230 467 : u32 len = frame->len;
1231 467 : u8 *p = frame->data;
1232 467 : u64 length;
1233 :
1234 467 : if (quic_is_serv(sk)) {
1235 : /* rfc9000#section-19.7:
1236 : *
1237 : * A server MUST treat receipt of a NEW_TOKEN frame as a connection error of
1238 : * type PROTOCOL_VIOLATION.
1239 : */
1240 0 : frame->errcode = QUIC_TRANSPORT_ERROR_PROTOCOL_VIOLATION;
1241 0 : return -EINVAL;
1242 : }
1243 :
1244 467 : if (!quic_get_var(&p, &len, &length) || length > len || length > QUIC_TOKEN_MAX_LEN)
1245 : return -EINVAL;
1246 :
1247 : /* Store the token internally so user space can retrieve it via getsockopt(). */
1248 467 : if (quic_data_dup(token, p, length))
1249 : return -ENOMEM;
1250 : /* Notify upper layers that a valid NEW_TOKEN was received. */
1251 467 : quic_inq_event_recv(sk, QUIC_EVENT_NEW_TOKEN, token);
1252 :
1253 467 : len -= length;
1254 467 : return (int)(frame->len - len);
1255 : }
1256 :
1257 592 : static int quic_frame_handshake_done_process(struct sock *sk, struct quic_frame *frame, u8 type)
1258 : {
1259 592 : struct quic_path_group *paths = quic_paths(sk);
1260 :
1261 592 : if (quic_is_serv(sk)) {
1262 : /* rfc9000#section-19.20:
1263 : *
1264 : * A server MUST treat receipt of a HANDSHAKE_DONE frame as a connection error
1265 : * of type PROTOCOL_VIOLATION.
1266 : */
1267 0 : frame->errcode = QUIC_TRANSPORT_ERROR_PROTOCOL_VIOLATION;
1268 0 : return -EINVAL;
1269 : }
1270 :
1271 : /* Handshake is complete and clean up transmitted handshake packets. */
1272 592 : quic_outq_transmitted_sack(sk, QUIC_CRYPTO_HANDSHAKE, QUIC_PN_MAP_MAX_PN, 0, -1, 0);
1273 :
1274 592 : if (paths->pref_addr) {
1275 : /* Initiate probing on the new path to validate it (e.g., send PATH_CHALLENGE).
1276 : * This starts the connection migration procedure.
1277 : */
1278 28 : quic_outq_probe_path_alt(sk, true);
1279 28 : paths->pref_addr = 0;
1280 : }
1281 : return 0;
1282 : }
1283 :
1284 22727 : static int quic_frame_padding_process(struct sock *sk, struct quic_frame *frame, u8 type)
1285 : {
1286 22727 : u8 *p = frame->data;
1287 :
1288 : /* Some implementations put the PADDING frame ahead of other frames. We need to skip over
1289 : * zero bytes and find the first non-zero byte, which marks the start of the next frame.
1290 : */
1291 2706229 : for (; !(*p) && p != frame->data + frame->len; p++)
1292 : ;
1293 22727 : return (int)(p - frame->data);
1294 : }
1295 :
1296 3113 : static int quic_frame_ping_process(struct sock *sk, struct quic_frame *frame, u8 type)
1297 : {
1298 3113 : return 0; /* No content. */
1299 : }
1300 :
1301 285 : static int quic_frame_path_challenge_process(struct sock *sk, struct quic_frame *frame, u8 type)
1302 : {
1303 285 : u8 entropy[QUIC_PATH_ENTROPY_LEN];
1304 285 : u32 len = frame->len;
1305 :
1306 285 : if (len < QUIC_PATH_ENTROPY_LEN)
1307 : return -EINVAL;
1308 : /* rfc9000#section-19.17:
1309 : *
1310 : * The recipient of this frame MUST generate a PATH_RESPONSE frame containing the same
1311 : * Data value.
1312 : */
1313 285 : memcpy(entropy, frame->data, QUIC_PATH_ENTROPY_LEN);
1314 285 : if (quic_outq_transmit_frame(sk, QUIC_FRAME_PATH_RESPONSE, entropy, frame->path, true))
1315 : return -ENOMEM;
1316 :
1317 285 : len -= QUIC_PATH_ENTROPY_LEN;
1318 285 : return (int)(frame->len - len);
1319 : }
1320 :
1321 24 : static int quic_frame_reset_stream_process(struct sock *sk, struct quic_frame *frame, u8 type)
1322 : {
1323 24 : struct quic_stream_table *streams = quic_streams(sk);
1324 24 : struct quic_stream_update update = {};
1325 24 : u64 stream_id, errcode, finalsz;
1326 24 : struct quic_stream *stream;
1327 24 : u32 len = frame->len;
1328 24 : u8 *p = frame->data;
1329 24 : int err;
1330 :
1331 48 : if (!quic_get_var(&p, &len, &stream_id) ||
1332 48 : !quic_get_var(&p, &len, &errcode) ||
1333 24 : !quic_get_var(&p, &len, &finalsz))
1334 0 : return -EINVAL;
1335 :
1336 24 : stream = quic_stream_recv_get(streams, (s64)stream_id, quic_is_serv(sk));
1337 24 : if (IS_ERR(stream)) {
1338 : /* rfc9000#section-19.4:
1339 : *
1340 : * An endpoint that receives a RESET_STREAM frame for a send-only stream MUST
1341 : * terminate the connection with error STREAM_STATE_ERROR.
1342 : */
1343 0 : err = PTR_ERR(stream);
1344 0 : if (err == -EAGAIN)
1345 0 : frame->errcode = QUIC_TRANSPORT_ERROR_STREAM_LIMIT;
1346 0 : else if (err != -ENOSTR)
1347 0 : frame->errcode = QUIC_TRANSPORT_ERROR_STREAM_STATE;
1348 0 : goto out;
1349 : }
1350 :
1351 24 : if (stream->recv.state >= QUIC_STREAM_RECV_STATE_RECVD)
1352 0 : goto out; /* Skip if stream has already received all data or a reset. */
1353 :
1354 24 : if (finalsz < stream->recv.highest ||
1355 24 : (stream->recv.finalsz && stream->recv.finalsz != finalsz)) {
1356 : /* rfc9000#section-4.5:
1357 : *
1358 : * Once a final size for a stream is known, it cannot change. If a RESET_STREAM or
1359 : * STREAM frame is received indicating a change in the final size for the stream, an
1360 : * endpoint SHOULD respond with an error of type FINAL_SIZE_ERROR.
1361 : */
1362 0 : frame->errcode = QUIC_TRANSPORT_ERROR_FINAL_SIZE;
1363 0 : return -EINVAL;
1364 : }
1365 :
1366 : /* Notify that stream has received a reset. */
1367 24 : update.id = (s64)stream_id;
1368 24 : update.state = QUIC_STREAM_RECV_STATE_RESET_RECVD;
1369 24 : update.errcode = errcode;
1370 24 : update.finalsz = finalsz;
1371 24 : quic_inq_event_recv(sk, QUIC_EVENT_STREAM_UPDATE, &update);
1372 :
1373 : /* rfc9000#section-3.2:
1374 : *
1375 : * Receiving a RESET_STREAM frame in the "Recv" or "Size Known" state causes the stream to
1376 : * enter the "Reset Recvd" state.
1377 : */
1378 24 : stream->recv.state = update.state;
1379 24 : stream->recv.finalsz = update.finalsz;
1380 :
1381 : /* rfc9000#section-19.4:
1382 : *
1383 : * A receiver of RESET_STREAM can discard any data that it already received on that stream.
1384 : */
1385 24 : quic_inq_stream_list_purge(sk, stream);
1386 24 : quic_stream_recv_put(streams, stream, quic_is_serv(sk)); /* Release the receive stream. */
1387 24 : out:
1388 24 : return (int)(frame->len - len);
1389 : }
1390 :
1391 8 : static int quic_frame_stop_sending_process(struct sock *sk, struct quic_frame *frame, u8 type)
1392 : {
1393 8 : struct quic_stream_table *streams = quic_streams(sk);
1394 8 : struct quic_stream_update update = {};
1395 8 : struct quic_stream *stream;
1396 8 : struct quic_errinfo info;
1397 8 : u64 stream_id, errcode;
1398 8 : u32 len = frame->len;
1399 8 : u8 *p = frame->data;
1400 8 : int err;
1401 :
1402 16 : if (!quic_get_var(&p, &len, &stream_id) ||
1403 8 : !quic_get_var(&p, &len, &errcode))
1404 0 : return -EINVAL;
1405 :
1406 8 : stream = quic_stream_send_get(streams, (s64)stream_id, 0, quic_is_serv(sk));
1407 8 : if (IS_ERR(stream)) {
1408 : /* rfc9000#section-19.5:
1409 : *
1410 : * Receiving a STOP_SENDING frame for a locally initiated stream that has not yet
1411 : * been created MUST be treated as a connection error of type STREAM_STATE_ERROR.
1412 : * An endpoint that receives a STOP_SENDING frame for a receive-only stream MUST
1413 : * terminate the connection with error STREAM_STATE_ERROR.
1414 : */
1415 0 : err = PTR_ERR(stream);
1416 0 : if (err == -EAGAIN)
1417 0 : frame->errcode = QUIC_TRANSPORT_ERROR_STREAM_LIMIT;
1418 0 : else if (err != -ENOSTR)
1419 0 : frame->errcode = QUIC_TRANSPORT_ERROR_STREAM_STATE;
1420 0 : return err;
1421 : }
1422 :
1423 : /* rfc9000#section-3.1:
1424 : *
1425 : * Alternatively, an endpoint might receive a STOP_SENDING frame from its peer. In either
1426 : * case, the endpoint sends a RESET_STREAM frame, which causes the stream to enter the
1427 : * "Reset Sent" state.
1428 : */
1429 8 : info.stream_id = (s64)stream_id;
1430 8 : info.errcode = errcode;
1431 8 : if (quic_outq_transmit_frame(sk, QUIC_FRAME_RESET_STREAM, &info, 0, true))
1432 : return -ENOMEM;
1433 :
1434 : /* Notify that stream has received a stop_sending and sent a reset. */
1435 8 : update.id = (s64)stream_id;
1436 8 : update.state = QUIC_STREAM_SEND_STATE_RESET_SENT;
1437 8 : update.errcode = errcode;
1438 8 : quic_inq_event_recv(sk, QUIC_EVENT_STREAM_UPDATE, &update);
1439 :
1440 8 : stream->send.state = update.state;
1441 8 : quic_outq_stream_list_purge(sk, stream);
1442 8 : return (int)(frame->len - len);
1443 : }
1444 :
1445 67357 : static int quic_frame_max_data_process(struct sock *sk, struct quic_frame *frame, u8 type)
1446 : {
1447 67357 : struct quic_outqueue *outq = quic_outq(sk);
1448 67357 : u32 len = frame->len;
1449 67357 : u8 *p = frame->data;
1450 67357 : u64 max_bytes;
1451 :
1452 67357 : if (!quic_get_var(&p, &len, &max_bytes))
1453 : return -EINVAL;
1454 :
1455 67357 : if (max_bytes > outq->max_bytes) {
1456 : /* Update only if the peer increases the allowed send data. Wake up processes
1457 : * blocked while attempting to send more data.
1458 : */
1459 67342 : outq->max_bytes = max_bytes;
1460 67342 : sk->sk_write_space(sk);
1461 : }
1462 :
1463 67357 : return (int)(frame->len - len);
1464 : }
1465 :
1466 115179 : static int quic_frame_max_stream_data_process(struct sock *sk, struct quic_frame *frame, u8 type)
1467 : {
1468 115179 : struct quic_stream_table *streams = quic_streams(sk);
1469 115179 : struct quic_stream_max_data data;
1470 115179 : struct quic_stream *stream;
1471 115179 : u64 max_bytes, stream_id;
1472 115179 : u32 len = frame->len;
1473 115179 : u8 *p = frame->data;
1474 115179 : int err;
1475 :
1476 230358 : if (!quic_get_var(&p, &len, &stream_id) ||
1477 115179 : !quic_get_var(&p, &len, &max_bytes))
1478 0 : return -EINVAL;
1479 :
1480 115179 : stream = quic_stream_send_get(streams, (s64)stream_id, 0, quic_is_serv(sk));
1481 115179 : if (IS_ERR(stream)) {
1482 : /* rfc9000#section-19.10:
1483 : *
1484 : * Receiving a MAX_STREAM_DATA frame for a locally initiated stream that has not yet
1485 : * been created MUST be treated as a connection error of type STREAM_STATE_ERROR. An
1486 : * endpoint that receives a MAX_STREAM_DATA frame for a receive-only stream MUST
1487 : * terminate the connection with error STREAM_STATE_ERROR.
1488 : */
1489 0 : err = PTR_ERR(stream);
1490 0 : if (err == -EAGAIN)
1491 0 : frame->errcode = QUIC_TRANSPORT_ERROR_STREAM_LIMIT;
1492 0 : else if (err != -ENOSTR)
1493 0 : frame->errcode = QUIC_TRANSPORT_ERROR_STREAM_STATE;
1494 0 : return err;
1495 : }
1496 :
1497 115179 : if (max_bytes > stream->send.max_bytes) {
1498 : /* Update only if the peer increases the allowed send data. Wake up processes
1499 : * blocked while attempting to send more data.
1500 : */
1501 115152 : stream->send.max_bytes = max_bytes;
1502 115152 : sk->sk_write_space(sk);
1503 : /* Notify the application of updated per-stream flow control. This is useful for
1504 : * userspace to prioritize or schedule data transmission across multiple streams.
1505 : */
1506 115152 : data.id = stream->id;
1507 115152 : data.max_data = max_bytes;
1508 115152 : quic_inq_event_recv(sk, QUIC_EVENT_STREAM_MAX_DATA, &data);
1509 : }
1510 :
1511 115179 : return (int)(frame->len - len);
1512 : }
1513 :
1514 138 : static int quic_frame_max_streams_uni_process(struct sock *sk, struct quic_frame *frame, u8 type)
1515 : {
1516 138 : struct quic_stream_table *streams = quic_streams(sk);
1517 138 : s64 stream_id = streams->send.max_uni_stream_id;
1518 138 : u32 len = frame->len;
1519 138 : u8 *p = frame->data;
1520 138 : u64 max;
1521 :
1522 138 : if (!quic_get_var(&p, &len, &max))
1523 : return -EINVAL;
1524 :
1525 : /* rfc9000#section-19.11:
1526 : *
1527 : * Loss or reordering can cause an endpoint to receive a MAX_STREAMS frame with a lower
1528 : * stream limit than was previously received. MAX_STREAMS frames that do not increase the
1529 : * stream limit MUST be ignored.
1530 : */
1531 138 : if (max <= quic_stream_id_to_streams(stream_id))
1532 0 : goto out;
1533 :
1534 138 : type = QUIC_STREAM_TYPE_CLIENT_UNI;
1535 138 : if (quic_is_serv(sk))
1536 52 : type = QUIC_STREAM_TYPE_SERVER_UNI;
1537 : /* Notify the application of updated maximum uni-directional stream ID allowed to open. */
1538 138 : stream_id = quic_stream_streams_to_id(max, type);
1539 138 : quic_inq_event_recv(sk, QUIC_EVENT_STREAM_MAX_STREAM, &stream_id);
1540 :
1541 138 : streams->send.max_uni_stream_id = stream_id;
1542 138 : sk->sk_write_space(sk); /* Wake up processes blocked while attempting to open a stream. */
1543 138 : out:
1544 138 : return (int)(frame->len - len);
1545 : }
1546 :
1547 1128 : static int quic_frame_max_streams_bidi_process(struct sock *sk, struct quic_frame *frame, u8 type)
1548 : {
1549 1128 : struct quic_stream_table *streams = quic_streams(sk);
1550 1128 : u32 len = frame->len;
1551 1128 : u8 *p = frame->data;
1552 1128 : s64 stream_id;
1553 1128 : u64 max;
1554 :
1555 1128 : if (!quic_get_var(&p, &len, &max))
1556 : return -EINVAL;
1557 :
1558 : /* Similar to quic_frame_max_streams_uni_process(), but applies to bidirectional streams. */
1559 1128 : stream_id = streams->send.max_bidi_stream_id;
1560 1128 : if (max <= quic_stream_id_to_streams(stream_id))
1561 0 : goto out;
1562 :
1563 1128 : type = QUIC_STREAM_TYPE_CLIENT_BIDI;
1564 1128 : if (quic_is_serv(sk))
1565 0 : type = QUIC_STREAM_TYPE_SERVER_BIDI;
1566 1128 : stream_id = quic_stream_streams_to_id(max, type);
1567 1128 : quic_inq_event_recv(sk, QUIC_EVENT_STREAM_MAX_STREAM, &stream_id);
1568 :
1569 1128 : streams->send.max_bidi_stream_id = stream_id;
1570 1128 : sk->sk_write_space(sk);
1571 1128 : out:
1572 1128 : return (int)(frame->len - len);
1573 : }
1574 :
1575 365 : static int quic_frame_connection_close_process(struct sock *sk, struct quic_frame *frame, u8 type)
1576 : {
1577 365 : u8 *p = frame->data, buf[QUIC_FRAME_BUF_LARGE] = {};
1578 365 : struct quic_connection_close *close;
1579 365 : u64 err_code, phrase_len, ftype = 0;
1580 365 : u32 len = frame->len;
1581 :
1582 365 : if (!quic_get_var(&p, &len, &err_code))
1583 : return -EINVAL;
1584 365 : if (type == QUIC_FRAME_CONNECTION_CLOSE && !quic_get_var(&p, &len, &ftype))
1585 : return -EINVAL;
1586 365 : if (type == QUIC_FRAME_CONNECTION_CLOSE_APP && frame->level != QUIC_CRYPTO_APP)
1587 : return -EINVAL;
1588 :
1589 365 : if (!quic_get_var(&p, &len, &phrase_len) || phrase_len > len)
1590 : return -EINVAL;
1591 :
1592 : /* Notify that the peer closed the connection and provided error information. */
1593 365 : close = (void *)buf;
1594 365 : if (phrase_len) {
1595 93 : if (phrase_len > QUIC_CLOSE_PHRASE_MAX_LEN)
1596 : return -EINVAL;
1597 186 : memcpy(close->phrase, p, phrase_len);
1598 : }
1599 365 : if (type == QUIC_FRAME_CONNECTION_CLOSE)
1600 104 : QUIC_INC_STATS(sock_net(sk), QUIC_MIB_FRM_INCLOSES);
1601 365 : close->errcode = err_code;
1602 365 : close->frame = (u8)ftype;
1603 365 : quic_inq_event_recv(sk, QUIC_EVENT_CONNECTION_CLOSE, close);
1604 :
1605 365 : quic_set_state(sk, QUIC_SS_CLOSED);
1606 365 : pr_debug("%s: errcode: %d, frame: %d\n", __func__, close->errcode, close->frame);
1607 :
1608 365 : len -= phrase_len;
1609 365 : return (int)(frame->len - len);
1610 : }
1611 :
1612 48 : static int quic_frame_data_blocked_process(struct sock *sk, struct quic_frame *frame, u8 type)
1613 : {
1614 48 : struct quic_inqueue *inq = quic_inq(sk);
1615 48 : u64 window, max_bytes, recv_max_bytes;
1616 48 : u32 len = frame->len;
1617 48 : u8 *p = frame->data;
1618 :
1619 48 : if (!quic_get_var(&p, &len, &max_bytes))
1620 : return -EINVAL;
1621 48 : recv_max_bytes = inq->max_bytes;
1622 :
1623 : /* rfc9000#section-19.12:
1624 : *
1625 : * DATA_BLOCKED frames can be used as input to tuning of flow control algorithms.
1626 : *
1627 : * Similar to quic_inq_flow_control(), but MAX_DATA is sent unconditionally.
1628 : */
1629 48 : window = inq->max_data;
1630 48 : if (sk_under_memory_pressure(sk))
1631 0 : window >>= 1;
1632 :
1633 48 : inq->max_bytes = inq->bytes + window;
1634 48 : if (quic_outq_transmit_frame(sk, QUIC_FRAME_MAX_DATA, inq, 0, true)) {
1635 : /* If sending fails, restore previous max_bytes value. */
1636 0 : inq->max_bytes = recv_max_bytes;
1637 0 : return -ENOMEM;
1638 : }
1639 48 : return (int)(frame->len - len);
1640 : }
1641 :
1642 1140 : static int quic_frame_stream_data_blocked_process(struct sock *sk, struct quic_frame *frame,
1643 : u8 type)
1644 : {
1645 1140 : struct quic_stream_table *streams = quic_streams(sk);
1646 1140 : u64 stream_id, max_bytes, recv_max_bytes;
1647 1140 : u32 window, len = frame->len;
1648 1140 : struct quic_stream *stream;
1649 1140 : u8 *p = frame->data;
1650 1140 : int err;
1651 :
1652 2280 : if (!quic_get_var(&p, &len, &stream_id) ||
1653 1140 : !quic_get_var(&p, &len, &max_bytes))
1654 0 : return -EINVAL;
1655 :
1656 1140 : stream = quic_stream_recv_get(streams, (s64)stream_id, quic_is_serv(sk));
1657 1140 : if (IS_ERR(stream)) {
1658 : /* rfc9000#section-19.13:
1659 : *
1660 : * An endpoint that receives a STREAM_DATA_BLOCKED frame for a send-only stream
1661 : * MUST terminate the connection with error STREAM_STATE_ERROR.
1662 : */
1663 0 : err = PTR_ERR(stream);
1664 0 : if (err == -EAGAIN)
1665 0 : frame->errcode = QUIC_TRANSPORT_ERROR_STREAM_LIMIT;
1666 0 : else if (err != -ENOSTR)
1667 0 : frame->errcode = QUIC_TRANSPORT_ERROR_STREAM_STATE;
1668 0 : goto out;
1669 : }
1670 :
1671 1140 : if (stream->recv.state >= QUIC_STREAM_RECV_STATE_RECVD)
1672 0 : goto out; /* Skip if stream has already received all data or a reset. */
1673 :
1674 : /* Follows the same processing logic as quic_frame_data_blocked_process(). */
1675 1140 : window = stream->recv.window;
1676 1140 : if (sk_under_memory_pressure(sk))
1677 0 : window >>= 1;
1678 :
1679 1140 : recv_max_bytes = stream->recv.max_bytes;
1680 1140 : stream->recv.max_bytes = stream->recv.bytes + window;
1681 1140 : if (quic_outq_transmit_frame(sk, QUIC_FRAME_MAX_STREAM_DATA, stream, 0, true)) {
1682 0 : stream->recv.max_bytes = recv_max_bytes;
1683 0 : return -ENOMEM;
1684 : }
1685 1140 : out:
1686 1140 : return (int)(frame->len - len);
1687 : }
1688 :
1689 0 : static int quic_frame_streams_blocked_uni_process(struct sock *sk, struct quic_frame *frame,
1690 : u8 type)
1691 : {
1692 0 : struct quic_stream_table *streams = quic_streams(sk);
1693 0 : s64 stream_id = streams->send.max_uni_stream_id;
1694 0 : u32 len = frame->len;
1695 0 : u8 *p = frame->data;
1696 0 : u64 max;
1697 :
1698 0 : if (!quic_get_var(&p, &len, &max))
1699 : return -EINVAL;
1700 0 : if (max > quic_stream_id_to_streams(stream_id))
1701 0 : goto out; /* Ignore if peer requests more streams than currently allowed. */
1702 : /* Respond with a MAX_STREAMS_UNI frame to inform the peer of the current limit. */
1703 0 : max = quic_stream_id_to_streams(stream_id);
1704 0 : if (quic_outq_transmit_frame(sk, QUIC_FRAME_MAX_STREAMS_UNI, &max, 0, true))
1705 : return -ENOMEM;
1706 0 : out:
1707 0 : return (int)(frame->len - len);
1708 : }
1709 :
1710 2 : static int quic_frame_streams_blocked_bidi_process(struct sock *sk, struct quic_frame *frame,
1711 : u8 type)
1712 : {
1713 2 : struct quic_stream_table *streams = quic_streams(sk);
1714 2 : u32 len = frame->len;
1715 2 : u8 *p = frame->data;
1716 2 : s64 stream_id;
1717 2 : u64 max;
1718 :
1719 2 : if (!quic_get_var(&p, &len, &max))
1720 : return -EINVAL;
1721 : /* Follows the same processing logic as quic_frame_streams_blocked_uni_process(). */
1722 2 : stream_id = streams->recv.max_bidi_stream_id;
1723 2 : if (max > quic_stream_id_to_streams(stream_id))
1724 0 : goto out;
1725 2 : max = quic_stream_id_to_streams(stream_id);
1726 2 : if (quic_outq_transmit_frame(sk, QUIC_FRAME_MAX_STREAMS_BIDI, &max, 0, true))
1727 : return -ENOMEM;
1728 2 : out:
1729 2 : return (int)(frame->len - len);
1730 : }
1731 :
1732 247 : static int quic_frame_path_response_process(struct sock *sk, struct quic_frame *frame, u8 type)
1733 : {
1734 247 : struct quic_path_group *paths = quic_paths(sk);
1735 247 : u8 local, entropy[QUIC_PATH_ENTROPY_LEN];
1736 247 : u32 len = frame->len;
1737 :
1738 247 : if (len < 8)
1739 : return -EINVAL;
1740 :
1741 : /* Verify path challenge entropy. */
1742 247 : memcpy(entropy, frame->data, QUIC_PATH_ENTROPY_LEN);
1743 494 : if (memcmp(paths->entropy, entropy, QUIC_PATH_ENTROPY_LEN))
1744 0 : goto out;
1745 :
1746 : /* Peer's application key is ready and clean up transmitted handshake packets. */
1747 247 : quic_outq_transmitted_sack(sk, QUIC_CRYPTO_HANDSHAKE, QUIC_PN_MAP_MAX_PN, 0, -1, 0);
1748 :
1749 247 : if (!quic_path_alt_state(paths, QUIC_PATH_ALT_PROBING))
1750 150 : goto out;
1751 :
1752 : /* If this was a probe for connection migration, Promotes the alternate path (path[1])
1753 : * to become the new active path.
1754 : */
1755 97 : quic_path_swap(paths);
1756 97 : quic_set_sk_addr(sk, quic_path_saddr(paths, 0), 1);
1757 97 : quic_set_sk_addr(sk, quic_path_daddr(paths, 0), 0);
1758 : /* Notify application of updated path; indicate whether it is a local address change. */
1759 97 : local = !quic_cmp_sk_addr(sk, quic_path_saddr(paths, 1), quic_path_saddr(paths, 0));
1760 97 : quic_inq_event_recv(sk, QUIC_EVENT_CONNECTION_MIGRATION, &local);
1761 :
1762 : /* Update path ID for all control and transmitted frames, reset route, and use the
1763 : * active connection ID for the new path.
1764 : */
1765 97 : frame->path = 0;
1766 97 : __sk_dst_reset(sk);
1767 97 : quic_outq_update_path(sk, 0);
1768 97 : quic_conn_id_swap_active(quic_dest(sk));
1769 :
1770 247 : out:
1771 247 : len -= 8;
1772 247 : return (int)(frame->len - len);
1773 : }
1774 :
1775 0 : static struct quic_frame *quic_frame_invalid_create(struct sock *sk, void *data, u8 type)
1776 : {
1777 0 : return NULL;
1778 : }
1779 :
1780 : /* rfc9221#section-4:
1781 : *
1782 : * DATAGRAM or DATAGRAM_LEN Frame {
1783 : * Type (i) = 0x30..0x31,
1784 : * [Length (i)],
1785 : * Datagram Data (..),
1786 : * }
1787 : *
1788 : * DATAGRAM frames are used to transmit application data in an unreliable manner. There is a
1789 : * Length field present in DATAGRAM_LEN Frame.
1790 : */
1791 12 : static struct quic_frame *quic_frame_datagram_create(struct sock *sk, void *data, u8 type)
1792 : {
1793 12 : u32 msg_len, hlen = 1, frame_len, max_frame_len;
1794 12 : struct iov_iter *msg = data;
1795 12 : struct quic_frame *frame;
1796 12 : u8 *p;
1797 :
1798 12 : max_frame_len = quic_packet_max_payload_dgram(quic_packet(sk)); /* MSS for dgram. */
1799 12 : hlen += quic_var_len(max_frame_len);
1800 :
1801 : /* rfc9221#section-5:
1802 : *
1803 : * DATAGRAM frames cannot be fragmented; therefore, application protocols need to handle
1804 : * cases where the maximum datagram size is limited by other factors.
1805 : */
1806 12 : msg_len = iov_iter_count(msg);
1807 12 : if (msg_len > max_frame_len - hlen)
1808 : return NULL;
1809 :
1810 8 : frame = quic_frame_alloc(msg_len + hlen, NULL, GFP_ATOMIC);
1811 8 : if (!frame)
1812 : return NULL;
1813 :
1814 8 : p = quic_put_var(frame->data, type);
1815 : /* To make things simple, only create DATAGRAM_LEN frame with Length encoded. */
1816 8 : p = quic_put_var(p, msg_len);
1817 :
1818 8 : if (!quic_frame_copy_from_iter_full(p, msg_len, msg)) {
1819 0 : quic_frame_put(frame);
1820 0 : return NULL;
1821 : }
1822 8 : p += msg_len;
1823 8 : frame_len = (u32)(p - frame->data);
1824 :
1825 8 : frame->bytes = (u16)msg_len;
1826 8 : frame->len = (u16)frame_len;
1827 8 : frame->size = frame->len;
1828 8 : frame->dgram = 1;
1829 :
1830 8 : return frame;
1831 : }
1832 :
1833 0 : static int quic_frame_invalid_process(struct sock *sk, struct quic_frame *frame, u8 type)
1834 : {
1835 : /* rfc9000#section-12.4:
1836 : *
1837 : * An endpoint MUST treat the receipt of a frame of unknown type as a connection error of
1838 : * type FRAME_ENCODING_ERROR.
1839 : */
1840 0 : frame->errcode = QUIC_TRANSPORT_ERROR_FRAME_ENCODING;
1841 0 : return -EPROTONOSUPPORT;
1842 : }
1843 :
1844 8 : static int quic_frame_datagram_process(struct sock *sk, struct quic_frame *frame, u8 type)
1845 : {
1846 8 : struct quic_inqueue *inq = quic_inq(sk);
1847 8 : struct quic_frame *nframe;
1848 8 : u32 len = frame->len;
1849 8 : u8 *p = frame->data;
1850 8 : u64 payload_len;
1851 8 : int err;
1852 :
1853 8 : payload_len = frame->len;
1854 8 : if (type == QUIC_FRAME_DATAGRAM_LEN) {
1855 8 : if (!quic_get_var(&p, &len, &payload_len) || payload_len > len)
1856 : return -EINVAL;
1857 : }
1858 :
1859 : /* rfc9221#section-3:
1860 : *
1861 : * An endpoint that receives a DATAGRAM frame that is larger than the value it sent in
1862 : * its max_datagram_frame_size transport parameter MUST terminate the connection with
1863 : * an error of type PROTOCOL_VIOLATION.
1864 : */
1865 8 : if (payload_len + (p - frame->data) + 1 > inq->max_datagram_frame_size) {
1866 0 : frame->errcode = QUIC_TRANSPORT_ERROR_PROTOCOL_VIOLATION;
1867 0 : return -EINVAL;
1868 : }
1869 :
1870 : /* Follows the same processing logic as quic_frame_crypto_process(). */
1871 8 : nframe = quic_frame_alloc(payload_len, p, GFP_ATOMIC);
1872 8 : if (!nframe)
1873 : return -ENOMEM;
1874 8 : nframe->skb = skb_get(frame->skb);
1875 :
1876 8 : err = quic_inq_dgram_recv(sk, nframe);
1877 8 : if (err) {
1878 0 : quic_frame_put(nframe);
1879 0 : return err;
1880 : }
1881 :
1882 8 : len -= payload_len;
1883 8 : return (int)(frame->len - len);
1884 : }
1885 :
1886 0 : static void quic_frame_padding_ack(struct sock *sk, struct quic_frame *frame)
1887 : {
1888 0 : }
1889 :
1890 0 : static void quic_frame_ping_ack(struct sock *sk, struct quic_frame *frame)
1891 : {
1892 0 : }
1893 :
1894 0 : static void quic_frame_ack_ack(struct sock *sk, struct quic_frame *frame)
1895 : {
1896 0 : }
1897 :
1898 24 : static void quic_frame_reset_stream_ack(struct sock *sk, struct quic_frame *frame)
1899 : {
1900 24 : struct quic_stream_table *streams = quic_streams(sk);
1901 24 : struct quic_stream *stream = frame->stream;
1902 24 : struct quic_stream_update update;
1903 :
1904 : /* Notify that stream has been reset. */
1905 24 : update.id = stream->id;
1906 24 : update.state = QUIC_STREAM_SEND_STATE_RESET_RECVD;
1907 24 : update.errcode = stream->send.errcode;
1908 24 : quic_inq_event_recv(sk, QUIC_EVENT_STREAM_UPDATE, &update);
1909 :
1910 : /* rfc9000#section-3.1:
1911 : *
1912 : * Once a packet containing a RESET_STREAM has been acknowledged, the sending part of
1913 : * the stream enters the "Reset Recvd" state, which is a terminal state.
1914 : */
1915 24 : stream->send.state = update.state;
1916 24 : quic_stream_send_put(streams, stream, quic_is_serv(sk)); /* Release the send stream. */
1917 24 : sk->sk_write_space(sk); /* Wake up processes blocked while attempting to open a stream. */
1918 24 : }
1919 :
1920 8 : static void quic_frame_stop_sending_ack(struct sock *sk, struct quic_frame *frame)
1921 : {
1922 8 : }
1923 :
1924 3484 : static void quic_frame_crypto_ack(struct sock *sk, struct quic_frame *frame)
1925 : {
1926 3484 : }
1927 :
1928 427 : static void quic_frame_new_token_ack(struct sock *sk, struct quic_frame *frame)
1929 : {
1930 427 : struct quic_outqueue *outq = quic_outq(sk);
1931 :
1932 427 : outq->token_pending = 0; /* Clear flag so a new NEW_TOKEN frame can be sent if needed. */
1933 427 : }
1934 :
1935 6329985 : static void quic_frame_stream_ack(struct sock *sk, struct quic_frame *frame)
1936 : {
1937 6329985 : struct quic_stream_table *streams = quic_streams(sk);
1938 6329985 : struct quic_stream *stream = frame->stream;
1939 6329985 : struct quic_stream_update update;
1940 :
1941 6329985 : stream->send.frags--;
1942 6329985 : if (stream->send.frags || stream->send.state != QUIC_STREAM_SEND_STATE_SENT)
1943 6312353 : return; /* Skip if there are data in flight, or stream isn't in "Sent" state. */
1944 :
1945 : /* Notify that stream received all data by peer. */
1946 17632 : update.id = stream->id;
1947 17632 : update.state = QUIC_STREAM_SEND_STATE_RECVD;
1948 17632 : quic_inq_event_recv(sk, QUIC_EVENT_STREAM_UPDATE, &update);
1949 :
1950 : /* rfc9000#section-3.1:
1951 : *
1952 : * Once all stream data has been successfully acknowledged, the sending part of the
1953 : * stream enters the "Data Recvd" state, which is a terminal state.
1954 : */
1955 17632 : stream->send.state = update.state;
1956 17632 : quic_stream_send_put(streams, stream, quic_is_serv(sk)); /* Release the send stream. */
1957 17632 : sk->sk_write_space(sk); /* Wake up processes blocked while attempting to open a stream. */
1958 : }
1959 :
1960 60670 : static void quic_frame_max_data_ack(struct sock *sk, struct quic_frame *frame)
1961 : {
1962 60670 : }
1963 :
1964 110213 : static void quic_frame_max_stream_data_ack(struct sock *sk, struct quic_frame *frame)
1965 : {
1966 110213 : }
1967 :
1968 638 : static void quic_frame_max_streams_bidi_ack(struct sock *sk, struct quic_frame *frame)
1969 : {
1970 638 : }
1971 :
1972 142 : static void quic_frame_max_streams_uni_ack(struct sock *sk, struct quic_frame *frame)
1973 : {
1974 142 : }
1975 :
1976 0 : static void quic_frame_data_blocked_ack(struct sock *sk, struct quic_frame *frame)
1977 : {
1978 0 : struct quic_outqueue *outq = quic_outq(sk);
1979 :
1980 : /* Clear flag so a new DATA_BLOCKED frame can be sent if needed. */
1981 0 : outq->data_blocked = 0;
1982 0 : }
1983 :
1984 0 : static void quic_frame_stream_data_blocked_ack(struct sock *sk, struct quic_frame *frame)
1985 : {
1986 0 : struct quic_stream *stream = frame->stream;
1987 :
1988 : /* Clear flag so a new STREAM_DATA_BLOCKED frame can be sent if needed. */
1989 0 : stream->send.data_blocked = 0;
1990 0 : }
1991 :
1992 0 : static void quic_frame_streams_blocked_bidi_ack(struct sock *sk, struct quic_frame *frame)
1993 : {
1994 0 : struct quic_stream_table *streams = quic_streams(sk);
1995 :
1996 : /* Clear flag so a new STREAMS_BLOCKED_BIDI frame can be sent if needed. */
1997 0 : streams->send.bidi_blocked = 0;
1998 0 : }
1999 :
2000 0 : static void quic_frame_streams_blocked_uni_ack(struct sock *sk, struct quic_frame *frame)
2001 : {
2002 0 : struct quic_stream_table *streams = quic_streams(sk);
2003 :
2004 : /* Clear flag so a new STREAMS_BLOCKED_UNI frame can be sent if needed. */
2005 0 : streams->send.uni_blocked = 0;
2006 0 : }
2007 :
2008 5843 : static void quic_frame_new_conn_id_ack(struct sock *sk, struct quic_frame *frame)
2009 : {
2010 5843 : }
2011 :
2012 157 : static void quic_frame_retire_conn_id_ack(struct sock *sk, struct quic_frame *frame)
2013 : {
2014 157 : }
2015 :
2016 0 : static void quic_frame_path_challenge_ack(struct sock *sk, struct quic_frame *frame)
2017 : {
2018 0 : }
2019 :
2020 0 : static void quic_frame_path_response_ack(struct sock *sk, struct quic_frame *frame)
2021 : {
2022 0 : }
2023 :
2024 0 : static void quic_frame_connection_close_ack(struct sock *sk, struct quic_frame *frame)
2025 : {
2026 0 : }
2027 :
2028 419 : static void quic_frame_handshake_done_ack(struct sock *sk, struct quic_frame *frame)
2029 : {
2030 419 : }
2031 :
2032 0 : static void quic_frame_invalid_ack(struct sock *sk, struct quic_frame *frame)
2033 : {
2034 0 : }
2035 :
2036 8 : static void quic_frame_datagram_ack(struct sock *sk, struct quic_frame *frame)
2037 : {
2038 8 : }
2039 :
2040 : #define quic_frame_create_and_process_and_ack(type, eliciting) \
2041 : { \
2042 : .frame_create = quic_frame_##type##_create, \
2043 : .frame_process = quic_frame_##type##_process, \
2044 : .frame_ack = quic_frame_##type##_ack, \
2045 : .ack_eliciting = eliciting \
2046 : }
2047 :
2048 : static struct quic_frame_ops quic_frame_ops[QUIC_FRAME_MAX + 1] = {
2049 : quic_frame_create_and_process_and_ack(padding, 0), /* 0x00 */
2050 : quic_frame_create_and_process_and_ack(ping, 1),
2051 : quic_frame_create_and_process_and_ack(ack, 0),
2052 : quic_frame_create_and_process_and_ack(ack, 0), /* ack_ecn */
2053 : quic_frame_create_and_process_and_ack(reset_stream, 1),
2054 : quic_frame_create_and_process_and_ack(stop_sending, 1),
2055 : quic_frame_create_and_process_and_ack(crypto, 1),
2056 : quic_frame_create_and_process_and_ack(new_token, 1),
2057 : quic_frame_create_and_process_and_ack(stream, 1),
2058 : quic_frame_create_and_process_and_ack(stream, 1),
2059 : quic_frame_create_and_process_and_ack(stream, 1),
2060 : quic_frame_create_and_process_and_ack(stream, 1),
2061 : quic_frame_create_and_process_and_ack(stream, 1),
2062 : quic_frame_create_and_process_and_ack(stream, 1),
2063 : quic_frame_create_and_process_and_ack(stream, 1),
2064 : quic_frame_create_and_process_and_ack(stream, 1),
2065 : quic_frame_create_and_process_and_ack(max_data, 1), /* 0x10 */
2066 : quic_frame_create_and_process_and_ack(max_stream_data, 1),
2067 : quic_frame_create_and_process_and_ack(max_streams_bidi, 1),
2068 : quic_frame_create_and_process_and_ack(max_streams_uni, 1),
2069 : quic_frame_create_and_process_and_ack(data_blocked, 1),
2070 : quic_frame_create_and_process_and_ack(stream_data_blocked, 1),
2071 : quic_frame_create_and_process_and_ack(streams_blocked_bidi, 1),
2072 : quic_frame_create_and_process_and_ack(streams_blocked_uni, 1),
2073 : quic_frame_create_and_process_and_ack(new_conn_id, 1),
2074 : quic_frame_create_and_process_and_ack(retire_conn_id, 1),
2075 : quic_frame_create_and_process_and_ack(path_challenge, 0),
2076 : quic_frame_create_and_process_and_ack(path_response, 0),
2077 : quic_frame_create_and_process_and_ack(connection_close, 0),
2078 : quic_frame_create_and_process_and_ack(connection_close, 0),
2079 : quic_frame_create_and_process_and_ack(handshake_done, 1),
2080 : quic_frame_create_and_process_and_ack(invalid, 0),
2081 : quic_frame_create_and_process_and_ack(invalid, 0), /* 0x20 */
2082 : quic_frame_create_and_process_and_ack(invalid, 0),
2083 : quic_frame_create_and_process_and_ack(invalid, 0),
2084 : quic_frame_create_and_process_and_ack(invalid, 0),
2085 : quic_frame_create_and_process_and_ack(invalid, 0),
2086 : quic_frame_create_and_process_and_ack(invalid, 0),
2087 : quic_frame_create_and_process_and_ack(invalid, 0),
2088 : quic_frame_create_and_process_and_ack(invalid, 0),
2089 : quic_frame_create_and_process_and_ack(invalid, 0),
2090 : quic_frame_create_and_process_and_ack(invalid, 0),
2091 : quic_frame_create_and_process_and_ack(invalid, 0),
2092 : quic_frame_create_and_process_and_ack(invalid, 0),
2093 : quic_frame_create_and_process_and_ack(invalid, 0),
2094 : quic_frame_create_and_process_and_ack(invalid, 0),
2095 : quic_frame_create_and_process_and_ack(invalid, 0),
2096 : quic_frame_create_and_process_and_ack(invalid, 0),
2097 : quic_frame_create_and_process_and_ack(datagram, 1), /* 0x30 */
2098 : quic_frame_create_and_process_and_ack(datagram, 1),
2099 : };
2100 :
2101 6512018 : void quic_frame_ack(struct sock *sk, struct quic_frame *frame)
2102 : {
2103 6512018 : quic_frame_ops[frame->type].frame_ack(sk, frame);
2104 :
2105 6512018 : list_del_init(&frame->list);
2106 6512017 : frame->transmitted = 0;
2107 6512017 : quic_frame_put(frame);
2108 6512018 : }
2109 :
2110 6571365 : int quic_frame_process(struct sock *sk, struct quic_frame *frame)
2111 : {
2112 6571365 : struct quic_packet *packet = quic_packet(sk);
2113 6571365 : u8 type, level = frame->level;
2114 6571365 : int ret;
2115 :
2116 6571365 : if (!frame->len) {
2117 : /* rfc9000#section-12.4:
2118 : *
2119 : * An endpoint MUST treat receipt of a packet containing no frames as a
2120 : * connection error of type PROTOCOL_VIOLATION.
2121 : */
2122 0 : packet->errcode = QUIC_TRANSPORT_ERROR_PROTOCOL_VIOLATION;
2123 0 : return -EINVAL;
2124 : }
2125 :
2126 13547859 : while (frame->len > 0) {
2127 6972699 : type = *frame->data++;
2128 6972699 : frame->len--;
2129 :
2130 6972699 : if (type > QUIC_FRAME_MAX) {
2131 0 : pr_debug("%s: unsupported frame, type: %x, level: %d\n",
2132 : __func__, type, level);
2133 : /* rfc9000#section-12.4:
2134 : *
2135 : * An endpoint MUST treat the receipt of a frame of unknown type
2136 : * as a connection error of type FRAME_ENCODING_ERROR.
2137 : */
2138 0 : packet->errcode = QUIC_TRANSPORT_ERROR_FRAME_ENCODING;
2139 0 : return -EPROTONOSUPPORT;
2140 6972699 : } else if (quic_frame_level_check(level, type)) {
2141 0 : pr_debug("%s: invalid frame, type: %x, level: %d\n",
2142 : __func__, type, level);
2143 0 : return -EINVAL;
2144 : }
2145 6972699 : ret = quic_frame_ops[type].frame_process(sk, frame, type);
2146 6976540 : if (ret < 0) {
2147 48 : pr_debug("%s: failed, type: %x, level: %d, err: %d\n",
2148 : __func__, type, level, ret);
2149 48 : packet->errframe = type;
2150 48 : packet->errcode = frame->errcode;
2151 48 : return ret;
2152 : }
2153 6976492 : pr_debug("%s: done, type: %x, level: %d\n", __func__, type, level);
2154 6976494 : if (quic_frame_ops[type].ack_eliciting) {
2155 6568968 : packet->ack_requested = 1;
2156 : /* Require immediate ACKs for non-stream or stream-FIN frames. */
2157 6568968 : if (!quic_frame_stream(type) || (type & QUIC_STREAM_BIT_FIN))
2158 215960 : packet->ack_immediate = 1;
2159 : /* rfc9000#section-9.1:
2160 : *
2161 : * PATH_CHALLENGE, PATH_RESPONSE, NEW_CONNECTION_ID, and PADDING frames
2162 : * are "probing frames", and all other frames are "non-probing frames".
2163 : * (PATH_CHALLENGE, PATH_RESPONSE and PADDING are not ack_eliciting.)
2164 : */
2165 6568968 : if (!quic_frame_new_conn_id(type))
2166 6563634 : packet->non_probing = 1;
2167 : }
2168 6976494 : if (quic_frame_sack(type))
2169 384140 : packet->has_sack = 1;
2170 :
2171 6976494 : frame->data += ret;
2172 6976494 : frame->len -= ret;
2173 : }
2174 : return 0;
2175 : }
2176 :
2177 6885499 : struct quic_frame *quic_frame_create(struct sock *sk, u8 type, void *data)
2178 : {
2179 6885499 : struct quic_frame *frame;
2180 :
2181 6885499 : if (type > QUIC_FRAME_MAX)
2182 : return NULL;
2183 6885499 : frame = quic_frame_ops[type].frame_create(sk, data, type);
2184 6890780 : if (!frame) {
2185 4 : pr_debug("%s: failed, type: %x\n", __func__, type);
2186 4 : return NULL;
2187 : }
2188 6890776 : INIT_LIST_HEAD(&frame->list);
2189 6890776 : if (!frame->type)
2190 185024 : frame->type = type;
2191 6890776 : frame->ack_eliciting = quic_frame_ops[type].ack_eliciting;
2192 6890776 : pr_debug("%s: done, type: %x, len: %u\n", __func__, type, frame->len);
2193 : return frame;
2194 : }
2195 :
2196 13230812 : struct quic_frame *quic_frame_alloc(u32 size, u8 *data, gfp_t gfp)
2197 : {
2198 13230812 : struct quic_frame *frame;
2199 :
2200 13230812 : frame = kmem_cache_zalloc(quic_frame_cachep, gfp);
2201 13262321 : if (!frame)
2202 : return NULL;
2203 13262321 : if (data) {
2204 6374151 : frame->data = data;
2205 6374151 : goto out;
2206 : }
2207 6888170 : frame->data = kmalloc(size, gfp);
2208 6890109 : if (!frame->data) {
2209 0 : kmem_cache_free(quic_frame_cachep, frame);
2210 0 : return NULL;
2211 : }
2212 6890109 : out:
2213 13264260 : refcount_set(&frame->refcnt, 1);
2214 13264260 : frame->offset = -1;
2215 13264260 : frame->len = (u16)size;
2216 13264260 : frame->size = frame->len;
2217 13264260 : return frame;
2218 : }
2219 :
2220 13267724 : static void quic_frame_free(struct quic_frame *frame)
2221 : {
2222 13267724 : struct quic_frame_frag *frag, *next;
2223 :
2224 13267724 : if (!frame->type && frame->skb) { /* RX path frame with skb. */
2225 6374151 : kfree_skb(frame->skb);
2226 6374151 : goto out;
2227 : }
2228 :
2229 15185413 : for (frag = frame->flist; frag; frag = next) {
2230 8291836 : next = frag->next;
2231 8291836 : kfree(frag);
2232 : }
2233 6893577 : kfree(frame->data);
2234 13267728 : out:
2235 13267728 : kmem_cache_free(quic_frame_cachep, frame);
2236 13267517 : }
2237 :
2238 6523449 : struct quic_frame *quic_frame_get(struct quic_frame *frame)
2239 : {
2240 6523449 : refcount_inc(&frame->refcnt);
2241 6525557 : return frame;
2242 : }
2243 :
2244 19792474 : void quic_frame_put(struct quic_frame *frame)
2245 : {
2246 19792474 : if (refcount_dec_and_test(&frame->refcnt))
2247 13267603 : quic_frame_free(frame);
2248 19793028 : }
2249 :
2250 : /* Appends stream data to a QUIC frame. */
2251 3923667 : int quic_frame_stream_append(struct sock *sk, struct quic_frame *frame,
2252 : struct quic_msginfo *info, u8 pack)
2253 : {
2254 3923667 : struct quic_stream *stream = info->stream;
2255 3923667 : u8 *p, type = frame->type, nodelay = 0;
2256 3923667 : u32 msg_len, max_frame_len, hlen = 1;
2257 3923667 : struct quic_frame_frag *frag, *pos;
2258 3923667 : u64 wspace, offset = 0;
2259 :
2260 : /* Calculate header length: frame type + stream ID + (optional) offset + length. */
2261 3923667 : hlen += quic_var_len(stream->id);
2262 3923667 : offset = stream->send.bytes - frame->bytes;
2263 3923667 : if (offset)
2264 3923619 : hlen += quic_var_len(offset);
2265 3923667 : max_frame_len = quic_packet_max_payload(quic_packet(sk)); /* MSS. */
2266 3923667 : hlen += quic_var_len(max_frame_len);
2267 3923667 : if (max_frame_len - hlen <= frame->bytes)
2268 : return -1; /* Not enough space for any additional payload. */
2269 :
2270 : /* Trim msg_len to respect flow control and MSS constraints, similar to
2271 : * quic_frame_stream_create().
2272 : */
2273 3923662 : msg_len = iov_iter_count(info->msg);
2274 3923662 : wspace = quic_outq_wspace(sk, stream);
2275 3923662 : if ((u64)msg_len <= wspace) {
2276 3904980 : if (msg_len <= max_frame_len - hlen - frame->bytes) {
2277 2578 : if (info->flags & MSG_STREAM_FIN)
2278 18 : type |= QUIC_STREAM_BIT_FIN;
2279 : } else {
2280 : nodelay = 1;
2281 : msg_len = max_frame_len - hlen - frame->bytes;
2282 : }
2283 : } else {
2284 18682 : msg_len = wspace;
2285 18682 : if (msg_len > max_frame_len - hlen - frame->bytes) {
2286 18420 : nodelay = 1;
2287 18420 : msg_len = max_frame_len - hlen - frame->bytes;
2288 : }
2289 : }
2290 3923662 : if (!pack) /* Only calculating how much to append. */
2291 1961831 : return msg_len;
2292 :
2293 1961831 : if (msg_len) { /* Attach data to frame as fragment. */
2294 1961831 : frag = quic_frame_frag_alloc(msg_len);
2295 1961831 : if (!frag)
2296 : return 0;
2297 1961831 : if (!quic_frame_copy_from_iter_full(frag->data, msg_len, info->msg)) {
2298 0 : kfree(frag);
2299 0 : return 0;
2300 : }
2301 1961831 : if (frame->flist) {
2302 : pos = frame->flist;
2303 1963334 : while (pos->next)
2304 : pos = pos->next;
2305 1961831 : pos->next = frag;
2306 : } else {
2307 0 : frame->flist = frag;
2308 : }
2309 : }
2310 :
2311 : /* Update stream data header and frame fields. */
2312 1961831 : p = quic_put_var(frame->data, type);
2313 1961831 : p = quic_put_var(p, stream->id);
2314 1961831 : if (offset)
2315 1961807 : p = quic_put_var(p, offset);
2316 1961831 : p = quic_put_var(p, frame->bytes + msg_len);
2317 :
2318 1961831 : frame->type = type;
2319 1961831 : frame->size = (u16)(p - frame->data);
2320 1961831 : frame->bytes += msg_len;
2321 1961831 : frame->len = frame->size + frame->bytes;
2322 1961831 : frame->nodelay = nodelay;
2323 :
2324 1961831 : return msg_len;
2325 : }
2326 :
2327 : /* rfc9000#section-18:
2328 : *
2329 : * Transport Parameter {
2330 : * Transport Parameter ID (i),
2331 : * Transport Parameter Length (i),
2332 : * Transport Parameter Value (..),
2333 : * }
2334 : */
2335 1425 : static u8 *quic_frame_put_conn_id(u8 *p, u16 id, struct quic_conn_id *conn_id)
2336 : {
2337 1425 : p = quic_put_var(p, id);
2338 1425 : p = quic_put_var(p, conn_id->len);
2339 1425 : p = quic_put_data(p, conn_id->data, conn_id->len);
2340 1425 : return p;
2341 : }
2342 :
2343 : /* rfc9368#section-3:
2344 : *
2345 : * Version Information {
2346 : * Chosen Version (32),
2347 : * Available Versions (32) ...,
2348 : * }
2349 : */
2350 521 : static u8 *quic_frame_put_version_info(u8 *p, u16 id, u32 version)
2351 : {
2352 521 : u32 *versions, i, len = QUIC_VERSION_LEN;
2353 :
2354 521 : versions = quic_packet_compatible_versions(version);
2355 521 : if (!versions)
2356 : return p;
2357 :
2358 1563 : for (i = 1; versions[i]; i++)
2359 1042 : len += QUIC_VERSION_LEN;
2360 521 : p = quic_put_var(p, id);
2361 521 : p = quic_put_var(p, len);
2362 521 : p = quic_put_int(p, version, QUIC_VERSION_LEN);
2363 :
2364 2084 : for (i = 1; versions[i]; i++)
2365 1042 : p = quic_put_int(p, versions[i], QUIC_VERSION_LEN);
2366 :
2367 : return p;
2368 : }
2369 :
2370 : /* rfc9000#section-18.2:
2371 : *
2372 : * Preferred Address {
2373 : * IPv4 Address (32),
2374 : * IPv4 Port (16),
2375 : * IPv6 Address (128),
2376 : * IPv6 Port (16),
2377 : * Connection ID Length (8),
2378 : * Connection ID (..),
2379 : * Stateless Reset Token (128),
2380 : * }
2381 : */
2382 27 : static u8 *quic_frame_put_address(u8 *p, u16 id, union quic_addr *addr,
2383 : struct quic_conn_id *conn_id, u8 *token, struct sock *sk)
2384 : {
2385 27 : p = quic_put_var(p, id);
2386 27 : p = quic_put_var(p, QUIC_PREF_ADDR_LEN + 1 + conn_id->len + QUIC_CONN_ID_TOKEN_LEN);
2387 27 : quic_set_pref_addr(sk, p, addr);
2388 27 : p += QUIC_PREF_ADDR_LEN;
2389 :
2390 27 : p = quic_put_int(p, conn_id->len, 1);
2391 27 : p = quic_put_data(p, conn_id->data, conn_id->len);
2392 27 : p = quic_put_data(p, token, QUIC_CONN_ID_TOKEN_LEN);
2393 27 : return p;
2394 : }
2395 :
2396 : #define USEC_TO_MSEC(usec) DIV_ROUND_UP((usec), 1000)
2397 : #define MSEC_TO_USEC(msec) ((msec) * 1000)
2398 :
2399 : /* Construct the full encoded transport parameters extension for a QUIC connection. */
2400 1001 : int quic_frame_build_transport_params_ext(struct sock *sk, struct quic_transport_param *params,
2401 : u8 *data, u32 *len)
2402 : {
2403 1001 : struct quic_conn_id_set *id_set = quic_source(sk);
2404 1001 : struct quic_path_group *paths = quic_paths(sk);
2405 1001 : u8 *p = data, token[QUIC_CONN_ID_TOKEN_LEN];
2406 1001 : struct quic_conn_id *scid, conn_id;
2407 1001 : struct quic_crypto *crypto;
2408 1001 : u16 param_id;
2409 :
2410 1001 : scid = quic_conn_id_active(id_set);
2411 1001 : if (quic_is_serv(sk)) {
2412 420 : crypto = quic_crypto(sk, QUIC_CRYPTO_INITIAL);
2413 : /* rfc9000#section-10.3:
2414 : *
2415 : * A server includes the Destination Connection ID field from the first Initial
2416 : * packet it received from the client in the original_destination_connection_id
2417 : * transport parameter; if the server sent a Retry packet, this refers to the
2418 : * first Initial packet received before sending the Retry packet.
2419 : */
2420 420 : param_id = QUIC_TRANSPORT_PARAM_ORIGINAL_DESTINATION_CONNECTION_ID;
2421 420 : p = quic_frame_put_conn_id(p, param_id, &paths->orig_dcid);
2422 420 : if (params->stateless_reset) {
2423 : /* rfc9000#section-10.3:
2424 : *
2425 : * Servers can also issue a stateless_reset_token transport parameter
2426 : * during the handshake that applies to the connection ID that it
2427 : * selected during the handshake.
2428 : */
2429 12 : p = quic_put_var(p, QUIC_TRANSPORT_PARAM_STATELESS_RESET_TOKEN);
2430 12 : p = quic_put_var(p, QUIC_CONN_ID_TOKEN_LEN);
2431 12 : if (quic_crypto_generate_stateless_reset_token(crypto, scid->data,
2432 12 : scid->len, token,
2433 : QUIC_CONN_ID_TOKEN_LEN))
2434 : return -1;
2435 12 : p = quic_put_data(p, token, QUIC_CONN_ID_TOKEN_LEN);
2436 : }
2437 420 : if (paths->retry) {
2438 : /* rfc9000#section-10.3:
2439 : *
2440 : * If it sends a Retry packet, a server also includes the Source
2441 : * Connection ID field from the Retry packet in the
2442 : * retry_source_connection_id transport parameter.
2443 : */
2444 4 : param_id = QUIC_TRANSPORT_PARAM_RETRY_SOURCE_CONNECTION_ID;
2445 4 : p = quic_frame_put_conn_id(p, param_id, &paths->retry_dcid);
2446 : }
2447 420 : if (paths->pref_addr) {
2448 : /* Write preferred address parameter with an associated conn ID and
2449 : * stateless reset token.
2450 : */
2451 27 : quic_conn_id_generate(&conn_id);
2452 27 : if (quic_crypto_generate_stateless_reset_token(crypto, conn_id.data,
2453 : conn_id.len, token,
2454 : QUIC_CONN_ID_TOKEN_LEN))
2455 : return -1;
2456 27 : if (quic_conn_id_add(id_set, &conn_id, 1, sk))
2457 : return -1;
2458 27 : param_id = QUIC_TRANSPORT_PARAM_PREFERRED_ADDRESS;
2459 27 : p = quic_frame_put_address(p, param_id, quic_path_saddr(paths, 1),
2460 : &conn_id, token, sk);
2461 : }
2462 : }
2463 : /* rfc9000#section-10.3:
2464 : *
2465 : * Each endpoint includes the value of the Source Connection ID field from the first
2466 : * Initial packet it sent in the initial_source_connection_id transport parameter.
2467 : */
2468 1001 : p = quic_frame_put_conn_id(p, QUIC_TRANSPORT_PARAM_INITIAL_SOURCE_CONNECTION_ID, scid);
2469 1001 : if (params->max_stream_data_bidi_local) {
2470 1001 : p = quic_put_param(p, QUIC_TRANSPORT_PARAM_INITIAL_MAX_STREAM_DATA_BIDI_LOCAL,
2471 : params->max_stream_data_bidi_local);
2472 : }
2473 1001 : if (params->max_stream_data_bidi_remote) {
2474 1001 : p = quic_put_param(p, QUIC_TRANSPORT_PARAM_INITIAL_MAX_STREAM_DATA_BIDI_REMOTE,
2475 : params->max_stream_data_bidi_remote);
2476 : }
2477 1001 : if (params->max_stream_data_uni) {
2478 1001 : p = quic_put_param(p, QUIC_TRANSPORT_PARAM_INITIAL_MAX_STREAM_DATA_UNI,
2479 : params->max_stream_data_uni);
2480 : }
2481 1001 : if (params->max_data) {
2482 1001 : p = quic_put_param(p, QUIC_TRANSPORT_PARAM_INITIAL_MAX_DATA,
2483 : params->max_data);
2484 : }
2485 1001 : if (params->max_streams_bidi) {
2486 1001 : p = quic_put_param(p, QUIC_TRANSPORT_PARAM_INITIAL_MAX_STREAMS_BIDI,
2487 : params->max_streams_bidi);
2488 : }
2489 1001 : if (params->max_streams_uni) {
2490 1001 : p = quic_put_param(p, QUIC_TRANSPORT_PARAM_INITIAL_MAX_STREAMS_UNI,
2491 : params->max_streams_uni);
2492 : }
2493 1001 : if (params->max_udp_payload_size != QUIC_MAX_UDP_PAYLOAD) {
2494 0 : p = quic_put_param(p, QUIC_TRANSPORT_PARAM_MAX_UDP_PAYLOAD_SIZE,
2495 : params->max_udp_payload_size);
2496 : }
2497 1001 : if (params->ack_delay_exponent != QUIC_DEF_ACK_DELAY_EXPONENT) {
2498 0 : p = quic_put_param(p, QUIC_TRANSPORT_PARAM_ACK_DELAY_EXPONENT,
2499 : params->ack_delay_exponent);
2500 : }
2501 1001 : if (params->disable_active_migration) {
2502 0 : p = quic_put_var(p, QUIC_TRANSPORT_PARAM_DISABLE_ACTIVE_MIGRATION);
2503 0 : p = quic_put_var(p, 0);
2504 : }
2505 1001 : if (params->disable_1rtt_encryption) {
2506 4 : p = quic_put_var(p, QUIC_TRANSPORT_PARAM_DISABLE_1RTT_ENCRYPTION);
2507 4 : p = quic_put_var(p, 0);
2508 : }
2509 1001 : if (!params->disable_compatible_version) {
2510 521 : p = quic_frame_put_version_info(p, QUIC_TRANSPORT_PARAM_VERSION_INFORMATION,
2511 521 : quic_packet(sk)->version);
2512 : }
2513 1001 : if (params->grease_quic_bit) {
2514 889 : p = quic_put_var(p, QUIC_TRANSPORT_PARAM_GREASE_QUIC_BIT);
2515 889 : p = quic_put_var(p, 0);
2516 : }
2517 1001 : if (params->max_ack_delay != QUIC_DEF_ACK_DELAY) {
2518 840 : p = quic_put_param(p, QUIC_TRANSPORT_PARAM_MAX_ACK_DELAY,
2519 840 : USEC_TO_MSEC(params->max_ack_delay));
2520 : }
2521 1001 : if (params->max_idle_timeout) {
2522 1001 : p = quic_put_param(p, QUIC_TRANSPORT_PARAM_MAX_IDLE_TIMEOUT,
2523 1001 : USEC_TO_MSEC(params->max_idle_timeout));
2524 : }
2525 1001 : if (params->active_connection_id_limit &&
2526 : params->active_connection_id_limit != QUIC_CONN_ID_LEAST) {
2527 1001 : p = quic_put_param(p, QUIC_TRANSPORT_PARAM_ACTIVE_CONNECTION_ID_LIMIT,
2528 : params->active_connection_id_limit);
2529 : }
2530 1001 : if (params->max_datagram_frame_size) {
2531 8 : p = quic_put_param(p, QUIC_TRANSPORT_PARAM_MAX_DATAGRAM_FRAME_SIZE,
2532 : params->max_datagram_frame_size);
2533 : }
2534 1001 : *len = p - data;
2535 1001 : return 0;
2536 : }
2537 :
2538 : /* Parse a QUIC Connection ID transport parameter. */
2539 1574 : static int quic_frame_get_conn_id(struct quic_conn_id *conn_id, u8 **pp, u32 *plen)
2540 : {
2541 1574 : u64 valuelen;
2542 :
2543 1574 : if (!quic_get_var(pp, plen, &valuelen))
2544 : return -1;
2545 :
2546 1574 : if ((u64)*plen < valuelen || valuelen > QUIC_CONN_ID_MAX_LEN)
2547 : return -1;
2548 :
2549 3148 : memcpy(conn_id->data, *pp, valuelen);
2550 1574 : conn_id->len = (u8)valuelen;
2551 :
2552 1574 : *pp += valuelen;
2553 1574 : *plen -= valuelen;
2554 1574 : return 0;
2555 : }
2556 :
2557 : #define QUIC_MAX_VERSIONS 16
2558 :
2559 : /* Parse QUIC version information transport parameter. */
2560 732 : static int quic_frame_get_version_info(u32 *versions, u8 *count, u8 **pp, u32 *plen)
2561 : {
2562 732 : u64 valuelen, v = 0;
2563 732 : u8 i;
2564 :
2565 732 : if (!quic_get_var(pp, plen, &valuelen))
2566 : return -1;
2567 :
2568 732 : if ((u64)*plen < valuelen || valuelen > QUIC_VERSION_LEN * QUIC_MAX_VERSIONS)
2569 : return -1;
2570 :
2571 732 : *count = (u8)(valuelen / QUIC_VERSION_LEN);
2572 2717 : for (i = 0; i < *count; i++) {
2573 1985 : quic_get_int(pp, plen, &v, QUIC_VERSION_LEN);
2574 1985 : versions[i] = v;
2575 : }
2576 : return 0;
2577 : }
2578 :
2579 : /* Parse Preferred Address transport parameter. */
2580 28 : static int quic_frame_get_address(union quic_addr *addr, struct quic_conn_id *conn_id,
2581 : u8 *token, u8 **pp, u32 *plen, struct sock *sk)
2582 : {
2583 28 : u64 valuelen, len;
2584 :
2585 28 : if (!quic_get_var(pp, plen, &valuelen))
2586 : return -1;
2587 :
2588 28 : if ((u64)*plen < valuelen || valuelen < QUIC_PREF_ADDR_LEN)
2589 : return -1;
2590 :
2591 28 : quic_get_pref_addr(sk, addr, pp, plen);
2592 :
2593 28 : if (!quic_get_int(pp, plen, &len, 1) || len > QUIC_CONN_ID_MAX_LEN)
2594 : return -1;
2595 28 : if (valuelen != QUIC_PREF_ADDR_LEN + 1 + len + QUIC_CONN_ID_TOKEN_LEN)
2596 : return -1;
2597 :
2598 28 : conn_id->len = len;
2599 28 : if (!quic_get_data(pp, plen, conn_id->data, conn_id->len))
2600 : return -1;
2601 28 : if (!quic_get_data(pp, plen, token, QUIC_CONN_ID_TOKEN_LEN))
2602 0 : return -1;
2603 : return 0;
2604 : }
2605 :
2606 : /* Parse the full encoded transport parameters extension for a QUIC connection. */
2607 994 : int quic_frame_parse_transport_params_ext(struct sock *sk, struct quic_transport_param *params,
2608 : u8 *data, u32 len)
2609 : {
2610 994 : u8 *p = data, count = 1, token[QUIC_CONN_ID_TOKEN_LEN];
2611 994 : struct quic_conn_id_set *id_set = quic_dest(sk);
2612 994 : struct quic_path_group *paths = quic_paths(sk);
2613 994 : struct quic_packet *packet = quic_packet(sk);
2614 994 : struct quic_conn_id *active, conn_id;
2615 994 : u32 versions[QUIC_MAX_VERSIONS] = {};
2616 994 : u64 type, value, valuelen;
2617 994 : union quic_addr addr;
2618 :
2619 : /* Apply default values if the peer omits these transport parameters. */
2620 994 : params->max_udp_payload_size = QUIC_MAX_UDP_PAYLOAD;
2621 994 : params->ack_delay_exponent = QUIC_DEF_ACK_DELAY_EXPONENT;
2622 994 : params->max_ack_delay = QUIC_DEF_ACK_DELAY;
2623 994 : params->active_connection_id_limit = QUIC_CONN_ID_LEAST;
2624 :
2625 994 : active = quic_conn_id_active(id_set);
2626 994 : versions[0] = packet->version;
2627 13301 : while (len > 0) {
2628 12307 : if (!quic_get_var(&p, &len, &type))
2629 : return -1;
2630 :
2631 12307 : switch (type) {
2632 : case QUIC_TRANSPORT_PARAM_ORIGINAL_DESTINATION_CONNECTION_ID:
2633 574 : if (quic_is_serv(sk))
2634 : return -1;
2635 574 : if (quic_frame_get_conn_id(&conn_id, &p, &len))
2636 : return -1;
2637 : /* Validate original_destination_connection_id sent by the server. */
2638 574 : if (quic_conn_id_cmp(&paths->orig_dcid, &conn_id))
2639 : return -1;
2640 : break;
2641 : case QUIC_TRANSPORT_PARAM_RETRY_SOURCE_CONNECTION_ID:
2642 6 : if (quic_is_serv(sk))
2643 : return -1;
2644 6 : if (quic_frame_get_conn_id(&conn_id, &p, &len))
2645 : return -1;
2646 : /* Validate retry_source_connection_id sent by the server. */
2647 6 : if (paths->retry && quic_conn_id_cmp(&paths->retry_dcid, &conn_id))
2648 : return -1;
2649 : break;
2650 994 : case QUIC_TRANSPORT_PARAM_INITIAL_SOURCE_CONNECTION_ID:
2651 994 : if (quic_frame_get_conn_id(&conn_id, &p, &len))
2652 : return -1;
2653 : /* Validate initial_source_connection_id sent by the peer. */
2654 994 : if (quic_conn_id_cmp(active, &conn_id))
2655 : return -1;
2656 : break;
2657 869 : case QUIC_TRANSPORT_PARAM_INITIAL_MAX_STREAM_DATA_BIDI_LOCAL:
2658 869 : if (!quic_get_param(¶ms->max_stream_data_bidi_local, &p, &len))
2659 : return -1;
2660 : break;
2661 872 : case QUIC_TRANSPORT_PARAM_INITIAL_MAX_STREAM_DATA_BIDI_REMOTE:
2662 872 : if (!quic_get_param(¶ms->max_stream_data_bidi_remote, &p, &len))
2663 : return -1;
2664 : break;
2665 994 : case QUIC_TRANSPORT_PARAM_INITIAL_MAX_STREAM_DATA_UNI:
2666 994 : if (!quic_get_param(¶ms->max_stream_data_uni, &p, &len))
2667 : return -1;
2668 : break;
2669 994 : case QUIC_TRANSPORT_PARAM_INITIAL_MAX_DATA:
2670 994 : if (!quic_get_param(¶ms->max_data, &p, &len))
2671 : return -1;
2672 : break;
2673 861 : case QUIC_TRANSPORT_PARAM_INITIAL_MAX_STREAMS_BIDI:
2674 861 : if (!quic_get_param(&value, &p, &len))
2675 : return -1;
2676 : /* Limit the number of bidirectional streams to avoid exhausting system
2677 : * memory.
2678 : */
2679 861 : if (value > QUIC_MAX_STREAMS)
2680 0 : value = QUIC_MAX_STREAMS;
2681 861 : params->max_streams_bidi = value;
2682 861 : break;
2683 753 : case QUIC_TRANSPORT_PARAM_INITIAL_MAX_STREAMS_UNI:
2684 753 : if (!quic_get_param(&value, &p, &len))
2685 : return -1;
2686 : /* Limit the number of unidirectional streams to avoid exhausting system
2687 : * memory.
2688 : */
2689 753 : if (value > QUIC_MAX_STREAMS)
2690 2 : value = QUIC_MAX_STREAMS;
2691 753 : params->max_streams_uni = value;
2692 753 : break;
2693 992 : case QUIC_TRANSPORT_PARAM_MAX_IDLE_TIMEOUT:
2694 992 : if (!quic_get_param(&value, &p, &len))
2695 : return -1;
2696 992 : value = MSEC_TO_USEC(value);
2697 992 : if (value < QUIC_MIN_IDLE_TIMEOUT)
2698 : return -1;
2699 992 : params->max_idle_timeout = value;
2700 992 : break;
2701 148 : case QUIC_TRANSPORT_PARAM_MAX_UDP_PAYLOAD_SIZE:
2702 148 : if (!quic_get_param(&value, &p, &len))
2703 : return -1;
2704 148 : if (value < QUIC_MIN_UDP_PAYLOAD || value > QUIC_MAX_UDP_PAYLOAD)
2705 : return -1;
2706 148 : params->max_udp_payload_size = value;
2707 148 : break;
2708 142 : case QUIC_TRANSPORT_PARAM_ACK_DELAY_EXPONENT:
2709 142 : if (!quic_get_param(&value, &p, &len))
2710 : return -1;
2711 142 : if (value > QUIC_MAX_ACK_DELAY_EXPONENT)
2712 : return -1;
2713 142 : params->ack_delay_exponent = value;
2714 142 : break;
2715 8 : case QUIC_TRANSPORT_PARAM_DISABLE_ACTIVE_MIGRATION:
2716 8 : if (!quic_get_var(&p, &len, &valuelen))
2717 : return -1;
2718 8 : if (valuelen)
2719 : return -1;
2720 8 : params->disable_active_migration = 1;
2721 8 : break;
2722 4 : case QUIC_TRANSPORT_PARAM_DISABLE_1RTT_ENCRYPTION:
2723 4 : if (!quic_get_var(&p, &len, &valuelen))
2724 : return -1;
2725 4 : if (!quic_is_serv(sk) && valuelen)
2726 : return -1;
2727 4 : params->disable_1rtt_encryption = 1;
2728 4 : len -= valuelen;
2729 4 : p += valuelen;
2730 4 : break;
2731 851 : case QUIC_TRANSPORT_PARAM_GREASE_QUIC_BIT:
2732 851 : if (!quic_get_var(&p, &len, &valuelen))
2733 : return -1;
2734 851 : if (valuelen)
2735 : return -1;
2736 851 : params->grease_quic_bit = 1;
2737 851 : break;
2738 611 : case QUIC_TRANSPORT_PARAM_MAX_ACK_DELAY:
2739 611 : if (!quic_get_param(&value, &p, &len))
2740 : return -1;
2741 611 : value = MSEC_TO_USEC(value);
2742 611 : if (value >= QUIC_MAX_ACK_DELAY)
2743 : return -1;
2744 611 : params->max_ack_delay = value;
2745 611 : break;
2746 988 : case QUIC_TRANSPORT_PARAM_ACTIVE_CONNECTION_ID_LIMIT:
2747 988 : if (!quic_get_param(&value, &p, &len))
2748 : return -1;
2749 988 : if (value < QUIC_CONN_ID_LEAST || value > QUIC_CONN_ID_LIMIT)
2750 : return -1;
2751 988 : params->active_connection_id_limit = value;
2752 988 : break;
2753 235 : case QUIC_TRANSPORT_PARAM_MAX_DATAGRAM_FRAME_SIZE:
2754 235 : if (!quic_get_param(&value, &p, &len))
2755 : return -1;
2756 235 : if (value && value < QUIC_PATH_MIN_PMTU)
2757 : return -1;
2758 235 : params->max_datagram_frame_size = value;
2759 235 : break;
2760 : case QUIC_TRANSPORT_PARAM_STATELESS_RESET_TOKEN:
2761 272 : if (quic_is_serv(sk))
2762 : return -1;
2763 272 : if (!quic_get_var(&p, &len, &valuelen) || (u64)len < valuelen ||
2764 : valuelen != QUIC_CONN_ID_TOKEN_LEN)
2765 : return -1;
2766 272 : quic_conn_id_set_token(active, p);
2767 272 : params->stateless_reset = 1;
2768 272 : len -= valuelen;
2769 272 : p += valuelen;
2770 272 : break;
2771 732 : case QUIC_TRANSPORT_PARAM_VERSION_INFORMATION:
2772 732 : if (quic_frame_get_version_info(versions, &count, &p, &len))
2773 : return -1;
2774 : /* rfc9368#section-3:
2775 : *
2776 : * The version that the sender has chosen to use for this connection.
2777 : * In most cases, this field will be equal to the value of the Version
2778 : * field in the long header that carries this data.
2779 : */
2780 732 : if (!count || versions[0] != packet->version)
2781 : return -1;
2782 : break;
2783 : case QUIC_TRANSPORT_PARAM_PREFERRED_ADDRESS:
2784 28 : if (quic_is_serv(sk))
2785 : return -1;
2786 28 : if (quic_frame_get_address(&addr, &conn_id, token, &p, &len, sk))
2787 : return -1;
2788 28 : if (quic_conn_id_add(id_set, &conn_id, 1, token))
2789 : return -1;
2790 : /* Mark and set preferred address if it's valid and differs from the
2791 : * original.
2792 : */
2793 56 : if (addr.v4.sin_port &&
2794 28 : !quic_cmp_sk_addr(sk, quic_path_daddr(paths, 0), &addr)) {
2795 28 : paths->pref_addr = 1;
2796 28 : quic_path_set_daddr(paths, 1, &addr);
2797 : }
2798 : break;
2799 379 : default:
2800 : /* Ignore unknown parameter. */
2801 379 : if (!quic_get_var(&p, &len, &valuelen) || (u64)len < valuelen)
2802 : return -1;
2803 379 : len -= valuelen;
2804 379 : p += valuelen;
2805 379 : break;
2806 : }
2807 : }
2808 :
2809 994 : return quic_packet_select_version(sk, versions, count);
2810 : }
|
