2 * INET An implementation of the TCP/IP protocol suite for the LINUX
3 * operating system. INET is implemented using the BSD Socket
4 * interface as the means of communication with the user level.
6 * Implementation of the Transmission Control Protocol(TCP).
8 * IPv4 specific functions
13 * linux/ipv4/tcp_input.c
14 * linux/ipv4/tcp_output.c
16 * See tcp.c for author information
18 * This program is free software; you can redistribute it and/or
19 * modify it under the terms of the GNU General Public License
20 * as published by the Free Software Foundation; either version
21 * 2 of the License, or (at your option) any later version.
26 * David S. Miller : New socket lookup architecture.
27 * This code is dedicated to John Dyson.
28 * David S. Miller : Change semantics of established hash,
29 * half is devoted to TIME_WAIT sockets
30 * and the rest go in the other half.
31 * Andi Kleen : Add support for syncookies and fixed
32 * some bugs: ip options weren't passed to
33 * the TCP layer, missed a check for an
35 * Andi Kleen : Implemented fast path mtu discovery.
36 * Fixed many serious bugs in the
37 * request_sock handling and moved
38 * most of it into the af independent code.
39 * Added tail drop and some other bugfixes.
40 * Added new listen semantics.
41 * Mike McLagan : Routing by source
42 * Juan Jose Ciarlante: ip_dynaddr bits
43 * Andi Kleen: various fixes.
44 * Vitaly E. Lavrov : Transparent proxy revived after year
46 * Andi Kleen : Fix new listen.
47 * Andi Kleen : Fix accept error reporting.
48 * YOSHIFUJI Hideaki @USAGI and: Support IPV6_V6ONLY socket option, which
49 * Alexey Kuznetsov allow both IPv4 and IPv6 sockets to bind
50 * a single port at the same time.
53 #define pr_fmt(fmt) "TCP: " fmt
55 #include <linux/bottom_half.h>
56 #include <linux/types.h>
57 #include <linux/fcntl.h>
58 #include <linux/module.h>
59 #include <linux/random.h>
60 #include <linux/cache.h>
61 #include <linux/jhash.h>
62 #include <linux/init.h>
63 #include <linux/times.h>
64 #include <linux/slab.h>
66 #include <net/net_namespace.h>
68 #include <net/inet_hashtables.h>
70 #include <net/transp_v6.h>
72 #include <net/inet_common.h>
73 #include <net/timewait_sock.h>
75 #include <net/secure_seq.h>
76 #include <net/busy_poll.h>
78 #include <linux/inet.h>
79 #include <linux/ipv6.h>
80 #include <linux/stddef.h>
81 #include <linux/proc_fs.h>
82 #include <linux/seq_file.h>
84 #include <crypto/hash.h>
85 #include <linux/scatterlist.h>
87 int sysctl_tcp_tw_reuse __read_mostly;
88 int sysctl_tcp_low_latency __read_mostly;
90 #ifdef CONFIG_TCP_MD5SIG
91 static int tcp_v4_md5_hash_hdr(char *md5_hash, const struct tcp_md5sig_key *key,
92 __be32 daddr, __be32 saddr, const struct tcphdr *th);
95 struct inet_hashinfo tcp_hashinfo;
96 EXPORT_SYMBOL(tcp_hashinfo);
98 static __u32 tcp_v4_init_sequence(const struct sk_buff *skb)
100 return secure_tcp_sequence_number(ip_hdr(skb)->daddr,
103 tcp_hdr(skb)->source);
106 int tcp_twsk_unique(struct sock *sk, struct sock *sktw, void *twp)
108 const struct tcp_timewait_sock *tcptw = tcp_twsk(sktw);
109 struct tcp_sock *tp = tcp_sk(sk);
111 /* With PAWS, it is safe from the viewpoint
112 of data integrity. Even without PAWS it is safe provided sequence
113 spaces do not overlap i.e. at data rates <= 80Mbit/sec.
115 Actually, the idea is close to VJ's one, only timestamp cache is
116 held not per host, but per port pair and TW bucket is used as state
119 If TW bucket has been already destroyed we fall back to VJ's scheme
120 and use initial timestamp retrieved from peer table.
122 if (tcptw->tw_ts_recent_stamp &&
123 (!twp || (sysctl_tcp_tw_reuse &&
124 get_seconds() - tcptw->tw_ts_recent_stamp > 1))) {
125 tp->write_seq = tcptw->tw_snd_nxt + 65535 + 2;
126 if (tp->write_seq == 0)
128 tp->rx_opt.ts_recent = tcptw->tw_ts_recent;
129 tp->rx_opt.ts_recent_stamp = tcptw->tw_ts_recent_stamp;
136 EXPORT_SYMBOL_GPL(tcp_twsk_unique);
138 /* This will initiate an outgoing connection. */
139 int tcp_v4_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len)
141 struct sockaddr_in *usin = (struct sockaddr_in *)uaddr;
142 struct inet_sock *inet = inet_sk(sk);
143 struct tcp_sock *tp = tcp_sk(sk);
144 __be16 orig_sport, orig_dport;
145 __be32 daddr, nexthop;
149 struct ip_options_rcu *inet_opt;
151 if (addr_len < sizeof(struct sockaddr_in))
154 if (usin->sin_family != AF_INET)
155 return -EAFNOSUPPORT;
157 nexthop = daddr = usin->sin_addr.s_addr;
158 inet_opt = rcu_dereference_protected(inet->inet_opt,
159 lockdep_sock_is_held(sk));
160 if (inet_opt && inet_opt->opt.srr) {
163 nexthop = inet_opt->opt.faddr;
166 orig_sport = inet->inet_sport;
167 orig_dport = usin->sin_port;
168 fl4 = &inet->cork.fl.u.ip4;
169 rt = ip_route_connect(fl4, nexthop, inet->inet_saddr,
170 RT_CONN_FLAGS(sk), sk->sk_bound_dev_if,
172 orig_sport, orig_dport, sk);
175 if (err == -ENETUNREACH)
176 IP_INC_STATS(sock_net(sk), IPSTATS_MIB_OUTNOROUTES);
180 if (rt->rt_flags & (RTCF_MULTICAST | RTCF_BROADCAST)) {
185 if (!inet_opt || !inet_opt->opt.srr)
188 if (!inet->inet_saddr)
189 inet->inet_saddr = fl4->saddr;
190 sk_rcv_saddr_set(sk, inet->inet_saddr);
192 if (tp->rx_opt.ts_recent_stamp && inet->inet_daddr != daddr) {
193 /* Reset inherited state */
194 tp->rx_opt.ts_recent = 0;
195 tp->rx_opt.ts_recent_stamp = 0;
196 if (likely(!tp->repair))
200 if (tcp_death_row.sysctl_tw_recycle &&
201 !tp->rx_opt.ts_recent_stamp && fl4->daddr == daddr)
202 tcp_fetch_timewait_stamp(sk, &rt->dst);
204 inet->inet_dport = usin->sin_port;
205 sk_daddr_set(sk, daddr);
207 inet_csk(sk)->icsk_ext_hdr_len = 0;
209 inet_csk(sk)->icsk_ext_hdr_len = inet_opt->opt.optlen;
211 tp->rx_opt.mss_clamp = TCP_MSS_DEFAULT;
213 /* Socket identity is still unknown (sport may be zero).
214 * However we set state to SYN-SENT and not releasing socket
215 * lock select source port, enter ourselves into the hash tables and
216 * complete initialization after this.
218 tcp_set_state(sk, TCP_SYN_SENT);
219 err = inet_hash_connect(&tcp_death_row, sk);
225 rt = ip_route_newports(fl4, rt, orig_sport, orig_dport,
226 inet->inet_sport, inet->inet_dport, sk);
232 /* OK, now commit destination to socket. */
233 sk->sk_gso_type = SKB_GSO_TCPV4;
234 sk_setup_caps(sk, &rt->dst);
236 if (!tp->write_seq && likely(!tp->repair))
237 tp->write_seq = secure_tcp_sequence_number(inet->inet_saddr,
242 inet->inet_id = tp->write_seq ^ jiffies;
244 err = tcp_connect(sk);
254 * This unhashes the socket and releases the local port,
257 tcp_set_state(sk, TCP_CLOSE);
259 sk->sk_route_caps = 0;
260 inet->inet_dport = 0;
263 EXPORT_SYMBOL(tcp_v4_connect);
266 * This routine reacts to ICMP_FRAG_NEEDED mtu indications as defined in RFC1191.
267 * It can be called through tcp_release_cb() if socket was owned by user
268 * at the time tcp_v4_err() was called to handle ICMP message.
270 void tcp_v4_mtu_reduced(struct sock *sk)
272 struct dst_entry *dst;
273 struct inet_sock *inet = inet_sk(sk);
274 u32 mtu = tcp_sk(sk)->mtu_info;
276 dst = inet_csk_update_pmtu(sk, mtu);
280 /* Something is about to be wrong... Remember soft error
281 * for the case, if this connection will not able to recover.
283 if (mtu < dst_mtu(dst) && ip_dont_fragment(sk, dst))
284 sk->sk_err_soft = EMSGSIZE;
288 if (inet->pmtudisc != IP_PMTUDISC_DONT &&
289 ip_sk_accept_pmtu(sk) &&
290 inet_csk(sk)->icsk_pmtu_cookie > mtu) {
291 tcp_sync_mss(sk, mtu);
293 /* Resend the TCP packet because it's
294 * clear that the old packet has been
295 * dropped. This is the new "fast" path mtu
298 tcp_simple_retransmit(sk);
299 } /* else let the usual retransmit timer handle it */
301 EXPORT_SYMBOL(tcp_v4_mtu_reduced);
303 static void do_redirect(struct sk_buff *skb, struct sock *sk)
305 struct dst_entry *dst = __sk_dst_check(sk, 0);
308 dst->ops->redirect(dst, sk, skb);
312 /* handle ICMP messages on TCP_NEW_SYN_RECV request sockets */
313 void tcp_req_err(struct sock *sk, u32 seq, bool abort)
315 struct request_sock *req = inet_reqsk(sk);
316 struct net *net = sock_net(sk);
318 /* ICMPs are not backlogged, hence we cannot get
319 * an established socket here.
321 if (seq != tcp_rsk(req)->snt_isn) {
322 __NET_INC_STATS(net, LINUX_MIB_OUTOFWINDOWICMPS);
325 * Still in SYN_RECV, just remove it silently.
326 * There is no good way to pass the error to the newly
327 * created socket, and POSIX does not want network
328 * errors returned from accept().
330 inet_csk_reqsk_queue_drop(req->rsk_listener, req);
331 tcp_listendrop(req->rsk_listener);
335 EXPORT_SYMBOL(tcp_req_err);
338 * This routine is called by the ICMP module when it gets some
339 * sort of error condition. If err < 0 then the socket should
340 * be closed and the error returned to the user. If err > 0
341 * it's just the icmp type << 8 | icmp code. After adjustment
342 * header points to the first 8 bytes of the tcp header. We need
343 * to find the appropriate port.
345 * The locking strategy used here is very "optimistic". When
346 * someone else accesses the socket the ICMP is just dropped
347 * and for some paths there is no check at all.
348 * A more general error queue to queue errors for later handling
349 * is probably better.
353 void tcp_v4_err(struct sk_buff *icmp_skb, u32 info)
355 const struct iphdr *iph = (const struct iphdr *)icmp_skb->data;
356 struct tcphdr *th = (struct tcphdr *)(icmp_skb->data + (iph->ihl << 2));
357 struct inet_connection_sock *icsk;
359 struct inet_sock *inet;
360 const int type = icmp_hdr(icmp_skb)->type;
361 const int code = icmp_hdr(icmp_skb)->code;
364 struct request_sock *fastopen;
368 struct net *net = dev_net(icmp_skb->dev);
370 sk = __inet_lookup_established(net, &tcp_hashinfo, iph->daddr,
371 th->dest, iph->saddr, ntohs(th->source),
374 __ICMP_INC_STATS(net, ICMP_MIB_INERRORS);
377 if (sk->sk_state == TCP_TIME_WAIT) {
378 inet_twsk_put(inet_twsk(sk));
381 seq = ntohl(th->seq);
382 if (sk->sk_state == TCP_NEW_SYN_RECV)
383 return tcp_req_err(sk, seq,
384 type == ICMP_PARAMETERPROB ||
385 type == ICMP_TIME_EXCEEDED ||
386 (type == ICMP_DEST_UNREACH &&
387 (code == ICMP_NET_UNREACH ||
388 code == ICMP_HOST_UNREACH)));
391 /* If too many ICMPs get dropped on busy
392 * servers this needs to be solved differently.
393 * We do take care of PMTU discovery (RFC1191) special case :
394 * we can receive locally generated ICMP messages while socket is held.
396 if (sock_owned_by_user(sk)) {
397 if (!(type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED))
398 __NET_INC_STATS(net, LINUX_MIB_LOCKDROPPEDICMPS);
400 if (sk->sk_state == TCP_CLOSE)
403 if (unlikely(iph->ttl < inet_sk(sk)->min_ttl)) {
404 __NET_INC_STATS(net, LINUX_MIB_TCPMINTTLDROP);
410 /* XXX (TFO) - tp->snd_una should be ISN (tcp_create_openreq_child() */
411 fastopen = tp->fastopen_rsk;
412 snd_una = fastopen ? tcp_rsk(fastopen)->snt_isn : tp->snd_una;
413 if (sk->sk_state != TCP_LISTEN &&
414 !between(seq, snd_una, tp->snd_nxt)) {
415 __NET_INC_STATS(net, LINUX_MIB_OUTOFWINDOWICMPS);
421 do_redirect(icmp_skb, sk);
423 case ICMP_SOURCE_QUENCH:
424 /* Just silently ignore these. */
426 case ICMP_PARAMETERPROB:
429 case ICMP_DEST_UNREACH:
430 if (code > NR_ICMP_UNREACH)
433 if (code == ICMP_FRAG_NEEDED) { /* PMTU discovery (RFC1191) */
434 /* We are not interested in TCP_LISTEN and open_requests
435 * (SYN-ACKs send out by Linux are always <576bytes so
436 * they should go through unfragmented).
438 if (sk->sk_state == TCP_LISTEN)
442 if (!sock_owned_by_user(sk)) {
443 tcp_v4_mtu_reduced(sk);
445 if (!test_and_set_bit(TCP_MTU_REDUCED_DEFERRED, &tp->tsq_flags))
451 err = icmp_err_convert[code].errno;
452 /* check if icmp_skb allows revert of backoff
453 * (see draft-zimmermann-tcp-lcd) */
454 if (code != ICMP_NET_UNREACH && code != ICMP_HOST_UNREACH)
456 if (seq != tp->snd_una || !icsk->icsk_retransmits ||
457 !icsk->icsk_backoff || fastopen)
460 if (sock_owned_by_user(sk))
463 icsk->icsk_backoff--;
464 icsk->icsk_rto = tp->srtt_us ? __tcp_set_rto(tp) :
466 icsk->icsk_rto = inet_csk_rto_backoff(icsk, TCP_RTO_MAX);
468 skb = tcp_write_queue_head(sk);
471 remaining = icsk->icsk_rto -
473 tcp_time_stamp - tcp_skb_timestamp(skb));
476 inet_csk_reset_xmit_timer(sk, ICSK_TIME_RETRANS,
477 remaining, TCP_RTO_MAX);
479 /* RTO revert clocked out retransmission.
480 * Will retransmit now */
481 tcp_retransmit_timer(sk);
485 case ICMP_TIME_EXCEEDED:
492 switch (sk->sk_state) {
495 /* Only in fast or simultaneous open. If a fast open socket is
496 * is already accepted it is treated as a connected one below.
498 if (fastopen && !fastopen->sk)
501 if (!sock_owned_by_user(sk)) {
504 sk->sk_error_report(sk);
508 sk->sk_err_soft = err;
513 /* If we've already connected we will keep trying
514 * until we time out, or the user gives up.
516 * rfc1122 4.2.3.9 allows to consider as hard errors
517 * only PROTO_UNREACH and PORT_UNREACH (well, FRAG_FAILED too,
518 * but it is obsoleted by pmtu discovery).
520 * Note, that in modern internet, where routing is unreliable
521 * and in each dark corner broken firewalls sit, sending random
522 * errors ordered by their masters even this two messages finally lose
523 * their original sense (even Linux sends invalid PORT_UNREACHs)
525 * Now we are in compliance with RFCs.
530 if (!sock_owned_by_user(sk) && inet->recverr) {
532 sk->sk_error_report(sk);
533 } else { /* Only an error on timeout */
534 sk->sk_err_soft = err;
542 void __tcp_v4_send_check(struct sk_buff *skb, __be32 saddr, __be32 daddr)
544 struct tcphdr *th = tcp_hdr(skb);
546 if (skb->ip_summed == CHECKSUM_PARTIAL) {
547 th->check = ~tcp_v4_check(skb->len, saddr, daddr, 0);
548 skb->csum_start = skb_transport_header(skb) - skb->head;
549 skb->csum_offset = offsetof(struct tcphdr, check);
551 th->check = tcp_v4_check(skb->len, saddr, daddr,
558 /* This routine computes an IPv4 TCP checksum. */
559 void tcp_v4_send_check(struct sock *sk, struct sk_buff *skb)
561 const struct inet_sock *inet = inet_sk(sk);
563 __tcp_v4_send_check(skb, inet->inet_saddr, inet->inet_daddr);
565 EXPORT_SYMBOL(tcp_v4_send_check);
568 * This routine will send an RST to the other tcp.
570 * Someone asks: why I NEVER use socket parameters (TOS, TTL etc.)
572 * Answer: if a packet caused RST, it is not for a socket
573 * existing in our system, if it is matched to a socket,
574 * it is just duplicate segment or bug in other side's TCP.
575 * So that we build reply only basing on parameters
576 * arrived with segment.
577 * Exception: precedence violation. We do not implement it in any case.
580 static void tcp_v4_send_reset(const struct sock *sk, struct sk_buff *skb)
582 const struct tcphdr *th = tcp_hdr(skb);
585 #ifdef CONFIG_TCP_MD5SIG
586 __be32 opt[(TCPOLEN_MD5SIG_ALIGNED >> 2)];
589 struct ip_reply_arg arg;
590 #ifdef CONFIG_TCP_MD5SIG
591 struct tcp_md5sig_key *key = NULL;
592 const __u8 *hash_location = NULL;
593 unsigned char newhash[16];
595 struct sock *sk1 = NULL;
599 /* Never send a reset in response to a reset. */
603 /* If sk not NULL, it means we did a successful lookup and incoming
604 * route had to be correct. prequeue might have dropped our dst.
606 if (!sk && skb_rtable(skb)->rt_type != RTN_LOCAL)
609 /* Swap the send and the receive. */
610 memset(&rep, 0, sizeof(rep));
611 rep.th.dest = th->source;
612 rep.th.source = th->dest;
613 rep.th.doff = sizeof(struct tcphdr) / 4;
617 rep.th.seq = th->ack_seq;
620 rep.th.ack_seq = htonl(ntohl(th->seq) + th->syn + th->fin +
621 skb->len - (th->doff << 2));
624 memset(&arg, 0, sizeof(arg));
625 arg.iov[0].iov_base = (unsigned char *)&rep;
626 arg.iov[0].iov_len = sizeof(rep.th);
628 net = sk ? sock_net(sk) : dev_net(skb_dst(skb)->dev);
629 #ifdef CONFIG_TCP_MD5SIG
631 hash_location = tcp_parse_md5sig_option(th);
632 if (sk && sk_fullsock(sk)) {
633 key = tcp_md5_do_lookup(sk, (union tcp_md5_addr *)
634 &ip_hdr(skb)->saddr, AF_INET);
635 } else if (hash_location) {
637 * active side is lost. Try to find listening socket through
638 * source port, and then find md5 key through listening socket.
639 * we are not loose security here:
640 * Incoming packet is checked with md5 hash with finding key,
641 * no RST generated if md5 hash doesn't match.
643 sk1 = __inet_lookup_listener(net, &tcp_hashinfo, NULL, 0,
645 th->source, ip_hdr(skb)->daddr,
646 ntohs(th->source), inet_iif(skb));
647 /* don't send rst if it can't find key */
651 key = tcp_md5_do_lookup(sk1, (union tcp_md5_addr *)
652 &ip_hdr(skb)->saddr, AF_INET);
657 genhash = tcp_v4_md5_hash_skb(newhash, key, NULL, skb);
658 if (genhash || memcmp(hash_location, newhash, 16) != 0)
664 rep.opt[0] = htonl((TCPOPT_NOP << 24) |
666 (TCPOPT_MD5SIG << 8) |
668 /* Update length and the length the header thinks exists */
669 arg.iov[0].iov_len += TCPOLEN_MD5SIG_ALIGNED;
670 rep.th.doff = arg.iov[0].iov_len / 4;
672 tcp_v4_md5_hash_hdr((__u8 *) &rep.opt[1],
673 key, ip_hdr(skb)->saddr,
674 ip_hdr(skb)->daddr, &rep.th);
677 arg.csum = csum_tcpudp_nofold(ip_hdr(skb)->daddr,
678 ip_hdr(skb)->saddr, /* XXX */
679 arg.iov[0].iov_len, IPPROTO_TCP, 0);
680 arg.csumoffset = offsetof(struct tcphdr, check) / 2;
681 arg.flags = (sk && inet_sk_transparent(sk)) ? IP_REPLY_ARG_NOSRCCHECK : 0;
683 /* When socket is gone, all binding information is lost.
684 * routing might fail in this case. No choice here, if we choose to force
685 * input interface, we will misroute in case of asymmetric route.
688 arg.bound_dev_if = sk->sk_bound_dev_if;
690 BUILD_BUG_ON(offsetof(struct sock, sk_bound_dev_if) !=
691 offsetof(struct inet_timewait_sock, tw_bound_dev_if));
693 arg.tos = ip_hdr(skb)->tos;
695 ip_send_unicast_reply(*this_cpu_ptr(net->ipv4.tcp_sk),
696 skb, &TCP_SKB_CB(skb)->header.h4.opt,
697 ip_hdr(skb)->saddr, ip_hdr(skb)->daddr,
698 &arg, arg.iov[0].iov_len);
700 __TCP_INC_STATS(net, TCP_MIB_OUTSEGS);
701 __TCP_INC_STATS(net, TCP_MIB_OUTRSTS);
704 #ifdef CONFIG_TCP_MD5SIG
710 /* The code following below sending ACKs in SYN-RECV and TIME-WAIT states
711 outside socket context is ugly, certainly. What can I do?
714 static void tcp_v4_send_ack(struct net *net,
715 struct sk_buff *skb, u32 seq, u32 ack,
716 u32 win, u32 tsval, u32 tsecr, int oif,
717 struct tcp_md5sig_key *key,
718 int reply_flags, u8 tos)
720 const struct tcphdr *th = tcp_hdr(skb);
723 __be32 opt[(TCPOLEN_TSTAMP_ALIGNED >> 2)
724 #ifdef CONFIG_TCP_MD5SIG
725 + (TCPOLEN_MD5SIG_ALIGNED >> 2)
729 struct ip_reply_arg arg;
731 memset(&rep.th, 0, sizeof(struct tcphdr));
732 memset(&arg, 0, sizeof(arg));
734 arg.iov[0].iov_base = (unsigned char *)&rep;
735 arg.iov[0].iov_len = sizeof(rep.th);
737 rep.opt[0] = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
738 (TCPOPT_TIMESTAMP << 8) |
740 rep.opt[1] = htonl(tsval);
741 rep.opt[2] = htonl(tsecr);
742 arg.iov[0].iov_len += TCPOLEN_TSTAMP_ALIGNED;
745 /* Swap the send and the receive. */
746 rep.th.dest = th->source;
747 rep.th.source = th->dest;
748 rep.th.doff = arg.iov[0].iov_len / 4;
749 rep.th.seq = htonl(seq);
750 rep.th.ack_seq = htonl(ack);
752 rep.th.window = htons(win);
754 #ifdef CONFIG_TCP_MD5SIG
756 int offset = (tsecr) ? 3 : 0;
758 rep.opt[offset++] = htonl((TCPOPT_NOP << 24) |
760 (TCPOPT_MD5SIG << 8) |
762 arg.iov[0].iov_len += TCPOLEN_MD5SIG_ALIGNED;
763 rep.th.doff = arg.iov[0].iov_len/4;
765 tcp_v4_md5_hash_hdr((__u8 *) &rep.opt[offset],
766 key, ip_hdr(skb)->saddr,
767 ip_hdr(skb)->daddr, &rep.th);
770 arg.flags = reply_flags;
771 arg.csum = csum_tcpudp_nofold(ip_hdr(skb)->daddr,
772 ip_hdr(skb)->saddr, /* XXX */
773 arg.iov[0].iov_len, IPPROTO_TCP, 0);
774 arg.csumoffset = offsetof(struct tcphdr, check) / 2;
776 arg.bound_dev_if = oif;
779 ip_send_unicast_reply(*this_cpu_ptr(net->ipv4.tcp_sk),
780 skb, &TCP_SKB_CB(skb)->header.h4.opt,
781 ip_hdr(skb)->saddr, ip_hdr(skb)->daddr,
782 &arg, arg.iov[0].iov_len);
784 __TCP_INC_STATS(net, TCP_MIB_OUTSEGS);
788 static void tcp_v4_timewait_ack(struct sock *sk, struct sk_buff *skb)
790 struct inet_timewait_sock *tw = inet_twsk(sk);
791 struct tcp_timewait_sock *tcptw = tcp_twsk(sk);
793 tcp_v4_send_ack(sock_net(sk), skb,
794 tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt,
795 tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
796 tcp_time_stamp + tcptw->tw_ts_offset,
799 tcp_twsk_md5_key(tcptw),
800 tw->tw_transparent ? IP_REPLY_ARG_NOSRCCHECK : 0,
807 static void tcp_v4_reqsk_send_ack(const struct sock *sk, struct sk_buff *skb,
808 struct request_sock *req)
810 /* sk->sk_state == TCP_LISTEN -> for regular TCP_SYN_RECV
811 * sk->sk_state == TCP_SYN_RECV -> for Fast Open.
813 u32 seq = (sk->sk_state == TCP_LISTEN) ? tcp_rsk(req)->snt_isn + 1 :
817 * The window field (SEG.WND) of every outgoing segment, with the
818 * exception of <SYN> segments, MUST be right-shifted by
819 * Rcv.Wind.Shift bits:
821 tcp_v4_send_ack(sock_net(sk), skb, seq,
822 tcp_rsk(req)->rcv_nxt,
823 req->rsk_rcv_wnd >> inet_rsk(req)->rcv_wscale,
827 tcp_md5_do_lookup(sk, (union tcp_md5_addr *)&ip_hdr(skb)->daddr,
829 inet_rsk(req)->no_srccheck ? IP_REPLY_ARG_NOSRCCHECK : 0,
834 * Send a SYN-ACK after having received a SYN.
835 * This still operates on a request_sock only, not on a big
838 static int tcp_v4_send_synack(const struct sock *sk, struct dst_entry *dst,
840 struct request_sock *req,
841 struct tcp_fastopen_cookie *foc,
842 enum tcp_synack_type synack_type)
844 const struct inet_request_sock *ireq = inet_rsk(req);
849 /* First, grab a route. */
850 if (!dst && (dst = inet_csk_route_req(sk, &fl4, req)) == NULL)
853 skb = tcp_make_synack(sk, dst, req, foc, synack_type);
856 __tcp_v4_send_check(skb, ireq->ir_loc_addr, ireq->ir_rmt_addr);
858 err = ip_build_and_send_pkt(skb, sk, ireq->ir_loc_addr,
861 err = net_xmit_eval(err);
868 * IPv4 request_sock destructor.
870 static void tcp_v4_reqsk_destructor(struct request_sock *req)
872 kfree(inet_rsk(req)->opt);
875 #ifdef CONFIG_TCP_MD5SIG
877 * RFC2385 MD5 checksumming requires a mapping of
878 * IP address->MD5 Key.
879 * We need to maintain these in the sk structure.
882 /* Find the Key structure for an address. */
883 struct tcp_md5sig_key *tcp_md5_do_lookup(const struct sock *sk,
884 const union tcp_md5_addr *addr,
887 const struct tcp_sock *tp = tcp_sk(sk);
888 struct tcp_md5sig_key *key;
889 unsigned int size = sizeof(struct in_addr);
890 const struct tcp_md5sig_info *md5sig;
892 /* caller either holds rcu_read_lock() or socket lock */
893 md5sig = rcu_dereference_check(tp->md5sig_info,
894 lockdep_sock_is_held(sk));
897 #if IS_ENABLED(CONFIG_IPV6)
898 if (family == AF_INET6)
899 size = sizeof(struct in6_addr);
901 hlist_for_each_entry_rcu(key, &md5sig->head, node) {
902 if (key->family != family)
904 if (!memcmp(&key->addr, addr, size))
909 EXPORT_SYMBOL(tcp_md5_do_lookup);
911 struct tcp_md5sig_key *tcp_v4_md5_lookup(const struct sock *sk,
912 const struct sock *addr_sk)
914 const union tcp_md5_addr *addr;
916 addr = (const union tcp_md5_addr *)&addr_sk->sk_daddr;
917 return tcp_md5_do_lookup(sk, addr, AF_INET);
919 EXPORT_SYMBOL(tcp_v4_md5_lookup);
921 /* This can be called on a newly created socket, from other files */
922 int tcp_md5_do_add(struct sock *sk, const union tcp_md5_addr *addr,
923 int family, const u8 *newkey, u8 newkeylen, gfp_t gfp)
925 /* Add Key to the list */
926 struct tcp_md5sig_key *key;
927 struct tcp_sock *tp = tcp_sk(sk);
928 struct tcp_md5sig_info *md5sig;
930 key = tcp_md5_do_lookup(sk, addr, family);
932 /* Pre-existing entry - just update that one. */
933 memcpy(key->key, newkey, newkeylen);
934 key->keylen = newkeylen;
938 md5sig = rcu_dereference_protected(tp->md5sig_info,
939 lockdep_sock_is_held(sk));
941 md5sig = kmalloc(sizeof(*md5sig), gfp);
945 sk_nocaps_add(sk, NETIF_F_GSO_MASK);
946 INIT_HLIST_HEAD(&md5sig->head);
947 rcu_assign_pointer(tp->md5sig_info, md5sig);
950 key = sock_kmalloc(sk, sizeof(*key), gfp);
953 if (!tcp_alloc_md5sig_pool()) {
954 sock_kfree_s(sk, key, sizeof(*key));
958 memcpy(key->key, newkey, newkeylen);
959 key->keylen = newkeylen;
960 key->family = family;
961 memcpy(&key->addr, addr,
962 (family == AF_INET6) ? sizeof(struct in6_addr) :
963 sizeof(struct in_addr));
964 hlist_add_head_rcu(&key->node, &md5sig->head);
967 EXPORT_SYMBOL(tcp_md5_do_add);
969 int tcp_md5_do_del(struct sock *sk, const union tcp_md5_addr *addr, int family)
971 struct tcp_md5sig_key *key;
973 key = tcp_md5_do_lookup(sk, addr, family);
976 hlist_del_rcu(&key->node);
977 atomic_sub(sizeof(*key), &sk->sk_omem_alloc);
981 EXPORT_SYMBOL(tcp_md5_do_del);
983 static void tcp_clear_md5_list(struct sock *sk)
985 struct tcp_sock *tp = tcp_sk(sk);
986 struct tcp_md5sig_key *key;
987 struct hlist_node *n;
988 struct tcp_md5sig_info *md5sig;
990 md5sig = rcu_dereference_protected(tp->md5sig_info, 1);
992 hlist_for_each_entry_safe(key, n, &md5sig->head, node) {
993 hlist_del_rcu(&key->node);
994 atomic_sub(sizeof(*key), &sk->sk_omem_alloc);
999 static int tcp_v4_parse_md5_keys(struct sock *sk, char __user *optval,
1002 struct tcp_md5sig cmd;
1003 struct sockaddr_in *sin = (struct sockaddr_in *)&cmd.tcpm_addr;
1005 if (optlen < sizeof(cmd))
1008 if (copy_from_user(&cmd, optval, sizeof(cmd)))
1011 if (sin->sin_family != AF_INET)
1014 if (!cmd.tcpm_keylen)
1015 return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin->sin_addr.s_addr,
1018 if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN)
1021 return tcp_md5_do_add(sk, (union tcp_md5_addr *)&sin->sin_addr.s_addr,
1022 AF_INET, cmd.tcpm_key, cmd.tcpm_keylen,
1026 static int tcp_v4_md5_hash_headers(struct tcp_md5sig_pool *hp,
1027 __be32 daddr, __be32 saddr,
1028 const struct tcphdr *th, int nbytes)
1030 struct tcp4_pseudohdr *bp;
1031 struct scatterlist sg;
1038 bp->protocol = IPPROTO_TCP;
1039 bp->len = cpu_to_be16(nbytes);
1041 _th = (struct tcphdr *)(bp + 1);
1042 memcpy(_th, th, sizeof(*th));
1045 sg_init_one(&sg, bp, sizeof(*bp) + sizeof(*th));
1046 ahash_request_set_crypt(hp->md5_req, &sg, NULL,
1047 sizeof(*bp) + sizeof(*th));
1048 return crypto_ahash_update(hp->md5_req);
1051 static int tcp_v4_md5_hash_hdr(char *md5_hash, const struct tcp_md5sig_key *key,
1052 __be32 daddr, __be32 saddr, const struct tcphdr *th)
1054 struct tcp_md5sig_pool *hp;
1055 struct ahash_request *req;
1057 hp = tcp_get_md5sig_pool();
1059 goto clear_hash_noput;
1062 if (crypto_ahash_init(req))
1064 if (tcp_v4_md5_hash_headers(hp, daddr, saddr, th, th->doff << 2))
1066 if (tcp_md5_hash_key(hp, key))
1068 ahash_request_set_crypt(req, NULL, md5_hash, 0);
1069 if (crypto_ahash_final(req))
1072 tcp_put_md5sig_pool();
1076 tcp_put_md5sig_pool();
1078 memset(md5_hash, 0, 16);
1082 int tcp_v4_md5_hash_skb(char *md5_hash, const struct tcp_md5sig_key *key,
1083 const struct sock *sk,
1084 const struct sk_buff *skb)
1086 struct tcp_md5sig_pool *hp;
1087 struct ahash_request *req;
1088 const struct tcphdr *th = tcp_hdr(skb);
1089 __be32 saddr, daddr;
1091 if (sk) { /* valid for establish/request sockets */
1092 saddr = sk->sk_rcv_saddr;
1093 daddr = sk->sk_daddr;
1095 const struct iphdr *iph = ip_hdr(skb);
1100 hp = tcp_get_md5sig_pool();
1102 goto clear_hash_noput;
1105 if (crypto_ahash_init(req))
1108 if (tcp_v4_md5_hash_headers(hp, daddr, saddr, th, skb->len))
1110 if (tcp_md5_hash_skb_data(hp, skb, th->doff << 2))
1112 if (tcp_md5_hash_key(hp, key))
1114 ahash_request_set_crypt(req, NULL, md5_hash, 0);
1115 if (crypto_ahash_final(req))
1118 tcp_put_md5sig_pool();
1122 tcp_put_md5sig_pool();
1124 memset(md5_hash, 0, 16);
1127 EXPORT_SYMBOL(tcp_v4_md5_hash_skb);
1131 /* Called with rcu_read_lock() */
1132 static bool tcp_v4_inbound_md5_hash(const struct sock *sk,
1133 const struct sk_buff *skb)
1135 #ifdef CONFIG_TCP_MD5SIG
1137 * This gets called for each TCP segment that arrives
1138 * so we want to be efficient.
1139 * We have 3 drop cases:
1140 * o No MD5 hash and one expected.
1141 * o MD5 hash and we're not expecting one.
1142 * o MD5 hash and its wrong.
1144 const __u8 *hash_location = NULL;
1145 struct tcp_md5sig_key *hash_expected;
1146 const struct iphdr *iph = ip_hdr(skb);
1147 const struct tcphdr *th = tcp_hdr(skb);
1149 unsigned char newhash[16];
1151 hash_expected = tcp_md5_do_lookup(sk, (union tcp_md5_addr *)&iph->saddr,
1153 hash_location = tcp_parse_md5sig_option(th);
1155 /* We've parsed the options - do we have a hash? */
1156 if (!hash_expected && !hash_location)
1159 if (hash_expected && !hash_location) {
1160 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND);
1164 if (!hash_expected && hash_location) {
1165 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED);
1169 /* Okay, so this is hash_expected and hash_location -
1170 * so we need to calculate the checksum.
1172 genhash = tcp_v4_md5_hash_skb(newhash,
1176 if (genhash || memcmp(hash_location, newhash, 16) != 0) {
1177 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMD5FAILURE);
1178 net_info_ratelimited("MD5 Hash failed for (%pI4, %d)->(%pI4, %d)%s\n",
1179 &iph->saddr, ntohs(th->source),
1180 &iph->daddr, ntohs(th->dest),
1181 genhash ? " tcp_v4_calc_md5_hash failed"
1190 static void tcp_v4_init_req(struct request_sock *req,
1191 const struct sock *sk_listener,
1192 struct sk_buff *skb)
1194 struct inet_request_sock *ireq = inet_rsk(req);
1196 sk_rcv_saddr_set(req_to_sk(req), ip_hdr(skb)->daddr);
1197 sk_daddr_set(req_to_sk(req), ip_hdr(skb)->saddr);
1198 ireq->opt = tcp_v4_save_options(skb);
1201 static struct dst_entry *tcp_v4_route_req(const struct sock *sk,
1203 const struct request_sock *req,
1206 struct dst_entry *dst = inet_csk_route_req(sk, &fl->u.ip4, req);
1209 if (fl->u.ip4.daddr == inet_rsk(req)->ir_rmt_addr)
1218 struct request_sock_ops tcp_request_sock_ops __read_mostly = {
1220 .obj_size = sizeof(struct tcp_request_sock),
1221 .rtx_syn_ack = tcp_rtx_synack,
1222 .send_ack = tcp_v4_reqsk_send_ack,
1223 .destructor = tcp_v4_reqsk_destructor,
1224 .send_reset = tcp_v4_send_reset,
1225 .syn_ack_timeout = tcp_syn_ack_timeout,
1228 static const struct tcp_request_sock_ops tcp_request_sock_ipv4_ops = {
1229 .mss_clamp = TCP_MSS_DEFAULT,
1230 #ifdef CONFIG_TCP_MD5SIG
1231 .req_md5_lookup = tcp_v4_md5_lookup,
1232 .calc_md5_hash = tcp_v4_md5_hash_skb,
1234 .init_req = tcp_v4_init_req,
1235 #ifdef CONFIG_SYN_COOKIES
1236 .cookie_init_seq = cookie_v4_init_sequence,
1238 .route_req = tcp_v4_route_req,
1239 .init_seq = tcp_v4_init_sequence,
1240 .send_synack = tcp_v4_send_synack,
1243 int tcp_v4_conn_request(struct sock *sk, struct sk_buff *skb)
1245 /* Never answer to SYNs send to broadcast or multicast */
1246 if (skb_rtable(skb)->rt_flags & (RTCF_BROADCAST | RTCF_MULTICAST))
1249 return tcp_conn_request(&tcp_request_sock_ops,
1250 &tcp_request_sock_ipv4_ops, sk, skb);
1256 EXPORT_SYMBOL(tcp_v4_conn_request);
1260 * The three way handshake has completed - we got a valid synack -
1261 * now create the new socket.
1263 struct sock *tcp_v4_syn_recv_sock(const struct sock *sk, struct sk_buff *skb,
1264 struct request_sock *req,
1265 struct dst_entry *dst,
1266 struct request_sock *req_unhash,
1269 struct inet_request_sock *ireq;
1270 struct inet_sock *newinet;
1271 struct tcp_sock *newtp;
1273 #ifdef CONFIG_TCP_MD5SIG
1274 struct tcp_md5sig_key *key;
1276 struct ip_options_rcu *inet_opt;
1278 if (sk_acceptq_is_full(sk))
1281 newsk = tcp_create_openreq_child(sk, req, skb);
1285 newsk->sk_gso_type = SKB_GSO_TCPV4;
1286 inet_sk_rx_dst_set(newsk, skb);
1288 newtp = tcp_sk(newsk);
1289 newinet = inet_sk(newsk);
1290 ireq = inet_rsk(req);
1291 sk_daddr_set(newsk, ireq->ir_rmt_addr);
1292 sk_rcv_saddr_set(newsk, ireq->ir_loc_addr);
1293 newsk->sk_bound_dev_if = ireq->ir_iif;
1294 newinet->inet_saddr = ireq->ir_loc_addr;
1295 inet_opt = ireq->opt;
1296 rcu_assign_pointer(newinet->inet_opt, inet_opt);
1298 newinet->mc_index = inet_iif(skb);
1299 newinet->mc_ttl = ip_hdr(skb)->ttl;
1300 newinet->rcv_tos = ip_hdr(skb)->tos;
1301 inet_csk(newsk)->icsk_ext_hdr_len = 0;
1303 inet_csk(newsk)->icsk_ext_hdr_len = inet_opt->opt.optlen;
1304 newinet->inet_id = newtp->write_seq ^ jiffies;
1307 dst = inet_csk_route_child_sock(sk, newsk, req);
1311 /* syncookie case : see end of cookie_v4_check() */
1313 sk_setup_caps(newsk, dst);
1315 tcp_ca_openreq_child(newsk, dst);
1317 tcp_sync_mss(newsk, dst_mtu(dst));
1318 newtp->advmss = dst_metric_advmss(dst);
1319 if (tcp_sk(sk)->rx_opt.user_mss &&
1320 tcp_sk(sk)->rx_opt.user_mss < newtp->advmss)
1321 newtp->advmss = tcp_sk(sk)->rx_opt.user_mss;
1323 tcp_initialize_rcv_mss(newsk);
1325 #ifdef CONFIG_TCP_MD5SIG
1326 /* Copy over the MD5 key from the original socket */
1327 key = tcp_md5_do_lookup(sk, (union tcp_md5_addr *)&newinet->inet_daddr,
1331 * We're using one, so create a matching key
1332 * on the newsk structure. If we fail to get
1333 * memory, then we end up not copying the key
1336 tcp_md5_do_add(newsk, (union tcp_md5_addr *)&newinet->inet_daddr,
1337 AF_INET, key->key, key->keylen, GFP_ATOMIC);
1338 sk_nocaps_add(newsk, NETIF_F_GSO_MASK);
1342 if (__inet_inherit_port(sk, newsk) < 0)
1344 *own_req = inet_ehash_nolisten(newsk, req_to_sk(req_unhash));
1346 tcp_move_syn(newtp, req);
1351 NET_INC_STATS(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS);
1358 inet_csk_prepare_forced_close(newsk);
1362 EXPORT_SYMBOL(tcp_v4_syn_recv_sock);
1364 static struct sock *tcp_v4_cookie_check(struct sock *sk, struct sk_buff *skb)
1366 #ifdef CONFIG_SYN_COOKIES
1367 const struct tcphdr *th = tcp_hdr(skb);
1370 sk = cookie_v4_check(sk, skb);
1375 /* The socket must have it's spinlock held when we get
1376 * here, unless it is a TCP_LISTEN socket.
1378 * We have a potential double-lock case here, so even when
1379 * doing backlog processing we use the BH locking scheme.
1380 * This is because we cannot sleep with the original spinlock
1383 int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb)
1387 if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
1388 struct dst_entry *dst = sk->sk_rx_dst;
1390 sock_rps_save_rxhash(sk, skb);
1391 sk_mark_napi_id(sk, skb);
1393 if (inet_sk(sk)->rx_dst_ifindex != skb->skb_iif ||
1394 !dst->ops->check(dst, 0)) {
1396 sk->sk_rx_dst = NULL;
1399 tcp_rcv_established(sk, skb, tcp_hdr(skb), skb->len);
1403 if (tcp_checksum_complete(skb))
1406 if (sk->sk_state == TCP_LISTEN) {
1407 struct sock *nsk = tcp_v4_cookie_check(sk, skb);
1412 sock_rps_save_rxhash(nsk, skb);
1413 sk_mark_napi_id(nsk, skb);
1414 if (tcp_child_process(sk, nsk, skb)) {
1421 sock_rps_save_rxhash(sk, skb);
1423 if (tcp_rcv_state_process(sk, skb)) {
1430 tcp_v4_send_reset(rsk, skb);
1433 /* Be careful here. If this function gets more complicated and
1434 * gcc suffers from register pressure on the x86, sk (in %ebx)
1435 * might be destroyed here. This current version compiles correctly,
1436 * but you have been warned.
1441 TCP_INC_STATS(sock_net(sk), TCP_MIB_CSUMERRORS);
1442 TCP_INC_STATS(sock_net(sk), TCP_MIB_INERRS);
1445 EXPORT_SYMBOL(tcp_v4_do_rcv);
1447 void tcp_v4_early_demux(struct sk_buff *skb)
1449 const struct iphdr *iph;
1450 const struct tcphdr *th;
1453 if (skb->pkt_type != PACKET_HOST)
1456 if (!pskb_may_pull(skb, skb_transport_offset(skb) + sizeof(struct tcphdr)))
1462 if (th->doff < sizeof(struct tcphdr) / 4)
1465 sk = __inet_lookup_established(dev_net(skb->dev), &tcp_hashinfo,
1466 iph->saddr, th->source,
1467 iph->daddr, ntohs(th->dest),
1471 skb->destructor = sock_edemux;
1472 if (sk_fullsock(sk)) {
1473 struct dst_entry *dst = READ_ONCE(sk->sk_rx_dst);
1476 dst = dst_check(dst, 0);
1478 inet_sk(sk)->rx_dst_ifindex == skb->skb_iif)
1479 skb_dst_set_noref(skb, dst);
1484 /* Packet is added to VJ-style prequeue for processing in process
1485 * context, if a reader task is waiting. Apparently, this exciting
1486 * idea (VJ's mail "Re: query about TCP header on tcp-ip" of 07 Sep 93)
1487 * failed somewhere. Latency? Burstiness? Well, at least now we will
1488 * see, why it failed. 8)8) --ANK
1491 bool tcp_prequeue(struct sock *sk, struct sk_buff *skb)
1493 struct tcp_sock *tp = tcp_sk(sk);
1495 if (sysctl_tcp_low_latency || !tp->ucopy.task)
1498 if (skb->len <= tcp_hdrlen(skb) &&
1499 skb_queue_len(&tp->ucopy.prequeue) == 0)
1502 /* Before escaping RCU protected region, we need to take care of skb
1503 * dst. Prequeue is only enabled for established sockets.
1504 * For such sockets, we might need the skb dst only to set sk->sk_rx_dst
1505 * Instead of doing full sk_rx_dst validity here, let's perform
1506 * an optimistic check.
1508 if (likely(sk->sk_rx_dst))
1511 skb_dst_force_safe(skb);
1513 __skb_queue_tail(&tp->ucopy.prequeue, skb);
1514 tp->ucopy.memory += skb->truesize;
1515 if (skb_queue_len(&tp->ucopy.prequeue) >= 32 ||
1516 tp->ucopy.memory + atomic_read(&sk->sk_rmem_alloc) > sk->sk_rcvbuf) {
1517 struct sk_buff *skb1;
1519 BUG_ON(sock_owned_by_user(sk));
1520 __NET_ADD_STATS(sock_net(sk), LINUX_MIB_TCPPREQUEUEDROPPED,
1521 skb_queue_len(&tp->ucopy.prequeue));
1523 while ((skb1 = __skb_dequeue(&tp->ucopy.prequeue)) != NULL)
1524 sk_backlog_rcv(sk, skb1);
1526 tp->ucopy.memory = 0;
1527 } else if (skb_queue_len(&tp->ucopy.prequeue) == 1) {
1528 wake_up_interruptible_sync_poll(sk_sleep(sk),
1529 POLLIN | POLLRDNORM | POLLRDBAND);
1530 if (!inet_csk_ack_scheduled(sk))
1531 inet_csk_reset_xmit_timer(sk, ICSK_TIME_DACK,
1532 (3 * tcp_rto_min(sk)) / 4,
1537 EXPORT_SYMBOL(tcp_prequeue);
1539 bool tcp_add_backlog(struct sock *sk, struct sk_buff *skb)
1541 u32 limit = sk->sk_rcvbuf + sk->sk_sndbuf;
1543 /* Only socket owner can try to collapse/prune rx queues
1544 * to reduce memory overhead, so add a little headroom here.
1545 * Few sockets backlog are possibly concurrently non empty.
1549 /* In case all data was pulled from skb frags (in __pskb_pull_tail()),
1550 * we can fix skb->truesize to its real value to avoid future drops.
1551 * This is valid because skb is not yet charged to the socket.
1552 * It has been noticed pure SACK packets were sometimes dropped
1553 * (if cooked by drivers without copybreak feature).
1556 skb->truesize = SKB_TRUESIZE(skb_end_offset(skb));
1558 if (unlikely(sk_add_backlog(sk, skb, limit))) {
1560 __NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPBACKLOGDROP);
1565 EXPORT_SYMBOL(tcp_add_backlog);
1567 int tcp_filter(struct sock *sk, struct sk_buff *skb)
1569 struct tcphdr *th = (struct tcphdr *)skb->data;
1570 unsigned int eaten = skb->len;
1573 err = sk_filter_trim_cap(sk, skb, th->doff * 4);
1576 TCP_SKB_CB(skb)->end_seq -= eaten;
1580 EXPORT_SYMBOL(tcp_filter);
1586 int tcp_v4_rcv(struct sk_buff *skb)
1588 struct net *net = dev_net(skb->dev);
1589 const struct iphdr *iph;
1590 const struct tcphdr *th;
1595 if (skb->pkt_type != PACKET_HOST)
1598 /* Count it even if it's bad */
1599 __TCP_INC_STATS(net, TCP_MIB_INSEGS);
1601 if (!pskb_may_pull(skb, sizeof(struct tcphdr)))
1604 th = (const struct tcphdr *)skb->data;
1606 if (unlikely(th->doff < sizeof(struct tcphdr) / 4))
1608 if (!pskb_may_pull(skb, th->doff * 4))
1611 /* An explanation is required here, I think.
1612 * Packet length and doff are validated by header prediction,
1613 * provided case of th->doff==0 is eliminated.
1614 * So, we defer the checks. */
1616 if (skb_checksum_init(skb, IPPROTO_TCP, inet_compute_pseudo))
1619 th = (const struct tcphdr *)skb->data;
1621 /* This is tricky : We move IPCB at its correct location into TCP_SKB_CB()
1622 * barrier() makes sure compiler wont play fool^Waliasing games.
1624 memmove(&TCP_SKB_CB(skb)->header.h4, IPCB(skb),
1625 sizeof(struct inet_skb_parm));
1628 TCP_SKB_CB(skb)->seq = ntohl(th->seq);
1629 TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
1630 skb->len - th->doff * 4);
1631 TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
1632 TCP_SKB_CB(skb)->tcp_flags = tcp_flag_byte(th);
1633 TCP_SKB_CB(skb)->tcp_tw_isn = 0;
1634 TCP_SKB_CB(skb)->ip_dsfield = ipv4_get_dsfield(iph);
1635 TCP_SKB_CB(skb)->sacked = 0;
1638 sk = __inet_lookup_skb(&tcp_hashinfo, skb, __tcp_hdrlen(th), th->source,
1639 th->dest, &refcounted);
1644 if (sk->sk_state == TCP_TIME_WAIT)
1647 if (sk->sk_state == TCP_NEW_SYN_RECV) {
1648 struct request_sock *req = inet_reqsk(sk);
1651 sk = req->rsk_listener;
1652 if (unlikely(tcp_v4_inbound_md5_hash(sk, skb))) {
1653 sk_drops_add(sk, skb);
1657 if (unlikely(sk->sk_state != TCP_LISTEN)) {
1658 inet_csk_reqsk_queue_drop_and_put(sk, req);
1661 /* We own a reference on the listener, increase it again
1662 * as we might lose it too soon.
1666 nsk = tcp_check_req(sk, skb, req, false);
1669 goto discard_and_relse;
1673 } else if (tcp_child_process(sk, nsk, skb)) {
1674 tcp_v4_send_reset(nsk, skb);
1675 goto discard_and_relse;
1681 if (unlikely(iph->ttl < inet_sk(sk)->min_ttl)) {
1682 __NET_INC_STATS(net, LINUX_MIB_TCPMINTTLDROP);
1683 goto discard_and_relse;
1686 if (!xfrm4_policy_check(sk, XFRM_POLICY_IN, skb))
1687 goto discard_and_relse;
1689 if (tcp_v4_inbound_md5_hash(sk, skb))
1690 goto discard_and_relse;
1694 if (tcp_filter(sk, skb))
1695 goto discard_and_relse;
1696 th = (const struct tcphdr *)skb->data;
1701 if (sk->sk_state == TCP_LISTEN) {
1702 ret = tcp_v4_do_rcv(sk, skb);
1703 goto put_and_return;
1706 sk_incoming_cpu_update(sk);
1708 bh_lock_sock_nested(sk);
1709 tcp_segs_in(tcp_sk(sk), skb);
1711 if (!sock_owned_by_user(sk)) {
1712 if (!tcp_prequeue(sk, skb))
1713 ret = tcp_v4_do_rcv(sk, skb);
1714 } else if (tcp_add_backlog(sk, skb)) {
1715 goto discard_and_relse;
1726 if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb))
1729 if (tcp_checksum_complete(skb)) {
1731 __TCP_INC_STATS(net, TCP_MIB_CSUMERRORS);
1733 __TCP_INC_STATS(net, TCP_MIB_INERRS);
1735 tcp_v4_send_reset(NULL, skb);
1739 /* Discard frame. */
1744 sk_drops_add(sk, skb);
1750 if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) {
1751 inet_twsk_put(inet_twsk(sk));
1755 if (tcp_checksum_complete(skb)) {
1756 inet_twsk_put(inet_twsk(sk));
1759 switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) {
1761 struct sock *sk2 = inet_lookup_listener(dev_net(skb->dev),
1764 iph->saddr, th->source,
1765 iph->daddr, th->dest,
1768 inet_twsk_deschedule_put(inet_twsk(sk));
1773 /* Fall through to ACK */
1776 tcp_v4_timewait_ack(sk, skb);
1779 tcp_v4_send_reset(sk, skb);
1780 inet_twsk_deschedule_put(inet_twsk(sk));
1782 case TCP_TW_SUCCESS:;
1787 static struct timewait_sock_ops tcp_timewait_sock_ops = {
1788 .twsk_obj_size = sizeof(struct tcp_timewait_sock),
1789 .twsk_unique = tcp_twsk_unique,
1790 .twsk_destructor= tcp_twsk_destructor,
1793 void inet_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb)
1795 struct dst_entry *dst = skb_dst(skb);
1797 if (dst && dst_hold_safe(dst)) {
1798 sk->sk_rx_dst = dst;
1799 inet_sk(sk)->rx_dst_ifindex = skb->skb_iif;
1802 EXPORT_SYMBOL(inet_sk_rx_dst_set);
1804 const struct inet_connection_sock_af_ops ipv4_specific = {
1805 .queue_xmit = ip_queue_xmit,
1806 .send_check = tcp_v4_send_check,
1807 .rebuild_header = inet_sk_rebuild_header,
1808 .sk_rx_dst_set = inet_sk_rx_dst_set,
1809 .conn_request = tcp_v4_conn_request,
1810 .syn_recv_sock = tcp_v4_syn_recv_sock,
1811 .net_header_len = sizeof(struct iphdr),
1812 .setsockopt = ip_setsockopt,
1813 .getsockopt = ip_getsockopt,
1814 .addr2sockaddr = inet_csk_addr2sockaddr,
1815 .sockaddr_len = sizeof(struct sockaddr_in),
1816 .bind_conflict = inet_csk_bind_conflict,
1817 #ifdef CONFIG_COMPAT
1818 .compat_setsockopt = compat_ip_setsockopt,
1819 .compat_getsockopt = compat_ip_getsockopt,
1821 .mtu_reduced = tcp_v4_mtu_reduced,
1823 EXPORT_SYMBOL(ipv4_specific);
1825 #ifdef CONFIG_TCP_MD5SIG
1826 static const struct tcp_sock_af_ops tcp_sock_ipv4_specific = {
1827 .md5_lookup = tcp_v4_md5_lookup,
1828 .calc_md5_hash = tcp_v4_md5_hash_skb,
1829 .md5_parse = tcp_v4_parse_md5_keys,
1833 /* NOTE: A lot of things set to zero explicitly by call to
1834 * sk_alloc() so need not be done here.
1836 static int tcp_v4_init_sock(struct sock *sk)
1838 struct inet_connection_sock *icsk = inet_csk(sk);
1842 icsk->icsk_af_ops = &ipv4_specific;
1844 #ifdef CONFIG_TCP_MD5SIG
1845 tcp_sk(sk)->af_specific = &tcp_sock_ipv4_specific;
1851 void tcp_v4_destroy_sock(struct sock *sk)
1853 struct tcp_sock *tp = tcp_sk(sk);
1855 tcp_clear_xmit_timers(sk);
1857 tcp_cleanup_congestion_control(sk);
1859 /* Cleanup up the write buffer. */
1860 tcp_write_queue_purge(sk);
1862 /* Cleans up our, hopefully empty, out_of_order_queue. */
1863 skb_rbtree_purge(&tp->out_of_order_queue);
1865 #ifdef CONFIG_TCP_MD5SIG
1866 /* Clean up the MD5 key list, if any */
1867 if (tp->md5sig_info) {
1868 tcp_clear_md5_list(sk);
1869 kfree_rcu(tp->md5sig_info, rcu);
1870 tp->md5sig_info = NULL;
1874 /* Clean prequeue, it must be empty really */
1875 __skb_queue_purge(&tp->ucopy.prequeue);
1877 /* Clean up a referenced TCP bind bucket. */
1878 if (inet_csk(sk)->icsk_bind_hash)
1881 BUG_ON(tp->fastopen_rsk);
1883 /* If socket is aborted during connect operation */
1884 tcp_free_fastopen_req(tp);
1885 tcp_saved_syn_free(tp);
1888 sk_sockets_allocated_dec(sk);
1891 EXPORT_SYMBOL(tcp_v4_destroy_sock);
1893 #ifdef CONFIG_PROC_FS
1894 /* Proc filesystem TCP sock list dumping. */
1897 * Get next listener socket follow cur. If cur is NULL, get first socket
1898 * starting from bucket given in st->bucket; when st->bucket is zero the
1899 * very first socket in the hash table is returned.
1901 static void *listening_get_next(struct seq_file *seq, void *cur)
1903 struct tcp_iter_state *st = seq->private;
1904 struct net *net = seq_file_net(seq);
1905 struct inet_listen_hashbucket *ilb;
1906 struct sock *sk = cur;
1910 ilb = &tcp_hashinfo.listening_hash[st->bucket];
1911 spin_lock_bh(&ilb->lock);
1912 sk = sk_head(&ilb->head);
1916 ilb = &tcp_hashinfo.listening_hash[st->bucket];
1922 sk_for_each_from(sk) {
1923 if (!net_eq(sock_net(sk), net))
1925 if (sk->sk_family == st->family)
1928 spin_unlock_bh(&ilb->lock);
1930 if (++st->bucket < INET_LHTABLE_SIZE)
1935 static void *listening_get_idx(struct seq_file *seq, loff_t *pos)
1937 struct tcp_iter_state *st = seq->private;
1942 rc = listening_get_next(seq, NULL);
1944 while (rc && *pos) {
1945 rc = listening_get_next(seq, rc);
1951 static inline bool empty_bucket(const struct tcp_iter_state *st)
1953 return hlist_nulls_empty(&tcp_hashinfo.ehash[st->bucket].chain);
1957 * Get first established socket starting from bucket given in st->bucket.
1958 * If st->bucket is zero, the very first socket in the hash is returned.
1960 static void *established_get_first(struct seq_file *seq)
1962 struct tcp_iter_state *st = seq->private;
1963 struct net *net = seq_file_net(seq);
1967 for (; st->bucket <= tcp_hashinfo.ehash_mask; ++st->bucket) {
1969 struct hlist_nulls_node *node;
1970 spinlock_t *lock = inet_ehash_lockp(&tcp_hashinfo, st->bucket);
1972 /* Lockless fast path for the common case of empty buckets */
1973 if (empty_bucket(st))
1977 sk_nulls_for_each(sk, node, &tcp_hashinfo.ehash[st->bucket].chain) {
1978 if (sk->sk_family != st->family ||
1979 !net_eq(sock_net(sk), net)) {
1985 spin_unlock_bh(lock);
1991 static void *established_get_next(struct seq_file *seq, void *cur)
1993 struct sock *sk = cur;
1994 struct hlist_nulls_node *node;
1995 struct tcp_iter_state *st = seq->private;
1996 struct net *net = seq_file_net(seq);
2001 sk = sk_nulls_next(sk);
2003 sk_nulls_for_each_from(sk, node) {
2004 if (sk->sk_family == st->family && net_eq(sock_net(sk), net))
2008 spin_unlock_bh(inet_ehash_lockp(&tcp_hashinfo, st->bucket));
2010 return established_get_first(seq);
2013 static void *established_get_idx(struct seq_file *seq, loff_t pos)
2015 struct tcp_iter_state *st = seq->private;
2019 rc = established_get_first(seq);
2022 rc = established_get_next(seq, rc);
2028 static void *tcp_get_idx(struct seq_file *seq, loff_t pos)
2031 struct tcp_iter_state *st = seq->private;
2033 st->state = TCP_SEQ_STATE_LISTENING;
2034 rc = listening_get_idx(seq, &pos);
2037 st->state = TCP_SEQ_STATE_ESTABLISHED;
2038 rc = established_get_idx(seq, pos);
2044 static void *tcp_seek_last_pos(struct seq_file *seq)
2046 struct tcp_iter_state *st = seq->private;
2047 int offset = st->offset;
2048 int orig_num = st->num;
2051 switch (st->state) {
2052 case TCP_SEQ_STATE_LISTENING:
2053 if (st->bucket >= INET_LHTABLE_SIZE)
2055 st->state = TCP_SEQ_STATE_LISTENING;
2056 rc = listening_get_next(seq, NULL);
2057 while (offset-- && rc)
2058 rc = listening_get_next(seq, rc);
2062 st->state = TCP_SEQ_STATE_ESTABLISHED;
2064 case TCP_SEQ_STATE_ESTABLISHED:
2065 if (st->bucket > tcp_hashinfo.ehash_mask)
2067 rc = established_get_first(seq);
2068 while (offset-- && rc)
2069 rc = established_get_next(seq, rc);
2077 static void *tcp_seq_start(struct seq_file *seq, loff_t *pos)
2079 struct tcp_iter_state *st = seq->private;
2082 if (*pos && *pos == st->last_pos) {
2083 rc = tcp_seek_last_pos(seq);
2088 st->state = TCP_SEQ_STATE_LISTENING;
2092 rc = *pos ? tcp_get_idx(seq, *pos - 1) : SEQ_START_TOKEN;
2095 st->last_pos = *pos;
2099 static void *tcp_seq_next(struct seq_file *seq, void *v, loff_t *pos)
2101 struct tcp_iter_state *st = seq->private;
2104 if (v == SEQ_START_TOKEN) {
2105 rc = tcp_get_idx(seq, 0);
2109 switch (st->state) {
2110 case TCP_SEQ_STATE_LISTENING:
2111 rc = listening_get_next(seq, v);
2113 st->state = TCP_SEQ_STATE_ESTABLISHED;
2116 rc = established_get_first(seq);
2119 case TCP_SEQ_STATE_ESTABLISHED:
2120 rc = established_get_next(seq, v);
2125 st->last_pos = *pos;
2129 static void tcp_seq_stop(struct seq_file *seq, void *v)
2131 struct tcp_iter_state *st = seq->private;
2133 switch (st->state) {
2134 case TCP_SEQ_STATE_LISTENING:
2135 if (v != SEQ_START_TOKEN)
2136 spin_unlock_bh(&tcp_hashinfo.listening_hash[st->bucket].lock);
2138 case TCP_SEQ_STATE_ESTABLISHED:
2140 spin_unlock_bh(inet_ehash_lockp(&tcp_hashinfo, st->bucket));
2145 int tcp_seq_open(struct inode *inode, struct file *file)
2147 struct tcp_seq_afinfo *afinfo = PDE_DATA(inode);
2148 struct tcp_iter_state *s;
2151 err = seq_open_net(inode, file, &afinfo->seq_ops,
2152 sizeof(struct tcp_iter_state));
2156 s = ((struct seq_file *)file->private_data)->private;
2157 s->family = afinfo->family;
2161 EXPORT_SYMBOL(tcp_seq_open);
2163 int tcp_proc_register(struct net *net, struct tcp_seq_afinfo *afinfo)
2166 struct proc_dir_entry *p;
2168 afinfo->seq_ops.start = tcp_seq_start;
2169 afinfo->seq_ops.next = tcp_seq_next;
2170 afinfo->seq_ops.stop = tcp_seq_stop;
2172 p = proc_create_data(afinfo->name, S_IRUGO, net->proc_net,
2173 afinfo->seq_fops, afinfo);
2178 EXPORT_SYMBOL(tcp_proc_register);
2180 void tcp_proc_unregister(struct net *net, struct tcp_seq_afinfo *afinfo)
2182 remove_proc_entry(afinfo->name, net->proc_net);
2184 EXPORT_SYMBOL(tcp_proc_unregister);
2186 static void get_openreq4(const struct request_sock *req,
2187 struct seq_file *f, int i)
2189 const struct inet_request_sock *ireq = inet_rsk(req);
2190 long delta = req->rsk_timer.expires - jiffies;
2192 seq_printf(f, "%4d: %08X:%04X %08X:%04X"
2193 " %02X %08X:%08X %02X:%08lX %08X %5u %8d %u %d %pK",
2198 ntohs(ireq->ir_rmt_port),
2200 0, 0, /* could print option size, but that is af dependent. */
2201 1, /* timers active (only the expire timer) */
2202 jiffies_delta_to_clock_t(delta),
2204 from_kuid_munged(seq_user_ns(f),
2205 sock_i_uid(req->rsk_listener)),
2206 0, /* non standard timer */
2207 0, /* open_requests have no inode */
2212 static void get_tcp4_sock(struct sock *sk, struct seq_file *f, int i)
2215 unsigned long timer_expires;
2216 const struct tcp_sock *tp = tcp_sk(sk);
2217 const struct inet_connection_sock *icsk = inet_csk(sk);
2218 const struct inet_sock *inet = inet_sk(sk);
2219 const struct fastopen_queue *fastopenq = &icsk->icsk_accept_queue.fastopenq;
2220 __be32 dest = inet->inet_daddr;
2221 __be32 src = inet->inet_rcv_saddr;
2222 __u16 destp = ntohs(inet->inet_dport);
2223 __u16 srcp = ntohs(inet->inet_sport);
2227 if (icsk->icsk_pending == ICSK_TIME_RETRANS ||
2228 icsk->icsk_pending == ICSK_TIME_EARLY_RETRANS ||
2229 icsk->icsk_pending == ICSK_TIME_LOSS_PROBE) {
2231 timer_expires = icsk->icsk_timeout;
2232 } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
2234 timer_expires = icsk->icsk_timeout;
2235 } else if (timer_pending(&sk->sk_timer)) {
2237 timer_expires = sk->sk_timer.expires;
2240 timer_expires = jiffies;
2243 state = sk_state_load(sk);
2244 if (state == TCP_LISTEN)
2245 rx_queue = sk->sk_ack_backlog;
2247 /* Because we don't lock the socket,
2248 * we might find a transient negative value.
2250 rx_queue = max_t(int, tp->rcv_nxt - tp->copied_seq, 0);
2252 seq_printf(f, "%4d: %08X:%04X %08X:%04X %02X %08X:%08X %02X:%08lX "
2253 "%08X %5u %8d %lu %d %pK %lu %lu %u %u %d",
2254 i, src, srcp, dest, destp, state,
2255 tp->write_seq - tp->snd_una,
2258 jiffies_delta_to_clock_t(timer_expires - jiffies),
2259 icsk->icsk_retransmits,
2260 from_kuid_munged(seq_user_ns(f), sock_i_uid(sk)),
2261 icsk->icsk_probes_out,
2263 atomic_read(&sk->sk_refcnt), sk,
2264 jiffies_to_clock_t(icsk->icsk_rto),
2265 jiffies_to_clock_t(icsk->icsk_ack.ato),
2266 (icsk->icsk_ack.quick << 1) | icsk->icsk_ack.pingpong,
2268 state == TCP_LISTEN ?
2269 fastopenq->max_qlen :
2270 (tcp_in_initial_slowstart(tp) ? -1 : tp->snd_ssthresh));
2273 static void get_timewait4_sock(const struct inet_timewait_sock *tw,
2274 struct seq_file *f, int i)
2276 long delta = tw->tw_timer.expires - jiffies;
2280 dest = tw->tw_daddr;
2281 src = tw->tw_rcv_saddr;
2282 destp = ntohs(tw->tw_dport);
2283 srcp = ntohs(tw->tw_sport);
2285 seq_printf(f, "%4d: %08X:%04X %08X:%04X"
2286 " %02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %pK",
2287 i, src, srcp, dest, destp, tw->tw_substate, 0, 0,
2288 3, jiffies_delta_to_clock_t(delta), 0, 0, 0, 0,
2289 atomic_read(&tw->tw_refcnt), tw);
2294 static int tcp4_seq_show(struct seq_file *seq, void *v)
2296 struct tcp_iter_state *st;
2297 struct sock *sk = v;
2299 seq_setwidth(seq, TMPSZ - 1);
2300 if (v == SEQ_START_TOKEN) {
2301 seq_puts(seq, " sl local_address rem_address st tx_queue "
2302 "rx_queue tr tm->when retrnsmt uid timeout "
2308 if (sk->sk_state == TCP_TIME_WAIT)
2309 get_timewait4_sock(v, seq, st->num);
2310 else if (sk->sk_state == TCP_NEW_SYN_RECV)
2311 get_openreq4(v, seq, st->num);
2313 get_tcp4_sock(v, seq, st->num);
2319 static const struct file_operations tcp_afinfo_seq_fops = {
2320 .owner = THIS_MODULE,
2321 .open = tcp_seq_open,
2323 .llseek = seq_lseek,
2324 .release = seq_release_net
2327 static struct tcp_seq_afinfo tcp4_seq_afinfo = {
2330 .seq_fops = &tcp_afinfo_seq_fops,
2332 .show = tcp4_seq_show,
2336 static int __net_init tcp4_proc_init_net(struct net *net)
2338 return tcp_proc_register(net, &tcp4_seq_afinfo);
2341 static void __net_exit tcp4_proc_exit_net(struct net *net)
2343 tcp_proc_unregister(net, &tcp4_seq_afinfo);
2346 static struct pernet_operations tcp4_net_ops = {
2347 .init = tcp4_proc_init_net,
2348 .exit = tcp4_proc_exit_net,
2351 int __init tcp4_proc_init(void)
2353 return register_pernet_subsys(&tcp4_net_ops);
2356 void tcp4_proc_exit(void)
2358 unregister_pernet_subsys(&tcp4_net_ops);
2360 #endif /* CONFIG_PROC_FS */
2362 struct proto tcp_prot = {
2364 .owner = THIS_MODULE,
2366 .connect = tcp_v4_connect,
2367 .disconnect = tcp_disconnect,
2368 .accept = inet_csk_accept,
2370 .init = tcp_v4_init_sock,
2371 .destroy = tcp_v4_destroy_sock,
2372 .shutdown = tcp_shutdown,
2373 .setsockopt = tcp_setsockopt,
2374 .getsockopt = tcp_getsockopt,
2375 .recvmsg = tcp_recvmsg,
2376 .sendmsg = tcp_sendmsg,
2377 .sendpage = tcp_sendpage,
2378 .backlog_rcv = tcp_v4_do_rcv,
2379 .release_cb = tcp_release_cb,
2381 .unhash = inet_unhash,
2382 .get_port = inet_csk_get_port,
2383 .enter_memory_pressure = tcp_enter_memory_pressure,
2384 .stream_memory_free = tcp_stream_memory_free,
2385 .sockets_allocated = &tcp_sockets_allocated,
2386 .orphan_count = &tcp_orphan_count,
2387 .memory_allocated = &tcp_memory_allocated,
2388 .memory_pressure = &tcp_memory_pressure,
2389 .sysctl_mem = sysctl_tcp_mem,
2390 .sysctl_wmem = sysctl_tcp_wmem,
2391 .sysctl_rmem = sysctl_tcp_rmem,
2392 .max_header = MAX_TCP_HEADER,
2393 .obj_size = sizeof(struct tcp_sock),
2394 .slab_flags = SLAB_DESTROY_BY_RCU,
2395 .twsk_prot = &tcp_timewait_sock_ops,
2396 .rsk_prot = &tcp_request_sock_ops,
2397 .h.hashinfo = &tcp_hashinfo,
2398 .no_autobind = true,
2399 #ifdef CONFIG_COMPAT
2400 .compat_setsockopt = compat_tcp_setsockopt,
2401 .compat_getsockopt = compat_tcp_getsockopt,
2403 .diag_destroy = tcp_abort,
2405 EXPORT_SYMBOL(tcp_prot);
2407 static void __net_exit tcp_sk_exit(struct net *net)
2411 for_each_possible_cpu(cpu)
2412 inet_ctl_sock_destroy(*per_cpu_ptr(net->ipv4.tcp_sk, cpu));
2413 free_percpu(net->ipv4.tcp_sk);
2416 static int __net_init tcp_sk_init(struct net *net)
2420 net->ipv4.tcp_sk = alloc_percpu(struct sock *);
2421 if (!net->ipv4.tcp_sk)
2424 for_each_possible_cpu(cpu) {
2427 res = inet_ctl_sock_create(&sk, PF_INET, SOCK_RAW,
2431 sock_set_flag(sk, SOCK_USE_WRITE_QUEUE);
2432 *per_cpu_ptr(net->ipv4.tcp_sk, cpu) = sk;
2435 net->ipv4.sysctl_tcp_ecn = 2;
2436 net->ipv4.sysctl_tcp_ecn_fallback = 1;
2438 net->ipv4.sysctl_tcp_base_mss = TCP_BASE_MSS;
2439 net->ipv4.sysctl_tcp_probe_threshold = TCP_PROBE_THRESHOLD;
2440 net->ipv4.sysctl_tcp_probe_interval = TCP_PROBE_INTERVAL;
2442 net->ipv4.sysctl_tcp_keepalive_time = TCP_KEEPALIVE_TIME;
2443 net->ipv4.sysctl_tcp_keepalive_probes = TCP_KEEPALIVE_PROBES;
2444 net->ipv4.sysctl_tcp_keepalive_intvl = TCP_KEEPALIVE_INTVL;
2446 net->ipv4.sysctl_tcp_syn_retries = TCP_SYN_RETRIES;
2447 net->ipv4.sysctl_tcp_synack_retries = TCP_SYNACK_RETRIES;
2448 net->ipv4.sysctl_tcp_syncookies = 1;
2449 net->ipv4.sysctl_tcp_reordering = TCP_FASTRETRANS_THRESH;
2450 net->ipv4.sysctl_tcp_retries1 = TCP_RETR1;
2451 net->ipv4.sysctl_tcp_retries2 = TCP_RETR2;
2452 net->ipv4.sysctl_tcp_orphan_retries = 0;
2453 net->ipv4.sysctl_tcp_fin_timeout = TCP_FIN_TIMEOUT;
2454 net->ipv4.sysctl_tcp_notsent_lowat = UINT_MAX;
2463 static void __net_exit tcp_sk_exit_batch(struct list_head *net_exit_list)
2465 inet_twsk_purge(&tcp_hashinfo, &tcp_death_row, AF_INET);
2468 static struct pernet_operations __net_initdata tcp_sk_ops = {
2469 .init = tcp_sk_init,
2470 .exit = tcp_sk_exit,
2471 .exit_batch = tcp_sk_exit_batch,
2474 void __init tcp_v4_init(void)
2476 inet_hashinfo_init(&tcp_hashinfo);
2477 if (register_pernet_subsys(&tcp_sk_ops))
2478 panic("Failed to create the TCP control socket.\n");
git.samba.org / sfrench / cifs-2.6.git / blob