3 * Linux INET6 implementation
6 * Pedro Roque <roque@di.fc.ul.pt>
10 * linux/net/ipv4/tcp_input.c
11 * linux/net/ipv4/tcp_output.c
14 * Hideaki YOSHIFUJI : sin6_scope_id support
15 * YOSHIFUJI Hideaki @USAGI and: Support IPV6_V6ONLY socket option, which
16 * Alexey Kuznetsov allow both IPv4 and IPv6 sockets to bind
17 * a single port at the same time.
18 * YOSHIFUJI Hideaki @USAGI: convert /proc/net/tcp6 to seq_file.
20 * This program is free software; you can redistribute it and/or
21 * modify it under the terms of the GNU General Public License
22 * as published by the Free Software Foundation; either version
23 * 2 of the License, or (at your option) any later version.
26 #include <linux/bottom_half.h>
27 #include <linux/module.h>
28 #include <linux/errno.h>
29 #include <linux/types.h>
30 #include <linux/socket.h>
31 #include <linux/sockios.h>
32 #include <linux/net.h>
33 #include <linux/jiffies.h>
35 #include <linux/in6.h>
36 #include <linux/netdevice.h>
37 #include <linux/init.h>
38 #include <linux/jhash.h>
39 #include <linux/ipsec.h>
40 #include <linux/times.h>
41 #include <linux/slab.h>
42 #include <linux/uaccess.h>
43 #include <linux/ipv6.h>
44 #include <linux/icmpv6.h>
45 #include <linux/random.h>
48 #include <net/ndisc.h>
49 #include <net/inet6_hashtables.h>
50 #include <net/inet6_connection_sock.h>
52 #include <net/transp_v6.h>
53 #include <net/addrconf.h>
54 #include <net/ip6_route.h>
55 #include <net/ip6_checksum.h>
56 #include <net/inet_ecn.h>
57 #include <net/protocol.h>
60 #include <net/dsfield.h>
61 #include <net/timewait_sock.h>
62 #include <net/inet_common.h>
63 #include <net/secure_seq.h>
64 #include <net/busy_poll.h>
66 #include <linux/proc_fs.h>
67 #include <linux/seq_file.h>
69 #include <crypto/hash.h>
70 #include <linux/scatterlist.h>
72 #include <trace/events/tcp.h>
74 static void tcp_v6_send_reset(const struct sock *sk, struct sk_buff *skb);
75 static void tcp_v6_reqsk_send_ack(const struct sock *sk, struct sk_buff *skb,
76 struct request_sock *req);
78 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb);
80 static const struct inet_connection_sock_af_ops ipv6_mapped;
81 static const struct inet_connection_sock_af_ops ipv6_specific;
82 #ifdef CONFIG_TCP_MD5SIG
83 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific;
84 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific;
86 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(const struct sock *sk,
87 const struct in6_addr *addr)
93 static void inet6_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb)
95 struct dst_entry *dst = skb_dst(skb);
97 if (dst && dst_hold_safe(dst)) {
98 const struct rt6_info *rt = (const struct rt6_info *)dst;
101 inet_sk(sk)->rx_dst_ifindex = skb->skb_iif;
102 inet6_sk(sk)->rx_dst_cookie = rt6_get_cookie(rt);
106 static u32 tcp_v6_init_seq(const struct sk_buff *skb)
108 return secure_tcpv6_seq(ipv6_hdr(skb)->daddr.s6_addr32,
109 ipv6_hdr(skb)->saddr.s6_addr32,
111 tcp_hdr(skb)->source);
114 static u32 tcp_v6_init_ts_off(const struct net *net, const struct sk_buff *skb)
116 return secure_tcpv6_ts_off(net, ipv6_hdr(skb)->daddr.s6_addr32,
117 ipv6_hdr(skb)->saddr.s6_addr32);
120 static int tcp_v6_pre_connect(struct sock *sk, struct sockaddr *uaddr,
123 /* This check is replicated from tcp_v6_connect() and intended to
124 * prevent BPF program called below from accessing bytes that are out
125 * of the bound specified by user in addr_len.
127 if (addr_len < SIN6_LEN_RFC2133)
130 sock_owned_by_me(sk);
132 return BPF_CGROUP_RUN_PROG_INET6_CONNECT(sk, uaddr);
135 static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
138 struct sockaddr_in6 *usin = (struct sockaddr_in6 *) uaddr;
139 struct inet_sock *inet = inet_sk(sk);
140 struct inet_connection_sock *icsk = inet_csk(sk);
141 struct ipv6_pinfo *np = inet6_sk(sk);
142 struct tcp_sock *tp = tcp_sk(sk);
143 struct in6_addr *saddr = NULL, *final_p, final;
144 struct ipv6_txoptions *opt;
146 struct dst_entry *dst;
149 struct inet_timewait_death_row *tcp_death_row = &sock_net(sk)->ipv4.tcp_death_row;
151 if (addr_len < SIN6_LEN_RFC2133)
154 if (usin->sin6_family != AF_INET6)
155 return -EAFNOSUPPORT;
157 memset(&fl6, 0, sizeof(fl6));
160 fl6.flowlabel = usin->sin6_flowinfo&IPV6_FLOWINFO_MASK;
161 IP6_ECN_flow_init(fl6.flowlabel);
162 if (fl6.flowlabel&IPV6_FLOWLABEL_MASK) {
163 struct ip6_flowlabel *flowlabel;
164 flowlabel = fl6_sock_lookup(sk, fl6.flowlabel);
167 fl6_sock_release(flowlabel);
172 * connect() to INADDR_ANY means loopback (BSD'ism).
175 if (ipv6_addr_any(&usin->sin6_addr)) {
176 if (ipv6_addr_v4mapped(&sk->sk_v6_rcv_saddr))
177 ipv6_addr_set_v4mapped(htonl(INADDR_LOOPBACK),
180 usin->sin6_addr = in6addr_loopback;
183 addr_type = ipv6_addr_type(&usin->sin6_addr);
185 if (addr_type & IPV6_ADDR_MULTICAST)
188 if (addr_type&IPV6_ADDR_LINKLOCAL) {
189 if (addr_len >= sizeof(struct sockaddr_in6) &&
190 usin->sin6_scope_id) {
191 /* If interface is set while binding, indices
194 if (!sk_dev_equal_l3scope(sk, usin->sin6_scope_id))
197 sk->sk_bound_dev_if = usin->sin6_scope_id;
200 /* Connect to link-local address requires an interface */
201 if (!sk->sk_bound_dev_if)
205 if (tp->rx_opt.ts_recent_stamp &&
206 !ipv6_addr_equal(&sk->sk_v6_daddr, &usin->sin6_addr)) {
207 tp->rx_opt.ts_recent = 0;
208 tp->rx_opt.ts_recent_stamp = 0;
212 sk->sk_v6_daddr = usin->sin6_addr;
213 np->flow_label = fl6.flowlabel;
219 if (addr_type & IPV6_ADDR_MAPPED) {
220 u32 exthdrlen = icsk->icsk_ext_hdr_len;
221 struct sockaddr_in sin;
223 SOCK_DEBUG(sk, "connect: ipv4 mapped\n");
225 if (__ipv6_only_sock(sk))
228 sin.sin_family = AF_INET;
229 sin.sin_port = usin->sin6_port;
230 sin.sin_addr.s_addr = usin->sin6_addr.s6_addr32[3];
232 icsk->icsk_af_ops = &ipv6_mapped;
233 sk->sk_backlog_rcv = tcp_v4_do_rcv;
234 #ifdef CONFIG_TCP_MD5SIG
235 tp->af_specific = &tcp_sock_ipv6_mapped_specific;
238 err = tcp_v4_connect(sk, (struct sockaddr *)&sin, sizeof(sin));
241 icsk->icsk_ext_hdr_len = exthdrlen;
242 icsk->icsk_af_ops = &ipv6_specific;
243 sk->sk_backlog_rcv = tcp_v6_do_rcv;
244 #ifdef CONFIG_TCP_MD5SIG
245 tp->af_specific = &tcp_sock_ipv6_specific;
249 np->saddr = sk->sk_v6_rcv_saddr;
254 if (!ipv6_addr_any(&sk->sk_v6_rcv_saddr))
255 saddr = &sk->sk_v6_rcv_saddr;
257 fl6.flowi6_proto = IPPROTO_TCP;
258 fl6.daddr = sk->sk_v6_daddr;
259 fl6.saddr = saddr ? *saddr : np->saddr;
260 fl6.flowi6_oif = sk->sk_bound_dev_if;
261 fl6.flowi6_mark = sk->sk_mark;
262 fl6.fl6_dport = usin->sin6_port;
263 fl6.fl6_sport = inet->inet_sport;
264 fl6.flowi6_uid = sk->sk_uid;
266 opt = rcu_dereference_protected(np->opt, lockdep_sock_is_held(sk));
267 final_p = fl6_update_dst(&fl6, opt, &final);
269 security_sk_classify_flow(sk, flowi6_to_flowi(&fl6));
271 dst = ip6_dst_lookup_flow(sk, &fl6, final_p);
279 sk->sk_v6_rcv_saddr = *saddr;
282 /* set the source address */
284 inet->inet_rcv_saddr = LOOPBACK4_IPV6;
286 sk->sk_gso_type = SKB_GSO_TCPV6;
287 ip6_dst_store(sk, dst, NULL, NULL);
289 icsk->icsk_ext_hdr_len = 0;
291 icsk->icsk_ext_hdr_len = opt->opt_flen +
294 tp->rx_opt.mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
296 inet->inet_dport = usin->sin6_port;
298 tcp_set_state(sk, TCP_SYN_SENT);
299 err = inet6_hash_connect(tcp_death_row, sk);
305 if (likely(!tp->repair)) {
307 tp->write_seq = secure_tcpv6_seq(np->saddr.s6_addr32,
308 sk->sk_v6_daddr.s6_addr32,
311 tp->tsoffset = secure_tcpv6_ts_off(sock_net(sk),
313 sk->sk_v6_daddr.s6_addr32);
316 if (tcp_fastopen_defer_connect(sk, &err))
321 err = tcp_connect(sk);
328 tcp_set_state(sk, TCP_CLOSE);
330 inet->inet_dport = 0;
331 sk->sk_route_caps = 0;
335 static void tcp_v6_mtu_reduced(struct sock *sk)
337 struct dst_entry *dst;
339 if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE))
342 dst = inet6_csk_update_pmtu(sk, tcp_sk(sk)->mtu_info);
346 if (inet_csk(sk)->icsk_pmtu_cookie > dst_mtu(dst)) {
347 tcp_sync_mss(sk, dst_mtu(dst));
348 tcp_simple_retransmit(sk);
352 static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
353 u8 type, u8 code, int offset, __be32 info)
355 const struct ipv6hdr *hdr = (const struct ipv6hdr *)skb->data;
356 const struct tcphdr *th = (struct tcphdr *)(skb->data+offset);
357 struct net *net = dev_net(skb->dev);
358 struct request_sock *fastopen;
359 struct ipv6_pinfo *np;
366 sk = __inet6_lookup_established(net, &tcp_hashinfo,
367 &hdr->daddr, th->dest,
368 &hdr->saddr, ntohs(th->source),
369 skb->dev->ifindex, inet6_sdif(skb));
372 __ICMP6_INC_STATS(net, __in6_dev_get(skb->dev),
377 if (sk->sk_state == TCP_TIME_WAIT) {
378 inet_twsk_put(inet_twsk(sk));
381 seq = ntohl(th->seq);
382 fatal = icmpv6_err_convert(type, code, &err);
383 if (sk->sk_state == TCP_NEW_SYN_RECV)
384 return tcp_req_err(sk, seq, fatal);
387 if (sock_owned_by_user(sk) && type != ICMPV6_PKT_TOOBIG)
388 __NET_INC_STATS(net, LINUX_MIB_LOCKDROPPEDICMPS);
390 if (sk->sk_state == TCP_CLOSE)
393 if (ipv6_hdr(skb)->hop_limit < inet6_sk(sk)->min_hopcount) {
394 __NET_INC_STATS(net, LINUX_MIB_TCPMINTTLDROP);
399 /* XXX (TFO) - tp->snd_una should be ISN (tcp_create_openreq_child() */
400 fastopen = tp->fastopen_rsk;
401 snd_una = fastopen ? tcp_rsk(fastopen)->snt_isn : tp->snd_una;
402 if (sk->sk_state != TCP_LISTEN &&
403 !between(seq, snd_una, tp->snd_nxt)) {
404 __NET_INC_STATS(net, LINUX_MIB_OUTOFWINDOWICMPS);
410 if (type == NDISC_REDIRECT) {
411 if (!sock_owned_by_user(sk)) {
412 struct dst_entry *dst = __sk_dst_check(sk, np->dst_cookie);
415 dst->ops->redirect(dst, sk, skb);
420 if (type == ICMPV6_PKT_TOOBIG) {
421 /* We are not interested in TCP_LISTEN and open_requests
422 * (SYN-ACKs send out by Linux are always <576bytes so
423 * they should go through unfragmented).
425 if (sk->sk_state == TCP_LISTEN)
428 if (!ip6_sk_accept_pmtu(sk))
431 tp->mtu_info = ntohl(info);
432 if (!sock_owned_by_user(sk))
433 tcp_v6_mtu_reduced(sk);
434 else if (!test_and_set_bit(TCP_MTU_REDUCED_DEFERRED,
441 /* Might be for an request_sock */
442 switch (sk->sk_state) {
445 /* Only in fast or simultaneous open. If a fast open socket is
446 * is already accepted it is treated as a connected one below.
448 if (fastopen && !fastopen->sk)
451 if (!sock_owned_by_user(sk)) {
453 sk->sk_error_report(sk); /* Wake people up to see the error (see connect in sock.c) */
457 sk->sk_err_soft = err;
461 if (!sock_owned_by_user(sk) && np->recverr) {
463 sk->sk_error_report(sk);
465 sk->sk_err_soft = err;
473 static int tcp_v6_send_synack(const struct sock *sk, struct dst_entry *dst,
475 struct request_sock *req,
476 struct tcp_fastopen_cookie *foc,
477 enum tcp_synack_type synack_type)
479 struct inet_request_sock *ireq = inet_rsk(req);
480 struct ipv6_pinfo *np = inet6_sk(sk);
481 struct ipv6_txoptions *opt;
482 struct flowi6 *fl6 = &fl->u.ip6;
486 /* First, grab a route. */
487 if (!dst && (dst = inet6_csk_route_req(sk, fl6, req,
488 IPPROTO_TCP)) == NULL)
491 skb = tcp_make_synack(sk, dst, req, foc, synack_type);
494 __tcp_v6_send_check(skb, &ireq->ir_v6_loc_addr,
495 &ireq->ir_v6_rmt_addr);
497 fl6->daddr = ireq->ir_v6_rmt_addr;
498 if (np->repflow && ireq->pktopts)
499 fl6->flowlabel = ip6_flowlabel(ipv6_hdr(ireq->pktopts));
502 opt = ireq->ipv6_opt;
504 opt = rcu_dereference(np->opt);
505 err = ip6_xmit(sk, skb, fl6, sk->sk_mark, opt, np->tclass);
507 err = net_xmit_eval(err);
515 static void tcp_v6_reqsk_destructor(struct request_sock *req)
517 kfree(inet_rsk(req)->ipv6_opt);
518 kfree_skb(inet_rsk(req)->pktopts);
521 #ifdef CONFIG_TCP_MD5SIG
522 static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(const struct sock *sk,
523 const struct in6_addr *addr)
525 return tcp_md5_do_lookup(sk, (union tcp_md5_addr *)addr, AF_INET6);
528 static struct tcp_md5sig_key *tcp_v6_md5_lookup(const struct sock *sk,
529 const struct sock *addr_sk)
531 return tcp_v6_md5_do_lookup(sk, &addr_sk->sk_v6_daddr);
534 static int tcp_v6_parse_md5_keys(struct sock *sk, int optname,
535 char __user *optval, int optlen)
537 struct tcp_md5sig cmd;
538 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&cmd.tcpm_addr;
541 if (optlen < sizeof(cmd))
544 if (copy_from_user(&cmd, optval, sizeof(cmd)))
547 if (sin6->sin6_family != AF_INET6)
550 if (optname == TCP_MD5SIG_EXT &&
551 cmd.tcpm_flags & TCP_MD5SIG_FLAG_PREFIX) {
552 prefixlen = cmd.tcpm_prefixlen;
553 if (prefixlen > 128 || (ipv6_addr_v4mapped(&sin6->sin6_addr) &&
557 prefixlen = ipv6_addr_v4mapped(&sin6->sin6_addr) ? 32 : 128;
560 if (!cmd.tcpm_keylen) {
561 if (ipv6_addr_v4mapped(&sin6->sin6_addr))
562 return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin6->sin6_addr.s6_addr32[3],
564 return tcp_md5_do_del(sk, (union tcp_md5_addr *)&sin6->sin6_addr,
565 AF_INET6, prefixlen);
568 if (cmd.tcpm_keylen > TCP_MD5SIG_MAXKEYLEN)
571 if (ipv6_addr_v4mapped(&sin6->sin6_addr))
572 return tcp_md5_do_add(sk, (union tcp_md5_addr *)&sin6->sin6_addr.s6_addr32[3],
573 AF_INET, prefixlen, cmd.tcpm_key,
574 cmd.tcpm_keylen, GFP_KERNEL);
576 return tcp_md5_do_add(sk, (union tcp_md5_addr *)&sin6->sin6_addr,
577 AF_INET6, prefixlen, cmd.tcpm_key,
578 cmd.tcpm_keylen, GFP_KERNEL);
581 static int tcp_v6_md5_hash_headers(struct tcp_md5sig_pool *hp,
582 const struct in6_addr *daddr,
583 const struct in6_addr *saddr,
584 const struct tcphdr *th, int nbytes)
586 struct tcp6_pseudohdr *bp;
587 struct scatterlist sg;
591 /* 1. TCP pseudo-header (RFC2460) */
594 bp->protocol = cpu_to_be32(IPPROTO_TCP);
595 bp->len = cpu_to_be32(nbytes);
597 _th = (struct tcphdr *)(bp + 1);
598 memcpy(_th, th, sizeof(*th));
601 sg_init_one(&sg, bp, sizeof(*bp) + sizeof(*th));
602 ahash_request_set_crypt(hp->md5_req, &sg, NULL,
603 sizeof(*bp) + sizeof(*th));
604 return crypto_ahash_update(hp->md5_req);
607 static int tcp_v6_md5_hash_hdr(char *md5_hash, const struct tcp_md5sig_key *key,
608 const struct in6_addr *daddr, struct in6_addr *saddr,
609 const struct tcphdr *th)
611 struct tcp_md5sig_pool *hp;
612 struct ahash_request *req;
614 hp = tcp_get_md5sig_pool();
616 goto clear_hash_noput;
619 if (crypto_ahash_init(req))
621 if (tcp_v6_md5_hash_headers(hp, daddr, saddr, th, th->doff << 2))
623 if (tcp_md5_hash_key(hp, key))
625 ahash_request_set_crypt(req, NULL, md5_hash, 0);
626 if (crypto_ahash_final(req))
629 tcp_put_md5sig_pool();
633 tcp_put_md5sig_pool();
635 memset(md5_hash, 0, 16);
639 static int tcp_v6_md5_hash_skb(char *md5_hash,
640 const struct tcp_md5sig_key *key,
641 const struct sock *sk,
642 const struct sk_buff *skb)
644 const struct in6_addr *saddr, *daddr;
645 struct tcp_md5sig_pool *hp;
646 struct ahash_request *req;
647 const struct tcphdr *th = tcp_hdr(skb);
649 if (sk) { /* valid for establish/request sockets */
650 saddr = &sk->sk_v6_rcv_saddr;
651 daddr = &sk->sk_v6_daddr;
653 const struct ipv6hdr *ip6h = ipv6_hdr(skb);
654 saddr = &ip6h->saddr;
655 daddr = &ip6h->daddr;
658 hp = tcp_get_md5sig_pool();
660 goto clear_hash_noput;
663 if (crypto_ahash_init(req))
666 if (tcp_v6_md5_hash_headers(hp, daddr, saddr, th, skb->len))
668 if (tcp_md5_hash_skb_data(hp, skb, th->doff << 2))
670 if (tcp_md5_hash_key(hp, key))
672 ahash_request_set_crypt(req, NULL, md5_hash, 0);
673 if (crypto_ahash_final(req))
676 tcp_put_md5sig_pool();
680 tcp_put_md5sig_pool();
682 memset(md5_hash, 0, 16);
688 static bool tcp_v6_inbound_md5_hash(const struct sock *sk,
689 const struct sk_buff *skb)
691 #ifdef CONFIG_TCP_MD5SIG
692 const __u8 *hash_location = NULL;
693 struct tcp_md5sig_key *hash_expected;
694 const struct ipv6hdr *ip6h = ipv6_hdr(skb);
695 const struct tcphdr *th = tcp_hdr(skb);
699 hash_expected = tcp_v6_md5_do_lookup(sk, &ip6h->saddr);
700 hash_location = tcp_parse_md5sig_option(th);
702 /* We've parsed the options - do we have a hash? */
703 if (!hash_expected && !hash_location)
706 if (hash_expected && !hash_location) {
707 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND);
711 if (!hash_expected && hash_location) {
712 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED);
716 /* check the signature */
717 genhash = tcp_v6_md5_hash_skb(newhash,
721 if (genhash || memcmp(hash_location, newhash, 16) != 0) {
722 NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMD5FAILURE);
723 net_info_ratelimited("MD5 Hash %s for [%pI6c]:%u->[%pI6c]:%u\n",
724 genhash ? "failed" : "mismatch",
725 &ip6h->saddr, ntohs(th->source),
726 &ip6h->daddr, ntohs(th->dest));
733 static void tcp_v6_init_req(struct request_sock *req,
734 const struct sock *sk_listener,
737 struct inet_request_sock *ireq = inet_rsk(req);
738 const struct ipv6_pinfo *np = inet6_sk(sk_listener);
740 ireq->ir_v6_rmt_addr = ipv6_hdr(skb)->saddr;
741 ireq->ir_v6_loc_addr = ipv6_hdr(skb)->daddr;
743 /* So that link locals have meaning */
744 if (!sk_listener->sk_bound_dev_if &&
745 ipv6_addr_type(&ireq->ir_v6_rmt_addr) & IPV6_ADDR_LINKLOCAL)
746 ireq->ir_iif = tcp_v6_iif(skb);
748 if (!TCP_SKB_CB(skb)->tcp_tw_isn &&
749 (ipv6_opt_accepted(sk_listener, skb, &TCP_SKB_CB(skb)->header.h6) ||
750 np->rxopt.bits.rxinfo ||
751 np->rxopt.bits.rxoinfo || np->rxopt.bits.rxhlim ||
752 np->rxopt.bits.rxohlim || np->repflow)) {
753 refcount_inc(&skb->users);
758 static struct dst_entry *tcp_v6_route_req(const struct sock *sk,
760 const struct request_sock *req)
762 return inet6_csk_route_req(sk, &fl->u.ip6, req, IPPROTO_TCP);
765 struct request_sock_ops tcp6_request_sock_ops __read_mostly = {
767 .obj_size = sizeof(struct tcp6_request_sock),
768 .rtx_syn_ack = tcp_rtx_synack,
769 .send_ack = tcp_v6_reqsk_send_ack,
770 .destructor = tcp_v6_reqsk_destructor,
771 .send_reset = tcp_v6_send_reset,
772 .syn_ack_timeout = tcp_syn_ack_timeout,
775 static const struct tcp_request_sock_ops tcp_request_sock_ipv6_ops = {
776 .mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) -
777 sizeof(struct ipv6hdr),
778 #ifdef CONFIG_TCP_MD5SIG
779 .req_md5_lookup = tcp_v6_md5_lookup,
780 .calc_md5_hash = tcp_v6_md5_hash_skb,
782 .init_req = tcp_v6_init_req,
783 #ifdef CONFIG_SYN_COOKIES
784 .cookie_init_seq = cookie_v6_init_sequence,
786 .route_req = tcp_v6_route_req,
787 .init_seq = tcp_v6_init_seq,
788 .init_ts_off = tcp_v6_init_ts_off,
789 .send_synack = tcp_v6_send_synack,
792 static void tcp_v6_send_response(const struct sock *sk, struct sk_buff *skb, u32 seq,
793 u32 ack, u32 win, u32 tsval, u32 tsecr,
794 int oif, struct tcp_md5sig_key *key, int rst,
795 u8 tclass, __be32 label)
797 const struct tcphdr *th = tcp_hdr(skb);
799 struct sk_buff *buff;
801 struct net *net = sk ? sock_net(sk) : dev_net(skb_dst(skb)->dev);
802 struct sock *ctl_sk = net->ipv6.tcp_sk;
803 unsigned int tot_len = sizeof(struct tcphdr);
804 struct dst_entry *dst;
809 tot_len += TCPOLEN_TSTAMP_ALIGNED;
810 #ifdef CONFIG_TCP_MD5SIG
812 tot_len += TCPOLEN_MD5SIG_ALIGNED;
815 buff = alloc_skb(MAX_HEADER + sizeof(struct ipv6hdr) + tot_len,
820 skb_reserve(buff, MAX_HEADER + sizeof(struct ipv6hdr) + tot_len);
822 t1 = skb_push(buff, tot_len);
823 skb_reset_transport_header(buff);
825 /* Swap the send and the receive. */
826 memset(t1, 0, sizeof(*t1));
827 t1->dest = th->source;
828 t1->source = th->dest;
829 t1->doff = tot_len / 4;
830 t1->seq = htonl(seq);
831 t1->ack_seq = htonl(ack);
832 t1->ack = !rst || !th->ack;
834 t1->window = htons(win);
836 topt = (__be32 *)(t1 + 1);
839 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
840 (TCPOPT_TIMESTAMP << 8) | TCPOLEN_TIMESTAMP);
841 *topt++ = htonl(tsval);
842 *topt++ = htonl(tsecr);
845 #ifdef CONFIG_TCP_MD5SIG
847 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
848 (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG);
849 tcp_v6_md5_hash_hdr((__u8 *)topt, key,
850 &ipv6_hdr(skb)->saddr,
851 &ipv6_hdr(skb)->daddr, t1);
855 memset(&fl6, 0, sizeof(fl6));
856 fl6.daddr = ipv6_hdr(skb)->saddr;
857 fl6.saddr = ipv6_hdr(skb)->daddr;
858 fl6.flowlabel = label;
860 buff->ip_summed = CHECKSUM_PARTIAL;
863 __tcp_v6_send_check(buff, &fl6.saddr, &fl6.daddr);
865 fl6.flowi6_proto = IPPROTO_TCP;
866 if (rt6_need_strict(&fl6.daddr) && !oif)
867 fl6.flowi6_oif = tcp_v6_iif(skb);
869 if (!oif && netif_index_is_l3_master(net, skb->skb_iif))
872 fl6.flowi6_oif = oif;
876 mark = (sk->sk_state == TCP_TIME_WAIT) ?
877 inet_twsk(sk)->tw_mark : sk->sk_mark;
878 fl6.flowi6_mark = IP6_REPLY_MARK(net, skb->mark) ?: mark;
879 fl6.fl6_dport = t1->dest;
880 fl6.fl6_sport = t1->source;
881 fl6.flowi6_uid = sock_net_uid(net, sk && sk_fullsock(sk) ? sk : NULL);
882 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));
884 /* Pass a socket to ip6_dst_lookup either it is for RST
885 * Underlying function will use this to retrieve the network
888 dst = ip6_dst_lookup_flow(ctl_sk, &fl6, NULL);
890 skb_dst_set(buff, dst);
891 ip6_xmit(ctl_sk, buff, &fl6, fl6.flowi6_mark, NULL, tclass);
892 TCP_INC_STATS(net, TCP_MIB_OUTSEGS);
894 TCP_INC_STATS(net, TCP_MIB_OUTRSTS);
901 static void tcp_v6_send_reset(const struct sock *sk, struct sk_buff *skb)
903 const struct tcphdr *th = tcp_hdr(skb);
904 u32 seq = 0, ack_seq = 0;
905 struct tcp_md5sig_key *key = NULL;
906 #ifdef CONFIG_TCP_MD5SIG
907 const __u8 *hash_location = NULL;
908 struct ipv6hdr *ipv6h = ipv6_hdr(skb);
909 unsigned char newhash[16];
911 struct sock *sk1 = NULL;
918 /* If sk not NULL, it means we did a successful lookup and incoming
919 * route had to be correct. prequeue might have dropped our dst.
921 if (!sk && !ipv6_unicast_destination(skb))
924 #ifdef CONFIG_TCP_MD5SIG
926 hash_location = tcp_parse_md5sig_option(th);
927 if (sk && sk_fullsock(sk)) {
928 key = tcp_v6_md5_do_lookup(sk, &ipv6h->saddr);
929 } else if (hash_location) {
931 * active side is lost. Try to find listening socket through
932 * source port, and then find md5 key through listening socket.
933 * we are not loose security here:
934 * Incoming packet is checked with md5 hash with finding key,
935 * no RST generated if md5 hash doesn't match.
937 sk1 = inet6_lookup_listener(dev_net(skb_dst(skb)->dev),
938 &tcp_hashinfo, NULL, 0,
940 th->source, &ipv6h->daddr,
942 tcp_v6_iif_l3_slave(skb),
947 key = tcp_v6_md5_do_lookup(sk1, &ipv6h->saddr);
951 genhash = tcp_v6_md5_hash_skb(newhash, key, NULL, skb);
952 if (genhash || memcmp(hash_location, newhash, 16) != 0)
958 seq = ntohl(th->ack_seq);
960 ack_seq = ntohl(th->seq) + th->syn + th->fin + skb->len -
964 oif = sk->sk_bound_dev_if;
966 trace_tcp_send_reset(sk, skb);
969 tcp_v6_send_response(sk, skb, seq, ack_seq, 0, 0, 0, oif, key, 1, 0, 0);
971 #ifdef CONFIG_TCP_MD5SIG
977 static void tcp_v6_send_ack(const struct sock *sk, struct sk_buff *skb, u32 seq,
978 u32 ack, u32 win, u32 tsval, u32 tsecr, int oif,
979 struct tcp_md5sig_key *key, u8 tclass,
982 tcp_v6_send_response(sk, skb, seq, ack, win, tsval, tsecr, oif, key, 0,
986 static void tcp_v6_timewait_ack(struct sock *sk, struct sk_buff *skb)
988 struct inet_timewait_sock *tw = inet_twsk(sk);
989 struct tcp_timewait_sock *tcptw = tcp_twsk(sk);
991 tcp_v6_send_ack(sk, skb, tcptw->tw_snd_nxt, tcptw->tw_rcv_nxt,
992 tcptw->tw_rcv_wnd >> tw->tw_rcv_wscale,
993 tcp_time_stamp_raw() + tcptw->tw_ts_offset,
994 tcptw->tw_ts_recent, tw->tw_bound_dev_if, tcp_twsk_md5_key(tcptw),
995 tw->tw_tclass, cpu_to_be32(tw->tw_flowlabel));
1000 static void tcp_v6_reqsk_send_ack(const struct sock *sk, struct sk_buff *skb,
1001 struct request_sock *req)
1003 /* sk->sk_state == TCP_LISTEN -> for regular TCP_SYN_RECV
1004 * sk->sk_state == TCP_SYN_RECV -> for Fast Open.
1007 * The window field (SEG.WND) of every outgoing segment, with the
1008 * exception of <SYN> segments, MUST be right-shifted by
1009 * Rcv.Wind.Shift bits:
1011 tcp_v6_send_ack(sk, skb, (sk->sk_state == TCP_LISTEN) ?
1012 tcp_rsk(req)->snt_isn + 1 : tcp_sk(sk)->snd_nxt,
1013 tcp_rsk(req)->rcv_nxt,
1014 req->rsk_rcv_wnd >> inet_rsk(req)->rcv_wscale,
1015 tcp_time_stamp_raw() + tcp_rsk(req)->ts_off,
1016 req->ts_recent, sk->sk_bound_dev_if,
1017 tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->saddr),
1022 static struct sock *tcp_v6_cookie_check(struct sock *sk, struct sk_buff *skb)
1024 #ifdef CONFIG_SYN_COOKIES
1025 const struct tcphdr *th = tcp_hdr(skb);
1028 sk = cookie_v6_check(sk, skb);
1033 static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
1035 if (skb->protocol == htons(ETH_P_IP))
1036 return tcp_v4_conn_request(sk, skb);
1038 if (!ipv6_unicast_destination(skb))
1041 return tcp_conn_request(&tcp6_request_sock_ops,
1042 &tcp_request_sock_ipv6_ops, sk, skb);
1046 return 0; /* don't send reset */
1049 static void tcp_v6_restore_cb(struct sk_buff *skb)
1051 /* We need to move header back to the beginning if xfrm6_policy_check()
1052 * and tcp_v6_fill_cb() are going to be called again.
1053 * ip6_datagram_recv_specific_ctl() also expects IP6CB to be there.
1055 memmove(IP6CB(skb), &TCP_SKB_CB(skb)->header.h6,
1056 sizeof(struct inet6_skb_parm));
1059 static struct sock *tcp_v6_syn_recv_sock(const struct sock *sk, struct sk_buff *skb,
1060 struct request_sock *req,
1061 struct dst_entry *dst,
1062 struct request_sock *req_unhash,
1065 struct inet_request_sock *ireq;
1066 struct ipv6_pinfo *newnp;
1067 const struct ipv6_pinfo *np = inet6_sk(sk);
1068 struct ipv6_txoptions *opt;
1069 struct tcp6_sock *newtcp6sk;
1070 struct inet_sock *newinet;
1071 struct tcp_sock *newtp;
1073 #ifdef CONFIG_TCP_MD5SIG
1074 struct tcp_md5sig_key *key;
1078 if (skb->protocol == htons(ETH_P_IP)) {
1083 newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst,
1084 req_unhash, own_req);
1089 newtcp6sk = (struct tcp6_sock *)newsk;
1090 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1092 newinet = inet_sk(newsk);
1093 newnp = inet6_sk(newsk);
1094 newtp = tcp_sk(newsk);
1096 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1098 newnp->saddr = newsk->sk_v6_rcv_saddr;
1100 inet_csk(newsk)->icsk_af_ops = &ipv6_mapped;
1101 newsk->sk_backlog_rcv = tcp_v4_do_rcv;
1102 #ifdef CONFIG_TCP_MD5SIG
1103 newtp->af_specific = &tcp_sock_ipv6_mapped_specific;
1106 newnp->ipv6_mc_list = NULL;
1107 newnp->ipv6_ac_list = NULL;
1108 newnp->ipv6_fl_list = NULL;
1109 newnp->pktoptions = NULL;
1111 newnp->mcast_oif = tcp_v6_iif(skb);
1112 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
1113 newnp->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(skb));
1115 newnp->flow_label = ip6_flowlabel(ipv6_hdr(skb));
1118 * No need to charge this sock to the relevant IPv6 refcnt debug socks count
1119 * here, tcp_create_openreq_child now does this for us, see the comment in
1120 * that function for the gory details. -acme
1123 /* It is tricky place. Until this moment IPv4 tcp
1124 worked with IPv6 icsk.icsk_af_ops.
1127 tcp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie);
1132 ireq = inet_rsk(req);
1134 if (sk_acceptq_is_full(sk))
1138 dst = inet6_csk_route_req(sk, &fl6, req, IPPROTO_TCP);
1143 newsk = tcp_create_openreq_child(sk, req, skb);
1148 * No need to charge this sock to the relevant IPv6 refcnt debug socks
1149 * count here, tcp_create_openreq_child now does this for us, see the
1150 * comment in that function for the gory details. -acme
1153 newsk->sk_gso_type = SKB_GSO_TCPV6;
1154 ip6_dst_store(newsk, dst, NULL, NULL);
1155 inet6_sk_rx_dst_set(newsk, skb);
1157 newtcp6sk = (struct tcp6_sock *)newsk;
1158 inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
1160 newtp = tcp_sk(newsk);
1161 newinet = inet_sk(newsk);
1162 newnp = inet6_sk(newsk);
1164 memcpy(newnp, np, sizeof(struct ipv6_pinfo));
1166 newsk->sk_v6_daddr = ireq->ir_v6_rmt_addr;
1167 newnp->saddr = ireq->ir_v6_loc_addr;
1168 newsk->sk_v6_rcv_saddr = ireq->ir_v6_loc_addr;
1169 newsk->sk_bound_dev_if = ireq->ir_iif;
1171 /* Now IPv6 options...
1173 First: no IPv4 options.
1175 newinet->inet_opt = NULL;
1176 newnp->ipv6_mc_list = NULL;
1177 newnp->ipv6_ac_list = NULL;
1178 newnp->ipv6_fl_list = NULL;
1181 newnp->rxopt.all = np->rxopt.all;
1183 newnp->pktoptions = NULL;
1185 newnp->mcast_oif = tcp_v6_iif(skb);
1186 newnp->mcast_hops = ipv6_hdr(skb)->hop_limit;
1187 newnp->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(skb));
1189 newnp->flow_label = ip6_flowlabel(ipv6_hdr(skb));
1191 /* Clone native IPv6 options from listening socket (if any)
1193 Yes, keeping reference count would be much more clever,
1194 but we make one more one thing there: reattach optmem
1197 opt = ireq->ipv6_opt;
1199 opt = rcu_dereference(np->opt);
1201 opt = ipv6_dup_options(newsk, opt);
1202 RCU_INIT_POINTER(newnp->opt, opt);
1204 inet_csk(newsk)->icsk_ext_hdr_len = 0;
1206 inet_csk(newsk)->icsk_ext_hdr_len = opt->opt_nflen +
1209 tcp_ca_openreq_child(newsk, dst);
1211 tcp_sync_mss(newsk, dst_mtu(dst));
1212 newtp->advmss = tcp_mss_clamp(tcp_sk(sk), dst_metric_advmss(dst));
1214 tcp_initialize_rcv_mss(newsk);
1216 newinet->inet_daddr = newinet->inet_saddr = LOOPBACK4_IPV6;
1217 newinet->inet_rcv_saddr = LOOPBACK4_IPV6;
1219 #ifdef CONFIG_TCP_MD5SIG
1220 /* Copy over the MD5 key from the original socket */
1221 key = tcp_v6_md5_do_lookup(sk, &newsk->sk_v6_daddr);
1223 /* We're using one, so create a matching key
1224 * on the newsk structure. If we fail to get
1225 * memory, then we end up not copying the key
1228 tcp_md5_do_add(newsk, (union tcp_md5_addr *)&newsk->sk_v6_daddr,
1229 AF_INET6, 128, key->key, key->keylen,
1230 sk_gfp_mask(sk, GFP_ATOMIC));
1234 if (__inet_inherit_port(sk, newsk) < 0) {
1235 inet_csk_prepare_forced_close(newsk);
1239 *own_req = inet_ehash_nolisten(newsk, req_to_sk(req_unhash));
1241 tcp_move_syn(newtp, req);
1243 /* Clone pktoptions received with SYN, if we own the req */
1244 if (ireq->pktopts) {
1245 newnp->pktoptions = skb_clone(ireq->pktopts,
1246 sk_gfp_mask(sk, GFP_ATOMIC));
1247 consume_skb(ireq->pktopts);
1248 ireq->pktopts = NULL;
1249 if (newnp->pktoptions) {
1250 tcp_v6_restore_cb(newnp->pktoptions);
1251 skb_set_owner_r(newnp->pktoptions, newsk);
1259 __NET_INC_STATS(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS);
1267 /* The socket must have it's spinlock held when we get
1268 * here, unless it is a TCP_LISTEN socket.
1270 * We have a potential double-lock case here, so even when
1271 * doing backlog processing we use the BH locking scheme.
1272 * This is because we cannot sleep with the original spinlock
1275 static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
1277 struct ipv6_pinfo *np = inet6_sk(sk);
1278 struct tcp_sock *tp;
1279 struct sk_buff *opt_skb = NULL;
1281 /* Imagine: socket is IPv6. IPv4 packet arrives,
1282 goes to IPv4 receive handler and backlogged.
1283 From backlog it always goes here. Kerboom...
1284 Fortunately, tcp_rcv_established and rcv_established
1285 handle them correctly, but it is not case with
1286 tcp_v6_hnd_req and tcp_v6_send_reset(). --ANK
1289 if (skb->protocol == htons(ETH_P_IP))
1290 return tcp_v4_do_rcv(sk, skb);
1293 * socket locking is here for SMP purposes as backlog rcv
1294 * is currently called with bh processing disabled.
1297 /* Do Stevens' IPV6_PKTOPTIONS.
1299 Yes, guys, it is the only place in our code, where we
1300 may make it not affecting IPv4.
1301 The rest of code is protocol independent,
1302 and I do not like idea to uglify IPv4.
1304 Actually, all the idea behind IPV6_PKTOPTIONS
1305 looks not very well thought. For now we latch
1306 options, received in the last packet, enqueued
1307 by tcp. Feel free to propose better solution.
1311 opt_skb = skb_clone(skb, sk_gfp_mask(sk, GFP_ATOMIC));
1313 if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
1314 struct dst_entry *dst = sk->sk_rx_dst;
1316 sock_rps_save_rxhash(sk, skb);
1317 sk_mark_napi_id(sk, skb);
1319 if (inet_sk(sk)->rx_dst_ifindex != skb->skb_iif ||
1320 dst->ops->check(dst, np->rx_dst_cookie) == NULL) {
1322 sk->sk_rx_dst = NULL;
1326 tcp_rcv_established(sk, skb);
1328 goto ipv6_pktoptions;
1332 if (tcp_checksum_complete(skb))
1335 if (sk->sk_state == TCP_LISTEN) {
1336 struct sock *nsk = tcp_v6_cookie_check(sk, skb);
1342 if (tcp_child_process(sk, nsk, skb))
1345 __kfree_skb(opt_skb);
1349 sock_rps_save_rxhash(sk, skb);
1351 if (tcp_rcv_state_process(sk, skb))
1354 goto ipv6_pktoptions;
1358 tcp_v6_send_reset(sk, skb);
1361 __kfree_skb(opt_skb);
1365 TCP_INC_STATS(sock_net(sk), TCP_MIB_CSUMERRORS);
1366 TCP_INC_STATS(sock_net(sk), TCP_MIB_INERRS);
1371 /* Do you ask, what is it?
1373 1. skb was enqueued by tcp.
1374 2. skb is added to tail of read queue, rather than out of order.
1375 3. socket is not in passive state.
1376 4. Finally, it really contains options, which user wants to receive.
1379 if (TCP_SKB_CB(opt_skb)->end_seq == tp->rcv_nxt &&
1380 !((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN))) {
1381 if (np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo)
1382 np->mcast_oif = tcp_v6_iif(opt_skb);
1383 if (np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim)
1384 np->mcast_hops = ipv6_hdr(opt_skb)->hop_limit;
1385 if (np->rxopt.bits.rxflow || np->rxopt.bits.rxtclass)
1386 np->rcv_flowinfo = ip6_flowinfo(ipv6_hdr(opt_skb));
1388 np->flow_label = ip6_flowlabel(ipv6_hdr(opt_skb));
1389 if (ipv6_opt_accepted(sk, opt_skb, &TCP_SKB_CB(opt_skb)->header.h6)) {
1390 skb_set_owner_r(opt_skb, sk);
1391 tcp_v6_restore_cb(opt_skb);
1392 opt_skb = xchg(&np->pktoptions, opt_skb);
1394 __kfree_skb(opt_skb);
1395 opt_skb = xchg(&np->pktoptions, NULL);
1403 static void tcp_v6_fill_cb(struct sk_buff *skb, const struct ipv6hdr *hdr,
1404 const struct tcphdr *th)
1406 /* This is tricky: we move IP6CB at its correct location into
1407 * TCP_SKB_CB(). It must be done after xfrm6_policy_check(), because
1408 * _decode_session6() uses IP6CB().
1409 * barrier() makes sure compiler won't play aliasing games.
1411 memmove(&TCP_SKB_CB(skb)->header.h6, IP6CB(skb),
1412 sizeof(struct inet6_skb_parm));
1415 TCP_SKB_CB(skb)->seq = ntohl(th->seq);
1416 TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
1417 skb->len - th->doff*4);
1418 TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
1419 TCP_SKB_CB(skb)->tcp_flags = tcp_flag_byte(th);
1420 TCP_SKB_CB(skb)->tcp_tw_isn = 0;
1421 TCP_SKB_CB(skb)->ip_dsfield = ipv6_get_dsfield(hdr);
1422 TCP_SKB_CB(skb)->sacked = 0;
1423 TCP_SKB_CB(skb)->has_rxtstamp =
1424 skb->tstamp || skb_hwtstamps(skb)->hwtstamp;
1427 static int tcp_v6_rcv(struct sk_buff *skb)
1429 int sdif = inet6_sdif(skb);
1430 const struct tcphdr *th;
1431 const struct ipv6hdr *hdr;
1435 struct net *net = dev_net(skb->dev);
1437 if (skb->pkt_type != PACKET_HOST)
1441 * Count it even if it's bad.
1443 __TCP_INC_STATS(net, TCP_MIB_INSEGS);
1445 if (!pskb_may_pull(skb, sizeof(struct tcphdr)))
1448 th = (const struct tcphdr *)skb->data;
1450 if (unlikely(th->doff < sizeof(struct tcphdr)/4))
1452 if (!pskb_may_pull(skb, th->doff*4))
1455 if (skb_checksum_init(skb, IPPROTO_TCP, ip6_compute_pseudo))
1458 th = (const struct tcphdr *)skb->data;
1459 hdr = ipv6_hdr(skb);
1462 sk = __inet6_lookup_skb(&tcp_hashinfo, skb, __tcp_hdrlen(th),
1463 th->source, th->dest, inet6_iif(skb), sdif,
1469 if (sk->sk_state == TCP_TIME_WAIT)
1472 if (sk->sk_state == TCP_NEW_SYN_RECV) {
1473 struct request_sock *req = inet_reqsk(sk);
1474 bool req_stolen = false;
1477 sk = req->rsk_listener;
1478 if (tcp_v6_inbound_md5_hash(sk, skb)) {
1479 sk_drops_add(sk, skb);
1483 if (tcp_checksum_complete(skb)) {
1487 if (unlikely(sk->sk_state != TCP_LISTEN)) {
1488 inet_csk_reqsk_queue_drop_and_put(sk, req);
1494 if (!tcp_filter(sk, skb)) {
1495 th = (const struct tcphdr *)skb->data;
1496 hdr = ipv6_hdr(skb);
1497 tcp_v6_fill_cb(skb, hdr, th);
1498 nsk = tcp_check_req(sk, skb, req, false, &req_stolen);
1503 /* Another cpu got exclusive access to req
1504 * and created a full blown socket.
1505 * Try to feed this packet to this socket
1506 * instead of discarding it.
1508 tcp_v6_restore_cb(skb);
1512 goto discard_and_relse;
1516 tcp_v6_restore_cb(skb);
1517 } else if (tcp_child_process(sk, nsk, skb)) {
1518 tcp_v6_send_reset(nsk, skb);
1519 goto discard_and_relse;
1525 if (hdr->hop_limit < inet6_sk(sk)->min_hopcount) {
1526 __NET_INC_STATS(net, LINUX_MIB_TCPMINTTLDROP);
1527 goto discard_and_relse;
1530 if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb))
1531 goto discard_and_relse;
1533 if (tcp_v6_inbound_md5_hash(sk, skb))
1534 goto discard_and_relse;
1536 if (tcp_filter(sk, skb))
1537 goto discard_and_relse;
1538 th = (const struct tcphdr *)skb->data;
1539 hdr = ipv6_hdr(skb);
1540 tcp_v6_fill_cb(skb, hdr, th);
1544 if (sk->sk_state == TCP_LISTEN) {
1545 ret = tcp_v6_do_rcv(sk, skb);
1546 goto put_and_return;
1549 sk_incoming_cpu_update(sk);
1551 bh_lock_sock_nested(sk);
1552 tcp_segs_in(tcp_sk(sk), skb);
1554 if (!sock_owned_by_user(sk)) {
1555 ret = tcp_v6_do_rcv(sk, skb);
1556 } else if (tcp_add_backlog(sk, skb)) {
1557 goto discard_and_relse;
1564 return ret ? -1 : 0;
1567 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb))
1570 tcp_v6_fill_cb(skb, hdr, th);
1572 if (tcp_checksum_complete(skb)) {
1574 __TCP_INC_STATS(net, TCP_MIB_CSUMERRORS);
1576 __TCP_INC_STATS(net, TCP_MIB_INERRS);
1578 tcp_v6_send_reset(NULL, skb);
1586 sk_drops_add(sk, skb);
1592 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
1593 inet_twsk_put(inet_twsk(sk));
1597 tcp_v6_fill_cb(skb, hdr, th);
1599 if (tcp_checksum_complete(skb)) {
1600 inet_twsk_put(inet_twsk(sk));
1604 switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) {
1609 sk2 = inet6_lookup_listener(dev_net(skb->dev), &tcp_hashinfo,
1610 skb, __tcp_hdrlen(th),
1611 &ipv6_hdr(skb)->saddr, th->source,
1612 &ipv6_hdr(skb)->daddr,
1614 tcp_v6_iif_l3_slave(skb),
1617 struct inet_timewait_sock *tw = inet_twsk(sk);
1618 inet_twsk_deschedule_put(tw);
1620 tcp_v6_restore_cb(skb);
1628 tcp_v6_timewait_ack(sk, skb);
1631 tcp_v6_send_reset(sk, skb);
1632 inet_twsk_deschedule_put(inet_twsk(sk));
1634 case TCP_TW_SUCCESS:
1640 static void tcp_v6_early_demux(struct sk_buff *skb)
1642 const struct ipv6hdr *hdr;
1643 const struct tcphdr *th;
1646 if (skb->pkt_type != PACKET_HOST)
1649 if (!pskb_may_pull(skb, skb_transport_offset(skb) + sizeof(struct tcphdr)))
1652 hdr = ipv6_hdr(skb);
1655 if (th->doff < sizeof(struct tcphdr) / 4)
1658 /* Note : We use inet6_iif() here, not tcp_v6_iif() */
1659 sk = __inet6_lookup_established(dev_net(skb->dev), &tcp_hashinfo,
1660 &hdr->saddr, th->source,
1661 &hdr->daddr, ntohs(th->dest),
1662 inet6_iif(skb), inet6_sdif(skb));
1665 skb->destructor = sock_edemux;
1666 if (sk_fullsock(sk)) {
1667 struct dst_entry *dst = READ_ONCE(sk->sk_rx_dst);
1670 dst = dst_check(dst, inet6_sk(sk)->rx_dst_cookie);
1672 inet_sk(sk)->rx_dst_ifindex == skb->skb_iif)
1673 skb_dst_set_noref(skb, dst);
1678 static struct timewait_sock_ops tcp6_timewait_sock_ops = {
1679 .twsk_obj_size = sizeof(struct tcp6_timewait_sock),
1680 .twsk_unique = tcp_twsk_unique,
1681 .twsk_destructor = tcp_twsk_destructor,
1684 static const struct inet_connection_sock_af_ops ipv6_specific = {
1685 .queue_xmit = inet6_csk_xmit,
1686 .send_check = tcp_v6_send_check,
1687 .rebuild_header = inet6_sk_rebuild_header,
1688 .sk_rx_dst_set = inet6_sk_rx_dst_set,
1689 .conn_request = tcp_v6_conn_request,
1690 .syn_recv_sock = tcp_v6_syn_recv_sock,
1691 .net_header_len = sizeof(struct ipv6hdr),
1692 .net_frag_header_len = sizeof(struct frag_hdr),
1693 .setsockopt = ipv6_setsockopt,
1694 .getsockopt = ipv6_getsockopt,
1695 .addr2sockaddr = inet6_csk_addr2sockaddr,
1696 .sockaddr_len = sizeof(struct sockaddr_in6),
1697 #ifdef CONFIG_COMPAT
1698 .compat_setsockopt = compat_ipv6_setsockopt,
1699 .compat_getsockopt = compat_ipv6_getsockopt,
1701 .mtu_reduced = tcp_v6_mtu_reduced,
1704 #ifdef CONFIG_TCP_MD5SIG
1705 static const struct tcp_sock_af_ops tcp_sock_ipv6_specific = {
1706 .md5_lookup = tcp_v6_md5_lookup,
1707 .calc_md5_hash = tcp_v6_md5_hash_skb,
1708 .md5_parse = tcp_v6_parse_md5_keys,
1713 * TCP over IPv4 via INET6 API
1715 static const struct inet_connection_sock_af_ops ipv6_mapped = {
1716 .queue_xmit = ip_queue_xmit,
1717 .send_check = tcp_v4_send_check,
1718 .rebuild_header = inet_sk_rebuild_header,
1719 .sk_rx_dst_set = inet_sk_rx_dst_set,
1720 .conn_request = tcp_v6_conn_request,
1721 .syn_recv_sock = tcp_v6_syn_recv_sock,
1722 .net_header_len = sizeof(struct iphdr),
1723 .setsockopt = ipv6_setsockopt,
1724 .getsockopt = ipv6_getsockopt,
1725 .addr2sockaddr = inet6_csk_addr2sockaddr,
1726 .sockaddr_len = sizeof(struct sockaddr_in6),
1727 #ifdef CONFIG_COMPAT
1728 .compat_setsockopt = compat_ipv6_setsockopt,
1729 .compat_getsockopt = compat_ipv6_getsockopt,
1731 .mtu_reduced = tcp_v4_mtu_reduced,
1734 #ifdef CONFIG_TCP_MD5SIG
1735 static const struct tcp_sock_af_ops tcp_sock_ipv6_mapped_specific = {
1736 .md5_lookup = tcp_v4_md5_lookup,
1737 .calc_md5_hash = tcp_v4_md5_hash_skb,
1738 .md5_parse = tcp_v6_parse_md5_keys,
1742 /* NOTE: A lot of things set to zero explicitly by call to
1743 * sk_alloc() so need not be done here.
1745 static int tcp_v6_init_sock(struct sock *sk)
1747 struct inet_connection_sock *icsk = inet_csk(sk);
1751 icsk->icsk_af_ops = &ipv6_specific;
1753 #ifdef CONFIG_TCP_MD5SIG
1754 tcp_sk(sk)->af_specific = &tcp_sock_ipv6_specific;
1760 static void tcp_v6_destroy_sock(struct sock *sk)
1762 tcp_v4_destroy_sock(sk);
1763 inet6_destroy_sock(sk);
1766 #ifdef CONFIG_PROC_FS
1767 /* Proc filesystem TCPv6 sock list dumping. */
1768 static void get_openreq6(struct seq_file *seq,
1769 const struct request_sock *req, int i)
1771 long ttd = req->rsk_timer.expires - jiffies;
1772 const struct in6_addr *src = &inet_rsk(req)->ir_v6_loc_addr;
1773 const struct in6_addr *dest = &inet_rsk(req)->ir_v6_rmt_addr;
1779 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1780 "%02X %08X:%08X %02X:%08lX %08X %5u %8d %d %d %pK\n",
1782 src->s6_addr32[0], src->s6_addr32[1],
1783 src->s6_addr32[2], src->s6_addr32[3],
1784 inet_rsk(req)->ir_num,
1785 dest->s6_addr32[0], dest->s6_addr32[1],
1786 dest->s6_addr32[2], dest->s6_addr32[3],
1787 ntohs(inet_rsk(req)->ir_rmt_port),
1789 0, 0, /* could print option size, but that is af dependent. */
1790 1, /* timers active (only the expire timer) */
1791 jiffies_to_clock_t(ttd),
1793 from_kuid_munged(seq_user_ns(seq),
1794 sock_i_uid(req->rsk_listener)),
1795 0, /* non standard timer */
1796 0, /* open_requests have no inode */
1800 static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
1802 const struct in6_addr *dest, *src;
1805 unsigned long timer_expires;
1806 const struct inet_sock *inet = inet_sk(sp);
1807 const struct tcp_sock *tp = tcp_sk(sp);
1808 const struct inet_connection_sock *icsk = inet_csk(sp);
1809 const struct fastopen_queue *fastopenq = &icsk->icsk_accept_queue.fastopenq;
1813 dest = &sp->sk_v6_daddr;
1814 src = &sp->sk_v6_rcv_saddr;
1815 destp = ntohs(inet->inet_dport);
1816 srcp = ntohs(inet->inet_sport);
1818 if (icsk->icsk_pending == ICSK_TIME_RETRANS ||
1819 icsk->icsk_pending == ICSK_TIME_REO_TIMEOUT ||
1820 icsk->icsk_pending == ICSK_TIME_LOSS_PROBE) {
1822 timer_expires = icsk->icsk_timeout;
1823 } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
1825 timer_expires = icsk->icsk_timeout;
1826 } else if (timer_pending(&sp->sk_timer)) {
1828 timer_expires = sp->sk_timer.expires;
1831 timer_expires = jiffies;
1834 state = inet_sk_state_load(sp);
1835 if (state == TCP_LISTEN)
1836 rx_queue = sp->sk_ack_backlog;
1838 /* Because we don't lock the socket,
1839 * we might find a transient negative value.
1841 rx_queue = max_t(int, tp->rcv_nxt - tp->copied_seq, 0);
1844 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1845 "%02X %08X:%08X %02X:%08lX %08X %5u %8d %lu %d %pK %lu %lu %u %u %d\n",
1847 src->s6_addr32[0], src->s6_addr32[1],
1848 src->s6_addr32[2], src->s6_addr32[3], srcp,
1849 dest->s6_addr32[0], dest->s6_addr32[1],
1850 dest->s6_addr32[2], dest->s6_addr32[3], destp,
1852 tp->write_seq - tp->snd_una,
1855 jiffies_delta_to_clock_t(timer_expires - jiffies),
1856 icsk->icsk_retransmits,
1857 from_kuid_munged(seq_user_ns(seq), sock_i_uid(sp)),
1858 icsk->icsk_probes_out,
1860 refcount_read(&sp->sk_refcnt), sp,
1861 jiffies_to_clock_t(icsk->icsk_rto),
1862 jiffies_to_clock_t(icsk->icsk_ack.ato),
1863 (icsk->icsk_ack.quick << 1) | icsk->icsk_ack.pingpong,
1865 state == TCP_LISTEN ?
1866 fastopenq->max_qlen :
1867 (tcp_in_initial_slowstart(tp) ? -1 : tp->snd_ssthresh)
1871 static void get_timewait6_sock(struct seq_file *seq,
1872 struct inet_timewait_sock *tw, int i)
1874 long delta = tw->tw_timer.expires - jiffies;
1875 const struct in6_addr *dest, *src;
1878 dest = &tw->tw_v6_daddr;
1879 src = &tw->tw_v6_rcv_saddr;
1880 destp = ntohs(tw->tw_dport);
1881 srcp = ntohs(tw->tw_sport);
1884 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
1885 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %pK\n",
1887 src->s6_addr32[0], src->s6_addr32[1],
1888 src->s6_addr32[2], src->s6_addr32[3], srcp,
1889 dest->s6_addr32[0], dest->s6_addr32[1],
1890 dest->s6_addr32[2], dest->s6_addr32[3], destp,
1891 tw->tw_substate, 0, 0,
1892 3, jiffies_delta_to_clock_t(delta), 0, 0, 0, 0,
1893 refcount_read(&tw->tw_refcnt), tw);
1896 static int tcp6_seq_show(struct seq_file *seq, void *v)
1898 struct tcp_iter_state *st;
1899 struct sock *sk = v;
1901 if (v == SEQ_START_TOKEN) {
1906 "st tx_queue rx_queue tr tm->when retrnsmt"
1907 " uid timeout inode\n");
1912 if (sk->sk_state == TCP_TIME_WAIT)
1913 get_timewait6_sock(seq, v, st->num);
1914 else if (sk->sk_state == TCP_NEW_SYN_RECV)
1915 get_openreq6(seq, v, st->num);
1917 get_tcp6_sock(seq, v, st->num);
1922 static const struct seq_operations tcp6_seq_ops = {
1923 .show = tcp6_seq_show,
1924 .start = tcp_seq_start,
1925 .next = tcp_seq_next,
1926 .stop = tcp_seq_stop,
1929 static struct tcp_seq_afinfo tcp6_seq_afinfo = {
1933 int __net_init tcp6_proc_init(struct net *net)
1935 if (!proc_create_net_data("tcp6", 0444, net->proc_net, &tcp6_seq_ops,
1936 sizeof(struct tcp_iter_state), &tcp6_seq_afinfo))
1941 void tcp6_proc_exit(struct net *net)
1943 remove_proc_entry("tcp6", net->proc_net);
1947 struct proto tcpv6_prot = {
1949 .owner = THIS_MODULE,
1951 .pre_connect = tcp_v6_pre_connect,
1952 .connect = tcp_v6_connect,
1953 .disconnect = tcp_disconnect,
1954 .accept = inet_csk_accept,
1956 .init = tcp_v6_init_sock,
1957 .destroy = tcp_v6_destroy_sock,
1958 .shutdown = tcp_shutdown,
1959 .setsockopt = tcp_setsockopt,
1960 .getsockopt = tcp_getsockopt,
1961 .keepalive = tcp_set_keepalive,
1962 .recvmsg = tcp_recvmsg,
1963 .sendmsg = tcp_sendmsg,
1964 .sendpage = tcp_sendpage,
1965 .backlog_rcv = tcp_v6_do_rcv,
1966 .release_cb = tcp_release_cb,
1968 .unhash = inet_unhash,
1969 .get_port = inet_csk_get_port,
1970 .enter_memory_pressure = tcp_enter_memory_pressure,
1971 .leave_memory_pressure = tcp_leave_memory_pressure,
1972 .stream_memory_free = tcp_stream_memory_free,
1973 .sockets_allocated = &tcp_sockets_allocated,
1974 .memory_allocated = &tcp_memory_allocated,
1975 .memory_pressure = &tcp_memory_pressure,
1976 .orphan_count = &tcp_orphan_count,
1977 .sysctl_mem = sysctl_tcp_mem,
1978 .sysctl_wmem_offset = offsetof(struct net, ipv4.sysctl_tcp_wmem),
1979 .sysctl_rmem_offset = offsetof(struct net, ipv4.sysctl_tcp_rmem),
1980 .max_header = MAX_TCP_HEADER,
1981 .obj_size = sizeof(struct tcp6_sock),
1982 .slab_flags = SLAB_TYPESAFE_BY_RCU,
1983 .twsk_prot = &tcp6_timewait_sock_ops,
1984 .rsk_prot = &tcp6_request_sock_ops,
1985 .h.hashinfo = &tcp_hashinfo,
1986 .no_autobind = true,
1987 #ifdef CONFIG_COMPAT
1988 .compat_setsockopt = compat_tcp_setsockopt,
1989 .compat_getsockopt = compat_tcp_getsockopt,
1991 .diag_destroy = tcp_abort,
1994 /* thinking of making this const? Don't.
1995 * early_demux can change based on sysctl.
1997 static struct inet6_protocol tcpv6_protocol = {
1998 .early_demux = tcp_v6_early_demux,
1999 .early_demux_handler = tcp_v6_early_demux,
2000 .handler = tcp_v6_rcv,
2001 .err_handler = tcp_v6_err,
2002 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
2005 static struct inet_protosw tcpv6_protosw = {
2006 .type = SOCK_STREAM,
2007 .protocol = IPPROTO_TCP,
2008 .prot = &tcpv6_prot,
2009 .ops = &inet6_stream_ops,
2010 .flags = INET_PROTOSW_PERMANENT |
2014 static int __net_init tcpv6_net_init(struct net *net)
2016 return inet_ctl_sock_create(&net->ipv6.tcp_sk, PF_INET6,
2017 SOCK_RAW, IPPROTO_TCP, net);
2020 static void __net_exit tcpv6_net_exit(struct net *net)
2022 inet_ctl_sock_destroy(net->ipv6.tcp_sk);
2025 static void __net_exit tcpv6_net_exit_batch(struct list_head *net_exit_list)
2027 inet_twsk_purge(&tcp_hashinfo, AF_INET6);
2030 static struct pernet_operations tcpv6_net_ops = {
2031 .init = tcpv6_net_init,
2032 .exit = tcpv6_net_exit,
2033 .exit_batch = tcpv6_net_exit_batch,
2036 int __init tcpv6_init(void)
2040 ret = inet6_add_protocol(&tcpv6_protocol, IPPROTO_TCP);
2044 /* register inet6 protocol */
2045 ret = inet6_register_protosw(&tcpv6_protosw);
2047 goto out_tcpv6_protocol;
2049 ret = register_pernet_subsys(&tcpv6_net_ops);
2051 goto out_tcpv6_protosw;
2056 inet6_unregister_protosw(&tcpv6_protosw);
2058 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);
2062 void tcpv6_exit(void)
2064 unregister_pernet_subsys(&tcpv6_net_ops);
2065 inet6_unregister_protosw(&tcpv6_protosw);
2066 inet6_del_protocol(&tcpv6_protocol, IPPROTO_TCP);
git.samba.org / sfrench / cifs-2.6.git / blob